Date: Wed, 29 Nov 2017 19:47:09 +0000 (UTC) From: Mark Johnston <markj@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r326371 - head/sys/vm Message-ID: <201711291947.vATJl9fI053389@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: markj Date: Wed Nov 29 19:47:09 2017 New Revision: 326371 URL: https://svnweb.freebsd.org/changeset/base/326371 Log: Verify the object/vnode association after vget() in vm_pageout_clean(). It's theoretically possible for the vnode and object to be disassociated while locks are dropped around the vget() call, in which case we shouldn't proceed with laundering. Noted and reviewed by: kib MFC after: 1 week Modified: head/sys/vm/vm_pageout.c Modified: head/sys/vm/vm_pageout.c ============================================================================== --- head/sys/vm/vm_pageout.c Wed Nov 29 18:21:17 2017 (r326370) +++ head/sys/vm/vm_pageout.c Wed Nov 29 19:47:09 2017 (r326371) @@ -647,7 +647,17 @@ vm_pageout_clean(vm_page_t m, int *numpagedout) goto unlock_mp; } VM_OBJECT_WLOCK(object); + + /* + * Ensure that the object and vnode were not disassociated + * while locks were dropped. + */ + if (vp->v_object != object) { + error = ENOENT; + goto unlock_all; + } vm_page_lock(m); + /* * While the object and page were unlocked, the page * may have been:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201711291947.vATJl9fI053389>