Commit | Line | Data |
---|---|---|
24fa0402 LC |
1 | /* |
2 | * XZ decompressor | |
3 | * | |
4 | * Authors: Lasse Collin <lasse.collin@tukaani.org> | |
7f317d34 | 5 | * Igor Pavlov <https://7-zip.org/> |
24fa0402 LC |
6 | * |
7 | * This file has been put into the public domain. | |
8 | * You can do whatever you want with this file. | |
9 | */ | |
10 | ||
11 | #ifndef XZ_H | |
12 | #define XZ_H | |
13 | ||
14 | #ifdef __KERNEL__ | |
15 | # include <linux/stddef.h> | |
16 | # include <linux/types.h> | |
17 | #else | |
18 | # include <stddef.h> | |
19 | # include <stdint.h> | |
20 | #endif | |
21 | ||
22 | /* In Linux, this is used to make extern functions static when needed. */ | |
23 | #ifndef XZ_EXTERN | |
24 | # define XZ_EXTERN extern | |
25 | #endif | |
26 | ||
27 | /** | |
28 | * enum xz_mode - Operation mode | |
29 | * | |
30 | * @XZ_SINGLE: Single-call mode. This uses less RAM than | |
f48ff83e | 31 | * multi-call modes, because the LZMA2 |
24fa0402 LC |
32 | * dictionary doesn't need to be allocated as |
33 | * part of the decoder state. All required data | |
34 | * structures are allocated at initialization, | |
35 | * so xz_dec_run() cannot return XZ_MEM_ERROR. | |
36 | * @XZ_PREALLOC: Multi-call mode with preallocated LZMA2 | |
37 | * dictionary buffer. All data structures are | |
38 | * allocated at initialization, so xz_dec_run() | |
39 | * cannot return XZ_MEM_ERROR. | |
40 | * @XZ_DYNALLOC: Multi-call mode. The LZMA2 dictionary is | |
41 | * allocated once the required size has been | |
42 | * parsed from the stream headers. If the | |
43 | * allocation fails, xz_dec_run() will return | |
44 | * XZ_MEM_ERROR. | |
45 | * | |
46 | * It is possible to enable support only for a subset of the above | |
47 | * modes at compile time by defining XZ_DEC_SINGLE, XZ_DEC_PREALLOC, | |
48 | * or XZ_DEC_DYNALLOC. The xz_dec kernel module is always compiled | |
49 | * with support for all operation modes, but the preboot code may | |
50 | * be built with fewer features to minimize code size. | |
51 | */ | |
52 | enum xz_mode { | |
53 | XZ_SINGLE, | |
54 | XZ_PREALLOC, | |
55 | XZ_DYNALLOC | |
56 | }; | |
57 | ||
58 | /** | |
59 | * enum xz_ret - Return codes | |
60 | * @XZ_OK: Everything is OK so far. More input or more | |
61 | * output space is required to continue. This | |
62 | * return code is possible only in multi-call mode | |
63 | * (XZ_PREALLOC or XZ_DYNALLOC). | |
64 | * @XZ_STREAM_END: Operation finished successfully. | |
65 | * @XZ_UNSUPPORTED_CHECK: Integrity check type is not supported. Decoding | |
66 | * is still possible in multi-call mode by simply | |
67 | * calling xz_dec_run() again. | |
68 | * Note that this return value is used only if | |
69 | * XZ_DEC_ANY_CHECK was defined at build time, | |
70 | * which is not used in the kernel. Unsupported | |
71 | * check types return XZ_OPTIONS_ERROR if | |
72 | * XZ_DEC_ANY_CHECK was not defined at build time. | |
73 | * @XZ_MEM_ERROR: Allocating memory failed. This return code is | |
74 | * possible only if the decoder was initialized | |
75 | * with XZ_DYNALLOC. The amount of memory that was | |
76 | * tried to be allocated was no more than the | |
77 | * dict_max argument given to xz_dec_init(). | |
78 | * @XZ_MEMLIMIT_ERROR: A bigger LZMA2 dictionary would be needed than | |
79 | * allowed by the dict_max argument given to | |
80 | * xz_dec_init(). This return value is possible | |
81 | * only in multi-call mode (XZ_PREALLOC or | |
82 | * XZ_DYNALLOC); the single-call mode (XZ_SINGLE) | |
83 | * ignores the dict_max argument. | |
84 | * @XZ_FORMAT_ERROR: File format was not recognized (wrong magic | |
85 | * bytes). | |
86 | * @XZ_OPTIONS_ERROR: This implementation doesn't support the requested | |
87 | * compression options. In the decoder this means | |
88 | * that the header CRC32 matches, but the header | |
89 | * itself specifies something that we don't support. | |
90 | * @XZ_DATA_ERROR: Compressed data is corrupt. | |
91 | * @XZ_BUF_ERROR: Cannot make any progress. Details are slightly | |
92 | * different between multi-call and single-call | |
93 | * mode; more information below. | |
94 | * | |
95 | * In multi-call mode, XZ_BUF_ERROR is returned when two consecutive calls | |
96 | * to XZ code cannot consume any input and cannot produce any new output. | |
97 | * This happens when there is no new input available, or the output buffer | |
98 | * is full while at least one output byte is still pending. Assuming your | |
99 | * code is not buggy, you can get this error only when decoding a compressed | |
100 | * stream that is truncated or otherwise corrupt. | |
101 | * | |
102 | * In single-call mode, XZ_BUF_ERROR is returned only when the output buffer | |
103 | * is too small or the compressed input is corrupt in a way that makes the | |
104 | * decoder produce more output than the caller expected. When it is | |
105 | * (relatively) clear that the compressed input is truncated, XZ_DATA_ERROR | |
106 | * is used instead of XZ_BUF_ERROR. | |
107 | */ | |
108 | enum xz_ret { | |
109 | XZ_OK, | |
110 | XZ_STREAM_END, | |
111 | XZ_UNSUPPORTED_CHECK, | |
112 | XZ_MEM_ERROR, | |
113 | XZ_MEMLIMIT_ERROR, | |
114 | XZ_FORMAT_ERROR, | |
115 | XZ_OPTIONS_ERROR, | |
116 | XZ_DATA_ERROR, | |
117 | XZ_BUF_ERROR | |
118 | }; | |
119 | ||
120 | /** | |
121 | * struct xz_buf - Passing input and output buffers to XZ code | |
122 | * @in: Beginning of the input buffer. This may be NULL if and only | |
123 | * if in_pos is equal to in_size. | |
124 | * @in_pos: Current position in the input buffer. This must not exceed | |
125 | * in_size. | |
126 | * @in_size: Size of the input buffer | |
127 | * @out: Beginning of the output buffer. This may be NULL if and only | |
128 | * if out_pos is equal to out_size. | |
129 | * @out_pos: Current position in the output buffer. This must not exceed | |
130 | * out_size. | |
131 | * @out_size: Size of the output buffer | |
132 | * | |
133 | * Only the contents of the output buffer from out[out_pos] onward, and | |
134 | * the variables in_pos and out_pos are modified by the XZ code. | |
135 | */ | |
136 | struct xz_buf { | |
137 | const uint8_t *in; | |
138 | size_t in_pos; | |
139 | size_t in_size; | |
140 | ||
141 | uint8_t *out; | |
142 | size_t out_pos; | |
143 | size_t out_size; | |
144 | }; | |
145 | ||
146 | /** | |
147 | * struct xz_dec - Opaque type to hold the XZ decoder state | |
148 | */ | |
149 | struct xz_dec; | |
150 | ||
151 | /** | |
152 | * xz_dec_init() - Allocate and initialize a XZ decoder state | |
153 | * @mode: Operation mode | |
154 | * @dict_max: Maximum size of the LZMA2 dictionary (history buffer) for | |
155 | * multi-call decoding. This is ignored in single-call mode | |
156 | * (mode == XZ_SINGLE). LZMA2 dictionary is always 2^n bytes | |
157 | * or 2^n + 2^(n-1) bytes (the latter sizes are less common | |
158 | * in practice), so other values for dict_max don't make sense. | |
159 | * In the kernel, dictionary sizes of 64 KiB, 128 KiB, 256 KiB, | |
160 | * 512 KiB, and 1 MiB are probably the only reasonable values, | |
161 | * except for kernel and initramfs images where a bigger | |
162 | * dictionary can be fine and useful. | |
163 | * | |
164 | * Single-call mode (XZ_SINGLE): xz_dec_run() decodes the whole stream at | |
165 | * once. The caller must provide enough output space or the decoding will | |
