xref: /openbmc/qemu/hw/net/pcnet.c (revision 650d103d3ea959212f826acb9d3fe80cf30e347b)
1 /*
2  * QEMU AMD PC-Net II (Am79C970A) emulation
3  *
4  * Copyright (c) 2004 Antony T Curtis
5  *
6  * Permission is hereby granted, free of charge, to any person obtaining a copy
7  * of this software and associated documentation files (the "Software"), to deal
8  * in the Software without restriction, including without limitation the rights
9  * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10  * copies of the Software, and to permit persons to whom the Software is
11  * furnished to do so, subject to the following conditions:
12  *
13  * The above copyright notice and this permission notice shall be included in
14  * all copies or substantial portions of the Software.
15  *
16  * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17  * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18  * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19  * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20  * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21  * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
22  * THE SOFTWARE.
23  */
24 
25 /* This software was written to be compatible with the specification:
26  * AMD Am79C970A PCnet-PCI II Ethernet Controller Data-Sheet
27  * AMD Publication# 19436  Rev:E  Amendment/0  Issue Date: June 2000
28  */
29 
30 /*
31  * On Sparc32, this is the Lance (Am7990) part of chip STP2000 (Master I/O), also
32  * produced as NCR89C100. See
33  * http://www.ibiblio.org/pub/historic-linux/early-ports/Sparc/NCR/NCR89C100.txt
34  * and
35  * http://www.ibiblio.org/pub/historic-linux/early-ports/Sparc/NCR/NCR92C990.txt
36  */
37 
38 #include "qemu/osdep.h"
39 #include "qemu/log.h"
40 #include "hw/irq.h"
41 #include "hw/qdev.h"
42 #include "migration/vmstate.h"
43 #include "net/net.h"
44 #include "net/eth.h"
45 #include "qemu/timer.h"
46 #include "sysemu/sysemu.h"
47 #include "trace.h"
48 
49 #include "pcnet.h"
50 
51 //#define PCNET_DEBUG
52 //#define PCNET_DEBUG_IO
53 //#define PCNET_DEBUG_BCR
54 //#define PCNET_DEBUG_CSR
55 //#define PCNET_DEBUG_RMD
56 //#define PCNET_DEBUG_TMD
57 //#define PCNET_DEBUG_MATCH
58 
59 
60 struct qemu_ether_header {
61     uint8_t ether_dhost[6];
62     uint8_t ether_shost[6];
63     uint16_t ether_type;
64 };
65 
66 #define CSR_INIT(S)      !!(((S)->csr[0])&0x0001)
67 #define CSR_STRT(S)      !!(((S)->csr[0])&0x0002)
68 #define CSR_STOP(S)      !!(((S)->csr[0])&0x0004)
69 #define CSR_TDMD(S)      !!(((S)->csr[0])&0x0008)
70 #define CSR_TXON(S)      !!(((S)->csr[0])&0x0010)
71 #define CSR_RXON(S)      !!(((S)->csr[0])&0x0020)
72 #define CSR_INEA(S)      !!(((S)->csr[0])&0x0040)
73 #define CSR_BSWP(S)      !!(((S)->csr[3])&0x0004)
74 #define CSR_LAPPEN(S)    !!(((S)->csr[3])&0x0020)
75 #define CSR_DXSUFLO(S)   !!(((S)->csr[3])&0x0040)
76 #define CSR_ASTRP_RCV(S) !!(((S)->csr[4])&0x0800)
77 #define CSR_DPOLL(S)     !!(((S)->csr[4])&0x1000)
78 #define CSR_SPND(S)      !!(((S)->csr[5])&0x0001)
79 #define CSR_LTINTEN(S)   !!(((S)->csr[5])&0x4000)
80 #define CSR_TOKINTD(S)   !!(((S)->csr[5])&0x8000)
81 #define CSR_DRX(S)       !!(((S)->csr[15])&0x0001)
82 #define CSR_DTX(S)       !!(((S)->csr[15])&0x0002)
83 #define CSR_LOOP(S)      !!(((S)->csr[15])&0x0004)
84 #define CSR_DXMTFCS(S)   !!(((S)->csr[15])&0x0008)
85 #define CSR_INTL(S)      !!(((S)->csr[15])&0x0040)
86 #define CSR_DRCVPA(S)    !!(((S)->csr[15])&0x2000)
87 #define CSR_DRCVBC(S)    !!(((S)->csr[15])&0x4000)
88 #define CSR_PROM(S)      !!(((S)->csr[15])&0x8000)
89 
90 #define CSR_CRBC(S)      ((S)->csr[40])
91 #define CSR_CRST(S)      ((S)->csr[41])
92 #define CSR_CXBC(S)      ((S)->csr[42])
93 #define CSR_CXST(S)      ((S)->csr[43])
94 #define CSR_NRBC(S)      ((S)->csr[44])
95 #define CSR_NRST(S)      ((S)->csr[45])
96 #define CSR_POLL(S)      ((S)->csr[46])
97 #define CSR_PINT(S)      ((S)->csr[47])
98 #define CSR_RCVRC(S)     ((S)->csr[72])
99 #define CSR_XMTRC(S)     ((S)->csr[74])
100 #define CSR_RCVRL(S)     ((S)->csr[76])
101 #define CSR_XMTRL(S)     ((S)->csr[78])
102 #define CSR_MISSC(S)     ((S)->csr[112])
103 
104 #define CSR_IADR(S)      ((S)->csr[ 1] | ((uint32_t)(S)->csr[ 2] << 16))
105 #define CSR_CRBA(S)      ((S)->csr[18] | ((uint32_t)(S)->csr[19] << 16))
106 #define CSR_CXBA(S)      ((S)->csr[20] | ((uint32_t)(S)->csr[21] << 16))
107 #define CSR_NRBA(S)      ((S)->csr[22] | ((uint32_t)(S)->csr[23] << 16))
108 #define CSR_BADR(S)      ((S)->csr[24] | ((uint32_t)(S)->csr[25] << 16))
109 #define CSR_NRDA(S)      ((S)->csr[26] | ((uint32_t)(S)->csr[27] << 16))
110 #define CSR_CRDA(S)      ((S)->csr[28] | ((uint32_t)(S)->csr[29] << 16))
111 #define CSR_BADX(S)      ((S)->csr[30] | ((uint32_t)(S)->csr[31] << 16))
112 #define CSR_NXDA(S)      ((S)->csr[32] | ((uint32_t)(S)->csr[33] << 16))
113 #define CSR_CXDA(S)      ((S)->csr[34] | ((uint32_t)(S)->csr[35] << 16))
114 #define CSR_NNRD(S)      ((S)->csr[36] | ((uint32_t)(S)->csr[37] << 16))
115 #define CSR_NNXD(S)      ((S)->csr[38] | ((uint32_t)(S)->csr[39] << 16))
116 #define CSR_PXDA(S)      ((S)->csr[60] | ((uint32_t)(S)->csr[61] << 16))
117 #define CSR_NXBA(S)      ((S)->csr[64] | ((uint32_t)(S)->csr[65] << 16))
118 
119 #define PHYSADDR(S,A) \
120   (BCR_SSIZE32(S) ? (A) : (A) | ((0xff00 & (uint32_t)(S)->csr[2])<<16))
121 
122 struct pcnet_initblk16 {
123     uint16_t mode;
124     uint16_t padr[3];
125     uint16_t ladrf[4];
126     uint32_t rdra;
127     uint32_t tdra;
128 };
129 
130 struct pcnet_initblk32 {
131     uint16_t mode;
132     uint8_t rlen;
133     uint8_t tlen;
134     uint16_t padr[3];
135     uint16_t _res;
136     uint16_t ladrf[4];
137     uint32_t rdra;
138     uint32_t tdra;
139 };
140 
141 struct pcnet_TMD {
142     uint32_t tbadr;
143     int16_t length;
144     int16_t status;
145     uint32_t misc;
146     uint32_t res;
147 };
148 
149 #define TMDL_BCNT_MASK  0x0fff
150 #define TMDL_BCNT_SH    0
151 #define TMDL_ONES_MASK  0xf000
152 #define TMDL_ONES_SH    12
153 
154 #define TMDS_BPE_MASK   0x0080
155 #define TMDS_BPE_SH     7
156 #define TMDS_ENP_MASK   0x0100
157 #define TMDS_ENP_SH     8
158 #define TMDS_STP_MASK   0x0200
159 #define TMDS_STP_SH     9
160 #define TMDS_DEF_MASK   0x0400
161 #define TMDS_DEF_SH     10
162 #define TMDS_ONE_MASK   0x0800
163 #define TMDS_ONE_SH     11
164 #define TMDS_LTINT_MASK 0x1000
165 #define TMDS_LTINT_SH   12
166 #define TMDS_NOFCS_MASK 0x2000
167 #define TMDS_NOFCS_SH   13
168 #define TMDS_ADDFCS_MASK TMDS_NOFCS_MASK
169 #define TMDS_ADDFCS_SH  TMDS_NOFCS_SH
170 #define TMDS_ERR_MASK   0x4000
171 #define TMDS_ERR_SH     14
172 #define TMDS_OWN_MASK   0x8000
173 #define TMDS_OWN_SH     15
174 
175 #define TMDM_TRC_MASK   0x0000000f
176 #define TMDM_TRC_SH     0
177 #define TMDM_TDR_MASK   0x03ff0000
178 #define TMDM_TDR_SH     16
179 #define TMDM_RTRY_MASK  0x04000000
180 #define TMDM_RTRY_SH    26
181 #define TMDM_LCAR_MASK  0x08000000
182 #define TMDM_LCAR_SH    27
183 #define TMDM_LCOL_MASK  0x10000000
184 #define TMDM_LCOL_SH    28
185 #define TMDM_EXDEF_MASK 0x20000000
186 #define TMDM_EXDEF_SH   29
187 #define TMDM_UFLO_MASK  0x40000000
188 #define TMDM_UFLO_SH    30
189 #define TMDM_BUFF_MASK  0x80000000
190 #define TMDM_BUFF_SH    31
191 
192 struct pcnet_RMD {
193     uint32_t rbadr;
194     int16_t buf_length;
195     int16_t status;
196     uint32_t msg_length;
197     uint32_t res;
198 };
199 
200 #define RMDL_BCNT_MASK  0x0fff
201 #define RMDL_BCNT_SH    0
202 #define RMDL_ONES_MASK  0xf000
203 #define RMDL_ONES_SH    12
204 
205 #define RMDS_BAM_MASK   0x0010
206 #define RMDS_BAM_SH     4
207 #define RMDS_LFAM_MASK  0x0020
208 #define RMDS_LFAM_SH    5
209 #define RMDS_PAM_MASK   0x0040
210 #define RMDS_PAM_SH     6
211 #define RMDS_BPE_MASK   0x0080
212 #define RMDS_BPE_SH     7
213 #define RMDS_ENP_MASK   0x0100
214 #define RMDS_ENP_SH     8
215 #define RMDS_STP_MASK   0x0200
