diff options
Diffstat (limited to 'man/man2/prctl.2')
-rw-r--r-- | man/man2/prctl.2 | 2577 |
1 files changed, 2577 insertions, 0 deletions
diff --git a/man/man2/prctl.2 b/man/man2/prctl.2 new file mode 100644 index 0000000..56a8e43 --- /dev/null +++ b/man/man2/prctl.2 @@ -0,0 +1,2577 @@ +.\" Copyright (C) 1998 Andries Brouwer (aeb@cwi.nl) +.\" and Copyright (C) 2002, 2006, 2008, 2012, 2013, 2015 Michael Kerrisk <mtk.manpages@gmail.com> +.\" and Copyright Guillem Jover <guillem@hadrons.org> +.\" and Copyright (C) 2010 Andi Kleen <andi@firstfloor.org> +.\" and Copyright (C) 2012 Cyrill Gorcunov <gorcunov@openvz.org> +.\" and Copyright (C) 2014 Dave Hansen / Intel +.\" and Copyright (c) 2016 Eugene Syromyatnikov <evgsyr@gmail.com> +.\" and Copyright (c) 2018 Konrad Rzeszutek Wilk <konrad.wilk@oracle.com> +.\" and Copyright (c) 2020 Dave Martin <Dave.Martin@arm.com> +.\" +.\" SPDX-License-Identifier: Linux-man-pages-copyleft +.\" +.\" Modified Thu Nov 11 04:19:42 MET 1999, aeb: added PR_GET_PDEATHSIG +.\" Modified 27 Jun 02, Michael Kerrisk +.\" Added PR_SET_DUMPABLE, PR_GET_DUMPABLE, +.\" PR_SET_KEEPCAPS, PR_GET_KEEPCAPS +.\" Modified 2006-08-30 Guillem Jover <guillem@hadrons.org> +.\" Updated Linux versions where the options where introduced. +.\" Added PR_SET_TIMING, PR_GET_TIMING, PR_SET_NAME, PR_GET_NAME, +.\" PR_SET_UNALIGN, PR_GET_UNALIGN, PR_SET_FPEMU, PR_GET_FPEMU, +.\" PR_SET_FPEXC, PR_GET_FPEXC +.\" 2008-04-29 Serge Hallyn, Document PR_CAPBSET_READ and PR_CAPBSET_DROP +.\" 2008-06-13 Erik Bosman, <ejbosman@cs.vu.nl> +.\" Document PR_GET_TSC and PR_SET_TSC. +.\" 2008-06-15 mtk, Document PR_SET_SECCOMP, PR_GET_SECCOMP +.\" 2009-10-03 Andi Kleen, document PR_MCE_KILL +.\" 2012-04 Cyrill Gorcunov, Document PR_SET_MM +.\" 2012-04-25 Michael Kerrisk, Document PR_TASK_PERF_EVENTS_DISABLE and +.\" PR_TASK_PERF_EVENTS_ENABLE +.\" 2012-09-20 Kees Cook, update PR_SET_SECCOMP for mode 2 +.\" 2012-09-20 Kees Cook, document PR_SET_NO_NEW_PRIVS, PR_GET_NO_NEW_PRIVS +.\" 2012-10-25 Michael Kerrisk, Document PR_SET_TIMERSLACK and +.\" PR_GET_TIMERSLACK +.\" 2013-01-10 Kees Cook, document PR_SET_PTRACER +.\" 2012-02-04 Michael Kerrisk, document PR_{SET,GET}_CHILD_SUBREAPER +.\" 2014-11-10 Dave Hansen, document PR_MPX_{EN,DIS}ABLE_MANAGEMENT +.\" +.\" +.TH prctl 2 2024-05-02 "Linux man-pages (unreleased)" +.SH NAME +prctl \- operations on a process or thread +.SH LIBRARY +Standard C library +.RI ( libc ", " \-lc ) +.SH SYNOPSIS +.nf +.B #include <sys/prctl.h> +.P +.BI "int prctl(int " op ", ..." +.BI " \fR/*\fP unsigned long " arg2 ", unsigned long " arg3 , +.BI " unsigned long " arg4 ", unsigned long " arg5 " \fR*/\fP );" +.fi +.SH DESCRIPTION +.BR prctl () +manipulates various aspects of the behavior +of the calling thread or process. +.P +Note that careless use of some +.BR prctl () +operations can confuse the user-space run-time environment, +so these operations should be used with care. +.P +.BR prctl () +is called with a first argument describing what to do +(with values defined in \fI<linux/prctl.h>\fP), and further +arguments with a significance depending on the first one. +The first argument can be: +.\" +.\" prctl PR_CAP_AMBIENT +.TP +.BR PR_CAP_AMBIENT " (since Linux 4.3)" +.\" commit 58319057b7847667f0c9585b9de0e8932b0fdb08 +Reads or changes the ambient capability set of the calling thread, +according to the value of +.IR arg2 , +which must be one of the following: +.RS +.\" +.TP +.B PR_CAP_AMBIENT_RAISE +The capability specified in +.I arg3 +is added to the ambient set. +The specified capability must already be present in +both the permitted and the inheritable sets of the process. +This operation is not permitted if the +.B SECBIT_NO_CAP_AMBIENT_RAISE +securebit is set. +.TP +.B PR_CAP_AMBIENT_LOWER +The capability specified in +.I arg3 +is removed from the ambient set. +.TP +.B PR_CAP_AMBIENT_IS_SET +The +.BR prctl () +call returns 1 if the capability in +.I arg3 +is in the ambient set and 0 if it is not. +.TP +.B PR_CAP_AMBIENT_CLEAR_ALL +All capabilities will be removed from the ambient set. +This operation requires setting +.I arg3 +to zero. +.RE +.IP +In all of the above operations, +.I arg4 +and +.I arg5 +must be specified as 0. +.IP +Higher-level interfaces layered on top of the above operations are +provided in the +.BR libcap (3) +library in the form of +.BR cap_get_ambient (3), +.BR cap_set_ambient (3), +and +.BR cap_reset_ambient (3). +.\" prctl PR_CAPBSET_READ +.TP +.BR PR_CAPBSET_READ " (since Linux 2.6.25)" +Return (as the function result) 1 if the capability specified in +.I arg2 +is in the calling thread's capability bounding set, +or 0 if it is not. +(The capability constants are defined in +.IR <linux/capability.h> .) +The capability bounding set dictates +whether the process can receive the capability through a +file's permitted capability set on a subsequent call to +.BR execve (2). +.IP +If the capability specified in +.I arg2 +is not valid, then the call fails with the error +.BR EINVAL . +.IP +A higher-level interface layered on top of this operation is provided in the +.BR libcap (3) +library in the form of +.BR cap_get_bound (3). +.\" prctl PR_CAPBSET_DROP +.TP +.BR PR_CAPBSET_DROP " (since Linux 2.6.25)" +If the calling thread has the +.B CAP_SETPCAP +capability within its user namespace, then drop the capability specified by +.I arg2 +from the calling thread's capability bounding set. +Any children of the calling thread will inherit the newly +reduced bounding set. +.IP +The call fails with the error: +.B EPERM +if the calling thread does not have the +.BR CAP_SETPCAP ; +.B EINVAL +if +.I arg2 +does not represent a valid capability; or +.B EINVAL +if file capabilities are not enabled in the kernel, +in which case bounding sets are not supported. +.IP +A higher-level interface layered on top of this operation is provided in the +.BR libcap (3) +library in the form of +.BR cap_drop_bound (3). +.\" prctl PR_SET_CHILD_SUBREAPER +.TP +.BR PR_SET_CHILD_SUBREAPER " (since Linux 3.4)" +.\" commit ebec18a6d3aa1e7d84aab16225e87fd25170ec2b +If +.I arg2 +is nonzero, +set the "child subreaper" attribute of the calling process; +if +.I arg2 +is zero, unset the attribute. +.IP +A subreaper fulfills the role of +.BR init (1) +for its descendant processes. +When a process becomes orphaned +(i.e., its immediate parent terminates), +then that process will be reparented to +the nearest still living ancestor subreaper. +Subsequently, calls to +.BR getppid (2) +in the orphaned process will now return the PID of the subreaper process, +and when the orphan terminates, it is the subreaper process that +will receive a +.B SIGCHLD +signal and will be able to +.BR wait (2) +on the process to discover its termination status. +.IP +The setting of the "child subreaper" attribute +is not inherited by children created by +.BR fork (2) +and +.BR clone (2). +The setting is preserved across +.BR execve (2). +.IP +Establishing a subreaper process is useful in session management frameworks +where a hierarchical group of processes is managed by a subreaper process +that needs to be informed when one of the processes\[em]for example, +a double-forked daemon\[em]terminates +(perhaps so that it can restart that process). +Some +.BR init (1) +frameworks (e.g., +.BR systemd (1)) +employ a subreaper process for similar reasons. +.\" prctl PR_GET_CHILD_SUBREAPER +.TP +.BR PR_GET_CHILD_SUBREAPER " (since Linux 3.4)" +Return the "child subreaper" setting of the caller, +in the location pointed to by +.IR "(int\~*) arg2" . +.\" prctl PR_SET_DUMPABLE +.TP +.BR PR_SET_DUMPABLE " (since Linux 2.3.20)" +Set the state of the "dumpable" attribute, +which determines whether core dumps are produced for the calling process +upon delivery of a signal whose default behavior is to produce a core dump. +.IP +Up to and including Linux 2.6.12, +.I arg2 +must be either 0 +.RB ( SUID_DUMP_DISABLE , +process is not dumpable) or 1 +.RB ( SUID_DUMP_USER , +process is dumpable). +Between Linux 2.6.13 and Linux 2.6.17, +.\" commit abf75a5033d4da7b8a7e92321d74021d1fcfb502 +the value 2 was also permitted, +which caused any binary which normally would not be dumped +to be dumped readable by root only; +for security reasons, this feature has been removed. +.\" See http://marc.theaimsgroup.com/?l=linux-kernel&m=115270289030630&w=2 +.\" Subject: Fix prctl privilege escalation (CVE-2006-2451) +.\" From: Marcel Holtmann <marcel () holtmann ! org> +.\" Date: 2006-07-12 11:12:00 +(See also the description of +.I /proc/sys/fs/\:suid_dumpable +in +.BR proc (5).) +.IP +Normally, the "dumpable" attribute is set to 1. +However, it is reset to the current value contained in the file +.I /proc/sys/fs/\:suid_dumpable +(which by default has the value 0), +in the following circumstances: +.\" See kernel/cred.c::commit_creds() (Linux 3.18 sources) +.RS +.IP \[bu] 3 +The process's effective user or group ID is changed. +.IP \[bu] +The process's filesystem user or group ID is changed (see +.BR credentials (7)). +.IP \[bu] +The process executes +.RB ( execve (2)) +a set-user-ID or set-group-ID program, resulting in a change +of either the effective user ID or the effective group ID. +.IP \[bu] +The process executes +.RB ( execve (2)) +a program that has file capabilities (see +.BR capabilities (7)), +.\" See kernel/cred.c::commit_creds() +but only if the permitted capabilities +gained exceed those already permitted for the process. +.\" Also certain namespace operations; +.RE +.IP +Processes that are not dumpable can not be attached via +.BR ptrace (2) +.BR PTRACE_ATTACH ; +see +.BR ptrace (2) +for further details. +.IP +If a process is not dumpable, +the ownership of files in the process's +.IR /proc/ pid +directory is affected as described in +.BR proc (5). +.\" prctl PR_GET_DUMPABLE +.TP +.BR PR_GET_DUMPABLE " (since Linux 2.3.20)" +Return (as the function result) the current state of the calling +process's dumpable attribute. +.\" Since Linux 2.6.13, the dumpable flag can have the value 2, +.\" but in Linux 2.6.13 PR_GET_DUMPABLE simply returns 1 if the dumpable +.\" flags has a nonzero value. This was fixed in Linux 2.6.14. +.\" prctl PR_SET_ENDIAN +.TP +.BR PR_SET_ENDIAN " (since Linux 2.6.18, PowerPC only)" +Set the endian-ness of the calling process to the value given +in \fIarg2\fP, which should be one of the following: +.\" Respectively 0, 1, 2 +.BR PR_ENDIAN_BIG , +.BR PR_ENDIAN_LITTLE , +or +.B PR_ENDIAN_PPC_LITTLE +(PowerPC pseudo little endian). +.\" prctl PR_GET_ENDIAN +.TP +.BR PR_GET_ENDIAN " (since Linux 2.6.18, PowerPC only)" +Return the endian-ness of the calling process, +in the location pointed to by +.IR "(int\~*) arg2" . +.\" prctl PR_SET_FP_MODE +.TP +.BR PR_SET_FP_MODE " (since Linux 4.0, only on MIPS)" +.\" commit 9791554b45a2acc28247f66a5fd5bbc212a6b8c8 +On the MIPS architecture, +user-space code can be built using an ABI which permits linking +with code that has more restrictive floating-point (FP) requirements. +For example, user-space code may be built to target the O32 FPXX ABI +and linked with code built for either one of the more restrictive +FP32 or FP64 ABIs. +When more restrictive code is linked in, +the overall requirement for the process is to use the more +restrictive floating-point mode. +.IP +Because the kernel has no means of knowing in advance +which mode the process should be executed in, +and because these restrictions can +change over the lifetime of the process, the +.B PR_SET_FP_MODE +operation is provided to allow control of the floating-point mode +from user space. +.IP +.\" https://dmz-portal.mips.com/wiki/MIPS_O32_ABI_-_FR0_and_FR1_Interlinking +The +.I (unsigned int) arg2 +argument is a bit mask describing the floating-point mode used: +.RS +.TP +.B PR_FP_MODE_FR +When this bit is +.I unset +(so called +.BR FR=0 " or " FR0 +mode), the 32 floating-point registers are 32 bits wide, +and 64-bit registers are represented as a pair of registers +(even- and odd- numbered, +with the even-numbered register containing the lower 32 bits, +and the odd-numbered register containing the higher 32 bits). +.IP +When this bit is +.I set +(on supported hardware), +the 32 floating-point registers are 64 bits wide (so called +.BR FR=1 " or " FR1 +mode). +Note that modern MIPS implementations (MIPS R6 and newer) support +.B FR=1 +mode only. +.IP +Applications that use the O32 FP32 ABI can operate only when this bit is +.I unset +.RB ( FR=0 ; +or they can be used with FRE enabled, see below). +Applications that use the O32 FP64 ABI +(and the O32 FP64A ABI, which exists to +provide the ability to operate with existing FP32 code; see below) +can operate only when this bit is +.I set +.RB ( FR=1 ). +Applications that use the O32 FPXX ABI can operate with either +.B FR=0 +or +.BR FR=1 . +.TP +.B PR_FP_MODE_FRE +Enable emulation of 32-bit floating-point mode. +When this mode is enabled, +it emulates 32-bit floating-point operations +by raising a reserved-instruction exception +on every instruction that uses 32-bit formats and +the kernel then handles the instruction in software. +(The problem lies in the discrepancy of handling odd-numbered registers +which are the high 32 bits of 64-bit registers with even numbers in +.B FR=0 +mode and the lower 32-bit parts of odd-numbered 64-bit registers in +.B FR=1 +mode.) +Enabling this bit is necessary when code with the O32 FP32 ABI should operate +with code with compatible the O32 FPXX or O32 FP64A ABIs (which require +.B FR=1 +FPU mode) or when it is executed on newer hardware (MIPS R6 onwards) +which lacks +.B FR=0 +mode support when a binary with the FP32 ABI is used. +.IP +Note that this mode makes sense only when the FPU is in 64-bit mode +.RB ( FR=1 ). +.IP +Note that the use of emulation inherently has a significant performance hit +and should be avoided if possible. +.RE +.IP +In the N32/N64 ABI, 64-bit floating-point mode is always used, +so FPU emulation is not required and the FPU always operates in +.B FR=1 +mode. +.IP +This operation is mainly intended for use by the dynamic linker +.RB ( ld.so (8)). +.IP +The arguments +.IR arg3 , +.IR arg4 , +and +.I arg5 +are ignored. +.\" prctl PR_GET_FP_MODE +.TP +.BR PR_GET_FP_MODE " (since Linux 4.0, only on MIPS)" +Return (as the function result) +the current floating-point mode (see the description of +.B PR_SET_FP_MODE +for details). +.IP +On success, +the call returns a bit mask which represents the current floating-point mode. +.IP +The arguments +.IR arg2 , +.IR arg3 , +.IR arg4 , +and +.I arg5 +are ignored. +.\" prctl PR_SET_FPEMU +.TP +.BR PR_SET_FPEMU " (since Linux 2.4.18, 2.5.9, only on ia64)" +Set floating-point emulation control bits to \fIarg2\fP. +Pass +.B PR_FPEMU_NOPRINT +to silently emulate floating-point operation accesses, or +.B PR_FPEMU_SIGFPE +to not emulate floating-point operations and send +.B SIGFPE +instead. +.\" prctl PR_GET_FPEMU +.TP +.BR PR_GET_FPEMU " (since Linux 2.4.18, 2.5.9, only on ia64)" +Return floating-point emulation control bits, +in the location pointed to by +.IR "(int\~*) arg2" . +.\" prctl PR_SET_FPEXC +.TP +.BR PR_SET_FPEXC " (since Linux 2.4.21, 2.5.32, only on PowerPC)" +Set floating-point exception mode to \fIarg2\fP. +Pass \fBPR_FP_EXC_SW_ENABLE\fP to use FPEXC for FP exception enables, +\fBPR_FP_EXC_DIV\fP for floating-point divide by zero, +\fBPR_FP_EXC_OVF\fP for floating-point overflow, +\fBPR_FP_EXC_UND\fP for floating-point underflow, +\fBPR_FP_EXC_RES\fP for floating-point inexact result, +\fBPR_FP_EXC_INV\fP for floating-point invalid operation, +\fBPR_FP_EXC_DISABLED\fP for FP exceptions disabled, +\fBPR_FP_EXC_NONRECOV\fP for async nonrecoverable exception mode, +\fBPR_FP_EXC_ASYNC\fP for async recoverable exception mode, +\fBPR_FP_EXC_PRECISE\fP for precise exception mode. +.\" prctl PR_GET_FPEXC +.TP +.BR PR_GET_FPEXC " (since Linux 2.4.21, 2.5.32, only on PowerPC)" +Return floating-point exception mode, +in the location pointed to by +.IR "(int\~*) arg2" . +.\" prctl PR_SET_IO_FLUSHER +.TP +.BR PR_SET_IO_FLUSHER " (since Linux 5.6)" +If a user process is involved in the block layer or filesystem I/O path, +and can allocate memory while processing I/O requests it must set +\fIarg2\fP to 1. +This will put the process in the IO_FLUSHER state, +which allows it special treatment to make progress when allocating memory. +If \fIarg2\fP is 0, the process will clear the IO_FLUSHER state, and +the default behavior will be used. +.IP +The calling process must have the +.B CAP_SYS_RESOURCE +capability. +.IP +.IR arg3 , +.IR arg4 , +and +.I arg5 +must be zero. +.IP +The IO_FLUSHER state is inherited by a child process created via +.BR fork (2) +and is preserved across +.BR execve (2). +.IP +Examples of IO_FLUSHER applications are FUSE daemons, SCSI device +emulation daemons, and daemons that perform error handling like multipath +path recovery applications. +.\" prctl PR_GET_IO_FLUSHER +.TP +.B PR_GET_IO_FLUSHER (Since Linux 5.6) +Return (as the function result) the IO_FLUSHER state of the caller. +A value of 1 indicates that the caller is in the IO_FLUSHER state; +0 indicates that the caller is not in the IO_FLUSHER state. +.IP +The calling process must have the +.B CAP_SYS_RESOURCE +capability. +.IP +.IR arg2 , +.IR arg3 , +.IR arg4 , +and +.I arg5 +must be zero. +.\" prctl PR_SET_KEEPCAPS +.TP +.BR PR_SET_KEEPCAPS " (since Linux 2.2.18)" +Set the state of the calling thread's "keep capabilities" flag. +The effect of this flag is described in +.BR capabilities (7). +.I arg2 +must be either 0 (clear the flag) +or 1 (set the flag). +The "keep capabilities" value will be reset to 0 on subsequent calls to +.BR execve (2). +.