1/*-
  2 * SPDX-License-Identifier: BSD-2-Clause
  3 *
  4 * Copyright (c) 2013 Hudson River Trading LLC
  5 * Copyright (c) 2014, 2016 The FreeBSD Foundation
  6 * Written by: John H. Baldwin <jhb@FreeBSD.org>
  7 * All rights reserved.
  8 *
  9 * Portions of this software were developed by Konstantin Belousov
 10 * under sponsorship from the FreeBSD Foundation.
 11 *
 12 * Redistribution and use in source and binary forms, with or without
 13 * modification, are permitted provided that the following conditions
 14 * are met:
 15 * 1. Redistributions of source code must retain the above copyright
 16 *    notice, this list of conditions and the following disclaimer.
 17 * 2. Redistributions in binary form must reproduce the above copyright
 18 *    notice, this list of conditions and the following disclaimer in the
 19 *    documentation and/or other materials provided with the distribution.
 20 *
 21 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 24 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 31 * SUCH DAMAGE.
 32 */
 33
 34#ifndef	_SYS_PROCCTL_H_
 35#define	_SYS_PROCCTL_H_
 36
 37#ifndef _KERNEL
 38#include <sys/types.h>
 39#include <sys/wait.h>
 40#endif
 41
 42/* MD PROCCTL verbs start at 0x10000000 */
 43#define	PROC_PROCCTL_MD_MIN	0x10000000
 44#include <machine/procctl.h>
 45
 46#define	PROC_SPROTECT		1	/* set protected state */
 47#define	PROC_REAP_ACQUIRE	2	/* reaping enable */
 48#define	PROC_REAP_RELEASE	3	/* reaping disable */
 49#define	PROC_REAP_STATUS	4	/* reaping status */
 50#define	PROC_REAP_GETPIDS	5	/* get descendants */
 51#define	PROC_REAP_KILL		6	/* kill descendants */
 52#define	PROC_TRACE_CTL		7	/* en/dis ptrace and coredumps */
 53#define	PROC_TRACE_STATUS	8	/* query tracing status */
 54#define	PROC_TRAPCAP_CTL	9	/* trap capability errors */
 55#define	PROC_TRAPCAP_STATUS	10	/* query trap capability status */
 56#define	PROC_PDEATHSIG_CTL	11	/* set parent death signal */
 57#define	PROC_PDEATHSIG_STATUS	12	/* get parent death signal */
 58#define	PROC_ASLR_CTL		13	/* en/dis ASLR */
 59#define	PROC_ASLR_STATUS	14	/* query ASLR status */
 60#define	PROC_PROTMAX_CTL	15	/* en/dis implicit PROT_MAX */
 61#define	PROC_PROTMAX_STATUS	16	/* query implicit PROT_MAX status */
 62#define	PROC_STACKGAP_CTL	17	/* en/dis stack gap on MAP_STACK */
 63#define	PROC_STACKGAP_STATUS	18	/* query stack gap */
 64#define	PROC_NO_NEW_PRIVS_CTL	19	/* disable setuid/setgid */
 65#define	PROC_NO_NEW_PRIVS_STATUS 20	/* query suid/sgid disabled status */
 66#define	PROC_WXMAP_CTL		21	/* control W^X */
 67#define	PROC_WXMAP_STATUS	22	/* query W^X */
 68
 69/* Operations for PROC_SPROTECT (passed in integer arg). */
 70#define	PPROT_OP(x)	((x) & 0xf)
 71#define	PPROT_SET	1
 72#define	PPROT_CLEAR	2
 73
 74/* Flags for PROC_SPROTECT (ORed in with operation). */
 75#define	PPROT_FLAGS(x)	((x) & ~0xf)
 76#define	PPROT_DESCEND	0x10
 77#define	PPROT_INHERIT	0x20
 78
 79/* Result of PREAP_STATUS (returned by value). */
 80struct procctl_reaper_status {
 81	u_int	rs_flags;
 82	u_int	rs_children;
 83	u_int	rs_descendants;
 84	pid_t	rs_reaper;
 85	pid_t	rs_pid;
 86	u_int	rs_pad0[15];
 87};
 88
 89/* struct procctl_reaper_status rs_flags */
 90#define	REAPER_STATUS_OWNED	0x00000001
 91#define	REAPER_STATUS_REALINIT	0x00000002
 92
 93struct procctl_reaper_pidinfo {
 94	pid_t	pi_pid;
 95	pid_t	pi_subtree;
 96	u_int	pi_flags;
 97	u_int	pi_pad0[15];
 98};
 99
100#define	REAPER_PIDINFO_VALID	0x00000001
101#define	REAPER_PIDINFO_CHILD	0x00000002
102#define	REAPER_PIDINFO_REAPER	0x00000004
103#define	REAPER_PIDINFO_ZOMBIE	0x00000008
104#define	REAPER_PIDINFO_STOPPED	0x00000010
105#define	REAPER_PIDINFO_EXITING	0x00000020
106
107struct procctl_reaper_pids {
108	u_int	rp_count;
109	u_int	rp_pad0[15];
110	struct procctl_reaper_pidinfo *rp_pids;
111};
112
113struct procctl_reaper_kill {
114	int	rk_sig;		/* in  - signal to send */
115	u_int	rk_flags;	/* in  - REAPER_KILL flags */
116	pid_t	rk_subtree;	/* in  - subtree, if REAPER_KILL_SUBTREE */
117	u_int	rk_killed;	/* out - count of processes successfully
118				   killed */
119	pid_t	rk_fpid;	/* out - first failed pid for which error
120				   is returned */
121	u_int	rk_pad0[15];
122};
123
124#define	REAPER_KILL_CHILDREN	0x00000001
125#define	REAPER_KILL_SUBTREE	0x00000002
126
127#define	PROC_TRACE_CTL_ENABLE		1
128#define	PROC_TRACE_CTL_DISABLE		2
129#define	PROC_TRACE_CTL_DISABLE_EXEC	3
130
131#define	PROC_TRAPCAP_CTL_ENABLE		1
132#define	PROC_TRAPCAP_CTL_DISABLE	2
133
134#define	PROC_ASLR_FORCE_ENABLE		1
135#define	PROC_ASLR_FORCE_DISABLE		2
136#define	PROC_ASLR_NOFORCE		3
137#define	PROC_ASLR_ACTIVE		0x80000000
138
139#define	PROC_PROTMAX_FORCE_ENABLE	1
140#define	PROC_PROTMAX_FORCE_DISABLE	2
141#define	PROC_PROTMAX_NOFORCE		3
142#define	PROC_PROTMAX_ACTIVE		0x80000000
143
144#define	PROC_STACKGAP_ENABLE		0x0001
145#define	PROC_STACKGAP_DISABLE		0x0002
146#define	PROC_STACKGAP_ENABLE_EXEC	0x0004
147#define	PROC_STACKGAP_DISABLE_EXEC	0x0008
148
149#define	PROC_NO_NEW_PRIVS_ENABLE	1
150#define	PROC_NO_NEW_PRIVS_DISABLE	2
151
152#define	PROC_WX_MAPPINGS_PERMIT		0x0001
153#define	PROC_WX_MAPPINGS_DISALLOW_EXEC	0x0002
154#define	PROC_WXORX_ENFORCE		0x80000000
155
156#ifndef _KERNEL
157__BEGIN_DECLS
158int	procctl(idtype_t, id_t, int, void *);
159__END_DECLS
160
161#endif
162
163#endif /* !_SYS_PROCCTL_H_ */