4 * Software developer's manual:
5 * http://download.intel.com/design/network/manuals/8254x_GBe_SDM.pdf
7 * Nir Peleg, Tutis Systems Ltd. for Qumranet Inc.
8 * Copyright (c) 2008 Qumranet
9 * Based on work done by:
10 * Copyright (c) 2007 Dan Aloni
11 * Copyright (c) 2004 Antony T Curtis
13 * This library is free software; you can redistribute it and/or
14 * modify it under the terms of the GNU Lesser General Public
15 * License as published by the Free Software Foundation; either
16 * version 2 of the License, or (at your option) any later version.
18 * This library is distributed in the hope that it will be useful,
19 * but WITHOUT ANY WARRANTY; without even the implied warranty of
20 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
21 * Lesser General Public License for more details.
23 * You should have received a copy of the GNU Lesser General Public
24 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
31 #include "net/checksum.h"
40 DEBUG_GENERAL, DEBUG_IO, DEBUG_MMIO, DEBUG_INTERRUPT,
41 DEBUG_RX, DEBUG_TX, DEBUG_MDIC, DEBUG_EEPROM,
42 DEBUG_UNKNOWN, DEBUG_TXSUM, DEBUG_TXERR, DEBUG_RXERR,
43 DEBUG_RXFILTER, DEBUG_NOTYET,
45 #define DBGBIT(x) (1<<DEBUG_##x)
46 static int debugflags = DBGBIT(TXERR) | DBGBIT(GENERAL);
48 #define DBGOUT(what, fmt, ...) do { \
49 if (debugflags & DBGBIT(what)) \
50 fprintf(stderr, "e1000: " fmt, ## __VA_ARGS__); \
53 #define DBGOUT(what, fmt, ...) do {} while (0)
56 #define IOPORT_SIZE 0x40
57 #define PNPMMIO_SIZE 0x20000
58 #define MIN_BUF_SIZE 60 /* Min. octets in an ethernet frame sans FCS */
62 * E1000_DEV_ID_82540EM works with Windows and Linux
63 * E1000_DEV_ID_82573L OK with windoze and Linux 2.6.22,
64 * appears to perform better than 82540EM, but breaks with Linux 2.6.18
65 * E1000_DEV_ID_82544GC_COPPER appears to work; not well tested
68 enum { E1000_DEVID = E1000_DEV_ID_82540EM };
71 * May need to specify additional MAC-to-PHY entries --
72 * Intel's Windows driver refuses to initialize unless they match
75 PHY_ID2_INIT = E1000_DEVID == E1000_DEV_ID_82573L ? 0xcc2 :
76 E1000_DEVID == E1000_DEV_ID_82544GC_COPPER ? 0xc30 :
77 /* default to E1000_DEV_ID_82540EM */ 0xc20
80 typedef struct E1000State_st {
86 uint32_t mac_reg[0x8000];
87 uint16_t phy_reg[0x20];
88 uint16_t eeprom_data[64];
91 uint32_t rxbuf_min_shift;
94 unsigned char header[256];
95 unsigned char vlan_header[4];
96 /* Fields vlan and data must not be reordered or separated. */
97 unsigned char vlan[4];
98 unsigned char data[0x10000];
100 unsigned char sum_needed;
101 unsigned char vlan_needed;
115 char cptse; // current packet tse bit
119 uint32_t val_in; // shifted in from guest driver
127 #define defreg(x) x = (E1000_##x>>2)
129 defreg(CTRL), defreg(EECD), defreg(EERD), defreg(GPRC),
130 defreg(GPTC), defreg(ICR), defreg(ICS), defreg(IMC),
131 defreg(IMS), defreg(LEDCTL), defreg(MANC), defreg(MDIC),
132 defreg(MPC), defreg(PBA), defreg(RCTL), defreg(RDBAH),
133 defreg(RDBAL), defreg(RDH), defreg(RDLEN), defreg(RDT),
134 defreg(STATUS), defreg(SWSM), defreg(TCTL), defreg(TDBAH),
135 defreg(TDBAL), defreg(TDH), defreg(TDLEN), defreg(TDT),
136 defreg(TORH), defreg(TORL), defreg(TOTH), defreg(TOTL),
137 defreg(TPR), defreg(TPT), defreg(TXDCTL), defreg(WUFC),
138 defreg(RA), defreg(MTA), defreg(CRCERRS),defreg(VFTA),
142 enum { PHY_R = 1, PHY_W = 2, PHY_RW = PHY_R | PHY_W };
143 static const char phy_regcap[0x20] = {
144 [PHY_STATUS] = PHY_R, [M88E1000_EXT_PHY_SPEC_CTRL] = PHY_RW,
145 [PHY_ID1] = PHY_R, [M88E1000_PHY_SPEC_CTRL] = PHY_RW,
146 [PHY_CTRL] = PHY_RW, [PHY_1000T_CTRL] = PHY_RW,
147 [PHY_LP_ABILITY] = PHY_R, [PHY_1000T_STATUS] = PHY_R,
148 [PHY_AUTONEG_ADV] = PHY_RW, [M88E1000_RX_ERR_CNTR] = PHY_R,
149 [PHY_ID2] = PHY_R, [M88E1000_PHY_SPEC_STATUS] = PHY_R
153 ioport_map(PCIDevice *pci_dev, int region_num, pcibus_t addr,
154 pcibus_t size, int type)
156 DBGOUT(IO, "e1000_ioport_map addr=0x%04"FMT_PCIBUS
157 " size=0x%08"FMT_PCIBUS"\n", addr, size);
161 set_interrupt_cause(E1000State *s, int index, uint32_t val)
164 val |= E1000_ICR_INT_ASSERTED;
165 s->mac_reg[ICR] = val;
166 s->mac_reg[ICS] = val;
