1 .\" Hey Emacs! This file is -*- nroff -*- source.
3 .\" Copyright (C) 1998 Andries Brouwer (aeb@cwi.nl)
4 .\" and Copyright (C) 2002 Michael Kerrisk <mtk.manpages@gmail.com>
5 .\" and Copyright Guillem Jover <guillem@hadrons.org>
7 .\" Permission is granted to make and distribute verbatim copies of this
8 .\" manual provided the copyright notice and this permission notice are
9 .\" preserved on all copies.
11 .\" Permission is granted to copy and distribute modified versions of this
12 .\" manual under the conditions for verbatim copying, provided that the
13 .\" entire resulting derived work is distributed under the terms of a
14 .\" permission notice identical to this one.
16 .\" Since the Linux kernel and libraries are constantly changing, this
17 .\" manual page may be incorrect or out-of-date. The author(s) assume no
18 .\" responsibility for errors or omissions, or for damages resulting from
19 .\" the use of the information contained herein. The author(s) may not
20 .\" have taken the same level of care in the production of this manual,
21 .\" which is licensed free of charge, as they might when working
24 .\" Formatted or processed versions of this manual, if unaccompanied by
25 .\" the source, must acknowledge the copyright and authors of this work.
27 .\" Modified Thu Nov 11 04:19:42 MET 1999, aeb: added PR_GET_PDEATHSIG
28 .\" Modified 27 Jun 02, Michael Kerrisk
29 .\" Added PR_SET_DUMPABLE, PR_GET_DUMPABLE,
30 .\" PR_SET_KEEPCAPS, PR_GET_KEEPCAPS
31 .\" Modified 2006-08-30 Guillem Jover <guillem@hadrons.org>
32 .\" Updated Linux versions where the options where introduced.
33 .\" Added PR_SET_TIMING, PR_GET_TIMING, PR_SET_NAME, PR_GET_NAME,
34 .\" PR_SET_UNALIGN, PR_GET_UNALIGN, PR_SET_FPEMU, PR_GET_FPEMU,
35 .\" PR_SET_FPEXC, PR_GET_FPEXC
36 .\" 2008-04-29 Serge Hallyn, Document PR_CAPBSET_READ and PR_CAPBSET_DROP
37 .\" 2008-06-13 Erik Bosman, <ejbosman@cs.vu.nl>
38 .\" Document PR_GET_TSC and PR_SET_TSC.
39 .\" 2008-06-15 mtk, Document PR_SET_SECCOMP, PR_GET_SECCOMP
40 .\" 2009-10-03 Andi Kleen, document PR_MCE_KILL
41 .\" 2012-04 Cyrill Gorcunov, Document PR_SET_MM
42 .\" 2012-04-25 Michael Kerrisk, Document PR_TASK_PERF_EVENTS_DISABLE and
43 .\" PR_TASK_PERF_EVENTS_ENABLE
45 .\" FIXME: Document PR_SET_TIMERSLACK and PR_GET_TIMERSLACK (new in 2.6.28)
46 .\" commit 6976675d94042fbd446231d1bd8b7de71a980ada
48 .TH PRCTL 2 2012-04-23 "Linux" "Linux Programmer's Manual"
50 prctl \- operations on a process
53 .B #include <sys/prctl.h>
55 .BI "int prctl(int " option ", unsigned long " arg2 ", unsigned long " arg3 ,
56 .BI " unsigned long " arg4 ", unsigned long " arg5 );
60 is called with a first argument describing what to do
61 (with values defined in \fI<linux/prctl.h>\fP), and further
62 arguments with a significance depending on the first one.
63 The first argument can be:
65 .BR PR_CAPBSET_READ " (since Linux 2.6.25)"
66 Return (as the function result) 1 if the capability specified in
68 is in the calling thread's capability bounding set,
70 (The capability constants are defined in
71 .IR <linux/capability.h> .)
72 The capability bounding set dictates
73 whether the process can receive the capability through a
74 file's permitted capability set on a subsequent call to
77 If the capability specified in
79 is not valid, then the call fails with the error
82 .BR PR_CAPBSET_DROP " (since Linux 2.6.25)"
83 If the calling thread has the
85 capability, then drop the capability specified by
87 from the calling thread's capability bounding set.
88 Any children of the calling thread will inherit the newly
91 The call fails with the error:
93 if the calling thread does not have the
98 does not represent a valid capability; or
100 if file capabilities are not enabled in the kernel,
101 in which case bounding sets are not supported.
