xref: /openbmc/qemu/hw/net/ftgmac100.c (revision e3d08143)
1 /*
2  * Faraday FTGMAC100 Gigabit Ethernet
3  *
4  * Copyright (C) 2016-2017, IBM Corporation.
5  *
6  * Based on Coldfire Fast Ethernet Controller emulation.
7  *
8  * Copyright (c) 2007 CodeSourcery.
9  *
10  * This code is licensed under the GPL version 2 or later. See the
11  * COPYING file in the top-level directory.
12  */
13 
14 #include "qemu/osdep.h"
15 #include "hw/irq.h"
16 #include "hw/net/ftgmac100.h"
17 #include "sysemu/dma.h"
18 #include "qapi/error.h"
19 #include "qemu/log.h"
20 #include "qemu/module.h"
21 #include "net/checksum.h"
22 #include "net/eth.h"
23 #include "hw/net/mii.h"
24 #include "hw/qdev-properties.h"
25 #include "migration/vmstate.h"
26 
27 /* For crc32 */
28 #include <zlib.h>
29 
30 /*
31  * FTGMAC100 registers
32  */
33 #define FTGMAC100_ISR             0x00
34 #define FTGMAC100_IER             0x04
35 #define FTGMAC100_MAC_MADR        0x08
36 #define FTGMAC100_MAC_LADR        0x0c
37 #define FTGMAC100_MATH0           0x10
38 #define FTGMAC100_MATH1           0x14
39 #define FTGMAC100_NPTXPD          0x18
40 #define FTGMAC100_RXPD            0x1C
41 #define FTGMAC100_NPTXR_BADR      0x20
42 #define FTGMAC100_RXR_BADR        0x24
43 #define FTGMAC100_HPTXPD          0x28
44 #define FTGMAC100_HPTXR_BADR      0x2c
45 #define FTGMAC100_ITC             0x30
46 #define FTGMAC100_APTC            0x34
47 #define FTGMAC100_DBLAC           0x38
48 #define FTGMAC100_REVR            0x40
49 #define FTGMAC100_FEAR1           0x44
50 #define FTGMAC100_RBSR            0x4c
51 #define FTGMAC100_TPAFCR          0x48
52 
53 #define FTGMAC100_MACCR           0x50
54 #define FTGMAC100_MACSR           0x54
55 #define FTGMAC100_PHYCR           0x60
56 #define FTGMAC100_PHYDATA         0x64
57 #define FTGMAC100_FCR             0x68
58 
59 /*
60  * FTGMAC100 registers high
61  *
62  * values below are offset by - FTGMAC100_REG_HIGH_OFFSET from datasheet
63  * because its memory region is start at FTGMAC100_REG_HIGH_OFFSET
64  */
65 #define FTGMAC100_NPTXR_BADR_HIGH   (0x17C - FTGMAC100_REG_HIGH_OFFSET)
66 #define FTGMAC100_HPTXR_BADR_HIGH   (0x184 - FTGMAC100_REG_HIGH_OFFSET)
67 #define FTGMAC100_RXR_BADR_HIGH     (0x18C - FTGMAC100_REG_HIGH_OFFSET)
68 
69 /*
70  * Interrupt status register & interrupt enable register
71  */
72 #define FTGMAC100_INT_RPKT_BUF    (1 << 0)
73 #define FTGMAC100_INT_RPKT_FIFO   (1 << 1)
74 #define FTGMAC100_INT_NO_RXBUF    (1 << 2)
75 #define FTGMAC100_INT_RPKT_LOST   (1 << 3)
76 #define FTGMAC100_INT_XPKT_ETH    (1 << 4)
77 #define FTGMAC100_INT_XPKT_FIFO   (1 << 5)
78 #define FTGMAC100_INT_NO_NPTXBUF  (1 << 6)
79 #define FTGMAC100_INT_XPKT_LOST   (1 << 7)
80 #define FTGMAC100_INT_AHB_ERR     (1 << 8)
81 #define FTGMAC100_INT_PHYSTS_CHG  (1 << 9)
82 #define FTGMAC100_INT_NO_HPTXBUF  (1 << 10)
83 
84 /*
85  * Automatic polling timer control register
86  */
87 #define FTGMAC100_APTC_RXPOLL_CNT(x)        ((x) & 0xf)
88 #define FTGMAC100_APTC_RXPOLL_TIME_SEL      (1 << 4)
89 #define FTGMAC100_APTC_TXPOLL_CNT(x)        (((x) >> 8) & 0xf)
90 #define FTGMAC100_APTC_TXPOLL_TIME_SEL      (1 << 12)
91 
92 /*
93  * DMA burst length and arbitration control register
94  */
95 #define FTGMAC100_DBLAC_RXBURST_SIZE(x)     (((x) >> 8) & 0x3)
96 #define FTGMAC100_DBLAC_TXBURST_SIZE(x)     (((x) >> 10) & 0x3)
97 #define FTGMAC100_DBLAC_RXDES_SIZE(x)       ((((x) >> 12) & 0xf) * 8)
98 #define FTGMAC100_DBLAC_TXDES_SIZE(x)       ((((x) >> 16) & 0xf) * 8)
99 #define FTGMAC100_DBLAC_IFG_CNT(x)          (((x) >> 20) & 0x7)
100 #define FTGMAC100_DBLAC_IFG_INC             (1 << 23)
101 
102 /*
103  * PHY control register
104  */
105 #define FTGMAC100_PHYCR_MIIRD               (1 << 26)
106 #define FTGMAC100_PHYCR_MIIWR               (1 << 27)
107 
108 #define FTGMAC100_PHYCR_DEV(x)              (((x) >> 16) & 0x1f)
109 #define FTGMAC100_PHYCR_REG(x)              (((x) >> 21) & 0x1f)
110 
111 /*
112  * PHY data register
113  */
114 #define FTGMAC100_PHYDATA_MIIWDATA(x)       ((x) & 0xffff)
115 #define FTGMAC100_PHYDATA_MIIRDATA(x)       (((x) >> 16) & 0xffff)
116 
117 /*
118  * PHY control register - New MDC/MDIO interface
119  */
120 #define FTGMAC100_PHYCR_NEW_DATA(x)     (((x) >> 16) & 0xffff)
121 #define FTGMAC100_PHYCR_NEW_FIRE        (1 << 15)
122 #define FTGMAC100_PHYCR_NEW_ST_22       (1 << 12)
123 #define FTGMAC100_PHYCR_NEW_OP(x)       (((x) >> 10) & 3)
124 #define   FTGMAC100_PHYCR_NEW_OP_WRITE    0x1
125 #define   FTGMAC100_PHYCR_NEW_OP_READ     0x2
126 #define FTGMAC100_PHYCR_NEW_DEV(x)      (((x) >> 5) & 0x1f)
127 #define FTGMAC100_PHYCR_NEW_REG(x)      ((x) & 0x1f)
128 
129 /*
130  * Feature Register
131  */
132 #define FTGMAC100_REVR_NEW_MDIO_INTERFACE   (1 << 31)
133 
134 /*
135  * MAC control register
136  */
137 #define FTGMAC100_MACCR_TXDMA_EN         (1 << 0)
138 #define FTGMAC100_MACCR_RXDMA_EN         (1 << 1)
139 #define FTGMAC100_MACCR_TXMAC_EN         (1 << 2)
140 #define FTGMAC100_MACCR_RXMAC_EN         (1 << 3)
141 #define FTGMAC100_MACCR_RM_VLAN          (1 << 4)
142 #define FTGMAC100_MACCR_HPTXR_EN         (1 << 5)
143 #define FTGMAC100_MACCR_LOOP_EN          (1 << 6)
144 #define FTGMAC100_MACCR_ENRX_IN_HALFTX   (1 << 7)
145 #define FTGMAC100_MACCR_FULLDUP          (1 << 8)
146 #define FTGMAC100_MACCR_GIGA_MODE        (1 << 9)
147 #define FTGMAC100_MACCR_CRC_APD          (1 << 10) /* not needed */
148 #define FTGMAC100_MACCR_RX_RUNT          (1 << 12)
149 #define FTGMAC100_MACCR_JUMBO_LF         (1 << 13)
150 #define FTGMAC100_MACCR_RX_ALL           (1 << 14)
151 #define FTGMAC100_MACCR_HT_MULTI_EN      (1 << 15)
152 #define FTGMAC100_MACCR_RX_MULTIPKT      (1 << 16)
153 #define FTGMAC100_MACCR_RX_BROADPKT      (1 << 17)
154 #define FTGMAC100_MACCR_DISCARD_CRCERR   (1 << 18)
155 #define FTGMAC100_MACCR_FAST_MODE        (1 << 19)
156 #define FTGMAC100_MACCR_SW_RST           (1 << 31)
157 
158 /*
159  * Transmit descriptor
160  */
161 #define FTGMAC100_TXDES0_TXBUF_SIZE(x)   ((x) & 0x3fff)
162 #define FTGMAC100_TXDES0_EDOTR           (1 << 15)
163 #define FTGMAC100_TXDES0_CRC_ERR         (1 << 19)
164 #define FTGMAC100_TXDES0_LTS             (1 << 28)
165 #define FTGMAC100_TXDES0_FTS             (1 << 29)
166 #define FTGMAC100_TXDES0_EDOTR_ASPEED    (1 << 30)
167 #define FTGMAC100_TXDES0_TXDMA_OWN       (1 << 31)
168 
169 #define FTGMAC100_TXDES1_VLANTAG_CI(x)   ((x) & 0xffff)
170 #define FTGMAC100_TXDES1_INS_VLANTAG     (1 << 16)
171 #define FTGMAC100_TXDES1_TCP_CHKSUM      (1 << 17)
172 #define FTGMAC100_TXDES1_UDP_CHKSUM      (1 << 18)
173 #define FTGMAC100_TXDES1_IP_CHKSUM       (1 << 19)
174 #define FTGMAC100_TXDES1_LLC             (1 << 22)
175 #define FTGMAC100_TXDES1_TX2FIC          (1 << 30)
176 #define FTGMAC100_TXDES1_TXIC            (1 << 31)
177 
178 #define FTGMAC100_TXDES2_TXBUF_BADR_HI(x)   (((x) >> 16) & 0x7)
179 
180 /*
181  * Receive descriptor
182  */
183 #define FTGMAC100_RXDES0_VDBC            0x3fff
184 #define FTGMAC100_RXDES0_EDORR           (1 << 15)
185 #define FTGMAC100_RXDES0_MULTICAST       (1 << 16)
186 #define FTGMAC100_RXDES0_BROADCAST       (1 << 17)
187 #define FTGMAC100_RXDES0_RX_ERR          (1 << 18)
188 #define FTGMAC100_RXDES0_CRC_ERR         (1 << 19)
189 #define FTGMAC100_RXDES0_FTL             (1 << 20)
190 #define FTGMAC100_RXDES0_RUNT            (1 << 21)
191 #define FTGMAC100_RXDES0_RX_ODD_NB       (1 << 22)
192 #define FTGMAC100_RXDES0_FIFO_FULL       (1 << 23)
193 #define FTGMAC100_RXDES0_PAUSE_OPCODE    (1 << 24)
194 #define FTGMAC100_RXDES0_PAUSE_FRAME     (1 << 25)
195 #define FTGMAC100_RXDES0_LRS             (1 << 28)
196 #define FTGMAC100_RXDES0_FRS             (1 << 29)
197 #define FTGMAC100_RXDES0_EDORR_ASPEED    (1 << 30)
198 #define FTGMAC100_RXDES0_RXPKT_RDY       (1 << 31)
199 
200 #define FTGMAC100_RXDES1_VLANTAG_CI      0xffff
201 #define FTGMAC100_RXDES1_PROT_MASK       (0x3 << 20)
202 #define FTGMAC100_RXDES1_PROT_NONIP      (0x0 << 20)
203 #define FTGMAC100_RXDES1_PROT_IP         (0x1 << 20)
204 #define FTGMAC100_RXDES1_PROT_TCPIP      (0x2 << 20)
205 #define FTGMAC100_RXDES1_PROT_UDPIP      (0x3 << 20)
206 #define FTGMAC100_RXDES1_LLC             (1 << 22)
207 #define FTGMAC100_RXDES1_DF              (1 << 23)
208 #define FTGMAC100_RXDES1_VLANTAG_AVAIL   (1 << 24)
209 #define FTGMAC100_RXDES1_TCP_CHKSUM_ERR  (1 << 25)
210 #define FTGMAC100_RXDES1_UDP_CHKSUM_ERR  (1 << 26)
211 #define FTGMAC100_RXDES1_IP_CHKSUM_ERR   (1 << 27)
212 
213 #define FTGMAC100_RXDES2_RXBUF_BADR_HI(x)   (((x) >> 16) & 0x7)
214 
215 /*
216  * Receive and transmit Buffer Descriptor
217  */
218 typedef struct {
219     uint32_t        des0;
220     uint32_t        des1;
221     uint32_t        des2;        /* used by HW 64 bits DMA */
222     uint32_t        des3;
223 } FTGMAC100Desc;
224 
225 #define FTGMAC100_DESC_ALIGNMENT 16
226 
227 /*
228  * Specific RTL8211E MII Registers
229  */
230 #define RTL8211E_MII_PHYCR        16 /* PHY Specific Control */
231 #define RTL8211E_MII_PHYSR        17 /* PHY Specific Status */
232 #define RTL8211E_MII_INER         18 /* Interrupt Enable */
233 #define RTL8211E_MII_INSR         19 /* Interrupt Status */
234 #define RTL8211E_MII_RXERC        24 /* Receive Error Counter */
235 #define RTL8211E_MII_LDPSR        27 /* Link Down Power Saving */
236 #define RTL8211E_MII_EPAGSR       30 /* Extension Page Select */
237 #define RTL8211E_MII_PAGSEL       31 /* Page Select */
238 
239 /*
240  * RTL8211E Interrupt Status
241  */
242 #define PHY_INT_AUTONEG_ERROR       (1 << 15)
243 #define PHY_INT_PAGE_RECV           (1 << 12)
244 #define PHY_INT_AUTONEG_COMPLETE    (1 << 11)
245 #define PHY_INT_LINK_STATUS         (1 << 10)
246 #define PHY_INT_ERROR               (1 << 9)
247 #define PHY_INT_DOWN                (1 << 8)
248 #define PHY_INT_JABBER              (1 << 0)
249 
250 /*
251  * Max frame size for the receiving buffer
252  */
253 #define FTGMAC100_MAX_FRAME_SIZE    9220
254 
255 /*
256  * Limits depending on the type of the frame
257  *
258  *   9216 for Jumbo frames (+ 4 for VLAN)
259  *   1518 for other frames (+ 4 for VLAN)
260  */
261 static int ftgmac100_max_frame_size(FTGMAC100State *s, uint16_t proto)
262 {
263     int max = (s->maccr & FTGMAC100_MACCR_JUMBO_LF ? 9216 : 1518);
264 
265     return max + (proto == ETH_P_VLAN ? 4 : 0);
266 }
267 
268 static void ftgmac100_update_irq(FTGMAC100State *s)
269 {
270     qemu_set_irq(s->irq, s->isr & s->ier);
271 }
272 
273 /*
274  * The MII phy could raise a GPIO to the processor which in turn
275  * could be handled as an interrpt by the OS.
276  * For now we don't handle any GPIO/interrupt line, so the OS will
277  * have to poll for the PHY status.
278  */
279 static void phy_update_irq(FTGMAC100State *s)
280 {
281     ftgmac100_update_irq(s);
282 }
283 
284 static void phy_update_link(FTGMAC100State *s)
285 {
286     /* Autonegotiation status mirrors link status.  */
287     if (qemu_get_queue(s->nic)->link_down) {
288         s->phy_status &= ~(MII_BMSR_LINK_ST | MII_BMSR_AN_COMP);
289         s->phy_int |= PHY_INT_DOWN;
290     } else {
291         s->phy_status |= (MII_BMSR_LINK_ST | MII_BMSR_AN_COMP);
292         s->phy_int |= PHY_INT_AUTONEG_COMPLETE;
293     }
294     phy_update_irq(s);
295 }
296 
297 static void ftgmac100_set_link(NetClientState *nc)
298 {
299     phy_update_link(FTGMAC100(qemu_get_nic_opaque(nc)));
300 }
301 
302 static void phy_reset(FTGMAC100State *s)
303 {
304     s->phy_status = (MII_BMSR_100TX_FD | MII_BMSR_100TX_HD | MII_BMSR_10T_FD |
305                      MII_BMSR_10T_HD | MII_BMSR_EXTSTAT | MII_BMSR_MFPS |
306                      MII_BMSR_AN_COMP | MII_BMSR_AUTONEG | MII_BMSR_LINK_ST |
307                      MII_BMSR_EXTCAP);
308     s->phy_control = (MII_BMCR_AUTOEN | MII_BMCR_FD | MII_BMCR_SPEED1000);
309     s->phy_advertise = (MII_ANAR_PAUSE_ASYM | MII_ANAR_PAUSE | MII_ANAR_TXFD |
310                         MII_ANAR_TX | MII_ANAR_10FD | MII_ANAR_10 |
311                         MII_ANAR_CSMACD);
312     s->phy_int_mask = 0;
313     s->phy_int = 0;
314 }
315 
316 static uint16_t do_phy_read(FTGMAC100State *s, uint8_t reg)
317 {
318     uint16_t val;
319 
320     switch (reg) {
321     case MII_BMCR: /* Basic Control */
322         val = s->phy_control;
323         break;
324     case MII_BMSR: /* Basic Status */
325         val = s->phy_status;
326         break;
327     case MII_PHYID1: /* ID1 */
328         val = RTL8211E_PHYID1;
329         break;
330     case MII_PHYID2: /* ID2 */
331         val = RTL8211E_PHYID2;
332         break;
333     case MII_ANAR: /* Auto-neg advertisement */
334         val = s->phy_advertise;
335         break;
336     case MII_ANLPAR: /* Auto-neg Link Partner Ability */
337         val = (MII_ANLPAR_ACK | MII_ANLPAR_PAUSE | MII_ANLPAR_TXFD |
338                MII_ANLPAR_TX | MII_ANLPAR_10FD | MII_ANLPAR_10 |
339                MII_ANLPAR_CSMACD);
340         break;
341     case MII_ANER: /* Auto-neg Expansion */
342         val = MII_ANER_NWAY;
343         break;
344     case MII_CTRL1000: /* 1000BASE-T control  */
345         val = (MII_CTRL1000_HALF | MII_CTRL1000_FULL);
346         break;
347     case MII_STAT1000: /* 1000BASE-T status  */
348         val = MII_STAT1000_FULL;
349         break;
350     case RTL8211E_MII_INSR:  /* Interrupt status.  */
351         val = s->phy_int;
352         s->phy_int = 0;
353         phy_update_irq(s);
354         break;
355     case RTL8211E_MII_INER:  /* Interrupt enable */
356         val = s->phy_int_mask;
357         break;
358     case RTL8211E_MII_PHYCR:
359     case RTL8211E_MII_PHYSR:
360     case RTL8211E_MII_RXERC:
361     case RTL8211E_MII_LDPSR:
362     case RTL8211E_MII_EPAGSR:
363     case RTL8211E_MII_PAGSEL:
364         qemu_log_mask(LOG_UNIMP, "%s: reg %d not implemented\n",
365                       __func__, reg);
366         val = 0;
367         break;
368     default:
369         qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad address at offset %d\n",
370                       __func__, reg);
371         val = 0;
372         break;
373     }
374 
375     return val;
376 }
377 
378 #define MII_BMCR_MASK (MII_BMCR_LOOPBACK | MII_BMCR_SPEED100 |          \
379                        MII_BMCR_SPEED | MII_BMCR_AUTOEN | MII_BMCR_PDOWN | \
380                        MII_BMCR_FD | MII_BMCR_CTST)
381 #define MII_ANAR_MASK 0x2d7f
382 
383 static void do_phy_write(FTGMAC100State *s, uint8_t reg, uint16_t val)
384 {
385     switch (reg) {
386     case MII_BMCR:     /* Basic Control */
387         if (val & MII_BMCR_RESET) {
388             phy_reset(s);
389         } else {
390             s->phy_control = val & MII_BMCR_MASK;
391             /* Complete autonegotiation immediately.  */
392             if (val & MII_BMCR_AUTOEN) {
393                 s->phy_status |= MII_BMSR_AN_COMP;
394             }
395         }
396         break;
397     case MII_ANAR:     /* Auto-neg advertisement */
398         s->phy_advertise = (val & MII_ANAR_MASK) | MII_ANAR_TX;
399         break;
400     case RTL8211E_MII_INER: /* Interrupt enable */
401         s->phy_int_mask = val & 0xff;
402         phy_update_irq(s);
403         break;
404     case RTL8211E_MII_PHYCR:
405     case RTL8211E_MII_PHYSR:
406     case RTL8211E_MII_RXERC:
407     case RTL8211E_MII_LDPSR:
408     case RTL8211E_MII_EPAGSR:
409     case RTL8211E_MII_PAGSEL:
410         qemu_log_mask(LOG_UNIMP, "%s: reg %d not implemented\n",
411                       __func__, reg);
412         break;
413     default:
414         qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad address at offset %d\n",
415                       __func__, reg);
416         break;
417     }
418 }
419 
420 static void do_phy_new_ctl(FTGMAC100State *s)
421 {
422     uint8_t reg;
423     uint16_t data;
424 
425     if (!(s->phycr & FTGMAC100_PHYCR_NEW_ST_22)) {
426         qemu_log_mask(LOG_UNIMP, "%s: unsupported ST code\n", __func__);
427         return;
428     }
429 
430     /* Nothing to do */
431     if (!(s->phycr & FTGMAC100_PHYCR_NEW_FIRE)) {
432         return;
433     }
434 
435     reg = FTGMAC100_PHYCR_NEW_REG(s->phycr);
436     data = FTGMAC100_PHYCR_NEW_DATA(s->phycr);
437 
438     switch (FTGMAC100_PHYCR_NEW_OP(s->phycr)) {
439     case FTGMAC100_PHYCR_NEW_OP_WRITE:
440         do_phy_write(s, reg, data);
441         break;
442     case FTGMAC100_PHYCR_NEW_OP_READ:
443         s->phydata = do_phy_read(s, reg) & 0xffff;
444         break;
445     default:
446         qemu_log_mask(LOG_GUEST_ERROR, "%s: invalid OP code %08x\n",
447                       __func__, s->phycr);
448     }
449 
450     s->phycr &= ~FTGMAC100_PHYCR_NEW_FIRE;
451 }
452 
453 static void do_phy_ctl(FTGMAC100State *s)
454 {
455     uint8_t reg = FTGMAC100_PHYCR_REG(s->phycr);
456 
457     if (s->phycr & FTGMAC100_PHYCR_MIIWR) {
458         do_phy_write(s, reg, s->phydata & 0xffff);
459         s->phycr &= ~FTGMAC100_PHYCR_MIIWR;
460     } else if (s->phycr & FTGMAC100_PHYCR_MIIRD) {
461         s->phydata = do_phy_read(s, reg) << 16;
462         s->phycr &= ~FTGMAC100_PHYCR_MIIRD;
463     } else {
464         qemu_log_mask(LOG_GUEST_ERROR, "%s: no OP code %08x\n",
465                       __func__, s->phycr);
466     }
467 }
468 
469 static int ftgmac100_read_bd(FTGMAC100Desc *bd, dma_addr_t addr)
470 {
471     if (dma_memory_read(&address_space_memory, addr,
472                         bd, sizeof(*bd), MEMTXATTRS_UNSPECIFIED)) {
473         qemu_log_mask(LOG_GUEST_ERROR, "%s: failed to read descriptor @ 0x%"
474                       HWADDR_PRIx "\n", __func__, addr);
475         return -1;
476     }
477     bd->des0 = le32_to_cpu(bd->des0);
478     bd->des1 = le32_to_cpu(bd->des1);
479     bd->des2 = le32_to_cpu(bd->des2);
480     bd->des3 = le32_to_cpu(bd->des3);
481     return 0;
482 }
483 
484 static int ftgmac100_write_bd(FTGMAC100Desc *bd, dma_addr_t addr)
485 {
486     FTGMAC100Desc lebd;
487 
488     lebd.des0 = cpu_to_le32(bd->des0);
489     lebd.des1 = cpu_to_le32(bd->des1);
490     lebd.des2 = cpu_to_le32(bd->des2);
491     lebd.des3 = cpu_to_le32(bd->des3);
492     if (dma_memory_write(&address_space_memory, addr,
493                          &lebd, sizeof(lebd), MEMTXATTRS_UNSPECIFIED)) {
494         qemu_log_mask(LOG_GUEST_ERROR, "%s: failed to write descriptor @ 0x%"
495                       HWADDR_PRIx "\n", __func__, addr);
496         return -1;
497     }
498     return 0;
499 }
500 
501 static int ftgmac100_insert_vlan(FTGMAC100State *s, int frame_size,
502                                   uint8_t vlan_tci)
503 {
504     uint8_t *vlan_hdr = s->frame + (ETH_ALEN * 2);
505     uint8_t *payload = vlan_hdr + sizeof(struct vlan_header);
506 
507     if (frame_size < sizeof(struct eth_header)) {
508         qemu_log_mask(LOG_GUEST_ERROR,
509                       "%s: frame too small for VLAN insertion : %d bytes\n",
510                       __func__, frame_size);
511         s->isr |= FTGMAC100_INT_XPKT_LOST;
512         goto out;
513     }
514 
515     if (frame_size + sizeof(struct vlan_header) > sizeof(s->frame)) {
516         qemu_log_mask(LOG_GUEST_ERROR,
517                       "%s: frame too big : %d bytes\n",
518                       __func__, frame_size);
519         s->isr |= FTGMAC100_INT_XPKT_LOST;
520         frame_size -= sizeof(struct vlan_header);
521     }
522 
523     memmove(payload, vlan_hdr, frame_size - (ETH_ALEN * 2));
524     stw_be_p(vlan_hdr, ETH_P_VLAN);
525     stw_be_p(vlan_hdr + 2, vlan_tci);
526     frame_size += sizeof(struct vlan_header);
527 
528 out:
529     return frame_size;
530 }
531 
532 static void ftgmac100_do_tx(FTGMAC100State *s, uint64_t tx_ring,
533                             uint64_t tx_descriptor)
534 {
535     int frame_size = 0;
536     uint8_t *ptr = s->frame;
537     uint64_t addr = tx_descriptor;
538     uint64_t buf_addr = 0;
539     uint32_t flags = 0;
540 
541     while (1) {
542         FTGMAC100Desc bd;
543         int len;
544 
545         if (ftgmac100_read_bd(&bd, addr) ||
546             ((bd.des0 & FTGMAC100_TXDES0_TXDMA_OWN) == 0)) {
547             /* Run out of descriptors to transmit.  */
548             s->isr |= FTGMAC100_INT_NO_NPTXBUF;
549             break;
550         }
551 
552         /*
553          * record transmit flags as they are valid only on the first
554          * segment
555          */
556         if (bd.des0 & FTGMAC100_TXDES0_FTS) {
557             flags = bd.des1;
558         }
559 
560         len = FTGMAC100_TXDES0_TXBUF_SIZE(bd.des0);
561         if (!len) {
562             /*
563              * 0 is an invalid size, however the HW does not raise any
564              * interrupt. Flag an error because the guest is buggy.
565              */
566             qemu_log_mask(LOG_GUEST_ERROR, "%s: invalid segment size\n",
567                           __func__);
568         }
569 
570         if (frame_size + len > sizeof(s->frame)) {
571             qemu_log_mask(LOG_GUEST_ERROR, "%s: frame too big : %d bytes\n",
572                           __func__, len);
573             s->isr |= FTGMAC100_INT_XPKT_LOST;
574             len =  sizeof(s->frame) - frame_size;
575         }
576 
577         buf_addr = bd.des3;
578         if (s->dma64) {
579             buf_addr = deposit64(buf_addr, 32, 32,
580                                  FTGMAC100_TXDES2_TXBUF_BADR_HI(bd.des2));
581         }
582         if (dma_memory_read(&address_space_memory, buf_addr,
583                             ptr, len, MEMTXATTRS_UNSPECIFIED)) {
584             qemu_log_mask(LOG_GUEST_ERROR, "%s: failed to read packet @ 0x%x\n",
585                           __func__, bd.des3);
586             s->isr |= FTGMAC100_INT_AHB_ERR;
587             break;
588         }
589 
590         ptr += len;
591         frame_size += len;
592         if (bd.des0 & FTGMAC100_TXDES0_LTS) {
593             int csum = 0;
594 
595             /* Check for VLAN */
596             if (flags & FTGMAC100_TXDES1_INS_VLANTAG &&
597                 be16_to_cpu(PKT_GET_ETH_HDR(s->frame)->h_proto) != ETH_P_VLAN) {
598                 frame_size = ftgmac100_insert_vlan(s, frame_size,
599                                             FTGMAC100_TXDES1_VLANTAG_CI(flags));
600             }
601 
602             if (flags & FTGMAC100_TXDES1_IP_CHKSUM) {
603                 csum |= CSUM_IP;
604             }
605             if (flags & FTGMAC100_TXDES1_TCP_CHKSUM) {
606                 csum |= CSUM_TCP;
607             }
608             if (flags & FTGMAC100_TXDES1_UDP_CHKSUM) {
609                 csum |= CSUM_UDP;
610             }
611             if (csum) {
612                 net_checksum_calculate(s->frame, frame_size, csum);
613             }
614 
615             /* Last buffer in frame.  */
616             qemu_send_packet(qemu_get_queue(s->nic), s->frame, frame_size);
617             ptr = s->frame;
618             frame_size = 0;
619             s->isr |= FTGMAC100_INT_XPKT_ETH;
620         }
621 
622         if (flags & FTGMAC100_TXDES1_TX2FIC) {
623             s->isr |= FTGMAC100_INT_XPKT_FIFO;
624         }
625         bd.des0 &= ~FTGMAC100_TXDES0_TXDMA_OWN;
626 
627         /* Write back the modified descriptor.  */
628         ftgmac100_write_bd(&bd, addr);
629         /* Advance to the next descriptor.  */
630         if (bd.des0 & s->txdes0_edotr) {
631             addr = tx_ring;
632         } else {
633             addr += FTGMAC100_DBLAC_TXDES_SIZE(s->dblac);
634         }
635     }
636 
637     s->tx_descriptor = addr;
638 
639     ftgmac100_update_irq(s);
640 }
641 
642 static bool ftgmac100_can_receive(NetClientState *nc)
643 {
644     FTGMAC100State *s = FTGMAC100(qemu_get_nic_opaque(nc));
645     FTGMAC100Desc bd;
646 
647     if ((s->maccr & (FTGMAC100_MACCR_RXDMA_EN | FTGMAC100_MACCR_RXMAC_EN))
648          != (FTGMAC100_MACCR_RXDMA_EN | FTGMAC100_MACCR_RXMAC_EN)) {
649         return false;
650     }
651 
652     if (ftgmac100_read_bd(&bd, s->rx_descriptor)) {
653         return false;
654     }
655     return !(bd.des0 & FTGMAC100_RXDES0_RXPKT_RDY);
656 }
657 
658 /*
659  * This is purely informative. The HW can poll the RW (and RX) ring
660  * buffers for available descriptors but we don't need to trigger a
661  * timer for that in qemu.
662  */
663 static uint32_t ftgmac100_rxpoll(FTGMAC100State *s)
664 {
665     /*
666      * Polling times :
667      *
668      * Speed      TIME_SEL=0    TIME_SEL=1
669      *
670      *    10         51.2 ms      819.2 ms
671      *   100         5.12 ms      81.92 ms
672      *  1000        1.024 ms     16.384 ms
673      */
674     static const int div[] = { 20, 200, 1000 };
675 
676     uint32_t cnt = 1024 * FTGMAC100_APTC_RXPOLL_CNT(s->aptcr);
677     uint32_t speed = (s->maccr & FTGMAC100_MACCR_FAST_MODE) ? 1 : 0;
678 
679     if (s->aptcr & FTGMAC100_APTC_RXPOLL_TIME_SEL) {
680         cnt <<= 4;
681     }
682 
683     if (s->maccr & FTGMAC100_MACCR_GIGA_MODE) {
684         speed = 2;
685     }
686 
687     return cnt / div[speed];
688 }
689 
690 static void ftgmac100_do_reset(FTGMAC100State *s, bool sw_reset)
691 {
692     /* Reset the FTGMAC100 */
693     s->isr = 0;
694     s->ier = 0;
695     s->rx_enabled = 0;
696     s->rx_ring = 0;
697     s->rbsr = 0x640;
698     s->rx_descriptor = 0;
699     s->tx_ring = 0;
700     s->tx_descriptor = 0;
701     s->math[0] = 0;
702     s->math[1] = 0;
703     s->itc = 0;
704     s->aptcr = 1;
705     s->dblac = 0x00022f00;
706     s->revr = 0;
707     s->fear1 = 0;
708     s->tpafcr = 0xf1;
709 
710     if (sw_reset) {
711         s->maccr &= FTGMAC100_MACCR_GIGA_MODE | FTGMAC100_MACCR_FAST_MODE;
712     } else {
713         s->maccr = 0;
714     }
715 
716     s->phycr = 0;
717     s->phydata = 0;
718     s->fcr = 0x400;
719 
720     /* and the PHY */
721     phy_reset(s);
722 }
723 
724 static void ftgmac100_reset(DeviceState *d)
725 {
726     ftgmac100_do_reset(FTGMAC100(d), false);
727 }
728 
729 static uint64_t ftgmac100_read(void *opaque, hwaddr addr, unsigned size)
730 {
731     FTGMAC100State *s = FTGMAC100(opaque);
732 
733     switch (addr & 0xff) {
734     case FTGMAC100_ISR:
735         return s->isr;
736     case FTGMAC100_IER:
737         return s->ier;
738     case FTGMAC100_MAC_MADR:
739         return (s->conf.macaddr.a[0] << 8)  | s->conf.macaddr.a[1];
740     case FTGMAC100_MAC_LADR:
741         return ((uint32_t) s->conf.macaddr.a[2] << 24) |
742             (s->conf.macaddr.a[3] << 16) | (s->conf.macaddr.a[4] << 8) |
743             s->conf.macaddr.a[5];
744     case FTGMAC100_MATH0:
745         return s->math[0];
746     case FTGMAC100_MATH1:
747         return s->math[1];
748     case FTGMAC100_RXR_BADR:
749         return extract64(s->rx_ring, 0, 32);
750     case FTGMAC100_NPTXR_BADR:
751         return extract64(s->tx_ring, 0, 32);
752     case FTGMAC100_ITC:
753         return s->itc;
754     case FTGMAC100_DBLAC:
755         return s->dblac;
756     case FTGMAC100_REVR:
757         return s->revr;
758     case FTGMAC100_FEAR1:
759         return s->fear1;
760     case FTGMAC100_TPAFCR:
761         return s->tpafcr;
762     case FTGMAC100_FCR:
763         return s->fcr;
764     case FTGMAC100_MACCR:
765         return s->maccr;
766     case FTGMAC100_PHYCR:
767         return s->phycr;
768     case FTGMAC100_PHYDATA:
769         return s->phydata;
770 
771         /* We might want to support these one day */
772     case FTGMAC100_HPTXPD: /* High Priority Transmit Poll Demand */
773     case FTGMAC100_HPTXR_BADR: /* High Priority Transmit Ring Base Address */
774     case FTGMAC100_MACSR: /* MAC Status Register (MACSR) */
775         qemu_log_mask(LOG_UNIMP, "%s: read to unimplemented register 0x%"
776                       HWADDR_PRIx "\n", __func__, addr);
777         return 0;
778     default:
779         qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad address at offset 0x%"
780                       HWADDR_PRIx "\n", __func__, addr);
781         return 0;
782     }
783 }
784 
785 static void ftgmac100_write(void *opaque, hwaddr addr,
786                           uint64_t value, unsigned size)
787 {
788     FTGMAC100State *s = FTGMAC100(opaque);
789 
790     switch (addr & 0xff) {
791     case FTGMAC100_ISR: /* Interrupt status */
792         s->isr &= ~value;
793         break;
794     case FTGMAC100_IER: /* Interrupt control */
795         s->ier = value;
796         break;
797     case FTGMAC100_MAC_MADR: /* MAC */
798         s->conf.macaddr.a[0] = value >> 8;
799         s->conf.macaddr.a[1] = value;
800         break;
801     case FTGMAC100_MAC_LADR:
802         s->conf.macaddr.a[2] = value >> 24;
803         s->conf.macaddr.a[3] = value >> 16;
804         s->conf.macaddr.a[4] = value >> 8;
805         s->conf.macaddr.a[5] = value;
806         break;
807     case FTGMAC100_MATH0: /* Multicast Address Hash Table 0 */
808         s->math[0] = value;
809         break;
810     case FTGMAC100_MATH1: /* Multicast Address Hash Table 1 */
811         s->math[1] = value;
812         break;
813     case FTGMAC100_ITC: /* TODO: Interrupt Timer Control */
814         s->itc = value;
815         break;
816     case FTGMAC100_RXR_BADR: /* Ring buffer address */
817         if (!QEMU_IS_ALIGNED(value, FTGMAC100_DESC_ALIGNMENT)) {
818             qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad RX buffer alignment 0x%"
819                           HWADDR_PRIx "\n", __func__, value);
820             return;
821         }
822         s->rx_ring = deposit64(s->rx_ring, 0, 32, value);
823         s->rx_descriptor = deposit64(s->rx_descriptor, 0, 32, value);
824         break;
825 
826     case FTGMAC100_RBSR: /* DMA buffer size */
827         s->rbsr = value;
828         break;
829 
830     case FTGMAC100_NPTXR_BADR: /* Transmit buffer address */
831         if (!QEMU_IS_ALIGNED(value, FTGMAC100_DESC_ALIGNMENT)) {
832             qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad TX buffer alignment 0x%"
833                           HWADDR_PRIx "\n", __func__, value);
834             return;
835         }
836         s->tx_ring = deposit64(s->tx_ring, 0, 32, value);
837         s->tx_descriptor = deposit64(s->tx_descriptor, 0, 32, value);
838         break;
839 
840     case FTGMAC100_NPTXPD: /* Trigger transmit */
841         if ((s->maccr & (FTGMAC100_MACCR_TXDMA_EN | FTGMAC100_MACCR_TXMAC_EN))
842             == (FTGMAC100_MACCR_TXDMA_EN | FTGMAC100_MACCR_TXMAC_EN)) {
843             /* TODO: high priority tx ring */
844             ftgmac100_do_tx(s, s->tx_ring, s->tx_descriptor);
845         }
846         if (ftgmac100_can_receive(qemu_get_queue(s->nic))) {
847             qemu_flush_queued_packets(qemu_get_queue(s->nic));
848         }
849         break;
850 
851     case FTGMAC100_RXPD: /* Receive Poll Demand Register */
852         if (ftgmac100_can_receive(qemu_get_queue(s->nic))) {
853             qemu_flush_queued_packets(qemu_get_queue(s->nic));
854         }
855         break;
856 
857     case FTGMAC100_APTC: /* Automatic polling */
858         s->aptcr = value;
859 
860         if (FTGMAC100_APTC_RXPOLL_CNT(s->aptcr)) {
861             ftgmac100_rxpoll(s);
862         }
863 
864         if (FTGMAC100_APTC_TXPOLL_CNT(s->aptcr)) {
865             qemu_log_mask(LOG_UNIMP, "%s: no transmit polling\n", __func__);
866         }
867         break;
868 
869     case FTGMAC100_MACCR: /* MAC Device control */
870         s->maccr = value;
871         if (value & FTGMAC100_MACCR_SW_RST) {
872             ftgmac100_do_reset(s, true);
873         }
874 
875         if (ftgmac100_can_receive(qemu_get_queue(s->nic))) {
876             qemu_flush_queued_packets(qemu_get_queue(s->nic));
877         }
878         break;
879 
880     case FTGMAC100_PHYCR:  /* PHY Device control */
881         s->phycr = value;
882         if (s->revr & FTGMAC100_REVR_NEW_MDIO_INTERFACE) {
883             do_phy_new_ctl(s);
884         } else {
885             do_phy_ctl(s);
886         }
887         break;
888     case FTGMAC100_PHYDATA:
889         s->phydata = value & 0xffff;
890         break;
891     case FTGMAC100_DBLAC: /* DMA Burst Length and Arbitration Control */
892         if (FTGMAC100_DBLAC_TXDES_SIZE(value) < sizeof(FTGMAC100Desc)) {
893             qemu_log_mask(LOG_GUEST_ERROR,
894                           "%s: transmit descriptor too small: %" PRIx64
895                           " bytes\n", __func__,
896                           FTGMAC100_DBLAC_TXDES_SIZE(value));
897             break;
898         }
899         if (FTGMAC100_DBLAC_RXDES_SIZE(value) < sizeof(FTGMAC100Desc)) {
900             qemu_log_mask(LOG_GUEST_ERROR,
901                           "%s: receive descriptor too small : %" PRIx64
902                           " bytes\n", __func__,
903                           FTGMAC100_DBLAC_RXDES_SIZE(value));
904             break;
905         }
906         s->dblac = value;
907         break;
908     case FTGMAC100_REVR:  /* Feature Register */
909         s->revr = value;
910         break;
911     case FTGMAC100_FEAR1: /* Feature Register 1 */
912         s->fear1 = value;
913         break;
914     case FTGMAC100_TPAFCR: /* Transmit Priority Arbitration and FIFO Control */
915         s->tpafcr = value;
916         break;
917     case FTGMAC100_FCR: /* Flow Control  */
918         s->fcr  = value;
919         break;
920 
921     case FTGMAC100_HPTXPD: /* High Priority Transmit Poll Demand */
922     case FTGMAC100_HPTXR_BADR: /* High Priority Transmit Ring Base Address */
923     case FTGMAC100_MACSR: /* MAC Status Register (MACSR) */
924         qemu_log_mask(LOG_UNIMP, "%s: write to unimplemented register 0x%"
925                       HWADDR_PRIx "\n", __func__, addr);
926         break;
927     default:
928         qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad address at offset 0x%"
929                       HWADDR_PRIx "\n", __func__, addr);
930         break;
931     }
932 
933     ftgmac100_update_irq(s);
934 }
935 
936 static uint64_t ftgmac100_high_read(void *opaque, hwaddr addr, unsigned size)
937 {
938     FTGMAC100State *s = FTGMAC100(opaque);
939     uint64_t val = 0;
940 
941     switch (addr) {
942     case FTGMAC100_NPTXR_BADR_HIGH:
943         val = extract64(s->tx_ring, 32, 32);
944         break;
945     case FTGMAC100_HPTXR_BADR_HIGH:
946         /* High Priority Transmit Ring Base High Address */
947         qemu_log_mask(LOG_UNIMP, "%s: read to unimplemented register 0x%"
948                       HWADDR_PRIx "\n", __func__, addr);
949         break;
950     case FTGMAC100_RXR_BADR_HIGH:
951         val = extract64(s->rx_ring, 32, 32);
952         break;
953     default:
954         qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad address at offset 0x%"
955                       HWADDR_PRIx "\n", __func__, addr);
956         break;
957     }
958 
959     return val;
960 }
961 
962 static void ftgmac100_high_write(void *opaque, hwaddr addr,
963                           uint64_t value, unsigned size)
964 {
965     FTGMAC100State *s = FTGMAC100(opaque);
966 
967     switch (addr) {
968     case FTGMAC100_NPTXR_BADR_HIGH:
969         s->tx_ring = deposit64(s->tx_ring, 32, 32, value);
970         s->tx_descriptor = deposit64(s->tx_descriptor, 32, 32, value);
971         break;
972     case FTGMAC100_HPTXR_BADR_HIGH:
973         /* High Priority Transmit Ring Base High Address */
974         qemu_log_mask(LOG_UNIMP, "%s: write to unimplemented register 0x%"
975                       HWADDR_PRIx "\n", __func__, addr);
976         break;
977     case FTGMAC100_RXR_BADR_HIGH:
978         s->rx_ring = deposit64(s->rx_ring, 32, 32, value);
979         s->rx_descriptor = deposit64(s->rx_descriptor, 32, 32, value);
980         break;
981     default:
982         qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad address at offset 0x%"
983                       HWADDR_PRIx "\n", __func__, addr);
984         break;
985     }
986 
987     ftgmac100_update_irq(s);
988 }
989 
990 static int ftgmac100_filter(FTGMAC100State *s, const uint8_t *buf, size_t len)
991 {
992     unsigned mcast_idx;
993 
994     if (s->maccr & FTGMAC100_MACCR_RX_ALL) {
995         return 1;
996     }
997 
998     switch (get_eth_packet_type(PKT_GET_ETH_HDR(buf))) {
999     case ETH_PKT_BCAST:
1000         if (!(s->maccr & FTGMAC100_MACCR_RX_BROADPKT)) {
1001             return 0;
1002         }
1003         break;
1004     case ETH_PKT_MCAST:
1005         if (!(s->maccr & FTGMAC100_MACCR_RX_MULTIPKT)) {
1006             if (!(s->maccr & FTGMAC100_MACCR_HT_MULTI_EN)) {
1007                 return 0;
1008             }
1009 
1010             mcast_idx = net_crc32_le(buf, ETH_ALEN);
1011             mcast_idx = (~(mcast_idx >> 2)) & 0x3f;
1012             if (!(s->math[mcast_idx / 32] & (1 << (mcast_idx % 32)))) {
1013                 return 0;
1014             }
1015         }
1016         break;
1017     case ETH_PKT_UCAST:
1018         if (memcmp(s->conf.macaddr.a, buf, 6)) {
1019             return 0;
1020         }
1021         break;
1022     }
1023 
1024     return 1;
1025 }
1026 
1027 static ssize_t ftgmac100_receive(NetClientState *nc, const uint8_t *buf,
1028                                  size_t len)
1029 {
1030     FTGMAC100State *s = FTGMAC100(qemu_get_nic_opaque(nc));
1031     FTGMAC100Desc bd;
1032     uint32_t flags = 0;
1033     uint64_t addr;
1034     uint32_t crc;
1035     uint64_t buf_addr = 0;
1036     uint8_t *crc_ptr;
1037     uint32_t buf_len;
1038     size_t size = len;
1039     uint32_t first = FTGMAC100_RXDES0_FRS;
1040     uint16_t proto = be16_to_cpu(PKT_GET_ETH_HDR(buf)->h_proto);
1041     int max_frame_size = ftgmac100_max_frame_size(s, proto);
1042 
1043     if ((s->maccr & (FTGMAC100_MACCR_RXDMA_EN | FTGMAC100_MACCR_RXMAC_EN))
1044          != (FTGMAC100_MACCR_RXDMA_EN | FTGMAC100_MACCR_RXMAC_EN)) {
1045         return -1;
1046     }
1047 
1048     if (!ftgmac100_filter(s, buf, size)) {
1049         return size;
1050     }
1051 
1052     crc = cpu_to_be32(crc32(~0, buf, size));
1053     /* Increase size by 4, loop below reads the last 4 bytes from crc_ptr. */
1054     size += 4;
1055     crc_ptr = (uint8_t *) &crc;
1056 
1057     /* Huge frames are truncated.  */
1058     if (size > max_frame_size) {
1059         qemu_log_mask(LOG_GUEST_ERROR, "%s: frame too big : %zd bytes\n",
1060                       __func__, size);
1061         size = max_frame_size;
1062         flags |= FTGMAC100_RXDES0_FTL;
1063     }
1064 
1065     switch (get_eth_packet_type(PKT_GET_ETH_HDR(buf))) {
1066     case ETH_PKT_BCAST:
1067         flags |= FTGMAC100_RXDES0_BROADCAST;
1068         break;
1069     case ETH_PKT_MCAST:
1070         flags |= FTGMAC100_RXDES0_MULTICAST;
1071         break;
1072     case ETH_PKT_UCAST:
1073         break;
1074     }
1075 
1076     s->isr |= FTGMAC100_INT_RPKT_FIFO;
1077     addr = s->rx_descriptor;
1078     while (size > 0) {
1079         if (!ftgmac100_can_receive(nc)) {
1080             qemu_log_mask(LOG_GUEST_ERROR, "%s: Unexpected packet\n", __func__);
1081             return -1;
1082         }
1083 
1084         if (ftgmac100_read_bd(&bd, addr) ||
1085             (bd.des0 & FTGMAC100_RXDES0_RXPKT_RDY)) {
1086             /* No descriptors available.  Bail out.  */
1087             qemu_log_mask(LOG_GUEST_ERROR, "%s: Lost end of frame\n",
1088                           __func__);
1089             s->isr |= FTGMAC100_INT_NO_RXBUF;
1090             break;
1091         }
1092         buf_len = (size <= s->rbsr) ? size : s->rbsr;
1093         bd.des0 |= buf_len & 0x3fff;
1094         size -= buf_len;
1095 
1096         /* The last 4 bytes are the CRC.  */
1097         if (size < 4) {
1098             buf_len += size - 4;
1099         }
1100 
1101         buf_addr = bd.des3;
1102         if (s->dma64) {
1103             buf_addr = deposit64(buf_addr, 32, 32,
1104                                  FTGMAC100_RXDES2_RXBUF_BADR_HI(bd.des2));
1105         }
1106         if (first && proto == ETH_P_VLAN && buf_len >= 18) {
1107             bd.des1 = lduw_be_p(buf + 14) | FTGMAC100_RXDES1_VLANTAG_AVAIL;
1108 
1109             if (s->maccr & FTGMAC100_MACCR_RM_VLAN) {
1110                 dma_memory_write(&address_space_memory, buf_addr, buf, 12,
1111                                  MEMTXATTRS_UNSPECIFIED);
1112                 dma_memory_write(&address_space_memory, buf_addr + 12,
1113                                  buf + 16, buf_len - 16,
1114                                  MEMTXATTRS_UNSPECIFIED);
1115             } else {
1116                 dma_memory_write(&address_space_memory, buf_addr, buf,
1117                                  buf_len, MEMTXATTRS_UNSPECIFIED);
1118             }
1119         } else {
1120             bd.des1 = 0;
1121             dma_memory_write(&address_space_memory, buf_addr, buf, buf_len,
1122                              MEMTXATTRS_UNSPECIFIED);
1123         }
1124         buf += buf_len;
1125         if (size < 4) {
1126             dma_memory_write(&address_space_memory, buf_addr + buf_len,
1127                              crc_ptr, 4 - size, MEMTXATTRS_UNSPECIFIED);
1128             crc_ptr += 4 - size;
1129         }
1130 
1131         bd.des0 |= first | FTGMAC100_RXDES0_RXPKT_RDY;
1132         first = 0;
1133         if (size == 0) {
1134             /* Last buffer in frame.  */
1135             bd.des0 |= flags | FTGMAC100_RXDES0_LRS;
1136             s->isr |= FTGMAC100_INT_RPKT_BUF;
1137         }
1138         ftgmac100_write_bd(&bd, addr);
1139         if (bd.des0 & s->rxdes0_edorr) {
1140             addr = s->rx_ring;
1141         } else {
1142             addr += FTGMAC100_DBLAC_RXDES_SIZE(s->dblac);
1143         }
1144     }
1145     s->rx_descriptor = addr;
1146 
1147     ftgmac100_update_irq(s);
1148     return len;
1149 }
1150 
1151 static const MemoryRegionOps ftgmac100_ops = {
1152     .read = ftgmac100_read,
1153     .write = ftgmac100_write,
1154     .valid.min_access_size = 4,
1155     .valid.max_access_size = 4,
1156     .endianness = DEVICE_LITTLE_ENDIAN,
1157 };
1158 
1159 static const MemoryRegionOps ftgmac100_high_ops = {
1160     .read = ftgmac100_high_read,
1161     .write = ftgmac100_high_write,
1162     .valid.min_access_size = 4,
1163     .valid.max_access_size = 4,
1164     .endianness = DEVICE_LITTLE_ENDIAN,
1165 };
1166 
1167 static void ftgmac100_cleanup(NetClientState *nc)
1168 {
1169     FTGMAC100State *s = FTGMAC100(qemu_get_nic_opaque(nc));
1170 
1171     s->nic = NULL;
1172 }
1173 
1174 static NetClientInfo net_ftgmac100_info = {
1175     .type = NET_CLIENT_DRIVER_NIC,
1176     .size = sizeof(NICState),
1177     .can_receive = ftgmac100_can_receive,
1178     .receive = ftgmac100_receive,
1179     .cleanup = ftgmac100_cleanup,
1180     .link_status_changed = ftgmac100_set_link,
1181 };
1182 
1183 static void ftgmac100_realize(DeviceState *dev, Error **errp)
1184 {
1185     FTGMAC100State *s = FTGMAC100(dev);
1186     SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
1187 
1188     if (s->aspeed) {
1189         s->txdes0_edotr = FTGMAC100_TXDES0_EDOTR_ASPEED;
1190         s->rxdes0_edorr = FTGMAC100_RXDES0_EDORR_ASPEED;
1191     } else {
1192         s->txdes0_edotr = FTGMAC100_TXDES0_EDOTR;
1193         s->rxdes0_edorr = FTGMAC100_RXDES0_EDORR;
1194     }
1195 
1196     memory_region_init(&s->iomem_container, OBJECT(s),
1197                        TYPE_FTGMAC100 ".container", FTGMAC100_MEM_SIZE);
1198     sysbus_init_mmio(sbd, &s->iomem_container);
1199 
1200     memory_region_init_io(&s->iomem, OBJECT(s), &ftgmac100_ops, s,
1201                           TYPE_FTGMAC100 ".regs", FTGMAC100_REG_MEM_SIZE);
1202     memory_region_add_subregion(&s->iomem_container, 0x0, &s->iomem);
1203 
1204     if (s->dma64) {
1205         memory_region_init_io(&s->iomem_high, OBJECT(s), &ftgmac100_high_ops,
1206                               s, TYPE_FTGMAC100 ".regs.high",
1207                               FTGMAC100_REG_HIGH_MEM_SIZE);
1208         memory_region_add_subregion(&s->iomem_container,
1209                                     FTGMAC100_REG_HIGH_OFFSET,
1210                                     &s->iomem_high);
1211     }
1212 
1213     sysbus_init_irq(sbd, &s->irq);
1214     qemu_macaddr_default_if_unset(&s->conf.macaddr);
1215 
1216     s->nic = qemu_new_nic(&net_ftgmac100_info, &s->conf,
1217                           object_get_typename(OBJECT(dev)), dev->id,
1218                           &dev->mem_reentrancy_guard, s);
1219     qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a);
1220 }
1221 
1222 static const VMStateDescription vmstate_ftgmac100 = {
1223     .name = TYPE_FTGMAC100,
1224     .version_id = 2,
1225     .minimum_version_id = 2,
1226     .fields = (const VMStateField[]) {
1227         VMSTATE_UINT32(irq_state, FTGMAC100State),
1228         VMSTATE_UINT32(isr, FTGMAC100State),
1229         VMSTATE_UINT32(ier, FTGMAC100State),
1230         VMSTATE_UINT32(rx_enabled, FTGMAC100State),
1231         VMSTATE_UINT32(rbsr, FTGMAC100State),
1232         VMSTATE_UINT32_ARRAY(math, FTGMAC100State, 2),
1233         VMSTATE_UINT32(itc, FTGMAC100State),
1234         VMSTATE_UINT32(aptcr, FTGMAC100State),
1235         VMSTATE_UINT32(dblac, FTGMAC100State),
1236         VMSTATE_UINT32(revr, FTGMAC100State),
1237         VMSTATE_UINT32(fear1, FTGMAC100State),
1238         VMSTATE_UINT32(tpafcr, FTGMAC100State),
1239         VMSTATE_UINT32(maccr, FTGMAC100State),
1240         VMSTATE_UINT32(phycr, FTGMAC100State),
1241         VMSTATE_UINT32(phydata, FTGMAC100State),
