search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
e1000: Fix TCP checksum overflow with TSO
[qemu.git] / hw / e1000.c
blob677165f830963b4a84fa601ab1aef5d7dcff0865
1 /*
2 * QEMU e1000 emulation
3 *
4 * Software developer's manual:
5 * http://download.intel.com/design/network/manuals/8254x_GBe_SDM.pdf
6 *
7 * Nir Peleg, Tutis Systems Ltd. for Qumranet Inc.
8 * Copyright (c) 2008 Qumranet
9 * Based on work done by:
10 * Copyright (c) 2007 Dan Aloni
11 * Copyright (c) 2004 Antony T Curtis
12 *
13 * This library is free software; you can redistribute it and/or
14 * modify it under the terms of the GNU Lesser General Public
15 * License as published by the Free Software Foundation; either
16 * version 2 of the License, or (at your option) any later version.
17 *
18 * This library is distributed in the hope that it will be useful,
19 * but WITHOUT ANY WARRANTY; without even the implied warranty of
20 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
21 * Lesser General Public License for more details.
22 *
23 * You should have received a copy of the GNU Lesser General Public
24 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
25 */
26
27
28 #include "hw.h"
29 #include "pci.h"
30 #include "net.h"
31 #include "net/checksum.h"
32 #include "loader.h"
33
34 #include "e1000_hw.h"
35
36 #define E1000_DEBUG
37
38 #ifdef E1000_DEBUG
39 enum {
40 DEBUG_GENERAL, DEBUG_IO, DEBUG_MMIO, DEBUG_INTERRUPT,
41 DEBUG_RX, DEBUG_TX, DEBUG_MDIC, DEBUG_EEPROM,
42 DEBUG_UNKNOWN, DEBUG_TXSUM, DEBUG_TXERR, DEBUG_RXERR,
43 DEBUG_RXFILTER, DEBUG_NOTYET,
44 };
45 #define DBGBIT(x) (1<<DEBUG_##x)
46 static int debugflags = DBGBIT(TXERR) | DBGBIT(GENERAL);
47
48 #define DBGOUT(what, fmt, ...) do { \
49 if (debugflags & DBGBIT(what)) \
50 fprintf(stderr, "e1000: " fmt, ## __VA_ARGS__); \
51 } while (0)
52 #else
53 #define DBGOUT(what, fmt, ...) do {} while (0)
54 #endif
55
56 #define IOPORT_SIZE 0x40
57 #define PNPMMIO_SIZE 0x20000
58 #define MIN_BUF_SIZE 60 /* Min. octets in an ethernet frame sans FCS */
59
60 /*
61 * HW models:
62 * E1000_DEV_ID_82540EM works with Windows and Linux
63 * E1000_DEV_ID_82573L OK with windoze and Linux 2.6.22,
64 * appears to perform better than 82540EM, but breaks with Linux 2.6.18
65 * E1000_DEV_ID_82544GC_COPPER appears to work; not well tested
66 * Others never tested
67 */
68 enum { E1000_DEVID = E1000_DEV_ID_82540EM };
69
70 /*
71 * May need to specify additional MAC-to-PHY entries --
72 * Intel's Windows driver refuses to initialize unless they match
73 */
74 enum {
75 PHY_ID2_INIT = E1000_DEVID == E1000_DEV_ID_82573L ? 0xcc2 :
76 E1000_DEVID == E1000_DEV_ID_82544GC_COPPER ? 0xc30 :
77 /* default to E1000_DEV_ID_82540EM */ 0xc20
78 };
79
80 typedef struct E1000State_st {
81 PCIDevice dev;
82 NICState *nic;
83 NICConf conf;
84 int mmio_index;
85
86 uint32_t mac_reg[0x8000];
87 uint16_t phy_reg[0x20];
88 uint16_t eeprom_data[64];
89
90 uint32_t rxbuf_size;
91 uint32_t rxbuf_min_shift;
92 int check_rxov;
93 struct e1000_tx {
94 unsigned char header[256];
95 unsigned char vlan_header[4];
96 /* Fields vlan and data must not be reordered or separated. */
97 unsigned char vlan[4];
98 unsigned char data[0x10000];
99 uint16_t size;
100 unsigned char sum_needed;
101 unsigned char vlan_needed;
102 uint8_t ipcss;
103 uint8_t ipcso;
104 uint16_t ipcse;
105 uint8_t tucss;
106 uint8_t tucso;
107 uint16_t tucse;
108 uint8_t hdr_len;
109 uint16_t mss;
110 uint32_t paylen;
111 uint16_t tso_frames;
112 char tse;
113 int8_t ip;
114 int8_t tcp;
115 char cptse; // current packet tse bit
116 } tx;
117
118 struct {
119 uint32_t val_in; // shifted in from guest driver
120 uint16_t bitnum_in;
121 uint16_t bitnum_out;
122 uint16_t reading;
123 uint32_t old_eecd;
124 } eecd_state;
125 } E1000State;
126
127 #define defreg(x) x = (E1000_##x>>2)
128 enum {
129 defreg(CTRL), defreg(EECD), defreg(EERD), defreg(GPRC),
130 defreg(GPTC), defreg(ICR), defreg(ICS), defreg(IMC),
131 defreg(IMS), defreg(LEDCTL), defreg(MANC), defreg(MDIC),
132 defreg(MPC), defreg(PBA), defreg(RCTL), defreg(RDBAH),
133 defreg(RDBAL), defreg(RDH), defreg(RDLEN), defreg(RDT),
134 defreg(STATUS), defreg(SWSM), defreg(TCTL), defreg(TDBAH),
135 defreg(TDBAL), defreg(TDH), defreg(TDLEN), defreg(TDT),
136 defreg(TORH), defreg(TORL), defreg(TOTH), defreg(TOTL),
137 defreg(TPR), defreg(TPT), defreg(TXDCTL), defreg(WUFC),
138 defreg(RA), defreg(MTA), defreg(CRCERRS),defreg(VFTA),
139 defreg(VET),
140 };
141
142 enum { PHY_R = 1, PHY_W = 2, PHY_RW = PHY_R | PHY_W };
143 static const char phy_regcap[0x20] = {
144 [PHY_STATUS] = PHY_R, [M88E1000_EXT_PHY_SPEC_CTRL] = PHY_RW,
145 [PHY_ID1] = PHY_R, [M88E1000_PHY_SPEC_CTRL] = PHY_RW,
146 [PHY_CTRL] = PHY_RW, [PHY_1000T_CTRL] = PHY_RW,
147 [PHY_LP_ABILITY] = PHY_R, [PHY_1000T_STATUS] = PHY_R,
