1 /*
2 * BCM2835 Random Number Generator emulation
3 *
4 * Copyright (C) 2017 Marcin Chojnacki <marcinch7@gmail.com>
5 *
6 * This work is licensed under the terms of the GNU GPL, version 2 or later.
7 * See the COPYING file in the top-level directory.
8 */
9
10 #include "qemu/osdep.h"
11 #include "qemu/log.h"
12 #include "qemu/guest-random.h"
13 #include "qemu/module.h"
14 #include "hw/misc/bcm2835_rng.h"
15 #include "migration/vmstate.h"
16
get_random_bytes(void)17 static uint32_t get_random_bytes(void)
18 {
19 uint32_t res;
20
21 /*
22 * On failure we don't want to return the guest a non-random
23 * value in case they're really using it for cryptographic
24 * purposes, so the best we can do is die here.
25 * This shouldn't happen unless something's broken.
26 * In theory we could implement this device's full FIFO
27 * and interrupt semantics and then just stop filling the
28 * FIFO. That's a lot of work, though, so we assume any
29 * errors are systematic problems and trust that if we didn't
30 * fail as the guest inited then we won't fail later on
31 * mid-run.
32 */
33 qemu_guest_getrandom_nofail(&res, sizeof(res));
34 return res;
35 }
36
bcm2835_rng_read(void * opaque,hwaddr offset,unsigned size)37 static uint64_t bcm2835_rng_read(void *opaque, hwaddr offset,
38 unsigned size)
39 {
40 BCM2835RngState *s = (BCM2835RngState *)opaque;
41 uint32_t res = 0;
42
43 assert(size == 4);
44
45 switch (offset) {
46 case 0x0: /* rng_ctrl */
47 res = s->rng_ctrl;
48 break;
49 case 0x4: /* rng_status */
50 res = s->rng_status | (1 << 24);
51 break;
52 case 0x8: /* rng_data */
53 res = get_random_bytes();
54 break;
55
56 default:
57 qemu_log_mask(LOG_GUEST_ERROR,
58 "bcm2835_rng_read: Bad offset %x\n",
59 (int)offset);
60 res = 0;
61 break;
62 }
63
64 return res;
65 }
66
bcm2835_rng_write(void * opaque,hwaddr offset,uint64_t value,unsigned size)67 static void bcm2835_rng_write(void *opaque, hwaddr offset,
68 uint64_t value, unsigned size)
69 {
70 BCM2835RngState *s = (BCM2835RngState *)opaque;
71
72 assert(size == 4);
73
74 switch (offset) {
75 case 0x0: /* rng_ctrl */
76 s->rng_ctrl = value;
77 break;
78 case 0x4: /* rng_status */
79 /* we shouldn't let the guest write to bits [31..20] */
80 s->rng_status &= ~0xFFFFF; /* clear 20 lower bits */
81 s->rng_status |= value & 0xFFFFF; /* set them to new value */
82 break;
83
84 default:
85 qemu_log_mask(LOG_GUEST_ERROR,
86 "bcm2835_rng_write: Bad offset %x\n",
87 (int)offset);
88 break;
89 }
90 }
91
92 static const MemoryRegionOps bcm2835_rng_ops = {
93 .read = bcm2835_rng_read,
94 .write = bcm2835_rng_write,
95 .endianness = DEVICE_NATIVE_ENDIAN,
96 };
97
98 static const VMStateDescription vmstate_bcm2835_rng = {
99 .name = TYPE_BCM2835_RNG,
100 .version_id = 1,
101 .minimum_version_id = 1,
102 .fields = (const VMStateField[]) {
103 VMSTATE_UINT32(rng_ctrl, BCM2835RngState),
104 VMSTATE_UINT32(rng_status, BCM2835RngState),
105 VMSTATE_END_OF_LIST()
106 }
107 };
108
bcm2835_rng_init(Object * obj)109 static void bcm2835_rng_init(Object *obj)
110 {
111 BCM2835RngState *s = BCM2835_RNG(obj);
112
113 memory_region_init_io(&s->iomem, obj, &bcm2835_rng_ops, s,
114 TYPE_BCM2835_RNG, 0x10);
115 sysbus_init_mmio(SYS_BUS_DEVICE(s), &s->iomem);
116 }
117
bcm2835_rng_reset(DeviceState * dev)118 static void bcm2835_rng_reset(DeviceState *dev)
119 {
120 BCM2835RngState *s = BCM2835_RNG(dev);
121
122 s->rng_ctrl = 0;
123 s->rng_status = 0;
124 }
125
bcm2835_rng_class_init(ObjectClass * klass,void * data)126 static void bcm2835_rng_class_init(ObjectClass *klass, void *data)
127 {
128 DeviceClass *dc = DEVICE_CLASS(klass);
129
130 device_class_set_legacy_reset(dc, bcm2835_rng_reset);
131 dc->vmsd = &vmstate_bcm2835_rng;
132 }
133
134 static const TypeInfo bcm2835_rng_info = {
135 .name = TYPE_BCM2835_RNG,
136 .parent = TYPE_SYS_BUS_DEVICE,
137 .instance_size = sizeof(BCM2835RngState),
138 .class_init = bcm2835_rng_class_init,
139 .instance_init = bcm2835_rng_init,
140 };
141
bcm2835_rng_register_types(void)142 static void bcm2835_rng_register_types(void)
143 {
144 type_register_static(&bcm2835_rng_info);
145 }
146
147 type_init(bcm2835_rng_register_types)
148