xref: /openbmc/qemu/hw/net/ftgmac100.c (revision 500eb6db)
1 /*
2  * Faraday FTGMAC100 Gigabit Ethernet
3  *
4  * Copyright (C) 2016-2017, IBM Corporation.
5  *
6  * Based on Coldfire Fast Ethernet Controller emulation.
7  *
8  * Copyright (c) 2007 CodeSourcery.
9  *
10  * This code is licensed under the GPL version 2 or later. See the
11  * COPYING file in the top-level directory.
12  */
13 
14 #include "qemu/osdep.h"
15 #include "hw/net/ftgmac100.h"
16 #include "sysemu/dma.h"
17 #include "qemu/log.h"
18 #include "qemu/module.h"
19 #include "net/checksum.h"
20 #include "net/eth.h"
21 #include "hw/net/mii.h"
22 
23 /* For crc32 */
24 #include <zlib.h>
25 
26 /*
27  * FTGMAC100 registers
28  */
29 #define FTGMAC100_ISR             0x00
30 #define FTGMAC100_IER             0x04
31 #define FTGMAC100_MAC_MADR        0x08
32 #define FTGMAC100_MAC_LADR        0x0c
33 #define FTGMAC100_MATH0           0x10
34 #define FTGMAC100_MATH1           0x14
35 #define FTGMAC100_NPTXPD          0x18
36 #define FTGMAC100_RXPD            0x1C
37 #define FTGMAC100_NPTXR_BADR      0x20
38 #define FTGMAC100_RXR_BADR        0x24
39 #define FTGMAC100_HPTXPD          0x28
40 #define FTGMAC100_HPTXR_BADR      0x2c
41 #define FTGMAC100_ITC             0x30
42 #define FTGMAC100_APTC            0x34
43 #define FTGMAC100_DBLAC           0x38
44 #define FTGMAC100_REVR            0x40
45 #define FTGMAC100_FEAR1           0x44
46 #define FTGMAC100_RBSR            0x4c
47 #define FTGMAC100_TPAFCR          0x48
48 
49 #define FTGMAC100_MACCR           0x50
50 #define FTGMAC100_MACSR           0x54
51 #define FTGMAC100_PHYCR           0x60
52 #define FTGMAC100_PHYDATA         0x64
53 #define FTGMAC100_FCR             0x68
54 
55 /*
56  * Interrupt status register & interrupt enable register
57  */
58 #define FTGMAC100_INT_RPKT_BUF    (1 << 0)
59 #define FTGMAC100_INT_RPKT_FIFO   (1 << 1)
60 #define FTGMAC100_INT_NO_RXBUF    (1 << 2)
61 #define FTGMAC100_INT_RPKT_LOST   (1 << 3)
62 #define FTGMAC100_INT_XPKT_ETH    (1 << 4)
63 #define FTGMAC100_INT_XPKT_FIFO   (1 << 5)
64 #define FTGMAC100_INT_NO_NPTXBUF  (1 << 6)
65 #define FTGMAC100_INT_XPKT_LOST   (1 << 7)
66 #define FTGMAC100_INT_AHB_ERR     (1 << 8)
67 #define FTGMAC100_INT_PHYSTS_CHG  (1 << 9)
68 #define FTGMAC100_INT_NO_HPTXBUF  (1 << 10)
69 
70 /*
71  * Automatic polling timer control register
72  */
73 #define FTGMAC100_APTC_RXPOLL_CNT(x)        ((x) & 0xf)
74 #define FTGMAC100_APTC_RXPOLL_TIME_SEL      (1 << 4)
75 #define FTGMAC100_APTC_TXPOLL_CNT(x)        (((x) >> 8) & 0xf)
76 #define FTGMAC100_APTC_TXPOLL_TIME_SEL      (1 << 12)
77 
78 /*
79  * PHY control register
80  */
81 #define FTGMAC100_PHYCR_MIIRD               (1 << 26)
82 #define FTGMAC100_PHYCR_MIIWR               (1 << 27)
83 
84 #define FTGMAC100_PHYCR_DEV(x)              (((x) >> 16) & 0x1f)
85 #define FTGMAC100_PHYCR_REG(x)              (((x) >> 21) & 0x1f)
86 
87 /*
88  * PHY data register
89  */
90 #define FTGMAC100_PHYDATA_MIIWDATA(x)       ((x) & 0xffff)
91 #define FTGMAC100_PHYDATA_MIIRDATA(x)       (((x) >> 16) & 0xffff)
92 
93 /*
94  * PHY control register - New MDC/MDIO interface
95  */
96 #define FTGMAC100_PHYCR_NEW_DATA(x)     (((x) >> 16) & 0xffff)
97 #define FTGMAC100_PHYCR_NEW_FIRE        (1 << 15)
98 #define FTGMAC100_PHYCR_NEW_ST_22       (1 << 12)
99 #define FTGMAC100_PHYCR_NEW_OP(x)       (((x) >> 10) & 3)
100 #define   FTGMAC100_PHYCR_NEW_OP_WRITE    0x1
101 #define   FTGMAC100_PHYCR_NEW_OP_READ     0x2
102 #define FTGMAC100_PHYCR_NEW_DEV(x)      (((x) >> 5) & 0x1f)
103 #define FTGMAC100_PHYCR_NEW_REG(x)      ((x) & 0x1f)
104 
105 /*
106  * Feature Register
107  */
108 #define FTGMAC100_REVR_NEW_MDIO_INTERFACE   (1 << 31)
109 
110 /*
111  * MAC control register
112  */
113 #define FTGMAC100_MACCR_TXDMA_EN         (1 << 0)
114 #define FTGMAC100_MACCR_RXDMA_EN         (1 << 1)
115 #define FTGMAC100_MACCR_TXMAC_EN         (1 << 2)
116 #define FTGMAC100_MACCR_RXMAC_EN         (1 << 3)
117 #define FTGMAC100_MACCR_RM_VLAN          (1 << 4)
118 #define FTGMAC100_MACCR_HPTXR_EN         (1 << 5)
119 #define FTGMAC100_MACCR_LOOP_EN          (1 << 6)
120 #define FTGMAC100_MACCR_ENRX_IN_HALFTX   (1 << 7)
121 #define FTGMAC100_MACCR_FULLDUP          (1 << 8)
122 #define FTGMAC100_MACCR_GIGA_MODE        (1 << 9)
123 #define FTGMAC100_MACCR_CRC_APD          (1 << 10) /* not needed */
124 #define FTGMAC100_MACCR_RX_RUNT          (1 << 12)
125 #define FTGMAC100_MACCR_JUMBO_LF         (1 << 13)
126 #define FTGMAC100_MACCR_RX_ALL           (1 << 14)
127 #define FTGMAC100_MACCR_HT_MULTI_EN      (1 << 15)
128 #define FTGMAC100_MACCR_RX_MULTIPKT      (1 << 16)
