1 .\" Copyright (C) 1998 Andries Brouwer (aeb@cwi.nl)
2 .\" and Copyright (C) 2002, 2006, 2008, 2012, 2013 Michael Kerrisk <mtk.manpages@gmail.com>
3 .\" and Copyright Guillem Jover <guillem@hadrons.org>
4 .\" and Copyright (C) 2014 Dave Hansen / Intel
6 .\" %%%LICENSE_START(VERBATIM)
7 .\" Permission is granted to make and distribute verbatim copies of this
8 .\" manual provided the copyright notice and this permission notice are
9 .\" preserved on all copies.
11 .\" Permission is granted to copy and distribute modified versions of this
12 .\" manual under the conditions for verbatim copying, provided that the
13 .\" entire resulting derived work is distributed under the terms of a
14 .\" permission notice identical to this one.
16 .\" Since the Linux kernel and libraries are constantly changing, this
17 .\" manual page may be incorrect or out-of-date. The author(s) assume no
18 .\" responsibility for errors or omissions, or for damages resulting from
19 .\" the use of the information contained herein. The author(s) may not
20 .\" have taken the same level of care in the production of this manual,
21 .\" which is licensed free of charge, as they might when working
24 .\" Formatted or processed versions of this manual, if unaccompanied by
25 .\" the source, must acknowledge the copyright and authors of this work.
28 .\" Modified Thu Nov 11 04:19:42 MET 1999, aeb: added PR_GET_PDEATHSIG
29 .\" Modified 27 Jun 02, Michael Kerrisk
30 .\" Added PR_SET_DUMPABLE, PR_GET_DUMPABLE,
31 .\" PR_SET_KEEPCAPS, PR_GET_KEEPCAPS
32 .\" Modified 2006-08-30 Guillem Jover <guillem@hadrons.org>
33 .\" Updated Linux versions where the options where introduced.
34 .\" Added PR_SET_TIMING, PR_GET_TIMING, PR_SET_NAME, PR_GET_NAME,
35 .\" PR_SET_UNALIGN, PR_GET_UNALIGN, PR_SET_FPEMU, PR_GET_FPEMU,
36 .\" PR_SET_FPEXC, PR_GET_FPEXC
37 .\" 2008-04-29 Serge Hallyn, Document PR_CAPBSET_READ and PR_CAPBSET_DROP
38 .\" 2008-06-13 Erik Bosman, <ejbosman@cs.vu.nl>
39 .\" Document PR_GET_TSC and PR_SET_TSC.
40 .\" 2008-06-15 mtk, Document PR_SET_SECCOMP, PR_GET_SECCOMP
41 .\" 2009-10-03 Andi Kleen, document PR_MCE_KILL
42 .\" 2012-04 Cyrill Gorcunov, Document PR_SET_MM
43 .\" 2012-04-25 Michael Kerrisk, Document PR_TASK_PERF_EVENTS_DISABLE and
44 .\" PR_TASK_PERF_EVENTS_ENABLE
45 .\" 2012-09-20 Kees Cook, update PR_SET_SECCOMP for mode 2
46 .\" 2012-09-20 Kees Cook, document PR_SET_NO_NEW_PRIVS, PR_GET_NO_NEW_PRIVS
47 .\" 2012-10-25 Michael Kerrisk, Document PR_SET_TIMERSLACK and
49 .\" 2013-01-10 Kees Cook, document PR_SET_PTRACER
50 .\" 2012-02-04 Michael Kerrisk, document PR_{SET,GET}_CHILD_SUBREAPER
51 .\" 2014-11-10 Dave Hansen, document PR_MPX_{EN,DIS}ABLE_MANAGEMENT
54 .TH PRCTL 2 2016-07-17 "Linux" "Linux Programmer's Manual"
56 prctl \- operations on a process
59 .B #include <sys/prctl.h>
61 .BI "int prctl(int " option ", unsigned long " arg2 ", unsigned long " arg3 ,
62 .BI " unsigned long " arg4 ", unsigned long " arg5 );
66 is called with a first argument describing what to do
67 (with values defined in \fI<linux/prctl.h>\fP), and further
68 arguments with a significance depending on the first one.
69 The first argument can be:
72 .BR PR_CAP_AMBIENT " (since Linux 4.3)"
73 .\" commit 58319057b7847667f0c9585b9de0e8932b0fdb08
74 Reads or changes the ambient capability set, according to the value of
76 which must be one of the following:
80 .B PR_CAP_AMBIENT_RAISE
81 The capability specified in
83 is added to the ambient set.
84 The specified capability must already be present in
85 both the permitted and the inheritable sets of the process.
86 This operation is not permitted if the
87 .B SECBIT_NO_CAP_AMBIENT_RAISE
90 .B PR_CAP_AMBIENT_LOWER
91 The capability specified in
93 is removed from the ambient set.
95 .B PR_CAP_AMBIENT_IS_SET
98 call returns 1 if the capability in
100 is in the ambient set and 0 if it is not.
102 .BR PR_CAP_AMBIENT_CLEAR_ALL
103 All capabilities will be removed from the ambient set.
104 This operation requires setting
109 In all of the above operations,
113 must be specified as 0.
115 .BR PR_CAPBSET_READ " (since Linux 2.6.25)"
116 Return (as the function result) 1 if the capability specified in
118 is in the calling thread's capability bounding set,
120 (The capability constants are defined in
121 .IR <linux/capability.h> .)
122 The capability bounding set dictates
123 whether the process can receive the capability through a
124 file's permitted capability set on a subsequent call to
127 If the capability specified in
129 is not valid, then the call fails with the error
132 .BR PR_CAPBSET_DROP " (since Linux 2.6.25)"
133 If the calling thread has the
135 capability, then drop the capability specified by
137 from the calling thread's capability bounding set.
138 Any children of the calling thread will inherit the newly
139 reduced bounding set.
141 The call fails with the error:
143 if the calling thread does not have the
148 does not represent a valid capability; or
150 if file capabilities are not enabled in the kernel,
151 in which case bounding sets are not supported.
153 .BR PR_SET_CHILD_SUBREAPER " (since Linux 3.4)"
154 .\" commit ebec18a6d3aa1e7d84aab16225e87fd25170ec2b
158 set the "child subreaper" attribute of the calling process;
161 is zero, unset the attribute.
163 When a process is marked as a child subreaper,
164 all of the children that it creates, and their descendants,
165 will be marked as having a subreaper.
166 In effect, a subreaper fulfills the role of
168 for its descendant processes.
169 Upon termination of a process
170 that is orphaned (i.e., its immediate parent has already terminated)
171 and marked as having a subreaper,
172 the nearest still living ancestor subreaper
175 signal and will be able to
177 on the process to discover its termination status.
179 .BR PR_GET_CHILD_SUBREAPER " (since Linux 3.4)"
180 Return the "child subreaper" setting of the caller,
181 in the location pointed to by
182 .IR "(int\ *) arg2" .
184 .BR PR_SET_DUMPABLE " (since Linux 2.3.20)"
185 Set the state of the "dumpable" flag,
186 which determines whether core dumps are produced for the calling process
187 upon delivery of a signal whose default behavior is to produce a core dump.
189 In kernels up to and including 2.6.12,
192 .RB ( SUID_DUMP_DISABLE ,
193 process is not dumpable) or 1
194 .RB ( SUID_DUMP_USER ,
195 process is dumpable).
196 Between kernels 2.6.13 and 2.6.17,
197 .\" commit abf75a5033d4da7b8a7e92321d74021d1fcfb502
198 the value 2 was also permitted,
199 which caused any binary which normally would not be dumped
200 to be dumped readable by root only;
201 for security reasons, this feature has been removed.
202 .\" See http://marc.theaimsgroup.com/?l=linux-kernel&m=115270289030630&w=2
203 .\" Subject: Fix prctl privilege escalation (CVE-2006-2451)
204 .\" From: Marcel Holtmann <marcel () holtmann ! org>
205 .\" Date: 2006-07-12 11:12:00
206 (See also the description of
207 .I /proc/sys/fs/\:suid_dumpable
211 Normally, this flag is set to 1.
212 However, it is reset to the current value contained in the file
213 .IR /proc/sys/fs/\:suid_dumpable
214 (which by default has the value 0),
215 if any of the following attributes of the process
216 are changed by the operations listed below:
217 .\" See kernel/cred.c::commit_creds() (Linux 3.18 sources)
220 The effective user or group ID is changed.
222 The filesystem user or group ID is changed (see
223 .BR credentials (7)).
225 The process's set of permitted capabilities (see
226 .BR capabilities (7))
227 is changed such that its new set of capabilities is
228 not a subset of its previous set of capabilities.
231 The operations that may trigger changes to the dumpable flag include:
232 .\" Look for uses of commit_creds() in the kernel source code
237 of a set-user-ID or set-group-ID program,
238 or a program that has capabilities (see
239 .BR capabilities (7));
244 system calls that change process credentials
251 .\" Also certain namespace operations;
254 Processes that are not dumpable can not be attached via
258 .BR PR_GET_DUMPABLE " (since Linux 2.3.20)"
259 Return (as the function result) the current state of the calling
260 process's dumpable flag.
