cachepc-qemu

Fork of AMDESE/qemu with changes for cachepc side-channel attack
git clone https://git.sinitax.com/sinitax/cachepc-qemu
Log | Files | Refs | Submodules | LICENSE | sfeed.txt

z2.c (9276B)

      1/*
      2 * PXA270-based Zipit Z2 device
      3 *
      4 * Copyright (c) 2011 by Vasily Khoruzhick <anarsoul@gmail.com>
      5 *
      6 * Code is based on mainstone platform.
      7 *
      8 * This code is licensed under the GNU GPL v2.
      9 *
     10 * Contributions after 2012-01-13 are licensed under the terms of the
     11 * GNU GPL, version 2 or (at your option) any later version.
     12 */
     13
     14#include "qemu/osdep.h"
     15#include "hw/arm/pxa.h"
     16#include "hw/arm/boot.h"
     17#include "hw/i2c/i2c.h"
     18#include "hw/irq.h"
     19#include "hw/ssi/ssi.h"
     20#include "migration/vmstate.h"
     21#include "hw/boards.h"
     22#include "hw/block/flash.h"
     23#include "ui/console.h"
     24#include "hw/audio/wm8750.h"
     25#include "audio/audio.h"
     26#include "exec/address-spaces.h"
     27#include "cpu.h"
     28#include "qom/object.h"
     29
     30#ifdef DEBUG_Z2
     31#define DPRINTF(fmt, ...) \
     32        printf(fmt, ## __VA_ARGS__)
     33#else
     34#define DPRINTF(fmt, ...)
     35#endif
     36
     37static const struct keymap map[0x100] = {
     38    [0 ... 0xff] = { -1, -1 },
     39    [0x3b] = {0, 0}, /* Option = F1 */
     40    [0xc8] = {0, 1}, /* Up */
     41    [0xd0] = {0, 2}, /* Down */
     42    [0xcb] = {0, 3}, /* Left */
     43    [0xcd] = {0, 4}, /* Right */
     44    [0xcf] = {0, 5}, /* End */
     45    [0x0d] = {0, 6}, /* KPPLUS */
     46    [0xc7] = {1, 0}, /* Home */
     47    [0x10] = {1, 1}, /* Q */
     48    [0x17] = {1, 2}, /* I */
     49    [0x22] = {1, 3}, /* G */
     50    [0x2d] = {1, 4}, /* X */
     51    [0x1c] = {1, 5}, /* Enter */
     52    [0x0c] = {1, 6}, /* KPMINUS */
     53    [0xc9] = {2, 0}, /* PageUp */
     54    [0x11] = {2, 1}, /* W */
     55    [0x18] = {2, 2}, /* O */
     56    [0x23] = {2, 3}, /* H */
     57    [0x2e] = {2, 4}, /* C */
     58    [0x38] = {2, 5}, /* LeftAlt */
     59    [0xd1] = {3, 0}, /* PageDown */
     60    [0x12] = {3, 1}, /* E */
     61    [0x19] = {3, 2}, /* P */
     62    [0x24] = {3, 3}, /* J */
     63    [0x2f] = {3, 4}, /* V */
     64    [0x2a] = {3, 5}, /* LeftShift */
     65    [0x01] = {4, 0}, /* Esc */
     66    [0x13] = {4, 1}, /* R */
     67    [0x1e] = {4, 2}, /* A */
     68    [0x25] = {4, 3}, /* K */
     69    [0x30] = {4, 4}, /* B */
     70    [0x1d] = {4, 5}, /* LeftCtrl */
     71    [0x0f] = {5, 0}, /* Tab */
     72    [0x14] = {5, 1}, /* T */
     73    [0x1f] = {5, 2}, /* S */
     74    [0x26] = {5, 3}, /* L */
     75    [0x31] = {5, 4}, /* N */
     76    [0x39] = {5, 5}, /* Space */
     77    [0x3c] = {6, 0}, /* Stop = F2 */
     78    [0x15] = {6, 1}, /* Y */
     79    [0x20] = {6, 2}, /* D */
     80    [0x0e] = {6, 3}, /* Backspace */
     81    [0x32] = {6, 4}, /* M */
     82    [0x33] = {6, 5}, /* Comma */
     83    [0x3d] = {7, 0}, /* Play = F3 */
     84    [0x16] = {7, 1}, /* U */
     85    [0x21] = {7, 2}, /* F */
     86    [0x2c] = {7, 3}, /* Z */
     87    [0x27] = {7, 4}, /* Semicolon */
     88    [0x34] = {7, 5}, /* Dot */
     89};
     90
     91#define Z2_RAM_SIZE     0x02000000
     92#define Z2_FLASH_BASE   0x00000000
     93#define Z2_FLASH_SIZE   0x00800000
     94
     95static struct arm_boot_info z2_binfo = {
     96    .loader_start   = PXA2XX_SDRAM_BASE,
     97    .ram_size       = Z2_RAM_SIZE,
     98};
     99
    100#define Z2_GPIO_SD_DETECT   96
    101#define Z2_GPIO_AC_IN       0
    102#define Z2_GPIO_KEY_ON      1
    103#define Z2_GPIO_LCD_CS      88
    104
    105struct ZipitLCD {
    106    SSIPeripheral ssidev;
    107    int32_t selected;
    108    int32_t enabled;
    109    uint8_t buf[3];
    110    uint32_t cur_reg;
    111    int pos;
    112};
    113
    114#define TYPE_ZIPIT_LCD "zipit-lcd"
    115OBJECT_DECLARE_SIMPLE_TYPE(ZipitLCD, ZIPIT_LCD)
    116
    117static uint32_t zipit_lcd_transfer(SSIPeripheral *dev, uint32_t value)
    118{
    119    ZipitLCD *z = ZIPIT_LCD(dev);
    120    uint16_t val;
    121    if (z->selected) {
    122        z->buf[z->pos] = value & 0xff;
    123        z->pos++;
