1 /*
2 * SMSC LAN9118 Ethernet interface emulation
3 *
4 * Copyright (c) 2009 CodeSourcery, LLC.
5 * Written by Paul Brook
6 *
7 * This code is licensed under the GNU GPL v2
8 *
9 * Contributions after 2012-01-13 are licensed under the terms of the
10 * GNU GPL, version 2 or (at your option) any later version.
11 */
12
13 #include "qemu/osdep.h"
14 #include "hw/sysbus.h"
15 #include "migration/vmstate.h"
16 #include "net/net.h"
17 #include "net/eth.h"
18 #include "hw/irq.h"
19 #include "hw/net/lan9118.h"
20 #include "hw/ptimer.h"
21 #include "hw/qdev-properties.h"
22 #include "qapi/error.h"
23 #include "qemu/log.h"
24 #include "qemu/module.h"
25 /* For crc32 */
26 #include <zlib.h>
27 #include "qom/object.h"
28
29 //#define DEBUG_LAN9118
30
31 #ifdef DEBUG_LAN9118
32 #define DPRINTF(fmt, ...) \
33 do { printf("lan9118: " fmt , ## __VA_ARGS__); } while (0)
34 #else
35 #define DPRINTF(fmt, ...) do {} while(0)
36 #endif
37
38 /* The tx and rx fifo ports are a range of aliased 32-bit registers */
39 #define RX_DATA_FIFO_PORT_FIRST 0x00
40 #define RX_DATA_FIFO_PORT_LAST 0x1f
41 #define TX_DATA_FIFO_PORT_FIRST 0x20
42 #define TX_DATA_FIFO_PORT_LAST 0x3f
43
44 #define RX_STATUS_FIFO_PORT 0x40
45 #define RX_STATUS_FIFO_PEEK 0x44
46 #define TX_STATUS_FIFO_PORT 0x48
47 #define TX_STATUS_FIFO_PEEK 0x4c
48
49 #define CSR_ID_REV 0x50
50 #define CSR_IRQ_CFG 0x54
51 #define CSR_INT_STS 0x58
52 #define CSR_INT_EN 0x5c
53 #define CSR_BYTE_TEST 0x64
54 #define CSR_FIFO_INT 0x68
55 #define CSR_RX_CFG 0x6c
56 #define CSR_TX_CFG 0x70
57 #define CSR_HW_CFG 0x74
58 #define CSR_RX_DP_CTRL 0x78
59 #define CSR_RX_FIFO_INF 0x7c
60 #define CSR_TX_FIFO_INF 0x80
61 #define CSR_PMT_CTRL 0x84
62 #define CSR_GPIO_CFG 0x88
63 #define CSR_GPT_CFG 0x8c
64 #define CSR_GPT_CNT 0x90
65 #define CSR_WORD_SWAP 0x98
66 #define CSR_FREE_RUN 0x9c
67 #define CSR_RX_DROP 0xa0
68 #define CSR_MAC_CSR_CMD 0xa4
69 #define CSR_MAC_CSR_DATA 0xa8
70 #define CSR_AFC_CFG 0xac
71 #define CSR_E2P_CMD 0xb0
72 #define CSR_E2P_DATA 0xb4
73
74 #define E2P_CMD_MAC_ADDR_LOADED 0x100
75
76 /* IRQ_CFG */
77 #define IRQ_INT 0x00001000
78 #define IRQ_EN 0x00000100
79 #define IRQ_POL 0x00000010
80 #define IRQ_TYPE 0x00000001
81
82 /* INT_STS/INT_EN */
83 #define SW_INT 0x80000000
84 #define TXSTOP_INT 0x02000000
85 #define RXSTOP_INT 0x01000000
86 #define RXDFH_INT 0x00800000
87 #define TX_IOC_INT 0x00200000
88 #define RXD_INT 0x00100000
89 #define GPT_INT 0x00080000
90 #define PHY_INT 0x00040000
91 #define PME_INT 0x00020000
92 #define TXSO_INT 0x00010000
93 #define RWT_INT 0x00008000
94 #define RXE_INT 0x00004000
95 #define TXE_INT 0x00002000
96 #define TDFU_INT 0x00000800
97 #define TDFO_INT 0x00000400
98 #define TDFA_INT 0x00000200
99 #define TSFF_INT 0x00000100
100 #define TSFL_INT 0x00000080
101 #define RXDF_INT 0x00000040
102 #define RDFL_INT 0x00000020
103 #define RSFF_INT 0x00000010
104 #define RSFL_INT 0x00000008
105 #define GPIO2_INT 0x00000004
106 #define GPIO1_INT 0x00000002
107 #define GPIO0_INT 0x00000001
108 #define RESERVED_INT 0x7c001000
109
110 #define MAC_CR 1
111 #define MAC_ADDRH 2
112 #define MAC_ADDRL 3
113 #define MAC_HASHH 4
114 #define MAC_HASHL 5
115 #define MAC_MII_ACC 6
116 #define MAC_MII_DATA 7
117 #define MAC_FLOW 8
118 #define MAC_VLAN1 9 /* TODO */
119 #define MAC_VLAN2 10 /* TODO */
120 #define MAC_WUFF 11 /* TODO */
121 #define MAC_WUCSR 12 /* TODO */
122
123 #define MAC_CR_RXALL 0x80000000
124 #define MAC_CR_RCVOWN 0x00800000
125 #define MAC_CR_LOOPBK 0x00200000
126 #define MAC_CR_FDPX 0x00100000
127 #define MAC_CR_MCPAS 0x00080000
128 #define MAC_CR_PRMS 0x00040000
129 #define MAC_CR_INVFILT 0x00020000
130 #define MAC_CR_PASSBAD 0x00010000
131 #define MAC_CR_HO 0x00008000
132 #define MAC_CR_HPFILT 0x00002000
133 #define MAC_CR_LCOLL 0x00001000
134 #define MAC_CR_BCAST 0x00000800
135 #define MAC_CR_DISRTY 0x00000400
136 #define MAC_CR_PADSTR 0x00000100
137 #define MAC_CR_BOLMT 0x000000c0
138 #define MAC_CR_DFCHK 0x00000020
139 #define MAC_CR_TXEN 0x00000008
140 #define MAC_CR_RXEN 0x00000004
141 #define MAC_CR_RESERVED 0x7f404213
142
143 #define PHY_INT_ENERGYON 0x80
144 #define PHY_INT_AUTONEG_COMPLETE 0x40
145 #define PHY_INT_FAULT 0x20
146 #define PHY_INT_DOWN 0x10
147 #define PHY_INT_AUTONEG_LP 0x08
148 #define PHY_INT_PARFAULT 0x04
149 #define PHY_INT_AUTONEG_PAGE 0x02
150
151 #define GPT_TIMER_EN 0x20000000
152
153 /*
154 * The MAC Interface Layer (MIL), within the MAC, contains a 2K Byte transmit
155 * and a 128 Byte receive FIFO which is separate from the TX and RX FIFOs.
