.\" Copyright (C) 1998 Andries Brouwer (aeb@cwi.nl)
-.\" and Copyright (C) 2002, 2006, 2008, 2012, 2013 Michael Kerrisk <mtk.manpages@gmail.com>
+.\" and Copyright (C) 2002, 2006, 2008, 2012, 2013, 2015 Michael Kerrisk <mtk.manpages@gmail.com>
.\" and Copyright Guillem Jover <guillem@hadrons.org>
+.\" and Copyright (C) 2010 Andi Kleen <andi@firstfloor.org>
+.\" and Copyright (C) 2012 Cyrill Gorcunov <gorcunov@openvz.org>
.\" and Copyright (C) 2014 Dave Hansen / Intel
+.\" and Copyright (c) 2016 Eugene Syromyatnikov <evgsyr@gmail.com>
+.\" and Copyright (c) 2018 Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
+.\" and Copyright (c) 2020 Dave Martin <Dave.Martin@arm.com>
.\"
-.\" %%%LICENSE_START(VERBATIM)
-.\" Permission is granted to make and distribute verbatim copies of this
-.\" manual provided the copyright notice and this permission notice are
-.\" preserved on all copies.
-.\"
-.\" Permission is granted to copy and distribute modified versions of this
-.\" manual under the conditions for verbatim copying, provided that the
-.\" entire resulting derived work is distributed under the terms of a
-.\" permission notice identical to this one.
-.\"
-.\" Since the Linux kernel and libraries are constantly changing, this
-.\" manual page may be incorrect or out-of-date. The author(s) assume no
-.\" responsibility for errors or omissions, or for damages resulting from
-.\" the use of the information contained herein. The author(s) may not
-.\" have taken the same level of care in the production of this manual,
-.\" which is licensed free of charge, as they might when working
-.\" professionally.
-.\"
-.\" Formatted or processed versions of this manual, if unaccompanied by
-.\" the source, must acknowledge the copyright and authors of this work.
-.\" %%%LICENSE_END
+.\" SPDX-License-Identifier: Linux-man-pages-copyleft
.\"
.\" Modified Thu Nov 11 04:19:42 MET 1999, aeb: added PR_GET_PDEATHSIG
.\" Modified 27 Jun 02, Michael Kerrisk
.\" 2014-11-10 Dave Hansen, document PR_MPX_{EN,DIS}ABLE_MANAGEMENT
.\"
.\"
-.TH PRCTL 2 2018-02-02 "Linux" "Linux Programmer's Manual"
+.TH prctl 2 (date) "Linux man-pages (unreleased)"
.SH NAME
-prctl \- operations on a process
+prctl \- operations on a process or thread
+.SH LIBRARY
+Standard C library
+.RI ( libc ", " \-lc )
.SH SYNOPSIS
.nf
.B #include <sys/prctl.h>
.fi
.SH DESCRIPTION
.BR prctl ()
+manipulates various aspects of the behavior
+of the calling thread or process.
+.PP
+Note that careless use of some
+.BR prctl ()
+operations can confuse the user-space run-time environment,
+so these operations should be used with care.
+.PP
+.BR prctl ()
is called with a first argument describing what to do
(with values defined in \fI<linux/prctl.h>\fP), and further
arguments with a significance depending on the first one.
The first argument can be:
.\"
+.\" prctl PR_CAP_AMBIENT
.TP
.BR PR_CAP_AMBIENT " (since Linux 4.3)"
.\" commit 58319057b7847667f0c9585b9de0e8932b0fdb08
.I arg3
is in the ambient set and 0 if it is not.
.TP
-.BR PR_CAP_AMBIENT_CLEAR_ALL
+.B PR_CAP_AMBIENT_CLEAR_ALL
All capabilities will be removed from the ambient set.
This operation requires setting
.I arg3
.BR cap_set_ambient (3),
and
.BR cap_reset_ambient (3).
+.\" prctl PR_CAPBSET_READ
.TP
.BR PR_CAPBSET_READ " (since Linux 2.6.25)"
Return (as the function result) 1 if the capability specified in
.BR libcap (3)
library in the form of
.BR cap_get_bound (3).
+.\" prctl PR_CAPBSET_DROP
.TP
.BR PR_CAPBSET_DROP " (since Linux 2.6.25)"
If the calling thread has the
.B EPERM
if the calling thread does not have the
.BR CAP_SETPCAP ;
-.BR EINVAL
+.B EINVAL
if
.I arg2
does not represent a valid capability; or
-.BR EINVAL
+.B EINVAL
if file capabilities are not enabled in the kernel,
in which case bounding sets are not supported.
.IP
.BR libcap (3)
library in the form of
.BR cap_drop_bound (3).
+.\" prctl PR_SET_CHILD_SUBREAPER
.TP
.BR PR_SET_CHILD_SUBREAPER " (since Linux 3.4)"
.\" commit ebec18a6d3aa1e7d84aab16225e87fd25170ec2b
.BR init (1)
for its descendant processes.
When a process becomes orphaned
-(i.e., its immediate parent terminates)
+(i.e., its immediate parent terminates),
then that process will be reparented to
the nearest still living ancestor subreaper.
Subsequently, calls to
-.BR getppid ()
+.BR getppid (2)
in the orphaned process will now return the PID of the subreaper process,
and when the orphan terminates, it is the subreaper process that
will receive a
-.BR SIGCHLD
+.B SIGCHLD
signal and will be able to
.BR wait (2)
on the process to discover its termination status.
.IP
-The setting of this bit is not inherited by children created by
+The setting of the "child subreaper" attribute
+is not inherited by children created by
.BR fork (2)
and
.BR clone (2).
frameworks (e.g.,
.BR systemd (1))
employ a subreaper process for similar reasons.
+.\" prctl PR_GET_CHILD_SUBREAPER
.TP
.BR PR_GET_CHILD_SUBREAPER " (since Linux 3.4)"
Return the "child subreaper" setting of the caller,
in the location pointed to by
-.IR "(int\ *) arg2" .
+.IR "(int\~*) arg2" .
+.\" prctl PR_SET_DUMPABLE
.TP
.BR PR_SET_DUMPABLE " (since Linux 2.3.20)"
-Set the state of the "dumpable" flag,
+Set the state of the "dumpable" attribute,
which determines whether core dumps are produced for the calling process
upon delivery of a signal whose default behavior is to produce a core dump.
.IP
-In kernels up to and including 2.6.12,
+Up to and including Linux 2.6.12,
.I arg2
must be either 0
.RB ( SUID_DUMP_DISABLE ,
process is not dumpable) or 1
.RB ( SUID_DUMP_USER ,
process is dumpable).
-Between kernels 2.6.13 and 2.6.17,
+Between Linux 2.6.13 and Linux 2.6.17,
.\" commit abf75a5033d4da7b8a7e92321d74021d1fcfb502
the value 2 was also permitted,
which caused any binary which normally would not be dumped
in
.BR proc (5).)
.IP
-Normally, this flag is set to 1.
+Normally, the "dumpable" attribute is set to 1.
However, it is reset to the current value contained in the file
-.IR /proc/sys/fs/\:suid_dumpable
+.I /proc/sys/fs/\:suid_dumpable
(which by default has the value 0),
in the following circumstances:
.\" See kernel/cred.c::commit_creds() (Linux 3.18 sources)
.RS
-.IP * 3
+.IP \(bu 3
The process's effective user or group ID is changed.
-.IP *
+.IP \(bu
The process's filesystem user or group ID is changed (see
.BR credentials (7)).
-.IP *
+.IP \(bu
The process executes
.RB ( execve (2))
a set-user-ID or set-group-ID program, resulting in a change
of either the effective user ID or the effective group ID.
-.IP *
+.IP \(bu
The process executes
.RB ( execve (2))
a program that has file capabilities (see
.IP
If a process is not dumpable,
the ownership of files in the process's
-.IR /proc/[pid]
+.IR /proc/ pid
directory is affected as described in
.BR proc (5).
+.\" prctl PR_GET_DUMPABLE
.TP
.BR PR_GET_DUMPABLE " (since Linux 2.3.20)"
Return (as the function result) the current state of the calling
-process's dumpable flag.
+process's dumpable attribute.
.\" Since Linux 2.6.13, the dumpable flag can have the value 2,
-.\" but in 2.6.13 PR_GET_DUMPABLE simply returns 1 if the dumpable
-.\" flags has a nonzero value. This was fixed in 2.6.14.
+.\" but in Linux 2.6.13 PR_GET_DUMPABLE simply returns 1 if the dumpable
+.\" flags has a nonzero value. This was fixed in Linux 2.6.14.
