search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge remote-tracking branch 'qemu/master'
[qemu/ar7.git] / hw / net / smc91c111.c
blob4173e1381580d23fae6c870a499eec898c862a6a
1 /*
2 * SMSC 91C111 Ethernet interface emulation
3 *
4 * Copyright (c) 2005 CodeSourcery, LLC.
5 * Written by Paul Brook
6 *
7 * This code is licensed under the GPL
8 */
9
10 #include "hw/sysbus.h"
11 #include "net/net.h"
12 #include "hw/devices.h"
13 /* For crc32 */
14 #include <zlib.h>
15
16 /* Number of 2k memory pages available. */
17 #define NUM_PACKETS 4
18
19 #if 0
20 # define logout(fmt, ...) \
21 fprintf(stderr, "SMC91C111\t%-24s %s:%u " fmt, __func__, __FILE__, __LINE__, ##__VA_ARGS__)
22 #else
23 # define logout(fmt, ...) (void)0
24 #endif
25
26 typedef enum {
27 MII_WAITING,
28 MII_IDLE,
29 MII_GOT_START,
30 MII_READ,
31 MII_WRITE
32 } MII_State;
33
34 typedef enum {
35 MII_MDOE = 8,
36 MII_MCLK = 4,
37 MII_MDI = 2,
38 MII_MDO = 1
39 } MII_BITS;
40
41 /* PHY Register Addresses (LAN91C111 Internal PHY) */
42
43 /* PHY Configuration Register 1 */
44 #define PHY_CFG1_REG 0x10
45 #define PHY_CFG1_LNKDIS 0x8000 /* 1=Rx Link Detect Function disabled */
46 #define PHY_CFG1_XMTDIS 0x4000 /* 1=TP Transmitter Disabled */
47 #define PHY_CFG1_XMTPDN 0x2000 /* 1=TP Transmitter Powered Down */
48 #define PHY_CFG1_BYPSCR 0x0400 /* 1=Bypass scrambler/descrambler */
49 #define PHY_CFG1_UNSCDS 0x0200 /* 1=Unscramble Idle Reception Disable */
50 #define PHY_CFG1_EQLZR 0x0100 /* 1=Rx Equalizer Disabled */
51 #define PHY_CFG1_CABLE 0x0080 /* 1=STP(150ohm), 0=UTP(100ohm) */
52 #define PHY_CFG1_RLVL0 0x0040 /* 1=Rx Squelch level reduced by 4.5db */
53 #define PHY_CFG1_TLVL_SHIFT 2 /* Transmit Output Level Adjust */
54 #define PHY_CFG1_TLVL_MASK 0x003C
55 #define PHY_CFG1_TRF_MASK 0x0003 /* Transmitter Rise/Fall time */
56
57 /* PHY Configuration Register 2 */
58 #define PHY_CFG2_REG 0x11
59 #define PHY_CFG2_APOLDIS 0x0020 /* 1=Auto Polarity Correction disabled */
60 #define PHY_CFG2_JABDIS 0x0010 /* 1=Jabber disabled */
61 #define PHY_CFG2_MREG 0x0008 /* 1=Multiple register access (MII mgt) */
62 #define PHY_CFG2_INTMDIO 0x0004 /* 1=Interrupt signaled with MDIO pulseo */
63
64 /* PHY Status Output (and Interrupt status) Register */
65 #define PHY_INT_REG 0x12 /* Status Output (Interrupt Status) */
66 #define PHY_INT_INT 0x8000 /* 1=bits have changed since last read */
67 #define PHY_INT_LNKFAIL 0x4000 /* 1=Link Not detected */
68 #define PHY_INT_LOSSSYNC 0x2000 /* 1=Descrambler has lost sync */
69 #define PHY_INT_CWRD 0x1000 /* 1=Invalid 4B5B code detected on rx */
70 #define PHY_INT_SSD 0x0800 /* 1=No Start Of Stream detected on rx */
71 #define PHY_INT_ESD 0x0400 /* 1=No End Of Stream detected on rx */
72 #define PHY_INT_RPOL 0x0200 /* 1=Reverse Polarity detected */
73 #define PHY_INT_JAB 0x0100 /* 1=Jabber detected */
74 #define PHY_INT_SPDDET 0x0080 /* 1=100Base-TX mode, 0=10Base-T mode */
75 #define PHY_INT_DPLXDET 0x0040 /* 1=Device in Full Duplex */
76
77 /* PHY Interrupt/Status Mask Register */
78 #define PHY_MASK_REG 0x13 /* Interrupt Mask */
79 /* Uses the same bit definitions as PHY_INT_REG */
80
81 typedef struct {
82 int mdoe;
83 int mclk;
84 int mdi;
85 int mdo;
86 uint32_t data;
87 MII_State status;
88 unsigned reg;
89 uint16_t regs[32];
90 } MII;
91
92
93 /* Declarations from include/linux/mii.h. */
94
95 /* Generic MII registers. */
96
97 #define MII_BMCR 0x00 /* Basic mode control register */ // rw
98 #define MII_BMSR 0x01 /* Basic mode status register */ // r
99 #define MII_PHYSID1 0x02 /* PHYS ID 1 */
100 #define MII_PHYSID2 0x03 /* PHYS ID 2 */
101 #define MII_ADVERTISE 0x04 /* Advertisement control reg */ // rw
102 #define MII_LPA 0x05 /* Link partner ability reg */
103 #define MII_EXPANSION 0x06 /* Expansion register */
104 #define MII_CTRL1000 0x09 /* 1000BASE-T control */
105 #define MII_STAT1000 0x0a /* 1000BASE-T status */
106 #define MII_ESTATUS 0x0f /* Extended Status */
107 #define MII_DCOUNTER 0x12 /* Disconnect counter */
108 #define MII_FCSCOUNTER 0x13 /* False carrier counter */
109 #define MII_NWAYTEST 0x14 /* N-way auto-neg test reg */
110 #define MII_RERRCOUNTER 0x15 /* Receive error counter */
111 #define MII_SREVISION 0x16 /* Silicon revision */
