More realistic max_cpus
[qemu/mini2440.git] / hw / e1000.c
blobb351119b41c47736d4716e5b2de44820b7c7eca9
1 /*
2 * QEMU e1000 emulation
4 * Nir Peleg, Tutis Systems Ltd. for Qumranet Inc.
5 * Copyright (c) 2008 Qumranet
6 * Based on work done by:
7 * Copyright (c) 2007 Dan Aloni
8 * Copyright (c) 2004 Antony T Curtis
10 * This library is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU Lesser General Public
12 * License as published by the Free Software Foundation; either
13 * version 2 of the License, or (at your option) any later version.
15 * This library is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
18 * Lesser General Public License for more details.
20 * You should have received a copy of the GNU Lesser General Public
21 * License along with this library; if not, write to the Free Software
22 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
26 #include "hw.h"
27 #include "pci.h"
28 #include "net.h"
30 #include "e1000_hw.h"
32 #define DEBUG
34 #ifdef DEBUG
35 enum {
36 DEBUG_GENERAL, DEBUG_IO, DEBUG_MMIO, DEBUG_INTERRUPT,
37 DEBUG_RX, DEBUG_TX, DEBUG_MDIC, DEBUG_EEPROM,
38 DEBUG_UNKNOWN, DEBUG_TXSUM, DEBUG_TXERR, DEBUG_RXERR,
39 DEBUG_RXFILTER, DEBUG_NOTYET,
41 #define DBGBIT(x) (1<<DEBUG_##x)
42 static int debugflags = DBGBIT(TXERR) | DBGBIT(GENERAL);
44 #define DBGOUT(what, fmt, params...) do { \
45 if (debugflags & DBGBIT(what)) \
46 fprintf(stderr, "e1000: " fmt, ##params); \
47 } while (0)
48 #else
49 #define DBGOUT(what, fmt, params...) do {} while (0)
50 #endif
52 #define IOPORT_SIZE 0x40
53 #define PNPMMIO_SIZE 0x20000
56 * HW models:
57 * E1000_DEV_ID_82540EM works with Windows and Linux
58 * E1000_DEV_ID_82573L OK with windoze and Linux 2.6.22,
59 * appears to perform better than 82540EM, but breaks with Linux 2.6.18
60 * E1000_DEV_ID_82544GC_COPPER appears to work; not well tested
61 * Others never tested
63 enum { E1000_DEVID = E1000_DEV_ID_82540EM };
66 * May need to specify additional MAC-to-PHY entries --
67 * Intel's Windows driver refuses to initialize unless they match
69 enum {
70 PHY_ID2_INIT = E1000_DEVID == E1000_DEV_ID_82573L ? 0xcc2 :
71 E1000_DEVID == E1000_DEV_ID_82544GC_COPPER ? 0xc30 :
72 /* default to E1000_DEV_ID_82540EM */ 0xc20
75 typedef struct E1000State_st {
76 PCIDevice dev;
77 VLANClientState *vc;
78 NICInfo *nd;
79 uint32_t mmio_base;
80 int mmio_index;
82 uint32_t mac_reg[0x8000];
83 uint16_t phy_reg[0x20];
84 uint16_t eeprom_data[64];
86 uint32_t rxbuf_size;
87 uint32_t rxbuf_min_shift;
88 int check_rxov;
89 struct e1000_tx {
90 unsigned char header[256];
91 unsigned char data[0x10000];
92 uint16_t size;
93 unsigned char sum_needed;
94 uint8_t ipcss;
95 uint8_t ipcso;
96 uint16_t ipcse;
97 uint8_t tucss;
98 uint8_t tucso;
99 uint16_t tucse;
100 uint8_t hdr_len;
101 uint16_t mss;
102 uint32_t paylen;
103 uint16_t tso_frames;
104 char tse;
105 int8_t ip;
106 int8_t tcp;
107 char cptse; // current packet tse bit
108 } tx;
110 struct {
111 uint32_t val_in; // shifted in from guest driver
112 uint16_t bitnum_in;
113 uint16_t bitnum_out;
114 uint16_t reading;
115 uint32_t old_eecd;
116 } eecd_state;
117 } E1000State;
119 #define defreg(x) x = (E1000_##x>>2)
120 enum {
121 defreg(CTRL), defreg(EECD), defreg(EERD), defreg(GPRC),
122 defreg(GPTC), defreg(ICR), defreg(ICS), defreg(IMC),
123 defreg(IMS), defreg(LEDCTL), defreg(MANC), defreg(MDIC),
124 defreg(MPC), defreg(PBA), defreg(RCTL), defreg(RDBAH),
125 defreg(RDBAL), defreg(RDH), defreg(RDLEN), defreg(RDT),
126 defreg(STATUS), defreg(SWSM), defreg(TCTL), defreg(TDBAH),
127 defreg(TDBAL), defreg(TDH), defreg(TDLEN), defreg(TDT),
