summaryrefslogtreecommitdiffstats
path: root/upstream/debian-bookworm/man2/prctl.2
diff options
context:
space:
mode:
Diffstat (limited to 'upstream/debian-bookworm/man2/prctl.2')
-rw-r--r--upstream/debian-bookworm/man2/prctl.22529
1 files changed, 2529 insertions, 0 deletions
diff --git a/upstream/debian-bookworm/man2/prctl.2 b/upstream/debian-bookworm/man2/prctl.2
new file mode 100644
index 00000000..bfd94a47
--- /dev/null
+++ b/upstream/debian-bookworm/man2/prctl.2
@@ -0,0 +1,2529 @@
+.\" Copyright (C) 1998 Andries Brouwer (aeb@cwi.nl)
+.\" and Copyright (C) 2002, 2006, 2008, 2012, 2013, 2015 Michael Kerrisk <mtk.manpages@gmail.com>
+.\" and Copyright Guillem Jover <guillem@hadrons.org>
+.\" and Copyright (C) 2010 Andi Kleen <andi@firstfloor.org>
+.\" and Copyright (C) 2012 Cyrill Gorcunov <gorcunov@openvz.org>
+.\" and Copyright (C) 2014 Dave Hansen / Intel
+.\" and Copyright (c) 2016 Eugene Syromyatnikov <evgsyr@gmail.com>
+.\" and Copyright (c) 2018 Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
+.\" and Copyright (c) 2020 Dave Martin <Dave.Martin@arm.com>
+.\"
+.\" SPDX-License-Identifier: Linux-man-pages-copyleft
+.\"
+.\" Modified Thu Nov 11 04:19:42 MET 1999, aeb: added PR_GET_PDEATHSIG
+.\" Modified 27 Jun 02, Michael Kerrisk
+.\" Added PR_SET_DUMPABLE, PR_GET_DUMPABLE,
+.\" PR_SET_KEEPCAPS, PR_GET_KEEPCAPS
+.\" Modified 2006-08-30 Guillem Jover <guillem@hadrons.org>
+.\" Updated Linux versions where the options where introduced.
+.\" Added PR_SET_TIMING, PR_GET_TIMING, PR_SET_NAME, PR_GET_NAME,
+.\" PR_SET_UNALIGN, PR_GET_UNALIGN, PR_SET_FPEMU, PR_GET_FPEMU,
+.\" PR_SET_FPEXC, PR_GET_FPEXC
+.\" 2008-04-29 Serge Hallyn, Document PR_CAPBSET_READ and PR_CAPBSET_DROP
+.\" 2008-06-13 Erik Bosman, <ejbosman@cs.vu.nl>
+.\" Document PR_GET_TSC and PR_SET_TSC.
+.\" 2008-06-15 mtk, Document PR_SET_SECCOMP, PR_GET_SECCOMP
+.\" 2009-10-03 Andi Kleen, document PR_MCE_KILL
+.\" 2012-04 Cyrill Gorcunov, Document PR_SET_MM
+.\" 2012-04-25 Michael Kerrisk, Document PR_TASK_PERF_EVENTS_DISABLE and
+.\" PR_TASK_PERF_EVENTS_ENABLE
+.\" 2012-09-20 Kees Cook, update PR_SET_SECCOMP for mode 2
+.\" 2012-09-20 Kees Cook, document PR_SET_NO_NEW_PRIVS, PR_GET_NO_NEW_PRIVS
+.\" 2012-10-25 Michael Kerrisk, Document PR_SET_TIMERSLACK and
+.\" PR_GET_TIMERSLACK
+.\" 2013-01-10 Kees Cook, document PR_SET_PTRACER
+.\" 2012-02-04 Michael Kerrisk, document PR_{SET,GET}_CHILD_SUBREAPER
+.\" 2014-11-10 Dave Hansen, document PR_MPX_{EN,DIS}ABLE_MANAGEMENT
+.\"
+.\"
+.TH prctl 2 2023-02-10 "Linux man-pages 6.03"
+.SH NAME
+prctl \- operations on a process or thread
+.SH LIBRARY
+Standard C library
+.RI ( libc ", " \-lc )
+.SH SYNOPSIS
+.nf
+.B #include <sys/prctl.h>
+.PP
+.BI "int prctl(int " option ", unsigned long " arg2 ", unsigned long " arg3 ,
+.BI " unsigned long " arg4 ", unsigned long " arg5 );
+.fi
+.SH DESCRIPTION
+.BR prctl ()
+manipulates various aspects of the behavior
+of the calling thread or process.
+.PP
+Note that careless use of some
+.BR prctl ()
+operations can confuse the user-space run-time environment,
+so these operations should be used with care.
+.PP
+.BR prctl ()
+is called with a first argument describing what to do
+(with values defined in \fI<linux/prctl.h>\fP), and further
+arguments with a significance depending on the first one.
+The first argument can be:
+.\"
+.\" prctl PR_CAP_AMBIENT
+.TP
+.BR PR_CAP_AMBIENT " (since Linux 4.3)"
+.\" commit 58319057b7847667f0c9585b9de0e8932b0fdb08
+Reads or changes the ambient capability set of the calling thread,
+according to the value of
+.IR arg2 ,
+which must be one of the following:
+.RS
+.\"
+.TP
+.B PR_CAP_AMBIENT_RAISE
+The capability specified in
+.I arg3
+is added to the ambient set.
+The specified capability must already be present in
+both the permitted and the inheritable sets of the process.
+This operation is not permitted if the
+.B SECBIT_NO_CAP_AMBIENT_RAISE
+securebit is set.
+.TP
+.B PR_CAP_AMBIENT_LOWER
+The capability specified in
+.I arg3
+is removed from the ambient set.
+.TP
+.B PR_CAP_AMBIENT_IS_SET
+The
+.BR prctl ()
+call returns 1 if the capability in
+.I arg3
+is in the ambient set and 0 if it is not.
+.TP
+.B PR_CAP_AMBIENT_CLEAR_ALL
+All capabilities will be removed from the ambient set.
+This operation requires setting
+.I arg3
+to zero.
+.RE
+.IP
+In all of the above operations,
+.I arg4
+and
+.I arg5
+must be specified as 0.
+.IP
+Higher-level interfaces layered on top of the above operations are
+provided in the
+.BR libcap (3)
+library in the form of
+.BR cap_get_ambient (3),
+.BR cap_set_ambient (3),
+and
+.BR cap_reset_ambient (3).
+.\" prctl PR_CAPBSET_READ
+.TP
+.BR PR_CAPBSET_READ " (since Linux 2.6.25)"
+Return (as the function result) 1 if the capability specified in
+.I arg2
+is in the calling thread's capability bounding set,
+or 0 if it is not.
+(The capability constants are defined in
+.IR <linux/capability.h> .)
+The capability bounding set dictates
+whether the process can receive the capability through a
+file's permitted capability set on a subsequent call to
+.BR execve (2).
+.IP
+If the capability specified in
+.I arg2
+is not valid, then the call fails with the error
+.BR EINVAL .
+.IP
+A higher-level interface layered on top of this operation is provided in the
+.BR libcap (3)
+library in the form of
+.BR cap_get_bound (3).
+.\" prctl PR_CAPBSET_DROP
+.TP
+.BR PR_CAPBSET_DROP " (since Linux 2.6.25)"
+If the calling thread has the
+.B CAP_SETPCAP
+capability within its user namespace, then drop the capability specified by
+.I arg2
+from the calling thread's capability bounding set.
+Any children of the calling thread will inherit the newly
+reduced bounding set.
+.IP
+The call fails with the error:
+.B EPERM
+if the calling thread does not have the
+.BR CAP_SETPCAP ;
+.B EINVAL
+if
+.I arg2
+does not represent a valid capability; or
+.B EINVAL
+if file capabilities are not enabled in the kernel,
+in which case bounding sets are not supported.
+.IP
+A higher-level interface layered on top of this operation is provided in the
+.BR libcap (3)
+library in the form of
+.BR cap_drop_bound (3).
+.\" prctl PR_SET_CHILD_SUBREAPER
+.TP
+.BR PR_SET_CHILD_SUBREAPER " (since Linux 3.4)"
+.\" commit ebec18a6d3aa1e7d84aab16225e87fd25170ec2b
+If
+.I arg2
+is nonzero,
+set the "child subreaper" attribute of the calling process;
+if
+.I arg2
+is zero, unset the attribute.
+.IP
+A subreaper fulfills the role of
+.BR init (1)
+for its descendant processes.
+When a process becomes orphaned
+(i.e., its immediate parent terminates),
+then that process will be reparented to
+the nearest still living ancestor subreaper.
+Subsequently, calls to
+.BR getppid (2)
+in the orphaned process will now return the PID of the subreaper process,
+and when the orphan terminates, it is the subreaper process that
+will receive a
+.B SIGCHLD
+signal and will be able to
+.BR wait (2)
+on the process to discover its termination status.
+.IP
+The setting of the "child subreaper" attribute
+is not inherited by children created by
+.BR fork (2)
+and
+.BR clone (2).
+The setting is preserved across
+.BR execve (2).
+.IP
+Establishing a subreaper process is useful in session management frameworks
+where a hierarchical group of processes is managed by a subreaper process
+that needs to be informed when one of the processes\[em]for example,
+a double-forked daemon\[em]terminates
+(perhaps so that it can restart that process).
+Some
+.BR init (1)
+frameworks (e.g.,
+.BR systemd (1))
+employ a subreaper process for similar reasons.
+.\" prctl PR_GET_CHILD_SUBREAPER
+.TP
+.BR PR_GET_CHILD_SUBREAPER " (since Linux 3.4)"
+Return the "child subreaper" setting of the caller,
+in the location pointed to by
+.IR "(int\~*) arg2" .
+.\" prctl PR_SET_DUMPABLE
+.TP
+.BR PR_SET_DUMPABLE " (since Linux 2.3.20)"
+Set the state of the "dumpable" attribute,
+which determines whether core dumps are produced for the calling process
+upon delivery of a signal whose default behavior is to produce a core dump.
+.IP
+Up to and including Linux 2.6.12,
+.I arg2
+must be either 0
+.RB ( SUID_DUMP_DISABLE ,
+process is not dumpable) or 1
+.RB ( SUID_DUMP_USER ,
+process is dumpable).
+Between Linux 2.6.13 and Linux 2.6.17,
+.\" commit abf75a5033d4da7b8a7e92321d74021d1fcfb502
+the value 2 was also permitted,
+which caused any binary which normally would not be dumped
+to be dumped readable by root only;
+for security reasons, this feature has been removed.
