1 /*
2 * SMSC LAN9118 Ethernet interface emulation
3 *
4 * Copyright (c) 2009 CodeSourcery, LLC.
5 * Written by Paul Brook
6 *
7 * This code is licensed under the GNU GPL v2
8 *
9 * Contributions after 2012-01-13 are licensed under the terms of the
10 * GNU GPL, version 2 or (at your option) any later version.
11 */
12
13 #include "qemu/osdep.h"
14 #include "hw/sysbus.h"
15 #include "migration/vmstate.h"
16 #include "net/net.h"
17 #include "net/eth.h"
18 #include "hw/irq.h"
19 #include "hw/net/lan9118.h"
20 #include "hw/ptimer.h"
21 #include "hw/qdev-properties.h"
22 #include "qapi/error.h"
23 #include "qemu/log.h"
24 #include "qemu/module.h"
25 #include <zlib.h> /* for crc32 */
26 #include "qom/object.h"
27
28 //#define DEBUG_LAN9118
29
30 #ifdef DEBUG_LAN9118
31 #define DPRINTF(fmt, ...) \
32 do { printf("lan9118: " fmt , ## __VA_ARGS__); } while (0)
33 #else
34 #define DPRINTF(fmt, ...) do {} while(0)
35 #endif
36
37 /* The tx and rx fifo ports are a range of aliased 32-bit registers */
38 #define RX_DATA_FIFO_PORT_FIRST 0x00
39 #define RX_DATA_FIFO_PORT_LAST 0x1f
40 #define TX_DATA_FIFO_PORT_FIRST 0x20
41 #define TX_DATA_FIFO_PORT_LAST 0x3f
42
43 #define RX_STATUS_FIFO_PORT 0x40
44 #define RX_STATUS_FIFO_PEEK 0x44
45 #define TX_STATUS_FIFO_PORT 0x48
46 #define TX_STATUS_FIFO_PEEK 0x4c
47
48 #define CSR_ID_REV 0x50
49 #define CSR_IRQ_CFG 0x54
50 #define CSR_INT_STS 0x58
51 #define CSR_INT_EN 0x5c
52 #define CSR_BYTE_TEST 0x64
53 #define CSR_FIFO_INT 0x68
54 #define CSR_RX_CFG 0x6c
55 #define CSR_TX_CFG 0x70
56 #define CSR_HW_CFG 0x74
57 #define CSR_RX_DP_CTRL 0x78
58 #define CSR_RX_FIFO_INF 0x7c
59 #define CSR_TX_FIFO_INF 0x80
60 #define CSR_PMT_CTRL 0x84
61 #define CSR_GPIO_CFG 0x88
62 #define CSR_GPT_CFG 0x8c
63 #define CSR_GPT_CNT 0x90
64 #define CSR_WORD_SWAP 0x98
65 #define CSR_FREE_RUN 0x9c
66 #define CSR_RX_DROP 0xa0
67 #define CSR_MAC_CSR_CMD 0xa4
68 #define CSR_MAC_CSR_DATA 0xa8
69 #define CSR_AFC_CFG 0xac
70 #define CSR_E2P_CMD 0xb0
71 #define CSR_E2P_DATA 0xb4
72
73 #define E2P_CMD_MAC_ADDR_LOADED 0x100
74
75 /* IRQ_CFG */
76 #define IRQ_INT 0x00001000
77 #define IRQ_EN 0x00000100
78 #define IRQ_POL 0x00000010
79 #define IRQ_TYPE 0x00000001
80
81 /* INT_STS/INT_EN */
82 #define SW_INT 0x80000000
83 #define TXSTOP_INT 0x02000000
84 #define RXSTOP_INT 0x01000000
85 #define RXDFH_INT 0x00800000
86 #define TX_IOC_INT 0x00200000
87 #define RXD_INT 0x00100000
88 #define GPT_INT 0x00080000
89 #define PHY_INT 0x00040000
90 #define PME_INT 0x00020000
91 #define TXSO_INT 0x00010000
92 #define RWT_INT 0x00008000
93 #define RXE_INT 0x00004000
94 #define TXE_INT 0x00002000
95 #define TDFU_INT 0x00000800
96 #define TDFO_INT 0x00000400
97 #define TDFA_INT 0x00000200
98 #define TSFF_INT 0x00000100
99 #define TSFL_INT 0x00000080
100 #define RXDF_INT 0x00000040
101 #define RDFL_INT 0x00000020
102 #define RSFF_INT 0x00000010
103 #define RSFL_INT 0x00000008
104 #define GPIO2_INT 0x00000004
105 #define GPIO1_INT 0x00000002
106 #define GPIO0_INT 0x00000001
107 #define RESERVED_INT 0x7c001000
108
109 #define MAC_CR 1
110 #define MAC_ADDRH 2
111 #define MAC_ADDRL 3
112 #define MAC_HASHH 4
113 #define MAC_HASHL 5
114 #define MAC_MII_ACC 6
115 #define MAC_MII_DATA 7
116 #define MAC_FLOW 8
117 #define MAC_VLAN1 9 /* TODO */
118 #define MAC_VLAN2 10 /* TODO */
119 #define MAC_WUFF 11 /* TODO */
120 #define MAC_WUCSR 12 /* TODO */
121
122 #define MAC_CR_RXALL 0x80000000
123 #define MAC_CR_RCVOWN 0x00800000
124 #define MAC_CR_LOOPBK 0x00200000
125 #define MAC_CR_FDPX 0x00100000
126 #define MAC_CR_MCPAS 0x00080000
127 #define MAC_CR_PRMS 0x00040000
128 #define MAC_CR_INVFILT 0x00020000
129 #define MAC_CR_PASSBAD 0x00010000
130 #define MAC_CR_HO 0x00008000
131 #define MAC_CR_HPFILT 0x00002000
132 #define MAC_CR_LCOLL 0x00001000
133 #define MAC_CR_BCAST 0x00000800
134 #define MAC_CR_DISRTY 0x00000400
135 #define MAC_CR_PADSTR 0x00000100
136 #define MAC_CR_BOLMT 0x000000c0
137 #define MAC_CR_DFCHK 0x00000020
138 #define MAC_CR_TXEN 0x00000008
139 #define MAC_CR_RXEN 0x00000004
140 #define MAC_CR_RESERVED 0x7f404213
141
142 #define PHY_INT_ENERGYON 0x80
143 #define PHY_INT_AUTONEG_COMPLETE 0x40
144 #define PHY_INT_FAULT 0x20
145 #define PHY_INT_DOWN 0x10
146 #define PHY_INT_AUTONEG_LP 0x08
147 #define PHY_INT_PARFAULT 0x04
148 #define PHY_INT_AUTONEG_PAGE 0x02
149
150 #define GPT_TIMER_EN 0x20000000
151
152 /*
153 * The MAC Interface Layer (MIL), within the MAC, contains a 2K Byte transmit
154 * and a 128 Byte receive FIFO which is separate from the TX and RX FIFOs.
