Replaced hardcoded 0x56455241 ('VERA') with TC_HEADER_MAGIC for better readability and maintainability.
Also replaced 0x5645524142455854 with TC_BOOT_DRIVE_FILTER_EXTENSION_MAGIC and added 'ULL' suffix for 64-bit safety.
Now we properly honor the AllowDefrag configuration.
This regression introduced other issues because, in order to allow defragmentation, we must provide Windows with an actual physical disk number. As a result, we assign the number of the physical disk where the VeraCrypt volume resides. This, in turn, causes Windows to send IOCTLs directly to this disk instead of to VeraCrypt. If these IOCTLs return values and properties not supported by VeraCrypt, inconsistencies arise, leading to failures.
* refactor: use UNMOUNT instead of DISMOUNT in code
This change updates the term DISMOUNT in constants to UNMOUNT.
Other occurrences (e.g. variable names) are left alone for now.
* refactor(ui): use unmount instead of dismount
This change updates the GUI text and replaces dismount with unmount.
* docs: update term dismount -> unmount
* refactor(cmdline): add unmount
This change adds an argument 'unmount' for command line usage, while
trying to deprecate the old disnount argument.
The current dismount argument/flag will still work to not introduce
a breaking change.
* docs: mention that /dismount is deprecated
This change fixes the shorthand version of the argument /unmount
It also adds back the info for /dismount and that it is deprecated.
- Made the maximum work items count configurable to allow flexibility based on system needs.
- Increased the default value of max work items count to 1024 to better handle high-throughput scenarios.
- Queue write IRPs in system worker thread to avoid potential deadlocks in write scenarios.
Reduce the critical section protected by spinlock to only cover the list manipulation operation. Move the ActiveWorkItems counter decrement outside the spinlock using InterlockedDecrement, and separate event signaling from the locked section.
This change minimizes time spent at raised IRQL (DISPATCH_LEVEL) and reduces potential for lock contention.
There was a deadlock issue in the driver caused by the CompletionThreadProc function in EncryptedIoQueue.c:
https://sourceforge.net/p/veracrypt/discussion/general/thread/f6e7f623d0/?page=20&limit=25#8362
The driver uses a single thread (CompletionThreadProc) to process IRP completions. When IoCompleteRequest is called within this thread, it can result in new IRPs being generated (e.g., for pagefile operations) that are intercepted by the driver and queued back into the CompletionThreadQueue. Since CompletionThreadProc is the only thread processing this queue and is waiting on IoCompleteRequest, these new IRPs are not handled, leading to a system freeze.
To resolve this issue, the following changes have been made:
Deferred IRP Completion Using Pre-allocated Work Items:
- Introduced a pool of pre-allocated work items (COMPLETE_IRP_WORK_ITEM) to handle IRP completions without causing additional resource allocations that could trigger new IRPs.
- The CompletionThreadProc now queues IRP completions to these work items, which are processed in a different context using IoQueueWorkItem, preventing re-entrant IRPs from blocking the completion thread.
Thread-Safe Work Item Pool Management:
- Implemented a thread-safe mechanism using a semaphore (WorkItemSemaphore), spin lock (WorkItemLock), and a free list (FreeWorkItemsList) to manage the pool of work items.
- Threads acquire and release work items safely, and if all work items are busy, threads wait until one becomes available.
Reference Counting and Improved Stop Handling:
- Added an ActiveWorkItems counter to track the number of active work items.
- Modified EncryptedIoQueueStop to wait for all active work items to complete before proceeding with cleanup, ensuring a clean shutdown.
These changes address the deadlock issue by preventing CompletionThreadProc from being blocked by re-entrant IRPs generated during IoCompleteRequest. By deferring IRP completion to a different context using pre-allocated work items and managing resources properly, we avoid the deadlock and ensure that all IRPs are processed correctly.
If vulnerability detected, a warning message is displayed during mount or backup/restore header, and changing the password is disallowed since it will not change the master key.
Update friend declaration in FuseService.h and refactor GetCharWidth to ComputeCharWidth in WaitDialog.h to avoif hiding GetCharWidth inherited from wxWindow
The build script build_veracrypt_macosx.h now accepts the argument -f to enable fuse-t support.
It is also possible to set the environment variable VC_OSX_FUSET to 1 for FUSE-T support.
A change was done in CoreUnix::GetMountedVolumes to add a waiting loop for control file to be accessible because when using FUSE-T there always a delay before control file can be serialized.
