sii3112.c - cachepc-qemu - Fork of AMDESE/qemu with changes for cachepc side-channel attack

	cachepc-qemu Fork of AMDESE/qemu with changes for cachepc side-channel attack
	git clone https://git.sinitax.com/sinitax/cachepc-qemu
	Log \| Files \| Refs \| Submodules \| LICENSE \| sfeed.txt
sii3112.c (9142B)
      1/*
      2 * QEMU SiI3112A PCI to Serial ATA Controller Emulation
      3 *
      4 * Copyright (C) 2017 BALATON Zoltan <balaton@eik.bme.hu>
      5 *
      6 * This work is licensed under the terms of the GNU GPL, version 2 or later.
      7 * See the COPYING file in the top-level directory.
      8 *
      9 */
     10
     11/* For documentation on this and similar cards see:
     12 * http://wiki.osdev.org/User:Quok/Silicon_Image_Datasheets
     13 */
     14
     15#include "qemu/osdep.h"
     16#include "hw/ide/pci.h"
     17#include "qemu/module.h"
     18#include "trace.h"
     19#include "qom/object.h"
     20
     21#define TYPE_SII3112_PCI "sii3112"
     22OBJECT_DECLARE_SIMPLE_TYPE(SiI3112PCIState, SII3112_PCI)
     23
     24typedef struct SiI3112Regs {
     25    uint32_t confstat;
     26    uint32_t scontrol;
     27    uint16_t sien;
     28    uint8_t swdata;
     29} SiI3112Regs;
     30
     31struct SiI3112PCIState {
     32    PCIIDEState i;
     33    MemoryRegion mmio;
     34    SiI3112Regs regs[2];
     35};
     36
     37/* The sii3112_reg_read and sii3112_reg_write functions implement the
     38 * Internal Register Space - BAR5 (section 6.7 of the data sheet).
     39 */
     40
     41static uint64_t sii3112_reg_read(void *opaque, hwaddr addr,
     42                                unsigned int size)
     43{
     44    SiI3112PCIState *d = opaque;
     45    uint64_t val;
     46
     47    switch (addr) {
     48    case 0x00:
     49        val = d->i.bmdma[0].cmd;
     50        break;
     51    case 0x01:
     52        val = d->regs[0].swdata;
     53        break;
     54    case 0x02:
     55        val = d->i.bmdma[0].status;
     56        break;
     57    case 0x03:
     58        val = 0;
     59        break;
     60    case 0x04 ... 0x07:
     61        val = bmdma_addr_ioport_ops.read(&d->i.bmdma[0], addr - 4, size);
     62        break;
     63    case 0x08:
     64        val = d->i.bmdma[1].cmd;
     65        break;
     66    case 0x09:
     67        val = d->regs[1].swdata;
     68        break;
     69    case 0x0a:
     70        val = d->i.bmdma[1].status;
     71        break;
     72    case 0x0b:
     73        val = 0;
     74        break;
     75    case 0x0c ... 0x0f:
     76        val = bmdma_addr_ioport_ops.read(&d->i.bmdma[1], addr - 12, size);
     77        break;
     78    case 0x10:
     79        val = d->i.bmdma[0].cmd;
     80        val |= (d->regs[0].confstat & (1UL << 11) ? (1 << 4) : 0); /*SATAINT0*/
     81        val |= (d->regs[1].confstat & (1UL << 11) ? (1 << 6) : 0); /*SATAINT1*/
     82        val |= (d->i.bmdma[1].status & BM_STATUS_INT ? (1 << 14) : 0);
     83        val |= (uint32_t)d->i.bmdma[0].status << 16;
     84        val |= (uint32_t)d->i.bmdma[1].status << 24;
     85        break;
     86    case 0x18:
     87        val = d->i.bmdma[1].cmd;
     88        val |= (d->regs[1].confstat & (1UL << 11) ? (1 << 4) : 0);
     89        val |= (uint32_t)d->i.bmdma[1].status << 16;
     90        break;
     91    case 0x80 ... 0x87:
     92        val = pci_ide_data_le_ops.read(&d->i.bus[0], addr - 0x80, size);
     93        break;
     94    case 0x8a:
     95        val = pci_ide_cmd_le_ops.read(&d->i.bus[0], 2, size);
     96        break;
     97    case 0xa0:
     98        val = d->regs[0].confstat;
     99        break;
    100    case 0xc0 ... 0xc7:
    101        val = pci_ide_data_le_ops.read(&d->i.bus[1], addr - 0xc0, size);
    102        break;
    103    case 0xca:
    104        val = pci_ide_cmd_le_ops.read(&d->i.bus[1], 2, size);
    105        break;
    106    case 0xe0:
    107        val = d->regs[1].confstat;
    108        break;
    109    case 0x100:
    110        val = d->regs[0].scontrol;
    111        break;
    112    case 0x104:
    113        val = (d->i.bus[0].ifs[0].blk) ? 0x113 : 0;
    114        break;
    115    case 0x148:
    116        val = (uint32_t)d->regs[0].sien << 16;
    117        break;
    118    case 0x180:
    119        val = d->regs[1].scontrol;
    120        break;
    121    case 0x184:
    122        val = (d->i.bus[1].ifs[0].blk) ? 0x113 : 0;
    123        break;
    124    case 0x1c8:
    125        val = (uint32_t)d->regs[1].sien << 16;
    126        break;
    127    default:
    128        val = 0;
    129        break;
    130    }
    131    trace_sii3112_read(size, addr, val);
    132    return val;
    133}
    134
    135static void sii3112_reg_write(void *opaque, hwaddr addr,
    136                              uint64_t val, unsigned int size)
    137{
    138    SiI3112PCIState *d = opaque;
    139
    140    trace_sii3112_write(size, addr, val);
    141    switch (addr) {
    142    case 0x00:
    143    case 0x10:
    144        bmdma_cmd_writeb(&d->i.bmdma[0], val);
    145        break;
    146    case 0x01:
    147    case 0x11:
    148        d->regs[0].swdata = val & 0x3f;
    149        break;
    150    case 0x02:
    151    case 0x12:
    152        d->i.bmdma[0].status = (val & 0x60) | (d->i.bmdma[0].status & 1) |
    153                               (d->i.bmdma[0].status & ~val & 6);
    154        break;
    155    case 0x04 ... 0x07:
    156        bmdma_addr_ioport_ops.write(&d->i.bmdma[0], addr - 4, val, size);
    157        break;
    158    case 0x08:
    159    case 0x18:
    160        bmdma_cmd_writeb(&d->i.bmdma[1], val);
    161        break;
    162    case 0x09:
    163    case 0x19:
    164        d->regs[1].swdata = val & 0x3f;
    165        break;
    166    case 0x0a:
    167    case 0x1a:
    168        d->i.bmdma[1].status = (val & 0x60) | (d->i.bmdma[1].status & 1) |
    169                               (d->i.bmdma[1].status & ~val & 6);
    170        break;
    171    case 0x0c ... 0x0f:
    172        bmdma_addr_ioport_ops.write(&d->i.bmdma[1], addr - 12, val, size);
    173        break;
    174    case 0x80 ... 0x87:
    175        pci_ide_data_le_ops.write(&d->i.bus[0], addr - 0x80, val, size);
    176        break;
    177    case 0x8a:
    178        pci_ide_cmd_le_ops.write(&d->i.bus[0], 2, val, size);
    179        break;
    180    case 0xc0 ... 0xc7:
    181        pci_ide_data_le_ops.write(&d->i.bus[1], addr - 0xc0, val, size);
    182        break;
    183    case 0xca:
    184        pci_ide_cmd_le_ops.write(&d->i.bus[1], 2, val, size);
    185        break;
    186    case 0x100:
    187        d->regs[0].scontrol = val & 0xfff;
    188        if (val & 1) {
    189            ide_bus_reset(&d->i.bus[0]);
    190        }
    191        break;
    192    case 0x148:
    193        d->regs[0].sien = (val >> 16) & 0x3eed;
    194        break;
    195    case 0x180:
    196        d->regs[1].scontrol = val & 0xfff;
    197        if (val & 1) {
    198            ide_bus_reset(&d->i.bus[1]);
    199        }
    200        break;
    201    case 0x1c8:
    202        d->regs[1].sien = (val >> 16) & 0x3eed;
    203        break;
    204    default:
    205        break;
    206    }
    207}
    208
    209static const MemoryRegionOps sii3112_reg_ops = {
    210    .read = sii3112_reg_read,
    211    .write = sii3112_reg_write,
    212    .endianness = DEVICE_LITTLE_ENDIAN,
    213};
    214
    215/* the PCI irq level is the logical OR of the two channels */
    216static void sii3112_update_irq(SiI3112PCIState *s)
    217{
    218    int i, set = 0;
    219
    220    for (i = 0; i < 2; i++) {
    221        set |= s->regs[i].confstat & (1UL << 11);
