search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge remote-tracking branch 'qemu-project/master'
[qemu/ar7.git] / hw / net / smc91c111.c
blob166fa2150f462f6bb4d52b76631f3ea925e36c0f
1 /*
2 * SMSC 91C111 Ethernet interface emulation
3 *
4 * Copyright (c) 2005 CodeSourcery, LLC.
5 * Written by Paul Brook
6 *
7 * This code is licensed under the GPL
8 */
9
10 #include "qemu/osdep.h"
11 #include "hw/sysbus.h"
12 #include "migration/vmstate.h"
13 #include "net/net.h"
14 #include "hw/irq.h"
15 #include "hw/net/smc91c111.h"
16 #include "hw/qdev-properties.h"
17 #include "qapi/error.h"
18 #include "qemu/log.h"
19 #include "qemu/module.h"
20 /* For crc32 */
21 #include <zlib.h>
22 #include "qom/object.h"
23
24 /* Number of 2k memory pages available. */
25 #define NUM_PACKETS 4
26
27 #if 0
28 # define logout(fmt, ...) \
29 fprintf(stderr, "SMC91C111\t%-24s %s:%u " fmt, __func__, __FILE__, __LINE__, ##__VA_ARGS__)
30 #else
31 # define logout(fmt, ...) (void)0
32 #endif
33
34 typedef enum {
35 MII_WAITING,
36 MII_IDLE,
37 MII_GOT_START,
38 MII_READ,
39 MII_WRITE
40 } MII_State;
41
42 typedef enum {
43 MII_MDOE = 8,
44 MII_MCLK = 4,
45 MII_MDI = 2,
46 MII_MDO = 1
47 } MII_BITS;
48
49 /* PHY Register Addresses (LAN91C111 Internal PHY) */
50
51 /* PHY Configuration Register 1 */
52 #define PHY_CFG1_REG 0x10
53 #define PHY_CFG1_LNKDIS 0x8000 /* 1=Rx Link Detect Function disabled */
54 #define PHY_CFG1_XMTDIS 0x4000 /* 1=TP Transmitter Disabled */
55 #define PHY_CFG1_XMTPDN 0x2000 /* 1=TP Transmitter Powered Down */
56 #define PHY_CFG1_BYPSCR 0x0400 /* 1=Bypass scrambler/descrambler */
57 #define PHY_CFG1_UNSCDS 0x0200 /* 1=Unscramble Idle Reception Disable */
58 #define PHY_CFG1_EQLZR 0x0100 /* 1=Rx Equalizer Disabled */
59 #define PHY_CFG1_CABLE 0x0080 /* 1=STP(150ohm), 0=UTP(100ohm) */
60 #define PHY_CFG1_RLVL0 0x0040 /* 1=Rx Squelch level reduced by 4.5db */
61 #define PHY_CFG1_TLVL_SHIFT 2 /* Transmit Output Level Adjust */
62 #define PHY_CFG1_TLVL_MASK 0x003C
63 #define PHY_CFG1_TRF_MASK 0x0003 /* Transmitter Rise/Fall time */
64
65 /* PHY Configuration Register 2 */
66 #define PHY_CFG2_REG 0x11
67 #define PHY_CFG2_APOLDIS 0x0020 /* 1=Auto Polarity Correction disabled */
68 #define PHY_CFG2_JABDIS 0x0010 /* 1=Jabber disabled */
69 #define PHY_CFG2_MREG 0x0008 /* 1=Multiple register access (MII mgt) */
70 #define PHY_CFG2_INTMDIO 0x0004 /* 1=Interrupt signaled with MDIO pulseo */
71
72 /* PHY Status Output (and Interrupt status) Register */
73 #define PHY_INT_REG 0x12 /* Status Output (Interrupt Status) */
74 #define PHY_INT_INT 0x8000 /* 1=bits have changed since last read */
75 #define PHY_INT_LNKFAIL 0x4000 /* 1=Link Not detected */
76 #define PHY_INT_LOSSSYNC 0x2000 /* 1=Descrambler has lost sync */
77 #define PHY_INT_CWRD 0x1000 /* 1=Invalid 4B5B code detected on rx */
78 #define PHY_INT_SSD 0x0800 /* 1=No Start Of Stream detected on rx */
79 #define PHY_INT_ESD 0x0400 /* 1=No End Of Stream detected on rx */
80 #define PHY_INT_RPOL 0x0200 /* 1=Reverse Polarity detected */
81 #define PHY_INT_JAB 0x0100 /* 1=Jabber detected */
82 #define PHY_INT_SPDDET 0x0080 /* 1=100Base-TX mode, 0=10Base-T mode */
83 #define PHY_INT_DPLXDET 0x0040 /* 1=Device in Full Duplex */
84
85 /* PHY Interrupt/Status Mask Register */
86 #define PHY_MASK_REG 0x13 /* Interrupt Mask */
87 /* Uses the same bit definitions as PHY_INT_REG */
88
89 typedef struct {
90 int mdoe;
91 int mclk;
92 int mdi;
93 int mdo;
94 uint32_t data;
95 MII_State status;
96 unsigned reg;
97 uint16_t regs[32];
98 } MII;
99
100
101 /* Declarations from include/linux/mii.h. */
102
103 /* Generic MII registers. */
104
105 #define MII_BMCR 0x00 /* Basic mode control register */ // rw
106 #define MII_BMSR 0x01 /* Basic mode status register */ // r
107 #define MII_PHYSID1 0x02 /* PHYS ID 1 */
108 #define MII_PHYSID2 0x03 /* PHYS ID 2 */
109 #define MII_ADVERTISE 0x04 /* Advertisement control reg */ // rw
110 #define MII_LPA 0x05 /* Link partner ability reg */
111 #define MII_EXPANSION 0x06 /* Expansion register */
112 #define MII_CTRL1000 0x09 /* 1000BASE-T control */
113 #define MII_STAT1000 0x0a /* 1000BASE-T status */
114 #define MII_ESTATUS 0x0f /* Extended Status */
115 #define MII_DCOUNTER 0x12 /* Disconnect counter */
116 #define MII_FCSCOUNTER 0x13 /* False carrier counter */