\" prctl PR_GET_KEEPCAPS +.TP +.BR PR_GET_KEEPCAPS " (since Linux 2.2.18)" +Return (as the function result) the current state of the calling thread's +"keep capabilities" flag. +See +.BR capabilities (7) +for a description of this flag. +.\" prctl PR_MCE_KILL +.TP +.BR PR_MCE_KILL " (since Linux 2.6.32)" +Set the machine check memory corruption kill policy for the calling thread. +If +.I arg2 +is +.BR PR_MCE_KILL_CLEAR , +clear the thread memory corruption kill policy and use the system-wide default. +(The system-wide default is defined by +.IR /proc/sys/vm/memory_failure_early_kill ; +see +.BR proc (5).) +If +.I arg2 +is +.BR PR_MCE_KILL_SET , +use a thread-specific memory corruption kill policy. +In this case, +.I arg3 +defines whether the policy is +.I early kill +.RB ( PR_MCE_KILL_EARLY ), +.I late kill +.RB ( PR_MCE_KILL_LATE ), +or the system-wide default +.RB ( PR_MCE_KILL_DEFAULT ). +Early kill means that the thread receives a +.B SIGBUS +signal as soon as hardware memory corruption is detected inside +its address space. +In late kill mode, the process is killed only when it accesses a corrupted page. +See +.BR sigaction (2) +for more information on the +.B SIGBUS +signal. +The policy is inherited by children. +The remaining unused +.BR prctl () +arguments must be zero for future compatibility. +.\" prctl PR_MCE_KILL_GET +.TP +.BR PR_MCE_KILL_GET " (since Linux 2.6.32)" +Return (as the function result) +the current per-process machine check kill policy. +All unused +.BR prctl () +arguments must be zero. +.\" prctl PR_SET_MM +.TP +.BR PR_SET_MM " (since Linux 3.3)" +.\" commit 028ee4be34a09a6d48bdf30ab991ae933a7bc036 +Modify certain kernel memory map descriptor fields +of the calling process. +Usually these fields are set by the kernel and dynamic loader (see +.BR ld.so (8) +for more information) and a regular application should not use this feature. +However, there are cases, such as self-modifying programs, +where a program might find it useful to change its own memory map. +.IP +The calling process must have the +.B CAP_SYS_RESOURCE +capability. +The value in +.I arg2 +is one of the options below, while +.I arg3 +provides a new value for the option. +The +.I arg4 +and +.I arg5 +arguments must be zero if unused. +.IP +Before Linux 3.10, +.\" commit 52b3694157e3aa6df871e283115652ec6f2d31e0 +this feature is available only if the kernel is built with the +.B CONFIG_CHECKPOINT_RESTORE +option enabled. +.RS +.TP +.B PR_SET_MM_START_CODE +Set the address above which the program text can run. +The corresponding memory area must be readable and executable, +but not writable or shareable (see +.BR mprotect (2) +and +.BR mmap (2) +for more information). +.TP +.B PR_SET_MM_END_CODE +Set the address below which the program text can run. +The corresponding memory area must be readable and executable, +but not writable or shareable. +.TP +.B PR_SET_MM_START_DATA +Set the address above which initialized and +uninitialized (bss) data are placed. +The corresponding memory area must be readable and writable, +but not executable or shareable. +.TP +.B PR_SET_MM_END_DATA +Set the address below which initialized and +uninitialized (bss) data are placed. +The corresponding memory area must be readable and writable, +but not executable or shareable. +.TP +.B PR_SET_MM_START_STACK +Set the start address of the stack. +The corresponding memory area must be readable and writable. +.TP +.B PR_SET_MM_START_BRK +Set the address above which the program heap can be expanded with +.BR brk (2) +call. +The address must be greater than the ending address of +the current program data segment. +In addition, the combined size of the resulting heap and +the size of the data segment can't exceed the +.B RLIMIT_DATA +resource limit (see +.BR setrlimit (2)). +.TP +.B PR_SET_MM_BRK +Set the current +.BR brk (2) +value. +The requirements for the address are the same as for the +.B PR_SET_MM_START_BRK +option. +.P +The following options are available since Linux 3.5. +.\" commit fe8c7f5cbf91124987106faa3bdf0c8b955c4cf7 +.TP +.B PR_SET_MM_ARG_START +Set the address above which the program command line is placed. +.TP +.B PR_SET_MM_ARG_END +Set the address below which the program command line is placed. +.TP +.B PR_SET_MM_ENV_START +Set the address above which the program environment is placed. +.TP +.B PR_SET_MM_ENV_END +Set the address below which the program environment is placed. +.IP +The address passed with +.BR PR_SET_MM_ARG_START , +.BR PR_SET_MM_ARG_END , +.BR PR_SET_MM_ENV_START , +and +.B PR_SET_MM_ENV_END +should belong to a process stack area. +Thus, the corresponding memory area must be readable, writable, and +(depending on the kernel configuration) have the +.B MAP_GROWSDOWN +attribute set (see +.BR mmap (2)). +.TP +.B PR_SET_MM_AUXV +Set a new auxiliary vector. +The +.I arg3 +argument should provide the address of the vector. +The +.I arg4 +is the size of the vector. +.TP +.B PR_SET_MM_EXE_FILE +.\" commit b32dfe377102ce668775f8b6b1461f7ad428f8b6 +Supersede the +.IR /proc/ pid /exe +symbolic link with a new one pointing to a new executable file +identified by the file descriptor provided in +.I arg3 +argument. +The file descriptor should be obtained with a regular +.BR open (2) +call. +.IP +To change the symbolic link, one needs to unmap all existing +executable memory areas, including those created by the kernel itself +(for example the kernel usually creates at least one executable +memory area for the ELF +.I .text +section). +.IP +In Linux 4.9 and earlier, the +.\" commit 3fb4afd9a504c2386b8435028d43283216bf588e +.B PR_SET_MM_EXE_FILE +operation can be performed only once in a process's lifetime; +attempting to perform the operation a second time results in the error +.BR EPERM . +This restriction was enforced for security reasons that were subsequently +deemed specious, +and the restriction was removed in Linux 4.10 because some +user-space applications needed to perform this operation more than once. +.P +The following options are available since Linux 3.18. +.\" commit f606b77f1a9e362451aca8f81d8f36a3a112139e +.TP +.B PR_SET_MM_MAP +Provides one-shot access to all the addresses by passing in a +.I struct prctl_mm_map +(as defined in \fI<linux/prctl.h>\fP). +The +.I arg4 +argument should provide the size of the struct. +.IP +This feature is available only if the kernel is built with the +.B CONFIG_CHECKPOINT_RESTORE +option enabled. +.TP +.B PR_SET_MM_MAP_SIZE +Returns the size of the +.I struct prctl_mm_map +the kernel expects. +This allows user space to find a compatible struct. +The +.I arg4 +argument should be a pointer to an unsigned int. +.IP +This feature is available only if the kernel is built with the +.B CONFIG_CHECKPOINT_RESTORE +option enabled. +.RE +.\" prctl PR_SET_VMA +.TP +.BR PR_SET_VMA " (since Linux 5.17)" +.\" Commit 9a10064f5625d5572c3626c1516e0bebc6c9fe9b +Sets an attribute specified in +.I arg2 +for virtual memory areas starting from the address specified in +.I arg3 +and spanning the size specified in +.IR arg4 . +.I arg5 +specifies the value of the attribute to be set. +.IP +Note that assigning an attribute to a virtual memory area +might prevent it from being merged with adjacent virtual memory areas +due to the difference in that attribute's value. +.IP +Currently, +.I arg2 +must be one of: +.RS +.TP +.B PR_SET_VMA_ANON_NAME +Set a name for anonymous virtual memory areas. +.I arg5 +should be a pointer to a null-terminated string containing the name. +The name length including null byte cannot exceed 80 bytes. +If +.I arg5 +is NULL, the name of the appropriate anonymous virtual memory areas +will be reset. +The name can contain only printable ascii characters (including space), +except \[aq][\[aq], \[aq]]\[aq], \[aq]\e\[aq], \[aq]$\[aq], and \[aq]\[ga]\[aq]. +.RE +.\" prctl PR_MPX_ENABLE_MANAGEMENT +.TP +.B PR_MPX_ENABLE_MANAGEMENT +.TQ +.BR PR_MPX_DISABLE_MANAGEMENT " (since Linux 3.19, removed in Linux 5.4; only on x86)" +.\" commit fe3d197f84319d3bce379a9c0dc17b1f48ad358c +.\" See also http://lwn.net/Articles/582712/ +.\" See also https://gcc.gnu.org/wiki/Intel%20MPX%20support%20in%20the%20GCC%20compiler +Enable or disable kernel management of Memory Protection eXtensions (MPX) +bounds tables. +The +.IR arg2 , +.IR arg3 , +.IR arg4 , +and +.I arg5 +.