sdl: Fix memory leakage
[qemu-kvm/fedora.git] / hw / eepro100.c
blob8eb94fd46941017832b388120a1fa445c511e62e
1 /*
2 * QEMU i8255x (PRO100) emulation
4 * Copyright (c) 2006-2007 Stefan Weil
6 * Portions of the code are copies from grub / etherboot eepro100.c
7 * and linux e100.c.
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, write to the Free Software
21 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
23 * Tested features (i82559):
24 * PXE boot (i386) no valid link
25 * Linux networking (i386) ok
27 * Untested:
28 * non-i386 platforms
29 * Windows networking
31 * References:
33 * Intel 8255x 10/100 Mbps Ethernet Controller Family
34 * Open Source Software Developer Manual
37 #if defined(TARGET_I386)
38 # warning "PXE boot still not working!"
39 #endif
41 #include <assert.h>
42 #include <stddef.h> /* offsetof */
43 #include "hw.h"
44 #include "pci.h"
45 #include "net.h"
46 #include "eeprom93xx.h"
48 /* Common declarations for all PCI devices. */
50 #define PCI_VENDOR_ID 0x00 /* 16 bits */
51 #define PCI_DEVICE_ID 0x02 /* 16 bits */
52 #define PCI_COMMAND 0x04 /* 16 bits */
53 #define PCI_STATUS 0x06 /* 16 bits */
55 #define PCI_REVISION_ID 0x08 /* 8 bits */
56 #define PCI_CLASS_CODE 0x0b /* 8 bits */
57 #define PCI_SUBCLASS_CODE 0x0a /* 8 bits */
58 #define PCI_HEADER_TYPE 0x0e /* 8 bits */
60 #define PCI_BASE_ADDRESS_0 0x10 /* 32 bits */
61 #define PCI_BASE_ADDRESS_1 0x14 /* 32 bits */
62 #define PCI_BASE_ADDRESS_2 0x18 /* 32 bits */
63 #define PCI_BASE_ADDRESS_3 0x1c /* 32 bits */
64 #define PCI_BASE_ADDRESS_4 0x20 /* 32 bits */
65 #define PCI_BASE_ADDRESS_5 0x24 /* 32 bits */
67 #define PCI_CONFIG_8(offset, value) \
68 (pci_conf[offset] = (value))
69 #define PCI_CONFIG_16(offset, value) \
70 (*(uint16_t *)&pci_conf[offset] = cpu_to_le16(value))
71 #define PCI_CONFIG_32(offset, value) \
72 (*(uint32_t *)&pci_conf[offset] = cpu_to_le32(value))
74 #define KiB 1024
76 /* debug EEPRO100 card */
77 //~ #define DEBUG_EEPRO100
79 #ifdef DEBUG_EEPRO100
80 #define logout(fmt, args...) fprintf(stderr, "EE100\t%-24s" fmt, __func__, ##args)
81 #else
82 #define logout(fmt, args...) ((void)0)
83 #endif
85 /* Set flags to 0 to disable debug output. */
86 #define MDI 0
88 #define TRACE(flag, command) ((flag) ? (command) : (void)0)
90 #define missing(text) assert(!"feature is missing in this emulation: " text)
92 #define MAX_ETH_FRAME_SIZE 1514
94 /* This driver supports several different devices which are declared here. */
95 #define i82551 0x82551
96 #define i82557B 0x82557b
97 #define i82557C 0x82557c
98 #define i82558B 0x82558b
99 #define i82559C 0x82559c
100 #define i82559ER 0x82559e
101 #define i82562 0x82562
103 #define EEPROM_SIZE 64
105 #define PCI_MEM_SIZE (4 * KiB)
106 #define PCI_IO_SIZE 64
107 #define PCI_FLASH_SIZE (128 * KiB)
109 #define BIT(n) (1 << (n))
110 #define BITS(n, m) (((0xffffffffU << (31 - n)) >> (31 - n + m)) << m)
112 /* The SCB accepts the following controls for the Tx and Rx units: */
113 #define CU_NOP 0x0000 /* No operation. */
114 #define CU_START 0x0010 /* CU start. */
115 #define CU_RESUME 0x0020 /* CU resume. */
116 #define CU_STATSADDR 0x0040 /* Load dump counters address. */
117 #define CU_SHOWSTATS 0x0050 /* Dump statistical counters. */
118 #define CU_CMD_BASE 0x0060 /* Load CU base address. */
119 #define CU_DUMPSTATS 0x0070 /* Dump and reset statistical counters. */
120 #define CU_SRESUME 0x00a0 /* CU static resume. */
122 #define RU_NOP 0x0000
123 #define RX_START 0x0001
124 #define RX_RESUME 0x0002
125 #define RX_ABORT 0x0004
126 #define RX_ADDR_LOAD 0x0006
127 #define RX_RESUMENR 0x0007
128 #define INT_MASK 0x0100
129 #define DRVR_INT 0x0200 /* Driver generated interrupt. */
131 typedef unsigned char bool;
133 /* Offsets to the various registers.
134 All accesses need not be longword aligned. */
135 enum speedo_offsets {
136 SCBStatus = 0,
137 SCBAck = 1,
138 SCBCmd = 2, /* Rx/Command Unit command and status. */
139 SCBIntmask = 3,
140 SCBPointer = 4, /* General purpose pointer. */
141 SCBPort = 8, /* Misc. commands and operands. */
142 SCBflash = 12, SCBeeprom = 14, /* EEPROM and flash memory control. */
143 SCBCtrlMDI = 16, /* MDI interface control. */
144 SCBEarlyRx = 20, /* Early receive byte count. */
145 SCBFlow = 24,
148 /* A speedo3 transmit buffer descriptor with two buffers... */
149 typedef struct {
150 uint16_t status;
151 uint16_t command;
152 uint32_t link; /* void * */
153 uint32_t tx_desc_addr; /* transmit buffer decsriptor array address. */
154 uint16_t tcb_bytes; /* transmit command block byte count (in lower 14 bits */
155 uint8_t tx_threshold; /* transmit threshold */
156 uint8_t tbd_count; /* TBD number */
157 //~ /* This constitutes two "TBD" entries: hdr and data */
158 //~ uint32_t tx_buf_addr0; /* void *, header of frame to be transmitted. */
159 //~ int32_t tx_buf_size0; /* Length of Tx hdr. */
160 //~ uint32_t tx_buf_addr1; /* void *, data to be transmitted. */
161 //~ int32_t tx_buf_size1; /* Length of Tx data. */
162 } eepro100_tx_t;
164 /* Receive frame descriptor. */
165 typedef struct {
166 int16_t status;
167 uint16_t command;
168 uint32_t link; /* struct RxFD * */
169 uint32_t rx_buf_addr; /* void * */
170 uint16_t count;
171 uint16_t size;
172 char packet[MAX_ETH_FRAME_SIZE + 4];
173 } eepro100_rx_t;
175 typedef struct {
176 uint32_t tx_good_frames, tx_max_collisions, tx_late_collisions,
177 tx_underruns, tx_lost_crs, tx_deferred, tx_single_collisions,
178 tx_multiple_collisions, tx_total_collisions;
179 uint32_t rx_good_frames, rx_crc_errors, rx_alignment_errors,
180 rx_resource_errors, rx_overrun_errors, rx_cdt_errors,
181 rx_short_frame_errors;
182 uint32_t fc_xmt_pause, fc_rcv_pause, fc_rcv_unsupported;
183 uint16_t xmt_tco_frames, rcv_tco_frames;
184 uint32_t complete;
185 } eepro100_stats_t;
187 typedef enum {
188 cu_idle = 0,
189 cu_suspended = 1,
190 cu_active = 2,
191 cu_lpq_active = 2,
192 cu_hqp_active = 3
193 } cu_state_t;
195 typedef enum {
196 ru_idle = 0,
197 ru_suspended = 1,
198 ru_no_resources = 2,
199 ru_ready = 4
200 } ru_state_t;
202 #if defined(__BIG_ENDIAN_BITFIELD)
203 #define X(a,b) b,a
204 #else
205 #define X(a,b) a,b
206 #endif
208 typedef struct {
209 #if 1
210 uint8_t cmd;
211 uint32_t start;
212 uint32_t stop;
213 uint8_t boundary;
214 uint8_t tsr;
215 uint8_t tpsr;
216 uint16_t tcnt;
217 uint16_t rcnt;
218 uint32_t rsar;
219 uint8_t rsr;
220 uint8_t rxcr;
221 uint8_t isr;
222 uint8_t dcfg;
223 uint8_t imr;
224 uint8_t phys[6]; /* mac address */
225 uint8_t curpag;
226 uint8_t mult[8]; /* multicast mask array */
227 int mmio_index;
228 PCIDevice *pci_dev;
229 VLANClientState *vc;
230 #endif
231 uint8_t scb_stat; /* SCB stat/ack byte */
232 uint8_t int_stat; /* PCI interrupt status */
233 uint32_t region[3]; /* PCI region addresses */
234 uint8_t macaddr[6];
235 uint32_t statcounter[19];
236 uint16_t mdimem[32];
237 eeprom_t *eeprom;
238 uint32_t device; /* device variant */
239 uint32_t pointer;
240 /* (cu_base + cu_offset) address the next command block in the command block list. */
241 uint32_t cu_base; /* CU base address */
242 uint32_t cu_offset; /* CU address offset */
243 /* (ru_base + ru_offset) address the RFD in the Receive Frame Area. */
244 uint32_t ru_base; /* RU base address */
245 uint32_t ru_offset; /* RU address offset */
246 uint32_t statsaddr; /* pointer to eepro100_stats_t */
247 eepro100_stats_t statistics; /* statistical counters */
248 #if 0
249 uint16_t status;
250 #endif
252 /* Configuration bytes. */
253 uint8_t configuration[22];
255 /* Data in mem is always in the byte order of the controller (le). */
256 uint8_t mem[PCI_MEM_SIZE];
257 } EEPRO100State;
259 /* Default values for MDI (PHY) registers */
260 static const uint16_t eepro100_mdi_default[] = {
261 /* MDI Registers 0 - 6, 7 */
262 0x3000, 0x780d, 0x02a8, 0x0154, 0x05e1, 0x0000, 0x0000, 0x0000,
263 /* MDI Registers 8 - 15 */
264 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
265 /* MDI Registers 16 - 31 */
266 0x0003, 0x0000, 0x0001, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
267 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
270 /* Readonly mask for MDI (PHY) registers */
271 static const uint16_t eepro100_mdi_mask[] = {
272 0x0000, 0xffff, 0xffff, 0xffff, 0xc01f, 0xffff, 0xffff, 0x0000,
273 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
274 0x0fff, 0x0000, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
275 0xffff, 0xffff, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
278 #define POLYNOMIAL 0x04c11db6
280 /* From FreeBSD */
281 /* XXX: optimize */
282 static int compute_mcast_idx(const uint8_t * ep)
284 uint32_t crc;
285 int carry, i, j;
286 uint8_t b;
288 crc = 0xffffffff;
289 for (i = 0; i < 6; i++) {
290 b = *ep++;
291 for (j = 0; j < 8; j++) {
292 carry = ((crc & 0x80000000L) ? 1 : 0) ^ (b & 0x01);
293 crc <<= 1;
294 b >>= 1;
295 if (carry)
296 crc = ((crc ^ POLYNOMIAL) | carry);
299 return (crc >> 26);
302 #if defined(DEBUG_EEPRO100)
303 static const char *nic_dump(const uint8_t * buf, unsigned size)
305 static char dump[3 * 16 + 1];
306 char *p = &dump[0];
307 if (size > 16)
308 size = 16;
309 while (size-- > 0) {
310 p += sprintf(p, " %02x", *buf++);
312 return dump;
314 #endif /* DEBUG_EEPRO100 */
316 enum scb_stat_ack {
317 stat_ack_not_ours = 0x00,
318 stat_ack_sw_gen = 0x04,
319 stat_ack_rnr = 0x10,
320 stat_ack_cu_idle = 0x20,
321 stat_ack_frame_rx = 0x40,
322 stat_ack_cu_cmd_done = 0x80,
323 stat_ack_not_present = 0xFF,
324 stat_ack_rx = (stat_ack_sw_gen | stat_ack_rnr | stat_ack_frame_rx),
325 stat_ack_tx = (stat_ack_cu_idle | stat_ack_cu_cmd_done),
328 static void disable_interrupt(EEPRO100State * s)
330 if (s->int_stat) {
331 logout("interrupt disabled\n");
332 qemu_irq_lower(s->pci_dev->irq[0]);
333 s->int_stat = 0;
337 static void enable_interrupt(EEPRO100State * s)
339 if (!s->int_stat) {
340 logout("interrupt enabled\n");
341 qemu_irq_raise(s->pci_dev->irq[0]);
342 s->int_stat = 1;
346 static void eepro100_acknowledge(EEPRO100State * s)
348 s->scb_stat &= ~s->mem[SCBAck];
349 s->mem[SCBAck] = s->scb_stat;
350 if (s->scb_stat == 0) {
351 disable_interrupt(s);
355 static void eepro100_interrupt(EEPRO100State * s, uint8_t stat)
357 uint8_t mask = ~s->mem[SCBIntmask];
358 s->mem[SCBAck] |= stat;
359 stat = s->scb_stat = s->mem[SCBAck];
360 stat &= (mask | 0x0f);
361 //~ stat &= (~s->mem[SCBIntmask] | 0x0xf);
362 if (stat && (mask & 0x01)) {
363 /* SCB mask and SCB Bit M do not disable interrupt. */
364 enable_interrupt(s);
365 } else if (s->int_stat) {
366 disable_interrupt(s);
370 static void eepro100_cx_interrupt(EEPRO100State * s)
372 /* CU completed action command. */
373 /* Transmit not ok (82557 only, not in emulation). */
374 eepro100_interrupt(s, 0x80);
377 static void eepro100_cna_interrupt(EEPRO100State * s)
379 /* CU left the active state. */
380 eepro100_interrupt(s, 0x20);
383 static void eepro100_fr_interrupt(EEPRO100State * s)
385 /* RU received a complete frame. */
386 eepro100_interrupt(s, 0x40);
389 #if 0
390 static void eepro100_rnr_interrupt(EEPRO100State * s)
392 /* RU is not ready. */
393 eepro100_interrupt(s, 0x10);
395 #endif
397 static void eepro100_mdi_interrupt(EEPRO100State * s)
399 /* MDI completed read or write cycle. */
400 eepro100_interrupt(s, 0x08);
403 static void eepro100_swi_interrupt(EEPRO100State * s)
405 /* Software has requested an interrupt. */
406 eepro100_interrupt(s, 0x04);
409 #if 0
410 static void eepro100_fcp_interrupt(EEPRO100State * s)
412 /* Flow control pause interrupt (82558 and later). */
413 eepro100_interrupt(s, 0x01);
415 #endif
417 static void pci_reset(EEPRO100State * s)
419 uint32_t device = s->device;
420 uint8_t *pci_conf = s->pci_dev->config;
422 logout("%p\n", s);
424 /* PCI Vendor ID */
425 pci_config_set_vendor_id(pci_conf, PCI_VENDOR_ID_INTEL);
426 /* PCI Device ID */
427 pci_config_set_device_id(pci_conf, 0x1209);
428 /* PCI Command */
429 PCI_CONFIG_16(PCI_COMMAND, 0x0000);
430 /* PCI Status */
431 PCI_CONFIG_16(PCI_STATUS, 0x2800);
432 /* PCI Revision ID */
433 PCI_CONFIG_8(PCI_REVISION_ID, 0x08);
434 /* PCI Class Code */
435 PCI_CONFIG_8(0x09, 0x00);
436 pci_config_set_class(pci_conf, PCI_CLASS_NETWORK_ETHERNET);
437 /* PCI Cache Line Size */
438 /* check cache line size!!! */
439 //~ PCI_CONFIG_8(0x0c, 0x00);
440 /* PCI Latency Timer */
441 PCI_CONFIG_8(0x0d, 0x20); // latency timer = 32 clocks
442 /* PCI Header Type */
443 /* BIST (built-in self test) */
444 #if defined(TARGET_I386)
445 // !!! workaround for buggy bios
446 //~ #define PCI_ADDRESS_SPACE_MEM_PREFETCH 0
447 #endif
448 #if 0
449 /* PCI Base Address Registers */
450 /* CSR Memory Mapped Base Address */
451 PCI_CONFIG_32(PCI_BASE_ADDRESS_0,
452 PCI_ADDRESS_SPACE_MEM | PCI_ADDRESS_SPACE_MEM_PREFETCH);
453 /* CSR I/O Mapped Base Address */
454 PCI_CONFIG_32(PCI_BASE_ADDRESS_1, PCI_ADDRESS_SPACE_IO);
455 #if 0
456 /* Flash Memory Mapped Base Address */
457 PCI_CONFIG_32(PCI_BASE_ADDRESS_2, 0xfffe0000 | PCI_ADDRESS_SPACE_MEM);
458 #endif
459 #endif
460 /* Expansion ROM Base Address (depends on boot disable!!!) */
461 PCI_CONFIG_32(0x30, 0x00000000);
462 /* Capability Pointer */
463 PCI_CONFIG_8(0x34, 0xdc);
464 /* Interrupt Pin */
465 PCI_CONFIG_8(0x3d, 1); // interrupt pin 0
466 /* Minimum Grant */
467 PCI_CONFIG_8(0x3e, 0x08);
468 /* Maximum Latency */
469 PCI_CONFIG_8(0x3f, 0x18);
470 /* Power Management Capabilities / Next Item Pointer / Capability ID */
471 PCI_CONFIG_32(0xdc, 0x7e210001);
473 switch (device) {
474 case i82551:
475 //~ PCI_CONFIG_16(PCI_DEVICE_ID, 0x1209);
476 PCI_CONFIG_8(PCI_REVISION_ID, 0x0f);
477 break;
478 case i82557B:
