search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Fix 32-bit overflow in parallels image support
[qemu-kvm/fedora.git] / hw / eepro100.c
blobec31a6a9c257b8c3bceeba43a872015798d01fd5
1 /*
2 * QEMU i8255x (PRO100) emulation
3 *
4 * Copyright (c) 2006-2007 Stefan Weil
5 *
6 * Portions of the code are copies from grub / etherboot eepro100.c
7 * and linux e100.c.
8 *
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, see <http://www.gnu.org/licenses/>.
21 *
22 * Tested features (i82559):
23 * PXE boot (i386) no valid link
24 * Linux networking (i386) ok
25 *
26 * Untested:
27 * non-i386 platforms
28 * Windows networking
29 *
30 * References:
31 *
32 * Intel 8255x 10/100 Mbps Ethernet Controller Family
33 * Open Source Software Developer Manual
34 */
35
36 #if defined(TARGET_I386)
37 # warning "PXE boot still not working!"
38 #endif
39
40 #include <stddef.h> /* offsetof */
41 #include "hw.h"
42 #include "pci.h"
43 #include "net.h"
44 #include "eeprom93xx.h"
45
46 /* Common declarations for all PCI devices. */
47
48 #define PCI_CONFIG_8(offset, value) \
49 (pci_conf[offset] = (value))
50 #define PCI_CONFIG_16(offset, value) \
51 (*(uint16_t *)&pci_conf[offset] = cpu_to_le16(value))
52 #define PCI_CONFIG_32(offset, value) \
53 (*(uint32_t *)&pci_conf[offset] = cpu_to_le32(value))
54
55 #define KiB 1024
56
57 /* debug EEPRO100 card */
58 //~ #define DEBUG_EEPRO100
59
60 #ifdef DEBUG_EEPRO100
61 #define logout(fmt, ...) fprintf(stderr, "EE100\t%-24s" fmt, __func__, ## __VA_ARGS__)
62 #else
63 #define logout(fmt, ...) ((void)0)
64 #endif
65
66 /* Set flags to 0 to disable debug output. */
67 #define MDI 0
68
69 #define TRACE(flag, command) ((flag) ? (command) : (void)0)
70
71 #define missing(text) assert(!"feature is missing in this emulation: " text)
72
73 #define MAX_ETH_FRAME_SIZE 1514
74
75 /* This driver supports several different devices which are declared here. */
76 #define i82551 0x82551
77 #define i82557B 0x82557b
78 #define i82557C 0x82557c
79 #define i82558B 0x82558b
80 #define i82559C 0x82559c
81 #define i82559ER 0x82559e
82 #define i82562 0x82562
83
84 #define EEPROM_SIZE 64
85
86 #define PCI_MEM_SIZE (4 * KiB)
87 #define PCI_IO_SIZE 64
88 #define PCI_FLASH_SIZE (128 * KiB)
89
90 #define BIT(n) (1 << (n))
91 #define BITS(n, m) (((0xffffffffU << (31 - n)) >> (31 - n + m)) << m)
92
93 /* The SCB accepts the following controls for the Tx and Rx units: */
94 #define CU_NOP 0x0000 /* No operation. */
95 #define CU_START 0x0010 /* CU start. */
96 #define CU_RESUME 0x0020 /* CU resume. */
97 #define CU_STATSADDR 0x0040 /* Load dump counters address. */
98 #define CU_SHOWSTATS 0x0050 /* Dump statistical counters. */
99 #define CU_CMD_BASE 0x0060 /* Load CU base address. */
100 #define CU_DUMPSTATS 0x0070 /* Dump and reset statistical counters. */
101 #define CU_SRESUME 0x00a0 /* CU static resume. */
102
103 #define RU_NOP 0x0000
104 #define RX_START 0x0001
105 #define RX_RESUME 0x0002
106 #define RX_ABORT 0x0004
107 #define RX_ADDR_LOAD 0x0006
108 #define RX_RESUMENR 0x0007
109 #define INT_MASK 0x0100
110 #define DRVR_INT 0x0200 /* Driver generated interrupt. */
111
112 typedef unsigned char bool;
113
114 /* Offsets to the various registers.
115 All accesses need not be longword aligned. */
116 enum speedo_offsets {
117 SCBStatus = 0,
118 SCBAck = 1,
119 SCBCmd = 2, /* Rx/Command Unit command and status. */
120 SCBIntmask = 3,
121 SCBPointer = 4, /* General purpose pointer. */
122 SCBPort = 8, /* Misc. commands and operands. */
123 SCBflash = 12, SCBeeprom = 14, /* EEPROM and flash memory control. */
124 SCBCtrlMDI = 16, /* MDI interface control. */
125 SCBEarlyRx = 20, /* Early receive byte count. */
126 SCBFlow = 24,
127 };
128
129 /* A speedo3 transmit buffer descriptor with two buffers... */
130 typedef struct {
131 uint16_t status;
132 uint16_t command;
133 uint32_t link; /* void * */
134 uint32_t tx_desc_addr; /* transmit buffer decsriptor array address. */
135 uint16_t tcb_bytes; /* transmit command block byte count (in lower 14 bits */
136 uint8_t tx_threshold; /* transmit threshold */
137 uint8_t tbd_count; /* TBD number */
138 //~ /* This constitutes two "TBD" entries: hdr and data */
139 //~ uint32_t tx_buf_addr0; /* void *, header of frame to be transmitted. */
140 //~ int32_t tx_buf_size0; /* Length of Tx hdr. */
141 //~ uint32_t tx_buf_addr1; /* void *, data to be transmitted. */
142 //~ int32_t tx_buf_size1; /* Length of Tx data. */
143 } eepro100_tx_t;
144
145 /* Receive frame descriptor. */
146 typedef struct {
147 int16_t status;
148 uint16_t command;
149 uint32_t link; /* struct RxFD * */
150 uint32_t rx_buf_addr; /* void * */
151 uint16_t count;
152 uint16_t size;
153 char packet[MAX_ETH_FRAME_SIZE + 4];
154 } eepro100_rx_t;
155
156 typedef struct {
157 uint32_t tx_good_frames, tx_max_collisions, tx_late_collisions,
158 tx_underruns, tx_lost_crs, tx_deferred, tx_single_collisions,
159 tx_multiple_collisions, tx_total_collisions;
160 uint32_t rx_good_frames, rx_crc_errors, rx_alignment_errors,
161 rx_resource_errors, rx_overrun_errors, rx_cdt_errors,
162 rx_short_frame_errors;
163 uint32_t fc_xmt_pause, fc_rcv_pause, fc_rcv_unsupported;
164 uint16_t xmt_tco_frames, rcv_tco_frames;
165 uint32_t complete;
166 } eepro100_stats_t;
167
168 typedef enum {
169 cu_idle = 0,
170 cu_suspended = 1,
171 cu_active = 2,
172 cu_lpq_active = 2,
173 cu_hqp_active = 3
174 } cu_state_t;
175
176 typedef enum {
177 ru_idle = 0,
178 ru_suspended = 1,
179 ru_no_resources = 2,
180 ru_ready = 4
181 } ru_state_t;
182
183 typedef struct {
184 #if 1
185 uint8_t cmd;
186 uint32_t start;
187 uint32_t stop;
188 uint8_t boundary;
189 uint8_t tsr;
190 uint8_t tpsr;
191 uint16_t tcnt;
192 uint16_t rcnt;
193 uint32_t rsar;
194 uint8_t rsr;
195 uint8_t rxcr;
196 uint8_t isr;
197 uint8_t dcfg;
198 uint8_t imr;
199 uint8_t phys[6]; /* mac address */
200 uint8_t curpag;
201 uint8_t mult[8]; /* multicast mask array */
202 int mmio_index;
203 PCIDevice *pci_dev;
204 VLANClientState *vc;
205 #endif
206 uint8_t scb_stat; /* SCB stat/ack byte */
207 uint8_t int_stat; /* PCI interrupt status */
208 uint32_t region[3]; /* PCI region addresses */
209 uint8_t macaddr[6];
210 uint32_t statcounter[19];
211 uint16_t mdimem[32];
212 eeprom_t *eeprom;
213 uint32_t device; /* device variant */
214 uint32_t pointer;
215 /* (cu_base + cu_offset) address the next command block in the command block list. */
216 uint32_t cu_base; /* CU base address */
217 uint32_t cu_offset; /* CU address offset */
218 /* (ru_base + ru_offset) address the RFD in the Receive Frame Area. */
219 uint32_t ru_base; /* RU base address */
220 uint32_t ru_offset; /* RU address offset */
221 uint32_t statsaddr; /* pointer to eepro100_stats_t */
222 eepro100_stats_t statistics; /* statistical counters */
223 #if 0
224 uint16_t status;
225 #endif
226
227 /* Configuration bytes. */
228 uint8_t configuration[22];
229
230 /* Data in mem is always in the byte order of the controller (le). */
231 uint8_t mem[PCI_MEM_SIZE];
232 } EEPRO100State;
233
234 /* Default values for MDI (PHY) registers */
235 static const uint16_t eepro100_mdi_default[] = {
236 /* MDI Registers 0 - 6, 7 */
237 0x3000, 0x780d, 0x02a8, 0x0154, 0x05e1, 0x0000, 0x0000, 0x0000,
238 /* MDI Registers 8 - 15 */
239 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
240 /* MDI Registers 16 - 31 */
241 0x0003, 0x0000, 0x0001, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
242 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
243 };
244
245 /* Readonly mask for MDI (PHY) registers */
246 static const uint16_t eepro100_mdi_mask[] = {
247 0x0000, 0xffff, 0xffff, 0xffff, 0xc01f, 0xffff, 0xffff, 0x0000,
248 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
249 0x0fff, 0x0000, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
250 0xffff, 0xffff, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
251 };
252
253 #define POLYNOMIAL 0x04c11db6
254
255 /* From FreeBSD */
256 /* XXX: optimize */
257 static int compute_mcast_idx(const uint8_t * ep)
258 {
259 uint32_t crc;
260 int carry, i, j;
261 uint8_t b;
262
263 crc = 0xffffffff;
264 for (i = 0; i < 6; i++) {
265 b = *ep++;
266 for (j = 0; j < 8; j++) {
267 carry = ((crc & 0x80000000L) ? 1 : 0) ^ (b & 0x01);
268 crc <<= 1;
269 b >>= 1;
270 if (carry)
271 crc = ((crc ^ POLYNOMIAL) | carry);
272 }
273 }
274 return (crc >> 26);
275 }
276
277 #if defined(DEBUG_EEPRO100)
278 static const char *nic_dump(const uint8_t * buf, unsigned size)
279 {
280 static char dump[3 * 16 + 1];
281 char *p = &dump[0];
282 if (size > 16)
283 size = 16;
284 while (size-- > 0) {
285 p += sprintf(p, " %02x", *buf++);
286 }
287 return dump;
288 }
289 #endif /* DEBUG_EEPRO100 */
290
291 enum scb_stat_ack {
292 stat_ack_not_ours = 0x00,
293 stat_ack_sw_gen = 0x04,
294 stat_ack_rnr = 0x10,
295 stat_ack_cu_idle = 0x20,
296 stat_ack_frame_rx = 0x40,
297 stat_ack_cu_cmd_done = 0x80,
298 stat_ack_not_present = 0xFF,
299 stat_ack_rx = (stat_ack_sw_gen | stat_ack_rnr | stat_ack_frame_rx),
300 stat_ack_tx = (stat_ack_cu_idle | stat_ack_cu_cmd_done),
301 };
302
303 static void disable_interrupt(EEPRO100State * s)
304 {
305 if (s->int_stat) {
306 logout("interrupt disabled\n");
307 qemu_irq_lower(s->pci_dev->irq[0]);
308 s->int_stat = 0;
309 }
310 }
311
312 static void enable_interrupt(EEPRO100State * s)
313 {
314 if (!s->int_stat) {
315 logout("interrupt enabled\n");
316 qemu_irq_raise(s->pci_dev->irq[0]);
317 s->int_stat = 1;
318 }
319 }
320
321 static void eepro100_acknowledge(EEPRO100State * s)
322 {
323 s->scb_stat &= ~s->mem[SCBAck];
324 s->mem[SCBAck] = s->scb_stat;
325 if (s->scb_stat == 0) {
326 disable_interrupt(s);
327 }
328 }
329
330 static void eepro100_interrupt(EEPRO100State * s, uint8_t stat)
331 {
332 uint8_t mask = ~s->mem[SCBIntmask];
333 s->mem[SCBAck] |= stat;
334 stat = s->scb_stat = s->mem[SCBAck];
335 stat &= (mask | 0x0f);
336 //~ stat &= (~s->mem[SCBIntmask] | 0x0xf);
337 if (stat && (mask & 0x01)) {
338 /* SCB mask and SCB Bit M do not disable interrupt. */
339 enable_interrupt(s);
340 } else if (s->int_stat) {
341 disable_interrupt(s);
342 }
343 }
344
345 static void eepro100_cx_interrupt(EEPRO100State * s)
346 {
347 /* CU completed action command. */
348 /* Transmit not ok (82557 only, not in emulation). */
349 eepro100_interrupt(s, 0x80);
350 }
351
352 static void eepro100_cna_interrupt(EEPRO100State * s)
353 {
354 /* CU left the active state. */
355 eepro100_interrupt(s, 0x20);
356 }
357
358 static void eepro100_fr_interrupt(EEPRO100State * s)
359 {
360 /* RU received a complete frame. */
361 eepro100_interrupt(s, 0x40);
362 }
363
364 #if 0
365 static void eepro100_rnr_interrupt(EEPRO100State * s)
366 {
367 /* RU is not ready. */
368 eepro100_interrupt(s, 0x10);
369 }
370 #endif
371
372 static void eepro100_mdi_interrupt(EEPRO100State * s)
373 {
374 /* MDI completed read or write cycle. */
375 eepro100_interrupt(s, 0x08);
376 }
377
378 static void eepro100_swi_interrupt(EEPRO100State * s)
379 {
380 /* Software has requested an interrupt. */
381 eepro100_interrupt(s, 0x04);
382 }
383
384 #if 0
385 static void eepro100_fcp_interrupt(EEPRO100State * s)
386 {
387 /* Flow control pause interrupt (82558 and later). */
388 eepro100_interrupt(s, 0x01);
389 }
390 #endif
391
392 static void pci_reset(EEPRO100State * s)
393 {
394 uint32_t device = s->device;
395 uint8_t *pci_conf = s->pci_dev->config;
396
397 logout("%p\n", s);
398
399 /* PCI Vendor ID */
400 pci_config_set_vendor_id(pci_conf, PCI_VENDOR_ID_INTEL);
401 /* PCI Device ID */
402 pci_config_set_device_id(pci_conf, PCI_DEVICE_ID_INTEL_82551IT);
403 /* PCI Command */
404 PCI_CONFIG_16(PCI_COMMAND, 0x0000);
405 /* PCI Status */
406 PCI_CONFIG_16(PCI_STATUS, 0x2800);
407 /* PCI Revision ID */
408 PCI_CONFIG_8(PCI_REVISION_ID, 0x08);
409 /* PCI Class Code */
410 PCI_CONFIG_8(0x09, 0x00);
411 pci_config_set_class(pci_conf, PCI_CLASS_NETWORK_ETHERNET);
412 /* PCI Cache Line Size */
413 /* check cache line size!!! */
414 //~ PCI_CONFIG_8(0x0c, 0x00);
415 /* PCI Latency Timer */
416 PCI_CONFIG_8(0x0d, 0x20); // latency timer = 32 clocks
417 /* PCI Header Type */
418 /* BIST (built-in self test) */
419 #if defined(TARGET_I386)
420 // !!! workaround for buggy bios
421 //~ #define PCI_ADDRESS_SPACE_MEM_PREFETCH 0
422 #endif
423 #if 0
424 /* PCI Base Address Registers */
425 /* CSR Memory Mapped Base Address */
426 PCI_CONFIG_32(PCI_BASE_ADDRESS_0,
427 PCI_ADDRESS_SPACE_MEM | PCI_ADDRESS_SPACE_MEM_PREFETCH);
428 /* CSR I/O Mapped Base Address */
429 PCI_CONFIG_32(PCI_BASE_ADDRESS_1, PCI_ADDRESS_SPACE_IO);
430 #if 0
431 /* Flash Memory Mapped Base Address */
432 PCI_CONFIG_32(PCI_BASE_ADDRESS_2, 0xfffe0000 | PCI_ADDRESS_SPACE_MEM);
433 #endif
434 #endif
435 /* Expansion ROM Base Address (depends on boot disable!!!) */
436 PCI_CONFIG_32(0x30, 0x00000000);
437 /* Capability Pointer */
438 PCI_CONFIG_8(0x34, 0xdc);
439 /* Interrupt Pin */
440 PCI_CONFIG_8(0x3d, 1); // interrupt pin 0
441 /* Minimum Grant */
442 PCI_CONFIG_8(0x3e, 0x08);
443 /* Maximum Latency */
444 PCI_CONFIG_8(0x3f, 0x18);
445 /* Power Management Capabilities / Next Item Pointer / Capability ID */
446 PCI_CONFIG_32(0xdc, 0x7e210001);
447
448 switch (device) {
449 case i82551:
450 //~ PCI_CONFIG_16(PCI_DEVICE_ID, 0x1209);
451 PCI_CONFIG_8(PCI_REVISION_ID, 0x0f);
452 break;
453 case i82557B:
454 PCI_CONFIG_16(PCI_DEVICE_ID, 0x1229);
455 PCI_CONFIG_8(PCI_REVISION_ID, 0x02);
456 break;
457 case i82557C:
458 PCI_CONFIG_16(PCI_DEVICE_ID, 0x1229);
459 PCI_CONFIG_8(PCI_REVISION_ID, 0x03);
460 break;
461 case i82558B:
462 PCI_CONFIG_16(PCI_DEVICE_ID, 0x1229);
463 PCI_CONFIG_16(PCI_STATUS, 0x2810);
464 PCI_CONFIG_8(PCI_REVISION_ID, 0x05);
465 break;
466 case i82559C:
467 PCI_CONFIG_16(PCI_DEVICE_ID, 0x1229);
468 PCI_CONFIG_16(PCI_STATUS, 0x2810);
469 //~ PCI_CONFIG_8(PCI_REVISION_ID, 0x08);
470 break;
471 case i82559ER:
472 //~ PCI_CONFIG_16(PCI_DEVICE_ID, 0x1209);
473 PCI_CONFIG_16(PCI_STATUS, 0x2810);
474 PCI_CONFIG_8(PCI_REVISION_ID, 0x09);
475 break;
476 //~ PCI_CONFIG_16(PCI_DEVICE_ID, 0x1029);
477 //~ PCI_CONFIG_16(PCI_DEVICE_ID, 0x1030); /* 82559 InBusiness 10/100 */
478 default:
479 logout("Device %X is undefined!\n", device);
480 }
481
482 if (device == i82557C || device == i82558B || device == i82559C) {
483 logout("Get device id and revision from EEPROM!!!\n");
484 }
485 }
486
487 static void nic_selective_reset(EEPRO100State * s)
488 {
489 size_t i;
490 uint16_t *eeprom_contents = eeprom93xx_data(s->eeprom);
491 //~ eeprom93xx_reset(s->eeprom);
492 memcpy(eeprom_contents, s->macaddr, 6);
493 eeprom_contents[0xa] = 0x4000;
494 uint16_t sum = 0;
495 for (i = 0; i < EEPROM_SIZE - 1; i++) {
496 sum += eeprom_contents[i];
497 }
498 eeprom_contents[EEPROM_SIZE - 1] = 0xbaba - sum;
499
500 memset(s->mem, 0, sizeof(s->mem));
501 uint32_t val = BIT(21);
502 memcpy(&s->mem[SCBCtrlMDI], &val, sizeof(val));
503
504 assert(sizeof(s->mdimem) == sizeof(eepro100_mdi_default));
505 memcpy(&s->mdimem[0], &eepro100_mdi_default[0], sizeof(s->mdimem));
506 }
507
508 static void nic_reset(void *opaque)
509 {
510 EEPRO100State *s = (EEPRO100State *) opaque;
511 logout("%p\n", s);
512 static int first;
513 if (!first) {
514 first = 1;
515 }
516 nic_selective_reset(s);
517 }
518
