mirror of https://github.com/mkerrisk/man-pages
2533 lines
66 KiB
Groff
2533 lines
66 KiB
Groff
.\" Copyright (C) 1998 Andries Brouwer (aeb@cwi.nl)
|
|
.\" and Copyright (C) 2002, 2006, 2008, 2012, 2013, 2015 Michael Kerrisk <mtk.manpages@gmail.com>
|
|
.\" and Copyright Guillem Jover <guillem@hadrons.org>
|
|
.\" and Copyright (C) 2010 Andi Kleen <andi@firstfloor.org>
|
|
.\" and Copyright (C) 2012 Cyrill Gorcunov <gorcunov@openvz.org>
|
|
.\" and Copyright (C) 2014 Dave Hansen / Intel
|
|
.\" and Copyright (c) 2016 Eugene Syromyatnikov <evgsyr@gmail.com>
|
|
.\" and Copyright (c) 2018 Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
|
|
.\" and Copyright (c) 2020 Dave Martin <Dave.Martin@arm.com>
|
|
.\"
|
|
.\" %%%LICENSE_START(VERBATIM)
|
|
.\" Permission is granted to make and distribute verbatim copies of this
|
|
.\" manual provided the copyright notice and this permission notice are
|
|
.\" preserved on all copies.
|
|
.\"
|
|
.\" Permission is granted to copy and distribute modified versions of this
|
|
.\" manual under the conditions for verbatim copying, provided that the
|
|
.\" entire resulting derived work is distributed under the terms of a
|
|
.\" permission notice identical to this one.
|
|
.\"
|
|
.\" Since the Linux kernel and libraries are constantly changing, this
|
|
.\" manual page may be incorrect or out-of-date. The author(s) assume no
|
|
.\" responsibility for errors or omissions, or for damages resulting from
|
|
.\" the use of the information contained herein. The author(s) may not
|
|
.\" have taken the same level of care in the production of this manual,
|
|
.\" which is licensed free of charge, as they might when working
|
|
.\" professionally.
|
|
.\"
|
|
.\" Formatted or processed versions of this manual, if unaccompanied by
|
|
.\" the source, must acknowledge the copyright and authors of this work.
|
|
.\" %%%LICENSE_END
|
|
.\"
|
|
.\" Modified Thu Nov 11 04:19:42 MET 1999, aeb: added PR_GET_PDEATHSIG
|
|
.\" Modified 27 Jun 02, Michael Kerrisk
|
|
.\" Added PR_SET_DUMPABLE, PR_GET_DUMPABLE,
|
|
.\" PR_SET_KEEPCAPS, PR_GET_KEEPCAPS
|
|
.\" Modified 2006-08-30 Guillem Jover <guillem@hadrons.org>
|
|
.\" Updated Linux versions where the options where introduced.
|
|
.\" Added PR_SET_TIMING, PR_GET_TIMING, PR_SET_NAME, PR_GET_NAME,
|
|
.\" PR_SET_UNALIGN, PR_GET_UNALIGN, PR_SET_FPEMU, PR_GET_FPEMU,
|
|
.\" PR_SET_FPEXC, PR_GET_FPEXC
|
|
.\" 2008-04-29 Serge Hallyn, Document PR_CAPBSET_READ and PR_CAPBSET_DROP
|
|
.\" 2008-06-13 Erik Bosman, <ejbosman@cs.vu.nl>
|
|
.\" Document PR_GET_TSC and PR_SET_TSC.
|
|
.\" 2008-06-15 mtk, Document PR_SET_SECCOMP, PR_GET_SECCOMP
|
|
.\" 2009-10-03 Andi Kleen, document PR_MCE_KILL
|
|
.\" 2012-04 Cyrill Gorcunov, Document PR_SET_MM
|
|
.\" 2012-04-25 Michael Kerrisk, Document PR_TASK_PERF_EVENTS_DISABLE and
|
|
.\" PR_TASK_PERF_EVENTS_ENABLE
|
|
.\" 2012-09-20 Kees Cook, update PR_SET_SECCOMP for mode 2
|
|
.\" 2012-09-20 Kees Cook, document PR_SET_NO_NEW_PRIVS, PR_GET_NO_NEW_PRIVS
|
|
.\" 2012-10-25 Michael Kerrisk, Document PR_SET_TIMERSLACK and
|
|
.\" PR_GET_TIMERSLACK
|
|
.\" 2013-01-10 Kees Cook, document PR_SET_PTRACER
|
|
.\" 2012-02-04 Michael Kerrisk, document PR_{SET,GET}_CHILD_SUBREAPER
|
|
.\" 2014-11-10 Dave Hansen, document PR_MPX_{EN,DIS}ABLE_MANAGEMENT
|
|
.\"
|
|
.\"
|
|
.TH PRCTL 2 2021-03-22 "Linux" "Linux Programmer's Manual"
|
|
.SH NAME
|
|
prctl \- operations on a process or thread
|
|
.SH SYNOPSIS
|
|
.nf
|
|
.B #include <sys/prctl.h>
|
|
.PP
|
|
.BI "int prctl(int " option ", unsigned long " arg2 ", unsigned long " arg3 ,
|
|
.BI " unsigned long " arg4 ", unsigned long " arg5 );
|
|
.fi
|
|
.SH DESCRIPTION
|
|
.BR prctl ()
|
|
manipulates various aspects of the behavior
|
|
of the calling thread or process.
|
|
.PP
|
|
Note that careless use of some
|
|
.BR prctl ()
|
|
operations can confuse the user-space run-time environment,
|
|
so these operations should be used with care.
|
|
.PP
|
|
.BR prctl ()
|
|
is called with a first argument describing what to do
|
|
(with values defined in \fI<linux/prctl.h>\fP), and further
|
|
arguments with a significance depending on the first one.
|
|
The first argument can be:
|
|
.\"
|
|
.\" prctl PR_CAP_AMBIENT
|
|
.TP
|
|
.BR PR_CAP_AMBIENT " (since Linux 4.3)"
|
|
.\" commit 58319057b7847667f0c9585b9de0e8932b0fdb08
|
|
Reads or changes the ambient capability set of the calling thread,
|
|
according to the value of
|
|
.IR arg2 ,
|
|
which must be one of the following:
|
|
.RS
|
|
.\"
|
|
.TP
|
|
.B PR_CAP_AMBIENT_RAISE
|
|
The capability specified in
|
|
.I arg3
|
|
is added to the ambient set.
|
|
The specified capability must already be present in
|
|
both the permitted and the inheritable sets of the process.
|
|
This operation is not permitted if the
|
|
.B SECBIT_NO_CAP_AMBIENT_RAISE
|
|
securebit is set.
|
|
.TP
|
|
.B PR_CAP_AMBIENT_LOWER
|
|
The capability specified in
|
|
.I arg3
|
|
is removed from the ambient set.
|
|
.TP
|
|
.B PR_CAP_AMBIENT_IS_SET
|
|
The
|
|
.BR prctl ()
|
|
call returns 1 if the capability in
|
|
.I arg3
|
|
is in the ambient set and 0 if it is not.
|
|
.TP
|
|
.BR PR_CAP_AMBIENT_CLEAR_ALL
|
|
All capabilities will be removed from the ambient set.
|
|
This operation requires setting
|
|
.I arg3
|
|
to zero.
|
|
.RE
|
|
.IP
|
|
In all of the above operations,
|
|
.I arg4
|
|
and
|
|
.I arg5
|
|
must be specified as 0.
|
|
.IP
|
|
Higher-level interfaces layered on top of the above operations are
|
|
provided in the
|
|
.BR libcap (3)
|
|
library in the form of
|
|
.BR cap_get_ambient (3),
|
|
.BR cap_set_ambient (3),
|
|
and
|
|
.BR cap_reset_ambient (3).
|
|
.\" prctl PR_CAPBSET_READ
|
|
.TP
|
|
.BR PR_CAPBSET_READ " (since Linux 2.6.25)"
|
|
Return (as the function result) 1 if the capability specified in
|
|
.I arg2
|
|
is in the calling thread's capability bounding set,
|
|
or 0 if it is not.
|
|
(The capability constants are defined in
|
|
.IR <linux/capability.h> .)
|
|
The capability bounding set dictates
|
|
whether the process can receive the capability through a
|
|
file's permitted capability set on a subsequent call to
|
|
.BR execve (2).
|
|
.IP
|
|
If the capability specified in
|
|
.I arg2
|
|
is not valid, then the call fails with the error
|
|
.BR EINVAL .
|
|
.IP
|
|
A higher-level interface layered on top of this operation is provided in the
|
|
.BR libcap (3)
|
|
library in the form of
|
|
.BR cap_get_bound (3).
|
|
.\" prctl PR_CAPBSET_DROP
|
|
.TP
|
|
.BR PR_CAPBSET_DROP " (since Linux 2.6.25)"
|
|
If the calling thread has the
|
|
.B CAP_SETPCAP
|
|
capability within its user namespace, then drop the capability specified by
|
|
.I arg2
|
|
from the calling thread's capability bounding set.
|
|
Any children of the calling thread will inherit the newly
|
|
reduced bounding set.
|
|
.IP
|
|
The call fails with the error:
|
|
.B EPERM
|
|
if the calling thread does not have the
|
|
.BR CAP_SETPCAP ;
|
|
.BR EINVAL
|
|
if
|
|
.I arg2
|
|
does not represent a valid capability; or
|
|
.BR EINVAL
|
|
if file capabilities are not enabled in the kernel,
|
|
in which case bounding sets are not supported.
|
|
.IP
|
|
A higher-level interface layered on top of this operation is provided in the
|
|
.BR libcap (3)
|
|
library in the form of
|
|
.BR cap_drop_bound (3).
|
|
.\" prctl PR_SET_CHILD_SUBREAPER
|
|
.TP
|
|
.BR PR_SET_CHILD_SUBREAPER " (since Linux 3.4)"
|
|
.\" commit ebec18a6d3aa1e7d84aab16225e87fd25170ec2b
|
|
If
|
|
.I arg2
|
|
is nonzero,
|
|
set the "child subreaper" attribute of the calling process;
|
|
if
|
|
.I arg2
|
|
is zero, unset the attribute.
|
|
.IP
|
|
A subreaper fulfills the role of
|
|
.BR init (1)
|
|
for its descendant processes.
|
|
When a process becomes orphaned
|
|
(i.e., its immediate parent terminates),
|
|
then that process will be reparented to
|
|
the nearest still living ancestor subreaper.
|
|
Subsequently, calls to
|
|
.BR getppid (2)
|
|
in the orphaned process will now return the PID of the subreaper process,
|
|
and when the orphan terminates, it is the subreaper process that
|
|
will receive a
|
|
.BR SIGCHLD
|
|
signal and will be able to
|
|
.BR wait (2)
|
|
on the process to discover its termination status.
|
|
.IP
|
|
The setting of the "child subreaper" attribute
|
|
is not inherited by children created by
|
|
.BR fork (2)
|
|
and
|
|
.BR clone (2).
|
|
The setting is preserved across
|
|
.BR execve (2).
|
|
.IP
|
|
Establishing a subreaper process is useful in session management frameworks
|
|
where a hierarchical group of processes is managed by a subreaper process
|
|
that needs to be informed when one of the processes\(emfor example,
|
|
a double-forked daemon\(emterminates
|
|
(perhaps so that it can restart that process).
|
|
Some
|
|
.BR init (1)
|
|
frameworks (e.g.,
|
|
.BR systemd (1))
|
|
employ a subreaper process for similar reasons.
|
|
.\" prctl PR_GET_CHILD_SUBREAPER
|
|
.TP
|
|
.BR PR_GET_CHILD_SUBREAPER " (since Linux 3.4)"
|
|
Return the "child subreaper" setting of the caller,
|
|
in the location pointed to by
|
|
.IR "(int\ *) arg2" .
|
|
.\" prctl PR_SET_DUMPABLE
|
|
.TP
|
|
.BR PR_SET_DUMPABLE " (since Linux 2.3.20)"
|
|
Set the state of the "dumpable" attribute,
|
|
which determines whether core dumps are produced for the calling process
|
|
upon delivery of a signal whose default behavior is to produce a core dump.
|
|
.IP
|
|
In kernels up to and including 2.6.12,
|
|
.I arg2
|
|
must be either 0
|
|
.RB ( SUID_DUMP_DISABLE ,
|
|
process is not dumpable) or 1
|
|
.RB ( SUID_DUMP_USER ,
|
|
process is dumpable).
|
|
Between kernels 2.6.13 and 2.6.17,
|
|
.\" commit abf75a5033d4da7b8a7e92321d74021d1fcfb502
|
|
the value 2 was also permitted,
|
|
which caused any binary which normally would not be dumped
|
|
to be dumped readable by root only;
|
|
for security reasons, this feature has been removed.
