1 /* 2 * BCM2835 Random Number Generator emulation 3 * 4 * Copyright (C) 2017 Marcin Chojnacki <marcinch7@gmail.com> 5 * 6 * This work is licensed under the terms of the GNU GPL, version 2 or later. 7 * See the COPYING file in the top-level directory. 8 */ 9 10 #include "qemu/osdep.h" 11 #include "qemu/log.h" 12 #include "qemu/guest-random.h" 13 #include "hw/misc/bcm2835_rng.h" 14 15 static uint32_t get_random_bytes(void) 16 { 17 uint32_t res; 18 19 /* 20 * On failure we don't want to return the guest a non-random 21 * value in case they're really using it for cryptographic 22 * purposes, so the best we can do is die here. 23 * This shouldn't happen unless something's broken. 24 * In theory we could implement this device's full FIFO 25 * and interrupt semantics and then just stop filling the 26 * FIFO. That's a lot of work, though, so we assume any 27 * errors are systematic problems and trust that if we didn't 28 * fail as the guest inited then we won't fail later on 29 * mid-run. 30 */ 31 qemu_guest_getrandom_nofail(&res, sizeof(res)); 32 return res; 33 } 34 35 static uint64_t bcm2835_rng_read(void *opaque, hwaddr offset, 36 unsigned size) 37 { 38 BCM2835RngState *s = (BCM2835RngState *)opaque; 39 uint32_t res = 0; 40 41 assert(size == 4); 42 43 switch (offset) { 44 case 0x0: /* rng_ctrl */ 45 res = s->rng_ctrl; 46 break; 47 case 0x4: /* rng_status */ 48 res = s->rng_status | (1 << 24); 49 break; 50 case 0x8: /* rng_data */ 51 res = get_random_bytes(); 52 break; 53 54 default: 55 qemu_log_mask(LOG_GUEST_ERROR, 56 "bcm2835_rng_read: Bad offset %x\n", 57 (int)offset); 58 res = 0; 59 break; 60 } 61 62 return res; 63 } 64 65 static void bcm2835_rng_write(void *opaque, hwaddr offset, 66 uint64_t value, unsigned size) 67 { 68 BCM2835RngState *s = (BCM2835RngState *)opaque; 69 70 assert(size == 4); 71 72 switch (offset) { 73 case 0x0: /* rng_ctrl */ 74 s->rng_ctrl = value; 75 break; 76 case 0x4: /* rng_status */ 77 /* we shouldn't let the guest write to bits [31..20] */ 78 s->rng_status &= ~0xFFFFF; /* clear 20 lower bits */ 79 s->rng_status |= value & 0xFFFFF; /* set them to new value */ 80 break; 81 82 default: 83 qemu_log_mask(LOG_GUEST_ERROR, 84 "bcm2835_rng_write: Bad offset %x\n", 85 (int)offset); 86 break; 87 } 88 } 89 90 static const MemoryRegionOps bcm2835_rng_ops = { 91 .read = bcm2835_rng_read, 92 .write = bcm2835_rng_write, 93 .endianness = DEVICE_NATIVE_ENDIAN, 94 }; 95 96 static const VMStateDescription vmstate_bcm2835_rng = { 97 .name = TYPE_BCM2835_RNG, 98 .version_id = 1, 99 .minimum_version_id = 1, 100 .fields = (VMStateField[]) { 101 VMSTATE_UINT32(rng_ctrl, BCM2835RngState), 102 VMSTATE_UINT32(rng_status, BCM2835RngState), 103 VMSTATE_END_OF_LIST() 104 } 105 }; 106 107 static void bcm2835_rng_init(Object *obj) 108 { 109 BCM2835RngState *s = BCM2835_RNG(obj); 110 111 memory_region_init_io(&s->iomem, obj, &bcm2835_rng_ops, s, 112 TYPE_BCM2835_RNG, 0x10); 113 sysbus_init_mmio(SYS_BUS_DEVICE(s), &s->iomem); 114 } 115 116 static void bcm2835_rng_reset(DeviceState *dev) 117 { 118 BCM2835RngState *s = BCM2835_RNG(dev); 119 120 s->rng_ctrl = 0; 121 s->rng_status = 0; 122 } 123 124 static void bcm2835_rng_class_init(ObjectClass *klass, void *data) 125 { 126 DeviceClass *dc = DEVICE_CLASS(klass); 127 128 dc->reset = bcm2835_rng_reset; 129 dc->vmsd = &vmstate_bcm2835_rng; 130 } 131 132 static TypeInfo bcm2835_rng_info = { 133 .name = TYPE_BCM2835_RNG, 134 .parent = TYPE_SYS_BUS_DEVICE, 135 .instance_size = sizeof(BCM2835RngState), 136 .class_init = bcm2835_rng_class_init, 137 .instance_init = bcm2835_rng_init, 138 }; 139 140 static void bcm2835_rng_register_types(void) 141 { 142 type_register_static(&bcm2835_rng_info); 143 } 144 145 type_init(bcm2835_rng_register_types) 146