156 */
157 #define MIL_TXFIFO_SIZE 2048
158
159 enum tx_state {
160 TX_IDLE,
161 TX_B,
162 TX_DATA
163 };
164
165 typedef struct {
166 /* state is a tx_state but we can't put enums in VMStateDescriptions. */
167 uint32_t state;
168 uint32_t cmd_a;
169 uint32_t cmd_b;
170 int32_t buffer_size;
171 int32_t offset;
172 int32_t pad;
173 int32_t fifo_used;
174 int32_t len;
175 uint8_t data[MIL_TXFIFO_SIZE];
176 } LAN9118Packet;
177
178 static const VMStateDescription vmstate_lan9118_packet = {
179 .name = "lan9118_packet",
180 .version_id = 1,
181 .minimum_version_id = 1,
182 .fields = (const VMStateField[]) {
183 VMSTATE_UINT32(state, LAN9118Packet),
184 VMSTATE_UINT32(cmd_a, LAN9118Packet),
185 VMSTATE_UINT32(cmd_b, LAN9118Packet),
186 VMSTATE_INT32(buffer_size, LAN9118Packet),
187 VMSTATE_INT32(offset, LAN9118Packet),
188 VMSTATE_INT32(pad, LAN9118Packet),
189 VMSTATE_INT32(fifo_used, LAN9118Packet),
190 VMSTATE_INT32(len, LAN9118Packet),
191 VMSTATE_UINT8_ARRAY(data, LAN9118Packet, MIL_TXFIFO_SIZE),
192 VMSTATE_END_OF_LIST()
193 }
194 };
195
196 OBJECT_DECLARE_SIMPLE_TYPE(lan9118_state, LAN9118)
197
198 struct lan9118_state {
199 SysBusDevice parent_obj;
200
201 NICState *nic;
202 NICConf conf;
203 qemu_irq irq;
204 MemoryRegion mmio;
205 ptimer_state *timer;
206
207 uint32_t irq_cfg;
208 uint32_t int_sts;
209 uint32_t int_en;
210 uint32_t fifo_int;
211 uint32_t rx_cfg;
212 uint32_t tx_cfg;
213 uint32_t hw_cfg;
214 uint32_t pmt_ctrl;
215 uint32_t gpio_cfg;
216 uint32_t gpt_cfg;
217 uint32_t word_swap;
218 uint32_t free_timer_start;
219 uint32_t mac_cmd;
220 uint32_t mac_data;
221 uint32_t afc_cfg;
222 uint32_t e2p_cmd;
223 uint32_t e2p_data;
224
225 uint32_t mac_cr;
226 uint32_t mac_hashh;
227 uint32_t mac_hashl;
228 uint32_t mac_mii_acc;
229 uint32_t mac_mii_data;
230 uint32_t mac_flow;
231
232 uint32_t phy_status;
233 uint32_t phy_control;
234 uint32_t phy_advertise;
235 uint32_t phy_int;
236 uint32_t phy_int_mask;
237
238 int32_t eeprom_writable;
239 uint8_t eeprom[128];
240
241 int32_t tx_fifo_size;
242 LAN9118Packet *txp;
243 LAN9118Packet tx_packet;
244
245 int32_t tx_status_fifo_used;
246 int32_t tx_status_fifo_head;
247 uint32_t tx_status_fifo[512];
248
249 int32_t rx_status_fifo_size;
250 int32_t rx_status_fifo_used;
251 int32_t rx_status_fifo_head;
252 uint32_t rx_status_fifo[896];
253 int32_t rx_fifo_size;
254 int32_t rx_fifo_used;
255 int32_t rx_fifo_head;
256 uint32_t rx_fifo[3360];
257 int32_t rx_packet_size_head;
258 int32_t rx_packet_size_tail;
259 int32_t rx_packet_size[1024];
260
261 int32_t rxp_offset;
262 int32_t rxp_size;
263 int32_t rxp_pad;
264
265 uint32_t write_word_prev_offset;
266 uint32_t write_word_n;
267 uint16_t write_word_l;
268 uint16_t write_word_h;
269 uint32_t read_word_prev_offset;
270 uint32_t read_word_n;
271 uint32_t read_long;
272
273 uint32_t mode_16bit;
274 };
275
276 static const VMStateDescription vmstate_lan9118 = {
277 .name = "lan9118",
278 .version_id = 2,
279 .minimum_version_id = 1,
280 .fields = (const VMStateField[]) {
281 VMSTATE_PTIMER(timer, lan9118_state),
282 VMSTATE_UINT32(irq_cfg, lan9118_state),
283 VMSTATE_UINT32(int_sts, lan9118_state),
284 VMSTATE_UINT32(int_en, lan9118_state),
285 VMSTATE_UINT32(fifo_int, lan9118_state),
286 VMSTATE_UINT32(rx_cfg, lan9118_state),
287 VMSTATE_UINT32(tx_cfg, lan9118_state),
288 VMSTATE_UINT32(hw_cfg, lan9118_state),
289 VMSTATE_UINT32(pmt_ctrl, lan9118_state),
290 VMSTATE_UINT32(gpio_cfg, lan9118_state),
291 VMSTATE_UINT32(gpt_cfg, lan9118_state),
292 VMSTATE_UINT32(word_swap, lan9118_state),
293 VMSTATE_UINT32(free_timer_start, lan9118_state),
294 VMSTATE_UINT32(mac_cmd, lan9118_state),
295 VMSTATE_UINT32(mac_data, lan9118_state),
296 VMSTATE_UINT32(afc_cfg, lan9118_state),
297 VMSTATE_UINT32(e2p_cmd, lan9118_state),
298 VMSTATE_UINT32(e2p_data, lan9118_state),
299 VMSTATE_UINT32(mac_cr, lan9118_state),
300 VMSTATE_UINT32(mac_hashh, lan9118_state),
301 VMSTATE_UINT32(mac_hashl, lan9118_state),
302 VMSTATE_UINT32(mac_mii_acc, lan9118_state),
303 VMSTATE_UINT32(mac_mii_data, lan9118_state),
304 VMSTATE_UINT32(mac_flow, lan9118_state),
305 VMSTATE_UINT32(phy_status, lan9118_state),
306 VMSTATE_UINT32(phy_control, lan9118_state),
307 VMSTATE_UINT32(phy_advertise, lan9118_state),
308 VMSTATE_UINT32(phy_int, lan9118_state),
309 VMSTATE_UINT32(phy_int_mask, lan9118_state),
310 VMSTATE_INT32(eeprom_writable, lan9118_state),
311 VMSTATE_UINT8_ARRAY(eeprom, lan9118_state, 128),
312 VMSTATE_INT32(tx_fifo_size, lan9118_state),
313 /* txp always points at tx_packet so need not be saved */
314 VMSTATE_STRUCT(tx_packet, lan9118_state, 0,
315 vmstate_lan9118_packet, LAN9118Packet),
316 VMSTATE_INT32(tx_status_fifo_used, lan9118_state),
317 VMSTATE_INT32(tx_status_fifo_head, lan9118_state),
318 VMSTATE_UINT32_ARRAY(tx_status_fifo, lan9118_state, 512),
319 VMSTATE_INT32(rx_status_fifo_size, lan9118_state),
320 VMSTATE_INT32(rx_status_fifo_used, lan9118_state),
321 VMSTATE_INT32(rx_status_fifo_head, lan9118_state),
322 VMSTATE_UINT32_ARRAY(rx_status_fifo, lan9118_state, 896),
323 VMSTATE_INT32(rx_fifo_size, lan9118_state),
324 VMSTATE_INT32(rx_fifo_used, lan9118_state),
325 VMSTATE_INT32(rx_fifo_head, lan9118_state),
326 VMSTATE_UINT32_ARRAY(rx_fifo, lan9118_state, 3360),
327 VMSTATE_INT32(rx_packet_size_head, lan9118_state),
328 VMSTATE_INT32(rx_packet_size_tail, lan9118_state),
329 VMSTATE_INT32_ARRAY(rx_packet_size, lan9118_state, 1024),
330 VMSTATE_INT32(rxp_offset, lan9118_state),
331 VMSTATE_INT32(rxp_size, lan9118_state),
332 VMSTATE_INT32(rxp_pad, lan9118_state),
333 VMSTATE_UINT32_V(write_word_prev_offset, lan9118_state, 2),
334 VMSTATE_UINT32_V(write_word_n, lan9118_state, 2),
335 VMSTATE_UINT16_V(write_word_l, lan9118_state, 2),
336 VMSTATE_UINT16_V(write_word_h, lan9118_state, 2),
337 VMSTATE_UINT32_V(read_word_prev_offset, lan9118_state, 2),
338 VMSTATE_UINT32_V(read_word_n, lan9118_state, 2),
339 VMSTATE_UINT32_V(read_long, lan9118_state, 2),
340 VMSTATE_UINT32_V(mode_16bit, lan9118_state, 2),
341 VMSTATE_END_OF_LIST()
342 }
343 };
344
lan9118_update(lan9118_state * s)345 static void lan9118_update(lan9118_state *s)
346 {
347 int level;
348
349 /* TODO: Implement FIFO level IRQs. */
350 level = (s->int_sts & s->int_en) != 0;
351 if (level) {
352 s->irq_cfg |= IRQ_INT;
353 } else {
354 s->irq_cfg &= ~IRQ_INT;
355 }
356 if ((s->irq_cfg & IRQ_EN) == 0) {
357 level = 0;
358 }
359 if ((s->irq_cfg & (IRQ_TYPE | IRQ_POL)) != (IRQ_TYPE | IRQ_POL)) {
360 /* Interrupt is active low unless we're configured as
361 * active-high polarity, push-pull type.
