HTML rendering created 2025-09-06 byMichael Kerrisk, author ofThe Linux Programming Interface. For details of in-depthLinux/UNIX system programming training courses that I teach, lookhere. Hosting byjambit GmbH. |  |
NAME |LIBRARY |SYNOPSIS |DESCRIPTION |RETURN VALUE |ERRORS |STANDARDS |HISTORY |NOTES |EXAMPLES |SEE ALSO |COLOPHON | |
pkey_alloc(2) System Calls Manualpkey_alloc(2)pkey_alloc, pkey_free - allocate or free a protection key
Standard C library (libc,-lc)
#define _GNU_SOURCE/* See feature_test_macros(7) */#include <sys/mman.h>int pkey_alloc(unsigned intflags, unsigned intaccess_rights);int pkey_free(intpkey);
pkey_alloc() allocates a protection key (pkey) and allows it to be passed topkey_mprotect(2). Thepkey_alloc()flags is reserved for future use and currently must always be specified as 0. Thepkey_alloc()access_rights argument may contain zero or more disable operations:PKEY_DISABLE_ACCESS Disable all data access to memory covered by the returned protection key.PKEY_DISABLE_WRITE Disable write access to memory covered by the returned protection key.pkey_free() frees a protection key and makes it available for later allocations. After a protection key has been freed, it may no longer be used in any protection-key-related operations. An application should not callpkey_free() on any protection key which has been assigned to an address range bypkey_mprotect(2) and which is still in use. The behavior in this case is undefined and may result in an error.
On success,pkey_alloc() returns a positive protection key value. On success,pkey_free() returns zero. On error, -1 is returned, anderrno is set to indicate the error.
EINVALpkey,flags, oraccess_rights is invalid.ENOSPC(pkey_alloc()) All protection keys available for the current process have been allocated. The number of keys available is architecture-specific and implementation- specific and may be reduced by kernel-internal use of certain keys. There are currently 15 keys available to user programs on x86. This error will also be returned if the processor or operating system does not support protection keys. Applications should always be prepared to handle this error, since factors outside of the application's control can reduce the number of available pkeys.
Linux.
Linux 4.9, glibc 2.27.
pkey_alloc() is always safe to call regardless of whether or not the operating system supports protection keys. It can be used in lieu of any other mechanism for detecting pkey support and will simply fail with the errorENOSPCif the operating system has no pkey support. The kernel guarantees that the contents of the hardware rights register (PKRU) will be preserved only for allocated protection keys. Any time a key is unallocated (either before the first call returning that key frompkey_alloc() or after it is freed viapkey_free()), the kernel may make arbitrary changes to the parts of the rights register affecting access to that key.
Seepkeys(7).
pkey_mprotect(2),pkeys(7)
This page is part of theman-pages (Linux kernel and C library user-space interface documentation) project. Information about the project can be found at ⟨https://www.kernel.org/doc/man-pages/⟩. If you have a bug report for this manual page, see ⟨https://git.kernel.org/pub/scm/docs/man-pages/man-pages.git/tree/CONTRIBUTING⟩. This page was obtained from the tarball man-pages-6.15.tar.gz fetched from ⟨https://mirrors.edge.kernel.org/pub/linux/docs/man-pages/⟩ on 2025-08-11. If you discover any rendering problems in this HTML version of the page, or you believe there is a better or more up- to-date source for the page, or you have corrections or improvements to the information in this COLOPHON (which isnot part of the original manual page), send a mail to man-pages@man7.orgLinux man-pages 6.15 2025-05-17pkey_alloc(2)Pages that refer to this page:mprotect(2), syscalls(2), pkeys(7)
HTML rendering created 2025-09-06 byMichael Kerrisk, author ofThe Linux Programming Interface. For details of in-depthLinux/UNIX system programming training courses that I teach, lookhere. Hosting byjambit GmbH. | |