Commit Graph

112 Commits

Author SHA1 Message Date
Lasse Collin 689ae24273 liblzma: Remove ifunc support.
This is *NOT* done for security reasons even though the backdoor
relied on the ifunc code. Instead, the reason is that in this
project ifunc provides little benefits but it's quite a bit of
extra code to support it. The only case where ifunc *might* matter
for performance is if the CRC functions are used directly by an
application. In normal compression use it's completely irrelevant.
2024-04-09 18:22:27 +03:00
Lasse Collin e93e13c8b3 Remove the backdoor found in 5.6.0 and 5.6.1 (CVE-2024-3094).
While the backdoor was inactive (and thus harmless) without inserting
a small trigger code into the build system when the source package was
created, it's good to remove this anyway:

  - The executable payloads were embedded as binary blobs in
    the test files. This was a blatant violation of the
    Debian Free Software Guidelines.

  - On machines that see lots bots poking at the SSH port, the backdoor
    noticeably increased CPU load, resulting in degraded user experience
    and thus overwhelmingly negative user feedback.

  - The maintainer who added the backdoor has disappeared.

  - Backdoors are bad for security.

This reverts the following without making any other changes:

6e636819 Tests: Update two test files.
a3a29bbd Tests: Test --single-stream can decompress bad-3-corrupt_lzma2.xz.
0b4ccc91 Tests: Update RISC-V test files.
8c9b8b20 liblzma: Fix typos in crc32_fast.c and crc64_fast.c.
82ecc538 liblzma: Fix false Valgrind error report with GCC.
cf44e4b7 Tests: Add a few test files.
3060e107 Tests: Use smaller dictionary size in RISC-V test files.
e2870db5 Tests: Add two RISC-V Filter test files.

The RISC-V test files also have real content that tests the filter
but the real content would fit into much smaller files. A generator
program would need to be available as well.

Thanks to Andres Freund for finding and reporting it and making
it public quickly so others could act without a delay.
See: https://www.openwall.com/lists/oss-security/2024/03/29/4
2024-04-09 17:57:39 +03:00
Jia Tan 8c9b8b2063 liblzma: Fix typos in crc32_fast.c and crc64_fast.c. 2024-03-09 09:52:32 +08:00
Jia Tan 82ecc53819 liblzma: Fix false Valgrind error report with GCC.
With GCC and a certain combination of flags, Valgrind will falsely
trigger an invalid write. This appears to be due to the omission of
instructions to properly save, set up, and restore the frame pointer.

The IFUNC resolver is a leaf function since it only calls a function
that is inlined. So sometimes GCC omits the frame pointer instructions
in the resolver unless this optimization is explictly disabled.

This fixes https://bugzilla.redhat.com/show_bug.cgi?id=2267598.
2024-03-09 09:20:57 +08:00
Jia Tan 72d2933bfa liblzma: Use attribute no_profile_instrument_function with ifunc.
Thanks to Sam James for determining this was the attribute needed to
workaround the GCC bug and for his version of the patch in Gentoo.
2024-03-05 01:54:30 +08:00
Lasse Collin b941549573 liblzma: Include the SPDX license identifier 0BSD to generated files.
Perhaps the generated files aren't even copyrightable but
using the same license for them as for the rest of the liblzma
keeps things more consistent for tools that look for license info.
2024-02-14 18:31:16 +02:00
Lasse Collin 22af94128b Add SPDX license identifier into 0BSD source code files. 2024-02-14 18:31:16 +02:00
Lasse Collin 689e0228ba Change most public domain parts to 0BSD.
Translations and doc/xz-file-format.txt and doc/lzma-file-format.txt
were not touched.

COPYING.0BSD was added.
2024-02-14 18:31:12 +02:00
Lasse Collin 76946dc433 Fix SHA-256 authors.
The initial commit 5d018dc035
in 2007 had a comment in sha256.c that the code is based on
Crypto++ Library 5.5.1. In 2009 the Authors list in sha256.c
and the AUTHORS file was updated with information that the
code had come from Crypto++ but via 7-Zip. I know I had viewed
7-Zip's SHA-256 code but back then the C code has been identical
enough with Crypto++, so I don't why I thought the author info
would need that extra step via 7-Zip for this single file.

