redzone_start = round_up((unsigned long)(ptr + size),
KASAN_SHADOW_SCALE_SIZE);
redzone_end = (unsigned long)ptr + (PAGE_SIZE << compound_order(page));
+#ifdef CONFIG_AMLOGIC_MEMORY_EXTEND
+ if (PageOwnerPriv1(page)) { /* end of this page was freed */
+ redzone_end = (unsigned long)ptr + PAGE_ALIGN(size);
+ }
+#endif
kasan_unpoison_shadow(ptr, size);
kasan_poison_shadow((void *)redzone_start, redzone_end - redzone_start,
}
}
+#if defined(CONFIG_AMLOGIC_MEMORY_EXTEND) && defined(CONFIG_KASAN)
+ /*
+ * always put freed page to tail of buddy system, in
+ * order to increase probability of use-after-free
+ * for KASAN check.
+ */
+ list_add_tail(&page->lru,
+ &zone->free_area[order].free_list[migratetype]);
+#else
list_add(&page->lru, &zone->free_area[order].free_list[migratetype]);
+#endif
out:
zone->free_area[order].nr_free++;
#ifdef CONFIG_AMLOGIC_MEMORY_EXTEND
}
pcp = &this_cpu_ptr(zone->pageset)->pcp;
+#if defined(CONFIG_AMLOGIC_MEMORY_EXTEND) && defined(CONFIG_KASAN)
+ /*
+ * always put freed page to tail of buddy system, in
+ * order to increase probability of use-after-free
+ * for KASAN check.
+ */
+ list_add_tail(&page->lru, &pcp->lists[migratetype]);
+#else
if (!cold)
list_add(&page->lru, &pcp->lists[migratetype]);
else
list_add_tail(&page->lru, &pcp->lists[migratetype]);
+#endif
pcp->count++;
if (pcp->count >= pcp->high) {
unsigned long batch = READ_ONCE(pcp->batch);
__func__, page_address(page), nr_pages, obj);
for (i = 0; i < nr_pages; i++) {
__free_pages(page, 0);
- kasan_free_pages(page, 0);
page++;
}
}
projects / GitHub / LineageOS / G12 / android_kernel_amlogic_linux-4.9.git / commitdiff