1 /*
2 * SMSC 91C111 Ethernet interface emulation
3 *
4 * Copyright (c) 2005 CodeSourcery, LLC.
5 * Written by Paul Brook
6 *
7 * This code is licensed under the GPL
8 */
9
10 #include "qemu/osdep.h"
11 #include "hw/sysbus.h"
12 #include "migration/vmstate.h"
13 #include "net/net.h"
14 #include "hw/irq.h"
15 #include "hw/net/smc91c111.h"
16 #include "hw/registerfields.h"
17 #include "hw/qdev-properties.h"
18 #include "qapi/error.h"
19 #include "qemu/log.h"
20 #include "qemu/module.h"
21 #include <zlib.h> /* for crc32 */
22 #include "qom/object.h"
23
24 /* Number of 2k memory pages available. */
25 #define NUM_PACKETS 4
26 /*
27 * Maximum size of a data frame, including the leading status word
28 * and byte count fields and the trailing CRC, last data byte
29 * and control byte (per figure 8-1 in the Microchip Technology
30 * LAN91C111 datasheet).
31 */
32 #define MAX_PACKET_SIZE 2048
33
34 #define TYPE_SMC91C111 "smc91c111"
35 OBJECT_DECLARE_SIMPLE_TYPE(smc91c111_state, SMC91C111)
36
37 struct smc91c111_state {
38 SysBusDevice parent_obj;
39
40 NICState *nic;
41 NICConf conf;
42 uint16_t tcr;
43 uint16_t rcr;
44 uint16_t cr;
45 uint16_t ctr;
46 uint16_t gpr;
47 uint16_t ptr;
48 uint16_t ercv;
49 qemu_irq irq;
50 int bank;
51 int packet_num;
52 int tx_alloc;
53 /* Bitmask of allocated packets. */
54 int allocated;
55 int tx_fifo_len;
56 int tx_fifo[NUM_PACKETS];
57 int rx_fifo_len;
58 int rx_fifo[NUM_PACKETS];
59 int tx_fifo_done_len;
60 int tx_fifo_done[NUM_PACKETS];
61 /* Packet buffer memory. */
62 uint8_t data[NUM_PACKETS][2048];
63 uint8_t int_level;
64 uint8_t int_mask;
65 MemoryRegion mmio;
66 };
67
68 static const VMStateDescription vmstate_smc91c111 = {
69 .name = "smc91c111",
70 .version_id = 1,
71 .minimum_version_id = 1,
72 .fields = (const VMStateField[]) {
73 VMSTATE_UINT16(tcr, smc91c111_state),
74 VMSTATE_UINT16(rcr, smc91c111_state),
75 VMSTATE_UINT16(cr, smc91c111_state),
76 VMSTATE_UINT16(ctr, smc91c111_state),
77 VMSTATE_UINT16(gpr, smc91c111_state),
78 VMSTATE_UINT16(ptr, smc91c111_state),
79 VMSTATE_UINT16(ercv, smc91c111_state),
80 VMSTATE_INT32(bank, smc91c111_state),
81 VMSTATE_INT32(packet_num, smc91c111_state),
82 VMSTATE_INT32(tx_alloc, smc91c111_state),
83 VMSTATE_INT32(allocated, smc91c111_state),
84 VMSTATE_INT32(tx_fifo_len, smc91c111_state),
85 VMSTATE_INT32_ARRAY(tx_fifo, smc91c111_state, NUM_PACKETS),
86 VMSTATE_INT32(rx_fifo_len, smc91c111_state),
87 VMSTATE_INT32_ARRAY(rx_fifo, smc91c111_state, NUM_PACKETS),
88 VMSTATE_INT32(tx_fifo_done_len, smc91c111_state),
89 VMSTATE_INT32_ARRAY(tx_fifo_done, smc91c111_state, NUM_PACKETS),
90 VMSTATE_BUFFER_UNSAFE(data, smc91c111_state, 0, NUM_PACKETS * 2048),
91 VMSTATE_UINT8(int_level, smc91c111_state),
92 VMSTATE_UINT8(int_mask, smc91c111_state),
93 VMSTATE_END_OF_LIST()
94 }
95 };
96
97 #define RCR_SOFT_RST 0x8000
98 #define RCR_STRIP_CRC 0x0200
99 #define RCR_RXEN 0x0100
100
101 #define TCR_EPH_LOOP 0x2000
102 #define TCR_NOCRC 0x0100
103 #define TCR_PAD_EN 0x0080
