xref: /openbmc/qemu/hw/net/smc91c111.c (revision cd53991d)
1 /*
2  * SMSC 91C111 Ethernet interface emulation
3  *
4  * Copyright (c) 2005 CodeSourcery, LLC.
5  * Written by Paul Brook
6  *
7  * This code is licensed under the GPL
8  */
9 
10 #include "qemu/osdep.h"
11 #include "hw/sysbus.h"
12 #include "migration/vmstate.h"
13 #include "net/net.h"
14 #include "hw/irq.h"
15 #include "hw/net/smc91c111.h"
16 #include "hw/qdev-properties.h"
17 #include "qapi/error.h"
18 #include "qemu/log.h"
19 #include "qemu/module.h"
20 /* For crc32 */
21 #include <zlib.h>
22 #include "qom/object.h"
23 
24 /* Number of 2k memory pages available.  */
25 #define NUM_PACKETS 4
26 
27 #define TYPE_SMC91C111 "smc91c111"
28 OBJECT_DECLARE_SIMPLE_TYPE(smc91c111_state, SMC91C111)
29 
30 struct smc91c111_state {
31     SysBusDevice parent_obj;
32 
33     NICState *nic;
34     NICConf conf;
35     uint16_t tcr;
36     uint16_t rcr;
37     uint16_t cr;
38     uint16_t ctr;
39     uint16_t gpr;
40     uint16_t ptr;
41     uint16_t ercv;
42     qemu_irq irq;
43     int bank;
44     int packet_num;
45     int tx_alloc;
46     /* Bitmask of allocated packets.  */
47     int allocated;
48     int tx_fifo_len;
49     int tx_fifo[NUM_PACKETS];
50     int rx_fifo_len;
51     int rx_fifo[NUM_PACKETS];
52     int tx_fifo_done_len;
53     int tx_fifo_done[NUM_PACKETS];
54     /* Packet buffer memory.  */
55     uint8_t data[NUM_PACKETS][2048];
56     uint8_t int_level;
57     uint8_t int_mask;
58     MemoryRegion mmio;
59 };
60 
61 static const VMStateDescription vmstate_smc91c111 = {
62     .name = "smc91c111",
63     .version_id = 1,
64     .minimum_version_id = 1,
65     .fields = (const VMStateField[]) {
66         VMSTATE_UINT16(tcr, smc91c111_state),
67         VMSTATE_UINT16(rcr, smc91c111_state),
68         VMSTATE_UINT16(cr, smc91c111_state),
69         VMSTATE_UINT16(ctr, smc91c111_state),
70         VMSTATE_UINT16(gpr, smc91c111_state),
71         VMSTATE_UINT16(ptr, smc91c111_state),
72         VMSTATE_UINT16(ercv, smc91c111_state),
73         VMSTATE_INT32(bank, smc91c111_state),
74         VMSTATE_INT32(packet_num, smc91c111_state),
75         VMSTATE_INT32(tx_alloc, smc91c111_state),
76         VMSTATE_INT32(allocated, smc91c111_state),
77         VMSTATE_INT32(tx_fifo_len, smc91c111_state),
78         VMSTATE_INT32_ARRAY(tx_fifo, smc91c111_state, NUM_PACKETS),
79         VMSTATE_INT32(rx_fifo_len, smc91c111_state),
80         VMSTATE_INT32_ARRAY(rx_fifo, smc91c111_state, NUM_PACKETS),
81         VMSTATE_INT32(tx_fifo_done_len, smc91c111_state),
82         VMSTATE_INT32_ARRAY(tx_fifo_done, smc91c111_state, NUM_PACKETS),
83         VMSTATE_BUFFER_UNSAFE(data, smc91c111_state, 0, NUM_PACKETS * 2048),
84         VMSTATE_UINT8(int_level, smc91c111_state),
85         VMSTATE_UINT8(int_mask, smc91c111_state),
86         VMSTATE_END_OF_LIST()
87     }
88 };
89 
90 #define RCR_SOFT_RST  0x8000
91 #define RCR_STRIP_CRC 0x0200
92 #define RCR_RXEN      0x0100
93 
94 #define TCR_EPH_LOOP  0x2000
95 #define TCR_NOCRC     0x0100
96 #define TCR_PAD_EN    0x0080
97 #define TCR_FORCOL    0x0004
98 #define TCR_LOOP      0x0002
99 #define TCR_TXEN      0x0001
100 
101 #define INT_MD        0x80
102 #define INT_ERCV      0x40
103 #define INT_EPH       0x20
104 #define INT_RX_OVRN   0x10
105 #define INT_ALLOC     0x08
106 #define INT_TX_EMPTY  0x04
107 #define INT_TX        0x02
108 #define INT_RCV       0x01
109 
110 #define CTR_AUTO_RELEASE  0x0800
111 #define CTR_RELOAD        0x0002
112 #define CTR_STORE         0x0001
113 
114 #define RS_ALGNERR      0x8000
115 #define RS_BRODCAST     0x4000
116 #define RS_BADCRC       0x2000
117 #define RS_ODDFRAME     0x1000
118 #define RS_TOOLONG      0x0800
119 #define RS_TOOSHORT     0x0400
120 #define RS_MULTICAST    0x0001
121 
122 /* Update interrupt status.  */
