Eric Lee / smarc-ti-linux-kernel

Download as
Browse Code ยป

Commit 3fc1479c5e78afa3013ad80b9b7367f0278c629b

Authored by Linus Torvalds
2 parents bca51651fc 72cf90124e
Exists in ti-lsk-linux-4.1.y and in 10 other branches dlt-processor-sdk-linux-03.00.00.04, processor-sdk-linux-02.00.01, smarc-ti-lsk-linux-4.1.y, smarct3x-processor-sdk-04.01.00.06, smarct3x-processor-sdk-linux-02.00.01, smarct3x-processor-sdk-linux-03.00.00.04, smarct4x-800-processor-sdk-linux-02.00.01, smarct4x-processor-sdk-04.01.00.06, smarct4x-processor-sdk-linux-02.00.01, smarct4x-processor-sdk-linux-03.00.00.04

Merge tag 'compress-3.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core 

Pull compression update from Greg KH:
 "More fun with the LZO compression code.  Here's some patches that
  properly document what the logic is, and fix up all of the previously
  reported issues against the LZO code.

  This has been in linux-next for a while with no issues"

* tag 'compress-3.18-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core:
  lzo: check for length overrun in variable length encoding.
  Revert "lzo: properly check for overruns"
  Documentation: lzo: document part of the encoding

