4 * Nir Peleg, Tutis Systems Ltd. for Qumranet Inc.
5 * Copyright (c) 2008 Qumranet
6 * Based on work done by:
7 * Copyright (c) 2007 Dan Aloni
8 * Copyright (c) 2004 Antony T Curtis
10 * This library is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU Lesser General Public
12 * License as published by the Free Software Foundation; either
13 * version 2 of the License, or (at your option) any later version.
15 * This library is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
18 * Lesser General Public License for more details.
20 * You should have received a copy of the GNU Lesser General Public
21 * License along with this library; if not, write to the Free Software
22 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
36 DEBUG_GENERAL, DEBUG_IO, DEBUG_MMIO, DEBUG_INTERRUPT,
37 DEBUG_RX, DEBUG_TX, DEBUG_MDIC, DEBUG_EEPROM,
38 DEBUG_UNKNOWN, DEBUG_TXSUM, DEBUG_TXERR, DEBUG_RXERR,
39 DEBUG_RXFILTER, DEBUG_NOTYET,
41 #define DBGBIT(x) (1<<DEBUG_##x)
42 static int debugflags = DBGBIT(TXERR) | DBGBIT(GENERAL);
44 #define DBGOUT(what, fmt, params...) do { \
45 if (debugflags & DBGBIT(what)) \
46 fprintf(stderr, "e1000: " fmt, ##params); \
49 #define DBGOUT(what, fmt, params...) do {} while (0)
52 #define IOPORT_SIZE 0x40
53 #define PNPMMIO_SIZE 0x20000
57 * E1000_DEV_ID_82540EM works with Windows and Linux
58 * E1000_DEV_ID_82573L OK with windoze and Linux 2.6.22,
59 * appears to perform better than 82540EM, but breaks with Linux 2.6.18
60 * E1000_DEV_ID_82544GC_COPPER appears to work; not well tested
63 enum { E1000_DEVID = E1000_DEV_ID_82540EM };
66 * May need to specify additional MAC-to-PHY entries --
67 * Intel's Windows driver refuses to initialize unless they match
70 PHY_ID2_INIT = E1000_DEVID == E1000_DEV_ID_82573L ? 0xcc2 :
71 E1000_DEVID == E1000_DEV_ID_82544GC_COPPER ? 0xc30 :
72 /* default to E1000_DEV_ID_82540EM */ 0xc20
75 typedef struct E1000State_st {
81 uint32_t mac_reg[0x8000];
82 uint16_t phy_reg[0x20];
83 uint16_t eeprom_data[64];
86 uint32_t rxbuf_min_shift;
89 unsigned char header[256];
90 unsigned char vlan_header[4];
91 unsigned char vlan[4];
92 unsigned char data[0x10000];
94 unsigned char sum_needed;
95 unsigned char vlan_needed;
109 char cptse; // current packet tse bit
113 uint32_t val_in; // shifted in from guest driver
121 #define defreg(x) x = (E1000_##x>>2)
123 defreg(CTRL), defreg(EECD), defreg(EERD), defreg(GPRC),
124 defreg(GPTC), defreg(ICR), defreg(ICS), defreg(IMC),
125 defreg(IMS), defreg(LEDCTL), defreg(MANC), defreg(MDIC),
126 defreg(MPC), defreg(PBA), defreg(RCTL), defreg(RDBAH),
127 defreg(RDBAL), defreg(RDH), defreg(RDLEN), defreg(RDT),
128 defreg(STATUS), defreg(SWSM), defreg(TCTL), defreg(TDBAH),
129 defreg(TDBAL), defreg(TDH), defreg(TDLEN), defreg(TDT),
130 defreg(TORH), defreg(TORL), defreg(TOTH), defreg(TOTL),
131 defreg(TPR), defreg(TPT), defreg(TXDCTL), defreg(WUFC),
132 defreg(RA), defreg(MTA), defreg(CRCERRS),defreg(VFTA),
136 enum { PHY_R = 1, PHY_W = 2, PHY_RW = PHY_R | PHY_W };
137 static const char phy_regcap[0x20] = {
138 [PHY_STATUS] = PHY_R, [M88E1000_EXT_PHY_SPEC_CTRL] = PHY_RW,
139 [PHY_ID1] = PHY_R, [M88E1000_PHY_SPEC_CTRL] = PHY_RW,
140 [PHY_CTRL] = PHY_RW, [PHY_1000T_CTRL] = PHY_RW,
141 [PHY_LP_ABILITY] = PHY_R, [PHY_1000T_STATUS] = PHY_R,
142 [PHY_AUTONEG_ADV] = PHY_RW, [M88E1000_RX_ERR_CNTR] = PHY_R,
143 [PHY_ID2] = PHY_R, [M88E1000_PHY_SPEC_STATUS] = PHY_R
147 ioport_map(PCIDevice *pci_dev, int region_num, uint32_t addr,
148 uint32_t size, int type)
150 DBGOUT(IO, "e1000_ioport_map addr=0x%04x size=0x%08x\n", addr, size);
154 set_interrupt_cause(E1000State *s, int index, uint32_t val)
157 val |= E1000_ICR_INT_ASSERTED;