103 .BR PR_SET_DUMPABLE " (since Linux 2.3.20)"
104 Set the state of the flag determining whether core dumps are produced
105 for this process upon delivery of a signal whose default behavior is
106 to produce a core dump.
107 (Normally this flag is set for a process by default, but it is cleared
108 when a set-user-ID or set-group-ID program is executed and also by
109 various system calls that manipulate process UIDs and GIDs).
110 In kernels up to and including 2.6.12,
112 must be either 0 (process is not dumpable) or 1 (process is dumpable).
113 Between kernels 2.6.13 and 2.6.17, the value 2 was also permitted,
114 which caused any binary which normally would not be dumped
115 to be dumped readable by root only;
116 for security reasons, this feature has been removed.
117 .\" See http://marc.theaimsgroup.com/?l=linux-kernel&m=115270289030630&w=2
118 .\" Subject: Fix prctl privilege escalation (CVE-2006-2451)
119 .\" From: Marcel Holtmann <marcel () holtmann ! org>
120 .\" Date: 2006-07-12 11:12:00
121 (See also the description of
122 .I /proc/sys/fs/suid_dumpable
125 Processes that are not dumpable can not be attached via
129 .BR PR_GET_DUMPABLE " (since Linux 2.3.20)"
130 Return (as the function result) the current state of the calling
131 process's dumpable flag.
132 .\" Since Linux 2.6.13, the dumpable flag can have the value 2,
133 .\" but in 2.6.13 PR_GET_DUMPABLE simply returns 1 if the dumpable
134 .\" flags has a nonzero value. This was fixed in 2.6.14.
136 .BR PR_SET_ENDIAN " (since Linux 2.6.18, PowerPC only)"
137 Set the endian-ness of the calling process to the value given
138 in \fIarg2\fP, which should be one of the following:
139 .\" Respectively 0, 1, 2
141 .BR PR_ENDIAN_LITTLE ,
143 .B PR_ENDIAN_PPC_LITTLE
144 (PowerPC pseudo little endian).
146 .BR PR_GET_ENDIAN " (since Linux 2.6.18, PowerPC only)"
147 Return the endian-ness of the calling process,
148 in the location pointed to by
149 .IR "(int\ *) arg2" .
151 .BR PR_SET_FPEMU " (since Linux 2.4.18, 2.5.9, only on ia64)"
152 Set floating-point emulation control bits to \fIarg2\fP.
153 Pass \fBPR_FPEMU_NOPRINT\fP to silently emulate fp operations accesses, or
154 \fBPR_FPEMU_SIGFPE\fP to not emulate fp operations and send
158 .BR PR_GET_FPEMU " (since Linux 2.4.18, 2.5.9, only on ia64)"
159 Return floating-point emulation control bits,
160 in the location pointed to by
161 .IR "(int\ *) arg2" .
163 .BR PR_SET_FPEXC " (since Linux 2.4.21, 2.5.32, only on PowerPC)"
164 Set floating-point exception mode to \fIarg2\fP.
165 Pass \fBPR_FP_EXC_SW_ENABLE\fP to use FPEXC for FP exception enables,
166 \fBPR_FP_EXC_DIV\fP for floating-point divide by zero,
167 \fBPR_FP_EXC_OVF\fP for floating-point overflow,
168 \fBPR_FP_EXC_UND\fP for floating-point underflow,
169 \fBPR_FP_EXC_RES\fP for floating-point inexact result,
170 \fBPR_FP_EXC_INV\fP for floating-point invalid operation,
171 \fBPR_FP_EXC_DISABLED\fP for FP exceptions disabled,
172 \fBPR_FP_EXC_NONRECOV\fP for async nonrecoverable exception mode,
173 \fBPR_FP_EXC_ASYNC\fP for async recoverable exception mode,
174 \fBPR_FP_EXC_PRECISE\fP for precise exception mode.
176 .BR PR_GET_FPEXC " (since Linux 2.4.21, 2.5.32, only on PowerPC)"
177 Return floating-point exception mode,
178 in the location pointed to by
179 .IR "(int\ *) arg2" .
181 .BR PR_SET_KEEPCAPS " (since Linux 2.2.18)"
182 Set the state of the thread's "keep capabilities" flag,
183 which determines whether the threads's permitted
184 capability set is cleared when a change is made to the threads's user IDs
185 such that the threads's real UID, effective UID, and saved set-user-ID
186 all become nonzero when at least one of them previously had the value 0.
187 By default, the permitted capability set is cleared when such a change is made;
188 setting the "keep capabilities" flag prevents it from being cleared.
190 must be either 0 (permitted capabilities are cleared)
191 or 1 (permitted capabilities are kept).
