Merge "arm64: update the "minimum maximum" comment." into main am: cc8d909ccb am: be175c3af6 am: 272351cefd
Original change: https://android-review.googlesource.com/c/platform/system/core/+/2755786
Change-Id: Id485072b607cc3aaee0eb5aa0ac6cd2d0242f323
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
diff --git a/init/security.cpp b/init/security.cpp
index 445286a..0c73fae 100644
--- a/init/security.cpp
+++ b/init/security.cpp
@@ -106,13 +106,9 @@
// uml does not support mmap_rnd_bits
return {};
#elif defined(__aarch64__)
- // arm64 architecture supports 18 - 33 rnd bits depending on pagesize and
- // VA_SIZE. However the kernel might have been compiled with a narrower
- // range using CONFIG_ARCH_MMAP_RND_BITS_MIN/MAX. To use the maximum
- // supported number of bits, we start from the theoretical maximum of 33
- // bits and try smaller values until we reach 24 bits which is the
- // Android-specific minimum. Don't go lower even if the configured maximum
- // is smaller than 24.
+ // arm64 supports 14 - 33 rnd bits depending on page size and ARM64_VA_BITS.
+ // The kernel (6.5) still defaults to 39 va bits for 4KiB pages, so shipping
+ // devices are only getting 24 bits of randomness in practice.
if (SetMmapRndBitsMin(33, 24, false) && (!Has32BitAbi() || SetMmapRndBitsMin(16, 16, true))) {
return {};
}