128 defreg(TORH), defreg(TORL), defreg(TOTH), defreg(TOTL),
129 defreg(TPR), defreg(TPT), defreg(TXDCTL), defreg(WUFC),
130 defreg(RA), defreg(MTA), defreg(CRCERRS),
133 enum { PHY_R = 1, PHY_W = 2, PHY_RW = PHY_R | PHY_W };
134 static const char phy_regcap[0x20] = {
135 [PHY_STATUS] = PHY_R, [M88E1000_EXT_PHY_SPEC_CTRL] = PHY_RW,
136 [PHY_ID1] = PHY_R, [M88E1000_PHY_SPEC_CTRL] = PHY_RW,
137 [PHY_CTRL] = PHY_RW, [PHY_1000T_CTRL] = PHY_RW,
138 [PHY_LP_ABILITY] = PHY_R, [PHY_1000T_STATUS] = PHY_R,
139 [PHY_AUTONEG_ADV] = PHY_RW, [M88E1000_RX_ERR_CNTR] = PHY_R,
140 [PHY_ID2] = PHY_R, [M88E1000_PHY_SPEC_STATUS] = PHY_R
143 static void
144 ioport_map(PCIDevice *pci_dev, int region_num, uint32_t addr,
145 uint32_t size, int type)
147 DBGOUT(IO, "e1000_ioport_map addr=0x%04x size=0x%08x\n", addr, size);
150 static void
151 set_interrupt_cause(E1000State *s, int index, uint32_t val)
153 if (val)
154 val |= E1000_ICR_INT_ASSERTED;
155 s->mac_reg[ICR] = val;
156 qemu_set_irq(s->dev.irq[0], (s->mac_reg[IMS] & s->mac_reg[ICR]) != 0);
159 static void
160 set_ics(E1000State *s, int index, uint32_t val)
162 DBGOUT(INTERRUPT, "set_ics %x, ICR %x, IMR %x\n", val, s->mac_reg[ICR],
163 s->mac_reg[IMS]);
164 set_interrupt_cause(s, 0, val | s->mac_reg[ICR]);
167 static int
168 rxbufsize(uint32_t v)
170 v &= E1000_RCTL_BSEX | E1000_RCTL_SZ_16384 | E1000_RCTL_SZ_8192 |
171 E1000_RCTL_SZ_4096 | E1000_RCTL_SZ_2048 | E1000_RCTL_SZ_1024 |
172 E1000_RCTL_SZ_512 | E1000_RCTL_SZ_256;
173 switch (v) {
174 case E1000_RCTL_BSEX | E1000_RCTL_SZ_16384:
175 return 16384;
176 case E1000_RCTL_BSEX | E1000_RCTL_SZ_8192:
177 return 8192;
178 case E1000_RCTL_BSEX | E1000_RCTL_SZ_4096:
179 return 4096;
180 case E1000_RCTL_SZ_1024:
181 return 1024;
182 case E1000_RCTL_SZ_512:
183 return 512;
184 case E1000_RCTL_SZ_256:
185 return 256;
187 return 2048;
190 static void
191 set_rx_control(E1000State *s, int index, uint32_t val)
193 s->mac_reg[RCTL] = val;
194 s->rxbuf_size = rxbufsize(val);
195 s->rxbuf_min_shift = ((val / E1000_RCTL_RDMTS_QUAT) & 3) + 1;
196 DBGOUT(RX, "RCTL: %d, mac_reg[RCTL] = 0x%x\n", s->mac_reg[RDT],
197 s->mac_reg[RCTL]);
200 static void
201 set_mdic(E1000State *s, int index, uint32_t val)
203 uint32_t data = val & E1000_MDIC_DATA_MASK;
204 uint32_t addr = ((val & E1000_MDIC_REG_MASK) >> E1000_MDIC_REG_SHIFT);
206 if ((val & E1000_MDIC_PHY_MASK) >> E1000_MDIC_PHY_SHIFT != 1) // phy #
207 val = s->mac_reg[MDIC] | E1000_MDIC_ERROR;
208 else if (val & E1000_MDIC_OP_READ) {
209 DBGOUT(MDIC, "MDIC read reg 0x%x\n", addr);
210 if (!(phy_regcap[addr] & PHY_R)) {
211 DBGOUT(MDIC, "MDIC read reg %x unhandled\n", addr);
212 val |= E1000_MDIC_ERROR;
213 } else
214 val = (val ^ data) | s->phy_reg[addr];
215 } else if (val & E1000_MDIC_OP_WRITE) {
216 DBGOUT(MDIC, "MDIC write reg 0x%x, value 0x%x\n", addr, data);
217 if (!(phy_regcap[addr] & PHY_W)) {
218 DBGOUT(MDIC, "MDIC write reg %x unhandled\n", addr);
219 val |= E1000_MDIC_ERROR;
220 } else
221 s->phy_reg[addr] = data;
223 s->mac_reg[MDIC] = val | E1000_MDIC_READY;
224 set_ics(s, 0, E1000_ICR_MDAC);
227 static uint32_t
228 get_eecd(E1000State *s, int index)
230 uint32_t ret = E1000_EECD_PRES|E1000_EECD_GNT | s->eecd_state.old_eecd;
232 DBGOUT(EEPROM, "reading eeprom bit %d (reading %d)\n",
233 s->eecd_state.bitnum_out, s->eecd_state.reading);
234 if (!s->eecd_state.reading ||
235 ((s->eeprom_data[(s->eecd_state.bitnum_out >> 4) & 0x3f] >>
236 ((s->eecd_state.bitnum_out & 0xf) ^ 0xf))) & 1)
237 ret |= E1000_EECD_DO;
238 return ret;
241 static void
242 set_eecd(E1000State *s, int index, uint32_t val)
244 uint32_t oldval = s->eecd_state.old_eecd;