519 #if defined(DEBUG_EEPRO100)
520 static const char *reg[PCI_IO_SIZE / 4] = {
521 "Command/Status",
522 "General Pointer",
523 "Port",
524 "EEPROM/Flash Control",
525 "MDI Control",
526 "Receive DMA Byte Count",
527 "Flow control register",
528 "General Status/Control"
529 };
530
531 static char *regname(uint32_t addr)
532 {
533 static char buf[16];
534 if (addr < PCI_IO_SIZE) {
535 const char *r = reg[addr / 4];
536 if (r != 0) {
537 sprintf(buf, "%s+%u", r, addr % 4);
538 } else {
539 sprintf(buf, "0x%02x", addr);
540 }
541 } else {
542 sprintf(buf, "??? 0x%08x", addr);
543 }
544 return buf;
545 }
546 #endif /* DEBUG_EEPRO100 */
547
548 #if 0
549 static uint16_t eepro100_read_status(EEPRO100State * s)
550 {
551 uint16_t val = s->status;
552 logout("val=0x%04x\n", val);
553 return val;
554 }
555
556 static void eepro100_write_status(EEPRO100State * s, uint16_t val)
557 {
558 logout("val=0x%04x\n", val);
559 s->status = val;
560 }
561 #endif
562
563 /*****************************************************************************
564 *
565 * Command emulation.
566 *
567 ****************************************************************************/
568
569 #if 0
570 static uint16_t eepro100_read_command(EEPRO100State * s)
571 {
572 uint16_t val = 0xffff;
573 //~ logout("val=0x%04x\n", val);
574 return val;
575 }
576 #endif
577
578 /* Commands that can be put in a command list entry. */
579 enum commands {
580 CmdNOp = 0,
581 CmdIASetup = 1,
582 CmdConfigure = 2,
583 CmdMulticastList = 3,
584 CmdTx = 4,
585 CmdTDR = 5, /* load microcode */
586 CmdDump = 6,
587 CmdDiagnose = 7,
588
589 /* And some extra flags: */
590 CmdSuspend = 0x4000, /* Suspend after completion. */
591 CmdIntr = 0x2000, /* Interrupt after completion. */
592 CmdTxFlex = 0x0008, /* Use "Flexible mode" for CmdTx command. */
593 };
594
595 static cu_state_t get_cu_state(EEPRO100State * s)
596 {
597 return ((s->mem[SCBStatus] >> 6) & 0x03);
598 }
599
600 static void set_cu_state(EEPRO100State * s, cu_state_t state)
601 {
602 s->mem[SCBStatus] = (s->mem[SCBStatus] & 0x3f) + (state << 6);
603 }
604
605 static ru_state_t get_ru_state(EEPRO100State * s)
606 {
607 return ((s->mem[SCBStatus] >> 2) & 0x0f);
608 }
609
610 static void set_ru_state(EEPRO100State * s, ru_state_t state)
611 {
612 s->mem[SCBStatus] = (s->mem[SCBStatus] & 0xc3) + (state << 2);
613 }
614
615 static void dump_statistics(EEPRO100State * s)
616 {
617 /* Dump statistical data. Most data is never changed by the emulation
618 * and always 0, so we first just copy the whole block and then those
619 * values which really matter.
620 * Number of data should check configuration!!!
621 */
622 cpu_physical_memory_write(s->statsaddr, (uint8_t *) & s->statistics, 64);
623 stl_phys(s->statsaddr + 0, s->statistics.tx_good_frames);
624 stl_phys(s->statsaddr + 36, s->statistics.rx_good_frames);
625 stl_phys(s->statsaddr + 48, s->statistics.rx_resource_errors);
626 stl_phys(s->statsaddr + 60, s->statistics.rx_short_frame_errors);
627 //~ stw_phys(s->statsaddr + 76, s->statistics.xmt_tco_frames);
628 //~ stw_phys(s->statsaddr + 78, s->statistics.rcv_tco_frames);
629 //~ missing("CU dump statistical counters");
630 }
631
632 static void eepro100_cu_command(EEPRO100State * s, uint8_t val)
633 {
634 eepro100_tx_t tx;
635 uint32_t cb_address;
636 switch (val) {
637 case CU_NOP:
638 /* No operation. */
639 break;
640 case CU_START:
641 if (get_cu_state(s) != cu_idle) {
642 /* Intel documentation says that CU must be idle for the CU
643 * start command. Intel driver for Linux also starts the CU
644 * from suspended state. */
645 logout("CU state is %u, should be %u\n", get_cu_state(s), cu_idle);
646 //~ assert(!"wrong CU state");
647 }
648 set_cu_state(s, cu_active);
649 s->cu_offset = s->pointer;
650 next_command:
651 cb_address = s->cu_base + s->cu_offset;
652 cpu_physical_memory_read(cb_address, (uint8_t *) & tx, sizeof(tx));
653 uint16_t status = le16_to_cpu(tx.status);
654 uint16_t command = le16_to_cpu(tx.command);
655 logout
656 ("val=0x%02x (cu start), status=0x%04x, command=0x%04x, link=0x%08x\n",
657 val, status, command, tx.link);
658 bool bit_el = ((command & 0x8000) != 0);
659 bool bit_s = ((command & 0x4000) != 0);
660 bool bit_i = ((command & 0x2000) != 0);
661 bool bit_nc = ((command & 0x0010) != 0);
662 //~ bool bit_sf = ((command & 0x0008) != 0);
663 uint16_t cmd = command & 0x0007;
664 s->cu_offset = le32_to_cpu(tx.link);
665 switch (cmd) {
666 case CmdNOp:
667 /* Do nothing. */
668 break;
669 case CmdIASetup:
670 cpu_physical_memory_read(cb_address + 8, &s->macaddr[0], 6);
671 logout("macaddr: %s\n", nic_dump(&s->macaddr[0], 6));
672 break;
673 case CmdConfigure:
674 cpu_physical_memory_read(cb_address + 8, &s->configuration[0],
675 sizeof(s->configuration));
676 logout("configuration: %s\n", nic_dump(&s->configuration[0], 16));
677 break;
678 case CmdMulticastList:
679 //~ missing("multicast list");
680 break;
681 case CmdTx:
682 (void)0;
683 uint32_t tbd_array = le32_to_cpu(tx.tx_desc_addr);
684 uint16_t tcb_bytes = (le16_to_cpu(tx.tcb_bytes) & 0x3fff);
685 logout
686 ("transmit, TBD array address 0x%08x, TCB byte count 0x%04x, TBD count %u\n",
687 tbd_array, tcb_bytes, tx.tbd_count);
688 assert(!bit_nc);
689 //~ assert(!bit_sf);
690 assert(tcb_bytes <= 2600);
691 /* Next assertion fails for local configuration. */
692 //~ assert((tcb_bytes > 0) || (tbd_array != 0xffffffff));
693 if (!((tcb_bytes > 0) || (tbd_array != 0xffffffff))) {
694 logout
695 ("illegal values of TBD array address and TCB byte count!\n");
696 }
697 uint8_t buf[MAX_ETH_FRAME_SIZE + 4];
698 uint16_t size = 0;
699 uint32_t tbd_address = cb_address + 0x10;
700 assert(tcb_bytes <= sizeof(buf));
701 while (size < tcb_bytes) {
702 uint32_t tx_buffer_address = ldl_phys(tbd_address);
703 uint16_t tx_buffer_size = lduw_phys(tbd_address + 4);
704 //~ uint16_t tx_buffer_el = lduw_phys(tbd_address + 6);
705 tbd_address += 8;
706 logout
707 ("TBD (simplified mode): buffer address 0x%08x, size 0x%04x\n",
708 tx_buffer_address, tx_buffer_size);
709 cpu_physical_memory_read(tx_buffer_address, &buf[size],
710 tx_buffer_size);
711 size += tx_buffer_size;
712 }
713 if (tbd_array == 0xffffffff) {
714 /* Simplified mode. Was already handled by code above. */
715 } else {
716 /* Flexible mode. */
717 uint8_t tbd_count = 0;
718 if (!(s->configuration[6] & BIT(4))) {
719 /* Extended TCB. */
720 assert(tcb_bytes == 0);
721 for (; tbd_count < 2; tbd_count++) {
722 uint32_t tx_buffer_address = ldl_phys(tbd_address);
723 uint16_t tx_buffer_size = lduw_phys(tbd_address + 4);
724 uint16_t tx_buffer_el = lduw_phys(tbd_address + 6);
725 tbd_address += 8;
726 logout
727 ("TBD (extended mode): buffer address 0x%08x, size 0x%04x\n",
728 tx_buffer_address, tx_buffer_size);
729 cpu_physical_memory_read(tx_buffer_address, &buf[size],
730 tx_buffer_size);
731 size += tx_buffer_size;
732 if (tx_buffer_el & 1) {
733 break;
734 }
735 }
736 }
737 tbd_address = tbd_array;
738 for (; tbd_count < tx.tbd_count; tbd_count++) {
739 uint32_t tx_buffer_address = ldl_phys(tbd_address);
740 uint16_t tx_buffer_size = lduw_phys(tbd_address + 4);
741 uint16_t tx_buffer_el = lduw_phys(tbd_address + 6);
742 tbd_address += 8;
743 logout
744 ("TBD (flexible mode): buffer address 0x%08x, size 0x%04x\n",
745 tx_buffer_address, tx_buffer_size);
746 cpu_physical_memory_read(tx_buffer_address, &buf[size],
747 tx_buffer_size);
748 size += tx_buffer_size;
749 if (tx_buffer_el & 1) {
750 break;
751 }
752 }
753 }
754 qemu_send_packet(s->vc, buf, size);
755 s->statistics.tx_good_frames++;
756 /* Transmit with bad status would raise an CX/TNO interrupt.
