Inferencium/doc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
doc/security/hardened_malloc.adoc
inference 5cc54d19b0
Fix spelling.
2023-06-12 17:10:18 +01:00

1.4 KiB
Raw Blame History

GrapheneOS hardened_malloc

Version: 0.0.0.2

This documentation contains the complete set of commands to use GrapheneOS' hardened_malloc memory allocator as the systems default memory allocator. These instructions apply to both musl and glibc C libraries on Unix-based and Unix-like systems.

Increase Permitted Amount of Memory Pages

Add vm.max_map_count = 1048576 to /etc/sysctl.conf to accommodate hardened_mallocs large amount of guard pages.

Clone hardened_malloc Source Code

Enter hardened_malloc Local Git Repository

cd hardened_malloc/

Compile hardened_malloc

make <arguments>

CONFIG_N_ARENA=n can be adjusted to increase parallel performance at the expense of memory usage, or decrease memory usage at the expense of parallel performance, where n is an integer. For low-memory systems, VARIANT=light can be used to compile the light variant of hardened_malloc, which sacrifices some security for much less memory usage.

Copy Compiled hardened_malloc Library

cp out/libhardened_malloc.so <target_path>

Set System to Preload hardened_malloc on Boot

musl-based systems: Add export LD_PRELOAD=<hardened_malloc_path> to /etc/environment
glibc-based systems: Add <hardened_malloc_path> to /etc/ld.so.preload