104 #define TCR_FORCOL 0x0004
105 #define TCR_LOOP 0x0002
106 #define TCR_TXEN 0x0001
107
108 #define INT_MD 0x80
109 #define INT_ERCV 0x40
110 #define INT_EPH 0x20
111 #define INT_RX_OVRN 0x10
112 #define INT_ALLOC 0x08
113 #define INT_TX_EMPTY 0x04
114 #define INT_TX 0x02
115 #define INT_RCV 0x01
116
117 #define CTR_AUTO_RELEASE 0x0800
118 #define CTR_RELOAD 0x0002
119 #define CTR_STORE 0x0001
120
121 #define RS_ALGNERR 0x8000
122 #define RS_BRODCAST 0x4000
123 #define RS_BADCRC 0x2000
124 #define RS_ODDFRAME 0x1000
125 #define RS_TOOLONG 0x0800
126 #define RS_TOOSHORT 0x0400
127 #define RS_MULTICAST 0x0001
128
129 FIELD(PTR, PTR, 0, 11)
130 FIELD(PTR, NOT_EMPTY, 11, 1)
131 FIELD(PTR, RESERVED, 12, 1)
132 FIELD(PTR, READ, 13, 1)
133 FIELD(PTR, AUTOINCR, 14, 1)
134 FIELD(PTR, RCV, 15, 1)
135
packetnum_valid(int packet_num)136 static inline bool packetnum_valid(int packet_num)
137 {
138 return packet_num >= 0 && packet_num < NUM_PACKETS;
139 }
140
141 /* Update interrupt status. */
smc91c111_update(smc91c111_state * s)142 static void smc91c111_update(smc91c111_state *s)
143 {
144 int level;
145
146 if (s->tx_fifo_len == 0)
147 s->int_level |= INT_TX_EMPTY;
148 if (s->tx_fifo_done_len != 0)
149 s->int_level |= INT_TX;
150 level = (s->int_level & s->int_mask) != 0;
151 qemu_set_irq(s->irq, level);
152 }
153
smc91c111_can_receive(smc91c111_state * s)154 static bool smc91c111_can_receive(smc91c111_state *s)
155 {
156 if ((s->rcr & RCR_RXEN) == 0 || (s->rcr & RCR_SOFT_RST)) {
157 return true;
158 }
159 if (s->allocated == (1 << NUM_PACKETS) - 1 ||
160 s->rx_fifo_len == NUM_PACKETS) {
161 return false;
162 }
163 return true;
164 }
165
smc91c111_flush_queued_packets(smc91c111_state * s)166 static inline void smc91c111_flush_queued_packets(smc91c111_state *s)
167 {
168 if (smc91c111_can_receive(s)) {
169 qemu_flush_queued_packets(qemu_get_queue(s->nic));
170 }
171 }
172
173 /* Try to allocate a packet. Returns 0x80 on failure. */
smc91c111_allocate_packet(smc91c111_state * s)174 static int smc91c111_allocate_packet(smc91c111_state *s)
175 {
176 int i;
177 if (s->allocated == (1 << NUM_PACKETS) - 1) {
178 return 0x80;
179 }
180
181 for (i = 0; i < NUM_PACKETS; i++) {
182 if ((s->allocated & (1 << i)) == 0)
183 break;
184 }
185 s->allocated |= 1 << i;
186 return i;
187 }
188
189
190 /* Process a pending TX allocate. */
smc91c111_tx_alloc(smc91c111_state * s)191 static void smc91c111_tx_alloc(smc91c111_state *s)
192 {
193 s->tx_alloc = smc91c111_allocate_packet(s);
194 if (s->tx_alloc == 0x80)
195 return;
196 s->int_level |= INT_ALLOC;
197 smc91c111_update(s);
198 }
199
200 /* Remove and item from the RX FIFO. */
smc91c111_pop_rx_fifo(smc91c111_state * s)201 static void smc91c111_pop_rx_fifo(smc91c111_state *s)
202 {
203 int i;
204
205 if (s->rx_fifo_len == 0) {
206 /*
207 * The datasheet doesn't document what the behaviour is if the
208 * guest tries to pop an empty RX FIFO, and there's no obvious
209 * error status register to report it. Just ignore the attempt.
