1 /* 2 * Emulation of Allwinner EMAC Fast Ethernet controller and 3 * Realtek RTL8201CP PHY 4 * 5 * Copyright (C) 2014 Beniamino Galvani <b.galvani@gmail.com> 6 * 7 * This model is based on reverse-engineering of Linux kernel driver. 8 * 9 * This program is free software; you can redistribute it and/or modify 10 * it under the terms of the GNU General Public License version 2 as 11 * published by the Free Software Foundation. 12 * 13 * This program is distributed in the hope that it will be useful, 14 * but WITHOUT ANY WARRANTY; without even the implied warranty of 15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 16 * GNU General Public License for more details. 17 * 18 */ 19 20 #include "qemu/osdep.h" 21 #include "hw/sysbus.h" 22 #include "migration/vmstate.h" 23 #include "net/net.h" 24 #include "qemu/fifo8.h" 25 #include "hw/irq.h" 26 #include "hw/net/allwinner_emac.h" 27 #include "qemu/log.h" 28 #include "qemu/module.h" 29 #include <zlib.h> 30 31 static uint8_t padding[60]; 32 33 static void mii_set_link(RTL8201CPState *mii, bool link_ok) 34 { 35 if (link_ok) { 36 mii->bmsr |= MII_BMSR_LINK_ST | MII_BMSR_AN_COMP; 37 mii->anlpar |= MII_ANAR_TXFD | MII_ANAR_10FD | MII_ANAR_10 | 38 MII_ANAR_CSMACD; 39 } else { 40 mii->bmsr &= ~(MII_BMSR_LINK_ST | MII_BMSR_AN_COMP); 41 mii->anlpar = MII_ANAR_TX; 42 } 43 } 44 45 static void mii_reset(RTL8201CPState *mii, bool link_ok) 46 { 47 mii->bmcr = MII_BMCR_FD | MII_BMCR_AUTOEN | MII_BMCR_SPEED; 48 mii->bmsr = MII_BMSR_100TX_FD | MII_BMSR_100TX_HD | MII_BMSR_10T_FD | 49 MII_BMSR_10T_HD | MII_BMSR_MFPS | MII_BMSR_AUTONEG; 50 mii->anar = MII_ANAR_TXFD | MII_ANAR_TX | MII_ANAR_10FD | MII_ANAR_10 | 51 MII_ANAR_CSMACD; 52 mii->anlpar = MII_ANAR_TX; 53 54 mii_set_link(mii, link_ok); 55 } 56 57 static uint16_t RTL8201CP_mdio_read(AwEmacState *s, uint8_t addr, uint8_t reg) 58 { 59 RTL8201CPState *mii = &s->mii; 60 uint16_t ret = 0xffff; 61 62 if (addr == s->phy_addr) { 63 switch (reg) { 64 case MII_BMCR: 65 return mii->bmcr; 66 case MII_BMSR: 67 return mii->bmsr; 68 case MII_PHYID1: 69 return RTL8201CP_PHYID1; 70 case MII_PHYID2: 71 return RTL8201CP_PHYID2; 72 case MII_ANAR: 73 return mii->anar; 74 case MII_ANLPAR: 75 return mii->anlpar; 76 case MII_ANER: 77 case MII_NSR: 78 case MII_LBREMR: 79 case MII_REC: 80 case MII_SNRDR: 81 case MII_TEST: 82 qemu_log_mask(LOG_UNIMP, 83 "allwinner_emac: read from unimpl. mii reg 0x%x\n", 84 reg); 85 return 0; 86 default: 87 qemu_log_mask(LOG_GUEST_ERROR, 88 "allwinner_emac: read from invalid mii reg 0x%x\n", 89 reg); 90 return 0; 91 } 92 } 93 return ret; 94 } 95 96 static void RTL8201CP_mdio_write(AwEmacState *s, uint8_t addr, uint8_t reg, 97 uint16_t value) 98 { 99 RTL8201CPState *mii = &s->mii; 100 NetClientState *nc; 101 102 if (addr == s->phy_addr) { 103 switch (reg) { 104 case MII_BMCR: 105 if (value & MII_BMCR_RESET) { 106 