158 s->mac_reg[ICR] = val;
159 qemu_set_irq(s->dev.irq[0], (s->mac_reg[IMS] & s->mac_reg[ICR]) != 0);
163 set_ics(E1000State *s, int index, uint32_t val)
165 DBGOUT(INTERRUPT, "set_ics %x, ICR %x, IMR %x\n", val, s->mac_reg[ICR],
167 set_interrupt_cause(s, 0, val | s->mac_reg[ICR]);
171 rxbufsize(uint32_t v)
173 v &= E1000_RCTL_BSEX | E1000_RCTL_SZ_16384 | E1000_RCTL_SZ_8192 |
174 E1000_RCTL_SZ_4096 | E1000_RCTL_SZ_2048 | E1000_RCTL_SZ_1024 |
175 E1000_RCTL_SZ_512 | E1000_RCTL_SZ_256;
177 case E1000_RCTL_BSEX | E1000_RCTL_SZ_16384:
179 case E1000_RCTL_BSEX | E1000_RCTL_SZ_8192:
181 case E1000_RCTL_BSEX | E1000_RCTL_SZ_4096:
183 case E1000_RCTL_SZ_1024:
185 case E1000_RCTL_SZ_512:
187 case E1000_RCTL_SZ_256:
194 set_rx_control(E1000State *s, int index, uint32_t val)
196 s->mac_reg[RCTL] = val;
197 s->rxbuf_size = rxbufsize(val);
198 s->rxbuf_min_shift = ((val / E1000_RCTL_RDMTS_QUAT) & 3) + 1;
199 DBGOUT(RX, "RCTL: %d, mac_reg[RCTL] = 0x%x\n", s->mac_reg[RDT],
204 set_mdic(E1000State *s, int index, uint32_t val)
206 uint32_t data = val & E1000_MDIC_DATA_MASK;
207 uint32_t addr = ((val & E1000_MDIC_REG_MASK) >> E1000_MDIC_REG_SHIFT);
209 if ((val & E1000_MDIC_PHY_MASK) >> E1000_MDIC_PHY_SHIFT != 1) // phy #
210 val = s->mac_reg[MDIC] | E1000_MDIC_ERROR;
211 else if (val & E1000_MDIC_OP_READ) {
212 DBGOUT(MDIC, "MDIC read reg 0x%x\n", addr);
213 if (!(phy_regcap[addr] & PHY_R)) {
214 DBGOUT(MDIC, "MDIC read reg %x unhandled\n", addr);
215 val |= E1000_MDIC_ERROR;
217 val = (val ^ data) | s->phy_reg[addr];
218 } else if (val & E1000_MDIC_OP_WRITE) {
219 DBGOUT(MDIC, "MDIC write reg 0x%x, value 0x%x\n", addr, data);
220 if (!(phy_regcap[addr] & PHY_W)) {
221 DBGOUT(MDIC, "MDIC write reg %x unhandled\n", addr);
222 val |= E1000_MDIC_ERROR;
224 s->phy_reg[addr] = data;
226 s->mac_reg[MDIC] = val | E1000_MDIC_READY;
227 set_ics(s, 0, E1000_ICR_MDAC);
231 get_eecd(E1000State *s, int index)
233 uint32_t ret = E1000_EECD_PRES|E1000_EECD_GNT | s->eecd_state.old_eecd;
235 DBGOUT(EEPROM, "reading eeprom bit %d (reading %d)\n",
236 s->eecd_state.bitnum_out, s->eecd_state.reading);
237 if (!s->eecd_state.reading ||
238 ((s->eeprom_data[(s->eecd_state.bitnum_out >> 4) & 0x3f] >>
239 ((s->eecd_state.bitnum_out & 0xf) ^ 0xf))) & 1)
240 ret |= E1000_EECD_DO;
245 set_eecd(E1000State *s, int index, uint32_t val)
247 uint32_t oldval = s->eecd_state.old_eecd;
249 s->eecd_state.old_eecd = val & (E1000_EECD_SK | E1000_EECD_CS |
250 E1000_EECD_DI|E1000_EECD_FWE_MASK|E1000_EECD_REQ);
251 if (!(E1000_EECD_SK & (val ^ oldval))) // no clock edge
253 if (!(E1000_EECD_SK & val)) { // falling edge
254 s->eecd_state.bitnum_out++;
257 if (!(val & E1000_EECD_CS)) { // rising, no CS (EEPROM reset)
258 memset(&s->eecd_state, 0, sizeof s->eecd_state);
261 s->eecd_state.val_in <<= 1;
262 if (val & E1000_EECD_DI)
263 s->eecd_state.val_in |= 1;
264 if (++s->eecd_state.bitnum_in == 9 && !s->eecd_state.reading) {
265 s->eecd_state.bitnum_out = ((s->eecd_state.val_in & 0x3f)<<4)-1;
266 s->eecd_state.reading = (((s->eecd_state.val_in >> 6) & 7) ==
267 EEPROM_READ_OPCODE_MICROWIRE);
269 DBGOUT(EEPROM, "eeprom bitnum in %d out %d, reading %d\n",
270 s->eecd_state.bitnum_in, s->eecd_state.bitnum_out,
271 s->eecd_state.reading);
275 flash_eerd_read(E1000State *s, int x)
277 unsigned int index, r = s->mac_reg[EERD] & ~E1000_EEPROM_RW_REG_START;
279 if ((index = r >> E1000_EEPROM_RW_ADDR_SHIFT) > EEPROM_CHECKSUM_REG)
281 return (s->eeprom_data[index] << E1000_EEPROM_RW_REG_DATA) |
282 E1000_EEPROM_RW_REG_DONE | r;
286 putsum(uint8_t *data, uint32_t n, uint32_t sloc, uint32_t css, uint32_t cse)
293 sum = net_checksum_add(n-css, data+css);
