search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
usb: Fix compilation for Windows
[qemu/ar7.git] / hw / net / smc91c111.c
blob899a95b5f2fb4099480a3e8960fa7128b1f1713c
1 /*
2 * SMSC 91C111 Ethernet interface emulation
3 *
4 * Copyright (c) 2005 CodeSourcery, LLC.
5 * Written by Paul Brook
6 *
7 * This code is licensed under the GPL
8 */
9
10 #include "qemu/osdep.h"
11 #include "hw/sysbus.h"
12 #include "net/net.h"
13 #include "hw/devices.h"
14 /* For crc32 */
15 #include <zlib.h>
16
17 /* Number of 2k memory pages available. */
18 #define NUM_PACKETS 4
19
20 #if 0
21 # define logout(fmt, ...) \
22 fprintf(stderr, "SMC91C111\t%-24s %s:%u " fmt, __func__, __FILE__, __LINE__, ##__VA_ARGS__)
23 #else
24 # define logout(fmt, ...) (void)0
25 #endif
26
27 typedef enum {
28 MII_WAITING,
29 MII_IDLE,
30 MII_GOT_START,
31 MII_READ,
32 MII_WRITE
33 } MII_State;
34
35 typedef enum {
36 MII_MDOE = 8,
37 MII_MCLK = 4,
38 MII_MDI = 2,
39 MII_MDO = 1
40 } MII_BITS;
41
42 /* PHY Register Addresses (LAN91C111 Internal PHY) */
43
44 /* PHY Configuration Register 1 */
45 #define PHY_CFG1_REG 0x10
46 #define PHY_CFG1_LNKDIS 0x8000 /* 1=Rx Link Detect Function disabled */
47 #define PHY_CFG1_XMTDIS 0x4000 /* 1=TP Transmitter Disabled */
48 #define PHY_CFG1_XMTPDN 0x2000 /* 1=TP Transmitter Powered Down */
49 #define PHY_CFG1_BYPSCR 0x0400 /* 1=Bypass scrambler/descrambler */
50 #define PHY_CFG1_UNSCDS 0x0200 /* 1=Unscramble Idle Reception Disable */
51 #define PHY_CFG1_EQLZR 0x0100 /* 1=Rx Equalizer Disabled */
52 #define PHY_CFG1_CABLE 0x0080 /* 1=STP(150ohm), 0=UTP(100ohm) */
53 #define PHY_CFG1_RLVL0 0x0040 /* 1=Rx Squelch level reduced by 4.5db */
54 #define PHY_CFG1_TLVL_SHIFT 2 /* Transmit Output Level Adjust */
55 #define PHY_CFG1_TLVL_MASK 0x003C
56 #define PHY_CFG1_TRF_MASK 0x0003 /* Transmitter Rise/Fall time */
57
58 /* PHY Configuration Register 2 */
59 #define PHY_CFG2_REG 0x11
60 #define PHY_CFG2_APOLDIS 0x0020 /* 1=Auto Polarity Correction disabled */
61 #define PHY_CFG2_JABDIS 0x0010 /* 1=Jabber disabled */
62 #define PHY_CFG2_MREG 0x0008 /* 1=Multiple register access (MII mgt) */
63 #define PHY_CFG2_INTMDIO 0x0004 /* 1=Interrupt signaled with MDIO pulseo */
64
65 /* PHY Status Output (and Interrupt status) Register */
66 #define PHY_INT_REG 0x12 /* Status Output (Interrupt Status) */
67 #define PHY_INT_INT 0x8000 /* 1=bits have changed since last read */
68 #define PHY_INT_LNKFAIL 0x4000 /* 1=Link Not detected */
69 #define PHY_INT_LOSSSYNC 0x2000 /* 1=Descrambler has lost sync */
70 #define PHY_INT_CWRD 0x1000 /* 1=Invalid 4B5B code detected on rx */
71 #define PHY_INT_SSD 0x0800 /* 1=No Start Of Stream detected on rx */
72 #define PHY_INT_ESD 0x0400 /* 1=No End Of Stream detected on rx */
73 #define PHY_INT_RPOL 0x0200 /* 1=Reverse Polarity detected */
74 #define PHY_INT_JAB 0x0100 /* 1=Jabber detected */
75 #define PHY_INT_SPDDET 0x0080 /* 1=100Base-TX mode, 0=10Base-T mode */
76 #define PHY_INT_DPLXDET 0x0040 /* 1=Device in Full Duplex */
77
78 /* PHY Interrupt/Status Mask Register */
79 #define PHY_MASK_REG 0x13 /* Interrupt Mask */
80 /* Uses the same bit definitions as PHY_INT_REG */
81
82 typedef struct {
83 int mdoe;
84 int mclk;
85 int mdi;
86 int mdo;
87 uint32_t data;
88 MII_State status;
89 unsigned reg;
90 uint16_t regs[32];
91 } MII;
92
93
94 /* Declarations from include/linux/mii.h. */
95
96 /* Generic MII registers. */
97
98 #define MII_BMCR 0x00 /* Basic mode control register */ // rw
99 #define MII_BMSR 0x01 /* Basic mode status register */ // r
100 #define MII_PHYSID1 0x02 /* PHYS ID 1 */
101 #define MII_PHYSID2 0x03 /* PHYS ID 2 */
102 #define MII_ADVERTISE 0x04 /* Advertisement control reg */ // rw
103 #define MII_LPA 0x05 /* Link partner ability reg */
104 #define MII_EXPANSION 0x06 /* Expansion register */
105 #define MII_CTRL1000 0x09 /* 1000BASE-T control */
106 #define MII_STAT1000 0x0a /* 1000BASE-T status */
107 #define MII_ESTATUS 0x0f /* Extended Status */
108 #define MII_DCOUNTER 0x12 /* Disconnect counter */
109 #define MII_FCSCOUNTER 0x13 /* False carrier counter */
110 #define MII_NWAYTEST 0x14 /* N-way auto-neg test reg */
111 #define MII_RERRCOUNTER 0x15 /* Receive error counter */
112 #define MII_SREVISION 0x16 /* Silicon revision */
113 #define MII_RESV1 0x17 /* Reserved... */
114 #define MII_LBRERROR 0x18 /* Lpback, rx, bypass error */
115 #define MII_PHYADDR 0x19 /* PHY address */
116 #define MII_RESV2 0x1a /* Reserved... */
117 #define MII_TPISTATUS 0x1b /* TPI status for 10mbps */
118 #define MII_NCONFIG 0x1c /* Network interface config */
119
120 /* Basic mode control register. */
121 #define BMCR_RESV 0x003f /* Unused... */
122 #define BMCR_SPEED1000 0x0040 /* MSB of Speed (1000) */
123 #define BMCR_CTST 0x0080 /* Collision test */
124 #define BMCR_FULLDPLX 0x0100 /* Full duplex */
125 #define BMCR_ANRESTART 0x0200 /* Auto negotiation restart */
126 #define BMCR_ISOLATE 0x0400 /* Disconnect PHY from MII */
127 #define BMCR_PDOWN 0x0800 /* Powerdown the */
128 #define BMCR_ANENABLE 0x1000 /* Enable auto negotiation */
129 #define BMCR_SPEED100 0x2000 /* Select 100Mbps */
130 #define BMCR_LOOPBACK 0x4000 /* TXD loopback bits */
131 #define BMCR_RESET 0x8000 /* Reset the PHY */
132
133 /* Basic mode status register. */
134 #define BMSR_ERCAP 0x0001 /* Ext-reg capability */
135 #define BMSR_JCD 0x0002 /* Jabber detected */
136 #define BMSR_LSTATUS 0x0004 /* Link status */
137 #define BMSR_ANEGCAPABLE 0x0008 /* Able to do auto-negotiation */
138 #define BMSR_RFAULT 0x0010 /* Remote fault detected */
139 #define BMSR_ANEGCOMPLETE 0x0020 /* Auto-negotiation complete */
140 #define BMSR_RESV 0x00c0 /* Unused... */
141 #define BMSR_ESTATEN 0x0100 /* Extended Status in R15 */
142 #define BMSR_100HALF2 0x0200 /* Can do 100BASE-T2 HDX */
143 #define BMSR_100FULL2 0x0400 /* Can do 100BASE-T2 FDX */
144 #define BMSR_10HALF 0x0800 /* Can do 10mbps, half-duplex */
145 #define BMSR_10FULL 0x1000 /* Can do 10mbps, full-duplex */
146 #define BMSR_100HALF 0x2000 /* Can do 100mbps, half-duplex */
147 #define BMSR_100FULL 0x4000 /* Can do 100mbps, full-duplex */
148 #define BMSR_100BASE4 0x8000 /* Can do 100mbps, 4k packets */
149
150 //~ #define PHY_STAT_CAP_SUPR 0x0040 /* 1=recv mgmt frames with not preamble */
151
152 /* Advertisement control register. */
153 #define ADVERTISE_SLCT 0x001f /* Selector bits */
154 #define ADVERTISE_CSMA 0x0001 /* Only selector supported */
155 #define ADVERTISE_10HALF 0x0020 /* Try for 10mbps half-duplex */
156 #define ADVERTISE_1000XFULL 0x0020 /* Try for 1000BASE-X full-duplex */
157 #define ADVERTISE_10FULL 0x0040 /* Try for 10mbps full-duplex */
158 #define ADVERTISE_1000XHALF 0x0040 /* Try for 1000BASE-X half-duplex */
159 #define ADVERTISE_100HALF 0x0080 /* Try for 100mbps half-duplex */
160 #define ADVERTISE_1000XPAUSE 0x0080 /* Try for 1000BASE-X pause */
161 #define ADVERTISE_100FULL 0x0100 /* Try for 100mbps full-duplex */
162 #define ADVERTISE_1000XPSE_ASYM 0x0100 /* Try for 1000BASE-X asym pause */
163 #define ADVERTISE_100BASE4 0x0200 /* Try for 100mbps 4k packets */
164 #define ADVERTISE_PAUSE_CAP 0x0400 /* Try for pause */
165 #define ADVERTISE_PAUSE_ASYM 0x0800 /* Try for asymetric pause */
166 #define ADVERTISE_RESV 0x1000 /* Unused... */
167 #define ADVERTISE_RFAULT 0x2000 /* Say we can detect faults */
168 #define ADVERTISE_LPACK 0x4000 /* Ack link partners response */
169 #define ADVERTISE_NPAGE 0x8000 /* Next page bit */
170
171 #define ADVERTISE_FULL (ADVERTISE_100FULL | ADVERTISE_10FULL | \
172 ADVERTISE_CSMA)
173 #define ADVERTISE_ALL (ADVERTISE_10HALF | ADVERTISE_10FULL | \
174 ADVERTISE_100HALF | ADVERTISE_100FULL)
175
176 /* Link partner ability register. */
177 #define LPA_SLCT 0x001f /* Same as advertise selector */
178 #define LPA_10HALF 0x0020 /* Can do 10mbps half-duplex */
179 #define LPA_1000XFULL 0x0020 /* Can do 1000BASE-X full-duplex */
180 #define LPA_10FULL 0x0040 /* Can do 10mbps full-duplex */
181 #define LPA_1000XHALF 0x0040 /* Can do 1000BASE-X half-duplex */
182 #define LPA_100HALF 0x0080 /* Can do 100mbps half-duplex */
183 #define LPA_1000XPAUSE 0x0080 /* Can do 1000BASE-X pause */
184 #define LPA_100FULL 0x0100 /* Can do 100mbps full-duplex */
185 #define LPA_1000XPAUSE_ASYM 0x0100 /* Can do 1000BASE-X pause asym*/
186 #define LPA_100BASE4 0x0200 /* Can do 100mbps 4k packets */
187 #define LPA_PAUSE_CAP 0x0400 /* Can pause */
188 #define LPA_PAUSE_ASYM 0x0800 /* Can pause asymetrically */
