Inferencium/website
1
0
Fork 0
Code Issues Activity

Rebase webpage "Documentation - hardened_malloc" from version "5.0.2-alpha.6" onto "5.0.2"

Browse Source
This commit is contained in:
inference 2024-06-29 12:26:14 +01:00
parent 55dcc5fe19
commit 0c93f68224
Signed by: inference
SSH Key Fingerprint: SHA256:K/a677+eHm7chi3X4s77BIpLTE9Vge1tsv+jUL5gI+Y
1 changed files with 36 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
documentation/hardened_malloc.xhtml
View File

@ -1,7 +1,7 @@
<!DOCTYPE html> <!DOCTYPE html>
<!-- Inferencium - Website - Documentation - hardened_malloc --> <!-- Inferencium - Website - Documentation - hardened_malloc -->
<!-- Version: 5.0.2-alpha.6 --> <!-- Version: 5.0.2 -->
<!-- Copyright 2023 Jake Winters --> <!-- Copyright 2023 Jake Winters -->
<!-- SPDX-License-Identifier: BSD-3-Clause --> <!-- SPDX-License-Identifier: BSD-3-Clause -->
@ -62,20 +62,21 @@
</nav> </nav>
<section id="memory_pages"> <section id="memory_pages">
<h2><a href="#memory_pages">Increase Permitted Amount of Memory Pages</a></h2> <h2><a href="#memory_pages">Increase Permitted Amount of Memory Pages</a></h2>
<p>Add <code>vm.max_map_count = 1048576</code> to <code>/etc/sysctl.conf</code> to accommodate <p>Add the following to <code>/etc/sysctl.conf</code> or a configuration file within
hardened_malloc's large amount of guard pages.</p> <code>/etc/sysctl.d/</code>to accommodate hardened_malloc's large amount of guard pages:</p>
<pre>vm.max_map_count = 1048576</pre>
</section> </section>
<section id="clone_source_code"> <section id="clone_source_code">
<h2><a href="#clone_source_code">Clone hardened_malloc Source Code</a></h2> <h2><a href="#clone_source_code">Clone hardened_malloc Source Code</a></h2>
<p><code>$ git clone https://github.com/GrapheneOS/hardened_malloc.git</code></p> <pre>$ git clone https://github.com/GrapheneOS/hardened_malloc.git</pre>
</section> </section>
<section id="enter_local_repository"> <section id="enter_local_repository">
<h2><a href="#enter_local_repository">Enter hardened_malloc Local Git Repository</a></h2> <h2><a href="#enter_local_repository">Enter hardened_malloc Local Git Repository</a></h2>
<p><code>$ cd hardened_malloc/</code></p> <pre>$ cd hardened_malloc/</pre>
</section> </section>
<section id="compile"> <section id="compile">
<h2><a href="#compile">Compile hardened_malloc</a></h2> <h2><a href="#compile">Compile hardened_malloc</a></h2>
<p><code>$ make <var>&lt;arguments&gt;</var></code></p> <pre>$ make <var>&lt;arguments&gt;</var></pre>
<p><code>CONFIG_N_ARENA=<var>n</var></code> can be adjusted to increase parallel performance at the <p><code>CONFIG_N_ARENA=<var>n</var></code> can be adjusted to increase parallel performance at the
expense of memory usage, or decrease memory usage at the expense of parallel performance, where expense of memory usage, or decrease memory usage at the expense of parallel performance, where
<code><var>n</var></code> is a non-negative integer. Higher values prefer parallel performance, <code><var>n</var></code> is a non-negative integer. Higher values prefer parallel performance,
@ -108,23 +109,26 @@
current-generation hardware. Whether or not this feature is enabled, the metadata is all contained current-generation hardware. Whether or not this feature is enabled, the metadata is all contained
within an isolated memory region with high-entropy random guard regions around it.</p> within an isolated memory region with high-entropy random guard regions around it.</p>
<p>For low-memory systems, <code>VARIANT=light</code> can be used to compile the light variant of <p>For low-memory systems, <code>VARIANT=light</code> can be used to compile the light variant of
hardened_malloc, which sacrifices some security for much less memory usage. This option still hardened_malloc, which sacrifices some security for less memory usage. This option still produces a
produces a more hardened memory allocator than both the default musl and glibc allocators, despite more hardened memory allocator than both the default musl and glibc allocators, despite the security
the security sacrifices over the full variant.</p> sacrifices over the full variant.</p>
<p>For all compile-time options, see the <p>For all compile-time options, see the
<a href="https://github.com/GrapheneOS/hardened_malloc#configuration">configuration section</a> <a href="https://github.com/GrapheneOS/hardened_malloc#configuration">configuration section</a>
of hardened_malloc's official documentation.</p> of hardened_malloc's official documentation.</p>
</section> </section>
<section id="copy_library"> <section id="copy_library">
<h2><a href="#copy_library">Copy Compiled hardened_malloc Library</a></h2> <h2><a href="#copy_library">Copy Compiled hardened_malloc Library</a></h2>
<p><code># cp out/libhardened_malloc.so /usr/local/lib/libhardened_malloc.so</code></p> <pre># cp out/libhardened_malloc.so /usr/local/lib/libhardened_malloc.so</pre>
</section> </section>
<section id="preload_on_boot"> <section id="preload_on_boot">
<h2><a href="#preload_on_boot">Set System to Preload hardened_malloc on Boot</a></h2> <h2><a href="#preload_on_boot">Set System to Preload hardened_malloc on Boot</a></h2>
<p><b>musl-based systems:</b> Add <code>LD_PRELOAD=/usr/local/lib/libhardened_malloc.so</code> to <p>In order to preload the hardened_malloc shared library on boot, perform the following
<code>/etc/environment</code></p> actions:</p>
<p><b>glibc-based systems:</b> Add <code>/usr/local/lib/libhardened_malloc.so</code> to <p><b>musl-based systems:</b> Add the following to <code>/etc/environment</code> or a configuration
<code>/etc/ld.so.preload</code></p> file within <code>/etc/environment.d/</code>:</p>
<pre>LD_PRELOAD=/usr/local/lib/libhardened_malloc.so</pre>
<p><b>glibc-based systems:</b> Add the following to <code>/etc/ld.so.preload</code>:</p>
<pre>/usr/local/lib/libhardened_malloc.so</pre>
</section> </section>
<div class="sitemap-small"><a href="../sitemap.xhtml">Sitemap</a></div> <div class="sitemap-small"><a href="../sitemap.xhtml">Sitemap</a></div>
</body> </body>