129 #define FTGMAC100_MACCR_RX_BROADPKT      (1 << 17)
130 #define FTGMAC100_MACCR_DISCARD_CRCERR   (1 << 18)
131 #define FTGMAC100_MACCR_FAST_MODE        (1 << 19)
132 #define FTGMAC100_MACCR_SW_RST           (1 << 31)
133 
134 /*
135  * Transmit descriptor
136  */
137 #define FTGMAC100_TXDES0_TXBUF_SIZE(x)   ((x) & 0x3fff)
138 #define FTGMAC100_TXDES0_EDOTR           (1 << 15)
139 #define FTGMAC100_TXDES0_CRC_ERR         (1 << 19)
140 #define FTGMAC100_TXDES0_LTS             (1 << 28)
141 #define FTGMAC100_TXDES0_FTS             (1 << 29)
142 #define FTGMAC100_TXDES0_EDOTR_ASPEED    (1 << 30)
143 #define FTGMAC100_TXDES0_TXDMA_OWN       (1 << 31)
144 
145 #define FTGMAC100_TXDES1_VLANTAG_CI(x)   ((x) & 0xffff)
146 #define FTGMAC100_TXDES1_INS_VLANTAG     (1 << 16)
147 #define FTGMAC100_TXDES1_TCP_CHKSUM      (1 << 17)
148 #define FTGMAC100_TXDES1_UDP_CHKSUM      (1 << 18)
149 #define FTGMAC100_TXDES1_IP_CHKSUM       (1 << 19)
150 #define FTGMAC100_TXDES1_LLC             (1 << 22)
151 #define FTGMAC100_TXDES1_TX2FIC          (1 << 30)
152 #define FTGMAC100_TXDES1_TXIC            (1 << 31)
153 
154 /*
155  * Receive descriptor
156  */
157 #define FTGMAC100_RXDES0_VDBC            0x3fff
158 #define FTGMAC100_RXDES0_EDORR           (1 << 15)
159 #define FTGMAC100_RXDES0_MULTICAST       (1 << 16)
160 #define FTGMAC100_RXDES0_BROADCAST       (1 << 17)
161 #define FTGMAC100_RXDES0_RX_ERR          (1 << 18)
162 #define FTGMAC100_RXDES0_CRC_ERR         (1 << 19)
163 #define FTGMAC100_RXDES0_FTL             (1 << 20)
164 #define FTGMAC100_RXDES0_RUNT            (1 << 21)
165 #define FTGMAC100_RXDES0_RX_ODD_NB       (1 << 22)
166 #define FTGMAC100_RXDES0_FIFO_FULL       (1 << 23)
167 #define FTGMAC100_RXDES0_PAUSE_OPCODE    (1 << 24)
168 #define FTGMAC100_RXDES0_PAUSE_FRAME     (1 << 25)
169 #define FTGMAC100_RXDES0_LRS             (1 << 28)
170 #define FTGMAC100_RXDES0_FRS             (1 << 29)
171 #define FTGMAC100_RXDES0_EDORR_ASPEED    (1 << 30)
172 #define FTGMAC100_RXDES0_RXPKT_RDY       (1 << 31)
173 
174 #define FTGMAC100_RXDES1_VLANTAG_CI      0xffff
175 #define FTGMAC100_RXDES1_PROT_MASK       (0x3 << 20)
176 #define FTGMAC100_RXDES1_PROT_NONIP      (0x0 << 20)
177 #define FTGMAC100_RXDES1_PROT_IP         (0x1 << 20)
178 #define FTGMAC100_RXDES1_PROT_TCPIP      (0x2 << 20)
179 #define FTGMAC100_RXDES1_PROT_UDPIP      (0x3 << 20)
180 #define FTGMAC100_RXDES1_LLC             (1 << 22)
181 #define FTGMAC100_RXDES1_DF              (1 << 23)
182 #define FTGMAC100_RXDES1_VLANTAG_AVAIL   (1 << 24)
183 #define FTGMAC100_RXDES1_TCP_CHKSUM_ERR  (1 << 25)
184 #define FTGMAC100_RXDES1_UDP_CHKSUM_ERR  (1 << 26)
185 #define FTGMAC100_RXDES1_IP_CHKSUM_ERR   (1 << 27)
186 
187 /*
188  * Receive and transmit Buffer Descriptor
189  */
190 typedef struct {
191     uint32_t        des0;
192     uint32_t        des1;
193     uint32_t        des2;        /* not used by HW */
194     uint32_t        des3;
195 } FTGMAC100Desc;
196 
197 /*
198  * Specific RTL8211E MII Registers
199  */
200 #define RTL8211E_MII_PHYCR        16 /* PHY Specific Control */
201 #define RTL8211E_MII_PHYSR        17 /* PHY Specific Status */
202 #define RTL8211E_MII_INER         18 /* Interrupt Enable */
203 #define RTL8211E_MII_INSR         19 /* Interrupt Status */
204 #define RTL8211E_MII_RXERC        24 /* Receive Error Counter */
205 #define RTL8211E_MII_LDPSR        27 /* Link Down Power Saving */
206 #define RTL8211E_MII_EPAGSR       30 /* Extension Page Select */
207 #define RTL8211E_MII_PAGSEL       31 /* Page Select */
208 
209 /*
210  * RTL8211E Interrupt Status
211  */
212 #define PHY_INT_AUTONEG_ERROR       (1 << 15)
213 #define PHY_INT_PAGE_RECV           (1 << 12)
214 #define PHY_INT_AUTONEG_COMPLETE    (1 << 11)
215 #define PHY_INT_LINK_STATUS         (1 << 10)
216 #define PHY_INT_ERROR               (1 << 9)
217 #define PHY_INT_DOWN                (1 << 8)
218 #define PHY_INT_JABBER              (1 << 0)
219 
220 /*
221  * Max frame size for the receiving buffer
222  */
223 #define FTGMAC100_MAX_FRAME_SIZE    9220
224 
225 /* Limits depending on the type of the frame
226  *
227  *   9216 for Jumbo frames (+ 4 for VLAN)
228  *   1518 for other frames (+ 4 for VLAN)
229  */
230 static int ftgmac100_max_frame_size(FTGMAC100State *s, uint16_t proto)
231 {
232     int max = (s->maccr & FTGMAC100_MACCR_JUMBO_LF ? 9216 : 1518);
233 
234     return max + (proto == ETH_P_VLAN ? 4 : 0);
235 }
236 
237 static void ftgmac100_update_irq(FTGMAC100State *s)
238 {
239     qemu_set_irq(s->irq, s->isr & s->ier);
240 }
241 
242 /*
243  * The MII phy could raise a GPIO to the processor which in turn
244  * could be handled as an interrpt by the OS.