148 [PHY_AUTONEG_ADV] = PHY_RW, [M88E1000_RX_ERR_CNTR] = PHY_R,
149 [PHY_ID2] = PHY_R, [M88E1000_PHY_SPEC_STATUS] = PHY_R
150 };
151
152 static void
153 ioport_map(PCIDevice *pci_dev, int region_num, pcibus_t addr,
154 pcibus_t size, int type)
155 {
156 DBGOUT(IO, "e1000_ioport_map addr=0x%04"FMT_PCIBUS
157 " size=0x%08"FMT_PCIBUS"\n", addr, size);
158 }
159
160 static void
161 set_interrupt_cause(E1000State *s, int index, uint32_t val)
162 {
163 if (val)
164 val |= E1000_ICR_INT_ASSERTED;
165 s->mac_reg[ICR] = val;
166 s->mac_reg[ICS] = val;
167 qemu_set_irq(s->dev.irq[0], (s->mac_reg[IMS] & s->mac_reg[ICR]) != 0);
168 }
169
170 static void
171 set_ics(E1000State *s, int index, uint32_t val)
172 {
173 DBGOUT(INTERRUPT, "set_ics %x, ICR %x, IMR %x\n", val, s->mac_reg[ICR],
174 s->mac_reg[IMS]);
175 set_interrupt_cause(s, 0, val | s->mac_reg[ICR]);
176 }
177
178 static int
179 rxbufsize(uint32_t v)
180 {
181 v &= E1000_RCTL_BSEX | E1000_RCTL_SZ_16384 | E1000_RCTL_SZ_8192 |
182 E1000_RCTL_SZ_4096 | E1000_RCTL_SZ_2048 | E1000_RCTL_SZ_1024 |
183 E1000_RCTL_SZ_512 | E1000_RCTL_SZ_256;
184 switch (v) {
185 case E1000_RCTL_BSEX | E1000_RCTL_SZ_16384:
186 return 16384;
187 case E1000_RCTL_BSEX | E1000_RCTL_SZ_8192:
188 return 8192;
189 case E1000_RCTL_BSEX | E1000_RCTL_SZ_4096:
190 return 4096;
191 case E1000_RCTL_SZ_1024:
192 return 1024;
193 case E1000_RCTL_SZ_512:
194 return 512;
195 case E1000_RCTL_SZ_256:
196 return 256;
197 }
198 return 2048;
199 }
200
201 static void
202 set_ctrl(E1000State *s, int index, uint32_t val)
203 {
204 /* RST is self clearing */
205 s->mac_reg[CTRL] = val & ~E1000_CTRL_RST;
206 }
207
208 static void
209 set_rx_control(E1000State *s, int index, uint32_t val)
210 {
211 s->mac_reg[RCTL] = val;
212 s->rxbuf_size = rxbufsize(val);
213 s->rxbuf_min_shift = ((val / E1000_RCTL_RDMTS_QUAT) & 3) + 1;
214 DBGOUT(RX, "RCTL: %d, mac_reg[RCTL] = 0x%x\n", s->mac_reg[RDT],
215 s->mac_reg[RCTL]);
216 }
217
218 static void
219 set_mdic(E1000State *s, int index, uint32_t val)
220 {
221 uint32_t data = val & E1000_MDIC_DATA_MASK;
222 uint32_t addr = ((val & E1000_MDIC_REG_MASK) >> E1000_MDIC_REG_SHIFT);
223
224 if ((val & E1000_MDIC_PHY_MASK) >> E1000_MDIC_PHY_SHIFT != 1) // phy #
225 val = s->mac_reg[MDIC] | E1000_MDIC_ERROR;
226 else if (val & E1000_MDIC_OP_READ) {
227 DBGOUT(MDIC, "MDIC read reg 0x%x\n", addr);
228 if (!(phy_regcap[addr] & PHY_R)) {
229 DBGOUT(MDIC, "MDIC read reg %x unhandled\n", addr);
230 val |= E1000_MDIC_ERROR;
231 } else
232 val = (val ^ data) | s->phy_reg[addr];
233 } else if (val & E1000_MDIC_OP_WRITE) {
234 DBGOUT(MDIC, "MDIC write reg 0x%x, value 0x%x\n", addr, data);
235 if (!(phy_regcap[addr] & PHY_W)) {
236 DBGOUT(MDIC, "MDIC write reg %x unhandled\n", addr);
237 val |= E1000_MDIC_ERROR;
238 } else
239 s->phy_reg[addr] = data;
240 }
241 s->mac_reg[MDIC] = val | E1000_MDIC_READY;
242 set_ics(s, 0, E1000_ICR_MDAC);
243 }
244
245 static uint32_t
246 get_eecd(E1000State *s, int index)
247 {
248 uint32_t ret = E1000_EECD_PRES|E1000_EECD_GNT | s->eecd_state.old_eecd;
249
250 DBGOUT(EEPROM, "reading eeprom bit %d (reading %d)\n",
251 s->eecd_state.bitnum_out, s->eecd_state.reading);
252 if (!s->eecd_state.reading ||
253 ((s->eeprom_data[(s->eecd_state.bitnum_out >> 4) & 0x3f] >>
254 ((s->eecd_state.bitnum_out & 0xf) ^ 0xf))) & 1)
255 ret |= E1000_EECD_DO;
256 return ret;
257 }
258
259 static void
260 set_eecd(E1000State *s, int index, uint32_t val)
261 {
262 uint32_t oldval = s->eecd_state.old_eecd;
263
264 s->eecd_state.old_eecd = val & (E1000_EECD_SK | E1000_EECD_CS |
265 E1000_EECD_DI|E1000_EECD_FWE_MASK|E1000_EECD_REQ);
266 if (!(E1000_EECD_CS & val)) // CS inactive; nothing to do
267 return;
268 if (E1000_EECD_CS & (val ^ oldval)) { // CS rise edge; reset state
269 s->eecd_state.val_in = 0;
270 s->eecd_state.bitnum_in = 0;
271 s->eecd_state.bitnum_out = 0;
272 s->eecd_state.reading = 0;
273 }
274 if (!(E1000_EECD_SK & (val ^ oldval))) // no clock edge
275 return;
276 if (!(E1000_EECD_SK & val)) { // falling edge
277 s->eecd_state.bitnum_out++;
278 return;
279 }
280 s->eecd_state.val_in <<= 1;
281 if (val & E1000_EECD_DI)
282 s->eecd_state.val_in |= 1;
283 if (++s->eecd_state.bitnum_in == 9 && !s->eecd_state.reading) {
284 s->eecd_state.bitnum_out = ((s->eecd_state.val_in & 0x3f)<<4)-1;
285 s->eecd_state.reading = (((s->eecd_state.val_in >> 6) & 7) ==
286 EEPROM_READ_OPCODE_MICROWIRE);
287 }
288 DBGOUT(EEPROM, "eeprom bitnum in %d out %d, reading %d\n",
289 s->eecd_state.bitnum_in, s->eecd_state.bitnum_out,
290 s->eecd_state.reading);
291 }
292
293 static uint32_t
294 flash_eerd_read(E1000State *s, int x)
295 {
296 unsigned int index, r = s->mac_reg[EERD] & ~E1000_EEPROM_RW_REG_START;
297
298 if ((s->mac_reg[EERD] & E1000_EEPROM_RW_REG_START) == 0)
299 return (s->mac_reg[EERD]);
300