155 */
156 #define MIL_TXFIFO_SIZE 2048
157
158 enum tx_state {
159 TX_IDLE,
160 TX_B,
161 TX_DATA
162 };
163
164 typedef struct {
165 /* state is a tx_state but we can't put enums in VMStateDescriptions. */
166 uint32_t state;
167 uint32_t cmd_a;
168 uint32_t cmd_b;
169 int32_t buffer_size;
170 int32_t offset;
171 int32_t pad;
172 int32_t fifo_used;
173 int32_t len;
174 uint8_t data[MIL_TXFIFO_SIZE];
175 } LAN9118Packet;
176
177 static const VMStateDescription vmstate_lan9118_packet = {
178 .name = "lan9118_packet",
179 .version_id = 1,
180 .minimum_version_id = 1,
181 .fields = (const VMStateField[]) {
182 VMSTATE_UINT32(state, LAN9118Packet),
183 VMSTATE_UINT32(cmd_a, LAN9118Packet),
184 VMSTATE_UINT32(cmd_b, LAN9118Packet),
185 VMSTATE_INT32(buffer_size, LAN9118Packet),
186 VMSTATE_INT32(offset, LAN9118Packet),
187 VMSTATE_INT32(pad, LAN9118Packet),
188 VMSTATE_INT32(fifo_used, LAN9118Packet),
189 VMSTATE_INT32(len, LAN9118Packet),
190 VMSTATE_UINT8_ARRAY(data, LAN9118Packet, MIL_TXFIFO_SIZE),
191 VMSTATE_END_OF_LIST()
192 }
193 };
194
195 OBJECT_DECLARE_SIMPLE_TYPE(lan9118_state, LAN9118)
196
197 struct lan9118_state {
198 SysBusDevice parent_obj;
199
200 NICState *nic;
201 NICConf conf;
202 qemu_irq irq;
203 MemoryRegion mmio;
204 ptimer_state *timer;
205
206 uint32_t irq_cfg;
207 uint32_t int_sts;
208 uint32_t int_en;
209 uint32_t fifo_int;
210 uint32_t rx_cfg;
211 uint32_t tx_cfg;
212 uint32_t hw_cfg;
213 uint32_t pmt_ctrl;
214 uint32_t gpio_cfg;
215 uint32_t gpt_cfg;
216 uint32_t word_swap;
217 uint32_t free_timer_start;
218 uint32_t mac_cmd;
219 uint32_t mac_data;
220 uint32_t afc_cfg;
221 uint32_t e2p_cmd;
222 uint32_t e2p_data;
223
224 uint32_t mac_cr;
225 uint32_t mac_hashh;
226 uint32_t mac_hashl;
227 uint32_t mac_mii_acc;
228 uint32_t mac_mii_data;
229 uint32_t mac_flow;
230
231 uint32_t phy_status;
232 uint32_t phy_control;
233 uint32_t phy_advertise;
234 uint32_t phy_int;
235 uint32_t phy_int_mask;
236
237 int32_t eeprom_writable;
238 uint8_t eeprom[128];
239
240 int32_t tx_fifo_size;
241 LAN9118Packet *txp;
242 LAN9118Packet tx_packet;
243
244 int32_t tx_status_fifo_used;
245 int32_t tx_status_fifo_head;
246 uint32_t tx_status_fifo[512];
247
248 int32_t rx_status_fifo_size;
249 int32_t rx_status_fifo_used;
250 int32_t rx_status_fifo_head;
251 uint32_t rx_status_fifo[896];
252 int32_t rx_fifo_size;
253 int32_t rx_fifo_used;
254 int32_t rx_fifo_head;
255 uint32_t rx_fifo[3360];
256 int32_t rx_packet_size_head;
257 int32_t rx_packet_size_tail;
258 int32_t rx_packet_size[1024];
259
260 int32_t rxp_offset;
261 int32_t rxp_size;
262 int32_t rxp_pad;
263
264 uint32_t write_word_prev_offset;
265 uint32_t write_word_n;
266 uint16_t write_word_l;
267 uint16_t write_word_h;
268 uint32_t read_word_prev_offset;
269 uint32_t read_word_n;
270 uint32_t read_long;
271
272 uint32_t mode_16bit;
273 };
274
275 static const VMStateDescription vmstate_lan9118 = {
276 .name = "lan9118",
277 .version_id = 2,
278 .minimum_version_id = 1,
279 .fields = (const VMStateField[]) {
280 VMSTATE_PTIMER(timer, lan9118_state),
281 VMSTATE_UINT32(irq_cfg, lan9118_state),
282 VMSTATE_UINT32(int_sts, lan9118_state),
283 VMSTATE_UINT32(int_en, lan9118_state),
284 VMSTATE_UINT32(fifo_int, lan9118_state),
285 VMSTATE_UINT32(rx_cfg, lan9118_state),
286 VMSTATE_UINT32(tx_cfg, lan9118_state),
287 VMSTATE_UINT32(hw_cfg, lan9118_state),
288 VMSTATE_UINT32(pmt_ctrl, lan9118_state),
289 VMSTATE_UINT32(gpio_cfg, lan9118_state),
290 VMSTATE_UINT32(gpt_cfg, lan9118_state),
291 VMSTATE_UINT32(word_swap, lan9118_state),
292 VMSTATE_UINT32(free_timer_start, lan9118_state),
293 VMSTATE_UINT32(mac_cmd, lan9118_state),
294 VMSTATE_UINT32(mac_data, lan9118_state),
295 VMSTATE_UINT32(afc_cfg, lan9118_state),
296 VMSTATE_UINT32(e2p_cmd, lan9118_state),
297 VMSTATE_UINT32(e2p_data, lan9118_state),
298 VMSTATE_UINT32(mac_cr, lan9118_state),
299 VMSTATE_UINT32(mac_hashh, lan9118_state),
300 VMSTATE_UINT32(mac_hashl, lan9118_state),
301 VMSTATE_UINT32(mac_mii_acc, lan9118_state),
302 VMSTATE_UINT32(mac_mii_data, lan9118_state),
303 VMSTATE_UINT32(mac_flow, lan9118_state),
304 VMSTATE_UINT32(phy_status, lan9118_state),
305 VMSTATE_UINT32(phy_control, lan9118_state),
306 VMSTATE_UINT32(phy_advertise, lan9118_state),
307 VMSTATE_UINT32(phy_int, lan9118_state),
308 VMSTATE_UINT32(phy_int_mask, lan9118_state),
309 VMSTATE_INT32(eeprom_writable, lan9118_state),
310 VMSTATE_UINT8_ARRAY(eeprom, lan9118_state, 128),
311 VMSTATE_INT32(tx_fifo_size, lan9118_state),
312 /* txp always points at tx_packet so need not be saved */
313 VMSTATE_STRUCT(tx_packet, lan9118_state, 0,
314 vmstate_lan9118_packet, LAN9118Packet),
315 VMSTATE_INT32(tx_status_fifo_used, lan9118_state),
316 VMSTATE_INT32(tx_status_fifo_head, lan9118_state),
317 VMSTATE_UINT32_ARRAY(tx_status_fifo, lan9118_state, 512),
318 VMSTATE_INT32(rx_status_fifo_size, lan9118_state),
319 VMSTATE_INT32(rx_status_fifo_used, lan9118_state),
320 VMSTATE_INT32(rx_status_fifo_head, lan9118_state),
321 VMSTATE_UINT32_ARRAY(rx_status_fifo, lan9118_state, 896),
322 VMSTATE_INT32(rx_fifo_size, lan9118_state),
323 VMSTATE_INT32(rx_fifo_used, lan9118_state),
324 VMSTATE_INT32(rx_fifo_head, lan9118_state),
325 VMSTATE_UINT32_ARRAY(rx_fifo, lan9118_state, 3360),
326 VMSTATE_INT32(rx_packet_size_head, lan9118_state),
327 VMSTATE_INT32(rx_packet_size_tail, lan9118_state),
328 VMSTATE_INT32_ARRAY(rx_packet_size, lan9118_state, 1024),
329 VMSTATE_INT32(rxp_offset, lan9118_state),
330 VMSTATE_INT32(rxp_size, lan9118_state),
331 VMSTATE_INT32(rxp_pad, lan9118_state),
332 VMSTATE_UINT32_V(write_word_prev_offset, lan9118_state, 2),
333 VMSTATE_UINT32_V(write_word_n, lan9118_state, 2),
334 VMSTATE_UINT16_V(write_word_l, lan9118_state, 2),
335 VMSTATE_UINT16_V(write_word_h, lan9118_state, 2),
336 VMSTATE_UINT32_V(read_word_prev_offset, lan9118_state, 2),
337 VMSTATE_UINT32_V(read_word_n, lan9118_state, 2),
338 VMSTATE_UINT32_V(read_long, lan9118_state, 2),
339 VMSTATE_UINT32_V(mode_16bit, lan9118_state, 2),
340 VMSTATE_END_OF_LIST()
341 }
342 };
343
lan9118_update(lan9118_state * s)344 static void lan9118_update(lan9118_state *s)
345 {
346 int level;
347
348 /* TODO: Implement FIFO level IRQs. */
349 level = (s->int_sts & s->int_en) != 0;
350 if (level) {
351 s->irq_cfg |= IRQ_INT;
352 } else {
353 s->irq_cfg &= ~IRQ_INT;
354 }
355 if ((s->irq_cfg & IRQ_EN) == 0) {
356 level = 0;
357 }
358 if ((s->irq_cfg & (IRQ_TYPE | IRQ_POL)) != (IRQ_TYPE | IRQ_POL)) {
359 /* Interrupt is active low unless we're configured as
360 * active-high polarity, push-pull type.
