[NTOSKRNL] Map the VACB in kernel space before inserting it in lists.

The avoids race conditions where attempts to read from disk to not fully initialized VACB were performed. Also, added more debug prints in such situations. CORE-14349
2025-04-05 21:21:33 +00:00 · 2018-04-08 18:45:38 +02:00 · 2018-04-08 18:45:38 +02:00 · 1b672981e2
commit 1b672981e2
parent 42df4683d7
2 changed files with 15 additions and 13 deletions
--- a/ntoskrnl/cc/copy.c
+++ b/ntoskrnl/cc/copy.c
@ -110,6 +110,7 @@ CcReadVirtualAddress (
    _SEH2_EXCEPT (EXCEPTION_EXECUTE_HANDLER)
    {
        Status = _SEH2_GetExceptionCode();
+        DPRINT1("MmProbeAndLockPages failed with: %lx for %p (%p, %p)\n", Status, Mdl, Vacb, Vacb->BaseAddress);
        KeBugCheck(CACHE_MANAGER);
    } _SEH2_END;

@ -186,6 +187,7 @@ CcWriteVirtualAddress (
    _SEH2_EXCEPT (EXCEPTION_EXECUTE_HANDLER)
    {
        Status = _SEH2_GetExceptionCode();
+        DPRINT1("MmProbeAndLockPages failed with: %lx for %p (%p, %p)\n", Status, Mdl, Vacb, Vacb->BaseAddress);
        KeBugCheck(CACHE_MANAGER);
    } _SEH2_END;

--- a/ntoskrnl/cc/view.c
+++ b/ntoskrnl/cc/view.c
@ -752,6 +752,17 @@ CcRosCreateVacb (
    InitializeListHead(&current->CacheMapVacbListEntry);
    InitializeListHead(&current->DirtyVacbListEntry);
    InitializeListHead(&current->VacbLruListEntry);
+
+    CcRosVacbIncRefCount(current);
+
+    Status = CcRosMapVacbInKernelSpace(current);
+    if (!NT_SUCCESS(Status))
+    {
+        CcRosVacbDecRefCount(current);
+        ExFreeToNPagedLookasideList(&VacbLookasideList, current);
+        return Status;
+    }
+
    CcRosAcquireVacbLock(current, NULL);
    KeAcquireGuardedMutex(&ViewLock);

@ -784,9 +795,10 @@ CcRosCreateVacb (
                        current);
            }
 #endif
+            CcRosVacbDecRefCount(*Vacb);
            CcRosReleaseVacbLock(*Vacb);
            KeReleaseGuardedMutex(&ViewLock);
-            ExFreeToNPagedLookasideList(&VacbLookasideList, *Vacb);
+            CcRosInternalFreeVacb(*Vacb);
            *Vacb = current;
            CcRosAcquireVacbLock(current, NULL);
            return STATUS_SUCCESS;
@ -813,7 +825,6 @@ CcRosCreateVacb (
    }
    KeReleaseSpinLock(&SharedCacheMap->CacheMapLock, oldIrql);
    InsertTailList(&VacbLruListHead, &current->VacbLruListEntry);
-    CcRosVacbIncRefCount(current);
    KeReleaseGuardedMutex(&ViewLock);

    MI_SET_USAGE(MI_USAGE_CACHE);
@ -838,17 +849,6 @@ CcRosCreateVacb (
    /* Reference it to allow release */
    CcRosVacbIncRefCount(current);

-    Status = CcRosMapVacbInKernelSpace(current);
-    if (!NT_SUCCESS(Status))
-    {
-        RemoveEntryList(&current->CacheMapVacbListEntry);
-        RemoveEntryList(&current->VacbLruListEntry);
-        CcRosReleaseVacb(SharedCacheMap, current, FALSE,
-                         FALSE, FALSE);
-        CcRosVacbDecRefCount(current);
-        ExFreeToNPagedLookasideList(&VacbLookasideList, current);
-    }
-
    return Status;
 }