\" commit e9d1b4f3c60997fe197bf0243cb4a41a44387a88 +arguments must be zero. +.IP +MPX is a hardware-assisted mechanism for performing bounds checking on +pointers. +It consists of a set of registers storing bounds information +and a set of special instruction prefixes that tell the CPU on which +instructions it should do bounds enforcement. +There is a limited number of these registers and +when there are more pointers than registers, +their contents must be "spilled" into a set of tables. +These tables are called "bounds tables" and the MPX +.BR prctl () +operations control +whether the kernel manages their allocation and freeing. +.IP +When management is enabled, the kernel will take over allocation +and freeing of the bounds tables. +It does this by trapping the #BR exceptions that result +at first use of missing bounds tables and +instead of delivering the exception to user space, +it allocates the table and populates the bounds directory +with the location of the new table. +For freeing, the kernel checks to see if bounds tables are +present for memory which is not allocated, and frees them if so. +.IP +Before enabling MPX management using +.BR PR_MPX_ENABLE_MANAGEMENT , +the application must first have allocated a user-space buffer for +the bounds directory and placed the location of that directory in the +.I bndcfgu +register. +.IP +These calls fail if the CPU or kernel does not support MPX. +Kernel support for MPX is enabled via the +.B CONFIG_X86_INTEL_MPX +configuration option. +You can check whether the CPU supports MPX by looking for the +.I mpx +CPUID bit, like with the following command: +.IP +.in +4n +.EX +cat /proc/cpuinfo | grep \[aq] mpx \[aq] +.EE +.in +.IP +A thread may not switch in or out of long (64-bit) mode while MPX is +enabled. +.IP +All threads in a process are affected by these calls. +.IP +The child of a +.BR fork (2) +inherits the state of MPX management. +During +.BR execve (2), +MPX management is reset to a state as if +.B PR_MPX_DISABLE_MANAGEMENT +had been called. +.IP +For further information on Intel MPX, see the kernel source file +.IR Documentation/x86/intel_mpx.txt . +.IP +.\" commit f240652b6032b48ad7fa35c5e701cc4c8d697c0b +.\" See also https://lkml.kernel.org/r/20190705175321.DB42F0AD@viggo.jf.intel.com +Due to a lack of toolchain support, +.BR PR_MPX_ENABLE_MANAGEMENT " and " PR_MPX_DISABLE_MANAGEMENT +are not supported in Linux 5.4 and later. +.\" prctl PR_SET_NAME +.TP +.BR PR_SET_NAME " (since Linux 2.6.9)" +Set the name of the calling thread, +using the value in the location pointed to by +.IR "(char\~*) arg2" . +The name can be up to 16 bytes long, +.\" TASK_COMM_LEN in include/linux/sched.h +including the terminating null byte. +(If the length of the string, including the terminating null byte, +exceeds 16 bytes, the string is silently truncated.) +This is the same attribute that can be set via +.BR pthread_setname_np (3) +and retrieved using +.BR pthread_getname_np (3). +The attribute is likewise accessible via +.IR /proc/self/task/ tid /comm +(see +.BR proc (5)), +where +.I tid +is the thread ID of the calling thread, as returned by +.BR gettid (2). +.\" prctl PR_GET_NAME +.TP +.BR PR_GET_NAME " (since Linux 2.6.11)" +Return the name of the calling thread, +in the buffer pointed to by +.IR "(char\~*) arg2" . +The buffer should allow space for up to 16 bytes; +the returned string will be null-terminated. +.\" prctl PR_SET_NO_NEW_PRIVS +.TP +.BR PR_SET_NO_NEW_PRIVS " (since Linux 3.5)" +Set the calling thread's +.I no_new_privs +attribute to the value in +.IR arg2 . +With +.I no_new_privs +set to 1, +.BR execve (2) +promises not to grant privileges to do anything +that could not have been done without the +.BR execve (2) +call (for example, +rendering the set-user-ID and set-group-ID mode bits, +and file capabilities non-functional). +Once set, the +.I no_new_privs +attribute cannot be unset. +The setting of this attribute is inherited by children created by +.BR fork (2) +and +.BR clone (2), +and preserved across +.BR execve (2). +.IP +Since Linux 4.10, +the value of a thread's +.I no_new_privs +attribute can be viewed via the +.I NoNewPrivs +field in the +.IR /proc/ pid /status +file. +.IP +For more information, see the kernel source file +.I Documentation/userspace\-api/no_new_privs.rst +.\" commit 40fde647ccb0ae8c11d256d271e24d385eed595b +(or +.I Documentation/prctl/no_new_privs.txt +before Linux 4.13). +See also +.BR seccomp (2). +.\" prctl PR_GET_NO_NEW_PRIVS +.TP +.BR PR_GET_NO_NEW_PRIVS " (since Linux 3.5)" +Return (as the function result) the value of the +.I no_new_privs +attribute for the calling thread. +A value of 0 indicates the regular +.BR execve (2) +behavior. +A value of 1 indicates +.BR execve (2) +will operate in the privilege-restricting mode described above. +.\" prctl PR_PAC_RESET_KEYS +.\" commit ba830885656414101b2f8ca88786524d4bb5e8c1 +.TP +.BR PR_PAC_RESET_KEYS " (since Linux 5.0, only on arm64)" +Securely reset the thread's pointer authentication keys +to fresh random values generated by the kernel. +.IP +The set of keys to be reset is specified by +.IR arg2 , +which must be a logical OR of zero or more of the following: +.RS +.TP +.B PR_PAC_APIAKEY +instruction authentication key A +.TP +.B PR_PAC_APIBKEY +instruction authentication key B +.TP +.B PR_PAC_APDAKEY +data authentication key A +.TP +.B PR_PAC_APDBKEY +data authentication key B +.TP +.B PR_PAC_APGAKEY +generic authentication \[lq]A\[rq] key. +.IP +(Yes folks, there really is no generic B key.) +.RE +.IP +As a special case, if +.I arg2 +is zero, then all the keys are reset. +Since new keys could be added in future, +this is the recommended way to completely wipe the existing keys +when establishing a clean execution context. +Note that there is no need to use +.B PR_PAC_RESET_KEYS +in preparation for calling +.BR execve (2), +since +.BR execve (2) +resets all the pointer authentication keys. +.IP +The remaining arguments +.IR arg3 ", " arg4 ", and " arg5 +must all be zero. +.IP +If the arguments are invalid, +and in particular if +.I arg2 +contains set bits that are unrecognized +or that correspond to a key not available on this platform, +then the call fails with error +.BR EINVAL . +.IP +.B Warning: +Because the compiler or run-time environment +may be using some or all of the keys, +a successful +.B PR_PAC_RESET_KEYS +may crash the calling process. +The conditions for using it safely are complex and system-dependent. +Don't use it unless you know what you are doing. +.IP +For more information, see the kernel source file +.I Documentation/arm64/pointer\-authentication.rst +.\"commit b693d0b372afb39432e1c49ad7b3454855bc6bed +(or +.I Documentation/arm64/pointer\-authentication.txt +before Linux 5.3). +.\" prctl PR_SET_PDEATHSIG +.TP +.BR PR_SET_PDEATHSIG " (since Linux 2.1.57)" +Set the parent-death signal +of the calling process to \fIarg2\fP (either a signal value +in the range +.RB [ 1 , +.IR NSIG\~\-\~1 ], +or +.B 0 +to clear). +This is the signal that the calling process will get when its +parent dies. +.IP +.IR Warning : +.\" https://bugzilla.kernel.org/show_bug.cgi?id=43300 +the "parent" in this case is considered to be the +.I thread +that created this process. +In other words, the signal will be sent when that thread terminates +(via, for example, +.BR pthread_exit (3)), +rather than after all of the threads in the parent process terminate. +.IP +The parent-death signal is sent upon subsequent termination of the parent +thread and also upon termination of each subreaper process +(see the description of +.B PR_SET_CHILD_SUBREAPER +above) to which the caller is subsequently reparented. +If the parent thread and all ancestor subreapers have already terminated +by the time of the +.B PR_SET_PDEATHSIG +operation, then no parent-death signal is sent to the caller. +.IP +The parent-death signal is process-directed (see +.BR signal (7)) +and, if the child installs a handler using the +.BR sigaction (2) +.B SA_SIGINFO +flag, the +.I si_pid +field of the +.I siginfo_t +argument of the handler contains the PID of the terminating parent process. +.IP +The parent-death signal setting is cleared for the child of a +.BR fork (2). +It is also +(since Linux 2.4.36 / 2.6.23) +.\" commit d2d56c5f51028cb9f3d800882eb6f4cbd3f9099f +cleared when executing a set-user-ID or set-group-ID binary, +or a binary that has associated capabilities (see +.BR capabilities (7)); +otherwise, this value is preserved across +.BR execve (2). +The parent-death signal setting is also cleared upon changes to +any of the following thread credentials: +.\" FIXME capability changes can also trigger this; see +.\" kernel/cred.c::commit_creds in the Linux 5.6 source. +effective user ID, effective group ID, filesystem user ID, +or filesystem group ID. +.\" prctl PR_GET_PDEATHSIG +.TP +.BR PR_GET_PDEATHSIG " (since Linux 2.3.15)" +Return the current value of the parent process death signal, +in the location pointed to by +.IR "(int\~*) arg2" . +.\" prctl PR_SET_PTRACER +.TP +.BR PR_SET_PTRACER " (since Linux 3.4)" +.\" commit 2d514487faf188938a4ee4fb3464eeecfbdcf8eb +.