Sets kernel-key on a kernel address range.
Item | Description |
---|---|
eaddr | Starting address to protect. |
nbytes | Number of bytes to protect. |
kkey | Kernel-key value to set on memory. |
flags | Defined flag value is:
|
The vm_protect_kkey() kernel service is used to alter the kernel-key associated with a virtual memory range. If set, any code that references the memory needs to include the kernel-key in their active keyset. The kernel-key is set for all pages in the effective address range specified by eaddr to eaddr + nbytes - 1. If the address range does not specify a page-aligned area consisting of an integral number of full pages, an error will be returned.
By default, an authority check is performed when altering storage-keys. This check requires that the vm_protect_kkey() caller has write access to the pages’ current kernel-key(s). This authority checking can be overridden by setting the VMPK_NO_CHECK_AUTHORITY value, but this is not recommended since the check can protect against some programming errors.
The vm_protect_kkey kernel service can be called from the process environment only.
Item | Description |
---|---|
0 | Successful. |
EINVAL_VM_PROTECT_KKEY | Invalid parameter or execution environment. |
EINVAL_VM_PROTECT_KKEY_PPAGE | Request includes a partial page. |
EFAULT_VM_PROTECT_KKEY | Invalid address range. |
EPERM_VM_PROTECT_KKEY | Insufficient authority to perform the operation. |
If the vm_protect_kkey() kernel service is unsuccessful because of a condition other than that specified by the EINVAL_VM_PROTECT_KKEY error code, the kernel-key for some pages in the (eaddr, eaddr + nbytes - 1) range might have been changed.