1 /* 2 * QEMU TULIP Emulation 3 * 4 * Copyright (c) 2019 Sven Schnelle <svens@stackframe.org> 5 * 6 * This work is licensed under the GNU GPL license version 2 or later. 7 */ 8 9 #include "qemu/osdep.h" 10 #include "qemu/log.h" 11 #include "hw/irq.h" 12 #include "hw/pci/pci.h" 13 #include "hw/qdev-properties.h" 14 #include "hw/nvram/eeprom93xx.h" 15 #include "migration/vmstate.h" 16 #include "sysemu/sysemu.h" 17 #include "tulip.h" 18 #include "trace.h" 19 #include "net/eth.h" 20 21 struct TULIPState { 22 PCIDevice dev; 23 MemoryRegion io; 24 MemoryRegion memory; 25 NICConf c; 26 qemu_irq irq; 27 NICState *nic; 28 eeprom_t *eeprom; 29 uint32_t csr[16]; 30 31 /* state for MII */ 32 uint32_t old_csr9; 33 uint32_t mii_word; 34 uint32_t mii_bitcnt; 35 36 hwaddr current_rx_desc; 37 hwaddr current_tx_desc; 38 39 uint8_t rx_frame[2048]; 40 uint8_t tx_frame[2048]; 41 uint16_t tx_frame_len; 42 uint16_t rx_frame_len; 43 uint16_t rx_frame_size; 44 45 uint32_t rx_status; 46 uint8_t filter[16][6]; 47 }; 48 49 static const VMStateDescription vmstate_pci_tulip = { 50 .name = "tulip", 51 .fields = (VMStateField[]) { 52 VMSTATE_PCI_DEVICE(dev, TULIPState), 53 VMSTATE_UINT32_ARRAY(csr, TULIPState, 16), 54 VMSTATE_UINT32(old_csr9, TULIPState), 55 VMSTATE_UINT32(mii_word, TULIPState), 56 VMSTATE_UINT32(mii_bitcnt, TULIPState), 57 VMSTATE_UINT64(current_rx_desc, TULIPState), 58 VMSTATE_UINT64(current_tx_desc, TULIPState), 59 VMSTATE_BUFFER(rx_frame, TULIPState), 60 VMSTATE_BUFFER(tx_frame, TULIPState), 61 VMSTATE_UINT16(rx_frame_len, TULIPState), 62 VMSTATE_UINT16(tx_frame_len, TULIPState), 63 VMSTATE_UINT16(rx_frame_size, TULIPState), 64 VMSTATE_UINT32(rx_status, TULIPState), 65 VMSTATE_UINT8_2DARRAY(filter, TULIPState, 16, 6), 66 VMSTATE_END_OF_LIST() 67 } 68 }; 69 70 static void tulip_desc_read(TULIPState *s, hwaddr p, 71 struct tulip_descriptor *desc) 72 { 73 if (s->csr[0] & CSR0_DBO) { 74 desc->status = ldl_be_pci_dma(&s->dev, p); 75 desc->control = ldl_be_pci_dma(&s->dev, p + 4); 76 desc->buf_addr1 = ldl_be_pci_dma(&s->dev, p + 8); 77 desc->buf_addr2 = ldl_be_pci_dma(&s->dev, p + 12); 78 } else { 79 desc->status = ldl_le_pci_dma(&s->dev, p); 80 desc->control = ldl_le_pci_dma(&s->dev, p + 4); 81 desc->buf_addr1 = ldl_le_pci_dma(&s->dev, p + 8); 82 desc->buf_addr2 = ldl_le_pci_dma(&s->dev, p + 12); 83 } 84 } 85 86 static void tulip_desc_write(TULIPState *s, hwaddr p, 87 struct tulip_descriptor *desc) 88 { 89 const MemTxAttrs attrs = MEMTXATTRS_UNSPECIFIED; 90 91 if (s->csr[0] & CSR0_DBO) { 92 stl_be_pci_dma(&s->dev, p, desc->status, attrs); 93 stl_be_pci_dma(&s->dev, p + 4, desc->control, attrs); 94 stl_be_pci_dma(&s->dev, p + 8, desc->buf_addr1, attrs); 95 stl_be_pci_dma(&s->dev, p + 12, desc->buf_addr2, attrs); 96 } else { 97 stl_le_pci_dma(&s->dev, p, desc->status, attrs); 98 stl_le_pci_dma(&s->dev, p + 4, desc->control, attrs); 99 stl_le_pci_dma(&s->dev, p + 8, desc->buf_addr1, attrs); 100 stl_le_pci_dma(&s->dev, p + 12, desc->buf_addr2, attrs); 101 } 102 } 103 104 static void tulip_update_int(TULIPState *s) 105 { 106 uint32_t ie = s->csr[5] & s->csr[7]; 107 bool assert = false; 108 109 s->csr[5] &= ~(CSR5_AIS | CSR5_NIS); 110 111 if (ie & (CSR5_TI | CSR5_TU | CSR5_RI | CSR5_GTE | CSR5_ERI)) { 112 s->csr[5] |= CSR5_NIS; 113 } 114 115 if (ie & (CSR5_LC | CSR5_GPI | CSR5_FBE | CSR5_LNF | CSR5_ETI | CSR5_RWT | 116 CSR5_RPS | CSR5_RU | CSR5_UNF | CSR5_LNP_ANC | CSR5_TJT | 117 CSR5_TPS)) { 118 s->csr[5] |= CSR5_AIS; 119 } 120 121 assert = s->csr[5] & s->csr[7] & (CSR5_AIS | CSR5_NIS); 122 trace_tulip_irq(s->csr[5], s->csr[7], assert ? "assert" : "deassert"); 123 qemu_set_irq(s->irq, assert); 124 } 125 126 static bool tulip_rx_stopped(TULIPState *s) 127 { 128 return ((s->csr[5] >> CSR5_RS_SHIFT) & CSR5_RS_MASK) == CSR5_RS_STOPPED; 129 } 130 131 static void tulip_dump_tx_descriptor(TULIPState *s, 132 struct tulip_descriptor *desc) 133 { 134 trace_tulip_descriptor("TX ", s->current_tx_desc, 135 desc->status, desc->control >> 22, 136 desc->control & 0x7ff, (desc->control >> 11) & 0x7ff, 137 desc->buf_addr1, desc->buf_addr2); 138 } 139 140 static void tulip_dump_rx_descriptor(TULIPState *s, 141 struct tulip_descriptor *desc) 142 { 143 trace_tulip_descriptor("RX ", s->current_rx_desc, 144 desc->status, desc->control >> 22, 145 desc->control & 0x7ff, (desc->control >> 11) & 0x7ff, 146 desc->buf_addr1, desc->buf_addr2); 147 } 148 149 static void tulip_next_rx_descriptor(TULIPState *s, 150 struct tulip_descriptor *desc) 151 { 152 if (desc->control & RDES1_RER) { 153 s->current_rx_desc = s->csr[3]; 154 } else if (desc->control & RDES1_RCH) { 155 s->current_rx_desc = desc->buf_addr2; 156 } else { 157 s->current_rx_desc += sizeof(struct tulip_descriptor) + 158 (((s->csr[0] >> CSR0_DSL_SHIFT) & CSR0_DSL_MASK) << 2); 159 } 160 s->current_rx_desc &= ~3ULL; 161 } 162 163 static void tulip_copy_rx_bytes(TULIPState *s, struct tulip_descriptor *desc) 164 { 165 int len1 = (desc->control >> RDES1_BUF1_SIZE_SHIFT) & RDES1_BUF1_SIZE_MASK; 166 int len2 = (desc->control >> RDES1_BUF2_SIZE_SHIFT) & RDES1_BUF2_SIZE_MASK; 167 int len; 168 169 if (s->rx_frame_len && len1) { 170 if (s->rx_frame_len > len1) { 171 len = len1; 172 } else { 173 len = s->rx_frame_len; 174 } 175 176 pci_dma_write(&s->dev, desc->buf_addr1, s->rx_frame + 177 (s->rx_frame_size - s->rx_frame_len), len); 178 s->rx_frame_len -= len; 179 } 180 181 if (s->rx_frame_len && len2) { 182 if (s->rx_frame_len > len2) { 183 len = len2; 184 } else { 185 len = s->rx_frame_len; 186 } 187 188 pci_dma_write(&s->dev, desc->buf_addr2, s->rx_frame + 189 (s->rx_frame_size - s->rx_frame_len), len); 190 s->rx_frame_len -= len; 191 } 192 } 193 194 static bool tulip_filter_address(TULIPState *s, const uint8_t *addr) 195 { 196 static const char broadcast[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }; 197 bool ret = false; 198 int i; 199 200 for (i = 0; i < 16 && ret == false; i++) { 201 if (!memcmp(&s->filter[i], addr, ETH_ALEN)) { 202 ret = true; 203 } 204 } 205 206 if (!memcmp(addr, broadcast, ETH_ALEN)) { 207 return true; 208 } 209 210 if (s->csr[6] & (CSR6_PR | CSR6_RA)) { 211 /* Promiscuous mode enabled */ 212 s->rx_status |= RDES0_FF; 213 return true; 214 } 215 216 if ((s->csr[6] & CSR6_PM) && (addr[0] & 1)) { 217 /* Pass all Multicast enabled */ 218 s->rx_status |= RDES0_MF; 219 return true; 220 } 221 222 if (s->csr[6] & CSR6_IF) { 223 ret ^= true; 224 } 225 return ret; 226 } 227 228 static ssize_t tulip_receive(TULIPState *s, const uint8_t *buf, size_t size) 229 { 230 struct tulip_descriptor desc; 231 232 trace_tulip_receive(buf, size); 233 234 if (size < 14 || size > sizeof(s->rx_frame) - 4 235 || s->rx_frame_len || tulip_rx_stopped(s)) { 236 return 0; 237 } 238 239 if (!tulip_filter_address(s, buf)) { 240 return size; 241 } 242 243 do { 244 tulip_desc_read(s, s->current_rx_desc, &desc); 245 tulip_dump_rx_descriptor(s, &desc); 246 247 if (!