1 /*
2 * QEMU TULIP Emulation
3 *
4 * Copyright (c) 2019 Sven Schnelle <svens@stackframe.org>
5 *
6 * This work is licensed under the GNU GPL license version 2 or later.
7 */
8
9 #include "qemu/osdep.h"
10 #include "qemu/log.h"
11 #include "hw/irq.h"
12 #include "hw/pci/pci_device.h"
13 #include "hw/qdev-properties.h"
14 #include "hw/nvram/eeprom93xx.h"
15 #include "migration/vmstate.h"
16 #include "sysemu/sysemu.h"
17 #include "tulip.h"
18 #include "trace.h"
19 #include "net/eth.h"
20
21 struct TULIPState {
22 PCIDevice dev;
23 MemoryRegion io;
24 MemoryRegion memory;
25 NICConf c;
26 qemu_irq irq;
27 NICState *nic;
28 eeprom_t *eeprom;
29 uint32_t csr[16];
30
31 /* state for MII */
32 uint32_t old_csr9;
33 uint32_t mii_word;
34 uint32_t mii_bitcnt;
35
36 hwaddr current_rx_desc;
37 hwaddr current_tx_desc;
38
39 uint8_t rx_frame[2048];
40 uint8_t tx_frame[2048];
41 uint16_t tx_frame_len;
42 uint16_t rx_frame_len;
43 uint16_t rx_frame_size;
44
45 uint32_t rx_status;
46 uint8_t filter[16][6];
47 };
48
49 static const VMStateDescription vmstate_pci_tulip = {
50 .name = "tulip",
51 .fields = (const VMStateField[]) {
52 VMSTATE_PCI_DEVICE(dev, TULIPState),
53 VMSTATE_UINT32_ARRAY(csr, TULIPState, 16),
54 VMSTATE_UINT32(old_csr9, TULIPState),
55 VMSTATE_UINT32(mii_word, TULIPState),
56 VMSTATE_UINT32(mii_bitcnt, TULIPState),
57 VMSTATE_UINT64(current_rx_desc, TULIPState),
58 VMSTATE_UINT64(current_tx_desc, TULIPState),
59 VMSTATE_BUFFER(rx_frame, TULIPState),
60 VMSTATE_BUFFER(tx_frame, TULIPState),
61 VMSTATE_UINT16(rx_frame_len, TULIPState),
62 VMSTATE_UINT16(tx_frame_len, TULIPState),
63 VMSTATE_UINT16(rx_frame_size, TULIPState),
64 VMSTATE_UINT32(rx_status, TULIPState),
65 VMSTATE_UINT8_2DARRAY(filter, TULIPState, 16, 6),
66 VMSTATE_END_OF_LIST()
67 }
68 };
69
tulip_desc_read(TULIPState * s,hwaddr p,struct tulip_descriptor * desc)70 static void tulip_desc_read(TULIPState *s, hwaddr p,
71 struct tulip_descriptor *desc)
72 {
73 const MemTxAttrs attrs = { .memory = true };
74
75 if (s->csr[0] & CSR0_DBO) {
76 ldl_be_pci_dma(&s->dev, p, &desc->status, attrs);
77 ldl_be_pci_dma(&s->dev, p + 4, &desc->control, attrs);
78 ldl_be_pci_dma(&s->dev, p + 8, &desc->buf_addr1, attrs);
79 ldl_be_pci_dma(&s->dev, p + 12, &desc->buf_addr2, attrs);
80 } else {
81 ldl_le_pci_dma(&s->dev, p, &desc->status, attrs);
82 ldl_le_pci_dma(&s->dev, p + 4, &desc->control, attrs);
83 ldl_le_pci_dma(&s->dev, p + 8, &desc->buf_addr1, attrs);
84 ldl_le_pci_dma(&s->dev, p + 12, &desc->buf_addr2, attrs);
85 }
86 }
87
tulip_desc_write(TULIPState * s,hwaddr p,struct tulip_descriptor * desc)88 static void tulip_desc_write(TULIPState *s, hwaddr p,
89 struct tulip_descriptor *desc)
90 {
91 const MemTxAttrs attrs = { .memory = true };
92
93 if (s->csr[0] & CSR0_DBO) {
94 stl_be_pci_dma(&s->dev, p, desc->status, attrs);
95 stl_be_pci_dma(&s->dev, p + 4, desc->control, attrs);
96 stl_be_pci_dma(&s->dev, p + 8, desc->buf_addr1, attrs);
97 stl_be_pci_dma(&s->dev, p + 12, desc->buf_addr2, attrs);
98 } else {
99 stl_le_pci_dma(&s->dev, p, desc->status, attrs);
100 stl_le_pci_dma(&s->dev, p + 4, desc->control, attrs);
101 stl_le_pci_dma(&s->dev, p + 8, desc->buf_addr1, attrs);
102 stl_le_pci_dma(&s->dev, p + 12, desc->buf_addr2, attrs);
103 }
104 }
105
tulip_update_int(TULIPState * s)106 static void tulip_update_int(TULIPState *s)
107 {
108 uint32_t ie = s->csr[5] & s->csr[7];
109 bool assert = false;
110
111 s->csr[5] &= ~(CSR5_AIS | CSR5_NIS);
112
113 if (ie & (CSR5_TI | CSR5_TU | CSR5_RI | CSR5_GTE | CSR5_ERI)) {
114 s->csr[5] |= CSR5_NIS;
115 }
116
117 if (ie & (CSR5_LC | CSR5_GPI | CSR5_FBE | CSR5_LNF | CSR5_ETI | CSR5_RWT |
