xref: /openbmc/qemu/hw/net/ftgmac100.c (revision 1a7c00bb3aa4cf5501343fe041e93227ec33e66f)
1 /*
2  * Faraday FTGMAC100 Gigabit Ethernet
3  *
4  * Copyright (C) 2016-2017, IBM Corporation.
5  *
6  * Based on Coldfire Fast Ethernet Controller emulation.
7  *
8  * Copyright (c) 2007 CodeSourcery.
9  *
10  * This code is licensed under the GPL version 2 or later. See the
11  * COPYING file in the top-level directory.
12  */
13 
14 #include "qemu/osdep.h"
15 #include "hw/net/ftgmac100.h"
16 #include "sysemu/dma.h"
17 #include "qemu/log.h"
18 #include "net/checksum.h"
19 #include "net/eth.h"
20 #include "hw/net/mii.h"
21 
22 /* For crc32 */
23 #include <zlib.h>
24 
25 /*
26  * FTGMAC100 registers
27  */
28 #define FTGMAC100_ISR             0x00
29 #define FTGMAC100_IER             0x04
30 #define FTGMAC100_MAC_MADR        0x08
31 #define FTGMAC100_MAC_LADR        0x0c
32 #define FTGMAC100_MATH0           0x10
33 #define FTGMAC100_MATH1           0x14
34 #define FTGMAC100_NPTXPD          0x18
35 #define FTGMAC100_RXPD            0x1C
36 #define FTGMAC100_NPTXR_BADR      0x20
37 #define FTGMAC100_RXR_BADR        0x24
38 #define FTGMAC100_HPTXPD          0x28
39 #define FTGMAC100_HPTXR_BADR      0x2c
40 #define FTGMAC100_ITC             0x30
41 #define FTGMAC100_APTC            0x34
42 #define FTGMAC100_DBLAC           0x38
43 #define FTGMAC100_REVR            0x40
44 #define FTGMAC100_FEAR1           0x44
45 #define FTGMAC100_RBSR            0x4c
46 #define FTGMAC100_TPAFCR          0x48
47 
48 #define FTGMAC100_MACCR           0x50
49 #define FTGMAC100_MACSR           0x54
50 #define FTGMAC100_PHYCR           0x60
51 #define FTGMAC100_PHYDATA         0x64
52 #define FTGMAC100_FCR             0x68
53 
54 /*
55  * Interrupt status register & interrupt enable register
56  */
57 #define FTGMAC100_INT_RPKT_BUF    (1 << 0)
58 #define FTGMAC100_INT_RPKT_FIFO   (1 << 1)
59 #define FTGMAC100_INT_NO_RXBUF    (1 << 2)
60 #define FTGMAC100_INT_RPKT_LOST   (1 << 3)
61 #define FTGMAC100_INT_XPKT_ETH    (1 << 4)
62 #define FTGMAC100_INT_XPKT_FIFO   (1 << 5)
63 #define FTGMAC100_INT_NO_NPTXBUF  (1 << 6)
64 #define FTGMAC100_INT_XPKT_LOST   (1 << 7)
65 #define FTGMAC100_INT_AHB_ERR     (1 << 8)
66 #define FTGMAC100_INT_PHYSTS_CHG  (1 << 9)
67 #define FTGMAC100_INT_NO_HPTXBUF  (1 << 10)
68 
69 /*
70  * Automatic polling timer control register
71  */
72 #define FTGMAC100_APTC_RXPOLL_CNT(x)        ((x) & 0xf)
73 #define FTGMAC100_APTC_RXPOLL_TIME_SEL      (1 << 4)
74 #define FTGMAC100_APTC_TXPOLL_CNT(x)        (((x) >> 8) & 0xf)
75 #define FTGMAC100_APTC_TXPOLL_TIME_SEL      (1 << 12)
76 
77 /*
78  * PHY control register
79  */
80 #define FTGMAC100_PHYCR_MIIRD               (1 << 26)
81 #define FTGMAC100_PHYCR_MIIWR               (1 << 27)
82 
83 #define FTGMAC100_PHYCR_DEV(x)              (((x) >> 16) & 0x1f)
84 #define FTGMAC100_PHYCR_REG(x)              (((x) >> 21) & 0x1f)
85 
86 /*
87  * PHY data register
88  */
89 #define FTGMAC100_PHYDATA_MIIWDATA(x)       ((x) & 0xffff)
90 #define FTGMAC100_PHYDATA_MIIRDATA(x)       (((x) >> 16) & 0xffff)
91 
92 /*
93  * PHY control register - New MDC/MDIO interface
94  */
95 #define FTGMAC100_PHYCR_NEW_DATA(x)     (((x) >> 16) & 0xffff)
96 #define FTGMAC100_PHYCR_NEW_FIRE        (1 << 15)
97 #define FTGMAC100_PHYCR_NEW_ST_22       (1 << 12)
98 #define FTGMAC100_PHYCR_NEW_OP(x)       (((x) >> 10) & 3)
99 #define   FTGMAC100_PHYCR_NEW_OP_WRITE    0x1
100 #define   FTGMAC100_PHYCR_NEW_OP_READ     0x2
101 #define FTGMAC100_PHYCR_NEW_DEV(x)      (((x) >> 5) & 0x1f)
102 #define FTGMAC100_PHYCR_NEW_REG(x)      ((x) & 0x1f)
103 
104 /*
105  * Feature Register
106  */
107 #define FTGMAC100_REVR_NEW_MDIO_INTERFACE   (1 << 31)
108 
109 /*
110  * MAC control register
111  */
112 #define FTGMAC100_MACCR_TXDMA_EN         (1 << 0)
113 #define FTGMAC100_MACCR_RXDMA_EN         (1 << 1)
114 #define FTGMAC100_MACCR_TXMAC_EN         (1 << 2)
115 #define FTGMAC100_MACCR_RXMAC_EN         (1 << 3)
116 #define FTGMAC100_MACCR_RM_VLAN          (1 << 4)
117 #define FTGMAC100_MACCR_HPTXR_EN         (1 << 5)
118 #define FTGMAC100_MACCR_LOOP_EN          (1 << 6)
119 #define FTGMAC100_MACCR_ENRX_IN_HALFTX   (1 << 7)
120 #define FTGMAC100_MACCR_FULLDUP          (1 << 8)
121 #define FTGMAC100_MACCR_GIGA_MODE        (1 << 9)
122 #define FTGMAC100_MACCR_CRC_APD          (1 << 10) /* not needed */
123 #define FTGMAC100_MACCR_RX_RUNT          (1 << 12)
124 #define FTGMAC100_MACCR_JUMBO_LF         (1 << 13)
125 #define FTGMAC100_MACCR_RX_ALL           (1 << 14)
126 #define FTGMAC100_MACCR_HT_MULTI_EN      (1 << 15)
127 #define FTGMAC100_MACCR_RX_MULTIPKT      (1 << 16)
128 #define FTGMAC100_MACCR_RX_BROADPKT      (1 << 17)
129 #define FTGMAC100_MACCR_DISCARD_CRCERR   (1 << 18)
130 #define FTGMAC100_MACCR_FAST_MODE        (1 << 19)
131 #define FTGMAC100_MACCR_SW_RST           (1 << 31)
132 
133 /*
134  * Transmit descriptor
135  */
136 #define FTGMAC100_TXDES0_TXBUF_SIZE(x)   ((x) & 0x3fff)
137 #define FTGMAC100_TXDES0_EDOTR           (1 << 15)
138 #define FTGMAC100_TXDES0_CRC_ERR         (1 << 19)
139 #define FTGMAC100_TXDES0_LTS             (1 << 28)
140 #define FTGMAC100_TXDES0_FTS             (1 << 29)
141 #define FTGMAC100_TXDES0_EDOTR_ASPEED    (1 << 30)
142 #define FTGMAC100_TXDES0_TXDMA_OWN       (1 << 31)
143 
144 #define FTGMAC100_TXDES1_VLANTAG_CI(x)   ((x) & 0xffff)
145 #define FTGMAC100_TXDES1_INS_VLANTAG     (1 << 16)
146 #define FTGMAC100_TXDES1_TCP_CHKSUM      (1 << 17)
147 #define FTGMAC100_TXDES1_UDP_CHKSUM      (1 << 18)
148 #define FTGMAC100_TXDES1_IP_CHKSUM       (1 << 19)
149 #define FTGMAC100_TXDES1_LLC             (1 << 22)
150 #define FTGMAC100_TXDES1_TX2FIC          (1 << 30)
151 #define FTGMAC100_TXDES1_TXIC            (1 << 31)
152 
153 /*
154  * Receive descriptor
155  */
156 #define FTGMAC100_RXDES0_VDBC            0x3fff
157 #define FTGMAC100_RXDES0_EDORR           (1 << 15)
158 #define FTGMAC100_RXDES0_MULTICAST       (1 << 16)
159 #define FTGMAC100_RXDES0_BROADCAST       (1 << 17)
160 #define FTGMAC100_RXDES0_RX_ERR          (1 << 18)
161 #define FTGMAC100_RXDES0_CRC_ERR         (1 << 19)
162 #define FTGMAC100_RXDES0_FTL             (1 << 20)
163 #define FTGMAC100_RXDES0_RUNT            (1 << 21)
164 #define FTGMAC100_RXDES0_RX_ODD_NB       (1 << 22)
165 #define FTGMAC100_RXDES0_FIFO_FULL       (1 << 23)
166 #define FTGMAC100_RXDES0_PAUSE_OPCODE    (1 << 24)
167 #define FTGMAC100_RXDES0_PAUSE_FRAME     (1 << 25)
168 #define FTGMAC100_RXDES0_LRS             (1 << 28)
169 #define FTGMAC100_RXDES0_FRS             (1 << 29)
170 #define FTGMAC100_RXDES0_EDORR_ASPEED    (1 << 30)
171 #define FTGMAC100_RXDES0_RXPKT_RDY       (1 << 31)
172 
173 #define FTGMAC100_RXDES1_VLANTAG_CI      0xffff
174 #define FTGMAC100_RXDES1_PROT_MASK       (0x3 << 20)
175 #define FTGMAC100_RXDES1_PROT_NONIP      (0x0 << 20)
176 #define FTGMAC100_RXDES1_PROT_IP         (0x1 << 20)
177 #define FTGMAC100_RXDES1_PROT_TCPIP      (0x2 << 20)
178 #define FTGMAC100_RXDES1_PROT_UDPIP      (0x3 << 20)
179 #define FTGMAC100_RXDES1_LLC             (1 << 22)
180 #define FTGMAC100_RXDES1_DF              (1 << 23)
181 #define FTGMAC100_RXDES1_VLANTAG_AVAIL   (1 << 24)
182 #define FTGMAC100_RXDES1_TCP_CHKSUM_ERR  (1 << 25)
183 #define FTGMAC100_RXDES1_UDP_CHKSUM_ERR  (1 << 26)
184 #define FTGMAC100_RXDES1_IP_CHKSUM_ERR   (1 << 27)
185 
186 /*
187  * Receive and transmit Buffer Descriptor
188  */
189 typedef struct {
190     uint32_t        des0;
191     uint32_t        des1;
192     uint32_t        des2;        /* not used by HW */
193     uint32_t        des3;
194 } FTGMAC100Desc;
195 
196 /*
197  * Specific RTL8211E MII Registers
198  */
199 #define RTL8211E_MII_PHYCR        16 /* PHY Specific Control */
200 #define RTL8211E_MII_PHYSR        17 /* PHY Specific Status */
201 #define RTL8211E_MII_INER         18 /* Interrupt Enable */
202 #define RTL8211E_MII_INSR         19 /* Interrupt Status */
203 #define RTL8211E_MII_RXERC        24 /* Receive Error Counter */
204 #define RTL8211E_MII_LDPSR        27 /* Link Down Power Saving */
205 #define RTL8211E_MII_EPAGSR       30 /* Extension Page Select */
206 #define RTL8211E_MII_PAGSEL       31 /* Page Select */
207 
208 /*
209  * RTL8211E Interrupt Status
210  */
211 #define PHY_INT_AUTONEG_ERROR       (1 << 15)
212 #define PHY_INT_PAGE_RECV           (1 << 12)
213 #define PHY_INT_AUTONEG_COMPLETE    (1 << 11)
214 #define PHY_INT_LINK_STATUS         (1 << 10)
215 #define PHY_INT_ERROR               (1 << 9)
216 #define PHY_INT_DOWN                (1 << 8)
217 #define PHY_INT_JABBER              (1 << 0)
218 
219 /*
220  * Max frame size for the receiving buffer
221  */
222 #define FTGMAC100_MAX_FRAME_SIZE    9220
223 
224 /* Limits depending on the type of the frame
225  *
226  *   9216 for Jumbo frames (+ 4 for VLAN)
227  *   1518 for other frames (+ 4 for VLAN)
228  */
229 static int ftgmac100_max_frame_size(FTGMAC100State *s, uint16_t proto)
230 {
231     int max = (s->maccr & FTGMAC100_MACCR_JUMBO_LF ? 9216 : 1518);
232 
233     return max + (proto == ETH_P_VLAN ? 4 : 0);
234 }
235 
236 static void ftgmac100_update_irq(FTGMAC100State *s)
237 {
238     qemu_set_irq(s->irq, s->isr & s->ier);
239 }
240 
241 /*
242  * The MII phy could raise a GPIO to the processor which in turn
243  * could be handled as an interrpt by the OS.
