4 * Software developer's manual:
5 * http://download.intel.com/design/network/manuals/8254x_GBe_SDM.pdf
7 * Nir Peleg, Tutis Systems Ltd. for Qumranet Inc.
8 * Copyright (c) 2008 Qumranet
9 * Based on work done by:
10 * Copyright (c) 2007 Dan Aloni
11 * Copyright (c) 2004 Antony T Curtis
13 * This library is free software; you can redistribute it and/or
14 * modify it under the terms of the GNU Lesser General Public
15 * License as published by the Free Software Foundation; either
16 * version 2 of the License, or (at your option) any later version.
18 * This library is distributed in the hope that it will be useful,
19 * but WITHOUT ANY WARRANTY; without even the implied warranty of
20 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
21 * Lesser General Public License for more details.
23 * You should have received a copy of the GNU Lesser General Public
24 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
31 #include "net/checksum.h"
40 DEBUG_GENERAL, DEBUG_IO, DEBUG_MMIO, DEBUG_INTERRUPT,
41 DEBUG_RX, DEBUG_TX, DEBUG_MDIC, DEBUG_EEPROM,
42 DEBUG_UNKNOWN, DEBUG_TXSUM, DEBUG_TXERR, DEBUG_RXERR,
43 DEBUG_RXFILTER, DEBUG_NOTYET,
45 #define DBGBIT(x) (1<<DEBUG_##x)
46 static int debugflags = DBGBIT(TXERR) | DBGBIT(GENERAL);
48 #define DBGOUT(what, fmt, ...) do { \
49 if (debugflags & DBGBIT(what)) \
50 fprintf(stderr, "e1000: " fmt, ## __VA_ARGS__); \
53 #define DBGOUT(what, fmt, ...) do {} while (0)
56 #define IOPORT_SIZE 0x40
57 #define PNPMMIO_SIZE 0x20000
61 * E1000_DEV_ID_82540EM works with Windows and Linux
62 * E1000_DEV_ID_82573L OK with windoze and Linux 2.6.22,
63 * appears to perform better than 82540EM, but breaks with Linux 2.6.18
64 * E1000_DEV_ID_82544GC_COPPER appears to work; not well tested
67 enum { E1000_DEVID = E1000_DEV_ID_82540EM };
70 * May need to specify additional MAC-to-PHY entries --
71 * Intel's Windows driver refuses to initialize unless they match
74 PHY_ID2_INIT = E1000_DEVID == E1000_DEV_ID_82573L ? 0xcc2 :
75 E1000_DEVID == E1000_DEV_ID_82544GC_COPPER ? 0xc30 :
76 /* default to E1000_DEV_ID_82540EM */ 0xc20
79 typedef struct E1000State_st {
85 uint32_t mac_reg[0x8000];
86 uint16_t phy_reg[0x20];
87 uint16_t eeprom_data[64];
90 uint32_t rxbuf_min_shift;
93 unsigned char header[256];
94 unsigned char vlan_header[4];
95 /* Fields vlan and data must not be reordered or separated. */
96 unsigned char vlan[4];
97 unsigned char data[0x10000];
99 unsigned char sum_needed;
100 unsigned char vlan_needed;
114 char cptse; // current packet tse bit
118 uint32_t val_in; // shifted in from guest driver
126 #define defreg(x) x = (E1000_##x>>2)
128 defreg(CTRL), defreg(EECD), defreg(EERD), defreg(GPRC),
129 defreg(GPTC), defreg(ICR), defreg(ICS), defreg(IMC),
130 defreg(IMS), defreg(LEDCTL), defreg(MANC), defreg(MDIC),
131 defreg(MPC), defreg(PBA), defreg(RCTL), defreg(RDBAH),