167 qemu_set_irq(s->dev.irq[0], (s->mac_reg[IMS] & s->mac_reg[ICR]) != 0);
171 set_ics(E1000State *s, int index, uint32_t val)
173 DBGOUT(INTERRUPT, "set_ics %x, ICR %x, IMR %x\n", val, s->mac_reg[ICR],
175 set_interrupt_cause(s, 0, val | s->mac_reg[ICR]);
179 rxbufsize(uint32_t v)
181 v &= E1000_RCTL_BSEX | E1000_RCTL_SZ_16384 | E1000_RCTL_SZ_8192 |
182 E1000_RCTL_SZ_4096 | E1000_RCTL_SZ_2048 | E1000_RCTL_SZ_1024 |
183 E1000_RCTL_SZ_512 | E1000_RCTL_SZ_256;
185 case E1000_RCTL_BSEX | E1000_RCTL_SZ_16384:
187 case E1000_RCTL_BSEX | E1000_RCTL_SZ_8192:
189 case E1000_RCTL_BSEX | E1000_RCTL_SZ_4096:
191 case E1000_RCTL_SZ_1024:
193 case E1000_RCTL_SZ_512:
195 case E1000_RCTL_SZ_256:
202 set_ctrl(E1000State *s, int index, uint32_t val)
204 /* RST is self clearing */
205 s->mac_reg[CTRL] = val & ~E1000_CTRL_RST;
209 set_rx_control(E1000State *s, int index, uint32_t val)
211 s->mac_reg[RCTL] = val;
212 s->rxbuf_size = rxbufsize(val);
213 s->rxbuf_min_shift = ((val / E1000_RCTL_RDMTS_QUAT) & 3) + 1;
214 DBGOUT(RX, "RCTL: %d, mac_reg[RCTL] = 0x%x\n", s->mac_reg[RDT],
219 set_mdic(E1000State *s, int index, uint32_t val)
221 uint32_t data = val & E1000_MDIC_DATA_MASK;
222 uint32_t addr = ((val & E1000_MDIC_REG_MASK) >> E1000_MDIC_REG_SHIFT);
224 if ((val & E1000_MDIC_PHY_MASK) >> E1000_MDIC_PHY_SHIFT != 1) // phy #
225 val = s->mac_reg[MDIC] | E1000_MDIC_ERROR;
226 else if (val & E1000_MDIC_OP_READ) {
227 DBGOUT(MDIC, "MDIC read reg 0x%x\n", addr);
228 if (!(phy_regcap[addr] & PHY_R)) {
229 DBGOUT(MDIC, "MDIC read reg %x unhandled\n", addr);
230 val |= E1000_MDIC_ERROR;
232 val = (val ^ data) | s->phy_reg[addr];
233 } else if (val & E1000_MDIC_OP_WRITE) {
234 DBGOUT(MDIC, "MDIC write reg 0x%x, value 0x%x\n", addr, data);
235 if (!(phy_regcap[addr] & PHY_W)) {
236 DBGOUT(MDIC, "MDIC write reg %x unhandled\n", addr);
237 val |= E1000_MDIC_ERROR;
239 s->phy_reg[addr] = data;
241 s->mac_reg[MDIC] = val | E1000_MDIC_READY;
242 set_ics(s, 0, E1000_ICR_MDAC);
246 get_eecd(E1000State *s, int index)
248 uint32_t ret = E1000_EECD_PRES|E1000_EECD_GNT | s->eecd_state.old_eecd;
250 DBGOUT(EEPROM, "reading eeprom bit %d (reading %d)\n",
251 s->eecd_state.bitnum_out, s->eecd_state.reading);
252 if (!s->eecd_state.reading ||
253 ((s->eeprom_data[(s->eecd_state.bitnum_out >> 4) & 0x3f] >>
254 ((s->eecd_state.bitnum_out & 0xf) ^ 0xf))) & 1)
255 ret |= E1000_EECD_DO;
260 set_eecd(E1000State *s, int index, uint32_t val)
262 uint32_t oldval = s->eecd_state.old_eecd;
264 s->eecd_state.old_eecd = val & (E1000_EECD_SK | E1000_EECD_CS |
265 E1000_EECD_DI|E1000_EECD_FWE_MASK|E1000_EECD_REQ);
266 if (!(E1000_EECD_CS & val)) // CS inactive; nothing to do
268 if (E1000_EECD_CS & (val ^ oldval)) { // CS rise edge; reset state
269 s->eecd_state.val_in = 0;
270 s->eecd_state.bitnum_in = 0;
271 s->eecd_state.bitnum_out = 0;
272 s->eecd_state.reading = 0;
274 if (!(E1000_EECD_SK & (val ^ oldval))) // no clock edge
276 if (!(E1000_EECD_SK & val)) { // falling edge
277 s->eecd_state.bitnum_out++;
280 s->eecd_state.val_in <<= 1;
281 if (val & E1000_EECD_DI)
282 s->eecd_state.val_in |= 1;
283 if (++s->eecd_state.bitnum_in == 9 && !s->eecd_state.reading) {
284 s->eecd_state.bitnum_out = ((s->eecd_state.val_in & 0x3f)<<4)-1;
285 s->eecd_state.reading = (((s->eecd_state.val_in >> 6) & 7) ==
286 EEPROM_READ_OPCODE_MICROWIRE);
288 DBGOUT(EEPROM, "eeprom bitnum in %d out %d, reading %d\n",
289 s->eecd_state.bitnum_in, s->eecd_state.bitnum_out,
290 s->eecd_state.reading);
294 flash_eerd_read(E1000State *s, int x)
296 unsigned int index, r = s->mac_reg[EERD] & ~E1000_EEPROM_RW_REG_START;
298 if ((s->mac_reg[EERD] & E1000_EEPROM_RW_REG_START) == 0)
299 return (s->mac_reg[EERD]);
301 if ((index = r >> E1000_EEPROM_RW_ADDR_SHIFT) > EEPROM_CHECKSUM_REG)
302 return (E1000_EEPROM_RW_REG_DONE | r);
304 return ((s->eeprom_data[index] << E1000_EEPROM_RW_REG_DATA) |
305 E1000_EEPROM_RW_REG_DONE | r);
309 putsum(uint8_t *data, uint32_t n, uint32_t sloc, uint32_t css, uint32_t cse)
316 sum = net_checksum_add(n-css, data+css);
317 cpu_to_be16wu((uint16_t *)(data + sloc),