244  * For now we don't handle any GPIO/interrupt line, so the OS will
245  * have to poll for the PHY status.
246  */
247 static void phy_update_irq(FTGMAC100State *s)
248 {
249     ftgmac100_update_irq(s);
250 }
251 
252 static void phy_update_link(FTGMAC100State *s)
253 {
254     /* Autonegotiation status mirrors link status.  */
255     if (qemu_get_queue(s->nic)->link_down) {
256         s->phy_status &= ~(MII_BMSR_LINK_ST | MII_BMSR_AN_COMP);
257         s->phy_int |= PHY_INT_DOWN;
258     } else {
259         s->phy_status |= (MII_BMSR_LINK_ST | MII_BMSR_AN_COMP);
260         s->phy_int |= PHY_INT_AUTONEG_COMPLETE;
261     }
262     phy_update_irq(s);
263 }
264 
265 static void ftgmac100_set_link(NetClientState *nc)
266 {
267     phy_update_link(FTGMAC100(qemu_get_nic_opaque(nc)));
268 }
269 
270 static void phy_reset(FTGMAC100State *s)
271 {
272     s->phy_status = (MII_BMSR_100TX_FD | MII_BMSR_100TX_HD | MII_BMSR_10T_FD |
273                      MII_BMSR_10T_HD | MII_BMSR_EXTSTAT | MII_BMSR_MFPS |
274                      MII_BMSR_AN_COMP | MII_BMSR_AUTONEG | MII_BMSR_LINK_ST |
275                      MII_BMSR_EXTCAP);
276     s->phy_control = (MII_BMCR_AUTOEN | MII_BMCR_FD | MII_BMCR_SPEED1000);
277     s->phy_advertise = (MII_ANAR_PAUSE_ASYM | MII_ANAR_PAUSE | MII_ANAR_TXFD |
278                         MII_ANAR_TX | MII_ANAR_10FD | MII_ANAR_10 |
279                         MII_ANAR_CSMACD);
280     s->phy_int_mask = 0;
281     s->phy_int = 0;
282 }
283 
284 static uint16_t do_phy_read(FTGMAC100State *s, uint8_t reg)
285 {
286     uint16_t val;
287 
288     switch (reg) {
289     case MII_BMCR: /* Basic Control */
290         val = s->phy_control;
291         break;
292     case MII_BMSR: /* Basic Status */
293         val = s->phy_status;
294         break;
295     case MII_PHYID1: /* ID1 */
296         val = RTL8211E_PHYID1;
297         break;
298     case MII_PHYID2: /* ID2 */
299         val = RTL8211E_PHYID2;
300         break;
301     case MII_ANAR: /* Auto-neg advertisement */
302         val = s->phy_advertise;
303         break;
304     case MII_ANLPAR: /* Auto-neg Link Partner Ability */
305         val = (MII_ANLPAR_ACK | MII_ANLPAR_PAUSE | MII_ANLPAR_TXFD |
306                MII_ANLPAR_TX | MII_ANLPAR_10FD | MII_ANLPAR_10 |
307                MII_ANLPAR_CSMACD);
308         break;
309     case MII_ANER: /* Auto-neg Expansion */
310         val = MII_ANER_NWAY;
311         break;
312     case MII_CTRL1000: /* 1000BASE-T control  */
313         val = (MII_CTRL1000_HALF | MII_CTRL1000_FULL);
314         break;
315     case MII_STAT1000: /* 1000BASE-T status  */
316         val = MII_STAT1000_FULL;
317         break;
318     case RTL8211E_MII_INSR:  /* Interrupt status.  */
319         val = s->phy_int;
320         s->phy_int = 0;
321         phy_update_irq(s);
322         break;
323     case RTL8211E_MII_INER:  /* Interrupt enable */
324         val = s->phy_int_mask;
325         break;
326     case RTL8211E_MII_PHYCR:
327     case RTL8211E_MII_PHYSR:
328     case RTL8211E_MII_RXERC:
329     case RTL8211E_MII_LDPSR:
330     case RTL8211E_MII_EPAGSR:
331     case RTL8211E_MII_PAGSEL:
332         qemu_log_mask(LOG_UNIMP, "%s: reg %d not implemented\n",
333                       __func__, reg);
334         val = 0;
335         break;
336     default:
337         qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad address at offset %d\n",
338                       __func__, reg);
339         val = 0;
340         break;
341     }
342 
343     return val;
344 }
345 
346 #define MII_BMCR_MASK (MII_BMCR_LOOPBACK | MII_BMCR_SPEED100 |          \
347                        MII_BMCR_SPEED | MII_BMCR_AUTOEN | MII_BMCR_PDOWN | \
348                        MII_BMCR_FD | MII_BMCR_CTST)
349 #define MII_ANAR_MASK 0x2d7f
350 
351 static void do_phy_write(FTGMAC100State *s, uint8_t reg, uint16_t val)
352 {
353     switch (reg) {
354     case MII_BMCR:     /* Basic Control */
355         if (val & MII_BMCR_RESET) {
356             phy_reset(s);
357         } else {
358             s->phy_control = val & MII_BMCR_MASK;
359             /* Complete autonegotiation immediately.  */
360             if (val & MII_BMCR_AUTOEN) {
361                 s->phy_status |= MII_BMSR_AN_COMP;
362             }
363         }
364         break;
365     case MII_ANAR:     /* Auto-neg advertisement */
366         s->phy_advertise = (val & MII_ANAR_MASK) | MII_ANAR_TX;
367         break;
368     case RTL8211E_MII_INER: /* Interrupt enable */
369         s->phy_int_mask = val & 0xff;
370         phy_update_irq(s);
371         break;
372     case RTL8211E_MII_PHYCR:
373     case RTL8211E_MII_PHYSR:
374     case RTL8211E_MII_RXERC:
375     case RTL8211E_MII_LDPSR:
376     case RTL8211E_MII_EPAGSR:
377     case RTL8211E_MII_PAGSEL:
378         qemu_log_mask(LOG_UNIMP, "%s: reg %d not implemented\n",
379                       __func__, reg);
380         break;
381     default:
382         qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad address at offset %d\n",
383                       __func__, reg);
384         break;
385     }
386 }
387 
388 static void do_phy_new_ctl(FTGMAC100State *s)
389 {
390     uint8_t reg;
391     uint16_t data;
392 
393     if (!(s->phycr & FTGMAC100_PHYCR_NEW_ST_22)) {
394         qemu_log_mask(LOG_UNIMP, "%s: unsupported ST code\n", __func__);
395         return;
396     }
397 
398     /* Nothing to do */
399     if (!(s->phycr & FTGMAC100_PHYCR_NEW_FIRE)) {
400         return;
401     }
402 
403     reg = FTGMAC100_PHYCR_NEW_REG(s->phycr);
404     data = FTGMAC100_PHYCR_NEW_DATA(s->phycr);
405 
406     switch (FTGMAC100_PHYCR_NEW_OP(s->phycr)) {
407     case FTGMAC100_PHYCR_NEW_OP_WRITE:
408         do_phy_write(s, reg, data);
409         break;
410     case FTGMAC100_PHYCR_NEW_OP_READ:
411         s->phydata = do_phy_read(s, reg) & 0xffff;
412         break;
413     default:
414         qemu_log_mask(LOG_GUEST_ERROR, "%s: invalid OP code %08x\n",
415                       __func__, s->phycr);
416     }
417 
418     s->phycr &= ~FTGMAC100_PHYCR_NEW_FIRE;
419 }
420 
421 static void do_phy_ctl(FTGMAC100State *s)
422 {
423     uint8_t reg = FTGMAC100_PHYCR_REG(s->phycr);
424 
425     if (s->phycr & FTGMAC100_PHYCR_MIIWR) {
426         do_phy_write(s, reg, s->phydata & 0xffff);
427         s->phycr &= ~FTGMAC100_PHYCR_MIIWR;
428     } else if (s->phycr & FTGMAC100_PHYCR_MIIRD) {
429         s->phydata = do_phy_read(s, reg) << 16;
430         s->phycr &= ~FTGMAC100_PHYCR_MIIRD;
431     } else {
432         qemu_log_mask(LOG_GUEST_ERROR, "%s: no OP code %08x\n",
433                       __func__, s->phycr);
434     }
435 }
436 
437 static int ftgmac100_read_bd(FTGMAC100Desc *bd, dma_addr_t addr)
438 {
439     if (dma_memory_read(&address_space_memory, addr, bd, sizeof(*bd))) {
440         qemu_log_mask(LOG_GUEST_ERROR, "%s: failed to read descriptor @ 0x%"
441                       HWADDR_PRIx "\n", __func__, addr);
442         return -1;
443     }
444     bd->des0 = le32_to_cpu(bd->des0);
445     bd->des1 = le32_to_cpu(bd->des1);
446     bd->des2 = le32_to_cpu(bd->des2);
447     bd->des3 = le32_to_cpu(bd->des3);
448     return 0;
449 }
450 
451 static int ftgmac100_write_bd(FTGMAC100Desc *bd, dma_addr_t addr)
452 {
453     FTGMAC100Desc lebd;
454 
455     lebd.des0 = cpu_to_le32(bd->des0);
456     lebd.des1 = cpu_to_le32(bd->des1);
457     lebd.des2 = cpu_to_le32(bd->des2);
458     lebd.des3 = cpu_to_le32(bd->des3);
459     if (dma_memory_write(&address_space_memory, addr, &lebd, sizeof(lebd))) {
460         qemu_log_mask(LOG_GUEST_ERROR, "%s: failed to write descriptor @ 0x%"
461                       HWADDR_PRIx "\n", __func__, addr);
462         return -1;
463     }
464     return 0;
465 }
466 
467 static void ftgmac100_do_tx(FTGMAC100State *s, uint32_t tx_ring,
468                             uint32_t tx_descriptor)
469 {
470     int frame_size = 0;
471     uint8_t *ptr = s->frame;
472     uint32_t addr = tx_descriptor;
473     uint32_t flags = 0;
474 
475     while (1) {
476         FTGMAC100Desc bd;
477         int len;
478 
479         if (ftgmac100_read_bd(&bd, addr) ||
480             ((bd.des0 & FTGMAC100_TXDES0_TXDMA_OWN) == 0)) {
481             /* Run out of descriptors to transmit.  */
482             s->isr |= FTGMAC100_INT_NO_NPTXBUF;
483             break;
484         }
485 
486         /* record transmit flags as they are valid only on the first
487          * segment */
488         if (bd.des0 & FTGMAC100_TXDES0_FTS) {
489             flags = bd.des1;
490         }
491 
492         len = FTGMAC100_TXDES0_TXBUF_SIZE(bd.des0);
493         if (frame_size + len > sizeof(s->frame)) {
494             qemu_log_mask(LOG_GUEST_ERROR, "%s: frame too big : %d bytes\n",
495                           __func__, len);
496             s->isr |= FTGMAC100_INT_XPKT_LOST;
497             len =  sizeof(s->frame) - frame_size;
498         }
499 
500         if (dma_memory_read(&address_space_memory, bd.des3, ptr, len)) {
501             qemu_log_mask(LOG_GUEST_ERROR, "%s: failed to read packet @ 0x%x\n",
502                           __func__, bd.des3);
503             s->isr |= FTGMAC100_INT_NO_NPTXBUF;
504             break;
505         }
506 
507         /* Check for VLAN */
508         if (bd.des0 & FTGMAC100_TXDES0_FTS &&
509             bd.des1 & FTGMAC100_TXDES1_INS_VLANTAG &&
510             be16_to_cpu(PKT_GET_ETH_HDR(ptr)->h_proto) != ETH_P_VLAN) {
511             if (frame_size + len + 4 > sizeof(s->frame)) {
512                 qemu_log_mask(LOG_GUEST_ERROR, "%s: frame too big : %d bytes\n",
513                               __func__, len);
514                 s->isr |= FTGMAC100_INT_XPKT_LOST;
515                 len =  sizeof(s->frame) - frame_size - 4;
516             }
517             memmove(ptr + 16, ptr + 12, len - 12);
518             stw_be_p(ptr + 12, ETH_P_VLAN);
519             stw_be_p(ptr + 14, bd.des1);
520             len += 4;
521         }
522 
523         ptr += len;
524         frame_size += len;
525         if (bd.des0 & FTGMAC100_TXDES0_LTS) {
526             if (flags & FTGMAC100_TXDES1_IP_CHKSUM) {
527                 net_checksum_calculate(s->frame, frame_size);
528             }
529             /* Last buffer in frame.  */
530             qemu_send_packet(qemu_get_queue(s->nic), s->frame, frame_size);
531             ptr = s->frame;
532             frame_size = 0;
533             if (flags & FTGMAC100_TXDES1_TXIC) {
534                 s->isr |= FTGMAC100_INT_XPKT_ETH;
535             }
536         }
537 
538         if (flags & FTGMAC100_TXDES1_TX2FIC) {
539             s->isr |= FTGMAC100_INT_XPKT_FIFO;
540         }
541         bd.des0 &= ~FTGMAC100_TXDES0_TXDMA_OWN;
542 
543         /* Write back the modified descriptor.  */
544         ftgmac100_write_bd(&bd, addr);
545         /* Advance to the next descriptor.  */
546         if (bd.des0 & s->txdes0_edotr) {
547             addr = tx_ring;
548         } else {
549             addr += sizeof(FTGMAC100Desc);
550         }
551     }
552 
553     s->tx_descriptor = addr;
554 
555     ftgmac100_update_irq(s);
556 }
557 
558 static int ftgmac100_can_receive(NetClientState *nc)
559 {
560     FTGMAC100State *s = FTGMAC100(qemu_get_nic_opaque(nc));
561     FTGMAC100Desc bd;
562 
563     if ((s->maccr & (FTGMAC100_MACCR_RXDMA_EN | FTGMAC100_MACCR_RXMAC_EN))
564          != (FTGMAC100_MACCR_RXDMA_EN | FTGMAC100_MACCR_RXMAC_EN)) {
565         return 0;
566     }
567 
568     if (ftgmac100_read_bd(&bd, s->rx_descriptor)) {
569         return 0;
570     }
571     return !(bd.des0 & FTGMAC100_RXDES0_RXPKT_RDY);
572 }
573 
574 /*
575  * This is purely informative. The HW can poll the RW (and RX) ring
576  * buffers for available descriptors but we don't need to trigger a
577  * timer for that in qemu.
578  */
579 static uint32_t ftgmac100_rxpoll(FTGMAC100State *s)
580 {
581     /* Polling times :
582      *
583      * Speed      TIME_SEL=0    TIME_SEL=1
584      *
585      *    10         51.2 ms      819.2 ms
586      *   100         5.12 ms      81.92 ms
587      *  1000        1.024 ms     16.384 ms
588      */
589     static const int div[] = { 20, 200, 1000 };
590 
591     uint32_t cnt = 1024 * FTGMAC100_APTC_RXPOLL_CNT(s->aptcr);
592     uint32_t speed = (s->maccr & FTGMAC100_MACCR_FAST_MODE) ? 1 : 0;
593 
594     if (s->aptcr & FTGMAC100_APTC_RXPOLL_TIME_SEL) {
595         cnt <<= 4;
596     }
597 
598     if (s->maccr & FTGMAC100_MACCR_GIGA_MODE) {
599         speed = 2;
600     }
601 
602     return cnt / div[speed];
603 }
604 
605 static void ftgmac100_reset(DeviceState *d)
606 {
607     FTGMAC100State *s = FTGMAC100(d);
608 
609     /* Reset the FTGMAC100 */
610     s->isr = 0;
611     s->ier = 0;
612     s->rx_enabled = 0;
613     s->rx_ring = 0;
614     s->rbsr = 0x640;
615     s->rx_descriptor = 0;
616     s->tx_ring = 0;
617     s->tx_descriptor = 0;
618     s->math[0] = 0;
619     s->math[1] = 0;
620     s->itc = 0;
621     s->aptcr = 1;
622     s->dblac = 0x00022f00;
623     s->revr = 0;
624     s->fear1 = 0;
625     s->tpafcr = 0xf1;
626 
627     s->maccr = 0;
628     s->phycr = 0;
629     s->phydata = 0;
630     s->fcr = 0x400;
631 
632     /* and the PHY */
633     phy_reset(s);
634 }
635 
636 static uint64_t ftgmac100_read(void *opaque, hwaddr addr, unsigned size)
637 {
638     FTGMAC100State *s = FTGMAC100(opaque);
639 
640     switch (addr & 0xff) {
641     case FTGMAC100_ISR:
642         return s->isr;
643     case FTGMAC100_IER:
644         return s->ier;
645     case FTGMAC100_MAC_MADR:
646         return (s->conf.macaddr.a[0] << 8)  | s->conf.macaddr.a[1];
647     case FTGMAC100_MAC_LADR:
648         return ((uint32_t) s->conf.macaddr.a[2] << 24) |
649             (s->conf.macaddr.a[3] << 16) | (s->conf.macaddr.a[4] << 8) |
650             s->conf.macaddr.a[5];
651     case FTGMAC100_MATH0:
652         return s->math[0];
653     case FTGMAC100_MATH1:
654         return s->math[1];
655     case FTGMAC100_ITC:
656         return s->itc;
657     case FTGMAC100_DBLAC:
658         return s->dblac;
659     case FTGMAC100_REVR:
660         return s->revr;
661     case FTGMAC100_FEAR1:
662         return s->fear1;
663     case FTGMAC100_TPAFCR:
664         return s->tpafcr;
665     case FTGMAC100_FCR:
666         return s->fcr;
667     case FTGMAC100_MACCR:
668         return s->maccr;
669     case FTGMAC100_PHYCR:
670         return s->phycr;
671     case FTGMAC100_PHYDATA:
672         return s->phydata;
673 
674         /* We might want to support these one day */
675     case FTGMAC100_HPTXPD: /* High Priority Transmit Poll Demand */
676     case FTGMAC100_HPTXR_BADR: /* High Priority Transmit Ring Base Address */
677     case FTGMAC100_MACSR: /* MAC Status Register (MACSR) */
678         qemu_log_mask(LOG_UNIMP, "%s: read to unimplemented register 0x%"
679                       HWADDR_PRIx "\n", __func__, addr);