(desc.status & RDES0_OWN)) { 248 s->csr[5] |= CSR5_RU; 249 tulip_update_int(s); 250 return s->rx_frame_size - s->rx_frame_len; 251 } 252 desc.status = 0; 253 254 if (!s->rx_frame_len) { 255 s->rx_frame_size = size + 4; 256 s->rx_status = RDES0_LS | 257 ((s->rx_frame_size & RDES0_FL_MASK) << RDES0_FL_SHIFT); 258 desc.status |= RDES0_FS; 259 memcpy(s->rx_frame, buf, size); 260 s->rx_frame_len = s->rx_frame_size; 261 } 262 263 tulip_copy_rx_bytes(s, &desc); 264 265 if (!s->rx_frame_len) { 266 desc.status |= s->rx_status; 267 s->csr[5] |= CSR5_RI; 268 tulip_update_int(s); 269 } 270 tulip_dump_rx_descriptor(s, &desc); 271 tulip_desc_write(s, s->current_rx_desc, &desc); 272 tulip_next_rx_descriptor(s, &desc); 273 } while (s->rx_frame_len); 274 return size; 275 } 276 277 static ssize_t tulip_receive_nc(NetClientState *nc, 278 const uint8_t *buf, size_t size) 279 { 280 return tulip_receive(qemu_get_nic_opaque(nc), buf, size); 281 } 282 283 static NetClientInfo net_tulip_info = { 284 .type = NET_CLIENT_DRIVER_NIC, 285 .size = sizeof(NICState), 286 .receive = tulip_receive_nc, 287 }; 288 289 static const char *tulip_reg_name(const hwaddr addr) 290 { 291 switch (addr) { 292 case CSR(0): 293 return "CSR0"; 294 295 case CSR(1): 296 return "CSR1"; 297 298 case CSR(2): 299 return "CSR2"; 300 301 case CSR(3): 302 return "CSR3"; 303 304 case CSR(4): 305 return "CSR4"; 306 307 case CSR(5): 308 return "CSR5"; 309 310 case CSR(6): 311 return "CSR6"; 312 313 case CSR(7): 314 return "CSR7"; 315 316 case CSR(8): 317 return "CSR8"; 318 319 case CSR(9): 320 return "CSR9"; 321 322 case CSR(10): 323 return "CSR10"; 324 325 case CSR(11): 326 return "CSR11"; 327 328 case CSR(12): 329 return "CSR12"; 330 331 case CSR(13): 332 return "CSR13"; 333 334 case CSR(14): 335 return "CSR14"; 336 337 case CSR(15): 338 return "CSR15"; 339 340 default: 341 break; 342 } 343 return ""; 344 } 345 346 static const char *tulip_rx_state_name(int state) 347 { 348 switch (state) { 349 case CSR5_RS_STOPPED: 350 return "STOPPED"; 351 352 case CSR5_RS_RUNNING_FETCH: 353 return "RUNNING/FETCH"; 354 355 case CSR5_RS_RUNNING_CHECK_EOR: 356 return "RUNNING/CHECK EOR"; 357 358 case CSR5_RS_RUNNING_WAIT_RECEIVE: 359 return "WAIT RECEIVE"; 360 361 case CSR5_RS_SUSPENDED: 362 return "SUSPENDED"; 363 364 case CSR5_RS_RUNNING_CLOSE: 365 return "RUNNING/CLOSE"; 366 367 case CSR5_RS_RUNNING_FLUSH: 368 return "RUNNING/FLUSH"; 369 370 case CSR5_RS_RUNNING_QUEUE: 371 return "RUNNING/QUEUE"; 372 373 default: 374 break; 375 } 376 return ""; 377 } 378 379 static const char *tulip_tx_state_name(int state) 380 { 381 switch (state) { 382 case CSR5_TS_STOPPED: 383 return "STOPPED"; 384 385 case CSR5_TS_RUNNING_FETCH: 386 return "RUNNING/FETCH"; 387 388 case CSR5_TS_RUNNING_WAIT_EOT: 389 return "RUNNING/WAIT EOT"; 390 391 case CSR5_TS_RUNNING_READ_BUF: 392 return "RUNNING/READ BUF"; 393 394 case CSR5_TS_RUNNING_SETUP: 395 return "RUNNING/SETUP"; 396 397 case CSR5_TS_SUSPENDED: 398 return "SUSPENDED"; 399 400 case CSR5_TS_RUNNING_CLOSE: 401 return "RUNNING/CLOSE"; 402 403 default: 404 break; 405 } 406 return ""; 407 } 408 409 static void tulip_update_rs(TULIPState *s, int state) 410 { 411 s->csr[5] &= ~(CSR5_RS_MASK << CSR5_RS_SHIFT); 412 s->csr[5] |= (state & CSR5_RS_MASK) << CSR5_RS_SHIFT; 