210 */
211 return;
212 }
213
214 s->rx_fifo_len--;
215 if (s->rx_fifo_len) {
216 for (i = 0; i < s->rx_fifo_len; i++)
217 s->rx_fifo[i] = s->rx_fifo[i + 1];
218 s->int_level |= INT_RCV;
219 } else {
220 s->int_level &= ~INT_RCV;
221 }
222 smc91c111_flush_queued_packets(s);
223 smc91c111_update(s);
224 }
225
226 /* Remove an item from the TX completion FIFO. */
smc91c111_pop_tx_fifo_done(smc91c111_state * s)227 static void smc91c111_pop_tx_fifo_done(smc91c111_state *s)
228 {
229 int i;
230
231 if (s->tx_fifo_done_len == 0)
232 return;
233 s->tx_fifo_done_len--;
234 for (i = 0; i < s->tx_fifo_done_len; i++)
235 s->tx_fifo_done[i] = s->tx_fifo_done[i + 1];
236 }
237
238 /* Release the memory allocated to a packet. */
smc91c111_release_packet(smc91c111_state * s,int packet)239 static void smc91c111_release_packet(smc91c111_state *s, int packet)
240 {
241 if (!packetnum_valid(packet)) {
242 /*
243 * Data sheet doesn't document behaviour in this guest error
244 * case, and there is no error status register to report it.
245 * Log and ignore the attempt.
246 */
247 qemu_log_mask(LOG_GUEST_ERROR,
248 "smc91c111: attempt to release invalid packet %d\n",
249 packet);
250 return;
251 }
252 s->allocated &= ~(1 << packet);
253 if (s->tx_alloc == 0x80)
254 smc91c111_tx_alloc(s);
255 smc91c111_flush_queued_packets(s);
256 }
257
smc91c111_complete_tx_packet(smc91c111_state * s,int packetnum)258 static void smc91c111_complete_tx_packet(smc91c111_state *s, int packetnum)
259 {
260 if (s->ctr & CTR_AUTO_RELEASE) {
261 /* Race? */
262 smc91c111_release_packet(s, packetnum);
263 } else if (s->tx_fifo_done_len < NUM_PACKETS) {
264 s->tx_fifo_done[s->tx_fifo_done_len++] = packetnum;
265 }
266 }
267
268 /* Flush the TX FIFO. */
smc91c111_do_tx(smc91c111_state * s)269 static void smc91c111_do_tx(smc91c111_state *s)
270 {
271 int i;
272 int len;
273 int control;
274 int packetnum;
275 uint8_t *p;
276
277 if ((s->tcr & TCR_TXEN) == 0)
278 return;
279 if (s->tx_fifo_len == 0)
280 return;
281 for (i = 0; i < s->tx_fifo_len; i++) {
282 packetnum = s->tx_fifo[i];
283 /* queue_tx checked the packet number was valid */
284 assert(packetnum_valid(packetnum));
285 p = &s->data[packetnum][0];
286 /* Set status word. */
287 *(p++) = 0x01;
288 *(p++) = 0x40;
289 len = *(p++);
290 len |= ((int)*(p++)) << 8;
291 if (len > MAX_PACKET_SIZE) {
292 /*
293 * Datasheet doesn't say what to do here, and there is no
294 * relevant tx error condition listed. Log, and drop the packet.
295 */
296 qemu_log_mask(LOG_GUEST_ERROR,
297 "smc91c111: tx packet with bad length %d, dropping\n",
298 len);
299 smc91c111_complete_tx_packet(s, packetnum);
300 continue;
301 }
302 len -= 6;
303 control = p[len + 1];
304 if (control & 0x20)
305 len++;
306 /* ??? This overwrites the data following the buffer.
307 Don't know what real hardware does. */
308 if (len < 64 && (s->tcr & TCR_PAD_EN)) {
309 memset(p + len, 0, 64 - len);
310 len = 64;
311 }
312 #if 0
313 {
314 int add_crc;
315
316 /* The card is supposed to append the CRC to the frame.
