xref: /openbmc/qemu/hw/net/eepro100.c (revision 3d9569b8)
1 /*
2  * QEMU i8255x (PRO100) emulation
3  *
4  * Copyright (C) 2006-2011 Stefan Weil
5  *
6  * Portions of the code are copies from grub / etherboot eepro100.c
7  * and linux e100.c.
8  *
9  * This program is free software: you can redistribute it and/or modify
10  * it under the terms of the GNU General Public License as published by
11  * the Free Software Foundation, either version 2 of the License, or
12  * (at your option) version 3 or any later version.
13  *
14  * This program is distributed in the hope that it will be useful,
15  * but WITHOUT ANY WARRANTY; without even the implied warranty of
16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17  * GNU General Public License for more details.
18  *
19  * You should have received a copy of the GNU General Public License
20  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
21  *
22  * Tested features (i82559):
23  *      PXE boot (i386 guest, i386 / mips / mipsel / ppc host) ok
24  *      Linux networking (i386) ok
25  *
26  * Untested:
27  *      Windows networking
28  *
29  * References:
30  *
31  * Intel 8255x 10/100 Mbps Ethernet Controller Family
32  * Open Source Software Developer Manual
33  *
34  * TODO:
35  *      * PHY emulation should be separated from nic emulation.
36  *        Most nic emulations could share the same phy code.
37  *      * i82550 is untested. It is programmed like the i82559.
38  *      * i82562 is untested. It is programmed like the i82559.
39  *      * Power management (i82558 and later) is not implemented.
40  *      * Wake-on-LAN is not implemented.
41  */
42 
43 #include "qemu/osdep.h"
44 #include "qemu/units.h"
45 #include "hw/hw.h"
46 #include "hw/pci/pci.h"
47 #include "net/net.h"
48 #include "net/eth.h"
49 #include "hw/nvram/eeprom93xx.h"
50 #include "sysemu/sysemu.h"
51 #include "sysemu/dma.h"
52 #include "qemu/bitops.h"
53 #include "qemu/module.h"
54 #include "qapi/error.h"
55 
56 /* QEMU sends frames smaller than 60 bytes to ethernet nics.
57  * Such frames are rejected by real nics and their emulations.
58  * To avoid this behaviour, other nic emulations pad received
59  * frames. The following definition enables this padding for
60  * eepro100, too. We keep the define around in case it might
61  * become useful the future if the core networking is ever
62  * changed to pad short packets itself. */
63 #define CONFIG_PAD_RECEIVED_FRAMES
64 
65 /* Debug EEPRO100 card. */
66 #if 0
67 # define DEBUG_EEPRO100
68 #endif
69 
70 #ifdef DEBUG_EEPRO100
71 #define logout(fmt, ...) fprintf(stderr, "EE100\t%-24s" fmt, __func__, ## __VA_ARGS__)
72 #else
73 #define logout(fmt, ...) ((void)0)
74 #endif
75 
76 /* Set flags to 0 to disable debug output. */
77 #define INT     1       /* interrupt related actions */
78 #define MDI     1       /* mdi related actions */
79 #define OTHER   1
80 #define RXTX    1
81 #define EEPROM  1       /* eeprom related actions */
82 
83 #define TRACE(flag, command) ((flag) ? (command) : (void)0)
84 
85 #define missing(text) fprintf(stderr, "eepro100: feature is missing in this emulation: " text "\n")
86 
87 #define MAX_ETH_FRAME_SIZE 1514
88 
89 /* This driver supports several different devices which are declared here. */
90 #define i82550          0x82550
91 #define i82551          0x82551
92 #define i82557A         0x82557a
93 #define i82557B         0x82557b
94 #define i82557C         0x82557c
95 #define i82558A         0x82558a
96 #define i82558B         0x82558b
97 #define i82559A         0x82559a
98 #define i82559B         0x82559b
99 #define i82559C         0x82559c
100 #define i82559ER        0x82559e
101 #define i82562          0x82562
102 #define i82801          0x82801
103 
104 /* Use 64 word EEPROM. TODO: could be a runtime option. */
105 #define EEPROM_SIZE     64
106 
107 #define PCI_MEM_SIZE            (4 * KiB)
108 #define PCI_IO_SIZE             64
109 #define PCI_FLASH_SIZE          (128 * KiB)
110 
111 #define BITS(n, m) (((0xffffffffU << (31 - n)) >> (31 - n + m)) << m)
112 
113 /* The SCB accepts the following controls for the Tx and Rx units: */
114 #define  CU_NOP         0x0000  /* No operation. */
115 #define  CU_START       0x0010  /* CU start. */
116 #define  CU_RESUME      0x0020  /* CU resume. */
117 #define  CU_STATSADDR   0x0040  /* Load dump counters address. */
118 #define  CU_SHOWSTATS   0x0050  /* Dump statistical counters. */
119 #define  CU_CMD_BASE    0x0060  /* Load CU base address. */
120 #define  CU_DUMPSTATS   0x0070  /* Dump and reset statistical counters. */
121 #define  CU_SRESUME     0x00a0  /* CU static resume. */
122 
123 #define  RU_NOP         0x0000
124 #define  RX_START       0x0001
125 #define  RX_RESUME      0x0002
126 #define  RU_ABORT       0x0004
127 #define  RX_ADDR_LOAD   0x0006
128 #define  RX_RESUMENR    0x0007
129 #define INT_MASK        0x0100
130 #define DRVR_INT        0x0200  /* Driver generated interrupt. */
131 
132 typedef struct {
133     const char *name;
134     const char *desc;
135     uint16_t device_id;
136     uint8_t revision;
137     uint16_t subsystem_vendor_id;
138     uint16_t subsystem_id;
139 
140     uint32_t device;
141     uint8_t stats_size;
142     bool has_extended_tcb_support;
143     bool power_management;
144 } E100PCIDeviceInfo;
145 
146 /* Offsets to the various registers.
147    All accesses need not be longword aligned. */
148 typedef enum {
149     SCBStatus = 0,              /* Status Word. */
150     SCBAck = 1,
151     SCBCmd = 2,                 /* Rx/Command Unit command and status. */
152     SCBIntmask = 3,
153     SCBPointer = 4,             /* General purpose pointer. */
154     SCBPort = 8,                /* Misc. commands and operands.  */
155     SCBflash = 12,              /* Flash memory control. */
156     SCBeeprom = 14,             /* EEPROM control. */
157     SCBCtrlMDI = 16,            /* MDI interface control. */
158     SCBEarlyRx = 20,            /* Early receive byte count. */
159     SCBFlow = 24,               /* Flow Control. */
160     SCBpmdr = 27,               /* Power Management Driver. */
161     SCBgctrl = 28,              /* General Control. */
162     SCBgstat = 29,              /* General Status. */
163 } E100RegisterOffset;
164 
165 /* A speedo3 transmit buffer descriptor with two buffers... */
166 typedef struct {
167     uint16_t status;
168     uint16_t command;
169     uint32_t link;              /* void * */
170     uint32_t tbd_array_addr;    /* transmit buffer descriptor array address. */
171     uint16_t tcb_bytes;         /* transmit command block byte count (in lower 14 bits */
172     uint8_t tx_threshold;       /* transmit threshold */
173     uint8_t tbd_count;          /* TBD number */
174 #if 0
175     /* This constitutes two "TBD" entries: hdr and data */
176     uint32_t tx_buf_addr0;  /* void *, header of frame to be transmitted.  */
177     int32_t  tx_buf_size0;  /* Length of Tx hdr. */
178     uint32_t tx_buf_addr1;  /* void *, data to be transmitted.  */
179     int32_t  tx_buf_size1;  /* Length of Tx data. */
180 #endif
181 } eepro100_tx_t;
182 
183 /* Receive frame descriptor. */
184 typedef struct {
185     int16_t status;
186     uint16_t command;
187     uint32_t link;              /* struct RxFD * */
188     uint32_t rx_buf_addr;       /* void * */
189     uint16_t count;
190     uint16_t size;
191     /* Ethernet frame data follows. */
192 } eepro100_rx_t;
193 
194 typedef enum {
195     COMMAND_EL = BIT(15),
196     COMMAND_S = BIT(14),
197     COMMAND_I = BIT(13),
198     COMMAND_NC = BIT(4),
199     COMMAND_SF = BIT(3),
200     COMMAND_CMD = BITS(2, 0),
201 } scb_command_bit;
202 
203 typedef enum {
204     STATUS_C = BIT(15),
205     STATUS_OK = BIT(13),
206 } scb_status_bit;
207 
208 typedef struct {
209     uint32_t tx_good_frames, tx_max_collisions, tx_late_collisions,
210              tx_underruns, tx_lost_crs, tx_deferred, tx_single_collisions,
211              tx_multiple_collisions, tx_total_collisions;
212     uint32_t rx_good_frames, rx_crc_errors, rx_alignment_errors,
213              rx_resource_errors, rx_overrun_errors, rx_cdt_errors,
214              rx_short_frame_errors;
215     uint32_t fc_xmt_pause, fc_rcv_pause, fc_rcv_unsupported;
216     uint16_t xmt_tco_frames, rcv_tco_frames;
217     /* TODO: i82559 has six reserved statistics but a total of 24 dwords. */
218     uint32_t reserved[4];
219 } eepro100_stats_t;
220 
221 typedef enum {
222     cu_idle = 0,
223     cu_suspended = 1,
224     cu_active = 2,
225     cu_lpq_active = 2,
226     cu_hqp_active = 3
227 } cu_state_t;
228 
229 typedef enum {
230     ru_idle = 0,
231     ru_suspended = 1,
232     ru_no_resources = 2,
233     ru_ready = 4
234 } ru_state_t;
235 
236 typedef struct {
237     PCIDevice dev;
238     /* Hash register (multicast mask array, multiple individual addresses). */
239     uint8_t mult[8];
240     MemoryRegion mmio_bar;
241     MemoryRegion io_bar;
242     MemoryRegion flash_bar;
243     NICState *nic;
244     NICConf conf;
245     uint8_t scb_stat;           /* SCB stat/ack byte */
246     uint8_t int_stat;           /* PCI interrupt status */
247     /* region must not be saved by nic_save. */
248     uint16_t mdimem[32];
249     eeprom_t *eeprom;
250     uint32_t device;            /* device variant */
251     /* (cu_base + cu_offset) address the next command block in the command block list. */
252     uint32_t cu_base;           /* CU base address */
253     uint32_t cu_offset;         /* CU address offset */
254     /* (ru_base + ru_offset) address the RFD in the Receive Frame Area. */
255     uint32_t ru_base;           /* RU base address */
256     uint32_t ru_offset;         /* RU address offset */
257     uint32_t statsaddr;         /* pointer to eepro100_stats_t */
258 
259     /* Temporary status information (no need to save these values),
260      * used while processing CU commands. */
261     eepro100_tx_t tx;           /* transmit buffer descriptor */
262     uint32_t cb_address;        /* = cu_base + cu_offset */
263 
264     /* Statistical counters. Also used for wake-up packet (i82559). */
265     eepro100_stats_t statistics;
266 
267     /* Data in mem is always in the byte order of the controller (le).
