blob: fe59c868f563494566c9e287eae436341db7d9f5 [file] [log] [blame]
Marcin Chojnacki54a5ba12017-02-28 12:08:13 +00001/*
2 * BCM2835 Random Number Generator emulation
3 *
4 * Copyright (C) 2017 Marcin Chojnacki <marcinch7@gmail.com>
5 *
6 * This work is licensed under the terms of the GNU GPL, version 2 or later.
7 * See the COPYING file in the top-level directory.
8 */
9
10#include "qemu/osdep.h"
11#include "qemu/log.h"
Richard Henderson3090c982019-03-14 15:56:52 -070012#include "qemu/guest-random.h"
Marcin Chojnacki54a5ba12017-02-28 12:08:13 +000013#include "hw/misc/bcm2835_rng.h"
14
Peter Maydell373442e2017-02-28 12:08:14 +000015static uint32_t get_random_bytes(void)
16{
17 uint32_t res;
Peter Maydell373442e2017-02-28 12:08:14 +000018
Richard Henderson3090c982019-03-14 15:56:52 -070019 /*
20 * On failure we don't want to return the guest a non-random
21 * value in case they're really using it for cryptographic
22 * purposes, so the best we can do is die here.
23 * This shouldn't happen unless something's broken.
24 * In theory we could implement this device's full FIFO
25 * and interrupt semantics and then just stop filling the
26 * FIFO. That's a lot of work, though, so we assume any
27 * errors are systematic problems and trust that if we didn't
28 * fail as the guest inited then we won't fail later on
29 * mid-run.
30 */
31 qemu_guest_getrandom_nofail(&res, sizeof(res));
Peter Maydell373442e2017-02-28 12:08:14 +000032 return res;
33}
34
Marcin Chojnacki54a5ba12017-02-28 12:08:13 +000035static uint64_t bcm2835_rng_read(void *opaque, hwaddr offset,
36 unsigned size)
37{
38 BCM2835RngState *s = (BCM2835RngState *)opaque;
39 uint32_t res = 0;
40
41 assert(size == 4);
42
43 switch (offset) {
44 case 0x0: /* rng_ctrl */
45 res = s->rng_ctrl;
46 break;
47 case 0x4: /* rng_status */
48 res = s->rng_status | (1 << 24);
49 break;
50 case 0x8: /* rng_data */
Peter Maydell373442e2017-02-28 12:08:14 +000051 res = get_random_bytes();
Marcin Chojnacki54a5ba12017-02-28 12:08:13 +000052 break;
53
54 default:
55 qemu_log_mask(LOG_GUEST_ERROR,
56 "bcm2835_rng_read: Bad offset %x\n",
57 (int)offset);
58 res = 0;
59 break;
60 }
61
62 return res;
63}
64
65static void bcm2835_rng_write(void *opaque, hwaddr offset,
66 uint64_t value, unsigned size)
67{
68 BCM2835RngState *s = (BCM2835RngState *)opaque;
69
70 assert(size == 4);
71
72 switch (offset) {
73 case 0x0: /* rng_ctrl */
74 s->rng_ctrl = value;
75 break;
76 case 0x4: /* rng_status */
77 /* we shouldn't let the guest write to bits [31..20] */
78 s->rng_status &= ~0xFFFFF; /* clear 20 lower bits */
79 s->rng_status |= value & 0xFFFFF; /* set them to new value */
80 break;
81
82 default:
83 qemu_log_mask(LOG_GUEST_ERROR,
84 "bcm2835_rng_write: Bad offset %x\n",
85 (int)offset);
86 break;
87 }
88}
89
90static const MemoryRegionOps bcm2835_rng_ops = {
91 .read = bcm2835_rng_read,
92 .write = bcm2835_rng_write,
93 .endianness = DEVICE_NATIVE_ENDIAN,
94};
95
96static const VMStateDescription vmstate_bcm2835_rng = {
97 .name = TYPE_BCM2835_RNG,
98 .version_id = 1,
99 .minimum_version_id = 1,
100 .fields = (VMStateField[]) {
101 VMSTATE_UINT32(rng_ctrl, BCM2835RngState),
102 VMSTATE_UINT32(rng_status, BCM2835RngState),
103 VMSTATE_END_OF_LIST()
104 }
105};
106
107static void bcm2835_rng_init(Object *obj)
108{
109 BCM2835RngState *s = BCM2835_RNG(obj);
110
111 memory_region_init_io(&s->iomem, obj, &bcm2835_rng_ops, s,
112 TYPE_BCM2835_RNG, 0x10);
113 sysbus_init_mmio(SYS_BUS_DEVICE(s), &s->iomem);
114}
115
116static void bcm2835_rng_reset(DeviceState *dev)
117{
118 BCM2835RngState *s = BCM2835_RNG(dev);
119
120 s->rng_ctrl = 0;
121 s->rng_status = 0;
122}
123
124static void bcm2835_rng_class_init(ObjectClass *klass, void *data)
125{
126 DeviceClass *dc = DEVICE_CLASS(klass);
127
128 dc->reset = bcm2835_rng_reset;
129 dc->vmsd = &vmstate_bcm2835_rng;
130}
131
132static TypeInfo bcm2835_rng_info = {
133 .name = TYPE_BCM2835_RNG,
134 .parent = TYPE_SYS_BUS_DEVICE,
135 .instance_size = sizeof(BCM2835RngState),
136 .class_init = bcm2835_rng_class_init,
137 .instance_init = bcm2835_rng_init,
138};
139
140static void bcm2835_rng_register_types(void)
141{
142 type_register_static(&bcm2835_rng_info);
143}
144
145type_init(bcm2835_rng_register_types)