294 cpu_to_be16wu((uint16_t *)(data + sloc),
295 net_checksum_finish(sum));
300 vlan_enabled(E1000State *s)
302 return ((s->mac_reg[CTRL] & E1000_CTRL_VME) != 0);
306 vlan_rx_filter_enabled(E1000State *s)
308 return ((s->mac_reg[RCTL] & E1000_RCTL_VFE) != 0);
312 is_vlan_packet(E1000State *s, const uint8_t *buf)
314 return (be16_to_cpup((uint16_t *)(buf + 12)) ==
315 le16_to_cpup((uint16_t *)(s->mac_reg + VET)));
319 is_vlan_txd(uint32_t txd_lower)
321 return ((txd_lower & E1000_TXD_CMD_VLE) != 0);
325 xmit_seg(E1000State *s)
328 unsigned int frames = s->tx.tso_frames, css, sofar, n;
329 struct e1000_tx *tp = &s->tx;
331 if (tp->tse && tp->cptse) {
333 DBGOUT(TXSUM, "frames %d size %d ipcss %d\n",
334 frames, tp->size, css);
335 if (tp->ip) { // IPv4
336 cpu_to_be16wu((uint16_t *)(tp->data+css+2),
338 cpu_to_be16wu((uint16_t *)(tp->data+css+4),
339 be16_to_cpup((uint16_t *)(tp->data+css+4))+frames);
341 cpu_to_be16wu((uint16_t *)(tp->data+css+4),
344 len = tp->size - css;
345 DBGOUT(TXSUM, "tcp %d tucss %d len %d\n", tp->tcp, css, len);
347 sofar = frames * tp->mss;
348 cpu_to_be32wu((uint32_t *)(tp->data+css+4), // seq
349 be32_to_cpupu((uint32_t *)(tp->data+css+4))+sofar);
350 if (tp->paylen - sofar > tp->mss)
351 tp->data[css + 13] &= ~9; // PSH, FIN
353 cpu_to_be16wu((uint16_t *)(tp->data+css+4), len);
354 if (tp->sum_needed & E1000_TXD_POPTS_TXSM) {
355 // add pseudo-header length before checksum calculation
356 sp = (uint16_t *)(tp->data + tp->tucso);
357 cpu_to_be16wu(sp, be16_to_cpup(sp) + len);
362 if (tp->sum_needed & E1000_TXD_POPTS_TXSM)
363 putsum(tp->data, tp->size, tp->tucso, tp->tucss, tp->tucse);
364 if (tp->sum_needed & E1000_TXD_POPTS_IXSM)
365 putsum(tp->data, tp->size, tp->ipcso, tp->ipcss, tp->ipcse);
366 if (tp->vlan_needed) {
367 memmove(tp->vlan, tp->data, 12);
368 memcpy(tp->data + 8, tp->vlan_header, 4);
369 qemu_send_packet(s->vc, tp->vlan, tp->size + 4);
371 qemu_send_packet(s->vc, tp->data, tp->size);
374 n = s->mac_reg[TOTL];
375 if ((s->mac_reg[TOTL] += s->tx.size) < n)
380 process_tx_desc(E1000State *s, struct e1000_tx_desc *dp)
382 uint32_t txd_lower = le32_to_cpu(dp->lower.data);
383 uint32_t dtype = txd_lower & (E1000_TXD_CMD_DEXT | E1000_TXD_DTYP_D);
384 unsigned int split_size = txd_lower & 0xffff, bytes, sz, op;
385 unsigned int msh = 0xfffff, hdr = 0;
387 struct e1000_context_desc *xp = (struct e1000_context_desc *)dp;
388 struct e1000_tx *tp = &s->tx;
390 if (dtype == E1000_TXD_CMD_DEXT) { // context descriptor
391 op = le32_to_cpu(xp->cmd_and_length);
392 tp->ipcss = xp->lower_setup.ip_fields.ipcss;
393 tp->ipcso = xp->lower_setup.ip_fields.ipcso;
394 tp->ipcse = le16_to_cpu(xp->lower_setup.ip_fields.ipcse);
395 tp->tucss = xp->upper_setup.tcp_fields.tucss;
396 tp->tucso = xp->upper_setup.tcp_fields.tucso;
397 tp->tucse = le16_to_cpu(xp->upper_setup.tcp_fields.tucse);
398 tp->paylen = op & 0xfffff;
399 tp->hdr_len = xp->tcp_seg_setup.fields.hdr_len;
400 tp->mss = le16_to_cpu(xp->tcp_seg_setup.fields.mss);
401 tp->ip = (op & E1000_TXD_CMD_IP) ? 1 : 0;
402 tp->tcp = (op & E1000_TXD_CMD_TCP) ? 1 : 0;
403 tp->tse = (op & E1000_TXD_CMD_TSE) ? 1 : 0;
405 if (tp->tucso == 0) { // this is probably wrong
406 DBGOUT(TXSUM, "TCP/UDP: cso 0!\n");
407 tp->tucso = tp->tucss + (tp->tcp ? 16 : 6);
410 } else if (dtype == (E1000_TXD_CMD_DEXT | E1000_TXD_DTYP_D)) {
412 tp->sum_needed = le32_to_cpu(dp->upper.data) >> 8;
413 tp->cptse = ( txd_lower & E1000_TXD_CMD_TSE ) ? 1 : 0;
418 if (vlan_enabled(s) && is_vlan_txd(txd_lower) &&
419 (tp->cptse || txd_lower & E1000_TXD_CMD_EOP)) {
421 cpu_to_be16wu((uint16_t *)(tp->vlan_header),
422 le16_to_cpup((uint16_t *)(s->mac_reg + VET)));
