xref: /openbmc/qemu/hw/net/e1000.c (revision 8f0a3716)
1 /*
2  * QEMU e1000 emulation
3  *
4  * Software developer's manual:
5  * http://download.intel.com/design/network/manuals/8254x_GBe_SDM.pdf
6  *
7  * Nir Peleg, Tutis Systems Ltd. for Qumranet Inc.
8  * Copyright (c) 2008 Qumranet
9  * Based on work done by:
10  * Copyright (c) 2007 Dan Aloni
11  * Copyright (c) 2004 Antony T Curtis
12  *
13  * This library is free software; you can redistribute it and/or
14  * modify it under the terms of the GNU Lesser General Public
15  * License as published by the Free Software Foundation; either
16  * version 2 of the License, or (at your option) any later version.
17  *
18  * This library is distributed in the hope that it will be useful,
19  * but WITHOUT ANY WARRANTY; without even the implied warranty of
20  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
21  * Lesser General Public License for more details.
22  *
23  * You should have received a copy of the GNU Lesser General Public
24  * License along with this library; if not, see <http://www.gnu.org/licenses/>.
25  */
26 
27 
28 #include "qemu/osdep.h"
29 #include "hw/hw.h"
30 #include "hw/pci/pci.h"
31 #include "net/net.h"
32 #include "net/checksum.h"
33 #include "hw/loader.h"
34 #include "sysemu/sysemu.h"
35 #include "sysemu/dma.h"
36 #include "qemu/iov.h"
37 #include "qemu/range.h"
38 
39 #include "e1000x_common.h"
40 
41 static const uint8_t bcast[] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
42 
43 /* #define E1000_DEBUG */
44 
45 #ifdef E1000_DEBUG
46 enum {
47     DEBUG_GENERAL,      DEBUG_IO,       DEBUG_MMIO,     DEBUG_INTERRUPT,
48     DEBUG_RX,           DEBUG_TX,       DEBUG_MDIC,     DEBUG_EEPROM,
49     DEBUG_UNKNOWN,      DEBUG_TXSUM,    DEBUG_TXERR,    DEBUG_RXERR,
50     DEBUG_RXFILTER,     DEBUG_PHY,      DEBUG_NOTYET,
51 };
52 #define DBGBIT(x)    (1<<DEBUG_##x)
53 static int debugflags = DBGBIT(TXERR) | DBGBIT(GENERAL);
54 
55 #define DBGOUT(what, fmt, ...) do { \
56     if (debugflags & DBGBIT(what)) \
57         fprintf(stderr, "e1000: " fmt, ## __VA_ARGS__); \
58     } while (0)
59 #else
60 #define DBGOUT(what, fmt, ...) do {} while (0)
61 #endif
62 
63 #define IOPORT_SIZE       0x40
64 #define PNPMMIO_SIZE      0x20000
65 #define MIN_BUF_SIZE      60 /* Min. octets in an ethernet frame sans FCS */
66 
67 #define MAXIMUM_ETHERNET_HDR_LEN (14+4)
68 
69 /*
70  * HW models:
71  *  E1000_DEV_ID_82540EM works with Windows, Linux, and OS X <= 10.8
72  *  E1000_DEV_ID_82544GC_COPPER appears to work; not well tested
73  *  E1000_DEV_ID_82545EM_COPPER works with Linux and OS X >= 10.6
74  *  Others never tested
75  */
76 
77 typedef struct E1000State_st {
78     /*< private >*/
79     PCIDevice parent_obj;
80     /*< public >*/
81 
82     NICState *nic;
83     NICConf conf;
84     MemoryRegion mmio;
85     MemoryRegion io;
86 
87     uint32_t mac_reg[0x8000];
88     uint16_t phy_reg[0x20];
89     uint16_t eeprom_data[64];
90 
91     uint32_t rxbuf_size;
92     uint32_t rxbuf_min_shift;
93     struct e1000_tx {
94         unsigned char header[256];
95         unsigned char vlan_header[4];
96         /* Fields vlan and data must not be reordered or separated. */
97         unsigned char vlan[4];
98         unsigned char data[0x10000];
99         uint16_t size;
100         unsigned char vlan_needed;
101         unsigned char sum_needed;
102         bool cptse;
103         e1000x_txd_props props;
104         e1000x_txd_props tso_props;
105         uint16_t tso_frames;
106     } tx;
107 
108     struct {
109         uint32_t val_in;    /* shifted in from guest driver */
110         uint16_t bitnum_in;
111         uint16_t bitnum_out;
112         uint16_t reading;
113         uint32_t old_eecd;
114     } eecd_state;
115 
116     QEMUTimer *autoneg_timer;
117 
118     QEMUTimer *mit_timer;      /* Mitigation timer. */
119     bool mit_timer_on;         /* Mitigation timer is running. */
120     bool mit_irq_level;        /* Tracks interrupt pin level. */
121     uint32_t mit_ide;          /* Tracks E1000_TXD_CMD_IDE bit. */
122 
123 /* Compatibility flags for migration to/from qemu 1.3.0 and older */
124 #define E1000_FLAG_AUTONEG_BIT 0
125 #define E1000_FLAG_MIT_BIT 1
126 #define E1000_FLAG_MAC_BIT 2
127 #define E1000_FLAG_AUTONEG (1 << E1000_FLAG_AUTONEG_BIT)
128 #define E1000_FLAG_MIT (1 << E1000_FLAG_MIT_BIT)
129 #define E1000_FLAG_MAC (1 << E1000_FLAG_MAC_BIT)
130     uint32_t compat_flags;
131 } E1000State;
132 
133 #define chkflag(x)     (s->compat_flags & E1000_FLAG_##x)
134 
135 typedef struct E1000BaseClass {
136     PCIDeviceClass parent_class;
137     uint16_t phy_id2;
138 } E1000BaseClass;
139 
140 #define TYPE_E1000_BASE "e1000-base"
141 
142 #define E1000(obj) \
143     OBJECT_CHECK(E1000State, (obj), TYPE_E1000_BASE)
144 
145 #define E1000_DEVICE_CLASS(klass) \
146      OBJECT_CLASS_CHECK(E1000BaseClass, (klass), TYPE_E1000_BASE)
147 #define E1000_DEVICE_GET_CLASS(obj) \
148     OBJECT_GET_CLASS(E1000BaseClass, (obj), TYPE_E1000_BASE)
149 
150 static void
151 e1000_link_up(E1000State *s)
152 {
153     e1000x_update_regs_on_link_up(s->mac_reg, s->phy_reg);
154 
155     /* E1000_STATUS_LU is tested by e1000_can_receive() */
156     qemu_flush_queued_packets(qemu_get_queue(s->nic));
157 }
158 
159 static void
160 e1000_autoneg_done(E1000State *s)
161 {
162     e1000x_update_regs_on_autoneg_done(s->mac_reg, s->phy_reg);
163 
164     /* E1000_STATUS_LU is tested by e1000_can_receive() */
165     qemu_flush_queued_packets(qemu_get_queue(s->nic));
166 }
167 
168 static bool
169 have_autoneg(E1000State *s)
170 {
171     return chkflag(AUTONEG) && (s->phy_reg[PHY_CTRL] & MII_CR_AUTO_NEG_EN);
172 }
173 
174 static void
175 set_phy_ctrl(E1000State *s, int index, uint16_t val)
176 {
177     /* bits 0-5 reserved; MII_CR_[RESTART_AUTO_NEG,RESET] are self clearing */
178     s->phy_reg[PHY_CTRL] = val & ~(0x3f |
179                                    MII_CR_RESET |
180                                    MII_CR_RESTART_AUTO_NEG);
181 
182     /*
183      * QEMU 1.3 does not support link auto-negotiation emulation, so if we
184      * migrate during auto negotiation, after migration the link will be
185      * down.
186      */
187     if (have_autoneg(s) && (val & MII_CR_RESTART_AUTO_NEG)) {
188         e1000x_restart_autoneg(s->mac_reg, s->phy_reg, s->autoneg_timer);
189     }
190 }
191 
192 static void (*phyreg_writeops[])(E1000State *, int, uint16_t) = {
193     [PHY_CTRL] = set_phy_ctrl,
194 };
195 
196 enum { NPHYWRITEOPS = ARRAY_SIZE(phyreg_writeops) };
197 
198 enum { PHY_R = 1, PHY_W = 2, PHY_RW = PHY_R | PHY_W };
199 static const char phy_regcap[0x20] = {
200     [PHY_STATUS]      = PHY_R,     [M88E1000_EXT_PHY_SPEC_CTRL] = PHY_RW,
201     [PHY_ID1]         = PHY_R,     [M88E1000_PHY_SPEC_CTRL]     = PHY_RW,
202     [PHY_CTRL]        = PHY_RW,    [PHY_1000T_CTRL]             = PHY_RW,
203     [PHY_LP_ABILITY]  = PHY_R,     [PHY_1000T_STATUS]           = PHY_R,
204     [PHY_AUTONEG_ADV] = PHY_RW,    [M88E1000_RX_ERR_CNTR]       = PHY_R,
205     [PHY_ID2]         = PHY_R,     [M88E1000_PHY_SPEC_STATUS]   = PHY_R,
206     [PHY_AUTONEG_EXP] = PHY_R,
207 };
208 
209 /* PHY_ID2 documented in 8254x_GBe_SDM.pdf, pp. 250 */
210 static const uint16_t phy_reg_init[] = {
211     [PHY_CTRL]   = MII_CR_SPEED_SELECT_MSB |
212                    MII_CR_FULL_DUPLEX |
213                    MII_CR_AUTO_NEG_EN,
214 
215     [PHY_STATUS] = MII_SR_EXTENDED_CAPS |
216                    MII_SR_LINK_STATUS |   /* link initially up */
217                    MII_SR_AUTONEG_CAPS |
218                    /* MII_SR_AUTONEG_COMPLETE: initially NOT completed */
219                    MII_SR_PREAMBLE_SUPPRESS |
220                    MII_SR_EXTENDED_STATUS |
221                    MII_SR_10T_HD_CAPS |
222                    MII_SR_10T_FD_CAPS |
223                    MII_SR_100X_HD_CAPS |
224                    MII_SR_100X_FD_CAPS,
225 
226     [PHY_ID1] = 0x141,
227     /* [PHY_ID2] configured per DevId, from e1000_reset() */
228     [PHY_AUTONEG_ADV] = 0xde1,
229     [PHY_LP_ABILITY] = 0x1e0,
230     [PHY_1000T_CTRL] = 0x0e00,
231     [PHY_1000T_STATUS] = 0x3c00,
232     [M88E1000_PHY_SPEC_CTRL] = 0x360,
233     [M88E1000_PHY_SPEC_STATUS] = 0xac00,
234     [M88E1000_EXT_PHY_SPEC_CTRL] = 0x0d60,
235 };
236 
237 static const uint32_t mac_reg_init[] = {
238     [PBA]     = 0x00100030,
239     [LEDCTL]  = 0x602,
240     [CTRL]    = E1000_CTRL_SWDPIN2 | E1000_CTRL_SWDPIN0 |
241                 E1000_CTRL_SPD_1000 | E1000_CTRL_SLU,
242     [STATUS]  = 0x80000000 | E1000_STATUS_GIO_MASTER_ENABLE |
243                 E1000_STATUS_ASDV | E1000_STATUS_MTXCKOK |
244                 E1000_STATUS_SPEED_1000 | E1000_STATUS_FD |
245                 E1000_STATUS_LU,
246     [MANC]    = E1000_MANC_EN_MNG2HOST | E1000_MANC_RCV_TCO_EN |
247                 E1000_MANC_ARP_EN | E1000_MANC_0298_EN |
248                 E1000_MANC_RMCP_EN,
249 };
250 
251 /* Helper function, *curr == 0 means the value is not set */
252 static inline void
253 mit_update_delay(uint32_t *curr, uint32_t value)
254 {
255     if (value && (*curr == 0 || value < *curr)) {
256         *curr = value;
257     }
258 }
259 
260 static void
261 set_interrupt_cause(E1000State *s, int index, uint32_t val)
262 {
263     PCIDevice *d = PCI_DEVICE(s);
264     uint32_t pending_ints;
265     uint32_t mit_delay;
266 
267     s->mac_reg[ICR] = val;
268 
269     /*
270      * Make sure ICR and ICS registers have the same value.
