arch/tile: fix double-free bug in homecache_free_pages()

When freeing the page with this API, the page was "put" twice.
This was only discovered bringing up an MPT fusion controller, which
actually used the API; it hadn't been invoked previously, so the bug
had gone unnoticed.

Signed-off-by: Chris Metcalf <cmetcalf@tilera.com>

arch/tile/mm/homecache.c

@@ -449,9 +449,12 @@ void homecache_free_pages(unsigned long addr, unsigned int order)
 	VM_BUG_ON(!virt_addr_valid((void *)addr));
 	page = virt_to_page((void *)addr);
 	if (put_page_testzero(page)) {
-		int pages = (1 << order);
 		homecache_change_page_home(page, order, initial_page_home());
-		while (pages--)
-			__free_page(page++);
+		if (order == 0) {
+			free_hot_cold_page(page, 0);
+		} else {
+			init_page_count(page);
+			__free_pages(page, order);
+		}
 	}
 }