Ian Campbell
2013-Jan-04 11:56 UTC
[PATCH] pv-grub: Support bzip2, xz and lzo compressed kernels
xz compressed kernels seem to be what we are starting to see in the
wild, but we may as well support everything that libxc does in
pv-grub.
Also update the zlib library to the latest version
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Cc: waldi@debian.org
---
This is only build tested as I don''t have a convenient pv-grub setup
at the moment.
As well as committing the committer should fetch the following URLs
to xenbits.xen.org:/var/xenbits-www/html/xen-extfiles
- http://www.zlib.net/zlib-1.2.7.tar.gz
- http://www.bzip.org/1.0.6/bzip2-1.0.6.tar.gz
md5sum 00b516f4704d4a7cb50a1d97e6e8e15b
- http://tukaani.org/xz/xz-5.0.4.tar.bz2
http://tukaani.org/xz/xz-5.0.4.tar.bz2.sig
- http://www.oberhumer.com/opensource/lzo/download/lzo-2.06.tar.gz
---
.gitignore | 3 ++
.hgignore | 3 ++
extras/mini-os/Makefile | 3 ++
stubdom/Makefile | 84 +++++++++++++++++++++++++++++++++++++++++++++--
stubdom/bzip2.patch | 11 ++++++
stubdom/grub/kexec.c | 6 +++
6 files changed, 107 insertions(+), 3 deletions(-)
create mode 100644 stubdom/bzip2.patch
diff --git a/.gitignore b/.gitignore
index f71cff8..a95183a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -107,6 +107,9 @@ stubdom/newlib-1.*
stubdom/newlib-x86*
stubdom/pciutils-*
stubdom/zlib-*
+stubdom/bzip2-*
+stubdom/xz-*
+stubdom/lzo-*
stubdom/grub-*
stubdom/ocaml-*
stubdom/lwip/
diff --git a/.hgignore b/.hgignore
index 344792a..044a88a 100644
--- a/.hgignore
+++ b/.hgignore
@@ -102,6 +102,9 @@
^stubdom/newlib-.*$
^stubdom/pciutils-.*$
^stubdom/zlib-.*$
+^stubdom/bzip2-.*$
+^stubdom/xz-.*$
+^stubdom/lzo-.*$
^stubdom/grub-.*$
^stubdom/ocaml-.*$
^stubdom/lwip/
diff --git a/extras/mini-os/Makefile b/extras/mini-os/Makefile
index 2302a23..717b209 100644
--- a/extras/mini-os/Makefile
+++ b/extras/mini-os/Makefile
@@ -159,6 +159,9 @@ APP_LDLIBS += -L$(XEN_ROOT)/stubdom/libxc-$(XEN_TARGET_ARCH)
-whole-archive -lxe
endif
APP_LDLIBS += -lpci
APP_LDLIBS += -lz
+APP_LDLIBS += -lbz2
+APP_LDLIBS += -llzma
+APP_LDLIBS += -llzo2
APP_LDLIBS += -lm
LDLIBS += -lc
endif
diff --git a/stubdom/Makefile b/stubdom/Makefile
index 50ba360..897ad2c 100644
--- a/stubdom/Makefile
+++ b/stubdom/Makefile
@@ -9,7 +9,19 @@ include $(XEN_ROOT)/Config.mk
#ZLIB_URL?=http://www.zlib.net
ZLIB_URL=$(XEN_EXTFILES_URL)
-ZLIB_VERSION=1.2.3
+ZLIB_VERSION=1.2.7
+
+#BZIP2_URL?=http://www.bzip.org/$(BZIP2_VERSION)
+BZIP2_URL=$(XEN_EXTFILES_URL)
+BZIP2_VERSION=1.0.6
+
+#XZ_URL?=http://tukaani.org/xz
+XZ_URL=$(XEN_EXTFILES_URL)
+XZ_VERSION=5.0.4
+
+#LZO_URL?=http://www.oberhumer.com/opensource/lzo/download
+LZO_URL=$(XEN_EXTFILES_URL)
+LZO_VERSION=2.06
#LIBPCI_URL?=http://www.kernel.org/pub/software/utils/pciutils
LIBPCI_URL?=$(XEN_EXTFILES_URL)
@@ -134,6 +146,69 @@ $(ZLIB_STAMPFILE): zlib-$(XEN_TARGET_ARCH)
$(NEWLIB_STAMPFILE)
$(MAKE) DESTDIR= libz.a && \
$(MAKE) DESTDIR= install )
+############
+# Cross-bzip2
+############
+
+bzip2-$(BZIP2_VERSION).tar.gz:
+ $(WGET) $(BZIP2_URL)/$@
+
+bzip2-$(XEN_TARGET_ARCH): bzip2-$(BZIP2_VERSION).tar.gz
+ tar xzf $<
+ mv bzip2-$(BZIP2_VERSION) $@
+ patch -d $@ -p1 < bzip2.patch
+
+BZIP2_STAMPFILE=$(CROSS_ROOT)/$(GNU_TARGET_ARCH)-xen-elf/lib/libbz2.a
+.PHONY: cross-bzip2
+cross-bzip2: $(BZIP2_STAMPFILE)
+$(BZIP2_STAMPFILE): bzip2-$(XEN_TARGET_ARCH) $(NEWLIB_STAMPFILE)
+ ( cd $< && \
+ $(MAKE) DESTDIR= libbz2.a && \
+ $(INSTALL_DATA) libbz2.a $(CROSS_PREFIX)/$(GNU_TARGET_ARCH)-xen-elf/lib/
&& \
+ $(INSTALL_DATA) bzlib.h $(CROSS_PREFIX)/$(GNU_TARGET_ARCH)-xen-elf/include/
\
+ )
+
+##############
+# Cross-xz
+##############
+
+xz-$(XZ_VERSION).tar.bz2:
+ $(WGET) $(XZ_URL)/$@
+
+xz-$(XEN_TARGET_ARCH): xz-$(XZ_VERSION).tar.bz2
+ tar xjf $<
+ mv xz-$(XZ_VERSION) $@
+
+XZ_STAMPFILE=$(CROSS_ROOT)/$(GNU_TARGET_ARCH)-xen-elf/lib/liblzma.a
+.PHONY: cross-xz
+cross-xz: $(XZ_STAMPFILE)
+$(XZ_STAMPFILE): xz-$(XEN_TARGET_ARCH) $(NEWLIB_STAMPFILE)
+ ( cd $< && \
+ CFLAGS="$(TARGET_CPPFLAGS) $(TARGET_CFLAGS)" CC=$(CC) ./configure
--prefix=$(CROSS_PREFIX)/$(GNU_TARGET_ARCH)-xen-elf && \
+ cd src/liblzma && \
+ $(MAKE) DESTDIR= liblzma.la && \
+ $(MAKE) DESTDIR= install )
+
+##############
+# Cross-lzo
+##############
+
+lzo-$(LZO_VERSION).tar.gz:
+ $(WGET) $(LZO_URL)/$@
+
+lzo-$(XEN_TARGET_ARCH): lzo-$(LZO_VERSION).tar.gz
+ tar xzf $<
+ mv lzo-$(LZO_VERSION) $@
+
+LZO_STAMPFILE=$(CROSS_ROOT)/$(GNU_TARGET_ARCH)-xen-elf/lib/liblzo2.a
+.PHONY: cross-lzo
+cross-lzo: $(LZO_STAMPFILE)
+$(LZO_STAMPFILE): lzo-$(XEN_TARGET_ARCH) $(NEWLIB_STAMPFILE)
+ ( cd $< && \
+ CFLAGS="$(TARGET_CPPFLAGS) $(TARGET_CFLAGS)" CC=$(CC) ./configure
--prefix=$(CROSS_PREFIX)/$(GNU_TARGET_ARCH)-xen-elf && \
+ $(MAKE) DESTDIR= src/liblzo2.la && \
+ $(MAKE) DESTDIR= install-libLTLIBRARIES install-pkgincludeHEADERS )
+
##############
# Cross-libpci
##############
@@ -281,10 +356,13 @@ $(TARGETS_MINIOS): mini-os-%:
.PHONY: libxc
libxc: libxc-$(XEN_TARGET_ARCH)/libxenctrl.a
libxc-$(XEN_TARGET_ARCH)/libxenguest.a
-libxc-$(XEN_TARGET_ARCH)/libxenctrl.a: cross-zlib
+libxc-$(XEN_TARGET_ARCH)/libxenctrl.a: TARGET_CFLAGS += -DHAVE_BZLIB
+libxc-$(XEN_TARGET_ARCH)/libxenctrl.a: TARGET_CFLAGS += -DHAVE_LZMA
+libxc-$(XEN_TARGET_ARCH)/libxenctrl.a: TARGET_CFLAGS += -DHAVE_LZO1X
+libxc-$(XEN_TARGET_ARCH)/libxenctrl.a: cross-zlib cross-bzip2 cross-xz
cross-lzo
CPPFLAGS="$(TARGET_CPPFLAGS)" CFLAGS="$(TARGET_CFLAGS)"
$(MAKE) DESTDIR= -C libxc-$(XEN_TARGET_ARCH)
- libxc-$(XEN_TARGET_ARCH)/libxenguest.a: libxc-$(XEN_TARGET_ARCH)/libxenctrl.a
+libxc-$(XEN_TARGET_ARCH)/libxenguest.a: libxc-$(XEN_TARGET_ARCH)/libxenctrl.a
#######
# ioemu
diff --git a/stubdom/bzip2.patch b/stubdom/bzip2.patch
new file mode 100644
index 0000000..ee0df30
--- /dev/null
+++ b/stubdom/bzip2.patch
@@ -0,0 +1,11 @@
+--- bzip2-x86_64.orig/Makefile 2013-01-04 10:56:57.000000000 +0000
++++ bzip2-x86_64/Makefile 2013-01-04 10:57:06.000000000 +0000
+@@ -21,7 +21,7 @@
+ LDFLAGS+
+ BIGFILES=-D_FILE_OFFSET_BITS=64
+-CFLAGS=-Wall -Winline -O2 -g $(BIGFILES)
++CFLAGS=-Wall -Winline -O2 -g $(BIGFILES) -DBZ_NO_STDIO
+
+ # Where you want it installed when you do ''make install''
+ PREFIX=/usr/local
diff --git a/stubdom/grub/kexec.c b/stubdom/grub/kexec.c
index b21c91a..9d10d32 100644
--- a/stubdom/grub/kexec.c
+++ b/stubdom/grub/kexec.c
@@ -54,6 +54,12 @@ static unsigned long allocated;
int pin_table(xc_interface *xc_handle, unsigned int type, unsigned long mfn,
domid_t dom);
+/* Required by libbz2 */
+void bz_internal_error(int errcode)
+{
+ printk("BZIP2: Internal Error %d", __FUNCTION__);
+}
+
/* We need mfn to appear as target_pfn, so exchange with the MFN there */
static void do_exchange(struct xc_dom_image *dom, xen_pfn_t target_pfn,
xen_pfn_t source_mfn)
{
--
1.7.2.5
Samuel Thibault
2013-Jan-04 12:15 UTC
Re: [PATCH] pv-grub: Support bzip2, xz and lzo compressed kernels
Ian Campbell, le Fri 04 Jan 2013 11:56:33 +0000, a écrit :> +BZIP2_STAMPFILE=$(CROSS_ROOT)/$(GNU_TARGET_ARCH)-xen-elf/lib/libbz2.a > +.PHONY: cross-bzip2 > +cross-bzip2: $(BZIP2_STAMPFILE) > +$(BZIP2_STAMPFILE): bzip2-$(XEN_TARGET_ARCH) $(NEWLIB_STAMPFILE) > + ( cd $< && \ > + $(MAKE) DESTDIR= libbz2.a && \ > + $(INSTALL_DATA) libbz2.a $(CROSS_PREFIX)/$(GNU_TARGET_ARCH)-xen-elf/lib/ && \ > + $(INSTALL_DATA) bzlib.h $(CROSS_PREFIX)/$(GNU_TARGET_ARCH)-xen-elf/include/ \ > + )This is missing the cross-compilation flags, isn''t it? Samuel
Bastian Blank
2013-Jan-04 12:33 UTC
Re: [PATCH] pv-grub: Support bzip2, xz and lzo compressed kernels
On Fri, Jan 04, 2013 at 11:56:33AM +0000, Ian Campbell wrote:> xz compressed kernels seem to be what we are starting to see in the > wild, but we may as well support everything that libxc does in > pv-grub. > Also update the zlib library to the latest versionIs there a reason not to use the implementations used by the hypervisor? Bastian -- Murder is contrary to the laws of man and God. -- M-5 Computer, "The Ultimate Computer", stardate 4731.3
Ian Campbell
2013-Jan-04 12:40 UTC
Re: [PATCH] pv-grub: Support bzip2, xz and lzo compressed kernels
On Fri, 2013-01-04 at 12:33 +0000, Bastian Blank wrote:> On Fri, Jan 04, 2013 at 11:56:33AM +0000, Ian Campbell wrote: > > xz compressed kernels seem to be what we are starting to see in the > > wild, but we may as well support everything that libxc does in > > pv-grub. > > Also update the zlib library to the latest version > > Is there a reason not to use the implementations used by the hypervisor?Decompressing a potentially untrusted compressed file in the context of the hypervisor would open you up to all sorts of security issues. One of the points of pv-grub is that the untrusted code runs only with guest privileges. Ian.