271      * The spec says that the ICS register is write-only.  However in practice,
272      * on real hardware ICS is readable, and for reads it has the same value as
273      * ICR (except that ICS does not have the clear on read behaviour of ICR).
274      *
275      * The VxWorks PRO/1000 driver uses this behaviour.
276      */
277     s->mac_reg[ICS] = val;
278 
279     pending_ints = (s->mac_reg[IMS] & s->mac_reg[ICR]);
280     if (!s->mit_irq_level && pending_ints) {
281         /*
282          * Here we detect a potential raising edge. We postpone raising the
283          * interrupt line if we are inside the mitigation delay window
284          * (s->mit_timer_on == 1).
285          * We provide a partial implementation of interrupt mitigation,
286          * emulating only RADV, TADV and ITR (lower 16 bits, 1024ns units for
287          * RADV and TADV, 256ns units for ITR). RDTR is only used to enable
288          * RADV; relative timers based on TIDV and RDTR are not implemented.
289          */
290         if (s->mit_timer_on) {
291             return;
292         }
293         if (chkflag(MIT)) {
294             /* Compute the next mitigation delay according to pending
295              * interrupts and the current values of RADV (provided
296              * RDTR!=0), TADV and ITR.
297              * Then rearm the timer.
298              */
299             mit_delay = 0;
300             if (s->mit_ide &&
301                     (pending_ints & (E1000_ICR_TXQE | E1000_ICR_TXDW))) {
302                 mit_update_delay(&mit_delay, s->mac_reg[TADV] * 4);
303             }
304             if (s->mac_reg[RDTR] && (pending_ints & E1000_ICS_RXT0)) {
305                 mit_update_delay(&mit_delay, s->mac_reg[RADV] * 4);
306             }
307             mit_update_delay(&mit_delay, s->mac_reg[ITR]);
308 
309             /*
310              * According to e1000 SPEC, the Ethernet controller guarantees
311              * a maximum observable interrupt rate of 7813 interrupts/sec.
312              * Thus if mit_delay < 500 then the delay should be set to the
313              * minimum delay possible which is 500.
314              */
315             mit_delay = (mit_delay < 500) ? 500 : mit_delay;
316 
317             s->mit_timer_on = 1;
318             timer_mod(s->mit_timer, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) +
319                       mit_delay * 256);
320             s->mit_ide = 0;
321         }
322     }
323 
324     s->mit_irq_level = (pending_ints != 0);
325     pci_set_irq(d, s->mit_irq_level);
326 }
327 
328 static void
329 e1000_mit_timer(void *opaque)
330 {
331     E1000State *s = opaque;
332 
333     s->mit_timer_on = 0;
334     /* Call set_interrupt_cause to update the irq level (if necessary). */
335     set_interrupt_cause(s, 0, s->mac_reg[ICR]);
336 }
337 
338 static void
339 set_ics(E1000State *s, int index, uint32_t val)
340 {
341     DBGOUT(INTERRUPT, "set_ics %x, ICR %x, IMR %x\n", val, s->mac_reg[ICR],
342         s->mac_reg[IMS]);
343     set_interrupt_cause(s, 0, val | s->mac_reg[ICR]);
344 }
345 
346 static void
347 e1000_autoneg_timer(void *opaque)
348 {
349     E1000State *s = opaque;
350     if (!qemu_get_queue(s->nic)->link_down) {
351         e1000_autoneg_done(s);
352         set_ics(s, 0, E1000_ICS_LSC); /* signal link status change to guest */
353     }
354 }
355 
356 static void e1000_reset(void *opaque)
357 {
358     E1000State *d = opaque;
359     E1000BaseClass *edc = E1000_DEVICE_GET_CLASS(d);
360     uint8_t *macaddr = d->conf.macaddr.a;
361 
362     timer_del(d->autoneg_timer);
363     timer_del(d->mit_timer);
364     d->mit_timer_on = 0;
365     d->mit_irq_level = 0;
366     d->mit_ide = 0;
367     memset(d->phy_reg, 0, sizeof d->phy_reg);
368     memmove(d->phy_reg, phy_reg_init, sizeof phy_reg_init);
369     d->phy_reg[PHY_ID2] = edc->phy_id2;
370     memset(d->mac_reg, 0, sizeof d->mac_reg);
371     memmove(d->mac_reg, mac_reg_init, sizeof mac_reg_init);
372     d->rxbuf_min_shift = 1;
373     memset(&d->tx, 0, sizeof d->tx);
374 
375     if (qemu_get_queue(d->nic)->link_down) {
376         e1000x_update_regs_on_link_down(d->mac_reg, d->phy_reg);
377     }
378 
379     e1000x_reset_mac_addr(d->nic, d->mac_reg, macaddr);
380 }
381 
382 static void
383 set_ctrl(E1000State *s, int index, uint32_t val)
384 {
385     /* RST is self clearing */
386     s->mac_reg[CTRL] = val & ~E1000_CTRL_RST;
387 }
388 
389 static void
390 set_rx_control(E1000State *s, int index, uint32_t val)
391 {
392     s->mac_reg[RCTL] = val;
393     s->rxbuf_size = e1000x_rxbufsize(val);
394     s->rxbuf_min_shift = ((val / E1000_RCTL_RDMTS_QUAT) & 3) + 1;
395     DBGOUT(RX, "RCTL: %d, mac_reg[RCTL] = 0x%x\n", s->mac_reg[RDT],
396            s->mac_reg[RCTL]);
397     qemu_flush_queued_packets(qemu_get_queue(s->nic));
398 }
399 
400 static void
401 set_mdic(E1000State *s, int index, uint32_t val)
402 {
403     uint32_t data = val & E1000_MDIC_DATA_MASK;
404     uint32_t addr = ((val & E1000_MDIC_REG_MASK) >> E1000_MDIC_REG_SHIFT);
405 
406     if ((val & E1000_MDIC_PHY_MASK) >> E1000_MDIC_PHY_SHIFT != 1) // phy #
407         val = s->mac_reg[MDIC] | E1000_MDIC_ERROR;
408     else if (val & E1000_MDIC_OP_READ) {
409         DBGOUT(MDIC, "MDIC read reg 0x%x\n", addr);
410         if (!(phy_regcap[addr] & PHY_R)) {
411             DBGOUT(MDIC, "MDIC read reg %x unhandled\n", addr);
412             val |= E1000_MDIC_ERROR;
413         } else
414             val = (val ^ data) | s->phy_reg[addr];
415     } else if (val & E1000_MDIC_OP_WRITE) {
416         DBGOUT(MDIC, "MDIC write reg 0x%x, value 0x%x\n", addr, data);
417         if (!(phy_regcap[addr] & PHY_W)) {
418             DBGOUT(MDIC, "MDIC write reg %x unhandled\n", addr);
419             val |= E1000_MDIC_ERROR;
420         } else {
421             if (addr < NPHYWRITEOPS && phyreg_writeops[addr]) {
422                 phyreg_writeops[addr](s, index, data);
423             } else {
424                 s->phy_reg[addr] = data;
425             }
426         }
427     }
428     s->mac_reg[MDIC] = val | E1000_MDIC_READY;
429 
430     if (val & E1000_MDIC_INT_EN) {
431         set_ics(s, 0, E1000_ICR_MDAC);
432     }
433 }
434 
435 static uint32_t
436 get_eecd(E1000State *s, int index)
437 {
438     uint32_t ret = E1000_EECD_PRES|E1000_EECD_GNT | s->eecd_state.old_eecd;
439 
440     DBGOUT(EEPROM, "reading eeprom bit %d (reading %d)\n",
441            s->eecd_state.bitnum_out, s->eecd_state.reading);
442     if (!s->eecd_state.reading ||
443         ((s->eeprom_data[(s->eecd_state.bitnum_out >> 4) & 0x3f] >>
444           ((s->eecd_state.bitnum_out & 0xf) ^ 0xf))) & 1)
445         ret |= E1000_EECD_DO;
446     return ret;
447 }
448 
449 static void
450 set_eecd(E1000State *s, int index, uint32_t val)
451 {
452     uint32_t oldval = s->eecd_state.old_eecd;
453 
454     s->eecd_state.old_eecd = val & (E1000_EECD_SK | E1000_EECD_CS |
455             E1000_EECD_DI|E1000_EECD_FWE_MASK|E1000_EECD_REQ);
456     if (!(E1000_EECD_CS & val)) {            /* CS inactive; nothing to do */
457         return;
458     }
459     if (E1000_EECD_CS & (val ^ oldval)) {    /* CS rise edge; reset state */
460         s->eecd_state.val_in = 0;
461         s->eecd_state.bitnum_in = 0;
462         s->eecd_state.bitnum_out = 0;
463         s->eecd_state.reading = 0;
464     }
465     if (!(E1000_EECD_SK & (val ^ oldval))) {    /* no clock edge */
466         return;
467     }
468     if (!(E1000_EECD_SK & val)) {               /* falling edge */
469         s->eecd_state.bitnum_out++;
470         return;
471     }
472     s->eecd_state.val_in <<= 1;
473     if (val & E1000_EECD_DI)
474         s->eecd_state.val_in |= 1;
475     if (++s->eecd_state.bitnum_in == 9 && !s->eecd_state.reading) {
476         s->eecd_state.bitnum_out = ((s->eecd_state.val_in & 0x3f)<<4)-1;
477         s->eecd_state.reading = (((s->eecd_state.val_in >> 6) & 7) ==
478             EEPROM_READ_OPCODE_MICROWIRE);
479     }
480     DBGOUT(EEPROM, "eeprom bitnum in %d out %d, reading %d\n",
481            s->eecd_state.bitnum_in, s->eecd_state.bitnum_out,
482            s->eecd_state.reading);
483 }
484 
485 static uint32_t
486 flash_eerd_read(E1000State *s, int x)
487 {
488     unsigned int index, r = s->mac_reg[EERD] & ~E1000_EEPROM_RW_REG_START;
489 
490     if ((s->mac_reg[EERD] & E1000_EEPROM_RW_REG_START) == 0)
491         return (s->mac_reg[EERD]);
492 
493     if ((index = r >> E1000_EEPROM_RW_ADDR_SHIFT) > EEPROM_CHECKSUM_REG)
494         return (E1000_EEPROM_RW_REG_DONE | r);
495 
496     return ((s->eeprom_data[index] << E1000_EEPROM_RW_REG_DATA) |
497            E1000_EEPROM_RW_REG_DONE | r);
498 }
499 
500 static void
501 putsum(uint8_t *data, uint32_t n, uint32_t sloc, uint32_t css, uint32_t cse)
502 {
503     uint32_t sum;
504 
505     if (cse && cse < n)
506         n = cse + 1;