+.\" prctl PR_SET_ENDIAN
.TP
.BR PR_SET_ENDIAN " (since Linux 2.6.18, PowerPC only)"
Set the endian-ness of the calling process to the value given
or
.B PR_ENDIAN_PPC_LITTLE
(PowerPC pseudo little endian).
+.\" prctl PR_GET_ENDIAN
.TP
.BR PR_GET_ENDIAN " (since Linux 2.6.18, PowerPC only)"
Return the endian-ness of the calling process,
in the location pointed to by
-.IR "(int\ *) arg2" .
+.IR "(int\~*) arg2" .
+.\" prctl PR_SET_FP_MODE
.TP
.BR PR_SET_FP_MODE " (since Linux 4.0, only on MIPS)"
.\" commit 9791554b45a2acc28247f66a5fd5bbc212a6b8c8
argument is a bit mask describing the floating-point mode used:
.RS
.TP
-.BR PR_FP_MODE_FR
+.B PR_FP_MODE_FR
When this bit is
.I unset
(so called
.B FR=1
mode only.
.IP
-.IP
Applications that use the O32 FP32 ABI can operate only when this bit is
.I unset
.RB ( FR=0 ;
.I set
.RB ( FR=1 ).
Applications that use the O32 FPXX ABI can operate with either
-.BR FR=0
+.B FR=0
or
-.BR FR=1 .
+.B FR=1 .
.TP
-.BR PR_FP_MODE_FRE
+.B PR_FP_MODE_FRE
Enable emulation of 32-bit floating-point mode.
When this mode is enabled,
it emulates 32-bit floating-point operations
.IR arg3 ,
.IR arg4 ,
and
-.IR arg5
+.I arg5
are ignored.
+.\" prctl PR_GET_FP_MODE
.TP
.BR PR_GET_FP_MODE " (since Linux 4.0, only on MIPS)"
-Get the current floating-point mode (see the description of
+Return (as the function result)
+the current floating-point mode (see the description of
.B PR_SET_FP_MODE
for details).
.IP
.IR arg3 ,
.IR arg4 ,
and
-.IR arg5
+.I arg5
are ignored.
+.\" prctl PR_SET_FPEMU
.TP
.BR PR_SET_FPEMU " (since Linux 2.4.18, 2.5.9, only on ia64)"
Set floating-point emulation control bits to \fIarg2\fP.
to not emulate floating-point operations and send
.B SIGFPE
instead.
+.\" prctl PR_GET_FPEMU
.TP
.BR PR_GET_FPEMU " (since Linux 2.4.18, 2.5.9, only on ia64)"
Return floating-point emulation control bits,
in the location pointed to by
-.IR "(int\ *) arg2" .
+.IR "(int\~*) arg2" .
+.\" prctl PR_SET_FPEXC
.TP
.BR PR_SET_FPEXC " (since Linux 2.4.21, 2.5.32, only on PowerPC)"
Set floating-point exception mode to \fIarg2\fP.
\fBPR_FP_EXC_NONRECOV\fP for async nonrecoverable exception mode,
\fBPR_FP_EXC_ASYNC\fP for async recoverable exception mode,
\fBPR_FP_EXC_PRECISE\fP for precise exception mode.
+.\" prctl PR_GET_FPEXC
.TP
.BR PR_GET_FPEXC " (since Linux 2.4.21, 2.5.32, only on PowerPC)"
Return floating-point exception mode,
in the location pointed to by
-.IR "(int\ *) arg2" .
+.IR "(int\~*) arg2" .
+.\" prctl PR_SET_IO_FLUSHER
+.TP
+.BR PR_SET_IO_FLUSHER " (since Linux 5.6)"
+If a user process is involved in the block layer or filesystem I/O path,
+and can allocate memory while processing I/O requests it must set
+\fIarg2\fP to 1.
+This will put the process in the IO_FLUSHER state,
+which allows it special treatment to make progress when allocating memory.
+If \fIarg2\fP is 0, the process will clear the IO_FLUSHER state, and
+the default behavior will be used.
+.IP
+The calling process must have the
+.B CAP_SYS_RESOURCE
+capability.
+.IP
+.IR arg3 ,
+.IR arg4 ,
+and
+.I arg5
+must be zero.
+.IP
+The IO_FLUSHER state is inherited by a child process created via
+.BR fork (2)
+and is preserved across
+.BR execve (2).
+.IP
+Examples of IO_FLUSHER applications are FUSE daemons, SCSI device
+emulation daemons, and daemons that perform error handling like multipath
+path recovery applications.
+.\" prctl PR_GET_IO_FLUSHER
+.TP
+.B PR_GET_IO_FLUSHER (Since Linux 5.6)
+Return (as the function result) the IO_FLUSHER state of the caller.
+A value of 1 indicates that the caller is in the IO_FLUSHER state;
+0 indicates that the caller is not in the IO_FLUSHER state.
+.IP
+The calling process must have the
+.B CAP_SYS_RESOURCE
+capability.
+.IP
+.IR arg2 ,
+.IR arg3 ,
+.IR arg4 ,
+and
+.I arg5
+must be zero.
+.\" prctl PR_SET_KEEPCAPS
.TP
.BR PR_SET_KEEPCAPS " (since Linux 2.2.18)"
Set the state of the calling thread's "keep capabilities" flag.
-The effect if this flag is described in
+The effect of this flag is described in
.BR capabilities (7).
.I arg2
must be either 0 (clear the flag)
or 1 (set the flag).
The "keep capabilities" value will be reset to 0 on subsequent calls to
.BR execve (2).
+.\" prctl PR_GET_KEEPCAPS
.TP
.BR PR_GET_KEEPCAPS " (since Linux 2.2.18)"
Return (as the function result) the current state of the calling thread's
See
.BR capabilities (7)
for a description of this flag.
+.\" prctl PR_MCE_KILL
.TP
.BR PR_MCE_KILL " (since Linux 2.6.32)"
Set the machine check memory corruption kill policy for the calling thread.
See
.BR sigaction (2)
for more information on the
-.BR SIGBUS
+.B SIGBUS
signal.
The policy is inherited by children.
The remaining unused
.BR prctl ()
arguments must be zero for future compatibility.
+.\" prctl PR_MCE_KILL_GET
.TP
.BR PR_MCE_KILL_GET " (since Linux 2.6.32)"
-Return the current per-process machine check kill policy.
+Return (as the function result)
+the current per-process machine check kill policy.
All unused
.BR prctl ()
arguments must be zero.
+.\" prctl PR_SET_MM
.TP
.BR PR_SET_MM " (since Linux 3.3)"
.\" commit 028ee4be34a09a6d48bdf30ab991ae933a7bc036
where a program might find it useful to change its own memory map.
.IP
The calling process must have the
-.BR CAP_SYS_RESOURCE
+.B CAP_SYS_RESOURCE
capability.
The value in
.I arg2
Before Linux 3.10,
.\" commit 52b3694157e3aa6df871e283115652ec6f2d31e0
this feature is available only if the kernel is built with the
-.BR CONFIG_CHECKPOINT_RESTORE
+.B CONFIG_CHECKPOINT_RESTORE
option enabled.
.RS
.TP
-.BR PR_SET_MM_START_CODE
+.B PR_SET_MM_START_CODE
Set the address above which the program text can run.
The corresponding memory area must be readable and executable,
but not writable or shareable (see
.BR mmap (2)
for more information).
.TP
-.BR PR_SET_MM_END_CODE
+.B PR_SET_MM_END_CODE
Set the address below which the program text can run.
The corresponding memory area must be readable and executable,
but not writable or shareable.
.TP
-.BR PR_SET_MM_START_DATA
+.B PR_SET_MM_START_DATA
Set the address above which initialized and
uninitialized (bss) data are placed.
The corresponding memory area must be readable and writable,
The corresponding memory area must be readable and writable,
but not executable or shareable.
.TP
-.BR PR_SET_MM_START_STACK
+.B PR_SET_MM_START_STACK
Set the start address of the stack.
The corresponding memory area must be readable and writable.
.TP
-.BR PR_SET_MM_START_BRK
+.B PR_SET_MM_START_BRK
Set the address above which the program heap can be expanded with
.BR brk (2)
call.
the current program data segment.
In addition, the combined size of the resulting heap and
the size of the data segment can't exceed the
-.BR RLIMIT_DATA
+.B RLIMIT_DATA
resource limit (see
.BR setrlimit (2)).
.TP
-.BR PR_SET_MM_BRK
+.B PR_SET_MM_BRK
Set the current
.BR brk (2)
value.
The requirements for the address are the same as for the
-.BR PR_SET_MM_START_BRK
+.B PR_SET_MM_START_BRK
option.
.PP
The following options are available since Linux 3.5.