301 if ((index = r >> E1000_EEPROM_RW_ADDR_SHIFT) > EEPROM_CHECKSUM_REG)
302 return (E1000_EEPROM_RW_REG_DONE | r);
303
304 return ((s->eeprom_data[index] << E1000_EEPROM_RW_REG_DATA) |
305 E1000_EEPROM_RW_REG_DONE | r);
306 }
307
308 static void
309 putsum(uint8_t *data, uint32_t n, uint32_t sloc, uint32_t css, uint32_t cse)
310 {
311 uint32_t sum;
312
313 if (cse && cse < n)
314 n = cse + 1;
315 if (sloc < n-1) {
316 sum = net_checksum_add(n-css, data+css);
317 cpu_to_be16wu((uint16_t *)(data + sloc),
318 net_checksum_finish(sum));
319 }
320 }
321
322 static inline int
323 vlan_enabled(E1000State *s)
324 {
325 return ((s->mac_reg[CTRL] & E1000_CTRL_VME) != 0);
326 }
327
328 static inline int
329 vlan_rx_filter_enabled(E1000State *s)
330 {
331 return ((s->mac_reg[RCTL] & E1000_RCTL_VFE) != 0);
332 }
333
334 static inline int
335 is_vlan_packet(E1000State *s, const uint8_t *buf)
336 {
337 return (be16_to_cpup((uint16_t *)(buf + 12)) ==
338 le16_to_cpup((uint16_t *)(s->mac_reg + VET)));
339 }
340
341 static inline int
342 is_vlan_txd(uint32_t txd_lower)
343 {
344 return ((txd_lower & E1000_TXD_CMD_VLE) != 0);
345 }
346
347 /* FCS aka Ethernet CRC-32. We don't get it from backends and can't
348 * fill it in, just pad descriptor length by 4 bytes unless guest
349 * told us to strip it off the packet. */
350 static inline int
351 fcs_len(E1000State *s)
352 {
353 return (s->mac_reg[RCTL] & E1000_RCTL_SECRC) ? 0 : 4;
354 }
355
356 static void
357 xmit_seg(E1000State *s)
358 {
359 uint16_t len, *sp;
360 unsigned int frames = s->tx.tso_frames, css, sofar, n;
361 struct e1000_tx *tp = &s->tx;
362
363 if (tp->tse && tp->cptse) {
364 css = tp->ipcss;
365 DBGOUT(TXSUM, "frames %d size %d ipcss %d\n",
366 frames, tp->size, css);
367 if (tp->ip) { // IPv4
368 cpu_to_be16wu((uint16_t *)(tp->data+css+2),
369 tp->size - css);
370 cpu_to_be16wu((uint16_t *)(tp->data+css+4),
371 be16_to_cpup((uint16_t *)(tp->data+css+4))+frames);
372 } else // IPv6
373 cpu_to_be16wu((uint16_t *)(tp->data+css+4),
374 tp->size - css);
375 css = tp->tucss;
376 len = tp->size - css;
377 DBGOUT(TXSUM, "tcp %d tucss %d len %d\n", tp->tcp, css, len);
378 if (tp->tcp) {
379 sofar = frames * tp->mss;
380 cpu_to_be32wu((uint32_t *)(tp->data+css+4), // seq
381 be32_to_cpupu((uint32_t *)(tp->data+css+4))+sofar);
382 if (tp->paylen - sofar > tp->mss)
383 tp->data[css + 13] &= ~9; // PSH, FIN
384 } else // UDP
385 cpu_to_be16wu((uint16_t *)(tp->data+css+4), len);
386 if (tp->sum_needed & E1000_TXD_POPTS_TXSM) {
387 unsigned int phsum;
388 // add pseudo-header length before checksum calculation
389 sp = (uint16_t *)(tp->data + tp->tucso);
390 phsum = be16_to_cpup(sp) + len;
391 phsum = (phsum >> 16) + (phsum & 0xffff);
392 cpu_to_be16wu(sp, phsum);
393 }
394 tp->tso_frames++;
395 }
396
397 if (tp->sum_needed & E1000_TXD_POPTS_TXSM)
398 putsum(tp->data, tp->size, tp->tucso, tp->tucss, tp->tucse);
399 if (tp->sum_needed & E1000_TXD_POPTS_IXSM)
400 putsum(tp->data, tp->size, tp->ipcso, tp->ipcss, tp->ipcse);
401 if (tp->vlan_needed) {
402 memmove(tp->vlan, tp->data, 4);
403 memmove(tp->data, tp->data + 4, 8);
404 memcpy(tp->data + 8, tp->vlan_header, 4);
405 qemu_send_packet(&s->nic->nc, tp->vlan, tp->size + 4);
406 } else
407 qemu_send_packet(&s->nic->nc, tp->data, tp->size);
408 s->mac_reg[TPT]++;
409 s->mac_reg[GPTC]++;
410 n = s->mac_reg[TOTL];
411 if ((s->mac_reg[TOTL] += s->tx.size) < n)
412 s->mac_reg[TOTH]++;
413 }
414
415 static void
416 process_tx_desc(E1000State *s, struct e1000_tx_desc *dp)
417 {
418 uint32_t txd_lower = le32_to_cpu(dp->lower.data);
419 uint32_t dtype = txd_lower & (E1000_TXD_CMD_DEXT | E1000_TXD_DTYP_D);
420 unsigned int split_size = txd_lower & 0xffff, bytes, sz, op;
421 unsigned int msh = 0xfffff, hdr = 0;
422 uint64_t addr;
423 struct e1000_context_desc *xp = (struct e1000_context_desc *)dp;
424 struct e1000_tx *tp = &s->tx;
425
426 if (dtype == E1000_TXD_CMD_DEXT) { // context descriptor
427 op = le32_to_cpu(xp->cmd_and_length);
428 tp->ipcss = xp->lower_setup.ip_fields.ipcss;
429 tp->ipcso = xp->lower_setup.ip_fields.ipcso;
430 tp->ipcse = le16_to_cpu(xp->lower_setup.ip_fields.ipcse);
431 tp->tucss = xp->upper_setup.tcp_fields.tucss;
432 tp->tucso = xp->upper_setup.tcp_fields.tucso;
433 tp->tucse = le16_to_cpu(xp->upper_setup.tcp_fields.tucse);
434 tp->paylen = op & 0xfffff;
435 tp->hdr_len = xp->tcp_seg_setup.fields.hdr_len;
436 tp->mss = le16_to_cpu(xp->tcp_seg_setup.fields.mss);
437 tp->ip = (op & E1000_TXD_CMD_IP) ? 1 : 0;
438 tp->tcp = (op & E1000_TXD_CMD_TCP) ? 1 : 0;
439 tp->tse = (op & E1000_TXD_CMD_TSE) ? 1 : 0;
440 tp->tso_frames = 0;
441 if (tp->tucso == 0) { // this is probably wrong
442 DBGOUT(TXSUM, "TCP/UDP: cso 0!\n");
443 tp->tucso = tp->tucss + (tp->tcp ? 16 : 6);
444 }
445 return;