Ian Campbell
2013-Jan-04 12:43 UTC
Re: [PATCH] pv-grub: Support bzip2, xz and lzo compressed kernels
On Fri, 2013-01-04 at 12:15 +0000, Samuel Thibault wrote:> Ian Campbell, le Fri 04 Jan 2013 11:56:33 +0000, a écrit : > > +BZIP2_STAMPFILE=$(CROSS_ROOT)/$(GNU_TARGET_ARCH)-xen-elf/lib/libbz2.a > > +.PHONY: cross-bzip2 > > +cross-bzip2: $(BZIP2_STAMPFILE) > > +$(BZIP2_STAMPFILE): bzip2-$(XEN_TARGET_ARCH) $(NEWLIB_STAMPFILE) > > + ( cd $< && \ > > + $(MAKE) DESTDIR= libbz2.a && \ > > + $(INSTALL_DATA) libbz2.a $(CROSS_PREFIX)/$(GNU_TARGET_ARCH)-xen-elf/lib/ && \ > > + $(INSTALL_DATA) bzlib.h $(CROSS_PREFIX)/$(GNU_TARGET_ARCH)-xen-elf/include/ \ > > + ) > > This is missing the cross-compilation flags, isn't it?Oops, yes, I cut them out with the unneeded configure by mistake! 8<---------------------------------------- From d7116c4f19c54613f28a3bd44c84fef1b3340a1e Mon Sep 17 00:00:00 2001 From: Ian Campbell <ian.campbell@citrix.com> Date: Fri, 4 Jan 2013 11:37:31 +0000 Subject: [PATCH] pv-grub: Support bzip2, xz and lzo compressed kernels xz compressed kernels seem to be what we are starting to see in the wild, but we may as well support everything that libxc does in pv-grub. Also update the zlib library to the latest version Signed-off-by: Ian Campbell <ian.campbell@citrix.com> Cc: waldi@debian.org --- v2: Pass cross-compile flags to bzip2 build. This is only build tested as I don't have a convenient pv-grub setup at the moment. As well as committing the committer should fetch the following URLs to xenbits.xen.org:/var/xenbits-www/html/xen-extfiles - http://www.zlib.net/zlib-1.2.7.tar.gz - http://www.bzip.org/1.0.6/bzip2-1.0.6.tar.gz md5sum 00b516f4704d4a7cb50a1d97e6e8e15b - http://tukaani.org/xz/xz-5.0.4.tar.bz2 http://tukaani.org/xz/xz-5.0.4.tar.bz2.sig - http://www.oberhumer.com/opensource/lzo/download/lzo-2.06.tar.gz --- .gitignore | 3 ++ .hgignore | 3 ++ extras/mini-os/Makefile | 3 ++ stubdom/Makefile | 84 +++++++++++++++++++++++++++++++++++++++++++++-- stubdom/bzip2.patch | 11 ++++++ stubdom/grub/kexec.c | 6 +++ 6 files changed, 107 insertions(+), 3 deletions(-) create mode 100644 stubdom/bzip2.patch diff --git a/.gitignore b/.gitignore index f71cff8..a95183a 100644 --- a/.gitignore +++ b/.gitignore @@ -107,6 +107,9 @@ stubdom/newlib-1.* stubdom/newlib-x86* stubdom/pciutils-* stubdom/zlib-* +stubdom/bzip2-* +stubdom/xz-* +stubdom/lzo-* stubdom/grub-* stubdom/ocaml-* stubdom/lwip/ diff --git a/.hgignore b/.hgignore index 344792a..044a88a 100644 --- a/.hgignore +++ b/.hgignore @@ -102,6 +102,9 @@ ^stubdom/newlib-.*$ ^stubdom/pciutils-.*$ ^stubdom/zlib-.*$ +^stubdom/bzip2-.*$ +^stubdom/xz-.*$ +^stubdom/lzo-.*$ ^stubdom/grub-.*$ ^stubdom/ocaml-.*$ ^stubdom/lwip/ diff --git a/extras/mini-os/Makefile b/extras/mini-os/Makefile index 2302a23..717b209 100644 --- a/extras/mini-os/Makefile +++ b/extras/mini-os/Makefile @@ -159,6 +159,9 @@ APP_LDLIBS += -L$(XEN_ROOT)/stubdom/libxc-$(XEN_TARGET_ARCH) -whole-archive -lxe endif APP_LDLIBS += -lpci APP_LDLIBS += -lz +APP_LDLIBS += -lbz2 +APP_LDLIBS += -llzma +APP_LDLIBS += -llzo2 APP_LDLIBS += -lm LDLIBS += -lc endif diff --git a/stubdom/Makefile b/stubdom/Makefile index 50ba360..c85dea2 100644 --- a/stubdom/Makefile +++ b/stubdom/Makefile @@ -9,7 +9,19 @@ include $(XEN_ROOT)/Config.mk #ZLIB_URL?=http://www.zlib.net ZLIB_URL=$(XEN_EXTFILES_URL) -ZLIB_VERSION=1.2.3 +ZLIB_VERSION=1.2.7 + +#BZIP2_URL?=http://www.bzip.org/$(BZIP2_VERSION) +BZIP2_URL=$(XEN_EXTFILES_URL) +BZIP2_VERSION=1.0.6 + +#XZ_URL?=http://tukaani.org/xz +XZ_URL=$(XEN_EXTFILES_URL) +XZ_VERSION=5.0.4 + +#LZO_URL?=http://www.oberhumer.com/opensource/lzo/download +LZO_URL=$(XEN_EXTFILES_URL) +LZO_VERSION=2.06 #LIBPCI_URL?=http://www.kernel.org/pub/software/utils/pciutils LIBPCI_URL?=$(XEN_EXTFILES_URL) @@ -134,6 +146,69 @@ $(ZLIB_STAMPFILE): zlib-$(XEN_TARGET_ARCH) $(NEWLIB_STAMPFILE) $(MAKE) DESTDIR= libz.a && \ $(MAKE) DESTDIR= install ) +############ +# Cross-bzip2 +############ + +bzip2-$(BZIP2_VERSION).tar.gz: + $(WGET) $(BZIP2_URL)/$@ + +bzip2-$(XEN_TARGET_ARCH): bzip2-$(BZIP2_VERSION).tar.gz + tar xzf $< + mv bzip2-$(BZIP2_VERSION) $@ + patch -d $@ -p1 < bzip2.patch + +BZIP2_STAMPFILE=$(CROSS_ROOT)/$(GNU_TARGET_ARCH)-xen-elf/lib/libbz2.a +.PHONY: cross-bzip2 +cross-bzip2: $(BZIP2_STAMPFILE) +$(BZIP2_STAMPFILE): bzip2-$(XEN_TARGET_ARCH) $(NEWLIB_STAMPFILE) + ( cd $< && \ + $(MAKE) CROSS_CFLAGS="$(TARGET_CPPFLAGS) $(TARGET_CFLAGS) -DBZ_NO_STDIO" CC=$(CC) DESTDIR= libbz2.a && \ + $(INSTALL_DATA) libbz2.a $(CROSS_PREFIX)/$(GNU_TARGET_ARCH)-xen-elf/lib/ && \ + $(INSTALL_DATA) bzlib.h $(CROSS_PREFIX)/$(GNU_TARGET_ARCH)-xen-elf/include/ \ + ) + +############## +# Cross-xz +############## + +xz-$(XZ_VERSION).tar.bz2: + $(WGET) $(XZ_URL)/$@ + +xz-$(XEN_TARGET_ARCH): xz-$(XZ_VERSION).tar.bz2 + tar xjf $< + mv xz-$(XZ_VERSION) $@ + +XZ_STAMPFILE=$(CROSS_ROOT)/$(GNU_TARGET_ARCH)-xen-elf/lib/liblzma.a +.PHONY: cross-xz +cross-xz: $(XZ_STAMPFILE) +$(XZ_STAMPFILE): xz-$(XEN_TARGET_ARCH) $(NEWLIB_STAMPFILE) + ( cd $< && \ + CFLAGS="$(TARGET_CPPFLAGS) $(TARGET_CFLAGS)" CC=$(CC) ./configure --prefix=$(CROSS_PREFIX)/$(GNU_TARGET_ARCH)-xen-elf && \ + cd src/liblzma && \ + $(MAKE) DESTDIR= liblzma.la && \ + $(MAKE) DESTDIR= install ) + +############## +# Cross-lzo +############## + +lzo-$(LZO_VERSION).tar.gz: + $(WGET) $(LZO_URL)/$@ + +lzo-$(XEN_TARGET_ARCH): lzo-$(LZO_VERSION).tar.gz + tar xzf $< + mv lzo-$(LZO_VERSION) $@ + +LZO_STAMPFILE=$(CROSS_ROOT)/$(GNU_TARGET_ARCH)-xen-elf/lib/liblzo2.a +.PHONY: cross-lzo +cross-lzo: $(LZO_STAMPFILE) +$(LZO_STAMPFILE): lzo-$(XEN_TARGET_ARCH) $(NEWLIB_STAMPFILE) + ( cd $< && \ + CFLAGS="$(TARGET_CPPFLAGS) $(TARGET_CFLAGS)" CC=$(CC) ./configure --prefix=$(CROSS_PREFIX)/$(GNU_TARGET_ARCH)-xen-elf && \ + $(MAKE) DESTDIR= src/liblzo2.la && \ + $(MAKE) DESTDIR= install-libLTLIBRARIES install-pkgincludeHEADERS ) + ############## # Cross-libpci ############## @@ -281,10 +356,13 @@ $(TARGETS_MINIOS): mini-os-%: .PHONY: libxc libxc: libxc-$(XEN_TARGET_ARCH)/libxenctrl.a libxc-$(XEN_TARGET_ARCH)/libxenguest.a -libxc-$(XEN_TARGET_ARCH)/libxenctrl.a: cross-zlib +libxc-$(XEN_TARGET_ARCH)/libxenctrl.a: TARGET_CFLAGS += -DHAVE_BZLIB +libxc-$(XEN_TARGET_ARCH)/libxenctrl.a: TARGET_CFLAGS += -DHAVE_LZMA +libxc-$(XEN_TARGET_ARCH)/libxenctrl.a: TARGET_CFLAGS += -DHAVE_LZO1X +libxc-$(XEN_TARGET_ARCH)/libxenctrl.a: cross-zlib cross-bzip2 cross-xz cross-lzo CPPFLAGS="$(TARGET_CPPFLAGS)" CFLAGS="$(TARGET_CFLAGS)" $(MAKE) DESTDIR= -C libxc-$(XEN_TARGET_ARCH) - libxc-$(XEN_TARGET_ARCH)/libxenguest.a: libxc-$(XEN_TARGET_ARCH)/libxenctrl.a +libxc-$(XEN_TARGET_ARCH)/libxenguest.a: libxc-$(XEN_TARGET_ARCH)/libxenctrl.a ####### # ioemu diff --git a/stubdom/bzip2.patch b/stubdom/bzip2.patch new file mode 100644 index 0000000..2eb0416 --- /dev/null +++ b/stubdom/bzip2.patch @@ -0,0 +1,11 @@ +--- bzip2-x86_64.orig/Makefile 2013-01-04 10:56:57.000000000 +0000 ++++ bzip2-x86_64/Makefile 2013-01-04 10:57:06.000000000 +0000 +@@ -21,7 +21,7 @@ + LDFLAGS+ + BIGFILES=-D_FILE_OFFSET_BITS=64 +-CFLAGS=-Wall -Winline -O2 -g $(BIGFILES) ++CFLAGS=$(CROSS_CFLAGS) -Wall -Winline -O2 -g $(BIGFILES) + + # Where you want it installed when you do 'make install' + PREFIX=/usr/local diff --git a/stubdom/grub/kexec.c b/stubdom/grub/kexec.c index b21c91a..9d10d32 100644 --- a/stubdom/grub/kexec.c +++ b/stubdom/grub/kexec.c @@ -54,6 +54,12 @@ static unsigned long allocated; int pin_table(xc_interface *xc_handle, unsigned int type, unsigned long mfn, domid_t dom); +/* Required by libbz2 */ +void bz_internal_error(int errcode) +{ + printk("BZIP2: Internal Error %d", __FUNCTION__); +} + /* We need mfn to appear as target_pfn, so exchange with the MFN there */ static void do_exchange(struct xc_dom_image *dom, xen_pfn_t target_pfn, xen_pfn_t source_mfn) { -- 1.7.2.5 _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org http://lists.xen.org/xen-devel
Samuel Thibault
2013-Jan-04 23:42 UTC
Re: [PATCH] pv-grub: Support bzip2, xz and lzo compressed kernels
Ian Campbell, le Fri 04 Jan 2013 12:43:43 +0000, a écrit :> Oops, yes, I cut them out with the unneeded configure by mistake!Ok :) It works fine Acked-By: Samuel Thibault <samuel.thibault@ens-lyon.org> Samuel
Bastian Blank
2013-Feb-26 22:25 UTC
Re: [PATCH] pv-grub: Support bzip2, xz and lzo compressed kernels
On Fri, Jan 04, 2013 at 12:40:20PM +0000, Ian Campbell wrote:> On Fri, 2013-01-04 at 12:33 +0000, Bastian Blank wrote: > > Is there a reason not to use the implementations used by the hypervisor? > Decompressing a potentially untrusted compressed file in the context of > the hypervisor would open you up to all sorts of security issues. One of > the points of pv-grub is that the untrusted code runs only with guest > privileges.This was not what I meant, but you realized that already. Anyway, I have some not really nice patches that integrate the hypervisor bzip2, lzma, xz and lzo code into pv-grub. gzip is not handled via this code path. Bastian -- Insufficient facts always invite danger. -- Spock, "Space Seed", stardate 3141.9
Move the existing decompression methods into its own file.
Signed-off-by: Bastian Blank <waldi@debian.org>
diff -r 66f563be41d9 tools/libxc/Makefile
--- a/tools/libxc/Makefile Tue Feb 19 10:49:53 2013 +0100
+++ b/tools/libxc/Makefile Tue Feb 26 19:23:05 2013 +0100
@@ -58,6 +58,7 @@
GUEST_SRCS-y += xc_dom_core.c xc_dom_boot.c
GUEST_SRCS-y += xc_dom_elfloader.c
GUEST_SRCS-$(CONFIG_X86) += xc_dom_bzimageloader.c
+GUEST_SRCS-$(CONFIG_X86) += xc_dom_decompress.c
GUEST_SRCS-$(CONFIG_ARM) += xc_dom_armzimageloader.c
GUEST_SRCS-y += xc_dom_binloader.c
GUEST_SRCS-y += xc_dom_compat_linux.c
@@ -182,8 +183,8 @@
zlib-options = $(ZLIB)
endif
-xc_dom_bzimageloader.o: CFLAGS += $(call zlib-options,D)
-xc_dom_bzimageloader.opic: CFLAGS += $(call zlib-options,D)
+xc_dom_decompress.o: CFLAGS += $(call zlib-options,D)
+xc_dom_decompress.opic: CFLAGS += $(call zlib-options,D)
libxenguest.so.$(MAJOR).$(MINOR): COMPRESSION_LIBS = $(call zlib-options,l)
libxenguest.so.$(MAJOR).$(MINOR): $(GUEST_PIC_OBJS) libxenctrl.so
diff -r 66f563be41d9 tools/libxc/xc_dom.h
--- a/tools/libxc/xc_dom.h Tue Feb 19 10:49:53 2013 +0100
+++ b/tools/libxc/xc_dom.h Tue Feb 26 19:23:05 2013 +0100
@@ -293,6 +293,17 @@
void xc_dom_unmap_one(struct xc_dom_image *dom, xen_pfn_t pfn);
void xc_dom_unmap_all(struct xc_dom_image *dom);
+int xc_try_bzip2_decode(struct xc_dom_image *dom, void **blob, size_t *size)
+ __attribute__((visibility("hidden")));
+int xc_try_gzip_decode(struct xc_dom_image *dom, void **blob, size_t *size)
+ __attribute__((visibility("hidden")));
+int xc_try_lzma_decode(struct xc_dom_image *dom, void **blob, size_t *size)
+ __attribute__((visibility("hidden")));
+int xc_try_lzo1x_decode(struct xc_dom_image *dom, void **blob, size_t *size)
+ __attribute__((visibility("hidden")));
+int xc_try_xz_decode(struct xc_dom_image *dom, void **blob, size_t *size)
+ __attribute__((visibility("hidden")));
+
static inline void *xc_dom_seg_to_ptr(struct xc_dom_image *dom,
struct xc_dom_seg *seg)
{
diff -r 66f563be41d9 tools/libxc/xc_dom_bzimageloader.c
--- a/tools/libxc/xc_dom_bzimageloader.c Tue Feb 19 10:49:53 2013 +0100
+++ b/tools/libxc/xc_dom_bzimageloader.c Tue Feb 26 19:23:05 2013 +0100
@@ -35,533 +35,6 @@
#include "xg_private.h"
#include "xc_dom.h"
-#if defined(HAVE_BZLIB)
-
-#include <bzlib.h>
-
-static int xc_try_bzip2_decode(
- struct xc_dom_image *dom, void **blob, size_t *size)
-{
- bz_stream stream;
- int ret;
- char *out_buf;
- char *tmp_buf;
- int retval = -1;
- unsigned int outsize;
- uint64_t total;
-
- stream.bzalloc = NULL;
- stream.bzfree = NULL;
- stream.opaque = NULL;
-
- if ( dom->kernel_size == 0)
- {
- DOMPRINTF("BZIP2: Input is 0 size");
- return -1;
- }
-
- ret = BZ2_bzDecompressInit(&stream, 0, 0);
- if ( ret != BZ_OK )
- {
- DOMPRINTF("BZIP2: Error initting stream");
- return -1;
- }
-
- /* sigh. We don''t know up-front how much memory we are going to
need
- * for the output buffer. Allocate the output buffer to be equal
- * the input buffer to start, and we''ll realloc as needed.
- */
- outsize = dom->kernel_size;
-
- /*
- * stream.avail_in and outsize are unsigned int, while kernel_size
- * is a size_t. Check we aren''t overflowing.
- */
- if ( outsize != dom->kernel_size )
- {
- DOMPRINTF("BZIP2: Input too large");
- goto bzip2_cleanup;
- }
-
- out_buf = malloc(outsize);
- if ( out_buf == NULL )
- {
- DOMPRINTF("BZIP2: Failed to alloc memory");
- goto bzip2_cleanup;
- }
-
- stream.next_in = dom->kernel_blob;
- stream.avail_in = dom->kernel_size;
-
- stream.next_out = out_buf;
- stream.avail_out = dom->kernel_size;
-
- for ( ; ; )
- {
- ret = BZ2_bzDecompress(&stream);
- if ( ret == BZ_STREAM_END )
- {
- DOMPRINTF("BZIP2: Saw data stream end");
- retval = 0;
- break;
- }
- if ( ret != BZ_OK )
- {
- DOMPRINTF("BZIP2: error %d", ret);
- free(out_buf);
- goto bzip2_cleanup;
- }
-
- if ( stream.avail_out == 0 )
- {
- /* Protect against output buffer overflow */
- if ( outsize > UINT_MAX / 2 )
- {
- DOMPRINTF("BZIP2: output buffer overflow");
- free(out_buf);
- goto bzip2_cleanup;
- }
-
- if ( xc_dom_kernel_check_size(dom, outsize * 2) )
- {
- DOMPRINTF("BZIP2: output too large");
- free(out_buf);
- goto bzip2_cleanup;
- }
-
- tmp_buf = realloc(out_buf, outsize * 2);
- if ( tmp_buf == NULL )
- {
- DOMPRINTF("BZIP2: Failed to realloc memory");
- free(out_buf);
- goto bzip2_cleanup;
- }
- out_buf = tmp_buf;
-
- stream.next_out = out_buf + outsize;
- stream.avail_out = (outsize * 2) - outsize;
- outsize *= 2;
- }
- else if ( stream.avail_in == 0 )
- {
- /*
- * If there is output buffer available then this indicates
- * that BZ2_bzDecompress would like more input data to be
- * provided. However our complete input buffer is in
- * memory and provided upfront so if avail_in is zero this
- * actually indicates a truncated input.
- */
- DOMPRINTF("BZIP2: not enough input");
- free(out_buf);
- goto bzip2_cleanup;
- }
- }
-
- total = (((uint64_t)stream.total_out_hi32) << 32) |
stream.total_out_lo32;
-
- DOMPRINTF("%s: BZIP2 decompress OK, 0x%zx -> 0x%lx",
- __FUNCTION__, *size, (long unsigned int) total);
-
- *blob = out_buf;
- *size = total;
-
- bzip2_cleanup:
- BZ2_bzDecompressEnd(&stream);
-
- return retval;
-}
-
-#else /* !defined(HAVE_BZLIB) */
-
-static int xc_try_bzip2_decode(
- struct xc_dom_image *dom, void **blob, size_t *size)
-{
- DOMPRINTF("%s: BZIP2 decompress support unavailable",
- __FUNCTION__);
- return -1;
-}
-
-#endif
-
-#if defined(HAVE_LZMA)
-
-#include <lzma.h>
-
-static int _xc_try_lzma_decode(
- struct xc_dom_image *dom, void **blob, size_t *size,
- lzma_stream *stream, const char *what)
-{
- lzma_ret ret;
- lzma_action action = LZMA_RUN;
- unsigned char *out_buf;
- unsigned char *tmp_buf;
- int retval = -1;
- size_t outsize;
- const char *msg;
-
- if ( dom->kernel_size == 0)
- {
- DOMPRINTF("%s: Input is 0 size", what);
- return -1;
- }
-
- /* sigh. We don''t know up-front how much memory we are going to
need
- * for the output buffer. Allocate the output buffer to be equal
- * the input buffer to start, and we''ll realloc as needed.
- */
- outsize = dom->kernel_size;
- out_buf = malloc(outsize);
- if ( out_buf == NULL )
- {
- DOMPRINTF("%s: Failed to alloc memory", what);
- goto lzma_cleanup;
- }
-
- stream->next_in = dom->kernel_blob;
- stream->avail_in = dom->kernel_size;
-
- stream->next_out = out_buf;
- stream->avail_out = dom->kernel_size;
-
- for ( ; ; )
- {
- ret = lzma_code(stream, action);
- if ( ret == LZMA_STREAM_END )
- {
- DOMPRINTF("%s: Saw data stream end", what);
- retval = 0;
- break;
- }
- if ( ret != LZMA_OK )
- {
- switch ( ret )
- {
- case LZMA_MEM_ERROR:
- msg = strerror(ENOMEM);
- break;
-
- case LZMA_MEMLIMIT_ERROR:
- msg = "Memory usage limit reached";
- break;
-
- case LZMA_FORMAT_ERROR:
- msg = "File format not recognized";
- break;
-
- case LZMA_OPTIONS_ERROR:
- // FIXME: Better message?
- msg = "Unsupported compression options";
- break;
-
- case LZMA_DATA_ERROR:
- msg = "File is corrupt";
- break;
-
- case LZMA_BUF_ERROR:
- msg = "Unexpected end of input";
- break;
-
- default:
- msg = "Internal program error (bug)";
- break;
- }
- DOMPRINTF("%s: %s decompression error: %s",
- __FUNCTION__, what, msg);
- free(out_buf);
- goto lzma_cleanup;
- }
-
- if ( stream->avail_out == 0 )
- {
- /* Protect against output buffer overflow */
- if ( outsize > SIZE_MAX / 2 )
- {
- DOMPRINTF("%s: output buffer overflow", what);
- free(out_buf);
- goto lzma_cleanup;
- }
-
- if ( xc_dom_kernel_check_size(dom, outsize * 2) )
- {
- DOMPRINTF("%s: output too large", what);
- free(out_buf);
- goto lzma_cleanup;
- }
-
- tmp_buf = realloc(out_buf, outsize * 2);
- if ( tmp_buf == NULL )
- {
- DOMPRINTF("%s: Failed to realloc memory", what);
- free(out_buf);
- goto lzma_cleanup;
- }
- out_buf = tmp_buf;
-
- stream->next_out = out_buf + outsize;
- stream->avail_out = (outsize * 2) - outsize;
- outsize *= 2;
- }
- }
-
- DOMPRINTF("%s: %s decompress OK, 0x%zx -> 0x%zx",
- __FUNCTION__, what, *size, (size_t)stream->total_out);
-
- *blob = out_buf;
- *size = stream->total_out;
-
- lzma_cleanup:
- lzma_end(stream);
-
- return retval;
-}
-
-/* 128 Mb is the minimum size (half-way) documented to work for all inputs. */
-#define LZMA_BLOCK_SIZE (128*1024*1024)
-
-static int xc_try_xz_decode(
- struct xc_dom_image *dom, void **blob, size_t *size)
-{
- lzma_stream stream = LZMA_STREAM_INIT;
-
- if ( lzma_stream_decoder(&stream, LZMA_BLOCK_SIZE, 0) != LZMA_OK )
- {
- DOMPRINTF("XZ: Failed to init decoder");
- return -1;
- }
-
- return _xc_try_lzma_decode(dom, blob, size, &stream, "XZ");
-}
-
-static int xc_try_lzma_decode(
- struct xc_dom_image *dom, void **blob, size_t *size)
-{
- lzma_stream stream = LZMA_STREAM_INIT;
-
- if ( lzma_alone_decoder(&stream, LZMA_BLOCK_SIZE) != LZMA_OK )
- {
- DOMPRINTF("LZMA: Failed to init decoder");
- return -1;
- }
-
- return _xc_try_lzma_decode(dom, blob, size, &stream, "LZMA");
-}
-
-#else /* !defined(HAVE_LZMA) */
-
-static int xc_try_xz_decode(
- struct xc_dom_image *dom, void **blob, size_t *size)
-{
- DOMPRINTF("%s: XZ decompress support unavailable",
- __FUNCTION__);
- return -1;
-}
-
-static int xc_try_lzma_decode(
- struct xc_dom_image *dom, void **blob, size_t *size)
-{
- DOMPRINTF("%s: LZMA decompress support unavailable",
- __FUNCTION__);
- return -1;
-}
-
-#endif
-
-#if defined(HAVE_LZO1X)
-
-#include <lzo/lzo1x.h>
-
-#define LZOP_HEADER_HAS_FILTER 0x00000800
-#define LZOP_MAX_BLOCK_SIZE (64*1024*1024)
-
-static inline uint_fast16_t lzo_read_16(const unsigned char *buf)
-{
- return buf[1] | (buf[0] << 8);
-}
-
-static inline uint_fast32_t lzo_read_32(const unsigned char *buf)
-{
- return lzo_read_16(buf + 2) | ((uint32_t)lzo_read_16(buf) << 16);
-}
-
-static int xc_try_lzo1x_decode(
- struct xc_dom_image *dom, void **blob, size_t *size)
-{
- int ret;
- const unsigned char *cur = dom->kernel_blob;
- unsigned char *out_buf = NULL;
- size_t left = dom->kernel_size;
- const char *msg;
- unsigned version;
- static const unsigned char magic[] = {
- 0x89, 0x4c, 0x5a, 0x4f, 0x00, 0x0d, 0x0a, 0x1a, 0x0a
- };
-
- /*
- * lzo_uint should match size_t. Check that this is the case to be
- * sure we won''t overflow various lzo_uint fields.
- */
- XC_BUILD_BUG_ON(sizeof(lzo_uint) != sizeof(size_t));
-
- ret = lzo_init();
- if ( ret != LZO_E_OK )
- {
- DOMPRINTF("LZO1x: Failed to init library (%d)\n", ret);
- return -1;
- }
-
- if ( left < 16 || memcmp(cur, magic, 9) )
- {
- DOMPRINTF("LZO1x: Unrecognized magic\n");
- return -1;
- }
-
- /* get version (2bytes), skip library version (2),
- * ''need to be extracted'' version (2) and method (1) */
- version = lzo_read_16(cur + 9);
- cur += 16;
- left -= 16;
-
- if ( version >= 0x0940 )
- {
- /* skip level */
- ++cur;
- if ( left )
- --left;
- }
-
- if ( left >= 4 && (lzo_read_32(cur) &
LZOP_HEADER_HAS_FILTER) )
- ret = 8; /* flags + filter info */
- else
- ret = 4; /* flags */
-
- /* skip mode and mtime_low */
- ret += 8;
- if ( version >= 0x0940 )
- ret += 4; /* skip mtime_high */
-
- /* don''t care about the file name, and skip checksum */
- if ( left > ret )
- ret += 1 + cur[ret] + 4;
-
- if ( left < ret )
- {
- DOMPRINTF("LZO1x: Incomplete header\n");
- return -1;
- }
- cur += ret;
- left -= ret;
-
- for ( *size = 0; ; )
- {
- lzo_uint src_len, dst_len, out_len;
- unsigned char *tmp_buf;
-
- msg = "Short input";
- if ( left < 4 )
- break;
-
- dst_len = lzo_read_32(cur);
- if ( !dst_len )
- return 0;
-
- if ( dst_len > LZOP_MAX_BLOCK_SIZE )
- {
- msg = "Block size too large";
- break;
- }
-
- if ( left < 12 )
- break;
-
- src_len = lzo_read_32(cur + 4);
- cur += 12; /* also skip block checksum info */
- left -= 12;
-
- msg = "Bad source length";
- if ( src_len <= 0 || src_len > dst_len || src_len > left )
- break;
-
- msg = "Output buffer overflow";
- if ( *size > SIZE_MAX - dst_len )
- break;
-
- msg = "Decompressed image too large";
- if ( xc_dom_kernel_check_size(dom, *size + dst_len) )
- break;
-
- msg = "Failed to (re)alloc memory";
- tmp_buf = realloc(out_buf, *size + dst_len);
- if ( tmp_buf == NULL )
- break;
-
- out_buf = tmp_buf;
- out_len = dst_len;
-
- ret = lzo1x_decompress_safe(cur, src_len,
- out_buf + *size, &out_len, NULL);
- switch ( ret )
- {
- case LZO_E_OK:
- msg = "Input underrun";
- if ( out_len != dst_len )
- break;
-
- *blob = out_buf;
- *size += out_len;
- cur += src_len;
- left -= src_len;
- continue;
-
- case LZO_E_INPUT_NOT_CONSUMED:
- msg = "Unconsumed input";
- break;
-
- case LZO_E_OUTPUT_OVERRUN:
- msg = "Output overrun";
- break;
-
- case LZO_E_INPUT_OVERRUN:
- msg = "Input overrun";
- break;
-
- case LZO_E_LOOKBEHIND_OVERRUN:
- msg = "Look-behind overrun";
- break;
-
- case LZO_E_EOF_NOT_FOUND:
- msg = "No EOF marker";
- break;
-
- case LZO_E_ERROR:
- msg = "General error";
- break;
-
- default:
- msg = "Internal program error (bug)";
- break;
- }
-
- break;
- }
-
- free(out_buf);
- DOMPRINTF("LZO1x decompression error: %s\n", msg);
-
- return -1;
-}
-
-#else /* !defined(HAVE_LZO1X) */
-
-static int xc_try_lzo1x_decode(
- struct xc_dom_image *dom, void **blob, size_t *size)
-{
- DOMPRINTF("%s: LZO1x decompress support unavailable\n",
- __FUNCTION__);
- return -1;
-}
-
-#endif
-
struct setup_header {
uint8_t _pad0[0x1f1]; /* skip uninteresting stuff */
uint8_t setup_sects;
diff -r 66f563be41d9 tools/libxc/xc_dom_decompress.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tools/libxc/xc_dom_decompress.c Tue Feb 26 19:23:05 2013 +0100
@@ -0,0 +1,567 @@
+/*
+ * Xen decompression wrapper
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation;
+ * version 2.1 of the License.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301
USA
+ *
+ * written 2006 by Gerd Hoffmann <kraxel@suse.de>.