507     if (sloc < n-1) {
508         sum = net_checksum_add(n-css, data+css);
509         stw_be_p(data + sloc, net_checksum_finish_nozero(sum));
510     }
511 }
512 
513 static inline void
514 inc_tx_bcast_or_mcast_count(E1000State *s, const unsigned char *arr)
515 {
516     if (!memcmp(arr, bcast, sizeof bcast)) {
517         e1000x_inc_reg_if_not_full(s->mac_reg, BPTC);
518     } else if (arr[0] & 1) {
519         e1000x_inc_reg_if_not_full(s->mac_reg, MPTC);
520     }
521 }
522 
523 static void
524 e1000_send_packet(E1000State *s, const uint8_t *buf, int size)
525 {
526     static const int PTCregs[6] = { PTC64, PTC127, PTC255, PTC511,
527                                     PTC1023, PTC1522 };
528 
529     NetClientState *nc = qemu_get_queue(s->nic);
530     if (s->phy_reg[PHY_CTRL] & MII_CR_LOOPBACK) {
531         nc->info->receive(nc, buf, size);
532     } else {
533         qemu_send_packet(nc, buf, size);
534     }
535     inc_tx_bcast_or_mcast_count(s, buf);
536     e1000x_increase_size_stats(s->mac_reg, PTCregs, size);
537 }
538 
539 static void
540 xmit_seg(E1000State *s)
541 {
542     uint16_t len;
543     unsigned int frames = s->tx.tso_frames, css, sofar;
544     struct e1000_tx *tp = &s->tx;
545     struct e1000x_txd_props *props = tp->cptse ? &tp->tso_props : &tp->props;
546 
547     if (tp->cptse) {
548         css = props->ipcss;
549         DBGOUT(TXSUM, "frames %d size %d ipcss %d\n",
550                frames, tp->size, css);
551         if (props->ip) {    /* IPv4 */
552             stw_be_p(tp->data+css+2, tp->size - css);
553             stw_be_p(tp->data+css+4,
554                      lduw_be_p(tp->data + css + 4) + frames);
555         } else {         /* IPv6 */
556             stw_be_p(tp->data+css+4, tp->size - css);
557         }
558         css = props->tucss;
559         len = tp->size - css;
560         DBGOUT(TXSUM, "tcp %d tucss %d len %d\n", props->tcp, css, len);
561         if (props->tcp) {
562             sofar = frames * props->mss;
563             stl_be_p(tp->data+css+4, ldl_be_p(tp->data+css+4)+sofar); /* seq */
564             if (props->paylen - sofar > props->mss) {
565                 tp->data[css + 13] &= ~9;    /* PSH, FIN */
566             } else if (frames) {
567                 e1000x_inc_reg_if_not_full(s->mac_reg, TSCTC);
568             }
569         } else {    /* UDP */
570             stw_be_p(tp->data+css+4, len);
571         }
572         if (tp->sum_needed & E1000_TXD_POPTS_TXSM) {
573             unsigned int phsum;
574             // add pseudo-header length before checksum calculation
575             void *sp = tp->data + props->tucso;
576 
577             phsum = lduw_be_p(sp) + len;
578             phsum = (phsum >> 16) + (phsum & 0xffff);
579             stw_be_p(sp, phsum);
580         }
581         tp->tso_frames++;
582     }
583 
584     if (tp->sum_needed & E1000_TXD_POPTS_TXSM) {
585         putsum(tp->data, tp->size, props->tucso, props->tucss, props->tucse);
586     }
587     if (tp->sum_needed & E1000_TXD_POPTS_IXSM) {
588         putsum(tp->data, tp->size, props->ipcso, props->ipcss, props->ipcse);
589     }
590     if (tp->vlan_needed) {
591         memmove(tp->vlan, tp->data, 4);
592         memmove(tp->data, tp->data + 4, 8);
593         memcpy(tp->data + 8, tp->vlan_header, 4);
594         e1000_send_packet(s, tp->vlan, tp->size + 4);
595     } else {
596         e1000_send_packet(s, tp->data, tp->size);
597     }
598 
599     e1000x_inc_reg_if_not_full(s->mac_reg, TPT);
600     e1000x_grow_8reg_if_not_full(s->mac_reg, TOTL, s->tx.size);
601     s->mac_reg[GPTC] = s->mac_reg[TPT];
602     s->mac_reg[GOTCL] = s->mac_reg[TOTL];
603     s->mac_reg[GOTCH] = s->mac_reg[TOTH];
604 }
605 
606 static void
607 process_tx_desc(E1000State *s, struct e1000_tx_desc *dp)
608 {
609     PCIDevice *d = PCI_DEVICE(s);
610     uint32_t txd_lower = le32_to_cpu(dp->lower.data);
611     uint32_t dtype = txd_lower & (E1000_TXD_CMD_DEXT | E1000_TXD_DTYP_D);
612     unsigned int split_size = txd_lower & 0xffff, bytes, sz;
613     unsigned int msh = 0xfffff;
614     uint64_t addr;
615     struct e1000_context_desc *xp = (struct e1000_context_desc *)dp;
616     struct e1000_tx *tp = &s->tx;
617 
618     s->mit_ide |= (txd_lower & E1000_TXD_CMD_IDE);
619     if (dtype == E1000_TXD_CMD_DEXT) {    /* context descriptor */
620         if (le32_to_cpu(xp->cmd_and_length) & E1000_TXD_CMD_TSE) {
621             e1000x_read_tx_ctx_descr(xp, &tp->tso_props);
622             tp->tso_frames = 0;
623         } else {
624             e1000x_read_tx_ctx_descr(xp, &tp->props);
625         }
626         return;
627     } else if (dtype == (E1000_TXD_CMD_DEXT | E1000_TXD_DTYP_D)) {
628         // data descriptor
629         if (tp->size == 0) {
630             tp->sum_needed = le32_to_cpu(dp->upper.data) >> 8;
631         }
632         tp->cptse = (txd_lower & E1000_TXD_CMD_TSE) ? 1 : 0;
633     } else {
634         // legacy descriptor
635         tp->cptse = 0;
636     }
637 
638     if (e1000x_vlan_enabled(s->mac_reg) &&
639         e1000x_is_vlan_txd(txd_lower) &&
640         (tp->cptse || txd_lower & E1000_TXD_CMD_EOP)) {
641         tp->vlan_needed = 1;
642         stw_be_p(tp->vlan_header,
643                       le16_to_cpu(s->mac_reg[VET]));
644         stw_be_p(tp->vlan_header + 2,
645                       le16_to_cpu(dp->upper.fields.special));
646     }
647 
648     addr = le64_to_cpu(dp->buffer_addr);
649     if (tp->cptse) {
650         msh = tp->tso_props.hdr_len + tp->tso_props.mss;
651         do {
652             bytes = split_size;
653             if (tp->size + bytes > msh)
654                 bytes = msh - tp->size;
655 
656             bytes = MIN(sizeof(tp->data) - tp->size, bytes);
657             pci_dma_read(d, addr, tp->data + tp->size, bytes);
658             sz = tp->size + bytes;
659             if (sz >= tp->tso_props.hdr_len
660                 && tp->size < tp->tso_props.hdr_len) {
661                 memmove(tp->header, tp->data, tp->tso_props.hdr_len);
662             }
663             tp->size = sz;
664             addr += bytes;
665             if (sz == msh) {
666                 xmit_seg(s);
667                 memmove(tp->data, tp->header, tp->tso_props.hdr_len);
668                 tp->size = tp->tso_props.hdr_len;
669             }
670             split_size -= bytes;
671         } while (bytes && split_size);
672     } else {
673         split_size = MIN(sizeof(tp->data) - tp->size, split_size);
674         pci_dma_read(d, addr, tp->data + tp->size, split_size);
675         tp->size += split_size;
676     }
677 
678     if (!(txd_lower & E1000_TXD_CMD_EOP))
679         return;
680     if (!(tp->cptse && tp->size < tp->tso_props.hdr_len)) {
681         xmit_seg(s);
682     }
683     tp->tso_frames = 0;
684     tp->sum_needed = 0;
685     tp->vlan_needed = 0;
686     tp->size = 0;
687     tp->cptse = 0;
688 }
689 
690 static uint32_t
691 txdesc_writeback(E1000State *s, dma_addr_t base, struct e1000_tx_desc *dp)
692 {
693     PCIDevice *d = PCI_DEVICE(s);
694     uint32_t txd_upper, txd_lower = le32_to_cpu(dp->lower.data);
695 
696     if (!(txd_lower & (E1000_TXD_CMD_RS|E1000_TXD_CMD_RPS)))
697         return 0;
698     txd_upper = (le32_to_cpu(dp->upper.data) | E1000_TXD_STAT_DD) &
699                 ~(E1000_TXD_STAT_EC | E1000_TXD_STAT_LC | E1000_TXD_STAT_TU);
700     dp->upper.data = cpu_to_le32(txd_upper);
701     pci_dma_write(d, base + ((char *)&dp->upper - (char *)dp),
702                   &dp->upper, sizeof(dp->upper));
703     return E1000_ICR_TXDW;
704 }
705 
706 static uint64_t tx_desc_base(E1000State *s)
707 {
708     uint64_t bah = s->mac_reg[TDBAH];
709     uint64_t bal = s->mac_reg[TDBAL] & ~0xf;
710 
711     return (bah << 32) + bal;
712 }
713 
714 static void
715 start_xmit(E1000State *s)
716 {
717     PCIDevice *d = PCI_DEVICE(s);
718     dma_addr_t base;
719     struct e1000_tx_desc desc;
720     uint32_t tdh_start = s->mac_reg[TDH], cause = E1000_ICS_TXQE;
721 
722     if (!(s->mac_reg[TCTL] & E1000_TCTL_EN)) {
723         DBGOUT(TX, "tx disabled\n");
724         return;
725     }
726 
727     while (s->mac_reg[TDH] != s->mac_reg[TDT]) {
728         base = tx_desc_base(s) +
729                sizeof(struct e1000_tx_desc) * s->mac_reg[TDH];
730         pci_dma_read(d, base, &desc, sizeof(desc));
731 
732         DBGOUT(TX, "index %d: %p : %x %x\n", s->mac_reg[TDH],
733                (void *)(intptr_t)desc.buffer_addr, desc.lower.data,
734                desc.upper.data);
735 
736         process_tx_desc(s, &desc);
737         cause |= txdesc_writeback(s, base, &desc);
738 
739         if (++s->mac_reg[TDH] * sizeof(desc) >= s->mac_reg[TDLEN])
740             s->mac_reg[TDH] = 0;
741         /*
742          * the following could happen only if guest sw assigns
743          * bogus values to TDT/TDLEN.