smc91c111_update(smc91c111_state * s)123 static void smc91c111_update(smc91c111_state *s)
124 {
125     int level;
126 
127     if (s->tx_fifo_len == 0)
128         s->int_level |= INT_TX_EMPTY;
129     if (s->tx_fifo_done_len != 0)
130         s->int_level |= INT_TX;
131     level = (s->int_level & s->int_mask) != 0;
132     qemu_set_irq(s->irq, level);
133 }
134 
smc91c111_can_receive(smc91c111_state * s)135 static bool smc91c111_can_receive(smc91c111_state *s)
136 {
137     if ((s->rcr & RCR_RXEN) == 0 || (s->rcr & RCR_SOFT_RST)) {
138         return true;
139     }
140     if (s->allocated == (1 << NUM_PACKETS) - 1 ||
141         s->rx_fifo_len == NUM_PACKETS) {
142         return false;
143     }
144     return true;
145 }
146 
smc91c111_flush_queued_packets(smc91c111_state * s)147 static inline void smc91c111_flush_queued_packets(smc91c111_state *s)
148 {
149     if (smc91c111_can_receive(s)) {
150         qemu_flush_queued_packets(qemu_get_queue(s->nic));
151     }
152 }
153 
154 /* Try to allocate a packet.  Returns 0x80 on failure.  */
smc91c111_allocate_packet(smc91c111_state * s)155 static int smc91c111_allocate_packet(smc91c111_state *s)
156 {
157     int i;
158     if (s->allocated == (1 << NUM_PACKETS) - 1) {
159         return 0x80;
160     }
161 
162     for (i = 0; i < NUM_PACKETS; i++) {
163         if ((s->allocated & (1 << i)) == 0)
164             break;
165     }
166     s->allocated |= 1 << i;
167     return i;
168 }
169 
170 
171 /* Process a pending TX allocate.  */
smc91c111_tx_alloc(smc91c111_state * s)172 static void smc91c111_tx_alloc(smc91c111_state *s)
173 {
174     s->tx_alloc = smc91c111_allocate_packet(s);
175     if (s->tx_alloc == 0x80)
176         return;
177     s->int_level |= INT_ALLOC;
178     smc91c111_update(s);
179 }
180 
181 /* Remove and item from the RX FIFO.  */
smc91c111_pop_rx_fifo(smc91c111_state * s)182 static void smc91c111_pop_rx_fifo(smc91c111_state *s)
183 {
184     int i;
185 
186     s->rx_fifo_len--;
187     if (s->rx_fifo_len) {
188         for (i = 0; i < s->rx_fifo_len; i++)
189             s->rx_fifo[i] = s->rx_fifo[i + 1];
190         s->int_level |= INT_RCV;
191     } else {
192         s->int_level &= ~INT_RCV;
193     }
194     smc91c111_flush_queued_packets(s);
195     smc91c111_update(s);
196 }
197 
198 /* Remove an item from the TX completion FIFO.  */
smc91c111_pop_tx_fifo_done(smc91c111_state * s)199 static void smc91c111_pop_tx_fifo_done(smc91c111_state *s)
200 {
201     int i;
202 
203     if (s->tx_fifo_done_len == 0)
204         return;
205     s->tx_fifo_done_len--;
206     for (i = 0; i < s->tx_fifo_done_len; i++)
207         s->tx_fifo_done[i] = s->tx_fifo_done[i + 1];
208 }
209 
210 /* Release the memory allocated to a packet.  */
smc91c111_release_packet(smc91c111_state * s,int packet)211 static void smc91c111_release_packet(smc91c111_state *s, int packet)
212 {
213     s->allocated &= ~(1 << packet);
214     if (s->tx_alloc == 0x80)
215         smc91c111_tx_alloc(s);
216     smc91c111_flush_queued_packets(s);
217 }
218 
219 /* Flush the TX FIFO.  */
smc91c111_do_tx(smc91c111_state * s)220 static void smc91c111_do_tx(smc91c111_state *s)
221 {
222     int i;
223     int len;
224     int control;
225     int packetnum;
226     uint8_t *p;
227 
228     if ((s->tcr & TCR_TXEN) == 0)
229         return;
230     if (s->tx_fifo_len == 0)
231         return;
232     for (i = 0; i < s->tx_fifo_len; i++) {
233         packetnum = s->tx_fifo[i];
234         p = &s->data[packetnum][0];
235         /* Set status word.  */
236         *(p++) = 0x01;
237         *(p++) = 0x40;
238         len = *(p++);
239         len |= ((int)*(p++)) << 8;
240         len -= 6;
241         control = p[len + 1];
242         if (control & 0x20)
243             len++;
244         /* ??? This overwrites the data following the buffer.