757 * (82557 only). Emulation never has bad status. */
758 //~ eepro100_cx_interrupt(s);
759 break;
760 case CmdTDR:
761 logout("load microcode\n");
762 /* Starting with offset 8, the command contains
763 * 64 dwords microcode which we just ignore here. */
764 break;
765 default:
766 missing("undefined command");
767 }
768 /* Write new status (success). */
769 stw_phys(cb_address, status | 0x8000 | 0x2000);
770 if (bit_i) {
771 /* CU completed action. */
772 eepro100_cx_interrupt(s);
773 }
774 if (bit_el) {
775 /* CU becomes idle. */
776 set_cu_state(s, cu_idle);
777 eepro100_cna_interrupt(s);
778 } else if (bit_s) {
779 /* CU becomes suspended. */
780 set_cu_state(s, cu_suspended);
781 eepro100_cna_interrupt(s);
782 } else {
783 /* More entries in list. */
784 logout("CU list with at least one more entry\n");
785 goto next_command;
786 }
787 logout("CU list empty\n");
788 /* List is empty. Now CU is idle or suspended. */
789 break;
790 case CU_RESUME:
791 if (get_cu_state(s) != cu_suspended) {
792 logout("bad CU resume from CU state %u\n", get_cu_state(s));
793 /* Workaround for bad Linux eepro100 driver which resumes
794 * from idle state. */
795 //~ missing("cu resume");
796 set_cu_state(s, cu_suspended);
797 }
798 if (get_cu_state(s) == cu_suspended) {
799 logout("CU resuming\n");
800 set_cu_state(s, cu_active);
801 goto next_command;
802 }
803 break;
804 case CU_STATSADDR:
805 /* Load dump counters address. */
806 s->statsaddr = s->pointer;
807 logout("val=0x%02x (status address)\n", val);
808 break;
809 case CU_SHOWSTATS:
810 /* Dump statistical counters. */
811 dump_statistics(s);
812 break;
813 case CU_CMD_BASE:
814 /* Load CU base. */
815 logout("val=0x%02x (CU base address)\n", val);
816 s->cu_base = s->pointer;
817 break;
818 case CU_DUMPSTATS:
819 /* Dump and reset statistical counters. */
820 dump_statistics(s);
821 memset(&s->statistics, 0, sizeof(s->statistics));
822 break;
823 case CU_SRESUME:
824 /* CU static resume. */
825 missing("CU static resume");
826 break;
827 default:
828 missing("Undefined CU command");
829 }
830 }
831
832 static void eepro100_ru_command(EEPRO100State * s, uint8_t val)
833 {
834 switch (val) {
835 case RU_NOP:
836 /* No operation. */
837 break;
838 case RX_START:
839 /* RU start. */
840 if (get_ru_state(s) != ru_idle) {
841 logout("RU state is %u, should be %u\n", get_ru_state(s), ru_idle);
842 //~ assert(!"wrong RU state");
843 }
844 set_ru_state(s, ru_ready);
845 s->ru_offset = s->pointer;
846 logout("val=0x%02x (rx start)\n", val);
847 break;
848 case RX_RESUME:
849 /* Restart RU. */
850 if (get_ru_state(s) != ru_suspended) {
851 logout("RU state is %u, should be %u\n", get_ru_state(s),
852 ru_suspended);
853 //~ assert(!"wrong RU state");
854 }
855 set_ru_state(s, ru_ready);
856 break;
857 case RX_ADDR_LOAD:
858 /* Load RU base. */
859 logout("val=0x%02x (RU base address)\n", val);
860 s->ru_base = s->pointer;
861 break;
862 default:
863 logout("val=0x%02x (undefined RU command)\n", val);
864 missing("Undefined SU command");
865 }
866 }
867
868 static void eepro100_write_command(EEPRO100State * s, uint8_t val)
869 {
870 eepro100_ru_command(s, val & 0x0f);
871 eepro100_cu_command(s, val & 0xf0);
872 if ((val) == 0) {
873 logout("val=0x%02x\n", val);
874 }
875 /* Clear command byte after command was accepted. */
876 s->mem[SCBCmd] = 0;
877 }
878
879 /*****************************************************************************
880 *
881 * EEPROM emulation.
882 *
883 ****************************************************************************/
884
885 #define EEPROM_CS 0x02
886 #define EEPROM_SK 0x01
887 #define EEPROM_DI 0x04
888 #define EEPROM_DO 0x08
889
890 static uint16_t eepro100_read_eeprom(EEPRO100State * s)
891 {
892 uint16_t val;
893 memcpy(&val, &s->mem[SCBeeprom], sizeof(val));
894 if (eeprom93xx_read(s->eeprom)) {
895 val |= EEPROM_DO;
896 } else {
897 val &= ~EEPROM_DO;
898 }
899 return val;
900 }
901
902 static void eepro100_write_eeprom(eeprom_t * eeprom, uint8_t val)
903 {
904 logout("write val=0x%02x\n", val);
905
906 /* mask unwriteable bits */
907 //~ val = SET_MASKED(val, 0x31, eeprom->value);
908
909 int eecs = ((val & EEPROM_CS) != 0);
910 int eesk = ((val & EEPROM_SK) != 0);
911 int eedi = ((val & EEPROM_DI) != 0);
912 eeprom93xx_write(eeprom, eecs, eesk, eedi);
913 }
914
915 static void eepro100_write_pointer(EEPRO100State * s, uint32_t val)
916 {
917 s->pointer = le32_to_cpu(val);
918 logout("val=0x%08x\n", val);
919 }
920
921 /*****************************************************************************
922 *
923 * MDI emulation.
924 *
925 ****************************************************************************/
926
927 #if defined(DEBUG_EEPRO100)
928 static const char *mdi_op_name[] = {
929 "opcode 0",
930 "write",
931 "read",
932 "opcode 3"
933 };
934
935 static const char *mdi_reg_name[] = {
936 "Control",
937 "Status",
938 "PHY Identification (Word 1)",
939 "PHY Identification (Word 2)",
940 "Auto-Negotiation Advertisement",
941 "Auto-Negotiation Link Partner Ability",
942 "Auto-Negotiation Expansion"
943 };
944 #endif /* DEBUG_EEPRO100 */
945
946 static uint32_t eepro100_read_mdi(EEPRO100State * s)
947 {
948 uint32_t val;
949 memcpy(&val, &s->mem[0x10], sizeof(val));
950
951 #ifdef DEBUG_EEPRO100
952 uint8_t raiseint = (val & BIT(29)) >> 29;
953 uint8_t opcode = (val & BITS(27, 26)) >> 26;
954 uint8_t phy = (val & BITS(25, 21)) >> 21;
955 uint8_t reg = (val & BITS(20, 16)) >> 16;
956 uint16_t data = (val & BITS(15, 0));
957 #endif
958 /* Emulation takes no time to finish MDI transaction. */
959 val |= BIT(28);
960 TRACE(MDI, logout("val=0x%08x (int=%u, %s, phy=%u, %s, data=0x%04x\n",
961 val, raiseint, mdi_op_name[opcode], phy,
962 mdi_reg_name[reg], data));
963 return val;
964 }
965
966 //~ #define BITS(val, upper, lower) (val & ???)