|
|
.\" See http://marc.theaimsgroup.com/?l=linux-kernel&m=115270289030630&w=2
|
|
.\" Subject: Fix prctl privilege escalation (CVE-2006-2451)
|
|
.\" From: Marcel Holtmann <marcel () holtmann ! org>
|
|
.\" Date: 2006-07-12 11:12:00
|
|
(See also the description of
|
|
.I /proc/sys/fs/\:suid_dumpable
|
|
in
|
|
.BR proc (5).)
|
|
.IP
|
|
Normally, the "dumpable" attribute is set to 1.
|
|
However, it is reset to the current value contained in the file
|
|
.IR /proc/sys/fs/\:suid_dumpable
|
|
(which by default has the value 0),
|
|
in the following circumstances:
|
|
.\" See kernel/cred.c::commit_creds() (Linux 3.18 sources)
|
|
.RS
|
|
.IP * 3
|
|
The process's effective user or group ID is changed.
|
|
.IP *
|
|
The process's filesystem user or group ID is changed (see
|
|
.BR credentials (7)).
|
|
.IP *
|
|
The process executes
|
|
.RB ( execve (2))
|
|
a set-user-ID or set-group-ID program, resulting in a change
|
|
of either the effective user ID or the effective group ID.
|
|
.IP *
|
|
The process executes
|
|
.RB ( execve (2))
|
|
a program that has file capabilities (see
|
|
.BR capabilities (7)),
|
|
.\" See kernel/cred.c::commit_creds()
|
|
but only if the permitted capabilities
|
|
gained exceed those already permitted for the process.
|
|
.\" Also certain namespace operations;
|
|
.RE
|
|
.IP
|
|
Processes that are not dumpable can not be attached via
|
|
.BR ptrace (2)
|
|
.BR PTRACE_ATTACH ;
|
|
see
|
|
.BR ptrace (2)
|
|
for further details.
|
|
.IP
|
|
If a process is not dumpable,
|
|
the ownership of files in the process's
|
|
.IR /proc/[pid]
|
|
directory is affected as described in
|
|
.BR proc (5).
|
|
.\" prctl PR_GET_DUMPABLE
|
|
.TP
|
|
.BR PR_GET_DUMPABLE " (since Linux 2.3.20)"
|
|
Return (as the function result) the current state of the calling
|
|
process's dumpable attribute.
|
|
.\" Since Linux 2.6.13, the dumpable flag can have the value 2,
|
|
.\" but in 2.6.13 PR_GET_DUMPABLE simply returns 1 if the dumpable
|
|
.\" flags has a nonzero value. This was fixed in 2.6.14.
|
|
.\" prctl PR_SET_ENDIAN
|
|
.TP
|
|
.BR PR_SET_ENDIAN " (since Linux 2.6.18, PowerPC only)"
|
|
Set the endian-ness of the calling process to the value given
|
|
in \fIarg2\fP, which should be one of the following:
|
|
.\" Respectively 0, 1, 2
|
|
.BR PR_ENDIAN_BIG ,
|
|
.BR PR_ENDIAN_LITTLE ,
|
|
or
|
|
.B PR_ENDIAN_PPC_LITTLE
|
|
(PowerPC pseudo little endian).
|
|
.\" prctl PR_GET_ENDIAN
|
|
.TP
|
|
.BR PR_GET_ENDIAN " (since Linux 2.6.18, PowerPC only)"
|
|
Return the endian-ness of the calling process,
|
|
in the location pointed to by
|
|
.IR "(int\ *) arg2" .
|
|
.\" prctl PR_SET_FP_MODE
|
|
.TP
|
|
.BR PR_SET_FP_MODE " (since Linux 4.0, only on MIPS)"
|
|
.\" commit 9791554b45a2acc28247f66a5fd5bbc212a6b8c8
|
|
On the MIPS architecture,
|
|
user-space code can be built using an ABI which permits linking
|
|
with code that has more restrictive floating-point (FP) requirements.
|
|
For example, user-space code may be built to target the O32 FPXX ABI
|
|
and linked with code built for either one of the more restrictive
|
|
FP32 or FP64 ABIs.
|
|
When more restrictive code is linked in,
|
|
the overall requirement for the process is to use the more
|
|
restrictive floating-point mode.
|
|
.IP
|
|
Because the kernel has no means of knowing in advance
|
|
which mode the process should be executed in,
|
|
and because these restrictions can
|
|
change over the lifetime of the process, the
|
|
.B PR_SET_FP_MODE
|
|
operation is provided to allow control of the floating-point mode
|
|
from user space.
|
|
.IP
|
|
.\" https://dmz-portal.mips.com/wiki/MIPS_O32_ABI_-_FR0_and_FR1_Interlinking
|
|
The
|
|
.I (unsigned int) arg2
|
|
argument is a bit mask describing the floating-point mode used:
|
|
.RS
|
|
.TP
|
|
.BR PR_FP_MODE_FR
|
|
When this bit is
|
|
.I unset
|
|
(so called
|
|
.BR FR=0 " or " FR0
|
|
mode), the 32 floating-point registers are 32 bits wide,
|
|
and 64-bit registers are represented as a pair of registers
|
|
(even- and odd- numbered,
|
|
with the even-numbered register containing the lower 32 bits,
|
|
and the odd-numbered register containing the higher 32 bits).
|
|
.IP
|
|
When this bit is
|
|
.I set
|
|
(on supported hardware),
|
|
the 32 floating-point registers are 64 bits wide (so called
|
|
.BR FR=1 " or " FR1
|
|
mode).
|
|
Note that modern MIPS implementations (MIPS R6 and newer) support
|
|
.B FR=1
|
|
mode only.
|
|
.IP
|
|
Applications that use the O32 FP32 ABI can operate only when this bit is
|
|
.I unset
|
|
.RB ( FR=0 ;
|
|
or they can be used with FRE enabled, see below).
|
|
Applications that use the O32 FP64 ABI
|
|
(and the O32 FP64A ABI, which exists to
|
|
provide the ability to operate with existing FP32 code; see below)
|
|
can operate only when this bit is
|
|
.I set
|
|
.RB ( FR=1 ).
|
|
Applications that use the O32 FPXX ABI can operate with either
|
|
.BR FR=0
|
|
or
|
|
.BR FR=1 .
|
|
.TP
|
|
.BR PR_FP_MODE_FRE
|
|
Enable emulation of 32-bit floating-point mode.
|
|
When this mode is enabled,
|
|
it emulates 32-bit floating-point operations
|
|
by raising a reserved-instruction exception
|
|
on every instruction that uses 32-bit formats and
|
|
the kernel then handles the instruction in software.
|
|
(The problem lies in the discrepancy of handling odd-numbered registers
|
|
which are the high 32 bits of 64-bit registers with even numbers in
|
|
.B FR=0
|
|
mode and the lower 32-bit parts of odd-numbered 64-bit registers in
|
|
.B FR=1
|
|
mode.)
|
|
Enabling this bit is necessary when code with the O32 FP32 ABI should operate
|
|
with code with compatible the O32 FPXX or O32 FP64A ABIs (which require
|
|
.B FR=1
|
|
FPU mode) or when it is executed on newer hardware (MIPS R6 onwards)
|
|
which lacks
|
|
.B FR=0
|
|
mode support when a binary with the FP32 ABI is used.
|
|
.IP
|
|
Note that this mode makes sense only when the FPU is in 64-bit mode
|
|
.RB ( FR=1 ).
|
|
.IP
|
|
Note that the use of emulation inherently has a significant performance hit
|
|
and should be avoided if possible.
|
|
.RE
|
|
.IP
|
|
In the N32/N64 ABI, 64-bit floating-point mode is always used,
|
|
so FPU emulation is not required and the FPU always operates in
|
|
.B FR=1
|
|
mode.
|
|
.IP
|
|
This option is mainly intended for use by the dynamic linker
|
|
.RB ( ld.so (8)).
|
|
.IP
|
|
The arguments
|
|
.IR arg3 ,
|
|
.IR arg4 ,
|
|
and
|
|
.IR arg5
|
|
are ignored.
|
|
.\" prctl PR_GET_FP_MODE
|
|
.TP
|
|
.BR PR_GET_FP_MODE " (since Linux 4.0, only on MIPS)"
|
|
Return (as the function result)
|
|
the current floating-point mode (see the description of
|
|
.B PR_SET_FP_MODE
|
|
for details).
|
|
.IP
|
|
On success,
|
|
the call returns a bit mask which represents the current floating-point mode.
|
|
.IP
|
|
The arguments
|
|
.IR arg2 ,
|
|
.IR arg3 ,
|
|
.IR arg4 ,
|
|
and
|
|
.IR arg5
|
|
are ignored.
|
|
.\" prctl PR_SET_FPEMU
|
|
.TP
|
|
.BR PR_SET_FPEMU " (since Linux 2.4.18, 2.5.9, only on ia64)"
|
|
Set floating-point emulation control bits to \fIarg2\fP.
|
|
Pass
|
|
.B PR_FPEMU_NOPRINT
|
|
to silently emulate floating-point operation accesses, or
|
|
.B PR_FPEMU_SIGFPE
|
|
to not emulate floating-point operations and send
|
|
.B SIGFPE
|
|
instead.
|
|
.\" prctl PR_GET_FPEMU
|
|
.TP
|
|
.BR PR_GET_FPEMU " (since Linux 2.4.18, 2.5.9, only on ia64)"
|
|
Return floating-point emulation control bits,
|
|
in the location pointed to by
|
|
.IR "(int\ *) arg2" .
|
|
.\" prctl PR_SET_FPEXC
|
|
.TP
|
|
.BR PR_SET_FPEXC " (since Linux 2.4.21, 2.5.32, only on PowerPC)"
|
|
Set floating-point exception mode to \fIarg2\fP.
|
|
Pass \fBPR_FP_EXC_SW_ENABLE\fP to use FPEXC for FP exception enables,
|
|
\fBPR_FP_EXC_DIV\fP for floating-point divide by zero,
|
|
\fBPR_FP_EXC_OVF\fP for floating-point overflow,
|
|
\fBPR_FP_EXC_UND\fP for floating-point underflow,
|
|
\fBPR_FP_EXC_RES\fP for floating-point inexact result,
|
|
\fBPR_FP_EXC_INV\fP for floating-point invalid operation,
|
|
\fBPR_FP_EXC_DISABLED\fP for FP exceptions disabled,
|
|
\fBPR_FP_EXC_NONRECOV\fP for async nonrecoverable exception mode,
|
|
\fBPR_FP_EXC_ASYNC\fP for async recoverable exception mode,
|
|
\fBPR_FP_EXC_PRECISE\fP for precise exception mode.
|
|
.\" prctl PR_GET_FPEXC
|
|
.TP
|
|
.BR PR_GET_FPEXC " (since Linux 2.4.21, 2.5.32, only on PowerPC)"
|
|
Return floating-point exception mode,
|
|
in the location pointed to by
|
|
.IR "(int\ *) arg2" .
|
|
.\" prctl PR_SET_IO_FLUSHER
|
|
.TP
|
|
.BR PR_SET_IO_FLUSHER " (since Linux 5.6)"
|
|
If a user process is involved in the block layer or filesystem I/O path,
|
|
and can allocate memory while processing I/O requests it must set
|
|
\fIarg2\fP to 1.
|
|
This will put the process in the IO_FLUSHER state,
|
|
which allows it special treatment to make progress when allocating memory.
|
|
If \fIarg2\fP is 0, the process will clear the IO_FLUSHER state, and
|
|
the default behavior will be used.
|
|
.IP
|
|
The calling process must have the
|
|
.BR CAP_SYS_RESOURCE
|
|
capability.
|
|
.IP
|
|
.IR arg3 ,
|
|
.IR arg4 ,
|
|
and
|
|
.IR arg5
|
|
must be zero.
|
|
.IP
|
|
The IO_FLUSHER state is inherited by a child process created via
|
|
.BR fork (2)
|
|
and is preserved across
|
|
.BR execve (2).
|
|
.IP
|
|
Examples of IO_FLUSHER applications are FUSE daemons, SCSI device
|
|
emulation daemons, and daemons that perform error handling like multipath
|
|
path recovery applications.
|
|
.\" prctl PR_GET_IO_FLUSHER
|
|
.TP
|
|
.B PR_GET_IO_FLUSHER (Since Linux 5.6)
|
|
Return (as the function result) the IO_FLUSHER state of the caller.
|
|
A value of 1 indicates that the caller is in the IO_FLUSHER state;
|
|
0 indicates that the caller is not in the IO_FLUSHER state.
|
|
.IP
|
|
The calling process must have the
|
|
.BR CAP_SYS_RESOURCE
|
|
capability.
|
|
.IP
|
|
.IR arg2 ,
|
|
.IR arg3 ,
|
|
.IR arg4 ,
|
|
and
|
|
.IR arg5
|
|
must be zero.
