Age | Commit message (Collapse) | Author | Files | Lines |
|
To support this, we had to replace ExAllocatePool2 by ExAllocatePoolUninitialized.
|
|
region size parameter
|
|
|
|
|
|
|
|
1024. Queue write IRPs.
- Made the maximum work items count configurable to allow flexibility based on system needs.
- Increased the default value of max work items count to 1024 to better handle high-throughput scenarios.
- Queue write IRPs in system worker thread to avoid potential deadlocks in write scenarios.
|
|
Reduce the critical section protected by spinlock to only cover the list manipulation operation. Move the ActiveWorkItems counter decrement outside the spinlock using InterlockedDecrement, and separate event signaling from the locked section.
This change minimizes time spent at raised IRQL (DISPATCH_LEVEL) and reduces potential for lock contention.
|
|
|
|
drivers.
|
|
since we are targeting Windows 10
|
|
completions
There was a deadlock issue in the driver caused by the CompletionThreadProc function in EncryptedIoQueue.c:
https://sourceforge.net/p/veracrypt/discussion/general/thread/f6e7f623d0/?page=20&limit=25#8362
The driver uses a single thread (CompletionThreadProc) to process IRP completions. When IoCompleteRequest is called within this thread, it can result in new IRPs being generated (e.g., for pagefile operations) that are intercepted by the driver and queued back into the CompletionThreadQueue. Since CompletionThreadProc is the only thread processing this queue and is waiting on IoCompleteRequest, these new IRPs are not handled, leading to a system freeze.
To resolve this issue, the following changes have been made:
Deferred IRP Completion Using Pre-allocated Work Items:
- Introduced a pool of pre-allocated work items (COMPLETE_IRP_WORK_ITEM) to handle IRP completions without causing additional resource allocations that could trigger new IRPs.
- The CompletionThreadProc now queues IRP completions to these work items, which are processed in a different context using IoQueueWorkItem, preventing re-entrant IRPs from blocking the completion thread.
Thread-Safe Work Item Pool Management:
- Implemented a thread-safe mechanism using a semaphore (WorkItemSemaphore), spin lock (WorkItemLock), and a free list (FreeWorkItemsList) to manage the pool of work items.
- Threads acquire and release work items safely, and if all work items are busy, threads wait until one becomes available.
Reference Counting and Improved Stop Handling:
- Added an ActiveWorkItems counter to track the number of active work items.
- Modified EncryptedIoQueueStop to wait for all active work items to complete before proceeding with cleanup, ensuring a clean shutdown.
These changes address the deadlock issue by preventing CompletionThreadProc from being blocked by re-entrant IRPs generated during IoCompleteRequest. By deferring IRP completion to a different context using pre-allocated work items and managing resources properly, we avoid the deadlock and ensure that all IRPs are processed correctly.
|
|
|
|
to inform compiler that pointer is unaligned.
This avoids issues with existing bootloaders
|
|
remove 32-bit EFI bootloader files.
We also fix intermediary files folder for Portable and Setup projects
|
|
|
|
Delete unused files.
|
|
configuration for driver and binaries.
Only setup remains 32-bit to be compatible with both x64 and arm64 Windows.
|
|
10. Simplify code and fix all warnings in driver.
|
|
PBKDF2-HMAC-SHA256
|
|
Visual Studio 2019
We also enable Control Flow Guard and Spectre Mitigation
|
|
drivers.
|
|
If vulnerability detected, a warning message is displayed during mount or backup/restore header, and changing the password is disallowed since it will not change the master key.
|
|
Update friend declaration in FuseService.h and refactor GetCharWidth to ComputeCharWidth in WaitDialog.h to avoif hiding GetCharWidth inherited from wxWindow
|
|
The build script build_veracrypt_macosx.h now accepts the argument -f to enable fuse-t support.
It is also possible to set the environment variable VC_OSX_FUSET to 1 for FUSE-T support.
A change was done in CoreUnix::GetMountedVolumes to add a waiting loop for control file to be accessible because when using FUSE-T there always a delay before control file can be serialized.
|
|
|
|
|
|
offset not 4K aligned
Now we set offset to 1MB which is a typical values used for MBR disks.
We also use a more standard way to calculate legacy number of cylinders
|
|
|
|
|
|
signed driver files.
|
|
better seed for internal RNG compared to KeQueryInterruptTime
|
|
|
|
|
|
For now, we force ReadOnly mounting for such partitions.
|
|
|
|
|
|
Fixing the following compiler warnings:
FuseService.cpp: In function ‘int VeraCrypt::fuse_service_read(const char*, char*, size_t, off_t, fuse_file_info*)’:
FuseService.cpp:233:12: warning: catching polymorphic type ‘struct VeraCrypt::MissingVolumeData’ by value [-Wcatch-value=]
233 | catch (MissingVolumeData)
| ^~~~~~~~~~~~~~~~~
FuseService.cpp: In static member function ‘static int VeraCrypt::FuseService::ExceptionToErrorCode()’:
FuseService.cpp:362:15: warning: catching polymorphic type ‘class std::bad_alloc’ by value [-Wcatch-value=]
362 | catch (std::bad_alloc)
| ^~~~~~~~~
Apart from warnings, the current code creates unnecessary copies of the exception object in debug mode. (But not in -O3)
|
|
|
|
algorithms RIPEMD-160 and GOST89.
|
|
|
|
|
|
|
|
but hidden volume mounting fails
|
|
shutdown/reboot. This helps solve BSOD during shutdown/reboot on some machines.
Under "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\veracrypt", create a REG_DWORD value named "VeraCryptEraseKeysShutdown" and set its value to 0.
|
|
|
|
IOCTL code to read used values from user space maximum value for EncryptionFragmentSize is 2048 maximum value for EncryptionIoRequestCount is 8192 maximum value for EncryptionItemCount is (EncryptionIoRequestCount/2)
|
|
|
|
|
|
|
|
queue Under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\veracrypt: - VeraCryptEncryptionFragmentSize (REG_DWORD): size of encryption data fragment in KiB. Default is 256. - VeraCryptEncryptionIoRequestCount (REG_DWORD): maximum number of parallel I/O requests. Default is 16. - VeraCryptEncryptionItemCount (REG_DWORD): maximum number of encryption queue items processed in parallel. Default is 8.
|