From 0db324e2e5d9d3347ea0e93138372fb65aac09e6 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Mon, 15 Apr 2024 21:41:09 +0200 Subject: Merging upstream version 6.7. Signed-off-by: Daniel Baumann --- man2/prctl.2 | 141 ++++++++++++++++++++++++++++++++++++----------------------- 1 file changed, 87 insertions(+), 54 deletions(-) (limited to 'man2/prctl.2') diff --git a/man2/prctl.2 b/man2/prctl.2 index a592bba..c6dae6d 100644 --- a/man2/prctl.2 +++ b/man2/prctl.2 @@ -36,7 +36,7 @@ .\" 2014-11-10 Dave Hansen, document PR_MPX_{EN,DIS}ABLE_MANAGEMENT .\" .\" -.TH prctl 2 2023-07-28 "Linux man-pages 6.05.01" +.TH prctl 2 2024-03-03 "Linux man-pages 6.7" .SH NAME prctl \- operations on a process or thread .SH LIBRARY @@ -45,8 +45,8 @@ Standard C library .SH SYNOPSIS .nf .B #include -.PP -.BI "int prctl(int " option ", ..." +.P +.BI "int prctl(int " op ", ..." .BI " \fR/*\fP unsigned long " arg2 ", unsigned long " arg3 , .BI " unsigned long " arg4 ", unsigned long " arg5 " \fR*/\fP );" .fi @@ -54,12 +54,12 @@ Standard C library .BR prctl () manipulates various aspects of the behavior of the calling thread or process. -.PP +.P Note that careless use of some .BR prctl () operations can confuse the user-space run-time environment, so these operations should be used with care. -.PP +.P .BR prctl () is called with a first argument describing what to do (with values defined in \fI\fP), and further @@ -379,7 +379,7 @@ can operate only when this bit is Applications that use the O32 FPXX ABI can operate with either .B FR=0 or -.B FR=1 . +.BR FR=1 . .TP .B PR_FP_MODE_FRE Enable emulation of 32-bit floating-point mode. @@ -414,7 +414,7 @@ so FPU emulation is not required and the FPU always operates in .B FR=1 mode. .IP -This option is mainly intended for use by the dynamic linker +This operation is mainly intended for use by the dynamic linker .RB ( ld.so (8)). .IP The arguments @@ -674,7 +674,7 @@ value. The requirements for the address are the same as for the .B PR_SET_MM_START_BRK option. -.PP +.P The following options are available since Linux 3.5. .\" commit fe8c7f5cbf91124987106faa3bdf0c8b955c4cf7 .TP @@ -741,7 +741,7 @@ This restriction was enforced for security reasons that were subsequently deemed specious, and the restriction was removed in Linux 4.10 because some user-space applications needed to perform this operation more than once. -.PP +.P The following options are available since Linux 3.18. .\" commit f606b77f1a9e362451aca8f81d8f36a3a112139e .TP @@ -806,7 +806,9 @@ except \[aq][\[aq], \[aq]]\[aq], \[aq]\e\[aq], \[aq]$\[aq], and \[aq]\[ga]\[aq]. .RE .\" prctl PR_MPX_ENABLE_MANAGEMENT .TP -.BR PR_MPX_ENABLE_MANAGEMENT ", " PR_MPX_DISABLE_MANAGEMENT " (since Linux 3.19, removed in Linux 5.4; only on x86)" +.B PR_MPX_ENABLE_MANAGEMENT +.TQ +.BR PR_MPX_DISABLE_MANAGEMENT " (since Linux 3.19, removed in Linux 5.4; only on x86)" .\" commit fe3d197f84319d3bce379a9c0dc17b1f48ad358c .\" See also http://lwn.net/Articles/582712/ .\" See also https://gcc.gnu.org/wiki/Intel%20MPX%20support%20in%20the%20GCC%20compiler @@ -2041,6 +2043,36 @@ the copy will be truncated. Return (as the function result) the full length of the auxiliary vector. \fIarg4\fP and \fIarg5\fP must be 0. +.TP +.BR PR_SET_MDWE " (since Linux 6.3)" +.