1 /* 2 * QEMU e1000 emulation 3 * 4 * Software developer's manual: 5 * http://download.intel.com/design/network/manuals/8254x_GBe_SDM.pdf 6 * 7 * Nir Peleg, Tutis Systems Ltd. for Qumranet Inc. 8 * Copyright (c) 2008 Qumranet 9 * Based on work done by: 10 * Copyright (c) 2007 Dan Aloni 11 * Copyright (c) 2004 Antony T Curtis 12 * 13 * This library is free software; you can redistribute it and/or 14 * modify it under the terms of the GNU Lesser General Public 15 * License as published by the Free Software Foundation; either 16 * version 2 of the License, or (at your option) any later version. 17 * 18 * This library is distributed in the hope that it will be useful, 19 * but WITHOUT ANY WARRANTY; without even the implied warranty of 20 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 21 * Lesser General Public License for more details. 22 * 23 * You should have received a copy of the GNU Lesser General Public 24 * License along with this library; if not, see <http://www.gnu.org/licenses/>. 25 */ 26 27 28 #include "hw/hw.h" 29 #include "hw/pci/pci.h" 30 #include "net/net.h" 31 #include "net/checksum.h" 32 #include "hw/loader.h" 33 #include "sysemu/sysemu.h" 34 #include "sysemu/dma.h" 35 36 #include "e1000_regs.h" 37 38 #define E1000_DEBUG 39 40 #ifdef E1000_DEBUG 41 enum { 42 DEBUG_GENERAL, DEBUG_IO, DEBUG_MMIO, DEBUG_INTERRUPT, 43 DEBUG_RX, DEBUG_TX, DEBUG_MDIC, DEBUG_EEPROM, 44 DEBUG_UNKNOWN, DEBUG_TXSUM, DEBUG_TXERR, DEBUG_RXERR, 45 DEBUG_RXFILTER, DEBUG_PHY, DEBUG_NOTYET, 46 }; 47 #define DBGBIT(x) (1<<DEBUG_##x) 48 static int debugflags = DBGBIT(TXERR) | DBGBIT(GENERAL); 49 50 #define DBGOUT(what, fmt, ...) do { \ 51 if (debugflags & DBGBIT(what)) \ 52 fprintf(stderr, "e1000: " fmt, ## __VA_ARGS__); \ 53 } while (0) 54 #else 55 #define DBGOUT(what, fmt, ...) do {} while (0) 56 #endif 57 58 #define IOPORT_SIZE 0x40 59 #define PNPMMIO_SIZE 0x20000 60 #define MIN_BUF_SIZE 60 /* Min. octets in an ethernet frame sans FCS */ 61 62 /* this is the size past which hardware will drop packets when setting LPE=0 */ 63 #define MAXIMUM_ETHERNET_VLAN_SIZE 1522 64 /* this is the size past which hardware will drop packets when setting LPE=1 */ 65 #define MAXIMUM_ETHERNET_LPE_SIZE 16384 66 67 /* 68 * HW models: 69 * E1000_DEV_ID_82540EM works with Windows and Linux 70 * E1000_DEV_ID_82573L OK with windoze and Linux 2.6.22, 71 * appears to perform better than 82540EM, but breaks with Linux 2.6.18 72 * E1000_DEV_ID_82544GC_COPPER appears to work; not well tested 73 * Others never tested 74 */ 75 enum { E1000_DEVID = E1000_DEV_ID_82540EM }; 76 77 /* 78 * May need to specify additional MAC-to-PHY entries -- 79 * Intel's Windows driver refuses to initialize unless they match 80 */ 81 enum { 82 PHY_ID2_INIT = E1000_DEVID == E1000_DEV_ID_82573L ? 0xcc2 : 83 E1000_DEVID == E1000_DEV_ID_82544GC_COPPER ? 0xc30 : 84 /* default to E1000_DEV_ID_82540EM */ 0xc20 85 }; 86 87 typedef struct E1000State_st { 88 /*< private >*/ 89 PCIDevice parent_obj; 90 /*< public >*/ 91 92 NICState *nic; 93 NICConf conf; 94 MemoryRegion mmio; 95 MemoryRegion io; 96 97 uint32_t mac_reg[0x8000]; 98 uint16_t phy_reg[0x20]; 99 uint16_t eeprom_data[64]; 100 101 uint32_t rxbuf_size; 102 uint32_t rxbuf_min_shift; 103 struct e1000_tx { 104 unsigned char header[256]; 105 unsigned char vlan_header[4]; 106 /* Fields vlan and data must not be reordered or separated. */ 107 unsigned char vlan[4]; 108 unsigned char data[0x10000]; 109 uint16_t size; 110 unsigned char sum_needed; 111 unsigned char vlan_needed; 112 uint8_t ipcss; 113 uint8_t ipcso; 114 uint16_t ipcse; 115 uint8_t tucss; 116 uint8_t tucso; 117 uint16_t tucse; 118 uint8_t hdr_len; 119 uint16_t mss; 120 uint32_t paylen; 121 uint16_t tso_frames; 122 char tse; 123 int8_t ip; 124 int8_t tcp; 125 char cptse; // current packet tse bit 126 } tx; 127 128 struct { 129 uint32_t val_in; // shifted in from guest driver 130 uint16_t bitnum_in; 131 uint16_t bitnum_out; 132 uint16_t reading; 133 uint32_t old_eecd; 134 } eecd_state; 135 136 QEMUTimer *autoneg_timer; 137 138 /* Compatibility flags for migration to/from qemu 1.3.0 and older */ 139 #define E1000_FLAG_AUTONEG_BIT 0 140 #define E1000_FLAG_AUTONEG (1 << E1000_FLAG_AUTONEG_BIT) 141 uint32_t compat_flags; 142 } E1000State; 143 144 #define TYPE_E1000 "e1000" 145 146 #define E1000(obj) \ 147 OBJECT_CHECK(E1000State, (obj), TYPE_E1000) 148 149 #define defreg(x) x = (E1000_##x>>2) 150 enum { 151 defreg(CTRL), defreg(EECD), defreg(EERD), defreg(GPRC), 152 defreg(GPTC), defreg(ICR), defreg(ICS), defreg(IMC), 153 defreg(IMS), defreg(LEDCTL), defreg(MANC), defreg(MDIC), 154 defreg(MPC), defreg(PBA), defreg(RCTL), defreg(RDBAH), 155 defreg(RDBAL), defreg(RDH), defreg(RDLEN), defreg(RDT), 156 defreg(STATUS), defreg(SWSM), defreg(TCTL), defreg(TDBAH), 157 defreg(TDBAL), defreg(TDH), defreg(TDLEN), defreg(TDT), 158 defreg(TORH), defreg(TORL), defreg(TOTH), defreg(TOTL), 159 defreg(TPR), defreg(TPT), defreg(TXDCTL), defreg(WUFC), 160 defreg(RA), defreg(MTA), defreg(CRCERRS),defreg(VFTA), 161 defreg(VET), 162 }; 163 164 static void 165 e1000_link_down(E1000State *s) 166 { 167 s->mac_reg[STATUS] &= ~E1000_STATUS_LU; 168 s->phy_reg[PHY_STATUS] &= ~MII_SR_LINK_STATUS; 169 } 170 171 static void 172 e1000_link_up(E1000State *s) 173 { 174 s->mac_reg[STATUS] |= E1000_STATUS_LU; 175 s->phy_reg[PHY_STATUS] |= MII_SR_LINK_STATUS; 176 } 177 178 static void 179 set_phy_ctrl(E1000State *s, int index, uint16_t val) 180 { 181 /* 182 * QEMU 1.3 does not support link auto-negotiation emulation, so if we 183 * migrate during auto negotiation, after migration the link will be 184 * down. 185 */ 186 if (!