vm_protect_kkey Kernel Service

Purpose

Sets kernel-key on a kernel address range.

Syntax

#include <sys/types.h>
#include <sys/skeys.h>
#include <sys/vmuser.h>

kerrno_t vm_protect_kkey (eaddr, nbytes, kkey, flags)
void * eaddr;
size_t nbytes;
kkey_t kkey;
unsigned long flags;

Parameters

Item Description
eaddr Starting address to protect.
nbytes Number of bytes to protect.
kkey Kernel-key value to set on memory.
flags Defined flag value is:
  • VMPK_NO_CHECK_AUTHORITY – This flag indicates that extended authority checking will not be performed.

Description

The vm_protect_kkey() kernel service is used to alter the kernel-key associated with a virtual memory range. If set, any code that references the memory needs to include the kernel-key in their active keyset. The kernel-key is set for all pages in the effective address range specified by eaddr to eaddr + nbytes - 1. If the address range does not specify a page-aligned area consisting of an integral number of full pages, an error will be returned.

By default, an authority check is performed when altering storage-keys. This check requires that the vm_protect_kkey() caller has write access to the pages’ current kernel-key(s). This authority checking can be overridden by setting the VMPK_NO_CHECK_AUTHORITY value, but this is not recommended since the check can protect against some programming errors.

Execution Environment

The vm_protect_kkey kernel service can be called from the process environment only.

Return Values

Item Description
0 Successful.
EINVAL_VM_PROTECT_KKEY Invalid parameter or execution environment.
EINVAL_VM_PROTECT_KKEY_PPAGE Request includes a partial page.
EFAULT_VM_PROTECT_KKEY Invalid address range.
EPERM_VM_PROTECT_KKEY Insufficient authority to perform the operation.

If the vm_protect_kkey() kernel service is unsuccessful because of a condition other than that specified by the EINVAL_VM_PROTECT_KKEY error code, the kernel-key for some pages in the (eaddr, eaddr + nbytes - 1) range might have been changed.