245            Don't know what real hardware does.  */
246         if (len < 64 && (s->tcr & TCR_PAD_EN)) {
247             memset(p + len, 0, 64 - len);
248             len = 64;
249         }
250 #if 0
251         {
252             int add_crc;
253 
254             /* The card is supposed to append the CRC to the frame.
255                However none of the other network traffic has the CRC
256                appended.  Suspect this is low level ethernet detail we
257                don't need to worry about.  */
258             add_crc = (control & 0x10) || (s->tcr & TCR_NOCRC) == 0;
259             if (add_crc) {
260                 uint32_t crc;
261 
262                 crc = crc32(~0, p, len);
263                 memcpy(p + len, &crc, 4);
264                 len += 4;
265             }
266         }
267 #endif
268         if (s->ctr & CTR_AUTO_RELEASE)
269             /* Race?  */
270             smc91c111_release_packet(s, packetnum);
271         else if (s->tx_fifo_done_len < NUM_PACKETS)
272             s->tx_fifo_done[s->tx_fifo_done_len++] = packetnum;
273         qemu_send_packet(qemu_get_queue(s->nic), p, len);
274     }
275     s->tx_fifo_len = 0;
276     smc91c111_update(s);
277 }
278 
279 /* Add a packet to the TX FIFO.  */
smc91c111_queue_tx(smc91c111_state * s,int packet)280 static void smc91c111_queue_tx(smc91c111_state *s, int packet)
281 {
282     if (s->tx_fifo_len == NUM_PACKETS)
283         return;
284     s->tx_fifo[s->tx_fifo_len++] = packet;
285     smc91c111_do_tx(s);
286 }
287 
smc91c111_reset(DeviceState * dev)288 static void smc91c111_reset(DeviceState *dev)
289 {
290     smc91c111_state *s = SMC91C111(dev);
291 
292     s->bank = 0;
293     s->tx_fifo_len = 0;
294     s->tx_fifo_done_len = 0;
295     s->rx_fifo_len = 0;
296     s->allocated = 0;
297     s->packet_num = 0;
298     s->tx_alloc = 0;
299     s->tcr = 0;
300     s->rcr = 0;
301     s->cr = 0xa0b1;
302     s->ctr = 0x1210;
303     s->ptr = 0;
304     s->ercv = 0x1f;
305     s->int_level = INT_TX_EMPTY;
306     s->int_mask = 0;
307     smc91c111_update(s);
308 }
309 
310 #define SET_LOW(name, val) s->name = (s->name & 0xff00) | val
311 #define SET_HIGH(name, val) s->name = (s->name & 0xff) | (val << 8)
312 
smc91c111_writeb(void * opaque,hwaddr offset,uint32_t value)313 static void smc91c111_writeb(void *opaque, hwaddr offset,
314                              uint32_t value)
315 {
316     smc91c111_state *s = (smc91c111_state *)opaque;
317 
318     offset = offset & 0xf;
319     if (offset == 14) {
320         s->bank = value;
321         return;
322     }
323     if (offset == 15)
324         return;
325     switch (s->bank) {
326     case 0:
327         switch (offset) {
328         case 0: /* TCR */
329             SET_LOW(tcr, value);
330             return;
331         case 1:
332             SET_HIGH(tcr, value);
333             return;
334         case 4: /* RCR */
335             SET_LOW(rcr, value);
336             return;
337         case 5:
338             SET_HIGH(rcr, value);
339             if (s->rcr & RCR_SOFT_RST) {
340                 smc91c111_reset(DEVICE(s));
341             }
342             smc91c111_flush_queued_packets(s);
343             return;
344         case 10: case 11: /* RPCR */
345             /* Ignored */
346             return;
347         case 12: case 13: /* Reserved */
348             return;
349         }
350         break;
351 
352     case 1:
353         switch (offset) {
354         case 0: /* CONFIG */
355             SET_LOW(cr, value);
356             return;
357         case 1:
358             SET_HIGH(cr,value);
359             return;
360         case 2: case 3: /* BASE */
361         case 4: case 5: case 6: case 7: case 8: case 9: /* IA */
362             /* Not implemented.  */
363             return;
364         case 10: /* General Purpose */
365             SET_LOW(gpr, value);
366             return;
367         case 11:
368             SET_HIGH(gpr, value);
369             return;
370         case 12: /* Control */
371             if (value & 1) {