423 cpu_to_be16wu((uint16_t *)(tp->vlan_header + 2),
424 le16_to_cpu(dp->upper.fields.special));
427 addr = le64_to_cpu(dp->buffer_addr);
428 if (tp->tse && tp->cptse) {
433 if (tp->size + bytes > msh)
434 bytes = msh - tp->size;
435 cpu_physical_memory_read(addr, tp->data + tp->size, bytes);
436 if ((sz = tp->size + bytes) >= hdr && tp->size < hdr)
437 memmove(tp->header, tp->data, hdr);
442 memmove(tp->data, tp->header, hdr);
445 } while (split_size -= bytes);
446 } else if (!tp->tse && tp->cptse) {
447 // context descriptor TSE is not set, while data descriptor TSE is set
448 DBGOUT(TXERR, "TCP segmentaion Error\n");
450 cpu_physical_memory_read(addr, tp->data + tp->size, split_size);
451 tp->size += split_size;
454 if (!(txd_lower & E1000_TXD_CMD_EOP))
456 if (!(tp->tse && tp->cptse && tp->size < hdr))
466 txdesc_writeback(target_phys_addr_t base, struct e1000_tx_desc *dp)
468 uint32_t txd_upper, txd_lower = le32_to_cpu(dp->lower.data);
470 if (!(txd_lower & (E1000_TXD_CMD_RS|E1000_TXD_CMD_RPS)))
472 txd_upper = (le32_to_cpu(dp->upper.data) | E1000_TXD_STAT_DD) &
473 ~(E1000_TXD_STAT_EC | E1000_TXD_STAT_LC | E1000_TXD_STAT_TU);
474 dp->upper.data = cpu_to_le32(txd_upper);
475 cpu_physical_memory_write(base + ((char *)&dp->upper - (char *)dp),
476 (void *)&dp->upper, sizeof(dp->upper));
477 return E1000_ICR_TXDW;
481 start_xmit(E1000State *s)
483 target_phys_addr_t base;
484 struct e1000_tx_desc desc;
485 uint32_t tdh_start = s->mac_reg[TDH], cause = E1000_ICS_TXQE;
487 if (!(s->mac_reg[TCTL] & E1000_TCTL_EN)) {
488 DBGOUT(TX, "tx disabled\n");
492 while (s->mac_reg[TDH] != s->mac_reg[TDT]) {
493 base = ((uint64_t)s->mac_reg[TDBAH] << 32) + s->mac_reg[TDBAL] +
494 sizeof(struct e1000_tx_desc) * s->mac_reg[TDH];
495 cpu_physical_memory_read(base, (void *)&desc, sizeof(desc));
497 DBGOUT(TX, "index %d: %p : %x %x\n", s->mac_reg[TDH],
498 (void *)(intptr_t)desc.buffer_addr, desc.lower.data,
501 process_tx_desc(s, &desc);
502 cause |= txdesc_writeback(base, &desc);
504 if (++s->mac_reg[TDH] * sizeof(desc) >= s->mac_reg[TDLEN])
507 * the following could happen only if guest sw assigns
508 * bogus values to TDT/TDLEN.
509 * there's nothing too intelligent we could do about this.
511 if (s->mac_reg[TDH] == tdh_start) {
512 DBGOUT(TXERR, "TDH wraparound @%x, TDT %x, TDLEN %x\n",
513 tdh_start, s->mac_reg[TDT], s->mac_reg[TDLEN]);
517 set_ics(s, 0, cause);
521 receive_filter(E1000State *s, const uint8_t *buf, int size)
523 static uint8_t bcast[] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
524 static int mta_shift[] = {4, 3, 2, 0};
525 uint32_t f, rctl = s->mac_reg[RCTL], ra[2], *rp;
527 if (is_vlan_packet(s, buf) && vlan_rx_filter_enabled(s)) {
528 uint16_t vid = be16_to_cpup((uint16_t *)(buf + 14));
529 uint32_t vfta = le32_to_cpup((uint32_t *)(s->mac_reg + VFTA) +
530 ((vid >> 5) & 0x7f));
531 if ((vfta & (1 << (vid & 0x1f))) == 0)
535 if (rctl & E1000_RCTL_UPE) // promiscuous
538 if ((buf[0] & 1) && (rctl & E1000_RCTL_MPE)) // promiscuous mcast
541 if ((rctl & E1000_RCTL_BAM) && !memcmp(buf, bcast, sizeof bcast))
544 for (rp = s->mac_reg + RA; rp < s->mac_reg + RA + 32; rp += 2) {
545 if (!(rp[1] & E1000_RAH_AV))
547 ra[0] = cpu_to_le32(rp[0]);
548 ra[1] = cpu_to_le32(rp[1]);
549 if (!memcmp(buf, (uint8_t *)ra, 6)) {
551 "unicast match[%d]: %02x:%02x:%02x:%02x:%02x:%02x\n",
552 (int)(rp - s->mac_reg - RA)/2,
553 buf[0], buf[1], buf[2], buf[3], buf[4], buf[5]);
557 DBGOUT(RXFILTER, "unicast mismatch: %02x:%02x:%02x:%02x:%02x:%02x\n",
558 buf[0], buf[1], buf[2], buf[3], buf[4], buf[5]);
560 f = mta_shift[(rctl >> E1000_RCTL_MO_SHIFT) & 3];