744          * there's nothing too intelligent we could do about this.
745          */
746         if (s->mac_reg[TDH] == tdh_start ||
747             tdh_start >= s->mac_reg[TDLEN] / sizeof(desc)) {
748             DBGOUT(TXERR, "TDH wraparound @%x, TDT %x, TDLEN %x\n",
749                    tdh_start, s->mac_reg[TDT], s->mac_reg[TDLEN]);
750             break;
751         }
752     }
753     set_ics(s, 0, cause);
754 }
755 
756 static int
757 receive_filter(E1000State *s, const uint8_t *buf, int size)
758 {
759     uint32_t rctl = s->mac_reg[RCTL];
760     int isbcast = !memcmp(buf, bcast, sizeof bcast), ismcast = (buf[0] & 1);
761 
762     if (e1000x_is_vlan_packet(buf, le16_to_cpu(s->mac_reg[VET])) &&
763         e1000x_vlan_rx_filter_enabled(s->mac_reg)) {
764         uint16_t vid = lduw_be_p(buf + 14);
765         uint32_t vfta = ldl_le_p((uint32_t*)(s->mac_reg + VFTA) +
766                                  ((vid >> 5) & 0x7f));
767         if ((vfta & (1 << (vid & 0x1f))) == 0)
768             return 0;
769     }
770 
771     if (!isbcast && !ismcast && (rctl & E1000_RCTL_UPE)) { /* promiscuous ucast */
772         return 1;
773     }
774 
775     if (ismcast && (rctl & E1000_RCTL_MPE)) {          /* promiscuous mcast */
776         e1000x_inc_reg_if_not_full(s->mac_reg, MPRC);
777         return 1;
778     }
779 
780     if (isbcast && (rctl & E1000_RCTL_BAM)) {          /* broadcast enabled */
781         e1000x_inc_reg_if_not_full(s->mac_reg, BPRC);
782         return 1;
783     }
784 
785     return e1000x_rx_group_filter(s->mac_reg, buf);
786 }
787 
788 static void
789 e1000_set_link_status(NetClientState *nc)
790 {
791     E1000State *s = qemu_get_nic_opaque(nc);
792     uint32_t old_status = s->mac_reg[STATUS];
793 
794     if (nc->link_down) {
795         e1000x_update_regs_on_link_down(s->mac_reg, s->phy_reg);
796     } else {
797         if (have_autoneg(s) &&
798             !(s->phy_reg[PHY_STATUS] & MII_SR_AUTONEG_COMPLETE)) {
799             e1000x_restart_autoneg(s->mac_reg, s->phy_reg, s->autoneg_timer);
800         } else {
801             e1000_link_up(s);
802         }
803     }
804 
805     if (s->mac_reg[STATUS] != old_status)
806         set_ics(s, 0, E1000_ICR_LSC);
807 }
808 
809 static bool e1000_has_rxbufs(E1000State *s, size_t total_size)
810 {
811     int bufs;
812     /* Fast-path short packets */
813     if (total_size <= s->rxbuf_size) {
814         return s->mac_reg[RDH] != s->mac_reg[RDT];
815     }
816     if (s->mac_reg[RDH] < s->mac_reg[RDT]) {
817         bufs = s->mac_reg[RDT] - s->mac_reg[RDH];
818     } else if (s->mac_reg[RDH] > s->mac_reg[RDT]) {
819         bufs = s->mac_reg[RDLEN] /  sizeof(struct e1000_rx_desc) +
820             s->mac_reg[RDT] - s->mac_reg[RDH];
821     } else {
822         return false;
823     }
824     return total_size <= bufs * s->rxbuf_size;
825 }
826 
827 static int
828 e1000_can_receive(NetClientState *nc)
829 {
830     E1000State *s = qemu_get_nic_opaque(nc);
831 
832     return e1000x_rx_ready(&s->parent_obj, s->mac_reg) &&
833         e1000_has_rxbufs(s, 1);
834 }
835 
836 static uint64_t rx_desc_base(E1000State *s)
837 {
838     uint64_t bah = s->mac_reg[RDBAH];
839     uint64_t bal = s->mac_reg[RDBAL] & ~0xf;
840 
841     return (bah << 32) + bal;
842 }
843 
844 static ssize_t
845 e1000_receive_iov(NetClientState *nc, const struct iovec *iov, int iovcnt)
846 {
847     E1000State *s = qemu_get_nic_opaque(nc);
848     PCIDevice *d = PCI_DEVICE(s);
849     struct e1000_rx_desc desc;
850     dma_addr_t base;
851     unsigned int n, rdt;
852     uint32_t rdh_start;
853     uint16_t vlan_special = 0;
854     uint8_t vlan_status = 0;
855     uint8_t min_buf[MIN_BUF_SIZE];
856     struct iovec min_iov;
857     uint8_t *filter_buf = iov->iov_base;
858     size_t size = iov_size(iov, iovcnt);
859     size_t iov_ofs = 0;
860     size_t desc_offset;
861     size_t desc_size;
862     size_t total_size;
863 
864     if (!e1000x_hw_rx_enabled(s->mac_reg)) {
865         return -1;
866     }
867 
868     /* Pad to minimum Ethernet frame length */
869     if (size < sizeof(min_buf)) {
870         iov_to_buf(iov, iovcnt, 0, min_buf, size);
871         memset(&min_buf[size], 0, sizeof(min_buf) - size);
872         e1000x_inc_reg_if_not_full(s->mac_reg, RUC);
873         min_iov.iov_base = filter_buf = min_buf;
874         min_iov.iov_len = size = sizeof(min_buf);
875         iovcnt = 1;
876         iov = &min_iov;
877     } else if (iov->iov_len < MAXIMUM_ETHERNET_HDR_LEN) {
878         /* This is very unlikely, but may happen. */
879         iov_to_buf(iov, iovcnt, 0, min_buf, MAXIMUM_ETHERNET_HDR_LEN);
880         filter_buf = min_buf;
881     }
882 
883     /* Discard oversized packets if !LPE and !SBP. */
884     if (e1000x_is_oversized(s->mac_reg, size)) {
885         return size;
886     }
887 
888     if (!receive_filter(s, filter_buf, size)) {
889         return size;
890     }
891 
892     if (e1000x_vlan_enabled(s->mac_reg) &&
893         e1000x_is_vlan_packet(filter_buf, le16_to_cpu(s->mac_reg[VET]))) {
894         vlan_special = cpu_to_le16(lduw_be_p(filter_buf + 14));
895         iov_ofs = 4;
896         if (filter_buf == iov->iov_base) {
897             memmove(filter_buf + 4, filter_buf, 12);
898         } else {
899             iov_from_buf(iov, iovcnt, 4, filter_buf, 12);
900             while (iov->iov_len <= iov_ofs) {
901                 iov_ofs -= iov->iov_len;
902                 iov++;
903             }
904         }
905         vlan_status = E1000_RXD_STAT_VP;
906         size -= 4;
907     }
908 
909     rdh_start = s->mac_reg[RDH];
910     desc_offset = 0;
911     total_size = size + e1000x_fcs_len(s->mac_reg);
912     if (!e1000_has_rxbufs(s, total_size)) {
913             set_ics(s, 0, E1000_ICS_RXO);
914             return -1;
915     }
916     do {
917         desc_size = total_size - desc_offset;
918         if (desc_size > s->rxbuf_size) {
919             desc_size = s->rxbuf_size;
920         }
921         base = rx_desc_base(s) + sizeof(desc) * s->mac_reg[RDH];
922         pci_dma_read(d, base, &desc, sizeof(desc));
923         desc.special = vlan_special;
924         desc.status |= (vlan_status | E1000_RXD_STAT_DD);
925         if (desc.buffer_addr) {
926             if (desc_offset < size) {
927                 size_t iov_copy;
928                 hwaddr ba = le64_to_cpu(desc.buffer_addr);
929                 size_t copy_size = size - desc_offset;
930                 if (copy_size > s->rxbuf_size) {
931                     copy_size = s->rxbuf_size;
932                 }
933                 do {
934                     iov_copy = MIN(copy_size, iov->iov_len - iov_ofs);
935                     pci_dma_write(d, ba, iov->iov_base + iov_ofs, iov_copy);
936                     copy_size -= iov_copy;
937                     ba += iov_copy;
938                     iov_ofs += iov_copy;
939                     if (iov_ofs == iov->iov_len) {
940                         iov++;
941                         iov_ofs = 0;
942                     }
943                 } while (copy_size);
944             }
945             desc_offset += desc_size;
946             desc.length = cpu_to_le16(desc_size);
947             if (desc_offset >= total_size) {
948                 desc.status |= E1000_RXD_STAT_EOP | E1000_RXD_STAT_IXSM;
949             } else {
950                 /* Guest zeroing out status is not a hardware requirement.
