xref: /illumos-kvm-cmd/hw/lan9118.c (revision 68396ea9)
1 /*
2  * SMSC LAN9118 Ethernet interface emulation
3  *
4  * Copyright (c) 2009 CodeSourcery, LLC.
5  * Written by Paul Brook
6  *
7  * This code is licenced under the GNU GPL v2
8  */
9 
10 #include "sysbus.h"
11 #include "net.h"
12 #include "devices.h"
13 #include "sysemu.h"
14 /* For crc32 */
15 #include <zlib.h>
16 
17 //#define DEBUG_LAN9118
18 
19 #ifdef DEBUG_LAN9118
20 #define DPRINTF(fmt, ...) \
21 do { printf("lan9118: " fmt , ## __VA_ARGS__); } while (0)
22 #define BADF(fmt, ...) \
23 do { hw_error("lan9118: error: " fmt , ## __VA_ARGS__);} while (0)
24 #else
25 #define DPRINTF(fmt, ...) do {} while(0)
26 #define BADF(fmt, ...) \
27 do { fprintf(stderr, "lan9118: error: " fmt , ## __VA_ARGS__);} while (0)
28 #endif
29 
30 #define CSR_ID_REV      0x50
31 #define CSR_IRQ_CFG     0x54
32 #define CSR_INT_STS     0x58
33 #define CSR_INT_EN      0x5c
34 #define CSR_BYTE_TEST   0x64
35 #define CSR_FIFO_INT    0x68
36 #define CSR_RX_CFG      0x6c
37 #define CSR_TX_CFG      0x70
38 #define CSR_HW_CFG      0x74
39 #define CSR_RX_DP_CTRL  0x78
40 #define CSR_RX_FIFO_INF 0x7c
41 #define CSR_TX_FIFO_INF 0x80
42 #define CSR_PMT_CTRL    0x84
43 #define CSR_GPIO_CFG    0x88
44 #define CSR_GPT_CFG     0x8c
45 #define CSR_GPT_CNT     0x90
46 #define CSR_WORD_SWAP   0x98
47 #define CSR_FREE_RUN    0x9c
48 #define CSR_RX_DROP     0xa0
49 #define CSR_MAC_CSR_CMD 0xa4
50 #define CSR_MAC_CSR_DATA 0xa8
51 #define CSR_AFC_CFG     0xac
52 #define CSR_E2P_CMD     0xb0
53 #define CSR_E2P_DATA    0xb4
54 
55 /* IRQ_CFG */
56 #define IRQ_INT         0x00001000
57 #define IRQ_EN          0x00000100
58 #define IRQ_POL         0x00000010
59 #define IRQ_TYPE        0x00000001
60 
61 /* INT_STS/INT_EN */
62 #define SW_INT          0x80000000
63 #define TXSTOP_INT      0x02000000
64 #define RXSTOP_INT      0x01000000
65 #define RXDFH_INT       0x00800000
66 #define TX_IOC_INT      0x00200000
67 #define RXD_INT         0x00100000
68 #define GPT_INT         0x00080000
69 #define PHY_INT         0x00040000
70 #define PME_INT         0x00020000
71 #define TXSO_INT        0x00010000
72 #define RWT_INT         0x00008000
73 #define RXE_INT         0x00004000
74 #define TXE_INT         0x00002000
75 #define TDFU_INT        0x00000800
76 #define TDFO_INT        0x00000400
77 #define TDFA_INT        0x00000200
78 #define TSFF_INT        0x00000100
79 #define TSFL_INT        0x00000080
80 #define RXDF_INT        0x00000040
81 #define RDFL_INT        0x00000020
82 #define RSFF_INT        0x00000010
83 #define RSFL_INT        0x00000008
84 #define GPIO2_INT       0x00000004
85 #define GPIO1_INT       0x00000002
86 #define GPIO0_INT       0x00000001
87 #define RESERVED_INT    0x7c001000
88 
89 #define MAC_CR          1
90 #define MAC_ADDRH       2
91 #define MAC_ADDRL       3
92 #define MAC_HASHH       4
93 #define MAC_HASHL       5
94 #define MAC_MII_ACC     6
95 #define MAC_MII_DATA    7
96 #define MAC_FLOW        8
97 #define MAC_VLAN1       9 /* TODO */
98 #define MAC_VLAN2       10 /* TODO */
99 #define MAC_WUFF        11 /* TODO */
100 #define MAC_WUCSR       12 /* TODO */
101 
102 #define MAC_CR_RXALL    0x80000000
103 #define MAC_CR_RCVOWN   0x00800000
104 #define MAC_CR_LOOPBK   0x00200000
105 #define MAC_CR_FDPX     0x00100000
106 #define MAC_CR_MCPAS    0x00080000
107 #define MAC_CR_PRMS     0x00040000
108 #define MAC_CR_INVFILT  0x00020000
109 #define MAC_CR_PASSBAD  0x00010000
110 #define MAC_CR_HO       0x00008000
111 #define MAC_CR_HPFILT   0x00002000
112 #define MAC_CR_LCOLL    0x00001000
113 #define MAC_CR_BCAST    0x00000800
114 #define MAC_CR_DISRTY   0x00000400
115 #define MAC_CR_PADSTR   0x00000100
116 #define MAC_CR_BOLMT    0x000000c0
117 #define MAC_CR_DFCHK    0x00000020
118 #define MAC_CR_TXEN     0x00000008
119 #define MAC_CR_RXEN     0x00000004
120 #define MAC_CR_RESERVED 0x7f404213
121 
122 #define PHY_INT_ENERGYON            0x80
123 #define PHY_INT_AUTONEG_COMPLETE    0x40
124 #define PHY_INT_FAULT               0x20
125 #define PHY_INT_DOWN                0x10
126 #define PHY_INT_AUTONEG_LP          0x08
127 #define PHY_INT_PARFAULT            0x04
128 #define PHY_INT_AUTONEG_PAGE        0x02
129 
130 #define GPT_TIMER_EN    0x20000000
131 
132 enum tx_state {
133     TX_IDLE,
134     TX_B,
135     TX_DATA
136 };
137 
138 typedef struct {
139     enum tx_state state;
140     uint32_t cmd_a;
141     uint32_t cmd_b;
142     int buffer_size;
143     int offset;
144     int pad;
145     int fifo_used;
146     int len;
147     uint8_t data[2048];
148 } LAN9118Packet;
149 
150 typedef struct {
151     SysBusDevice busdev;
152     NICState *nic;
153     NICConf conf;
154     qemu_irq irq;
155     int mmio_index;
156     ptimer_state *timer;
157 
158     uint32_t irq_cfg;
159     uint32_t int_sts;
160     uint32_t int_en;
161     uint32_t fifo_int;
162     uint32_t rx_cfg;
163     uint32_t tx_cfg;
164     uint32_t hw_cfg;
165     uint32_t pmt_ctrl;
166     uint32_t gpio_cfg;
