1 .\" Copyright (c) 2013 Hudson River Trading LLC
2 .\" Written by: John H. Baldwin <jhb@FreeBSD.org>
3 .\" All rights reserved.
5 .\" Copyright (c) 2014 The FreeBSD Foundation
6 .\" Portions of this documentation were written by Konstantin Belousov
7 .\" under sponsorship from the FreeBSD Foundation.
9 .\" Redistribution and use in source and binary forms, with or without
10 .\" modification, are permitted provided that the following conditions
12 .\" 1. Redistributions of source code must retain the above copyright
13 .\" notice, this list of conditions and the following disclaimer.
14 .\" 2. Redistributions in binary form must reproduce the above copyright
15 .\" notice, this list of conditions and the following disclaimer in the
16 .\" documentation and/or other materials provided with the distribution.
18 .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
19 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
22 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
23 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
24 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
25 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
26 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
27 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
43 .Fn procctl "idtype_t idtype" "id_t id" "int cmd" "void *arg"
47 system call provides for control over processes.
52 arguments specify the set of processes to control.
53 If multiple processes match the identifier,
57 to control as many of the selected processes as possible.
58 An error is only returned if no selected processes successfully complete
60 The following identifier types are supported:
61 .Bl -tag -width "Dv P_PGID"
63 Control the process with the process ID
66 Control processes belonging to the process group with the ID
70 The control request to perform is specified by the
73 The following commands are supported:
74 .Bl -tag -width "Dv PROC_REAP_GETPIDS"
76 Set process protection state.
77 This is used to mark a process as protected from being killed if the system
78 exhausts available memory and swap.
81 parameter must point to an integer containing an operation and zero or more
83 The following operations are supported:
84 .Bl -tag -width "Dv PPROT_CLEAR"
86 Mark the selected processes as protected.
88 Clear the protected state of selected processes.
91 The following optional flags are supported:
92 .Bl -tag -width "Dv PPROT_DESCE"
94 Apply the requested operation to all child processes of each selected process
95 in addition to each selected process.
99 mark all future child processes of each selected process as protected.
100 Future child processes will also mark all of their future child processes.
102 .It Dv PROC_REAP_ACQUIRE
103 Acquires the reaper status for the current process.
104 The status means that children orphaned by the reaper's descendants
105 that were forked after the acquisition of the status are reparented to the
107 After the system initialization,
109 is the default reaper.
111 .It Dv PROC_REAP_RELEASE
112 Releases the reaper state for the current process.
113 The reaper of the current process becomes the new reaper of the
114 current process's descendants.
115 .It Dv PROC_REAP_STATUS
116 Provides the information about the reaper of the specified process,
117 or the process itself when it is a reaper.
120 argument must point to a
121 .Vt procctl_reaper_status
122 structure which is filled in by the syscall on successful return.
124 struct procctl_reaper_status {
127 u_int rs_descendants;
134 may have the following flags returned:
135 .Bl -tag -width "Dv REAPER_STATUS_REALINIT"
136 .It Dv REAPER_STATUS_OWNED
137 The specified process has acquired the reaper status and has not
139 When the flag is returned, the specified process
141 pid, identifies the reaper, otherwise the
143 field of the structure is set to the pid of the reaper
144 for the specified process id.
145 .It Dv REAPER_STATUS_REALINIT
146 The specified process is the root of the reaper tree, i.e.
151 field returns the number of children of the reaper among the descendands.
152 It is possible to have a child which reaper is not the specified process,
153 since the reaper for the existing children is not reset on the
154 .Dv PROC_REAP_ACQUIRE
158 field returns the total number of descendants of the reaper(s),
159 not counting descendants of the reaper in the subtree.
162 field returns the reaper pid.
165 returns the pid of one reaper child if there are any descendants.
166 .It Dv PROC_REAP_GETPIDS
167 Queries the list of descendants of the reaper of the specified process.
168 The request takes a pointer to a
169 .Vt procctl_reaper_pids
174 struct procctl_reaper_pids {
176 struct procctl_reaper_pidinfo *rp_pids;
181 field must point to an array of
182 .Vt procctl_reaper_pidinfo
183 structures, to be filled in on return,
186 field must specify the size of the array,
187 into which no more than
189 elements will be filled in by the kernel.
192 .Vt "struct procctl_reaper_pidinfo"
193 structure provides some information about one of the reaper's descendants.
194 Note that for a descendant that is not a child, it may be incorrectly
195 identified because of a race in which the original child process exited
196 and the exited process's pid was reused for an unrelated process.
198 struct procctl_reaper_pidinfo {
206 field is the process id of the descendant.