680         return 0;
681     default:
682         qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad address at offset 0x%"
683                       HWADDR_PRIx "\n", __func__, addr);
684         return 0;
685     }
686 }
687 
688 static void ftgmac100_write(void *opaque, hwaddr addr,
689                           uint64_t value, unsigned size)
690 {
691     FTGMAC100State *s = FTGMAC100(opaque);
692 
693     switch (addr & 0xff) {
694     case FTGMAC100_ISR: /* Interrupt status */
695         s->isr &= ~value;
696         break;
697     case FTGMAC100_IER: /* Interrupt control */
698         s->ier = value;
699         break;
700     case FTGMAC100_MAC_MADR: /* MAC */
701         s->conf.macaddr.a[0] = value >> 8;
702         s->conf.macaddr.a[1] = value;
703         break;
704     case FTGMAC100_MAC_LADR:
705         s->conf.macaddr.a[2] = value >> 24;
706         s->conf.macaddr.a[3] = value >> 16;
707         s->conf.macaddr.a[4] = value >> 8;
708         s->conf.macaddr.a[5] = value;
709         break;
710     case FTGMAC100_MATH0: /* Multicast Address Hash Table 0 */
711         s->math[0] = value;
712         break;
713     case FTGMAC100_MATH1: /* Multicast Address Hash Table 1 */
714         s->math[1] = value;
715         break;
716     case FTGMAC100_ITC: /* TODO: Interrupt Timer Control */
717         s->itc = value;
718         break;
719     case FTGMAC100_RXR_BADR: /* Ring buffer address */
720         s->rx_ring = value;
721         s->rx_descriptor = s->rx_ring;
722         break;
723 
724     case FTGMAC100_RBSR: /* DMA buffer size */
725         s->rbsr = value;
726         break;
727 
728     case FTGMAC100_NPTXR_BADR: /* Transmit buffer address */
729         s->tx_ring = value;
730         s->tx_descriptor = s->tx_ring;
731         break;
732 
733     case FTGMAC100_NPTXPD: /* Trigger transmit */
734         if ((s->maccr & (FTGMAC100_MACCR_TXDMA_EN | FTGMAC100_MACCR_TXMAC_EN))
735             == (FTGMAC100_MACCR_TXDMA_EN | FTGMAC100_MACCR_TXMAC_EN)) {
736             /* TODO: high priority tx ring */
737             ftgmac100_do_tx(s, s->tx_ring, s->tx_descriptor);
738         }
739         if (ftgmac100_can_receive(qemu_get_queue(s->nic))) {
740             qemu_flush_queued_packets(qemu_get_queue(s->nic));
741         }
742         break;
743 
744     case FTGMAC100_RXPD: /* Receive Poll Demand Register */
745         if (ftgmac100_can_receive(qemu_get_queue(s->nic))) {
746             qemu_flush_queued_packets(qemu_get_queue(s->nic));
747         }
748         break;
749 
750     case FTGMAC100_APTC: /* Automatic polling */
751         s->aptcr = value;
752 
753         if (FTGMAC100_APTC_RXPOLL_CNT(s->aptcr)) {
754             ftgmac100_rxpoll(s);
755         }
756 
757         if (FTGMAC100_APTC_TXPOLL_CNT(s->aptcr)) {
758             qemu_log_mask(LOG_UNIMP, "%s: no transmit polling\n", __func__);
759         }
760         break;
761 
762     case FTGMAC100_MACCR: /* MAC Device control */
763         s->maccr = value;
764         if (value & FTGMAC100_MACCR_SW_RST) {
765             ftgmac100_reset(DEVICE(s));
766         }
767 
768         if (ftgmac100_can_receive(qemu_get_queue(s->nic))) {
769             qemu_flush_queued_packets(qemu_get_queue(s->nic));
770         }
771         break;
772 
773     case FTGMAC100_PHYCR:  /* PHY Device control */
774         s->phycr = value;
775         if (s->revr & FTGMAC100_REVR_NEW_MDIO_INTERFACE) {
776             do_phy_new_ctl(s);
777         } else {
778             do_phy_ctl(s);
779         }
780         break;
781     case FTGMAC100_PHYDATA:
782         s->phydata = value & 0xffff;
783         break;
784     case FTGMAC100_DBLAC: /* DMA Burst Length and Arbitration Control */
785         s->dblac = value;
786         break;
787     case FTGMAC100_REVR:  /* Feature Register */
788         s->revr = value;
789         break;
790     case FTGMAC100_FEAR1: /* Feature Register 1 */
791         s->fear1 = value;
792         break;
793     case FTGMAC100_TPAFCR: /* Transmit Priority Arbitration and FIFO Control */
794         s->tpafcr = value;
795         break;
796     case FTGMAC100_FCR: /* Flow Control  */
797         s->fcr  = value;
798         break;
799 
800     case FTGMAC100_HPTXPD: /* High Priority Transmit Poll Demand */
801     case FTGMAC100_HPTXR_BADR: /* High Priority Transmit Ring Base Address */
802     case FTGMAC100_MACSR: /* MAC Status Register (MACSR) */
803         qemu_log_mask(LOG_UNIMP, "%s: write to unimplemented register 0x%"
804                       HWADDR_PRIx "\n", __func__, addr);
805         break;
806     default:
807         qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad address at offset 0x%"
808                       HWADDR_PRIx "\n", __func__, addr);
809         break;
810     }
811 
812     ftgmac100_update_irq(s);
813 }
814 
815 static int ftgmac100_filter(FTGMAC100State *s, const uint8_t *buf, size_t len)
816 {
817     unsigned mcast_idx;