1242         VMSTATE_UINT32(fcr, FTGMAC100State),
1243         VMSTATE_UINT32(phy_status, FTGMAC100State),
1244         VMSTATE_UINT32(phy_control, FTGMAC100State),
1245         VMSTATE_UINT32(phy_advertise, FTGMAC100State),
1246         VMSTATE_UINT32(phy_int, FTGMAC100State),
1247         VMSTATE_UINT32(phy_int_mask, FTGMAC100State),
1248         VMSTATE_UINT32(txdes0_edotr, FTGMAC100State),
1249         VMSTATE_UINT32(rxdes0_edorr, FTGMAC100State),
1250         VMSTATE_UINT64(rx_ring, FTGMAC100State),
1251         VMSTATE_UINT64(tx_ring, FTGMAC100State),
1252         VMSTATE_UINT64(rx_descriptor, FTGMAC100State),
1253         VMSTATE_UINT64(tx_descriptor, FTGMAC100State),
1254         VMSTATE_END_OF_LIST()
1255     }
1256 };
1257 
1258 static Property ftgmac100_properties[] = {
1259     DEFINE_PROP_BOOL("aspeed", FTGMAC100State, aspeed, false),
1260     DEFINE_NIC_PROPERTIES(FTGMAC100State, conf),
1261     DEFINE_PROP_BOOL("dma64", FTGMAC100State, dma64, false),
1262     DEFINE_PROP_END_OF_LIST(),
1263 };
1264 
1265 static void ftgmac100_class_init(ObjectClass *klass, void *data)
1266 {
1267     DeviceClass *dc = DEVICE_CLASS(klass);
1268 
1269     dc->vmsd = &vmstate_ftgmac100;
1270     device_class_set_legacy_reset(dc, ftgmac100_reset);
1271     device_class_set_props(dc, ftgmac100_properties);
1272     set_bit(DEVICE_CATEGORY_NETWORK, dc->categories);
1273     dc->realize = ftgmac100_realize;
1274     dc->desc = "Faraday FTGMAC100 Gigabit Ethernet emulation";
1275 }
1276 
1277 static const TypeInfo ftgmac100_info = {
1278     .name = TYPE_FTGMAC100,
1279     .parent = TYPE_SYS_BUS_DEVICE,
1280     .instance_size = sizeof(FTGMAC100State),
1281     .class_init = ftgmac100_class_init,
1282 };
1283 
1284 /*
1285  * AST2600 MII controller
1286  */
1287 #define ASPEED_MII_PHYCR_FIRE        BIT(31)
1288 #define ASPEED_MII_PHYCR_ST_22       BIT(28)
1289 #define ASPEED_MII_PHYCR_OP(x)       ((x) & (ASPEED_MII_PHYCR_OP_WRITE | \
1290                                              ASPEED_MII_PHYCR_OP_READ))
1291 #define ASPEED_MII_PHYCR_OP_WRITE    BIT(26)
1292 #define ASPEED_MII_PHYCR_OP_READ     BIT(27)
1293 #define ASPEED_MII_PHYCR_DATA(x)     (x & 0xffff)
1294 #define ASPEED_MII_PHYCR_PHY(x)      (((x) >> 21) & 0x1f)
1295 #define ASPEED_MII_PHYCR_REG(x)      (((x) >> 16) & 0x1f)
1296 
1297 #define ASPEED_MII_PHYDATA_IDLE      BIT(16)
1298 
1299 static void aspeed_mii_transition(AspeedMiiState *s, bool fire)
1300 {
1301     if (fire) {
1302         s->phycr |= ASPEED_MII_PHYCR_FIRE;
1303         s->phydata &= ~ASPEED_MII_PHYDATA_IDLE;
1304     } else {
1305         s->phycr &= ~ASPEED_MII_PHYCR_FIRE;
1306         s->phydata |= ASPEED_MII_PHYDATA_IDLE;
1307     }
1308 }
1309 
1310 static void aspeed_mii_do_phy_ctl(AspeedMiiState *s)
1311 {
1312     uint8_t reg;
1313     uint16_t data;
1314 
1315     if (!(s->phycr & ASPEED_MII_PHYCR_ST_22)) {
1316         aspeed_mii_transition(s, !ASPEED_MII_PHYCR_FIRE);
1317         qemu_log_mask(LOG_UNIMP, "%s: unsupported ST code\n", __func__);
1318         return;
1319     }
1320 
1321     /* Nothing to do */
1322     if (!(s->phycr & ASPEED_MII_PHYCR_FIRE)) {
1323         return;
1324     }
1325 
1326     reg = ASPEED_MII_PHYCR_REG(s->phycr);
1327     data = ASPEED_MII_PHYCR_DATA(s->phycr);
1328 
1329     switch (ASPEED_MII_PHYCR_OP(s->phycr)) {
1330     case ASPEED_MII_PHYCR_OP_WRITE:
1331         do_phy_write(s->nic, reg, data);
1332         break;
1333     case ASPEED_MII_PHYCR_OP_READ:
1334         s->phydata = (s->phydata & ~0xffff) | do_phy_read(s->nic, reg);
1335         break;
1336     default:
1337         qemu_log_mask(LOG_GUEST_ERROR, "%s: invalid OP code %08x\n",
1338                       __func__, s->phycr);
1339     }
1340 
1341     aspeed_mii_transition(s, !ASPEED_MII_PHYCR_FIRE);
1342 }
1343 
1344 static uint64_t aspeed_mii_read(void *opaque, hwaddr addr, unsigned size)
1345 {
1346     AspeedMiiState *s = ASPEED_MII(opaque);
1347 
1348     switch (addr) {
1349     case 0x0:
1350         return s->phycr;
1351     case 0x4:
1352         return s->phydata;
1353     default:
1354         g_assert_not_reached();
1355     }
1356 }
1357 
1358 static void aspeed_mii_write(void *opaque, hwaddr addr,
1359                              uint64_t value, unsigned size)
1360 {
1361     AspeedMiiState *s = ASPEED_MII(opaque);
1362 
1363     switch (addr) {
1364     case 0x0:
1365         s->phycr = value & ~(s->phycr & ASPEED_MII_PHYCR_FIRE);
1366         break;
1367     case 0x4:
1368         s->phydata = value & ~(0xffff | ASPEED_MII_PHYDATA_IDLE);
1369         break;
1370     default:
1371         g_assert_not_reached();
1372     }
1373 
1374     aspeed_mii_transition(s, !!(s->phycr & ASPEED_MII_PHYCR_FIRE));
1375     aspeed_mii_do_phy_ctl(s);
1376 }
1377 
1378 static const MemoryRegionOps aspeed_mii_ops = {
1379     .read = aspeed_mii_read,
1380     .write = aspeed_mii_write,
1381     .valid.min_access_size = 4,
1382     .valid.max_access_size = 4,
1383     .endianness = DEVICE_LITTLE_ENDIAN,
1384 };
1385 
1386 static void aspeed_mii_reset(DeviceState *dev)
1387 {
1388     AspeedMiiState *s = ASPEED_MII(dev);
1389 
1390     s->phycr = 0;
1391     s->phydata = 0;
1392 
1393     aspeed_mii_transition(s, !!(s->phycr & ASPEED_MII_PHYCR_FIRE));
1394 };
1395 
1396 static void aspeed_mii_realize(DeviceState *dev, Error **errp)
1397 {
1398     AspeedMiiState *s = ASPEED_MII(dev);
1399     SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
1400 
1401     assert(s->nic);
1402 
1403     memory_region_init_io(&s->iomem, OBJECT(dev), &aspeed_mii_ops, s,
1404                           TYPE_ASPEED_MII, 0x8);
1405     sysbus_init_mmio(sbd, &s->iomem);
1406 }
1407 
1408 static const VMStateDescription vmstate_aspeed_mii = {
1409     .name = TYPE_ASPEED_MII,
1410     .version_id = 1,
1411     .minimum_version_id = 1,
1412     .fields = (const VMStateField[]) {
1413         VMSTATE_UINT32(phycr, FTGMAC100State),
1414         VMSTATE_UINT32(phydata, FTGMAC100State),
1415         VMSTATE_END_OF_LIST()
1416     }
1417 };
1418 
1419 static Property aspeed_mii_properties[] = {
1420     DEFINE_PROP_LINK("nic", AspeedMiiState, nic, TYPE_FTGMAC100,
1421                      FTGMAC100State *),
1422     DEFINE_PROP_END_OF_LIST(),
1423 };
1424 
1425 static void aspeed_mii_class_init(ObjectClass *klass, void *data)
1426 {
1427     DeviceClass *dc = DEVICE_CLASS(klass);
1428 
1429     dc->vmsd = &vmstate_aspeed_mii;
1430     device_class_set_legacy_reset(dc, aspeed_mii_reset);
1431     dc->realize = aspeed_mii_realize;
1432     dc->desc = "Aspeed MII controller";
1433     device_class_set_props(dc, aspeed_mii_properties);
1434 }
1435 
1436 static const TypeInfo aspeed_mii_info = {
1437     .name = TYPE_ASPEED_MII,
1438     .parent = TYPE_SYS_BUS_DEVICE,
1439     .instance_size = sizeof(AspeedMiiState),
1440     .class_init = aspeed_mii_class_init,
1441 };
1442 
1443 static void ftgmac100_register_types(void)
1444 {
1445     type_register_static(&ftgmac100_info);
1446     type_register_static(&aspeed_mii_info);
1447 }
1448 
1449 type_init(ftgmac100_register_types)
1450