|
|
.\" prctl PR_SET_KEEPCAPS
|
|
.TP
|
|
.BR PR_SET_KEEPCAPS " (since Linux 2.2.18)"
|
|
Set the state of the calling thread's "keep capabilities" flag.
|
|
The effect of this flag is described in
|
|
.BR capabilities (7).
|
|
.I arg2
|
|
must be either 0 (clear the flag)
|
|
or 1 (set the flag).
|
|
The "keep capabilities" value will be reset to 0 on subsequent calls to
|
|
.BR execve (2).
|
|
.\" prctl PR_GET_KEEPCAPS
|
|
.TP
|
|
.BR PR_GET_KEEPCAPS " (since Linux 2.2.18)"
|
|
Return (as the function result) the current state of the calling thread's
|
|
"keep capabilities" flag.
|
|
See
|
|
.BR capabilities (7)
|
|
for a description of this flag.
|
|
.\" prctl PR_MCE_KILL
|
|
.TP
|
|
.BR PR_MCE_KILL " (since Linux 2.6.32)"
|
|
Set the machine check memory corruption kill policy for the calling thread.
|
|
If
|
|
.I arg2
|
|
is
|
|
.BR PR_MCE_KILL_CLEAR ,
|
|
clear the thread memory corruption kill policy and use the system-wide default.
|
|
(The system-wide default is defined by
|
|
.IR /proc/sys/vm/memory_failure_early_kill ;
|
|
see
|
|
.BR proc (5).)
|
|
If
|
|
.I arg2
|
|
is
|
|
.BR PR_MCE_KILL_SET ,
|
|
use a thread-specific memory corruption kill policy.
|
|
In this case,
|
|
.I arg3
|
|
defines whether the policy is
|
|
.I early kill
|
|
.RB ( PR_MCE_KILL_EARLY ),
|
|
.I late kill
|
|
.RB ( PR_MCE_KILL_LATE ),
|
|
or the system-wide default
|
|
.RB ( PR_MCE_KILL_DEFAULT ).
|
|
Early kill means that the thread receives a
|
|
.B SIGBUS
|
|
signal as soon as hardware memory corruption is detected inside
|
|
its address space.
|
|
In late kill mode, the process is killed only when it accesses a corrupted page.
|
|
See
|
|
.BR sigaction (2)
|
|
for more information on the
|
|
.BR SIGBUS
|
|
signal.
|
|
The policy is inherited by children.
|
|
The remaining unused
|
|
.BR prctl ()
|
|
arguments must be zero for future compatibility.
|
|
.\" prctl PR_MCE_KILL_GET
|
|
.TP
|
|
.BR PR_MCE_KILL_GET " (since Linux 2.6.32)"
|
|
Return (as the function result)
|
|
the current per-process machine check kill policy.
|
|
All unused
|
|
.BR prctl ()
|
|
arguments must be zero.
|
|
.\" prctl PR_SET_MM
|
|
.TP
|
|
.BR PR_SET_MM " (since Linux 3.3)"
|
|
.\" commit 028ee4be34a09a6d48bdf30ab991ae933a7bc036
|
|
Modify certain kernel memory map descriptor fields
|
|
of the calling process.
|
|
Usually these fields are set by the kernel and dynamic loader (see
|
|
.BR ld.so (8)
|
|
for more information) and a regular application should not use this feature.
|
|
However, there are cases, such as self-modifying programs,
|
|
where a program might find it useful to change its own memory map.
|
|
.IP
|
|
The calling process must have the
|
|
.BR CAP_SYS_RESOURCE
|
|
capability.
|
|
The value in
|
|
.I arg2
|
|
is one of the options below, while
|
|
.I arg3
|
|
provides a new value for the option.
|
|
The
|
|
.I arg4
|
|
and
|
|
.I arg5
|
|
arguments must be zero if unused.
|
|
.IP
|
|
Before Linux 3.10,
|
|
.\" commit 52b3694157e3aa6df871e283115652ec6f2d31e0
|
|
this feature is available only if the kernel is built with the
|
|
.BR CONFIG_CHECKPOINT_RESTORE
|
|
option enabled.
|
|
.RS
|
|
.TP
|
|
.BR PR_SET_MM_START_CODE
|
|
Set the address above which the program text can run.
|
|
The corresponding memory area must be readable and executable,
|
|
but not writable or shareable (see
|
|
.BR mprotect (2)
|
|
and
|
|
.BR mmap (2)
|
|
for more information).
|
|
.TP
|
|
.BR PR_SET_MM_END_CODE
|
|
Set the address below which the program text can run.
|
|
The corresponding memory area must be readable and executable,
|
|
but not writable or shareable.
|
|
.TP
|
|
.BR PR_SET_MM_START_DATA
|
|
Set the address above which initialized and
|
|
uninitialized (bss) data are placed.
|
|
The corresponding memory area must be readable and writable,
|
|
but not executable or shareable.
|
|
.TP
|
|
.B PR_SET_MM_END_DATA
|
|
Set the address below which initialized and
|
|
uninitialized (bss) data are placed.
|
|
The corresponding memory area must be readable and writable,
|
|
but not executable or shareable.
|
|
.TP
|
|
.BR PR_SET_MM_START_STACK
|
|
Set the start address of the stack.
|
|
The corresponding memory area must be readable and writable.
|
|
.TP
|
|
.BR PR_SET_MM_START_BRK
|
|
Set the address above which the program heap can be expanded with
|
|
.BR brk (2)
|
|
call.
|
|
The address must be greater than the ending address of
|
|
the current program data segment.
|
|
In addition, the combined size of the resulting heap and
|
|
the size of the data segment can't exceed the
|
|
.BR RLIMIT_DATA
|
|
resource limit (see
|
|
.BR setrlimit (2)).
|
|
.TP
|
|
.BR PR_SET_MM_BRK
|
|
Set the current
|
|
.BR brk (2)
|
|
value.
|
|
The requirements for the address are the same as for the
|
|
.BR PR_SET_MM_START_BRK
|
|
option.
|
|
.PP
|
|
The following options are available since Linux 3.5.
|
|
.\" commit fe8c7f5cbf91124987106faa3bdf0c8b955c4cf7
|
|
.TP
|
|
.BR PR_SET_MM_ARG_START
|
|
Set the address above which the program command line is placed.
|
|
.TP
|
|
.BR PR_SET_MM_ARG_END
|
|
Set the address below which the program command line is placed.
|
|
.TP
|
|
.BR PR_SET_MM_ENV_START
|
|
Set the address above which the program environment is placed.
|
|
.TP
|
|
.BR PR_SET_MM_ENV_END
|
|
Set the address below which the program environment is placed.
|
|
.IP
|
|
The address passed with
|
|
.BR PR_SET_MM_ARG_START ,
|
|
.BR PR_SET_MM_ARG_END ,
|
|
.BR PR_SET_MM_ENV_START ,
|
|
and
|
|
.BR PR_SET_MM_ENV_END
|
|
should belong to a process stack area.
|
|
Thus, the corresponding memory area must be readable, writable, and
|
|
(depending on the kernel configuration) have the
|
|
.BR MAP_GROWSDOWN
|
|
attribute set (see
|
|
.BR mmap (2)).
|
|
.TP
|
|
.BR PR_SET_MM_AUXV
|
|
Set a new auxiliary vector.
|
|
The
|
|
.I arg3
|
|
argument should provide the address of the vector.
|
|
The
|
|
.I arg4
|
|
is the size of the vector.
|
|
.TP
|
|
.BR PR_SET_MM_EXE_FILE
|
|
.\" commit b32dfe377102ce668775f8b6b1461f7ad428f8b6
|
|
Supersede the
|
|
.IR /proc/pid/exe
|
|
symbolic link with a new one pointing to a new executable file
|
|
identified by the file descriptor provided in
|
|
.I arg3
|
|
argument.
|
|
The file descriptor should be obtained with a regular
|
|
.BR open (2)
|
|
call.
|
|
.IP
|
|
To change the symbolic link, one needs to unmap all existing
|
|
executable memory areas, including those created by the kernel itself
|
|
(for example the kernel usually creates at least one executable
|
|
memory area for the ELF
|
|
.IR \.text
|
|
section).
|
|
.IP
|
|
In Linux 4.9 and earlier, the
|
|
.\" commit 3fb4afd9a504c2386b8435028d43283216bf588e
|
|
.BR PR_SET_MM_EXE_FILE
|
|
operation can be performed only once in a process's lifetime;
|
|
attempting to perform the operation a second time results in the error
|
|
.BR EPERM .
|
|
This restriction was enforced for security reasons that were subsequently
|
|
deemed specious,
|
|
and the restriction was removed in Linux 4.10 because some
|
|
user-space applications needed to perform this operation more than once.
|
|
.PP
|
|
The following options are available since Linux 3.18.
|
|
.\" commit f606b77f1a9e362451aca8f81d8f36a3a112139e
|
|
.TP
|
|
.BR PR_SET_MM_MAP
|
|
Provides one-shot access to all the addresses by passing in a
|
|
.I struct prctl_mm_map
|
|
(as defined in \fI<linux/prctl.h>\fP).
|
|
The
|
|
.I arg4
|
|
argument should provide the size of the struct.
|
|
.IP
|
|
This feature is available only if the kernel is built with the
|
|
.BR CONFIG_CHECKPOINT_RESTORE
|
|
option enabled.
|
|
.TP
|
|
.BR PR_SET_MM_MAP_SIZE
|
|
Returns the size of the
|
|
.I struct prctl_mm_map
|
|
the kernel expects.
|
|
This allows user space to find a compatible struct.
|
|
The
|
|
.I arg4
|
|
argument should be a pointer to an unsigned int.
|
|
.IP
|
|
This feature is available only if the kernel is built with the
|
|
.BR CONFIG_CHECKPOINT_RESTORE
|
|
option enabled.
|
|
.RE
|
|
.\" prctl PR_MPX_ENABLE_MANAGEMENT
|
|
.TP
|
|
.BR PR_MPX_ENABLE_MANAGEMENT ", " PR_MPX_DISABLE_MANAGEMENT " (since Linux 3.19, removed in Linux 5.4; only on x86)"
|
|
.\" commit fe3d197f84319d3bce379a9c0dc17b1f48ad358c
|
|
.\" See also http://lwn.net/Articles/582712/
|
|
.\" See also https://gcc.gnu.org/wiki/Intel%20MPX%20support%20in%20the%20GCC%20compiler
|
|
Enable or disable kernel management of Memory Protection eXtensions (MPX)
|
|
bounds tables.
|
|
The
|
|
.IR arg2 ,
|
|
.IR arg3 ,
|
|
.IR arg4 ,
|
|
and
|
|
.IR arg5
|
|
.\" commit e9d1b4f3c60997fe197bf0243cb4a41a44387a88
|
|
arguments must be zero.
|
|
.IP
|
|
MPX is a hardware-assisted mechanism for performing bounds checking on
|
|
pointers.
|
|
It consists of a set of registers storing bounds information
|
|
and a set of special instruction prefixes that tell the CPU on which
|
|
instructions it should do bounds enforcement.
|
|
There is a limited number of these registers and
|
|
when there are more pointers than registers,
|
|
their contents must be "spilled" into a set of tables.
|
|
These tables are called "bounds tables" and the MPX
|
|
.BR prctl ()
|
|
operations control
|
|
whether the kernel manages their allocation and freeing.
|
|
.IP
|
|
When management is enabled, the kernel will take over allocation
|
|
and freeing of the bounds tables.
|
|
It does this by trapping the #BR exceptions that result
|
|
at first use of missing bounds tables and
|
|
instead of delivering the exception to user space,
|
|
it allocates the table and populates the bounds directory
|
|
with the location of the new table.
|
|
For freeing, the kernel checks to see if bounds tables are
|
|
present for memory which is not allocated, and frees them if so.
|
|
.IP
|
|
Before enabling MPX management using
|
|
.BR PR_MPX_ENABLE_MANAGEMENT ,
|
|
the application must first have allocated a user-space buffer for
|
|
the bounds directory and placed the location of that directory in the
|
|
.I bndcfgu
|
|
register.
|
|
.IP
|
|
These calls fail if the CPU or kernel does not support MPX.
|
|
Kernel support for MPX is enabled via the
|
|
.BR CONFIG_X86_INTEL_MPX
|
|
configuration option.
|
|
You can check whether the CPU supports MPX by looking for the
|
|
.I mpx
|
|
CPUID bit, like with the following command:
|
|
.IP
|
|
.in +4n
|
|
.EX
|
|
cat /proc/cpuinfo | grep \(aq mpx \(aq
|
|
.EE
|
|
.in
|
|
.IP
|
|
A thread may not switch in or out of long (64-bit) mode while MPX is
|
|
enabled.
|
|
.IP
|
|
All threads in a process are affected by these calls.
|
|
.IP
|
|
The child of a
|
|
.BR fork (2)
|
|
inherits the state of MPX management.