112 #define MII_RESV1 0x17 /* Reserved... */
113 #define MII_LBRERROR 0x18 /* Lpback, rx, bypass error */
114 #define MII_PHYADDR 0x19 /* PHY address */
115 #define MII_RESV2 0x1a /* Reserved... */
116 #define MII_TPISTATUS 0x1b /* TPI status for 10mbps */
117 #define MII_NCONFIG 0x1c /* Network interface config */
118
119 /* Basic mode control register. */
120 #define BMCR_RESV 0x003f /* Unused... */
121 #define BMCR_SPEED1000 0x0040 /* MSB of Speed (1000) */
122 #define BMCR_CTST 0x0080 /* Collision test */
123 #define BMCR_FULLDPLX 0x0100 /* Full duplex */
124 #define BMCR_ANRESTART 0x0200 /* Auto negotiation restart */
125 #define BMCR_ISOLATE 0x0400 /* Disconnect PHY from MII */
126 #define BMCR_PDOWN 0x0800 /* Powerdown the */
127 #define BMCR_ANENABLE 0x1000 /* Enable auto negotiation */
128 #define BMCR_SPEED100 0x2000 /* Select 100Mbps */
129 #define BMCR_LOOPBACK 0x4000 /* TXD loopback bits */
130 #define BMCR_RESET 0x8000 /* Reset the PHY */
131
132 /* Basic mode status register. */
133 #define BMSR_ERCAP 0x0001 /* Ext-reg capability */
134 #define BMSR_JCD 0x0002 /* Jabber detected */
135 #define BMSR_LSTATUS 0x0004 /* Link status */
136 #define BMSR_ANEGCAPABLE 0x0008 /* Able to do auto-negotiation */
137 #define BMSR_RFAULT 0x0010 /* Remote fault detected */
138 #define BMSR_ANEGCOMPLETE 0x0020 /* Auto-negotiation complete */
139 #define BMSR_RESV 0x00c0 /* Unused... */
140 #define BMSR_ESTATEN 0x0100 /* Extended Status in R15 */
141 #define BMSR_100HALF2 0x0200 /* Can do 100BASE-T2 HDX */
142 #define BMSR_100FULL2 0x0400 /* Can do 100BASE-T2 FDX */
143 #define BMSR_10HALF 0x0800 /* Can do 10mbps, half-duplex */
144 #define BMSR_10FULL 0x1000 /* Can do 10mbps, full-duplex */
145 #define BMSR_100HALF 0x2000 /* Can do 100mbps, half-duplex */
146 #define BMSR_100FULL 0x4000 /* Can do 100mbps, full-duplex */
147 #define BMSR_100BASE4 0x8000 /* Can do 100mbps, 4k packets */
148
149 //~ #define PHY_STAT_CAP_SUPR 0x0040 /* 1=recv mgmt frames with not preamble */
150
151 /* Advertisement control register. */
152 #define ADVERTISE_SLCT 0x001f /* Selector bits */
153 #define ADVERTISE_CSMA 0x0001 /* Only selector supported */
154 #define ADVERTISE_10HALF 0x0020 /* Try for 10mbps half-duplex */
155 #define ADVERTISE_1000XFULL 0x0020 /* Try for 1000BASE-X full-duplex */
156 #define ADVERTISE_10FULL 0x0040 /* Try for 10mbps full-duplex */
157 #define ADVERTISE_1000XHALF 0x0040 /* Try for 1000BASE-X half-duplex */
158 #define ADVERTISE_100HALF 0x0080 /* Try for 100mbps half-duplex */
159 #define ADVERTISE_1000XPAUSE 0x0080 /* Try for 1000BASE-X pause */
160 #define ADVERTISE_100FULL 0x0100 /* Try for 100mbps full-duplex */
161 #define ADVERTISE_1000XPSE_ASYM 0x0100 /* Try for 1000BASE-X asym pause */
162 #define ADVERTISE_100BASE4 0x0200 /* Try for 100mbps 4k packets */
163 #define ADVERTISE_PAUSE_CAP 0x0400 /* Try for pause */
164 #define ADVERTISE_PAUSE_ASYM 0x0800 /* Try for asymetric pause */
165 #define ADVERTISE_RESV 0x1000 /* Unused... */
166 #define ADVERTISE_RFAULT 0x2000 /* Say we can detect faults */
167 #define ADVERTISE_LPACK 0x4000 /* Ack link partners response */
168 #define ADVERTISE_NPAGE 0x8000 /* Next page bit */
169
170 #define ADVERTISE_FULL (ADVERTISE_100FULL | ADVERTISE_10FULL | \
171 ADVERTISE_CSMA)
172 #define ADVERTISE_ALL (ADVERTISE_10HALF | ADVERTISE_10FULL | \
173 ADVERTISE_100HALF | ADVERTISE_100FULL)
174
175 /* Link partner ability register. */
176 #define LPA_SLCT 0x001f /* Same as advertise selector */
177 #define LPA_10HALF 0x0020 /* Can do 10mbps half-duplex */
178 #define LPA_1000XFULL 0x0020 /* Can do 1000BASE-X full-duplex */
179 #define LPA_10FULL 0x0040 /* Can do 10mbps full-duplex */
180 #define LPA_1000XHALF 0x0040 /* Can do 1000BASE-X half-duplex */
181 #define LPA_100HALF 0x0080 /* Can do 100mbps half-duplex */
182 #define LPA_1000XPAUSE 0x0080 /* Can do 1000BASE-X pause */
183 #define LPA_100FULL 0x0100 /* Can do 100mbps full-duplex */
184 #define LPA_1000XPAUSE_ASYM 0x0100 /* Can do 1000BASE-X pause asym*/
185 #define LPA_100BASE4 0x0200 /* Can do 100mbps 4k packets */
186 #define LPA_PAUSE_CAP 0x0400 /* Can pause */
187 #define LPA_PAUSE_ASYM 0x0800 /* Can pause asymetrically */