Another error is that I had mixed sha.* and shacal2.* files
when checking for author info in Crypto++. The shacal2.* files
aren't related to liblzma's sha256.c and thus Kevin Springle's
code in Crypto++ isn't either.
2024-02-14 15:23:00 +02:00
Jia Tan adb073da76 liblzma: Fix typo discovered by codespell. 2024-02-09 23:59:54 +08:00
Jia Tan 7f68a68c19 liblzma: Update Authors list in crc32_arm64.h. 2024-02-02 01:38:51 +08:00
Jia Tan 97f9ba50b8 liblzma: Check HAVE_USABLE_CLMUL before omitting CRC32 table.
This was split from the prior commit so it could be easily applied to
the 5.4 branch.

Closes: https://github.com/tukaani-project/xz/pull/77
2024-02-01 20:09:11 +08:00
Jia Tan ca9015f4de liblzma: Check HAVE_USABLE_CLMUL before omitting CRC64 table.
If liblzma is configured with --disable-clmul-crc
CFLAGS="-msse4.1 -mpclmul", then it will fail to compile because the
generic version must be used but the CRC tables were not included.
2024-02-01 20:09:11 +08:00
Jia Tan 2f1552a91c liblzma: Only use ifunc in crcXX_fast.c if its needed.
The code was using HAVE_FUNC_ATTRIBUTE_IFUNC instead of CRC_USE_IFUNC.
With ARM64, ifunc is incompatible because it requires non-inline
function calls for runtime detection.
2024-02-01 20:09:11 +08:00
Jia Tan 1940f0ec28 liblzma: Omit CRC tables when not needed with ARM64 optimizations.
This is similar to the existing x86-64 CLMUL conditions to omit the
tables. They were slightly refactored to improve readability.
2024-02-01 20:09:11 +08:00
Jia Tan 761f5b69a4 liblzma: Rename crc32_aarch64.h to crc32_arm64.h.
Even though the proper name for the architecture is aarch64, this
project uses ARM64 throughout. So the rename is for consistency.

Additionally, crc32_arm64.h was slightly refactored for the following
changes:

   * Added MSVC, FreeBSD, and macOS support in
     is_arch_extension_supported().

   * crc32_arch_optimized() now checks the size when aligning the
     buffer.

   * crc32_arch_optimized() loop conditions were slightly modified to
     avoid both decrementing the size and incrementing the buffer
     pointer.

   * Use the intrinsic wrappers defined in <arm_acle.h> because GCC and
     Clang name them differently.

   * Minor spacing and comment changes.
2024-02-01 20:09:11 +08:00
Jia Tan 455a08609c liblzma: Refactor crc_common.h.
The CRC_GENERIC is now split into CRC32_GENERIC and CRC64_GENERIC, since
the ARM64 optimizations will be different between CRC32 and CRC64.

For the same reason, CRC_ARCH_OPTIMIZED is split into
CRC32_ARCH_OPTIMIZED and CRC64_ARCH_OPTIMIZED.

ifunc will only be used with x86-64 CLMUL because the runtime detection
methods needed with ARM64 are not compatible with ifunc.
2024-02-01 20:09:11 +08:00
Chenxi Mao 849d0f282a Speed up CRC32 calculation on ARM64
The CRC32 instructions in ARM64 can calculate the CRC32 result
for 8 bytes in a single operation, making the use of ARM64
instructions much faster compared to the general CRC32 algorithm.

Optimized CRC32 will be enabled if ARM64 has CRC extension
running on Linux.

