1 .\" Copyright (C) 1998 Andries Brouwer (aeb@cwi.nl)
2 .\" and Copyright (C) 2002, 2006, 2008, 2012, 2013 Michael Kerrisk <mtk.manpages@gmail.com>
3 .\" and Copyright Guillem Jover <guillem@hadrons.org>
4 .\" and Copyright (C) 2014 Dave Hansen / Intel
6 .\" %%%LICENSE_START(VERBATIM)
7 .\" Permission is granted to make and distribute verbatim copies of this
8 .\" manual provided the copyright notice and this permission notice are
9 .\" preserved on all copies.
11 .\" Permission is granted to copy and distribute modified versions of this
12 .\" manual under the conditions for verbatim copying, provided that the
13 .\" entire resulting derived work is distributed under the terms of a
14 .\" permission notice identical to this one.
16 .\" Since the Linux kernel and libraries are constantly changing, this
17 .\" manual page may be incorrect or out-of-date. The author(s) assume no
18 .\" responsibility for errors or omissions, or for damages resulting from
19 .\" the use of the information contained herein. The author(s) may not
20 .\" have taken the same level of care in the production of this manual,
21 .\" which is licensed free of charge, as they might when working
24 .\" Formatted or processed versions of this manual, if unaccompanied by
25 .\" the source, must acknowledge the copyright and authors of this work.
28 .\" Modified Thu Nov 11 04:19:42 MET 1999, aeb: added PR_GET_PDEATHSIG
29 .\" Modified 27 Jun 02, Michael Kerrisk
30 .\" Added PR_SET_DUMPABLE, PR_GET_DUMPABLE,
31 .\" PR_SET_KEEPCAPS, PR_GET_KEEPCAPS
32 .\" Modified 2006-08-30 Guillem Jover <guillem@hadrons.org>
33 .\" Updated Linux versions where the options where introduced.
34 .\" Added PR_SET_TIMING, PR_GET_TIMING, PR_SET_NAME, PR_GET_NAME,
35 .\" PR_SET_UNALIGN, PR_GET_UNALIGN, PR_SET_FPEMU, PR_GET_FPEMU,
36 .\" PR_SET_FPEXC, PR_GET_FPEXC
37 .\" 2008-04-29 Serge Hallyn, Document PR_CAPBSET_READ and PR_CAPBSET_DROP
38 .\" 2008-06-13 Erik Bosman, <ejbosman@cs.vu.nl>
39 .\" Document PR_GET_TSC and PR_SET_TSC.
40 .\" 2008-06-15 mtk, Document PR_SET_SECCOMP, PR_GET_SECCOMP
41 .\" 2009-10-03 Andi Kleen, document PR_MCE_KILL
42 .\" 2012-04 Cyrill Gorcunov, Document PR_SET_MM
43 .\" 2012-04-25 Michael Kerrisk, Document PR_TASK_PERF_EVENTS_DISABLE and
44 .\" PR_TASK_PERF_EVENTS_ENABLE
45 .\" 2012-09-20 Kees Cook, update PR_SET_SECCOMP for mode 2
46 .\" 2012-09-20 Kees Cook, document PR_SET_NO_NEW_PRIVS, PR_GET_NO_NEW_PRIVS
47 .\" 2012-10-25 Michael Kerrisk, Document PR_SET_TIMERSLACK and
49 .\" 2013-01-10 Kees Cook, document PR_SET_PTRACER
50 .\" 2012-02-04 Michael kerrisk, document PR_{SET,GET}_CHILD_SUBREAPER
51 .\" 2014-11-10 Dave Hansen, document PR_MPX_{EN,DIS}ABLE_MANAGEMENT
54 .TH PRCTL 2 2015-02-01 "Linux" "Linux Programmer's Manual"
56 prctl \- operations on a process
59 .B #include <sys/prctl.h>
61 .BI "int prctl(int " option ", unsigned long " arg2 ", unsigned long " arg3 ,
62 .BI " unsigned long " arg4 ", unsigned long " arg5 );
66 is called with a first argument describing what to do
67 (with values defined in \fI<linux/prctl.h>\fP), and further
68 arguments with a significance depending on the first one.
