|
Packit |
7cfc04 |
.\" Copyright (C) 2016 Intel Corporation
|
|
Packit |
7cfc04 |
.\"
|
|
Packit |
7cfc04 |
.\" %%%LICENSE_START(VERBATIM)
|
|
Packit |
7cfc04 |
.\" Permission is granted to make and distribute verbatim copies of this
|
|
Packit |
7cfc04 |
.\" manual provided the copyright notice and this permission notice are
|
|
Packit |
7cfc04 |
.\" preserved on all copies.
|
|
Packit |
7cfc04 |
.\"
|
|
Packit |
7cfc04 |
.\" Permission is granted to copy and distribute modified versions of this
|
|
Packit |
7cfc04 |
.\" manual under the conditions for verbatim copying, provided that the
|
|
Packit |
7cfc04 |
.\" entire resulting derived work is distributed under the terms of a
|
|
Packit |
7cfc04 |
.\" permission notice identical to this one.
|
|
Packit |
7cfc04 |
.\"
|
|
Packit |
7cfc04 |
.\" Since the Linux kernel and libraries are constantly changing, this
|
|
Packit |
7cfc04 |
.\" manual page may be incorrect or out-of-date. The author(s) assume no
|
|
Packit |
7cfc04 |
.\" responsibility for errors or omissions, or for damages resulting from
|
|
Packit |
7cfc04 |
.\" the use of the information contained herein. The author(s) may not
|
|
Packit |
7cfc04 |
.\" have taken the same level of care in the production of this manual,
|
|
Packit |
7cfc04 |
.\" which is licensed free of charge, as they might when working
|
|
Packit |
7cfc04 |
.\" professionally.
|
|
Packit |
7cfc04 |
.\"
|
|
Packit |
7cfc04 |
.\" Formatted or processed versions of this manual, if unaccompanied by
|
|
Packit |
7cfc04 |
.\" the source, must acknowledge the copyright and author of this work.
|
|
Packit |
7cfc04 |
.\" %%%LICENSE_END
|
|
Packit |
7cfc04 |
.\"
|
|
Packit |
7cfc04 |
.TH PKEY_ALLOC 2 2018-02-02 "Linux" "Linux Programmer's Manual"
|
|
Packit |
7cfc04 |
.SH NAME
|
|
Packit |
7cfc04 |
pkey_alloc, pkey_free \- allocate or free a protection key
|
|
Packit |
7cfc04 |
.SH SYNOPSIS
|
|
Packit |
7cfc04 |
.nf
|
|
Packit |
7cfc04 |
.B #include <sys/mman.h>
|
|
Packit |
7cfc04 |
.PP
|
|
Packit |
7cfc04 |
.BI "int pkey_alloc(unsigned long " flags ", unsigned long " access_rights ");"
|
|
Packit |
7cfc04 |
.BI "int pkey_free(int " pkey ");"
|
|
Packit |
7cfc04 |
.fi
|
|
Packit |
7cfc04 |
.SH DESCRIPTION
|
|
Packit |
7cfc04 |
.BR pkey_alloc ()
|
|
Packit |
7cfc04 |
allocates a protection key (pkey) and allows it to be passed to
|
|
Packit |
7cfc04 |
.BR pkey_mprotect (2).
|
|
Packit |
7cfc04 |
.PP
|
|
Packit |
7cfc04 |
The
|
|
Packit |
7cfc04 |
.BR pkey_alloc ()
|
|
Packit |
7cfc04 |
.I flags
|
|
Packit |
7cfc04 |
is reserved for future use and currently must always be specified as 0.
|
|
Packit |
7cfc04 |
.PP
|
|
Packit |
7cfc04 |
The
|
|
Packit |
7cfc04 |
.BR pkey_alloc ()
|
|
Packit |
7cfc04 |
.I access_rights
|
|
Packit |
7cfc04 |
.BR
|
|
Packit |
7cfc04 |
argument may contain zero or more disable operations:
|
|
Packit |
7cfc04 |
.TP
|
|
Packit |
7cfc04 |
.B PKEY_DISABLE_ACCESS
|
|
Packit |
7cfc04 |
Disable all data access to memory covered by the returned protection key.
|
|
Packit |
7cfc04 |
.TP
|
|
Packit |
7cfc04 |
.B PKEY_DISABLE_WRITE
|
|
Packit |
7cfc04 |
Disable write access to memory covered by the returned protection key.
|
|
Packit |
7cfc04 |
.PP
|
|
Packit |
7cfc04 |
.BR pkey_free ()
|
|
Packit |
7cfc04 |
frees a protection key and makes it available for later
|
|
Packit |
7cfc04 |
allocations.
|
|
Packit |
7cfc04 |
After a protection key has been freed, it may no longer be used
|
|
Packit |
7cfc04 |
in any protection-key-related operations.
|
|
Packit |
7cfc04 |
.PP
|
|
Packit |
7cfc04 |
An application should not call
|
|
Packit |
7cfc04 |
.BR pkey_free ()
|
|
Packit |
7cfc04 |
on any protection key which has been assigned to an address
|
|
Packit |
7cfc04 |
range by
|
|
Packit |
7cfc04 |
.BR pkey_mprotect (2)
|
|
Packit |
7cfc04 |
and which is still in use.
|
|
Packit |
7cfc04 |
The behavior in this case is undefined and may result in an error.