361 */
362 level = !level;
363 }
364 qemu_set_irq(s->irq, level);
365 }
366
lan9118_mac_changed(lan9118_state * s)367 static void lan9118_mac_changed(lan9118_state *s)
368 {
369 qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a);
370 }
371
lan9118_reload_eeprom(lan9118_state * s)372 static void lan9118_reload_eeprom(lan9118_state *s)
373 {
374 int i;
375 if (s->eeprom[0] != 0xa5) {
376 s->e2p_cmd &= ~E2P_CMD_MAC_ADDR_LOADED;
377 DPRINTF("MACADDR load failed\n");
378 return;
379 }
380 for (i = 0; i < 6; i++) {
381 s->conf.macaddr.a[i] = s->eeprom[i + 1];
382 }
383 s->e2p_cmd |= E2P_CMD_MAC_ADDR_LOADED;
384 DPRINTF("MACADDR loaded from eeprom\n");
385 lan9118_mac_changed(s);
386 }
387
phy_update_irq(lan9118_state * s)388 static void phy_update_irq(lan9118_state *s)
389 {
390 if (s->phy_int & s->phy_int_mask) {
391 s->int_sts |= PHY_INT;
392 } else {
393 s->int_sts &= ~PHY_INT;
394 }
395 lan9118_update(s);
396 }
397
phy_update_link(lan9118_state * s)398 static void phy_update_link(lan9118_state *s)
399 {
400 /* Autonegotiation status mirrors link status. */
401 if (qemu_get_queue(s->nic)->link_down) {
402 s->phy_status &= ~0x0024;
403 s->phy_int |= PHY_INT_DOWN;
404 } else {
405 s->phy_status |= 0x0024;
406 s->phy_int |= PHY_INT_ENERGYON;
407 s->phy_int |= PHY_INT_AUTONEG_COMPLETE;
408 }
409 phy_update_irq(s);
410 }
411
lan9118_set_link(NetClientState * nc)412 static void lan9118_set_link(NetClientState *nc)
413 {
414 phy_update_link(qemu_get_nic_opaque(nc));
415 }
416
phy_reset(lan9118_state * s)417 static void phy_reset(lan9118_state *s)
418 {
419 s->phy_status = 0x7809;
420 s->phy_control = 0x3000;
421 s->phy_advertise = 0x01e1;
422 s->phy_int_mask = 0;
423 s->phy_int = 0;
424 phy_update_link(s);
425 }
426
lan9118_reset(DeviceState * d)427 static void lan9118_reset(DeviceState *d)
428 {
429 lan9118_state *s = LAN9118(d);
430
431 s->irq_cfg &= (IRQ_TYPE | IRQ_POL);
432 s->int_sts = 0;
433 s->int_en = 0;
434 s->fifo_int = 0x48000000;
435 s->rx_cfg = 0;
436 s->tx_cfg = 0;
437 s->hw_cfg = s->mode_16bit ? 0x00050000 : 0x00050004;
438 s->pmt_ctrl &= 0x45;
439 s->gpio_cfg = 0;
440 s->txp->fifo_used = 0;
441 s->txp->state = TX_IDLE;
442 s->txp->cmd_a = 0xffffffffu;
443 s->txp->cmd_b = 0xffffffffu;
444 s->txp->len = 0;
445 s->txp->fifo_used = 0;
446 s->tx_fifo_size = 4608;
447 s->tx_status_fifo_used = 0;
448 s->rx_status_fifo_size = 704;
449 s->rx_fifo_size = 2640;
450 s->rx_fifo_used = 0;
451 s->rx_status_fifo_size = 176;
452 s->rx_status_fifo_used = 0;
453 s->rxp_offset = 0;
454 s->rxp_size = 0;
455 s->rxp_pad = 0;
456 s->rx_packet_size_tail = s->rx_packet_size_head;
457 s->rx_packet_size[s->rx_packet_size_head] = 0;
458 s->mac_cmd = 0;
459 s->mac_data = 0;
460 s->afc_cfg = 0;
461 s->e2p_cmd = 0;
462 s->e2p_data = 0;
463 s->free_timer_start = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) / 40;
464
465 ptimer_transaction_begin(s->timer);
466 ptimer_stop(s->timer);
467 ptimer_set_count(s->timer, 0xffff);
468 ptimer_transaction_commit(s->timer);
469 s->gpt_cfg = 0xffff;
470
471 s->mac_cr = MAC_CR_PRMS;
472 s->mac_hashh = 0;
473 s->mac_hashl = 0;
474 s->mac_mii_acc = 0;
475 s->mac_mii_data = 0;
476 s->mac_flow = 0;
477
478 s->read_word_n = 0;
479 s->write_word_n = 0;
480
481 phy_reset(s);
482
483 s->eeprom_writable = 0;
484 lan9118_reload_eeprom(s);
485 }
486
rx_fifo_push(lan9118_state * s,uint32_t val)487 static void rx_fifo_push(lan9118_state *s, uint32_t val)
488 {
489 int fifo_pos;
490 fifo_pos = s->rx_fifo_head + s->rx_fifo_used;
491 if (fifo_pos >= s->rx_fifo_size)
492 fifo_pos -= s->rx_fifo_size;
493 s->rx_fifo[fifo_pos] = val;
494 s->rx_fifo_used++;
495 }
496
497 /* Return nonzero if the packet is accepted by the filter. */
lan9118_filter(lan9118_state * s,const uint8_t * addr)498 static int lan9118_filter(lan9118_state *s, const uint8_t *addr)
499 {
500 int multicast;
501 uint32_t hash;
502
503 if (s->mac_cr & MAC_CR_PRMS) {
504 return 1;
505 }
506 if (addr[0] == 0xff && addr[1] == 0xff && addr[2] == 0xff &&
507 addr[3] == 0xff && addr[4] == 0xff && addr[5] == 0xff) {
508 return (s->mac_cr & MAC_CR_BCAST) == 0;
509 }
510
511 multicast = addr[0] & 1;
512 if (multicast &&s->mac_cr & MAC_CR_MCPAS) {
513 return 1;
514 }
515 if (multicast ? (s->mac_cr & MAC_CR_HPFILT) == 0
516 : (s->mac_cr & MAC_CR_HO) == 0) {
517 /* Exact matching. */
518 hash = memcmp(addr, s->conf.macaddr.a, 6);
519 if (s->mac_cr & MAC_CR_INVFILT) {
520 return hash != 0;
521 } else {
522 return hash == 0;
523 }
524 } else {
525 /* Hash matching */
526 hash = net_crc32(addr, ETH_ALEN) >> 26;
527 if (hash & 0x20) {
528 return (s->mac_hashh >> (hash & 0x1f)) & 1;