818 
819     if (s->maccr & FTGMAC100_MACCR_RX_ALL) {
820         return 1;
821     }
822 
823     switch (get_eth_packet_type(PKT_GET_ETH_HDR(buf))) {
824     case ETH_PKT_BCAST:
825         if (!(s->maccr & FTGMAC100_MACCR_RX_BROADPKT)) {
826             return 0;
827         }
828         break;
829     case ETH_PKT_MCAST:
830         if (!(s->maccr & FTGMAC100_MACCR_RX_MULTIPKT)) {
831             if (!(s->maccr & FTGMAC100_MACCR_HT_MULTI_EN)) {
832                 return 0;
833             }
834 
835             mcast_idx = net_crc32_le(buf, ETH_ALEN);
836             mcast_idx = (~(mcast_idx >> 2)) & 0x3f;
837             if (!(s->math[mcast_idx / 32] & (1 << (mcast_idx % 32)))) {
838                 return 0;
839             }
840         }
841         break;
842     case ETH_PKT_UCAST:
843         if (memcmp(s->conf.macaddr.a, buf, 6)) {
844             return 0;
845         }
846         break;
847     }
848 
849     return 1;
850 }
851 
852 static ssize_t ftgmac100_receive(NetClientState *nc, const uint8_t *buf,
853                                  size_t len)
854 {
855     FTGMAC100State *s = FTGMAC100(qemu_get_nic_opaque(nc));
856     FTGMAC100Desc bd;
857     uint32_t flags = 0;
858     uint32_t addr;
859     uint32_t crc;
860     uint32_t buf_addr;
861     uint8_t *crc_ptr;
862     uint32_t buf_len;
863     size_t size = len;
864     uint32_t first = FTGMAC100_RXDES0_FRS;
865     uint16_t proto = be16_to_cpu(PKT_GET_ETH_HDR(buf)->h_proto);
866     int max_frame_size = ftgmac100_max_frame_size(s, proto);
867 
868     if ((s->maccr & (FTGMAC100_MACCR_RXDMA_EN | FTGMAC100_MACCR_RXMAC_EN))
869          != (FTGMAC100_MACCR_RXDMA_EN | FTGMAC100_MACCR_RXMAC_EN)) {
870         return -1;
871     }
872 
873     /* TODO : Pad to minimum Ethernet frame length */
874     /* handle small packets.  */
875     if (size < 10) {
876         qemu_log_mask(LOG_GUEST_ERROR, "%s: dropped frame of %zd bytes\n",
877                       __func__, size);
878         return size;
879     }
880 
881     if (!ftgmac100_filter(s, buf, size)) {
882         return size;
883     }
884 
885     /* 4 bytes for the CRC.  */
886     size += 4;
887     crc = cpu_to_be32(crc32(~0, buf, size));
888     crc_ptr = (uint8_t *) &crc;
889 
890     /* Huge frames are truncated.  */
891     if (size > max_frame_size) {
892         qemu_log_mask(LOG_GUEST_ERROR, "%s: frame too big : %zd bytes\n",
893                       __func__, size);
894         size = max_frame_size;
895         flags |= FTGMAC100_RXDES0_FTL;
896     }
897 
898     switch (get_eth_packet_type(PKT_GET_ETH_HDR(buf))) {
899     case ETH_PKT_BCAST:
900         flags |= FTGMAC100_RXDES0_BROADCAST;
901         break;
902     case ETH_PKT_MCAST:
903         flags |= FTGMAC100_RXDES0_MULTICAST;
904         break;
905     case ETH_PKT_UCAST:
906         break;
907     }
908 
909     addr = s->rx_descriptor;
910     while (size > 0) {
911         if (!ftgmac100_can_receive(nc)) {
912             qemu_log_mask(LOG_GUEST_ERROR, "%s: Unexpected packet\n", __func__);
913             return -1;
914         }
915 
916         if (ftgmac100_read_bd(&bd, addr) ||
917             (bd.des0 & FTGMAC100_RXDES0_RXPKT_RDY)) {
918             /* No descriptors available.  Bail out.  */
919             qemu_log_mask(LOG_GUEST_ERROR, "%s: Lost end of frame\n",
920                           __func__);
921             s->isr |= FTGMAC100_INT_NO_RXBUF;
922             break;
923         }
924         buf_len = (size <= s->rbsr) ? size : s->rbsr;
925         bd.des0 |= buf_len & 0x3fff;
926         size -= buf_len;
927 
928         /* The last 4 bytes are the CRC.  */
929         if (size < 4) {
930             buf_len += size - 4;
931         }
932         buf_addr = bd.des3;
933         if (first && proto == ETH_P_VLAN && buf_len >= 18) {
934             bd.des1 = lduw_be_p(buf + 14) | FTGMAC100_RXDES1_VLANTAG_AVAIL;
935 
936             if (s->maccr & FTGMAC100_MACCR_RM_VLAN) {
937                 dma_memory_write(&address_space_memory, buf_addr, buf, 12);
938                 dma_memory_write(&address_space_memory, buf_addr + 12, buf + 16,
939                                  buf_len - 16);
940             } else {
941                 dma_memory_write(&address_space_memory, buf_addr, buf, buf_len);
942             }
943         } else {
944             bd.des1 = 0;
945             dma_memory_write(&address_space_memory, buf_addr, buf, buf_len);
946         }
947         buf += buf_len;
948         if (size < 4) {
949             dma_memory_write(&address_space_memory, buf_addr + buf_len,
950                              crc_ptr, 4 - size);
951             crc_ptr += 4 - size;
952         }
953 
954         bd.des0 |= first | FTGMAC100_RXDES0_RXPKT_RDY;
955         first = 0;
956         if (size == 0) {
957             /* Last buffer in frame.  */
958             bd.des0 |= flags | FTGMAC100_RXDES0_LRS;
959             s->isr |= FTGMAC100_INT_RPKT_BUF;