268      * It must be dword aligned to allow direct access to 32 bit values. */
269     uint8_t mem[PCI_MEM_SIZE] __attribute__((aligned(8)));
270 
271     /* Configuration bytes. */
272     uint8_t configuration[22];
273 
274     /* vmstate for each particular nic */
275     VMStateDescription *vmstate;
276 
277     /* Quasi static device properties (no need to save them). */
278     uint16_t stats_size;
279     bool has_extended_tcb_support;
280 } EEPRO100State;
281 
282 /* Word indices in EEPROM. */
283 typedef enum {
284     EEPROM_CNFG_MDIX  = 0x03,
285     EEPROM_ID         = 0x05,
286     EEPROM_PHY_ID     = 0x06,
287     EEPROM_VENDOR_ID  = 0x0c,
288     EEPROM_CONFIG_ASF = 0x0d,
289     EEPROM_DEVICE_ID  = 0x23,
290     EEPROM_SMBUS_ADDR = 0x90,
291 } EEPROMOffset;
292 
293 /* Bit values for EEPROM ID word. */
294 typedef enum {
295     EEPROM_ID_MDM = BIT(0),     /* Modem */
296     EEPROM_ID_STB = BIT(1),     /* Standby Enable */
297     EEPROM_ID_WMR = BIT(2),     /* ??? */
298     EEPROM_ID_WOL = BIT(5),     /* Wake on LAN */
299     EEPROM_ID_DPD = BIT(6),     /* Deep Power Down */
300     EEPROM_ID_ALT = BIT(7),     /* */
301     /* BITS(10, 8) device revision */
302     EEPROM_ID_BD = BIT(11),     /* boot disable */
303     EEPROM_ID_ID = BIT(13),     /* id bit */
304     /* BITS(15, 14) signature */
305     EEPROM_ID_VALID = BIT(14),  /* signature for valid eeprom */
306 } eeprom_id_bit;
307 
308 /* Default values for MDI (PHY) registers */
309 static const uint16_t eepro100_mdi_default[] = {
310     /* MDI Registers 0 - 6, 7 */
311     0x3000, 0x780d, 0x02a8, 0x0154, 0x05e1, 0x0000, 0x0000, 0x0000,
312     /* MDI Registers 8 - 15 */
313     0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
314     /* MDI Registers 16 - 31 */
315     0x0003, 0x0000, 0x0001, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
316     0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
317 };
318 
319 /* Readonly mask for MDI (PHY) registers */
320 static const uint16_t eepro100_mdi_mask[] = {
321     0x0000, 0xffff, 0xffff, 0xffff, 0xc01f, 0xffff, 0xffff, 0x0000,
322     0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
323     0x0fff, 0x0000, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
324     0xffff, 0xffff, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
325 };
326 
327 static E100PCIDeviceInfo *eepro100_get_class(EEPRO100State *s);
328 
329 /* Read a 16 bit control/status (CSR) register. */
330 static uint16_t e100_read_reg2(EEPRO100State *s, E100RegisterOffset addr)
331 {
332     assert(!((uintptr_t)&s->mem[addr] & 1));
333     return lduw_le_p(&s->mem[addr]);
334 }
335 
336 /* Read a 32 bit control/status (CSR) register. */
337 static uint32_t e100_read_reg4(EEPRO100State *s, E100RegisterOffset addr)
338 {
339     assert(!((uintptr_t)&s->mem[addr] & 3));
340     return ldl_le_p(&s->mem[addr]);
341 }
342 
343 /* Write a 16 bit control/status (CSR) register. */
344 static void e100_write_reg2(EEPRO100State *s, E100RegisterOffset addr,
345                             uint16_t val)
346 {
347     assert(!((uintptr_t)&s->mem[addr] & 1));
348     stw_le_p(&s->mem[addr], val);
349 }
350 
351 /* Read a 32 bit control/status (CSR) register. */
352 static void e100_write_reg4(EEPRO100State *s, E100RegisterOffset addr,
353                             uint32_t val)
354 {
355     assert(!((uintptr_t)&s->mem[addr] & 3));
356     stl_le_p(&s->mem[addr], val);
357 }
358 
359 #if defined(DEBUG_EEPRO100)
360 static const char *nic_dump(const uint8_t * buf, unsigned size)
361 {
362     static char dump[3 * 16 + 1];
363     char *p = &dump[0];
364     if (size > 16) {
365         size = 16;
366     }
367     while (size-- > 0) {
368         p += sprintf(p, " %02x", *buf++);
369     }
370     return dump;
371 }
372 #endif                          /* DEBUG_EEPRO100 */
373 
374 enum scb_stat_ack {
375     stat_ack_not_ours = 0x00,
376     stat_ack_sw_gen = 0x04,
377     stat_ack_rnr = 0x10,
378     stat_ack_cu_idle = 0x20,
379     stat_ack_frame_rx = 0x40,
380     stat_ack_cu_cmd_done = 0x80,
381     stat_ack_not_present = 0xFF,
382     stat_ack_rx = (stat_ack_sw_gen | stat_ack_rnr | stat_ack_frame_rx),
383     stat_ack_tx = (stat_ack_cu_idle | stat_ack_cu_cmd_done),
384 };
385 
386 static void disable_interrupt(EEPRO100State * s)
387 {
388     if (s->int_stat) {
389         TRACE(INT, logout("interrupt disabled\n"));
390         pci_irq_deassert(&s->dev);
391         s->int_stat = 0;
392     }
393 }
394 
395 static void enable_interrupt(EEPRO100State * s)
396 {
397     if (!s->int_stat) {
398         TRACE(INT, logout("interrupt enabled\n"));
399         pci_irq_assert(&s->dev);
400         s->int_stat = 1;
401     }
402 }
403 
404 static void eepro100_acknowledge(EEPRO100State * s)
405 {
406     s->scb_stat &= ~s->mem[SCBAck];
407     s->mem[SCBAck] = s->scb_stat;
408     if (s->scb_stat == 0) {
409         disable_interrupt(s);
410     }
411 }
412 
413 static void eepro100_interrupt(EEPRO100State * s, uint8_t status)
414 {
415     uint8_t mask = ~s->mem[SCBIntmask];
416     s->mem[SCBAck] |= status;
417     status = s->scb_stat = s->mem[SCBAck];
418     status &= (mask | 0x0f);
419 #if 0
420     status &= (~s->mem[SCBIntmask] | 0x0xf);
421 #endif
422     if (status && (mask & 0x01)) {
423         /* SCB mask and SCB Bit M do not disable interrupt. */
424         enable_interrupt(s);
425     } else if (s->int_stat) {
426         disable_interrupt(s);
427     }
428 }
429 
430 static void eepro100_cx_interrupt(EEPRO100State * s)
431 {
432     /* CU completed action command. */
433     /* Transmit not ok (82557 only, not in emulation). */
434     eepro100_interrupt(s, 0x80);
435 }
436 
437 static void eepro100_cna_interrupt(EEPRO100State * s)
438 {
439     /* CU left the active state. */
440     eepro100_interrupt(s, 0x20);
441 }
442 
443 static void eepro100_fr_interrupt(EEPRO100State * s)
444 {
445     /* RU received a complete frame. */
446     eepro100_interrupt(s, 0x40);
447 }
448 
449 static void eepro100_rnr_interrupt(EEPRO100State * s)
450 {
451     /* RU is not ready. */
452     eepro100_interrupt(s, 0x10);
453 }
454 
455 static void eepro100_mdi_interrupt(EEPRO100State * s)
456 {
457     /* MDI completed read or write cycle. */
458     eepro100_interrupt(s, 0x08);
459 }
460 
461 static void eepro100_swi_interrupt(EEPRO100State * s)
462 {
463     /* Software has requested an interrupt. */
464     eepro100_interrupt(s, 0x04);
465 }
466 
467 #if 0
468 static void eepro100_fcp_interrupt(EEPRO100State * s)
469 {
470     /* Flow control pause interrupt (82558 and later). */
471     eepro100_interrupt(s, 0x01);
472 }
473 #endif
474 
475 static void e100_pci_reset(EEPRO100State *s, Error **errp)
476 {
477     E100PCIDeviceInfo *info = eepro100_get_class(s);
478     uint32_t device = s->device;
479     uint8_t *pci_conf = s->dev.config;
480 
481     TRACE(OTHER, logout("%p\n", s));
482 
483     /* PCI Status */
484     pci_set_word(pci_conf + PCI_STATUS, PCI_STATUS_DEVSEL_MEDIUM |
485                                         PCI_STATUS_FAST_BACK);
486     /* PCI Latency Timer */
487     pci_set_byte(pci_conf + PCI_LATENCY_TIMER, 0x20);   /* latency timer = 32 clocks */
488     /* Capability Pointer is set by PCI framework. */
489     /* Interrupt Line */
490     /* Interrupt Pin */
491     pci_set_byte(pci_conf + PCI_INTERRUPT_PIN, 1);      /* interrupt pin A */
492     /* Minimum Grant */
493     pci_set_byte(pci_conf + PCI_MIN_GNT, 0x08);
494     /* Maximum Latency */
495     pci_set_byte(pci_conf + PCI_MAX_LAT, 0x18);
496 
497     s->stats_size = info->stats_size;
498     s->has_extended_tcb_support = info->has_extended_tcb_support;
499 
500     switch (device) {
501     case i82550:
502     case i82551:
503     case i82557A:
504     case i82557B:
505     case i82557C:
506     case i82558A:
507     case i82558B:
508     case i82559A:
509     case i82559B:
510     case i82559ER:
511     case i82562:
512     case i82801:
513     case i82559C:
514         break;
515     default:
516         logout("Device %X is undefined!\n", device);
517     }
518 
519     /* Standard TxCB. */
520     s->configuration[6] |= BIT(4);
521 
522     /* Standard statistical counters. */
523     s->configuration[6] |= BIT(5);
524 
525     if (s->stats_size == 80) {
526         /* TODO: check TCO Statistical Counters bit. Documentation not clear. */
527         if (s->configuration[6] & BIT(2)) {
528             /* TCO statistical counters. */
529             assert(s->configuration[6] & BIT(5));
530         } else {
531             if (s->configuration[6] & BIT(5)) {
532                 /* No extended statistical counters, i82557 compatible. */
533                 s->stats_size = 64;
534             } else {
535                 /* i82558 compatible. */
536                 s->stats_size = 76;
537             }
538         }
539     } else {
540         if (s->configuration[6] & BIT(5)) {
541             /* No extended statistical counters. */
542             s->stats_size = 64;
543         }
544     }
545     assert(s->stats_size > 0 && s->stats_size <= sizeof(s->statistics));
546 
547     if (info->power_management) {
548         /* Power Management Capabilities */
549         int cfg_offset = 0xdc;
550         int r = pci_add_capability(&s->dev, PCI_CAP_ID_PM,
551                                    cfg_offset, PCI_PM_SIZEOF,
552                                    errp);
553         if (r < 0) {
554             return;
555         }
556 
557         pci_set_word(pci_conf + cfg_offset + PCI_PM_PMC, 0x7e21);
558 #if 0 /* TODO: replace dummy code for power management emulation. */
559         /* TODO: Power Management Control / Status. */
560         pci_set_word(pci_conf + cfg_offset + PCI_PM_CTRL, 0x0000);
561         /* TODO: Ethernet Power Consumption Registers (i82559 and later). */
562         pci_set_byte(pci_conf + cfg_offset + PCI_PM_PPB_EXTENSIONS, 0x0000);
