1 /* 2 * SMSC LAN9118 Ethernet interface emulation 3 * 4 * Copyright (c) 2009 CodeSourcery, LLC. 5 * Written by Paul Brook 6 * 7 * This code is licensed under the GNU GPL v2 8 * 9 * Contributions after 2012-01-13 are licensed under the terms of the 10 * GNU GPL, version 2 or (at your option) any later version. 11 */ 12 13 #include "qemu/osdep.h" 14 #include "hw/sysbus.h" 15 #include "migration/vmstate.h" 16 #include "net/net.h" 17 #include "net/eth.h" 18 #include "hw/irq.h" 19 #include "hw/net/lan9118.h" 20 #include "hw/ptimer.h" 21 #include "hw/qdev-properties.h" 22 #include "qapi/error.h" 23 #include "qemu/log.h" 24 #include "qemu/module.h" 25 #include <zlib.h> /* for crc32 */ 26 #include "qom/object.h" 27 28 //#define DEBUG_LAN9118 29 30 #ifdef DEBUG_LAN9118 31 #define DPRINTF(fmt, ...) \ 32 do { printf("lan9118: " fmt , ## __VA_ARGS__); } while (0) 33 #else 34 #define DPRINTF(fmt, ...) do {} while(0) 35 #endif 36 37 /* The tx and rx fifo ports are a range of aliased 32-bit registers */ 38 #define RX_DATA_FIFO_PORT_FIRST 0x00 39 #define RX_DATA_FIFO_PORT_LAST 0x1f 40 #define TX_DATA_FIFO_PORT_FIRST 0x20 41 #define TX_DATA_FIFO_PORT_LAST 0x3f 42 43 #define RX_STATUS_FIFO_PORT 0x40 44 #define RX_STATUS_FIFO_PEEK 0x44 45 #define TX_STATUS_FIFO_PORT 0x48 46 #define TX_STATUS_FIFO_PEEK 0x4c 47 48 #define CSR_ID_REV 0x50 49 #define CSR_IRQ_CFG 0x54 50 #define CSR_INT_STS 0x58 51 #define CSR_INT_EN 0x5c 52 #define CSR_BYTE_TEST 0x64 53 #define CSR_FIFO_INT 0x68 54 #define CSR_RX_CFG 0x6c 55 #define CSR_TX_CFG 0x70 56 #define CSR_HW_CFG 0x74 57 #define CSR_RX_DP_CTRL 0x78 58 #define CSR_RX_FIFO_INF 0x7c 59 #define CSR_TX_FIFO_INF 0x80 60 #define CSR_PMT_CTRL 0x84 61 #define CSR_GPIO_CFG 0x88 62 #define CSR_GPT_CFG 0x8c 63 #define CSR_GPT_CNT 0x90 64 #define CSR_WORD_SWAP 0x98 65 #define CSR_FREE_RUN 0x9c 66 #define CSR_RX_DROP 0xa0 67 #define CSR_MAC_CSR_CMD 0xa4 68 #define CSR_MAC_CSR_DATA 0xa8 69 #define CSR_AFC_CFG 0xac 70 #define CSR_E2P_CMD 0xb0 71 #define CSR_E2P_DATA 0xb4 72 73 #define E2P_CMD_MAC_ADDR_LOADED 0x100 74 75 /* IRQ_CFG */ 76 #define IRQ_INT 0x00001000 77 #define IRQ_EN 0x00000100 78 #define IRQ_POL 0x00000010 79 #define IRQ_TYPE 0x00000001 80 81 /* INT_STS/INT_EN */ 82 #define SW_INT 0x80000000 83 #define TXSTOP_INT 0x02000000 84 #define RXSTOP_INT 0x01000000 85 #define RXDFH_INT 0x00800000 86 #define TX_IOC_INT 0x00200000 87 #define RXD_INT 0x00100000 88 #define GPT_INT 0x00080000 89 #define PHY_INT 0x00040000 90 #define PME_INT 0x00020000 91 #define TXSO_INT 0x00010000 92 #define RWT_INT 0x00008000 93 #define RXE_INT 0x00004000 94 #define TXE_INT 0x00002000 95 #define TDFU_INT 0x00000800 96 #define TDFO_INT 0x00000400 97 #define TDFA_INT 0x00000200 98 #define TSFF_INT 0x00000100 99 #define TSFL_INT 0x00000080 100 #define RXDF_INT 0x00000040 101 #define RDFL_INT 0x00000020 102 #define RSFF_INT 0x00000010 103 #define RSFL_INT 0x00000008 104 #define GPIO2_INT 0x00000004 105 #define GPIO1_INT 0x00000002 106 #define GPIO0_INT 0x00000001 107 #define RESERVED_INT 0x7c001000 108 109 #define MAC_CR 1 110 #define MAC_ADDRH 2 111 #define MAC_ADDRL 3 112 #define MAC_HASHH 4 113 #define MAC_HASHL 5 114 #define MAC_MII_ACC 6 115 #define MAC_MII_DATA 7 116 #define MAC_FLOW 8 117 #define MAC_VLAN1 9 /* TODO */ 118 #define MAC_VLAN2 10 /* TODO */ 119 #define MAC_WUFF 11 /* TODO */ 120 #define MAC_WUCSR 12 /* TODO */ 121 122 #define MAC_CR_RXALL 0x80000000 123 #define MAC_CR_RCVOWN 0x00800000 124 #define MAC_CR_LOOPBK 0x00200000 125 #define MAC_CR_FDPX 0x00100000 126 #define MAC_CR_MCPAS 0x00080000 127 #define MAC_CR_PRMS 0x00040000 128 #define MAC_CR_INVFILT 0x00020000 129 #define MAC_CR_PASSBAD 0x00010000 130 #define MAC_CR_HO 0x00008000 131 #define MAC_CR_HPFILT 0x00002000 132 #define MAC_CR_LCOLL 0x00001000 133 #define MAC_CR_BCAST 0x00000800 134 #define MAC_CR_DISRTY 0x00000400 135 #define MAC_CR_PADSTR 0x00000100 136 #define MAC_CR_BOLMT 0x000000c0 137 #define MAC_CR_DFCHK 0x00000020 138 #define MAC_CR_TXEN 0x00000008 139 #define MAC_CR_RXEN 0x00000004 140 #define MAC_CR_RESERVED 0x7f404213 141 142 #define PHY_INT_ENERGYON 0x80 143 #define PHY_INT_AUTONEG_COMPLETE 0x40 144 #define PHY_INT_FAULT 0x20 145 #define PHY_INT_DOWN 0x10 146 #define PHY_INT_AUTONEG_LP 0x08 147 #define PHY_INT_PARFAULT 0x04 148 #define PHY_INT_AUTONEG_PAGE 0x02 149 150 #define GPT_TIMER_EN 0x20000000 151 152 /* 153 * The MAC Interface Layer (MIL), within the MAC, contains a 2K Byte transmit 154 * and a 128 Byte receive FIFO which is separate from the TX and RX FIFOs. 