216 #define RMDS_STP_SH     9
217 #define RMDS_BUFF_MASK  0x0400
218 #define RMDS_BUFF_SH    10
219 #define RMDS_CRC_MASK   0x0800
220 #define RMDS_CRC_SH     11
221 #define RMDS_OFLO_MASK  0x1000
222 #define RMDS_OFLO_SH    12
223 #define RMDS_FRAM_MASK  0x2000
224 #define RMDS_FRAM_SH    13
225 #define RMDS_ERR_MASK   0x4000
226 #define RMDS_ERR_SH     14
227 #define RMDS_OWN_MASK   0x8000
228 #define RMDS_OWN_SH     15
229 
230 #define RMDM_MCNT_MASK  0x00000fff
231 #define RMDM_MCNT_SH    0
232 #define RMDM_ZEROS_MASK 0x0000f000
233 #define RMDM_ZEROS_SH   12
234 #define RMDM_RPC_MASK   0x00ff0000
235 #define RMDM_RPC_SH     16
236 #define RMDM_RCC_MASK   0xff000000
237 #define RMDM_RCC_SH     24
238 
239 #define SET_FIELD(regp, name, field, value)             \
240   (*(regp) = (*(regp) & ~(name ## _ ## field ## _MASK)) \
241              | ((value) << name ## _ ## field ## _SH))
242 
243 #define GET_FIELD(reg, name, field)                     \
244   (((reg) & name ## _ ## field ## _MASK) >> name ## _ ## field ## _SH)
245 
246 #define PRINT_TMD(T) printf(                            \
247         "TMD0 : TBADR=0x%08x\n"                         \
248         "TMD1 : OWN=%d, ERR=%d, FCS=%d, LTI=%d, "       \
249         "ONE=%d, DEF=%d, STP=%d, ENP=%d,\n"             \
250         "       BPE=%d, BCNT=%d\n"                      \
251         "TMD2 : BUF=%d, UFL=%d, EXD=%d, LCO=%d, "       \
252         "LCA=%d, RTR=%d,\n"                             \
253         "       TDR=%d, TRC=%d\n",                      \
254         (T)->tbadr,                                     \
255         GET_FIELD((T)->status, TMDS, OWN),              \
256         GET_FIELD((T)->status, TMDS, ERR),              \
257         GET_FIELD((T)->status, TMDS, NOFCS),            \
258         GET_FIELD((T)->status, TMDS, LTINT),            \
259         GET_FIELD((T)->status, TMDS, ONE),              \
260         GET_FIELD((T)->status, TMDS, DEF),              \
261         GET_FIELD((T)->status, TMDS, STP),              \
262         GET_FIELD((T)->status, TMDS, ENP),              \
263         GET_FIELD((T)->status, TMDS, BPE),              \
264         4096-GET_FIELD((T)->length, TMDL, BCNT),        \
265         GET_FIELD((T)->misc, TMDM, BUFF),               \
266         GET_FIELD((T)->misc, TMDM, UFLO),               \
267         GET_FIELD((T)->misc, TMDM, EXDEF),              \
268         GET_FIELD((T)->misc, TMDM, LCOL),               \
269         GET_FIELD((T)->misc, TMDM, LCAR),               \
270         GET_FIELD((T)->misc, TMDM, RTRY),               \
271         GET_FIELD((T)->misc, TMDM, TDR),                \
272         GET_FIELD((T)->misc, TMDM, TRC))
273 
274 #define PRINT_RMD(R) printf(                            \
275         "RMD0 : RBADR=0x%08x\n"                         \
276         "RMD1 : OWN=%d, ERR=%d, FRAM=%d, OFLO=%d, "     \
277         "CRC=%d, BUFF=%d, STP=%d, ENP=%d,\n       "     \
278         "BPE=%d, PAM=%d, LAFM=%d, BAM=%d, ONES=%d, BCNT=%d\n" \
279         "RMD2 : RCC=%d, RPC=%d, MCNT=%d, ZEROS=%d\n",   \
280         (R)->rbadr,                                     \
281         GET_FIELD((R)->status, RMDS, OWN),              \
282         GET_FIELD((R)->status, RMDS, ERR),              \
283         GET_FIELD((R)->status, RMDS, FRAM),             \
284         GET_FIELD((R)->status, RMDS, OFLO),             \
285         GET_FIELD((R)->status, RMDS, CRC),              \
286         GET_FIELD((R)->status, RMDS, BUFF),             \
287         GET_FIELD((R)->status, RMDS, STP),              \
288         GET_FIELD((R)->status, RMDS, ENP),              \
289         GET_FIELD((R)->status, RMDS, BPE),              \
290         GET_FIELD((R)->status, RMDS, PAM),              \
291         GET_FIELD((R)->status, RMDS, LFAM),             \
292         GET_FIELD((R)->status, RMDS, BAM),              \
293         GET_FIELD((R)->buf_length, RMDL, ONES),         \
294         4096-GET_FIELD((R)->buf_length, RMDL, BCNT),    \
295         GET_FIELD((R)->msg_length, RMDM, RCC),          \
296         GET_FIELD((R)->msg_length, RMDM, RPC),          \
297         GET_FIELD((R)->msg_length, RMDM, MCNT),         \
298         GET_FIELD((R)->msg_length, RMDM, ZEROS))
299 
300 static inline void pcnet_tmd_load(PCNetState *s, struct pcnet_TMD *tmd,
301                                   hwaddr addr)
302 {
303     if (!BCR_SSIZE32(s)) {
304         struct {
305             uint32_t tbadr;
306             int16_t length;
307             int16_t status;
308         } xda;
309         s->phys_mem_read(s->dma_opaque, addr, (void *)&xda, sizeof(xda), 0);
310         tmd->tbadr = le32_to_cpu(xda.tbadr) & 0xffffff;
311         tmd->length = le16_to_cpu(xda.length);
312         tmd->status = (le32_to_cpu(xda.tbadr) >> 16) & 0xff00;
313         tmd->misc = le16_to_cpu(xda.status) << 16;
314         tmd->res = 0;
315     } else {
316         s->phys_mem_read(s->dma_opaque, addr, (void *)tmd, sizeof(*tmd), 0);
317         le32_to_cpus(&tmd->tbadr);
318         le16_to_cpus((uint16_t *)&tmd->length);
319         le16_to_cpus((uint16_t *)&tmd->status);
320         le32_to_cpus(&tmd->misc);
321         le32_to_cpus(&tmd->res);
322         if (BCR_SWSTYLE(s) == 3) {
323             uint32_t tmp = tmd->tbadr;
324             tmd->tbadr = tmd->misc;
325             tmd->misc = tmp;
326         }
327     }
328 }
329 
330 static inline void pcnet_tmd_store(PCNetState *s, const struct pcnet_TMD *tmd,
331                                    hwaddr addr)
332 {
333     if (!BCR_SSIZE32(s)) {
334         struct {
335             uint32_t tbadr;
336             int16_t length;
337             int16_t status;
338         } xda;
339         xda.tbadr = cpu_to_le32((tmd->tbadr & 0xffffff) |
340                                 ((tmd->status & 0xff00) << 16));
341         xda.length = cpu_to_le16(tmd->length);
342         xda.status = cpu_to_le16(tmd->misc >> 16);
343         s->phys_mem_write(s->dma_opaque, addr, (void *)&xda, sizeof(xda), 0);
344     } else {
345         struct {
346             uint32_t tbadr;
347             int16_t length;
348             int16_t status;
349             uint32_t misc;
350             uint32_t res;
351         } xda;
352         xda.tbadr = cpu_to_le32(tmd->tbadr);
353         xda.length = cpu_to_le16(tmd->length);
354         xda.status = cpu_to_le16(tmd->status);
355         xda.misc = cpu_to_le32(tmd->misc);
356         xda.res = cpu_to_le32(tmd->res);
357         if (BCR_SWSTYLE(s) == 3) {
358             uint32_t tmp = xda.tbadr;
359             xda.tbadr = xda.misc;
360             xda.misc = tmp;
361         }
362         s->phys_mem_write(s->dma_opaque, addr, (void *)&xda, sizeof(xda), 0);
363     }
364 }
365 
366 static inline void pcnet_rmd_load(PCNetState *s, struct pcnet_RMD *rmd,
367                                   hwaddr addr)
368 {
369     if (!BCR_SSIZE32(s)) {
370         struct {
371             uint32_t rbadr;
372             int16_t buf_length;
373             int16_t msg_length;
374 	} rda;
375         s->phys_mem_read(s->dma_opaque, addr, (void *)&rda, sizeof(rda), 0);
376         rmd->rbadr = le32_to_cpu(rda.rbadr) & 0xffffff;
377         rmd->buf_length = le16_to_cpu(rda.buf_length);
378         rmd->status = (le32_to_cpu(rda.rbadr) >> 16) & 0xff00;
379         rmd->msg_length = le16_to_cpu(rda.msg_length);
380         rmd->res = 0;
381     } else {
382         s->phys_mem_read(s->dma_opaque, addr, (void *)rmd, sizeof(*rmd), 0);
383         le32_to_cpus(&rmd->rbadr);
384         le16_to_cpus((uint16_t *)&rmd->buf_length);
385         le16_to_cpus((uint16_t *)&rmd->status);
386         le32_to_cpus(&rmd->msg_length);
387         le32_to_cpus(&rmd->res);
388         if (BCR_SWSTYLE(s) == 3) {
389             uint32_t tmp = rmd->rbadr;
390             rmd->rbadr = rmd->msg_length;
391             rmd->msg_length = tmp;
392         }
393     }
394 }
395 
396 static inline void pcnet_rmd_store(PCNetState *s, struct pcnet_RMD *rmd,
397                                    hwaddr addr)
398 {
399     if (!BCR_SSIZE32(s)) {
400         struct {
401             uint32_t rbadr;
402             int16_t buf_length;
403             int16_t msg_length;
404         } rda;
405         rda.rbadr = cpu_to_le32((rmd->rbadr & 0xffffff) |
406                                 ((rmd->status & 0xff00) << 16));
407         rda.buf_length = cpu_to_le16(rmd->buf_length);
408         rda.msg_length = cpu_to_le16(rmd->msg_length);
409         s->phys_mem_write(s->dma_opaque, addr, (void *)&rda, sizeof(rda), 0);
410     } else {
411         struct {
412             uint32_t rbadr;
413             int16_t buf_length;
414             int16_t status;
415             uint32_t msg_length;
416             uint32_t res;
417         } rda;
418         rda.rbadr = cpu_to_le32(rmd->rbadr);
419         rda.buf_length = cpu_to_le16(rmd->buf_length);
420         rda.status = cpu_to_le16(rmd->status);
421         rda.msg_length = cpu_to_le32(rmd->msg_length);
422         rda.res = cpu_to_le32(rmd->res);
423         if (BCR_SWSTYLE(s) == 3) {
424             uint32_t tmp = rda.rbadr;
425             rda.rbadr = rda.msg_length;
426             rda.msg_length = tmp;
427         }
428         s->phys_mem_write(s->dma_opaque, addr, (void *)&rda, sizeof(rda), 0);
429     }
430 }
431 
432 
433 #define TMDLOAD(TMD,ADDR) pcnet_tmd_load(s,TMD,ADDR)
434 
435 #define TMDSTORE(TMD,ADDR) pcnet_tmd_store(s,TMD,ADDR)
436 
437 #define RMDLOAD(RMD,ADDR) pcnet_rmd_load(s,RMD,ADDR)
438 
439 #define RMDSTORE(RMD,ADDR) pcnet_rmd_store(s,RMD,ADDR)
440 
441 #if 1
442 
443 #define CHECK_RMD(ADDR,RES) do {                \
444     struct pcnet_RMD rmd;                       \
445     RMDLOAD(&rmd,(ADDR));                       \
446     (RES) |= (GET_FIELD(rmd.buf_length, RMDL, ONES) != 15) \
447           || (GET_FIELD(rmd.msg_length, RMDM, ZEROS) != 0); \
448 } while (0)
449 
450 #define CHECK_TMD(ADDR,RES) do {                \
451     struct pcnet_TMD tmd;                       \
452     TMDLOAD(&tmd,(ADDR));                       \
453     (RES) |= (GET_FIELD(tmd.length, TMDL, ONES) != 15); \
454 } while (0)
455 
456 #else
457 
458 #define CHECK_RMD(ADDR,RES) do {                \
459     switch (BCR_SWSTYLE(s)) {                   \
460     case 0x00:                                  \
461         {                                       \
462             uint16_t rda[4];                    \
463             s->phys_mem_read(s->dma_opaque, (ADDR), \
464                 (void *)&rda[0], sizeof(rda), 0); \
465             (RES) |= (rda[2] & 0xf000)!=0xf000; \
466             (RES) |= (rda[3] & 0xf000)!=0x0000; \
467         }                                       \
468         break;                                  \
469     case 0x01:                                  \
470     case 0x02:                                  \
471         {                                       \
472             uint32_t rda[4];                    \
473             s->phys_mem_read(s->dma_opaque, (ADDR), \
474                 (void *)&rda[0], sizeof(rda), 0); \
475             (RES) |= (rda[1] & 0x0000f000L)!=0x0000f000L; \
476             (RES) |= (rda[2] & 0x0000f000L)!=0x00000000L; \
477         }                                       \
478         break;                                  \
479     case 0x03:                                  \
480         {                                       \
481             uint32_t rda[4];                    \
482             s->phys_mem_read(s->dma_opaque, (ADDR), \
483                 (void *)&rda[0], sizeof(rda), 0); \
484             (RES) |= (rda[0] & 0x0000f000L)!=0x00000000L; \
485             (RES) |= (rda[1] & 0x0000f000L)!=0x0000f000L; \
486         }                                       \
487         break;                                  \
488     }                                           \
489 } while (0)
490 
491 #define CHECK_TMD(ADDR,RES) do {                \
492     switch (BCR_SWSTYLE(s)) {                   \
493     case 0x00:                                  \
494         {                                       \
495             uint16_t xda[4];                    \
496             s->phys_mem_read(s->dma_opaque, (ADDR), \
497                 (void *)&xda[0], sizeof(xda), 0); \
498             (RES) |= (xda[2] & 0xf000)!=0xf000; \
499         }                                       \
500         break;                                  \
501     case 0x01:                                  \
502     case 0x02:                                  \
503     case 0x03:                                  \
504         {                                       \
505             uint32_t xda[4];                    \
506             s->phys_mem_read(s->dma_opaque, (ADDR), \
507                 (void *)&xda[0], sizeof(xda), 0); \
508             (RES) |= (xda[1] & 0x0000f000L)!=0x0000f000L; \
509         }                                       \
510         break;                                  \
511     }                                           \
512 } while (0)
513 
514 #endif
515 
516 #define PRINT_PKTHDR(BUF) do {                  \
517     struct qemu_ether_header *hdr = (void *)(BUF); \
518     printf("packet dhost=%02x:%02x:%02x:%02x:%02x:%02x, " \
519            "shost=%02x:%02x:%02x:%02x:%02x:%02x, " \
520            "type=0x%04x\n",                     \
521            hdr->ether_dhost[0],hdr->ether_dhost[1],hdr->ether_dhost[2], \
522            hdr->ether_dhost[3],hdr->ether_dhost[4],hdr->ether_dhost[5], \
523            hdr->ether_shost[0],hdr->ether_shost[1],hdr->ether_shost[2], \
524            hdr->ether_shost[3],hdr->ether_shost[4],hdr->ether_shost[5], \
525            be16_to_cpu(hdr->ether_type));       \
526 } while (0)
527 
528 #define CRC(crc, ch)	 (crc = (crc >> 8) ^ crctab[(crc ^ (ch)) & 0xff])
529 
530 /* generated using the AUTODIN II polynomial
531  *	x^32 + x^26 + x^23 + x^22 + x^16 +
532  *	x^12 + x^11 + x^10 + x^8 + x^7 + x^5 + x^4 + x^2 + x^1 + 1
533  */
534 static const uint32_t crctab[256] = {
535 	0x00000000, 0x77073096, 0xee0e612c, 0x990951ba,
536 	0x076dc419, 0x706af48f, 0xe963a535, 0x9e6495a3,
537 	0x0edb8832, 0x79dcb8a4, 0xe0d5e91e, 0x97d2d988,
538 	0x09b64c2b, 0x7eb17cbd, 0xe7b82d07, 0x90bf1d91,
539 	0x1db71064, 0x6ab020f2, 0xf3b97148, 0x84be41de,
540 	0x1adad47d, 0x6ddde4eb, 0xf4d4b551, 0x83d385c7,
541 	0x136c9856, 0x646ba8c0, 0xfd62f97a, 0x8a65c9ec,
542 	0x14015c4f, 0x63066cd9, 0xfa0f3d63, 0x8d080df5,
543 	0x3b6e20c8, 0x4c69105e, 0xd56041e4, 0xa2677172,
544 	0x3c03e4d1, 0x4b04d447, 0xd20d85fd, 0xa50ab56b,
545 	0x35b5a8fa, 0x42b2986c, 0xdbbbc9d6, 0xacbcf940,
546 	0x32d86ce3, 0x45df5c75, 0xdcd60dcf, 0xabd13d59,
547 	0x26d930ac, 0x51de003a, 0xc8d75180, 0xbfd06116,
548 	0x21b4f4b5, 0x56b3c423, 0xcfba9599, 0xb8bda50f,
549 	0x2802b89e, 0x5f058808, 0xc60cd9b2, 0xb10be924,
550 	0x2f6f7c87, 0x58684c11, 0xc1611dab, 0xb6662d3d,
551 	0x76dc4190, 0x01db7106, 0x98d220bc, 0xefd5102a,
552 	0x71b18589, 0x06b6b51f, 0x9fbfe4a5, 0xe8b8d433,
553 	0x7807c9a2, 0x0f00f934, 0x9609a88e, 0xe10e9818,
554 	0x7f6a0dbb, 0x086d3d2d, 0x91646c97, 0xe6635c01,
555 	0x6b6b51f4, 0x1c6c6162, 0x856530d8, 0xf262004e,
556 	0x6c0695ed, 0x1b01a57b, 0x8208f4c1, 0xf50fc457,
557 	0x65b0d9c6, 0x12b7e950, 0x8bbeb8ea, 0xfcb9887c,
558 	0x62dd1ddf, 0x15da2d49, 0x8cd37cf3, 0xfbd44c65,
559 	0x4db26158, 0x3ab551ce, 0xa3bc0074, 0xd4bb30e2,
560 	0x4adfa541, 0x3dd895d7, 0xa4d1c46d, 0xd3d6f4fb,
561 	0x4369e96a, 0x346ed9fc, 0xad678846, 0xda60b8d0,
562 	0x44042d73, 0x33031de5, 0xaa0a4c5f, 0xdd0d7cc9,
563 	0x5005713c, 0x270241aa, 0xbe0b1010, 0xc90c2086,
564 	0x5768b525, 0x206f85b3, 0xb966d409, 0xce61e49f,
565 	0x5edef90e, 0x29d9c998, 0xb0d09822, 0xc7d7a8b4,
566 	0x59b33d17, 0x2eb40d81, 0xb7bd5c3b, 0xc0ba6cad,
567 	0xedb88320, 0x9abfb3b6, 0x03b6e20c, 0x74b1d29a,
568 	0xead54739, 0x9dd277af, 0x04db2615, 0x73dc1683,
569 	0xe3630b12, 0x94643b84, 0x0d6d6a3e, 0x7a6a5aa8,
570 	0xe40ecf0b, 0x9309ff9d, 0x0a00ae27, 0x7d079eb1,
571 	0xf00f9344, 0x8708a3d2, 0x1e01f268, 0x6906c2fe,
572 	0xf762575d, 0x806567cb, 0x196c3671, 0x6e6b06e7,
573 	0xfed41b76, 0x89d32be0, 0x10da7a5a, 0x67dd4acc,
574 	0xf9b9df6f, 0x8ebeeff9, 0x17b7be43, 0x60b08ed5,
575 	0xd6d6a3e8, 0xa1d1937e, 0x38d8c2c4, 0x4fdff252,
576 	0xd1bb67f1, 0xa6bc5767, 0x3fb506dd, 0x48b2364b,
577 	0xd80d2bda, 0xaf0a1b4c, 0x36034af6, 0x41047a60,
578 	0xdf60efc3, 0xa867df55, 0x316e8eef, 0x4669be79,
579 	0xcb61b38c, 0xbc66831a, 0x256fd2a0, 0x5268e236,
580 	0xcc0c7795, 0xbb0b4703, 0x220216b9, 0x5505262f,
581 	0xc5ba3bbe, 0xb2bd0b28, 0x2bb45a92, 0x5cb36a04,
582 	0xc2d7ffa7, 0xb5d0cf31, 0x2cd99e8b, 0x5bdeae1d,
583 	0x9b64c2b0, 0xec63f226, 0x756aa39c, 0x026d930a,
584 	0x9c0906a9, 0xeb0e363f, 0x72076785, 0x05005713,
585 	0x95bf4a82, 0xe2b87a14, 0x7bb12bae, 0x0cb61b38,
586 	0x92d28e9b, 0xe5d5be0d, 0x7cdcefb7, 0x0bdbdf21,
587 	0x86d3d2d4, 0xf1d4e242, 0x68ddb3f8, 0x1fda836e,
588 	0x81be16cd, 0xf6b9265b, 0x6fb077e1, 0x18b74777,
589 	0x88085ae6, 0xff0f6a70, 0x66063bca, 0x11010b5c,
590 	0x8f659eff, 0xf862ae69, 0x616bffd3, 0x166ccf45,
591 	0xa00ae278, 0xd70dd2ee, 0x4e048354, 0x3903b3c2,
592 	0xa7672661, 0xd06016f7, 0x4969474d, 0x3e6e77db,
593 	0xaed16a4a, 0xd9d65adc, 0x40df0b66, 0x37d83bf0,
594 	0xa9bcae53, 0xdebb9ec5, 0x47b2cf7f, 0x30b5ffe9,
595 	0xbdbdf21c, 0xcabac28a, 0x53b39330, 0x24b4a3a6,
596 	0xbad03605, 0xcdd70693, 0x54de5729, 0x23d967bf,
597 	0xb3667a2e, 0xc4614ab8, 0x5d681b02, 0x2a6f2b94,
598 	0xb40bbe37, 0xc30c8ea1, 0x5a05df1b, 0x2d02ef8d,
599 };
600 
601 static inline int padr_match(PCNetState *s, const uint8_t *buf, int size)
602 {
603     struct qemu_ether_header *hdr = (void *)buf;
604     uint8_t padr[6] = {
605         s->csr[12] & 0xff, s->csr[12] >> 8,
606         s->csr[13] & 0xff, s->csr[13] >> 8,
607         s->csr[14] & 0xff, s->csr[14] >> 8
608     };
609     int result = (!CSR_DRCVPA(s)) && !memcmp(hdr->ether_dhost, padr, 6);
610 #ifdef PCNET_DEBUG_MATCH
611     printf("packet dhost=%02x:%02x:%02x:%02x:%02x:%02x, "
612            "padr=%02x:%02x:%02x:%02x:%02x:%02x\n",
613            hdr->ether_dhost[0],hdr->ether_dhost[1],hdr->ether_dhost[2],
614            hdr->ether_dhost[3],hdr->ether_dhost[4],hdr->ether_dhost[5],
615            padr[0],padr[1],padr[2],padr[3],padr[4],padr[5]);
616     printf("padr_match result=%d\n", result);
617 #endif
618     return result;
619 }
620 
621 static inline int padr_bcast(PCNetState *s, const uint8_t *buf, int size)
622 {
623     static const uint8_t BCAST[6] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
624     struct qemu_ether_header *hdr = (void *)buf;
625     int result = !CSR_DRCVBC(s) && !memcmp(hdr->ether_dhost, BCAST, 6);
626 #ifdef PCNET_DEBUG_MATCH
627     printf("padr_bcast result=%d\n", result);
628 #endif
629     return result;
630 }
631 
632 static inline int ladr_match(PCNetState *s, const uint8_t *buf, int size)
633 {
634     struct qemu_ether_header *hdr = (void *)buf;
635     if ((*(hdr->ether_dhost)&0x01) &&
636         ((uint64_t *)&s->csr[8])[0] != 0LL) {
637         uint8_t ladr[8] = {
638             s->csr[8] & 0xff, s->csr[8] >> 8,
639             s->csr[9] & 0xff, s->csr[9] >> 8,
640             s->csr[10] & 0xff, s->csr[10] >> 8,
641             s->csr[11] & 0xff, s->csr[11] >> 8
642         };
643         int index = net_crc32_le(hdr->ether_dhost, ETH_ALEN) >> 26;
644         return !!(ladr[index >> 3] & (1 << (index & 7)));
645     }
646     return 0;
647 }
648 
649 static inline hwaddr pcnet_rdra_addr(PCNetState *s, int idx)
650 {
651     while (idx < 1) {
652         idx += CSR_RCVRL(s);
653     }
654     return s->rdra + ((CSR_RCVRL(s) - idx) * (BCR_SWSTYLE(s) ? 16 : 8));
655 }
656 
657 static inline int64_t pcnet_get_next_poll_time(PCNetState *s, int64_t current_time)
658 {
659     int64_t next_time = current_time +
660                         (65536 - (CSR_SPND(s) ? 0 : CSR_POLL(s))) * 30;
661 
662     if (next_time <= current_time) {
663         next_time = current_time + 1;
664     }
665     return next_time;
666 }
667 
668 static void pcnet_poll(PCNetState *s);
669 static void pcnet_poll_timer(void *opaque);
670 
671 static uint32_t pcnet_csr_readw(PCNetState *s, uint32_t rap);
672 static void pcnet_csr_writew(PCNetState *s, uint32_t rap, uint32_t new_value);
673 static void pcnet_bcr_writew(PCNetState *s, uint32_t rap, uint32_t val);
674 
675 static void pcnet_s_reset(PCNetState *s)
676 {
677     trace_pcnet_s_reset(s);
678 
679     s->rdra = 0;
680     s->tdra = 0;
681     s->rap = 0;
682 
683     s->bcr[BCR_BSBC] &= ~0x0080;
684 
685     s->csr[0]   = 0x0004;
686     s->csr[3]   = 0x0000;
687     s->csr[4]   = 0x0115;
688     s->csr[5]   = 0x0000;
689     s->csr[6]   = 0x0000;
690     s->csr[8]   = 0;
691     s->csr[9]   = 0;
692     s->csr[10]  = 0;
693     s->csr[11]  = 0;
694     s->csr[12]  = le16_to_cpu(((uint16_t *)&s->prom[0])[0]);
695     s->csr[13]  = le16_to_cpu(((uint16_t *)&s->prom[0])[1]);
696     s->csr[14]  = le16_to_cpu(((uint16_t *)&s->prom[0])[2]);
697     s->csr[15] &= 0x21c4;
698     s->csr[72]  = 1;
699     s->csr[74]  = 1;
700     s->csr[76]  = 1;
701     s->csr[78]  = 1;
702     s->csr[80]  = 0x1410;
703     s->csr[88]  = 0x1003;
704     s->csr[89]  = 0x0262;
705     s->csr[94]  = 0x0000;
706     s->csr[100] = 0x0200;
707     s->csr[103] = 0x0105;
708     s->csr[112] = 0x0000;
709     s->csr[114] = 0x0000;
710     s->csr[122] = 0x0000;
711     s->csr[124] = 0x0000;
712 
713     s->tx_busy = 0;
714 }
715 
716 static void pcnet_update_irq(PCNetState *s)
717 {
718     int isr = 0;
719     s->csr[0] &= ~0x0080;
720 
721 #if 1
722     if (((s->csr[0] & ~s->csr[3]) & 0x5f00) ||
723         (((s->csr[4]>>1) & ~s->csr[4]) & 0x0115) ||
724         (((s->csr[5]>>1) & s->csr[5]) & 0x0048))
725 #else
726     if ((!(s->csr[3] & 0x4000) && !!(s->csr[0] & 0x4000)) /* BABL */ ||
727         (!(s->csr[3] & 0x1000) && !!(s->csr[0] & 0x1000)) /* MISS */ ||
728         (!(s->csr[3] & 0x0100) && !!(s->csr[0] & 0x0100)) /* IDON */ ||
729         (!(s->csr[3] & 0x0200) && !!(s->csr[0] & 0x0200)) /* TINT */ ||
730         (!(s->csr[3] & 0x0400) && !!(s->csr[0] & 0x0400)) /* RINT */ ||
731         (!(s->csr[3] & 0x0800) && !!(s->csr[0] & 0x0800)) /* MERR */ ||
732         (!(s->csr[4] & 0x0001) && !!(s->csr[4] & 0x0002)) /* JAB */ ||
733         (!(s->csr[4] & 0x0004) && !!(s->csr[4] & 0x0008)) /* TXSTRT */ ||
734         (!(s->csr[4] & 0x0010) && !!(s->csr[4] & 0x0020)) /* RCVO */ ||
735         (!(s->csr[4] & 0x0100) && !!(s->csr[4] & 0x0200)) /* MFCO */ ||
736         (!!(s->csr[5] & 0x0040) && !!(s->csr[5] & 0x0080)) /* EXDINT */ ||
737         (!!(s->csr[5] & 0x0008) && !!(s->csr[5] & 0x0010)) /* MPINT */)
738 #endif
739     {
740 
741         isr = CSR_INEA(s);
742         s->csr[0] |= 0x0080;
743     }
744 
745     if (!!(s->csr[4] & 0x0080) && CSR_INEA(s)) { /* UINT */
746         s->csr[4] &= ~0x0080;
747         s->csr[4] |= 0x0040;
748         s->csr[0] |= 0x0080;
749         isr = 1;
750         trace_pcnet_user_int(s);
751     }
752 
753 #if 1
754     if (((s->csr[5]>>1) & s->csr[5]) & 0x0500)
755 #else
756     if ((!!(s->csr[5] & 0x0400) && !!(s->csr[5] & 0x0800)) /* SINT */ ||
757         (!!(s->csr[5] & 0x0100) && !!(s->csr[5] & 0x0200)) /* SLPINT */ )
758 #endif
759     {
760         isr = 1;
761         s->csr[0] |= 0x0080;
762     }
763 
764     if (isr != s->isr) {
765         trace_pcnet_isr_change(s, isr, s->isr);
766     }
767     qemu_set_irq(s->irq, isr);
768     s->isr = isr;
769 }
770 
771 static void pcnet_init(PCNetState *s)
772 {
773     int rlen, tlen;
774     uint16_t padr[3], ladrf[4], mode;
775     uint32_t rdra, tdra;
776 
777     trace_pcnet_init(s, PHYSADDR(s, CSR_IADR(s)));
778 
779     if (BCR_SSIZE32(s)) {
780         struct pcnet_initblk32 initblk;
781         s->phys_mem_read(s->dma_opaque, PHYSADDR(s,CSR_IADR(s)),
782                 (uint8_t *)&initblk, sizeof(initblk), 0);
783         mode = le16_to_cpu(initblk.mode);
784         rlen = initblk.rlen >> 4;
785         tlen = initblk.tlen >> 4;
786         ladrf[0] = le16_to_cpu(initblk.ladrf[0]);
787         ladrf[1] = le16_to_cpu(initblk.ladrf[1]);
788         ladrf[2] = le16_to_cpu(initblk.ladrf[2]);
789         ladrf[3] = le16_to_cpu(initblk.ladrf[3]);
790         padr[0] = le16_to_cpu(initblk.padr[0]);
791         padr[1] = le16_to_cpu(initblk.padr[1]);
792         padr[2] = le16_to_cpu(initblk.padr[2]);
793         rdra = le32_to_cpu(initblk.rdra);
794         tdra = le32_to_cpu(initblk.tdra);
795     } else {
796         struct pcnet_initblk16 initblk;
797         s->phys_mem_read(s->dma_opaque, PHYSADDR(s,CSR_IADR(s)),
798                 (uint8_t *)&initblk, sizeof(initblk), 0);
799         mode = le16_to_cpu(initblk.mode);
800         ladrf[0] = le16_to_cpu(initblk.ladrf[0]);
801         ladrf[1] = le16_to_cpu(initblk.ladrf[1]);
802         ladrf[2] = le16_to_cpu(initblk.ladrf[2]);
803         ladrf[3] = le16_to_cpu(initblk.ladrf[3]);
804         padr[0] = le16_to_cpu(initblk.padr[0]);
805         padr[1] = le16_to_cpu(initblk.padr[1]);
806         padr[2] = le16_to_cpu(initblk.padr[2]);
807         rdra = le32_to_cpu(initblk.rdra);
808         tdra = le32_to_cpu(initblk.tdra);
809         rlen = rdra >> 29;
810         tlen = tdra >> 29;
811         rdra &= 0x00ffffff;
812         tdra &= 0x00ffffff;
813     }
814 
815     trace_pcnet_rlen_tlen(s, rlen, tlen);
816 
817     CSR_RCVRL(s) = (rlen < 9) ? (1 << rlen) : 512;
818     CSR_XMTRL(s) = (tlen < 9) ? (1 << tlen) : 512;
819     s->csr[ 6] = (tlen << 12) | (rlen << 8);
820     s->csr[15] = mode;
821     s->csr[ 8] = ladrf[0];
822     s->csr[ 9] = ladrf[1];
823     s->csr[10] = ladrf[2];
824     s->csr[11] = ladrf[3];
825     s->csr[12] = padr[0];
826     s->csr[13] = padr[1];
827     s->csr[14] = padr[2];
828     s->rdra = PHYSADDR(s, rdra);
829     s->tdra = PHYSADDR(s, tdra);
830 
831     CSR_RCVRC(s) = CSR_RCVRL(s);
832     CSR_XMTRC(s) = CSR_XMTRL(s);
833 
834     trace_pcnet_ss32_rdra_tdra(s, BCR_SSIZE32(s),
835                                s->rdra, CSR_RCVRL(s), s->tdra, CSR_XMTRL(s));
836 
837     s->csr[0] |= 0x0101;
838     s->csr[0] &= ~0x0004;       /* clear STOP bit */
839 
840     qemu_flush_queued_packets(qemu_get_queue(s->nic));
841 }
842 
843 static void pcnet_start(PCNetState *s)
844 {
845 #ifdef PCNET_DEBUG
846     printf("pcnet_start\n");
847 #endif
848 
849     if (!CSR_DTX(s)) {
850         s->csr[0] |= 0x0010;    /* set TXON */
851     }
852     if (!CSR_DRX(s)) {
853         s->csr[0] |= 0x0020;    /* set RXON */
854     }
855     s->csr[0] &= ~0x0004;       /* clear STOP bit */
856     s->csr[0] |= 0x0002;
857     pcnet_poll_timer(s);
858 
859     qemu_flush_queued_packets(qemu_get_queue(s->nic));
860 }
861 
862 static void pcnet_stop(PCNetState *s)
863 {
864 #ifdef PCNET_DEBUG
865     printf("pcnet_stop\n");
866 #endif
867     s->csr[0] &= ~0xffeb;
868     s->csr[0] |= 0x0014;
869     s->csr[4] &= ~0x02c2;
870     s->csr[5] &= ~0x0011;
871     pcnet_poll_timer(s);
872 }
873 
874 static void pcnet_rdte_poll(PCNetState *s)
875 {
876     s->csr[28] = s->csr[29] = 0;
877     if (s->rdra) {
878         int bad = 0;
879 #if 1
880         hwaddr crda = pcnet_rdra_addr(s, CSR_RCVRC(s));
881         hwaddr nrda = pcnet_rdra_addr(s, -1 + CSR_RCVRC(s));
882         hwaddr nnrd = pcnet_rdra_addr(s, -2 + CSR_RCVRC(s));
883 #else
884         hwaddr crda = s->rdra +
885             (CSR_RCVRL(s) - CSR_RCVRC(s)) *
886             (BCR_SWSTYLE(s) ? 16 : 8 );
887         int nrdc = CSR_RCVRC(s)<=1 ? CSR_RCVRL(s) : CSR_RCVRC(s)-1;
888         hwaddr nrda = s->rdra +
889             (CSR_RCVRL(s) - nrdc) *
890             (BCR_SWSTYLE(s) ? 16 : 8 );
891         int nnrc = nrdc<=1 ? CSR_RCVRL(s) : nrdc-1;
892         hwaddr nnrd = s->rdra +
893             (CSR_RCVRL(s) - nnrc) *
894             (BCR_SWSTYLE(s) ? 16 : 8 );
895 #endif
896 
897         CHECK_RMD(crda, bad);
898         if (!bad) {
899             CHECK_RMD(nrda, bad);
900             if (bad || (nrda == crda)) nrda = 0;
901             CHECK_RMD(nnrd, bad);
902             if (bad || (nnrd == crda)) nnrd = 0;
903 
904             s->csr[28] = crda & 0xffff;
905             s->csr[29] = crda >> 16;
906             s->csr[26] = nrda & 0xffff;
907             s->csr[27] = nrda >> 16;
908             s->csr[36] = nnrd & 0xffff;
909             s->csr[37] = nnrd >> 16;
910 #ifdef PCNET_DEBUG
911             if (bad) {
912                 printf("pcnet: BAD RMD RECORDS AFTER 0x" TARGET_FMT_plx "\n",
913                        crda);
914             }
915         } else {
916             printf("pcnet: BAD RMD RDA=0x" TARGET_FMT_plx "\n", crda);
917 #endif
918         }
919     }
920 
921     if (CSR_CRDA(s)) {
922         struct pcnet_RMD rmd;
923         RMDLOAD(&rmd, PHYSADDR(s,CSR_CRDA(s)));
924         CSR_CRBC(s) = GET_FIELD(rmd.buf_length, RMDL, BCNT);
925         CSR_CRST(s) = rmd.status;
926 #ifdef PCNET_DEBUG_RMD_X
927         printf("CRDA=0x%08x CRST=0x%04x RCVRC=%d RMDL=0x%04x RMDS=0x%04x RMDM=0x%08x\n",
928                 PHYSADDR(s,CSR_CRDA(s)), CSR_CRST(s), CSR_RCVRC(s),
929                 rmd.buf_length, rmd.status, rmd.msg_length);
930         PRINT_RMD(&rmd);
931 #endif
932     } else {
933         CSR_CRBC(s) = CSR_CRST(s) = 0;
934     }
935 
936     if (CSR_NRDA(s)) {
937         struct pcnet_RMD rmd;
938         RMDLOAD(&rmd, PHYSADDR(s,CSR_NRDA(s)));
939         CSR_NRBC(s) = GET_FIELD(rmd.buf_length, RMDL, BCNT);
940         CSR_NRST(s) = rmd.status;
941     } else {
942         CSR_NRBC(s) = CSR_NRST(s) = 0;
943     }
944 
945 }
946 
947 static int pcnet_tdte_poll(PCNetState *s)
948 {
949     s->csr[34] = s->csr[35] = 0;
950     if (s->tdra) {
951         hwaddr cxda = s->tdra +
952             (CSR_XMTRL(s) - CSR_XMTRC(s)) *
953             (BCR_SWSTYLE(s) ? 16 : 8);
954         int bad = 0;
955         CHECK_TMD(cxda, bad);
956         if (!bad) {
957             if (CSR_CXDA(s) != cxda) {
958                 s->csr[60] = s->csr[34];
959                 s->csr[61] = s->csr[35];
960                 s->csr[62] = CSR_CXBC(s);
961                 s->csr[63] = CSR_CXST(s);
962             }
963             s->csr[34] = cxda & 0xffff;
964             s->csr[35] = cxda >> 16;
965 #ifdef PCNET_DEBUG_X
966             printf("pcnet: BAD TMD XDA=0x%08x\n", cxda);
967 #endif
968         }
969     }
970 
971     if (CSR_CXDA(s)) {
972         struct pcnet_TMD tmd;
973 
974         TMDLOAD(&tmd, PHYSADDR(s,CSR_CXDA(s)));
975 
976         CSR_CXBC(s) = GET_FIELD(tmd.length, TMDL, BCNT);
977         CSR_CXST(s) = tmd.status;
978     } else {
979         CSR_CXBC(s) = CSR_CXST(s) = 0;
980     }
981 
982     return !!(CSR_CXST(s) & 0x8000);
983 }
984 
985 #define MIN_BUF_SIZE 60
986 
987 ssize_t pcnet_receive(NetClientState *nc, const uint8_t *buf, size_t size_)
988 {
989     PCNetState *s = qemu_get_nic_opaque(nc);
990     int is_padr = 0, is_bcast = 0, is_ladr = 0;
991     uint8_t buf1[60];
992     int remaining;
993     int crc_err = 0;
994     size_t size = size_;
995 
996     if (CSR_DRX(s) || CSR_STOP(s) || CSR_SPND(s) || !size ||
997         (CSR_LOOP(s) && !s->looptest)) {
998         return -1;
999     }
1000 #ifdef PCNET_DEBUG
1001     printf("pcnet_receive size=%zu\n", size);
1002 #endif
1003 
1004     /* if too small buffer, then expand it */
1005     if (size < MIN_BUF_SIZE) {
1006         memcpy(buf1, buf, size);
1007         memset(buf1 + size, 0, MIN_BUF_SIZE - size);
1008         buf = buf1;
1009         size = MIN_BUF_SIZE;
1010     }
1011 
1012     if (CSR_PROM(s)
1013         || (is_padr=padr_match(s, buf, size))
