These ioctls take a 'struct sock_fprog' but there's no 32-bit compat code, which has two consequences: 1) The ioctl numbers are incorrect for 32-bit processes running on a 64-bit kernel. The userspace ioctl numbers use an 8-byte 'size' field but the kernel expects a 16-byte size field, so the ioctls fail with EINVAL. You can hack around this by handcoding the 64-bit ioctl number. 2) Userspace must supply a sock_fprog with the 64-bit layout. Of course these workarounds assume you're running on a 64-bit kernel, so they're no good if you might be running on a 32-bit kernel.
Created attachment 257925 [details] testcase The testcase passes when built 64-bit (and run as root); it fails when built 32-bit (and run as root).