From 8ed8682256628ec7bc69fb92a1645a157aae0d20 Mon Sep 17 00:00:00 2001
From: Oleg Dubinskiy <oleg.dubinskij30@gmail.com>
Date: Wed, 20 Nov 2024 16:47:32 +0100
Subject: [PATCH] [NTOS:FSRTL] FsRtlAcquireFileExclusiveCommon: don't return
 before acquiring a file resource, except special cases (#7273)

Don't return before file object's resource is acquired in FsRtlAcquireFileExclusiveCommon, except some special return cases, when return is required. Based on hpoussin_filter_extra.patch by Herve Poussineau (@hpoussin) with improved comment, which matches the actual behaviour now.
This is required by fltmgr.sys driver from Windows XP/Server 2003 to work correctly, so this change fixes asserts/exceptions when releasing the file via FsRtlReleaseFile after acquiring, when using 3rd party filter drivers from several antivirus programs (e. g., Avast Free Antivirus all versions, AVG Antivirus Free 18.8, Avira AntiVir Personal 8.2, Dr. Web Security Space 8.0, Kaspersky Antivirus 2012 etc. etc.).
CORE-14157, CORE-14635, CORE-19318
---
 ntoskrnl/fsrtl/fastio.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/ntoskrnl/fsrtl/fastio.c b/ntoskrnl/fsrtl/fastio.c
index 8e19b2d77a9..03b07d95b51 100644
--- a/ntoskrnl/fsrtl/fastio.c
+++ b/ntoskrnl/fsrtl/fastio.c
@@ -1605,7 +1605,13 @@ FsRtlAcquireFileExclusiveCommon(IN PFILE_OBJECT FileObject,
             FilterCallbacks->PostAcquireForSectionSynchronization(&CbData, Status, CompletionContext);
         }
 
-        return Status;
+        /* Return here when the status is based on the synchonization type and write access to the file */
+        if (Status == STATUS_FSFILTER_OP_COMPLETED_SUCCESSFULLY ||
+            Status == STATUS_FILE_LOCKED_WITH_ONLY_READERS ||
+            Status == STATUS_FILE_LOCKED_WITH_WRITERS)
+        {
+            return Status;
+        }
     }
 
     FastDispatch = DeviceObject->DriverObject->FastIoDispatch;