search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge tag 'v3.1.0-rc0'
[qemu/ar7.git] / hw / net / smc91c111.c
blob6a5a84612518a462110c8d5b61ec020150eeab68
1 /*
2 * SMSC 91C111 Ethernet interface emulation
3 *
4 * Copyright (c) 2005 CodeSourcery, LLC.
5 * Written by Paul Brook
6 *
7 * This code is licensed under the GPL
8 */
9
10 #include "qemu/osdep.h"
11 #include "hw/sysbus.h"
12 #include "net/net.h"
13 #include "hw/devices.h"
14 #include "qemu/log.h"
15 /* For crc32 */
16 #include <zlib.h>
17
18 /* Number of 2k memory pages available. */
19 #define NUM_PACKETS 4
20
21 #if 0
22 # define logout(fmt, ...) \
23 fprintf(stderr, "SMC91C111\t%-24s %s:%u " fmt, __func__, __FILE__, __LINE__, ##__VA_ARGS__)
24 #else
25 # define logout(fmt, ...) (void)0
26 #endif
27
28 typedef enum {
29 MII_WAITING,
30 MII_IDLE,
31 MII_GOT_START,
32 MII_READ,
33 MII_WRITE
34 } MII_State;
35
36 typedef enum {
37 MII_MDOE = 8,
38 MII_MCLK = 4,
39 MII_MDI = 2,
40 MII_MDO = 1
41 } MII_BITS;
42
43 /* PHY Register Addresses (LAN91C111 Internal PHY) */
44
45 /* PHY Configuration Register 1 */
46 #define PHY_CFG1_REG 0x10
47 #define PHY_CFG1_LNKDIS 0x8000 /* 1=Rx Link Detect Function disabled */
48 #define PHY_CFG1_XMTDIS 0x4000 /* 1=TP Transmitter Disabled */
49 #define PHY_CFG1_XMTPDN 0x2000 /* 1=TP Transmitter Powered Down */
50 #define PHY_CFG1_BYPSCR 0x0400 /* 1=Bypass scrambler/descrambler */
51 #define PHY_CFG1_UNSCDS 0x0200 /* 1=Unscramble Idle Reception Disable */
52 #define PHY_CFG1_EQLZR 0x0100 /* 1=Rx Equalizer Disabled */
53 #define PHY_CFG1_CABLE 0x0080 /* 1=STP(150ohm), 0=UTP(100ohm) */
54 #define PHY_CFG1_RLVL0 0x0040 /* 1=Rx Squelch level reduced by 4.5db */
55 #define PHY_CFG1_TLVL_SHIFT 2 /* Transmit Output Level Adjust */
56 #define PHY_CFG1_TLVL_MASK 0x003C
57 #define PHY_CFG1_TRF_MASK 0x0003 /* Transmitter Rise/Fall time */
58
59 /* PHY Configuration Register 2 */
60 #define PHY_CFG2_REG 0x11
61 #define PHY_CFG2_APOLDIS 0x0020 /* 1=Auto Polarity Correction disabled */
62 #define PHY_CFG2_JABDIS 0x0010 /* 1=Jabber disabled */
63 #define PHY_CFG2_MREG 0x0008 /* 1=Multiple register access (MII mgt) */
64 #define PHY_CFG2_INTMDIO 0x0004 /* 1=Interrupt signaled with MDIO pulseo */
65
66 /* PHY Status Output (and Interrupt status) Register */
67 #define PHY_INT_REG 0x12 /* Status Output (Interrupt Status) */
68 #define PHY_INT_INT 0x8000 /* 1=bits have changed since last read */
69 #define PHY_INT_LNKFAIL 0x4000 /* 1=Link Not detected */
70 #define PHY_INT_LOSSSYNC 0x2000 /* 1=Descrambler has lost sync */
71 #define PHY_INT_CWRD 0x1000 /* 1=Invalid 4B5B code detected on rx */
72 #define PHY_INT_SSD 0x0800 /* 1=No Start Of Stream detected on rx */
73 #define PHY_INT_ESD 0x0400 /* 1=No End Of Stream detected on rx */
74 #define PHY_INT_RPOL 0x0200 /* 1=Reverse Polarity detected */
75 #define PHY_INT_JAB 0x0100 /* 1=Jabber detected */
76 #define PHY_INT_SPDDET 0x0080 /* 1=100Base-TX mode, 0=10Base-T mode */
77 #define PHY_INT_DPLXDET 0x0040 /* 1=Device in Full Duplex */
78
79 /* PHY Interrupt/Status Mask Register */
80 #define PHY_MASK_REG 0x13 /* Interrupt Mask */
81 /* Uses the same bit definitions as PHY_INT_REG */
82
83 typedef struct {
84 int mdoe;
85 int mclk;
86 int mdi;
87 int mdo;
88 uint32_t data;
89 MII_State status;
90 unsigned reg;
91 uint16_t regs[32];
92 } MII;
93
94
95 /* Declarations from include/linux/mii.h. */
96
97 /* Generic MII registers. */
98
99 #define MII_BMCR 0x00 /* Basic mode control register */ // rw
100 #define MII_BMSR 0x01 /* Basic mode status register */ // r
101 #define MII_PHYSID1 0x02 /* PHYS ID 1 */
102 #define MII_PHYSID2 0x03 /* PHYS ID 2 */
103 #define MII_ADVERTISE 0x04 /* Advertisement control reg */ // rw
104 #define MII_LPA 0x05 /* Link partner ability reg */
105 #define MII_EXPANSION 0x06 /* Expansion register */
106 #define MII_CTRL1000 0x09 /* 1000BASE-T control */
107 #define MII_STAT1000 0x0a /* 1000BASE-T status */
108 #define MII_ESTATUS 0x0f /* Extended Status */
109 #define MII_DCOUNTER 0x12 /* Disconnect counter */
110 #define MII_FCSCOUNTER 0x13 /* False carrier counter */
111 #define MII_NWAYTEST 0x14 /* N-way auto-neg test reg */
112 #define MII_RERRCOUNTER 0x15 /* Receive error counter */