69 The first argument can be:
71 .BR PR_CAPBSET_READ " (since Linux 2.6.25)"
72 Return (as the function result) 1 if the capability specified in
74 is in the calling thread's capability bounding set,
76 (The capability constants are defined in
77 .IR <linux/capability.h> .)
78 The capability bounding set dictates
79 whether the process can receive the capability through a
80 file's permitted capability set on a subsequent call to
83 If the capability specified in
85 is not valid, then the call fails with the error
88 .BR PR_CAPBSET_DROP " (since Linux 2.6.25)"
89 If the calling thread has the
91 capability, then drop the capability specified by
93 from the calling thread's capability bounding set.
94 Any children of the calling thread will inherit the newly
97 The call fails with the error:
99 if the calling thread does not have the
104 does not represent a valid capability; or
106 if file capabilities are not enabled in the kernel,
107 in which case bounding sets are not supported.
109 .BR PR_SET_CHILD_SUBREAPER " (since Linux 3.4)"
110 .\" commit ebec18a6d3aa1e7d84aab16225e87fd25170ec2b
114 set the "child subreaper" attribute of the calling process;
117 is zero, unset the attribute.
118 When a process is marked as a child subreaper,
119 all of the children that it creates, and their descendants,
120 will be marked as having a subreaper.
121 In effect, a subreaper fulfills the role of
123 for its descendant processes.
124 Upon termination of a process
125 that is orphaned (i.e., its immediate parent has already terminated)
126 and marked as having a subreaper,
127 the nearest still living ancestor subreaper
130 signal and be able to
132 on the process to discover its termination status.
134 .BR PR_GET_CHILD_SUBREAPER " (since Linux 3.4)"
135 Return the "child subreaper" setting of the caller,
136 in the location pointed to by
137 .IR "(int\ *) arg2" .
139 .BR PR_SET_DUMPABLE " (since Linux 2.3.20)"
140 Set the state of the flag determining whether core dumps are produced
141 for the calling process upon delivery of a signal whose default behavior is
142 to produce a core dump.
143 (Normally, this flag is set for a process by default, but it is cleared
144 when a set-user-ID or set-group-ID program is executed and also by
145 various system calls that manipulate process UIDs and GIDs).
146 In kernels up to and including 2.6.12,
148 must be either 0 (process is not dumpable) or 1 (process is dumpable).
149 Between kernels 2.6.13 and 2.6.17, the value 2 was also permitted,
150 which caused any binary which normally would not be dumped
151 to be dumped readable by root only;
152 for security reasons, this feature has been removed.
153 .\" See http://marc.theaimsgroup.com/?l=linux-kernel&m=115270289030630&w=2
154 .\" Subject: Fix prctl privilege escalation (CVE-2006-2451)
155 .\" From: Marcel Holtmann <marcel () holtmann ! org>
156 .\" Date: 2006-07-12 11:12:00
157 (See also the description of
158 .I /proc/sys/fs/suid_dumpable
161 Processes that are not dumpable can not be attached via
165 .BR PR_GET_DUMPABLE " (since Linux 2.3.20)"
166 Return (as the function result) the current state of the calling
167 process's dumpable flag.
168 .\" Since Linux 2.6.13, the dumpable flag can have the value 2,
169 .\" but in 2.6.13 PR_GET_DUMPABLE simply returns 1 if the dumpable
170 .\" flags has a nonzero value. This was fixed in 2.6.14.
172 .BR PR_SET_ENDIAN " (since Linux 2.6.18, PowerPC only)"
173 Set the endian-ness of the calling process to the value given
174 in \fIarg2\fP, which should be one of the following:
175 .\" Respectively 0, 1, 2
177 .BR PR_ENDIAN_LITTLE ,
179 .B PR_ENDIAN_PPC_LITTLE
180 (PowerPC pseudo little endian).
182 .BR PR_GET_ENDIAN " (since Linux 2.6.18, PowerPC only)"
183 Return the endian-ness of the calling process,
184 in the location pointed to by
185 .IR "(int\ *) arg2" .
187 .BR PR_SET_FPEMU " (since Linux 2.4.18, 2.5.9, only on ia64)"
188 Set floating-point emulation control bits to \fIarg2\fP.
189 Pass \fBPR_FPEMU_NOPRINT\fP to silently emulate fp operations accesses, or
190 \fBPR_FPEMU_SIGFPE\fP to not emulate fp operations and send
194 .BR PR_GET_FPEMU " (since Linux 2.4.18, 2.5.9, only on ia64)"
195 Return floating-point emulation control bits,
196 in the location pointed to by
197 .IR "(int\ *) arg2" .