529 } else {
530 return (s->mac_hashl >> (hash & 0x1f)) & 1;
531 }
532 }
533 }
534
lan9118_receive(NetClientState * nc,const uint8_t * buf,size_t size)535 static ssize_t lan9118_receive(NetClientState *nc, const uint8_t *buf,
536 size_t size)
537 {
538 lan9118_state *s = qemu_get_nic_opaque(nc);
539 int fifo_len;
540 int offset;
541 int src_pos;
542 int n;
543 int filter;
544 uint32_t val;
545 uint32_t crc;
546 uint32_t status;
547
548 if ((s->mac_cr & MAC_CR_RXEN) == 0) {
549 return -1;
550 }
551
552 if (size >= MIL_TXFIFO_SIZE || size < 14) {
553 return -1;
554 }
555
556 /* TODO: Implement FIFO overflow notification. */
557 if (s->rx_status_fifo_used == s->rx_status_fifo_size) {
558 return -1;
559 }
560
561 filter = lan9118_filter(s, buf);
562 if (!filter && (s->mac_cr & MAC_CR_RXALL) == 0) {
563 return size;
564 }
565
566 offset = (s->rx_cfg >> 8) & 0x1f;
567 n = offset & 3;
568 fifo_len = (size + n + 3) >> 2;
569 /* Add a word for the CRC. */
570 fifo_len++;
571 if (s->rx_fifo_size - s->rx_fifo_used < fifo_len) {
572 return -1;
573 }
574
575 DPRINTF("Got packet len:%d fifo:%d filter:%s\n",
576 (int)size, fifo_len, filter ? "pass" : "fail");
577 val = 0;
578 crc = bswap32(crc32(~0, buf, size));
579 for (src_pos = 0; src_pos < size; src_pos++) {
580 val = (val >> 8) | ((uint32_t)buf[src_pos] << 24);
581 n++;
582 if (n == 4) {
583 n = 0;
584 rx_fifo_push(s, val);
585 val = 0;
586 }
587 }
588 if (n) {
589 val >>= ((4 - n) * 8);
590 val |= crc << (n * 8);
591 rx_fifo_push(s, val);
592 val = crc >> ((4 - n) * 8);
593 rx_fifo_push(s, val);
594 } else {
595 rx_fifo_push(s, crc);
596 }
597 n = s->rx_status_fifo_head + s->rx_status_fifo_used;
598 if (n >= s->rx_status_fifo_size) {
599 n -= s->rx_status_fifo_size;
600 }
601 s->rx_packet_size[s->rx_packet_size_tail] = fifo_len;
602 s->rx_packet_size_tail = (s->rx_packet_size_tail + 1023) & 1023;
603 s->rx_status_fifo_used++;
604
605 status = (size + 4) << 16;
606 if (buf[0] == 0xff && buf[1] == 0xff && buf[2] == 0xff &&
607 buf[3] == 0xff && buf[4] == 0xff && buf[5] == 0xff) {
608 status |= 0x00002000;
609 } else if (buf[0] & 1) {
610 status |= 0x00000400;
611 }
612 if (!filter) {
613 status |= 0x40000000;
614 }
615 s->rx_status_fifo[n] = status;
616
617 if (s->rx_status_fifo_used > (s->fifo_int & 0xff)) {
618 s->int_sts |= RSFL_INT;
619 }
620 lan9118_update(s);
621
622 return size;
623 }
624
rx_fifo_pop(lan9118_state * s)625 static uint32_t rx_fifo_pop(lan9118_state *s)
626 {
627 int n;
628 uint32_t val;
629
630 if (s->rxp_size == 0 && s->rxp_pad == 0) {
631 s->rxp_size = s->rx_packet_size[s->rx_packet_size_head];
632 s->rx_packet_size[s->rx_packet_size_head] = 0;
633 if (s->rxp_size != 0) {
634 s->rx_packet_size_head = (s->rx_packet_size_head + 1023) & 1023;
635 s->rxp_offset = (s->rx_cfg >> 10) & 7;
636 n = s->rxp_offset + s->rxp_size;
637 switch (s->rx_cfg >> 30) {
638 case 1:
639 n = (-n) & 3;
640 break;
641 case 2:
642 n = (-n) & 7;
643 break;
644 default:
645 n = 0;
646 break;
647 }
648 s->rxp_pad = n;
649 DPRINTF("Pop packet size:%d offset:%d pad: %d\n",
650 s->rxp_size, s->rxp_offset, s->rxp_pad);
651 }
652 }
653 if (s->rxp_offset > 0) {
654 s->rxp_offset--;
655 val = 0;
656 } else if (s->rxp_size > 0) {
657 s->rxp_size--;
658 val = s->rx_fifo[s->rx_fifo_head++];
659 if (s->rx_fifo_head >= s->rx_fifo_size) {
660 s->rx_fifo_head -= s->rx_fifo_size;
661 }
662 s->rx_fifo_used--;
663 } else if (s->rxp_pad > 0) {
664 s->rxp_pad--;
665 val = 0;
666 } else {
667 DPRINTF("RX underflow\n");
668 s->int_sts |= RXE_INT;
669 val = 0;
670 }
671 lan9118_update(s);
672 return val;
673 }
674
do_tx_packet(lan9118_state * s)675 static void do_tx_packet(lan9118_state *s)
676 {
677 int n;
678 uint32_t status;
679
680 /* FIXME: Honor TX disable, and allow queueing of packets. */
681 if (s->phy_control & 0x4000) {
682 /* This assumes the receive routine doesn't touch the VLANClient. */
683 qemu_receive_packet(qemu_get_queue(s->nic), s->txp->data, s->txp->len);
684 } else {
685 qemu_send_packet(qemu_get_queue(s->nic), s->txp->data, s->txp->len);
686 }
687 s->txp->fifo_used = 0;
688
689 if (s->tx_status_fifo_used == 512) {
690 /* Status FIFO full */
691 return;
692 }
693 /* Add entry to status FIFO. */
694 status = s->txp->cmd_b & 0xffff0000u;
695 DPRINTF("Sent packet tag:%04x len %d\n", status >> 16, s->txp->len);
696 n = (s->tx_status_fifo_head + s->tx_status_fifo_used) & 511;
697 s->tx_status_fifo[n] = status;
698 s->tx_status_fifo_used++;
699
700 /*
701 * Generate TSFL interrupt if TX FIFO level exceeds the level
702 * specified in the FIFO_INT TX Status Level field.