960         } else {
961             s->isr |= FTGMAC100_INT_RPKT_FIFO;
962         }
963         ftgmac100_write_bd(&bd, addr);
964         if (bd.des0 & s->rxdes0_edorr) {
965             addr = s->rx_ring;
966         } else {
967             addr += sizeof(FTGMAC100Desc);
968         }
969     }
970     s->rx_descriptor = addr;
971 
972     ftgmac100_update_irq(s);
973     return len;
974 }
975 
976 static const MemoryRegionOps ftgmac100_ops = {
977     .read = ftgmac100_read,
978     .write = ftgmac100_write,
979     .valid.min_access_size = 4,
980     .valid.max_access_size = 4,
981     .endianness = DEVICE_LITTLE_ENDIAN,
982 };
983 
984 static void ftgmac100_cleanup(NetClientState *nc)
985 {
986     FTGMAC100State *s = FTGMAC100(qemu_get_nic_opaque(nc));
987 
988     s->nic = NULL;
989 }
990 
991 static NetClientInfo net_ftgmac100_info = {
992     .type = NET_CLIENT_DRIVER_NIC,
993     .size = sizeof(NICState),
994     .can_receive = ftgmac100_can_receive,
995     .receive = ftgmac100_receive,
996     .cleanup = ftgmac100_cleanup,
997     .link_status_changed = ftgmac100_set_link,
998 };
999 
1000 static void ftgmac100_realize(DeviceState *dev, Error **errp)
1001 {
1002     FTGMAC100State *s = FTGMAC100(dev);
1003     SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
1004 
1005     if (s->aspeed) {
1006         s->txdes0_edotr = FTGMAC100_TXDES0_EDOTR_ASPEED;
1007         s->rxdes0_edorr = FTGMAC100_RXDES0_EDORR_ASPEED;
1008     } else {
1009         s->txdes0_edotr = FTGMAC100_TXDES0_EDOTR;
1010         s->rxdes0_edorr = FTGMAC100_RXDES0_EDORR;
1011     }
1012 
1013     memory_region_init_io(&s->iomem, OBJECT(dev), &ftgmac100_ops, s,
1014                           TYPE_FTGMAC100, 0x2000);
1015     sysbus_init_mmio(sbd, &s->iomem);
1016     sysbus_init_irq(sbd, &s->irq);
1017     qemu_macaddr_default_if_unset(&s->conf.macaddr);
1018 
1019     s->conf.peers.ncs[0] = nd_table[0].netdev;
1020 
1021     s->nic = qemu_new_nic(&net_ftgmac100_info, &s->conf,
1022                           object_get_typename(OBJECT(dev)), DEVICE(dev)->id,
1023                           s);
1024     qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a);
1025 }
1026 
1027 static const VMStateDescription vmstate_ftgmac100 = {
1028     .name = TYPE_FTGMAC100,
1029     .version_id = 1,
1030     .minimum_version_id = 1,
1031     .fields = (VMStateField[]) {
1032         VMSTATE_UINT32(irq_state, FTGMAC100State),
1033         VMSTATE_UINT32(isr, FTGMAC100State),
1034         VMSTATE_UINT32(ier, FTGMAC100State),
1035         VMSTATE_UINT32(rx_enabled, FTGMAC100State),
1036         VMSTATE_UINT32(rx_ring, FTGMAC100State),
1037         VMSTATE_UINT32(rbsr, FTGMAC100State),
1038         VMSTATE_UINT32(tx_ring, FTGMAC100State),
1039         VMSTATE_UINT32(rx_descriptor, FTGMAC100State),
1040         VMSTATE_UINT32(tx_descriptor, FTGMAC100State),
1041         VMSTATE_UINT32_ARRAY(math, FTGMAC100State, 2),
1042         VMSTATE_UINT32(itc, FTGMAC100State),
1043         VMSTATE_UINT32(aptcr, FTGMAC100State),
1044         VMSTATE_UINT32(dblac, FTGMAC100State),
1045         VMSTATE_UINT32(revr, FTGMAC100State),
1046         VMSTATE_UINT32(fear1, FTGMAC100State),
1047         VMSTATE_UINT32(tpafcr, FTGMAC100State),
1048         VMSTATE_UINT32(maccr, FTGMAC100State),
1049         VMSTATE_UINT32(phycr, FTGMAC100State),
1050         VMSTATE_UINT32(phydata, FTGMAC100State),
1051         VMSTATE_UINT32(fcr, FTGMAC100State),
1052         VMSTATE_UINT32(phy_status, FTGMAC100State),
1053         VMSTATE_UINT32(phy_control, FTGMAC100State),
1054         VMSTATE_UINT32(phy_advertise, FTGMAC100State),
1055         VMSTATE_UINT32(phy_int, FTGMAC100State),
1056         VMSTATE_UINT32(phy_int_mask, FTGMAC100State),
1057         VMSTATE_UINT32(txdes0_edotr, FTGMAC100State),
1058         VMSTATE_UINT32(rxdes0_edorr, FTGMAC100State),
1059         VMSTATE_END_OF_LIST()
1060     }
1061 };
1062 
1063 static Property ftgmac100_properties[] = {
1064     DEFINE_PROP_BOOL("aspeed", FTGMAC100State, aspeed, false),
1065     DEFINE_NIC_PROPERTIES(FTGMAC100State, conf),
1066     DEFINE_PROP_END_OF_LIST(),
1067 };
1068 
1069 static void ftgmac100_class_init(ObjectClass *klass, void *data)
1070 {
1071     DeviceClass *dc = DEVICE_CLASS(klass);
1072 
1073     dc->vmsd = &vmstate_ftgmac100;
1074     dc->reset = ftgmac100_reset;
1075     dc->props = ftgmac100_properties;
1076     set_bit(DEVICE_CATEGORY_NETWORK, dc->categories);
1077     dc->realize = ftgmac100_realize;
1078     dc->desc = "Faraday FTGMAC100 Gigabit Ethernet emulation";
1079 }
1080 
1081 static const TypeInfo ftgmac100_info = {
1082     .name = TYPE_FTGMAC100,
1083     .parent = TYPE_SYS_BUS_DEVICE,
1084     .instance_size = sizeof(FTGMAC100State),
1085     .class_init = ftgmac100_class_init,
1086 };
1087 
1088 static void ftgmac100_register_types(void)
1089 {
1090     type_register_static(&ftgmac100_info);
1091 }
1092 
1093 type_init(ftgmac100_register_types)
1094