561 f = (((buf[5] << 8) | buf[4]) >> f) & 0xfff;
562 if (s->mac_reg[MTA + (f >> 5)] & (1 << (f & 0x1f)))
565 "dropping, inexact filter mismatch: %02x:%02x:%02x:%02x:%02x:%02x MO %d MTA[%d] %x\n",
566 buf[0], buf[1], buf[2], buf[3], buf[4], buf[5],
567 (rctl >> E1000_RCTL_MO_SHIFT) & 3, f >> 5,
568 s->mac_reg[MTA + (f >> 5)]);
574 e1000_can_receive(void *opaque)
576 E1000State *s = opaque;
578 return (s->mac_reg[RCTL] & E1000_RCTL_EN);
582 e1000_receive(void *opaque, const uint8_t *buf, int size)
584 E1000State *s = opaque;
585 struct e1000_rx_desc desc;
586 target_phys_addr_t base;
589 uint16_t vlan_special = 0;
590 uint8_t vlan_status = 0, vlan_offset = 0;
592 if (!(s->mac_reg[RCTL] & E1000_RCTL_EN))
595 if (size > s->rxbuf_size) {
596 DBGOUT(RX, "packet too large for buffers (%d > %d)\n", size,
601 if (!receive_filter(s, buf, size))
604 if (vlan_enabled(s) && is_vlan_packet(s, buf)) {
605 vlan_special = cpu_to_le16(be16_to_cpup((uint16_t *)(buf + 14)));
606 memmove((void *)(buf + 4), buf, 12);
607 vlan_status = E1000_RXD_STAT_VP;
612 rdh_start = s->mac_reg[RDH];
613 size += 4; // for the header
615 if (s->mac_reg[RDH] == s->mac_reg[RDT] && s->check_rxov) {
616 set_ics(s, 0, E1000_ICS_RXO);
619 base = ((uint64_t)s->mac_reg[RDBAH] << 32) + s->mac_reg[RDBAL] +
620 sizeof(desc) * s->mac_reg[RDH];
621 cpu_physical_memory_read(base, (void *)&desc, sizeof(desc));
622 desc.special = vlan_special;
623 desc.status |= (vlan_status | E1000_RXD_STAT_DD);
624 if (desc.buffer_addr) {
625 cpu_physical_memory_write(le64_to_cpu(desc.buffer_addr),
626 (void *)(buf + vlan_offset), size);
627 desc.length = cpu_to_le16(size);
628 desc.status |= E1000_RXD_STAT_EOP|E1000_RXD_STAT_IXSM;
629 } else // as per intel docs; skip descriptors with null buf addr
630 DBGOUT(RX, "Null RX descriptor!!\n");
631 cpu_physical_memory_write(base, (void *)&desc, sizeof(desc));
633 if (++s->mac_reg[RDH] * sizeof(desc) >= s->mac_reg[RDLEN])
636 /* see comment in start_xmit; same here */
637 if (s->mac_reg[RDH] == rdh_start) {
638 DBGOUT(RXERR, "RDH wraparound @%x, RDT %x, RDLEN %x\n",
639 rdh_start, s->mac_reg[RDT], s->mac_reg[RDLEN]);
640 set_ics(s, 0, E1000_ICS_RXO);
643 } while (desc.buffer_addr == 0);
647 n = s->mac_reg[TORL];
648 if ((s->mac_reg[TORL] += size) < n)
652 if ((rdt = s->mac_reg[RDT]) < s->mac_reg[RDH])
653 rdt += s->mac_reg[RDLEN] / sizeof(desc);
654 if (((rdt - s->mac_reg[RDH]) * sizeof(desc)) << s->rxbuf_min_shift >=
656 n |= E1000_ICS_RXDMT0;
662 mac_readreg(E1000State *s, int index)
664 return s->mac_reg[index];
668 mac_icr_read(E1000State *s, int index)
670 uint32_t ret = s->mac_reg[ICR];
672 DBGOUT(INTERRUPT, "ICR read: %x\n", ret);
673 set_interrupt_cause(s, 0, 0);
678 mac_read_clr4(E1000State *s, int index)
680 uint32_t ret = s->mac_reg[index];
682 s->mac_reg[index] = 0;
687 mac_read_clr8(E1000State *s, int index)
689 uint32_t ret = s->mac_reg[index];
691 s->mac_reg[index] = 0;
692 s->mac_reg[index-1] = 0;
697 mac_writereg(E1000State *s, int index, uint32_t val)
699 s->mac_reg[index] = val;
703 set_rdt(E1000State *s, int index, uint32_t val)
706 s->mac_reg[index] = val & 0xffff;
710 set_16bit(E1000State *s, int index, uint32_t val)
712 s->mac_reg[index] = val & 0xffff;
716 set_dlen(E1000State *s, int index, uint32_t val)
718 s->mac_reg[index] = val & 0xfff80;
722 set_tctl(E1000State *s, int index, uint32_t val)
724 s->mac_reg[index] = val;
725 s->mac_reg[TDT] &= 0xffff;
730 set_icr(E1000State *s, int index, uint32_t val)
732 DBGOUT(INTERRUPT, "set_icr %x\n", val);
733 set_interrupt_cause(s, 0, s->mac_reg[ICR] & ~val);
737 set_imc(E1000State *s, int index, uint32_t val)
739 s->mac_reg[IMS] &= ~val;