+.\" See http://marc.theaimsgroup.com/?l=linux-kernel&m=115270289030630&w=2
+.\" Subject: Fix prctl privilege escalation (CVE-2006-2451)
+.\" From: Marcel Holtmann <marcel () holtmann ! org>
+.\" Date: 2006-07-12 11:12:00
+(See also the description of
+.I /proc/sys/fs/\:suid_dumpable
+in
+.BR proc (5).)
+.IP
+Normally, the "dumpable" attribute is set to 1.
+However, it is reset to the current value contained in the file
+.I /proc/sys/fs/\:suid_dumpable
+(which by default has the value 0),
+in the following circumstances:
+.\" See kernel/cred.c::commit_creds() (Linux 3.18 sources)
+.RS
+.IP \[bu] 3
+The process's effective user or group ID is changed.
+.IP \[bu]
+The process's filesystem user or group ID is changed (see
+.BR credentials (7)).
+.IP \[bu]
+The process executes
+.RB ( execve (2))
+a set-user-ID or set-group-ID program, resulting in a change
+of either the effective user ID or the effective group ID.
+.IP \[bu]
+The process executes
+.RB ( execve (2))
+a program that has file capabilities (see
+.BR capabilities (7)),
+.\" See kernel/cred.c::commit_creds()
+but only if the permitted capabilities
+gained exceed those already permitted for the process.
+.\" Also certain namespace operations;
+.RE
+.IP
+Processes that are not dumpable can not be attached via
+.BR ptrace (2)
+.BR PTRACE_ATTACH ;
+see
+.BR ptrace (2)
+for further details.
+.IP
+If a process is not dumpable,
+the ownership of files in the process's
+.IR /proc/ pid
+directory is affected as described in
+.BR proc (5).
+.\" prctl PR_GET_DUMPABLE
+.TP
+.BR PR_GET_DUMPABLE " (since Linux 2.3.20)"
+Return (as the function result) the current state of the calling
+process's dumpable attribute.
+.\" Since Linux 2.6.13, the dumpable flag can have the value 2,
+.\" but in Linux 2.6.13 PR_GET_DUMPABLE simply returns 1 if the dumpable
+.\" flags has a nonzero value. This was fixed in Linux 2.6.14.
+.\" prctl PR_SET_ENDIAN
+.TP
+.BR PR_SET_ENDIAN " (since Linux 2.6.18, PowerPC only)"
+Set the endian-ness of the calling process to the value given
+in \fIarg2\fP, which should be one of the following:
+.\" Respectively 0, 1, 2
+.BR PR_ENDIAN_BIG ,
+.BR PR_ENDIAN_LITTLE ,
+or
+.B PR_ENDIAN_PPC_LITTLE
+(PowerPC pseudo little endian).
+.\" prctl PR_GET_ENDIAN
+.TP
+.BR PR_GET_ENDIAN " (since Linux 2.6.18, PowerPC only)"
+Return the endian-ness of the calling process,
+in the location pointed to by
+.IR "(int\~*) arg2" .
+.\" prctl PR_SET_FP_MODE
+.TP
+.BR PR_SET_FP_MODE " (since Linux 4.0, only on MIPS)"
+.\" commit 9791554b45a2acc28247f66a5fd5bbc212a6b8c8
+On the MIPS architecture,
+user-space code can be built using an ABI which permits linking
+with code that has more restrictive floating-point (FP) requirements.
+For example, user-space code may be built to target the O32 FPXX ABI
+and linked with code built for either one of the more restrictive
+FP32 or FP64 ABIs.
+When more restrictive code is linked in,
+the overall requirement for the process is to use the more
+restrictive floating-point mode.
+.IP
+Because the kernel has no means of knowing in advance
+which mode the process should be executed in,
+and because these restrictions can
+change over the lifetime of the process, the
+.B PR_SET_FP_MODE
+operation is provided to allow control of the floating-point mode
+from user space.
+.IP
+.\" https://dmz-portal.mips.com/wiki/MIPS_O32_ABI_-_FR0_and_FR1_Interlinking
+The
+.I (unsigned int) arg2
+argument is a bit mask describing the floating-point mode used:
+.RS
+.TP
+.B PR_FP_MODE_FR
+When this bit is
+.I unset
+(so called
+.BR FR=0 " or " FR0
+mode), the 32 floating-point registers are 32 bits wide,
+and 64-bit registers are represented as a pair of registers
+(even- and odd- numbered,
+with the even-numbered register containing the lower 32 bits,
+and the odd-numbered register containing the higher 32 bits).
+.IP
+When this bit is
+.I set
+(on supported hardware),
+the 32 floating-point registers are 64 bits wide (so called
+.BR FR=1 " or " FR1
+mode).
+Note that modern MIPS implementations (MIPS R6 and newer) support
+.B FR=1
+mode only.
+.IP
+Applications that use the O32 FP32 ABI can operate only when this bit is
+.I unset
+.RB ( FR=0 ;
+or they can be used with FRE enabled, see below).
+Applications that use the O32 FP64 ABI
+(and the O32 FP64A ABI, which exists to
+provide the ability to operate with existing FP32 code; see below)
+can operate only when this bit is
+.I set
+.RB ( FR=1 ).
+Applications that use the O32 FPXX ABI can operate with either
+.B FR=0
+or
+.B FR=1 .
+.TP
+.B PR_FP_MODE_FRE
+Enable emulation of 32-bit floating-point mode.
+When this mode is enabled,
+it emulates 32-bit floating-point operations
+by raising a reserved-instruction exception
+on every instruction that uses 32-bit formats and
+the kernel then handles the instruction in software.
+(The problem lies in the discrepancy of handling odd-numbered registers
+which are the high 32 bits of 64-bit registers with even numbers in
+.B FR=0
+mode and the lower 32-bit parts of odd-numbered 64-bit registers in
+.B FR=1
+mode.)
+Enabling this bit is necessary when code with the O32 FP32 ABI should operate
+with code with compatible the O32 FPXX or O32 FP64A ABIs (which require
+.B FR=1
+FPU mode) or when it is executed on newer hardware (MIPS R6 onwards)
+which lacks
+.B FR=0
+mode support when a binary with the FP32 ABI is used.
+.IP
+Note that this mode makes sense only when the FPU is in 64-bit mode
+.RB ( FR=1 ).
+.IP
+Note that the use of emulation inherently has a significant performance hit
+and should be avoided if possible.
+.RE
+.IP
+In the N32/N64 ABI, 64-bit floating-point mode is always used,
+so FPU emulation is not required and the FPU always operates in
+.B FR=1
+mode.
+.IP
+This option is mainly intended for use by the dynamic linker
+.RB ( ld.so (8)).
+.IP
+The arguments
+.IR arg3 ,
+.IR arg4 ,
+and
+.I arg5
+are ignored.
+.\" prctl PR_GET_FP_MODE
+.TP
+.BR PR_GET_FP_MODE " (since Linux 4.0, only on MIPS)"
+Return (as the function result)
+the current floating-point mode (see the description of
+.B PR_SET_FP_MODE
+for details).
+.IP
+On success,
+the call returns a bit mask which represents the current floating-point mode.
+.IP
+The arguments
+.IR arg2 ,
+.IR arg3 ,
+.IR arg4 ,
+and
+.I arg5
+are ignored.
+.\" prctl PR_SET_FPEMU
+.TP
+.BR PR_SET_FPEMU " (since Linux 2.4.18, 2.5.9, only on ia64)"
+Set floating-point emulation control bits to \fIarg2\fP.
+Pass
+.B PR_FPEMU_NOPRINT
+to silently emulate floating-point operation accesses, or
+.B PR_FPEMU_SIGFPE
+to not emulate floating-point operations and send
+.B SIGFPE
+instead.
+.\" prctl PR_GET_FPEMU
+.TP
+.BR PR_GET_FPEMU " (since Linux 2.4.18, 2.5.9, only on ia64)"
+Return floating-point emulation control bits,
+in the location pointed to by
+.IR "(int\~*) arg2" .
+.\" prctl PR_SET_FPEXC
+.TP
+.BR PR_SET_FPEXC " (since Linux 2.4.21, 2.5.32, only on PowerPC)"
+Set floating-point exception mode to \fIarg2\fP.
+Pass \fBPR_FP_EXC_SW_ENABLE\fP to use FPEXC for FP exception enables,
+\fBPR_FP_EXC_DIV\fP for floating-point divide by zero,
+\fBPR_FP_EXC_OVF\fP for floating-point overflow,
+\fBPR_FP_EXC_UND\fP for floating-point underflow,
+\fBPR_FP_EXC_RES\fP for floating-point inexact result,
+\fBPR_FP_EXC_INV\fP for floating-point invalid operation,
+\fBPR_FP_EXC_DISABLED\fP for FP exceptions disabled,
+\fBPR_FP_EXC_NONRECOV\fP for async nonrecoverable exception mode,
+\fBPR_FP_EXC_ASYNC\fP for async recoverable exception mode,
+\fBPR_FP_EXC_PRECISE\fP for precise exception mode.
+.\" prctl PR_GET_FPEXC
+.TP
+.BR PR_GET_FPEXC " (since Linux 2.4.21, 2.5.32, only on PowerPC)"
+Return floating-point exception mode,
+in the location pointed to by
+.IR "(int\~*) arg2" .
+.\" prctl PR_SET_IO_FLUSHER
+.TP
+.BR PR_SET_IO_FLUSHER " (since Linux 5.6)"
+If a user process is involved in the block layer or filesystem I/O path,
+and can allocate memory while processing I/O requests it must set
+\fIarg2\fP to 1.
+This will put the process in the IO_FLUSHER state,
+which allows it special treatment to make progress when allocating memory.
+If \fIarg2\fP is 0, the process will clear the IO_FLUSHER state, and
+the default behavior will be used.
+.IP
+The calling process must have the
+.B CAP_SYS_RESOURCE
+capability.
+.IP
+.IR arg3 ,
+.IR arg4 ,
+and
+.I arg5
+must be zero.
+.IP
+The IO_FLUSHER state is inherited by a child process created via
+.BR fork (2)
+and is preserved across
+.BR execve (2).
+.IP
+Examples of IO_FLUSHER applications are FUSE daemons, SCSI device
+emulation daemons, and daemons that perform error handling like multipath
+path recovery applications.
+.\" prctl PR_GET_IO_FLUSHER
+.TP
+.B PR_GET_IO_FLUSHER (Since Linux 5.6)
+Return (as the function result) the IO_FLUSHER state of the caller.
+A value of 1 indicates that the caller is in the IO_FLUSHER state;
+0 indicates that the caller is not in the IO_FLUSHER state.
