1 /* 2 * SMSC LAN9118 Ethernet interface emulation 3 * 4 * Copyright (c) 2009 CodeSourcery, LLC. 5 * Written by Paul Brook 6 * 7 * This code is licensed under the GNU GPL v2 8 * 9 * Contributions after 2012-01-13 are licensed under the terms of the 10 * GNU GPL, version 2 or (at your option) any later version. 11 */ 12 13 #include "qemu/osdep.h" 14 #include "hw/sysbus.h" 15 #include "migration/vmstate.h" 16 #include "net/net.h" 17 #include "net/eth.h" 18 #include "hw/irq.h" 19 #include "hw/net/lan9118.h" 20 #include "hw/ptimer.h" 21 #include "hw/qdev-properties.h" 22 #include "qapi/error.h" 23 #include "qemu/log.h" 24 #include "qemu/module.h" 25 /* For crc32 */ 26 #include <zlib.h> 27 #include "qom/object.h" 28 29 //#define DEBUG_LAN9118 30 31 #ifdef DEBUG_LAN9118 32 #define DPRINTF(fmt, ...) \ 33 do { printf("lan9118: " fmt , ## __VA_ARGS__); } while (0) 34 #else 35 #define DPRINTF(fmt, ...) do {} while(0) 36 #endif 37 38 /* The tx and rx fifo ports are a range of aliased 32-bit registers */ 39 #define RX_DATA_FIFO_PORT_FIRST 0x00 40 #define RX_DATA_FIFO_PORT_LAST 0x1f 41 #define TX_DATA_FIFO_PORT_FIRST 0x20 42 #define TX_DATA_FIFO_PORT_LAST 0x3f 43 44 #define RX_STATUS_FIFO_PORT 0x40 45 #define RX_STATUS_FIFO_PEEK 0x44 46 #define TX_STATUS_FIFO_PORT 0x48 47 #define TX_STATUS_FIFO_PEEK 0x4c 48 49 #define CSR_ID_REV 0x50 50 #define CSR_IRQ_CFG 0x54 51 #define CSR_INT_STS 0x58 52 #define CSR_INT_EN 0x5c 53 #define CSR_BYTE_TEST 0x64 54 #define CSR_FIFO_INT 0x68 55 #define CSR_RX_CFG 0x6c 56 #define CSR_TX_CFG 0x70 57 #define CSR_HW_CFG 0x74 58 #define CSR_RX_DP_CTRL 0x78 59 #define CSR_RX_FIFO_INF 0x7c 60 #define CSR_TX_FIFO_INF 0x80 61 #define CSR_PMT_CTRL 0x84 62 #define CSR_GPIO_CFG 0x88 63 #define CSR_GPT_CFG 0x8c 64 #define CSR_GPT_CNT 0x90 65 #define CSR_WORD_SWAP 0x98 66 #define CSR_FREE_RUN 0x9c 67 #define CSR_RX_DROP 0xa0 68 #define CSR_MAC_CSR_CMD 0xa4 69 #define CSR_MAC_CSR_DATA 0xa8 70 #define CSR_AFC_CFG 0xac 71 #define CSR_E2P_CMD 0xb0 72 #define CSR_E2P_DATA 0xb4 73 74 #define E2P_CMD_MAC_ADDR_LOADED 0x100 75 76 /* IRQ_CFG */ 77 #define IRQ_INT 0x00001000 78 #define IRQ_EN 0x00000100 79 #define IRQ_POL 0x00000010 80 #define IRQ_TYPE 0x00000001 81 82 /* INT_STS/INT_EN */ 83 #define SW_INT 0x80000000 84 #define TXSTOP_INT 0x02000000 85 #define RXSTOP_INT 0x01000000 86 #define RXDFH_INT 0x00800000 87 #define TX_IOC_INT 0x00200000 88 #define RXD_INT 0x00100000 89 #define GPT_INT 0x00080000 90 #define PHY_INT 0x00040000 91 #define PME_INT 0x00020000 92 #define TXSO_INT 0x00010000 93 #define RWT_INT 0x00008000 94 #define RXE_INT 0x00004000 95 #define TXE_INT 0x00002000 96 #define TDFU_INT 0x00000800 97 #define TDFO_INT 0x00000400 98 #define TDFA_INT 0x00000200 99 #define TSFF_INT 0x00000100 100 #define TSFL_INT 0x00000080 101 #define RXDF_INT 0x00000040 102 #define RDFL_INT 0x00000020 103 #define RSFF_INT 0x00000010 104 #define RSFL_INT 0x00000008 105 #define GPIO2_INT 0x00000004 106 #define GPIO1_INT 0x00000002 107 #define GPIO0_INT 0x00000001 108 #define RESERVED_INT 0x7c001000 109 110 #define MAC_CR 1 111 #define MAC_ADDRH 2 112 #define MAC_ADDRL 3 113 #define MAC_HASHH 4 114 #define MAC_HASHL 5 115 #define MAC_MII_ACC 6 116 #define MAC_MII_DATA 7 117 #define MAC_FLOW 8 118 #define MAC_VLAN1 9 /* TODO */ 119 #define MAC_VLAN2 10 /* TODO */ 120 #define MAC_WUFF 11 /* TODO */ 121 #define MAC_WUCSR 12 /* TODO */ 122 123 #define MAC_CR_RXALL 0x80000000 124 #define MAC_CR_RCVOWN 0x00800000 125 #define MAC_CR_LOOPBK 0x00200000 126 #define MAC_CR_FDPX 0x00100000 127 #define MAC_CR_MCPAS 0x00080000 128 #define MAC_CR_PRMS 0x00040000 129 #define MAC_CR_INVFILT 0x00020000 130 #define MAC_CR_PASSBAD 0x00010000 131 #define MAC_CR_HO 0x00008000 132 #define MAC_CR_HPFILT 0x00002000 133 #define MAC_CR_LCOLL 0x00001000 134 #define MAC_CR_BCAST 0x00000800 135 #define MAC_CR_DISRTY 0x00000400 136 #define MAC_CR_PADSTR 0x00000100 137 #define MAC_CR_BOLMT 0x000000c0 138 #define MAC_CR_DFCHK 0x00000020 139 #define MAC_CR_TXEN 0x00000008 140 #define MAC_CR_RXEN 0x00000004 141 #define MAC_CR_RESERVED 0x7f404213 142 143 #define PHY_INT_ENERGYON 0x80 144 #define PHY_INT_AUTONEG_COMPLETE 0x40 145 #define PHY_INT_FAULT 0x20 146 #define PHY_INT_DOWN 0x10 147 #define PHY_INT_AUTONEG_LP 0x08 148 #define PHY_INT_PARFAULT 0x04 149 #define PHY_INT_AUTONEG_PAGE 0x02 150 151 #define GPT_TIMER_EN 0x20000000 152 153 /* 154 * The MAC Interface Layer (MIL), within the MAC, contains a 2K Byte transmit 155 * and a 128 Byte receive FIFO which is separate from the TX and RX FIFOs. 