search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge remote-tracking branch 'qemu/master'
[qemu/ar7.git] / hw / net / smc91c111.c
blob57bcf62f6b5db29f1529ed001768496b08b54525
1 /*
2 * SMSC 91C111 Ethernet interface emulation
3 *
4 * Copyright (c) 2005 CodeSourcery, LLC.
5 * Written by Paul Brook
6 *
7 * This code is licensed under the GPL
8 */
9
10 #include "hw/sysbus.h"
11 #include "net/net.h"
12 #include "hw/devices.h"
13 /* For crc32 */
14 #include <zlib.h>
15
16 /* Number of 2k memory pages available. */
17 #define NUM_PACKETS 4
18
19 #if 0
20 # define logout(fmt, ...) \
21 fprintf(stderr, "SMC91C111\t%-24s %s:%u " fmt, __func__, __FILE__, __LINE__, ##__VA_ARGS__)
22 #else
23 # define logout(fmt, ...) (void)0
24 #endif
25
26 typedef enum {
27 MII_WAITING,
28 MII_IDLE,
29 MII_GOT_START,
30 MII_READ,
31 MII_WRITE
32 } MII_State;
33
34 typedef enum {
35 MII_MDOE = 8,
36 MII_MCLK = 4,
37 MII_MDI = 2,
38 MII_MDO = 1
39 } MII_BITS;
40
41 /* PHY Register Addresses (LAN91C111 Internal PHY) */
42
43 /* PHY Configuration Register 1 */
44 #define PHY_CFG1_REG 0x10
45 #define PHY_CFG1_LNKDIS 0x8000 /* 1=Rx Link Detect Function disabled */
46 #define PHY_CFG1_XMTDIS 0x4000 /* 1=TP Transmitter Disabled */
47 #define PHY_CFG1_XMTPDN 0x2000 /* 1=TP Transmitter Powered Down */
48 #define PHY_CFG1_BYPSCR 0x0400 /* 1=Bypass scrambler/descrambler */
49 #define PHY_CFG1_UNSCDS 0x0200 /* 1=Unscramble Idle Reception Disable */
50 #define PHY_CFG1_EQLZR 0x0100 /* 1=Rx Equalizer Disabled */
51 #define PHY_CFG1_CABLE 0x0080 /* 1=STP(150ohm), 0=UTP(100ohm) */
52 #define PHY_CFG1_RLVL0 0x0040 /* 1=Rx Squelch level reduced by 4.5db */
53 #define PHY_CFG1_TLVL_SHIFT 2 /* Transmit Output Level Adjust */
54 #define PHY_CFG1_TLVL_MASK 0x003C
55 #define PHY_CFG1_TRF_MASK 0x0003 /* Transmitter Rise/Fall time */
56
57 /* PHY Configuration Register 2 */
58 #define PHY_CFG2_REG 0x11
59 #define PHY_CFG2_APOLDIS 0x0020 /* 1=Auto Polarity Correction disabled */
60 #define PHY_CFG2_JABDIS 0x0010 /* 1=Jabber disabled */
61 #define PHY_CFG2_MREG 0x0008 /* 1=Multiple register access (MII mgt) */
62 #define PHY_CFG2_INTMDIO 0x0004 /* 1=Interrupt signaled with MDIO pulseo */
63
64 /* PHY Status Output (and Interrupt status) Register */
65 #define PHY_INT_REG 0x12 /* Status Output (Interrupt Status) */
66 #define PHY_INT_INT 0x8000 /* 1=bits have changed since last read */
67 #define PHY_INT_LNKFAIL 0x4000 /* 1=Link Not detected */
68 #define PHY_INT_LOSSSYNC 0x2000 /* 1=Descrambler has lost sync */
69 #define PHY_INT_CWRD 0x1000 /* 1=Invalid 4B5B code detected on rx */
70 #define PHY_INT_SSD 0x0800 /* 1=No Start Of Stream detected on rx */
71 #define PHY_INT_ESD 0x0400 /* 1=No End Of Stream detected on rx */
72 #define PHY_INT_RPOL 0x0200 /* 1=Reverse Polarity detected */
73 #define PHY_INT_JAB 0x0100 /* 1=Jabber detected */
74 #define PHY_INT_SPDDET 0x0080 /* 1=100Base-TX mode, 0=10Base-T mode */
75 #define PHY_INT_DPLXDET 0x0040 /* 1=Device in Full Duplex */
76
77 /* PHY Interrupt/Status Mask Register */
78 #define PHY_MASK_REG 0x13 /* Interrupt Mask */
79 /* Uses the same bit definitions as PHY_INT_REG */
80
81 typedef struct {
82 int mdoe;
83 int mclk;
84 int mdi;
85 int mdo;
86 uint32_t data;
87 MII_State status;
88 unsigned reg;
89 uint16_t regs[32];
90 } MII;
91
92
93 /* Declarations from include/linux/mii.h. */
94
95 /* Generic MII registers. */
96
97 #define MII_BMCR 0x00 /* Basic mode control register */ // rw
98 #define MII_BMSR 0x01 /* Basic mode status register */ // r
99 #define MII_PHYSID1 0x02 /* PHYS ID 1 */
100 #define MII_PHYSID2 0x03 /* PHYS ID 2 */
101 #define MII_ADVERTISE 0x04 /* Advertisement control reg */ // rw
102 #define MII_LPA 0x05 /* Link partner ability reg */
103 #define MII_EXPANSION 0x06 /* Expansion register */
104 #define MII_CTRL1000 0x09 /* 1000BASE-T control */
105 #define MII_STAT1000 0x0a /* 1000BASE-T status */
106 #define MII_ESTATUS 0x0f /* Extended Status */
107 #define MII_DCOUNTER 0x12 /* Disconnect counter */
108 #define MII_FCSCOUNTER 0x13 /* False carrier counter */
109 #define MII_NWAYTEST 0x14 /* N-way auto-neg test reg */
110 #define MII_RERRCOUNTER 0x15 /* Receive error counter */
111 #define MII_SREVISION 0x16 /* Silicon revision */
112 #define MII_RESV1 0x17 /* Reserved... */
113 #define MII_LBRERROR 0x18 /* Lpback, rx, bypass error */
114 #define MII_PHYADDR 0x19 /* PHY address */
115 #define MII_RESV2 0x1a /* Reserved... */
116 #define MII_TPISTATUS 0x1b /* TPI status for 10mbps */
117 #define MII_NCONFIG 0x1c /* Network interface config */
118
119 /* Basic mode control register. */
120 #define BMCR_RESV 0x003f /* Unused... */
121 #define BMCR_SPEED1000 0x0040 /* MSB of Speed (1000) */
122 #define BMCR_CTST 0x0080 /* Collision test */
123 #define BMCR_FULLDPLX 0x0100 /* Full duplex */
124 #define BMCR_ANRESTART 0x0200 /* Auto negotiation restart */
125 #define BMCR_ISOLATE 0x0400 /* Disconnect PHY from MII */
126 #define BMCR_PDOWN 0x0800 /* Powerdown the */
127 #define BMCR_ANENABLE 0x1000 /* Enable auto negotiation */
128 #define BMCR_SPEED100 0x2000 /* Select 100Mbps */
129 #define BMCR_LOOPBACK 0x4000 /* TXD loopback bits */
130 #define BMCR_RESET 0x8000 /* Reset the PHY */
131
132 /* Basic mode status register. */
133 #define BMSR_ERCAP 0x0001 /* Ext-reg capability */
134 #define BMSR_JCD 0x0002 /* Jabber detected */
135 #define BMSR_LSTATUS 0x0004 /* Link status */
136 #define BMSR_ANEGCAPABLE 0x0008 /* Able to do auto-negotiation */
137 #define BMSR_RFAULT 0x0010 /* Remote fault detected */
138 #define BMSR_ANEGCOMPLETE 0x0020 /* Auto-negotiation complete */
139 #define BMSR_RESV 0x00c0 /* Unused... */
140 #define BMSR_ESTATEN 0x0100 /* Extended Status in R15 */
141 #define BMSR_100HALF2 0x0200 /* Can do 100BASE-T2 HDX */
142 #define BMSR_100FULL2 0x0400 /* Can do 100BASE-T2 FDX */
143 #define BMSR_10HALF 0x0800 /* Can do 10mbps, half-duplex */
144 #define BMSR_10FULL 0x1000 /* Can do 10mbps, full-duplex */
145 #define BMSR_100HALF 0x2000 /* Can do 100mbps, half-duplex */
146 #define BMSR_100FULL 0x4000 /* Can do 100mbps, full-duplex */
147 #define BMSR_100BASE4 0x8000 /* Can do 100mbps, 4k packets */
148
149 //~ #define PHY_STAT_CAP_SUPR 0x0040 /* 1=recv mgmt frames with not preamble */
150
151 /* Advertisement control register. */
152 #define ADVERTISE_SLCT 0x001f /* Selector bits */
153 #define ADVERTISE_CSMA 0x0001 /* Only selector supported */
154 #define ADVERTISE_10HALF 0x0020 /* Try for 10mbps half-duplex */
155 #define ADVERTISE_1000XFULL 0x0020 /* Try for 1000BASE-X full-duplex */
156 #define ADVERTISE_10FULL 0x0040 /* Try for 10mbps full-duplex */
157 #define ADVERTISE_1000XHALF 0x0040 /* Try for 1000BASE-X half-duplex */
158 #define ADVERTISE_100HALF 0x0080 /* Try for 100mbps half-duplex */
159 #define ADVERTISE_1000XPAUSE 0x0080 /* Try for 1000BASE-X pause */
160 #define ADVERTISE_100FULL 0x0100 /* Try for 100mbps full-duplex */
161 #define ADVERTISE_1000XPSE_ASYM 0x0100 /* Try for 1000BASE-X asym pause */
162 #define ADVERTISE_100BASE4 0x0200 /* Try for 100mbps 4k packets */
163 #define ADVERTISE_PAUSE_CAP 0x0400 /* Try for pause */
164 #define ADVERTISE_PAUSE_ASYM 0x0800 /* Try for asymetric pause */
165 #define ADVERTISE_RESV 0x1000 /* Unused... */
166 #define ADVERTISE_RFAULT 0x2000 /* Say we can detect faults */
167 #define ADVERTISE_LPACK 0x4000 /* Ack link partners response */
168 #define ADVERTISE_NPAGE 0x8000 /* Next page bit */
169
170 #define ADVERTISE_FULL (ADVERTISE_100FULL | ADVERTISE_10FULL | \
171 ADVERTISE_CSMA)
172 #define ADVERTISE_ALL (ADVERTISE_10HALF | ADVERTISE_10FULL | \
173 ADVERTISE_100HALF | ADVERTISE_100FULL)
174
175 /* Link partner ability register. */
176 #define LPA_SLCT 0x001f /* Same as advertise selector */
177 #define LPA_10HALF 0x0020 /* Can do 10mbps half-duplex */
178 #define LPA_1000XFULL 0x0020 /* Can do 1000BASE-X full-duplex */
179 #define LPA_10FULL 0x0040 /* Can do 10mbps full-duplex */
180 #define LPA_1000XHALF 0x0040 /* Can do 1000BASE-X half-duplex */
181 #define LPA_100HALF 0x0080 /* Can do 100mbps half-duplex */
182 #define LPA_1000XPAUSE 0x0080 /* Can do 1000BASE-X pause */
183 #define LPA_100FULL 0x0100 /* Can do 100mbps full-duplex */
184 #define LPA_1000XPAUSE_ASYM 0x0100 /* Can do 1000BASE-X pause asym*/
185 #define LPA_100BASE4 0x0200 /* Can do 100mbps 4k packets */
186 #define LPA_PAUSE_CAP 0x0400 /* Can pause */
187 #define LPA_PAUSE_ASYM 0x0800 /* Can pause asymetrically */
188 #define LPA_RESV 0x1000 /* Unused... */
189 #define LPA_RFAULT 0x2000 /* Link partner faulted */
190 #define LPA_LPACK 0x4000 /* Link partner acked us */
191 #define LPA_NPAGE 0x8000 /* Next page bit */
192
193 #define LPA_DUPLEX (LPA_10FULL | LPA_100FULL)
194 #define LPA_100 (LPA_100FULL | LPA_100HALF | LPA_100BASE4)
195
196 /* End of declarations from include/linux/mii.h. */
197
198 /* SMC 91C111 specific MII register. */
199
200 /* 0x06 ... 0x0f are reserved. */
201 #define MII_CONFIGURATION1 0x10 /* Configuration 1 */
202 #define MII_CONFIGURATION2 0x11 /* Configuration 2 */
203 #define MII_STATUSOUTPUT 0x12 /* Status Output */
204 //~ PHY_FCSCR = 0x13, /* Mask */
205 /* 0x14 is reserved. */
206 /* 0x15 ... 0x1f are unused. */
207
208
209 /* Default values for MII management registers (see IEEE 802.3-2008 22.2.4). */
210
211 static const uint16_t mii_regs_default[] = {
212 [MII_BMCR] = BMCR_ANENABLE | BMCR_SPEED100,
213 [MII_BMSR] = BMSR_100FULL | BMSR_100HALF | BMSR_10FULL | BMSR_10HALF |
214 BMSR_ANEGCAPABLE | BMSR_LSTATUS | BMSR_ERCAP,
215 [MII_ADVERTISE] = ADVERTISE_PAUSE_CAP | ADVERTISE_ALL | ADVERTISE_CSMA,
216 };
217
218 #define TYPE_SMC91C111 "smc91c111"
219 #define SMC91C111(obj) OBJECT_CHECK(smc91c111_state, (obj), TYPE_SMC91C111)
220
221 typedef struct {
222 SysBusDevice parent_obj;
223 MII mii;
224 NICState *nic;
225 NICConf conf;
226 uint16_t tcr;
227 uint16_t rcr;
228 uint16_t cr;
229 uint16_t ctr;
230 uint16_t gpr;
231 uint16_t ptr;
232 uint16_t ercv;
233 qemu_irq irq;
234 int bank;
235 int packet_num;
236 int tx_alloc;
237 /* Bitmask of allocated packets. */
238 int allocated;
239 int tx_fifo_len;
240 int tx_fifo[NUM_PACKETS];
241 int rx_fifo_len;
242 int rx_fifo[NUM_PACKETS];
243 int tx_fifo_done_len;
244 int tx_fifo_done[NUM_PACKETS];
245 /* Packet buffer memory. */
246 uint8_t data[NUM_PACKETS][2048];
247 uint8_t int_level;
248 uint8_t int_mask;
249 MemoryRegion mmio;
250 } smc91c111_state;
251
252 static const VMStateDescription vmstate_smc91c111 = {
253 .name = "smc91c111",
254 .version_id = 1,
255 .minimum_version_id = 1,
256 .fields = (VMStateField[]) {
257 VMSTATE_UINT16(tcr, smc91c111_state),
258 VMSTATE_UINT16(rcr, smc91c111_state),
259 VMSTATE_UINT16(cr, smc91c111_state),
260 VMSTATE_UINT16(ctr, smc91c111_state),
261 VMSTATE_UINT16(gpr, smc91c111_state),
262 VMSTATE_UINT16(ptr, smc91c111_state),
263 VMSTATE_UINT16(ercv, smc91c111_state),
264 VMSTATE_INT32(bank, smc91c111_state),
265 VMSTATE_INT32(packet_num, smc91c111_state),
266 VMSTATE_INT32(tx_alloc, smc91c111_state),
267 VMSTATE_INT32(allocated, smc91c111_state),
268 VMSTATE_INT32(tx_fifo_len, smc91c111_state),
269 VMSTATE_INT32_ARRAY(tx_fifo, smc91c111_state, NUM_PACKETS),
270 VMSTATE_INT32(rx_fifo_len, smc91c111_state),
271 VMSTATE_INT32_ARRAY(rx_fifo, smc91c111_state, NUM_PACKETS),
272 VMSTATE_INT32(tx_fifo_done_len, smc91c111_state),
273 VMSTATE_INT32_ARRAY(tx_fifo_done, smc91c111_state, NUM_PACKETS),
274 VMSTATE_BUFFER_UNSAFE(data, smc91c111_state, 0, NUM_PACKETS * 2048),
275 VMSTATE_UINT8(int_level, smc91c111_state),
276 VMSTATE_UINT8(int_mask, smc91c111_state),
277 VMSTATE_END_OF_LIST()
278 }
279 };
280
281 #define RCR_SOFT_RST 0x8000
282 #define RCR_STRIP_CRC 0x0200
283 #define RCR_RXEN 0x0100
284
285 #define TCR_EPH_LOOP 0x2000
286 #define TCR_NOCRC 0x0100
287 #define TCR_PAD_EN 0x0080
288 #define TCR_FORCOL 0x0004
289 #define TCR_LOOP 0x0002
290 #define TCR_TXEN 0x0001
291
292 #define INT_MD 0x80
293 #define INT_ERCV 0x40
294 #define INT_EPH 0x20
295 #define INT_RX_OVRN 0x10
296 #define INT_ALLOC 0x08
297 #define INT_TX_EMPTY 0x04
298 #define INT_TX 0x02
299 #define INT_RCV 0x01
300
301 #define CTR_AUTO_RELEASE 0x0800
302 #define CTR_RELOAD 0x0002
303 #define CTR_STORE 0x0001
304
305 #define RS_ALGNERR 0x8000
306 #define RS_BRODCAST 0x4000
307 #define RS_BADCRC 0x2000
308 #define RS_ODDFRAME 0x1000
309 #define RS_TOOLONG 0x0800
310 #define RS_TOOSHORT 0x0400
311 #define RS_MULTICAST 0x0001
312
313 static void mii_write(MII *mii, uint32_t value)
314 {
315 /*
316 A timing diagram for a Ml serial port frame is shown in Figure 7.1. The Ml serial port is idle when at
317 least 32 continuous 1's are detected on MDIO and remains idle as long as continuous 1's are detected.
318 During idle, MDIO is in the high impedance state. When the Ml serial port is in the idle state, a 01
319 pattern on the MDIO initiates a serial shift cycle. Data on MDIO is then shifted in on the next 14 rising
320 edges of MDC (MDIO is high impedance). If the register access mode is not enabled, on the next 16
321 rising edges of MDC, data is either shifted in or out on MDIO, depending on whether a write or read
322 cycle was selected with the bits READ and WRITE. After the 32 MDC cycles have been completed,
323 one complete register has been read/written, the serial shift process is halted, data is latched into the
324 device, and MDIO goes into high impedance state. Another serial shift cycle cannot be initiated until
325 the idle condition (at least 32 continuous 1's) is detected.
326 */
327 bool clock = !mii->mclk && (value & 4);
328
329 assert((value & 0xfffffff0) == 0x30);
330
331 if (clock) {
332 /* Raising clock. */
333 mii->mdi = value & MII_MDI;
334 mii->mdoe = value & MII_MDOE;
335 mii->mdo = value & MII_MDO;
336 mii->data = (mii->data << 1) + (value & 1);
337 logout("%u%u%u%u %08x\n",
338 mii->mdoe ? 1 : 0, mii->mclk ? 1 : 0,
339 mii->mdi ? 1 : 0, mii->mdo ? 1 : 0,
340 mii->data);
341 switch (mii->status) {
342 case MII_WAITING:
343 if (mii->data == 0xffffffff) {
344 logout("mii is idle\n");
345 mii->mdi = MII_MDI;
346 mii->status = MII_IDLE;
347 }
348 break;
349 case MII_IDLE:
350 if (mii->data == 0xfffffffd) {
351 logout("mii got start bit pattern 01\n");
352 mii->status = MII_GOT_START;
353 }
354 break;
355 case MII_GOT_START:
356 if ((mii->data & 0xffffc000) == 0xffff4000) {
357 unsigned op = (mii->data >> 12) & 0x3;
358 unsigned phy = (mii->data >> 7) & 0x1f;
359 unsigned reg = (mii->data >> 2) & 0x1f;
360 logout("mii got 14 bits (op=%u, phy=%u, reg=%u, ta=%u)\n",
361 op, phy, reg, mii->data & 0x3);
362 mii->reg = reg;
363 if (phy != 0) {
364 logout("Wrong phy %u, wait for idle\n", phy);
365 mii->status = MII_WAITING;
366 } else if (reg >= ARRAY_SIZE(mii->regs)) {
367 logout("Wrong reg %u, wait for idle\n", reg);
368 mii->status = MII_WAITING;
369 } else if (op == 1) {
370 mii->status = MII_WRITE;
371 } else if (op == 2) {
372 mii->data = mii->regs[reg];
373 mii->mdi = 0;
374 mii->status = MII_READ;
375 } else {
376 logout("Illegal MII operation %u, wait for idle\n", op);
377 mii->status = MII_WAITING;
378 }
379 }
380 break;
381 case MII_WRITE:
382 if ((mii->data & 0xc0000000) == 0x40000000) {
383 uint16_t data = mii->data & 0xffff;
384 logout("mii wrote 16 bits (data=0x%04x=%u)\n", data, data);
385 mii->regs[mii->reg] = data;
386 mii->status = MII_WAITING;
387 }
388 break;
389 case MII_READ:
390 if ((mii->data & 0x0000ffff) == 0x0000ffff) {
391 logout("mii read 16 bits\n");
392 mii->mdi = MII_MDI;
393 mii->status = MII_WAITING;
394 } else {
395 mii->data |= 1;
396 mii->mdi = (mii->data & 0x00010000) ? MII_MDI : 0;
397 }
398 break;
399 }
400 } /* clock */
401 mii->mclk = value & MII_MCLK;
402 //~ assert(mii->mdoe);
403 }
404
405 static void mii_reset(MII *mii)
406 {
407 memcpy(mii->regs, mii_regs_default, sizeof(mii->regs));
408 }
409
410 /* Update interrupt status. */
411 static void smc91c111_update(smc91c111_state *s)
412 {
413 int level;
414
415 if (s->tx_fifo_len == 0)
416 s->int_level |= INT_TX_EMPTY;
417 if (s->tx_fifo_done_len != 0)
418 s->int_level |= INT_TX;
419 level = (s->int_level & s->int_mask) != 0;
420 qemu_set_irq(s->irq, level);
421 }
422
423 static int smc91c111_can_receive(smc91c111_state *s)
424 {
425 if ((s->rcr & RCR_RXEN) == 0 || (s->rcr & RCR_SOFT_RST)) {
426 return 1;
427 }
428 if (s->allocated == (1 << NUM_PACKETS) - 1 ||
429 s->rx_fifo_len == NUM_PACKETS) {
430 return 0;
431 }
432 return 1;
433 }
434
435 static inline void smc91c111_flush_queued_packets(smc91c111_state *s)
436 {
437 if (smc91c111_can_receive(s)) {
438 qemu_flush_queued_packets(qemu_get_queue(s->nic));
439 }
440 }
441
442 /* Try to allocate a packet. Returns 0x80 on failure. */
443 static int smc91c111_allocate_packet(smc91c111_state *s)
444 {
445 int i;
446 if (s->allocated == (1 << NUM_PACKETS) - 1) {
447 return 0x80;
448 }
449
450 for (i = 0; i < NUM_PACKETS; i++) {
451 if ((s->allocated & (1 << i)) == 0)
452 break;
453 }
454 s->allocated |= 1 << i;
455 return i;
456 }
457
458
459 /* Process a pending TX allocate. */
460 static void smc91c111_tx_alloc(smc91c111_state *s)
461 {
462 s->tx_alloc = smc91c111_allocate_packet(s);
463 if (s->tx_alloc == 0x80)
464 return;
465 s->int_level |= INT_ALLOC;
466 smc91c111_update(s);
467 }
468
469 /* Remove and item from the RX FIFO. */
470 static void smc91c111_pop_rx_fifo(smc91c111_state *s)
471 {
472 int i;
473
474 s->rx_fifo_len--;
475 if (s->rx_fifo_len) {