318 net_checksum_finish(sum));
323 vlan_enabled(E1000State *s)
325 return ((s->mac_reg[CTRL] & E1000_CTRL_VME) != 0);
329 vlan_rx_filter_enabled(E1000State *s)
331 return ((s->mac_reg[RCTL] & E1000_RCTL_VFE) != 0);
335 is_vlan_packet(E1000State *s, const uint8_t *buf)
337 return (be16_to_cpup((uint16_t *)(buf + 12)) ==
338 le16_to_cpup((uint16_t *)(s->mac_reg + VET)));
342 is_vlan_txd(uint32_t txd_lower)
344 return ((txd_lower & E1000_TXD_CMD_VLE) != 0);
347 /* FCS aka Ethernet CRC-32. We don't get it from backends and can't
348 * fill it in, just pad descriptor length by 4 bytes unless guest
349 * told us to strip it off the packet. */
351 fcs_len(E1000State *s)
353 return (s->mac_reg[RCTL] & E1000_RCTL_SECRC) ? 0 : 4;
357 xmit_seg(E1000State *s)
360 unsigned int frames = s->tx.tso_frames, css, sofar, n;
361 struct e1000_tx *tp = &s->tx;
363 if (tp->tse && tp->cptse) {
365 DBGOUT(TXSUM, "frames %d size %d ipcss %d\n",
366 frames, tp->size, css);
367 if (tp->ip) { // IPv4
368 cpu_to_be16wu((uint16_t *)(tp->data+css+2),
370 cpu_to_be16wu((uint16_t *)(tp->data+css+4),
371 be16_to_cpup((uint16_t *)(tp->data+css+4))+frames);
373 cpu_to_be16wu((uint16_t *)(tp->data+css+4),
376 len = tp->size - css;
377 DBGOUT(TXSUM, "tcp %d tucss %d len %d\n", tp->tcp, css, len);
379 sofar = frames * tp->mss;
380 cpu_to_be32wu((uint32_t *)(tp->data+css+4), // seq
381 be32_to_cpupu((uint32_t *)(tp->data+css+4))+sofar);
382 if (tp->paylen - sofar > tp->mss)
383 tp->data[css + 13] &= ~9; // PSH, FIN
385 cpu_to_be16wu((uint16_t *)(tp->data+css+4), len);
386 if (tp->sum_needed & E1000_TXD_POPTS_TXSM) {
388 // add pseudo-header length before checksum calculation
389 sp = (uint16_t *)(tp->data + tp->tucso);
390 phsum = be16_to_cpup(sp) + len;
391 phsum = (phsum >> 16) + (phsum & 0xffff);
392 cpu_to_be16wu(sp, phsum);
397 if (tp->sum_needed & E1000_TXD_POPTS_TXSM)
398 putsum(tp->data, tp->size, tp->tucso, tp->tucss, tp->tucse);
399 if (tp->sum_needed & E1000_TXD_POPTS_IXSM)
400 putsum(tp->data, tp->size, tp->ipcso, tp->ipcss, tp->ipcse);
401 if (tp->vlan_needed) {
402 memmove(tp->vlan, tp->data, 4);
403 memmove(tp->data, tp->data + 4, 8);
404 memcpy(tp->data + 8, tp->vlan_header, 4);
405 qemu_send_packet(&s->nic->nc, tp->vlan, tp->size + 4);
407 qemu_send_packet(&s->nic->nc, tp->data, tp->size);
410 n = s->mac_reg[TOTL];
411 if ((s->mac_reg[TOTL] += s->tx.size) < n)
416 process_tx_desc(E1000State *s, struct e1000_tx_desc *dp)
418 uint32_t txd_lower = le32_to_cpu(dp->lower.data);
419 uint32_t dtype = txd_lower & (E1000_TXD_CMD_DEXT | E1000_TXD_DTYP_D);
420 unsigned int split_size = txd_lower & 0xffff, bytes, sz, op;
421 unsigned int msh = 0xfffff, hdr = 0;
423 struct e1000_context_desc *xp = (struct e1000_context_desc *)dp;
424 struct e1000_tx *tp = &s->tx;
426 if (dtype == E1000_TXD_CMD_DEXT) { // context descriptor
427 op = le32_to_cpu(xp->cmd_and_length);
428 tp->ipcss = xp->lower_setup.ip_fields.ipcss;
429 tp->ipcso = xp->lower_setup.ip_fields.ipcso;
430 tp->ipcse = le16_to_cpu(xp->lower_setup.ip_fields.ipcse);
431 tp->tucss = xp->upper_setup.tcp_fields.tucss;
432 tp->tucso = xp->upper_setup.tcp_fields.tucso;
433 tp->tucse = le16_to_cpu(xp->upper_setup.tcp_fields.tucse);
434 tp->paylen = op & 0xfffff;
435 tp->hdr_len = xp->tcp_seg_setup.fields.hdr_len;
436 tp->mss = le16_to_cpu(xp->tcp_seg_setup.fields.mss);
437 tp->ip = (op & E1000_TXD_CMD_IP) ? 1 : 0;
438 tp->tcp = (op & E1000_TXD_CMD_TCP) ? 1 : 0;
439 tp->tse = (op & E1000_TXD_CMD_TSE) ? 1 : 0;
441 if (tp->tucso == 0) { // this is probably wrong
442 DBGOUT(TXSUM, "TCP/UDP: cso 0!\n");
443 tp->tucso = tp->tucss + (tp->tcp ? 16 : 6);
446 } else if (dtype == (E1000_TXD_CMD_DEXT | E1000_TXD_DTYP_D)) {
448 tp->sum_needed = le32_to_cpu(dp->upper.data) >> 8;
449 tp->cptse = ( txd_lower & E1000_TXD_CMD_TSE ) ? 1 : 0;
455 if (vlan_enabled(s) && is_vlan_txd(txd_lower) &&
456 (tp->cptse || txd_lower & E1000_TXD_CMD_EOP)) {
458 cpu_to_be16wu((uint16_t *)(tp->vlan_header),
459 le16_to_cpup((uint16_t *)(s->mac_reg + VET)));
460 cpu_to_be16wu((uint16_t *)(tp->vlan_header + 2),
