1 /* Lzma decompressor for Linux kernel. Shamelessly snarfed 2 *from busybox 1.1.1 3 * 4 *Linux kernel adaptation 5 *Copyright (C) 2006 Alain < alain@knaff.lu > 6 * 7 *Based on small lzma deflate implementation/Small range coder 8 *implementation for lzma. 9 *Copyright (C) 2006 Aurelien Jacobs < aurel@gnuage.org > 10 * 11 *Based on LzmaDecode.c from the LZMA SDK 4.22 (http://www.7-zip.org/) 12 *Copyright (C) 1999-2005 Igor Pavlov 13 * 14 *Copyrights of the parts, see headers below. 15 * 16 * 17 *This program is free software; you can redistribute it and/or 18 *modify it under the terms of the GNU Lesser General Public 19 *License as published by the Free Software Foundation; either 20 *version 2.1 of the License, or (at your option) any later version. 21 * 22 *This program is distributed in the hope that it will be useful, 23 *but WITHOUT ANY WARRANTY; without even the implied warranty of 24 *MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 25 *Lesser General Public License for more details. 26 * 27 *You should have received a copy of the GNU Lesser General Public 28 *License along with this library; if not, write to the Free Software 29 *Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA 30 */ 31 32 #ifdef STATIC 33 #define PREBOOT 34 #else 35 #include <linux/decompress/unlzma.h> 36 #include <linux/slab.h> 37 #endif /* STATIC */ 38 39 #include <linux/decompress/mm.h> 40 41 #define MIN(a, b) (((a) < (b)) ? (a) : (b)) 42 43 static long long INIT read_int(unsigned char *ptr, int size) 44 { 45 int i; 46 long long ret = 0; 47 48 for (i = 0; i < size; i++) 49 ret = (ret << 8) | ptr[size-i-1]; 50 return ret; 51 } 52 53 #define ENDIAN_CONVERT(x) \ 54 x = (typeof(x))read_int((unsigned char *)&x, sizeof(x)) 55 56 57 /* Small range coder implementation for lzma. 58 *Copyright (C) 2006 Aurelien Jacobs < aurel@gnuage.org > 59 * 60 *Based on LzmaDecode.c from the LZMA SDK 4.22 (http://www.7-zip.org/) 61 *Copyright (c) 1999-2005 Igor Pavlov 62 */ 63 64 #include <linux/compiler.h> 65 66 #define LZMA_IOBUF_SIZE 0x10000 67 68 struct rc { 69 int (*fill)(void*, unsigned int); 70 uint8_t *ptr; 71 uint8_t *buffer; 72 uint8_t *buffer_end; 73 int buffer_size; 74 uint32_t code; 75 uint32_t range; 76 uint32_t bound; 77 }; 78 79 80 #define RC_TOP_BITS 24 81 #define RC_MOVE_BITS 5 82 #define RC_MODEL_TOTAL_BITS 11 83 84 85 /* Called twice: once at startup and once in rc_normalize() */ 86 static void INIT rc_read(struct rc *rc) 87 { 88 rc->buffer_size = rc->fill((char *)rc->buffer, LZMA_IOBUF_SIZE); 89 if (rc->buffer_size <= 0) 90 error("unexpected EOF"); 91 rc->ptr = rc->buffer; 92 rc->buffer_end = rc->buffer + rc->buffer_size; 93 } 94 95 /* Called once */ 96 static inline void INIT rc_init(struct rc *rc, 97 int (*fill)(void*, unsigned int), 98 char *buffer, int buffer_size) 99 { 100 rc->fill = fill; 101 rc->buffer = (uint8_t *)buffer; 102 rc->buffer_size = buffer_size; 103 rc->buffer_end = rc->buffer + rc->buffer_size; 104 rc->ptr = rc->buffer; 105 106 rc->code = 0; 107 rc->range = 0xFFFFFFFF; 108 } 109 110 static inline void INIT rc_init_code(struct rc *rc) 111 { 112 int i; 113 114 for (i = 0; i < 5; i++) { 115 if (rc->ptr >= rc->buffer_end) 116 rc_read(rc); 117 rc->code = (rc->code << 8) | *rc->ptr++; 118 } 119 } 120 121 122 /* Called once. TODO: bb_maybe_free() */ 123 static inline void INIT rc_free(struct rc *rc) 124 { 125 free(rc->buffer); 126 } 127 128 /* Called twice, but one callsite is in inline'd rc_is_bit_0_helper() */ 129 static void INIT rc_do_normalize(struct rc *rc) 130 { 131 if (rc->ptr >= rc->buffer_end) 132 rc_read(rc); 133 rc->range <<= 8; 134 rc->code = (rc->code << 8) | *rc->ptr++; 135 } 136 static inline void INIT rc_normalize(struct rc *rc) 137 { 138 if (rc->range < (1 << RC_TOP_BITS)) 139 rc_do_normalize(rc); 140 } 141 142 /* Called 9 times */ 143 /* Why rc_is_bit_0_helper exists? 144 *Because we want to always expose (rc->code < rc->bound) to optimizer 145 */ 146 static inline uint32_t INIT rc_is_bit_0_helper(struct rc *rc, uint16_t *p) 147 { 148 rc_normalize(rc); 149 rc->bound = *p * (rc->range >> RC_MODEL_TOTAL_BITS); 150 return rc->bound; 151 } 152 static inline int INIT rc_is_bit_0(struct rc *rc, uint16_t *p) 153 { 154 uint32_t t = rc_is_bit_0_helper(rc, p); 155 return rc->code < t; 156 } 157 158 /* Called ~10 times, but very small, thus inlined */ 159 static inline void INIT rc_update_bit_0(struct rc *rc, uint16_t *p) 160 { 161 rc->range = rc->bound; 162 *p += ((1 << RC_MODEL_TOTAL_BITS) - *p) >> RC_MOVE_BITS; 163 } 164 static inline void rc_update_bit_1(struct rc *rc, uint16_t *p) 165 { 166 rc->range -= rc->bound; 167 rc->code -= rc->bound; 168 *p -= *p >> RC_MOVE_BITS; 169 } 170 171 /* Called 4 times in unlzma loop */ 172 static int INIT rc_get_bit(struct rc *rc, uint16_t *p, int *symbol) 173 { 174 if (rc_is_bit_0(rc, p)) { 175 rc_update_bit_0(rc, p); 176 *symbol *= 2; 177 return 0; 178 } else { 179 rc_update_bit_1(rc, p); 180 *symbol = *symbol * 2 + 1; 181 return 1; 182 } 183 } 184 185 /* Called once */ 186 static inline int INIT rc_direct_bit(struct rc *rc) 187 { 188 rc_normalize(rc); 189 rc->range >>= 1; 190 if (rc->code >= rc->range) { 191 rc->code -= rc->range; 192 return 1; 193 } 194 return 0; 195 } 196 197 /* Called twice */ 198 static inline void INIT 199 rc_bit_tree_decode(struct rc *rc, uint16_t *p, int num_levels, int *symbol) 200 { 201 int i = num_levels; 202 203 *symbol = 1; 204 while (i--) 205 rc_get_bit(rc, p + *symbol, symbol); 206 *symbol -= 1 << num_levels; 207 } 208 209 210 /* 211 * Small lzma deflate implementation. 