155 */ 156 #define MIL_TXFIFO_SIZE 2048 157 158 enum tx_state { 159 TX_IDLE, 160 TX_B, 161 TX_DATA 162 }; 163 164 typedef struct { 165 /* state is a tx_state but we can't put enums in VMStateDescriptions. */ 166 uint32_t state; 167 uint32_t cmd_a; 168 uint32_t cmd_b; 169 int32_t buffer_size; 170 int32_t offset; 171 int32_t pad; 172 int32_t fifo_used; 173 int32_t len; 174 uint8_t data[MIL_TXFIFO_SIZE]; 175 } LAN9118Packet; 176 177 static const VMStateDescription vmstate_lan9118_packet = { 178 .name = "lan9118_packet", 179 .version_id = 1, 180 .minimum_version_id = 1, 181 .fields = (const VMStateField[]) { 182 VMSTATE_UINT32(state, LAN9118Packet), 183 VMSTATE_UINT32(cmd_a, LAN9118Packet), 184 VMSTATE_UINT32(cmd_b, LAN9118Packet), 185 VMSTATE_INT32(buffer_size, LAN9118Packet), 186 VMSTATE_INT32(offset, LAN9118Packet), 187 VMSTATE_INT32(pad, LAN9118Packet), 188 VMSTATE_INT32(fifo_used, LAN9118Packet), 189 VMSTATE_INT32(len, LAN9118Packet), 190 VMSTATE_UINT8_ARRAY(data, LAN9118Packet, MIL_TXFIFO_SIZE), 191 VMSTATE_END_OF_LIST() 192 } 193 }; 194 195 OBJECT_DECLARE_SIMPLE_TYPE(lan9118_state, LAN9118) 196 197 struct lan9118_state { 198 SysBusDevice parent_obj; 199 200 NICState *nic; 201 NICConf conf; 202 qemu_irq irq; 203 MemoryRegion mmio; 204 ptimer_state *timer; 205 206 uint32_t irq_cfg; 207 uint32_t int_sts; 208 uint32_t int_en; 209 uint32_t fifo_int; 210 uint32_t rx_cfg; 211 uint32_t tx_cfg; 212 uint32_t hw_cfg; 213 uint32_t pmt_ctrl; 214 uint32_t gpio_cfg; 215 uint32_t gpt_cfg; 216 uint32_t word_swap; 217 uint32_t free_timer_start; 218 uint32_t mac_cmd; 219 uint32_t mac_data; 220 uint32_t afc_cfg; 221 uint32_t e2p_cmd; 222 uint32_t e2p_data; 223 224 uint32_t mac_cr; 225 uint32_t mac_hashh; 226 uint32_t mac_hashl; 227 uint32_t mac_mii_acc; 228 uint32_t mac_mii_data; 229 uint32_t mac_flow; 230 231 uint32_t phy_status; 232 uint32_t phy_control; 233 uint32_t phy_advertise; 234 uint32_t phy_int; 235 uint32_t phy_int_mask; 236 237 int32_t eeprom_writable; 238 uint8_t eeprom[128]; 239 240 int32_t tx_fifo_size; 241 LAN9118Packet *txp; 242 LAN9118Packet tx_packet; 243 244 int32_t tx_status_fifo_used; 245 int32_t tx_status_fifo_head; 246 uint32_t tx_status_fifo[512]; 247 248 int32_t rx_status_fifo_size; 249 int32_t rx_status_fifo_used; 250 int32_t rx_status_fifo_head; 251 uint32_t rx_status_fifo[896]; 252 int32_t rx_fifo_size; 253 int32_t rx_fifo_used; 254 int32_t rx_fifo_head; 255 uint32_t rx_fifo[3360]; 256 int32_t rx_packet_size_head; 257 int32_t rx_packet_size_tail; 258 int32_t rx_packet_size[1024]; 259 260 int32_t rxp_offset; 261 int32_t rxp_size; 262 int32_t rxp_pad; 263 264 uint32_t write_word_prev_offset; 265 uint32_t write_word_n; 266 uint16_t write_word_l; 267 uint16_t write_word_h; 268 uint32_t read_word_prev_offset; 269 uint32_t read_word_n; 270 uint32_t read_long; 271 272 uint32_t mode_16bit; 273 }; 274 275 static const VMStateDescription vmstate_lan9118 = { 276 .name = "lan9118", 277 .version_id = 2, 278 .minimum_version_id = 1, 279 .fields = (const VMStateField[]) { 280 VMSTATE_PTIMER(timer, lan9118_state), 281 VMSTATE_UINT32(irq_cfg, lan9118_state), 282 VMSTATE_UINT32(int_sts, lan9118_state), 283 VMSTATE_UINT32(int_en, lan9118_state), 284 VMSTATE_UINT32(fifo_int, lan9118_state), 285 VMSTATE_UINT32(rx_cfg, lan9118_state), 286 VMSTATE_UINT32(tx_cfg, lan9118_state), 287 VMSTATE_UINT32(hw_cfg, lan9118_state), 288 VMSTATE_UINT32(pmt_ctrl, lan9118_state), 289 VMSTATE_UINT32(gpio_cfg, lan9118_state), 290 VMSTATE_UINT32(gpt_cfg, lan9118_state), 291 VMSTATE_UINT32(word_swap, lan9118_state), 292 VMSTATE_UINT32(free_timer_start, lan9118_state), 293 VMSTATE_UINT32(mac_cmd, lan9118_state), 294 VMSTATE_UINT32(mac_data, lan9118_state), 295 VMSTATE_UINT32(afc_cfg, lan9118_state), 296 VMSTATE_UINT32(e2p_cmd, lan9118_state), 297 VMSTATE_UINT32(e2p_data, lan9118_state), 298 VMSTATE_UINT32(mac_cr, lan9118_state), 299 VMSTATE_UINT32(mac_hashh, lan9118_state), 300 VMSTATE_UINT32(mac_hashl, lan9118_state), 301 VMSTATE_UINT32(mac_mii_acc, lan9118_state), 302 VMSTATE_UINT32(mac_mii_data, lan9118_state), 303 VMSTATE_UINT32(mac_flow, lan9118_state), 304 VMSTATE_UINT32(phy_status, lan9118_state), 305 VMSTATE_UINT32(phy_control, lan9118_state), 306 VMSTATE_UINT32(phy_advertise, lan9118_state), 307 VMSTATE_UINT32(phy_int, lan9118_state), 308 VMSTATE_UINT32(phy_int_mask, lan9118_state), 309 VMSTATE_INT32(eeprom_writable, lan9118_state), 310 VMSTATE_UINT8_ARRAY(eeprom, lan9118_state, 128), 311 VMSTATE_INT32(tx_fifo_size, lan9118_state), 312 /* txp always points at tx_packet so need not be saved */ 313 VMSTATE_STRUCT(tx_packet, lan9118_state, 0, 314 vmstate_lan9118_packet, LAN9118Packet), 315 VMSTATE_INT32(tx_status_fifo_used, lan9118_state), 316 VMSTATE_INT32(tx_status_fifo_head, lan9118_state), 317 VMSTATE_UINT32_ARRAY(tx_status_fifo, lan9118_state, 512), 318 VMSTATE_INT32(rx_status_fifo_size, lan9118_state), 319 VMSTATE_INT32(rx_status_fifo_used, lan9118_state), 320 VMSTATE_INT32(rx_status_fifo_head, lan9118_state), 321 VMSTATE_UINT32_ARRAY(rx_status_fifo, lan9118_state, 896), 322 VMSTATE_INT32(rx_fifo_size, lan9118_state), 323 VMSTATE_INT32(rx_fifo_used, lan9118_state), 324 VMSTATE_INT32(rx_fifo_head, lan9118_state), 325 VMSTATE_UINT32_ARRAY(rx_fifo, lan9118_state, 3360), 326 VMSTATE_INT32(rx_packet_size_head, lan9118_state), 327 VMSTATE_INT32(rx_packet_size_tail, lan9118_state), 328 VMSTATE_INT32_ARRAY(rx_packet_size, lan9118_state, 1024), 329 VMSTATE_INT32(rxp_offset, lan9118_state), 330 VMSTATE_INT32(rxp_size, lan9118_state), 331 VMSTATE_INT32(rxp_pad, lan9118_state), 332 VMSTATE_UINT32_V(write_word_prev_offset, lan9118_state, 2), 333 VMSTATE_UINT32_V(write_word_n, lan9118_state, 2), 334 VMSTATE_UINT16_V(write_word_l, lan9118_state, 2), 335 VMSTATE_UINT16_V(write_word_h, lan9118_state, 2), 336 