(s->compat_flags & E1000_FLAG_AUTONEG)) { 187 return; 188 } 189 if ((val & MII_CR_AUTO_NEG_EN) && (val & MII_CR_RESTART_AUTO_NEG)) { 190 e1000_link_down(s); 191 s->phy_reg[PHY_STATUS] &= ~MII_SR_AUTONEG_COMPLETE; 192 DBGOUT(PHY, "Start link auto negotiation\n"); 193 qemu_mod_timer(s->autoneg_timer, qemu_get_clock_ms(vm_clock) + 500); 194 } 195 } 196 197 static void 198 e1000_autoneg_timer(void *opaque) 199 { 200 E1000State *s = opaque; 201 if (!qemu_get_queue(s->nic)->link_down) { 202 e1000_link_up(s); 203 } 204 s->phy_reg[PHY_STATUS] |= MII_SR_AUTONEG_COMPLETE; 205 DBGOUT(PHY, "Auto negotiation is completed\n"); 206 } 207 208 static void (*phyreg_writeops[])(E1000State *, int, uint16_t) = { 209 [PHY_CTRL] = set_phy_ctrl, 210 }; 211 212 enum { NPHYWRITEOPS = ARRAY_SIZE(phyreg_writeops) }; 213 214 enum { PHY_R = 1, PHY_W = 2, PHY_RW = PHY_R | PHY_W }; 215 static const char phy_regcap[0x20] = { 216 [PHY_STATUS] = PHY_R, [M88E1000_EXT_PHY_SPEC_CTRL] = PHY_RW, 217 [PHY_ID1] = PHY_R, [M88E1000_PHY_SPEC_CTRL] = PHY_RW, 218 [PHY_CTRL] = PHY_RW, [PHY_1000T_CTRL] = PHY_RW, 219 [PHY_LP_ABILITY] = PHY_R, [PHY_1000T_STATUS] = PHY_R, 220 [PHY_AUTONEG_ADV] = PHY_RW, [M88E1000_RX_ERR_CNTR] = PHY_R, 221 [PHY_ID2] = PHY_R, [M88E1000_PHY_SPEC_STATUS] = PHY_R 222 }; 223 224 static const uint16_t phy_reg_init[] = { 225 [PHY_CTRL] = 0x1140, 226 [PHY_STATUS] = 0x794d, /* link initially up with not completed autoneg */ 227 [PHY_ID1] = 0x141, [PHY_ID2] = PHY_ID2_INIT, 228 [PHY_1000T_CTRL] = 0x0e00, [M88E1000_PHY_SPEC_CTRL] = 0x360, 229 [M88E1000_EXT_PHY_SPEC_CTRL] = 0x0d60, [PHY_AUTONEG_ADV] = 0xde1, 230 [PHY_LP_ABILITY] = 0x1e0, [PHY_1000T_STATUS] = 0x3c00, 231 [M88E1000_PHY_SPEC_STATUS] = 0xac00, 232 }; 233 234 static const uint32_t mac_reg_init[] = { 235 [PBA] = 0x00100030, 236 [LEDCTL] = 0x602, 237 [CTRL] = E1000_CTRL_SWDPIN2 | E1000_CTRL_SWDPIN0 | 238 E1000_CTRL_SPD_1000 | E1000_CTRL_SLU, 239 [STATUS] = 0x80000000 | E1000_STATUS_GIO_MASTER_ENABLE | 240 E1000_STATUS_ASDV | E1000_STATUS_MTXCKOK | 241 E1000_STATUS_SPEED_1000 | E1000_STATUS_FD | 242 E1000_STATUS_LU, 243 [MANC] = E1000_MANC_EN_MNG2HOST | E1000_MANC_RCV_TCO_EN | 244 E1000_MANC_ARP_EN | E1000_MANC_0298_EN | 245 E1000_MANC_RMCP_EN, 246 }; 247 248 static void 249 set_interrupt_cause(E1000State *s, int index, uint32_t val) 250 { 251 PCIDevice *d = PCI_DEVICE(s); 252 253 if (val && (E1000_DEVID >= E1000_DEV_ID_82547EI_MOBILE)) { 254 /* Only for 8257x */ 255 val |= E1000_ICR_INT_ASSERTED; 256 } 257 s->mac_reg[ICR] = val; 258 259 /* 260 * Make sure ICR and ICS registers have the same value. 261 * The spec says that the ICS register is write-only. However in practice, 262 * on real hardware ICS is readable, and for reads it has the same value as 263 * ICR (except that ICS does not have the clear on read behaviour of ICR). 264 * 265 * The VxWorks PRO/1000 driver uses this behaviour. 266 */ 267 s->mac_reg[ICS] = val; 268 269 qemu_set_irq(d->irq[0], (s->mac_reg[IMS] & s->mac_reg[ICR]) != 0); 270 } 271 272 static void 273 set_ics(E1000State *s, int index, uint32_t val) 274 { 275 DBGOUT(INTERRUPT, "set_ics %x, ICR %x, IMR %x\n", val, s->mac_reg[ICR], 276 s->mac_reg[IMS]); 277 set_interrupt_cause(s, 0, val | s->mac_reg[ICR]); 278 } 279 280 static int 281 rxbufsize(uint32_t v) 282 { 283 v &= E1000_RCTL_BSEX | E1000_RCTL_SZ_16384 | E1000_RCTL_SZ_8192 | 284 E1000_RCTL_SZ_4096 | E1000_RCTL_SZ_2048 | E1000_RCTL_SZ_1024 | 285 E1000_RCTL_SZ_512 | E1000_RCTL_SZ_256; 286 switch (v) { 287 case E1000_RCTL_BSEX | E1000_RCTL_SZ_16384: 288 return 16384; 289 case E1000_RCTL_BSEX | E1000_RCTL_SZ_8192: 290 return 8192; 291 case E1000_RCTL_BSEX | E1000_RCTL_SZ_4096: 292 return 4096; 293 case E1000_RCTL_SZ_1024: 294 return 1024; 295 case E1000_RCTL_SZ_512: 296 return 512; 297 case E1000_RCTL_SZ_256: 298 return 256; 299 } 300 return 2048; 301 } 302 303 static void e1000_reset(void *opaque) 304 { 305 E1000State *d = opaque; 306 uint8_t *macaddr = d->conf.macaddr.a; 307 int i; 308 309 qemu_del_timer(d->autoneg_timer); 310 memset(d->phy_reg, 0, sizeof d->phy_reg); 311 memmove(d->phy_reg, phy_reg_init, sizeof phy_reg_init); 312 memset(d->mac_reg, 0, sizeof d->mac_reg); 313 memmove(d->mac_reg, mac_reg_init, sizeof mac_reg_init); 314 d->rxbuf_min_shift = 1; 315 memset(&d->tx, 0, sizeof d->tx); 316 317 if (qemu_get_queue(d->nic)->link_down) { 318 e1000_link_down(d); 319 } 320 321 /* Some guests expect pre-initialized RAH/RAL (AddrValid flag + MACaddr) */ 322 d->mac_reg[RA] = 0; 323 d->mac_reg[RA + 1] = E1000_RAH_AV; 324 for (i = 0; i < 4; i++) { 325 d->mac_reg[RA] |= macaddr[i] << (8 * i); 326 d->mac_reg[RA + 1] |= (i < 2) ? macaddr[i + 4] << (8 * i) : 0; 327 } 328 } 329 330 static void 331 set_ctrl(E1000State *s, int index, uint32_t val) 332 { 333 /* RST is self clearing */ 334 s->mac_reg[CTRL] = val & ~E1000_CTRL_RST; 335 } 336 337 static void 338 set_rx_control(E1000State *s, int index, uint32_t val) 339 { 340 s->mac_reg[RCTL] = val; 341 s->rxbuf_size = rxbufsize(val); 342 s->rxbuf_min_shift = ((val / E1000_RCTL_RDMTS_QUAT) & 3) + 1; 343 DBGOUT(RX, "RCTL: %d, mac_reg[RCTL] = 0x%x\n", s->mac_reg[RDT], 344 s->mac_reg[RCTL]); 345 qemu_flush_queued_packets(qemu_get_queue(s->nic)); 346 } 347 348 static void 349 set_mdic(E1000State *s, int index, uint32_t val) 350 { 351 uint32_t data = val & E1000_MDIC_DATA_MASK; 352 uint32_t addr = ((val & E1000_MDIC_REG_MASK) >> E1000_MDIC_REG_SHIFT); 353 354 if ((val & E1000_MDIC_PHY_MASK) >> E1000_MDIC_PHY_SHIFT != 1) // phy # 355 val = s->mac_reg[MDIC] | E1000_MDIC_ERROR; 356 else if (val & E1000_MDIC_OP_READ) { 357 DBGOUT(MDIC, "MDIC read reg 0x%x\n", addr); 358 if (!