.\" commit fe8c7f5cbf91124987106faa3bdf0c8b955c4cf7
.TP
-.BR PR_SET_MM_ARG_START
+.B PR_SET_MM_ARG_START
Set the address above which the program command line is placed.
.TP
-.BR PR_SET_MM_ARG_END
+.B PR_SET_MM_ARG_END
Set the address below which the program command line is placed.
.TP
-.BR PR_SET_MM_ENV_START
+.B PR_SET_MM_ENV_START
Set the address above which the program environment is placed.
.TP
-.BR PR_SET_MM_ENV_END
+.B PR_SET_MM_ENV_END
Set the address below which the program environment is placed.
.IP
The address passed with
.BR PR_SET_MM_ARG_END ,
.BR PR_SET_MM_ENV_START ,
and
-.BR PR_SET_MM_ENV_END
+.B PR_SET_MM_ENV_END
should belong to a process stack area.
Thus, the corresponding memory area must be readable, writable, and
(depending on the kernel configuration) have the
-.BR MAP_GROWSDOWN
+.B MAP_GROWSDOWN
attribute set (see
.BR mmap (2)).
.TP
-.BR PR_SET_MM_AUXV
+.B PR_SET_MM_AUXV
Set a new auxiliary vector.
The
.I arg3
.I arg4
is the size of the vector.
.TP
-.BR PR_SET_MM_EXE_FILE
+.B PR_SET_MM_EXE_FILE
.\" commit b32dfe377102ce668775f8b6b1461f7ad428f8b6
Supersede the
-.IR /proc/pid/exe
+.IR /proc/ pid /exe
symbolic link with a new one pointing to a new executable file
identified by the file descriptor provided in
.I arg3
executable memory areas, including those created by the kernel itself
(for example the kernel usually creates at least one executable
memory area for the ELF
-.IR \.text
+.I \.text
section).
.IP
In Linux 4.9 and earlier, the
.\" commit 3fb4afd9a504c2386b8435028d43283216bf588e
-.BR PR_SET_MM_EXE_FILE
+.B PR_SET_MM_EXE_FILE
operation can be performed only once in a process's lifetime;
attempting to perform the operation a second time results in the error
.BR EPERM .
The following options are available since Linux 3.18.
.\" commit f606b77f1a9e362451aca8f81d8f36a3a112139e
.TP
-.BR PR_SET_MM_MAP
+.B PR_SET_MM_MAP
Provides one-shot access to all the addresses by passing in a
.I struct prctl_mm_map
(as defined in \fI<linux/prctl.h>\fP).
argument should provide the size of the struct.
.IP
This feature is available only if the kernel is built with the
-.BR CONFIG_CHECKPOINT_RESTORE
+.B CONFIG_CHECKPOINT_RESTORE
option enabled.
.TP
-.BR PR_SET_MM_MAP_SIZE
+.B PR_SET_MM_MAP_SIZE
Returns the size of the
.I struct prctl_mm_map
the kernel expects.
argument should be a pointer to an unsigned int.
.IP
This feature is available only if the kernel is built with the
-.BR CONFIG_CHECKPOINT_RESTORE
+.B CONFIG_CHECKPOINT_RESTORE
option enabled.
.RE
+.\" prctl PR_MPX_ENABLE_MANAGEMENT
.TP
-.BR PR_MPX_ENABLE_MANAGEMENT ", " PR_MPX_DISABLE_MANAGEMENT " (since Linux 3.19) "
+.BR PR_MPX_ENABLE_MANAGEMENT ", " PR_MPX_DISABLE_MANAGEMENT " (since Linux 3.19, removed in Linux 5.4; only on x86)"
.\" commit fe3d197f84319d3bce379a9c0dc17b1f48ad358c
.\" See also http://lwn.net/Articles/582712/
.\" See also https://gcc.gnu.org/wiki/Intel%20MPX%20support%20in%20the%20GCC%20compiler
.IR arg3 ,
.IR arg4 ,
and
-.IR arg5
+.I arg5
.\" commit e9d1b4f3c60997fe197bf0243cb4a41a44387a88
arguments must be zero.
.IP
.IP
These calls fail if the CPU or kernel does not support MPX.
Kernel support for MPX is enabled via the
-.BR CONFIG_X86_INTEL_MPX
+.B CONFIG_X86_INTEL_MPX
configuration option.
-You can check whether the CPU supports MPX by looking for the 'mpx'
+You can check whether the CPU supports MPX by looking for the
+.I mpx
CPUID bit, like with the following command:
.IP
- cat /proc/cpuinfo | grep ' mpx '
+.in +4n
+.EX
+cat /proc/cpuinfo | grep \(aq mpx \(aq
+.EE
+.in
.IP
A thread may not switch in or out of long (64-bit) mode while MPX is
enabled.
During
.BR execve (2),
MPX management is reset to a state as if
-.BR PR_MPX_DISABLE_MANAGEMENT
+.B PR_MPX_DISABLE_MANAGEMENT
had been called.
.IP
For further information on Intel MPX, see the kernel source file
.IR Documentation/x86/intel_mpx.txt .
+.IP
+.\" commit f240652b6032b48ad7fa35c5e701cc4c8d697c0b
+.\" See also https://lkml.kernel.org/r/20190705175321.DB42F0AD@viggo.jf.intel.com
+Due to a lack of toolchain support,
+.BR PR_MPX_ENABLE_MANAGEMENT " and " PR_MPX_DISABLE_MANAGEMENT
+are not supported in Linux 5.4 and later.
+.\" prctl PR_SET_NAME
.TP
.BR PR_SET_NAME " (since Linux 2.6.9)"
Set the name of the calling thread,
using the value in the location pointed to by
-.IR "(char\ *) arg2" .
+.IR "(char\~*) arg2" .
The name can be up to 16 bytes long,
.\" TASK_COMM_LEN in include/linux/sched.h
including the terminating null byte.
and retrieved using
.BR pthread_getname_np (3).
The attribute is likewise accessible via
-.IR /proc/self/task/[tid]/comm ,
+.IR /proc/self/task/ tid /comm
+(see
+.BR proc (5)),
where
.I tid
-is the name of the calling thread.
+is the thread ID of the calling thread, as returned by
+.BR gettid (2).
+.\" prctl PR_GET_NAME
.TP
.BR PR_GET_NAME " (since Linux 2.6.11)"
Return the name of the calling thread,
in the buffer pointed to by
-.IR "(char\ *) arg2" .
+.IR "(char\~*) arg2" .
The buffer should allow space for up to 16 bytes;
the returned string will be null-terminated.
+.\" prctl PR_SET_NO_NEW_PRIVS
.TP
.BR PR_SET_NO_NEW_PRIVS " (since Linux 3.5)"
Set the calling thread's
.I no_new_privs
-bit to the value in
+attribute to the value in
.IR arg2 .
With
.I no_new_privs
call (for example,
rendering the set-user-ID and set-group-ID mode bits,
and file capabilities non-functional).
-Once set, this bit cannot be unset.
-The setting of this bit is inherited by children created by
+Once set, the
+.I no_new_privs
+attribute cannot be unset.
+The setting of this attribute is inherited by children created by
.BR fork (2)
and
.BR clone (2),
Since Linux 4.10,
the value of a thread's
.I no_new_privs
-bit can be viewed via the
+attribute can be viewed via the
.I NoNewPrivs
field in the
-.IR /proc/[pid]/status
+.IR /proc/ pid /status
file.
.IP
For more information, see the kernel source file
-.IR Documentation/userspace\-api/no_new_privs.rst
+.I Documentation/userspace\-api/no_new_privs.rst
.\" commit 40fde647ccb0ae8c11d256d271e24d385eed595b
(or
-.IR Documentation/prctl/no_new_privs.txt
+.I Documentation/prctl/no_new_privs.txt
before Linux 4.13).
See also
.BR seccomp (2).
+.\" prctl PR_GET_NO_NEW_PRIVS
.TP
.BR PR_GET_NO_NEW_PRIVS " (since Linux 3.5)"
Return (as the function result) the value of the
.I no_new_privs
-bit for the calling thread.
+attribute for the calling thread.
A value of 0 indicates the regular
.BR execve (2)
behavior.
A value of 1 indicates
.BR execve (2)
will operate in the privilege-restricting mode described above.
+.\" prctl PR_PAC_RESET_KEYS
+.\" commit ba830885656414101b2f8ca88786524d4bb5e8c1
+.TP
+.BR PR_PAC_RESET_KEYS " (since Linux 5.0, only on arm64)"
+Securely reset the thread's pointer authentication keys
+to fresh random values generated by the kernel.