nc = qemu_get_queue(s->nic); 107 mii_reset(mii, !nc->link_down); 108 } else { 109 mii->bmcr = value; 110 } 111 break; 112 case MII_ANAR: 113 mii->anar = value; 114 break; 115 case MII_BMSR: 116 case MII_PHYID1: 117 case MII_PHYID2: 118 case MII_ANLPAR: 119 case MII_ANER: 120 qemu_log_mask(LOG_GUEST_ERROR, 121 "allwinner_emac: write to read-only mii reg 0x%x\n", 122 reg); 123 break; 124 case MII_NSR: 125 case MII_LBREMR: 126 case MII_REC: 127 case MII_SNRDR: 128 case MII_TEST: 129 qemu_log_mask(LOG_UNIMP, 130 "allwinner_emac: write to unimpl. mii reg 0x%x\n", 131 reg); 132 break; 133 default: 134 qemu_log_mask(LOG_GUEST_ERROR, 135 "allwinner_emac: write to invalid mii reg 0x%x\n", 136 reg); 137 } 138 } 139 } 140 141 static void aw_emac_update_irq(AwEmacState *s) 142 { 143 qemu_set_irq(s->irq, (s->int_sta & s->int_ctl) != 0); 144 } 145 146 static void aw_emac_tx_reset(AwEmacState *s, int chan) 147 { 148 fifo8_reset(&s->tx_fifo[chan]); 149 s->tx_length[chan] = 0; 150 } 151 152 static void aw_emac_rx_reset(AwEmacState *s) 153 { 154 fifo8_reset(&s->rx_fifo); 155 s->rx_num_packets = 0; 156 s->rx_packet_size = 0; 157 s->rx_packet_pos = 0; 158 } 159 160 static void fifo8_push_word(Fifo8 *fifo, uint32_t val) 161 { 162 fifo8_push(fifo, val); 163 fifo8_push(fifo, val >> 8); 164 fifo8_push(fifo, val >> 16); 165 fifo8_push(fifo, val >> 24); 166 } 167 168 static uint32_t fifo8_pop_word(Fifo8 *fifo) 169 { 170 uint32_t ret; 171 172 ret = fifo8_pop(fifo); 173 ret |= fifo8_pop(fifo) << 8; 174 ret |= fifo8_pop(fifo) << 16; 175 ret |= fifo8_pop(fifo) << 24; 176 177 return ret; 178 } 179 180 static int aw_emac_can_receive(NetClientState *nc) 181 { 182 AwEmacState *s = qemu_get_nic_opaque(nc); 183 184 /* 185 * To avoid packet drops, allow reception only when there is space 186 * for a full frame: 1522 + 8 (rx headers) + 2 (padding). 187 */ 188 return (s->ctl & EMAC_CTL_RX_EN) && (fifo8_num_free(&s->rx_fifo) >= 1532); 189 } 190 191 static ssize_t aw_emac_receive(NetClientState *nc, const uint8_t *buf, 192 size_t size) 193 { 194 AwEmacState *s = qemu_get_nic_opaque(nc); 195 Fifo8 *fifo = &s->rx_fifo; 196 size_t padded_size, total_size; 197 uint32_t crc; 198 199 padded_size = size > 60 ? size : 60; 200 total_size = QEMU_ALIGN_UP(RX_HDR_SIZE + padded_size + CRC_SIZE, 4); 201 202 if (!(s->ctl & EMAC_CTL_RX_EN) || (fifo8_num_free(fifo) < total_size)) { 203 return -1; 204 } 205 206 fifo8_push_word(fifo, EMAC_UNDOCUMENTED_MAGIC); 207 fifo8_push_word(fifo, EMAC_RX_HEADER(padded_size + CRC_SIZE, 208 EMAC_RX_IO_DATA_STATUS_OK)); 209 fifo8_push_all(fifo, buf, size); 210 crc = crc32(~0, buf, size); 211 212 if (padded_size != size) { 213 fifo8_push_all(fifo, padding, padded_size - size); 214 crc = crc32(crc, padding, padded_size - size); 215 } 216 217 fifo8_push_word(fifo, crc); 218 fifo8_push_all(fifo, padding, QEMU_ALIGN_UP(padded_size, 