479 PCI_CONFIG_16(PCI_DEVICE_ID, 0x1229);
480 PCI_CONFIG_8(PCI_REVISION_ID, 0x02);
481 break;
482 case i82557C:
483 PCI_CONFIG_16(PCI_DEVICE_ID, 0x1229);
484 PCI_CONFIG_8(PCI_REVISION_ID, 0x03);
485 break;
486 case i82558B:
487 PCI_CONFIG_16(PCI_DEVICE_ID, 0x1229);
488 PCI_CONFIG_16(PCI_STATUS, 0x2810);
489 PCI_CONFIG_8(PCI_REVISION_ID, 0x05);
490 break;
491 case i82559C:
492 PCI_CONFIG_16(PCI_DEVICE_ID, 0x1229);
493 PCI_CONFIG_16(PCI_STATUS, 0x2810);
494 //~ PCI_CONFIG_8(PCI_REVISION_ID, 0x08);
495 break;
496 case i82559ER:
497 //~ PCI_CONFIG_16(PCI_DEVICE_ID, 0x1209);
498 PCI_CONFIG_16(PCI_STATUS, 0x2810);
499 PCI_CONFIG_8(PCI_REVISION_ID, 0x09);
500 break;
501 //~ PCI_CONFIG_16(PCI_DEVICE_ID, 0x1029);
502 //~ PCI_CONFIG_16(PCI_DEVICE_ID, 0x1030); /* 82559 InBusiness 10/100 */
503 default:
504 logout("Device %X is undefined!\n", device);
507 if (device == i82557C || device == i82558B || device == i82559C) {
508 logout("Get device id and revision from EEPROM!!!\n");
512 static void nic_selective_reset(EEPRO100State * s)
514 size_t i;
515 uint16_t *eeprom_contents = eeprom93xx_data(s->eeprom);
516 //~ eeprom93xx_reset(s->eeprom);
517 memcpy(eeprom_contents, s->macaddr, 6);
518 eeprom_contents[0xa] = 0x4000;
519 uint16_t sum = 0;
520 for (i = 0; i < EEPROM_SIZE - 1; i++) {
521 sum += eeprom_contents[i];
523 eeprom_contents[EEPROM_SIZE - 1] = 0xbaba - sum;
525 memset(s->mem, 0, sizeof(s->mem));
526 uint32_t val = BIT(21);
527 memcpy(&s->mem[SCBCtrlMDI], &val, sizeof(val));
529 assert(sizeof(s->mdimem) == sizeof(eepro100_mdi_default));
530 memcpy(&s->mdimem[0], &eepro100_mdi_default[0], sizeof(s->mdimem));
533 static void nic_reset(void *opaque)
535 EEPRO100State *s = (EEPRO100State *) opaque;
536 logout("%p\n", s);
537 static int first;
538 if (!first) {
539 first = 1;
541 nic_selective_reset(s);
544 #if defined(DEBUG_EEPRO100)
545 static const char *reg[PCI_IO_SIZE / 4] = {
546 "Command/Status",
547 "General Pointer",
548 "Port",
549 "EEPROM/Flash Control",
550 "MDI Control",
551 "Receive DMA Byte Count",
552 "Flow control register",
553 "General Status/Control"
556 static char *regname(uint32_t addr)
558 static char buf[16];
559 if (addr < PCI_IO_SIZE) {
560 const char *r = reg[addr / 4];
561 if (r != 0) {
562 sprintf(buf, "%s+%u", r, addr % 4);
563 } else {
564 sprintf(buf, "0x%02x", addr);
566 } else {
567 sprintf(buf, "??? 0x%08x", addr);
569 return buf;
571 #endif /* DEBUG_EEPRO100 */
573 #if 0
574 static uint16_t eepro100_read_status(EEPRO100State * s)
576 uint16_t val = s->status;
577 logout("val=0x%04x\n", val);
578 return val;
581 static void eepro100_write_status(EEPRO100State * s, uint16_t val)
583 logout("val=0x%04x\n", val);
584 s->status = val;
586 #endif
588 /*****************************************************************************
590 * Command emulation.
592 ****************************************************************************/
594 #if 0
595 static uint16_t eepro100_read_command(EEPRO100State * s)
597 uint16_t val = 0xffff;
598 //~ logout("val=0x%04x\n", val);
599 return val;
601 #endif
603 /* Commands that can be put in a command list entry. */
604 enum commands {
605 CmdNOp = 0,
606 CmdIASetup = 1,
607 CmdConfigure = 2,
608 CmdMulticastList = 3,
609 CmdTx = 4,
610 CmdTDR = 5, /* load microcode */
611 CmdDump = 6,
612 CmdDiagnose = 7,
614 /* And some extra flags: */
615 CmdSuspend = 0x4000, /* Suspend after completion. */
616 CmdIntr = 0x2000, /* Interrupt after completion. */
617 CmdTxFlex = 0x0008, /* Use "Flexible mode" for CmdTx command. */
620 static cu_state_t get_cu_state(EEPRO100State * s)
622 return ((s->mem[SCBStatus] >> 6) & 0x03);
625 static void set_cu_state(EEPRO100State * s, cu_state_t state)
627 s->mem[SCBStatus] = (s->mem[SCBStatus] & 0x3f) + (state << 6);
630 static ru_state_t get_ru_state(EEPRO100State * s)
632 return ((s->mem[SCBStatus] >> 2) & 0x0f);
635 static void set_ru_state(EEPRO100State * s, ru_state_t state)
637 s->mem[SCBStatus] = (s->mem[SCBStatus] & 0xc3) + (state << 2);
640 static void dump_statistics(EEPRO100State * s)
642 /* Dump statistical data. Most data is never changed by the emulation
643 * and always 0, so we first just copy the whole block and then those
644 * values which really matter.
645 * Number of data should check configuration!!!
647 cpu_physical_memory_write(s->statsaddr, (uint8_t *) & s->statistics, 64);
648 stl_phys(s->statsaddr + 0, s->statistics.tx_good_frames);
649 stl_phys(s->statsaddr + 36, s->statistics.rx_good_frames);
650 stl_phys(s->statsaddr + 48, s->statistics.rx_resource_errors);
651 stl_phys(s->statsaddr + 60, s->statistics.rx_short_frame_errors);
652 //~ stw_phys(s->statsaddr + 76, s->statistics.xmt_tco_frames);
653 //~ stw_phys(s->statsaddr + 78, s->statistics.rcv_tco_frames);
654 //~ missing("CU dump statistical counters");
657 static void eepro100_cu_command(EEPRO100State * s, uint8_t val)
659 eepro100_tx_t tx;
660 uint32_t cb_address;
661 switch (val) {
662 case CU_NOP:
663 /* No operation. */
664 break;
665 case CU_START:
666 if (get_cu_state(s) != cu_idle) {
667 /* Intel documentation says that CU must be idle for the CU
668 * start command. Intel driver for Linux also starts the CU
669 * from suspended state. */
670 logout("CU state is %u, should be %u\n", get_cu_state(s), cu_idle);
671 //~ assert(!"wrong CU state");
673 set_cu_state(s, cu_active);
674 s->cu_offset = s->pointer;
675 next_command:
676 cb_address = s->cu_base + s->cu_offset;
677 cpu_physical_memory_read(cb_address, (uint8_t *) & tx, sizeof(tx));
678 uint16_t status = le16_to_cpu(tx.status);
679 uint16_t command = le16_to_cpu(tx.command);
680 logout
681 ("val=0x%02x (cu start), status=0x%04x, command=0x%04x, link=0x%08x\n",
682 val, status, command, tx.link);
683 bool bit_el = ((command & 0x8000) != 0);
684 bool bit_s = ((command & 0x4000) != 0);
685 bool bit_i = ((command & 0x2000) != 0);
686 bool bit_nc = ((command & 0x0010) != 0);
687 //~ bool bit_sf = ((command & 0x0008) != 0);
688 uint16_t cmd = command & 0x0007;
689 s->cu_offset = le32_to_cpu(tx.link);
690 switch (cmd) {
691 case CmdNOp:
692 /* Do nothing. */
693 break;
694 case CmdIASetup:
695 cpu_physical_memory_read(cb_address + 8, &s->macaddr[0], 6);
696 logout("macaddr: %s\n", nic_dump(&s->macaddr[0], 6));
697 break;
698 case CmdConfigure:
699 cpu_physical_memory_read(cb_address + 8, &s->configuration[0],
700 sizeof(s->configuration));
701 logout("configuration: %s\n", nic_dump(&s->configuration[0], 16));
702 break;
703 case CmdMulticastList:
704 //~ missing("multicast list");
705 break;
706 case CmdTx:
707 (void)0;
708 uint32_t tbd_array = le32_to_cpu(tx.tx_desc_addr);
709 uint16_t tcb_bytes = (le16_to_cpu(tx.tcb_bytes) & 0x3fff);
710 logout
711 ("transmit, TBD array address 0x%08x, TCB byte count 0x%04x, TBD count %u\n",