\" commit bf06189e4d14641c0148bea16e9dd24943862215 +This is meaningful only when the Yama LSM is enabled and in mode 1 +("restricted ptrace", visible via +.IR /proc/sys/kernel/yama/ptrace_scope ). +When a "ptracer process ID" is passed in \fIarg2\fP, +the caller is declaring that the ptracer process can +.BR ptrace (2) +the calling process as if it were a direct process ancestor. +Each +.B PR_SET_PTRACER +operation replaces the previous "ptracer process ID". +Employing +.B PR_SET_PTRACER +with +.I arg2 +set to 0 clears the caller's "ptracer process ID". +If +.I arg2 +is +.BR PR_SET_PTRACER_ANY , +the ptrace restrictions introduced by Yama are effectively disabled for the +calling process. +.IP +For further information, see the kernel source file +.I Documentation/admin\-guide/LSM/Yama.rst +.\" commit 90bb766440f2147486a2acc3e793d7b8348b0c22 +(or +.I Documentation/security/Yama.txt +before Linux 4.13). +.\" prctl PR_SET_SECCOMP +.TP +.BR PR_SET_SECCOMP " (since Linux 2.6.23)" +.\" See http://thread.gmane.org/gmane.linux.kernel/542632 +.\" [PATCH 0 of 2] seccomp updates +.\" andrea@cpushare.com +Set the secure computing (seccomp) mode for the calling thread, to limit +the available system calls. +The more recent +.BR seccomp (2) +system call provides a superset of the functionality of +.BR PR_SET_SECCOMP , +and is the preferred interface for new applications. +.IP +The seccomp mode is selected via +.IR arg2 . +(The seccomp constants are defined in +.IR <linux/seccomp.h> .) +The following values can be specified: +.RS +.TP +.BR SECCOMP_MODE_STRICT " (since Linux 2.6.23)" +See the description of +.B SECCOMP_SET_MODE_STRICT +in +.BR seccomp (2). +.IP +This operation is available only +if the kernel is configured with +.B CONFIG_SECCOMP +enabled. +.TP +.BR SECCOMP_MODE_FILTER " (since Linux 3.5)" +The allowed system calls are defined by a pointer +to a Berkeley Packet Filter passed in +.IR arg3 . +This argument is a pointer to +.IR "struct sock_fprog" ; +it can be designed to filter +arbitrary system calls and system call arguments. +See the description of +.B SECCOMP_SET_MODE_FILTER +in +.BR seccomp (2). +.IP +This operation is available only +if the kernel is configured with +.B CONFIG_SECCOMP_FILTER +enabled. +.RE +.IP +For further details on seccomp filtering, see +.BR seccomp (2). +.\" prctl PR_GET_SECCOMP +.TP +.BR PR_GET_SECCOMP " (since Linux 2.6.23)" +Return (as the function result) +the secure computing mode of the calling thread. +If the caller is not in secure computing mode, this operation returns 0; +if the caller is in strict secure computing mode, then the +.BR prctl () +call will cause a +.B SIGKILL +signal to be sent to the process. +If the caller is in filter mode, and this system call is allowed by the +seccomp filters, it returns 2; otherwise, the process is killed with a +.B SIGKILL +signal. +.IP +This operation is available only +if the kernel is configured with +.B CONFIG_SECCOMP +enabled. +.IP +Since Linux 3.8, the +.I Seccomp +field of the +.IR /proc/ pid /status +file provides a method of obtaining the same information, +without the risk that the process is killed; see +.BR proc (5). +.\" prctl PR_SET_SECUREBITS +.TP +.BR PR_SET_SECUREBITS " (since Linux 2.6.26)" +Set the "securebits" flags of the calling thread to the value supplied in +.IR arg2 . +See +.BR capabilities (7). +.\" prctl PR_GET_SECUREBITS +.TP +.BR PR_GET_SECUREBITS " (since Linux 2.6.26)" +Return (as the function result) +the "securebits" flags of the calling thread. +See +.BR capabilities (7). +.\" prctl PR_GET_SPECULATION_CTRL +.TP +.BR PR_GET_SPECULATION_CTRL " (since Linux 4.17)" +Return (as the function result) +the state of the speculation misfeature specified in +.IR arg2 . +Currently, the only permitted value for this argument is +.B PR_SPEC_STORE_BYPASS +(otherwise the call fails with the error +.BR ENODEV ). +.IP +The return value uses bits 0-3 with the following meaning: +.RS +.TP +.B PR_SPEC_PRCTL +Mitigation can be controlled per thread by +.BR PR_SET_SPECULATION_CTRL . +.TP +.B PR_SPEC_ENABLE +The speculation feature is enabled, mitigation is disabled. +.TP +.B PR_SPEC_DISABLE +The speculation feature is disabled, mitigation is enabled. +.TP +.B PR_SPEC_FORCE_DISABLE +Same as +.B PR_SPEC_DISABLE +but cannot be undone. +.TP +.BR PR_SPEC_DISABLE_NOEXEC " (since Linux 5.1)" +Same as +.BR PR_SPEC_DISABLE , +but the state will be cleared on +.BR execve (2). +.RE +.IP +If all bits are 0, +then the CPU is not affected by the speculation misfeature. +.IP +If +.B PR_SPEC_PRCTL +is set, then per-thread control of the mitigation is available. +If not set, +.BR prctl () +for the speculation misfeature will fail. +.IP +The +.IR arg3 , +.IR arg4 , +and +.I arg5 +arguments must be specified as 0; otherwise the call fails with the error +.BR EINVAL . +.\" prctl PR_SET_SPECULATION_CTRL +.TP +.BR PR_SET_SPECULATION_CTRL " (since Linux 4.17)" +.\" commit b617cfc858161140d69cc0b5cc211996b557a1c7 +.\" commit 356e4bfff2c5489e016fdb925adbf12a1e3950ee +Sets the state of the speculation misfeature specified in +.IR arg2 . +The speculation-misfeature settings are per-thread attributes. +.IP +Currently, +.I arg2 +must be one of: +.RS +.TP +.B PR_SPEC_STORE_BYPASS +Set the state of the speculative store bypass misfeature. +.\" commit 9137bb27e60e554dab694eafa4cca241fa3a694f +.TP +.BR PR_SPEC_INDIRECT_BRANCH " (since Linux 4.20)" +Set the state of the indirect branch speculation misfeature. +.RE +.IP +If +.I arg2 +does not have one of the above values, +then the call fails with the error +.BR ENODEV . +.IP +The +.I arg3 +argument is used to hand in the control value, +which is one of the following: +.RS +.TP +.B PR_SPEC_ENABLE +The speculation feature is enabled, mitigation is disabled. +.TP +.B PR_SPEC_DISABLE +The speculation feature is disabled, mitigation is enabled. +.TP +.B PR_SPEC_FORCE_DISABLE +Same as +.BR PR_SPEC_DISABLE , +but cannot be undone. +A subsequent +.BR prctl (\c +.IR arg2 , +.BR PR_SPEC_ENABLE ) +with the same value for +.I arg2 +will fail with the error +.BR EPERM . +.\" commit 71368af9027f18fe5d1c6f372cfdff7e4bde8b48 +.TP +.BR PR_SPEC_DISABLE_NOEXEC " (since Linux 5.1)" +Same as +.BR PR_SPEC_DISABLE , +but the state will be cleared on +.BR execve (2). +Currently only supported for +.I arg2 +equal to +.B PR_SPEC_STORE_BYPASS. +.RE +.IP +Any unsupported value in +.I arg3 +will result in the call failing with the error +.BR ERANGE . +.IP +The +.I arg4 +and +.I arg5 +arguments must be specified as 0; otherwise the call fails with the error +.BR EINVAL . +.IP +The speculation feature can also be controlled by the +.B spec_store_bypass_disable +boot parameter. +This parameter may enforce a read-only policy which will result in the +.BR prctl () +call failing with the error +.BR ENXIO . +For further details, see the kernel source file +.IR Documentation/admin\-guide/kernel\-parameters.txt . +.\" prctl PR_SVE_SET_VL +.\" commit 2d2123bc7c7f843aa9db87720de159a049839862 +.\" linux-5.6/Documentation/arm64/sve.rst +.TP +.BR PR_SVE_SET_VL " (since Linux 4.15, only on arm64)" +Configure the thread's SVE vector length, +as specified by +.IR "(int) arg2" . +Arguments +.IR arg3 , +.IR arg4 , +and +.I arg5 +are ignored. +.IP +The bits of +.I arg2 +corresponding to +.B PR_SVE_VL_LEN_MASK +must be set to the desired vector length in bytes. +This is interpreted as an upper bound: +the kernel will select the greatest available vector length +that does not exceed the value specified. +In particular, specifying +.B SVE_VL_MAX +(defined in +.I <asm/sigcontext.h>) +for the +.B PR_SVE_VL_LEN_MASK +bits requests the maximum supported vector length. +.IP +In addition, the other bits of +.I arg2 +must be set to one of the following combinations of flags: +.RS +.TP +.B 0 +Perform the change immediately. +At the next +.BR execve (2) +in the thread, +the vector length will be reset to the value configured in +.IR /proc/sys/abi/sve_default_vector_length . +.TP +.B PR_SVE_VL_INHERIT +Perform the change immediately. +Subsequent +.BR execve (2) +calls will preserve the new vector length. +.TP +.B PR_SVE_SET_VL_ONEXEC +Defer the change, so that it is performed at the next +.BR execve (2) +in the thread. +Further +.BR execve (2) +calls will reset the vector length to the value configured in +.IR /proc/sys/abi/sve_default_vector_length . +.TP +.B "PR_SVE_SET_VL_ONEXEC | PR_SVE_VL_INHERIT" +Defer the change, so that it is performed at the next +.BR execve (2) +in the thread. +Further +.BR execve (2) +calls will preserve the new vector length. +.RE +.IP +In all cases, +any previously pending deferred change is canceled. +.IP +The call fails with error +.B EINVAL +if SVE is not supported on the platform, if +.I arg2 +is unrecognized or invalid, or the value in the bits of +.I arg2 +corresponding to +.B PR_SVE_VL_LEN_MASK +is outside the range +.BR SVE_VL_MIN .. SVE_VL_MAX +or is not a multiple of 16. +.IP +On success, +a nonnegative value is returned that describes the +.I selected +configuration. +If +.B PR_SVE_SET_VL_ONEXEC +was included in +.IR arg2 , +then the configuration described by the return value +will take effect at the next +.BR execve (2). +Otherwise, the configuration is already in effect when the +.B PR_SVE_SET_VL +call returns. +In either case, the value is encoded in the same way as the return value of +.BR PR_SVE_GET_VL . +Note that there is no explicit flag in the return value +corresponding to +.BR PR_SVE_SET_VL_ONEXEC . +.IP +The configuration (including any pending deferred change) +is inherited across +.BR fork (2) +and +.BR clone (2). +.IP +For more information, see the kernel source file +.I Documentation/arm64/sve.rst +.