xref: /openbmc/qemu/hw/net/ftgmac100.c (revision 8d3031fa)
1 /*
2  * Faraday FTGMAC100 Gigabit Ethernet
3  *
4  * Copyright (C) 2016-2017, IBM Corporation.
5  *
6  * Based on Coldfire Fast Ethernet Controller emulation.
7  *
8  * Copyright (c) 2007 CodeSourcery.
9  *
10  * This code is licensed under the GPL version 2 or later. See the
11  * COPYING file in the top-level directory.
12  */
13 
14 #include "qemu/osdep.h"
15 #include "hw/irq.h"
16 #include "hw/net/ftgmac100.h"
17 #include "sysemu/dma.h"
18 #include "qapi/error.h"
19 #include "qemu/log.h"
20 #include "qemu/module.h"
21 #include "net/checksum.h"
22 #include "net/eth.h"
23 #include "hw/net/mii.h"
24 #include "hw/qdev-properties.h"
25 #include "migration/vmstate.h"
26 
27 #include <zlib.h> /* for crc32 */
28 
29 /*
30  * FTGMAC100 registers
31  */
32 #define FTGMAC100_ISR             0x00
33 #define FTGMAC100_IER             0x04
34 #define FTGMAC100_MAC_MADR        0x08
35 #define FTGMAC100_MAC_LADR        0x0c
36 #define FTGMAC100_MATH0           0x10
37 #define FTGMAC100_MATH1           0x14
38 #define FTGMAC100_NPTXPD          0x18
39 #define FTGMAC100_RXPD            0x1C
40 #define FTGMAC100_NPTXR_BADR      0x20
41 #define FTGMAC100_RXR_BADR        0x24
42 #define FTGMAC100_HPTXPD          0x28
43 #define FTGMAC100_HPTXR_BADR      0x2c
44 #define FTGMAC100_ITC             0x30
45 #define FTGMAC100_APTC            0x34
46 #define FTGMAC100_DBLAC           0x38
47 #define FTGMAC100_REVR            0x40
48 #define FTGMAC100_FEAR1           0x44
49 #define FTGMAC100_RBSR            0x4c
50 #define FTGMAC100_TPAFCR          0x48
51 
52 #define FTGMAC100_MACCR           0x50
53 #define FTGMAC100_MACSR           0x54
54 #define FTGMAC100_PHYCR           0x60
55 #define FTGMAC100_PHYDATA         0x64
56 #define FTGMAC100_FCR             0x68
57 
58 /*
59  * FTGMAC100 registers high
60  *
61  * values below are offset by - FTGMAC100_REG_HIGH_OFFSET from datasheet
62  * because its memory region is start at FTGMAC100_REG_HIGH_OFFSET
63  */
64 #define FTGMAC100_NPTXR_BADR_HIGH   (0x17C - FTGMAC100_REG_HIGH_OFFSET)
65 #define FTGMAC100_HPTXR_BADR_HIGH   (0x184 - FTGMAC100_REG_HIGH_OFFSET)
66 #define FTGMAC100_RXR_BADR_HIGH     (0x18C - FTGMAC100_REG_HIGH_OFFSET)
67 
68 /*
69  * Interrupt status register & interrupt enable register
70  */
71 #define FTGMAC100_INT_RPKT_BUF    (1 << 0)
72 #define FTGMAC100_INT_RPKT_FIFO   (1 << 1)
73 #define FTGMAC100_INT_NO_RXBUF    (1 << 2)
74 #define FTGMAC100_INT_RPKT_LOST   (1 << 3)
75 #define FTGMAC100_INT_XPKT_ETH    (1 << 4)
76 #define FTGMAC100_INT_XPKT_FIFO   (1 << 5)
77 #define FTGMAC100_INT_NO_NPTXBUF  (1 << 6)
78 #define FTGMAC100_INT_XPKT_LOST   (1 << 7)
79 #define FTGMAC100_INT_AHB_ERR     (1 << 8)
80 #define FTGMAC100_INT_PHYSTS_CHG  (1 << 9)
81 #define FTGMAC100_INT_NO_HPTXBUF  (1 << 10)
82 
83 /*
84  * Automatic polling timer control register
85  */
86 #define FTGMAC100_APTC_RXPOLL_CNT(x)        ((x) & 0xf)
87 #define FTGMAC100_APTC_RXPOLL_TIME_SEL      (1 << 4)
88 #define FTGMAC100_APTC_TXPOLL_CNT(x)        (((x) >> 8) & 0xf)
89 #define FTGMAC100_APTC_TXPOLL_TIME_SEL      (1 << 12)
90 
91 /*
92  * DMA burst length and arbitration control register
93  */
94 #define FTGMAC100_DBLAC_RXBURST_SIZE(x)     (((x) >> 8) & 0x3)
95 #define FTGMAC100_DBLAC_TXBURST_SIZE(x)     (((x) >> 10) & 0x3)
96 #define FTGMAC100_DBLAC_RXDES_SIZE(x)       ((((x) >> 12) & 0xf) * 8)
97 #define FTGMAC100_DBLAC_TXDES_SIZE(x)       ((((x) >> 16) & 0xf) * 8)
98 #define FTGMAC100_DBLAC_IFG_CNT(x)          (((x) >> 20) & 0x7)
99 #define FTGMAC100_DBLAC_IFG_INC             (1 << 23)
100 
101 /*
102  * PHY control register
103  */
104 #define FTGMAC100_PHYCR_MIIRD               (1 << 26)
105 #define FTGMAC100_PHYCR_MIIWR               (1 << 27)
106 
107 #define FTGMAC100_PHYCR_DEV(x)              (((x) >> 16) & 0x1f)
108 #define FTGMAC100_PHYCR_REG(x)              (((x) >> 21) & 0x1f)
109 
110 /*
111  * PHY data register
112  */
113 #define FTGMAC100_PHYDATA_MIIWDATA(x)       ((x) & 0xffff)
114 #define FTGMAC100_PHYDATA_MIIRDATA(x)       (((x) >> 16) & 0xffff)
115 
116 /*
117  * PHY control register - New MDC/MDIO interface
118  */
119 #define FTGMAC100_PHYCR_NEW_DATA(x)     (((x) >> 16) & 0xffff)
120 #define FTGMAC100_PHYCR_NEW_FIRE        (1 << 15)
121 #define FTGMAC100_PHYCR_NEW_ST_22       (1 << 12)
122 #define FTGMAC100_PHYCR_NEW_OP(x)       (((x) >> 10) & 3)
123 #define   FTGMAC100_PHYCR_NEW_OP_WRITE    0x1
124 #define   FTGMAC100_PHYCR_NEW_OP_READ     0x2
125 #define FTGMAC100_PHYCR_NEW_DEV(x)      (((x) >> 5) & 0x1f)
126 #define FTGMAC100_PHYCR_NEW_REG(x)      ((x) & 0x1f)
127 
128 /*
129  * Feature Register
130  */
131 #define FTGMAC100_REVR_NEW_MDIO_INTERFACE   (1 << 31)
132 
133 /*
134  * MAC control register
135  */
136 #define FTGMAC100_MACCR_TXDMA_EN         (1 << 0)
137 #define FTGMAC100_MACCR_RXDMA_EN         (1 << 1)
138 #define FTGMAC100_MACCR_TXMAC_EN         (1 << 2)
139 #define FTGMAC100_MACCR_RXMAC_EN         (1 << 3)
140 #define FTGMAC100_MACCR_RM_VLAN          (1 << 4)
141 #define FTGMAC100_MACCR_HPTXR_EN         (1 << 5)
142 #define FTGMAC100_MACCR_LOOP_EN          (1 << 6)
143 #define FTGMAC100_MACCR_ENRX_IN_HALFTX   (1 << 7)
144 #define FTGMAC100_MACCR_FULLDUP          (1 << 8)
145 #define FTGMAC100_MACCR_GIGA_MODE        (1 << 9)