+ * written 2007 by Jeremy Fitzhardinge <jeremy@xensource.com>
+ * written 2008 by Ian Campbell <ijc@hellion.org.uk>
+ * written 2009 by Chris Lalancette <clalance@redhat.com>
+ *
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <inttypes.h>
+
+#include "xg_private.h"
+#include "xc_dom.h"
+
+#if defined(HAVE_BZLIB)
+
+#include <bzlib.h>
+
+int xc_try_bzip2_decode(
+ struct xc_dom_image *dom, void **blob, size_t *size)
+{
+ bz_stream stream;
+ int ret;
+ char *out_buf;
+ char *tmp_buf;
+ int retval = -1;
+ unsigned int outsize;
+ uint64_t total;
+
+ stream.bzalloc = NULL;
+ stream.bzfree = NULL;
+ stream.opaque = NULL;
+
+ if ( dom->kernel_size == 0)
+ {
+ DOMPRINTF("BZIP2: Input is 0 size");
+ return -1;
+ }
+
+ ret = BZ2_bzDecompressInit(&stream, 0, 0);
+ if ( ret != BZ_OK )
+ {
+ DOMPRINTF("BZIP2: Error initting stream");
+ return -1;
+ }
+
+ /* sigh. We don''t know up-front how much memory we are going to
need
+ * for the output buffer. Allocate the output buffer to be equal
+ * the input buffer to start, and we''ll realloc as needed.
+ */
+ outsize = dom->kernel_size;
+
+ /*
+ * stream.avail_in and outsize are unsigned int, while kernel_size
+ * is a size_t. Check we aren''t overflowing.
+ */
+ if ( outsize != dom->kernel_size )
+ {
+ DOMPRINTF("BZIP2: Input too large");
+ goto bzip2_cleanup;
+ }
+
+ out_buf = malloc(outsize);
+ if ( out_buf == NULL )
+ {
+ DOMPRINTF("BZIP2: Failed to alloc memory");
+ goto bzip2_cleanup;
+ }
+
+ stream.next_in = dom->kernel_blob;
+ stream.avail_in = dom->kernel_size;
+
+ stream.next_out = out_buf;
+ stream.avail_out = dom->kernel_size;
+
+ for ( ; ; )
+ {
+ ret = BZ2_bzDecompress(&stream);
+ if ( ret == BZ_STREAM_END )
+ {
+ DOMPRINTF("BZIP2: Saw data stream end");
+ retval = 0;
+ break;
+ }
+ if ( ret != BZ_OK )
+ {
+ DOMPRINTF("BZIP2: error %d", ret);
+ free(out_buf);
+ goto bzip2_cleanup;
+ }
+
+ if ( stream.avail_out == 0 )
+ {
+ /* Protect against output buffer overflow */
+ if ( outsize > UINT_MAX / 2 )
+ {
+ DOMPRINTF("BZIP2: output buffer overflow");
+ free(out_buf);
+ goto bzip2_cleanup;
+ }
+
+ if ( xc_dom_kernel_check_size(dom, outsize * 2) )
+ {
+ DOMPRINTF("BZIP2: output too large");
+ free(out_buf);
+ goto bzip2_cleanup;
+ }
+
+ tmp_buf = realloc(out_buf, outsize * 2);
+ if ( tmp_buf == NULL )
+ {
+ DOMPRINTF("BZIP2: Failed to realloc memory");
+ free(out_buf);
+ goto bzip2_cleanup;
+ }
+ out_buf = tmp_buf;
+
+ stream.next_out = out_buf + outsize;
+ stream.avail_out = (outsize * 2) - outsize;
+ outsize *= 2;
+ }
+ else if ( stream.avail_in == 0 )
+ {
+ /*
+ * If there is output buffer available then this indicates
+ * that BZ2_bzDecompress would like more input data to be
+ * provided. However our complete input buffer is in
+ * memory and provided upfront so if avail_in is zero this
+ * actually indicates a truncated input.
+ */
+ DOMPRINTF("BZIP2: not enough input");
+ free(out_buf);
+ goto bzip2_cleanup;
+ }
+ }
+
+ total = (((uint64_t)stream.total_out_hi32) << 32) |
stream.total_out_lo32;
+
+ DOMPRINTF("%s: BZIP2 decompress OK, 0x%zx -> 0x%lx",
+ __FUNCTION__, *size, (long unsigned int) total);
+
+ *blob = out_buf;
+ *size = total;
+
+ bzip2_cleanup:
+ BZ2_bzDecompressEnd(&stream);
+
+ return retval;
+}
+
+#else /* !defined(HAVE_BZLIB) */
+
+int xc_try_bzip2_decode(
+ struct xc_dom_image *dom, void **blob, size_t *size)
+{
+ DOMPRINTF("%s: BZIP2 decompress support unavailable",
+ __FUNCTION__);
+ return -1;
+}
+
+#endif
+
+#if defined(HAVE_LZMA)
+
+#include <lzma.h>
+
+static int _xc_try_lzma_decode(
+ struct xc_dom_image *dom, void **blob, size_t *size,
+ lzma_stream *stream, const char *what)
+{
+ lzma_ret ret;
+ lzma_action action = LZMA_RUN;
+ unsigned char *out_buf;
+ unsigned char *tmp_buf;
+ int retval = -1;
+ size_t outsize;
+ const char *msg;
+
+ if ( dom->kernel_size == 0)
+ {
+ DOMPRINTF("%s: Input is 0 size", what);
+ return -1;
+ }
+
+ /* sigh. We don''t know up-front how much memory we are going to
need
+ * for the output buffer. Allocate the output buffer to be equal
+ * the input buffer to start, and we''ll realloc as needed.
+ */
+ outsize = dom->kernel_size;
+ out_buf = malloc(outsize);
+ if ( out_buf == NULL )
+ {
+ DOMPRINTF("%s: Failed to alloc memory", what);
+ goto lzma_cleanup;
+ }
+
+ stream->next_in = dom->kernel_blob;
+ stream->avail_in = dom->kernel_size;
+
+ stream->next_out = out_buf;
+ stream->avail_out = dom->kernel_size;
+
+ for ( ; ; )
+ {
+ ret = lzma_code(stream, action);
+ if ( ret == LZMA_STREAM_END )
+ {
+ DOMPRINTF("%s: Saw data stream end", what);
+ retval = 0;
+ break;
+ }
+ if ( ret != LZMA_OK )
+ {
+ switch ( ret )
+ {
+ case LZMA_MEM_ERROR:
+ msg = strerror(ENOMEM);
+ break;
+
+ case LZMA_MEMLIMIT_ERROR:
+ msg = "Memory usage limit reached";
+ break;
+
+ case LZMA_FORMAT_ERROR:
+ msg = "File format not recognized";
+ break;
+
+ case LZMA_OPTIONS_ERROR:
+ // FIXME: Better message?
+ msg = "Unsupported compression options";
+ break;
+
+ case LZMA_DATA_ERROR:
+ msg = "File is corrupt";
+ break;
+
+ case LZMA_BUF_ERROR:
+ msg = "Unexpected end of input";
+ break;
+
+ default:
+ msg = "Internal program error (bug)";
+ break;
+ }
+ DOMPRINTF("%s: %s decompression error: %s",
+ __FUNCTION__, what, msg);
+ free(out_buf);
+ goto lzma_cleanup;
+ }
+
+ if ( stream->avail_out == 0 )
+ {
+ /* Protect against output buffer overflow */
+ if ( outsize > SIZE_MAX / 2 )
+ {
+ DOMPRINTF("%s: output buffer overflow", what);
+ free(out_buf);
+ goto lzma_cleanup;
+ }
+
+ if ( xc_dom_kernel_check_size(dom, outsize * 2) )
+ {
+ DOMPRINTF("%s: output too large", what);
+ free(out_buf);
+ goto lzma_cleanup;
+ }
+
+ tmp_buf = realloc(out_buf, outsize * 2);
+ if ( tmp_buf == NULL )
+ {
+ DOMPRINTF("%s: Failed to realloc memory", what);
+ free(out_buf);
+ goto lzma_cleanup;
+ }
+ out_buf = tmp_buf;
+
+ stream->next_out = out_buf + outsize;
+ stream->avail_out = (outsize * 2) - outsize;
+ outsize *= 2;
+ }
+ }
+
+ DOMPRINTF("%s: %s decompress OK, 0x%zx -> 0x%zx",
+ __FUNCTION__, what, *size, (size_t)stream->total_out);
+
+ *blob = out_buf;
+ *size = stream->total_out;
+
+ lzma_cleanup:
+ lzma_end(stream);
+
+ return retval;
+}
+
+/* 128 Mb is the minimum size (half-way) documented to work for all inputs. */
+#define LZMA_BLOCK_SIZE (128*1024*1024)
+
+int xc_try_xz_decode(
+ struct xc_dom_image *dom, void **blob, size_t *size)
+{
+ lzma_stream stream = LZMA_STREAM_INIT;
+
+ if ( lzma_stream_decoder(&stream, LZMA_BLOCK_SIZE, 0) != LZMA_OK )
+ {
+ DOMPRINTF("XZ: Failed to init decoder");
+ return -1;
+ }
+
+ return _xc_try_lzma_decode(dom, blob, size, &stream, "XZ");
+}
+
+int xc_try_lzma_decode(
+ struct xc_dom_image *dom, void **blob, size_t *size)
+{
+ lzma_stream stream = LZMA_STREAM_INIT;
+
+ if ( lzma_alone_decoder(&stream, LZMA_BLOCK_SIZE) != LZMA_OK )
+ {
+ DOMPRINTF("LZMA: Failed to init decoder");
+ return -1;
+ }
+
+ return _xc_try_lzma_decode(dom, blob, size, &stream, "LZMA");
+}
+
+#else /* !defined(HAVE_LZMA) */
+
+int xc_try_xz_decode(
+ struct xc_dom_image *dom, void **blob, size_t *size)
+{
+ DOMPRINTF("%s: XZ decompress support unavailable",
+ __FUNCTION__);
+ return -1;
+}
+
+int xc_try_lzma_decode(
+ struct xc_dom_image *dom, void **blob, size_t *size)
+{
+ DOMPRINTF("%s: LZMA decompress support unavailable",
+ __FUNCTION__);
+ return -1;
+}
+
+#endif
+
+#if defined(HAVE_LZO1X)
+
+#include <lzo/lzo1x.h>
+
+#define LZOP_HEADER_HAS_FILTER 0x00000800
+#define LZOP_MAX_BLOCK_SIZE (64*1024*1024)
+
+static inline uint_fast16_t lzo_read_16(const unsigned char *buf)
+{
+ return buf[1] | (buf[0] << 8);
+}
+
+static inline uint_fast32_t lzo_read_32(const unsigned char *buf)
+{
+ return lzo_read_16(buf + 2) | ((uint32_t)lzo_read_16(buf) << 16);
+}
+
+int xc_try_lzo1x_decode(
+ struct xc_dom_image *dom, void **blob, size_t *size)
+{
+ int ret;
+ const unsigned char *cur = dom->kernel_blob;
+ unsigned char *out_buf = NULL;
+ size_t left = dom->kernel_size;
+ const char *msg;
+ unsigned version;
+ static const unsigned char magic[] = {
+ 0x89, 0x4c, 0x5a, 0x4f, 0x00, 0x0d, 0x0a, 0x1a, 0x0a
+ };
+
+ /*
+ * lzo_uint should match size_t. Check that this is the case to be
+ * sure we won''t overflow various lzo_uint fields.
+ */
+ XC_BUILD_BUG_ON(sizeof(lzo_uint) != sizeof(size_t));
+
+ ret = lzo_init();
+ if ( ret != LZO_E_OK )
+ {
+ DOMPRINTF("LZO1x: Failed to init library (%d)\n", ret);
+ return -1;
+ }
+
+ if ( left < 16 || memcmp(cur, magic, 9) )
+ {
+ DOMPRINTF("LZO1x: Unrecognized magic\n");
+ return -1;
+ }
+
+ /* get version (2bytes), skip library version (2),
+ * ''need to be extracted'' version (2) and method (1) */
+ version = lzo_read_16(cur + 9);
+ cur += 16;
+ left -= 16;
+
+ if ( version >= 0x0940 )
+ {
+ /* skip level */
+ ++cur;
+ if ( left )
+ --left;
+ }
+
+ if ( left >= 4 && (lzo_read_32(cur) &
LZOP_HEADER_HAS_FILTER) )
+ ret = 8; /* flags + filter info */
+ else
+ ret = 4; /* flags */
+
+ /* skip mode and mtime_low */
+ ret += 8;
+ if ( version >= 0x0940 )
+ ret += 4; /* skip mtime_high */
+
+ /* don''t care about the file name, and skip checksum */
+ if ( left > ret )
+ ret += 1 + cur[ret] + 4;
+
+ if ( left < ret )
+ {
+ DOMPRINTF("LZO1x: Incomplete header\n");
+ return -1;
+ }
+ cur += ret;
+ left -= ret;
+
+ for ( *size = 0; ; )
+ {
+ lzo_uint src_len, dst_len, out_len;
+ unsigned char *tmp_buf;
+
+ msg = "Short input";
+ if ( left < 4 )
+ break;
+
+ dst_len = lzo_read_32(cur);
+ if ( !dst_len )
+ return 0;
+
+ if ( dst_len > LZOP_MAX_BLOCK_SIZE )
+ {
+ msg = "Block size too large";
+ break;
+ }
+
+ if ( left < 12 )
+ break;
+
+ src_len = lzo_read_32(cur + 4);
+ cur += 12; /* also skip block checksum info */
+ left -= 12;
+
+ msg = "Bad source length";
+ if ( src_len <= 0 || src_len > dst_len || src_len > left )
+ break;
+
+ msg = "Output buffer overflow";
+ if ( *size > SIZE_MAX - dst_len )
+ break;
+
+ msg = "Decompressed image too large";
+ if ( xc_dom_kernel_check_size(dom, *size + dst_len) )
+ break;
+
+ msg = "Failed to (re)alloc memory";
+ tmp_buf = realloc(out_buf, *size + dst_len);
+ if ( tmp_buf == NULL )
+ break;
+
+ out_buf = tmp_buf;
+ out_len = dst_len;
+
+ ret = lzo1x_decompress_safe(cur, src_len,
+ out_buf + *size, &out_len, NULL);
+ switch ( ret )
+ {
+ case LZO_E_OK:
+ msg = "Input underrun";
+ if ( out_len != dst_len )
+ break;
+
+ *blob = out_buf;
+ *size += out_len;
+ cur += src_len;
+ left -= src_len;
+ continue;
+
+ case LZO_E_INPUT_NOT_CONSUMED:
+ msg = "Unconsumed input";
+ break;
+
+ case LZO_E_OUTPUT_OVERRUN:
+ msg = "Output overrun";
+ break;
+
+ case LZO_E_INPUT_OVERRUN:
+ msg = "Input overrun";
+ break;
+
+ case LZO_E_LOOKBEHIND_OVERRUN:
+ msg = "Look-behind overrun";
+ break;
+
+ case LZO_E_EOF_NOT_FOUND:
+ msg = "No EOF marker";
+ break;
+
+ case LZO_E_ERROR:
+ msg = "General error";
+ break;
+
+ default:
+ msg = "Internal program error (bug)";
+ break;
+ }
+
+ break;
+ }
+
+ free(out_buf);
+ DOMPRINTF("LZO1x decompression error: %s\n", msg);
+
+ return -1;
+}
+
+#else /* !defined(HAVE_LZO1X) */
+
+int xc_try_lzo1x_decode(
+ struct xc_dom_image *dom, void **blob, size_t *size)
+{
+ DOMPRINTF("%s: LZO1x decompress support unavailable\n",
+ __FUNCTION__);
+ return -1;
+}
+
+#endif
+
+/*
+ * Local variables:
+ * mode: C
+ * c-set-style: "BSD"
+ * c-basic-offset: 4
+ * tab-width: 4
+ * indent-tabs-mode: nil
+ * End:
+ */
Add trusted decompressors based on hypervisor code.