563 #endif
564     }
565 
566 #if EEPROM_SIZE > 0
567     if (device == i82557C || device == i82558B || device == i82559C) {
568         /*
569         TODO: get vendor id from EEPROM for i82557C or later.
570         TODO: get device id from EEPROM for i82557C or later.
571         TODO: status bit 4 can be disabled by EEPROM for i82558, i82559.
572         TODO: header type is determined by EEPROM for i82559.
573         TODO: get subsystem id from EEPROM for i82557C or later.
574         TODO: get subsystem vendor id from EEPROM for i82557C or later.
575         TODO: exp. rom baddr depends on a bit in EEPROM for i82558 or later.
576         TODO: capability pointer depends on EEPROM for i82558.
577         */
578         logout("Get device id and revision from EEPROM!!!\n");
579     }
580 #endif /* EEPROM_SIZE > 0 */
581 }
582 
583 static void nic_selective_reset(EEPRO100State * s)
584 {
585     size_t i;
586     uint16_t *eeprom_contents = eeprom93xx_data(s->eeprom);
587 #if 0
588     eeprom93xx_reset(s->eeprom);
589 #endif
590     memcpy(eeprom_contents, s->conf.macaddr.a, 6);
591     eeprom_contents[EEPROM_ID] = EEPROM_ID_VALID;
592     if (s->device == i82557B || s->device == i82557C)
593         eeprom_contents[5] = 0x0100;
594     eeprom_contents[EEPROM_PHY_ID] = 1;
595     uint16_t sum = 0;
596     for (i = 0; i < EEPROM_SIZE - 1; i++) {
597         sum += eeprom_contents[i];
598     }
599     eeprom_contents[EEPROM_SIZE - 1] = 0xbaba - sum;
600     TRACE(EEPROM, logout("checksum=0x%04x\n", eeprom_contents[EEPROM_SIZE - 1]));
601 
602     memset(s->mem, 0, sizeof(s->mem));
603     e100_write_reg4(s, SCBCtrlMDI, BIT(21));
604 
605     assert(sizeof(s->mdimem) == sizeof(eepro100_mdi_default));
606     memcpy(&s->mdimem[0], &eepro100_mdi_default[0], sizeof(s->mdimem));
607 }
608 
609 static void nic_reset(void *opaque)
610 {
611     EEPRO100State *s = opaque;
612     TRACE(OTHER, logout("%p\n", s));
613     /* TODO: Clearing of hash register for selective reset, too? */
614     memset(&s->mult[0], 0, sizeof(s->mult));
615     nic_selective_reset(s);
616 }
617 
618 #if defined(DEBUG_EEPRO100)
619 static const char * const e100_reg[PCI_IO_SIZE / 4] = {
620     "Command/Status",
621     "General Pointer",
622     "Port",
623     "EEPROM/Flash Control",
624     "MDI Control",
625     "Receive DMA Byte Count",
626     "Flow Control",
627     "General Status/Control"
628 };
629 
630 static char *regname(uint32_t addr)
631 {
632     static char buf[32];
633     if (addr < PCI_IO_SIZE) {
634         const char *r = e100_reg[addr / 4];
635         if (r != 0) {
636             snprintf(buf, sizeof(buf), "%s+%u", r, addr % 4);
637         } else {
638             snprintf(buf, sizeof(buf), "0x%02x", addr);
639         }
640     } else {
641         snprintf(buf, sizeof(buf), "??? 0x%08x", addr);
642     }
643     return buf;
644 }
645 #endif                          /* DEBUG_EEPRO100 */
646 
647 /*****************************************************************************
648  *
649  * Command emulation.
650  *
651  ****************************************************************************/
652 
653 #if 0
654 static uint16_t eepro100_read_command(EEPRO100State * s)
655 {
656     uint16_t val = 0xffff;
657     TRACE(OTHER, logout("val=0x%04x\n", val));
658     return val;
659 }
660 #endif
661 
662 /* Commands that can be put in a command list entry. */
663 enum commands {
664     CmdNOp = 0,
665     CmdIASetup = 1,
666     CmdConfigure = 2,
667     CmdMulticastList = 3,
668     CmdTx = 4,
669     CmdTDR = 5,                 /* load microcode */
670     CmdDump = 6,
671     CmdDiagnose = 7,
672 
673     /* And some extra flags: */
674     CmdSuspend = 0x4000,        /* Suspend after completion. */
675     CmdIntr = 0x2000,           /* Interrupt after completion. */
676     CmdTxFlex = 0x0008,         /* Use "Flexible mode" for CmdTx command. */
677 };
678 
679 static cu_state_t get_cu_state(EEPRO100State * s)
680 {
681     return ((s->mem[SCBStatus] & BITS(7, 6)) >> 6);
682 }
683 
684 static void set_cu_state(EEPRO100State * s, cu_state_t state)
685 {
686     s->mem[SCBStatus] = (s->mem[SCBStatus] & ~BITS(7, 6)) + (state << 6);
687 }
688 
689 static ru_state_t get_ru_state(EEPRO100State * s)
690 {
691     return ((s->mem[SCBStatus] & BITS(5, 2)) >> 2);
692 }
693 
694 static void set_ru_state(EEPRO100State * s, ru_state_t state)
695 {
696     s->mem[SCBStatus] = (s->mem[SCBStatus] & ~BITS(5, 2)) + (state << 2);
697 }
698 
699 static void dump_statistics(EEPRO100State * s)
700 {
701     /* Dump statistical data. Most data is never changed by the emulation
702      * and always 0, so we first just copy the whole block and then those
703      * values which really matter.
704      * Number of data should check configuration!!!
705      */
706     pci_dma_write(&s->dev, s->statsaddr, &s->statistics, s->stats_size);
707     stl_le_pci_dma(&s->dev, s->statsaddr + 0,
708                    s->statistics.tx_good_frames);
709     stl_le_pci_dma(&s->dev, s->statsaddr + 36,
710                    s->statistics.rx_good_frames);
711     stl_le_pci_dma(&s->dev, s->statsaddr + 48,
712                    s->statistics.rx_resource_errors);
713     stl_le_pci_dma(&s->dev, s->statsaddr + 60,
714                    s->statistics.rx_short_frame_errors);
715 #if 0
716     stw_le_pci_dma(&s->dev, s->statsaddr + 76, s->statistics.xmt_tco_frames);
717     stw_le_pci_dma(&s->dev, s->statsaddr + 78, s->statistics.rcv_tco_frames);
718     missing("CU dump statistical counters");
719 #endif
720 }
721 
722 static void read_cb(EEPRO100State *s)
723 {
724     pci_dma_read(&s->dev, s->cb_address, &s->tx, sizeof(s->tx));
725     s->tx.status = le16_to_cpu(s->tx.status);
726     s->tx.command = le16_to_cpu(s->tx.command);
727     s->tx.link = le32_to_cpu(s->tx.link);
728     s->tx.tbd_array_addr = le32_to_cpu(s->tx.tbd_array_addr);
729     s->tx.tcb_bytes = le16_to_cpu(s->tx.tcb_bytes);
730 }
731 
732 static void tx_command(EEPRO100State *s)
733 {
734     uint32_t tbd_array = s->tx.tbd_array_addr;
735     uint16_t tcb_bytes = s->tx.tcb_bytes & 0x3fff;
736     /* Sends larger than MAX_ETH_FRAME_SIZE are allowed, up to 2600 bytes. */
737     uint8_t buf[2600];
738     uint16_t size = 0;
739     uint32_t tbd_address = s->cb_address + 0x10;
740     TRACE(RXTX, logout
741         ("transmit, TBD array address 0x%08x, TCB byte count 0x%04x, TBD count %u\n",
742          tbd_array, tcb_bytes, s->tx.tbd_count));
743 
744     if (tcb_bytes > 2600) {
745         logout("TCB byte count too large, using 2600\n");
746         tcb_bytes = 2600;
747     }
748     if (!((tcb_bytes > 0) || (tbd_array != 0xffffffff))) {
749         logout
750             ("illegal values of TBD array address and TCB byte count!\n");
751     }
752     assert(tcb_bytes <= sizeof(buf));
753     while (size < tcb_bytes) {
754         TRACE(RXTX, logout
755             ("TBD (simplified mode): buffer address 0x%08x, size 0x%04x\n",
756              tbd_address, tcb_bytes));
757         pci_dma_read(&s->dev, tbd_address, &buf[size], tcb_bytes);
758         size += tcb_bytes;
759     }
760     if (tbd_array == 0xffffffff) {
761         /* Simplified mode. Was already handled by code above. */
762     } else {
763         /* Flexible mode. */
764         uint8_t tbd_count = 0;
765         if (s->has_extended_tcb_support && !(s->configuration[6] & BIT(4))) {
766             /* Extended Flexible TCB. */
767             for (; tbd_count < 2; tbd_count++) {
768                 uint32_t tx_buffer_address = ldl_le_pci_dma(&s->dev,
769                                                             tbd_address);
770                 uint16_t tx_buffer_size = lduw_le_pci_dma(&s->dev,
771                                                           tbd_address + 4);
772                 uint16_t tx_buffer_el = lduw_le_pci_dma(&s->dev,
773                                                         tbd_address + 6);
774                 tbd_address += 8;
775                 TRACE(RXTX, logout
776                     ("TBD (extended flexible mode): buffer address 0x%08x, size 0x%04x\n",
777                      tx_buffer_address, tx_buffer_size));
778                 tx_buffer_size = MIN(tx_buffer_size, sizeof(buf) - size);
779                 pci_dma_read(&s->dev, tx_buffer_address,
780                              &buf[size], tx_buffer_size);
781                 size += tx_buffer_size;
782                 if (tx_buffer_el & 1) {
783                     break;
784                 }
785             }
786         }
787         tbd_address = tbd_array;
788         for (; tbd_count < s->tx.tbd_count; tbd_count++) {
789             uint32_t tx_buffer_address = ldl_le_pci_dma(&s->dev, tbd_address);
790             uint16_t tx_buffer_size = lduw_le_pci_dma(&s->dev, tbd_address + 4);
791             uint16_t tx_buffer_el = lduw_le_pci_dma(&s->dev, tbd_address + 6);
792             tbd_address += 8;
793             TRACE(RXTX, logout
794                 ("TBD (flexible mode): buffer address 0x%08x, size 0x%04x\n",
795                  tx_buffer_address, tx_buffer_size));
796             tx_buffer_size = MIN(tx_buffer_size, sizeof(buf) - size);
797             pci_dma_read(&s->dev, tx_buffer_address,
798                          &buf[size], tx_buffer_size);
799             size += tx_buffer_size;
800             if (tx_buffer_el & 1) {
801                 break;
802             }
803         }
804     }
805     TRACE(RXTX, logout("%p sending frame, len=%d,%s\n", s, size, nic_dump(buf, size)));
806     qemu_send_packet(qemu_get_queue(s->nic), buf, size);
807     s->statistics.tx_good_frames++;
808     /* Transmit with bad status would raise an CX/TNO interrupt.