362 */
363 level = !level;
364 }
365 qemu_set_irq(s->irq, level);
366 }
367
lan9118_mac_changed(lan9118_state * s)368 static void lan9118_mac_changed(lan9118_state *s)
369 {
370 qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a);
371 }
372
lan9118_reload_eeprom(lan9118_state * s)373 static void lan9118_reload_eeprom(lan9118_state *s)
374 {
375 int i;
376 if (s->eeprom[0] != 0xa5) {
377 s->e2p_cmd &= ~E2P_CMD_MAC_ADDR_LOADED;
378 DPRINTF("MACADDR load failed\n");
379 return;
380 }
381 for (i = 0; i < 6; i++) {
382 s->conf.macaddr.a[i] = s->eeprom[i + 1];
383 }
384 s->e2p_cmd |= E2P_CMD_MAC_ADDR_LOADED;
385 DPRINTF("MACADDR loaded from eeprom\n");
386 lan9118_mac_changed(s);
387 }
388
phy_update_irq(lan9118_state * s)389 static void phy_update_irq(lan9118_state *s)
390 {
391 if (s->phy_int & s->phy_int_mask) {
392 s->int_sts |= PHY_INT;
393 } else {
394 s->int_sts &= ~PHY_INT;
395 }
396 lan9118_update(s);
397 }
398
phy_update_link(lan9118_state * s)399 static void phy_update_link(lan9118_state *s)
400 {
401 /* Autonegotiation status mirrors link status. */
402 if (qemu_get_queue(s->nic)->link_down) {
403 s->phy_status &= ~0x0024;
404 s->phy_int |= PHY_INT_DOWN;
405 } else {
406 s->phy_status |= 0x0024;
407 s->phy_int |= PHY_INT_ENERGYON;
408 s->phy_int |= PHY_INT_AUTONEG_COMPLETE;
409 }
410 phy_update_irq(s);
411 }
412
lan9118_set_link(NetClientState * nc)413 static void lan9118_set_link(NetClientState *nc)
414 {
415 phy_update_link(qemu_get_nic_opaque(nc));
416 }
417
phy_reset(lan9118_state * s)418 static void phy_reset(lan9118_state *s)
419 {
420 s->phy_status = 0x7809;
421 s->phy_control = 0x3000;
422 s->phy_advertise = 0x01e1;
423 s->phy_int_mask = 0;
424 s->phy_int = 0;
425 phy_update_link(s);
426 }
427
lan9118_reset(DeviceState * d)428 static void lan9118_reset(DeviceState *d)
429 {
430 lan9118_state *s = LAN9118(d);
431
432 s->irq_cfg &= (IRQ_TYPE | IRQ_POL);
433 s->int_sts = 0;
434 s->int_en = 0;
435 s->fifo_int = 0x48000000;
436 s->rx_cfg = 0;
437 s->tx_cfg = 0;
438 s->hw_cfg = s->mode_16bit ? 0x00050000 : 0x00050004;
439 s->pmt_ctrl &= 0x45;
440 s->gpio_cfg = 0;
441 s->txp->fifo_used = 0;
442 s->txp->state = TX_IDLE;
443 s->txp->cmd_a = 0xffffffffu;
444 s->txp->cmd_b = 0xffffffffu;
445 s->txp->len = 0;
446 s->txp->fifo_used = 0;
447 s->tx_fifo_size = 4608;
448 s->tx_status_fifo_used = 0;
449 s->rx_status_fifo_size = 704;
450 s->rx_fifo_size = 2640;
451 s->rx_fifo_used = 0;
452 s->rx_status_fifo_size = 176;
453 s->rx_status_fifo_used = 0;
454 s->rxp_offset = 0;
455 s->rxp_size = 0;
456 s->rxp_pad = 0;
457 s->rx_packet_size_tail = s->rx_packet_size_head;
458 s->rx_packet_size[s->rx_packet_size_head] = 0;
459 s->mac_cmd = 0;
460 s->mac_data = 0;
461 s->afc_cfg = 0;
462 s->e2p_cmd = 0;
463 s->e2p_data = 0;
464 s->free_timer_start = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) / 40;
465
466 ptimer_transaction_begin(s->timer);
467 ptimer_stop(s->timer);
468 ptimer_set_count(s->timer, 0xffff);
469 ptimer_transaction_commit(s->timer);
470 s->gpt_cfg = 0xffff;
471
472 s->mac_cr = MAC_CR_PRMS;
473 s->mac_hashh = 0;
474 s->mac_hashl = 0;
475 s->mac_mii_acc = 0;
476 s->mac_mii_data = 0;
477 s->mac_flow = 0;
478
479 s->read_word_n = 0;
480 s->write_word_n = 0;
481
482 phy_reset(s);
483
484 s->eeprom_writable = 0;
485 lan9118_reload_eeprom(s);
486 }
487
rx_fifo_push(lan9118_state * s,uint32_t val)488 static void rx_fifo_push(lan9118_state *s, uint32_t val)
489 {
490 int fifo_pos;
491 fifo_pos = s->rx_fifo_head + s->rx_fifo_used;
492 if (fifo_pos >= s->rx_fifo_size)
493 fifo_pos -= s->rx_fifo_size;
494 s->rx_fifo[fifo_pos] = val;
495 s->rx_fifo_used++;
496 }
497
498 /* Return nonzero if the packet is accepted by the filter. */
lan9118_filter(lan9118_state * s,const uint8_t * addr)499 static int lan9118_filter(lan9118_state *s, const uint8_t *addr)
500 {
501 int multicast;
502 uint32_t hash;
503
504 if (s->mac_cr & MAC_CR_PRMS) {
505 return 1;
506 }
507 if (addr[0] == 0xff && addr[1] == 0xff && addr[2] == 0xff &&
508 addr[3] == 0xff && addr[4] == 0xff && addr[5] == 0xff) {
509 return (s->mac_cr & MAC_CR_BCAST) == 0;
510 }
511
512 multicast = addr[0] & 1;
513 if (multicast &&s->mac_cr & MAC_CR_MCPAS) {
514 return 1;
515 }
516 if (multicast ? (s->mac_cr & MAC_CR_HPFILT) == 0
517 : (s->mac_cr & MAC_CR_HO) == 0) {
518 /* Exact matching. */
519 hash = memcmp(addr, s->conf.macaddr.a, 6);
520 if (s->mac_cr & MAC_CR_INVFILT) {
521 return hash != 0;
522 } else {
523 return hash == 0;
524 }
525 } else {
526 /* Hash matching */
527 hash = net_crc32(addr, ETH_ALEN) >> 26;
528 if (hash & 0x20) {
529 return (s->mac_hashh >> (hash & 0x1f)) & 1;
