RtlZeroMemory() doesn't write to read-only memory because MdlMappingNoWrite isn't specified.
Reading with FltReadFile() without the FLTFL_IO_OPERATION_PAGING looks strange, but is unlikely to have caused current problem.
-
What does your driver do besides redirecting paging reads?
-
What is meant by "record which files are dirty"?
-
Maybe you create sections?
-
Do you manage access sharing in CREATE callbacks?
-
Do you interact directly with the Cc or Mm API?
-
Do I understand correctly that we are talking about
PrismFsCore.sys? -
Have you tried running it with the driver verifier and filter verifier?
It would be great if you could reproduce the issue and attach a full kernel dump (not only automatic/kernel bitmap file).