113 #define MII_SREVISION 0x16 /* Silicon revision */
114 #define MII_RESV1 0x17 /* Reserved... */
115 #define MII_LBRERROR 0x18 /* Lpback, rx, bypass error */
116 #define MII_PHYADDR 0x19 /* PHY address */
117 #define MII_RESV2 0x1a /* Reserved... */
118 #define MII_TPISTATUS 0x1b /* TPI status for 10mbps */
119 #define MII_NCONFIG 0x1c /* Network interface config */
120
121 /* Basic mode control register. */
122 #define BMCR_RESV 0x003f /* Unused... */
123 #define BMCR_SPEED1000 0x0040 /* MSB of Speed (1000) */
124 #define BMCR_CTST 0x0080 /* Collision test */
125 #define BMCR_FULLDPLX 0x0100 /* Full duplex */
126 #define BMCR_ANRESTART 0x0200 /* Auto negotiation restart */
127 #define BMCR_ISOLATE 0x0400 /* Disconnect PHY from MII */
128 #define BMCR_PDOWN 0x0800 /* Powerdown the */
129 #define BMCR_ANENABLE 0x1000 /* Enable auto negotiation */
130 #define BMCR_SPEED100 0x2000 /* Select 100Mbps */
131 #define BMCR_LOOPBACK 0x4000 /* TXD loopback bits */
132 #define BMCR_RESET 0x8000 /* Reset the PHY */
133
134 /* Basic mode status register. */
135 #define BMSR_ERCAP 0x0001 /* Ext-reg capability */
136 #define BMSR_JCD 0x0002 /* Jabber detected */
137 #define BMSR_LSTATUS 0x0004 /* Link status */
138 #define BMSR_ANEGCAPABLE 0x0008 /* Able to do auto-negotiation */
139 #define BMSR_RFAULT 0x0010 /* Remote fault detected */
140 #define BMSR_ANEGCOMPLETE 0x0020 /* Auto-negotiation complete */
141 #define BMSR_RESV 0x00c0 /* Unused... */
142 #define BMSR_ESTATEN 0x0100 /* Extended Status in R15 */
143 #define BMSR_100HALF2 0x0200 /* Can do 100BASE-T2 HDX */
144 #define BMSR_100FULL2 0x0400 /* Can do 100BASE-T2 FDX */
145 #define BMSR_10HALF 0x0800 /* Can do 10mbps, half-duplex */
146 #define BMSR_10FULL 0x1000 /* Can do 10mbps, full-duplex */
147 #define BMSR_100HALF 0x2000 /* Can do 100mbps, half-duplex */
148 #define BMSR_100FULL 0x4000 /* Can do 100mbps, full-duplex */
149 #define BMSR_100BASE4 0x8000 /* Can do 100mbps, 4k packets */
150
151 //~ #define PHY_STAT_CAP_SUPR 0x0040 /* 1=recv mgmt frames with not preamble */
152
153 /* Advertisement control register. */
154 #define ADVERTISE_SLCT 0x001f /* Selector bits */
155 #define ADVERTISE_CSMA 0x0001 /* Only selector supported */
156 #define ADVERTISE_10HALF 0x0020 /* Try for 10mbps half-duplex */
157 #define ADVERTISE_1000XFULL 0x0020 /* Try for 1000BASE-X full-duplex */
158 #define ADVERTISE_10FULL 0x0040 /* Try for 10mbps full-duplex */
159 #define ADVERTISE_1000XHALF 0x0040 /* Try for 1000BASE-X half-duplex */
160 #define ADVERTISE_100HALF 0x0080 /* Try for 100mbps half-duplex */
161 #define ADVERTISE_1000XPAUSE 0x0080 /* Try for 1000BASE-X pause */
162 #define ADVERTISE_100FULL 0x0100 /* Try for 100mbps full-duplex */
163 #define ADVERTISE_1000XPSE_ASYM 0x0100 /* Try for 1000BASE-X asym pause */
164 #define ADVERTISE_100BASE4 0x0200 /* Try for 100mbps 4k packets */
165 #define ADVERTISE_PAUSE_CAP 0x0400 /* Try for pause */
166 #define ADVERTISE_PAUSE_ASYM 0x0800 /* Try for asymetric pause */
167 #define ADVERTISE_RESV 0x1000 /* Unused... */
168 #define ADVERTISE_RFAULT 0x2000 /* Say we can detect faults */
169 #define ADVERTISE_LPACK 0x4000 /* Ack link partners response */
170 #define ADVERTISE_NPAGE 0x8000 /* Next page bit */
171
172 #define ADVERTISE_FULL (ADVERTISE_100FULL | ADVERTISE_10FULL | \
173 ADVERTISE_CSMA)
174 #define ADVERTISE_ALL (ADVERTISE_10HALF | ADVERTISE_10FULL | \
175 ADVERTISE_100HALF | ADVERTISE_100FULL)
176
177 /* Link partner ability register. */
178 #define LPA_SLCT 0x001f /* Same as advertise selector */
179 #define LPA_10HALF 0x0020 /* Can do 10mbps half-duplex */
180 #define LPA_1000XFULL 0x0020 /* Can do 1000BASE-X full-duplex */
181 #define LPA_10FULL 0x0040 /* Can do 10mbps full-duplex */
182 #define LPA_1000XHALF 0x0040 /* Can do 1000BASE-X half-duplex */
183 #define LPA_100HALF 0x0080 /* Can do 100mbps half-duplex */
184 #define LPA_1000XPAUSE 0x0080 /* Can do 1000BASE-X pause */
185 #define LPA_100FULL 0x0100 /* Can do 100mbps full-duplex */
186 #define LPA_1000XPAUSE_ASYM 0x0100 /* Can do 1000BASE-X pause asym*/
187 #define LPA_100BASE4 0x0200 /* Can do 100mbps 4k packets */
188 #define LPA_PAUSE_CAP 0x0400 /* Can pause */
189 #define LPA_PAUSE_ASYM 0x0800 /* Can pause asymetrically */