188 #define LPA_RESV 0x1000 /* Unused... */
189 #define LPA_RFAULT 0x2000 /* Link partner faulted */
190 #define LPA_LPACK 0x4000 /* Link partner acked us */
191 #define LPA_NPAGE 0x8000 /* Next page bit */
192
193 #define LPA_DUPLEX (LPA_10FULL | LPA_100FULL)
194 #define LPA_100 (LPA_100FULL | LPA_100HALF | LPA_100BASE4)
195
196 /* End of declarations from include/linux/mii.h. */
197
198 /* SMC 91C111 specific MII register. */
199
200 /* 0x06 ... 0x0f are reserved. */
201 #define MII_CONFIGURATION1 0x10 /* Configuration 1 */
202 #define MII_CONFIGURATION2 0x11 /* Configuration 2 */
203 #define MII_STATUSOUTPUT 0x12 /* Status Output */
204 //~ PHY_FCSCR = 0x13, /* Mask */
205 /* 0x14 is reserved. */
206 /* 0x15 ... 0x1f are unused. */
207
208
209 /* Default values for MII management registers (see IEEE 802.3-2008 22.2.4). */
210
211 static const uint16_t mii_regs_default[] = {
212 [MII_BMCR] = BMCR_ANENABLE | BMCR_SPEED100,
213 [MII_BMSR] = BMSR_100FULL | BMSR_100HALF | BMSR_10FULL | BMSR_10HALF |
214 BMSR_ANEGCAPABLE | BMSR_LSTATUS | BMSR_ERCAP,
215 [MII_ADVERTISE] = ADVERTISE_PAUSE_CAP | ADVERTISE_ALL | ADVERTISE_CSMA,
216 };
217
218 #define TYPE_SMC91C111 "smc91c111"
219 #define SMC91C111(obj) OBJECT_CHECK(smc91c111_state, (obj), TYPE_SMC91C111)
220
221 typedef struct {
222 SysBusDevice parent_obj;
223 MII mii;
224 NICState *nic;
225 NICConf conf;
226 uint16_t tcr;
227 uint16_t rcr;
228 uint16_t cr;
229 uint16_t ctr;
230 uint16_t gpr;
231 uint16_t ptr;
232 uint16_t ercv;
233 qemu_irq irq;
234 int bank;
235 int packet_num;
236 int tx_alloc;
237 /* Bitmask of allocated packets. */
238 int allocated;
239 int tx_fifo_len;
240 int tx_fifo[NUM_PACKETS];
241 int rx_fifo_len;
242 int rx_fifo[NUM_PACKETS];
243 int tx_fifo_done_len;
244 int tx_fifo_done[NUM_PACKETS];
245 /* Packet buffer memory. */
246 uint8_t data[NUM_PACKETS][2048];
247 uint8_t int_level;
248 uint8_t int_mask;
249 MemoryRegion mmio;
250 } smc91c111_state;
251
252 static const VMStateDescription vmstate_smc91c111 = {
253 .name = "smc91c111",
254 .version_id = 1,
255 .minimum_version_id = 1,
256 .fields = (VMStateField[]) {
257 VMSTATE_UINT16(tcr, smc91c111_state),
258 VMSTATE_UINT16(rcr, smc91c111_state),
259 VMSTATE_UINT16(cr, smc91c111_state),
260 VMSTATE_UINT16(ctr, smc91c111_state),
261 VMSTATE_UINT16(gpr, smc91c111_state),
262 VMSTATE_UINT16(ptr, smc91c111_state),
263 VMSTATE_UINT16(ercv, smc91c111_state),
264 VMSTATE_INT32(bank, smc91c111_state),
265 VMSTATE_INT32(packet_num, smc91c111_state),
266 VMSTATE_INT32(tx_alloc, smc91c111_state),
267 VMSTATE_INT32(allocated, smc91c111_state),
268 VMSTATE_INT32(tx_fifo_len, smc91c111_state),
269 VMSTATE_INT32_ARRAY(tx_fifo, smc91c111_state, NUM_PACKETS),
270 VMSTATE_INT32(rx_fifo_len, smc91c111_state),
271 VMSTATE_INT32_ARRAY(rx_fifo, smc91c111_state, NUM_PACKETS),
272 VMSTATE_INT32(tx_fifo_done_len, smc91c111_state),
273 VMSTATE_INT32_ARRAY(tx_fifo_done, smc91c111_state, NUM_PACKETS),
274 VMSTATE_BUFFER_UNSAFE(data, smc91c111_state, 0, NUM_PACKETS * 2048),
275 VMSTATE_UINT8(int_level, smc91c111_state),
276 VMSTATE_UINT8(int_mask, smc91c111_state),
277 VMSTATE_END_OF_LIST()
278 }
279 };
280
281 #define RCR_SOFT_RST 0x8000
282 #define RCR_STRIP_CRC 0x0200
283 #define RCR_RXEN 0x0100
284
285 #define TCR_EPH_LOOP 0x2000
286 #define TCR_NOCRC 0x0100
287 #define TCR_PAD_EN 0x0080
288 #define TCR_FORCOL 0x0004
289 #define TCR_LOOP 0x0002
290 #define TCR_TXEN 0x0001
291
292 #define INT_MD 0x80
293 #define INT_ERCV 0x40
294 #define INT_EPH 0x20
295 #define INT_RX_OVRN 0x10
296 #define INT_ALLOC 0x08
297 #define INT_TX_EMPTY 0x04
298 #define INT_TX 0x02
299 #define INT_RCV 0x01
300
301 #define CTR_AUTO_RELEASE 0x0800
302 #define CTR_RELOAD 0x0002
303 #define CTR_STORE 0x0001
304
305 #define RS_ALGNERR 0x8000
306 #define RS_BRODCAST 0x4000
307 #define RS_BADCRC 0x2000
308 #define RS_ODDFRAME 0x1000
309 #define RS_TOOLONG 0x0800
310 #define RS_TOOSHORT 0x0400
311 #define RS_MULTICAST 0x0001
312
313 static void mii_write(MII *mii, uint32_t value)
314 {
315 /*
316 A timing diagram for a Ml serial port frame is shown in Figure 7.1. The Ml serial port is idle when at
317 least 32 continuous 1's are detected on MDIO and remains idle as long as continuous 1's are detected.
