search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Fix typo that leads to out of bounds array access on big endian systems
[qemu/mini2440.git] / hw / eepro100.c
blob235e598725c35aa5e9b12651a97db9bbabb4d933
1 /*
2 * QEMU i8255x (PRO100) emulation
3 *
4 * Copyright (c) 2006-2007 Stefan Weil
5 *
6 * Portions of the code are copies from grub / etherboot eepro100.c
7 * and linux e100.c.
8 *
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, write to the Free Software
21 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
22 *
23 * Tested features (i82559):
24 * PXE boot (i386) no valid link
25 * Linux networking (i386) ok
26 *
27 * Untested:
28 * non-i386 platforms
29 * Windows networking
30 *
31 * References:
32 *
33 * Intel 8255x 10/100 Mbps Ethernet Controller Family
34 * Open Source Software Developer Manual
35 */
36
37 #if defined(TARGET_I386)
38 # warning "PXE boot still not working!"
39 #endif
40
41 #include <assert.h>
42 #include <stddef.h> /* offsetof */
43 #include "hw.h"
44 #include "pci.h"
45 #include "net.h"
46 #include "eeprom93xx.h"
47
48 /* Common declarations for all PCI devices. */
49
50 #define PCI_CONFIG_8(offset, value) \
51 (pci_conf[offset] = (value))
52 #define PCI_CONFIG_16(offset, value) \
53 (*(uint16_t *)&pci_conf[offset] = cpu_to_le16(value))
54 #define PCI_CONFIG_32(offset, value) \
55 (*(uint32_t *)&pci_conf[offset] = cpu_to_le32(value))
56
57 #define KiB 1024
58
59 /* debug EEPRO100 card */
60 //~ #define DEBUG_EEPRO100
61
62 #ifdef DEBUG_EEPRO100
63 #define logout(fmt, args...) fprintf(stderr, "EE100\t%-24s" fmt, __func__, ##args)
64 #else
65 #define logout(fmt, args...) ((void)0)
66 #endif
67
68 /* Set flags to 0 to disable debug output. */
69 #define MDI 0
70
71 #define TRACE(flag, command) ((flag) ? (command) : (void)0)
72
73 #define missing(text) assert(!"feature is missing in this emulation: " text)
74
75 #define MAX_ETH_FRAME_SIZE 1514
76
77 /* This driver supports several different devices which are declared here. */
78 #define i82551 0x82551
79 #define i82557B 0x82557b
80 #define i82557C 0x82557c
81 #define i82558B 0x82558b
82 #define i82559C 0x82559c
83 #define i82559ER 0x82559e
84 #define i82562 0x82562
85
86 #define EEPROM_SIZE 64
87
88 #define PCI_MEM_SIZE (4 * KiB)
89 #define PCI_IO_SIZE 64
90 #define PCI_FLASH_SIZE (128 * KiB)
91
92 #define BIT(n) (1 << (n))
93 #define BITS(n, m) (((0xffffffffU << (31 - n)) >> (31 - n + m)) << m)
94
95 /* The SCB accepts the following controls for the Tx and Rx units: */
96 #define CU_NOP 0x0000 /* No operation. */
97 #define CU_START 0x0010 /* CU start. */
98 #define CU_RESUME 0x0020 /* CU resume. */
99 #define CU_STATSADDR 0x0040 /* Load dump counters address. */
100 #define CU_SHOWSTATS 0x0050 /* Dump statistical counters. */
101 #define CU_CMD_BASE 0x0060 /* Load CU base address. */
102 #define CU_DUMPSTATS 0x0070 /* Dump and reset statistical counters. */
103 #define CU_SRESUME 0x00a0 /* CU static resume. */
104
105 #define RU_NOP 0x0000
106 #define RX_START 0x0001
107 #define RX_RESUME 0x0002
108 #define RX_ABORT 0x0004
109 #define RX_ADDR_LOAD 0x0006
110 #define RX_RESUMENR 0x0007
111 #define INT_MASK 0x0100
112 #define DRVR_INT 0x0200 /* Driver generated interrupt. */
113
114 typedef unsigned char bool;
115
116 /* Offsets to the various registers.
117 All accesses need not be longword aligned. */
118 enum speedo_offsets {
119 SCBStatus = 0,
120 SCBAck = 1,
121 SCBCmd = 2, /* Rx/Command Unit command and status. */
122 SCBIntmask = 3,
123 SCBPointer = 4, /* General purpose pointer. */
124 SCBPort = 8, /* Misc. commands and operands. */
125 SCBflash = 12, SCBeeprom = 14, /* EEPROM and flash memory control. */
126 SCBCtrlMDI = 16, /* MDI interface control. */
127 SCBEarlyRx = 20, /* Early receive byte count. */
128 SCBFlow = 24,
129 };
130
131 /* A speedo3 transmit buffer descriptor with two buffers... */
132 typedef struct {
133 uint16_t status;
134 uint16_t command;
135 uint32_t link; /* void * */
136 uint32_t tx_desc_addr; /* transmit buffer decsriptor array address. */
137 uint16_t tcb_bytes; /* transmit command block byte count (in lower 14 bits */
138 uint8_t tx_threshold; /* transmit threshold */
139 uint8_t tbd_count; /* TBD number */
140 //~ /* This constitutes two "TBD" entries: hdr and data */
141 //~ uint32_t tx_buf_addr0; /* void *, header of frame to be transmitted. */
142 //~ int32_t tx_buf_size0; /* Length of Tx hdr. */
143 //~ uint32_t tx_buf_addr1; /* void *, data to be transmitted. */
144 //~ int32_t tx_buf_size1; /* Length of Tx data. */
145 } eepro100_tx_t;
146
147 /* Receive frame descriptor. */
148 typedef struct {
149 int16_t status;
150 uint16_t command;
151 uint32_t link; /* struct RxFD * */
152 uint32_t rx_buf_addr; /* void * */
153 uint16_t count;
154 uint16_t size;
155 char packet[MAX_ETH_FRAME_SIZE + 4];
156 } eepro100_rx_t;
157
158 typedef struct {
159 uint32_t tx_good_frames, tx_max_collisions, tx_late_collisions,
160 tx_underruns, tx_lost_crs, tx_deferred, tx_single_collisions,
161 tx_multiple_collisions, tx_total_collisions;
162 uint32_t rx_good_frames, rx_crc_errors, rx_alignment_errors,
163 rx_resource_errors, rx_overrun_errors, rx_cdt_errors,
164 rx_short_frame_errors;
165 uint32_t fc_xmt_pause, fc_rcv_pause, fc_rcv_unsupported;
166 uint16_t xmt_tco_frames, rcv_tco_frames;
167 uint32_t complete;
168 } eepro100_stats_t;
169
170 typedef enum {
171 cu_idle = 0,
172 cu_suspended = 1,
173 cu_active = 2,
174 cu_lpq_active = 2,
175 cu_hqp_active = 3
176 } cu_state_t;
177
178 typedef enum {
179 ru_idle = 0,
180 ru_suspended = 1,
181 ru_no_resources = 2,
182 ru_ready = 4
183 } ru_state_t;
184
185 typedef struct {
186 #if 1
187 uint8_t cmd;
188 uint32_t start;
189 uint32_t stop;
190 uint8_t boundary;
191 uint8_t tsr;
192 uint8_t tpsr;
193 uint16_t tcnt;
194 uint16_t rcnt;
195 uint32_t rsar;
196 uint8_t rsr;
197 uint8_t rxcr;
198 uint8_t isr;
199 uint8_t dcfg;
200 uint8_t imr;
201 uint8_t phys[6]; /* mac address */
202 uint8_t curpag;
203 uint8_t mult[8]; /* multicast mask array */
204 int mmio_index;
205 PCIDevice *pci_dev;
206 VLANClientState *vc;
207 #endif
208 uint8_t scb_stat; /* SCB stat/ack byte */
209 uint8_t int_stat; /* PCI interrupt status */
210 uint32_t region[3]; /* PCI region addresses */
211 uint8_t macaddr[6];
212 uint32_t statcounter[19];
213 uint16_t mdimem[32];
214 eeprom_t *eeprom;
215 uint32_t device; /* device variant */
216 uint32_t pointer;
217 /* (cu_base + cu_offset) address the next command block in the command block list. */
218 uint32_t cu_base; /* CU base address */
219 uint32_t cu_offset; /* CU address offset */
220 /* (ru_base + ru_offset) address the RFD in the Receive Frame Area. */
221 uint32_t ru_base; /* RU base address */
222 uint32_t ru_offset; /* RU address offset */
223 uint32_t statsaddr; /* pointer to eepro100_stats_t */
224 eepro100_stats_t statistics; /* statistical counters */
225 #if 0