117 #define MII_NWAYTEST 0x14 /* N-way auto-neg test reg */
118 #define MII_RERRCOUNTER 0x15 /* Receive error counter */
119 #define MII_SREVISION 0x16 /* Silicon revision */
120 #define MII_RESV1 0x17 /* Reserved... */
121 #define MII_LBRERROR 0x18 /* Lpback, rx, bypass error */
122 #define MII_PHYADDR 0x19 /* PHY address */
123 #define MII_RESV2 0x1a /* Reserved... */
124 #define MII_TPISTATUS 0x1b /* TPI status for 10mbps */
125 #define MII_NCONFIG 0x1c /* Network interface config */
126
127 /* Basic mode control register. */
128 #define BMCR_RESV 0x003f /* Unused... */
129 #define BMCR_SPEED1000 0x0040 /* MSB of Speed (1000) */
130 #define BMCR_CTST 0x0080 /* Collision test */
131 #define BMCR_FULLDPLX 0x0100 /* Full duplex */
132 #define BMCR_ANRESTART 0x0200 /* Auto negotiation restart */
133 #define BMCR_ISOLATE 0x0400 /* Disconnect PHY from MII */
134 #define BMCR_PDOWN 0x0800 /* Powerdown the */
135 #define BMCR_ANENABLE 0x1000 /* Enable auto negotiation */
136 #define BMCR_SPEED100 0x2000 /* Select 100Mbps */
137 #define BMCR_LOOPBACK 0x4000 /* TXD loopback bits */
138 #define BMCR_RESET 0x8000 /* Reset the PHY */
139
140 /* Basic mode status register. */
141 #define BMSR_ERCAP 0x0001 /* Ext-reg capability */
142 #define BMSR_JCD 0x0002 /* Jabber detected */
143 #define BMSR_LSTATUS 0x0004 /* Link status */
144 #define BMSR_ANEGCAPABLE 0x0008 /* Able to do auto-negotiation */
145 #define BMSR_RFAULT 0x0010 /* Remote fault detected */
146 #define BMSR_ANEGCOMPLETE 0x0020 /* Auto-negotiation complete */
147 #define BMSR_RESV 0x00c0 /* Unused... */
148 #define BMSR_ESTATEN 0x0100 /* Extended Status in R15 */
149 #define BMSR_100HALF2 0x0200 /* Can do 100BASE-T2 HDX */
150 #define BMSR_100FULL2 0x0400 /* Can do 100BASE-T2 FDX */
151 #define BMSR_10HALF 0x0800 /* Can do 10mbps, half-duplex */
152 #define BMSR_10FULL 0x1000 /* Can do 10mbps, full-duplex */
153 #define BMSR_100HALF 0x2000 /* Can do 100mbps, half-duplex */
154 #define BMSR_100FULL 0x4000 /* Can do 100mbps, full-duplex */
155 #define BMSR_100BASE4 0x8000 /* Can do 100mbps, 4k packets */
156
157 //~ #define PHY_STAT_CAP_SUPR 0x0040 /* 1=recv mgmt frames with not preamble */
158
159 /* Advertisement control register. */
160 #define ADVERTISE_SLCT 0x001f /* Selector bits */
161 #define ADVERTISE_CSMA 0x0001 /* Only selector supported */
162 #define ADVERTISE_10HALF 0x0020 /* Try for 10mbps half-duplex */
163 #define ADVERTISE_1000XFULL 0x0020 /* Try for 1000BASE-X full-duplex */
164 #define ADVERTISE_10FULL 0x0040 /* Try for 10mbps full-duplex */
165 #define ADVERTISE_1000XHALF 0x0040 /* Try for 1000BASE-X half-duplex */
166 #define ADVERTISE_100HALF 0x0080 /* Try for 100mbps half-duplex */
167 #define ADVERTISE_1000XPAUSE 0x0080 /* Try for 1000BASE-X pause */
168 #define ADVERTISE_100FULL 0x0100 /* Try for 100mbps full-duplex */
169 #define ADVERTISE_1000XPSE_ASYM 0x0100 /* Try for 1000BASE-X asym pause */
170 #define ADVERTISE_100BASE4 0x0200 /* Try for 100mbps 4k packets */
171 #define ADVERTISE_PAUSE_CAP 0x0400 /* Try for pause */
172 #define ADVERTISE_PAUSE_ASYM 0x0800 /* Try for asymetric pause */
173 #define ADVERTISE_RESV 0x1000 /* Unused... */
174 #define ADVERTISE_RFAULT 0x2000 /* Say we can detect faults */
175 #define ADVERTISE_LPACK 0x4000 /* Ack link partners response */
176 #define ADVERTISE_NPAGE 0x8000 /* Next page bit */
177
178 #define ADVERTISE_FULL (ADVERTISE_100FULL | ADVERTISE_10FULL | \
179 ADVERTISE_CSMA)
180 #define ADVERTISE_ALL (ADVERTISE_10HALF | ADVERTISE_10FULL | \
181 ADVERTISE_100HALF | ADVERTISE_100FULL)
182
183 /* Link partner ability register. */
184 #define LPA_SLCT 0x001f /* Same as advertise selector */
185 #define LPA_10HALF 0x0020 /* Can do 10mbps half-duplex */
186 #define LPA_1000XFULL 0x0020 /* Can do 1000BASE-X full-duplex */
187 #define LPA_10FULL 0x0040 /* Can do 10mbps full-duplex */
188 #define LPA_1000XHALF 0x0040 /* Can do 1000BASE-X half-duplex */
189 #define LPA_100HALF 0x0080 /* Can do 100mbps half-duplex */
190 #define LPA_1000XPAUSE 0x0080 /* Can do 1000BASE-X pause */
191 #define LPA_100FULL 0x0100 /* Can do 100mbps full-duplex */
192 #define LPA_1000XPAUSE_ASYM 0x0100 /* Can do 1000BASE-X pause asym*/
193 #define LPA_100BASE4 0x0200 /* Can do 100mbps 4k packets */
194 #define LPA_PAUSE_CAP 0x0400 /* Can pause */