530 } else {
531 return (s->mac_hashl >> (hash & 0x1f)) & 1;
532 }
533 }
534 }
535
lan9118_receive(NetClientState * nc,const uint8_t * buf,size_t size)536 static ssize_t lan9118_receive(NetClientState *nc, const uint8_t *buf,
537 size_t size)
538 {
539 lan9118_state *s = qemu_get_nic_opaque(nc);
540 int fifo_len;
541 int offset;
542 int src_pos;
543 int n;
544 int filter;
545 uint32_t val;
546 uint32_t crc;
547 uint32_t status;
548
549 if ((s->mac_cr & MAC_CR_RXEN) == 0) {
550 return -1;
551 }
552
553 if (size >= MIL_TXFIFO_SIZE || size < 14) {
554 return -1;
555 }
556
557 /* TODO: Implement FIFO overflow notification. */
558 if (s->rx_status_fifo_used == s->rx_status_fifo_size) {
559 return -1;
560 }
561
562 filter = lan9118_filter(s, buf);
563 if (!filter && (s->mac_cr & MAC_CR_RXALL) == 0) {
564 return size;
565 }
566
567 offset = (s->rx_cfg >> 8) & 0x1f;
568 n = offset & 3;
569 fifo_len = (size + n + 3) >> 2;
570 /* Add a word for the CRC. */
571 fifo_len++;
572 if (s->rx_fifo_size - s->rx_fifo_used < fifo_len) {
573 return -1;
574 }
575
576 DPRINTF("Got packet len:%d fifo:%d filter:%s\n",
577 (int)size, fifo_len, filter ? "pass" : "fail");
578 val = 0;
579 crc = bswap32(crc32(~0, buf, size));
580 for (src_pos = 0; src_pos < size; src_pos++) {
581 val = (val >> 8) | ((uint32_t)buf[src_pos] << 24);
582 n++;
583 if (n == 4) {
584 n = 0;
585 rx_fifo_push(s, val);
586 val = 0;
587 }
588 }
589 if (n) {
590 val >>= ((4 - n) * 8);
591 val |= crc << (n * 8);
592 rx_fifo_push(s, val);
593 val = crc >> ((4 - n) * 8);
594 rx_fifo_push(s, val);
595 } else {
596 rx_fifo_push(s, crc);
597 }
598 n = s->rx_status_fifo_head + s->rx_status_fifo_used;
599 if (n >= s->rx_status_fifo_size) {
600 n -= s->rx_status_fifo_size;
601 }
602 s->rx_packet_size[s->rx_packet_size_tail] = fifo_len;
603 s->rx_packet_size_tail = (s->rx_packet_size_tail + 1023) & 1023;
604 s->rx_status_fifo_used++;
605
606 status = (size + 4) << 16;
607 if (buf[0] == 0xff && buf[1] == 0xff && buf[2] == 0xff &&
608 buf[3] == 0xff && buf[4] == 0xff && buf[5] == 0xff) {
609 status |= 0x00002000;
610 } else if (buf[0] & 1) {
611 status |= 0x00000400;
612 }
613 if (!filter) {
614 status |= 0x40000000;
615 }
616 s->rx_status_fifo[n] = status;
617
618 if (s->rx_status_fifo_used > (s->fifo_int & 0xff)) {
619 s->int_sts |= RSFL_INT;
620 }
621 lan9118_update(s);
622
623 return size;
624 }
625
rx_fifo_pop(lan9118_state * s)626 static uint32_t rx_fifo_pop(lan9118_state *s)
627 {
628 int n;
629 uint32_t val;
630
631 if (s->rxp_size == 0 && s->rxp_pad == 0) {
632 s->rxp_size = s->rx_packet_size[s->rx_packet_size_head];
633 s->rx_packet_size[s->rx_packet_size_head] = 0;
634 if (s->rxp_size != 0) {
635 s->rx_packet_size_head = (s->rx_packet_size_head + 1023) & 1023;
636 s->rxp_offset = (s->rx_cfg >> 10) & 7;
637 n = s->rxp_offset + s->rxp_size;
638 switch (s->rx_cfg >> 30) {
639 case 1:
640 n = (-n) & 3;
641 break;
642 case 2:
643 n = (-n) & 7;
644 break;
645 default:
646 n = 0;
647 break;
648 }
649 s->rxp_pad = n;
650 DPRINTF("Pop packet size:%d offset:%d pad: %d\n",
651 s->rxp_size, s->rxp_offset, s->rxp_pad);
652 }
653 }
654 if (s->rxp_offset > 0) {
655 s->rxp_offset--;
656 val = 0;
657 } else if (s->rxp_size > 0) {
658 s->rxp_size--;
659 val = s->rx_fifo[s->rx_fifo_head++];
660 if (s->rx_fifo_head >= s->rx_fifo_size) {
661 s->rx_fifo_head -= s->rx_fifo_size;
662 }
663 s->rx_fifo_used--;
664 } else if (s->rxp_pad > 0) {
665 s->rxp_pad--;
666 val = 0;
667 } else {
668 DPRINTF("RX underflow\n");
669 s->int_sts |= RXE_INT;
670 val = 0;
671 }
672 lan9118_update(s);
673 return val;
674 }
675
do_tx_packet(lan9118_state * s)676 static void do_tx_packet(lan9118_state *s)
677 {
678 int n;
679 uint32_t status;
680
681 /* FIXME: Honor TX disable, and allow queueing of packets. */
682 if (s->phy_control & 0x4000) {
683 /* This assumes the receive routine doesn't touch the VLANClient. */
684 qemu_receive_packet(qemu_get_queue(s->nic), s->txp->data, s->txp->len);
685 } else {
686 qemu_send_packet(qemu_get_queue(s->nic), s->txp->data, s->txp->len);
687 }
688 s->txp->fifo_used = 0;
689
690 if (s->tx_status_fifo_used == 512) {
691 /* Status FIFO full */
692 return;
693 }
694 /* Add entry to status FIFO. */
695 status = s->txp->cmd_b & 0xffff0000u;
696 DPRINTF("Sent packet tag:%04x len %d\n", status >> 16, s->txp->len);
697 n = (s->tx_status_fifo_head + s->tx_status_fifo_used) & 511;
698 s->tx_status_fifo[n] = status;
699 s->tx_status_fifo_used++;
700
701 /*
702 * Generate TSFL interrupt if TX FIFO level exceeds the level
703 * specified in the FIFO_INT TX Status Level field.