156 */ 157 #define MIL_TXFIFO_SIZE 2048 158 159 enum tx_state { 160 TX_IDLE, 161 TX_B, 162 TX_DATA 163 }; 164 165 typedef struct { 166 /* state is a tx_state but we can't put enums in VMStateDescriptions. */ 167 uint32_t state; 168 uint32_t cmd_a; 169 uint32_t cmd_b; 170 int32_t buffer_size; 171 int32_t offset; 172 int32_t pad; 173 int32_t fifo_used; 174 int32_t len; 175 uint8_t data[MIL_TXFIFO_SIZE]; 176 } LAN9118Packet; 177 178 static const VMStateDescription vmstate_lan9118_packet = { 179 .name = "lan9118_packet", 180 .version_id = 1, 181 .minimum_version_id = 1, 182 .fields = (const VMStateField[]) { 183 VMSTATE_UINT32(state, LAN9118Packet), 184 VMSTATE_UINT32(cmd_a, LAN9118Packet), 185 VMSTATE_UINT32(cmd_b, LAN9118Packet), 186 VMSTATE_INT32(buffer_size, LAN9118Packet), 187 VMSTATE_INT32(offset, LAN9118Packet), 188 VMSTATE_INT32(pad, LAN9118Packet), 189 VMSTATE_INT32(fifo_used, LAN9118Packet), 190 VMSTATE_INT32(len, LAN9118Packet), 191 VMSTATE_UINT8_ARRAY(data, LAN9118Packet, MIL_TXFIFO_SIZE), 192 VMSTATE_END_OF_LIST() 193 } 194 }; 195 196 OBJECT_DECLARE_SIMPLE_TYPE(lan9118_state, LAN9118) 197 198 struct lan9118_state { 199 SysBusDevice parent_obj; 200 201 NICState *nic; 202 NICConf conf; 203 qemu_irq irq; 204 MemoryRegion mmio; 205 ptimer_state *timer; 206 207 uint32_t irq_cfg; 208 uint32_t int_sts; 209 uint32_t int_en; 210 uint32_t fifo_int; 211 uint32_t rx_cfg; 212 uint32_t tx_cfg; 213 uint32_t hw_cfg; 214 uint32_t pmt_ctrl; 215 uint32_t gpio_cfg; 216 uint32_t gpt_cfg; 217 uint32_t word_swap; 218 uint32_t free_timer_start; 219 uint32_t mac_cmd; 220 uint32_t mac_data; 221 uint32_t afc_cfg; 222 uint32_t e2p_cmd; 223 uint32_t e2p_data; 224 225 uint32_t mac_cr; 226 uint32_t mac_hashh; 227 uint32_t mac_hashl; 228 uint32_t mac_mii_acc; 229 uint32_t mac_mii_data; 230 uint32_t mac_flow; 231 232 uint32_t phy_status; 233 uint32_t phy_control; 234 uint32_t phy_advertise; 235 uint32_t phy_int; 236 uint32_t phy_int_mask; 237 238 int32_t eeprom_writable; 239 uint8_t eeprom[128]; 240 241 int32_t tx_fifo_size; 242 LAN9118Packet *txp; 243 LAN9118Packet tx_packet; 244 245 int32_t tx_status_fifo_used; 246 int32_t tx_status_fifo_head; 247 uint32_t tx_status_fifo[512]; 248 249 int32_t rx_status_fifo_size; 250 int32_t rx_status_fifo_used; 251 int32_t rx_status_fifo_head; 252 uint32_t rx_status_fifo[896]; 253 int32_t rx_fifo_size; 254 int32_t rx_fifo_used; 255 int32_t rx_fifo_head; 256 uint32_t rx_fifo[3360]; 257 int32_t rx_packet_size_head; 258 int32_t rx_packet_size_tail; 259 int32_t rx_packet_size[1024]; 260 261 int32_t rxp_offset; 262 int32_t rxp_size; 263 int32_t rxp_pad; 264 265 uint32_t write_word_prev_offset; 266 uint32_t write_word_n; 267 uint16_t write_word_l; 268 uint16_t write_word_h; 269 uint32_t read_word_prev_offset; 270 uint32_t read_word_n; 271 uint32_t read_long; 272 273 uint32_t mode_16bit; 274 }; 275 276 static const VMStateDescription vmstate_lan9118 = { 277 .name = "lan9118", 278 .version_id = 2, 279 .minimum_version_id = 1, 280 .fields = (const VMStateField[]) { 281 VMSTATE_PTIMER(timer, lan9118_state), 282 VMSTATE_UINT32(irq_cfg, lan9118_state), 283 VMSTATE_UINT32(int_sts, lan9118_state), 284 VMSTATE_UINT32(int_en, lan9118_state), 285 VMSTATE_UINT32(fifo_int, lan9118_state), 286 VMSTATE_UINT32(rx_cfg, lan9118_state), 287 VMSTATE_UINT32(tx_cfg, lan9118_state), 288 VMSTATE_UINT32(hw_cfg, lan9118_state), 289 VMSTATE_UINT32(pmt_ctrl, lan9118_state), 290 VMSTATE_UINT32(gpio_cfg, lan9118_state), 291 VMSTATE_UINT32(gpt_cfg, lan9118_state), 292 VMSTATE_UINT32(word_swap, lan9118_state), 293 VMSTATE_UINT32(free_timer_start, lan9118_state), 294 VMSTATE_UINT32(mac_cmd, lan9118_state), 295 VMSTATE_UINT32(mac_data, lan9118_state), 296 VMSTATE_UINT32(afc_cfg, lan9118_state), 297 VMSTATE_UINT32(e2p_cmd, lan9118_state), 298 VMSTATE_UINT32(e2p_data, lan9118_state), 299 VMSTATE_UINT32(mac_cr, lan9118_state), 300 VMSTATE_UINT32(mac_hashh, lan9118_state), 301 VMSTATE_UINT32(mac_hashl, lan9118_state), 302 VMSTATE_UINT32(mac_mii_acc, lan9118_state), 303 VMSTATE_UINT32(mac_mii_data, lan9118_state), 304 VMSTATE_UINT32(mac_flow, lan9118_state), 305 VMSTATE_UINT32(phy_status, lan9118_state), 306 VMSTATE_UINT32(phy_control, lan9118_state), 307 VMSTATE_UINT32(phy_advertise, lan9118_state), 308 VMSTATE_UINT32(phy_int, lan9118_state), 309 VMSTATE_UINT32(phy_int_mask, lan9118_state), 310 VMSTATE_INT32(eeprom_writable, lan9118_state), 311 VMSTATE_UINT8_ARRAY(eeprom, lan9118_state, 128), 312 VMSTATE_INT32(tx_fifo_size, lan9118_state), 313 /* txp always points at tx_packet so need not be saved */ 314 VMSTATE_STRUCT(tx_packet, lan9118_state, 0, 315 vmstate_lan9118_packet, LAN9118Packet), 316 VMSTATE_INT32(tx_status_fifo_used, lan9118_state), 317 VMSTATE_INT32(tx_status_fifo_head, lan9118_state), 318 VMSTATE_UINT32_ARRAY(tx_status_fifo, lan9118_state, 512), 319 VMSTATE_INT32(rx_status_fifo_size, lan9118_state), 320 VMSTATE_INT32(rx_status_fifo_used, lan9118_state), 321 VMSTATE_INT32(rx_status_fifo_head, lan9118_state), 322 VMSTATE_UINT32_ARRAY(rx_status_fifo, lan9118_state, 896), 323 VMSTATE_INT32(rx_fifo_size, lan9118_state), 324 VMSTATE_INT32(rx_fifo_used, lan9118_state), 325 VMSTATE_INT32(rx_fifo_head, lan9118_state), 326 VMSTATE_UINT32_ARRAY(rx_fifo, lan9118_state, 3360), 327 VMSTATE_INT32(rx_packet_size_head, lan9118_state), 328 VMSTATE_INT32(rx_packet_size_tail, lan9118_state), 329 VMSTATE_INT32_ARRAY(rx_packet_size, lan9118_state, 1024), 330 