194 capability set is always cleared when such a credential change is made,
195 regardless of the setting of the "keep capabilities" flag.)
196 The "keep capabilities" value will be reset to 0 on subsequent calls to
199 .BR PR_GET_KEEPCAPS " (since Linux 2.2.18)"
200 Return (as the function result) the current state of the calling threads's
201 "keep capabilities" flag.
203 .BR PR_SET_NAME " (since Linux 2.6.9)"
204 Set the process name for the calling process,
205 using the value in the location pointed to by
206 .IR "(char\ *) arg2" .
207 The name can be up to 16 bytes long,
208 .\" TASK_COMM_LEN in include/linux/sched.h
209 and should be null-terminated if it contains fewer bytes.
211 .BR PR_GET_NAME " (since Linux 2.6.11)"
212 Return the process name for the calling process,
213 in the buffer pointed to by
214 .IR "(char\ *) arg2" .
215 The buffer should allow space for up to 16 bytes;
216 the returned string will be null-terminated if it is shorter than that.
218 .BR PR_SET_PDEATHSIG " (since Linux 2.1.57)"
219 Set the parent process death signal
220 of the calling process to \fIarg2\fP (either a signal value
221 in the range 1..maxsig, or 0 to clear).
222 This is the signal that the calling process will get when its
224 This value is cleared for the child of a
226 and (since Linux 2.5.36 / 2.6.23)
227 when execing a set-user_ID or set-group-ID binary.
229 .BR PR_GET_PDEATHSIG " (since Linux 2.3.15)"
230 Return the current value of the parent process death signal,
231 in the location pointed to by
232 .IR "(int\ *) arg2" .
234 .BR PR_SET_SECCOMP " (since Linux 2.6.23)"
235 .\" See http://thread.gmane.org/gmane.linux.kernel/542632
236 .\" [PATCH 0 of 2] seccomp updates
237 .\" andrea@cpushare.com
238 Set the secure computing mode for the calling thread.
239 In the current implementation,
242 After the secure computing mode has been set to 1,
243 the only system calls that the thread is permitted to make are
249 Other system calls result in the delivery of a
252 Secure computing mode is useful for number-crunching applications
253 that may need to execute untrusted byte code,
254 perhaps obtained by reading from a pipe or socket.
255 This operation is only available
256 if the kernel is configured with CONFIG_SECCOMP enabled.
258 .BR PR_GET_SECCOMP " (since Linux 2.6.23)"
259 Return the secure computing mode of the calling thread.
260 Not very useful for the current implementation (mode equals 1),
261 but may be useful for other possible future modes:
262 if the caller is not in secure computing mode, this operation returns 0;
263 if the caller is in secure computing mode, then the
267 signal to be sent to the process.
268 This operation is only available
269 if the kernel is configured with CONFIG_SECCOMP enabled.
271 .BR PR_SET_SECUREBITS " (since Linux 2.6.26)"
272 Set the "securebits" flags of the calling thread to the value supplied in
275 .BR capabilities (7).
277 .BR PR_GET_SECUREBITS " (since Linux 2.6.26)"
278 Return (as the function result)
279 the "securebits" flags of the calling thread.
281 .BR capabilities (7).
283 .BR PR_SET_TIMING " (since Linux 2.6.0-test4)"
284 Set whether to use (normal, traditional) statistical process timing or
285 accurate timestamp-based process timing, by passing
286 .B PR_TIMING_STATISTICAL
289 .B PR_TIMING_TIMESTAMP
292 .B PR_TIMING_TIMESTAMP
293 is not currently implemented
294 (attempting to set this mode will yield the error
296 .\" PR_TIMING_TIMESTAMP doesn't do anything in 2.6.26-rc8,
297 .\" and looking at the patch history, it appears
298 .\" that it never did anything.
300 .BR PR_GET_TIMING " (since Linux 2.6.0-test4)"
301 Return (as the function result) which process timing method is currently
304 .BR PR_TASK_PERF_EVENTS_DISABLE " (since Linux 2.6.31)"
305 Disable all performance counters attached to the calling process,
306 regardless of whether the counters were created by
307 this process or another process.
308 Performance counters created by the calling process for other
309 processes are unaffected.
310 For more information on performance counters, see the kernel source file
311 .IR tools/perf/design.txt .
314 .BR PR_TASK_PERF_COUNTERS_DISABLE ;
315 .\" commit 1d1c7ddbfab358445a542715551301b7fc363e28
316 renamed (with same numerical value)
319 .BR PR_TASK_PERF_EVENTS_ENABLE " (since Linux 2.6.31)"
321 .BR PR_TASK_PERF_EVENTS_DISABLE ;
322 enable performance counters attached to the calling process.