|
|
During
|
|
.BR execve (2),
|
|
MPX management is reset to a state as if
|
|
.BR PR_MPX_DISABLE_MANAGEMENT
|
|
had been called.
|
|
.IP
|
|
For further information on Intel MPX, see the kernel source file
|
|
.IR Documentation/x86/intel_mpx.txt .
|
|
.IP
|
|
.\" commit f240652b6032b48ad7fa35c5e701cc4c8d697c0b
|
|
.\" See also https://lkml.kernel.org/r/20190705175321.DB42F0AD@viggo.jf.intel.com
|
|
Due to a lack of toolchain support,
|
|
.BR PR_MPX_ENABLE_MANAGEMENT " and " PR_MPX_DISABLE_MANAGEMENT
|
|
are not supported in Linux 5.4 and later.
|
|
.\" prctl PR_SET_NAME
|
|
.TP
|
|
.BR PR_SET_NAME " (since Linux 2.6.9)"
|
|
Set the name of the calling thread,
|
|
using the value in the location pointed to by
|
|
.IR "(char\ *) arg2" .
|
|
The name can be up to 16 bytes long,
|
|
.\" TASK_COMM_LEN in include/linux/sched.h
|
|
including the terminating null byte.
|
|
(If the length of the string, including the terminating null byte,
|
|
exceeds 16 bytes, the string is silently truncated.)
|
|
This is the same attribute that can be set via
|
|
.BR pthread_setname_np (3)
|
|
and retrieved using
|
|
.BR pthread_getname_np (3).
|
|
The attribute is likewise accessible via
|
|
.IR /proc/self/task/[tid]/comm
|
|
(see
|
|
.BR proc (5)),
|
|
where
|
|
.I [tid]
|
|
is the thread ID of the calling thread, as returned by
|
|
.BR gettid (2).
|
|
.\" prctl PR_GET_NAME
|
|
.TP
|
|
.BR PR_GET_NAME " (since Linux 2.6.11)"
|
|
Return the name of the calling thread,
|
|
in the buffer pointed to by
|
|
.IR "(char\ *) arg2" .
|
|
The buffer should allow space for up to 16 bytes;
|
|
the returned string will be null-terminated.
|
|
.\" prctl PR_SET_NO_NEW_PRIVS
|
|
.TP
|
|
.BR PR_SET_NO_NEW_PRIVS " (since Linux 3.5)"
|
|
Set the calling thread's
|
|
.I no_new_privs
|
|
attribute to the value in
|
|
.IR arg2 .
|
|
With
|
|
.I no_new_privs
|
|
set to 1,
|
|
.BR execve (2)
|
|
promises not to grant privileges to do anything
|
|
that could not have been done without the
|
|
.BR execve (2)
|
|
call (for example,
|
|
rendering the set-user-ID and set-group-ID mode bits,
|
|
and file capabilities non-functional).
|
|
Once set, the
|
|
.I no_new_privs
|
|
attribute cannot be unset.
|
|
The setting of this attribute is inherited by children created by
|
|
.BR fork (2)
|
|
and
|
|
.BR clone (2),
|
|
and preserved across
|
|
.BR execve (2).
|
|
.IP
|
|
Since Linux 4.10,
|
|
the value of a thread's
|
|
.I no_new_privs
|
|
attribute can be viewed via the
|
|
.I NoNewPrivs
|
|
field in the
|
|
.IR /proc/[pid]/status
|
|
file.
|
|
.IP
|
|
For more information, see the kernel source file
|
|
.IR Documentation/userspace\-api/no_new_privs.rst
|
|
.\" commit 40fde647ccb0ae8c11d256d271e24d385eed595b
|
|
(or
|
|
.IR Documentation/prctl/no_new_privs.txt
|
|
before Linux 4.13).
|
|
See also
|
|
.BR seccomp (2).
|
|
.\" prctl PR_GET_NO_NEW_PRIVS
|
|
.TP
|
|
.BR PR_GET_NO_NEW_PRIVS " (since Linux 3.5)"
|
|
Return (as the function result) the value of the
|
|
.I no_new_privs
|
|
attribute for the calling thread.
|
|
A value of 0 indicates the regular
|
|
.BR execve (2)
|
|
behavior.
|
|
A value of 1 indicates
|
|
.BR execve (2)
|
|
will operate in the privilege-restricting mode described above.
|
|
.\" prctl PR_PAC_RESET_KEYS
|
|
.\" commit ba830885656414101b2f8ca88786524d4bb5e8c1
|
|
.TP
|
|
.BR PR_PAC_RESET_KEYS " (since Linux 5.0, only on arm64)"
|
|
Securely reset the thread's pointer authentication keys
|
|
to fresh random values generated by the kernel.
|
|
.IP
|
|
The set of keys to be reset is specified by
|
|
.IR arg2 ,
|
|
which must be a logical OR of zero or more of the following:
|
|
.RS
|
|
.TP
|
|
.B PR_PAC_APIAKEY
|
|
instruction authentication key A
|
|
.TP
|
|
.B PR_PAC_APIBKEY
|
|
instruction authentication key B
|
|
.TP
|
|
.B PR_PAC_APDAKEY
|
|
data authentication key A
|
|
.TP
|
|
.B PR_PAC_APDBKEY
|
|
data authentication key B
|
|
.TP
|
|
.B PR_PAC_APGAKEY
|
|
generic authentication \(lqA\(rq key.
|
|
.IP
|
|
(Yes folks, there really is no generic B key.)
|
|
.RE
|
|
.IP
|
|
As a special case, if
|
|
.I arg2
|
|
is zero, then all the keys are reset.
|
|
Since new keys could be added in future,
|
|
this is the recommended way to completely wipe the existing keys
|
|
when establishing a clean execution context.
|
|
Note that there is no need to use
|
|
.BR PR_PAC_RESET_KEYS
|
|
in preparation for calling
|
|
.BR execve (2),
|
|
since
|
|
.BR execve (2)
|
|
resets all the pointer authentication keys.
|
|
.IP
|
|
The remaining arguments
|
|
.IR arg3 ", " arg4 ", and " arg5
|
|
must all be zero.
|
|
.IP
|
|
If the arguments are invalid,
|
|
and in particular if
|
|
.I arg2
|
|
contains set bits that are unrecognized
|
|
or that correspond to a key not available on this platform,
|
|
then the call fails with error
|
|
.BR EINVAL .
|
|
.IP
|
|
.B Warning:
|
|
Because the compiler or run-time environment
|
|
may be using some or all of the keys,
|
|
a successful
|
|
.B PR_PAC_RESET_KEYS
|
|
may crash the calling process.
|
|
The conditions for using it safely are complex and system-dependent.
|
|
Don't use it unless you know what you are doing.
|
|
.IP
|
|
For more information, see the kernel source file
|
|
.I Documentation/arm64/pointer\-authentication.rst
|
|
.\"commit b693d0b372afb39432e1c49ad7b3454855bc6bed
|
|
(or
|
|
.I Documentation/arm64/pointer\-authentication.txt
|
|
before Linux 5.3).
|
|
.\" prctl PR_SET_PDEATHSIG
|
|
.TP
|
|
.BR PR_SET_PDEATHSIG " (since Linux 2.1.57)"
|
|
Set the parent-death signal
|
|
of the calling process to \fIarg2\fP (either a signal value
|
|
in the range 1..\c
|
|
.BR NSIG "\-1" ,
|
|
or 0 to clear).
|
|
This is the signal that the calling process will get when its
|
|
parent dies.
|
|
.IP
|
|
.IR Warning :
|
|
.\" https://bugzilla.kernel.org/show_bug.cgi?id=43300
|
|
the "parent" in this case is considered to be the
|
|
.I thread
|
|
that created this process.
|
|
In other words, the signal will be sent when that thread terminates
|
|
(via, for example,
|
|
.BR pthread_exit (3)),
|
|
rather than after all of the threads in the parent process terminate.
|
|
.IP
|
|
The parent-death signal is sent upon subsequent termination of the parent
|
|
thread and also upon termination of each subreaper process
|
|
(see the description of
|
|
.B PR_SET_CHILD_SUBREAPER
|
|
above) to which the caller is subsequently reparented.
|
|
If the parent thread and all ancestor subreapers have already terminated
|
|
by the time of the
|
|
.BR PR_SET_PDEATHSIG
|
|
operation, then no parent-death signal is sent to the caller.
|
|
.IP
|
|
The parent-death signal is process-directed (see
|
|
.BR signal (7))
|
|
and, if the child installs a handler using the
|
|
.BR sigaction (2)
|
|
.B SA_SIGINFO
|
|
flag, the
|
|
.I si_pid
|
|
field of the
|
|
.I siginfo_t
|
|
argument of the handler contains the PID of the terminating parent process.
|
|
.IP
|
|
The parent-death signal setting is cleared for the child of a
|
|
.BR fork (2).
|
|
It is also
|
|
(since Linux 2.4.36 / 2.6.23)
|
|
.\" commit d2d56c5f51028cb9f3d800882eb6f4cbd3f9099f
|
|
cleared when executing a set-user-ID or set-group-ID binary,
|
|
or a binary that has associated capabilities (see
|
|
.BR capabilities (7));
|
|
otherwise, this value is preserved across
|
|
.BR execve (2).
|
|
The parent-death signal setting is also cleared upon changes to
|
|
any of the following thread credentials:
|
|
.\" FIXME capability changes can also trigger this; see
|
|
.\" kernel/cred.c::commit_creds in the Linux 5.6 source.
|
|
effective user ID, effective group ID, filesystem user ID,
|
|
or filesystem group ID.
|
|
.\" prctl PR_GET_PDEATHSIG
|
|
.TP
|
|
.BR PR_GET_PDEATHSIG " (since Linux 2.3.15)"
|
|
Return the current value of the parent process death signal,
|
|
in the location pointed to by
|
|
.IR "(int\ *) arg2" .
|
|
.\" prctl PR_SET_PTRACER
|
|
.TP
|
|
.BR PR_SET_PTRACER " (since Linux 3.4)"
|
|
.\" commit 2d514487faf188938a4ee4fb3464eeecfbdcf8eb
|
|
.\" commit bf06189e4d14641c0148bea16e9dd24943862215
|
|
This is meaningful only when the Yama LSM is enabled and in mode 1
|
|
("restricted ptrace", visible via
|
|
.IR /proc/sys/kernel/yama/ptrace_scope ).
|
|
When a "ptracer process ID" is passed in \fIarg2\fP,
|
|
the caller is declaring that the ptracer process can
|
|
.BR ptrace (2)
|
|
the calling process as if it were a direct process ancestor.
|
|
Each
|
|
.B PR_SET_PTRACER
|
|
operation replaces the previous "ptracer process ID".
|
|
Employing
|
|
.B PR_SET_PTRACER
|
|
with
|
|
.I arg2
|
|
set to 0 clears the caller's "ptracer process ID".
|
|
If
|
|
.I arg2
|
|
is
|
|
.BR PR_SET_PTRACER_ANY ,
|
|
the ptrace restrictions introduced by Yama are effectively disabled for the
|
|
calling process.
|
|
.IP
|
|
For further information, see the kernel source file
|
|
.IR Documentation/admin\-guide/LSM/Yama.rst
|
|
.\" commit 90bb766440f2147486a2acc3e793d7b8348b0c22
|
|
(or
|
|
.IR Documentation/security/Yama.txt
|
|
before Linux 4.13).
|
|
.\" prctl PR_SET_SECCOMP
|
|
.TP
|
|
.BR PR_SET_SECCOMP " (since Linux 2.6.23)"
|
|
.\" See http://thread.gmane.org/gmane.linux.kernel/542632
|
|
.\" [PATCH 0 of 2] seccomp updates
|
|
.\" andrea@cpushare.com
|
|
Set the secure computing (seccomp) mode for the calling thread, to limit
|
|
the available system calls.
|
|
The more recent
|
|
.BR seccomp (2)
|
|
system call provides a superset of the functionality of
|
|
.BR PR_SET_SECCOMP .
|
|
.IP
|
|
The seccomp mode is selected via
|
|
.IR arg2 .
|
|
(The seccomp constants are defined in
|
|
.IR <linux/seccomp.h> .)
|
|
.IP
|
|
With
|
|
.IR arg2
|
|
set to
|
|
.BR SECCOMP_MODE_STRICT ,
|
|
the only system calls that the thread is permitted to make are
|
|
.BR read (2),
|
|
.BR write (2),
|
|
.BR _exit (2)
|
|
(but not
|
|
.BR exit_group (2)),
|
|
and
|
|
.BR sigreturn (2).
|
|
Other system calls result in the delivery of a
|
|
.BR SIGKILL
|
|
signal.
|
|
Strict secure computing mode is useful for number-crunching applications
|
|
that may need to execute untrusted byte code,
|
|
perhaps obtained by reading from a pipe or socket.