476 for (i = 0; i < s->rx_fifo_len; i++)
477 s->rx_fifo[i] = s->rx_fifo[i + 1];
478 s->int_level |= INT_RCV;
479 } else {
480 s->int_level &= ~INT_RCV;
481 }
482 smc91c111_flush_queued_packets(s);
483 smc91c111_update(s);
484 }
485
486 /* Remove an item from the TX completion FIFO. */
487 static void smc91c111_pop_tx_fifo_done(smc91c111_state *s)
488 {
489 int i;
490
491 if (s->tx_fifo_done_len == 0)
492 return;
493 s->tx_fifo_done_len--;
494 for (i = 0; i < s->tx_fifo_done_len; i++)
495 s->tx_fifo_done[i] = s->tx_fifo_done[i + 1];
496 }
497
498 /* Release the memory allocated to a packet. */
499 static void smc91c111_release_packet(smc91c111_state *s, int packet)
500 {
501 s->allocated &= ~(1 << packet);
502 if (s->tx_alloc == 0x80)
503 smc91c111_tx_alloc(s);
504 smc91c111_flush_queued_packets(s);
505 }
506
507 /* Flush the TX FIFO. */
508 static void smc91c111_do_tx(smc91c111_state *s)
509 {
510 int i;
511 int len;
512 int control;
513 int packetnum;
514 uint8_t *p;
515
516 if ((s->tcr & TCR_TXEN) == 0)
517 return;
518 if (s->tx_fifo_len == 0)
519 return;
520 for (i = 0; i < s->tx_fifo_len; i++) {
521 packetnum = s->tx_fifo[i];
522 p = &s->data[packetnum][0];
523 /* Set status word. */
524 *(p++) = 0x01;
525 *(p++) = 0x40;
526 len = *(p++);
527 len |= ((int)*(p++)) << 8;
528 len -= 6;
529 control = p[len + 1];
530 if (control & 0x20)
531 len++;
532 /* ??? This overwrites the data following the buffer.
533 Don't know what real hardware does. */
534 if (len < 64 && (s->tcr & TCR_PAD_EN)) {
535 memset(p + len, 0, 64 - len);
536 len = 64;
537 }
538 #if 0
539 {
540 int add_crc;
541
542 /* The card is supposed to append the CRC to the frame.
543 However none of the other network traffic has the CRC
544 appended. Suspect this is low level ethernet detail we
545 don't need to worry about. */
546 add_crc = (control & 0x10) || (s->tcr & TCR_NOCRC) == 0;
547 if (add_crc) {
548 uint32_t crc;
549
550 crc = crc32(~0, p, len);
551 memcpy(p + len, &crc, 4);
552 len += 4;
553 }
554 }
555 #endif
556 if (s->ctr & CTR_AUTO_RELEASE)
557 /* Race? */
558 smc91c111_release_packet(s, packetnum);
559 else if (s->tx_fifo_done_len < NUM_PACKETS)
560 s->tx_fifo_done[s->tx_fifo_done_len++] = packetnum;
561 qemu_send_packet(qemu_get_queue(s->nic), p, len);
562 }
563 s->tx_fifo_len = 0;
564 smc91c111_update(s);
565 }
566
567 /* Add a packet to the TX FIFO. */
568 static void smc91c111_queue_tx(smc91c111_state *s, int packet)
569 {
570 if (s->tx_fifo_len == NUM_PACKETS)
571 return;
572 s->tx_fifo[s->tx_fifo_len++] = packet;
573 smc91c111_do_tx(s);
574 }
575
576 static void smc91c111_reset(DeviceState *dev)
577 {
578 smc91c111_state *s = SMC91C111(dev);
579
580 s->bank = 0;
581 s->tx_fifo_len = 0;
582 s->tx_fifo_done_len = 0;
583 s->rx_fifo_len = 0;
584 s->allocated = 0;
585 s->packet_num = 0;
586 s->tx_alloc = 0;
587 s->tcr = 0;
588 s->rcr = 0;
589 s->cr = 0xa0b1;
590 s->ctr = 0x1210;
591 s->ptr = 0;
592 s->ercv = 0x1f;
593 s->int_level = INT_TX_EMPTY;
594 s->int_mask = 0;
595 mii_reset(&s->mii);
596 smc91c111_update(s);
597 }
598
599 #define SET_LOW(name, val) s->name = (s->name & 0xff00) | val
600 #define SET_HIGH(name, val) s->name = (s->name & 0xff) | (val << 8)
601
602 static void smc91c111_writeb(void *opaque, hwaddr offset,
603 uint32_t value)
604 {
605 smc91c111_state *s = (smc91c111_state *)opaque;
606
607 offset = offset & 0xf;
608 if (offset == 14) {
609 s->bank = value;
610 return;
611 }
612 if (offset == 15)
613 return;
614 switch (s->bank) {
615 case 0:
616 switch (offset) {
617 case 0: /* TCR */
618 SET_LOW(tcr, value);
619 return;
620 case 1:
621 SET_HIGH(tcr, value);
622 return;
623 case 4: /* RCR */
624 SET_LOW(rcr, value);
625 return;
626 case 5:
627 SET_HIGH(rcr, value);
628 if (s->rcr & RCR_SOFT_RST) {
629 smc91c111_reset(DEVICE(s));
630 }
631 smc91c111_flush_queued_packets(s);
632 return;
633 case 10: case 11: /* RPCR */
634 /* Ignored */
635 return;
636 case 12: case 13: /* Reserved */
637 return;
638 default:
639 logout(TARGET_FMT_plx "= %02" PRIx32 "\n", offset, value);
640 }
641 break;
642
643 case 1:
644 switch (offset) {
645 case 0: /* CONFIG */
646 SET_LOW(cr, value);
647 return;
648 case 1:
649 SET_HIGH(cr,value);
650 return;
651 case 2: case 3: /* BASE */
652 case 4: case 5: case 6: case 7: case 8: case 9: /* IA */
653 logout(TARGET_FMT_plx "= %02" PRIx32 "\n", offset, value);
654 return;
655 case 10: /* General Purpose */
656 SET_LOW(gpr, value);
657 return;
658 case 11:
659 SET_HIGH(gpr, value);
660 return;
661 case 12: /* Control */
662 if (value & 1)
663 fprintf(stderr, "smc91c111:EEPROM store not implemented\n");
664 if (value & 2)
665 fprintf(stderr, "smc91c111:EEPROM reload not implemented\n");
666 value &= ~3;
667 SET_LOW(ctr, value);
668 return;
669 case 13:
670 SET_HIGH(ctr, value);
671 return;
672 default:
673 logout(TARGET_FMT_plx "= %02" PRIx32 "\n", offset, value);
674 }
675 break;
676
677 case 2:
678 switch (offset) {
679 case 0: /* MMU Command */
680 switch (value >> 5) {
681 case 0: /* no-op */
682 break;
683 case 1: /* Allocate for TX. */
684 s->tx_alloc = 0x80;
685 s->int_level &= ~INT_ALLOC;
686 smc91c111_update(s);
687 smc91c111_tx_alloc(s);
688 break;
689 case 2: /* Reset MMU. */
690 s->allocated = 0;
691 s->tx_fifo_len = 0;
692 s->tx_fifo_done_len = 0;
693 s->rx_fifo_len = 0;
694 s->tx_alloc = 0;
695 break;
696 case 3: /* Remove from RX FIFO. */
697 smc91c111_pop_rx_fifo(s);
698 break;
699 case 4: /* Remove from RX FIFO and release. */
700 if (s->rx_fifo_len > 0) {
701 smc91c111_release_packet(s, s->rx_fifo[0]);
702 }
703 smc91c111_pop_rx_fifo(s);
704 break;
705 case 5: /* Release. */
706 smc91c111_release_packet(s, s->packet_num);
707 break;
708 case 6: /* Add to TX FIFO. */
709 smc91c111_queue_tx(s, s->packet_num);
710 break;
711 case 7: /* Reset TX FIFO. */
712 s->tx_fifo_len = 0;
713 s->tx_fifo_done_len = 0;
714 break;
715 default:
716 logout(TARGET_FMT_plx "= %02" PRIx32 "\n", offset, value);
717 }
718 return;
719 case 1:
720 /* Ignore. */
721 return;
722 case 2: /* Packet Number Register */
723 s->packet_num = value;
724 return;
725 case 3: case 4: case 5:
726 /* Should be readonly, but linux writes to them anyway. Ignore. */
727 return;
728 case 6: /* Pointer */
729 SET_LOW(ptr, value);
730 return;
731 case 7:
732 SET_HIGH(ptr, value);
733 return;
734 case 8: case 9: case 10: case 11: /* Data */
735 {
736 int p;
737 int n;
738
739 if (s->ptr & 0x8000)
740 n = s->rx_fifo[0];
741 else
742 n = s->packet_num;
743 p = s->ptr & 0x07ff;
744 if (s->ptr & 0x4000) {
745 s->ptr = (s->ptr & 0xf800) | ((s->ptr + 1) & 0x7ff);
746 } else {
747 p += (offset & 3);
748 }
749 s->data[n][p] = value;
750 }
751 return;
752 case 12: /* Interrupt ACK. */
753 s->int_level &= ~(value & 0xd6);
754 if (value & INT_TX)
755 smc91c111_pop_tx_fifo_done(s);
756 smc91c111_update(s);
757 return;
758 case 13: /* Interrupt mask. */
759 s->int_mask = value;
760 smc91c111_update(s);
761 return;
762 default:
763 logout(TARGET_FMT_plx "= %02" PRIx32 "\n", offset, value);
764 }
765 break;
766
767 case 3:
768 switch (offset) {
769 case 0: case 1: case 2: case 3: case 4: case 5: case 6: case 7:
770 /* Multicast table. */
771 logout(TARGET_FMT_plx "= %02" PRIx32 "\n", offset, value);
772 return;
773 case 8: /* Management Interface (low). */
774 mii_write(&s->mii, value);
775 return;
776 case 9: /* Management Interface (high). */
777 if (value != 0x33) {
778 /* MSK_CRS100 not implemented. */
779 logout(TARGET_FMT_plx "= %02" PRIx32 "\n", offset, value);
780 }
781 return;
782 case 12: /* Early receive. */
783 s->ercv = value & 0x1f;
784 return;
785 case 13:
786 /* Ignore. */
787 logout(TARGET_FMT_plx "= %02" PRIx32 "\n", offset, value);
788 return;
789 default:
790 logout(TARGET_FMT_plx "= %02" PRIx32 "\n", offset, value);
791 }
792 break;
793 default:
794 logout(TARGET_FMT_plx "= %02" PRIx32 "\n", offset, value);
795 }
796 hw_error("smc91c111_write: Bad reg %d:%x\n", s->bank, (int)offset);
797 }
798
799 static uint32_t smc91c111_readb(void *opaque, hwaddr offset)
800 {
801 smc91c111_state *s = (smc91c111_state *)opaque;
802
803 offset = offset & 0xf;
804 if (offset == 14) {
805 return s->bank;
806 }
807 if (offset == 15)
808 return 0x33;
809 switch (s->bank) {
810 case 0:
811 switch (offset) {
812 case 0: /* TCR */
813 return s->tcr & 0xff;
814 case 1:
815 return s->tcr >> 8;
816 case 2: /* EPH Status */
817 return 0;
818 case 3:
819 return 0x40;
820 case 4: /* RCR */
821 return s->rcr & 0xff;
822 case 5:
823 return s->rcr >> 8;
824 case 6: /* Counter */
825 case 7:
826 logout(TARGET_FMT_plx "\n", offset);
827 return 0;
828 case 8: /* Memory size. */
829 return NUM_PACKETS;
830 case 9: /* Free memory available. */
831 {
832 int i;
833 int n;
834 n = 0;
835 for (i = 0; i < NUM_PACKETS; i++) {
836 if (s->allocated & (1 << i))
837 n++;
838 }
839 return n;
840 }
841 case 10: case 11: /* RPCR */
842 logout(TARGET_FMT_plx "\n", offset);
843 return 0;
844 case 12: case 13: /* Reserved */
845 return 0;
846 default:
847 logout(TARGET_FMT_plx "\n", offset);
848 }
849 break;
850
851 case 1:
852 switch (offset) {
853 case 0: /* CONFIG */
854 return s->cr & 0xff;
855 case 1:
856 return s->cr >> 8;
857 case 2: case 3: /* BASE */
858 logout(TARGET_FMT_plx "\n", offset);
859 return 0;
860 case 4: case 5: case 6: case 7: case 8: case 9: /* IA */
861 return s->conf.macaddr.a[offset - 4];
862 case 10: /* General Purpose */
863 return s->gpr & 0xff;
864 case 11:
865 return s->gpr >> 8;
866 case 12: /* Control */
867 return s->ctr & 0xff;
868 case 13:
869 return s->ctr >> 8;
870 default:
871 logout(TARGET_FMT_plx "\n", offset);
872 }
873 break;
874
875 case 2:
876 switch (offset) {
877 case 0: case 1: /* MMUCR Busy bit. */
878 return 0;
879 case 2: /* Packet Number. */
880 return s->packet_num;
881 case 3: /* Allocation Result. */
882 return s->tx_alloc;
883 case 4: /* TX FIFO */
884 if (s->tx_fifo_done_len == 0)
885 return 0x80;
886 else
887 return s->tx_fifo_done[0];
888 case 5: /* RX FIFO */
889 if (s->rx_fifo_len == 0)
890 return 0x80;
891 else
892 return s->rx_fifo[0];
893 case 6: /* Pointer */
894 return s->ptr & 0xff;
895 case 7:
896 return (s->ptr >> 8) & 0xf7;
897 case 8: case 9: case 10: case 11: /* Data */
898 {
899 int p;
900 int n;
901
902 if (s->ptr & 0x8000)
903 n = s->rx_fifo[0];
904 else
905 n = s->packet_num;
906 p = s->ptr & 0x07ff;
907 if (s->ptr & 0x4000) {
908 s->ptr = (s->ptr & 0xf800) | ((s->ptr + 1) & 0x07ff);
909 } else {
910 p += (offset & 3);
911 }
912 return s->data[n][p];
913 }
914 case 12: /* Interrupt status. */
915 return s->int_level;
916 case 13: /* Interrupt mask. */
917 return s->int_mask;
918 default:
919 logout(TARGET_FMT_plx "\n", offset);
920 }
921 break;
922
923 case 3:
924 switch (offset) {
925 case 0: case 1: case 2: case 3: case 4: case 5: case 6: case 7:
926 /* Multicast table. */
927 logout(TARGET_FMT_plx "\n", offset);
928 return 0;
929 case 8: /* Management Interface (low). */
930 logout(TARGET_FMT_plx "\n", offset);
931 return 0x30 + s->mii.mdi;
932 case 9: /* Management Interface (high). */
933 return 0x33;
934 case 10: /* Revision. */
935 return 0x91;
936 case 11:
937 return 0x33;
938 case 12:
939 return s->ercv;
940 case 13:
941 return 0;
942 default:
943 logout(TARGET_FMT_plx "\n", offset);
944 }
945 break;
946 default:
947 logout(TARGET_FMT_plx "\n", offset);
948 }
949 hw_error("smc91c111_read: Bad reg %d:%x\n", s->bank, (int)offset);
950 return 0;
951 }
952
953 static void smc91c111_writew(void *opaque, hwaddr offset,
954 uint32_t value)
955 {
956 smc91c111_writeb(opaque, offset, value & 0xff);
957 smc91c111_writeb(opaque, offset + 1, value >> 8);
958 }
959
960 static void smc91c111_writel(void *opaque, hwaddr offset,
961 uint32_t value)
962 {
963 /* 32-bit writes to offset 0xc only actually write to the bank select
964 register (offset 0xe) */
965 if (offset != 0xc)
966 smc91c111_writew(opaque, offset, value & 0xffff);
967 smc91c111_writew(opaque, offset + 2, value >> 16);
968 }
969
970 static uint32_t smc91c111_readw(void *opaque, hwaddr offset)
971 {
972 uint32_t val;
973 val = smc91c111_readb(opaque, offset);
974 val |= smc91c111_readb(opaque, offset + 1) << 8;
975 return val;
976 }
977
978 static uint32_t smc91c111_readl(void *opaque, hwaddr offset)
979 {
980 uint32_t val;
981 val = smc91c111_readw(opaque, offset);
982 val |= smc91c111_readw(opaque, offset + 2) << 16;
983 return val;
984 }
985
986 static int smc91c111_can_receive_nc(NetClientState *nc)
987 {
988 smc91c111_state *s = qemu_get_nic_opaque(nc);
989
990 return smc91c111_can_receive(s);
991 }
992
993 static ssize_t smc91c111_receive(NetClientState *nc, const uint8_t *buf, size_t size)
994 {
995 smc91c111_state *s = qemu_get_nic_opaque(nc);
996 int status;
997 int packetsize;
998 uint32_t crc;
999 int packetnum;
1000 uint8_t *p;
1001
1002 if ((s->rcr & RCR_RXEN) == 0 || (s->rcr & RCR_SOFT_RST))
1003 return -1;
1004 /* Short packets are padded with zeros. Receiving a packet
1005 < 64 bytes long is considered an error condition. */
1006 if (size < 64)
1007 packetsize = 64;
1008 else
1009 packetsize = (size & ~1);
1010 packetsize += 6;
1011 crc = (s->rcr & RCR_STRIP_CRC) == 0;
1012 if (crc)
1013 packetsize += 4;
1014 /* TODO: Flag overrun and receive errors. */
1015 if (packetsize > 2048)
1016 return -1;
1017 packetnum = smc91c111_allocate_packet(s);
1018 if (packetnum == 0x80)
1019 return -1;
1020 s->rx_fifo[s->rx_fifo_len++] = packetnum;
1021
1022 p = &s->data[packetnum][0];
1023 /* ??? Multicast packets? */
1024 status = 0;
1025 if (size > 1518)
1026 status |= RS_TOOLONG;
1027 if (size & 1)
1028 status |= RS_ODDFRAME;
1029 *(p++) = status & 0xff;
1030 *(p++) = status >> 8;
1031 *(p++) = packetsize & 0xff;
1032 *(p++) = packetsize >> 8;
1033 memcpy(p, buf, size & ~1);
1034 p += (size & ~1);
1035 /* Pad short packets. */
1036 if (size < 64) {
1037 int pad;
1038
1039 if (size & 1)
1040 *(p++) = buf[size - 1];
1041 pad = 64 - size;
1042 memset(p, 0, pad);
1043 p += pad;
1044 size = 64;
1045 }
1046 /* It's not clear if the CRC should go before or after the last byte in
1047 odd sized packets. Linux disables the CRC, so that's no help.
1048 The pictures in the documentation show the CRC aligned on a 16-bit
1049 boundary before the last odd byte, so that's what we do. */
1050 if (crc) {
1051 crc = crc32(~0, buf, size);
1052 *(p++) = crc & 0xff; crc >>= 8;
1053 *(p++) = crc & 0xff; crc >>= 8;
1054 *(p++) = crc & 0xff; crc >>= 8;
1055 *(p++) = crc & 0xff;
1056 }
1057 if (size & 1) {
1058 *(p++) = buf[size - 1];
1059 *p = 0x60;
1060 } else {
1061 *(p++) = 0;
1062 *p = 0x40;
1063 }
1064 /* TODO: Raise early RX interrupt? */
1065 s->int_level |= INT_RCV;
1066 smc91c111_update(s);
1067
1068 return size;
1069 }
1070
1071 static const MemoryRegionOps smc91c111_mem_ops = {
1072 /* The special case for 32 bit writes to 0xc means we can't just
1073 * set .impl.min/max_access_size to 1, unfortunately
1074 */
1075 .old_mmio = {
1076 .read = { smc91c111_readb, smc91c111_readw, smc91c111_readl, },
1077 .write = { smc91c111_writeb, smc91c111_writew, smc91c111_writel, },
1078 },
1079 .endianness = DEVICE_NATIVE_ENDIAN,
1080 };
1081
1082 static NetClientInfo net_smc91c111_info = {
1083 .type = NET_CLIENT_OPTIONS_KIND_NIC,
1084 .size = sizeof(NICState),
1085 .can_receive = smc91c111_can_receive_nc,
1086 .receive = smc91c111_receive,
1087 };
1088
1089 static int smc91c111_init1(SysBusDevice *sbd)
1090 {
1091 DeviceState *dev = DEVICE(sbd);
1092 smc91c111_state *s = SMC91C111(dev);
1093
1094 memory_region_init_io(&s->mmio, OBJECT(s), &smc91c111_mem_ops, s,
1095 "smc91c111-mmio", 16);
1096 sysbus_init_mmio(sbd, &s->mmio);
1097 sysbus_init_irq(sbd, &s->irq);
1098 qemu_macaddr_default_if_unset(&s->conf.macaddr);
1099 s->nic = qemu_new_nic(&net_smc91c111_info, &s->conf,
1100 object_get_typename(OBJECT(dev)), dev->id, s);
1101 qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a);
1102 /* ??? Save/restore. */
1103 return 0;
1104 }
1105
1106 static Property smc91c111_properties[] = {
1107 DEFINE_NIC_PROPERTIES(smc91c111_state, conf),
1108 DEFINE_PROP_END_OF_LIST(),
1109 };
1110
1111 static void smc91c111_class_init(ObjectClass *klass, void *data)
1112 {
1113 DeviceClass *dc = DEVICE_CLASS(klass);
1114 SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
1115
1116 k->init = smc91c111_init1;
1117 dc->reset = smc91c111_reset;
1118 dc->vmsd = &vmstate_smc91c111;
1119 dc->props = smc91c111_properties;
1120 }
1121
1122 static const TypeInfo smc91c111_info = {
1123 .name = TYPE_SMC91C111,
1124 .parent = TYPE_SYS_BUS_DEVICE,
1125 .instance_size = sizeof(smc91c111_state),
1126 .class_init = smc91c111_class_init,
1127 };
1128
1129 static void smc91c111_register_types(void)
1130 {
1131 type_register_static(&smc91c111_info);
1132 }
1133
1134 /* Legacy helper function. Should go away when machine config files are
1135 implemented. */
1136 void smc91c111_init(NICInfo *nd, uint32_t base, qemu_irq irq)
1137 {
1138 DeviceState *dev;
1139 SysBusDevice *s;
1140
1141 qemu_check_nic_model(nd, "smc91c111");
1142 dev = qdev_create(NULL, TYPE_SMC91C111);
1143 qdev_set_nic_properties(dev, nd);
1144 qdev_init_nofail(dev);
1145 s = SYS_BUS_DEVICE(dev);
1146 sysbus_mmio_map(s, 0, base);
1147 sysbus_connect_irq(s, 0, irq);
1148 }
1149
1150 type_init(smc91c111_register_types)
AR7 emulation for QEMU