809      * (82557 only). Emulation never has bad status. */
810 #if 0
811     eepro100_cx_interrupt(s);
812 #endif
813 }
814 
815 static void set_multicast_list(EEPRO100State *s)
816 {
817     uint16_t multicast_count = s->tx.tbd_array_addr & BITS(13, 0);
818     uint16_t i;
819     memset(&s->mult[0], 0, sizeof(s->mult));
820     TRACE(OTHER, logout("multicast list, multicast count = %u\n", multicast_count));
821     for (i = 0; i < multicast_count; i += 6) {
822         uint8_t multicast_addr[6];
823         pci_dma_read(&s->dev, s->cb_address + 10 + i, multicast_addr, 6);
824         TRACE(OTHER, logout("multicast entry %s\n", nic_dump(multicast_addr, 6)));
825         unsigned mcast_idx = (net_crc32(multicast_addr, ETH_ALEN) &
826                               BITS(7, 2)) >> 2;
827         assert(mcast_idx < 64);
828         s->mult[mcast_idx >> 3] |= (1 << (mcast_idx & 7));
829     }
830 }
831 
832 static void action_command(EEPRO100State *s)
833 {
834     /* The loop below won't stop if it gets special handcrafted data.
835        Therefore we limit the number of iterations. */
836     unsigned max_loop_count = 16;
837 
838     for (;;) {
839         bool bit_el;
840         bool bit_s;
841         bool bit_i;
842         bool bit_nc;
843         uint16_t ok_status = STATUS_OK;
844         s->cb_address = s->cu_base + s->cu_offset;
845         read_cb(s);
846         bit_el = ((s->tx.command & COMMAND_EL) != 0);
847         bit_s = ((s->tx.command & COMMAND_S) != 0);
848         bit_i = ((s->tx.command & COMMAND_I) != 0);
849         bit_nc = ((s->tx.command & COMMAND_NC) != 0);
850 #if 0
851         bool bit_sf = ((s->tx.command & COMMAND_SF) != 0);
852 #endif
853 
854         if (max_loop_count-- == 0) {
855             /* Prevent an endless loop. */
856             logout("loop in %s:%u\n", __FILE__, __LINE__);
857             break;
858         }
859 
860         s->cu_offset = s->tx.link;
861         TRACE(OTHER,
862               logout("val=(cu start), status=0x%04x, command=0x%04x, link=0x%08x\n",
863                      s->tx.status, s->tx.command, s->tx.link));
864         switch (s->tx.command & COMMAND_CMD) {
865         case CmdNOp:
866             /* Do nothing. */
867             break;
868         case CmdIASetup:
869             pci_dma_read(&s->dev, s->cb_address + 8, &s->conf.macaddr.a[0], 6);
870             TRACE(OTHER, logout("macaddr: %s\n", nic_dump(&s->conf.macaddr.a[0], 6)));
871             break;
872         case CmdConfigure:
873             pci_dma_read(&s->dev, s->cb_address + 8,
874                          &s->configuration[0], sizeof(s->configuration));
875             TRACE(OTHER, logout("configuration: %s\n",
876                                 nic_dump(&s->configuration[0], 16)));
877             TRACE(OTHER, logout("configuration: %s\n",
878                                 nic_dump(&s->configuration[16],
879                                 ARRAY_SIZE(s->configuration) - 16)));
880             if (s->configuration[20] & BIT(6)) {
881                 TRACE(OTHER, logout("Multiple IA bit\n"));
882             }
883             break;
884         case CmdMulticastList:
885             set_multicast_list(s);
886             break;
887         case CmdTx:
888             if (bit_nc) {
889                 missing("CmdTx: NC = 0");
890                 ok_status = 0;
891                 break;
892             }
893             tx_command(s);
894             break;
895         case CmdTDR:
896             TRACE(OTHER, logout("load microcode\n"));
897             /* Starting with offset 8, the command contains
898              * 64 dwords microcode which we just ignore here. */
899             break;
900         case CmdDiagnose:
901             TRACE(OTHER, logout("diagnose\n"));
902             /* Make sure error flag is not set. */
903             s->tx.status = 0;
904             break;
905         default:
906             missing("undefined command");
907             ok_status = 0;
908             break;
909         }
910         /* Write new status. */
911         stw_le_pci_dma(&s->dev, s->cb_address,
912                        s->tx.status | ok_status | STATUS_C);
913         if (bit_i) {
914             /* CU completed action. */
915             eepro100_cx_interrupt(s);
916         }
917         if (bit_el) {
918             /* CU becomes idle. Terminate command loop. */
919             set_cu_state(s, cu_idle);
920             eepro100_cna_interrupt(s);
921             break;
922         } else if (bit_s) {
923             /* CU becomes suspended. Terminate command loop. */
924             set_cu_state(s, cu_suspended);
925             eepro100_cna_interrupt(s);
926             break;
927         } else {
928             /* More entries in list. */
929             TRACE(OTHER, logout("CU list with at least one more entry\n"));
930         }
931     }
932     TRACE(OTHER, logout("CU list empty\n"));
933     /* List is empty. Now CU is idle or suspended. */
934 }
935 
936 static void eepro100_cu_command(EEPRO100State * s, uint8_t val)
937 {
938     cu_state_t cu_state;
939     switch (val) {
940     case CU_NOP:
941         /* No operation. */
942         break;
943     case CU_START:
944         cu_state = get_cu_state(s);
945         if (cu_state != cu_idle && cu_state != cu_suspended) {
946             /* Intel documentation says that CU must be idle or suspended
947              * for the CU start command. */
948             logout("unexpected CU state is %u\n", cu_state);
949         }
950         set_cu_state(s, cu_active);
951         s->cu_offset = e100_read_reg4(s, SCBPointer);
952         action_command(s);
953         break;
954     case CU_RESUME:
955         if (get_cu_state(s) != cu_suspended) {
956             logout("bad CU resume from CU state %u\n", get_cu_state(s));
957             /* Workaround for bad Linux eepro100 driver which resumes
958              * from idle state. */
959 #if 0
960             missing("cu resume");
961 #endif
962             set_cu_state(s, cu_suspended);
963         }
964         if (get_cu_state(s) == cu_suspended) {
965             TRACE(OTHER, logout("CU resuming\n"));
966             set_cu_state(s, cu_active);
967             action_command(s);
968         }
969         break;
970     case CU_STATSADDR:
971         /* Load dump counters address. */
972         s->statsaddr = e100_read_reg4(s, SCBPointer);
973         TRACE(OTHER, logout("val=0x%02x (dump counters address)\n", val));
974         if (s->statsaddr & 3) {
975             /* Memory must be Dword aligned. */
976             logout("unaligned dump counters address\n");
977             /* Handling of misaligned addresses is undefined.
978              * Here we align the address by ignoring the lower bits. */
979             /* TODO: Test unaligned dump counter address on real hardware. */
980             s->statsaddr &= ~3;
981         }
982         break;
983     case CU_SHOWSTATS:
984         /* Dump statistical counters. */
985         TRACE(OTHER, logout("val=0x%02x (dump stats)\n", val));
986         dump_statistics(s);
987         stl_le_pci_dma(&s->dev, s->statsaddr + s->stats_size, 0xa005);
988         break;
989     case CU_CMD_BASE:
990         /* Load CU base. */
991         TRACE(OTHER, logout("val=0x%02x (CU base address)\n", val));
992         s->cu_base = e100_read_reg4(s, SCBPointer);
993         break;
994     case CU_DUMPSTATS:
995         /* Dump and reset statistical counters. */
996         TRACE(OTHER, logout("val=0x%02x (dump stats and reset)\n", val));
997         dump_statistics(s);
998         stl_le_pci_dma(&s->dev, s->statsaddr + s->stats_size, 0xa007);
999         memset(&s->statistics, 0, sizeof(s->statistics));
1000         break;
1001     case CU_SRESUME:
1002         /* CU static resume. */
1003         missing("CU static resume");
1004         break;
1005     default:
1006         missing("Undefined CU command");
1007     }
1008 }
1009 
1010 static void eepro100_ru_command(EEPRO100State * s, uint8_t val)
1011 {
1012     switch (val) {
1013     case RU_NOP:
1014         /* No operation. */
1015         break;
1016     case RX_START:
1017         /* RU start. */
1018         if (get_ru_state(s) != ru_idle) {
1019             logout("RU state is %u, should be %u\n", get_ru_state(s), ru_idle);
1020 #if 0
1021             assert(!"wrong RU state");
1022 #endif
1023         }
1024         set_ru_state(s, ru_ready);
1025         s->ru_offset = e100_read_reg4(s, SCBPointer);
1026         qemu_flush_queued_packets(qemu_get_queue(s->nic));
1027         TRACE(OTHER, logout("val=0x%02x (rx start)\n", val));
1028         break;
1029     case RX_RESUME:
1030         /* Restart RU. */
1031         if (get_ru_state(s) != ru_suspended) {
1032             logout("RU state is %u, should be %u\n", get_ru_state(s),
1033                    ru_suspended);
1034 #if 0
1035             assert(!"wrong RU state");
1036 #endif
1037         }
1038         set_ru_state(s, ru_ready);
1039         break;
1040     case RU_ABORT:
1041         /* RU abort. */
1042         if (get_ru_state(s) == ru_ready) {
1043             eepro100_rnr_interrupt(s);
1044         }
1045         set_ru_state(s, ru_idle);
1046         break;
1047     case RX_ADDR_LOAD:
1048         /* Load RU base. */
1049         TRACE(OTHER, logout("val=0x%02x (RU base address)\n", val));
1050         s->ru_base = e100_read_reg4(s, SCBPointer);
1051         break;
1052     default:
1053         logout("val=0x%02x (undefined RU command)\n", val);
1054         missing("Undefined SU command");
1055     }
1056 }
1057 
1058 static void eepro100_write_command(EEPRO100State * s, uint8_t val)
1059 {
1060     eepro100_ru_command(s, val & 0x0f);
1061     eepro100_cu_command(s, val & 0xf0);
1062     if ((val) == 0) {
1063         TRACE(OTHER, logout("val=0x%02x\n", val));
1064     }
1065     /* Clear command byte after command was accepted. */
1066     s->mem[SCBCmd] = 0;
1067 }
1068 
1069 /*****************************************************************************
1070  *
1071  * EEPROM emulation.