VMSTATE_UINT32_V(read_word_prev_offset, lan9118_state, 2), 337 VMSTATE_UINT32_V(read_word_n, lan9118_state, 2), 338 VMSTATE_UINT32_V(read_long, lan9118_state, 2), 339 VMSTATE_UINT32_V(mode_16bit, lan9118_state, 2), 340 VMSTATE_END_OF_LIST() 341 } 342 }; 343 lan9118_update(lan9118_state * s)344 static void lan9118_update(lan9118_state *s) 345 { 346 int level; 347 348 /* TODO: Implement FIFO level IRQs. */ 349 level = (s->int_sts & s->int_en) != 0; 350 if (level) { 351 s->irq_cfg |= IRQ_INT; 352 } else { 353 s->irq_cfg &= ~IRQ_INT; 354 } 355 if ((s->irq_cfg & IRQ_EN) == 0) { 356 level = 0; 357 } 358 if ((s->irq_cfg & (IRQ_TYPE | IRQ_POL)) != (IRQ_TYPE | IRQ_POL)) { 359 /* Interrupt is active low unless we're configured as 360 * active-high polarity, push-pull type. 361 */ 362 level = !level; 363 } 364 qemu_set_irq(s->irq, level); 365 } 366 lan9118_mac_changed(lan9118_state * s)367 static void lan9118_mac_changed(lan9118_state *s) 368 { 369 qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a); 370 } 371 lan9118_reload_eeprom(lan9118_state * s)372 static void lan9118_reload_eeprom(lan9118_state *s) 373 { 374 int i; 375 if (s->eeprom[0] != 0xa5) { 376 s->e2p_cmd &= ~E2P_CMD_MAC_ADDR_LOADED; 377 DPRINTF("MACADDR load failed\n"); 378 return; 379 } 380 for (i = 0; i < 6; i++) { 381 s->conf.macaddr.a[i] = s->eeprom[i + 1]; 382 } 383 s->e2p_cmd |= E2P_CMD_MAC_ADDR_LOADED; 384 DPRINTF("MACADDR loaded from eeprom\n"); 385 lan9118_mac_changed(s); 386 } 387 phy_update_irq(lan9118_state * s)388 static void phy_update_irq(lan9118_state *s) 389 { 390 if (s->phy_int & s->phy_int_mask) { 391 s->int_sts |= PHY_INT; 392 } else { 393 s->int_sts &= ~PHY_INT; 394 } 395 lan9118_update(s); 396 } 397 phy_update_link(lan9118_state * s)398 static void phy_update_link(lan9118_state *s) 399 { 400 /* Autonegotiation status mirrors link status. */ 401 if (qemu_get_queue(s->nic)->link_down) { 402 s->phy_status &= ~0x0024; 403 s->phy_int |= PHY_INT_DOWN; 404 } else { 405 s->phy_status |= 0x0024; 406 s->phy_int |= PHY_INT_ENERGYON; 407 s->phy_int |= PHY_INT_AUTONEG_COMPLETE; 408 } 409 phy_update_irq(s); 410 } 411 lan9118_set_link(NetClientState * nc)412 static void lan9118_set_link(NetClientState *nc) 413 { 414 phy_update_link(qemu_get_nic_opaque(nc)); 415 } 416 phy_reset(lan9118_state * s)417 static void phy_reset(lan9118_state *s) 418 { 419 s->phy_status = 0x7809; 420 s->phy_control = 0x3000; 421 s->phy_advertise = 0x01e1; 422 s->phy_int_mask = 0; 423 s->phy_int = 0; 424 phy_update_link(s); 425 } 426 lan9118_reset(DeviceState * d)427 static void lan9118_reset(DeviceState *d) 428 { 429 lan9118_state *s = LAN9118(d); 430 431 s->irq_cfg &= (IRQ_TYPE | IRQ_POL); 432 s->int_sts = 0; 433 s->int_en = 0; 434 s->fifo_int = 0x48000000; 435 s->rx_cfg = 0; 436 s->tx_cfg = 0; 437 s->hw_cfg = s->mode_16bit ? 0x00050000 : 0x00050004; 438 s->pmt_ctrl &= 0x45; 439 s->gpio_cfg = 0; 440 s->txp->fifo_used = 0; 441 s->txp->state = TX_IDLE; 442 s->txp->cmd_a = 0xffffffffu; 443 s->txp->cmd_b = 0xffffffffu; 444 s->txp->len = 0; 445 s->txp->fifo_used = 0; 446 s->tx_fifo_size = 4608; 447 s->tx_status_fifo_used = 0; 448 s->rx_status_fifo_size = 704; 449 s->rx_fifo_size = 2640; 450 s->rx_fifo_used = 0; 451 s->rx_status_fifo_size = 176; 452 s->rx_status_fifo_used = 0; 453 s->rxp_offset = 0; 454 s->rxp_size = 0; 455 s->rxp_pad = 0; 456 s->rx_packet_size_tail = s->rx_packet_size_head; 457 s->rx_packet_size[s->rx_packet_size_head] = 0; 458 s->mac_cmd = 0; 459 s->mac_data = 0; 460 s->afc_cfg = 0; 461 s->e2p_cmd = 0; 462 s->e2p_data = 0; 463 s->free_timer_start = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) / 40; 464 465 ptimer_transaction_begin(s->timer); 466 ptimer_stop(s->timer); 467 ptimer_set_count(s->timer, 0xffff); 468 ptimer_transaction_commit(s->timer); 469 s->gpt_cfg = 0xffff; 470 471 s->mac_cr = MAC_CR_PRMS; 472 s->mac_hashh = 0; 473 s->mac_hashl = 0; 474 s->mac_mii_acc = 0; 475 s->mac_mii_data = 0; 476 s->mac_flow = 0; 477 478 s->read_word_n = 0; 479 s->write_word_n = 0; 480 481 phy_reset(s); 482 483 s->eeprom_writable = 0; 484 lan9118_reload_eeprom(s); 485 } 486 rx_fifo_push(lan9118_state * s,uint32_t val)487 static void rx_fifo_push(lan9118_state *s, uint32_t val) 488 { 489 int fifo_pos; 490 fifo_pos = s->rx_fifo_head + s->rx_fifo_used; 491 if (fifo_pos >= s->rx_fifo_size) 492 fifo_pos -= s->rx_fifo_size; 493 s->rx_fifo[fifo_pos] = val; 494 s->rx_fifo_used++; 495 } 496 497 /* Return nonzero if the packet is accepted by the filter. */ lan9118_filter(lan9118_state * s,const uint8_t * addr)498 static int lan9118_filter(lan9118_state *s, const uint8_t *addr) 499 { 500 int multicast; 501 uint32_t hash; 502 503 if (s->mac_cr & MAC_CR_PRMS) { 504 return 1; 505 } 506 if (addr[0] == 0xff && addr[1] == 0xff && addr[2] == 0xff && 507 addr[3] == 0xff && addr[4] == 0xff && addr[5] == 0xff) { 508 return (s->mac_cr & MAC_CR_BCAST) == 0; 509 } 510 511 multicast = addr[0] & 1; 512 if (multicast &&s->mac_cr & MAC_CR_MCPAS) { 513 return 1; 514 } 515 if (multicast ? (s->mac_cr & MAC_CR_HPFILT) == 0 516 : (s->mac_cr & MAC_CR_HO) == 0) { 517 /* Exact matching. */ 518 hash = memcmp(addr, s->conf.macaddr.a, 6); 519 if (s->mac_cr & MAC_CR_INVFILT) { 520 