951                    Clear EOP in case guest didn't do it. */
952                 desc.status &= ~E1000_RXD_STAT_EOP;
953             }
954         } else { // as per intel docs; skip descriptors with null buf addr
955             DBGOUT(RX, "Null RX descriptor!!\n");
956         }
957         pci_dma_write(d, base, &desc, sizeof(desc));
958 
959         if (++s->mac_reg[RDH] * sizeof(desc) >= s->mac_reg[RDLEN])
960             s->mac_reg[RDH] = 0;
961         /* see comment in start_xmit; same here */
962         if (s->mac_reg[RDH] == rdh_start ||
963             rdh_start >= s->mac_reg[RDLEN] / sizeof(desc)) {
964             DBGOUT(RXERR, "RDH wraparound @%x, RDT %x, RDLEN %x\n",
965                    rdh_start, s->mac_reg[RDT], s->mac_reg[RDLEN]);
966             set_ics(s, 0, E1000_ICS_RXO);
967             return -1;
968         }
969     } while (desc_offset < total_size);
970 
971     e1000x_update_rx_total_stats(s->mac_reg, size, total_size);
972 
973     n = E1000_ICS_RXT0;
974     if ((rdt = s->mac_reg[RDT]) < s->mac_reg[RDH])
975         rdt += s->mac_reg[RDLEN] / sizeof(desc);
976     if (((rdt - s->mac_reg[RDH]) * sizeof(desc)) <= s->mac_reg[RDLEN] >>
977         s->rxbuf_min_shift)
978         n |= E1000_ICS_RXDMT0;
979 
980     set_ics(s, 0, n);
981 
982     return size;
983 }
984 
985 static ssize_t
986 e1000_receive(NetClientState *nc, const uint8_t *buf, size_t size)
987 {
988     const struct iovec iov = {
989         .iov_base = (uint8_t *)buf,
990         .iov_len = size
991     };
992 
993     return e1000_receive_iov(nc, &iov, 1);
994 }
995 
996 static uint32_t
997 mac_readreg(E1000State *s, int index)
998 {
999     return s->mac_reg[index];
1000 }
1001 
1002 static uint32_t
1003 mac_low4_read(E1000State *s, int index)
1004 {
1005     return s->mac_reg[index] & 0xf;
1006 }
1007 
1008 static uint32_t
1009 mac_low11_read(E1000State *s, int index)
1010 {
1011     return s->mac_reg[index] & 0x7ff;
1012 }
1013 
1014 static uint32_t
1015 mac_low13_read(E1000State *s, int index)
1016 {
1017     return s->mac_reg[index] & 0x1fff;
1018 }
1019 
1020 static uint32_t
1021 mac_low16_read(E1000State *s, int index)
1022 {
1023     return s->mac_reg[index] & 0xffff;
1024 }
1025 
1026 static uint32_t
1027 mac_icr_read(E1000State *s, int index)
1028 {
1029     uint32_t ret = s->mac_reg[ICR];
1030 
1031     DBGOUT(INTERRUPT, "ICR read: %x\n", ret);
1032     set_interrupt_cause(s, 0, 0);
1033     return ret;
1034 }
1035 
1036 static uint32_t
1037 mac_read_clr4(E1000State *s, int index)
1038 {
1039     uint32_t ret = s->mac_reg[index];
1040 
1041     s->mac_reg[index] = 0;
1042     return ret;
1043 }
1044 
1045 static uint32_t
1046 mac_read_clr8(E1000State *s, int index)
1047 {
1048     uint32_t ret = s->mac_reg[index];
1049 
1050     s->mac_reg[index] = 0;
1051     s->mac_reg[index-1] = 0;
1052     return ret;
1053 }
1054 
1055 static void
1056 mac_writereg(E1000State *s, int index, uint32_t val)
1057 {
1058     uint32_t macaddr[2];
1059 
1060     s->mac_reg[index] = val;
1061 
1062     if (index == RA + 1) {
1063         macaddr[0] = cpu_to_le32(s->mac_reg[RA]);
1064         macaddr[1] = cpu_to_le32(s->mac_reg[RA + 1]);
1065         qemu_format_nic_info_str(qemu_get_queue(s->nic), (uint8_t *)macaddr);
1066     }
1067 }
1068 
1069 static void
1070 set_rdt(E1000State *s, int index, uint32_t val)
1071 {
1072     s->mac_reg[index] = val & 0xffff;
1073     if (e1000_has_rxbufs(s, 1)) {
1074         qemu_flush_queued_packets(qemu_get_queue(s->nic));
1075     }
1076 }
1077 
1078 static void
1079 set_16bit(E1000State *s, int index, uint32_t val)
1080 {
1081     s->mac_reg[index] = val & 0xffff;
1082 }
1083 
1084 static void
1085 set_dlen(E1000State *s, int index, uint32_t val)
1086 {
1087     s->mac_reg[index] = val & 0xfff80;
1088 }
1089 
1090 static void
1091 set_tctl(E1000State *s, int index, uint32_t val)
1092 {
1093     s->mac_reg[index] = val;
1094     s->mac_reg[TDT] &= 0xffff;
1095     start_xmit(s);
1096 }
1097 
1098 static void
1099 set_icr(E1000State *s, int index, uint32_t val)
1100 {
1101     DBGOUT(INTERRUPT, "set_icr %x\n", val);
1102     set_interrupt_cause(s, 0, s->mac_reg[ICR] & ~val);
1103 }
1104 
1105 static void
1106 set_imc(E1000State *s, int index, uint32_t val)
1107 {
1108     s->mac_reg[IMS] &= ~val;
1109     set_ics(s, 0, 0);
1110 }
1111 
1112 static void
1113 set_ims(E1000State *s, int index, uint32_t val)
1114 {
1115     s->mac_reg[IMS] |= val;
1116     set_ics(s, 0, 0);
1117 }
1118 
1119 #define getreg(x)    [x] = mac_readreg
1120 static uint32_t (*macreg_readops[])(E1000State *, int) = {
1121     getreg(PBA),      getreg(RCTL),     getreg(TDH),      getreg(TXDCTL),
1122     getreg(WUFC),     getreg(TDT),      getreg(CTRL),     getreg(LEDCTL),
1123     getreg(MANC),     getreg(MDIC),     getreg(SWSM),     getreg(STATUS),
1124     getreg(TORL),     getreg(TOTL),     getreg(IMS),      getreg(TCTL),
1125     getreg(RDH),      getreg(RDT),      getreg(VET),      getreg(ICS),
1126     getreg(TDBAL),    getreg(TDBAH),    getreg(RDBAH),    getreg(RDBAL),
1127     getreg(TDLEN),    getreg(RDLEN),    getreg(RDTR),     getreg(RADV),
1128     getreg(TADV),     getreg(ITR),      getreg(FCRUC),    getreg(IPAV),
1129     getreg(WUC),      getreg(WUS),      getreg(SCC),      getreg(ECOL),
1130     getreg(MCC),      getreg(LATECOL),  getreg(COLC),     getreg(DC),
1131     getreg(TNCRS),    getreg(SEQEC),    getreg(CEXTERR),  getreg(RLEC),
1132     getreg(XONRXC),   getreg(XONTXC),   getreg(XOFFRXC),  getreg(XOFFTXC),
1133     getreg(RFC),      getreg(RJC),      getreg(RNBC),     getreg(TSCTFC),
1134     getreg(MGTPRC),   getreg(MGTPDC),   getreg(MGTPTC),   getreg(GORCL),
1135     getreg(GOTCL),
1136 
1137     [TOTH]    = mac_read_clr8,      [TORH]    = mac_read_clr8,
1138     [GOTCH]   = mac_read_clr8,      [GORCH]   = mac_read_clr8,
1139     [PRC64]   = mac_read_clr4,      [PRC127]  = mac_read_clr4,
1140     [PRC255]  = mac_read_clr4,      [PRC511]  = mac_read_clr4,
1141     [PRC1023] = mac_read_clr4,      [PRC1522] = mac_read_clr4,
1142     [PTC64]   = mac_read_clr4,      [PTC127]  = mac_read_clr4,
1143     [PTC255]  = mac_read_clr4,      [PTC511]  = mac_read_clr4,
1144     [PTC1023] = mac_read_clr4,      [PTC1522] = mac_read_clr4,
1145     [GPRC]    = mac_read_clr4,      [GPTC]    = mac_read_clr4,
1146     [TPT]     = mac_read_clr4,      [TPR]     = mac_read_clr4,
1147     [RUC]     = mac_read_clr4,      [ROC]     = mac_read_clr4,
1148     [BPRC]    = mac_read_clr4,      [MPRC]    = mac_read_clr4,
1149     [TSCTC]   = mac_read_clr4,      [BPTC]    = mac_read_clr4,
1150     [MPTC]    = mac_read_clr4,
1151     [ICR]     = mac_icr_read,       [EECD]    = get_eecd,
1152     [EERD]    = flash_eerd_read,
1153     [RDFH]    = mac_low13_read,     [RDFT]    = mac_low13_read,
1154     [RDFHS]   = mac_low13_read,     [RDFTS]   = mac_low13_read,
1155     [RDFPC]   = mac_low13_read,
1156     [TDFH]    = mac_low11_read,     [TDFT]    = mac_low11_read,
1157     [TDFHS]   = mac_low13_read,     [TDFTS]   = mac_low13_read,
1158     [TDFPC]   = mac_low13_read,
1159     [AIT]     = mac_low16_read,
1160 
1161     [CRCERRS ... MPC]   = &mac_readreg,
1162     [IP6AT ... IP6AT+3] = &mac_readreg,    [IP4AT ... IP4AT+6] = &mac_readreg,
1163     [FFLT ... FFLT+6]   = &mac_low11_read,
1164     [RA ... RA+31]      = &mac_readreg,
1165     [WUPM ... WUPM+31]  = &mac_readreg,
1166     [MTA ... MTA+127]   = &mac_readreg,
1167     [VFTA ... VFTA+127] = &mac_readreg,
1168     [FFMT ... FFMT+254] = &mac_low4_read,
1169     [FFVT ... FFVT+254] = &mac_readreg,
1170     [PBM ... PBM+16383] = &mac_readreg,
1171 };
1172 enum { NREADOPS = ARRAY_SIZE(macreg_readops) };
1173 
1174 #define putreg(x)    [x] = mac_writereg
1175 static void (*macreg_writeops[])(E1000State *, int, uint32_t) = {
1176     putreg(PBA),      putreg(EERD),     putreg(SWSM),     putreg(WUFC),
1177     putreg(TDBAL),    putreg(TDBAH),    putreg(TXDCTL),   putreg(RDBAH),
1178     putreg(RDBAL),    putreg(LEDCTL),   putreg(VET),      putreg(FCRUC),
