From d907627f7e4844547545b9ff189208cec9eee426 Mon Sep 17 00:00:00 2001 From: Mounir IDRASSI Date: Mon, 5 Mar 2018 19:29:08 +0100 Subject: Windows: Add option to block TRIM command on system encryption SSD drives. --- src/Driver/DriveFilter.c | 43 +++++++++++++++++++++++++++++++++++++++++++ src/Driver/Ntdriver.c | 4 ++++ src/Driver/Ntdriver.h | 2 +- 3 files changed, 48 insertions(+), 1 deletion(-) (limited to 'src/Driver') diff --git a/src/Driver/DriveFilter.c b/src/Driver/DriveFilter.c index 08bebe18..bb7083ce 100644 --- a/src/Driver/DriveFilter.c +++ b/src/Driver/DriveFilter.c @@ -941,6 +941,46 @@ static NTSTATUS DispatchPower (PDEVICE_OBJECT DeviceObject, PIRP Irp, DriveFilte return status; } +static NTSTATUS DispatchControl (PDEVICE_OBJECT DeviceObject, PIRP Irp, DriveFilterExtension *Extension, PIO_STACK_LOCATION irpSp) +{ + BOOL bBlockTrim = BlockSystemTrimCommand || IsHiddenSystemRunning(); + NTSTATUS status = IoAcquireRemoveLock (&Extension->Queue.RemoveLock, Irp); + if (!NT_SUCCESS (status)) + return TCCompleteIrp (Irp, status, 0); + + switch (irpSp->Parameters.DeviceIoControl.IoControlCode) + { + case IOCTL_STORAGE_MANAGE_DATA_SET_ATTRIBUTES: + Dump ("DriverFilter-DispatchControl: IOCTL_STORAGE_MANAGE_DATA_SET_ATTRIBUTES\n"); + if (bBlockTrim) + { + PIO_STACK_LOCATION irpSp = IoGetCurrentIrpStackLocation (Irp); + DWORD inputLength = irpSp->Parameters.DeviceIoControl.InputBufferLength; + if (inputLength >= sizeof (DEVICE_MANAGE_DATA_SET_ATTRIBUTES)) + { + PDEVICE_MANAGE_DATA_SET_ATTRIBUTES pInputAttrs = (PDEVICE_MANAGE_DATA_SET_ATTRIBUTES) Irp->AssociatedIrp.SystemBuffer; + DEVICE_DATA_MANAGEMENT_SET_ACTION action = pInputAttrs->Action; + if (action == DeviceDsmAction_Trim) + { + Dump ("DriverFilter-DispatchControl: IOCTL_STORAGE_MANAGE_DATA_SET_ATTRIBUTES - DeviceDsmAction_Trim.\n"); + + if (bBlockTrim) + { + Dump ("DriverFilter-DispatchControl:: TRIM command blocked.\n"); + IoReleaseRemoveLock (&Extension->Queue.RemoveLock, Irp); + return TCCompleteDiskIrp (Irp, STATUS_SUCCESS, 0); + } + } + } + } + break; + } + + status = PassIrp (Extension->LowerDeviceObject, Irp); + IoReleaseRemoveLock (&Extension->Queue.RemoveLock, Irp); + return status; +} + NTSTATUS DriveFilterDispatchIrp (PDEVICE_OBJECT DeviceObject, PIRP Irp) { @@ -970,6 +1010,9 @@ NTSTATUS DriveFilterDispatchIrp (PDEVICE_OBJECT DeviceObject, PIRP Irp) case IRP_MJ_POWER: return DispatchPower (DeviceObject, Irp, Extension, irpSp); + + case IRP_MJ_DEVICE_CONTROL: + return DispatchControl (DeviceObject, Irp, Extension, irpSp); } status = IoAcquireRemoveLock (&Extension->Queue.RemoveLock, Irp); diff --git a/src/Driver/Ntdriver.c b/src/Driver/Ntdriver.c index ce2f01ce..fca2ca42 100644 --- a/src/Driver/Ntdriver.c +++ b/src/Driver/Ntdriver.c @@ -128,6 +128,7 @@ BOOL VolumeClassFilterRegistered = FALSE; BOOL CacheBootPassword = FALSE; BOOL CacheBootPim = FALSE; BOOL NonAdminSystemFavoritesAccessDisabled = FALSE; +BOOL BlockSystemTrimCommand = FALSE; static size_t EncryptionThreadPoolFreeCpuCountLimit = 0; static BOOL SystemFavoriteVolumeDirty = FALSE; static BOOL PagingFileCreationPrevented = FALSE; @@ -4220,6 +4221,9 @@ NTSTATUS ReadRegistryConfigFlags (BOOL driverEntry) if (flags & TC_DRIVER_CONFIG_CACHE_BOOT_PIM) CacheBootPim = TRUE; + + if (flags & VC_DRIVER_CONFIG_BLOCK_SYS_TRIM) + BlockSystemTrimCommand = TRUE; } EnableHwEncryption ((flags & TC_DRIVER_CONFIG_DISABLE_HARDWARE_ENCRYPTION) ? FALSE : TRUE); diff --git a/src/Driver/Ntdriver.h b/src/Driver/Ntdriver.h index 50a98d03..8403f212 100644 --- a/src/Driver/Ntdriver.h +++ b/src/Driver/Ntdriver.h @@ -122,7 +122,7 @@ extern ULONG OsMinorVersion; extern BOOL VolumeClassFilterRegistered; extern BOOL CacheBootPassword; extern BOOL CacheBootPim; - +extern BOOL BlockSystemTrimCommand; /* Helper macro returning x seconds in units of 100 nanoseconds */ #define WAIT_SECONDS(x) ((x)*10000000) -- cgit v1.2.3