Inferencium/website
1
0
Fork 0
Code Issues Activity

Update webpage "Documentation - hardened_malloc" from version 1.0.2+21 to 1.0.3

Browse Source
This commit is contained in:
inference 2023-11-16 21:38:08 +00:00
parent 557e052b27
commit 366423c86a
Signed by: inference
SSH Key Fingerprint: SHA256:FtEVfx1CmTKMy40VwZvF4k+3TC+QhCWy+EmPRg50Nnc
1 changed files with 69 additions and 83 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

152
documentation/hardened_malloc.html
View File

@ -1,26 +1,23 @@
<!DOCTYPE html> <!DOCTYPE html>
<!-- Inferencium - Website - Documentation - GrapheneOS hardened_malloc --> <!-- Inferencium - Website - Documentation - GrapheneOS hardened_malloc -->
<!-- Version: 1.0.3 -->
<!-- Copyright 2023 Jake Winters --> <!-- Copyright 2023 Jake Winters -->
<!-- SPDX-License-Identifier: BSD-3-Clause --> <!-- SPDX-License-Identifier: BSD-3-Clause -->
<!-- Version: 1.0.2+21 -->
<html lang="en">
<html>
<head> <head>
<meta charset="utf-8"/>
<meta name="viewport" content="width=device-width, initial-scale=1"/>
<link rel="stylesheet" href="../main.css"/>
<title>Inferencium - Documentation - GrapheneOS hardened_malloc</title> <title>Inferencium - Documentation - GrapheneOS hardened_malloc</title>
<link rel="stylesheet" href=../main.css>
<meta name="viewport" content="width=device-width, initial-scale=1">
</head> </head>
<body> <body>
<!-- Navigation bar --> <nav class="nav-bar">
<div class="sidebar"> <div><a href="../index.html"><img src="../asset/img/logo-inferencium-no_text.png" width="110px" height="110px"/></a></div>
<a href="../index.html"><img src="../asset/img/logo-inferencium-no_text.png" width="110px" height="110px"></a> <div><a href="../index.html" class="title">Inferencium</a></div>
<a href="../index.html" class="title">Inferencium</a><br>
<br>
<br>
<div><a href="../about.html">About</a></div> <div><a href="../about.html">About</a></div>
<div><a href="../contact.html">Contact</a></div> <div><a href="../contact.html">Contact</a></div>
<div><a href="../blog.html">Blog</a></div> <div><a href="../blog.html">Blog</a></div>
@ -28,7 +25,7 @@
<div><a href="../source.html">Source</a></div> <div><a href="../source.html">Source</a></div>
<div><a href="../key.html">Key</a></div> <div><a href="../key.html">Key</a></div>
<div><a href="../changelog.html">Changelog</a></div> <div><a href="../changelog.html">Changelog</a></div>
</div> </nav>
<section id="introduction"> <section id="introduction">
<h1 id="introduction"><a href="#introduction">Documentation - GrapheneOS hardened_malloc</a></h1> <h1 id="introduction"><a href="#introduction">Documentation - GrapheneOS hardened_malloc</a></h1>
<p>This documentation contains instructions to use <p>This documentation contains instructions to use
@ -44,76 +41,65 @@
<p>This documentation is also available in portable AsciiDoc format in my <p>This documentation is also available in portable AsciiDoc format in my
<a href="https://src.inferencium.net/Inferencium/doc/src/branch/stable/security/hardened_malloc.adoc">documentation source code repository</a>. <a href="https://src.inferencium.net/Inferencium/doc/src/branch/stable/security/hardened_malloc.adoc">documentation source code repository</a>.
</section> </section>
<!-- Table of contents --> <nav id="toc">
<section id="toc"> <h2 id="toc"><a href="#toc">Table of Contents<a/></h2>
<h2 id="toc"><a href="#toc">Table of Contents<a/></h2> <ul>
<ul> <li><a href="#memory_pages">Increase Permitted Amount of Memory Pages</a></li>
<li><a href="#memory_pages">Increase Permitted Amount of Memory Pages</a></li> <li><a href="#clone_source_code">Clone hardened_malloc Source Code</a></li>
<li><a href="#clone_source_code">Clone hardened_malloc Source Code</a></li> <li><a href="#enter_local_repository">Enter hardened_malloc Local Git Repository</a></li>
<li><a href="#enter_local_repository">Enter hardened_malloc Local Git Repository</a></li> <li><a href="#compile">Compile hardened_malloc</a></li>
<li><a href="#compile">Compile hardened_malloc</a></li> <li><a href="#copy_library">Copy Compiled hardened_malloc Library</a></li>
<li><a href="#copy_library">Copy Compiled hardened_malloc Library</a></li> <li><a href="#preload_on_boot">Set System to Preload hardened_malloc on Boot</a></li>
<li><a href="#preload_on_boot">Set System to Preload hardened_malloc on Boot</a></li> </ul>
</ul> </nav>
</section> <section id="memory_pages">
<section id="memory_pages"> <h2 id="memory_pages"><a href="#memory_pages">Increase Permitted Amount of Memory Pages</a></h2>
<h2 id="memory_pages"><a href="#memory_pages">Increase Permitted Amount of Memory Pages</a></h2> <p>Add <code>vm.max_map_count = 1048576</code> to
<p>Add <code>vm.max_map_count = 1048576</code> to <code>/etc/sysctl.conf</code> to accommodate hardened_malloc's large amount of guard
<code>/etc/sysctl.conf</code> to accommodate hardened_malloc's large pages.</p>
amount of guard pages.</p> </section>
</section> <section id="clone_source_code">
<section id="clone_source_code"> <h2 id="clone_source_code"><a href="#clone_source_code">Clone hardened_malloc Source Code</a></h2>
