Verify the object/vnode association after vget() in vm_pageout_clean().

It's theoretically possible for the vnode and object to be disassociated while locks are dropped around the vget() call, in which case we shouldn't proceed with laundering. Noted and reviewed by: kib MFC after: 1 week
2017-11-29 19:47:09 +00:00 · 2017-11-29 19:47:09 +00:00 · 40d9c0da1e
commit 40d9c0da1e
parent 23eaeecabf
1 changed files with 10 additions and 0 deletions
--- a/sys/vm/vm_pageout.c
+++ b/sys/vm/vm_pageout.c
@ -647,7 +647,17 @@ vm_pageout_clean(vm_page_t m, int *numpagedout)
 			goto unlock_mp;
 		}
 		VM_OBJECT_WLOCK(object);
+
+		/*
+		 * Ensure that the object and vnode were not disassociated
+		 * while locks were dropped.
+		 */
+		if (vp->v_object != object) {
+			error = ENOENT;
+			goto unlock_all;
+		}
 		vm_page_lock(m);
+
 		/*
 		 * While the object and page were unlocked, the page
 		 * may have been: