r2d.c - cachepc-qemu - Fork of AMDESE/qemu with changes for cachepc side-channel attack

	cachepc-qemu Fork of AMDESE/qemu with changes for cachepc side-channel attack
	git clone https://git.sinitax.com/sinitax/cachepc-qemu
	Log \| Files \| Refs \| Submodules \| LICENSE \| sfeed.txt
r2d.c (11309B)
      1/*
      2 * Renesas SH7751R R2D-PLUS emulation
      3 *
      4 * Copyright (c) 2007 Magnus Damm
      5 * Copyright (c) 2008 Paul Mundt
      6 *
      7 * Permission is hereby granted, free of charge, to any person obtaining a copy
      8 * of this software and associated documentation files (the "Software"), to deal
      9 * in the Software without restriction, including without limitation the rights
     10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
     11 * copies of the Software, and to permit persons to whom the Software is
     12 * furnished to do so, subject to the following conditions:
     13 *
     14 * The above copyright notice and this permission notice shall be included in
     15 * all copies or substantial portions of the Software.
     16 *
     17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
     18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
     19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
     20 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
     21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
     22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
     23 * THE SOFTWARE.
     24 */
     25
     26#include "qemu/osdep.h"
     27#include "qemu/units.h"
     28#include "qapi/error.h"
     29#include "cpu.h"
     30#include "hw/sysbus.h"
     31#include "hw/sh4/sh.h"
     32#include "sysemu/reset.h"
     33#include "sysemu/runstate.h"
     34#include "sysemu/sysemu.h"
     35#include "hw/boards.h"
     36#include "hw/pci/pci.h"
     37#include "hw/qdev-properties.h"
     38#include "net/net.h"
     39#include "sh7750_regs.h"
     40#include "hw/ide.h"
     41#include "hw/irq.h"
     42#include "hw/loader.h"
     43#include "hw/usb.h"
     44#include "hw/block/flash.h"
     45
     46#define FLASH_BASE 0x00000000
     47#define FLASH_SIZE (16 * MiB)
     48
     49#define SDRAM_BASE 0x0c000000 /* Physical location of SDRAM: Area 3 */
     50#define SDRAM_SIZE 0x04000000
     51
     52#define SM501_VRAM_SIZE 0x800000
     53
     54#define BOOT_PARAMS_OFFSET 0x0010000
     55/* CONFIG_BOOT_LINK_OFFSET of Linux kernel */
     56#define LINUX_LOAD_OFFSET  0x0800000
     57#define INITRD_LOAD_OFFSET 0x1800000
     58
     59#define PA_IRLMSK	0x00
     60#define PA_POWOFF	0x30
     61#define PA_VERREG	0x32
     62#define PA_OUTPORT	0x36
     63
     64typedef struct {
     65    uint16_t bcr;
     66    uint16_t irlmsk;
     67    uint16_t irlmon;
     68    uint16_t cfctl;
     69    uint16_t cfpow;
     70    uint16_t dispctl;
     71    uint16_t sdmpow;
     72    uint16_t rtcce;
     73    uint16_t pcicd;
     74    uint16_t voyagerrts;
     75    uint16_t cfrst;
     76    uint16_t admrts;
     77    uint16_t extrst;
     78    uint16_t cfcdintclr;
     79    uint16_t keyctlclr;
     80    uint16_t pad0;
     81    uint16_t pad1;
     82    uint16_t verreg;
     83    uint16_t inport;
     84    uint16_t outport;
     85    uint16_t bverreg;
     86
     87/* output pin */
     88    qemu_irq irl;
     89    MemoryRegion iomem;
     90} r2d_fpga_t;
     91
     92enum r2d_fpga_irq {
     93    PCI_INTD, CF_IDE, CF_CD, PCI_INTC, SM501, KEY, RTC_A, RTC_T,
     94    SDCARD, PCI_INTA, PCI_INTB, EXT, TP,
     95    NR_IRQS