(phy_regcap[addr] & PHY_R)) { 359 DBGOUT(MDIC, "MDIC read reg %x unhandled\n", addr); 360 val |= E1000_MDIC_ERROR; 361 } else 362 val = (val ^ data) | s->phy_reg[addr]; 363 } else if (val & E1000_MDIC_OP_WRITE) { 364 DBGOUT(MDIC, "MDIC write reg 0x%x, value 0x%x\n", addr, data); 365 if (!(phy_regcap[addr] & PHY_W)) { 366 DBGOUT(MDIC, "MDIC write reg %x unhandled\n", addr); 367 val |= E1000_MDIC_ERROR; 368 } else { 369 if (addr < NPHYWRITEOPS && phyreg_writeops[addr]) { 370 phyreg_writeops[addr](s, index, data); 371 } 372 s->phy_reg[addr] = data; 373 } 374 } 375 s->mac_reg[MDIC] = val | E1000_MDIC_READY; 376 377 if (val & E1000_MDIC_INT_EN) { 378 set_ics(s, 0, E1000_ICR_MDAC); 379 } 380 } 381 382 static uint32_t 383 get_eecd(E1000State *s, int index) 384 { 385 uint32_t ret = E1000_EECD_PRES|E1000_EECD_GNT | s->eecd_state.old_eecd; 386 387 DBGOUT(EEPROM, "reading eeprom bit %d (reading %d)\n", 388 s->eecd_state.bitnum_out, s->eecd_state.reading); 389 if (!s->eecd_state.reading || 390 ((s->eeprom_data[(s->eecd_state.bitnum_out >> 4) & 0x3f] >> 391 ((s->eecd_state.bitnum_out & 0xf) ^ 0xf))) & 1) 392 ret |= E1000_EECD_DO; 393 return ret; 394 } 395 396 static void 397 set_eecd(E1000State *s, int index, uint32_t val) 398 { 399 uint32_t oldval = s->eecd_state.old_eecd; 400 401 s->eecd_state.old_eecd = val & (E1000_EECD_SK | E1000_EECD_CS | 402 E1000_EECD_DI|E1000_EECD_FWE_MASK|E1000_EECD_REQ); 403 if (!(E1000_EECD_CS & val)) // CS inactive; nothing to do 404 return; 405 if (E1000_EECD_CS & (val ^ oldval)) { // CS rise edge; reset state 406 s->eecd_state.val_in = 0; 407 s->eecd_state.bitnum_in = 0; 408 s->eecd_state.bitnum_out = 0; 409 s->eecd_state.reading = 0; 410 } 411 if (!(E1000_EECD_SK & (val ^ oldval))) // no clock edge 412 return; 413 if (!(E1000_EECD_SK & val)) { // falling edge 414 s->eecd_state.bitnum_out++; 415 return; 416 } 417 s->eecd_state.val_in <<= 1; 418 if (val & E1000_EECD_DI) 419 s->eecd_state.val_in |= 1; 420 if (++s->eecd_state.bitnum_in == 9 && !s->eecd_state.reading) { 421 s->eecd_state.bitnum_out = ((s->eecd_state.val_in & 0x3f)<<4)-1; 422 s->eecd_state.reading = (((s->eecd_state.val_in >> 6) & 7) == 423 EEPROM_READ_OPCODE_MICROWIRE); 424 } 425 DBGOUT(EEPROM, "eeprom bitnum in %d out %d, reading %d\n", 426 s->eecd_state.bitnum_in, s->eecd_state.bitnum_out, 427 s->eecd_state.reading); 428 } 429 430 static uint32_t 431 flash_eerd_read(E1000State *s, int x) 432 { 433 unsigned int index, r = s->mac_reg[EERD] & ~E1000_EEPROM_RW_REG_START; 434 435 if ((s->mac_reg[EERD] & E1000_EEPROM_RW_REG_START) == 0) 436 return (s->mac_reg[EERD]); 437 438 if ((index = r >> E1000_EEPROM_RW_ADDR_SHIFT) > EEPROM_CHECKSUM_REG) 439 return (E1000_EEPROM_RW_REG_DONE | r); 440 441 return ((s->eeprom_data[index] << E1000_EEPROM_RW_REG_DATA) | 442 E1000_EEPROM_RW_REG_DONE | r); 443 } 444 445 static void 446 putsum(uint8_t *data, uint32_t n, uint32_t sloc, uint32_t css, uint32_t cse) 447 { 448 uint32_t sum; 449 450 if (cse && cse < n) 451 n = cse + 1; 452 if (sloc < n-1) { 453 sum = net_checksum_add(n-css, data+css); 454 cpu_to_be16wu((uint16_t *)(data + sloc), 455 net_checksum_finish(sum)); 456 } 457 } 458 459 static inline int 460 vlan_enabled(E1000State *s) 461 { 462 return ((s->mac_reg[CTRL] & E1000_CTRL_VME) != 0); 463 } 464 465 static inline int 466 vlan_rx_filter_enabled(E1000State *s) 467 { 468 return ((s->mac_reg[RCTL] & E1000_RCTL_VFE) != 0); 469 } 470 471 static inline int 472 is_vlan_packet(E1000State *s, const uint8_t *buf) 473 { 474 return (be16_to_cpup((uint16_t *)(buf + 12)) == 475 le16_to_cpup((uint16_t *)(s->mac_reg + VET))); 476 } 477 478 static inline int 479 is_vlan_txd(uint32_t txd_lower) 480 { 481 return ((txd_lower & E1000_TXD_CMD_VLE) != 0); 482 } 483 484 /* FCS aka Ethernet CRC-32. We don't get it from backends and can't 485 * fill it in, just pad descriptor length by 4 bytes unless guest 486 * told us to strip it off the packet. */ 487 static inline int 488 fcs_len(E1000State *s) 489 { 490 return (s->mac_reg[RCTL] & E1000_RCTL_SECRC) ? 0 : 4; 491 } 492 493 static void 494 e1000_send_packet(E1000State *s, const uint8_t *buf, int size) 495 { 496 NetClientState *nc = qemu_get_queue(s->nic); 497 if (s->phy_reg[PHY_CTRL] & MII_CR_LOOPBACK) { 498 nc->info->receive(nc, buf, size); 499 } else { 500 qemu_send_packet(nc, buf, size); 501 } 502 } 503 504 static void 505 xmit_seg(E1000State *s) 506 { 507 uint16_t len, *sp; 508 unsigned int frames = s->tx.tso_frames, css, sofar, n; 509 struct e1000_tx *tp = &s->tx; 510 511 if (tp->tse && tp->cptse) { 512 css = tp->ipcss; 513 DBGOUT(TXSUM, "frames %d size %d ipcss %d\n", 514 frames, tp->size, css); 515 if (tp->ip) { // IPv4 516 cpu_to_be16wu((uint16_t *)(tp->data+css+2), 517 tp->size - css); 518 cpu_to_be16wu((uint16_t *)(tp->data+css+4), 519 be16_to_cpup((uint16_t *)(tp->data+css+4))+frames); 520 } else // IPv6 521 cpu_to_be16wu((uint16_t *)(tp->data+css+4), 522 tp->size - css); 523 css = tp->tucss; 524 len = tp->size - css; 525 DBGOUT(TXSUM, "tcp %d tucss %d len %d\n", tp->tcp, css, len); 526 if (tp->tcp) { 527 sofar = frames * tp->mss; 528 cpu_to_be32wu((uint32_t *)(tp->data+css+4), // seq 529 be32_to_cpupu((uint32_t *)(tp->data+css+4))+sofar); 530 if (tp->paylen - sofar > tp->mss) 531 tp->data[css + 13] &= ~9; // PSH, FIN 532 } else // UDP 533 cpu_to_be16wu((uint16_t *)(tp->data+css+4), len); 534 if (tp->sum_needed & E1000_TXD_POPTS_TXSM) { 535 unsigned int phsum; 536 // add pseudo-header length before checksum calculation 537 sp = (uint16_t *)(tp->data + tp->tucso); 538 phsum = be16_to_cpup(sp) + len; 539 phsum = (phsum >> 16) + (phsum & 