[filesys/miniFilter/delete]: Potential FLT_CONTEXT leak issue

[EmmettTsai]

Which is the area where the sample lives?

/filesys/miniFilter/

Describe the issue

I set the StartType to 1 (SERVICE_SYSTEM_START). After installing the sample driver and rebooting the system:

In DfPostCreateCallback, if Data->Iopb->TargetFileObject->FileName is "\pagefile.sys" or "\swapfile.sys", the call to DfGetOrSetContext returns error 0xC00000BB (STATUS_NOT_SUPPORTED).

In this scenario, FltReleaseContext is not called to release the streamContext in either DfPostCreateCallback or DfGetOrSetContext. This causes the driver to fail to unload properly.

Checking with the WinDbg command !fltkd.filter <addr> 8 1 shows that two FLT_CONTEXT references remain unreleased:

   Object usage/reference information: 
      References to FLT_CONTEXT                : 2 
      Allocations of FLT_CALLBACK_DATA         : 0 
      Allocations of FLT_DEFERRED_IO_WORKITEM  : 0 
      Allocations of FLT_GENERIC_WORKITEM      : 0 
      References to FLT_FILE_NAME_INFORMATION  : 0 
      Open files                               : 0 
      References to FLT_OBJECT                 : 0 
   List of objects used/referenced:: 
      FLT_VERIFIER_OBJECT: ffffb289c1607b90 
         Object: ffffe688e6d6d620  Type: FLT_CONTEXT  RefCount: 00000001
      FLT_VERIFIER_OBJECT: ffffb289c16072f0 
         Object: ffffe688e6d6f4c0  Type: FLT_CONTEXT  RefCount: 00000001

Relevant code locations:
delete.inf#L95
delete.c#L2716
delete.c#L1241
delete.c#L2742