1179     putreg(TDFH),     putreg(TDFT),     putreg(TDFHS),    putreg(TDFTS),
1180     putreg(TDFPC),    putreg(RDFH),     putreg(RDFT),     putreg(RDFHS),
1181     putreg(RDFTS),    putreg(RDFPC),    putreg(IPAV),     putreg(WUC),
1182     putreg(WUS),      putreg(AIT),
1183 
1184     [TDLEN]  = set_dlen,   [RDLEN]  = set_dlen,       [TCTL] = set_tctl,
1185     [TDT]    = set_tctl,   [MDIC]   = set_mdic,       [ICS]  = set_ics,
1186     [TDH]    = set_16bit,  [RDH]    = set_16bit,      [RDT]  = set_rdt,
1187     [IMC]    = set_imc,    [IMS]    = set_ims,        [ICR]  = set_icr,
1188     [EECD]   = set_eecd,   [RCTL]   = set_rx_control, [CTRL] = set_ctrl,
1189     [RDTR]   = set_16bit,  [RADV]   = set_16bit,      [TADV] = set_16bit,
1190     [ITR]    = set_16bit,
1191 
1192     [IP6AT ... IP6AT+3] = &mac_writereg, [IP4AT ... IP4AT+6] = &mac_writereg,
1193     [FFLT ... FFLT+6]   = &mac_writereg,
1194     [RA ... RA+31]      = &mac_writereg,
1195     [WUPM ... WUPM+31]  = &mac_writereg,
1196     [MTA ... MTA+127]   = &mac_writereg,
1197     [VFTA ... VFTA+127] = &mac_writereg,
1198     [FFMT ... FFMT+254] = &mac_writereg, [FFVT ... FFVT+254] = &mac_writereg,
1199     [PBM ... PBM+16383] = &mac_writereg,
1200 };
1201 
1202 enum { NWRITEOPS = ARRAY_SIZE(macreg_writeops) };
1203 
1204 enum { MAC_ACCESS_PARTIAL = 1, MAC_ACCESS_FLAG_NEEDED = 2 };
1205 
1206 #define markflag(x)    ((E1000_FLAG_##x << 2) | MAC_ACCESS_FLAG_NEEDED)
1207 /* In the array below the meaning of the bits is: [f|f|f|f|f|f|n|p]
1208  * f - flag bits (up to 6 possible flags)
1209  * n - flag needed
1210  * p - partially implenented */
1211 static const uint8_t mac_reg_access[0x8000] = {
1212     [RDTR]    = markflag(MIT),    [TADV]    = markflag(MIT),
1213     [RADV]    = markflag(MIT),    [ITR]     = markflag(MIT),
1214 
1215     [IPAV]    = markflag(MAC),    [WUC]     = markflag(MAC),
1216     [IP6AT]   = markflag(MAC),    [IP4AT]   = markflag(MAC),
1217     [FFVT]    = markflag(MAC),    [WUPM]    = markflag(MAC),
1218     [ECOL]    = markflag(MAC),    [MCC]     = markflag(MAC),
1219     [DC]      = markflag(MAC),    [TNCRS]   = markflag(MAC),
1220     [RLEC]    = markflag(MAC),    [XONRXC]  = markflag(MAC),
1221     [XOFFTXC] = markflag(MAC),    [RFC]     = markflag(MAC),
1222     [TSCTFC]  = markflag(MAC),    [MGTPRC]  = markflag(MAC),
1223     [WUS]     = markflag(MAC),    [AIT]     = markflag(MAC),
1224     [FFLT]    = markflag(MAC),    [FFMT]    = markflag(MAC),
1225     [SCC]     = markflag(MAC),    [FCRUC]   = markflag(MAC),
1226     [LATECOL] = markflag(MAC),    [COLC]    = markflag(MAC),
1227     [SEQEC]   = markflag(MAC),    [CEXTERR] = markflag(MAC),
1228     [XONTXC]  = markflag(MAC),    [XOFFRXC] = markflag(MAC),
1229     [RJC]     = markflag(MAC),    [RNBC]    = markflag(MAC),
1230     [MGTPDC]  = markflag(MAC),    [MGTPTC]  = markflag(MAC),
1231     [RUC]     = markflag(MAC),    [ROC]     = markflag(MAC),
1232     [GORCL]   = markflag(MAC),    [GORCH]   = markflag(MAC),
1233     [GOTCL]   = markflag(MAC),    [GOTCH]   = markflag(MAC),
1234     [BPRC]    = markflag(MAC),    [MPRC]    = markflag(MAC),
1235     [TSCTC]   = markflag(MAC),    [PRC64]   = markflag(MAC),
1236     [PRC127]  = markflag(MAC),    [PRC255]  = markflag(MAC),
1237     [PRC511]  = markflag(MAC),    [PRC1023] = markflag(MAC),
1238     [PRC1522] = markflag(MAC),    [PTC64]   = markflag(MAC),
1239     [PTC127]  = markflag(MAC),    [PTC255]  = markflag(MAC),
1240     [PTC511]  = markflag(MAC),    [PTC1023] = markflag(MAC),
1241     [PTC1522] = markflag(MAC),    [MPTC]    = markflag(MAC),
1242     [BPTC]    = markflag(MAC),
1243 
1244     [TDFH]  = markflag(MAC) | MAC_ACCESS_PARTIAL,
1245     [TDFT]  = markflag(MAC) | MAC_ACCESS_PARTIAL,
1246     [TDFHS] = markflag(MAC) | MAC_ACCESS_PARTIAL,
1247     [TDFTS] = markflag(MAC) | MAC_ACCESS_PARTIAL,
1248     [TDFPC] = markflag(MAC) | MAC_ACCESS_PARTIAL,
1249     [RDFH]  = markflag(MAC) | MAC_ACCESS_PARTIAL,
1250     [RDFT]  = markflag(MAC) | MAC_ACCESS_PARTIAL,
1251     [RDFHS] = markflag(MAC) | MAC_ACCESS_PARTIAL,
1252     [RDFTS] = markflag(MAC) | MAC_ACCESS_PARTIAL,
1253     [RDFPC] = markflag(MAC) | MAC_ACCESS_PARTIAL,
1254     [PBM]   = markflag(MAC) | MAC_ACCESS_PARTIAL,
1255 };
1256 
1257 static void
1258 e1000_mmio_write(void *opaque, hwaddr addr, uint64_t val,
1259                  unsigned size)
1260 {
1261     E1000State *s = opaque;
1262     unsigned int index = (addr & 0x1ffff) >> 2;
1263 
1264     if (index < NWRITEOPS && macreg_writeops[index]) {
1265         if (!(mac_reg_access[index] & MAC_ACCESS_FLAG_NEEDED)
1266             || (s->compat_flags & (mac_reg_access[index] >> 2))) {
1267             if (mac_reg_access[index] & MAC_ACCESS_PARTIAL) {
1268                 DBGOUT(GENERAL, "Writing to register at offset: 0x%08x. "
1269                        "It is not fully implemented.\n", index<<2);
1270             }
1271             macreg_writeops[index](s, index, val);
1272         } else {    /* "flag needed" bit is set, but the flag is not active */
1273             DBGOUT(MMIO, "MMIO write attempt to disabled reg. addr=0x%08x\n",
1274                    index<<2);
1275         }
1276     } else if (index < NREADOPS && macreg_readops[index]) {
1277         DBGOUT(MMIO, "e1000_mmio_writel RO %x: 0x%04"PRIx64"\n",
1278                index<<2, val);
1279     } else {
1280         DBGOUT(UNKNOWN, "MMIO unknown write addr=0x%08x,val=0x%08"PRIx64"\n",
1281                index<<2, val);
1282     }
1283 }
1284 
1285 static uint64_t
1286 e1000_mmio_read(void *opaque, hwaddr addr, unsigned size)
1287 {
1288     E1000State *s = opaque;
1289     unsigned int index = (addr & 0x1ffff) >> 2;
1290 
1291     if (index < NREADOPS && macreg_readops[index]) {
1292         if (!(mac_reg_access[index] & MAC_ACCESS_FLAG_NEEDED)
1293             || (s->compat_flags & (mac_reg_access[index] >> 2))) {
1294             if (mac_reg_access[index] & MAC_ACCESS_PARTIAL) {
1295                 DBGOUT(GENERAL, "Reading register at offset: 0x%08x. "
1296                        "It is not fully implemented.\n", index<<2);
1297             }
1298             return macreg_readops[index](s, index);
1299         } else {    /* "flag needed" bit is set, but the flag is not active */
1300             DBGOUT(MMIO, "MMIO read attempt of disabled reg. addr=0x%08x\n",
1301                    index<<2);
1302         }
1303     } else {
1304         DBGOUT(UNKNOWN, "MMIO unknown read addr=0x%08x\n", index<<2);
1305     }
1306     return 0;
1307 }
1308 
1309 static const MemoryRegionOps e1000_mmio_ops = {
1310     .read = e1000_mmio_read,
1311     .write = e1000_mmio_write,
1312     .endianness = DEVICE_LITTLE_ENDIAN,
1313     .impl = {
1314         .min_access_size = 4,
1315         .max_access_size = 4,
1316     },
1317 };
1318 
1319 static uint64_t e1000_io_read(void *opaque, hwaddr addr,
1320                               unsigned size)
1321 {
1322     E1000State *s = opaque;
1323 
1324     (void)s;
1325     return 0;
1326 }
1327 
1328 static void e1000_io_write(void *opaque, hwaddr addr,
1329                            uint64_t val, unsigned size)
1330 {
1331     E1000State *s = opaque;
1332 
1333     (void)s;
1334 }
1335 
1336 static const MemoryRegionOps e1000_io_ops = {
1337     .read = e1000_io_read,
1338     .write = e1000_io_write,
1339     .endianness = DEVICE_LITTLE_ENDIAN,
1340 };
1341 
1342 static bool is_version_1(void *opaque, int version_id)
1343 {
1344     return version_id == 1;
1345 }
1346 
1347 static int e1000_pre_save(void *opaque)
1348 {
1349     E1000State *s = opaque;
1350     NetClientState *nc = qemu_get_queue(s->nic);
1351 
1352     /* If the mitigation timer is active, emulate a timeout now. */
1353     if (s->mit_timer_on) {
1354         e1000_mit_timer(s);
1355     }
1356 
1357     /*
1358      * If link is down and auto-negotiation is supported and ongoing,
1359      * complete auto-negotiation immediately. This allows us to look
1360      * at MII_SR_AUTONEG_COMPLETE to infer link status on load.