461 le16_to_cpu(dp->upper.fields.special));
464 addr = le64_to_cpu(dp->buffer_addr);
465 if (tp->tse && tp->cptse) {
470 if (tp->size + bytes > msh)
471 bytes = msh - tp->size;
472 cpu_physical_memory_read(addr, tp->data + tp->size, bytes);
473 if ((sz = tp->size + bytes) >= hdr && tp->size < hdr)
474 memmove(tp->header, tp->data, hdr);
479 memmove(tp->data, tp->header, hdr);
482 } while (split_size -= bytes);
483 } else if (!tp->tse && tp->cptse) {
484 // context descriptor TSE is not set, while data descriptor TSE is set
485 DBGOUT(TXERR, "TCP segmentaion Error\n");
487 cpu_physical_memory_read(addr, tp->data + tp->size, split_size);
488 tp->size += split_size;
491 if (!(txd_lower & E1000_TXD_CMD_EOP))
493 if (!(tp->tse && tp->cptse && tp->size < hdr))
503 txdesc_writeback(target_phys_addr_t base, struct e1000_tx_desc *dp)
505 uint32_t txd_upper, txd_lower = le32_to_cpu(dp->lower.data);
507 if (!(txd_lower & (E1000_TXD_CMD_RS|E1000_TXD_CMD_RPS)))
509 txd_upper = (le32_to_cpu(dp->upper.data) | E1000_TXD_STAT_DD) &
510 ~(E1000_TXD_STAT_EC | E1000_TXD_STAT_LC | E1000_TXD_STAT_TU);
511 dp->upper.data = cpu_to_le32(txd_upper);
512 cpu_physical_memory_write(base + ((char *)&dp->upper - (char *)dp),
513 (void *)&dp->upper, sizeof(dp->upper));
514 return E1000_ICR_TXDW;
518 start_xmit(E1000State *s)
520 target_phys_addr_t base;
521 struct e1000_tx_desc desc;
522 uint32_t tdh_start = s->mac_reg[TDH], cause = E1000_ICS_TXQE;
524 if (!(s->mac_reg[TCTL] & E1000_TCTL_EN)) {
525 DBGOUT(TX, "tx disabled\n");
529 while (s->mac_reg[TDH] != s->mac_reg[TDT]) {
530 base = ((uint64_t)s->mac_reg[TDBAH] << 32) + s->mac_reg[TDBAL] +
531 sizeof(struct e1000_tx_desc) * s->mac_reg[TDH];
532 cpu_physical_memory_read(base, (void *)&desc, sizeof(desc));
534 DBGOUT(TX, "index %d: %p : %x %x\n", s->mac_reg[TDH],
535 (void *)(intptr_t)desc.buffer_addr, desc.lower.data,
538 process_tx_desc(s, &desc);
539 cause |= txdesc_writeback(base, &desc);
541 if (++s->mac_reg[TDH] * sizeof(desc) >= s->mac_reg[TDLEN])
544 * the following could happen only if guest sw assigns
545 * bogus values to TDT/TDLEN.
546 * there's nothing too intelligent we could do about this.
548 if (s->mac_reg[TDH] == tdh_start) {
549 DBGOUT(TXERR, "TDH wraparound @%x, TDT %x, TDLEN %x\n",
550 tdh_start, s->mac_reg[TDT], s->mac_reg[TDLEN]);
554 set_ics(s, 0, cause);
558 receive_filter(E1000State *s, const uint8_t *buf, int size)
560 static const uint8_t bcast[] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
561 static const int mta_shift[] = {4, 3, 2, 0};
562 uint32_t f, rctl = s->mac_reg[RCTL], ra[2], *rp;
564 if (is_vlan_packet(s, buf) && vlan_rx_filter_enabled(s)) {
565 uint16_t vid = be16_to_cpup((uint16_t *)(buf + 14));
566 uint32_t vfta = le32_to_cpup((uint32_t *)(s->mac_reg + VFTA) +
567 ((vid >> 5) & 0x7f));
568 if ((vfta & (1 << (vid & 0x1f))) == 0)
572 if (rctl & E1000_RCTL_UPE) // promiscuous
575 if ((buf[0] & 1) && (rctl & E1000_RCTL_MPE)) // promiscuous mcast
578 if ((rctl & E1000_RCTL_BAM) && !memcmp(buf, bcast, sizeof bcast))
581 for (rp = s->mac_reg + RA; rp < s->mac_reg + RA + 32; rp += 2) {
582 if (!(rp[1] & E1000_RAH_AV))
584 ra[0] = cpu_to_le32(rp[0]);
585 ra[1] = cpu_to_le32(rp[1]);
586 if (!memcmp(buf, (uint8_t *)ra, 6)) {
588 "unicast match[%d]: %02x:%02x:%02x:%02x:%02x:%02x\n",
589 (int)(rp - s->mac_reg - RA)/2,
590 buf[0], buf[1], buf[2], buf[3], buf[4], buf[5]);
594 DBGOUT(RXFILTER, "unicast mismatch: %02x:%02x:%02x:%02x:%02x:%02x\n",
595 buf[0], buf[1], buf[2], buf[3], buf[4], buf[5]);
597 f = mta_shift[(rctl >> E1000_RCTL_MO_SHIFT) & 3];
598 f = (((buf[5] << 8) | buf[4]) >> f) & 0xfff;
599 if (s->mac_reg[MTA + (f >> 5)] & (1 << (f & 0x1f)))
602 "dropping, inexact filter mismatch: %02x:%02x:%02x:%02x:%02x:%02x MO %d MTA[%d] %x\n",
603 buf[0], buf[1], buf[2], buf[3], buf[4], buf[5],
604 (rctl >> E1000_RCTL_MO_SHIFT) & 3, f >> 5,
605 s->mac_reg[MTA + (f >> 5)]);
611 e1000_set_link_status(VLANClientState *nc)
613 E1000State *s = DO_UPCAST(NICState, nc, nc)->opaque;
614 uint32_t old_status = s->mac_reg[STATUS];
617 s->mac_reg[STATUS] &= ~E1000_STATUS_LU;
619 s->mac_reg[STATUS] |= E1000_STATUS_LU;
621 if (s->mac_reg[STATUS] != old_status)
622 set_ics(s, 0, E1000_ICR_LSC);
626 e1000_can_receive(VLANClientState *nc)
628 E1000State *s = DO_UPCAST(NICState, nc, nc)->opaque;
630 return (s->mac_reg[RCTL] & E1000_RCTL_EN);
634 e1000_receive(VLANClientState *nc, const uint8_t *buf, size_t size)
636 E1000State *s = DO_UPCAST(NICState, nc, nc)->opaque;
637 struct e1000_rx_desc desc;
638 target_phys_addr_t base;
641 uint16_t vlan_special = 0;
642 uint8_t vlan_status = 0, vlan_offset = 0;
643 uint8_t min_buf[MIN_BUF_SIZE];
645 if (!(s->mac_reg[RCTL] & E1000_RCTL_EN))
648 /* Pad to minimum Ethernet frame length */
649 if (size < sizeof(min_buf)) {
650 memcpy(min_buf, buf, size);
651 memset(&min_buf[size], 0, sizeof(min_buf) - size);
653 size = sizeof(min_buf);
656 if (size > s->rxbuf_size) {
657 DBGOUT(RX, "packet too large for buffers (%lu > %d)\n",
658 (unsigned long)size, s->rxbuf_size);
662 if (!receive_filter(s, buf, size))
665 if (vlan_enabled(s) && is_vlan_packet(s, buf)) {
666 vlan_special = cpu_to_le16(be16_to_cpup((uint16_t *)(buf + 14)));
667 memmove((uint8_t *)buf + 4, buf, 12);
668 vlan_status = E1000_RXD_STAT_VP;
673 rdh_start = s->mac_reg[RDH];
675 if (s->mac_reg[RDH] == s->mac_reg[RDT] && s->check_rxov) {
676 set_ics(s, 0, E1000_ICS_RXO);
679 base = ((uint64_t)s->mac_reg[RDBAH] << 32) + s->mac_reg[RDBAL] +
680 sizeof(desc) * s->mac_reg[RDH];
681 cpu_physical_memory_read(base, (void *)&desc, sizeof(desc));
682 desc.special = vlan_special;
683 desc.status |= (vlan_status | E1000_RXD_STAT_DD);
684 if (desc.buffer_addr) {
685 cpu_physical_memory_write(le64_to_cpu(desc.buffer_addr),
686 (void *)(buf + vlan_offset), size);
687 desc.length = cpu_to_le16(size + fcs_len(s));
688 desc.status |= E1000_RXD_STAT_EOP|E1000_RXD_STAT_IXSM;
689 } else { // as per intel docs; skip descriptors with null buf addr
690 DBGOUT(RX, "Null RX descriptor!!\n");
692 cpu_physical_memory_write(base, (void *)&desc, sizeof(desc));
694 if (++s->mac_reg[RDH] * sizeof(desc) >= s->mac_reg[RDLEN])
697 /* see comment in start_xmit; same here */
698 if (s->mac_reg[RDH] == rdh_start) {
699 DBGOUT(RXERR, "RDH wraparound @%x, RDT %x, RDLEN %x\n",
700 rdh_start, s->mac_reg[RDT], s->mac_reg[RDLEN]);
701 set_ics(s, 0, E1000_ICS_RXO);
704 } while (desc.buffer_addr == 0);
708 /* TOR - Total Octets Received:
709 * This register includes bytes received in a packet from the <Destination
710 * Address> field through the <CRC> field, inclusively.
712 n = s->mac_reg[TORL] + size + /* Always include FCS length. */ 4;
713 if (n < s->mac_reg[TORL])
715 s->mac_reg[TORL] = n;
718 if ((rdt = s->mac_reg[RDT]) < s->mac_reg[RDH])
719 rdt += s->mac_reg[RDLEN] / sizeof(desc);
720 if (((rdt - s->mac_reg[RDH]) * sizeof(desc)) <= s->mac_reg[RDLEN] >>
722 n |= E1000_ICS_RXDMT0;
730 mac_readreg(E1000State *s, int index)
732 return s->mac_reg[index];
736 mac_icr_read(E1000State *s, int index)
738 uint32_t ret = s->mac_reg[ICR];
740 DBGOUT(INTERRUPT, "ICR read: %x\n", ret);
741 set_interrupt_cause(s, 0, 0);
746 mac_read_clr4(E1000State *s, int index)
748 uint32_t ret = s->mac_reg[index];
750 s->mac_reg[index] = 0;
755 mac_read_clr8(E1000State *s, int index)
757 uint32_t ret = s->mac_reg[index];
759 s->mac_reg[index] = 0;
760 s->mac_reg[index-1] = 0;
765 mac_writereg(E1000State *s, int index, uint32_t val)
767 s->mac_reg[index] = val;
771 set_rdt(E1000State *s, int index, uint32_t val)
774 s->mac_reg[index] = val & 0xffff;
778 set_16bit(E1000State *s, int index, uint32_t val)
780 s->mac_reg[index] = val & 0xffff;
784 set_dlen(E1000State *s, int index, uint32_t val)
786 s->mac_reg[index] = val & 0xfff80;
790 set_tctl(E1000State *s, int index, uint32_t val)
792 s->mac_reg[index] = val;
793 s->mac_reg[TDT] &= 0xffff;
798 set_icr(E1000State *s, int index, uint32_t val)
800 DBGOUT(INTERRUPT, "set_icr %x\n", val);
801 set_interrupt_cause(s, 0, s->mac_reg[ICR] & ~val);
805 set_imc(E1000State *s, int index, uint32_t val)
807 s->mac_reg[IMS] &= ~val;
812 set_ims(E1000State *s, int index, uint32_t val)
814 s->mac_reg[IMS] |= val;