146 #define FTGMAC100_MACCR_CRC_APD          (1 << 10) /* not needed */
147 #define FTGMAC100_MACCR_RX_RUNT          (1 << 12)
148 #define FTGMAC100_MACCR_JUMBO_LF         (1 << 13)
149 #define FTGMAC100_MACCR_RX_ALL           (1 << 14)
150 #define FTGMAC100_MACCR_HT_MULTI_EN      (1 << 15)
151 #define FTGMAC100_MACCR_RX_MULTIPKT      (1 << 16)
152 #define FTGMAC100_MACCR_RX_BROADPKT      (1 << 17)
153 #define FTGMAC100_MACCR_DISCARD_CRCERR   (1 << 18)
154 #define FTGMAC100_MACCR_FAST_MODE        (1 << 19)
155 #define FTGMAC100_MACCR_SW_RST           (1 << 31)
156 
157 /*
158  * Transmit descriptor
159  */
160 #define FTGMAC100_TXDES0_TXBUF_SIZE(x)   ((x) & 0x3fff)
161 #define FTGMAC100_TXDES0_EDOTR           (1 << 15)
162 #define FTGMAC100_TXDES0_CRC_ERR         (1 << 19)
163 #define FTGMAC100_TXDES0_LTS             (1 << 28)
164 #define FTGMAC100_TXDES0_FTS             (1 << 29)
165 #define FTGMAC100_TXDES0_EDOTR_ASPEED    (1 << 30)
166 #define FTGMAC100_TXDES0_TXDMA_OWN       (1 << 31)
167 
168 #define FTGMAC100_TXDES1_VLANTAG_CI(x)   ((x) & 0xffff)
169 #define FTGMAC100_TXDES1_INS_VLANTAG     (1 << 16)
170 #define FTGMAC100_TXDES1_TCP_CHKSUM      (1 << 17)
171 #define FTGMAC100_TXDES1_UDP_CHKSUM      (1 << 18)
172 #define FTGMAC100_TXDES1_IP_CHKSUM       (1 << 19)
173 #define FTGMAC100_TXDES1_LLC             (1 << 22)
174 #define FTGMAC100_TXDES1_TX2FIC          (1 << 30)
175 #define FTGMAC100_TXDES1_TXIC            (1 << 31)
176 
177 #define FTGMAC100_TXDES2_TXBUF_BADR_HI(x)   (((x) >> 16) & 0x7)
178 
179 /*
180  * Receive descriptor
181  */
182 #define FTGMAC100_RXDES0_VDBC            0x3fff
183 #define FTGMAC100_RXDES0_EDORR           (1 << 15)
184 #define FTGMAC100_RXDES0_MULTICAST       (1 << 16)
185 #define FTGMAC100_RXDES0_BROADCAST       (1 << 17)
186 #define FTGMAC100_RXDES0_RX_ERR          (1 << 18)
187 #define FTGMAC100_RXDES0_CRC_ERR         (1 << 19)
188 #define FTGMAC100_RXDES0_FTL             (1 << 20)
189 #define FTGMAC100_RXDES0_RUNT            (1 << 21)
190 #define FTGMAC100_RXDES0_RX_ODD_NB       (1 << 22)
191 #define FTGMAC100_RXDES0_FIFO_FULL       (1 << 23)
192 #define FTGMAC100_RXDES0_PAUSE_OPCODE    (1 << 24)
193 #define FTGMAC100_RXDES0_PAUSE_FRAME     (1 << 25)
194 #define FTGMAC100_RXDES0_LRS             (1 << 28)
195 #define FTGMAC100_RXDES0_FRS             (1 << 29)
196 #define FTGMAC100_RXDES0_EDORR_ASPEED    (1 << 30)
197 #define FTGMAC100_RXDES0_RXPKT_RDY       (1 << 31)
198 
199 #define FTGMAC100_RXDES1_VLANTAG_CI      0xffff
200 #define FTGMAC100_RXDES1_PROT_MASK       (0x3 << 20)
201 #define FTGMAC100_RXDES1_PROT_NONIP      (0x0 << 20)
202 #define FTGMAC100_RXDES1_PROT_IP         (0x1 << 20)
203 #define FTGMAC100_RXDES1_PROT_TCPIP      (0x2 << 20)
204 #define FTGMAC100_RXDES1_PROT_UDPIP      (0x3 << 20)
205 #define FTGMAC100_RXDES1_LLC             (1 << 22)
206 #define FTGMAC100_RXDES1_DF              (1 << 23)
207 #define FTGMAC100_RXDES1_VLANTAG_AVAIL   (1 << 24)
208 #define FTGMAC100_RXDES1_TCP_CHKSUM_ERR  (1 << 25)
209 #define FTGMAC100_RXDES1_UDP_CHKSUM_ERR  (1 << 26)
210 #define FTGMAC100_RXDES1_IP_CHKSUM_ERR   (1 << 27)
211 
212 #define FTGMAC100_RXDES2_RXBUF_BADR_HI(x)   (((x) >> 16) & 0x7)
213 
214 /*
215  * Receive and transmit Buffer Descriptor
216  */
217 typedef struct {
218     uint32_t        des0;
219     uint32_t        des1;
220     uint32_t        des2;        /* used by HW 64 bits DMA */
221     uint32_t        des3;
222 } FTGMAC100Desc;
223 
224 #define FTGMAC100_DESC_ALIGNMENT 16
225 
226 /*
227  * Specific RTL8211E MII Registers
228  */
229 #define RTL8211E_MII_PHYCR        16 /* PHY Specific Control */
230 #define RTL8211E_MII_PHYSR        17 /* PHY Specific Status */
231 #define RTL8211E_MII_INER         18 /* Interrupt Enable */
232 #define RTL8211E_MII_INSR         19 /* Interrupt Status */
233 #define RTL8211E_MII_RXERC        24 /* Receive Error Counter */
234 #define RTL8211E_MII_LDPSR        27 /* Link Down Power Saving */
235 #define RTL8211E_MII_EPAGSR       30 /* Extension Page Select */
236 #define RTL8211E_MII_PAGSEL       31 /* Page Select */
237 
238 /*
239  * RTL8211E Interrupt Status
240  */
241 #define PHY_INT_AUTONEG_ERROR       (1 << 15)
242 #define PHY_INT_PAGE_RECV           (1 << 12)
243 #define PHY_INT_AUTONEG_COMPLETE    (1 << 11)
244 #define PHY_INT_LINK_STATUS         (1 << 10)
245 #define PHY_INT_ERROR               (1 << 9)
246 #define PHY_INT_DOWN                (1 << 8)
247 #define PHY_INT_JABBER              (1 << 0)
248 
249 /*
250  * Max frame size for the receiving buffer
251  */
252 #define FTGMAC100_MAX_FRAME_SIZE    9220
253 
254 /*
255  * Limits depending on the type of the frame
256  *
257  *   9216 for Jumbo frames (+ 4 for VLAN)
258  *   1518 for other frames (+ 4 for VLAN)
259  */
260 static int ftgmac100_max_frame_size(FTGMAC100State *s, uint16_t proto)
261 {
262     int max = (s->maccr & FTGMAC100_MACCR_JUMBO_LF ? 9216 : 1518);
263 
264     return max + (proto == ETH_P_VLAN ? 4 : 0);
265 }
266 
267 static void ftgmac100_update_irq(FTGMAC100State *s)
268 {
269     qemu_set_irq(s->irq, s->isr & s->ier);
270 }
271 
272 /*
273  * The MII phy could raise a GPIO to the processor which in turn
274  * could be handled as an interrpt by the OS.
275  * For now we don't handle any GPIO/interrupt line, so the OS will
276  * have to poll for the PHY status.