245  * For now we don't handle any GPIO/interrupt line, so the OS will
246  * have to poll for the PHY status.
247  */
248 static void phy_update_irq(FTGMAC100State *s)
249 {
250     ftgmac100_update_irq(s);
251 }
252 
253 static void phy_update_link(FTGMAC100State *s)
254 {
255     /* Autonegotiation status mirrors link status.  */
256     if (qemu_get_queue(s->nic)->link_down) {
257         s->phy_status &= ~(MII_BMSR_LINK_ST | MII_BMSR_AN_COMP);
258         s->phy_int |= PHY_INT_DOWN;
259     } else {
260         s->phy_status |= (MII_BMSR_LINK_ST | MII_BMSR_AN_COMP);
261         s->phy_int |= PHY_INT_AUTONEG_COMPLETE;
262     }
263     phy_update_irq(s);
264 }
265 
266 static void ftgmac100_set_link(NetClientState *nc)
267 {
268     phy_update_link(FTGMAC100(qemu_get_nic_opaque(nc)));
269 }
270 
271 static void phy_reset(FTGMAC100State *s)
272 {
273     s->phy_status = (MII_BMSR_100TX_FD | MII_BMSR_100TX_HD | MII_BMSR_10T_FD |
274                      MII_BMSR_10T_HD | MII_BMSR_EXTSTAT | MII_BMSR_MFPS |
275                      MII_BMSR_AN_COMP | MII_BMSR_AUTONEG | MII_BMSR_LINK_ST |
276                      MII_BMSR_EXTCAP);
277     s->phy_control = (MII_BMCR_AUTOEN | MII_BMCR_FD | MII_BMCR_SPEED1000);
278     s->phy_advertise = (MII_ANAR_PAUSE_ASYM | MII_ANAR_PAUSE | MII_ANAR_TXFD |
279                         MII_ANAR_TX | MII_ANAR_10FD | MII_ANAR_10 |
280                         MII_ANAR_CSMACD);
281     s->phy_int_mask = 0;
282     s->phy_int = 0;
283 }
284 
285 static uint16_t do_phy_read(FTGMAC100State *s, uint8_t reg)
286 {
287     uint16_t val;
288 
289     switch (reg) {
290     case MII_BMCR: /* Basic Control */
291         val = s->phy_control;
292         break;
293     case MII_BMSR: /* Basic Status */
294         val = s->phy_status;
295         break;
296     case MII_PHYID1: /* ID1 */
297         val = RTL8211E_PHYID1;
298         break;
299     case MII_PHYID2: /* ID2 */
300         val = RTL8211E_PHYID2;
301         break;
302     case MII_ANAR: /* Auto-neg advertisement */
303         val = s->phy_advertise;
304         break;
305     case MII_ANLPAR: /* Auto-neg Link Partner Ability */
306         val = (MII_ANLPAR_ACK | MII_ANLPAR_PAUSE | MII_ANLPAR_TXFD |
307                MII_ANLPAR_TX | MII_ANLPAR_10FD | MII_ANLPAR_10 |
308                MII_ANLPAR_CSMACD);
309         break;
310     case MII_ANER: /* Auto-neg Expansion */
311         val = MII_ANER_NWAY;
312         break;
313     case MII_CTRL1000: /* 1000BASE-T control  */
314         val = (MII_CTRL1000_HALF | MII_CTRL1000_FULL);
315         break;
316     case MII_STAT1000: /* 1000BASE-T status  */
317         val = MII_STAT1000_FULL;
318         break;
319     case RTL8211E_MII_INSR:  /* Interrupt status.  */
320         val = s->phy_int;
321         s->phy_int = 0;
322         phy_update_irq(s);
323         break;
324     case RTL8211E_MII_INER:  /* Interrupt enable */
325         val = s->phy_int_mask;
326         break;
327     case RTL8211E_MII_PHYCR:
328     case RTL8211E_MII_PHYSR:
329     case RTL8211E_MII_RXERC:
330     case RTL8211E_MII_LDPSR:
331     case RTL8211E_MII_EPAGSR:
332     case RTL8211E_MII_PAGSEL:
333         qemu_log_mask(LOG_UNIMP, "%s: reg %d not implemented\n",
334                       __func__, reg);
335         val = 0;
336         break;
337     default:
338         qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad address at offset %d\n",
339                       __func__, reg);
340         val = 0;
341         break;
342     }
343 
344     return val;
345 }
346 
347 #define MII_BMCR_MASK (MII_BMCR_LOOPBACK | MII_BMCR_SPEED100 |          \
348                        MII_BMCR_SPEED | MII_BMCR_AUTOEN | MII_BMCR_PDOWN | \
349                        MII_BMCR_FD | MII_BMCR_CTST)
350 #define MII_ANAR_MASK 0x2d7f
351 
352 static void do_phy_write(FTGMAC100State *s, uint8_t reg, uint16_t val)
353 {
354     switch (reg) {
355     case MII_BMCR:     /* Basic Control */
356         if (val & MII_BMCR_RESET) {
357             phy_reset(s);
358         } else {
359             s->phy_control = val & MII_BMCR_MASK;
360             /* Complete autonegotiation immediately.  */
361             if (val & MII_BMCR_AUTOEN) {
362                 s->phy_status |= MII_BMSR_AN_COMP;
363             }
364         }
365         break;
366     case MII_ANAR:     /* Auto-neg advertisement */
367         s->phy_advertise = (val & MII_ANAR_MASK) | MII_ANAR_TX;
368         break;
369     case RTL8211E_MII_INER: /* Interrupt enable */
370         s->phy_int_mask = val & 0xff;
371         phy_update_irq(s);
372         break;
373     case RTL8211E_MII_PHYCR:
374     case RTL8211E_MII_PHYSR:
375     case RTL8211E_MII_RXERC:
376     case RTL8211E_MII_LDPSR:
377     case RTL8211E_MII_EPAGSR:
378     case RTL8211E_MII_PAGSEL:
379         qemu_log_mask(LOG_UNIMP, "%s: reg %d not implemented\n",
380                       __func__, reg);
381         break;
382     default:
383         qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad address at offset %d\n",
384                       __func__, reg);
385         break;
386     }
387 }
388 
389 static void do_phy_new_ctl(FTGMAC100State *s)
390 {
391     uint8_t reg;
392     uint16_t data;
393 
394     if (!(s->phycr & FTGMAC100_PHYCR_NEW_ST_22)) {
395         qemu_log_mask(LOG_UNIMP, "%s: unsupported ST code\n", __func__);
396         return;
397     }
398 
399     /* Nothing to do */
400     if (!(s->phycr & FTGMAC100_PHYCR_NEW_FIRE)) {
401         return;
402     }
403 
404     reg = FTGMAC100_PHYCR_NEW_REG(s->phycr);
405     data = FTGMAC100_PHYCR_NEW_DATA(s->phycr);
406 
407     switch (FTGMAC100_PHYCR_NEW_OP(s->phycr)) {
408     case FTGMAC100_PHYCR_NEW_OP_WRITE:
409         do_phy_write(s, reg, data);
410         break;
411     case FTGMAC100_PHYCR_NEW_OP_READ:
412         s->phydata = do_phy_read(s, reg) & 0xffff;
413         break;
414     default:
415         qemu_log_mask(LOG_GUEST_ERROR, "%s: invalid OP code %08x\n",
416                       __func__, s->phycr);
417     }
418 
419     s->phycr &= ~FTGMAC100_PHYCR_NEW_FIRE;
420 }
421 
422 static void do_phy_ctl(FTGMAC100State *s)
423 {
424     uint8_t reg = FTGMAC100_PHYCR_REG(s->phycr);
425 
426     if (s->phycr & FTGMAC100_PHYCR_MIIWR) {
427         do_phy_write(s, reg, s->phydata & 0xffff);
428         s->phycr &= ~FTGMAC100_PHYCR_MIIWR;
429     } else if (s->phycr & FTGMAC100_PHYCR_MIIRD) {
430         s->phydata = do_phy_read(s, reg) << 16;
431         s->phycr &= ~FTGMAC100_PHYCR_MIIRD;
432     } else {
433         qemu_log_mask(LOG_GUEST_ERROR, "%s: no OP code %08x\n",
434                       __func__, s->phycr);
435     }
436 }
437 
438 static int ftgmac100_read_bd(FTGMAC100Desc *bd, dma_addr_t addr)
439 {
440     if (dma_memory_read(&address_space_memory, addr, bd, sizeof(*bd))) {
441         qemu_log_mask(LOG_GUEST_ERROR, "%s: failed to read descriptor @ 0x%"
442                       HWADDR_PRIx "\n", __func__, addr);
443         return -1;
444     }
445     bd->des0 = le32_to_cpu(bd->des0);
446     bd->des1 = le32_to_cpu(bd->des1);
447     bd->des2 = le32_to_cpu(bd->des2);
448     bd->des3 = le32_to_cpu(bd->des3);
449     return 0;
450 }
451 
452 static int ftgmac100_write_bd(FTGMAC100Desc *bd, dma_addr_t addr)
453 {
454     FTGMAC100Desc lebd;
455 
456     lebd.des0 = cpu_to_le32(bd->des0);
457     lebd.des1 = cpu_to_le32(bd->des1);
458     lebd.des2 = cpu_to_le32(bd->des2);
459     lebd.des3 = cpu_to_le32(bd->des3);
460     if (dma_memory_write(&address_space_memory, addr, &lebd, sizeof(lebd))) {
461         qemu_log_mask(LOG_GUEST_ERROR, "%s: failed to write descriptor @ 0x%"
462                       HWADDR_PRIx "\n", __func__, addr);
463         return -1;
464     }
465     return 0;
466 }
467 
468 static void ftgmac100_do_tx(FTGMAC100State *s, uint32_t tx_ring,
469                             uint32_t tx_descriptor)
470 {
471     int frame_size = 0;
472     uint8_t *ptr = s->frame;
473     uint32_t addr = tx_descriptor;
474     uint32_t flags = 0;
475 
476     while (1) {
477         FTGMAC100Desc bd;
478         int len;
479 
480         if (ftgmac100_read_bd(&bd, addr) ||
481             ((bd.des0 & FTGMAC100_TXDES0_TXDMA_OWN) == 0)) {
482             /* Run out of descriptors to transmit.  */
483             s->isr |= FTGMAC100_INT_NO_NPTXBUF;
484             break;
485         }
486 
487         /* record transmit flags as they are valid only on the first
488          * segment */
489         if (bd.des0 & FTGMAC100_TXDES0_FTS) {
490             flags = bd.des1;
491         }
492 
493         len = FTGMAC100_TXDES0_TXBUF_SIZE(bd.des0);
494         if (frame_size + len > sizeof(s->frame)) {
495             qemu_log_mask(LOG_GUEST_ERROR, "%s: frame too big : %d bytes\n",
496                           __func__, len);
497             s->isr |= FTGMAC100_INT_XPKT_LOST;
498             len =  sizeof(s->frame) - frame_size;
499         }
500 
501         if (dma_memory_read(&address_space_memory, bd.des3, ptr, len)) {
502             qemu_log_mask(LOG_GUEST_ERROR, "%s: failed to read packet @ 0x%x\n",
503                           __func__, bd.des3);
504             s->isr |= FTGMAC100_INT_NO_NPTXBUF;
505             break;
506         }
507 
508         /* Check for VLAN */
509         if (bd.des0 & FTGMAC100_TXDES0_FTS &&
510             bd.des1 & FTGMAC100_TXDES1_INS_VLANTAG &&
511             be16_to_cpu(PKT_GET_ETH_HDR(ptr)->h_proto) != ETH_P_VLAN) {
512             if (frame_size + len + 4 > sizeof(s->frame)) {
513                 qemu_log_mask(LOG_GUEST_ERROR, "%s: frame too big : %d bytes\n",
514                               __func__, len);
515                 s->isr |= FTGMAC100_INT_XPKT_LOST;
516                 len =  sizeof(s->frame) - frame_size - 4;
517             }
518             memmove(ptr + 16, ptr + 12, len - 12);
519             stw_be_p(ptr + 12, ETH_P_VLAN);
520             stw_be_p(ptr + 14, bd.des1);