744 set_ims(E1000State *s, int index, uint32_t val)
746 s->mac_reg[IMS] |= val;
750 #define getreg(x) [x] = mac_readreg
751 static uint32_t (*macreg_readops[])(E1000State *, int) = {
752 getreg(PBA), getreg(RCTL), getreg(TDH), getreg(TXDCTL),
753 getreg(WUFC), getreg(TDT), getreg(CTRL), getreg(LEDCTL),
754 getreg(MANC), getreg(MDIC), getreg(SWSM), getreg(STATUS),
755 getreg(TORL), getreg(TOTL), getreg(IMS), getreg(TCTL),
756 getreg(RDH), getreg(RDT), getreg(VET),
758 [TOTH] = mac_read_clr8, [TORH] = mac_read_clr8, [GPRC] = mac_read_clr4,
759 [GPTC] = mac_read_clr4, [TPR] = mac_read_clr4, [TPT] = mac_read_clr4,
760 [ICR] = mac_icr_read, [EECD] = get_eecd, [EERD] = flash_eerd_read,
761 [CRCERRS ... MPC] = &mac_readreg,
762 [RA ... RA+31] = &mac_readreg,
763 [MTA ... MTA+127] = &mac_readreg,
764 [VFTA ... VFTA+127] = &mac_readreg,
766 enum { NREADOPS = ARRAY_SIZE(macreg_readops) };
768 #define putreg(x) [x] = mac_writereg
769 static void (*macreg_writeops[])(E1000State *, int, uint32_t) = {
770 putreg(PBA), putreg(EERD), putreg(SWSM), putreg(WUFC),
771 putreg(TDBAL), putreg(TDBAH), putreg(TXDCTL), putreg(RDBAH),
772 putreg(RDBAL), putreg(LEDCTL), putreg(CTRL), putreg(VET),
773 [TDLEN] = set_dlen, [RDLEN] = set_dlen, [TCTL] = set_tctl,
774 [TDT] = set_tctl, [MDIC] = set_mdic, [ICS] = set_ics,
775 [TDH] = set_16bit, [RDH] = set_16bit, [RDT] = set_rdt,
776 [IMC] = set_imc, [IMS] = set_ims, [ICR] = set_icr,
777 [EECD] = set_eecd, [RCTL] = set_rx_control,
778 [RA ... RA+31] = &mac_writereg,
779 [MTA ... MTA+127] = &mac_writereg,
780 [VFTA ... VFTA+127] = &mac_writereg,
782 enum { NWRITEOPS = ARRAY_SIZE(macreg_writeops) };
785 e1000_mmio_writel(void *opaque, target_phys_addr_t addr, uint32_t val)
787 E1000State *s = opaque;
788 unsigned int index = (addr & 0x1ffff) >> 2;
790 #ifdef TARGET_WORDS_BIGENDIAN
793 if (index < NWRITEOPS && macreg_writeops[index])
794 macreg_writeops[index](s, index, val);
795 else if (index < NREADOPS && macreg_readops[index])
796 DBGOUT(MMIO, "e1000_mmio_writel RO %x: 0x%04x\n", index<<2, val);
798 DBGOUT(UNKNOWN, "MMIO unknown write addr=0x%08x,val=0x%08x\n",
803 e1000_mmio_writew(void *opaque, target_phys_addr_t addr, uint32_t val)
805 // emulate hw without byte enables: no RMW
806 e1000_mmio_writel(opaque, addr & ~3,
807 (val & 0xffff) << (8*(addr & 3)));
811 e1000_mmio_writeb(void *opaque, target_phys_addr_t addr, uint32_t val)
813 // emulate hw without byte enables: no RMW
814 e1000_mmio_writel(opaque, addr & ~3,
815 (val & 0xff) << (8*(addr & 3)));
819 e1000_mmio_readl(void *opaque, target_phys_addr_t addr)
821 E1000State *s = opaque;
822 unsigned int index = (addr & 0x1ffff) >> 2;
824 if (index < NREADOPS && macreg_readops[index])
826 uint32_t val = macreg_readops[index](s, index);
827 #ifdef TARGET_WORDS_BIGENDIAN
832 DBGOUT(UNKNOWN, "MMIO unknown read addr=0x%08x\n", index<<2);
837 e1000_mmio_readb(void *opaque, target_phys_addr_t addr)
839 return ((e1000_mmio_readl(opaque, addr & ~3)) >>
840 (8 * (addr & 3))) & 0xff;
844 e1000_mmio_readw(void *opaque, target_phys_addr_t addr)
846 return ((e1000_mmio_readl(opaque, addr & ~3)) >>
847 (8 * (addr & 3))) & 0xffff;
850 static const int mac_regtosave[] = {
851 CTRL, EECD, EERD, GPRC, GPTC, ICR, ICS, IMC, IMS,
852 LEDCTL, MANC, MDIC, MPC, PBA, RCTL, RDBAH, RDBAL, RDH,
853 RDLEN, RDT, STATUS, SWSM, TCTL, TDBAH, TDBAL, TDH, TDLEN,
854 TDT, TORH, TORL, TOTH, TOTL, TPR, TPT, TXDCTL, WUFC,
857 enum { MAC_NSAVE = ARRAY_SIZE(mac_regtosave) };
859 static const struct {
862 } mac_regarraystosave[] = { {32, RA}, {128, MTA}, {128, VFTA} };
863 enum { MAC_NARRAYS = ARRAY_SIZE(mac_regarraystosave) };
866 nic_save(QEMUFile *f, void *opaque)