|
|
This operation is available only
|
|
if the kernel is configured with
|
|
.B CONFIG_SECCOMP
|
|
enabled.
|
|
.IP
|
|
With
|
|
.IR arg2
|
|
set to
|
|
.BR SECCOMP_MODE_FILTER " (since Linux 3.5),"
|
|
the system calls allowed are defined by a pointer
|
|
to a Berkeley Packet Filter passed in
|
|
.IR arg3 .
|
|
This argument is a pointer to
|
|
.IR "struct sock_fprog" ;
|
|
it can be designed to filter
|
|
arbitrary system calls and system call arguments.
|
|
This mode is available only if the kernel is configured with
|
|
.B CONFIG_SECCOMP_FILTER
|
|
enabled.
|
|
.IP
|
|
If
|
|
.BR SECCOMP_MODE_FILTER
|
|
filters permit
|
|
.BR fork (2),
|
|
then the seccomp mode is inherited by children created by
|
|
.BR fork (2);
|
|
if
|
|
.BR execve (2)
|
|
is permitted, then the seccomp mode is preserved across
|
|
.BR execve (2).
|
|
If the filters permit
|
|
.BR prctl ()
|
|
calls, then additional filters can be added;
|
|
they are run in order until the first non-allow result is seen.
|
|
.IP
|
|
For further information, see the kernel source file
|
|
.IR Documentation/userspace\-api/seccomp_filter.rst
|
|
.\" commit c061f33f35be0ccc80f4b8e0aea5dfd2ed7e01a3
|
|
(or
|
|
.IR Documentation/prctl/seccomp_filter.txt
|
|
before Linux 4.13).
|
|
.\" prctl PR_GET_SECCOMP
|
|
.TP
|
|
.BR PR_GET_SECCOMP " (since Linux 2.6.23)"
|
|
Return (as the function result)
|
|
the secure computing mode of the calling thread.
|
|
If the caller is not in secure computing mode, this operation returns 0;
|
|
if the caller is in strict secure computing mode, then the
|
|
.BR prctl ()
|
|
call will cause a
|
|
.B SIGKILL
|
|
signal to be sent to the process.
|
|
If the caller is in filter mode, and this system call is allowed by the
|
|
seccomp filters, it returns 2; otherwise, the process is killed with a
|
|
.BR SIGKILL
|
|
signal.
|
|
This operation is available only
|
|
if the kernel is configured with
|
|
.B CONFIG_SECCOMP
|
|
enabled.
|
|
.IP
|
|
Since Linux 3.8, the
|
|
.IR Seccomp
|
|
field of the
|
|
.IR /proc/[pid]/status
|
|
file provides a method of obtaining the same information,
|
|
without the risk that the process is killed; see
|
|
.BR proc (5).
|
|
.\" prctl PR_SET_SECUREBITS
|
|
.TP
|
|
.BR PR_SET_SECUREBITS " (since Linux 2.6.26)"
|
|
Set the "securebits" flags of the calling thread to the value supplied in
|
|
.IR arg2 .
|
|
See
|
|
.BR capabilities (7).
|
|
.\" prctl PR_GET_SECUREBITS
|
|
.TP
|
|
.BR PR_GET_SECUREBITS " (since Linux 2.6.26)"
|
|
Return (as the function result)
|
|
the "securebits" flags of the calling thread.
|
|
See
|
|
.BR capabilities (7).
|
|
.\" prctl PR_GET_SPECULATION_CTRL
|
|
.TP
|
|
.BR PR_GET_SPECULATION_CTRL " (since Linux 4.17)"
|
|
Return (as the function result)
|
|
the state of the speculation misfeature specified in
|
|
.IR arg2 .
|
|
Currently, the only permitted value for this argument is
|
|
.BR PR_SPEC_STORE_BYPASS
|
|
(otherwise the call fails with the error
|
|
.BR ENODEV ).
|
|
.IP
|
|
The return value uses bits 0-3 with the following meaning:
|
|
.RS
|
|
.TP
|
|
.BR PR_SPEC_PRCTL
|
|
Mitigation can be controlled per thread by
|
|
.BR PR_SET_SPECULATION_CTRL .
|
|
.TP
|
|
.BR PR_SPEC_ENABLE
|
|
The speculation feature is enabled, mitigation is disabled.
|
|
.TP
|
|
.BR PR_SPEC_DISABLE
|
|
The speculation feature is disabled, mitigation is enabled.
|
|
.TP
|
|
.BR PR_SPEC_FORCE_DISABLE
|
|
Same as
|
|
.B PR_SPEC_DISABLE
|
|
but cannot be undone.
|
|
.TP
|
|
.BR PR_SPEC_DISABLE_NOEXEC " (since Linux 5.1)"
|
|
Same as
|
|
.BR PR_SPEC_DISABLE ,
|
|
but the state will be cleared on
|
|
.BR execve (2).
|
|
.RE
|
|
.IP
|
|
If all bits are 0,
|
|
then the CPU is not affected by the speculation misfeature.
|
|
.IP
|
|
If
|
|
.B PR_SPEC_PRCTL
|
|
is set, then per-thread control of the mitigation is available.
|
|
If not set,
|
|
.BR prctl ()
|
|
for the speculation misfeature will fail.
|
|
.IP
|
|
The
|
|
.IR arg3 ,
|
|
.IR arg4 ,
|
|
and
|
|
.I arg5
|
|
arguments must be specified as 0; otherwise the call fails with the error
|
|
.BR EINVAL .
|
|
.\" prctl PR_SET_SPECULATION_CTRL
|
|
.TP
|
|
.BR PR_SET_SPECULATION_CTRL " (since Linux 4.17)"
|
|
.\" commit b617cfc858161140d69cc0b5cc211996b557a1c7
|
|
.\" commit 356e4bfff2c5489e016fdb925adbf12a1e3950ee
|
|
Sets the state of the speculation misfeature specified in
|
|
.IR arg2 .
|
|
The speculation-misfeature settings are per-thread attributes.
|
|
.IP
|
|
Currently,
|
|
.I arg2
|
|
must be one of:
|
|
.RS
|
|
.TP
|
|
.B PR_SPEC_STORE_BYPASS
|
|
Set the state of the speculative store bypass misfeature.
|
|
.\" commit 9137bb27e60e554dab694eafa4cca241fa3a694f
|
|
.TP
|
|
.BR PR_SPEC_INDIRECT_BRANCH " (since Linux 4.20)"
|
|
Set the state of the indirect branch speculation misfeature.
|
|
.RE
|
|
.IP
|
|
If
|
|
.I arg2
|
|
does not have one of the above values,
|
|
then the call fails with the error
|
|
.BR ENODEV .
|
|
.IP
|
|
The
|
|
.IR arg3
|
|
argument is used to hand in the control value,
|
|
which is one of the following:
|
|
.RS
|
|
.TP
|
|
.BR PR_SPEC_ENABLE
|
|
The speculation feature is enabled, mitigation is disabled.
|
|
.TP
|
|
.BR PR_SPEC_DISABLE
|
|
The speculation feature is disabled, mitigation is enabled.
|
|
.TP
|
|
.BR PR_SPEC_FORCE_DISABLE
|
|
Same as
|
|
.BR PR_SPEC_DISABLE ,
|
|
but cannot be undone.
|
|
A subsequent
|
|
.BR prctl (\c
|
|
.IR arg2 ,
|
|
.BR PR_SPEC_ENABLE )
|
|
with the same value for
|
|
.I arg2
|
|
will fail with the error
|
|
.BR EPERM .
|
|
.\" commit 71368af9027f18fe5d1c6f372cfdff7e4bde8b48
|
|
.TP
|
|
.BR PR_SPEC_DISABLE_NOEXEC " (since Linux 5.1)"
|
|
Same as
|
|
.BR PR_SPEC_DISABLE ,
|
|
but the state will be cleared on
|
|
.BR execve (2).
|
|
Currently only supported for
|
|
.I arg2
|
|
equal to
|
|
.B PR_SPEC_STORE_BYPASS.
|
|
.RE
|
|
.IP
|
|
Any unsupported value in
|
|
.IR arg3
|
|
will result in the call failing with the error
|
|
.BR ERANGE .
|
|
.IP
|
|
The
|
|
.I arg4
|
|
and
|
|
.I arg5
|
|
arguments must be specified as 0; otherwise the call fails with the error
|
|
.BR EINVAL .
|
|
.IP
|
|
The speculation feature can also be controlled by the
|
|
.B spec_store_bypass_disable
|
|
boot parameter.
|
|
This parameter may enforce a read-only policy which will result in the
|
|
.BR prctl ()
|
|
call failing with the error
|
|
.BR ENXIO .
|
|
For further details, see the kernel source file
|
|
.IR Documentation/admin\-guide/kernel\-parameters.txt .
|
|
.\" prctl PR_SVE_SET_VL
|
|
.\" commit 2d2123bc7c7f843aa9db87720de159a049839862
|
|
.\" linux-5.6/Documentation/arm64/sve.rst
|
|
.TP
|
|
.BR PR_SVE_SET_VL " (since Linux 4.15, only on arm64)"
|
|
Configure the thread's SVE vector length,
|
|
as specified by
|
|
.IR "(int) arg2" .
|
|
Arguments
|
|
.IR arg3 ", " arg4 ", and " arg5
|
|
are ignored.
|
|
.IP
|
|
The bits of
|
|
.I arg2
|
|
corresponding to
|
|
.B PR_SVE_VL_LEN_MASK
|
|
must be set to the desired vector length in bytes.
|
|
This is interpreted as an upper bound:
|
|
the kernel will select the greatest available vector length
|
|
that does not exceed the value specified.
|
|
In particular, specifying
|
|
.B SVE_VL_MAX
|
|
(defined in
|
|
.I <asm/sigcontext.h>)
|
|
for the
|
|
.B PR_SVE_VL_LEN_MASK
|
|
bits requests the maximum supported vector length.
|
|
.IP
|
|
In addition, the other bits of
|
|
.I arg2
|
|
must be set to one of the following combinations of flags:
|
|
.RS
|
|
.TP
|
|
.B 0
|
|
Perform the change immediately.
|
|
At the next
|
|
.BR execve (2)
|
|
in the thread,
|
|
the vector length will be reset to the value configured in
|
|
.IR /proc/sys/abi/sve_default_vector_length .
|
|
.TP
|
|
.B PR_SVE_VL_INHERIT
|
|
Perform the change immediately.
|
|
Subsequent
|
|
.BR execve (2)
|
|
calls will preserve the new vector length.
|
|
.TP
|
|
.B PR_SVE_SET_VL_ONEXEC
|
|
Defer the change, so that it is performed at the next
|
|
.BR execve (2)
|
|
in the thread.
|
|
Further
|
|
.BR execve (2)
|
|
calls will reset the vector length to the value configured in
|
|
.IR /proc/sys/abi/sve_default_vector_length .
|
|
.TP
|
|
.B "PR_SVE_SET_VL_ONEXEC | PR_SVE_VL_INHERIT"
|
|
Defer the change, so that it is performed at the next
|
|
.BR execve (2)
|
|
in the thread.
|
|
Further
|
|
.BR execve (2)
|
|
calls will preserve the new vector length.
|
|
.RE
|
|
.IP
|
|
In all cases,
|
|
any previously pending deferred change is canceled.
|
|
.IP
|
|
The call fails with error
|
|
.B EINVAL
|
|
if SVE is not supported on the platform, if
|
|
.I arg2
|
|
is unrecognized or invalid, or the value in the bits of
|
|
.I arg2
|
|
corresponding to
|
|
.B PR_SVE_VL_LEN_MASK
|
|
is outside the range
|
|
.BR SVE_VL_MIN .. SVE_VL_MAX
|
|
or is not a multiple of 16.
|
|
.IP
|
|
On success,
|
|
a nonnegative value is returned that describes the
|
|
.I selected
|
|
configuration.
|
|
If
|
|
.B PR_SVE_SET_VL_ONEXEC
|
|
was included in
|
|
.IR arg2 ,
|
|
then the configuration described by the return value
|
|
will take effect at the next
|
|
.BR execve (2).
|
|
Otherwise, the configuration is already in effect when the
|
|
.B PR_SVE_SET_VL
|
|
call returns.
|
|
In either case, the value is encoded in the same way as the return value of
|
|
.BR PR_SVE_GET_VL .
|
|
Note that there is no explicit flag in the return value
|
|
corresponding to
|
|
.BR PR_SVE_SET_VL_ONEXEC .
|
|
.IP
|
|
The configuration (including any pending deferred change)
|
|
is inherited across
|
|
.BR fork (2)
|
|
and
|
|
.BR clone (2).
|
|
.IP
|
|
For more information, see the kernel source file
|
|
.I Documentation/arm64/sve.rst
|
|
.\"commit b693d0b372afb39432e1c49ad7b3454855bc6bed
|
|
(or
|
|
.I Documentation/arm64/sve.txt
|
|
before Linux 5.3).
|
|
.IP
|
|
.B Warning:
|
|
Because the compiler or run-time environment
|
|
may be using SVE, using this call without the
|
|
.B PR_SVE_SET_VL_ONEXEC
|
|
flag may crash the calling process.
|
|
The conditions for using it safely are complex and system-dependent.
|
|
Don't use it unless you really know what you are doing.
|
|
.\" prctl PR_SVE_GET_VL
|
|
.TP
|
|
.BR PR_SVE_GET_VL " (since Linux 4.15, only on arm64)"
|
|
Get the thread's current SVE vector length configuration.
|
|
.IP
|
|
Arguments
|
|
.IR arg2 ", " arg3 ", " arg4 ", and " arg5
|
|
are ignored.
|
|
.IP
|
|
Provided that the kernel and platform support SVE,
|
|
this operation always succeeds,
|
|
returning a nonnegative value that describes the
|
|
.I current
|
|
configuration.
|
|
The bits corresponding to
|
|
.B PR_SVE_VL_LEN_MASK
|
|
contain the currently configured vector length in bytes.
|
|
The bit corresponding to
|
|
.B PR_SVE_VL_INHERIT
|
|
indicates whether the vector length will be inherited
|
|
across
|
|
.BR execve (2).
|
|
.IP
|
|
Note that there is no way to determine whether there is
|
|
a pending vector length change that has not yet taken effect.
|
|
.IP
|
|
For more information, see the kernel source file
|
|
.I Documentation/arm64/sve.rst
|
|
.\"commit b693d0b372afb39432e1c49ad7b3454855bc6bed
|
|
(or
|
|
.I Documentation/arm64/sve.txt
|
|
before Linux 5.3).
|
|
.TP
|
|
.\" prctl PR_SET_SYSCALL_USER_DISPATCH
|
|
.\" commit 1446e1df9eb183fdf81c3f0715402f1d7595d4
|
|
.BR PR_SET_SYSCALL_USER_DISPATCH " (since Linux 5.11, x86 only)"
|
|
Configure the Syscall User Dispatch mechanism
|
|
for the calling thread.
|
|
This mechanism allows an application
|
|
to selectively intercept system calls
|
|
so that they can be handled within the application itself.
|
|
Interception takes the form of a thread-directed
|
|
.B SIGSYS
|
|
signal that is delivered to the thread
|
|
when it makes a system call.
|
|
If intercepted,
|
|
the system call is not executed by the kernel.
|
|
.IP
|
|
To enable this mechanism,
|
|
.I arg2
|
|
should be set to
|
|
.BR PR_SYS_DISPATCH_ON .
|
|
Once enabled, further system calls will be selectively intercepted,
|
|
depending on a control variable provided by user space.
|
|
In this case,
|
|
.I arg3
|
|
and
|
|
.I arg4
|
|
respectively identify the
|
|
.I offset
|
|
and
|
|
.I length
|
|
of a single contiguous memory region in the process address space
|
|
from where system calls are always allowed to be executed,
|
|
regardless of the control variable.
|
|
(Typically, this area would include the area of memory
|
|
containing the C library.)
|
|
.IP
|
|
.I arg5
|
|
points to a char-sized variable
|
|
that is a fast switch to allow/block system call execution
|
|
without the overhead of doing another system call
|
|
to re-configure Syscall User Dispatch.
|
|
This control variable can either be set to
|
|
.B SYSCALL_DISPATCH_FILTER_BLOCK
|
|
to block system calls from executing
|
|
or to
|
|
.B SYSCALL_DISPATCH_FILTER_ALLOW
|
|
to temporarily allow them to be executed.
|
|
This value is checked by the kernel
|
|
on every system call entry,
|
|
and any unexpected value will raise
|
|
an uncatchable
|
|
.B SIGSYS
|
|
at that time,
|
|
killing the application.
|
|
.IP
|
|
When a system call is intercepted,
|
|
the kernel sends a thread-directed
|
|
.B SIGSYS
|
|
signal to the triggering thread.
|
|
Various fields will be set in the
|
|
.I siginfo_t
|
|
structure (see
|
|
.BR sigaction (2))
|
|
associated with the signal:
|
|
.RS
|
|
.IP * 3
|
|
.I si_signo
|
|
will contain
|
|
.BR SIGSYS .
|
|
.IP *
|
|
.IR si_call_addr
|
|
will show the address of the system call instruction.
|
|
.IP *
|
|
.IR si_syscall
|
|
and
|
|
.IR si_arch
|
|
will indicate which system call was attempted.
|
|
.IP *
|
|
.I si_code
|
|
will contain
|
|
.BR SYS_USER_DISPATCH .
|
|
.IP *
|
|
.I si_errno
|
|
will be set to 0.
|
|
.RE
|
|
.IP
|
|
The program counter will be as though the system call happened
|
|
(i.e., the program counter will not point to the system call instruction).
|
|
.IP
|
|
When the signal handler returns to the kernel,
|
|
the system call completes immediately
|
|
and returns to the calling thread,
|
|
without actually being executed.
|
|
If necessary
|
|
(i.e., when emulating the system call on user space.),
|
|
the signal handler should set the system call return value
|
|
to a sane value,
|
|
by modifying the register context stored in the
|
|
.I ucontext
|
|
argument of the signal handler.
|
|
See
|
|
.BR sigaction (2),
|
|
.BR sigreturn (2),
|
|
and
|
|
.BR getcontext (3)
|
|
for more information.
|
|
.IP
|
|
If
|
|
.I arg2
|
|
is set to
|
|
.BR PR_SYS_DISPATCH_OFF ,
|
|
Syscall User Dispatch is disabled for that thread.
|
|
the remaining arguments must be set to 0.
|
|
.IP
|
|
The setting is not preserved across
|
|
.BR fork (2),
|
|
.BR clone (2),
|
|
or
|
|
.BR execve (2).
|
|
.IP
|
|
For more information,
|
|
see the kernel source file
|
|
.IR Documentation/admin-guide/syscall-user-dispatch.rst
|
|
.\" prctl PR_SET_TAGGED_ADDR_CTRL
|
|
.\" commit 63f0c60379650d82250f22e4cf4137ef3dc4f43d
|
|
.TP
|
|
.BR PR_SET_TAGGED_ADDR_CTRL " (since Linux 5.4, only on arm64)"
|
|
Controls support for passing tagged user-space addresses to the kernel
|
|
(i.e., addresses where bits 56\(em63 are not all zero).
|
|
.IP
|
|
The level of support is selected by
|
|
.IR "arg2" ,
|
|
which can be one of the following:
|
|
.RS
|
|
.TP
|
|
.B 0
|
|
Addresses that are passed
|
|
for the purpose of being dereferenced by the kernel
|
|
must be untagged.
|
|
.TP
|
|
.B PR_TAGGED_ADDR_ENABLE
|
|
Addresses that are passed
|
|
for the purpose of being dereferenced by the kernel
|
|
may be tagged, with the exceptions summarized below.
|
|
.RE
|
|
.IP
|
|
The remaining arguments
|
|
.IR arg3 ", " arg4 ", and " arg5
|
|
must all be zero.
|
|
.\" Enforcement added in
|
|
.\" commit 3e91ec89f527b9870fe42dcbdb74fd389d123a95
|
|
.IP
|
|
On success, the mode specified in
|
|
.I arg2
|
|
is set for the calling thread and the return value is 0.
|
|
If the arguments are invalid,
|
|
the mode specified in
|
|
.I arg2
|
|
is unrecognized,
|
|
or if this feature is unsupported by the kernel
|
|
or disabled via
|
|
.IR /proc/sys/abi/tagged_addr_disabled ,
|
|
the call fails with the error
|
|
.BR EINVAL .
|
|
.IP
|
|
In particular, if
|
|
.BR prctl ( PR_SET_TAGGED_ADDR_CTRL ,
|
|
0, 0, 0, 0)
|
|
fails with
|
|
.BR EINVAL ,
|
|
then all addresses passed to the kernel must be untagged.
|
|
.IP
|
|
Irrespective of which mode is set,
|
|
addresses passed to certain interfaces
|
|
must always be untagged:
|
|
.RS
|
|
.IP \(bu 2
|
|
.BR brk (2),
|
|
.BR mmap (2),
|
|
.BR shmat (2),
|
|
.BR shmdt (2),
|
|
and the
|
|
.I new_address
|
|
argument of
|
|
.BR mremap (2).
|
|
.IP
|
|
(Prior to Linux 5.6 these accepted tagged addresses,
|
|
but the behaviour may not be what you expect.
|
|
Don't rely on it.)
|
|
.IP \(bu
|
|
\(oqpolymorphic\(cq interfaces
|
|
that accept pointers to arbitrary types cast to a
|
|
.I void *
|
|
or other generic type, specifically
|
|
.BR prctl (),
|
|
.BR ioctl (2),
|
|
and in general
|
|
.BR setsockopt (2)
|
|
(only certain specific
|
|
.BR setsockopt (2)
|
|
options allow tagged addresses).
|
|
.RE
|
|
.IP
|
|
This list of exclusions may shrink
|
|
when moving from one kernel version to a later kernel version.
|
|
While the kernel may make some guarantees
|
|
for backwards compatibility reasons,
|
|
for the purposes of new software
|
|
the effect of passing tagged addresses to these interfaces
|
|
is unspecified.
|
|
.IP
|
|
The mode set by this call is inherited across
|
|
.BR fork (2)
|
|
and
|
|
.BR clone (2).
|
|
The mode is reset by
|
|
.BR execve (2)
|
|
to 0
|
|
(i.e., tagged addresses not permitted in the user/kernel ABI).
|
|
.IP
|
|
For more information, see the kernel source file
|
|
.IR Documentation/arm64/tagged\-address\-abi.rst .
|
|
.IP
|
|
.B Warning:
|
|
This call is primarily intended for use by the run-time environment.
|
|
A successful
|
|
.B PR_SET_TAGGED_ADDR_CTRL
|
|
call elsewhere may crash the calling process.
|
|
The conditions for using it safely are complex and system-dependent.
|
|
Don't use it unless you know what you are doing.
|
|
.\" prctl PR_GET_TAGGED_ADDR_CTRL
|
|
.\" commit 63f0c60379650d82250f22e4cf4137ef3dc4f43d
|
|
.TP
|
|
.BR PR_GET_TAGGED_ADDR_CTRL " (since Linux 5.4, only on arm64)"
|
|
Returns the current tagged address mode
|
|
for the calling thread.
|
|
.IP
|
|
Arguments
|
|
.IR arg2 ", " arg3 ", " arg4 ", and " arg5
|
|
must all be zero.
|
|
.IP
|
|
If the arguments are invalid
|
|
or this feature is disabled or unsupported by the kernel,
|
|
the call fails with
|
|
.BR EINVAL .
|
|
In particular, if
|
|
.BR prctl ( PR_GET_TAGGED_ADDR_CTRL ,
|
|
0, 0, 0, 0)
|
|
fails with
|
|
.BR EINVAL ,
|
|
then this feature is definitely either unsupported,
|
|
or disabled via
|
|
.IR /proc/sys/abi/tagged_addr_disabled .
|
|
In this case,
|
|
all addresses passed to the kernel must be untagged.
|
|
.IP
|
|
Otherwise, the call returns a nonnegative value
|
|
describing the current tagged address mode,
|
|
encoded in the same way as the
|
|
.I arg2
|
|
argument of
|
|
.BR PR_SET_TAGGED_ADDR_CTRL .
|
|
.IP
|
|
For more information, see the kernel source file
|
|
.IR Documentation/arm64/tagged\-address\-abi.rst .
|
|
.\"
|
|
.\" prctl PR_TASK_PERF_EVENTS_DISABLE
|
|
.TP
|
|
.BR PR_TASK_PERF_EVENTS_DISABLE " (since Linux 2.6.31)"
|
|
Disable all performance counters attached to the calling process,
|
|
regardless of whether the counters were created by
|
|
this process or another process.
|
|
Performance counters created by the calling process for other
|
|
processes are unaffected.
|
|
For more information on performance counters, see the Linux kernel source file
|
|
.IR tools/perf/design.txt .
|
|
.IP
|
|
Originally called
|
|
.BR PR_TASK_PERF_COUNTERS_DISABLE ;
|
|
.\" commit 1d1c7ddbfab358445a542715551301b7fc363e28
|
|
renamed (retaining the same numerical value)
|
|
in Linux 2.6.32.
|
|
.\"
|
|
.\" prctl PR_TASK_PERF_EVENTS_ENABLE
|
|
.TP
|
|
.BR PR_TASK_PERF_EVENTS_ENABLE " (since Linux 2.6.31)"
|
|
The converse of
|
|
.BR PR_TASK_PERF_EVENTS_DISABLE ;
|
|
enable performance counters attached to the calling process.