VMSTATE_INT32(rxp_offset, lan9118_state), 331 VMSTATE_INT32(rxp_size, lan9118_state), 332 VMSTATE_INT32(rxp_pad, lan9118_state), 333 VMSTATE_UINT32_V(write_word_prev_offset, lan9118_state, 2), 334 VMSTATE_UINT32_V(write_word_n, lan9118_state, 2), 335 VMSTATE_UINT16_V(write_word_l, lan9118_state, 2), 336 VMSTATE_UINT16_V(write_word_h, lan9118_state, 2), 337 VMSTATE_UINT32_V(read_word_prev_offset, lan9118_state, 2), 338 VMSTATE_UINT32_V(read_word_n, lan9118_state, 2), 339 VMSTATE_UINT32_V(read_long, lan9118_state, 2), 340 VMSTATE_UINT32_V(mode_16bit, lan9118_state, 2), 341 VMSTATE_END_OF_LIST() 342 } 343 }; 344 345 static void lan9118_update(lan9118_state *s) 346 { 347 int level; 348 349 /* TODO: Implement FIFO level IRQs. */ 350 level = (s->int_sts & s->int_en) != 0; 351 if (level) { 352 s->irq_cfg |= IRQ_INT; 353 } else { 354 s->irq_cfg &= ~IRQ_INT; 355 } 356 if ((s->irq_cfg & IRQ_EN) == 0) { 357 level = 0; 358 } 359 if ((s->irq_cfg & (IRQ_TYPE | IRQ_POL)) != (IRQ_TYPE | IRQ_POL)) { 360 /* Interrupt is active low unless we're configured as 361 * active-high polarity, push-pull type. 362 */ 363 level = !level; 364 } 365 qemu_set_irq(s->irq, level); 366 } 367 368 static void lan9118_mac_changed(lan9118_state *s) 369 { 370 qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a); 371 } 372 373 static void lan9118_reload_eeprom(lan9118_state *s) 374 { 375 int i; 376 if (s->eeprom[0] != 0xa5) { 377 s->e2p_cmd &= ~E2P_CMD_MAC_ADDR_LOADED; 378 DPRINTF("MACADDR load failed\n"); 379 return; 380 } 381 for (i = 0; i < 6; i++) { 382 s->conf.macaddr.a[i] = s->eeprom[i + 1]; 383 } 384 s->e2p_cmd |= E2P_CMD_MAC_ADDR_LOADED; 385 DPRINTF("MACADDR loaded from eeprom\n"); 386 lan9118_mac_changed(s); 387 } 388 389 static void phy_update_irq(lan9118_state *s) 390 { 391 if (s->phy_int & s->phy_int_mask) { 392 s->int_sts |= PHY_INT; 393 } else { 394 s->int_sts &= ~PHY_INT; 395 } 396 lan9118_update(s); 397 } 398 399 static void phy_update_link(lan9118_state *s) 400 { 401 /* Autonegotiation status mirrors link status. */ 402 if (qemu_get_queue(s->nic)->link_down) { 403 s->phy_status &= ~0x0024; 404 s->phy_int |= PHY_INT_DOWN; 405 } else { 406 s->phy_status |= 0x0024; 407 s->phy_int |= PHY_INT_ENERGYON; 408 s->phy_int |= PHY_INT_AUTONEG_COMPLETE; 409 } 410 phy_update_irq(s); 411 } 412 413 static void lan9118_set_link(NetClientState *nc) 414 { 415 phy_update_link(qemu_get_nic_opaque(nc)); 416 } 417 418 static void phy_reset(lan9118_state *s) 419 { 420 s->phy_status = 0x7809; 421 s->phy_control = 0x3000; 422 s->phy_advertise = 0x01e1; 423 s->phy_int_mask = 0; 424 s->phy_int = 0; 425 phy_update_link(s); 426 } 427 428 static void lan9118_reset(DeviceState *d) 429 { 430 lan9118_state *s = LAN9118(d); 431 432 s->irq_cfg &= (IRQ_TYPE | IRQ_POL); 433 s->int_sts = 0; 434 s->int_en = 0; 435 s->fifo_int = 0x48000000; 436 s->rx_cfg = 0; 437 s->tx_cfg = 0; 438 s->hw_cfg = s->mode_16bit ? 0x00050000 : 0x00050004; 439 s->pmt_ctrl &= 0x45; 440 s->gpio_cfg = 0; 441 s->txp->fifo_used = 0; 442 s->txp->state = TX_IDLE; 443 s->txp->cmd_a = 0xffffffffu; 444 s->txp->cmd_b = 0xffffffffu; 445 s->txp->len = 0; 446 s->txp->fifo_used = 0; 447 s->tx_fifo_size = 4608; 448 s->tx_status_fifo_used = 0; 449 s->rx_status_fifo_size = 704; 450 s->rx_fifo_size = 2640; 451 s->rx_fifo_used = 0; 452 s->rx_status_fifo_size = 176; 453 s->rx_status_fifo_used = 0; 454 s->rxp_offset = 0; 455 s->rxp_size = 0; 456 s->rxp_pad = 0; 457 s->rx_packet_size_tail = s->rx_packet_size_head; 458 s->rx_packet_size[s->rx_packet_size_head] = 0; 459 s->mac_cmd = 0; 460 s->mac_data = 0; 461 s->afc_cfg = 0; 462 s->e2p_cmd = 0; 463 s->e2p_data = 0; 464 s->free_timer_start = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) / 40; 465 466 ptimer_transaction_begin(s->timer); 467 ptimer_stop(s->timer); 468 ptimer_set_count(s->timer, 0xffff); 469 ptimer_transaction_commit(s->timer); 470 s->gpt_cfg = 0xffff; 471 472 s->mac_cr = MAC_CR_PRMS; 473 s->mac_hashh = 0; 474 s->mac_hashl = 0; 475 s->mac_mii_acc = 0; 476 s->mac_mii_data = 0; 477 s->mac_flow = 0; 478 479 s->read_word_n = 0; 480 s->write_word_n = 0; 481 482 phy_reset(s); 483 484 s->eeprom_writable = 0; 485 lan9118_reload_eeprom(s); 486 } 487 488 static void rx_fifo_push(lan9118_state *s, uint32_t val) 489 { 490 int fifo_pos; 491 fifo_pos = s->rx_fifo_head + s->rx_fifo_used; 492 if (fifo_pos >= s->rx_fifo_size) 493 fifo_pos -= s->rx_fifo_size; 494 s->rx_fifo[fifo_pos] = val; 495 s->rx_fifo_used++; 496 } 497 498 /* Return nonzero if the packet is accepted by the filter. */ 499 static int lan9118_filter(lan9118_state *s, const uint8_t *addr) 500 { 501 int multicast; 502 uint32_t hash; 503 504 if (s->mac_cr & MAC_CR_PRMS) { 505 return 1; 506 } 507 if (addr[0] == 0xff && addr[1] == 0xff && addr[2] == 0xff && 508 addr[3] == 0xff && addr[4] == 0xff && addr[5] == 0xff) { 509 return (s->mac_cr & MAC_CR_BCAST) == 0; 510 } 511 512 multicast = addr[0] & 1; 513 if (multicast &&s->mac_cr & MAC_CR_MCPAS) { 514 return 1; 515 } 516 if (multicast ? (s->mac_cr & MAC_CR_HPFILT) == 0 517 : (s->mac_cr & MAC_CR_HO) == 0) { 518 /* Exact matching. */ 519 hash = memcmp(addr, s->conf.macaddr.a, 6); 520 if (s->mac_cr & MAC_CR_INVFILT) { 521 return hash != 0; 522 } else { 523 return hash == 0; 524 } 525 } else { 526 /* Hash matching */ 527 hash = net_crc32(addr, ETH_ALEN) >> 26; 528 if (hash & 0x20) { 529 return (s->mac_hashh >> (hash & 0x1f)) & 1; 530 } else { 531 return (s->mac_hashl >> (hash & 0x1f)) & 1; 532 } 533 } 534 } 535 536 static ssize_t lan9118_receive(NetClientState *nc, const uint8_t *buf, 537 size_t size) 538 { 539 lan9118_state *s = qemu_get_nic_opaque(nc); 540 int fifo_len; 541 int offset; 542 int src_pos; 543 int n; 544 int filter; 545 uint32_t val; 546 uint32_t crc; 547 uint32_t status; 548 549 if ((s->mac_cr & MAC_CR_RXEN) == 0) { 550 return -1; 551 } 552 553 if (size >= MIL_TXFIFO_SIZE || size < 14) { 554 return -1; 555 } 556 557 /* TODO: Implement FIFO overflow notification. */ 558 if (s->rx_status_fifo_used == s->rx_status_fifo_size) { 559 return -1; 560 } 561 562 filter = lan9118_filter(s, buf); 563 if (!filter && (s->mac_cr & MAC_CR_RXALL) == 0) { 564 return size; 565 } 566 567 offset = (s->rx_cfg >> 8) & 0x1f; 568 n = offset & 3; 569 fifo_len = (size + n + 3) >> 2; 570 /* Add a word for the CRC. */ 571 fifo_len++; 572 if (s->rx_fifo_size - s->rx_fifo_used < fifo_len) { 573 return -1; 574 } 575 576 DPRINTF("Got packet len:%d fifo:%d filter:%s\n", 577 (int)size, fifo_len, filter ? "pass" : "fail"); 578 val = 0; 579 crc = bswap32(crc32(~0, buf, size)); 580 for (src_pos = 0; src_pos < size; src_pos++) { 581 val = (val >> 8) | ((uint32_t)buf[src_pos] << 24); 582 n++; 583 if (n == 4) { 584 n = 0; 585 rx_fifo_push(s, val); 586 val = 0; 587 } 588 } 589 if (n) { 590 val >>= ((4 - n) * 8); 591 val |= crc << (n * 8); 592 rx_fifo_push(s, val); 593 val = crc >> ((4 - n) * 8); 594 rx_fifo_push(s, val); 595 } else { 596 rx_fifo_push(s, crc); 597 } 598 n = s->rx_status_fifo_head + s->rx_status_fifo_used; 599 if (n >= s->rx_status_fifo_size) { 600 n -= s->rx_status_fifo_size; 601 } 602 s->rx_packet_size[s->rx_packet_size_tail] = fifo_len; 603 s->rx_packet_size_tail = (s->rx_packet_size_tail + 1023) & 1023; 604 s->rx_status_fifo_used++; 605 606 status = (size + 4) << 16; 607 if (buf[0] == 0xff && buf[1] == 0xff && buf[2] == 0xff && 608 buf[3] == 0xff && buf[4] == 0xff && buf[5] == 0xff) { 609 status |= 0x00002000; 610 } else if (buf[0] & 1) { 611 status |= 0x00000400; 612 } 613 if (!filter) { 614 status |= 0x40000000; 615 } 616 s->rx_status_fifo[n] = status; 617 618 if (s->rx_status_fifo_used > (s->fifo_int & 0xff)) { 619 s->int_sts |= RSFL_INT; 620 } 621 lan9118_update(s); 622 623 return size; 624 } 625 626 static uint32_t rx_fifo_pop(lan9118_state *s) 627 { 628 int n; 629 uint32_t val; 630 631 if (s->rxp_size == 0 && s->rxp_pad == 0) { 632 s->rxp_size = s->rx_packet_size[s->rx_packet_size_head]; 633 s->rx_packet_size[s->rx_packet_size_head] = 0; 634 if (s->rxp_size != 0) { 635 s->rx_packet_size_head = (s->rx_packet_size_head + 1023) & 1023; 636 s->rxp_offset = (s->rx_cfg >> 10) & 7; 637 n = s->rxp_offset + s->rxp_size; 638 switch (s->rx_cfg >> 30) { 639 case 1: 640 n = (-n) & 3; 641 break; 642 case 2: 643 n = (-n) & 7; 644 break; 645 default: 646 n = 0; 647 break; 648 } 649 s->rxp_pad = n; 650 DPRINTF("Pop packet size:%d offset:%d pad: %d\n", 651 s->rxp_size, s->rxp_offset, s->rxp_pad); 652 } 653 } 654 if (s->rxp_offset > 0) { 655 s->rxp_offset--; 656 val = 0; 657 } else if (s->rxp_size > 0) { 658 s->rxp_size--; 659 val = s->rx_fifo[s->rx_fifo_head++]; 660 if (s->rx_fifo_head >= s->rx_fifo_size) { 661 s->rx_fifo_head -= s->rx_fifo_size; 662 } 663 s->rx_fifo_used--; 664 } else if (s->rxp_pad > 0) { 665 s->rxp_pad--; 666 val = 0; 667 } else { 668 DPRINTF("RX underflow\n"); 669 s->int_sts |= RXE_INT; 670 val = 0; 671 } 672 lan9118_update(s); 673 return val; 674 } 675 676 static void do_tx_packet(lan9118_state *s) 677 { 678 int n; 679 uint32_t status; 680 681 /* FIXME: Honor TX disable, and allow queueing of packets. */ 682 if (s->phy_control & 0x4000) { 683 /* This assumes the receive routine doesn't touch the VLANClient. */ 684 qemu_receive_packet(qemu_get_queue(s->nic), s->txp->data, s->txp->len); 685 } else { 686 qemu_send_packet(qemu_get_queue(s->nic), s->txp->data, s->txp->len); 687 } 688 s->txp->fifo_used = 0; 689 690 if (s->tx_status_fifo_used == 512) { 691 /* Status FIFO full */ 692 return; 693 } 694 /* Add entry to status FIFO. */ 695 status = s->txp->cmd_b & 0xffff0000u; 696 DPRINTF("Sent packet tag:%04x len %d\n", status >> 16, s->txp->len); 697 n = (s->tx_status_fifo_head + s->tx_status_fifo_used) & 511; 698 s->tx_status_fifo[n] = status; 699 s->tx_status_fifo_used++; 700 701 /* 702 * Generate TSFL interrupt if TX FIFO level exceeds the level 703 * specified in the FIFO_INT TX Status Level field. 