166 | * fail. The output space is used as the dictionary buffer, which is why | |
167 | * there is no need to allocate the dictionary as part of the decoder's | |
168 | * internal state. | |
169 | * | |
170 | * Because the output buffer is used as the workspace, streams encoded using | |
171 | * a big dictionary are not a problem in single-call mode. It is enough that | |
172 | * the output buffer is big enough to hold the actual uncompressed data; it | |
173 | * can be smaller than the dictionary size stored in the stream headers. | |
174 | * | |
175 | * Multi-call mode with preallocated dictionary (XZ_PREALLOC): dict_max bytes | |
176 | * of memory is preallocated for the LZMA2 dictionary. This way there is no | |
177 | * risk that xz_dec_run() could run out of memory, since xz_dec_run() will | |
178 | * never allocate any memory. Instead, if the preallocated dictionary is too | |
179 | * small for decoding the given input stream, xz_dec_run() will return | |
180 | * XZ_MEMLIMIT_ERROR. Thus, it is important to know what kind of data will be | |
181 | * decoded to avoid allocating excessive amount of memory for the dictionary. | |
182 | * | |
183 | * Multi-call mode with dynamically allocated dictionary (XZ_DYNALLOC): | |
184 | * dict_max specifies the maximum allowed dictionary size that xz_dec_run() | |
185 | * may allocate once it has parsed the dictionary size from the stream | |
186 | * headers. This way excessive allocations can be avoided while still | |
187 | * limiting the maximum memory usage to a sane value to prevent running the | |
188 | * system out of memory when decompressing streams from untrusted sources. | |
189 | * | |
190 | * On success, xz_dec_init() returns a pointer to struct xz_dec, which is | |
191 | * ready to be used with xz_dec_run(). If memory allocation fails, | |
192 | * xz_dec_init() returns NULL. | |
193 | */ | |
194 | XZ_EXTERN struct xz_dec *xz_dec_init(enum xz_mode mode, uint32_t dict_max); | |
195 | ||
196 | /** | |
197 | * xz_dec_run() - Run the XZ decoder | |
198 | * @s: Decoder state allocated using xz_dec_init() | |
199 | * @b: Input and output buffers | |
200 | * | |
201 | * The possible return values depend on build options and operation mode. | |
202 | * See enum xz_ret for details. | |
203 | * | |
204 | * Note that if an error occurs in single-call mode (return value is not | |
205 | * XZ_STREAM_END), b->in_pos and b->out_pos are not modified and the | |
206 | * contents of the output buffer from b->out[b->out_pos] onward are | |
207 | * undefined. This is true even after XZ_BUF_ERROR, because with some filter | |
208 | * chains, there may be a second pass over the output buffer, and this pass | |
209 | * cannot be properly done if the output buffer is truncated. Thus, you | |
210 | * cannot give the single-call decoder a too small buffer and then expect to | |
211 | * get that amount valid data from the beginning of the stream. You must use | |
212 | * the multi-call decoder if you don't want to uncompress the whole stream. | |
213 | */ | |
214 | XZ_EXTERN enum xz_ret xz_dec_run(struct xz_dec *s, struct xz_buf *b); | |
215 | ||
216 | /** | |
217 | * xz_dec_reset() - Reset an already allocated decoder state | |
218 | * @s: Decoder state allocated using xz_dec_init() | |
219 | * | |
220 | * This function can be used to reset the multi-call decoder state without | |
221 | * freeing and reallocating memory with xz_dec_end() and xz_dec_init(). | |
222 | * | |
223 | * In single-call mode, xz_dec_reset() is always called in the beginning of | |
224 | * xz_dec_run(). Thus, explicit call to xz_dec_reset() is useful only in | |
225 | * multi-call mode. | |
226 | */ | |
