Windows Driver: Make max work items count configurable. Increase default to 1024. Queue write IRPs.

- Made the maximum work items count configurable to allow flexibility based on system needs. - Increased the default value of max work items count to 1024 to better handle high-throughput scenarios. - Queue write IRPs in system worker thread to avoid potential deadlocks in write scenarios.
author: Mounir IDRASSI <mounir.idrassi@idrix.fr> 2024-11-23 17:44:48 +0100
committer: Mounir IDRASSI <mounir.idrassi@idrix.fr> 2024-11-23 17:44:48 +0100
commit: 453ff2880e1e59e1471d3f16804315879128ce46 (patch)
tree: 9c7a143d1f5ff91d12e41718d562a430ef6f0e73
parent: 5a85c54c6ef556b96cc1ed844620a4ccee1b7837 (diff)
download: VeraCrypt-453ff2880e1e59e1471d3f16804315879128ce46.tar.gz
VeraCrypt-453ff2880e1e59e1471d3f16804315879128ce46.zip
5 files changed, 56 insertions, 38 deletions
diff --git a/src/Common/Apidrvr.h b/src/Common/Apidrvr.h
index 04d69c05..955286da 100644
--- a/src/Common/Apidrvr.h
+++ b/src/Common/Apidrvr.h
@@ -395,8 +395,9 @@ typedef struct
 {
 	int EncryptionIoRequestCount;
 	int EncryptionItemCount;
 	int EncryptionFragmentSize;
+	int EncryptionMaxWorkItems;
 } EncryptionQueueParameters;
 
 #pragma pack (pop)
 
@@ -417,8 +418,9 @@ typedef struct
 
 #define VC_ENCRYPTION_IO_REQUEST_COUNT DRIVER_STR("VeraCryptEncryptionIoRequestCount")
 #define VC_ENCRYPTION_ITEM_COUNT DRIVER_STR("VeraCryptEncryptionItemCount")
 #define VC_ENCRYPTION_FRAGMENT_SIZE DRIVER_STR("VeraCryptEncryptionFragmentSize")
+#define VC_ENCRYPTION_MAX_WORK_ITEMS DRIVER_STR("VeraCryptEncryptionMaxWorkItems")
 
 #define VC_ERASE_KEYS_SHUTDOWN DRIVER_STR("VeraCryptEraseKeysShutdown")
 
 #define VC_ENABLE_MEMORY_PROTECTION DRIVER_STR("VeraCryptEnableMemoryProtection")
diff --git a/src/Driver/EncryptedIoQueue.c b/src/Driver/EncryptedIoQueue.c
index d68c3f09..91399c47 100644
--- a/src/Driver/EncryptedIoQueue.c
+++ b/src/Driver/EncryptedIoQueue.c
@@ -302,10 +302,45 @@ static VOID CompleteIrpWorkItemRoutine(PDEVICE_OBJECT DeviceObject, PVOID Contex
 		ReleasePoolBuffer(queue, item);
 	}
 }
 
+// Handles the completion of the original IRP.
+static VOID HandleCompleteOriginalIrp(EncryptedIoQueue* queue, EncryptedIoRequest* request)
+{
+	NTSTATUS status = KeWaitForSingleObject(&queue->WorkItemSemaphore, Executive, KernelMode, FALSE, NULL);
+	if (queue->ThreadExitRequested)
+		return;
+
+	if (!NT_SUCCESS(status))
+	{
+		// Handle wait failure: we call the completion routine directly. 
+		// This is not ideal since it can cause deadlock that we are trying to fix but it is better than losing the IRP.
+		CompleteOriginalIrp(request->Item, STATUS_INSUFFICIENT_RESOURCES, 0);
+	}
+	else
+	{
+		// Obtain a work item from the free list.
+		KIRQL oldIrql;
+		KeAcquireSpinLock(&queue->WorkItemLock, &oldIrql);
+		PLIST_ENTRY freeEntry = RemoveHeadList(&queue->FreeWorkItemsList);
+		KeReleaseSpinLock(&queue->WorkItemLock, oldIrql);
 
+		PCOMPLETE_IRP_WORK_ITEM workItem = CONTAINING_RECORD(freeEntry, COMPLETE_IRP_WORK_ITEM, ListEntry);
+
+		// Increment ActiveWorkItems.
+		InterlockedIncrement(&queue->ActiveWorkItems);
+		KeResetEvent(&queue->NoActiveWorkItemsEvent);
 