195 #define LPA_PAUSE_ASYM 0x0800 /* Can pause asymetrically */
196 #define LPA_RESV 0x1000 /* Unused... */
197 #define LPA_RFAULT 0x2000 /* Link partner faulted */
198 #define LPA_LPACK 0x4000 /* Link partner acked us */
199 #define LPA_NPAGE 0x8000 /* Next page bit */
200
201 #define LPA_DUPLEX (LPA_10FULL | LPA_100FULL)
202 #define LPA_100 (LPA_100FULL | LPA_100HALF | LPA_100BASE4)
203
204 /* End of declarations from include/linux/mii.h. */
205
206 /* SMC 91C111 specific MII register. */
207
208 /* 0x06 ... 0x0f are reserved. */
209 #define MII_CONFIGURATION1 0x10 /* Configuration 1 */
210 #define MII_CONFIGURATION2 0x11 /* Configuration 2 */
211 #define MII_STATUSOUTPUT 0x12 /* Status Output */
212 //~ PHY_FCSCR = 0x13, /* Mask */
213 /* 0x14 is reserved. */
214 /* 0x15 ... 0x1f are unused. */
215
216
217 /* Default values for MII management registers (see IEEE 802.3-2008 22.2.4). */
218
219 static const uint16_t mii_regs_default[32] = {
220 [MII_BMCR] = BMCR_ANENABLE | BMCR_SPEED100,
221 [MII_BMSR] = BMSR_100FULL | BMSR_100HALF | BMSR_10FULL | BMSR_10HALF |
222 BMSR_ANEGCAPABLE | BMSR_LSTATUS | BMSR_ERCAP,
223 [MII_ADVERTISE] = ADVERTISE_PAUSE_CAP | ADVERTISE_ALL | ADVERTISE_CSMA,
224 };
225
226 #define TYPE_SMC91C111 "smc91c111"
227 OBJECT_DECLARE_SIMPLE_TYPE(smc91c111_state, SMC91C111)
228
229 struct smc91c111_state {
230 SysBusDevice parent_obj;
231 MII mii;
232 NICState *nic;
233 NICConf conf;
234 uint16_t tcr;
235 uint16_t rcr;
236 uint16_t cr;
237 uint16_t ctr;
238 uint16_t gpr;
239 uint16_t ptr;
240 uint16_t ercv;
241 qemu_irq irq;
242 int bank;
243 int packet_num;
244 int tx_alloc;
245 /* Bitmask of allocated packets. */
246 int allocated;
247 int tx_fifo_len;
248 int tx_fifo[NUM_PACKETS];
249 int rx_fifo_len;
250 int rx_fifo[NUM_PACKETS];
251 int tx_fifo_done_len;
252 int tx_fifo_done[NUM_PACKETS];
253 /* Packet buffer memory. */
254 uint8_t data[NUM_PACKETS][2048];
255 uint8_t int_level;
256 uint8_t int_mask;
257 MemoryRegion mmio;
258 };
259
260 static const VMStateDescription vmstate_smc91c111 = {
261 .name = "smc91c111",
262 .version_id = 1,
263 .minimum_version_id = 1,
264 .fields = (const VMStateField[]) {
265 VMSTATE_UINT16(tcr, smc91c111_state),
266 VMSTATE_UINT16(rcr, smc91c111_state),
267 VMSTATE_UINT16(cr, smc91c111_state),
268 VMSTATE_UINT16(ctr, smc91c111_state),
269 VMSTATE_UINT16(gpr, smc91c111_state),
270 VMSTATE_UINT16(ptr, smc91c111_state),
271 VMSTATE_UINT16(ercv, smc91c111_state),
272 VMSTATE_INT32(bank, smc91c111_state),
273 VMSTATE_INT32(packet_num, smc91c111_state),
274 VMSTATE_INT32(tx_alloc, smc91c111_state),
275 VMSTATE_INT32(allocated, smc91c111_state),
276 VMSTATE_INT32(tx_fifo_len, smc91c111_state),
277 VMSTATE_INT32_ARRAY(tx_fifo, smc91c111_state, NUM_PACKETS),
278 VMSTATE_INT32(rx_fifo_len, smc91c111_state),
279 VMSTATE_INT32_ARRAY(rx_fifo, smc91c111_state, NUM_PACKETS),
280 VMSTATE_INT32(tx_fifo_done_len, smc91c111_state),
281 VMSTATE_INT32_ARRAY(tx_fifo_done, smc91c111_state, NUM_PACKETS),
282 VMSTATE_BUFFER_UNSAFE(data, smc91c111_state, 0, NUM_PACKETS * 2048),
283 VMSTATE_UINT8(int_level, smc91c111_state),
284 VMSTATE_UINT8(int_mask, smc91c111_state),
285 VMSTATE_END_OF_LIST()
286 }
287 };
288
289 #define RCR_SOFT_RST 0x8000
290 #define RCR_STRIP_CRC 0x0200
291 #define RCR_RXEN 0x0100
292
293 #define TCR_EPH_LOOP 0x2000
294 #define TCR_NOCRC 0x0100
295 #define TCR_PAD_EN 0x0080
296 #define TCR_FORCOL 0x0004
297 #define TCR_LOOP 0x0002
298 #define TCR_TXEN 0x0001
299
300 #define INT_MD 0x80
301 #define INT_ERCV 0x40
302 #define INT_EPH 0x20
303 #define INT_RX_OVRN 0x10
304 #define INT_ALLOC 0x08
305 #define INT_TX_EMPTY 0x04
306 #define INT_TX 0x02
307 #define INT_RCV 0x01
308
309 #define CTR_AUTO_RELEASE 0x0800
310 #define CTR_RELOAD 0x0002
311 #define CTR_STORE 0x0001
312
313 #define RS_ALGNERR 0x8000
314 #define RS_BRODCAST 0x4000
315 #define RS_BADCRC 0x2000
316 #define RS_ODDFRAME 0x1000
317 #define RS_TOOLONG 0x0800
318 #define RS_TOOSHORT 0x0400
319 #define RS_MULTICAST 0x0001
320
321 static void mii_write(MII *mii, uint32_t value)
322 {
323 /*
324 A timing diagram for a Ml serial port frame is shown in Figure 7.1. The Ml serial port is idle when at
325 least 32 continuous 1's are detected on MDIO and remains idle as long as continuous 1's are detected.
