Version:  2.0.40 2.2.26 2.4.37 3.13 3.14 3.15 3.16 3.17 3.18 3.19 4.0 4.1 4.2 4.3 4.4 4.5 4.6 4.7 4.8 4.9 4.10

Linux/lib/decompress_unxz.c

  1 /*
  2  * Wrapper for decompressing XZ-compressed kernel, initramfs, and initrd
  3  *
  4  * Author: Lasse Collin <lasse.collin@tukaani.org>
  5  *
  6  * This file has been put into the public domain.
  7  * You can do whatever you want with this file.
  8  */
  9 
 10 /*
 11  * Important notes about in-place decompression
 12  *
 13  * At least on x86, the kernel is decompressed in place: the compressed data
 14  * is placed to the end of the output buffer, and the decompressor overwrites
 15  * most of the compressed data. There must be enough safety margin to
 16  * guarantee that the write position is always behind the read position.
 17  *
 18  * The safety margin for XZ with LZMA2 or BCJ+LZMA2 is calculated below.
 19  * Note that the margin with XZ is bigger than with Deflate (gzip)!
 20  *
 21  * The worst case for in-place decompression is that the beginning of
 22  * the file is compressed extremely well, and the rest of the file is
 23  * uncompressible. Thus, we must look for worst-case expansion when the
 24  * compressor is encoding uncompressible data.
 25  *
 26  * The structure of the .xz file in case of a compresed kernel is as follows.
 27  * Sizes (as bytes) of the fields are in parenthesis.
 28  *
 29  *    Stream Header (12)
 30  *    Block Header:
 31  *      Block Header (8-12)
 32  *      Compressed Data (N)
 33  *      Block Padding (0-3)
 34  *      CRC32 (4)
 35  *    Index (8-20)
 36  *    Stream Footer (12)
 37  *
 38  * Normally there is exactly one Block, but let's assume that there are
 39  * 2-4 Blocks just in case. Because Stream Header and also Block Header
 40  * of the first Block don't make the decompressor produce any uncompressed
 41  * data, we can ignore them from our calculations. Block Headers of possible
 42  * additional Blocks have to be taken into account still. With these
 43  * assumptions, it is safe to assume that the total header overhead is
 44  * less than 128 bytes.
 45  *
 46  * Compressed Data contains LZMA2 or BCJ+LZMA2 encoded data. Since BCJ
 47  * doesn't change the size of the data, it is enough to calculate the
 48  * safety margin for LZMA2.
 49  *
 50  * LZMA2 stores the data in chunks. Each chunk has a header whose size is
 51  * a maximum of 6 bytes, but to get round 2^n numbers, let's assume that
 52  * the maximum chunk header size is 8 bytes. After the chunk header, there
 53  * may be up to 64 KiB of actual payload in the chunk. Often the payload is
 54  * quite a bit smaller though; to be safe, let's assume that an average
 55  * chunk has only 32 KiB of payload.
 56  *
 57  * The maximum uncompressed size of the payload is 2 MiB. The minimum
 58  * uncompressed size of the payload is in practice never less than the
 59  * payload size itself. The LZMA2 format would allow uncompressed size
 60  * to be less than the payload size, but no sane compressor creates such
 61  * files. LZMA2 supports storing uncompressible data in uncompressed form,
 62  * so there's never a need to create payloads whose uncompressed size is
 63  * smaller than the compressed size.
 64  *
 65  * The assumption, that the uncompressed size of the payload is never
 66  * smaller than the payload itself, is valid only when talking about
 67  * the payload as a whole. It is possible that the payload has parts where
 68  * the decompressor consumes more input than it produces output. Calculating
 69  * the worst case for this would be tricky. Instead of trying to do that,
 70  * let's simply make sure that the decompressor never overwrites any bytes
 71  * of the payload which it is currently reading.
 72  *
 73  * Now we have enough information to calculate the safety margin. We need
 74  *   - 128 bytes for the .xz file format headers;
 75  *   - 8 bytes per every 32 KiB of uncompressed size (one LZMA2 chunk header
 76  *     per chunk, each chunk having average payload size of 32 KiB); and
 77  *   - 64 KiB (biggest possible LZMA2 chunk payload size) to make sure that
 78  *     the decompressor never overwrites anything from the LZMA2 chunk
 79  *     payload it is currently reading.
 80  *
 81  * We get the following formula:
 82  *
 83  *    safety_margin = 128 + uncompressed_size * 8 / 32768 + 65536
 84  *                  = 128 + (uncompressed_size >> 12) + 65536
 85  *
 86  * For comparison, according to arch/x86/boot/compressed/misc.c, the
 87  * equivalent formula for Deflate is this:
 88  *
 89  *    safety_margin = 18 + (uncompressed_size >> 12) + 32768
 90  *
 91  * Thus, when updating Deflate-only in-place kernel decompressor to
 92  * support XZ, the fixed overhead has to be increased from 18+32768 bytes
 93  * to 128+65536 bytes.