Showing 2 changed files Side-by-side Diff

Documentation/lzo.txt
Diff comments   View file @ 3fc1479
  1 +
  2 +LZO stream format as understood by Linux's LZO decompressor
  3 +===========================================================
  4 +
  5 +Introduction
  6 +
  7 + This is not a specification. No specification seems to be publicly available
  8 + for the LZO stream format. This document describes what input format the LZO
  9 + decompressor as implemented in the Linux kernel understands. The file subject
  10 + of this analysis is lib/lzo/lzo1x_decompress_safe.c. No analysis was made on
  11 + the compressor nor on any other implementations though it seems likely that
  12 + the format matches the standard one. The purpose of this document is to
  13 + better understand what the code does in order to propose more efficient fixes
  14 + for future bug reports.
  15 +
  16 +Description
  17 +
  18 + The stream is composed of a series of instructions, operands, and data. The
  19 + instructions consist in a few bits representing an opcode, and bits forming
  20 + the operands for the instruction, whose size and position depend on the
  21 + opcode and on the number of literals copied by previous instruction. The
  22 + operands are used to indicate :
  23 +
  24 + - a distance when copying data from the dictionary (past output buffer)
  25 + - a length (number of bytes to copy from dictionary)
  26 + - the number of literals to copy, which is retained in variable "state"
  27 + as a piece of information for next instructions.
  28 +
  29 + Optionally depending on the opcode and operands, extra data may follow. These
  30 + extra data can be a complement for the operand (eg: a length or a distance
  31 + encoded on larger values), or a literal to be copied to the output buffer.
  32 +
  33 + The first byte of the block follows a different encoding from other bytes, it
  34 + seems to be optimized for literal use only, since there is no dictionary yet
  35 + prior to that byte.
  36 +
  37 + Lengths are always encoded on a variable size starting with a small number
  38 + of bits in the operand. If the number of bits isn't enough to represent the
  39 + length, up to 255 may be added in increments by consuming more bytes with a
  40 + rate of at most 255 per extra byte (thus the compression ratio cannot exceed
  41 + around 255:1). The variable length encoding using #bits is always the same :
  42 +
  43 + length = byte & ((1 << #bits) - 1)
  44 + if (!length) {
  45 + length = ((1 << #bits) - 1)
  46 + length += 255*(number of zero bytes)
  47 + length += first-non-zero-byte
  48 + }
  49 + length += constant (generally 2 or 3)
  50 +
  51 + For references to the dictionary, distances are relative to the output
  52 + pointer. Distances are encoded using very few bits belonging to certain
  53 + ranges, resulting in multiple copy instructions using different encodings.
  54 + Certain encodings involve one extra byte, others involve two extra bytes
  55 + forming a little-endian 16-bit quantity (marked LE16 below).
  56 +
  57 + After any instruction except the large literal copy, 0, 1, 2 or 3 literals
  58 + are copied before starting the next instruction. The number of literals that
  59 + were copied may change the meaning and behaviour of the next instruction. In
  60 + practice, only one instruction needs to know whether 0, less than 4, or more
  61 + literals were copied. This is the information stored in the <state> variable
  62 + in this implementation. This number of immediate literals to be copied is
  63 + generally encoded in the last two bits of the instruction but may also be
  64 + taken from the last two bits of an extra operand (eg: distance).
  65 +
  66 + End of stream is declared when a block copy of distance 0 is seen. Only one
  67 + instruction may encode this distance (0001HLLL), it takes one LE16 operand
  68 + for the distance, thus requiring 3 bytes.
  69 +
  70 + IMPORTANT NOTE : in the code some length checks are missing because certain
  71 + instructions are called under the assumption that a certain number of bytes
  72 + follow because it has already been garanteed before parsing the instructions.
  73 + They just have to "refill" this credit if they consume extra bytes. This is
  74 + an implementation design choice independant on the algorithm or encoding.
  75 +
  76 +Byte sequences
  77 +
  78 + First byte encoding :
  79 +
  80 + 0..17 : follow regular instruction encoding, see below. It is worth
  81 + noting that codes 16 and 17 will represent a block copy from
  82 + the dictionary which is empty, and that they will always be
  83 + invalid at this place.
  84 +
  85 + 18..21 : copy 0..3 literals
  86 + state = (byte - 17) = 0..3 [ copy <state> literals ]