712 tbd_array, tcb_bytes, tx.tbd_count);
713 assert(!bit_nc);
714 //~ assert(!bit_sf);
715 assert(tcb_bytes <= 2600);
716 /* Next assertion fails for local configuration. */
717 //~ assert((tcb_bytes > 0) || (tbd_array != 0xffffffff));
718 if (!((tcb_bytes > 0) || (tbd_array != 0xffffffff))) {
719 logout
720 ("illegal values of TBD array address and TCB byte count!\n");
722 uint8_t buf[MAX_ETH_FRAME_SIZE + 4];
723 uint16_t size = 0;
724 uint32_t tbd_address = cb_address + 0x10;
725 assert(tcb_bytes <= sizeof(buf));
726 while (size < tcb_bytes) {
727 uint32_t tx_buffer_address = ldl_phys(tbd_address);
728 uint16_t tx_buffer_size = lduw_phys(tbd_address + 4);
729 //~ uint16_t tx_buffer_el = lduw_phys(tbd_address + 6);
730 tbd_address += 8;
731 logout
732 ("TBD (simplified mode): buffer address 0x%08x, size 0x%04x\n",
733 tx_buffer_address, tx_buffer_size);
734 cpu_physical_memory_read(tx_buffer_address, &buf[size],
735 tx_buffer_size);
736 size += tx_buffer_size;
738 if (tbd_array == 0xffffffff) {
739 /* Simplified mode. Was already handled by code above. */
740 } else {
741 /* Flexible mode. */
742 uint8_t tbd_count = 0;
743 if (!(s->configuration[6] & BIT(4))) {
744 /* Extended TCB. */
745 assert(tcb_bytes == 0);
746 for (; tbd_count < 2; tbd_count++) {
747 uint32_t tx_buffer_address = ldl_phys(tbd_address);
748 uint16_t tx_buffer_size = lduw_phys(tbd_address + 4);
749 uint16_t tx_buffer_el = lduw_phys(tbd_address + 6);
750 tbd_address += 8;
751 logout
752 ("TBD (extended mode): buffer address 0x%08x, size 0x%04x\n",
753 tx_buffer_address, tx_buffer_size);
754 cpu_physical_memory_read(tx_buffer_address, &buf[size],
755 tx_buffer_size);
756 size += tx_buffer_size;
757 if (tx_buffer_el & 1) {
758 break;
762 tbd_address = tbd_array;
763 for (; tbd_count < tx.tbd_count; tbd_count++) {
764 uint32_t tx_buffer_address = ldl_phys(tbd_address);
765 uint16_t tx_buffer_size = lduw_phys(tbd_address + 4);
766 uint16_t tx_buffer_el = lduw_phys(tbd_address + 6);
767 tbd_address += 8;
768 logout
769 ("TBD (flexible mode): buffer address 0x%08x, size 0x%04x\n",
770 tx_buffer_address, tx_buffer_size);
771 cpu_physical_memory_read(tx_buffer_address, &buf[size],
772 tx_buffer_size);
773 size += tx_buffer_size;
774 if (tx_buffer_el & 1) {
775 break;
779 qemu_send_packet(s->vc, buf, size);
780 s->statistics.tx_good_frames++;
781 /* Transmit with bad status would raise an CX/TNO interrupt.
782 * (82557 only). Emulation never has bad status. */
783 //~ eepro100_cx_interrupt(s);
784 break;
785 case CmdTDR:
786 logout("load microcode\n");
787 /* Starting with offset 8, the command contains
788 * 64 dwords microcode which we just ignore here. */
789 break;
790 default:
791 missing("undefined command");
793 /* Write new status (success). */
794 stw_phys(cb_address, status | 0x8000 | 0x2000);
795 if (bit_i) {
796 /* CU completed action. */
797 eepro100_cx_interrupt(s);
799 if (bit_el) {
800 /* CU becomes idle. */
801 set_cu_state(s, cu_idle);
802 eepro100_cna_interrupt(s);
803 } else if (bit_s) {
804 /* CU becomes suspended. */
805 set_cu_state(s, cu_suspended);
806 eepro100_cna_interrupt(s);
807 } else {
808 /* More entries in list. */
809 logout("CU list with at least one more entry\n");
810 goto next_command;
812 logout("CU list empty\n");
813 /* List is empty. Now CU is idle or suspended. */
814 break;
815 case CU_RESUME:
816 if (get_cu_state(s) != cu_suspended) {
817 logout("bad CU resume from CU state %u\n", get_cu_state(s));
818 /* Workaround for bad Linux eepro100 driver which resumes
819 * from idle state. */
820 //~ missing("cu resume");
821 set_cu_state(s, cu_suspended);
823 if (get_cu_state(s) == cu_suspended) {
824 logout("CU resuming\n");
825 set_cu_state(s, cu_active);
826 goto next_command;
828 break;
829 case CU_STATSADDR:
830 /* Load dump counters address. */
831 s->statsaddr = s->pointer;
832 logout("val=0x%02x (status address)\n", val);
833 break;
834 case CU_SHOWSTATS:
835 /* Dump statistical counters. */
836 dump_statistics(s);
837 break;
838 case CU_CMD_BASE:
839 /* Load CU base. */
840 logout("val=0x%02x (CU base address)\n", val);
841 s->cu_base = s->pointer;
842 break;
843 case CU_DUMPSTATS:
844 /* Dump and reset statistical counters. */
845 dump_statistics(s);
846 memset(&s->statistics, 0, sizeof(s->statistics));
847 break;
848 case CU_SRESUME:
849 /* CU static resume. */
850 missing("CU static resume");
851 break;
852 default:
853 missing("Undefined CU command");
857 static void eepro100_ru_command(EEPRO100State * s, uint8_t val)
859 switch (val) {
860 case RU_NOP:
861 /* No operation. */
862 break;
863 case RX_START:
864 /* RU start. */
865 if (get_ru_state(s) != ru_idle) {
866 logout("RU state is %u, should be %u\n", get_ru_state(s), ru_idle);
867 //~ assert(!"wrong RU state");
869 set_ru_state(s, ru_ready);
870 s->ru_offset = s->pointer;
871 logout("val=0x%02x (rx start)\n", val);
872 break;
873 case RX_RESUME:
874 /* Restart RU. */
875 if (get_ru_state(s) != ru_suspended) {
876 logout("RU state is %u, should be %u\n", get_ru_state(s),
877 ru_suspended);
878 //~ assert(!"wrong RU state");
880 set_ru_state(s, ru_ready);
881 break;
882 case RX_ADDR_LOAD:
883 /* Load RU base. */
884 logout("val=0x%02x (RU base address)\n", val);
885 s->ru_base = s->pointer;
886 break;
887 default:
888 logout("val=0x%02x (undefined RU command)\n", val);
889 missing("Undefined SU command");
893 static void eepro100_write_command(EEPRO100State * s, uint8_t val)
895 eepro100_ru_command(s, val & 0x0f);
896 eepro100_cu_command(s, val & 0xf0);
897 if ((val) == 0) {
898 logout("val=0x%02x\n", val);
900 /* Clear command byte after command was accepted. */
901 s->mem[SCBCmd] = 0;
904 /*****************************************************************************
906 * EEPROM emulation.
908 ****************************************************************************/
910 #define EEPROM_CS 0x02
911 #define EEPROM_SK 0x01
912 #define EEPROM_DI 0x04
913 #define EEPROM_DO 0x08
915 static uint16_t eepro100_read_eeprom(EEPRO100State * s)
917 uint16_t val;
918 memcpy(&val, &s->mem[SCBeeprom], sizeof(val));
919 if (eeprom93xx_read(s->eeprom)) {
920 val |= EEPROM_DO;
921 } else {
922 val &= ~EEPROM_DO;
924 return val;
927 static void eepro100_write_eeprom(eeprom_t * eeprom, uint8_t val)
929 logout("write val=0x%02x\n", val);
931 /* mask unwriteable bits */
932 //~ val = SET_MASKED(val, 0x31, eeprom->value);
934 int eecs = ((val & EEPROM_CS) != 0);
935 int eesk = ((val & EEPROM_SK) != 0);
936 int eedi = ((val & EEPROM_DI) != 0);
937 eeprom93xx_write(eeprom, eecs, eesk, eedi);
940 static void eepro100_write_pointer(EEPRO100State * s, uint32_t val)
942 s->pointer = le32_to_cpu(val);
943 logout("val=0x%08x\n", val);
946 /*****************************************************************************
948 * MDI emulation.
