Initial LoongArch64 support (#2529)

Signed-off-by: Bingwu Zhang <[email protected]>

Author: xtexx

.github/workflows/ci.yml

@@ -33,7 +33,7 @@ jobs:
       run: |
         git fetch origin
         git log --oneline --graph -10
-    
+
     - name: Fix libcdb-cache permissions
       id: fix-perms
       run: |
@@ -102,11 +102,12 @@ jobs:
           binutils-s390x-linux-gnu \
           binutils-sparc64-linux-gnu \
           binutils-riscv64-linux-gnu \
+          binutils-loongarch64-linux-gnu \
           gcc-multilib \
           libc6-dbg \
           elfutils \
           patchelf
-      
+
     - name: Testing Corefiles
       run: |
         ulimit -a
@@ -232,7 +233,7 @@ jobs:
         name: coverage-${{ matrix.python_version }}
         path: .coverage*
         include-hidden-files: true
-    
+
     - name: Fix libcdb-cache permissions
       run: |
         container_id=$(docker ps --filter volume=/home/runner/libcdb-cache --no-trunc --format "{{.ID}}")
@@ -255,15 +256,15 @@ jobs:
       run: |
         pip install --upgrade pip
         pip install --upgrade --editable .
-    
+
     - name: Install documentation dependencies
       run: pip install -r docs/requirements.txt
-    
+
     - name: Sanity checks
       run: |
         python -bb -c 'from pwn import *'
         python -bb examples/text.py
-    
+
     - name: Coverage doctests
       run: |
         python -bb -m coverage run -m sphinx -b doctest docs/source docs/build/doctest

CHANGELOG.md

@@ -82,6 +82,7 @@ The table below shows which release corresponds to each branch, and what date th
 - [#2517][2517] Allow to passthru kwargs on `ssh.__getattr__` convenience function to fix SSH motd problems
 - [#2527][2527] Allow setting debugger path via `context.gdb_binary`
 - [#2530][2530] Do NOT error when passing directory arguments in `checksec` commandline tool.
+- [#2529][2529] Add LoongArch64 support
 
 [2519]: https://github.com/Gallopsled/pwntools/pull/2519
 [2507]: https://github.com/Gallopsled/pwntools/pull/2507
@@ -91,6 +92,7 @@ The table below shows which release corresponds to each branch, and what date th
 [2517]: https://github.com/Gallopsled/pwntools/pull/2517
 [2527]: https://github.com/Gallopsled/pwntools/pull/2527
 [2530]: https://github.com/Gallopsled/pwntools/pull/2530
+[2529]: https://github.com/Gallopsled/pwntools/pull/2529
 
 ## 4.15.0 (`beta`)
 
@@ -209,7 +211,7 @@ The table below shows which release corresponds to each branch, and what date th
 - [#2308][2308] Fix WinExec shellcraft to make sure it's 16 byte aligned
 - [#2279][2279] Make `pwn template` always set context.binary
 - [#2310][2310] Add support to start a process on Windows
-- [#2335][2335] Add lookup optimizations in DynELF 
+- [#2335][2335] Add lookup optimizations in DynELF
 - [#2334][2334] Speed up disasm commandline tool with colored output
 - [#2328][2328] Lookup using $PATHEXT file extensions in `which` on Windows
 - [#2189][2189] Explicitly define p64/u64 functions for IDE support
@@ -296,7 +298,7 @@ The table below shows which release corresponds to each branch, and what date th
 
 ## 4.11.0
 
-- [#2185][2185] make fmtstr module able to create payload without $ notation 
+- [#2185][2185] make fmtstr module able to create payload without $ notation
 - [#2103][2103] Add search for libc binary by leaked function addresses `libcdb.search_by_symbol_offsets()`
 - [#2177][2177] Support for RISC-V 64-bit architecture
 - [#2186][2186] Enhance `ELF.nx` and `ELF.execstack`

docs/source/shellcraft/loongarch64.rst

@@ -0,0 +1,22 @@
+.. testsetup:: *
+
+   from pwn import *
+   context.clear(arch='loongarch64')
+
+   import doctest
+   doctest_additional_flags = doctest.OPTIONFLAGS_BY_NAME['LINUX']
+
+:mod:`pwnlib.shellcraft.loongarch64` --- Shellcode for LoongArch64
+==========================================================
+
+:mod:`pwnlib.shellcraft.loongarch64`
+--------------------------------
+
+.. automodule:: pwnlib.shellcraft.loongarch64
+   :members:
+
+:mod:`pwnlib.shellcraft.loongarch64.linux`
+--------------------------------------
+
+.. automodule:: pwnlib.shellcraft.loongarch64.linux
+   :members:

extra/docker/base/Dockerfile

@@ -3,7 +3,7 @@
 # Based on Ubuntu
 ############################################################
 