317 However none of the other network traffic has the CRC
318 appended. Suspect this is low level ethernet detail we
319 don't need to worry about. */
320 add_crc = (control & 0x10) || (s->tcr & TCR_NOCRC) == 0;
321 if (add_crc) {
322 uint32_t crc;
323
324 crc = crc32(~0, p, len);
325 memcpy(p + len, &crc, 4);
326 len += 4;
327 }
328 }
329 #endif
330 smc91c111_complete_tx_packet(s, packetnum);
331 qemu_send_packet(qemu_get_queue(s->nic), p, len);
332 }
333 s->tx_fifo_len = 0;
334 smc91c111_update(s);
335 }
336
337 /* Add a packet to the TX FIFO. */
smc91c111_queue_tx(smc91c111_state * s,int packet)338 static void smc91c111_queue_tx(smc91c111_state *s, int packet)
339 {
340 if (!packetnum_valid(packet)) {
341 /*
342 * Datasheet doesn't document behaviour in this error case, and
343 * there's no error status register we could report it in.
344 * Log and ignore.
345 */
346 qemu_log_mask(LOG_GUEST_ERROR,
347 "smc91c111: attempt to queue invalid packet %d\n",
348 packet);
349 return;
350 }
351 if (s->tx_fifo_len == NUM_PACKETS)
352 return;
353 s->tx_fifo[s->tx_fifo_len++] = packet;
354 smc91c111_do_tx(s);
355 }
356
smc91c111_reset(DeviceState * dev)357 static void smc91c111_reset(DeviceState *dev)
358 {
359 smc91c111_state *s = SMC91C111(dev);
360
361 s->bank = 0;
362 s->tx_fifo_len = 0;
363 s->tx_fifo_done_len = 0;
364 s->rx_fifo_len = 0;
365 s->allocated = 0;
366 s->packet_num = 0;
367 s->tx_alloc = 0;
368 s->tcr = 0;
369 s->rcr = 0;
370 s->cr = 0xa0b1;
371 s->ctr = 0x1210;
372 s->ptr = 0;
373 s->ercv = 0x1f;
374 s->int_level = INT_TX_EMPTY;
375 s->int_mask = 0;
376 smc91c111_update(s);
377 }
378
379 #define SET_LOW(name, val) s->name = (s->name & 0xff00) | val
380 #define SET_HIGH(name, val) s->name = (s->name & 0xff) | (val << 8)
381
382 /*
383 * The pointer register's pointer is an 11 bit value (so it exactly
384 * indexes a 2048-byte data frame). Add the specified offset to it,
385 * wrapping around at the 2048 byte mark, and return the resulting
386 * wrapped value. There are flag bits in the top part of the register,
387 * but we can ignore them here as the mask will mask them out.
388 */
ptr_reg_add(smc91c111_state * s,int offset)389 static int ptr_reg_add(smc91c111_state *s, int offset)
390 {
391 return (s->ptr + offset) & R_PTR_PTR_MASK;
392 }
393
394 /*
395 * For an access to the Data Register at @offset, return the
396 * required offset into the packet's data frame. This will
397 * perform the pointer register autoincrement if required, and
398 * guarantees to return an in-bounds offset.
399 */
data_reg_ptr(smc91c111_state * s,int offset)400 static int data_reg_ptr(smc91c111_state *s, int offset)
401 {
402 int p;
403
404 if (s->ptr & R_PTR_AUTOINCR_MASK) {
405 /*
406 * Autoincrement: use the current pointer value, and
407 * increment the pointer register's pointer field.
408 */
409 p = FIELD_EX32(s->ptr, PTR, PTR);
410 s->ptr = FIELD_DP32(s->ptr, PTR, PTR, ptr_reg_add(s, 1));
411 } else {
412 /*
413 * No autoincrement: register offset determines which
414 * byte we're addressing. Setting the pointer to the top
415 * of the data buffer and then using the pointer wrapping
416 * to read the bottom byte of the buffer is not something
417 * sensible guest software will do, but the datasheet
418 * doesn't say what the behaviour is, so we don't forbid it.
