2016-09-13 19:45:40 +00:00
|
|
|
.\" Copyright (C) 2016 Intel Corporation
|
|
|
|
.\"
|
|
|
|
.\" %%%LICENSE_START(VERBATIM)
|
|
|
|
.\" Permission is granted to make and distribute verbatim copies of this
|
|
|
|
.\" manual provided the copyright notice and this permission notice are
|
|
|
|
.\" preserved on all copies.
|
|
|
|
.\"
|
|
|
|
.\" Permission is granted to copy and distribute modified versions of this
|
|
|
|
.\" manual under the conditions for verbatim copying, provided that the
|
|
|
|
.\" entire resulting derived work is distributed under the terms of a
|
|
|
|
.\" permission notice identical to this one.
|
|
|
|
.\"
|
|
|
|
.\" Since the Linux kernel and libraries are constantly changing, this
|
|
|
|
.\" manual page may be incorrect or out-of-date. The author(s) assume no
|
|
|
|
.\" responsibility for errors or omissions, or for damages resulting from
|
|
|
|
.\" the use of the information contained herein. The author(s) may not
|
|
|
|
.\" have taken the same level of care in the production of this manual,
|
|
|
|
.\" which is licensed free of charge, as they might when working
|
|
|
|
.\" professionally.
|
|
|
|
.\"
|
|
|
|
.\" Formatted or processed versions of this manual, if unaccompanied by
|
|
|
|
.\" the source, must acknowledge the copyright and author of this work.
|
|
|
|
.\" %%%LICENSE_END
|
|
|
|
.\"
|
bind.2, chmod.2, chown.2, chroot.2, clock_getres.2, clone.2, connect.2, dup.2, fallocate.2, get_mempolicy.2, getpeername.2, getpriority.2, getsockname.2, getsockopt.2, gettimeofday.2, ioctl_ficlonerange.2, ioctl_fideduperange.2, kill.2, mbind.2, mmap.2, mount.2, mprotect.2, nfsservctl.2, nice.2, open.2, perf_event_open.2, pipe.2, pkey_alloc.2, prctl.2, ptrace.2, quotactl.2, remap_file_pages.2, sched_setscheduler.2, set_mempolicy.2, signal.2, signalfd.2, swapon.2, sync_file_range.2, syscalls.2, timer_create.2, timerfd_create.2, utime.2, utimensat.2, wait.2, atof.3, ctime.3, errno.3, fclose.3, fflush.3, insque.3, malloc_get_state.3, mallopt.3, mbsnrtowcs.3, mq_close.3, mq_open.3, mq_receive.3, mq_send.3, printf.3, pthread_attr_init.3, pthread_create.3, pthread_setaffinity_np.3, ptsname.3, remainder.3, strtod.3, tgamma.3, timegm.3, tmpnam.3, ttyname.3, console_ioctl.4, elf.5, filesystems.5, proc.5, utmp.5, capabilities.7, cgroups.7, credentials.7, ddp.7, feature_test_macros.7, fifo.7, inotify.7, libc.7, mount_namespaces.7, namespaces.7, netlink.7, pid_namespaces.7, pkeys.7, shm_overview.7, standards.7, uri.7, user_namespaces.7: tstamp
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
2016-12-12 09:45:24 +00:00
|
|
|
.TH PKEY_ALLOC 2 2016-12-12 "Linux" "Linux Programmer's Manual"
|
2016-09-13 19:45:40 +00:00
|
|
|
.SH NAME
|
|
|
|
pkey_alloc, pkey_free \- allocate or free a protection key
|
|
|
|
.SH SYNOPSIS
|
|
|
|
.nf
|
|
|
|
.B #include <sys/mman.h>
|
|
|
|
.sp
|
|
|
|
.BI "int pkey_alloc(unsigned long " flags ", unsigned long " access_rights ");"
|
|
|
|
.BI "int pkey_free(int " pkey ");"
|
|
|
|
.fi
|
|
|
|
.SH DESCRIPTION
|
|
|
|
.BR pkey_alloc ()
|
2016-10-13 10:25:46 +00:00
|
|
|
allocates a protection key (pkey) and allows it to be passed to
|
|
|
|
.BR pkey_mprotect (2).
|
|
|
|
|
2016-10-13 10:32:19 +00:00
|
|
|
The
|
2016-09-13 19:45:40 +00:00
|
|
|
.BR pkey_alloc ()
|
2016-10-13 10:32:19 +00:00
|
|
|
.I flags
|
|
|
|
argument may contain zero or more disable operations:
|
|
|
|
.TP
|
|
|
|
.B PKEY_DISABLE_ACCESS
|
|
|
|
Disable all data access to memory covered by the returned protection key.
|
|
|
|
.TP
|
|
|
|
.B PKEY_DISABLE_WRITE
|
|
|
|
Disable write access to memory covered by the returned protection key.
