From: Jeffrey Altman <jaltman@your-file-system.com>
Date: Thu, 4 Sep 2014 05:11:01 +0000 (-0400)
Subject: Windows: Prevent MDL leak on Cc*Mdl* failure
X-Git-Tag: upstream/1.8.0_pre1^2~581
X-Git-Url: https://git.michaelhowe.org/gitweb/?a=commitdiff_plain;h=092684e2bd31424c958ca3a9e88b7987b4c5555c;p=packages%2Fo%2Fopenafs.git

Windows: Prevent MDL leak on Cc*Mdl* failure

If CcMdlRead or CcPrepareMdlWrite fail, check the IoStatus.Information
field to see if any MDL pages have been locked.  If the Information
value is greater than zero, complete the Mdl operation to unlock the
pages.

Change-Id: Icb44e74e25b46c7976f3f418410364a90a723d91
Reviewed-on: http://gerrit.openafs.org/11442
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Peter Scott <pscott@kerneldrivers.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
---

diff --git a/src/WINNT/afsrdr/kernel/lib/AFSRead.cpp b/src/WINNT/afsrdr/kernel/lib/AFSRead.cpp
index 32575af3b..0ff6482e9 100644
--- a/src/WINNT/afsrdr/kernel/lib/AFSRead.cpp
+++ b/src/WINNT/afsrdr/kernel/lib/AFSRead.cpp
@@ -1374,7 +1374,8 @@ AFSCommonRead( IN PDEVICE_OBJECT DeviceObject,
                                ulByteCount,
                                &Irp->MdlAddress,
                                &Irp->IoStatus);
-                    ntStatus = Irp->IoStatus.Status;
+
+		    ntStatus = Irp->IoStatus.Status;
                 }
 		__except( EXCEPTION_EXECUTE_HANDLER)
                 {
@@ -1396,7 +1397,19 @@ AFSCommonRead( IN PDEVICE_OBJECT DeviceObject,
                                   Irp,
                                   ntStatus));
 
-                    try_return( ntStatus);
+		    if( Irp->IoStatus.Information > 0)
+		    {
+
+			CcMdlReadComplete(pFileObject, Irp->MdlAddress);
+
+			//
+			// Mdl is now Deallocated
+			//
+
+			Irp->MdlAddress = NULL;
+		    }
+
+		    try_return( ntStatus);
                 }
 
                 //
diff --git a/src/WINNT/afsrdr/kernel/lib/AFSWrite.cpp b/src/WINNT/afsrdr/kernel/lib/AFSWrite.cpp
index 57c38f469..c43ae2bd6 100644
--- a/src/WINNT/afsrdr/kernel/lib/AFSWrite.cpp
+++ b/src/WINNT/afsrdr/kernel/lib/AFSWrite.cpp
@@ -1870,21 +1870,25 @@ AFSCachedWrite( IN PDEVICE_OBJECT DeviceObject,
             if( !NT_SUCCESS( ntStatus))
             {
 
-                //
-                // Free up any potentially allocated mdl's
-                //
-
-                CcMdlWriteComplete( pFileObject,
-                                    &StartingByte,
-                                    Irp->MdlAddress);
-
-                Irp->MdlAddress = NULL;
-
                 AFSDbgTrace(( AFS_SUBSYSTEM_IO_PROCESSING,
                               AFS_TRACE_LEVEL_ERROR,
                               "AFSCachedWrite (%p) Failed to process MDL write Status %08lX\n",
                               Irp,
                               ntStatus));
+
+		if ( Irp->IoStatus.Information > 0)
+		{
+
+		    CcMdlWriteComplete( pFileObject,
+					&StartingByte,
+					Irp->MdlAddress);
+
+		    //
+		    // Mdl is now Deallocated
+		    //
+
+		    Irp->MdlAddress = NULL;
+		}
             }
 
             try_return( ntStatus);