+.IP
+The set of keys to be reset is specified by
+.IR arg2 ,
+which must be a logical OR of zero or more of the following:
+.RS
+.TP
+.B PR_PAC_APIAKEY
+instruction authentication key A
+.TP
+.B PR_PAC_APIBKEY
+instruction authentication key B
+.TP
+.B PR_PAC_APDAKEY
+data authentication key A
+.TP
+.B PR_PAC_APDBKEY
+data authentication key B
+.TP
+.B PR_PAC_APGAKEY
+generic authentication \(lqA\(rq key.
+.IP
+(Yes folks, there really is no generic B key.)
+.RE
+.IP
+As a special case, if
+.I arg2
+is zero, then all the keys are reset.
+Since new keys could be added in future,
+this is the recommended way to completely wipe the existing keys
+when establishing a clean execution context.
+Note that there is no need to use
+.B PR_PAC_RESET_KEYS
+in preparation for calling
+.BR execve (2),
+since
+.BR execve (2)
+resets all the pointer authentication keys.
+.IP
+The remaining arguments
+.IR arg3 ", " arg4 ", and " arg5
+must all be zero.
+.IP
+If the arguments are invalid,
+and in particular if
+.I arg2
+contains set bits that are unrecognized
+or that correspond to a key not available on this platform,
+then the call fails with error
+.BR EINVAL .
+.IP
+.B Warning:
+Because the compiler or run-time environment
+may be using some or all of the keys,
+a successful
+.B PR_PAC_RESET_KEYS
+may crash the calling process.
+The conditions for using it safely are complex and system-dependent.
+Don't use it unless you know what you are doing.
+.IP
+For more information, see the kernel source file
+.I Documentation/arm64/pointer\-authentication.rst
+.\"commit b693d0b372afb39432e1c49ad7b3454855bc6bed
+(or
+.I Documentation/arm64/pointer\-authentication.txt
+before Linux 5.3).
+.\" prctl PR_SET_PDEATHSIG
.TP
.BR PR_SET_PDEATHSIG " (since Linux 2.1.57)"
-Set the parent death signal
+Set the parent-death signal
of the calling process to \fIarg2\fP (either a signal value
-in the range 1..maxsig, or 0 to clear).
+in the range 1..\c
+.BR NSIG "\-1" ,
+or 0 to clear).
This is the signal that the calling process will get when its
parent dies.
.IP
.BR pthread_exit (3)),
rather than after all of the threads in the parent process terminate.
.IP
-The parent death signal setting is cleared for the child of a
+The parent-death signal is sent upon subsequent termination of the parent
+thread and also upon termination of each subreaper process
+(see the description of
+.B PR_SET_CHILD_SUBREAPER
+above) to which the caller is subsequently reparented.
+If the parent thread and all ancestor subreapers have already terminated
+by the time of the
+.B PR_SET_PDEATHSIG
+operation, then no parent-death signal is sent to the caller.
+.IP
+The parent-death signal is process-directed (see
+.BR signal (7))
+and, if the child installs a handler using the
+.BR sigaction (2)
+.B SA_SIGINFO
+flag, the
+.I si_pid
+field of the
+.I siginfo_t
+argument of the handler contains the PID of the terminating parent process.
+.IP
+The parent-death signal setting is cleared for the child of a
.BR fork (2).
It is also
(since Linux 2.4.36 / 2.6.23)
.BR capabilities (7));
otherwise, this value is preserved across
.BR execve (2).
+The parent-death signal setting is also cleared upon changes to
+any of the following thread credentials:
+.\" FIXME capability changes can also trigger this; see
+.\" kernel/cred.c::commit_creds in the Linux 5.6 source.
+effective user ID, effective group ID, filesystem user ID,
+or filesystem group ID.
+.\" prctl PR_GET_PDEATHSIG
.TP
.BR PR_GET_PDEATHSIG " (since Linux 2.3.15)"
Return the current value of the parent process death signal,
in the location pointed to by
-.IR "(int\ *) arg2" .
+.IR "(int\~*) arg2" .
+.\" prctl PR_SET_PTRACER
.TP
.BR PR_SET_PTRACER " (since Linux 3.4)"
.\" commit 2d514487faf188938a4ee4fb3464eeecfbdcf8eb
calling process.
.IP
For further information, see the kernel source file
-.IR Documentation/admin\-guide/LSM/Yama.rst
+.I Documentation/admin\-guide/LSM/Yama.rst
.\" commit 90bb766440f2147486a2acc3e793d7b8348b0c22
(or
-.IR Documentation/security/Yama.txt
+.I Documentation/security/Yama.txt
before Linux 4.13).
+.\" prctl PR_SET_SECCOMP
.TP
.BR PR_SET_SECCOMP " (since Linux 2.6.23)"
.\" See http://thread.gmane.org/gmane.linux.kernel/542632
The more recent
.BR seccomp (2)
system call provides a superset of the functionality of
-.BR PR_SET_SECCOMP .
+.BR PR_SET_SECCOMP ,
+and is the preferred interface for new applications.
.IP
The seccomp mode is selected via
.IR arg2 .
(The seccomp constants are defined in
.IR <linux/seccomp.h> .)
+The following values can be specified:
+.RS
+.TP
+.BR SECCOMP_MODE_STRICT " (since Linux 2.6.23)"
+See the description of
+.B SECCOMP_SET_MODE_STRICT
+in
+.BR seccomp (2).
.IP
-With
-.IR arg2
-set to
-.BR SECCOMP_MODE_STRICT ,
-the only system calls that the thread is permitted to make are
-.BR read (2),
-.BR write (2),
-.BR _exit (2)
-(but not
-.BR exit_group (2)),
-and
-.BR sigreturn (2).
-Other system calls result in the delivery of a
-.BR SIGKILL
-signal.
-Strict secure computing mode is useful for number-crunching applications
-that may need to execute untrusted byte code,
-perhaps obtained by reading from a pipe or socket.
This operation is available only
if the kernel is configured with
.B CONFIG_SECCOMP
enabled.
-.IP
-With
-.IR arg2
-set to
-.BR SECCOMP_MODE_FILTER " (since Linux 3.5),"
-the system calls allowed are defined by a pointer
+.TP
+.BR SECCOMP_MODE_FILTER " (since Linux 3.5)"
+The allowed system calls are defined by a pointer
to a Berkeley Packet Filter passed in
.IR arg3 .
This argument is a pointer to
.IR "struct sock_fprog" ;
it can be designed to filter
arbitrary system calls and system call arguments.
-This mode is available only if the kernel is configured with
+See the description of
+.B SECCOMP_SET_MODE_FILTER
+in
+.BR seccomp (2).
+.IP
+This operation is available only
+if the kernel is configured with
.B CONFIG_SECCOMP_FILTER
enabled.
+.RE
.IP
-If
-.BR SECCOMP_MODE_FILTER
-filters permit
-.BR fork (2),
-then the seccomp mode is inherited by children created by
-.BR fork (2);
-if
-.BR execve (2)
-is permitted, then the seccomp mode is preserved across
-.BR execve (2).
-If the filters permit
-.BR prctl ()
-calls, then additional filters can be added;
-they are run in order until the first non-allow result is seen.
-.IP
-For further information, see the kernel source file
-.IR Documentation/userspace\-api/seccomp_filter.rst
-.\" commit c061f33f35be0ccc80f4b8e0aea5dfd2ed7e01a3
-(or
-.IR Documentation/prctl/seccomp_filter.txt
-before Linux 4.13).
+For further details on seccomp filtering, see
+.BR seccomp (2).
+.\" prctl PR_GET_SECCOMP
.TP
.BR PR_GET_SECCOMP " (since Linux 2.6.23)"
Return (as the function result)
signal to be sent to the process.
If the caller is in filter mode, and this system call is allowed by the
seccomp filters, it returns 2; otherwise, the process is killed with a
-.BR SIGKILL
+.B SIGKILL
signal.
+.IP
This operation is available only
if the kernel is configured with
.B CONFIG_SECCOMP
enabled.
.IP
Since Linux 3.8, the
-.IR Seccomp
+.I Seccomp
field of the
-.IR /proc/[pid]/status
+.IR /proc/ pid /status
file provides a method of obtaining the same information,
without the risk that the process is killed; see
.BR proc (5).
+.\" prctl PR_SET_SECUREBITS
.TP
.BR PR_SET_SECUREBITS " (since Linux 2.6.26)"
Set the "securebits" flags of the calling thread to the value supplied in
.IR arg2 .
See
.BR capabilities (7).
+.\" prctl PR_GET_SECUREBITS
.TP
.BR PR_GET_SECUREBITS " (since Linux 2.6.26)"
Return (as the function result)
the "securebits" flags of the calling thread.
See
.BR capabilities (7).
+.\" prctl PR_GET_SPECULATION_CTRL
.TP
.BR PR_GET_SPECULATION_CTRL " (since Linux 4.17)"
-Returns the state of the speculation misfeature specified in
+Return (as the function result)
+the state of the speculation misfeature specified in
.IR arg2 .