318 During idle, MDIO is in the high impedance state. When the Ml serial port is in the idle state, a 01
319 pattern on the MDIO initiates a serial shift cycle. Data on MDIO is then shifted in on the next 14 rising
320 edges of MDC (MDIO is high impedance). If the register access mode is not enabled, on the next 16
321 rising edges of MDC, data is either shifted in or out on MDIO, depending on whether a write or read
322 cycle was selected with the bits READ and WRITE. After the 32 MDC cycles have been completed,
323 one complete register has been read/written, the serial shift process is halted, data is latched into the
324 device, and MDIO goes into high impedance state. Another serial shift cycle cannot be initiated until
325 the idle condition (at least 32 continuous 1's) is detected.
326 */
327 bool clock = !mii->mclk && (value & 4);
328
329 assert((value & 0xfffffff0) == 0x30);
330
331 if (clock) {
332 /* Raising clock. */
333 mii->mdi = value & MII_MDI;
334 mii->mdoe = value & MII_MDOE;
335 mii->mdo = value & MII_MDO;
336 mii->data = (mii->data << 1) + (value & 1);
337 logout("%u%u%u%u %08x\n",
338 mii->mdoe ? 1 : 0, mii->mclk ? 1 : 0,
339 mii->mdi ? 1 : 0, mii->mdo ? 1 : 0,
340 mii->data);
341 switch (mii->status) {
342 case MII_WAITING:
343 if (mii->data == 0xffffffff) {
344 logout("mii is idle\n");
345 mii->mdi = MII_MDI;
346 mii->status = MII_IDLE;
347 }
348 break;
349 case MII_IDLE:
350 if (mii->data == 0xfffffffd) {
351 logout("mii got start bit pattern 01\n");
352 mii->status = MII_GOT_START;
353 }
354 break;
355 case MII_GOT_START:
356 if ((mii->data & 0xffffc000) == 0xffff4000) {
357 unsigned op = (mii->data >> 12) & 0x3;
358 unsigned phy = (mii->data >> 7) & 0x1f;
359 unsigned reg = (mii->data >> 2) & 0x1f;
360 logout("mii got 14 bits (op=%u, phy=%u, reg=%u, ta=%u)\n",
361 op, phy, reg, mii->data & 0x3);
362 mii->reg = reg;
363 if (phy != 0) {
364 logout("Wrong phy %u, wait for idle\n", phy);
365 mii->status = MII_WAITING;
366 } else if (reg >= ARRAY_SIZE(mii->regs)) {
367 logout("Wrong reg %u, wait for idle\n", reg);
368 mii->status = MII_WAITING;
369 } else if (op == 1) {
370 mii->status = MII_WRITE;
371 } else if (op == 2) {
372 mii->data = mii->regs[reg];
373 mii->mdi = 0;
374 mii->status = MII_READ;
375 } else {
376 logout("Illegal MII operation %u, wait for idle\n", op);
377 mii->status = MII_WAITING;
378 }
379 }
380 break;
381 case MII_WRITE:
382 if ((mii->data & 0xc0000000) == 0x40000000) {
383 uint16_t data = mii->data & 0xffff;
384 logout("mii wrote 16 bits (data=0x%04x=%u)\n", data, data);
385 mii->regs[mii->reg] = data;
386 mii->status = MII_WAITING;
387 }
388 break;
389 case MII_READ:
390 if ((mii->data & 0x0000ffff) == 0x0000ffff) {
391 logout("mii read 16 bits\n");
392 mii->mdi = MII_MDI;
393 mii->status = MII_WAITING;
394 } else {
395 mii->data |= 1;
396 mii->mdi = (mii->data & 0x00010000) ? MII_MDI : 0;
397 }
398 break;
399 }
400 } /* clock */
401 mii->mclk = value & MII_MCLK;
402 //~ assert(mii->mdoe);
403 }
404
405 static void mii_reset(MII *mii)
406 {
407 memcpy(mii->regs, mii_regs_default, sizeof(mii->regs));
408 }
409
410 /* Update interrupt status. */
411 static void smc91c111_update(smc91c111_state *s)
412 {
413 int level;
414
415 if (s->tx_fifo_len == 0)
416 s->int_level |= INT_TX_EMPTY;
417 if (s->tx_fifo_done_len != 0)
418 s->int_level |= INT_TX;
419 level = (s->int_level & s->int_mask) != 0;
420 qemu_set_irq(s->irq, level);
421 }
422
423 /* Try to allocate a packet. Returns 0x80 on failure. */
424 static int smc91c111_allocate_packet(smc91c111_state *s)
425 {
426 int i;
427 if (s->allocated == (1 << NUM_PACKETS) - 1) {
428 return 0x80;
429 }
430
431 for (i = 0; i < NUM_PACKETS; i++) {
432 if ((s->allocated & (1 << i)) == 0)
433 break;
434 }
435 s->allocated |= 1 << i;
436 return i;
437 }
438
439
440 /* Process a pending TX allocate. */
441 static void smc91c111_tx_alloc(smc91c111_state *s)
442 {
443 s->tx_alloc = smc91c111_allocate_packet(s);
444 if (s->tx_alloc == 0x80)
445 return;
446 s->int_level |= INT_ALLOC;
447 smc91c111_update(s);
448 }
449
450 /* Remove and item from the RX FIFO. */
451 static void smc91c111_pop_rx_fifo(smc91c111_state *s)
452 {
453 int i;
454
455 s->rx_fifo_len--;
456 if (s->rx_fifo_len) {
457 for (i = 0; i < s->rx_fifo_len; i++)
458 s->rx_fifo[i] = s->rx_fifo[i + 1];
459 s->int_level |= INT_RCV;
460 } else {
461 s->int_level &= ~INT_RCV;
462 }
463 smc91c111_update(s);
464 }
465
466 /* Remove an item from the TX completion FIFO. */
467 static void smc91c111_pop_tx_fifo_done(smc91c111_state *s)
468 {
469 int i;
470
471 if (s->tx_fifo_done_len == 0)
