1 /* 2 * Nuvoton NPCM7xx EMC Module 3 * 4 * Copyright 2020 Google LLC 5 * 6 * This program is free software; you can redistribute it and/or modify it 7 * under the terms of the GNU General Public License as published by the 8 * Free Software Foundation; either version 2 of the License, or 9 * (at your option) any later version. 10 * 11 * This program is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * for more details. 15 * 16 * Unsupported/unimplemented features: 17 * - MCMDR.FDUP (full duplex) is ignored, half duplex is not supported 18 * - Only CAM0 is supported, CAM[1-15] are not 19 * - writes to CAMEN.[1-15] are ignored, these bits always read as zeroes 20 * - MII is not implemented, MIIDA.BUSY and MIID always return zero 21 * - MCMDR.LBK is not implemented 22 * - MCMDR.{OPMOD,ENSQE,AEP,ARP} are not supported 23 * - H/W FIFOs are not supported, MCMDR.FFTCR is ignored 24 * - MGSTA.SQE is not supported 25 * - pause and control frames are not implemented 26 * - MGSTA.CCNT is not supported 27 * - MPCNT, DMARFS are not implemented 28 */ 29 30 #include "qemu/osdep.h" 31 32 #include <zlib.h> /* for crc32 */ 33 34 #include "hw/irq.h" 35 #include "hw/qdev-clock.h" 36 #include "hw/qdev-properties.h" 37 #include "hw/net/npcm7xx_emc.h" 38 #include "net/eth.h" 39 #include "migration/vmstate.h" 40 #include "qemu/bitops.h" 41 #include "qemu/error-report.h" 42 #include "qemu/log.h" 43 #include "qemu/module.h" 44 #include "qemu/units.h" 45 #include "sysemu/dma.h" 46 #include "trace.h" 47 48 #define CRC_LENGTH 4 49 50 /* 51 * The maximum size of a (layer 2) ethernet frame as defined by 802.3. 52 * 1518 = 6(dest macaddr) + 6(src macaddr) + 2(proto) + 4(crc) + 1500(payload) 53 * This does not include an additional 4 for the vlan field (802.1q). 54 */ 55 #define MAX_ETH_FRAME_SIZE 1518 56 57 static const char *emc_reg_name(int regno) 58 { 59 #define REG(name) case REG_ ## name: return #name; 60 switch (regno) { 61 REG(CAMCMR) 62 REG(CAMEN) 63 REG(TXDLSA) 64 REG(RXDLSA) 65 REG(MCMDR) 66 REG(MIID) 67 REG(MIIDA) 68 REG(FFTCR) 69 REG(TSDR) 70 REG(RSDR) 71 REG(DMARFC) 72 REG(MIEN) 73 REG(MISTA) 74 REG(MGSTA) 75 REG(MPCNT) 76 REG(MRPC) 77 REG(MRPCC) 78 REG(MREPC) 79 REG(DMARFS) 80 REG(CTXDSA) 81 REG(CTXBSA) 82 REG(CRXDSA) 83 REG(CRXBSA) 84 case REG_CAMM_BASE + 0: return "CAM0M"; 85 case REG_CAML_BASE + 0: return "CAM0L"; 86 case REG_CAMM_BASE + 2 ... REG_CAMML_LAST: 87 /* Only CAM0 is supported, fold the others into something simple. */ 88 if (regno & 1) { 89 return "CAM<n>L"; 90 } else { 91 return "CAM<n>M"; 92 } 93 default: return "UNKNOWN"; 94 } 95 #undef REG 96 } 97 98 static void emc_reset(NPCM7xxEMCState *emc) 99 { 100 uint32_t value; 101 102 trace_npcm7xx_emc_reset(emc->emc_num); 103 104 memset(&emc->regs[0], 0, sizeof(emc->regs)); 105 106 /* These regs have non-zero reset values. */ 107 emc->regs[REG_TXDLSA] = 0xfffffffc; 108 emc->regs[REG_RXDLSA] = 0xfffffffc; 109 emc->regs[REG_MIIDA] = 0x00900000; 110 emc->regs[REG_FFTCR] = 0x0101; 111 emc->regs[REG_DMARFC] = 0x0800; 112 emc->regs[REG_MPCNT] = 0x7fff; 113 114 emc->tx_active = false; 115 emc->rx_active = false; 116 117 /* Set the MAC address in the register space. */ 118 value = (emc->conf.macaddr.a[0] << 24) | 119 (emc->conf.macaddr.a[1] << 16) | 120 (emc->conf.macaddr.a[2] << 8) | 121 emc->conf.macaddr.a[3]; 122 emc->regs[REG_CAMM_BASE] = value; 123 124 value = (emc->conf.macaddr.a[4] << 24) | (emc->conf.macaddr.a[5] << 16); 125 emc->regs[REG_CAML_BASE] = value; 126 } 127 128 static void npcm7xx_emc_reset(DeviceState *dev) 129 { 130 NPCM7xxEMCState *emc = NPCM7XX_EMC(dev); 131 emc_reset(emc); 132 } 133 134 static void emc_soft_reset(NPCM7xxEMCState *emc) 135 { 136 /* 137 * The docs say at least MCMDR.