199 .BR PR_SET_FPEXC " (since Linux 2.4.21, 2.5.32, only on PowerPC)"
200 Set floating-point exception mode to \fIarg2\fP.
201 Pass \fBPR_FP_EXC_SW_ENABLE\fP to use FPEXC for FP exception enables,
202 \fBPR_FP_EXC_DIV\fP for floating-point divide by zero,
203 \fBPR_FP_EXC_OVF\fP for floating-point overflow,
204 \fBPR_FP_EXC_UND\fP for floating-point underflow,
205 \fBPR_FP_EXC_RES\fP for floating-point inexact result,
206 \fBPR_FP_EXC_INV\fP for floating-point invalid operation,
207 \fBPR_FP_EXC_DISABLED\fP for FP exceptions disabled,
208 \fBPR_FP_EXC_NONRECOV\fP for async nonrecoverable exception mode,
209 \fBPR_FP_EXC_ASYNC\fP for async recoverable exception mode,
210 \fBPR_FP_EXC_PRECISE\fP for precise exception mode.
212 .BR PR_GET_FPEXC " (since Linux 2.4.21, 2.5.32, only on PowerPC)"
213 Return floating-point exception mode,
214 in the location pointed to by
215 .IR "(int\ *) arg2" .
217 .BR PR_SET_KEEPCAPS " (since Linux 2.2.18)"
218 Set the state of the thread's "keep capabilities" flag,
219 which determines whether the threads's permitted
220 capability set is cleared when a change is made to the threads's user IDs
221 such that the threads's real UID, effective UID, and saved set-user-ID
222 all become nonzero when at least one of them previously had the value 0.
223 By default, the permitted capability set is cleared when such a change is made;
224 setting the "keep capabilities" flag prevents it from being cleared.
226 must be either 0 (permitted capabilities are cleared)
227 or 1 (permitted capabilities are kept).
230 capability set is always cleared when such a credential change is made,
231 regardless of the setting of the "keep capabilities" flag.)
232 The "keep capabilities" value will be reset to 0 on subsequent calls to
235 .BR PR_GET_KEEPCAPS " (since Linux 2.2.18)"
236 Return (as the function result) the current state of the calling threads's
237 "keep capabilities" flag.
239 .BR PR_SET_NAME " (since Linux 2.6.9)"
240 Set the name of the calling thread,
241 using the value in the location pointed to by
242 .IR "(char\ *) arg2" .
243 The name can be up to 16 bytes long,
244 .\" TASK_COMM_LEN in include/linux/sched.h
245 including the terminating null byte.
246 (If the length of the string, including the terminating null byte,
247 exceeds 16 bytes, the string is silently truncated.)
248 This is the same attribute that can be set via
249 .BR pthread_setname_np (3)
251 .BR pthread_getname_np (3).
252 The attribute is likewise accessible via
253 .IR /proc/self/task/[tid]/comm ,
256 is the name of the calling thread.
258 .BR PR_GET_NAME " (since Linux 2.6.11)"
259 Return the name of the calling thread,
260 in the buffer pointed to by
261 .IR "(char\ *) arg2" .
262 The buffer should allow space for up to 16 bytes;
263 the returned string will be null-terminated.
265 .BR PR_SET_NO_NEW_PRIVS " (since Linux 3.5)"
266 Set the calling process's
274 promises not to grant privileges to do anything
275 that could not have been done without the
278 rendering the set-user-ID and set-group-ID permission bits,
279 and file capabilities non-functional).
280 Once set, this bit cannot be unset.
281 The setting of this bit is inherited by children created by
288 For more information, see the kernel source file
289 .IR Documentation/prctl/no_new_privs.txt .
291 .BR PR_GET_NO_NEW_PRIVS " (since Linux 3.5)"
292 Return (as the function result) the value of the
294 bit for the current process.
295 A value of 0 indicates the regular
298 A value of 1 indicates
300 will operate in the privilege-restricting mode described above.
302 .BR PR_SET_PDEATHSIG " (since Linux 2.1.57)"
303 Set the parent process death signal
304 of the calling process to \fIarg2\fP (either a signal value
305 in the range 1..maxsig, or 0 to clear).
