Windows: Add option to block TRIM command on system encryption SSD drives.

author: Mounir IDRASSI <mounir.idrassi@idrix.fr> 2018-03-05 19:29:08 +0100
committer: Mounir IDRASSI <mounir.idrassi@idrix.fr> 2018-03-05 19:35:07 +0100
commit: d907627f7e4844547545b9ff189208cec9eee426 (patch)
tree: ce75898e20230bc735db1380b0e14e1e7b7f9791 /src/Driver
parent: bac2ad29b66527a6dcc96c06e4c2407f4622414c (diff)
download: VeraCrypt-d907627f7e4844547545b9ff189208cec9eee426.tar.gz
VeraCrypt-d907627f7e4844547545b9ff189208cec9eee426.zip
3 files changed, 48 insertions, 1 deletions
diff --git a/src/Driver/DriveFilter.c b/src/Driver/DriveFilter.c
index 08bebe18..bb7083ce 100644
--- a/src/Driver/DriveFilter.c
+++ b/src/Driver/DriveFilter.c
@@ -941,6 +941,46 @@ static NTSTATUS DispatchPower (PDEVICE_OBJECT DeviceObject, PIRP Irp, DriveFilte
 	return status;
 }
 
+static NTSTATUS DispatchControl (PDEVICE_OBJECT DeviceObject, PIRP Irp, DriveFilterExtension *Extension, PIO_STACK_LOCATION irpSp)
+{
+	BOOL bBlockTrim = BlockSystemTrimCommand || IsHiddenSystemRunning();
+	NTSTATUS status = IoAcquireRemoveLock (&Extension->Queue.RemoveLock, Irp);
+	if (!NT_SUCCESS (status))
+		return TCCompleteIrp (Irp, status, 0);
+
+	switch (irpSp->Parameters.DeviceIoControl.IoControlCode)
+	{
+		case IOCTL_STORAGE_MANAGE_DATA_SET_ATTRIBUTES:
+			Dump ("DriverFilter-DispatchControl: IOCTL_STORAGE_MANAGE_DATA_SET_ATTRIBUTES\n");
+			if (bBlockTrim)
+			{
+				PIO_STACK_LOCATION irpSp = IoGetCurrentIrpStackLocation (Irp);
+				DWORD inputLength = irpSp->Parameters.DeviceIoControl.InputBufferLength;
+				if (inputLength >= sizeof (DEVICE_MANAGE_DATA_SET_ATTRIBUTES))
+				{
+					PDEVICE_MANAGE_DATA_SET_ATTRIBUTES pInputAttrs = (PDEVICE_MANAGE_DATA_SET_ATTRIBUTES) Irp->AssociatedIrp.SystemBuffer;
+					DEVICE_DATA_MANAGEMENT_SET_ACTION action = pInputAttrs->Action;
+					if (action == DeviceDsmAction_Trim)
+					{
+						Dump ("DriverFilter-DispatchControl: IOCTL_STORAGE_MANAGE_DATA_SET_ATTRIBUTES - DeviceDsmAction_Trim.\n");
+
+						if (bBlockTrim)
+						{
+							Dump ("DriverFilter-DispatchControl:: TRIM command blocked.\n");
+							IoReleaseRemoveLock (&Extension->Queue.RemoveLock, Irp);
+							return TCCompleteDiskIrp (Irp, STATUS_SUCCESS, 0);
+						}
+					}
+				}
+			}
+			break;
+	}
+
+	status = PassIrp (Extension->LowerDeviceObject, Irp);
+	IoReleaseRemoveLock (&Extension->Queue.RemoveLock, Irp);
+	return status;
+}
+
 
 NTSTATUS DriveFilterDispatchIrp (PDEVICE_OBJECT DeviceObject, PIRP Irp)
 {
@@ -970,6 +1010,9 @@ NTSTATUS DriveFilterDispatchIrp (PDEVICE_OBJECT DeviceObject, PIRP Irp)
 
 	case IRP_MJ_POWER:
 		return DispatchPower (DeviceObject, Irp, Extension, irpSp);
+
+	case IRP_MJ_DEVICE_CONTROL:
+		return DispatchControl (DeviceObject, Irp, Extension, irpSp);
 	}
 
 	status = IoAcquireRemoveLock (&Extension->Queue.RemoveLock, Irp);
diff --git a/src/Driver/Ntdriver.c b/src/Driver/Ntdriver.c
index ce2f01ce..fca2ca42 100644
--- a/src/Driver/Ntdriver.c
+++ b/src/Driver/Ntdriver.c
@@ -128,6 +128,7 @@ BOOL VolumeClassFilterRegistered = FALSE;
 BOOL CacheBootPassword = FALSE;
 BOOL CacheBootPim = FALSE;
 BOOL NonAdminSystemFavoritesAccessDisabled = FALSE;
+BOOL BlockSystemTrimCommand = FALSE;
 static size_t EncryptionThreadPoolFreeCpuCountLimit = 0;
 static BOOL SystemFavoriteVolumeDirty = FALSE;
 static BOOL PagingFileCreationPrevented = FALSE;
@@ -4220,6 +4221,9 @@ NTSTATUS ReadRegistryConfigFlags (BOOL driverEntry)
 
 				if (flags & TC_DRIVER_CONFIG_CACHE_BOOT_PIM)
 					CacheBootPim = TRUE;
+
+				if (flags & VC_DRIVER_CONFIG_BLOCK_SYS_TRIM)
+					BlockSystemTrimCommand = TRUE;
 			}
 
 			EnableHwEncryption ((flags & TC_DRIVER_CONFIG_DISABLE_HARDWARE_ENCRYPTION) ? FALSE : TRUE);
diff --git a/src/Driver/Ntdriver.h b/src/Driver/Ntdriver.h
index 50a98d03..8403f212 100644
--- a/src/Driver/Ntdriver.h
+++ b/src/Driver/Ntdriver.h
@@ -122,7 +122,7 @@ extern ULONG OsMinorVersion;
 extern BOOL VolumeClassFilterRegistered;
 extern BOOL CacheBootPassword;
 extern BOOL CacheBootPim;
-
+extern BOOL BlockSystemTrimCommand;
 /* Helper macro returning x seconds in units of 100 nanoseconds */
 #define WAIT_SECONDS(x) ((x)*10000000)
author	Mounir IDRASSI <mounir.idrassi@idrix.fr>	2018-03-05 19:29:08 +0100
committer	Mounir IDRASSI <mounir.idrassi@idrix.fr>	2018-03-05 19:35:07 +0100
commit	d907627f7e4844547545b9ff189208cec9eee426 (patch)
tree	ce75898e20230bc735db1380b0e14e1e7b7f9791 /src/Driver
parent	bac2ad29b66527a6dcc96c06e4c2407f4622414c (diff)
download	VeraCrypt-d907627f7e4844547545b9ff189208cec9eee426.tar.gz VeraCrypt-d907627f7e4844547545b9ff189208cec9eee426.zip