190 #define LPA_RESV 0x1000 /* Unused... */
191 #define LPA_RFAULT 0x2000 /* Link partner faulted */
192 #define LPA_LPACK 0x4000 /* Link partner acked us */
193 #define LPA_NPAGE 0x8000 /* Next page bit */
194
195 #define LPA_DUPLEX (LPA_10FULL | LPA_100FULL)
196 #define LPA_100 (LPA_100FULL | LPA_100HALF | LPA_100BASE4)
197
198 /* End of declarations from include/linux/mii.h. */
199
200 /* SMC 91C111 specific MII register. */
201
202 /* 0x06 ... 0x0f are reserved. */
203 #define MII_CONFIGURATION1 0x10 /* Configuration 1 */
204 #define MII_CONFIGURATION2 0x11 /* Configuration 2 */
205 #define MII_STATUSOUTPUT 0x12 /* Status Output */
206 //~ PHY_FCSCR = 0x13, /* Mask */
207 /* 0x14 is reserved. */
208 /* 0x15 ... 0x1f are unused. */
209
210
211 /* Default values for MII management registers (see IEEE 802.3-2008 22.2.4). */
212
213 static const uint16_t mii_regs_default[] = {
214 [MII_BMCR] = BMCR_ANENABLE | BMCR_SPEED100,
215 [MII_BMSR] = BMSR_100FULL | BMSR_100HALF | BMSR_10FULL | BMSR_10HALF |
216 BMSR_ANEGCAPABLE | BMSR_LSTATUS | BMSR_ERCAP,
217 [MII_ADVERTISE] = ADVERTISE_PAUSE_CAP | ADVERTISE_ALL | ADVERTISE_CSMA,
218 };
219
220 #define TYPE_SMC91C111 "smc91c111"
221 #define SMC91C111(obj) OBJECT_CHECK(smc91c111_state, (obj), TYPE_SMC91C111)
222
223 typedef struct {
224 SysBusDevice parent_obj;
225 MII mii;
226 NICState *nic;
227 NICConf conf;
228 uint16_t tcr;
229 uint16_t rcr;
230 uint16_t cr;
231 uint16_t ctr;
232 uint16_t gpr;
233 uint16_t ptr;
234 uint16_t ercv;
235 qemu_irq irq;
236 int bank;
237 int packet_num;
238 int tx_alloc;
239 /* Bitmask of allocated packets. */
240 int allocated;
241 int tx_fifo_len;
242 int tx_fifo[NUM_PACKETS];
243 int rx_fifo_len;
244 int rx_fifo[NUM_PACKETS];
245 int tx_fifo_done_len;
246 int tx_fifo_done[NUM_PACKETS];
247 /* Packet buffer memory. */
248 uint8_t data[NUM_PACKETS][2048];
249 uint8_t int_level;
250 uint8_t int_mask;
251 MemoryRegion mmio;
252 } smc91c111_state;
253
254 static const VMStateDescription vmstate_smc91c111 = {
255 .name = "smc91c111",
256 .version_id = 1,
257 .minimum_version_id = 1,
258 .fields = (VMStateField[]) {
259 VMSTATE_UINT16(tcr, smc91c111_state),
260 VMSTATE_UINT16(rcr, smc91c111_state),
261 VMSTATE_UINT16(cr, smc91c111_state),
262 VMSTATE_UINT16(ctr, smc91c111_state),
263 VMSTATE_UINT16(gpr, smc91c111_state),
264 VMSTATE_UINT16(ptr, smc91c111_state),
265 VMSTATE_UINT16(ercv, smc91c111_state),
266 VMSTATE_INT32(bank, smc91c111_state),
267 VMSTATE_INT32(packet_num, smc91c111_state),
268 VMSTATE_INT32(tx_alloc, smc91c111_state),
269 VMSTATE_INT32(allocated, smc91c111_state),
270 VMSTATE_INT32(tx_fifo_len, smc91c111_state),
271 VMSTATE_INT32_ARRAY(tx_fifo, smc91c111_state, NUM_PACKETS),
272 VMSTATE_INT32(rx_fifo_len, smc91c111_state),
273 VMSTATE_INT32_ARRAY(rx_fifo, smc91c111_state, NUM_PACKETS),
274 VMSTATE_INT32(tx_fifo_done_len, smc91c111_state),
275 VMSTATE_INT32_ARRAY(tx_fifo_done, smc91c111_state, NUM_PACKETS),
276 VMSTATE_BUFFER_UNSAFE(data, smc91c111_state, 0, NUM_PACKETS * 2048),
277 VMSTATE_UINT8(int_level, smc91c111_state),
278 VMSTATE_UINT8(int_mask, smc91c111_state),
279 VMSTATE_END_OF_LIST()
280 }
281 };
282
283 #define RCR_SOFT_RST 0x8000
284 #define RCR_STRIP_CRC 0x0200
285 #define RCR_RXEN 0x0100
286
287 #define TCR_EPH_LOOP 0x2000
288 #define TCR_NOCRC 0x0100
289 #define TCR_PAD_EN 0x0080
290 #define TCR_FORCOL 0x0004
291 #define TCR_LOOP 0x0002
292 #define TCR_TXEN 0x0001
293
294 #define INT_MD 0x80
295 #define INT_ERCV 0x40
296 #define INT_EPH 0x20
297 #define INT_RX_OVRN 0x10
298 #define INT_ALLOC 0x08
299 #define INT_TX_EMPTY 0x04
300 #define INT_TX 0x02
301 #define INT_RCV 0x01
302
303 #define CTR_AUTO_RELEASE 0x0800
304 #define CTR_RELOAD 0x0002
305 #define CTR_STORE 0x0001
306
307 #define RS_ALGNERR 0x8000
308 #define RS_BRODCAST 0x4000
309 #define RS_BADCRC 0x2000
310 #define RS_ODDFRAME 0x1000
311 #define RS_TOOLONG 0x0800
312 #define RS_TOOSHORT 0x0400
313 #define RS_MULTICAST 0x0001
314
315 static void mii_write(MII *mii, uint32_t value)
316 {
317 /*
318 A timing diagram for a Ml serial port frame is shown in Figure 7.1. The Ml serial port is idle when at
319 least 32 continuous 1's are detected on MDIO and remains idle as long as continuous 1's are detected.