703 */
704 if (s->tx_status_fifo_used > ((s->fifo_int >> 16) & 0xff)) {
705 s->int_sts |= TSFL_INT;
706 }
707 if (s->tx_status_fifo_used == 512) {
708 s->int_sts |= TSFF_INT;
709 /* TODO: Stop transmission. */
710 }
711 }
712
rx_status_fifo_pop(lan9118_state * s)713 static uint32_t rx_status_fifo_pop(lan9118_state *s)
714 {
715 uint32_t val;
716
717 val = s->rx_status_fifo[s->rx_status_fifo_head];
718 if (s->rx_status_fifo_used != 0) {
719 s->rx_status_fifo_used--;
720 s->rx_status_fifo_head++;
721 if (s->rx_status_fifo_head >= s->rx_status_fifo_size) {
722 s->rx_status_fifo_head -= s->rx_status_fifo_size;
723 }
724 /* ??? What value should be returned when the FIFO is empty? */
725 DPRINTF("RX status pop 0x%08x\n", val);
726 }
727 return val;
728 }
729
tx_status_fifo_pop(lan9118_state * s)730 static uint32_t tx_status_fifo_pop(lan9118_state *s)
731 {
732 uint32_t val;
733
734 val = s->tx_status_fifo[s->tx_status_fifo_head];
735 if (s->tx_status_fifo_used != 0) {
736 s->tx_status_fifo_used--;
737 s->tx_status_fifo_head = (s->tx_status_fifo_head + 1) & 511;
738 /* ??? What value should be returned when the FIFO is empty? */
739 }
740 return val;
741 }
742
tx_fifo_push(lan9118_state * s,uint32_t val)743 static void tx_fifo_push(lan9118_state *s, uint32_t val)
744 {
745 int n;
746
747 if (s->txp->fifo_used == s->tx_fifo_size) {
748 s->int_sts |= TDFO_INT;
749 return;
750 }
751 switch (s->txp->state) {
752 case TX_IDLE:
753 s->txp->cmd_a = val & 0x831f37ff;
754 s->txp->fifo_used++;
755 s->txp->state = TX_B;
756 s->txp->buffer_size = extract32(s->txp->cmd_a, 0, 11);
757 s->txp->offset = extract32(s->txp->cmd_a, 16, 5);
758 break;
759 case TX_B:
760 if (s->txp->cmd_a & 0x2000) {
761 /* First segment */
762 s->txp->cmd_b = val;
763 s->txp->fifo_used++;
764 /* End alignment does not include command words. */
765 n = (s->txp->buffer_size + s->txp->offset + 3) >> 2;
766 switch ((n >> 24) & 3) {
767 case 1:
768 n = (-n) & 3;
769 break;
770 case 2:
771 n = (-n) & 7;
772 break;
773 default:
774 n = 0;
775 }
776 s->txp->pad = n;
777 s->txp->len = 0;
778 }
779 DPRINTF("Block len:%d offset:%d pad:%d cmd %08x\n",
780 s->txp->buffer_size, s->txp->offset, s->txp->pad,
781 s->txp->cmd_a);
782 s->txp->state = TX_DATA;
783 break;
784 case TX_DATA:
785 if (s->txp->offset >= 4) {
786 s->txp->offset -= 4;
787 break;
788 }
789 if (s->txp->buffer_size <= 0 && s->txp->pad != 0) {
790 s->txp->pad--;
791 } else {
792 n = MIN(4, s->txp->buffer_size + s->txp->offset);
793 while (s->txp->offset) {
794 val >>= 8;
795 n--;
796 s->txp->offset--;
797 }
798 /* Documentation is somewhat unclear on the ordering of bytes
799 in FIFO words. Empirical results show it to be little-endian.
800 */
801 while (n--) {
802 if (s->txp->len == MIL_TXFIFO_SIZE) {
803 /*
804 * No more space in the FIFO. The datasheet is not
805 * precise about this case. We choose what is easiest
806 * to model: the packet is truncated, and TXE is raised.
807 *
808 * Note, it could be a fragmented packet, but we currently
809 * do not handle that (see earlier TX_B case).
810 */
811 qemu_log_mask(LOG_GUEST_ERROR,
812 "MIL TX FIFO overrun, discarding %u byte%s\n",
813 n, n > 1 ? "s" : "");
814 s->int_sts |= TXE_INT;
815 break;
816 }
817 s->txp->data[s->txp->len] = val & 0xff;
818 s->txp->len++;
819 val >>= 8;
820 s->txp->buffer_size--;
821 }
822 s->txp->fifo_used++;
823 }
824 if (s->txp->buffer_size <= 0 && s->txp->pad == 0) {
825 if (s->txp->cmd_a & 0x1000) {
826 do_tx_packet(s);
827 }
828 if (s->txp->cmd_a & 0x80000000) {
829 s->int_sts |= TX_IOC_INT;
830 }
831 s->txp->state = TX_IDLE;
832 }
833 break;
834 }
835 }
836
do_phy_read(lan9118_state * s,int reg)837 static uint32_t do_phy_read(lan9118_state *s, int reg)
838 {
839 uint32_t val;
840
841 switch (reg) {
842 case 0: /* Basic Control */
843 return s->phy_control;
844 case 1: /* Basic Status */
845 return s->phy_status;
846 case 2: /* ID1 */
847 return 0x0007;
848 case 3: /* ID2 */
849 return 0xc0d1;
850 case 4: /* Auto-neg advertisement */
851 return s->phy_advertise;
852 case 5: /* Auto-neg Link Partner Ability */
853 return 0x0f71;
854 case 6: /* Auto-neg Expansion */
855 return 1;
856 /* TODO 17, 18, 27, 29, 30, 31 */
857 case 29: /* Interrupt source. */
858 val = s->phy_int;
859 s->phy_int = 0;
860 phy_update_irq(s);
861 return val;
862 case 30: /* Interrupt mask */
863 return s->phy_int_mask;
864 default:
865 qemu_log_mask(LOG_GUEST_ERROR,
866 "do_phy_read: PHY read reg %d\n", reg);
867 return 0;
868 }
869 }
870
do_phy_write(lan9118_state * s,int reg,uint32_t val)871 static void do_phy_write(lan9118_state *s, int reg, uint32_t val)
872 {
873 switch (reg) {
874 case 0: /* Basic Control */
875 if (val & 0x8000) {
876 phy_reset(s);
877 break;
878 }
879 s->phy_control = val & 0x7980;
880 /* Complete autonegotiation immediately. */
881 if (val & 0x1000) {
882 s->phy_status |= 0x0020;
883 }
884 break;
885 case 4: /* Auto-neg advertisement */
886 s->phy_advertise = (val & 0x2d7f) | 0x80;
887 break;
888 /* TODO 17, 18, 27, 31 */
889 case 30: /* Interrupt mask */
890 s->phy_int_mask = val & 0xff;
891 phy_update_irq(s);
892 break;
893 default:
894 qemu_log_mask(LOG_GUEST_ERROR,
895 "do_phy_write: PHY write reg %d = 0x%04x\n", reg, val);
896 }
897 }
898
do_mac_write(lan9118_state * s,int reg,uint32_t val)899 static void do_mac_write(lan9118_state *s, int reg, uint32_t val)
900 {
901 switch (reg) {
902 case MAC_CR:
903 if ((s->mac_cr & MAC_CR_RXEN) != 0 && (val & MAC_CR_RXEN) == 0) {
904 s->int_sts |= RXSTOP_INT;
905 }
906 s->mac_cr = val & ~MAC_CR_RESERVED;
907 DPRINTF("MAC_CR: %08x\n", val);
908 break;
909 case MAC_ADDRH:
910 s->conf.macaddr.a[4] = val & 0xff;
911 s->conf.macaddr.a[5] = (val >> 8) & 0xff;
912 lan9118_mac_changed(s);
913 break;
914 case MAC_ADDRL:
915 s->conf.macaddr.a[0] = val & 0xff;
916 s->conf.macaddr.a[1] = (val >> 8) & 0xff;
917 s->conf.macaddr.a[2] = (val >> 16) & 0xff;
918 s->conf.macaddr.a[3] = (val >> 24) & 0xff;
919 lan9118_mac_changed(s);
920 break;
921 case MAC_HASHH:
922 s->mac_hashh = val;
923 break;
924 case MAC_HASHL:
925 s->mac_hashl = val;
926 break;
927 case MAC_MII_ACC:
928 s->mac_mii_acc = val & 0xffc2;
929 if (val & 2) {
930 DPRINTF("PHY write %d = 0x%04x\n",
931 (val >> 6) & 0x1f, s->mac_mii_data);
932 do_phy_write(s, (val >> 6) & 0x1f, s->mac_mii_data);
933 } else {
934 s->mac_mii_data = do_phy_read(s, (val >> 6) & 0x1f);
935 DPRINTF("PHY read %d = 0x%04x\n",
936 (val >> 6) & 0x1f, s->mac_mii_data);
937 }
938 break;
939 case MAC_MII_DATA:
940 s->mac_mii_data = val & 0xffff;
941 break;
942 case MAC_FLOW:
943 s->mac_flow = val & 0xffff0000;
944 break;
945 case MAC_VLAN1:
946 /* Writing to this register changes a condition for
947 * FrameTooLong bit in rx_status. Since we do not set
948 * FrameTooLong anyway, just ignore write to this.
