On Thu, Nov 28, 2019 at 09:51:28PM -0800, Max Filippov wrote: > USER_NOTIF_MAGIC is used to both initialize seccomp_notif_resp::val and > verify syscall resturn value. On 32-bit architectures syscall return > value has type long, but the value of USER_NOTIF_MAGIC has type long > long because it doesn't fit into long. As a result all syscall return > value comparisons with USER_NOTIF_MAGIC are false. This is also reported > by the compiler when '-W' is added to CFLAGS. Hi! Thanks for sending this. There is already a patch in the pipeline for getting it fixed; it should show up in Linus's tree soon: https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git/commit/?h=for-next/seccomp&id=223e660bc7638d126a0e4fbace4f33f2895788c4 -- Kees Cook