277  */
278 static void phy_update_irq(FTGMAC100State *s)
279 {
280     ftgmac100_update_irq(s);
281 }
282 
283 static void phy_update_link(FTGMAC100State *s)
284 {
285     /* Autonegotiation status mirrors link status.  */
286     if (qemu_get_queue(s->nic)->link_down) {
287         s->phy_status &= ~(MII_BMSR_LINK_ST | MII_BMSR_AN_COMP);
288         s->phy_int |= PHY_INT_DOWN;
289     } else {
290         s->phy_status |= (MII_BMSR_LINK_ST | MII_BMSR_AN_COMP);
291         s->phy_int |= PHY_INT_AUTONEG_COMPLETE;
292     }
293     phy_update_irq(s);
294 }
295 
296 static void ftgmac100_set_link(NetClientState *nc)
297 {
298     phy_update_link(FTGMAC100(qemu_get_nic_opaque(nc)));
299 }
300 
301 static void phy_reset(FTGMAC100State *s)
302 {
303     s->phy_status = (MII_BMSR_100TX_FD | MII_BMSR_100TX_HD | MII_BMSR_10T_FD |
304                      MII_BMSR_10T_HD | MII_BMSR_EXTSTAT | MII_BMSR_MFPS |
305                      MII_BMSR_AN_COMP | MII_BMSR_AUTONEG | MII_BMSR_LINK_ST |
306                      MII_BMSR_EXTCAP);
307     s->phy_control = (MII_BMCR_AUTOEN | MII_BMCR_FD | MII_BMCR_SPEED1000);
308     s->phy_advertise = (MII_ANAR_PAUSE_ASYM | MII_ANAR_PAUSE | MII_ANAR_TXFD |
309                         MII_ANAR_TX | MII_ANAR_10FD | MII_ANAR_10 |
310                         MII_ANAR_CSMACD);
311     s->phy_int_mask = 0;
312     s->phy_int = 0;
313 }
314 
315 static uint16_t do_phy_read(FTGMAC100State *s, uint8_t reg)
316 {
317     uint16_t val;
318 
319     switch (reg) {
320     case MII_BMCR: /* Basic Control */
321         val = s->phy_control;
322         break;
323     case MII_BMSR: /* Basic Status */
324         val = s->phy_status;
325         break;
326     case MII_PHYID1: /* ID1 */
327         val = RTL8211E_PHYID1;
328         break;
329     case MII_PHYID2: /* ID2 */
330         val = RTL8211E_PHYID2;
331         break;
332     case MII_ANAR: /* Auto-neg advertisement */
333         val = s->phy_advertise;
334         break;
335     case MII_ANLPAR: /* Auto-neg Link Partner Ability */
336         val = (MII_ANLPAR_ACK | MII_ANLPAR_PAUSE | MII_ANLPAR_TXFD |
337                MII_ANLPAR_TX | MII_ANLPAR_10FD | MII_ANLPAR_10 |
338                MII_ANLPAR_CSMACD);
339         break;
340     case MII_ANER: /* Auto-neg Expansion */
341         val = MII_ANER_NWAY;
342         break;
343     case MII_CTRL1000: /* 1000BASE-T control  */
344         val = (MII_CTRL1000_HALF | MII_CTRL1000_FULL);
345         break;
346     case MII_STAT1000: /* 1000BASE-T status  */
347         val = MII_STAT1000_FULL;
348         break;
349     case RTL8211E_MII_INSR:  /* Interrupt status.  */
350         val = s->phy_int;
351         s->phy_int = 0;
352         phy_update_irq(s);
353         break;
354     case RTL8211E_MII_INER:  /* Interrupt enable */
355         val = s->phy_int_mask;
356         break;
357     case RTL8211E_MII_PHYCR:
358     case RTL8211E_MII_PHYSR:
359     case RTL8211E_MII_RXERC:
360     case RTL8211E_MII_LDPSR:
361     case RTL8211E_MII_EPAGSR:
362     case RTL8211E_MII_PAGSEL:
363         qemu_log_mask(LOG_UNIMP, "%s: reg %d not implemented\n",
364                       __func__, reg);
365         val = 0;
366         break;
367     default:
368         qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad address at offset %d\n",
369                       __func__, reg);
370         val = 0;
371         break;
372     }
373 
374     return val;
375 }
376 
377 #define MII_BMCR_MASK (MII_BMCR_LOOPBACK | MII_BMCR_SPEED100 |          \
378                        MII_BMCR_SPEED | MII_BMCR_AUTOEN | MII_BMCR_PDOWN | \
379                        MII_BMCR_FD | MII_BMCR_CTST)
380 #define MII_ANAR_MASK 0x2d7f
381 
382 static void do_phy_write(FTGMAC100State *s, uint8_t reg, uint16_t val)
383 {
384     switch (reg) {
385     case MII_BMCR:     /* Basic Control */
386         if (val & MII_BMCR_RESET) {
387             phy_reset(s);
388         } else {
389             s->phy_control = val & MII_BMCR_MASK;
390             /* Complete autonegotiation immediately.  */
391             if (val & MII_BMCR_AUTOEN) {
392                 s->phy_status |= MII_BMSR_AN_COMP;
393             }
394         }
395         break;
396     case MII_ANAR:     /* Auto-neg advertisement */
397         s->phy_advertise = (val & MII_ANAR_MASK) | MII_ANAR_TX;
398         break;
399     case RTL8211E_MII_INER: /* Interrupt enable */
400         s->phy_int_mask = val & 0xff;
401         phy_update_irq(s);
402         break;
403     case RTL8211E_MII_PHYCR:
404     case RTL8211E_MII_PHYSR:
405     case RTL8211E_MII_RXERC:
406     case RTL8211E_MII_LDPSR:
407     case RTL8211E_MII_EPAGSR:
408     case RTL8211E_MII_PAGSEL:
409         qemu_log_mask(LOG_UNIMP, "%s: reg %d not implemented\n",
410                       __func__, reg);
411         break;
412     default:
413         qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad address at offset %d\n",
414                       __func__, reg);
415         break;
416     }
417 }
418 
419 static void do_phy_new_ctl(FTGMAC100State *s)
420 {
421     uint8_t reg;
422     uint16_t data;
423 
424     if (!(s->phycr & FTGMAC100_PHYCR_NEW_ST_22)) {
425         qemu_log_mask(LOG_UNIMP, "%s: unsupported ST code\n", __func__);
426         return;
427     }
428 
429     /* Nothing to do */
430     if (!(s->phycr & FTGMAC100_PHYCR_NEW_FIRE)) {
431         return;
432     }
433 
434     reg = FTGMAC100_PHYCR_NEW_REG(s->phycr);
435     data = FTGMAC100_PHYCR_NEW_DATA(s->phycr);
436 
437     switch (FTGMAC100_PHYCR_NEW_OP(s->phycr)) {
438     case FTGMAC100_PHYCR_NEW_OP_WRITE:
439         do_phy_write(s, reg, data);
440         break;
441     case FTGMAC100_PHYCR_NEW_OP_READ:
442         s->phydata = do_phy_read(s, reg) & 0xffff;
443         break;
444     default:
445         qemu_log_mask(LOG_GUEST_ERROR, "%s: invalid OP code %08x\n",
446                       __func__, s->phycr);
447     }
448 
449     s->phycr &= ~FTGMAC100_PHYCR_NEW_FIRE;
450 }
451 
452 static void do_phy_ctl(FTGMAC100State *s)
453 {
454     uint8_t reg = FTGMAC100_PHYCR_REG(s->phycr);
455 
456     if (s->phycr & FTGMAC100_PHYCR_MIIWR) {
457         do_phy_write(s, reg, s->phydata & 0xffff);
458         s->phycr &= ~FTGMAC100_PHYCR_MIIWR;
459     } else if (s->phycr & FTGMAC100_PHYCR_MIIRD) {
460         s->phydata = do_phy_read(s, reg) << 16;
461         s->phycr &= ~FTGMAC100_PHYCR_MIIRD;
462     } else {
463         qemu_log_mask(LOG_GUEST_ERROR, "%s: no OP code %08x\n",
464                       __func__, s->phycr);
465     }
466 }
467 
468 static int ftgmac100_read_bd(FTGMAC100Desc *bd, dma_addr_t addr)
469 {
470     if (dma_memory_read(&address_space_memory, addr,
471                         bd, sizeof(*bd), MEMTXATTRS_UNSPECIFIED)) {
472         qemu_log_mask(LOG_GUEST_ERROR, "%s: failed to read descriptor @ 0x%"
473                       HWADDR_PRIx "\n", __func__, addr);
474         return -1;
475     }
476     bd->des0 = le32_to_cpu(bd->des0);
477     bd->des1 = le32_to_cpu(bd->des1);
478     bd->des2 = le32_to_cpu(bd->des2);
479     bd->des3 = le32_to_cpu(bd->des3);
480     return 0;
481 }
482 
483 static int ftgmac100_write_bd(FTGMAC100Desc *bd, dma_addr_t addr)
484 {
485     FTGMAC100Desc lebd;
486 
487     lebd.des0 = cpu_to_le32(bd->des0);
488     lebd.des1 = cpu_to_le32(bd->des1);
489     lebd.des2 = cpu_to_le32(bd->des2);
490     lebd.des3 = cpu_to_le32(bd->des3);
491     if (dma_memory_write(&address_space_memory, addr,
492                          &lebd, sizeof(lebd), MEMTXATTRS_UNSPECIFIED)) {
493         qemu_log_mask(LOG_GUEST_ERROR, "%s: failed to write descriptor @ 0x%"
494                       HWADDR_PRIx "\n", __func__, addr);
495         return -1;
496     }
497     return 0;
498 }
499 
500 static int ftgmac100_insert_vlan(FTGMAC100State *s, int frame_size,
501                                   uint8_t vlan_tci)
502 {
503     uint8_t *vlan_hdr = s->frame + (ETH_ALEN * 2);
504     uint8_t *payload = vlan_hdr + sizeof(struct vlan_header);
505 
506     if (frame_size < sizeof(struct eth_header)) {
507         qemu_log_mask(LOG_GUEST_ERROR,
508                       "%s: frame too small for VLAN insertion : %d bytes\n",
509                       __func__, frame_size);
510         s->isr |= FTGMAC100_INT_XPKT_LOST;
511         goto out;
512     }
513 
514     if (frame_size + sizeof(struct vlan_header) > sizeof(s->frame)) {
515         qemu_log_mask(LOG_GUEST_ERROR,
516                       "%s: frame too big : %d bytes\n",
517                       __func__, frame_size);
518         s->isr |= FTGMAC100_INT_XPKT_LOST;
519         frame_size -= sizeof(struct vlan_header);
520     }
521 
522     memmove(payload, vlan_hdr, frame_size - (ETH_ALEN * 2));
523     stw_be_p(vlan_hdr, ETH_P_VLAN);
524     stw_be_p(vlan_hdr + 2, vlan_tci);
525     frame_size += sizeof(struct vlan_header);
526 
527 out:
528     return frame_size;
529 }
530 
531 static void ftgmac100_do_tx(FTGMAC100State *s, uint64_t tx_ring,
532                             uint64_t tx_descriptor)
533 {
534     int frame_size = 0;
535     uint8_t *ptr = s->frame;
536     uint64_t addr = tx_descriptor;
537     uint64_t buf_addr = 0;
538     uint32_t flags = 0;
539 
540     while (1) {
541         FTGMAC100Desc bd;
542         int len;
543 
544         if (ftgmac100_read_bd(&bd, addr) ||
545             ((bd.des0 & FTGMAC100_TXDES0_TXDMA_OWN) == 0)) {
546             /* Run out of descriptors to transmit.  */
547             s->isr |= FTGMAC100_INT_NO_NPTXBUF;
548             break;
549         }
550 
551         /*
552          * record transmit flags as they are valid only on the first
553          * segment
554          */
555         if (bd.des0 & FTGMAC100_TXDES0_FTS) {
556             flags = bd.des1;
557         }
558 
559         len = FTGMAC100_TXDES0_TXBUF_SIZE(bd.des0);
560         if (!len) {
561             /*
562              * 0 is an invalid size, however the HW does not raise any
563              * interrupt. Flag an error because the guest is buggy.
564              */
565             qemu_log_mask(LOG_GUEST_ERROR, "%s: invalid segment size\n",
566                           __func__);
567         }
568 
569         if (frame_size + len > sizeof(s->frame)) {
570             qemu_log_mask(LOG_GUEST_ERROR, "%s: frame too big : %d bytes\n",
571                           __func__, len);
572             s->isr |= FTGMAC100_INT_XPKT_LOST;
573             len =  sizeof(s->frame) - frame_size;
574         }
575 
576         buf_addr = bd.des3;
577         if (s->dma64) {
578             buf_addr = deposit64(buf_addr, 32, 32,
579                                  FTGMAC100_TXDES2_TXBUF_BADR_HI(bd.des2));
580         }
581         if (dma_memory_read(&address_space_memory, buf_addr,
582                             ptr, len, MEMTXATTRS_UNSPECIFIED)) {
583             qemu_log_mask(LOG_GUEST_ERROR, "%s: failed to read packet @ 0x%x\n",
584                           __func__, bd.des3);
585             s->isr |= FTGMAC100_INT_AHB_ERR;
586             break;
587         }
588 
589         ptr += len;
590         frame_size += len;
591         if (bd.des0 & FTGMAC100_TXDES0_LTS) {
592             int csum = 0;
593 
594             /* Check for VLAN */
595             if (flags & FTGMAC100_TXDES1_INS_VLANTAG &&
596                 be16_to_cpu(PKT_GET_ETH_HDR(s->frame)->h_proto) != ETH_P_VLAN) {
597                 frame_size = ftgmac100_insert_vlan(s, frame_size,
598                                             FTGMAC100_TXDES1_VLANTAG_CI(flags));
599             }
600 
601             if (flags & FTGMAC100_TXDES1_IP_CHKSUM) {
602                 csum |= CSUM_IP;
603             }
604             if (flags & FTGMAC100_TXDES1_TCP_CHKSUM) {
605                 csum |= CSUM_TCP;
606             }
607             if (flags & FTGMAC100_TXDES1_UDP_CHKSUM) {
608                 csum |= CSUM_UDP;
609             }
610             if (csum) {
611                 net_checksum_calculate(s->frame, frame_size, csum);
612             }
613 
614             /* Last buffer in frame.  */
615             qemu_send_packet(qemu_get_queue(s->nic), s->frame, frame_size);
616             ptr = s->frame;
617             frame_size = 0;
618             s->isr |= FTGMAC100_INT_XPKT_ETH;
619         }
620 
621         if (flags & FTGMAC100_TXDES1_TX2FIC) {
622             s->isr |= FTGMAC100_INT_XPKT_FIFO;
623         }
624         bd.des0 &= ~FTGMAC100_TXDES0_TXDMA_OWN;
625 
626         /* Write back the modified descriptor.  */
627         ftgmac100_write_bd(&bd, addr);
628         /* Advance to the next descriptor.  */
629         if (bd.des0 & s->txdes0_edotr) {
630             addr = tx_ring;
631         } else {
632             addr += FTGMAC100_DBLAC_TXDES_SIZE(s->dblac);
633         }
634     }
635 
636     s->tx_descriptor = addr;
637 
638     ftgmac100_update_irq(s);
639 }
640 
641 static bool ftgmac100_can_receive(NetClientState *nc)
642 {
643     FTGMAC100State *s = FTGMAC100(qemu_get_nic_opaque(nc));
644     FTGMAC100Desc bd;
645 
646     if ((s->maccr & (FTGMAC100_MACCR_RXDMA_EN | FTGMAC100_MACCR_RXMAC_EN))
647          != (FTGMAC100_MACCR_RXDMA_EN | FTGMAC100_MACCR_RXMAC_EN)) {
648         return false;
649     }
650 
651     if (ftgmac100_read_bd(&bd, s->rx_descriptor)) {
652         return false;
653     }
654     return !(bd.des0 & FTGMAC100_RXDES0_RXPKT_RDY);
655 }
656 
657 /*
658  * This is purely informative. The HW can poll the RW (and RX) ring
659  * buffers for available descriptors but we don't need to trigger a
660  * timer for that in qemu.
661  */
662 static uint32_t ftgmac100_rxpoll(FTGMAC100State *s)
663 {
664     /*
665      * Polling times :
666      *
667      * Speed      TIME_SEL=0    TIME_SEL=1
668      *
669      *    10         51.2 ms      819.2 ms
670      *   100         5.12 ms      81.92 ms
671      *  1000        1.024 ms     16.384 ms
672      */
673     static const int div[] = { 20, 200, 1000 };
674 
675     uint32_t cnt = 1024 * FTGMAC100_APTC_RXPOLL_CNT(s->aptcr);
676     uint32_t speed = (s->maccr & FTGMAC100_MACCR_FAST_MODE) ? 1 : 0;
677 
678     if (s->aptcr & FTGMAC100_APTC_RXPOLL_TIME_SEL) {
679         cnt <<= 4;
680     }
681 
682     if (s->maccr & FTGMAC100_MACCR_GIGA_MODE) {
683         speed = 2;
684     }
685 
686     return cnt / div[speed];
687 }
688 
689 static void ftgmac100_do_reset(FTGMAC100State *s, bool sw_reset)
690 {
691     /* Reset the FTGMAC100 */
692     s->isr = 0;
693     s->ier = 0;
694     s->rx_enabled = 0;
695     s->rx_ring = 0;
696     s->rbsr = 0x640;
697     s->rx_descriptor = 0;
698     s->tx_ring = 0;
699     s->tx_descriptor = 0;
700     s->math[0] = 0;
701     s->math[1] = 0;
702     s->itc = 0;
703     s->aptcr = 1;
704     s->dblac = 0x00022f00;
705     s->revr = 0;
706     s->fear1 = 0;
707     s->tpafcr = 0xf1;
708 
709     if (sw_reset) {
710         s->maccr &= FTGMAC100_MACCR_GIGA_MODE | FTGMAC100_MACCR_FAST_MODE;
711     } else {
712         s->maccr = 0;
713     }
714 
715     s->phycr = 0;
716     s->phydata = 0;
717     s->fcr = 0x400;
718 
719     /* and the PHY */
720     phy_reset(s);
721 }
722 
723 static void ftgmac100_reset(DeviceState *d)
724 {
725     ftgmac100_do_reset(FTGMAC100(d), false);
726 }
727 
728 static uint64_t ftgmac100_read(void *opaque, hwaddr addr, unsigned size)
729 {
730     FTGMAC100State *s = FTGMAC100(opaque);
731 
732     switch (addr & 0xff) {
733     case FTGMAC100_ISR:
734         return s->isr;
735     case FTGMAC100_IER:
736         return s->ier;
737     case FTGMAC100_MAC_MADR:
738         return (s->conf.macaddr.a[0] << 8)  | s->conf.macaddr.a[1];
739     case FTGMAC100_MAC_LADR:
740         return ((uint32_t) s->conf.macaddr.a[2] << 24) |
741             (s->conf.macaddr.a[3] << 16) | (s->conf.macaddr.a[4] << 8) |
742             s->conf.macaddr.a[5];
743     case FTGMAC100_MATH0:
744         return s->math[0];
745     case FTGMAC100_MATH1:
746         return s->math[1];
747     case FTGMAC100_RXR_BADR:
748         return extract64(s->rx_ring, 0, 32);
749     case FTGMAC100_NPTXR_BADR:
750         return extract64(s->tx_ring, 0, 32);
751     case FTGMAC100_ITC:
752         return s->itc;
753     case FTGMAC100_DBLAC:
754         return s->dblac;
755     case FTGMAC100_REVR:
756         return s->revr;
757     case FTGMAC100_FEAR1:
758         return s->fear1;
759     case FTGMAC100_TPAFCR:
760         return s->tpafcr;
761     case FTGMAC100_FCR:
762         return s->fcr;
763     case FTGMAC100_MACCR:
764         return s->maccr;
765     case FTGMAC100_PHYCR:
766         return s->phycr;
767     case FTGMAC100_PHYDATA:
768         return s->phydata;
769 
770         /* We might want to support these one day */
771     case FTGMAC100_HPTXPD: /* High Priority Transmit Poll Demand */
772     case FTGMAC100_HPTXR_BADR: /* High Priority Transmit Ring Base Address */
773     case FTGMAC100_MACSR: /* MAC Status Register (MACSR) */
774         qemu_log_mask(LOG_UNIMP, "%s: read to unimplemented register 0x%"
775                       HWADDR_PRIx "\n", __func__, addr);
776         return 0;
777     default:
778         qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad address at offset 0x%"
779                       HWADDR_PRIx "\n", __func__, addr);
780         return 0;
781     }
782 }
783 
784 static void ftgmac100_write(void *opaque, hwaddr addr,
785                           uint64_t value, unsigned size)
786 {
787     FTGMAC100State *s = FTGMAC100(opaque);
788 
789     switch (addr & 0xff) {
790     case FTGMAC100_ISR: /* Interrupt status */
791         s->isr &= ~value;
792         break;
793     case FTGMAC100_IER: /* Interrupt control */
794         s->ier = value;
795         break;
796     case FTGMAC100_MAC_MADR: /* MAC */
797         s->conf.macaddr.a[0] = value >> 8;
798         s->conf.macaddr.a[1] = value;
799         break;
800     case FTGMAC100_MAC_LADR:
801         s->conf.macaddr.a[2] = value >> 24;
802         s->conf.macaddr.a[3] = value >> 16;
803         s->conf.macaddr.a[4] = value >> 8;
804         s->conf.macaddr.a[5] = value;
805         break;
806     case FTGMAC100_MATH0: /* Multicast Address Hash Table 0 */
807         s->math[0] = value;
808         break;
809     case FTGMAC100_MATH1: /* Multicast Address Hash Table 1 */
810         s->math[1] = value;
811         break;
812     case FTGMAC100_ITC: /* TODO: Interrupt Timer Control */
813         s->itc = value;
814         break;
815     case FTGMAC100_RXR_BADR: /* Ring buffer address */
816         if (!QEMU_IS_ALIGNED(value, FTGMAC100_DESC_ALIGNMENT)) {
817             qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad RX buffer alignment 0x%"
818                           HWADDR_PRIx "\n", __func__, value);
819             return;
820         }
821         s->rx_ring = deposit64(s->rx_ring, 0, 32, value);
822         s->rx_descriptor = deposit64(s->rx_descriptor, 0, 32, value);
823         break;
824 
825     case FTGMAC100_RBSR: /* DMA buffer size */
826         s->rbsr = value;
827         break;
828 
829     case FTGMAC100_NPTXR_BADR: /* Transmit buffer address */
830         if (!QEMU_IS_ALIGNED(value, FTGMAC100_DESC_ALIGNMENT)) {
831             qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad TX buffer alignment 0x%"
832                           HWADDR_PRIx "\n", __func__, value);
833             return;
834         }
835         s->tx_ring = deposit64(s->tx_ring, 0, 32, value);
836         s->tx_descriptor = deposit64(s->tx_descriptor, 0, 32, value);
837         break;
838 
839     case FTGMAC100_NPTXPD: /* Trigger transmit */
840         if ((s->maccr & (FTGMAC100_MACCR_TXDMA_EN | FTGMAC100_MACCR_TXMAC_EN))
841             == (FTGMAC100_MACCR_TXDMA_EN | FTGMAC100_MACCR_TXMAC_EN)) {
842             /* TODO: high priority tx ring */
843             ftgmac100_do_tx(s, s->tx_ring, s->tx_descriptor);
844         }
845         if (ftgmac100_can_receive(qemu_get_queue(s->nic))) {
846             qemu_flush_queued_packets(qemu_get_queue(s->nic));
847         }
848         break;
849 
850     case FTGMAC100_RXPD: /* Receive Poll Demand Register */
851         if (ftgmac100_can_receive(qemu_get_queue(s->nic))) {
852             qemu_flush_queued_packets(qemu_get_queue(s->nic));
853         }
854         break;
855 
856     case FTGMAC100_APTC: /* Automatic polling */
857         s->aptcr = value;
858 
859         if (FTGMAC100_APTC_RXPOLL_CNT(s->aptcr)) {
860             ftgmac100_rxpoll(s);
861         }
862 
863         if (FTGMAC100_APTC_TXPOLL_CNT(s->aptcr)) {
864             qemu_log_mask(LOG_UNIMP, "%s: no transmit polling\n", __func__);
865         }
866         break;
867 
868     case FTGMAC100_MACCR: /* MAC Device control */
869         s->maccr = value;
870         if (value & FTGMAC100_MACCR_SW_RST) {
871             ftgmac100_do_reset(s, true);
872         }
873 
874         if (ftgmac100_can_receive(qemu_get_queue(s->nic))) {
875             qemu_flush_queued_packets(qemu_get_queue(s->nic));
876         }
877         break;
878 
879     case FTGMAC100_PHYCR:  /* PHY Device control */
880         s->phycr = value;
881         if (s->revr & FTGMAC100_REVR_NEW_MDIO_INTERFACE) {
882             do_phy_new_ctl(s);
883         } else {
884             do_phy_ctl(s);
885         }
886         break;
887     case FTGMAC100_PHYDATA:
888         s->phydata = value & 0xffff;
889         break;
890     case FTGMAC100_DBLAC: /* DMA Burst Length and Arbitration Control */
891         if (FTGMAC100_DBLAC_TXDES_SIZE(value) < sizeof(FTGMAC100Desc)) {
892             qemu_log_mask(LOG_GUEST_ERROR,
893                           "%s: transmit descriptor too small: %" PRIx64
894                           " bytes\n", __func__,
895                           FTGMAC100_DBLAC_TXDES_SIZE(value));
896             break;
897         }
898         if (FTGMAC100_DBLAC_RXDES_SIZE(value) < sizeof(FTGMAC100Desc)) {
899             qemu_log_mask(LOG_GUEST_ERROR,
900                           "%s: receive descriptor too small : %" PRIx64
901                           " bytes\n", __func__,
902                           FTGMAC100_DBLAC_RXDES_SIZE(value));
903             break;
904         }
905         s->dblac = value;
906         break;
907     case FTGMAC100_REVR:  /* Feature Register */
908         s->revr = value;
909         break;
910     case FTGMAC100_FEAR1: /* Feature Register 1 */
911         s->fear1 = value;
912         break;
913     case FTGMAC100_TPAFCR: /* Transmit Priority Arbitration and FIFO Control */
914         s->tpafcr = value;
915         break;
916     case FTGMAC100_FCR: /* Flow Control  */
917         s->fcr  = value;
918         break;
919 
920     case FTGMAC100_HPTXPD: /* High Priority Transmit Poll Demand */
921     case FTGMAC100_HPTXR_BADR: /* High Priority Transmit Ring Base Address */
922     case FTGMAC100_MACSR: /* MAC Status Register (MACSR) */
923         qemu_log_mask(LOG_UNIMP, "%s: write to unimplemented register 0x%"
924                       HWADDR_PRIx "\n", __func__, addr);
925         break;
926     default:
927         qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad address at offset 0x%"
928                       HWADDR_PRIx "\n", __func__, addr);
929         break;
930     }
931 
932     ftgmac100_update_irq(s);
933 }
934 
935 static uint64_t ftgmac100_high_read(void *opaque, hwaddr addr, unsigned size)
936 {
937     FTGMAC100State *s = FTGMAC100(opaque);
938     uint64_t val = 0;
939 
940     switch (addr) {
941     case FTGMAC100_NPTXR_BADR_HIGH:
942         val = extract64(s->tx_ring, 32, 32);
943         break;
944     case FTGMAC100_HPTXR_BADR_HIGH:
945         /* High Priority Transmit Ring Base High Address */
946         qemu_log_mask(LOG_UNIMP, "%s: read to unimplemented register 0x%"
947                       HWADDR_PRIx "\n", __func__, addr);
948         break;
949     case FTGMAC100_RXR_BADR_HIGH:
950         val = extract64(s->rx_ring, 32, 32);
951         break;
952     default:
953         qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad address at offset 0x%"
954                       HWADDR_PRIx "\n", __func__, addr);
955         break;
956     }
957 
958     return val;
959 }
960 
961 static void ftgmac100_high_write(void *opaque, hwaddr addr,
962                           uint64_t value, unsigned size)
963 {
964     FTGMAC100State *s = FTGMAC100(opaque);
965 
966     switch (addr) {
967     case FTGMAC100_NPTXR_BADR_HIGH:
968         s->tx_ring = deposit64(s->tx_ring, 32, 32, value);
969         s->tx_descriptor = deposit64(s->tx_descriptor, 32, 32, value);
970         break;
971     case FTGMAC100_HPTXR_BADR_HIGH:
972         /* High Priority Transmit Ring Base High Address */
973         qemu_log_mask(LOG_UNIMP, "%s: write to unimplemented register 0x%"
974                       HWADDR_PRIx "\n", __func__, addr);
975         break;
976     case FTGMAC100_RXR_BADR_HIGH:
977         s->rx_ring = deposit64(s->rx_ring, 32, 32, value);
978         s->rx_descriptor = deposit64(s->rx_descriptor, 32, 32, value);
979         break;
980     default:
981         qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad address at offset 0x%"
982                       HWADDR_PRIx "\n", __func__, addr);
983         break;
984     }
985 
986     ftgmac100_update_irq(s);
987 }
988 
989 static int ftgmac100_filter(FTGMAC100State *s, const uint8_t *buf, size_t len)
990 {
991     unsigned mcast_idx;
992 
993     if (s->maccr & FTGMAC100_MACCR_RX_ALL) {
994         return 1;
995     }
996 
997     switch (get_eth_packet_type(PKT_GET_ETH_HDR(buf))) {
998     case ETH_PKT_BCAST:
999         if (!(s->maccr & FTGMAC100_MACCR_RX_BROADPKT)) {
1000             return 0;
1001         }
1002         break;
1003     case ETH_PKT_MCAST:
1004         if (!(s->maccr & FTGMAC100_MACCR_RX_MULTIPKT)) {
1005             if (!(s->maccr & FTGMAC100_MACCR_HT_MULTI_EN)) {
1006                 return 0;
1007             }
1008 
1009             mcast_idx = net_crc32_le(buf, ETH_ALEN);
1010             mcast_idx = (~(mcast_idx >> 2)) & 0x3f;
1011             if (!(s->math[mcast_idx / 32] & (1 << (mcast_idx % 32)))) {
1012                 return 0;
1013             }
1014         }
1015         break;
1016     case ETH_PKT_UCAST:
1017         if (memcmp(s->conf.macaddr.a, buf, 6)) {
1018             return 0;
1019         }
1020         break;
1021     }
1022 
1023     return 1;
1024 }
1025 
1026 static ssize_t ftgmac100_receive(NetClientState *nc, const uint8_t *buf,
1027                                  size_t len)
1028 {
1029     FTGMAC100State *s = FTGMAC100(qemu_get_nic_opaque(nc));
1030     FTGMAC100Desc bd;
1031     uint32_t flags = 0;
1032     uint64_t addr;
1033     uint32_t crc;
1034     uint64_t buf_addr = 0;
1035     uint8_t *crc_ptr;
1036     uint32_t buf_len;
1037     size_t size = len;
1038     uint32_t first = FTGMAC100_RXDES0_FRS;
1039     uint16_t proto = be16_to_cpu(PKT_GET_ETH_HDR(buf)->h_proto);
1040     int max_frame_size = ftgmac100_max_frame_size(s, proto);
1041 
1042     if ((s->maccr & (FTGMAC100_MACCR_RXDMA_EN | FTGMAC100_MACCR_RXMAC_EN))
1043          != (FTGMAC100_MACCR_RXDMA_EN | FTGMAC100_MACCR_RXMAC_EN)) {
1044         return -1;
1045     }
1046 
1047     if (!ftgmac100_filter(s, buf, size)) {
1048         return size;
1049     }
1050 
1051     crc = cpu_to_be32(crc32(~0, buf, size));
1052     /* Increase size by 4, loop below reads the last 4 bytes from crc_ptr. */
1053     size += 4;
1054     crc_ptr = (uint8_t *) &crc;
1055 
1056     /* Huge frames are truncated.  */
1057     if (size > max_frame_size) {
1058         qemu_log_mask(LOG_GUEST_ERROR, "%s: frame too big : %zd bytes\n",
1059                       __func__, size);
1060         size = max_frame_size;
1061         flags |= FTGMAC100_RXDES0_FTL;
