1 /*
2 * SMSC LAN9118 Ethernet interface emulation
3 *
4 * Copyright (c) 2009 CodeSourcery, LLC.
5 * Written by Paul Brook
6 *
7 * This code is licensed under the GNU GPL v2
8 *
9 * Contributions after 2012-01-13 are licensed under the terms of the
10 * GNU GPL, version 2 or (at your option) any later version.
11 */
12
13 #include "qemu/osdep.h"
14 #include "hw/sysbus.h"
15 #include "migration/vmstate.h"
16 #include "net/net.h"
17 #include "net/eth.h"
18 #include "hw/irq.h"
19 #include "hw/net/lan9118_phy.h"
20 #include "hw/net/lan9118.h"
21 #include "hw/ptimer.h"
22 #include "hw/qdev-properties.h"
23 #include "qapi/error.h"
24 #include "qemu/bswap.h"
25 #include "qemu/log.h"
26 #include "qemu/module.h"
27 #include <zlib.h> /* for crc32 */
28 #include "qom/object.h"
29
30 //#define DEBUG_LAN9118
31
32 #ifdef DEBUG_LAN9118
33 #define DPRINTF(fmt, ...) \
34 do { printf("lan9118: " fmt , ## __VA_ARGS__); } while (0)
35 #else
36 #define DPRINTF(fmt, ...) do {} while(0)
37 #endif
38
39 /* The tx and rx fifo ports are a range of aliased 32-bit registers */
40 #define RX_DATA_FIFO_PORT_FIRST 0x00
41 #define RX_DATA_FIFO_PORT_LAST 0x1f
42 #define TX_DATA_FIFO_PORT_FIRST 0x20
43 #define TX_DATA_FIFO_PORT_LAST 0x3f
44
45 #define RX_STATUS_FIFO_PORT 0x40
46 #define RX_STATUS_FIFO_PEEK 0x44
47 #define TX_STATUS_FIFO_PORT 0x48
48 #define TX_STATUS_FIFO_PEEK 0x4c
49
50 #define CSR_ID_REV 0x50
51 #define CSR_IRQ_CFG 0x54
52 #define CSR_INT_STS 0x58
53 #define CSR_INT_EN 0x5c
54 #define CSR_BYTE_TEST 0x64
55 #define CSR_FIFO_INT 0x68
56 #define CSR_RX_CFG 0x6c
57 #define CSR_TX_CFG 0x70
58 #define CSR_HW_CFG 0x74
59 #define CSR_RX_DP_CTRL 0x78
60 #define CSR_RX_FIFO_INF 0x7c
61 #define CSR_TX_FIFO_INF 0x80
62 #define CSR_PMT_CTRL 0x84
63 #define CSR_GPIO_CFG 0x88
64 #define CSR_GPT_CFG 0x8c
65 #define CSR_GPT_CNT 0x90
66 #define CSR_WORD_SWAP 0x98
67 #define CSR_FREE_RUN 0x9c
68 #define CSR_RX_DROP 0xa0
69 #define CSR_MAC_CSR_CMD 0xa4
70 #define CSR_MAC_CSR_DATA 0xa8
71 #define CSR_AFC_CFG 0xac
72 #define CSR_E2P_CMD 0xb0
73 #define CSR_E2P_DATA 0xb4
74
75 #define E2P_CMD_MAC_ADDR_LOADED 0x100
76
77 /* IRQ_CFG */
78 #define IRQ_INT 0x00001000
79 #define IRQ_EN 0x00000100
80 #define IRQ_POL 0x00000010
81 #define IRQ_TYPE 0x00000001
82
83 /* INT_STS/INT_EN */
84 #define SW_INT 0x80000000
85 #define TXSTOP_INT 0x02000000
86 #define RXSTOP_INT 0x01000000
87 #define RXDFH_INT 0x00800000
88 #define TX_IOC_INT 0x00200000
89 #define RXD_INT 0x00100000
90 #define GPT_INT 0x00080000
91 #define PHY_INT 0x00040000
92 #define PME_INT 0x00020000
93 #define TXSO_INT 0x00010000
94 #define RWT_INT 0x00008000
95 #define RXE_INT 0x00004000
96 #define TXE_INT 0x00002000
97 #define TDFU_INT 0x00000800
98 #define TDFO_INT 0x00000400
99 #define TDFA_INT 0x00000200
100 #define TSFF_INT 0x00000100
101 #define TSFL_INT 0x00000080
102 #define RXDF_INT 0x00000040
103 #define RDFL_INT 0x00000020
104 #define RSFF_INT 0x00000010
105 #define RSFL_INT 0x00000008
106 #define GPIO2_INT 0x00000004
107 #define GPIO1_INT 0x00000002
108 #define GPIO0_INT 0x00000001
109 #define RESERVED_INT 0x7c001000
110
111 #define MAC_CR 1
112 #define MAC_ADDRH 2
113 #define MAC_ADDRL 3
114 #define MAC_HASHH 4
115 #define MAC_HASHL 5
116 #define MAC_MII_ACC 6
117 #define MAC_MII_DATA 7
118 #define MAC_FLOW 8
119 #define MAC_VLAN1 9 /* TODO */
120 #define MAC_VLAN2 10 /* TODO */
121 #define MAC_WUFF 11 /* TODO */
122 #define MAC_WUCSR 12 /* TODO */
123
124 #define MAC_CR_RXALL 0x80000000
125 #define MAC_CR_RCVOWN 0x00800000
126 #define MAC_CR_LOOPBK 0x00200000
127 #define MAC_CR_FDPX 0x00100000
128 #define MAC_CR_MCPAS 0x00080000
129 #define MAC_CR_PRMS 0x00040000
130 #define MAC_CR_INVFILT 0x00020000
131 #define MAC_CR_PASSBAD 0x00010000
132 #define MAC_CR_HO 0x00008000
133 #define MAC_CR_HPFILT 0x00002000
134 #define MAC_CR_LCOLL 0x00001000
135 #define MAC_CR_BCAST 0x00000800
136 #define MAC_CR_DISRTY 0x00000400
137 #define MAC_CR_PADSTR 0x00000100
138 #define MAC_CR_BOLMT 0x000000c0
139 #define MAC_CR_DFCHK 0x00000020
140 #define MAC_CR_TXEN 0x00000008
141 #define MAC_CR_RXEN 0x00000004
142 #define MAC_CR_RESERVED 0x7f404213
143
144 #define GPT_TIMER_EN 0x20000000
145
146 /*
147 * The MAC Interface Layer (MIL), within the MAC, contains a 2K Byte transmit
148 * and a 128 Byte receive FIFO which is separate from the TX and RX FIFOs.