521             len += 4;
522         }
523 
524         ptr += len;
525         frame_size += len;
526         if (bd.des0 & FTGMAC100_TXDES0_LTS) {
527             if (flags & FTGMAC100_TXDES1_IP_CHKSUM) {
528                 net_checksum_calculate(s->frame, frame_size);
529             }
530             /* Last buffer in frame.  */
531             qemu_send_packet(qemu_get_queue(s->nic), s->frame, frame_size);
532             ptr = s->frame;
533             frame_size = 0;
534             if (flags & FTGMAC100_TXDES1_TXIC) {
535                 s->isr |= FTGMAC100_INT_XPKT_ETH;
536             }
537         }
538 
539         if (flags & FTGMAC100_TXDES1_TX2FIC) {
540             s->isr |= FTGMAC100_INT_XPKT_FIFO;
541         }
542         bd.des0 &= ~FTGMAC100_TXDES0_TXDMA_OWN;
543 
544         /* Write back the modified descriptor.  */
545         ftgmac100_write_bd(&bd, addr);
546         /* Advance to the next descriptor.  */
547         if (bd.des0 & s->txdes0_edotr) {
548             addr = tx_ring;
549         } else {
550             addr += sizeof(FTGMAC100Desc);
551         }
552     }
553 
554     s->tx_descriptor = addr;
555 
556     ftgmac100_update_irq(s);
557 }
558 
559 static int ftgmac100_can_receive(NetClientState *nc)
560 {
561     FTGMAC100State *s = FTGMAC100(qemu_get_nic_opaque(nc));
562     FTGMAC100Desc bd;
563 
564     if ((s->maccr & (FTGMAC100_MACCR_RXDMA_EN | FTGMAC100_MACCR_RXMAC_EN))
565          != (FTGMAC100_MACCR_RXDMA_EN | FTGMAC100_MACCR_RXMAC_EN)) {
566         return 0;
567     }
568 
569     if (ftgmac100_read_bd(&bd, s->rx_descriptor)) {
570         return 0;
571     }
572     return !(bd.des0 & FTGMAC100_RXDES0_RXPKT_RDY);
573 }
574 
575 /*
576  * This is purely informative. The HW can poll the RW (and RX) ring
577  * buffers for available descriptors but we don't need to trigger a
578  * timer for that in qemu.
579  */
580 static uint32_t ftgmac100_rxpoll(FTGMAC100State *s)
581 {
582     /* Polling times :
583      *
584      * Speed      TIME_SEL=0    TIME_SEL=1
585      *
586      *    10         51.2 ms      819.2 ms
587      *   100         5.12 ms      81.92 ms
588      *  1000        1.024 ms     16.384 ms
589      */
590     static const int div[] = { 20, 200, 1000 };
591 
592     uint32_t cnt = 1024 * FTGMAC100_APTC_RXPOLL_CNT(s->aptcr);
593     uint32_t speed = (s->maccr & FTGMAC100_MACCR_FAST_MODE) ? 1 : 0;
594 
595     if (s->aptcr & FTGMAC100_APTC_RXPOLL_TIME_SEL) {
596         cnt <<= 4;
597     }
598 
599     if (s->maccr & FTGMAC100_MACCR_GIGA_MODE) {
600         speed = 2;
601     }
602 
603     return cnt / div[speed];
604 }
605 
606 static void ftgmac100_reset(DeviceState *d)
607 {
608     FTGMAC100State *s = FTGMAC100(d);
609 
610     /* Reset the FTGMAC100 */
611     s->isr = 0;
612     s->ier = 0;
613     s->rx_enabled = 0;
614     s->rx_ring = 0;
615     s->rbsr = 0x640;
616     s->rx_descriptor = 0;
617     s->tx_ring = 0;
618     s->tx_descriptor = 0;
619     s->math[0] = 0;
620     s->math[1] = 0;
621     s->itc = 0;
622     s->aptcr = 1;
623     s->dblac = 0x00022f00;
624     s->revr = 0;
625     s->fear1 = 0;
626     s->tpafcr = 0xf1;
627 
628     s->maccr = 0;
629     s->phycr = 0;
630     s->phydata = 0;
631     s->fcr = 0x400;
632 
633     /* and the PHY */
634     phy_reset(s);
635 }
636 
637 static uint64_t ftgmac100_read(void *opaque, hwaddr addr, unsigned size)
638 {
639     FTGMAC100State *s = FTGMAC100(opaque);
640 
641     switch (addr & 0xff) {
642     case FTGMAC100_ISR:
643         return s->isr;
644     case FTGMAC100_IER:
645         return s->ier;
646     case FTGMAC100_MAC_MADR:
647         return (s->conf.macaddr.a[0] << 8)  | s->conf.macaddr.a[1];
648     case FTGMAC100_MAC_LADR:
649         return ((uint32_t) s->conf.macaddr.a[2] << 24) |
650             (s->conf.macaddr.a[3] << 16) | (s->conf.macaddr.a[4] << 8) |
651             s->conf.macaddr.a[5];
652     case FTGMAC100_MATH0:
653         return s->math[0];
654     case FTGMAC100_MATH1:
655         return s->math[1];
656     case FTGMAC100_ITC:
657         return s->itc;
658     case FTGMAC100_DBLAC:
659         return s->dblac;
660     case FTGMAC100_REVR:
661         return s->revr;
662     case FTGMAC100_FEAR1:
663         return s->fear1;
664     case FTGMAC100_TPAFCR:
665         return s->tpafcr;
666     case FTGMAC100_FCR:
667         return s->fcr;
668     case FTGMAC100_MACCR:
669         return s->maccr;
670     case FTGMAC100_PHYCR:
671         return s->phycr;
672     case FTGMAC100_PHYDATA:
673         return s->phydata;
674 
675         /* We might want to support these one day */
676     case FTGMAC100_HPTXPD: /* High Priority Transmit Poll Demand */
677     case FTGMAC100_HPTXR_BADR: /* High Priority Transmit Ring Base Address */
678     case FTGMAC100_MACSR: /* MAC Status Register (MACSR) */
679         qemu_log_mask(LOG_UNIMP, "%s: read to unimplemented register 0x%"
680                       HWADDR_PRIx "\n", __func__, addr);