return hash != 0; 521 } else { 522 return hash == 0; 523 } 524 } else { 525 /* Hash matching */ 526 hash = net_crc32(addr, ETH_ALEN) >> 26; 527 if (hash & 0x20) { 528 return (s->mac_hashh >> (hash & 0x1f)) & 1; 529 } else { 530 return (s->mac_hashl >> (hash & 0x1f)) & 1; 531 } 532 } 533 } 534 lan9118_receive(NetClientState * nc,const uint8_t * buf,size_t size)535 static ssize_t lan9118_receive(NetClientState *nc, const uint8_t *buf, 536 size_t size) 537 { 538 lan9118_state *s = qemu_get_nic_opaque(nc); 539 int fifo_len; 540 int offset; 541 int src_pos; 542 int n; 543 int filter; 544 uint32_t val; 545 uint32_t crc; 546 uint32_t status; 547 548 if ((s->mac_cr & MAC_CR_RXEN) == 0) { 549 return -1; 550 } 551 552 if (size >= MIL_TXFIFO_SIZE || size < 14) { 553 return -1; 554 } 555 556 /* TODO: Implement FIFO overflow notification. */ 557 if (s->rx_status_fifo_used == s->rx_status_fifo_size) { 558 return -1; 559 } 560 561 filter = lan9118_filter(s, buf); 562 if (!filter && (s->mac_cr & MAC_CR_RXALL) == 0) { 563 return size; 564 } 565 566 offset = (s->rx_cfg >> 8) & 0x1f; 567 n = offset & 3; 568 fifo_len = (size + n + 3) >> 2; 569 /* Add a word for the CRC. */ 570 fifo_len++; 571 if (s->rx_fifo_size - s->rx_fifo_used < fifo_len) { 572 return -1; 573 } 574 575 DPRINTF("Got packet len:%d fifo:%d filter:%s\n", 576 (int)size, fifo_len, filter ? "pass" : "fail"); 577 val = 0; 578 crc = bswap32(crc32(~0, buf, size)); 579 for (src_pos = 0; src_pos < size; src_pos++) { 580 val = (val >> 8) | ((uint32_t)buf[src_pos] << 24); 581 n++; 582 if (n == 4) { 583 n = 0; 584 rx_fifo_push(s, val); 585 val = 0; 586 } 587 } 588 if (n) { 589 val >>= ((4 - n) * 8); 590 val |= crc << (n * 8); 591 rx_fifo_push(s, val); 592 val = crc >> ((4 - n) * 8); 593 rx_fifo_push(s, val); 594 } else { 595 rx_fifo_push(s, crc); 596 } 597 n = s->rx_status_fifo_head + s->rx_status_fifo_used; 598 if (n >= s->rx_status_fifo_size) { 599 n -= s->rx_status_fifo_size; 600 } 601 s->rx_packet_size[s->rx_packet_size_tail] = fifo_len; 602 s->rx_packet_size_tail = (s->rx_packet_size_tail + 1023) & 1023; 603 s->rx_status_fifo_used++; 604 605 status = (size + 4) << 16; 606 if (buf[0] == 0xff && buf[1] == 0xff && buf[2] == 0xff && 607 buf[3] == 0xff && buf[4] == 0xff && buf[5] == 0xff) { 608 status |= 0x00002000; 609 } else if (buf[0] & 1) { 610 status |= 0x00000400; 611 } 612 if (!filter) { 613 status |= 0x40000000; 614 } 615 s->rx_status_fifo[n] = status; 616 617 if (s->rx_status_fifo_used > (s->fifo_int & 0xff)) { 618 s->int_sts |= RSFL_INT; 619 } 620 lan9118_update(s); 621 622 return size; 623 } 624 rx_fifo_pop(lan9118_state * s)625 static uint32_t rx_fifo_pop(lan9118_state *s) 626 { 627 int n; 628 uint32_t val; 629 630 if (s->rxp_size == 0 && s->rxp_pad == 0) { 631 s->rxp_size = s->rx_packet_size[s->rx_packet_size_head]; 632 s->rx_packet_size[s->rx_packet_size_head] = 0; 633 if (s->rxp_size != 0) { 634 s->rx_packet_size_head = (s->rx_packet_size_head + 1023) & 1023; 635 s->rxp_offset = (s->rx_cfg >> 10) & 7; 636 n = s->rxp_offset + s->rxp_size; 637 switch (s->rx_cfg >> 30) { 638 case 1: 639 n = (-n) & 3; 640 break; 641 case 2: 642 n = (-n) & 7; 643 break; 644 default: 645 n = 0; 646 break; 647 } 648 s->rxp_pad = n; 649 DPRINTF("Pop packet size:%d offset:%d pad: %d\n", 650 s->rxp_size, s->rxp_offset, s->rxp_pad); 651 } 652 } 653 if (s->rxp_offset > 0) { 654 s->rxp_offset--; 655 val = 0; 656 } else if (s->rxp_size > 0) { 657 s->rxp_size--; 658 val = s->rx_fifo[s->rx_fifo_head++]; 659 if (s->rx_fifo_head >= s->rx_fifo_size) { 660 s->rx_fifo_head -= s->rx_fifo_size; 661 } 662 s->rx_fifo_used--; 663 } else if (s->rxp_pad > 0) { 664 s->rxp_pad--; 665 val = 0; 666 } else { 667 DPRINTF("RX underflow\n"); 668 s->int_sts |= RXE_INT; 669 val = 0; 670 } 671 lan9118_update(s); 672 return val; 673 } 674 do_tx_packet(lan9118_state * s)675 static void do_tx_packet(lan9118_state *s) 676 { 677 int n; 678 uint32_t status; 679 680 /* FIXME: Honor TX disable, and allow queueing of packets. */ 681 if (s->phy_control & 0x4000) { 682 /* This assumes the receive routine doesn't touch the VLANClient. */ 683 qemu_receive_packet(qemu_get_queue(s->nic), s->txp->data, s->txp->len); 684 } else { 685 qemu_send_packet(qemu_get_queue(s->nic), s->txp->data, s->txp->len); 686 } 687 s->txp->fifo_used = 0; 688 689 if (s->tx_status_fifo_used == 512) { 690 /* Status FIFO full */ 691 return; 692 } 693 /* Add entry to status FIFO. */ 694 status = s->txp->cmd_b & 0xffff0000u; 695 DPRINTF("Sent packet tag:%04x len %d\n", status >> 16, s->txp->len); 696 n = (s->tx_status_fifo_head + s->tx_status_fifo_used) & 511; 697 s->tx_status_fifo[n] = status; 698 s->tx_status_fifo_used++; 699 700 /* 701 * Generate TSFL interrupt if TX FIFO level exceeds the level 702 * specified in the FIFO_INT TX Status Level field. 