326 During idle, MDIO is in the high impedance state. When the Ml serial port is in the idle state, a 01
327 pattern on the MDIO initiates a serial shift cycle. Data on MDIO is then shifted in on the next 14 rising
328 edges of MDC (MDIO is high impedance). If the register access mode is not enabled, on the next 16
329 rising edges of MDC, data is either shifted in or out on MDIO, depending on whether a write or read
330 cycle was selected with the bits READ and WRITE. After the 32 MDC cycles have been completed,
331 one complete register has been read/written, the serial shift process is halted, data is latched into the
332 device, and MDIO goes into high impedance state. Another serial shift cycle cannot be initiated until
333 the idle condition (at least 32 continuous 1's) is detected.
334 */
335 bool clock = !mii->mclk && (value & 4);
336
337 assert((value & 0xfffffff0) == 0x30);
338
339 if (clock) {
340 /* Raising clock. */
341 mii->mdi = value & MII_MDI;
342 mii->mdoe = value & MII_MDOE;
343 mii->mdo = value & MII_MDO;
344 mii->data = (mii->data << 1) + (value & 1);
345 logout("%u%u%u%u %08x\n",
346 mii->mdoe ? 1 : 0, mii->mclk ? 1 : 0,
347 mii->mdi ? 1 : 0, mii->mdo ? 1 : 0,
348 mii->data);
349 switch (mii->status) {
350 case MII_WAITING:
351 if (mii->data == 0xffffffff) {
352 logout("mii is idle\n");
353 mii->mdi = MII_MDI;
354 mii->status = MII_IDLE;
355 }
356 break;
357 case MII_IDLE:
358 if (mii->data == 0xfffffffd) {
359 logout("mii got start bit pattern 01\n");
360 mii->status = MII_GOT_START;
361 }
362 break;
363 case MII_GOT_START:
364 if ((mii->data & 0xffffc000) == 0xffff4000) {
365 unsigned op = (mii->data >> 12) & 0x3;
366 unsigned phy = (mii->data >> 7) & 0x1f;
367 unsigned reg = (mii->data >> 2) & 0x1f;
368 logout("mii got 14 bits (op=%u, phy=%u, reg=%u, ta=%u)\n",
369 op, phy, reg, mii->data & 0x3);
370 mii->reg = reg;
371 if (phy != 0) {
372 logout("Wrong phy %u, wait for idle\n", phy);
373 mii->status = MII_WAITING;
374 } else if (reg >= ARRAY_SIZE(mii->regs)) {
375 logout("Wrong reg %u, wait for idle\n", reg);
376 mii->status = MII_WAITING;
377 } else if (op == 1) {
378 mii->status = MII_WRITE;
379 } else if (op == 2) {
380 mii->data = mii->regs[reg];
381 mii->mdi = 0;
382 mii->status = MII_READ;
383 } else {
384 logout("Illegal MII operation %u, wait for idle\n", op);
385 mii->status = MII_WAITING;
386 }
387 }
388 break;
389 case MII_WRITE:
390 if ((mii->data & 0xc0000000) == 0x40000000) {
391 uint16_t data = mii->data & 0xffff;
392 logout("mii wrote 16 bits (data=0x%04x=%u)\n", data, data);
393 mii->regs[mii->reg] = data;
394 mii->status = MII_WAITING;
395 }
396 break;
397 case MII_READ:
398 if ((mii->data & 0x0000ffff) == 0x0000ffff) {
399 logout("mii read 16 bits\n");
400 mii->mdi = MII_MDI;
401 mii->status = MII_WAITING;
402 } else {
403 mii->data |= 1;
404 mii->mdi = (mii->data & 0x00010000) ? MII_MDI : 0;
405 }
406 break;
407 }
408 } /* clock */
409 mii->mclk = value & MII_MCLK;
410 //~ assert(mii->mdoe);
411 }
412
413 static void mii_reset(MII *mii)
414 {
415 memcpy(mii->regs, mii_regs_default, sizeof(mii->regs));
416 }
417
418 /* Update interrupt status. */
419 static void smc91c111_update(smc91c111_state *s)
420 {
421 int level;
422
423 if (s->tx_fifo_len == 0)
424 s->int_level |= INT_TX_EMPTY;
425 if (s->tx_fifo_done_len != 0)
426 s->int_level |= INT_TX;
427 level = (s->int_level & s->int_mask) != 0;
428 qemu_set_irq(s->irq, level);
429 }
430
431 static bool smc91c111_can_receive(smc91c111_state *s)
432 {
433 if ((s->rcr & RCR_RXEN) == 0 || (s->rcr & RCR_SOFT_RST)) {
434 return true;
435 }
436 if (s->allocated == (1 << NUM_PACKETS) - 1 ||
437 s->rx_fifo_len == NUM_PACKETS) {
438 return false;
439 }
440 return true;
441 }
442
443 static inline void smc91c111_flush_queued_packets(smc91c111_state *s)
444 {
445 if (smc91c111_can_receive(s)) {
446 qemu_flush_queued_packets(qemu_get_queue(s->nic));
447 }
448 }
449
450 /* Try to allocate a packet. Returns 0x80 on failure. */
451 static int smc91c111_allocate_packet(smc91c111_state *s)
452 {
453 int i;
454 if (s->allocated == (1 << NUM_PACKETS) - 1) {
455 return 0x80;
456 }
457
458 for (i = 0; i < NUM_PACKETS; i++) {
459 if ((s->allocated & (1 << i)) == 0)