419 */
420 p = ptr_reg_add(s, offset & 3);
421 }
422 return p;
423 }
424
smc91c111_writeb(void * opaque,hwaddr offset,uint32_t value)425 static void smc91c111_writeb(void *opaque, hwaddr offset,
426 uint32_t value)
427 {
428 smc91c111_state *s = (smc91c111_state *)opaque;
429
430 offset = offset & 0xf;
431 if (offset == 14) {
432 s->bank = value;
433 return;
434 }
435 if (offset == 15)
436 return;
437 switch (s->bank) {
438 case 0:
439 switch (offset) {
440 case 0: /* TCR */
441 SET_LOW(tcr, value);
442 return;
443 case 1:
444 SET_HIGH(tcr, value);
445 return;
446 case 4: /* RCR */
447 SET_LOW(rcr, value);
448 return;
449 case 5:
450 SET_HIGH(rcr, value);
451 if (s->rcr & RCR_SOFT_RST) {
452 smc91c111_reset(DEVICE(s));
453 }
454 smc91c111_flush_queued_packets(s);
455 return;
456 case 10: case 11: /* RPCR */
457 /* Ignored */
458 return;
459 case 12: case 13: /* Reserved */
460 return;
461 }
462 break;
463
464 case 1:
465 switch (offset) {
466 case 0: /* CONFIG */
467 SET_LOW(cr, value);
468 return;
469 case 1:
470 SET_HIGH(cr,value);
471 return;
472 case 2: case 3: /* BASE */
473 case 4: case 5: case 6: case 7: case 8: case 9: /* IA */
474 /* Not implemented. */
475 return;
476 case 10: /* General Purpose */
477 SET_LOW(gpr, value);
478 return;
479 case 11:
480 SET_HIGH(gpr, value);
481 return;
482 case 12: /* Control */
483 if (value & 1) {
484 qemu_log_mask(LOG_UNIMP,
485 "smc91c111: EEPROM store not implemented\n");
486 }
487 if (value & 2) {
488 qemu_log_mask(LOG_UNIMP,
489 "smc91c111: EEPROM reload not implemented\n");
490 }
491 value &= ~3;
492 SET_LOW(ctr, value);
493 return;
494 case 13:
495 SET_HIGH(ctr, value);
496 return;
497 }
498 break;
499
500 case 2:
501 switch (offset) {
502 case 0: /* MMU Command */
503 switch (value >> 5) {
504 case 0: /* no-op */
505 break;
506 case 1: /* Allocate for TX. */
507 s->tx_alloc = 0x80;
508 s->int_level &= ~INT_ALLOC;
509 smc91c111_update(s);
510 smc91c111_tx_alloc(s);
511 break;
512 case 2: /* Reset MMU. */
513 s->allocated = 0;
514 s->tx_fifo_len = 0;
515 s->tx_fifo_done_len = 0;
516 s->rx_fifo_len = 0;
517 s->tx_alloc = 0;
518 break;
519 case 3: /* Remove from RX FIFO. */
520 smc91c111_pop_rx_fifo(s);
521 break;
522 case 4: /* Remove from RX FIFO and release. */
523 if (s->rx_fifo_len > 0) {
524 smc91c111_release_packet(s, s->rx_fifo[0]);
525 }
526 smc91c111_pop_rx_fifo(s);
527 break;
528 case 5: /* Release. */
529 smc91c111_release_packet(s, s->packet_num);
530 break;
531 case 6: /* Add to TX FIFO. */
532 smc91c111_queue_tx(s, s->packet_num);
533 break;
534 case 7: /* Reset TX FIFO. */
535 s->tx_fifo_len = 0;
536 s->tx_fifo_done_len = 0;
537 break;
538 }
539 return;
540 case 1:
541 /* Ignore. */
542 return;
543 case 2: /* Packet Number Register */
544 s->packet_num = value;
545 return;
546 case 3: case 4: case 5:
547 /* Should be readonly, but linux writes to them anyway. Ignore. */
548 return;
549 case 6: /* Pointer */
550 SET_LOW(ptr, value);
551 return;
552 case 7:
553 SET_HIGH(ptr, value);
554 return;
555 case 8: case 9: case 10: case 11: /* Data */
556 {
557 int p;
558 int n;
559
560 if (s->ptr & 0x8000)
561 n = s->rx_fifo[0];
562 else
563 n = s->packet_num;
564 if (!packetnum_valid(n)) {
565 /* Datasheet doesn't document what to do here */
566 qemu_log_mask(LOG_GUEST_ERROR,
567 "smc91c111: attempt to write data to invalid packet %d\n",
568 n);
569 return;
570 }
571 p = data_reg_ptr(s, offset);
572 s->data[n][p] = value;