681         return 0;
682     default:
683         qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad address at offset 0x%"
684                       HWADDR_PRIx "\n", __func__, addr);
685         return 0;
686     }
687 }
688 
689 static void ftgmac100_write(void *opaque, hwaddr addr,
690                           uint64_t value, unsigned size)
691 {
692     FTGMAC100State *s = FTGMAC100(opaque);
693 
694     switch (addr & 0xff) {
695     case FTGMAC100_ISR: /* Interrupt status */
696         s->isr &= ~value;
697         break;
698     case FTGMAC100_IER: /* Interrupt control */
699         s->ier = value;
700         break;
701     case FTGMAC100_MAC_MADR: /* MAC */
702         s->conf.macaddr.a[0] = value >> 8;
703         s->conf.macaddr.a[1] = value;
704         break;
705     case FTGMAC100_MAC_LADR:
706         s->conf.macaddr.a[2] = value >> 24;
707         s->conf.macaddr.a[3] = value >> 16;
708         s->conf.macaddr.a[4] = value >> 8;
709         s->conf.macaddr.a[5] = value;
710         break;
711     case FTGMAC100_MATH0: /* Multicast Address Hash Table 0 */
712         s->math[0] = value;
713         break;
714     case FTGMAC100_MATH1: /* Multicast Address Hash Table 1 */
715         s->math[1] = value;
716         break;
717     case FTGMAC100_ITC: /* TODO: Interrupt Timer Control */
718         s->itc = value;
719         break;
720     case FTGMAC100_RXR_BADR: /* Ring buffer address */
721         s->rx_ring = value;
722         s->rx_descriptor = s->rx_ring;
723         break;
724 
725     case FTGMAC100_RBSR: /* DMA buffer size */
726         s->rbsr = value;
727         break;
728 
729     case FTGMAC100_NPTXR_BADR: /* Transmit buffer address */
730         s->tx_ring = value;
731         s->tx_descriptor = s->tx_ring;
732         break;
733 
734     case FTGMAC100_NPTXPD: /* Trigger transmit */
735         if ((s->maccr & (FTGMAC100_MACCR_TXDMA_EN | FTGMAC100_MACCR_TXMAC_EN))
736             == (FTGMAC100_MACCR_TXDMA_EN | FTGMAC100_MACCR_TXMAC_EN)) {
737             /* TODO: high priority tx ring */
738             ftgmac100_do_tx(s, s->tx_ring, s->tx_descriptor);
739         }
740         if (ftgmac100_can_receive(qemu_get_queue(s->nic))) {
741             qemu_flush_queued_packets(qemu_get_queue(s->nic));
742         }
743         break;
744 
745     case FTGMAC100_RXPD: /* Receive Poll Demand Register */
746         if (ftgmac100_can_receive(qemu_get_queue(s->nic))) {
747             qemu_flush_queued_packets(qemu_get_queue(s->nic));
748         }
749         break;
750 
751     case FTGMAC100_APTC: /* Automatic polling */
752         s->aptcr = value;
753 
754         if (FTGMAC100_APTC_RXPOLL_CNT(s->aptcr)) {
755             ftgmac100_rxpoll(s);
756         }
757 
758         if (FTGMAC100_APTC_TXPOLL_CNT(s->aptcr)) {
759             qemu_log_mask(LOG_UNIMP, "%s: no transmit polling\n", __func__);
760         }
761         break;
762 
763     case FTGMAC100_MACCR: /* MAC Device control */
764         s->maccr = value;
765         if (value & FTGMAC100_MACCR_SW_RST) {
766             ftgmac100_reset(DEVICE(s));
767         }
768 
769         if (ftgmac100_can_receive(qemu_get_queue(s->nic))) {
770             qemu_flush_queued_packets(qemu_get_queue(s->nic));
771         }
772         break;
773 
774     case FTGMAC100_PHYCR:  /* PHY Device control */
775         s->phycr = value;
776         if (s->revr & FTGMAC100_REVR_NEW_MDIO_INTERFACE) {
777             do_phy_new_ctl(s);
778         } else {
779             do_phy_ctl(s);
780         }
781         break;
782     case FTGMAC100_PHYDATA:
783         s->phydata = value & 0xffff;
784         break;
785     case FTGMAC100_DBLAC: /* DMA Burst Length and Arbitration Control */
786         s->dblac = value;
787         break;
788     case FTGMAC100_REVR:  /* Feature Register */
789         s->revr = value;
790         break;
791     case FTGMAC100_FEAR1: /* Feature Register 1 */
792         s->fear1 = value;
793         break;
794     case FTGMAC100_TPAFCR: /* Transmit Priority Arbitration and FIFO Control */
795         s->tpafcr = value;
796         break;
797     case FTGMAC100_FCR: /* Flow Control  */
798         s->fcr  = value;
799         break;
800 
801     case FTGMAC100_HPTXPD: /* High Priority Transmit Poll Demand */
802     case FTGMAC100_HPTXR_BADR: /* High Priority Transmit Ring Base Address */
803     case FTGMAC100_MACSR: /* MAC Status Register (MACSR) */
804         qemu_log_mask(LOG_UNIMP, "%s: write to unimplemented register 0x%"
805                       HWADDR_PRIx "\n", __func__, addr);
806         break;
807     default:
808         qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad address at offset 0x%"
809                       HWADDR_PRIx "\n", __func__, addr);
810         break;
811     }
812 
813     ftgmac100_update_irq(s);
814 }
815 
816 static int ftgmac100_filter(FTGMAC100State *s, const uint8_t *buf, size_t len)
817 {
818     unsigned mcast_idx;
