PKEY_ALLOC(2) Linux Programmer's Manual PKEY_ALLOC(2)
pkey_alloc, pkey_free - allocate or free a protection key
int pkey_alloc(unsigned long flags, unsigned long access_rights);
int pkey_free(int pkey);
pkey_alloc() allocates a protection key (pkey) and allows it to be
passed to pkey_mprotect(2).
The pkey_alloc() flags is reserved for future use and currently must
always be specified as 0.
The pkey_alloc() access_rights argument may contain zero or more dis-
Disable all data access to memory covered by the returned pro-
Disable write access to memory covered by the returned protec-
pkey_free() frees a protection key and makes it available for later
allocations. After a protection key has been freed, it may no longer
be used in any protection-key-related operations.
An application should not call pkey_free() on any protection key which
has been assigned to an address range by pkey_mprotect(2) and which is
still in use. The behavior in this case is undefined and may result in
On success, pkey_alloc() returns a positive protection key value. On
success, pkey_free() returns zero. On error, -1 is returned, and errno
is set appropriately.
EINVAL pkey, flags, or access_rights is invalid.
ENOSPC (pkey_alloc()) All protection keys available for the current
process have been allocated. The number of keys available is
architecture-specific and implementation-specific and may be
reduced by kernel-internal use of certain keys. There are cur-
rently 15 keys available to user programs on x86.
This error will also be returned if the processor or operating
system does not support protection keys. Applications should
always be prepared to handle this error, since factors outside
of the application's control can reduce the number of available
pkey_alloc() and pkey_free() were added to Linux in kernel 4.9; library
support was added in glibc 2.27.
The pkey_alloc() and pkey_free() system calls are Linux-specific.
pkey_alloc() is always safe to call regardless of whether or not the
operating system supports protection keys. It can be used in lieu of
any other mechanism for detecting pkey support and will simply fail
with the error ENOSPC if the operating system has no pkey support.
The kernel guarantees that the contents of the hardware rights register
(PKRU) will be preserved only for allocated protection keys. Any time
a key is unallocated (either before the first call returning that key
from pkey_alloc() or after it is freed via pkey_free()), the kernel may
make arbitrary changes to the parts of the rights register affecting
access to that key.
This page is part of release 4.15 of the Linux man-pages project. A
description of the project, information about reporting bugs, and the
latest version of this page, can be found at
Linux 2018-02-02 PKEY_ALLOC(2)
Man Pages Copyright Respective Owners. Site Copyright (C) 1994 - 2022
All Rights Reserved.