320 During idle, MDIO is in the high impedance state. When the Ml serial port is in the idle state, a 01
321 pattern on the MDIO initiates a serial shift cycle. Data on MDIO is then shifted in on the next 14 rising
322 edges of MDC (MDIO is high impedance). If the register access mode is not enabled, on the next 16
323 rising edges of MDC, data is either shifted in or out on MDIO, depending on whether a write or read
324 cycle was selected with the bits READ and WRITE. After the 32 MDC cycles have been completed,
325 one complete register has been read/written, the serial shift process is halted, data is latched into the
326 device, and MDIO goes into high impedance state. Another serial shift cycle cannot be initiated until
327 the idle condition (at least 32 continuous 1's) is detected.
328 */
329 bool clock = !mii->mclk && (value & 4);
330
331 assert((value & 0xfffffff0) == 0x30);
332
333 if (clock) {
334 /* Raising clock. */
335 mii->mdi = value & MII_MDI;
336 mii->mdoe = value & MII_MDOE;
337 mii->mdo = value & MII_MDO;
338 mii->data = (mii->data << 1) + (value & 1);
339 logout("%u%u%u%u %08x\n",
340 mii->mdoe ? 1 : 0, mii->mclk ? 1 : 0,
341 mii->mdi ? 1 : 0, mii->mdo ? 1 : 0,
342 mii->data);
343 switch (mii->status) {
344 case MII_WAITING:
345 if (mii->data == 0xffffffff) {
346 logout("mii is idle\n");
347 mii->mdi = MII_MDI;
348 mii->status = MII_IDLE;
349 }
350 break;
351 case MII_IDLE:
352 if (mii->data == 0xfffffffd) {
353 logout("mii got start bit pattern 01\n");
354 mii->status = MII_GOT_START;
355 }
356 break;
357 case MII_GOT_START:
358 if ((mii->data & 0xffffc000) == 0xffff4000) {
359 unsigned op = (mii->data >> 12) & 0x3;
360 unsigned phy = (mii->data >> 7) & 0x1f;
361 unsigned reg = (mii->data >> 2) & 0x1f;
362 logout("mii got 14 bits (op=%u, phy=%u, reg=%u, ta=%u)\n",
363 op, phy, reg, mii->data & 0x3);
364 mii->reg = reg;
365 if (phy != 0) {
366 logout("Wrong phy %u, wait for idle\n", phy);
367 mii->status = MII_WAITING;
368 } else if (reg >= ARRAY_SIZE(mii->regs)) {
369 logout("Wrong reg %u, wait for idle\n", reg);
370 mii->status = MII_WAITING;
371 } else if (op == 1) {
372 mii->status = MII_WRITE;
373 } else if (op == 2) {
374 mii->data = mii->regs[reg];
375 mii->mdi = 0;
376 mii->status = MII_READ;
377 } else {
378 logout("Illegal MII operation %u, wait for idle\n", op);
379 mii->status = MII_WAITING;
380 }
381 }
382 break;
383 case MII_WRITE:
384 if ((mii->data & 0xc0000000) == 0x40000000) {
385 uint16_t data = mii->data & 0xffff;
386 logout("mii wrote 16 bits (data=0x%04x=%u)\n", data, data);
387 mii->regs[mii->reg] = data;
388 mii->status = MII_WAITING;
389 }
390 break;
391 case MII_READ:
392 if ((mii->data & 0x0000ffff) == 0x0000ffff) {
393 logout("mii read 16 bits\n");
394 mii->mdi = MII_MDI;
395 mii->status = MII_WAITING;
396 } else {
397 mii->data |= 1;
398 mii->mdi = (mii->data & 0x00010000) ? MII_MDI : 0;
399 }
400 break;
401 }
402 } /* clock */
403 mii->mclk = value & MII_MCLK;
404 //~ assert(mii->mdoe);
405 }
406
407 static void mii_reset(MII *mii)
408 {
409 memcpy(mii->regs, mii_regs_default, sizeof(mii->regs));
410 }
411
412 /* Update interrupt status. */
413 static void smc91c111_update(smc91c111_state *s)
414 {
415 int level;
416
417 if (s->tx_fifo_len == 0)
418 s->int_level |= INT_TX_EMPTY;
419 if (s->tx_fifo_done_len != 0)
420 s->int_level |= INT_TX;
421 level = (s->int_level & s->int_mask) != 0;
422 qemu_set_irq(s->irq, level);
423 }
424
425 static int smc91c111_can_receive(smc91c111_state *s)
426 {
427 if ((s->rcr & RCR_RXEN) == 0 || (s->rcr & RCR_SOFT_RST)) {
428 return 1;
429 }
430 if (s->allocated == (1 << NUM_PACKETS) - 1 ||
431 s->rx_fifo_len == NUM_PACKETS) {
432 return 0;
433 }
434 return 1;
435 }
436
437 static inline void smc91c111_flush_queued_packets(smc91c111_state *s)
438 {
439 if (smc91c111_can_receive(s)) {
440 qemu_flush_queued_packets(qemu_get_queue(s->nic));
441 }
442 }
443
444 /* Try to allocate a packet. Returns 0x80 on failure. */
445 static int smc91c111_allocate_packet(smc91c111_state *s)
446 {
447 int i;
448 if (s->allocated == (1 << NUM_PACKETS) - 1) {
449 return 0x80;
450 }
451
452 for (i = 0; i < NUM_PACKETS; i++) {
453 if ((s->allocated & (1 << i)) == 0)