209 field provides the pid of the child of the reaper, which is the (grand-)parent
213 field returns the following flags, further describing the descendant:
214 .Bl -tag -width "Dv REAPER_PIDINFO_REAPER"
215 .It Dv REAPER_PIDINFO_VALID
216 Set to indicate that the
217 .Vt procctl_reaper_pidinfo
218 structure was filled in by the kernel.
221 array and testing the
222 .Dv REAPER_PIDINFO_VALID
223 flag allows the caller to detect the end
224 of the returned array.
225 .It Dv REAPER_PIDINFO_CHILD
228 field identifies the direct child of the reaper.
229 .It Dv REAPER_PIDINFO_REAPER
230 The reported process is itself a reaper.
231 The descendants of the subordinate reaper are not reported.
233 .It Dv PROC_REAP_KILL
234 Request to deliver a signal to some subset of the descendants of the reaper.
237 parameter must point to a
238 .Vt procctl_reaper_kill
239 structure, which is used both for parameters and status return.
241 struct procctl_reaper_kill {
251 field specifies the signal to be delivered.
252 Zero is not a valid signal number, unlike
256 field further directs the operation.
257 It is or-ed from the following flags:
258 .Bl -tag -width "Dv REAPER_KILL_CHILDREN"
259 .It Dv REAPER_KILL_CHILDREN
260 Deliver the specified signal only to direct children of the reaper.
261 .It Dv REAPER_KILL_SUBTREE
262 Deliver the specified signal only to descendants that were forked by
263 the direct child with pid specified in the
268 .Dv REAPER_KILL_CHILDREN
270 .Dv REAPER_KILL_SUBTREE
271 flags are specified, all current descendants of the reaper are signalled.
273 If a signal was delivered to any process, the return value from the request
277 field identifies the number of processes signalled.
280 field is set to the pid of the first process for which signal
281 delivery failed, e.g. due to the permission problems.
282 If no such process exist, the
285 .It Dv PROC_TRACE_CTL
286 Enable or disable tracing of the specified process(es), according to the
287 value of the integer argument.
288 Tracing includes attachment to the process using
296 Possible values for the
299 .Bl -tag -width "Dv PROC_TRACE_CTL_DISABLE_EXEC"
300 .It Dv PROC_TRACE_CTL_ENABLE
301 Enable tracing, after it was disabled by
302 .Dv PROC_TRACE_CTL_DISABLE .
303 Only allowed for self.
304 .It Dv PROC_TRACE_CTL_DISABLE
305 Disable tracing for the specified process.
306 Tracing is re-enabled when the process changes the executing
310 A child inherits the trace settings from the parent on
312 .It Dv PROC_TRACE_CTL_DISABLE_EXEC
314 .Dv PROC_TRACE_CTL_DISABLE ,
315 but the setting persist for the process even after
318 .It Dv PROC_TRACE_STATUS
319 Returns the current tracing status for the specified process in
320 the integer variable pointed to by
322 If tracing is disabled,
325 If tracing is enabled, but no debugger is attached by
330 If a debugger is attached,
332 is set to the pid of the debugger process.
335 Disabling tracing on a process should not be considered a security
336 feature, as it is bypassable both by the kernel and privileged processes,
337 and via other system mechanisms.
338 As such, it should not be relied on to reliably protect cryptographic
339 keying material or other confidential data.
341 If an error occurs, a value of -1 is returned and
343 is set to indicate the error.
353 parameter points outside the process's allocated address space.
357 argument specifies an unsupported command.
361 argument specifies an unsupported identifier type.
363 The calling process does not have permission to perform the requested
364 operation on any of the selected processes.
366 No processes matched the requested
371 An invalid operation or flag was passed in
379 argument is not equal to
383 is not equal to the pid of the calling process, for
384 .Dv PROC_REAP_ACQUIRE
386 .Dv PROC_REAP_RELEASE
389 Invalid or undefined flags were passed to a
393 An invalid or zero signal number was requested for a
398 .Dv PROC_REAP_RELEASE
399 request was issued by the
404 .Dv PROC_REAP_ACQUIRE
405 request was issued by a process that had already acquired reaper status
406 and has not yet released it.
410 request was issued for a process already being traced.
414 request to re-enable tracing of the process (
415 .Dv PROC_TRACE_CTL_ENABLE ) ,
416 or to disable persistence of the
417 .Dv PROC_TRACE_CTL_DISABLE
420 was issued for a non-current process.
422 The value of the integer
441 The reaper facility is based on a similar feature of Linux and
442 DragonflyBSD, and first appeared in