 94  */
 95 
 96 /*
 97  * STATIC is defined to "static" if we are being built for kernel
 98  * decompression (pre-boot code). <linux/decompress/mm.h> will define
 99  * STATIC to empty if it wasn't already defined. Since we will need to
100  * know later if we are being used for kernel decompression, we define
101  * XZ_PREBOOT here.
102  */
103 #ifdef STATIC
104 #       define XZ_PREBOOT
105 #endif
106 #ifdef __KERNEL__
107 #       include <linux/decompress/mm.h>
108 #endif
109 #define XZ_EXTERN STATIC
110 
111 #ifndef XZ_PREBOOT
112 #       include <linux/slab.h>
113 #       include <linux/xz.h>
114 #else
115 /*
116  * Use the internal CRC32 code instead of kernel's CRC32 module, which
117  * is not available in early phase of booting.
118  */
119 #define XZ_INTERNAL_CRC32 1
120 
121 /*
122  * For boot time use, we enable only the BCJ filter of the current
123  * architecture or none if no BCJ filter is available for the architecture.
124  */
125 #ifdef CONFIG_X86
126 #       define XZ_DEC_X86
127 #endif
128 #ifdef CONFIG_PPC
129 #       define XZ_DEC_POWERPC
130 #endif
131 #ifdef CONFIG_ARM
132 #       define XZ_DEC_ARM
133 #endif
134 #ifdef CONFIG_IA64
135 #       define XZ_DEC_IA64
136 #endif
137 #ifdef CONFIG_SPARC
138 #       define XZ_DEC_SPARC
139 #endif
140 
141 /*
142  * This will get the basic headers so that memeq() and others
143  * can be defined.
144  */
145 #include "xz/xz_private.h"
146 
147 /*
148  * Replace the normal allocation functions with the versions from
149  * <linux/decompress/mm.h>. vfree() needs to support vfree(NULL)
150  * when XZ_DYNALLOC is used, but the pre-boot free() doesn't support it.
151  * Workaround it here because the other decompressors don't need it.
152  */
153 #undef kmalloc
154 #undef kfree
155 #undef vmalloc
156 #undef vfree
157 #define kmalloc(size, flags) malloc(size)
158 #define kfree(ptr) free(ptr)
159 #define vmalloc(size) malloc(size)
160 #define vfree(ptr) do { if (ptr != NULL) free(ptr); } while (0)
161 
162 /*
163  * FIXME: Not all basic memory functions are provided in architecture-specific
164  * files (yet). We define our own versions here for now, but this should be
165  * only a temporary solution.
166  *
167  * memeq and memzero are not used much and any remotely sane implementation
168  * is fast enough. memcpy/memmove speed matters in multi-call mode, but
169  * the kernel image is decompressed in single-call mode, in which only
170  * memcpy speed can matter and only if there is a lot of uncompressible data
171  * (LZMA2 stores uncompressible chunks in uncompressed form). Thus, the
172  * functions below should just be kept small; it's probably not worth
173  * optimizing for speed.
174  */
175 
176 #ifndef memeq
177 static bool memeq(const void *a, const void *b, size_t size)
178 {
179         const uint8_t *x = a;
180         const uint8_t *y = b;
181         size_t i;
182 
183         for (i = 0; i < size; ++i)
184                 if (x[i] != y[i])
185                         return false;
186 
187         return true;
188 }
189 #endif
190 
191 #ifndef memzero
192 static void memzero(void *buf, size_t size)
193 {
194         uint8_t *b = buf;
195         uint8_t *e = b + size;
196 
197         while (b != e)
198                 *b++ = '\0';
199 }
200 #endif
201 
202 #ifndef memmove
203 /* Not static to avoid a conflict with the prototype in the Linux headers. */
204 void *memmove(void *dest, const void *src, size_t size)
205 {
206         uint8_t *d = dest;
207         const uint8_t *s = src;
208         size_t i;
209 
210         if (d < s) {
211                 for (i = 0; i < size; ++i)
212                         d[i] = s[i];
213         } else if (d > s) {
214                 i = size;
215                 while (i-- > 0)
216                         d[i] = s[i];
217         }
218 
219         return dest;
220 }
221 #endif
222 
223 /*
224  * Since we need memmove anyway, would use it as memcpy too.
225  * Commented out for now to avoid breaking things.
226  */
227 /*
228 #ifndef memcpy
229 #       define memcpy memmove
230 #endif
231 */
232 
233 #include "xz/xz_crc32.c"
234 #include "xz/xz_dec_stream.c"
235 #include "xz/xz_dec_lzma2.c"
236 #include "xz/xz_dec_bcj.c"
237 
238 #endif /* XZ_PREBOOT */
239 
240 /* Size of the input and output buffers in multi-call mode */
241 #define XZ_IOBUF_SIZE 4096
242 
243 /*
244  * This function implements the API defined in <linux/decompress/generic.h>.
245  *
246  * This wrapper will automatically choose single-call or multi-call mode
247  * of the native XZ decoder API. The single-call mode can be used only when
248  * both input and output buffers are available as a single chunk, i.e. when
249  * fill() and flush() won't be used.