703 */ 704 if (s->tx_status_fifo_used > ((s->fifo_int >> 16) & 0xff)) { 705 s->int_sts |= TSFL_INT; 706 } 707 if (s->tx_status_fifo_used == 512) { 708 s->int_sts |= TSFF_INT; 709 /* TODO: Stop transmission. */ 710 } 711 } 712 rx_status_fifo_pop(lan9118_state * s)713 static uint32_t rx_status_fifo_pop(lan9118_state *s) 714 { 715 uint32_t val; 716 717 val = s->rx_status_fifo[s->rx_status_fifo_head]; 718 if (s->rx_status_fifo_used != 0) { 719 s->rx_status_fifo_used--; 720 s->rx_status_fifo_head++; 721 if (s->rx_status_fifo_head >= s->rx_status_fifo_size) { 722 s->rx_status_fifo_head -= s->rx_status_fifo_size; 723 } 724 /* ??? What value should be returned when the FIFO is empty? */ 725 DPRINTF("RX status pop 0x%08x\n", val); 726 } 727 return val; 728 } 729 tx_status_fifo_pop(lan9118_state * s)730 static uint32_t tx_status_fifo_pop(lan9118_state *s) 731 { 732 uint32_t val; 733 734 val = s->tx_status_fifo[s->tx_status_fifo_head]; 735 if (s->tx_status_fifo_used != 0) { 736 s->tx_status_fifo_used--; 737 s->tx_status_fifo_head = (s->tx_status_fifo_head + 1) & 511; 738 /* ??? What value should be returned when the FIFO is empty? */ 739 } 740 return val; 741 } 742 tx_fifo_push(lan9118_state * s,uint32_t val)743 static void tx_fifo_push(lan9118_state *s, uint32_t val) 744 { 745 int n; 746 747 if (s->txp->fifo_used == s->tx_fifo_size) { 748 s->int_sts |= TDFO_INT; 749 return; 750 } 751 switch (s->txp->state) { 752 case TX_IDLE: 753 s->txp->cmd_a = val & 0x831f37ff; 754 s->txp->fifo_used++; 755 s->txp->state = TX_B; 756 s->txp->buffer_size = extract32(s->txp->cmd_a, 0, 11); 757 s->txp->offset = extract32(s->txp->cmd_a, 16, 5); 758 break; 759 case TX_B: 760 if (s->txp->cmd_a & 0x2000) { 761 /* First segment */ 762 s->txp->cmd_b = val; 763 s->txp->fifo_used++; 764 /* End alignment does not include command words. */ 765 n = (s->txp->buffer_size + s->txp->offset + 3) >> 2; 766 switch ((n >> 24) & 3) { 767 case 1: 768 n = (-n) & 3; 769 break; 770 case 2: 771 n = (-n) & 7; 772 break; 773 default: 774 n = 0; 775 } 776 s->txp->pad = n; 777 s->txp->len = 0; 778 } 779 DPRINTF("Block len:%d offset:%d pad:%d cmd %08x\n", 780 s->txp->buffer_size, s->txp->offset, s->txp->pad, 781 s->txp->cmd_a); 782 s->txp->state = TX_DATA; 783 break; 784 case TX_DATA: 785 if (s->txp->offset >= 4) { 786 s->txp->offset -= 4; 787 break; 788 } 789 if (s->txp->buffer_size <= 0 && s->txp->pad != 0) { 790 s->txp->pad--; 791 } else { 792 n = MIN(4, s->txp->buffer_size + s->txp->offset); 793 while (s->txp->offset) { 794 val >>= 8; 795 n--; 796 s->txp->offset--; 797 } 798 /* Documentation is somewhat unclear on the ordering of bytes 799 in FIFO words. Empirical results show it to be little-endian. 800 */ 801 while (n--) { 802 if (s->txp->len == MIL_TXFIFO_SIZE) { 803 /* 804 * No more space in the FIFO. The datasheet is not 805 * precise about this case. We choose what is easiest 806 * to model: the packet is truncated, and TXE is raised. 807 * 808 * Note, it could be a fragmented packet, but we currently 809 * do not handle that (see earlier TX_B case). 810 */ 811 qemu_log_mask(LOG_GUEST_ERROR, 812 "MIL TX FIFO overrun, discarding %u byte%s\n", 813 n, n > 1 ? "s" : ""); 814 s->int_sts |= TXE_INT; 815 break; 816 } 817 s->txp->data[s->txp->len] = val & 0xff; 818 s->txp->len++; 819 val >>= 8; 820 s->txp->buffer_size--; 821 } 822 s->txp->fifo_used++; 823 } 824 if (s->txp->buffer_size <= 0 && s->txp->pad == 0) { 825 if (s->txp->cmd_a & 0x1000) { 826 do_tx_packet(s); 827 } 828 if (s->txp->cmd_a & 0x80000000) { 829 s->int_sts |= TX_IOC_INT; 830 } 831 s->txp->state = TX_IDLE; 832 } 833 break; 834 } 835 } 836 do_phy_read(lan9118_state * s,int reg)837 static uint32_t do_phy_read(lan9118_state *s, int reg) 838 { 839 uint32_t val; 840 841 switch (reg) { 842 case 0: /* Basic Control */ 843 return s->phy_control; 844 case 1: /* Basic Status */ 845 return s->phy_status; 846 case 2: /* ID1 */ 847 return 0x0007; 848 case 3: /* ID2 */ 849 return 0xc0d1; 850 case 4: /* Auto-neg advertisement */ 851 return s->phy_advertise; 852 case 5: /* Auto-neg Link Partner Ability */ 853 return 0x0f71; 854 case 6: /* Auto-neg Expansion */ 855 return 1; 856 /* TODO 17, 18, 27, 29, 30, 31 */ 857 case 29: /* Interrupt source. */ 858 val = s->phy_int; 859 s->phy_int = 0; 860 phy_update_irq(s); 861 return val; 862 case 30: /* Interrupt mask */ 863 return s->phy_int_mask; 864 default: 865 qemu_log_mask(LOG_GUEST_ERROR, 866 "do_phy_read: PHY read reg %d\n", reg); 867 return 0; 868 } 869 } 870 do_phy_write(lan9118_state * s,int reg,uint32_t val)871 static void do_phy_write(lan9118_state *s, int reg, uint32_t val) 872 { 873 switch (reg) { 874 case 0: /* Basic Control */ 875 if (val & 0x8000) { 876 phy_reset(s); 877 break; 878 } 879 s->phy_control = val & 0x7980; 880 /* Complete autonegotiation immediately. */ 881 if (val & 0x1000) { 882 s->phy_status |= 0x0020; 883 } 884 break; 885 case 4: /* Auto-neg advertisement */ 886 s->phy_advertise = (val & 0x2d7f) | 0x80; 887 break; 888 /* TODO 17, 18, 27, 31 */ 889 case 30: /* Interrupt mask */ 890 s->phy_int_mask = val & 0xff; 891 phy_update_irq(s); 892 break; 893 default: 894 qemu_log_mask(LOG_GUEST_ERROR, 895 "do_phy_write: PHY write reg %d = 0x%04x\n", reg, val); 896 } 897 } 898 do_mac_write(lan9118_state * s,int reg,uint32_t val)899 static void do_mac_write(lan9118_state *s, int reg, uint32_t val) 900 { 901 switch (reg) { 902 case MAC_CR: 903 if ((s->mac_cr & MAC_CR_RXEN) != 0 && (val & MAC_CR_RXEN) == 0) { 904 s->int_sts |= RXSTOP_INT; 905 } 906 s->mac_cr = val & ~MAC_CR_RESERVED; 