1361      */
1362     if (nc->link_down && have_autoneg(s)) {
1363         s->phy_reg[PHY_STATUS] |= MII_SR_AUTONEG_COMPLETE;
1364     }
1365 
1366     return 0;
1367 }
1368 
1369 static int e1000_post_load(void *opaque, int version_id)
1370 {
1371     E1000State *s = opaque;
1372     NetClientState *nc = qemu_get_queue(s->nic);
1373 
1374     if (!chkflag(MIT)) {
1375         s->mac_reg[ITR] = s->mac_reg[RDTR] = s->mac_reg[RADV] =
1376             s->mac_reg[TADV] = 0;
1377         s->mit_irq_level = false;
1378     }
1379     s->mit_ide = 0;
1380     s->mit_timer_on = false;
1381 
1382     /* nc.link_down can't be migrated, so infer link_down according
1383      * to link status bit in mac_reg[STATUS].
1384      * Alternatively, restart link negotiation if it was in progress. */
1385     nc->link_down = (s->mac_reg[STATUS] & E1000_STATUS_LU) == 0;
1386 
1387     if (have_autoneg(s) &&
1388         !(s->phy_reg[PHY_STATUS] & MII_SR_AUTONEG_COMPLETE)) {
1389         nc->link_down = false;
1390         timer_mod(s->autoneg_timer,
1391                   qemu_clock_get_ms(QEMU_CLOCK_VIRTUAL) + 500);
1392     }
1393 
1394     return 0;
1395 }
1396 
1397 static bool e1000_mit_state_needed(void *opaque)
1398 {
1399     E1000State *s = opaque;
1400 
1401     return chkflag(MIT);
1402 }
1403 
1404 static bool e1000_full_mac_needed(void *opaque)
1405 {
1406     E1000State *s = opaque;
1407 
1408     return chkflag(MAC);
1409 }
1410 
1411 static const VMStateDescription vmstate_e1000_mit_state = {
1412     .name = "e1000/mit_state",
1413     .version_id = 1,
1414     .minimum_version_id = 1,
1415     .needed = e1000_mit_state_needed,
1416     .fields = (VMStateField[]) {
1417         VMSTATE_UINT32(mac_reg[RDTR], E1000State),
1418         VMSTATE_UINT32(mac_reg[RADV], E1000State),
1419         VMSTATE_UINT32(mac_reg[TADV], E1000State),
1420         VMSTATE_UINT32(mac_reg[ITR], E1000State),
1421         VMSTATE_BOOL(mit_irq_level, E1000State),
1422         VMSTATE_END_OF_LIST()
1423     }
1424 };
1425 
1426 static const VMStateDescription vmstate_e1000_full_mac_state = {
1427     .name = "e1000/full_mac_state",
1428     .version_id = 1,
1429     .minimum_version_id = 1,
1430     .needed = e1000_full_mac_needed,
1431     .fields = (VMStateField[]) {
1432         VMSTATE_UINT32_ARRAY(mac_reg, E1000State, 0x8000),
1433         VMSTATE_END_OF_LIST()
1434     }
1435 };
1436 
1437 static const VMStateDescription vmstate_e1000 = {
1438     .name = "e1000",
1439     .version_id = 3,
1440     .minimum_version_id = 1,
1441     .pre_save = e1000_pre_save,
1442     .post_load = e1000_post_load,
1443     .fields = (VMStateField[]) {
1444         VMSTATE_PCI_DEVICE(parent_obj, E1000State),
1445         VMSTATE_UNUSED_TEST(is_version_1, 4), /* was instance id */
1446         VMSTATE_UNUSED(4), /* Was mmio_base.  */
1447         VMSTATE_UINT32(rxbuf_size, E1000State),
1448         VMSTATE_UINT32(rxbuf_min_shift, E1000State),
1449         VMSTATE_UINT32(eecd_state.val_in, E1000State),
1450         VMSTATE_UINT16(eecd_state.bitnum_in, E1000State),
1451         VMSTATE_UINT16(eecd_state.bitnum_out, E1000State),
1452         VMSTATE_UINT16(eecd_state.reading, E1000State),
1453         VMSTATE_UINT32(eecd_state.old_eecd, E1000State),
1454         VMSTATE_UINT8(tx.props.ipcss, E1000State),
1455         VMSTATE_UINT8(tx.props.ipcso, E1000State),
1456         VMSTATE_UINT16(tx.props.ipcse, E1000State),
1457         VMSTATE_UINT8(tx.props.tucss, E1000State),
1458         VMSTATE_UINT8(tx.props.tucso, E1000State),
1459         VMSTATE_UINT16(tx.props.tucse, E1000State),
1460         VMSTATE_UINT32(tx.props.paylen, E1000State),
1461         VMSTATE_UINT8(tx.props.hdr_len, E1000State),
1462         VMSTATE_UINT16(tx.props.mss, E1000State),
1463         VMSTATE_UINT16(tx.size, E1000State),
1464         VMSTATE_UINT16(tx.tso_frames, E1000State),
1465         VMSTATE_UINT8(tx.sum_needed, E1000State),
1466         VMSTATE_INT8(tx.props.ip, E1000State),
1467         VMSTATE_INT8(tx.props.tcp, E1000State),
1468         VMSTATE_BUFFER(tx.header, E1000State),
1469         VMSTATE_BUFFER(tx.data, E1000State),
1470         VMSTATE_UINT16_ARRAY(eeprom_data, E1000State, 64),
1471         VMSTATE_UINT16_ARRAY(phy_reg, E1000State, 0x20),
1472         VMSTATE_UINT32(mac_reg[CTRL], E1000State),
1473         VMSTATE_UINT32(mac_reg[EECD], E1000State),
1474         VMSTATE_UINT32(mac_reg[EERD], E1000State),
1475         VMSTATE_UINT32(mac_reg[GPRC], E1000State),
1476         VMSTATE_UINT32(mac_reg[GPTC], E1000State),
1477         VMSTATE_UINT32(mac_reg[ICR], E1000State),
1478         VMSTATE_UINT32(mac_reg[ICS], E1000State),
1479         VMSTATE_UINT32(mac_reg[IMC], E1000State),
1480         VMSTATE_UINT32(mac_reg[IMS], E1000State),
1481         VMSTATE_UINT32(mac_reg[LEDCTL], E1000State),
1482         VMSTATE_UINT32(mac_reg[MANC], E1000State),
1483         VMSTATE_UINT32(mac_reg[MDIC], E1000State),
1484         VMSTATE_UINT32(mac_reg[MPC], E1000State),
1485         VMSTATE_UINT32(mac_reg[PBA], E1000State),
1486         VMSTATE_UINT32(mac_reg[RCTL], E1000State),
1487         VMSTATE_UINT32(mac_reg[RDBAH], E1000State),
1488         VMSTATE_UINT32(mac_reg[RDBAL], E1000State),
1489         VMSTATE_UINT32(mac_reg[RDH], E1000State),
1490         VMSTATE_UINT32(mac_reg[RDLEN], E1000State),
1491         VMSTATE_UINT32(mac_reg[RDT], E1000State),
1492         VMSTATE_UINT32(mac_reg[STATUS], E1000State),
1493         VMSTATE_UINT32(mac_reg[SWSM], E1000State),
1494         VMSTATE_UINT32(mac_reg[TCTL], E1000State),
1495         VMSTATE_UINT32(mac_reg[TDBAH], E1000State),
1496         VMSTATE_UINT32(mac_reg[TDBAL], E1000State),
1497         VMSTATE_UINT32(mac_reg[TDH], E1000State),
1498         VMSTATE_UINT32(mac_reg[TDLEN], E1000State),
1499         VMSTATE_UINT32(mac_reg[TDT], E1000State),
1500         VMSTATE_UINT32(mac_reg[TORH], E1000State),
1501         VMSTATE_UINT32(mac_reg[TORL], E1000State),
1502         VMSTATE_UINT32(mac_reg[TOTH], E1000State),
1503         VMSTATE_UINT32(mac_reg[TOTL], E1000State),
1504         VMSTATE_UINT32(mac_reg[TPR], E1000State),
1505         VMSTATE_UINT32(mac_reg[TPT], E1000State),
1506         VMSTATE_UINT32(mac_reg[TXDCTL], E1000State),
1507         VMSTATE_UINT32(mac_reg[WUFC], E1000State),
1508         VMSTATE_UINT32(mac_reg[VET], E1000State),
1509         VMSTATE_UINT32_SUB_ARRAY(mac_reg, E1000State, RA, 32),
1510         VMSTATE_UINT32_SUB_ARRAY(mac_reg, E1000State, MTA, 128),
1511         VMSTATE_UINT32_SUB_ARRAY(mac_reg, E1000State, VFTA, 128),
1512         VMSTATE_UINT8_V(tx.tso_props.ipcss, E1000State, 3),
1513         VMSTATE_UINT8_V(tx.tso_props.ipcso, E1000State, 3),
1514         VMSTATE_UINT16_V(tx.tso_props.ipcse, E1000State, 3),
1515         VMSTATE_UINT8_V(tx.tso_props.tucss, E1000State, 3),
1516         VMSTATE_UINT8_V(tx.tso_props.tucso, E1000State, 3),
1517         VMSTATE_UINT16_V(tx.tso_props.tucse, E1000State, 3),
1518         VMSTATE_UINT32_V(tx.tso_props.paylen, E1000State, 3),
1519         VMSTATE_UINT8_V(tx.tso_props.hdr_len, E1000State, 3),
1520         VMSTATE_UINT16_V(tx.tso_props.mss, E1000State, 3),
1521         VMSTATE_INT8_V(tx.tso_props.ip, E1000State, 3),
1522         VMSTATE_INT8_V(tx.tso_props.tcp, E1000State, 3),
1523         VMSTATE_END_OF_LIST()
1524     },
1525     .subsections = (const VMStateDescription*[]) {
1526         &vmstate_e1000_mit_state,
1527         &vmstate_e1000_full_mac_state,
1528         NULL
1529     }
1530 };
1531 
1532 /*
1533  * EEPROM contents documented in Tables 5-2 and 5-3, pp. 98-102.