250  */
251 STATIC int INIT unxz(unsigned char *in, long in_size,
252                      long (*fill)(void *dest, unsigned long size),
253                      long (*flush)(void *src, unsigned long size),
254                      unsigned char *out, long *in_used,
255                      void (*error)(char *x))
256 {
257         struct xz_buf b;
258         struct xz_dec *s;
259         enum xz_ret ret;
260         bool must_free_in = false;
261 
262 #if XZ_INTERNAL_CRC32
263         xz_crc32_init();
264 #endif
265 
266         if (in_used != NULL)
267                 *in_used = 0;
268 
269         if (fill == NULL && flush == NULL)
270                 s = xz_dec_init(XZ_SINGLE, 0);
271         else
272                 s = xz_dec_init(XZ_DYNALLOC, (uint32_t)-1);
273 
274         if (s == NULL)
275                 goto error_alloc_state;
276 
277         if (flush == NULL) {
278                 b.out = out;
279                 b.out_size = (size_t)-1;
280         } else {
281                 b.out_size = XZ_IOBUF_SIZE;
282                 b.out = malloc(XZ_IOBUF_SIZE);
283                 if (b.out == NULL)
284                         goto error_alloc_out;
285         }
286 
287         if (in == NULL) {
288                 must_free_in = true;
289                 in = malloc(XZ_IOBUF_SIZE);
290                 if (in == NULL)
291                         goto error_alloc_in;
292         }
293 
294         b.in = in;
295         b.in_pos = 0;
296         b.in_size = in_size;
297         b.out_pos = 0;
298 
299         if (fill == NULL && flush == NULL) {
300                 ret = xz_dec_run(s, &b);
301         } else {
302                 do {
303                         if (b.in_pos == b.in_size && fill != NULL) {
304                                 if (in_used != NULL)
305                                         *in_used += b.in_pos;
306 
307                                 b.in_pos = 0;
308 
309                                 in_size = fill(in, XZ_IOBUF_SIZE);
310                                 if (in_size < 0) {
311                                         /*
312                                          * This isn't an optimal error code
313                                          * but it probably isn't worth making
314                                          * a new one either.
315                                          */
316                                         ret = XZ_BUF_ERROR;
317                                         break;
318                                 }
319 
320                                 b.in_size = in_size;
321                         }
322 
323                         ret = xz_dec_run(s, &b);
324 
325                         if (flush != NULL && (b.out_pos == b.out_size
326                                         || (ret != XZ_OK && b.out_pos > 0))) {
327                                 /*
328                                  * Setting ret here may hide an error
329                                  * returned by xz_dec_run(), but probably
330                                  * it's not too bad.
331                                  */
332                                 if (flush(b.out, b.out_pos) != (long)b.out_pos)
333                                         ret = XZ_BUF_ERROR;
334 
335                                 b.out_pos = 0;
336                         }
337                 } while (ret == XZ_OK);
338 
339                 if (must_free_in)
340                         free(in);
341 
342                 if (flush != NULL)
343                         free(b.out);
344         }
345 
346         if (in_used != NULL)
347                 *in_used += b.in_pos;
348 
349         xz_dec_end(s);
350 
351         switch (ret) {
352         case XZ_STREAM_END:
353                 return 0;
354 
355         case XZ_MEM_ERROR:
356                 /* This can occur only in multi-call mode. */
357                 error("XZ decompressor ran out of memory");
358                 break;
359 
360         case XZ_FORMAT_ERROR:
361                 error("Input is not in the XZ format (wrong magic bytes)");
362                 break;
363 
364         case XZ_OPTIONS_ERROR:
365                 error("Input was encoded with settings that are not "
366                                 "supported by this XZ decoder");
367                 break;
368 
369         case XZ_DATA_ERROR:
370         case XZ_BUF_ERROR:
371                 error("XZ-compressed data is corrupt");
372                 break;
373 
374         default:
375                 error("Bug in the XZ decompressor");
376                 break;
377         }
378 
379         return -1;
380 
381 error_alloc_in:
382         if (flush != NULL)
383                 free(b.out);
384 
385 error_alloc_out:
386         xz_dec_end(s);
387 
388 error_alloc_state:
389         error("XZ decompressor ran out of memory");
390         return -1;
391 }
392 
393 /*
394  * This macro is used by architecture-specific files to decompress
395  * the kernel image.
396  */
397 #ifdef XZ_PREBOOT
398 STATIC int INIT __decompress(unsigned char *buf, long len,
399                            long (*fill)(void*, unsigned long),
400                            long (*flush)(void*, unsigned long),
401                            unsigned char *out_buf, long olen,
402                            long *pos,
403                            void (*error)(char *x))
404 {
405         return unxz(buf, len, fill, flush, out_buf, pos, error);
406 }
407 #endif
408 

This page was automatically generated by LXR 0.3.1 (source).  •  Linux is a registered trademark of Linus Torvalds  •  Contact us