167     uint32_t gpt_cfg;
168     uint32_t word_swap;
169     uint32_t free_timer_start;
170     uint32_t mac_cmd;
171     uint32_t mac_data;
172     uint32_t afc_cfg;
173     uint32_t e2p_cmd;
174     uint32_t e2p_data;
175 
176     uint32_t mac_cr;
177     uint32_t mac_hashh;
178     uint32_t mac_hashl;
179     uint32_t mac_mii_acc;
180     uint32_t mac_mii_data;
181     uint32_t mac_flow;
182 
183     uint32_t phy_status;
184     uint32_t phy_control;
185     uint32_t phy_advertise;
186     uint32_t phy_int;
187     uint32_t phy_int_mask;
188 
189     int eeprom_writable;
190     uint8_t eeprom[128];
191 
192     int tx_fifo_size;
193     LAN9118Packet *txp;
194     LAN9118Packet tx_packet;
195 
196     int tx_status_fifo_used;
197     int tx_status_fifo_head;
198     uint32_t tx_status_fifo[512];
199 
200     int rx_status_fifo_size;
201     int rx_status_fifo_used;
202     int rx_status_fifo_head;
203     uint32_t rx_status_fifo[896];
204     int rx_fifo_size;
205     int rx_fifo_used;
206     int rx_fifo_head;
207     uint32_t rx_fifo[3360];
208     int rx_packet_size_head;
209     int rx_packet_size_tail;
210     int rx_packet_size[1024];
211 
212     int rxp_offset;
213     int rxp_size;
214     int rxp_pad;
215 } lan9118_state;
216 
lan9118_update(lan9118_state * s)217 static void lan9118_update(lan9118_state *s)
218 {
219     int level;
220 
221     /* TODO: Implement FIFO level IRQs.  */
222     level = (s->int_sts & s->int_en) != 0;
223     if (level) {
224         s->irq_cfg |= IRQ_INT;
225     } else {
226         s->irq_cfg &= ~IRQ_INT;
227     }
228     if ((s->irq_cfg & IRQ_EN) == 0) {
229         level = 0;
230     }
231     qemu_set_irq(s->irq, level);
232 }
233 
lan9118_mac_changed(lan9118_state * s)234 static void lan9118_mac_changed(lan9118_state *s)
235 {
236     qemu_format_nic_info_str(&s->nic->nc, s->conf.macaddr.a);
237 }
238 
lan9118_reload_eeprom(lan9118_state * s)239 static void lan9118_reload_eeprom(lan9118_state *s)
240 {
241     int i;
242     if (s->eeprom[0] != 0xa5) {
243         s->e2p_cmd &= ~0x10;
244         DPRINTF("MACADDR load failed\n");
245         return;
246     }
247     for (i = 0; i < 6; i++) {
248         s->conf.macaddr.a[i] = s->eeprom[i + 1];
249     }
250     s->e2p_cmd |= 0x10;
251     DPRINTF("MACADDR loaded from eeprom\n");
252     lan9118_mac_changed(s);
253 }
254 
phy_update_irq(lan9118_state * s)255 static void phy_update_irq(lan9118_state *s)
256 {
257     if (s->phy_int & s->phy_int_mask) {
258         s->int_sts |= PHY_INT;
259     } else {
260         s->int_sts &= ~PHY_INT;
261     }
262     lan9118_update(s);
263 }
264 
phy_update_link(lan9118_state * s)265 static void phy_update_link(lan9118_state *s)
266 {
267     /* Autonegotiation status mirrors link status.  */
268     if (s->nic->nc.link_down) {
269         s->phy_status &= ~0x0024;
270         s->phy_int |= PHY_INT_DOWN;
271     } else {
272         s->phy_status |= 0x0024;
273         s->phy_int |= PHY_INT_ENERGYON;
274         s->phy_int |= PHY_INT_AUTONEG_COMPLETE;
275     }
276     phy_update_irq(s);
277 }
278 
lan9118_set_link(VLANClientState * nc)279 static void lan9118_set_link(VLANClientState *nc)
280 {
281     phy_update_link(DO_UPCAST(NICState, nc, nc)->opaque);
282 }
283 
phy_reset(lan9118_state * s)284 static void phy_reset(lan9118_state *s)
285 {
286     s->phy_status = 0x7809;
287     s->phy_control = 0x3000;
288     s->phy_advertise = 0x01e1;
289     s->phy_int_mask = 0;
290     s->phy_int = 0;
291     phy_update_link(s);
292 }
293 
lan9118_reset(DeviceState * d)294 static void lan9118_reset(DeviceState *d)
295 {
296     lan9118_state *s = FROM_SYSBUS(lan9118_state, sysbus_from_qdev(d));
297 
298     s->irq_cfg &= ~(IRQ_TYPE | IRQ_POL);
299     s->int_sts = 0;
300     s->int_en = 0;
301     s->fifo_int = 0x48000000;
302     s->rx_cfg = 0;
303     s->tx_cfg = 0;
304     s->hw_cfg = 0x00050000;
305     s->pmt_ctrl &= 0x45;
306     s->gpio_cfg = 0;
307     s->txp->fifo_used = 0;
308     s->txp->state = TX_IDLE;
309     s->txp->cmd_a = 0xffffffffu;
310     s->txp->cmd_b = 0xffffffffu;
311     s->txp->len = 0;
312     s->txp->fifo_used = 0;
313     s->tx_fifo_size = 4608;
314     s->tx_status_fifo_used = 0;
315     s->rx_status_fifo_size = 704;
316     s->rx_fifo_size = 2640;
317     s->rx_fifo_used = 0;
318     s->rx_status_fifo_size = 176;
319     s->rx_status_fifo_used = 0;
320     s->rxp_offset = 0;
321     s->rxp_size = 0;
322     s->rxp_pad = 0;
323     s->rx_packet_size_tail = s->rx_packet_size_head;
324     s->rx_packet_size[s->rx_packet_size_head] = 0;
325     s->mac_cmd = 0;
326     s->mac_data = 0;
327     s->afc_cfg = 0;
328     s->e2p_cmd = 0;
329     s->e2p_data = 0;
330     s->free_timer_start = qemu_get_clock(vm_clock) / 40;
331 
332     ptimer_stop(s->timer);
333     ptimer_set_count(s->timer, 0xffff);
334     s->gpt_cfg = 0xffff;
335 
336     s->mac_cr = MAC_CR_PRMS;
337     s->mac_hashh = 0;
338     s->mac_hashl = 0;
339     s->mac_mii_acc = 0;
340     s->mac_mii_data = 0;
