1 .\" Copyright (C) 2016 Intel Corporation
3 .\" %%%LICENSE_START(VERBATIM)
4 .\" Permission is granted to make and distribute verbatim copies of this
5 .\" manual provided the copyright notice and this permission notice are
6 .\" preserved on all copies.
8 .\" Permission is granted to copy and distribute modified versions of this
9 .\" manual under the conditions for verbatim copying, provided that the
10 .\" entire resulting derived work is distributed under the terms of a
11 .\" permission notice identical to this one.
13 .\" Since the Linux kernel and libraries are constantly changing, this
14 .\" manual page may be incorrect or out-of-date. The author(s) assume no
15 .\" responsibility for errors or omissions, or for damages resulting from
16 .\" the use of the information contained herein. The author(s) may not
17 .\" have taken the same level of care in the production of this manual,
18 .\" which is licensed free of charge, as they might when working
21 .\" Formatted or processed versions of this manual, if unaccompanied by
22 .\" the source, must acknowledge the copyright and author of this work.
25 .TH PKEY_ALLOC 2 2019-03-06 "Linux" "Linux Programmer's Manual"
27 pkey_alloc, pkey_free \- allocate or free a protection key
30 .B #include <sys/mman.h>
32 .BI "int pkey_alloc(unsigned int " flags ", unsigned int " access_rights ");"
33 .BI "int pkey_free(int " pkey ");"
37 allocates a protection key (pkey) and allows it to be passed to
38 .BR pkey_mprotect (2).
43 is reserved for future use and currently must always be specified as 0.
48 argument may contain zero or more disable operations:
50 .B PKEY_DISABLE_ACCESS
51 Disable all data access to memory covered by the returned protection key.
54 Disable write access to memory covered by the returned protection key.
57 frees a protection key and makes it available for later
59 After a protection key has been freed, it may no longer be used
60 in any protection-key-related operations.
62 An application should not call
64 on any protection key which has been assigned to an address
67 and which is still in use.
68 The behavior in this case is undefined and may result in an error.
72 returns a positive protection key value.
76 On error, \-1 is returned, and
90 All protection keys available for the current process have
92 The number of keys available is architecture-specific and
93 implementation-specific and may be reduced by kernel-internal use
95 There are currently 15 keys available to user programs on x86.
97 This error will also be returned if the processor or operating system
98 does not support protection keys.
99 Applications should always be prepared to handle this error, since
100 factors outside of the application's control can reduce the number
106 were added to Linux in kernel 4.9;
107 library support was added in glibc 2.27.
113 system calls are Linux-specific.
116 is always safe to call regardless of whether or not the operating system
117 supports protection keys.
118 It can be used in lieu of any other mechanism for detecting pkey support
119 and will simply fail with the error
121 if the operating system has no pkey support.
123 The kernel guarantees that the contents of the hardware rights
124 register (PKRU) will be preserved only for allocated protection
126 Any time a key is unallocated (either before the first call
127 returning that key from
129 or after it is freed via
131 the kernel may make arbitrary changes to the parts of the
132 rights register affecting access to that key.
137 .BR pkey_mprotect (2),