1014         || (is_bcast=padr_bcast(s, buf, size))
1015         || (is_ladr=ladr_match(s, buf, size))) {
1016 
1017         pcnet_rdte_poll(s);
1018 
1019         if (!(CSR_CRST(s) & 0x8000) && s->rdra) {
1020             struct pcnet_RMD rmd;
1021             int rcvrc = CSR_RCVRC(s)-1,i;
1022             hwaddr nrda;
1023             for (i = CSR_RCVRL(s)-1; i > 0; i--, rcvrc--) {
1024                 if (rcvrc <= 1)
1025                     rcvrc = CSR_RCVRL(s);
1026                 nrda = s->rdra +
1027                     (CSR_RCVRL(s) - rcvrc) *
1028                     (BCR_SWSTYLE(s) ? 16 : 8 );
1029                 RMDLOAD(&rmd, nrda);
1030                 if (GET_FIELD(rmd.status, RMDS, OWN)) {
1031 #ifdef PCNET_DEBUG_RMD
1032                     printf("pcnet - scan buffer: RCVRC=%d PREV_RCVRC=%d\n",
1033                                 rcvrc, CSR_RCVRC(s));
1034 #endif
1035                     CSR_RCVRC(s) = rcvrc;
1036                     pcnet_rdte_poll(s);
1037                     break;
1038                 }
1039             }
1040         }
1041 
1042         if (!(CSR_CRST(s) & 0x8000)) {
1043 #ifdef PCNET_DEBUG_RMD
1044             printf("pcnet - no buffer: RCVRC=%d\n", CSR_RCVRC(s));
1045 #endif
1046             s->csr[0] |= 0x1000; /* Set MISS flag */
1047             CSR_MISSC(s)++;
1048         } else {
1049             uint8_t *src = s->buffer;
1050             hwaddr crda = CSR_CRDA(s);
1051             struct pcnet_RMD rmd;
1052             int pktcount = 0;
1053 
1054             if (!s->looptest) {
1055                 if (size > 4092) {
1056 #ifdef PCNET_DEBUG_RMD
1057                     fprintf(stderr, "pcnet: truncates rx packet.\n");
1058 #endif
1059                     size = 4092;
1060                 }
1061                 memcpy(src, buf, size);
1062                 /* no need to compute the CRC */
1063                 src[size] = 0;
1064                 src[size + 1] = 0;
1065                 src[size + 2] = 0;
1066                 src[size + 3] = 0;
1067                 size += 4;
1068             } else if (s->looptest == PCNET_LOOPTEST_CRC ||
1069                        !CSR_DXMTFCS(s) || size < MIN_BUF_SIZE+4) {
1070                 uint32_t fcs = ~0;
1071                 uint8_t *p = src;
1072 
1073                 while (p != &src[size])
1074                     CRC(fcs, *p++);
1075                 *(uint32_t *)p = htonl(fcs);
1076                 size += 4;
1077             } else {
1078                 uint32_t fcs = ~0;
1079                 uint8_t *p = src;
1080 
1081                 while (p != &src[size])
1082                     CRC(fcs, *p++);
1083                 crc_err = (*(uint32_t *)p != htonl(fcs));
1084             }
1085 
1086 #ifdef PCNET_DEBUG_MATCH
1087             PRINT_PKTHDR(buf);
1088 #endif
1089 
1090             RMDLOAD(&rmd, PHYSADDR(s,crda));
1091             /*if (!CSR_LAPPEN(s))*/
1092                 SET_FIELD(&rmd.status, RMDS, STP, 1);
1093 
1094 #define PCNET_RECV_STORE() do {                                 \
1095     int count = MIN(4096 - GET_FIELD(rmd.buf_length, RMDL, BCNT),remaining); \
1096     hwaddr rbadr = PHYSADDR(s, rmd.rbadr);          \
1097     s->phys_mem_write(s->dma_opaque, rbadr, src, count, CSR_BSWP(s)); \
1098     src += count; remaining -= count;                           \
1099     SET_FIELD(&rmd.status, RMDS, OWN, 0);                       \
1100     RMDSTORE(&rmd, PHYSADDR(s,crda));                           \
1101     pktcount++;                                                 \
1102 } while (0)
1103 
1104             remaining = size;
1105             PCNET_RECV_STORE();
1106             if ((remaining > 0) && CSR_NRDA(s)) {
1107                 hwaddr nrda = CSR_NRDA(s);
1108 #ifdef PCNET_DEBUG_RMD
1109                 PRINT_RMD(&rmd);
1110 #endif
1111                 RMDLOAD(&rmd, PHYSADDR(s,nrda));
1112                 if (GET_FIELD(rmd.status, RMDS, OWN)) {
1113                     crda = nrda;
1114                     PCNET_RECV_STORE();
1115 #ifdef PCNET_DEBUG_RMD
1116                     PRINT_RMD(&rmd);
1117 #endif
1118                     if ((remaining > 0) && (nrda=CSR_NNRD(s))) {
1119                         RMDLOAD(&rmd, PHYSADDR(s,nrda));
1120                         if (GET_FIELD(rmd.status, RMDS, OWN)) {
1121                             crda = nrda;
1122                             PCNET_RECV_STORE();
1123                         }
1124                     }
1125                 }
1126             }
1127 
1128 #undef PCNET_RECV_STORE
1129 
1130             RMDLOAD(&rmd, PHYSADDR(s,crda));
1131             if (remaining == 0) {
1132                 SET_FIELD(&rmd.msg_length, RMDM, MCNT, size);
1133                 SET_FIELD(&rmd.status, RMDS, ENP, 1);
1134                 SET_FIELD(&rmd.status, RMDS, PAM, !CSR_PROM(s) && is_padr);
1135                 SET_FIELD(&rmd.status, RMDS, LFAM, !CSR_PROM(s) && is_ladr);
1136                 SET_FIELD(&rmd.status, RMDS, BAM, !CSR_PROM(s) && is_bcast);
1137                 if (crc_err) {
1138                     SET_FIELD(&rmd.status, RMDS, CRC, 1);
1139                     SET_FIELD(&rmd.status, RMDS, ERR, 1);
1140                 }
1141             } else {
1142                 SET_FIELD(&rmd.status, RMDS, OFLO, 1);
1143                 SET_FIELD(&rmd.status, RMDS, BUFF, 1);
1144                 SET_FIELD(&rmd.status, RMDS, ERR, 1);
1145             }
1146             RMDSTORE(&rmd, PHYSADDR(s,crda));
1147             s->csr[0] |= 0x0400;
1148 
1149 #ifdef PCNET_DEBUG
1150             printf("RCVRC=%d CRDA=0x%08x BLKS=%d\n",
1151                 CSR_RCVRC(s), PHYSADDR(s,CSR_CRDA(s)), pktcount);
1152 #endif
1153 #ifdef PCNET_DEBUG_RMD
1154             PRINT_RMD(&rmd);
1155 #endif
1156 
1157             while (pktcount--) {
1158                 if (CSR_RCVRC(s) <= 1) {
1159                     CSR_RCVRC(s) = CSR_RCVRL(s);
1160                 } else {
1161                     CSR_RCVRC(s)--;
1162                 }
1163             }
1164 
1165             pcnet_rdte_poll(s);
1166 
1167         }
1168     }
1169 
1170     pcnet_poll(s);
1171     pcnet_update_irq(s);
1172 
1173     return size_;
1174 }
1175 
1176 void pcnet_set_link_status(NetClientState *nc)
1177 {
1178     PCNetState *d = qemu_get_nic_opaque(nc);
1179 
1180     d->lnkst = nc->link_down ? 0 : 0x40;
1181 }
1182 
1183 static void pcnet_transmit(PCNetState *s)
1184 {
1185     hwaddr xmit_cxda = 0;
1186     int count = CSR_XMTRL(s)-1;
1187     int add_crc = 0;
1188     int bcnt;
1189     s->xmit_pos = -1;
1190 
1191     if (!CSR_TXON(s)) {
1192         s->csr[0] &= ~0x0008;
1193         return;
1194     }
1195 
1196     s->tx_busy = 1;
1197 
1198 txagain:
1199     if (pcnet_tdte_poll(s)) {
1200         struct pcnet_TMD tmd;
1201 
1202         TMDLOAD(&tmd, PHYSADDR(s,CSR_CXDA(s)));
1203 
1204 #ifdef PCNET_DEBUG_TMD
1205         printf("  TMDLOAD 0x%08x\n", PHYSADDR(s,CSR_CXDA(s)));
1206         PRINT_TMD(&tmd);
1207 #endif
1208         if (GET_FIELD(tmd.status, TMDS, STP)) {
1209             s->xmit_pos = 0;
1210             xmit_cxda = PHYSADDR(s,CSR_CXDA(s));
1211             if (BCR_SWSTYLE(s) != 1)
1212                 add_crc = GET_FIELD(tmd.status, TMDS, ADDFCS);
1213         }
1214         if (s->lnkst == 0 &&
1215             (!CSR_LOOP(s) || (!CSR_INTL(s) && !BCR_TMAULOOP(s)))) {
1216             SET_FIELD(&tmd.misc, TMDM, LCAR, 1);
1217             SET_FIELD(&tmd.status, TMDS, ERR, 1);
1218             SET_FIELD(&tmd.status, TMDS, OWN, 0);
1219             s->csr[0] |= 0xa000; /* ERR | CERR */
1220             s->xmit_pos = -1;
1221             goto txdone;
1222         }
1223 
1224         if (s->xmit_pos < 0) {
1225             goto txdone;
1226         }
1227 
1228         bcnt = 4096 - GET_FIELD(tmd.length, TMDL, BCNT);
1229 
1230         /* if multi-tmd packet outsizes s->buffer then skip it silently.