|
|
Packit |
7cfc04 |
.SH RETURN VALUE
|
|
Packit |
7cfc04 |
On success,
|
|
Packit |
7cfc04 |
.BR pkey_alloc ()
|
|
Packit |
7cfc04 |
returns a positive protection key value.
|
|
Packit |
7cfc04 |
On success,
|
|
Packit |
7cfc04 |
.BR pkey_free ()
|
|
Packit |
7cfc04 |
returns zero.
|
|
Packit |
7cfc04 |
On error, \-1 is returned, and
|
|
Packit |
7cfc04 |
.I errno
|
|
Packit |
7cfc04 |
is set appropriately.
|
|
Packit |
7cfc04 |
.SH ERRORS
|
|
Packit |
7cfc04 |
.TP
|
|
Packit |
7cfc04 |
.B EINVAL
|
|
Packit |
7cfc04 |
.IR pkey ,
|
|
Packit |
7cfc04 |
.IR flags ,
|
|
Packit |
7cfc04 |
or
|
|
Packit |
7cfc04 |
.I access_rights
|
|
Packit |
7cfc04 |
is invalid.
|
|
Packit |
7cfc04 |
.TP
|
|
Packit |
7cfc04 |
.B ENOSPC
|
|
Packit |
7cfc04 |
.RB ( pkey_alloc ())
|
|
Packit |
7cfc04 |
All protection keys available for the current process have
|
|
Packit |
7cfc04 |
been allocated.
|
|
Packit |
7cfc04 |
The number of keys available is architecture-specific and
|
|
Packit |
7cfc04 |
implementation-specific and may be reduced by kernel-internal use
|
|
Packit |
7cfc04 |
of certain keys.
|
|
Packit |
7cfc04 |
There are currently 15 keys available to user programs on x86.
|
|
Packit |
7cfc04 |
.IP
|
|
Packit |
7cfc04 |
This error will also be returned if the processor or operating system
|
|
Packit |
7cfc04 |
does not support protection keys.
|
|
Packit |
7cfc04 |
Applications should always be prepared to handle this error, since
|
|
Packit |
7cfc04 |
factors outside of the application's control can reduce the number
|
|
Packit |
7cfc04 |
of available pkeys.
|
|
Packit |
7cfc04 |
.SH VERSIONS
|
|
Packit |
7cfc04 |
.BR pkey_alloc ()
|
|
Packit |
7cfc04 |
and
|
|
Packit |
7cfc04 |
.BR pkey_free ()
|
|
Packit |
7cfc04 |
were added to Linux in kernel 4.9;
|
|
Packit |
7cfc04 |
library support was added in glibc 2.27.
|
|
Packit |
7cfc04 |
.SH CONFORMING TO
|
|
Packit |
7cfc04 |
The
|
|
Packit |
7cfc04 |
.BR pkey_alloc ()
|
|
Packit |
7cfc04 |
and
|
|
Packit |
7cfc04 |
.BR pkey_free ()
|
|
Packit |
7cfc04 |
system calls are Linux-specific.
|
|
Packit |
7cfc04 |
.SH NOTES
|
|
Packit |
7cfc04 |
.BR pkey_alloc ()
|
|
Packit |
7cfc04 |
is always safe to call regardless of whether or not the operating system
|
|
Packit |
7cfc04 |
supports protection keys.
|
|
Packit |
7cfc04 |
It can be used in lieu of any other mechanism for detecting pkey support
|
|
Packit |
7cfc04 |
and will simply fail with the error
|
|
Packit |
7cfc04 |
.B ENOSPC
|
|
Packit |
7cfc04 |
if the operating system has no pkey support.
|
|
Packit |
7cfc04 |
.PP
|
|
Packit |
7cfc04 |
The kernel guarantees that the contents of the hardware rights
|
|
Packit |
7cfc04 |
register (PKRU) will be preserved only for allocated protection
|
|
Packit |
7cfc04 |
keys.
|
|
Packit |
7cfc04 |
Any time a key is unallocated (either before the first call
|
|
Packit |
7cfc04 |
returning that key from
|
|
Packit |
7cfc04 |
.BR pkey_alloc ()
|
|
Packit |
7cfc04 |
or after it is freed via
|
|
Packit |
7cfc04 |
.BR pkey_free ()),
|
|
Packit |
7cfc04 |
the kernel may make arbitrary changes to the parts of the
|
|
Packit |
7cfc04 |
rights register affecting access to that key.
|
|
Packit |
7cfc04 |
.SH EXAMPLE
|
|
Packit |
7cfc04 |
See
|
|
Packit |
7cfc04 |
.BR pkeys (7).
|
|
Packit |
7cfc04 |
.SH SEE ALSO
|
|
Packit |
7cfc04 |
.BR pkey_mprotect (2),
|
|
Packit |
7cfc04 |
.BR pkeys (7)
|
|
Packit |
7cfc04 |
.SH COLOPHON
|
|
Packit |
7cfc04 |
This page is part of release 4.15 of the Linux
|
|
Packit |
7cfc04 |
.I man-pages
|
|
Packit |
7cfc04 |
project.
|
|
Packit |
7cfc04 |
A description of the project,
|
|
Packit |
7cfc04 |
information about reporting bugs,
|
|
Packit |
7cfc04 |
and the latest version of this page,
|
|
Packit |
7cfc04 |
can be found at
|
|
Packit |
7cfc04 |
\%https://www.kernel.org/doc/man\-pages/.
|