306 This is the signal that the calling process will get when its
308 This value is cleared for the child of a
310 and (since Linux 2.4.36 / 2.6.23)
311 when executing a set-user-ID or set-group-ID binary.
312 This value is preserved across
315 .BR PR_GET_PDEATHSIG " (since Linux 2.3.15)"
316 Return the current value of the parent process death signal,
317 in the location pointed to by
318 .IR "(int\ *) arg2" .
320 .BR PR_SET_PTRACER " (since Linux 3.4)"
321 .\" commit 2d514487faf188938a4ee4fb3464eeecfbdcf8eb
322 .\" commit bf06189e4d14641c0148bea16e9dd24943862215
323 This is meaningful only when the Yama LSM is enabled and in mode 1
324 ("restricted ptrace", visible via
325 .IR /proc/sys/kernel/yama/ptrace_scope ).
326 When a "ptracer process ID" is passed in \fIarg2\fP,
327 the caller is declaring that the ptracer process can
329 the calling process as if it were a direct process ancestor.
332 operation replaces the previous "ptracer process ID".
337 set to 0 clears the caller's "ptracer process ID".
341 .BR PR_SET_PTRACER_ANY ,
342 the ptrace restrictions introduced by Yama are effectively disabled for the
345 For further information, see the kernel source file
346 .IR Documentation/security/Yama.txt .
348 .BR PR_SET_SECCOMP " (since Linux 2.6.23)"
349 .\" See http://thread.gmane.org/gmane.linux.kernel/542632
350 .\" [PATCH 0 of 2] seccomp updates
351 .\" andrea@cpushare.com
352 Set the secure computing (seccomp) mode for the calling thread, to limit
353 the available system calls.
356 system call provides a superset of the functionality of
359 The seccomp mode is selected via
361 (The seccomp constants are defined in
362 .IR <linux/seccomp.h> .)
367 .BR SECCOMP_MODE_STRICT ,
368 the only system calls that the thread is permitted to make are
374 Other system calls result in the delivery of a
377 Strict secure computing mode is useful for number-crunching applications
378 that may need to execute untrusted byte code,
379 perhaps obtained by reading from a pipe or socket.
380 This operation is available only
381 if the kernel is configured with
388 .BR SECCOMP_MODE_FILTER " (since Linux 3.5),"
389 the system calls allowed are defined by a pointer
390 to a Berkeley Packet Filter passed in
392 This argument is a pointer to
393 .IR "struct sock_fprog" ;
394 it can be designed to filter
395 arbitrary system calls and system call arguments.
396 This mode is available only if the kernel is configured with
397 .B CONFIG_SECCOMP_FILTER
401 .BR SECCOMP_MODE_FILTER
404 then the seccomp mode is inherited by children created by
408 is permitted, then the seccomp mode is preserved across
410 If the filters permit
412 calls, then additional filters can be added;
413 they are run in order until the first non-allow result is seen.
415 For further information, see the kernel source file
416 .IR Documentation/prctl/seccomp_filter.txt .
418 .BR PR_GET_SECCOMP " (since Linux 2.6.23)"
419 Return (as the function result)
420 the secure computing mode of the calling thread.
421 If the caller is not in secure computing mode, this operation returns 0;
422 if the caller is in strict secure computing mode, then the
426 signal to be sent to the process.
427 If the caller is in filter mode, and this system call is allowed by the
428 seccomp filters, it returns 2; otherwise, the process is killed with a
431 This operation is available only
432 if the kernel is configured with
439 .IR /proc/[pid]/status
440 file provides a method of obtaining the same information,
441 without the risk that the process is killed; see
444 .BR PR_SET_SECUREBITS " (since Linux 2.6.26)"
445 Set the "securebits" flags of the calling thread to the value supplied in
448 .BR capabilities (7).
450 .BR PR_GET_SECUREBITS " (since Linux 2.6.26)"
451 Return (as the function result)
452 the "securebits" flags of the calling thread.
454 .BR capabilities (7).
456 .BR PR_SET_THP_DISABLE " (since Linux 3.15)"
457 .\" commit a0715cc22601e8830ace98366c0c2bd8da52af52
458 Set the state of the "THP disable" flag for the calling thread.
461 has a nonzero value, the flag is set, otherwise it is cleared.