This are used in mini-os by pv-grub.
Signed-off-by: Bastian Blank <waldi@debian.org>
diff -r efdc4bbfdd20 stubdom/Makefile
--- a/stubdom/Makefile Tue Feb 26 19:42:36 2013 +0100
+++ b/stubdom/Makefile Tue Feb 26 23:20:22 2013 +0100
@@ -328,7 +328,7 @@
.PHONY: libxc
libxc: libxc-$(XEN_TARGET_ARCH)/libxenctrl.a
libxc-$(XEN_TARGET_ARCH)/libxenguest.a
libxc-$(XEN_TARGET_ARCH)/libxenctrl.a: cross-zlib
- CPPFLAGS="$(TARGET_CPPFLAGS)" CFLAGS="$(TARGET_CFLAGS)"
$(MAKE) DESTDIR= -C libxc-$(XEN_TARGET_ARCH)
+ CPPFLAGS="$(TARGET_CPPFLAGS)" CFLAGS="$(TARGET_CFLAGS)"
$(MAKE) DESTDIR= CONFIG_LIBXC_MINIOS=y -C libxc-$(XEN_TARGET_ARCH)
libxc-$(XEN_TARGET_ARCH)/libxenguest.a: libxc-$(XEN_TARGET_ARCH)/libxenctrl.a
diff -r efdc4bbfdd20 tools/libxc/Makefile
--- a/tools/libxc/Makefile Tue Feb 26 19:42:36 2013 +0100
+++ b/tools/libxc/Makefile Tue Feb 26 23:20:22 2013 +0100
@@ -58,7 +58,6 @@
GUEST_SRCS-y += xc_dom_core.c xc_dom_boot.c
GUEST_SRCS-y += xc_dom_elfloader.c
GUEST_SRCS-$(CONFIG_X86) += xc_dom_bzimageloader.c
-GUEST_SRCS-$(CONFIG_X86) += xc_dom_decompress.c
GUEST_SRCS-$(CONFIG_ARM) += xc_dom_armzimageloader.c
GUEST_SRCS-y += xc_dom_binloader.c
GUEST_SRCS-y += xc_dom_compat_linux.c
@@ -69,6 +68,16 @@
GUEST_SRCS-$(CONFIG_ARM) += xc_dom_arm.c
GUEST_SRCS-$(CONFIG_ARM) += xc_hvm_build_arm.c
+ifeq ($(CONFIG_LIBXC_MINIOS),y)
+GUEST_SRCS-y += xc_dom_decompress_trusted.c
+GUEST_SRCS-y += xc_dom_decompress_trusted_bzip2.c
+GUEST_SRCS-y += xc_dom_decompress_trusted_lzma.c
+GUEST_SRCS-y += xc_dom_decompress_trusted_lzo1x.c
+GUEST_SRCS-y += xc_dom_decompress_trusted_xz.c
+else
+GUEST_SRCS-y += xc_dom_decompress.c
+endif
+
OSDEP_SRCS-y += xenctrl_osdep_ENOSYS.c
-include $(XEN_TARGET_ARCH)/Makefile
diff -r efdc4bbfdd20 tools/libxc/xc_dom_decompress_trusted.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tools/libxc/xc_dom_decompress_trusted.c Tue Feb 26 23:20:22 2013 +0100
@@ -0,0 +1,49 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <inttypes.h>
+
+#include "xg_private.h"
+#include "xc_dom_decompress_trusted.h"
+
+struct xc_dom_image *trusted_dom;
+static unsigned char *output_blob;
+static unsigned int output_size;
+
+static void trusted_error(const char *msg)
+{
+ xc_dom_panic(trusted_dom->xch, XC_INVALID_KERNEL, "%s", msg);
+}
+
+static int trusted_flush(void *src, unsigned int size)
+{
+ void *n = realloc(output_blob, output_size + size);
+ if (!n)
+ return -1;
+ output_blob = n;
+
+ memcpy(&output_blob[output_size], src, size);
+ output_size += size;
+ return size;
+}
+
+int xc_dom_decompress_trusted_decompress(
+ decompress_fn fn, struct xc_dom_image *dom, void **blob, size_t *size)
+{
+ int ret;
+
+ trusted_dom = dom;
+ output_blob = NULL;
+ output_size = 0;
+
+ ret = fn(dom->kernel_blob, dom->kernel_size, NULL, trusted_flush,
NULL, NULL, trusted_error);
+
+ if (ret)
+ free(output_blob);
+ else {
+ *blob = output_blob;
+ *size = output_size;
+ }
+
+ return ret;
+}
+
diff -r efdc4bbfdd20 tools/libxc/xc_dom_decompress_trusted.h
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tools/libxc/xc_dom_decompress_trusted.h Tue Feb 26 23:20:22 2013 +0100
@@ -0,0 +1,12 @@
+#include "xc_dom.h"
+
+typedef int decompress_fn(unsigned char *inbuf, unsigned int len,
+ int (*fill)(void*, unsigned int),
+ int (*flush)(void*, unsigned int),
+ unsigned char *outbuf, unsigned int *posp,
+ void (*error)(const char *x));
+
+int xc_dom_decompress_trusted_decompress(
+ decompress_fn fn, struct xc_dom_image *dom, void **blob, size_t *size)
+ __attribute__((visibility("hidden")));
+
diff -r efdc4bbfdd20 tools/libxc/xc_dom_decompress_trusted_bzip2.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tools/libxc/xc_dom_decompress_trusted_bzip2.c Tue Feb 26 23:20:22 2013
+0100
@@ -0,0 +1,14 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <inttypes.h>
+
+#include "xg_private.h"
+#include "xc_dom_decompress_trusted.h"
+
+#include "../../xen/common/bunzip2.c"
+
+int xc_try_bzip2_decode(
+ struct xc_dom_image *dom, void **blob, size_t *size)
+{
+ return xc_dom_decompress_trusted_decompress(bunzip2, dom, blob, size);
+}
diff -r efdc4bbfdd20 tools/libxc/xc_dom_decompress_trusted_lzma.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tools/libxc/xc_dom_decompress_trusted_lzma.c Tue Feb 26 23:20:22 2013
+0100
@@ -0,0 +1,14 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <inttypes.h>
+
+#include "xg_private.h"
+#include "xc_dom_decompress_trusted.h"
+
+#include "../../xen/common/unlzma.c"
+
+int xc_try_lzma_decode(
+ struct xc_dom_image *dom, void **blob, size_t *size)
+{
+ return xc_dom_decompress_trusted_decompress(unlzma, dom, blob, size);
+}
diff -r efdc4bbfdd20 tools/libxc/xc_dom_decompress_trusted_lzo1x.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tools/libxc/xc_dom_decompress_trusted_lzo1x.c Tue Feb 26 23:20:22 2013
+0100
@@ -0,0 +1,15 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <inttypes.h>
+
+#include "xg_private.h"
+#include "xc_dom_decompress_trusted.h"
+
+#include "../../xen/common/lzo.c"
+#include "../../xen/common/unlzo.c"
+
+int xc_try_lzo1x_decode(
+ struct xc_dom_image *dom, void **blob, size_t *size)
+{
+ return xc_dom_decompress_trusted_decompress(unlzo, dom, blob, size);
+}
diff -r efdc4bbfdd20 tools/libxc/xc_dom_decompress_trusted_xz.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tools/libxc/xc_dom_decompress_trusted_xz.c Tue Feb 26 23:20:22 2013 +0100
@@ -0,0 +1,17 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <inttypes.h>
+
+#include "xg_private.h"
+#include "xc_dom_decompress_trusted.h"
+
+// TODO
+#define XZ_DEC_X86
+
+#include "../../xen/common/unxz.c"
+
+int xc_try_xz_decode(
+ struct xc_dom_image *dom, void **blob, size_t *size)
+{
+ return xc_dom_decompress_trusted_decompress(unxz, dom, blob, size);
+}
diff -r efdc4bbfdd20 xen/common/decompress.h
--- a/xen/common/decompress.h Tue Feb 26 19:42:36 2013 +0100
+++ b/xen/common/decompress.h Tue Feb 26 23:20:22 2013 +0100
@@ -1,3 +1,5 @@
+#ifdef __XEN__
+
#include <xen/config.h>
#include <xen/cache.h>
#include <xen/decompress.h>
@@ -15,3 +17,14 @@
#define large_malloc xmalloc_bytes
#define large_free xfree
+
+#else
+
+#define STATIC static
+#define INIT
+#define INITDATA
+
+#define large_malloc malloc
+#define large_free free
+
+#endif
diff -r efdc4bbfdd20 xen/common/lzo.c
--- a/xen/common/lzo.c Tue Feb 26 19:42:36 2013 +0100
+++ b/xen/common/lzo.c Tue Feb 26 23:20:22 2013 +0100
@@ -68,7 +68,19 @@
* Richard Purdie <rpurdie@openedhand.com>
*/
+#ifndef __MINIOS__
#include <xen/types.h>
+#else
+#include <stdint.h>
+
+typedef uint32_t u32;
+typedef uint16_t u16;
+
+#define likely(a) a
+#define noinline
+#define unlikely(a) a
+#endif
+
#include <xen/lzo.h>
#define get_unaligned(_p) (*(_p))
#define put_unaligned(_val,_p) (*(_p)=_val)
diff -r efdc4bbfdd20 xen/common/unlzma.c
--- a/xen/common/unlzma.c Tue Feb 26 19:42:36 2013 +0100
+++ b/xen/common/unlzma.c Tue Feb 26 23:20:22 2013 +0100
@@ -54,7 +54,9 @@
* Copyright (c) 1999-2005 Igor Pavlov
*/
+#ifndef __MINIOS__
#include <xen/compiler.h>
+#endif
#define LZMA_IOBUF_SIZE 0x10000
diff -r efdc4bbfdd20 xen/common/unlzo.c
--- a/xen/common/unlzo.c Tue Feb 26 19:42:36 2013 +0100
+++ b/xen/common/unlzo.c Tue Feb 26 23:20:22 2013 +0100
@@ -32,7 +32,43 @@
#include "decompress.h"
#include <xen/lzo.h>
+
+#ifndef __MINIOS__
#include <asm/byteorder.h>
+#else
+#include <endian.h>
+#include <stdint.h>
+
+typedef uint8_t u8;
+typedef uint16_t u16;
+typedef uint32_t u32;
+
+static inline u16 be16_to_cpup(const u16 *p)
+{
+ u16 v = *p;
+#if BYTE_ORDER == LITTLE_ENDIAN
+ return (((v & 0x00ffU) << 8) |
+ ((v & 0xff00U) >> 8));
+#else
+ return v;
+#endif
+}
+
+static inline u32 be32_to_cpup(const u32 *p)
+{
+ u32 v = *p;
+#if BYTE_ORDER == LITTLE_ENDIAN
+ return (((v & 0x000000ffUL) << 24) |
+ ((v & 0x0000ff00UL) << 8) |
+ ((v & 0x00ff0000UL) >> 8) |
+ ((v & 0xff000000UL) >> 24));
+#else
+ return v;
+#endif
+}
+
+#define unlikely(a) a
+#endif
#if 1 /* ndef CONFIG_??? */
static inline u16 INIT get_unaligned_be16(void *p)
diff -r efdc4bbfdd20 xen/common/xz/private.h
--- a/xen/common/xz/private.h Tue Feb 26 19:42:36 2013 +0100
+++ b/xen/common/xz/private.h Tue Feb 26 23:20:22 2013 +0100
@@ -10,8 +10,53 @@
#ifndef XZ_PRIVATE_H
#define XZ_PRIVATE_H
+#ifndef __MINIOS__
#include <xen/kernel.h>
#include <asm/byteorder.h>
+#else
+#include <endian.h>
+#include <stddef.h>
+#include <stdint.h>
+
+typedef char bool_t;
+typedef uint8_t u8;
+typedef uint16_t u16;
+typedef uint32_t u32;
+typedef uint32_t __le32;
+
+static inline u32 cpu_to_le32(const u32 v)
+{
+#if BYTE_ORDER == BIG_ENDIAN
+ return (((v & 0x000000ffUL) << 24) |
+ ((v & 0x0000ff00UL) << 8) |
+ ((v & 0x00ff0000UL) >> 8) |
+ ((v & 0xff000000UL) >> 24));
+#else
+ return v;
+#endif
+}
+
+static inline u32 le32_to_cpup(const u32 *p)
+{
+ return cpu_to_le32(*p);
+}
+
+#define min(x,y) ({ \
+ const typeof(x) _x = (x); \
+ const typeof(y) _y = (y); \
+ (void) (&_x == &_y); \
+ _x < _y ? _x : _y; })
+
+#define min_t(type,x,y) \
+ ({ type __x = (x); type __y = (y); __x < __y ? __x: __y; })
+#define max_t(type,x,y) \
+ ({ type __x = (x); type __y = (y); __x > __y ? __x: __y; })
+
+#define __force
+#define always_inline
+
+#endif
+
#define get_le32(p) le32_to_cpup((const uint32_t *)(p))
#if 1 /* ndef CONFIG_??? */