341     s->mac_flow = 0;
342 
343     phy_reset(s);
344 
345     s->eeprom_writable = 0;
346     lan9118_reload_eeprom(s);
347 }
348 
lan9118_can_receive(VLANClientState * nc)349 static int lan9118_can_receive(VLANClientState *nc)
350 {
351     return 1;
352 }
353 
rx_fifo_push(lan9118_state * s,uint32_t val)354 static void rx_fifo_push(lan9118_state *s, uint32_t val)
355 {
356     int fifo_pos;
357     fifo_pos = s->rx_fifo_head + s->rx_fifo_used;
358     if (fifo_pos >= s->rx_fifo_size)
359       fifo_pos -= s->rx_fifo_size;
360     s->rx_fifo[fifo_pos] = val;
361     s->rx_fifo_used++;
362 }
363 
364 /* Return nonzero if the packet is accepted by the filter.  */
lan9118_filter(lan9118_state * s,const uint8_t * addr)365 static int lan9118_filter(lan9118_state *s, const uint8_t *addr)
366 {
367     int multicast;
368     uint32_t hash;
369 
370     if (s->mac_cr & MAC_CR_PRMS) {
371         return 1;
372     }
373     if (addr[0] == 0xff && addr[1] == 0xff && addr[2] == 0xff &&
374         addr[3] == 0xff && addr[4] == 0xff && addr[5] == 0xff) {
375         return (s->mac_cr & MAC_CR_BCAST) == 0;
376     }
377 
378     multicast = addr[0] & 1;
379     if (multicast &&s->mac_cr & MAC_CR_MCPAS) {
380         return 1;
381     }
382     if (multicast ? (s->mac_cr & MAC_CR_HPFILT) == 0
383                   : (s->mac_cr & MAC_CR_HO) == 0) {
384         /* Exact matching.  */
385         hash = memcmp(addr, s->conf.macaddr.a, 6);
386         if (s->mac_cr & MAC_CR_INVFILT) {
387             return hash != 0;
388         } else {
389             return hash == 0;
390         }
391     } else {
392         /* Hash matching  */
393         hash = (crc32(~0, addr, 6) >> 26);
394         if (hash & 0x20) {
395             return (s->mac_hashh >> (hash & 0x1f)) & 1;
396         } else {
397             return (s->mac_hashl >> (hash & 0x1f)) & 1;
398         }
399     }
400 }
401 
lan9118_receive(VLANClientState * nc,const uint8_t * buf,size_t size)402 static ssize_t lan9118_receive(VLANClientState *nc, const uint8_t *buf,
403                                size_t size)
404 {
405     lan9118_state *s = DO_UPCAST(NICState, nc, nc)->opaque;
406     int fifo_len;
407     int offset;
408     int src_pos;
409     int n;
410     int filter;
411     uint32_t val;
412     uint32_t crc;
413     uint32_t status;
414 
415     if ((s->mac_cr & MAC_CR_RXEN) == 0) {
416         return -1;
417     }
418 
419     if (size >= 2048 || size < 14) {
420         return -1;
421     }
422 
423     /* TODO: Implement FIFO overflow notification.  */
424     if (s->rx_status_fifo_used == s->rx_status_fifo_size) {
425         return -1;
426     }
427 
428     filter = lan9118_filter(s, buf);
429     if (!filter && (s->mac_cr & MAC_CR_RXALL) == 0) {
430         return size;
431     }
432 
433     offset = (s->rx_cfg >> 8) & 0x1f;
434     n = offset & 3;
435     fifo_len = (size + n + 3) >> 2;
436     /* Add a word for the CRC.  */
437     fifo_len++;
438     if (s->rx_fifo_size - s->rx_fifo_used < fifo_len) {
439         return -1;
440     }
441 
442     DPRINTF("Got packet len:%d fifo:%d filter:%s\n",
443             (int)size, fifo_len, filter ? "pass" : "fail");
444     val = 0;
445     crc = bswap32(crc32(~0, buf, size));
446     for (src_pos = 0; src_pos < size; src_pos++) {
447         val = (val >> 8) | ((uint32_t)buf[src_pos] << 24);
448         n++;
449         if (n == 4) {
450             n = 0;
451             rx_fifo_push(s, val);
452             val = 0;
453         }
454     }
455     if (n) {
456         val >>= ((4 - n) * 8);
457         val |= crc << (n * 8);
458         rx_fifo_push(s, val);
459         val = crc >> ((4 - n) * 8);
460         rx_fifo_push(s, val);
461     } else {
462         rx_fifo_push(s, crc);
463     }
464     n = s->rx_status_fifo_head + s->rx_status_fifo_used;
465     if (n >= s->rx_status_fifo_size) {
466         n -= s->rx_status_fifo_size;
467     }
468     s->rx_packet_size[s->rx_packet_size_tail] = fifo_len;
469     s->rx_packet_size_tail = (s->rx_packet_size_tail + 1023) & 1023;
470     s->rx_status_fifo_used++;
471 
472     status = (size + 4) << 16;
473     if (buf[0] == 0xff && buf[1] == 0xff && buf[2] == 0xff &&
474         buf[3] == 0xff && buf[4] == 0xff && buf[5] == 0xff) {
475         status |= 0x00002000;
476     } else if (buf[0] & 1) {
477         status |= 0x00000400;
478     }
479     if (!filter) {
480         status |= 0x40000000;
481     }
482     s->rx_status_fifo[n] = status;
483 
484     if (s->rx_status_fifo_used > (s->fifo_int & 0xff)) {
485         s->int_sts |= RSFL_INT;
486     }
487     lan9118_update(s);
488 
489     return size;
490 }
491 
rx_fifo_pop(lan9118_state * s)492 static uint32_t rx_fifo_pop(lan9118_state *s)
493 {
494     int n;
495     uint32_t val;
496 
497     if (s->rxp_size == 0 && s->rxp_pad == 0) {
498         s->rxp_size = s->rx_packet_size[s->rx_packet_size_head];
499         s->rx_packet_size[s->rx_packet_size_head] = 0;
500         if (s->rxp_size != 0) {