{LBK,OPMOD} bits are not changed during a 138 * soft reset, but does not go into further detail. For now, KISS. 139 */ 140 uint32_t mcmdr = emc->regs[REG_MCMDR]; 141 emc_reset(emc); 142 emc->regs[REG_MCMDR] = mcmdr & (REG_MCMDR_LBK | REG_MCMDR_OPMOD); 143 144 qemu_set_irq(emc->tx_irq, 0); 145 qemu_set_irq(emc->rx_irq, 0); 146 } 147 148 static void emc_set_link(NetClientState *nc) 149 { 150 /* Nothing to do yet. */ 151 } 152 153 /* MISTA.TXINTR is the union of the individual bits with their enables. */ 154 static void emc_update_mista_txintr(NPCM7xxEMCState *emc) 155 { 156 /* Only look at the bits we support. */ 157 uint32_t mask = (REG_MISTA_TXBERR | 158 REG_MISTA_TDU | 159 REG_MISTA_TXCP); 160 if (emc->regs[REG_MISTA] & emc->regs[REG_MIEN] & mask) { 161 emc->regs[REG_MISTA] |= REG_MISTA_TXINTR; 162 } else { 163 emc->regs[REG_MISTA] &= ~REG_MISTA_TXINTR; 164 } 165 } 166 167 /* MISTA.RXINTR is the union of the individual bits with their enables. */ 168 static void emc_update_mista_rxintr(NPCM7xxEMCState *emc) 169 { 170 /* Only look at the bits we support. */ 171 uint32_t mask = (REG_MISTA_RXBERR | 172 REG_MISTA_RDU | 173 REG_MISTA_RXGD); 174 if (emc->regs[REG_MISTA] & emc->regs[REG_MIEN] & mask) { 175 emc->regs[REG_MISTA] |= REG_MISTA_RXINTR; 176 } else { 177 emc->regs[REG_MISTA] &= ~REG_MISTA_RXINTR; 178 } 179 } 180 181 /* N.B. emc_update_mista_txintr must have already been called. */ 182 static void emc_update_tx_irq(NPCM7xxEMCState *emc) 183 { 184 int level = !!(emc->regs[REG_MISTA] & 185 emc->regs[REG_MIEN] & 186 REG_MISTA_TXINTR); 187 trace_npcm7xx_emc_update_tx_irq(level); 188 qemu_set_irq(emc->tx_irq, level); 189 } 190 191 /* N.B. emc_update_mista_rxintr must have already been called. */ 192 static void emc_update_rx_irq(NPCM7xxEMCState *emc) 193 { 194 int level = !!(emc->regs[REG_MISTA] & 195 emc->regs[REG_MIEN] & 196 REG_MISTA_RXINTR); 197 trace_npcm7xx_emc_update_rx_irq(level); 198 qemu_set_irq(emc->rx_irq, level); 199 } 200 201 /* Update IRQ states due to changes in MIEN,MISTA. */ 202 static void emc_update_irq_from_reg_change(NPCM7xxEMCState *emc) 203 { 204 emc_update_mista_txintr(emc); 205 emc_update_tx_irq(emc); 206 207 emc_update_mista_rxintr(emc); 208 emc_update_rx_irq(emc); 209 } 210 211 static int emc_read_tx_desc(dma_addr_t addr, NPCM7xxEMCTxDesc *desc) 212 { 213 if (dma_memory_read(&address_space_memory, addr, desc, 214 sizeof(*desc), MEMTXATTRS_UNSPECIFIED)) { 215 qemu_log_mask(LOG_GUEST_ERROR, "%s: Failed to read descriptor @ 0x%" 216 HWADDR_PRIx "\n", __func__, addr); 217 return -1; 218 } 219 desc->flags = le32_to_cpu(desc->flags); 220 desc->txbsa = le32_to_cpu(desc->txbsa); 221 desc->status_and_length = le32_to_cpu(desc->status_and_length); 222 desc->ntxdsa = le32_to_cpu(desc->ntxdsa); 223 return 0; 224 } 225 226 static int emc_write_tx_desc(const NPCM7xxEMCTxDesc *desc, dma_addr_t addr) 227 { 228 NPCM7xxEMCTxDesc le_desc; 229 230 le_desc.flags = cpu_to_le32(desc->flags); 231 le_desc.txbsa = cpu_to_le32(desc->txbsa); 232 le_desc.status_and_length = cpu_to_le32(desc->status_and_length); 233 le_desc.ntxdsa = cpu_to_le32(desc->ntxdsa); 234 if (dma_memory_write(&address_space_memory, addr, &le_desc, 235 sizeof(le_desc), MEMTXATTRS_UNSPECIFIED)) { 236 qemu_log_mask(LOG_GUEST_ERROR, "%s: Failed to write descriptor @ 0x%" 237 HWADDR_PRIx "\n", __func__, addr); 238 return -1; 239 } 240 return 0; 241 } 242 243 static int emc_read_rx_desc(dma_addr_t addr, NPCM7xxEMCRxDesc *desc) 244 { 245 if (dma_memory_read(&address_space_memory, addr, desc, 246 sizeof(*desc), MEMTXATTRS_UNSPECIFIED)) { 247 qemu_log_mask(LOG_GUEST_ERROR, "%s: Failed to read descriptor @ 0x%" 248 HWADDR_PRIx "\n", __func__, addr); 249 return -1; 250 } 251 desc->status_and_length = le32_to_cpu(desc->status_and_length); 252 desc->rxbsa = le32_to_cpu(desc->rxbsa); 253 desc->reserved = le32_to_cpu(desc->reserved); 254 desc->nrxdsa = le32_to_cpu(desc->nrxdsa); 255 return 0; 256 } 257 258 static int emc_write_rx_desc(const NPCM7xxEMCRxDesc *desc, dma_addr_t addr) 259 { 260 NPCM7xxEMCRxDesc le_desc; 261 262 le_desc.status_and_length = cpu_to_le32(desc->status_and_length); 263 le_desc.rxbsa = cpu_to_le32(desc->rxbsa); 264 le_desc.reserved = cpu_to_le32(desc->reserved); 265 le_desc.nrxdsa = cpu_to_le32(desc->nrxdsa); 266 if (dma_memory_write(&address_space_memory, addr, &le_desc, 267 sizeof(le_desc), MEMTXATTRS_UNSPECIFIED)) { 268 qemu_log_mask(LOG_GUEST_ERROR, "%s: Failed to write descriptor @ 0x%" 269 HWADDR_PRIx "\n", __func__, addr); 270 return -1; 271 } 272 return 0; 273 } 274 275 static void emc_set_mista(NPCM7xxEMCState *emc, uint32_t flags) 276 { 277 trace_npcm7xx_emc_set_mista(flags); 278 emc->regs[REG_MISTA] |= flags; 279 if (extract32(flags, 16, 16)) { 280 emc_update_mista_txintr(emc); 281 } 282 if (extract32(flags, 0, 16)) { 283 emc_update_mista_rxintr(emc); 284 } 285 } 286 287 static void emc_halt_tx(NPCM7xxEMCState *emc, uint32_t mista_flag) 288 { 289 emc->tx_active = false; 290 emc_set_mista(emc, mista_flag); 291 } 292 293 static void emc_halt_rx(NPCM7xxEMCState *emc, uint32_t mista_flag) 294 { 295 emc->rx_active = false; 296 emc_set_mista(emc, mista_flag); 297 } 298 299 static void emc_enable_rx_and_flush(NPCM7xxEMCState *emc) 300 { 301 emc->rx_active = true; 302 qemu_flush_queued_packets(qemu_get_queue(emc->nic)); 303 } 304 305 static void emc_set_next_tx_descriptor(NPCM7xxEMCState *emc, 306 const NPCM7xxEMCTxDesc *tx_desc, 307 uint32_t desc_addr) 308 { 309 /* Update the current descriptor, if only to reset the owner flag. */ 310 if (emc_write_tx_desc(tx_desc, desc_addr)) { 311 /* 312 * We just read it so this shouldn't generally happen. 313 * Error already reported. 314 */ 315 emc_set_mista(emc, REG_MISTA_TXBERR); 316 } 317 emc->regs[REG_CTXDSA] = TX_DESC_NTXDSA(tx_desc->ntxdsa); 318 } 319 320 static void emc_set_next_rx_descriptor(NPCM7xxEMCState *emc, 321 const NPCM7xxEMCRxDesc *rx_desc, 322 uint32_t desc_addr) 323 { 324 /* Update the current descriptor, if only to reset the owner flag. */ 325 if (emc_write_rx_desc(rx_desc, desc_addr)) { 326 /* 327 * We just read it so this shouldn't generally happen. 328 * Error already reported. 329 */ 330 emc_set_mista(emc, REG_MISTA_RXBERR); 331 } 332 emc->regs[REG_CRXDSA] = RX_DESC_NRXDSA(rx_desc->nrxdsa); 333 } 334 335 static void emc_try_send_next_packet(NPCM7xxEMCState *emc) 336 { 337 /* Working buffer for sending out packets. Most packets fit in this. */ 338 #define TX_BUFFER_SIZE 2048 339 uint8_t tx_send_buffer[TX_BUFFER_SIZE]; 340 uint32_t desc_addr = TX_DESC_NTXDSA(emc->regs[REG_CTXDSA]); 341 NPCM7xxEMCTxDesc tx_desc; 342 uint32_t next_buf_addr, length; 343 uint8_t *buf; 344 g_autofree uint8_t *malloced_buf = NULL; 345 346 if (emc_read_tx_desc(desc_addr, &tx_desc)) { 347 /* Error reading descriptor, already reported. */ 348 emc_halt_tx(emc, REG_MISTA_TXBERR); 349 emc_update_tx_irq(emc); 350 return; 351 } 352 353 /* Nothing we can do if we don't own the descriptor. */ 354 if (!(tx_desc.flags & TX_DESC_FLAG_OWNER_MASK)) { 355 trace_npcm7xx_emc_cpu_owned_desc(desc_addr); 356 emc_halt_tx(emc, REG_MISTA_TDU); 357 emc_update_tx_irq(emc); 358 return; 359 } 360 361 /* Give the descriptor back regardless of what happens. */ 362 tx_desc.flags &= ~TX_DESC_FLAG_OWNER_MASK; 363 tx_desc.status_and_length &= 0xffff; 364 365 /* 366 * Despite the h/w documentation saying the tx buffer is word aligned, 367 * the linux driver does not word align the buffer. There is value in not 368 * aligning the buffer: See the description of NET_IP_ALIGN in linux 369 * kernel sources. 370 */ 371 next_buf_addr = tx_desc.txbsa; 372 emc->regs[REG_CTXBSA] = next_buf_addr; 373 length = TX_DESC_PKT_LEN(tx_desc.status_and_length); 374 buf = &tx_send_buffer[0]; 375 376 if (length > sizeof(tx_send_buffer)) { 377 malloced_buf = g_malloc(length); 378 buf = malloced_buf; 379 } 380 381 if (dma_memory_read(&address_space_memory, next_buf_addr, buf, 382 length, MEMTXATTRS_UNSPECIFIED)) { 383 qemu_log_mask(LOG_GUEST_ERROR, "%s: Failed to read packet @ 0x%x\n", 384 __func__, next_buf_addr); 385 emc_set_mista(emc, REG_MISTA_TXBERR); 386 emc_set_next_tx_descriptor(emc, &tx_desc, desc_addr); 387 emc_update_tx_irq(emc); 388 trace_npcm7xx_emc_tx_done(emc->regs[REG_CTXDSA]); 389 return; 390 } 391 392 if ((tx_desc.flags & TX_DESC_FLAG_PADEN) && (length < MIN_PACKET_LENGTH)) { 393 memset(buf + length, 0, MIN_PACKET_LENGTH - length); 394 length = MIN_PACKET_LENGTH; 395 } 396 397 /* N.B. emc_receive can get called here. */ 398 qemu_send_packet(qemu_get_queue(emc->nic), buf, length); 399 trace_npcm7xx_emc_sent_packet(length); 400 401 tx_desc.status_and_length |= TX_DESC_STATUS_TXCP; 402 if (tx_desc.flags & TX_DESC_FLAG_INTEN) { 403 emc_set_mista(emc, REG_MISTA_TXCP); 404 } 405 if (emc->regs[REG_MISTA] & emc->regs[REG_MIEN] & REG_MISTA_TXINTR) { 406 tx_desc.status_and_length |= TX_DESC_STATUS_TXINTR; 407 } 408 409 emc_set_next_tx_descriptor(emc, &tx_desc, desc_addr); 410 emc_update_tx_irq(emc); 411 trace_npcm7xx_emc_tx_done(emc->regs[REG_CTXDSA]); 412 } 413 414 static bool emc_can_receive(NetClientState *nc) 415 { 416 NPCM7xxEMCState *emc = NPCM7XX_EMC(qemu_get_nic_opaque(nc)); 417 418 bool can_receive = emc->rx_active; 419 trace_npcm7xx_emc_can_receive(can_receive); 420 return can_receive; 421 } 422 423 /* If result is false then *fail_reason contains the reason. */ 424 static bool emc_receive_filter1(NPCM7xxEMCState *emc, const uint8_t *buf, 425 size_t len, const char **fail_reason) 426 { 427 eth_pkt_types_e pkt_type = get_eth_packet_type(PKT_GET_ETH_HDR(buf)); 428 429 switch (pkt_type) { 430 case ETH_PKT_BCAST: 431 if (emc->regs[REG_CAMCMR] & REG_CAMCMR_CCAM) { 432 return true; 433 } else { 434 *fail_reason = "Broadcast packet disabled"; 435 return !!