462 Setting this flag provides a method
463 for disabling transparent huge pages
464 for jobs where the code cannot be modified, and using a malloc hook with
466 is not an option (i.e., statically allocated data).
467 The setting of the "THP disable" flag is inherited by a child created via
469 and is preserved across
472 .BR PR_GET_THP_DISABLE " (since Linux 3.15)"
473 Return (via the function result) the current setting of the "THP disable"
474 flag for the calling thread:
475 either 1, if the flag is set, or 0, if it is not.
477 .BR PR_GET_TID_ADDRESS " (since Linux 3.5)"
478 .\" commit 300f786b2683f8bb1ec0afb6e1851183a479c86d
482 .BR set_tid_address (2)
485 .B CLONE_CHILD_CLEARTID
486 flag, in the location pointed to by
487 .IR "(int\ **)\ arg2" .
488 This feature is available only if the kernel is built with the
489 .BR CONFIG_CHECKPOINT_RESTORE
492 .BR PR_SET_TIMERSLACK " (since Linux 2.6.28)"
493 .\" See https://lwn.net/Articles/369549/
494 .\" commit 6976675d94042fbd446231d1bd8b7de71a980ada
495 Set the current timer slack for the calling thread to the nanosecond value
500 is less than or equal to zero,
501 .\" It seems that it's not possible to set the timer slack to zero;
502 .\" The minimum value is 1? Seems a little strange.
503 reset the current timer slack to the thread's default timer slack value.
504 The timer slack is used by the kernel to group timer expirations
505 for the calling thread that are close to one another;
506 as a consequence, timer expirations for the thread may be
507 up to the specified number of nanoseconds late (but will never expire early).
508 Grouping timer expirations can help reduce system power consumption
509 by minimizing CPU wake-ups.
511 The timer expirations affected by timer slack are those set by
518 .BR clock_nanosleep (2),
522 (and thus the library functions implemented via futexes, including
523 .\" List obtained by grepping for futex usage in glibc source
524 .BR pthread_cond_timedwait (3),
525 .BR pthread_mutex_timedlock (3),
526 .BR pthread_rwlock_timedrdlock (3),
527 .BR pthread_rwlock_timedwrlock (3),
529 .BR sem_timedwait (3)).
531 Timer slack is not applied to threads that are scheduled under
532 a real-time scheduling policy (see
533 .BR sched_setscheduler (2)).
535 Each thread has two associated timer slack values:
536 a "default" value, and a "current" value.
537 The current value is the one that governs grouping
538 of timer expirations.
539 When a new thread is created,
540 the two timer slack values are made the same as the current value
541 of the creating thread.
542 Thereafter, a thread can adjust its current timer slack value via
543 .BR PR_SET_TIMERSLACK
544 (the default value can't be changed).
545 The timer slack values of
547 (PID 1), the ancestor of all processes,
548 are 50,000 nanoseconds (50 microseconds).
549 The timer slack values are preserved across
552 .BR PR_GET_TIMERSLACK " (since Linux 2.6.28)"
553 Return (as the function result)
554 the current timer slack value of the calling thread.
556 .BR PR_SET_TIMING " (since Linux 2.6.0-test4)"
557 Set whether to use (normal, traditional) statistical process timing or
558 accurate timestamp-based process timing, by passing
559 .B PR_TIMING_STATISTICAL
562 .B PR_TIMING_TIMESTAMP
565 .B PR_TIMING_TIMESTAMP
566 is not currently implemented
567 (attempting to set this mode will yield the error
569 .\" PR_TIMING_TIMESTAMP doesn't do anything in 2.6.26-rc8,
570 .\" and looking at the patch history, it appears
571 .\" that it never did anything.
573 .BR PR_GET_TIMING " (since Linux 2.6.0-test4)"
574 Return (as the function result) which process timing method is currently
577 .BR PR_TASK_PERF_EVENTS_DISABLE " (since Linux 2.6.31)"
578 Disable all performance counters attached to the calling process,
579 regardless of whether the counters were created by
580 this process or another process.
581 Performance counters created by the calling process for other
582 processes are unaffected.
583 For more information on performance counters, see the Linux kernel source file
584 .IR tools/perf/design.txt .