0xffff); 540 cpu_to_be16wu(sp, phsum); 541 } 542 tp->tso_frames++; 543 } 544 545 if (tp->sum_needed & E1000_TXD_POPTS_TXSM) 546 putsum(tp->data, tp->size, tp->tucso, tp->tucss, tp->tucse); 547 if (tp->sum_needed & E1000_TXD_POPTS_IXSM) 548 putsum(tp->data, tp->size, tp->ipcso, tp->ipcss, tp->ipcse); 549 if (tp->vlan_needed) { 550 memmove(tp->vlan, tp->data, 4); 551 memmove(tp->data, tp->data + 4, 8); 552 memcpy(tp->data + 8, tp->vlan_header, 4); 553 e1000_send_packet(s, tp->vlan, tp->size + 4); 554 } else 555 e1000_send_packet(s, tp->data, tp->size); 556 s->mac_reg[TPT]++; 557 s->mac_reg[GPTC]++; 558 n = s->mac_reg[TOTL]; 559 if ((s->mac_reg[TOTL] += s->tx.size) < n) 560 s->mac_reg[TOTH]++; 561 } 562 563 static void 564 process_tx_desc(E1000State *s, struct e1000_tx_desc *dp) 565 { 566 PCIDevice *d = PCI_DEVICE(s); 567 uint32_t txd_lower = le32_to_cpu(dp->lower.data); 568 uint32_t dtype = txd_lower & (E1000_TXD_CMD_DEXT | E1000_TXD_DTYP_D); 569 unsigned int split_size = txd_lower & 0xffff, bytes, sz, op; 570 unsigned int msh = 0xfffff; 571 uint64_t addr; 572 struct e1000_context_desc *xp = (struct e1000_context_desc *)dp; 573 struct e1000_tx *tp = &s->tx; 574 575 if (dtype == E1000_TXD_CMD_DEXT) { // context descriptor 576 op = le32_to_cpu(xp->cmd_and_length); 577 tp->ipcss = xp->lower_setup.ip_fields.ipcss; 578 tp->ipcso = xp->lower_setup.ip_fields.ipcso; 579 tp->ipcse = le16_to_cpu(xp->lower_setup.ip_fields.ipcse); 580 tp->tucss = xp->upper_setup.tcp_fields.tucss; 581 tp->tucso = xp->upper_setup.tcp_fields.tucso; 582 tp->tucse = le16_to_cpu(xp->upper_setup.tcp_fields.tucse); 583 tp->paylen = op & 0xfffff; 584 tp->hdr_len = xp->tcp_seg_setup.fields.hdr_len; 585 tp->mss = le16_to_cpu(xp->tcp_seg_setup.fields.mss); 586 tp->ip = (op & E1000_TXD_CMD_IP) ? 1 : 0; 587 tp->tcp = (op & E1000_TXD_CMD_TCP) ? 1 : 0; 588 tp->tse = (op & E1000_TXD_CMD_TSE) ? 1 : 0; 589 tp->tso_frames = 0; 590 if (tp->tucso == 0) { // this is probably wrong 591 DBGOUT(TXSUM, "TCP/UDP: cso 0!\n"); 592 tp->tucso = tp->tucss + (tp->tcp ? 16 : 6); 593 } 594 return; 595 } else if (dtype == (E1000_TXD_CMD_DEXT | E1000_TXD_DTYP_D)) { 596 // data descriptor 597 if (tp->size == 0) { 598 tp->sum_needed = le32_to_cpu(dp->upper.data) >> 8; 599 } 600 tp->cptse = ( txd_lower & E1000_TXD_CMD_TSE ) ? 1 : 0; 601 } else { 602 // legacy descriptor 603 tp->cptse = 0; 604 } 605 606 if (vlan_enabled(s) && is_vlan_txd(txd_lower) && 607 (tp->cptse || txd_lower & E1000_TXD_CMD_EOP)) { 608 tp->vlan_needed = 1; 609 cpu_to_be16wu((uint16_t *)(tp->vlan_header), 610 le16_to_cpup((uint16_t *)(s->mac_reg + VET))); 611 cpu_to_be16wu((uint16_t *)(tp->vlan_header + 2), 612 le16_to_cpu(dp->upper.fields.special)); 613 } 614 615 addr = le64_to_cpu(dp->buffer_addr); 616 if (tp->tse && tp->cptse) { 617 msh = tp->hdr_len + tp->mss; 618 do { 619 bytes = split_size; 620 if (tp->size + bytes > msh) 621 bytes = msh - tp->size; 622 623 bytes = MIN(sizeof(tp->data) - tp->size, bytes); 624 pci_dma_read(d, addr, tp->data + tp->size, bytes); 625 sz = tp->size + bytes; 626 if (sz >= tp->hdr_len && tp->size < tp->hdr_len) { 627 memmove(tp->header, tp->data, tp->hdr_len); 628 } 629 tp->size = sz; 630 addr += bytes; 631 if (sz == msh) { 632 xmit_seg(s); 633 memmove(tp->data, tp->header, tp->hdr_len); 634 tp->size = tp->hdr_len; 635 } 636 } while (split_size -= bytes); 637 } else if (!tp->tse && tp->cptse) { 638 // context descriptor TSE is not set, while data descriptor TSE is set 639 DBGOUT(TXERR, "TCP segmentation error\n"); 640 } else { 641 split_size = MIN(sizeof(tp->data) - tp->size, split_size); 642 pci_dma_read(d, addr, tp->data + tp->size, split_size); 643 tp->size += split_size; 644 } 645 646 if (!(txd_lower & E1000_TXD_CMD_EOP)) 647 return; 648 if (!(tp->tse && tp->cptse && tp->size < tp->hdr_len)) { 649 xmit_seg(s); 650 } 651 tp->tso_frames = 0; 652 tp->sum_needed = 0; 653 tp->vlan_needed = 0; 654 tp->size = 0; 655 tp->cptse = 0; 656 } 657 658 static uint32_t 659 txdesc_writeback(E1000State *s, dma_addr_t base, struct e1000_tx_desc *dp) 660 { 661 PCIDevice *d = PCI_DEVICE(s); 662 uint32_t txd_upper, txd_lower = le32_to_cpu(dp->lower.data); 663 664 if (!(txd_lower & (E1000_TXD_CMD_RS|E1000_TXD_CMD_RPS))) 665 return 0; 666 txd_upper = (le32_to_cpu(dp->upper.data) | E1000_TXD_STAT_DD) & 667 ~(E1000_TXD_STAT_EC | E1000_TXD_STAT_LC | E1000_TXD_STAT_TU); 668 dp->upper.data = cpu_to_le32(txd_upper); 669 pci_dma_write(d, base + ((char *)&dp->upper - (char *)dp), 670 &dp->upper, sizeof(dp->upper)); 671 return E1000_ICR_TXDW; 672 } 673 674 static uint64_t tx_desc_base(E1000State *s) 675 { 676 uint64_t bah = s->mac_reg[TDBAH]; 677 uint64_t bal = s->mac_reg[TDBAL] & ~0xf; 678 679 return (bah << 32) + bal; 680 } 681 682 static void 683 start_xmit(E1000State *s) 684 { 685 PCIDevice *d = PCI_DEVICE(s); 686 dma_addr_t base; 687 struct e1000_tx_desc desc; 688 uint32_t tdh_start = s->mac_reg[TDH], cause = E1000_ICS_TXQE; 689 690 if (!(s->mac_reg[TCTL] & E1000_TCTL_EN)) { 691 DBGOUT(TX, "tx disabled\n"); 692 return; 693 } 694 695 while (s->mac_reg[TDH] != s->mac_reg[TDT]) { 696 base = tx_desc_base(s) + 697 sizeof(struct e1000_tx_desc) * s->mac_reg[TDH]; 698 pci_dma_read(d, base, &desc, sizeof(desc)); 699 700 DBGOUT(TX, "index %d: %p : %x %x\n", s->mac_reg[TDH], 701 (void *)(intptr_t)desc.buffer_addr, desc.lower.data, 702 desc.upper.data); 703 704 process_tx_desc(s, &desc); 705 cause |= txdesc_writeback(s, base, &desc); 706 707 if (++s->mac_reg[TDH] * sizeof(desc) >= s->mac_reg[TDLEN]) 708 s->mac_reg[TDH] = 0; 709 /* 710 * the following could happen only if guest sw assigns 711 * bogus values to TDT/TDLEN. 