From 092684e2bd31424c958ca3a9e88b7987b4c5555c Mon Sep 17 00:00:00 2001
From: Jeffrey Altman <jaltman@your-file-system.com>
Date: Thu, 4 Sep 2014 01:11:01 -0400
Subject: [PATCH] Windows: Prevent MDL leak on Cc*Mdl* failure

If CcMdlRead or CcPrepareMdlWrite fail, check the IoStatus.Information
field to see if any MDL pages have been locked.  If the Information
value is greater than zero, complete the Mdl operation to unlock the
pages.

Change-Id: Icb44e74e25b46c7976f3f418410364a90a723d91
Reviewed-on: http://gerrit.openafs.org/11442
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Peter Scott <pscott@kerneldrivers.com>
Reviewed-by: Jeffrey Altman <jaltman@your-file-system.com>
---
 src/WINNT/afsrdr/kernel/lib/AFSRead.cpp  | 17 +++++++++++++++--
 src/WINNT/afsrdr/kernel/lib/AFSWrite.cpp | 24 ++++++++++++++----------
 2 files changed, 29 insertions(+), 12 deletions(-)

diff --git a/src/WINNT/afsrdr/kernel/lib/AFSRead.cpp b/src/WINNT/afsrdr/kernel/lib/AFSRead.cpp
index 32575af3b..0ff6482e9 100644
--- a/src/WINNT/afsrdr/kernel/lib/AFSRead.cpp
+++ b/src/WINNT/afsrdr/kernel/lib/AFSRead.cpp
@@ -1374,7 +1374,8 @@ AFSCommonRead( IN PDEVICE_OBJECT DeviceObject,
                                ulByteCount,
                                &Irp->MdlAddress,
                                &Irp->IoStatus);
-                    ntStatus = Irp->IoStatus.Status;
+
+		    ntStatus = Irp->IoStatus.Status;
                 }
 		__except( EXCEPTION_EXECUTE_HANDLER)
                 {
@@ -1396,7 +1397,19 @@ AFSCommonRead( IN PDEVICE_OBJECT DeviceObject,
                                   Irp,
                                   ntStatus));
 
-                    try_return( ntStatus);
+		    if( Irp->IoStatus.Information > 0)
+		    {
+
+			CcMdlReadComplete(pFileObject, Irp->MdlAddress);
+
+			//
+			// Mdl is now Deallocated
+			//
+
+			Irp->MdlAddress = NULL;
+		    }
+
+		    try_return( ntStatus);
                 }
 
                 //
diff --git a/src/WINNT/afsrdr/kernel/lib/AFSWrite.cpp b/src/WINNT/afsrdr/kernel/lib/AFSWrite.cpp
index 57c38f469..c43ae2bd6 100644
--- a/src/WINNT/afsrdr/kernel/lib/AFSWrite.cpp
+++ b/src/WINNT/afsrdr/kernel/lib/AFSWrite.cpp
@@ -1870,21 +1870,25 @@ AFSCachedWrite( IN PDEVICE_OBJECT DeviceObject,
             if( !NT_SUCCESS( ntStatus))
             {
 
-                //
-                // Free up any potentially allocated mdl's
-                //
-
-                CcMdlWriteComplete( pFileObject,
-                                    &StartingByte,
-                                    Irp->MdlAddress);
-
-                Irp->MdlAddress = NULL;
-
                 AFSDbgTrace(( AFS_SUBSYSTEM_IO_PROCESSING,
                               AFS_TRACE_LEVEL_ERROR,
                               "AFSCachedWrite (%p) Failed to process MDL write Status %08lX\n",
                               Irp,
                               ntStatus));
+
+		if ( Irp->IoStatus.Information > 0)
+		{
+
+		    CcMdlWriteComplete( pFileObject,
+					&StartingByte,
+					Irp->MdlAddress);
+
+		    //
+		    // Mdl is now Deallocated
+		    //
+
+		    Irp->MdlAddress = NULL;
+		}
             }
 
             try_return( ntStatus);
-- 
2.39.5