501             s->rx_packet_size_head = (s->rx_packet_size_head + 1023) & 1023;
502             s->rxp_offset = (s->rx_cfg >> 10) & 7;
503             n = s->rxp_offset + s->rxp_size;
504             switch (s->rx_cfg >> 30) {
505             case 1:
506                 n = (-n) & 3;
507                 break;
508             case 2:
509                 n = (-n) & 7;
510                 break;
511             default:
512                 n = 0;
513                 break;
514             }
515             s->rxp_pad = n;
516             DPRINTF("Pop packet size:%d offset:%d pad: %d\n",
517                     s->rxp_size, s->rxp_offset, s->rxp_pad);
518         }
519     }
520     if (s->rxp_offset > 0) {
521         s->rxp_offset--;
522         val = 0;
523     } else if (s->rxp_size > 0) {
524         s->rxp_size--;
525         val = s->rx_fifo[s->rx_fifo_head++];
526         if (s->rx_fifo_head >= s->rx_fifo_size) {
527             s->rx_fifo_head -= s->rx_fifo_size;
528         }
529         s->rx_fifo_used--;
530     } else if (s->rxp_pad > 0) {
531         s->rxp_pad--;
532         val =  0;
533     } else {
534         DPRINTF("RX underflow\n");
535         s->int_sts |= RXE_INT;
536         val =  0;
537     }
538     lan9118_update(s);
539     return val;
540 }
541 
do_tx_packet(lan9118_state * s)542 static void do_tx_packet(lan9118_state *s)
543 {
544     int n;
545     uint32_t status;
546 
547     /* FIXME: Honor TX disable, and allow queueing of packets.  */
548     if (s->phy_control & 0x4000)  {
549         /* This assumes the receive routine doesn't touch the VLANClient.  */
550         lan9118_receive(&s->nic->nc, s->txp->data, s->txp->len);
551     } else {
552         qemu_send_packet(&s->nic->nc, s->txp->data, s->txp->len);
553     }
554     s->txp->fifo_used = 0;
555 
556     if (s->tx_status_fifo_used == 512) {
557         /* Status FIFO full */
558         return;
559     }
560     /* Add entry to status FIFO.  */
561     status = s->txp->cmd_b & 0xffff0000u;
562     DPRINTF("Sent packet tag:%04x len %d\n", status >> 16, s->txp->len);
563     n = (s->tx_status_fifo_head + s->tx_status_fifo_used) & 511;
564     s->tx_status_fifo[n] = status;
565     s->tx_status_fifo_used++;
566     if (s->tx_status_fifo_used == 512) {
567         s->int_sts |= TSFF_INT;
568         /* TODO: Stop transmission.  */
569     }
570 }
571 
rx_status_fifo_pop(lan9118_state * s)572 static uint32_t rx_status_fifo_pop(lan9118_state *s)
573 {
574     uint32_t val;
575 
576     val = s->rx_status_fifo[s->rx_status_fifo_head];
577     if (s->rx_status_fifo_used != 0) {
578         s->rx_status_fifo_used--;
579         s->rx_status_fifo_head++;
580         if (s->rx_status_fifo_head >= s->rx_status_fifo_size) {
581             s->rx_status_fifo_head -= s->rx_status_fifo_size;
582         }
583         /* ??? What value should be returned when the FIFO is empty?  */
584         DPRINTF("RX status pop 0x%08x\n", val);
585     }
586     return val;
587 }
588 
tx_status_fifo_pop(lan9118_state * s)589 static uint32_t tx_status_fifo_pop(lan9118_state *s)
590 {
591     uint32_t val;
592 
593     val = s->tx_status_fifo[s->tx_status_fifo_head];
594     if (s->tx_status_fifo_used != 0) {
595         s->tx_status_fifo_used--;
596         s->tx_status_fifo_head = (s->tx_status_fifo_head + 1) & 511;
597         /* ??? What value should be returned when the FIFO is empty?  */
598     }
599     return val;
600 }
601 
tx_fifo_push(lan9118_state * s,uint32_t val)602 static void tx_fifo_push(lan9118_state *s, uint32_t val)
603 {
604     int n;
605 
606     if (s->txp->fifo_used == s->tx_fifo_size) {
607         s->int_sts |= TDFO_INT;
608         return;
609     }
610     switch (s->txp->state) {
611     case TX_IDLE:
612         s->txp->cmd_a = val & 0x831f37ff;
613         s->txp->fifo_used++;
614         s->txp->state = TX_B;
615         break;
616     case TX_B:
617         if (s->txp->cmd_a & 0x2000) {
618             /* First segment */
619             s->txp->cmd_b = val;
620             s->txp->fifo_used++;
621             s->txp->buffer_size = s->txp->cmd_a & 0x7ff;
622             s->txp->offset = (s->txp->cmd_a >> 16) & 0x1f;
623             /* End alignment does not include command words.  */
624             n = (s->txp->buffer_size + s->txp->offset + 3) >> 2;
625             switch ((n >> 24) & 3) {
626             case 1:
627                 n = (-n) & 3;
628                 break;
629             case 2:
630                 n = (-n) & 7;
631                 break;
632             default:
633                 n = 0;
634             }
635             s->txp->pad = n;
636             s->txp->len = 0;
637         }
638         DPRINTF("Block len:%d offset:%d pad:%d cmd %08x\n",
639                 s->txp->buffer_size, s->txp->offset, s->txp->pad,
640                 s->txp->cmd_a);
641         s->txp->state = TX_DATA;
642         break;
643     case TX_DATA:
644         if (s->txp->offset >= 4) {
645             s->txp->offset -= 4;