446 } else if (dtype == (E1000_TXD_CMD_DEXT | E1000_TXD_DTYP_D)) {
447 // data descriptor
448 tp->sum_needed = le32_to_cpu(dp->upper.data) >> 8;
449 tp->cptse = ( txd_lower & E1000_TXD_CMD_TSE ) ? 1 : 0;
450 } else
451 // legacy descriptor
452 tp->cptse = 0;
453
454 if (vlan_enabled(s) && is_vlan_txd(txd_lower) &&
455 (tp->cptse || txd_lower & E1000_TXD_CMD_EOP)) {
456 tp->vlan_needed = 1;
457 cpu_to_be16wu((uint16_t *)(tp->vlan_header),
458 le16_to_cpup((uint16_t *)(s->mac_reg + VET)));
459 cpu_to_be16wu((uint16_t *)(tp->vlan_header + 2),
460 le16_to_cpu(dp->upper.fields.special));
461 }
462
463 addr = le64_to_cpu(dp->buffer_addr);
464 if (tp->tse && tp->cptse) {
465 hdr = tp->hdr_len;
466 msh = hdr + tp->mss;
467 do {
468 bytes = split_size;
469 if (tp->size + bytes > msh)
470 bytes = msh - tp->size;
471 cpu_physical_memory_read(addr, tp->data + tp->size, bytes);
472 if ((sz = tp->size + bytes) >= hdr && tp->size < hdr)
473 memmove(tp->header, tp->data, hdr);
474 tp->size = sz;
475 addr += bytes;
476 if (sz == msh) {
477 xmit_seg(s);
478 memmove(tp->data, tp->header, hdr);
479 tp->size = hdr;
480 }
481 } while (split_size -= bytes);
482 } else if (!tp->tse && tp->cptse) {
483 // context descriptor TSE is not set, while data descriptor TSE is set
484 DBGOUT(TXERR, "TCP segmentaion Error\n");
485 } else {
486 cpu_physical_memory_read(addr, tp->data + tp->size, split_size);
487 tp->size += split_size;
488 }
489
490 if (!(txd_lower & E1000_TXD_CMD_EOP))
491 return;
492 if (!(tp->tse && tp->cptse && tp->size < hdr))
493 xmit_seg(s);
494 tp->tso_frames = 0;
495 tp->sum_needed = 0;
496 tp->vlan_needed = 0;
497 tp->size = 0;
498 tp->cptse = 0;
499 }
500
501 static uint32_t
502 txdesc_writeback(target_phys_addr_t base, struct e1000_tx_desc *dp)
503 {
504 uint32_t txd_upper, txd_lower = le32_to_cpu(dp->lower.data);
505
506 if (!(txd_lower & (E1000_TXD_CMD_RS|E1000_TXD_CMD_RPS)))
507 return 0;
508 txd_upper = (le32_to_cpu(dp->upper.data) | E1000_TXD_STAT_DD) &
509 ~(E1000_TXD_STAT_EC | E1000_TXD_STAT_LC | E1000_TXD_STAT_TU);
510 dp->upper.data = cpu_to_le32(txd_upper);
511 cpu_physical_memory_write(base + ((char *)&dp->upper - (char *)dp),
512 (void *)&dp->upper, sizeof(dp->upper));
513 return E1000_ICR_TXDW;
514 }
515
516 static void
517 start_xmit(E1000State *s)
518 {
519 target_phys_addr_t base;
520 struct e1000_tx_desc desc;
521 uint32_t tdh_start = s->mac_reg[TDH], cause = E1000_ICS_TXQE;
522
523 if (!(s->mac_reg[TCTL] & E1000_TCTL_EN)) {
524 DBGOUT(TX, "tx disabled\n");
525 return;
526 }
527
528 while (s->mac_reg[TDH] != s->mac_reg[TDT]) {
529 base = ((uint64_t)s->mac_reg[TDBAH] << 32) + s->mac_reg[TDBAL] +
530 sizeof(struct e1000_tx_desc) * s->mac_reg[TDH];
531 cpu_physical_memory_read(base, (void *)&desc, sizeof(desc));
532
533 DBGOUT(TX, "index %d: %p : %x %x\n", s->mac_reg[TDH],
534 (void *)(intptr_t)desc.buffer_addr, desc.lower.data,
535 desc.upper.data);
536
537 process_tx_desc(s, &desc);
538 cause |= txdesc_writeback(base, &desc);
539
540 if (++s->mac_reg[TDH] * sizeof(desc) >= s->mac_reg[TDLEN])
541 s->mac_reg[TDH] = 0;
542 /*
543 * the following could happen only if guest sw assigns
544 * bogus values to TDT/TDLEN.
545 * there's nothing too intelligent we could do about this.
546 */
547 if (s->mac_reg[TDH] == tdh_start) {
548 DBGOUT(TXERR, "TDH wraparound @%x, TDT %x, TDLEN %x\n",
549 tdh_start, s->mac_reg[TDT], s->mac_reg[TDLEN]);
550 break;
551 }
552 }
553 set_ics(s, 0, cause);
554 }
555
556 static int
557 receive_filter(E1000State *s, const uint8_t *buf, int size)
558 {
559 static const uint8_t bcast[] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
560 static const int mta_shift[] = {4, 3, 2, 0};
561 uint32_t f, rctl = s->mac_reg[RCTL], ra[2], *rp;
562
563 if (is_vlan_packet(s, buf) && vlan_rx_filter_enabled(s)) {
564 uint16_t vid = be16_to_cpup((uint16_t *)(buf + 14));
565 uint32_t vfta = le32_to_cpup((uint32_t *)(s->mac_reg + VFTA) +
566 ((vid >> 5) & 0x7f));
567 if ((vfta & (1 << (vid & 0x1f))) == 0)
568 return 0;
569 }
570
571 if (rctl & E1000_RCTL_UPE) // promiscuous
572 return 1;
573
574 if ((buf[0] & 1) && (rctl & E1000_RCTL_MPE)) // promiscuous mcast
575 return 1;
576
577 if ((rctl & E1000_RCTL_BAM) && !memcmp(buf, bcast, sizeof bcast))
578 return 1;
579
580 for (rp = s->mac_reg + RA; rp < s->mac_reg + RA + 32; rp += 2) {
581 if (!(rp[1] & E1000_RAH_AV))
582 continue;
583 ra[0] = cpu_to_le32(rp[0]);
584 ra[1] = cpu_to_le32(rp[1]);
585 if (!memcmp(buf, (uint8_t *)ra, 6)) {
586 DBGOUT(RXFILTER,
587 "unicast match[%d]: %02x:%02x:%02x:%02x:%02x:%02x\n",
588 (int)(rp - s->mac_reg - RA)/2,
589 buf[0], buf[1], buf[2], buf[3], buf[4], buf[5]);
590 return 1;
591 }
592 }
593 DBGOUT(RXFILTER, "unicast mismatch: %02x:%02x:%02x:%02x:%02x:%02x\n",
594 buf[0], buf[1], buf[2], buf[3], buf[4], buf[5]);
595