704 */ 705 if (s->tx_status_fifo_used > ((s->fifo_int >> 16) & 0xff)) { 706 s->int_sts |= TSFL_INT; 707 } 708 if (s->tx_status_fifo_used == 512) { 709 s->int_sts |= TSFF_INT; 710 /* TODO: Stop transmission. */ 711 } 712 } 713 714 static uint32_t rx_status_fifo_pop(lan9118_state *s) 715 { 716 uint32_t val; 717 718 val = s->rx_status_fifo[s->rx_status_fifo_head]; 719 if (s->rx_status_fifo_used != 0) { 720 s->rx_status_fifo_used--; 721 s->rx_status_fifo_head++; 722 if (s->rx_status_fifo_head >= s->rx_status_fifo_size) { 723 s->rx_status_fifo_head -= s->rx_status_fifo_size; 724 } 725 /* ??? What value should be returned when the FIFO is empty? */ 726 DPRINTF("RX status pop 0x%08x\n", val); 727 } 728 return val; 729 } 730 731 static uint32_t tx_status_fifo_pop(lan9118_state *s) 732 { 733 uint32_t val; 734 735 val = s->tx_status_fifo[s->tx_status_fifo_head]; 736 if (s->tx_status_fifo_used != 0) { 737 s->tx_status_fifo_used--; 738 s->tx_status_fifo_head = (s->tx_status_fifo_head + 1) & 511; 739 /* ??? What value should be returned when the FIFO is empty? */ 740 } 741 return val; 742 } 743 744 static void tx_fifo_push(lan9118_state *s, uint32_t val) 745 { 746 int n; 747 748 if (s->txp->fifo_used == s->tx_fifo_size) { 749 s->int_sts |= TDFO_INT; 750 return; 751 } 752 switch (s->txp->state) { 753 case TX_IDLE: 754 s->txp->cmd_a = val & 0x831f37ff; 755 s->txp->fifo_used++; 756 s->txp->state = TX_B; 757 s->txp->buffer_size = extract32(s->txp->cmd_a, 0, 11); 758 s->txp->offset = extract32(s->txp->cmd_a, 16, 5); 759 break; 760 case TX_B: 761 if (s->txp->cmd_a & 0x2000) { 762 /* First segment */ 763 s->txp->cmd_b = val; 764 s->txp->fifo_used++; 765 /* End alignment does not include command words. */ 766 n = (s->txp->buffer_size + s->txp->offset + 3) >> 2; 767 switch ((n >> 24) & 3) { 768 case 1: 769 n = (-n) & 3; 770 break; 771 case 2: 772 n = (-n) & 7; 773 break; 774 default: 775 n = 0; 776 } 777 s->txp->pad = n; 778 s->txp->len = 0; 779 } 780 DPRINTF("Block len:%d offset:%d pad:%d cmd %08x\n", 781 s->txp->buffer_size, s->txp->offset, s->txp->pad, 782 s->txp->cmd_a); 783 s->txp->state = TX_DATA; 784 break; 785 case TX_DATA: 786 if (s->txp->offset >= 4) { 787 s->txp->offset -= 4; 788 break; 789 } 790 if (s->txp->buffer_size <= 0 && s->txp->pad != 0) { 791 s->txp->pad--; 792 } else { 793 n = MIN(4, s->txp->buffer_size + s->txp->offset); 794 while (s->txp->offset) { 795 val >>= 8; 796 n--; 797 s->txp->offset--; 798 } 799 /* Documentation is somewhat unclear on the ordering of bytes 800 in FIFO words. Empirical results show it to be little-endian. 801 */ 802 while (n--) { 803 if (s->txp->len == MIL_TXFIFO_SIZE) { 804 /* 805 * No more space in the FIFO. The datasheet is not 806 * precise about this case. We choose what is easiest 807 * to model: the packet is truncated, and TXE is raised. 808 * 809 * Note, it could be a fragmented packet, but we currently 810 * do not handle that (see earlier TX_B case). 811 */ 812 qemu_log_mask(LOG_GUEST_ERROR, 813 "MIL TX FIFO overrun, discarding %u byte%s\n", 814 n, n > 1 ? "s" : ""); 815 s->int_sts |= TXE_INT; 816 break; 817 } 818 s->txp->data[s->txp->len] = val & 0xff; 819 s->txp->len++; 820 val >>= 8; 821 s->txp->buffer_size--; 822 } 823 s->txp->fifo_used++; 824 } 825 if (s->txp->buffer_size <= 0 && s->txp->pad == 0) { 826 if (s->txp->cmd_a & 0x1000) { 827 do_tx_packet(s); 828 } 829 if (s->txp->cmd_a & 0x80000000) { 830 s->int_sts |= TX_IOC_INT; 831 } 832 s->txp->state = TX_IDLE; 833 } 834 break; 835 } 836 } 837 838 static uint32_t do_phy_read(lan9118_state *s, int reg) 839 { 840 uint32_t val; 841 842 switch (reg) { 843 case 0: /* Basic Control */ 844 return s->phy_control; 845 case 1: /* Basic Status */ 846 return s->phy_status; 847 case 2: /* ID1 */ 848 return 0x0007; 849 case 3: /* ID2 */ 850 return 0xc0d1; 851 case 4: /* Auto-neg advertisement */ 852 return s->phy_advertise; 853 case 5: /* Auto-neg Link Partner Ability */ 854 return 0x0f71; 855 case 6: /* Auto-neg Expansion */ 856 return 1; 857 /* TODO 17, 18, 27, 29, 30, 31 */ 858 case 29: /* Interrupt source. */ 859 val = s->phy_int; 860 s->phy_int = 0; 861 phy_update_irq(s); 862 return val; 863 case 30: /* Interrupt mask */ 864 return s->phy_int_mask; 865 default: 866 qemu_log_mask(LOG_GUEST_ERROR, 867 "do_phy_read: PHY read reg %d\n", reg); 868 return 0; 869 } 870 } 871 872 static void do_phy_write(lan9118_state *s, int reg, uint32_t val) 873 { 874 switch (reg) { 875 case 0: /* Basic Control */ 876 if (val & 0x8000) { 877 phy_reset(s); 878 break; 879 } 880 s->phy_control = val & 0x7980; 881 /* Complete autonegotiation immediately. */ 882 if (val & 0x1000) { 883 s->phy_status |= 0x0020; 884 } 885 break; 886 case 4: /* Auto-neg advertisement */ 887 s->phy_advertise = (val & 0x2d7f) | 0x80; 888 break; 889 /* TODO 17, 18, 27, 31 */ 890 case 30: /* Interrupt mask */ 891 s->phy_int_mask = val & 0xff; 892 phy_update_irq(s); 893 break; 894 default: 895 qemu_log_mask(LOG_GUEST_ERROR, 896 "do_phy_write: PHY write reg %d = 0x%04x\n", reg, val); 897 } 898 } 899 900 static void do_mac_write(lan9118_state *s, int reg, uint32_t val) 901 { 902 switch (reg) { 903 case MAC_CR: 904 if ((s->mac_cr & MAC_CR_RXEN) != 0 && (val & MAC_CR_RXEN) == 0) { 905 s->int_sts |= RXSTOP_INT; 906 } 907 s->mac_cr = val & ~MAC_CR_RESERVED; 908 DPRINTF("MAC_CR: %08x\n", val); 909 break; 910 case MAC_ADDRH: 911 s->conf.macaddr.a[4] = val & 0xff; 912 s->conf.macaddr.a[5] = (val >> 8) & 0xff; 913 lan9118_mac_changed(s); 914 break; 915 case MAC_ADDRL: 916 s->conf.macaddr.a[0] = val & 0xff; 917 s->conf.macaddr.a[1] = (val >> 8) & 0xff; 918 s->conf.macaddr.a[2] = (val >> 16) & 0xff; 919 s->conf.macaddr.a[3] = (val >> 24) & 0xff; 920 lan9118_mac_changed(s); 921 break; 922 case MAC_HASHH: 923 s->mac_hashh = val; 924 break; 925 case MAC_HASHL: 926 s->mac_hashl = val; 927 break; 928 case MAC_MII_ACC: 929 s->mac_mii_acc = val & 0xffc2; 930 if (val & 2) { 931 DPRINTF("PHY write %d = 0x%04x\n", 932 (val >> 6) & 0x1f, s->mac_mii_data); 933 do_phy_write(s, (val >> 6) & 0x1f, s->mac_mii_data); 934 } else { 935 s->mac_mii_data = do_phy_read(s, (val >> 6) & 0x1f); 936 DPRINTF("PHY read %d = 0x%04x\n", 937 (val >> 6) & 0x1f, s->mac_mii_data); 938 } 939 break; 940 case MAC_MII_DATA: 941 s->mac_mii_data = val & 0xffff; 942 break; 943 case MAC_FLOW: 944 s->mac_flow = val & 0xffff0000; 945 break; 946 case MAC_VLAN1: 947 /* Writing to this register changes a condition for 948 * FrameTooLong bit in rx_status. Since we do not set 949 * FrameTooLong anyway, just ignore write to this. 950 */ 951 break; 952 default: 953 qemu_log_mask(LOG_GUEST_ERROR, 954 "lan9118: Unimplemented MAC register write: %d = 0x%x\n", 955 s->mac_cmd & 0xf, val); 956 } 957 } 958 959 static uint32_t do_mac_read(lan9118_state *s, int reg) 960 { 961 switch (reg) { 962 case MAC_CR: 963 return s->mac_cr; 964 case MAC_ADDRH: 965 return s->conf.macaddr.a[4] | (s->conf.macaddr.a[5] << 8); 966 case MAC_ADDRL: 967 return s->conf.macaddr.a[0] | (s->conf.macaddr.a[1] << 8) 968 | (s->conf.macaddr.a[2] << 16) | (s->conf.macaddr.a[3] << 24); 969 case MAC_HASHH: 970 return s->mac_hashh; 971 case MAC_HASHL: 972 return s->mac_hashl; 973 case MAC_MII_ACC: 974 return s->mac_mii_acc; 975 case MAC_MII_DATA: 976 return s->mac_mii_data; 977 case MAC_FLOW: 978 return s->mac_flow; 979 default: 980 qemu_log_mask(LOG_GUEST_ERROR, 981 "lan9118: Unimplemented MAC register read: %d\n", 982 s->mac_cmd & 0xf); 983 return 0; 984 } 985 } 986 987 static void lan9118_eeprom_cmd(lan9118_state *s, int cmd, int addr) 988 { 989 s->e2p_cmd = (s->e2p_cmd & E2P_CMD_MAC_ADDR_LOADED) | (cmd << 28) | addr; 990 switch (cmd) { 991 case 0: 992 s->e2p_data = s->eeprom[addr]; 993 DPRINTF("EEPROM Read %d = 0x%02x\n", addr, s->e2p_data); 994 break; 995 case 1: 996 s->eeprom_writable = 0; 997 DPRINTF("EEPROM Write Disable\n"); 998 break; 999 case 2: /* EWEN */ 1000 s->eeprom_writable = 1; 1001 DPRINTF("EEPROM Write Enable\n"); 1002 break; 1003 case 3: /* WRITE */ 1004 if (s->eeprom_writable) { 1005 s->eeprom[addr] &= s->e2p_data; 1006 DPRINTF("EEPROM Write %d = 0x%02x\n", addr, s->e2p_data); 1007 } else { 1008 DPRINTF("EEPROM Write %d (ignored)\n", addr); 1009 } 1010 break; 1011 case 4: /* WRAL */ 1012 if (s->eeprom_writable) { 1013 for (addr = 0; addr < 128; addr++) { 1014 s->eeprom[addr] &= s->e2p_data; 1015 } 1016 DPRINTF("EEPROM Write All 0x%02x\n", s->e2p_data); 1017 } else { 1018 DPRINTF("EEPROM Write All (ignored)\n"); 1019 } 1020 break; 1021 case 5: /* ERASE */ 1022 if (s->eeprom_writable) { 1023 s->eeprom[addr] = 0xff; 1024 DPRINTF("EEPROM Erase %d\n", addr); 1025 } else { 1026 DPRINTF("EEPROM Erase %d (ignored)\n", addr); 1027 } 1028 break; 1029 case 6: /* ERAL */ 1030 if (s->eeprom_writable) { 1031 memset(s->eeprom, 0xff, 128); 1032 DPRINTF("EEPROM Erase All\n"); 1033 } else { 1034 DPRINTF("EEPROM Erase All (ignored)\n"); 1035 } 1036 break; 1037 case 7: /* RELOAD */ 1038 lan9118_reload_eeprom(s); 1039 break; 1040 } 1041 } 1042 1043 static void lan9118_tick(void *opaque) 1044 { 1045 lan9118_state *s = (lan9118_state *)opaque; 1046 if (s->int_en & GPT_INT) { 1047 s->int_sts |= GPT_INT; 1048 } 1049 lan9118_update(s); 1050 } 1051 1052 static void lan9118_writel(void *opaque, hwaddr offset, 1053 uint64_t val, unsigned size) 1054 { 1055 lan9118_state *s = (lan9118_state *)opaque; 1056 offset &= 0xff; 1057 1058 //DPRINTF("Write reg 0x%02x = 0x%08x\n", (int)offset, val); 1059 if (offset >= TX_DATA_FIFO_PORT_FIRST && 1060 offset <= TX_DATA_FIFO_PORT_LAST) { 1061 /* TX FIFO */ 1062 tx_fifo_push(s, val); 1063 return; 1064 } 1065 switch (offset) { 1066 case CSR_IRQ_CFG: 1067 /* TODO: Implement interrupt deassertion intervals. */ 1068 val &= (IRQ_EN | IRQ_POL | IRQ_TYPE); 1069 s->irq_cfg = (s->irq_cfg & IRQ_INT) | val; 1070 break; 1071 case CSR_INT_STS: 1072 s->int_sts &= ~val; 1073 break; 1074 case CSR_INT_EN: 1075 s->int_en = val & ~RESERVED_INT; 1076 s->int_sts |= val & SW_INT; 1077 break; 1078 case CSR_FIFO_INT: 1079 DPRINTF("FIFO INT levels %08x\n", val); 1080 s->fifo_int = val; 1081 break; 1082 case CSR_RX_CFG: 1083 if (val & 0x8000) { 1084 /* RX_DUMP */ 1085 s->rx_fifo_used = 0; 1086 s->rx_status_fifo_used = 0; 1087 s->rx_packet_size_tail = s->rx_packet_size_head; 1088 s->rx_packet_size[s->rx_packet_size_head] = 0; 1089 } 1090 s->rx_cfg = val & 0xcfff1ff0; 1091 break; 1092 case CSR_TX_CFG: 1093 if (val & 0x8000) { 1094 s->tx_status_fifo_used = 0; 1095 } 1096 if (val & 0x4000) { 1097 s->txp->state = TX_IDLE; 1098 s->txp->fifo_used = 0; 1099 s->txp->cmd_a = 0xffffffff; 1100 } 1101 s->tx_cfg = val & 6; 1102 break; 1103 case CSR_HW_CFG: 1104 if (val & 1) { 1105 /* SRST */ 1106 lan9118_reset(DEVICE(s)); 1107 } else { 1108 s->hw_cfg = (val & 0x003f300) | (s->hw_cfg & 0x4); 1109 } 1110 break; 1111 case CSR_RX_DP_CTRL: 1112 if (val & 0x80000000) { 1113 /* Skip forward to next packet. */ 1114 s->rxp_pad = 0; 1115 s->rxp_offset = 0; 1116 if (s->rxp_size == 0) { 1117 /* Pop a word to start the next packet. */ 1118 rx_fifo_pop(s); 1119 s->rxp_pad = 0; 1120 s->rxp_offset = 0; 1121 } 1122 s->rx_fifo_head += s->rxp_size; 1123 if (s->rx_fifo_head >= s->rx_fifo_size) { 1124 s->rx_fifo_head -= s->rx_fifo_size; 1125 } 1126 } 1127 break; 1128 case CSR_PMT_CTRL: 1129 if (val & 0x400) { 1130 phy_reset(s); 1131 } 1132 s->pmt_ctrl &= ~0x34e; 1133 s->pmt_ctrl |= (val & 0x34e); 1134 break; 1135 case CSR_GPIO_CFG: 1136 /* Probably just enabling LEDs. */ 1137 s->gpio_cfg = val & 0x7777071f; 1138 break; 1139 case CSR_GPT_CFG: 1140 if ((s->gpt_cfg ^ val) & GPT_TIMER_EN) { 1141 ptimer_transaction_begin(s->timer); 1142 if (val & GPT_TIMER_EN) { 1143 ptimer_set_count(s->timer, val & 0xffff); 1144 ptimer_run(s->timer, 0); 1145 } else { 1146 ptimer_stop(s->timer); 1147 ptimer_set_count(s->timer, 0xffff); 1148 } 1149 ptimer_transaction_commit(s->timer); 1150 } 1151 s->gpt_cfg = val & (GPT_TIMER_EN | 0xffff); 1152 break; 1153 case CSR_WORD_SWAP: 1154 /* Ignored because we're in 32-bit mode. */ 1155 s->word_swap = val; 1156 break; 1157 case CSR_MAC_CSR_CMD: 1158 s->mac_cmd = val & 0x4000000f; 1159 if (val & 0x80000000) { 1160 if (val & 0x40000000) { 1161 s->mac_data = do_mac_read(s, val & 0xf); 1162 DPRINTF("MAC read %d = 0x%08x\n", val & 0xf, s->mac_data); 1163 } else { 1164 DPRINTF("MAC write %d = 0x%08x\n", val & 0xf, s->mac_data); 1165 do_mac_write(s, val & 0xf, s->mac_data); 1166 } 1167 } 1168 break; 1169 case CSR_MAC_CSR_DATA: 1170 s->mac_data = val; 1171 break; 1172 case CSR_AFC_CFG: 1173 s->afc_cfg = val & 0x00ffffff; 1174 break; 1175 case CSR_E2P_CMD: 1176 lan9118_eeprom_cmd(s, (val >> 28) & 7, val & 0x7f); 1177 break; 1178 case CSR_E2P_DATA: 1179 s->e2p_data = val & 0xff; 1180 break; 1181 1182 default: 1183 qemu_log_mask(LOG_GUEST_ERROR, "lan9118_write: Bad reg 0x%x = %x\n", 1184 (int)offset, (int)val); 1185 break; 1186 } 1187 lan9118_update(s); 1188 } 1189 1190 static void lan9118_writew(void *opaque, hwaddr offset, 1191 uint32_t val) 1192 { 1193 lan9118_state *s = (lan9118_state *)opaque; 1194 offset &= 0xff; 1195 1196 if (s->write_word_prev_offset != (offset & ~0x3)) { 1197 /* New offset, reset word counter */ 1198 s->write_word_n = 0; 1199 s->write_word_prev_offset = offset & ~0x3; 1200 } 1201 1202 if (offset & 0x2) { 1203 s->write_word_h = val; 1204 } else { 1205 s->write_word_l = val; 1206 } 1207 1208 //DPRINTF("Writew reg 0x%02x = 0x%08x\n", (int)offset, val); 1209 s->write_word_n++; 1210 if (s->write_word_n == 2) { 1211 s->write_word_n = 0; 1212 lan9118_writel(s, offset & ~3, s->write_word_l + 1213 (s->write_word_h << 16), 4); 1214 } 1215 } 1216 1217 static void lan9118_16bit_mode_write(void *opaque, hwaddr offset, 1218 uint64_t val, unsigned size) 1219 { 1220 switch (size) { 1221 case 2: 1222 lan9118_writew(opaque, offset, (uint32_t)val); 1223 return; 1224 case 4: 1225 lan9118_writel(opaque, offset, val, size); 1226 return; 1227 } 1228 1229 qemu_log_mask(LOG_GUEST_ERROR, 1230 "lan9118_16bit_mode_write: Bad size 0x%x\n", size); 1231 } 1232 1233 static uint64_t lan9118_readl(void *opaque, hwaddr offset, 1234 unsigned size) 1235 { 1236 lan9118_state *s = (lan9118_state *)opaque; 1237 1238 //DPRINTF("Read reg 0x%02x\n", (int)offset); 1239 if (offset <= RX_DATA_FIFO_PORT_LAST) { 1240 /* RX FIFO */ 1241 return rx_fifo_pop(s); 1242 } 1243 switch (offset) { 1244 case RX_STATUS_FIFO_PORT: 1245 return rx_status_fifo_pop(s); 1246 case RX_STATUS_FIFO_PEEK: 1247 return s->rx_status_fifo[s->rx_status_fifo_head]; 1248 case TX_STATUS_FIFO_PORT: 1249 return tx_status_fifo_pop(s); 1250 case TX_STATUS_FIFO_PEEK: 1251 return s->tx_status_fifo[s->tx_status_fifo_head]; 1252 case CSR_ID_REV: 1253 return 0x01180001; 1254 case CSR_IRQ_CFG: 1255 return s->irq_cfg; 1256 case CSR_INT_STS: 1257 return s->int_sts; 1258 case CSR_INT_EN: 1259 return s->int_en; 1260 case CSR_BYTE_TEST: 1261 return 0x87654321; 1262 case CSR_FIFO_INT: 1263 return s->fifo_int; 1264 case CSR_RX_CFG: 1265 return s->rx_cfg; 1266 case CSR_TX_CFG: 1267 return s->tx_cfg; 1268 case CSR_HW_CFG: 1269 return s->hw_cfg; 1270 case CSR_RX_DP_CTRL: 1271 return 0; 1272 case CSR_RX_FIFO_INF: 1273 return (s->rx_status_fifo_used << 16) | (s->rx_fifo_used << 2); 1274 case