+int
+veriexec_block_verify(struct vnode *vp, struct vm_page **pps,
+    voff_t offset, int npages)

what's "block"?

+{
+	error = VOP_GETATTR(vp, &va, curlwp->l_proc->p_ucred,
+	    curlwp->l_proc);

VOP_GETATTR with holding pages busy is not safe with
the current implementation of nfs client.

> +			  /*
> +			   * On error, release all the pages requested,
> +			   * the page in may have worked but we are not
> +			   * interested if the fingerprinting fails.
> +			   */
> +			simple_lock(&uobj->vmobjlock); /* XXX needed ? */
> +			for (i = 0; i < npages; i++) {
> +				if (pps[i] == NULL) {
> +					continue;
> +				}
> +				UVMHIST_LOG(ubchist, "veriexec examining pg %p"
> +					    "flags 0x%x",
> +					    pps[i], pps[i]->flags, 0,0);
> +				if (pps[i]->flags & PG_FAKE) {
> +					pps[i]->flags |= PG_RELEASED;
> +				}
> +			}

i don't think that pages can be PG_FAKE here.

> @@ -299,6 +303,12 @@
>  	UVMHIST_LOG(ubchist, "vp %p off 0x%x", vp, (int)offset, 0,0);
>  	error = VOP_GETPAGES(vp, offset, pps, npagesp, centeridx,
>  			     access_type, advice, flags);
> +
> +#ifdef VERIFIED_EXEC
> +	if ((!error) && !(flags & PGO_LOCKED))
> +		error = veriexec_block_verify(vp, pps, offset, *npagesp);
> +#endif /* VERIFIED_EXEC */
> +
>  	return error;
>  }

async VOP_GETPAGES doesn't return pages.

which is your intention?
	- check pages when it's read in.
	- check pages when it's faulted.
	- both of the above.
	- something else?

YAMAMOTO Takashi