+.IP
+The calling process must have the
+.B CAP_SYS_RESOURCE
+capability.
+.IP
+.IR arg2 ,
+.IR arg3 ,
+.IR arg4 ,
+and
+.I arg5
+must be zero.
+.\" prctl PR_SET_KEEPCAPS
+.TP
+.BR PR_SET_KEEPCAPS " (since Linux 2.2.18)"
+Set the state of the calling thread's "keep capabilities" flag.
+The effect of this flag is described in
+.BR capabilities (7).
+.I arg2
+must be either 0 (clear the flag)
+or 1 (set the flag).
+The "keep capabilities" value will be reset to 0 on subsequent calls to
+.BR execve (2).
+.\" prctl PR_GET_KEEPCAPS
+.TP
+.BR PR_GET_KEEPCAPS " (since Linux 2.2.18)"
+Return (as the function result) the current state of the calling thread's
+"keep capabilities" flag.
+See
+.BR capabilities (7)
+for a description of this flag.
+.\" prctl PR_MCE_KILL
+.TP
+.BR PR_MCE_KILL " (since Linux 2.6.32)"
+Set the machine check memory corruption kill policy for the calling thread.
+If
+.I arg2
+is
+.BR PR_MCE_KILL_CLEAR ,
+clear the thread memory corruption kill policy and use the system-wide default.
+(The system-wide default is defined by
+.IR /proc/sys/vm/memory_failure_early_kill ;
+see
+.BR proc (5).)
+If
+.I arg2
+is
+.BR PR_MCE_KILL_SET ,
+use a thread-specific memory corruption kill policy.
+In this case,
+.I arg3
+defines whether the policy is
+.I early kill
+.RB ( PR_MCE_KILL_EARLY ),
+.I late kill
+.RB ( PR_MCE_KILL_LATE ),
+or the system-wide default
+.RB ( PR_MCE_KILL_DEFAULT ).
+Early kill means that the thread receives a
+.B SIGBUS
+signal as soon as hardware memory corruption is detected inside
+its address space.
+In late kill mode, the process is killed only when it accesses a corrupted page.
+See
+.BR sigaction (2)
+for more information on the
+.B SIGBUS
+signal.
+The policy is inherited by children.
+The remaining unused
+.BR prctl ()
+arguments must be zero for future compatibility.
+.\" prctl PR_MCE_KILL_GET
+.TP
+.BR PR_MCE_KILL_GET " (since Linux 2.6.32)"
+Return (as the function result)
+the current per-process machine check kill policy.
+All unused
+.BR prctl ()
+arguments must be zero.
+.\" prctl PR_SET_MM
+.TP
+.BR PR_SET_MM " (since Linux 3.3)"
+.\" commit 028ee4be34a09a6d48bdf30ab991ae933a7bc036
+Modify certain kernel memory map descriptor fields
+of the calling process.
+Usually these fields are set by the kernel and dynamic loader (see
+.BR ld.so (8)
+for more information) and a regular application should not use this feature.
+However, there are cases, such as self-modifying programs,
+where a program might find it useful to change its own memory map.
+.IP
+The calling process must have the
+.B CAP_SYS_RESOURCE
+capability.
+The value in
+.I arg2
+is one of the options below, while
+.I arg3
+provides a new value for the option.
+The
+.I arg4
+and
+.I arg5
+arguments must be zero if unused.
+.IP
+Before Linux 3.10,
+.\" commit 52b3694157e3aa6df871e283115652ec6f2d31e0
+this feature is available only if the kernel is built with the
+.B CONFIG_CHECKPOINT_RESTORE
+option enabled.
+.RS
+.TP
+.B PR_SET_MM_START_CODE
+Set the address above which the program text can run.
+The corresponding memory area must be readable and executable,
+but not writable or shareable (see
+.BR mprotect (2)
+and
+.BR mmap (2)
+for more information).
+.TP
+.B PR_SET_MM_END_CODE
+Set the address below which the program text can run.
+The corresponding memory area must be readable and executable,
+but not writable or shareable.
+.TP
+.B PR_SET_MM_START_DATA
+Set the address above which initialized and
+uninitialized (bss) data are placed.
+The corresponding memory area must be readable and writable,
+but not executable or shareable.
+.TP
+.B PR_SET_MM_END_DATA
+Set the address below which initialized and
+uninitialized (bss) data are placed.
+The corresponding memory area must be readable and writable,
+but not executable or shareable.
+.TP
+.B PR_SET_MM_START_STACK
+Set the start address of the stack.
+The corresponding memory area must be readable and writable.
+.TP
+.B PR_SET_MM_START_BRK
+Set the address above which the program heap can be expanded with
+.BR brk (2)
+call.
+The address must be greater than the ending address of
+the current program data segment.
+In addition, the combined size of the resulting heap and
+the size of the data segment can't exceed the
+.B RLIMIT_DATA
+resource limit (see
+.BR setrlimit (2)).
+.TP
+.B PR_SET_MM_BRK
+Set the current
+.BR brk (2)
+value.
+The requirements for the address are the same as for the
+.B PR_SET_MM_START_BRK
+option.
+.PP
+The following options are available since Linux 3.5.
+.\" commit fe8c7f5cbf91124987106faa3bdf0c8b955c4cf7
+.TP
+.B PR_SET_MM_ARG_START
+Set the address above which the program command line is placed.
+.TP
+.B PR_SET_MM_ARG_END
+Set the address below which the program command line is placed.
+.TP
+.B PR_SET_MM_ENV_START
+Set the address above which the program environment is placed.
+.TP
+.B PR_SET_MM_ENV_END
+Set the address below which the program environment is placed.
+.IP
+The address passed with
+.BR PR_SET_MM_ARG_START ,
+.BR PR_SET_MM_ARG_END ,
+.BR PR_SET_MM_ENV_START ,
+and
+.B PR_SET_MM_ENV_END
+should belong to a process stack area.
+Thus, the corresponding memory area must be readable, writable, and
+(depending on the kernel configuration) have the
+.B MAP_GROWSDOWN
+attribute set (see
+.BR mmap (2)).
+.TP
+.B PR_SET_MM_AUXV
+Set a new auxiliary vector.
+The
+.I arg3
+argument should provide the address of the vector.
+The
+.I arg4
+is the size of the vector.
+.TP
+.B PR_SET_MM_EXE_FILE
+.\" commit b32dfe377102ce668775f8b6b1461f7ad428f8b6
+Supersede the
+.IR /proc/ pid /exe
+symbolic link with a new one pointing to a new executable file
+identified by the file descriptor provided in
+.I arg3
+argument.
+The file descriptor should be obtained with a regular
+.BR open (2)
+call.
+.IP
+To change the symbolic link, one needs to unmap all existing
+executable memory areas, including those created by the kernel itself
+(for example the kernel usually creates at least one executable
+memory area for the ELF
+.I .text
+section).
+.IP
+In Linux 4.9 and earlier, the
+.\" commit 3fb4afd9a504c2386b8435028d43283216bf588e
+.B PR_SET_MM_EXE_FILE
+operation can be performed only once in a process's lifetime;
+attempting to perform the operation a second time results in the error
+.BR EPERM .
+This restriction was enforced for security reasons that were subsequently
+deemed specious,
+and the restriction was removed in Linux 4.10 because some
+user-space applications needed to perform this operation more than once.
+.PP
+The following options are available since Linux 3.18.
+.\" commit f606b77f1a9e362451aca8f81d8f36a3a112139e
+.TP
+.B PR_SET_MM_MAP
+Provides one-shot access to all the addresses by passing in a
+.I struct prctl_mm_map
+(as defined in \fI<linux/prctl.h>\fP).
+The
+.I arg4
+argument should provide the size of the struct.
+.IP
+This feature is available only if the kernel is built with the
+.B CONFIG_CHECKPOINT_RESTORE
+option enabled.
+.TP
+.B PR_SET_MM_MAP_SIZE
+Returns the size of the
+.I struct prctl_mm_map
+the kernel expects.
+This allows user space to find a compatible struct.
+The
+.I arg4
+argument should be a pointer to an unsigned int.
+.IP
+This feature is available only if the kernel is built with the
+.B CONFIG_CHECKPOINT_RESTORE
+option enabled.
+.RE
+.\" prctl PR_SET_VMA
+.TP
+.BR PR_SET_VMA " (since Linux 5.17)"
+.\" Commit 9a10064f5625d5572c3626c1516e0bebc6c9fe9b
+Sets an attribute specified in
+.I arg2
+for virtual memory areas starting from the address specified in
+.I arg3
+and spanning the size specified in
+.IR arg4 .
+.I arg5
+specifies the value of the attribute to be set.
+.IP
+Note that assigning an attribute to a virtual memory area
+might prevent it from being merged with adjacent virtual memory areas
+due to the difference in that attribute's value.
+.IP
+Currently,
+.I arg2
+must be one of:
+.RS
+.TP
+.B PR_SET_VMA_ANON_NAME
+Set a name for anonymous virtual memory areas.
+.I arg5
+should be a pointer to a null-terminated string containing the name.
+The name length including null byte cannot exceed 80 bytes.
+If
+.I arg5
+is NULL, the name of the appropriate anonymous virtual memory areas
+will be reset.
+The name can contain only printable ascii characters (including space),
+except \[aq][\[aq], \[aq]]\[aq], \[aq]\e\[aq], \[aq]$\[aq], and \[aq]\[ga]\[aq].
+.RE
+.\" prctl PR_MPX_ENABLE_MANAGEMENT
+.TP
+.BR PR_MPX_ENABLE_MANAGEMENT ", " PR_MPX_DISABLE_MANAGEMENT " (since Linux 3.19, removed in Linux 5.4; only on x86)"
+.\" commit fe3d197f84319d3bce379a9c0dc17b1f48ad358c
+.\" See also http://lwn.net/Articles/582712/
+.\" See also https://gcc.gnu.org/wiki/Intel%20MPX%20support%20in%20the%20GCC%20compiler
+Enable or disable kernel management of Memory Protection eXtensions (MPX)
+bounds tables.
+The
+.IR arg2 ,
+.IR arg3 ,
+.IR arg4 ,
+and
+.I arg5
+.\" commit e9d1b4f3c60997fe197bf0243cb4a41a44387a88
+arguments must be zero.
+.IP
+MPX is a hardware-assisted mechanism for performing bounds checking on
+pointers.
+It consists of a set of registers storing bounds information
+and a set of special instruction prefixes that tell the CPU on which
+instructions it should do bounds enforcement.
