1/*
2 * XZ decompressor
3 *
4 * Authors: Lasse Collin <lasse.collin@tukaani.org>
5 * Igor Pavlov <https://7-zip.org/>
6 *
7 * This file has been put into the public domain.
8 * You can do whatever you want with this file.
9 */
10
11#ifndef XZ_H
12#define XZ_H
13
14#ifdef __KERNEL__
15# include <linux/stddef.h>
16# include <linux/types.h>
17#else
18# include <stddef.h>
19# include <stdint.h>
20#endif
21
22/* In Linux, this is used to make extern functions static when needed. */
23#ifndef XZ_EXTERN
24# define XZ_EXTERN extern
25#endif
26
27/**
28 * enum xz_mode - Operation mode
29 *
30 * @XZ_SINGLE: Single-call mode. This uses less RAM than
31 * multi-call modes, because the LZMA2
32 * dictionary doesn't need to be allocated as
33 * part of the decoder state. All required data
34 * structures are allocated at initialization,
35 * so xz_dec_run() cannot return XZ_MEM_ERROR.
36 * @XZ_PREALLOC: Multi-call mode with preallocated LZMA2
37 * dictionary buffer. All data structures are
38 * allocated at initialization, so xz_dec_run()
39 * cannot return XZ_MEM_ERROR.
40 * @XZ_DYNALLOC: Multi-call mode. The LZMA2 dictionary is
41 * allocated once the required size has been
42 * parsed from the stream headers. If the
43 * allocation fails, xz_dec_run() will return
44 * XZ_MEM_ERROR.
45 *
46 * It is possible to enable support only for a subset of the above
47 * modes at compile time by defining XZ_DEC_SINGLE, XZ_DEC_PREALLOC,
48 * or XZ_DEC_DYNALLOC. The xz_dec kernel module is always compiled
49 * with support for all operation modes, but the preboot code may
50 * be built with fewer features to minimize code size.
51 */
52enum xz_mode {
53 XZ_SINGLE,
54 XZ_PREALLOC,
55 XZ_DYNALLOC
56};
57
58/**
59 * enum xz_ret - Return codes
60 * @XZ_OK: Everything is OK so far. More input or more
61 * output space is required to continue. This
62 * return code is possible only in multi-call mode
63 * (XZ_PREALLOC or XZ_DYNALLOC).
64 * @XZ_STREAM_END: Operation finished successfully.
65 * @XZ_UNSUPPORTED_CHECK: Integrity check type is not supported. Decoding
66 * is still possible in multi-call mode by simply
67 * calling xz_dec_run() again.
68 * Note that this return value is used only if
69 * XZ_DEC_ANY_CHECK was defined at build time,
70 * which is not used in the kernel. Unsupported
71 * check types return XZ_OPTIONS_ERROR if
72 * XZ_DEC_ANY_CHECK was not defined at build time.
73 * @XZ_MEM_ERROR: Allocating memory failed. This return code is
74 * possible only if the decoder was initialized
75 * with XZ_DYNALLOC. The amount of memory that was
76 * tried to be allocated was no more than the
77 * dict_max argument given to xz_dec_init().
78 * @XZ_MEMLIMIT_ERROR: A bigger LZMA2 dictionary would be needed than
79 * allowed by the dict_max argument given to
80 * xz_dec_init(). This return value is possible
81 * only in multi-call mode (XZ_PREALLOC or
82 * XZ_DYNALLOC); the single-call mode (XZ_SINGLE)
83 * ignores the dict_max argument.
84 * @XZ_FORMAT_ERROR: File format was not recognized (wrong magic
85 * bytes).
86 * @XZ_OPTIONS_ERROR: This implementation doesn't support the requested
87 * compression options. In the decoder this means
88 * that the header CRC32 matches, but the header
89 * itself specifies something that we don't support.
90 * @XZ_DATA_ERROR: Compressed data is corrupt.
91 * @XZ_BUF_ERROR: Cannot make any progress. Details are slightly
92 * different between multi-call and single-call
93 * mode; more information below.
94 *
95 * In multi-call mode, XZ_BUF_ERROR is returned when two consecutive calls
96 * to XZ code cannot consume any input and cannot produce any new output.
97 * This happens when there is no new input available, or the output buffer
98 * is full while at least one output byte is still pending. Assuming your
99 * code is not buggy, you can get this error only when decoding a compressed
100 * stream that is truncated or otherwise corrupt.