246 s->eecd_state.old_eecd = val & (E1000_EECD_SK | E1000_EECD_CS |
247 E1000_EECD_DI|E1000_EECD_FWE_MASK|E1000_EECD_REQ);
248 if (!(E1000_EECD_SK & (val ^ oldval))) // no clock edge
249 return;
250 if (!(E1000_EECD_SK & val)) { // falling edge
251 s->eecd_state.bitnum_out++;
252 return;
254 if (!(val & E1000_EECD_CS)) { // rising, no CS (EEPROM reset)
255 memset(&s->eecd_state, 0, sizeof s->eecd_state);
256 return;
258 s->eecd_state.val_in <<= 1;
259 if (val & E1000_EECD_DI)
260 s->eecd_state.val_in |= 1;
261 if (++s->eecd_state.bitnum_in == 9 && !s->eecd_state.reading) {
262 s->eecd_state.bitnum_out = ((s->eecd_state.val_in & 0x3f)<<4)-1;
263 s->eecd_state.reading = (((s->eecd_state.val_in >> 6) & 7) ==
264 EEPROM_READ_OPCODE_MICROWIRE);
266 DBGOUT(EEPROM, "eeprom bitnum in %d out %d, reading %d\n",
267 s->eecd_state.bitnum_in, s->eecd_state.bitnum_out,
268 s->eecd_state.reading);
271 static uint32_t
272 flash_eerd_read(E1000State *s, int x)
274 unsigned int index, r = s->mac_reg[EERD] & ~E1000_EEPROM_RW_REG_START;
276 if ((index = r >> E1000_EEPROM_RW_ADDR_SHIFT) > EEPROM_CHECKSUM_REG)
277 return 0;
278 return (s->eeprom_data[index] << E1000_EEPROM_RW_REG_DATA) |
279 E1000_EEPROM_RW_REG_DONE | r;
282 static void
283 putsum(uint8_t *data, uint32_t n, uint32_t sloc, uint32_t css, uint32_t cse)
285 uint32_t sum;
287 if (cse && cse < n)
288 n = cse + 1;
289 if (sloc < n-1) {
290 sum = net_checksum_add(n-css, data+css);
291 cpu_to_be16wu((uint16_t *)(data + sloc),
292 net_checksum_finish(sum));
296 static void
297 xmit_seg(E1000State *s)
299 uint16_t len, *sp;
300 unsigned int frames = s->tx.tso_frames, css, sofar, n;
301 struct e1000_tx *tp = &s->tx;
303 if (tp->tse && tp->cptse) {
304 css = tp->ipcss;
305 DBGOUT(TXSUM, "frames %d size %d ipcss %d\n",
306 frames, tp->size, css);
307 if (tp->ip) { // IPv4
308 cpu_to_be16wu((uint16_t *)(tp->data+css+2),
309 tp->size - css);
310 cpu_to_be16wu((uint16_t *)(tp->data+css+4),
311 be16_to_cpup((uint16_t *)(tp->data+css+4))+frames);
312 } else // IPv6
313 cpu_to_be16wu((uint16_t *)(tp->data+css+4),
314 tp->size - css);
315 css = tp->tucss;
316 len = tp->size - css;
317 DBGOUT(TXSUM, "tcp %d tucss %d len %d\n", tp->tcp, css, len);
318 if (tp->tcp) {
319 sofar = frames * tp->mss;
320 cpu_to_be32wu((uint32_t *)(tp->data+css+4), // seq
321 be32_to_cpupu((uint32_t *)(tp->data+css+4))+sofar);
322 if (tp->paylen - sofar > tp->mss)
323 tp->data[css + 13] &= ~9; // PSH, FIN
324 } else // UDP
325 cpu_to_be16wu((uint16_t *)(tp->data+css+4), len);
326 if (tp->sum_needed & E1000_TXD_POPTS_TXSM) {
327 // add pseudo-header length before checksum calculation
328 sp = (uint16_t *)(tp->data + tp->tucso);
329 cpu_to_be16wu(sp, be16_to_cpup(sp) + len);
331 tp->tso_frames++;
334 if (tp->sum_needed & E1000_TXD_POPTS_TXSM)
335 putsum(tp->data, tp->size, tp->tucso, tp->tucss, tp->tucse);
336 if (tp->sum_needed & E1000_TXD_POPTS_IXSM)
337 putsum(tp->data, tp->size, tp->ipcso, tp->ipcss, tp->ipcse);
338 qemu_send_packet(s->vc, tp->data, tp->size);
339 s->mac_reg[TPT]++;
340 s->mac_reg[GPTC]++;
341 n = s->mac_reg[TOTL];
342 if ((s->mac_reg[TOTL] += s->tx.size) < n)
343 s->mac_reg[TOTH]++;
346 static void
347 process_tx_desc(E1000State *s, struct e1000_tx_desc *dp)
349 uint32_t txd_lower = le32_to_cpu(dp->lower.data);
350 uint32_t dtype = txd_lower & (E1000_TXD_CMD_DEXT | E1000_TXD_DTYP_D);
351 unsigned int split_size = txd_lower & 0xffff, bytes, sz, op;
352 unsigned int msh = 0xfffff, hdr = 0;
353 uint64_t addr;
354 struct e1000_context_desc *xp = (struct e1000_context_desc *)dp;
355 struct e1000_tx *tp = &s->tx;
357 if (dtype == E1000_TXD_CMD_DEXT) { // context descriptor