212 * Copyright (C) 2006 Aurelien Jacobs < aurel@gnuage.org > 213 * 214 * Based on LzmaDecode.c from the LZMA SDK 4.22 (http://www.7-zip.org/) 215 * Copyright (C) 1999-2005 Igor Pavlov 216 */ 217 218 219 struct lzma_header { 220 uint8_t pos; 221 uint32_t dict_size; 222 uint64_t dst_size; 223 } __attribute__ ((packed)) ; 224 225 226 #define LZMA_BASE_SIZE 1846 227 #define LZMA_LIT_SIZE 768 228 229 #define LZMA_NUM_POS_BITS_MAX 4 230 231 #define LZMA_LEN_NUM_LOW_BITS 3 232 #define LZMA_LEN_NUM_MID_BITS 3 233 #define LZMA_LEN_NUM_HIGH_BITS 8 234 235 #define LZMA_LEN_CHOICE 0 236 #define LZMA_LEN_CHOICE_2 (LZMA_LEN_CHOICE + 1) 237 #define LZMA_LEN_LOW (LZMA_LEN_CHOICE_2 + 1) 238 #define LZMA_LEN_MID (LZMA_LEN_LOW \ 239 + (1 << (LZMA_NUM_POS_BITS_MAX + LZMA_LEN_NUM_LOW_BITS))) 240 #define LZMA_LEN_HIGH (LZMA_LEN_MID \ 241 +(1 << (LZMA_NUM_POS_BITS_MAX + LZMA_LEN_NUM_MID_BITS))) 242 #define LZMA_NUM_LEN_PROBS (LZMA_LEN_HIGH + (1 << LZMA_LEN_NUM_HIGH_BITS)) 243 244 #define LZMA_NUM_STATES 12 245 #define LZMA_NUM_LIT_STATES 7 246 247 #define LZMA_START_POS_MODEL_INDEX 4 248 #define LZMA_END_POS_MODEL_INDEX 14 249 #define LZMA_NUM_FULL_DISTANCES (1 << (LZMA_END_POS_MODEL_INDEX >> 1)) 250 251 #define LZMA_NUM_POS_SLOT_BITS 6 252 #define LZMA_NUM_LEN_TO_POS_STATES 4 253 254 #define LZMA_NUM_ALIGN_BITS 4 255 256 #define LZMA_MATCH_MIN_LEN 2 257 258 #define LZMA_IS_MATCH 0 259 #define LZMA_IS_REP (LZMA_IS_MATCH + (LZMA_NUM_STATES << LZMA_NUM_POS_BITS_MAX)) 260 #define LZMA_IS_REP_G0 (LZMA_IS_REP + LZMA_NUM_STATES) 261 #define LZMA_IS_REP_G1 (LZMA_IS_REP_G0 + LZMA_NUM_STATES) 262 #define LZMA_IS_REP_G2 (LZMA_IS_REP_G1 + LZMA_NUM_STATES) 263 #define LZMA_IS_REP_0_LONG (LZMA_IS_REP_G2 + LZMA_NUM_STATES) 264 #define LZMA_POS_SLOT (LZMA_IS_REP_0_LONG \ 265 + (LZMA_NUM_STATES << LZMA_NUM_POS_BITS_MAX)) 266 #define LZMA_SPEC_POS (LZMA_POS_SLOT \ 267 +(LZMA_NUM_LEN_TO_POS_STATES << LZMA_NUM_POS_SLOT_BITS)) 268 #define LZMA_ALIGN (LZMA_SPEC_POS \ 269 + LZMA_NUM_FULL_DISTANCES - LZMA_END_POS_MODEL_INDEX) 270 #define LZMA_LEN_CODER (LZMA_ALIGN + (1 << LZMA_NUM_ALIGN_BITS)) 271 #define LZMA_REP_LEN_CODER (LZMA_LEN_CODER + LZMA_NUM_LEN_PROBS) 272 #define LZMA_LITERAL (LZMA_REP_LEN_CODER + LZMA_NUM_LEN_PROBS) 273 274 275 struct writer { 276 uint8_t *buffer; 277 uint8_t previous_byte; 278 size_t buffer_pos; 279 int bufsize; 280 size_t global_pos; 281 int(*flush)(void*, unsigned int); 282 struct lzma_header *header; 283 }; 284 285 struct cstate { 286 int state; 287 uint32_t rep0, rep1, rep2, rep3; 288 }; 289 290 static inline size_t INIT get_pos(struct writer *wr) 291 { 292 return 293 wr->global_pos + wr->buffer_pos; 294 } 295 296 static inline uint8_t INIT peek_old_byte(struct writer *wr, 297 uint32_t offs) 298 { 299 if (!wr->flush) { 300 int32_t pos; 301 while (offs > wr->header->dict_size) 302 offs -= wr->header->dict_size; 303 pos = wr->buffer_pos - offs; 304 return wr->buffer[pos]; 305 } else { 306 uint32_t pos = wr->buffer_pos - offs; 307 while (pos >= wr->header->dict_size) 308 pos += wr->header->dict_size; 309 return wr->buffer[pos]; 310 } 311 312 } 313 314 static inline void INIT write_byte(struct writer *wr, uint8_t byte) 315 { 316 wr->buffer[wr->buffer_pos++] = wr->previous_byte = byte; 317 if (wr->flush && wr->buffer_pos == wr->header->dict_size) { 318 wr->buffer_pos = 0; 319 wr->global_pos += wr->header->dict_size; 320 wr->flush((char *)wr->buffer, wr->header->dict_size); 321 } 322 } 323 324 325 static inline void INIT copy_byte(struct writer *wr, uint32_t offs) 326 { 327 write_byte(wr, peek_old_byte(wr, offs)); 328 } 329 330 static inline void INIT copy_bytes(struct writer *wr, 331 uint32_t rep0, int len) 332 { 333 do { 334 copy_byte(wr, rep0); 335 len--; 336 } while (len != 0 && wr->buffer_pos < wr->header->dst_size); 337 } 338 339 static inline void INIT process_bit0(struct writer *wr, struct rc *rc, 340 struct cstate *cst, uint16_t *p, 341 int pos_state, uint16_t *prob, 342 int lc, uint32_t literal_pos_mask) { 343 int mi = 1; 344 rc_update_bit_0(rc, prob); 345 prob = (p + LZMA_LITERAL + 346 (LZMA_LIT_SIZE 347 * (((get_pos(wr) & literal_pos_mask) << lc) 348 + (wr->previous_byte >> (8 - lc)))) 349 ); 350 351 if (cst->state >= LZMA_NUM_LIT_STATES) { 352 int match_byte = peek_old_byte(wr, cst->rep0); 353 do { 354 int bit; 355 uint16_t *prob_lit; 356 357 match_byte <<= 1; 358 bit = match_byte & 0x100; 359 prob_lit = prob + 0x100 + bit + mi; 360 if (rc_get_bit(rc, prob_lit, &mi)) { 361 if (!bit) 362 break; 363 } else { 364 if (bit) 365 break; 366 } 367 } while (mi < 0x100); 368 } 369 while (mi < 0x100) { 370 uint16_t *prob_lit = prob + mi; 371 rc_get_bit(rc, prob_lit, &mi); 372 } 373 write_byte(wr, mi); 374 if (cst->state < 4) 375 cst->state = 0; 376 else if (cst->state < 10) 377 cst->state -= 3; 378 else 379 cst->state -= 6; 380 } 381 382 static inline void INIT process_bit1(struct writer *wr, struct rc *rc, 383 struct cstate *cst, uint16_t *p, 384 int pos_state, uint16_t *prob) { 385 int offset; 386 uint16_t *prob_len; 387 int num_bits; 388 int len; 389 390 rc_update_bit_1(rc, prob); 391 prob = p + LZMA_IS_REP + cst->state; 392 if (rc_is_bit_0(rc, prob)) { 393 rc_update_bit_0(rc, prob); 394 cst->rep3 = cst->rep2; 395 cst->rep2 = cst->rep1; 396 cst->rep1 = cst->rep0; 397 cst->state = cst->state < LZMA_NUM_LIT_STATES ? 0 : 3; 398 prob = p + LZMA_LEN_CODER; 399 } else { 400 rc_update_bit_1(rc, prob); 401 prob = p + LZMA_IS_REP_G0 + cst->state; 402 if (rc_is_bit_0(rc, prob)) { 403 rc_update_bit_0(rc, prob); 404 prob = (p + LZMA_IS_REP_0_LONG 405 + (cst->state << 406 LZMA_NUM_POS_BITS_MAX) + 407 pos_state); 408 if (rc_is_bit_0(rc, prob)) { 409 rc_update_bit_0(rc, prob); 410 411 cst->state = cst->state < LZMA_NUM_LIT_STATES ? 