101 *
102 * In single-call mode, XZ_BUF_ERROR is returned only when the output buffer
103 * is too small or the compressed input is corrupt in a way that makes the
104 * decoder produce more output than the caller expected. When it is
105 * (relatively) clear that the compressed input is truncated, XZ_DATA_ERROR
106 * is used instead of XZ_BUF_ERROR.
107 */
108enum xz_ret {
109 XZ_OK,
110 XZ_STREAM_END,
111 XZ_UNSUPPORTED_CHECK,
112 XZ_MEM_ERROR,
113 XZ_MEMLIMIT_ERROR,
114 XZ_FORMAT_ERROR,
115 XZ_OPTIONS_ERROR,
116 XZ_DATA_ERROR,
117 XZ_BUF_ERROR
118};
119
120/**
121 * struct xz_buf - Passing input and output buffers to XZ code
122 * @in: Beginning of the input buffer. This may be NULL if and only
123 * if in_pos is equal to in_size.
124 * @in_pos: Current position in the input buffer. This must not exceed
125 * in_size.
126 * @in_size: Size of the input buffer
127 * @out: Beginning of the output buffer. This may be NULL if and only
128 * if out_pos is equal to out_size.
129 * @out_pos: Current position in the output buffer. This must not exceed
130 * out_size.
131 * @out_size: Size of the output buffer
132 *
133 * Only the contents of the output buffer from out[out_pos] onward, and
134 * the variables in_pos and out_pos are modified by the XZ code.
135 */
136struct xz_buf {
137 const uint8_t *in;
138 size_t in_pos;
139 size_t in_size;
140
141 uint8_t *out;
142 size_t out_pos;
143 size_t out_size;
144};
145
146/**
147 * struct xz_dec - Opaque type to hold the XZ decoder state
148 */
149struct xz_dec;
150
151/**
152 * xz_dec_init() - Allocate and initialize a XZ decoder state
153 * @mode: Operation mode
154 * @dict_max: Maximum size of the LZMA2 dictionary (history buffer) for
155 * multi-call decoding. This is ignored in single-call mode
156 * (mode == XZ_SINGLE). LZMA2 dictionary is always 2^n bytes
157 * or 2^n + 2^(n-1) bytes (the latter sizes are less common
158 * in practice), so other values for dict_max don't make sense.
159 * In the kernel, dictionary sizes of 64 KiB, 128 KiB, 256 KiB,
160 * 512 KiB, and 1 MiB are probably the only reasonable values,
161 * except for kernel and initramfs images where a bigger
162 * dictionary can be fine and useful.
163 *
164 * Single-call mode (XZ_SINGLE): xz_dec_run() decodes the whole stream at
165 * once. The caller must provide enough output space or the decoding will
166 * fail. The output space is used as the dictionary buffer, which is why
167 * there is no need to allocate the dictionary as part of the decoder's
168 * internal state.
169 *
170 * Because the output buffer is used as the workspace, streams encoded using
171 * a big dictionary are not a problem in single-call mode. It is enough that
172 * the output buffer is big enough to hold the actual uncompressed data; it
173 * can be smaller than the dictionary size stored in the stream headers.
174 *
175 * Multi-call mode with preallocated dictionary (XZ_PREALLOC): dict_max bytes
176 * of memory is preallocated for the LZMA2 dictionary. This way there is no
177 * risk that xz_dec_run() could run out of memory, since xz_dec_run() will
178 * never allocate any memory. Instead, if the preallocated dictionary is too
179 * small for decoding the given input stream, xz_dec_run() will return
180 * XZ_MEMLIMIT_ERROR. Thus, it is important to know what kind of data will be
181 * decoded to avoid allocating excessive amount of memory for the dictionary.
182 *
183 * Multi-call mode with dynamically allocated dictionary (XZ_DYNALLOC):
184 * dict_max specifies the maximum allowed dictionary size that xz_dec_run()
185 * may allocate once it has parsed the dictionary size from the stream
186 * headers. This way excessive allocations can be avoided while still
187 * limiting the maximum memory usage to a sane value to prevent running the
188 * system out of memory when decompressing streams from untrusted sources.
189 *
190 * On success, xz_dec_init() returns a pointer to struct xz_dec, which is
191 * ready to be used with xz_dec_run(). If memory allocation fails,
192 * xz_dec_init() returns NULL.