132 defreg(RDBAL), defreg(RDH), defreg(RDLEN), defreg(RDT),
133 defreg(STATUS), defreg(SWSM), defreg(TCTL), defreg(TDBAH),
134 defreg(TDBAL), defreg(TDH), defreg(TDLEN), defreg(TDT),
135 defreg(TORH), defreg(TORL), defreg(TOTH), defreg(TOTL),
136 defreg(TPR), defreg(TPT), defreg(TXDCTL), defreg(WUFC),
137 defreg(RA), defreg(MTA), defreg(CRCERRS),defreg(VFTA),
141 enum { PHY_R = 1, PHY_W = 2, PHY_RW = PHY_R | PHY_W };
142 static const char phy_regcap[0x20] = {
143 [PHY_STATUS] = PHY_R, [M88E1000_EXT_PHY_SPEC_CTRL] = PHY_RW,
144 [PHY_ID1] = PHY_R, [M88E1000_PHY_SPEC_CTRL] = PHY_RW,
145 [PHY_CTRL] = PHY_RW, [PHY_1000T_CTRL] = PHY_RW,
146 [PHY_LP_ABILITY] = PHY_R, [PHY_1000T_STATUS] = PHY_R,
147 [PHY_AUTONEG_ADV] = PHY_RW, [M88E1000_RX_ERR_CNTR] = PHY_R,
148 [PHY_ID2] = PHY_R, [M88E1000_PHY_SPEC_STATUS] = PHY_R
152 ioport_map(PCIDevice *pci_dev, int region_num, pcibus_t addr,
153 pcibus_t size, int type)
155 DBGOUT(IO, "e1000_ioport_map addr=0x%04"FMT_PCIBUS
156 " size=0x%08"FMT_PCIBUS"\n", addr, size);
160 set_interrupt_cause(E1000State *s, int index, uint32_t val)
163 val |= E1000_ICR_INT_ASSERTED;
164 s->mac_reg[ICR] = val;
165 s->mac_reg[ICS] = val;
166 qemu_set_irq(s->dev.irq[0], (s->mac_reg[IMS] & s->mac_reg[ICR]) != 0);
170 set_ics(E1000State *s, int index, uint32_t val)
172 DBGOUT(INTERRUPT, "set_ics %x, ICR %x, IMR %x\n", val, s->mac_reg[ICR],
174 set_interrupt_cause(s, 0, val | s->mac_reg[ICR]);
178 rxbufsize(uint32_t v)
180 v &= E1000_RCTL_BSEX | E1000_RCTL_SZ_16384 | E1000_RCTL_SZ_8192 |
181 E1000_RCTL_SZ_4096 | E1000_RCTL_SZ_2048 | E1000_RCTL_SZ_1024 |
182 E1000_RCTL_SZ_512 | E1000_RCTL_SZ_256;
184 case E1000_RCTL_BSEX | E1000_RCTL_SZ_16384:
186 case E1000_RCTL_BSEX | E1000_RCTL_SZ_8192:
188 case E1000_RCTL_BSEX | E1000_RCTL_SZ_4096:
190 case E1000_RCTL_SZ_1024:
192 case E1000_RCTL_SZ_512:
194 case E1000_RCTL_SZ_256:
201 set_ctrl(E1000State *s, int index, uint32_t val)
203 /* RST is self clearing */
204 s->mac_reg[CTRL] = val & ~E1000_CTRL_RST;
208 set_rx_control(E1000State *s, int index, uint32_t val)
210 s->mac_reg[RCTL] = val;
211 s->rxbuf_size = rxbufsize(val);
212 s->rxbuf_min_shift = ((val / E1000_RCTL_RDMTS_QUAT) & 3) + 1;
213 DBGOUT(RX, "RCTL: %d, mac_reg[RCTL] = 0x%x\n", s->mac_reg[RDT],
218 set_mdic(E1000State *s, int index, uint32_t val)
220 uint32_t data = val & E1000_MDIC_DATA_MASK;
221 uint32_t addr = ((val & E1000_MDIC_REG_MASK) >> E1000_MDIC_REG_SHIFT);
223 if ((val & E1000_MDIC_PHY_MASK) >> E1000_MDIC_PHY_SHIFT != 1) // phy #
224 val = s->mac_reg[MDIC] | E1000_MDIC_ERROR;
225 else if (val & E1000_MDIC_OP_READ) {
226 DBGOUT(MDIC, "MDIC read reg 0x%x\n", addr);
227 if (!(phy_regcap[addr] & PHY_R)) {
228 DBGOUT(MDIC, "MDIC read reg %x unhandled\n", addr);
229 val |= E1000_MDIC_ERROR;
231 val = (val ^ data) | s->phy_reg[addr];
232 } else if (val & E1000_MDIC_OP_WRITE) {