261 .\" Since Linux 2.6.13, the dumpable flag can have the value 2,
262 .\" but in 2.6.13 PR_GET_DUMPABLE simply returns 1 if the dumpable
263 .\" flags has a nonzero value. This was fixed in 2.6.14.
265 .BR PR_SET_ENDIAN " (since Linux 2.6.18, PowerPC only)"
266 Set the endian-ness of the calling process to the value given
267 in \fIarg2\fP, which should be one of the following:
268 .\" Respectively 0, 1, 2
270 .BR PR_ENDIAN_LITTLE ,
272 .B PR_ENDIAN_PPC_LITTLE
273 (PowerPC pseudo little endian).
275 .BR PR_GET_ENDIAN " (since Linux 2.6.18, PowerPC only)"
276 Return the endian-ness of the calling process,
277 in the location pointed to by
278 .IR "(int\ *) arg2" .
280 .BR PR_SET_FPEMU " (since Linux 2.4.18, 2.5.9, only on ia64)"
281 Set floating-point emulation control bits to \fIarg2\fP.
284 to silently emulate floating-point operation accesses, or
286 to not emulate floating-point operations and send
290 .BR PR_GET_FPEMU " (since Linux 2.4.18, 2.5.9, only on ia64)"
291 Return floating-point emulation control bits,
292 in the location pointed to by
293 .IR "(int\ *) arg2" .
295 .BR PR_SET_FPEXC " (since Linux 2.4.21, 2.5.32, only on PowerPC)"
296 Set floating-point exception mode to \fIarg2\fP.
297 Pass \fBPR_FP_EXC_SW_ENABLE\fP to use FPEXC for FP exception enables,
298 \fBPR_FP_EXC_DIV\fP for floating-point divide by zero,
299 \fBPR_FP_EXC_OVF\fP for floating-point overflow,
300 \fBPR_FP_EXC_UND\fP for floating-point underflow,
301 \fBPR_FP_EXC_RES\fP for floating-point inexact result,
302 \fBPR_FP_EXC_INV\fP for floating-point invalid operation,
303 \fBPR_FP_EXC_DISABLED\fP for FP exceptions disabled,
304 \fBPR_FP_EXC_NONRECOV\fP for async nonrecoverable exception mode,
305 \fBPR_FP_EXC_ASYNC\fP for async recoverable exception mode,
306 \fBPR_FP_EXC_PRECISE\fP for precise exception mode.
308 .BR PR_GET_FPEXC " (since Linux 2.4.21, 2.5.32, only on PowerPC)"
309 Return floating-point exception mode,
310 in the location pointed to by
311 .IR "(int\ *) arg2" .
313 .BR PR_SET_KEEPCAPS " (since Linux 2.2.18)"
314 Set the state of the thread's "keep capabilities" flag,
315 which determines whether the thread's permitted
316 capability set is cleared when a change is made to the thread's user IDs
317 such that the thread's real UID, effective UID, and saved set-user-ID
318 all become nonzero when at least one of them previously had the value 0.
319 By default, the permitted capability set is cleared when such a change is made;
320 setting the "keep capabilities" flag prevents it from being cleared.
322 must be either 0 (permitted capabilities are cleared)
323 or 1 (permitted capabilities are kept).
326 capability set is always cleared when such a credential change is made,
327 regardless of the setting of the "keep capabilities" flag.)
328 The "keep capabilities" value will be reset to 0 on subsequent calls to
331 .BR PR_GET_KEEPCAPS " (since Linux 2.2.18)"
332 Return (as the function result) the current state of the calling thread's
333 "keep capabilities" flag.
335 .BR PR_MCE_KILL " (since Linux 2.6.32)"
336 Set the machine check memory corruption kill policy for the current thread.
340 .BR PR_MCE_KILL_CLEAR ,
341 clear the thread memory corruption kill policy and use the system-wide default.
342 (The system-wide default is defined by
343 .IR /proc/sys/vm/memory_failure_early_kill ;
349 .BR PR_MCE_KILL_SET ,
350 use a thread-specific memory corruption kill policy.
353 defines whether the policy is
355 .RB ( PR_MCE_KILL_EARLY ),
357 .RB ( PR_MCE_KILL_LATE ),
358 or the system-wide default
359 .RB ( PR_MCE_KILL_DEFAULT ).
360 Early kill means that the thread receives a
362 signal as soon as hardware memory corruption is detected inside
364 In late kill mode, the process is killed only when it accesses a corrupted page.
367 for more information on the
370 The policy is inherited by children.
373 arguments must be zero for future compatibility.
375 .BR PR_MCE_KILL_GET " (since Linux 2.6.32)"
376 Return the current per-process machine check kill policy.
379 arguments must be zero.