868 E1000State *s = (E1000State *)opaque;
871 pci_device_save(&s->dev, f);
873 qemu_put_be32s(f, &s->rxbuf_size);
874 qemu_put_be32s(f, &s->rxbuf_min_shift);
875 qemu_put_be32s(f, &s->eecd_state.val_in);
876 qemu_put_be16s(f, &s->eecd_state.bitnum_in);
877 qemu_put_be16s(f, &s->eecd_state.bitnum_out);
878 qemu_put_be16s(f, &s->eecd_state.reading);
879 qemu_put_be32s(f, &s->eecd_state.old_eecd);
880 qemu_put_8s(f, &s->tx.ipcss);
881 qemu_put_8s(f, &s->tx.ipcso);
882 qemu_put_be16s(f, &s->tx.ipcse);
883 qemu_put_8s(f, &s->tx.tucss);
884 qemu_put_8s(f, &s->tx.tucso);
885 qemu_put_be16s(f, &s->tx.tucse);
886 qemu_put_be32s(f, &s->tx.paylen);
887 qemu_put_8s(f, &s->tx.hdr_len);
888 qemu_put_be16s(f, &s->tx.mss);
889 qemu_put_be16s(f, &s->tx.size);
890 qemu_put_be16s(f, &s->tx.tso_frames);
891 qemu_put_8s(f, &s->tx.sum_needed);
892 qemu_put_s8s(f, &s->tx.ip);
893 qemu_put_s8s(f, &s->tx.tcp);
894 qemu_put_buffer(f, s->tx.header, sizeof s->tx.header);
895 qemu_put_buffer(f, s->tx.data, sizeof s->tx.data);
896 for (i = 0; i < 64; i++)
897 qemu_put_be16s(f, s->eeprom_data + i);
898 for (i = 0; i < 0x20; i++)
899 qemu_put_be16s(f, s->phy_reg + i);
900 for (i = 0; i < MAC_NSAVE; i++)
901 qemu_put_be32s(f, s->mac_reg + mac_regtosave[i]);
902 for (i = 0; i < MAC_NARRAYS; i++)
903 for (j = 0; j < mac_regarraystosave[i].size; j++)
905 s->mac_reg + mac_regarraystosave[i].array0 + j);
909 nic_load(QEMUFile *f, void *opaque, int version_id)
911 E1000State *s = (E1000State *)opaque;
914 if ((ret = pci_device_load(&s->dev, f)) < 0)
917 qemu_get_sbe32s(f, &i); /* once some unused instance id */
918 qemu_get_be32(f); /* Ignored. Was mmio_base. */
919 qemu_get_be32s(f, &s->rxbuf_size);
920 qemu_get_be32s(f, &s->rxbuf_min_shift);
921 qemu_get_be32s(f, &s->eecd_state.val_in);
922 qemu_get_be16s(f, &s->eecd_state.bitnum_in);
923 qemu_get_be16s(f, &s->eecd_state.bitnum_out);
924 qemu_get_be16s(f, &s->eecd_state.reading);
925 qemu_get_be32s(f, &s->eecd_state.old_eecd);
926 qemu_get_8s(f, &s->tx.ipcss);
927 qemu_get_8s(f, &s->tx.ipcso);
928 qemu_get_be16s(f, &s->tx.ipcse);
929 qemu_get_8s(f, &s->tx.tucss);
930 qemu_get_8s(f, &s->tx.tucso);
931 qemu_get_be16s(f, &s->tx.tucse);
932 qemu_get_be32s(f, &s->tx.paylen);
933 qemu_get_8s(f, &s->tx.hdr_len);
934 qemu_get_be16s(f, &s->tx.mss);
935 qemu_get_be16s(f, &s->tx.size);
936 qemu_get_be16s(f, &s->tx.tso_frames);
937 qemu_get_8s(f, &s->tx.sum_needed);
938 qemu_get_s8s(f, &s->tx.ip);
939 qemu_get_s8s(f, &s->tx.tcp);
940 qemu_get_buffer(f, s->tx.header, sizeof s->tx.header);
941 qemu_get_buffer(f, s->tx.data, sizeof s->tx.data);
942 for (i = 0; i < 64; i++)
943 qemu_get_be16s(f, s->eeprom_data + i);
944 for (i = 0; i < 0x20; i++)
945 qemu_get_be16s(f, s->phy_reg + i);
946 for (i = 0; i < MAC_NSAVE; i++)
947 qemu_get_be32s(f, s->mac_reg + mac_regtosave[i]);
948 for (i = 0; i < MAC_NARRAYS; i++)
949 for (j = 0; j < mac_regarraystosave[i].size; j++)
951 s->mac_reg + mac_regarraystosave[i].array0 + j);
955 static const uint16_t e1000_eeprom_template[64] = {
956 0x0000, 0x0000, 0x0000, 0x0000, 0xffff, 0x0000, 0x0000, 0x0000,
957 0x3000, 0x1000, 0x6403, E1000_DEVID, 0x8086, E1000_DEVID, 0x8086, 0x3040,
958 0x0008, 0x2000, 0x7e14, 0x0048, 0x1000, 0x00d8, 0x0000, 0x2700,
959 0x6cc9, 0x3150, 0x0722, 0x040b, 0x0984, 0x0000, 0xc000, 0x0706,
960 0x1008, 0x0000, 0x0f04, 0x7fff, 0x4d01, 0xffff, 0xffff, 0xffff,
961 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
962 0x0100, 0x4000, 0x121c, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
963 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0x0000,
966 static const uint16_t phy_reg_init[] = {
967 [PHY_CTRL] = 0x1140, [PHY_STATUS] = 0x796d, // link initially up