226 uint16_t status;
227 #endif
228
229 /* Configuration bytes. */
230 uint8_t configuration[22];
231
232 /* Data in mem is always in the byte order of the controller (le). */
233 uint8_t mem[PCI_MEM_SIZE];
234 } EEPRO100State;
235
236 /* Default values for MDI (PHY) registers */
237 static const uint16_t eepro100_mdi_default[] = {
238 /* MDI Registers 0 - 6, 7 */
239 0x3000, 0x780d, 0x02a8, 0x0154, 0x05e1, 0x0000, 0x0000, 0x0000,
240 /* MDI Registers 8 - 15 */
241 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
242 /* MDI Registers 16 - 31 */
243 0x0003, 0x0000, 0x0001, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
244 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
245 };
246
247 /* Readonly mask for MDI (PHY) registers */
248 static const uint16_t eepro100_mdi_mask[] = {
249 0x0000, 0xffff, 0xffff, 0xffff, 0xc01f, 0xffff, 0xffff, 0x0000,
250 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
251 0x0fff, 0x0000, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
252 0xffff, 0xffff, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
253 };
254
255 #define POLYNOMIAL 0x04c11db6
256
257 /* From FreeBSD */
258 /* XXX: optimize */
259 static int compute_mcast_idx(const uint8_t * ep)
260 {
261 uint32_t crc;
262 int carry, i, j;
263 uint8_t b;
264
265 crc = 0xffffffff;
266 for (i = 0; i < 6; i++) {
267 b = *ep++;
268 for (j = 0; j < 8; j++) {
269 carry = ((crc & 0x80000000L) ? 1 : 0) ^ (b & 0x01);
270 crc <<= 1;
271 b >>= 1;
272 if (carry)
273 crc = ((crc ^ POLYNOMIAL) | carry);
274 }
275 }
276 return (crc >> 26);
277 }
278
279 #if defined(DEBUG_EEPRO100)
280 static const char *nic_dump(const uint8_t * buf, unsigned size)
281 {
282 static char dump[3 * 16 + 1];
283 char *p = &dump[0];
284 if (size > 16)
285 size = 16;
286 while (size-- > 0) {
287 p += sprintf(p, " %02x", *buf++);
288 }
289 return dump;
290 }
291 #endif /* DEBUG_EEPRO100 */
292
293 enum scb_stat_ack {
294 stat_ack_not_ours = 0x00,
295 stat_ack_sw_gen = 0x04,
296 stat_ack_rnr = 0x10,
297 stat_ack_cu_idle = 0x20,
298 stat_ack_frame_rx = 0x40,
299 stat_ack_cu_cmd_done = 0x80,
300 stat_ack_not_present = 0xFF,
301 stat_ack_rx = (stat_ack_sw_gen | stat_ack_rnr | stat_ack_frame_rx),
302 stat_ack_tx = (stat_ack_cu_idle | stat_ack_cu_cmd_done),
303 };
304
305 static void disable_interrupt(EEPRO100State * s)
306 {
307 if (s->int_stat) {
308 logout("interrupt disabled\n");
309 qemu_irq_lower(s->pci_dev->irq[0]);
310 s->int_stat = 0;
311 }
312 }
313
314 static void enable_interrupt(EEPRO100State * s)
315 {
316 if (!s->int_stat) {
317 logout("interrupt enabled\n");
318 qemu_irq_raise(s->pci_dev->irq[0]);
319 s->int_stat = 1;
320 }
321 }
322
323 static void eepro100_acknowledge(EEPRO100State * s)
324 {
325 s->scb_stat &= ~s->mem[SCBAck];
326 s->mem[SCBAck] = s->scb_stat;
327 if (s->scb_stat == 0) {
328 disable_interrupt(s);
329 }
330 }
331
332 static void eepro100_interrupt(EEPRO100State * s, uint8_t stat)
333 {
334 uint8_t mask = ~s->mem[SCBIntmask];
335 s->mem[SCBAck] |= stat;
336 stat = s->scb_stat = s->mem[SCBAck];
337 stat &= (mask | 0x0f);
338 //~ stat &= (~s->mem[SCBIntmask] | 0x0xf);
339 if (stat && (mask & 0x01)) {
340 /* SCB mask and SCB Bit M do not disable interrupt. */
341 enable_interrupt(s);
342 } else if (s->int_stat) {
343 disable_interrupt(s);
344 }
345 }
346
347 static void eepro100_cx_interrupt(EEPRO100State * s)
348 {
349 /* CU completed action command. */
350 /* Transmit not ok (82557 only, not in emulation). */
351 eepro100_interrupt(s, 0x80);
352 }
353
354 static void eepro100_cna_interrupt(EEPRO100State * s)
355 {
356 /* CU left the active state. */
357 eepro100_interrupt(s, 0x20);
358 }
359
360 static void eepro100_fr_interrupt(EEPRO100State * s)
361 {
362 /* RU received a complete frame. */
363 eepro100_interrupt(s, 0x40);
364 }
365
366 #if 0
367 static void eepro100_rnr_interrupt(EEPRO100State * s)
368 {
369 /* RU is not ready. */
370 eepro100_interrupt(s, 0x10);
371 }
372 #endif
373
374 static void eepro100_mdi_interrupt(EEPRO100State * s)
375 {
376 /* MDI completed read or write cycle. */
377 eepro100_interrupt(s, 0x08);
378 }
379
380 static void eepro100_swi_interrupt(EEPRO100State * s)
381 {
382 /* Software has requested an interrupt. */
383 eepro100_interrupt(s, 0x04);
384 }
385
386 #if 0
387 static void eepro100_fcp_interrupt(EEPRO100State * s)
388 {
389 /* Flow control pause interrupt (82558 and later). */
390 eepro100_interrupt(s, 0x01);
391 }
392 #endif
393
394 static void pci_reset(EEPRO100State * s)
395 {
396 uint32_t device = s->device;
397 uint8_t *pci_conf = s->pci_dev->config;
398
399 logout("%p\n", s);
400
401 /* PCI Vendor ID */
402 pci_config_set_vendor_id(pci_conf, PCI_VENDOR_ID_INTEL);
403 /* PCI Device ID */
404 pci_config_set_device_id(pci_conf, PCI_DEVICE_ID_INTEL_82551IT);
405 /* PCI Command */
406 PCI_CONFIG_16(PCI_COMMAND, 0x0000);
407 /* PCI Status */
408 PCI_CONFIG_16(PCI_STATUS, 0x2800);
409 /* PCI Revision ID */
410 PCI_CONFIG_8(PCI_REVISION_ID, 0x08);
411 /* PCI Class Code */
412 PCI_CONFIG_8(0x09, 0x00);
413 pci_config_set_class(pci_conf, PCI_CLASS_NETWORK_ETHERNET);
414 /* PCI Cache Line Size */
415 /* check cache line size!!! */
416 //~ PCI_CONFIG_8(0x0c, 0x00);
417 /* PCI Latency Timer */
418 PCI_CONFIG_8(0x0d, 0x20); // latency timer = 32 clocks
419 /* PCI Header Type */
420 /* BIST (built-in self test) */
421 #if defined(TARGET_I386)
422 // !!! workaround for buggy bios
423 //~ #define PCI_ADDRESS_SPACE_MEM_PREFETCH 0
424 #endif
425 #if 0
426 /* PCI Base Address Registers */
427 /* CSR Memory Mapped Base Address */
428 PCI_CONFIG_32(PCI_BASE_ADDRESS_0,
429 PCI_ADDRESS_SPACE_MEM | PCI_ADDRESS_SPACE_MEM_PREFETCH);
430 /* CSR I/O Mapped Base Address */
431 PCI_CONFIG_32(PCI_BASE_ADDRESS_1, PCI_ADDRESS_SPACE_IO);
432 #if 0
433 /* Flash Memory Mapped Base Address */
434 PCI_CONFIG_32(PCI_BASE_ADDRESS_2, 0xfffe0000 | PCI_ADDRESS_SPACE_MEM);
435 #endif
436 #endif
437 /* Expansion ROM Base Address (depends on boot disable!!!) */
438 PCI_CONFIG_32(0x30, 0x00000000);
439 /* Capability Pointer */
440 PCI_CONFIG_8(0x34, 0xdc);
441 /* Interrupt Pin */
442 PCI_CONFIG_8(0x3d, 1); // interrupt pin 0
443 /* Minimum Grant */
444 PCI_CONFIG_8(0x3e, 0x08);
445 /* Maximum Latency */
446 PCI_CONFIG_8(0x3f, 0x18);
447 /* Power Management Capabilities / Next Item Pointer / Capability ID */
448 PCI_CONFIG_32(0xdc, 0x7e210001);
449
450 switch (device) {
451 case i82551:
452 //~ PCI_CONFIG_16(PCI_DEVICE_ID, 0x1209);
453 PCI_CONFIG_8(PCI_REVISION_ID, 0x0f);
454 break;
455 case i82557B:
456 PCI_CONFIG_16(PCI_DEVICE_ID, 0x1229);
457 PCI_CONFIG_8(PCI_REVISION_ID, 0x02);
458 break;
459 case i82557C:
460 PCI_CONFIG_16(PCI_DEVICE_ID, 0x1229);
461 PCI_CONFIG_8(PCI_REVISION_ID, 0x03);
462 break;
463 case i82558B:
464 PCI_CONFIG_16(PCI_DEVICE_ID, 0x1229);
465 PCI_CONFIG_16(PCI_STATUS, 0x2810);
466 PCI_CONFIG_8(PCI_REVISION_ID, 0x05);
467 break;