  87 + skip byte
  88 +
  89 + 22..255 : copy literal string
  90 + length = (byte - 17) = 4..238
  91 + state = 4 [ don't copy extra literals ]
  92 + skip byte
  93 +
  94 + Instruction encoding :
  95 +
  96 + 0 0 0 0 X X X X (0..15)
  97 + Depends on the number of literals copied by the last instruction.
  98 + If last instruction did not copy any literal (state == 0), this
  99 + encoding will be a copy of 4 or more literal, and must be interpreted
  100 + like this :
  101 +
  102 + 0 0 0 0 L L L L (0..15) : copy long literal string
  103 + length = 3 + (L ?: 15 + (zero_bytes * 255) + non_zero_byte)
  104 + state = 4 (no extra literals are copied)
  105 +
  106 + If last instruction used to copy between 1 to 3 literals (encoded in
  107 + the instruction's opcode or distance), the instruction is a copy of a
  108 + 2-byte block from the dictionary within a 1kB distance. It is worth
  109 + noting that this instruction provides little savings since it uses 2
  110 + bytes to encode a copy of 2 other bytes but it encodes the number of
  111 + following literals for free. It must be interpreted like this :
  112 +
  113 + 0 0 0 0 D D S S (0..15) : copy 2 bytes from <= 1kB distance
  114 + length = 2
  115 + state = S (copy S literals after this block)
  116 + Always followed by exactly one byte : H H H H H H H H
  117 + distance = (H << 2) + D + 1
  118 +
  119 + If last instruction used to copy 4 or more literals (as detected by
  120 + state == 4), the instruction becomes a copy of a 3-byte block from the
  121 + dictionary from a 2..3kB distance, and must be interpreted like this :
  122 +
  123 + 0 0 0 0 D D S S (0..15) : copy 3 bytes from 2..3 kB distance
  124 + length = 3
  125 + state = S (copy S literals after this block)
  126 + Always followed by exactly one byte : H H H H H H H H
  127 + distance = (H << 2) + D + 2049
  128 +
  129 + 0 0 0 1 H L L L (16..31)
  130 + Copy of a block within 16..48kB distance (preferably less than 10B)
  131 + length = 2 + (L ?: 7 + (zero_bytes * 255) + non_zero_byte)
  132 + Always followed by exactly one LE16 : D D D D D D D D : D D D D D D S S
  133 + distance = 16384 + (H << 14) + D
  134 + state = S (copy S literals after this block)
  135 + End of stream is reached if distance == 16384
  136 +
  137 + 0 0 1 L L L L L (32..63)
  138 + Copy of small block within 16kB distance (preferably less than 34B)
  139 + length = 2 + (L ?: 31 + (zero_bytes * 255) + non_zero_byte)
  140 + Always followed by exactly one LE16 : D D D D D D D D : D D D D D D S S
  141 + distance = D + 1
  142 + state = S (copy S literals after this block)
  143 +
  144 + 0 1 L D D D S S (64..127)
  145 + Copy 3-4 bytes from block within 2kB distance
  146 + state = S (copy S literals after this block)
  147 + length = 3 + L
  148 + Always followed by exactly one byte : H H H H H H H H
  149 + distance = (H << 3) + D + 1
  150 +
  151 + 1 L L D D D S S (128..255)
  152 + Copy 5-8 bytes from block within 2kB distance
  153 + state = S (copy S literals after this block)
  154 + length = 5 + L
  155 + Always followed by exactly one byte : H H H H H H H H
  156 + distance = (H << 3) + D + 1
  157 +
  158 +Authors
  159 +
  160 + This document was written by Willy Tarreau <w@1wt.eu> on 2014/07/19 during an
  161 + analysis of the decompression code available in Linux 3.16-rc5. The code is
  162 + tricky, it is possible that this document contains mistakes or that a few
  163 + corner cases were overlooked. In any case, please report any doubt, fix, or
  164 + proposed updates to the author(s) so that the document can be updated.
lib/lzo/lzo1x_decompress_safe.c
Diff comments   View file @ 3fc1479
... ... @@ -19,32 +19,22 @@
19 19 #include <linux/lzo.h>
20 20 #include "lzodefs.h"
21 21  
22   -#define HAVE_IP(t, x) \
23   - (((size_t)(ip_end - ip) >= (size_t)(t + x)) && \
24   - (((t + x) >= t) && ((t + x) >= x)))
  22 +#define HAVE_IP(x) ((size_t)(ip_end - ip) >= (size_t)(x))
  23 +#define HAVE_OP(x) ((size_t)(op_end - op) >= (size_t)(x))
  24 +#define NEED_IP(x) if (!HAVE_IP(x)) goto input_overrun
  25 +#define NEED_OP(x) if (!HAVE_OP(x)) goto output_overrun
  26 +#define TEST_LB(m_pos) if ((m_pos) < out) goto lookbehind_overrun
25 27  
26   -#define HAVE_OP(t, x) \
27   - (((size_t)(op_end - op) >= (size_t)(t + x)) && \
28   - (((t + x) >= t) && ((t + x) >= x)))
  28 +/* This MAX_255_COUNT is the maximum number of times we can add 255 to a base
  29 + * count without overflowing an integer. The multiply will overflow when
  30 + * multiplying 255 by more than MAXINT/255. The sum will overflow earlier
  31 + * depending on the base count. Since the base count is taken from a u8
  32 + * and a few bits, it is safe to assume that it will always be lower than