Signed-off-by: Chenxi Mao <chenxi.mao2013@gmail.com>
2024-01-27 21:49:26 +08:00
Lasse Collin fbb3ce541e liblzma: CRC: Add a comment to crc_x86_clmul.h about BUILDING_ macros. 2024-01-11 15:25:00 +02:00
Lasse Collin 4f518c1b6b liblzma: CRC: Remove crc_always_inline, use lzma_always_inline instead.
Now crc_simd_body() in crc_x86_clmul.h is only called once
in a translation unit, we no longer need to be so cautious
about ensuring the always-inline behavior.
2024-01-11 15:24:35 +02:00
Lasse Collin 35c03ec6bf liblzma: CRC: Update CLMUL comments to more generic wording. 2024-01-11 14:39:46 +02:00
Lasse Collin 66f080e801 liblzma: Rename arch-specific CRC functions and macros.
CRC_CLMUL was split to CRC_ARCH_OPTIMIZED and CRC_X86_CLMUL.
CRC_ARCH_OPTIMIZED is defined when an arch-optimized version is used.
Currently the x86 CLMUL implementations are the only arch-optimized
versions, and these also use the CRC_x86_CLMUL macro to tell when
crc_x86_clmul.h needs to be included.

is_clmul_supported() was renamed to is_arch_extension_supported().
crc32_clmul() and crc64_clmul() were renamed to
crc32_arch_optimized() and crc64_arch_optimized().
This way the names make sense with arch-specific non-CLMUL
implementations as well.
2024-01-11 14:29:42 +02:00
Lasse Collin 3dbed75b0b liblzma: Fix a comment in crc_common.h. 2024-01-11 14:29:42 +02:00
Lasse Collin 419f55f9df liblzma: Avoid extern lzma_crc32_clmul() and lzma_crc64_clmul().
A CLMUL-only build will have the crcxx_clmul() inlined into
lzma_crcxx(). Previously a jump to the extern lzma_crcxx_clmul()
was needed. Notes about shared liblzma on ELF platforms:

  - On platforms that support ifunc and -fvisibility=hidden, this
    was silly because CLMUL-only build would have that single extra
    jump instruction of extra overhead.

  - On platforms that support neither -fvisibility=hidden nor linker
    version script (liblzma*.map), jumping to lzma_crcxx_clmul()
    would go via PLT so a few more instructions of overhead (still
    not a big issue but silly nevertheless).

There was a downside with static liblzma too: if an application only
needs lzma_crc64(), static linking would make the linker include the
CLMUL code for both CRC32 and CRC64 from crc_x86_clmul.o even though
the CRC32 code wouldn't be needed, thus increasing code size of the
executable (assuming that -ffunction-sections isn't used).

Also, now compilers are likely to inline crc_simd_body()
even if they don't support the always_inline attribute
(or MSVC's __forceinline). Quite possibly all compilers
that build the code do support such an attribute. But now
it likely isn't a problem even if the attribute wasn't supported.

Now all x86-specific stuff is in crc_x86_clmul.h. If other archs
The other archs can then have their own headers with their own
is_clmul_supported() and crcxx_clmul().

Another bonus is that the build system doesn't need to care if
crc_clmul.c is needed.

is_clmul_supported() stays as inline function as it's not needed
when doing a CLMUL-only build (avoids a warning about unused function).
2024-01-11 14:29:42 +02:00
Lasse Collin e3833e297d liblzma: crc_clmul.c: Add crc_attr_target macro.
This reduces the number of the complex #if directives.
2024-01-11 14:29:42 +02:00
Lasse Collin d164ac0e62 liblzma: Simplify existing cases with lzma_attr_no_sanitize_address. 2024-01-11 14:29:42 +02:00
Lasse Collin 9523c1300d liblzma: #define crc_attr_no_sanitize_address in crc_common.h. 2024-01-11 14:29:38 +02:00
Lasse Collin 93d144f093 liblzma: CRC: Add empty lines.
And remove one too.
2024-01-10 17:19:03 +02:00
Lasse Collin 0c7e854ffd liblzma: crc_clmul.c: Tidy up the location of MSVC pragma.
It makes no difference in practice.
2024-01-10 17:19:03 +02:00
Lasse Collin 8c36ab79cb liblzma: Add a note why crc_always_inline exists for now.
Solaris Studio is a possible example (not tested) which
supports the always_inline attribute but might not get
detected by the common.h #ifdefs.
2023-10-30 18:44:32 +02:00
Lasse Collin 41113fe30a liblzma: Use lzma_attr_visibility_hidden on private extern declarations.
These variables are internal to liblzma and not exposed in the API.
2023-10-30 18:06:25 +02:00
Jia Tan 988e09f27b liblzma: Move is_clmul_supported() back to crc_common.h.
This partially reverts creating crc_clmul.c
(8c0f9376f5) where is_clmul_supported()
was moved, extern'ed, and renamed to lzma_is_clmul_supported(). This
caused a problem when the function call to lzma_is_clmul_supported()
results in a call through the PLT. ifunc resolvers run very early in
the dynamic loading sequence, so the PLT may not be setup properly at
this point. Whether the PLT is used or not for
lzma_is_clmul_supported() depened upon the compiler-toolchain used and
flags.