949 */
950 break;
951 default:
952 qemu_log_mask(LOG_GUEST_ERROR,
953 "lan9118: Unimplemented MAC register write: %d = 0x%x\n",
954 s->mac_cmd & 0xf, val);
955 }
956 }
957
do_mac_read(lan9118_state * s,int reg)958 static uint32_t do_mac_read(lan9118_state *s, int reg)
959 {
960 switch (reg) {
961 case MAC_CR:
962 return s->mac_cr;
963 case MAC_ADDRH:
964 return s->conf.macaddr.a[4] | (s->conf.macaddr.a[5] << 8);
965 case MAC_ADDRL:
966 return s->conf.macaddr.a[0] | (s->conf.macaddr.a[1] << 8)
967 | (s->conf.macaddr.a[2] << 16) | (s->conf.macaddr.a[3] << 24);
968 case MAC_HASHH:
969 return s->mac_hashh;
970 case MAC_HASHL:
971 return s->mac_hashl;
972 case MAC_MII_ACC:
973 return s->mac_mii_acc;
974 case MAC_MII_DATA:
975 return s->mac_mii_data;
976 case MAC_FLOW:
977 return s->mac_flow;
978 default:
979 qemu_log_mask(LOG_GUEST_ERROR,
980 "lan9118: Unimplemented MAC register read: %d\n",
981 s->mac_cmd & 0xf);
982 return 0;
983 }
984 }
985
lan9118_eeprom_cmd(lan9118_state * s,int cmd,int addr)986 static void lan9118_eeprom_cmd(lan9118_state *s, int cmd, int addr)
987 {
988 s->e2p_cmd = (s->e2p_cmd & E2P_CMD_MAC_ADDR_LOADED) | (cmd << 28) | addr;
989 switch (cmd) {
990 case 0:
991 s->e2p_data = s->eeprom[addr];
992 DPRINTF("EEPROM Read %d = 0x%02x\n", addr, s->e2p_data);
993 break;
994 case 1:
995 s->eeprom_writable = 0;
996 DPRINTF("EEPROM Write Disable\n");
997 break;
998 case 2: /* EWEN */
999 s->eeprom_writable = 1;
1000 DPRINTF("EEPROM Write Enable\n");
1001 break;
1002 case 3: /* WRITE */
1003 if (s->eeprom_writable) {
1004 s->eeprom[addr] &= s->e2p_data;
1005 DPRINTF("EEPROM Write %d = 0x%02x\n", addr, s->e2p_data);
1006 } else {
1007 DPRINTF("EEPROM Write %d (ignored)\n", addr);
1008 }
1009 break;
1010 case 4: /* WRAL */
1011 if (s->eeprom_writable) {
1012 for (addr = 0; addr < 128; addr++) {
1013 s->eeprom[addr] &= s->e2p_data;
1014 }
1015 DPRINTF("EEPROM Write All 0x%02x\n", s->e2p_data);
1016 } else {
1017 DPRINTF("EEPROM Write All (ignored)\n");
1018 }
1019 break;
1020 case 5: /* ERASE */
1021 if (s->eeprom_writable) {
1022 s->eeprom[addr] = 0xff;
1023 DPRINTF("EEPROM Erase %d\n", addr);
1024 } else {
1025 DPRINTF("EEPROM Erase %d (ignored)\n", addr);
1026 }
1027 break;
1028 case 6: /* ERAL */
1029 if (s->eeprom_writable) {
1030 memset(s->eeprom, 0xff, 128);
1031 DPRINTF("EEPROM Erase All\n");
1032 } else {
1033 DPRINTF("EEPROM Erase All (ignored)\n");
1034 }
1035 break;
1036 case 7: /* RELOAD */
1037 lan9118_reload_eeprom(s);
1038 break;
1039 }
1040 }
1041
lan9118_tick(void * opaque)1042 static void lan9118_tick(void *opaque)
1043 {
1044 lan9118_state *s = (lan9118_state *)opaque;
1045 if (s->int_en & GPT_INT) {
1046 s->int_sts |= GPT_INT;
1047 }
1048 lan9118_update(s);
1049 }
1050
lan9118_writel(void * opaque,hwaddr offset,uint64_t val,unsigned size)1051 static void lan9118_writel(void *opaque, hwaddr offset,
1052 uint64_t val, unsigned size)
1053 {
1054 lan9118_state *s = (lan9118_state *)opaque;
1055 offset &= 0xff;
1056
1057 //DPRINTF("Write reg 0x%02x = 0x%08x\n", (int)offset, val);
1058 if (offset >= TX_DATA_FIFO_PORT_FIRST &&
1059 offset <= TX_DATA_FIFO_PORT_LAST) {
1060 /* TX FIFO */
1061 tx_fifo_push(s, val);
1062 return;
1063 }
1064 switch (offset) {
1065 case CSR_IRQ_CFG:
1066 /* TODO: Implement interrupt deassertion intervals. */
1067 val &= (IRQ_EN | IRQ_POL | IRQ_TYPE);
1068 s->irq_cfg = (s->irq_cfg & IRQ_INT) | val;
1069 break;
1070 case CSR_INT_STS:
1071 s->int_sts &= ~val;
1072 break;
1073 case CSR_INT_EN:
1074 s->int_en = val & ~RESERVED_INT;
1075 s->int_sts |= val & SW_INT;
1076 break;
1077 case CSR_FIFO_INT:
1078 DPRINTF("FIFO INT levels %08x\n", val);
1079 s->fifo_int = val;
1080 break;
1081 case CSR_RX_CFG:
1082 if (val & 0x8000) {
1083 /* RX_DUMP */
1084 s->rx_fifo_used = 0;
1085 s->rx_status_fifo_used = 0;
1086 s->rx_packet_size_tail = s->rx_packet_size_head;
1087 s->rx_packet_size[s->rx_packet_size_head] = 0;
1088 }
1089 s->rx_cfg = val & 0xcfff1ff0;
1090 break;
1091 case CSR_TX_CFG:
1092 if (val & 0x8000) {
1093 s->tx_status_fifo_used = 0;
1094 }
1095 if (val & 0x4000) {
1096 s->txp->state = TX_IDLE;
1097 s->txp->fifo_used = 0;
1098 s->txp->cmd_a = 0xffffffff;
1099 }
1100 s->tx_cfg = val & 6;
1101 break;
1102 case CSR_HW_CFG:
1103 if (val & 1) {
1104 /* SRST */
1105 lan9118_reset(DEVICE(s));
1106 } else {
1107 s->hw_cfg = (val & 0x003f300) | (s->hw_cfg & 0x4);
1108 }
1109 break;
1110 case CSR_RX_DP_CTRL:
1111 if (val & 0x80000000) {
1112 /* Skip forward to next packet. */
1113 s->rxp_pad = 0;
1114 s->rxp_offset = 0;
1115 if (s->rxp_size == 0) {
1116 /* Pop a word to start the next packet. */
1117 rx_fifo_pop(s);
1118 s->rxp_pad = 0;
1119 s->rxp_offset = 0;
1120 }
1121 s->rx_fifo_head += s->rxp_size;
1122 if (s->rx_fifo_head >= s->rx_fifo_size) {