472 return;
473 s->tx_fifo_done_len--;
474 for (i = 0; i < s->tx_fifo_done_len; i++)
475 s->tx_fifo_done[i] = s->tx_fifo_done[i + 1];
476 }
477
478 /* Release the memory allocated to a packet. */
479 static void smc91c111_release_packet(smc91c111_state *s, int packet)
480 {
481 s->allocated &= ~(1 << packet);
482 if (s->tx_alloc == 0x80)
483 smc91c111_tx_alloc(s);
484 qemu_flush_queued_packets(qemu_get_queue(s->nic));
485 }
486
487 /* Flush the TX FIFO. */
488 static void smc91c111_do_tx(smc91c111_state *s)
489 {
490 int i;
491 int len;
492 int control;
493 int packetnum;
494 uint8_t *p;
495
496 if ((s->tcr & TCR_TXEN) == 0)
497 return;
498 if (s->tx_fifo_len == 0)
499 return;
500 for (i = 0; i < s->tx_fifo_len; i++) {
501 packetnum = s->tx_fifo[i];
502 p = &s->data[packetnum][0];
503 /* Set status word. */
504 *(p++) = 0x01;
505 *(p++) = 0x40;
506 len = *(p++);
507 len |= ((int)*(p++)) << 8;
508 len -= 6;
509 control = p[len + 1];
510 if (control & 0x20)
511 len++;
512 /* ??? This overwrites the data following the buffer.
513 Don't know what real hardware does. */
514 if (len < 64 && (s->tcr & TCR_PAD_EN)) {
515 memset(p + len, 0, 64 - len);
516 len = 64;
517 }
518 #if 0
519 {
520 int add_crc;
521
522 /* The card is supposed to append the CRC to the frame.
523 However none of the other network traffic has the CRC
524 appended. Suspect this is low level ethernet detail we
525 don't need to worry about. */
526 add_crc = (control & 0x10) || (s->tcr & TCR_NOCRC) == 0;
527 if (add_crc) {
528 uint32_t crc;
529
530 crc = crc32(~0, p, len);
531 memcpy(p + len, &crc, 4);
532 len += 4;
533 }
534 }
535 #endif
536 if (s->ctr & CTR_AUTO_RELEASE)
537 /* Race? */
538 smc91c111_release_packet(s, packetnum);
539 else if (s->tx_fifo_done_len < NUM_PACKETS)
540 s->tx_fifo_done[s->tx_fifo_done_len++] = packetnum;
541 qemu_send_packet(qemu_get_queue(s->nic), p, len);
542 }
543 s->tx_fifo_len = 0;
544 smc91c111_update(s);
545 }
546
547 /* Add a packet to the TX FIFO. */
548 static void smc91c111_queue_tx(smc91c111_state *s, int packet)
549 {
550 if (s->tx_fifo_len == NUM_PACKETS)
551 return;
552 s->tx_fifo[s->tx_fifo_len++] = packet;
553 smc91c111_do_tx(s);
554 }
555
556 static void smc91c111_reset(DeviceState *dev)
557 {
558 smc91c111_state *s = SMC91C111(dev);
559
560 s->bank = 0;
561 s->tx_fifo_len = 0;
562 s->tx_fifo_done_len = 0;
563 s->rx_fifo_len = 0;
564 s->allocated = 0;
565 s->packet_num = 0;
566 s->tx_alloc = 0;
567 s->tcr = 0;
568 s->rcr = 0;
569 s->cr = 0xa0b1;
570 s->ctr = 0x1210;
571 s->ptr = 0;
572 s->ercv = 0x1f;
573 s->int_level = INT_TX_EMPTY;
574 s->int_mask = 0;
575 mii_reset(&s->mii);
576 smc91c111_update(s);
577 }
578
579 #define SET_LOW(name, val) s->name = (s->name & 0xff00) | val
580 #define SET_HIGH(name, val) s->name = (s->name & 0xff) | (val << 8)
581
582 static void smc91c111_writeb(void *opaque, hwaddr offset,
583 uint32_t value)
584 {
585 smc91c111_state *s = (smc91c111_state *)opaque;
586
587 offset = offset & 0xf;
588 if (offset == 14) {
589 s->bank = value;
590 return;
591 }
592 if (offset == 15)
593 return;
594 switch (s->bank) {
595 case 0:
596 switch (offset) {
597 case 0: /* TCR */
598 SET_LOW(tcr, value);
599 return;
600 case 1:
601 SET_HIGH(tcr, value);
602 return;
603 case 4: /* RCR */
604 SET_LOW(rcr, value);
605 return;
606 case 5:
607 SET_HIGH(rcr, value);
608 if (s->rcr & RCR_SOFT_RST) {
609 smc91c111_reset(DEVICE(s));
610 }
611 return;
612 case 10: case 11: /* RPCR */
613 /* Ignored */
614 return;
615 case 12: case 13: /* Reserved */
616 return;
617 default:
618 logout(TARGET_FMT_plx "= %02" PRIx32 "\n", offset, value);
619 }
620 break;
621
622 case 1:
623 switch (offset) {
624 case 0: /* CONFIG */
625 SET_LOW(cr, value);
626 return;
627 case 1:
628 SET_HIGH(cr,value);
629 return;
630 case 2: case 3: /* BASE */
631 case 4: case 5: case 6: case 7: case 8: case 9: /* IA */
632 logout(TARGET_FMT_plx "= %02" PRIx32 "\n", offset, value);
633 return;
634 case 10: /* General Purpose */
635 SET_LOW(gpr, value);
636 return;
637 case 11:
638 SET_HIGH(gpr, value);
639 return;
640 case 12: /* Control */
641 if (value & 1)
642 fprintf(stderr, "smc91c111:EEPROM store not implemented\n");
643 if (value & 2)
644 fprintf(stderr, "smc91c111:EEPROM reload not implemented\n");
645 value &= ~3;
646 SET_LOW(ctr, value);
647 return;
648 case 13:
649 SET_HIGH(ctr, value);
650 return;
651 default:
652 logout(TARGET_FMT_plx "= %02" PRIx32 "\n", offset, value);
653 }
654 break;
655
656 case 2:
657 switch (offset) {
658 case 0: /* MMU Command */
659 switch (value >> 5) {
660 case 0: /* no-op */