Currently, the only permitted value for this argument is
-.BR PR_SPEC_STORE_BYPASS
+.B PR_SPEC_STORE_BYPASS
(otherwise the call fails with the error
.BR ENODEV ).
.IP
The return value uses bits 0-3 with the following meaning:
.RS
.TP
-.BR PR_SPEC_PRCTL
+.B PR_SPEC_PRCTL
Mitigation can be controlled per thread by
-.B PR_SET_SPECULATION_CTRL
+.BR PR_SET_SPECULATION_CTRL .
.TP
-.BR PR_SPEC_ENABLE
+.B PR_SPEC_ENABLE
The speculation feature is enabled, mitigation is disabled.
.TP
-.BR PR_SPEC_DISABLE
-The speculation feature is disabled, mitigation is enabled
+.B PR_SPEC_DISABLE
+The speculation feature is disabled, mitigation is enabled.
.TP
-.BR PR_SPEC_FORCE_DISABLE
+.B PR_SPEC_FORCE_DISABLE
Same as
.B PR_SPEC_DISABLE
but cannot be undone.
+.TP
+.BR PR_SPEC_DISABLE_NOEXEC " (since Linux 5.1)"
+Same as
+.BR PR_SPEC_DISABLE ,
+but the state will be cleared on
+.BR execve (2).
.RE
.IP
If all bits are 0,
.I arg5
arguments must be specified as 0; otherwise the call fails with the error
.BR EINVAL .
+.\" prctl PR_SET_SPECULATION_CTRL
.TP
.BR PR_SET_SPECULATION_CTRL " (since Linux 4.17)"
.\" commit b617cfc858161140d69cc0b5cc211996b557a1c7
.\" commit 356e4bfff2c5489e016fdb925adbf12a1e3950ee
Sets the state of the speculation misfeature specified in
.IR arg2 .
-Currently, the only permitted value for this argument is
+The speculation-misfeature settings are per-thread attributes.
+.IP
+Currently,
+.I arg2
+must be one of:
+.RS
+.TP
.B PR_SPEC_STORE_BYPASS
-(otherwise the call fails with the error
-.BR ENODEV ).
-This setting is a per-thread attribute.
+Set the state of the speculative store bypass misfeature.
+.\" commit 9137bb27e60e554dab694eafa4cca241fa3a694f
+.TP
+.BR PR_SPEC_INDIRECT_BRANCH " (since Linux 4.20)"
+Set the state of the indirect branch speculation misfeature.
+.RE
+.IP
+If
+.I arg2
+does not have one of the above values,
+then the call fails with the error
+.BR ENODEV .
+.IP
The
-.IR arg3
+.I arg3
argument is used to hand in the control value,
which is one of the following:
.RS
.TP
-.BR PR_SPEC_ENABLE
+.B PR_SPEC_ENABLE
The speculation feature is enabled, mitigation is disabled.
.TP
-.BR PR_SPEC_DISABLE
-The speculation feature is disabled, mitigation is enabled
+.B PR_SPEC_DISABLE
+The speculation feature is disabled, mitigation is enabled.
.TP
-.BR PR_SPEC_FORCE_DISABLE
+.B PR_SPEC_FORCE_DISABLE
Same as
-.B PR_SPEC_DISABLE
+.BR PR_SPEC_DISABLE ,
but cannot be undone.
A subsequent
-.B
-prctl(..., PR_SPEC_ENABLE)
+.BR prctl (\c
+.IR arg2 ,
+.BR PR_SPEC_ENABLE )
+with the same value for
+.I arg2
will fail with the error
.BR EPERM .
+.\" commit 71368af9027f18fe5d1c6f372cfdff7e4bde8b48
+.TP
+.BR PR_SPEC_DISABLE_NOEXEC " (since Linux 5.1)"
+Same as
+.BR PR_SPEC_DISABLE ,
+but the state will be cleared on
+.BR execve (2).
+Currently only supported for
+.I arg2
+equal to
+.B PR_SPEC_STORE_BYPASS.
.RE
.IP
-Any other value in
-.IR arg3
+Any unsupported value in
+.I arg3
will result in the call failing with the error
.BR ERANGE .
.IP
.B spec_store_bypass_disable
boot parameter.
This parameter may enforce a read-only policy which will result in the
-.BR prctl (2)
+.BR prctl ()
call failing with the error
.BR ENXIO .
For further details, see the kernel source file
-.IR Documentation/admin-guide/kernel-parameters.txt .
+.IR Documentation/admin\-guide/kernel\-parameters.txt .
+.\" prctl PR_SVE_SET_VL
+.\" commit 2d2123bc7c7f843aa9db87720de159a049839862
+.\" linux-5.6/Documentation/arm64/sve.rst
+.TP
+.BR PR_SVE_SET_VL " (since Linux 4.15, only on arm64)"
+Configure the thread's SVE vector length,
+as specified by
+.IR "(int) arg2" .
+Arguments
+.IR arg3 ,
+.IR arg4 ,
+and
+.I arg5
+are ignored.
+.IP
+The bits of
+.I arg2
+corresponding to
+.B PR_SVE_VL_LEN_MASK
+must be set to the desired vector length in bytes.
+This is interpreted as an upper bound:
+the kernel will select the greatest available vector length
+that does not exceed the value specified.
+In particular, specifying
+.B SVE_VL_MAX
+(defined in
+.I <asm/sigcontext.h>)
+for the
+.B PR_SVE_VL_LEN_MASK
+bits requests the maximum supported vector length.
+.IP
+In addition, the other bits of
+.I arg2
+must be set to one of the following combinations of flags:
+.RS
.TP
-.BR PR_SET_THP_DISABLE " (since Linux 3.15)"
-.\" commit a0715cc22601e8830ace98366c0c2bd8da52af52
-Set the state of the "THP disable" flag for the calling thread.
-If
+.B 0
+Perform the change immediately.
+At the next
+.BR execve (2)
+in the thread,
+the vector length will be reset to the value configured in
+.IR /proc/sys/abi/sve_default_vector_length .
+.TP
+.B PR_SVE_VL_INHERIT
+Perform the change immediately.
+Subsequent
+.BR execve (2)
+calls will preserve the new vector length.
+.TP
+.B PR_SVE_SET_VL_ONEXEC
+Defer the change, so that it is performed at the next
+.BR execve (2)
+in the thread.
+Further
+.BR execve (2)
+calls will reset the vector length to the value configured in
+.IR /proc/sys/abi/sve_default_vector_length .
+.TP
+.B "PR_SVE_SET_VL_ONEXEC | PR_SVE_VL_INHERIT"
+Defer the change, so that it is performed at the next
+.BR execve (2)
+in the thread.
+Further
+.BR execve (2)
+calls will preserve the new vector length.
+.RE
+.IP
+In all cases,
+any previously pending deferred change is canceled.
+.IP
+The call fails with error
+.B EINVAL
+if SVE is not supported on the platform, if
.I arg2
-has a nonzero value, the flag is set, otherwise it is cleared.
-Setting this flag provides a method
-for disabling transparent huge pages
-for jobs where the code cannot be modified, and using a malloc hook with
-.BR madvise (2)
-is not an option (i.e., statically allocated data).
-The setting of the "THP disable" flag is inherited by a child created via
+is unrecognized or invalid, or the value in the bits of
+.I arg2
+corresponding to
+.B PR_SVE_VL_LEN_MASK
+is outside the range
+.BR SVE_VL_MIN .. SVE_VL_MAX
+or is not a multiple of 16.
+.IP
+On success,
+a nonnegative value is returned that describes the
+.I selected
+configuration.
+If
+.B PR_SVE_SET_VL_ONEXEC
+was included in
+.IR arg2 ,
+then the configuration described by the return value
+will take effect at the next
+.BR execve (2).
+Otherwise, the configuration is already in effect when the
+.B PR_SVE_SET_VL
+call returns.
+In either case, the value is encoded in the same way as the return value of
+.BR PR_SVE_GET_VL .
+Note that there is no explicit flag in the return value
+corresponding to
+.BR PR_SVE_SET_VL_ONEXEC .
+.IP
+The configuration (including any pending deferred change)
+is inherited across
.BR fork (2)
-and is preserved across
+and
+.BR clone (2).
+.IP
+For more information, see the kernel source file
+.I Documentation/arm64/sve.rst
+.\"commit b693d0b372afb39432e1c49ad7b3454855bc6bed
+(or
+.I Documentation/arm64/sve.txt
+before Linux 5.3).
+.IP
+.B Warning:
+Because the compiler or run-time environment
+may be using SVE, using this call without the
+.B PR_SVE_SET_VL_ONEXEC
+flag may crash the calling process.