967 static void eepro100_write_mdi(EEPRO100State * s, uint32_t val)
968 {
969 uint8_t raiseint = (val & BIT(29)) >> 29;
970 uint8_t opcode = (val & BITS(27, 26)) >> 26;
971 uint8_t phy = (val & BITS(25, 21)) >> 21;
972 uint8_t reg = (val & BITS(20, 16)) >> 16;
973 uint16_t data = (val & BITS(15, 0));
974 if (phy != 1) {
975 /* Unsupported PHY address. */
976 //~ logout("phy must be 1 but is %u\n", phy);
977 data = 0;
978 } else if (opcode != 1 && opcode != 2) {
979 /* Unsupported opcode. */
980 logout("opcode must be 1 or 2 but is %u\n", opcode);
981 data = 0;
982 } else if (reg > 6) {
983 /* Unsupported register. */
984 logout("register must be 0...6 but is %u\n", reg);
985 data = 0;
986 } else {
987 TRACE(MDI, logout("val=0x%08x (int=%u, %s, phy=%u, %s, data=0x%04x\n",
988 val, raiseint, mdi_op_name[opcode], phy,
989 mdi_reg_name[reg], data));
990 if (opcode == 1) {
991 /* MDI write */
992 switch (reg) {
993 case 0: /* Control Register */
994 if (data & 0x8000) {
995 /* Reset status and control registers to default. */
996 s->mdimem[0] = eepro100_mdi_default[0];
997 s->mdimem[1] = eepro100_mdi_default[1];
998 data = s->mdimem[reg];
999 } else {
1000 /* Restart Auto Configuration = Normal Operation */
1001 data &= ~0x0200;
1002 }
1003 break;
1004 case 1: /* Status Register */
1005 missing("not writable");
1006 data = s->mdimem[reg];
1007 break;
1008 case 2: /* PHY Identification Register (Word 1) */
1009 case 3: /* PHY Identification Register (Word 2) */
1010 missing("not implemented");
1011 break;
1012 case 4: /* Auto-Negotiation Advertisement Register */
1013 case 5: /* Auto-Negotiation Link Partner Ability Register */
1014 break;
1015 case 6: /* Auto-Negotiation Expansion Register */
1016 default:
1017 missing("not implemented");
1018 }
1019 s->mdimem[reg] = data;
1020 } else if (opcode == 2) {
1021 /* MDI read */
1022 switch (reg) {
1023 case 0: /* Control Register */
1024 if (data & 0x8000) {
1025 /* Reset status and control registers to default. */
1026 s->mdimem[0] = eepro100_mdi_default[0];
1027 s->mdimem[1] = eepro100_mdi_default[1];
1028 }
1029 break;
1030 case 1: /* Status Register */
1031 s->mdimem[reg] |= 0x0020;
1032 break;
1033 case 2: /* PHY Identification Register (Word 1) */
1034 case 3: /* PHY Identification Register (Word 2) */
1035 case 4: /* Auto-Negotiation Advertisement Register */
1036 break;
1037 case 5: /* Auto-Negotiation Link Partner Ability Register */
1038 s->mdimem[reg] = 0x41fe;
1039 break;
1040 case 6: /* Auto-Negotiation Expansion Register */
1041 s->mdimem[reg] = 0x0001;
1042 break;
1043 }
1044 data = s->mdimem[reg];
1045 }
1046 /* Emulation takes no time to finish MDI transaction.
1047 * Set MDI bit in SCB status register. */
1048 s->mem[SCBAck] |= 0x08;
1049 val |= BIT(28);
1050 if (raiseint) {
1051 eepro100_mdi_interrupt(s);
1052 }
1053 }
1054 val = (val & 0xffff0000) + data;
1055 memcpy(&s->mem[0x10], &val, sizeof(val));
1056 }
1057
1058 /*****************************************************************************
1059 *
1060 * Port emulation.
1061 *
1062 ****************************************************************************/
1063
1064 #define PORT_SOFTWARE_RESET 0
1065 #define PORT_SELFTEST 1
1066 #define PORT_SELECTIVE_RESET 2
1067 #define PORT_DUMP 3
1068 #define PORT_SELECTION_MASK 3
1069
1070 typedef struct {
1071 uint32_t st_sign; /* Self Test Signature */
1072 uint32_t st_result; /* Self Test Results */
1073 } eepro100_selftest_t;
1074
1075 static uint32_t eepro100_read_port(EEPRO100State * s)
1076 {
1077 return 0;
1078 }
1079
1080 static void eepro100_write_port(EEPRO100State * s, uint32_t val)
1081 {
1082 val = le32_to_cpu(val);
1083 uint32_t address = (val & ~PORT_SELECTION_MASK);
1084 uint8_t selection = (val & PORT_SELECTION_MASK);
1085 switch (selection) {
1086 case PORT_SOFTWARE_RESET:
1087 nic_reset(s);
1088 break;
1089 case PORT_SELFTEST:
1090 logout("selftest address=0x%08x\n", address);
1091 eepro100_selftest_t data;
1092 cpu_physical_memory_read(address, (uint8_t *) & data, sizeof(data));
1093 data.st_sign = 0xffffffff;
1094 data.st_result = 0;
1095 cpu_physical_memory_write(address, (uint8_t *) & data, sizeof(data));
1096 break;
1097 case PORT_SELECTIVE_RESET:
1098 logout("selective reset, selftest address=0x%08x\n", address);
1099 nic_selective_reset(s);
1100 break;
1101 default:
1102 logout("val=0x%08x\n", val);
1103 missing("unknown port selection");
1104 }
1105 }
1106
1107 /*****************************************************************************
1108 *
1109 * General hardware emulation.
1110 *
1111 ****************************************************************************/
1112
1113 static uint8_t eepro100_read1(EEPRO100State * s, uint32_t addr)
1114 {
1115 uint8_t val;
1116 if (addr <= sizeof(s->mem) - sizeof(val)) {
1117 memcpy(&val, &s->mem[addr], sizeof(val));
1118 }
1119
1120 switch (addr) {
1121 case SCBStatus:
1122 //~ val = eepro100_read_status(s);
1123 logout("addr=%s val=0x%02x\n", regname(addr), val);
1124 break;
1125 case SCBAck:
1126 //~ val = eepro100_read_status(s);
1127 logout("addr=%s val=0x%02x\n", regname(addr), val);
1128 break;
1129 case SCBCmd:
1130 logout("addr=%s val=0x%02x\n", regname(addr), val);
1131 //~ val = eepro100_read_command(s);
1132 break;
1133 case SCBIntmask:
1134 logout("addr=%s val=0x%02x\n", regname(addr), val);
1135 break;
1136 case SCBPort + 3:
1137 logout("addr=%s val=0x%02x\n", regname(addr), val);
1138 break;
1139 case SCBeeprom:
1140 val = eepro100_read_eeprom(s);
1141 break;
1142 case 0x1b: /* PMDR (power management driver register) */
1143 val = 0;
1144 logout("addr=%s val=0x%02x\n", regname(addr), val);
1145 break;
1146 case 0x1d: /* general status register */
1147 /* 100 Mbps full duplex, valid link */
1148 val = 0x07;
1149 logout("addr=General Status val=%02x\n", val);
1150 break;
1151 default:
1152 logout("addr=%s val=0x%02x\n", regname(addr), val);
1153 missing("unknown byte read");
1154 }
1155 return val;
1156 }
1157
1158 static uint16_t eepro100_read2(EEPRO100State * s, uint32_t addr)
1159 {
1160 uint16_t val;
1161 if (addr <= sizeof(s->mem) - sizeof(val)) {
1162 memcpy(&val, &s->mem[addr], sizeof(val));
1163 }
1164
1165 logout("addr=%s val=0x%04x\n", regname(addr), val);
1166
1167 switch (addr) {
1168 case SCBStatus:
1169 //~ val = eepro100_read_status(s);
1170 break;
1171 case SCBeeprom:
1172 val = eepro100_read_eeprom(s);
1173 break;
1174 default:
1175 logout("addr=%s val=0x%04x\n", regname(addr), val);
1176 missing("unknown word read");
1177 }
1178 return val;
1179 }
1180
1181 static uint32_t eepro100_read4(EEPRO100State * s, uint32_t addr)
1182 {
1183 uint32_t val;
1184 if (addr <= sizeof(s->mem) - sizeof(val)) {
1185 memcpy(&val, &s->mem[addr], sizeof(val));
1186 }
1187
1188 switch (addr) {
1189 case SCBStatus:
1190 //~ val = eepro100_read_status(s);
1191 logout("addr=%s val=0x%08x\n", regname(addr), val);
1192 break;
1193 case SCBPointer:
1194 //~ val = eepro100_read_pointer(s);
1195 logout("addr=%s val=0x%08x\n", regname(addr), val);
1196 break;
1197 case SCBPort:
1198 val = eepro100_read_port(s);
1199 logout("addr=%s val=0x%08x\n", regname(addr), val);