573 }
574 return;
575 case 12: /* Interrupt ACK. */
576 s->int_level &= ~(value & 0xd6);
577 if (value & INT_TX)
578 smc91c111_pop_tx_fifo_done(s);
579 smc91c111_update(s);
580 return;
581 case 13: /* Interrupt mask. */
582 s->int_mask = value;
583 smc91c111_update(s);
584 return;
585 }
586 break;
587
588 case 3:
589 switch (offset) {
590 case 0: case 1: case 2: case 3: case 4: case 5: case 6: case 7:
591 /* Multicast table. */
592 /* Not implemented. */
593 return;
594 case 8: case 9: /* Management Interface. */
595 /* Not implemented. */
596 return;
597 case 12: /* Early receive. */
598 s->ercv = value & 0x1f;
599 return;
600 case 13:
601 /* Ignore. */
602 return;
603 }
604 break;
605 }
606 qemu_log_mask(LOG_GUEST_ERROR, "smc91c111_write(bank:%d) Illegal register"
607 " 0x%" HWADDR_PRIx " = 0x%x\n",
608 s->bank, offset, value);
609 }
610
smc91c111_readb(void * opaque,hwaddr offset)611 static uint32_t smc91c111_readb(void *opaque, hwaddr offset)
612 {
613 smc91c111_state *s = (smc91c111_state *)opaque;
614
615 offset = offset & 0xf;
616 if (offset == 14) {
617 return s->bank;
618 }
619 if (offset == 15)
620 return 0x33;
621 switch (s->bank) {
622 case 0:
623 switch (offset) {
624 case 0: /* TCR */
625 return s->tcr & 0xff;
626 case 1:
627 return s->tcr >> 8;
628 case 2: /* EPH Status */
629 return 0;
630 case 3:
631 return 0x40;
632 case 4: /* RCR */
633 return s->rcr & 0xff;
634 case 5:
635 return s->rcr >> 8;
636 case 6: /* Counter */
637 case 7:
638 /* Not implemented. */
639 return 0;
640 case 8: /* Memory size. */
641 return NUM_PACKETS;
642 case 9: /* Free memory available. */
643 {
644 int i;
645 int n;
646 n = 0;
647 for (i = 0; i < NUM_PACKETS; i++) {
648 if (s->allocated & (1 << i))
649 n++;
650 }
651 return n;
652 }
653 case 10: case 11: /* RPCR */
654 /* Not implemented. */
655 return 0;
656 case 12: case 13: /* Reserved */
657 return 0;
658 }
659 break;
660
661 case 1:
662 switch (offset) {
663 case 0: /* CONFIG */
664 return s->cr & 0xff;
665 case 1:
666 return s->cr >> 8;
667 case 2: case 3: /* BASE */
668 /* Not implemented. */
669 return 0;
670 case 4: case 5: case 6: case 7: case 8: case 9: /* IA */
671 return s->conf.macaddr.a[offset - 4];
672 case 10: /* General Purpose */
673 return s->gpr & 0xff;
674 case 11:
675 return s->gpr >> 8;
676 case 12: /* Control */
677 return s->ctr & 0xff;
678 case 13:
679 return s->ctr >> 8;
680 }
681 break;
682
683 case 2:
684 switch (offset) {
685 case 0: case 1: /* MMUCR Busy bit. */
686 return 0;
687 case 2: /* Packet Number. */
688 return s->packet_num;
689 case 3: /* Allocation Result. */
690 return s->tx_alloc;
691 case 4: /* TX FIFO */
692 if (s->tx_fifo_done_len == 0)
693 return 0x80;
694 else
695 return s->tx_fifo_done[0];
696 case 5: /* RX FIFO */
697 if (s->rx_fifo_len == 0)
698 return 0x80;
699 else
700 return s->rx_fifo[0];
701 case 6: /* Pointer */
702 return s->ptr & 0xff;
703 case 7:
704 return (s->ptr >> 8) & 0xf7;
705 case 8: case 9: case 10: case 11: /* Data */
706 {
707 int p;
708 int n;
709
710 if (s->ptr & 0x8000)
711 n = s->rx_fifo[0];
712 else
713 n = s->packet_num;
714 if (!packetnum_valid(n)) {
715 /* Datasheet doesn't document what to do here */
716 qemu_log_mask(LOG_GUEST_ERROR,
717 "smc91c111: attempt to read data from invalid packet %d\n",
718 n);
719 return 0;
720 }
721 p = data_reg_ptr(s, offset);
722 return s->data[n][p];
723 }
724 case 12: /* Interrupt status. */
