From fcf83315dccd67cd9636f9ae08868104a420a3dd Mon Sep 17 00:00:00 2001
From: Pierre Schweitzer <pierre@reactos.org>
Date: Fri, 27 Apr 2018 10:23:06 +0200
Subject: [PATCH] [NTOSKRNL] Noisily dereference mapped VACB on cache release.

It seems that on process killing, some VACB may be deleted while
still mapped. With current reference counting, they will actually
not be deleted, but leaked, and an ASSERT will be triggered.

CORE-14578
---
 ntoskrnl/cc/view.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/ntoskrnl/cc/view.c b/ntoskrnl/cc/view.c
index bd2f4887d4c..081d881d15e 100644
--- a/ntoskrnl/cc/view.c
+++ b/ntoskrnl/cc/view.c
@@ -1106,6 +1106,12 @@ CcRosDeleteFileCache (
                 KeReleaseSpinLock(&SharedCacheMap->CacheMapLock, oldIrql);
                 DPRINT1("Freeing dirty VACB\n");
             }
+            if (current->MappedCount != 0)
+            {
+                current->MappedCount = 0;
+                NT_VERIFY(CcRosVacbDecRefCount(current) > 0);
+                DPRINT1("Freeing mapped VACB\n");
+            }
             InsertHeadList(&FreeList, &current->CacheMapVacbListEntry);
 
             KeAcquireSpinLock(&SharedCacheMap->CacheMapLock, &oldIrql);