|
|
.IP
|
|
Originally called
|
|
.BR PR_TASK_PERF_COUNTERS_ENABLE ;
|
|
.\" commit 1d1c7ddbfab358445a542715551301b7fc363e28
|
|
renamed
|
|
.\" commit cdd6c482c9ff9c55475ee7392ec8f672eddb7be6
|
|
in Linux 2.6.32.
|
|
.\"
|
|
.\" prctl PR_SET_THP_DISABLE
|
|
.TP
|
|
.BR PR_SET_THP_DISABLE " (since Linux 3.15)"
|
|
.\" commit a0715cc22601e8830ace98366c0c2bd8da52af52
|
|
Set the state of the "THP disable" flag for the calling thread.
|
|
If
|
|
.I arg2
|
|
has a nonzero value, the flag is set, otherwise it is cleared.
|
|
Setting this flag provides a method
|
|
for disabling transparent huge pages
|
|
for jobs where the code cannot be modified, and using a malloc hook with
|
|
.BR madvise (2)
|
|
is not an option (i.e., statically allocated data).
|
|
The setting of the "THP disable" flag is inherited by a child created via
|
|
.BR fork (2)
|
|
and is preserved across
|
|
.BR execve (2).
|
|
.\" prctl PR_GET_THP_DISABLE
|
|
.TP
|
|
.BR PR_GET_THP_DISABLE " (since Linux 3.15)"
|
|
Return (as the function result) the current setting of the "THP disable"
|
|
flag for the calling thread:
|
|
either 1, if the flag is set, or 0, if it is not.
|
|
.\" prctl PR_GET_TID_ADDRESS
|
|
.TP
|
|
.BR PR_GET_TID_ADDRESS " (since Linux 3.5)"
|
|
.\" commit 300f786b2683f8bb1ec0afb6e1851183a479c86d
|
|
Return the
|
|
.I clear_child_tid
|
|
address set by
|
|
.BR set_tid_address (2)
|
|
and the
|
|
.BR clone (2)
|
|
.B CLONE_CHILD_CLEARTID
|
|
flag, in the location pointed to by
|
|
.IR "(int\ **)\ arg2" .
|
|
This feature is available only if the kernel is built with the
|
|
.BR CONFIG_CHECKPOINT_RESTORE
|
|
option enabled.
|
|
Note that since the
|
|
.BR prctl ()
|
|
system call does not have a compat implementation for
|
|
the AMD64 x32 and MIPS n32 ABIs,
|
|
and the kernel writes out a pointer using the kernel's pointer size,
|
|
this operation expects a user-space buffer of 8 (not 4) bytes on these ABIs.
|
|
.\" prctl PR_SET_TIMERSLACK
|
|
.TP
|
|
.BR PR_SET_TIMERSLACK " (since Linux 2.6.28)"
|
|
.\" See https://lwn.net/Articles/369549/
|
|
.\" commit 6976675d94042fbd446231d1bd8b7de71a980ada
|
|
Each thread has two associated timer slack values:
|
|
a "default" value, and a "current" value.
|
|
This operation sets the "current" timer slack value for the calling thread.
|
|
.I arg2
|
|
is an unsigned long value, then maximum "current" value is ULONG_MAX and
|
|
the minimum "current" value is 1.
|
|
If the nanosecond value supplied in
|
|
.IR arg2
|
|
is greater than zero, then the "current" value is set to this value.
|
|
If
|
|
.I arg2
|
|
is equal to zero,
|
|
the "current" timer slack is reset to the
|
|
thread's "default" timer slack value.
|
|
.IP
|
|
The "current" timer slack is used by the kernel to group timer expirations
|
|
for the calling thread that are close to one another;
|
|
as a consequence, timer expirations for the thread may be
|
|
up to the specified number of nanoseconds late (but will never expire early).
|
|
Grouping timer expirations can help reduce system power consumption
|
|
by minimizing CPU wake-ups.
|
|
.IP
|
|
The timer expirations affected by timer slack are those set by
|
|
.BR select (2),
|
|
.BR pselect (2),
|
|
.BR poll (2),
|
|
.BR ppoll (2),
|
|
.BR epoll_wait (2),
|
|
.BR epoll_pwait (2),
|
|
.BR clock_nanosleep (2),
|
|
.BR nanosleep (2),
|
|
and
|
|
.BR futex (2)
|
|
(and thus the library functions implemented via futexes, including
|
|
.\" List obtained by grepping for futex usage in glibc source
|
|
.BR pthread_cond_timedwait (3),
|
|
.BR pthread_mutex_timedlock (3),
|
|
.BR pthread_rwlock_timedrdlock (3),
|
|
.BR pthread_rwlock_timedwrlock (3),
|
|
and
|
|
.BR sem_timedwait (3)).
|
|
.IP
|
|
Timer slack is not applied to threads that are scheduled under
|
|
a real-time scheduling policy (see
|
|
.BR sched_setscheduler (2)).
|
|
.IP
|
|
When a new thread is created,
|
|
the two timer slack values are made the same as the "current" value
|
|
of the creating thread.
|
|
Thereafter, a thread can adjust its "current" timer slack value via
|
|
.BR PR_SET_TIMERSLACK .
|
|
The "default" value can't be changed.
|
|
The timer slack values of
|
|
.IR init
|
|
(PID 1), the ancestor of all processes,
|
|
are 50,000 nanoseconds (50 microseconds).
|
|
The timer slack value is inherited by a child created via
|
|
.BR fork (2),
|
|
and is preserved across
|
|
.BR execve (2).
|
|
.IP
|
|
Since Linux 4.6, the "current" timer slack value of any process
|
|
can be examined and changed via the file
|
|
.IR /proc/[pid]/timerslack_ns .
|
|
See
|
|
.BR proc (5).
|
|
.\" prctl PR_GET_TIMERSLACK
|
|
.TP
|
|
.BR PR_GET_TIMERSLACK " (since Linux 2.6.28)"
|
|
Return (as the function result)
|
|
the "current" timer slack value of the calling thread.
|
|
.\" prctl PR_SET_TIMING
|
|
.TP
|
|
.BR PR_SET_TIMING " (since Linux 2.6.0)"
|
|
.\" Precisely: Linux 2.6.0-test4
|
|
Set whether to use (normal, traditional) statistical process timing or
|
|
accurate timestamp-based process timing, by passing
|
|
.B PR_TIMING_STATISTICAL
|
|
.\" 0
|
|
or
|
|
.B PR_TIMING_TIMESTAMP
|
|
.\" 1
|
|
to \fIarg2\fP.
|
|
.B PR_TIMING_TIMESTAMP
|
|
is not currently implemented
|
|
(attempting to set this mode will yield the error
|
|
.BR EINVAL ).
|
|
.\" PR_TIMING_TIMESTAMP doesn't do anything in 2.6.26-rc8,
|
|
.\" and looking at the patch history, it appears
|
|
.\" that it never did anything.
|
|
.\" prctl PR_GET_TIMING
|
|
.TP
|
|
.BR PR_GET_TIMING " (since Linux 2.6.0)"
|
|
.\" Precisely: Linux 2.6.0-test4
|
|
Return (as the function result) which process timing method is currently
|
|
in use.
|
|
.\" prctl PR_SET_TSC
|
|
.TP
|
|
.BR PR_SET_TSC " (since Linux 2.6.26, x86 only)"
|
|
Set the state of the flag determining whether the timestamp counter
|
|
can be read by the process.
|
|
Pass
|
|
.B PR_TSC_ENABLE
|
|
to
|
|
.I arg2
|
|
to allow it to be read, or
|
|
.B PR_TSC_SIGSEGV
|
|
to generate a
|
|
.B SIGSEGV
|
|
when the process tries to read the timestamp counter.
|
|
.\" prctl PR_GET_TSC
|
|
.TP
|
|
.BR PR_GET_TSC " (since Linux 2.6.26, x86 only)"
|
|
Return the state of the flag determining whether the timestamp counter
|
|
can be read,
|
|
in the location pointed to by
|
|
.IR "(int\ *) arg2" .
|
|
.\" prctl PR_SET_UNALIGN
|
|
.TP
|
|
.B PR_SET_UNALIGN
|
|
(Only on: ia64, since Linux 2.3.48; parisc, since Linux 2.6.15;
|
|
PowerPC, since Linux 2.6.18; Alpha, since Linux 2.6.22;
|
|
.\" sh: 94ea5e449ae834af058ef005d16a8ad44fcf13d6
|
|
.\" tile: 2f9ac29eec71a696cb0dcc5fb82c0f8d4dac28c9
|
|
sh, since Linux 2.6.34; tile, since Linux 3.12)
|
|
Set unaligned access control bits to \fIarg2\fP.
|
|
Pass
|
|
\fBPR_UNALIGN_NOPRINT\fP to silently fix up unaligned user accesses,
|
|
or \fBPR_UNALIGN_SIGBUS\fP to generate
|
|
.B SIGBUS
|
|
on unaligned user access.
|
|
Alpha also supports an additional flag with the value
|
|
of 4 and no corresponding named constant,
|
|
which instructs kernel to not fix up
|
|
unaligned accesses (it is analogous to providing the
|
|
.BR UAC_NOFIX
|
|
flag in
|
|
.BR SSI_NVPAIRS
|
|
operation of the
|
|
.BR setsysinfo ()
|
|
system call on Tru64).
|
|
.\" prctl PR_GET_UNALIGN
|
|
.TP
|
|
.B PR_GET_UNALIGN
|
|
(See
|
|
.B PR_SET_UNALIGN
|
|
for information on versions and architectures.)
|
|
Return unaligned access control bits, in the location pointed to by
|
|
.IR "(unsigned int\ *) arg2" .
|
|
.SH RETURN VALUE
|
|
On success,
|
|
.BR PR_CAP_AMBIENT + PR_CAP_AMBIENT_IS_SET ,
|
|
.BR PR_CAPBSET_READ ,
|
|
.BR PR_GET_DUMPABLE ,
|
|
.BR PR_GET_FP_MODE ,
|
|
.BR PR_GET_IO_FLUSHER ,
|
|
.BR PR_GET_KEEPCAPS ,
|
|
.BR PR_MCE_KILL_GET ,
|
|
.BR PR_GET_NO_NEW_PRIVS ,
|
|
.BR PR_GET_SECUREBITS ,
|
|
.BR PR_GET_SPECULATION_CTRL ,
|
|
.BR PR_SVE_GET_VL ,
|
|
.BR PR_SVE_SET_VL ,
|
|
.BR PR_GET_TAGGED_ADDR_CTRL ,
|
|
.BR PR_GET_THP_DISABLE ,
|
|
.BR PR_GET_TIMING ,
|
|
.BR PR_GET_TIMERSLACK ,
|
|
and (if it returns)
|
|
.BR PR_GET_SECCOMP
|
|
return the nonnegative values described above.
|
|
All other
|
|
.I option
|
|
values return 0 on success.
|
|
On error, \-1 is returned, and
|
|
.I errno
|
|
is set to indicate the error.
|
|
.SH ERRORS
|
|
.TP
|
|
.B EACCES
|
|
.I option
|
|
is
|
|
.BR PR_SET_SECCOMP
|
|
and
|
|
.I arg2
|
|
is
|
|
.BR SECCOMP_MODE_FILTER ,
|
|
but the process does not have the
|
|
.BR CAP_SYS_ADMIN
|
|
capability or has not set the
|
|
.IR no_new_privs
|
|
attribute (see the discussion of
|
|
.BR PR_SET_NO_NEW_PRIVS
|
|
above).
|
|
.TP
|
|
.B EACCES
|
|
.I option
|
|
is
|
|
.BR PR_SET_MM ,
|
|
and
|
|
.I arg3
|
|
is
|
|
.BR PR_SET_MM_EXE_FILE ,
|
|
the file is not executable.
|
|
.TP
|
|
.B EBADF
|
|
.I option
|
|
is
|
|
.BR PR_SET_MM ,
|
|
.I arg3
|
|
is
|
|
.BR PR_SET_MM_EXE_FILE ,
|
|
and the file descriptor passed in
|
|
.I arg4
|
|
is not valid.
|
|
.TP
|
|
.B EBUSY
|
|
.I option
|
|
is
|
|
.BR PR_SET_MM ,
|
|
.I arg3
|
|
is
|
|
.BR PR_SET_MM_EXE_FILE ,
|
|
and this the second attempt to change the
|
|
.I /proc/pid/exe
|
|
symbolic link, which is prohibited.
|
|
.TP
|
|
.B EFAULT
|
|
.I arg2
|
|
is an invalid address.
|
|
.TP
|
|
.B EFAULT
|
|
.I option
|
|
is
|
|
.BR PR_SET_SECCOMP ,
|
|
.I arg2
|
|
is
|
|
.BR SECCOMP_MODE_FILTER ,
|
|
the system was built with
|
|
.BR CONFIG_SECCOMP_FILTER ,
|
|
and
|
|
.I arg3
|
|
is an invalid address.