233 DBGOUT(MDIC, "MDIC write reg 0x%x, value 0x%x\n", addr, data);
234 if (!(phy_regcap[addr] & PHY_W)) {
235 DBGOUT(MDIC, "MDIC write reg %x unhandled\n", addr);
236 val |= E1000_MDIC_ERROR;
238 s->phy_reg[addr] = data;
240 s->mac_reg[MDIC] = val | E1000_MDIC_READY;
241 set_ics(s, 0, E1000_ICR_MDAC);
245 get_eecd(E1000State *s, int index)
247 uint32_t ret = E1000_EECD_PRES|E1000_EECD_GNT | s->eecd_state.old_eecd;
249 DBGOUT(EEPROM, "reading eeprom bit %d (reading %d)\n",
250 s->eecd_state.bitnum_out, s->eecd_state.reading);
251 if (!s->eecd_state.reading ||
252 ((s->eeprom_data[(s->eecd_state.bitnum_out >> 4) & 0x3f] >>
253 ((s->eecd_state.bitnum_out & 0xf) ^ 0xf))) & 1)
254 ret |= E1000_EECD_DO;
259 set_eecd(E1000State *s, int index, uint32_t val)
261 uint32_t oldval = s->eecd_state.old_eecd;
263 s->eecd_state.old_eecd = val & (E1000_EECD_SK | E1000_EECD_CS |
264 E1000_EECD_DI|E1000_EECD_FWE_MASK|E1000_EECD_REQ);
265 if (!(E1000_EECD_SK & (val ^ oldval))) // no clock edge
267 if (!(E1000_EECD_SK & val)) { // falling edge
268 s->eecd_state.bitnum_out++;
271 if (!(val & E1000_EECD_CS)) { // rising, no CS (EEPROM reset)
272 memset(&s->eecd_state, 0, sizeof s->eecd_state);
274 * restore old_eecd's E1000_EECD_SK (known to be on)
275 * to avoid false detection of a clock edge
277 s->eecd_state.old_eecd = E1000_EECD_SK;
280 s->eecd_state.val_in <<= 1;
281 if (val & E1000_EECD_DI)
282 s->eecd_state.val_in |= 1;
283 if (++s->eecd_state.bitnum_in == 9 && !s->eecd_state.reading) {
284 s->eecd_state.bitnum_out = ((s->eecd_state.val_in & 0x3f)<<4)-1;
285 s->eecd_state.reading = (((s->eecd_state.val_in >> 6) & 7) ==
286 EEPROM_READ_OPCODE_MICROWIRE);
288 DBGOUT(EEPROM, "eeprom bitnum in %d out %d, reading %d\n",
289 s->eecd_state.bitnum_in, s->eecd_state.bitnum_out,
290 s->eecd_state.reading);
294 flash_eerd_read(E1000State *s, int x)
296 unsigned int index, r = s->mac_reg[EERD] & ~E1000_EEPROM_RW_REG_START;
298 if ((s->mac_reg[EERD] & E1000_EEPROM_RW_REG_START) == 0)
299 return (s->mac_reg[EERD]);
301 if ((index = r >> E1000_EEPROM_RW_ADDR_SHIFT) > EEPROM_CHECKSUM_REG)
302 return (E1000_EEPROM_RW_REG_DONE | r);
304 return ((s->eeprom_data[index] << E1000_EEPROM_RW_REG_DATA) |
305 E1000_EEPROM_RW_REG_DONE | r);
309 putsum(uint8_t *data, uint32_t n, uint32_t sloc, uint32_t css, uint32_t cse)
316 sum = net_checksum_add(n-css, data+css);
317 cpu_to_be16wu((uint16_t *)(data + sloc),
318 net_checksum_finish(sum));
323 vlan_enabled(E1000State *s)
325 return ((s->mac_reg[CTRL] & E1000_CTRL_VME) != 0);
329 vlan_rx_filter_enabled(E1000State *s)
331 return ((s->mac_reg[RCTL] & E1000_RCTL_VFE) != 0);
335 is_vlan_packet(E1000State *s, const uint8_t *buf)
337 return (be16_to_cpup((uint16_t *)(buf + 12)) ==
338 le16_to_cpup((uint16_t *)(s->mac_reg + VET)));
342 is_vlan_txd(uint32_t txd_lower)
344 return ((txd_lower & E1000_TXD_CMD_VLE) != 0);