+The conditions for using it safely are complex and system-dependent.
+Don't use it unless you really know what you are doing.
+.\" prctl PR_SVE_GET_VL
+.TP
+.BR PR_SVE_GET_VL " (since Linux 4.15, only on arm64)"
+Get the thread's current SVE vector length configuration.
+.IP
+Arguments
+.IR arg2 ", " arg3 ", " arg4 ", and " arg5
+are ignored.
+.IP
+Provided that the kernel and platform support SVE,
+this operation always succeeds,
+returning a nonnegative value that describes the
+.I current
+configuration.
+The bits corresponding to
+.B PR_SVE_VL_LEN_MASK
+contain the currently configured vector length in bytes.
+The bit corresponding to
+.B PR_SVE_VL_INHERIT
+indicates whether the vector length will be inherited
+across
.BR execve (2).
+.IP
+Note that there is no way to determine whether there is
+a pending vector length change that has not yet taken effect.
+.IP
+For more information, see the kernel source file
+.I Documentation/arm64/sve.rst
+.\"commit b693d0b372afb39432e1c49ad7b3454855bc6bed
+(or
+.I Documentation/arm64/sve.txt
+before Linux 5.3).
+.TP
+.\" prctl PR_SET_SYSCALL_USER_DISPATCH
+.\" commit 1446e1df9eb183fdf81c3f0715402f1d7595d4
+.BR PR_SET_SYSCALL_USER_DISPATCH " (since Linux 5.11, x86 only)"
+Configure the Syscall User Dispatch mechanism
+for the calling thread.
+This mechanism allows an application
+to selectively intercept system calls
+so that they can be handled within the application itself.
+Interception takes the form of a thread-directed
+.B SIGSYS
+signal that is delivered to the thread
+when it makes a system call.
+If intercepted,
+the system call is not executed by the kernel.
+.IP
+To enable this mechanism,
+.I arg2
+should be set to
+.BR PR_SYS_DISPATCH_ON .
+Once enabled, further system calls will be selectively intercepted,
+depending on a control variable provided by user space.
+In this case,
+.I arg3
+and
+.I arg4
+respectively identify the
+.I offset
+and
+.I length
+of a single contiguous memory region in the process address space
+from where system calls are always allowed to be executed,
+regardless of the control variable.
+(Typically, this area would include the area of memory
+containing the C library.)
+.IP
+.I arg5
+points to a char-sized variable
+that is a fast switch to allow/block system call execution
+without the overhead of doing another system call
+to re-configure Syscall User Dispatch.
+This control variable can either be set to
+.B SYSCALL_DISPATCH_FILTER_BLOCK
+to block system calls from executing
+or to
+.B SYSCALL_DISPATCH_FILTER_ALLOW
+to temporarily allow them to be executed.
+This value is checked by the kernel
+on every system call entry,
+and any unexpected value will raise
+an uncatchable
+.B SIGSYS
+at that time,
+killing the application.
+.IP
+When a system call is intercepted,
+the kernel sends a thread-directed
+.B SIGSYS
+signal to the triggering thread.
+Various fields will be set in the
+.I siginfo_t
+structure (see
+.BR sigaction (2))
+associated with the signal:
+.RS
+.IP \(bu 3
+.I si_signo
+will contain
+.BR SIGSYS .
+.IP \(bu
+.I si_call_addr
+will show the address of the system call instruction.
+.IP \(bu
+.I si_syscall
+and
+.I si_arch
+will indicate which system call was attempted.
+.IP \(bu
+.I si_code
+will contain
+.BR SYS_USER_DISPATCH .
+.IP \(bu
+.I si_errno
+will be set to 0.
+.RE
+.IP
+The program counter will be as though the system call happened
+(i.e., the program counter will not point to the system call instruction).
+.IP
+When the signal handler returns to the kernel,
+the system call completes immediately
+and returns to the calling thread,
+without actually being executed.
+If necessary
+(i.e., when emulating the system call on user space.),
+the signal handler should set the system call return value
+to a sane value,
+by modifying the register context stored in the
+.I ucontext
+argument of the signal handler.
+See
+.BR sigaction (2),
+.BR sigreturn (2),
+and
+.BR getcontext (3)
+for more information.
+.IP
+If
+.I arg2
+is set to
+.BR PR_SYS_DISPATCH_OFF ,
+Syscall User Dispatch is disabled for that thread.
+the remaining arguments must be set to 0.
+.IP
+The setting is not preserved across
+.BR fork (2),
+.BR clone (2),
+or
+.BR execve (2).
+.IP
+For more information,
+see the kernel source file
+.I Documentation/admin-guide/syscall\-user\-dispatch.rst
+.\" prctl PR_SET_TAGGED_ADDR_CTRL
+.\" commit 63f0c60379650d82250f22e4cf4137ef3dc4f43d
+.TP
+.BR PR_SET_TAGGED_ADDR_CTRL " (since Linux 5.4, only on arm64)"
+Controls support for passing tagged user-space addresses to the kernel
+(i.e., addresses where bits 56\(em63 are not all zero).
+.IP
+The level of support is selected by
+.IR "arg2" ,
+which can be one of the following:
+.RS
+.TP
+.B 0
+Addresses that are passed
+for the purpose of being dereferenced by the kernel
+must be untagged.
+.TP
+.B PR_TAGGED_ADDR_ENABLE
+Addresses that are passed
+for the purpose of being dereferenced by the kernel
+may be tagged, with the exceptions summarized below.
+.RE
+.IP
+The remaining arguments
+.IR arg3 ", " arg4 ", and " arg5
+must all be zero.
+.\" Enforcement added in
+.\" commit 3e91ec89f527b9870fe42dcbdb74fd389d123a95
+.IP
+On success, the mode specified in
+.I arg2
+is set for the calling thread and the return value is 0.
+If the arguments are invalid,
+the mode specified in
+.I arg2
+is unrecognized,
+or if this feature is unsupported by the kernel
+or disabled via
+.IR /proc/sys/abi/tagged_addr_disabled ,
+the call fails with the error
+.BR EINVAL .
+.IP
+In particular, if
+.BR prctl ( PR_SET_TAGGED_ADDR_CTRL ,
+0, 0, 0, 0)
+fails with
+.BR EINVAL ,
+then all addresses passed to the kernel must be untagged.
+.IP
+Irrespective of which mode is set,
+addresses passed to certain interfaces
+must always be untagged:
+.RS
+.IP \(bu 3
+.BR brk (2),
+.BR mmap (2),
+.BR shmat (2),
+.BR shmdt (2),
+and the
+.I new_address
+argument of
+.BR mremap (2).
+.IP
+(Prior to Linux 5.6 these accepted tagged addresses,
+but the behaviour may not be what you expect.
+Don't rely on it.)
+.IP \(bu
+\(oqpolymorphic\(cq interfaces
+that accept pointers to arbitrary types cast to a
+.I void *
+or other generic type, specifically
+.BR prctl (),
+.BR ioctl (2),
+and in general
+.BR setsockopt (2)
+(only certain specific
+.BR setsockopt (2)
+options allow tagged addresses).
+.RE
+.IP
+This list of exclusions may shrink
+when moving from one kernel version to a later kernel version.
+While the kernel may make some guarantees
+for backwards compatibility reasons,
+for the purposes of new software
+the effect of passing tagged addresses to these interfaces
+is unspecified.
+.IP
+The mode set by this call is inherited across
+.BR fork (2)
+and
+.BR clone (2).
+The mode is reset by
+.BR execve (2)
+to 0
+(i.e., tagged addresses not permitted in the user/kernel ABI).
+.IP
+For more information, see the kernel source file
+.IR Documentation/arm64/tagged\-address\-abi.rst .
+.IP
+.B Warning:
+This call is primarily intended for use by the run-time environment.
+A successful
+.B PR_SET_TAGGED_ADDR_CTRL
+call elsewhere may crash the calling process.
+The conditions for using it safely are complex and system-dependent.
+Don't use it unless you know what you are doing.
+.\" prctl PR_GET_TAGGED_ADDR_CTRL
+.\" commit 63f0c60379650d82250f22e4cf4137ef3dc4f43d
+.TP
+.BR PR_GET_TAGGED_ADDR_CTRL " (since Linux 5.4, only on arm64)"
+Returns the current tagged address mode
+for the calling thread.
+.IP
+Arguments
+.IR arg2 ", " arg3 ", " arg4 ", and " arg5
+must all be zero.
+.IP
+If the arguments are invalid
+or this feature is disabled or unsupported by the kernel,
+the call fails with
+.BR EINVAL .
