- Inferencium-
-
+
This documentation contains instructions to use @@ -44,76 +41,65 @@
This documentation is also available in portable AsciiDoc format in my documentation source code repository.
Add vm.max_map_count = 1048576 to
- /etc/sysctl.conf to accommodate hardened_malloc's large
- amount of guard pages.
$ git clone https://github.com/GrapheneOS/hardened_malloc.git
$ cd hardened_malloc/
$ make <arguments>
CONFIG_N_ARENA=n can be adjusted to increase
- parallel performance at the expense of memory usage, or decrease memory
- usage at the expense of parallel performance, where n is an
- integer. Higher values prefer parallel performance, lower values prefer
- lower memory usage. The number of arenas has no impact on the security
- properties of hardened_malloc.
-
For extra security, CONFIG_SEAL_METADATA=true can be
- used in order to control whether Memory Protection Keys are used to
- disable access to all writable allocator state outside of the memory
- allocator code. It's currently disabled by default due to a significant
- performance cost for this use case on current generation hardware.
- Whether or not this feature is enabled, the metadata is all contained
- within an isolated memory region with high entropy random guard regions
- around it.
For low-memory systems, VARIANT=light can be used to
- compile the light variant of hardened_malloc, which sacrifices some
- security for much less memory usage.
For all compile-time options, see the - configuration section - of hardened_malloc's extensive official documentation.
-# cp out/libhardened_malloc.so <target path>
-
export LD_PRELOAD="<hardened_malloc path>"
- to /etc/environment<hardened_malloc path> to
- /etc/ld.so.preloadAdd vm.max_map_count = 1048576 to
+ /etc/sysctl.conf to accommodate hardened_malloc's large amount of guard
+ pages.
$ git clone https://github.com/GrapheneOS/hardened_malloc.git
$ cd hardened_malloc/
$ make <arguments>
CONFIG_N_ARENA=n can be adjusted to increase parallel
+ performance at the expense of memory usage, or decrease memory usage at the expense of
+ parallel performance, where n is an integer. Higher values prefer parallel
+ performance, lower values prefer lower memory usage. The number of arenas has no impact
+ on the security properties of hardened_malloc.
+ Minimum number of arenas: 1
+ Maximum number of arenas: 256
For extra security, CONFIG_SEAL_METADATA=true can be used in order to
+ control whether Memory Protection Keys are used to disable access to all writable
+ allocator state outside of the memory allocator code. It's currently disabled by default
+ due to a significant performance cost for this use case on current generation hardware.
+ Whether or not this feature is enabled, the metadata is all contained within an isolated
+ memory region with high entropy random guard regions around it.
For low-memory systems, VARIANT=light can be used to compile the light
+ variant of hardened_malloc, which sacrifices some security for much less memory
+ usage.
For all compile-time options, see the + configuration section + of hardened_malloc's extensive official documentation.
+# cp out/libhardened_malloc.so <target path>
musl-based systems: Add
+ export LD_PRELOAD="<hardened_malloc path>" to
+ /etc/environment
+ glibc-based systems: Add <hardened_malloc path> to
+ /etc/ld.so.preload