460 break;
461 }
462 s->allocated |= 1 << i;
463 return i;
464 }
465
466
467 /* Process a pending TX allocate. */
468 static void smc91c111_tx_alloc(smc91c111_state *s)
469 {
470 s->tx_alloc = smc91c111_allocate_packet(s);
471 if (s->tx_alloc == 0x80)
472 return;
473 s->int_level |= INT_ALLOC;
474 smc91c111_update(s);
475 }
476
477 /* Remove and item from the RX FIFO. */
478 static void smc91c111_pop_rx_fifo(smc91c111_state *s)
479 {
480 int i;
481
482 s->rx_fifo_len--;
483 if (s->rx_fifo_len) {
484 for (i = 0; i < s->rx_fifo_len; i++)
485 s->rx_fifo[i] = s->rx_fifo[i + 1];
486 s->int_level |= INT_RCV;
487 } else {
488 s->int_level &= ~INT_RCV;
489 }
490 smc91c111_flush_queued_packets(s);
491 smc91c111_update(s);
492 }
493
494 /* Remove an item from the TX completion FIFO. */
495 static void smc91c111_pop_tx_fifo_done(smc91c111_state *s)
496 {
497 int i;
498
499 if (s->tx_fifo_done_len == 0)
500 return;
501 s->tx_fifo_done_len--;
502 for (i = 0; i < s->tx_fifo_done_len; i++)
503 s->tx_fifo_done[i] = s->tx_fifo_done[i + 1];
504 }
505
506 /* Release the memory allocated to a packet. */
507 static void smc91c111_release_packet(smc91c111_state *s, int packet)
508 {
509 s->allocated &= ~(1 << packet);
510 if (s->tx_alloc == 0x80)
511 smc91c111_tx_alloc(s);
512 smc91c111_flush_queued_packets(s);
513 }
514
515 /* Flush the TX FIFO. */
516 static void smc91c111_do_tx(smc91c111_state *s)
517 {
518 int i;
519 int len;
520 int control;
521 int packetnum;
522 uint8_t *p;
523
524 if ((s->tcr & TCR_TXEN) == 0)
525 return;
526 if (s->tx_fifo_len == 0)
527 return;
528 for (i = 0; i < s->tx_fifo_len; i++) {
529 packetnum = s->tx_fifo[i];
530 p = &s->data[packetnum][0];
531 /* Set status word. */
532 *(p++) = 0x01;
533 *(p++) = 0x40;
534 len = *(p++);
535 len |= ((int)*(p++)) << 8;
536 len -= 6;
537 control = p[len + 1];
538 if (control & 0x20)
539 len++;
540 /* ??? This overwrites the data following the buffer.
541 Don't know what real hardware does. */
542 if (len < 64 && (s->tcr & TCR_PAD_EN)) {
543 memset(p + len, 0, 64 - len);
544 len = 64;
545 }
546 #if 0
547 {
548 int add_crc;
549
550 /* The card is supposed to append the CRC to the frame.
551 However none of the other network traffic has the CRC
552 appended. Suspect this is low level ethernet detail we
553 don't need to worry about. */
554 add_crc = (control & 0x10) || (s->tcr & TCR_NOCRC) == 0;
555 if (add_crc) {
556 uint32_t crc;
557
558 crc = crc32(~0, p, len);
559 memcpy(p + len, &crc, 4);
560 len += 4;
561 }
562 }
563 #endif
564 if (s->ctr & CTR_AUTO_RELEASE)
565 /* Race? */
566 smc91c111_release_packet(s, packetnum);
567 else if (s->tx_fifo_done_len < NUM_PACKETS)
568 s->tx_fifo_done[s->tx_fifo_done_len++] = packetnum;
569 qemu_send_packet(qemu_get_queue(s->nic), p, len);
570 }
571 s->tx_fifo_len = 0;
572 smc91c111_update(s);
573 }
574
575 /* Add a packet to the TX FIFO. */
576 static void smc91c111_queue_tx(smc91c111_state *s, int packet)
577 {
578 if (s->tx_fifo_len == NUM_PACKETS)
579 return;
580 s->tx_fifo[s->tx_fifo_len++] = packet;
581 smc91c111_do_tx(s);
582 }
583
584 static void smc91c111_reset(DeviceState *dev)
585 {
586 smc91c111_state *s = SMC91C111(dev);
587
588 s->bank = 0;
589 s->tx_fifo_len = 0;
590 s->tx_fifo_done_len = 0;
591 s->rx_fifo_len = 0;
592 s->allocated = 0;
593 s->packet_num = 0;
594 s->tx_alloc = 0;
595 s->tcr = 0;
596 s->rcr = 0;
597 s->cr = 0xa0b1;
598 s->ctr = 0x1210;
599 s->ptr = 0;
600 s->ercv = 0x1f;
601 s->int_level = INT_TX_EMPTY;
602 s->int_mask = 0;
603 mii_reset(&s->mii);
604 smc91c111_update(s);
605 }
606
607 #define SET_LOW(name, val) s->name = (s->name & 0xff00) | val
608 #define SET_HIGH(name, val) s->name = (s->name & 0xff) | (val << 8)
609
610 static void smc91c111_writeb(void *opaque, hwaddr offset,
611 uint32_t value)
612 {
613 smc91c111_state *s = (smc91c111_state *)opaque;
614
615 offset = offset & 0xf;
616 if (offset == 14) {
617 s->bank = value;
618 return;
619 }
620 if (offset == 15)
621 return;
622 switch (s->bank) {
623 case 0:
624 switch (offset) {
625 case 0: /* TCR */
626 SET_LOW(tcr, value);
627 return;
628 case 1:
629 SET_HIGH(tcr, value);
630 return;
631 case 4: /* RCR */
632 SET_LOW(rcr, value);