950 ****************************************************************************/
952 #if defined(DEBUG_EEPRO100)
953 static const char *mdi_op_name[] = {
954 "opcode 0",
955 "write",
956 "read",
957 "opcode 3"
960 static const char *mdi_reg_name[] = {
961 "Control",
962 "Status",
963 "PHY Identification (Word 1)",
964 "PHY Identification (Word 2)",
965 "Auto-Negotiation Advertisement",
966 "Auto-Negotiation Link Partner Ability",
967 "Auto-Negotiation Expansion"
969 #endif /* DEBUG_EEPRO100 */
971 static uint32_t eepro100_read_mdi(EEPRO100State * s)
973 uint32_t val;
974 memcpy(&val, &s->mem[0x10], sizeof(val));
976 #ifdef DEBUG_EEPRO100
977 uint8_t raiseint = (val & BIT(29)) >> 29;
978 uint8_t opcode = (val & BITS(27, 26)) >> 26;
979 uint8_t phy = (val & BITS(25, 21)) >> 21;
980 uint8_t reg = (val & BITS(20, 16)) >> 16;
981 uint16_t data = (val & BITS(15, 0));
982 #endif
983 /* Emulation takes no time to finish MDI transaction. */
984 val |= BIT(28);
985 TRACE(MDI, logout("val=0x%08x (int=%u, %s, phy=%u, %s, data=0x%04x\n",
986 val, raiseint, mdi_op_name[opcode], phy,
987 mdi_reg_name[reg], data));
988 return val;
991 //~ #define BITS(val, upper, lower) (val & ???)
992 static void eepro100_write_mdi(EEPRO100State * s, uint32_t val)
994 uint8_t raiseint = (val & BIT(29)) >> 29;
995 uint8_t opcode = (val & BITS(27, 26)) >> 26;
996 uint8_t phy = (val & BITS(25, 21)) >> 21;
997 uint8_t reg = (val & BITS(20, 16)) >> 16;
998 uint16_t data = (val & BITS(15, 0));
999 if (phy != 1) {
1000 /* Unsupported PHY address. */
1001 //~ logout("phy must be 1 but is %u\n", phy);
1002 data = 0;
1003 } else if (opcode != 1 && opcode != 2) {
1004 /* Unsupported opcode. */
1005 logout("opcode must be 1 or 2 but is %u\n", opcode);
1006 data = 0;
1007 } else if (reg > 6) {
1008 /* Unsupported register. */
1009 logout("register must be 0...6 but is %u\n", reg);
1010 data = 0;
1011 } else {
1012 TRACE(MDI, logout("val=0x%08x (int=%u, %s, phy=%u, %s, data=0x%04x\n",
1013 val, raiseint, mdi_op_name[opcode], phy,
1014 mdi_reg_name[reg], data));
1015 if (opcode == 1) {
1016 /* MDI write */
1017 switch (reg) {
1018 case 0: /* Control Register */
1019 if (data & 0x8000) {
1020 /* Reset status and control registers to default. */
1021 s->mdimem[0] = eepro100_mdi_default[0];
1022 s->mdimem[1] = eepro100_mdi_default[1];
1023 data = s->mdimem[reg];
1024 } else {
1025 /* Restart Auto Configuration = Normal Operation */
1026 data &= ~0x0200;
1028 break;
1029 case 1: /* Status Register */
1030 missing("not writable");
1031 data = s->mdimem[reg];
1032 break;
1033 case 2: /* PHY Identification Register (Word 1) */
1034 case 3: /* PHY Identification Register (Word 2) */
1035 missing("not implemented");
1036 break;
1037 case 4: /* Auto-Negotiation Advertisement Register */
1038 case 5: /* Auto-Negotiation Link Partner Ability Register */
1039 break;
1040 case 6: /* Auto-Negotiation Expansion Register */
1041 default:
1042 missing("not implemented");
1044 s->mdimem[reg] = data;
1045 } else if (opcode == 2) {
1046 /* MDI read */
1047 switch (reg) {
1048 case 0: /* Control Register */
1049 if (data & 0x8000) {
1050 /* Reset status and control registers to default. */
1051 s->mdimem[0] = eepro100_mdi_default[0];
1052 s->mdimem[1] = eepro100_mdi_default[1];
1054 break;
1055 case 1: /* Status Register */
1056 s->mdimem[reg] |= 0x0020;
1057 break;
1058 case 2: /* PHY Identification Register (Word 1) */
1059 case 3: /* PHY Identification Register (Word 2) */
1060 case 4: /* Auto-Negotiation Advertisement Register */
1061 break;
1062 case 5: /* Auto-Negotiation Link Partner Ability Register */
1063 s->mdimem[reg] = 0x41fe;
1064 break;
1065 case 6: /* Auto-Negotiation Expansion Register */
1066 s->mdimem[reg] = 0x0001;
1067 break;
1069 data = s->mdimem[reg];
1071 /* Emulation takes no time to finish MDI transaction.
1072 * Set MDI bit in SCB status register. */
1073 s->mem[SCBAck] |= 0x08;
1074 val |= BIT(28);
1075 if (raiseint) {
1076 eepro100_mdi_interrupt(s);
1079 val = (val & 0xffff0000) + data;
1080 memcpy(&s->mem[0x10], &val, sizeof(val));
1083 /*****************************************************************************
1085 * Port emulation.
1087 ****************************************************************************/
1089 #define PORT_SOFTWARE_RESET 0
1090 #define PORT_SELFTEST 1
1091 #define PORT_SELECTIVE_RESET 2
1092 #define PORT_DUMP 3
1093 #define PORT_SELECTION_MASK 3
1095 typedef struct {
1096 uint32_t st_sign; /* Self Test Signature */
1097 uint32_t st_result; /* Self Test Results */
1098 } eepro100_selftest_t;
1100 static uint32_t eepro100_read_port(EEPRO100State * s)
1102 return 0;
1105 static void eepro100_write_port(EEPRO100State * s, uint32_t val)
1107 val = le32_to_cpu(val);
1108 uint32_t address = (val & ~PORT_SELECTION_MASK);
1109 uint8_t selection = (val & PORT_SELECTION_MASK);
1110 switch (selection) {
1111 case PORT_SOFTWARE_RESET:
1112 nic_reset(s);
1113 break;
1114 case PORT_SELFTEST:
1115 logout("selftest address=0x%08x\n", address);
1116 eepro100_selftest_t data;
1117 cpu_physical_memory_read(address, (uint8_t *) & data, sizeof(data));
1118 data.st_sign = 0xffffffff;
1119 data.st_result = 0;
1120 cpu_physical_memory_write(address, (uint8_t *) & data, sizeof(data));
1121 break;
1122 case PORT_SELECTIVE_RESET:
1123 logout("selective reset, selftest address=0x%08x\n", address);
1124 nic_selective_reset(s);
1125 break;
1126 default:
1127 logout("val=0x%08x\n", val);
1128 missing("unknown port selection");
1132 /*****************************************************************************
1134 * General hardware emulation.