189 #define LPA_RESV 0x1000 /* Unused... */
190 #define LPA_RFAULT 0x2000 /* Link partner faulted */
191 #define LPA_LPACK 0x4000 /* Link partner acked us */
192 #define LPA_NPAGE 0x8000 /* Next page bit */
193
194 #define LPA_DUPLEX (LPA_10FULL | LPA_100FULL)
195 #define LPA_100 (LPA_100FULL | LPA_100HALF | LPA_100BASE4)
196
197 /* End of declarations from include/linux/mii.h. */
198
199 /* SMC 91C111 specific MII register. */
200
201 /* 0x06 ... 0x0f are reserved. */
202 #define MII_CONFIGURATION1 0x10 /* Configuration 1 */
203 #define MII_CONFIGURATION2 0x11 /* Configuration 2 */
204 #define MII_STATUSOUTPUT 0x12 /* Status Output */
205 //~ PHY_FCSCR = 0x13, /* Mask */
206 /* 0x14 is reserved. */
207 /* 0x15 ... 0x1f are unused. */
208
209
210 /* Default values for MII management registers (see IEEE 802.3-2008 22.2.4). */
211
212 static const uint16_t mii_regs_default[] = {
213 [MII_BMCR] = BMCR_ANENABLE | BMCR_SPEED100,
214 [MII_BMSR] = BMSR_100FULL | BMSR_100HALF | BMSR_10FULL | BMSR_10HALF |
215 BMSR_ANEGCAPABLE | BMSR_LSTATUS | BMSR_ERCAP,
216 [MII_ADVERTISE] = ADVERTISE_PAUSE_CAP | ADVERTISE_ALL | ADVERTISE_CSMA,
217 };
218
219 #define TYPE_SMC91C111 "smc91c111"
220 #define SMC91C111(obj) OBJECT_CHECK(smc91c111_state, (obj), TYPE_SMC91C111)
221
222 typedef struct {
223 SysBusDevice parent_obj;
224 MII mii;
225 NICState *nic;
226 NICConf conf;
227 uint16_t tcr;
228 uint16_t rcr;
229 uint16_t cr;
230 uint16_t ctr;
231 uint16_t gpr;
232 uint16_t ptr;
233 uint16_t ercv;
234 qemu_irq irq;
235 int bank;
236 int packet_num;
237 int tx_alloc;
238 /* Bitmask of allocated packets. */
239 int allocated;
240 int tx_fifo_len;
241 int tx_fifo[NUM_PACKETS];
242 int rx_fifo_len;
243 int rx_fifo[NUM_PACKETS];
244 int tx_fifo_done_len;
245 int tx_fifo_done[NUM_PACKETS];
246 /* Packet buffer memory. */
247 uint8_t data[NUM_PACKETS][2048];
248 uint8_t int_level;
249 uint8_t int_mask;
250 MemoryRegion mmio;
251 } smc91c111_state;
252
253 static const VMStateDescription vmstate_smc91c111 = {
254 .name = "smc91c111",
255 .version_id = 1,
256 .minimum_version_id = 1,
257 .fields = (VMStateField[]) {
258 VMSTATE_UINT16(tcr, smc91c111_state),
259 VMSTATE_UINT16(rcr, smc91c111_state),
260 VMSTATE_UINT16(cr, smc91c111_state),
261 VMSTATE_UINT16(ctr, smc91c111_state),
262 VMSTATE_UINT16(gpr, smc91c111_state),
263 VMSTATE_UINT16(ptr, smc91c111_state),
264 VMSTATE_UINT16(ercv, smc91c111_state),
265 VMSTATE_INT32(bank, smc91c111_state),
266 VMSTATE_INT32(packet_num, smc91c111_state),
267 VMSTATE_INT32(tx_alloc, smc91c111_state),
268 VMSTATE_INT32(allocated, smc91c111_state),
269 VMSTATE_INT32(tx_fifo_len, smc91c111_state),
270 VMSTATE_INT32_ARRAY(tx_fifo, smc91c111_state, NUM_PACKETS),
271 VMSTATE_INT32(rx_fifo_len, smc91c111_state),
272 VMSTATE_INT32_ARRAY(rx_fifo, smc91c111_state, NUM_PACKETS),
273 VMSTATE_INT32(tx_fifo_done_len, smc91c111_state),
274 VMSTATE_INT32_ARRAY(tx_fifo_done, smc91c111_state, NUM_PACKETS),
275 VMSTATE_BUFFER_UNSAFE(data, smc91c111_state, 0, NUM_PACKETS * 2048),
276 VMSTATE_UINT8(int_level, smc91c111_state),
277 VMSTATE_UINT8(int_mask, smc91c111_state),
278 VMSTATE_END_OF_LIST()
279 }
280 };
281
282 #define RCR_SOFT_RST 0x8000
283 #define RCR_STRIP_CRC 0x0200
284 #define RCR_RXEN 0x0100
285
286 #define TCR_EPH_LOOP 0x2000
287 #define TCR_NOCRC 0x0100
288 #define TCR_PAD_EN 0x0080
289 #define TCR_FORCOL 0x0004
290 #define TCR_LOOP 0x0002
291 #define TCR_TXEN 0x0001
292
293 #define INT_MD 0x80
294 #define INT_ERCV 0x40
295 #define INT_EPH 0x20
296 #define INT_RX_OVRN 0x10
297 #define INT_ALLOC 0x08
298 #define INT_TX_EMPTY 0x04
299 #define INT_TX 0x02
300 #define INT_RCV 0x01
301
302 #define CTR_AUTO_RELEASE 0x0800
303 #define CTR_RELOAD 0x0002
304 #define CTR_STORE 0x0001
305
306 #define RS_ALGNERR 0x8000
307 #define RS_BRODCAST 0x4000
308 #define RS_BADCRC 0x2000
309 #define RS_ODDFRAME 0x1000
310 #define RS_TOOLONG 0x0800
311 #define RS_TOOSHORT 0x0400
312 #define RS_MULTICAST 0x0001
313
314 static void mii_write(MII *mii, uint32_t value)
315 {
316 /*
317 A timing diagram for a Ml serial port frame is shown in Figure 7.1. The Ml serial port is idle when at
318 least 32 continuous 1's are detected on MDIO and remains idle as long as continuous 1's are detected.
319 During idle, MDIO is in the high impedance state. When the Ml serial port is in the idle state, a 01
320 pattern on the MDIO initiates a serial shift cycle. Data on MDIO is then shifted in on the next 14 rising
321 edges of MDC (MDIO is high impedance). If the register access mode is not enabled, on the next 16
322 rising edges of MDC, data is either shifted in or out on MDIO, depending on whether a write or read
323 cycle was selected with the bits READ and WRITE. After the 32 MDC cycles have been completed,
324 one complete register has been read/written, the serial shift process is halted, data is latched into the
325 device, and MDIO goes into high impedance state. Another serial shift cycle cannot be initiated until
326 the idle condition (at least 32 continuous 1's) is detected.
327 */
328 bool clock = !mii->mclk && (value & 4);
329
330 assert((value & 0xfffffff0) == 0x30);
331
332 if (clock) {
333 /* Raising clock. */
334 mii->mdi = value & MII_MDI;
335 mii->mdoe = value & MII_MDOE;
336 mii->mdo = value & MII_MDO;
337 mii->data = (mii->data << 1) + (value & 1);
338 logout("%u%u%u%u %08x\n",
339 mii->mdoe ? 1 : 0, mii->mclk ? 1 : 0,
340 mii->mdi ? 1 : 0, mii->mdo ? 1 : 0,
341 mii->data);
342 switch (mii->status) {
343 case MII_WAITING:
344 if (mii->data == 0xffffffff) {
345 logout("mii is idle\n");
346 mii->mdi = MII_MDI;
347 mii->status = MII_IDLE;
348 }
349 break;
350 case MII_IDLE:
351 if (mii->data == 0xfffffffd) {
352 logout("mii got start bit pattern 01\n");
353 mii->status = MII_GOT_START;
354 }
355 break;
356 case MII_GOT_START:
357 if ((mii->data & 0xffffc000) == 0xffff4000) {
358 unsigned op = (mii->data >> 12) & 0x3;
359 unsigned phy = (mii->data >> 7) & 0x1f;
360 unsigned reg = (mii->data >> 2) & 0x1f;
361 logout("mii got 14 bits (op=%u, phy=%u, reg=%u, ta=%u)\n",
362 op, phy, reg, mii->data & 0x3);
363 mii->reg = reg;
364 if (phy != 0) {
365 logout("Wrong phy %u, wait for idle\n", phy);
366 mii->status = MII_WAITING;
367 } else if (reg >= ARRAY_SIZE(mii->regs)) {
368 logout("Wrong reg %u, wait for idle\n", reg);
369 mii->status = MII_WAITING;
370 } else if (op == 1) {
371 mii->status = MII_WRITE;
372 } else if (op == 2) {
373 mii->data = mii->regs[reg];
374 mii->mdi = 0;
375 mii->status = MII_READ;
376 } else {
377 logout("Illegal MII operation %u, wait for idle\n", op);
378 mii->status = MII_WAITING;
379 }
380 }
381 break;
382 case MII_WRITE:
383 if ((mii->data & 0xc0000000) == 0x40000000) {
384 uint16_t data = mii->data & 0xffff;
385 logout("mii wrote 16 bits (data=0x%04x=%u)\n", data, data);
386 mii->regs[mii->reg] = data;
387 mii->status = MII_WAITING;
388 }
389 break;
390 case MII_READ:
391 if ((mii->data & 0x0000ffff) == 0x0000ffff) {
392 logout("mii read 16 bits\n");
393 mii->mdi = MII_MDI;
394 mii->status = MII_WAITING;
395 } else {
396 mii->data |= 1;
397 mii->mdi = (mii->data & 0x00010000) ? MII_MDI : 0;
398 }
399 break;
400 }
401 } /* clock */
402 mii->mclk = value & MII_MCLK;
403 //~ assert(mii->mdoe);
404 }
405
406 static void mii_reset(MII *mii)
407 {
408 memcpy(mii->regs, mii_regs_default, sizeof(mii->regs));
409 }
410
411 /* Update interrupt status. */
412 static void smc91c111_update(smc91c111_state *s)
413 {
414 int level;
415
416 if (s->tx_fifo_len == 0)
417 s->int_level |= INT_TX_EMPTY;
418 if (s->tx_fifo_done_len != 0)
419 s->int_level |= INT_TX;
420 level = (s->int_level & s->int_mask) != 0;
421 qemu_set_irq(s->irq, level);
422 }
423
424 static int smc91c111_can_receive(smc91c111_state *s)
425 {
426 if ((s->rcr & RCR_RXEN) == 0 || (s->rcr & RCR_SOFT_RST)) {
427 return 1;
428 }
429 if (s->allocated == (1 << NUM_PACKETS) - 1 ||
430 s->rx_fifo_len == NUM_PACKETS) {
431 return 0;
432 }
433 return 1;
434 }
435
436 static inline void smc91c111_flush_queued_packets(smc91c111_state *s)
437 {
438 if (smc91c111_can_receive(s)) {
439 qemu_flush_queued_packets(qemu_get_queue(s->nic));
440 }
441 }
442
443 /* Try to allocate a packet. Returns 0x80 on failure. */
444 static int smc91c111_allocate_packet(smc91c111_state *s)
445 {
446 int i;
447 if (s->allocated == (1 << NUM_PACKETS) - 1) {
448 return 0x80;
449 }
450
451 for (i = 0; i < NUM_PACKETS; i++) {
452 if ((s->allocated & (1 << i)) == 0)
453 break;
454 }
455 s->allocated |= 1 << i;
456 return i;
457 }
458
459
460 /* Process a pending TX allocate. */
461 static void smc91c111_tx_alloc(smc91c111_state *s)
462 {
463 s->tx_alloc = smc91c111_allocate_packet(s);
464 if (s->tx_alloc == 0x80)
465 return;
466 s->int_level |= INT_ALLOC;
467 smc91c111_update(s);
468 }
469
470 /* Remove and item from the RX FIFO. */
471 static void smc91c111_pop_rx_fifo(smc91c111_state *s)
472 {
473 int i;
474
475 s->rx_fifo_len--;
476 if (s->rx_fifo_len) {
