pkey_alloc, pkey_free - allocate or free a protection key
Standard C library (
libc,
-lc)
#define _GNU_SOURCE /* See feature_test_macros(7) */
#include <sys/mman.h>
int pkey_alloc(unsigned int flags, unsigned int access_rights);
int pkey_free(int pkey);
pkey_alloc() allocates a protection key (pkey) and allows it to be passed
to
pkey_mprotect(2).
The
pkey_alloc()
flags is reserved for future use and currently
must always be specified as 0.
The
pkey_alloc()
access_rights argument may contain zero or more
disable operations:
- PKEY_DISABLE_ACCESS
- Disable all data access to memory covered by the returned
protection key.
- PKEY_DISABLE_WRITE
- Disable write access to memory covered by the returned
protection key.
pkey_free() frees a protection key and makes it available for later
allocations. After a protection key has been freed, it may no longer be used
in any protection-key-related operations.
An application should not call
pkey_free() on any protection key which
has been assigned to an address range by
pkey_mprotect(2) and which is
still in use. The behavior in this case is undefined and may result in an
error.
On success,
pkey_alloc() returns a positive protection key value. On
success,
pkey_free() returns zero. On error, -1 is returned, and
errno is set to indicate the error.
- EINVAL
-
pkey, flags, or access_rights is
invalid.
- ENOSPC
- (pkey_alloc()) All protection keys available for the
current process have been allocated. The number of keys available is
architecture-specific and implementation-specific and may be reduced by
kernel-internal use of certain keys. There are currently 15 keys available
to user programs on x86.
- This error will also be returned if the processor or
operating system does not support protection keys. Applications should
always be prepared to handle this error, since factors outside of the
application's control can reduce the number of available pkeys.
pkey_alloc() and
pkey_free() were added in Linux 4.9; library
support was added in glibc 2.27.
The
pkey_alloc() and
pkey_free() system calls are Linux-specific.
pkey_alloc() is always safe to call regardless of whether or not the
operating system supports protection keys. It can be used in lieu of any other
mechanism for detecting pkey support and will simply fail with the error
ENOSPC if the operating system has no pkey support.
The kernel guarantees that the contents of the hardware rights register (PKRU)
will be preserved only for allocated protection keys. Any time a key is
unallocated (either before the first call returning that key from
pkey_alloc() or after it is freed via
pkey_free()), the kernel
may make arbitrary changes to the parts of the rights register affecting
access to that key.
See
pkeys(7).
pkey_mprotect(2),
pkeys(7)