325 .BR PR_TASK_PERF_COUNTERS_ENABLE ;
326 .\" commit 1d1c7ddbfab358445a542715551301b7fc363e28
328 .\" commit cdd6c482c9ff9c55475ee7392ec8f672eddb7be6
331 .BR PR_SET_TSC " (since Linux 2.6.26, x86 only)"
332 Set the state of the flag determining whether the timestamp counter
333 can be read by the process.
338 to allow it to be read, or
342 when the process tries to read the timestamp counter.
344 .BR PR_GET_TSC " (since Linux 2.6.26, x86 only)"
345 Return the state of the flag determining whether the timestamp counter
347 in the location pointed to by
348 .IR "(int\ *) arg2" .
351 (Only on: ia64, since Linux 2.3.48; parisc, since Linux 2.6.15;
352 PowerPC, since Linux 2.6.18; Alpha, since Linux 2.6.22)
353 Set unaligned access control bits to \fIarg2\fP.
355 \fBPR_UNALIGN_NOPRINT\fP to silently fix up unaligned user accesses,
356 or \fBPR_UNALIGN_SIGBUS\fP to generate
358 on unaligned user access.
363 for information on versions and architectures)
364 Return unaligned access control bits, in the location pointed to by
365 .IR "(int\ *) arg2" .
367 .BR PR_MCE_KILL " (since Linux 2.6.32)"
368 Set the machine check memory corruption kill policy for the current thread.
372 .BR PR_MCE_KILL_CLEAR ,
373 clear the thread memory corruption kill policy and use the system-wide default.
374 (The system-wide default is defined by
375 .IR /proc/sys/vm/memory_failure_early_kill ;
381 .BR PR_MCE_KILL_SET ,
382 use a thread-specific memory corruption kill policy.
385 defines whether the policy is
387 .RB ( PR_MCE_KILL_EARLY ),
389 .RB ( PR_MCE_KILL_LATE ),
390 or the system-wide default
391 .RB ( PR_MCE_KILL_DEFAULT ).
392 Early kill means that the thread receives a
394 signal as soon as hardware memory corruption is detected inside
396 In late kill mode, the process is only killed when it accesses a corrupted page.
399 for more information on the
402 The policy is inherited by children.
405 arguments must be zero for future compatibility.
407 .BR PR_MCE_KILL_GET " (since Linux 2.6.32)"
408 Return the current per-process machine check kill policy.
411 arguments must be zero.
413 .BR PR_SET_MM " (since Linux 3.3)"
414 Modify certain kernel memory map descriptor fields
415 of the calling process.
416 Usually these fields are set by the kernel and dynamic loader (see
418 for more information) and a regular application should not use this feature.
419 However, there are cases, such as self-modifying programs,
420 where a program might find it useful to change its own memory map.
421 This feature is available only if the kernel is built with the
422 .BR CONFIG_CHECKPOINT_RESTORE
424 The calling process must have the
429 is one of the options below, while
431 provides a new value for the option.
434 .BR PR_SET_MM_START_CODE
435 Set the address above which the program text can run.
436 The corresponding memory area must be readable and executable,
437 but not writable or sharable (see
441 for more information).
443 .BR PR_SET_MM_END_CODE
444 Set the address below which the program text can run.
445 The corresponding memory area must be readable and executable,
446 but not writable or sharable.
448 .BR PR_SET_MM_START_DATA
449 Set the address above which initialized and
450 uninitialized (bss) data are placed.
451 The corresponding memory area must be readable and writable,
452 but not executable or sharable.
454 .B PR_SET_MM_END_DATA
455 Set the address below which initialized and
456 uninitialized (bss) data are placed.
457 The corresponding memory area must be readable and writable,
458 but not executable or sharable.
460 .BR PR_SET_MM_START_STACK
461 Set the start address of the stack.
462 The corresponding memory area must be readable and writable.
464 .BR PR_SET_MM_START_BRK
465 Set the address above which the program heap can be expanded with
468 The address must be greater than the ending address of
469 the current program data segment.
470 In addition, the combined size of the resulting heap and
471 the size of the data segment can't exceed the
480 The requirements for the address are the same as for the
481 .BR PR_SET_MM_START_BRK
483 .\" FIXME The following (until ========) is not yet in mainline kernel,
484 .\" so commented out for the moment.
486 .\" .BR PR_SET_MM_ARG_START
487 .\" Set the address above which the program command line is placed.