477 for (i = 0; i < s->rx_fifo_len; i++)
478 s->rx_fifo[i] = s->rx_fifo[i + 1];
479 s->int_level |= INT_RCV;
480 } else {
481 s->int_level &= ~INT_RCV;
482 }
483 smc91c111_flush_queued_packets(s);
484 smc91c111_update(s);
485 }
486
487 /* Remove an item from the TX completion FIFO. */
488 static void smc91c111_pop_tx_fifo_done(smc91c111_state *s)
489 {
490 int i;
491
492 if (s->tx_fifo_done_len == 0)
493 return;
494 s->tx_fifo_done_len--;
495 for (i = 0; i < s->tx_fifo_done_len; i++)
496 s->tx_fifo_done[i] = s->tx_fifo_done[i + 1];
497 }
498
499 /* Release the memory allocated to a packet. */
500 static void smc91c111_release_packet(smc91c111_state *s, int packet)
501 {
502 s->allocated &= ~(1 << packet);
503 if (s->tx_alloc == 0x80)
504 smc91c111_tx_alloc(s);
505 smc91c111_flush_queued_packets(s);
506 }
507
508 /* Flush the TX FIFO. */
509 static void smc91c111_do_tx(smc91c111_state *s)
510 {
511 int i;
512 int len;
513 int control;
514 int packetnum;
515 uint8_t *p;
516
517 if ((s->tcr & TCR_TXEN) == 0)
518 return;
519 if (s->tx_fifo_len == 0)
520 return;
521 for (i = 0; i < s->tx_fifo_len; i++) {
522 packetnum = s->tx_fifo[i];
523 p = &s->data[packetnum][0];
524 /* Set status word. */
525 *(p++) = 0x01;
526 *(p++) = 0x40;
527 len = *(p++);
528 len |= ((int)*(p++)) << 8;
529 len -= 6;
530 control = p[len + 1];
531 if (control & 0x20)
532 len++;
533 /* ??? This overwrites the data following the buffer.
534 Don't know what real hardware does. */
535 if (len < 64 && (s->tcr & TCR_PAD_EN)) {
536 memset(p + len, 0, 64 - len);
537 len = 64;
538 }
539 #if 0
540 {
541 int add_crc;
542
543 /* The card is supposed to append the CRC to the frame.
544 However none of the other network traffic has the CRC
545 appended. Suspect this is low level ethernet detail we
546 don't need to worry about. */
547 add_crc = (control & 0x10) || (s->tcr & TCR_NOCRC) == 0;
548 if (add_crc) {
549 uint32_t crc;
550
551 crc = crc32(~0, p, len);
552 memcpy(p + len, &crc, 4);
553 len += 4;
554 }
555 }
556 #endif
557 if (s->ctr & CTR_AUTO_RELEASE)
558 /* Race? */
559 smc91c111_release_packet(s, packetnum);
560 else if (s->tx_fifo_done_len < NUM_PACKETS)
561 s->tx_fifo_done[s->tx_fifo_done_len++] = packetnum;
562 qemu_send_packet(qemu_get_queue(s->nic), p, len);
563 }
564 s->tx_fifo_len = 0;
565 smc91c111_update(s);
566 }
567
568 /* Add a packet to the TX FIFO. */
569 static void smc91c111_queue_tx(smc91c111_state *s, int packet)
570 {
571 if (s->tx_fifo_len == NUM_PACKETS)
572 return;
573 s->tx_fifo[s->tx_fifo_len++] = packet;
574 smc91c111_do_tx(s);
575 }
576
577 static void smc91c111_reset(DeviceState *dev)
578 {
579 smc91c111_state *s = SMC91C111(dev);
580
581 s->bank = 0;
582 s->tx_fifo_len = 0;
583 s->tx_fifo_done_len = 0;
584 s->rx_fifo_len = 0;
585 s->allocated = 0;
586 s->packet_num = 0;
587 s->tx_alloc = 0;
588 s->tcr = 0;
589 s->rcr = 0;
590 s->cr = 0xa0b1;
591 s->ctr = 0x1210;
592 s->ptr = 0;
593 s->ercv = 0x1f;
594 s->int_level = INT_TX_EMPTY;
595 s->int_mask = 0;
596 mii_reset(&s->mii);
597 smc91c111_update(s);
598 }
599
600 #define SET_LOW(name, val) s->name = (s->name & 0xff00) | val
601 #define SET_HIGH(name, val) s->name = (s->name & 0xff) | (val << 8)
602
603 static void smc91c111_writeb(void *opaque, hwaddr offset,
604 uint32_t value)
605 {
606 smc91c111_state *s = (smc91c111_state *)opaque;
607
608 offset = offset & 0xf;
609 if (offset == 14) {
610 s->bank = value;
611 return;
612 }
613 if (offset == 15)
614 return;
615 switch (s->bank) {
616 case 0:
617 switch (offset) {
618 case 0: /* TCR */
619 SET_LOW(tcr, value);
620 return;
621 case 1:
622 SET_HIGH(tcr, value);
623 return;
624 case 4: /* RCR */
625 SET_LOW(rcr, value);
626 return;
627 case 5:
628 SET_HIGH(rcr, value);
629 if (s->rcr & RCR_SOFT_RST) {
630 smc91c111_reset(DEVICE(s));
631 }
632 smc91c111_flush_queued_packets(s);
633 return;
634 case 10: case 11: /* RPCR */
635 /* Ignored */
636 return;
637 case 12: case 13: /* Reserved */
638 return;
639 default:
640 logout(TARGET_FMT_plx "= %02" PRIx32 "\n", offset, value);
641 }
642 break;
643
644 case 1:
645 switch (offset) {
646 case 0: /* CONFIG */
647 SET_LOW(cr, value);
648 return;
649 case 1:
650 SET_HIGH(cr,value);
651 return;
652 case 2: case 3: /* BASE */
653 case 4: case 5: case 6: case 7: case 8: case 9: /* IA */
654 logout(TARGET_FMT_plx "= %02" PRIx32 "\n", offset, value);
655 return;
656 case 10: /* General Purpose */
657 SET_LOW(gpr, value);
658 return;
659 case 11:
660 SET_HIGH(gpr, value);
661 return;
662 case 12: /* Control */
663 if (value & 1)
664 fprintf(stderr, "smc91c111:EEPROM store not implemented\n");
665 if (value & 2)
666 fprintf(stderr, "smc91c111:EEPROM reload not implemented\n");
667 value &= ~3;
668 SET_LOW(ctr, value);
669 return;
670 case 13:
671 SET_HIGH(ctr, value);
672 return;
673 default:
674 logout(TARGET_FMT_plx "= %02" PRIx32 "\n", offset, value);
675 }
676 break;
677
678 case 2:
679 switch (offset) {
680 case 0: /* MMU Command */
681 switch (value >> 5) {
682 case 0: /* no-op */
683 break;
684 case 1: /* Allocate for TX. */
685 s->tx_alloc = 0x80;
686 s->int_level &= ~INT_ALLOC;
687 smc91c111_update(s);
688 smc91c111_tx_alloc(s);
689 break;
690 case 2: /* Reset MMU. */
691 s->allocated = 0;
692 s->tx_fifo_len = 0;
693 s->tx_fifo_done_len = 0;
694 s->rx_fifo_len = 0;
695 s->tx_alloc = 0;
696 break;
697 case 3: /* Remove from RX FIFO. */
698 smc91c111_pop_rx_fifo(s);
699 break;
700 case 4: /* Remove from RX FIFO and release. */
701 if (s->rx_fifo_len > 0) {
702 smc91c111_release_packet(s, s->rx_fifo[0]);
703 }
704 smc91c111_pop_rx_fifo(s);
705 break;
706 case 5: /* Release. */
707 smc91c111_release_packet(s, s->packet_num);
708 break;
709 case 6: /* Add to TX FIFO. */
710 smc91c111_queue_tx(s, s->packet_num);
711 break;
712 case 7: /* Reset TX FIFO. */
713 s->tx_fifo_len = 0;
714 s->tx_fifo_done_len = 0;
715 break;
716 default:
717 logout(TARGET_FMT_plx "= %02" PRIx32 "\n", offset, value);
718 }
719 return;
720 case 1:
721 /* Ignore. */
722 return;
723 case 2: /* Packet Number Register */
724 s->packet_num = value;
725 return;
726 case 3: case 4: case 5:
727 /* Should be readonly, but linux writes to them anyway. Ignore. */
728 return;
729 case 6: /* Pointer */
730 SET_LOW(ptr, value);
731 return;
732 case 7:
733 SET_HIGH(ptr, value);
734 return;
735 case 8: case 9: case 10: case 11: /* Data */
736 {
737 int p;
738 int n;
739
740 if (s->ptr & 0x8000)
741 n = s->rx_fifo[0];
742 else
743 n = s->packet_num;
744 p = s->ptr & 0x07ff;
745 if (s->ptr & 0x4000) {
746 s->ptr = (s->ptr & 0xf800) | ((s->ptr + 1) & 0x7ff);
747 } else {
748 p += (offset & 3);
749 }
750 s->data[n][p] = value;
751 }
752 return;
753 case 12: /* Interrupt ACK. */
754 s->int_level &= ~(value & 0xd6);
755 if (value & INT_TX)
756 smc91c111_pop_tx_fifo_done(s);
757 smc91c111_update(s);
758 return;
759 case 13: /* Interrupt mask. */
760 s->int_mask = value;
761 smc91c111_update(s);
762 return;
763 default:
764 logout(TARGET_FMT_plx "= %02" PRIx32 "\n", offset, value);
765 }
766 break;
767
768 case 3:
769 switch (offset) {
770 case 0: case 1: case 2: case 3: case 4: case 5: case 6: case 7:
771 /* Multicast table. */
772 logout(TARGET_FMT_plx "= %02" PRIx32 "\n", offset, value);
773 return;
774 case 8: /* Management Interface (low). */
775 mii_write(&s->mii, value);
776 return;
777 case 9: /* Management Interface (high). */
778 if (value != 0x33) {
779 /* MSK_CRS100 not implemented. */
780 logout(TARGET_FMT_plx "= %02" PRIx32 "\n", offset, value);
781 }
782 return;
783 case 12: /* Early receive. */
784 s->ercv = value & 0x1f;
785 return;
786 case 13:
787 /* Ignore. */
788 logout(TARGET_FMT_plx "= %02" PRIx32 "\n", offset, value);
789 return;
790 default:
791 logout(TARGET_FMT_plx "= %02" PRIx32 "\n", offset, value);
792 }
793 break;
794 default:
795 logout(TARGET_FMT_plx "= %02" PRIx32 "\n", offset, value);
796 }
797 hw_error("smc91c111_write: Bad reg %d:%x\n", s->bank, (int)offset);
798 }
799
800 static uint32_t smc91c111_readb(void *opaque, hwaddr offset)
801 {
802 smc91c111_state *s = (smc91c111_state *)opaque;
803
804 offset = offset & 0xf;
805 if (offset == 14) {
806 return s->bank;
807 }
808 if (offset == 15)
809 return 0x33;
810 switch (s->bank) {
811 case 0:
812 switch (offset) {
813 case 0: /* TCR */
814 return s->tcr & 0xff;
815 case 1:
816 return s->tcr >> 8;
817 case 2: /* EPH Status */
818 return 0;
819 case 3:
820 return 0x40;
821 case 4: /* RCR */
822 return s->rcr & 0xff;
823 case 5:
824 return s->rcr >> 8;
825 case 6: /* Counter */
826 case 7:
827 logout(TARGET_FMT_plx "\n", offset);
828 return 0;
829 case 8: /* Memory size. */
830 return NUM_PACKETS;
831 case 9: /* Free memory available. */
832 {
833 int i;
834 int n;
835 n = 0;
836 for (i = 0; i < NUM_PACKETS; i++) {
837 if (s->allocated & (1 << i))
838 n++;
839 }
840 return n;
841 }
842 case 10: case 11: /* RPCR */
843 logout(TARGET_FMT_plx "\n", offset);
844 return 0;
845 case 12: case 13: /* Reserved */
846 return 0;
847 default:
848 logout(TARGET_FMT_plx "\n", offset);
849 }
850 break;
851
852 case 1:
853 switch (offset) {
854 case 0: /* CONFIG */
855 return s->cr & 0xff;
856 case 1:
857 return s->cr >> 8;
858 case 2: case 3: /* BASE */
859 logout(TARGET_FMT_plx "\n", offset);
860 return 0;
861 case 4: case 5: case 6: case 7: case 8: case 9: /* IA */
862 return s->conf.macaddr.a[offset - 4];
863 case 10: /* General Purpose */
864 return s->gpr & 0xff;