    222    }
    223    pci_set_irq(PCI_DEVICE(s), (set ? 1 : 0));
    224}
    225
    226static void sii3112_set_irq(void *opaque, int channel, int level)
    227{
    228    SiI3112PCIState *s = opaque;
    229
    230    trace_sii3112_set_irq(channel, level);
    231    if (level) {
    232        s->regs[channel].confstat |= (1UL << 11);
    233    } else {
    234        s->regs[channel].confstat &= ~(1UL << 11);
    235    }
    236
    237    sii3112_update_irq(s);
    238}
    239
    240static void sii3112_reset(DeviceState *dev)
    241{
    242    SiI3112PCIState *s = SII3112_PCI(dev);
    243    int i;
    244
    245    for (i = 0; i < 2; i++) {
    246        s->regs[i].confstat = 0x6515 << 16;
    247        ide_bus_reset(&s->i.bus[i]);
    248    }
    249}
    250
    251static void sii3112_pci_realize(PCIDevice *dev, Error **errp)
    252{
    253    SiI3112PCIState *d = SII3112_PCI(dev);
    254    PCIIDEState *s = PCI_IDE(dev);
    255    DeviceState *ds = DEVICE(dev);
    256    MemoryRegion *mr;
    257    int i;
    258
    259    pci_config_set_interrupt_pin(dev->config, 1);
    260    pci_set_byte(dev->config + PCI_CACHE_LINE_SIZE, 8);
    261
    262    /* BAR5 is in PCI memory space */
    263    memory_region_init_io(&d->mmio, OBJECT(d), &sii3112_reg_ops, d,
    264                         "sii3112.bar5", 0x200);
    265    pci_register_bar(dev, 5, PCI_BASE_ADDRESS_SPACE_MEMORY, &d->mmio);
    266
    267    /* BAR0-BAR4 are PCI I/O space aliases into BAR5 */
    268    mr = g_new(MemoryRegion, 1);
    269    memory_region_init_alias(mr, OBJECT(d), "sii3112.bar0", &d->mmio, 0x80, 8);
    270    pci_register_bar(dev, 0, PCI_BASE_ADDRESS_SPACE_IO, mr);
    271    mr = g_new(MemoryRegion, 1);
    272    memory_region_init_alias(mr, OBJECT(d), "sii3112.bar1", &d->mmio, 0x88, 4);
    273    pci_register_bar(dev, 1, PCI_BASE_ADDRESS_SPACE_IO, mr);
    274    mr = g_new(MemoryRegion, 1);
    275    memory_region_init_alias(mr, OBJECT(d), "sii3112.bar2", &d->mmio, 0xc0, 8);
    276    pci_register_bar(dev, 2, PCI_BASE_ADDRESS_SPACE_IO, mr);
    277    mr = g_new(MemoryRegion, 1);
    278    memory_region_init_alias(mr, OBJECT(d), "sii3112.bar3", &d->mmio, 0xc8, 4);
    279    pci_register_bar(dev, 3, PCI_BASE_ADDRESS_SPACE_IO, mr);
    280    mr = g_new(MemoryRegion, 1);
    281    memory_region_init_alias(mr, OBJECT(d), "sii3112.bar4", &d->mmio, 0, 16);
    282    pci_register_bar(dev, 4, PCI_BASE_ADDRESS_SPACE_IO, mr);
    283
    284    qdev_init_gpio_in(ds, sii3112_set_irq, 2);
    285    for (i = 0; i < 2; i++) {
    286        ide_bus_init(&s->bus[i], sizeof(s->bus[i]), ds, i, 1);
    287        ide_init2(&s->bus[i], qdev_get_gpio_in(ds, i));
    288
    289        bmdma_init(&s->bus[i], &s->bmdma[i], s);
    290        s->bmdma[i].bus = &s->bus[i];
    291        ide_register_restart_cb(&s->bus[i]);
    292    }
    293}
    294
    295static void sii3112_pci_class_init(ObjectClass *klass, void *data)
    296{
    297    DeviceClass *dc = DEVICE_CLASS(klass);
    298    PCIDeviceClass *pd = PCI_DEVICE_CLASS(klass);
    299
    300    pd->vendor_id = 0x1095;
    301    pd->device_id = 0x3112;
    302    pd->class_id = PCI_CLASS_STORAGE_RAID;
    303    pd->revision = 1;
    304    pd->realize = sii3112_pci_realize;
    305    dc->reset = sii3112_reset;
    306    dc->desc = "SiI3112A SATA controller";
    307    set_bit(DEVICE_CATEGORY_STORAGE, dc->categories);
    308}
    309
    310static const TypeInfo sii3112_pci_info = {
    311    .name = TYPE_SII3112_PCI,
    312    .parent = TYPE_PCI_IDE,
    313    .instance_size = sizeof(SiI3112PCIState),
    314    .class_init = sii3112_pci_class_init,
    315};
    316
    317static void sii3112_register_types(void)
    318{
    319    type_register_static(&sii3112_pci_info);
    320}
    321
    322type_init(sii3112_register_types)