454 break;
455 }
456 s->allocated |= 1 << i;
457 return i;
458 }
459
460
461 /* Process a pending TX allocate. */
462 static void smc91c111_tx_alloc(smc91c111_state *s)
463 {
464 s->tx_alloc = smc91c111_allocate_packet(s);
465 if (s->tx_alloc == 0x80)
466 return;
467 s->int_level |= INT_ALLOC;
468 smc91c111_update(s);
469 }
470
471 /* Remove and item from the RX FIFO. */
472 static void smc91c111_pop_rx_fifo(smc91c111_state *s)
473 {
474 int i;
475
476 s->rx_fifo_len--;
477 if (s->rx_fifo_len) {
478 for (i = 0; i < s->rx_fifo_len; i++)
479 s->rx_fifo[i] = s->rx_fifo[i + 1];
480 s->int_level |= INT_RCV;
481 } else {
482 s->int_level &= ~INT_RCV;
483 }
484 smc91c111_flush_queued_packets(s);
485 smc91c111_update(s);
486 }
487
488 /* Remove an item from the TX completion FIFO. */
489 static void smc91c111_pop_tx_fifo_done(smc91c111_state *s)
490 {
491 int i;
492
493 if (s->tx_fifo_done_len == 0)
494 return;
495 s->tx_fifo_done_len--;
496 for (i = 0; i < s->tx_fifo_done_len; i++)
497 s->tx_fifo_done[i] = s->tx_fifo_done[i + 1];
498 }
499
500 /* Release the memory allocated to a packet. */
501 static void smc91c111_release_packet(smc91c111_state *s, int packet)
502 {
503 s->allocated &= ~(1 << packet);
504 if (s->tx_alloc == 0x80)
505 smc91c111_tx_alloc(s);
506 smc91c111_flush_queued_packets(s);
507 }
508
509 /* Flush the TX FIFO. */
510 static void smc91c111_do_tx(smc91c111_state *s)
511 {
512 int i;
513 int len;
514 int control;
515 int packetnum;
516 uint8_t *p;
517
518 if ((s->tcr & TCR_TXEN) == 0)
519 return;
520 if (s->tx_fifo_len == 0)
521 return;
522 for (i = 0; i < s->tx_fifo_len; i++) {
523 packetnum = s->tx_fifo[i];
524 p = &s->data[packetnum][0];
525 /* Set status word. */
526 *(p++) = 0x01;
527 *(p++) = 0x40;
528 len = *(p++);
529 len |= ((int)*(p++)) << 8;
530 len -= 6;
531 control = p[len + 1];
532 if (control & 0x20)
533 len++;
534 /* ??? This overwrites the data following the buffer.
535 Don't know what real hardware does. */
536 if (len < 64 && (s->tcr & TCR_PAD_EN)) {
537 memset(p + len, 0, 64 - len);
538 len = 64;
539 }
540 #if 0
541 {
542 int add_crc;
543
544 /* The card is supposed to append the CRC to the frame.
545 However none of the other network traffic has the CRC
546 appended. Suspect this is low level ethernet detail we
547 don't need to worry about. */
548 add_crc = (control & 0x10) || (s->tcr & TCR_NOCRC) == 0;
549 if (add_crc) {
550 uint32_t crc;
551
552 crc = crc32(~0, p, len);
553 memcpy(p + len, &crc, 4);
554 len += 4;
555 }
556 }
557 #endif
558 if (s->ctr & CTR_AUTO_RELEASE)
559 /* Race? */
560 smc91c111_release_packet(s, packetnum);
561 else if (s->tx_fifo_done_len < NUM_PACKETS)
562 s->tx_fifo_done[s->tx_fifo_done_len++] = packetnum;
563 qemu_send_packet(qemu_get_queue(s->nic), p, len);
564 }
565 s->tx_fifo_len = 0;
566 smc91c111_update(s);
567 }
568
569 /* Add a packet to the TX FIFO. */
570 static void smc91c111_queue_tx(smc91c111_state *s, int packet)
571 {
572 if (s->tx_fifo_len == NUM_PACKETS)
573 return;
574 s->tx_fifo[s->tx_fifo_len++] = packet;
575 smc91c111_do_tx(s);
576 }
577
578 static void smc91c111_reset(DeviceState *dev)
579 {
580 smc91c111_state *s = SMC91C111(dev);
581
582 s->bank = 0;
583 s->tx_fifo_len = 0;
584 s->tx_fifo_done_len = 0;
585 s->rx_fifo_len = 0;
586 s->allocated = 0;
587 s->packet_num = 0;
588 s->tx_alloc = 0;
589 s->tcr = 0;
590 s->rcr = 0;
591 s->cr = 0xa0b1;
592 s->ctr = 0x1210;
593 s->ptr = 0;
594 s->ercv = 0x1f;
595 s->int_level = INT_TX_EMPTY;
596 s->int_mask = 0;
597 mii_reset(&s->mii);
598 smc91c111_update(s);
599 }
600
601 #define SET_LOW(name, val) s->name = (s->name & 0xff00) | val
602 #define SET_HIGH(name, val) s->name = (s->name & 0xff) | (val << 8)
603
604 static void smc91c111_writeb(void *opaque, hwaddr offset,
605 uint32_t value)
606 {
607 smc91c111_state *s = (smc91c111_state *)opaque;
608
609 offset = offset & 0xf;
610 if (offset == 14) {
611 s->bank = value;
612 return;
613 }
614 if (offset == 15)
615 return;
616 switch (s->bank) {
617 case 0:
618 switch (offset) {
619 case 0: /* TCR */
620 SET_LOW(tcr, value);
621 return;
622 case 1:
623 SET_HIGH(tcr, value);
624 return;
625 case 4: /* RCR */
626 SET_LOW(rcr, value);
627 return;