712 * there's nothing too intelligent we could do about this. 713 */ 714 if (s->mac_reg[TDH] == tdh_start) { 715 DBGOUT(TXERR, "TDH wraparound @%x, TDT %x, TDLEN %x\n", 716 tdh_start, s->mac_reg[TDT], s->mac_reg[TDLEN]); 717 break; 718 } 719 } 720 set_ics(s, 0, cause); 721 } 722 723 static int 724 receive_filter(E1000State *s, const uint8_t *buf, int size) 725 { 726 static const uint8_t bcast[] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff}; 727 static const int mta_shift[] = {4, 3, 2, 0}; 728 uint32_t f, rctl = s->mac_reg[RCTL], ra[2], *rp; 729 730 if (is_vlan_packet(s, buf) && vlan_rx_filter_enabled(s)) { 731 uint16_t vid = be16_to_cpup((uint16_t *)(buf + 14)); 732 uint32_t vfta = le32_to_cpup((uint32_t *)(s->mac_reg + VFTA) + 733 ((vid >> 5) & 0x7f)); 734 if ((vfta & (1 << (vid & 0x1f))) == 0) 735 return 0; 736 } 737 738 if (rctl & E1000_RCTL_UPE) // promiscuous 739 return 1; 740 741 if ((buf[0] & 1) && (rctl & E1000_RCTL_MPE)) // promiscuous mcast 742 return 1; 743 744 if ((rctl & E1000_RCTL_BAM) && !memcmp(buf, bcast, sizeof bcast)) 745 return 1; 746 747 for (rp = s->mac_reg + RA; rp < s->mac_reg + RA + 32; rp += 2) { 748 if (!(rp[1] & E1000_RAH_AV)) 749 continue; 750 ra[0] = cpu_to_le32(rp[0]); 751 ra[1] = cpu_to_le32(rp[1]); 752 if (!memcmp(buf, (uint8_t *)ra, 6)) { 753 DBGOUT(RXFILTER, 754 "unicast match[%d]: %02x:%02x:%02x:%02x:%02x:%02x\n", 755 (int)(rp - s->mac_reg - RA)/2, 756 buf[0], buf[1], buf[2], buf[3], buf[4], buf[5]); 757 return 1; 758 } 759 } 760 DBGOUT(RXFILTER, "unicast mismatch: %02x:%02x:%02x:%02x:%02x:%02x\n", 761 buf[0], buf[1], buf[2], buf[3], buf[4], buf[5]); 762 763 f = mta_shift[(rctl >> E1000_RCTL_MO_SHIFT) & 3]; 764 f = (((buf[5] << 8) | buf[4]) >> f) & 0xfff; 765 if (s->mac_reg[MTA + (f >> 5)] & (1 << (f & 0x1f))) 766 return 1; 767 DBGOUT(RXFILTER, 768 "dropping, inexact filter mismatch: %02x:%02x:%02x:%02x:%02x:%02x MO %d MTA[%d] %x\n", 769 buf[0], buf[1], buf[2], buf[3], buf[4], buf[5], 770 (rctl >> E1000_RCTL_MO_SHIFT) & 3, f >> 5, 771 s->mac_reg[MTA + (f >> 5)]); 772 773 return 0; 774 } 775 776 static void 777 e1000_set_link_status(NetClientState *nc) 778 { 779 E1000State *s = qemu_get_nic_opaque(nc); 780 uint32_t old_status = s->mac_reg[STATUS]; 781 782 if (nc->link_down) { 783 e1000_link_down(s); 784 } else { 785 e1000_link_up(s); 786 } 787 788 if (s->mac_reg[STATUS] != old_status) 789 set_ics(s, 0, E1000_ICR_LSC); 790 } 791 792 static bool e1000_has_rxbufs(E1000State *s, size_t total_size) 793 { 794 int bufs; 795 /* Fast-path short packets */ 796 if (total_size <= s->rxbuf_size) { 797 return s->mac_reg[RDH] != s->mac_reg[RDT]; 798 } 799 if (s->mac_reg[RDH] < s->mac_reg[RDT]) { 800 bufs = s->mac_reg[RDT] - s->mac_reg[RDH]; 801 } else if (s->mac_reg[RDH] > s->mac_reg[RDT]) { 802 bufs = s->mac_reg[RDLEN] / sizeof(struct e1000_rx_desc) + 803 s->mac_reg[RDT] - s->mac_reg[RDH]; 804 } else { 805 return false; 806 } 807 return total_size <= bufs * s->rxbuf_size; 808 } 809 810 static int 811 e1000_can_receive(NetClientState *nc) 812 { 813 E1000State *s = qemu_get_nic_opaque(nc); 814 815 return (s->mac_reg[STATUS] & E1000_STATUS_LU) && 816 (s->mac_reg[RCTL] & E1000_RCTL_EN) && e1000_has_rxbufs(s, 1); 817 } 818 819 static uint64_t rx_desc_base(E1000State *s) 820 { 821 uint64_t bah = s->mac_reg[RDBAH]; 822 uint64_t bal = s->mac_reg[RDBAL] & ~0xf; 823 824 return (bah << 32) + bal; 825 } 826 827 static ssize_t 828 e1000_receive(NetClientState *nc, const uint8_t *buf, size_t size) 829 { 830 E1000State *s = qemu_get_nic_opaque(nc); 831 PCIDevice *d = PCI_DEVICE(s); 832 struct e1000_rx_desc desc; 833 dma_addr_t base; 834 unsigned int n, rdt; 835 uint32_t rdh_start; 836 uint16_t vlan_special = 0; 837 uint8_t vlan_status = 0, vlan_offset = 0; 838 uint8_t min_buf[MIN_BUF_SIZE]; 839 size_t desc_offset; 840 size_t desc_size; 841 size_t total_size; 842 843 if (!(s->mac_reg[STATUS] & E1000_STATUS_LU)) { 844 return -1; 845 } 846 847 if (!(s->mac_reg[RCTL] & E1000_RCTL_EN)) { 848 return -1; 849 } 850 851 /* Pad to minimum Ethernet frame length */ 852 if (size < sizeof(min_buf)) { 853 memcpy(min_buf, buf, size); 854 memset(&min_buf[size], 0, sizeof(min_buf) - size); 855 buf = min_buf; 856 size = sizeof(min_buf); 857 } 858 859 /* Discard oversized packets if !LPE and !SBP. */ 860 if ((size > MAXIMUM_ETHERNET_LPE_SIZE || 861 (size > MAXIMUM_ETHERNET_VLAN_SIZE 862 && !(s->mac_reg[RCTL] & E1000_RCTL_LPE))) 863 && !(s->mac_reg[RCTL] & E1000_RCTL_SBP)) { 864 return size; 865 } 866 867 if (!receive_filter(s, buf, size)) 868 return size; 869 870 if (vlan_enabled(s) && is_vlan_packet(s, buf)) { 871 vlan_special = cpu_to_le16(be16_to_cpup((uint16_t *)(buf + 14))); 872 memmove((uint8_t *)buf + 4, buf, 12); 873 vlan_status = E1000_RXD_STAT_VP; 874 vlan_offset = 4; 875 size -= 4; 876 } 877 878 rdh_start = s->mac_reg[RDH]; 879 desc_offset = 0; 880 total_size = size + fcs_len(s); 881 if (!e1000_has_rxbufs(s, total_size)) { 882 set_ics(s, 0, E1000_ICS_RXO); 883 return -1; 884 } 885 do { 886 desc_size = total_size - desc_offset; 887 if (desc_size > s->rxbuf_size) { 888 desc_size = s->rxbuf_size; 889 } 890 base = rx_desc_base(s) + sizeof(desc) * s->mac_reg[RDH]; 891 pci_dma_read(d, base, &desc, sizeof(desc)); 892 desc.special = vlan_special; 893 desc.status |= (vlan_status | E1000_RXD_STAT_DD); 894 if (desc.buffer_addr) { 895 if (desc_offset < size) { 896 size_t copy_size = size - desc_offset; 897 if (copy_size > s->rxbuf_size) { 898 copy_size = s->rxbuf_size; 899 } 900 pci_dma_write(d, le64_to_cpu(desc.buffer_addr), 901 buf + desc_offset + vlan_offset, copy_size); 902 } 903 desc_offset += desc_size; 904 desc.length = cpu_to_le16(desc_size); 905 if (desc_offset >= total_size) { 906 desc.status |= E1000_RXD_STAT_EOP | E1000_RXD_STAT_IXSM; 907 } else { 908 /* Guest zeroing out status is not a hardware requirement. 