118 CSR5_RPS | CSR5_RU | CSR5_UNF | CSR5_LNP_ANC | CSR5_TJT |
119 CSR5_TPS)) {
120 s->csr[5] |= CSR5_AIS;
121 }
122
123 assert = s->csr[5] & s->csr[7] & (CSR5_AIS | CSR5_NIS);
124 trace_tulip_irq(s->csr[5], s->csr[7], assert ? "assert" : "deassert");
125 qemu_set_irq(s->irq, assert);
126 }
127
tulip_rx_stopped(TULIPState * s)128 static bool tulip_rx_stopped(TULIPState *s)
129 {
130 return ((s->csr[5] >> CSR5_RS_SHIFT) & CSR5_RS_MASK) == CSR5_RS_STOPPED;
131 }
132
tulip_dump_tx_descriptor(TULIPState * s,struct tulip_descriptor * desc)133 static void tulip_dump_tx_descriptor(TULIPState *s,
134 struct tulip_descriptor *desc)
135 {
136 trace_tulip_descriptor("TX ", s->current_tx_desc,
137 desc->status, desc->control >> 22,
138 desc->control & 0x7ff, (desc->control >> 11) & 0x7ff,
139 desc->buf_addr1, desc->buf_addr2);
140 }
141
tulip_dump_rx_descriptor(TULIPState * s,struct tulip_descriptor * desc)142 static void tulip_dump_rx_descriptor(TULIPState *s,
143 struct tulip_descriptor *desc)
144 {
145 trace_tulip_descriptor("RX ", s->current_rx_desc,
146 desc->status, desc->control >> 22,
147 desc->control & 0x7ff, (desc->control >> 11) & 0x7ff,
148 desc->buf_addr1, desc->buf_addr2);
149 }
150
tulip_next_rx_descriptor(TULIPState * s,struct tulip_descriptor * desc)151 static void tulip_next_rx_descriptor(TULIPState *s,
152 struct tulip_descriptor *desc)
153 {
154 if (desc->control & RDES1_RER) {
155 s->current_rx_desc = s->csr[3];
156 } else if (desc->control & RDES1_RCH) {
157 s->current_rx_desc = desc->buf_addr2;
158 } else {
159 s->current_rx_desc += sizeof(struct tulip_descriptor) +
160 (((s->csr[0] >> CSR0_DSL_SHIFT) & CSR0_DSL_MASK) << 2);
161 }
162 s->current_rx_desc &= ~3ULL;
163 }
164
tulip_copy_rx_bytes(TULIPState * s,struct tulip_descriptor * desc)165 static void tulip_copy_rx_bytes(TULIPState *s, struct tulip_descriptor *desc)
166 {
167 int len1 = (desc->control >> RDES1_BUF1_SIZE_SHIFT) & RDES1_BUF1_SIZE_MASK;
168 int len2 = (desc->control >> RDES1_BUF2_SIZE_SHIFT) & RDES1_BUF2_SIZE_MASK;
169 int len;
170
171 if (s->rx_frame_len && len1) {
172 if (s->rx_frame_len > len1) {
173 len = len1;
174 } else {
175 len = s->rx_frame_len;
176 }
177
178 pci_dma_write(&s->dev, desc->buf_addr1, s->rx_frame +
179 (s->rx_frame_size - s->rx_frame_len), len);
180 s->rx_frame_len -= len;
181 }
182
183 if (s->rx_frame_len && len2) {
184 if (s->rx_frame_len > len2) {
185 len = len2;
186 } else {
187 len = s->rx_frame_len;
188 }
189
190 pci_dma_write(&s->dev, desc->buf_addr2, s->rx_frame +
191 (s->rx_frame_size - s->rx_frame_len), len);
192 s->rx_frame_len -= len;
193 }
194 }
195
tulip_filter_address(TULIPState * s,const uint8_t * addr)196 static bool tulip_filter_address(TULIPState *s, const uint8_t *addr)
197 {
198 static const char broadcast[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
199 bool ret = false;
200 int i;
201
202 for (i = 0; i < 16 && ret == false; i++) {
203 if (!memcmp(&s->filter[i], addr, ETH_ALEN)) {
204 ret = true;
205 }
206 }
207
208 if (!memcmp(addr, broadcast, ETH_ALEN)) {
209 return true;
210 }
211
212 if (s->csr[6] & (CSR6_PR | CSR6_RA)) {
213 /* Promiscuous mode enabled */
214 s->rx_status |= RDES0_FF;
215 return true;
216 }
217
218 if ((s->csr[6] & CSR6_PM) && (addr[0] & 1)) {
219 /* Pass all Multicast enabled */
220 s->rx_status |= RDES0_MF;
221 return true;
222 }
223
224 if (s->csr[6] & CSR6_IF) {
225 ret ^= true;
226 }
227 return ret;
228 }
229
tulip_receive(TULIPState * s,const uint8_t * buf,size_t size)230 static ssize_t tulip_receive(TULIPState *s, const uint8_t *buf, size_t size)
231 {
232 struct tulip_descriptor desc;
233
234 trace_tulip_receive(buf, size);
235
236 if (size < 14 || size > sizeof(s->rx_frame) - 4
237 || s->rx_frame_len || tulip_rx_stopped(s)) {
238 return 0;
239 }
240
241 if (!tulip_filter_address(s, buf)) {
242 return size;
243 }
244
245 do {
246 tulip_desc_read(s, s->current_rx_desc, &desc);
247 tulip_dump_rx_descriptor(s, &desc);
248
249 if (!(desc.status & RDES0_OWN)) {
250 s->csr[5] |= CSR5_RU;
251 tulip_update_int(s);
252 return s->rx_frame_size - s->rx_frame_len;
253 }
254 desc.status = 0;
255
256 if (!s->rx_frame_len) {
257 s->rx_frame_size = size + 4;
258 s->rx_status = RDES0_LS |
259 ((s->rx_frame_size & RDES0_FL_MASK) << RDES0_FL_SHIFT);
260 desc.status |= RDES0_FS;
261 memcpy(s->rx_frame, buf, size);
262 s->rx_frame_len = s->rx_frame_size;
263 }
264
265 tulip_copy_rx_bytes(s, &desc);
266
267 if (!s->rx_frame_len) {
268 desc.status |= s->rx_status;
269 s->csr[5] |= CSR5_RI;
270 tulip_update_int(s);
271 }
272 tulip_dump_rx_descriptor(s, &desc);
273 tulip_desc_write(s, s->current_rx_desc, &desc);
274 tulip_next_rx_descriptor(s, &desc);
275 } while (s->rx_frame_len);
276 return size;
277 }
278
tulip_receive_nc(NetClientState * nc,const uint8_t * buf,size_t size)279 static ssize_t tulip_receive_nc(NetClientState *nc,
280 const uint8_t *buf, size_t size)
281 {
282 return tulip_receive(qemu_get_nic_opaque(nc), buf, size);
283 }
284
285 static NetClientInfo net_tulip_info = {
286 .type = NET_CLIENT_DRIVER_NIC,
287 .size = sizeof(NICState),
288 .receive = tulip_receive_nc,
289 };
290
tulip_reg_name(const hwaddr addr)291 static const char *tulip_reg_name(const hwaddr addr)
292 {
293 switch (addr) {
294 case CSR(0):
295 return "CSR0";
296
297 case CSR(1):
298 return "CSR1";
299
300 case CSR(2):
301 return "CSR2";
302
303 case CSR(3):
304 return "CSR3";
305
306 case CSR(4):
307 return "CSR4";
308
309 case CSR(5):
310 return "CSR5";
311
312 case CSR(6):
313 return "CSR6";
314
315 case CSR(7):
316 return "CSR7";
317
318 case CSR(8):
319 return "CSR8";
320
321 case CSR(9):
322 return "CSR9";
323
324 case CSR(10):
325 return "CSR10";
326
327 case CSR(11):
328 return "CSR11";
329
330 case CSR(12):
331 return "CSR12";
332
333 case CSR(13):
334 return "CSR13";
335
336 case CSR(14):
337 return "CSR14";
338
339 case CSR(15):
340 return "CSR15";
341
342 default:
343 break;
344 }
345 return "";
346 }
347
tulip_rx_state_name(int state)348 static const char *tulip_rx_state_name(int state)
349 {
350 switch (state) {
351 case CSR5_RS_STOPPED:
352 return "STOPPED";
353
354 case CSR5_RS_RUNNING_FETCH:
355 return "RUNNING/FETCH";
356
357 case CSR5_RS_RUNNING_CHECK_EOR:
358 return "RUNNING/CHECK EOR";
359
360 case CSR5_RS_RUNNING_WAIT_RECEIVE:
361 return "WAIT RECEIVE";
362
363 case CSR5_RS_SUSPENDED:
364 return "SUSPENDED";
365
366 case CSR5_RS_RUNNING_CLOSE:
367 return "RUNNING/CLOSE";
368
369 case CSR5_RS_RUNNING_FLUSH:
370 return "RUNNING/FLUSH";
371
372 case CSR5_RS_RUNNING_QUEUE:
373 return "RUNNING/QUEUE";
374
375 default:
376 break;
377 }
378 return "";
379 }
380
tulip_tx_state_name(int state)381 static const char *tulip_tx_state_name(int state)
382 {
383 switch (state) {
384 case CSR5_TS_STOPPED:
385 return "STOPPED";
386
387 case CSR5_TS_RUNNING_FETCH:
388 return "RUNNING/FETCH";
389
390 case CSR5_TS_RUNNING_WAIT_EOT:
391 return "RUNNING/WAIT EOT";
392
393 case CSR5_TS_RUNNING_READ_BUF:
394 return "RUNNING/READ BUF";
395
396 case CSR5_TS_RUNNING_SETUP:
397 return "RUNNING/SETUP";
398
399 case CSR5_TS_SUSPENDED:
400 return "SUSPENDED";
401
402 case CSR5_TS_RUNNING_CLOSE:
403 return "RUNNING/CLOSE";
404
405 default:
406 break;
407 }
408 return "";
409 }
410
tulip_update_rs(TULIPState * s,int state)411 static void tulip_update_rs(TULIPState *s, int state)