-FROM ubuntu:jammy
+FROM ubuntu:noble
 MAINTAINER Maintainer Gallopsled et al.
 
 ENV LANG en_US.UTF-8
@@ -33,6 +33,7 @@ RUN apt-get update \
         binutils-powerpc64-linux-gnu \
         binutils-sparc64-linux-gnu \
         binutils-riscv64-linux-gnu \
+        binutils-loongarch64-linux-gnu \
         tmux \
         patchelf \
     && locale-gen en_US.UTF-8 \

pwnlib/abi.py

@@ -27,9 +27,9 @@ class ABI(object):
     #: Indicates that this ABI returns to the next address on the slot
     returns            = True
 
-    def __init__(self, stack, regs, align, minimum):
+    def __init__(self, stack, arg_regs, align, minimum):
         self.stack              = stack
-        self.register_arguments = regs
+        self.register_arguments = arg_regs
         self.arg_alignment      = align
         self.stack_minimum      = minimum
 
@@ -50,6 +50,7 @@ def default():
         (64, 'powerpc', 'linux'): linux_ppc64,
         (32, 'riscv32', 'linux'): linux_riscv32,
         (64, 'riscv64', 'linux'): linux_riscv64,
+        (64, 'loongarch64', 'linux'): linux_loongarch64,
         (32, 'i386', 'freebsd'):  freebsd_i386,
         (64, 'aarch64', 'freebsd'): freebsd_aarch64,
         (64, 'amd64', 'freebsd'): freebsd_amd64,
@@ -82,6 +83,7 @@ def syscall():
         (64, 'powerpc', 'linux'): linux_ppc64_syscall,
         (32, 'riscv32', 'linux'): linux_riscv32_syscall,
         (64, 'riscv64', 'linux'): linux_riscv64_syscall,
+        (64, 'loongarch64', 'linux'): linux_loongarch64_syscall,
         (32, 'i386', 'freebsd'):  freebsd_i386_syscall,
         (64, 'amd64', 'freebsd'): freebsd_amd64_syscall,
         (64, 'aarch64', 'freebsd'): freebsd_aarch64_syscall,
@@ -109,6 +111,7 @@ def sigreturn():
         (64, 'aarch64', 'linux'):   linux_aarch64_sigreturn,
         (32, 'riscv32', 'linux'):   linux_riscv32_sigreturn,
         (64, 'riscv64', 'linux'):   linux_riscv64_sigreturn,
+        (64, 'loongarch64', 'linux'):   linux_loongarch64_sigreturn,
         (32, 'i386', 'freebsd'):  freebsd_i386_sigreturn,
         (64, 'amd64', 'freebsd'): freebsd_amd64_sigreturn,
         (32, 'arm', 'freebsd'):   freebsd_arm_sigreturn,
@@ -148,6 +151,7 @@ class SigreturnABI(SyscallABI):
 linux_ppc64 = ABI('sp', ['r3', 'r4', 'r5', 'r6', 'r7', 'r8', 'r9', 'r10'], 8, 0)
 linux_riscv32 = ABI('sp', ['a0', 'a1', 'a2', 'a3', 'a4', 'a5', 'a6', 'a7'], 8, 0)
 linux_riscv64 = ABI('sp', ['a0', 'a1', 'a2', 'a3', 'a4', 'a5', 'a6', 'a7'], 8, 0)
+linux_loongarch64 = ABI('sp', ['a0', 'a1', 'a2', 'a3', 'a4', 'a5', 'a6', 'a7'], 8, 0)
 
 sysv_i386 = linux_i386
 sysv_amd64 = linux_amd64
@@ -158,6 +162,7 @@ class SigreturnABI(SyscallABI):
 sysv_ppc64 = linux_ppc64
 sysv_riscv32 = linux_riscv32
 sysv_riscv64 = linux_riscv64
+sysv_loongarch64 = linux_loongarch64
 