+There is a limited number of these registers and
+when there are more pointers than registers,
+their contents must be "spilled" into a set of tables.
+These tables are called "bounds tables" and the MPX
+.BR prctl ()
+operations control
+whether the kernel manages their allocation and freeing.
+.IP
+When management is enabled, the kernel will take over allocation
+and freeing of the bounds tables.
+It does this by trapping the #BR exceptions that result
+at first use of missing bounds tables and
+instead of delivering the exception to user space,
+it allocates the table and populates the bounds directory
+with the location of the new table.
+For freeing, the kernel checks to see if bounds tables are
+present for memory which is not allocated, and frees them if so.
+.IP
+Before enabling MPX management using
+.BR PR_MPX_ENABLE_MANAGEMENT ,
+the application must first have allocated a user-space buffer for
+the bounds directory and placed the location of that directory in the
+.I bndcfgu
+register.
+.IP
+These calls fail if the CPU or kernel does not support MPX.
+Kernel support for MPX is enabled via the
+.B CONFIG_X86_INTEL_MPX
+configuration option.
+You can check whether the CPU supports MPX by looking for the
+.I mpx
+CPUID bit, like with the following command:
+.IP
+.in +4n
+.EX
+cat /proc/cpuinfo | grep \[aq] mpx \[aq]
+.EE
+.in
+.IP
+A thread may not switch in or out of long (64-bit) mode while MPX is
+enabled.
+.IP
+All threads in a process are affected by these calls.
+.IP
+The child of a
+.BR fork (2)
+inherits the state of MPX management.
+During
+.BR execve (2),
+MPX management is reset to a state as if
+.B PR_MPX_DISABLE_MANAGEMENT
+had been called.
+.IP
+For further information on Intel MPX, see the kernel source file
+.IR Documentation/x86/intel_mpx.txt .
+.IP
+.\" commit f240652b6032b48ad7fa35c5e701cc4c8d697c0b
+.\" See also https://lkml.kernel.org/r/20190705175321.DB42F0AD@viggo.jf.intel.com
+Due to a lack of toolchain support,
+.BR PR_MPX_ENABLE_MANAGEMENT " and " PR_MPX_DISABLE_MANAGEMENT
+are not supported in Linux 5.4 and later.
+.\" prctl PR_SET_NAME
+.TP
+.BR PR_SET_NAME " (since Linux 2.6.9)"
+Set the name of the calling thread,
+using the value in the location pointed to by
+.IR "(char\~*) arg2" .
+The name can be up to 16 bytes long,
+.\" TASK_COMM_LEN in include/linux/sched.h
+including the terminating null byte.
+(If the length of the string, including the terminating null byte,
+exceeds 16 bytes, the string is silently truncated.)
+This is the same attribute that can be set via
+.BR pthread_setname_np (3)
+and retrieved using
+.BR pthread_getname_np (3).
+The attribute is likewise accessible via
+.IR /proc/self/task/ tid /comm
+(see
+.BR proc (5)),
+where
+.I tid
+is the thread ID of the calling thread, as returned by
+.BR gettid (2).
+.\" prctl PR_GET_NAME
+.TP
+.BR PR_GET_NAME " (since Linux 2.6.11)"
+Return the name of the calling thread,
+in the buffer pointed to by
+.IR "(char\~*) arg2" .
+The buffer should allow space for up to 16 bytes;
+the returned string will be null-terminated.
+.\" prctl PR_SET_NO_NEW_PRIVS
+.TP
+.BR PR_SET_NO_NEW_PRIVS " (since Linux 3.5)"
+Set the calling thread's
+.I no_new_privs
+attribute to the value in
+.IR arg2 .
+With
+.I no_new_privs
+set to 1,
+.BR execve (2)
+promises not to grant privileges to do anything
+that could not have been done without the
+.BR execve (2)
+call (for example,
+rendering the set-user-ID and set-group-ID mode bits,
+and file capabilities non-functional).
+Once set, the
+.I no_new_privs
+attribute cannot be unset.
+The setting of this attribute is inherited by children created by
+.BR fork (2)
+and
+.BR clone (2),
+and preserved across
+.BR execve (2).
+.IP
+Since Linux 4.10,
+the value of a thread's
+.I no_new_privs
+attribute can be viewed via the
+.I NoNewPrivs
+field in the
+.IR /proc/ pid /status
+file.
+.IP
+For more information, see the kernel source file
+.I Documentation/userspace\-api/no_new_privs.rst
+.\" commit 40fde647ccb0ae8c11d256d271e24d385eed595b
+(or
+.I Documentation/prctl/no_new_privs.txt
+before Linux 4.13).
+See also
+.BR seccomp (2).
+.\" prctl PR_GET_NO_NEW_PRIVS
+.TP
+.BR PR_GET_NO_NEW_PRIVS " (since Linux 3.5)"
+Return (as the function result) the value of the
+.I no_new_privs
+attribute for the calling thread.
+A value of 0 indicates the regular
+.BR execve (2)
+behavior.
+A value of 1 indicates
+.BR execve (2)
+will operate in the privilege-restricting mode described above.
+.\" prctl PR_PAC_RESET_KEYS
+.\" commit ba830885656414101b2f8ca88786524d4bb5e8c1
+.TP
+.BR PR_PAC_RESET_KEYS " (since Linux 5.0, only on arm64)"
+Securely reset the thread's pointer authentication keys
+to fresh random values generated by the kernel.
+.IP
+The set of keys to be reset is specified by
+.IR arg2 ,
+which must be a logical OR of zero or more of the following:
+.RS
+.TP
+.B PR_PAC_APIAKEY
+instruction authentication key A
+.TP
+.B PR_PAC_APIBKEY
+instruction authentication key B
+.TP
+.B PR_PAC_APDAKEY
+data authentication key A
+.TP
+.B PR_PAC_APDBKEY
+data authentication key B
+.TP
+.B PR_PAC_APGAKEY
+generic authentication \[lq]A\[rq] key.
+.IP
+(Yes folks, there really is no generic B key.)
+.RE
+.IP
+As a special case, if
+.I arg2
+is zero, then all the keys are reset.
+Since new keys could be added in future,
+this is the recommended way to completely wipe the existing keys
+when establishing a clean execution context.
+Note that there is no need to use
+.B PR_PAC_RESET_KEYS
+in preparation for calling
+.BR execve (2),
+since
+.BR execve (2)
+resets all the pointer authentication keys.
+.IP
+The remaining arguments
+.IR arg3 ", " arg4 ", and " arg5
+must all be zero.
+.IP
+If the arguments are invalid,
+and in particular if
+.I arg2
+contains set bits that are unrecognized
+or that correspond to a key not available on this platform,
+then the call fails with error
+.BR EINVAL .
+.IP
+.B Warning:
+Because the compiler or run-time environment
+may be using some or all of the keys,
+a successful
+.B PR_PAC_RESET_KEYS
+may crash the calling process.
+The conditions for using it safely are complex and system-dependent.
+Don't use it unless you know what you are doing.
+.IP
+For more information, see the kernel source file
+.I Documentation/arm64/pointer\-authentication.rst
+.\"commit b693d0b372afb39432e1c49ad7b3454855bc6bed
+(or
+.I Documentation/arm64/pointer\-authentication.txt
+before Linux 5.3).
+.\" prctl PR_SET_PDEATHSIG
+.TP
+.BR PR_SET_PDEATHSIG " (since Linux 2.1.57)"
+Set the parent-death signal
+of the calling process to \fIarg2\fP (either a signal value
+in the range 1..\c
+.BR NSIG "\-1" ,
+or 0 to clear).
+This is the signal that the calling process will get when its
+parent dies.
+.IP
+.IR Warning :
+.\" https://bugzilla.kernel.org/show_bug.cgi?id=43300
+the "parent" in this case is considered to be the
+.I thread
+that created this process.
+In other words, the signal will be sent when that thread terminates
+(via, for example,
+.BR pthread_exit (3)),
+rather than after all of the threads in the parent process terminate.
+.IP
+The parent-death signal is sent upon subsequent termination of the parent
+thread and also upon termination of each subreaper process
+(see the description of
+.B PR_SET_CHILD_SUBREAPER
+above) to which the caller is subsequently reparented.
+If the parent thread and all ancestor subreapers have already terminated
+by the time of the
+.B PR_SET_PDEATHSIG
+operation, then no parent-death signal is sent to the caller.
+.IP
+The parent-death signal is process-directed (see
+.BR signal (7))
+and, if the child installs a handler using the
+.BR sigaction (2)
+.B SA_SIGINFO
+flag, the
+.I si_pid
+field of the
+.I siginfo_t
+argument of the handler contains the PID of the terminating parent process.
+.IP
+The parent-death signal setting is cleared for the child of a
+.BR fork (2).
+It is also
+(since Linux 2.4.36 / 2.6.23)
+.\" commit d2d56c5f51028cb9f3d800882eb6f4cbd3f9099f
+cleared when executing a set-user-ID or set-group-ID binary,
+or a binary that has associated capabilities (see
+.BR capabilities (7));
+otherwise, this value is preserved across
+.BR execve (2).
+The parent-death signal setting is also cleared upon changes to
+any of the following thread credentials:
+.\" FIXME capability changes can also trigger this; see
+.\" kernel/cred.c::commit_creds in the Linux 5.6 source.
+effective user ID, effective group ID, filesystem user ID,
+or filesystem group ID.
+.\" prctl PR_GET_PDEATHSIG
+.TP
+.BR PR_GET_PDEATHSIG " (since Linux 2.3.15)"
+Return the current value of the parent process death signal,
+in the location pointed to by
+.IR "(int\~*) arg2" .
+.\" prctl PR_SET_PTRACER
+.TP
+.BR PR_SET_PTRACER " (since Linux 3.4)"
+.\" commit 2d514487faf188938a4ee4fb3464eeecfbdcf8eb
+.\" commit bf06189e4d14641c0148bea16e9dd24943862215
+This is meaningful only when the Yama LSM is enabled and in mode 1
+("restricted ptrace", visible via
+.IR /proc/sys/kernel/yama/ptrace_scope ).
+When a "ptracer process ID" is passed in \fIarg2\fP,
+the caller is declaring that the ptracer process can
+.BR ptrace (2)
+the calling process as if it were a direct process ancestor.
+Each
+.B PR_SET_PTRACER
+operation replaces the previous "ptracer process ID".
+Employing
+.B PR_SET_PTRACER
+with
+.I arg2
+set to 0 clears the caller's "ptracer process ID".
+If
+.I arg2
+is
+.BR PR_SET_PTRACER_ANY ,
+the ptrace restrictions introduced by Yama are effectively disabled for the
+calling process.