819 
820     if (s->maccr & FTGMAC100_MACCR_RX_ALL) {
821         return 1;
822     }
823 
824     switch (get_eth_packet_type(PKT_GET_ETH_HDR(buf))) {
825     case ETH_PKT_BCAST:
826         if (!(s->maccr & FTGMAC100_MACCR_RX_BROADPKT)) {
827             return 0;
828         }
829         break;
830     case ETH_PKT_MCAST:
831         if (!(s->maccr & FTGMAC100_MACCR_RX_MULTIPKT)) {
832             if (!(s->maccr & FTGMAC100_MACCR_HT_MULTI_EN)) {
833                 return 0;
834             }
835 
836             mcast_idx = net_crc32_le(buf, ETH_ALEN);
837             mcast_idx = (~(mcast_idx >> 2)) & 0x3f;
838             if (!(s->math[mcast_idx / 32] & (1 << (mcast_idx % 32)))) {
839                 return 0;
840             }
841         }
842         break;
843     case ETH_PKT_UCAST:
844         if (memcmp(s->conf.macaddr.a, buf, 6)) {
845             return 0;
846         }
847         break;
848     }
849 
850     return 1;
851 }
852 
853 static ssize_t ftgmac100_receive(NetClientState *nc, const uint8_t *buf,
854                                  size_t len)
855 {
856     FTGMAC100State *s = FTGMAC100(qemu_get_nic_opaque(nc));
857     FTGMAC100Desc bd;
858     uint32_t flags = 0;
859     uint32_t addr;
860     uint32_t crc;
861     uint32_t buf_addr;
862     uint8_t *crc_ptr;
863     uint32_t buf_len;
864     size_t size = len;
865     uint32_t first = FTGMAC100_RXDES0_FRS;
866     uint16_t proto = be16_to_cpu(PKT_GET_ETH_HDR(buf)->h_proto);
867     int max_frame_size = ftgmac100_max_frame_size(s, proto);
868 
869     if ((s->maccr & (FTGMAC100_MACCR_RXDMA_EN | FTGMAC100_MACCR_RXMAC_EN))
870          != (FTGMAC100_MACCR_RXDMA_EN | FTGMAC100_MACCR_RXMAC_EN)) {
871         return -1;
872     }
873 
874     /* TODO : Pad to minimum Ethernet frame length */
875     /* handle small packets.  */
876     if (size < 10) {
877         qemu_log_mask(LOG_GUEST_ERROR, "%s: dropped frame of %zd bytes\n",
878                       __func__, size);
879         return size;
880     }
881 
882     if (!ftgmac100_filter(s, buf, size)) {
883         return size;
884     }
885 
886     /* 4 bytes for the CRC.  */
887     size += 4;
888     crc = cpu_to_be32(crc32(~0, buf, size));
889     crc_ptr = (uint8_t *) &crc;
890 
891     /* Huge frames are truncated.  */
892     if (size > max_frame_size) {
893         qemu_log_mask(LOG_GUEST_ERROR, "%s: frame too big : %zd bytes\n",
894                       __func__, size);
895         size = max_frame_size;
896         flags |= FTGMAC100_RXDES0_FTL;
897     }
898 
899     switch (get_eth_packet_type(PKT_GET_ETH_HDR(buf))) {
900     case ETH_PKT_BCAST:
901         flags |= FTGMAC100_RXDES0_BROADCAST;
902         break;
903     case ETH_PKT_MCAST:
904         flags |= FTGMAC100_RXDES0_MULTICAST;
905         break;
906     case ETH_PKT_UCAST:
907         break;
908     }
909 
910     addr = s->rx_descriptor;
911     while (size > 0) {
912         if (!ftgmac100_can_receive(nc)) {
913             qemu_log_mask(LOG_GUEST_ERROR, "%s: Unexpected packet\n", __func__);
914             return -1;
915         }
916 
917         if (ftgmac100_read_bd(&bd, addr) ||
918             (bd.des0 & FTGMAC100_RXDES0_RXPKT_RDY)) {
919             /* No descriptors available.  Bail out.  */
920             qemu_log_mask(LOG_GUEST_ERROR, "%s: Lost end of frame\n",
921                           __func__);
922             s->isr |= FTGMAC100_INT_NO_RXBUF;
923             break;
924         }
925         buf_len = (size <= s->rbsr) ? size : s->rbsr;
926         bd.des0 |= buf_len & 0x3fff;
927         size -= buf_len;
928 
929         /* The last 4 bytes are the CRC.  */
930         if (size < 4) {
931             buf_len += size - 4;
932         }
933         buf_addr = bd.des3;
934         if (first && proto == ETH_P_VLAN && buf_len >= 18) {
935             bd.des1 = lduw_be_p(buf + 14) | FTGMAC100_RXDES1_VLANTAG_AVAIL;
936 
937             if (s->maccr & FTGMAC100_MACCR_RM_VLAN) {
938                 dma_memory_write(&address_space_memory, buf_addr, buf, 12);
939                 dma_memory_write(&address_space_memory, buf_addr + 12, buf + 16,
940                                  buf_len - 16);
941             } else {
942                 dma_memory_write(&address_space_memory, buf_addr, buf, buf_len);
943             }
944         } else {
945             bd.des1 = 0;
946             dma_memory_write(&address_space_memory, buf_addr, buf, buf_len);
947         }
948         buf += buf_len;
949         if (size < 4) {
950             dma_memory_write(&address_space_memory, buf_addr + buf_len,
951                              crc_ptr, 4 - size);
952             crc_ptr += 4 - size;
953         }
954 
955         bd.des0 |= first | FTGMAC100_RXDES0_RXPKT_RDY;
956         first = 0;
957         if (size == 0) {
958             /* Last buffer in frame.  */
959             bd.des0 |= flags | FTGMAC100_RXDES0_LRS;
960             s->isr |= FTGMAC100_INT_RPKT_BUF;
