Windows: disable ordered flush barriers by default

Keep ordered flush barrier support available behind the new VC_DRIVER_CONFIG_ENABLE_ORDERED_FLUSH_BARRIERS driver configuration flag. With the flag clear, non-system IRP_MJ_FLUSH_BUFFERS requests complete successfully as they did before d1f73ce4 instead of entering EncryptedIoQueue.

This narrows the default Windows driver behavior while investigating 1.26.29 instability reports, but retains an opt-in path for targeted testing of ordered flush barriers. The close-time best-effort host flush is now gated by the same flag, so default close and dismount behavior also matches the pre-d1f73ce4 path.
This commit is contained in:
Mounir IDRASSI
2026-07-01 16:15:33 +09:00
parent c947e56b6e
commit f6544a5b07
4 changed files with 13 additions and 2 deletions
+1
View File
@@ -448,5 +448,6 @@ typedef struct
#define VC_DRIVER_CONFIG_CLEAR_KEYS_ON_NEW_DEVICE_INSERTION 0x400
#define VC_DRIVER_CONFIG_ENABLE_CPU_RNG 0x800
#define VC_DRIVER_CONFIG_ENABLE_RAM_ENCRYPTION 0x1000
#define VC_DRIVER_CONFIG_ENABLE_ORDERED_FLUSH_BARRIERS 0x2000
#endif /* _WIN32 */
+10 -1
View File
@@ -143,12 +143,18 @@ static BOOL SystemFavoriteVolumeDirty = FALSE;
static BOOL PagingFileCreationPrevented = FALSE;
static BOOL EnableExtendedIoctlSupport = FALSE;
static BOOL AllowTrimCommand = FALSE;
static BOOL OrderedFlushBarriersEnabled = FALSE;
static BOOL RamEncryptionActivated = FALSE;
int EncryptionIoRequestCount = 0;
int EncryptionItemCount = 0;
int EncryptionFragmentSize = 0;
int EncryptionMaxWorkItems = 0;
BOOL IsOrderedFlushBarriersEnabled ()
{
return OrderedFlushBarriersEnabled;
}
PDEVICE_OBJECT VirtualVolumeDeviceObjects[MAX_MOUNTED_VOLUME_DRIVE_NUMBER + 1];
BOOL AlignValue (ULONG ulValue, ULONG ulAlignment, ULONG *pulResult)
@@ -626,7 +632,7 @@ NTSTATUS TCDispatchQueueIRP (PDEVICE_OBJECT DeviceObject, PIRP Irp)
return STATUS_PENDING;
case IRP_MJ_FLUSH_BUFFERS:
if (Extension->hDeviceFile == NULL || Extension->bReadOnly)
if (!OrderedFlushBarriersEnabled || Extension->hDeviceFile == NULL || Extension->bReadOnly)
return TCCompleteDiskIrp (Irp, STATUS_SUCCESS, 0);
if (!EncryptedIoQueueIsRunning (&Extension->Queue))
@@ -4809,6 +4815,8 @@ NTSTATUS ReadRegistryConfigFlags (BOOL driverEntry)
NTSTATUS status;
uint32 flags = 0;
OrderedFlushBarriersEnabled = FALSE;
RtlInitUnicodeString (&name, L"\\REGISTRY\\MACHINE\\SYSTEM\\CurrentControlSet\\Services\\veracrypt");
status = TCReadRegistryKey (&name, TC_DRIVER_CONFIG_REG_VALUE_NAME, &data);
@@ -4849,6 +4857,7 @@ NTSTATUS ReadRegistryConfigFlags (BOOL driverEntry)
EnableExtendedIoctlSupport = (flags & TC_DRIVER_CONFIG_ENABLE_EXTENDED_IOCTL)? TRUE : FALSE;
AllowTrimCommand = (flags & VC_DRIVER_CONFIG_ALLOW_NONSYS_TRIM)? TRUE : FALSE;
AllowWindowsDefrag = (flags & VC_DRIVER_CONFIG_ALLOW_WINDOWS_DEFRAG)? TRUE : FALSE;
OrderedFlushBarriersEnabled = (flags & VC_DRIVER_CONFIG_ENABLE_ORDERED_FLUSH_BARRIERS)? TRUE : FALSE;
}
else
status = STATUS_INVALID_PARAMETER;
+1
View File
@@ -195,6 +195,7 @@ NTSTATUS TCCompleteIrp (PIRP irp, NTSTATUS status, ULONG_PTR information);
NTSTATUS TCCompleteDiskIrp (PIRP irp, NTSTATUS status, ULONG_PTR information);
NTSTATUS ProbeRealDriveSize (PDEVICE_OBJECT driveDeviceObject, LARGE_INTEGER *driveSize);
BOOL UserCanAccessDriveDevice ();
BOOL IsOrderedFlushBarriersEnabled ();
size_t GetCpuCount (WORD* pGroupCount);
USHORT GetCpuGroup (size_t index);
void SetThreadCpuGroupAffinity (USHORT index);
+1 -1
View File
@@ -935,7 +935,7 @@ void TCCloseVolume (PDEVICE_OBJECT DeviceObject, PEXTENSION Extension)
{
RestoreTimeStamp (Extension);
}
if (!Extension->bReadOnly)
if (!Extension->bReadOnly && IsOrderedFlushBarriersEnabled ())
{
IO_STATUS_BLOCK ioStatus;
NTSTATUS flushStatus = ZwFlushBuffersFile (Extension->hDeviceFile, &ioStatus);