From 453ff2880e1e59e1471d3f16804315879128ce46 Mon Sep 17 00:00:00 2001 From: Mounir IDRASSI Date: Sat, 23 Nov 2024 17:44:48 +0100 Subject: [PATCH] Windows Driver: Make max work items count configurable. Increase default to 1024. Queue write IRPs. - Made the maximum work items count configurable to allow flexibility based on system needs. - Increased the default value of max work items count to 1024 to better handle high-throughput scenarios. - Queue write IRPs in system worker thread to avoid potential deadlocks in write scenarios. --- src/Common/Apidrvr.h | 2 + src/Driver/EncryptedIoQueue.c | 76 ++++++++++++++++++----------------- src/Driver/EncryptedIoQueue.h | 2 +- src/Driver/Ntdriver.c | 13 ++++++ src/Driver/Ntdriver.h | 1 + 5 files changed, 56 insertions(+), 38 deletions(-) diff --git a/src/Common/Apidrvr.h b/src/Common/Apidrvr.h index 04d69c05b4..955286da30 100644 --- a/src/Common/Apidrvr.h +++ b/src/Common/Apidrvr.h @@ -396,6 +396,7 @@ typedef struct int EncryptionIoRequestCount; int EncryptionItemCount; int EncryptionFragmentSize; + int EncryptionMaxWorkItems; } EncryptionQueueParameters; #pragma pack (pop) @@ -418,6 +419,7 @@ typedef struct #define VC_ENCRYPTION_IO_REQUEST_COUNT DRIVER_STR("VeraCryptEncryptionIoRequestCount") #define VC_ENCRYPTION_ITEM_COUNT DRIVER_STR("VeraCryptEncryptionItemCount") #define VC_ENCRYPTION_FRAGMENT_SIZE DRIVER_STR("VeraCryptEncryptionFragmentSize") +#define VC_ENCRYPTION_MAX_WORK_ITEMS DRIVER_STR("VeraCryptEncryptionMaxWorkItems") #define VC_ERASE_KEYS_SHUTDOWN DRIVER_STR("VeraCryptEraseKeysShutdown") diff --git a/src/Driver/EncryptedIoQueue.c b/src/Driver/EncryptedIoQueue.c index d68c3f091c..91399c474e 100644 --- a/src/Driver/EncryptedIoQueue.c +++ b/src/Driver/EncryptedIoQueue.c @@ -303,8 +303,43 @@ static VOID CompleteIrpWorkItemRoutine(PDEVICE_OBJECT DeviceObject, PVOID Contex } } +// Handles the completion of the original IRP. +static VOID HandleCompleteOriginalIrp(EncryptedIoQueue* queue, EncryptedIoRequest* request) +{ + NTSTATUS status = KeWaitForSingleObject(&queue->WorkItemSemaphore, Executive, KernelMode, FALSE, NULL); + if (queue->ThreadExitRequested) + return; + + if (!NT_SUCCESS(status)) + { + // Handle wait failure: we call the completion routine directly. + // This is not ideal since it can cause deadlock that we are trying to fix but it is better than losing the IRP. + CompleteOriginalIrp(request->Item, STATUS_INSUFFICIENT_RESOURCES, 0); + } + else + { + // Obtain a work item from the free list. + KIRQL oldIrql; + KeAcquireSpinLock(&queue->WorkItemLock, &oldIrql); + PLIST_ENTRY freeEntry = RemoveHeadList(&queue->FreeWorkItemsList); + KeReleaseSpinLock(&queue->WorkItemLock, oldIrql); + PCOMPLETE_IRP_WORK_ITEM workItem = CONTAINING_RECORD(freeEntry, COMPLETE_IRP_WORK_ITEM, ListEntry); + + // Increment ActiveWorkItems. + InterlockedIncrement(&queue->ActiveWorkItems); + KeResetEvent(&queue->NoActiveWorkItemsEvent); + // Prepare the work item. + workItem->Irp = request->Item->OriginalIrp; + workItem->Status = request->Item->Status; + workItem->Information = NT_SUCCESS(request->Item->Status) ? request->Item->OriginalLength : 0; + workItem->Item = request->Item; + + // Queue the work item. + IoQueueWorkItem(workItem->WorkItem, CompleteIrpWorkItemRoutine, DelayedWorkQueue, workItem); + } +} static VOID CompletionThreadProc(PVOID threadArg) { @@ -348,39 +383,7 @@ static VOID CompletionThreadProc(PVOID threadArg) if (request->CompleteOriginalIrp) { - // Wait for a work item to become available - NTSTATUS status = KeWaitForSingleObject(&queue->WorkItemSemaphore, Executive, KernelMode, FALSE, NULL); - if (queue->ThreadExitRequested) - break; - if (!NT_SUCCESS(status)) - { - // Handle wait failure: we call the completion routine directly. - // This is not ideal since it can cause deadlock that we are trying to fix but it is better than losing the IRP. - CompleteOriginalIrp(request->Item, STATUS_INSUFFICIENT_RESOURCES, 0); - } - else - { - // Obtain a work item from the free list - KIRQL oldIrql; - KeAcquireSpinLock(&queue->WorkItemLock, &oldIrql); - PLIST_ENTRY freeEntry = RemoveHeadList(&queue->FreeWorkItemsList); - KeReleaseSpinLock(&queue->WorkItemLock, oldIrql); - - PCOMPLETE_IRP_WORK_ITEM