358 op = le32_to_cpu(xp->cmd_and_length);
359 tp->ipcss = xp->lower_setup.ip_fields.ipcss;
360 tp->ipcso = xp->lower_setup.ip_fields.ipcso;
361 tp->ipcse = le16_to_cpu(xp->lower_setup.ip_fields.ipcse);
362 tp->tucss = xp->upper_setup.tcp_fields.tucss;
363 tp->tucso = xp->upper_setup.tcp_fields.tucso;
364 tp->tucse = le16_to_cpu(xp->upper_setup.tcp_fields.tucse);
365 tp->paylen = op & 0xfffff;
366 tp->hdr_len = xp->tcp_seg_setup.fields.hdr_len;
367 tp->mss = le16_to_cpu(xp->tcp_seg_setup.fields.mss);
368 tp->ip = (op & E1000_TXD_CMD_IP) ? 1 : 0;
369 tp->tcp = (op & E1000_TXD_CMD_TCP) ? 1 : 0;
370 tp->tse = (op & E1000_TXD_CMD_TSE) ? 1 : 0;
371 tp->tso_frames = 0;
372 if (tp->tucso == 0) { // this is probably wrong
373 DBGOUT(TXSUM, "TCP/UDP: cso 0!\n");
374 tp->tucso = tp->tucss + (tp->tcp ? 16 : 6);
376 return;
377 } else if (dtype == (E1000_TXD_CMD_DEXT | E1000_TXD_DTYP_D)) {
378 // data descriptor
379 tp->sum_needed = le32_to_cpu(dp->upper.data) >> 8;
380 tp->cptse = ( txd_lower & E1000_TXD_CMD_TSE ) ? 1 : 0;
381 } else
382 // legacy descriptor
383 tp->cptse = 0;
385 addr = le64_to_cpu(dp->buffer_addr);
386 if (tp->tse && tp->cptse) {
387 hdr = tp->hdr_len;
388 msh = hdr + tp->mss;
389 do {
390 bytes = split_size;
391 if (tp->size + bytes > msh)
392 bytes = msh - tp->size;
393 cpu_physical_memory_read(addr, tp->data + tp->size, bytes);
394 if ((sz = tp->size + bytes) >= hdr && tp->size < hdr)
395 memmove(tp->header, tp->data, hdr);
396 tp->size = sz;
397 addr += bytes;
398 if (sz == msh) {
399 xmit_seg(s);
400 memmove(tp->data, tp->header, hdr);
401 tp->size = hdr;
403 } while (split_size -= bytes);
404 } else if (!tp->tse && tp->cptse) {
405 // context descriptor TSE is not set, while data descriptor TSE is set
406 DBGOUT(TXERR, "TCP segmentaion Error\n");
407 } else {
408 cpu_physical_memory_read(addr, tp->data + tp->size, split_size);
409 tp->size += split_size;
412 if (!(txd_lower & E1000_TXD_CMD_EOP))
413 return;
414 if (!(tp->tse && tp->cptse && tp->size < hdr))
415 xmit_seg(s);
416 tp->tso_frames = 0;
417 tp->sum_needed = 0;
418 tp->size = 0;
419 tp->cptse = 0;
422 static uint32_t
423 txdesc_writeback(target_phys_addr_t base, struct e1000_tx_desc *dp)
425 uint32_t txd_upper, txd_lower = le32_to_cpu(dp->lower.data);
427 if (!(txd_lower & (E1000_TXD_CMD_RS|E1000_TXD_CMD_RPS)))
428 return 0;
429 txd_upper = (le32_to_cpu(dp->upper.data) | E1000_TXD_STAT_DD) &
430 ~(E1000_TXD_STAT_EC | E1000_TXD_STAT_LC | E1000_TXD_STAT_TU);
431 dp->upper.data = cpu_to_le32(txd_upper);
432 cpu_physical_memory_write(base + ((char *)&dp->upper - (char *)dp),
433 (void *)&dp->upper, sizeof(dp->upper));
434 return E1000_ICR_TXDW;
437 static void
438 start_xmit(E1000State *s)
440 target_phys_addr_t base;
441 struct e1000_tx_desc desc;
442 uint32_t tdh_start = s->mac_reg[TDH], cause = E1000_ICS_TXQE;
444 if (!(s->mac_reg[TCTL] & E1000_TCTL_EN)) {
445 DBGOUT(TX, "tx disabled\n");
446 return;
449 while (s->mac_reg[TDH] != s->mac_reg[TDT]) {
450 base = ((uint64_t)s->mac_reg[TDBAH] << 32) + s->mac_reg[TDBAL] +
451 sizeof(struct e1000_tx_desc) * s->mac_reg[TDH];
452 cpu_physical_memory_read(base, (void *)&desc, sizeof(desc));
454 DBGOUT(TX, "index %d: %p : %x %x\n", s->mac_reg[TDH],
455 (void *)(intptr_t)desc.buffer_addr, desc.lower.data,
456 desc.upper.data);
458 process_tx_desc(s, &desc);
459 cause |= txdesc_writeback(base, &desc);
461 if (++s->mac_reg[TDH] * sizeof(desc) >= s->mac_reg[TDLEN])
462 s->mac_reg[TDH] = 0;
464 * the following could happen only if guest sw assigns
465 * bogus values to TDT/TDLEN.
466 * there's nothing too intelligent we could do about this.