1072  *
1073  ****************************************************************************/
1074 
1075 #define EEPROM_CS       0x02
1076 #define EEPROM_SK       0x01
1077 #define EEPROM_DI       0x04
1078 #define EEPROM_DO       0x08
1079 
1080 static uint16_t eepro100_read_eeprom(EEPRO100State * s)
1081 {
1082     uint16_t val = e100_read_reg2(s, SCBeeprom);
1083     if (eeprom93xx_read(s->eeprom)) {
1084         val |= EEPROM_DO;
1085     } else {
1086         val &= ~EEPROM_DO;
1087     }
1088     TRACE(EEPROM, logout("val=0x%04x\n", val));
1089     return val;
1090 }
1091 
1092 static void eepro100_write_eeprom(eeprom_t * eeprom, uint8_t val)
1093 {
1094     TRACE(EEPROM, logout("val=0x%02x\n", val));
1095 
1096     /* mask unwritable bits */
1097 #if 0
1098     val = SET_MASKED(val, 0x31, eeprom->value);
1099 #endif
1100 
1101     int eecs = ((val & EEPROM_CS) != 0);
1102     int eesk = ((val & EEPROM_SK) != 0);
1103     int eedi = ((val & EEPROM_DI) != 0);
1104     eeprom93xx_write(eeprom, eecs, eesk, eedi);
1105 }
1106 
1107 /*****************************************************************************
1108  *
1109  * MDI emulation.
1110  *
1111  ****************************************************************************/
1112 
1113 #if defined(DEBUG_EEPRO100)
1114 static const char * const mdi_op_name[] = {
1115     "opcode 0",
1116     "write",
1117     "read",
1118     "opcode 3"
1119 };
1120 
1121 static const char * const mdi_reg_name[] = {
1122     "Control",
1123     "Status",
1124     "PHY Identification (Word 1)",
1125     "PHY Identification (Word 2)",
1126     "Auto-Negotiation Advertisement",
1127     "Auto-Negotiation Link Partner Ability",
1128     "Auto-Negotiation Expansion"
1129 };
1130 
1131 static const char *reg2name(uint8_t reg)
1132 {
1133     static char buffer[10];
1134     const char *p = buffer;
1135     if (reg < ARRAY_SIZE(mdi_reg_name)) {
1136         p = mdi_reg_name[reg];
1137     } else {
1138         snprintf(buffer, sizeof(buffer), "reg=0x%02x", reg);
1139     }
1140     return p;
1141 }
1142 #endif                          /* DEBUG_EEPRO100 */
1143 
1144 static uint32_t eepro100_read_mdi(EEPRO100State * s)
1145 {
1146     uint32_t val = e100_read_reg4(s, SCBCtrlMDI);
1147 
1148 #ifdef DEBUG_EEPRO100
1149     uint8_t raiseint = (val & BIT(29)) >> 29;
1150     uint8_t opcode = (val & BITS(27, 26)) >> 26;
1151     uint8_t phy = (val & BITS(25, 21)) >> 21;
1152     uint8_t reg = (val & BITS(20, 16)) >> 16;
1153     uint16_t data = (val & BITS(15, 0));
1154 #endif
1155     /* Emulation takes no time to finish MDI transaction. */
1156     val |= BIT(28);
1157     TRACE(MDI, logout("val=0x%08x (int=%u, %s, phy=%u, %s, data=0x%04x\n",
1158                       val, raiseint, mdi_op_name[opcode], phy,
1159                       reg2name(reg), data));
1160     return val;
1161 }
1162 
1163 static void eepro100_write_mdi(EEPRO100State *s)
1164 {
1165     uint32_t val = e100_read_reg4(s, SCBCtrlMDI);
1166     uint8_t raiseint = (val & BIT(29)) >> 29;
1167     uint8_t opcode = (val & BITS(27, 26)) >> 26;
1168     uint8_t phy = (val & BITS(25, 21)) >> 21;
1169     uint8_t reg = (val & BITS(20, 16)) >> 16;
1170     uint16_t data = (val & BITS(15, 0));
1171     TRACE(MDI, logout("val=0x%08x (int=%u, %s, phy=%u, %s, data=0x%04x\n",
1172           val, raiseint, mdi_op_name[opcode], phy, reg2name(reg), data));
1173     if (phy != 1) {
1174         /* Unsupported PHY address. */
1175 #if 0
1176         logout("phy must be 1 but is %u\n", phy);
1177 #endif
1178         data = 0;
1179     } else if (opcode != 1 && opcode != 2) {
1180         /* Unsupported opcode. */
1181         logout("opcode must be 1 or 2 but is %u\n", opcode);
1182         data = 0;
1183     } else if (reg > 6) {
1184         /* Unsupported register. */
1185         logout("register must be 0...6 but is %u\n", reg);
1186         data = 0;
1187     } else {
1188         TRACE(MDI, logout("val=0x%08x (int=%u, %s, phy=%u, %s, data=0x%04x\n",
1189                           val, raiseint, mdi_op_name[opcode], phy,
1190                           reg2name(reg), data));
1191         if (opcode == 1) {
1192             /* MDI write */
1193             switch (reg) {
1194             case 0:            /* Control Register */
1195                 if (data & 0x8000) {
1196                     /* Reset status and control registers to default. */
1197                     s->mdimem[0] = eepro100_mdi_default[0];
1198                     s->mdimem[1] = eepro100_mdi_default[1];
1199                     data = s->mdimem[reg];
1200                 } else {
1201                     /* Restart Auto Configuration = Normal Operation */
1202                     data &= ~0x0200;
1203                 }
1204                 break;
1205             case 1:            /* Status Register */
1206                 missing("not writable");
1207                 break;
1208             case 2:            /* PHY Identification Register (Word 1) */
1209             case 3:            /* PHY Identification Register (Word 2) */
1210                 missing("not implemented");
1211                 break;
1212             case 4:            /* Auto-Negotiation Advertisement Register */
1213             case 5:            /* Auto-Negotiation Link Partner Ability Register */
1214                 break;
1215             case 6:            /* Auto-Negotiation Expansion Register */
1216             default:
1217                 missing("not implemented");
1218             }
1219             s->mdimem[reg] &= eepro100_mdi_mask[reg];
1220             s->mdimem[reg] |= data & ~eepro100_mdi_mask[reg];
1221         } else if (opcode == 2) {
1222             /* MDI read */
1223             switch (reg) {
1224             case 0:            /* Control Register */
1225                 if (data & 0x8000) {
1226                     /* Reset status and control registers to default. */
1227                     s->mdimem[0] = eepro100_mdi_default[0];
1228                     s->mdimem[1] = eepro100_mdi_default[1];
1229                 }
1230                 break;
1231             case 1:            /* Status Register */
1232                 s->mdimem[reg] |= 0x0020;
1233                 break;
1234             case 2:            /* PHY Identification Register (Word 1) */
1235             case 3:            /* PHY Identification Register (Word 2) */
1236             case 4:            /* Auto-Negotiation Advertisement Register */
1237                 break;
1238             case 5:            /* Auto-Negotiation Link Partner Ability Register */
1239                 s->mdimem[reg] = 0x41fe;
1240                 break;
1241             case 6:            /* Auto-Negotiation Expansion Register */
1242                 s->mdimem[reg] = 0x0001;
1243                 break;
1244             }
1245             data = s->mdimem[reg];
1246         }
1247         /* Emulation takes no time to finish MDI transaction.
1248          * Set MDI bit in SCB status register. */
1249         s->mem[SCBAck] |= 0x08;
1250         val |= BIT(28);
1251         if (raiseint) {
1252             eepro100_mdi_interrupt(s);
1253         }
1254     }
1255     val = (val & 0xffff0000) + data;
1256     e100_write_reg4(s, SCBCtrlMDI, val);
1257 }
1258 
1259 /*****************************************************************************
1260  *
1261  * Port emulation.
1262  *
1263  ****************************************************************************/
1264 
1265 #define PORT_SOFTWARE_RESET     0
1266 #define PORT_SELFTEST           1
1267 #define PORT_SELECTIVE_RESET    2
1268 #define PORT_DUMP               3
1269 #define PORT_SELECTION_MASK     3
1270 
1271 typedef struct {
1272     uint32_t st_sign;           /* Self Test Signature */
1273     uint32_t st_result;         /* Self Test Results */
1274 } eepro100_selftest_t;
1275 
1276 static uint32_t eepro100_read_port(EEPRO100State * s)
1277 {
1278     return 0;
1279 }
1280 
1281 static void eepro100_write_port(EEPRO100State *s)
1282 {
1283     uint32_t val = e100_read_reg4(s, SCBPort);
1284     uint32_t address = (val & ~PORT_SELECTION_MASK);
1285     uint8_t selection = (val & PORT_SELECTION_MASK);
1286     switch (selection) {
1287     case PORT_SOFTWARE_RESET:
1288         nic_reset(s);
1289         break;
1290     case PORT_SELFTEST:
1291         TRACE(OTHER, logout("selftest address=0x%08x\n", address));
1292         eepro100_selftest_t data;
1293         pci_dma_read(&s->dev, address, (uint8_t *) &data, sizeof(data));
1294         data.st_sign = 0xffffffff;
1295         data.st_result = 0;
1296         pci_dma_write(&s->dev, address, (uint8_t *) &data, sizeof(data));
1297         break;
1298     case PORT_SELECTIVE_RESET:
1299         TRACE(OTHER, logout("selective reset, selftest address=0x%08x\n", address));
1300         nic_selective_reset(s);
1301         break;
1302     default:
1303         logout("val=0x%08x\n", val);
1304         missing("unknown port selection");
1305     }
1306 }
1307 
1308 /*****************************************************************************
1309  *
1310  * General hardware emulation.