865 case 11:
866 return s->gpr >> 8;
867 case 12: /* Control */
868 return s->ctr & 0xff;
869 case 13:
870 return s->ctr >> 8;
871 default:
872 logout(TARGET_FMT_plx "\n", offset);
873 }
874 break;
875
876 case 2:
877 switch (offset) {
878 case 0: case 1: /* MMUCR Busy bit. */
879 return 0;
880 case 2: /* Packet Number. */
881 return s->packet_num;
882 case 3: /* Allocation Result. */
883 return s->tx_alloc;
884 case 4: /* TX FIFO */
885 if (s->tx_fifo_done_len == 0)
886 return 0x80;
887 else
888 return s->tx_fifo_done[0];
889 case 5: /* RX FIFO */
890 if (s->rx_fifo_len == 0)
891 return 0x80;
892 else
893 return s->rx_fifo[0];
894 case 6: /* Pointer */
895 return s->ptr & 0xff;
896 case 7:
897 return (s->ptr >> 8) & 0xf7;
898 case 8: case 9: case 10: case 11: /* Data */
899 {
900 int p;
901 int n;
902
903 if (s->ptr & 0x8000)
904 n = s->rx_fifo[0];
905 else
906 n = s->packet_num;
907 p = s->ptr & 0x07ff;
908 if (s->ptr & 0x4000) {
909 s->ptr = (s->ptr & 0xf800) | ((s->ptr + 1) & 0x07ff);
910 } else {
911 p += (offset & 3);
912 }
913 return s->data[n][p];
914 }
915 case 12: /* Interrupt status. */
916 return s->int_level;
917 case 13: /* Interrupt mask. */
918 return s->int_mask;
919 default:
920 logout(TARGET_FMT_plx "\n", offset);
921 }
922 break;
923
924 case 3:
925 switch (offset) {
926 case 0: case 1: case 2: case 3: case 4: case 5: case 6: case 7:
927 /* Multicast table. */
928 logout(TARGET_FMT_plx "\n", offset);
929 return 0;
930 case 8: /* Management Interface (low). */
931 logout(TARGET_FMT_plx "\n", offset);
932 return 0x30 + s->mii.mdi;
933 case 9: /* Management Interface (high). */
934 return 0x33;
935 case 10: /* Revision. */
936 return 0x91;
937 case 11:
938 return 0x33;
939 case 12:
940 return s->ercv;
941 case 13:
942 return 0;
943 default:
944 logout(TARGET_FMT_plx "\n", offset);
945 }
946 break;
947 default:
948 logout(TARGET_FMT_plx "\n", offset);
949 }
950 hw_error("smc91c111_read: Bad reg %d:%x\n", s->bank, (int)offset);
951 return 0;
952 }
953
954 static void smc91c111_writew(void *opaque, hwaddr offset,
955 uint32_t value)
956 {
957 smc91c111_writeb(opaque, offset, value & 0xff);
958 smc91c111_writeb(opaque, offset + 1, value >> 8);
959 }
960
961 static void smc91c111_writel(void *opaque, hwaddr offset,
962 uint32_t value)
963 {
964 /* 32-bit writes to offset 0xc only actually write to the bank select
965 register (offset 0xe) */
966 if (offset != 0xc)
967 smc91c111_writew(opaque, offset, value & 0xffff);
968 smc91c111_writew(opaque, offset + 2, value >> 16);
969 }
970
971 static uint32_t smc91c111_readw(void *opaque, hwaddr offset)
972 {
973 uint32_t val;
974 val = smc91c111_readb(opaque, offset);
975 val |= smc91c111_readb(opaque, offset + 1) << 8;
976 return val;
977 }
978
979 static uint32_t smc91c111_readl(void *opaque, hwaddr offset)
980 {
981 uint32_t val;
982 val = smc91c111_readw(opaque, offset);
983 val |= smc91c111_readw(opaque, offset + 2) << 16;
984 return val;
985 }
986
987 static int smc91c111_can_receive_nc(NetClientState *nc)
988 {
989 smc91c111_state *s = qemu_get_nic_opaque(nc);
990
991 return smc91c111_can_receive(s);
992 }
993
994 static ssize_t smc91c111_receive(NetClientState *nc, const uint8_t *buf, size_t size)
995 {
996 smc91c111_state *s = qemu_get_nic_opaque(nc);
997 int status;
998 int packetsize;
999 uint32_t crc;
1000 int packetnum;
1001 uint8_t *p;
1002
1003 if ((s->rcr & RCR_RXEN) == 0 || (s->rcr & RCR_SOFT_RST))
1004 return -1;
1005 /* Short packets are padded with zeros. Receiving a packet
1006 < 64 bytes long is considered an error condition. */
1007 if (size < 64)
1008 packetsize = 64;
1009 else
1010 packetsize = (size & ~1);
1011 packetsize += 6;
1012 crc = (s->rcr & RCR_STRIP_CRC) == 0;
1013 if (crc)
1014 packetsize += 4;
1015 /* TODO: Flag overrun and receive errors. */
1016 if (packetsize > 2048)
1017 return -1;
1018 packetnum = smc91c111_allocate_packet(s);
1019 if (packetnum == 0x80)
1020 return -1;
1021 s->rx_fifo[s->rx_fifo_len++] = packetnum;
1022
1023 p = &s->data[packetnum][0];
1024 /* ??? Multicast packets? */
1025 status = 0;
1026 if (size > 1518)
1027 status |= RS_TOOLONG;
1028 if (size & 1)
1029 status |= RS_ODDFRAME;
1030 *(p++) = status & 0xff;
1031 *(p++) = status >> 8;
1032 *(p++) = packetsize & 0xff;
1033 *(p++) = packetsize >> 8;
1034 memcpy(p, buf, size & ~1);
1035 p += (size & ~1);
1036 /* Pad short packets. */
1037 if (size < 64) {
1038 int pad;
1039
1040 if (size & 1)
1041 *(p++) = buf[size - 1];
1042 pad = 64 - size;
1043 memset(p, 0, pad);
1044 p += pad;
1045 size = 64;
1046 }
1047 /* It's not clear if the CRC should go before or after the last byte in
1048 odd sized packets. Linux disables the CRC, so that's no help.