1123 s->rx_fifo_head -= s->rx_fifo_size;
1124 }
1125 }
1126 break;
1127 case CSR_PMT_CTRL:
1128 if (val & 0x400) {
1129 phy_reset(s);
1130 }
1131 s->pmt_ctrl &= ~0x34e;
1132 s->pmt_ctrl |= (val & 0x34e);
1133 break;
1134 case CSR_GPIO_CFG:
1135 /* Probably just enabling LEDs. */
1136 s->gpio_cfg = val & 0x7777071f;
1137 break;
1138 case CSR_GPT_CFG:
1139 if ((s->gpt_cfg ^ val) & GPT_TIMER_EN) {
1140 ptimer_transaction_begin(s->timer);
1141 if (val & GPT_TIMER_EN) {
1142 ptimer_set_count(s->timer, val & 0xffff);
1143 ptimer_run(s->timer, 0);
1144 } else {
1145 ptimer_stop(s->timer);
1146 ptimer_set_count(s->timer, 0xffff);
1147 }
1148 ptimer_transaction_commit(s->timer);
1149 }
1150 s->gpt_cfg = val & (GPT_TIMER_EN | 0xffff);
1151 break;
1152 case CSR_WORD_SWAP:
1153 /* Ignored because we're in 32-bit mode. */
1154 s->word_swap = val;
1155 break;
1156 case CSR_MAC_CSR_CMD:
1157 s->mac_cmd = val & 0x4000000f;
1158 if (val & 0x80000000) {
1159 if (val & 0x40000000) {
1160 s->mac_data = do_mac_read(s, val & 0xf);
1161 DPRINTF("MAC read %d = 0x%08x\n", val & 0xf, s->mac_data);
1162 } else {
1163 DPRINTF("MAC write %d = 0x%08x\n", val & 0xf, s->mac_data);
1164 do_mac_write(s, val & 0xf, s->mac_data);
1165 }
1166 }
1167 break;
1168 case CSR_MAC_CSR_DATA:
1169 s->mac_data = val;
1170 break;
1171 case CSR_AFC_CFG:
1172 s->afc_cfg = val & 0x00ffffff;
1173 break;
1174 case CSR_E2P_CMD:
1175 lan9118_eeprom_cmd(s, (val >> 28) & 7, val & 0x7f);
1176 break;
1177 case CSR_E2P_DATA:
1178 s->e2p_data = val & 0xff;
1179 break;
1180
1181 default:
1182 qemu_log_mask(LOG_GUEST_ERROR, "lan9118_write: Bad reg 0x%x = %x\n",
1183 (int)offset, (int)val);
1184 break;
1185 }
1186 lan9118_update(s);
1187 }
1188
lan9118_writew(void * opaque,hwaddr offset,uint32_t val)1189 static void lan9118_writew(void *opaque, hwaddr offset,
1190 uint32_t val)
1191 {
1192 lan9118_state *s = (lan9118_state *)opaque;
1193 offset &= 0xff;
1194
1195 if (s->write_word_prev_offset != (offset & ~0x3)) {
1196 /* New offset, reset word counter */
1197 s->write_word_n = 0;
1198 s->write_word_prev_offset = offset & ~0x3;
1199 }
1200
1201 if (offset & 0x2) {
1202 s->write_word_h = val;
1203 } else {
1204 s->write_word_l = val;
1205 }
1206
1207 //DPRINTF("Writew reg 0x%02x = 0x%08x\n", (int)offset, val);
1208 s->write_word_n++;
1209 if (s->write_word_n == 2) {
1210 s->write_word_n = 0;
1211 lan9118_writel(s, offset & ~3, s->write_word_l +
1212 (s->write_word_h << 16), 4);
1213 }
1214 }
1215
lan9118_16bit_mode_write(void * opaque,hwaddr offset,uint64_t val,unsigned size)1216 static void lan9118_16bit_mode_write(void *opaque, hwaddr offset,
1217 uint64_t val, unsigned size)
1218 {
1219 switch (size) {
1220 case 2:
1221 lan9118_writew(opaque, offset, (uint32_t)val);
1222 return;
1223 case 4:
1224 lan9118_writel(opaque, offset, val, size);
1225 return;
1226 }
1227
1228 qemu_log_mask(LOG_GUEST_ERROR,
1229 "lan9118_16bit_mode_write: Bad size 0x%x\n", size);
1230 }
1231
lan9118_readl(void * opaque,hwaddr offset,unsigned size)1232 static uint64_t lan9118_readl(void *opaque, hwaddr offset,
1233 unsigned size)
1234 {
1235 lan9118_state *s = (lan9118_state *)opaque;
1236
1237 //DPRINTF("Read reg 0x%02x\n", (int)offset);
1238 if (offset <= RX_DATA_FIFO_PORT_LAST) {
1239 /* RX FIFO */
1240 return rx_fifo_pop(s);
1241 }
1242 switch (offset) {
1243 case RX_STATUS_FIFO_PORT:
1244 return rx_status_fifo_pop(s);
1245 case RX_STATUS_FIFO_PEEK:
1246 return s->rx_status_fifo[s->rx_status_fifo_head];
1247 case TX_STATUS_FIFO_PORT:
1248 return tx_status_fifo_pop(s);
1249 case TX_STATUS_FIFO_PEEK:
1250 return s->tx_status_fifo[s->tx_status_fifo_head];
1251 case CSR_ID_REV:
1252 return 0x01180001;
1253 case CSR_IRQ_CFG:
1254 return s->irq_cfg;
1255 case CSR_INT_STS:
1256 return s->int_sts;
1257 case CSR_INT_EN:
1258 return s->int_en;
1259 case CSR_BYTE_TEST:
1260 return 0x87654321;
1261 case CSR_FIFO_INT:
1262 return s->fifo_int;
1263 case CSR_RX_CFG:
1264 return s->rx_cfg;
1265 case CSR_TX_CFG:
1266 return s->tx_cfg;
1267 case CSR_HW_CFG:
1268 return s->hw_cfg;
1269 case CSR_RX_DP_CTRL:
1270 return 0;
1271 case CSR_RX_FIFO_INF:
1272 return (s->rx_status_fifo_used << 16) | (s->rx_fifo_used << 2);
1273 case CSR_TX_FIFO_INF:
1274 return (s->tx_status_fifo_used << 16)
1275 | (s->tx_fifo_size - s->txp->fifo_used);
1276 case CSR_PMT_CTRL:
1277 return s->pmt_ctrl;
1278 case CSR_GPIO_CFG:
1279 return s->gpio_cfg;
1280 case CSR_GPT_CFG:
1281 return s->gpt_cfg;
1282 case CSR_GPT_CNT:
1283 return ptimer_get_count(s->timer);
1284 case CSR_WORD_SWAP:
1285 return s->word_swap;
1286 case CSR_FREE_RUN:
1287 return (qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) / 40) - s->free_timer_start;
1288 case CSR_RX_DROP:
1289 /* TODO: Implement dropped frames counter. */