1231          * Note: this is not what real hw does.
1232          * Last four bytes of s->buffer are used to store CRC FCS code.
1233          */
1234         if (s->xmit_pos + bcnt > sizeof(s->buffer) - 4) {
1235             s->xmit_pos = -1;
1236             goto txdone;
1237         }
1238 
1239         s->phys_mem_read(s->dma_opaque, PHYSADDR(s, tmd.tbadr),
1240                          s->buffer + s->xmit_pos, bcnt, CSR_BSWP(s));
1241         s->xmit_pos += bcnt;
1242 
1243         if (!GET_FIELD(tmd.status, TMDS, ENP)) {
1244             goto txdone;
1245         }
1246 
1247 #ifdef PCNET_DEBUG
1248         printf("pcnet_transmit size=%d\n", s->xmit_pos);
1249 #endif
1250         if (CSR_LOOP(s)) {
1251             if (BCR_SWSTYLE(s) == 1)
1252                 add_crc = !GET_FIELD(tmd.status, TMDS, NOFCS);
1253             s->looptest = add_crc ? PCNET_LOOPTEST_CRC : PCNET_LOOPTEST_NOCRC;
1254             pcnet_receive(qemu_get_queue(s->nic), s->buffer, s->xmit_pos);
1255             s->looptest = 0;
1256         } else {
1257             if (s->nic) {
1258                 qemu_send_packet(qemu_get_queue(s->nic), s->buffer,
1259                                  s->xmit_pos);
1260             }
1261         }
1262 
1263         s->csr[0] &= ~0x0008;   /* clear TDMD */
1264         s->csr[4] |= 0x0004;    /* set TXSTRT */
1265         s->xmit_pos = -1;
1266 
1267 txdone:
1268         SET_FIELD(&tmd.status, TMDS, OWN, 0);
1269         TMDSTORE(&tmd, PHYSADDR(s,CSR_CXDA(s)));
1270         if (!CSR_TOKINTD(s)
1271             || (CSR_LTINTEN(s) && GET_FIELD(tmd.status, TMDS, LTINT))) {
1272             s->csr[0] |= 0x0200;    /* set TINT */
1273         }
1274         if (CSR_XMTRC(s) <= 1) {
1275             CSR_XMTRC(s) = CSR_XMTRL(s);
1276         } else {
1277             CSR_XMTRC(s)--;
1278         }
1279         if (count--) {
1280             goto txagain;
1281         }
1282     } else if (s->xmit_pos >= 0) {
1283         struct pcnet_TMD tmd;
1284         TMDLOAD(&tmd, xmit_cxda);
1285         SET_FIELD(&tmd.misc, TMDM, BUFF, 1);
1286         SET_FIELD(&tmd.misc, TMDM, UFLO, 1);
1287         SET_FIELD(&tmd.status, TMDS, ERR, 1);
1288         SET_FIELD(&tmd.status, TMDS, OWN, 0);
1289         TMDSTORE(&tmd, xmit_cxda);
1290         s->csr[0] |= 0x0200;    /* set TINT */
1291         if (!CSR_DXSUFLO(s)) {
1292             s->csr[0] &= ~0x0010;
1293         } else if (count--) {
1294             goto txagain;
1295         }
1296     }
1297 
1298     s->tx_busy = 0;
1299 }
1300 
1301 static void pcnet_poll(PCNetState *s)
1302 {
1303     if (CSR_RXON(s)) {
1304         pcnet_rdte_poll(s);
1305     }
1306 
1307     if (CSR_TDMD(s) || (CSR_TXON(s) && !CSR_DPOLL(s) && pcnet_tdte_poll(s))) {
1308         /* prevent recursion */
1309         if (s->tx_busy) {
1310             return;
1311         }
1312         pcnet_transmit(s);
1313     }
1314 }
1315 
1316 static void pcnet_poll_timer(void *opaque)
1317 {
1318     PCNetState *s = opaque;
1319 
1320     timer_del(s->poll_timer);
1321 
1322     if (CSR_TDMD(s)) {
1323         pcnet_transmit(s);
1324     }
1325 
1326     pcnet_update_irq(s);
1327 
1328     if (!CSR_STOP(s) && !CSR_SPND(s) && !CSR_DPOLL(s)) {
1329         uint64_t now = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) * 33;
1330         if (!s->timer || !now) {
1331             s->timer = now;
1332         } else {
1333             uint64_t t = now - s->timer + CSR_POLL(s);
1334             if (t > 0xffffLL) {
1335                 pcnet_poll(s);
1336                 CSR_POLL(s) = CSR_PINT(s);
1337             } else {
1338                 CSR_POLL(s) = t;
1339             }
1340         }
1341         timer_mod(s->poll_timer,
1342             pcnet_get_next_poll_time(s,qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL)));
1343     }
1344 }
1345 
1346 
1347 static void pcnet_csr_writew(PCNetState *s, uint32_t rap, uint32_t new_value)
1348 {
1349     uint16_t val = new_value;
1350 #ifdef PCNET_DEBUG_CSR
1351     printf("pcnet_csr_writew rap=%d val=0x%04x\n", rap, val);
1352 #endif
1353     switch (rap) {
1354     case 0:
1355         s->csr[0] &= ~(val & 0x7f00); /* Clear any interrupt flags */
1356 
1357         s->csr[0] = (s->csr[0] & ~0x0040) | (val & 0x0048);
1358 
1359         val = (val & 0x007f) | (s->csr[0] & 0x7f00);
1360 
1361         /* IFF STOP, STRT and INIT are set, clear STRT and INIT */
1362         if ((val & 7) == 7) {
1363             val &= ~3;
1364         }
1365         if (!CSR_STOP(s) && (val & 4)) {
1366             pcnet_stop(s);
1367         }
1368         if (!CSR_INIT(s) && (val & 1)) {
1369             pcnet_init(s);
1370         }
1371         if (!CSR_STRT(s) && (val & 2)) {
1372             pcnet_start(s);
1373         }
1374         if (CSR_TDMD(s)) {
1375             pcnet_transmit(s);
1376         }
1377         return;
1378     case 1:
1379     case 2:
1380     case 8:
1381     case 9:
1382     case 10:
1383     case 11:
1384     case 12:
1385     case 13:
1386     case 14:
1387     case 15:
1388     case 18: /* CRBAL */
1389     case 19: /* CRBAU */
1390     case 20: /* CXBAL */
1391     case 21: /* CXBAU */
1392     case 22: /* NRBAU */
1393     case 23: /* NRBAU */
1394     case 24:
1395     case 25:
1396     case 26:
1397     case 27:
1398     case 28:
1399     case 29:
1400     case 30:
1401     case 31:
1402     case 32:
1403     case 33:
1404     case 34:
1405     case 35:
1406     case 36:
1407     case 37:
1408     case 38:
1409     case 39:
1410     case 40: /* CRBC */
1411     case 41:
1412     case 42: /* CXBC */
1413     case 43:
1414     case 44:
1415     case 45:
1416     case 46: /* POLL */
1417     case 47: /* POLLINT */
1418     case 72:
1419     case 74:
1420         break;
1421     case 76: /* RCVRL */
1422     case 78: /* XMTRL */
1423         val = (val > 0) ? val : 512;
1424         break;
1425     case 112:
1426         if (CSR_STOP(s) || CSR_SPND(s)) {
1427             break;
1428         }
1429         return;
1430     case 3:
1431         break;
1432     case 4:
1433         s->csr[4] &= ~(val & 0x026a);
1434         val &= ~0x026a; val |= s->csr[4] & 0x026a;
1435         break;
1436     case 5:
1437         s->csr[5] &= ~(val & 0x0a90);
1438         val &= ~0x0a90; val |= s->csr[5] & 0x0a90;
1439         break;
1440     case 16:
1441         pcnet_csr_writew(s,1,val);
1442         return;
1443     case 17:
1444         pcnet_csr_writew(s,2,val);
1445         return;
1446     case 58:
1447         pcnet_bcr_writew(s,BCR_SWS,val);
1448         break;
1449     default:
1450         return;
1451     }
1452     s->csr[rap] = val;
1453 }
1454 
1455 static uint32_t pcnet_csr_readw(PCNetState *s, uint32_t rap)
1456 {
1457     uint32_t val;
1458     switch (rap) {
1459     case 0:
1460         pcnet_update_irq(s);
1461         val = s->csr[0];
1462         val |= (val & 0x7800) ? 0x8000 : 0;
1463         break;
1464     case 16:
1465         return pcnet_csr_readw(s,1);
1466     case 17:
1467         return pcnet_csr_readw(s,2);
1468     case 58:
1469         return pcnet_bcr_readw(s,BCR_SWS);
1470     case 88:
1471         val = s->csr[89];
1472         val <<= 16;
1473         val |= s->csr[88];
1474         break;
1475     default:
1476         val = s->csr[rap];
1477     }
1478 #ifdef PCNET_DEBUG_CSR
1479     printf("pcnet_csr_readw rap=%d val=0x%04x\n", rap, val);
1480 #endif
1481     return val;
1482 }
1483 
1484 static void pcnet_bcr_writew(PCNetState *s, uint32_t rap, uint32_t val)
1485 {
1486     rap &= 127;
1487 #ifdef PCNET_DEBUG_BCR
1488     printf("pcnet_bcr_writew rap=%d val=0x%04x\n", rap, val);
1489 #endif
1490     switch (rap) {
1491     case BCR_SWS:
1492         if (!(CSR_STOP(s) || CSR_SPND(s)))
1493             return;
1494         val &= ~0x0300;
1495         switch (val & 0x00ff) {
1496         case 0:
1497             val |= 0x0200;
1498             break;
1499         case 1:
1500             val |= 0x0100;