381 .BR PR_SET_MM " (since Linux 3.3)"
382 .\" commit 028ee4be34a09a6d48bdf30ab991ae933a7bc036
383 Modify certain kernel memory map descriptor fields
384 of the calling process.
385 Usually these fields are set by the kernel and dynamic loader (see
387 for more information) and a regular application should not use this feature.
388 However, there are cases, such as self-modifying programs,
389 where a program might find it useful to change its own memory map.
390 This feature is available only if the kernel is built with the
391 .BR CONFIG_CHECKPOINT_RESTORE
393 The calling process must have the
398 is one of the options below, while
400 provides a new value for the option.
403 .BR PR_SET_MM_START_CODE
404 Set the address above which the program text can run.
405 The corresponding memory area must be readable and executable,
406 but not writable or sharable (see
410 for more information).
412 .BR PR_SET_MM_END_CODE
413 Set the address below which the program text can run.
414 The corresponding memory area must be readable and executable,
415 but not writable or sharable.
417 .BR PR_SET_MM_START_DATA
418 Set the address above which initialized and
419 uninitialized (bss) data are placed.
420 The corresponding memory area must be readable and writable,
421 but not executable or sharable.
423 .B PR_SET_MM_END_DATA
424 Set the address below which initialized and
425 uninitialized (bss) data are placed.
426 The corresponding memory area must be readable and writable,
427 but not executable or sharable.
429 .BR PR_SET_MM_START_STACK
430 Set the start address of the stack.
431 The corresponding memory area must be readable and writable.
433 .BR PR_SET_MM_START_BRK
434 Set the address above which the program heap can be expanded with
437 The address must be greater than the ending address of
438 the current program data segment.
439 In addition, the combined size of the resulting heap and
440 the size of the data segment can't exceed the
449 The requirements for the address are the same as for the
450 .BR PR_SET_MM_START_BRK
453 The following options are available since Linux 3.5.
454 .\" commit fe8c7f5cbf91124987106faa3bdf0c8b955c4cf7
456 .BR PR_SET_MM_ARG_START
457 Set the address above which the program command line is placed.
459 .BR PR_SET_MM_ARG_END
460 Set the address below which the program command line is placed.
462 .BR PR_SET_MM_ENV_START
463 Set the address above which the program environment is placed.
465 .BR PR_SET_MM_ENV_END
466 Set the address below which the program environment is placed.
468 The address passed with
469 .BR PR_SET_MM_ARG_START ,
470 .BR PR_SET_MM_ARG_END ,
471 .BR PR_SET_MM_ENV_START ,
473 .BR PR_SET_MM_ENV_END
474 should belong to a process stack area.
475 Thus, the corresponding memory area must be readable, writable, and
476 (depending on the kernel configuration) have the
482 Set a new auxiliary vector.
485 argument should provide the address of the vector.
488 is the size of the vector.
490 .BR PR_SET_MM_EXE_FILE
491 .\" commit b32dfe377102ce668775f8b6b1461f7ad428f8b6
494 symbolic link with a new one pointing to a new executable file
495 identified by the file descriptor provided in
498 The file descriptor should be obtained with a regular
502 To change the symbolic link, one needs to unmap all existing
503 executable memory areas, including those created by the kernel itself
504 (for example the kernel usually creates at least one executable
505 memory area for the ELF
509 The second limitation is that such transitions can be done only once
510 in a process life time.
511 Any further attempts will be rejected.
512 This should help system administrators monitor unusual
513 symbolic-link transitions over all processes running on a system.
516 .BR PR_MPX_ENABLE_MANAGEMENT ", " PR_MPX_DISABLE_MANAGEMENT " (since Linux 3.19) "
517 .\" commit fe3d197f84319d3bce379a9c0dc17b1f48ad358c
518 .\" See also http://lwn.net/Articles/582712/
519 .\" See also https://gcc.gnu.org/wiki/Intel%20MPX%20support%20in%20the%20GCC%20compiler
520 Enable or disable kernel management of Memory Protection eXtensions (MPX)
528 .\" commit e9d1b4f3c60997fe197bf0243cb4a41a44387a88
529 arguments must be zero.
531 MPX is a hardware-assisted mechanism for performing bounds checking on
533 It consists of a set of registers storing bounds information
534 and a set of special instruction prefixes that tell the CPU on which
535 instructions it should do bounds enforcement.
536 There is a limited number of these registers and
537 when there are more pointers than registers,
538 their contents must be "spilled" into a set of tables.
539 These tables are called "bounds tables" and the MPX
542 whether the kernel manages their allocation and freeing.
544 When management is enabled, the kernel will take over allocation
545 and freeing of the bounds tables.