646             break;
647         }
648         if (s->txp->buffer_size <= 0 && s->txp->pad != 0) {
649             s->txp->pad--;
650         } else {
651             n = 4;
652             while (s->txp->offset) {
653                 val >>= 8;
654                 n--;
655                 s->txp->offset--;
656             }
657             /* Documentation is somewhat unclear on the ordering of bytes
658                in FIFO words.  Empirical results show it to be little-endian.
659                */
660             /* TODO: FIFO overflow checking.  */
661             while (n--) {
662                 s->txp->data[s->txp->len] = val & 0xff;
663                 s->txp->len++;
664                 val >>= 8;
665                 s->txp->buffer_size--;
666             }
667             s->txp->fifo_used++;
668         }
669         if (s->txp->buffer_size <= 0 && s->txp->pad == 0) {
670             if (s->txp->cmd_a & 0x1000) {
671                 do_tx_packet(s);
672             }
673             if (s->txp->cmd_a & 0x80000000) {
674                 s->int_sts |= TX_IOC_INT;
675             }
676             s->txp->state = TX_IDLE;
677         }
678         break;
679     }
680 }
681 
do_phy_read(lan9118_state * s,int reg)682 static uint32_t do_phy_read(lan9118_state *s, int reg)
683 {
684     uint32_t val;
685 
686     switch (reg) {
687     case 0: /* Basic Control */
688         return s->phy_control;
689     case 1: /* Basic Status */
690         return s->phy_status;
691     case 2: /* ID1 */
692         return 0x0007;
693     case 3: /* ID2 */
694         return 0xc0d1;
695     case 4: /* Auto-neg advertisment */
696         return s->phy_advertise;
697     case 5: /* Auto-neg Link Partner Ability */
698         return 0x0f71;
699     case 6: /* Auto-neg Expansion */
700         return 1;
701         /* TODO 17, 18, 27, 29, 30, 31 */
702     case 29: /* Interrupt source.  */
703         val = s->phy_int;
704         s->phy_int = 0;
705         phy_update_irq(s);
706         return val;
707     case 30: /* Interrupt mask */
708         return s->phy_int_mask;
709     default:
710         BADF("PHY read reg %d\n", reg);
711         return 0;
712     }
713 }
714 
do_phy_write(lan9118_state * s,int reg,uint32_t val)715 static void do_phy_write(lan9118_state *s, int reg, uint32_t val)
716 {
717     switch (reg) {
718     case 0: /* Basic Control */
719         if (val & 0x8000) {
720             phy_reset(s);
721             break;
722         }
723         s->phy_control = val & 0x7980;
724         /* Complete autonegotiation imediately.  */
725         if (val & 0x1000) {
726             s->phy_status |= 0x0020;
727         }
728         break;
729     case 4: /* Auto-neg advertisment */
730         s->phy_advertise = (val & 0x2d7f) | 0x80;
731         break;
732         /* TODO 17, 18, 27, 31 */
733     case 30: /* Interrupt mask */
734         s->phy_int_mask = val & 0xff;
735         phy_update_irq(s);
736         break;
737     default:
738         BADF("PHY write reg %d = 0x%04x\n", reg, val);
739     }
740 }
741 
do_mac_write(lan9118_state * s,int reg,uint32_t val)742 static void do_mac_write(lan9118_state *s, int reg, uint32_t val)
743 {
744     switch (reg) {
745     case MAC_CR:
746         if ((s->mac_cr & MAC_CR_RXEN) != 0 && (val & MAC_CR_RXEN) == 0) {
747             s->int_sts |= RXSTOP_INT;
748         }
749         s->mac_cr = val & ~MAC_CR_RESERVED;
750         DPRINTF("MAC_CR: %08x\n", val);
751         break;
752     case MAC_ADDRH:
753         s->conf.macaddr.a[4] = val & 0xff;
754         s->conf.macaddr.a[5] = (val >> 8) & 0xff;
755         lan9118_mac_changed(s);
756         break;
757     case MAC_ADDRL:
758         s->conf.macaddr.a[0] = val & 0xff;
759         s->conf.macaddr.a[1] = (val >> 8) & 0xff;
760         s->conf.macaddr.a[2] = (val >> 16) & 0xff;
761         s->conf.macaddr.a[3] = (val >> 24) & 0xff;
762         lan9118_mac_changed(s);
763         break;
764     case MAC_HASHH:
765         s->mac_hashh = val;
766         break;
767     case MAC_HASHL:
768         s->mac_hashl = val;
769         break;
770     case MAC_MII_ACC:
771         s->mac_mii_acc = val & 0xffc2;
772         if (val & 2) {
773             DPRINTF("PHY write %d = 0x%04x\n",
774                     (val >> 6) & 0x1f, s->mac_mii_data);
775             do_phy_write(s, (val >> 6) & 0x1f, s->mac_mii_data);
776         } else {
777             s->mac_mii_data = do_phy_read(s, (val >> 6) & 0x1f);
778             DPRINTF("PHY read %d = 0x%04x\n",
779                     (val >> 6) & 0x1f, s->mac_mii_data);
780         }
781         break;
782     case MAC_MII_DATA:
783         s->mac_mii_data = val & 0xffff;
784         break;
785     case MAC_FLOW:
786         s->mac_flow = val & 0xffff0000;
787         break;
788     case MAC_VLAN1:
789         /* Writing to this register changes a condition for
790          * FrameTooLong bit in rx_status.  Since we do not set
791          * FrameTooLong anyway, just ignore write to this.