(emc->regs[REG_CAMCMR] & REG_CAMCMR_ABP); 436 } 437 case ETH_PKT_MCAST: 438 if (emc->regs[REG_CAMCMR] & REG_CAMCMR_CCAM) { 439 return true; 440 } else { 441 *fail_reason = "Multicast packet disabled"; 442 return !!(emc->regs[REG_CAMCMR] & REG_CAMCMR_AMP); 443 } 444 case ETH_PKT_UCAST: { 445 bool matches; 446 uint32_t value; 447 struct MACAddr mac; 448 if (emc->regs[REG_CAMCMR] & REG_CAMCMR_AUP) { 449 return true; 450 } 451 452 value = emc->regs[REG_CAMM_BASE]; 453 mac.a[0] = value >> 24; 454 mac.a[1] = value >> 16; 455 mac.a[2] = value >> 8; 456 mac.a[3] = value >> 0; 457 value = emc->regs[REG_CAML_BASE]; 458 mac.a[4] = value >> 24; 459 mac.a[5] = value >> 16; 460 461 matches = ((emc->regs[REG_CAMCMR] & REG_CAMCMR_ECMP) && 462 /* We only support one CAM register, CAM0. */ 463 (emc->regs[REG_CAMEN] & (1 << 0)) && 464 memcmp(buf, mac.a, ETH_ALEN) == 0); 465 if (emc->regs[REG_CAMCMR] & REG_CAMCMR_CCAM) { 466 *fail_reason = "MACADDR matched, comparison complemented"; 467 return !matches; 468 } else { 469 *fail_reason = "MACADDR didn't match"; 470 return matches; 471 } 472 } 473 default: 474 g_assert_not_reached(); 475 } 476 } 477 478 static bool emc_receive_filter(NPCM7xxEMCState *emc, const uint8_t *buf, 479 size_t len) 480 { 481 const char *fail_reason = NULL; 482 bool ok = emc_receive_filter1(emc, buf, len, &fail_reason); 483 if (!ok) { 484 trace_npcm7xx_emc_packet_filtered_out(fail_reason); 485 } 486 return ok; 487 } 488 489 static ssize_t emc_receive(NetClientState *nc, const uint8_t *buf, size_t len1) 490 { 491 NPCM7xxEMCState *emc = NPCM7XX_EMC(qemu_get_nic_opaque(nc)); 492 const uint32_t len = len1; 493 size_t max_frame_len; 494 bool long_frame; 495 uint32_t desc_addr; 496 NPCM7xxEMCRxDesc rx_desc; 497 uint32_t crc; 498 uint8_t *crc_ptr; 499 uint32_t buf_addr; 500 501 trace_npcm7xx_emc_receiving_packet(len); 502 503 if (!emc_can_receive(nc)) { 504 qemu_log_mask(LOG_GUEST_ERROR, "%s: Unexpected packet\n", __func__); 505 return -1; 506 } 507 508 if (len < ETH_HLEN || 509 /* Defensive programming: drop unsupportable large packets. */ 510 len > 0xffff - CRC_LENGTH) { 511 qemu_log_mask(LOG_GUEST_ERROR, "%s: Dropped frame of %u bytes\n", 512 __func__, len); 513 return len; 514 } 515 516 /* 517 * DENI is set if EMC received the Length/Type field of the incoming 518 * packet, so it will be set regardless of what happens next. 519 */ 520 emc_set_mista(emc, REG_MISTA_DENI); 521 522 if (!emc_receive_filter(emc, buf, len)) { 523 emc_update_rx_irq(emc); 524 return len; 525 } 526 527 /* Huge frames (> DMARFC) are dropped. */ 528 max_frame_len = REG_DMARFC_RXMS(emc->regs[REG_DMARFC]); 529 if (len + CRC_LENGTH > max_frame_len) { 530 trace_npcm7xx_emc_packet_dropped(len); 531 emc_set_mista(emc, REG_MISTA_DFOI); 532 emc_update_rx_irq(emc); 533 return len; 534 } 535 536 /* 537 * Long Frames (> MAX_ETH_FRAME_SIZE) are also dropped, unless MCMDR.ALP 538 * is set. 539 */ 540 long_frame = false; 541 if (len + CRC_LENGTH > MAX_ETH_FRAME_SIZE) { 542 if (emc->regs[REG_MCMDR] & REG_MCMDR_ALP) { 543 long_frame = true; 544 } else { 545 trace_npcm7xx_emc_packet_dropped(len); 546 emc_set_mista(emc, REG_MISTA_PTLE); 547 emc_update_rx_irq(emc); 548 return len; 549 } 550 } 551 552 desc_addr = RX_DESC_NRXDSA(emc->regs[REG_CRXDSA]); 553 if (emc_read_rx_desc(desc_addr, &rx_desc)) { 554 /* Error reading descriptor, already reported. */ 555 emc_halt_rx(emc, REG_MISTA_RXBERR); 556 emc_update_rx_irq(emc); 557 return len; 558 } 559 560 /* Nothing we can do if we don't own the descriptor. */ 561 if (!(rx_desc.status_and_length & RX_DESC_STATUS_OWNER_MASK)) { 562 trace_npcm7xx_emc_cpu_owned_desc(desc_addr); 563 emc_halt_rx(emc, REG_MISTA_RDU); 564 emc_update_rx_irq(emc); 565 return len; 566 } 567 568 crc = 0; 569 crc_ptr = (uint8_t *) &crc; 570 if (!(emc->regs[REG_MCMDR] & REG_MCMDR_SPCRC)) { 571 crc = cpu_to_be32(crc32(~0, buf, len)); 572 } 573 574 /* Give the descriptor back regardless of what happens. */ 575 rx_desc.status_and_length &= ~RX_DESC_STATUS_OWNER_MASK; 576 577 buf_addr = rx_desc.rxbsa; 578 emc->regs[REG_CRXBSA] = buf_addr; 579 if (dma_memory_write(&address_space_memory, buf_addr, buf, 580 len, MEMTXATTRS_UNSPECIFIED) || 581 (!(emc->regs[REG_MCMDR] & REG_MCMDR_SPCRC) && 582 dma_memory_write(&address_space_memory, buf_addr + len, 583 crc_ptr, 4, MEMTXATTRS_UNSPECIFIED))) { 584 qemu_log_mask(LOG_GUEST_ERROR, "%s: Bus error writing packet\n", 585 __func__); 586 emc_set_mista(emc, REG_MISTA_RXBERR); 587 emc_set_next_rx_descriptor(emc, &rx_desc, desc_addr); 588 emc_update_rx_irq(emc); 589 trace_npcm7xx_emc_rx_done(emc->regs[REG_CRXDSA]); 590 return len; 591 } 592 593 trace_npcm7xx_emc_received_packet(len); 594 595 /* Note: We've already verified len+4 <= 0xffff. */ 596 rx_desc.status_and_length = len; 597 if (!(emc->regs[REG_MCMDR] & REG_MCMDR_SPCRC)) { 598 rx_desc.status_and_length += 4; 599 } 600 rx_desc.status_and_length |= RX_DESC_STATUS_RXGD; 601 emc_set_mista(emc, REG_MISTA_RXGD); 602 603 if (emc->regs[REG_MISTA] & emc->regs[REG_MIEN] & REG_MISTA_RXINTR) { 604 rx_desc.status_and_length |= RX_DESC_STATUS_RXINTR; 605 } 606 if (long_frame) { 607 rx_desc.status_and_length |= RX_DESC_STATUS_PTLE; 608 } 609 610 emc_set_next_rx_descriptor(emc, &rx_desc, desc_addr); 611 emc_update_rx_irq(emc); 612 trace_npcm7xx_emc_rx_done(emc->regs[REG_CRXDSA]); 613 return len; 614 } 615 616 static uint64_t npcm7xx_emc_read(void *opaque, hwaddr offset, unsigned size) 617 { 618 NPCM7xxEMCState *emc = opaque; 619 uint32_t reg = offset / sizeof(uint32_t); 620 uint32_t result; 621 622 if (reg >= NPCM7XX_NUM_EMC_REGS) { 623 qemu_log_mask(LOG_GUEST_ERROR, 624 "%s: Invalid offset 0x%04" HWADDR_PRIx "\n", 625 __func__, offset); 626 return 0; 627 } 628 629 switch (reg) { 630 case REG_MIID: 631 /* 632 * We don't implement MII. For determinism, always return zero as 633 * writes record the last value written for debugging purposes. 