From 2c3979669c17f2edf8f33f282c689212e5919392 Mon Sep 17 00:00:00 2001
From: inference <admin@inferencium.net>
Date: Sat, 7 Oct 2023 05:57:52 +0100
Subject: [PATCH] Add webpage "Documentation - hardened_malloc" version 1.0.0+5

---
 documentation/hardened_malloc.html | 105 +++++++++++++++++++++++++++++
 1 file changed, 105 insertions(+)
 create mode 100644 documentation/hardened_malloc.html

diff --git a/documentation/hardened_malloc.html b/documentation/hardened_malloc.html
new file mode 100644
index 0000000..e553308
--- /dev/null
+++ b/documentation/hardened_malloc.html
@@ -0,0 +1,105 @@
+<!DOCTYPE html>
+
+<!-- Inferencium - Website - Documentation - GrapheneOS hardened_malloc -->
+
+<!-- Copyright 2023 Jake Winters -->
+<!-- SPDX-License-Identifier: BSD-3-Clause -->
+
+<!-- Version: 1.0.0+5 -->
+
+
+<html>
+		<head>
+				<title>Inferencium - Documentation - GrapheneOS hardened_malloc</title>
+				<link rel="stylesheet" href=../main.css>
+				<meta name="viewport" content="width=device-width, initial-scale=1">
+		</head>
+		<!-- Navigation bar -->
+		<div class="sidebar">
+				<a href="../index.html"><img src="../asset/img/logo-inferencium-no_text.png" width="110px" height="110px"></a>
+				<a href="../index.html" class="title">Inferencium</a><br>
+				<br>
+				<br>
+				<div><a href="../about.html">About</a></div>
+				<div><a href="../contact.html">Contact</a></div>
+				<div><a href="../blog.html">Blog</a></div>
+				<div><a href="../documentation.html">Documentation</a></div>
+				<div><a href="../source.html">Source</a></div>
+				<div><a href="../key.html">Key</a></div>
+				<div><a href="../changelog.html">Changelog</a></div>
+		</div>
+		<body>
+				<h1>Documentation - GrapheneOS hardened_malloc</h1>
+						<p>This documentation contains instructions to use
+						<a href="https://github.com/GrapheneOS/hardened_malloc">GrapheneOS hardened_malloc</a>
+						memory allocator as the system’s default memory allocator. These instructions apply to both musl
+						and glibc C libraries on Unix-based and Unix-like systems. hardened_malloc can also be used
+						per-application and/or per-user, in which case root permissions are not required; this
+						documentation focuses on system-wide usage of hardened_malloc, assumes root privileges, and
+						assumes the compiled library will be located in a path readable by all users of the system.</p>
+						<p>For the complete hardened_malloc documentation, visit its
+						<a href="https://github.com/GrapheneOS/hardened_malloc">official documentation</a>.</p>
+						<p>This documentation is also available in portable AsciiDoc format in my
+						<a href="https://src.inferencium.net/Inferencium/doc/src/branch/stable/security/hardened_malloc.adoc">documentation source code repository</a>.
+						<!-- Table of contents -->
+						<section id="toc">
+								<h2 id="toc"><a href="#toc">Table of Contents<a/></h2>
+										<ul>
+												<li><a href="#memory_pages">Increase Permitted Amount of Memory Pages</a></li>
+												<li><a href="#clone_source_code">Clone hardened_malloc Source Code</a></li>
+												<li><a href="#enter_local_repository">Enter hardened_malloc Local Git Repository</a></li>
+												<li><a href="#compile">Compile hardened_malloc</a></li>
+												<li><a href="#copy_library">Copy Compiled hardened_malloc Library</a></li>
+												<li><a href="#preload_on_boot">Set System to Preload hardened_malloc on Boot</a></li>
+										</ul>
+						<section id="memory_pages">
+								<h2 id="memory_pages"><a href="#memory_pages">Increase Permitted Amount of Memory Pages</a></h2>
+										<p>Add <code>vm.max_map_count = 1048576</code> to <code>/etc/sysctl.conf</code>
+										to accommodate hardened_malloc’s large amount of guard pages.</p>
+						</section>
+						<section id="clone_source_code">
+								<h2 id="clone_source_code"><a href="#clone_source_code">Clone hardened_malloc Source Code</a></h2>
+										<p><code>$ git clone https://github.com/GrapheneOS/hardened_malloc.git</code></p>
+						</section>
+						<section id="enter_local_repository">
+								<h2 id="enter_local_repository"><a href="#enter_local_repository">Enter hardened_malloc Local Git Repository</a></h2>
+										<p><code>$ cd hardened_malloc/</code></p>
+						</section>
+						<section id="compile">
+								<h2 id="compile"><a href="#compile">Compile hardened_malloc</a></h2>
+										<p><p><code>$ make &lt;arguments&gt;</code></p>
+										<p><code>CONFIG_N_ARENA=<var>n</var></code> can be adjusted to increase parallel
+										performance at the expense of memory usage, or decrease memory usage at the
+										expense of parallel performance, where <var>n</var> is an integer. Higher values
+										prefer parallel performance, lower values prefer lower memory usage. The number
+										of arenas has no impact on the security properties of hardened_malloc.
+										<ul>
+												<li>Minimum number of arenas: 1</li>
+												<li>Maximum number of arenas: 256</li>
+										</ul>
+										<p>For extra security, <code>CONFIG_SEAL_METADATA=true</code> can be used in
+										order to control whether Memory Protection Keys are used to disable access to
+										all writable allocator state outside of the memory allocator code. It’s
+										currently disabled by default due to a significant performance cost for this use
+										case on current generation hardware. Whether or not this feature is enabled, the
+										metadata is all contained within an isolated memory region with high entropy
+										random guard regions around it.</p>
+										<p>For low-memory systems, <code>VARIANT=light</code> can be used to compile the
+										light variant of hardened_malloc, which sacrifices some security for much less
+										memory usage.</p>
+										<p>For all compile-time options, see the
+										<a href="https://github.com/GrapheneOS/hardened_malloc#configuration">configuration section</a>
+										of hardened_malloc’s extensive official documentation.</p>
+						</section>
+						<section id="copy_library">
+								<h2 id="copy_library"><a href="#copy_library">Copy Compiled hardened_malloc Library</a></h2>
+										<p><code># cp out/libhardened_malloc.so &lt;target path&gt;</code></p>
+						</section>
+						<section id="preload_on_boot">
+								<h2 id="preload_on_boot"><a href="#preload_on_boot">Set System to Preload hardened_malloc on Boot</a></h2>
+										<p>musl-based systems: Add <code>export LD_PRELOAD="&lt;hardened_malloc path&gt;"</code>
+										to <code>/etc/environment</code><br>
+										glibc-based systems: Add <code>&lt;hardened_malloc path&gt;</code> to <code>/etc/ld.so.preload</code></p>
+						</section>
+		</body>
+</html>