From b6cd37e38acccec1421055549f46948d667f0e60 Mon Sep 17 00:00:00 2001
From: Cheng-Min Chiang <chmnchiang@gmail.com>
Date: Wed, 2 Dec 2020 22:58:40 +0800
Subject: sys/linux/test: add a test for bpf_cgroup_sysctl

- Add a test for BPF_PROG_TYPE_CGROUP_SYSCTL. This could be used as a
corpus.
- Remove an unnecessary file sys/linux/bpf_lsm.txt.const.
---
 sys/linux/test/bpf_cgroup | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)
 create mode 100644 sys/linux/test/bpf_cgroup

(limited to 'sys/linux/test')

diff --git a/sys/linux/test/bpf_cgroup b/sys/linux/test/bpf_cgroup
new file mode 100644
index 000000000..026470f3d
--- /dev/null
+++ b/sys/linux/test/bpf_cgroup
@@ -0,0 +1,25 @@
+# First, write to an entry of /proc/sys. It should work fine.
+
+r0 = openat$tcp_congestion(AUTO, &AUTO='/proc/sys/net/ipv4/tcp_congestion_control', AUTO, AUTO)
+
+r1 = write$tcp_congestion(r0, &AUTO='reno\x00', AUTO)
+
+# Now, load a BPF_PROG_TYPE_CGROUP_SYSCTL that simply returns 0, which will block all writes to /proc/sys
+
+r2 = bpf$PROG_LOAD(AUTO, &AUTO={0x17, AUTO, &AUTO=@framed={{AUTO, AUTO, AUTO, AUTO, 0x0, AUTO, AUTO, AUTO, 0x0}, [], {AUTO, AUTO, AUTO, AUTO}}, &AUTO='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x78)
+
+r3 = openat(0xffffffffffffff9c, &AUTO='./cgroup\x00', 0x0, 0x0)
+
+r4 = bpf$BPF_PROG_ATTACH(AUTO, &AUTO={@cgroup=r3, r2, 0x12, 0x0, 0x0}, AUTO)
+
+# It should fail now.
+
+r5 = write$tcp_congestion(r0, &AUTO='reno\x00', AUTO) # EPERM
+
+# Detach the BPF program.
+
+r6 = bpf$BPF_PROG_DETACH(AUTO, &AUTO={@cgroup=r3, r2, 0x12, 0x0}, AUTO)
+
+# It should work again.
+
+r7 = write$tcp_congestion(r0, &AUTO='reno\x00', AUTO)
-- 
cgit mrf-deployment