Bug 196671

Summary: TUN(GET/ATTACH/DETACH)FILTER ioctls fail in a x86-32 process on an x86-64 kernel
Product: Networking Reporter: Robert O'Callahan (robert)
Component: OtherAssignee: Stephen Hemminger (stephen)
Status: NEW ---    
Severity: normal    
Priority: P1    
Hardware: All   
OS: Linux   
Kernel Version: 4.12.0 (Linus) Subsystem:
Regression: No Bisected commit-id:
Attachments: testcase

Description Robert O'Callahan 2017-08-15 14:21:36 UTC 
These ioctls take a 'struct sock_fprog' but there's no 32-bit compat code, which has two consequences:

1) The ioctl numbers are incorrect for 32-bit processes running on a 64-bit kernel. The userspace ioctl numbers use an 8-byte 'size' field but the kernel expects a 16-byte size field, so the ioctls fail with EINVAL. You can hack around this by handcoding the 64-bit ioctl number.

2) Userspace must supply a sock_fprog with the 64-bit layout.

Of course these workarounds assume you're running on a 64-bit kernel, so they're no good if you might be running on a 32-bit kernel.
Comment 1 Robert O'Callahan 2017-08-15 14:29:28 UTC 
Created attachment 257925 [details]
testcase

The testcase passes when built 64-bit (and run as root); it fails when built 32-bit (and run as root).