412 {
413 s->csr[5] &= ~(CSR5_RS_MASK << CSR5_RS_SHIFT);
414 s->csr[5] |= (state & CSR5_RS_MASK) << CSR5_RS_SHIFT;
415 trace_tulip_rx_state(tulip_rx_state_name(state));
416 }
417
418 static uint16_t tulip_mdi_default[] = {
419 /* MDI Registers 0 - 6, 7 */
420 0x3100, 0xf02c, 0x7810, 0x0000, 0x0501, 0x4181, 0x0000, 0x0000,
421 /* MDI Registers 8 - 15 */
422 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
423 /* MDI Registers 16 - 31 */
424 0x0003, 0x0000, 0x0001, 0x0000, 0x3b40, 0x0000, 0x0000, 0x0000,
425 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
426 };
427
428 /* Readonly mask for MDI (PHY) registers */
429 static const uint16_t tulip_mdi_mask[] = {
430 0x0000, 0xffff, 0xffff, 0xffff, 0xc01f, 0xffff, 0xffff, 0x0000,
431 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
432 0x0fff, 0x0000, 0xffff, 0xffff, 0x0000, 0xffff, 0xffff, 0xffff,
433 0xffff, 0xffff, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
434 };
435
tulip_mii_read(TULIPState * s,int phy,int reg)436 static uint16_t tulip_mii_read(TULIPState *s, int phy, int reg)
437 {
438 uint16_t ret = 0;
439 if (phy == 1) {
440 ret = tulip_mdi_default[reg];
441 }
442 trace_tulip_mii_read(phy, reg, ret);
443 return ret;
444 }
445
tulip_mii_write(TULIPState * s,int phy,int reg,uint16_t data)446 static void tulip_mii_write(TULIPState *s, int phy, int reg, uint16_t data)
447 {
448 trace_tulip_mii_write(phy, reg, data);
449
450 if (phy != 1) {
451 return;
452 }
453
454 tulip_mdi_default[reg] &= ~tulip_mdi_mask[reg];
455 tulip_mdi_default[reg] |= (data & tulip_mdi_mask[reg]);
456 }
457
tulip_mii(TULIPState * s)458 static void tulip_mii(TULIPState *s)
459 {
460 uint32_t changed = s->old_csr9 ^ s->csr[9];
461 uint16_t data;
462 int op, phy, reg;
463
464 if (!(changed & CSR9_MDC)) {
465 return;
466 }
467
468 if (!(s->csr[9] & CSR9_MDC)) {
469 return;
470 }
471
472 s->mii_bitcnt++;
473 s->mii_word <<= 1;
474
475 if (s->csr[9] & CSR9_MDO && (s->mii_bitcnt < 16 ||
476 !(s->csr[9] & CSR9_MII))) {
477 /* write op or address bits */
478 s->mii_word |= 1;
479 }
480
481 if (s->mii_bitcnt >= 16 && (s->csr[9] & CSR9_MII)) {
482 if (s->mii_word & 0x8000) {
483 s->csr[9] |= CSR9_MDI;
484 } else {
485 s->csr[9] &= ~CSR9_MDI;
486 }
487 }
488
489 if (s->mii_word == 0xffffffff) {
490 s->mii_bitcnt = 0;
491 } else if (s->mii_bitcnt == 16) {
492 op = (s->mii_word >> 12) & 0x0f;
493 phy = (s->mii_word >> 7) & 0x1f;
494 reg = (s->mii_word >> 2) & 0x1f;
495
496 if (op == 6) {
497 s->mii_word = tulip_mii_read(s, phy, reg);
498 }
499 } else if (s->mii_bitcnt == 32) {
500 op = (s->mii_word >> 28) & 0x0f;
501 phy = (s->mii_word >> 23) & 0x1f;
502 reg = (s->mii_word >> 18) & 0x1f;
503 data = s->mii_word & 0xffff;
504
505 if (op == 5) {
506 tulip_mii_write(s, phy, reg, data);
507 }
508 }
509 }
510
tulip_csr9_read(TULIPState * s)511 static uint32_t tulip_csr9_read(TULIPState *s)
512 {
513 if (s->csr[9] & CSR9_SR) {
514 if (eeprom93xx_read(s->eeprom)) {
515 s->csr[9] |= CSR9_SR_DO;
516 } else {
517 s->csr[9] &= ~CSR9_SR_DO;
518 }
519 }
520
521 tulip_mii(s);
522 return s->csr[9];
523 }
524
tulip_update_ts(TULIPState * s,int state)525 static void tulip_update_ts(TULIPState *s, int state)
526 {
527 s->csr[5] &= ~(CSR5_TS_MASK << CSR5_TS_SHIFT);
528 s->csr[5] |= (state & CSR5_TS_MASK) << CSR5_TS_SHIFT;
529 trace_tulip_tx_state(tulip_tx_state_name(state));
530 }
531
tulip_read(void * opaque,hwaddr addr,unsigned size)532 static uint64_t tulip_read(void *opaque, hwaddr addr,
533 unsigned size)
534 {
535 TULIPState *s = opaque;
536 uint64_t data = 0;
537
538 switch (addr) {
539 case CSR(9):
540 data = tulip_csr9_read(s);
541 break;
542