\"commit b693d0b372afb39432e1c49ad7b3454855bc6bed +(or +.I Documentation/arm64/sve.txt +before Linux 5.3). +.IP +.B Warning: +Because the compiler or run-time environment +may be using SVE, using this call without the +.B PR_SVE_SET_VL_ONEXEC +flag may crash the calling process. +The conditions for using it safely are complex and system-dependent. +Don't use it unless you really know what you are doing. +.\" prctl PR_SVE_GET_VL +.TP +.BR PR_SVE_GET_VL " (since Linux 4.15, only on arm64)" +Get the thread's current SVE vector length configuration. +.IP +Arguments +.IR arg2 ", " arg3 ", " arg4 ", and " arg5 +are ignored. +.IP +Provided that the kernel and platform support SVE, +this operation always succeeds, +returning a nonnegative value that describes the +.I current +configuration. +The bits corresponding to +.B PR_SVE_VL_LEN_MASK +contain the currently configured vector length in bytes. +The bit corresponding to +.B PR_SVE_VL_INHERIT +indicates whether the vector length will be inherited +across +.BR execve (2). +.IP +Note that there is no way to determine whether there is +a pending vector length change that has not yet taken effect. +.IP +For more information, see the kernel source file +.I Documentation/arm64/sve.rst +.\"commit b693d0b372afb39432e1c49ad7b3454855bc6bed +(or +.I Documentation/arm64/sve.txt +before Linux 5.3). +.TP +.\" prctl PR_SET_SYSCALL_USER_DISPATCH +.\" commit 1446e1df9eb183fdf81c3f0715402f1d7595d4 +.BR PR_SET_SYSCALL_USER_DISPATCH " (since Linux 5.11, x86 only)" +Configure the Syscall User Dispatch mechanism +for the calling thread. +This mechanism allows an application +to selectively intercept system calls +so that they can be handled within the application itself. +Interception takes the form of a thread-directed +.B SIGSYS +signal that is delivered to the thread +when it makes a system call. +If intercepted, +the system call is not executed by the kernel. +.IP +To enable this mechanism, +.I arg2 +should be set to +.BR PR_SYS_DISPATCH_ON . +Once enabled, further system calls will be selectively intercepted, +depending on a control variable provided by user space. +In this case, +.I arg3 +and +.I arg4 +respectively identify the +.I offset +and +.I length +of a single contiguous memory region in the process address space +from where system calls are always allowed to be executed, +regardless of the control variable. +(Typically, this area would include the area of memory +containing the C library.) +.IP +.I arg5 +points to a char-sized variable +that is a fast switch to allow/block system call execution +without the overhead of doing another system call +to re-configure Syscall User Dispatch. +This control variable can either be set to +.B SYSCALL_DISPATCH_FILTER_BLOCK +to block system calls from executing +or to +.B SYSCALL_DISPATCH_FILTER_ALLOW +to temporarily allow them to be executed. +This value is checked by the kernel +on every system call entry, +and any unexpected value will raise +an uncatchable +.B SIGSYS +at that time, +killing the application. +.IP +When a system call is intercepted, +the kernel sends a thread-directed +.B SIGSYS +signal to the triggering thread. +Various fields will be set in the +.I siginfo_t +structure (see +.BR sigaction (2)) +associated with the signal: +.RS +.IP \[bu] 3 +.I si_signo +will contain +.BR SIGSYS . +.IP \[bu] +.I si_call_addr +will show the address of the system call instruction. +.IP \[bu] +.I si_syscall +and +.I si_arch +will indicate which system call was attempted. +.IP \[bu] +.I si_code +will contain +.BR SYS_USER_DISPATCH . +.IP \[bu] +.I si_errno +will be set to 0. +.RE +.IP +The program counter will be as though the system call happened +(i.e., the program counter will not point to the system call instruction). +.IP +When the signal handler returns to the kernel, +the system call completes immediately +and returns to the calling thread, +without actually being executed. +If necessary +(i.e., when emulating the system call on user space.), +the signal handler should set the system call return value +to a sane value, +by modifying the register context stored in the +.I ucontext +argument of the signal handler. +See +.BR sigaction (2), +.BR sigreturn (2), +and +.BR getcontext (3) +for more information. +.IP +If +.I arg2 +is set to +.BR PR_SYS_DISPATCH_OFF , +Syscall User Dispatch is disabled for that thread. +the remaining arguments must be set to 0. +.IP +The setting is not preserved across +.BR fork (2), +.BR clone (2), +or +.BR execve (2). +.IP +For more information, +see the kernel source file +.I Documentation/admin\-guide/syscall\-user\-dispatch.rst +.\" prctl PR_SET_TAGGED_ADDR_CTRL +.\" commit 63f0c60379650d82250f22e4cf4137ef3dc4f43d +.TP +.BR PR_SET_TAGGED_ADDR_CTRL " (since Linux 5.4, only on arm64)" +Controls support for passing tagged user-space addresses to the kernel +(i.e., addresses where bits 56\[em]63 are not all zero). +.IP +The level of support is selected by +.IR "arg2" , +which can be one of the following: +.RS +.TP +.B 0 +Addresses that are passed +for the purpose of being dereferenced by the kernel +must be untagged. +.TP +.B PR_TAGGED_ADDR_ENABLE +Addresses that are passed +for the purpose of being dereferenced by the kernel +may be tagged, with the exceptions summarized below. +.RE +.IP +The remaining arguments +.IR arg3 ", " arg4 ", and " arg5 +must all be zero. +.\" Enforcement added in +.\" commit 3e91ec89f527b9870fe42dcbdb74fd389d123a95 +.IP +On success, the mode specified in +.I arg2 +is set for the calling thread and the return value is 0. +If the arguments are invalid, +the mode specified in +.I arg2 +is unrecognized, +or if this feature is unsupported by the kernel +or disabled via +.IR /proc/sys/abi/tagged_addr_disabled , +the call fails with the error +.BR EINVAL . +.IP +In particular, if +.BR prctl ( PR_SET_TAGGED_ADDR_CTRL , +0, 0, 0, 0) +fails with +.BR EINVAL , +then all addresses passed to the kernel must be untagged. +.IP +Irrespective of which mode is set, +addresses passed to certain interfaces +must always be untagged: +.RS +.IP \[bu] 3 +.BR brk (2), +.BR mmap (2), +.BR shmat (2), +.BR shmdt (2), +and the +.I new_address +argument of +.BR mremap (2). +.IP +(Prior to Linux 5.6 these accepted tagged addresses, +but the behaviour may not be what you expect. +Don't rely on it.) +.IP \[bu] +\[oq]polymorphic\[cq] interfaces +that accept pointers to arbitrary types cast to a +.I void * +or other generic type, specifically +.BR prctl (), +.BR ioctl (2), +and in general +.BR setsockopt (2) +(only certain specific +.BR setsockopt (2) +options allow tagged addresses). +.RE +.IP +This list of exclusions may shrink +when moving from one kernel version to a later kernel version. +While the kernel may make some guarantees +for backwards compatibility reasons, +for the purposes of new software +the effect of passing tagged addresses to these interfaces +is unspecified. +.IP +The mode set by this call is inherited across +.BR fork (2) +and +.BR clone (2). +The mode is reset by +.BR execve (2) +to 0 +(i.e., tagged addresses not permitted in the user/kernel ABI). +.IP +For more information, see the kernel source file +.IR Documentation/arm64/tagged\-address\-abi.rst . +.IP +.B Warning: +This call is primarily intended for use by the run-time environment. +A successful +.B PR_SET_TAGGED_ADDR_CTRL +call elsewhere may crash the calling process. +The conditions for using it safely are complex and system-dependent. +Don't use it unless you know what you are doing. +.\" prctl PR_GET_TAGGED_ADDR_CTRL +.