1 /* 2 * BCM2835 Random Number Generator emulation 3 * 4 * Copyright (C) 2017 Marcin Chojnacki <marcinch7@gmail.com> 5 * 6 * This work is licensed under the terms of the GNU GPL, version 2 or later. 7 * See the COPYING file in the top-level directory. 8 */ 9 10 #include "qemu/osdep.h" 11 #include "qemu/log.h" 12 #include "qemu/guest-random.h" 13 #include "qemu/module.h" 14 #include "hw/misc/bcm2835_rng.h" 15 16 static uint32_t get_random_bytes(void) 17 { 18 uint32_t res; 19 20 /* 21 * On failure we don't want to return the guest a non-random 22 * value in case they're really using it for cryptographic 23 * purposes, so the best we can do is die here. 24 * This shouldn't happen unless something's broken. 25 * In theory we could implement this device's full FIFO 26 * and interrupt semantics and then just stop filling the 27 * FIFO. That's a lot of work, though, so we assume any 28 * errors are systematic problems and trust that if we didn't 29 * fail as the guest inited then we won't fail later on 30 * mid-run. 31 */ 32 qemu_guest_getrandom_nofail(&res, sizeof(res)); 33 return res; 34 } 35 36 static uint64_t bcm2835_rng_read(void *opaque, hwaddr offset, 37 unsigned size) 38 { 39 BCM2835RngState *s = (BCM2835RngState *)opaque; 40 uint32_t res = 0; 41 42 assert(size == 4); 43 44 switch (offset) { 45 case 0x0: /* rng_ctrl */ 46 res = s->rng_ctrl; 47 break; 48 case 0x4: /* rng_status */ 49 res = s->rng_status | (1 << 24); 50 break; 51 case 0x8: /* rng_data */ 52 res = get_random_bytes(); 53 break; 54 55 default: 56 qemu_log_mask(LOG_GUEST_ERROR, 57 "bcm2835_rng_read: Bad offset %x\n", 58 (int)offset); 59 res = 0; 60 break; 61 } 62 63 return res; 64 } 65 66 static void bcm2835_rng_write(void *opaque, hwaddr offset, 67 uint64_t value, unsigned size) 68 { 69 BCM2835RngState *s = (BCM2835RngState *)opaque; 70 71 assert(size == 4); 72 73 switch (offset) { 74 case 0x0: /* rng_ctrl */ 75 s->rng_ctrl = value; 76 break; 77 case 0x4: /* rng_status */ 78 /* we shouldn't let the guest write to bits [31..20] */ 79 s->rng_status &= ~0xFFFFF; /* clear 20 lower bits */ 80 s->rng_status |= value & 0xFFFFF; /* set them to new value */ 81 break; 82 83 default: 84 qemu_log_mask(LOG_GUEST_ERROR, 85 "bcm2835_rng_write: Bad offset %x\n", 86 (int)offset); 87 break; 88 } 89 } 90 91 static const MemoryRegionOps bcm2835_rng_ops = { 92 .read = bcm2835_rng_read, 93 .write = bcm2835_rng_write, 94 .endianness = DEVICE_NATIVE_ENDIAN, 95 }; 96 97 static const VMStateDescription vmstate_bcm2835_rng = { 98 .name = TYPE_BCM2835_RNG, 99 .version_id = 1, 100 .minimum_version_id = 1, 101 .fields = (VMStateField[]) { 102 VMSTATE_UINT32(rng_ctrl, BCM2835RngState), 103 VMSTATE_UINT32(rng_status, BCM2835RngState), 104 VMSTATE_END_OF_LIST() 105 } 106 }; 107 108 static void bcm2835_rng_init(Object *obj) 109 { 110 BCM2835RngState *s = BCM2835_RNG(obj); 111 112 memory_region_init_io(&s->iomem, obj, &bcm2835_rng_ops, s, 113 TYPE_BCM2835_RNG, 0x10); 114 sysbus_init_mmio(SYS_BUS_DEVICE(s), &s->iomem); 115 } 116 117 static void bcm2835_rng_reset(DeviceState *dev) 118 { 119 BCM2835RngState *s = BCM2835_RNG(dev); 120 121 s->rng_ctrl = 0; 122 s->rng_status = 0; 123 } 124 125 static void bcm2835_rng_class_init(ObjectClass *klass, void *data) 126 { 127 DeviceClass *dc = DEVICE_CLASS(klass); 128 129 dc->reset = bcm2835_rng_reset; 130 dc->vmsd = &vmstate_bcm2835_rng; 131 } 132 133 static TypeInfo bcm2835_rng_info = { 134 .name = TYPE_BCM2835_RNG, 135 .parent = TYPE_SYS_BUS_DEVICE, 136 .instance_size = sizeof(BCM2835RngState), 137 .class_init = bcm2835_rng_class_init, 138 .instance_init = bcm2835_rng_init, 139 }; 140 141 static void bcm2835_rng_register_types(void) 142 { 143 type_register_static(&bcm2835_rng_info); 144 } 145 146 type_init(bcm2835_rng_register_types) 147