 # Docs: https://man7.org/linux/man-pages/man2/syscall.2.html
 linux_i386_syscall = SyscallABI('esp', ['eax', 'ebx', 'ecx', 'edx', 'esi', 'edi', 'ebp'], 4, 0)
@@ -169,20 +174,23 @@ class SigreturnABI(SyscallABI):
 linux_ppc64_syscall = SyscallABI('sp', ['r0', 'r3', 'r4', 'r5', 'r6', 'r7', 'r8'], 8, 0)
 linux_riscv32_syscall = SyscallABI('sp', ['a7', 'a0', 'a1', 'a2', 'a3', 'a4', 'a5'], 4, 0)
 linux_riscv64_syscall = SyscallABI('sp', ['a7', 'a0', 'a1', 'a2', 'a3', 'a4', 'a5'], 8, 0)
+linux_loongarch64_syscall = SyscallABI('sp', ['a7', 'a0', 'a1', 'a2', 'a3', 'a4', 'a5', 'a6'], 8, 0)
 
 linux_i386_sigreturn = SigreturnABI('esp', ['eax'], 4, 0)
 linux_amd64_sigreturn = SigreturnABI('rsp', ['rax'], 8, 0)
 linux_arm_sigreturn = SigreturnABI('sp', ['r7'], 4, 0)
 linux_aarch64_sigreturn = SigreturnABI('sp', ['x8'], 16, 0)
 linux_riscv32_sigreturn = SigreturnABI('sp', ['a7'], 4, 0)
 linux_riscv64_sigreturn = SigreturnABI('sp', ['a7'], 8, 0)
+linux_loongarch64_sigreturn = SigreturnABI('sp', ['a7'], 8, 0)
 
 sysv_i386_sigreturn = linux_i386_sigreturn
 sysv_amd64_sigreturn = linux_amd64_sigreturn
 sysv_arm_sigreturn = linux_arm_sigreturn
 sysv_aarch64_sigreturn = linux_aarch64_sigreturn
 sysv_riscv32_sigreturn = linux_riscv32_sigreturn
 sysv_riscv64_sigreturn = linux_riscv64_sigreturn
+sysv_loongarch64_sigreturn = linux_loongarch64_sigreturn
 
 freebsd_i386 = sysv_i386
 freebsd_amd64 = sysv_amd64

pwnlib/asm.py

@@ -190,6 +190,7 @@ def which_binutils(util, check_version=False):
         'sparc64': ['sparc'],
         'riscv32': ['riscv32', 'riscv64', 'riscv'],
         'riscv64': ['riscv64', 'riscv32', 'riscv'],
+        'loongarch64': ['loongarch64', 'loong64'],
     }.get(arch, [])
 
     # If one of the candidate architectures matches the native
@@ -275,6 +276,9 @@ def _assembler():
         # riscv64-unknown-elf-as supports riscv32 as well as riscv64
         'riscv32': [gas, '-march=rv32gc', '-mabi=ilp32'],
         'riscv64': [gas, '-march=rv64gc', '-mabi=lp64'],
+
+        # loongarch64 supports none of -64, -EB, -EL or -march
+        'loongarch64'  : [gas],
     }
 
     assembler = assemblers.get(context.arch, [gas])
@@ -376,6 +380,7 @@ def _bfdname():
         'powerpc64' : 'elf64-powerpc',
         'riscv32' : 'elf%d-%sriscv' % (context.bits, E),
         'riscv64' : 'elf%d-%sriscv' % (context.bits, E),
+        'loongarch64' : 'elf%d-loongarch' % context.bits,
         'vax'     : 'elf32-vax',
         's390'    : 'elf%d-s390' % context.bits,
         'sparc'   : 'elf32-sparc',
@@ -400,6 +405,7 @@ def _bfdarch():
         'thumb':     'arm',
         'riscv32':   'riscv',
         'riscv64':   'riscv',
+        'loongarch64': 'loongarch64'
     }
 
     if arch in convert: