PR_SET_SYSCALL_USER_DISPATCH(2const) PR_SET_SYSCALL_USER_DISPATCH(2const)

PR_SET_SYSCALL_USER_DISPATCH - set the system-call user dispatch mechanism for the calling thread

Standard C library (libc, -lc)

#include <linux/prctl.h>  /* Definition of PR_* constants */
#include <sys/prctl.h>
int prctl(PR_SET_SYSCALL_USER_DISPATCH, long op, ...);
int prctl(PR_SET_SYSCALL_USER_DISPATCH, PR_SYS_DISPATCH_ON,
          unsigned long off, unsigned long size, int8_t *switch);
int prctl(PR_SET_SYSCALL_USER_DISPATCH, PR_SYS_DISPATCH_OFF, 0L, 0L, 0L);

Configure the Syscall User Dispatch mechanism for the calling thread. This mechanism allows an application to selectively intercept system calls so that they can be handled within the application itself. Interception takes the form of a thread-directed SIGSYS signal that is delivered to the thread when it makes a system call. If intercepted, the system call is not executed by the kernel.

Enable this mechanism.
Once enabled, further system calls will be selectively intercepted, depending on a control variable provided by user space. In this case, off and size respectively identify the offset and size of a single contiguous memory region in the process address space from where system calls are always allowed to be executed, regardless of the control variable. (Typically, this area would include the area of memory containing the C library.)
switch points to a variable that is a fast switch to allow/block system call execution without the overhead of doing another system call to re-configure Syscall User Dispatch. This control variable can either be set to SYSCALL_DISPATCH_FILTER_BLOCK to block system calls from executing or to SYSCALL_DISPATCH_FILTER_ALLOW to temporarily allow them to be executed. This value is checked by the kernel on every system call entry, and any unexpected value will raise an uncatchable SIGSYS at that time, killing the application.
When a system call is intercepted, the kernel sends a thread-directed SIGSYS signal to the triggering thread. Various fields will be set in the siginfo_t structure (see sigaction(2)) associated with the signal:
si_signo will contain SIGSYS.
si_call_addr will show the address of the system call instruction.
si_syscall and si_arch will indicate which system call was attempted.
si_code will contain SYS_USER_DISPATCH.
si_errno will be set to 0.
The program counter will be as though the system call happened (i.e., the program counter will not point to the system call instruction).
When the signal handler returns to the kernel, the system call completes immediately and returns to the calling thread, without actually being executed. If necessary (i.e., when emulating the system call on user space.), the signal handler should set the system call return value to a sane value, by modifying the register context stored in the ucontext argument of the signal handler. See sigaction(2), sigreturn(2), and getcontext(3) for more information.
Syscall User Dispatch is disabled for that thread.

The setting is not preserved across fork(2), clone(2), or execve(2).

On success, 0 is returned. On error, -1 is returned, and errno is set to indicate the error.

switch is an invalid address.
op is PR_SYS_DISPATCH_ON and the memory range specified is outside the address space of the process.
op is invalid.

Linux. x86 only.

Linux 5.11 (x86).

prctl(2)

For more information, see the kernel source file Documentation/admin-guide/syscall-user-dispatch.rst

2024-06-01 Linux man-pages 6.9.1