1200 break;
1201 case SCBCtrlMDI:
1202 val = eepro100_read_mdi(s);
1203 break;
1204 default:
1205 logout("addr=%s val=0x%08x\n", regname(addr), val);
1206 missing("unknown longword read");
1207 }
1208 return val;
1209 }
1210
1211 static void eepro100_write1(EEPRO100State * s, uint32_t addr, uint8_t val)
1212 {
1213 if (addr <= sizeof(s->mem) - sizeof(val)) {
1214 memcpy(&s->mem[addr], &val, sizeof(val));
1215 }
1216
1217 logout("addr=%s val=0x%02x\n", regname(addr), val);
1218
1219 switch (addr) {
1220 case SCBStatus:
1221 //~ eepro100_write_status(s, val);
1222 break;
1223 case SCBAck:
1224 eepro100_acknowledge(s);
1225 break;
1226 case SCBCmd:
1227 eepro100_write_command(s, val);
1228 break;
1229 case SCBIntmask:
1230 if (val & BIT(1)) {
1231 eepro100_swi_interrupt(s);
1232 }
1233 eepro100_interrupt(s, 0);
1234 break;
1235 case SCBPort + 3:
1236 case SCBFlow:
1237 case SCBFlow + 1:
1238 case SCBFlow + 2:
1239 case SCBFlow + 3:
1240 logout("addr=%s val=0x%02x\n", regname(addr), val);
1241 break;
1242 case SCBeeprom:
1243 eepro100_write_eeprom(s->eeprom, val);
1244 break;
1245 default:
1246 logout("addr=%s val=0x%02x\n", regname(addr), val);
1247 missing("unknown byte write");
1248 }
1249 }
1250
1251 static void eepro100_write2(EEPRO100State * s, uint32_t addr, uint16_t val)
1252 {
1253 if (addr <= sizeof(s->mem) - sizeof(val)) {
1254 memcpy(&s->mem[addr], &val, sizeof(val));
1255 }
1256
1257 logout("addr=%s val=0x%04x\n", regname(addr), val);
1258
1259 switch (addr) {
1260 case SCBStatus:
1261 //~ eepro100_write_status(s, val);
1262 eepro100_acknowledge(s);
1263 break;
1264 case SCBCmd:
1265 eepro100_write_command(s, val);
1266 eepro100_write1(s, SCBIntmask, val >> 8);
1267 break;
1268 case SCBeeprom:
1269 eepro100_write_eeprom(s->eeprom, val);
1270 break;
1271 default:
1272 logout("addr=%s val=0x%04x\n", regname(addr), val);
1273 missing("unknown word write");
1274 }
1275 }
1276
1277 static void eepro100_write4(EEPRO100State * s, uint32_t addr, uint32_t val)
1278 {
1279 if (addr <= sizeof(s->mem) - sizeof(val)) {
1280 memcpy(&s->mem[addr], &val, sizeof(val));
1281 }
1282
1283 switch (addr) {
1284 case SCBPointer:
1285 eepro100_write_pointer(s, val);
1286 break;
1287 case SCBPort:
1288 logout("addr=%s val=0x%08x\n", regname(addr), val);
1289 eepro100_write_port(s, val);
1290 break;
1291 case SCBCtrlMDI:
1292 eepro100_write_mdi(s, val);
1293 break;
1294 default:
1295 logout("addr=%s val=0x%08x\n", regname(addr), val);
1296 missing("unknown longword write");
1297 }
1298 }
1299
1300 static uint32_t ioport_read1(void *opaque, uint32_t addr)
1301 {
1302 EEPRO100State *s = opaque;
1303 //~ logout("addr=%s\n", regname(addr));
1304 return eepro100_read1(s, addr - s->region[1]);
1305 }
1306
1307 static uint32_t ioport_read2(void *opaque, uint32_t addr)
1308 {
1309 EEPRO100State *s = opaque;
1310 return eepro100_read2(s, addr - s->region[1]);
1311 }
1312
1313 static uint32_t ioport_read4(void *opaque, uint32_t addr)
1314 {
1315 EEPRO100State *s = opaque;
1316 return eepro100_read4(s, addr - s->region[1]);
1317 }
1318
1319 static void ioport_write1(void *opaque, uint32_t addr, uint32_t val)
1320 {
1321 EEPRO100State *s = opaque;
1322 //~ logout("addr=%s val=0x%02x\n", regname(addr), val);
1323 eepro100_write1(s, addr - s->region[1], val);
1324 }
1325
1326 static void ioport_write2(void *opaque, uint32_t addr, uint32_t val)
1327 {
1328 EEPRO100State *s = opaque;
1329 eepro100_write2(s, addr - s->region[1], val);
1330 }
1331
1332 static void ioport_write4(void *opaque, uint32_t addr, uint32_t val)
1333 {
1334 EEPRO100State *s = opaque;
1335 eepro100_write4(s, addr - s->region[1], val);
1336 }
1337
1338 /***********************************************************/
1339 /* PCI EEPRO100 definitions */
1340
1341 typedef struct PCIEEPRO100State {
1342 PCIDevice dev;
1343 EEPRO100State eepro100;
1344 } PCIEEPRO100State;
1345
1346 static void pci_map(PCIDevice * pci_dev, int region_num,
1347 uint32_t addr, uint32_t size, int type)
1348 {
1349 PCIEEPRO100State *d = (PCIEEPRO100State *) pci_dev;
1350 EEPRO100State *s = &d->eepro100;
1351
1352 logout("region %d, addr=0x%08x, size=0x%08x, type=%d\n",
1353 region_num, addr, size, type);
1354
1355 assert(region_num == 1);
1356 register_ioport_write(addr, size, 1, ioport_write1, s);
1357 register_ioport_read(addr, size, 1, ioport_read1, s);
1358 register_ioport_write(addr, size, 2, ioport_write2, s);
1359 register_ioport_read(addr, size, 2, ioport_read2, s);
1360 register_ioport_write(addr, size, 4, ioport_write4, s);
1361 register_ioport_read(addr, size, 4, ioport_read4, s);
1362
1363 s->region[region_num] = addr;
1364 }
1365
1366 static void pci_mmio_writeb(void *opaque, target_phys_addr_t addr, uint32_t val)
1367 {
1368 EEPRO100State *s = opaque;
1369 //~ logout("addr=%s val=0x%02x\n", regname(addr), val);
1370 eepro100_write1(s, addr, val);
1371 }
1372
1373 static void pci_mmio_writew(void *opaque, target_phys_addr_t addr, uint32_t val)
1374 {
1375 EEPRO100State *s = opaque;
1376 //~ logout("addr=%s val=0x%02x\n", regname(addr), val);
1377 eepro100_write2(s, addr, val);
1378 }
1379
1380 static void pci_mmio_writel(void *opaque, target_phys_addr_t addr, uint32_t val)
1381 {
1382 EEPRO100State *s = opaque;
1383 //~ logout("addr=%s val=0x%02x\n", regname(addr), val);
1384 eepro100_write4(s, addr, val);
1385 }
1386
1387 static uint32_t pci_mmio_readb(void *opaque, target_phys_addr_t addr)
1388 {
1389 EEPRO100State *s = opaque;
1390 //~ logout("addr=%s\n", regname(addr));
1391 return eepro100_read1(s, addr);
1392 }
1393
1394 static uint32_t pci_mmio_readw(void *opaque, target_phys_addr_t addr)
1395 {
1396 EEPRO100State *s = opaque;
1397 //~ logout("addr=%s\n", regname(addr));
1398 return eepro100_read2(s, addr);
1399 }
1400
1401 static uint32_t pci_mmio_readl(void *opaque, target_phys_addr_t addr)
1402 {
1403 EEPRO100State *s = opaque;
1404 //~ logout("addr=%s\n", regname(addr));
1405 return eepro100_read4(s, addr);
1406 }
1407
1408 static CPUWriteMemoryFunc *pci_mmio_write[] = {
1409 pci_mmio_writeb,
1410 pci_mmio_writew,
1411 pci_mmio_writel
1412 };
1413
1414 static CPUReadMemoryFunc *pci_mmio_read[] = {
1415 pci_mmio_readb,
1416 pci_mmio_readw,
1417 pci_mmio_readl
1418 };
1419
1420 static void pci_mmio_map(PCIDevice * pci_dev, int region_num,
1421 uint32_t addr, uint32_t size, int type)
1422 {
1423 PCIEEPRO100State *d = (PCIEEPRO100State *) pci_dev;
1424
1425 logout("region %d, addr=0x%08x, size=0x%08x, type=%d\n",
1426 region_num, addr, size, type);
1427
1428 if (region_num == 0) {
1429 /* Map control / status registers. */
1430 cpu_register_physical_memory(addr, size, d->eepro100.mmio_index);
1431 d->eepro100.region[region_num] = addr;
1432 }
1433 }
1434
1435 static int nic_can_receive(VLANClientState *vc)
1436 {
1437 EEPRO100State *s = vc->opaque;
1438 logout("%p\n", s);
1439 return get_ru_state(s) == ru_ready;
1440 //~ return !eepro100_buffer_full(s);
1441 }
1442
1443 static ssize_t nic_receive(VLANClientState *vc, const uint8_t * buf, size_t size)
1444 {
1445 /* TODO:
1446 * - Magic packets should set bit 30 in power management driver register.