1136 ****************************************************************************/
1138 static uint8_t eepro100_read1(EEPRO100State * s, uint32_t addr)
1140 uint8_t val;
1141 if (addr <= sizeof(s->mem) - sizeof(val)) {
1142 memcpy(&val, &s->mem[addr], sizeof(val));
1145 switch (addr) {
1146 case SCBStatus:
1147 //~ val = eepro100_read_status(s);
1148 logout("addr=%s val=0x%02x\n", regname(addr), val);
1149 break;
1150 case SCBAck:
1151 //~ val = eepro100_read_status(s);
1152 logout("addr=%s val=0x%02x\n", regname(addr), val);
1153 break;
1154 case SCBCmd:
1155 logout("addr=%s val=0x%02x\n", regname(addr), val);
1156 //~ val = eepro100_read_command(s);
1157 break;
1158 case SCBIntmask:
1159 logout("addr=%s val=0x%02x\n", regname(addr), val);
1160 break;
1161 case SCBPort + 3:
1162 logout("addr=%s val=0x%02x\n", regname(addr), val);
1163 break;
1164 case SCBeeprom:
1165 val = eepro100_read_eeprom(s);
1166 break;
1167 case 0x1b: /* PMDR (power management driver register) */
1168 val = 0;
1169 logout("addr=%s val=0x%02x\n", regname(addr), val);
1170 break;
1171 case 0x1d: /* general status register */
1172 /* 100 Mbps full duplex, valid link */
1173 val = 0x07;
1174 logout("addr=General Status val=%02x\n", val);
1175 break;
1176 default:
1177 logout("addr=%s val=0x%02x\n", regname(addr), val);
1178 missing("unknown byte read");
1180 return val;
1183 static uint16_t eepro100_read2(EEPRO100State * s, uint32_t addr)
1185 uint16_t val;
1186 if (addr <= sizeof(s->mem) - sizeof(val)) {
1187 memcpy(&val, &s->mem[addr], sizeof(val));
1190 logout("addr=%s val=0x%04x\n", regname(addr), val);
1192 switch (addr) {
1193 case SCBStatus:
1194 //~ val = eepro100_read_status(s);
1195 break;
1196 case SCBeeprom:
1197 val = eepro100_read_eeprom(s);
1198 break;
1199 default:
1200 logout("addr=%s val=0x%04x\n", regname(addr), val);
1201 missing("unknown word read");
1203 return val;
1206 static uint32_t eepro100_read4(EEPRO100State * s, uint32_t addr)
1208 uint32_t val;
1209 if (addr <= sizeof(s->mem) - sizeof(val)) {
1210 memcpy(&val, &s->mem[addr], sizeof(val));
1213 switch (addr) {
1214 case SCBStatus:
1215 //~ val = eepro100_read_status(s);
1216 logout("addr=%s val=0x%08x\n", regname(addr), val);
1217 break;
1218 case SCBPointer:
1219 //~ val = eepro100_read_pointer(s);
1220 logout("addr=%s val=0x%08x\n", regname(addr), val);
1221 break;
1222 case SCBPort:
1223 val = eepro100_read_port(s);
1224 logout("addr=%s val=0x%08x\n", regname(addr), val);
1225 break;
1226 case SCBCtrlMDI:
1227 val = eepro100_read_mdi(s);
1228 break;
1229 default:
1230 logout("addr=%s val=0x%08x\n", regname(addr), val);
1231 missing("unknown longword read");
1233 return val;
1236 static void eepro100_write1(EEPRO100State * s, uint32_t addr, uint8_t val)
1238 if (addr <= sizeof(s->mem) - sizeof(val)) {
1239 memcpy(&s->mem[addr], &val, sizeof(val));
1242 logout("addr=%s val=0x%02x\n", regname(addr), val);
1244 switch (addr) {
1245 case SCBStatus:
1246 //~ eepro100_write_status(s, val);
1247 break;
1248 case SCBAck:
1249 eepro100_acknowledge(s);
1250 break;
1251 case SCBCmd:
1252 eepro100_write_command(s, val);
1253 break;
1254 case SCBIntmask:
1255 if (val & BIT(1)) {
1256 eepro100_swi_interrupt(s);
1258 eepro100_interrupt(s, 0);
1259 break;
1260 case SCBPort + 3:
1261 case SCBFlow:
1262 case SCBFlow + 1:
1263 case SCBFlow + 2:
1264 case SCBFlow + 3:
1265 logout("addr=%s val=0x%02x\n", regname(addr), val);
1266 break;
1267 case SCBeeprom:
1268 eepro100_write_eeprom(s->eeprom, val);
1269 break;
1270 default:
1271 logout("addr=%s val=0x%02x\n", regname(addr), val);
1272 missing("unknown byte write");
1276 static void eepro100_write2(EEPRO100State * s, uint32_t addr, uint16_t val)
1278 if (addr <= sizeof(s->mem) - sizeof(val)) {
1279 memcpy(&s->mem[addr], &val, sizeof(val));
1282 logout("addr=%s val=0x%04x\n", regname(addr), val);
1284 switch (addr) {
1285 case SCBStatus:
1286 //~ eepro100_write_status(s, val);
1287 eepro100_acknowledge(s);
1288 break;
1289 case SCBCmd:
1290 eepro100_write_command(s, val);
1291 eepro100_write1(s, SCBIntmask, val >> 8);
1292 break;
1293 case SCBeeprom:
1294 eepro100_write_eeprom(s->eeprom, val);
1295 break;
1296 default:
1297 logout("addr=%s val=0x%04x\n", regname(addr), val);
1298 missing("unknown word write");
1302 static void eepro100_write4(EEPRO100State * s, uint32_t addr, uint32_t val)
1304 if (addr <= sizeof(s->mem) - sizeof(val)) {
1305 memcpy(&s->mem[addr], &val, sizeof(val));
1308 switch (addr) {
1309 case SCBPointer:
1310 eepro100_write_pointer(s, val);
1311 break;
1312 case SCBPort:
1313 logout("addr=%s val=0x%08x\n", regname(addr), val);
1314 eepro100_write_port(s, val);
1315 break;
1316 case SCBCtrlMDI:
1317 eepro100_write_mdi(s, val);
1318 break;
1319 default:
1320 logout("addr=%s val=0x%08x\n", regname(addr), val);
1321 missing("unknown longword write");
1325 static uint32_t ioport_read1(void *opaque, uint32_t addr)
1327 EEPRO100State *s = opaque;
1328 //~ logout("addr=%s\n", regname(addr));
1329 return eepro100_read1(s, addr - s->region[1]);
1332 static uint32_t ioport_read2(void *opaque, uint32_t addr)
1334 EEPRO100State *s = opaque;
1335 return eepro100_read2(s, addr - s->region[1]);
1338 static uint32_t ioport_read4(void *opaque, uint32_t addr)
1340 EEPRO100State *s = opaque;
1341 return eepro100_read4(s, addr - s->region[1]);
1344 static void ioport_write1(void *opaque, uint32_t addr, uint32_t val)
1346 EEPRO100State *s = opaque;
1347 //~ logout("addr=%s val=0x%02x\n", regname(addr), val);
1348 eepro100_write1(s, addr - s->region[1], val);
1351 static void ioport_write2(void *opaque, uint32_t addr, uint32_t val)
1353 EEPRO100State *s = opaque;
1354 eepro100_write2(s, addr - s->region[1], val);
1357 static void ioport_write4(void *opaque, uint32_t addr, uint32_t val)
1359 EEPRO100State *s = opaque;
1360 eepro100_write4(s, addr - s->region[1], val);
1363 /***********************************************************/
1364 /* PCI EEPRO100 definitions */
1366 typedef struct PCIEEPRO100State {
1367 PCIDevice dev;
1368 EEPRO100State eepro100;
1369 } PCIEEPRO100State;
1371 static void pci_map(PCIDevice * pci_dev, int region_num,
1372 uint32_t addr, uint32_t size, int type)
1374 PCIEEPRO100State *d = (PCIEEPRO100State *) pci_dev;
1375 EEPRO100State *s = &d->eepro100;
1377 logout("region %d, addr=0x%08x, size=0x%08x, type=%d\n",
1378 region_num, addr, size, type);
1380 assert(region_num == 1);
1381 register_ioport_write(addr, size, 1, ioport_write1, s);
1382 register_ioport_read(addr, size, 1, ioport_read1, s);
1383 register_ioport_write(addr, size, 2, ioport_write2, s);
1384 register_ioport_read(addr, size, 2, ioport_read2, s);
1385 register_ioport_write(addr, size, 4, ioport_write4, s);
1386 register_ioport_read(addr, size, 4, ioport_read4, s);
1388 s->region[region_num] = addr;
1391 static void pci_mmio_writeb(void *opaque, target_phys_addr_t addr, uint32_t val)
1393 EEPRO100State *s = opaque;
1394 //~ logout("addr=%s val=0x%02x\n", regname(addr), val);
1395 eepro100_write1(s, addr, val);
1398 static void pci_mmio_writew(void *opaque, target_phys_addr_t addr, uint32_t val)
1400 EEPRO100State *s = opaque;
1401 //~ logout("addr=%s val=0x%02x\n", regname(addr), val);
1402 eepro100_write2(s, addr, val);
1405 static void pci_mmio_writel(void *opaque, target_phys_addr_t addr, uint32_t val)
1407 EEPRO100State *s = opaque;
1408 //~ logout("addr=%s val=0x%02x\n", regname(addr), val);
1409 eepro100_write4(s, addr, val);
1412 static uint32_t pci_mmio_readb(void *opaque, target_phys_addr_t addr)
1414 EEPRO100State *s = opaque;
1415 //~ logout("addr=%s\n", regname(addr));
1416 return eepro100_read1(s, addr);
1419 static uint32_t pci_mmio_readw(void *opaque, target_phys_addr_t addr)
1421 EEPRO100State *s = opaque;
1422 //~ logout("addr=%s\n", regname(addr));
1423 return eepro100_read2(s, addr);
1426 static uint32_t pci_mmio_readl(void *opaque, target_phys_addr_t addr)
1428 EEPRO100State *s = opaque;
1429 //~ logout("addr=%s\n", regname(addr));
1430 return eepro100_read4(s, addr);
1433 static CPUWriteMemoryFunc *pci_mmio_write[] = {
1434 pci_mmio_writeb,
1435 pci_mmio_writew,
1436 pci_mmio_writel
1439 static CPUReadMemoryFunc *pci_mmio_read[] = {
1440 pci_mmio_readb,
1441 pci_mmio_readw,
1442 pci_mmio_readl
1445 static void pci_mmio_map(PCIDevice * pci_dev, int region_num,
1446 uint32_t addr, uint32_t size, int type)
1448 PCIEEPRO100State *d = (PCIEEPRO100State *) pci_dev;
1450 logout("region %d, addr=0x%08x, size=0x%08x, type=%d\n",
1451 region_num, addr, size, type);
1453 if (region_num == 0) {
1454 /* Map control / status registers. */
1455 cpu_register_physical_memory(addr, size, d->eepro100.mmio_index);
1456 d->eepro100.region[region_num] = addr;
1460 static int nic_can_receive(void *opaque)
1462 EEPRO100State *s = opaque;
1463 logout("%p\n", s);
1464 return get_ru_state(s) == ru_ready;
1465 //~ return !eepro100_buffer_full(s);
1468 #define MIN_BUF_SIZE 60
1470 static void nic_receive(void *opaque, const uint8_t * buf, int size)
1472 /* TODO:
1473 * - Magic packets should set bit 30 in power management driver register.