1049 The pictures in the documentation show the CRC aligned on a 16-bit
1050 boundary before the last odd byte, so that's what we do. */
1051 if (crc) {
1052 crc = crc32(~0, buf, size);
1053 *(p++) = crc & 0xff; crc >>= 8;
1054 *(p++) = crc & 0xff; crc >>= 8;
1055 *(p++) = crc & 0xff; crc >>= 8;
1056 *(p++) = crc & 0xff;
1057 }
1058 if (size & 1) {
1059 *(p++) = buf[size - 1];
1060 *p = 0x60;
1061 } else {
1062 *(p++) = 0;
1063 *p = 0x40;
1064 }
1065 /* TODO: Raise early RX interrupt? */
1066 s->int_level |= INT_RCV;
1067 smc91c111_update(s);
1068
1069 return size;
1070 }
1071
1072 static const MemoryRegionOps smc91c111_mem_ops = {
1073 /* The special case for 32 bit writes to 0xc means we can't just
1074 * set .impl.min/max_access_size to 1, unfortunately
1075 */
1076 .old_mmio = {
1077 .read = { smc91c111_readb, smc91c111_readw, smc91c111_readl, },
1078 .write = { smc91c111_writeb, smc91c111_writew, smc91c111_writel, },
1079 },
1080 .endianness = DEVICE_NATIVE_ENDIAN,
1081 };
1082
1083 static NetClientInfo net_smc91c111_info = {
1084 .type = NET_CLIENT_OPTIONS_KIND_NIC,
1085 .size = sizeof(NICState),
1086 .can_receive = smc91c111_can_receive_nc,
1087 .receive = smc91c111_receive,
1088 };
1089
1090 static int smc91c111_init1(SysBusDevice *sbd)
1091 {
1092 DeviceState *dev = DEVICE(sbd);
1093 smc91c111_state *s = SMC91C111(dev);
1094
1095 memory_region_init_io(&s->mmio, OBJECT(s), &smc91c111_mem_ops, s,
1096 "smc91c111-mmio", 16);
1097 sysbus_init_mmio(sbd, &s->mmio);
1098 sysbus_init_irq(sbd, &s->irq);
1099 qemu_macaddr_default_if_unset(&s->conf.macaddr);
1100 s->nic = qemu_new_nic(&net_smc91c111_info, &s->conf,
1101 object_get_typename(OBJECT(dev)), dev->id, s);
1102 qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a);
1103 /* ??? Save/restore. */
1104 return 0;
1105 }
1106
1107 static Property smc91c111_properties[] = {
1108 DEFINE_NIC_PROPERTIES(smc91c111_state, conf),
1109 DEFINE_PROP_END_OF_LIST(),
1110 };
1111
1112 static void smc91c111_class_init(ObjectClass *klass, void *data)
1113 {
1114 DeviceClass *dc = DEVICE_CLASS(klass);
1115 SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
1116
1117 k->init = smc91c111_init1;
1118 dc->reset = smc91c111_reset;
1119 dc->vmsd = &vmstate_smc91c111;
1120 dc->props = smc91c111_properties;
1121 }
1122
1123 static const TypeInfo smc91c111_info = {
1124 .name = TYPE_SMC91C111,
1125 .parent = TYPE_SYS_BUS_DEVICE,
1126 .instance_size = sizeof(smc91c111_state),
1127 .class_init = smc91c111_class_init,
1128 };
1129
1130 static void smc91c111_register_types(void)
1131 {
1132 type_register_static(&smc91c111_info);
1133 }
1134
1135 /* Legacy helper function. Should go away when machine config files are
1136 implemented. */
1137 void smc91c111_init(NICInfo *nd, uint32_t base, qemu_irq irq)
1138 {
1139 DeviceState *dev;
1140 SysBusDevice *s;
1141
1142 qemu_check_nic_model(nd, "smc91c111");
1143 dev = qdev_create(NULL, TYPE_SMC91C111);
1144 qdev_set_nic_properties(dev, nd);
1145 qdev_init_nofail(dev);
1146 s = SYS_BUS_DEVICE(dev);
1147 sysbus_mmio_map(s, 0, base);
1148 sysbus_connect_irq(s, 0, irq);
1149 }
1150
1151 type_init(smc91c111_register_types)
AR7 emulation for QEMU