596 f = mta_shift[(rctl >> E1000_RCTL_MO_SHIFT) & 3];
597 f = (((buf[5] << 8) | buf[4]) >> f) & 0xfff;
598 if (s->mac_reg[MTA + (f >> 5)] & (1 << (f & 0x1f)))
599 return 1;
600 DBGOUT(RXFILTER,
601 "dropping, inexact filter mismatch: %02x:%02x:%02x:%02x:%02x:%02x MO %d MTA[%d] %x\n",
602 buf[0], buf[1], buf[2], buf[3], buf[4], buf[5],
603 (rctl >> E1000_RCTL_MO_SHIFT) & 3, f >> 5,
604 s->mac_reg[MTA + (f >> 5)]);
605
606 return 0;
607 }
608
609 static void
610 e1000_set_link_status(VLANClientState *nc)
611 {
612 E1000State *s = DO_UPCAST(NICState, nc, nc)->opaque;
613 uint32_t old_status = s->mac_reg[STATUS];
614
615 if (nc->link_down)
616 s->mac_reg[STATUS] &= ~E1000_STATUS_LU;
617 else
618 s->mac_reg[STATUS] |= E1000_STATUS_LU;
619
620 if (s->mac_reg[STATUS] != old_status)
621 set_ics(s, 0, E1000_ICR_LSC);
622 }
623
624 static int
625 e1000_can_receive(VLANClientState *nc)
626 {
627 E1000State *s = DO_UPCAST(NICState, nc, nc)->opaque;
628
629 return (s->mac_reg[RCTL] & E1000_RCTL_EN);
630 }
631
632 static ssize_t
633 e1000_receive(VLANClientState *nc, const uint8_t *buf, size_t size)
634 {
635 E1000State *s = DO_UPCAST(NICState, nc, nc)->opaque;
636 struct e1000_rx_desc desc;
637 target_phys_addr_t base;
638 unsigned int n, rdt;
639 uint32_t rdh_start;
640 uint16_t vlan_special = 0;
641 uint8_t vlan_status = 0, vlan_offset = 0;
642 uint8_t min_buf[MIN_BUF_SIZE];
643
644 if (!(s->mac_reg[RCTL] & E1000_RCTL_EN))
645 return -1;
646
647 /* Pad to minimum Ethernet frame length */
648 if (size < sizeof(min_buf)) {
649 memcpy(min_buf, buf, size);
650 memset(&min_buf[size], 0, sizeof(min_buf) - size);
651 buf = min_buf;
652 size = sizeof(min_buf);
653 }
654
655 if (size > s->rxbuf_size) {
656 DBGOUT(RX, "packet too large for buffers (%lu > %d)\n",
657 (unsigned long)size, s->rxbuf_size);
658 return -1;
659 }
660
661 if (!receive_filter(s, buf, size))
662 return size;
663
664 if (vlan_enabled(s) && is_vlan_packet(s, buf)) {
665 vlan_special = cpu_to_le16(be16_to_cpup((uint16_t *)(buf + 14)));
666 memmove((uint8_t *)buf + 4, buf, 12);
667 vlan_status = E1000_RXD_STAT_VP;
668 vlan_offset = 4;
669 size -= 4;
670 }
671
672 rdh_start = s->mac_reg[RDH];
673 do {
674 if (s->mac_reg[RDH] == s->mac_reg[RDT] && s->check_rxov) {
675 set_ics(s, 0, E1000_ICS_RXO);
676 return -1;
677 }
678 base = ((uint64_t)s->mac_reg[RDBAH] << 32) + s->mac_reg[RDBAL] +
679 sizeof(desc) * s->mac_reg[RDH];
680 cpu_physical_memory_read(base, (void *)&desc, sizeof(desc));
681 desc.special = vlan_special;
682 desc.status |= (vlan_status | E1000_RXD_STAT_DD);
683 if (desc.buffer_addr) {
684 cpu_physical_memory_write(le64_to_cpu(desc.buffer_addr),
685 (void *)(buf + vlan_offset), size);
686 desc.length = cpu_to_le16(size + fcs_len(s));
687 desc.status |= E1000_RXD_STAT_EOP|E1000_RXD_STAT_IXSM;
688 } else // as per intel docs; skip descriptors with null buf addr
689 DBGOUT(RX, "Null RX descriptor!!\n");
690 cpu_physical_memory_write(base, (void *)&desc, sizeof(desc));
691
692 if (++s->mac_reg[RDH] * sizeof(desc) >= s->mac_reg[RDLEN])
693 s->mac_reg[RDH] = 0;
694 s->check_rxov = 1;
695 /* see comment in start_xmit; same here */
696 if (s->mac_reg[RDH] == rdh_start) {
697 DBGOUT(RXERR, "RDH wraparound @%x, RDT %x, RDLEN %x\n",
698 rdh_start, s->mac_reg[RDT], s->mac_reg[RDLEN]);
699 set_ics(s, 0, E1000_ICS_RXO);
700 return -1;
701 }
702 } while (desc.buffer_addr == 0);
703
704 s->mac_reg[GPRC]++;
705 s->mac_reg[TPR]++;
706 /* TOR - Total Octets Received:
707 * This register includes bytes received in a packet from the <Destination
708 * Address> field through the <CRC> field, inclusively.
709 */
710 n = s->mac_reg[TORL] + size + /* Always include FCS length. */ 4;
711 if (n < s->mac_reg[TORL])
712 s->mac_reg[TORH]++;
713 s->mac_reg[TORL] = n;
714
715 n = E1000_ICS_RXT0;
716 if ((rdt = s->mac_reg[RDT]) < s->mac_reg[RDH])
717 rdt += s->mac_reg[RDLEN] / sizeof(desc);
718 if (((rdt - s->mac_reg[RDH]) * sizeof(desc)) <= s->mac_reg[RDLEN] >>
719 s->rxbuf_min_shift)
720 n |= E1000_ICS_RXDMT0;
721
722 set_ics(s, 0, n);
723
724 return size;
725 }
726
727 static uint32_t
728 mac_readreg(E1000State *s, int index)
729 {
730 return s->mac_reg[index];
731 }
732
733 static uint32_t
734 mac_icr_read(E1000State *s, int index)
735 {
736 uint32_t ret = s->mac_reg[ICR];
737
738 DBGOUT(INTERRUPT, "ICR read: %x\n", ret);
739 set_interrupt_cause(s, 0, 0);
740 return ret;
741 }
742
743 static uint32_t
744 mac_read_clr4(E1000State *s, int index)
745 {
746 uint32_t ret = s->mac_reg[index];
747
748 s->mac_reg[index] = 0;
749 return ret;
750 }
751
752 static uint32_t
753 mac_read_clr8(E1000State *s, int index)
754 {
755 uint32_t ret = s->mac_reg[index];
756
757 s->mac_reg[index] = 0;
758 s->mac_reg[index-1] = 0;
759 return ret;
760 }
761
762 static void
763 mac_writereg(E1000State *s, int index, uint32_t val)