On Tue, 2013-02-26 at 22:32 +0000, Bastian Blank wrote:> Add trusted decompressors based on hypervisor code. > This are used in mini-os by pv-grub.I think this is a reasonably pragmatic way to arrange the build. I''m not sure "trusted" is quite the right term though, these aren''t really any more trustworthy than the library supplied ones -- they are just more suitable for a mini-os environment. I can''t think of a better term though...> > Signed-off-by: Bastian Blank <waldi@debian.org> > > diff -r efdc4bbfdd20 stubdom/Makefile > --- a/stubdom/Makefile Tue Feb 26 19:42:36 2013 +0100 > +++ b/stubdom/Makefile Tue Feb 26 23:20:22 2013 +0100 > @@ -328,7 +328,7 @@ > .PHONY: libxc > libxc: libxc-$(XEN_TARGET_ARCH)/libxenctrl.a libxc-$(XEN_TARGET_ARCH)/libxenguest.a > libxc-$(XEN_TARGET_ARCH)/libxenctrl.a: cross-zlib > - CPPFLAGS="$(TARGET_CPPFLAGS)" CFLAGS="$(TARGET_CFLAGS)" $(MAKE) DESTDIR= -C libxc-$(XEN_TARGET_ARCH) > + CPPFLAGS="$(TARGET_CPPFLAGS)" CFLAGS="$(TARGET_CFLAGS)" $(MAKE) DESTDIR= CONFIG_LIBXC_MINIOS=y -C libxc-$(XEN_TARGET_ARCH) > > libxc-$(XEN_TARGET_ARCH)/libxenguest.a: libxc-$(XEN_TARGET_ARCH)/libxenctrl.a > > diff -r efdc4bbfdd20 tools/libxc/Makefile > --- a/tools/libxc/Makefile Tue Feb 26 19:42:36 2013 +0100 > +++ b/tools/libxc/Makefile Tue Feb 26 23:20:22 2013 +0100 > @@ -58,7 +58,6 @@ > GUEST_SRCS-y += xc_dom_core.c xc_dom_boot.c > GUEST_SRCS-y += xc_dom_elfloader.c > GUEST_SRCS-$(CONFIG_X86) += xc_dom_bzimageloader.c > -GUEST_SRCS-$(CONFIG_X86) += xc_dom_decompress.c > GUEST_SRCS-$(CONFIG_ARM) += xc_dom_armzimageloader.c > GUEST_SRCS-y += xc_dom_binloader.c > GUEST_SRCS-y += xc_dom_compat_linux.c > @@ -69,6 +68,16 @@ > GUEST_SRCS-$(CONFIG_ARM) += xc_dom_arm.c > GUEST_SRCS-$(CONFIG_ARM) += xc_hvm_build_arm.c > > +ifeq ($(CONFIG_LIBXC_MINIOS),y) > +GUEST_SRCS-y += xc_dom_decompress_trusted.c > +GUEST_SRCS-y += xc_dom_decompress_trusted_bzip2.c > +GUEST_SRCS-y += xc_dom_decompress_trusted_lzma.c > +GUEST_SRCS-y += xc_dom_decompress_trusted_lzo1x.c > +GUEST_SRCS-y += xc_dom_decompress_trusted_xz.c > +else > +GUEST_SRCS-y += xc_dom_decompress.c > +endif > + > OSDEP_SRCS-y += xenctrl_osdep_ENOSYS.c > > -include $(XEN_TARGET_ARCH)/Makefile > diff -r efdc4bbfdd20 tools/libxc/xc_dom_decompress_trusted.c > --- /dev/null Thu Jan 01 00:00:00 1970 +0000 > +++ b/tools/libxc/xc_dom_decompress_trusted.c Tue Feb 26 23:20:22 2013 +0100 > @@ -0,0 +1,49 @@ > +#include <stdio.h> > +#include <stdlib.h> > +#include <inttypes.h> > + > +#include "xg_private.h" > +#include "xc_dom_decompress_trusted.h" > + > +struct xc_dom_image *trusted_dom; > +static unsigned char *output_blob; > +static unsigned int output_size; > + > +static void trusted_error(const char *msg) > +{ > + xc_dom_panic(trusted_dom->xch, XC_INVALID_KERNEL, "%s", msg); > +} > + > +static int trusted_flush(void *src, unsigned int size) > +{ > + void *n = realloc(output_blob, output_size + size); > + if (!n) > + return -1; > + output_blob = n; > + > + memcpy(&output_blob[output_size], src, size); > + output_size += size; > + return size; > +} > + > +int xc_dom_decompress_trusted_decompress( > + decompress_fn fn, struct xc_dom_image *dom, void **blob, size_t *size) > +{ > + int ret; > + > + trusted_dom = dom; > + output_blob = NULL; > + output_size = 0; > + > + ret = fn(dom->kernel_blob, dom->kernel_size, NULL, trusted_flush, NULL, NULL, trusted_error); > + > + if (ret) > + free(output_blob); > + else { > + *blob = output_blob; > + *size = output_size; > + } > + > + return ret; > +} > + > diff -r efdc4bbfdd20 tools/libxc/xc_dom_decompress_trusted.h > --- /dev/null Thu Jan 01 00:00:00 1970 +0000 > +++ b/tools/libxc/xc_dom_decompress_trusted.h Tue Feb 26 23:20:22 2013 +0100 > @@ -0,0 +1,12 @@ > +#include "xc_dom.h" > + > +typedef int decompress_fn(unsigned char *inbuf, unsigned int len, > + int (*fill)(void*, unsigned int), > + int (*flush)(void*, unsigned int), > + unsigned char *outbuf, unsigned int *posp, > + void (*error)(const char *x)); > + > +int xc_dom_decompress_trusted_decompress( > + decompress_fn fn, struct xc_dom_image *dom, void **blob, size_t *size) > + __attribute__((visibility("hidden"))); > + > diff -r efdc4bbfdd20 tools/libxc/xc_dom_decompress_trusted_bzip2.c > --- /dev/null Thu Jan 01 00:00:00 1970 +0000 > +++ b/tools/libxc/xc_dom_decompress_trusted_bzip2.c Tue Feb 26 23:20:22 2013 +0100 > @@ -0,0 +1,14 @@ > +#include <stdio.h> > +#include <stdlib.h> > +#include <inttypes.h> > + > +#include "xg_private.h" > +#include "xc_dom_decompress_trusted.h" > + > +#include "../../xen/common/bunzip2.c" > + > +int xc_try_bzip2_decode( > + struct xc_dom_image *dom, void **blob, size_t *size) > +{ > + return xc_dom_decompress_trusted_decompress(bunzip2, dom, blob, size); > +} > diff -r efdc4bbfdd20 tools/libxc/xc_dom_decompress_trusted_lzma.c > --- /dev/null Thu Jan 01 00:00:00 1970 +0000 > +++ b/tools/libxc/xc_dom_decompress_trusted_lzma.c Tue Feb 26 23:20:22 2013 +0100 > @@ -0,0 +1,14 @@ > +#include <stdio.h> > +#include <stdlib.h> > +#include <inttypes.h> > + > +#include "xg_private.h" > +#include "xc_dom_decompress_trusted.h" > + > +#include "../../xen/common/unlzma.c" > + > +int xc_try_lzma_decode( > + struct xc_dom_image *dom, void **blob, size_t *size) > +{ > + return xc_dom_decompress_trusted_decompress(unlzma, dom, blob, size); > +} > diff -r efdc4bbfdd20 tools/libxc/xc_dom_decompress_trusted_lzo1x.c > --- /dev/null Thu Jan 01 00:00:00 1970 +0000 > +++ b/tools/libxc/xc_dom_decompress_trusted_lzo1x.c Tue Feb 26 23:20:22 2013 +0100 > @@ -0,0 +1,15 @@ > +#include <stdio.h> > +#include <stdlib.h> > +#include <inttypes.h> > + > +#include "xg_private.h" > +#include "xc_dom_decompress_trusted.h" > + > +#include "../../xen/common/lzo.c" > +#include "../../xen/common/unlzo.c" > + > +int xc_try_lzo1x_decode( > + struct xc_dom_image *dom, void **blob, size_t *size) > +{ > + return xc_dom_decompress_trusted_decompress(unlzo, dom, blob, size); > +} > diff -r efdc4bbfdd20 tools/libxc/xc_dom_decompress_trusted_xz.c > --- /dev/null Thu Jan 01 00:00:00 1970 +0000 > +++ b/tools/libxc/xc_dom_decompress_trusted_xz.c Tue Feb 26 23:20:22 2013 +0100 > @@ -0,0 +1,17 @@ > +#include <stdio.h> > +#include <stdlib.h> > +#include <inttypes.h> > + > +#include "xg_private.h" > +#include "xc_dom_decompress_trusted.h" > + > +// TODO > +#define XZ_DEC_X86 > + > +#include "../../xen/common/unxz.c" > + > +int xc_try_xz_decode( > + struct xc_dom_image *dom, void **blob, size_t *size) > +{ > + return xc_dom_decompress_trusted_decompress(unxz, dom, blob, size); > +} > diff -r efdc4bbfdd20 xen/common/decompress.h > --- a/xen/common/decompress.h Tue Feb 26 19:42:36 2013 +0100 > +++ b/xen/common/decompress.h Tue Feb 26 23:20:22 2013 +0100 > @@ -1,3 +1,5 @@ > +#ifdef __XEN__ > + > #include <xen/config.h> > #include <xen/cache.h> > #include <xen/decompress.h> > @@ -15,3 +17,14 @@ > > #define large_malloc xmalloc_bytes > #define large_free xfree > + > +#else > + > +#define STATIC static > +#define INIT > +#define INITDATA > + > +#define large_malloc malloc > +#define large_free free > + > +#endif > diff -r efdc4bbfdd20 xen/common/lzo.c > --- a/xen/common/lzo.c Tue Feb 26 19:42:36 2013 +0100 > +++ b/xen/common/lzo.c Tue Feb 26 23:20:22 2013 +0100 > @@ -68,7 +68,19 @@ > * Richard Purdie <rpurdie@openedhand.com> > */ > > +#ifndef __MINIOS__ > #include <xen/types.h> > +#else > +#include <stdint.h> > + > +typedef uint32_t u32; > +typedef uint16_t u16; > + > +#define likely(a) a > +#define noinline > +#define unlikely(a) a > +#endif > + > #include <xen/lzo.h> > #define get_unaligned(_p) (*(_p)) > #define put_unaligned(_val,_p) (*(_p)=_val) > diff -r efdc4bbfdd20 xen/common/unlzma.c > --- a/xen/common/unlzma.c Tue Feb 26 19:42:36 2013 +0100 > +++ b/xen/common/unlzma.c Tue Feb 26 23:20:22 2013 +0100 > @@ -54,7 +54,9 @@ > * Copyright (c) 1999-2005 Igor Pavlov > */ > > +#ifndef __MINIOS__ > #include <xen/compiler.h> > +#endif > > #define LZMA_IOBUF_SIZE 0x10000 > > diff -r efdc4bbfdd20 xen/common/unlzo.c > --- a/xen/common/unlzo.c Tue Feb 26 19:42:36 2013 +0100 > +++ b/xen/common/unlzo.c Tue Feb 26 23:20:22 2013 +0100 > @@ -32,7 +32,43 @@ > > #include "decompress.h" > #include <xen/lzo.h> > + > +#ifndef __MINIOS__ > #include <asm/byteorder.h> > +#else > +#include <endian.h> > +#include <stdint.h> > + > +typedef uint8_t u8; > +typedef uint16_t u16; > +typedef uint32_t u32; > + > +static inline u16 be16_to_cpup(const u16 *p) > +{ > + u16 v = *p; > +#if BYTE_ORDER == LITTLE_ENDIAN > + return (((v & 0x00ffU) << 8) | > + ((v & 0xff00U) >> 8)); > +#else > + return v; > +#endif > +} > + > +static inline u32 be32_to_cpup(const u32 *p) > +{ > + u32 v = *p; > +#if BYTE_ORDER == LITTLE_ENDIAN > + return (((v & 0x000000ffUL) << 24) | > + ((v & 0x0000ff00UL) << 8) | > + ((v & 0x00ff0000UL) >> 8) | > + ((v & 0xff000000UL) >> 24)); > +#else > + return v; > +#endif > +} > + > +#define unlikely(a) a > +#endif > > #if 1 /* ndef CONFIG_??? */ > static inline u16 INIT get_unaligned_be16(void *p) > diff -r efdc4bbfdd20 xen/common/xz/private.h > --- a/xen/common/xz/private.h Tue Feb 26 19:42:36 2013 +0100 > +++ b/xen/common/xz/private.h Tue Feb 26 23:20:22 2013 +0100 > @@ -10,8 +10,53 @@ > #ifndef XZ_PRIVATE_H > #define XZ_PRIVATE_H > > +#ifndef __MINIOS__ > #include <xen/kernel.h> > #include <asm/byteorder.h> > +#else > +#include <endian.h> > +#include <stddef.h> > +#include <stdint.h> > + > +typedef char bool_t; > +typedef uint8_t u8; > +typedef uint16_t u16; > +typedef uint32_t u32; > +typedef uint32_t __le32; > + > +static inline u32 cpu_to_le32(const u32 v) > +{ > +#if BYTE_ORDER == BIG_ENDIAN > + return (((v & 0x000000ffUL) << 24) | > + ((v & 0x0000ff00UL) << 8) | > + ((v & 0x00ff0000UL) >> 8) | > + ((v & 0xff000000UL) >> 24)); > +#else > + return v; > +#endif > +} > + > +static inline u32 le32_to_cpup(const u32 *p) > +{ > + return cpu_to_le32(*p); > +} > + > +#define min(x,y) ({ \ > + const typeof(x) _x = (x); \ > + const typeof(y) _y = (y); \ > + (void) (&_x == &_y); \ > + _x < _y ? _x : _y; }) > + > +#define min_t(type,x,y) \ > + ({ type __x = (x); type __y = (y); __x < __y ? __x: __y; }) > +#define max_t(type,x,y) \ > + ({ type __x = (x); type __y = (y); __x > __y ? __x: __y; }) > + > +#define __force > +#define always_inline > + > +#endif > + > #define get_le32(p) le32_to_cpup((const uint32_t *)(p)) > > #if 1 /* ndef CONFIG_??? */
On Wed, Feb 27, 2013 at 12:17:07PM +0000, Ian Campbell wrote:> On Tue, 2013-02-26 at 22:32 +0000, Bastian Blank wrote: > > Add trusted decompressors based on hypervisor code. > > This are used in mini-os by pv-grub. > I think this is a reasonably pragmatic way to arrange the build.What should be fixed later: - Use standard types in the decompressors (this both extends compiler support and portability) - Remove stuff like always_inline (the compiler almost always knows better these days) What should be done now: - Drop bzip2 and lzma decoders. I have never seen bzip2 used anywhere because it is slow and lzma is replaced entirely by xz. - Fix the arch detection for the xz bcj decoders.> I''m not sure "trusted" is quite the right term though, these aren''t > really any more trustworthy than the library supplied ones -- they are > just more suitable for a mini-os environment.I used the term "trusted" because it should not be fed with untrusted input. So it should not be used in the normal libxenguest. In the case of pv-grub, all input is trusted as it runs in the same security domain. Bastian -- I''m frequently appalled by the low regard you Earthmen have for life. -- Spock, "The Galileo Seven", stardate 2822.3
On Wed, 2013-02-27 at 12:44 +0000, Bastian Blank wrote:> > I''m not sure "trusted" is quite the right term though, these aren''t > > really any more trustworthy than the library supplied ones -- they are > > just more suitable for a mini-os environment. > > I used the term "trusted" because it should not be fed with untrusted > input. So it should not be used in the normal libxenguest. In the case > of pv-grub, all input is trusted as it runs in the same security domain.That makes sense. Ian.
Add trusted decompressors based on hypervisor code.
This are used in mini-os by pv-grub.