792          */
793         break;
794     default:
795         hw_error("lan9118: Unimplemented MAC register write: %d = 0x%x\n",
796                  s->mac_cmd & 0xf, val);
797     }
798 }
799 
do_mac_read(lan9118_state * s,int reg)800 static uint32_t do_mac_read(lan9118_state *s, int reg)
801 {
802     switch (reg) {
803     case MAC_CR:
804         return s->mac_cr;
805     case MAC_ADDRH:
806         return s->conf.macaddr.a[4] | (s->conf.macaddr.a[5] << 8);
807     case MAC_ADDRL:
808         return s->conf.macaddr.a[0] | (s->conf.macaddr.a[1] << 8)
809                | (s->conf.macaddr.a[2] << 16) | (s->conf.macaddr.a[3] << 24);
810     case MAC_HASHH:
811         return s->mac_hashh;
812         break;
813     case MAC_HASHL:
814         return s->mac_hashl;
815         break;
816     case MAC_MII_ACC:
817         return s->mac_mii_acc;
818     case MAC_MII_DATA:
819         return s->mac_mii_data;
820     case MAC_FLOW:
821         return s->mac_flow;
822     default:
823         hw_error("lan9118: Unimplemented MAC register read: %d\n",
824                  s->mac_cmd & 0xf);
825     }
826 }
827 
lan9118_eeprom_cmd(lan9118_state * s,int cmd,int addr)828 static void lan9118_eeprom_cmd(lan9118_state *s, int cmd, int addr)
829 {
830     s->e2p_cmd = (s->e2p_cmd & 0x10) | (cmd << 28) | addr;
831     switch (cmd) {
832     case 0:
833         s->e2p_data = s->eeprom[addr];
834         DPRINTF("EEPROM Read %d = 0x%02x\n", addr, s->e2p_data);
835         break;
836     case 1:
837         s->eeprom_writable = 0;
838         DPRINTF("EEPROM Write Disable\n");
839         break;
840     case 2: /* EWEN */
841         s->eeprom_writable = 1;
842         DPRINTF("EEPROM Write Enable\n");
843         break;
844     case 3: /* WRITE */
845         if (s->eeprom_writable) {
846             s->eeprom[addr] &= s->e2p_data;
847             DPRINTF("EEPROM Write %d = 0x%02x\n", addr, s->e2p_data);
848         } else {
849             DPRINTF("EEPROM Write %d (ignored)\n", addr);
850         }
851         break;
852     case 4: /* WRAL */
853         if (s->eeprom_writable) {
854             for (addr = 0; addr < 128; addr++) {
855                 s->eeprom[addr] &= s->e2p_data;
856             }
857             DPRINTF("EEPROM Write All 0x%02x\n", s->e2p_data);
858         } else {
859             DPRINTF("EEPROM Write All (ignored)\n");
860         }
861     case 5: /* ERASE */
862         if (s->eeprom_writable) {
863             s->eeprom[addr] = 0xff;
864             DPRINTF("EEPROM Erase %d\n", addr);
865         } else {
866             DPRINTF("EEPROM Erase %d (ignored)\n", addr);
867         }
868         break;
869     case 6: /* ERAL */
870         if (s->eeprom_writable) {
871             memset(s->eeprom, 0xff, 128);
872             DPRINTF("EEPROM Erase All\n");
873         } else {
874             DPRINTF("EEPROM Erase All (ignored)\n");
875         }
876         break;
877     case 7: /* RELOAD */
878         lan9118_reload_eeprom(s);
879         break;
880     }
881 }
882 
lan9118_tick(void * opaque)883 static void lan9118_tick(void *opaque)
884 {
885     lan9118_state *s = (lan9118_state *)opaque;
886     if (s->int_en & GPT_INT) {
887         s->int_sts |= GPT_INT;
888     }
889     lan9118_update(s);
890 }
891 
lan9118_writel(void * opaque,target_phys_addr_t offset,uint32_t val)892 static void lan9118_writel(void *opaque, target_phys_addr_t offset,
893                            uint32_t val)
894 {
895     lan9118_state *s = (lan9118_state *)opaque;
896     offset &= 0xff;
897 
898     //DPRINTF("Write reg 0x%02x = 0x%08x\n", (int)offset, val);
899     if (offset >= 0x20 && offset < 0x40) {
900         /* TX FIFO */
901         tx_fifo_push(s, val);
902         return;
903     }
904     switch (offset) {
905     case CSR_IRQ_CFG:
906         /* TODO: Implement interrupt deassertion intervals.  */
907         s->irq_cfg = (s->irq_cfg & IRQ_INT) | (val & IRQ_EN);
908         break;
909     case CSR_INT_STS:
910         s->int_sts &= ~val;
911         break;
912     case CSR_INT_EN:
913         s->int_en = val & ~RESERVED_INT;
914         s->int_sts |= val & SW_INT;
915         break;
916     case CSR_FIFO_INT:
917         DPRINTF("FIFO INT levels %08x\n", val);
918         s->fifo_int = val;
919         break;
920     case CSR_RX_CFG:
921         if (val & 0x8000) {
922             /* RX_DUMP */
923             s->rx_fifo_used = 0;
924             s->rx_status_fifo_used = 0;