587 .BR PR_TASK_PERF_COUNTERS_DISABLE ;
588 .\" commit 1d1c7ddbfab358445a542715551301b7fc363e28
589 renamed (with same numerical value)
592 .BR PR_TASK_PERF_EVENTS_ENABLE " (since Linux 2.6.31)"
594 .BR PR_TASK_PERF_EVENTS_DISABLE ;
595 enable performance counters attached to the calling process.
598 .BR PR_TASK_PERF_COUNTERS_ENABLE ;
599 .\" commit 1d1c7ddbfab358445a542715551301b7fc363e28
601 .\" commit cdd6c482c9ff9c55475ee7392ec8f672eddb7be6
604 .BR PR_SET_TSC " (since Linux 2.6.26, x86 only)"
605 Set the state of the flag determining whether the timestamp counter
606 can be read by the process.
611 to allow it to be read, or
615 when the process tries to read the timestamp counter.
617 .BR PR_GET_TSC " (since Linux 2.6.26, x86 only)"
618 Return the state of the flag determining whether the timestamp counter
620 in the location pointed to by
621 .IR "(int\ *) arg2" .
624 (Only on: ia64, since Linux 2.3.48; parisc, since Linux 2.6.15;
625 PowerPC, since Linux 2.6.18; Alpha, since Linux 2.6.22)
626 Set unaligned access control bits to \fIarg2\fP.
628 \fBPR_UNALIGN_NOPRINT\fP to silently fix up unaligned user accesses,
629 or \fBPR_UNALIGN_SIGBUS\fP to generate
631 on unaligned user access.
636 for information on versions and architectures)
637 Return unaligned access control bits, in the location pointed to by
638 .IR "(int\ *) arg2" .
640 .BR PR_MCE_KILL " (since Linux 2.6.32)"
641 Set the machine check memory corruption kill policy for the current thread.
645 .BR PR_MCE_KILL_CLEAR ,
646 clear the thread memory corruption kill policy and use the system-wide default.
647 (The system-wide default is defined by
648 .IR /proc/sys/vm/memory_failure_early_kill ;
654 .BR PR_MCE_KILL_SET ,
655 use a thread-specific memory corruption kill policy.
658 defines whether the policy is
660 .RB ( PR_MCE_KILL_EARLY ),
662 .RB ( PR_MCE_KILL_LATE ),
663 or the system-wide default
664 .RB ( PR_MCE_KILL_DEFAULT ).
665 Early kill means that the thread receives a
667 signal as soon as hardware memory corruption is detected inside
669 In late kill mode, the process is killed only when it accesses a corrupted page.
672 for more information on the
675 The policy is inherited by children.
678 arguments must be zero for future compatibility.
680 .BR PR_MCE_KILL_GET " (since Linux 2.6.32)"
681 Return the current per-process machine check kill policy.
684 arguments must be zero.
686 .BR PR_SET_MM " (since Linux 3.3)"
687 .\" commit 028ee4be34a09a6d48bdf30ab991ae933a7bc036
688 Modify certain kernel memory map descriptor fields
689 of the calling process.
690 Usually these fields are set by the kernel and dynamic loader (see
692 for more information) and a regular application should not use this feature.
693 However, there are cases, such as self-modifying programs,
694 where a program might find it useful to change its own memory map.
695 This feature is available only if the kernel is built with the
696 .BR CONFIG_CHECKPOINT_RESTORE
698 The calling process must have the
703 is one of the options below, while
705 provides a new value for the option.
708 .BR PR_SET_MM_START_CODE
709 Set the address above which the program text can run.
710 The corresponding memory area must be readable and executable,
711 but not writable or sharable (see
715 for more information).
717 .BR PR_SET_MM_END_CODE
718 Set the address below which the program text can run.
719 The corresponding memory area must be readable and executable,
720 but not writable or sharable.
722 .BR PR_SET_MM_START_DATA
723 Set the address above which initialized and
724 uninitialized (bss) data are placed.
725 The corresponding memory area must be readable and writable,
726 but not executable or sharable.
728 .B PR_SET_MM_END_DATA
729 Set the address below which initialized and
730 uninitialized (bss) data are placed.
731 The corresponding memory area must be readable and writable,
732 but not executable or sharable.