489 .\" .BR PR_SET_MM_ARG_END
490 .\" Set the address below which the program command line is placed.
492 .\" .BR PR_SET_MM_ENV_START
493 .\" Set the address above which the program environment is placed.
495 .\" .BR PR_SET_MM_ENV_END
496 .\" Set the address below which the program environment is placed.
498 .\" The address passed with
499 .\" .BR PR_SET_MM_ARG_START ,
500 .\" .BR PR_SET_MM_ARG_END ,
501 .\" .BR PR_SET_MM_ENV_START ,
503 .\" .BR PR_SET_MM_ENV_END
504 .\" should belong to a process stack area.
505 .\" Thus, the corresponding memory area must be readable, writable, and
506 .\" (depending on the kernel configuration) have the
507 .\" .BR MAP_GROWSDOWN
508 .\" attribute set (see
511 .\" .BR PR_SET_MM_AUXV
512 .\" Set a new auxiliary vector.
515 .\" argument should provide the address of the vector.
518 .\" is the size of the vector.
520 .\" .BR PR_SET_MM_EXE_FILE
522 .\" .IR /proc/pid/exe
523 .\" symbolic link with a new one pointing to a new executable file
524 .\" identified by the file descriptor provided in
527 .\" The file descriptor should be obtained with a regular
531 .\" To change the symbolic link, one needs to unmap all existing
532 .\" executable memory areas, including those created by the kernel itself
533 .\" (for example the kernel usually creates at least one executable
534 .\" memory area for the ELF
538 .\" The second limitation is that such transitions can be done only once
539 .\" in a process life time.
540 .\" Any further attempts will be rejected.
541 .\" This should help system administrators to monitor unusual
542 .\" symbolic-link transitions over all process running in a system.
543 .\" ========== END FIXME
548 .BR PR_GET_DUMPABLE ,
549 .BR PR_GET_KEEPCAPS ,
550 .BR PR_CAPBSET_READ ,
552 .BR PR_GET_SECUREBITS ,
553 .BR PR_MCE_KILL_GET ,
556 return the nonnegative values described above.
559 values return 0 on success.
560 On error, \-1 is returned, and
562 is set appropriately.
567 is an invalid address.
584 arguments were not specified as zero.
588 is not valid value for this
597 and the kernel was not configured with
604 and one of the following is true
615 (the limit on the size of the user address space for this architecture);
619 .BR PR_SET_MM_START_CODE ,
620 .BR PR_SET_MM_END_CODE ,
621 .BR PR_SET_MM_START_DATA ,
622 .BR PR_SET_MM_END_DATA ,
624 .BR PR_SET_MM_START_STACK,
625 and the permissions of the corresponding memory area are not as required;
629 .BR PR_SET_MM_START_BRK
634 is less than or equal to the end of the data segment
635 or specifies a value that would cause the
637 resource limit to be exceeded.
643 .BR PR_SET_SECUREBITS ,
644 and the caller does not have the
647 or tried to unset a "locked" flag,
648 or tried to set a flag whose corresponding locked flag was set
650 .BR capabilities (7)).
655 .BR PR_SET_KEEPCAPS ,
657 .B SECURE_KEEP_CAPS_LOCKED
660 .BR capabilities (7)).
665 .BR PR_CAPBSET_DROP ,
666 and the caller does not have the
674 and the caller does not have the
677 .\" FIXME The following (until ========) is not yet in mainline kernel,
678 .\" so commented out for the moment.
687 .\" .BR PR_SET_MM_EXE_FILE ,
688 .\" the file is not executable.
696 .\" .BR PR_SET_MM_EXE_FILE ,
697 .\" and this the second attempt to change the
699 .\" symbolic link, which is prohibited.
707 .\" .BR PR_SET_MM_EXE_FILE ,
708 .\" and the file descriptor passed in
711 .\" ========== END FIXME
712 .\" The following can't actually happen, because prctl() in
713 .\" seccomp mode will cause SIGKILL.
718 .\" .BR PR_SET_SECCOMP ,
719 .\" and secure computing mode is already 1.
723 system call was introduced in Linux 2.1.57.
724 .\" The library interface was added in glibc 2.0.6
726 This call is Linux-specific.
729 system call (also introduced in Linux 2.1.44
730 as irix_prctl on the MIPS architecture),
733 .BI "ptrdiff_t prctl(int " option ", int " arg2 ", int " arg3 );
735 and options to get the maximum number of processes per user,
736 get the maximum number of processors the calling process can use,
737 find out whether a specified process is currently blocked,
738 get or set the maximum stack size, etc.