+.IP
+For further information, see the kernel source file
+.I Documentation/admin\-guide/LSM/Yama.rst
+.\" commit 90bb766440f2147486a2acc3e793d7b8348b0c22
+(or
+.I Documentation/security/Yama.txt
+before Linux 4.13).
+.\" prctl PR_SET_SECCOMP
+.TP
+.BR PR_SET_SECCOMP " (since Linux 2.6.23)"
+.\" See http://thread.gmane.org/gmane.linux.kernel/542632
+.\" [PATCH 0 of 2] seccomp updates
+.\" andrea@cpushare.com
+Set the secure computing (seccomp) mode for the calling thread, to limit
+the available system calls.
+The more recent
+.BR seccomp (2)
+system call provides a superset of the functionality of
+.BR PR_SET_SECCOMP ,
+and is the preferred interface for new applications.
+.IP
+The seccomp mode is selected via
+.IR arg2 .
+(The seccomp constants are defined in
+.IR <linux/seccomp.h> .)
+The following values can be specified:
+.RS
+.TP
+.BR SECCOMP_MODE_STRICT " (since Linux 2.6.23)"
+See the description of
+.B SECCOMP_SET_MODE_STRICT
+in
+.BR seccomp (2).
+.IP
+This operation is available only
+if the kernel is configured with
+.B CONFIG_SECCOMP
+enabled.
+.TP
+.BR SECCOMP_MODE_FILTER " (since Linux 3.5)"
+The allowed system calls are defined by a pointer
+to a Berkeley Packet Filter passed in
+.IR arg3 .
+This argument is a pointer to
+.IR "struct sock_fprog" ;
+it can be designed to filter
+arbitrary system calls and system call arguments.
+See the description of
+.B SECCOMP_SET_MODE_FILTER
+in
+.BR seccomp (2).
+.IP
+This operation is available only
+if the kernel is configured with
+.B CONFIG_SECCOMP_FILTER
+enabled.
+.RE
+.IP
+For further details on seccomp filtering, see
+.BR seccomp (2).
+.\" prctl PR_GET_SECCOMP
+.TP
+.BR PR_GET_SECCOMP " (since Linux 2.6.23)"
+Return (as the function result)
+the secure computing mode of the calling thread.
+If the caller is not in secure computing mode, this operation returns 0;
+if the caller is in strict secure computing mode, then the
+.BR prctl ()
+call will cause a
+.B SIGKILL
+signal to be sent to the process.
+If the caller is in filter mode, and this system call is allowed by the
+seccomp filters, it returns 2; otherwise, the process is killed with a
+.B SIGKILL
+signal.
+.IP
+This operation is available only
+if the kernel is configured with
+.B CONFIG_SECCOMP
+enabled.
+.IP
+Since Linux 3.8, the
+.I Seccomp
+field of the
+.IR /proc/ pid /status
+file provides a method of obtaining the same information,
+without the risk that the process is killed; see
+.BR proc (5).
+.\" prctl PR_SET_SECUREBITS
+.TP
+.BR PR_SET_SECUREBITS " (since Linux 2.6.26)"
+Set the "securebits" flags of the calling thread to the value supplied in
+.IR arg2 .
+See
+.BR capabilities (7).
+.\" prctl PR_GET_SECUREBITS
+.TP
+.BR PR_GET_SECUREBITS " (since Linux 2.6.26)"
+Return (as the function result)
+the "securebits" flags of the calling thread.
+See
+.BR capabilities (7).
+.\" prctl PR_GET_SPECULATION_CTRL
+.TP
+.BR PR_GET_SPECULATION_CTRL " (since Linux 4.17)"
+Return (as the function result)
+the state of the speculation misfeature specified in
+.IR arg2 .
+Currently, the only permitted value for this argument is
+.B PR_SPEC_STORE_BYPASS
+(otherwise the call fails with the error
+.BR ENODEV ).
+.IP
+The return value uses bits 0-3 with the following meaning:
+.RS
+.TP
+.B PR_SPEC_PRCTL
+Mitigation can be controlled per thread by
+.BR PR_SET_SPECULATION_CTRL .
+.TP
+.B PR_SPEC_ENABLE
+The speculation feature is enabled, mitigation is disabled.
+.TP
+.B PR_SPEC_DISABLE
+The speculation feature is disabled, mitigation is enabled.
+.TP
+.B PR_SPEC_FORCE_DISABLE
+Same as
+.B PR_SPEC_DISABLE
+but cannot be undone.
+.TP
+.BR PR_SPEC_DISABLE_NOEXEC " (since Linux 5.1)"
+Same as
+.BR PR_SPEC_DISABLE ,
+but the state will be cleared on
+.BR execve (2).
+.RE
+.IP
+If all bits are 0,
+then the CPU is not affected by the speculation misfeature.
+.IP
+If
+.B PR_SPEC_PRCTL
+is set, then per-thread control of the mitigation is available.
+If not set,
+.BR prctl ()
+for the speculation misfeature will fail.
+.IP
+The
+.IR arg3 ,
+.IR arg4 ,
+and
+.I arg5
+arguments must be specified as 0; otherwise the call fails with the error
+.BR EINVAL .
+.\" prctl PR_SET_SPECULATION_CTRL
+.TP
+.BR PR_SET_SPECULATION_CTRL " (since Linux 4.17)"
+.\" commit b617cfc858161140d69cc0b5cc211996b557a1c7
+.\" commit 356e4bfff2c5489e016fdb925adbf12a1e3950ee
+Sets the state of the speculation misfeature specified in
+.IR arg2 .
+The speculation-misfeature settings are per-thread attributes.
+.IP
+Currently,
+.I arg2
+must be one of:
+.RS
+.TP
+.B PR_SPEC_STORE_BYPASS
+Set the state of the speculative store bypass misfeature.
+.\" commit 9137bb27e60e554dab694eafa4cca241fa3a694f
+.TP
+.BR PR_SPEC_INDIRECT_BRANCH " (since Linux 4.20)"
+Set the state of the indirect branch speculation misfeature.
+.RE
+.IP
+If
+.I arg2
+does not have one of the above values,
+then the call fails with the error
+.BR ENODEV .
+.IP
+The
+.I arg3
+argument is used to hand in the control value,
+which is one of the following:
+.RS
+.TP
+.B PR_SPEC_ENABLE
+The speculation feature is enabled, mitigation is disabled.
+.TP
+.B PR_SPEC_DISABLE
+The speculation feature is disabled, mitigation is enabled.
+.TP
+.B PR_SPEC_FORCE_DISABLE
+Same as
+.BR PR_SPEC_DISABLE ,
+but cannot be undone.
+A subsequent
+.BR prctl (\c
+.IR arg2 ,
+.BR PR_SPEC_ENABLE )
+with the same value for
+.I arg2
+will fail with the error
+.BR EPERM .
+.\" commit 71368af9027f18fe5d1c6f372cfdff7e4bde8b48
+.TP
+.BR PR_SPEC_DISABLE_NOEXEC " (since Linux 5.1)"
+Same as
+.BR PR_SPEC_DISABLE ,
+but the state will be cleared on
+.BR execve (2).
+Currently only supported for
+.I arg2
+equal to
+.B PR_SPEC_STORE_BYPASS.
+.RE
+.IP
+Any unsupported value in
+.I arg3
+will result in the call failing with the error
+.BR ERANGE .
+.IP
+The
+.I arg4
+and
+.I arg5
+arguments must be specified as 0; otherwise the call fails with the error
+.BR EINVAL .
+.IP
+The speculation feature can also be controlled by the
+.B spec_store_bypass_disable
+boot parameter.
+This parameter may enforce a read-only policy which will result in the
+.BR prctl ()
+call failing with the error
+.BR ENXIO .
+For further details, see the kernel source file
+.IR Documentation/admin\-guide/kernel\-parameters.txt .
+.\" prctl PR_SVE_SET_VL
+.\" commit 2d2123bc7c7f843aa9db87720de159a049839862
+.\" linux-5.6/Documentation/arm64/sve.rst
+.TP
+.BR PR_SVE_SET_VL " (since Linux 4.15, only on arm64)"
+Configure the thread's SVE vector length,
+as specified by
+.IR "(int) arg2" .
+Arguments
+.IR arg3 ,
+.IR arg4 ,
+and
+.I arg5
+are ignored.
+.IP
+The bits of
+.I arg2
+corresponding to
+.B PR_SVE_VL_LEN_MASK
+must be set to the desired vector length in bytes.
+This is interpreted as an upper bound:
+the kernel will select the greatest available vector length
+that does not exceed the value specified.
+In particular, specifying
+.B SVE_VL_MAX
+(defined in
+.I <asm/sigcontext.h>)
+for the
+.B PR_SVE_VL_LEN_MASK
+bits requests the maximum supported vector length.
+.IP
+In addition, the other bits of
+.I arg2
+must be set to one of the following combinations of flags:
+.RS
+.TP
+.B 0
+Perform the change immediately.
+At the next
+.BR execve (2)
+in the thread,
+the vector length will be reset to the value configured in
+.IR /proc/sys/abi/sve_default_vector_length .
+.TP
+.B PR_SVE_VL_INHERIT
+Perform the change immediately.
+Subsequent
+.BR execve (2)
+calls will preserve the new vector length.
+.TP
+.B PR_SVE_SET_VL_ONEXEC
+Defer the change, so that it is performed at the next
+.BR execve (2)
+in the thread.
+Further
+.BR execve (2)
+calls will reset the vector length to the value configured in
+.IR /proc/sys/abi/sve_default_vector_length .
+.TP
+.B "PR_SVE_SET_VL_ONEXEC | PR_SVE_VL_INHERIT"
+Defer the change, so that it is performed at the next
+.BR execve (2)
+in the thread.
+Further
+.BR execve (2)
+calls will preserve the new vector length.
+.RE
+.IP
+In all cases,
+any previously pending deferred change is canceled.
+.IP
+The call fails with error
+.B EINVAL
+if SVE is not supported on the platform, if
+.I arg2
+is unrecognized or invalid, or the value in the bits of
+.I arg2
+corresponding to
+.B PR_SVE_VL_LEN_MASK
+is outside the range
+.BR SVE_VL_MIN .. SVE_VL_MAX
+or is not a multiple of 16.
+.IP
+On success,
+a nonnegative value is returned that describes the
+.I selected
+configuration.
+If
+.B PR_SVE_SET_VL_ONEXEC
+was included in
+.IR arg2 ,
+then the configuration described by the return value
+will take effect at the next
+.BR execve (2).
+Otherwise, the configuration is already in effect when the
+.B PR_SVE_SET_VL
+call returns.
+In either case, the value is encoded in the same way as the return value of
+.BR PR_SVE_GET_VL .
+Note that there is no explicit flag in the return value
+corresponding to
+.BR PR_SVE_SET_VL_ONEXEC .
+.IP
+The configuration (including any pending deferred change)
+is inherited across
+.BR fork (2)
+and
+.BR clone (2).
+.IP
+For more information, see the kernel source file
+.I Documentation/arm64/sve.rst
+.\"commit b693d0b372afb39432e1c49ad7b3454855bc6bed
+(or
+.I Documentation/arm64/sve.txt
+before Linux 5.3).
+.IP
+.B Warning:
+Because the compiler or run-time environment
+may be using SVE, using this call without the
+.B PR_SVE_SET_VL_ONEXEC
+flag may crash the calling process.
+The conditions for using it safely are complex and system-dependent.
+Don't use it unless you really know what you are doing.
+.\" prctl PR_SVE_GET_VL
+.TP
+.BR PR_SVE_GET_VL " (since Linux 4.15, only on arm64)"
+Get the thread's current SVE vector length configuration.
+.IP
+Arguments
+.IR arg2 ", " arg3 ", " arg4 ", and " arg5
+are ignored.
+.IP
+Provided that the kernel and platform support SVE,
+this operation always succeeds,
+returning a nonnegative value that describes the
+.I current
+configuration.
+The bits corresponding to
+.B PR_SVE_VL_LEN_MASK
+contain the currently configured vector length in bytes.
+The bit corresponding to
+.B PR_SVE_VL_INHERIT
+indicates whether the vector length will be inherited
+across
+.BR execve (2).
+.IP
+Note that there is no way to determine whether there is
+a pending vector length change that has not yet taken effect.
+.IP
+For more information, see the kernel source file
+.I Documentation/arm64/sve.rst
+.\"commit b693d0b372afb39432e1c49ad7b3454855bc6bed
+(or
+.I Documentation/arm64/sve.txt
+before Linux 5.3).
+.TP
+.\" prctl PR_SET_SYSCALL_USER_DISPATCH
+.\" commit 1446e1df9eb183fdf81c3f0715402f1d7595d4
+.BR PR_SET_SYSCALL_USER_DISPATCH " (since Linux 5.11, x86 only)"
+Configure the Syscall User Dispatch mechanism
+for the calling thread.
+This mechanism allows an application
+to selectively intercept system calls
+so that they can be handled within the application itself.
+Interception takes the form of a thread-directed
+.B SIGSYS
+signal that is delivered to the thread
+when it makes a system call.
+If intercepted,
+the system call is not executed by the kernel.
+.IP
+To enable this mechanism,
+.I arg2
+should be set to
+.BR PR_SYS_DISPATCH_ON .
+Once enabled, further system calls will be selectively intercepted,
+depending on a control variable provided by user space.
+In this case,
+.I arg3
+and
+.I arg4
+respectively identify the
+.I offset
+and
+.I length
+of a single contiguous memory region in the process address space
+from where system calls are always allowed to be executed,
+regardless of the control variable.
+(Typically, this area would include the area of memory
+containing the C library.)
+.IP
+.I arg5
+points to a char-sized variable
+that is a fast switch to allow/block system call execution
+without the overhead of doing another system call
+to re-configure Syscall User Dispatch.
+This control variable can either be set to
+.B SYSCALL_DISPATCH_FILTER_BLOCK
+to block system calls from executing
+or to
+.B SYSCALL_DISPATCH_FILTER_ALLOW
+to temporarily allow them to be executed.
+This value is checked by the kernel
+on every system call entry,
+and any unexpected value will raise
+an uncatchable
+.B SIGSYS
+at that time,
+killing the application.
+.IP
+When a system call is intercepted,
+the kernel sends a thread-directed
+.B SIGSYS
+signal to the triggering thread.
+Various fields will be set in the
+.I siginfo_t
+structure (see
+.BR sigaction (2))
+associated with the signal:
+.RS
+.IP \[bu] 3
+.I si_signo
+will contain
+.BR SIGSYS .
+.IP \[bu]
+.I si_call_addr
+will show the address of the system call instruction.
+.IP \[bu]
+.I si_syscall
+and
+.I si_arch
+will indicate which system call was attempted.
+.IP \[bu]
+.I si_code
+will contain
+.BR SYS_USER_DISPATCH .
+.IP \[bu]
+.I si_errno
+will be set to 0.
+.RE
+.IP
+The program counter will be as though the system call happened
+(i.e., the program counter will not point to the system call instruction).
+.IP
+When the signal handler returns to the kernel,
+the system call completes immediately
+and returns to the calling thread,
+without actually being executed.
+If necessary
+(i.e., when emulating the system call on user space.),
+the signal handler should set the system call return value
+to a sane value,
+by modifying the register context stored in the
+.I ucontext
+argument of the signal handler.
+See
+.BR sigaction (2),
+.BR sigreturn (2),
+and
+.BR getcontext (3)
+for more information.
+.IP
+If
+.I arg2
+is set to
+.BR PR_SYS_DISPATCH_OFF ,
+Syscall User Dispatch is disabled for that thread.
+the remaining arguments must be set to 0.
+.IP
+The setting is not preserved across
+.BR fork (2),
+.BR clone (2),
+or
+.BR execve (2).
+.IP
+For more information,
+see the kernel source file
+.I Documentation/admin-guide/syscall\-user\-dispatch.rst
+.\" prctl PR_SET_TAGGED_ADDR_CTRL
+.\" commit 63f0c60379650d82250f22e4cf4137ef3dc4f43d
+.TP
+.BR PR_SET_TAGGED_ADDR_CTRL " (since Linux 5.4, only on arm64)"
+Controls support for passing tagged user-space addresses to the kernel
+(i.e., addresses where bits 56\[em]63 are not all zero).
+.IP
+The level of support is selected by
+.IR "arg2" ,
+which can be one of the following:
+.RS
+.TP
+.B 0
+Addresses that are passed
+for the purpose of being dereferenced by the kernel
+must be untagged.
+.TP
+.B PR_TAGGED_ADDR_ENABLE
+Addresses that are passed
+for the purpose of being dereferenced by the kernel
+may be tagged, with the exceptions summarized below.
+.RE
+.IP
+The remaining arguments
+.IR arg3 ", " arg4 ", and " arg5
+must all be zero.
+.\" Enforcement added in
+.\" commit 3e91ec89f527b9870fe42dcbdb74fd389d123a95
+.IP
+On success, the mode specified in
+.I arg2
+is set for the calling thread and the return value is 0.
+If the arguments are invalid,
+the mode specified in
+.I arg2
+is unrecognized,
+or if this feature is unsupported by the kernel
+or disabled via
+.IR /proc/sys/abi/tagged_addr_disabled ,
+the call fails with the error
+.BR EINVAL .
+.IP
+In particular, if
+.BR prctl ( PR_SET_TAGGED_ADDR_CTRL ,
+0, 0, 0, 0)
+fails with
+.BR EINVAL ,
+then all addresses passed to the kernel must be untagged.
+.IP
+Irrespective of which mode is set,
+addresses passed to certain interfaces
+must always be untagged:
+.RS
+.IP \[bu] 3
+.BR brk (2),
+.BR mmap (2),
+.BR shmat (2),
+.BR shmdt (2),
+and the
+.I new_address
+argument of
+.BR mremap (2).
+.IP
+(Prior to Linux 5.6 these accepted tagged addresses,
+but the behaviour may not be what you expect.
+Don't rely on it.)
+.IP \[bu]
+\[oq]polymorphic\[cq] interfaces
+that accept pointers to arbitrary types cast to a
+.I void *
+or other generic type, specifically
+.BR prctl (),
+.BR ioctl (2),
+and in general
+.BR setsockopt (2)
+(only certain specific
+.BR setsockopt (2)
+options allow tagged addresses).
+.RE
+.IP
+This list of exclusions may shrink
+when moving from one kernel version to a later kernel version.
+While the kernel may make some guarantees
+for backwards compatibility reasons,
+for the purposes of new software
+the effect of passing tagged addresses to these interfaces
+is unspecified.
+.IP
+The mode set by this call is inherited across
+.BR fork (2)
+and
+.BR clone (2).
+The mode is reset by
+.BR execve (2)
+to 0
+(i.e., tagged addresses not permitted in the user/kernel ABI).
+.IP
+For more information, see the kernel source file
+.IR Documentation/arm64/tagged\-address\-abi.rst .
+.IP
+.B Warning:
+This call is primarily intended for use by the run-time environment.
+A successful
+.B PR_SET_TAGGED_ADDR_CTRL
+call elsewhere may crash the calling process.
+The conditions for using it safely are complex and system-dependent.
+Don't use it unless you know what you are doing.
+.\" prctl PR_GET_TAGGED_ADDR_CTRL
+.\" commit 63f0c60379650d82250f22e4cf4137ef3dc4f43d
+.TP
+.BR PR_GET_TAGGED_ADDR_CTRL " (since Linux 5.4, only on arm64)"
+Returns the current tagged address mode
+for the calling thread.
+.IP
+Arguments
+.IR arg2 ", " arg3 ", " arg4 ", and " arg5
+must all be zero.
+.IP
+If the arguments are invalid
+or this feature is disabled or unsupported by the kernel,
+the call fails with
+.BR EINVAL .
+In particular, if
+.BR prctl ( PR_GET_TAGGED_ADDR_CTRL ,
+0, 0, 0, 0)
+fails with
+.BR EINVAL ,
+then this feature is definitely either unsupported,
+or disabled via
+.IR /proc/sys/abi/tagged_addr_disabled .
+In this case,
+all addresses passed to the kernel must be untagged.
+.IP
+Otherwise, the call returns a nonnegative value
+describing the current tagged address mode,
+encoded in the same way as the
+.I arg2
+argument of
+.BR PR_SET_TAGGED_ADDR_CTRL .
+.IP
+For more information, see the kernel source file
+.IR Documentation/arm64/tagged\-address\-abi.rst .
+.\"
+.\" prctl PR_TASK_PERF_EVENTS_DISABLE
+.TP
+.BR PR_TASK_PERF_EVENTS_DISABLE " (since Linux 2.6.31)"
+Disable all performance counters attached to the calling process,
+regardless of whether the counters were created by
+this process or another process.
+Performance counters created by the calling process for other
+processes are unaffected.
+For more information on performance counters, see the Linux kernel source file
+.IR tools/perf/design.txt .