543 case CSR(12):
544 /* Fake autocompletion complete until we have PHY emulation */
545 data = 5 << CSR12_ANS_SHIFT;
546 break;
547
548 default:
549 if (addr & 7) {
550 qemu_log_mask(LOG_GUEST_ERROR, "%s: read access at unknown address"
551 " 0x%"PRIx64"\n", __func__, addr);
552 } else {
553 data = s->csr[addr >> 3];
554 }
555 break;
556 }
557 trace_tulip_reg_read(addr, tulip_reg_name(addr), size, data);
558 return data;
559 }
560
tulip_tx(TULIPState * s,struct tulip_descriptor * desc)561 static void tulip_tx(TULIPState *s, struct tulip_descriptor *desc)
562 {
563 if (s->tx_frame_len) {
564 if ((s->csr[6] >> CSR6_OM_SHIFT) & CSR6_OM_MASK) {
565 /* Internal or external Loopback */
566 tulip_receive(s, s->tx_frame, s->tx_frame_len);
567 } else if (s->tx_frame_len <= sizeof(s->tx_frame)) {
568 qemu_send_packet(qemu_get_queue(s->nic),
569 s->tx_frame, s->tx_frame_len);
570 }
571 }
572
573 if (desc->control & TDES1_IC) {
574 s->csr[5] |= CSR5_TI;
575 tulip_update_int(s);
576 }
577 }
578
tulip_copy_tx_buffers(TULIPState * s,struct tulip_descriptor * desc)579 static int tulip_copy_tx_buffers(TULIPState *s, struct tulip_descriptor *desc)
580 {
581 int len1 = (desc->control >> TDES1_BUF1_SIZE_SHIFT) & TDES1_BUF1_SIZE_MASK;
582 int len2 = (desc->control >> TDES1_BUF2_SIZE_SHIFT) & TDES1_BUF2_SIZE_MASK;
583
584 if (s->tx_frame_len + len1 > sizeof(s->tx_frame)) {
585 qemu_log_mask(LOG_GUEST_ERROR,
586 "%s: descriptor overflow (ofs: %u, len:%d, size:%zu)\n",
587 __func__, s->tx_frame_len, len1, sizeof(s->tx_frame));
588 return -1;
589 }
590 if (len1) {
591 pci_dma_read(&s->dev, desc->buf_addr1,
592 s->tx_frame + s->tx_frame_len, len1);
593 s->tx_frame_len += len1;
594 }
595
596 if (s->tx_frame_len + len2 > sizeof(s->tx_frame)) {
597 qemu_log_mask(LOG_GUEST_ERROR,
598 "%s: descriptor overflow (ofs: %u, len:%d, size:%zu)\n",
599 __func__, s->tx_frame_len, len2, sizeof(s->tx_frame));
600 return -1;
601 }
602 if (len2) {
603 pci_dma_read(&s->dev, desc->buf_addr2,
604 s->tx_frame + s->tx_frame_len, len2);
605 s->tx_frame_len += len2;
606 }
607 desc->status = (len1 + len2) ? 0 : 0x7fffffff;
608
609 return 0;
610 }
611
tulip_setup_filter_addr(TULIPState * s,uint8_t * buf,int n)612 static void tulip_setup_filter_addr(TULIPState *s, uint8_t *buf, int n)
613 {
614 int offset = n * 12;
615
616 s->filter[n][0] = buf[offset];
617 s->filter[n][1] = buf[offset + 1];
618
619 s->filter[n][2] = buf[offset + 4];
620 s->filter[n][3] = buf[offset + 5];
621
622 s->filter[n][4] = buf[offset + 8];
623 s->filter[n][5] = buf[offset + 9];
624
625 trace_tulip_setup_filter(n, s->filter[n][5], s->filter[n][4],
626 s->filter[n][3], s->filter[n][2], s->filter[n][1], s->filter[n][0]);
627 }
628
tulip_setup_frame(TULIPState * s,struct tulip_descriptor * desc)629 static void tulip_setup_frame(TULIPState *s,
630 struct tulip_descriptor *desc)
631 {
632 uint8_t buf[4096];
633 int len = (desc->control >> TDES1_BUF1_SIZE_SHIFT) & TDES1_BUF1_SIZE_MASK;
634 int i;
635
636 trace_tulip_setup_frame();
637
638 if (len == 192) {
639 pci_dma_read(&s->dev, desc->buf_addr1, buf, len);
640 for (i = 0; i < 16; i++) {
641 tulip_setup_filter_addr(s, buf, i);
642 }
643 }
644
645 desc->status = 0x7fffffff;
646
647 if (desc->control & TDES1_IC) {
648 s->csr[5] |= CSR5_TI;
649 tulip_update_int(s);
650 }
651 }
652
tulip_next_tx_descriptor(TULIPState * s,struct tulip_descriptor * desc)653 static void tulip_next_tx_descriptor(TULIPState *s,
654 struct tulip_descriptor *desc)
655 {
656 if (desc->control & TDES1_TER) {
657 s->current_tx_desc = s->csr[4];
658 } else if (desc->control & TDES1_TCH) {
659 s->current_tx_desc = desc->buf_addr2;
660 } else {