468 case i82559C:
469 PCI_CONFIG_16(PCI_DEVICE_ID, 0x1229);
470 PCI_CONFIG_16(PCI_STATUS, 0x2810);
471 //~ PCI_CONFIG_8(PCI_REVISION_ID, 0x08);
472 break;
473 case i82559ER:
474 //~ PCI_CONFIG_16(PCI_DEVICE_ID, 0x1209);
475 PCI_CONFIG_16(PCI_STATUS, 0x2810);
476 PCI_CONFIG_8(PCI_REVISION_ID, 0x09);
477 break;
478 //~ PCI_CONFIG_16(PCI_DEVICE_ID, 0x1029);
479 //~ PCI_CONFIG_16(PCI_DEVICE_ID, 0x1030); /* 82559 InBusiness 10/100 */
480 default:
481 logout("Device %X is undefined!\n", device);
482 }
483
484 if (device == i82557C || device == i82558B || device == i82559C) {
485 logout("Get device id and revision from EEPROM!!!\n");
486 }
487 }
488
489 static void nic_selective_reset(EEPRO100State * s)
490 {
491 size_t i;
492 uint16_t *eeprom_contents = eeprom93xx_data(s->eeprom);
493 //~ eeprom93xx_reset(s->eeprom);
494 memcpy(eeprom_contents, s->macaddr, 6);
495 eeprom_contents[0xa] = 0x4000;
496 uint16_t sum = 0;
497 for (i = 0; i < EEPROM_SIZE - 1; i++) {
498 sum += eeprom_contents[i];
499 }
500 eeprom_contents[EEPROM_SIZE - 1] = 0xbaba - sum;
501
502 memset(s->mem, 0, sizeof(s->mem));
503 uint32_t val = BIT(21);
504 memcpy(&s->mem[SCBCtrlMDI], &val, sizeof(val));
505
506 assert(sizeof(s->mdimem) == sizeof(eepro100_mdi_default));
507 memcpy(&s->mdimem[0], &eepro100_mdi_default[0], sizeof(s->mdimem));
508 }
509
510 static void nic_reset(void *opaque)
511 {
512 EEPRO100State *s = (EEPRO100State *) opaque;
513 logout("%p\n", s);
514 static int first;
515 if (!first) {
516 first = 1;
517 }
518 nic_selective_reset(s);
519 }
520
521 #if defined(DEBUG_EEPRO100)
522 static const char *reg[PCI_IO_SIZE / 4] = {
523 "Command/Status",
524 "General Pointer",
525 "Port",
526 "EEPROM/Flash Control",
527 "MDI Control",
528 "Receive DMA Byte Count",
529 "Flow control register",
530 "General Status/Control"
531 };
532
533 static char *regname(uint32_t addr)
534 {
535 static char buf[16];
536 if (addr < PCI_IO_SIZE) {
537 const char *r = reg[addr / 4];
538 if (r != 0) {
539 sprintf(buf, "%s+%u", r, addr % 4);
540 } else {
541 sprintf(buf, "0x%02x", addr);
542 }
543 } else {
544 sprintf(buf, "??? 0x%08x", addr);
545 }
546 return buf;
547 }
548 #endif /* DEBUG_EEPRO100 */
549
550 #if 0
551 static uint16_t eepro100_read_status(EEPRO100State * s)
552 {
553 uint16_t val = s->status;
554 logout("val=0x%04x\n", val);
555 return val;
556 }
557
558 static void eepro100_write_status(EEPRO100State * s, uint16_t val)
559 {
560 logout("val=0x%04x\n", val);
561 s->status = val;
562 }
563 #endif
564
565 /*****************************************************************************
566 *
567 * Command emulation.
568 *
569 ****************************************************************************/
570
571 #if 0
572 static uint16_t eepro100_read_command(EEPRO100State * s)
573 {
574 uint16_t val = 0xffff;
575 //~ logout("val=0x%04x\n", val);
576 return val;
577 }
578 #endif
579
580 /* Commands that can be put in a command list entry. */
581 enum commands {
582 CmdNOp = 0,
583 CmdIASetup = 1,
584 CmdConfigure = 2,
585 CmdMulticastList = 3,
586 CmdTx = 4,
587 CmdTDR = 5, /* load microcode */
588 CmdDump = 6,
589 CmdDiagnose = 7,
590
591 /* And some extra flags: */
592 CmdSuspend = 0x4000, /* Suspend after completion. */
593 CmdIntr = 0x2000, /* Interrupt after completion. */
594 CmdTxFlex = 0x0008, /* Use "Flexible mode" for CmdTx command. */
595 };
596
597 static cu_state_t get_cu_state(EEPRO100State * s)
598 {
599 return ((s->mem[SCBStatus] >> 6) & 0x03);
600 }
601
602 static void set_cu_state(EEPRO100State * s, cu_state_t state)
603 {
604 s->mem[SCBStatus] = (s->mem[SCBStatus] & 0x3f) + (state << 6);
605 }
606
607 static ru_state_t get_ru_state(EEPRO100State * s)
608 {
609 return ((s->mem[SCBStatus] >> 2) & 0x0f);
610 }
611
612 static void set_ru_state(EEPRO100State * s, ru_state_t state)
613 {
614 s->mem[SCBStatus] = (s->mem[SCBStatus] & 0xc3) + (state << 2);
615 }
616
617 static void dump_statistics(EEPRO100State * s)
618 {
619 /* Dump statistical data. Most data is never changed by the emulation
620 * and always 0, so we first just copy the whole block and then those
621 * values which really matter.
622 * Number of data should check configuration!!!
623 */
624 cpu_physical_memory_write(s->statsaddr, (uint8_t *) & s->statistics, 64);
625 stl_phys(s->statsaddr + 0, s->statistics.tx_good_frames);
626 stl_phys(s->statsaddr + 36, s->statistics.rx_good_frames);
627 stl_phys(s->statsaddr + 48, s->statistics.rx_resource_errors);
628 stl_phys(s->statsaddr + 60, s->statistics.rx_short_frame_errors);
629 //~ stw_phys(s->statsaddr + 76, s->statistics.xmt_tco_frames);
630 //~ stw_phys(s->statsaddr + 78, s->statistics.rcv_tco_frames);
631 //~ missing("CU dump statistical counters");
632 }
633
634 static void eepro100_cu_command(EEPRO100State * s, uint8_t val)
635 {
636 eepro100_tx_t tx;
637 uint32_t cb_address;
638 switch (val) {
639 case CU_NOP:
640 /* No operation. */
641 break;
642 case CU_START:
643 if (get_cu_state(s) != cu_idle) {
644 /* Intel documentation says that CU must be idle for the CU
645 * start command. Intel driver for Linux also starts the CU
646 * from suspended state. */
647 logout("CU state is %u, should be %u\n", get_cu_state(s), cu_idle);
648 //~ assert(!"wrong CU state");
649 }
650 set_cu_state(s, cu_active);
651 s->cu_offset = s->pointer;
652 next_command:
653 cb_address = s->cu_base + s->cu_offset;
654 cpu_physical_memory_read(cb_address, (uint8_t *) & tx, sizeof(tx));
655 uint16_t status = le16_to_cpu(tx.status);
656 uint16_t command = le16_to_cpu(tx.command);
657 logout
658 ("val=0x%02x (cu start), status=0x%04x, command=0x%04x, link=0x%08x\n",
659 val, status, command, tx.link);
660 bool bit_el = ((command & 0x8000) != 0);
661 bool bit_s = ((command & 0x4000) != 0);
662 bool bit_i = ((command & 0x2000) != 0);
663 bool bit_nc = ((command & 0x0010) != 0);
664 //~ bool bit_sf = ((command & 0x0008) != 0);
665 uint16_t cmd = command & 0x0007;
666 s->cu_offset = le32_to_cpu(tx.link);
667 switch (cmd) {
668 case CmdNOp:
669 /* Do nothing. */
670 break;
671 case CmdIASetup:
672 cpu_physical_memory_read(cb_address + 8, &s->macaddr[0], 6);
673 logout("macaddr: %s\n", nic_dump(&s->macaddr[0], 6));
674 break;
675 case CmdConfigure:
676 cpu_physical_memory_read(cb_address + 8, &s->configuration[0],
677 sizeof(s->configuration));
678 logout("configuration: %s\n", nic_dump(&s->configuration[0], 16));
679 break;
680 case CmdMulticastList:
681 //~ missing("multicast list");
682 break;
683 case CmdTx:
684 (void)0;
685 uint32_t tbd_array = le32_to_cpu(tx.tx_desc_addr);
686 uint16_t tcb_bytes = (le16_to_cpu(tx.tcb_bytes) & 0x3fff);
687 logout
688 ("transmit, TBD array address 0x%08x, TCB byte count 0x%04x, TBD count %u\n",
689 tbd_array, tcb_bytes, tx.tbd_count);
690 assert(!bit_nc);
691 //~ assert(!bit_sf);
692 assert(tcb_bytes <= 2600);
693 /* Next assertion fails for local configuration. */