193 */
194XZ_EXTERN struct xz_dec *xz_dec_init(enum xz_mode mode, uint32_t dict_max);
195
196/**
197 * xz_dec_run() - Run the XZ decoder
198 * @s: Decoder state allocated using xz_dec_init()
199 * @b: Input and output buffers
200 *
201 * The possible return values depend on build options and operation mode.
202 * See enum xz_ret for details.
203 *
204 * Note that if an error occurs in single-call mode (return value is not
205 * XZ_STREAM_END), b->in_pos and b->out_pos are not modified and the
206 * contents of the output buffer from b->out[b->out_pos] onward are
207 * undefined. This is true even after XZ_BUF_ERROR, because with some filter
208 * chains, there may be a second pass over the output buffer, and this pass
209 * cannot be properly done if the output buffer is truncated. Thus, you
210 * cannot give the single-call decoder a too small buffer and then expect to
211 * get that amount valid data from the beginning of the stream. You must use
212 * the multi-call decoder if you don't want to uncompress the whole stream.
213 */
214XZ_EXTERN enum xz_ret xz_dec_run(struct xz_dec *s, struct xz_buf *b);
215
216/**
217 * xz_dec_reset() - Reset an already allocated decoder state
218 * @s: Decoder state allocated using xz_dec_init()
219 *
220 * This function can be used to reset the multi-call decoder state without
221 * freeing and reallocating memory with xz_dec_end() and xz_dec_init().
222 *
223 * In single-call mode, xz_dec_reset() is always called in the beginning of
224 * xz_dec_run(). Thus, explicit call to xz_dec_reset() is useful only in
225 * multi-call mode.
226 */
227XZ_EXTERN void xz_dec_reset(struct xz_dec *s);
228
229/**
230 * xz_dec_end() - Free the memory allocated for the decoder state
231 * @s: Decoder state allocated using xz_dec_init(). If s is NULL,
232 * this function does nothing.
233 */
234XZ_EXTERN void xz_dec_end(struct xz_dec *s);
235
236/*
237 * Decompressor for MicroLZMA, an LZMA variant with a very minimal header.
238 * See xz_dec_microlzma_alloc() below for details.
239 *
240 * These functions aren't used or available in preboot code and thus aren't
241 * marked with XZ_EXTERN. This avoids warnings about static functions that
242 * are never defined.
243 */
244/**
245 * struct xz_dec_microlzma - Opaque type to hold the MicroLZMA decoder state
246 */
247struct xz_dec_microlzma;
248
249/**
250 * xz_dec_microlzma_alloc() - Allocate memory for the MicroLZMA decoder
251 * @mode XZ_SINGLE or XZ_PREALLOC
252 * @dict_size LZMA dictionary size. This must be at least 4 KiB and
253 * at most 3 GiB.
254 *
255 * In contrast to xz_dec_init(), this function only allocates the memory
256 * and remembers the dictionary size. xz_dec_microlzma_reset() must be used
257 * before calling xz_dec_microlzma_run().
258 *
259 * The amount of allocated memory is a little less than 30 KiB with XZ_SINGLE.
260 * With XZ_PREALLOC also a dictionary buffer of dict_size bytes is allocated.
261 *
262 * On success, xz_dec_microlzma_alloc() returns a pointer to
263 * struct xz_dec_microlzma. If memory allocation fails or
264 * dict_size is invalid, NULL is returned.
265 *
266 * The compressed format supported by this decoder is a raw LZMA stream
267 * whose first byte (always 0x00) has been replaced with bitwise-negation
268 * of the LZMA properties (lc/lp/pb) byte. For example, if lc/lp/pb is
269 * 3/0/2, the first byte is 0xA2. This way the first byte can never be 0x00.
270 * Just like with LZMA2, lc + lp <= 4 must be true. The LZMA end-of-stream
271 * marker must not be used. The unused values are reserved for future use.
272 * This MicroLZMA header format was created for use in EROFS but may be used
273 * by others too.
274 */
275extern struct xz_dec_microlzma *xz_dec_microlzma_alloc(enum xz_mode mode,
276 uint32_t dict_size);
277
278/**
279 * xz_dec_microlzma_reset() - Reset the MicroLZMA decoder state
280 * @s Decoder state allocated using xz_dec_microlzma_alloc()
281 * @comp_size Compressed size of the input stream
282 * @uncomp_size Uncompressed size of the input stream. A value smaller
283 * than the real uncompressed size of the input stream can
284 * be specified if uncomp_size_is_exact is set to false.