4) - padded_size); 219 s->rx_num_packets++; 220 221 s->int_sta |= EMAC_INT_RX; 222 aw_emac_update_irq(s); 223 224 return size; 225 } 226 227 static void aw_emac_reset(DeviceState *dev) 228 { 229 AwEmacState *s = AW_EMAC(dev); 230 NetClientState *nc = qemu_get_queue(s->nic); 231 232 s->ctl = 0; 233 s->tx_mode = 0; 234 s->int_ctl = 0; 235 s->int_sta = 0; 236 s->tx_channel = 0; 237 s->phy_target = 0; 238 239 aw_emac_tx_reset(s, 0); 240 aw_emac_tx_reset(s, 1); 241 aw_emac_rx_reset(s); 242 243 mii_reset(&s->mii, !nc->link_down); 244 } 245 246 static uint64_t aw_emac_read(void *opaque, hwaddr offset, unsigned size) 247 { 248 AwEmacState *s = opaque; 249 Fifo8 *fifo = &s->rx_fifo; 250 NetClientState *nc; 251 uint64_t ret; 252 253 switch (offset) { 254 case EMAC_CTL_REG: 255 return s->ctl; 256 case EMAC_TX_MODE_REG: 257 return s->tx_mode; 258 case EMAC_TX_INS_REG: 259 return s->tx_channel; 260 case EMAC_RX_CTL_REG: 261 return s->rx_ctl; 262 case EMAC_RX_IO_DATA_REG: 263 if (!s->rx_num_packets) { 264 qemu_log_mask(LOG_GUEST_ERROR, 265 "Read IO data register when no packet available"); 266 return 0; 267 } 268 269 ret = fifo8_pop_word(fifo); 270 271 switch (s->rx_packet_pos) { 272 case 0: /* Word is magic header */ 273 s->rx_packet_pos += 4; 274 break; 275 case 4: /* Word is rx info header */ 276 s->rx_packet_pos += 4; 277 s->rx_packet_size = QEMU_ALIGN_UP(extract32(ret, 0, 16), 4); 278 break; 279 default: /* Word is packet data */ 280 s->rx_packet_pos += 4; 281 s->rx_packet_size -= 4; 282 283 if (!s->rx_packet_size) { 284 s->rx_packet_pos = 0; 285 s->rx_num_packets--; 286 nc = qemu_get_queue(s->nic); 287 if (aw_emac_can_receive(nc)) { 288 qemu_flush_queued_packets(nc); 289 } 290 } 291 } 292 return ret; 293 case EMAC_RX_FBC_REG: 294 return s->rx_num_packets; 295 case EMAC_INT_CTL_REG: 296 return s->int_ctl; 297 case EMAC_INT_STA_REG: 298 return s->int_sta; 299 case EMAC_MAC_MRDD_REG: 300 return RTL8201CP_mdio_read(s, 301 extract32(s->phy_target, PHY_ADDR_SHIFT, 8), 302 extract32(s->phy_target, PHY_REG_SHIFT, 8)); 303 default: 304 qemu_log_mask(LOG_UNIMP, 305 "allwinner_emac: read access to unknown register 0x" 306 TARGET_FMT_plx "\n", offset); 307 ret = 0; 308 } 309 310 return ret; 311 } 312 313 static void aw_emac_write(void *opaque, hwaddr offset, uint64_t value, 314 unsigned size) 315 { 316 AwEmacState *s = opaque; 317 Fifo8 *fifo; 318 NetClientState *nc = qemu_get_queue(s->nic); 319 int chan; 320 321 switch (offset) { 322 case EMAC_CTL_REG: 323 if (value & EMAC_CTL_RESET) { 324 aw_emac_reset(DEVICE(s)); 325 value &= ~EMAC_CTL_RESET; 326 } 327 s->ctl = value; 328 if (aw_emac_can_receive(nc)) { 329 qemu_flush_queued_packets(nc); 330 } 331 break; 332 case EMAC_TX_MODE_REG: 333 s->tx_mode = value; 334 break; 335 case EMAC_TX_CTL0_REG: 336 case EMAC_TX_CTL1_REG: 337 chan = (offset == EMAC_TX_CTL0_REG ? 