468 if (s->mac_reg[TDH] == tdh_start) {
469 DBGOUT(TXERR, "TDH wraparound @%x, TDT %x, TDLEN %x\n",
470 tdh_start, s->mac_reg[TDT], s->mac_reg[TDLEN]);
471 break;
474 set_ics(s, 0, cause);
477 static int
478 receive_filter(E1000State *s, const uint8_t *buf, int size)
480 static uint8_t bcast[] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
481 static int mta_shift[] = {4, 3, 2, 0};
482 uint32_t f, rctl = s->mac_reg[RCTL], ra[2], *rp;
484 if (rctl & E1000_RCTL_UPE) // promiscuous
485 return 1;
487 if ((buf[0] & 1) && (rctl & E1000_RCTL_MPE)) // promiscuous mcast
488 return 1;
490 if ((rctl & E1000_RCTL_BAM) && !memcmp(buf, bcast, sizeof bcast))
491 return 1;
493 for (rp = s->mac_reg + RA; rp < s->mac_reg + RA + 32; rp += 2) {
494 if (!(rp[1] & E1000_RAH_AV))
495 continue;
496 ra[0] = cpu_to_le32(rp[0]);
497 ra[1] = cpu_to_le32(rp[1]);
498 if (!memcmp(buf, (uint8_t *)ra, 6)) {
499 DBGOUT(RXFILTER,
500 "unicast match[%d]: %02x:%02x:%02x:%02x:%02x:%02x\n",
501 (int)(rp - s->mac_reg - RA)/2,
502 buf[0], buf[1], buf[2], buf[3], buf[4], buf[5]);
503 return 1;
506 DBGOUT(RXFILTER, "unicast mismatch: %02x:%02x:%02x:%02x:%02x:%02x\n",
507 buf[0], buf[1], buf[2], buf[3], buf[4], buf[5]);
509 f = mta_shift[(rctl >> E1000_RCTL_MO_SHIFT) & 3];
510 f = (((buf[5] << 8) | buf[4]) >> f) & 0xfff;
511 if (s->mac_reg[MTA + (f >> 5)] & (1 << (f & 0x1f)))
512 return 1;
513 DBGOUT(RXFILTER,
514 "dropping, inexact filter mismatch: %02x:%02x:%02x:%02x:%02x:%02x MO %d MTA[%d] %x\n",
515 buf[0], buf[1], buf[2], buf[3], buf[4], buf[5],
516 (rctl >> E1000_RCTL_MO_SHIFT) & 3, f >> 5,
517 s->mac_reg[MTA + (f >> 5)]);
519 return 0;
522 static int
523 e1000_can_receive(void *opaque)
525 E1000State *s = opaque;
527 return (s->mac_reg[RCTL] & E1000_RCTL_EN);
530 static void
531 e1000_receive(void *opaque, const uint8_t *buf, int size)
533 E1000State *s = opaque;
534 struct e1000_rx_desc desc;
535 target_phys_addr_t base;
536 unsigned int n, rdt;
537 uint32_t rdh_start;
539 if (!(s->mac_reg[RCTL] & E1000_RCTL_EN))
540 return;
542 if (size > s->rxbuf_size) {
543 DBGOUT(RX, "packet too large for buffers (%d > %d)\n", size,
544 s->rxbuf_size);
545 return;
548 if (!receive_filter(s, buf, size))
549 return;
551 rdh_start = s->mac_reg[RDH];
552 size += 4; // for the header
553 do {
554 if (s->mac_reg[RDH] == s->mac_reg[RDT] && s->check_rxov) {
555 set_ics(s, 0, E1000_ICS_RXO);
556 return;
558 base = ((uint64_t)s->mac_reg[RDBAH] << 32) + s->mac_reg[RDBAL] +
559 sizeof(desc) * s->mac_reg[RDH];
560 cpu_physical_memory_read(base, (void *)&desc, sizeof(desc));
561 desc.status |= E1000_RXD_STAT_DD;
562 if (desc.buffer_addr) {
563 cpu_physical_memory_write(le64_to_cpu(desc.buffer_addr),
564 (void *)buf, size);
565 desc.length = cpu_to_le16(size);
566 desc.status |= E1000_RXD_STAT_EOP|E1000_RXD_STAT_IXSM;
567 } else // as per intel docs; skip descriptors with null buf addr
568 DBGOUT(RX, "Null RX descriptor!!\n");
569 cpu_physical_memory_write(base, (void *)&desc, sizeof(desc));
571 if (++s->mac_reg[RDH] * sizeof(desc) >= s->mac_reg[RDLEN])
572 s->mac_reg[RDH] = 0;
573 s->check_rxov = 1;
574 /* see comment in start_xmit; same here */
575 if (s->mac_reg[RDH] == rdh_start) {
576 DBGOUT(RXERR, "RDH wraparound @%x, RDT %x, RDLEN %x\n",
577 rdh_start, s->mac_reg[RDT], s->mac_reg[RDLEN]);
578 set_ics(s, 0, E1000_ICS_RXO);
579 return;
581 } while (desc.buffer_addr == 0);
583 s->mac_reg[GPRC]++;
584 s->mac_reg[TPR]++;
585 n = s->mac_reg[TORL];
586 if ((s->mac_reg[TORL] += size) < n)
587 s->mac_reg[TORH]++;
589 n = E1000_ICS_RXT0;
590 if ((rdt = s->mac_reg[RDT]) < s->mac_reg[RDH])
591 rdt += s->mac_reg[RDLEN] / sizeof(desc);
592 if (((rdt - s->mac_reg[RDH]) * sizeof(desc)) << s->rxbuf_min_shift >=
593 s->mac_reg[RDLEN])
594 n |= E1000_ICS_RXDMT0;
596 set_ics(s, 0, n);
599 static uint32_t
600 mac_readreg(E1000State *s, int index)
602 return s->mac_reg[index];
605 static uint32_t
606 mac_icr_read(E1000State *s, int index)
608 uint32_t ret = s->mac_reg[ICR];
610 DBGOUT(INTERRUPT, "ICR read: %x\n", ret);
611 set_interrupt_cause(s, 0, 0);
612 return ret;
615 static uint32_t
616 mac_read_clr4(E1000State *s, int index)