694 //~ assert((tcb_bytes > 0) || (tbd_array != 0xffffffff));
695 if (!((tcb_bytes > 0) || (tbd_array != 0xffffffff))) {
696 logout
697 ("illegal values of TBD array address and TCB byte count!\n");
698 }
699 uint8_t buf[MAX_ETH_FRAME_SIZE + 4];
700 uint16_t size = 0;
701 uint32_t tbd_address = cb_address + 0x10;
702 assert(tcb_bytes <= sizeof(buf));
703 while (size < tcb_bytes) {
704 uint32_t tx_buffer_address = ldl_phys(tbd_address);
705 uint16_t tx_buffer_size = lduw_phys(tbd_address + 4);
706 //~ uint16_t tx_buffer_el = lduw_phys(tbd_address + 6);
707 tbd_address += 8;
708 logout
709 ("TBD (simplified mode): buffer address 0x%08x, size 0x%04x\n",
710 tx_buffer_address, tx_buffer_size);
711 cpu_physical_memory_read(tx_buffer_address, &buf[size],
712 tx_buffer_size);
713 size += tx_buffer_size;
714 }
715 if (tbd_array == 0xffffffff) {
716 /* Simplified mode. Was already handled by code above. */
717 } else {
718 /* Flexible mode. */
719 uint8_t tbd_count = 0;
720 if (!(s->configuration[6] & BIT(4))) {
721 /* Extended TCB. */
722 assert(tcb_bytes == 0);
723 for (; tbd_count < 2; tbd_count++) {
724 uint32_t tx_buffer_address = ldl_phys(tbd_address);
725 uint16_t tx_buffer_size = lduw_phys(tbd_address + 4);
726 uint16_t tx_buffer_el = lduw_phys(tbd_address + 6);
727 tbd_address += 8;
728 logout
729 ("TBD (extended mode): buffer address 0x%08x, size 0x%04x\n",
730 tx_buffer_address, tx_buffer_size);
731 cpu_physical_memory_read(tx_buffer_address, &buf[size],
732 tx_buffer_size);
733 size += tx_buffer_size;
734 if (tx_buffer_el & 1) {
735 break;
736 }
737 }
738 }
739 tbd_address = tbd_array;
740 for (; tbd_count < tx.tbd_count; tbd_count++) {
741 uint32_t tx_buffer_address = ldl_phys(tbd_address);
742 uint16_t tx_buffer_size = lduw_phys(tbd_address + 4);
743 uint16_t tx_buffer_el = lduw_phys(tbd_address + 6);
744 tbd_address += 8;
745 logout
746 ("TBD (flexible mode): buffer address 0x%08x, size 0x%04x\n",
747 tx_buffer_address, tx_buffer_size);
748 cpu_physical_memory_read(tx_buffer_address, &buf[size],
749 tx_buffer_size);
750 size += tx_buffer_size;
751 if (tx_buffer_el & 1) {
752 break;
753 }
754 }
755 }
756 qemu_send_packet(s->vc, buf, size);
757 s->statistics.tx_good_frames++;
758 /* Transmit with bad status would raise an CX/TNO interrupt.
759 * (82557 only). Emulation never has bad status. */
760 //~ eepro100_cx_interrupt(s);
761 break;
762 case CmdTDR:
763 logout("load microcode\n");
764 /* Starting with offset 8, the command contains
765 * 64 dwords microcode which we just ignore here. */
766 break;
767 default:
768 missing("undefined command");
769 }
770 /* Write new status (success). */
771 stw_phys(cb_address, status | 0x8000 | 0x2000);
772 if (bit_i) {
773 /* CU completed action. */
774 eepro100_cx_interrupt(s);
775 }
776 if (bit_el) {
777 /* CU becomes idle. */
778 set_cu_state(s, cu_idle);
779 eepro100_cna_interrupt(s);
780 } else if (bit_s) {
781 /* CU becomes suspended. */
782 set_cu_state(s, cu_suspended);
783 eepro100_cna_interrupt(s);
784 } else {
785 /* More entries in list. */
786 logout("CU list with at least one more entry\n");
787 goto next_command;
788 }
789 logout("CU list empty\n");
790 /* List is empty. Now CU is idle or suspended. */
791 break;
792 case CU_RESUME:
793 if (get_cu_state(s) != cu_suspended) {
794 logout("bad CU resume from CU state %u\n", get_cu_state(s));
795 /* Workaround for bad Linux eepro100 driver which resumes
796 * from idle state. */
797 //~ missing("cu resume");
798 set_cu_state(s, cu_suspended);
799 }
800 if (get_cu_state(s) == cu_suspended) {
801 logout("CU resuming\n");
802 set_cu_state(s, cu_active);
803 goto next_command;
804 }
805 break;
806 case CU_STATSADDR:
807 /* Load dump counters address. */
808 s->statsaddr = s->pointer;
809 logout("val=0x%02x (status address)\n", val);
810 break;
811 case CU_SHOWSTATS:
812 /* Dump statistical counters. */
813 dump_statistics(s);
814 break;
815 case CU_CMD_BASE:
816 /* Load CU base. */
817 logout("val=0x%02x (CU base address)\n", val);
818 s->cu_base = s->pointer;
819 break;
820 case CU_DUMPSTATS:
821 /* Dump and reset statistical counters. */
822 dump_statistics(s);
823 memset(&s->statistics, 0, sizeof(s->statistics));
824 break;
825 case CU_SRESUME:
826 /* CU static resume. */
827 missing("CU static resume");
828 break;
829 default:
830 missing("Undefined CU command");
831 }
832 }
833
834 static void eepro100_ru_command(EEPRO100State * s, uint8_t val)
835 {
836 switch (val) {
837 case RU_NOP:
838 /* No operation. */
839 break;
840 case RX_START:
841 /* RU start. */
842 if (get_ru_state(s) != ru_idle) {
843 logout("RU state is %u, should be %u\n", get_ru_state(s), ru_idle);
844 //~ assert(!"wrong RU state");
845 }
846 set_ru_state(s, ru_ready);
847 s->ru_offset = s->pointer;
848 logout("val=0x%02x (rx start)\n", val);
849 break;
850 case RX_RESUME:
851 /* Restart RU. */
852 if (get_ru_state(s) != ru_suspended) {
853 logout("RU state is %u, should be %u\n", get_ru_state(s),
854 ru_suspended);
855 //~ assert(!"wrong RU state");
856 }
857 set_ru_state(s, ru_ready);
858 break;
859 case RX_ADDR_LOAD:
860 /* Load RU base. */
861 logout("val=0x%02x (RU base address)\n", val);
862 s->ru_base = s->pointer;
863 break;
864 default:
865 logout("val=0x%02x (undefined RU command)\n", val);
866 missing("Undefined SU command");
867 }
868 }
869
870 static void eepro100_write_command(EEPRO100State * s, uint8_t val)
871 {
872 eepro100_ru_command(s, val & 0x0f);
873 eepro100_cu_command(s, val & 0xf0);
874 if ((val) == 0) {
875 logout("val=0x%02x\n", val);
876 }
877 /* Clear command byte after command was accepted. */
878 s->mem[SCBCmd] = 0;
879 }
880
881 /*****************************************************************************
882 *
883 * EEPROM emulation.
884 *
885 ****************************************************************************/
886
887 #define EEPROM_CS 0x02
888 #define EEPROM_SK 0x01
889 #define EEPROM_DI 0x04
890 #define EEPROM_DO 0x08
891
892 static uint16_t eepro100_read_eeprom(EEPRO100State * s)
893 {
894 uint16_t val;
895 memcpy(&val, &s->mem[SCBeeprom], sizeof(val));
896 if (eeprom93xx_read(s->eeprom)) {
897 val |= EEPROM_DO;
898 } else {
899 val &= ~EEPROM_DO;
900 }
901 return val;
902 }
903
904 static void eepro100_write_eeprom(eeprom_t * eeprom, uint8_t val)
905 {
906 logout("write val=0x%02x\n", val);
907
908 /* mask unwriteable bits */
909 //~ val = SET_MASKED(val, 0x31, eeprom->value);
910
911 int eecs = ((val & EEPROM_CS) != 0);
912 int eesk = ((val & EEPROM_SK) != 0);
913 int eedi = ((val & EEPROM_DI) != 0);
914 eeprom93xx_write(eeprom, eecs, eesk, eedi);
915 }
916
917 static void eepro100_write_pointer(EEPRO100State * s, uint32_t val)
918 {
919 s->pointer = le32_to_cpu(val);
920 logout("val=0x%08x\n", val);
921 }
922
923 /*****************************************************************************
924 *
925 * MDI emulation.
