DragonFlyBSD Kernel Audit
DF-0003 / run.sh
← back to finding ↓ download raw
#!/bin/sh
# DF-0003 run: load the control (unit=0, must be clean) then the trigger
# (unit=-2, must panic).  Run as root on the DragonFly guest.
#
#   sh build.sh && sudo sh run.sh
#
# The control prints a marker and the guest stays up.  The trigger panics the
# guest (serial console captures it in dfbsd-qemu/boot.log).  The ONLY
# difference between the two .ko files is the literal unit passed to
# device_add_child(): 0 vs -2.
set -eu
DIR="$(dirname "$0")"

echo "==== STEP 1: CONTROL (unit=0) -- expect clean load ===="
kldload "$DIR/poc_ctrl.ko" && echo "kldload poc_ctrl.ko: OK (guest still up)"
echo

echo "==== STEP 2: TRIGGER (unit=-2) -- expect kernel panic ===="
echo "(ssh/session will die mid-load when the kernel page-faults;"
echo " the panic signature is captured on the serial console.)"
kldload "$DIR/poc_negunit.ko" || true
echo
echo "If you see this, the trigger did NOT panic -- something changed."