925             s->rx_packet_size_tail = s->rx_packet_size_head;
926             s->rx_packet_size[s->rx_packet_size_head] = 0;
927         }
928         s->rx_cfg = val & 0xcfff1ff0;
929         break;
930     case CSR_TX_CFG:
931         if (val & 0x8000) {
932             s->tx_status_fifo_used = 0;
933         }
934         if (val & 0x4000) {
935             s->txp->state = TX_IDLE;
936             s->txp->fifo_used = 0;
937             s->txp->cmd_a = 0xffffffff;
938         }
939         s->tx_cfg = val & 6;
940         break;
941     case CSR_HW_CFG:
942         if (val & 1) {
943             /* SRST */
944             lan9118_reset(&s->busdev.qdev);
945         } else {
946             s->hw_cfg = val & 0x003f300;
947         }
948         break;
949     case CSR_RX_DP_CTRL:
950         if (val & 0x80000000) {
951             /* Skip forward to next packet.  */
952             s->rxp_pad = 0;
953             s->rxp_offset = 0;
954             if (s->rxp_size == 0) {
955                 /* Pop a word to start the next packet.  */
956                 rx_fifo_pop(s);
957                 s->rxp_pad = 0;
958                 s->rxp_offset = 0;
959             }
960             s->rx_fifo_head += s->rxp_size;
961             if (s->rx_fifo_head >= s->rx_fifo_size) {
962                 s->rx_fifo_head -= s->rx_fifo_size;
963             }
964         }
965         break;
966     case CSR_PMT_CTRL:
967         if (val & 0x400) {
968             phy_reset(s);
969         }
970         s->pmt_ctrl &= ~0x34e;
971         s->pmt_ctrl |= (val & 0x34e);
972         break;
973     case CSR_GPIO_CFG:
974         /* Probably just enabling LEDs.  */
975         s->gpio_cfg = val & 0x7777071f;
976         break;
977     case CSR_GPT_CFG:
978         if ((s->gpt_cfg ^ val) & GPT_TIMER_EN) {
979             if (val & GPT_TIMER_EN) {
980                 ptimer_set_count(s->timer, val & 0xffff);
981                 ptimer_run(s->timer, 0);
982             } else {
983                 ptimer_stop(s->timer);
984                 ptimer_set_count(s->timer, 0xffff);
985             }
986         }
987         s->gpt_cfg = val & (GPT_TIMER_EN | 0xffff);
988         break;
989     case CSR_WORD_SWAP:
990         /* Ignored because we're in 32-bit mode.  */
991         s->word_swap = val;
992         break;
993     case CSR_MAC_CSR_CMD:
994         s->mac_cmd = val & 0x4000000f;
995         if (val & 0x80000000) {
996             if (val & 0x40000000) {
997                 s->mac_data = do_mac_read(s, val & 0xf);
998                 DPRINTF("MAC read %d = 0x%08x\n", val & 0xf, s->mac_data);
999             } else {
1000                 DPRINTF("MAC write %d = 0x%08x\n", val & 0xf, s->mac_data);
1001                 do_mac_write(s, val & 0xf, s->mac_data);
1002             }
1003         }
1004         break;
1005     case CSR_MAC_CSR_DATA:
1006         s->mac_data = val;
1007         break;
1008     case CSR_AFC_CFG:
1009         s->afc_cfg = val & 0x00ffffff;
1010         break;
1011     case CSR_E2P_CMD:
1012         lan9118_eeprom_cmd(s, (val >> 28) & 7, val & 0x7f);
1013         break;
1014     case CSR_E2P_DATA:
1015         s->e2p_data = val & 0xff;
1016         break;
1017 
1018     default:
1019         hw_error("lan9118_write: Bad reg 0x%x = %x\n", (int)offset, val);
1020         break;
1021     }
1022     lan9118_update(s);
1023 }
1024 
lan9118_readl(void * opaque,target_phys_addr_t offset)1025 static uint32_t lan9118_readl(void *opaque, target_phys_addr_t offset)
1026 {
1027     lan9118_state *s = (lan9118_state *)opaque;
1028 
1029     //DPRINTF("Read reg 0x%02x\n", (int)offset);
1030     if (offset < 0x20) {
1031         /* RX FIFO */
1032         return rx_fifo_pop(s);
1033     }
1034     switch (offset) {
1035     case 0x40:
1036         return rx_status_fifo_pop(s);
1037     case 0x44:
1038         return s->rx_status_fifo[s->tx_status_fifo_head];
1039     case 0x48:
1040         return tx_status_fifo_pop(s);
1041     case 0x4c:
1042         return s->tx_status_fifo[s->tx_status_fifo_head];
1043     case CSR_ID_REV:
1044         return 0x01180001;
1045     case CSR_IRQ_CFG:
1046         return s->irq_cfg;
1047     case CSR_INT_STS:
1048         return s->int_sts;
1049     case CSR_INT_EN:
1050         return s->int_en;
1051     case CSR_BYTE_TEST:
1052         return 0x87654321;
1053     case CSR_FIFO_INT:
1054         return s->fifo_int;
1055     case CSR_RX_CFG:
1056         return s->rx_cfg;
1057     case CSR_TX_CFG:
1058         return s->tx_cfg;
1059     case CSR_HW_CFG:
1060         return s->hw_cfg | 0x4;
1061     case CSR_RX_DP_CTRL:
1062         return 0;
1063     case CSR_RX_FIFO_INF:
1064         return (s->rx_status_fifo_used << 16) | (s->rx_fifo_used << 2);
1065     case CSR_TX_FIFO_INF:
1066         return (s->tx_status_fifo_used << 16)
1067                | (s->tx_fifo_size - s->txp->fifo_used);
1068     case CSR_PMT_CTRL:
1069         return s->pmt_ctrl;
1070     case CSR_GPIO_CFG:
1071         return s->gpio_cfg;
1072     case CSR_GPT_CFG:
1073         return s->gpt_cfg;
1074     case CSR_GPT_CNT:
1075         return ptimer_get_count(s->timer);
1076     case CSR_WORD_SWAP:
1077         return s->word_swap;
1078     case CSR_FREE_RUN:
1079         return (qemu_get_clock(vm_clock) / 40) - s->free_timer_start;
1080     case CSR_RX_DROP:
1081         /* TODO: Implement dropped frames counter.  */
1082         return 0;
1083     case CSR_MAC_CSR_CMD:
1084         return s->mac_cmd;
1085     case CSR_MAC_CSR_DATA:
1086         return s->mac_data;
1087     case CSR_AFC_CFG:
1088         return s->afc_cfg;
1089     case CSR_E2P_CMD:
1090         return s->e2p_cmd;
1091     case CSR_E2P_DATA:
1092         return s->e2p_data;
1093     }
1094     hw_error("lan9118_read: Bad reg 0x%x\n", (int)offset);
1095     return 0;
1096 }
1097 
1098 static CPUReadMemoryFunc * const lan9118_readfn[] = {
1099     lan9118_readl,
1100     lan9118_readl,
1101     lan9118_readl
1102 };
1103 
1104 static CPUWriteMemoryFunc * const lan9118_writefn[] = {
1105     lan9118_writel,
1106     lan9118_writel,
1107     lan9118_writel
1108 };
1109 
lan9118_cleanup(VLANClientState * nc)1110 static void lan9118_cleanup(VLANClientState *nc)
1111 {
1112     lan9118_state *s = DO_UPCAST(NICState, nc, nc)->opaque;
1113 
1114     s->nic = NULL;
1115 }
1116 
1117 static NetClientInfo net_lan9118_info = {
1118     .type = NET_CLIENT_TYPE_NIC,
1119     .size = sizeof(NICState),
1120     .can_receive = lan9118_can_receive,
1121     .receive = lan9118_receive,
1122     .cleanup = lan9118_cleanup,
1123     .link_status_changed = lan9118_set_link,
1124 };
1125 
lan9118_init1(SysBusDevice * dev)1126 static int lan9118_init1(SysBusDevice *dev)
1127 {
1128     lan9118_state *s = FROM_SYSBUS(lan9118_state, dev);
1129     QEMUBH *bh;
1130     int i;
1131 
1132     s->mmio_index = cpu_register_io_memory(lan9118_readfn,
1133                                            lan9118_writefn, s,
1134                                            DEVICE_NATIVE_ENDIAN);
1135     sysbus_init_mmio(dev, 0x100, s->mmio_index);
1136     sysbus_init_irq(dev, &s->irq);
1137     qemu_macaddr_default_if_unset(&s->conf.macaddr);
1138 
1139     s->nic = qemu_new_nic(&net_lan9118_info, &s->conf,
1140                           dev->qdev.info->name, dev->qdev.id, s);
1141     qemu_format_nic_info_str(&s->nic->nc, s->conf.macaddr.a);
1142     s->eeprom[0] = 0xa5;
1143     for (i = 0; i < 6; i++) {
1144         s->eeprom[i + 1] = s->conf.macaddr.a[i];
1145     }
1146     s->pmt_ctrl = 1;
1147     s->txp = &s->tx_packet;
1148 
1149     bh = qemu_bh_new(lan9118_tick, s);
1150     s->timer = ptimer_init(bh);
1151     ptimer_set_freq(s->timer, 10000);
1152     ptimer_set_limit(s->timer, 0xffff, 1);
1153 
1154     /* ??? Save/restore.  */
1155     return 0;
1156 }
1157 
1158 static SysBusDeviceInfo lan9118_info = {
1159     .init = lan9118_init1,
1160     .qdev.name  = "lan9118",
1161     .qdev.size  = sizeof(lan9118_state),
1162     .qdev.reset = lan9118_reset,
1163     .qdev.props = (Property[]) {
1164         DEFINE_NIC_PROPERTIES(lan9118_state, conf),
1165         DEFINE_PROP_END_OF_LIST(),
1166     }
1167 };
1168 
lan9118_register_devices(void)1169 static void lan9118_register_devices(void)
1170 {
1171     sysbus_register_withprop(&lan9118_info);
1172 }
1173 
1174 /* Legacy helper function.  Should go away when machine config files are
1175    implemented.  */
lan9118_init(NICInfo * nd,uint32_t base,qemu_irq irq)1176 void lan9118_init(NICInfo *nd, uint32_t base, qemu_irq irq)
1177 {
1178     DeviceState *dev;
1179     SysBusDevice *s;
1180 
1181     qemu_check_nic_model(nd, "lan9118");
1182     dev = qdev_create(NULL, "lan9118");
1183     qdev_set_nic_properties(dev, nd);
1184     qdev_init_nofail(dev);
1185     s = sysbus_from_qdev(dev);
1186     sysbus_mmio_map(s, 0, base);
1187     sysbus_connect_irq(s, 0, irq);
1188 }
1189 
1190 device_init(lan9118_register_devices)
1191