413 trace_tulip_rx_state(tulip_rx_state_name(state)); 414 } 415 416 static uint16_t tulip_mdi_default[] = { 417 /* MDI Registers 0 - 6, 7 */ 418 0x3100, 0xf02c, 0x7810, 0x0000, 0x0501, 0x4181, 0x0000, 0x0000, 419 /* MDI Registers 8 - 15 */ 420 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 421 /* MDI Registers 16 - 31 */ 422 0x0003, 0x0000, 0x0001, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 423 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 424 }; 425 426 /* Readonly mask for MDI (PHY) registers */ 427 static const uint16_t tulip_mdi_mask[] = { 428 0x0000, 0xffff, 0xffff, 0xffff, 0xc01f, 0xffff, 0xffff, 0x0000, 429 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 430 0x0fff, 0x0000, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 431 0xffff, 0xffff, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 432 }; 433 434 static uint16_t tulip_mii_read(TULIPState *s, int phy, int reg) 435 { 436 uint16_t ret = 0; 437 if (phy == 1) { 438 ret = tulip_mdi_default[reg]; 439 } 440 trace_tulip_mii_read(phy, reg, ret); 441 return ret; 442 } 443 444 static void tulip_mii_write(TULIPState *s, int phy, int reg, uint16_t data) 445 { 446 trace_tulip_mii_write(phy, reg, data); 447 448 if (phy != 1) { 449 return; 450 } 451 452 tulip_mdi_default[reg] &= ~tulip_mdi_mask[reg]; 453 tulip_mdi_default[reg] |= (data & tulip_mdi_mask[reg]); 454 } 455 456 static void tulip_mii(TULIPState *s) 457 { 458 uint32_t changed = s->old_csr9 ^ s->csr[9]; 459 uint16_t data; 460 int op, phy, reg; 461 462 if (!(changed & CSR9_MDC)) { 463 return; 464 } 465 466 if (!(s->csr[9] & CSR9_MDC)) { 467 return; 468 } 469 470 s->mii_bitcnt++; 471 s->mii_word <<= 1; 472 473 if (s->csr[9] & CSR9_MDO && (s->mii_bitcnt < 16 || 474 !(s->csr[9] & CSR9_MII))) { 475 /* write op or address bits */ 476 s->mii_word |= 1; 477 } 478 479 if (s->mii_bitcnt >= 16 && (s->csr[9] & CSR9_MII)) { 480 if (s->mii_word & 0x8000) { 481 s->csr[9] |= CSR9_MDI; 482 } else { 483 s->csr[9] &= ~CSR9_MDI; 484 } 485 } 486 487 if (s->mii_word == 0xffffffff) { 488 s->mii_bitcnt = 0; 489 } else if (s->mii_bitcnt == 16) { 490 op = (s->mii_word >> 12) & 0x0f; 491 phy = (s->mii_word >> 7) & 0x1f; 492 reg = (s->mii_word >> 2) & 0x1f; 493 494 if (op == 6) { 495 s->mii_word = tulip_mii_read(s, phy, reg); 496 } 497 } else if (s->mii_bitcnt == 32) { 498 op = (s->mii_word >> 28) & 0x0f; 499 phy = (s->mii_word >> 23) & 0x1f; 500 reg = (s->mii_word >> 18) & 0x1f; 501 data = s->mii_word & 0xffff; 502 503 if (op == 5) { 504 tulip_mii_write(s, phy, reg, data); 505 } 506 } 507 } 508 509 static uint32_t tulip_csr9_read(TULIPState *s) 510 { 511 if (s->csr[9] & CSR9_SR) { 512 if (eeprom93xx_read(s->eeprom)) { 513 s->csr[9] |= CSR9_SR_DO; 514 } else { 515 s->csr[9] &= ~CSR9_SR_DO; 516 } 517 } 518 519 tulip_mii(s); 520 return s->csr[9]; 521 } 522 523 static void tulip_update_ts(TULIPState *s, int state) 524 { 525 s->csr[5] &= ~(CSR5_TS_MASK << CSR5_TS_SHIFT); 526 s->csr[5] |= (state & CSR5_TS_MASK) << CSR5_TS_SHIFT; 527 trace_tulip_tx_state(tulip_tx_state_name(state)); 528 } 529 530 static uint64_t tulip_read(void *opaque, hwaddr addr, 531 unsigned size) 532 { 533 TULIPState *s = opaque; 534 uint64_t data = 0; 535 536 switch (addr) { 537 case CSR(9): 538 data = tulip_csr9_read(s); 539 break; 540 541 case CSR(12): 542 /* Fake autocompletion complete until we have PHY emulation */ 543 data = 5 << CSR12_ANS_SHIFT; 544 break; 545 546 default: 547 if (addr & 7) { 548 qemu_log_mask(LOG_GUEST_ERROR, "%s: read access at unknown address" 549 " 0x%"PRIx64"\n", __func__, addr); 550 } else { 551 data = s->csr[addr >> 3]; 552 } 553 break; 554 } 555 trace_tulip_reg_read(addr, tulip_reg_name(addr), size, data); 556 return data; 557 } 558 559 static void tulip_tx(TULIPState *s, struct tulip_descriptor *desc) 560 { 561 if (s->tx_frame_len) { 562 if ((s->csr[6] >> CSR6_OM_SHIFT) & CSR6_OM_MASK) { 563 /* Internal or external Loopback */ 564 tulip_receive(s, s->tx_frame, s->tx_frame_len); 565 } else if (s->tx_frame_len <= sizeof(s->tx_frame)) { 566 qemu_send_packet(qemu_get_queue(s->nic), 567 s->tx_frame, s->tx_frame_len); 568 } 569 } 570 571 if (desc->control & TDES1_IC) { 572 s->csr[5] |= CSR5_TI; 573 tulip_update_int(s); 574 } 575 } 576 577 static int tulip_copy_tx_buffers(TULIPState *s, struct tulip_descriptor *desc) 578 { 579 int len1 = (desc->control >> TDES1_BUF1_SIZE_SHIFT) & TDES1_BUF1_SIZE_MASK; 580 int len2 = (desc->control >> TDES1_BUF2_SIZE_SHIFT) & TDES1_BUF2_SIZE_MASK; 581 582 if (s->tx_frame_len + len1 > sizeof(s->tx_frame)) { 583 qemu_log_mask(LOG_GUEST_ERROR, 584 "%s: descriptor overflow (ofs: %u, len:%d, size:%zu)\n", 585 __func__, s->tx_frame_len, len1, sizeof(s->tx_frame)); 586 return -1; 587 } 588 if (len1) { 589 pci_dma_read(&s->dev, desc->buf_addr1, 590 s->tx_frame + s->tx_frame_len, len1); 591 s->tx_frame_len += len1; 592 } 593 594 if (s->tx_frame_len + len2 > sizeof(s->tx_frame)) { 595 qemu_log_mask(LOG_GUEST_ERROR, 596 "%s: descriptor overflow (ofs: %u, len:%d, size:%zu)\n", 597 __func__, s->tx_frame_len, len2, sizeof(s->tx_frame)); 598 return -1; 599 } 600 if (len2) { 601 pci_dma_read(&s->dev, desc->buf_addr2, 602 s->tx_frame + s->tx_frame_len, len2); 603 s->tx_frame_len += len2; 604 } 605 desc->status = (len1 + len2) ? 0 : 0x7fffffff; 606 607 return 0; 608 } 609 610 static void tulip_setup_filter_addr(TULIPState *s, uint8_t *buf, int n) 611 { 612 int offset = n * 12; 613 614 s->filter[n][0] = buf[offset]; 615 s->filter[n][1] = buf[offset + 1]; 616 617 s->filter[n][2] = buf[offset + 4]; 618 s->filter[n][3] = buf[offset + 5]; 619 620 s->filter[n][4] = buf[offset + 8]; 621 s->filter[n][5] = buf[offset + 9]; 622 623 trace_tulip_setup_filter(n, s->filter[n][5], s->filter[n][4], 624 s->filter[n][3], s->filter[n][2], s->filter[n][1], s->filter[n][0]); 625 } 626 627 static void tulip_setup_frame(TULIPState *s, 628 struct tulip_descriptor *desc) 629 { 630 uint8_t buf[4096]; 631 int len = (desc->control >> TDES1_BUF1_SIZE_SHIFT) & TDES1_BUF1_SIZE_MASK; 632 int i; 633 634 trace_tulip_setup_frame(); 635 636 if (len == 192) { 637 pci_dma_read(&s->dev, desc->buf_addr1, buf, len); 638 for (i = 0; i < 16; i++) { 639 tulip_setup_filter_addr(s, buf, i); 640 } 641 } 642 643 desc->status = 0x7fffffff; 644 645 if (desc->control & TDES1_IC) { 646 s->csr[5] |= CSR5_TI; 647 tulip_update_int(s); 648 } 649 } 650 651 static void tulip_next_tx_descriptor(TULIPState *s, 652 struct tulip_descriptor *desc) 653 { 654 if (desc->control & TDES1_TER) { 655 s->current_tx_desc = s->csr[4]; 656 } else if (desc->control & TDES1_TCH) { 657 s->current_tx_desc = desc->buf_addr2; 658 } else { 659 s->current_tx_desc += sizeof(struct tulip_descriptor) + 660 (((s->csr[0] >> CSR0_DSL_SHIFT) & CSR0_DSL_MASK) << 2); 661 } 662 s->current_tx_desc &= ~3ULL; 663 } 664 665 static uint32_t tulip_ts(TULIPState *s) 666 { 667 return (s->csr[5] >> CSR5_TS_SHIFT) & CSR5_TS_MASK; 668 } 669 670 static void tulip_xmit_list_update(TULIPState *s) 671 { 672 #define TULIP_DESC_MAX 128 673 uint8_t i = 0; 674 struct tulip_descriptor desc; 675 676 if (tulip_ts(s) != CSR5_TS_SUSPENDED) { 677 return; 678 } 679 680 for (i = 0; i < TULIP_DESC_MAX; i++) { 681 tulip_desc_read(s, s->current_tx_desc, &desc); 682 tulip_dump_tx_descriptor(s, &desc); 683 684 if (!