725 return s->int_level;
726 case 13: /* Interrupt mask. */
727 return s->int_mask;
728 }
729 break;
730
731 case 3:
732 switch (offset) {
733 case 0: case 1: case 2: case 3: case 4: case 5: case 6: case 7:
734 /* Multicast table. */
735 /* Not implemented. */
736 return 0;
737 case 8: /* Management Interface. */
738 /* Not implemented. */
739 return 0x30;
740 case 9:
741 return 0x33;
742 case 10: /* Revision. */
743 return 0x91;
744 case 11:
745 return 0x33;
746 case 12:
747 return s->ercv;
748 case 13:
749 return 0;
750 }
751 break;
752 }
753 qemu_log_mask(LOG_GUEST_ERROR, "smc91c111_read(bank:%d) Illegal register"
754 " 0x%" HWADDR_PRIx "\n",
755 s->bank, offset);
756 return 0;
757 }
758
smc91c111_readfn(void * opaque,hwaddr addr,unsigned size)759 static uint64_t smc91c111_readfn(void *opaque, hwaddr addr, unsigned size)
760 {
761 int i;
762 uint32_t val = 0;
763
764 for (i = 0; i < size; i++) {
765 val |= smc91c111_readb(opaque, addr + i) << (i * 8);
766 }
767 return val;
768 }
769
smc91c111_writefn(void * opaque,hwaddr addr,uint64_t value,unsigned size)770 static void smc91c111_writefn(void *opaque, hwaddr addr,
771 uint64_t value, unsigned size)
772 {
773 int i = 0;
774
775 /* 32-bit writes to offset 0xc only actually write to the bank select
776 * register (offset 0xe), so skip the first two bytes we would write.
777 */
778 if (addr == 0xc && size == 4) {
779 i += 2;
780 }
781
782 for (; i < size; i++) {
783 smc91c111_writeb(opaque, addr + i,
784 extract32(value, i * 8, 8));
785 }
786 }
787
smc91c111_can_receive_nc(NetClientState * nc)788 static bool smc91c111_can_receive_nc(NetClientState *nc)
789 {
790 smc91c111_state *s = qemu_get_nic_opaque(nc);
791
792 return smc91c111_can_receive(s);
793 }
794
smc91c111_receive(NetClientState * nc,const uint8_t * buf,size_t size)795 static ssize_t smc91c111_receive(NetClientState *nc, const uint8_t *buf, size_t size)
796 {
797 smc91c111_state *s = qemu_get_nic_opaque(nc);
798 int status;
799 int packetsize;
800 uint32_t crc;
801 int packetnum;
802 uint8_t *p;
803
804 if ((s->rcr & RCR_RXEN) == 0 || (s->rcr & RCR_SOFT_RST))
805 return -1;
806 /* Short packets are padded with zeros. Receiving a packet
807 < 64 bytes long is considered an error condition. */
808 if (size < 64)
809 packetsize = 64;
810 else
811 packetsize = (size & ~1);
812 packetsize += 6;
813 crc = (s->rcr & RCR_STRIP_CRC) == 0;
814 if (crc)
815 packetsize += 4;
816 /* TODO: Flag overrun and receive errors. */
817 if (packetsize > 2048)
818 return -1;
819 packetnum = smc91c111_allocate_packet(s);
820 if (packetnum == 0x80)
821 return -1;
822 s->rx_fifo[s->rx_fifo_len++] = packetnum;
823
824 /* allocate_packet() will not hand us back an invalid packet number */
825 assert(packetnum_valid(packetnum));
826 p = &s->data[packetnum][0];
827 /* ??? Multicast packets? */
828 status = 0;
829 if (size > 1518)
830 status |= RS_TOOLONG;
831 if (size & 1)
832 status |= RS_ODDFRAME;
833 *(p++) = status & 0xff;
834 *(p++) = status >> 8;
835 *(p++) = packetsize & 0xff;
836 *(p++) = packetsize >> 8;
837 memcpy(p, buf, size & ~1);
838 p += (size & ~1);
839 /* Pad short packets. */
840 if (size < 64) {
841 int pad;
842
843 if (size & 1)
844 *(p++) = buf[size - 1];
845 pad = 64 - size;
846 memset(p, 0, pad);
847 p += pad;
848 size = 64;
849 }
850 /* It's not clear if the CRC should go before or after the last byte in
851 odd sized packets. Linux disables the CRC, so that's no help.