149 */
150 #define MIL_TXFIFO_SIZE 2048
151
152 enum tx_state {
153 TX_IDLE,
154 TX_B,
155 TX_DATA
156 };
157
158 typedef struct {
159 /* state is a tx_state but we can't put enums in VMStateDescriptions. */
160 uint32_t state;
161 uint32_t cmd_a;
162 uint32_t cmd_b;
163 int32_t buffer_size;
164 int32_t offset;
165 int32_t pad;
166 int32_t fifo_used;
167 int32_t len;
168 uint8_t data[MIL_TXFIFO_SIZE];
169 } LAN9118Packet;
170
171 static const VMStateDescription vmstate_lan9118_packet = {
172 .name = "lan9118_packet",
173 .version_id = 1,
174 .minimum_version_id = 1,
175 .fields = (const VMStateField[]) {
176 VMSTATE_UINT32(state, LAN9118Packet),
177 VMSTATE_UINT32(cmd_a, LAN9118Packet),
178 VMSTATE_UINT32(cmd_b, LAN9118Packet),
179 VMSTATE_INT32(buffer_size, LAN9118Packet),
180 VMSTATE_INT32(offset, LAN9118Packet),
181 VMSTATE_INT32(pad, LAN9118Packet),
182 VMSTATE_INT32(fifo_used, LAN9118Packet),
183 VMSTATE_INT32(len, LAN9118Packet),
184 VMSTATE_UINT8_ARRAY(data, LAN9118Packet, MIL_TXFIFO_SIZE),
185 VMSTATE_END_OF_LIST()
186 }
187 };
188
189 OBJECT_DECLARE_SIMPLE_TYPE(lan9118_state, LAN9118)
190
191 struct lan9118_state {
192 SysBusDevice parent_obj;
193
194 NICState *nic;
195 NICConf conf;
196 qemu_irq irq;
197 MemoryRegion mmio;
198 ptimer_state *timer;
199
200 uint32_t irq_cfg;
201 uint32_t int_sts;
202 uint32_t int_en;
203 uint32_t fifo_int;
204 uint32_t rx_cfg;
205 uint32_t tx_cfg;
206 uint32_t hw_cfg;
207 uint32_t pmt_ctrl;
208 uint32_t gpio_cfg;
209 uint32_t gpt_cfg;
210 uint32_t word_swap;
211 uint32_t free_timer_start;
212 uint32_t mac_cmd;
213 uint32_t mac_data;
214 uint32_t afc_cfg;
215 uint32_t e2p_cmd;
216 uint32_t e2p_data;
217
218 uint32_t mac_cr;
219 uint32_t mac_hashh;
220 uint32_t mac_hashl;
221 uint32_t mac_mii_acc;
222 uint32_t mac_mii_data;
223 uint32_t mac_flow;
224
225 Lan9118PhyState mii;
226 IRQState mii_irq;
227
228 int32_t eeprom_writable;
229 uint8_t eeprom[128];
230
231 int32_t tx_fifo_size;
232 LAN9118Packet *txp;
233 LAN9118Packet tx_packet;
234
235 int32_t tx_status_fifo_used;
236 int32_t tx_status_fifo_head;
237 uint32_t tx_status_fifo[512];
238
239 int32_t rx_status_fifo_size;
240 int32_t rx_status_fifo_used;
241 int32_t rx_status_fifo_head;
242 uint32_t rx_status_fifo[896];
243 int32_t rx_fifo_size;
244 int32_t rx_fifo_used;
245 int32_t rx_fifo_head;
246 uint32_t rx_fifo[3360];
247 int32_t rx_packet_size_head;
248 int32_t rx_packet_size_tail;
249 int32_t rx_packet_size[1024];
250
251 int32_t rxp_offset;
252 int32_t rxp_size;
253 int32_t rxp_pad;
254
255 uint32_t write_word_prev_offset;
256 uint32_t write_word_n;
257 uint16_t write_word_l;
258 uint16_t write_word_h;
259 uint32_t read_word_prev_offset;
260 uint32_t read_word_n;
261 uint32_t read_long;
262
263 uint32_t mode_16bit;
264 };
265
266 static const VMStateDescription vmstate_lan9118 = {
267 .name = "lan9118",
268 .version_id = 3,
269 .minimum_version_id = 3,
270 .fields = (const VMStateField[]) {
271 VMSTATE_PTIMER(timer, lan9118_state),
272 VMSTATE_UINT32(irq_cfg, lan9118_state),
273 VMSTATE_UINT32(int_sts, lan9118_state),
274 VMSTATE_UINT32(int_en, lan9118_state),
275 VMSTATE_UINT32(fifo_int, lan9118_state),
276 VMSTATE_UINT32(rx_cfg, lan9118_state),
277 VMSTATE_UINT32(tx_cfg, lan9118_state),
278 VMSTATE_UINT32(hw_cfg, lan9118_state),
279 VMSTATE_UINT32(pmt_ctrl, lan9118_state),
280 VMSTATE_UINT32(gpio_cfg, lan9118_state),
281 VMSTATE_UINT32(gpt_cfg, lan9118_state),
282 VMSTATE_UINT32(word_swap, lan9118_state),
283 VMSTATE_UINT32(free_timer_start, lan9118_state),
284 VMSTATE_UINT32(mac_cmd, lan9118_state),
285 VMSTATE_UINT32(mac_data, lan9118_state),
286 VMSTATE_UINT32(afc_cfg, lan9118_state),
287 VMSTATE_UINT32(e2p_cmd, lan9118_state),
288 VMSTATE_UINT32(e2p_data, lan9118_state),
289 VMSTATE_UINT32(mac_cr, lan9118_state),
290 VMSTATE_UINT32(mac_hashh, lan9118_state),
291 VMSTATE_UINT32(mac_hashl, lan9118_state),
292 VMSTATE_UINT32(mac_mii_acc, lan9118_state),
293 VMSTATE_UINT32(mac_mii_data, lan9118_state),
294 VMSTATE_UINT32(mac_flow, lan9118_state),
295 VMSTATE_INT32(eeprom_writable, lan9118_state),
296 VMSTATE_UINT8_ARRAY(eeprom, lan9118_state, 128),
297 VMSTATE_INT32(tx_fifo_size, lan9118_state),
298 /* txp always points at tx_packet so need not be saved */
299 VMSTATE_STRUCT(tx_packet, lan9118_state, 0,
300 vmstate_lan9118_packet, LAN9118Packet),
301 VMSTATE_INT32(tx_status_fifo_used, lan9118_state),
302 VMSTATE_INT32(tx_status_fifo_head, lan9118_state),
303 VMSTATE_UINT32_ARRAY(tx_status_fifo, lan9118_state, 512),
304 VMSTATE_INT32(rx_status_fifo_size, lan9118_state),
305 VMSTATE_INT32(rx_status_fifo_used, lan9118_state),
306 VMSTATE_INT32(rx_status_fifo_head, lan9118_state),
307 VMSTATE_UINT32_ARRAY(rx_status_fifo, lan9118_state, 896),
308 VMSTATE_INT32(rx_fifo_size, lan9118_state),
309 VMSTATE_INT32(rx_fifo_used, lan9118_state),
310 VMSTATE_INT32(rx_fifo_head, lan9118_state),
311 VMSTATE_UINT32_ARRAY(rx_fifo, lan9118_state, 3360),
312 VMSTATE_INT32(rx_packet_size_head, lan9118_state),
313 VMSTATE_INT32(rx_packet_size_tail, lan9118_state),
314 VMSTATE_INT32_ARRAY(rx_packet_size, lan9118_state, 1024),
315 VMSTATE_INT32(rxp_offset, lan9118_state),
316 VMSTATE_INT32(rxp_size, lan9118_state),
317 VMSTATE_INT32(rxp_pad, lan9118_state),
318 VMSTATE_UINT32_V(write_word_prev_offset, lan9118_state, 2),
319 VMSTATE_UINT32_V(write_word_n, lan9118_state, 2),
320 VMSTATE_UINT16_V(write_word_l, lan9118_state, 2),
321 VMSTATE_UINT16_V(write_word_h, lan9118_state, 2),
322 VMSTATE_UINT32_V(read_word_prev_offset, lan9118_state, 2),
323 VMSTATE_UINT32_V(read_word_n, lan9118_state, 2),
324 VMSTATE_UINT32_V(read_long, lan9118_state, 2),
325 VMSTATE_UINT32_V(mode_16bit, lan9118_state, 2),
326 VMSTATE_END_OF_LIST()
327 }
328 };
329
lan9118_update(lan9118_state * s)330 static void lan9118_update(lan9118_state *s)
331 {
332 int level;
333
334 /* TODO: Implement FIFO level IRQs. */
335 level = (s->int_sts & s->int_en) != 0;
336 if (level) {
337 s->irq_cfg |= IRQ_INT;
338 } else {
339 s->irq_cfg &= ~IRQ_INT;
340 }
341 if ((s->irq_cfg & IRQ_EN) == 0) {
342 level = 0;
343 }
344 if ((s->irq_cfg & (IRQ_TYPE | IRQ_POL)) != (IRQ_TYPE | IRQ_POL)) {
345 /* Interrupt is active low unless we're configured as
346 * active-high polarity, push-pull type.
347 */
348 level = !level;
349 }
350 qemu_set_irq(s->irq, level);
351 }
352
lan9118_mac_changed(lan9118_state * s)353 static void lan9118_mac_changed(lan9118_state *s)
354 {
355 qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a);
356 }
357
lan9118_reload_eeprom(lan9118_state * s)358 static void lan9118_reload_eeprom(lan9118_state *s)
359 {
360 int i;
361 if (s->eeprom[0] != 0xa5) {
362 s->e2p_cmd &= ~E2P_CMD_MAC_ADDR_LOADED;
363 DPRINTF("MACADDR load failed\n");
364 return;
365 }
366 for (i = 0; i < 6; i++) {
367 s->conf.macaddr.a[i] = s->eeprom[i + 1];
368 }
369 s->e2p_cmd |= E2P_CMD_MAC_ADDR_LOADED;
370 DPRINTF("MACADDR loaded from eeprom\n");
371 lan9118_mac_changed(s);
372 }
373
lan9118_update_irq(void * opaque,int n,int level)374 static void lan9118_update_irq(void *opaque, int n, int level)
375 {
376 lan9118_state *s = opaque;
377
378 if (level) {
379 s->int_sts |= PHY_INT;
380 } else {
381 s->int_sts &= ~PHY_INT;
382 }
383 lan9118_update(s);
384 }
385
lan9118_set_link(NetClientState * nc)386 static void lan9118_set_link(NetClientState *nc)
387 {
388 lan9118_phy_update_link(&LAN9118(qemu_get_nic_opaque(nc))->mii,
389 nc->link_down);
390 }
391
lan9118_reset(DeviceState * d)392 static void lan9118_reset(DeviceState *d)
393 {
394 lan9118_state *s = LAN9118(d);
395
396 s->irq_cfg &= (IRQ_TYPE | IRQ_POL);
397 s->int_sts = 0;
398 s->int_en = 0;
399 s->fifo_int = 0x48000000;
400 s->rx_cfg = 0;
401 s->tx_cfg = 0;
402 s->hw_cfg = s->mode_16bit ? 0x00050000 : 0x00050004;
403 s->pmt_ctrl &= 0x45;
404 s->gpio_cfg = 0;
405 s->txp->fifo_used = 0;
406 s->txp->state = TX_IDLE;
407 s->txp->cmd_a = 0xffffffffu;
408 s->txp->cmd_b = 0xffffffffu;
409 s->txp->len = 0;
410 s->txp->fifo_used = 0;
411 s->tx_fifo_size = 4608;
412 s->tx_status_fifo_used = 0;
413 s->rx_status_fifo_size = 704;
414 s->rx_fifo_size = 2640;
415 s->rx_fifo_used = 0;
416 s->rx_status_fifo_size = 176;
417 s->rx_status_fifo_used = 0;
418 s->rxp_offset = 0;
419 s->rxp_size = 0;
420 s->rxp_pad = 0;
421 s->rx_packet_size_tail = s->rx_packet_size_head;
422 s->rx_packet_size[s->rx_packet_size_head] = 0;
423 s->mac_cmd = 0;
424 s->mac_data = 0;
425 s->afc_cfg = 0;
426 s->e2p_cmd = 0;
427 s->e2p_data = 0;
428 s->free_timer_start = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) / 40;
429
430 ptimer_transaction_begin(s->timer);
431 ptimer_stop(s->timer);
432 ptimer_set_count(s->timer, 0xffff);
433 ptimer_transaction_commit(s->timer);
434 s->gpt_cfg = 0xffff;
435
436 s->mac_cr = MAC_CR_PRMS;
437 s->mac_hashh = 0;
438 s->mac_hashl = 0;
439 s->mac_mii_acc = 0;
440 s->mac_mii_data = 0;
441 s->mac_flow = 0;
442
443 s->read_word_n = 0;
444 s->write_word_n = 0;
445
446 s->eeprom_writable = 0;
447 lan9118_reload_eeprom(s);
448 }
449
rx_fifo_push(lan9118_state * s,uint32_t val)450 static void rx_fifo_push(lan9118_state *s, uint32_t val)
451 {
452 int fifo_pos;
453 fifo_pos = s->rx_fifo_head + s->rx_fifo_used;
454 if (fifo_pos >= s->rx_fifo_size)
455 fifo_pos -= s->rx_fifo_size;
456 s->rx_fifo[fifo_pos] = val;
457 s->rx_fifo_used++;
458 }
459
460 /* Return nonzero if the packet is accepted by the filter. */
lan9118_filter(lan9118_state * s,const uint8_t * addr)461 static int lan9118_filter(lan9118_state *s, const uint8_t *addr)
462 {
463 int multicast;
464 uint32_t hash;
465
466 if (s->mac_cr & MAC_CR_PRMS) {
467 return 1;
468 }
469 if (addr[0] == 0xff && addr[1] == 0xff && addr[2] == 0xff &&
470 addr[3] == 0xff && addr[4] == 0xff && addr[5] == 0xff) {
471 return (s->mac_cr & MAC_CR_BCAST) == 0;
472 }
473
474 multicast = addr[0] & 1;
475 if (multicast &&s->mac_cr & MAC_CR_MCPAS) {
476 return 1;
477 }
478 if (multicast ? (s->mac_cr & MAC_CR_HPFILT) == 0
479 : (s->mac_cr & MAC_CR_HO) == 0) {
480 /* Exact matching. */
481 hash = memcmp(addr, s->conf.macaddr.a, 6);
482 if (s->mac_cr & MAC_CR_INVFILT) {
483 return hash != 0;
484 } else {
485 return hash == 0;
486 }
487 } else {
488 /* Hash matching */
489 hash = net_crc32(addr, ETH_ALEN) >> 26;
490 if (hash & 0x20) {
491 return (s->mac_hashh >> (hash & 0x1f)) & 1;
492 } else {
493 return (s->mac_hashl >> (hash & 0x1f)) & 1;
494 }
495 }
496 }
497
lan9118_receive(NetClientState * nc,const uint8_t * buf,size_t size)498 static ssize_t lan9118_receive(NetClientState *nc, const uint8_t *buf,
499 size_t size)
500 {
501 lan9118_state *s = qemu_get_nic_opaque(nc);