764 {
765 s->mac_reg[index] = val;
766 }
767
768 static void
769 set_rdt(E1000State *s, int index, uint32_t val)
770 {
771 s->check_rxov = 0;
772 s->mac_reg[index] = val & 0xffff;
773 }
774
775 static void
776 set_16bit(E1000State *s, int index, uint32_t val)
777 {
778 s->mac_reg[index] = val & 0xffff;
779 }
780
781 static void
782 set_dlen(E1000State *s, int index, uint32_t val)
783 {
784 s->mac_reg[index] = val & 0xfff80;
785 }
786
787 static void
788 set_tctl(E1000State *s, int index, uint32_t val)
789 {
790 s->mac_reg[index] = val;
791 s->mac_reg[TDT] &= 0xffff;
792 start_xmit(s);
793 }
794
795 static void
796 set_icr(E1000State *s, int index, uint32_t val)
797 {
798 DBGOUT(INTERRUPT, "set_icr %x\n", val);
799 set_interrupt_cause(s, 0, s->mac_reg[ICR] & ~val);
800 }
801
802 static void
803 set_imc(E1000State *s, int index, uint32_t val)
804 {
805 s->mac_reg[IMS] &= ~val;
806 set_ics(s, 0, 0);
807 }
808
809 static void
810 set_ims(E1000State *s, int index, uint32_t val)
811 {
812 s->mac_reg[IMS] |= val;
813 set_ics(s, 0, 0);
814 }
815
816 #define getreg(x) [x] = mac_readreg
817 static uint32_t (*macreg_readops[])(E1000State *, int) = {
818 getreg(PBA), getreg(RCTL), getreg(TDH), getreg(TXDCTL),
819 getreg(WUFC), getreg(TDT), getreg(CTRL), getreg(LEDCTL),
820 getreg(MANC), getreg(MDIC), getreg(SWSM), getreg(STATUS),
821 getreg(TORL), getreg(TOTL), getreg(IMS), getreg(TCTL),
822 getreg(RDH), getreg(RDT), getreg(VET), getreg(ICS),
823 getreg(TDBAL), getreg(TDBAH), getreg(RDBAH), getreg(RDBAL),
824 getreg(TDLEN), getreg(RDLEN),
825
826 [TOTH] = mac_read_clr8, [TORH] = mac_read_clr8, [GPRC] = mac_read_clr4,
827 [GPTC] = mac_read_clr4, [TPR] = mac_read_clr4, [TPT] = mac_read_clr4,
828 [ICR] = mac_icr_read, [EECD] = get_eecd, [EERD] = flash_eerd_read,
829 [CRCERRS ... MPC] = &mac_readreg,
830 [RA ... RA+31] = &mac_readreg,
831 [MTA ... MTA+127] = &mac_readreg,
832 [VFTA ... VFTA+127] = &mac_readreg,
833 };
834 enum { NREADOPS = ARRAY_SIZE(macreg_readops) };
835
836 #define putreg(x) [x] = mac_writereg
837 static void (*macreg_writeops[])(E1000State *, int, uint32_t) = {
838 putreg(PBA), putreg(EERD), putreg(SWSM), putreg(WUFC),
839 putreg(TDBAL), putreg(TDBAH), putreg(TXDCTL), putreg(RDBAH),
840 putreg(RDBAL), putreg(LEDCTL), putreg(VET),
841 [TDLEN] = set_dlen, [RDLEN] = set_dlen, [TCTL] = set_tctl,
842 [TDT] = set_tctl, [MDIC] = set_mdic, [ICS] = set_ics,
843 [TDH] = set_16bit, [RDH] = set_16bit, [RDT] = set_rdt,
844 [IMC] = set_imc, [IMS] = set_ims, [ICR] = set_icr,
845 [EECD] = set_eecd, [RCTL] = set_rx_control, [CTRL] = set_ctrl,
846 [RA ... RA+31] = &mac_writereg,
847 [MTA ... MTA+127] = &mac_writereg,
848 [VFTA ... VFTA+127] = &mac_writereg,
849 };
850 enum { NWRITEOPS = ARRAY_SIZE(macreg_writeops) };
851
852 static void
853 e1000_mmio_writel(void *opaque, target_phys_addr_t addr, uint32_t val)
854 {
855 E1000State *s = opaque;
856 unsigned int index = (addr & 0x1ffff) >> 2;
857
858 #ifdef TARGET_WORDS_BIGENDIAN
859 val = bswap32(val);
860 #endif
861 if (index < NWRITEOPS && macreg_writeops[index])
862 macreg_writeops[index](s, index, val);
863 else if (index < NREADOPS && macreg_readops[index])
864 DBGOUT(MMIO, "e1000_mmio_writel RO %x: 0x%04x\n", index<<2, val);
865 else
866 DBGOUT(UNKNOWN, "MMIO unknown write addr=0x%08x,val=0x%08x\n",
867 index<<2, val);
868 }
869
870 static void
871 e1000_mmio_writew(void *opaque, target_phys_addr_t addr, uint32_t val)
872 {
873 // emulate hw without byte enables: no RMW
874 e1000_mmio_writel(opaque, addr & ~3,
875 (val & 0xffff) << (8*(addr & 3)));
876 }
877
878 static void
879 e1000_mmio_writeb(void *opaque, target_phys_addr_t addr, uint32_t val)
880 {
881 // emulate hw without byte enables: no RMW
882 e1000_mmio_writel(opaque, addr & ~3,
883 (val & 0xff) << (8*(addr & 3)));
884 }
885
886 static uint32_t
887 e1000_mmio_readl(void *opaque, target_phys_addr_t addr)
888 {
889 E1000State *s = opaque;
890 unsigned int index = (addr & 0x1ffff) >> 2;
891
892 if (index < NREADOPS && macreg_readops[index])
893 {
894 uint32_t val = macreg_readops[index](s, index);
895 #ifdef TARGET_WORDS_BIGENDIAN
896 val = bswap32(val);
897 #endif
898 return val;
899 }
900 DBGOUT(UNKNOWN, "MMIO unknown read addr=0x%08x\n", index<<2);
901 return 0;
902 }
903
904 static uint32_t
905 e1000_mmio_readb(void *opaque, target_phys_addr_t addr)
906 {
907 return ((e1000_mmio_readl(opaque, addr & ~3)) >>
908 (8 * (addr & 3))) & 0xff;
909 }
910
911 static uint32_t
912 e1000_mmio_readw(void *opaque, target_phys_addr_t addr)
913 {
914 return ((e1000_mmio_readl(opaque, addr & ~3)) >>
915 (8 * (addr & 3))) & 0xffff;
916 }
917
918 static bool is_version_1(void *opaque, int version_id)
919 {
920 return version_id == 1;
921 }
922
923 static const VMStateDescription vmstate_e1000 = {
924 .name = "e1000",
