From d4562ea462b8013253c219ed5ddd292386be5c6c Mon Sep 17 00:00:00 2001
From: Gulshan Singh <gsingh2011@gmail.com>
Date: Tue, 17 Jan 2023 20:47:30 -0800
Subject: [PATCH] Update qemu test scripts and images (#1529)

---
 .gitignore                                    |  5 +++
 tests/qemu-tests/download_images.sh           | 14 +++++---
 tests/qemu-tests/test_qemu.sh                 |  2 ++
 tests/qemu-tests/test_qemu_system.sh          | 31 +++++++++++------
 .../tests/test_qemu_user_aarch64.py           | 34 ++++++++++++-------
 5 files changed, 58 insertions(+), 28 deletions(-)

diff --git a/.gitignore b/.gitignore
index 13c711ba4..532640bc4 100644
--- a/.gitignore
+++ b/.gitignore
@@ -76,6 +76,11 @@ tests/**/binaries/div_zero_binary/core
 tests/**/binaries/div_zero_binary/binary
 !tests/**/binaries/*.go
 
+# QEMU test files
+tests/qemu-tests/Image*
+tests/qemu-tests/bzImage*
+tests/qemu-tests/rootfs*.img
+
 # VS Code files
 .vscode/
 
diff --git a/tests/qemu-tests/download_images.sh b/tests/qemu-tests/download_images.sh
index a05acfab8..5eee00b85 100755
--- a/tests/qemu-tests/download_images.sh
+++ b/tests/qemu-tests/download_images.sh
@@ -1,7 +1,13 @@
 #!/bin/bash
 
-wget https://downloads.yoctoproject.org/releases/yocto/yocto-4.1.1/machines/qemu/qemux86-64/bzImage-qemux86-64.bin
-wget https://downloads.yoctoproject.org/releases/yocto/yocto-4.1.1/machines/qemu/qemux86-64/core-image-minimal-dev-qemux86-64-20221114164338.rootfs.ext4
+set -o errexit
 
-wget https://downloads.yoctoproject.org/releases/yocto/yocto-4.1.1/machines/qemu/qemuarm64/Image-qemuarm64.bin
-wget https://downloads.yoctoproject.org/releases/yocto/yocto-4.1.1/machines/qemu/qemuarm64/core-image-minimal-dev-qemuarm64-20221114170418.rootfs.ext4
+URL="https://github.com/gsingh93/linux-exploit-dev-env/releases/latest/download"
+
+wget "$URL/rootfs-x86_64.img"
+wget "$URL/rootfs-arm64.img"
+
+wget "$URL/bzImage-linux-x86_64"
+wget "$URL/bzImage-ack-x86_64"
+wget "$URL/Image-linux-arm64"
+wget "$URL/Image-ack-arm64"
diff --git a/tests/qemu-tests/test_qemu.sh b/tests/qemu-tests/test_qemu.sh
index 1ffd65bfa..ce1a594a3 100755
--- a/tests/qemu-tests/test_qemu.sh
+++ b/tests/qemu-tests/test_qemu.sh
@@ -1,5 +1,7 @@
 #!/bin/bash
 
+make -C binaries
+
 qemu-aarch64 \
     -g 1234 \
     -L /usr/aarch64-linux-gnu/ \
diff --git a/tests/qemu-tests/test_qemu_system.sh b/tests/qemu-tests/test_qemu_system.sh
index 66b5548c4..13aee898e 100755
--- a/tests/qemu-tests/test_qemu_system.sh
+++ b/tests/qemu-tests/test_qemu_system.sh
@@ -2,27 +2,36 @@
 
 ARCH="$1"
 
-if [[ "$ARCH" == aarch64 ]]; then
+if [ -z "$ARCH" ]; then
+    echo "usage: $0 ARCH"
+    exit 1
+fi
+
+if [ "$ACK" == 1 ]; then
+    KERNEL_TYPE=ack
+else
+    KERNEL_TYPE=linux
+fi
+
+if [ "$ARCH" == arm64 ] || [ "$ARCH" == aarch64 ]; then
     QEMU_BIN=qemu-system-aarch64
-    KERNEL=Image-qemuarm64.bin
-    ROOTFS=core-image-minimal-dev-qemuarm64-20221114170418.rootfs.ext4
+    KERNEL=Image-${KERNEL_TYPE}-arm64
+    ROOTFS=rootfs-arm64.img
 
     QEMU_ARGS=(
         -cpu cortex-a53
         -machine virt
-        -append "console=ttyAMA0 root=/dev/vda"
+        -append "console=ttyAMA0 root=/dev/vda nokaslr"
     )
-
-elif [[ "$ARCH" == "x86_64" ]]; then
+elif [ "$ARCH" == "x86_64" ]; then
     QEMU_BIN=qemu-system-x86_64
-    KERNEL=bzImage-qemux86-64.bin
-    ROOTFS=core-image-minimal-dev-qemux86-64-20221114164338.rootfs.ext4
+    KERNEL=bzImage-${KERNEL_TYPE}-x86_64
+    ROOTFS=rootfs-x86_64.img
 
     QEMU_ARGS=(
         -accel kvm
-        -append "8250.nr_uarts=1 console=ttyS0 root=/dev/vda"
+        -append "8250.nr_uarts=1 console=ttyS0 root=/dev/vda nokaslr"
     )
-
 else
     echo "No arch specified"
     exit 1
@@ -33,7 +42,7 @@ tmux splitw -h -p 60 gdb-multiarch -ex "target remote :1234" -ex continue
 QEMU_ARGS+=(
     -kernel $KERNEL
     -nographic
-    -drive file=$ROOTFS,if=virtio,format=raw
+    -drive file=$ROOTFS,if=virtio,format=qcow2
     -S -s
 )
 
diff --git a/tests/qemu-tests/tests/test_qemu_user_aarch64.py b/tests/qemu-tests/tests/test_qemu_user_aarch64.py
index 0aa5f34f8..c3e7afd32 100644
--- a/tests/qemu-tests/tests/test_qemu_user_aarch64.py
+++ b/tests/qemu-tests/tests/test_qemu_user_aarch64.py
@@ -3,18 +3,26 @@ import gdb
 import pwndbg
 
 gdb.execute("break break_here")
-print(pwndbg.gdblib.symbol.address("main"))
+assert pwndbg.gdblib.symbol.address("main") == 0x5500000A1C
 gdb.execute("continue")
 
-gdb.execute("argv")
-gdb.execute("argc")
-gdb.execute("auxv")
-gdb.execute("cpsr")
-gdb.execute("context")
-gdb.execute("hexdump")
-gdb.execute("retaddr")
-gdb.execute("piebase")
-gdb.execute("telescope")
-gdb.execute("procinfo")
-gdb.execute("vmmap")
-gdb.execute("nextret")
+gdb.execute("argv", to_string=True)
+assert gdb.execute("argc", to_string=True) == 1
+gdb.execute("auxv", to_string=True)
+assert gdb.execute("cpsr", to_string=True) == "cpsr 0x60000000 [ n Z C v q pan il d a i f el sp ]"
+gdb.execute("context", to_string=True)
+gdb.execute("hexdump", to_string=True)
+gdb.execute("telescope", to_string=True)
+
+# TODO: Broken
+gdb.execute("retaddr", to_string=True)
+
+# Broken
+gdb.execute("procinfo", to_string=True)
+
+# Broken
+gdb.execute("vmmap", to_string=True)
+
+gdb.execute("piebase", to_string=True)
+
+gdb.execute("nextret", to_string=True)