661 break;
662 case 1: /* Allocate for TX. */
663 s->tx_alloc = 0x80;
664 s->int_level &= ~INT_ALLOC;
665 smc91c111_update(s);
666 smc91c111_tx_alloc(s);
667 break;
668 case 2: /* Reset MMU. */
669 s->allocated = 0;
670 s->tx_fifo_len = 0;
671 s->tx_fifo_done_len = 0;
672 s->rx_fifo_len = 0;
673 s->tx_alloc = 0;
674 break;
675 case 3: /* Remove from RX FIFO. */
676 smc91c111_pop_rx_fifo(s);
677 break;
678 case 4: /* Remove from RX FIFO and release. */
679 if (s->rx_fifo_len > 0) {
680 smc91c111_release_packet(s, s->rx_fifo[0]);
681 }
682 smc91c111_pop_rx_fifo(s);
683 break;
684 case 5: /* Release. */
685 smc91c111_release_packet(s, s->packet_num);
686 break;
687 case 6: /* Add to TX FIFO. */
688 smc91c111_queue_tx(s, s->packet_num);
689 break;
690 case 7: /* Reset TX FIFO. */
691 s->tx_fifo_len = 0;
692 s->tx_fifo_done_len = 0;
693 break;
694 default:
695 logout(TARGET_FMT_plx "= %02" PRIx32 "\n", offset, value);
696 }
697 return;
698 case 1:
699 /* Ignore. */
700 return;
701 case 2: /* Packet Number Register */
702 s->packet_num = value;
703 return;
704 case 3: case 4: case 5:
705 /* Should be readonly, but linux writes to them anyway. Ignore. */
706 return;
707 case 6: /* Pointer */
708 SET_LOW(ptr, value);
709 return;
710 case 7:
711 SET_HIGH(ptr, value);
712 return;
713 case 8: case 9: case 10: case 11: /* Data */
714 {
715 int p;
716 int n;
717
718 if (s->ptr & 0x8000)
719 n = s->rx_fifo[0];
720 else
721 n = s->packet_num;
722 p = s->ptr & 0x07ff;
723 if (s->ptr & 0x4000) {
724 s->ptr = (s->ptr & 0xf800) | ((s->ptr + 1) & 0x7ff);
725 } else {
726 p += (offset & 3);
727 }
728 s->data[n][p] = value;
729 }
730 return;
731 case 12: /* Interrupt ACK. */
732 s->int_level &= ~(value & 0xd6);
733 if (value & INT_TX)
734 smc91c111_pop_tx_fifo_done(s);
735 smc91c111_update(s);
736 return;
737 case 13: /* Interrupt mask. */
738 s->int_mask = value;
739 smc91c111_update(s);
740 return;
741 default:
742 logout(TARGET_FMT_plx "= %02" PRIx32 "\n", offset, value);
743 }
744 break;
745
746 case 3:
747 switch (offset) {
748 case 0: case 1: case 2: case 3: case 4: case 5: case 6: case 7:
749 /* Multicast table. */
750 logout(TARGET_FMT_plx "= %02" PRIx32 "\n", offset, value);
751 return;
752 case 8: /* Management Interface (low). */
753 mii_write(&s->mii, value);
754 return;
755 case 9: /* Management Interface (high). */
756 if (value != 0x33) {
757 /* MSK_CRS100 not implemented. */
758 logout(TARGET_FMT_plx "= %02" PRIx32 "\n", offset, value);
759 }
760 return;
761 case 12: /* Early receive. */
762 s->ercv = value & 0x1f;
763 return;
764 case 13:
765 /* Ignore. */
766 logout(TARGET_FMT_plx "= %02" PRIx32 "\n", offset, value);
767 return;
768 default:
769 logout(TARGET_FMT_plx "= %02" PRIx32 "\n", offset, value);
770 }
771 break;
772 default:
773 logout(TARGET_FMT_plx "= %02" PRIx32 "\n", offset, value);
774 }
775 hw_error("smc91c111_write: Bad reg %d:%x\n", s->bank, (int)offset);
776 }
777
778 static uint32_t smc91c111_readb(void *opaque, hwaddr offset)
779 {
780 smc91c111_state *s = (smc91c111_state *)opaque;
781
782 offset = offset & 0xf;
783 if (offset == 14) {
784 return s->bank;
785 }
786 if (offset == 15)
787 return 0x33;
788 switch (s->bank) {
789 case 0:
790 switch (offset) {
791 case 0: /* TCR */
792 return s->tcr & 0xff;
793 case 1:
794 return s->tcr >> 8;
795 case 2: /* EPH Status */
796 return 0;
797 case 3:
798 return 0x40;
799 case 4: /* RCR */
800 return s->rcr & 0xff;
801 case 5:
802 return s->rcr >> 8;
803 case 6: /* Counter */
804 case 7:
805 logout(TARGET_FMT_plx "\n", offset);
806 return 0;
807 case 8: /* Memory size. */
808 return NUM_PACKETS;
809 case 9: /* Free memory available. */
810 {
811 int i;
812 int n;
813 n = 0;
814 for (i = 0; i < NUM_PACKETS; i++) {
815 if (s->allocated & (1 << i))
816 n++;
817 }
818 return n;
819 }
820 case 10: case 11: /* RPCR */
821 logout(TARGET_FMT_plx "\n", offset);
822 return 0;
823 case 12: case 13: /* Reserved */
824 return 0;
825 default:
826 logout(TARGET_FMT_plx "\n", offset);
827 }
828 break;
829
830 case 1:
831 switch (offset) {
832 case 0: /* CONFIG */
833 return s->cr & 0xff;
834 case 1:
835 return s->cr >> 8;
836 case 2: case 3: /* BASE */
837 logout(TARGET_FMT_plx "\n", offset);
838 return 0;
839 case 4: case 5: case 6: case 7: case 8: case 9: /* IA */
840 return s->conf.macaddr.a[offset - 4];
841 case 10: /* General Purpose */
842 return s->gpr & 0xff;
843 case 11:
844 return s->gpr >> 8;
845 case 12: /* Control */
846 return s->ctr & 0xff;
847 case 13:
848 return s->ctr >> 8;
849 default:
850 logout(TARGET_FMT_plx "\n", offset);
851 }
852 break;