(desc.status & TDES0_OWN)) { 685 tulip_update_ts(s, CSR5_TS_SUSPENDED); 686 s->csr[5] |= CSR5_TU; 687 tulip_update_int(s); 688 return; 689 } 690 691 if (desc.control & TDES1_SET) { 692 tulip_setup_frame(s, &desc); 693 } else { 694 if (desc.control & TDES1_FS) { 695 s->tx_frame_len = 0; 696 } 697 698 if (!tulip_copy_tx_buffers(s, &desc)) { 699 if (desc.control & TDES1_LS) { 700 tulip_tx(s, &desc); 701 } 702 } 703 } 704 tulip_desc_write(s, s->current_tx_desc, &desc); 705 tulip_next_tx_descriptor(s, &desc); 706 } 707 } 708 709 static void tulip_csr9_write(TULIPState *s, uint32_t old_val, 710 uint32_t new_val) 711 { 712 if (new_val & CSR9_SR) { 713 eeprom93xx_write(s->eeprom, 714 !!(new_val & CSR9_SR_CS), 715 !!(new_val & CSR9_SR_SK), 716 !!(new_val & CSR9_SR_DI)); 717 } 718 } 719 720 static void tulip_reset(TULIPState *s) 721 { 722 trace_tulip_reset(); 723 724 s->csr[0] = 0xfe000000; 725 s->csr[1] = 0xffffffff; 726 s->csr[2] = 0xffffffff; 727 s->csr[5] = 0xf0000000; 728 s->csr[6] = 0x32000040; 729 s->csr[7] = 0xf3fe0000; 730 s->csr[8] = 0xe0000000; 731 s->csr[9] = 0xfff483ff; 732 s->csr[11] = 0xfffe0000; 733 s->csr[12] = 0x000000c6; 734 s->csr[13] = 0xffff0000; 735 s->csr[14] = 0xffffffff; 736 s->csr[15] = 0x8ff00000; 737 } 738 739 static void tulip_qdev_reset(DeviceState *dev) 740 { 741 PCIDevice *d = PCI_DEVICE(dev); 742 TULIPState *s = TULIP(d); 743 744 tulip_reset(s); 745 } 746 747 static void tulip_write(void *opaque, hwaddr addr, 748 uint64_t data, unsigned size) 749 { 750 TULIPState *s = opaque; 751 trace_tulip_reg_write(addr, tulip_reg_name(addr), size, data); 752 753 switch (addr) { 754 case CSR(0): 755 s->csr[0] = data; 756 if (data & CSR0_SWR) { 757 tulip_reset(s); 758 tulip_update_int(s); 759 } 760 break; 761 762 case CSR(1): 763 tulip_xmit_list_update(s); 764 break; 765 766 case CSR(2): 767 qemu_flush_queued_packets(qemu_get_queue(s->nic)); 768 break; 769 770 case CSR(3): 771 s->csr[3] = data & ~3ULL; 772 s->current_rx_desc = s->csr[3]; 773 qemu_flush_queued_packets(qemu_get_queue(s->nic)); 774 break; 775 776 case CSR(4): 777 s->csr[4] = data & ~3ULL; 778 s->current_tx_desc = s->csr[4]; 779 tulip_xmit_list_update(s); 780 break; 781 782 case CSR(5): 783 /* Status register, write clears bit */ 784 s->csr[5] &= ~(data & (CSR5_TI | CSR5_TPS | CSR5_TU | CSR5_TJT | 785 CSR5_LNP_ANC | CSR5_UNF | CSR5_RI | CSR5_RU | 786 CSR5_RPS | CSR5_RWT | CSR5_ETI | CSR5_GTE | 787 CSR5_LNF | CSR5_FBE | CSR5_ERI | CSR5_AIS | 788 CSR5_NIS | CSR5_GPI | CSR5_LC)); 789 tulip_update_int(s); 790 break; 791 792 case CSR(6): 793 s->csr[6] = data; 794 if (s->csr[6] & CSR6_SR) { 795 tulip_update_rs(s, CSR5_RS_RUNNING_WAIT_RECEIVE); 796 qemu_flush_queued_packets(qemu_get_queue(s->nic)); 797 } else { 798 tulip_update_rs(s, CSR5_RS_STOPPED); 799 } 800 801 if (s->csr[6] & CSR6_ST) { 802 tulip_update_ts(s, CSR5_TS_SUSPENDED); 803 tulip_xmit_list_update(s); 804 } else { 805 tulip_update_ts(s, CSR5_TS_STOPPED); 806 } 807 break; 808 809 case CSR(7): 810 s->csr[7] = data; 811 tulip_update_int(s); 812 break; 813 814 case CSR(8): 815 s->csr[9] = data; 816 break; 817 818 case CSR(9): 819 tulip_csr9_write(s, s->csr[9], data); 820 /* don't clear MII read data */ 821 s->csr[9] &= CSR9_MDI; 822 s->csr[9] |= (data & ~CSR9_MDI); 823 tulip_mii(s); 824 s->old_csr9 = s->csr[9]; 825 break; 826 827 case CSR(10): 828 s->csr[10] = data; 829 break; 830 831 case CSR(11): 832 s->csr[11] = data; 833 break; 834 835 case CSR(12): 836 /* SIA Status register, some bits are cleared by writing 1 */ 837 s->csr[12] &= ~(data & (CSR12_MRA | CSR12_TRA | CSR12_ARA)); 838 break; 839 840 case CSR(13): 841 s->csr[13] = data; 842 break; 843 844 case CSR(14): 845 s->csr[14] = data; 846 break; 847 848 case CSR(15): 849 s->csr[15] = data; 850 break; 851 852 default: 853 qemu_log_mask(LOG_GUEST_ERROR, "%s: write to CSR at unknown address " 854 "0x%"PRIx64"\n", __func__, addr); 855 break; 856 } 857 } 858 859 static const MemoryRegionOps tulip_ops = { 860 .read = tulip_read, 861 .write = tulip_write, 862 .endianness = DEVICE_LITTLE_ENDIAN, 863 .impl = { 864 .min_access_size = 4, 865 .max_access_size = 4, 866 }, 867 }; 868 869 static void tulip_idblock_crc(TULIPState *s, uint16_t *srom) 870 { 871 int word, n; 872 int bit; 873 unsigned char bitval, crc; 874 const int len = 9; 875 n = 0; 876 crc = -1; 877 878 for (word = 0; word < len; word++) { 879 for (bit = 15; bit >= 0; bit--) { 880 if ((word == (len - 1)) && (bit == 7)) { 881 /* 882 * Insert the correct CRC result into input data stream 883 * in place. 884 */ 885 srom[len - 1] = (srom[len - 1] & 0xff00) | (unsigned short)crc; 886 break; 887 } 888 n++; 889 bitval = ((srom[word] >> bit) & 1) ^ ((crc >> 7) & 1); 890 crc = crc << 1; 891 if (bitval == 1) { 892 crc ^= 6; 893 crc |= 0x01; 894 } 895 } 896 } 897 } 898 899 static uint16_t tulip_srom_crc(TULIPState *s, uint8_t *eeprom, size_t len) 900 { 901 unsigned long crc = 0xffffffff; 902 unsigned long flippedcrc = 0; 903 unsigned char currentbyte; 904 unsigned int msb, bit, i; 905 906 for (i = 0; i < len; i++) { 907 currentbyte = eeprom[i]; 908 for (bit = 0; bit < 8; bit++) { 909 msb = (crc >> 31) & 1; 910 crc <<= 1; 911 if (msb ^ (currentbyte & 1)) { 912 crc ^= 0x04c11db6; 913 crc |= 0x00000001; 914 } 915 currentbyte >>= 1; 916 } 917 } 918 919 for (i = 0; i < 32; i++) { 920 flippedcrc <<= 1; 921 bit = crc & 1; 922 crc >>= 1; 923 flippedcrc += bit; 924 } 925 return (flippedcrc ^ 0xffffffff) & 0xffff; 926 } 927 928 static const uint8_t eeprom_default[128] = { 929 0x3c, 0x10, 0x4f, 0x10, 0x00, 0x00, 0x00, 0x00, 930 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 931 0x56, 0x08, 0x04, 0x01, 0x00, 0x80, 0x48, 0xb3, 932 0x0e, 0xa7, 0x00, 0x1e, 0x00, 0x00, 0x00, 0x08, 933 0x01, 0x8d, 0x03, 0x00, 0x00, 0x00, 0x00, 0x78, 934 0xe0, 0x01, 0x00, 0x50, 0x00, 0x18, 0x00, 0x00, 935 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 936 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 937 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 938 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 939 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 940 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xe8, 0x6b, 941 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80, 942 0x48, 0xb3, 0x0e, 0xa7, 0x40, 0x00, 0x00, 0x00, 