search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
e1000: bounds packet size against buffer size
[qemu.git] / hw / xilinx_ethlite.c
blob6f44c8466eeb8b1610a44940b9085fe0e53cd857
1 /*
2 * QEMU model of the Xilinx Ethernet Lite MAC.
3 *
4 * Copyright (c) 2009 Edgar E. Iglesias.
5 *
6 * Permission is hereby granted, free of charge, to any person obtaining a copy
7 * of this software and associated documentation files (the "Software"), to deal
8 * in the Software without restriction, including without limitation the rights
9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10 * copies of the Software, and to permit persons to whom the Software is
11 * furnished to do so, subject to the following conditions:
12 *
13 * The above copyright notice and this permission notice shall be included in
14 * all copies or substantial portions of the Software.
15 *
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
22 * THE SOFTWARE.
23 */
24
25 #include "sysbus.h"
26 #include "hw.h"
27 #include "net.h"
28
29 #define D(x)
30 #define R_TX_BUF0 0
31 #define R_TX_LEN0 (0x07f4 / 4)
32 #define R_TX_GIE0 (0x07f8 / 4)
33 #define R_TX_CTRL0 (0x07fc / 4)
34 #define R_TX_BUF1 (0x0800 / 4)
35 #define R_TX_LEN1 (0x0ff4 / 4)
36 #define R_TX_CTRL1 (0x0ffc / 4)
37
38 #define R_RX_BUF0 (0x1000 / 4)
39 #define R_RX_CTRL0 (0x17fc / 4)
40 #define R_RX_BUF1 (0x1800 / 4)
41 #define R_RX_CTRL1 (0x1ffc / 4)
42 #define R_MAX (0x2000 / 4)
43
44 #define GIE_GIE 0x80000000
45
46 #define CTRL_I 0x8
47 #define CTRL_P 0x2
48 #define CTRL_S 0x1
49
50 struct xlx_ethlite
51 {
52 SysBusDevice busdev;
53 MemoryRegion mmio;
54 qemu_irq irq;
55 NICState *nic;
56 NICConf conf;
57
58 uint32_t c_tx_pingpong;
59 uint32_t c_rx_pingpong;
60 unsigned int txbuf;
61 unsigned int rxbuf;
62
63 uint32_t regs[R_MAX];
64 };
65
66 static inline void eth_pulse_irq(struct xlx_ethlite *s)
67 {
68 /* Only the first gie reg is active. */
69 if (s->regs[R_TX_GIE0] & GIE_GIE) {
70 qemu_irq_pulse(s->irq);
71 }
72 }
73
74 static uint64_t
75 eth_read(void *opaque, target_phys_addr_t addr, unsigned int size)
76 {
77 struct xlx_ethlite *s = opaque;
78 uint32_t r = 0;
79
80 addr >>= 2;
81
82 switch (addr)
83 {
84 case R_TX_GIE0:
85 case R_TX_LEN0:
86 case R_TX_LEN1:
87 case R_TX_CTRL1:
88 case R_TX_CTRL0:
89 case R_RX_CTRL1:
90 case R_RX_CTRL0:
91 r = s->regs[addr];
92 D(qemu_log("%s %x=%x\n", __func__, addr * 4, r));
93 break;
94
95 default:
96 r = tswap32(s->regs[addr]);
97 break;
98 }
99 return r;
100 }
101
102 static void
103 eth_write(void *opaque, target_phys_addr_t addr,
104 uint64_t val64, unsigned int size)
105 {
106 struct xlx_ethlite *s = opaque;
107 unsigned int base = 0;
108 uint32_t value = val64;
109
110 addr >>= 2;
111 switch (addr)
112 {
113 case R_TX_CTRL0:
114 case R_TX_CTRL1:
115 if (addr == R_TX_CTRL1)
116 base = 0x800 / 4;
117
118 D(qemu_log("%s addr=%x val=%x\n", __func__, addr * 4, value));
119 if ((value & (CTRL_P | CTRL_S)) == CTRL_S) {
120 qemu_send_packet(&s->nic->nc,
121 (void *) &s->regs[base],
122 s->regs[base + R_TX_LEN0]);
123 D(qemu_log("eth_tx %d\n", s->regs[base + R_TX_LEN0]));
124 if (s->regs[base + R_TX_CTRL0] & CTRL_I)
125 eth_pulse_irq(s);
126 } else if ((value & (CTRL_P | CTRL_S)) == (CTRL_P | CTRL_S)) {
127 memcpy(&s->conf.macaddr.a[0], &s->regs[base], 6);