1474 * - Interesting packets should set bit 29 in power management driver register.
1476 EEPRO100State *s = opaque;
1477 uint16_t rfd_status = 0xa000;
1478 static const uint8_t broadcast_macaddr[6] =
1479 { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
1481 /* TODO: check multiple IA bit. */
1482 assert(!(s->configuration[20] & BIT(6)));
1484 if (s->configuration[8] & 0x80) {
1485 /* CSMA is disabled. */
1486 logout("%p received while CSMA is disabled\n", s);
1487 return;
1488 } else if (size < 64 && (s->configuration[7] & 1)) {
1489 /* Short frame and configuration byte 7/0 (discard short receive) set:
1490 * Short frame is discarded */
1491 logout("%p received short frame (%d byte)\n", s, size);
1492 s->statistics.rx_short_frame_errors++;
1493 //~ return;
1494 } else if ((size > MAX_ETH_FRAME_SIZE + 4) && !(s->configuration[18] & 8)) {
1495 /* Long frame and configuration byte 18/3 (long receive ok) not set:
1496 * Long frames are discarded. */
1497 logout("%p received long frame (%d byte), ignored\n", s, size);
1498 return;
1499 } else if (memcmp(buf, s->macaddr, 6) == 0) { // !!!
1500 /* Frame matches individual address. */
1501 /* TODO: check configuration byte 15/4 (ignore U/L). */
1502 logout("%p received frame for me, len=%d\n", s, size);
1503 } else if (memcmp(buf, broadcast_macaddr, 6) == 0) {
1504 /* Broadcast frame. */
1505 logout("%p received broadcast, len=%d\n", s, size);
1506 rfd_status |= 0x0002;
1507 } else if (buf[0] & 0x01) { // !!!
1508 /* Multicast frame. */
1509 logout("%p received multicast, len=%d\n", s, size);
1510 /* TODO: check multicast all bit. */
1511 assert(!(s->configuration[21] & BIT(3)));
1512 int mcast_idx = compute_mcast_idx(buf);
1513 if (!(s->mult[mcast_idx >> 3] & (1 << (mcast_idx & 7)))) {
1514 return;
1516 rfd_status |= 0x0002;
1517 } else if (s->configuration[15] & 1) {
1518 /* Promiscuous: receive all. */
1519 logout("%p received frame in promiscuous mode, len=%d\n", s, size);
1520 rfd_status |= 0x0004;
1521 } else {
1522 logout("%p received frame, ignored, len=%d,%s\n", s, size,
1523 nic_dump(buf, size));
1524 return;
1527 if (get_ru_state(s) != ru_ready) {
1528 /* No ressources available. */
1529 logout("no ressources, state=%u\n", get_ru_state(s));
1530 s->statistics.rx_resource_errors++;
1531 //~ assert(!"no ressources");
1532 return;
1534 //~ !!!
1535 //~ $3 = {status = 0x0, command = 0xc000, link = 0x2d220, rx_buf_addr = 0x207dc, count = 0x0, size = 0x5f8, packet = {0x0 <repeats 1518 times>}}
1536 eepro100_rx_t rx;
1537 cpu_physical_memory_read(s->ru_base + s->ru_offset, (uint8_t *) & rx,
1538 offsetof(eepro100_rx_t, packet));
1539 uint16_t rfd_command = le16_to_cpu(rx.command);
1540 uint16_t rfd_size = le16_to_cpu(rx.size);
1541 assert(size <= rfd_size);
1542 if (size < 64) {
1543 rfd_status |= 0x0080;
1545 logout("command 0x%04x, link 0x%08x, addr 0x%08x, size %u\n", rfd_command,
1546 rx.link, rx.rx_buf_addr, rfd_size);
1547 stw_phys(s->ru_base + s->ru_offset + offsetof(eepro100_rx_t, status),
1548 rfd_status);
1549 stw_phys(s->ru_base + s->ru_offset + offsetof(eepro100_rx_t, count), size);
1550 /* Early receive interrupt not supported. */
1551 //~ eepro100_er_interrupt(s);
1552 /* Receive CRC Transfer not supported. */
1553 assert(!(s->configuration[18] & 4));
1554 /* TODO: check stripping enable bit. */
1555 //~ assert(!(s->configuration[17] & 1));
1556 cpu_physical_memory_write(s->ru_base + s->ru_offset +
1557 offsetof(eepro100_rx_t, packet), buf, size);
1558 s->statistics.rx_good_frames++;
1559 eepro100_fr_interrupt(s);
1560 s->ru_offset = le32_to_cpu(rx.link);
1561 if (rfd_command & 0x8000) {
1562 /* EL bit is set, so this was the last frame. */
1563 assert(0);
1565 if (rfd_command & 0x4000) {
1566 /* S bit is set. */
1567 set_ru_state(s, ru_suspended);
1571 static int nic_load(QEMUFile * f, void *opaque, int version_id)
1573 EEPRO100State *s = (EEPRO100State *) opaque;
1574 int i;
1575 int ret;
1577 if (version_id > 3)
1578 return -EINVAL;
1580 if (s->pci_dev && version_id >= 3) {
1581 ret = pci_device_load(s->pci_dev, f);
1582 if (ret < 0)
1583 return ret;
1586 if (version_id >= 2) {
1587 qemu_get_8s(f, &s->rxcr);
1588 } else {
1589 s->rxcr = 0x0c;
1592 qemu_get_8s(f, &s->cmd);
1593 qemu_get_be32s(f, &s->start);
1594 qemu_get_be32s(f, &s->stop);
1595 qemu_get_8s(f, &s->boundary);
1596 qemu_get_8s(f, &s->tsr);
1597 qemu_get_8s(f, &s->tpsr);
1598 qemu_get_be16s(f, &s->tcnt);
1599 qemu_get_be16s(f, &s->rcnt);
1600 qemu_get_be32s(f, &s->rsar);
1601 qemu_get_8s(f, &s->rsr);
1602 qemu_get_8s(f, &s->isr);
1603 qemu_get_8s(f, &s->dcfg);
1604 qemu_get_8s(f, &s->imr);
1605 qemu_get_buffer(f, s->phys, 6);
1606 qemu_get_8s(f, &s->curpag);
1607 qemu_get_buffer(f, s->mult, 8);
1608 qemu_get_buffer(f, s->mem, sizeof(s->mem));
1610 /* Restore all members of struct between scv_stat and mem */
1611 qemu_get_8s(f, &s->scb_stat);
1612 qemu_get_8s(f, &s->int_stat);
1613 for (i = 0; i < 3; i++)
1614 qemu_get_be32s(f, &s->region[i]);
1615 qemu_get_buffer(f, s->macaddr, 6);
1616 for (i = 0; i < 19; i++)
1617 qemu_get_be32s(f, &s->statcounter[i]);
1618 for (i = 0; i < 32; i++)
1619 qemu_get_be16s(f, &s->mdimem[i]);
1620 /* The eeprom should be saved and restored by its own routines */
1621 qemu_get_be32s(f, &s->device);
1622 qemu_get_be32s(f, &s->pointer);
1623 qemu_get_be32s(f, &s->cu_base);
1624 qemu_get_be32s(f, &s->cu_offset);
1625 qemu_get_be32s(f, &s->ru_base);
1626 qemu_get_be32s(f, &s->ru_offset);
1627 qemu_get_be32s(f, &s->statsaddr);
1628 /* Restore epro100_stats_t statistics */
1629 qemu_get_be32s(f, &s->statistics.tx_good_frames);
1630 qemu_get_be32s(f, &s->statistics.tx_max_collisions);
1631 qemu_get_be32s(f, &s->statistics.tx_late_collisions);
1632 qemu_get_be32s(f, &s->statistics.tx_underruns);
1633 qemu_get_be32s(f, &s->statistics.tx_lost_crs);
1634 qemu_get_be32s(f, &s->statistics.tx_deferred);
1635 qemu_get_be32s(f, &s->statistics.tx_single_collisions);
1636 qemu_get_be32s(f, &s->statistics.tx_multiple_collisions);
1637 qemu_get_be32s(f, &s->statistics.tx_total_collisions);