909 Clear EOP in case guest didn't do it. */ 910 desc.status &= ~E1000_RXD_STAT_EOP; 911 } 912 } else { // as per intel docs; skip descriptors with null buf addr 913 DBGOUT(RX, "Null RX descriptor!!\n"); 914 } 915 pci_dma_write(d, base, &desc, sizeof(desc)); 916 917 if (++s->mac_reg[RDH] * sizeof(desc) >= s->mac_reg[RDLEN]) 918 s->mac_reg[RDH] = 0; 919 /* see comment in start_xmit; same here */ 920 if (s->mac_reg[RDH] == rdh_start) { 921 DBGOUT(RXERR, "RDH wraparound @%x, RDT %x, RDLEN %x\n", 922 rdh_start, s->mac_reg[RDT], s->mac_reg[RDLEN]); 923 set_ics(s, 0, E1000_ICS_RXO); 924 return -1; 925 } 926 } while (desc_offset < total_size); 927 928 s->mac_reg[GPRC]++; 929 s->mac_reg[TPR]++; 930 /* TOR - Total Octets Received: 931 * This register includes bytes received in a packet from the <Destination 932 * Address> field through the <CRC> field, inclusively. 933 */ 934 n = s->mac_reg[TORL] + size + /* Always include FCS length. */ 4; 935 if (n < s->mac_reg[TORL]) 936 s->mac_reg[TORH]++; 937 s->mac_reg[TORL] = n; 938 939 n = E1000_ICS_RXT0; 940 if ((rdt = s->mac_reg[RDT]) < s->mac_reg[RDH]) 941 rdt += s->mac_reg[RDLEN] / sizeof(desc); 942 if (((rdt - s->mac_reg[RDH]) * sizeof(desc)) <= s->mac_reg[RDLEN] >> 943 s->rxbuf_min_shift) 944 n |= E1000_ICS_RXDMT0; 945 946 set_ics(s, 0, n); 947 948 return size; 949 } 950 951 static uint32_t 952 mac_readreg(E1000State *s, int index) 953 { 954 return s->mac_reg[index]; 955 } 956 957 static uint32_t 958 mac_icr_read(E1000State *s, int index) 959 { 960 uint32_t ret = s->mac_reg[ICR]; 961 962 DBGOUT(INTERRUPT, "ICR read: %x\n", ret); 963 set_interrupt_cause(s, 0, 0); 964 return ret; 965 } 966 967 static uint32_t 968 mac_read_clr4(E1000State *s, int index) 969 { 970 uint32_t ret = s->mac_reg[index]; 971 972 s->mac_reg[index] = 0; 973 return ret; 974 } 975 976 static uint32_t 977 mac_read_clr8(E1000State *s, int index) 978 { 979 uint32_t ret = s->mac_reg[index]; 980 981 s->mac_reg[index] = 0; 982 s->mac_reg[index-1] = 0; 983 return ret; 984 } 985 986 static void 987 mac_writereg(E1000State *s, int index, uint32_t val) 988 { 989 s->mac_reg[index] = val; 990 } 991 992 static void 993 set_rdt(E1000State *s, int index, uint32_t val) 994 { 995 s->mac_reg[index] = val & 0xffff; 996 if (e1000_has_rxbufs(s, 1)) { 997 qemu_flush_queued_packets(qemu_get_queue(s->nic)); 998 } 999 } 1000 1001 static void 1002 set_16bit(E1000State *s, int index, uint32_t val) 1003 { 1004 s->mac_reg[index] = val & 0xffff; 1005 } 1006 1007 static void 1008 set_dlen(E1000State *s, int index, uint32_t val) 1009 { 1010 s->mac_reg[index] = val & 0xfff80; 1011 } 1012 1013 static void 1014 set_tctl(E1000State *s, int index, uint32_t val) 1015 { 1016 s->mac_reg[index] = val; 1017 s->mac_reg[TDT] &= 0xffff; 1018 start_xmit(s); 1019 } 1020 1021 static void 1022 set_icr(E1000State *s, int index, uint32_t val) 1023 { 1024 DBGOUT(INTERRUPT, "set_icr %x\n", val); 1025 set_interrupt_cause(s, 0, s->mac_reg[ICR] & ~val); 1026 } 1027 1028 static void 1029 set_imc(E1000State *s, int index, uint32_t val) 1030 { 1031 s->mac_reg[IMS] &= ~val; 1032 set_ics(s, 0, 0); 1033 } 1034 1035 static void 1036 set_ims(E1000State *s, int index, uint32_t val) 1037 { 1038 s->mac_reg[IMS] |= val; 1039 set_ics(s, 0, 0); 1040 } 1041 1042 #define getreg(x) [x] = mac_readreg 1043 static uint32_t (*macreg_readops[])(E1000State *, int) = { 1044 getreg(PBA), getreg(RCTL), getreg(TDH), getreg(TXDCTL), 1045 getreg(WUFC), getreg(TDT), getreg(CTRL), getreg(LEDCTL), 1046 getreg(MANC), getreg(MDIC), getreg(SWSM), getreg(STATUS), 1047 getreg(TORL), getreg(TOTL), getreg(IMS), getreg(TCTL), 1048 getreg(RDH), getreg(RDT), getreg(VET), getreg(ICS), 1049 getreg(TDBAL), getreg(TDBAH), getreg(RDBAH), getreg(RDBAL), 1050 getreg(TDLEN), getreg(RDLEN), 1051 1052 [TOTH] = mac_read_clr8, [TORH] = mac_read_clr8, [GPRC] = mac_read_clr4, 1053 [GPTC] = mac_read_clr4, [TPR] = mac_read_clr4, [TPT] = mac_read_clr4, 1054 [ICR] = mac_icr_read, [EECD] = get_eecd, [EERD] = flash_eerd_read, 1055 [CRCERRS ... MPC] = &mac_readreg, 1056 [RA ... RA+31] = &mac_readreg, 1057 [MTA ... MTA+127] = &mac_readreg, 1058 [VFTA ... VFTA+127] = &mac_readreg, 1059 }; 1060 enum { NREADOPS = ARRAY_SIZE(macreg_readops) }; 1061 1062 #define putreg(x) [x] = mac_writereg 1063 static void (*macreg_writeops[])(E1000State *, int, uint32_t) = { 1064 putreg(PBA), putreg(EERD), putreg(SWSM), putreg(WUFC), 1065 putreg(TDBAL), putreg(TDBAH), putreg(TXDCTL), putreg(RDBAH), 1066 putreg(RDBAL), putreg(LEDCTL), putreg(VET), 1067 [TDLEN] = set_dlen, [RDLEN] = set_dlen, [TCTL] = set_tctl, 1068 [TDT] = set_tctl, [MDIC] = set_mdic, [ICS] = set_ics, 1069 [TDH] = set_16bit, [RDH] = set_16bit, [RDT] = set_rdt, 1070 [IMC] = set_imc, [IMS] = set_ims, [ICR] = set_icr, 1071 [EECD] = set_eecd, [RCTL] = set_rx_control, [CTRL] = set_ctrl, 1072 [RA ... RA+31] = &mac_writereg, 1073 [MTA ... MTA+127] = &mac_writereg, 1074 [VFTA ... VFTA+127] = &mac_writereg, 1075 }; 1076 1077 enum { NWRITEOPS = ARRAY_SIZE(macreg_writeops) }; 1078 1079 static void 1080 e1000_mmio_write(void *opaque, hwaddr addr, uint64_t val, 1081 unsigned size) 1082 { 1083 E1000State *s = opaque; 1084 unsigned int index = (addr & 0x1ffff) >> 2; 1085 1086 if (index < NWRITEOPS && macreg_writeops[index]) { 1087 macreg_writeops[index](s, index, val); 1088 } else if (index < NREADOPS && macreg_readops[index]) { 1089 DBGOUT(MMIO, "e1000_mmio_writel