347 /* FCS aka Ethernet CRC-32. We don't get it from backends and can't
348 * fill it in, just pad descriptor length by 4 bytes unless guest
349 * told us to trip it off the packet. */
351 fcs_len(E1000State *s)
353 return (s->mac_reg[RCTL] & E1000_RCTL_SECRC) ? 0 : 4;
357 xmit_seg(E1000State *s)
360 unsigned int frames = s->tx.tso_frames, css, sofar, n;
361 struct e1000_tx *tp = &s->tx;
363 if (tp->tse && tp->cptse) {
365 DBGOUT(TXSUM, "frames %d size %d ipcss %d\n",
366 frames, tp->size, css);
367 if (tp->ip) { // IPv4
368 cpu_to_be16wu((uint16_t *)(tp->data+css+2),
370 cpu_to_be16wu((uint16_t *)(tp->data+css+4),
371 be16_to_cpup((uint16_t *)(tp->data+css+4))+frames);
373 cpu_to_be16wu((uint16_t *)(tp->data+css+4),
376 len = tp->size - css;
377 DBGOUT(TXSUM, "tcp %d tucss %d len %d\n", tp->tcp, css, len);
379 sofar = frames * tp->mss;
380 cpu_to_be32wu((uint32_t *)(tp->data+css+4), // seq
381 be32_to_cpupu((uint32_t *)(tp->data+css+4))+sofar);
382 if (tp->paylen - sofar > tp->mss)
383 tp->data[css + 13] &= ~9; // PSH, FIN
385 cpu_to_be16wu((uint16_t *)(tp->data+css+4), len);
386 if (tp->sum_needed & E1000_TXD_POPTS_TXSM) {
387 // add pseudo-header length before checksum calculation
388 sp = (uint16_t *)(tp->data + tp->tucso);
389 cpu_to_be16wu(sp, be16_to_cpup(sp) + len);
394 if (tp->sum_needed & E1000_TXD_POPTS_TXSM)
395 putsum(tp->data, tp->size, tp->tucso, tp->tucss, tp->tucse);
396 if (tp->sum_needed & E1000_TXD_POPTS_IXSM)
397 putsum(tp->data, tp->size, tp->ipcso, tp->ipcss, tp->ipcse);
398 if (tp->vlan_needed) {
399 memmove(tp->vlan, tp->data, 4);
400 memmove(tp->data, tp->data + 4, 8);
401 memcpy(tp->data + 8, tp->vlan_header, 4);
402 qemu_send_packet(&s->nic->nc, tp->vlan, tp->size + 4);
404 qemu_send_packet(&s->nic->nc, tp->data, tp->size);
407 n = s->mac_reg[TOTL];
408 if ((s->mac_reg[TOTL] += s->tx.size) < n)
413 process_tx_desc(E1000State *s, struct e1000_tx_desc *dp)
415 uint32_t txd_lower = le32_to_cpu(dp->lower.data);
416 uint32_t dtype = txd_lower & (E1000_TXD_CMD_DEXT | E1000_TXD_DTYP_D);
417 unsigned int split_size = txd_lower & 0xffff, bytes, sz, op;
418 unsigned int msh = 0xfffff, hdr = 0;
420 struct e1000_context_desc *xp = (struct e1000_context_desc *)dp;
421 struct e1000_tx *tp = &s->tx;
423 if (dtype == E1000_TXD_CMD_DEXT) { // context descriptor
424 op = le32_to_cpu(xp->cmd_and_length);
425 tp->ipcss = xp->lower_setup.ip_fields.ipcss;
426 tp->ipcso = xp->lower_setup.ip_fields.ipcso;
427 tp->ipcse = le16_to_cpu(xp->lower_setup.ip_fields.ipcse);
428 tp->tucss = xp->upper_setup.tcp_fields.tucss;
429 tp->tucso = xp->upper_setup.tcp_fields.tucso;
430 tp->tucse = le16_to_cpu(xp->upper_setup.tcp_fields.tucse);
431 tp->paylen = op & 0xfffff;
432 tp->hdr_len = xp->tcp_seg_setup.fields.hdr_len;
433 tp->mss = le16_to_cpu(xp->tcp_seg_setup.fields.mss);
434 tp->ip = (op & E1000_TXD_CMD_IP) ? 1 : 0;