661 s->current_tx_desc += sizeof(struct tulip_descriptor) +
662 (((s->csr[0] >> CSR0_DSL_SHIFT) & CSR0_DSL_MASK) << 2);
663 }
664 s->current_tx_desc &= ~3ULL;
665 }
666
tulip_ts(TULIPState * s)667 static uint32_t tulip_ts(TULIPState *s)
668 {
669 return (s->csr[5] >> CSR5_TS_SHIFT) & CSR5_TS_MASK;
670 }
671
tulip_xmit_list_update(TULIPState * s)672 static void tulip_xmit_list_update(TULIPState *s)
673 {
674 #define TULIP_DESC_MAX 128
675 uint8_t i = 0;
676 struct tulip_descriptor desc;
677
678 if (tulip_ts(s) != CSR5_TS_SUSPENDED) {
679 return;
680 }
681
682 for (i = 0; i < TULIP_DESC_MAX; i++) {
683 tulip_desc_read(s, s->current_tx_desc, &desc);
684 tulip_dump_tx_descriptor(s, &desc);
685
686 if (!(desc.status & TDES0_OWN)) {
687 tulip_update_ts(s, CSR5_TS_SUSPENDED);
688 s->csr[5] |= CSR5_TU;
689 tulip_update_int(s);
690 return;
691 }
692
693 if (desc.control & TDES1_SET) {
694 tulip_setup_frame(s, &desc);
695 } else {
696 if (desc.control & TDES1_FS) {
697 s->tx_frame_len = 0;
698 }
699
700 if (!tulip_copy_tx_buffers(s, &desc)) {
701 if (desc.control & TDES1_LS) {
702 tulip_tx(s, &desc);
703 }
704 }
705 }
706 tulip_desc_write(s, s->current_tx_desc, &desc);
707 tulip_next_tx_descriptor(s, &desc);
708 }
709 }
710
tulip_csr9_write(TULIPState * s,uint32_t old_val,uint32_t new_val)711 static void tulip_csr9_write(TULIPState *s, uint32_t old_val,
712 uint32_t new_val)
713 {
714 if (new_val & CSR9_SR) {
715 eeprom93xx_write(s->eeprom,
716 !!(new_val & CSR9_SR_CS),
717 !!(new_val & CSR9_SR_SK),
718 !!(new_val & CSR9_SR_DI));
719 }
720 }
721
tulip_reset(TULIPState * s)722 static void tulip_reset(TULIPState *s)
723 {
724 trace_tulip_reset();
725
726 s->csr[0] = 0xfe000000;
727 s->csr[1] = 0xffffffff;
728 s->csr[2] = 0xffffffff;
729 s->csr[5] = 0xf0000000;
730 s->csr[6] = 0x32000040;
731 s->csr[7] = 0xf3fe0000;
732 s->csr[8] = 0xe0000000;
733 s->csr[9] = 0xfff483ff;
734 s->csr[11] = 0xfffe0000;
735 s->csr[12] = 0x000000c6;
736 s->csr[13] = 0xffff0000;
737 s->csr[14] = 0xffffffff;
738 s->csr[15] = 0x8ff00000;
739 }
740
tulip_qdev_reset(DeviceState * dev)741 static void tulip_qdev_reset(DeviceState *dev)
742 {
743 PCIDevice *d = PCI_DEVICE(dev);
744 TULIPState *s = TULIP(d);
745
746 tulip_reset(s);
747 }
748
tulip_write(void * opaque,hwaddr addr,uint64_t data,unsigned size)749 static void tulip_write(void *opaque, hwaddr addr,
750 uint64_t data, unsigned size)
751 {
752 TULIPState *s = opaque;
753 trace_tulip_reg_write(addr, tulip_reg_name(addr), size, data);
754
755 switch (addr) {
756 case CSR(0):
757 s->csr[0] = data;
758 if (data & CSR0_SWR) {
759 tulip_reset(s);
760 tulip_update_int(s);
761 }
762 break;
763
764 case CSR(1):
765 tulip_xmit_list_update(s);
766 break;
767
768 case CSR(2):
769 qemu_flush_queued_packets(qemu_get_queue(s->nic));
770 break;
771
772 case CSR(3):
773 s->csr[3] = data & ~3ULL;
774 s->current_rx_desc = s->csr[3];
775 qemu_flush_queued_packets(qemu_get_queue(s->nic));
776 break;
777
778 case CSR(4):
779 s->csr[4] = data & ~3ULL;
780 s->current_tx_desc = s->csr[4];
781 tulip_xmit_list_update(s);
782 break;
783
784 case CSR(5):
785 /* Status register, write clears bit */
786 s->csr[5] &= ~(data & (CSR5_TI | CSR5_TPS | CSR5_TU | CSR5_TJT |
787 CSR5_LNP_ANC | CSR5_UNF | CSR5_RI | CSR5_RU |
788 CSR5_RPS | CSR5_RWT | CSR5_ETI | CSR5_GTE |
789 CSR5_LNF | CSR5_FBE | CSR5_ERI | CSR5_AIS |
790 CSR5_NIS | CSR5_GPI | CSR5_LC));
791 tulip_update_int(s);
792 break;
793
794 case CSR(6):
795 s->csr[6] = data;
796 if (s->csr[6] & CSR6_SR) {
797 tulip_update_rs(s, CSR5_RS_RUNNING_WAIT_RECEIVE);
798 qemu_flush_queued_packets(qemu_get_queue(s->nic));
799 } else {
800 tulip_update_rs(s, CSR5_RS_STOPPED);