907 DPRINTF("MAC_CR: %08x\n", val); 908 break; 909 case MAC_ADDRH: 910 s->conf.macaddr.a[4] = val & 0xff; 911 s->conf.macaddr.a[5] = (val >> 8) & 0xff; 912 lan9118_mac_changed(s); 913 break; 914 case MAC_ADDRL: 915 s->conf.macaddr.a[0] = val & 0xff; 916 s->conf.macaddr.a[1] = (val >> 8) & 0xff; 917 s->conf.macaddr.a[2] = (val >> 16) & 0xff; 918 s->conf.macaddr.a[3] = (val >> 24) & 0xff; 919 lan9118_mac_changed(s); 920 break; 921 case MAC_HASHH: 922 s->mac_hashh = val; 923 break; 924 case MAC_HASHL: 925 s->mac_hashl = val; 926 break; 927 case MAC_MII_ACC: 928 s->mac_mii_acc = val & 0xffc2; 929 if (val & 2) { 930 DPRINTF("PHY write %d = 0x%04x\n", 931 (val >> 6) & 0x1f, s->mac_mii_data); 932 do_phy_write(s, (val >> 6) & 0x1f, s->mac_mii_data); 933 } else { 934 s->mac_mii_data = do_phy_read(s, (val >> 6) & 0x1f); 935 DPRINTF("PHY read %d = 0x%04x\n", 936 (val >> 6) & 0x1f, s->mac_mii_data); 937 } 938 break; 939 case MAC_MII_DATA: 940 s->mac_mii_data = val & 0xffff; 941 break; 942 case MAC_FLOW: 943 s->mac_flow = val & 0xffff0000; 944 break; 945 case MAC_VLAN1: 946 /* Writing to this register changes a condition for 947 * FrameTooLong bit in rx_status. Since we do not set 948 * FrameTooLong anyway, just ignore write to this. 949 */ 950 break; 951 default: 952 qemu_log_mask(LOG_GUEST_ERROR, 953 "lan9118: Unimplemented MAC register write: %d = 0x%x\n", 954 s->mac_cmd & 0xf, val); 955 } 956 } 957 do_mac_read(lan9118_state * s,int reg)958 static uint32_t do_mac_read(lan9118_state *s, int reg) 959 { 960 switch (reg) { 961 case MAC_CR: 962 return s->mac_cr; 963 case MAC_ADDRH: 964 return s->conf.macaddr.a[4] | (s->conf.macaddr.a[5] << 8); 965 case MAC_ADDRL: 966 return s->conf.macaddr.a[0] | (s->conf.macaddr.a[1] << 8) 967 | (s->conf.macaddr.a[2] << 16) | (s->conf.macaddr.a[3] << 24); 968 case MAC_HASHH: 969 return s->mac_hashh; 970 case MAC_HASHL: 971 return s->mac_hashl; 972 case MAC_MII_ACC: 973 return s->mac_mii_acc; 974 case MAC_MII_DATA: 975 return s->mac_mii_data; 976 case MAC_FLOW: 977 return s->mac_flow; 978 default: 979 qemu_log_mask(LOG_GUEST_ERROR, 980 "lan9118: Unimplemented MAC register read: %d\n", 981 s->mac_cmd & 0xf); 982 return 0; 983 } 984 } 985 lan9118_eeprom_cmd(lan9118_state * s,int cmd,int addr)986 static void lan9118_eeprom_cmd(lan9118_state *s, int cmd, int addr) 987 { 988 s->e2p_cmd = (s->e2p_cmd & E2P_CMD_MAC_ADDR_LOADED) | (cmd << 28) | addr; 989 switch (cmd) { 990 case 0: 991 s->e2p_data = s->eeprom[addr]; 992 DPRINTF("EEPROM Read %d = 0x%02x\n", addr, s->e2p_data); 993 break; 994 case 1: 995 s->eeprom_writable = 0; 996 DPRINTF("EEPROM Write Disable\n"); 997 break; 998 case 2: /* EWEN */ 999 s->eeprom_writable = 1; 1000 DPRINTF("EEPROM Write Enable\n"); 1001 break; 1002 case 3: /* WRITE */ 1003 if (s->eeprom_writable) { 1004 s->eeprom[addr] &= s->e2p_data; 1005 DPRINTF("EEPROM Write %d = 0x%02x\n", addr, s->e2p_data); 1006 } else { 1007 DPRINTF("EEPROM Write %d (ignored)\n", addr); 1008 } 1009 break; 1010 case 4: /* WRAL */ 1011 if (s->eeprom_writable) { 1012 for (addr = 0; addr < 128; addr++) { 1013 s->eeprom[addr] &= s->e2p_data; 1014 } 1015 DPRINTF("EEPROM Write All 0x%02x\n", s->e2p_data); 1016 } else { 1017 DPRINTF("EEPROM Write All (ignored)\n"); 1018 } 1019 break; 1020 case 5: /* ERASE */ 1021 if (s->eeprom_writable) { 1022 s->eeprom[addr] = 0xff; 1023 DPRINTF("EEPROM Erase %d\n", addr); 1024 } else { 1025 DPRINTF("EEPROM Erase %d (ignored)\n", addr); 1026 } 1027 break; 1028 case 6: /* ERAL */ 1029 if (s->eeprom_writable) { 1030 memset(s->eeprom, 0xff, 128); 1031 DPRINTF("EEPROM Erase All\n"); 1032 } else { 1033 DPRINTF("EEPROM Erase All (ignored)\n"); 1034 } 1035 break; 1036 case 7: /* RELOAD */ 1037 lan9118_reload_eeprom(s); 1038 break; 1039 } 1040 } 1041 lan9118_tick(void * opaque)1042 static void lan9118_tick(void *opaque) 1043 { 1044 lan9118_state *s = (lan9118_state *)opaque; 1045 if (s->int_en & GPT_INT) { 1046 s->int_sts |= GPT_INT; 1047 } 1048 lan9118_update(s); 1049 } 1050 lan9118_writel(void * opaque,hwaddr offset,uint64_t val,unsigned size)1051 static void lan9118_writel(void *opaque, hwaddr offset, 1052 uint64_t val, unsigned size) 1053 { 1054 lan9118_state *s = (lan9118_state *)opaque; 1055 offset &= 0xff; 1056 1057 //DPRINTF("Write reg 0x%02x = 0x%08x\n", (int)offset, val); 1058 if (offset >= TX_DATA_FIFO_PORT_FIRST && 1059 offset <= TX_DATA_FIFO_PORT_LAST) { 1060 /* TX FIFO */ 1061 tx_fifo_push(s, val); 1062 return; 1063 } 1064 switch (offset) { 1065 case CSR_IRQ_CFG: 1066 /* TODO: Implement interrupt deassertion intervals. */ 1067 val &= (IRQ_EN | IRQ_POL | IRQ_TYPE); 1068 s->irq_cfg = (s->irq_cfg & IRQ_INT) | val; 1069 break; 1070 case CSR_INT_STS: 1071 s->int_sts &= ~val; 1072 break; 1073 case CSR_INT_EN: 1074 s->int_en = val & ~RESERVED_INT; 1075 s->int_sts |= val & SW_INT; 1076 break; 1077 case CSR_FIFO_INT: 1078 DPRINTF("FIFO INT levels %08x\n", val); 1079 s->fifo_int = val; 1080 break; 1081 case CSR_RX_CFG: 1082 if (val & 0x8000) { 1083 /* RX_DUMP */ 1084 s->rx_fifo_used = 0; 1085 s->rx_status_fifo_used = 0; 1086 s->rx_packet_size_tail = s->rx_packet_size_head; 1087 s->rx_packet_size[s->rx_packet_size_head] = 0; 1088 } 