+.IP
+Originally called
+.BR PR_TASK_PERF_COUNTERS_DISABLE ;
+.\" commit 1d1c7ddbfab358445a542715551301b7fc363e28
+renamed (retaining the same numerical value)
+in Linux 2.6.32.
+.\"
+.\" prctl PR_TASK_PERF_EVENTS_ENABLE
+.TP
+.BR PR_TASK_PERF_EVENTS_ENABLE " (since Linux 2.6.31)"
+The converse of
+.BR PR_TASK_PERF_EVENTS_DISABLE ;
+enable performance counters attached to the calling process.
+.IP
+Originally called
+.BR PR_TASK_PERF_COUNTERS_ENABLE ;
+.\" commit 1d1c7ddbfab358445a542715551301b7fc363e28
+renamed
+.\" commit cdd6c482c9ff9c55475ee7392ec8f672eddb7be6
+in Linux 2.6.32.
+.\"
+.\" prctl PR_SET_THP_DISABLE
+.TP
+.BR PR_SET_THP_DISABLE " (since Linux 3.15)"
+.\" commit a0715cc22601e8830ace98366c0c2bd8da52af52
+Set the state of the "THP disable" flag for the calling thread.
+If
+.I arg2
+has a nonzero value, the flag is set, otherwise it is cleared.
+Setting this flag provides a method
+for disabling transparent huge pages
+for jobs where the code cannot be modified, and using a malloc hook with
+.BR madvise (2)
+is not an option (i.e., statically allocated data).
+The setting of the "THP disable" flag is inherited by a child created via
+.BR fork (2)
+and is preserved across
+.BR execve (2).
+.\" prctl PR_GET_THP_DISABLE
+.TP
+.BR PR_GET_THP_DISABLE " (since Linux 3.15)"
+Return (as the function result) the current setting of the "THP disable"
+flag for the calling thread:
+either 1, if the flag is set, or 0, if it is not.
+.\" prctl PR_GET_TID_ADDRESS
+.TP
+.BR PR_GET_TID_ADDRESS " (since Linux 3.5)"
+.\" commit 300f786b2683f8bb1ec0afb6e1851183a479c86d
+Return the
+.I clear_child_tid
+address set by
+.BR set_tid_address (2)
+and the
+.BR clone (2)
+.B CLONE_CHILD_CLEARTID
+flag, in the location pointed to by
+.IR "(int\~**)\~arg2" .
+This feature is available only if the kernel is built with the
+.B CONFIG_CHECKPOINT_RESTORE
+option enabled.
+Note that since the
+.BR prctl ()
+system call does not have a compat implementation for
+the AMD64 x32 and MIPS n32 ABIs,
+and the kernel writes out a pointer using the kernel's pointer size,
+this operation expects a user-space buffer of 8 (not 4) bytes on these ABIs.
+.\" prctl PR_SET_TIMERSLACK
+.TP
+.BR PR_SET_TIMERSLACK " (since Linux 2.6.28)"
+.\" See https://lwn.net/Articles/369549/
+.\" commit 6976675d94042fbd446231d1bd8b7de71a980ada
+Each thread has two associated timer slack values:
+a "default" value, and a "current" value.
+This operation sets the "current" timer slack value for the calling thread.
+.I arg2
+is an unsigned long value, then maximum "current" value is ULONG_MAX and
+the minimum "current" value is 1.
+If the nanosecond value supplied in
+.I arg2
+is greater than zero, then the "current" value is set to this value.
+If
+.I arg2
+is equal to zero,
+the "current" timer slack is reset to the
+thread's "default" timer slack value.
+.IP
+The "current" timer slack is used by the kernel to group timer expirations
+for the calling thread that are close to one another;
+as a consequence, timer expirations for the thread may be
+up to the specified number of nanoseconds late (but will never expire early).
+Grouping timer expirations can help reduce system power consumption
+by minimizing CPU wake-ups.
+.IP
+The timer expirations affected by timer slack are those set by
+.BR select (2),
+.BR pselect (2),
+.BR poll (2),
+.BR ppoll (2),
+.BR epoll_wait (2),
+.BR epoll_pwait (2),
+.BR clock_nanosleep (2),
+.BR nanosleep (2),
+and
+.BR futex (2)
+(and thus the library functions implemented via futexes, including
+.\" List obtained by grepping for futex usage in glibc source
+.BR pthread_cond_timedwait (3),
+.BR pthread_mutex_timedlock (3),
+.BR pthread_rwlock_timedrdlock (3),
+.BR pthread_rwlock_timedwrlock (3),
+and
+.BR sem_timedwait (3)).
+.IP
+Timer slack is not applied to threads that are scheduled under
+a real-time scheduling policy (see
+.BR sched_setscheduler (2)).
+.IP
+When a new thread is created,
+the two timer slack values are made the same as the "current" value
+of the creating thread.
+Thereafter, a thread can adjust its "current" timer slack value via
+.BR PR_SET_TIMERSLACK .
+The "default" value can't be changed.
+The timer slack values of
+.I init
+(PID 1), the ancestor of all processes,
+are 50,000 nanoseconds (50 microseconds).
+The timer slack value is inherited by a child created via
+.BR fork (2),
+and is preserved across
+.BR execve (2).
+.IP
+Since Linux 4.6, the "current" timer slack value of any process
+can be examined and changed via the file
+.IR /proc/ pid /timerslack_ns .
+See
+.BR proc (5).
+.\" prctl PR_GET_TIMERSLACK
+.TP
+.BR PR_GET_TIMERSLACK " (since Linux 2.6.28)"
+Return (as the function result)
+the "current" timer slack value of the calling thread.
+.\" prctl PR_SET_TIMING
+.TP
+.BR PR_SET_TIMING " (since Linux 2.6.0)"
+.\" Precisely: Linux 2.6.0-test4
+Set whether to use (normal, traditional) statistical process timing or
+accurate timestamp-based process timing, by passing
+.B PR_TIMING_STATISTICAL
+.\" 0
+or
+.B PR_TIMING_TIMESTAMP
+.\" 1
+to \fIarg2\fP.
+.B PR_TIMING_TIMESTAMP
+is not currently implemented
+(attempting to set this mode will yield the error
+.BR EINVAL ).
+.\" PR_TIMING_TIMESTAMP doesn't do anything in Linux 2.6.26-rc8,
+.\" and looking at the patch history, it appears
+.\" that it never did anything.
+.\" prctl PR_GET_TIMING
+.TP
+.BR PR_GET_TIMING " (since Linux 2.6.0)"
+.\" Precisely: Linux 2.6.0-test4
+Return (as the function result) which process timing method is currently
+in use.
+.\" prctl PR_SET_TSC
+.TP
+.BR PR_SET_TSC " (since Linux 2.6.26, x86 only)"
+Set the state of the flag determining whether the timestamp counter
+can be read by the process.
+Pass
+.B PR_TSC_ENABLE
+to
+.I arg2
+to allow it to be read, or
+.B PR_TSC_SIGSEGV
+to generate a
+.B SIGSEGV
+when the process tries to read the timestamp counter.
+.\" prctl PR_GET_TSC
+.TP
+.BR PR_GET_TSC " (since Linux 2.6.26, x86 only)"
+Return the state of the flag determining whether the timestamp counter
+can be read,
+in the location pointed to by
+.IR "(int\~*) arg2" .
+.\" prctl PR_SET_UNALIGN
+.TP
+.B PR_SET_UNALIGN
+(Only on: ia64, since Linux 2.3.48; parisc, since Linux 2.6.15;
+PowerPC, since Linux 2.6.18; Alpha, since Linux 2.6.22;
+.\" sh: 94ea5e449ae834af058ef005d16a8ad44fcf13d6
+.\" tile: 2f9ac29eec71a696cb0dcc5fb82c0f8d4dac28c9
+sh, since Linux 2.6.34; tile, since Linux 3.12)
+Set unaligned access control bits to \fIarg2\fP.
+Pass
+\fBPR_UNALIGN_NOPRINT\fP to silently fix up unaligned user accesses,
+or \fBPR_UNALIGN_SIGBUS\fP to generate
+.B SIGBUS
+on unaligned user access.
+Alpha also supports an additional flag with the value
+of 4 and no corresponding named constant,
+which instructs kernel to not fix up
+unaligned accesses (it is analogous to providing the
+.B UAC_NOFIX
+flag in
+.B SSI_NVPAIRS
+operation of the
+.BR setsysinfo ()
+system call on Tru64).
+.\" prctl PR_GET_UNALIGN
+.TP
+.B PR_GET_UNALIGN
+(See
+.B PR_SET_UNALIGN
+for information on versions and architectures.)
+Return unaligned access control bits, in the location pointed to by
+.IR "(unsigned int\~*) arg2" .
+.SH RETURN VALUE
+On success,
+.BR PR_CAP_AMBIENT + PR_CAP_AMBIENT_IS_SET ,
+.BR PR_CAPBSET_READ ,
+.BR PR_GET_DUMPABLE ,
+.BR PR_GET_FP_MODE ,
+.BR PR_GET_IO_FLUSHER ,
+.BR PR_GET_KEEPCAPS ,
+.BR PR_MCE_KILL_GET ,
+.BR PR_GET_NO_NEW_PRIVS ,
+.BR PR_GET_SECUREBITS ,
+.BR PR_GET_SPECULATION_CTRL ,
+.BR PR_SVE_GET_VL ,
+.BR PR_SVE_SET_VL ,
+.BR PR_GET_TAGGED_ADDR_CTRL ,
+.BR PR_GET_THP_DISABLE ,
+.BR PR_GET_TIMING ,
+.BR PR_GET_TIMERSLACK ,
+and (if it returns)
+.B PR_GET_SECCOMP
+return the nonnegative values described above.
+All other
+.I option
+values return 0 on success.
+On error, \-1 is returned, and
+.I errno
+is set to indicate the error.
+.SH ERRORS
+.TP
+.B EACCES
+.I option
+is
+.B PR_SET_SECCOMP
+and
+.I arg2
+is
+.BR SECCOMP_MODE_FILTER ,
+but the process does not have the
+.B CAP_SYS_ADMIN
+capability or has not set the
+.I no_new_privs
+attribute (see the discussion of
+.B PR_SET_NO_NEW_PRIVS
+above).
+.TP
+.B EACCES
+.I option
+is
+.BR PR_SET_MM ,
+and
+.I arg3
+is
+.BR PR_SET_MM_EXE_FILE ,
+the file is not executable.
+.TP
+.B EBADF
+.I option
+is
+.BR PR_SET_MM ,
+.I arg3
+is
+.BR PR_SET_MM_EXE_FILE ,
+and the file descriptor passed in
+.I arg4
+is not valid.