\" commit b507808ebce23561d4ff8c2aa1fb949fe402bc61 +Set the calling process' Memory-Deny-Write-Execute protection mask. +Once protection bits are set, +they can not be changed. +.I arg2 +must be a bit mask of: +.RS +.TP +.B PR_MDWE_REFUSE_EXEC_GAIN +New memory mapping protections can't be writable and executable. +Non-executable mappings can't become executable. +.TP +.B PR_MDWE_NO_INHERIT " (since Linux 6.6)" +.\" commit 2a87e5520554034e8c423479740f95bea4a086a0 +Do not propagate MDWE protection to child processes on +.BR fork (2). +Setting this bit requires setting +.B PR_MDWE_REFUSE_EXEC_GAIN +too. +.RE +.TP +.BR PR_GET_MDWE " (since Linux 6.3)" +.\" commit b507808ebce23561d4ff8c2aa1fb949fe402bc61 +Return (as the function result) the Memory-Deny-Write-Execute protection mask +of the calling process. +(See +.B PR_SET_MDWE +for information on the protection mask bits.) .SH RETURN VALUE On success, .BR PR_CAP_AMBIENT + PR_CAP_AMBIENT_IS_SET , @@ -2064,7 +2096,7 @@ and (if it returns) .B PR_GET_SECCOMP return the nonnegative values described above. All other -.I option +.I op values return 0 on success. On error, \-1 is returned, and .I errno @@ -2072,7 +2104,7 @@ is set to indicate the error. .SH ERRORS .TP .B EACCES -.I option +.I op is .B PR_SET_SECCOMP and @@ -2088,7 +2120,7 @@ attribute (see the discussion of above). .TP .B EACCES -.I option +.I op is .BR PR_SET_MM , and @@ -2098,7 +2130,7 @@ is the file is not executable. .TP .B EBADF -.I option +.I op is .BR PR_SET_MM , .I arg3 @@ -2109,7 +2141,7 @@ and the file descriptor passed in is not valid. .TP .B EBUSY -.I option +.I op is .BR PR_SET_MM , .I arg3 @@ -2124,7 +2156,7 @@ symbolic link, which is prohibited. is an invalid address. .TP .B EFAULT -.I option +.I op is .BR PR_SET_SECCOMP , .I arg2 @@ -2137,7 +2169,7 @@ and is an invalid address. .TP .B EFAULT -.I option +.I op is .B PR_SET_SYSCALL_USER_DISPATCH and @@ -2146,12 +2178,12 @@ has an invalid address. .TP .B EINVAL The value of -.I option +.I op is not recognized, or not supported on this system. .TP .B EINVAL -.I option +.I op is .B PR_MCE_KILL or @@ -2165,10 +2197,10 @@ arguments were not specified as zero. .B EINVAL .I arg2 is not valid value for this -.IR option . +.IR op . .TP .B EINVAL -.I option +.I op is .B PR_SET_SECCOMP or @@ -2177,7 +2209,7 @@ and the kernel was not configured with .BR CONFIG_SECCOMP . .TP .B EINVAL -.I option +.I op is .BR PR_SET_SECCOMP , .I arg2 @@ -2187,7 +2219,7 @@ and the kernel was not configured with .BR CONFIG_SECCOMP_FILTER . .TP .B EINVAL -.I option +.I op is .BR PR_SET_MM , and one of the following is true @@ -2227,7 +2259,7 @@ resource limit to be exceeded. .RE .TP .B EINVAL -.I option +.I op is .B PR_SET_PTRACER and @@ -2237,7 +2269,7 @@ is not 0, or the PID of an existing process. .TP .B EINVAL -.I option +.I op is .B PR_SET_PDEATHSIG and @@ -2245,7 +2277,7 @@ and is not a valid signal number. .TP .B EINVAL -.I option +.I op is .B PR_SET_DUMPABLE and @@ -2256,7 +2288,7 @@ nor .BR SUID_DUMP_USER . .TP .B EINVAL -.I option +.I op is .B PR_SET_TIMING and @@ -2265,7 +2297,7 @@ is not .BR PR_TIMING_STATISTICAL . .TP .B EINVAL -.I option +.I op is .B PR_SET_NO_NEW_PRIVS and @@ -2279,7 +2311,7 @@ or is nonzero. .TP .B EINVAL -.I option +.I op is .B PR_GET_NO_NEW_PRIVS and @@ -2291,7 +2323,7 @@ or is nonzero. .TP .B EINVAL -.I option +.I op is .B PR_SET_THP_DISABLE and @@ -2302,7 +2334,7 @@ or is nonzero. .TP .B EINVAL -.I option +.I op is .B PR_GET_THP_DISABLE and @@ -2314,7 +2346,7 @@ or is nonzero. .TP .B EINVAL -.I option +.I op is .B PR_CAP_AMBIENT and an unused argument @@ -2339,7 +2371,7 @@ and does not specify a valid capability. .TP .B EINVAL -.I option +.I op was .B PR_GET_SPECULATION_CTRL or @@ -2347,8 +2379,9 @@ or and unused arguments to .BR prctl () are not 0. +.TP .B EINVAL -.I option +.I op is .B PR_PAC_RESET_KEYS and the arguments are invalid or unsupported. @@ -2357,7 +2390,7 @@ See the description of above for details. .TP .B EINVAL -.I option +.I op is .B PR_SVE_SET_VL and the arguments are invalid or unsupported, @@ -2367,13 +2400,13 @@ See the description of above for details. .TP .B EINVAL -.I option +.I op is .B PR_SVE_GET_VL and SVE is not available on this platform. .TP .B EINVAL -.I option +.I op is .B PR_SET_SYSCALL_USER_DISPATCH and one of the following is true: @@ -2395,7 +2428,7 @@ is invalid. .RE .TP .B EINVAL -.I option +.I op is .B PR_SET_TAGGED_ADDR_CTRL and the arguments are invalid or unsupported. @@ -2404,7 +2437,7 @@ See the description of above for details. .TP .B EINVAL -.I option +.I op is .B PR_GET_TAGGED_ADDR_CTRL and the arguments are invalid or unsupported. @@ -2413,13 +2446,13 @@ See the description of above for details. .TP .B ENODEV -.I option +.I op was .B PR_SET_SPECULATION_CTRL the kernel or CPU does not support the requested speculation misfeature. .TP .B ENXIO -.I option +.I op was .B PR_MPX_ENABLE_MANAGEMENT or @@ -2428,7 +2461,7 @@ and the kernel or the CPU does not support MPX management. Check that the kernel and processor have MPX support. .TP .B ENXIO -.I option +.I op was .B PR_SET_SPECULATION_CTRL implies that the control of the selected speculation misfeature is not possible. @@ -2437,7 +2470,7 @@ See for the bit fields to determine which option is available. .TP .B EOPNOTSUPP -.I option +.I op is .B PR_SET_FP_MODE and @@ -2445,7 +2478,7 @@ and has an invalid or unsupported value. .TP .B EPERM -.I option +.I op is .BR PR_SET_SECUREBITS , and the caller does not have the @@ -2457,7 +2490,7 @@ or tried to set a flag whose corresponding locked flag was set .BR capabilities (7)). .TP .B EPERM -.I option +.I op is .B PR_SET_SPECULATION_CTRL wherein the speculation was disabled with @@ -2465,7 +2498,7 @@ wherein the speculation was disabled with and caller tried to enable it again. .TP .B EPERM -.I option +.I op is .BR PR_SET_KEEPCAPS , and the caller's @@ -2475,7 +2508,7 @@ flag is set .BR capabilities (7)). .TP .B EPERM -.I option +.I op is .BR PR_CAPBSET_DROP , and the caller does not have the @@ -2483,7 +2516,7 @@ and the caller does not have the capability. .TP .B EPERM -.I option +.I op is .BR PR_SET_MM , and the caller does not have the @@ -2491,7 +2524,7 @@ and the caller does not have the capability. .TP .B EPERM -.I option +.I op is .B PR_CAP_AMBIENT and @@ -2506,7 +2539,7 @@ or the securebit has been set. .TP .B ERANGE -.I option +.I op was .B PR_SET_SPECULATION_CTRL and @@ -2523,14 +2556,14 @@ IRIX has a system call (also introduced in Linux 2.1.44 as irix_prctl on the MIPS architecture), with prototype -.PP +.P .in +4n .EX -.BI "ptrdiff_t prctl(int " option ", int " arg2 ", int " arg3 ); +.BI "ptrdiff_t prctl(int " op ", int " arg2 ", int " arg3 ); .EE .in -.PP -and options to get the maximum number of processes per user, +.P +and operations to get the maximum number of processes per user, get the maximum number of processors the calling process can use, find out whether a specified process is currently blocked, get or set the maximum stack size, and so on. -- cgit v1.2.3