#!/bin/sh
# DF-0039 run: hammers the ptsopen TOCTOU race as the unprivileged user.
#
# On a kernel where the race is reachable this panics the guest within
# seconds to minutes.  On the current master DEV kernel (GCC 8.3 -O2)
# it will NOT panic: the compiler has CSE-fused the two dev->si_drv1
# reads in ptsopen into a single load (see VERDICT.md).  This script
# runs for 60 s by default; the negative result is the evidence.
set -e
cd "$(dirname "$0")"
DURATION="${1:-60}"
echo "[run.sh] racing for ${DURATION}s..."
timeout "$((DURATION + 10))" sh -c "
	./pts_race > run.log 2>&1 &
	PID=\$!
	sleep '$DURATION'
	kill -9 \$PID 2>/dev/null
	wait \$PID 2>/dev/null
"
echo "--- last lines of run.log ---"
tail -5 run.log
echo "[run.sh] done. If the kernel panicked, the guest is now down (check boot.log)."