+In particular, if
+.BR prctl ( PR_GET_TAGGED_ADDR_CTRL ,
+0, 0, 0, 0)
+fails with
+.BR EINVAL ,
+then this feature is definitely either unsupported,
+or disabled via
+.IR /proc/sys/abi/tagged_addr_disabled .
+In this case,
+all addresses passed to the kernel must be untagged.
+.IP
+Otherwise, the call returns a nonnegative value
+describing the current tagged address mode,
+encoded in the same way as the
+.I arg2
+argument of
+.BR PR_SET_TAGGED_ADDR_CTRL .
+.IP
+For more information, see the kernel source file
+.IR Documentation/arm64/tagged\-address\-abi.rst .
.\"
+.\" prctl PR_TASK_PERF_EVENTS_DISABLE
.TP
.BR PR_TASK_PERF_EVENTS_DISABLE " (since Linux 2.6.31)"
Disable all performance counters attached to the calling process,
renamed (retaining the same numerical value)
in Linux 2.6.32.
.\"
+.\" prctl PR_TASK_PERF_EVENTS_ENABLE
.TP
.BR PR_TASK_PERF_EVENTS_ENABLE " (since Linux 2.6.31)"
The converse of
.\" commit cdd6c482c9ff9c55475ee7392ec8f672eddb7be6
in Linux 2.6.32.
.\"
+.\" prctl PR_SET_THP_DISABLE
+.TP
+.BR PR_SET_THP_DISABLE " (since Linux 3.15)"
+.\" commit a0715cc22601e8830ace98366c0c2bd8da52af52
+Set the state of the "THP disable" flag for the calling thread.
+If
+.I arg2
+has a nonzero value, the flag is set, otherwise it is cleared.
+Setting this flag provides a method
+for disabling transparent huge pages
+for jobs where the code cannot be modified, and using a malloc hook with
+.BR madvise (2)
+is not an option (i.e., statically allocated data).
+The setting of the "THP disable" flag is inherited by a child created via
+.BR fork (2)
+and is preserved across
+.BR execve (2).
+.\" prctl PR_GET_THP_DISABLE
.TP
.BR PR_GET_THP_DISABLE " (since Linux 3.15)"
-Return (via the function result) the current setting of the "THP disable"
+Return (as the function result) the current setting of the "THP disable"
flag for the calling thread:
either 1, if the flag is set, or 0, if it is not.
+.\" prctl PR_GET_TID_ADDRESS
.TP
.BR PR_GET_TID_ADDRESS " (since Linux 3.5)"
.\" commit 300f786b2683f8bb1ec0afb6e1851183a479c86d
-Retrieve the
+Return the
.I clear_child_tid
address set by
.BR set_tid_address (2)
.BR clone (2)
.B CLONE_CHILD_CLEARTID
flag, in the location pointed to by
-.IR "(int\ **)\ arg2" .
+.IR "(int\~**)\~arg2" .
This feature is available only if the kernel is built with the
-.BR CONFIG_CHECKPOINT_RESTORE
+.B CONFIG_CHECKPOINT_RESTORE
option enabled.
Note that since the
.BR prctl ()
the AMD64 x32 and MIPS n32 ABIs,
and the kernel writes out a pointer using the kernel's pointer size,
this operation expects a user-space buffer of 8 (not 4) bytes on these ABIs.
+.\" prctl PR_SET_TIMERSLACK
.TP
.BR PR_SET_TIMERSLACK " (since Linux 2.6.28)"
.\" See https://lwn.net/Articles/369549/
Each thread has two associated timer slack values:
a "default" value, and a "current" value.
This operation sets the "current" timer slack value for the calling thread.
+.I arg2
+is an unsigned long value, then maximum "current" value is ULONG_MAX and
+the minimum "current" value is 1.
If the nanosecond value supplied in
-.IR arg2
+.I arg2
is greater than zero, then the "current" value is set to this value.
If
.I arg2
-is less than or equal to zero,
-.\" It seems that it's not possible to set the timer slack to zero;
-.\" The minimum value is 1? Seems a little strange.
+is equal to zero,
the "current" timer slack is reset to the
thread's "default" timer slack value.
.IP
.BR PR_SET_TIMERSLACK .
The "default" value can't be changed.
The timer slack values of
-.IR init
+.I init
(PID 1), the ancestor of all processes,
are 50,000 nanoseconds (50 microseconds).
-The timer slack values are preserved across
+The timer slack value is inherited by a child created via
+.BR fork (2),
+and is preserved across
.BR execve (2).
.IP
Since Linux 4.6, the "current" timer slack value of any process
can be examined and changed via the file
-.IR /proc/[pid]/timerslack_ns .
+.IR /proc/ pid /timerslack_ns .
See
.BR proc (5).
+.\" prctl PR_GET_TIMERSLACK
.TP
.BR PR_GET_TIMERSLACK " (since Linux 2.6.28)"
Return (as the function result)
the "current" timer slack value of the calling thread.
+.\" prctl PR_SET_TIMING
.TP
.BR PR_SET_TIMING " (since Linux 2.6.0)"
.\" Precisely: Linux 2.6.0-test4
is not currently implemented
(attempting to set this mode will yield the error
.BR EINVAL ).
-.\" PR_TIMING_TIMESTAMP doesn't do anything in 2.6.26-rc8,
+.\" PR_TIMING_TIMESTAMP doesn't do anything in Linux 2.6.26-rc8,
.\" and looking at the patch history, it appears
.\" that it never did anything.
+.\" prctl PR_GET_TIMING
.TP
.BR PR_GET_TIMING " (since Linux 2.6.0)"
.\" Precisely: Linux 2.6.0-test4
Return (as the function result) which process timing method is currently
in use.
+.\" prctl PR_SET_TSC
.TP
.BR PR_SET_TSC " (since Linux 2.6.26, x86 only)"
Set the state of the flag determining whether the timestamp counter
to generate a
.B SIGSEGV
when the process tries to read the timestamp counter.
+.\" prctl PR_GET_TSC
.TP
.BR PR_GET_TSC " (since Linux 2.6.26, x86 only)"
Return the state of the flag determining whether the timestamp counter
can be read,
in the location pointed to by
-.IR "(int\ *) arg2" .
+.IR "(int\~*) arg2" .
+.\" prctl PR_SET_UNALIGN
.TP
.B PR_SET_UNALIGN
(Only on: ia64, since Linux 2.3.48; parisc, since Linux 2.6.15;
of 4 and no corresponding named constant,
which instructs kernel to not fix up
unaligned accesses (it is analogous to providing the
-.BR UAC_NOFIX
+.B UAC_NOFIX
flag in
-.BR SSI_NVPAIRS
+.B SSI_NVPAIRS
operation of the
.BR setsysinfo ()
system call on Tru64).
+.\" prctl PR_GET_UNALIGN
.TP
.B PR_GET_UNALIGN
-(see
+(See
.B PR_SET_UNALIGN
-for information on versions and architectures)
+for information on versions and architectures.)
Return unaligned access control bits, in the location pointed to by
-.IR "(unsigned int\ *) arg2" .
+.IR "(unsigned int\~*) arg2" .
.SH RETURN VALUE
On success,
+.BR PR_CAP_AMBIENT + PR_CAP_AMBIENT_IS_SET ,
+.BR PR_CAPBSET_READ ,
.BR PR_GET_DUMPABLE ,
+.BR PR_GET_FP_MODE ,
+.BR PR_GET_IO_FLUSHER ,
.BR PR_GET_KEEPCAPS ,
+.BR PR_MCE_KILL_GET ,
.BR PR_GET_NO_NEW_PRIVS ,
+.BR PR_GET_SECUREBITS ,
+.BR PR_GET_SPECULATION_CTRL ,
+.BR PR_SVE_GET_VL ,
+.BR PR_SVE_SET_VL ,
+.BR PR_GET_TAGGED_ADDR_CTRL ,
.BR PR_GET_THP_DISABLE ,
-.BR PR_CAPBSET_READ ,
.BR PR_GET_TIMING ,
.BR PR_GET_TIMERSLACK ,
-.BR PR_GET_SECUREBITS ,
-.BR PR_MCE_KILL_GET ,
-.BR PR_CAP_AMBIENT + PR_CAP_AMBIENT_IS_SET ,
and (if it returns)
-.BR PR_GET_SECCOMP
+.B PR_GET_SECCOMP
return the nonnegative values described above.
All other
.I option
values return 0 on success.
On error, \-1 is returned, and
.I errno
-is set appropriately.
+is set to indicate the error.