|
2016-09-13 19:45:40 +00:00
|
|
|
.PP
|
|
|
|
.BR pkey_free ()
|
|
|
|
frees a protection key and makes it available for later
|
|
|
|
allocations.
|
|
|
|
After a protection key has been freed, it may no longer be used
|
|
|
|
in any protection-key-related operations.
|
2016-10-13 10:32:19 +00:00
|
|
|
|
2016-09-13 19:45:40 +00:00
|
|
|
An application should not call
|
|
|
|
.BR pkey_free ()
|
|
|
|
on any protection key which has been assigned to an address
|
|
|
|
range by
|
|
|
|
.BR pkey_mprotect (2)
|
2016-10-13 10:25:46 +00:00
|
|
|
and which is still in use.
|
|
|
|
The behavior in this case is undefined and may result in an error.
|
2016-09-13 19:45:40 +00:00
|
|
|
.SH RETURN VALUE
|
|
|
|
On success,
|
|
|
|
.BR pkey_alloc ()
|
|
|
|
returns a positive protection key value.
|
|
|
|
.BR pkey_free ()
|
|
|
|
returns zero.
|
|
|
|
On error, \-1 is returned, and
|
|
|
|
.I errno
|
|
|
|
is set appropriately.
|
|
|
|
.SH ERRORS
|
|
|
|
.TP
|
|
|
|
.B EINVAL
|
|
|
|
.IR pkey ,
|
|
|
|
.IR flags ,
|
|
|
|
or
|
|
|
|
.I access_rights
|
|
|
|
is invalid.
|
|
|
|
.TP
|
|
|
|
.B ENOSPC
|
2016-10-13 10:25:46 +00:00
|
|
|
.RB ( pkey_alloc ())
|
2016-09-13 19:45:40 +00:00
|
|
|
All protection keys available for the current process have
|
|
|
|
been allocated.
|
|
|
|
The number of keys available is architecture-specific and
|
2016-10-13 10:25:46 +00:00
|
|
|
implementation-specific and may be reduced by kernel-internal use
|
2016-09-13 19:45:40 +00:00
|
|
|
of certain keys.
|
|
|
|
There are currently 15 keys available to user programs on x86.
|
2016-10-13 10:25:46 +00:00
|
|
|
|
|
|
|
This error will also be returned if the processor or operating system
|
2016-09-13 19:45:40 +00:00
|
|
|
does not support protection keys.
|
2016-10-13 10:25:46 +00:00
|
|
|
Applications should always be prepared to handle this error, since
|
2016-09-13 19:45:40 +00:00
|
|
|
factors outside of the application's control can reduce the number
|
|
|
|
of available pkeys.
|
|
|
|
.SH VERSIONS
|
|
|
|
.BR pkey_alloc ()
|
|
|
|
and
|
|
|
|
.BR pkey_free ()
|
2016-10-13 10:25:46 +00:00
|
|
|
were added to Linux in kernel 4.9.
|
|
|
|
Glibc support is not yet available.
|
2016-09-13 19:45:40 +00:00
|
|
|
.SH CONFORMING TO
|
|
|
|
The
|
|
|
|
.BR pkey_alloc ()
|
|
|
|
and
|
|
|
|
.BR pkey_free ()
|
|
|
|
system calls are Linux-specific.
|
2016-10-13 10:32:19 +00:00
|
|
|
.SH NOTES
|
|
|
|
.BR pkey_alloc ()
|
|
|
|
is always safe to call regardless of whether or not the operating system
|
|
|
|
supports protection keys.
|
|
|
|
It can be used in lieu of any other mechanism for detecting pkey support
|
|
|
|
and will simply fail with the error
|
|
|
|
.B ENOSPC
|
|
|
|
if the operating system has no pkey support.
|
|
|
|
|
|
|
|
The kernel guarantees that the contents of the hardware rights
|
|
|
|
register (PKRU) will be preserved only for allocated protection
|
|
|
|
keys.
|
|
|
|
Any time a key is unallocated (either before the first call
|
|
|
|
returning that key from
|
|
|
|
.BR pkey_alloc ()
|
|
|
|
or after it is freed via
|
|
|
|
.BR pkey_free ()),
|
|
|
|
the kernel may make arbitrary changes to the parts of the
|
|
|
|
rights register affecting access to that key.
|
2016-10-13 10:53:04 +00:00
|
|
|
.SH EXAMPLE
|
|
|
|
See
|
2016-10-13 15:05:39 +00:00
|
|
|
.BR pkeys (7).
|
2016-09-13 19:45:40 +00:00
|
|
|
.SH SEE ALSO
|
|
|
|
.BR pkey_mprotect (2),
|
2016-10-13 15:05:39 +00:00
|
|
|
.BR pkeys (7)
|