633 return;
634 case 5:
635 SET_HIGH(rcr, value);
636 if (s->rcr & RCR_SOFT_RST) {
637 smc91c111_reset(DEVICE(s));
638 }
639 smc91c111_flush_queued_packets(s);
640 return;
641 case 10: case 11: /* RPCR */
642 /* Ignored */
643 return;
644 case 12: case 13: /* Reserved */
645 return;
646 default:
647 logout(TARGET_FMT_plx "= %02" PRIx32 "\n", offset, value);
648 }
649 break;
650
651 case 1:
652 switch (offset) {
653 case 0: /* CONFIG */
654 SET_LOW(cr, value);
655 return;
656 case 1:
657 SET_HIGH(cr,value);
658 return;
659 case 2: case 3: /* BASE */
660 case 4: case 5: case 6: case 7: case 8: case 9: /* IA */
661 logout(TARGET_FMT_plx "= %02" PRIx32 "\n", offset, value);
662 return;
663 case 10: /* General Purpose */
664 SET_LOW(gpr, value);
665 return;
666 case 11:
667 SET_HIGH(gpr, value);
668 return;
669 case 12: /* Control */
670 if (value & 1) {
671 qemu_log_mask(LOG_UNIMP,
672 "smc91c111: EEPROM store not implemented\n");
673 }
674 if (value & 2) {
675 qemu_log_mask(LOG_UNIMP,
676 "smc91c111: EEPROM reload not implemented\n");
677 }
678 value &= ~3;
679 SET_LOW(ctr, value);
680 return;
681 case 13:
682 SET_HIGH(ctr, value);
683 return;
684 default:
685 logout(TARGET_FMT_plx "= %02" PRIx32 "\n", offset, value);
686 }
687 break;
688
689 case 2:
690 switch (offset) {
691 case 0: /* MMU Command */
692 switch (value >> 5) {
693 case 0: /* no-op */
694 break;
695 case 1: /* Allocate for TX. */
696 s->tx_alloc = 0x80;
697 s->int_level &= ~INT_ALLOC;
698 smc91c111_update(s);
699 smc91c111_tx_alloc(s);
700 break;
701 case 2: /* Reset MMU. */
702 s->allocated = 0;
703 s->tx_fifo_len = 0;
704 s->tx_fifo_done_len = 0;
705 s->rx_fifo_len = 0;
706 s->tx_alloc = 0;
707 break;
708 case 3: /* Remove from RX FIFO. */
709 smc91c111_pop_rx_fifo(s);
710 break;
711 case 4: /* Remove from RX FIFO and release. */
712 if (s->rx_fifo_len > 0) {
713 smc91c111_release_packet(s, s->rx_fifo[0]);
714 }
715 smc91c111_pop_rx_fifo(s);
716 break;
717 case 5: /* Release. */
718 smc91c111_release_packet(s, s->packet_num);
719 break;
720 case 6: /* Add to TX FIFO. */
721 smc91c111_queue_tx(s, s->packet_num);
722 break;
723 case 7: /* Reset TX FIFO. */
724 s->tx_fifo_len = 0;
725 s->tx_fifo_done_len = 0;
726 break;
727 default:
728 logout(TARGET_FMT_plx "= %02" PRIx32 "\n", offset, value);
729 }
730 return;
731 case 1:
732 /* Ignore. */
733 return;
734 case 2: /* Packet Number Register */
735 s->packet_num = value;
736 return;
737 case 3: case 4: case 5:
738 /* Should be readonly, but linux writes to them anyway. Ignore. */
739 return;
740 case 6: /* Pointer */
741 SET_LOW(ptr, value);
742 return;
743 case 7:
744 SET_HIGH(ptr, value);
745 return;
746 case 8: case 9: case 10: case 11: /* Data */
747 {
748 int p;
749 int n;
750
751 if (s->ptr & 0x8000)
752 n = s->rx_fifo[0];
753 else
754 n = s->packet_num;
755 p = s->ptr & 0x07ff;
756 if (s->ptr & 0x4000) {
757 s->ptr = (s->ptr & 0xf800) | ((s->ptr + 1) & 0x7ff);
758 } else {
759 p += (offset & 3);
760 }
761 s->data[n][p] = value;
762 }
763 return;
764 case 12: /* Interrupt ACK. */
765 s->int_level &= ~(value & 0xd6);
766 if (value & INT_TX)
767 smc91c111_pop_tx_fifo_done(s);
768 smc91c111_update(s);
769 return;
770 case 13: /* Interrupt mask. */
771 s->int_mask = value;
772 smc91c111_update(s);
773 return;
774 default:
775 logout(TARGET_FMT_plx "= %02" PRIx32 "\n", offset, value);
776 }
777 break;
778
779 case 3:
780 switch (offset) {
781 case 0: case 1: case 2: case 3: case 4: case 5: case 6: case 7:
782 /* Multicast table. */
783 logout(TARGET_FMT_plx "= %02" PRIx32 "\n", offset, value);
784 return;
785 case 8: /* Management Interface (low). */
786 mii_write(&s->mii, value);
787 return;
788 case 9: /* Management Interface (high). */
789 if (value != 0x33) {
790 /* MSK_CRS100 not implemented. */
791 logout(TARGET_FMT_plx "= %02" PRIx32 "\n", offset, value);
792 }
793 return;
794 case 12: /* Early receive. */
795 s->ercv = value & 0x1f;
796 return;
797 case 13:
798 /* Ignore. */
799 logout(TARGET_FMT_plx "= %02" PRIx32 "\n", offset, value);
800 return;
801 default:
802 logout(TARGET_FMT_plx "= %02" PRIx32 "\n", offset, value);
803 }
804 break;
805 default:
806 logout(TARGET_FMT_plx "= %02" PRIx32 "\n", offset, value);