435 tp->tcp = (op & E1000_TXD_CMD_TCP) ? 1 : 0;
436 tp->tse = (op & E1000_TXD_CMD_TSE) ? 1 : 0;
438 if (tp->tucso == 0) { // this is probably wrong
439 DBGOUT(TXSUM, "TCP/UDP: cso 0!\n");
440 tp->tucso = tp->tucss + (tp->tcp ? 16 : 6);
443 } else if (dtype == (E1000_TXD_CMD_DEXT | E1000_TXD_DTYP_D)) {
445 tp->sum_needed = le32_to_cpu(dp->upper.data) >> 8;
446 tp->cptse = ( txd_lower & E1000_TXD_CMD_TSE ) ? 1 : 0;
451 if (vlan_enabled(s) && is_vlan_txd(txd_lower) &&
452 (tp->cptse || txd_lower & E1000_TXD_CMD_EOP)) {
454 cpu_to_be16wu((uint16_t *)(tp->vlan_header),
455 le16_to_cpup((uint16_t *)(s->mac_reg + VET)));
456 cpu_to_be16wu((uint16_t *)(tp->vlan_header + 2),
457 le16_to_cpu(dp->upper.fields.special));
460 addr = le64_to_cpu(dp->buffer_addr);
461 if (tp->tse && tp->cptse) {
466 if (tp->size + bytes > msh)
467 bytes = msh - tp->size;
468 cpu_physical_memory_read(addr, tp->data + tp->size, bytes);
469 if ((sz = tp->size + bytes) >= hdr && tp->size < hdr)
470 memmove(tp->header, tp->data, hdr);
475 memmove(tp->data, tp->header, hdr);
478 } while (split_size -= bytes);
479 } else if (!tp->tse && tp->cptse) {
480 // context descriptor TSE is not set, while data descriptor TSE is set
481 DBGOUT(TXERR, "TCP segmentaion Error\n");
483 cpu_physical_memory_read(addr, tp->data + tp->size, split_size);
484 tp->size += split_size;
487 if (!(txd_lower & E1000_TXD_CMD_EOP))
489 if (!(tp->tse && tp->cptse && tp->size < hdr))
499 txdesc_writeback(target_phys_addr_t base, struct e1000_tx_desc *dp)
501 uint32_t txd_upper, txd_lower = le32_to_cpu(dp->lower.data);
503 if (!(txd_lower & (E1000_TXD_CMD_RS|E1000_TXD_CMD_RPS)))
505 txd_upper = (le32_to_cpu(dp->upper.data) | E1000_TXD_STAT_DD) &
506 ~(E1000_TXD_STAT_EC | E1000_TXD_STAT_LC | E1000_TXD_STAT_TU);
507 dp->upper.data = cpu_to_le32(txd_upper);
508 cpu_physical_memory_write(base + ((char *)&dp->upper - (char *)dp),
509 (void *)&dp->upper, sizeof(dp->upper));
510 return E1000_ICR_TXDW;
514 start_xmit(E1000State *s)
516 target_phys_addr_t base;
517 struct e1000_tx_desc desc;
518 uint32_t tdh_start = s->mac_reg[TDH], cause = E1000_ICS_TXQE;
520 if (!(s->mac_reg[TCTL] & E1000_TCTL_EN)) {
521 DBGOUT(TX, "tx disabled\n");
525 while (s->mac_reg[TDH] != s->mac_reg[TDT]) {
526 base = ((uint64_t)s->mac_reg[TDBAH] << 32) + s->mac_reg[TDBAL] +
527 sizeof(struct e1000_tx_desc) * s->mac_reg[TDH];
528 cpu_physical_memory_read(base, (void *)&desc, sizeof(desc));
530 DBGOUT(TX, "index %d: %p : %x %x\n", s->mac_reg[TDH],
531 (void *)(intptr_t)desc.buffer_addr, desc.lower.data,
534 process_tx_desc(s, &desc);
535 cause |= txdesc_writeback(base, &desc);
537 if (++s->mac_reg[TDH] * sizeof(desc) >= s->mac_reg[TDLEN])
540 * the following could happen only if guest sw assigns
541 * bogus values to TDT/TDLEN.
542 * there's nothing too intelligent we could do about this.