372                 qemu_log_mask(LOG_UNIMP,
373                               "smc91c111: EEPROM store not implemented\n");
374             }
375             if (value & 2) {
376                 qemu_log_mask(LOG_UNIMP,
377                               "smc91c111: EEPROM reload not implemented\n");
378             }
379             value &= ~3;
380             SET_LOW(ctr, value);
381             return;
382         case 13:
383             SET_HIGH(ctr, value);
384             return;
385         }
386         break;
387 
388     case 2:
389         switch (offset) {
390         case 0: /* MMU Command */
391             switch (value >> 5) {
392             case 0: /* no-op */
393                 break;
394             case 1: /* Allocate for TX.  */
395                 s->tx_alloc = 0x80;
396                 s->int_level &= ~INT_ALLOC;
397                 smc91c111_update(s);
398                 smc91c111_tx_alloc(s);
399                 break;
400             case 2: /* Reset MMU.  */
401                 s->allocated = 0;
402                 s->tx_fifo_len = 0;
403                 s->tx_fifo_done_len = 0;
404                 s->rx_fifo_len = 0;
405                 s->tx_alloc = 0;
406                 break;
407             case 3: /* Remove from RX FIFO.  */
408                 smc91c111_pop_rx_fifo(s);
409                 break;
410             case 4: /* Remove from RX FIFO and release.  */
411                 if (s->rx_fifo_len > 0) {
412                     smc91c111_release_packet(s, s->rx_fifo[0]);
413                 }
414                 smc91c111_pop_rx_fifo(s);
415                 break;
416             case 5: /* Release.  */
417                 smc91c111_release_packet(s, s->packet_num);
418                 break;
419             case 6: /* Add to TX FIFO.  */
420                 smc91c111_queue_tx(s, s->packet_num);
421                 break;
422             case 7: /* Reset TX FIFO.  */
423                 s->tx_fifo_len = 0;
424                 s->tx_fifo_done_len = 0;
425                 break;
426             }
427             return;
428         case 1:
429             /* Ignore.  */
430             return;
431         case 2: /* Packet Number Register */
432             s->packet_num = value;
433             return;
434         case 3: case 4: case 5:
435             /* Should be readonly, but linux writes to them anyway. Ignore.  */
436             return;
437         case 6: /* Pointer */
438             SET_LOW(ptr, value);
439             return;
440         case 7:
441             SET_HIGH(ptr, value);
442             return;
443         case 8: case 9: case 10: case 11: /* Data */
444             {
445                 int p;
446                 int n;
447 
448                 if (s->ptr & 0x8000)
449                     n = s->rx_fifo[0];
450                 else
451                     n = s->packet_num;
452                 p = s->ptr & 0x07ff;
453                 if (s->ptr & 0x4000) {
454                     s->ptr = (s->ptr & 0xf800) | ((s->ptr + 1) & 0x7ff);
455                 } else {
456                     p += (offset & 3);
457                 }
458                 s->data[n][p] = value;
459             }
460             return;
461         case 12: /* Interrupt ACK.  */
462             s->int_level &= ~(value & 0xd6);
463             if (value & INT_TX)
464                 smc91c111_pop_tx_fifo_done(s);
465             smc91c111_update(s);
466             return;
467         case 13: /* Interrupt mask.  */
468             s->int_mask = value;
469             smc91c111_update(s);
470             return;
471         }
472         break;
473 
474     case 3:
475         switch (offset) {
476         case 0: case 1: case 2: case 3: case 4: case 5: case 6: case 7:
477             /* Multicast table.  */
478             /* Not implemented.  */
479             return;
480         case 8: case 9: /* Management Interface.  */
481             /* Not implemented.  */
482             return;
483         case 12: /* Early receive.  */