628 case 5:
629 SET_HIGH(rcr, value);
630 if (s->rcr & RCR_SOFT_RST) {
631 smc91c111_reset(DEVICE(s));
632 }
633 smc91c111_flush_queued_packets(s);
634 return;
635 case 10: case 11: /* RPCR */
636 /* Ignored */
637 return;
638 case 12: case 13: /* Reserved */
639 return;
640 default:
641 logout(TARGET_FMT_plx "= %02" PRIx32 "\n", offset, value);
642 }
643 break;
644
645 case 1:
646 switch (offset) {
647 case 0: /* CONFIG */
648 SET_LOW(cr, value);
649 return;
650 case 1:
651 SET_HIGH(cr,value);
652 return;
653 case 2: case 3: /* BASE */
654 case 4: case 5: case 6: case 7: case 8: case 9: /* IA */
655 logout(TARGET_FMT_plx "= %02" PRIx32 "\n", offset, value);
656 return;
657 case 10: /* General Purpose */
658 SET_LOW(gpr, value);
659 return;
660 case 11:
661 SET_HIGH(gpr, value);
662 return;
663 case 12: /* Control */
664 if (value & 1) {
665 qemu_log_mask(LOG_UNIMP,
666 "smc91c111: EEPROM store not implemented\n");
667 }
668 if (value & 2) {
669 qemu_log_mask(LOG_UNIMP,
670 "smc91c111: EEPROM reload not implemented\n");
671 }
672 value &= ~3;
673 SET_LOW(ctr, value);
674 return;
675 case 13:
676 SET_HIGH(ctr, value);
677 return;
678 default:
679 logout(TARGET_FMT_plx "= %02" PRIx32 "\n", offset, value);
680 }
681 break;
682
683 case 2:
684 switch (offset) {
685 case 0: /* MMU Command */
686 switch (value >> 5) {
687 case 0: /* no-op */
688 break;
689 case 1: /* Allocate for TX. */
690 s->tx_alloc = 0x80;
691 s->int_level &= ~INT_ALLOC;
692 smc91c111_update(s);
693 smc91c111_tx_alloc(s);
694 break;
695 case 2: /* Reset MMU. */
696 s->allocated = 0;
697 s->tx_fifo_len = 0;
698 s->tx_fifo_done_len = 0;
699 s->rx_fifo_len = 0;
700 s->tx_alloc = 0;
701 break;
702 case 3: /* Remove from RX FIFO. */
703 smc91c111_pop_rx_fifo(s);
704 break;
705 case 4: /* Remove from RX FIFO and release. */
706 if (s->rx_fifo_len > 0) {
707 smc91c111_release_packet(s, s->rx_fifo[0]);
708 }
709 smc91c111_pop_rx_fifo(s);
710 break;
711 case 5: /* Release. */
712 smc91c111_release_packet(s, s->packet_num);
713 break;
714 case 6: /* Add to TX FIFO. */
715 smc91c111_queue_tx(s, s->packet_num);
716 break;
717 case 7: /* Reset TX FIFO. */
718 s->tx_fifo_len = 0;
719 s->tx_fifo_done_len = 0;
720 break;
721 default:
722 logout(TARGET_FMT_plx "= %02" PRIx32 "\n", offset, value);
723 }
724 return;
725 case 1:
726 /* Ignore. */
727 return;
728 case 2: /* Packet Number Register */
729 s->packet_num = value;
730 return;
731 case 3: case 4: case 5:
732 /* Should be readonly, but linux writes to them anyway. Ignore. */
733 return;
734 case 6: /* Pointer */
735 SET_LOW(ptr, value);
736 return;
737 case 7:
738 SET_HIGH(ptr, value);
739 return;
740 case 8: case 9: case 10: case 11: /* Data */
741 {
742 int p;
743 int n;
744
745 if (s->ptr & 0x8000)
746 n = s->rx_fifo[0];
747 else
748 n = s->packet_num;
749 p = s->ptr & 0x07ff;
750 if (s->ptr & 0x4000) {
751 s->ptr = (s->ptr & 0xf800) | ((s->ptr + 1) & 0x7ff);
752 } else {
753 p += (offset & 3);
754 }
755 s->data[n][p] = value;
756 }
757 return;
758 case 12: /* Interrupt ACK. */
759 s->int_level &= ~(value & 0xd6);
760 if (value & INT_TX)
761 smc91c111_pop_tx_fifo_done(s);
762 smc91c111_update(s);
763 return;
764 case 13: /* Interrupt mask. */
765 s->int_mask = value;
766 smc91c111_update(s);
767 return;
768 default:
769 logout(TARGET_FMT_plx "= %02" PRIx32 "\n", offset, value);
770 }
771 break;
772
773 case 3:
774 switch (offset) {
775 case 0: case 1: case 2: case 3: case 4: case 5: case 6: case 7:
776 /* Multicast table. */
777 logout(TARGET_FMT_plx "= %02" PRIx32 "\n", offset, value);
778 return;
779 case 8: /* Management Interface (low). */
780 mii_write(&s->mii, value);
781 return;
782 case 9: /* Management Interface (high). */
783 if (value != 0x33) {
784 /* MSK_CRS100 not implemented. */
785 logout(TARGET_FMT_plx "= %02" PRIx32 "\n", offset, value);
786 }
787 return;
788 case 12: /* Early receive. */
789 s->ercv = value & 0x1f;
790 return;
791 case 13:
792 /* Ignore. */
793 logout(TARGET_FMT_plx "= %02" PRIx32 "\n", offset, value);
794 return;
795 default:
796 logout(TARGET_FMT_plx "= %02" PRIx32 "\n", offset, value);
797 }
798 break;
799 default:
800 logout(TARGET_FMT_plx "= %02" PRIx32 "\n", offset, value);