544 if (s->mac_reg[TDH] == tdh_start) {
545 DBGOUT(TXERR, "TDH wraparound @%x, TDT %x, TDLEN %x\n",
546 tdh_start, s->mac_reg[TDT], s->mac_reg[TDLEN]);
550 set_ics(s, 0, cause);
554 receive_filter(E1000State *s, const uint8_t *buf, int size)
556 static const uint8_t bcast[] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
557 static const int mta_shift[] = {4, 3, 2, 0};
558 uint32_t f, rctl = s->mac_reg[RCTL], ra[2], *rp;
560 if (is_vlan_packet(s, buf) && vlan_rx_filter_enabled(s)) {
561 uint16_t vid = be16_to_cpup((uint16_t *)(buf + 14));
562 uint32_t vfta = le32_to_cpup((uint32_t *)(s->mac_reg + VFTA) +
563 ((vid >> 5) & 0x7f));
564 if ((vfta & (1 << (vid & 0x1f))) == 0)
568 if (rctl & E1000_RCTL_UPE) // promiscuous
571 if ((buf[0] & 1) && (rctl & E1000_RCTL_MPE)) // promiscuous mcast
574 if ((rctl & E1000_RCTL_BAM) && !memcmp(buf, bcast, sizeof bcast))
577 for (rp = s->mac_reg + RA; rp < s->mac_reg + RA + 32; rp += 2) {
578 if (!(rp[1] & E1000_RAH_AV))
580 ra[0] = cpu_to_le32(rp[0]);
581 ra[1] = cpu_to_le32(rp[1]);
582 if (!memcmp(buf, (uint8_t *)ra, 6)) {
584 "unicast match[%d]: %02x:%02x:%02x:%02x:%02x:%02x\n",
585 (int)(rp - s->mac_reg - RA)/2,
586 buf[0], buf[1], buf[2], buf[3], buf[4], buf[5]);
590 DBGOUT(RXFILTER, "unicast mismatch: %02x:%02x:%02x:%02x:%02x:%02x\n",
591 buf[0], buf[1], buf[2], buf[3], buf[4], buf[5]);
593 f = mta_shift[(rctl >> E1000_RCTL_MO_SHIFT) & 3];
594 f = (((buf[5] << 8) | buf[4]) >> f) & 0xfff;
595 if (s->mac_reg[MTA + (f >> 5)] & (1 << (f & 0x1f)))
598 "dropping, inexact filter mismatch: %02x:%02x:%02x:%02x:%02x:%02x MO %d MTA[%d] %x\n",
599 buf[0], buf[1], buf[2], buf[3], buf[4], buf[5],
600 (rctl >> E1000_RCTL_MO_SHIFT) & 3, f >> 5,
601 s->mac_reg[MTA + (f >> 5)]);
607 e1000_set_link_status(VLANClientState *nc)
609 E1000State *s = DO_UPCAST(NICState, nc, nc)->opaque;
610 uint32_t old_status = s->mac_reg[STATUS];
613 s->mac_reg[STATUS] &= ~E1000_STATUS_LU;
615 s->mac_reg[STATUS] |= E1000_STATUS_LU;
617 if (s->mac_reg[STATUS] != old_status)
618 set_ics(s, 0, E1000_ICR_LSC);
622 e1000_can_receive(VLANClientState *nc)
624 E1000State *s = DO_UPCAST(NICState, nc, nc)->opaque;
626 return (s->mac_reg[RCTL] & E1000_RCTL_EN);
630 e1000_receive(VLANClientState *nc, const uint8_t *buf, size_t size)
632 E1000State *s = DO_UPCAST(NICState, nc, nc)->opaque;
633 struct e1000_rx_desc desc;
634 target_phys_addr_t base;
637 uint16_t vlan_special = 0;
638 uint8_t vlan_status = 0, vlan_offset = 0;
640 if (!(s->mac_reg[RCTL] & E1000_RCTL_EN))
643 if (size > s->rxbuf_size) {
644 DBGOUT(RX, "packet too large for buffers (%lu > %d)\n",
645 (unsigned long)size, s->rxbuf_size);
649 if (!receive_filter(s, buf, size))
652 if (vlan_enabled(s) && is_vlan_packet(s, buf)) {
653 vlan_special = cpu_to_le16(be16_to_cpup((uint16_t *)(buf + 14)));
654 memmove((uint8_t *)buf + 4, buf, 12);
655 vlan_status = E1000_RXD_STAT_VP;
660 rdh_start = s->mac_reg[RDH];
662 if (s->mac_reg[RDH] == s->mac_reg[RDT] && s->check_rxov) {
663 set_ics(s, 0, E1000_ICS_RXO);
666 base = ((uint64_t)s->mac_reg[RDBAH] << 32) + s->mac_reg[RDBAL] +
667 sizeof(desc) * s->mac_reg[RDH];
668 cpu_physical_memory_read(base, (void *)&desc, sizeof(desc));
669 desc.special = vlan_special;