801 }
802
803 if (s->csr[6] & CSR6_ST) {
804 tulip_update_ts(s, CSR5_TS_SUSPENDED);
805 tulip_xmit_list_update(s);
806 } else {
807 tulip_update_ts(s, CSR5_TS_STOPPED);
808 }
809 break;
810
811 case CSR(7):
812 s->csr[7] = data;
813 tulip_update_int(s);
814 break;
815
816 case CSR(8):
817 s->csr[9] = data;
818 break;
819
820 case CSR(9):
821 tulip_csr9_write(s, s->csr[9], data);
822 /* don't clear MII read data */
823 s->csr[9] &= CSR9_MDI;
824 s->csr[9] |= (data & ~CSR9_MDI);
825 tulip_mii(s);
826 s->old_csr9 = s->csr[9];
827 break;
828
829 case CSR(10):
830 s->csr[10] = data;
831 break;
832
833 case CSR(11):
834 s->csr[11] = data;
835 break;
836
837 case CSR(12):
838 /* SIA Status register, some bits are cleared by writing 1 */
839 s->csr[12] &= ~(data & (CSR12_MRA | CSR12_TRA | CSR12_ARA));
840 break;
841
842 case CSR(13):
843 s->csr[13] = data;
844 break;
845
846 case CSR(14):
847 s->csr[14] = data;
848 break;
849
850 case CSR(15):
851 s->csr[15] = data;
852 break;
853
854 default:
855 qemu_log_mask(LOG_GUEST_ERROR, "%s: write to CSR at unknown address "
856 "0x%"PRIx64"\n", __func__, addr);
857 break;
858 }
859 }
860
861 static const MemoryRegionOps tulip_ops = {
862 .read = tulip_read,
863 .write = tulip_write,
864 .endianness = DEVICE_LITTLE_ENDIAN,
865 .impl = {
866 .min_access_size = 4,
867 .max_access_size = 4,
868 },
869 };
870
tulip_idblock_crc(TULIPState * s,uint16_t * srom)871 static void tulip_idblock_crc(TULIPState *s, uint16_t *srom)
872 {
873 int word;
874 int bit;
875 unsigned char bitval, crc;
876 const int len = 9;
877 crc = -1;
878
879 for (word = 0; word < len; word++) {
880 for (bit = 15; bit >= 0; bit--) {
881 if ((word == (len - 1)) && (bit == 7)) {
882 /*
883 * Insert the correct CRC result into input data stream
884 * in place.
885 */
886 srom[len - 1] = (srom[len - 1] & 0xff00) | (unsigned short)crc;
887 break;
888 }
889 bitval = ((srom[word] >> bit) & 1) ^ ((crc >> 7) & 1);
890 crc = crc << 1;
891 if (bitval == 1) {
892 crc ^= 6;
893 crc |= 0x01;
894 }
895 }
896 }
897 }
898
tulip_srom_crc(TULIPState * s,uint8_t * eeprom,size_t len)899 static uint16_t tulip_srom_crc(TULIPState *s, uint8_t *eeprom, size_t len)
900 {
901 unsigned long crc = 0xffffffff;
902 unsigned long flippedcrc = 0;
903 unsigned char currentbyte;
904 unsigned int msb, bit, i;
905
906 for (i = 0; i < len; i++) {
907 currentbyte = eeprom[i];
908 for (bit = 0; bit < 8; bit++) {
909 msb = (crc >> 31) & 1;
910 crc <<= 1;
911 if (msb ^ (currentbyte & 1)) {
912 crc ^= 0x04c11db6;
913 crc |= 0x00000001;
914 }
915 currentbyte >>= 1;
916 }
917 }
918
919 for (i = 0; i < 32; i++) {
920 flippedcrc <<= 1;
921 bit = crc & 1;
922 crc >>= 1;
923 flippedcrc += bit;
924 }
925 return (flippedcrc ^ 0xffffffff) & 0xffff;
926 }
927
928 static const uint8_t eeprom_default[128] = {
929 0x3c, 0x10, 0x4f, 0x10, 0x00, 0x00, 0x00, 0x00,
930 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
931 0x56, 0x08, 0x04, 0x01, 0x00, 0x80, 0x48, 0xb3,
932 0x0e, 0xa7, 0x00, 0x1e, 0x00, 0x00, 0x00, 0x08,
933 0x01, 0x8d, 0x03, 0x00, 0x00, 0x00, 0x00, 0x78,
934 0xe0, 0x01, 0x00, 0x50, 0x00, 0x18, 0x00, 0x00,
935 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
936 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
937 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
938 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
939 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
940 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xe8, 0x6b,
941 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80,
942 0x48, 0xb3, 0x0e, 0xa7, 0x40, 0x00, 0x00, 0x00,
943 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