546 It does this by trapping the #BR exceptions that result
547 at first use of missing bounds tables and
548 instead of delivering the exception to user space,
549 it allocates the table and populates the bounds directory
550 with the location of the new table.
551 For freeing, the kernel checks to see if bounds tables are
552 present for memory which is not allocated, and frees them if so.
554 Before enabling MPX management using
555 .BR PR_MPX_ENABLE_MANAGEMENT ,
556 the application must first have allocated a user-space buffer for
557 the bounds directory and placed the location of that directory in the
561 These calls will fail if the CPU or kernel does not support MPX.
562 Kernel support for MPX is enabled via the
563 .BR CONFIG_X86_INTEL_MPX
564 configuration option.
565 You can check whether the CPU supports MPX by looking for the 'mpx'
566 CPUID bit, like with the following command:
568 cat /proc/cpuinfo | grep ' mpx '
570 A thread may not switch in or out of long (64-bit) mode while MPX is
573 All threads in a process are affected by these calls.
577 inherits the state of MPX management.
580 MPX management is reset to a state as if
581 .BR PR_MPX_DISABLE_MANAGEMENT
584 For further information on Intel MPX, see the kernel source file
585 .IR Documentation/x86/intel_mpx.txt .
587 .BR PR_SET_NAME " (since Linux 2.6.9)"
588 Set the name of the calling thread,
589 using the value in the location pointed to by
590 .IR "(char\ *) arg2" .
591 The name can be up to 16 bytes long,
592 .\" TASK_COMM_LEN in include/linux/sched.h
593 including the terminating null byte.
594 (If the length of the string, including the terminating null byte,
595 exceeds 16 bytes, the string is silently truncated.)
596 This is the same attribute that can be set via
597 .BR pthread_setname_np (3)
599 .BR pthread_getname_np (3).
600 The attribute is likewise accessible via
601 .IR /proc/self/task/[tid]/comm ,
604 is the name of the calling thread.
606 .BR PR_GET_NAME " (since Linux 2.6.11)"
607 Return the name of the calling thread,
608 in the buffer pointed to by
609 .IR "(char\ *) arg2" .
610 The buffer should allow space for up to 16 bytes;
611 the returned string will be null-terminated.
613 .BR PR_SET_NO_NEW_PRIVS " (since Linux 3.5)"
614 Set the calling process's
622 promises not to grant privileges to do anything
623 that could not have been done without the
626 rendering the set-user-ID and set-group-ID mode bits,
627 and file capabilities non-functional).
628 Once set, this bit cannot be unset.
629 The setting of this bit is inherited by children created by
636 For more information, see the kernel source file
637 .IR Documentation/prctl/no_new_privs.txt .
639 .BR PR_GET_NO_NEW_PRIVS " (since Linux 3.5)"
640 Return (as the function result) the value of the
642 bit for the current process.
643 A value of 0 indicates the regular
646 A value of 1 indicates
648 will operate in the privilege-restricting mode described above.
650 .BR PR_SET_PDEATHSIG " (since Linux 2.1.57)"
651 Set the parent death signal
652 of the calling process to \fIarg2\fP (either a signal value
653 in the range 1..maxsig, or 0 to clear).
654 This is the signal that the calling process will get when its
656 This value is cleared for the child of a
658 and (since Linux 2.4.36 / 2.6.23)
659 when executing a set-user-ID or set-group-ID binary,
660 or a binary that has associated capabilities (see
661 .BR capabilities (7)).
662 This value is preserved across
666 .\" https://bugzilla.kernel.org/show_bug.cgi?id=43300
667 the "parent" in this case is considered to be the
669 that created this process.
670 In other words, the signal will be sent when that thread terminates
672 .BR pthread_exit (3)),
673 rather than after all of the threads in the parent process terminate.
675 .BR PR_GET_PDEATHSIG " (since Linux 2.3.15)"
676 Return the current value of the parent process death signal,
677 in the location pointed to by
678 .IR "(int\ *) arg2" .
680 .BR PR_SET_PTRACER " (since Linux 3.4)"
681 .\" commit 2d514487faf188938a4ee4fb3464eeecfbdcf8eb
682 .\" commit bf06189e4d14641c0148bea16e9dd24943862215
683 This is meaningful only when the Yama LSM is enabled and in mode 1
684 ("restricted ptrace", visible via
685 .IR /proc/sys/kernel/yama/ptrace_scope ).
686 When a "ptracer process ID" is passed in \fIarg2\fP,
687 the caller is declaring that the ptracer process can
689 the calling process as if it were a direct process ancestor.
692 operation replaces the previous "ptracer process ID".
697 set to 0 clears the caller's "ptracer process ID".