1311  *
1312  ****************************************************************************/
1313 
1314 static uint8_t eepro100_read1(EEPRO100State * s, uint32_t addr)
1315 {
1316     uint8_t val = 0;
1317     if (addr <= sizeof(s->mem) - sizeof(val)) {
1318         val = s->mem[addr];
1319     }
1320 
1321     switch (addr) {
1322     case SCBStatus:
1323     case SCBAck:
1324         TRACE(OTHER, logout("addr=%s val=0x%02x\n", regname(addr), val));
1325         break;
1326     case SCBCmd:
1327         TRACE(OTHER, logout("addr=%s val=0x%02x\n", regname(addr), val));
1328 #if 0
1329         val = eepro100_read_command(s);
1330 #endif
1331         break;
1332     case SCBIntmask:
1333         TRACE(OTHER, logout("addr=%s val=0x%02x\n", regname(addr), val));
1334         break;
1335     case SCBPort + 3:
1336         TRACE(OTHER, logout("addr=%s val=0x%02x\n", regname(addr), val));
1337         break;
1338     case SCBeeprom:
1339         val = eepro100_read_eeprom(s);
1340         break;
1341     case SCBCtrlMDI:
1342     case SCBCtrlMDI + 1:
1343     case SCBCtrlMDI + 2:
1344     case SCBCtrlMDI + 3:
1345         val = (uint8_t)(eepro100_read_mdi(s) >> (8 * (addr & 3)));
1346         TRACE(OTHER, logout("addr=%s val=0x%02x\n", regname(addr), val));
1347         break;
1348     case SCBpmdr:       /* Power Management Driver Register */
1349         val = 0;
1350         TRACE(OTHER, logout("addr=%s val=0x%02x\n", regname(addr), val));
1351         break;
1352     case SCBgctrl:      /* General Control Register */
1353         TRACE(OTHER, logout("addr=%s val=0x%02x\n", regname(addr), val));
1354         break;
1355     case SCBgstat:      /* General Status Register */
1356         /* 100 Mbps full duplex, valid link */
1357         val = 0x07;
1358         TRACE(OTHER, logout("addr=General Status val=%02x\n", val));
1359         break;
1360     default:
1361         logout("addr=%s val=0x%02x\n", regname(addr), val);
1362         missing("unknown byte read");
1363     }
1364     return val;
1365 }
1366 
1367 static uint16_t eepro100_read2(EEPRO100State * s, uint32_t addr)
1368 {
1369     uint16_t val = 0;
1370     if (addr <= sizeof(s->mem) - sizeof(val)) {
1371         val = e100_read_reg2(s, addr);
1372     }
1373 
1374     switch (addr) {
1375     case SCBStatus:
1376     case SCBCmd:
1377         TRACE(OTHER, logout("addr=%s val=0x%04x\n", regname(addr), val));
1378         break;
1379     case SCBeeprom:
1380         val = eepro100_read_eeprom(s);
1381         TRACE(OTHER, logout("addr=%s val=0x%04x\n", regname(addr), val));
1382         break;
1383     case SCBCtrlMDI:
1384     case SCBCtrlMDI + 2:
1385         val = (uint16_t)(eepro100_read_mdi(s) >> (8 * (addr & 3)));
1386         TRACE(OTHER, logout("addr=%s val=0x%04x\n", regname(addr), val));
1387         break;
1388     default:
1389         logout("addr=%s val=0x%04x\n", regname(addr), val);
1390         missing("unknown word read");
1391     }
1392     return val;
1393 }
1394 
1395 static uint32_t eepro100_read4(EEPRO100State * s, uint32_t addr)
1396 {
1397     uint32_t val = 0;
1398     if (addr <= sizeof(s->mem) - sizeof(val)) {
1399         val = e100_read_reg4(s, addr);
1400     }
1401 
1402     switch (addr) {
1403     case SCBStatus:
1404         TRACE(OTHER, logout("addr=%s val=0x%08x\n", regname(addr), val));
1405         break;
1406     case SCBPointer:
1407         TRACE(OTHER, logout("addr=%s val=0x%08x\n", regname(addr), val));
1408         break;
1409     case SCBPort:
1410         val = eepro100_read_port(s);
1411         TRACE(OTHER, logout("addr=%s val=0x%08x\n", regname(addr), val));
1412         break;
1413     case SCBflash:
1414         val = eepro100_read_eeprom(s);
1415         TRACE(OTHER, logout("addr=%s val=0x%08x\n", regname(addr), val));
1416         break;
1417     case SCBCtrlMDI:
1418         val = eepro100_read_mdi(s);
1419         break;
1420     default:
1421         logout("addr=%s val=0x%08x\n", regname(addr), val);
1422         missing("unknown longword read");
1423     }
1424     return val;
1425 }
1426 
1427 static void eepro100_write1(EEPRO100State * s, uint32_t addr, uint8_t val)
1428 {
1429     /* SCBStatus is readonly. */
1430     if (addr > SCBStatus && addr <= sizeof(s->mem) - sizeof(val)) {
1431         s->mem[addr] = val;
1432     }
1433 
1434     switch (addr) {
1435     case SCBStatus:
1436         TRACE(OTHER, logout("addr=%s val=0x%02x\n", regname(addr), val));
1437         break;
1438     case SCBAck:
1439         TRACE(OTHER, logout("addr=%s val=0x%02x\n", regname(addr), val));
1440         eepro100_acknowledge(s);
1441         break;
1442     case SCBCmd:
1443         TRACE(OTHER, logout("addr=%s val=0x%02x\n", regname(addr), val));
1444         eepro100_write_command(s, val);
1445         break;
1446     case SCBIntmask:
1447         TRACE(OTHER, logout("addr=%s val=0x%02x\n", regname(addr), val));
1448         if (val & BIT(1)) {
1449             eepro100_swi_interrupt(s);
1450         }
1451         eepro100_interrupt(s, 0);
1452         break;
1453     case SCBPointer:
1454     case SCBPointer + 1:
1455     case SCBPointer + 2:
1456     case SCBPointer + 3:
1457         TRACE(OTHER, logout("addr=%s val=0x%02x\n", regname(addr), val));
1458         break;
1459     case SCBPort:
1460     case SCBPort + 1:
1461     case SCBPort + 2:
1462         TRACE(OTHER, logout("addr=%s val=0x%02x\n", regname(addr), val));
1463         break;
1464     case SCBPort + 3:
1465         TRACE(OTHER, logout("addr=%s val=0x%02x\n", regname(addr), val));
1466         eepro100_write_port(s);
1467         break;
1468     case SCBFlow:       /* does not exist on 82557 */
1469     case SCBFlow + 1:
1470     case SCBFlow + 2:
1471     case SCBpmdr:       /* does not exist on 82557 */
1472         TRACE(OTHER, logout("addr=%s val=0x%02x\n", regname(addr), val));
1473         break;
1474     case SCBeeprom:
1475         TRACE(OTHER, logout("addr=%s val=0x%02x\n", regname(addr), val));
1476         eepro100_write_eeprom(s->eeprom, val);
1477         break;
1478     case SCBCtrlMDI:
1479     case SCBCtrlMDI + 1:
1480     case SCBCtrlMDI + 2:
1481         TRACE(OTHER, logout("addr=%s val=0x%02x\n", regname(addr), val));
1482         break;
1483     case SCBCtrlMDI + 3:
1484         TRACE(OTHER, logout("addr=%s val=0x%02x\n", regname(addr), val));
1485         eepro100_write_mdi(s);
1486         break;
1487     default:
1488         logout("addr=%s val=0x%02x\n", regname(addr), val);
1489         missing("unknown byte write");
1490     }
1491 }
1492 
1493 static void eepro100_write2(EEPRO100State * s, uint32_t addr, uint16_t val)
1494 {
1495     /* SCBStatus is readonly. */
1496     if (addr > SCBStatus && addr <= sizeof(s->mem) - sizeof(val)) {
1497         e100_write_reg2(s, addr, val);
1498     }
1499 
1500     switch (addr) {
1501     case SCBStatus:
1502         TRACE(OTHER, logout("addr=%s val=0x%04x\n", regname(addr), val));
1503         s->mem[SCBAck] = (val >> 8);
1504         eepro100_acknowledge(s);
1505         break;
1506     case SCBCmd:
1507         TRACE(OTHER, logout("addr=%s val=0x%04x\n", regname(addr), val));
1508         eepro100_write_command(s, val);
1509         eepro100_write1(s, SCBIntmask, val >> 8);
1510         break;
1511     case SCBPointer:
1512     case SCBPointer + 2:
1513         TRACE(OTHER, logout("addr=%s val=0x%04x\n", regname(addr), val));
1514         break;
1515     case SCBPort:
1516         TRACE(OTHER, logout("addr=%s val=0x%04x\n", regname(addr), val));
1517         break;
1518     case SCBPort + 2:
1519         TRACE(OTHER, logout("addr=%s val=0x%04x\n", regname(addr), val));
1520         eepro100_write_port(s);
1521         break;
1522     case SCBeeprom:
1523         TRACE(OTHER, logout("addr=%s val=0x%04x\n", regname(addr), val));
1524         eepro100_write_eeprom(s->eeprom, val);
1525         break;
1526     case SCBCtrlMDI:
1527         TRACE(OTHER, logout("addr=%s val=0x%04x\n", regname(addr), val));
1528         break;
1529     case SCBCtrlMDI + 2:
1530         TRACE(OTHER, logout("addr=%s val=0x%04x\n", regname(addr), val));
1531         eepro100_write_mdi(s);
1532         break;
1533     default:
1534         logout("addr=%s val=0x%04x\n", regname(addr), val);
1535         missing("unknown word write");
1536     }
1537 }
1538 
1539 static void eepro100_write4(EEPRO100State * s, uint32_t addr, uint32_t val)
1540 {
1541     if (addr <= sizeof(s->mem) - sizeof(val)) {
1542         e100_write_reg4(s, addr, val);
1543     }
1544 
1545     switch (addr) {
1546     case SCBPointer:
1547         TRACE(OTHER, logout("addr=%s val=0x%08x\n", regname(addr), val));
1548         break;
1549     case SCBPort:
1550         TRACE(OTHER, logout("addr=%s val=0x%08x\n", regname(addr), val));
1551         eepro100_write_port(s);
1552         break;
1553     case SCBflash:
1554         TRACE(OTHER, logout("addr=%s val=0x%08x\n", regname(addr), val));
1555         val = val >> 16;
1556         eepro100_write_eeprom(s->eeprom, val);
1557         break;
1558     case SCBCtrlMDI:
1559         TRACE(OTHER, logout("addr=%s val=0x%08x\n", regname(addr), val));
1560         eepro100_write_mdi(s);
1561         break;
1562     default:
1563         logout("addr=%s val=0x%08x\n", regname(addr), val);
1564         missing("unknown longword write");
1565     }
1566 }
1567 
1568 static uint64_t eepro100_read(void *opaque, hwaddr addr,
1569                               unsigned size)
1570 {
1571     EEPRO100State *s = opaque;
1572 
1573     switch (size) {
1574     case 1: return eepro100_read1(s, addr);
1575     case 2: return eepro100_read2(s, addr);
1576     case 4: return eepro100_read4(s, addr);
1577     default: abort();
1578     }
1579 }
1580 
1581 static void eepro100_write(void *opaque, hwaddr addr,
1582                            uint64_t data, unsigned size)
1583 {
1584     EEPRO100State *s = opaque;
1585 
1586     switch (size) {
1587     case 1:
1588         eepro100_write1(s, addr, data);
1589         break;
1590     case 2:
1591         eepro100_write2(s, addr, data);
1592         break;
1593     case 4:
1594         eepro100_write4(s, addr, data);
1595         break;
1596     default:
1597         abort();
1598     }
1599 }
1600 
1601 static const MemoryRegionOps eepro100_ops = {
1602     .read = eepro100_read,
1603     .write = eepro100_write,
1604     .endianness = DEVICE_LITTLE_ENDIAN,
1605 };
1606 
1607 static ssize_t nic_receive(NetClientState *nc, const uint8_t * buf, size_t size)
1608 {
1609     /* TODO:
1610      * - Magic packets should set bit 30 in power management driver register.
1611      * - Interesting packets should set bit 29 in power management driver register.