\" commit 63f0c60379650d82250f22e4cf4137ef3dc4f43d +.TP +.BR PR_GET_TAGGED_ADDR_CTRL " (since Linux 5.4, only on arm64)" +Returns the current tagged address mode +for the calling thread. +.IP +Arguments +.IR arg2 ", " arg3 ", " arg4 ", and " arg5 +must all be zero. +.IP +If the arguments are invalid +or this feature is disabled or unsupported by the kernel, +the call fails with +.BR EINVAL . +In particular, if +.BR prctl ( PR_GET_TAGGED_ADDR_CTRL , +0, 0, 0, 0) +fails with +.BR EINVAL , +then this feature is definitely either unsupported, +or disabled via +.IR /proc/sys/abi/tagged_addr_disabled . +In this case, +all addresses passed to the kernel must be untagged. +.IP +Otherwise, the call returns a nonnegative value +describing the current tagged address mode, +encoded in the same way as the +.I arg2 +argument of +.BR PR_SET_TAGGED_ADDR_CTRL . +.IP +For more information, see the kernel source file +.IR Documentation/arm64/tagged\-address\-abi.rst . +.\" +.\" prctl PR_TASK_PERF_EVENTS_DISABLE +.TP +.BR PR_TASK_PERF_EVENTS_DISABLE " (since Linux 2.6.31)" +Disable all performance counters attached to the calling process, +regardless of whether the counters were created by +this process or another process. +Performance counters created by the calling process for other +processes are unaffected. +For more information on performance counters, see the Linux kernel source file +.IR tools/perf/design.txt . +.IP +Originally called +.BR PR_TASK_PERF_COUNTERS_DISABLE ; +.\" commit 1d1c7ddbfab358445a542715551301b7fc363e28 +renamed (retaining the same numerical value) +in Linux 2.6.32. +.\" +.\" prctl PR_TASK_PERF_EVENTS_ENABLE +.TP +.BR PR_TASK_PERF_EVENTS_ENABLE " (since Linux 2.6.31)" +The converse of +.BR PR_TASK_PERF_EVENTS_DISABLE ; +enable performance counters attached to the calling process. +.IP +Originally called +.BR PR_TASK_PERF_COUNTERS_ENABLE ; +.\" commit 1d1c7ddbfab358445a542715551301b7fc363e28 +renamed +.\" commit cdd6c482c9ff9c55475ee7392ec8f672eddb7be6 +in Linux 2.6.32. +.\" +.\" prctl PR_SET_THP_DISABLE +.TP +.BR PR_SET_THP_DISABLE " (since Linux 3.15)" +.\" commit a0715cc22601e8830ace98366c0c2bd8da52af52 +Set the state of the "THP disable" flag for the calling thread. +If +.I arg2 +has a nonzero value, the flag is set, otherwise it is cleared. +Setting this flag provides a method +for disabling transparent huge pages +for jobs where the code cannot be modified, and using a malloc hook with +.BR madvise (2) +is not an option (i.e., statically allocated data). +The setting of the "THP disable" flag is inherited by a child created via +.BR fork (2) +and is preserved across +.BR execve (2). +.\" prctl PR_GET_THP_DISABLE +.TP +.BR PR_GET_THP_DISABLE " (since Linux 3.15)" +Return (as the function result) the current setting of the "THP disable" +flag for the calling thread: +either 1, if the flag is set, or 0, if it is not. +.\" prctl PR_GET_TID_ADDRESS +.TP +.BR PR_GET_TID_ADDRESS " (since Linux 3.5)" +.\" commit 300f786b2683f8bb1ec0afb6e1851183a479c86d +Return the +.I clear_child_tid +address set by +.BR set_tid_address (2) +and the +.BR clone (2) +.B CLONE_CHILD_CLEARTID +flag, in the location pointed to by +.IR "(int\~**)\~arg2" . +This feature is available only if the kernel is built with the +.B CONFIG_CHECKPOINT_RESTORE +option enabled. +Note that since the +.BR prctl () +system call does not have a compat implementation for +the AMD64 x32 and MIPS n32 ABIs, +and the kernel writes out a pointer using the kernel's pointer size, +this operation expects a user-space buffer of 8 (not 4) bytes on these ABIs. +.\" prctl PR_SET_TIMERSLACK +.TP +.BR PR_SET_TIMERSLACK " (since Linux 2.6.28)" +.\" See https://lwn.net/Articles/369549/ +.\" commit 6976675d94042fbd446231d1bd8b7de71a980ada +Each thread has two associated timer slack values: +a "default" value, and a "current" value. +This operation sets the "current" timer slack value for the calling thread. +.I arg2 +is an unsigned long value, then maximum "current" value is ULONG_MAX and +the minimum "current" value is 1. +If the nanosecond value supplied in +.I arg2 +is greater than zero, then the "current" value is set to this value. +If +.I arg2 +is equal to zero, +the "current" timer slack is reset to the +thread's "default" timer slack value. +.IP +The "current" timer slack is used by the kernel to group timer expirations +for the calling thread that are close to one another; +as a consequence, timer expirations for the thread may be +up to the specified number of nanoseconds late (but will never expire early). +Grouping timer expirations can help reduce system power consumption +by minimizing CPU wake-ups. +.IP +The timer expirations affected by timer slack are those set by +.BR select (2), +.BR pselect (2), +.BR poll (2), +.BR ppoll (2), +.BR epoll_wait (2), +.BR epoll_pwait (2), +.BR clock_nanosleep (2), +.BR nanosleep (2), +and +.BR futex (2) +(and thus the library functions implemented via futexes, including +.\" List obtained by grepping for futex usage in glibc source +.BR pthread_cond_timedwait (3), +.BR pthread_mutex_timedlock (3), +.BR pthread_rwlock_timedrdlock (3), +.BR pthread_rwlock_timedwrlock (3), +and +.BR sem_timedwait (3)). +.IP +Timer slack is not applied to threads that are scheduled under +a real-time scheduling policy (see +.BR sched_setscheduler (2)). +.IP +When a new thread is created, +the two timer slack values are made the same as the "current" value +of the creating thread. +Thereafter, a thread can adjust its "current" timer slack value via +.BR PR_SET_TIMERSLACK . +The "default" value can't be changed. +The timer slack values of +.I init +(PID 1), the ancestor of all processes, +are 50,000 nanoseconds (50 microseconds). +The timer slack value is inherited by a child created via +.BR fork (2), +and is preserved across +.BR execve (2). +.IP +Since Linux 4.6, the "current" timer slack value of any process +can be examined and changed via the file +.IR /proc/ pid /timerslack_ns . +See +.BR proc (5). +.\" prctl PR_GET_TIMERSLACK +.TP +.BR PR_GET_TIMERSLACK " (since Linux 2.6.28)" +Return (as the function result) +the "current" timer slack value of the calling thread. +.\" prctl PR_SET_TIMING +.TP +.BR PR_SET_TIMING " (since Linux 2.6.0)" +.\" Precisely: Linux 2.6.0-test4 +Set whether to use (normal, traditional) statistical process timing or +accurate timestamp-based process timing, by passing +.B PR_TIMING_STATISTICAL +.\" 0 +or +.B PR_TIMING_TIMESTAMP +.\" 1 +to \fIarg2\fP. +.B PR_TIMING_TIMESTAMP +is not currently implemented +(attempting to set this mode will yield the error +.BR EINVAL ). +.\" PR_TIMING_TIMESTAMP doesn't do anything in Linux 2.6.26-rc8, +.\" and looking at the patch history, it appears +.\" that it never did anything. +.\" prctl PR_GET_TIMING +.TP +.BR PR_GET_TIMING " (since Linux 2.6.0)" +.\" Precisely: Linux 2.6.0-test4 +Return (as the function result) which process timing method is currently +in use. +.\" prctl PR_SET_TSC +.TP +.BR PR_SET_TSC " (since Linux 2.6.26, x86 only)" +Set the state of the flag determining whether the timestamp counter +can be read by the process. +Pass +.B PR_TSC_ENABLE +to +.I arg2 +to allow it to be read, or +.B PR_TSC_SIGSEGV +to generate a +.B SIGSEGV +when the process tries to read the timestamp counter. +.\" prctl PR_GET_TSC +.TP +.BR PR_GET_TSC " (since Linux 2.6.26, x86 only)" +Return the state of the flag determining whether the timestamp counter +can be read, +in the location pointed to by +.IR "(int\~*) arg2" . +.\" prctl PR_SET_UNALIGN +.TP +.B PR_SET_UNALIGN +(Only on: ia64, since Linux 2.3.48; parisc, since Linux 2.6.15; +PowerPC, since Linux 2.6.18; Alpha, since Linux 2.6.22; +.\" sh: 94ea5e449ae834af058ef005d16a8ad44fcf13d6 +.\" tile: 2f9ac29eec71a696cb0dcc5fb82c0f8d4dac28c9 +sh, since Linux 2.6.34; tile, since Linux 3.12) +Set unaligned access control bits to \fIarg2\fP. +Pass +\fBPR_UNALIGN_NOPRINT\fP to silently fix up unaligned user accesses, +or \fBPR_UNALIGN_SIGBUS\fP to generate +.B SIGBUS +on unaligned user access. +Alpha also supports an additional flag with the value +of 4 and no corresponding named constant, +which instructs kernel to not fix up +unaligned accesses (it is analogous to providing the +.B UAC_NOFIX +flag in +.B SSI_NVPAIRS +operation of the +.BR setsysinfo () +system call on Tru64). +.\" prctl PR_GET_UNALIGN +.TP +.B PR_GET_UNALIGN +(See +.B PR_SET_UNALIGN +for information on versions and architectures.) +Return unaligned access control bits, in the location pointed to by +.IR "(unsigned int\~*) arg2" . +.\" prctl PR_GET_AUXV +.TP +.BR PR_GET_AUXV " (since Linux 6.4)" +Get the auxiliary vector (auxv) into the buffer pointed to by +.IR "(void\~*) arg2" , +whose length is given by \fIarg3\fP. +If the buffer is not long enough for the full auxiliary vector, +the copy will be truncated. +Return (as the function result) +the full length of the auxiliary vector. +\fIarg4\fP and \fIarg5\fP must be 0. +.TP +.BR PR_SET_MDWE " (since Linux 6.3)" +.