Update webpage "Documentation - hardened_malloc" from version "5.0.0" to "5.0.1"

2024-03-18 04:39:36 +00:00 · 2024-03-18 04:39:36 +00:00 · 634e1813e9
commit 634e1813e9
parent 6488377737
1 changed files with 115 additions and 123 deletions
--- a/documentation/hardened_malloc.xhtml
+++ b/documentation/hardened_malloc.xhtml
@ -1,7 +1,7 @@
 <!DOCTYPE html>

 <!-- Inferencium - Website - Documentation - hardened_malloc -->
-<!-- Version: 5.0.0 -->
+<!-- Version: 5.0.1 -->

 <!-- Copyright 2023 Jake Winters -->
 <!-- SPDX-License-Identifier: BSD-3-Clause -->
@ -34,14 +34,12 @@
 			<section id="introduction">
 				<p>This documentation contains instructions to use
 				<a href="https://github.com/GrapheneOS/hardened_malloc">hardened_malloc</a>
-										memory allocator as the system's default memory allocator. These instructions
-										apply to both musl and glibc C libraries on Unix-based and Unix-like
-										systems.</p>
-										<p>hardened_malloc can also be used per-application and/or per-user, in which
-										case root permissions are not required; this documentation focuses on
-										system-wide usage of hardened_malloc, assumes root privileges, and assumes the
-										compiled library will be located in a path readable and executable by all users
-										of the system.</p>
+				memory allocator as the system's default memory allocator. These instructions apply to both musl and
+				glibc C libraries on Unix-based and Unix-like systems.</p>
+				<p>hardened_malloc can also be used per-application and/or per-user, in which case root permissions are
+				not required; this documentation focuses on system-wide usage of hardened_malloc, assumes root
+				privileges, and assumes the compiled library will be located in a path readable and executable by all
+				users of the system.</p>
 				<p>For the complete hardened_malloc documentation, visit its
 				<a href="https://github.com/GrapheneOS/hardened_malloc#hardened_malloc">official documentation</a>.</p>
 				<p>This documentation is also available in portable AsciiDoc format in my
@ -60,9 +58,8 @@
 			</nav>
 			<section id="memory_pages">
 				<h2><a href="#memory_pages">Increase Permitted Amount of Memory Pages</a></h2>
-										<p>Add <code>vm.max_map_count = 1048576</code> to
-										<code>/etc/sysctl.conf</code> to accommodate hardened_malloc's large amount of
-										guard pages.</p>
+					<p>Add <code>vm.max_map_count = 1048576</code> to <code>/etc/sysctl.conf</code> to accommodate
+					hardened_malloc's large amount of guard pages.</p>
 			</section>
 			<section id="clone_source_code">
 				<h2><a href="#clone_source_code">Clone hardened_malloc Source Code</a></h2>
@ -75,13 +72,12 @@
 			<section id="compile">
 				<h2><a href="#compile">Compile hardened_malloc</a></h2>
 					<p><code>$ make <var>&lt;arguments&gt;</var></code></p>
-										<p><code>CONFIG_N_ARENA=<var>n</var></code> can be adjusted to increase parallel
-										performance at the expense of memory usage, or decrease memory usage at the
-										expense of parallel performance, where <code><var>n</var></code> is a
-										non-negative integer. Higher values prefer parallel performance, whereas lower
-										values prefer lower memory usage. Note that having too many arenas may cause
-										memory fragmentation and decrease system performance. The number of arenas has
-										no impact on the security properties of hardened_malloc.</p>
+					<p><code>CONFIG_N_ARENA=<var>n</var></code> can be adjusted to increase parallel performance at the
+					expense of memory usage, or decrease memory usage at the expense of parallel performance, where
+					<code><var>n</var></code> is a non-negative integer. Higher values prefer parallel performance,
+					whereas lower values prefer lower memory usage. Note that having too many arenas may cause memory
+					fragmentation and decrease system performance. The number of arenas has no impact on the security
+					properties of hardened_malloc.</p>
 						<table align="center">
 							<thead>
 								<tr>
@ -98,19 +94,17 @@
 								</tr>
 							</tbody>
 						</table>
-										<p>For extra security, <code>CONFIG_SEAL_METADATA=true</code> can be used in
-										order to control whether
+					<p>For extra security, <code>CONFIG_SEAL_METADATA=true</code> can be used in order to control
+					whether
 					<a href="https://www.kernel.org/doc/html/v6.7/core-api/protection-keys.html">Memory Protection Keys</a>
-										are used to disable access to all writable allocator state outside of the memory
-										allocator code. It's currently disabled by default due to a significant
-										performance cost for this use case on current-generation hardware. Whether or
-										not this feature is enabled, the metadata is all contained within an isolated
-										memory region with high-entropy random guard regions around it.</p>
-										<p>For low-memory systems, <code>VARIANT=light</code> can be used to compile the
-										light variant of hardened_malloc, which sacrifices some security for much less
-										memory usage. This option still produces a more hardened memory allocator than
-										both the default musl and glibc allocators, despite the security sacrifices over
-										the full variant.</p>
+					are used to disable access to all writable allocator state outside of the memory allocator code.
+					It's currently disabled by default due to a significant performance cost for this use case on
+					current-generation hardware. Whether or not this feature is enabled, the metadata is all contained
+					within an isolated memory region with high-entropy random guard regions around it.</p>
+					<p>For low-memory systems, <code>VARIANT=light</code> can be used to compile the light variant of
+					hardened_malloc, which sacrifices some security for much less memory usage. This option still
+					produces a more hardened memory allocator than both the default musl and glibc allocators, despite
+					the security sacrifices over the full variant.</p>
 					<p>For all compile-time options, see the
 					<a href="https://github.com/GrapheneOS/hardened_malloc#configuration">configuration section</a>
 					of hardened_malloc's extensive official documentation.</p>
@ -121,11 +115,9 @@
 			</section>
 			<section id="preload_on_boot">
 				<h2><a href="#preload_on_boot">Set System to Preload hardened_malloc on Boot</a></h2>
-										<p><b>musl-based systems:</b> Add
-										<code>LD_PRELOAD=<var>&lt;hardened_malloc path&gt;</var></code> to
+					<p><b>musl-based systems:</b> Add <code>LD_PRELOAD=<var>&lt;hardened_malloc path&gt;</var></code> to
 					<code>/etc/environment</code></p>
-										<p><b>glibc-based systems:</b> Add
-										<code><var>&lt;hardened_malloc path&gt;</var></code> to
+					<p><b>glibc-based systems:</b> Add <code><var>&lt;hardened_malloc path&gt;</var></code> to
 					<code>/etc/ld.so.preload</code></p>
 			</section>
 		<div class="sitemap-small"><a href="../sitemap.xhtml">Sitemap</a></div>