<h2 id="clone_source_code"><a href="#clone_source_code">Clone hardened_malloc Source Code</a></h2> <p><code>$ git clone https://github.com/GrapheneOS/hardened_malloc.git</code></p>
<p><code>$ git clone https://github.com/GrapheneOS/hardened_malloc.git</code></p> </section>
</section> <section id="enter_local_repository">
<section id="enter_local_repository"> <h2 id="enter_local_repository"><a href="#enter_local_repository">Enter hardened_malloc Local Git Repository</a></h2>
<h2 id="enter_local_repository"><a href="#enter_local_repository">Enter hardened_malloc Local Git Repository</a></h2> <p><code>$ cd hardened_malloc/</code></p>
<p><code>$ cd hardened_malloc/</code></p> </section>
</section> <section id="compile">
<section id="compile"> <h2 id="compile"><a href="#compile">Compile hardened_malloc</a></h2>
<h2 id="compile"><a href="#compile">Compile hardened_malloc</a></h2> <p><p><code>$ make <var>&lt;arguments&gt;</var></code></p>
<p><p><code>$ make <var>&lt;arguments&gt;</var></code></p> <p><code>CONFIG_N_ARENA=<var>n</var></code> can be adjusted to increase parallel
<p><code>CONFIG_N_ARENA=<var>n</var></code> can be adjusted to increase performance at the expense of memory usage, or decrease memory usage at the expense of
parallel performance at the expense of memory usage, or decrease memory parallel performance, where <var>n</var> is an integer. Higher values prefer parallel
usage at the expense of parallel performance, where <var>n</var> is an performance, lower values prefer lower memory usage. The number of arenas has no impact
integer. Higher values prefer parallel performance, lower values prefer on the security properties of hardened_malloc.<br>
lower memory usage. The number of arenas has no impact on the security <b>Minimum number of arenas:</b> 1<br>
properties of hardened_malloc. <b>Maximum number of arenas:</b> 256</p>
<ul> <p>For extra security, <code>CONFIG_SEAL_METADATA=true</code> can be used in order to
<li>Minimum number of arenas: 1</li> control whether Memory Protection Keys are used to disable access to all writable
<li>Maximum number of arenas: 256</li> allocator state outside of the memory allocator code. It's currently disabled by default
</ul> due to a significant performance cost for this use case on current generation hardware.
<p>For extra security, <code>CONFIG_SEAL_METADATA=true</code> can be Whether or not this feature is enabled, the metadata is all contained within an isolated
used in order to control whether Memory Protection Keys are used to memory region with high entropy random guard regions around it.</p>
disable access to all writable allocator state outside of the memory <p>For low-memory systems, <code>VARIANT=light</code> can be used to compile the light
allocator code. It's currently disabled by default due to a significant variant of hardened_malloc, which sacrifices some security for much less memory
performance cost for this use case on current generation hardware. usage.</p>
Whether or not this feature is enabled, the metadata is all contained <p>For all compile-time options, see the
within an isolated memory region with high entropy random guard regions <a href="https://github.com/GrapheneOS/hardened_malloc#configuration">configuration section</a>
around it.</p> of hardened_malloc's extensive official documentation.</p>
<p>For low-memory systems, <code>VARIANT=light</code> can be used to </section>
compile the light variant of hardened_malloc, which sacrifices some <section id="copy_library">
security for much less memory usage.</p> <h2 id="copy_library"><a href="#copy_library">Copy Compiled hardened_malloc Library</a></h2>
<p>For all compile-time options, see the <p><code># cp out/libhardened_malloc.so <var>&lt;target path&gt;</var></code></p>
<a href="https://github.com/GrapheneOS/hardened_malloc#configuration">configuration section</a> </section>
of hardened_malloc's extensive official documentation.</p> <section id="preload_on_boot">
</section> <h2 id="preload_on_boot"><a href="#preload_on_boot">Set System to Preload hardened_malloc on Boot</a></h2>
<section id="copy_library"> <p><b>musl-based systems:</b> Add
<h2 id="copy_library"><a href="#copy_library">Copy Compiled hardened_malloc Library</a></h2> <code>export LD_PRELOAD="<var>&lt;hardened_malloc path&gt;</var>"</code> to
<p><code># cp out/libhardened_malloc.so <var>&lt;target path&gt;</var></code></p> <code>/etc/environment</code><br>
</section> <b>glibc-based systems:</b> Add <code><var>&lt;hardened_malloc path&gt;</var></code> to
<section id="preload_on_boot"> <code>/etc/ld.so.preload</code></p>
<h2 id="preload_on_boot"><a href="#preload_on_boot">Set System to Preload hardened_malloc on Boot</a></h2> </section>
<p>
<ul>
<li>musl-based systems: Add
<code>export LD_PRELOAD="<var>&lt;hardened_malloc path&gt;</var>"</code>
to <code>/etc/environment</code></li>
<li>glibc-based systems:
Add <code><var>&lt;hardened_malloc path&gt;</var></code> to
<code>/etc/ld.so.preload</code></li>
</ul>
</p>
</section>
</body> </body>
</html> </html>