On 07/11/2017 03:14 PM, Ram Pai wrote: > Now how many does the kernel use to reserve for itself is something > the kernel knows too and hence can expose it, though the information > may change dynamically as the kernel reserves and releases the key > based on its internal needs. > > So i think we can expose this informaton through procfs/sysfs and let > the application decide how it wants to use the information. Why bother? On x86, you'll be told either 14 or 15 depending on whether you tried to create a mapping in the process without execute permission. You can't use all 14 or 15 unless you actually call pkey_alloc() anyway because the /proc check is inherently racy. I'm just not sure I see the value in creating a new ABI for it.