    124    }
    125    if (z->pos == 3) {
    126        switch (z->buf[0]) {
    127        case 0x74:
    128            DPRINTF("%s: reg: 0x%.2x\n", __func__, z->buf[2]);
    129            z->cur_reg = z->buf[2];
    130            break;
    131        case 0x76:
    132            val = z->buf[1] << 8 | z->buf[2];
    133            DPRINTF("%s: value: 0x%.4x\n", __func__, val);
    134            if (z->cur_reg == 0x22 && val == 0x0000) {
    135                z->enabled = 1;
    136                printf("%s: LCD enabled\n", __func__);
    137            } else if (z->cur_reg == 0x10 && val == 0x0000) {
    138                z->enabled = 0;
    139                printf("%s: LCD disabled\n", __func__);
    140            }
    141            break;
    142        default:
    143            DPRINTF("%s: unknown command!\n", __func__);
    144            break;
    145        }
    146        z->pos = 0;
    147    }
    148    return 0;
    149}
    150
    151static void z2_lcd_cs(void *opaque, int line, int level)
    152{
    153    ZipitLCD *z2_lcd = opaque;
    154    z2_lcd->selected = !level;
    155}
    156
    157static void zipit_lcd_realize(SSIPeripheral *dev, Error **errp)
    158{
    159    ZipitLCD *z = ZIPIT_LCD(dev);
    160    z->selected = 0;
    161    z->enabled = 0;
    162    z->pos = 0;
    163}
    164
    165static const VMStateDescription vmstate_zipit_lcd_state = {
    166    .name = "zipit-lcd",
    167    .version_id = 2,
    168    .minimum_version_id = 2,
    169    .fields = (VMStateField[]) {
    170        VMSTATE_SSI_PERIPHERAL(ssidev, ZipitLCD),
    171        VMSTATE_INT32(selected, ZipitLCD),
    172        VMSTATE_INT32(enabled, ZipitLCD),
    173        VMSTATE_BUFFER(buf, ZipitLCD),
    174        VMSTATE_UINT32(cur_reg, ZipitLCD),
    175        VMSTATE_INT32(pos, ZipitLCD),
    176        VMSTATE_END_OF_LIST(),
    177    }
    178};
    179
    180static void zipit_lcd_class_init(ObjectClass *klass, void *data)
    181{
    182    DeviceClass *dc = DEVICE_CLASS(klass);
    183    SSIPeripheralClass *k = SSI_PERIPHERAL_CLASS(klass);
    184
    185    k->realize = zipit_lcd_realize;
    186    k->transfer = zipit_lcd_transfer;
    187    dc->vmsd = &vmstate_zipit_lcd_state;
    188}
    189
    190static const TypeInfo zipit_lcd_info = {
    191    .name          = TYPE_ZIPIT_LCD,
    192    .parent        = TYPE_SSI_PERIPHERAL,
    193    .instance_size = sizeof(ZipitLCD),
    194    .class_init    = zipit_lcd_class_init,
    195};
    196
    197#define TYPE_AER915 "aer915"
    198OBJECT_DECLARE_SIMPLE_TYPE(AER915State, AER915)
    199
    200struct AER915State {
    201    I2CSlave parent_obj;
    202
    203    int len;
    204    uint8_t buf[3];
    205};
    206
    207static int aer915_send(I2CSlave *i2c, uint8_t data)
    208{
    209    AER915State *s = AER915(i2c);
    210
    211    s->buf[s->len] = data;
    212    if (s->len++ > 2) {
    213        DPRINTF("%s: message too long (%i bytes)\n",
    214            __func__, s->len);
    215        return 1;
    216    }
    217
    218    if (s->len == 2) {
    219        DPRINTF("%s: reg %d value 0x%02x\n", __func__,
    220                s->buf[0], s->buf[1]);
    221    }
    222
    223    return 0;
    224}
    225
    226static int aer915_event(I2CSlave *i2c, enum i2c_event event)
    227{
    228    AER915State *s = AER915(i2c);
    229
    230    switch (event) {
    231    case I2C_START_SEND:
    232        s->len = 0;
    233        break;
    234    case I2C_START_RECV:
    235        if (s->len != 1) {
    236            DPRINTF("%s: short message!?\n", __func__);
    237        }
    238        break;
    239    case I2C_FINISH:
    240        break;
    241    default:
    242        break;
    243    }
    244
    245    return 0;
    246}
    247
    248static uint8_t aer915_recv(I2CSlave *slave)
    249{
    250    AER915State *s = AER915(slave);
    251    int retval = 0x00;
    252
    253    switch (s->buf[0]) {
    254    /* Return hardcoded battery voltage,
    255     * 0xf0 means ~4.1V
    256     */
    257    case 0x02:
    258        retval = 0xf0;
    259        break;
    260    /* Return 0x00 for other regs,
    261     * we don't know what they are for,
    262     * anyway they return 0x00 on real hardware.