670 desc.status |= (vlan_status | E1000_RXD_STAT_DD);
671 if (desc.buffer_addr) {
672 cpu_physical_memory_write(le64_to_cpu(desc.buffer_addr),
673 (void *)(buf + vlan_offset), size);
674 desc.length = cpu_to_le16(size + fcs_len(s));
675 desc.status |= E1000_RXD_STAT_EOP|E1000_RXD_STAT_IXSM;
676 } else // as per intel docs; skip descriptors with null buf addr
677 DBGOUT(RX, "Null RX descriptor!!\n");
678 cpu_physical_memory_write(base, (void *)&desc, sizeof(desc));
680 if (++s->mac_reg[RDH] * sizeof(desc) >= s->mac_reg[RDLEN])
683 /* see comment in start_xmit; same here */
684 if (s->mac_reg[RDH] == rdh_start) {
685 DBGOUT(RXERR, "RDH wraparound @%x, RDT %x, RDLEN %x\n",
686 rdh_start, s->mac_reg[RDT], s->mac_reg[RDLEN]);
687 set_ics(s, 0, E1000_ICS_RXO);
690 } while (desc.buffer_addr == 0);
694 n = s->mac_reg[TORL];
695 if ((s->mac_reg[TORL] += size) < n)
699 if ((rdt = s->mac_reg[RDT]) < s->mac_reg[RDH])
700 rdt += s->mac_reg[RDLEN] / sizeof(desc);
701 if (((rdt - s->mac_reg[RDH]) * sizeof(desc)) <= s->mac_reg[RDLEN] >>
703 n |= E1000_ICS_RXDMT0;
711 mac_readreg(E1000State *s, int index)
713 return s->mac_reg[index];
717 mac_icr_read(E1000State *s, int index)
719 uint32_t ret = s->mac_reg[ICR];
721 DBGOUT(INTERRUPT, "ICR read: %x\n", ret);
722 set_interrupt_cause(s, 0, 0);
727 mac_read_clr4(E1000State *s, int index)
729 uint32_t ret = s->mac_reg[index];
731 s->mac_reg[index] = 0;
736 mac_read_clr8(E1000State *s, int index)
738 uint32_t ret = s->mac_reg[index];
740 s->mac_reg[index] = 0;
741 s->mac_reg[index-1] = 0;
746 mac_writereg(E1000State *s, int index, uint32_t val)
748 s->mac_reg[index] = val;
752 set_rdt(E1000State *s, int index, uint32_t val)
755 s->mac_reg[index] = val & 0xffff;
759 set_16bit(E1000State *s, int index, uint32_t val)
761 s->mac_reg[index] = val & 0xffff;
765 set_dlen(E1000State *s, int index, uint32_t val)
767 s->mac_reg[index] = val & 0xfff80;
771 set_tctl(E1000State *s, int index, uint32_t val)
773 s->mac_reg[index] = val;
774 s->mac_reg[TDT] &= 0xffff;
779 set_icr(E1000State *s, int index, uint32_t val)
781 DBGOUT(INTERRUPT, "set_icr %x\n", val);
782 set_interrupt_cause(s, 0, s->mac_reg[ICR] & ~val);
786 set_imc(E1000State *s, int index, uint32_t val)
788 s->mac_reg[IMS] &= ~val;
793 set_ims(E1000State *s, int index, uint32_t val)
795 s->mac_reg[IMS] |= val;
799 #define getreg(x) [x] = mac_readreg
800 static uint32_t (*macreg_readops[])(E1000State *, int) = {
801 getreg(PBA), getreg(RCTL), getreg(TDH), getreg(TXDCTL),
802 getreg(WUFC), getreg(TDT), getreg(CTRL), getreg(LEDCTL),
803 getreg(MANC), getreg(MDIC), getreg(SWSM), getreg(STATUS),
804 getreg(TORL), getreg(TOTL), getreg(IMS), getreg(TCTL),
805 getreg(RDH), getreg(RDT), getreg(VET), getreg(ICS),
806 getreg(TDBAL), getreg(TDBAH), getreg(RDBAH), getreg(RDBAL),
807 getreg(TDLEN), getreg(RDLEN),
809 [TOTH] = mac_read_clr8, [TORH] = mac_read_clr8, [GPRC] = mac_read_clr4,
810 [GPTC] = mac_read_clr4, [TPR] = mac_read_clr4, [TPT] = mac_read_clr4,
811 [ICR] = mac_icr_read, [EECD] = get_eecd, [EERD] = flash_eerd_read,
812 [CRCERRS ... MPC] = &mac_readreg,
813 [RA ... RA+31] = &mac_readreg,
814 [MTA ... MTA+127] = &mac_readreg,
815 [VFTA ... VFTA+127] = &mac_readreg,