+.TP
+.B EBUSY
+.I option
+is
+.BR PR_SET_MM ,
+.I arg3
+is
+.BR PR_SET_MM_EXE_FILE ,
+and this the second attempt to change the
+.IR /proc/ pid /exe
+symbolic link, which is prohibited.
+.TP
+.B EFAULT
+.I arg2
+is an invalid address.
+.TP
+.B EFAULT
+.I option
+is
+.BR PR_SET_SECCOMP ,
+.I arg2
+is
+.BR SECCOMP_MODE_FILTER ,
+the system was built with
+.BR CONFIG_SECCOMP_FILTER ,
+and
+.I arg3
+is an invalid address.
+.TP
+.B EFAULT
+.I option
+is
+.B PR_SET_SYSCALL_USER_DISPATCH
+and
+.I arg5
+has an invalid address.
+.TP
+.B EINVAL
+The value of
+.I option
+is not recognized,
+or not supported on this system.
+.TP
+.B EINVAL
+.I option
+is
+.B PR_MCE_KILL
+or
+.B PR_MCE_KILL_GET
+or
+.BR PR_SET_MM ,
+and unused
+.BR prctl ()
+arguments were not specified as zero.
+.TP
+.B EINVAL
+.I arg2
+is not valid value for this
+.IR option .
+.TP
+.B EINVAL
+.I option
+is
+.B PR_SET_SECCOMP
+or
+.BR PR_GET_SECCOMP ,
+and the kernel was not configured with
+.BR CONFIG_SECCOMP .
+.TP
+.B EINVAL
+.I option
+is
+.BR PR_SET_SECCOMP ,
+.I arg2
+is
+.BR SECCOMP_MODE_FILTER ,
+and the kernel was not configured with
+.BR CONFIG_SECCOMP_FILTER .
+.TP
+.B EINVAL
+.I option
+is
+.BR PR_SET_MM ,
+and one of the following is true
+.RS
+.IP \[bu] 3
+.I arg4
+or
+.I arg5
+is nonzero;
+.IP \[bu]
+.I arg3
+is greater than
+.B TASK_SIZE
+(the limit on the size of the user address space for this architecture);
+.IP \[bu]
+.I arg2
+is
+.BR PR_SET_MM_START_CODE ,
+.BR PR_SET_MM_END_CODE ,
+.BR PR_SET_MM_START_DATA ,
+.BR PR_SET_MM_END_DATA ,
+or
+.BR PR_SET_MM_START_STACK ,
+and the permissions of the corresponding memory area are not as required;
+.IP \[bu]
+.I arg2
+is
+.B PR_SET_MM_START_BRK
+or
+.BR PR_SET_MM_BRK ,
+and
+.I arg3
+is less than or equal to the end of the data segment
+or specifies a value that would cause the
+.B RLIMIT_DATA
+resource limit to be exceeded.
+.RE
+.TP
+.B EINVAL
+.I option
+is
+.B PR_SET_PTRACER
+and
+.I arg2
+is not 0,
+.BR PR_SET_PTRACER_ANY ,
+or the PID of an existing process.
+.TP
+.B EINVAL
+.I option
+is
+.B PR_SET_PDEATHSIG
+and
+.I arg2
+is not a valid signal number.
+.TP
+.B EINVAL
+.I option
+is
+.B PR_SET_DUMPABLE
+and
+.I arg2
+is neither
+.B SUID_DUMP_DISABLE
+nor
+.BR SUID_DUMP_USER .
+.TP
+.B EINVAL
+.I option
+is
+.B PR_SET_TIMING
+and
+.I arg2
+is not
+.BR PR_TIMING_STATISTICAL .
+.TP
+.B EINVAL
+.I option
+is
+.B PR_SET_NO_NEW_PRIVS
+and
+.I arg2
+is not equal to 1
+or
+.IR arg3 ,
+.IR arg4 ,
+or
+.I arg5
+is nonzero.
+.TP
+.B EINVAL
+.I option
+is
+.B PR_GET_NO_NEW_PRIVS
+and
+.IR arg2 ,
+.IR arg3 ,
+.IR arg4 ,
+or
+.I arg5
+is nonzero.
+.TP
+.B EINVAL
+.I option
+is
+.B PR_SET_THP_DISABLE
+and
+.IR arg3 ,
+.IR arg4 ,
+or
+.I arg5
+is nonzero.
+.TP
+.B EINVAL
+.I option
+is
+.B PR_GET_THP_DISABLE
+and
+.IR arg2 ,
+.IR arg3 ,
+.IR arg4 ,
+or
+.I arg5
+is nonzero.
+.TP
+.B EINVAL
+.I option
+is
+.B PR_CAP_AMBIENT
+and an unused argument
+.RI ( arg4 ,
+.IR arg5 ,
+or,
+in the case of
+.BR PR_CAP_AMBIENT_CLEAR_ALL ,
+.IR arg3 )
+is nonzero; or
+.I arg2
+has an invalid value;
+or
+.I arg2
+is
+.BR PR_CAP_AMBIENT_LOWER ,
+.BR PR_CAP_AMBIENT_RAISE ,
+or
+.B PR_CAP_AMBIENT_IS_SET
+and
+.I arg3
+does not specify a valid capability.
+.TP
+.B EINVAL
+.I option
+was
+.B PR_GET_SPECULATION_CTRL
+or
+.B PR_SET_SPECULATION_CTRL
+and unused arguments to
+.BR prctl ()
+are not 0.
+.B EINVAL
+.I option
+is
+.B PR_PAC_RESET_KEYS
+and the arguments are invalid or unsupported.
+See the description of
+.B PR_PAC_RESET_KEYS
+above for details.
+.TP
+.B EINVAL
+.I option
+is
+.B PR_SVE_SET_VL
+and the arguments are invalid or unsupported,
+or SVE is not available on this platform.
+See the description of
+.B PR_SVE_SET_VL
+above for details.
+.TP
+.B EINVAL
+.I option
+is
+.B PR_SVE_GET_VL
+and SVE is not available on this platform.
+.TP
+.B EINVAL
+.I option
+is
+.B PR_SET_SYSCALL_USER_DISPATCH
+and one of the following is true:
+.RS
+.IP \[bu] 3
+.I arg2
+is
+.B PR_SYS_DISPATCH_OFF
+and the remaining arguments are not 0;
+.IP \[bu]
+.I arg2
+is
+.B PR_SYS_DISPATCH_ON
+and the memory range specified is outside the
+address space of the process.
+.IP \[bu]
+.I arg2
+is invalid.
+.RE
+.TP
+.B EINVAL
+.I option
+is
+.B PR_SET_TAGGED_ADDR_CTRL
+and the arguments are invalid or unsupported.
+See the description of
+.B PR_SET_TAGGED_ADDR_CTRL
+above for details.
+.TP
+.B EINVAL
+.I option
+is
+.B PR_GET_TAGGED_ADDR_CTRL
+and the arguments are invalid or unsupported.
+See the description of
+.B PR_GET_TAGGED_ADDR_CTRL
+above for details.
+.TP
+.B ENODEV
+.I option
+was
+.B PR_SET_SPECULATION_CTRL
+the kernel or CPU does not support the requested speculation misfeature.
+.TP
+.B ENXIO
+.I option
+was
+.B PR_MPX_ENABLE_MANAGEMENT
+or
+.B PR_MPX_DISABLE_MANAGEMENT
+and the kernel or the CPU does not support MPX management.
+Check that the kernel and processor have MPX support.
+.TP
+.B ENXIO
+.I option
+was
+.B PR_SET_SPECULATION_CTRL
+implies that the control of the selected speculation misfeature is not possible.
+See
+.B PR_GET_SPECULATION_CTRL
+for the bit fields to determine which option is available.
+.TP
+.B EOPNOTSUPP
+.I option
+is
+.B PR_SET_FP_MODE
+and
+.I arg2
+has an invalid or unsupported value.
+.TP
+.B EPERM
+.I option
+is
+.BR PR_SET_SECUREBITS ,
+and the caller does not have the
+.B CAP_SETPCAP
+capability,
+or tried to unset a "locked" flag,
+or tried to set a flag whose corresponding locked flag was set
+(see
+.BR capabilities (7)).
+.TP
+.B EPERM
+.I option
+is
+.B PR_SET_SPECULATION_CTRL
+wherein the speculation was disabled with
+.B PR_SPEC_FORCE_DISABLE
+and caller tried to enable it again.
+.TP
+.B EPERM
+.I option
+is
+.BR PR_SET_KEEPCAPS ,
+and the caller's
+.B SECBIT_KEEP_CAPS_LOCKED
+flag is set
+(see
+.BR capabilities (7)).
+.TP
+.B EPERM
+.I option
+is
+.BR PR_CAPBSET_DROP ,
+and the caller does not have the
+.B CAP_SETPCAP
+capability.
+.TP
+.B EPERM
+.I option
+is
+.BR PR_SET_MM ,
+and the caller does not have the
+.B CAP_SYS_RESOURCE
+capability.
+.TP
+.B EPERM
+.I option
+is
+.B PR_CAP_AMBIENT
+and
+.I arg2
+is
+.BR PR_CAP_AMBIENT_RAISE ,
+but either the capability specified in
+.I arg3
+is not present in the process's permitted and inheritable capability sets,
+or the
+.B PR_CAP_AMBIENT_LOWER
+securebit has been set.
+.TP
+.B ERANGE
+.I option
+was
+.B PR_SET_SPECULATION_CTRL
+and
+.I arg3
+is not
+.BR PR_SPEC_ENABLE ,
+.BR PR_SPEC_DISABLE ,
+.BR PR_SPEC_FORCE_DISABLE ,
+nor
+.BR PR_SPEC_DISABLE_NOEXEC .
+.SH VERSIONS
+The
+.BR prctl ()
+system call was introduced in Linux 2.1.57.
+.\" The library interface was added in glibc 2.0.6
+.SH STANDARDS
+This call is Linux-specific.
+IRIX has a
+.BR prctl ()
+system call (also introduced in Linux 2.1.44
+as irix_prctl on the MIPS architecture),
+with prototype
+.PP
+.in +4n
+.EX
+.BI "ptrdiff_t prctl(int " option ", int " arg2 ", int " arg3 );
+.EE
+.in
+.PP
+and options to get the maximum number of processes per user,
+get the maximum number of processors the calling process can use,
+find out whether a specified process is currently blocked,
+get or set the maximum stack size, and so on.
+.SH SEE ALSO
+.BR signal (2),
+.BR core (5)