sys/linux/test: add a test for bpf_cgroup_sysctl

- Add a test for BPF_PROG_TYPE_CGROUP_SYSCTL. This could be used as a
corpus.
- Remove an unnecessary file sys/linux/bpf_lsm.txt.const.

1 files changed, 25 insertions, 0 deletions

diff --git a/sys/linux/test/bpf_cgroup b/sys/linux/test/bpf_cgroup
new file mode 100644
index 000000000..026470f3d
--- /dev/null
+++ b/sys/linux/test/bpf_cgroup
@@ -0,0 +1,25 @@
+# First, write to an entry of /proc/sys. It should work fine.
+
+r0 = openat$tcp_congestion(AUTO, &AUTO='/proc/sys/net/ipv4/tcp_congestion_control', AUTO, AUTO)
+
+r1 = write$tcp_congestion(r0, &AUTO='reno\x00', AUTO)
+
+# Now, load a BPF_PROG_TYPE_CGROUP_SYSCTL that simply returns 0, which will block all writes to /proc/sys
+
+r2 = bpf$PROG_LOAD(AUTO, &AUTO={0x17, AUTO, &AUTO=@framed={{AUTO, AUTO, AUTO, AUTO, 0x0, AUTO, AUTO, AUTO, 0x0}, [], {AUTO, AUTO, AUTO, AUTO}}, &AUTO='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x78)
+
+r3 = openat(0xffffffffffffff9c, &AUTO='./cgroup\x00', 0x0, 0x0)
+
+r4 = bpf$BPF_PROG_ATTACH(AUTO, &AUTO={@cgroup=r3, r2, 0x12, 0x0, 0x0}, AUTO)
+
+# It should fail now.
+
+r5 = write$tcp_congestion(r0, &AUTO='reno\x00', AUTO) # EPERM
+
+# Detach the BPF program.
+
+r6 = bpf$BPF_PROG_DETACH(AUTO, &AUTO={@cgroup=r3, r2, 0x12, 0x0}, AUTO)
+
+# It should work again.
+
+r7 = write$tcp_congestion(r0, &AUTO='reno\x00', AUTO)