704 */
705 if (s->tx_status_fifo_used > ((s->fifo_int >> 16) & 0xff)) {
706 s->int_sts |= TSFL_INT;
707 }
708 if (s->tx_status_fifo_used == 512) {
709 s->int_sts |= TSFF_INT;
710 /* TODO: Stop transmission. */
711 }
712 }
713
rx_status_fifo_pop(lan9118_state * s)714 static uint32_t rx_status_fifo_pop(lan9118_state *s)
715 {
716 uint32_t val;
717
718 val = s->rx_status_fifo[s->rx_status_fifo_head];
719 if (s->rx_status_fifo_used != 0) {
720 s->rx_status_fifo_used--;
721 s->rx_status_fifo_head++;
722 if (s->rx_status_fifo_head >= s->rx_status_fifo_size) {
723 s->rx_status_fifo_head -= s->rx_status_fifo_size;
724 }
725 /* ??? What value should be returned when the FIFO is empty? */
726 DPRINTF("RX status pop 0x%08x\n", val);
727 }
728 return val;
729 }
730
tx_status_fifo_pop(lan9118_state * s)731 static uint32_t tx_status_fifo_pop(lan9118_state *s)
732 {
733 uint32_t val;
734
735 val = s->tx_status_fifo[s->tx_status_fifo_head];
736 if (s->tx_status_fifo_used != 0) {
737 s->tx_status_fifo_used--;
738 s->tx_status_fifo_head = (s->tx_status_fifo_head + 1) & 511;
739 /* ??? What value should be returned when the FIFO is empty? */
740 }
741 return val;
742 }
743
tx_fifo_push(lan9118_state * s,uint32_t val)744 static void tx_fifo_push(lan9118_state *s, uint32_t val)
745 {
746 int n;
747
748 if (s->txp->fifo_used == s->tx_fifo_size) {
749 s->int_sts |= TDFO_INT;
750 return;
751 }
752 switch (s->txp->state) {
753 case TX_IDLE:
754 s->txp->cmd_a = val & 0x831f37ff;
755 s->txp->fifo_used++;
756 s->txp->state = TX_B;
757 s->txp->buffer_size = extract32(s->txp->cmd_a, 0, 11);
758 s->txp->offset = extract32(s->txp->cmd_a, 16, 5);
759 break;
760 case TX_B:
761 if (s->txp->cmd_a & 0x2000) {
762 /* First segment */
763 s->txp->cmd_b = val;
764 s->txp->fifo_used++;
765 /* End alignment does not include command words. */
766 n = (s->txp->buffer_size + s->txp->offset + 3) >> 2;
767 switch ((n >> 24) & 3) {
768 case 1:
769 n = (-n) & 3;
770 break;
771 case 2:
772 n = (-n) & 7;
773 break;
774 default:
775 n = 0;
776 }
777 s->txp->pad = n;
778 s->txp->len = 0;
779 }
780 DPRINTF("Block len:%d offset:%d pad:%d cmd %08x\n",
781 s->txp->buffer_size, s->txp->offset, s->txp->pad,
782 s->txp->cmd_a);
783 s->txp->state = TX_DATA;
784 break;
785 case TX_DATA:
786 if (s->txp->offset >= 4) {
787 s->txp->offset -= 4;
788 break;
789 }
790 if (s->txp->buffer_size <= 0 && s->txp->pad != 0) {
791 s->txp->pad--;
792 } else {
793 n = MIN(4, s->txp->buffer_size + s->txp->offset);
794 while (s->txp->offset) {
795 val >>= 8;
796 n--;
797 s->txp->offset--;
798 }
799 /* Documentation is somewhat unclear on the ordering of bytes
800 in FIFO words. Empirical results show it to be little-endian.
801 */
802 while (n--) {
803 if (s->txp->len == MIL_TXFIFO_SIZE) {
804 /*
805 * No more space in the FIFO. The datasheet is not
806 * precise about this case. We choose what is easiest
807 * to model: the packet is truncated, and TXE is raised.
808 *
809 * Note, it could be a fragmented packet, but we currently
810 * do not handle that (see earlier TX_B case).
811 */
812 qemu_log_mask(LOG_GUEST_ERROR,
813 "MIL TX FIFO overrun, discarding %u byte%s\n",
814 n, n > 1 ? "s" : "");
815 s->int_sts |= TXE_INT;
816 break;
817 }
818 s->txp->data[s->txp->len] = val & 0xff;
819 s->txp->len++;
820 val >>= 8;
821 s->txp->buffer_size--;
822 }
823 s->txp->fifo_used++;
824 }
825 if (s->txp->buffer_size <= 0 && s->txp->pad == 0) {
826 if (s->txp->cmd_a & 0x1000) {
827 do_tx_packet(s);
828 }
829 if (s->txp->cmd_a & 0x80000000) {
830 s->int_sts |= TX_IOC_INT;
831 }
832 s->txp->state = TX_IDLE;
833 }
834 break;
835 }
836 }
837
do_phy_read(lan9118_state * s,int reg)838 static uint32_t do_phy_read(lan9118_state *s, int reg)
839 {
840 uint32_t val;
841
842 switch (reg) {
843 case 0: /* Basic Control */
844 return s->phy_control;
845 case 1: /* Basic Status */
846 return s->phy_status;
847 case 2: /* ID1 */
848 return 0x0007;
849 case 3: /* ID2 */
850 return 0xc0d1;
851 case 4: /* Auto-neg advertisement */
852 return s->phy_advertise;
853 case 5: /* Auto-neg Link Partner Ability */
854 return 0x0f71;
855 case 6: /* Auto-neg Expansion */
856 return 1;
857 /* TODO 17, 18, 27, 29, 30, 31 */
858 case 29: /* Interrupt source. */
859 val = s->phy_int;
860 s->phy_int = 0;
861 phy_update_irq(s);
862 return val;
863 case 30: /* Interrupt mask */
864 return s->phy_int_mask;
865 default:
866 qemu_log_mask(LOG_GUEST_ERROR,
867 "do_phy_read: PHY read reg %d\n", reg);
868 return 0;
869 }
870 }
871
do_phy_write(lan9118_state * s,int reg,uint32_t val)872 static void do_phy_write(lan9118_state *s, int reg, uint32_t val)
873 {
874 switch (reg) {
875 case 0: /* Basic Control */
876 if (val & 0x8000) {
877 phy_reset(s);
878 break;
879 }
880 s->phy_control = val & 0x7980;
881 /* Complete autonegotiation immediately. */
882 if (val & 0x1000) {
883 s->phy_status |= 0x0020;
884 }
885 break;
886 case 4: /* Auto-neg advertisement */
887 s->phy_advertise = (val & 0x2d7f) | 0x80;
888 break;
889 /* TODO 17, 18, 27, 31 */
890 case 30: /* Interrupt mask */
891 s->phy_int_mask = val & 0xff;
892 phy_update_irq(s);
893 break;
894 default:
895 qemu_log_mask(LOG_GUEST_ERROR,
896 "do_phy_write: PHY write reg %d = 0x%04x\n", reg, val);
897 }
898 }
899
do_mac_write(lan9118_state * s,int reg,uint32_t val)900 static void do_mac_write(lan9118_state *s, int reg, uint32_t val)
901 {
902 switch (reg) {
903 case MAC_CR:
904 if ((s->mac_cr & MAC_CR_RXEN) != 0 && (val & MAC_CR_RXEN) == 0) {
905 s->int_sts |= RXSTOP_INT;
906 }
907 s->mac_cr = val & ~MAC_CR_RESERVED;
908 DPRINTF("MAC_CR: %08x\n", val);
909 break;
910 case MAC_ADDRH:
911 s->conf.macaddr.a[4] = val & 0xff;
912 s->conf.macaddr.a[5] = (val >> 8) & 0xff;
913 lan9118_mac_changed(s);
914 break;
915 case MAC_ADDRL:
916 s->conf.macaddr.a[0] = val & 0xff;
917 s->conf.macaddr.a[1] = (val >> 8) & 0xff;
918 s->conf.macaddr.a[2] = (val >> 16) & 0xff;
919 s->conf.macaddr.a[3] = (val >> 24) & 0xff;
920 lan9118_mac_changed(s);
921 break;
922 case MAC_HASHH:
923 s->mac_hashh = val;
924 break;
925 case MAC_HASHL:
926 s->mac_hashl = val;
927 break;
928 case MAC_MII_ACC:
929 s->mac_mii_acc = val & 0xffc2;
930 if (val & 2) {
931 DPRINTF("PHY write %d = 0x%04x\n",
932 (val >> 6) & 0x1f, s->mac_mii_data);
933 do_phy_write(s, (val >> 6) & 0x1f, s->mac_mii_data);
934 } else {
935 s->mac_mii_data = do_phy_read(s, (val >> 6) & 0x1f);
936 DPRINTF("PHY read %d = 0x%04x\n",
937 (val >> 6) & 0x1f, s->mac_mii_data);
938 }
939 break;
940 case MAC_MII_DATA:
941 s->mac_mii_data = val & 0xffff;
942 break;
943 case MAC_FLOW:
944 s->mac_flow = val & 0xffff0000;
945 break;
946 case MAC_VLAN1:
947 /* Writing to this register changes a condition for
948 * FrameTooLong bit in rx_status. Since we do not set
949 * FrameTooLong anyway, just ignore write to this.