0 : 1); 338 if ((value & 1) && (s->ctl & EMAC_CTL_TX_EN)) { 339 uint32_t len, ret; 340 const uint8_t *data; 341 342 fifo = &s->tx_fifo[chan]; 343 len = s->tx_length[chan]; 344 345 if (len > fifo8_num_used(fifo)) { 346 len = fifo8_num_used(fifo); 347 qemu_log_mask(LOG_GUEST_ERROR, 348 "allwinner_emac: TX length > fifo data length\n"); 349 } 350 if (len > 0) { 351 data = fifo8_pop_buf(fifo, len, &ret); 352 qemu_send_packet(nc, data, ret); 353 aw_emac_tx_reset(s, chan); 354 /* Raise TX interrupt */ 355 s->int_sta |= EMAC_INT_TX_CHAN(chan); 356 aw_emac_update_irq(s); 357 } 358 } 359 break; 360 case EMAC_TX_INS_REG: 361 s->tx_channel = value < NUM_TX_FIFOS ? value : 0; 362 break; 363 case EMAC_TX_PL0_REG: 364 case EMAC_TX_PL1_REG: 365 chan = (offset == EMAC_TX_PL0_REG ? 0 : 1); 366 if (value > TX_FIFO_SIZE) { 367 qemu_log_mask(LOG_GUEST_ERROR, 368 "allwinner_emac: invalid TX frame length %d\n", 369 (int)value); 370 value = TX_FIFO_SIZE; 371 } 372 s->tx_length[chan] = value; 373 break; 374 case EMAC_TX_IO_DATA_REG: 375 fifo = &s->tx_fifo[s->tx_channel]; 376 if (fifo8_num_free(fifo) < 4) { 377 qemu_log_mask(LOG_GUEST_ERROR, 378 "allwinner_emac: TX data overruns fifo\n"); 379 break; 380 } 381 fifo8_push_word(fifo, value); 382 break; 383 case EMAC_RX_CTL_REG: 384 s->rx_ctl = value; 385 break; 386 case EMAC_RX_FBC_REG: 387 if (value == 0) { 388 aw_emac_rx_reset(s); 389 } 390 break; 391 case EMAC_INT_CTL_REG: 392 s->int_ctl = value; 393 aw_emac_update_irq(s); 394 break; 395 case EMAC_INT_STA_REG: 396 s->int_sta &= ~value; 397 aw_emac_update_irq(s); 398 break; 399 case EMAC_MAC_MADR_REG: 400 s->phy_target = value; 401 break; 402 case EMAC_MAC_MWTD_REG: 403 RTL8201CP_mdio_write(s, extract32(s->phy_target, PHY_ADDR_SHIFT, 8), 404 extract32(s->phy_target, PHY_REG_SHIFT, 8), value); 405 break; 406 default: 407 qemu_log_mask(LOG_UNIMP, 408 "allwinner_emac: write access to unknown register 0x" 409 TARGET_FMT_plx "\n", offset); 410 } 411 } 412 413 static void aw_emac_set_link(NetClientState *nc) 414 { 415 AwEmacState *s = qemu_get_nic_opaque(nc); 416 417 mii_set_link(&s->mii, !nc->link_down); 418 } 419 420 static const MemoryRegionOps aw_emac_mem_ops = { 421 .read = aw_emac_read, 422 .write = aw_emac_write, 423 .endianness = DEVICE_NATIVE_ENDIAN, 424 .valid = { 425 .min_access_size = 4, 426 .max_access_size = 4, 427 }, 428 }; 429 430 static NetClientInfo net_aw_emac_info = { 431 .type = NET_CLIENT_DRIVER_NIC, 432 .size = sizeof(NICState), 433 .can_receive = aw_emac_can_receive, 434 .receive = aw_emac_receive, 435 .link_status_changed = aw_emac_set_link, 436 }; 437 438 static void aw_emac_init(Object *obj) 439 { 440 SysBusDevice *sbd = SYS_BUS_DEVICE(obj); 441 AwEmacState *s = AW_EMAC(obj); 442 443 memory_region_init_io(&s->iomem, OBJECT(s), &aw_emac_mem_ops, s, 444 "aw_emac", 0x1000); 445 sysbus_init_mmio(sbd, &s->iomem); 446 