853
854 case 2:
855 switch (offset) {
856 case 0: case 1: /* MMUCR Busy bit. */
857 return 0;
858 case 2: /* Packet Number. */
859 return s->packet_num;
860 case 3: /* Allocation Result. */
861 return s->tx_alloc;
862 case 4: /* TX FIFO */
863 if (s->tx_fifo_done_len == 0)
864 return 0x80;
865 else
866 return s->tx_fifo_done[0];
867 case 5: /* RX FIFO */
868 if (s->rx_fifo_len == 0)
869 return 0x80;
870 else
871 return s->rx_fifo[0];
872 case 6: /* Pointer */
873 return s->ptr & 0xff;
874 case 7:
875 return (s->ptr >> 8) & 0xf7;
876 case 8: case 9: case 10: case 11: /* Data */
877 {
878 int p;
879 int n;
880
881 if (s->ptr & 0x8000)
882 n = s->rx_fifo[0];
883 else
884 n = s->packet_num;
885 p = s->ptr & 0x07ff;
886 if (s->ptr & 0x4000) {
887 s->ptr = (s->ptr & 0xf800) | ((s->ptr + 1) & 0x07ff);
888 } else {
889 p += (offset & 3);
890 }
891 return s->data[n][p];
892 }
893 case 12: /* Interrupt status. */
894 return s->int_level;
895 case 13: /* Interrupt mask. */
896 return s->int_mask;
897 default:
898 logout(TARGET_FMT_plx "\n", offset);
899 }
900 break;
901
902 case 3:
903 switch (offset) {
904 case 0: case 1: case 2: case 3: case 4: case 5: case 6: case 7:
905 /* Multicast table. */
906 logout(TARGET_FMT_plx "\n", offset);
907 return 0;
908 case 8: /* Management Interface (low). */
909 logout(TARGET_FMT_plx "\n", offset);
910 return 0x30 + s->mii.mdi;
911 case 9: /* Management Interface (high). */
912 return 0x33;
913 case 10: /* Revision. */
914 return 0x91;
915 case 11:
916 return 0x33;
917 case 12:
918 return s->ercv;
919 case 13:
920 return 0;
921 default:
922 logout(TARGET_FMT_plx "\n", offset);
923 }
924 break;
925 default:
926 logout(TARGET_FMT_plx "\n", offset);
927 }
928 hw_error("smc91c111_read: Bad reg %d:%x\n", s->bank, (int)offset);
929 return 0;
930 }
931
932 static void smc91c111_writew(void *opaque, hwaddr offset,
933 uint32_t value)
934 {
935 smc91c111_writeb(opaque, offset, value & 0xff);
936 smc91c111_writeb(opaque, offset + 1, value >> 8);
937 }
938
939 static void smc91c111_writel(void *opaque, hwaddr offset,
940 uint32_t value)
941 {
942 /* 32-bit writes to offset 0xc only actually write to the bank select
943 register (offset 0xe) */
944 if (offset != 0xc)
945 smc91c111_writew(opaque, offset, value & 0xffff);
946 smc91c111_writew(opaque, offset + 2, value >> 16);
947 }
948
949 static uint32_t smc91c111_readw(void *opaque, hwaddr offset)
950 {
951 uint32_t val;
952 val = smc91c111_readb(opaque, offset);
953 val |= smc91c111_readb(opaque, offset + 1) << 8;
954 return val;
955 }
956
957 static uint32_t smc91c111_readl(void *opaque, hwaddr offset)
958 {
959 uint32_t val;
960 val = smc91c111_readw(opaque, offset);
961 val |= smc91c111_readw(opaque, offset + 2) << 16;
962 return val;
963 }
964
965 static int smc91c111_can_receive(NetClientState *nc)
966 {
967 smc91c111_state *s = qemu_get_nic_opaque(nc);
968
969 if ((s->rcr & RCR_RXEN) == 0 || (s->rcr & RCR_SOFT_RST))
970 return 1;
971 if (s->allocated == (1 << NUM_PACKETS) - 1)
972 return 0;
973 return 1;
974 }
975
976 static ssize_t smc91c111_receive(NetClientState *nc, const uint8_t *buf, size_t size)
977 {
978 smc91c111_state *s = qemu_get_nic_opaque(nc);
979 int status;
980 int packetsize;
981 uint32_t crc;
982 int packetnum;
983 uint8_t *p;
984
985 if ((s->rcr & RCR_RXEN) == 0 || (s->rcr & RCR_SOFT_RST))
986 return -1;
987 /* Short packets are padded with zeros. Receiving a packet
988 < 64 bytes long is considered an error condition. */
989 if (size < 64)
990 packetsize = 64;
991 else
992 packetsize = (size & ~1);
993 packetsize += 6;
994 crc = (s->rcr & RCR_STRIP_CRC) == 0;
995 if (crc)
996 packetsize += 4;
997 /* TODO: Flag overrun and receive errors. */
998 if (packetsize > 2048)
999 return -1;
1000 packetnum = smc91c111_allocate_packet(s);
1001 if (packetnum == 0x80)
1002 return -1;
1003 s->rx_fifo[s->rx_fifo_len++] = packetnum;
1004
1005 p = &s->data[packetnum][0];
1006 /* ??? Multicast packets? */
1007 status = 0;
1008 if (size > 1518)
1009 status |= RS_TOOLONG;
1010 if (size & 1)
1011 status |= RS_ODDFRAME;
1012 *(p++) = status & 0xff;
1013 *(p++) = status >> 8;
1014 *(p++) = packetsize & 0xff;
1015 *(p++) = packetsize >> 8;
1016 memcpy(p, buf, size & ~1);
1017 p += (size & ~1);
1018 /* Pad short packets. */
1019 if (size < 64) {
1020 int pad;
1021
1022 if (size & 1)
1023 *(p++) = buf[size - 1];
1024 pad = 64 - size;
1025 memset(p, 0, pad);
1026 p += pad;
1027 size = 64;
1028 }
1029 /* It's not clear if the CRC should go before or after the last byte in
1030 odd sized packets. Linux disables the CRC, so that's no help.