950 */
951 break;
952 default:
953 qemu_log_mask(LOG_GUEST_ERROR,
954 "lan9118: Unimplemented MAC register write: %d = 0x%x\n",
955 s->mac_cmd & 0xf, val);
956 }
957 }
958
do_mac_read(lan9118_state * s,int reg)959 static uint32_t do_mac_read(lan9118_state *s, int reg)
960 {
961 switch (reg) {
962 case MAC_CR:
963 return s->mac_cr;
964 case MAC_ADDRH:
965 return s->conf.macaddr.a[4] | (s->conf.macaddr.a[5] << 8);
966 case MAC_ADDRL:
967 return s->conf.macaddr.a[0] | (s->conf.macaddr.a[1] << 8)
968 | (s->conf.macaddr.a[2] << 16) | (s->conf.macaddr.a[3] << 24);
969 case MAC_HASHH:
970 return s->mac_hashh;
971 case MAC_HASHL:
972 return s->mac_hashl;
973 case MAC_MII_ACC:
974 return s->mac_mii_acc;
975 case MAC_MII_DATA:
976 return s->mac_mii_data;
977 case MAC_FLOW:
978 return s->mac_flow;
979 default:
980 qemu_log_mask(LOG_GUEST_ERROR,
981 "lan9118: Unimplemented MAC register read: %d\n",
982 s->mac_cmd & 0xf);
983 return 0;
984 }
985 }
986
lan9118_eeprom_cmd(lan9118_state * s,int cmd,int addr)987 static void lan9118_eeprom_cmd(lan9118_state *s, int cmd, int addr)
988 {
989 s->e2p_cmd = (s->e2p_cmd & E2P_CMD_MAC_ADDR_LOADED) | (cmd << 28) | addr;
990 switch (cmd) {
991 case 0:
992 s->e2p_data = s->eeprom[addr];
993 DPRINTF("EEPROM Read %d = 0x%02x\n", addr, s->e2p_data);
994 break;
995 case 1:
996 s->eeprom_writable = 0;
997 DPRINTF("EEPROM Write Disable\n");
998 break;
999 case 2: /* EWEN */
1000 s->eeprom_writable = 1;
1001 DPRINTF("EEPROM Write Enable\n");
1002 break;
1003 case 3: /* WRITE */
1004 if (s->eeprom_writable) {
1005 s->eeprom[addr] &= s->e2p_data;
1006 DPRINTF("EEPROM Write %d = 0x%02x\n", addr, s->e2p_data);
1007 } else {
1008 DPRINTF("EEPROM Write %d (ignored)\n", addr);
1009 }
1010 break;
1011 case 4: /* WRAL */
1012 if (s->eeprom_writable) {
1013 for (addr = 0; addr < 128; addr++) {
1014 s->eeprom[addr] &= s->e2p_data;
1015 }
1016 DPRINTF("EEPROM Write All 0x%02x\n", s->e2p_data);
1017 } else {
1018 DPRINTF("EEPROM Write All (ignored)\n");
1019 }
1020 break;
1021 case 5: /* ERASE */
1022 if (s->eeprom_writable) {
1023 s->eeprom[addr] = 0xff;
1024 DPRINTF("EEPROM Erase %d\n", addr);
1025 } else {
1026 DPRINTF("EEPROM Erase %d (ignored)\n", addr);
1027 }
1028 break;
1029 case 6: /* ERAL */
1030 if (s->eeprom_writable) {
1031 memset(s->eeprom, 0xff, 128);
1032 DPRINTF("EEPROM Erase All\n");
1033 } else {
1034 DPRINTF("EEPROM Erase All (ignored)\n");
1035 }
1036 break;
1037 case 7: /* RELOAD */
1038 lan9118_reload_eeprom(s);
1039 break;
1040 }
1041 }
1042
lan9118_tick(void * opaque)1043 static void lan9118_tick(void *opaque)
1044 {
1045 lan9118_state *s = (lan9118_state *)opaque;
1046 if (s->int_en & GPT_INT) {
1047 s->int_sts |= GPT_INT;
1048 }
1049 lan9118_update(s);
1050 }
1051
lan9118_writel(void * opaque,hwaddr offset,uint64_t val,unsigned size)1052 static void lan9118_writel(void *opaque, hwaddr offset,
1053 uint64_t val, unsigned size)
1054 {
1055 lan9118_state *s = (lan9118_state *)opaque;
1056 offset &= 0xff;
1057
1058 //DPRINTF("Write reg 0x%02x = 0x%08x\n", (int)offset, val);
1059 if (offset >= TX_DATA_FIFO_PORT_FIRST &&
1060 offset <= TX_DATA_FIFO_PORT_LAST) {
1061 /* TX FIFO */
1062 tx_fifo_push(s, val);
1063 return;
1064 }
1065 switch (offset) {
1066 case CSR_IRQ_CFG:
1067 /* TODO: Implement interrupt deassertion intervals. */
1068 val &= (IRQ_EN | IRQ_POL | IRQ_TYPE);
1069 s->irq_cfg = (s->irq_cfg & IRQ_INT) | val;
1070 break;
1071 case CSR_INT_STS:
1072 s->int_sts &= ~val;
1073 break;
1074 case CSR_INT_EN:
1075 s->int_en = val & ~RESERVED_INT;
1076 s->int_sts |= val & SW_INT;
1077 break;
1078 case CSR_FIFO_INT:
1079 DPRINTF("FIFO INT levels %08x\n", val);
1080 s->fifo_int = val;
1081 break;
1082 case CSR_RX_CFG:
1083 if (val & 0x8000) {
1084 /* RX_DUMP */
1085 s->rx_fifo_used = 0;
1086 s->rx_status_fifo_used = 0;
1087 s->rx_packet_size_tail = s->rx_packet_size_head;
1088 s->rx_packet_size[s->rx_packet_size_head] = 0;
1089 }
1090 s->rx_cfg = val & 0xcfff1ff0;
1091 break;
1092 case CSR_TX_CFG:
1093 if (val & 0x8000) {
1094 s->tx_status_fifo_used = 0;
1095 }
1096 if (val & 0x4000) {
1097 s->txp->state = TX_IDLE;
1098 s->txp->fifo_used = 0;
1099 s->txp->cmd_a = 0xffffffff;
1100 }
1101 s->tx_cfg = val & 6;
1102 break;
1103 case CSR_HW_CFG:
1104 if (val & 1) {
1105 /* SRST */
1106 lan9118_reset(DEVICE(s));
1107 } else {
1108 s->hw_cfg = (val & 0x003f300) | (s->hw_cfg & 0x4);
1109 }
1110 break;
1111 case CSR_RX_DP_CTRL:
1112 if (val & 0x80000000) {
1113 /* Skip forward to next packet. */
1114 s->rxp_pad = 0;
1115 s->rxp_offset = 0;
1116 if (s->rxp_size == 0) {
1117 /* Pop a word to start the next packet. */
1118 rx_fifo_pop(s);
1119 s->rxp_pad = 0;
1120 s->rxp_offset = 0;
1121 }
1122 s->rx_fifo_head += s->rxp_size;
1123 if (s->rx_fifo_head >= s->rx_fifo_size) {