618 uint32_t ret = s->mac_reg[index];
620 s->mac_reg[index] = 0;
621 return ret;
624 static uint32_t
625 mac_read_clr8(E1000State *s, int index)
627 uint32_t ret = s->mac_reg[index];
629 s->mac_reg[index] = 0;
630 s->mac_reg[index-1] = 0;
631 return ret;
634 static void
635 mac_writereg(E1000State *s, int index, uint32_t val)
637 s->mac_reg[index] = val;
640 static void
641 set_rdt(E1000State *s, int index, uint32_t val)
643 s->check_rxov = 0;
644 s->mac_reg[index] = val & 0xffff;
647 static void
648 set_16bit(E1000State *s, int index, uint32_t val)
650 s->mac_reg[index] = val & 0xffff;
653 static void
654 set_dlen(E1000State *s, int index, uint32_t val)
656 s->mac_reg[index] = val & 0xfff80;
659 static void
660 set_tctl(E1000State *s, int index, uint32_t val)
662 s->mac_reg[index] = val;
663 s->mac_reg[TDT] &= 0xffff;
664 start_xmit(s);
667 static void
668 set_icr(E1000State *s, int index, uint32_t val)
670 DBGOUT(INTERRUPT, "set_icr %x\n", val);
671 set_interrupt_cause(s, 0, s->mac_reg[ICR] & ~val);
674 static void
675 set_imc(E1000State *s, int index, uint32_t val)
677 s->mac_reg[IMS] &= ~val;
678 set_ics(s, 0, 0);
681 static void
682 set_ims(E1000State *s, int index, uint32_t val)
684 s->mac_reg[IMS] |= val;
685 set_ics(s, 0, 0);
688 #define getreg(x) [x] = mac_readreg
689 static uint32_t (*macreg_readops[])(E1000State *, int) = {
690 getreg(PBA), getreg(RCTL), getreg(TDH), getreg(TXDCTL),
691 getreg(WUFC), getreg(TDT), getreg(CTRL), getreg(LEDCTL),
692 getreg(MANC), getreg(MDIC), getreg(SWSM), getreg(STATUS),
693 getreg(TORL), getreg(TOTL), getreg(IMS), getreg(TCTL),
694 getreg(RDH), getreg(RDT),
696 [TOTH] = mac_read_clr8, [TORH] = mac_read_clr8, [GPRC] = mac_read_clr4,
697 [GPTC] = mac_read_clr4, [TPR] = mac_read_clr4, [TPT] = mac_read_clr4,
698 [ICR] = mac_icr_read, [EECD] = get_eecd, [EERD] = flash_eerd_read,
699 [CRCERRS ... MPC] = &mac_readreg,
700 [RA ... RA+31] = &mac_readreg,
701 [MTA ... MTA+127] = &mac_readreg,
703 enum { NREADOPS = sizeof(macreg_readops) / sizeof(*macreg_readops) };
705 #define putreg(x) [x] = mac_writereg
706 static void (*macreg_writeops[])(E1000State *, int, uint32_t) = {
707 putreg(PBA), putreg(EERD), putreg(SWSM), putreg(WUFC),
708 putreg(TDBAL), putreg(TDBAH), putreg(TXDCTL), putreg(RDBAH),
709 putreg(RDBAL), putreg(LEDCTL),
710 [TDLEN] = set_dlen, [RDLEN] = set_dlen, [TCTL] = set_tctl,
711 [TDT] = set_tctl, [MDIC] = set_mdic, [ICS] = set_ics,
712 [TDH] = set_16bit, [RDH] = set_16bit, [RDT] = set_rdt,
713 [IMC] = set_imc, [IMS] = set_ims, [ICR] = set_icr,
714 [EECD] = set_eecd, [RCTL] = set_rx_control,
715 [RA ... RA+31] = &mac_writereg,
716 [MTA ... MTA+127] = &mac_writereg,
718 enum { NWRITEOPS = sizeof(macreg_writeops) / sizeof(*macreg_writeops) };
720 static void
721 e1000_mmio_writel(void *opaque, target_phys_addr_t addr, uint32_t val)
723 E1000State *s = opaque;
724 unsigned int index = ((addr - s->mmio_base) & 0x1ffff) >> 2;
726 #ifdef TARGET_WORDS_BIGENDIAN
727 val = bswap32(val);
728 #endif
729 if (index < NWRITEOPS && macreg_writeops[index])
730 macreg_writeops[index](s, index, val);
731 else if (index < NREADOPS && macreg_readops[index])
732 DBGOUT(MMIO, "e1000_mmio_writel RO %x: 0x%04x\n", index<<2, val);
733 else
734 DBGOUT(UNKNOWN, "MMIO unknown write addr=0x%08x,val=0x%08x\n",
735 index<<2, val);
738 static void
739 e1000_mmio_writew(void *opaque, target_phys_addr_t addr, uint32_t val)
741 // emulate hw without byte enables: no RMW
742 e1000_mmio_writel(opaque, addr & ~3,
743 (val & 0xffff) << (8*(addr & 3)));
746 static void
747 e1000_mmio_writeb(void *opaque, target_phys_addr_t addr, uint32_t val)
749 // emulate hw without byte enables: no RMW
750 e1000_mmio_writel(opaque, addr & ~3,
751 (val & 0xff) << (8*(addr & 3)));
754 static uint32_t
755 e1000_mmio_readl(void *opaque, target_phys_addr_t addr)
757 E1000State *s = opaque;
758 unsigned int index = ((addr - s->mmio_base) & 0x1ffff) >> 2;
760 if (index < NREADOPS && macreg_readops[index])
762 uint32_t val = macreg_readops[index](s, index);
763 #ifdef TARGET_WORDS_BIGENDIAN
764 val = bswap32(val);
765 #endif
766 return val;