502 int fifo_len;
503 int offset;
504 int src_pos;
505 int n;
506 int filter;
507 uint32_t val;
508 uint32_t crc;
509 uint32_t status;
510
511 if ((s->mac_cr & MAC_CR_RXEN) == 0) {
512 return -1;
513 }
514
515 if (size >= MIL_TXFIFO_SIZE || size < 14) {
516 return -1;
517 }
518
519 /* TODO: Implement FIFO overflow notification. */
520 if (s->rx_status_fifo_used == s->rx_status_fifo_size) {
521 return -1;
522 }
523
524 filter = lan9118_filter(s, buf);
525 if (!filter && (s->mac_cr & MAC_CR_RXALL) == 0) {
526 return size;
527 }
528
529 offset = (s->rx_cfg >> 8) & 0x1f;
530 n = offset & 3;
531 fifo_len = (size + n + 3) >> 2;
532 /* Add a word for the CRC. */
533 fifo_len++;
534 if (s->rx_fifo_size - s->rx_fifo_used < fifo_len) {
535 return -1;
536 }
537
538 DPRINTF("Got packet len:%d fifo:%d filter:%s\n",
539 (int)size, fifo_len, filter ? "pass" : "fail");
540 val = 0;
541 crc = bswap32(crc32(~0, buf, size));
542 for (src_pos = 0; src_pos < size; src_pos++) {
543 val = (val >> 8) | ((uint32_t)buf[src_pos] << 24);
544 n++;
545 if (n == 4) {
546 n = 0;
547 rx_fifo_push(s, val);
548 val = 0;
549 }
550 }
551 if (n) {
552 val >>= ((4 - n) * 8);
553 val |= crc << (n * 8);
554 rx_fifo_push(s, val);
555 val = crc >> ((4 - n) * 8);
556 rx_fifo_push(s, val);
557 } else {
558 rx_fifo_push(s, crc);
559 }
560 n = s->rx_status_fifo_head + s->rx_status_fifo_used;
561 if (n >= s->rx_status_fifo_size) {
562 n -= s->rx_status_fifo_size;
563 }
564 s->rx_packet_size[s->rx_packet_size_tail] = fifo_len;
565 s->rx_packet_size_tail = (s->rx_packet_size_tail + 1023) & 1023;
566 s->rx_status_fifo_used++;
567
568 status = (size + 4) << 16;
569 if (buf[0] == 0xff && buf[1] == 0xff && buf[2] == 0xff &&
570 buf[3] == 0xff && buf[4] == 0xff && buf[5] == 0xff) {
571 status |= 0x00002000;
572 } else if (buf[0] & 1) {
573 status |= 0x00000400;
574 }
575 if (!filter) {
576 status |= 0x40000000;
577 }
578 s->rx_status_fifo[n] = status;
579
580 if (s->rx_status_fifo_used > (s->fifo_int & 0xff)) {
581 s->int_sts |= RSFL_INT;
582 }
583 lan9118_update(s);
584
585 return size;
586 }
587
rx_fifo_pop(lan9118_state * s)588 static uint32_t rx_fifo_pop(lan9118_state *s)
589 {
590 int n;
591 uint32_t val;
592
593 if (s->rxp_size == 0 && s->rxp_pad == 0) {
594 s->rxp_size = s->rx_packet_size[s->rx_packet_size_head];
595 s->rx_packet_size[s->rx_packet_size_head] = 0;
596 if (s->rxp_size != 0) {
597 s->rx_packet_size_head = (s->rx_packet_size_head + 1023) & 1023;
598 s->rxp_offset = (s->rx_cfg >> 10) & 7;
599 n = s->rxp_offset + s->rxp_size;
600 switch (s->rx_cfg >> 30) {
601 case 1:
602 n = (-n) & 3;
603 break;
604 case 2:
605 n = (-n) & 7;
606 break;
607 default:
608 n = 0;
609 break;
610 }
611 s->rxp_pad = n;
612 DPRINTF("Pop packet size:%d offset:%d pad: %d\n",
613 s->rxp_size, s->rxp_offset, s->rxp_pad);
614 }
615 }
616 if (s->rxp_offset > 0) {
617 s->rxp_offset--;
618 val = 0;
619 } else if (s->rxp_size > 0) {
620 s->rxp_size--;
621 val = s->rx_fifo[s->rx_fifo_head++];
622 if (s->rx_fifo_head >= s->rx_fifo_size) {
623 s->rx_fifo_head -= s->rx_fifo_size;
624 }
625 s->rx_fifo_used--;
626 } else if (s->rxp_pad > 0) {
627 s->rxp_pad--;
628 val = 0;
629 } else {
630 DPRINTF("RX underflow\n");
631 s->int_sts |= RXE_INT;
632 val = 0;
633 }
634 lan9118_update(s);
635 return val;
636 }
637
do_tx_packet(lan9118_state * s)638 static void do_tx_packet(lan9118_state *s)
639 {
640 int n;
641 uint32_t status;
642
643 /* FIXME: Honor TX disable, and allow queueing of packets. */
644 if (s->mii.control & 0x4000) {
645 /* This assumes the receive routine doesn't touch the VLANClient. */
646 qemu_receive_packet(qemu_get_queue(s->nic), s->txp->data, s->txp->len);
647 } else {
648 qemu_send_packet(qemu_get_queue(s->nic), s->txp->data, s->txp->len);
649 }
650 s->txp->fifo_used = 0;
651
652 if (s->tx_status_fifo_used == 512) {
653 /* Status FIFO full */
654 return;
655 }
656 /* Add entry to status FIFO. */
657 status = s->txp->cmd_b & 0xffff0000u;
658 DPRINTF("Sent packet tag:%04x len %d\n", status >> 16, s->txp->len);
659 n = (s->tx_status_fifo_head + s->tx_status_fifo_used) & 511;
660 s->tx_status_fifo[n] = status;
661 s->tx_status_fifo_used++;
662
663 /*
664 * Generate TSFL interrupt if TX FIFO level exceeds the level
665 * specified in the FIFO_INT TX Status Level field.