1447 * - Interesting packets should set bit 29 in power management driver register.
1448 */
1449 EEPRO100State *s = vc->opaque;
1450 uint16_t rfd_status = 0xa000;
1451 static const uint8_t broadcast_macaddr[6] =
1452 { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
1453
1454 /* TODO: check multiple IA bit. */
1455 assert(!(s->configuration[20] & BIT(6)));
1456
1457 if (s->configuration[8] & 0x80) {
1458 /* CSMA is disabled. */
1459 logout("%p received while CSMA is disabled\n", s);
1460 return -1;
1461 } else if (size < 64 && (s->configuration[7] & 1)) {
1462 /* Short frame and configuration byte 7/0 (discard short receive) set:
1463 * Short frame is discarded */
1464 logout("%p received short frame (%d byte)\n", s, size);
1465 s->statistics.rx_short_frame_errors++;
1466 //~ return -1;
1467 } else if ((size > MAX_ETH_FRAME_SIZE + 4) && !(s->configuration[18] & 8)) {
1468 /* Long frame and configuration byte 18/3 (long receive ok) not set:
1469 * Long frames are discarded. */
1470 logout("%p received long frame (%d byte), ignored\n", s, size);
1471 return -1;
1472 } else if (memcmp(buf, s->macaddr, 6) == 0) { // !!!
1473 /* Frame matches individual address. */
1474 /* TODO: check configuration byte 15/4 (ignore U/L). */
1475 logout("%p received frame for me, len=%d\n", s, size);
1476 } else if (memcmp(buf, broadcast_macaddr, 6) == 0) {
1477 /* Broadcast frame. */
1478 logout("%p received broadcast, len=%d\n", s, size);
1479 rfd_status |= 0x0002;
1480 } else if (buf[0] & 0x01) { // !!!
1481 /* Multicast frame. */
1482 logout("%p received multicast, len=%d\n", s, size);
1483 /* TODO: check multicast all bit. */
1484 assert(!(s->configuration[21] & BIT(3)));
1485 int mcast_idx = compute_mcast_idx(buf);
1486 if (!(s->mult[mcast_idx >> 3] & (1 << (mcast_idx & 7)))) {
1487 return size;
1488 }
1489 rfd_status |= 0x0002;
1490 } else if (s->configuration[15] & 1) {
1491 /* Promiscuous: receive all. */
1492 logout("%p received frame in promiscuous mode, len=%d\n", s, size);
1493 rfd_status |= 0x0004;
1494 } else {
1495 logout("%p received frame, ignored, len=%d,%s\n", s, size,
1496 nic_dump(buf, size));
1497 return size;
1498 }
1499
1500 if (get_ru_state(s) != ru_ready) {
1501 /* No ressources available. */
1502 logout("no ressources, state=%u\n", get_ru_state(s));
1503 s->statistics.rx_resource_errors++;
1504 //~ assert(!"no ressources");
1505 return -1;
1506 }
1507 //~ !!!
1508 //~ $3 = {status = 0x0, command = 0xc000, link = 0x2d220, rx_buf_addr = 0x207dc, count = 0x0, size = 0x5f8, packet = {0x0 <repeats 1518 times>}}
1509 eepro100_rx_t rx;
1510 cpu_physical_memory_read(s->ru_base + s->ru_offset, (uint8_t *) & rx,
1511 offsetof(eepro100_rx_t, packet));
1512 uint16_t rfd_command = le16_to_cpu(rx.command);
1513 uint16_t rfd_size = le16_to_cpu(rx.size);
1514 assert(size <= rfd_size);
1515 if (size < 64) {
1516 rfd_status |= 0x0080;
1517 }
1518 logout("command 0x%04x, link 0x%08x, addr 0x%08x, size %u\n", rfd_command,
1519 rx.link, rx.rx_buf_addr, rfd_size);
1520 stw_phys(s->ru_base + s->ru_offset + offsetof(eepro100_rx_t, status),
1521 rfd_status);
1522 stw_phys(s->ru_base + s->ru_offset + offsetof(eepro100_rx_t, count), size);
1523 /* Early receive interrupt not supported. */
1524 //~ eepro100_er_interrupt(s);
1525 /* Receive CRC Transfer not supported. */
1526 assert(!(s->configuration[18] & 4));
1527 /* TODO: check stripping enable bit. */
1528 //~ assert(!(s->configuration[17] & 1));
1529 cpu_physical_memory_write(s->ru_base + s->ru_offset +
1530 offsetof(eepro100_rx_t, packet), buf, size);
1531 s->statistics.rx_good_frames++;
1532 eepro100_fr_interrupt(s);
1533 s->ru_offset = le32_to_cpu(rx.link);
1534 if (rfd_command & 0x8000) {
1535 /* EL bit is set, so this was the last frame. */
1536 assert(0);
1537 }
1538 if (rfd_command & 0x4000) {
1539 /* S bit is set. */
1540 set_ru_state(s, ru_suspended);
1541 }
1542 return size;
1543 }
1544
1545 static int nic_load(QEMUFile * f, void *opaque, int version_id)
1546 {
1547 EEPRO100State *s = (EEPRO100State *) opaque;
1548 int i;
1549 int ret;
1550
1551 if (version_id > 3)
1552 return -EINVAL;
1553
1554 if (s->pci_dev && version_id >= 3) {
1555 ret = pci_device_load(s->pci_dev, f);
1556 if (ret < 0)
1557 return ret;
1558 }
1559
1560 if (version_id >= 2) {
1561 qemu_get_8s(f, &s->rxcr);
1562 } else {
1563 s->rxcr = 0x0c;
1564 }
1565
1566 qemu_get_8s(f, &s->cmd);
1567 qemu_get_be32s(f, &s->start);
1568 qemu_get_be32s(f, &s->stop);
1569 qemu_get_8s(f, &s->boundary);
1570 qemu_get_8s(f, &s->tsr);
1571 qemu_get_8s(f, &s->tpsr);
1572 qemu_get_be16s(f, &s->tcnt);
1573 qemu_get_be16s(f, &s->rcnt);
1574 qemu_get_be32s(f, &s->rsar);
1575 qemu_get_8s(f, &s->rsr);
1576 qemu_get_8s(f, &s->isr);
1577 qemu_get_8s(f, &s->dcfg);
1578 qemu_get_8s(f, &s->imr);
1579 qemu_get_buffer(f, s->phys, 6);
1580 qemu_get_8s(f, &s->curpag);
1581 qemu_get_buffer(f, s->mult, 8);
1582 qemu_get_buffer(f, s->mem, sizeof(s->mem));
1583
1584 /* Restore all members of struct between scv_stat and mem */
1585 qemu_get_8s(f, &s->scb_stat);
1586 qemu_get_8s(f, &s->int_stat);
1587 for (i = 0; i < 3; i++)
1588 qemu_get_be32s(f, &s->region[i]);
1589 qemu_get_buffer(f, s->macaddr, 6);
1590 for (i = 0; i < 19; i++)
1591 qemu_get_be32s(f, &s->statcounter[i]);
1592 for (i = 0; i < 32; i++)
1593 qemu_get_be16s(f, &s->mdimem[i]);
1594 /* The eeprom should be saved and restored by its own routines */
1595 qemu_get_be32s(f, &s->device);
1596 qemu_get_be32s(f, &s->pointer);
1597 qemu_get_be32s(f, &s->cu_base);
1598 qemu_get_be32s(f, &s->cu_offset);
1599 qemu_get_be32s(f, &s->ru_base);
1600 qemu_get_be32s(f, &s->ru_offset);
1601 qemu_get_be32s(f, &s->statsaddr);
1602 /* Restore epro100_stats_t statistics */
1603 qemu_get_be32s(f, &s->statistics.tx_good_frames);
1604 qemu_get_be32s(f, &s->statistics.tx_max_collisions);
1605 qemu_get_be32s(f, &s->statistics.tx_late_collisions);
1606 qemu_get_be32s(f, &s->statistics.tx_underruns);
1607 qemu_get_be32s(f, &s->statistics.tx_lost_crs);
1608 qemu_get_be32s(f, &s->statistics.tx_deferred);
1609 qemu_get_be32s(f, &s->statistics.tx_single_collisions);
1610 qemu_get_be32s(f, &s->statistics.tx_multiple_collisions);
1611 qemu_get_be32s(f, &s->statistics.tx_total_collisions);
1612 qemu_get_be32s(f, &s->statistics.rx_good_frames);
1613 qemu_get_be32s(f, &s->statistics.rx_crc_errors);
1614 qemu_get_be32s(f, &s->statistics.rx_alignment_errors);
1615 qemu_get_be32s(f, &s->statistics.rx_resource_errors);
