diff --git a/src/sys/driver.h b/src/sys/driver.h
index 737b5a98..74c90854 100644
--- a/src/sys/driver.h
+++ b/src/sys/driver.h
@@ -392,8 +392,7 @@ NTSTATUS FspCreateGuid(GUID *Guid);
 NTSTATUS FspSendSetInformationIrp(PDEVICE_OBJECT DeviceObject, PFILE_OBJECT FileObject,
     FILE_INFORMATION_CLASS FileInformationClass, PVOID FileInformation, ULONG Length);
 NTSTATUS FspBufferUserBuffer(PIRP Irp, ULONG Length, LOCK_OPERATION Operation);
-NTSTATUS FspLockUserBuffer(PVOID UserBuffer, ULONG Length,
-    KPROCESSOR_MODE RequestorMode, LOCK_OPERATION Operation, PMDL *PMdl);
+NTSTATUS FspLockUserBuffer(PIRP Irp, ULONG Length, LOCK_OPERATION Operation);
 NTSTATUS FspMapLockedPagesInUserMode(PMDL Mdl, PVOID *PAddress);
 NTSTATUS FspCcInitializeCacheMap(PFILE_OBJECT FileObject, PCC_FILE_SIZES FileSizes,
     BOOLEAN PinAccess, PCACHE_MANAGER_CALLBACKS Callbacks, PVOID CallbackContext);
diff --git a/src/sys/read.c b/src/sys/read.c
index 2cbc809a..278afd25 100644
--- a/src/sys/read.c
+++ b/src/sys/read.c
@@ -224,13 +224,9 @@ static NTSTATUS FspFsvolReadNonCached(
         return STATUS_END_OF_FILE;
 
     /* probe and lock the user buffer */
-    if (0 == Irp->MdlAddress)
-    {
-        Result = FspLockUserBuffer(Irp->UserBuffer, ReadLength,
-            Irp->RequestorMode, IoWriteAccess, &Irp->MdlAddress);
-        if (!NT_SUCCESS(Result))
-            return Result;
-    }
+    Result = FspLockUserBuffer(Irp, ReadLength, IoWriteAccess);
+    if (!NT_SUCCESS(Result))
+        return Result;
 
     /* acquire FileNode exclusive Full */
     Success = DEBUGTEST(90, TRUE) &&
diff --git a/src/sys/util.c b/src/sys/util.c
index f7fb6892..715ee266 100644
--- a/src/sys/util.c
+++ b/src/sys/util.c
@@ -14,8 +14,7 @@ NTSTATUS FspSendSetInformationIrp(PDEVICE_OBJECT DeviceObject, PFILE_OBJECT File
 static NTSTATUS FspSendSetInformationIrpCompletion(
     PDEVICE_OBJECT DeviceObject, PIRP Irp, PVOID Context0);
 NTSTATUS FspBufferUserBuffer(PIRP Irp, ULONG Length, LOCK_OPERATION Operation);
-NTSTATUS FspLockUserBuffer(PVOID UserBuffer, ULONG Length,
-    KPROCESSOR_MODE RequestorMode, LOCK_OPERATION Operation, PMDL *PMdl);
+NTSTATUS FspLockUserBuffer(PIRP Irp, ULONG Length, LOCK_OPERATION Operation);
 NTSTATUS FspMapLockedPagesInUserMode(PMDL Mdl, PVOID *PAddress);
 NTSTATUS FspCcInitializeCacheMap(PFILE_OBJECT FileObject, PCC_FILE_SIZES FileSizes,
     BOOLEAN PinAccess, PCACHE_MANAGER_CALLBACKS Callbacks, PVOID CallbackContext);
@@ -285,20 +284,20 @@ NTSTATUS FspBufferUserBuffer(PIRP Irp, ULONG Length, LOCK_OPERATION Operation)
     return STATUS_SUCCESS;
 }
 