In liblzma compiled with GCC, for instance, GCC will go through the PLT
for function calls internal to liblzma if the version scripts and
symbol visibility hiding are not used. If lazy-binding is disabled,
then it would have made any program linked with liblzma fail during
dynamic loading in the ifunc resolver.
2023-10-21 00:01:29 +08:00
Jia Tan 105c7ca90d Build: Remove check for COND_CHECK_CRC32 in check/Makefile.inc.
Currently crc32 is always enabled, so COND_CHECK_CRC32 must always be
set. Because of this, it makes the recent change to conditionally
compile check/crc_clmul.c appear wrong since that file has CLMUL
implementations for both CRC32 and CRC64.
2023-10-19 16:23:32 +08:00
Jia Tan c60b25569d liblzma: Fix -fsanitize=address failure with crc_clmul functions.
After forcing crc_simd_body() to always be inlined it caused
-fsanitize=address to fail for lzma_crc32_clmul() and
lzma_crc64_clmul(). The __no_sanitize_address__ attribute was added
to lzma_crc32_clmul() and lzma_crc64_clmul(), but not removed from
crc_simd_body(). ASAN and inline functions behavior has changed over
the years for GCC specifically, so while strictly required we will
keep __attribute__((__no_sanitize_address__)) on crc_simd_body() in
case this becomes a requirement in the future.

Older GCC versions refuse to inline a function with ASAN if the
caller and callee do not agree on sanitization flags
(https://gcc.gnu.org/bugzilla/show_bug.cgi?id=89124#c3). If the
function was forced to be inlined, it will not compile if the callee
function has __no_sanitize_address__ but the caller doesn't.
2023-10-19 01:15:20 +08:00
Jia Tan 1c8884f0af liblzma: Set the MSVC optimization fix to only cover lzma_crc64_clmul().
After testing a 32-bit Release build on MSVC, only lzma_crc64_clmul()
has the bug. crc_simd_body() and lzma_crc32_clmul() do not need the
optimizations disabled.
2023-10-18 23:54:41 +08:00
Lasse Collin 5ce0f7a48b liblzma: CRC_USE_GENERIC_FOR_SMALL_INPUTS cannot be used with ifunc. 2023-10-18 23:54:41 +08:00
Lasse Collin 2773538049 liblzma: Include common.h in crc_common.h.
crc_common.h depends on common.h. The headers include common.h except
when there is a reason to not do so.
2023-10-18 23:54:41 +08:00
Jia Tan e13b7947b9 liblzma: Add include guards to crc_common.h. 2023-10-18 23:54:41 +08:00
Jia Tan 40abd88afc liblzma: Add the crc_always_inline macro to crc_simd_body().
Forcing this to be inline has a significant speed improvement at the
cost of a few repeated instructions. The compilers tested on did not
inline this function since it is large and is used twice in the same
translation unit.
2023-10-18 23:54:41 +08:00
Jia Tan a5966c276b liblzma: Create crc_always_inline macro.
This macro must be used instead of the inline keyword. On MSVC, it is
a replacement for __forceinline which is an MSVC specific keyword that
should not be used with inline (it will issue a warning if it is).