666 */
667 if (s->tx_status_fifo_used > ((s->fifo_int >> 16) & 0xff)) {
668 s->int_sts |= TSFL_INT;
669 }
670 if (s->tx_status_fifo_used == 512) {
671 s->int_sts |= TSFF_INT;
672 /* TODO: Stop transmission. */
673 }
674 }
675
rx_status_fifo_pop(lan9118_state * s)676 static uint32_t rx_status_fifo_pop(lan9118_state *s)
677 {
678 uint32_t val;
679
680 val = s->rx_status_fifo[s->rx_status_fifo_head];
681 if (s->rx_status_fifo_used != 0) {
682 s->rx_status_fifo_used--;
683 s->rx_status_fifo_head++;
684 if (s->rx_status_fifo_head >= s->rx_status_fifo_size) {
685 s->rx_status_fifo_head -= s->rx_status_fifo_size;
686 }
687 /* ??? What value should be returned when the FIFO is empty? */
688 DPRINTF("RX status pop 0x%08x\n", val);
689 }
690 return val;
691 }
692
tx_status_fifo_pop(lan9118_state * s)693 static uint32_t tx_status_fifo_pop(lan9118_state *s)
694 {
695 uint32_t val;
696
697 val = s->tx_status_fifo[s->tx_status_fifo_head];
698 if (s->tx_status_fifo_used != 0) {
699 s->tx_status_fifo_used--;
700 s->tx_status_fifo_head = (s->tx_status_fifo_head + 1) & 511;
701 /* ??? What value should be returned when the FIFO is empty? */
702 }
703 return val;
704 }
705
tx_fifo_push(lan9118_state * s,uint32_t val)706 static void tx_fifo_push(lan9118_state *s, uint32_t val)
707 {
708 int n;
709
710 if (s->txp->fifo_used == s->tx_fifo_size) {
711 s->int_sts |= TDFO_INT;
712 return;
713 }
714 switch (s->txp->state) {
715 case TX_IDLE:
716 s->txp->cmd_a = val & 0x831f37ff;
717 s->txp->fifo_used++;
718 s->txp->state = TX_B;
719 s->txp->buffer_size = extract32(s->txp->cmd_a, 0, 11);
720 s->txp->offset = extract32(s->txp->cmd_a, 16, 5);
721 break;
722 case TX_B:
723 if (s->txp->cmd_a & 0x2000) {
724 /* First segment */
725 s->txp->cmd_b = val;
726 s->txp->fifo_used++;
727 /* End alignment does not include command words. */
728 n = (s->txp->buffer_size + s->txp->offset + 3) >> 2;
729 switch ((n >> 24) & 3) {
730 case 1:
731 n = (-n) & 3;
732 break;
733 case 2:
734 n = (-n) & 7;
735 break;
736 default:
737 n = 0;
738 }
739 s->txp->pad = n;
740 s->txp->len = 0;
741 }
742 DPRINTF("Block len:%d offset:%d pad:%d cmd %08x\n",
743 s->txp->buffer_size, s->txp->offset, s->txp->pad,
744 s->txp->cmd_a);
745 s->txp->state = TX_DATA;
746 break;
747 case TX_DATA:
748 if (s->txp->offset >= 4) {
749 s->txp->offset -= 4;
750 break;
751 }
752 if (s->txp->buffer_size <= 0 && s->txp->pad != 0) {
753 s->txp->pad--;
754 } else {
755 n = MIN(4, s->txp->buffer_size + s->txp->offset);
756 while (s->txp->offset) {
757 val >>= 8;
758 n--;
759 s->txp->offset--;
760 }
761 /* Documentation is somewhat unclear on the ordering of bytes
762 in FIFO words. Empirical results show it to be little-endian.
763 */
764 while (n--) {
765 if (s->txp->len == MIL_TXFIFO_SIZE) {
766 /*
767 * No more space in the FIFO. The datasheet is not
768 * precise about this case. We choose what is easiest
769 * to model: the packet is truncated, and TXE is raised.
770 *
771 * Note, it could be a fragmented packet, but we currently
772 * do not handle that (see earlier TX_B case).
773 */
774 qemu_log_mask(LOG_GUEST_ERROR,
775 "MIL TX FIFO overrun, discarding %u byte%s\n",
776 n, n > 1 ? "s" : "");
777 s->int_sts |= TXE_INT;
778 break;
779 }
780 s->txp->data[s->txp->len] = val & 0xff;
781 s->txp->len++;
782 val >>= 8;
783 s->txp->buffer_size--;
784 }
785 s->txp->fifo_used++;
786 }
787 if (s->txp->buffer_size <= 0 && s->txp->pad == 0) {
788 if (s->txp->cmd_a & 0x1000) {
789 do_tx_packet(s);
790 }
791 if (s->txp->cmd_a & 0x80000000) {
792 s->int_sts |= TX_IOC_INT;
793 }
794 s->txp->state = TX_IDLE;
795 }
796 break;
797 }
798 }
799
do_mac_write(lan9118_state * s,int reg,uint32_t val)800 static void do_mac_write(lan9118_state *s, int reg, uint32_t val)
801 {
802 switch (reg) {
803 case MAC_CR:
804 if ((s->mac_cr & MAC_CR_RXEN) != 0 && (val & MAC_CR_RXEN) == 0) {
805 s->int_sts |= RXSTOP_INT;
806 }
807 s->mac_cr = val & ~MAC_CR_RESERVED;
808 DPRINTF("MAC_CR: %08x\n", val);
809 break;
810 case MAC_ADDRH:
811 s->conf.macaddr.a[4] = val & 0xff;
812 s->conf.macaddr.a[5] = (val >> 8) & 0xff;
813 lan9118_mac_changed(s);
814 break;
815 case MAC_ADDRL:
816 s->conf.macaddr.a[0] = val & 0xff;
817 s->conf.macaddr.a[1] = (val >> 8) & 0xff;
818 s->conf.macaddr.a[2] = (val >> 16) & 0xff;
819 s->conf.macaddr.a[3] = (val >> 24) & 0xff;
820 lan9118_mac_changed(s);
821 break;
822 case MAC_HASHH:
823 s->mac_hashh = val;
824 break;
825 case MAC_HASHL:
826 s->mac_hashl = val;
827 break;
828 case MAC_MII_ACC:
829 s->mac_mii_acc = val & 0xffc2;
830 if (val & 2) {
831 DPRINTF("PHY write %d = 0x%04x\n",
832 (val >> 6) & 0x1f, s->mac_mii_data);
833 lan9118_phy_write(&s->mii, (val >> 6) & 0x1f, s->mac_mii_data);
834 } else {
835 s->mac_mii_data = lan9118_phy_read(&s->mii, (val >> 6) & 0x1f);
836 DPRINTF("PHY read %d = 0x%04x\n",
837 (val >> 6) & 0x1f, s->mac_mii_data);
838 }
839 break;
840 case MAC_MII_DATA:
841 s->mac_mii_data = val & 0xffff;
842 break;
843 case MAC_FLOW:
844 s->mac_flow = val & 0xffff0000;
845 break;
846 case MAC_VLAN1:
847 /* Writing to this register changes a condition for
848 * FrameTooLong bit in rx_status. Since we do not set
849 * FrameTooLong anyway, just ignore write to this.