-NTSTATUS FspLockUserBuffer(PVOID UserBuffer, ULONG Length,
-    KPROCESSOR_MODE RequestorMode, LOCK_OPERATION Operation, PMDL *PMdl)
+NTSTATUS FspLockUserBuffer(PIRP Irp, ULONG Length, LOCK_OPERATION Operation)
 {
     PAGED_CODE();
 
-    *PMdl = 0;
+    if (0 == Length || 0 != Irp->MdlAddress)
+        return STATUS_SUCCESS;
 
-    PMDL Mdl = IoAllocateMdl(UserBuffer, Length, FALSE, FALSE, 0);
+    PMDL Mdl = IoAllocateMdl(Irp->UserBuffer, Length, FALSE, FALSE, 0);
     if (0 == Mdl)
         return STATUS_INSUFFICIENT_RESOURCES;
 
     try
     {
-        MmProbeAndLockPages(Mdl, RequestorMode, Operation);
+        MmProbeAndLockPages(Mdl, Irp->RequestorMode, Operation);
     }
     except (EXCEPTION_EXECUTE_HANDLER)
     {
@@ -306,7 +305,8 @@ NTSTATUS FspLockUserBuffer(PVOID UserBuffer, ULONG Length,
         return GetExceptionCode();
     }
 
-    *PMdl = Mdl;
+    Irp->MdlAddress = Mdl;
+
     return STATUS_SUCCESS;
 }
 
diff --git a/src/sys/wq.c b/src/sys/wq.c
index 1e0a7f61..94aab6bf 100644
--- a/src/sys/wq.c
+++ b/src/sys/wq.c
@@ -20,14 +20,13 @@ NTSTATUS FspWqCreateAndPostIrpWorkItem(PIRP Irp,
 
         /* probe and lock the user buffer (if not an MDL request) */
         PIO_STACK_LOCATION IrpSp = IoGetCurrentIrpStackLocation(Irp);
-        if (0 == Irp->MdlAddress &&
-            (IRP_MJ_READ == IrpSp->MajorFunction || IRP_MJ_WRITE == IrpSp->MajorFunction) &&
+        if ((IRP_MJ_READ == IrpSp->MajorFunction || IRP_MJ_WRITE == IrpSp->MajorFunction) &&
             !FlagOn(IrpSp->MinorFunction, IRP_MN_MDL))
         {
-            Result = FspLockUserBuffer(Irp->UserBuffer, IrpSp->Parameters.Write.Length,
-                Irp->RequestorMode,
-                IRP_MJ_READ == IrpSp->MajorFunction ? IoWriteAccess : IoReadAccess,
-                &Irp->MdlAddress);
+            if (IRP_MJ_READ == IrpSp->MajorFunction)
+                Result = FspLockUserBuffer(Irp, IrpSp->Parameters.Read.Length, IoWriteAccess);
+            else
+                Result = FspLockUserBuffer(Irp, IrpSp->Parameters.Write.Length, IoReadAccess);
             if (!NT_SUCCESS(Result))
                 return Result;
         }
diff --git a/src/sys/write.c b/src/sys/write.c
index f62f8e3b..89d8fb0a 100644
--- a/src/sys/write.c
+++ b/src/sys/write.c
@@ -290,13 +290,9 @@ static NTSTATUS FspFsvolWriteNonCached(
     }
 
     /* probe and lock the user buffer */
-    if (0 == Irp->MdlAddress)
-    {
-        Result = FspLockUserBuffer(Irp->UserBuffer, WriteLength,
-            Irp->RequestorMode, IoReadAccess, &Irp->MdlAddress);
-        if (!NT_SUCCESS(Result))
-            return Result;
-    }
+    Result = FspLockUserBuffer(Irp, WriteLength, IoReadAccess);
+    if (!NT_SUCCESS(Result))
+        return Result;
 
     /* acquire FileNode exclusive Full */
     Success = DEBUGTEST(90, TRUE) &&