412 9 : 11; 413 copy_byte(wr, cst->rep0); 414 return; 415 } else { 416 rc_update_bit_1(rc, prob); 417 } 418 } else { 419 uint32_t distance; 420 421 rc_update_bit_1(rc, prob); 422 prob = p + LZMA_IS_REP_G1 + cst->state; 423 if (rc_is_bit_0(rc, prob)) { 424 rc_update_bit_0(rc, prob); 425 distance = cst->rep1; 426 } else { 427 rc_update_bit_1(rc, prob); 428 prob = p + LZMA_IS_REP_G2 + cst->state; 429 if (rc_is_bit_0(rc, prob)) { 430 rc_update_bit_0(rc, prob); 431 distance = cst->rep2; 432 } else { 433 rc_update_bit_1(rc, prob); 434 distance = cst->rep3; 435 cst->rep3 = cst->rep2; 436 } 437 cst->rep2 = cst->rep1; 438 } 439 cst->rep1 = cst->rep0; 440 cst->rep0 = distance; 441 } 442 cst->state = cst->state < LZMA_NUM_LIT_STATES ? 8 : 11; 443 prob = p + LZMA_REP_LEN_CODER; 444 } 445 446 prob_len = prob + LZMA_LEN_CHOICE; 447 if (rc_is_bit_0(rc, prob_len)) { 448 rc_update_bit_0(rc, prob_len); 449 prob_len = (prob + LZMA_LEN_LOW 450 + (pos_state << 451 LZMA_LEN_NUM_LOW_BITS)); 452 offset = 0; 453 num_bits = LZMA_LEN_NUM_LOW_BITS; 454 } else { 455 rc_update_bit_1(rc, prob_len); 456 prob_len = prob + LZMA_LEN_CHOICE_2; 457 if (rc_is_bit_0(rc, prob_len)) { 458 rc_update_bit_0(rc, prob_len); 459 prob_len = (prob + LZMA_LEN_MID 460 + (pos_state << 461 LZMA_LEN_NUM_MID_BITS)); 462 offset = 1 << LZMA_LEN_NUM_LOW_BITS; 463 num_bits = LZMA_LEN_NUM_MID_BITS; 464 } else { 465 rc_update_bit_1(rc, prob_len); 466 prob_len = prob + LZMA_LEN_HIGH; 467 offset = ((1 << LZMA_LEN_NUM_LOW_BITS) 468 + (1 << LZMA_LEN_NUM_MID_BITS)); 469 num_bits = LZMA_LEN_NUM_HIGH_BITS; 470 } 471 } 472 473 rc_bit_tree_decode(rc, prob_len, num_bits, &len); 474 len += offset; 475 476 if (cst->state < 4) { 477 int pos_slot; 478 479 cst->state += LZMA_NUM_LIT_STATES; 480 prob = 481 p + LZMA_POS_SLOT + 482 ((len < 483 LZMA_NUM_LEN_TO_POS_STATES ? len : 484 LZMA_NUM_LEN_TO_POS_STATES - 1) 485 << LZMA_NUM_POS_SLOT_BITS); 486 rc_bit_tree_decode(rc, prob, 487 LZMA_NUM_POS_SLOT_BITS, 488 &pos_slot); 489 if (pos_slot >= LZMA_START_POS_MODEL_INDEX) { 490 int i, mi; 491 num_bits = (pos_slot >> 1) - 1; 492 cst->rep0 = 2 | (pos_slot & 1); 493 if (pos_slot < LZMA_END_POS_MODEL_INDEX) { 494 cst->rep0 <<= num_bits; 495 prob = p + LZMA_SPEC_POS + 496 cst->rep0 - pos_slot - 1; 497 } else { 498 num_bits -= LZMA_NUM_ALIGN_BITS; 499 while (num_bits--) 500 cst->rep0 = (cst->rep0 << 1) | 501 rc_direct_bit(rc); 502 prob = p + LZMA_ALIGN; 503 cst->rep0 <<= LZMA_NUM_ALIGN_BITS; 504 num_bits = LZMA_NUM_ALIGN_BITS; 505 } 506 i = 1; 507 mi = 1; 508 while (num_bits--) { 509 if (rc_get_bit(rc, prob + mi, &mi)) 510 cst->rep0 |= i; 511 i <<= 1; 512 } 513 } else 514 cst->rep0 = pos_slot; 515 if (++(cst->rep0) == 0) 516 return; 517 } 518 519 len += LZMA_MATCH_MIN_LEN; 520 521 copy_bytes(wr, cst->rep0, len); 522 } 523 524 525 526 STATIC inline int INIT unlzma(unsigned char *buf, int in_len, 527 int(*fill)(void*, unsigned int), 528 int(*flush)(void*, unsigned int), 529 unsigned char *output, 530 int *posp, 531 void(*error_fn)(char *x) 532 ) 533 { 