285 * uncomp_size can never be set to a value larger than the
286 * expected real uncompressed size because it would eventually
287 * result in XZ_DATA_ERROR.
288 * @uncomp_size_is_exact This is an int instead of bool to avoid
289 * requiring stdbool.h. This should normally be set to true.
290 * When this is set to false, error detection is weaker.
291 */
292extern void xz_dec_microlzma_reset(struct xz_dec_microlzma *s,
293 uint32_t comp_size, uint32_t uncomp_size,
294 int uncomp_size_is_exact);
295
296/**
297 * xz_dec_microlzma_run() - Run the MicroLZMA decoder
298 * @s Decoder state initialized using xz_dec_microlzma_reset()
299 * @b: Input and output buffers
300 *
301 * This works similarly to xz_dec_run() with a few important differences.
302 * Only the differences are documented here.
303 *
304 * The only possible return values are XZ_OK, XZ_STREAM_END, and
305 * XZ_DATA_ERROR. This function cannot return XZ_BUF_ERROR: if no progress
306 * is possible due to lack of input data or output space, this function will
307 * keep returning XZ_OK. Thus, the calling code must be written so that it
308 * will eventually provide input and output space matching (or exceeding)
309 * comp_size and uncomp_size arguments given to xz_dec_microlzma_reset().
310 * If the caller cannot do this (for example, if the input file is truncated
311 * or otherwise corrupt), the caller must detect this error by itself to
312 * avoid an infinite loop.
313 *
314 * If the compressed data seems to be corrupt, XZ_DATA_ERROR is returned.
315 * This can happen also when incorrect dictionary, uncompressed, or
316 * compressed sizes have been specified.
317 *
318 * With XZ_PREALLOC only: As an extra feature, b->out may be NULL to skip over
319 * uncompressed data. This way the caller doesn't need to provide a temporary
320 * output buffer for the bytes that will be ignored.
321 *
322 * With XZ_SINGLE only: In contrast to xz_dec_run(), the return value XZ_OK
323 * is also possible and thus XZ_SINGLE is actually a limited multi-call mode.
324 * After XZ_OK the bytes decoded so far may be read from the output buffer.
325 * It is possible to continue decoding but the variables b->out and b->out_pos
326 * MUST NOT be changed by the caller. Increasing the value of b->out_size is
327 * allowed to make more output space available; one doesn't need to provide
328 * space for the whole uncompressed data on the first call. The input buffer
329 * may be changed normally like with XZ_PREALLOC. This way input data can be
330 * provided from non-contiguous memory.
331 */
332extern enum xz_ret xz_dec_microlzma_run(struct xz_dec_microlzma *s,
333 struct xz_buf *b);
334
335/**
336 * xz_dec_microlzma_end() - Free the memory allocated for the decoder state
337 * @s: Decoder state allocated using xz_dec_microlzma_alloc().
338 * If s is NULL, this function does nothing.
339 */
340extern void xz_dec_microlzma_end(struct xz_dec_microlzma *s);
341
342/*
343 * Standalone build (userspace build or in-kernel build for boot time use)
344 * needs a CRC32 implementation. For normal in-kernel use, kernel's own
345 * CRC32 module is used instead, and users of this module don't need to
346 * care about the functions below.
347 */
348#ifndef XZ_INTERNAL_CRC32
349# ifdef __KERNEL__
350# define XZ_INTERNAL_CRC32 0
351# else
352# define XZ_INTERNAL_CRC32 1
353# endif
354#endif
355
356#if XZ_INTERNAL_CRC32
357/*
358 * This must be called before any other xz_* function to initialize
359 * the CRC32 lookup table.
360 */
361XZ_EXTERN void xz_crc32_init(void);
362
363/*
364 * Update CRC32 value using the polynomial from IEEE-802.3. To start a new
365 * calculation, the third argument must be zero. To continue the calculation,
366 * the previously returned value is passed as the third argument.
367 */
368XZ_EXTERN uint32_t xz_crc32(const uint8_t *buf, size_t size, uint32_t crc);
369#endif
370#endif
371

source code of linux/include/linux/xz.h