801 }
802 qemu_log_mask(LOG_GUEST_ERROR, "smc91c111_write(bank:%d) Illegal register"
803 " 0x%" HWADDR_PRIx " = 0x%x\n",
804 s->bank, offset, value);
805 }
806
807 static uint32_t smc91c111_readb(void *opaque, hwaddr offset)
808 {
809 smc91c111_state *s = (smc91c111_state *)opaque;
810
811 offset = offset & 0xf;
812 if (offset == 14) {
813 return s->bank;
814 }
815 if (offset == 15)
816 return 0x33;
817 switch (s->bank) {
818 case 0:
819 switch (offset) {
820 case 0: /* TCR */
821 return s->tcr & 0xff;
822 case 1:
823 return s->tcr >> 8;
824 case 2: /* EPH Status */
825 return 0;
826 case 3:
827 return 0x40;
828 case 4: /* RCR */
829 return s->rcr & 0xff;
830 case 5:
831 return s->rcr >> 8;
832 case 6: /* Counter */
833 case 7:
834 logout(TARGET_FMT_plx "\n", offset);
835 return 0;
836 case 8: /* Memory size. */
837 return NUM_PACKETS;
838 case 9: /* Free memory available. */
839 {
840 int i;
841 int n;
842 n = 0;
843 for (i = 0; i < NUM_PACKETS; i++) {
844 if (s->allocated & (1 << i))
845 n++;
846 }
847 return n;
848 }
849 case 10: case 11: /* RPCR */
850 logout(TARGET_FMT_plx "\n", offset);
851 return 0;
852 case 12: case 13: /* Reserved */
853 return 0;
854 default:
855 logout(TARGET_FMT_plx "\n", offset);
856 }
857 break;
858
859 case 1:
860 switch (offset) {
861 case 0: /* CONFIG */
862 return s->cr & 0xff;
863 case 1:
864 return s->cr >> 8;
865 case 2: case 3: /* BASE */
866 logout(TARGET_FMT_plx "\n", offset);
867 return 0;
868 case 4: case 5: case 6: case 7: case 8: case 9: /* IA */
869 return s->conf.macaddr.a[offset - 4];
870 case 10: /* General Purpose */
871 return s->gpr & 0xff;
872 case 11:
873 return s->gpr >> 8;
874 case 12: /* Control */
875 return s->ctr & 0xff;
876 case 13:
877 return s->ctr >> 8;
878 default:
879 logout(TARGET_FMT_plx "\n", offset);
880 }
881 break;
882
883 case 2:
884 switch (offset) {
885 case 0: case 1: /* MMUCR Busy bit. */
886 return 0;
887 case 2: /* Packet Number. */
888 return s->packet_num;
889 case 3: /* Allocation Result. */
890 return s->tx_alloc;
891 case 4: /* TX FIFO */
892 if (s->tx_fifo_done_len == 0)
893 return 0x80;
894 else
895 return s->tx_fifo_done[0];
896 case 5: /* RX FIFO */
897 if (s->rx_fifo_len == 0)
898 return 0x80;
899 else
900 return s->rx_fifo[0];
901 case 6: /* Pointer */
902 return s->ptr & 0xff;
903 case 7:
904 return (s->ptr >> 8) & 0xf7;
905 case 8: case 9: case 10: case 11: /* Data */
906 {
907 int p;
908 int n;
909
910 if (s->ptr & 0x8000)
911 n = s->rx_fifo[0];
912 else
913 n = s->packet_num;
914 p = s->ptr & 0x07ff;
915 if (s->ptr & 0x4000) {
916 s->ptr = (s->ptr & 0xf800) | ((s->ptr + 1) & 0x07ff);
917 } else {
918 p += (offset & 3);
919 }
920 return s->data[n][p];
921 }
922 case 12: /* Interrupt status. */
923 return s->int_level;
924 case 13: /* Interrupt mask. */
925 return s->int_mask;
926 default:
927 logout(TARGET_FMT_plx "\n", offset);
928 }
929 break;
930
931 case 3:
932 switch (offset) {
933 case 0: case 1: case 2: case 3: case 4: case 5: case 6: case 7:
934 /* Multicast table. */
935 logout(TARGET_FMT_plx "\n", offset);
936 return 0;
937 case 8: /* Management Interface (low). */
938 logout(TARGET_FMT_plx "\n", offset);
939 return 0x30 + s->mii.mdi;
940 case 9: /* Management Interface (high). */
941 return 0x33;
942 case 10: /* Revision. */
943 return 0x91;
944 case 11:
945 return 0x33;
946 case 12:
947 return s->ercv;
948 case 13:
949 return 0;
950 default:
951 logout(TARGET_FMT_plx "\n", offset);
952 }
953 break;
954 default:
955 logout(TARGET_FMT_plx "\n", offset);
956 }
957 qemu_log_mask(LOG_GUEST_ERROR, "smc91c111_read(bank:%d) Illegal register"
958 " 0x%" HWADDR_PRIx "\n",
959 s->bank, offset);
960 return 0;
961 }
962
963 static uint64_t smc91c111_readfn(void *opaque, hwaddr addr, unsigned size)
964 {
965 int i;
966 uint32_t val = 0;
967
968 for (i = 0; i < size; i++) {
969 val |= smc91c111_readb(opaque, addr + i) << (i * 8);
970 }
971 return val;
972 }
973
974 static void smc91c111_writefn(void *opaque, hwaddr addr,
975 uint64_t value, unsigned size)
976 {
977 int i = 0;
978
979 /* 32-bit writes to offset 0xc only actually write to the bank select
980 * register (offset 0xe), so skip the first two bytes we would write.