Signed-off-by: Bastian Blank <waldi@debian.org>
diff -r 66f563be41d9 stubdom/Makefile
--- a/stubdom/Makefile Tue Feb 19 10:49:53 2013 +0100
+++ b/stubdom/Makefile Sat Mar 02 20:39:25 2013 +0100
@@ -328,7 +328,7 @@
.PHONY: libxc
libxc: libxc-$(XEN_TARGET_ARCH)/libxenctrl.a
libxc-$(XEN_TARGET_ARCH)/libxenguest.a
libxc-$(XEN_TARGET_ARCH)/libxenctrl.a: cross-zlib
- CPPFLAGS="$(TARGET_CPPFLAGS)" CFLAGS="$(TARGET_CFLAGS)"
$(MAKE) DESTDIR= -C libxc-$(XEN_TARGET_ARCH)
+ CPPFLAGS="$(TARGET_CPPFLAGS)" CFLAGS="$(TARGET_CFLAGS)"
$(MAKE) DESTDIR= CONFIG_LIBXC_MINIOS=y -C libxc-$(XEN_TARGET_ARCH)
libxc-$(XEN_TARGET_ARCH)/libxenguest.a: libxc-$(XEN_TARGET_ARCH)/libxenctrl.a
diff -r 66f563be41d9 tools/libxc/Makefile
--- a/tools/libxc/Makefile Tue Feb 19 10:49:53 2013 +0100
+++ b/tools/libxc/Makefile Sat Mar 02 20:39:25 2013 +0100
@@ -68,6 +68,14 @@
GUEST_SRCS-$(CONFIG_ARM) += xc_dom_arm.c
GUEST_SRCS-$(CONFIG_ARM) += xc_hvm_build_arm.c
+ifeq ($(CONFIG_LIBXC_MINIOS),y)
+GUEST_SRCS-y += xc_dom_decompress_trusted.c
+GUEST_SRCS-y += xc_dom_decompress_trusted_bzip2.c
+GUEST_SRCS-y += xc_dom_decompress_trusted_lzma.c
+GUEST_SRCS-y += xc_dom_decompress_trusted_lzo1x.c
+GUEST_SRCS-y += xc_dom_decompress_trusted_xz.c
+endif
+
OSDEP_SRCS-y += xenctrl_osdep_ENOSYS.c
-include $(XEN_TARGET_ARCH)/Makefile
diff -r 66f563be41d9 tools/libxc/xc_dom_bzimageloader.c
--- a/tools/libxc/xc_dom_bzimageloader.c Tue Feb 19 10:49:53 2013 +0100
+++ b/tools/libxc/xc_dom_bzimageloader.c Sat Mar 02 20:39:25 2013 +0100
@@ -35,6 +35,8 @@
#include "xg_private.h"
#include "xc_dom.h"
+#ifndef __MINIOS__
+
#if defined(HAVE_BZLIB)
#include <bzlib.h>
@@ -562,6 +564,15 @@
#endif
+#else /* __MINIOS__ */
+
+int xc_try_bzip2_decode(struct xc_dom_image *dom, void **blob, size_t *size);
+int xc_try_lzma_decode(struct xc_dom_image *dom, void **blob, size_t *size);
+int xc_try_lzo1x_decode(struct xc_dom_image *dom, void **blob, size_t *size);
+int xc_try_xz_decode(struct xc_dom_image *dom, void **blob, size_t *size);
+
+#endif /* !__MINIOS__ */
+
struct setup_header {
uint8_t _pad0[0x1f1]; /* skip uninteresting stuff */
uint8_t setup_sects;
diff -r 66f563be41d9 tools/libxc/xc_dom_decompress_trusted.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tools/libxc/xc_dom_decompress_trusted.c Sat Mar 02 20:39:25 2013 +0100
@@ -0,0 +1,49 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <inttypes.h>
+
+#include "xg_private.h"
+#include "xc_dom_decompress_trusted.h"
+
+static struct xc_dom_image *trusted_dom;
+static unsigned char *output_blob;
+static unsigned int output_size;
+
+static void trusted_error(const char *msg)
+{
+ xc_dom_panic(trusted_dom->xch, XC_INVALID_KERNEL, "%s", msg);
+}
+
+static int trusted_flush(void *src, unsigned int size)
+{
+ void *n = realloc(output_blob, output_size + size);
+ if (!n)
+ return -1;
+ output_blob = n;
+
+ memcpy(&output_blob[output_size], src, size);
+ output_size += size;
+ return size;
+}
+
+int xc_dom_decompress_trusted(
+ decompress_fn fn, struct xc_dom_image *dom, void **blob, size_t *size)
+{
+ int ret;
+
+ trusted_dom = dom;
+ output_blob = NULL;
+ output_size = 0;
+
+ ret = fn(dom->kernel_blob, dom->kernel_size, NULL, trusted_flush,
NULL, NULL, trusted_error);
+
+ if (ret)
+ free(output_blob);
+ else {
+ *blob = output_blob;
+ *size = output_size;
+ }
+
+ return ret;
+}
+
diff -r 66f563be41d9 tools/libxc/xc_dom_decompress_trusted.h
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tools/libxc/xc_dom_decompress_trusted.h Sat Mar 02 20:39:25 2013 +0100
@@ -0,0 +1,21 @@
+#include "xc_dom.h"
+
+typedef int decompress_fn(unsigned char *inbuf, unsigned int len,
+ int (*fill)(void*, unsigned int),
+ int (*flush)(void*, unsigned int),
+ unsigned char *outbuf, unsigned int *posp,
+ void (*error)(const char *x));
+
+int xc_dom_decompress_trusted(
+ decompress_fn fn, struct xc_dom_image *dom, void **blob, size_t *size)
+ __attribute__((visibility("internal")));
+
+int xc_try_bzip2_decode(struct xc_dom_image *dom, void **blob, size_t *size)
+ __attribute__((visibility("internal")));
+int xc_try_lzma_decode(struct xc_dom_image *dom, void **blob, size_t *size)
+ __attribute__((visibility("internal")));
+int xc_try_lzo1x_decode(struct xc_dom_image *dom, void **blob, size_t *size)
+ __attribute__((visibility("internal")));
+int xc_try_xz_decode(struct xc_dom_image *dom, void **blob, size_t *size)
+ __attribute__((visibility("internal")));
+
diff -r 66f563be41d9 tools/libxc/xc_dom_decompress_trusted_bzip2.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tools/libxc/xc_dom_decompress_trusted_bzip2.c Sat Mar 02 20:39:25 2013
+0100
@@ -0,0 +1,14 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <inttypes.h>
+
+#include "xg_private.h"
+#include "xc_dom_decompress_trusted.h"
+
+#include "../../xen/common/bunzip2.c"
+
+int xc_try_bzip2_decode(
+ struct xc_dom_image *dom, void **blob, size_t *size)
+{
+ return xc_dom_decompress_trusted(bunzip2, dom, blob, size);
+}
diff -r 66f563be41d9 tools/libxc/xc_dom_decompress_trusted_lzma.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tools/libxc/xc_dom_decompress_trusted_lzma.c Sat Mar 02 20:39:25 2013
+0100
@@ -0,0 +1,14 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <inttypes.h>
+
+#include "xg_private.h"
+#include "xc_dom_decompress_trusted.h"
+
+#include "../../xen/common/unlzma.c"
+
+int xc_try_lzma_decode(
+ struct xc_dom_image *dom, void **blob, size_t *size)
+{
+ return xc_dom_decompress_trusted(unlzma, dom, blob, size);
+}
diff -r 66f563be41d9 tools/libxc/xc_dom_decompress_trusted_lzo1x.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tools/libxc/xc_dom_decompress_trusted_lzo1x.c Sat Mar 02 20:39:25 2013
+0100
@@ -0,0 +1,15 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <inttypes.h>
+
+#include "xg_private.h"
+#include "xc_dom_decompress_trusted.h"
+
+#include "../../xen/common/lzo.c"
+#include "../../xen/common/unlzo.c"
+
+int xc_try_lzo1x_decode(
+ struct xc_dom_image *dom, void **blob, size_t *size)
+{
+ return xc_dom_decompress_trusted(unlzo, dom, blob, size);
+}
diff -r 66f563be41d9 tools/libxc/xc_dom_decompress_trusted_xz.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tools/libxc/xc_dom_decompress_trusted_xz.c Sat Mar 02 20:39:25 2013 +0100
@@ -0,0 +1,17 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <inttypes.h>
+
+#include "xg_private.h"
+#include "xc_dom_decompress_trusted.h"
+
+// TODO
+#define XZ_DEC_X86
+
+#include "../../xen/common/unxz.c"
+
+int xc_try_xz_decode(
+ struct xc_dom_image *dom, void **blob, size_t *size)
+{
+ return xc_dom_decompress_trusted(unxz, dom, blob, size);
+}
diff -r 66f563be41d9 xen/common/decompress.h
--- a/xen/common/decompress.h Tue Feb 19 10:49:53 2013 +0100
+++ b/xen/common/decompress.h Sat Mar 02 20:39:25 2013 +0100
@@ -1,3 +1,5 @@
+#ifdef __XEN__
+
#include <xen/config.h>
#include <xen/cache.h>
#include <xen/decompress.h>
@@ -15,3 +17,14 @@
#define large_malloc xmalloc_bytes
#define large_free xfree
+
+#else
+
+#define STATIC static
+#define INIT
+#define INITDATA
+
+#define large_malloc malloc
+#define large_free free
+
+#endif
diff -r 66f563be41d9 xen/common/lzo.c
--- a/xen/common/lzo.c Tue Feb 19 10:49:53 2013 +0100
+++ b/xen/common/lzo.c Sat Mar 02 20:39:25 2013 +0100
@@ -68,7 +68,19 @@
* Richard Purdie <rpurdie@openedhand.com>
*/
+#ifdef __XEN__
#include <xen/types.h>
+#else
+#include <stdint.h>
+
+typedef uint32_t u32;
+typedef uint16_t u16;
+
+#define likely(a) a
+#define noinline
+#define unlikely(a) a
+#endif
+
#include <xen/lzo.h>
#define get_unaligned(_p) (*(_p))
#define put_unaligned(_val,_p) (*(_p)=_val)
diff -r 66f563be41d9 xen/common/unlzma.c
--- a/xen/common/unlzma.c Tue Feb 19 10:49:53 2013 +0100
+++ b/xen/common/unlzma.c Sat Mar 02 20:39:25 2013 +0100
@@ -54,7 +54,9 @@
* Copyright (c) 1999-2005 Igor Pavlov
*/
+#ifdef __XEN__
#include <xen/compiler.h>
+#endif
#define LZMA_IOBUF_SIZE 0x10000
diff -r 66f563be41d9 xen/common/unlzo.c
--- a/xen/common/unlzo.c Tue Feb 19 10:49:53 2013 +0100
+++ b/xen/common/unlzo.c Sat Mar 02 20:39:25 2013 +0100
@@ -32,7 +32,43 @@
#include "decompress.h"
#include <xen/lzo.h>
+
+#ifdef __XEN__
#include <asm/byteorder.h>
+#else
+#include <endian.h>
+#include <stdint.h>
+
+typedef uint8_t u8;
+typedef uint16_t u16;
+typedef uint32_t u32;
+
+static inline u16 be16_to_cpup(const u16 *p)
+{
+ u16 v = *p;
+#if BYTE_ORDER == LITTLE_ENDIAN
+ return (((v & 0x00ffU) << 8) |
+ ((v & 0xff00U) >> 8));
+#else
+ return v;
+#endif
+}
+
+static inline u32 be32_to_cpup(const u32 *p)
+{
+ u32 v = *p;
+#if BYTE_ORDER == LITTLE_ENDIAN
+ return (((v & 0x000000ffUL) << 24) |
+ ((v & 0x0000ff00UL) << 8) |
+ ((v & 0x00ff0000UL) >> 8) |
+ ((v & 0xff000000UL) >> 24));
+#else
+ return v;
+#endif
+}
+
+#define unlikely(a) a
+#endif
#if 1 /* ndef CONFIG_??? */
static inline u16 INIT get_unaligned_be16(void *p)
diff -r 66f563be41d9 xen/common/xz/private.h
--- a/xen/common/xz/private.h Tue Feb 19 10:49:53 2013 +0100
+++ b/xen/common/xz/private.h Sat Mar 02 20:39:25 2013 +0100
@@ -10,8 +10,53 @@
#ifndef XZ_PRIVATE_H
#define XZ_PRIVATE_H
+#ifdef __XEN__
#include <xen/kernel.h>
#include <asm/byteorder.h>
+#else
+#include <endian.h>
+#include <stddef.h>
+#include <stdint.h>
+
+typedef char bool_t;
+typedef uint8_t u8;
+typedef uint16_t u16;
+typedef uint32_t u32;
+typedef uint32_t __le32;
+
+static inline u32 cpu_to_le32(const u32 v)
+{
+#if BYTE_ORDER == BIG_ENDIAN
+ return (((v & 0x000000ffUL) << 24) |
+ ((v & 0x0000ff00UL) << 8) |
+ ((v & 0x00ff0000UL) >> 8) |
+ ((v & 0xff000000UL) >> 24));
+#else
+ return v;
+#endif
+}
+
+static inline u32 le32_to_cpup(const u32 *p)
+{
+ return cpu_to_le32(*p);
+}
+
+#define min(x,y) ({ \
+ const typeof(x) _x = (x); \
+ const typeof(y) _y = (y); \
+ (void) (&_x == &_y); \
+ _x < _y ? _x : _y; })
+
+#define min_t(type,x,y) \
+ ({ type __x = (x); type __y = (y); __x < __y ? __x: __y; })
+#define max_t(type,x,y) \
+ ({ type __x = (x); type __y = (y); __x > __y ? __x: __y; })
+
+#define __force
+#define always_inline
+
+#endif
+
#define get_le32(p) le32_to_cpup((const uint32_t *)(p))
#if 1 /* ndef CONFIG_??? */
On Wed, Feb 27, 2013 at 12:44 PM, Bastian Blank <waldi@debian.org> wrote:>> I''m not sure "trusted" is quite the right term though, these aren''t >> really any more trustworthy than the library supplied ones -- they are >> just more suitable for a mini-os environment. > > I used the term "trusted" because it should not be fed with untrusted > input. So it should not be used in the normal libxenguest. In the case > of pv-grub, all input is trusted as it runs in the same security domain.So it''s not the decompressors you trust, but the data that you trust? "Trusted decompressors" definitely means that the decompressors themselves are more trustworthy somehow; "trusting decompressors" would be a more accurate description. ;-) What I''m afraid of is that if people see "trusted decompressors", they will interpret it in exactly the opposite way -- i.e.,, they will think that the decompressors can be trusted to deal with untrusted data, perhaps because they do input sanitation or are designed to be robust against malformed data. Maybe change the comment to say "Add decompressors for trusted data based on hypervisor code", and a brief comment to each file describing what "trusted" means? -George
At 10:33 +0000 on 04 Mar (1362393222), George Dunlap wrote:> On Wed, Feb 27, 2013 at 12:44 PM, Bastian Blank <waldi@debian.org> wrote: > >> I''m not sure "trusted" is quite the right term though, these aren''t > >> really any more trustworthy than the library supplied ones -- they are > >> just more suitable for a mini-os environment. > > > > I used the term "trusted" because it should not be fed with untrusted > > input. So it should not be used in the normal libxenguest. In the case > > of pv-grub, all input is trusted as it runs in the same security domain. > > So it''s not the decompressors you trust, but the data that you trust? > > "Trusted decompressors" definitely means that the decompressors > themselves are more trustworthy somehow; "trusting decompressors" > would be a more accurate description. ;-)Yeah, I don''t think "trusted" is quite the right word here. I would be inclined to use "unsafe" instead, to make it clear that the caller had better sanitize the input, or not care about unwanted side-effects. (Generally, I think using "trusted" to mean "relied upon to preserve invariants" is a more useful way of thinking than the common meaning of something like "bug-free". But this isn''t quite that either.) Cheers, Tim.