1616 qemu_get_be32s(f, &s->statistics.rx_overrun_errors);
1617 qemu_get_be32s(f, &s->statistics.rx_cdt_errors);
1618 qemu_get_be32s(f, &s->statistics.rx_short_frame_errors);
1619 qemu_get_be32s(f, &s->statistics.fc_xmt_pause);
1620 qemu_get_be32s(f, &s->statistics.fc_rcv_pause);
1621 qemu_get_be32s(f, &s->statistics.fc_rcv_unsupported);
1622 qemu_get_be16s(f, &s->statistics.xmt_tco_frames);
1623 qemu_get_be16s(f, &s->statistics.rcv_tco_frames);
1624 qemu_get_be32s(f, &s->statistics.complete);
1625 #if 0
1626 qemu_get_be16s(f, &s->status);
1627 #endif
1628
1629 /* Configuration bytes. */
1630 qemu_get_buffer(f, s->configuration, sizeof(s->configuration));
1631
1632 return 0;
1633 }
1634
1635 static void nic_save(QEMUFile * f, void *opaque)
1636 {
1637 EEPRO100State *s = (EEPRO100State *) opaque;
1638 int i;
1639
1640 if (s->pci_dev)
1641 pci_device_save(s->pci_dev, f);
1642
1643 qemu_put_8s(f, &s->rxcr);
1644
1645 qemu_put_8s(f, &s->cmd);
1646 qemu_put_be32s(f, &s->start);
1647 qemu_put_be32s(f, &s->stop);
1648 qemu_put_8s(f, &s->boundary);
1649 qemu_put_8s(f, &s->tsr);
1650 qemu_put_8s(f, &s->tpsr);
1651 qemu_put_be16s(f, &s->tcnt);
1652 qemu_put_be16s(f, &s->rcnt);
1653 qemu_put_be32s(f, &s->rsar);
1654 qemu_put_8s(f, &s->rsr);
1655 qemu_put_8s(f, &s->isr);
1656 qemu_put_8s(f, &s->dcfg);
1657 qemu_put_8s(f, &s->imr);
1658 qemu_put_buffer(f, s->phys, 6);
1659 qemu_put_8s(f, &s->curpag);
1660 qemu_put_buffer(f, s->mult, 8);
1661 qemu_put_buffer(f, s->mem, sizeof(s->mem));
1662
1663 /* Save all members of struct between scv_stat and mem */
1664 qemu_put_8s(f, &s->scb_stat);
1665 qemu_put_8s(f, &s->int_stat);
1666 for (i = 0; i < 3; i++)
1667 qemu_put_be32s(f, &s->region[i]);
1668 qemu_put_buffer(f, s->macaddr, 6);
1669 for (i = 0; i < 19; i++)
1670 qemu_put_be32s(f, &s->statcounter[i]);
1671 for (i = 0; i < 32; i++)
1672 qemu_put_be16s(f, &s->mdimem[i]);
1673 /* The eeprom should be saved and restored by its own routines */
1674 qemu_put_be32s(f, &s->device);
1675 qemu_put_be32s(f, &s->pointer);
1676 qemu_put_be32s(f, &s->cu_base);
1677 qemu_put_be32s(f, &s->cu_offset);
1678 qemu_put_be32s(f, &s->ru_base);
1679 qemu_put_be32s(f, &s->ru_offset);
1680 qemu_put_be32s(f, &s->statsaddr);
1681 /* Save epro100_stats_t statistics */
1682 qemu_put_be32s(f, &s->statistics.tx_good_frames);
1683 qemu_put_be32s(f, &s->statistics.tx_max_collisions);
1684 qemu_put_be32s(f, &s->statistics.tx_late_collisions);
1685 qemu_put_be32s(f, &s->statistics.tx_underruns);
1686 qemu_put_be32s(f, &s->statistics.tx_lost_crs);
1687 qemu_put_be32s(f, &s->statistics.tx_deferred);
1688 qemu_put_be32s(f, &s->statistics.tx_single_collisions);
1689 qemu_put_be32s(f, &s->statistics.tx_multiple_collisions);
1690 qemu_put_be32s(f, &s->statistics.tx_total_collisions);
1691 qemu_put_be32s(f, &s->statistics.rx_good_frames);
1692 qemu_put_be32s(f, &s->statistics.rx_crc_errors);
1693 qemu_put_be32s(f, &s->statistics.rx_alignment_errors);
1694 qemu_put_be32s(f, &s->statistics.rx_resource_errors);
1695 qemu_put_be32s(f, &s->statistics.rx_overrun_errors);
1696 qemu_put_be32s(f, &s->statistics.rx_cdt_errors);
1697 qemu_put_be32s(f, &s->statistics.rx_short_frame_errors);
1698 qemu_put_be32s(f, &s->statistics.fc_xmt_pause);
1699 qemu_put_be32s(f, &s->statistics.fc_rcv_pause);
1700 qemu_put_be32s(f, &s->statistics.fc_rcv_unsupported);
1701 qemu_put_be16s(f, &s->statistics.xmt_tco_frames);
1702 qemu_put_be16s(f, &s->statistics.rcv_tco_frames);
1703 qemu_put_be32s(f, &s->statistics.complete);
1704 #if 0
1705 qemu_put_be16s(f, &s->status);
1706 #endif
1707
1708 /* Configuration bytes. */
1709 qemu_put_buffer(f, s->configuration, sizeof(s->configuration));
1710 }
1711
1712 static void nic_cleanup(VLANClientState *vc)
1713 {
1714 EEPRO100State *s = vc->opaque;
1715
1716 unregister_savevm(vc->model, s);
1717
1718 eeprom93xx_free(s->eeprom);
1719 }
1720
1721 static int pci_nic_uninit(PCIDevice *dev)
1722 {
1723 PCIEEPRO100State *d = (PCIEEPRO100State *) dev;
1724 EEPRO100State *s = &d->eepro100;
1725
1726 cpu_unregister_io_memory(s->mmio_index);
1727
1728 return 0;
1729 }
1730
1731 static void nic_init(PCIDevice *pci_dev, uint32_t device)
1732 {
1733 PCIEEPRO100State *d = (PCIEEPRO100State *)pci_dev;
1734 EEPRO100State *s;
1735
1736 logout("\n");
1737
1738 d->dev.unregister = pci_nic_uninit;
1739
1740 s = &d->eepro100;
1741 s->device = device;
1742 s->pci_dev = &d->dev;
1743
1744 pci_reset(s);
1745
1746 /* Add 64 * 2 EEPROM. i82557 and i82558 support a 64 word EEPROM,
1747 * i82559 and later support 64 or 256 word EEPROM. */
1748 s->eeprom = eeprom93xx_new(EEPROM_SIZE);
1749
1750 /* Handler for memory-mapped I/O */
1751 d->eepro100.mmio_index =
1752 cpu_register_io_memory(pci_mmio_read, pci_mmio_write, s);
1753
1754 pci_register_bar(&d->dev, 0, PCI_MEM_SIZE,
1755 PCI_ADDRESS_SPACE_MEM |
1756 PCI_ADDRESS_SPACE_MEM_PREFETCH, pci_mmio_map);
1757 pci_register_bar(&d->dev, 1, PCI_IO_SIZE, PCI_ADDRESS_SPACE_IO,
1758 pci_map);
1759 pci_register_bar(&d->dev, 2, PCI_FLASH_SIZE, PCI_ADDRESS_SPACE_MEM,
1760 pci_mmio_map);
1761
1762 qdev_get_macaddr(&d->dev.qdev, s->macaddr);
1763 logout("macaddr: %s\n", nic_dump(&s->macaddr[0], 6));
1764 assert(s->region[1] == 0);
1765
1766 nic_reset(s);
1767
1768 s->vc = qdev_get_vlan_client(&d->dev.qdev,
1769 nic_can_receive, nic_receive, NULL,
1770 nic_cleanup, s);
1771
1772 qemu_format_nic_info_str(s->vc, s->macaddr);
1773
1774 qemu_register_reset(nic_reset, s);
1775
1776 register_savevm(s->vc->model, -1, 3, nic_save, nic_load, s);
1777 }
1778
1779 static void pci_i82551_init(PCIDevice *dev)
1780 {
1781 nic_init(dev, i82551);
1782 }
1783
1784 static void pci_i82557b_init(PCIDevice *dev)
1785 {
1786 nic_init(dev, i82557B);
1787 }
1788
1789 static void pci_i82559er_init(PCIDevice *dev)
1790 {
1791 nic_init(dev, i82559ER);
1792 }
1793
1794 static PCIDeviceInfo eepro100_info[] = {
1795 {
1796 .qdev.name = "i82551",
1797 .qdev.size = sizeof(PCIEEPRO100State),
1798 .init = pci_i82551_init,
1799 },{
1800 .qdev.name = "i82557b",
1801 .qdev.size = sizeof(PCIEEPRO100State),
1802 .init = pci_i82557b_init,
1803 },{
1804 .qdev.name = "i82559er",
1805 .qdev.size = sizeof(PCIEEPRO100State),
1806 .init = pci_i82559er_init,
1807 },{
1808 /* end of list */
1809 }
1810 };
1811
1812 static void eepro100_register_devices(void)
1813 {
1814 pci_qdev_register_many(eepro100_info);
1815 }
1816
1817 device_init(eepro100_register_devices)
Patches shipped by Fedora