    263     */
    264    default:
    265        break;
    266    }
    267
    268    return retval;
    269}
    270
    271static const VMStateDescription vmstate_aer915_state = {
    272    .name = "aer915",
    273    .version_id = 1,
    274    .minimum_version_id = 1,
    275    .fields = (VMStateField[]) {
    276        VMSTATE_INT32(len, AER915State),
    277        VMSTATE_BUFFER(buf, AER915State),
    278        VMSTATE_END_OF_LIST(),
    279    }
    280};
    281
    282static void aer915_class_init(ObjectClass *klass, void *data)
    283{
    284    DeviceClass *dc = DEVICE_CLASS(klass);
    285    I2CSlaveClass *k = I2C_SLAVE_CLASS(klass);
    286
    287    k->event = aer915_event;
    288    k->recv = aer915_recv;
    289    k->send = aer915_send;
    290    dc->vmsd = &vmstate_aer915_state;
    291}
    292
    293static const TypeInfo aer915_info = {
    294    .name          = TYPE_AER915,
    295    .parent        = TYPE_I2C_SLAVE,
    296    .instance_size = sizeof(AER915State),
    297    .class_init    = aer915_class_init,
    298};
    299
    300static void z2_init(MachineState *machine)
    301{
    302    MemoryRegion *address_space_mem = get_system_memory();
    303    uint32_t sector_len = 0x10000;
    304    PXA2xxState *mpu;
    305    DriveInfo *dinfo;
    306    void *z2_lcd;
    307    I2CBus *bus;
    308    DeviceState *wm;
    309
    310    /* Setup CPU & memory */
    311    mpu = pxa270_init(address_space_mem, z2_binfo.ram_size, machine->cpu_type);
    312
    313    dinfo = drive_get(IF_PFLASH, 0, 0);
    314    if (!pflash_cfi01_register(Z2_FLASH_BASE, "z2.flash0", Z2_FLASH_SIZE,
    315                               dinfo ? blk_by_legacy_dinfo(dinfo) : NULL,
    316                               sector_len, 4, 0, 0, 0, 0, 0)) {
    317        error_report("Error registering flash memory");
    318        exit(1);
    319    }
    320
    321    /* setup keypad */
    322    pxa27x_register_keypad(mpu->kp, map, 0x100);
    323
    324    /* MMC/SD host */
    325    pxa2xx_mmci_handlers(mpu->mmc,
    326        NULL,
    327        qdev_get_gpio_in(mpu->gpio, Z2_GPIO_SD_DETECT));
    328
    329    type_register_static(&zipit_lcd_info);
    330    type_register_static(&aer915_info);
    331    z2_lcd = ssi_create_peripheral(mpu->ssp[1], TYPE_ZIPIT_LCD);
    332    bus = pxa2xx_i2c_bus(mpu->i2c[0]);
    333    i2c_slave_create_simple(bus, TYPE_AER915, 0x55);
    334    wm = DEVICE(i2c_slave_create_simple(bus, TYPE_WM8750, 0x1b));
    335    mpu->i2s->opaque = wm;
    336    mpu->i2s->codec_out = wm8750_dac_dat;
    337    mpu->i2s->codec_in = wm8750_adc_dat;
    338    wm8750_data_req_set(wm, mpu->i2s->data_req, mpu->i2s);
    339
    340    qdev_connect_gpio_out(mpu->gpio, Z2_GPIO_LCD_CS,
    341                          qemu_allocate_irq(z2_lcd_cs, z2_lcd, 0));
    342
    343    z2_binfo.board_id = 0x6dd;
    344    arm_load_kernel(mpu->cpu, machine, &z2_binfo);
    345}
    346
    347static void z2_machine_init(MachineClass *mc)
    348{
    349    mc->desc = "Zipit Z2 (PXA27x)";
    350    mc->init = z2_init;
    351    mc->ignore_memory_transaction_failures = true;
    352    mc->default_cpu_type = ARM_CPU_TYPE_NAME("pxa270-c5");
    353}
    354
    355DEFINE_MACHINE("z2", z2_machine_init)