On Mon, 2013-03-04 at 11:02 +0000, Tim Deegan wrote:> At 10:33 +0000 on 04 Mar (1362393222), George Dunlap wrote: > > On Wed, Feb 27, 2013 at 12:44 PM, Bastian Blank <waldi@debian.org> wrote: > > >> I''m not sure "trusted" is quite the right term though, these aren''t > > >> really any more trustworthy than the library supplied ones -- they are > > >> just more suitable for a mini-os environment. > > > > > > I used the term "trusted" because it should not be fed with untrusted > > > input. So it should not be used in the normal libxenguest. In the case > > > of pv-grub, all input is trusted as it runs in the same security domain. > > > > So it''s not the decompressors you trust, but the data that you trust? > > > > "Trusted decompressors" definitely means that the decompressors > > themselves are more trustworthy somehow; "trusting decompressors" > > would be a more accurate description. ;-) > > Yeah, I don''t think "trusted" is quite the right word here. I would be > inclined to use "unsafe" instead, to make it clear that the caller had > better sanitize the input, or not care about unwanted side-effects.yes, "unsafe" is probably a better word. This is probably almost as simple as running sed on the patch to implement. Ian.
Matt Wilson
2013-Sep-10 18:51 UTC
Re: [PATCH] pv-grub: Support bzip2, xz and lzo compressed kernels
On Fri, Jan 04, 2013 at 12:43:43PM +0000, Ian Campbell wrote:> On Fri, 2013-01-04 at 12:15 +0000, Samuel Thibault wrote: > > Ian Campbell, le Fri 04 Jan 2013 11:56:33 +0000, a écrit : > > > +BZIP2_STAMPFILE=$(CROSS_ROOT)/$(GNU_TARGET_ARCH)-xen-elf/lib/libbz2.a > > > +.PHONY: cross-bzip2 > > > +cross-bzip2: $(BZIP2_STAMPFILE) > > > +$(BZIP2_STAMPFILE): bzip2-$(XEN_TARGET_ARCH) $(NEWLIB_STAMPFILE) > > > + ( cd $< && \ > > > + $(MAKE) DESTDIR= libbz2.a && \ > > > + $(INSTALL_DATA) libbz2.a $(CROSS_PREFIX)/$(GNU_TARGET_ARCH)-xen-elf/lib/ && \ > > > + $(INSTALL_DATA) bzlib.h $(CROSS_PREFIX)/$(GNU_TARGET_ARCH)-xen-elf/include/ \ > > > + ) > > > > This is missing the cross-compilation flags, isn''t it? > > Oops, yes, I cut them out with the unneeded configure by mistake! > > 8<---------------------------------------- > > From d7116c4f19c54613f28a3bd44c84fef1b3340a1e Mon Sep 17 00:00:00 2001 > From: Ian Campbell <ian.campbell@citrix.com> > Date: Fri, 4 Jan 2013 11:37:31 +0000 > Subject: [PATCH] pv-grub: Support bzip2, xz and lzo compressed kernels > > xz compressed kernels seem to be what we are starting to see in the > wild, but we may as well support everything that libxc does in > pv-grub. > > Also update the zlib library to the latest version > > Signed-off-by: Ian Campbell <ian.campbell@citrix.com>Ian, this doesn''t seem to have been committed. This looks good, and Ben has tested booting lzo, xz and bz2 compressed kernels using PV-GRUB with this patch applied. Reviewed-by: Matt Wilson <msw@amazon.com> Tested-by: Ben Cressey <bcressey@amazon.com>> Cc: waldi@debian.org > --- > v2: Pass cross-compile flags to bzip2 build. > > This is only build tested as I don''t have a convenient pv-grub setup > at the moment. > > As well as committing the committer should fetch the following URLs > to xenbits.xen.org:/var/xenbits-www/html/xen-extfiles > - http://www.zlib.net/zlib-1.2.7.tar.gz > - http://www.bzip.org/1.0.6/bzip2-1.0.6.tar.gz > md5sum 00b516f4704d4a7cb50a1d97e6e8e15b > - http://tukaani.org/xz/xz-5.0.4.tar.bz2 > http://tukaani.org/xz/xz-5.0.4.tar.bz2.sig > - http://www.oberhumer.com/opensource/lzo/download/lzo-2.06.tar.gz > --- > .gitignore | 3 ++ > .hgignore | 3 ++ > extras/mini-os/Makefile | 3 ++ > stubdom/Makefile | 84 +++++++++++++++++++++++++++++++++++++++++++++-- > stubdom/bzip2.patch | 11 ++++++ > stubdom/grub/kexec.c | 6 +++ > 6 files changed, 107 insertions(+), 3 deletions(-) > create mode 100644 stubdom/bzip2.patch > > diff --git a/.gitignore b/.gitignore > index f71cff8..a95183a 100644 > --- a/.gitignore > +++ b/.gitignore > @@ -107,6 +107,9 @@ stubdom/newlib-1.* > stubdom/newlib-x86* > stubdom/pciutils-* > stubdom/zlib-* > +stubdom/bzip2-* > +stubdom/xz-* > +stubdom/lzo-* > stubdom/grub-* > stubdom/ocaml-* > stubdom/lwip/ > diff --git a/.hgignore b/.hgignore > index 344792a..044a88a 100644 > --- a/.hgignore > +++ b/.hgignore > @@ -102,6 +102,9 @@ > ^stubdom/newlib-.*$ > ^stubdom/pciutils-.*$ > ^stubdom/zlib-.*$ > +^stubdom/bzip2-.*$ > +^stubdom/xz-.*$ > +^stubdom/lzo-.*$ > ^stubdom/grub-.*$ > ^stubdom/ocaml-.*$ > ^stubdom/lwip/ > diff --git a/extras/mini-os/Makefile b/extras/mini-os/Makefile > index 2302a23..717b209 100644 > --- a/extras/mini-os/Makefile > +++ b/extras/mini-os/Makefile > @@ -159,6 +159,9 @@ APP_LDLIBS += -L$(XEN_ROOT)/stubdom/libxc-$(XEN_TARGET_ARCH) -whole-archive -lxe > endif > APP_LDLIBS += -lpci > APP_LDLIBS += -lz > +APP_LDLIBS += -lbz2 > +APP_LDLIBS += -llzma > +APP_LDLIBS += -llzo2 > APP_LDLIBS += -lm > LDLIBS += -lc > endif > diff --git a/stubdom/Makefile b/stubdom/Makefile > index 50ba360..c85dea2 100644 > --- a/stubdom/Makefile > +++ b/stubdom/Makefile > @@ -9,7 +9,19 @@ include $(XEN_ROOT)/Config.mk > > #ZLIB_URL?=http://www.zlib.net > ZLIB_URL=$(XEN_EXTFILES_URL) > -ZLIB_VERSION=1.2.3 > +ZLIB_VERSION=1.2.7 > + > +#BZIP2_URL?=http://www.bzip.org/$(BZIP2_VERSION) > +BZIP2_URL=$(XEN_EXTFILES_URL) > +BZIP2_VERSION=1.0.6 > + > +#XZ_URL?=http://tukaani.org/xz > +XZ_URL=$(XEN_EXTFILES_URL) > +XZ_VERSION=5.0.4 > + > +#LZO_URL?=http://www.oberhumer.com/opensource/lzo/download > +LZO_URL=$(XEN_EXTFILES_URL) > +LZO_VERSION=2.06 > > #LIBPCI_URL?=http://www.kernel.org/pub/software/utils/pciutils > LIBPCI_URL?=$(XEN_EXTFILES_URL) > @@ -134,6 +146,69 @@ $(ZLIB_STAMPFILE): zlib-$(XEN_TARGET_ARCH) $(NEWLIB_STAMPFILE) > $(MAKE) DESTDIR= libz.a && \ > $(MAKE) DESTDIR= install ) > > +############ > +# Cross-bzip2 > +############ > + > +bzip2-$(BZIP2_VERSION).tar.gz: > + $(WGET) $(BZIP2_URL)/$@ > + > +bzip2-$(XEN_TARGET_ARCH): bzip2-$(BZIP2_VERSION).tar.gz > + tar xzf $< > + mv bzip2-$(BZIP2_VERSION) $@ > + patch -d $@ -p1 < bzip2.patch > + > +BZIP2_STAMPFILE=$(CROSS_ROOT)/$(GNU_TARGET_ARCH)-xen-elf/lib/libbz2.a > +.PHONY: cross-bzip2 > +cross-bzip2: $(BZIP2_STAMPFILE) > +$(BZIP2_STAMPFILE): bzip2-$(XEN_TARGET_ARCH) $(NEWLIB_STAMPFILE) > + ( cd $< && \ > + $(MAKE) CROSS_CFLAGS="$(TARGET_CPPFLAGS) $(TARGET_CFLAGS) -DBZ_NO_STDIO" CC=$(CC) DESTDIR= libbz2.a && \ > + $(INSTALL_DATA) libbz2.a $(CROSS_PREFIX)/$(GNU_TARGET_ARCH)-xen-elf/lib/ && \ > + $(INSTALL_DATA) bzlib.h $(CROSS_PREFIX)/$(GNU_TARGET_ARCH)-xen-elf/include/ \ > + ) > + > +############## > +# Cross-xz > +############## > + > +xz-$(XZ_VERSION).tar.bz2: > + $(WGET) $(XZ_URL)/$@ > + > +xz-$(XEN_TARGET_ARCH): xz-$(XZ_VERSION).tar.bz2 > + tar xjf $< > + mv xz-$(XZ_VERSION) $@ > + > +XZ_STAMPFILE=$(CROSS_ROOT)/$(GNU_TARGET_ARCH)-xen-elf/lib/liblzma.a > +.PHONY: cross-xz > +cross-xz: $(XZ_STAMPFILE) > +$(XZ_STAMPFILE): xz-$(XEN_TARGET_ARCH) $(NEWLIB_STAMPFILE) > + ( cd $< && \ > + CFLAGS="$(TARGET_CPPFLAGS) $(TARGET_CFLAGS)" CC=$(CC) ./configure --prefix=$(CROSS_PREFIX)/$(GNU_TARGET_ARCH)-xen-elf && \ > + cd src/liblzma && \ > + $(MAKE) DESTDIR= liblzma.la && \ > + $(MAKE) DESTDIR= install ) > + > +############## > +# Cross-lzo > +############## > + > +lzo-$(LZO_VERSION).tar.gz: > + $(WGET) $(LZO_URL)/$@ > + > +lzo-$(XEN_TARGET_ARCH): lzo-$(LZO_VERSION).tar.gz > + tar xzf $< > + mv lzo-$(LZO_VERSION) $@ > + > +LZO_STAMPFILE=$(CROSS_ROOT)/$(GNU_TARGET_ARCH)-xen-elf/lib/liblzo2.a > +.PHONY: cross-lzo > +cross-lzo: $(LZO_STAMPFILE) > +$(LZO_STAMPFILE): lzo-$(XEN_TARGET_ARCH) $(NEWLIB_STAMPFILE) > + ( cd $< && \ > + CFLAGS="$(TARGET_CPPFLAGS) $(TARGET_CFLAGS)" CC=$(CC) ./configure --prefix=$(CROSS_PREFIX)/$(GNU_TARGET_ARCH)-xen-elf && \ > + $(MAKE) DESTDIR= src/liblzo2.la && \ > + $(MAKE) DESTDIR= install-libLTLIBRARIES install-pkgincludeHEADERS ) > + > ############## > # Cross-libpci > ############## > @@ -281,10 +356,13 @@ $(TARGETS_MINIOS): mini-os-%: > > .PHONY: libxc > libxc: libxc-$(XEN_TARGET_ARCH)/libxenctrl.a libxc-$(XEN_TARGET_ARCH)/libxenguest.a > -libxc-$(XEN_TARGET_ARCH)/libxenctrl.a: cross-zlib > +libxc-$(XEN_TARGET_ARCH)/libxenctrl.a: TARGET_CFLAGS += -DHAVE_BZLIB > +libxc-$(XEN_TARGET_ARCH)/libxenctrl.a: TARGET_CFLAGS += -DHAVE_LZMA > +libxc-$(XEN_TARGET_ARCH)/libxenctrl.a: TARGET_CFLAGS += -DHAVE_LZO1X > +libxc-$(XEN_TARGET_ARCH)/libxenctrl.a: cross-zlib cross-bzip2 cross-xz cross-lzo > CPPFLAGS="$(TARGET_CPPFLAGS)" CFLAGS="$(TARGET_CFLAGS)" $(MAKE) DESTDIR= -C libxc-$(XEN_TARGET_ARCH) > > - libxc-$(XEN_TARGET_ARCH)/libxenguest.a: libxc-$(XEN_TARGET_ARCH)/libxenctrl.a > +libxc-$(XEN_TARGET_ARCH)/libxenguest.a: libxc-$(XEN_TARGET_ARCH)/libxenctrl.a > > ####### > # ioemu > diff --git a/stubdom/bzip2.patch b/stubdom/bzip2.patch > new file mode 100644 > index 0000000..2eb0416 > --- /dev/null > +++ b/stubdom/bzip2.patch > @@ -0,0 +1,11 @@ > +--- bzip2-x86_64.orig/Makefile 2013-01-04 10:56:57.000000000 +0000 > ++++ bzip2-x86_64/Makefile 2013-01-04 10:57:06.000000000 +0000 > +@@ -21,7 +21,7 @@ > + LDFLAGS> + > + BIGFILES=-D_FILE_OFFSET_BITS=64 > +-CFLAGS=-Wall -Winline -O2 -g $(BIGFILES) > ++CFLAGS=$(CROSS_CFLAGS) -Wall -Winline -O2 -g $(BIGFILES) > + > + # Where you want it installed when you do ''make install'' > + PREFIX=/usr/local > diff --git a/stubdom/grub/kexec.c b/stubdom/grub/kexec.c > index b21c91a..9d10d32 100644 > --- a/stubdom/grub/kexec.c > +++ b/stubdom/grub/kexec.c > @@ -54,6 +54,12 @@ static unsigned long allocated; > int pin_table(xc_interface *xc_handle, unsigned int type, unsigned long mfn, > domid_t dom); > > +/* Required by libbz2 */ > +void bz_internal_error(int errcode) > +{ > + printk("BZIP2: Internal Error %d", __FUNCTION__); > +} > + > /* We need mfn to appear as target_pfn, so exchange with the MFN there */ > static void do_exchange(struct xc_dom_image *dom, xen_pfn_t target_pfn, xen_pfn_t source_mfn) > {
Bastian Blank
2013-Sep-10 19:05 UTC
Re: [PATCH] pv-grub: Support bzip2, xz and lzo compressed kernels
On Tue, Sep 10, 2013 at 11:51:26AM -0700, Matt Wilson wrote:> Ian, this doesn''t seem to have been committed. This looks good, and > Ben has tested booting lzo, xz and bz2 compressed kernels using > PV-GRUB with this patch applied.Because this was superseeded by a completely different patch. What reminds me: zlib may go to. Bastian -- Those who hate and fight must stop themselves -- otherwise it is not stopped. -- Spock, "Day of the Dove", stardate unknown
Matt Wilson
2013-Sep-10 19:14 UTC
Re: [PATCH] pv-grub: Support bzip2, xz and lzo compressed kernels
On Tue, Sep 10, 2013 at 09:05:04PM +0200, Bastian Blank wrote:> On Tue, Sep 10, 2013 at 11:51:26AM -0700, Matt Wilson wrote: > > Ian, this doesn''t seem to have been committed. This looks good, and > > Ben has tested booting lzo, xz and bz2 compressed kernels using > > PV-GRUB with this patch applied. > > Because this was superseeded by a completely different patch.Aah, this one: http://xenbits.xen.org/gitweb/?p=xen.git;a=commitdiff;h=592d3ef9 Makes sense. --msw