From: Chris Metcalf <cmetcalf@tilera.com>
Date: Thu, 1 Dec 2011 17:51:05 +0000 (-0500)
Subject: arch/tile: fix double-free bug in homecache_free_pages()
X-Git-Tag: firefly_0821_release~3680^2~3967^2~3
X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=c2851a9b1caa420c2cdbd517617166990e3723c0;p=firefly-linux-kernel-4.4.55.git

arch/tile: fix double-free bug in homecache_free_pages()

When freeing the page with this API, the page was "put" twice.
This was only discovered bringing up an MPT fusion controller, which
actually used the API; it hadn't been invoked previously, so the bug
had gone unnoticed.

Signed-off-by: Chris Metcalf <cmetcalf@tilera.com>
---

diff --git a/arch/tile/mm/homecache.c b/arch/tile/mm/homecache.c
index cbe6f4f9eca3..1cc6ae477c98 100644
--- a/arch/tile/mm/homecache.c
+++ b/arch/tile/mm/homecache.c
@@ -449,9 +449,12 @@ void homecache_free_pages(unsigned long addr, unsigned int order)
 	VM_BUG_ON(!virt_addr_valid((void *)addr));
 	page = virt_to_page((void *)addr);
 	if (put_page_testzero(page)) {
-		int pages = (1 << order);
 		homecache_change_page_home(page, order, initial_page_home());
-		while (pages--)
-			__free_page(page++);
+		if (order == 0) {
+			free_hot_cold_page(page, 0);
+		} else {
+			init_page_count(page);
+			__free_pages(page, order);
+		}
 	}
 }