850 */
851 break;
852 default:
853 qemu_log_mask(LOG_GUEST_ERROR,
854 "lan9118: Unimplemented MAC register write: %d = 0x%x\n",
855 s->mac_cmd & 0xf, val);
856 }
857 }
858
do_mac_read(lan9118_state * s,int reg)859 static uint32_t do_mac_read(lan9118_state *s, int reg)
860 {
861 switch (reg) {
862 case MAC_CR:
863 return s->mac_cr;
864 case MAC_ADDRH:
865 return s->conf.macaddr.a[4] | (s->conf.macaddr.a[5] << 8);
866 case MAC_ADDRL:
867 return s->conf.macaddr.a[0] | (s->conf.macaddr.a[1] << 8)
868 | (s->conf.macaddr.a[2] << 16) | (s->conf.macaddr.a[3] << 24);
869 case MAC_HASHH:
870 return s->mac_hashh;
871 case MAC_HASHL:
872 return s->mac_hashl;
873 case MAC_MII_ACC:
874 return s->mac_mii_acc;
875 case MAC_MII_DATA:
876 return s->mac_mii_data;
877 case MAC_FLOW:
878 return s->mac_flow;
879 default:
880 qemu_log_mask(LOG_GUEST_ERROR,
881 "lan9118: Unimplemented MAC register read: %d\n",
882 s->mac_cmd & 0xf);
883 return 0;
884 }
885 }
886
lan9118_eeprom_cmd(lan9118_state * s,int cmd,int addr)887 static void lan9118_eeprom_cmd(lan9118_state *s, int cmd, int addr)
888 {
889 s->e2p_cmd = (s->e2p_cmd & E2P_CMD_MAC_ADDR_LOADED) | (cmd << 28) | addr;
890 switch (cmd) {
891 case 0:
892 s->e2p_data = s->eeprom[addr];
893 DPRINTF("EEPROM Read %d = 0x%02x\n", addr, s->e2p_data);
894 break;
895 case 1:
896 s->eeprom_writable = 0;
897 DPRINTF("EEPROM Write Disable\n");
898 break;
899 case 2: /* EWEN */
900 s->eeprom_writable = 1;
901 DPRINTF("EEPROM Write Enable\n");
902 break;
903 case 3: /* WRITE */
904 if (s->eeprom_writable) {
905 s->eeprom[addr] &= s->e2p_data;
906 DPRINTF("EEPROM Write %d = 0x%02x\n", addr, s->e2p_data);
907 } else {
908 DPRINTF("EEPROM Write %d (ignored)\n", addr);
909 }
910 break;
911 case 4: /* WRAL */
912 if (s->eeprom_writable) {
913 for (addr = 0; addr < 128; addr++) {
914 s->eeprom[addr] &= s->e2p_data;
915 }
916 DPRINTF("EEPROM Write All 0x%02x\n", s->e2p_data);
917 } else {
918 DPRINTF("EEPROM Write All (ignored)\n");
919 }
920 break;
921 case 5: /* ERASE */
922 if (s->eeprom_writable) {
923 s->eeprom[addr] = 0xff;
924 DPRINTF("EEPROM Erase %d\n", addr);
925 } else {
926 DPRINTF("EEPROM Erase %d (ignored)\n", addr);
927 }
928 break;
929 case 6: /* ERAL */
930 if (s->eeprom_writable) {
931 memset(s->eeprom, 0xff, 128);
932 DPRINTF("EEPROM Erase All\n");
933 } else {
934 DPRINTF("EEPROM Erase All (ignored)\n");
935 }
936 break;
937 case 7: /* RELOAD */
938 lan9118_reload_eeprom(s);
939 break;
940 }
941 }
942
lan9118_tick(void * opaque)943 static void lan9118_tick(void *opaque)
944 {
945 lan9118_state *s = (lan9118_state *)opaque;
946 if (s->int_en & GPT_INT) {
947 s->int_sts |= GPT_INT;
948 }
949 lan9118_update(s);
950 }
951
lan9118_writel(void * opaque,hwaddr offset,uint64_t val,unsigned size)952 static void lan9118_writel(void *opaque, hwaddr offset,
953 uint64_t val, unsigned size)
954 {
955 lan9118_state *s = (lan9118_state *)opaque;
956 offset &= 0xff;
957
958 //DPRINTF("Write reg 0x%02x = 0x%08x\n", (int)offset, val);
959 if (offset >= TX_DATA_FIFO_PORT_FIRST &&
960 offset <= TX_DATA_FIFO_PORT_LAST) {
961 /* TX FIFO */
962 tx_fifo_push(s, val);
963 return;
964 }
965 switch (offset) {
966 case CSR_IRQ_CFG:
967 /* TODO: Implement interrupt deassertion intervals. */
968 val &= (IRQ_EN | IRQ_POL | IRQ_TYPE);
969 s->irq_cfg = (s->irq_cfg & IRQ_INT) | val;
970 break;
971 case CSR_INT_STS:
972 s->int_sts &= ~val;
973 break;
974 case CSR_INT_EN:
975 s->int_en = val & ~RESERVED_INT;
976 s->int_sts |= val & SW_INT;
977 break;
978 case CSR_FIFO_INT:
979 DPRINTF("FIFO INT levels %08x\n", val);
980 s->fifo_int = val;
981 break;
982 case CSR_RX_CFG:
983 if (val & 0x8000) {
984 /* RX_DUMP */
985 s->rx_fifo_used = 0;
986 s->rx_status_fifo_used = 0;
987 s->rx_packet_size_tail = s->rx_packet_size_head;
988 s->rx_packet_size[s->rx_packet_size_head] = 0;
989 }
990 s->rx_cfg = val & 0xcfff1ff0;
991 break;
992 case CSR_TX_CFG:
993 if (val & 0x8000) {
994 s->tx_status_fifo_used = 0;
995 }
996 if (val & 0x4000) {
997 s->txp->state = TX_IDLE;
998 s->txp->fifo_used = 0;
999 s->txp->cmd_a = 0xffffffff;
1000 }
1001 s->tx_cfg = val & 6;
1002 break;
1003 case CSR_HW_CFG:
1004 if (val & 1) {
1005 /* SRST */
1006 lan9118_reset(DEVICE(s));
1007 } else {
1008 s->hw_cfg = (val & 0x003f300) | (s->hw_cfg & 0x4);
1009 }
1010 break;
1011 case CSR_RX_DP_CTRL:
1012 if (val & 0x80000000) {
1013 /* Skip forward to next packet. */
1014 s->rxp_pad = 0;
1015 s->rxp_offset = 0;
1016 if (s->rxp_size == 0) {
1017 /* Pop a word to start the next packet. */
1018 rx_fifo_pop(s);
1019 s->rxp_pad = 0;
1020 s->rxp_offset = 0;
1021 }
1022 s->rx_fifo_head += s->rxp_size;
1023 if (s->rx_fifo_head >= s->rx_fifo_size) {
1024 s->rx_fifo_head -= s->rx_fifo_size;
1025 }
1026 }
1027 break;
1028 case CSR_PMT_CTRL:
1029 if (val & 0x400) {
1030 lan9118_phy_reset(&s->mii);