1062     }
1063 
1064     switch (get_eth_packet_type(PKT_GET_ETH_HDR(buf))) {
1065     case ETH_PKT_BCAST:
1066         flags |= FTGMAC100_RXDES0_BROADCAST;
1067         break;
1068     case ETH_PKT_MCAST:
1069         flags |= FTGMAC100_RXDES0_MULTICAST;
1070         break;
1071     case ETH_PKT_UCAST:
1072         break;
1073     }
1074 
1075     s->isr |= FTGMAC100_INT_RPKT_FIFO;
1076     addr = s->rx_descriptor;
1077     while (size > 0) {
1078         if (!ftgmac100_can_receive(nc)) {
1079             qemu_log_mask(LOG_GUEST_ERROR, "%s: Unexpected packet\n", __func__);
1080             return -1;
1081         }
1082 
1083         if (ftgmac100_read_bd(&bd, addr) ||
1084             (bd.des0 & FTGMAC100_RXDES0_RXPKT_RDY)) {
1085             /* No descriptors available.  Bail out.  */
1086             qemu_log_mask(LOG_GUEST_ERROR, "%s: Lost end of frame\n",
1087                           __func__);
1088             s->isr |= FTGMAC100_INT_NO_RXBUF;
1089             break;
1090         }
1091         buf_len = (size <= s->rbsr) ? size : s->rbsr;
1092         bd.des0 |= buf_len & 0x3fff;
1093         size -= buf_len;
1094 
1095         /* The last 4 bytes are the CRC.  */
1096         if (size < 4) {
1097             buf_len += size - 4;
1098         }
1099 
1100         buf_addr = bd.des3;
1101         if (s->dma64) {
1102             buf_addr = deposit64(buf_addr, 32, 32,
1103                                  FTGMAC100_RXDES2_RXBUF_BADR_HI(bd.des2));
1104         }
1105         if (first && proto == ETH_P_VLAN && buf_len >= 18) {
1106             bd.des1 = lduw_be_p(buf + 14) | FTGMAC100_RXDES1_VLANTAG_AVAIL;
1107 
1108             if (s->maccr & FTGMAC100_MACCR_RM_VLAN) {
1109                 dma_memory_write(&address_space_memory, buf_addr, buf, 12,
1110                                  MEMTXATTRS_UNSPECIFIED);
1111                 dma_memory_write(&address_space_memory, buf_addr + 12,
1112                                  buf + 16, buf_len - 16,
1113                                  MEMTXATTRS_UNSPECIFIED);
1114             } else {
1115                 dma_memory_write(&address_space_memory, buf_addr, buf,
1116                                  buf_len, MEMTXATTRS_UNSPECIFIED);
1117             }
1118         } else {
1119             bd.des1 = 0;
1120             dma_memory_write(&address_space_memory, buf_addr, buf, buf_len,
1121                              MEMTXATTRS_UNSPECIFIED);
1122         }
1123         buf += buf_len;
1124         if (size < 4) {
1125             dma_memory_write(&address_space_memory, buf_addr + buf_len,
1126                              crc_ptr, 4 - size, MEMTXATTRS_UNSPECIFIED);
1127             crc_ptr += 4 - size;
1128         }
1129 
1130         bd.des0 |= first | FTGMAC100_RXDES0_RXPKT_RDY;
1131         first = 0;
1132         if (size == 0) {
1133             /* Last buffer in frame.  */
1134             bd.des0 |= flags | FTGMAC100_RXDES0_LRS;
1135             s->isr |= FTGMAC100_INT_RPKT_BUF;
1136         }
1137         ftgmac100_write_bd(&bd, addr);
1138         if (bd.des0 & s->rxdes0_edorr) {
1139             addr = s->rx_ring;
1140         } else {
1141             addr += FTGMAC100_DBLAC_RXDES_SIZE(s->dblac);
1142         }
1143     }
1144     s->rx_descriptor = addr;
1145 
1146     ftgmac100_update_irq(s);
1147     return len;
1148 }
1149 
1150 static const MemoryRegionOps ftgmac100_ops = {
1151     .read = ftgmac100_read,
1152     .write = ftgmac100_write,
1153     .valid.min_access_size = 4,
1154     .valid.max_access_size = 4,
1155     .endianness = DEVICE_LITTLE_ENDIAN,
1156 };
1157 
1158 static const MemoryRegionOps ftgmac100_high_ops = {
1159     .read = ftgmac100_high_read,
1160     .write = ftgmac100_high_write,
1161     .valid.min_access_size = 4,
1162     .valid.max_access_size = 4,
1163     .endianness = DEVICE_LITTLE_ENDIAN,
1164 };
1165 
1166 static void ftgmac100_cleanup(NetClientState *nc)
1167 {
1168     FTGMAC100State *s = FTGMAC100(qemu_get_nic_opaque(nc));
1169 
1170     s->nic = NULL;
1171 }
1172 
1173 static NetClientInfo net_ftgmac100_info = {
1174     .type = NET_CLIENT_DRIVER_NIC,
1175     .size = sizeof(NICState),
1176     .can_receive = ftgmac100_can_receive,
1177     .receive = ftgmac100_receive,
1178     .cleanup = ftgmac100_cleanup,
1179     .link_status_changed = ftgmac100_set_link,
1180 };
1181 
1182 static void ftgmac100_realize(DeviceState *dev, Error **errp)
1183 {
1184     FTGMAC100State *s = FTGMAC100(dev);
1185     SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
1186 
1187     if (s->aspeed) {
1188         s->txdes0_edotr = FTGMAC100_TXDES0_EDOTR_ASPEED;
1189         s->rxdes0_edorr = FTGMAC100_RXDES0_EDORR_ASPEED;
1190     } else {
1191         s->txdes0_edotr = FTGMAC100_TXDES0_EDOTR;
1192         s->rxdes0_edorr = FTGMAC100_RXDES0_EDORR;
1193     }
1194 
1195     memory_region_init(&s->iomem_container, OBJECT(s),
1196                        TYPE_FTGMAC100 ".container", FTGMAC100_MEM_SIZE);
1197     sysbus_init_mmio(sbd, &s->iomem_container);
1198 
1199     memory_region_init_io(&s->iomem, OBJECT(s), &ftgmac100_ops, s,
1200                           TYPE_FTGMAC100 ".regs", FTGMAC100_REG_MEM_SIZE);
1201     memory_region_add_subregion(&s->iomem_container, 0x0, &s->iomem);
1202 
1203     if (s->dma64) {
1204         memory_region_init_io(&s->iomem_high, OBJECT(s), &ftgmac100_high_ops,
1205                               s, TYPE_FTGMAC100 ".regs.high",
1206                               FTGMAC100_REG_HIGH_MEM_SIZE);
1207         memory_region_add_subregion(&s->iomem_container,
1208                                     FTGMAC100_REG_HIGH_OFFSET,
1209                                     &s->iomem_high);
1210     }
1211 
1212     sysbus_init_irq(sbd, &s->irq);
1213     qemu_macaddr_default_if_unset(&s->conf.macaddr);
1214 
1215     s->nic = qemu_new_nic(&net_ftgmac100_info, &s->conf,
1216                           object_get_typename(OBJECT(dev)), dev->id,
1217                           &dev->mem_reentrancy_guard, s);
1218     qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a);
1219 }
1220 
1221 static const VMStateDescription vmstate_ftgmac100 = {
1222     .name = TYPE_FTGMAC100,
1223     .version_id = 2,
1224     .minimum_version_id = 2,
1225     .fields = (const VMStateField[]) {
1226         VMSTATE_UINT32(irq_state, FTGMAC100State),
1227         VMSTATE_UINT32(isr, FTGMAC100State),
1228         VMSTATE_UINT32(ier, FTGMAC100State),
1229         VMSTATE_UINT32(rx_enabled, FTGMAC100State),
1230         VMSTATE_UINT32(rbsr, FTGMAC100State),
1231         VMSTATE_UINT32_ARRAY(math, FTGMAC100State, 2),
1232         VMSTATE_UINT32(itc, FTGMAC100State),
1233         VMSTATE_UINT32(aptcr, FTGMAC100State),
1234         VMSTATE_UINT32(dblac, FTGMAC100State),
1235         VMSTATE_UINT32(revr, FTGMAC100State),
1236         VMSTATE_UINT32(fear1, FTGMAC100State),
1237         VMSTATE_UINT32(tpafcr, FTGMAC100State),
1238         VMSTATE_UINT32(maccr, FTGMAC100State),
1239         VMSTATE_UINT32(phycr, FTGMAC100State),
1240         VMSTATE_UINT32(phydata, FTGMAC100State),