1290 return 0;
1291 case CSR_MAC_CSR_CMD:
1292 return s->mac_cmd;
1293 case CSR_MAC_CSR_DATA:
1294 return s->mac_data;
1295 case CSR_AFC_CFG:
1296 return s->afc_cfg;
1297 case CSR_E2P_CMD:
1298 return s->e2p_cmd;
1299 case CSR_E2P_DATA:
1300 return s->e2p_data;
1301 }
1302 qemu_log_mask(LOG_GUEST_ERROR, "lan9118_read: Bad reg 0x%x\n", (int)offset);
1303 return 0;
1304 }
1305
lan9118_readw(void * opaque,hwaddr offset)1306 static uint32_t lan9118_readw(void *opaque, hwaddr offset)
1307 {
1308 lan9118_state *s = (lan9118_state *)opaque;
1309 uint32_t val;
1310
1311 if (s->read_word_prev_offset != (offset & ~0x3)) {
1312 /* New offset, reset word counter */
1313 s->read_word_n = 0;
1314 s->read_word_prev_offset = offset & ~0x3;
1315 }
1316
1317 s->read_word_n++;
1318 if (s->read_word_n == 1) {
1319 s->read_long = lan9118_readl(s, offset & ~3, 4);
1320 } else {
1321 s->read_word_n = 0;
1322 }
1323
1324 if (offset & 2) {
1325 val = s->read_long >> 16;
1326 } else {
1327 val = s->read_long & 0xFFFF;
1328 }
1329
1330 //DPRINTF("Readw reg 0x%02x, val 0x%x\n", (int)offset, val);
1331 return val;
1332 }
1333
lan9118_16bit_mode_read(void * opaque,hwaddr offset,unsigned size)1334 static uint64_t lan9118_16bit_mode_read(void *opaque, hwaddr offset,
1335 unsigned size)
1336 {
1337 switch (size) {
1338 case 2:
1339 return lan9118_readw(opaque, offset);
1340 case 4:
1341 return lan9118_readl(opaque, offset, size);
1342 }
1343
1344 qemu_log_mask(LOG_GUEST_ERROR,
1345 "lan9118_16bit_mode_read: Bad size 0x%x\n", size);
1346 return 0;
1347 }
1348
1349 static const MemoryRegionOps lan9118_mem_ops = {
1350 .read = lan9118_readl,
1351 .write = lan9118_writel,
1352 .endianness = DEVICE_NATIVE_ENDIAN,
1353 };
1354
1355 static const MemoryRegionOps lan9118_16bit_mem_ops = {
1356 .read = lan9118_16bit_mode_read,
1357 .write = lan9118_16bit_mode_write,
1358 .endianness = DEVICE_NATIVE_ENDIAN,
1359 };
1360
1361 static NetClientInfo net_lan9118_info = {
1362 .type = NET_CLIENT_DRIVER_NIC,
1363 .size = sizeof(NICState),
1364 .receive = lan9118_receive,
1365 .link_status_changed = lan9118_set_link,
1366 };
1367
lan9118_realize(DeviceState * dev,Error ** errp)1368 static void lan9118_realize(DeviceState *dev, Error **errp)
1369 {
1370 SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
1371 lan9118_state *s = LAN9118(dev);
1372 int i;
1373 const MemoryRegionOps *mem_ops =
1374 s->mode_16bit ? &lan9118_16bit_mem_ops : &lan9118_mem_ops;
1375
1376 memory_region_init_io(&s->mmio, OBJECT(dev), mem_ops, s,
1377 "lan9118-mmio", 0x100);
1378 sysbus_init_mmio(sbd, &s->mmio);
1379 sysbus_init_irq(sbd, &s->irq);
1380 qemu_macaddr_default_if_unset(&s->conf.macaddr);
1381
1382 s->nic = qemu_new_nic(&net_lan9118_info, &s->conf,
1383 object_get_typename(OBJECT(dev)), dev->id,
1384 &dev->mem_reentrancy_guard, s);
1385 qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a);
1386 s->eeprom[0] = 0xa5;
1387 for (i = 0; i < 6; i++) {
1388 s->eeprom[i + 1] = s->conf.macaddr.a[i];
1389 }
1390 s->pmt_ctrl = 1;
1391 s->txp = &s->tx_packet;
1392
1393 s->timer = ptimer_init(lan9118_tick, s, PTIMER_POLICY_LEGACY);
1394 ptimer_transaction_begin(s->timer);
1395 ptimer_set_freq(s->timer, 10000);
1396 ptimer_set_limit(s->timer, 0xffff, 1);
1397 ptimer_transaction_commit(s->timer);
1398 }
1399
1400 static Property lan9118_properties[] = {
1401 DEFINE_NIC_PROPERTIES(lan9118_state, conf),
1402 DEFINE_PROP_UINT32("mode_16bit", lan9118_state, mode_16bit, 0),
1403 DEFINE_PROP_END_OF_LIST(),
1404 };
1405
lan9118_class_init(ObjectClass * klass,void * data)1406 static void lan9118_class_init(ObjectClass *klass, void *data)
1407 {
1408 DeviceClass *dc = DEVICE_CLASS(klass);
1409
1410 device_class_set_legacy_reset(dc, lan9118_reset);
1411 device_class_set_props(dc, lan9118_properties);
1412 dc->vmsd = &vmstate_lan9118;
1413 dc->realize = lan9118_realize;
1414 }
1415
1416 static const TypeInfo lan9118_info = {
1417 .name = TYPE_LAN9118,
1418 .parent = TYPE_SYS_BUS_DEVICE,
1419 .instance_size = sizeof(lan9118_state),
1420 .class_init = lan9118_class_init,
1421 };
1422
lan9118_register_types(void)1423 static void lan9118_register_types(void)
1424 {
1425 type_register_static(&lan9118_info);
1426 }
1427
1428 /* Legacy helper function. Should go away when machine config files are
1429 implemented. */
lan9118_init(uint32_t base,qemu_irq irq)1430 void lan9118_init(uint32_t base, qemu_irq irq)
1431 {
1432 DeviceState *dev;
1433 SysBusDevice *s;
1434
1435 dev = qdev_new(TYPE_LAN9118);
1436 qemu_configure_nic_device(dev, true, NULL);
1437 s = SYS_BUS_DEVICE(dev);
1438 sysbus_realize_and_unref(s, &error_fatal);
1439 sysbus_mmio_map(s, 0, base);
1440 sysbus_connect_irq(s, 0, irq);
1441 }
1442
1443 type_init(lan9118_register_types)
1444