.\" Copyright (C) 1998 Andries Brouwer (aeb@cwi.nl)
.\" and Copyright (C) 2002, 2006, 2008, 2012, 2013 Michael Kerrisk <mtk.manpages@gmail.com>
.\" and Copyright Guillem Jover <guillem@hadrons.org>
+.\" and Copyright (C) 2014 Dave Hansen / Intel
.\"
.\" %%%LICENSE_START(VERBATIM)
.\" Permission is granted to make and distribute verbatim copies of this
.\" PR_GET_TIMERSLACK
.\" 2013-01-10 Kees Cook, document PR_SET_PTRACER
.\" 2012-02-04 Michael kerrisk, document PR_{SET,GET}_CHILD_SUBREAPER
+.\" 2014-11-10 Dave Hansen, document PR_MPX_{EN,DIS}ABLE_MANAGEMENT
.\"
.\"
.TH PRCTL 2 2014-12-31 "Linux" "Linux Programmer's Manual"
.\" andrea@cpushare.com
Set the secure computing (seccomp) mode for the calling thread, to limit
the available system calls.
+The more recent
+.BR seccomp (2)
+system call provides a superset of the functionality of
+.BR PR_SET_SECCOMP .
+
The seccomp mode is selected via
.IR arg2 .
(The seccomp constants are defined in
With
.IR arg2
set to
-.BR SECCOMP_MODE_STRICT
+.BR SECCOMP_MODE_STRICT ,
the only system calls that the thread is permitted to make are
.BR read (2),
.BR write (2),
With
.IR arg2
set to
-.BR SECCOMP_MODE_FILTER " (since Linux 3.5)"
+.BR SECCOMP_MODE_FILTER " (since Linux 3.5),"
the system calls allowed are defined by a pointer
to a Berkeley Packet Filter passed in
.IR arg3 .
.B SIGKILL
signal to be sent to the process.
If the caller is in filter mode, and this system call is allowed by the
-seccomp filters, it returns 2.
+seccomp filters, it returns 2; otherwise, the process is killed with a
+.BR SIGKILL
+signal.
This operation is available only
if the kernel is configured with
.B CONFIG_SECCOMP
enabled.
+
+Since Linux 3.8, the
+.IR Seccomp
+field of the
+.IR /proc/[pid]/status
+file provides a method of obtaining the same information,
+without the risk that the process is killed; see
+.BR proc (5).
.TP
.BR PR_SET_SECUREBITS " (since Linux 2.6.26)"
Set the "securebits" flags of the calling thread to the value supplied in
This should help system administrators monitor unusual
symbolic-link transitions over all processes running on a system.
.RE
+.TP
+.BR PR_MPX_ENABLE_MANAGEMENT ", " PR_MPX_DISABLE_MANAGEMENT " (since Linux 3.19) "
+.\" commit fe3d197f84319d3bce379a9c0dc17b1f48ad358c
+.\" See also http://lwn.net/Articles/582712/
+.\" See also https://gcc.gnu.org/wiki/Intel%20MPX%20support%20in%20the%20GCC%20compiler
+Enable or disable kernel management of Memory Protection eXtensions (MPX)
+bounds tables.
+
+MPX is a hardware-assisted mechanism for performing bounds checking on
+pointers.
+It consists of a set of registers storing bounds information
+and a set of special instruction prefixes that tell the CPU on which
+instructions it should do bounds enforcement.
+There is a limited number of these registers and
+when there are more pointers than registers,
+their contents must be "spilled" into a set of tables.
+These tables are called "bounds tables" and the MPX
+.BR prctl ()
+operations control
+whether the kernel manages their allocation and freeing.
+
+When management is enabled, the kernel will take over allocation
+and freeing of the bounds tables.
+It does this by trapping the #BR exceptions that result
+at first use of missing bounds tables and
+instead of delivering the exception to user space,
+it allocates the table and populates the bounds directory
+with the location of the new table.
+For freeing, the kernel checks to see if bounds tables are
+present for memory which is not allocated, and frees them if so.
+
+Before enabling MPX management using
+.BR PR_MPX_ENABLE_MANAGEMENT ,
+the application must first have allocated a user-space buffer for
+the bounds directory and placed the location of that directory in the
+.I bndcfgu
+register.
+
+These calls will fail if the CPU or kernel does not support MPX.
+Kernel support for MPX is enabled via the
+.BR CONFIG_X86_INTEL_MPX
+configuration option.
+You can check whether the CPU supports MPX by looking for the 'mpx'
+CPUID bit, like with the following command:
+
+ cat /proc/cpuinfo | grep ' mpx '
+
+A thread may not switch in or out of long (64-bit) mode while MPX is
+enabled.
+
+All threads in a process are affected by these calls.
+
+The child of a
+.BR fork (2)
+inherits the state of MPX management.
+During
+.BR execve (2),
+MPX management is reset to a state as if
+.BR PR_MPX_DISABLE_MANAGEMENT
+had been called.
+
+For further information on Intel MPX, see the kernel source file
+.IR Documentation/x86/intel_mpx.txt .
.\"
.SH RETURN VALUE
On success,
.I arg2
is an invalid address.
.TP
+.B EFAULT
+.I option
+is
+.BR PR_SET_SECCOMP ,
+.I arg2
+is
+.BR SECCOMP_MODE_FILTER ,
+the system was built with
+.BR CONFIG_SECCOMP_FILTER ,
+and
+.I arg3
+is an invalid address.
+.TP
.B EINVAL
The value of
.I option
.B EINVAL
.I option
is
+.BR PR_SET_SECCOMP ,
+.I arg2
+is
+.BR SECCOMP_MODE_FILTER ,
+and the kernel was not configured with
+.BR CONFIG_SECCOMP_FILTER .
+.TP
+.B EINVAL
+.I option
+is
.BR PR_SET_MM ,
and one of the following is true
.RS
.\" is
.\" .BR PR_SET_SECCOMP ,
.\" and secure computing mode is already 1.
+.TP
+.B ENXIO
+.I option
+was
+.BR PR_MPX_ENABLE_MANAGEMENT
+or
+.BR PR_MPX_DISABLE_MANAGEMENT
+and the kernel or the CPU does not support MPX management.
+Check that the kernel and processor have MPX support.
.SH VERSIONS
The
.BR prctl ()
.BR signal (2),
.BR core (5)
.SH COLOPHON
-This page is part of release 3.76 of the Linux
+This page is part of release 3.77 of the Linux
.I man-pages
project.
A description of the project,