decompress_unxz.c 11 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398
  1. /*
  2. * Wrapper for decompressing XZ-compressed kernel, initramfs, and initrd
  3. *
  4. * Author: Lasse Collin <lasse.collin@tukaani.org>
  5. *
  6. * This file has been put into the public domain.
  7. * You can do whatever you want with this file.
  8. */
  9. /*
  10. * Important notes about in-place decompression
  11. *
  12. * At least on x86, the kernel is decompressed in place: the compressed data
  13. * is placed to the end of the output buffer, and the decompressor overwrites
  14. * most of the compressed data. There must be enough safety margin to
  15. * guarantee that the write position is always behind the read position.
  16. *
  17. * The safety margin for XZ with LZMA2 or BCJ+LZMA2 is calculated below.
  18. * Note that the margin with XZ is bigger than with Deflate (gzip)!
  19. *
  20. * The worst case for in-place decompression is that the beginning of
  21. * the file is compressed extremely well, and the rest of the file is
  22. * uncompressible. Thus, we must look for worst-case expansion when the
  23. * compressor is encoding uncompressible data.
  24. *
  25. * The structure of the .xz file in case of a compresed kernel is as follows.
  26. * Sizes (as bytes) of the fields are in parenthesis.
  27. *
  28. * Stream Header (12)
  29. * Block Header:
  30. * Block Header (8-12)
  31. * Compressed Data (N)
  32. * Block Padding (0-3)
  33. * CRC32 (4)
  34. * Index (8-20)
  35. * Stream Footer (12)
  36. *
  37. * Normally there is exactly one Block, but let's assume that there are
  38. * 2-4 Blocks just in case. Because Stream Header and also Block Header
  39. * of the first Block don't make the decompressor produce any uncompressed
  40. * data, we can ignore them from our calculations. Block Headers of possible
  41. * additional Blocks have to be taken into account still. With these
  42. * assumptions, it is safe to assume that the total header overhead is
  43. * less than 128 bytes.
  44. *
  45. * Compressed Data contains LZMA2 or BCJ+LZMA2 encoded data. Since BCJ
  46. * doesn't change the size of the data, it is enough to calculate the
  47. * safety margin for LZMA2.
  48. *
  49. * LZMA2 stores the data in chunks. Each chunk has a header whose size is
  50. * a maximum of 6 bytes, but to get round 2^n numbers, let's assume that
  51. * the maximum chunk header size is 8 bytes. After the chunk header, there
  52. * may be up to 64 KiB of actual payload in the chunk. Often the payload is
  53. * quite a bit smaller though; to be safe, let's assume that an average
  54. * chunk has only 32 KiB of payload.
  55. *
  56. * The maximum uncompressed size of the payload is 2 MiB. The minimum
  57. * uncompressed size of the payload is in practice never less than the
  58. * payload size itself. The LZMA2 format would allow uncompressed size
  59. * to be less than the payload size, but no sane compressor creates such
  60. * files. LZMA2 supports storing uncompressible data in uncompressed form,
  61. * so there's never a need to create payloads whose uncompressed size is
  62. * smaller than the compressed size.
  63. *
  64. * The assumption, that the uncompressed size of the payload is never
  65. * smaller than the payload itself, is valid only when talking about
  66. * the payload as a whole. It is possible that the payload has parts where
  67. * the decompressor consumes more input than it produces output. Calculating
  68. * the worst case for this would be tricky. Instead of trying to do that,
  69. * let's simply make sure that the decompressor never overwrites any bytes
  70. * of the payload which it is currently reading.
  71. *
  72. * Now we have enough information to calculate the safety margin. We need
  73. * - 128 bytes for the .xz file format headers;
  74. * - 8 bytes per every 32 KiB of uncompressed size (one LZMA2 chunk header
  75. * per chunk, each chunk having average payload size of 32 KiB); and
  76. * - 64 KiB (biggest possible LZMA2 chunk payload size) to make sure that
  77. * the decompressor never overwrites anything from the LZMA2 chunk
  78. * payload it is currently reading.
  79. *
  80. * We get the following formula:
  81. *
  82. * safety_margin = 128 + uncompressed_size * 8 / 32768 + 65536
  83. * = 128 + (uncompressed_size >> 12) + 65536
  84. *
  85. * For comparison, according to arch/x86/boot/compressed/misc.c, the
  86. * equivalent formula for Deflate is this:
  87. *
  88. * safety_margin = 18 + (uncompressed_size >> 12) + 32768
  89. *
  90. * Thus, when updating Deflate-only in-place kernel decompressor to
  91. * support XZ, the fixed overhead has to be increased from 18+32768 bytes
  92. * to 128+65536 bytes.
  93. */
  94. /*
  95. * STATIC is defined to "static" if we are being built for kernel
  96. * decompression (pre-boot code). <linux/decompress/mm.h> will define
  97. * STATIC to empty if it wasn't already defined. Since we will need to
  98. * know later if we are being used for kernel decompression, we define
  99. * XZ_PREBOOT here.
  100. */
  101. #ifdef STATIC
  102. # define XZ_PREBOOT
  103. #endif
  104. #ifdef __KERNEL__
  105. # include <linux/decompress/mm.h>
  106. #endif
  107. #define XZ_EXTERN STATIC
  108. #ifndef XZ_PREBOOT
  109. # include <linux/slab.h>
  110. # include <linux/xz.h>
  111. #else
  112. /*
  113. * Use the internal CRC32 code instead of kernel's CRC32 module, which
  114. * is not available in early phase of booting.
  115. */
  116. #define XZ_INTERNAL_CRC32 1
  117. /*
  118. * For boot time use, we enable only the BCJ filter of the current
  119. * architecture or none if no BCJ filter is available for the architecture.
  120. */
  121. #ifdef CONFIG_X86
  122. # define XZ_DEC_X86
  123. #endif
  124. #ifdef CONFIG_PPC
  125. # define XZ_DEC_POWERPC
  126. #endif
  127. #ifdef CONFIG_ARM
  128. # define XZ_DEC_ARM
  129. #endif
  130. #ifdef CONFIG_IA64
  131. # define XZ_DEC_IA64
  132. #endif
  133. #ifdef CONFIG_SPARC
  134. # define XZ_DEC_SPARC
  135. #endif
  136. /*
  137. * This will get the basic headers so that memeq() and others
  138. * can be defined.
  139. */
  140. #include "xz/xz_private.h"
  141. /*
  142. * Replace the normal allocation functions with the versions from
  143. * <linux/decompress/mm.h>. vfree() needs to support vfree(NULL)
  144. * when XZ_DYNALLOC is used, but the pre-boot free() doesn't support it.
  145. * Workaround it here because the other decompressors don't need it.
  146. */
  147. #undef kmalloc
  148. #undef kfree
  149. #undef vmalloc
  150. #undef vfree
  151. #define kmalloc(size, flags) malloc(size)
  152. #define kfree(ptr) free(ptr)
  153. #define vmalloc(size) malloc(size)
  154. #define vfree(ptr) do { if (ptr != NULL) free(ptr); } while (0)
  155. /*
  156. * FIXME: Not all basic memory functions are provided in architecture-specific
  157. * files (yet). We define our own versions here for now, but this should be
  158. * only a temporary solution.
  159. *
  160. * memeq and memzero are not used much and any remotely sane implementation
  161. * is fast enough. memcpy/memmove speed matters in multi-call mode, but
  162. * the kernel image is decompressed in single-call mode, in which only
  163. * memcpy speed can matter and only if there is a lot of uncompressible data
  164. * (LZMA2 stores uncompressible chunks in uncompressed form). Thus, the
  165. * functions below should just be kept small; it's probably not worth
  166. * optimizing for speed.
  167. */
  168. #ifndef memeq
  169. static bool memeq(const void *a, const void *b, size_t size)
  170. {
  171. const uint8_t *x = a;
  172. const uint8_t *y = b;
  173. size_t i;
  174. for (i = 0; i < size; ++i)
  175. if (x[i] != y[i])
  176. return false;
  177. return true;
  178. }
  179. #endif
  180. #ifndef memzero
  181. static void memzero(void *buf, size_t size)
  182. {
  183. uint8_t *b = buf;
  184. uint8_t *e = b + size;
  185. while (b != e)
  186. *b++ = '\0';
  187. }
  188. #endif
  189. #ifndef memmove
  190. /* Not static to avoid a conflict with the prototype in the Linux headers. */
  191. void *memmove(void *dest, const void *src, size_t size)
  192. {
  193. uint8_t *d = dest;
  194. const uint8_t *s = src;
  195. size_t i;
  196. if (d < s) {
  197. for (i = 0; i < size; ++i)
  198. d[i] = s[i];
  199. } else if (d > s) {
  200. i = size;
  201. while (i-- > 0)
  202. d[i] = s[i];
  203. }
  204. return dest;
  205. }
  206. #endif
  207. /*
  208. * Since we need memmove anyway, would use it as memcpy too.
  209. * Commented out for now to avoid breaking things.
  210. */
  211. /*
  212. #ifndef memcpy
  213. # define memcpy memmove
  214. #endif
  215. */
  216. #include "xz/xz_crc32.c"
  217. #include "xz/xz_dec_stream.c"
  218. #include "xz/xz_dec_lzma2.c"
  219. #include "xz/xz_dec_bcj.c"
  220. #endif /* XZ_PREBOOT */
  221. /* Size of the input and output buffers in multi-call mode */
  222. #define XZ_IOBUF_SIZE 4096
  223. /*
  224. * This function implements the API defined in <linux/decompress/generic.h>.