227 | XZ_EXTERN void xz_dec_reset(struct xz_dec *s); | |
228 | ||
229 | /** | |
230 | * xz_dec_end() - Free the memory allocated for the decoder state | |
231 | * @s: Decoder state allocated using xz_dec_init(). If s is NULL, | |
232 | * this function does nothing. | |
233 | */ | |
234 | XZ_EXTERN void xz_dec_end(struct xz_dec *s); | |
235 | ||
aaa2975f LC |
236 | /* |
237 | * Decompressor for MicroLZMA, an LZMA variant with a very minimal header. | |
238 | * See xz_dec_microlzma_alloc() below for details. | |
239 | * | |
240 | * These functions aren't used or available in preboot code and thus aren't | |
241 | * marked with XZ_EXTERN. This avoids warnings about static functions that | |
242 | * are never defined. | |
243 | */ | |
244 | /** | |
245 | * struct xz_dec_microlzma - Opaque type to hold the MicroLZMA decoder state | |
246 | */ | |
247 | struct xz_dec_microlzma; | |
248 | ||
249 | /** | |
250 | * xz_dec_microlzma_alloc() - Allocate memory for the MicroLZMA decoder | |
251 | * @mode XZ_SINGLE or XZ_PREALLOC | |
252 | * @dict_size LZMA dictionary size. This must be at least 4 KiB and | |
253 | * at most 3 GiB. | |
254 | * | |
255 | * In contrast to xz_dec_init(), this function only allocates the memory | |
256 | * and remembers the dictionary size. xz_dec_microlzma_reset() must be used | |
257 | * before calling xz_dec_microlzma_run(). | |
258 | * | |
259 | * The amount of allocated memory is a little less than 30 KiB with XZ_SINGLE. | |
260 | * With XZ_PREALLOC also a dictionary buffer of dict_size bytes is allocated. | |
261 | * | |
262 | * On success, xz_dec_microlzma_alloc() returns a pointer to | |
263 | * struct xz_dec_microlzma. If memory allocation fails or | |
264 | * dict_size is invalid, NULL is returned. | |
265 | * | |
266 | * The compressed format supported by this decoder is a raw LZMA stream | |
267 | * whose first byte (always 0x00) has been replaced with bitwise-negation | |
268 | * of the LZMA properties (lc/lp/pb) byte. For example, if lc/lp/pb is | |
269 | * 3/0/2, the first byte is 0xA2. This way the first byte can never be 0x00. | |
270 | * Just like with LZMA2, lc + lp <= 4 must be true. The LZMA end-of-stream | |
271 | * marker must not be used. The unused values are reserved for future use. | |
272 | * This MicroLZMA header format was created for use in EROFS but may be used | |
273 | * by others too. | |
274 | */ | |
275 | extern struct xz_dec_microlzma *xz_dec_microlzma_alloc(enum xz_mode mode, | |
276 | uint32_t dict_size); | |
277 | ||
278 | /** | |
279 | * xz_dec_microlzma_reset() - Reset the MicroLZMA decoder state | |
280 | * @s Decoder state allocated using xz_dec_microlzma_alloc() | |
281 | * @comp_size Compressed size of the input stream | |
282 | * @uncomp_size Uncompressed size of the input stream. A value smaller | |
283 | * than the real uncompressed size of the input stream can | |
284 | * be specified if uncomp_size_is_exact is set to false. | |
285 | * uncomp_size can never be set to a value larger than the | |
286 | * expected real uncompressed size because it would eventually | |
287 | * result in XZ_DATA_ERROR. | |
288 | * @uncomp_size_is_exact This is an int instead of bool to avoid | |
289 | * requiring stdbool.h. This should normally be set to true. | |
290 | * When this is set to false, error detection is weaker. | |
291 | */ | |
292 | extern void xz_dec_microlzma_reset(struct xz_dec_microlzma *s, | |
293 | uint32_t comp_size, uint32_t uncomp_size, | |
294 | int uncomp_size_is_exact); | |
295 | ||
296 | /** | |
297 | * xz_dec_microlzma_run() - Run the MicroLZMA decoder | |
298 | * @s Decoder state initialized using xz_dec_microlzma_reset() | |
299 | * @b: Input and output buffers | |