968 [PHY_ID1] = 0x141, [PHY_ID2] = PHY_ID2_INIT,
969 [PHY_1000T_CTRL] = 0x0e00, [M88E1000_PHY_SPEC_CTRL] = 0x360,
970 [M88E1000_EXT_PHY_SPEC_CTRL] = 0x0d60, [PHY_AUTONEG_ADV] = 0xde1,
971 [PHY_LP_ABILITY] = 0x1e0, [PHY_1000T_STATUS] = 0x3c00,
972 [M88E1000_PHY_SPEC_STATUS] = 0xac00,
975 static const uint32_t mac_reg_init[] = {
978 [CTRL] = E1000_CTRL_SWDPIN2 | E1000_CTRL_SWDPIN0 |
979 E1000_CTRL_SPD_1000 | E1000_CTRL_SLU,
980 [STATUS] = 0x80000000 | E1000_STATUS_GIO_MASTER_ENABLE |
981 E1000_STATUS_ASDV | E1000_STATUS_MTXCKOK |
982 E1000_STATUS_SPEED_1000 | E1000_STATUS_FD |
984 [MANC] = E1000_MANC_EN_MNG2HOST | E1000_MANC_RCV_TCO_EN |
985 E1000_MANC_ARP_EN | E1000_MANC_0298_EN |
991 static CPUWriteMemoryFunc *e1000_mmio_write[] = {
992 e1000_mmio_writeb, e1000_mmio_writew, e1000_mmio_writel
995 static CPUReadMemoryFunc *e1000_mmio_read[] = {
996 e1000_mmio_readb, e1000_mmio_readw, e1000_mmio_readl
1000 e1000_mmio_map(PCIDevice *pci_dev, int region_num,
1001 uint32_t addr, uint32_t size, int type)
1003 E1000State *d = (E1000State *)pci_dev;
1005 const uint32_t excluded_regs[] = {
1006 E1000_MDIC, E1000_ICR, E1000_ICS, E1000_IMS,
1007 E1000_IMC, E1000_TCTL, E1000_TDT, PNPMMIO_SIZE
1011 DBGOUT(MMIO, "e1000_mmio_map addr=0x%08x 0x%08x\n", addr, size);
1013 cpu_register_physical_memory(addr, PNPMMIO_SIZE, d->mmio_index);
1014 qemu_register_coalesced_mmio(addr, excluded_regs[0]);
1016 for (i = 0; excluded_regs[i] != PNPMMIO_SIZE; i++)
1017 qemu_register_coalesced_mmio(addr + excluded_regs[i] + 4,
1018 excluded_regs[i + 1] -
1019 excluded_regs[i] - 4);
1023 pci_e1000_init(PCIBus *bus, NICInfo *nd, int devfn)
1027 uint16_t checksum = 0;
1028 static const char info_str[] = "e1000";
1031 d = (E1000State *)pci_register_device(bus, "e1000",
1032 sizeof(E1000State), devfn, NULL, NULL);
1034 pci_conf = d->dev.config;
1035 memset(pci_conf, 0, 256);
1037 *(uint16_t *)(pci_conf+0x00) = cpu_to_le16(0x8086);
1038 *(uint16_t *)(pci_conf+0x02) = cpu_to_le16(E1000_DEVID);
1039 *(uint16_t *)(pci_conf+0x04) = cpu_to_le16(0x0407);
1040 *(uint16_t *)(pci_conf+0x06) = cpu_to_le16(0x0010);
1041 pci_conf[0x08] = 0x03;
1042 pci_conf[0x0a] = 0x00; // ethernet network controller
1043 pci_conf[0x0b] = 0x02;
1044 pci_conf[0x0c] = 0x10;
1046 pci_conf[0x3d] = 1; // interrupt pin 0
1048 d->mmio_index = cpu_register_io_memory(0, e1000_mmio_read,
1049 e1000_mmio_write, d);
1051 pci_register_io_region((PCIDevice *)d, 0, PNPMMIO_SIZE,
1052 PCI_ADDRESS_SPACE_MEM, e1000_mmio_map);
1054 pci_register_io_region((PCIDevice *)d, 1, IOPORT_SIZE,
1055 PCI_ADDRESS_SPACE_IO, ioport_map);
1058 memmove(d->eeprom_data, e1000_eeprom_template,
1059 sizeof e1000_eeprom_template);
1060 for (i = 0; i < 3; i++)
1061 d->eeprom_data[i] = (nd->macaddr[2*i+1]<<8) | nd->macaddr[2*i];
1062 for (i = 0; i < EEPROM_CHECKSUM_REG; i++)
1063 checksum += d->eeprom_data[i];
1064 checksum = (uint16_t) EEPROM_SUM - checksum;
1065 d->eeprom_data[EEPROM_CHECKSUM_REG] = checksum;
1067 memset(d->phy_reg, 0, sizeof d->phy_reg);
1068 memmove(d->phy_reg, phy_reg_init, sizeof phy_reg_init);
1069 memset(d->mac_reg, 0, sizeof d->mac_reg);
1070 memmove(d->mac_reg, mac_reg_init, sizeof mac_reg_init);
1071 d->rxbuf_min_shift = 1;
1072 memset(&d->tx, 0, sizeof d->tx);
1074 d->vc = qemu_new_vlan_client(nd->vlan, e1000_receive,
1075 e1000_can_receive, d);
1077 snprintf(d->vc->info_str, sizeof(d->vc->info_str),
1078 "%s macaddr=%02x:%02x:%02x:%02x:%02x:%02x", info_str,
1079 d->nd->macaddr[0], d->nd->macaddr[1], d->nd->macaddr[2],
1080 d->nd->macaddr[3], d->nd->macaddr[4], d->nd->macaddr[5]);
1082 register_savevm(info_str, -1, 2, nic_save, nic_load, d);