925 .version_id = 2,
926 .minimum_version_id = 1,
927 .minimum_version_id_old = 1,
928 .fields = (VMStateField []) {
929 VMSTATE_PCI_DEVICE(dev, E1000State),
930 VMSTATE_UNUSED_TEST(is_version_1, 4), /* was instance id */
931 VMSTATE_UNUSED(4), /* Was mmio_base. */
932 VMSTATE_UINT32(rxbuf_size, E1000State),
933 VMSTATE_UINT32(rxbuf_min_shift, E1000State),
934 VMSTATE_UINT32(eecd_state.val_in, E1000State),
935 VMSTATE_UINT16(eecd_state.bitnum_in, E1000State),
936 VMSTATE_UINT16(eecd_state.bitnum_out, E1000State),
937 VMSTATE_UINT16(eecd_state.reading, E1000State),
938 VMSTATE_UINT32(eecd_state.old_eecd, E1000State),
939 VMSTATE_UINT8(tx.ipcss, E1000State),
940 VMSTATE_UINT8(tx.ipcso, E1000State),
941 VMSTATE_UINT16(tx.ipcse, E1000State),
942 VMSTATE_UINT8(tx.tucss, E1000State),
943 VMSTATE_UINT8(tx.tucso, E1000State),
944 VMSTATE_UINT16(tx.tucse, E1000State),
945 VMSTATE_UINT32(tx.paylen, E1000State),
946 VMSTATE_UINT8(tx.hdr_len, E1000State),
947 VMSTATE_UINT16(tx.mss, E1000State),
948 VMSTATE_UINT16(tx.size, E1000State),
949 VMSTATE_UINT16(tx.tso_frames, E1000State),
950 VMSTATE_UINT8(tx.sum_needed, E1000State),
951 VMSTATE_INT8(tx.ip, E1000State),
952 VMSTATE_INT8(tx.tcp, E1000State),
953 VMSTATE_BUFFER(tx.header, E1000State),
954 VMSTATE_BUFFER(tx.data, E1000State),
955 VMSTATE_UINT16_ARRAY(eeprom_data, E1000State, 64),
956 VMSTATE_UINT16_ARRAY(phy_reg, E1000State, 0x20),
957 VMSTATE_UINT32(mac_reg[CTRL], E1000State),
958 VMSTATE_UINT32(mac_reg[EECD], E1000State),
959 VMSTATE_UINT32(mac_reg[EERD], E1000State),
960 VMSTATE_UINT32(mac_reg[GPRC], E1000State),
961 VMSTATE_UINT32(mac_reg[GPTC], E1000State),
962 VMSTATE_UINT32(mac_reg[ICR], E1000State),
963 VMSTATE_UINT32(mac_reg[ICS], E1000State),
964 VMSTATE_UINT32(mac_reg[IMC], E1000State),
965 VMSTATE_UINT32(mac_reg[IMS], E1000State),
966 VMSTATE_UINT32(mac_reg[LEDCTL], E1000State),
967 VMSTATE_UINT32(mac_reg[MANC], E1000State),
968 VMSTATE_UINT32(mac_reg[MDIC], E1000State),
969 VMSTATE_UINT32(mac_reg[MPC], E1000State),
970 VMSTATE_UINT32(mac_reg[PBA], E1000State),
971 VMSTATE_UINT32(mac_reg[RCTL], E1000State),
972 VMSTATE_UINT32(mac_reg[RDBAH], E1000State),
973 VMSTATE_UINT32(mac_reg[RDBAL], E1000State),
974 VMSTATE_UINT32(mac_reg[RDH], E1000State),
975 VMSTATE_UINT32(mac_reg[RDLEN], E1000State),
976 VMSTATE_UINT32(mac_reg[RDT], E1000State),
977 VMSTATE_UINT32(mac_reg[STATUS], E1000State),
978 VMSTATE_UINT32(mac_reg[SWSM], E1000State),
979 VMSTATE_UINT32(mac_reg[TCTL], E1000State),
980 VMSTATE_UINT32(mac_reg[TDBAH], E1000State),
981 VMSTATE_UINT32(mac_reg[TDBAL], E1000State),
982 VMSTATE_UINT32(mac_reg[TDH], E1000State),
983 VMSTATE_UINT32(mac_reg[TDLEN], E1000State),
984 VMSTATE_UINT32(mac_reg[TDT], E1000State),
985 VMSTATE_UINT32(mac_reg[TORH], E1000State),
986 VMSTATE_UINT32(mac_reg[TORL], E1000State),
987 VMSTATE_UINT32(mac_reg[TOTH], E1000State),
988 VMSTATE_UINT32(mac_reg[TOTL], E1000State),
989 VMSTATE_UINT32(mac_reg[TPR], E1000State),
990 VMSTATE_UINT32(mac_reg[TPT], E1000State),
991 VMSTATE_UINT32(mac_reg[TXDCTL], E1000State),
992 VMSTATE_UINT32(mac_reg[WUFC], E1000State),
993 VMSTATE_UINT32(mac_reg[VET], E1000State),
994 VMSTATE_UINT32_SUB_ARRAY(mac_reg, E1000State, RA, 32),
995 VMSTATE_UINT32_SUB_ARRAY(mac_reg, E1000State, MTA, 128),
996 VMSTATE_UINT32_SUB_ARRAY(mac_reg, E1000State, VFTA, 128),
997 VMSTATE_END_OF_LIST()
998 }
999 };
1000
1001 static const uint16_t e1000_eeprom_template[64] = {
1002 0x0000, 0x0000, 0x0000, 0x0000, 0xffff, 0x0000, 0x0000, 0x0000,
1003 0x3000, 0x1000, 0x6403, E1000_DEVID, 0x8086, E1000_DEVID, 0x8086, 0x3040,
1004 0x0008, 0x2000, 0x7e14, 0x0048, 0x1000, 0x00d8, 0x0000, 0x2700,
1005 0x6cc9, 0x3150, 0x0722, 0x040b, 0x0984, 0x0000, 0xc000, 0x0706,
1006 0x1008, 0x0000, 0x0f04, 0x7fff, 0x4d01, 0xffff, 0xffff, 0xffff,
1007 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
1008 0x0100, 0x4000, 0x121c, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
1009 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0x0000,
1010 };
1011
1012 static const uint16_t phy_reg_init[] = {
1013 [PHY_CTRL] = 0x1140, [PHY_STATUS] = 0x796d, // link initially up
1014 [PHY_ID1] = 0x141, [PHY_ID2] = PHY_ID2_INIT,
1015 [PHY_1000T_CTRL] = 0x0e00, [M88E1000_PHY_SPEC_CTRL] = 0x360,
1016 [M88E1000_EXT_PHY_SPEC_CTRL] = 0x0d60, [PHY_AUTONEG_ADV] = 0xde1,
1017 [PHY_LP_ABILITY] = 0x1e0, [PHY_1000T_STATUS] = 0x3c00,
1018 [M88E1000_PHY_SPEC_STATUS] = 0xac00,
1019 };
1020
1021 static const uint32_t mac_reg_init[] = {
1022 [PBA] = 0x00100030,
1023 [LEDCTL] = 0x602,
1024 [CTRL] = E1000_CTRL_SWDPIN2 | E1000_CTRL_SWDPIN0 |
1025 E1000_CTRL_SPD_1000 | E1000_CTRL_SLU,
1026 [STATUS] = 0x80000000 | E1000_STATUS_GIO_MASTER_ENABLE |
1027 E1000_STATUS_ASDV | E1000_STATUS_MTXCKOK |
1028 E1000_STATUS_SPEED_1000 | E1000_STATUS_FD |
1029 E1000_STATUS_LU,