1534  * Note: A valid DevId will be inserted during pci_e1000_init().
1535  */
1536 static const uint16_t e1000_eeprom_template[64] = {
1537     0x0000, 0x0000, 0x0000, 0x0000,      0xffff, 0x0000,      0x0000, 0x0000,
1538     0x3000, 0x1000, 0x6403, 0 /*DevId*/, 0x8086, 0 /*DevId*/, 0x8086, 0x3040,
1539     0x0008, 0x2000, 0x7e14, 0x0048,      0x1000, 0x00d8,      0x0000, 0x2700,
1540     0x6cc9, 0x3150, 0x0722, 0x040b,      0x0984, 0x0000,      0xc000, 0x0706,
1541     0x1008, 0x0000, 0x0f04, 0x7fff,      0x4d01, 0xffff,      0xffff, 0xffff,
1542     0xffff, 0xffff, 0xffff, 0xffff,      0xffff, 0xffff,      0xffff, 0xffff,
1543     0x0100, 0x4000, 0x121c, 0xffff,      0xffff, 0xffff,      0xffff, 0xffff,
1544     0xffff, 0xffff, 0xffff, 0xffff,      0xffff, 0xffff,      0xffff, 0x0000,
1545 };
1546 
1547 /* PCI interface */
1548 
1549 static void
1550 e1000_mmio_setup(E1000State *d)
1551 {
1552     int i;
1553     const uint32_t excluded_regs[] = {
1554         E1000_MDIC, E1000_ICR, E1000_ICS, E1000_IMS,
1555         E1000_IMC, E1000_TCTL, E1000_TDT, PNPMMIO_SIZE
1556     };
1557 
1558     memory_region_init_io(&d->mmio, OBJECT(d), &e1000_mmio_ops, d,
1559                           "e1000-mmio", PNPMMIO_SIZE);
1560     memory_region_add_coalescing(&d->mmio, 0, excluded_regs[0]);
1561     for (i = 0; excluded_regs[i] != PNPMMIO_SIZE; i++)
1562         memory_region_add_coalescing(&d->mmio, excluded_regs[i] + 4,
1563                                      excluded_regs[i+1] - excluded_regs[i] - 4);
1564     memory_region_init_io(&d->io, OBJECT(d), &e1000_io_ops, d, "e1000-io", IOPORT_SIZE);
1565 }
1566 
1567 static void
1568 pci_e1000_uninit(PCIDevice *dev)
1569 {
1570     E1000State *d = E1000(dev);
1571 
1572     timer_del(d->autoneg_timer);
1573     timer_free(d->autoneg_timer);
1574     timer_del(d->mit_timer);
1575     timer_free(d->mit_timer);
1576     qemu_del_nic(d->nic);
1577 }
1578 
1579 static NetClientInfo net_e1000_info = {
1580     .type = NET_CLIENT_DRIVER_NIC,
1581     .size = sizeof(NICState),
1582     .can_receive = e1000_can_receive,
1583     .receive = e1000_receive,
1584     .receive_iov = e1000_receive_iov,
1585     .link_status_changed = e1000_set_link_status,
1586 };
1587 
1588 static void e1000_write_config(PCIDevice *pci_dev, uint32_t address,
1589                                 uint32_t val, int len)
1590 {
1591     E1000State *s = E1000(pci_dev);
1592 
1593     pci_default_write_config(pci_dev, address, val, len);
1594 
1595     if (range_covers_byte(address, len, PCI_COMMAND) &&
1596         (pci_dev->config[PCI_COMMAND] & PCI_COMMAND_MASTER)) {
1597         qemu_flush_queued_packets(qemu_get_queue(s->nic));
1598     }
1599 }
1600 
1601 static void pci_e1000_realize(PCIDevice *pci_dev, Error **errp)
1602 {
1603     DeviceState *dev = DEVICE(pci_dev);
1604     E1000State *d = E1000(pci_dev);
1605     uint8_t *pci_conf;
1606     uint8_t *macaddr;
1607 
1608     pci_dev->config_write = e1000_write_config;
1609 
1610     pci_conf = pci_dev->config;
1611 
1612     /* TODO: RST# value should be 0, PCI spec 6.2.4 */
1613     pci_conf[PCI_CACHE_LINE_SIZE] = 0x10;
1614 
1615     pci_conf[PCI_INTERRUPT_PIN] = 1; /* interrupt pin A */
1616 
1617     e1000_mmio_setup(d);
1618 
1619     pci_register_bar(pci_dev, 0, PCI_BASE_ADDRESS_SPACE_MEMORY, &d->mmio);
1620 
1621     pci_register_bar(pci_dev, 1, PCI_BASE_ADDRESS_SPACE_IO, &d->io);
1622 
1623     qemu_macaddr_default_if_unset(&d->conf.macaddr);
1624     macaddr = d->conf.macaddr.a;
1625 
1626     e1000x_core_prepare_eeprom(d->eeprom_data,
1627                                e1000_eeprom_template,
1628                                sizeof(e1000_eeprom_template),
1629                                PCI_DEVICE_GET_CLASS(pci_dev)->device_id,
1630                                macaddr);
1631 
1632     d->nic = qemu_new_nic(&net_e1000_info, &d->conf,
1633                           object_get_typename(OBJECT(d)), dev->id, d);
1634 
1635     qemu_format_nic_info_str(qemu_get_queue(d->nic), macaddr);
1636 
1637     d->autoneg_timer = timer_new_ms(QEMU_CLOCK_VIRTUAL, e1000_autoneg_timer, d);
1638     d->mit_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, e1000_mit_timer, d);
1639 }
1640 
1641 static void qdev_e1000_reset(DeviceState *dev)
1642 {
1643     E1000State *d = E1000(dev);
1644     e1000_reset(d);
1645 }
1646 
1647 static Property e1000_properties[] = {
1648     DEFINE_NIC_PROPERTIES(E1000State, conf),
1649     DEFINE_PROP_BIT("autonegotiation", E1000State,
1650                     compat_flags, E1000_FLAG_AUTONEG_BIT, true),
1651     DEFINE_PROP_BIT("mitigation", E1000State,
1652                     compat_flags, E1000_FLAG_MIT_BIT, true),
1653     DEFINE_PROP_BIT("extra_mac_registers", E1000State,
1654                     compat_flags, E1000_FLAG_MAC_BIT, true),
1655     DEFINE_PROP_END_OF_LIST(),
1656 };
1657 
1658 typedef struct E1000Info {
1659     const char *name;
1660     uint16_t   device_id;
1661     uint8_t    revision;
1662     uint16_t   phy_id2;
1663 } E1000Info;
1664 
1665 static void e1000_class_init(ObjectClass *klass, void *data)
1666 {
1667     DeviceClass *dc = DEVICE_CLASS(klass);
1668     PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
1669     E1000BaseClass *e = E1000_DEVICE_CLASS(klass);
1670     const E1000Info *info = data;
1671 
1672     k->realize = pci_e1000_realize;
1673     k->exit = pci_e1000_uninit;
1674     k->romfile = "efi-e1000.rom";
1675     k->vendor_id = PCI_VENDOR_ID_INTEL;
1676     k->device_id = info->device_id;
1677     k->revision = info->revision;
1678     e->phy_id2 = info->phy_id2;
1679     k->class_id = PCI_CLASS_NETWORK_ETHERNET;
1680     set_bit(DEVICE_CATEGORY_NETWORK, dc->categories);
1681     dc->desc = "Intel Gigabit Ethernet";
1682     dc->reset = qdev_e1000_reset;
1683     dc->vmsd = &vmstate_e1000;
1684     dc->props = e1000_properties;
1685 }
1686 
1687 static void e1000_instance_init(Object *obj)
1688 {
1689     E1000State *n = E1000(obj);
1690     device_add_bootindex_property(obj, &n->conf.bootindex,
1691                                   "bootindex", "/ethernet-phy@0",
1692                                   DEVICE(n), NULL);
1693 }
1694 
1695 static const TypeInfo e1000_base_info = {
1696     .name          = TYPE_E1000_BASE,
1697     .parent        = TYPE_PCI_DEVICE,
1698     .instance_size = sizeof(E1000State),
1699     .instance_init = e1000_instance_init,
1700     .class_size    = sizeof(E1000BaseClass),
1701     .abstract      = true,
1702     .interfaces = (InterfaceInfo[]) {
1703         { INTERFACE_CONVENTIONAL_PCI_DEVICE },
1704         { },
1705     },
1706 };
1707 
1708 static const E1000Info e1000_devices[] = {
1709     {
1710         .name      = "e1000",
1711         .device_id = E1000_DEV_ID_82540EM,
1712         .revision  = 0x03,
1713         .phy_id2   = E1000_PHY_ID2_8254xx_DEFAULT,
1714     },
1715     {
1716         .name      = "e1000-82544gc",
1717         .device_id = E1000_DEV_ID_82544GC_COPPER,
1718         .revision  = 0x03,
1719         .phy_id2   = E1000_PHY_ID2_82544x,
1720     },
1721     {
1722         .name      = "e1000-82545em",
1723         .device_id = E1000_DEV_ID_82545EM_COPPER,
1724         .revision  = 0x03,
1725         .phy_id2   = E1000_PHY_ID2_8254xx_DEFAULT,
1726     },
1727 };
1728 
1729 static void e1000_register_types(void)
1730 {
1731     int i;
1732 
1733     type_register_static(&e1000_base_info);
1734     for (i = 0; i < ARRAY_SIZE(e1000_devices); i++) {
1735         const E1000Info *info = &e1000_devices[i];
1736         TypeInfo type_info = {};
1737 
1738         type_info.name = info->name;
1739         type_info.parent = TYPE_E1000_BASE;
1740         type_info.class_data = (void *)info;
1741         type_info.class_init = e1000_class_init;
1742         type_info.instance_init = e1000_instance_init;
1743 
1744         type_register(&type_info);
1745     }
1746 }
1747 
1748 type_init(e1000_register_types)
1749