768 DBGOUT(UNKNOWN, "MMIO unknown read addr=0x%08x\n", index<<2);
769 return 0;
772 static uint32_t
773 e1000_mmio_readb(void *opaque, target_phys_addr_t addr)
775 return ((e1000_mmio_readl(opaque, addr & ~3)) >>
776 (8 * (addr & 3))) & 0xff;
779 static uint32_t
780 e1000_mmio_readw(void *opaque, target_phys_addr_t addr)
782 return ((e1000_mmio_readl(opaque, addr & ~3)) >>
783 (8 * (addr & 3))) & 0xffff;
786 static const int mac_regtosave[] = {
787 CTRL, EECD, EERD, GPRC, GPTC, ICR, ICS, IMC, IMS,
788 LEDCTL, MANC, MDIC, MPC, PBA, RCTL, RDBAH, RDBAL, RDH,
789 RDLEN, RDT, STATUS, SWSM, TCTL, TDBAH, TDBAL, TDH, TDLEN,
790 TDT, TORH, TORL, TOTH, TOTL, TPR, TPT, TXDCTL, WUFC,
792 enum { MAC_NSAVE = sizeof mac_regtosave/sizeof *mac_regtosave };
794 static const struct {
795 int size;
796 int array0;
797 } mac_regarraystosave[] = { {32, RA}, {128, MTA} };
798 enum { MAC_NARRAYS = sizeof mac_regarraystosave/sizeof *mac_regarraystosave };
800 static void
801 nic_save(QEMUFile *f, void *opaque)
803 E1000State *s = (E1000State *)opaque;
804 int i, j;
806 pci_device_save(&s->dev, f);
807 qemu_put_be32s(f, &s->mmio_base);
808 qemu_put_be32s(f, &s->rxbuf_size);
809 qemu_put_be32s(f, &s->rxbuf_min_shift);
810 qemu_put_be32s(f, &s->eecd_state.val_in);
811 qemu_put_be16s(f, &s->eecd_state.bitnum_in);
812 qemu_put_be16s(f, &s->eecd_state.bitnum_out);
813 qemu_put_be16s(f, &s->eecd_state.reading);
814 qemu_put_be32s(f, &s->eecd_state.old_eecd);
815 qemu_put_8s(f, &s->tx.ipcss);
816 qemu_put_8s(f, &s->tx.ipcso);
817 qemu_put_be16s(f, &s->tx.ipcse);
818 qemu_put_8s(f, &s->tx.tucss);
819 qemu_put_8s(f, &s->tx.tucso);
820 qemu_put_be16s(f, &s->tx.tucse);
821 qemu_put_be32s(f, &s->tx.paylen);
822 qemu_put_8s(f, &s->tx.hdr_len);
823 qemu_put_be16s(f, &s->tx.mss);
824 qemu_put_be16s(f, &s->tx.size);
825 qemu_put_be16s(f, &s->tx.tso_frames);
826 qemu_put_8s(f, &s->tx.sum_needed);
827 qemu_put_s8s(f, &s->tx.ip);
828 qemu_put_s8s(f, &s->tx.tcp);
829 qemu_put_buffer(f, s->tx.header, sizeof s->tx.header);
830 qemu_put_buffer(f, s->tx.data, sizeof s->tx.data);
831 for (i = 0; i < 64; i++)
832 qemu_put_be16s(f, s->eeprom_data + i);
833 for (i = 0; i < 0x20; i++)
834 qemu_put_be16s(f, s->phy_reg + i);
835 for (i = 0; i < MAC_NSAVE; i++)
836 qemu_put_be32s(f, s->mac_reg + mac_regtosave[i]);
837 for (i = 0; i < MAC_NARRAYS; i++)
838 for (j = 0; j < mac_regarraystosave[i].size; j++)
839 qemu_put_be32s(f,
840 s->mac_reg + mac_regarraystosave[i].array0 + j);
843 static int
844 nic_load(QEMUFile *f, void *opaque, int version_id)
846 E1000State *s = (E1000State *)opaque;
847 int i, j, ret;
849 if ((ret = pci_device_load(&s->dev, f)) < 0)
850 return ret;
851 if (version_id == 1)
852 qemu_get_sbe32s(f, &i); /* once some unused instance id */
853 qemu_get_be32s(f, &s->mmio_base);
854 qemu_get_be32s(f, &s->rxbuf_size);
855 qemu_get_be32s(f, &s->rxbuf_min_shift);
856 qemu_get_be32s(f, &s->eecd_state.val_in);
857 qemu_get_be16s(f, &s->eecd_state.bitnum_in);
858 qemu_get_be16s(f, &s->eecd_state.bitnum_out);
859 qemu_get_be16s(f, &s->eecd_state.reading);
860 qemu_get_be32s(f, &s->eecd_state.old_eecd);
861 qemu_get_8s(f, &s->tx.ipcss);
862 qemu_get_8s(f, &s->tx.ipcso);
863 qemu_get_be16s(f, &s->tx.ipcse);
864 qemu_get_8s(f, &s->tx.tucss);
865 qemu_get_8s(f, &s->tx.tucso);
866 qemu_get_be16s(f, &s->tx.tucse);
867 qemu_get_be32s(f, &s->tx.paylen);
868 qemu_get_8s(f, &s->tx.hdr_len);
869 qemu_get_be16s(f, &s->tx.mss);
870 qemu_get_be16s(f, &s->tx.size);
871 qemu_get_be16s(f, &s->tx.tso_frames);
872 qemu_get_8s(f, &s->tx.sum_needed);
873 qemu_get_s8s(f, &s->tx.ip);
874 qemu_get_s8s(f, &s->tx.tcp);
875 qemu_get_buffer(f, s->tx.header, sizeof s->tx.header);
876 qemu_get_buffer(f, s->tx.data, sizeof s->tx.data);
877 for (i = 0; i < 64; i++)
878 qemu_get_be16s(f, s->eeprom_data + i);
879 for (i = 0; i < 0x20; i++)
880 qemu_get_be16s(f, s->phy_reg + i);
881 for (i = 0; i < MAC_NSAVE; i++)
882 qemu_get_be32s(f, s->mac_reg + mac_regtosave[i]);
883 for (i = 0; i < MAC_NARRAYS; i++)
884 for (j = 0; j < mac_regarraystosave[i].size; j++)
885 qemu_get_be32s(f,
886 s->mac_reg + mac_regarraystosave[i].array0 + j);
887 return 0;
890 static const uint16_t e1000_eeprom_template[64] = {