943 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 944 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 945 }; 946 947 static void tulip_fill_eeprom(TULIPState *s) 948 { 949 uint16_t *eeprom = eeprom93xx_data(s->eeprom); 950 memcpy(eeprom, eeprom_default, 128); 951 952 /* patch in our mac address */ 953 eeprom[10] = cpu_to_le16(s->c.macaddr.a[0] | (s->c.macaddr.a[1] << 8)); 954 eeprom[11] = cpu_to_le16(s->c.macaddr.a[2] | (s->c.macaddr.a[3] << 8)); 955 eeprom[12] = cpu_to_le16(s->c.macaddr.a[4] | (s->c.macaddr.a[5] << 8)); 956 tulip_idblock_crc(s, eeprom); 957 eeprom[63] = cpu_to_le16(tulip_srom_crc(s, (uint8_t *)eeprom, 126)); 958 } 959 960 static void pci_tulip_realize(PCIDevice *pci_dev, Error **errp) 961 { 962 TULIPState *s = DO_UPCAST(TULIPState, dev, pci_dev); 963 uint8_t *pci_conf; 964 965 pci_conf = s->dev.config; 966 pci_conf[PCI_INTERRUPT_PIN] = 1; /* interrupt pin A */ 967 968 s->eeprom = eeprom93xx_new(&pci_dev->qdev, 64); 969 tulip_fill_eeprom(s); 970 971 memory_region_init_io(&s->io, OBJECT(&s->dev), &tulip_ops, s, 972 "tulip-io", 128); 973 974 memory_region_init_io(&s->memory, OBJECT(&s->dev), &tulip_ops, s, 975 "tulip-mem", 128); 976 977 pci_register_bar(&s->dev, 0, PCI_BASE_ADDRESS_SPACE_IO, &s->io); 978 pci_register_bar(&s->dev, 1, PCI_BASE_ADDRESS_SPACE_MEMORY, &s->memory); 979 980 s->irq = pci_allocate_irq(&s->dev); 981 982 qemu_macaddr_default_if_unset(&s->c.macaddr); 983 984 s->nic = qemu_new_nic(&net_tulip_info, &s->c, 985 object_get_typename(OBJECT(pci_dev)), 986 pci_dev->qdev.id, s); 987 qemu_format_nic_info_str(qemu_get_queue(s->nic), s->c.macaddr.a); 988 } 989 990 static void pci_tulip_exit(PCIDevice *pci_dev) 991 { 992 TULIPState *s = DO_UPCAST(TULIPState, dev, pci_dev); 993 994 qemu_del_nic(s->nic); 995 qemu_free_irq(s->irq); 996 eeprom93xx_free(&pci_dev->qdev, s->eeprom); 997 } 998 999 static void tulip_instance_init(Object *obj) 1000 { 1001 PCIDevice *pci_dev = PCI_DEVICE(obj); 1002 TULIPState *d = DO_UPCAST(TULIPState, dev, pci_dev); 1003 1004 device_add_bootindex_property(obj, &d->c.bootindex, 1005 "bootindex", "/ethernet-phy@0", 1006 &pci_dev->qdev); 1007 } 1008 1009 static Property tulip_properties[] = { 1010 DEFINE_NIC_PROPERTIES(TULIPState, c), 1011 DEFINE_PROP_END_OF_LIST(), 1012 }; 1013 1014 static void tulip_class_init(ObjectClass *klass, void *data) 1015 { 1016 DeviceClass *dc = DEVICE_CLASS(klass); 1017 PCIDeviceClass *k = PCI_DEVICE_CLASS(klass); 1018 1019 k->realize = pci_tulip_realize; 1020 k->exit = pci_tulip_exit; 1021 k->vendor_id = PCI_VENDOR_ID_DEC; 1022 k->device_id = PCI_DEVICE_ID_DEC_21143; 1023 k->subsystem_vendor_id = 0x103c; 1024 k->subsystem_id = 0x104f; 1025 k->class_id = PCI_CLASS_NETWORK_ETHERNET; 1026 dc->vmsd = &vmstate_pci_tulip; 1027 device_class_set_props(dc, tulip_properties); 1028 dc->reset = tulip_qdev_reset; 1029 set_bit(DEVICE_CATEGORY_NETWORK, dc->categories); 1030 } 1031 1032 static const TypeInfo tulip_info = { 1033 .name = TYPE_TULIP, 1034 .parent = TYPE_PCI_DEVICE, 1035 .instance_size = sizeof(TULIPState), 1036 .class_init = tulip_class_init, 1037 .instance_init = tulip_instance_init, 1038 .interfaces = (InterfaceInfo[]) { 1039 { INTERFACE_CONVENTIONAL_PCI_DEVICE }, 1040 { }, 1041 }, 1042 }; 1043 1044 static void tulip_register_types(void) 1045 { 1046 type_register_static(&tulip_info); 1047 } 1048 1049 type_init(tulip_register_types) 1050