1501             break;
1502         case 2:
1503         case 3:
1504             val |= 0x0300;
1505             break;
1506         default:
1507             qemu_log_mask(LOG_GUEST_ERROR, "pcnet: Bad SWSTYLE=0x%02x\n",
1508                           val & 0xff);
1509             val = 0x0200;
1510             break;
1511         }
1512 #ifdef PCNET_DEBUG
1513        printf("BCR_SWS=0x%04x\n", val);
1514 #endif
1515         /* fall through */
1516     case BCR_LNKST:
1517     case BCR_LED1:
1518     case BCR_LED2:
1519     case BCR_LED3:
1520     case BCR_MC:
1521     case BCR_FDC:
1522     case BCR_BSBC:
1523     case BCR_EECAS:
1524     case BCR_PLAT:
1525         s->bcr[rap] = val;
1526         break;
1527     default:
1528         break;
1529     }
1530 }
1531 
1532 uint32_t pcnet_bcr_readw(PCNetState *s, uint32_t rap)
1533 {
1534     uint32_t val;
1535     rap &= 127;
1536     switch (rap) {
1537     case BCR_LNKST:
1538     case BCR_LED1:
1539     case BCR_LED2:
1540     case BCR_LED3:
1541         val = s->bcr[rap] & ~0x8000;
1542         val |= (val & 0x017f & s->lnkst) ? 0x8000 : 0;
1543         break;
1544     default:
1545         val = rap < 32 ? s->bcr[rap] : 0;
1546         break;
1547     }
1548 #ifdef PCNET_DEBUG_BCR
1549     printf("pcnet_bcr_readw rap=%d val=0x%04x\n", rap, val);
1550 #endif
1551     return val;
1552 }
1553 
1554 void pcnet_h_reset(void *opaque)
1555 {
1556     PCNetState *s = opaque;
1557 
1558     s->bcr[BCR_MSRDA] = 0x0005;
1559     s->bcr[BCR_MSWRA] = 0x0005;
1560     s->bcr[BCR_MC   ] = 0x0002;
1561     s->bcr[BCR_LNKST] = 0x00c0;
1562     s->bcr[BCR_LED1 ] = 0x0084;
1563     s->bcr[BCR_LED2 ] = 0x0088;
1564     s->bcr[BCR_LED3 ] = 0x0090;
1565     s->bcr[BCR_FDC  ] = 0x0000;
1566     s->bcr[BCR_BSBC ] = 0x9001;
1567     s->bcr[BCR_EECAS] = 0x0002;
1568     s->bcr[BCR_SWS  ] = 0x0200;
1569     s->bcr[BCR_PLAT ] = 0xff06;
1570 
1571     pcnet_s_reset(s);
1572     pcnet_update_irq(s);
1573     pcnet_poll_timer(s);
1574 }
1575 
1576 void pcnet_ioport_writew(void *opaque, uint32_t addr, uint32_t val)
1577 {
1578     PCNetState *s = opaque;
1579     pcnet_poll_timer(s);
1580 #ifdef PCNET_DEBUG_IO
1581     printf("pcnet_ioport_writew addr=0x%08x val=0x%04x\n", addr, val);
1582 #endif
1583     if (!BCR_DWIO(s)) {
1584         switch (addr & 0x0f) {
1585         case 0x00: /* RDP */
1586             pcnet_csr_writew(s, s->rap, val);
1587             break;
1588         case 0x02:
1589             s->rap = val & 0x7f;
1590             break;
1591         case 0x06:
1592             pcnet_bcr_writew(s, s->rap, val);
1593             break;
1594         }
1595     }
1596     pcnet_update_irq(s);
1597 }
1598 
1599 uint32_t pcnet_ioport_readw(void *opaque, uint32_t addr)
1600 {
1601     PCNetState *s = opaque;
1602     uint32_t val = -1;
1603     pcnet_poll_timer(s);
1604     if (!BCR_DWIO(s)) {
1605         switch (addr & 0x0f) {
1606         case 0x00: /* RDP */
1607             val = pcnet_csr_readw(s, s->rap);
1608             break;
1609         case 0x02:
1610             val = s->rap;
1611             break;
1612         case 0x04:
1613             pcnet_s_reset(s);
1614             val = 0;
1615             break;
1616         case 0x06:
1617             val = pcnet_bcr_readw(s, s->rap);
1618             break;
1619         }
1620     }
1621     pcnet_update_irq(s);
1622 #ifdef PCNET_DEBUG_IO
1623     printf("pcnet_ioport_readw addr=0x%08x val=0x%04x\n", addr, val & 0xffff);
1624 #endif
1625     return val;
1626 }
1627 
1628 void pcnet_ioport_writel(void *opaque, uint32_t addr, uint32_t val)
1629 {
1630     PCNetState *s = opaque;
1631     pcnet_poll_timer(s);
1632 #ifdef PCNET_DEBUG_IO
1633     printf("pcnet_ioport_writel addr=0x%08x val=0x%08x\n", addr, val);
1634 #endif
1635     if (BCR_DWIO(s)) {
1636         switch (addr & 0x0f) {
1637         case 0x00: /* RDP */
1638             pcnet_csr_writew(s, s->rap, val & 0xffff);
1639             break;
1640         case 0x04:
1641             s->rap = val & 0x7f;
1642             break;
1643         case 0x0c:
1644             pcnet_bcr_writew(s, s->rap, val & 0xffff);
1645             break;
1646         }
1647     } else if ((addr & 0x0f) == 0) {
1648         /* switch device to dword i/o mode */
1649         pcnet_bcr_writew(s, BCR_BSBC, pcnet_bcr_readw(s, BCR_BSBC) | 0x0080);
1650 #ifdef PCNET_DEBUG_IO
1651         printf("device switched into dword i/o mode\n");
1652 #endif
1653     }
1654     pcnet_update_irq(s);
1655 }
1656 
1657 uint32_t pcnet_ioport_readl(void *opaque, uint32_t addr)
1658 {
1659     PCNetState *s = opaque;
1660     uint32_t val = -1;
1661     pcnet_poll_timer(s);
1662     if (BCR_DWIO(s)) {
1663         switch (addr & 0x0f) {
1664         case 0x00: /* RDP */
1665             val = pcnet_csr_readw(s, s->rap);
1666             break;
1667         case 0x04:
1668             val = s->rap;
1669             break;
1670         case 0x08:
1671             pcnet_s_reset(s);
1672             val = 0;
1673             break;
1674         case 0x0c:
1675             val = pcnet_bcr_readw(s, s->rap);
1676             break;
1677         }
1678     }
1679     pcnet_update_irq(s);
1680 #ifdef PCNET_DEBUG_IO
1681     printf("pcnet_ioport_readl addr=0x%08x val=0x%08x\n", addr, val);
1682 #endif
1683     return val;
1684 }
1685 
1686 static bool is_version_2(void *opaque, int version_id)
1687 {
1688     return version_id == 2;
1689 }
1690 
1691 const VMStateDescription vmstate_pcnet = {
1692     .name = "pcnet",
1693     .version_id = 3,
1694     .minimum_version_id = 2,
1695     .fields = (VMStateField[]) {
1696         VMSTATE_INT32(rap, PCNetState),
1697         VMSTATE_INT32(isr, PCNetState),
1698         VMSTATE_INT32(lnkst, PCNetState),
1699         VMSTATE_UINT32(rdra, PCNetState),
1700         VMSTATE_UINT32(tdra, PCNetState),
1701         VMSTATE_BUFFER(prom, PCNetState),
1702         VMSTATE_UINT16_ARRAY(csr, PCNetState, 128),
1703         VMSTATE_UINT16_ARRAY(bcr, PCNetState, 32),
1704         VMSTATE_UINT64(timer, PCNetState),
1705         VMSTATE_INT32(xmit_pos, PCNetState),
1706         VMSTATE_BUFFER(buffer, PCNetState),
1707         VMSTATE_UNUSED_TEST(is_version_2, 4),
1708         VMSTATE_INT32(tx_busy, PCNetState),
1709         VMSTATE_TIMER_PTR(poll_timer, PCNetState),
1710         VMSTATE_END_OF_LIST()
1711     }
1712 };
1713 
1714 void pcnet_common_init(DeviceState *dev, PCNetState *s, NetClientInfo *info)
1715 {
1716     int i;
1717     uint16_t checksum;
1718 
1719     s->poll_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, pcnet_poll_timer, s);
1720 
1721     qemu_macaddr_default_if_unset(&s->conf.macaddr);
1722     s->nic = qemu_new_nic(info, &s->conf, object_get_typename(OBJECT(dev)), dev->id, s);
1723     qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a);
1724 
1725     /* Initialize the PROM */
1726 
1727     /*
1728       Datasheet: http://pdfdata.datasheetsite.com/web/24528/AM79C970A.pdf
1729       page 95
1730     */
1731     memcpy(s->prom, s->conf.macaddr.a, 6);
1732     /* Reserved Location: must be 00h */
1733     s->prom[6] = s->prom[7] = 0x00;
1734     /* Reserved Location: must be 00h */
1735     s->prom[8] = 0x00;
1736     /* Hardware ID: must be 11h if compatibility to AMD drivers is desired */
1737     s->prom[9] = 0x11;
1738     /* User programmable space, init with 0 */
1739     s->prom[10] = s->prom[11] = 0x00;
1740     /* LSByte of two-byte checksum, which is the sum of bytes 00h-0Bh
1741        and bytes 0Eh and 0Fh, must therefore be initialized with 0! */
1742     s->prom[12] = s->prom[13] = 0x00;
1743     /* Must be ASCII W (57h) if compatibility to AMD
1744        driver software is desired */
1745     s->prom[14] = s->prom[15] = 0x57;
1746 
1747     for (i = 0, checksum = 0; i < 16; i++) {
1748         checksum += s->prom[i];
1749     }
1750     *(uint16_t *)&s->prom[12] = cpu_to_le16(checksum);
1751 
1752     s->lnkst = 0x40; /* initial link state: up */
1753 }
1754