807 }
808 qemu_log_mask(LOG_GUEST_ERROR, "smc91c111_write(bank:%d) Illegal register"
809 " 0x%" HWADDR_PRIx " = 0x%x\n",
810 s->bank, offset, value);
811 }
812
813 static uint32_t smc91c111_readb(void *opaque, hwaddr offset)
814 {
815 smc91c111_state *s = (smc91c111_state *)opaque;
816
817 offset = offset & 0xf;
818 if (offset == 14) {
819 return s->bank;
820 }
821 if (offset == 15)
822 return 0x33;
823 switch (s->bank) {
824 case 0:
825 switch (offset) {
826 case 0: /* TCR */
827 return s->tcr & 0xff;
828 case 1:
829 return s->tcr >> 8;
830 case 2: /* EPH Status */
831 return 0;
832 case 3:
833 return 0x40;
834 case 4: /* RCR */
835 return s->rcr & 0xff;
836 case 5:
837 return s->rcr >> 8;
838 case 6: /* Counter */
839 case 7:
840 logout(TARGET_FMT_plx "\n", offset);
841 return 0;
842 case 8: /* Memory size. */
843 return NUM_PACKETS;
844 case 9: /* Free memory available. */
845 {
846 int i;
847 int n;
848 n = 0;
849 for (i = 0; i < NUM_PACKETS; i++) {
850 if (s->allocated & (1 << i))
851 n++;
852 }
853 return n;
854 }
855 case 10: case 11: /* RPCR */
856 logout(TARGET_FMT_plx "\n", offset);
857 return 0;
858 case 12: case 13: /* Reserved */
859 return 0;
860 default:
861 logout(TARGET_FMT_plx "\n", offset);
862 }
863 break;
864
865 case 1:
866 switch (offset) {
867 case 0: /* CONFIG */
868 return s->cr & 0xff;
869 case 1:
870 return s->cr >> 8;
871 case 2: case 3: /* BASE */
872 logout(TARGET_FMT_plx "\n", offset);
873 return 0;
874 case 4: case 5: case 6: case 7: case 8: case 9: /* IA */
875 return s->conf.macaddr.a[offset - 4];
876 case 10: /* General Purpose */
877 return s->gpr & 0xff;
878 case 11:
879 return s->gpr >> 8;
880 case 12: /* Control */
881 return s->ctr & 0xff;
882 case 13:
883 return s->ctr >> 8;
884 default:
885 logout(TARGET_FMT_plx "\n", offset);
886 }
887 break;
888
889 case 2:
890 switch (offset) {
891 case 0: case 1: /* MMUCR Busy bit. */
892 return 0;
893 case 2: /* Packet Number. */
894 return s->packet_num;
895 case 3: /* Allocation Result. */
896 return s->tx_alloc;
897 case 4: /* TX FIFO */
898 if (s->tx_fifo_done_len == 0)
899 return 0x80;
900 else
901 return s->tx_fifo_done[0];
902 case 5: /* RX FIFO */
903 if (s->rx_fifo_len == 0)
904 return 0x80;
905 else
906 return s->rx_fifo[0];
907 case 6: /* Pointer */
908 return s->ptr & 0xff;
909 case 7:
910 return (s->ptr >> 8) & 0xf7;
911 case 8: case 9: case 10: case 11: /* Data */
912 {
913 int p;
914 int n;
915
916 if (s->ptr & 0x8000)
917 n = s->rx_fifo[0];
918 else
919 n = s->packet_num;
920 p = s->ptr & 0x07ff;
921 if (s->ptr & 0x4000) {
922 s->ptr = (s->ptr & 0xf800) | ((s->ptr + 1) & 0x07ff);
923 } else {
924 p += (offset & 3);
925 }
926 return s->data[n][p];
927 }
928 case 12: /* Interrupt status. */
929 return s->int_level;
930 case 13: /* Interrupt mask. */
931 return s->int_mask;
932 default:
933 logout(TARGET_FMT_plx "\n", offset);
934 }
935 break;
936
937 case 3:
938 switch (offset) {
939 case 0: case 1: case 2: case 3: case 4: case 5: case 6: case 7:
940 /* Multicast table. */
941 logout(TARGET_FMT_plx "\n", offset);
942 return 0;
943 case 8: /* Management Interface (low). */
944 logout(TARGET_FMT_plx "\n", offset);
945 return 0x30 + s->mii.mdi;
946 case 9: /* Management Interface (high). */
947 return 0x33;
948 case 10: /* Revision. */
949 return 0x91;
950 case 11:
951 return 0x33;
952 case 12:
953 return s->ercv;
954 case 13:
955 return 0;
956 default:
957 logout(TARGET_FMT_plx "\n", offset);
958 }
959 break;
960 default:
961 logout(TARGET_FMT_plx "\n", offset);
962 }
963 qemu_log_mask(LOG_GUEST_ERROR, "smc91c111_read(bank:%d) Illegal register"
964 " 0x%" HWADDR_PRIx "\n",
965 s->bank, offset);
966 return 0;
967 }
968
969 static uint64_t smc91c111_readfn(void *opaque, hwaddr addr, unsigned size)
970 {
971 int i;
972 uint32_t val = 0;
973
974 for (i = 0; i < size; i++) {
975 val |= smc91c111_readb(opaque, addr + i) << (i * 8);
976 }
977 return val;
978 }
979
980 static void smc91c111_writefn(void *opaque, hwaddr addr,
981 uint64_t value, unsigned size)
982 {
983 int i = 0;
984
985 /* 32-bit writes to offset 0xc only actually write to the bank select
986 * register (offset 0xe), so skip the first two bytes we would write.