CSR_TX_FIFO_INF: 1275 return (s->tx_status_fifo_used << 16) 1276 | (s->tx_fifo_size - s->txp->fifo_used); 1277 case CSR_PMT_CTRL: 1278 return s->pmt_ctrl; 1279 case CSR_GPIO_CFG: 1280 return s->gpio_cfg; 1281 case CSR_GPT_CFG: 1282 return s->gpt_cfg; 1283 case CSR_GPT_CNT: 1284 return ptimer_get_count(s->timer); 1285 case CSR_WORD_SWAP: 1286 return s->word_swap; 1287 case CSR_FREE_RUN: 1288 return (qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) / 40) - s->free_timer_start; 1289 case CSR_RX_DROP: 1290 /* TODO: Implement dropped frames counter. */ 1291 return 0; 1292 case CSR_MAC_CSR_CMD: 1293 return s->mac_cmd; 1294 case CSR_MAC_CSR_DATA: 1295 return s->mac_data; 1296 case CSR_AFC_CFG: 1297 return s->afc_cfg; 1298 case CSR_E2P_CMD: 1299 return s->e2p_cmd; 1300 case CSR_E2P_DATA: 1301 return s->e2p_data; 1302 } 1303 qemu_log_mask(LOG_GUEST_ERROR, "lan9118_read: Bad reg 0x%x\n", (int)offset); 1304 return 0; 1305 } 1306 1307 static uint32_t lan9118_readw(void *opaque, hwaddr offset) 1308 { 1309 lan9118_state *s = (lan9118_state *)opaque; 1310 uint32_t val; 1311 1312 if (s->read_word_prev_offset != (offset & ~0x3)) { 1313 /* New offset, reset word counter */ 1314 s->read_word_n = 0; 1315 s->read_word_prev_offset = offset & ~0x3; 1316 } 1317 1318 s->read_word_n++; 1319 if (s->read_word_n == 1) { 1320 s->read_long = lan9118_readl(s, offset & ~3, 4); 1321 } else { 1322 s->read_word_n = 0; 1323 } 1324 1325 if (offset & 2) { 1326 val = s->read_long >> 16; 1327 } else { 1328 val = s->read_long & 0xFFFF; 1329 } 1330 1331 //DPRINTF("Readw reg 0x%02x, val 0x%x\n", (int)offset, val); 1332 return val; 1333 } 1334 1335 static uint64_t lan9118_16bit_mode_read(void *opaque, hwaddr offset, 1336 unsigned size) 1337 { 1338 switch (size) { 1339 case 2: 1340 return lan9118_readw(opaque, offset); 1341 case 4: 1342 return lan9118_readl(opaque, offset, size); 1343 } 1344 1345 qemu_log_mask(LOG_GUEST_ERROR, 1346 "lan9118_16bit_mode_read: Bad size 0x%x\n", size); 1347 return 0; 1348 } 1349 1350 static const MemoryRegionOps lan9118_mem_ops = { 1351 .read = lan9118_readl, 1352 .write = lan9118_writel, 1353 .endianness = DEVICE_NATIVE_ENDIAN, 1354 }; 1355 1356 static const MemoryRegionOps lan9118_16bit_mem_ops = { 1357 .read = lan9118_16bit_mode_read, 1358 .write = lan9118_16bit_mode_write, 1359 .endianness = DEVICE_NATIVE_ENDIAN, 1360 }; 1361 1362 static NetClientInfo net_lan9118_info = { 1363 .type = NET_CLIENT_DRIVER_NIC, 1364 .size = sizeof(NICState), 1365 .receive = lan9118_receive, 1366 .link_status_changed = lan9118_set_link, 1367 }; 1368 1369 static void lan9118_realize(DeviceState *dev, Error **errp) 1370 { 1371 SysBusDevice *sbd = SYS_BUS_DEVICE(dev); 1372 lan9118_state *s = LAN9118(dev); 1373 int i; 1374 const MemoryRegionOps *mem_ops = 1375 s->mode_16bit ? &lan9118_16bit_mem_ops : &lan9118_mem_ops; 1376 1377 memory_region_init_io(&s->mmio, OBJECT(dev), mem_ops, s, 1378 "lan9118-mmio", 0x100); 1379 sysbus_init_mmio(sbd, &s->mmio); 1380 sysbus_init_irq(sbd, &s->irq); 1381 qemu_macaddr_default_if_unset(&s->conf.macaddr); 1382 1383 s->nic = qemu_new_nic(&net_lan9118_info, &s->conf, 1384 object_get_typename(OBJECT(dev)), dev->id, 1385 &dev->mem_reentrancy_guard, s); 1386 qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a); 1387 s->eeprom[0] = 0xa5; 1388 for (i = 0; i < 6; i++) { 1389 s->eeprom[i + 1] = s->conf.macaddr.a[i]; 1390 } 1391 s->pmt_ctrl = 1; 1392 s->txp = &s->tx_packet; 1393 1394 s->timer = ptimer_init(lan9118_tick, s, PTIMER_POLICY_LEGACY); 1395 ptimer_transaction_begin(s->timer); 1396 ptimer_set_freq(s->timer, 10000); 1397 ptimer_set_limit(s->timer, 0xffff, 1); 1398 ptimer_transaction_commit(s->timer); 1399 } 1400 1401 static Property lan9118_properties[] = { 1402 DEFINE_NIC_PROPERTIES(lan9118_state, conf), 1403 DEFINE_PROP_UINT32("mode_16bit", lan9118_state, mode_16bit, 0), 1404 DEFINE_PROP_END_OF_LIST(), 1405 }; 1406 1407 static void lan9118_class_init(ObjectClass *klass, void *data) 1408 { 1409 DeviceClass *dc = DEVICE_CLASS(klass); 1410 1411 dc->reset = lan9118_reset; 1412 device_class_set_props(dc, lan9118_properties); 1413 dc->vmsd = &vmstate_lan9118; 1414 dc->realize = lan9118_realize; 1415 } 1416 1417 static const TypeInfo lan9118_info = { 1418 .name = TYPE_LAN9118, 1419 .parent = TYPE_SYS_BUS_DEVICE, 1420 .instance_size = sizeof(lan9118_state), 1421 .class_init = lan9118_class_init, 1422 }; 1423 1424 static void lan9118_register_types(void) 1425 { 1426 type_register_static(&lan9118_info); 1427 } 1428 1429 /* Legacy helper function. Should go away when machine config files are 1430 implemented. */ 1431 void lan9118_init(uint32_t base, qemu_irq irq) 1432 { 1433 DeviceState *dev; 1434 SysBusDevice *s; 1435 1436 dev = qdev_new(TYPE_LAN9118); 1437 qemu_configure_nic_device(dev, true, NULL); 1438 s = SYS_BUS_DEVICE(dev); 1439 sysbus_realize_and_unref(s, &error_fatal); 1440 sysbus_mmio_map(s, 0, base); 1441 sysbus_connect_irq(s, 0, irq); 1442 } 1443 1444 type_init(lan9118_register_types) 1445