RO %x: 0x%04"PRIx64"\n", index<<2, val); 1090 } else { 1091 DBGOUT(UNKNOWN, "MMIO unknown write addr=0x%08x,val=0x%08"PRIx64"\n", 1092 index<<2, val); 1093 } 1094 } 1095 1096 static uint64_t 1097 e1000_mmio_read(void *opaque, hwaddr addr, unsigned size) 1098 { 1099 E1000State *s = opaque; 1100 unsigned int index = (addr & 0x1ffff) >> 2; 1101 1102 if (index < NREADOPS && macreg_readops[index]) 1103 { 1104 return macreg_readops[index](s, index); 1105 } 1106 DBGOUT(UNKNOWN, "MMIO unknown read addr=0x%08x\n", index<<2); 1107 return 0; 1108 } 1109 1110 static const MemoryRegionOps e1000_mmio_ops = { 1111 .read = e1000_mmio_read, 1112 .write = e1000_mmio_write, 1113 .endianness = DEVICE_LITTLE_ENDIAN, 1114 .impl = { 1115 .min_access_size = 4, 1116 .max_access_size = 4, 1117 }, 1118 }; 1119 1120 static uint64_t e1000_io_read(void *opaque, hwaddr addr, 1121 unsigned size) 1122 { 1123 E1000State *s = opaque; 1124 1125 (void)s; 1126 return 0; 1127 } 1128 1129 static void e1000_io_write(void *opaque, hwaddr addr, 1130 uint64_t val, unsigned size) 1131 { 1132 E1000State *s = opaque; 1133 1134 (void)s; 1135 } 1136 1137 static const MemoryRegionOps e1000_io_ops = { 1138 .read = e1000_io_read, 1139 .write = e1000_io_write, 1140 .endianness = DEVICE_LITTLE_ENDIAN, 1141 }; 1142 1143 static bool is_version_1(void *opaque, int version_id) 1144 { 1145 return version_id == 1; 1146 } 1147 1148 static void e1000_pre_save(void *opaque) 1149 { 1150 E1000State *s = opaque; 1151 NetClientState *nc = qemu_get_queue(s->nic); 1152 1153 if (!(s->compat_flags & E1000_FLAG_AUTONEG)) { 1154 return; 1155 } 1156 1157 /* 1158 * If link is down and auto-negotiation is ongoing, complete 1159 * auto-negotiation immediately. This allows is to look at 1160 * MII_SR_AUTONEG_COMPLETE to infer link status on load. 1161 */ 1162 if (nc->link_down && 1163 s->phy_reg[PHY_CTRL] & MII_CR_AUTO_NEG_EN && 1164 s->phy_reg[PHY_CTRL] & MII_CR_RESTART_AUTO_NEG) { 1165 s->phy_reg[PHY_STATUS] |= MII_SR_AUTONEG_COMPLETE; 1166 } 1167 } 1168 1169 static int e1000_post_load(void *opaque, int version_id) 1170 { 1171 E1000State *s = opaque; 1172 NetClientState *nc = qemu_get_queue(s->nic); 1173 1174 /* nc.link_down can't be migrated, so infer link_down according 1175 * to link status bit in mac_reg[STATUS]. 1176 * Alternatively, restart link negotiation if it was in progress. */ 1177 nc->link_down = (s->mac_reg[STATUS] & E1000_STATUS_LU) == 0; 1178 1179 if (!(s->compat_flags & E1000_FLAG_AUTONEG)) { 1180 return 0; 1181 } 1182 1183 if (s->phy_reg[PHY_CTRL] & MII_CR_AUTO_NEG_EN && 1184 s->phy_reg[PHY_CTRL] & MII_CR_RESTART_AUTO_NEG && 1185 !(s->phy_reg[PHY_STATUS] & MII_SR_AUTONEG_COMPLETE)) { 1186 nc->link_down = false; 1187 qemu_mod_timer(s->autoneg_timer, qemu_get_clock_ms(vm_clock) + 500); 1188 } 1189 1190 return 0; 1191 } 1192 1193 static const VMStateDescription vmstate_e1000 = { 1194 .name = "e1000", 1195 .version_id = 2, 1196 .minimum_version_id = 1, 1197 .minimum_version_id_old = 1, 1198 .pre_save = e1000_pre_save, 1199 .post_load = e1000_post_load, 1200 .fields = (VMStateField []) { 1201 VMSTATE_PCI_DEVICE(parent_obj, E1000State), 1202 VMSTATE_UNUSED_TEST(is_version_1, 4), /* was instance id */ 1203 VMSTATE_UNUSED(4), /* Was mmio_base. */ 1204 VMSTATE_UINT32(rxbuf_size, E1000State), 1205 VMSTATE_UINT32(rxbuf_min_shift, E1000State), 1206 VMSTATE_UINT32(eecd_state.val_in, E1000State), 1207 VMSTATE_UINT16(eecd_state.bitnum_in, E1000State), 1208 VMSTATE_UINT16(eecd_state.bitnum_out, E1000State), 1209 VMSTATE_UINT16(eecd_state.reading, E1000State), 1210 VMSTATE_UINT32(eecd_state.old_eecd, E1000State), 1211 VMSTATE_UINT8(tx.ipcss, E1000State), 1212 VMSTATE_UINT8(tx.ipcso, E1000State), 1213 VMSTATE_UINT16(tx.ipcse, E1000State), 1214 VMSTATE_UINT8(tx.tucss, E1000State), 1215 VMSTATE_UINT8(tx.tucso, E1000State), 1216 VMSTATE_UINT16(tx.tucse, E1000State), 1217 VMSTATE_UINT32(tx.paylen, E1000State), 1218 VMSTATE_UINT8(tx.hdr_len, E1000State), 1219 VMSTATE_UINT16(tx.mss, E1000State), 1220 VMSTATE_UINT16(tx.size, E1000State), 1221 VMSTATE_UINT16(tx.tso_frames, E1000State), 1222 VMSTATE_UINT8(tx.sum_needed, E1000State), 1223 VMSTATE_INT8(tx.ip, E1000State), 1224 VMSTATE_INT8(tx.tcp, E1000State), 1225 VMSTATE_BUFFER(tx.header, E1000State), 1226 VMSTATE_BUFFER(tx.data, E1000State), 1227 VMSTATE_UINT16_ARRAY(eeprom_data, E1000State, 64), 1228 VMSTATE_UINT16_ARRAY(phy_reg, E1000State, 0x20), 1229 VMSTATE_UINT32(mac_reg[CTRL], E1000State), 1230 VMSTATE_UINT32(mac_reg[EECD], E1000State), 1231 VMSTATE_UINT32(mac_reg[EERD], E1000State), 1232 VMSTATE_UINT32(mac_reg[GPRC], E1000State), 1233 VMSTATE_UINT32(mac_reg[GPTC], E1000State), 1234 VMSTATE_UINT32(mac_reg[ICR], E1000State), 1235 VMSTATE_UINT32(mac_reg[ICS], E1000State), 1236 VMSTATE_UINT32(mac_reg[IMC], E1000State), 1237 VMSTATE_UINT32(mac_reg[IMS], E1000State), 1238 VMSTATE_UINT32(mac_reg[LEDCTL], E1000State), 1239 VMSTATE_UINT32(mac_reg[MANC], E1000State), 1240 VMSTATE_UINT32(mac_reg[MDIC], E1000State), 1241 VMSTATE_UINT32(mac_reg[MPC], E1000State), 1242 VMSTATE_UINT32(mac_reg[PBA], E1000State), 1243 VMSTATE_UINT32(mac_reg[RCTL], E1000State), 1244 VMSTATE_UINT32(mac_reg[RDBAH], E1000State), 1245 VMSTATE_UINT32(mac_reg[RDBAL], E1000State), 1246 VMSTATE_UINT32(mac_reg[RDH], E1000State), 1247 VMSTATE_UINT32(mac_reg[RDLEN], E1000State), 1248 VMSTATE_UINT32(mac_reg[RDT], E1000State), 1249 VMSTATE_UINT32(mac_reg[STATUS], E1000State), 1250 VMSTATE_UINT32(mac_reg[SWSM], E1000State), 1251 VMSTATE_UINT32(mac_reg[TCTL], E1000State), 1252 VMSTATE_UINT32(mac_reg[TDBAH], E1000State), 1253 VMSTATE_UINT32(mac_reg[TDBAL], E1000State), 1254 