852 The pictures in the documentation show the CRC aligned on a 16-bit
853 boundary before the last odd byte, so that's what we do. */
854 if (crc) {
855 crc = crc32(~0, buf, size);
856 *(p++) = crc & 0xff; crc >>= 8;
857 *(p++) = crc & 0xff; crc >>= 8;
858 *(p++) = crc & 0xff; crc >>= 8;
859 *(p++) = crc & 0xff;
860 }
861 if (size & 1) {
862 *(p++) = buf[size - 1];
863 *p = 0x60;
864 } else {
865 *(p++) = 0;
866 *p = 0x40;
867 }
868 /* TODO: Raise early RX interrupt? */
869 s->int_level |= INT_RCV;
870 smc91c111_update(s);
871
872 return size;
873 }
874
875 static const MemoryRegionOps smc91c111_mem_ops = {
876 /* The special case for 32 bit writes to 0xc means we can't just
877 * set .impl.min/max_access_size to 1, unfortunately
878 */
879 .read = smc91c111_readfn,
880 .write = smc91c111_writefn,
881 .valid.min_access_size = 1,
882 .valid.max_access_size = 4,
883 .endianness = DEVICE_NATIVE_ENDIAN,
884 };
885
886 static NetClientInfo net_smc91c111_info = {
887 .type = NET_CLIENT_DRIVER_NIC,
888 .size = sizeof(NICState),
889 .can_receive = smc91c111_can_receive_nc,
890 .receive = smc91c111_receive,
891 };
892
smc91c111_realize(DeviceState * dev,Error ** errp)893 static void smc91c111_realize(DeviceState *dev, Error **errp)
894 {
895 SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
896 smc91c111_state *s = SMC91C111(dev);
897
898 memory_region_init_io(&s->mmio, OBJECT(s), &smc91c111_mem_ops, s,
899 "smc91c111-mmio", 16);
900 sysbus_init_mmio(sbd, &s->mmio);
901 sysbus_init_irq(sbd, &s->irq);
902 qemu_macaddr_default_if_unset(&s->conf.macaddr);
903 s->nic = qemu_new_nic(&net_smc91c111_info, &s->conf,
904 object_get_typename(OBJECT(dev)), dev->id,
905 &dev->mem_reentrancy_guard, s);
906 qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a);
907 /* ??? Save/restore. */
908 }
909
910 static Property smc91c111_properties[] = {
911 DEFINE_NIC_PROPERTIES(smc91c111_state, conf),
912 DEFINE_PROP_END_OF_LIST(),
913 };
914
smc91c111_class_init(ObjectClass * klass,void * data)915 static void smc91c111_class_init(ObjectClass *klass, void *data)
916 {
917 DeviceClass *dc = DEVICE_CLASS(klass);
918
919 dc->realize = smc91c111_realize;
920 device_class_set_legacy_reset(dc, smc91c111_reset);
921 dc->vmsd = &vmstate_smc91c111;
922 device_class_set_props(dc, smc91c111_properties);
923 }
924
925 static const TypeInfo smc91c111_info = {
926 .name = TYPE_SMC91C111,
927 .parent = TYPE_SYS_BUS_DEVICE,
928 .instance_size = sizeof(smc91c111_state),
929 .class_init = smc91c111_class_init,
930 };
931
smc91c111_register_types(void)932 static void smc91c111_register_types(void)
933 {
934 type_register_static(&smc91c111_info);
935 }
936
937 /* Legacy helper function. Should go away when machine config files are
938 implemented. */
smc91c111_init(uint32_t base,qemu_irq irq)939 void smc91c111_init(uint32_t base, qemu_irq irq)
940 {
941 DeviceState *dev;
942 SysBusDevice *s;
943
944 dev = qdev_new(TYPE_SMC91C111);
945 qemu_configure_nic_device(dev, true, NULL);
946 s = SYS_BUS_DEVICE(dev);
947 sysbus_realize_and_unref(s, &error_fatal);
948 sysbus_mmio_map(s, 0, base);
949 sysbus_connect_irq(s, 0, irq);
950 }
951
952 type_init(smc91c111_register_types)
953