     96};
     97
     98static const struct { short irl; uint16_t msk; } irqtab[NR_IRQS] = {
     99    [CF_IDE]	= {  1, 1<<9 },
    100    [CF_CD]	= {  2, 1<<8 },
    101    [PCI_INTA]	= {  9, 1<<14 },
    102    [PCI_INTB]	= { 10, 1<<13 },
    103    [PCI_INTC]	= {  3, 1<<12 },
    104    [PCI_INTD]	= {  0, 1<<11 },
    105    [SM501]	= {  4, 1<<10 },
    106    [KEY]	= {  5, 1<<6 },
    107    [RTC_A]	= {  6, 1<<5 },
    108    [RTC_T]	= {  7, 1<<4 },
    109    [SDCARD]	= {  8, 1<<7 },
    110    [EXT]	= { 11, 1<<0 },
    111    [TP]	= { 12, 1<<15 },
    112};
    113
    114static void update_irl(r2d_fpga_t *fpga)
    115{
    116    int i, irl = 15;
    117    for (i = 0; i < NR_IRQS; i++)
    118        if (fpga->irlmon & fpga->irlmsk & irqtab[i].msk)
    119            if (irqtab[i].irl < irl)
    120                irl = irqtab[i].irl;
    121    qemu_set_irq(fpga->irl, irl ^ 15);
    122}
    123
    124static void r2d_fpga_irq_set(void *opaque, int n, int level)
    125{
    126    r2d_fpga_t *fpga = opaque;
    127    if (level)
    128        fpga->irlmon |= irqtab[n].msk;
    129    else
    130        fpga->irlmon &= ~irqtab[n].msk;
    131    update_irl(fpga);
    132}
    133
    134static uint64_t r2d_fpga_read(void *opaque, hwaddr addr, unsigned int size)
    135{
    136    r2d_fpga_t *s = opaque;
    137
    138    switch (addr) {
    139    case PA_IRLMSK:
    140        return s->irlmsk;
    141    case PA_OUTPORT:
    142        return s->outport;
    143    case PA_POWOFF:
    144        return 0x00;
    145    case PA_VERREG:
    146        return 0x10;
    147    }
    148
    149    return 0;
    150}
    151
    152static void
    153r2d_fpga_write(void *opaque, hwaddr addr, uint64_t value, unsigned int size)
    154{
    155    r2d_fpga_t *s = opaque;
    156
    157    switch (addr) {
    158    case PA_IRLMSK:
    159        s->irlmsk = value;
    160        update_irl(s);
    161        break;
    162    case PA_OUTPORT:
    163        s->outport = value;
    164        break;
    165    case PA_POWOFF:
    166        if (value & 1) {
    167            qemu_system_shutdown_request(SHUTDOWN_CAUSE_GUEST_SHUTDOWN);
    168        }
    169        break;
    170    case PA_VERREG:
    171        /* Discard writes */
    172        break;
    173    }
    174}
    175
    176static const MemoryRegionOps r2d_fpga_ops = {
    177    .read = r2d_fpga_read,
    178    .write = r2d_fpga_write,
    179    .impl.min_access_size = 2,
    180    .impl.max_access_size = 2,
    181    .endianness = DEVICE_NATIVE_ENDIAN,
    182};
    183
    184static qemu_irq *r2d_fpga_init(MemoryRegion *sysmem,
    185                               hwaddr base, qemu_irq irl)
    186{
    187    r2d_fpga_t *s;
    188
    189    s = g_malloc0(sizeof(r2d_fpga_t));
    190
    191    s->irl = irl;
    192
    193    memory_region_init_io(&s->iomem, NULL, &r2d_fpga_ops, s, "r2d-fpga", 0x40);
    194    memory_region_add_subregion(sysmem, base, &s->iomem);
    195    return qemu_allocate_irqs(r2d_fpga_irq_set, s, NR_IRQS);
    196}
    197
    198typedef struct ResetData {
    199    SuperHCPU *cpu;
    200    uint32_t vector;
    201} ResetData;
    202
    203static void main_cpu_reset(void *opaque)
    204{
    205    ResetData *s = (ResetData *)opaque;
    206    CPUSH4State *env = &s->cpu->env;
    207
    208    cpu_reset(CPU(s->cpu));
    209    env->pc = s->vector;
    210}
    211
    212static struct QEMU_PACKED
    213{
    214    int mount_root_rdonly;
    215    int ramdisk_flags;
    216    int orig_root_dev;
