Inferencium/doc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
doc/security/hardened_malloc.adoc
inference e1e946211f
Improve wording.
2023-06-13 12:27:42 +01:00

1.4 KiB
Raw Blame History

GrapheneOS hardened_malloc

Version: 0.1.0.8

This documentation contains instructions to use GrapheneOS hardened_malloc memory allocator as the systems default memory allocator. These instructions apply to both musl and glibc C libraries on Unix-based and Unix-like systems.

Increase Permitted Amount of Memory Pages

Add vm.max_map_count = 1048576 to /etc/sysctl.conf to accommodate hardened_mallocs large amount of guard pages.

Clone hardened_malloc Source Code

Enter hardened_malloc Local Git Repository

cd hardened_malloc/

Compile hardened_malloc

make <arguments>

CONFIG_N_ARENA=n can be adjusted to increase parallel performance at the expense of memory usage, or decrease memory usage at the expense of parallel performance, where n is an integer; higher values prefer parallel performance, lower values prefer lower memory usage. For low-memory systems, VARIANT=light can be used to compile the light variant of hardened_malloc, which sacrifices some security for much less memory usage.

Copy Compiled hardened_malloc Library

cp out/libhardened_malloc.so <target_path>

Set System to Preload hardened_malloc on Boot

musl-based systems: Add export LD_PRELOAD="<hardened_malloc_path>" to /etc/environment

glibc-based systems: Add <hardened_malloc_path> to /etc/ld.so.preload