.SH ERRORS
.TP
.B EACCES
.I option
is
-.BR PR_SET_SECCOMP
+.B PR_SET_SECCOMP
and
.I arg2
is
.BR SECCOMP_MODE_FILTER ,
but the process does not have the
-.BR CAP_SYS_ADMIN
+.B CAP_SYS_ADMIN
capability or has not set the
-.IR no_new_privs
+.I no_new_privs
attribute (see the discussion of
-.BR PR_SET_NO_NEW_PRIVS
+.B PR_SET_NO_NEW_PRIVS
above).
.TP
.B EACCES
is
.BR PR_SET_MM_EXE_FILE ,
and this the second attempt to change the
-.I /proc/pid/exe
+.IR /proc/ pid /exe
symbolic link, which is prohibited.
.TP
.B EFAULT
.I arg3
is an invalid address.
.TP
+.B EFAULT
+.I option
+is
+.B PR_SET_SYSCALL_USER_DISPATCH
+and
+.I arg5
+has an invalid address.
+.TP
.B EINVAL
The value of
.I option
-is not recognized.
+is not recognized,
+or not supported on this system.
.TP
.B EINVAL
.I option
is
-.BR PR_MCE_KILL
+.B PR_MCE_KILL
or
-.BR PR_MCE_KILL_GET
+.B PR_MCE_KILL_GET
or
.BR PR_SET_MM ,
and unused
.B EINVAL
.I option
is
-.BR PR_SET_SECCOMP
+.B PR_SET_SECCOMP
or
.BR PR_GET_SECCOMP ,
and the kernel was not configured with
.BR PR_SET_MM ,
and one of the following is true
.RS
-.IP * 3
+.IP \(bu 3
.I arg4
or
.I arg5
is nonzero;
-.IP *
+.IP \(bu
.I arg3
is greater than
.B TASK_SIZE
(the limit on the size of the user address space for this architecture);
-.IP *
+.IP \(bu
.I arg2
is
.BR PR_SET_MM_START_CODE ,
or
.BR PR_SET_MM_START_STACK ,
and the permissions of the corresponding memory area are not as required;
-.IP *
+.IP \(bu
.I arg2
is
-.BR PR_SET_MM_START_BRK
+.B PR_SET_MM_START_BRK
or
.BR PR_SET_MM_BRK ,
and
.B EINVAL
.I option
is
-.BR PR_SET_PTRACER
+.B PR_SET_PTRACER
and
.I arg2
is not 0,
.B EINVAL
.I option
is
-.BR PR_SET_DUMPABLE
+.B PR_SET_DUMPABLE
and
.I arg2
is neither
.B EINVAL
.I option
is
-.BR PR_SET_TIMING
+.B PR_SET_TIMING
and
.I arg2
is not
.B EINVAL
.I option
is
-.BR PR_SET_NO_NEW_PRIVS
+.B PR_SET_NO_NEW_PRIVS
and
.I arg2
is not equal to 1
.IR arg3 ,
.IR arg4 ,
or
-.IR arg5
+.I arg5
is nonzero.
.TP
.B EINVAL
.I option
is
-.BR PR_GET_NO_NEW_PRIVS
+.B PR_GET_NO_NEW_PRIVS
and
.IR arg2 ,
.IR arg3 ,
.IR arg4 ,
or
-.IR arg5
+.I arg5
is nonzero.
.TP
.B EINVAL
.I option
is
-.BR PR_SET_THP_DISABLE
+.B PR_SET_THP_DISABLE
and
.IR arg3 ,
.IR arg4 ,
or
-.IR arg5
+.I arg5
is nonzero.
.TP
.B EINVAL
.I option
is
-.BR PR_GET_THP_DISABLE
+.B PR_GET_THP_DISABLE
and
.IR arg2 ,
.IR arg3 ,
.IR arg4 ,
or
-.IR arg5
+.I arg5
is nonzero.
.TP
.B EINVAL
.BR PR_CAP_AMBIENT_CLEAR_ALL ,
.IR arg3 )
is nonzero; or
-.IR arg2
+.I arg2
has an invalid value;
or
-.IR arg2
+.I arg2
is
.BR PR_CAP_AMBIENT_LOWER ,
.BR PR_CAP_AMBIENT_RAISE ,
or
-.BR PR_CAP_AMBIENT_IS_SET
+.B PR_CAP_AMBIENT_IS_SET
and
-.IR arg3
+.I arg3
does not specify a valid capability.
.TP
+.B EINVAL
+.I option
+was
+.B PR_GET_SPECULATION_CTRL
+or
+.B PR_SET_SPECULATION_CTRL
+and unused arguments to
+.BR prctl ()
+are not 0.
+.B EINVAL
+.I option
+is
+.B PR_PAC_RESET_KEYS
+and the arguments are invalid or unsupported.
+See the description of
+.B PR_PAC_RESET_KEYS
+above for details.
+.TP
+.B EINVAL
+.I option
+is
+.B PR_SVE_SET_VL
+and the arguments are invalid or unsupported,
+or SVE is not available on this platform.
+See the description of
+.B PR_SVE_SET_VL
+above for details.
+.TP
+.B EINVAL
+.I option
+is
+.B PR_SVE_GET_VL
+and SVE is not available on this platform.
+.TP
+.B EINVAL
+.I option
+is
+.B PR_SET_SYSCALL_USER_DISPATCH
+and one of the following is true:
+.RS
+.IP \(bu 3
+.I arg2
+is
+.B PR_SYS_DISPATCH_OFF
+and the remaining arguments are not 0;
+.IP \(bu
+.I arg2
+is
+.B PR_SYS_DISPATCH_ON
+and the memory range specified is outside the
+address space of the process.
+.IP \(bu
+.I arg2
+is invalid.
+.RE
+.TP
+.B EINVAL
+.I option
+is
+.B PR_SET_TAGGED_ADDR_CTRL
+and the arguments are invalid or unsupported.
+See the description of
+.B PR_SET_TAGGED_ADDR_CTRL
+above for details.
+.TP
+.B EINVAL
+.I option
+is
+.B PR_GET_TAGGED_ADDR_CTRL
+and the arguments are invalid or unsupported.
+See the description of
+.B PR_GET_TAGGED_ADDR_CTRL
+above for details.
+.TP
.B ENODEV
.I option
was
-.BR PR_SET_SPECULATION_CTRL
+.B PR_SET_SPECULATION_CTRL
the kernel or CPU does not support the requested speculation misfeature.
.TP
.B ENXIO
.I option
was
-.BR PR_MPX_ENABLE_MANAGEMENT
+.B PR_MPX_ENABLE_MANAGEMENT
or
-.BR PR_MPX_DISABLE_MANAGEMENT
+.B PR_MPX_DISABLE_MANAGEMENT
and the kernel or the CPU does not support MPX management.
Check that the kernel and processor have MPX support.
.TP
.B ENXIO
.I option
was
-.BR PR_SET_SPECULATION_CTRL
+.B PR_SET_SPECULATION_CTRL
implies that the control of the selected speculation misfeature is not possible.
See
-.BR PR_GET_SPECULATION_CTRL
+.B PR_GET_SPECULATION_CTRL
for the bit fields to determine which option is available.
.TP
.B EOPNOTSUPP
.B EPERM
.I option
is
-.BR PR_SET_SPECULATION_CTRL
+.B PR_SET_SPECULATION_CTRL
wherein the speculation was disabled with
.B PR_SPEC_FORCE_DISABLE
and caller tried to enable it again.
capability.
.TP
.B EPERM
-.IR option
+.I option
is
-.BR PR_CAP_AMBIENT
+.B PR_CAP_AMBIENT
and
-.IR arg2
+.I arg2
is
.BR PR_CAP_AMBIENT_RAISE ,
but either the capability specified in
-.IR arg3
+.I arg3
is not present in the process's permitted and inheritable capability sets,
or the
.B PR_CAP_AMBIENT_LOWER
.B ERANGE
.I option
was
-.BR PR_SET_SPECULATION_CTRL
+.B PR_SET_SPECULATION_CTRL
and
-.IR arg3
-is neither
+.I arg3
+is not
.BR PR_SPEC_ENABLE ,
.BR PR_SPEC_DISABLE ,
+.BR PR_SPEC_FORCE_DISABLE ,
nor
-.BR PR_SPEC_FORCE_DISABLE .
-.TP
-.B EINVAL
-.I option
-was
-.BR PR_GET_SPECULATION_CTRL
-or
-.BR PR_SET_SPECULATION_CTRL
-and unused arguments to
-.BR prctl ()
-are not 0.
+.BR PR_SPEC_DISABLE_NOEXEC .
.SH VERSIONS
The
.BR prctl ()
system call was introduced in Linux 2.1.57.
.\" The library interface was added in glibc 2.0.6
-.SH CONFORMING TO
+.SH STANDARDS
This call is Linux-specific.
IRIX has a
.BR prctl ()
projects / thirdparty / man-pages.git / blobdiff