734 .BR PR_SET_MM_START_STACK
735 Set the start address of the stack.
736 The corresponding memory area must be readable and writable.
738 .BR PR_SET_MM_START_BRK
739 Set the address above which the program heap can be expanded with
742 The address must be greater than the ending address of
743 the current program data segment.
744 In addition, the combined size of the resulting heap and
745 the size of the data segment can't exceed the
754 The requirements for the address are the same as for the
755 .BR PR_SET_MM_START_BRK
758 The following options are available since Linux 3.5.
759 .\" commit fe8c7f5cbf91124987106faa3bdf0c8b955c4cf7
761 .BR PR_SET_MM_ARG_START
762 Set the address above which the program command line is placed.
764 .BR PR_SET_MM_ARG_END
765 Set the address below which the program command line is placed.
767 .BR PR_SET_MM_ENV_START
768 Set the address above which the program environment is placed.
770 .BR PR_SET_MM_ENV_END
771 Set the address below which the program environment is placed.
773 The address passed with
774 .BR PR_SET_MM_ARG_START ,
775 .BR PR_SET_MM_ARG_END ,
776 .BR PR_SET_MM_ENV_START ,
778 .BR PR_SET_MM_ENV_END
779 should belong to a process stack area.
780 Thus, the corresponding memory area must be readable, writable, and
781 (depending on the kernel configuration) have the
787 Set a new auxiliary vector.
790 argument should provide the address of the vector.
793 is the size of the vector.
795 .BR PR_SET_MM_EXE_FILE
796 .\" commit b32dfe377102ce668775f8b6b1461f7ad428f8b6
799 symbolic link with a new one pointing to a new executable file
800 identified by the file descriptor provided in
803 The file descriptor should be obtained with a regular
807 To change the symbolic link, one needs to unmap all existing
808 executable memory areas, including those created by the kernel itself
809 (for example the kernel usually creates at least one executable
810 memory area for the ELF
814 The second limitation is that such transitions can be done only once
815 in a process life time.
816 Any further attempts will be rejected.
817 This should help system administrators monitor unusual
818 symbolic-link transitions over all processes running on a system.
821 .BR PR_MPX_ENABLE_MANAGEMENT ", " PR_MPX_DISABLE_MANAGEMENT " (since Linux 3.19) "
822 .\" commit fe3d197f84319d3bce379a9c0dc17b1f48ad358c
823 .\" See also http://lwn.net/Articles/582712/
824 .\" See also https://gcc.gnu.org/wiki/Intel%20MPX%20support%20in%20the%20GCC%20compiler
825 Enable or disable kernel management of Memory Protection eXtensions (MPX)
833 .\" commit e9d1b4f3c60997fe197bf0243cb4a41a44387a88
834 arguments must be zero.
836 MPX is a hardware-assisted mechanism for performing bounds checking on
838 It consists of a set of registers storing bounds information
839 and a set of special instruction prefixes that tell the CPU on which
840 instructions it should do bounds enforcement.
841 There is a limited number of these registers and
842 when there are more pointers than registers,
843 their contents must be "spilled" into a set of tables.
844 These tables are called "bounds tables" and the MPX
847 whether the kernel manages their allocation and freeing.
849 When management is enabled, the kernel will take over allocation
850 and freeing of the bounds tables.
851 It does this by trapping the #BR exceptions that result
852 at first use of missing bounds tables and
853 instead of delivering the exception to user space,
854 it allocates the table and populates the bounds directory
855 with the location of the new table.
856 For freeing, the kernel checks to see if bounds tables are
857 present for memory which is not allocated, and frees them if so.
859 Before enabling MPX management using
860 .BR PR_MPX_ENABLE_MANAGEMENT ,
861 the application must first have allocated a user-space buffer for
862 the bounds directory and placed the location of that directory in the
866 These calls will fail if the CPU or kernel does not support MPX.
867 Kernel support for MPX is enabled via the
868 .BR CONFIG_X86_INTEL_MPX
869 configuration option.
870 You can check whether the CPU supports MPX by looking for the 'mpx'
871 CPUID bit, like with the following command:
873 cat /proc/cpuinfo | grep ' mpx '
875 A thread may not switch in or out of long (64-bit) mode while MPX is
878 All threads in a process are affected by these calls.
882 inherits the state of MPX management.