VMSTATE_UINT32(mac_reg[TDH], E1000State), 1255 VMSTATE_UINT32(mac_reg[TDLEN], E1000State), 1256 VMSTATE_UINT32(mac_reg[TDT], E1000State), 1257 VMSTATE_UINT32(mac_reg[TORH], E1000State), 1258 VMSTATE_UINT32(mac_reg[TORL], E1000State), 1259 VMSTATE_UINT32(mac_reg[TOTH], E1000State), 1260 VMSTATE_UINT32(mac_reg[TOTL], E1000State), 1261 VMSTATE_UINT32(mac_reg[TPR], E1000State), 1262 VMSTATE_UINT32(mac_reg[TPT], E1000State), 1263 VMSTATE_UINT32(mac_reg[TXDCTL], E1000State), 1264 VMSTATE_UINT32(mac_reg[WUFC], E1000State), 1265 VMSTATE_UINT32(mac_reg[VET], E1000State), 1266 VMSTATE_UINT32_SUB_ARRAY(mac_reg, E1000State, RA, 32), 1267 VMSTATE_UINT32_SUB_ARRAY(mac_reg, E1000State, MTA, 128), 1268 VMSTATE_UINT32_SUB_ARRAY(mac_reg, E1000State, VFTA, 128), 1269 VMSTATE_END_OF_LIST() 1270 } 1271 }; 1272 1273 static const uint16_t e1000_eeprom_template[64] = { 1274 0x0000, 0x0000, 0x0000, 0x0000, 0xffff, 0x0000, 0x0000, 0x0000, 1275 0x3000, 0x1000, 0x6403, E1000_DEVID, 0x8086, E1000_DEVID, 0x8086, 0x3040, 1276 0x0008, 0x2000, 0x7e14, 0x0048, 0x1000, 0x00d8, 0x0000, 0x2700, 1277 0x6cc9, 0x3150, 0x0722, 0x040b, 0x0984, 0x0000, 0xc000, 0x0706, 1278 0x1008, 0x0000, 0x0f04, 0x7fff, 0x4d01, 0xffff, 0xffff, 0xffff, 1279 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 1280 0x0100, 0x4000, 0x121c, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 1281 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0x0000, 1282 }; 1283 1284 /* PCI interface */ 1285 1286 static void 1287 e1000_mmio_setup(E1000State *d) 1288 { 1289 int i; 1290 const uint32_t excluded_regs[] = { 1291 E1000_MDIC, E1000_ICR, E1000_ICS, E1000_IMS, 1292 E1000_IMC, E1000_TCTL, E1000_TDT, PNPMMIO_SIZE 1293 }; 1294 1295 memory_region_init_io(&d->mmio, OBJECT(d), &e1000_mmio_ops, d, 1296 "e1000-mmio", PNPMMIO_SIZE); 1297 memory_region_add_coalescing(&d->mmio, 0, excluded_regs[0]); 1298 for (i = 0; excluded_regs[i] != PNPMMIO_SIZE; i++) 1299 memory_region_add_coalescing(&d->mmio, excluded_regs[i] + 4, 1300 excluded_regs[i+1] - excluded_regs[i] - 4); 1301 memory_region_init_io(&d->io, OBJECT(d), &e1000_io_ops, d, "e1000-io", IOPORT_SIZE); 1302 } 1303 1304 static void 1305 e1000_cleanup(NetClientState *nc) 1306 { 1307 E1000State *s = qemu_get_nic_opaque(nc); 1308 1309 s->nic = NULL; 1310 } 1311 1312 static void 1313 pci_e1000_uninit(PCIDevice *dev) 1314 { 1315 E1000State *d = E1000(dev); 1316 1317 qemu_del_timer(d->autoneg_timer); 1318 qemu_free_timer(d->autoneg_timer); 1319 memory_region_destroy(&d->mmio); 1320 memory_region_destroy(&d->io); 1321 qemu_del_nic(d->nic); 1322 } 1323 1324 static NetClientInfo net_e1000_info = { 1325 .type = NET_CLIENT_OPTIONS_KIND_NIC, 1326 .size = sizeof(NICState), 1327 .can_receive = e1000_can_receive, 1328 .receive = e1000_receive, 1329 .cleanup = e1000_cleanup, 1330 .link_status_changed = e1000_set_link_status, 1331 }; 1332 1333 static int pci_e1000_init(PCIDevice *pci_dev) 1334 { 1335 DeviceState *dev = DEVICE(pci_dev); 1336 E1000State *d = E1000(pci_dev); 1337 uint8_t *pci_conf; 1338 uint16_t checksum = 0; 1339 int i; 1340 uint8_t *macaddr; 1341 1342 pci_conf = pci_dev->config; 1343 1344 /* TODO: RST# value should be 0, PCI spec 6.2.4 */ 1345 pci_conf[PCI_CACHE_LINE_SIZE] = 0x10; 1346 1347 pci_conf[PCI_INTERRUPT_PIN] = 1; /* interrupt pin A */ 1348 1349 e1000_mmio_setup(d); 1350 1351 pci_register_bar(pci_dev, 0, PCI_BASE_ADDRESS_SPACE_MEMORY, &d->mmio); 1352 1353 pci_register_bar(pci_dev, 1, PCI_BASE_ADDRESS_SPACE_IO, &d->io); 1354 1355 memmove(d->eeprom_data, e1000_eeprom_template, 1356 sizeof e1000_eeprom_template); 1357 qemu_macaddr_default_if_unset(&d->conf.macaddr); 1358 macaddr = d->conf.macaddr.a; 1359 for (i = 0; i < 3; i++) 1360 d->eeprom_data[i] = (macaddr[2*i+1]<<8) | macaddr[2*i]; 1361 for (i = 0; i < EEPROM_CHECKSUM_REG; i++) 1362 checksum += d->eeprom_data[i]; 1363 checksum = (uint16_t) EEPROM_SUM - checksum; 1364 d->eeprom_data[EEPROM_CHECKSUM_REG] = checksum; 1365 1366 d->nic = qemu_new_nic(&net_e1000_info, &d->conf, 1367 object_get_typename(OBJECT(d)), dev->id, d); 1368 1369 qemu_format_nic_info_str(qemu_get_queue(d->nic), macaddr); 1370 1371 add_boot_device_path(d->conf.bootindex, dev, "/ethernet-phy@0"); 1372 1373 d->autoneg_timer = qemu_new_timer_ms(vm_clock, e1000_autoneg_timer, d); 1374 1375 return 0; 1376 } 1377 1378 static void qdev_e1000_reset(DeviceState *dev) 1379 { 1380 E1000State *d = E1000(dev); 1381 e1000_reset(d); 1382 } 1383 1384 static Property e1000_properties[] = { 1385 DEFINE_NIC_PROPERTIES(E1000State, conf), 1386 DEFINE_PROP_BIT("autonegotiation", E1000State, 1387 compat_flags, E1000_FLAG_AUTONEG_BIT, true), 1388 DEFINE_PROP_END_OF_LIST(), 1389 }; 1390 1391 static void e1000_class_init(ObjectClass *klass, void *data) 1392 { 1393 DeviceClass *dc = DEVICE_CLASS(klass); 1394 PCIDeviceClass *k = PCI_DEVICE_CLASS(klass); 1395 1396 k->init = pci_e1000_init; 1397 k->exit = pci_e1000_uninit; 1398 k->romfile = "efi-e1000.rom"; 1399 k->vendor_id = PCI_VENDOR_ID_INTEL; 1400 k->device_id = E1000_DEVID; 1401 k->revision = 0x03; 1402 k->class_id = PCI_CLASS_NETWORK_ETHERNET; 1403 set_bit(DEVICE_CATEGORY_NETWORK, dc->categories); 1404 dc->desc = "Intel Gigabit Ethernet"; 1405 dc->reset = qdev_e1000_reset; 1406 dc->vmsd = &vmstate_e1000; 1407 dc->props = e1000_properties; 1408 } 1409 1410 static const TypeInfo e1000_info = { 1411 .name = TYPE_E1000, 1412 .parent = TYPE_PCI_DEVICE, 1413 .instance_size = sizeof(E1000State), 1414 .class_init = e1000_class_init, 1415 }; 1416 1417 static void e1000_register_types(void) 1418 { 1419 type_register_static(&e1000_info); 1420 } 1421 1422 type_init(e1000_register_types) 1423