    217    int loader_type;
    218    int initrd_start;
    219    int initrd_size;
    220
    221    char pad[232];
    222
    223    char kernel_cmdline[256] QEMU_NONSTRING;
    224} boot_params;
    225
    226static void r2d_init(MachineState *machine)
    227{
    228    const char *kernel_filename = machine->kernel_filename;
    229    const char *kernel_cmdline = machine->kernel_cmdline;
    230    const char *initrd_filename = machine->initrd_filename;
    231    SuperHCPU *cpu;
    232    CPUSH4State *env;
    233    ResetData *reset_info;
    234    struct SH7750State *s;
    235    MemoryRegion *sdram = g_new(MemoryRegion, 1);
    236    qemu_irq *irq;
    237    DriveInfo *dinfo;
    238    int i;
    239    DeviceState *dev;
    240    SysBusDevice *busdev;
    241    MemoryRegion *address_space_mem = get_system_memory();
    242    PCIBus *pci_bus;
    243
    244    cpu = SUPERH_CPU(cpu_create(machine->cpu_type));
    245    env = &cpu->env;
    246
    247    reset_info = g_malloc0(sizeof(ResetData));
    248    reset_info->cpu = cpu;
    249    reset_info->vector = env->pc;
    250    qemu_register_reset(main_cpu_reset, reset_info);
    251
    252    /* Allocate memory space */
    253    memory_region_init_ram(sdram, NULL, "r2d.sdram", SDRAM_SIZE, &error_fatal);
    254    memory_region_add_subregion(address_space_mem, SDRAM_BASE, sdram);
    255    /* Register peripherals */
    256    s = sh7750_init(cpu, address_space_mem);
    257    irq = r2d_fpga_init(address_space_mem, 0x04000000, sh7750_irl(s));
    258
    259    dev = qdev_new("sh_pci");
    260    busdev = SYS_BUS_DEVICE(dev);
    261    sysbus_realize_and_unref(busdev, &error_fatal);
    262    pci_bus = PCI_BUS(qdev_get_child_bus(dev, "pci"));
    263    sysbus_mmio_map(busdev, 0, P4ADDR(0x1e200000));
    264    sysbus_mmio_map(busdev, 1, A7ADDR(0x1e200000));
    265    sysbus_connect_irq(busdev, 0, irq[PCI_INTA]);
    266    sysbus_connect_irq(busdev, 1, irq[PCI_INTB]);
    267    sysbus_connect_irq(busdev, 2, irq[PCI_INTC]);
    268    sysbus_connect_irq(busdev, 3, irq[PCI_INTD]);
    269
    270    dev = qdev_new("sysbus-sm501");
    271    busdev = SYS_BUS_DEVICE(dev);
    272    qdev_prop_set_uint32(dev, "vram-size", SM501_VRAM_SIZE);
    273    qdev_prop_set_uint32(dev, "base", 0x10000000);
    274    qdev_prop_set_chr(dev, "chardev", serial_hd(2));
    275    sysbus_realize_and_unref(busdev, &error_fatal);
    276    sysbus_mmio_map(busdev, 0, 0x10000000);
    277    sysbus_mmio_map(busdev, 1, 0x13e00000);
    278    sysbus_connect_irq(busdev, 0, irq[SM501]);
    279
    280    /* onboard CF (True IDE mode, Master only). */
    281    dinfo = drive_get(IF_IDE, 0, 0);
    282    dev = qdev_new("mmio-ide");
    283    busdev = SYS_BUS_DEVICE(dev);
    284    sysbus_connect_irq(busdev, 0, irq[CF_IDE]);
    285    qdev_prop_set_uint32(dev, "shift", 1);
    286    sysbus_realize_and_unref(busdev, &error_fatal);
    287    sysbus_mmio_map(busdev, 0, 0x14001000);
    288    sysbus_mmio_map(busdev, 1, 0x1400080c);
    289    mmio_ide_init_drives(dev, dinfo, NULL);
    290
    291    /*
    292     * Onboard flash memory
    293     * According to the old board user document in Japanese (under
    294     * NDA) what is referred to as FROM (Area0) is connected via a
    295     * 32-bit bus and CS0 to CN8. The docs mention a Cypress
    296     * S29PL127J60TFI130 chipsset.  Per the 'S29PL-J 002-00615
    297     * Rev. *E' datasheet, it is a 128Mbit NOR parallel flash
    298     * addressable in words of 16bit.