1031 The pictures in the documentation show the CRC aligned on a 16-bit
1032 boundary before the last odd byte, so that's what we do. */
1033 if (crc) {
1034 crc = crc32(~0, buf, size);
1035 *(p++) = crc & 0xff; crc >>= 8;
1036 *(p++) = crc & 0xff; crc >>= 8;
1037 *(p++) = crc & 0xff; crc >>= 8;
1038 *(p++) = crc & 0xff;
1039 }
1040 if (size & 1) {
1041 *(p++) = buf[size - 1];
1042 *p = 0x60;
1043 } else {
1044 *(p++) = 0;
1045 *p = 0x40;
1046 }
1047 /* TODO: Raise early RX interrupt? */
1048 s->int_level |= INT_RCV;
1049 smc91c111_update(s);
1050
1051 return size;
1052 }
1053
1054 static const MemoryRegionOps smc91c111_mem_ops = {
1055 /* The special case for 32 bit writes to 0xc means we can't just
1056 * set .impl.min/max_access_size to 1, unfortunately
1057 */
1058 .old_mmio = {
1059 .read = { smc91c111_readb, smc91c111_readw, smc91c111_readl, },
1060 .write = { smc91c111_writeb, smc91c111_writew, smc91c111_writel, },
1061 },
1062 .endianness = DEVICE_NATIVE_ENDIAN,
1063 };
1064
1065 static void smc91c111_cleanup(NetClientState *nc)
1066 {
1067 smc91c111_state *s = qemu_get_nic_opaque(nc);
1068
1069 s->nic = NULL;
1070 }
1071
1072 static NetClientInfo net_smc91c111_info = {
1073 .type = NET_CLIENT_OPTIONS_KIND_NIC,
1074 .size = sizeof(NICState),
1075 .can_receive = smc91c111_can_receive,
1076 .receive = smc91c111_receive,
1077 .cleanup = smc91c111_cleanup,
1078 };
1079
1080 static int smc91c111_init1(SysBusDevice *sbd)
1081 {
1082 DeviceState *dev = DEVICE(sbd);
1083 smc91c111_state *s = SMC91C111(dev);
1084
1085 memory_region_init_io(&s->mmio, OBJECT(s), &smc91c111_mem_ops, s,
1086 "smc91c111-mmio", 16);
1087 sysbus_init_mmio(sbd, &s->mmio);
1088 sysbus_init_irq(sbd, &s->irq);
1089 qemu_macaddr_default_if_unset(&s->conf.macaddr);
1090 s->nic = qemu_new_nic(&net_smc91c111_info, &s->conf,
1091 object_get_typename(OBJECT(dev)), dev->id, s);
1092 qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a);
1093 /* ??? Save/restore. */
1094 return 0;
1095 }
1096
1097 static Property smc91c111_properties[] = {
1098 DEFINE_NIC_PROPERTIES(smc91c111_state, conf),
1099 DEFINE_PROP_END_OF_LIST(),
1100 };
1101
1102 static void smc91c111_class_init(ObjectClass *klass, void *data)
1103 {
1104 DeviceClass *dc = DEVICE_CLASS(klass);
1105 SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
1106
1107 k->init = smc91c111_init1;
1108 dc->reset = smc91c111_reset;
1109 dc->vmsd = &vmstate_smc91c111;
1110 dc->props = smc91c111_properties;
1111 }
1112
1113 static const TypeInfo smc91c111_info = {
1114 .name = TYPE_SMC91C111,
1115 .parent = TYPE_SYS_BUS_DEVICE,
1116 .instance_size = sizeof(smc91c111_state),
1117 .class_init = smc91c111_class_init,
1118 };
1119
1120 static void smc91c111_register_types(void)
1121 {
1122 type_register_static(&smc91c111_info);
1123 }
1124
1125 /* Legacy helper function. Should go away when machine config files are
1126 implemented. */
1127 void smc91c111_init(NICInfo *nd, uint32_t base, qemu_irq irq)
1128 {
1129 DeviceState *dev;
1130 SysBusDevice *s;
1131
1132 qemu_check_nic_model(nd, "smc91c111");
1133 dev = qdev_create(NULL, TYPE_SMC91C111);
1134 qdev_set_nic_properties(dev, nd);
1135 qdev_init_nofail(dev);
1136 s = SYS_BUS_DEVICE(dev);
1137 sysbus_mmio_map(s, 0, base);
1138 sysbus_connect_irq(s, 0, irq);
1139 }
1140
1141 type_init(smc91c111_register_types)
AR7 emulation for QEMU