484             s->ercv = value & 0x1f;
485             return;
486         case 13:
487             /* Ignore.  */
488             return;
489         }
490         break;
491     }
492     qemu_log_mask(LOG_GUEST_ERROR, "smc91c111_write(bank:%d) Illegal register"
493                                    " 0x%" HWADDR_PRIx " = 0x%x\n",
494                   s->bank, offset, value);
495 }
496 
smc91c111_readb(void * opaque,hwaddr offset)497 static uint32_t smc91c111_readb(void *opaque, hwaddr offset)
498 {
499     smc91c111_state *s = (smc91c111_state *)opaque;
500 
501     offset = offset & 0xf;
502     if (offset == 14) {
503         return s->bank;
504     }
505     if (offset == 15)
506         return 0x33;
507     switch (s->bank) {
508     case 0:
509         switch (offset) {
510         case 0: /* TCR */
511             return s->tcr & 0xff;
512         case 1:
513             return s->tcr >> 8;
514         case 2: /* EPH Status */
515             return 0;
516         case 3:
517             return 0x40;
518         case 4: /* RCR */
519             return s->rcr & 0xff;
520         case 5:
521             return s->rcr >> 8;
522         case 6: /* Counter */
523         case 7:
524             /* Not implemented.  */
525             return 0;
526         case 8: /* Memory size.  */
527             return NUM_PACKETS;
528         case 9: /* Free memory available.  */
529             {
530                 int i;
531                 int n;
532                 n = 0;
533                 for (i = 0; i < NUM_PACKETS; i++) {
534                     if (s->allocated & (1 << i))
535                         n++;
536                 }
537                 return n;
538             }
539         case 10: case 11: /* RPCR */
540             /* Not implemented.  */
541             return 0;
542         case 12: case 13: /* Reserved */
543             return 0;
544         }
545         break;
546 
547     case 1:
548         switch (offset) {
549         case 0: /* CONFIG */
550             return s->cr & 0xff;
551         case 1:
552             return s->cr >> 8;
553         case 2: case 3: /* BASE */
554             /* Not implemented.  */
555             return 0;
556         case 4: case 5: case 6: case 7: case 8: case 9: /* IA */
557             return s->conf.macaddr.a[offset - 4];
558         case 10: /* General Purpose */
559             return s->gpr & 0xff;
560         case 11:
561             return s->gpr >> 8;
562         case 12: /* Control */
563             return s->ctr & 0xff;
564         case 13:
565             return s->ctr >> 8;
566         }
567         break;
568 
569     case 2:
570         switch (offset) {
571         case 0: case 1: /* MMUCR Busy bit.  */
572             return 0;
573         case 2: /* Packet Number.  */
574             return s->packet_num;
575         case 3: /* Allocation Result.  */
576             return s->tx_alloc;
577         case 4: /* TX FIFO */
578             if (s->tx_fifo_done_len == 0)
579                 return 0x80;
580             else
581                 return s->tx_fifo_done[0];
582         case 5: /* RX FIFO */
583             if (s->rx_fifo_len == 0)
584                 return 0x80;
585             else
586                 return s->rx_fifo[0];
587         case 6: /* Pointer */
588             return s->ptr & 0xff;
589         case 7:
590             return (s->ptr >> 8) & 0xf7;
591         case 8: case 9: case 10: case 11: /* Data */
592             {
593                 int p;
594                 int n;
595 
596                 if (s->ptr & 0x8000)
597                     n = s->rx_fifo[0];
598                 else
599                     n = s->packet_num;
600                 p = s->ptr & 0x07ff;
601                 if (s->ptr & 0x4000) {
602                     s->ptr = (s->ptr & 0xf800) | ((s->ptr + 1) & 0x07ff);
603                 } else {
604                     p += (offset & 3);
605                 }
606                 return s->data[n][p];
607             }
608         case 12: /* Interrupt status.  */