300 | * | |
301 | * This works similarly to xz_dec_run() with a few important differences. | |
302 | * Only the differences are documented here. | |
303 | * | |
304 | * The only possible return values are XZ_OK, XZ_STREAM_END, and | |
305 | * XZ_DATA_ERROR. This function cannot return XZ_BUF_ERROR: if no progress | |
306 | * is possible due to lack of input data or output space, this function will | |
307 | * keep returning XZ_OK. Thus, the calling code must be written so that it | |
308 | * will eventually provide input and output space matching (or exceeding) | |
309 | * comp_size and uncomp_size arguments given to xz_dec_microlzma_reset(). | |
310 | * If the caller cannot do this (for example, if the input file is truncated | |
311 | * or otherwise corrupt), the caller must detect this error by itself to | |
312 | * avoid an infinite loop. | |
313 | * | |
314 | * If the compressed data seems to be corrupt, XZ_DATA_ERROR is returned. | |
315 | * This can happen also when incorrect dictionary, uncompressed, or | |
316 | * compressed sizes have been specified. | |
317 | * | |
318 | * With XZ_PREALLOC only: As an extra feature, b->out may be NULL to skip over | |
319 | * uncompressed data. This way the caller doesn't need to provide a temporary | |
320 | * output buffer for the bytes that will be ignored. | |
321 | * | |
322 | * With XZ_SINGLE only: In contrast to xz_dec_run(), the return value XZ_OK | |
323 | * is also possible and thus XZ_SINGLE is actually a limited multi-call mode. | |
324 | * After XZ_OK the bytes decoded so far may be read from the output buffer. | |
325 | * It is possible to continue decoding but the variables b->out and b->out_pos | |
326 | * MUST NOT be changed by the caller. Increasing the value of b->out_size is | |
327 | * allowed to make more output space available; one doesn't need to provide | |
328 | * space for the whole uncompressed data on the first call. The input buffer | |
329 | * may be changed normally like with XZ_PREALLOC. This way input data can be | |
330 | * provided from non-contiguous memory. | |
331 | */ | |
332 | extern enum xz_ret xz_dec_microlzma_run(struct xz_dec_microlzma *s, | |
333 | struct xz_buf *b); | |
334 | ||
335 | /** | |
336 | * xz_dec_microlzma_end() - Free the memory allocated for the decoder state | |
337 | * @s: Decoder state allocated using xz_dec_microlzma_alloc(). | |
338 | * If s is NULL, this function does nothing. | |
339 | */ | |
340 | extern void xz_dec_microlzma_end(struct xz_dec_microlzma *s); | |
341 | ||
24fa0402 LC |
342 | /* |
343 | * Standalone build (userspace build or in-kernel build for boot time use) | |
344 | * needs a CRC32 implementation. For normal in-kernel use, kernel's own | |
345 | * CRC32 module is used instead, and users of this module don't need to | |
346 | * care about the functions below. | |
347 | */ | |
348 | #ifndef XZ_INTERNAL_CRC32 | |
349 | # ifdef __KERNEL__ | |
350 | # define XZ_INTERNAL_CRC32 0 | |
351 | # else | |
352 | # define XZ_INTERNAL_CRC32 1 | |
353 | # endif | |
354 | #endif | |
355 | ||
356 | #if XZ_INTERNAL_CRC32 | |
357 | /* | |
358 | * This must be called before any other xz_* function to initialize | |
359 | * the CRC32 lookup table. | |
360 | */ | |
361 | XZ_EXTERN void xz_crc32_init(void); | |
362 | ||
363 | /* | |
364 | * Update CRC32 value using the polynomial from IEEE-802.3. To start a new | |
365 | * calculation, the third argument must be zero. To continue the calculation, | |
366 | * the previously returned value is passed as the third argument. | |
367 | */ | |
368 | XZ_EXTERN uint32_t xz_crc32(const uint8_t *buf, size_t size, uint32_t crc); | |
369 | #endif | |
370 | #endif |