It does not use a build system check to determine if
__attribute__((__always_inline__)) since all compilers that can use
CLMUL extensions (except the special case for MSVC) should support this
attribute. If this assumption is incorrect then it will result in a bug
report instead of silently producing slow code.
2023-10-18 23:54:41 +08:00
Jia Tan 96b663f67c liblzma: Refactor CRC comments.
A detailed description of the three dispatch methods was added. Also,
duplicated comments now only appear in crc32_fast.c or were removed from
both crc32_fast.c and crc64_fast.c if they appeared in crc_clmul.c.
2023-10-18 23:54:41 +08:00
Jia Tan 8c0f9376f5 liblzma: Create crc_clmul.c.
Both crc32_clmul() and crc64_clmul() are now exported from
crc32_clmul.c as lzma_crc32_clmul() and lzma_crc64_clmul(). This
ensures that is_clmul_supported() (now lzma_is_clmul_supported()) is
not duplicated between crc32_fast.c and crc64_fast.c.

Also, it encapsulates the complexity of the CLMUL implementations into a
single file and reduces the complexity of crc32_fast.c and crc64_fast.c.
Before, CLMUL code was present in crc32_fast.c, crc64_fast.c, and
crc_common.h.

During the conversion, various cleanups were applied to code (thanks to
Lasse Collin) including:

- Require using semicolons with MASK_/L/H/LH macros.
- Variable typing and const handling improvements.
- Improvements to comments.
- Fixes to the pragmas used.
- Removed unneeded variables.
- Whitespace improvements.
- Fixed CRC_USE_GENERIC_FOR_SMALL_INPUTS handling.
- Silenced warnings and removed the need for some #pragmas
2023-10-18 23:54:36 +08:00
Jia Tan a3ebc2c516 liblzma: Define CRC_USE_IFUNC in crc_common.h.
When ifunc is supported, we can define a simpler macro instead of
repeating the more complex check in both crc32_fast.c and crc64_fast.c.
2023-10-18 20:41:11 +08:00
Hans Jansen f1cd9d7194 liblzma: Added crc32_clmul to crc32_fast.c. 2023-10-13 20:54:05 +08:00
Hans Jansen 93e6fb08b2 liblzma: Moved CLMUL CRC logic to crc_common.h.
crc64_fast.c was updated to use the code from crc_common.h instead.
2023-10-13 20:54:05 +08:00
Hans Jansen 233885a437 liblzma: Rename crc_macros.h to crc_common.h. 2023-10-13 20:54:05 +08:00
Lasse Collin 5a9af95f85 liblzma: Update a comment.
The C standards don't allow an empty translation unit which can be
avoided by declaring something, without exporting any symbols.

When I committed f644473a21 I had
a feeling that some specific toolchain somewhere didn't like
empty object files (assembler or maybe "ar" complained) but
I cannot find anything to confirm this now. Quite likely I
remembered nonsense. I leave this here as a note to my future self. :-)
2023-09-26 21:47:13 +03:00
Jia Tan 8ebaf3f665 liblzma: Avoid compiler warning without creating extra symbol.
When the generic fast crc64 method is used, then we omit
lzma_crc64_table[][]. Similar to
d9166b52cf, we can avoid compiler warnings
with -Wempty-translation-unit (Clang) or -pedantic (GCC) by creating a
never used typedef instead of an extra symbol.
2023-09-27 00:04:40 +08:00
Lasse Collin 4f44ef8675 liblzma: Mark crc64_clmul() with __attribute__((__no_sanitize_address__)).
Thanks to Agostino Sarubbo.
Fixes: https://github.com/tukaani-project/xz/issues/62
2023-09-14 16:34:07 +03:00
Jia Tan 0184d344fa liblzma: Suppress -Wunused-function warning.
Clang 16.0.0 and earlier have a bug that the ifunc resolver function
triggers the -Wunused-function warning. The resolver function is static
and only "used" by the __attribute__((__ifunc()__)).

At this time, the bug is still unresolved, but has been reported:
https://github.com/llvm/llvm-project/issues/63957

This is not a problem in GCC.
2023-07-19 23:36:00 +08:00