609             return s->int_level;
610         case 13: /* Interrupt mask.  */
611             return s->int_mask;
612         }
613         break;
614 
615     case 3:
616         switch (offset) {
617         case 0: case 1: case 2: case 3: case 4: case 5: case 6: case 7:
618             /* Multicast table.  */
619             /* Not implemented.  */
620             return 0;
621         case 8: /* Management Interface.  */
622             /* Not implemented.  */
623             return 0x30;
624         case 9:
625             return 0x33;
626         case 10: /* Revision.  */
627             return 0x91;
628         case 11:
629             return 0x33;
630         case 12:
631             return s->ercv;
632         case 13:
633             return 0;
634         }
635         break;
636     }
637     qemu_log_mask(LOG_GUEST_ERROR, "smc91c111_read(bank:%d) Illegal register"
638                                    " 0x%" HWADDR_PRIx "\n",
639                   s->bank, offset);
640     return 0;
641 }
642 
smc91c111_readfn(void * opaque,hwaddr addr,unsigned size)643 static uint64_t smc91c111_readfn(void *opaque, hwaddr addr, unsigned size)
644 {
645     int i;
646     uint32_t val = 0;
647 
648     for (i = 0; i < size; i++) {
649         val |= smc91c111_readb(opaque, addr + i) << (i * 8);
650     }
651     return val;
652 }
653 
smc91c111_writefn(void * opaque,hwaddr addr,uint64_t value,unsigned size)654 static void smc91c111_writefn(void *opaque, hwaddr addr,
655                                uint64_t value, unsigned size)
656 {
657     int i = 0;
658 
659     /* 32-bit writes to offset 0xc only actually write to the bank select
660      * register (offset 0xe), so skip the first two bytes we would write.
661      */
662     if (addr == 0xc && size == 4) {
663         i += 2;
664     }
665 
666     for (; i < size; i++) {
667         smc91c111_writeb(opaque, addr + i,
668                          extract32(value, i * 8, 8));
669     }
670 }
671 
smc91c111_can_receive_nc(NetClientState * nc)672 static bool smc91c111_can_receive_nc(NetClientState *nc)
673 {
674     smc91c111_state *s = qemu_get_nic_opaque(nc);
675 
676     return smc91c111_can_receive(s);
677 }
678 
smc91c111_receive(NetClientState * nc,const uint8_t * buf,size_t size)679 static ssize_t smc91c111_receive(NetClientState *nc, const uint8_t *buf, size_t size)
680 {
681     smc91c111_state *s = qemu_get_nic_opaque(nc);
682     int status;
683     int packetsize;
684     uint32_t crc;
685     int packetnum;
686     uint8_t *p;
687 
688     if ((s->rcr & RCR_RXEN) == 0 || (s->rcr & RCR_SOFT_RST))
689         return -1;
690     /* Short packets are padded with zeros.  Receiving a packet
691        < 64 bytes long is considered an error condition.  */
692     if (size < 64)
693         packetsize = 64;
694     else
695         packetsize = (size & ~1);
696     packetsize += 6;
697     crc = (s->rcr & RCR_STRIP_CRC) == 0;
698     if (crc)
699         packetsize += 4;
700     /* TODO: Flag overrun and receive errors.  */
701     if (packetsize > 2048)
702         return -1;
703     packetnum = smc91c111_allocate_packet(s);
704     if (packetnum == 0x80)
705         return -1;
706     s->rx_fifo[s->rx_fifo_len++] = packetnum;
707 
708     p = &s->data[packetnum][0];
709     /* ??? Multicast packets?  */
710     status = 0;
711     if (size > 1518)
712         status |= RS_TOOLONG;
713     if (size & 1)
714         status |= RS_ODDFRAME;
715     *(p++) = status & 0xff;
716     *(p++) = status >> 8;
717     *(p++) = packetsize & 0xff;
718     *(p++) = packetsize >> 8;
719     memcpy(p, buf, size & ~1);
720     p += (size & ~1);
721     /* Pad short packets.  */
722     if (size < 64) {
723         int pad;
724 
725         if (size & 1)
726             *(p++) = buf[size - 1];
727         pad = 64 - size;
728         memset(p, 0, pad);
729         p += pad;
730         size = 64;
731     }
732     /* It's not clear if the CRC should go before or after the last byte in
733        odd sized packets.  Linux disables the CRC, so that's no help.