    299     */
    300    dinfo = drive_get(IF_PFLASH, 0, 0);
    301    pflash_cfi02_register(0x0, "r2d.flash", FLASH_SIZE,
    302                          dinfo ? blk_by_legacy_dinfo(dinfo) : NULL,
    303                          64 * KiB, 1, 2, 0x0001, 0x227e, 0x2220, 0x2200,
    304                          0x555, 0x2aa, 0);
    305
    306    /* NIC: rtl8139 on-board, and 2 slots. */
    307    for (i = 0; i < nb_nics; i++)
    308        pci_nic_init_nofail(&nd_table[i], pci_bus,
    309                            "rtl8139", i==0 ? "2" : NULL);
    310
    311    /* USB keyboard */
    312    usb_create_simple(usb_bus_find(-1), "usb-kbd");
    313
    314    /* Todo: register on board registers */
    315    memset(&boot_params, 0, sizeof(boot_params));
    316
    317    if (kernel_filename) {
    318        int kernel_size;
    319
    320        kernel_size = load_image_targphys(kernel_filename,
    321                                          SDRAM_BASE + LINUX_LOAD_OFFSET,
    322                                          INITRD_LOAD_OFFSET - LINUX_LOAD_OFFSET);
    323        if (kernel_size < 0) {
    324          fprintf(stderr, "qemu: could not load kernel '%s'\n", kernel_filename);
    325          exit(1);
    326        }
    327
    328        /* initialization which should be done by firmware */
    329        address_space_stl(&address_space_memory, SH7750_BCR1, 1 << 3,
    330                          MEMTXATTRS_UNSPECIFIED, NULL); /* cs3 SDRAM */
    331        address_space_stw(&address_space_memory, SH7750_BCR2, 3 << (3 * 2),
    332                          MEMTXATTRS_UNSPECIFIED, NULL); /* cs3 32bit */
    333        reset_info->vector = (SDRAM_BASE + LINUX_LOAD_OFFSET) | 0xa0000000; /* Start from P2 area */
    334    }
    335
    336    if (initrd_filename) {
    337        int initrd_size;
    338
    339        initrd_size = load_image_targphys(initrd_filename,
    340                                          SDRAM_BASE + INITRD_LOAD_OFFSET,
    341                                          SDRAM_SIZE - INITRD_LOAD_OFFSET);
    342
    343        if (initrd_size < 0) {
    344          fprintf(stderr, "qemu: could not load initrd '%s'\n", initrd_filename);
    345          exit(1);
    346        }
    347
    348        /* initialization which should be done by firmware */
    349        boot_params.loader_type = tswap32(1);
    350        boot_params.initrd_start = tswap32(INITRD_LOAD_OFFSET);
    351        boot_params.initrd_size = tswap32(initrd_size);
    352    }
    353
    354    if (kernel_cmdline) {
    355        /* I see no evidence that this .kernel_cmdline buffer requires
    356           NUL-termination, so using strncpy should be ok. */
    357        strncpy(boot_params.kernel_cmdline, kernel_cmdline,
    358                sizeof(boot_params.kernel_cmdline));
    359    }
    360
    361    rom_add_blob_fixed("boot_params", &boot_params, sizeof(boot_params),
    362                       SDRAM_BASE + BOOT_PARAMS_OFFSET);
    363}
    364
    365static void r2d_machine_init(MachineClass *mc)
    366{
    367    mc->desc = "r2d-plus board";
    368    mc->init = r2d_init;
    369    mc->block_default_type = IF_IDE;
    370    mc->default_cpu_type = TYPE_SH7751R_CPU;
    371}
    372
    373DEFINE_MACHINE("r2d", r2d_machine_init)