128 if (s->regs[base + R_TX_CTRL0] & CTRL_I)
129 eth_pulse_irq(s);
130 }
131
132 /* We are fast and get ready pretty much immediately so
133 we actually never flip the S nor P bits to one. */
134 s->regs[addr] = value & ~(CTRL_P | CTRL_S);
135 break;
136
137 /* Keep these native. */
138 case R_TX_LEN0:
139 case R_TX_LEN1:
140 case R_TX_GIE0:
141 case R_RX_CTRL0:
142 case R_RX_CTRL1:
143 D(qemu_log("%s addr=%x val=%x\n", __func__, addr * 4, value));
144 s->regs[addr] = value;
145 break;
146
147 default:
148 s->regs[addr] = tswap32(value);
149 break;
150 }
151 }
152
153 static const MemoryRegionOps eth_ops = {
154 .read = eth_read,
155 .write = eth_write,
156 .endianness = DEVICE_NATIVE_ENDIAN,
157 .valid = {
158 .min_access_size = 4,
159 .max_access_size = 4
160 }
161 };
162
163 static int eth_can_rx(VLANClientState *nc)
164 {
165 struct xlx_ethlite *s = DO_UPCAST(NICState, nc, nc)->opaque;
166 int r;
167 r = !(s->regs[R_RX_CTRL0] & CTRL_S);
168 return r;
169 }
170
171 static ssize_t eth_rx(VLANClientState *nc, const uint8_t *buf, size_t size)
172 {
173 struct xlx_ethlite *s = DO_UPCAST(NICState, nc, nc)->opaque;
174 unsigned int rxbase = s->rxbuf * (0x800 / 4);
175
176 /* DA filter. */
177 if (!(buf[0] & 0x80) && memcmp(&s->conf.macaddr.a[0], buf, 6))
178 return size;
179
180 if (s->regs[rxbase + R_RX_CTRL0] & CTRL_S) {
181 D(qemu_log("ethlite lost packet %x\n", s->regs[R_RX_CTRL0]));
182 return -1;
183 }
184
185 D(qemu_log("%s %d rxbase=%x\n", __func__, size, rxbase));
186 memcpy(&s->regs[rxbase + R_RX_BUF0], buf, size);
187
188 s->regs[rxbase + R_RX_CTRL0] |= CTRL_S;
189 if (s->regs[rxbase + R_RX_CTRL0] & CTRL_I)
190 eth_pulse_irq(s);
191
192 /* If c_rx_pingpong was set flip buffers. */
193 s->rxbuf ^= s->c_rx_pingpong;
194 return size;
195 }
196
197 static void eth_cleanup(VLANClientState *nc)
198 {
199 struct xlx_ethlite *s = DO_UPCAST(NICState, nc, nc)->opaque;
200
201 s->nic = NULL;
202 }
203
204 static NetClientInfo net_xilinx_ethlite_info = {
205 .type = NET_CLIENT_TYPE_NIC,
206 .size = sizeof(NICState),
207 .can_receive = eth_can_rx,
208 .receive = eth_rx,
209 .cleanup = eth_cleanup,
210 };
211
212 static int xilinx_ethlite_init(SysBusDevice *dev)
213 {
214 struct xlx_ethlite *s = FROM_SYSBUS(typeof (*s), dev);
215
216 sysbus_init_irq(dev, &s->irq);
217 s->rxbuf = 0;
218
219 memory_region_init_io(&s->mmio, &eth_ops, s, "xilinx-ethlite", R_MAX * 4);
220 sysbus_init_mmio_region(dev, &s->mmio);
221
222 qemu_macaddr_default_if_unset(&s->conf.macaddr);
223 s->nic = qemu_new_nic(&net_xilinx_ethlite_info, &s->conf,
224 dev->qdev.info->name, dev->qdev.id, s);
225 qemu_format_nic_info_str(&s->nic->nc, s->conf.macaddr.a);
226 return 0;
227 }
228
229 static SysBusDeviceInfo xilinx_ethlite_info = {
230 .init = xilinx_ethlite_init,
231 .qdev.name = "xilinx,ethlite",
232 .qdev.size = sizeof(struct xlx_ethlite),
233 .qdev.props = (Property[]) {
234 DEFINE_PROP_UINT32("txpingpong", struct xlx_ethlite, c_tx_pingpong, 1),
235 DEFINE_PROP_UINT32("rxpingpong", struct xlx_ethlite, c_rx_pingpong, 1),
236 DEFINE_NIC_PROPERTIES(struct xlx_ethlite, conf),
237 DEFINE_PROP_END_OF_LIST(),
238 }
239 };
240
241 static void xilinx_ethlite_register(void)
242 {
243 sysbus_register_withprop(&xilinx_ethlite_info);
244 }
245
246 device_init(xilinx_ethlite_register)
QEmu