818 #define getreg(x) [x] = mac_readreg
819 static uint32_t (*macreg_readops[])(E1000State *, int) = {
820 getreg(PBA), getreg(RCTL), getreg(TDH), getreg(TXDCTL),
821 getreg(WUFC), getreg(TDT), getreg(CTRL), getreg(LEDCTL),
822 getreg(MANC), getreg(MDIC), getreg(SWSM), getreg(STATUS),
823 getreg(TORL), getreg(TOTL), getreg(IMS), getreg(TCTL),
824 getreg(RDH), getreg(RDT), getreg(VET), getreg(ICS),
825 getreg(TDBAL), getreg(TDBAH), getreg(RDBAH), getreg(RDBAL),
826 getreg(TDLEN), getreg(RDLEN),
828 [TOTH] = mac_read_clr8, [TORH] = mac_read_clr8, [GPRC] = mac_read_clr4,
829 [GPTC] = mac_read_clr4, [TPR] = mac_read_clr4, [TPT] = mac_read_clr4,
830 [ICR] = mac_icr_read, [EECD] = get_eecd, [EERD] = flash_eerd_read,
831 [CRCERRS ... MPC] = &mac_readreg,
832 [RA ... RA+31] = &mac_readreg,
833 [MTA ... MTA+127] = &mac_readreg,
834 [VFTA ... VFTA+127] = &mac_readreg,
836 enum { NREADOPS = ARRAY_SIZE(macreg_readops) };
838 #define putreg(x) [x] = mac_writereg
839 static void (*macreg_writeops[])(E1000State *, int, uint32_t) = {
840 putreg(PBA), putreg(EERD), putreg(SWSM), putreg(WUFC),
841 putreg(TDBAL), putreg(TDBAH), putreg(TXDCTL), putreg(RDBAH),
842 putreg(RDBAL), putreg(LEDCTL), putreg(VET),
843 [TDLEN] = set_dlen, [RDLEN] = set_dlen, [TCTL] = set_tctl,
844 [TDT] = set_tctl, [MDIC] = set_mdic, [ICS] = set_ics,
845 [TDH] = set_16bit, [RDH] = set_16bit, [RDT] = set_rdt,
846 [IMC] = set_imc, [IMS] = set_ims, [ICR] = set_icr,
847 [EECD] = set_eecd, [RCTL] = set_rx_control, [CTRL] = set_ctrl,
848 [RA ... RA+31] = &mac_writereg,
849 [MTA ... MTA+127] = &mac_writereg,
850 [VFTA ... VFTA+127] = &mac_writereg,
852 enum { NWRITEOPS = ARRAY_SIZE(macreg_writeops) };
855 e1000_mmio_writel(void *opaque, target_phys_addr_t addr, uint32_t val)
857 E1000State *s = opaque;
858 unsigned int index = (addr & 0x1ffff) >> 2;
860 #ifdef TARGET_WORDS_BIGENDIAN
863 if (index < NWRITEOPS && macreg_writeops[index]) {
864 macreg_writeops[index](s, index, val);
865 } else if (index < NREADOPS && macreg_readops[index]) {
866 DBGOUT(MMIO, "e1000_mmio_writel RO %x: 0x%04x\n", index<<2, val);
868 DBGOUT(UNKNOWN, "MMIO unknown write addr=0x%08x,val=0x%08x\n",
874 e1000_mmio_writew(void *opaque, target_phys_addr_t addr, uint32_t val)
876 // emulate hw without byte enables: no RMW
877 e1000_mmio_writel(opaque, addr & ~3,
878 (val & 0xffff) << (8*(addr & 3)));
882 e1000_mmio_writeb(void *opaque, target_phys_addr_t addr, uint32_t val)
884 // emulate hw without byte enables: no RMW
885 e1000_mmio_writel(opaque, addr & ~3,
886 (val & 0xff) << (8*(addr & 3)));
890 e1000_mmio_readl(void *opaque, target_phys_addr_t addr)
892 E1000State *s = opaque;
893 unsigned int index = (addr & 0x1ffff) >> 2;
895 if (index < NREADOPS && macreg_readops[index])
897 uint32_t val = macreg_readops[index](s, index);
898 #ifdef TARGET_WORDS_BIGENDIAN
903 DBGOUT(UNKNOWN, "MMIO unknown read addr=0x%08x\n", index<<2);
908 e1000_mmio_readb(void *opaque, target_phys_addr_t addr)
910 return ((e1000_mmio_readl(opaque, addr & ~3)) >>
911 (8 * (addr & 3))) & 0xff;
915 e1000_mmio_readw(void *opaque, target_phys_addr_t addr)
917 return ((e1000_mmio_readl(opaque, addr & ~3)) >>
918 (8 * (addr & 3))) & 0xffff;
921 static bool is_version_1(void *opaque, int version_id)
923 return version_id == 1;
926 static const VMStateDescription vmstate_e1000 = {
929 .minimum_version_id = 1,
930 .minimum_version_id_old = 1,
931 .fields = (VMStateField []) {
932 VMSTATE_PCI_DEVICE(dev, E1000State),
933 VMSTATE_UNUSED_TEST(is_version_1, 4), /* was instance id */
934 VMSTATE_UNUSED(4), /* Was mmio_base. */
935 VMSTATE_UINT32(rxbuf_size, E1000State),
936 VMSTATE_UINT32(rxbuf_min_shift, E1000State),
937 VMSTATE_UINT32(eecd_state.val_in, E1000State),
938 VMSTATE_UINT16(eecd_state.bitnum_in, E1000State),
939 VMSTATE_UINT16(eecd_state.bitnum_out, E1000State),
940 VMSTATE_UINT16(eecd_state.reading, E1000State),
941 VMSTATE_UINT32(eecd_state.old_eecd, E1000State),
942 VMSTATE_UINT8(tx.ipcss, E1000State),
943 VMSTATE_UINT8(tx.ipcso, E1000State),
944 VMSTATE_UINT16(tx.ipcse, E1000State),
945 VMSTATE_UINT8(tx.tucss, E1000State),