1030 [MANC] = E1000_MANC_EN_MNG2HOST | E1000_MANC_RCV_TCO_EN |
1031 E1000_MANC_ARP_EN | E1000_MANC_0298_EN |
1032 E1000_MANC_RMCP_EN,
1033 };
1034
1035 /* PCI interface */
1036
1037 static CPUWriteMemoryFunc * const e1000_mmio_write[] = {
1038 e1000_mmio_writeb, e1000_mmio_writew, e1000_mmio_writel
1039 };
1040
1041 static CPUReadMemoryFunc * const e1000_mmio_read[] = {
1042 e1000_mmio_readb, e1000_mmio_readw, e1000_mmio_readl
1043 };
1044
1045 static void
1046 e1000_mmio_map(PCIDevice *pci_dev, int region_num,
1047 pcibus_t addr, pcibus_t size, int type)
1048 {
1049 E1000State *d = DO_UPCAST(E1000State, dev, pci_dev);
1050 int i;
1051 const uint32_t excluded_regs[] = {
1052 E1000_MDIC, E1000_ICR, E1000_ICS, E1000_IMS,
1053 E1000_IMC, E1000_TCTL, E1000_TDT, PNPMMIO_SIZE
1054 };
1055
1056
1057 DBGOUT(MMIO, "e1000_mmio_map addr=0x%08"FMT_PCIBUS" 0x%08"FMT_PCIBUS"\n",
1058 addr, size);
1059
1060 cpu_register_physical_memory(addr, PNPMMIO_SIZE, d->mmio_index);
1061 qemu_register_coalesced_mmio(addr, excluded_regs[0]);
1062
1063 for (i = 0; excluded_regs[i] != PNPMMIO_SIZE; i++)
1064 qemu_register_coalesced_mmio(addr + excluded_regs[i] + 4,
1065 excluded_regs[i + 1] -
1066 excluded_regs[i] - 4);
1067 }
1068
1069 static void
1070 e1000_cleanup(VLANClientState *nc)
1071 {
1072 E1000State *s = DO_UPCAST(NICState, nc, nc)->opaque;
1073
1074 s->nic = NULL;
1075 }
1076
1077 static int
1078 pci_e1000_uninit(PCIDevice *dev)
1079 {
1080 E1000State *d = DO_UPCAST(E1000State, dev, dev);
1081
1082 cpu_unregister_io_memory(d->mmio_index);
1083 qemu_del_vlan_client(&d->nic->nc);
1084 return 0;
1085 }
1086
1087 static void e1000_reset(void *opaque)
1088 {
1089 E1000State *d = opaque;
1090
1091 memset(d->phy_reg, 0, sizeof d->phy_reg);
1092 memmove(d->phy_reg, phy_reg_init, sizeof phy_reg_init);
1093 memset(d->mac_reg, 0, sizeof d->mac_reg);
1094 memmove(d->mac_reg, mac_reg_init, sizeof mac_reg_init);
1095 d->rxbuf_min_shift = 1;
1096 memset(&d->tx, 0, sizeof d->tx);
1097 }
1098
1099 static NetClientInfo net_e1000_info = {
1100 .type = NET_CLIENT_TYPE_NIC,
1101 .size = sizeof(NICState),
1102 .can_receive = e1000_can_receive,
1103 .receive = e1000_receive,
1104 .cleanup = e1000_cleanup,
1105 .link_status_changed = e1000_set_link_status,
1106 };
1107
1108 static int pci_e1000_init(PCIDevice *pci_dev)
1109 {
1110 E1000State *d = DO_UPCAST(E1000State, dev, pci_dev);
1111 uint8_t *pci_conf;
1112 uint16_t checksum = 0;
1113 int i;
1114 uint8_t *macaddr;
1115
1116 pci_conf = d->dev.config;
1117
1118 pci_config_set_vendor_id(pci_conf, PCI_VENDOR_ID_INTEL);
1119 pci_config_set_device_id(pci_conf, E1000_DEVID);
1120 /* TODO: we have no capabilities, so why is this bit set? */
1121 pci_set_word(pci_conf + PCI_STATUS, PCI_STATUS_CAP_LIST);
1122 pci_conf[PCI_REVISION_ID] = 0x03;
1123 pci_config_set_class(pci_conf, PCI_CLASS_NETWORK_ETHERNET);
1124 /* TODO: RST# value should be 0, PCI spec 6.2.4 */
1125 pci_conf[PCI_CACHE_LINE_SIZE] = 0x10;
1126
1127 /* TODO: RST# value should be 0 if programmable, PCI spec 6.2.4 */
1128 pci_conf[PCI_INTERRUPT_PIN] = 1; // interrupt pin 0
1129
1130 d->mmio_index = cpu_register_io_memory(e1000_mmio_read,
1131 e1000_mmio_write, d);
1132
1133 pci_register_bar((PCIDevice *)d, 0, PNPMMIO_SIZE,
1134 PCI_BASE_ADDRESS_SPACE_MEMORY, e1000_mmio_map);
1135
1136 pci_register_bar((PCIDevice *)d, 1, IOPORT_SIZE,
1137 PCI_BASE_ADDRESS_SPACE_IO, ioport_map);
1138
1139 memmove(d->eeprom_data, e1000_eeprom_template,
1140 sizeof e1000_eeprom_template);
1141 qemu_macaddr_default_if_unset(&d->conf.macaddr);
1142 macaddr = d->conf.macaddr.a;
1143 for (i = 0; i < 3; i++)
1144 d->eeprom_data[i] = (macaddr[2*i+1]<<8) | macaddr[2*i];
1145 for (i = 0; i < EEPROM_CHECKSUM_REG; i++)
1146 checksum += d->eeprom_data[i];
1147 checksum = (uint16_t) EEPROM_SUM - checksum;
1148 d->eeprom_data[EEPROM_CHECKSUM_REG] = checksum;
1149
1150 d->nic = qemu_new_nic(&net_e1000_info, &d->conf,
1151 d->dev.qdev.info->name, d->dev.qdev.id, d);
1152
1153 qemu_format_nic_info_str(&d->nic->nc, macaddr);
1154 return 0;
1155 }
1156
1157 static void qdev_e1000_reset(DeviceState *dev)
1158 {
1159 E1000State *d = DO_UPCAST(E1000State, dev.qdev, dev);
1160 e1000_reset(d);
1161 }
1162
1163 static PCIDeviceInfo e1000_info = {
1164 .qdev.name = "e1000",
1165 .qdev.desc = "Intel Gigabit Ethernet",
1166 .qdev.size = sizeof(E1000State),
1167 .qdev.reset = qdev_e1000_reset,
1168 .qdev.vmsd = &vmstate_e1000,
1169 .init = pci_e1000_init,
1170 .exit = pci_e1000_uninit,
1171 .romfile = "pxe-e1000.bin",
1172 .qdev.props = (Property[]) {
1173 DEFINE_NIC_PROPERTIES(E1000State, conf),
1174 DEFINE_PROP_END_OF_LIST(),
1175 }
1176 };
1177
1178 static void e1000_register_devices(void)
1179 {
1180 pci_qdev_register(&e1000_info);
1181 }
1182
1183 device_init(e1000_register_devices)
QEmu