701 .BR PR_SET_PTRACER_ANY ,
702 the ptrace restrictions introduced by Yama are effectively disabled for the
705 For further information, see the kernel source file
706 .IR Documentation/security/Yama.txt .
708 .BR PR_SET_SECCOMP " (since Linux 2.6.23)"
709 .\" See http://thread.gmane.org/gmane.linux.kernel/542632
710 .\" [PATCH 0 of 2] seccomp updates
711 .\" andrea@cpushare.com
712 Set the secure computing (seccomp) mode for the calling thread, to limit
713 the available system calls.
716 system call provides a superset of the functionality of
719 The seccomp mode is selected via
721 (The seccomp constants are defined in
722 .IR <linux/seccomp.h> .)
727 .BR SECCOMP_MODE_STRICT ,
728 the only system calls that the thread is permitted to make are
736 Other system calls result in the delivery of a
739 Strict secure computing mode is useful for number-crunching applications
740 that may need to execute untrusted byte code,
741 perhaps obtained by reading from a pipe or socket.
742 This operation is available only
743 if the kernel is configured with
750 .BR SECCOMP_MODE_FILTER " (since Linux 3.5),"
751 the system calls allowed are defined by a pointer
752 to a Berkeley Packet Filter passed in
754 This argument is a pointer to
755 .IR "struct sock_fprog" ;
756 it can be designed to filter
757 arbitrary system calls and system call arguments.
758 This mode is available only if the kernel is configured with
759 .B CONFIG_SECCOMP_FILTER
763 .BR SECCOMP_MODE_FILTER
766 then the seccomp mode is inherited by children created by
770 is permitted, then the seccomp mode is preserved across
772 If the filters permit
774 calls, then additional filters can be added;
775 they are run in order until the first non-allow result is seen.
777 For further information, see the kernel source file
778 .IR Documentation/prctl/seccomp_filter.txt .
780 .BR PR_GET_SECCOMP " (since Linux 2.6.23)"
781 Return (as the function result)
782 the secure computing mode of the calling thread.
783 If the caller is not in secure computing mode, this operation returns 0;
784 if the caller is in strict secure computing mode, then the
788 signal to be sent to the process.
789 If the caller is in filter mode, and this system call is allowed by the
790 seccomp filters, it returns 2; otherwise, the process is killed with a
793 This operation is available only
794 if the kernel is configured with
801 .IR /proc/[pid]/status
802 file provides a method of obtaining the same information,
803 without the risk that the process is killed; see
806 .BR PR_SET_SECUREBITS " (since Linux 2.6.26)"
807 Set the "securebits" flags of the calling thread to the value supplied in
810 .BR capabilities (7).
812 .BR PR_GET_SECUREBITS " (since Linux 2.6.26)"
813 Return (as the function result)
814 the "securebits" flags of the calling thread.
816 .BR capabilities (7).
818 .BR PR_SET_THP_DISABLE " (since Linux 3.15)"
819 .\" commit a0715cc22601e8830ace98366c0c2bd8da52af52
820 Set the state of the "THP disable" flag for the calling thread.
823 has a nonzero value, the flag is set, otherwise it is cleared.
824 Setting this flag provides a method
825 for disabling transparent huge pages
826 for jobs where the code cannot be modified, and using a malloc hook with
828 is not an option (i.e., statically allocated data).
829 The setting of the "THP disable" flag is inherited by a child created via
831 and is preserved across
835 .BR PR_TASK_PERF_EVENTS_DISABLE " (since Linux 2.6.31)"
836 Disable all performance counters attached to the calling process,
837 regardless of whether the counters were created by
838 this process or another process.
839 Performance counters created by the calling process for other
840 processes are unaffected.
841 For more information on performance counters, see the Linux kernel source file
842 .IR tools/perf/design.txt .
845 .BR PR_TASK_PERF_COUNTERS_DISABLE ;
846 .\" commit 1d1c7ddbfab358445a542715551301b7fc363e28
847 renamed (with same numerical value)
851 .BR PR_TASK_PERF_EVENTS_ENABLE " (since Linux 2.6.31)"
853 .BR PR_TASK_PERF_EVENTS_DISABLE ;
854 enable performance counters attached to the calling process.
857 .BR PR_TASK_PERF_COUNTERS_ENABLE ;
858 .\" commit 1d1c7ddbfab358445a542715551301b7fc363e28
860 .\" commit cdd6c482c9ff9c55475ee7392ec8f672eddb7be6
864 .BR PR_GET_THP_DISABLE " (since Linux 3.15)"
865 Return (via the function result) the current setting of the "THP disable"
866 flag for the calling thread:
867 either 1, if the flag is set, or 0, if it is not.