1089 s->rx_cfg = val & 0xcfff1ff0; 1090 break; 1091 case CSR_TX_CFG: 1092 if (val & 0x8000) { 1093 s->tx_status_fifo_used = 0; 1094 } 1095 if (val & 0x4000) { 1096 s->txp->state = TX_IDLE; 1097 s->txp->fifo_used = 0; 1098 s->txp->cmd_a = 0xffffffff; 1099 } 1100 s->tx_cfg = val & 6; 1101 break; 1102 case CSR_HW_CFG: 1103 if (val & 1) { 1104 /* SRST */ 1105 lan9118_reset(DEVICE(s)); 1106 } else { 1107 s->hw_cfg = (val & 0x003f300) | (s->hw_cfg & 0x4); 1108 } 1109 break; 1110 case CSR_RX_DP_CTRL: 1111 if (val & 0x80000000) { 1112 /* Skip forward to next packet. */ 1113 s->rxp_pad = 0; 1114 s->rxp_offset = 0; 1115 if (s->rxp_size == 0) { 1116 /* Pop a word to start the next packet. */ 1117 rx_fifo_pop(s); 1118 s->rxp_pad = 0; 1119 s->rxp_offset = 0; 1120 } 1121 s->rx_fifo_head += s->rxp_size; 1122 if (s->rx_fifo_head >= s->rx_fifo_size) { 1123 s->rx_fifo_head -= s->rx_fifo_size; 1124 } 1125 } 1126 break; 1127 case CSR_PMT_CTRL: 1128 if (val & 0x400) { 1129 phy_reset(s); 1130 } 1131 s->pmt_ctrl &= ~0x34e; 1132 s->pmt_ctrl |= (val & 0x34e); 1133 break; 1134 case CSR_GPIO_CFG: 1135 /* Probably just enabling LEDs. */ 1136 s->gpio_cfg = val & 0x7777071f; 1137 break; 1138 case CSR_GPT_CFG: 1139 if ((s->gpt_cfg ^ val) & GPT_TIMER_EN) { 1140 ptimer_transaction_begin(s->timer); 1141 if (val & GPT_TIMER_EN) { 1142 ptimer_set_count(s->timer, val & 0xffff); 1143 ptimer_run(s->timer, 0); 1144 } else { 1145 ptimer_stop(s->timer); 1146 ptimer_set_count(s->timer, 0xffff); 1147 } 1148 ptimer_transaction_commit(s->timer); 1149 } 1150 s->gpt_cfg = val & (GPT_TIMER_EN | 0xffff); 1151 break; 1152 case CSR_WORD_SWAP: 1153 /* Ignored because we're in 32-bit mode. */ 1154 s->word_swap = val; 1155 break; 1156 case CSR_MAC_CSR_CMD: 1157 s->mac_cmd = val & 0x4000000f; 1158 if (val & 0x80000000) { 1159 if (val & 0x40000000) { 1160 s->mac_data = do_mac_read(s, val & 0xf); 1161 DPRINTF("MAC read %d = 0x%08x\n", val & 0xf, s->mac_data); 1162 } else { 1163 DPRINTF("MAC write %d = 0x%08x\n", val & 0xf, s->mac_data); 1164 do_mac_write(s, val & 0xf, s->mac_data); 1165 } 1166 } 1167 break; 1168 case CSR_MAC_CSR_DATA: 1169 s->mac_data = val; 1170 break; 1171 case CSR_AFC_CFG: 1172 s->afc_cfg = val & 0x00ffffff; 1173 break; 1174 case CSR_E2P_CMD: 1175 lan9118_eeprom_cmd(s, (val >> 28) & 7, val & 0x7f); 1176 break; 1177 case CSR_E2P_DATA: 1178 s->e2p_data = val & 0xff; 1179 break; 1180 1181 default: 1182 qemu_log_mask(LOG_GUEST_ERROR, "lan9118_write: Bad reg 0x%x = %x\n", 1183 (int)offset, (int)val); 1184 break; 1185 } 1186 lan9118_update(s); 1187 } 1188 lan9118_writew(void * opaque,hwaddr offset,uint32_t val)1189 static void lan9118_writew(void *opaque, hwaddr offset, 1190 uint32_t val) 1191 { 1192 lan9118_state *s = (lan9118_state *)opaque; 1193 offset &= 0xff; 1194 1195 if (s->write_word_prev_offset != (offset & ~0x3)) { 1196 /* New offset, reset word counter */ 1197 s->write_word_n = 0; 1198 s->write_word_prev_offset = offset & ~0x3; 1199 } 1200 1201 if (offset & 0x2) { 1202 s->write_word_h = val; 1203 } else { 1204 s->write_word_l = val; 1205 } 1206 1207 //DPRINTF("Writew reg 0x%02x = 0x%08x\n", (int)offset, val); 1208 s->write_word_n++; 1209 if (s->write_word_n == 2) { 1210 s->write_word_n = 0; 1211 lan9118_writel(s, offset & ~3, s->write_word_l + 1212 (s->write_word_h << 16), 4); 1213 } 1214 } 1215 lan9118_16bit_mode_write(void * opaque,hwaddr offset,uint64_t val,unsigned size)1216 static void lan9118_16bit_mode_write(void *opaque, hwaddr offset, 1217 uint64_t val, unsigned size) 1218 { 1219 switch (size) { 1220 case 2: 1221 lan9118_writew(opaque, offset, (uint32_t)val); 1222 return; 1223 case 4: 1224 lan9118_writel(opaque, offset, val, size); 1225 return; 1226 } 1227 1228 qemu_log_mask(LOG_GUEST_ERROR, 1229 "lan9118_16bit_mode_write: Bad size 0x%x\n", size); 1230 } 1231 lan9118_readl(void * opaque,hwaddr offset,unsigned size)1232 static uint64_t lan9118_readl(void *opaque, hwaddr offset, 1233 unsigned size) 1234 { 1235 lan9118_state *s = (lan9118_state *)opaque; 1236 1237 //DPRINTF("Read reg 0x%02x\n", (int)offset); 1238 if (offset <= RX_DATA_FIFO_PORT_LAST) { 1239 /* RX FIFO */ 1240 return rx_fifo_pop(s); 1241 } 1242 switch (offset) { 1243 case RX_STATUS_FIFO_PORT: 1244 return rx_status_fifo_pop(s); 1245 case RX_STATUS_FIFO_PEEK: 1246 return s->rx_status_fifo[s->rx_status_fifo_head]; 1247 case TX_STATUS_FIFO_PORT: 1248 return tx_status_fifo_pop(s); 1249 case TX_STATUS_FIFO_PEEK: 1250 return s->tx_status_fifo[s->tx_status_fifo_head]; 1251 case CSR_ID_REV: 1252 return 0x01180001; 1253 case CSR_IRQ_CFG: 1254 return s->irq_cfg; 1255 case CSR_INT_STS: 1256 return s->int_sts; 1257 case CSR_INT_EN: 1258 return s->int_en; 1259 case CSR_BYTE_TEST: 1260 return 0x87654321; 1261 case CSR_FIFO_INT: 1262 return s->fifo_int; 1263 case CSR_RX_CFG: 1264 return s->rx_cfg; 1265 case CSR_TX_CFG: 1266 return s->tx_cfg; 1267 case CSR_HW_CFG: 1268 return s->hw_cfg; 1269 case CSR_RX_DP_CTRL: 1270 return 0; 1271 case CSR_RX_FIFO_INF: 1272 return (s->rx_status_fifo_used << 16) | (s->rx_fifo_used << 2); 1273 case CSR_TX_FIFO_INF: 1274 return (s->tx_status_fifo_used << 16) 1275 | (s->tx_fifo_size - s->txp->fifo_used); 1276 case