This documentation contains instructions to use - GrapheneOS hardened_malloc - memory allocator as the system's default memory allocator. These instructions apply to - both musl and glibc C libraries on Unix-based and Unix-like systems. hardened_malloc can - also be used per-application and/or per-user, in which case root permissions are not - required; this documentation focuses on system-wide usage of hardened_malloc, assumes - root privileges, and assumes the compiled library will be located in a path readable by - all users of the system.
-For the complete hardened_malloc documentation, visit its - official documentation.
-This documentation is also available in portable AsciiDoc format in my - documentation source code repository
. -Add vm.max_map_count = 1048576 to
- /etc/sysctl.conf to accommodate hardened_malloc's large amount of guard
- pages.
$ git clone https://github.com/GrapheneOS/hardened_malloc.git
$ cd hardened_malloc/
$ make <arguments>
CONFIG_N_ARENA=n can be adjusted to increase parallel
- performance at the expense of memory usage, or decrease memory usage at the expense of
- parallel performance, where n is an integer. Higher values prefer parallel
- performance, lower values prefer lower memory usage. The number of arenas has no impact
- on the security properties of hardened_malloc.
- Minimum number of arenas: 1
- Maximum number of arenas: 256
For extra security, CONFIG_SEAL_METADATA=true can be used in order to
- control whether Memory Protection Keys are used to disable access to all writable
- allocator state outside of the memory allocator code. It's currently disabled by default
- due to a significant performance cost for this use case on current generation hardware.
- Whether or not this feature is enabled, the metadata is all contained within an isolated
- memory region with high entropy random guard regions around it.
For low-memory systems, VARIANT=light can be used to compile the light
- variant of hardened_malloc, which sacrifices some security for much less memory
- usage.
For all compile-time options, see the - configuration section - of hardened_malloc's extensive official documentation.
-# cp out/libhardened_malloc.so <target path>
musl-based systems: Add
- export LD_PRELOAD="<hardened_malloc path>" to
- /etc/environment
glibc-based systems: Add <hardened_malloc path> to
- /etc/ld.so.preload
This documentation contains instructions to use + hardened_malloc + memory allocator as the system's default memory allocator. These instructions + apply to both musl and glibc C libraries on Unix-based and Unix-like + systems.
+hardened_malloc can also be used per-application and/or per-user, in which + case root permissions are not required; this documentation focuses on + system-wide usage of hardened_malloc, assumes root privileges, and assumes the + compiled library will be located in a path readable and executable by all users + of the system.
+For the complete hardened_malloc documentation, visit its + official documentation.
+This documentation is also available in portable AsciiDoc format in my + documentation source code repository.
+Add vm.max_map_count = 1048576 to
+ /etc/sysctl.conf to accommodate hardened_malloc's large amount of
+ guard pages.
$ git clone https://github.com/GrapheneOS/hardened_malloc.git
$ cd hardened_malloc/
$ make <arguments>
CONFIG_N_ARENA=n can be adjusted to increase parallel
+ performance at the expense of memory usage, or decrease memory usage at the
+ expense of parallel performance, where n is a
+ non-negative integer. Higher values prefer parallel performance, whereas lower
+ values prefer lower memory usage. Note that having too many arenas may cause
+ memory fragmentation and decrease system performance. The number of arenas has
+ no impact on the security properties of hardened_malloc.
| Minimum | +Maximum | +Default | +
|---|---|---|
| 1 | +256 | +4 | +
For extra security, CONFIG_SEAL_METADATA=true can be used in
+ order to control whether
+ Memory Protection Keys
+ are used to disable access to all writable allocator state outside of the memory
+ allocator code. It's currently disabled by default due to a significant
+ performance cost for this use case on current-generation hardware. Whether or
+ not this feature is enabled, the metadata is all contained within an isolated
+ memory region with high-entropy random guard regions around it.
For low-memory systems, VARIANT=light can be used to compile the
+ light variant of hardened_malloc, which sacrifices some security for much less
+ memory usage. This option still produces a more hardened memory allocator than
+ both the default musl and glibc allocators, despite the security sacrifices over
+ the full variant.
For all compile-time options, see the + configuration section + of hardened_malloc's extensive official documentation.
+# cp out/libhardened_malloc.so <target path>
musl-based systems: Add
+ LD_PRELOAD=<hardened_malloc path> to
+ /etc/environment
glibc-based systems: Add
+ <hardened_malloc path> to
+ /etc/ld.so.preload