734        The pictures in the documentation show the CRC aligned on a 16-bit
735        boundary before the last odd byte, so that's what we do.  */
736     if (crc) {
737         crc = crc32(~0, buf, size);
738         *(p++) = crc & 0xff; crc >>= 8;
739         *(p++) = crc & 0xff; crc >>= 8;
740         *(p++) = crc & 0xff; crc >>= 8;
741         *(p++) = crc & 0xff;
742     }
743     if (size & 1) {
744         *(p++) = buf[size - 1];
745         *p = 0x60;
746     } else {
747         *(p++) = 0;
748         *p = 0x40;
749     }
750     /* TODO: Raise early RX interrupt?  */
751     s->int_level |= INT_RCV;
752     smc91c111_update(s);
753 
754     return size;
755 }
756 
757 static const MemoryRegionOps smc91c111_mem_ops = {
758     /* The special case for 32 bit writes to 0xc means we can't just
759      * set .impl.min/max_access_size to 1, unfortunately
760      */
761     .read = smc91c111_readfn,
762     .write = smc91c111_writefn,
763     .valid.min_access_size = 1,
764     .valid.max_access_size = 4,
765     .endianness = DEVICE_NATIVE_ENDIAN,
766 };
767 
768 static NetClientInfo net_smc91c111_info = {
769     .type = NET_CLIENT_DRIVER_NIC,
770     .size = sizeof(NICState),
771     .can_receive = smc91c111_can_receive_nc,
772     .receive = smc91c111_receive,
773 };
774 
smc91c111_realize(DeviceState * dev,Error ** errp)775 static void smc91c111_realize(DeviceState *dev, Error **errp)
776 {
777     SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
778     smc91c111_state *s = SMC91C111(dev);
779 
780     memory_region_init_io(&s->mmio, OBJECT(s), &smc91c111_mem_ops, s,
781                           "smc91c111-mmio", 16);
782     sysbus_init_mmio(sbd, &s->mmio);
783     sysbus_init_irq(sbd, &s->irq);
784     qemu_macaddr_default_if_unset(&s->conf.macaddr);
785     s->nic = qemu_new_nic(&net_smc91c111_info, &s->conf,
786                           object_get_typename(OBJECT(dev)), dev->id,
787                           &dev->mem_reentrancy_guard, s);
788     qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a);
789     /* ??? Save/restore.  */
790 }
791 
792 static Property smc91c111_properties[] = {
793     DEFINE_NIC_PROPERTIES(smc91c111_state, conf),
794     DEFINE_PROP_END_OF_LIST(),
795 };
796 
smc91c111_class_init(ObjectClass * klass,void * data)797 static void smc91c111_class_init(ObjectClass *klass, void *data)
798 {
799     DeviceClass *dc = DEVICE_CLASS(klass);
800 
801     dc->realize = smc91c111_realize;
802     dc->reset = smc91c111_reset;
803     dc->vmsd = &vmstate_smc91c111;
804     device_class_set_props(dc, smc91c111_properties);
805 }
806 
807 static const TypeInfo smc91c111_info = {
808     .name          = TYPE_SMC91C111,
809     .parent        = TYPE_SYS_BUS_DEVICE,
810     .instance_size = sizeof(smc91c111_state),
811     .class_init    = smc91c111_class_init,
812 };
813 
smc91c111_register_types(void)814 static void smc91c111_register_types(void)
815 {
816     type_register_static(&smc91c111_info);
817 }
818 
819 /* Legacy helper function.  Should go away when machine config files are
820    implemented.  */
smc91c111_init(uint32_t base,qemu_irq irq)821 void smc91c111_init(uint32_t base, qemu_irq irq)
822 {
823     DeviceState *dev;
824     SysBusDevice *s;
825 
826     dev = qdev_new(TYPE_SMC91C111);
827     qemu_configure_nic_device(dev, true, NULL);
828     s = SYS_BUS_DEVICE(dev);
829     sysbus_realize_and_unref(s, &error_fatal);
830     sysbus_mmio_map(s, 0, base);
831     sysbus_connect_irq(s, 0, irq);
832 }
833 
834 type_init(smc91c111_register_types)
835