926 *
927 ****************************************************************************/
928
929 #if defined(DEBUG_EEPRO100)
930 static const char *mdi_op_name[] = {
931 "opcode 0",
932 "write",
933 "read",
934 "opcode 3"
935 };
936
937 static const char *mdi_reg_name[] = {
938 "Control",
939 "Status",
940 "PHY Identification (Word 1)",
941 "PHY Identification (Word 2)",
942 "Auto-Negotiation Advertisement",
943 "Auto-Negotiation Link Partner Ability",
944 "Auto-Negotiation Expansion"
945 };
946 #endif /* DEBUG_EEPRO100 */
947
948 static uint32_t eepro100_read_mdi(EEPRO100State * s)
949 {
950 uint32_t val;
951 memcpy(&val, &s->mem[0x10], sizeof(val));
952
953 #ifdef DEBUG_EEPRO100
954 uint8_t raiseint = (val & BIT(29)) >> 29;
955 uint8_t opcode = (val & BITS(27, 26)) >> 26;
956 uint8_t phy = (val & BITS(25, 21)) >> 21;
957 uint8_t reg = (val & BITS(20, 16)) >> 16;
958 uint16_t data = (val & BITS(15, 0));
959 #endif
960 /* Emulation takes no time to finish MDI transaction. */
961 val |= BIT(28);
962 TRACE(MDI, logout("val=0x%08x (int=%u, %s, phy=%u, %s, data=0x%04x\n",
963 val, raiseint, mdi_op_name[opcode], phy,
964 mdi_reg_name[reg], data));
965 return val;
966 }
967
968 //~ #define BITS(val, upper, lower) (val & ???)
969 static void eepro100_write_mdi(EEPRO100State * s, uint32_t val)
970 {
971 uint8_t raiseint = (val & BIT(29)) >> 29;
972 uint8_t opcode = (val & BITS(27, 26)) >> 26;
973 uint8_t phy = (val & BITS(25, 21)) >> 21;
974 uint8_t reg = (val & BITS(20, 16)) >> 16;
975 uint16_t data = (val & BITS(15, 0));
976 if (phy != 1) {
977 /* Unsupported PHY address. */
978 //~ logout("phy must be 1 but is %u\n", phy);
979 data = 0;
980 } else if (opcode != 1 && opcode != 2) {
981 /* Unsupported opcode. */
982 logout("opcode must be 1 or 2 but is %u\n", opcode);
983 data = 0;
984 } else if (reg > 6) {
985 /* Unsupported register. */
986 logout("register must be 0...6 but is %u\n", reg);
987 data = 0;
988 } else {
989 TRACE(MDI, logout("val=0x%08x (int=%u, %s, phy=%u, %s, data=0x%04x\n",
990 val, raiseint, mdi_op_name[opcode], phy,
991 mdi_reg_name[reg], data));
992 if (opcode == 1) {
993 /* MDI write */
994 switch (reg) {
995 case 0: /* Control Register */
996 if (data & 0x8000) {
997 /* Reset status and control registers to default. */
998 s->mdimem[0] = eepro100_mdi_default[0];
999 s->mdimem[1] = eepro100_mdi_default[1];
1000 data = s->mdimem[reg];
1001 } else {
1002 /* Restart Auto Configuration = Normal Operation */
1003 data &= ~0x0200;
1004 }
1005 break;
1006 case 1: /* Status Register */
1007 missing("not writable");
1008 data = s->mdimem[reg];
1009 break;
1010 case 2: /* PHY Identification Register (Word 1) */
1011 case 3: /* PHY Identification Register (Word 2) */
1012 missing("not implemented");
1013 break;
1014 case 4: /* Auto-Negotiation Advertisement Register */
1015 case 5: /* Auto-Negotiation Link Partner Ability Register */
1016 break;
1017 case 6: /* Auto-Negotiation Expansion Register */
1018 default:
1019 missing("not implemented");
1020 }
1021 s->mdimem[reg] = data;
1022 } else if (opcode == 2) {
1023 /* MDI read */
1024 switch (reg) {
1025 case 0: /* Control Register */
1026 if (data & 0x8000) {
1027 /* Reset status and control registers to default. */
1028 s->mdimem[0] = eepro100_mdi_default[0];
1029 s->mdimem[1] = eepro100_mdi_default[1];
1030 }
1031 break;
1032 case 1: /* Status Register */
1033 s->mdimem[reg] |= 0x0020;
1034 break;
1035 case 2: /* PHY Identification Register (Word 1) */
1036 case 3: /* PHY Identification Register (Word 2) */
1037 case 4: /* Auto-Negotiation Advertisement Register */
1038 break;
1039 case 5: /* Auto-Negotiation Link Partner Ability Register */
1040 s->mdimem[reg] = 0x41fe;
1041 break;
1042 case 6: /* Auto-Negotiation Expansion Register */
1043 s->mdimem[reg] = 0x0001;
1044 break;
1045 }
1046 data = s->mdimem[reg];
1047 }
1048 /* Emulation takes no time to finish MDI transaction.
1049 * Set MDI bit in SCB status register. */
1050 s->mem[SCBAck] |= 0x08;
1051 val |= BIT(28);
1052 if (raiseint) {
1053 eepro100_mdi_interrupt(s);
1054 }
1055 }
1056 val = (val & 0xffff0000) + data;
1057 memcpy(&s->mem[0x10], &val, sizeof(val));
1058 }
1059
1060 /*****************************************************************************
1061 *
1062 * Port emulation.
1063 *
1064 ****************************************************************************/
1065
1066 #define PORT_SOFTWARE_RESET 0
1067 #define PORT_SELFTEST 1
1068 #define PORT_SELECTIVE_RESET 2
1069 #define PORT_DUMP 3
1070 #define PORT_SELECTION_MASK 3
1071
1072 typedef struct {
1073 uint32_t st_sign; /* Self Test Signature */
1074 uint32_t st_result; /* Self Test Results */
1075 } eepro100_selftest_t;
1076
1077 static uint32_t eepro100_read_port(EEPRO100State * s)
1078 {
1079 return 0;
1080 }
1081
1082 static void eepro100_write_port(EEPRO100State * s, uint32_t val)
1083 {
1084 val = le32_to_cpu(val);
1085 uint32_t address = (val & ~PORT_SELECTION_MASK);
1086 uint8_t selection = (val & PORT_SELECTION_MASK);
1087 switch (selection) {
1088 case PORT_SOFTWARE_RESET:
1089 nic_reset(s);
1090 break;
1091 case PORT_SELFTEST:
1092 logout("selftest address=0x%08x\n", address);
1093 eepro100_selftest_t data;
1094 cpu_physical_memory_read(address, (uint8_t *) & data, sizeof(data));
1095 data.st_sign = 0xffffffff;
1096 data.st_result = 0;
1097 cpu_physical_memory_write(address, (uint8_t *) & data, sizeof(data));
1098 break;
1099 case PORT_SELECTIVE_RESET:
1100 logout("selective reset, selftest address=0x%08x\n", address);
1101 nic_selective_reset(s);
1102 break;
1103 default:
1104 logout("val=0x%08x\n", val);
1105 missing("unknown port selection");
1106 }
1107 }
1108
1109 /*****************************************************************************
1110 *
1111 * General hardware emulation.