  225. *
  226. * This wrapper will automatically choose single-call or multi-call mode
  227. * of the native XZ decoder API. The single-call mode can be used only when
  228. * both input and output buffers are available as a single chunk, i.e. when
  229. * fill() and flush() won't be used.
  230. */
  231. STATIC int INIT unxz(unsigned char *in, int in_size,
  232. int (*fill)(void *dest, unsigned int size),
  233. int (*flush)(void *src, unsigned int size),
  234. unsigned char *out, int *in_used,
  235. void (*error)(char *x))
  236. {
  237. struct xz_buf b;
  238. struct xz_dec *s;
  239. enum xz_ret ret;
  240. bool must_free_in = false;
  241. #if XZ_INTERNAL_CRC32
  242. xz_crc32_init();
  243. #endif
  244. if (in_used != NULL)
  245. *in_used = 0;
  246. if (fill == NULL && flush == NULL)
  247. s = xz_dec_init(XZ_SINGLE, 0);
  248. else
  249. s = xz_dec_init(XZ_DYNALLOC, (uint32_t)-1);
  250. if (s == NULL)
  251. goto error_alloc_state;
  252. if (flush == NULL) {
  253. b.out = out;
  254. b.out_size = (size_t)-1;
  255. } else {
  256. b.out_size = XZ_IOBUF_SIZE;
  257. b.out = malloc(XZ_IOBUF_SIZE);
  258. if (b.out == NULL)
  259. goto error_alloc_out;
  260. }
  261. if (in == NULL) {
  262. must_free_in = true;
  263. in = malloc(XZ_IOBUF_SIZE);
  264. if (in == NULL)
  265. goto error_alloc_in;
  266. }
  267. b.in = in;
  268. b.in_pos = 0;
  269. b.in_size = in_size;
  270. b.out_pos = 0;
  271. if (fill == NULL && flush == NULL) {
  272. ret = xz_dec_run(s, &b);
  273. } else {
  274. do {
  275. if (b.in_pos == b.in_size && fill != NULL) {
  276. if (in_used != NULL)
  277. *in_used += b.in_pos;
  278. b.in_pos = 0;
  279. in_size = fill(in, XZ_IOBUF_SIZE);
  280. if (in_size < 0) {
  281. /*
  282. * This isn't an optimal error code
  283. * but it probably isn't worth making
  284. * a new one either.
  285. */
  286. ret = XZ_BUF_ERROR;
  287. break;
  288. }
  289. b.in_size = in_size;
  290. }
  291. ret = xz_dec_run(s, &b);
  292. if (flush != NULL && (b.out_pos == b.out_size
  293. || (ret != XZ_OK && b.out_pos > 0))) {
  294. /*
  295. * Setting ret here may hide an error
  296. * returned by xz_dec_run(), but probably
  297. * it's not too bad.
  298. */
  299. if (flush(b.out, b.out_pos) != (int)b.out_pos)
  300. ret = XZ_BUF_ERROR;
  301. b.out_pos = 0;
  302. }
  303. } while (ret == XZ_OK);
  304. if (must_free_in)
  305. free(in);
  306. if (flush != NULL)
  307. free(b.out);
  308. }
  309. if (in_used != NULL)
  310. *in_used += b.in_pos;
  311. xz_dec_end(s);
  312. switch (ret) {
  313. case XZ_STREAM_END:
  314. return 0;
  315. case XZ_MEM_ERROR:
  316. /* This can occur only in multi-call mode. */
  317. error("XZ decompressor ran out of memory");
  318. break;
  319. case XZ_FORMAT_ERROR:
  320. error("Input is not in the XZ format (wrong magic bytes)");
  321. break;
  322. case XZ_OPTIONS_ERROR:
  323. error("Input was encoded with settings that are not "
  324. "supported by this XZ decoder");
  325. break;
  326. case XZ_DATA_ERROR:
  327. case XZ_BUF_ERROR:
  328. error("XZ-compressed data is corrupt");
  329. break;
  330. default:
  331. error("Bug in the XZ decompressor");
  332. break;
  333. }
  334. return -1;
  335. error_alloc_in:
  336. if (flush != NULL)
  337. free(b.out);
  338. error_alloc_out:
  339. xz_dec_end(s);
  340. error_alloc_state:
  341. error("XZ decompressor ran out of memory");
  342. return -1;
  343. }
  344. /*
  345. * This macro is used by architecture-specific files to decompress
  346. * the kernel image.
  347. */
  348. #define decompress unxz