From: Andrew Cooper Date: Thu, 27 Jun 2024 12:55:51 +0000 (+0100) Subject: tools/libxg: Don't gunzip the guests initrd X-Git-Url: http://xenbits.xensource.com/gitweb?a=commitdiff_plain;h=d17b7562d4ef7ab32fdac9b59fe66055db4b6271;p=people%2Fandrewcoop%2Fxen.git tools/libxg: Don't gunzip the guests initrd Decompressing the kernel is necessary to inspect the ELF notes, but the dombuilder will gunzip() secondary modules too. Specifically gunzip(), no other decompression algorithms. This may have been necessary in the dim and distant past, but it is broken today. Linux specifically supports concatenating CPIO fragments of differing compressions, and any attempt to interpret it with a single algorithm may corrupt later parts. This was an unexpected discovery while trying to test Xen's gunzip() logic (Xen as a PVH guest, with a gzipped XTF kernel as dom0). Interpreting secondary modules should be left as an exercise to the guest. This reduces work done in dom0. This is not expected to cause a practical difference to guests these days. Signed-off-by: Andrew Cooper Acked-by: Jan Beulich Acked-by: Oleksii Kurochko --- diff --git a/CHANGELOG.md b/CHANGELOG.md index 15f681459f..61510e6a11 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,8 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/) ### Changed - Fixed blkif protocol specification for sector sizes different than 512b. + - The dombuilder in libxenguest no longer un-gzips secondary modules, instead + leaving this to the guest kernel to do in guest context. - On x86: - Prefer ACPI reboot over UEFI ResetSystem() run time service call. - Switched the xAPIC flat driver to use physical destination mode for external diff --git a/tools/libs/guest/xg_dom_core.c b/tools/libs/guest/xg_dom_core.c index f5521d528b..595b0a667c 100644 --- a/tools/libs/guest/xg_dom_core.c +++ b/tools/libs/guest/xg_dom_core.c @@ -980,37 +980,24 @@ int xc_dom_mem_init(struct xc_dom_image *dom, unsigned int mem_mb) static int xc_dom_build_module(struct xc_dom_image *dom, unsigned int mod) { - size_t unziplen, modulelen; + size_t modulelen; void *modulemap; char name[10]; - if ( !dom->modules[mod].seg.vstart ) - unziplen = xc_dom_check_gzip(dom->xch, - dom->modules[mod].blob, dom->modules[mod].size); - else - unziplen = 0; + modulelen = dom->modules[mod].size; - modulelen = max(unziplen, dom->modules[mod].size); - if ( dom->max_module_size ) + if ( dom->max_module_size && modulelen > dom->max_module_size ) { - if ( unziplen && modulelen > dom->max_module_size ) - { - modulelen = min(unziplen, dom->modules[mod].size); - if ( unziplen > modulelen ) - unziplen = 0; - } - if ( modulelen > dom->max_module_size ) - { - xc_dom_panic(dom->xch, XC_INVALID_KERNEL, - "module %u image too large", mod); - goto err; - } + xc_dom_panic(dom->xch, XC_INVALID_KERNEL, + "module %u image too large", mod); + goto err; } snprintf(name, sizeof(name), "module%u", mod); if ( xc_dom_alloc_segment(dom, &dom->modules[mod].seg, name, dom->modules[mod].seg.vstart, modulelen) != 0 ) goto err; + modulemap = xc_dom_seg_to_ptr(dom, &dom->modules[mod].seg); if ( modulemap == NULL ) { @@ -1018,21 +1005,8 @@ static int xc_dom_build_module(struct xc_dom_image *dom, unsigned int mod) __FUNCTION__, mod); goto err; } - if ( unziplen ) - { - if ( xc_dom_do_gunzip(dom->xch, dom->modules[mod].blob, dom->modules[mod].size, - modulemap, unziplen) != -1 ) - return 0; - if ( dom->modules[mod].size > modulelen ) - goto err; - } - /* Fall back to handing over the raw blob. */ memcpy(modulemap, dom->modules[mod].blob, dom->modules[mod].size); - /* If an unzip attempt was made, the buffer may no longer be all zero. */ - if ( unziplen > dom->modules[mod].size ) - memset(modulemap + dom->modules[mod].size, 0, - unziplen - dom->modules[mod].size); return 0;