891 0x0000, 0x0000, 0x0000, 0x0000, 0xffff, 0x0000, 0x0000, 0x0000,
892 0x3000, 0x1000, 0x6403, E1000_DEVID, 0x8086, E1000_DEVID, 0x8086, 0x3040,
893 0x0008, 0x2000, 0x7e14, 0x0048, 0x1000, 0x00d8, 0x0000, 0x2700,
894 0x6cc9, 0x3150, 0x0722, 0x040b, 0x0984, 0x0000, 0xc000, 0x0706,
895 0x1008, 0x0000, 0x0f04, 0x7fff, 0x4d01, 0xffff, 0xffff, 0xffff,
896 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
897 0x0100, 0x4000, 0x121c, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
898 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0x0000,
901 static const uint16_t phy_reg_init[] = {
902 [PHY_CTRL] = 0x1140, [PHY_STATUS] = 0x796d, // link initially up
903 [PHY_ID1] = 0x141, [PHY_ID2] = PHY_ID2_INIT,
904 [PHY_1000T_CTRL] = 0x0e00, [M88E1000_PHY_SPEC_CTRL] = 0x360,
905 [M88E1000_EXT_PHY_SPEC_CTRL] = 0x0d60, [PHY_AUTONEG_ADV] = 0xde1,
906 [PHY_LP_ABILITY] = 0x1e0, [PHY_1000T_STATUS] = 0x3c00,
907 [M88E1000_PHY_SPEC_STATUS] = 0xac00,
910 static const uint32_t mac_reg_init[] = {
911 [PBA] = 0x00100030,
912 [LEDCTL] = 0x602,
913 [CTRL] = E1000_CTRL_SWDPIN2 | E1000_CTRL_SWDPIN0 |
914 E1000_CTRL_SPD_1000 | E1000_CTRL_SLU,
915 [STATUS] = 0x80000000 | E1000_STATUS_GIO_MASTER_ENABLE |
916 E1000_STATUS_ASDV | E1000_STATUS_MTXCKOK |
917 E1000_STATUS_SPEED_1000 | E1000_STATUS_FD |
918 E1000_STATUS_LU,
919 [MANC] = E1000_MANC_EN_MNG2HOST | E1000_MANC_RCV_TCO_EN |
920 E1000_MANC_ARP_EN | E1000_MANC_0298_EN |
921 E1000_MANC_RMCP_EN,
924 /* PCI interface */
926 static CPUWriteMemoryFunc *e1000_mmio_write[] = {
927 e1000_mmio_writeb, e1000_mmio_writew, e1000_mmio_writel
930 static CPUReadMemoryFunc *e1000_mmio_read[] = {
931 e1000_mmio_readb, e1000_mmio_readw, e1000_mmio_readl
934 static void
935 e1000_mmio_map(PCIDevice *pci_dev, int region_num,
936 uint32_t addr, uint32_t size, int type)
938 E1000State *d = (E1000State *)pci_dev;
940 DBGOUT(MMIO, "e1000_mmio_map addr=0x%08x 0x%08x\n", addr, size);
942 d->mmio_base = addr;
943 cpu_register_physical_memory(addr, PNPMMIO_SIZE, d->mmio_index);
946 void
947 pci_e1000_init(PCIBus *bus, NICInfo *nd, int devfn)
949 E1000State *d;
950 uint8_t *pci_conf;
951 uint16_t checksum = 0;
952 static const char info_str[] = "e1000";
953 int i;
955 d = (E1000State *)pci_register_device(bus, "e1000",
956 sizeof(E1000State), devfn, NULL, NULL);
958 pci_conf = d->dev.config;
959 memset(pci_conf, 0, 256);
961 *(uint16_t *)(pci_conf+0x00) = cpu_to_le16(0x8086);
962 *(uint16_t *)(pci_conf+0x02) = cpu_to_le16(E1000_DEVID);
963 *(uint16_t *)(pci_conf+0x04) = cpu_to_le16(0x0407);
964 *(uint16_t *)(pci_conf+0x06) = cpu_to_le16(0x0010);
965 pci_conf[0x08] = 0x03;
966 pci_conf[0x0a] = 0x00; // ethernet network controller
967 pci_conf[0x0b] = 0x02;
968 pci_conf[0x0c] = 0x10;
970 pci_conf[0x3d] = 1; // interrupt pin 0
972 d->mmio_index = cpu_register_io_memory(0, e1000_mmio_read,
973 e1000_mmio_write, d);
975 pci_register_io_region((PCIDevice *)d, 0, PNPMMIO_SIZE,
976 PCI_ADDRESS_SPACE_MEM, e1000_mmio_map);
978 pci_register_io_region((PCIDevice *)d, 1, IOPORT_SIZE,
979 PCI_ADDRESS_SPACE_IO, ioport_map);
981 d->nd = nd;
982 memmove(d->eeprom_data, e1000_eeprom_template,
983 sizeof e1000_eeprom_template);
984 for (i = 0; i < 3; i++)
985 d->eeprom_data[i] = (nd->macaddr[2*i+1]<<8) | nd->macaddr[2*i];
986 for (i = 0; i < EEPROM_CHECKSUM_REG; i++)
987 checksum += d->eeprom_data[i];
988 checksum = (uint16_t) EEPROM_SUM - checksum;
989 d->eeprom_data[EEPROM_CHECKSUM_REG] = checksum;
991 memset(d->phy_reg, 0, sizeof d->phy_reg);
992 memmove(d->phy_reg, phy_reg_init, sizeof phy_reg_init);
993 memset(d->mac_reg, 0, sizeof d->mac_reg);
994 memmove(d->mac_reg, mac_reg_init, sizeof mac_reg_init);
995 d->rxbuf_min_shift = 1;
996 memset(&d->tx, 0, sizeof d->tx);
998 d->vc = qemu_new_vlan_client(nd->vlan, e1000_receive,
999 e1000_can_receive, d);
1001 snprintf(d->vc->info_str, sizeof(d->vc->info_str),
1002 "%s macaddr=%02x:%02x:%02x:%02x:%02x:%02x", info_str,
1003 d->nd->macaddr[0], d->nd->macaddr[1], d->nd->macaddr[2],
1004 d->nd->macaddr[3], d->nd->macaddr[4], d->nd->macaddr[5]);
1006 register_savevm(info_str, -1, 2, nic_save, nic_load, d);