+		// Prepare the work item.
+		workItem->Irp = request->Item->OriginalIrp;
+		workItem->Status = request->Item->Status;
+		workItem->Information = NT_SUCCESS(request->Item->Status) ? request->Item->OriginalLength : 0;
+		workItem->Item = request->Item;
+
+		// Queue the work item.
+		IoQueueWorkItem(workItem->WorkItem, CompleteIrpWorkItemRoutine, DelayedWorkQueue, workItem);
+	}
+}
 
 static VOID CompletionThreadProc(PVOID threadArg)
 {
 	EncryptedIoQueue* queue = (EncryptedIoQueue*)threadArg;
@@ -347,41 +382,9 @@ static VOID CompletionThreadProc(PVOID threadArg)
 			}
 
 			if (request->CompleteOriginalIrp)
 			{
-				// Wait for a work item to become available
-				NTSTATUS status = KeWaitForSingleObject(&queue->WorkItemSemaphore, Executive, KernelMode, FALSE, NULL);
-				if (queue->ThreadExitRequested)
-					break;
-				if (!NT_SUCCESS(status))
-				{
-					// Handle wait failure: we call the completion routine directly. 
-					// This is not ideal since it can cause deadlock that we are trying to fix but it is better than losing the IRP.
-					CompleteOriginalIrp(request->Item, STATUS_INSUFFICIENT_RESOURCES, 0);
-				}
-				else
-				{
-					// Obtain a work item from the free list
-					KIRQL oldIrql;
-					KeAcquireSpinLock(&queue->WorkItemLock, &oldIrql);
-					PLIST_ENTRY freeEntry = RemoveHeadList(&queue->FreeWorkItemsList);
-					KeReleaseSpinLock(&queue->WorkItemLock, oldIrql);
-
-					PCOMPLETE_IRP_WORK_ITEM workItem = CONTAINING_RECORD(freeEntry, COMPLETE_IRP_WORK_ITEM, ListEntry);
-
-					// Increment ActiveWorkItems
-					InterlockedIncrement(&queue->ActiveWorkItems);
-					KeResetEvent(&queue->NoActiveWorkItemsEvent);
-
-					// Prepare the work item
-					workItem->Irp = request->Item->OriginalIrp;
-					workItem->Status = request->Item->Status;
-					workItem->Information = NT_SUCCESS(request->Item->Status) ? request->Item->OriginalLength : 0;
-					workItem->Item = request->Item;
-
-					// Queue the work item
-					IoQueueWorkItem(workItem->WorkItem, CompleteIrpWorkItemRoutine, DelayedWorkQueue, workItem);
-				}
+				HandleCompleteOriginalIrp(queue, request);
 			}
 
 			ReleasePoolBuffer(queue, request);
 		}
@@ -540,10 +543,9 @@ static VOID IoThreadProc (PVOID threadArg)
 				ReleaseFragmentBuffer (queue, request->Data);
 
 				if (request->CompleteOriginalIrp)
 				{
-					CompleteOriginalIrp (request->Item, request->Item->Status,
-						NT_SUCCESS (request->Item->Status) ? request->Item->OriginalLength : 0);
+					HandleCompleteOriginalIrp(queue, request);
 				}
 
 				ReleasePoolBuffer (queue, request);
 			}
@@ -1147,12 +1149,12 @@ retry_preallocated:
 	}
 
 	// Initialize the free work item list
 	InitializeListHead(&queue->FreeWorkItemsList);
-	KeInitializeSemaphore(&queue->WorkItemSemaphore, VC_MAX_WORK_ITEMS, VC_MAX_WORK_ITEMS);
+	KeInitializeSemaphore(&queue->WorkItemSemaphore, EncryptionMaxWorkItems, EncryptionMaxWorkItems);
 	KeInitializeSpinLock(&queue->WorkItemLock);
 
-	queue->MaxWorkItems = VC_MAX_WORK_ITEMS;
+	queue->MaxWorkItems = EncryptionMaxWorkItems;
 	queue->WorkItemPool = (PCOMPLETE_IRP_WORK_ITEM)TCalloc(sizeof(COMPLETE_IRP_WORK_ITEM) * queue->MaxWorkItems);
 	if (!queue->WorkItemPool)
 	{
 		goto noMemory;
diff --git a/src/Driver/EncryptedIoQueue.h b/src/Driver/EncryptedIoQueue.h
index 2e7439f8..3738065a 100644
--- a/src/Driver/EncryptedIoQueue.h
+++ b/src/Driver/EncryptedIoQueue.h
@@ -25,9 +25,9 @@
 #define TC_ENC_IO_QUEUE_PREALLOCATED_ITEM_COUNT 8
 #define TC_ENC_IO_QUEUE_PREALLOCATED_IO_REQUEST_COUNT 16
 #define TC_ENC_IO_QUEUE_PREALLOCATED_IO_REQUEST_MAX_COUNT 8192
 