1241         VMSTATE_UINT32(fcr, FTGMAC100State),
1242         VMSTATE_UINT32(phy_status, FTGMAC100State),
1243         VMSTATE_UINT32(phy_control, FTGMAC100State),
1244         VMSTATE_UINT32(phy_advertise, FTGMAC100State),
1245         VMSTATE_UINT32(phy_int, FTGMAC100State),
1246         VMSTATE_UINT32(phy_int_mask, FTGMAC100State),
1247         VMSTATE_UINT32(txdes0_edotr, FTGMAC100State),
1248         VMSTATE_UINT32(rxdes0_edorr, FTGMAC100State),
1249         VMSTATE_UINT64(rx_ring, FTGMAC100State),
1250         VMSTATE_UINT64(tx_ring, FTGMAC100State),
1251         VMSTATE_UINT64(rx_descriptor, FTGMAC100State),
1252         VMSTATE_UINT64(tx_descriptor, FTGMAC100State),
1253         VMSTATE_END_OF_LIST()
1254     }
1255 };
1256 
1257 static Property ftgmac100_properties[] = {
1258     DEFINE_PROP_BOOL("aspeed", FTGMAC100State, aspeed, false),
1259     DEFINE_NIC_PROPERTIES(FTGMAC100State, conf),
1260     DEFINE_PROP_BOOL("dma64", FTGMAC100State, dma64, false),
1261     DEFINE_PROP_END_OF_LIST(),
1262 };
1263 
1264 static void ftgmac100_class_init(ObjectClass *klass, void *data)
1265 {
1266     DeviceClass *dc = DEVICE_CLASS(klass);
1267 
1268     dc->vmsd = &vmstate_ftgmac100;
1269     device_class_set_legacy_reset(dc, ftgmac100_reset);
1270     device_class_set_props(dc, ftgmac100_properties);
1271     set_bit(DEVICE_CATEGORY_NETWORK, dc->categories);
1272     dc->realize = ftgmac100_realize;
1273     dc->desc = "Faraday FTGMAC100 Gigabit Ethernet emulation";
1274 }
1275 
1276 static const TypeInfo ftgmac100_info = {
1277     .name = TYPE_FTGMAC100,
1278     .parent = TYPE_SYS_BUS_DEVICE,
1279     .instance_size = sizeof(FTGMAC100State),
1280     .class_init = ftgmac100_class_init,
1281 };
1282 
1283 /*
1284  * AST2600 MII controller
1285  */
1286 #define ASPEED_MII_PHYCR_FIRE        BIT(31)
1287 #define ASPEED_MII_PHYCR_ST_22       BIT(28)
1288 #define ASPEED_MII_PHYCR_OP(x)       ((x) & (ASPEED_MII_PHYCR_OP_WRITE | \
1289                                              ASPEED_MII_PHYCR_OP_READ))
1290 #define ASPEED_MII_PHYCR_OP_WRITE    BIT(26)
1291 #define ASPEED_MII_PHYCR_OP_READ     BIT(27)
1292 #define ASPEED_MII_PHYCR_DATA(x)     (x & 0xffff)
1293 #define ASPEED_MII_PHYCR_PHY(x)      (((x) >> 21) & 0x1f)
1294 #define ASPEED_MII_PHYCR_REG(x)      (((x) >> 16) & 0x1f)
1295 
1296 #define ASPEED_MII_PHYDATA_IDLE      BIT(16)
1297 
1298 static void aspeed_mii_transition(AspeedMiiState *s, bool fire)
1299 {
1300     if (fire) {
1301         s->phycr |= ASPEED_MII_PHYCR_FIRE;
1302         s->phydata &= ~ASPEED_MII_PHYDATA_IDLE;
1303     } else {
1304         s->phycr &= ~ASPEED_MII_PHYCR_FIRE;
1305         s->phydata |= ASPEED_MII_PHYDATA_IDLE;
1306     }
1307 }
1308 
1309 static void aspeed_mii_do_phy_ctl(AspeedMiiState *s)
1310 {
1311     uint8_t reg;
1312     uint16_t data;
1313 
1314     if (!(s->phycr & ASPEED_MII_PHYCR_ST_22)) {
1315         aspeed_mii_transition(s, !ASPEED_MII_PHYCR_FIRE);
1316         qemu_log_mask(LOG_UNIMP, "%s: unsupported ST code\n", __func__);
1317         return;
1318     }
1319 
1320     /* Nothing to do */
1321     if (!(s->phycr & ASPEED_MII_PHYCR_FIRE)) {
1322         return;
1323     }
1324 
1325     reg = ASPEED_MII_PHYCR_REG(s->phycr);
1326     data = ASPEED_MII_PHYCR_DATA(s->phycr);
1327 
1328     switch (ASPEED_MII_PHYCR_OP(s->phycr)) {
1329     case ASPEED_MII_PHYCR_OP_WRITE:
1330         do_phy_write(s->nic, reg, data);
1331         break;
1332     case ASPEED_MII_PHYCR_OP_READ:
1333         s->phydata = (s->phydata & ~0xffff) | do_phy_read(s->nic, reg);
1334         break;
1335     default:
1336         qemu_log_mask(LOG_GUEST_ERROR, "%s: invalid OP code %08x\n",
1337                       __func__, s->phycr);
1338     }
1339 
1340     aspeed_mii_transition(s, !ASPEED_MII_PHYCR_FIRE);
1341 }
1342 
1343 static uint64_t aspeed_mii_read(void *opaque, hwaddr addr, unsigned size)
1344 {
1345     AspeedMiiState *s = ASPEED_MII(opaque);
1346 
1347     switch (addr) {
1348     case 0x0:
1349         return s->phycr;
1350     case 0x4:
1351         return s->phydata;
1352     default:
1353         g_assert_not_reached();
1354     }
1355 }
1356 
1357 static void aspeed_mii_write(void *opaque, hwaddr addr,
1358                              uint64_t value, unsigned size)
1359 {
1360     AspeedMiiState *s = ASPEED_MII(opaque);
1361 
1362     switch (addr) {
1363     case 0x0:
1364         s->phycr = value & ~(s->phycr & ASPEED_MII_PHYCR_FIRE);
1365         break;
1366     case 0x4:
1367         s->phydata = value & ~(0xffff | ASPEED_MII_PHYDATA_IDLE);
1368         break;
1369     default:
1370         g_assert_not_reached();
1371     }
1372 
1373     aspeed_mii_transition(s, !!(s->phycr & ASPEED_MII_PHYCR_FIRE));
1374     aspeed_mii_do_phy_ctl(s);
1375 }
1376 
1377 static const MemoryRegionOps aspeed_mii_ops = {
1378     .read = aspeed_mii_read,
1379     .write = aspeed_mii_write,
1380     .valid.min_access_size = 4,
1381     .valid.max_access_size = 4,
1382     .endianness = DEVICE_LITTLE_ENDIAN,
1383 };
1384 
1385 static void aspeed_mii_reset(DeviceState *dev)
1386 {
1387     AspeedMiiState *s = ASPEED_MII(dev);
1388 
1389     s->phycr = 0;
1390     s->phydata = 0;
1391 
1392     aspeed_mii_transition(s, !!(s->phycr & ASPEED_MII_PHYCR_FIRE));
1393 };
1394 
1395 static void aspeed_mii_realize(DeviceState *dev, Error **errp)
1396 {
1397     AspeedMiiState *s = ASPEED_MII(dev);
1398     SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
1399 
1400     assert(s->nic);
1401 
1402     memory_region_init_io(&s->iomem, OBJECT(dev), &aspeed_mii_ops, s,
1403                           TYPE_ASPEED_MII, 0x8);
1404     sysbus_init_mmio(sbd, &s->iomem);
1405 }
1406 
1407 static const VMStateDescription vmstate_aspeed_mii = {
1408     .name = TYPE_ASPEED_MII,
1409     .version_id = 1,
1410     .minimum_version_id = 1,
1411     .fields = (const VMStateField[]) {
1412         VMSTATE_UINT32(phycr, FTGMAC100State),
1413         VMSTATE_UINT32(phydata, FTGMAC100State),
1414         VMSTATE_END_OF_LIST()
1415     }
1416 };
1417 
1418 static Property aspeed_mii_properties[] = {
1419     DEFINE_PROP_LINK("nic", AspeedMiiState, nic, TYPE_FTGMAC100,
1420                      FTGMAC100State *),
1421     DEFINE_PROP_END_OF_LIST(),
1422 };
1423 
1424 static void aspeed_mii_class_init(ObjectClass *klass, void *data)
1425 {
1426     DeviceClass *dc = DEVICE_CLASS(klass);
1427 
1428     dc->vmsd = &vmstate_aspeed_mii;
1429     device_class_set_legacy_reset(dc, aspeed_mii_reset);
1430     dc->realize = aspeed_mii_realize;
1431     dc->desc = "Aspeed MII controller";
1432     device_class_set_props(dc, aspeed_mii_properties);
1433 }
1434 
1435 static const TypeInfo aspeed_mii_info = {
1436     .name = TYPE_ASPEED_MII,
1437     .parent = TYPE_SYS_BUS_DEVICE,
1438     .instance_size = sizeof(AspeedMiiState),
1439     .class_init = aspeed_mii_class_init,
1440 };
1441 
1442 static void ftgmac100_register_types(void)
1443 {
1444     type_register_static(&ftgmac100_info);
1445     type_register_static(&aspeed_mii_info);
1446 }
1447 
1448 type_init(ftgmac100_register_types)
1449