946 VMSTATE_UINT8(tx.tucso, E1000State),
947 VMSTATE_UINT16(tx.tucse, E1000State),
948 VMSTATE_UINT32(tx.paylen, E1000State),
949 VMSTATE_UINT8(tx.hdr_len, E1000State),
950 VMSTATE_UINT16(tx.mss, E1000State),
951 VMSTATE_UINT16(tx.size, E1000State),
952 VMSTATE_UINT16(tx.tso_frames, E1000State),
953 VMSTATE_UINT8(tx.sum_needed, E1000State),
954 VMSTATE_INT8(tx.ip, E1000State),
955 VMSTATE_INT8(tx.tcp, E1000State),
956 VMSTATE_BUFFER(tx.header, E1000State),
957 VMSTATE_BUFFER(tx.data, E1000State),
958 VMSTATE_UINT16_ARRAY(eeprom_data, E1000State, 64),
959 VMSTATE_UINT16_ARRAY(phy_reg, E1000State, 0x20),
960 VMSTATE_UINT32(mac_reg[CTRL], E1000State),
961 VMSTATE_UINT32(mac_reg[EECD], E1000State),
962 VMSTATE_UINT32(mac_reg[EERD], E1000State),
963 VMSTATE_UINT32(mac_reg[GPRC], E1000State),
964 VMSTATE_UINT32(mac_reg[GPTC], E1000State),
965 VMSTATE_UINT32(mac_reg[ICR], E1000State),
966 VMSTATE_UINT32(mac_reg[ICS], E1000State),
967 VMSTATE_UINT32(mac_reg[IMC], E1000State),
968 VMSTATE_UINT32(mac_reg[IMS], E1000State),
969 VMSTATE_UINT32(mac_reg[LEDCTL], E1000State),
970 VMSTATE_UINT32(mac_reg[MANC], E1000State),
971 VMSTATE_UINT32(mac_reg[MDIC], E1000State),
972 VMSTATE_UINT32(mac_reg[MPC], E1000State),
973 VMSTATE_UINT32(mac_reg[PBA], E1000State),
974 VMSTATE_UINT32(mac_reg[RCTL], E1000State),
975 VMSTATE_UINT32(mac_reg[RDBAH], E1000State),
976 VMSTATE_UINT32(mac_reg[RDBAL], E1000State),
977 VMSTATE_UINT32(mac_reg[RDH], E1000State),
978 VMSTATE_UINT32(mac_reg[RDLEN], E1000State),
979 VMSTATE_UINT32(mac_reg[RDT], E1000State),
980 VMSTATE_UINT32(mac_reg[STATUS], E1000State),
981 VMSTATE_UINT32(mac_reg[SWSM], E1000State),
982 VMSTATE_UINT32(mac_reg[TCTL], E1000State),
983 VMSTATE_UINT32(mac_reg[TDBAH], E1000State),
984 VMSTATE_UINT32(mac_reg[TDBAL], E1000State),
985 VMSTATE_UINT32(mac_reg[TDH], E1000State),
986 VMSTATE_UINT32(mac_reg[TDLEN], E1000State),
987 VMSTATE_UINT32(mac_reg[TDT], E1000State),
988 VMSTATE_UINT32(mac_reg[TORH], E1000State),
989 VMSTATE_UINT32(mac_reg[TORL], E1000State),
990 VMSTATE_UINT32(mac_reg[TOTH], E1000State),
991 VMSTATE_UINT32(mac_reg[TOTL], E1000State),
992 VMSTATE_UINT32(mac_reg[TPR], E1000State),
993 VMSTATE_UINT32(mac_reg[TPT], E1000State),
994 VMSTATE_UINT32(mac_reg[TXDCTL], E1000State),
995 VMSTATE_UINT32(mac_reg[WUFC], E1000State),
996 VMSTATE_UINT32(mac_reg[VET], E1000State),
997 VMSTATE_UINT32_SUB_ARRAY(mac_reg, E1000State, RA, 32),
998 VMSTATE_UINT32_SUB_ARRAY(mac_reg, E1000State, MTA, 128),
999 VMSTATE_UINT32_SUB_ARRAY(mac_reg, E1000State, VFTA, 128),
1000 VMSTATE_END_OF_LIST()
1004 static const uint16_t e1000_eeprom_template[64] = {
1005 0x0000, 0x0000, 0x0000, 0x0000, 0xffff, 0x0000, 0x0000, 0x0000,
1006 0x3000, 0x1000, 0x6403, E1000_DEVID, 0x8086, E1000_DEVID, 0x8086, 0x3040,
1007 0x0008, 0x2000, 0x7e14, 0x0048, 0x1000, 0x00d8, 0x0000, 0x2700,
1008 0x6cc9, 0x3150, 0x0722, 0x040b, 0x0984, 0x0000, 0xc000, 0x0706,
1009 0x1008, 0x0000, 0x0f04, 0x7fff, 0x4d01, 0xffff, 0xffff, 0xffff,
1010 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
1011 0x0100, 0x4000, 0x121c, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
1012 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0x0000,
1015 static const uint16_t phy_reg_init[] = {
1016 [PHY_CTRL] = 0x1140, [PHY_STATUS] = 0x796d, // link initially up
1017 [PHY_ID1] = 0x141, [PHY_ID2] = PHY_ID2_INIT,
1018 [PHY_1000T_CTRL] = 0x0e00, [M88E1000_PHY_SPEC_CTRL] = 0x360,
1019 [M88E1000_EXT_PHY_SPEC_CTRL] = 0x0d60, [PHY_AUTONEG_ADV] = 0xde1,
1020 [PHY_LP_ABILITY] = 0x1e0, [PHY_1000T_STATUS] = 0x3c00,
1021 [M88E1000_PHY_SPEC_STATUS] = 0xac00,
1024 static const uint32_t mac_reg_init[] = {
1027 [CTRL] = E1000_CTRL_SWDPIN2 | E1000_CTRL_SWDPIN0 |
1028 E1000_CTRL_SPD_1000 | E1000_CTRL_SLU,
1029 [STATUS] = 0x80000000 | E1000_STATUS_GIO_MASTER_ENABLE |
1030 E1000_STATUS_ASDV | E1000_STATUS_MTXCKOK |
1031 E1000_STATUS_SPEED_1000 | E1000_STATUS_FD |
1033 [MANC] = E1000_MANC_EN_MNG2HOST | E1000_MANC_RCV_TCO_EN |
1034 E1000_MANC_ARP_EN | E1000_MANC_0298_EN |
1040 static CPUWriteMemoryFunc * const e1000_mmio_write[] = {
1041 e1000_mmio_writeb, e1000_mmio_writew, e1000_mmio_writel
