198944Sobrien/*-
298944Sobrien * SPDX-License-Identifier: BSD-2-Clause
398944Sobrien *
498944Sobrien * Copyright (c) 2013 Hudson River Trading LLC
598944Sobrien * Copyright (c) 2014, 2016 The FreeBSD Foundation
698944Sobrien * Written by: John H. Baldwin <jhb@FreeBSD.org>
798944Sobrien * All rights reserved.
898944Sobrien *
998944Sobrien * Portions of this software were developed by Konstantin Belousov
1098944Sobrien * under sponsorship from the FreeBSD Foundation.
1198944Sobrien *
1298944Sobrien * Redistribution and use in source and binary forms, with or without
1398944Sobrien * modification, are permitted provided that the following conditions
1498944Sobrien * are met:
1598944Sobrien * 1. Redistributions of source code must retain the above copyright
1698944Sobrien *    notice, this list of conditions and the following disclaimer.
1798944Sobrien * 2. Redistributions in binary form must reproduce the above copyright
1898944Sobrien *    notice, this list of conditions and the following disclaimer in the
1998944Sobrien *    documentation and/or other materials provided with the distribution.
2098944Sobrien *
2198944Sobrien * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
2298944Sobrien * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
2398944Sobrien * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
2498944Sobrien * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
2598944Sobrien * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
2698944Sobrien * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
2798944Sobrien * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
2898944Sobrien * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
2998944Sobrien * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
3098944Sobrien * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
3198944Sobrien * SUCH DAMAGE.
3298944Sobrien */
3398944Sobrien
3498944Sobrien#ifndef	_SYS_PROCCTL_H_
3598944Sobrien#define	_SYS_PROCCTL_H_
3698944Sobrien
3798944Sobrien#ifndef _KERNEL
3898944Sobrien#include <sys/types.h>
3998944Sobrien#include <sys/wait.h>
4098944Sobrien#endif
4198944Sobrien
4298944Sobrien/* MD PROCCTL verbs start at 0x10000000 */
4398944Sobrien#define	PROC_PROCCTL_MD_MIN	0x10000000
4498944Sobrien#include <machine/procctl.h>
4598944Sobrien
4698944Sobrien#define	PROC_SPROTECT		1	/* set protected state */
4798944Sobrien#define	PROC_REAP_ACQUIRE	2	/* reaping enable */
4898944Sobrien#define	PROC_REAP_RELEASE	3	/* reaping disable */
4998944Sobrien#define	PROC_REAP_STATUS	4	/* reaping status */
5098944Sobrien#define	PROC_REAP_GETPIDS	5	/* get descendants */
5198944Sobrien#define	PROC_REAP_KILL		6	/* kill descendants */
5298944Sobrien#define	PROC_TRACE_CTL		7	/* en/dis ptrace and coredumps */
5398944Sobrien#define	PROC_TRACE_STATUS	8	/* query tracing status */
5498944Sobrien#define	PROC_TRAPCAP_CTL	9	/* trap capability errors */
5598944Sobrien#define	PROC_TRAPCAP_STATUS	10	/* query trap capability status */
5698944Sobrien#define	PROC_PDEATHSIG_CTL	11	/* set parent death signal */
5798944Sobrien#define	PROC_PDEATHSIG_STATUS	12	/* get parent death signal */
5898944Sobrien#define	PROC_ASLR_CTL		13	/* en/dis ASLR */
5998944Sobrien#define	PROC_ASLR_STATUS	14	/* query ASLR status */
6098944Sobrien#define	PROC_PROTMAX_CTL	15	/* en/dis implicit PROT_MAX */
6198944Sobrien#define	PROC_PROTMAX_STATUS	16	/* query implicit PROT_MAX status */
6298944Sobrien#define	PROC_STACKGAP_CTL	17	/* en/dis stack gap on MAP_STACK */
6398944Sobrien#define	PROC_STACKGAP_STATUS	18	/* query stack gap */
6498944Sobrien#define	PROC_NO_NEW_PRIVS_CTL	19	/* disable setuid/setgid */
6598944Sobrien#define	PROC_NO_NEW_PRIVS_STATUS 20	/* query suid/sgid disabled status */
6698944Sobrien#define	PROC_WXMAP_CTL		21	/* control W^X */
6798944Sobrien#define	PROC_WXMAP_STATUS	22	/* query W^X */
6898944Sobrien
6998944Sobrien/* Operations for PROC_SPROTECT (passed in integer arg). */
7098944Sobrien#define	PPROT_OP(x)	((x) & 0xf)
7198944Sobrien#define	PPROT_SET	1
7298944Sobrien#define	PPROT_CLEAR	2
7398944Sobrien
7498944Sobrien/* Flags for PROC_SPROTECT (ORed in with operation). */
7598944Sobrien#define	PPROT_FLAGS(x)	((x) & ~0xf)
7698944Sobrien#define	PPROT_DESCEND	0x10
7798944Sobrien#define	PPROT_INHERIT	0x20
7898944Sobrien
7998944Sobrien/* Result of PREAP_STATUS (returned by value). */
8098944Sobrienstruct procctl_reaper_status {
8198944Sobrien	u_int	rs_flags;
8298944Sobrien	u_int	rs_children;
8398944Sobrien	u_int	rs_descendants;
8498944Sobrien	pid_t	rs_reaper;
8598944Sobrien	pid_t	rs_pid;
8698944Sobrien	u_int	rs_pad0[15];
8798944Sobrien};
8898944Sobrien
8998944Sobrien/* struct procctl_reaper_status rs_flags */
9098944Sobrien#define	REAPER_STATUS_OWNED	0x00000001
9198944Sobrien#define	REAPER_STATUS_REALINIT	0x00000002
9298944Sobrien
9398944Sobrienstruct procctl_reaper_pidinfo {
9498944Sobrien	pid_t	pi_pid;
9598944Sobrien	pid_t	pi_subtree;
9698944Sobrien	u_int	pi_flags;
9798944Sobrien	u_int	pi_pad0[15];
9898944Sobrien};
9998944Sobrien
10098944Sobrien#define	REAPER_PIDINFO_VALID	0x00000001
10198944Sobrien#define	REAPER_PIDINFO_CHILD	0x00000002
10298944Sobrien#define	REAPER_PIDINFO_REAPER	0x00000004
10398944Sobrien#define	REAPER_PIDINFO_ZOMBIE	0x00000008
10498944Sobrien#define	REAPER_PIDINFO_STOPPED	0x00000010
10598944Sobrien#define	REAPER_PIDINFO_EXITING	0x00000020
10698944Sobrien
10798944Sobrienstruct procctl_reaper_pids {
10898944Sobrien	u_int	rp_count;
10998944Sobrien	u_int	rp_pad0[15];
11098944Sobrien	struct procctl_reaper_pidinfo *rp_pids;
11198944Sobrien};
11298944Sobrien
11398944Sobrienstruct procctl_reaper_kill {
11498944Sobrien	int	rk_sig;		/* in  - signal to send */
11598944Sobrien	u_int	rk_flags;	/* in  - REAPER_KILL flags */
11698944Sobrien	pid_t	rk_subtree;	/* in  - subtree, if REAPER_KILL_SUBTREE */
11798944Sobrien	u_int	rk_killed;	/* out - count of processes successfully
11898944Sobrien				   killed */
11998944Sobrien	pid_t	rk_fpid;	/* out - first failed pid for which error
12098944Sobrien				   is returned */
12198944Sobrien	u_int	rk_pad0[15];
12298944Sobrien};
12398944Sobrien
12498944Sobrien#define	REAPER_KILL_CHILDREN	0x00000001
12598944Sobrien#define	REAPER_KILL_SUBTREE	0x00000002
12698944Sobrien
12798944Sobrien#define	PROC_TRACE_CTL_ENABLE		1
12898944Sobrien#define	PROC_TRACE_CTL_DISABLE		2
12998944Sobrien#define	PROC_TRACE_CTL_DISABLE_EXEC	3
13098944Sobrien
13198944Sobrien#define	PROC_TRAPCAP_CTL_ENABLE		1
13298944Sobrien#define	PROC_TRAPCAP_CTL_DISABLE	2
13398944Sobrien
13498944Sobrien#define	PROC_ASLR_FORCE_ENABLE		1
13598944Sobrien#define	PROC_ASLR_FORCE_DISABLE		2
13698944Sobrien#define	PROC_ASLR_NOFORCE		3
13798944Sobrien#define	PROC_ASLR_ACTIVE		0x80000000
13898944Sobrien
13998944Sobrien#define	PROC_PROTMAX_FORCE_ENABLE	1
14098944Sobrien#define	PROC_PROTMAX_FORCE_DISABLE	2
14198944Sobrien#define	PROC_PROTMAX_NOFORCE		3
14298944Sobrien#define	PROC_PROTMAX_ACTIVE		0x80000000
14398944Sobrien
14498944Sobrien#define	PROC_STACKGAP_ENABLE		0x0001
14598944Sobrien#define	PROC_STACKGAP_DISABLE		0x0002
14698944Sobrien#define	PROC_STACKGAP_ENABLE_EXEC	0x0004
14798944Sobrien#define	PROC_STACKGAP_DISABLE_EXEC	0x0008
14898944Sobrien
14998944Sobrien#define	PROC_NO_NEW_PRIVS_ENABLE	1
15098944Sobrien#define	PROC_NO_NEW_PRIVS_DISABLE	2
15198944Sobrien
15298944Sobrien#define	PROC_WX_MAPPINGS_PERMIT		0x0001
15398944Sobrien#define	PROC_WX_MAPPINGS_DISALLOW_EXEC	0x0002
15498944Sobrien#define	PROC_WXORX_ENFORCE		0x80000000
15598944Sobrien
15698944Sobrien#ifndef _KERNEL
15798944Sobrien__BEGIN_DECLS
15898944Sobrienint	procctl(idtype_t, id_t, int, void *);
15998944Sobrien__END_DECLS
16098944Sobrien
16198944Sobrien#endif
16298944Sobrien
16398944Sobrien#endif /* !_SYS_PROCCTL_H_ */
16498944Sobrien