885 MPX management is reset to a state as if
886 .BR PR_MPX_DISABLE_MANAGEMENT
889 For further information on Intel MPX, see the kernel source file
890 .IR Documentation/x86/intel_mpx.txt .
894 .BR PR_GET_DUMPABLE ,
895 .BR PR_GET_KEEPCAPS ,
896 .BR PR_GET_NO_NEW_PRIVS ,
897 .BR PR_GET_THP_DISABLE ,
898 .BR PR_CAPBSET_READ ,
900 .BR PR_GET_TIMERSLACK ,
901 .BR PR_GET_SECUREBITS ,
902 .BR PR_MCE_KILL_GET ,
905 return the nonnegative values described above.
908 values return 0 on success.
909 On error, \-1 is returned, and
911 is set appropriately.
916 is an invalid address.
924 .BR SECCOMP_MODE_FILTER ,
925 the system was built with
926 .BR CONFIG_SECCOMP_FILTER ,
929 is an invalid address.
946 arguments were not specified as zero.
950 is not valid value for this
959 and the kernel was not configured with
968 .BR SECCOMP_MODE_FILTER ,
969 and the kernel was not configured with
970 .BR CONFIG_SECCOMP_FILTER .
976 and one of the following is true
987 (the limit on the size of the user address space for this architecture);
991 .BR PR_SET_MM_START_CODE ,
992 .BR PR_SET_MM_END_CODE ,
993 .BR PR_SET_MM_START_DATA ,
994 .BR PR_SET_MM_END_DATA ,
996 .BR PR_SET_MM_START_STACK ,
997 and the permissions of the corresponding memory area are not as required;
1001 .BR PR_SET_MM_START_BRK
1006 is less than or equal to the end of the data segment
1007 or specifies a value that would cause the
1009 resource limit to be exceeded.
1019 .BR PR_SET_PTRACER_ANY ,
1020 or the PID of an existing process.
1028 is not a valid signal number.
1037 .B SUID_DUMP_DISABLE
1039 .BR SUID_DUMP_USER .
1048 .BR PR_TIMING_STATISTICAL .
1053 .BR PR_SET_NO_NEW_PRIVS
1067 .BR PR_GET_NO_NEW_PRIVS
1079 .BR PR_SET_THP_DISABLE
1090 .BR PR_GET_THP_DISABLE
1102 .BR PR_SET_SECUREBITS ,
1103 and the caller does not have the
1106 or tried to unset a "locked" flag,
1107 or tried to set a flag whose corresponding locked flag was set
1109 .BR capabilities (7)).
1114 .BR PR_SET_KEEPCAPS ,
1116 .B SECURE_KEEP_CAPS_LOCKED
1119 .BR capabilities (7)).
1124 .BR PR_CAPBSET_DROP ,
1125 and the caller does not have the
1133 and the caller does not have the
1144 .BR PR_SET_MM_EXE_FILE ,
1145 the file is not executable.
1153 .BR PR_SET_MM_EXE_FILE ,
1154 and this the second attempt to change the
1156 symbolic link, which is prohibited.
1164 .BR PR_SET_MM_EXE_FILE ,
1165 and the file descriptor passed in
1168 .\" The following can't actually happen, because prctl() in
1169 .\" seccomp mode will cause SIGKILL.
1174 .\" .BR PR_SET_SECCOMP ,
1175 .\" and secure computing mode is already 1.
1180 .BR PR_MPX_ENABLE_MANAGEMENT
1182 .BR PR_MPX_DISABLE_MANAGEMENT
1183 and the kernel or the CPU does not support MPX management.
1184 Check that the kernel and processor have MPX support.
1188 system call was introduced in Linux 2.1.57.
1189 .\" The library interface was added in glibc 2.0.6
1191 This call is Linux-specific.
1194 system call (also introduced in Linux 2.1.44
1195 as irix_prctl on the MIPS architecture),
1198 .BI "ptrdiff_t prctl(int " option ", int " arg2 ", int " arg3 );
1200 and options to get the maximum number of processes per user,
1201 get the maximum number of processors the calling process can use,
1202 find out whether a specified process is currently blocked,
1203 get or set the maximum stack size, and so on.
1208 This page is part of release 3.79 of the Linux
1211 A description of the project,
1212 information about reporting bugs,
1213 and the latest version of this page,
1215 \%http://www.kernel.org/doc/man\-pages/.