534 struct lzma_header header; 535 int lc, pb, lp; 536 uint32_t pos_state_mask; 537 uint32_t literal_pos_mask; 538 uint16_t *p; 539 int num_probs; 540 struct rc rc; 541 int i, mi; 542 struct writer wr; 543 struct cstate cst; 544 unsigned char *inbuf; 545 int ret = -1; 546 547 set_error_fn(error_fn); 548 549 if (buf) 550 inbuf = buf; 551 else 552 inbuf = malloc(LZMA_IOBUF_SIZE); 553 if (!inbuf) { 554 error("Could not allocate input bufer"); 555 goto exit_0; 556 } 557 558 cst.state = 0; 559 cst.rep0 = cst.rep1 = cst.rep2 = cst.rep3 = 1; 560 561 wr.header = &header; 562 wr.flush = flush; 563 wr.global_pos = 0; 564 wr.previous_byte = 0; 565 wr.buffer_pos = 0; 566 567 rc_init(&rc, fill, inbuf, in_len); 568 569 for (i = 0; i < sizeof(header); i++) { 570 if (rc.ptr >= rc.buffer_end) 571 rc_read(&rc); 572 ((unsigned char *)&header)[i] = *rc.ptr++; 573 } 574 575 if (header.pos >= (9 * 5 * 5)) 576 error("bad header"); 577 578 mi = 0; 579 lc = header.pos; 580 while (lc >= 9) { 581 mi++; 582 lc -= 9; 583 } 584 pb = 0; 585 lp = mi; 586 while (lp >= 5) { 587 pb++; 588 lp -= 5; 589 } 590 pos_state_mask = (1 << pb) - 1; 591 literal_pos_mask = (1 << lp) - 1; 592 593 ENDIAN_CONVERT(header.dict_size); 594 ENDIAN_CONVERT(header.dst_size); 595 596 if (header.dict_size == 0) 597 header.dict_size = 1; 598 599 if (output) 600 wr.buffer = output; 601 else { 602 wr.bufsize = MIN(header.dst_size, header.dict_size); 603 wr.buffer = large_malloc(wr.bufsize); 604 } 605 if (wr.buffer == NULL) 606 goto exit_1; 607 608 num_probs = LZMA_BASE_SIZE + (LZMA_LIT_SIZE << (lc + lp)); 609 p = (uint16_t *) large_malloc(num_probs * sizeof(*p)); 610 if (p == 0) 611 goto exit_2; 612 num_probs = LZMA_LITERAL + (LZMA_LIT_SIZE << (lc + lp)); 613 for (i = 0; i < num_probs; i++) 614 p[i] = (1 << RC_MODEL_TOTAL_BITS) >> 1; 615 616 rc_init_code(&rc); 617 618 while (get_pos(&wr) < header.dst_size) { 619 int pos_state = get_pos(&wr) & pos_state_mask; 620 uint16_t *prob = p + LZMA_IS_MATCH + 621 (cst.state << LZMA_NUM_POS_BITS_MAX) + pos_state; 622 if (rc_is_bit_0(&rc, prob)) 623 process_bit0(&wr, &rc, &cst, p, pos_state, prob, 624 lc, literal_pos_mask); 625 else { 626 process_bit1(&wr, &rc, &cst, p, pos_state, prob); 627 if (cst.rep0 == 0) 628 break; 629 } 630 } 631 632 if (posp) 633 *posp = rc.ptr-rc.buffer; 634 if (wr.flush) 635 wr.flush(wr.buffer, wr.buffer_pos); 636 ret = 0; 637 large_free(p); 638 exit_2: 639 if (!output) 640 large_free(wr.buffer); 641 exit_1: 642 if (!buf) 643 free(inbuf); 644 exit_0: 645 return ret; 646 } 647 648 #ifdef PREBOOT 649 STATIC int INIT decompress(unsigned char *buf, int in_len, 650 int(*fill)(void*, unsigned int), 651 int(*flush)(void*, unsigned int), 652 unsigned char *output, 653 int *posp, 654 void(*error_fn)(char *x) 655 ) 656 { 657 return unlzma(buf, in_len - 4, fill, flush, output, posp, error_fn); 658 } 659 #endif 660