VeraCrypt
aboutsummaryrefslogtreecommitdiff
path: root/src/Driver/EncryptedIoQueue.c
AgeCommit message (Collapse)AuthorFilesLines
2024-12-25Windows driver: Use IO_DISK_INCREMENT for event signaling in IRP completion ↵Mounir IDRASSI1-2/+2
routine This provides a slight priority boost for waiting threads and maintains standard practice for disk device drivers.
2024-12-25Windows Driver: make UpdateBuffer function more robust by adding security ↵Mounir IDRASSI1-20/+60
region size parameter
2024-11-23Windows Driver: Make max work items count configurable. Increase default to ↵Mounir IDRASSI1-37/+39
1024. Queue write IRPs. - Made the maximum work items count configurable to allow flexibility based on system needs. - Increased the default value of max work items count to 1024 to better handle high-throughput scenarios. - Queue write IRPs in system worker thread to avoid potential deadlocks in write scenarios.
2024-11-22Windows Driver: Optimize spinlock usage in CompleteIrpWorkItemRoutineMounir IDRASSI1-8/+4
Reduce the critical section protected by spinlock to only cover the list manipulation operation. Move the ActiveWorkItems counter decrement outside the spinlock using InterlockedDecrement, and separate event signaling from the locked section. This change minimizes time spent at raised IRQL (DISPATCH_LEVEL) and reduces potential for lock contention.
2024-11-17Windows Driver: Fix deadlock in EncryptedIoQueue due to re-entrant IRP ↵Mounir IDRASSI1-15/+145
completions There was a deadlock issue in the driver caused by the CompletionThreadProc function in EncryptedIoQueue.c: https://sourceforge.net/p/veracrypt/discussion/general/thread/f6e7f623d0/?page=20&limit=25#8362 The driver uses a single thread (CompletionThreadProc) to process IRP completions. When IoCompleteRequest is called within this thread, it can result in new IRPs being generated (e.g., for pagefile operations) that are intercepted by the driver and queued back into the CompletionThreadQueue. Since CompletionThreadProc is the only thread processing this queue and is waiting on IoCompleteRequest, these new IRPs are not handled, leading to a system freeze. To resolve this issue, the following changes have been made: Deferred IRP Completion Using Pre-allocated Work Items: - Introduced a pool of pre-allocated work items (COMPLETE_IRP_WORK_ITEM) to handle IRP completions without causing additional resource allocations that could trigger new IRPs. - The CompletionThreadProc now queues IRP completions to these work items, which are processed in a different context using IoQueueWorkItem, preventing re-entrant IRPs from blocking the completion thread. Thread-Safe Work Item Pool Management: - Implemented a thread-safe mechanism using a semaphore (WorkItemSemaphore), spin lock (WorkItemLock), and a free list (FreeWorkItemsList) to manage the pool of work items. - Threads acquire and release work items safely, and if all work items are busy, threads wait until one becomes available. Reference Counting and Improved Stop Handling: - Added an ActiveWorkItems counter to track the number of active work items. - Modified EncryptedIoQueueStop to wait for all active work items to complete before proceeding with cleanup, ensuring a clean shutdown. These changes address the deadlock issue by preventing CompletionThreadProc from being blocked by re-entrant IRPs generated during IoCompleteRequest. By deferring IRP completion to a different context using pre-allocated work items and managing resources properly, we avoid the deadlock and ensure that all IRPs are processed correctly.
2024-11-13Windows: Remove support for 32-bit driver code. Set build target as Windows ↵Mounir IDRASSI1-2/+2
10. Simplify code and fix all warnings in driver.
2024-06-12Avoid conflict with C++17 features std::byte by using uint8 type instead of byteMounir IDRASSI1-6/+6
2023-08-13Windows: Implement support for mounting partially encrypted system partitionsMounir IDRASSI1-1/+1
For now, we force ReadOnly mounting for such partitions.
2021-12-20Windows Driver: Add registry settings to control driver internal encryption ↵Mounir IDRASSI1-19/+78
queue Under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\veracrypt: - VeraCryptEncryptionFragmentSize (REG_DWORD): size of encryption data fragment in KiB. Default is 256. - VeraCryptEncryptionIoRequestCount (REG_DWORD): maximum number of parallel I/O requests. Default is 16. - VeraCryptEncryptionItemCount (REG_DWORD): maximum number of encryption queue items processed in parallel. Default is 8.
2021-01-02Windows: Fix various warningsMounir IDRASSI1-1/+1
2019-01-09Windows Security: Add new entry point in driver that allows emergency ↵Mounir IDRASSI1-1/+3
clearing of all encryption keys from memory. This entry point requires administrative privileges and it will caused BSDO when system encryption is active. It can be useful for example to applications that monitors physical access to the machine and which need to erase sensitive key material from RAM when unauthorized access is detected.
2017-06-23Update IDRIX copyright yearMounir IDRASSI1-1/+1
2017-06-10Windows Driver Security: Use enhanced protection of NX pool under Windows 8 ↵Mounir IDRASSI1-2/+2
and later.
2016-12-26Driver with support of hidden OSkavsrf1-0/+59
Signed-off-by: kavsrf <kavsrf@gmail.com>
2016-05-10Remove trailing whitespaceDavid Foerster1-13/+13
2016-05-10Normalize all line terminatorsDavid Foerster1-1049/+1049
2016-01-20Copyright: update dates to include 2016.Mounir IDRASSI1-1/+1
2015-08-06Update license information to reflect the use of a dual license Apache 2.0 ↵Mounir IDRASSI1-5/+9
and TrueCrypt 3.0.
2014-11-08Windows vulnerability fix: correct some integer overflow issues using the ↵Mounir IDRASSI1-4/+27
IntSafe library. Detected by the Open Crypto Audit project
2014-11-08Static Code Analysis : Use Safe string functions inside VeraCrypt Device ↵Mounir IDRASSI1-0/+14
Driver to avoid potential security issues. Add many checks for NULL pointers to handle low memory use cases.
2014-11-08Add original TrueCrypt 7.1a sourcesMounir IDRASSI1-0/+1008