\" commit b507808ebce23561d4ff8c2aa1fb949fe402bc61 +Set the calling process' Memory-Deny-Write-Execute protection mask. +Once protection bits are set, +they can not be changed. +.I arg2 +must be a bit mask of: +.RS +.TP +.B PR_MDWE_REFUSE_EXEC_GAIN +New memory mapping protections can't be writable and executable. +Non-executable mappings can't become executable. +.TP +.B PR_MDWE_NO_INHERIT " (since Linux 6.6)" +.\" commit 2a87e5520554034e8c423479740f95bea4a086a0 +Do not propagate MDWE protection to child processes on +.BR fork (2). +Setting this bit requires setting +.B PR_MDWE_REFUSE_EXEC_GAIN +too. +.RE +.TP +.BR PR_GET_MDWE " (since Linux 6.3)" +.\" commit b507808ebce23561d4ff8c2aa1fb949fe402bc61 +Return (as the function result) the Memory-Deny-Write-Execute protection mask +of the calling process. +(See +.B PR_SET_MDWE +for information on the protection mask bits.) +.SH RETURN VALUE +On success, +.BR PR_CAP_AMBIENT + PR_CAP_AMBIENT_IS_SET , +.BR PR_CAPBSET_READ , +.BR PR_GET_DUMPABLE , +.BR PR_GET_FP_MODE , +.BR PR_GET_IO_FLUSHER , +.BR PR_GET_KEEPCAPS , +.BR PR_MCE_KILL_GET , +.BR PR_GET_NO_NEW_PRIVS , +.BR PR_GET_SECUREBITS , +.BR PR_GET_SPECULATION_CTRL , +.BR PR_SVE_GET_VL , +.BR PR_SVE_SET_VL , +.BR PR_GET_TAGGED_ADDR_CTRL , +.BR PR_GET_THP_DISABLE , +.BR PR_GET_TIMING , +.BR PR_GET_TIMERSLACK , +.BR PR_GET_AUXV , +and (if it returns) +.B PR_GET_SECCOMP +return the nonnegative values described above. +All other +.I op +values return 0 on success. +On error, \-1 is returned, and +.I errno +is set to indicate the error. +.SH ERRORS +.TP +.B EACCES +.I op +is +.B PR_SET_SECCOMP +and +.I arg2 +is +.BR SECCOMP_MODE_FILTER , +but the process does not have the +.B CAP_SYS_ADMIN +capability or has not set the +.I no_new_privs +attribute (see the discussion of +.B PR_SET_NO_NEW_PRIVS +above). +.TP +.B EACCES +.I op +is +.BR PR_SET_MM , +and +.I arg3 +is +.BR PR_SET_MM_EXE_FILE , +the file is not executable. +.TP +.B EBADF +.I op +is +.BR PR_SET_MM , +.I arg3 +is +.BR PR_SET_MM_EXE_FILE , +and the file descriptor passed in +.I arg4 +is not valid. +.TP +.B EBUSY +.I op +is +.BR PR_SET_MM , +.I arg3 +is +.BR PR_SET_MM_EXE_FILE , +and this the second attempt to change the +.IR /proc/ pid /exe +symbolic link, which is prohibited. +.TP +.B EFAULT +.I arg2 +is an invalid address. +.TP +.B EFAULT +.I op +is +.BR PR_SET_SECCOMP , +.I arg2 +is +.BR SECCOMP_MODE_FILTER , +the system was built with +.BR CONFIG_SECCOMP_FILTER , +and +.I arg3 +is an invalid address. +.TP +.B EFAULT +.I op +is +.B PR_SET_SYSCALL_USER_DISPATCH +and +.I arg5 +has an invalid address. +.TP +.B EINVAL +The value of +.I op +is not recognized, +or not supported on this system. +.TP +.B EINVAL +.I op +is +.B PR_MCE_KILL +or +.B PR_MCE_KILL_GET +or +.BR PR_SET_MM , +and unused +.BR prctl () +arguments were not specified as zero. +.TP +.B EINVAL +.I arg2 +is not valid value for this +.IR op . +.TP +.B EINVAL +.I op +is +.B PR_SET_SECCOMP +or +.BR PR_GET_SECCOMP , +and the kernel was not configured with +.BR CONFIG_SECCOMP . +.TP +.B EINVAL +.I op +is +.BR PR_SET_SECCOMP , +.I arg2 +is +.BR SECCOMP_MODE_FILTER , +and the kernel was not configured with +.BR CONFIG_SECCOMP_FILTER . +.TP +.B EINVAL +.I op +is +.BR PR_SET_MM , +and one of the following is true +.RS +.IP \[bu] 3 +.I arg4 +or +.I arg5 +is nonzero; +.IP \[bu] +.I arg3 +is greater than +.B TASK_SIZE +(the limit on the size of the user address space for this architecture); +.IP \[bu] +.I arg2 +is +.BR PR_SET_MM_START_CODE , +.BR PR_SET_MM_END_CODE , +.BR PR_SET_MM_START_DATA , +.BR PR_SET_MM_END_DATA , +or +.BR PR_SET_MM_START_STACK , +and the permissions of the corresponding memory area are not as required; +.IP \[bu] +.I arg2 +is +.B PR_SET_MM_START_BRK +or +.BR PR_SET_MM_BRK , +and +.I arg3 +is less than or equal to the end of the data segment +or specifies a value that would cause the +.B RLIMIT_DATA +resource limit to be exceeded. +.RE +.TP +.B EINVAL +.I op +is +.B PR_SET_PTRACER +and +.I arg2 +is not 0, +.BR PR_SET_PTRACER_ANY , +or the PID of an existing process. +.TP +.B EINVAL +.I op +is +.B PR_SET_PDEATHSIG +and +.I arg2 +is not a valid signal number. +.TP +.B EINVAL +.I op +is +.B PR_SET_DUMPABLE +and +.I arg2 +is neither +.B SUID_DUMP_DISABLE +nor +.BR SUID_DUMP_USER . +.TP +.B EINVAL +.I op +is +.B PR_SET_TIMING +and +.I arg2 +is not +.BR PR_TIMING_STATISTICAL . +.TP +.B EINVAL +.I op +is +.B PR_SET_NO_NEW_PRIVS +and +.I arg2 +is not equal to 1 +or +.IR arg3 , +.IR arg4 , +or +.I arg5 +is nonzero. +.TP +.B EINVAL +.I op +is +.B PR_GET_NO_NEW_PRIVS +and +.IR arg2 , +.IR arg3 , +.IR arg4 , +or +.I arg5 +is nonzero. +.TP +.B EINVAL +.I op +is +.B PR_SET_THP_DISABLE +and +.IR arg3 , +.IR arg4 , +or +.I arg5 +is nonzero. +.TP +.B EINVAL +.I op +is +.B PR_GET_THP_DISABLE +and +.IR arg2 , +.IR arg3 , +.IR arg4 , +or +.I arg5 +is nonzero. +.TP +.B EINVAL +.I op +is +.B PR_CAP_AMBIENT +and an unused argument +.RI ( arg4 , +.IR arg5 , +or, +in the case of +.BR PR_CAP_AMBIENT_CLEAR_ALL , +.IR arg3 ) +is nonzero; or +.I arg2 +has an invalid value; +or +.I arg2 +is +.BR PR_CAP_AMBIENT_LOWER , +.BR PR_CAP_AMBIENT_RAISE , +or +.B PR_CAP_AMBIENT_IS_SET +and +.I arg3 +does not specify a valid capability. +.TP +.B EINVAL +.I op +was +.B PR_GET_SPECULATION_CTRL +or +.B PR_SET_SPECULATION_CTRL +and unused arguments to +.BR prctl () +are not 0. +.TP +.B EINVAL +.I op +is +.B PR_PAC_RESET_KEYS +and the arguments are invalid or unsupported. +See the description of +.B PR_PAC_RESET_KEYS +above for details. +.TP +.B EINVAL +.I op +is +.B PR_SVE_SET_VL +and the arguments are invalid or unsupported, +or SVE is not available on this platform. +See the description of +.B PR_SVE_SET_VL +above for details. +.TP +.B EINVAL +.I op +is +.B PR_SVE_GET_VL +and SVE is not available on this platform. +.TP +.B EINVAL +.I op +is +.B PR_SET_SYSCALL_USER_DISPATCH +and one of the following is true: +.RS +.IP \[bu] 3 +.I arg2 +is +.B PR_SYS_DISPATCH_OFF +and the remaining arguments are not 0; +.IP \[bu] +.I arg2 +is +.B PR_SYS_DISPATCH_ON +and the memory range specified is outside the +address space of the process. +.IP \[bu] +.I arg2 +is invalid. +.RE +.TP +.B EINVAL +.I op +is +.B PR_SET_TAGGED_ADDR_CTRL +and the arguments are invalid or unsupported. +See the description of +.B PR_SET_TAGGED_ADDR_CTRL +above for details. +.TP +.B EINVAL +.I op +is +.B PR_GET_TAGGED_ADDR_CTRL +and the arguments are invalid or unsupported. +See the description of +.B PR_GET_TAGGED_ADDR_CTRL +above for details. +.TP +.B ENODEV +.I op +was +.B PR_SET_SPECULATION_CTRL +the kernel or CPU does not support the requested speculation misfeature. +.TP +.B ENXIO +.I op +was +.B PR_MPX_ENABLE_MANAGEMENT +or +.B PR_MPX_DISABLE_MANAGEMENT +and the kernel or the CPU does not support MPX management. +Check that the kernel and processor have MPX support. +.TP +.B ENXIO +.I op +was +.B PR_SET_SPECULATION_CTRL +implies that the control of the selected speculation misfeature is not possible. +See +.B PR_GET_SPECULATION_CTRL +for the bit fields to determine which option is available. +.TP +.B EOPNOTSUPP +.I op +is +.B PR_SET_FP_MODE +and +.I arg2 +has an invalid or unsupported value. +.TP +.B EPERM +.I op +is +.BR PR_SET_SECUREBITS , +and the caller does not have the +.B CAP_SETPCAP +capability, +or tried to unset a "locked" flag, +or tried to set a flag whose corresponding locked flag was set +(see +.BR capabilities (7)). +.TP +.B EPERM +.I op +is +.B PR_SET_SPECULATION_CTRL +wherein the speculation was disabled with +.B PR_SPEC_FORCE_DISABLE +and caller tried to enable it again. +.TP +.B EPERM +.I op +is +.BR PR_SET_KEEPCAPS , +and the caller's +.B SECBIT_KEEP_CAPS_LOCKED +flag is set +(see +.BR capabilities (7)). +.TP +.B EPERM +.I op +is +.BR PR_CAPBSET_DROP , +and the caller does not have the +.B CAP_SETPCAP +capability. +.TP +.B EPERM +.I op +is +.BR PR_SET_MM , +and the caller does not have the +.B CAP_SYS_RESOURCE +capability. +.TP +.B EPERM +.I op +is +.B PR_CAP_AMBIENT +and +.I arg2 +is +.BR PR_CAP_AMBIENT_RAISE , +but either the capability specified in +.I arg3 +is not present in the process's permitted and inheritable capability sets, +or the +.B PR_CAP_AMBIENT_LOWER +securebit has been set. +.TP +.B ERANGE +.I op +was +.B PR_SET_SPECULATION_CTRL +and +.I arg3 +is not +.BR PR_SPEC_ENABLE , +.BR PR_SPEC_DISABLE , +.BR PR_SPEC_FORCE_DISABLE , +nor +.BR PR_SPEC_DISABLE_NOEXEC . +.SH VERSIONS +IRIX has a +.BR prctl () +system call (also introduced in Linux 2.1.44 +as irix_prctl on the MIPS architecture), +with prototype +.P +.in +4n +.EX +.BI "ptrdiff_t prctl(int " op ", int " arg2 ", int " arg3 ); +.EE +.in +.P +and operations to get the maximum number of processes per user, +get the maximum number of processors the calling process can use, +find out whether a specified process is currently blocked, +get or set the maximum stack size, and so on. +.SH STANDARDS +Linux. +.SH HISTORY +Linux 2.1.57, +glibc 2.0.6 +.SH SEE ALSO +.BR signal (2), +.BR core (5) |