1124 s->rx_fifo_head -= s->rx_fifo_size;
1125 }
1126 }
1127 break;
1128 case CSR_PMT_CTRL:
1129 if (val & 0x400) {
1130 phy_reset(s);
1131 }
1132 s->pmt_ctrl &= ~0x34e;
1133 s->pmt_ctrl |= (val & 0x34e);
1134 break;
1135 case CSR_GPIO_CFG:
1136 /* Probably just enabling LEDs. */
1137 s->gpio_cfg = val & 0x7777071f;
1138 break;
1139 case CSR_GPT_CFG:
1140 if ((s->gpt_cfg ^ val) & GPT_TIMER_EN) {
1141 ptimer_transaction_begin(s->timer);
1142 if (val & GPT_TIMER_EN) {
1143 ptimer_set_count(s->timer, val & 0xffff);
1144 ptimer_run(s->timer, 0);
1145 } else {
1146 ptimer_stop(s->timer);
1147 ptimer_set_count(s->timer, 0xffff);
1148 }
1149 ptimer_transaction_commit(s->timer);
1150 }
1151 s->gpt_cfg = val & (GPT_TIMER_EN | 0xffff);
1152 break;
1153 case CSR_WORD_SWAP:
1154 /* Ignored because we're in 32-bit mode. */
1155 s->word_swap = val;
1156 break;
1157 case CSR_MAC_CSR_CMD:
1158 s->mac_cmd = val & 0x4000000f;
1159 if (val & 0x80000000) {
1160 if (val & 0x40000000) {
1161 s->mac_data = do_mac_read(s, val & 0xf);
1162 DPRINTF("MAC read %d = 0x%08x\n", val & 0xf, s->mac_data);
1163 } else {
1164 DPRINTF("MAC write %d = 0x%08x\n", val & 0xf, s->mac_data);
1165 do_mac_write(s, val & 0xf, s->mac_data);
1166 }
1167 }
1168 break;
1169 case CSR_MAC_CSR_DATA:
1170 s->mac_data = val;
1171 break;
1172 case CSR_AFC_CFG:
1173 s->afc_cfg = val & 0x00ffffff;
1174 break;
1175 case CSR_E2P_CMD:
1176 lan9118_eeprom_cmd(s, (val >> 28) & 7, val & 0x7f);
1177 break;
1178 case CSR_E2P_DATA:
1179 s->e2p_data = val & 0xff;
1180 break;
1181
1182 default:
1183 qemu_log_mask(LOG_GUEST_ERROR, "lan9118_write: Bad reg 0x%x = %x\n",
1184 (int)offset, (int)val);
1185 break;
1186 }
1187 lan9118_update(s);
1188 }
1189
lan9118_writew(void * opaque,hwaddr offset,uint32_t val)1190 static void lan9118_writew(void *opaque, hwaddr offset,
1191 uint32_t val)
1192 {
1193 lan9118_state *s = (lan9118_state *)opaque;
1194 offset &= 0xff;
1195
1196 if (s->write_word_prev_offset != (offset & ~0x3)) {
1197 /* New offset, reset word counter */
1198 s->write_word_n = 0;
1199 s->write_word_prev_offset = offset & ~0x3;
1200 }
1201
1202 if (offset & 0x2) {
1203 s->write_word_h = val;
1204 } else {
1205 s->write_word_l = val;
1206 }
1207
1208 //DPRINTF("Writew reg 0x%02x = 0x%08x\n", (int)offset, val);
1209 s->write_word_n++;
1210 if (s->write_word_n == 2) {
1211 s->write_word_n = 0;
1212 lan9118_writel(s, offset & ~3, s->write_word_l +
1213 (s->write_word_h << 16), 4);
1214 }
1215 }
1216
lan9118_16bit_mode_write(void * opaque,hwaddr offset,uint64_t val,unsigned size)1217 static void lan9118_16bit_mode_write(void *opaque, hwaddr offset,
1218 uint64_t val, unsigned size)
1219 {
1220 switch (size) {
1221 case 2:
1222 lan9118_writew(opaque, offset, (uint32_t)val);
1223 return;
1224 case 4:
1225 lan9118_writel(opaque, offset, val, size);
1226 return;
1227 }
1228
1229 qemu_log_mask(LOG_GUEST_ERROR,
1230 "lan9118_16bit_mode_write: Bad size 0x%x\n", size);
1231 }
1232
lan9118_readl(void * opaque,hwaddr offset,unsigned size)1233 static uint64_t lan9118_readl(void *opaque, hwaddr offset,
1234 unsigned size)
1235 {
1236 lan9118_state *s = (lan9118_state *)opaque;
1237
1238 //DPRINTF("Read reg 0x%02x\n", (int)offset);
1239 if (offset <= RX_DATA_FIFO_PORT_LAST) {
1240 /* RX FIFO */
1241 return rx_fifo_pop(s);
1242 }
1243 switch (offset) {
1244 case RX_STATUS_FIFO_PORT:
1245 return rx_status_fifo_pop(s);
1246 case RX_STATUS_FIFO_PEEK:
1247 return s->rx_status_fifo[s->rx_status_fifo_head];
1248 case TX_STATUS_FIFO_PORT:
1249 return tx_status_fifo_pop(s);
1250 case TX_STATUS_FIFO_PEEK:
1251 return s->tx_status_fifo[s->tx_status_fifo_head];
1252 case CSR_ID_REV:
1253 return 0x01180001;
1254 case CSR_IRQ_CFG:
1255 return s->irq_cfg;
1256 case CSR_INT_STS:
1257 return s->int_sts;
1258 case CSR_INT_EN:
1259 return s->int_en;
1260 case CSR_BYTE_TEST:
1261 return 0x87654321;
1262 case CSR_FIFO_INT:
1263 return s->fifo_int;
1264 case CSR_RX_CFG:
1265 return s->rx_cfg;
1266 case CSR_TX_CFG:
1267 return s->tx_cfg;
1268 case CSR_HW_CFG:
1269 return s->hw_cfg;
1270 case CSR_RX_DP_CTRL:
1271 return 0;
1272 case CSR_RX_FIFO_INF:
1273 return (s->rx_status_fifo_used << 16) | (s->rx_fifo_used << 2);
1274 case CSR_TX_FIFO_INF:
1275 return (s->tx_status_fifo_used << 16)
1276 | (s->tx_fifo_size - s->txp->fifo_used);
1277 case CSR_PMT_CTRL:
1278 return s->pmt_ctrl;
1279 case CSR_GPIO_CFG:
1280 return s->gpio_cfg;
1281 case CSR_GPT_CFG:
1282 return s->gpt_cfg;
1283 case CSR_GPT_CNT:
1284 return ptimer_get_count(s->timer);
1285 case CSR_WORD_SWAP:
1286 return s->word_swap;
1287 case CSR_FREE_RUN:
1288 return (qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) / 40) - s->free_timer_start;
1289 case CSR_RX_DROP:
1290 /* TODO: Implement dropped frames counter. */
1291 return 0;
1292 case CSR_MAC_CSR_CMD:
1293 return s->mac_cmd;
1294 case CSR_MAC_CSR_DATA:
1295 return s->mac_data;
1296 case CSR_AFC_CFG:
1297 return s->afc_cfg;
1298 case CSR_E2P_CMD:
1299 return s->e2p_cmd;
1300 case CSR_E2P_DATA:
1301 return s->e2p_data;
1302 }
1303 qemu_log_mask(LOG_GUEST_ERROR, "lan9118_read: Bad reg 0x%x\n", (int)offset);
1304 return 0;
1305 }
1306
lan9118_readw(void * opaque,hwaddr offset)1307 static uint32_t lan9118_readw(void *opaque, hwaddr offset)
1308 {
1309 lan9118_state *s = (lan9118_state *)opaque;
1310 uint32_t val;
1311
1312 if (s->read_word_prev_offset != (offset & ~0x3)) {
1313 /* New offset, reset word counter */
1314 s->read_word_n = 0;
1315 s->read_word_prev_offset = offset & ~0x3;
1316 }
1317
1318 s->read_word_n++;
1319 if (s->read_word_n == 1) {
1320 s->read_long = lan9118_readl(s, offset & ~3, 4);
1321 } else {
1322 s->read_word_n = 0;
1323 }
1324
1325 if (offset & 2) {
1326 val = s->read_long >> 16;
1327 } else {
1328 val = s->read_long & 0xFFFF;
1329 }
1330
1331 //DPRINTF("Readw reg 0x%02x, val 0x%x\n", (int)offset, val);
1332 return val;
1333 }
1334
lan9118_16bit_mode_read(void * opaque,hwaddr offset,unsigned size)1335 static uint64_t lan9118_16bit_mode_read(void *opaque, hwaddr offset,
1336 unsigned size)
1337 {
1338 switch (size) {
1339 case 2:
1340 return lan9118_readw(opaque, offset);
1341 case 4:
1342 return lan9118_readl(opaque, offset, size);
1343 }
1344
1345 qemu_log_mask(LOG_GUEST_ERROR,
1346 "lan9118_16bit_mode_read: Bad size 0x%x\n", size);
1347 return 0;
1348 }
1349
1350 static const MemoryRegionOps lan9118_mem_ops = {
1351 .read = lan9118_readl,
1352 .write = lan9118_writel,
1353 .endianness = DEVICE_NATIVE_ENDIAN,
1354 };
1355
1356 static const MemoryRegionOps lan9118_16bit_mem_ops = {
1357 .read = lan9118_16bit_mode_read,
1358 .write = lan9118_16bit_mode_write,
1359 .endianness = DEVICE_NATIVE_ENDIAN,
1360 };
1361
1362 static NetClientInfo net_lan9118_info = {
1363 .type = NET_CLIENT_DRIVER_NIC,
1364 .size = sizeof(NICState),
1365 .receive = lan9118_receive,
1366 .link_status_changed = lan9118_set_link,
1367 };
1368
lan9118_realize(DeviceState * dev,Error ** errp)1369 static void lan9118_realize(DeviceState *dev, Error **errp)
1370 {
1371 SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
1372 lan9118_state *s = LAN9118(dev);
1373 int i;
1374 const MemoryRegionOps *mem_ops =
1375 s->mode_16bit ? &lan9118_16bit_mem_ops : &lan9118_mem_ops;
1376
1377 memory_region_init_io(&s->mmio, OBJECT(dev), mem_ops, s,
1378 "lan9118-mmio", 0x100);
1379 sysbus_init_mmio(sbd, &s->mmio);
1380 sysbus_init_irq(sbd, &s->irq);
1381 qemu_macaddr_default_if_unset(&s->conf.macaddr);
1382
1383 s->nic = qemu_new_nic(&net_lan9118_info, &s->conf,
1384 object_get_typename(OBJECT(dev)), dev->id,
1385 &dev->mem_reentrancy_guard, s);
1386 qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a);
1387 s->eeprom[0] = 0xa5;
1388 for (i = 0; i < 6; i++) {
1389 s->eeprom[i + 1] = s->conf.macaddr.a[i];
1390 }
1391 s->pmt_ctrl = 1;
1392 s->txp = &s->tx_packet;
1393
1394 s->timer = ptimer_init(lan9118_tick, s, PTIMER_POLICY_LEGACY);
1395 ptimer_transaction_begin(s->timer);
1396 ptimer_set_freq(s->timer, 10000);
1397 ptimer_set_limit(s->timer, 0xffff, 1);
1398 ptimer_transaction_commit(s->timer);
1399 }
1400
1401 static Property lan9118_properties[] = {
1402 DEFINE_NIC_PROPERTIES(lan9118_state, conf),
1403 DEFINE_PROP_UINT32("mode_16bit", lan9118_state, mode_16bit, 0),
1404 DEFINE_PROP_END_OF_LIST(),
1405 };
1406
lan9118_class_init(ObjectClass * klass,void * data)1407 static void lan9118_class_init(ObjectClass *klass, void *data)
1408 {
1409 DeviceClass *dc = DEVICE_CLASS(klass);
1410
1411 dc->reset = lan9118_reset;
1412 device_class_set_props(dc, lan9118_properties);
1413 dc->vmsd = &vmstate_lan9118;
1414 dc->realize = lan9118_realize;
1415 }
1416
1417 static const TypeInfo lan9118_info = {
1418 .name = TYPE_LAN9118,
1419 .parent = TYPE_SYS_BUS_DEVICE,
1420 .instance_size = sizeof(lan9118_state),
1421 .class_init = lan9118_class_init,
1422 };
1423
lan9118_register_types(void)1424 static void lan9118_register_types(void)
1425 {
1426 type_register_static(&lan9118_info);
1427 }
1428
1429 /* Legacy helper function. Should go away when machine config files are
1430 implemented. */
lan9118_init(uint32_t base,qemu_irq irq)1431 void lan9118_init(uint32_t base, qemu_irq irq)
1432 {
1433 DeviceState *dev;
1434 SysBusDevice *s;
1435
1436 dev = qdev_new(TYPE_LAN9118);
1437 qemu_configure_nic_device(dev, true, NULL);
1438 s = SYS_BUS_DEVICE(dev);
1439 sysbus_realize_and_unref(s, &error_fatal);
1440 sysbus_mmio_map(s, 0, base);
1441 sysbus_connect_irq(s, 0, irq);
1442 }
1443
1444 type_init(lan9118_register_types)
1445