1112 *
1113 ****************************************************************************/
1114
1115 static uint8_t eepro100_read1(EEPRO100State * s, uint32_t addr)
1116 {
1117 uint8_t val;
1118 if (addr <= sizeof(s->mem) - sizeof(val)) {
1119 memcpy(&val, &s->mem[addr], sizeof(val));
1120 }
1121
1122 switch (addr) {
1123 case SCBStatus:
1124 //~ val = eepro100_read_status(s);
1125 logout("addr=%s val=0x%02x\n", regname(addr), val);
1126 break;
1127 case SCBAck:
1128 //~ val = eepro100_read_status(s);
1129 logout("addr=%s val=0x%02x\n", regname(addr), val);
1130 break;
1131 case SCBCmd:
1132 logout("addr=%s val=0x%02x\n", regname(addr), val);
1133 //~ val = eepro100_read_command(s);
1134 break;
1135 case SCBIntmask:
1136 logout("addr=%s val=0x%02x\n", regname(addr), val);
1137 break;
1138 case SCBPort + 3:
1139 logout("addr=%s val=0x%02x\n", regname(addr), val);
1140 break;
1141 case SCBeeprom:
1142 val = eepro100_read_eeprom(s);
1143 break;
1144 case 0x1b: /* PMDR (power management driver register) */
1145 val = 0;
1146 logout("addr=%s val=0x%02x\n", regname(addr), val);
1147 break;
1148 case 0x1d: /* general status register */
1149 /* 100 Mbps full duplex, valid link */
1150 val = 0x07;
1151 logout("addr=General Status val=%02x\n", val);
1152 break;
1153 default:
1154 logout("addr=%s val=0x%02x\n", regname(addr), val);
1155 missing("unknown byte read");
1156 }
1157 return val;
1158 }
1159
1160 static uint16_t eepro100_read2(EEPRO100State * s, uint32_t addr)
1161 {
1162 uint16_t val;
1163 if (addr <= sizeof(s->mem) - sizeof(val)) {
1164 memcpy(&val, &s->mem[addr], sizeof(val));
1165 }
1166
1167 logout("addr=%s val=0x%04x\n", regname(addr), val);
1168
1169 switch (addr) {
1170 case SCBStatus:
1171 //~ val = eepro100_read_status(s);
1172 break;
1173 case SCBeeprom:
1174 val = eepro100_read_eeprom(s);
1175 break;
1176 default:
1177 logout("addr=%s val=0x%04x\n", regname(addr), val);
1178 missing("unknown word read");
1179 }
1180 return val;
1181 }
1182
1183 static uint32_t eepro100_read4(EEPRO100State * s, uint32_t addr)
1184 {
1185 uint32_t val;
1186 if (addr <= sizeof(s->mem) - sizeof(val)) {
1187 memcpy(&val, &s->mem[addr], sizeof(val));
1188 }
1189
1190 switch (addr) {
1191 case SCBStatus:
1192 //~ val = eepro100_read_status(s);
1193 logout("addr=%s val=0x%08x\n", regname(addr), val);
1194 break;
1195 case SCBPointer:
1196 //~ val = eepro100_read_pointer(s);
1197 logout("addr=%s val=0x%08x\n", regname(addr), val);
1198 break;
1199 case SCBPort:
1200 val = eepro100_read_port(s);
1201 logout("addr=%s val=0x%08x\n", regname(addr), val);
1202 break;
1203 case SCBCtrlMDI:
1204 val = eepro100_read_mdi(s);
1205 break;
1206 default:
1207 logout("addr=%s val=0x%08x\n", regname(addr), val);
1208 missing("unknown longword read");
1209 }
1210 return val;
1211 }
1212
1213 static void eepro100_write1(EEPRO100State * s, uint32_t addr, uint8_t val)
1214 {
1215 if (addr <= sizeof(s->mem) - sizeof(val)) {
1216 memcpy(&s->mem[addr], &val, sizeof(val));
1217 }
1218
1219 logout("addr=%s val=0x%02x\n", regname(addr), val);
1220
1221 switch (addr) {
1222 case SCBStatus:
1223 //~ eepro100_write_status(s, val);
1224 break;
1225 case SCBAck:
1226 eepro100_acknowledge(s);
1227 break;
1228 case SCBCmd:
1229 eepro100_write_command(s, val);
1230 break;
1231 case SCBIntmask:
1232 if (val & BIT(1)) {
1233 eepro100_swi_interrupt(s);
1234 }
1235 eepro100_interrupt(s, 0);
1236 break;
1237 case SCBPort + 3:
1238 case SCBFlow:
1239 case SCBFlow + 1:
1240 case SCBFlow + 2:
1241 case SCBFlow + 3:
1242 logout("addr=%s val=0x%02x\n", regname(addr), val);
1243 break;
1244 case SCBeeprom:
1245 eepro100_write_eeprom(s->eeprom, val);
1246 break;
1247 default:
1248 logout("addr=%s val=0x%02x\n", regname(addr), val);
1249 missing("unknown byte write");
1250 }
1251 }
1252
1253 static void eepro100_write2(EEPRO100State * s, uint32_t addr, uint16_t val)
1254 {
1255 if (addr <= sizeof(s->mem) - sizeof(val)) {
1256 memcpy(&s->mem[addr], &val, sizeof(val));
1257 }
1258
1259 logout("addr=%s val=0x%04x\n", regname(addr), val);
1260
1261 switch (addr) {
1262 case SCBStatus:
1263 //~ eepro100_write_status(s, val);
1264 eepro100_acknowledge(s);
1265 break;
1266 case SCBCmd:
1267 eepro100_write_command(s, val);
1268 eepro100_write1(s, SCBIntmask, val >> 8);
1269 break;
1270 case SCBeeprom:
1271 eepro100_write_eeprom(s->eeprom, val);
1272 break;
1273 default:
1274 logout("addr=%s val=0x%04x\n", regname(addr), val);
1275 missing("unknown word write");
1276 }
1277 }
1278
1279 static void eepro100_write4(EEPRO100State * s, uint32_t addr, uint32_t val)
1280 {
1281 if (addr <= sizeof(s->mem) - sizeof(val)) {
1282 memcpy(&s->mem[addr], &val, sizeof(val));
1283 }
1284
1285 switch (addr) {
1286 case SCBPointer:
1287 eepro100_write_pointer(s, val);
1288 break;
1289 case SCBPort:
1290 logout("addr=%s val=0x%08x\n", regname(addr), val);
1291 eepro100_write_port(s, val);
1292 break;
1293 case SCBCtrlMDI:
1294 eepro100_write_mdi(s, val);
1295 break;
1296 default:
1297 logout("addr=%s val=0x%08x\n", regname(addr), val);
1298 missing("unknown longword write");
1299 }
1300 }
1301
1302 static uint32_t ioport_read1(void *opaque, uint32_t addr)
1303 {
1304 EEPRO100State *s = opaque;
1305 //~ logout("addr=%s\n", regname(addr));
1306 return eepro100_read1(s, addr - s->region[1]);
1307 }
1308
1309 static uint32_t ioport_read2(void *opaque, uint32_t addr)
1310 {
1311 EEPRO100State *s = opaque;
1312 return eepro100_read2(s, addr - s->region[1]);
1313 }
1314
1315 static uint32_t ioport_read4(void *opaque, uint32_t addr)
1316 {
1317 EEPRO100State *s = opaque;
1318 return eepro100_read4(s, addr - s->region[1]);
1319 }
1320
1321 static void ioport_write1(void *opaque, uint32_t addr, uint32_t val)
1322 {
1323 EEPRO100State *s = opaque;
1324 //~ logout("addr=%s val=0x%02x\n", regname(addr), val);
1325 eepro100_write1(s, addr - s->region[1], val);
1326 }
1327
1328 static void ioport_write2(void *opaque, uint32_t addr, uint32_t val)
1329 {
1330 EEPRO100State *s = opaque;
1331 eepro100_write2(s, addr - s->region[1], val);
1332 }
1333
1334 static void ioport_write4(void *opaque, uint32_t addr, uint32_t val)
1335 {
1336 EEPRO100State *s = opaque;
1337 eepro100_write4(s, addr - s->region[1], val);
1338 }
1339
1340 /***********************************************************/
1341 /* PCI EEPRO100 definitions */
1342
1343 typedef struct PCIEEPRO100State {
1344 PCIDevice dev;
1345 EEPRO100State eepro100;
1346 } PCIEEPRO100State;
1347
1348 static void pci_map(PCIDevice * pci_dev, int region_num,
1349 uint32_t addr, uint32_t size, int type)
1350 {
1351 PCIEEPRO100State *d = (PCIEEPRO100State *) pci_dev;
1352 EEPRO100State *s = &d->eepro100;
1353
1354 logout("region %d, addr=0x%08x, size=0x%08x, type=%d\n",
1355 region_num, addr, size, type);
1356
1357 assert(region_num == 1);
1358 register_ioport_write(addr, size, 1, ioport_write1, s);
1359 register_ioport_read(addr, size, 1, ioport_read1, s);
1360 register_ioport_write(addr, size, 2, ioport_write2, s);
1361 register_ioport_read(addr, size, 2, ioport_read2, s);
1362 register_ioport_write(addr, size, 4, ioport_write4, s);
1363 register_ioport_read(addr, size, 4, ioport_read4, s);
1364
1365 s->region[region_num] = addr;
1366 }
1367
1368 static void pci_mmio_writeb(void *opaque, target_phys_addr_t addr, uint32_t val)
1369 {
1370 EEPRO100State *s = opaque;
1371 //~ logout("addr=%s val=0x%02x\n", regname(addr), val);
1372 eepro100_write1(s, addr, val);
1373 }
1374
1375 static void pci_mmio_writew(void *opaque, target_phys_addr_t addr, uint32_t val)
1376 {
1377 EEPRO100State *s = opaque;
1378 //~ logout("addr=%s val=0x%02x\n", regname(addr), val);
1379 eepro100_write2(s, addr, val);
1380 }
1381
1382 static void pci_mmio_writel(void *opaque, target_phys_addr_t addr, uint32_t val)
1383 {
1384 EEPRO100State *s = opaque;
1385 //~ logout("addr=%s val=0x%02x\n", regname(addr), val);
1386 eepro100_write4(s, addr, val);
1387 }
1388
1389 static uint32_t pci_mmio_readb(void *opaque, target_phys_addr_t addr)
1390 {
1391 EEPRO100State *s = opaque;
1392 //~ logout("addr=%s\n", regname(addr));
1393 return eepro100_read1(s, addr);
1394 }
1395
1396 static uint32_t pci_mmio_readw(void *opaque, target_phys_addr_t addr)
1397 {
1398 EEPRO100State *s = opaque;
1399 //~ logout("addr=%s\n", regname(addr));
1400 return eepro100_read2(s, addr);
1401 }
1402
1403 static uint32_t pci_mmio_readl(void *opaque, target_phys_addr_t addr)
1404 {
1405 EEPRO100State *s = opaque;
1406 //~ logout("addr=%s\n", regname(addr));
1407 return eepro100_read4(s, addr);
1408 }
1409
1410 static CPUWriteMemoryFunc *pci_mmio_write[] = {
1411 pci_mmio_writeb,
1412 pci_mmio_writew,
1413 pci_mmio_writel
1414 };
1415
1416 static CPUReadMemoryFunc *pci_mmio_read[] = {
1417 pci_mmio_readb,
1418 pci_mmio_readw,
1419 pci_mmio_readl
1420 };
1421
1422 static void pci_mmio_map(PCIDevice * pci_dev, int region_num,
1423 uint32_t addr, uint32_t size, int type)
1424 {
1425 PCIEEPRO100State *d = (PCIEEPRO100State *) pci_dev;
1426
1427 logout("region %d, addr=0x%08x, size=0x%08x, type=%d\n",
1428 region_num, addr, size, type);
1429
1430 if (region_num == 0) {
1431 /* Map control / status registers. */
1432 cpu_register_physical_memory(addr, size, d->eepro100.mmio_index);
1433 d->eepro100.region[region_num] = addr;
1434 }
1435 }
1436
1437 static int nic_can_receive(void *opaque)
1438 {
1439 EEPRO100State *s = opaque;
1440 logout("%p\n", s);
1441 return get_ru_state(s) == ru_ready;
1442 //~ return !eepro100_buffer_full(s);
1443 }
1444
1445 static void nic_receive(void *opaque, const uint8_t * buf, int size)
1446 {
1447 /* TODO:
1448 * - Magic packets should set bit 30 in power management driver register.