987 */
988 if (addr == 0xc && size == 4) {
989 i += 2;
990 }
991
992 for (; i < size; i++) {
993 smc91c111_writeb(opaque, addr + i,
994 extract32(value, i * 8, 8));
995 }
996 }
997
998 static bool smc91c111_can_receive_nc(NetClientState *nc)
999 {
1000 smc91c111_state *s = qemu_get_nic_opaque(nc);
1001
1002 return smc91c111_can_receive(s);
1003 }
1004
1005 static ssize_t smc91c111_receive(NetClientState *nc, const uint8_t *buf, size_t size)
1006 {
1007 smc91c111_state *s = qemu_get_nic_opaque(nc);
1008 int status;
1009 int packetsize;
1010 uint32_t crc;
1011 int packetnum;
1012 uint8_t *p;
1013
1014 if ((s->rcr & RCR_RXEN) == 0 || (s->rcr & RCR_SOFT_RST))
1015 return -1;
1016 /* Short packets are padded with zeros. Receiving a packet
1017 < 64 bytes long is considered an error condition. */
1018 if (size < 64)
1019 packetsize = 64;
1020 else
1021 packetsize = (size & ~1);
1022 packetsize += 6;
1023 crc = (s->rcr & RCR_STRIP_CRC) == 0;
1024 if (crc)
1025 packetsize += 4;
1026 /* TODO: Flag overrun and receive errors. */
1027 if (packetsize > 2048)
1028 return -1;
1029 packetnum = smc91c111_allocate_packet(s);
1030 if (packetnum == 0x80)
1031 return -1;
1032 s->rx_fifo[s->rx_fifo_len++] = packetnum;
1033
1034 p = &s->data[packetnum][0];
1035 /* ??? Multicast packets? */
1036 status = 0;
1037 if (size > 1518)
1038 status |= RS_TOOLONG;
1039 if (size & 1)
1040 status |= RS_ODDFRAME;
1041 *(p++) = status & 0xff;
1042 *(p++) = status >> 8;
1043 *(p++) = packetsize & 0xff;
1044 *(p++) = packetsize >> 8;
1045 memcpy(p, buf, size & ~1);
1046 p += (size & ~1);
1047 /* Pad short packets. */
1048 if (size < 64) {
1049 int pad;
1050
1051 if (size & 1)
1052 *(p++) = buf[size - 1];
1053 pad = 64 - size;
1054 memset(p, 0, pad);
1055 p += pad;
1056 size = 64;
1057 }
1058 /* It's not clear if the CRC should go before or after the last byte in
1059 odd sized packets. Linux disables the CRC, so that's no help.
1060 The pictures in the documentation show the CRC aligned on a 16-bit
1061 boundary before the last odd byte, so that's what we do. */
1062 if (crc) {
1063 crc = crc32(~0, buf, size);
1064 *(p++) = crc & 0xff; crc >>= 8;
1065 *(p++) = crc & 0xff; crc >>= 8;
1066 *(p++) = crc & 0xff; crc >>= 8;
1067 *(p++) = crc & 0xff;
1068 }
1069 if (size & 1) {
1070 *(p++) = buf[size - 1];
1071 *p = 0x60;
1072 } else {
1073 *(p++) = 0;
1074 *p = 0x40;
1075 }
1076 /* TODO: Raise early RX interrupt? */
1077 s->int_level |= INT_RCV;
1078 smc91c111_update(s);
1079
1080 return size;
1081 }
1082
1083 static const MemoryRegionOps smc91c111_mem_ops = {
1084 /* The special case for 32 bit writes to 0xc means we can't just
1085 * set .impl.min/max_access_size to 1, unfortunately
1086 */
1087 .read = smc91c111_readfn,
1088 .write = smc91c111_writefn,
1089 .valid.min_access_size = 1,
1090 .valid.max_access_size = 4,
1091 .endianness = DEVICE_NATIVE_ENDIAN,
1092 };
1093
1094 static NetClientInfo net_smc91c111_info = {
1095 .type = NET_CLIENT_DRIVER_NIC,
1096 .size = sizeof(NICState),
1097 .can_receive = smc91c111_can_receive_nc,
1098 .receive = smc91c111_receive,
1099 };
1100
1101 static void smc91c111_realize(DeviceState *dev, Error **errp)
1102 {
1103 SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
1104 smc91c111_state *s = SMC91C111(dev);
1105
1106 memory_region_init_io(&s->mmio, OBJECT(s), &smc91c111_mem_ops, s,
1107 "smc91c111-mmio", 16);
1108 sysbus_init_mmio(sbd, &s->mmio);
1109 sysbus_init_irq(sbd, &s->irq);
1110 qemu_macaddr_default_if_unset(&s->conf.macaddr);
1111 s->nic = qemu_new_nic(&net_smc91c111_info, &s->conf,
1112 object_get_typename(OBJECT(dev)), dev->id,
1113 &dev->mem_reentrancy_guard, s);
1114 qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a);
1115 /* ??? Save/restore. */
1116 }
1117
1118 static Property smc91c111_properties[] = {
1119 DEFINE_NIC_PROPERTIES(smc91c111_state, conf),
1120 DEFINE_PROP_END_OF_LIST(),
1121 };
1122
1123 static void smc91c111_class_init(ObjectClass *klass, void *data)
1124 {
1125 DeviceClass *dc = DEVICE_CLASS(klass);
1126
1127 dc->realize = smc91c111_realize;
1128 dc->reset = smc91c111_reset;
1129 dc->vmsd = &vmstate_smc91c111;
1130 device_class_set_props(dc, smc91c111_properties);
1131 }
1132
1133 static const TypeInfo smc91c111_info = {
1134 .name = TYPE_SMC91C111,
1135 .parent = TYPE_SYS_BUS_DEVICE,
1136 .instance_size = sizeof(smc91c111_state),
1137 .class_init = smc91c111_class_init,
1138 };
1139
1140 static void smc91c111_register_types(void)
1141 {
1142 type_register_static(&smc91c111_info);
1143 }
1144
1145 /* Legacy helper function. Should go away when machine config files are
1146 implemented. */
1147 void smc91c111_init(uint32_t base, qemu_irq irq)
1148 {
1149 DeviceState *dev;
1150 SysBusDevice *s;
1151
1152 dev = qdev_new(TYPE_SMC91C111);
1153 qemu_configure_nic_device(dev, true, NULL);
1154 s = SYS_BUS_DEVICE(dev);
1155 sysbus_realize_and_unref(s, &error_fatal);
1156 sysbus_mmio_map(s, 0, base);
1157 sysbus_connect_irq(s, 0, irq);
1158 }
1159
1160 type_init(smc91c111_register_types)
AR7 emulation for QEMU