1612      */
1613     EEPRO100State *s = qemu_get_nic_opaque(nc);
1614     uint16_t rfd_status = 0xa000;
1615 #if defined(CONFIG_PAD_RECEIVED_FRAMES)
1616     uint8_t min_buf[60];
1617 #endif
1618     static const uint8_t broadcast_macaddr[6] =
1619         { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
1620 
1621 #if defined(CONFIG_PAD_RECEIVED_FRAMES)
1622     /* Pad to minimum Ethernet frame length */
1623     if (size < sizeof(min_buf)) {
1624         memcpy(min_buf, buf, size);
1625         memset(&min_buf[size], 0, sizeof(min_buf) - size);
1626         buf = min_buf;
1627         size = sizeof(min_buf);
1628     }
1629 #endif
1630 
1631     if (s->configuration[8] & 0x80) {
1632         /* CSMA is disabled. */
1633         logout("%p received while CSMA is disabled\n", s);
1634         return -1;
1635 #if !defined(CONFIG_PAD_RECEIVED_FRAMES)
1636     } else if (size < 64 && (s->configuration[7] & BIT(0))) {
1637         /* Short frame and configuration byte 7/0 (discard short receive) set:
1638          * Short frame is discarded */
1639         logout("%p received short frame (%zu byte)\n", s, size);
1640         s->statistics.rx_short_frame_errors++;
1641         return -1;
1642 #endif
1643     } else if ((size > MAX_ETH_FRAME_SIZE + 4) && !(s->configuration[18] & BIT(3))) {
1644         /* Long frame and configuration byte 18/3 (long receive ok) not set:
1645          * Long frames are discarded. */
1646         logout("%p received long frame (%zu byte), ignored\n", s, size);
1647         return -1;
1648     } else if (memcmp(buf, s->conf.macaddr.a, 6) == 0) {       /* !!! */
1649         /* Frame matches individual address. */
1650         /* TODO: check configuration byte 15/4 (ignore U/L). */
1651         TRACE(RXTX, logout("%p received frame for me, len=%zu\n", s, size));
1652     } else if (memcmp(buf, broadcast_macaddr, 6) == 0) {
1653         /* Broadcast frame. */
1654         TRACE(RXTX, logout("%p received broadcast, len=%zu\n", s, size));
1655         rfd_status |= 0x0002;
1656     } else if (buf[0] & 0x01) {
1657         /* Multicast frame. */
1658         TRACE(RXTX, logout("%p received multicast, len=%zu,%s\n", s, size, nic_dump(buf, size)));
1659         if (s->configuration[21] & BIT(3)) {
1660           /* Multicast all bit is set, receive all multicast frames. */
1661         } else {
1662           unsigned mcast_idx = (net_crc32(buf, ETH_ALEN) & BITS(7, 2)) >> 2;
1663           assert(mcast_idx < 64);
1664           if (s->mult[mcast_idx >> 3] & (1 << (mcast_idx & 7))) {
1665             /* Multicast frame is allowed in hash table. */
1666           } else if (s->configuration[15] & BIT(0)) {
1667               /* Promiscuous: receive all. */
1668               rfd_status |= 0x0004;
1669           } else {
1670               TRACE(RXTX, logout("%p multicast ignored\n", s));
1671               return -1;
1672           }
1673         }
1674         /* TODO: Next not for promiscuous mode? */
1675         rfd_status |= 0x0002;
1676     } else if (s->configuration[15] & BIT(0)) {
1677         /* Promiscuous: receive all. */
1678         TRACE(RXTX, logout("%p received frame in promiscuous mode, len=%zu\n", s, size));
1679         rfd_status |= 0x0004;
1680     } else if (s->configuration[20] & BIT(6)) {
1681         /* Multiple IA bit set. */
1682         unsigned mcast_idx = net_crc32(buf, ETH_ALEN) >> 26;
1683         assert(mcast_idx < 64);
1684         if (s->mult[mcast_idx >> 3] & (1 << (mcast_idx & 7))) {
1685             TRACE(RXTX, logout("%p accepted, multiple IA bit set\n", s));
1686         } else {
1687             TRACE(RXTX, logout("%p frame ignored, multiple IA bit set\n", s));
1688             return -1;
1689         }
1690     } else {
1691         TRACE(RXTX, logout("%p received frame, ignored, len=%zu,%s\n", s, size,
1692               nic_dump(buf, size)));
1693         return size;
1694     }
1695 
1696     if (get_ru_state(s) != ru_ready) {
1697         /* No resources available. */
1698         logout("no resources, state=%u\n", get_ru_state(s));
1699         /* TODO: RNR interrupt only at first failed frame? */
1700         eepro100_rnr_interrupt(s);
1701         s->statistics.rx_resource_errors++;
1702 #if 0
1703         assert(!"no resources");
1704 #endif
1705         return -1;
1706     }
1707     /* !!! */
1708     eepro100_rx_t rx;
1709     pci_dma_read(&s->dev, s->ru_base + s->ru_offset,
1710                  &rx, sizeof(eepro100_rx_t));
1711     uint16_t rfd_command = le16_to_cpu(rx.command);
1712     uint16_t rfd_size = le16_to_cpu(rx.size);
1713 
1714     if (size > rfd_size) {
1715         logout("Receive buffer (%" PRId16 " bytes) too small for data "
1716             "(%zu bytes); data truncated\n", rfd_size, size);
1717         size = rfd_size;
1718     }
1719 #if !defined(CONFIG_PAD_RECEIVED_FRAMES)
1720     if (size < 64) {
1721         rfd_status |= 0x0080;
1722     }
1723 #endif
1724     TRACE(OTHER, logout("command 0x%04x, link 0x%08x, addr 0x%08x, size %u\n",
1725           rfd_command, rx.link, rx.rx_buf_addr, rfd_size));
1726     stw_le_pci_dma(&s->dev, s->ru_base + s->ru_offset +
1727                 offsetof(eepro100_rx_t, status), rfd_status);
1728     stw_le_pci_dma(&s->dev, s->ru_base + s->ru_offset +
1729                 offsetof(eepro100_rx_t, count), size);
1730     /* Early receive interrupt not supported. */
1731 #if 0
1732     eepro100_er_interrupt(s);
1733 #endif
1734     /* Receive CRC Transfer not supported. */
1735     if (s->configuration[18] & BIT(2)) {
1736         missing("Receive CRC Transfer");
1737         return -1;
1738     }
1739     /* TODO: check stripping enable bit. */
1740 #if 0
1741     assert(!(s->configuration[17] & BIT(0)));
1742 #endif
1743     pci_dma_write(&s->dev, s->ru_base + s->ru_offset +
1744                   sizeof(eepro100_rx_t), buf, size);
1745     s->statistics.rx_good_frames++;
1746     eepro100_fr_interrupt(s);
1747     s->ru_offset = le32_to_cpu(rx.link);
1748     if (rfd_command & COMMAND_EL) {
1749         /* EL bit is set, so this was the last frame. */
1750         logout("receive: Running out of frames\n");
1751         set_ru_state(s, ru_no_resources);
1752         eepro100_rnr_interrupt(s);
1753     }
1754     if (rfd_command & COMMAND_S) {
1755         /* S bit is set. */
1756         set_ru_state(s, ru_suspended);
1757     }
1758     return size;
1759 }
1760 
1761 static const VMStateDescription vmstate_eepro100 = {
1762     .version_id = 3,
1763     .minimum_version_id = 2,
1764     .fields = (VMStateField[]) {
1765         VMSTATE_PCI_DEVICE(dev, EEPRO100State),
1766         VMSTATE_UNUSED(32),
1767         VMSTATE_BUFFER(mult, EEPRO100State),
1768         VMSTATE_BUFFER(mem, EEPRO100State),
1769         /* Save all members of struct between scb_stat and mem. */
1770         VMSTATE_UINT8(scb_stat, EEPRO100State),
1771         VMSTATE_UINT8(int_stat, EEPRO100State),
1772         VMSTATE_UNUSED(3*4),
1773         VMSTATE_MACADDR(conf.macaddr, EEPRO100State),
1774         VMSTATE_UNUSED(19*4),
1775         VMSTATE_UINT16_ARRAY(mdimem, EEPRO100State, 32),
1776         /* The eeprom should be saved and restored by its own routines. */
1777         VMSTATE_UINT32(device, EEPRO100State),
1778         /* TODO check device. */
1779         VMSTATE_UINT32(cu_base, EEPRO100State),
1780         VMSTATE_UINT32(cu_offset, EEPRO100State),
1781         VMSTATE_UINT32(ru_base, EEPRO100State),
1782         VMSTATE_UINT32(ru_offset, EEPRO100State),
1783         VMSTATE_UINT32(statsaddr, EEPRO100State),
1784         /* Save eepro100_stats_t statistics. */
1785         VMSTATE_UINT32(statistics.tx_good_frames, EEPRO100State),
1786         VMSTATE_UINT32(statistics.tx_max_collisions, EEPRO100State),
1787         VMSTATE_UINT32(statistics.tx_late_collisions, EEPRO100State),
1788         VMSTATE_UINT32(statistics.tx_underruns, EEPRO100State),
1789         VMSTATE_UINT32(statistics.tx_lost_crs, EEPRO100State),
1790         VMSTATE_UINT32(statistics.tx_deferred, EEPRO100State),
1791         VMSTATE_UINT32(statistics.tx_single_collisions, EEPRO100State),
1792         VMSTATE_UINT32(statistics.tx_multiple_collisions, EEPRO100State),
1793         VMSTATE_UINT32(statistics.tx_total_collisions, EEPRO100State),
1794         VMSTATE_UINT32(statistics.rx_good_frames, EEPRO100State),
1795         VMSTATE_UINT32(statistics.rx_crc_errors, EEPRO100State),
1796         VMSTATE_UINT32(statistics.rx_alignment_errors, EEPRO100State),
1797         VMSTATE_UINT32(statistics.rx_resource_errors, EEPRO100State),
1798         VMSTATE_UINT32(statistics.rx_overrun_errors, EEPRO100State),
1799         VMSTATE_UINT32(statistics.rx_cdt_errors, EEPRO100State),
1800         VMSTATE_UINT32(statistics.rx_short_frame_errors, EEPRO100State),
1801         VMSTATE_UINT32(statistics.fc_xmt_pause, EEPRO100State),
1802         VMSTATE_UINT32(statistics.fc_rcv_pause, EEPRO100State),
1803         VMSTATE_UINT32(statistics.fc_rcv_unsupported, EEPRO100State),
1804         VMSTATE_UINT16(statistics.xmt_tco_frames, EEPRO100State),
1805         VMSTATE_UINT16(statistics.rcv_tco_frames, EEPRO100State),
1806         /* Configuration bytes. */
1807         VMSTATE_BUFFER(configuration, EEPRO100State),
1808         VMSTATE_END_OF_LIST()
1809     }
1810 };
1811 
1812 static void pci_nic_uninit(PCIDevice *pci_dev)
1813 {
1814     EEPRO100State *s = DO_UPCAST(EEPRO100State, dev, pci_dev);
1815 
1816     vmstate_unregister(&pci_dev->qdev, s->vmstate, s);
1817     g_free(s->vmstate);
1818     eeprom93xx_free(&pci_dev->qdev, s->eeprom);
1819     qemu_del_nic(s->nic);
1820 }
1821 
1822 static NetClientInfo net_eepro100_info = {
1823     .type = NET_CLIENT_DRIVER_NIC,
1824     .size = sizeof(NICState),
1825     .receive = nic_receive,
1826 };
1827 
1828 static void e100_nic_realize(PCIDevice *pci_dev, Error **errp)
1829 {
1830     EEPRO100State *s = DO_UPCAST(EEPRO100State, dev, pci_dev);