  33 + * or equal to 2*255, thus we can always prevent any overflow by accepting
  34 + * two less 255 steps. See Documentation/lzo.txt for more information.
  35 + */
  36 +#define MAX_255_COUNT ((((size_t)~0) / 255) - 2)
29 37  
30   -#define NEED_IP(t, x) \
31   - do { \
32   - if (!HAVE_IP(t, x)) \
33   - goto input_overrun; \
34   - } while (0)
35   -
36   -#define NEED_OP(t, x) \
37   - do { \
38   - if (!HAVE_OP(t, x)) \
39   - goto output_overrun; \
40   - } while (0)
41   -
42   -#define TEST_LB(m_pos) \
43   - do { \
44   - if ((m_pos) < out) \
45   - goto lookbehind_overrun; \
46   - } while (0)
47   -
48 38 int lzo1x_decompress_safe(const unsigned char *in, size_t in_len,
49 39 unsigned char *out, size_t *out_len)
50 40 {
51 41  
52 42  
53 43  
54 44  
... ... @@ -75,17 +65,24 @@
75 65 if (t < 16) {
76 66 if (likely(state == 0)) {
77 67 if (unlikely(t == 0)) {
  68 + size_t offset;
  69 + const unsigned char *ip_last = ip;
  70 +
78 71 while (unlikely(*ip == 0)) {
79   - t += 255;
80 72 ip++;
81   - NEED_IP(1, 0);
  73 + NEED_IP(1);
82 74 }
83   - t += 15 + *ip++;
  75 + offset = ip - ip_last;
  76 + if (unlikely(offset > MAX_255_COUNT))
  77 + return LZO_E_ERROR;
  78 +
  79 + offset = (offset << 8) - offset;
  80 + t += offset + 15 + *ip++;
84 81 }
85 82 t += 3;
86 83 copy_literal_run:
87 84 #if defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS)
88   - if (likely(HAVE_IP(t, 15) && HAVE_OP(t, 15))) {
  85 + if (likely(HAVE_IP(t + 15) && HAVE_OP(t + 15))) {
89 86 const unsigned char *ie = ip + t;
90 87 unsigned char *oe = op + t;
91 88 do {
... ... @@ -101,8 +98,8 @@
101 98 } else
102 99 #endif
103 100 {
104   - NEED_OP(t, 0);
105   - NEED_IP(t, 3);
  101 + NEED_OP(t);
  102 + NEED_IP(t + 3);
106 103 do {
107 104 *op++ = *ip++;
108 105 } while (--t > 0);
... ... @@ -115,7 +112,7 @@
115 112 m_pos -= t >> 2;
116 113 m_pos -= *ip++ << 2;
117 114 TEST_LB(m_pos);
118   - NEED_OP(2, 0);
  115 + NEED_OP(2);
119 116 op[0] = m_pos[0];
120 117 op[1] = m_pos[1];
121 118 op += 2;
122 119  
123 120  
124 121  
... ... @@ -136,13 +133,20 @@
136 133 } else if (t >= 32) {
137 134 t = (t & 31) + (3 - 1);
138 135 if (unlikely(t == 2)) {
  136 + size_t offset;
  137 + const unsigned char *ip_last = ip;
  138 +
139 139 while (unlikely(*ip == 0)) {
140   - t += 255;
141 140 ip++;
142   - NEED_IP(1, 0);
  141 + NEED_IP(1);
143 142 }
144   - t += 31 + *ip++;
145   - NEED_IP(2, 0);
  143 + offset = ip - ip_last;
  144 + if (unlikely(offset > MAX_255_COUNT))
  145 + return LZO_E_ERROR;
  146 +
  147 + offset = (offset << 8) - offset;
  148 + t += offset + 31 + *ip++;
  149 + NEED_IP(2);
146 150 }
147 151 m_pos = op - 1;
148 152 next = get_unaligned_le16(ip);
149 153  
150 154  
151 155  
... ... @@ -154,13 +158,20 @@
154 158 m_pos -= (t & 8) << 11;
155 159 t = (t & 7) + (3 - 1);
156 160 if (unlikely(t == 2)) {
  161 + size_t offset;
  162 + const unsigned char *ip_last = ip;
  163 +
157 164 while (unlikely(*ip == 0)) {
158   - t += 255;
159 165 ip++;
160   - NEED_IP(1, 0);
  166 + NEED_IP(1);
161 167 }
162   - t += 7 + *ip++;
163   - NEED_IP(2, 0);
  168 + offset = ip - ip_last;
  169 + if (unlikely(offset > MAX_255_COUNT))
  170 + return LZO_E_ERROR;
  171 +
  172 + offset = (offset << 8) - offset;
  173 + t += offset + 7 + *ip++;
  174 + NEED_IP(2);
164 175 }
165 176 next = get_unaligned_le16(ip);
166 177 ip += 2;
... ... @@ -174,7 +185,7 @@
174 185 #if defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS)
175 186 if (op - m_pos >= 8) {
176 187 unsigned char *oe = op + t;
177   - if (likely(HAVE_OP(t, 15))) {
  188 + if (likely(HAVE_OP(t + 15))) {
178 189 do {
179 190 COPY8(op, m_pos);
180 191 op += 8;
... ... @@ -184,7 +195,7 @@
184 195 m_pos += 8;
185 196 } while (op < oe);
186 197 op = oe;
187   - if (HAVE_IP(6, 0)) {
  198 + if (HAVE_IP(6)) {
188 199 state = next;
189 200 COPY4(op, ip);
190 201 op += next;
... ... @@ -192,7 +203,7 @@
192 203 continue;
193 204 }
194 205 } else {
195   - NEED_OP(t, 0);
  206 + NEED_OP(t);
196 207 do {
197 208 *op++ = *m_pos++;
198 209 } while (op < oe);
... ... @@ -201,7 +212,7 @@
201 212 #endif
202 213 {
203 214 unsigned char *oe = op + t;
204   - NEED_OP(t, 0);
  215 + NEED_OP(t);
205 216 op[0] = m_pos[0];
206 217 op[1] = m_pos[1];
207 218 op += 2;
208 219  
... ... @@ -214,15 +225,15 @@
214 225 state = next;
215 226 t = next;
216 227 #if defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS)
217   - if (likely(HAVE_IP(6, 0) && HAVE_OP(4, 0))) {
  228 + if (likely(HAVE_IP(6) && HAVE_OP(4))) {
218 229 COPY4(op, ip);
219 230 op += t;
220 231 ip += t;
221 232 } else
222 233 #endif
223 234 {
224   - NEED_IP(t, 3);
225   - NEED_OP(t, 0);
  235 + NEED_IP(t + 3);
  236 + NEED_OP(t);
226 237 while (t > 0) {
227 238 *op++ = *ip++;
228 239 t--;