#!/bin/bash
set -euo pipefail
# Build + boot helper for the CVE-2026-43456 ip6gre variant. Reuses the cached
# vulnerable/fixed kernel (bzImage + vuln/fixed bonding.ko with ipgre/ip6gre
# printks already injected) and cached Ubuntu noble rootfs base.
ROOT="/data/pruva/runs/1b67fc45-76d0-4de7-8a54-e70b21d873e7"
CACHE_DIR="/data/pruva/project-cache/6cba72b6-b104-4ebf-be7b-01f748e87ccf"
BOND="$CACHE_DIR/kernels/bond7rc2"
STAGE="$CACHE_DIR/bond-mod-stage-7rc2"
BASE="$CACHE_DIR/bond-rootfs-base-7rc2"
KVER="7.0.0-rc2"
VULN_MODS="$CACHE_DIR/bond-mods-7rc2/vuln"
FIXED_MODS="$CACHE_DIR/bond-mods-7rc2/fixed"
POPMOD6="$CACHE_DIR/populate-mod6/populate_hlen6.ko"
INIT="$ROOT/bundle/vuln_variant/bond_variant_init"
LOGS="$ROOT/bundle/logs"
mkdir -p "$LOGS"

build_rootfs() {
    local name="$1"      # vuln | fixed
    local modsdir="$2"
    local rootfs="$CACHE_DIR/bond-var-rootfs-${name}"
    local img="$BOND/var-${name}-rootfs.img"
    echo ">> building $name rootfs"
    sudo rm -rf "$rootfs"; sudo cp -a "$BASE" "$rootfs"
    sudo cp "$INIT" "$rootfs/init"; sudo chmod 755 "$rootfs/init"
    sudo mkdir -p "$rootfs/root/mods"
    # bonding module = the variant under test (vuln vs fixed)
    sudo cp "$modsdir/bonding.ko" "$rootfs/lib/modules/$KVER/kernel/drivers/net/bonding/bonding.ko"
    sudo cp "$modsdir/bonding.ko" "$rootfs/root/mods/bonding.ko"
    # ip6gre dependency chain + dummy + populate helper
    for m in dummy ip6_tunnel tunnel6 ip6_gre; do
        local f=$(find "$STAGE" -name $m.ko 2>/dev/null | head -1)
        [ -n "$f" ] && sudo cp "$f" "$rootfs/root/mods/$m.ko"
    done
    sudo cp "$POPMOD6" "$rootfs/root/mods/populate_hlen6.ko"
    sudo depmod -b "$rootfs" "$KVER" 2>/dev/null || true
    local blocks; blocks=$(sudo du -sk "$rootfs" | cut -f1); blocks=$((blocks + 40000))
    rm -f "$img"
    sudo genext2fs -b "$blocks" -d "$rootfs" "$img" >/dev/null 2>&1
    sudo chown "$(id -u):$(id -g)" "$img" 2>/dev/null || true
    echo "   image: $img ($(stat -c%s "$img") bytes)"
}

run_vm() {
    local name="$1"; local img="$BOND/var-${name}-rootfs.img"; local log="$LOGS/qemu_var_${name}.log"
    echo ">> booting $name kernel ($KVER) in QEMU"
    timeout 300 qemu-system-x86_64 \
        -m 4096 -smp 4 -no-reboot -nographic -snapshot \
        -kernel "$BOND/bzImage" \
        -drive file="$img",if=virtio,format=raw \
        -append "root=/dev/vda rootwait init=/init console=ttyS0,115200 panic=1 oops=panic loglevel=7 nokaslr rw" \
        > "$log" 2>&1 || true
    echo "   log: $log (qemu exit done)"
}

build_rootfs vuln  "$VULN_MODS"
build_rootfs fixed "$FIXED_MODS"
run_vm vuln
run_vm fixed

echo ""
echo "================ ANALYSIS ================"
for name in vuln fixed; do
    log="$LOGS/qemu_var_${name}.log"
    echo "--- $name ---"
    grep -E 'CVE-2026-43456 VAR\(ip6gre\)|CVE-2026-43456 ip6gre_header|RESULT:|kernel BUG at net/core/skbuff|Oops:|Kernel panic|invalid opcode|RIP: 0010:pskb_expand_head|Call Trace:|ip6gre_header\+' "$log" | head -25 || true
    echo ""
done