1831     E100PCIDeviceInfo *info = eepro100_get_class(s);
1832     Error *local_err = NULL;
1833 
1834     TRACE(OTHER, logout("\n"));
1835 
1836     s->device = info->device;
1837 
1838     e100_pci_reset(s, &local_err);
1839     if (local_err) {
1840         error_propagate(errp, local_err);
1841         return;
1842     }
1843 
1844     /* Add 64 * 2 EEPROM. i82557 and i82558 support a 64 word EEPROM,
1845      * i82559 and later support 64 or 256 word EEPROM. */
1846     s->eeprom = eeprom93xx_new(&pci_dev->qdev, EEPROM_SIZE);
1847 
1848     /* Handler for memory-mapped I/O */
1849     memory_region_init_io(&s->mmio_bar, OBJECT(s), &eepro100_ops, s,
1850                           "eepro100-mmio", PCI_MEM_SIZE);
1851     pci_register_bar(&s->dev, 0, PCI_BASE_ADDRESS_MEM_PREFETCH, &s->mmio_bar);
1852     memory_region_init_io(&s->io_bar, OBJECT(s), &eepro100_ops, s,
1853                           "eepro100-io", PCI_IO_SIZE);
1854     pci_register_bar(&s->dev, 1, PCI_BASE_ADDRESS_SPACE_IO, &s->io_bar);
1855     /* FIXME: flash aliases to mmio?! */
1856     memory_region_init_io(&s->flash_bar, OBJECT(s), &eepro100_ops, s,
1857                           "eepro100-flash", PCI_FLASH_SIZE);
1858     pci_register_bar(&s->dev, 2, 0, &s->flash_bar);
1859 
1860     qemu_macaddr_default_if_unset(&s->conf.macaddr);
1861     logout("macaddr: %s\n", nic_dump(&s->conf.macaddr.a[0], 6));
1862 
1863     nic_reset(s);
1864 
1865     s->nic = qemu_new_nic(&net_eepro100_info, &s->conf,
1866                           object_get_typename(OBJECT(pci_dev)), pci_dev->qdev.id, s);
1867 
1868     qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a);
1869     TRACE(OTHER, logout("%s\n", qemu_get_queue(s->nic)->info_str));
1870 
1871     qemu_register_reset(nic_reset, s);
1872 
1873     s->vmstate = g_memdup(&vmstate_eepro100, sizeof(vmstate_eepro100));
1874     s->vmstate->name = qemu_get_queue(s->nic)->model;
1875     vmstate_register(&pci_dev->qdev, -1, s->vmstate, s);
1876 }
1877 
1878 static void eepro100_instance_init(Object *obj)
1879 {
1880     EEPRO100State *s = DO_UPCAST(EEPRO100State, dev, PCI_DEVICE(obj));
1881     device_add_bootindex_property(obj, &s->conf.bootindex,
1882                                   "bootindex", "/ethernet-phy@0",
1883                                   DEVICE(s), NULL);
1884 }
1885 
1886 static E100PCIDeviceInfo e100_devices[] = {
1887     {
1888         .name = "i82550",
1889         .desc = "Intel i82550 Ethernet",
1890         .device = i82550,
1891         /* TODO: check device id. */
1892         .device_id = PCI_DEVICE_ID_INTEL_82551IT,
1893         /* Revision ID: 0x0c, 0x0d, 0x0e. */
1894         .revision = 0x0e,
1895         /* TODO: check size of statistical counters. */
1896         .stats_size = 80,
1897         /* TODO: check extended tcb support. */
1898         .has_extended_tcb_support = true,
1899         .power_management = true,
1900     },{
1901         .name = "i82551",
1902         .desc = "Intel i82551 Ethernet",
1903         .device = i82551,
1904         .device_id = PCI_DEVICE_ID_INTEL_82551IT,
1905         /* Revision ID: 0x0f, 0x10. */
1906         .revision = 0x0f,
1907         /* TODO: check size of statistical counters. */
1908         .stats_size = 80,
1909         .has_extended_tcb_support = true,
1910         .power_management = true,
1911     },{
1912         .name = "i82557a",
1913         .desc = "Intel i82557A Ethernet",
1914         .device = i82557A,
1915         .device_id = PCI_DEVICE_ID_INTEL_82557,
1916         .revision = 0x01,
1917         .power_management = false,
1918     },{
1919         .name = "i82557b",
1920         .desc = "Intel i82557B Ethernet",
1921         .device = i82557B,
1922         .device_id = PCI_DEVICE_ID_INTEL_82557,
1923         .revision = 0x02,
1924         .power_management = false,
1925     },{
1926         .name = "i82557c",
1927         .desc = "Intel i82557C Ethernet",
1928         .device = i82557C,
1929         .device_id = PCI_DEVICE_ID_INTEL_82557,
1930         .revision = 0x03,
1931         .power_management = false,
1932     },{
1933         .name = "i82558a",
1934         .desc = "Intel i82558A Ethernet",
1935         .device = i82558A,
1936         .device_id = PCI_DEVICE_ID_INTEL_82557,
1937         .revision = 0x04,
1938         .stats_size = 76,
1939         .has_extended_tcb_support = true,
1940         .power_management = true,
1941     },{
1942         .name = "i82558b",
1943         .desc = "Intel i82558B Ethernet",
1944         .device = i82558B,
1945         .device_id = PCI_DEVICE_ID_INTEL_82557,
1946         .revision = 0x05,
1947         .stats_size = 76,
1948         .has_extended_tcb_support = true,
1949         .power_management = true,
1950     },{
1951         .name = "i82559a",
1952         .desc = "Intel i82559A Ethernet",
1953         .device = i82559A,
1954         .device_id = PCI_DEVICE_ID_INTEL_82557,
1955         .revision = 0x06,
1956         .stats_size = 80,
1957         .has_extended_tcb_support = true,
1958         .power_management = true,
1959     },{
1960         .name = "i82559b",
1961         .desc = "Intel i82559B Ethernet",
1962         .device = i82559B,
1963         .device_id = PCI_DEVICE_ID_INTEL_82557,
1964         .revision = 0x07,
1965         .stats_size = 80,
1966         .has_extended_tcb_support = true,
1967         .power_management = true,
1968     },{
1969         .name = "i82559c",
1970         .desc = "Intel i82559C Ethernet",
1971         .device = i82559C,
1972         .device_id = PCI_DEVICE_ID_INTEL_82557,
1973 #if 0
1974         .revision = 0x08,
1975 #endif
1976         /* TODO: Windows wants revision id 0x0c. */
1977         .revision = 0x0c,
1978 #if EEPROM_SIZE > 0
1979         .subsystem_vendor_id = PCI_VENDOR_ID_INTEL,
1980         .subsystem_id = 0x0040,
1981 #endif
1982         .stats_size = 80,
1983         .has_extended_tcb_support = true,
1984         .power_management = true,
1985     },{
1986         .name = "i82559er",
1987         .desc = "Intel i82559ER Ethernet",
1988         .device = i82559ER,
1989         .device_id = PCI_DEVICE_ID_INTEL_82551IT,
1990         .revision = 0x09,
1991         .stats_size = 80,
1992         .has_extended_tcb_support = true,
1993         .power_management = true,
1994     },{
1995         .name = "i82562",
1996         .desc = "Intel i82562 Ethernet",
1997         .device = i82562,
1998         /* TODO: check device id. */
1999         .device_id = PCI_DEVICE_ID_INTEL_82551IT,
2000         /* TODO: wrong revision id. */
2001         .revision = 0x0e,
2002         .stats_size = 80,
2003         .has_extended_tcb_support = true,
2004         .power_management = true,
2005     },{
2006         /* Toshiba Tecra 8200. */
2007         .name = "i82801",
2008         .desc = "Intel i82801 Ethernet",
2009         .device = i82801,
2010         .device_id = 0x2449,
2011         .revision = 0x03,
2012         .stats_size = 80,
2013         .has_extended_tcb_support = true,
2014         .power_management = true,
2015     }
2016 };
2017 
2018 static E100PCIDeviceInfo *eepro100_get_class_by_name(const char *typename)
2019 {
2020     E100PCIDeviceInfo *info = NULL;
2021     int i;
2022 
2023     /* This is admittedly awkward but also temporary.  QOM allows for
2024      * parameterized typing and for subclassing both of which would suitable
2025      * handle what's going on here.  But class_data is already being used as
2026      * a stop-gap hack to allow incremental qdev conversion so we cannot use it
2027      * right now.  Once we merge the final QOM series, we can come back here and
2028      * do this in a much more elegant fashion.
2029      */
2030     for (i = 0; i < ARRAY_SIZE(e100_devices); i++) {
2031         if (strcmp(e100_devices[i].name, typename) == 0) {
2032             info = &e100_devices[i];
2033             break;
2034         }
2035     }
2036     assert(info != NULL);
2037 
2038     return info;
2039 }
2040 
2041 static E100PCIDeviceInfo *eepro100_get_class(EEPRO100State *s)
2042 {
2043     return eepro100_get_class_by_name(object_get_typename(OBJECT(s)));
2044 }
2045 
2046 static Property e100_properties[] = {
2047     DEFINE_NIC_PROPERTIES(EEPRO100State, conf),
2048     DEFINE_PROP_END_OF_LIST(),
2049 };
2050 
2051 static void eepro100_class_init(ObjectClass *klass, void *data)
2052 {
2053     DeviceClass *dc = DEVICE_CLASS(klass);
2054     PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
2055     E100PCIDeviceInfo *info;
2056 
2057     info = eepro100_get_class_by_name(object_class_get_name(klass));
2058 
2059     set_bit(DEVICE_CATEGORY_NETWORK, dc->categories);
2060     dc->props = e100_properties;
2061     dc->desc = info->desc;
2062     k->vendor_id = PCI_VENDOR_ID_INTEL;
2063     k->class_id = PCI_CLASS_NETWORK_ETHERNET;
2064     k->romfile = "pxe-eepro100.rom";
2065     k->realize = e100_nic_realize;
2066     k->exit = pci_nic_uninit;
2067     k->device_id = info->device_id;
2068     k->revision = info->revision;
2069     k->subsystem_vendor_id = info->subsystem_vendor_id;
2070     k->subsystem_id = info->subsystem_id;
2071 }
2072 
2073 static void eepro100_register_types(void)
2074 {
2075     size_t i;
2076     for (i = 0; i < ARRAY_SIZE(e100_devices); i++) {
2077         TypeInfo type_info = {};
2078         E100PCIDeviceInfo *info = &e100_devices[i];
2079 
2080         type_info.name = info->name;
2081         type_info.parent = TYPE_PCI_DEVICE;
2082         type_info.class_init = eepro100_class_init;
2083         type_info.instance_size = sizeof(EEPRO100State);
2084         type_info.instance_init = eepro100_instance_init;
2085         type_info.interfaces = (InterfaceInfo[]) {
2086             { INTERFACE_CONVENTIONAL_PCI_DEVICE },
2087             { },
2088         };
2089 
2090         type_register(&type_info);
2091     }
2092 }
2093 
2094 type_init(eepro100_register_types)
2095