-#define VC_MAX_WORK_ITEMS 256 
+#define VC_MAX_WORK_ITEMS 1024 
 
 typedef struct EncryptedIoQueueBufferStruct
 {
 	struct EncryptedIoQueueBufferStruct *NextBuffer;
diff --git a/src/Driver/Ntdriver.c b/src/Driver/Ntdriver.c
index ac2fb00a..12943dc8 100644
--- a/src/Driver/Ntdriver.c
+++ b/src/Driver/Ntdriver.c
@@ -144,8 +144,9 @@ static BOOL AllowTrimCommand = FALSE;
 static BOOL RamEncryptionActivated = FALSE;
 int EncryptionIoRequestCount = 0;
 int EncryptionItemCount = 0;
 int EncryptionFragmentSize = 0;
+int EncryptionMaxWorkItems = 0;
 
 PDEVICE_OBJECT VirtualVolumeDeviceObjects[MAX_MOUNTED_VOLUME_DRIVE_NUMBER + 1];
 
 BOOL AlignValue (ULONG ulValue, ULONG ulAlignment, ULONG *pulResult)
@@ -2775,8 +2776,9 @@ NTSTATUS ProcessMainDeviceControlIrp (PDEVICE_OBJECT DeviceObject, PEXTENSION Ex
 	case VC_IOCTL_ENCRYPTION_QUEUE_PARAMS:
 		if (ValidateIOBufferSize (Irp, sizeof (EncryptionQueueParameters), ValidateOutput))
 		{
 			EncryptionQueueParameters* pParams = (EncryptionQueueParameters*) Irp->AssociatedIrp.SystemBuffer;
+			pParams->EncryptionMaxWorkItems = EncryptionMaxWorkItems;
 			pParams->EncryptionFragmentSize = EncryptionFragmentSize;
 			pParams->EncryptionIoRequestCount = EncryptionIoRequestCount;
 			pParams->EncryptionItemCount = EncryptionItemCount;
 			Irp->IoStatus.Information = sizeof (EncryptionQueueParameters);
@@ -4645,8 +4647,16 @@ NTSTATUS ReadRegistryConfigFlags (BOOL driverEntry)
 
 		TCfree (data);
 	}
 
+	if (driverEntry && NT_SUCCESS(TCReadRegistryKey(&name, VC_ENCRYPTION_MAX_WORK_ITEMS, &data)))
+	{
+		if (data->Type == REG_DWORD)
+			EncryptionMaxWorkItems = *(uint32*)data->Data;
+
+		TCfree(data);
+	}
+
 	if (driverEntry)
 	{
 		if (EncryptionIoRequestCount < TC_ENC_IO_QUEUE_PREALLOCATED_IO_REQUEST_COUNT)
 			EncryptionIoRequestCount = TC_ENC_IO_QUEUE_PREALLOCATED_IO_REQUEST_COUNT;
@@ -4662,8 +4672,11 @@ NTSTATUS ReadRegistryConfigFlags (BOOL driverEntry)
 		if (EncryptionFragmentSize == 0)
 			EncryptionFragmentSize = TC_ENC_IO_QUEUE_MAX_FRAGMENT_SIZE;
 		else if (EncryptionFragmentSize > (8 * TC_ENC_IO_QUEUE_MAX_FRAGMENT_SIZE))
 			EncryptionFragmentSize = 8 * TC_ENC_IO_QUEUE_MAX_FRAGMENT_SIZE;
+
+		if (EncryptionMaxWorkItems == 0)
+			EncryptionMaxWorkItems = VC_MAX_WORK_ITEMS;
 		
 		
 	}
 
diff --git a/src/Driver/Ntdriver.h b/src/Driver/Ntdriver.h
index 3995ffdf..b03b5e93 100644
--- a/src/Driver/Ntdriver.h
+++ b/src/Driver/Ntdriver.h
@@ -127,8 +127,9 @@ extern BOOL BlockSystemTrimCommand;
 extern BOOL AllowWindowsDefrag;
 extern int EncryptionIoRequestCount;
 extern int EncryptionItemCount;
 extern int EncryptionFragmentSize;
+extern int EncryptionMaxWorkItems;
 extern BOOL EraseKeysOnShutdown;
 /* Helper macro returning x seconds in units of 100 nanoseconds */
 #define WAIT_SECONDS(x) ((x)*10000000)
author	Mounir IDRASSI <mounir.idrassi@idrix.fr>	2024-11-23 17:44:48 +0100
committer	Mounir IDRASSI <mounir.idrassi@idrix.fr>	2024-11-23 17:44:48 +0100
commit	453ff2880e1e59e1471d3f16804315879128ce46 (patch)
tree	9c7a143d1f5ff91d12e41718d562a430ef6f0e73
parent	5a85c54c6ef556b96cc1ed844620a4ccee1b7837 (diff)
download	VeraCrypt-453ff2880e1e59e1471d3f16804315879128ce46.tar.gz VeraCrypt-453ff2880e1e59e1471d3f16804315879128ce46.zip