869 .BR PR_GET_TID_ADDRESS " (since Linux 3.5)"
870 .\" commit 300f786b2683f8bb1ec0afb6e1851183a479c86d
874 .BR set_tid_address (2)
877 .B CLONE_CHILD_CLEARTID
878 flag, in the location pointed to by
879 .IR "(int\ **)\ arg2" .
880 This feature is available only if the kernel is built with the
881 .BR CONFIG_CHECKPOINT_RESTORE
884 .BR PR_SET_TIMERSLACK " (since Linux 2.6.28)"
885 .\" See https://lwn.net/Articles/369549/
886 .\" commit 6976675d94042fbd446231d1bd8b7de71a980ada
887 Each thread has two associated timer slack values:
888 a "default" value, and a "current" value.
889 This operation sets the "current" timer slack value for the calling thread.
890 If the nanosecond value supplied in
892 is greater than zero, then the "current" value is set to this value.
895 is less than or equal to zero,
896 .\" It seems that it's not possible to set the timer slack to zero;
897 .\" The minimum value is 1? Seems a little strange.
898 the "current" timer slack is reset to the
899 thread's "default" timer slack value.
901 The "current" timer slack is used by the kernel to group timer expirations
902 for the calling thread that are close to one another;
903 as a consequence, timer expirations for the thread may be
904 up to the specified number of nanoseconds late (but will never expire early).
905 Grouping timer expirations can help reduce system power consumption
906 by minimizing CPU wake-ups.
908 The timer expirations affected by timer slack are those set by
915 .BR clock_nanosleep (2),
919 (and thus the library functions implemented via futexes, including
920 .\" List obtained by grepping for futex usage in glibc source
921 .BR pthread_cond_timedwait (3),
922 .BR pthread_mutex_timedlock (3),
923 .BR pthread_rwlock_timedrdlock (3),
924 .BR pthread_rwlock_timedwrlock (3),
926 .BR sem_timedwait (3)).
928 Timer slack is not applied to threads that are scheduled under
929 a real-time scheduling policy (see
930 .BR sched_setscheduler (2)).
932 When a new thread is created,
933 the two timer slack values are made the same as the "current" value
934 of the creating thread.
935 Thereafter, a thread can adjust its "current" timer slack value via
936 .BR PR_SET_TIMERSLACK .
937 The "default" value can't be changed.
938 The timer slack values of
940 (PID 1), the ancestor of all processes,
941 are 50,000 nanoseconds (50 microseconds).
942 The timer slack values are preserved across
945 Since Linux 4.6, the "current" timer slack value of any process
946 can be examined and changed via the file
947 .IR /proc/[pid]/timerslack_ns .
951 .BR PR_GET_TIMERSLACK " (since Linux 2.6.28)"
952 Return (as the function result)
953 the "current" timer slack value of the calling thread.
955 .BR PR_SET_TIMING " (since Linux 2.6.0-test4)"
956 Set whether to use (normal, traditional) statistical process timing or
957 accurate timestamp-based process timing, by passing
958 .B PR_TIMING_STATISTICAL
961 .B PR_TIMING_TIMESTAMP
964 .B PR_TIMING_TIMESTAMP
965 is not currently implemented
966 (attempting to set this mode will yield the error
968 .\" PR_TIMING_TIMESTAMP doesn't do anything in 2.6.26-rc8,
969 .\" and looking at the patch history, it appears
970 .\" that it never did anything.
972 .BR PR_GET_TIMING " (since Linux 2.6.0-test4)"
973 Return (as the function result) which process timing method is currently
976 .BR PR_SET_TSC " (since Linux 2.6.26, x86 only)"
977 Set the state of the flag determining whether the timestamp counter
978 can be read by the process.
983 to allow it to be read, or
987 when the process tries to read the timestamp counter.
989 .BR PR_GET_TSC " (since Linux 2.6.26, x86 only)"
990 Return the state of the flag determining whether the timestamp counter
992 in the location pointed to by
993 .IR "(int\ *) arg2" .
996 (Only on: ia64, since Linux 2.3.48; parisc, since Linux 2.6.15;
997 PowerPC, since Linux 2.6.18; Alpha, since Linux 2.6.22)
998 Set unaligned access control bits to \fIarg2\fP.
1000 \fBPR_UNALIGN_NOPRINT\fP to silently fix up unaligned user accesses,
1001 or \fBPR_UNALIGN_SIGBUS\fP to generate
1003 on unaligned user access.
1008 for information on versions and architectures)
1009 Return unaligned access control bits, in the location pointed to by
1010 .IR "(int\ *) arg2" .