961         } else {
962             s->isr |= FTGMAC100_INT_RPKT_FIFO;
963         }
964         ftgmac100_write_bd(&bd, addr);
965         if (bd.des0 & s->rxdes0_edorr) {
966             addr = s->rx_ring;
967         } else {
968             addr += sizeof(FTGMAC100Desc);
969         }
970     }
971     s->rx_descriptor = addr;
972 
973     ftgmac100_update_irq(s);
974     return len;
975 }
976 
977 static const MemoryRegionOps ftgmac100_ops = {
978     .read = ftgmac100_read,
979     .write = ftgmac100_write,
980     .valid.min_access_size = 4,
981     .valid.max_access_size = 4,
982     .endianness = DEVICE_LITTLE_ENDIAN,
983 };
984 
985 static void ftgmac100_cleanup(NetClientState *nc)
986 {
987     FTGMAC100State *s = FTGMAC100(qemu_get_nic_opaque(nc));
988 
989     s->nic = NULL;
990 }
991 
992 static NetClientInfo net_ftgmac100_info = {
993     .type = NET_CLIENT_DRIVER_NIC,
994     .size = sizeof(NICState),
995     .can_receive = ftgmac100_can_receive,
996     .receive = ftgmac100_receive,
997     .cleanup = ftgmac100_cleanup,
998     .link_status_changed = ftgmac100_set_link,
999 };
1000 
1001 static void ftgmac100_realize(DeviceState *dev, Error **errp)
1002 {
1003     FTGMAC100State *s = FTGMAC100(dev);
1004     SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
1005 
1006     if (s->aspeed) {
1007         s->txdes0_edotr = FTGMAC100_TXDES0_EDOTR_ASPEED;
1008         s->rxdes0_edorr = FTGMAC100_RXDES0_EDORR_ASPEED;
1009     } else {
1010         s->txdes0_edotr = FTGMAC100_TXDES0_EDOTR;
1011         s->rxdes0_edorr = FTGMAC100_RXDES0_EDORR;
1012     }
1013 
1014     memory_region_init_io(&s->iomem, OBJECT(dev), &ftgmac100_ops, s,
1015                           TYPE_FTGMAC100, 0x2000);
1016     sysbus_init_mmio(sbd, &s->iomem);
1017     sysbus_init_irq(sbd, &s->irq);
1018     qemu_macaddr_default_if_unset(&s->conf.macaddr);
1019 
1020     s->conf.peers.ncs[0] = nd_table[0].netdev;
1021 
1022     s->nic = qemu_new_nic(&net_ftgmac100_info, &s->conf,
1023                           object_get_typename(OBJECT(dev)), DEVICE(dev)->id,
1024                           s);
1025     qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a);
1026 }
1027 
1028 static const VMStateDescription vmstate_ftgmac100 = {
1029     .name = TYPE_FTGMAC100,
1030     .version_id = 1,
1031     .minimum_version_id = 1,
1032     .fields = (VMStateField[]) {
1033         VMSTATE_UINT32(irq_state, FTGMAC100State),
1034         VMSTATE_UINT32(isr, FTGMAC100State),
1035         VMSTATE_UINT32(ier, FTGMAC100State),
1036         VMSTATE_UINT32(rx_enabled, FTGMAC100State),
1037         VMSTATE_UINT32(rx_ring, FTGMAC100State),
1038         VMSTATE_UINT32(rbsr, FTGMAC100State),
1039         VMSTATE_UINT32(tx_ring, FTGMAC100State),
1040         VMSTATE_UINT32(rx_descriptor, FTGMAC100State),
1041         VMSTATE_UINT32(tx_descriptor, FTGMAC100State),
1042         VMSTATE_UINT32_ARRAY(math, FTGMAC100State, 2),
1043         VMSTATE_UINT32(itc, FTGMAC100State),
1044         VMSTATE_UINT32(aptcr, FTGMAC100State),
1045         VMSTATE_UINT32(dblac, FTGMAC100State),
1046         VMSTATE_UINT32(revr, FTGMAC100State),
1047         VMSTATE_UINT32(fear1, FTGMAC100State),
1048         VMSTATE_UINT32(tpafcr, FTGMAC100State),
1049         VMSTATE_UINT32(maccr, FTGMAC100State),
1050         VMSTATE_UINT32(phycr, FTGMAC100State),
1051         VMSTATE_UINT32(phydata, FTGMAC100State),
1052         VMSTATE_UINT32(fcr, FTGMAC100State),
1053         VMSTATE_UINT32(phy_status, FTGMAC100State),
1054         VMSTATE_UINT32(phy_control, FTGMAC100State),
1055         VMSTATE_UINT32(phy_advertise, FTGMAC100State),
1056         VMSTATE_UINT32(phy_int, FTGMAC100State),
1057         VMSTATE_UINT32(phy_int_mask, FTGMAC100State),
1058         VMSTATE_UINT32(txdes0_edotr, FTGMAC100State),
1059         VMSTATE_UINT32(rxdes0_edorr, FTGMAC100State),
1060         VMSTATE_END_OF_LIST()
1061     }
1062 };
1063 
1064 static Property ftgmac100_properties[] = {
1065     DEFINE_PROP_BOOL("aspeed", FTGMAC100State, aspeed, false),
1066     DEFINE_NIC_PROPERTIES(FTGMAC100State, conf),
1067     DEFINE_PROP_END_OF_LIST(),
1068 };
1069 
1070 static void ftgmac100_class_init(ObjectClass *klass, void *data)
1071 {
1072     DeviceClass *dc = DEVICE_CLASS(klass);
1073 
1074     dc->vmsd = &vmstate_ftgmac100;
1075     dc->reset = ftgmac100_reset;
1076     dc->props = ftgmac100_properties;
1077     set_bit(DEVICE_CATEGORY_NETWORK, dc->categories);
1078     dc->realize = ftgmac100_realize;
1079     dc->desc = "Faraday FTGMAC100 Gigabit Ethernet emulation";
1080 }
1081 
1082 static const TypeInfo ftgmac100_info = {
1083     .name = TYPE_FTGMAC100,
1084     .parent = TYPE_SYS_BUS_DEVICE,
1085     .instance_size = sizeof(FTGMAC100State),
1086     .class_init = ftgmac100_class_init,
1087 };
1088 
1089 static void ftgmac100_register_types(void)
1090 {
1091     type_register_static(&ftgmac100_info);
1092 }
1093 
1094 type_init(ftgmac100_register_types)
1095