944 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
945 };
946
tulip_fill_eeprom(TULIPState * s)947 static void tulip_fill_eeprom(TULIPState *s)
948 {
949 uint16_t *eeprom = eeprom93xx_data(s->eeprom);
950 memcpy(eeprom, eeprom_default, 128);
951
952 /* patch in our mac address */
953 eeprom[10] = cpu_to_le16(s->c.macaddr.a[0] | (s->c.macaddr.a[1] << 8));
954 eeprom[11] = cpu_to_le16(s->c.macaddr.a[2] | (s->c.macaddr.a[3] << 8));
955 eeprom[12] = cpu_to_le16(s->c.macaddr.a[4] | (s->c.macaddr.a[5] << 8));
956 tulip_idblock_crc(s, eeprom);
957 eeprom[63] = cpu_to_le16(tulip_srom_crc(s, (uint8_t *)eeprom, 126));
958 }
959
pci_tulip_realize(PCIDevice * pci_dev,Error ** errp)960 static void pci_tulip_realize(PCIDevice *pci_dev, Error **errp)
961 {
962 TULIPState *s = DO_UPCAST(TULIPState, dev, pci_dev);
963 uint8_t *pci_conf;
964
965 pci_conf = s->dev.config;
966 pci_conf[PCI_INTERRUPT_PIN] = 1; /* interrupt pin A */
967
968 qemu_macaddr_default_if_unset(&s->c.macaddr);
969
970 s->eeprom = eeprom93xx_new(&pci_dev->qdev, 64);
971 tulip_fill_eeprom(s);
972
973 memory_region_init_io(&s->io, OBJECT(&s->dev), &tulip_ops, s,
974 "tulip-io", 128);
975
976 memory_region_init_io(&s->memory, OBJECT(&s->dev), &tulip_ops, s,
977 "tulip-mem", 128);
978
979 pci_register_bar(&s->dev, 0, PCI_BASE_ADDRESS_SPACE_IO, &s->io);
980 pci_register_bar(&s->dev, 1, PCI_BASE_ADDRESS_SPACE_MEMORY, &s->memory);
981
982 s->irq = pci_allocate_irq(&s->dev);
983
984 s->nic = qemu_new_nic(&net_tulip_info, &s->c,
985 object_get_typename(OBJECT(pci_dev)),
986 pci_dev->qdev.id,
987 &pci_dev->qdev.mem_reentrancy_guard, s);
988 qemu_format_nic_info_str(qemu_get_queue(s->nic), s->c.macaddr.a);
989 }
990
pci_tulip_exit(PCIDevice * pci_dev)991 static void pci_tulip_exit(PCIDevice *pci_dev)
992 {
993 TULIPState *s = DO_UPCAST(TULIPState, dev, pci_dev);
994
995 qemu_del_nic(s->nic);
996 qemu_free_irq(s->irq);
997 eeprom93xx_free(&pci_dev->qdev, s->eeprom);
998 }
999
tulip_instance_init(Object * obj)1000 static void tulip_instance_init(Object *obj)
1001 {
1002 PCIDevice *pci_dev = PCI_DEVICE(obj);
1003 TULIPState *d = DO_UPCAST(TULIPState, dev, pci_dev);
1004
1005 device_add_bootindex_property(obj, &d->c.bootindex,
1006 "bootindex", "/ethernet-phy@0",
1007 &pci_dev->qdev);
1008 }
1009
1010 static Property tulip_properties[] = {
1011 DEFINE_NIC_PROPERTIES(TULIPState, c),
1012 DEFINE_PROP_END_OF_LIST(),
1013 };
1014
tulip_class_init(ObjectClass * klass,void * data)1015 static void tulip_class_init(ObjectClass *klass, void *data)
1016 {
1017 DeviceClass *dc = DEVICE_CLASS(klass);
1018 PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
1019
1020 k->realize = pci_tulip_realize;
1021 k->exit = pci_tulip_exit;
1022 k->vendor_id = PCI_VENDOR_ID_DEC;
1023 k->device_id = PCI_DEVICE_ID_DEC_21143;
1024 k->subsystem_vendor_id = PCI_VENDOR_ID_HP;
1025 k->subsystem_id = 0x104f;
1026 k->class_id = PCI_CLASS_NETWORK_ETHERNET;
1027 dc->vmsd = &vmstate_pci_tulip;
1028 device_class_set_props(dc, tulip_properties);
1029 device_class_set_legacy_reset(dc, tulip_qdev_reset);
1030 set_bit(DEVICE_CATEGORY_NETWORK, dc->categories);
1031 }
1032
1033 static const TypeInfo tulip_info = {
1034 .name = TYPE_TULIP,
1035 .parent = TYPE_PCI_DEVICE,
1036 .instance_size = sizeof(TULIPState),
1037 .class_init = tulip_class_init,
1038 .instance_init = tulip_instance_init,
1039 .interfaces = (InterfaceInfo[]) {
1040 { INTERFACE_CONVENTIONAL_PCI_DEVICE },
1041 { },
1042 },
1043 };
1044
tulip_register_types(void)1045 static void tulip_register_types(void)
1046 {
1047 type_register_static(&tulip_info);
1048 }
1049
1050 type_init(tulip_register_types)
1051