1449 * - Interesting packets should set bit 29 in power management driver register.
1450 */
1451 EEPRO100State *s = opaque;
1452 uint16_t rfd_status = 0xa000;
1453 static const uint8_t broadcast_macaddr[6] =
1454 { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
1455
1456 /* TODO: check multiple IA bit. */
1457 assert(!(s->configuration[20] & BIT(6)));
1458
1459 if (s->configuration[8] & 0x80) {
1460 /* CSMA is disabled. */
1461 logout("%p received while CSMA is disabled\n", s);
1462 return;
1463 } else if (size < 64 && (s->configuration[7] & 1)) {
1464 /* Short frame and configuration byte 7/0 (discard short receive) set:
1465 * Short frame is discarded */
1466 logout("%p received short frame (%d byte)\n", s, size);
1467 s->statistics.rx_short_frame_errors++;
1468 //~ return;
1469 } else if ((size > MAX_ETH_FRAME_SIZE + 4) && !(s->configuration[18] & 8)) {
1470 /* Long frame and configuration byte 18/3 (long receive ok) not set:
1471 * Long frames are discarded. */
1472 logout("%p received long frame (%d byte), ignored\n", s, size);
1473 return;
1474 } else if (memcmp(buf, s->macaddr, 6) == 0) { // !!!
1475 /* Frame matches individual address. */
1476 /* TODO: check configuration byte 15/4 (ignore U/L). */
1477 logout("%p received frame for me, len=%d\n", s, size);
1478 } else if (memcmp(buf, broadcast_macaddr, 6) == 0) {
1479 /* Broadcast frame. */
1480 logout("%p received broadcast, len=%d\n", s, size);
1481 rfd_status |= 0x0002;
1482 } else if (buf[0] & 0x01) { // !!!
1483 /* Multicast frame. */
1484 logout("%p received multicast, len=%d\n", s, size);
1485 /* TODO: check multicast all bit. */
1486 assert(!(s->configuration[21] & BIT(3)));
1487 int mcast_idx = compute_mcast_idx(buf);
1488 if (!(s->mult[mcast_idx >> 3] & (1 << (mcast_idx & 7)))) {
1489 return;
1490 }
1491 rfd_status |= 0x0002;
1492 } else if (s->configuration[15] & 1) {
1493 /* Promiscuous: receive all. */
1494 logout("%p received frame in promiscuous mode, len=%d\n", s, size);
1495 rfd_status |= 0x0004;
1496 } else {
1497 logout("%p received frame, ignored, len=%d,%s\n", s, size,
1498 nic_dump(buf, size));
1499 return;
1500 }
1501
1502 if (get_ru_state(s) != ru_ready) {
1503 /* No ressources available. */
1504 logout("no ressources, state=%u\n", get_ru_state(s));
1505 s->statistics.rx_resource_errors++;
1506 //~ assert(!"no ressources");
1507 return;
1508 }
1509 //~ !!!
1510 //~ $3 = {status = 0x0, command = 0xc000, link = 0x2d220, rx_buf_addr = 0x207dc, count = 0x0, size = 0x5f8, packet = {0x0 <repeats 1518 times>}}
1511 eepro100_rx_t rx;
1512 cpu_physical_memory_read(s->ru_base + s->ru_offset, (uint8_t *) & rx,
1513 offsetof(eepro100_rx_t, packet));
1514 uint16_t rfd_command = le16_to_cpu(rx.command);
1515 uint16_t rfd_size = le16_to_cpu(rx.size);
1516 assert(size <= rfd_size);
1517 if (size < 64) {
1518 rfd_status |= 0x0080;
1519 }
1520 logout("command 0x%04x, link 0x%08x, addr 0x%08x, size %u\n", rfd_command,
1521 rx.link, rx.rx_buf_addr, rfd_size);
1522 stw_phys(s->ru_base + s->ru_offset + offsetof(eepro100_rx_t, status),
1523 rfd_status);
1524 stw_phys(s->ru_base + s->ru_offset + offsetof(eepro100_rx_t, count), size);
1525 /* Early receive interrupt not supported. */
1526 //~ eepro100_er_interrupt(s);
1527 /* Receive CRC Transfer not supported. */
1528 assert(!(s->configuration[18] & 4));
1529 /* TODO: check stripping enable bit. */
1530 //~ assert(!(s->configuration[17] & 1));
1531 cpu_physical_memory_write(s->ru_base + s->ru_offset +
1532 offsetof(eepro100_rx_t, packet), buf, size);
1533 s->statistics.rx_good_frames++;
1534 eepro100_fr_interrupt(s);
1535 s->ru_offset = le32_to_cpu(rx.link);
1536 if (rfd_command & 0x8000) {
1537 /* EL bit is set, so this was the last frame. */
1538 assert(0);
1539 }
1540 if (rfd_command & 0x4000) {
1541 /* S bit is set. */
1542 set_ru_state(s, ru_suspended);
1543 }
1544 }
1545
1546 static int nic_load(QEMUFile * f, void *opaque, int version_id)
1547 {
1548 EEPRO100State *s = (EEPRO100State *) opaque;
1549 int i;
1550 int ret;
1551
1552 if (version_id > 3)
1553 return -EINVAL;
1554
1555 if (s->pci_dev && version_id >= 3) {
1556 ret = pci_device_load(s->pci_dev, f);
1557 if (ret < 0)
1558 return ret;
1559 }
1560
1561 if (version_id >= 2) {
1562 qemu_get_8s(f, &s->rxcr);
1563 } else {
1564 s->rxcr = 0x0c;
1565 }
1566
1567 qemu_get_8s(f, &s->cmd);
1568 qemu_get_be32s(f, &s->start);
1569 qemu_get_be32s(f, &s->stop);
1570 qemu_get_8s(f, &s->boundary);
1571 qemu_get_8s(f, &s->tsr);
1572 qemu_get_8s(f, &s->tpsr);
1573 qemu_get_be16s(f, &s->tcnt);
1574 qemu_get_be16s(f, &s->rcnt);
1575 qemu_get_be32s(f, &s->rsar);
1576 qemu_get_8s(f, &s->rsr);
1577 qemu_get_8s(f, &s->isr);
1578 qemu_get_8s(f, &s->dcfg);
1579 qemu_get_8s(f, &s->imr);
1580 qemu_get_buffer(f, s->phys, 6);
1581 qemu_get_8s(f, &s->curpag);
1582 qemu_get_buffer(f, s->mult, 8);
1583 qemu_get_buffer(f, s->mem, sizeof(s->mem));
1584
1585 /* Restore all members of struct between scv_stat and mem */
1586 qemu_get_8s(f, &s->scb_stat);
1587 qemu_get_8s(f, &s->int_stat);
1588 for (i = 0; i < 3; i++)
1589 qemu_get_be32s(f, &s->region[i]);
1590 qemu_get_buffer(f, s->macaddr, 6);
1591 for (i = 0; i < 19; i++)
1592 qemu_get_be32s(f, &s->statcounter[i]);
1593 for (i = 0; i < 32; i++)
1594 qemu_get_be16s(f, &s->mdimem[i]);
1595 /* The eeprom should be saved and restored by its own routines */
1596 qemu_get_be32s(f, &s->device);
1597 qemu_get_be32s(f, &s->pointer);
1598 qemu_get_be32s(f, &s->cu_base);
1599 qemu_get_be32s(f, &s->cu_offset);
1600 qemu_get_be32s(f, &s->ru_base);
1601 qemu_get_be32s(f, &s->ru_offset);
1602 qemu_get_be32s(f, &s->statsaddr);
1603 /* Restore epro100_stats_t statistics */
1604 qemu_get_be32s(f, &s->statistics.tx_good_frames);
1605 qemu_get_be32s(f, &s->statistics.tx_max_collisions);
1606 qemu_get_be32s(f, &s->statistics.tx_late_collisions);
1607 qemu_get_be32s(f, &s->statistics.tx_underruns);
1608 qemu_get_be32s(f, &s->statistics.tx_lost_crs);
1609 qemu_get_be32s(f, &s->statistics.tx_deferred);
1610 qemu_get_be32s(f, &s->statistics.tx_single_collisions);
1611 qemu_get_be32s(f, &s->statistics.tx_multiple_collisions);
1612 qemu_get_be32s(f, &s->statistics.tx_total_collisions);
1613 qemu_get_be32s(f, &s->statistics.rx_good_frames);
1614 qemu_get_be32s(f, &s->statistics.rx_crc_errors);
