xref: /openbmc/qemu/hw/misc/bcm2835_rng.c (revision 3d9569b8)
1 /*
2  * BCM2835 Random Number Generator emulation
3  *
4  * Copyright (C) 2017 Marcin Chojnacki <marcinch7@gmail.com>
5  *
6  * This work is licensed under the terms of the GNU GPL, version 2 or later.
7  * See the COPYING file in the top-level directory.
8  */
9 
10 #include "qemu/osdep.h"
11 #include "qemu/log.h"
12 #include "qemu/guest-random.h"
13 #include "qemu/module.h"
14 #include "hw/misc/bcm2835_rng.h"
15 
16 static uint32_t get_random_bytes(void)
17 {
18     uint32_t res;
19 
20     /*
21      * On failure we don't want to return the guest a non-random
22      * value in case they're really using it for cryptographic
23      * purposes, so the best we can do is die here.
24      * This shouldn't happen unless something's broken.
25      * In theory we could implement this device's full FIFO
26      * and interrupt semantics and then just stop filling the
27      * FIFO. That's a lot of work, though, so we assume any
28      * errors are systematic problems and trust that if we didn't
29      * fail as the guest inited then we won't fail later on
30      * mid-run.
31      */
32     qemu_guest_getrandom_nofail(&res, sizeof(res));
33     return res;
34 }
35 
36 static uint64_t bcm2835_rng_read(void *opaque, hwaddr offset,
37                                  unsigned size)
38 {
39     BCM2835RngState *s = (BCM2835RngState *)opaque;
40     uint32_t res = 0;
41 
42     assert(size == 4);
43 
44     switch (offset) {
45     case 0x0:    /* rng_ctrl */
46         res = s->rng_ctrl;
47         break;
48     case 0x4:    /* rng_status */
49         res = s->rng_status | (1 << 24);
50         break;
51     case 0x8:    /* rng_data */
52         res = get_random_bytes();
53         break;
54 
55     default:
56         qemu_log_mask(LOG_GUEST_ERROR,
57                       "bcm2835_rng_read: Bad offset %x\n",
58                       (int)offset);
59         res = 0;
60         break;
61     }
62 
63     return res;
64 }
65 
66 static void bcm2835_rng_write(void *opaque, hwaddr offset,
67                               uint64_t value, unsigned size)
68 {
69     BCM2835RngState *s = (BCM2835RngState *)opaque;
70 
71     assert(size == 4);
72 
73     switch (offset) {
74     case 0x0:    /* rng_ctrl */
75         s->rng_ctrl = value;
76         break;
77     case 0x4:    /* rng_status */
78         /* we shouldn't let the guest write to bits [31..20] */
79         s->rng_status &= ~0xFFFFF;        /* clear 20 lower bits */
80         s->rng_status |= value & 0xFFFFF; /* set them to new value */
81         break;
82 
83     default:
84         qemu_log_mask(LOG_GUEST_ERROR,
85                       "bcm2835_rng_write: Bad offset %x\n",
86                       (int)offset);
87         break;
88     }
89 }
90 
91 static const MemoryRegionOps bcm2835_rng_ops = {
92     .read = bcm2835_rng_read,
93     .write = bcm2835_rng_write,
94     .endianness = DEVICE_NATIVE_ENDIAN,
95 };
96 
97 static const VMStateDescription vmstate_bcm2835_rng = {
98     .name = TYPE_BCM2835_RNG,
99     .version_id = 1,
100     .minimum_version_id = 1,
101     .fields = (VMStateField[]) {
102         VMSTATE_UINT32(rng_ctrl, BCM2835RngState),
103         VMSTATE_UINT32(rng_status, BCM2835RngState),
104         VMSTATE_END_OF_LIST()
105     }
106 };
107 
108 static void bcm2835_rng_init(Object *obj)
109 {
110     BCM2835RngState *s = BCM2835_RNG(obj);
111 
112     memory_region_init_io(&s->iomem, obj, &bcm2835_rng_ops, s,
113                           TYPE_BCM2835_RNG, 0x10);
114     sysbus_init_mmio(SYS_BUS_DEVICE(s), &s->iomem);
115 }
116 
117 static void bcm2835_rng_reset(DeviceState *dev)
118 {
119     BCM2835RngState *s = BCM2835_RNG(dev);
120 
121     s->rng_ctrl = 0;
122     s->rng_status = 0;
123 }
124 
125 static void bcm2835_rng_class_init(ObjectClass *klass, void *data)
126 {
127     DeviceClass *dc = DEVICE_CLASS(klass);
128 
129     dc->reset = bcm2835_rng_reset;
130     dc->vmsd = &vmstate_bcm2835_rng;
131 }
132 
133 static TypeInfo bcm2835_rng_info = {
134     .name          = TYPE_BCM2835_RNG,
135     .parent        = TYPE_SYS_BUS_DEVICE,
136     .instance_size = sizeof(BCM2835RngState),
137     .class_init    = bcm2835_rng_class_init,
138     .instance_init = bcm2835_rng_init,
139 };
140 
141 static void bcm2835_rng_register_types(void)
142 {
143     type_register_static(&bcm2835_rng_info);
144 }
145 
146 type_init(bcm2835_rng_register_types)
147