man2/pkey_alloc.2

   1 .\" Copyright (C) 2016 Intel Corporation
   2 .\"
   3 .\" %%%LICENSE_START(VERBATIM)
   4 .\" Permission is granted to make and distribute verbatim copies of this
   5 .\" manual provided the copyright notice and this permission notice are
   6 .\" preserved on all copies.
   7 .\"
   8 .\" Permission is granted to copy and distribute modified versions of this
   9 .\" manual under the conditions for verbatim copying, provided that the
  10 .\" entire resulting derived work is distributed under the terms of a
  11 .\" permission notice identical to this one.
  12 .\"
  13 .\" Since the Linux kernel and libraries are constantly changing, this
  14 .\" manual page may be incorrect or out-of-date.  The author(s) assume no
  15 .\" responsibility for errors or omissions, or for damages resulting from
  16 .\" the use of the information contained herein.  The author(s) may not
  17 .\" have taken the same level of care in the production of this manual,
  18 .\" which is licensed free of charge, as they might when working
  19 .\" professionally.
  20 .\"
  21 .\" Formatted or processed versions of this manual, if unaccompanied by
  22 .\" the source, must acknowledge the copyright and author of this work.
  23 .\" %%%LICENSE_END
  24 .\"
  25 .TH PKEY_ALLOC 2 2018-02-02 "Linux" "Linux Programmer's Manual"
  26 .SH NAME
  27 pkey_alloc, pkey_free \- allocate or free a protection key
  28 .SH SYNOPSIS
  29 .nf
  30 .B #include <sys/mman.h>
  31 .PP
  32 .BI "int pkey_alloc(unsigned int " flags ", unsigned int " access_rights ");"
  33 .BI "int pkey_free(int " pkey ");"
  34 .fi
  35 .SH DESCRIPTION
  36 .BR pkey_alloc ()
  37 allocates a protection key (pkey) and allows it to be passed to
  38 .BR pkey_mprotect (2).
  39 .PP
  40 The
  41 .BR pkey_alloc ()
  42 .I flags
  43 is reserved for future use and currently must always be specified as 0.
  44 .PP
  45 The
  46 .BR pkey_alloc ()
  47 .I access_rights
  48 .BR
  49 argument may contain zero or more disable operations:
  50 .TP
  51 .B PKEY_DISABLE_ACCESS
  52 Disable all data access to memory covered by the returned protection key.
  53 .TP
  54 .B PKEY_DISABLE_WRITE
  55 Disable write access to memory covered by the returned protection key.
  56 .PP
  57 .BR pkey_free ()
  58 frees a protection key and makes it available for later
  59 allocations.
  60 After a protection key has been freed, it may no longer be used
  61 in any protection-key-related operations.
  62 .PP
  63 An application should not call
  64 .BR pkey_free ()
  65 on any protection key which has been assigned to an address
  66 range by
  67 .BR pkey_mprotect (2)
  68 and which is still in use.
  69 The behavior in this case is undefined and may result in an error.
  70 .SH RETURN VALUE
  71 On success,
  72 .BR pkey_alloc ()
  73 returns a positive protection key value.
  74 On success,
  75 .BR pkey_free ()
  76 returns zero.
  77 On error, \-1 is returned, and
  78 .I errno
  79 is set appropriately.
  80 .SH ERRORS
  81 .TP
  82 .B EINVAL
  83 .IR pkey ,
  84 .IR flags ,
  85 or
  86 .I access_rights
  87 is invalid.
  88 .TP
  89 .B ENOSPC
  90 .RB ( pkey_alloc ())
  91 All protection keys available for the current process have
  92 been allocated.
  93 The number of keys available is architecture-specific and
  94 implementation-specific and may be reduced by kernel-internal use
  95 of certain keys.
  96 There are currently 15 keys available to user programs on x86.
  97 .IP
  98 This error will also be returned if the processor or operating system
  99 does not support protection keys.
 100 Applications should always be prepared to handle this error, since
 101 factors outside of the application's control can reduce the number
 102 of available pkeys.
 103 .SH VERSIONS
 104 .BR pkey_alloc ()
 105 and
 106 .BR pkey_free ()
 107 were added to Linux in kernel 4.9;
 108 library support was added in glibc 2.27.
 109 .SH CONFORMING TO
 110 The
 111 .BR pkey_alloc ()
 112 and
 113 .BR pkey_free ()
 114 system calls are Linux-specific.
 115 .SH NOTES
 116 .BR pkey_alloc ()
 117 is always safe to call regardless of whether or not the operating system
 118 supports protection keys.
 119 It can be used in lieu of any other mechanism for detecting pkey support
 120 and will simply fail with the error
 121 .B ENOSPC
 122 if the operating system has no pkey support.
 123 .PP
 124 The kernel guarantees that the contents of the hardware rights
 125 register (PKRU) will be preserved only for allocated protection
 126 keys.
 127 Any time a key is unallocated (either before the first call
 128 returning that key from
 129 .BR pkey_alloc ()
 130 or after it is freed via
 131 .BR pkey_free ()),
 132 the kernel may make arbitrary changes to the parts of the
 133 rights register affecting access to that key.
 134 .SH EXAMPLE
 135 See
 136 .BR pkeys (7).
 137 .SH SEE ALSO
 138 .BR pkey_mprotect (2),
 139 .BR pkeys (7)