981 */
982 if (addr == 0xc && size == 4) {
983 i += 2;
984 }
985
986 for (; i < size; i++) {
987 smc91c111_writeb(opaque, addr + i,
988 extract32(value, i * 8, 8));
989 }
990 }
991
992 static int smc91c111_can_receive_nc(NetClientState *nc)
993 {
994 smc91c111_state *s = qemu_get_nic_opaque(nc);
995
996 return smc91c111_can_receive(s);
997 }
998
999 static ssize_t smc91c111_receive(NetClientState *nc, const uint8_t *buf, size_t size)
1000 {
1001 smc91c111_state *s = qemu_get_nic_opaque(nc);
1002 int status;
1003 int packetsize;
1004 uint32_t crc;
1005 int packetnum;
1006 uint8_t *p;
1007
1008 if ((s->rcr & RCR_RXEN) == 0 || (s->rcr & RCR_SOFT_RST))
1009 return -1;
1010 /* Short packets are padded with zeros. Receiving a packet
1011 < 64 bytes long is considered an error condition. */
1012 if (size < 64)
1013 packetsize = 64;
1014 else
1015 packetsize = (size & ~1);
1016 packetsize += 6;
1017 crc = (s->rcr & RCR_STRIP_CRC) == 0;
1018 if (crc)
1019 packetsize += 4;
1020 /* TODO: Flag overrun and receive errors. */
1021 if (packetsize > 2048)
1022 return -1;
1023 packetnum = smc91c111_allocate_packet(s);
1024 if (packetnum == 0x80)
1025 return -1;
1026 s->rx_fifo[s->rx_fifo_len++] = packetnum;
1027
1028 p = &s->data[packetnum][0];
1029 /* ??? Multicast packets? */
1030 status = 0;
1031 if (size > 1518)
1032 status |= RS_TOOLONG;
1033 if (size & 1)
1034 status |= RS_ODDFRAME;
1035 *(p++) = status & 0xff;
1036 *(p++) = status >> 8;
1037 *(p++) = packetsize & 0xff;
1038 *(p++) = packetsize >> 8;
1039 memcpy(p, buf, size & ~1);
1040 p += (size & ~1);
1041 /* Pad short packets. */
1042 if (size < 64) {
1043 int pad;
1044
1045 if (size & 1)
1046 *(p++) = buf[size - 1];
1047 pad = 64 - size;
1048 memset(p, 0, pad);
1049 p += pad;
1050 size = 64;
1051 }
1052 /* It's not clear if the CRC should go before or after the last byte in
1053 odd sized packets. Linux disables the CRC, so that's no help.
1054 The pictures in the documentation show the CRC aligned on a 16-bit
1055 boundary before the last odd byte, so that's what we do. */
1056 if (crc) {
1057 crc = crc32(~0, buf, size);
1058 *(p++) = crc & 0xff; crc >>= 8;
1059 *(p++) = crc & 0xff; crc >>= 8;
1060 *(p++) = crc & 0xff; crc >>= 8;
1061 *(p++) = crc & 0xff;
1062 }
1063 if (size & 1) {
1064 *(p++) = buf[size - 1];
1065 *p = 0x60;
1066 } else {
1067 *(p++) = 0;
1068 *p = 0x40;
1069 }
1070 /* TODO: Raise early RX interrupt? */
1071 s->int_level |= INT_RCV;
1072 smc91c111_update(s);
1073
1074 return size;
1075 }
1076
1077 static const MemoryRegionOps smc91c111_mem_ops = {
1078 /* The special case for 32 bit writes to 0xc means we can't just
1079 * set .impl.min/max_access_size to 1, unfortunately
1080 */
1081 .read = smc91c111_readfn,
1082 .write = smc91c111_writefn,
1083 .valid.min_access_size = 1,
1084 .valid.max_access_size = 4,
1085 .endianness = DEVICE_NATIVE_ENDIAN,
1086 };
1087
1088 static NetClientInfo net_smc91c111_info = {
1089 .type = NET_CLIENT_DRIVER_NIC,
1090 .size = sizeof(NICState),
1091 .can_receive = smc91c111_can_receive_nc,
1092 .receive = smc91c111_receive,
1093 };
1094
1095 static void smc91c111_realize(DeviceState *dev, Error **errp)
1096 {
1097 SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
1098 smc91c111_state *s = SMC91C111(dev);
1099
1100 memory_region_init_io(&s->mmio, OBJECT(s), &smc91c111_mem_ops, s,
1101 "smc91c111-mmio", 16);
1102 sysbus_init_mmio(sbd, &s->mmio);
1103 sysbus_init_irq(sbd, &s->irq);
1104 qemu_macaddr_default_if_unset(&s->conf.macaddr);
1105 s->nic = qemu_new_nic(&net_smc91c111_info, &s->conf,
1106 object_get_typename(OBJECT(dev)), dev->id, s);
1107 qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a);
1108 /* ??? Save/restore. */
1109 }
1110
1111 static Property smc91c111_properties[] = {
1112 DEFINE_NIC_PROPERTIES(smc91c111_state, conf),
1113 DEFINE_PROP_END_OF_LIST(),
1114 };
1115
1116 static void smc91c111_class_init(ObjectClass *klass, void *data)
1117 {
1118 DeviceClass *dc = DEVICE_CLASS(klass);
1119
1120 dc->realize = smc91c111_realize;
1121 dc->reset = smc91c111_reset;
1122 dc->vmsd = &vmstate_smc91c111;
1123 dc->props = smc91c111_properties;
1124 }
1125
1126 static const TypeInfo smc91c111_info = {
1127 .name = TYPE_SMC91C111,
1128 .parent = TYPE_SYS_BUS_DEVICE,
1129 .instance_size = sizeof(smc91c111_state),
1130 .class_init = smc91c111_class_init,
1131 };
1132
1133 static void smc91c111_register_types(void)
1134 {
1135 type_register_static(&smc91c111_info);
1136 }
1137
1138 /* Legacy helper function. Should go away when machine config files are
1139 implemented. */
1140 void smc91c111_init(NICInfo *nd, uint32_t base, qemu_irq irq)
1141 {
1142 DeviceState *dev;
1143 SysBusDevice *s;
1144
1145 qemu_check_nic_model(nd, "smc91c111");
1146 dev = qdev_create(NULL, TYPE_SMC91C111);
1147 qdev_set_nic_properties(dev, nd);
1148 qdev_init_nofail(dev);
1149 s = SYS_BUS_DEVICE(dev);
1150 sysbus_mmio_map(s, 0, base);
1151 sysbus_connect_irq(s, 0, irq);
1152 }
1153
1154 type_init(smc91c111_register_types)
AR7 emulation for QEMU