CSR_PMT_CTRL: 1277 return s->pmt_ctrl; 1278 case CSR_GPIO_CFG: 1279 return s->gpio_cfg; 1280 case CSR_GPT_CFG: 1281 return s->gpt_cfg; 1282 case CSR_GPT_CNT: 1283 return ptimer_get_count(s->timer); 1284 case CSR_WORD_SWAP: 1285 return s->word_swap; 1286 case CSR_FREE_RUN: 1287 return (qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) / 40) - s->free_timer_start; 1288 case CSR_RX_DROP: 1289 /* TODO: Implement dropped frames counter. */ 1290 return 0; 1291 case CSR_MAC_CSR_CMD: 1292 return s->mac_cmd; 1293 case CSR_MAC_CSR_DATA: 1294 return s->mac_data; 1295 case CSR_AFC_CFG: 1296 return s->afc_cfg; 1297 case CSR_E2P_CMD: 1298 return s->e2p_cmd; 1299 case CSR_E2P_DATA: 1300 return s->e2p_data; 1301 } 1302 qemu_log_mask(LOG_GUEST_ERROR, "lan9118_read: Bad reg 0x%x\n", (int)offset); 1303 return 0; 1304 } 1305 lan9118_readw(void * opaque,hwaddr offset)1306 static uint32_t lan9118_readw(void *opaque, hwaddr offset) 1307 { 1308 lan9118_state *s = (lan9118_state *)opaque; 1309 uint32_t val; 1310 1311 if (s->read_word_prev_offset != (offset & ~0x3)) { 1312 /* New offset, reset word counter */ 1313 s->read_word_n = 0; 1314 s->read_word_prev_offset = offset & ~0x3; 1315 } 1316 1317 s->read_word_n++; 1318 if (s->read_word_n == 1) { 1319 s->read_long = lan9118_readl(s, offset & ~3, 4); 1320 } else { 1321 s->read_word_n = 0; 1322 } 1323 1324 if (offset & 2) { 1325 val = s->read_long >> 16; 1326 } else { 1327 val = s->read_long & 0xFFFF; 1328 } 1329 1330 //DPRINTF("Readw reg 0x%02x, val 0x%x\n", (int)offset, val); 1331 return val; 1332 } 1333 lan9118_16bit_mode_read(void * opaque,hwaddr offset,unsigned size)1334 static uint64_t lan9118_16bit_mode_read(void *opaque, hwaddr offset, 1335 unsigned size) 1336 { 1337 switch (size) { 1338 case 2: 1339 return lan9118_readw(opaque, offset); 1340 case 4: 1341 return lan9118_readl(opaque, offset, size); 1342 } 1343 1344 qemu_log_mask(LOG_GUEST_ERROR, 1345 "lan9118_16bit_mode_read: Bad size 0x%x\n", size); 1346 return 0; 1347 } 1348 1349 static const MemoryRegionOps lan9118_mem_ops = { 1350 .read = lan9118_readl, 1351 .write = lan9118_writel, 1352 .endianness = DEVICE_NATIVE_ENDIAN, 1353 }; 1354 1355 static const MemoryRegionOps lan9118_16bit_mem_ops = { 1356 .read = lan9118_16bit_mode_read, 1357 .write = lan9118_16bit_mode_write, 1358 .endianness = DEVICE_NATIVE_ENDIAN, 1359 }; 1360 1361 static NetClientInfo net_lan9118_info = { 1362 .type = NET_CLIENT_DRIVER_NIC, 1363 .size = sizeof(NICState), 1364 .receive = lan9118_receive, 1365 .link_status_changed = lan9118_set_link, 1366 }; 1367 lan9118_realize(DeviceState * dev,Error ** errp)1368 static void lan9118_realize(DeviceState *dev, Error **errp) 1369 { 1370 SysBusDevice *sbd = SYS_BUS_DEVICE(dev); 1371 lan9118_state *s = LAN9118(dev); 1372 int i; 1373 const MemoryRegionOps *mem_ops = 1374 s->mode_16bit ? &lan9118_16bit_mem_ops : &lan9118_mem_ops; 1375 1376 memory_region_init_io(&s->mmio, OBJECT(dev), mem_ops, s, 1377 "lan9118-mmio", 0x100); 1378 sysbus_init_mmio(sbd, &s->mmio); 1379 sysbus_init_irq(sbd, &s->irq); 1380 qemu_macaddr_default_if_unset(&s->conf.macaddr); 1381 1382 s->nic = qemu_new_nic(&net_lan9118_info, &s->conf, 1383 object_get_typename(OBJECT(dev)), dev->id, 1384 &dev->mem_reentrancy_guard, s); 1385 qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a); 1386 s->eeprom[0] = 0xa5; 1387 for (i = 0; i < 6; i++) { 1388 s->eeprom[i + 1] = s->conf.macaddr.a[i]; 1389 } 1390 s->pmt_ctrl = 1; 1391 s->txp = &s->tx_packet; 1392 1393 s->timer = ptimer_init(lan9118_tick, s, PTIMER_POLICY_LEGACY); 1394 ptimer_transaction_begin(s->timer); 1395 ptimer_set_freq(s->timer, 10000); 1396 ptimer_set_limit(s->timer, 0xffff, 1); 1397 ptimer_transaction_commit(s->timer); 1398 } 1399 1400 static Property lan9118_properties[] = { 1401 DEFINE_NIC_PROPERTIES(lan9118_state, conf), 1402 DEFINE_PROP_UINT32("mode_16bit", lan9118_state, mode_16bit, 0), 1403 DEFINE_PROP_END_OF_LIST(), 1404 }; 1405 lan9118_class_init(ObjectClass * klass,void * data)1406 static void lan9118_class_init(ObjectClass *klass, void *data) 1407 { 1408 DeviceClass *dc = DEVICE_CLASS(klass); 1409 1410 device_class_set_legacy_reset(dc, lan9118_reset); 1411 device_class_set_props(dc, lan9118_properties); 1412 dc->vmsd = &vmstate_lan9118; 1413 dc->realize = lan9118_realize; 1414 } 1415 1416 static const TypeInfo lan9118_info = { 1417 .name = TYPE_LAN9118, 1418 .parent = TYPE_SYS_BUS_DEVICE, 1419 .instance_size = sizeof(lan9118_state), 1420 .class_init = lan9118_class_init, 1421 }; 1422 lan9118_register_types(void)1423 static void lan9118_register_types(void) 1424 { 1425 type_register_static(&lan9118_info); 1426 } 1427 1428 /* Legacy helper function. Should go away when machine config files are 1429 implemented. */ lan9118_init(uint32_t base,qemu_irq irq)1430 void lan9118_init(uint32_t base, qemu_irq irq) 1431 { 1432 DeviceState *dev; 1433 SysBusDevice *s; 1434 1435 dev = qdev_new(TYPE_LAN9118); 1436 qemu_configure_nic_device(dev, true, NULL); 1437 s = SYS_BUS_DEVICE(dev); 1438 sysbus_realize_and_unref(s, &error_fatal); 1439 sysbus_mmio_map(s, 0, base); 1440 sysbus_connect_irq(s, 0, irq); 1441 } 1442 1443 type_init(lan9118_register_types) 1444