1013 .BR PR_GET_DUMPABLE ,
1014 .BR PR_GET_KEEPCAPS ,
1015 .BR PR_GET_NO_NEW_PRIVS ,
1016 .BR PR_GET_THP_DISABLE ,
1017 .BR PR_CAPBSET_READ ,
1019 .BR PR_GET_TIMERSLACK ,
1020 .BR PR_GET_SECUREBITS ,
1021 .BR PR_MCE_KILL_GET ,
1022 .BR PR_CAP_AMBIENT + PR_CAP_AMBIENT_IS_SET ,
1025 return the nonnegative values described above.
1028 values return 0 on success.
1029 On error, \-1 is returned, and
1031 is set appropriately.
1041 .BR PR_SET_MM_EXE_FILE ,
1042 the file is not executable.
1050 .BR PR_SET_MM_EXE_FILE ,
1051 and the file descriptor passed in
1061 .BR PR_SET_MM_EXE_FILE ,
1062 and this the second attempt to change the
1064 symbolic link, which is prohibited.
1068 is an invalid address.
1073 .BR PR_SET_SECCOMP ,
1076 .BR SECCOMP_MODE_FILTER ,
1077 the system was built with
1078 .BR CONFIG_SECCOMP_FILTER ,
1081 is an invalid address.
1098 arguments were not specified as zero.
1102 is not valid value for this
1110 .BR PR_GET_SECCOMP ,
1111 and the kernel was not configured with
1112 .BR CONFIG_SECCOMP .
1117 .BR PR_SET_SECCOMP ,
1120 .BR SECCOMP_MODE_FILTER ,
1121 and the kernel was not configured with
1122 .BR CONFIG_SECCOMP_FILTER .
1128 and one of the following is true
1139 (the limit on the size of the user address space for this architecture);
1143 .BR PR_SET_MM_START_CODE ,
1144 .BR PR_SET_MM_END_CODE ,
1145 .BR PR_SET_MM_START_DATA ,
1146 .BR PR_SET_MM_END_DATA ,
1148 .BR PR_SET_MM_START_STACK ,
1149 and the permissions of the corresponding memory area are not as required;
1153 .BR PR_SET_MM_START_BRK
1158 is less than or equal to the end of the data segment
1159 or specifies a value that would cause the
1161 resource limit to be exceeded.
1171 .BR PR_SET_PTRACER_ANY ,
1172 or the PID of an existing process.
1180 is not a valid signal number.
1189 .B SUID_DUMP_DISABLE
1191 .BR SUID_DUMP_USER .
1200 .BR PR_TIMING_STATISTICAL .
1205 .BR PR_SET_NO_NEW_PRIVS
1219 .BR PR_GET_NO_NEW_PRIVS
1231 .BR PR_SET_THP_DISABLE
1242 .BR PR_GET_THP_DISABLE
1255 and an unused argument
1260 .BR PR_CAP_AMBIENT_CLEAR_ALL ,
1264 has an invalid value;
1268 .BR PR_CAP_AMBIENT_LOWER ,
1269 .BR PR_CAP_AMBIENT_RAISE ,
1271 .BR PR_CAP_AMBIENT_IS_SET
1274 does not specify a valid capability.
1279 .BR PR_MPX_ENABLE_MANAGEMENT
1281 .BR PR_MPX_DISABLE_MANAGEMENT
1282 and the kernel or the CPU does not support MPX management.
1283 Check that the kernel and processor have MPX support.
1288 .BR PR_SET_SECUREBITS ,
1289 and the caller does not have the
1292 or tried to unset a "locked" flag,
1293 or tried to set a flag whose corresponding locked flag was set
1295 .BR capabilities (7)).
1300 .BR PR_SET_KEEPCAPS ,
1302 .B SECURE_KEEP_CAPS_LOCKED
1305 .BR capabilities (7)).
1310 .BR PR_CAPBSET_DROP ,
1311 and the caller does not have the
1319 and the caller does not have the
1330 .BR PR_CAP_AMBIENT_RAISE ,
1331 but either the capability specified in
1333 is not present in the process's permitted and inheritable capability sets,
1335 .B PR_CAP_AMBIENT_LOWER
1336 securebit has been set.
1340 system call was introduced in Linux 2.1.57.
1341 .\" The library interface was added in glibc 2.0.6
1343 This call is Linux-specific.
1346 system call (also introduced in Linux 2.1.44
1347 as irix_prctl on the MIPS architecture),
1350 .BI "ptrdiff_t prctl(int " option ", int " arg2 ", int " arg3 );
1352 and options to get the maximum number of processes per user,
1353 get the maximum number of processors the calling process can use,
1354 find out whether a specified process is currently blocked,
1355 get or set the maximum stack size, and so on.