634 */ 635 qemu_log_mask(LOG_UNIMP, "%s: Read of MIID, returning 0\n", __func__); 636 result = 0; 637 break; 638 case REG_TSDR: 639 case REG_RSDR: 640 qemu_log_mask(LOG_GUEST_ERROR, 641 "%s: Read of write-only reg, %s/%d\n", 642 __func__, emc_reg_name(reg), reg); 643 return 0; 644 default: 645 result = emc->regs[reg]; 646 break; 647 } 648 649 trace_npcm7xx_emc_reg_read(emc->emc_num, result, emc_reg_name(reg), reg); 650 return result; 651 } 652 653 static void npcm7xx_emc_write(void *opaque, hwaddr offset, 654 uint64_t v, unsigned size) 655 { 656 NPCM7xxEMCState *emc = opaque; 657 uint32_t reg = offset / sizeof(uint32_t); 658 uint32_t value = v; 659 660 g_assert(size == sizeof(uint32_t)); 661 662 if (reg >= NPCM7XX_NUM_EMC_REGS) { 663 qemu_log_mask(LOG_GUEST_ERROR, 664 "%s: Invalid offset 0x%04" HWADDR_PRIx "\n", 665 __func__, offset); 666 return; 667 } 668 669 trace_npcm7xx_emc_reg_write(emc->emc_num, emc_reg_name(reg), reg, value); 670 671 switch (reg) { 672 case REG_CAMCMR: 673 emc->regs[reg] = value; 674 break; 675 case REG_CAMEN: 676 /* Only CAM0 is supported, don't pretend otherwise. */ 677 if (value & ~1) { 678 qemu_log_mask(LOG_GUEST_ERROR, 679 "%s: Only CAM0 is supported, cannot enable others" 680 ": 0x%x\n", 681 __func__, value); 682 } 683 emc->regs[reg] = value & 1; 684 break; 685 case REG_CAMM_BASE + 0: 686 emc->regs[reg] = value; 687 break; 688 case REG_CAML_BASE + 0: 689 emc->regs[reg] = value; 690 break; 691 case REG_MCMDR: { 692 uint32_t prev; 693 if (value & REG_MCMDR_SWR) { 694 emc_soft_reset(emc); 695 /* On h/w the reset happens over multiple cycles. For now KISS. */ 696 break; 697 } 698 prev = emc->regs[reg]; 699 emc->regs[reg] = value; 700 /* Update tx state. */ 701 if (!(prev & REG_MCMDR_TXON) && 702 (value & REG_MCMDR_TXON)) { 703 emc->regs[REG_CTXDSA] = emc->regs[REG_TXDLSA]; 704 /* 705 * Linux kernel turns TX on with CPU still holding descriptor, 706 * which suggests we should wait for a write to TSDR before trying 707 * to send a packet: so we don't send one here. 708 */ 709 } else if ((prev & REG_MCMDR_TXON) && 710 !(value & REG_MCMDR_TXON)) { 711 emc->regs[REG_MGSTA] |= REG_MGSTA_TXHA; 712 } 713 if (!(value & REG_MCMDR_TXON)) { 714 emc_halt_tx(emc, 0); 715 } 716 /* Update rx state. */ 717 if (!(prev & REG_MCMDR_RXON) && 718 (value & REG_MCMDR_RXON)) { 719 emc->regs[REG_CRXDSA] = emc->regs[REG_RXDLSA]; 720 } else if ((prev & REG_MCMDR_RXON) && 721 !(value & REG_MCMDR_RXON)) { 722 emc->regs[REG_MGSTA] |= REG_MGSTA_RXHA; 723 } 724 if (value & REG_MCMDR_RXON) { 725 emc_enable_rx_and_flush(emc); 726 } else { 727 emc_halt_rx(emc, 0); 728 } 729 break; 730 } 731 case REG_TXDLSA: 732 case REG_RXDLSA: 733 case REG_DMARFC: 734 case REG_MIID: 735 emc->regs[reg] = value; 736 break; 737 case REG_MIEN: 738 emc->regs[reg] = value; 739 emc_update_irq_from_reg_change(emc); 740 break; 741 case REG_MISTA: 742 /* Clear the bits that have 1 in "value". */ 743 emc->regs[reg] &= ~value; 744 emc_update_irq_from_reg_change(emc); 745 break; 746 case REG_MGSTA: 747 /* Clear the bits that have 1 in "value". */ 748 emc->regs[reg] &= ~value; 749 break; 750 case REG_TSDR: 751 if (emc->regs[REG_MCMDR] & REG_MCMDR_TXON) { 752 emc->tx_active = true; 753 /* Keep trying to send packets until we run out. */ 754 while (emc->tx_active) { 755 emc_try_send_next_packet(emc); 756 } 757 } 758 break; 759 case REG_RSDR: 760 if (emc->regs[REG_MCMDR] & REG_MCMDR_RXON) { 761 emc_enable_rx_and_flush(emc); 762 } 763 break; 764 case REG_MIIDA: 765 emc->regs[reg] = value & ~REG_MIIDA_BUSY; 766 break; 767 case