|
|
.TP
|
|
.B EFAULT
|
|
.I option
|
|
is
|
|
.B PR_SET_SYSCALL_USER_DISPATCH
|
|
and
|
|
.I arg5
|
|
has an invalid address.
|
|
.TP
|
|
.B EINVAL
|
|
The value of
|
|
.I option
|
|
is not recognized,
|
|
or not supported on this system.
|
|
.TP
|
|
.B EINVAL
|
|
.I option
|
|
is
|
|
.BR PR_MCE_KILL
|
|
or
|
|
.BR PR_MCE_KILL_GET
|
|
or
|
|
.BR PR_SET_MM ,
|
|
and unused
|
|
.BR prctl ()
|
|
arguments were not specified as zero.
|
|
.TP
|
|
.B EINVAL
|
|
.I arg2
|
|
is not valid value for this
|
|
.IR option .
|
|
.TP
|
|
.B EINVAL
|
|
.I option
|
|
is
|
|
.BR PR_SET_SECCOMP
|
|
or
|
|
.BR PR_GET_SECCOMP ,
|
|
and the kernel was not configured with
|
|
.BR CONFIG_SECCOMP .
|
|
.TP
|
|
.B EINVAL
|
|
.I option
|
|
is
|
|
.BR PR_SET_SECCOMP ,
|
|
.I arg2
|
|
is
|
|
.BR SECCOMP_MODE_FILTER ,
|
|
and the kernel was not configured with
|
|
.BR CONFIG_SECCOMP_FILTER .
|
|
.TP
|
|
.B EINVAL
|
|
.I option
|
|
is
|
|
.BR PR_SET_MM ,
|
|
and one of the following is true
|
|
.RS
|
|
.IP * 3
|
|
.I arg4
|
|
or
|
|
.I arg5
|
|
is nonzero;
|
|
.IP *
|
|
.I arg3
|
|
is greater than
|
|
.B TASK_SIZE
|
|
(the limit on the size of the user address space for this architecture);
|
|
.IP *
|
|
.I arg2
|
|
is
|
|
.BR PR_SET_MM_START_CODE ,
|
|
.BR PR_SET_MM_END_CODE ,
|
|
.BR PR_SET_MM_START_DATA ,
|
|
.BR PR_SET_MM_END_DATA ,
|
|
or
|
|
.BR PR_SET_MM_START_STACK ,
|
|
and the permissions of the corresponding memory area are not as required;
|
|
.IP *
|
|
.I arg2
|
|
is
|
|
.BR PR_SET_MM_START_BRK
|
|
or
|
|
.BR PR_SET_MM_BRK ,
|
|
and
|
|
.I arg3
|
|
is less than or equal to the end of the data segment
|
|
or specifies a value that would cause the
|
|
.B RLIMIT_DATA
|
|
resource limit to be exceeded.
|
|
.RE
|
|
.TP
|
|
.B EINVAL
|
|
.I option
|
|
is
|
|
.BR PR_SET_PTRACER
|
|
and
|
|
.I arg2
|
|
is not 0,
|
|
.BR PR_SET_PTRACER_ANY ,
|
|
or the PID of an existing process.
|
|
.TP
|
|
.B EINVAL
|
|
.I option
|
|
is
|
|
.B PR_SET_PDEATHSIG
|
|
and
|
|
.I arg2
|
|
is not a valid signal number.
|
|
.TP
|
|
.B EINVAL
|
|
.I option
|
|
is
|
|
.BR PR_SET_DUMPABLE
|
|
and
|
|
.I arg2
|
|
is neither
|
|
.B SUID_DUMP_DISABLE
|
|
nor
|
|
.BR SUID_DUMP_USER .
|
|
.TP
|
|
.B EINVAL
|
|
.I option
|
|
is
|
|
.BR PR_SET_TIMING
|
|
and
|
|
.I arg2
|
|
is not
|
|
.BR PR_TIMING_STATISTICAL .
|
|
.TP
|
|
.B EINVAL
|
|
.I option
|
|
is
|
|
.BR PR_SET_NO_NEW_PRIVS
|
|
and
|
|
.I arg2
|
|
is not equal to 1
|
|
or
|
|
.IR arg3 ,
|
|
.IR arg4 ,
|
|
or
|
|
.IR arg5
|
|
is nonzero.
|
|
.TP
|
|
.B EINVAL
|
|
.I option
|
|
is
|
|
.BR PR_GET_NO_NEW_PRIVS
|
|
and
|
|
.IR arg2 ,
|
|
.IR arg3 ,
|
|
.IR arg4 ,
|
|
or
|
|
.IR arg5
|
|
is nonzero.
|
|
.TP
|
|
.B EINVAL
|
|
.I option
|
|
is
|
|
.BR PR_SET_THP_DISABLE
|
|
and
|
|
.IR arg3 ,
|
|
.IR arg4 ,
|
|
or
|
|
.IR arg5
|
|
is nonzero.
|
|
.TP
|
|
.B EINVAL
|
|
.I option
|
|
is
|
|
.BR PR_GET_THP_DISABLE
|
|
and
|
|
.IR arg2 ,
|
|
.IR arg3 ,
|
|
.IR arg4 ,
|
|
or
|
|
.IR arg5
|
|
is nonzero.
|
|
.TP
|
|
.B EINVAL
|
|
.I option
|
|
is
|
|
.B PR_CAP_AMBIENT
|
|
and an unused argument
|
|
.RI ( arg4 ,
|
|
.IR arg5 ,
|
|
or,
|
|
in the case of
|
|
.BR PR_CAP_AMBIENT_CLEAR_ALL ,
|
|
.IR arg3 )
|
|
is nonzero; or
|
|
.IR arg2
|
|
has an invalid value;
|
|
or
|
|
.IR arg2
|
|
is
|
|
.BR PR_CAP_AMBIENT_LOWER ,
|
|
.BR PR_CAP_AMBIENT_RAISE ,
|
|
or
|
|
.BR PR_CAP_AMBIENT_IS_SET
|
|
and
|
|
.IR arg3
|
|
does not specify a valid capability.
|
|
.TP
|
|
.B EINVAL
|
|
.I option
|
|
was
|
|
.BR PR_GET_SPECULATION_CTRL
|
|
or
|
|
.BR PR_SET_SPECULATION_CTRL
|
|
and unused arguments to
|
|
.BR prctl ()
|
|
are not 0.
|
|
.B EINVAL
|
|
.I option
|
|
is
|
|
.B PR_PAC_RESET_KEYS
|
|
and the arguments are invalid or unsupported.
|
|
See the description of
|
|
.B PR_PAC_RESET_KEYS
|
|
above for details.
|
|
.TP
|
|
.B EINVAL
|
|
.I option
|
|
is
|
|
.B PR_SVE_SET_VL
|
|
and the arguments are invalid or unsupported,
|
|
or SVE is not available on this platform.
|
|
See the description of
|
|
.B PR_SVE_SET_VL
|
|
above for details.
|
|
.TP
|
|
.B EINVAL
|
|
.I option
|
|
is
|
|
.B PR_SVE_GET_VL
|
|
and SVE is not available on this platform.
|
|
.TP
|
|
.B EINVAL
|
|
.I option
|
|
is
|
|
.B PR_SET_SYSCALL_USER_DISPATCH
|
|
and one of the following is true:
|
|
.RS
|
|
.IP * 3
|
|
.I arg2
|
|
is
|
|
.B PR_SYS_DISPATCH_OFF
|
|
and the remaining arguments are not 0;
|
|
.IP * 3
|
|
.I arg2
|
|
is
|
|
.B PR_SYS_DISPATCH_ON
|
|
and the memory range specified is outside the
|
|
address space of the process.
|
|
.IP * 3
|
|
.I arg2
|
|
is invalid.
|
|
.RE
|
|
.TP
|
|
.B EINVAL
|
|
.I option
|
|
is
|
|
.BR PR_SET_TAGGED_ADDR_CTRL
|
|
and the arguments are invalid or unsupported.
|
|
See the description of
|
|
.B PR_SET_TAGGED_ADDR_CTRL
|
|
above for details.
|
|
.TP
|
|
.B EINVAL
|
|
.I option
|
|
is
|
|
.BR PR_GET_TAGGED_ADDR_CTRL
|
|
and the arguments are invalid or unsupported.
|
|
See the description of
|
|
.B PR_GET_TAGGED_ADDR_CTRL
|
|
above for details.
|
|
.TP
|
|
.B ENODEV
|
|
.I option
|
|
was
|
|
.BR PR_SET_SPECULATION_CTRL
|
|
the kernel or CPU does not support the requested speculation misfeature.
|
|
.TP
|
|
.B ENXIO
|
|
.I option
|
|
was
|
|
.BR PR_MPX_ENABLE_MANAGEMENT
|
|
or
|
|
.BR PR_MPX_DISABLE_MANAGEMENT
|
|
and the kernel or the CPU does not support MPX management.
|
|
Check that the kernel and processor have MPX support.
|
|
.TP
|
|
.B ENXIO
|
|
.I option
|
|
was
|
|
.BR PR_SET_SPECULATION_CTRL
|
|
implies that the control of the selected speculation misfeature is not possible.
|
|
See
|
|
.BR PR_GET_SPECULATION_CTRL
|
|
for the bit fields to determine which option is available.
|
|
.TP
|
|
.B EOPNOTSUPP
|
|
.I option
|
|
is
|
|
.B PR_SET_FP_MODE
|
|
and
|
|
.I arg2
|
|
has an invalid or unsupported value.
|
|
.TP
|
|
.B EPERM
|
|
.I option
|
|
is
|
|
.BR PR_SET_SECUREBITS ,
|
|
and the caller does not have the
|
|
.B CAP_SETPCAP
|
|
capability,
|
|
or tried to unset a "locked" flag,
|
|
or tried to set a flag whose corresponding locked flag was set
|
|
(see
|
|
.BR capabilities (7)).
|
|
.TP
|
|
.B EPERM
|
|
.I option
|
|
is
|
|
.BR PR_SET_SPECULATION_CTRL
|
|
wherein the speculation was disabled with
|
|
.B PR_SPEC_FORCE_DISABLE
|
|
and caller tried to enable it again.
|
|
.TP
|
|
.B EPERM
|
|
.I option
|
|
is
|
|
.BR PR_SET_KEEPCAPS ,
|
|
and the caller's
|
|
.B SECBIT_KEEP_CAPS_LOCKED
|
|
flag is set
|
|
(see
|
|
.BR capabilities (7)).
|
|
.TP
|
|
.B EPERM
|
|
.I option
|
|
is
|
|
.BR PR_CAPBSET_DROP ,
|
|
and the caller does not have the
|
|
.B CAP_SETPCAP
|
|
capability.
|
|
.TP
|
|
.B EPERM
|
|
.I option
|
|
is
|
|
.BR PR_SET_MM ,
|
|
and the caller does not have the
|
|
.B CAP_SYS_RESOURCE
|
|
capability.
|
|
.TP
|
|
.B EPERM
|
|
.IR option
|
|
is
|
|
.BR PR_CAP_AMBIENT
|
|
and
|
|
.IR arg2
|
|
is
|
|
.BR PR_CAP_AMBIENT_RAISE ,
|
|
but either the capability specified in
|
|
.IR arg3
|
|
is not present in the process's permitted and inheritable capability sets,
|
|
or the
|
|
.B PR_CAP_AMBIENT_LOWER
|
|
securebit has been set.
|
|
.TP
|
|
.B ERANGE
|
|
.I option
|
|
was
|
|
.BR PR_SET_SPECULATION_CTRL
|
|
and
|
|
.IR arg3
|
|
is not
|
|
.BR PR_SPEC_ENABLE ,
|
|
.BR PR_SPEC_DISABLE ,
|
|
.BR PR_SPEC_FORCE_DISABLE ,
|
|
nor
|
|
.BR PR_SPEC_DISABLE_NOEXEC .
|
|
.SH VERSIONS
|
|
The
|
|
.BR prctl ()
|
|
system call was introduced in Linux 2.1.57.
|
|
.\" The library interface was added in glibc 2.0.6
|
|
.SH CONFORMING TO
|
|
This call is Linux-specific.
|
|
IRIX has a
|
|
.BR prctl ()
|
|
system call (also introduced in Linux 2.1.44
|
|
as irix_prctl on the MIPS architecture),
|
|
with prototype
|
|
.PP
|
|
.in +4n
|
|
.EX
|
|
.BI "ptrdiff_t prctl(int " option ", int " arg2 ", int " arg3 );
|
|
.EE
|
|
.in
|
|
.PP
|
|
and options to get the maximum number of processes per user,
|
|
get the maximum number of processors the calling process can use,
|
|
find out whether a specified process is currently blocked,
|
|
get or set the maximum stack size, and so on.
|
|
.SH SEE ALSO
|
|
.BR signal (2),
|
|
.BR core (5)
|