DF-0039 / run.sh
#!/bin/sh # DF-0039 run: hammers the ptsopen TOCTOU race as the unprivileged user. # # On a kernel where the race is reachable this panics the guest within # seconds to minutes. On the current master DEV kernel (GCC 8.3 -O2) # it will NOT panic: the compiler has CSE-fused the two dev->si_drv1 # reads in ptsopen into a single load (see VERDICT.md). This script # runs for 60 s by default; the negative result is the evidence. set -e cd "$(dirname "$0")" DURATION="${1:-60}" echo "[run.sh] racing for ${DURATION}s..." timeout "$((DURATION + 10))" sh -c " ./pts_race > run.log 2>&1 & PID=\$! sleep '$DURATION' kill -9 \$PID 2>/dev/null wait \$PID 2>/dev/null " echo "--- last lines of run.log ---" tail -5 run.log echo "[run.sh] done. If the kernel panicked, the guest is now down (check boot.log)." |