1638 qemu_get_be32s(f, &s->statistics.rx_good_frames);
1639 qemu_get_be32s(f, &s->statistics.rx_crc_errors);
1640 qemu_get_be32s(f, &s->statistics.rx_alignment_errors);
1641 qemu_get_be32s(f, &s->statistics.rx_resource_errors);
1642 qemu_get_be32s(f, &s->statistics.rx_overrun_errors);
1643 qemu_get_be32s(f, &s->statistics.rx_cdt_errors);
1644 qemu_get_be32s(f, &s->statistics.rx_short_frame_errors);
1645 qemu_get_be32s(f, &s->statistics.fc_xmt_pause);
1646 qemu_get_be32s(f, &s->statistics.fc_rcv_pause);
1647 qemu_get_be32s(f, &s->statistics.fc_rcv_unsupported);
1648 qemu_get_be16s(f, &s->statistics.xmt_tco_frames);
1649 qemu_get_be16s(f, &s->statistics.rcv_tco_frames);
1650 qemu_get_be32s(f, &s->statistics.complete);
1651 #if 0
1652 qemu_get_be16s(f, &s->status);
1653 #endif
1655 /* Configuration bytes. */
1656 qemu_get_buffer(f, s->configuration, sizeof(s->configuration));
1658 return 0;
1661 static void nic_save(QEMUFile * f, void *opaque)
1663 EEPRO100State *s = (EEPRO100State *) opaque;
1664 int i;
1666 if (s->pci_dev)
1667 pci_device_save(s->pci_dev, f);
1669 qemu_put_8s(f, &s->rxcr);
1671 qemu_put_8s(f, &s->cmd);
1672 qemu_put_be32s(f, &s->start);
1673 qemu_put_be32s(f, &s->stop);
1674 qemu_put_8s(f, &s->boundary);
1675 qemu_put_8s(f, &s->tsr);
1676 qemu_put_8s(f, &s->tpsr);
1677 qemu_put_be16s(f, &s->tcnt);
1678 qemu_put_be16s(f, &s->rcnt);
1679 qemu_put_be32s(f, &s->rsar);
1680 qemu_put_8s(f, &s->rsr);
1681 qemu_put_8s(f, &s->isr);
1682 qemu_put_8s(f, &s->dcfg);
1683 qemu_put_8s(f, &s->imr);
1684 qemu_put_buffer(f, s->phys, 6);
1685 qemu_put_8s(f, &s->curpag);
1686 qemu_put_buffer(f, s->mult, 8);
1687 qemu_put_buffer(f, s->mem, sizeof(s->mem));
1689 /* Save all members of struct between scv_stat and mem */
1690 qemu_put_8s(f, &s->scb_stat);
1691 qemu_put_8s(f, &s->int_stat);
1692 for (i = 0; i < 3; i++)
1693 qemu_put_be32s(f, &s->region[i]);
1694 qemu_put_buffer(f, s->macaddr, 6);
1695 for (i = 0; i < 19; i++)
1696 qemu_put_be32s(f, &s->statcounter[i]);
1697 for (i = 0; i < 32; i++)
1698 qemu_put_be16s(f, &s->mdimem[i]);
1699 /* The eeprom should be saved and restored by its own routines */
1700 qemu_put_be32s(f, &s->device);
1701 qemu_put_be32s(f, &s->pointer);
1702 qemu_put_be32s(f, &s->cu_base);
1703 qemu_put_be32s(f, &s->cu_offset);
1704 qemu_put_be32s(f, &s->ru_base);
1705 qemu_put_be32s(f, &s->ru_offset);
1706 qemu_put_be32s(f, &s->statsaddr);
1707 /* Save epro100_stats_t statistics */
1708 qemu_put_be32s(f, &s->statistics.tx_good_frames);
1709 qemu_put_be32s(f, &s->statistics.tx_max_collisions);
1710 qemu_put_be32s(f, &s->statistics.tx_late_collisions);
1711 qemu_put_be32s(f, &s->statistics.tx_underruns);
1712 qemu_put_be32s(f, &s->statistics.tx_lost_crs);
1713 qemu_put_be32s(f, &s->statistics.tx_deferred);
1714 qemu_put_be32s(f, &s->statistics.tx_single_collisions);
1715 qemu_put_be32s(f, &s->statistics.tx_multiple_collisions);
1716 qemu_put_be32s(f, &s->statistics.tx_total_collisions);
1717 qemu_put_be32s(f, &s->statistics.rx_good_frames);
1718 qemu_put_be32s(f, &s->statistics.rx_crc_errors);
1719 qemu_put_be32s(f, &s->statistics.rx_alignment_errors);
1720 qemu_put_be32s(f, &s->statistics.rx_resource_errors);
1721 qemu_put_be32s(f, &s->statistics.rx_overrun_errors);
1722 qemu_put_be32s(f, &s->statistics.rx_cdt_errors);
1723 qemu_put_be32s(f, &s->statistics.rx_short_frame_errors);
1724 qemu_put_be32s(f, &s->statistics.fc_xmt_pause);
1725 qemu_put_be32s(f, &s->statistics.fc_rcv_pause);
1726 qemu_put_be32s(f, &s->statistics.fc_rcv_unsupported);
1727 qemu_put_be16s(f, &s->statistics.xmt_tco_frames);
1728 qemu_put_be16s(f, &s->statistics.rcv_tco_frames);
1729 qemu_put_be32s(f, &s->statistics.complete);
1730 #if 0
1731 qemu_put_be16s(f, &s->status);
1732 #endif
1734 /* Configuration bytes. */
1735 qemu_put_buffer(f, s->configuration, sizeof(s->configuration));
1738 static void nic_cleanup(VLANClientState *vc)
1740 EEPRO100State *s = vc->opaque;
1742 unregister_savevm(vc->model, s);
1744 eeprom93xx_free(s->eeprom);
1747 static int pci_nic_uninit(PCIDevice *dev)
1749 PCIEEPRO100State *d = (PCIEEPRO100State *) dev;
1750 EEPRO100State *s = &d->eepro100;
1752 cpu_unregister_io_memory(s->mmio_index);
1754 return 0;
1757 static PCIDevice *nic_init(PCIBus * bus, NICInfo * nd, uint32_t device)
1759 PCIEEPRO100State *d;
1760 EEPRO100State *s;
1762 logout("\n");
1764 d = (PCIEEPRO100State *) pci_register_device(bus, nd->model,
1765 sizeof(PCIEEPRO100State), -1,
1766 NULL, NULL);
1767 if (!d)
1768 return NULL;
1770 d->dev.unregister = pci_nic_uninit;
1772 s = &d->eepro100;
1773 s->device = device;
1774 s->pci_dev = &d->dev;
1776 pci_reset(s);
1778 /* Add 64 * 2 EEPROM. i82557 and i82558 support a 64 word EEPROM,
1779 * i82559 and later support 64 or 256 word EEPROM. */
1780 s->eeprom = eeprom93xx_new(EEPROM_SIZE);
1782 /* Handler for memory-mapped I/O */
1783 d->eepro100.mmio_index =
1784 cpu_register_io_memory(0, pci_mmio_read, pci_mmio_write, s);
1786 pci_register_io_region(&d->dev, 0, PCI_MEM_SIZE,
1787 PCI_ADDRESS_SPACE_MEM |
1788 PCI_ADDRESS_SPACE_MEM_PREFETCH, pci_mmio_map);
1789 pci_register_io_region(&d->dev, 1, PCI_IO_SIZE, PCI_ADDRESS_SPACE_IO,
1790 pci_map);
1791 pci_register_io_region(&d->dev, 2, PCI_FLASH_SIZE, PCI_ADDRESS_SPACE_MEM,
1792 pci_mmio_map);
1794 memcpy(s->macaddr, nd->macaddr, 6);
1795 logout("macaddr: %s\n", nic_dump(&s->macaddr[0], 6));
1796 assert(s->region[1] == 0);
1798 nic_reset(s);
1800 s->vc = qemu_new_vlan_client(nd->vlan, nd->model, nd->name,
1801 nic_receive, nic_can_receive,
1802 nic_cleanup, s);
1804 qemu_format_nic_info_str(s->vc, s->macaddr);
1806 qemu_register_reset(nic_reset, s);
1808 register_savevm(s->vc->model, -1, 3, nic_save, nic_load, s);
1809 return (PCIDevice *)d;
1812 PCIDevice *pci_i82551_init(PCIBus * bus, NICInfo * nd, int devfn)
1814 return nic_init(bus, nd, i82551);
1817 PCIDevice *pci_i82557b_init(PCIBus * bus, NICInfo * nd, int devfn)
1819 return nic_init(bus, nd, i82557B);
1822 PCIDevice *pci_i82559er_init(PCIBus * bus, NICInfo * nd, int devfn)
1824 return nic_init(bus, nd, i82559ER);
1827 /* eof */