From c2851a9b1caa420c2cdbd517617166990e3723c0 Mon Sep 17 00:00:00 2001 From: Chris Metcalf Date: Thu, 1 Dec 2011 12:51:05 -0500 Subject: [PATCH] arch/tile: fix double-free bug in homecache_free_pages() When freeing the page with this API, the page was "put" twice. This was only discovered bringing up an MPT fusion controller, which actually used the API; it hadn't been invoked previously, so the bug had gone unnoticed. Signed-off-by: Chris Metcalf --- arch/tile/mm/homecache.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/arch/tile/mm/homecache.c b/arch/tile/mm/homecache.c index cbe6f4f9eca3..1cc6ae477c98 100644 --- a/arch/tile/mm/homecache.c +++ b/arch/tile/mm/homecache.c @@ -449,9 +449,12 @@ void homecache_free_pages(unsigned long addr, unsigned int order) VM_BUG_ON(!virt_addr_valid((void *)addr)); page = virt_to_page((void *)addr); if (put_page_testzero(page)) { - int pages = (1 << order); homecache_change_page_home(page, order, initial_page_home()); - while (pages--) - __free_page(page++); + if (order == 0) { + free_hot_cold_page(page, 0); + } else { + init_page_count(page); + __free_pages(page, order); + } } } -- GitLab