REG_MRPC: 768 case REG_MRPCC: 769 case REG_MREPC: 770 case REG_CTXDSA: 771 case REG_CTXBSA: 772 case REG_CRXDSA: 773 case REG_CRXBSA: 774 qemu_log_mask(LOG_GUEST_ERROR, 775 "%s: Write to read-only reg %s/%d\n", 776 __func__, emc_reg_name(reg), reg); 777 break; 778 default: 779 qemu_log_mask(LOG_UNIMP, "%s: Write to unimplemented reg %s/%d\n", 780 __func__, emc_reg_name(reg), reg); 781 break; 782 } 783 } 784 785 static const struct MemoryRegionOps npcm7xx_emc_ops = { 786 .read = npcm7xx_emc_read, 787 .write = npcm7xx_emc_write, 788 .endianness = DEVICE_LITTLE_ENDIAN, 789 .valid = { 790 .min_access_size = 4, 791 .max_access_size = 4, 792 .unaligned = false, 793 }, 794 }; 795 796 static void emc_cleanup(NetClientState *nc) 797 { 798 /* Nothing to do yet. */ 799 } 800 801 static NetClientInfo net_npcm7xx_emc_info = { 802 .type = NET_CLIENT_DRIVER_NIC, 803 .size = sizeof(NICState), 804 .can_receive = emc_can_receive, 805 .receive = emc_receive, 806 .cleanup = emc_cleanup, 807 .link_status_changed = emc_set_link, 808 }; 809 810 static void npcm7xx_emc_realize(DeviceState *dev, Error **errp) 811 { 812 NPCM7xxEMCState *emc = NPCM7XX_EMC(dev); 813 SysBusDevice *sbd = SYS_BUS_DEVICE(emc); 814 815 memory_region_init_io(&emc->iomem, OBJECT(emc), &npcm7xx_emc_ops, emc, 816 TYPE_NPCM7XX_EMC, 4 * KiB); 817 sysbus_init_mmio(sbd, &emc->iomem); 818 sysbus_init_irq(sbd, &emc->tx_irq); 819 sysbus_init_irq(sbd, &emc->rx_irq); 820 821 qemu_macaddr_default_if_unset(&emc->conf.macaddr); 822 emc->nic = qemu_new_nic(&net_npcm7xx_emc_info, &emc->conf, 823 object_get_typename(OBJECT(dev)), dev->id, 824 &dev->mem_reentrancy_guard, emc); 825 qemu_format_nic_info_str(qemu_get_queue(emc->nic), emc->conf.macaddr.a); 826 } 827 828 static void npcm7xx_emc_unrealize(DeviceState *dev) 829 { 830 NPCM7xxEMCState *emc = NPCM7XX_EMC(dev); 831 832 qemu_del_nic(emc->nic); 833 } 834 835 static const VMStateDescription vmstate_npcm7xx_emc = { 836 .name = TYPE_NPCM7XX_EMC, 837 .version_id = 0, 838 .minimum_version_id = 0, 839 .fields = (const VMStateField[]) { 840 VMSTATE_UINT8(emc_num, NPCM7xxEMCState), 841 VMSTATE_UINT32_ARRAY(regs, NPCM7xxEMCState, NPCM7XX_NUM_EMC_REGS), 842 VMSTATE_BOOL(tx_active, NPCM7xxEMCState), 843 VMSTATE_BOOL(rx_active, NPCM7xxEMCState), 844 VMSTATE_END_OF_LIST(), 845 }, 846 }; 847 848 static Property npcm7xx_emc_properties[] = { 849 DEFINE_NIC_PROPERTIES(NPCM7xxEMCState, conf), 850 DEFINE_PROP_END_OF_LIST(), 851 }; 852 853 static void npcm7xx_emc_class_init(ObjectClass *klass, void *data) 854 { 855 DeviceClass *dc = DEVICE_CLASS(klass); 856 857 set_bit(DEVICE_CATEGORY_NETWORK, dc->categories); 858 dc->desc = "NPCM7xx EMC Controller"; 859 dc->realize = npcm7xx_emc_realize; 860 dc->unrealize = npcm7xx_emc_unrealize; 861 device_class_set_legacy_reset(dc, npcm7xx_emc_reset); 862 dc->vmsd = &vmstate_npcm7xx_emc; 863 device_class_set_props(dc, npcm7xx_emc_properties); 864 } 865 866 static const TypeInfo npcm7xx_emc_info = { 867 .name = TYPE_NPCM7XX_EMC, 868 .parent = TYPE_SYS_BUS_DEVICE, 869 .instance_size = sizeof(NPCM7xxEMCState), 870 .class_init = npcm7xx_emc_class_init, 871 }; 872 873 static void npcm7xx_emc_register_type(void) 874 { 875 type_register_static(&npcm7xx_emc_info); 876 } 877 878 type_init(npcm7xx_emc_register_type) 879