1 /* 2 * BCM2835 Random Number Generator emulation 3 * 4 * Copyright (C) 2017 Marcin Chojnacki <marcinch7@gmail.com> 5 * 6 * This work is licensed under the terms of the GNU GPL, version 2 or later. 7 * See the COPYING file in the top-level directory. 8 */ 9 10 #include "qemu/osdep.h" 11 #include "qemu/log.h" 12 #include "qemu/guest-random.h" 13 #include "qemu/module.h" 14 #include "hw/misc/bcm2835_rng.h" 15 #include "migration/vmstate.h" 16 17 static uint32_t get_random_bytes(void) 18 { 19 uint32_t res; 20 21 /* 22 * On failure we don't want to return the guest a non-random 23 * value in case they're really using it for cryptographic 24 * purposes, so the best we can do is die here. 25 * This shouldn't happen unless something's broken. 26 * In theory we could implement this device's full FIFO 27 * and interrupt semantics and then just stop filling the 28 * FIFO. That's a lot of work, though, so we assume any 29 * errors are systematic problems and trust that if we didn't 30 * fail as the guest inited then we won't fail later on 31 * mid-run. 32 */ 33 qemu_guest_getrandom_nofail(&res, sizeof(res)); 34 return res; 35 } 36 37 static uint64_t bcm2835_rng_read(void *opaque, hwaddr offset, 38 unsigned size) 39 { 40 BCM2835RngState *s = (BCM2835RngState *)opaque; 41 uint32_t res = 0; 42 43 assert(size == 4); 44 45 switch (offset) { 46 case 0x0: /* rng_ctrl */ 47 res = s->rng_ctrl; 48 break; 49 case 0x4: /* rng_status */ 50 res = s->rng_status | (1 << 24); 51 break; 52 case 0x8: /* rng_data */ 53 res = get_random_bytes(); 54 break; 55 56 default: 57 qemu_log_mask(LOG_GUEST_ERROR, 58 "bcm2835_rng_read: Bad offset %x\n", 59 (int)offset); 60 res = 0; 61 break; 62 } 63 64 return res; 65 } 66 67 static void bcm2835_rng_write(void *opaque, hwaddr offset, 68 uint64_t value, unsigned size) 69 { 70 BCM2835RngState *s = (BCM2835RngState *)opaque; 71 72 assert(size == 4); 73 74 switch (offset) { 75 case 0x0: /* rng_ctrl */ 76 s->rng_ctrl = value; 77 break; 78 case 0x4: /* rng_status */ 79 /* we shouldn't let the guest write to bits [31..20] */ 80 s->rng_status &= ~0xFFFFF; /* clear 20 lower bits */ 81 s->rng_status |= value & 0xFFFFF; /* set them to new value */ 82 break; 83 84 default: 85 qemu_log_mask(LOG_GUEST_ERROR, 86 "bcm2835_rng_write: Bad offset %x\n", 87 (int)offset); 88 break; 89 } 90 } 91 92 static const MemoryRegionOps bcm2835_rng_ops = { 93 .read = bcm2835_rng_read, 94 .write = bcm2835_rng_write, 95 .endianness = DEVICE_NATIVE_ENDIAN, 96 }; 97 98 static const VMStateDescription vmstate_bcm2835_rng = { 99 .name = TYPE_BCM2835_RNG, 100 .version_id = 1, 101 .minimum_version_id = 1, 102 .fields = (const VMStateField[]) { 103 VMSTATE_UINT32(rng_ctrl, BCM2835RngState), 104 VMSTATE_UINT32(rng_status, BCM2835RngState), 105 VMSTATE_END_OF_LIST() 106 } 107 }; 108 109 static void bcm2835_rng_init(Object *obj) 110 { 111 BCM2835RngState *s = BCM2835_RNG(obj); 112 113 memory_region_init_io(&s->iomem, obj, &bcm2835_rng_ops, s, 114 TYPE_BCM2835_RNG, 0x10); 115 sysbus_init_mmio(SYS_BUS_DEVICE(s), &s->iomem); 116 } 117 118 static void bcm2835_rng_reset(DeviceState *dev) 119 { 120 BCM2835RngState *s = BCM2835_RNG(dev); 121 122 s->rng_ctrl = 0; 123 s->rng_status = 0; 124 } 125 126 static void bcm2835_rng_class_init(ObjectClass *klass, void *data) 127 { 128 DeviceClass *dc = DEVICE_CLASS(klass); 129 130 dc->reset = bcm2835_rng_reset; 131 dc->vmsd = &vmstate_bcm2835_rng; 132 } 133 134 static const TypeInfo bcm2835_rng_info = { 135 .name = TYPE_BCM2835_RNG, 136 .parent = TYPE_SYS_BUS_DEVICE, 137 .instance_size = sizeof(BCM2835RngState), 138 .class_init = bcm2835_rng_class_init, 139 .instance_init = bcm2835_rng_init, 140 }; 141 142 static void bcm2835_rng_register_types(void) 143 { 144 type_register_static(&bcm2835_rng_info); 145 } 146 147 type_init(bcm2835_rng_register_types) 148