workItem = CONTAINING_RECORD(freeEntry, COMPLETE_IRP_WORK_ITEM, ListEntry); - - // Increment ActiveWorkItems - InterlockedIncrement(&queue->ActiveWorkItems); - KeResetEvent(&queue->NoActiveWorkItemsEvent); - - // Prepare the work item - workItem->Irp = request->Item->OriginalIrp; - workItem->Status = request->Item->Status; - workItem->Information = NT_SUCCESS(request->Item->Status) ? request->Item->OriginalLength : 0; - workItem->Item = request->Item; - - // Queue the work item - IoQueueWorkItem(workItem->WorkItem, CompleteIrpWorkItemRoutine, DelayedWorkQueue, workItem); - } + HandleCompleteOriginalIrp(queue, request); } ReleasePoolBuffer(queue, request); @@ -541,8 +544,7 @@ static VOID IoThreadProc (PVOID threadArg) if (request->CompleteOriginalIrp) { - CompleteOriginalIrp (request->Item, request->Item->Status, - NT_SUCCESS (request->Item->Status) ? request->Item->OriginalLength : 0); + HandleCompleteOriginalIrp(queue, request); } ReleasePoolBuffer (queue, request); @@ -1148,10 +1150,10 @@ NTSTATUS EncryptedIoQueueStart (EncryptedIoQueue *queue) // Initialize the free work item list InitializeListHead(&queue->FreeWorkItemsList); - KeInitializeSemaphore(&queue->WorkItemSemaphore, VC_MAX_WORK_ITEMS, VC_MAX_WORK_ITEMS); + KeInitializeSemaphore(&queue->WorkItemSemaphore, EncryptionMaxWorkItems, EncryptionMaxWorkItems); KeInitializeSpinLock(&queue->WorkItemLock); - queue->MaxWorkItems = VC_MAX_WORK_ITEMS; + queue->MaxWorkItems = EncryptionMaxWorkItems; queue->WorkItemPool = (PCOMPLETE_IRP_WORK_ITEM)TCalloc(sizeof(COMPLETE_IRP_WORK_ITEM) * queue->MaxWorkItems); if (!queue->WorkItemPool) { diff --git a/src/Driver/EncryptedIoQueue.h b/src/Driver/EncryptedIoQueue.h index 2e7439f8c0..3738065a23 100644 --- a/src/Driver/EncryptedIoQueue.h +++ b/src/Driver/EncryptedIoQueue.h @@ -26,7 +26,7 @@ #define TC_ENC_IO_QUEUE_PREALLOCATED_IO_REQUEST_COUNT 16 #define TC_ENC_IO_QUEUE_PREALLOCATED_IO_REQUEST_MAX_COUNT 8192 -#define VC_MAX_WORK_ITEMS 256 +#define VC_MAX_WORK_ITEMS 1024 typedef struct EncryptedIoQueueBufferStruct { diff --git a/src/Driver/Ntdriver.c b/src/Driver/Ntdriver.c index ac2fb00a6d..12943dc874 100644 --- a/src/Driver/Ntdriver.c +++ b/src/Driver/Ntdriver.c @@ -145,6 +145,7 @@ static BOOL RamEncryptionActivated = FALSE; int EncryptionIoRequestCount = 0; int EncryptionItemCount = 0; int EncryptionFragmentSize = 0; +int EncryptionMaxWorkItems = 0; PDEVICE_OBJECT VirtualVolumeDeviceObjects[MAX_MOUNTED_VOLUME_DRIVE_NUMBER + 1]; @@ -2776,6 +2777,7 @@ NTSTATUS ProcessMainDeviceControlIrp (PDEVICE_OBJECT DeviceObject, PEXTENSION Ex if (ValidateIOBufferSize (Irp, sizeof (EncryptionQueueParameters), ValidateOutput)) { EncryptionQueueParameters* pParams = (EncryptionQueueParameters*) Irp->AssociatedIrp.SystemBuffer; + pParams->EncryptionMaxWorkItems = EncryptionMaxWorkItems; pParams->EncryptionFragmentSize = EncryptionFragmentSize; pParams->EncryptionIoRequestCount = EncryptionIoRequestCount; pParams->EncryptionItemCount = EncryptionItemCount; @@ -4646,6 +4648,14 @@ NTSTATUS ReadRegistryConfigFlags (BOOL driverEntry) TCfree (data); } + if (driverEntry && NT_SUCCESS(TCReadRegistryKey(&name, VC_ENCRYPTION_MAX_WORK_ITEMS, &data))) + { + if (data->Type == REG_DWORD) + EncryptionMaxWorkItems = *(uint32*)data->Data; + + TCfree(data); + } + if (driverEntry) { if (EncryptionIoRequestCount < TC_ENC_IO_QUEUE_PREALLOCATED_IO_REQUEST_COUNT) @@ -4663,6 +4673,9 @@ NTSTATUS ReadRegistryConfigFlags (BOOL driverEntry) EncryptionFragmentSize = TC_ENC_IO_QUEUE_MAX_FRAGMENT_SIZE; else if (EncryptionFragmentSize > (8 * TC_ENC_IO_QUEUE_MAX_FRAGMENT_SIZE)) EncryptionFragmentSize = 8 * TC_ENC_IO_QUEUE_MAX_FRAGMENT_SIZE; + + if (EncryptionMaxWorkItems == 0) + EncryptionMaxWorkItems = VC_MAX_WORK_ITEMS; } diff --git a/src/Driver/Ntdriver.h b/src/Driver/Ntdriver.h index 3995ffdfba..b03b5e93f1 100644 --- a/src/Driver/Ntdriver.h +++ b/src/Driver/Ntdriver.h @@ -128,6 +128,7 @@ extern BOOL AllowWindowsDefrag; extern int EncryptionIoRequestCount; extern int EncryptionItemCount; extern int EncryptionFragmentSize; +extern int EncryptionMaxWorkItems; extern BOOL EraseKeysOnShutdown; /* Helper macro returning x seconds in units of 100 nanoseconds */ #define WAIT_SECONDS(x) ((x)*10000000)