1031 }
1032 s->pmt_ctrl &= ~0x34e;
1033 s->pmt_ctrl |= (val & 0x34e);
1034 break;
1035 case CSR_GPIO_CFG:
1036 /* Probably just enabling LEDs. */
1037 s->gpio_cfg = val & 0x7777071f;
1038 break;
1039 case CSR_GPT_CFG:
1040 if ((s->gpt_cfg ^ val) & GPT_TIMER_EN) {
1041 ptimer_transaction_begin(s->timer);
1042 if (val & GPT_TIMER_EN) {
1043 ptimer_set_count(s->timer, val & 0xffff);
1044 ptimer_run(s->timer, 0);
1045 } else {
1046 ptimer_stop(s->timer);
1047 ptimer_set_count(s->timer, 0xffff);
1048 }
1049 ptimer_transaction_commit(s->timer);
1050 }
1051 s->gpt_cfg = val & (GPT_TIMER_EN | 0xffff);
1052 break;
1053 case CSR_WORD_SWAP:
1054 /* Ignored because we're in 32-bit mode. */
1055 s->word_swap = val;
1056 break;
1057 case CSR_MAC_CSR_CMD:
1058 s->mac_cmd = val & 0x4000000f;
1059 if (val & 0x80000000) {
1060 if (val & 0x40000000) {
1061 s->mac_data = do_mac_read(s, val & 0xf);
1062 DPRINTF("MAC read %d = 0x%08x\n", val & 0xf, s->mac_data);
1063 } else {
1064 DPRINTF("MAC write %d = 0x%08x\n", val & 0xf, s->mac_data);
1065 do_mac_write(s, val & 0xf, s->mac_data);
1066 }
1067 }
1068 break;
1069 case CSR_MAC_CSR_DATA:
1070 s->mac_data = val;
1071 break;
1072 case CSR_AFC_CFG:
1073 s->afc_cfg = val & 0x00ffffff;
1074 break;
1075 case CSR_E2P_CMD:
1076 lan9118_eeprom_cmd(s, (val >> 28) & 7, val & 0x7f);
1077 break;
1078 case CSR_E2P_DATA:
1079 s->e2p_data = val & 0xff;
1080 break;
1081
1082 default:
1083 qemu_log_mask(LOG_GUEST_ERROR, "lan9118_write: Bad reg 0x%x = %x\n",
1084 (int)offset, (int)val);
1085 break;
1086 }
1087 lan9118_update(s);
1088 }
1089
lan9118_writew(void * opaque,hwaddr offset,uint32_t val)1090 static void lan9118_writew(void *opaque, hwaddr offset,
1091 uint32_t val)
1092 {
1093 lan9118_state *s = (lan9118_state *)opaque;
1094 offset &= 0xff;
1095
1096 if (s->write_word_prev_offset != (offset & ~0x3)) {
1097 /* New offset, reset word counter */
1098 s->write_word_n = 0;
1099 s->write_word_prev_offset = offset & ~0x3;
1100 }
1101
1102 if (offset & 0x2) {
1103 s->write_word_h = val;
1104 } else {
1105 s->write_word_l = val;
1106 }
1107
1108 //DPRINTF("Writew reg 0x%02x = 0x%08x\n", (int)offset, val);
1109 s->write_word_n++;
1110 if (s->write_word_n == 2) {
1111 s->write_word_n = 0;
1112 lan9118_writel(s, offset & ~3, s->write_word_l +
1113 (s->write_word_h << 16), 4);
1114 }
1115 }
1116
lan9118_16bit_mode_write(void * opaque,hwaddr offset,uint64_t val,unsigned size)1117 static void lan9118_16bit_mode_write(void *opaque, hwaddr offset,
1118 uint64_t val, unsigned size)
1119 {
1120 switch (size) {
1121 case 2:
1122 lan9118_writew(opaque, offset, (uint32_t)val);
1123 return;
1124 case 4:
1125 lan9118_writel(opaque, offset, val, size);
1126 return;
1127 }
1128
1129 qemu_log_mask(LOG_GUEST_ERROR,
1130 "lan9118_16bit_mode_write: Bad size 0x%x\n", size);
1131 }
1132
lan9118_readl(void * opaque,hwaddr offset,unsigned size)1133 static uint64_t lan9118_readl(void *opaque, hwaddr offset,
1134 unsigned size)
1135 {
1136 lan9118_state *s = (lan9118_state *)opaque;
1137
1138 //DPRINTF("Read reg 0x%02x\n", (int)offset);
1139 if (offset <= RX_DATA_FIFO_PORT_LAST) {
1140 /* RX FIFO */
1141 return rx_fifo_pop(s);
1142 }
1143 switch (offset) {
1144 case RX_STATUS_FIFO_PORT:
1145 return rx_status_fifo_pop(s);
1146 case RX_STATUS_FIFO_PEEK:
1147 return s->rx_status_fifo[s->rx_status_fifo_head];
1148 case TX_STATUS_FIFO_PORT:
1149 return tx_status_fifo_pop(s);
1150 case TX_STATUS_FIFO_PEEK:
1151 return s->tx_status_fifo[s->tx_status_fifo_head];
1152 case CSR_ID_REV:
1153 return 0x01180001;
1154 case CSR_IRQ_CFG:
1155 return s->irq_cfg;
1156 case CSR_INT_STS:
1157 return s->int_sts;
1158 case CSR_INT_EN:
1159 return s->int_en;
1160 case CSR_BYTE_TEST:
1161 return 0x87654321;
1162 case CSR_FIFO_INT:
1163 return s->fifo_int;
1164 case CSR_RX_CFG:
1165 return s->rx_cfg;
1166 case CSR_TX_CFG:
1167 return s->tx_cfg;
1168 case CSR_HW_CFG:
1169 return s->hw_cfg;
1170 case CSR_RX_DP_CTRL:
1171 return 0;
1172 case CSR_RX_FIFO_INF:
1173 return (s->rx_status_fifo_used << 16) | (s->rx_fifo_used << 2);
1174 case CSR_TX_FIFO_INF:
1175 return (s->tx_status_fifo_used << 16)
1176 | (s->tx_fifo_size - s->txp->fifo_used);
1177 case CSR_PMT_CTRL:
1178 return s->pmt_ctrl;
1179 case CSR_GPIO_CFG:
1180 return s->gpio_cfg;
1181 case CSR_GPT_CFG:
1182 return s->gpt_cfg;
1183 case CSR_GPT_CNT:
1184 return ptimer_get_count(s->timer);
1185 case CSR_WORD_SWAP:
1186 return s->word_swap;
1187 case CSR_FREE_RUN:
1188 return (qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) / 40) - s->free_timer_start;
1189 case CSR_RX_DROP:
1190 /* TODO: Implement dropped frames counter. */
1191 return 0;
1192 case CSR_MAC_CSR_CMD:
1193 return s->mac_cmd;
1194 case CSR_MAC_CSR_DATA:
1195 return s->mac_data;
1196 case CSR_AFC_CFG:
1197 return s->afc_cfg;
1198 case CSR_E2P_CMD:
1199 return s->e2p_cmd;
1200 case CSR_E2P_DATA:
1201 return s->e2p_data;
1202 }
1203 qemu_log_mask(LOG_GUEST_ERROR, "lan9118_read: Bad reg 0x%x\n", (int)offset);
1204 return 0;
1205 }
1206
lan9118_readw(void * opaque,hwaddr offset)1207 static uint32_t lan9118_readw(void *opaque, hwaddr offset)
1208 {
1209 lan9118_state *s = (lan9118_state *)opaque;
1210 uint32_t val;
1211
1212 if (s->read_word_prev_offset != (offset & ~0x3)) {
1213 /* New offset, reset word counter */
1214 s->read_word_n = 0;
1215 s->read_word_prev_offset = offset & ~0x3;
1216 }
1217
1218 s->read_word_n++;
1219 if (s->read_word_n == 1) {
1220 s->read_long = lan9118_readl(s, offset & ~3, 4);
1221 } else {
1222 s->read_word_n = 0;
1223 }
1224
1225 if (offset & 2) {
1226 val = s->read_long >> 16;
1227 } else {
1228 val = s->read_long & 0xFFFF;
1229 }
1230
1231 //DPRINTF("Readw reg 0x%02x, val 0x%x\n", (int)offset, val);
1232 return val;
1233 }
1234
lan9118_16bit_mode_read(void * opaque,hwaddr offset,unsigned size)1235 static uint64_t lan9118_16bit_mode_read(void *opaque, hwaddr offset,
1236 unsigned size)
1237 {
1238 switch (size) {
1239 case 2:
1240 return lan9118_readw(opaque, offset);
1241 case 4:
1242 return lan9118_readl(opaque, offset, size);
1243 }
1244
1245 qemu_log_mask(LOG_GUEST_ERROR,
1246 "lan9118_16bit_mode_read: Bad size 0x%x\n", size);
1247 return 0;
1248 }
1249
1250 static const MemoryRegionOps lan9118_mem_ops = {
1251 .read = lan9118_readl,
1252 .write = lan9118_writel,
1253 .endianness = DEVICE_NATIVE_ENDIAN,
1254 };
1255
1256 static const MemoryRegionOps lan9118_16bit_mem_ops = {
1257 .read = lan9118_16bit_mode_read,
1258 .write = lan9118_16bit_mode_write,
1259 .endianness = DEVICE_NATIVE_ENDIAN,
1260 };
1261
1262 static NetClientInfo net_lan9118_info = {
1263 .type = NET_CLIENT_DRIVER_NIC,
1264 .size = sizeof(NICState),
1265 .receive = lan9118_receive,
1266 .link_status_changed = lan9118_set_link,
1267 };
1268
lan9118_realize(DeviceState * dev,Error ** errp)1269 static void lan9118_realize(DeviceState *dev, Error **errp)
1270 {
1271 SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
1272 lan9118_state *s = LAN9118(dev);
1273 int i;
1274 const MemoryRegionOps *mem_ops =
1275 s->mode_16bit ? &lan9118_16bit_mem_ops : &lan9118_mem_ops;
1276
1277 qemu_init_irq(&s->mii_irq, lan9118_update_irq, s, 0);
1278 object_initialize_child(OBJECT(s), "mii", &s->mii, TYPE_LAN9118_PHY);
1279 if (!sysbus_realize_and_unref(SYS_BUS_DEVICE(&s->mii), errp)) {
1280 return;
1281 }
1282 qdev_connect_gpio_out(DEVICE(&s->mii), 0, &s->mii_irq);
1283
1284 memory_region_init_io(&s->mmio, OBJECT(dev), mem_ops, s,
1285 "lan9118-mmio", 0x100);
1286 sysbus_init_mmio(sbd, &s->mmio);
1287 sysbus_init_irq(sbd, &s->irq);
1288 qemu_macaddr_default_if_unset(&s->conf.macaddr);
1289
1290 s->nic = qemu_new_nic(&net_lan9118_info, &s->conf,
1291 object_get_typename(OBJECT(dev)), dev->id,
1292 &dev->mem_reentrancy_guard, s);
1293 qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a);
1294 s->eeprom[0] = 0xa5;
1295 for (i = 0; i < 6; i++) {
1296 s->eeprom[i + 1] = s->conf.macaddr.a[i];
1297 }
1298 s->pmt_ctrl = 1;
1299 s->txp = &s->tx_packet;
1300
1301 s->timer = ptimer_init(lan9118_tick, s, PTIMER_POLICY_LEGACY);
1302 ptimer_transaction_begin(s->timer);
1303 ptimer_set_freq(s->timer, 10000);
1304 ptimer_set_limit(s->timer, 0xffff, 1);
1305 ptimer_transaction_commit(s->timer);
1306 }
1307
1308 static const Property lan9118_properties[] = {
1309 DEFINE_NIC_PROPERTIES(lan9118_state, conf),
1310 DEFINE_PROP_UINT32("mode_16bit", lan9118_state, mode_16bit, 0),
1311 };
1312
lan9118_class_init(ObjectClass * klass,const void * data)1313 static void lan9118_class_init(ObjectClass *klass, const void *data)
1314 {
1315 DeviceClass *dc = DEVICE_CLASS(klass);
1316
1317 device_class_set_legacy_reset(dc, lan9118_reset);
1318 device_class_set_props(dc, lan9118_properties);
1319 dc->vmsd = &vmstate_lan9118;
1320 dc->realize = lan9118_realize;
1321 }
1322
1323 static const TypeInfo lan9118_info = {
1324 .name = TYPE_LAN9118,
1325 .parent = TYPE_SYS_BUS_DEVICE,
1326 .instance_size = sizeof(lan9118_state),
1327 .class_init = lan9118_class_init,
1328 };
1329
lan9118_register_types(void)1330 static void lan9118_register_types(void)
1331 {
1332 type_register_static(&lan9118_info);
1333 }
1334
1335 /* Legacy helper function. Should go away when machine config files are
1336 implemented. */
lan9118_init(uint32_t base,qemu_irq irq)1337 void lan9118_init(uint32_t base, qemu_irq irq)
1338 {
1339 DeviceState *dev;
1340 SysBusDevice *s;
1341
1342 dev = qdev_new(TYPE_LAN9118);
1343 qemu_configure_nic_device(dev, true, NULL);
1344 s = SYS_BUS_DEVICE(dev);
1345 sysbus_realize_and_unref(s, &error_fatal);
1346 sysbus_mmio_map(s, 0, base);
1347 sysbus_connect_irq(s, 0, irq);
1348 }
1349
1350 type_init(lan9118_register_types)
1351