sysbus_init_irq(sbd, &s->irq); 447 } 448 449 static void aw_emac_realize(DeviceState *dev, Error **errp) 450 { 451 AwEmacState *s = AW_EMAC(dev); 452 453 qemu_macaddr_default_if_unset(&s->conf.macaddr); 454 s->nic = qemu_new_nic(&net_aw_emac_info, &s->conf, 455 object_get_typename(OBJECT(dev)), dev->id, s); 456 qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a); 457 458 fifo8_create(&s->rx_fifo, RX_FIFO_SIZE); 459 fifo8_create(&s->tx_fifo[0], TX_FIFO_SIZE); 460 fifo8_create(&s->tx_fifo[1], TX_FIFO_SIZE); 461 } 462 463 static Property aw_emac_properties[] = { 464 DEFINE_NIC_PROPERTIES(AwEmacState, conf), 465 DEFINE_PROP_UINT8("phy-addr", AwEmacState, phy_addr, 0), 466 DEFINE_PROP_END_OF_LIST(), 467 }; 468 469 static const VMStateDescription vmstate_mii = { 470 .name = "rtl8201cp", 471 .version_id = 1, 472 .minimum_version_id = 1, 473 .fields = (VMStateField[]) { 474 VMSTATE_UINT16(bmcr, RTL8201CPState), 475 VMSTATE_UINT16(bmsr, RTL8201CPState), 476 VMSTATE_UINT16(anar, RTL8201CPState), 477 VMSTATE_UINT16(anlpar, RTL8201CPState), 478 VMSTATE_END_OF_LIST() 479 } 480 }; 481 482 static int aw_emac_post_load(void *opaque, int version_id) 483 { 484 AwEmacState *s = opaque; 485 486 aw_emac_set_link(qemu_get_queue(s->nic)); 487 488 return 0; 489 } 490 491 static const VMStateDescription vmstate_aw_emac = { 492 .name = "allwinner_emac", 493 .version_id = 1, 494 .minimum_version_id = 1, 495 .post_load = aw_emac_post_load, 496 .fields = (VMStateField[]) { 497 VMSTATE_STRUCT(mii, AwEmacState, 1, vmstate_mii, RTL8201CPState), 498 VMSTATE_UINT32(ctl, AwEmacState), 499 VMSTATE_UINT32(tx_mode, AwEmacState), 500 VMSTATE_UINT32(rx_ctl, AwEmacState), 501 VMSTATE_UINT32(int_ctl, AwEmacState), 502 VMSTATE_UINT32(int_sta, AwEmacState), 503 VMSTATE_UINT32(phy_target, AwEmacState), 504 VMSTATE_FIFO8(rx_fifo, AwEmacState), 505 VMSTATE_UINT32(rx_num_packets, AwEmacState), 506 VMSTATE_UINT32(rx_packet_size, AwEmacState), 507 VMSTATE_UINT32(rx_packet_pos, AwEmacState), 508 VMSTATE_STRUCT_ARRAY(tx_fifo, AwEmacState, NUM_TX_FIFOS, 1, 509 vmstate_fifo8, Fifo8), 510 VMSTATE_UINT32_ARRAY(tx_length, AwEmacState, NUM_TX_FIFOS), 511 VMSTATE_UINT32(tx_channel, AwEmacState), 512 VMSTATE_END_OF_LIST() 513 } 514 }; 515 516 static void aw_emac_class_init(ObjectClass *klass, void *data) 517 { 518 DeviceClass *dc = DEVICE_CLASS(klass); 519 520 dc->realize = aw_emac_realize; 521 dc->props = aw_emac_properties; 522 dc->reset = aw_emac_reset; 523 dc->vmsd = &vmstate_aw_emac; 524 } 525 526 static const TypeInfo aw_emac_info = { 527 .name = TYPE_AW_EMAC, 528 .parent = TYPE_SYS_BUS_DEVICE, 529 .instance_size = sizeof(AwEmacState), 530 .instance_init = aw_emac_init, 531 .class_init = aw_emac_class_init, 532 }; 533 534 static void aw_emac_register_types(void) 535 { 536 type_register_static(&aw_emac_info); 537 } 538 539 type_init(aw_emac_register_types) 540