1044 static CPUReadMemoryFunc * const e1000_mmio_read[] = {
1045 e1000_mmio_readb, e1000_mmio_readw, e1000_mmio_readl
1049 e1000_mmio_map(PCIDevice *pci_dev, int region_num,
1050 pcibus_t addr, pcibus_t size, int type)
1052 E1000State *d = DO_UPCAST(E1000State, dev, pci_dev);
1054 const uint32_t excluded_regs[] = {
1055 E1000_MDIC, E1000_ICR, E1000_ICS, E1000_IMS,
1056 E1000_IMC, E1000_TCTL, E1000_TDT, PNPMMIO_SIZE
1060 DBGOUT(MMIO, "e1000_mmio_map addr=0x%08"FMT_PCIBUS" 0x%08"FMT_PCIBUS"\n",
1063 cpu_register_physical_memory(addr, PNPMMIO_SIZE, d->mmio_index);
1064 qemu_register_coalesced_mmio(addr, excluded_regs[0]);
1066 for (i = 0; excluded_regs[i] != PNPMMIO_SIZE; i++)
1067 qemu_register_coalesced_mmio(addr + excluded_regs[i] + 4,
1068 excluded_regs[i + 1] -
1069 excluded_regs[i] - 4);
1073 e1000_cleanup(VLANClientState *nc)
1075 E1000State *s = DO_UPCAST(NICState, nc, nc)->opaque;
1081 pci_e1000_uninit(PCIDevice *dev)
1083 E1000State *d = DO_UPCAST(E1000State, dev, dev);
1085 cpu_unregister_io_memory(d->mmio_index);
1086 qemu_del_vlan_client(&d->nic->nc);
1090 static void e1000_reset(void *opaque)
1092 E1000State *d = opaque;
1094 memset(d->phy_reg, 0, sizeof d->phy_reg);
1095 memmove(d->phy_reg, phy_reg_init, sizeof phy_reg_init);
1096 memset(d->mac_reg, 0, sizeof d->mac_reg);
1097 memmove(d->mac_reg, mac_reg_init, sizeof mac_reg_init);
1098 d->rxbuf_min_shift = 1;
1099 memset(&d->tx, 0, sizeof d->tx);
1102 static NetClientInfo net_e1000_info = {
1103 .type = NET_CLIENT_TYPE_NIC,
1104 .size = sizeof(NICState),
1105 .can_receive = e1000_can_receive,
1106 .receive = e1000_receive,
1107 .cleanup = e1000_cleanup,
1108 .link_status_changed = e1000_set_link_status,
1111 static int pci_e1000_init(PCIDevice *pci_dev)
1113 E1000State *d = DO_UPCAST(E1000State, dev, pci_dev);
1115 uint16_t checksum = 0;
1119 pci_conf = d->dev.config;
1121 pci_config_set_vendor_id(pci_conf, PCI_VENDOR_ID_INTEL);
1122 pci_config_set_device_id(pci_conf, E1000_DEVID);
1123 /* TODO: we have no capabilities, so why is this bit set? */
1124 pci_set_word(pci_conf + PCI_STATUS, PCI_STATUS_CAP_LIST);
1125 pci_conf[PCI_REVISION_ID] = 0x03;
1126 pci_config_set_class(pci_conf, PCI_CLASS_NETWORK_ETHERNET);
1127 /* TODO: RST# value should be 0, PCI spec 6.2.4 */
1128 pci_conf[PCI_CACHE_LINE_SIZE] = 0x10;
1130 /* TODO: RST# value should be 0 if programmable, PCI spec 6.2.4 */
1131 pci_conf[PCI_INTERRUPT_PIN] = 1; // interrupt pin 0
1133 d->mmio_index = cpu_register_io_memory(e1000_mmio_read,
1134 e1000_mmio_write, d, DEVICE_NATIVE_ENDIAN);
1136 pci_register_bar(&d->dev, 0, PNPMMIO_SIZE,
1137 PCI_BASE_ADDRESS_SPACE_MEMORY, e1000_mmio_map);
1139 pci_register_bar(&d->dev, 1, IOPORT_SIZE,
1140 PCI_BASE_ADDRESS_SPACE_IO, ioport_map);
1142 memmove(d->eeprom_data, e1000_eeprom_template,
1143 sizeof e1000_eeprom_template);
1144 qemu_macaddr_default_if_unset(&d->conf.macaddr);
1145 macaddr = d->conf.macaddr.a;
1146 for (i = 0; i < 3; i++)
1147 d->eeprom_data[i] = (macaddr[2*i+1]<<8) | macaddr[2*i];
1148 for (i = 0; i < EEPROM_CHECKSUM_REG; i++)
1149 checksum += d->eeprom_data[i];
1150 checksum = (uint16_t) EEPROM_SUM - checksum;
1151 d->eeprom_data[EEPROM_CHECKSUM_REG] = checksum;
1153 d->nic = qemu_new_nic(&net_e1000_info, &d->conf,
1154 d->dev.qdev.info->name, d->dev.qdev.id, d);
1156 qemu_format_nic_info_str(&d->nic->nc, macaddr);
1160 static void qdev_e1000_reset(DeviceState *dev)
1162 E1000State *d = DO_UPCAST(E1000State, dev.qdev, dev);
1166 static PCIDeviceInfo e1000_info = {
1167 .qdev.name = "e1000",
1168 .qdev.desc = "Intel Gigabit Ethernet",
1169 .qdev.size = sizeof(E1000State),
1170 .qdev.reset = qdev_e1000_reset,
1171 .qdev.vmsd = &vmstate_e1000,
1172 .init = pci_e1000_init,
1173 .exit = pci_e1000_uninit,
1174 .romfile = "pxe-e1000.bin",
1175 .qdev.props = (Property[]) {
1176 DEFINE_NIC_PROPERTIES(E1000State, conf),
1177 DEFINE_PROP_END_OF_LIST(),
1181 static void e1000_register_devices(void)
1183 pci_qdev_register(&e1000_info);
1186 device_init(e1000_register_devices)
projects / sdk / emulator / qemu.git / blob