1615 qemu_get_be32s(f, &s->statistics.rx_alignment_errors);
1616 qemu_get_be32s(f, &s->statistics.rx_resource_errors);
1617 qemu_get_be32s(f, &s->statistics.rx_overrun_errors);
1618 qemu_get_be32s(f, &s->statistics.rx_cdt_errors);
1619 qemu_get_be32s(f, &s->statistics.rx_short_frame_errors);
1620 qemu_get_be32s(f, &s->statistics.fc_xmt_pause);
1621 qemu_get_be32s(f, &s->statistics.fc_rcv_pause);
1622 qemu_get_be32s(f, &s->statistics.fc_rcv_unsupported);
1623 qemu_get_be16s(f, &s->statistics.xmt_tco_frames);
1624 qemu_get_be16s(f, &s->statistics.rcv_tco_frames);
1625 qemu_get_be32s(f, &s->statistics.complete);
1626 #if 0
1627 qemu_get_be16s(f, &s->status);
1628 #endif
1629
1630 /* Configuration bytes. */
1631 qemu_get_buffer(f, s->configuration, sizeof(s->configuration));
1632
1633 return 0;
1634 }
1635
1636 static void nic_save(QEMUFile * f, void *opaque)
1637 {
1638 EEPRO100State *s = (EEPRO100State *) opaque;
1639 int i;
1640
1641 if (s->pci_dev)
1642 pci_device_save(s->pci_dev, f);
1643
1644 qemu_put_8s(f, &s->rxcr);
1645
1646 qemu_put_8s(f, &s->cmd);
1647 qemu_put_be32s(f, &s->start);
1648 qemu_put_be32s(f, &s->stop);
1649 qemu_put_8s(f, &s->boundary);
1650 qemu_put_8s(f, &s->tsr);
1651 qemu_put_8s(f, &s->tpsr);
1652 qemu_put_be16s(f, &s->tcnt);
1653 qemu_put_be16s(f, &s->rcnt);
1654 qemu_put_be32s(f, &s->rsar);
1655 qemu_put_8s(f, &s->rsr);
1656 qemu_put_8s(f, &s->isr);
1657 qemu_put_8s(f, &s->dcfg);
1658 qemu_put_8s(f, &s->imr);
1659 qemu_put_buffer(f, s->phys, 6);
1660 qemu_put_8s(f, &s->curpag);
1661 qemu_put_buffer(f, s->mult, 8);
1662 qemu_put_buffer(f, s->mem, sizeof(s->mem));
1663
1664 /* Save all members of struct between scv_stat and mem */
1665 qemu_put_8s(f, &s->scb_stat);
1666 qemu_put_8s(f, &s->int_stat);
1667 for (i = 0; i < 3; i++)
1668 qemu_put_be32s(f, &s->region[i]);
1669 qemu_put_buffer(f, s->macaddr, 6);
1670 for (i = 0; i < 19; i++)
1671 qemu_put_be32s(f, &s->statcounter[i]);
1672 for (i = 0; i < 32; i++)
1673 qemu_put_be16s(f, &s->mdimem[i]);
1674 /* The eeprom should be saved and restored by its own routines */
1675 qemu_put_be32s(f, &s->device);
1676 qemu_put_be32s(f, &s->pointer);
1677 qemu_put_be32s(f, &s->cu_base);
1678 qemu_put_be32s(f, &s->cu_offset);
1679 qemu_put_be32s(f, &s->ru_base);
1680 qemu_put_be32s(f, &s->ru_offset);
1681 qemu_put_be32s(f, &s->statsaddr);
1682 /* Save epro100_stats_t statistics */
1683 qemu_put_be32s(f, &s->statistics.tx_good_frames);
1684 qemu_put_be32s(f, &s->statistics.tx_max_collisions);
1685 qemu_put_be32s(f, &s->statistics.tx_late_collisions);
1686 qemu_put_be32s(f, &s->statistics.tx_underruns);
1687 qemu_put_be32s(f, &s->statistics.tx_lost_crs);
1688 qemu_put_be32s(f, &s->statistics.tx_deferred);
1689 qemu_put_be32s(f, &s->statistics.tx_single_collisions);
1690 qemu_put_be32s(f, &s->statistics.tx_multiple_collisions);
1691 qemu_put_be32s(f, &s->statistics.tx_total_collisions);
1692 qemu_put_be32s(f, &s->statistics.rx_good_frames);
1693 qemu_put_be32s(f, &s->statistics.rx_crc_errors);
1694 qemu_put_be32s(f, &s->statistics.rx_alignment_errors);
1695 qemu_put_be32s(f, &s->statistics.rx_resource_errors);
1696 qemu_put_be32s(f, &s->statistics.rx_overrun_errors);
1697 qemu_put_be32s(f, &s->statistics.rx_cdt_errors);
1698 qemu_put_be32s(f, &s->statistics.rx_short_frame_errors);
1699 qemu_put_be32s(f, &s->statistics.fc_xmt_pause);
1700 qemu_put_be32s(f, &s->statistics.fc_rcv_pause);
1701 qemu_put_be32s(f, &s->statistics.fc_rcv_unsupported);
1702 qemu_put_be16s(f, &s->statistics.xmt_tco_frames);
1703 qemu_put_be16s(f, &s->statistics.rcv_tco_frames);
1704 qemu_put_be32s(f, &s->statistics.complete);
1705 #if 0
1706 qemu_put_be16s(f, &s->status);
1707 #endif
1708
1709 /* Configuration bytes. */
1710 qemu_put_buffer(f, s->configuration, sizeof(s->configuration));
1711 }
1712
1713 static void nic_cleanup(VLANClientState *vc)
1714 {
1715 EEPRO100State *s = vc->opaque;
1716
1717 unregister_savevm(vc->model, s);
1718
1719 eeprom93xx_free(s->eeprom);
1720 }
1721
1722 static int pci_nic_uninit(PCIDevice *dev)
1723 {
1724 PCIEEPRO100State *d = (PCIEEPRO100State *) dev;
1725 EEPRO100State *s = &d->eepro100;
1726
1727 cpu_unregister_io_memory(s->mmio_index);
1728
1729 return 0;
1730 }
1731
1732 static PCIDevice *nic_init(PCIBus * bus, NICInfo * nd, uint32_t device)
1733 {
1734 PCIEEPRO100State *d;
1735 EEPRO100State *s;
1736
1737 logout("\n");
1738
1739 d = (PCIEEPRO100State *) pci_register_device(bus, nd->model,
1740 sizeof(PCIEEPRO100State), -1,
1741 NULL, NULL);
1742 if (!d)
1743 return NULL;
1744
1745 d->dev.unregister = pci_nic_uninit;
1746
1747 s = &d->eepro100;
1748 s->device = device;
1749 s->pci_dev = &d->dev;
1750
1751 pci_reset(s);
1752
1753 /* Add 64 * 2 EEPROM. i82557 and i82558 support a 64 word EEPROM,
1754 * i82559 and later support 64 or 256 word EEPROM. */
1755 s->eeprom = eeprom93xx_new(EEPROM_SIZE);
1756
1757 /* Handler for memory-mapped I/O */
1758 d->eepro100.mmio_index =
1759 cpu_register_io_memory(0, pci_mmio_read, pci_mmio_write, s);
1760
1761 pci_register_io_region(&d->dev, 0, PCI_MEM_SIZE,
1762 PCI_ADDRESS_SPACE_MEM |
1763 PCI_ADDRESS_SPACE_MEM_PREFETCH, pci_mmio_map);
1764 pci_register_io_region(&d->dev, 1, PCI_IO_SIZE, PCI_ADDRESS_SPACE_IO,
1765 pci_map);
1766 pci_register_io_region(&d->dev, 2, PCI_FLASH_SIZE, PCI_ADDRESS_SPACE_MEM,
1767 pci_mmio_map);
1768
1769 memcpy(s->macaddr, nd->macaddr, 6);
1770 logout("macaddr: %s\n", nic_dump(&s->macaddr[0], 6));
1771 assert(s->region[1] == 0);
1772
1773 nic_reset(s);
1774
1775 s->vc = qemu_new_vlan_client(nd->vlan, nd->model, nd->name,
1776 nic_receive, nic_can_receive,
1777 nic_cleanup, s);
1778
1779 qemu_format_nic_info_str(s->vc, s->macaddr);
1780
1781 qemu_register_reset(nic_reset, s);
1782
1783 register_savevm(s->vc->model, -1, 3, nic_save, nic_load, s);
1784 return (PCIDevice *)d;
1785 }
1786
1787 PCIDevice *pci_i82551_init(PCIBus * bus, NICInfo * nd, int devfn)
1788 {
1789 return nic_init(bus, nd, i82551);
1790 }
1791
1792 PCIDevice *pci_i82557b_init(PCIBus * bus, NICInfo * nd, int devfn)
1793 {
1794 return nic_init(bus, nd, i82557B);
1795 }
1796
1797 PCIDevice *pci_i82559er_init(PCIBus * bus, NICInfo * nd, int devfn)
1798 {
1799 return nic_init(bus, nd, i82559ER);
1800 }
1801
1802 /* eof */
Samsung s3c2440 and arm920t support for the mini2440 dev board