817 enum { NREADOPS = ARRAY_SIZE(macreg_readops) };
819 #define putreg(x) [x] = mac_writereg
820 static void (*macreg_writeops[])(E1000State *, int, uint32_t) = {
821 putreg(PBA), putreg(EERD), putreg(SWSM), putreg(WUFC),
822 putreg(TDBAL), putreg(TDBAH), putreg(TXDCTL), putreg(RDBAH),
823 putreg(RDBAL), putreg(LEDCTL), putreg(VET),
824 [TDLEN] = set_dlen, [RDLEN] = set_dlen, [TCTL] = set_tctl,
825 [TDT] = set_tctl, [MDIC] = set_mdic, [ICS] = set_ics,
826 [TDH] = set_16bit, [RDH] = set_16bit, [RDT] = set_rdt,
827 [IMC] = set_imc, [IMS] = set_ims, [ICR] = set_icr,
828 [EECD] = set_eecd, [RCTL] = set_rx_control, [CTRL] = set_ctrl,
829 [RA ... RA+31] = &mac_writereg,
830 [MTA ... MTA+127] = &mac_writereg,
831 [VFTA ... VFTA+127] = &mac_writereg,
833 enum { NWRITEOPS = ARRAY_SIZE(macreg_writeops) };
836 e1000_mmio_writel(void *opaque, target_phys_addr_t addr, uint32_t val)
838 E1000State *s = opaque;
839 unsigned int index = (addr & 0x1ffff) >> 2;
841 #ifdef TARGET_WORDS_BIGENDIAN
844 if (index < NWRITEOPS && macreg_writeops[index])
845 macreg_writeops[index](s, index, val);
846 else if (index < NREADOPS && macreg_readops[index])
847 DBGOUT(MMIO, "e1000_mmio_writel RO %x: 0x%04x\n", index<<2, val);
849 DBGOUT(UNKNOWN, "MMIO unknown write addr=0x%08x,val=0x%08x\n",
854 e1000_mmio_writew(void *opaque, target_phys_addr_t addr, uint32_t val)
856 // emulate hw without byte enables: no RMW
857 e1000_mmio_writel(opaque, addr & ~3,
858 (val & 0xffff) << (8*(addr & 3)));
862 e1000_mmio_writeb(void *opaque, target_phys_addr_t addr, uint32_t val)
864 // emulate hw without byte enables: no RMW
865 e1000_mmio_writel(opaque, addr & ~3,
866 (val & 0xff) << (8*(addr & 3)));
870 e1000_mmio_readl(void *opaque, target_phys_addr_t addr)
872 E1000State *s = opaque;
873 unsigned int index = (addr & 0x1ffff) >> 2;
875 if (index < NREADOPS && macreg_readops[index])
877 uint32_t val = macreg_readops[index](s, index);
878 #ifdef TARGET_WORDS_BIGENDIAN
883 DBGOUT(UNKNOWN, "MMIO unknown read addr=0x%08x\n", index<<2);
888 e1000_mmio_readb(void *opaque, target_phys_addr_t addr)
890 return ((e1000_mmio_readl(opaque, addr & ~3)) >>
891 (8 * (addr & 3))) & 0xff;
895 e1000_mmio_readw(void *opaque, target_phys_addr_t addr)
897 return ((e1000_mmio_readl(opaque, addr & ~3)) >>
898 (8 * (addr & 3))) & 0xffff;
901 static bool is_version_1(void *opaque, int version_id)
903 return version_id == 1;
906 static const VMStateDescription vmstate_e1000 = {
909 .minimum_version_id = 1,
910 .minimum_version_id_old = 1,
911 .fields = (VMStateField []) {
912 VMSTATE_PCI_DEVICE(dev, E1000State),
913 VMSTATE_UNUSED_TEST(is_version_1, 4), /* was instance id */
914 VMSTATE_UNUSED(4), /* Was mmio_base. */
915 VMSTATE_UINT32(rxbuf_size, E1000State),
916 VMSTATE_UINT32(rxbuf_min_shift, E1000State),
917 VMSTATE_UINT32(eecd_state.val_in, E1000State),
918 VMSTATE_UINT16(eecd_state.bitnum_in, E1000State),
919 VMSTATE_UINT16(eecd_state.bitnum_out, E1000State),
920 VMSTATE_UINT16(eecd_state.reading, E1000State),
921 VMSTATE_UINT32(eecd_state.old_eecd, E1000State),
922 VMSTATE_UINT8(tx.ipcss, E1000State),
923 VMSTATE_UINT8(tx.ipcso, E1000State),
924 VMSTATE_UINT16(tx.ipcse, E1000State),
925 VMSTATE_UINT8(tx.tucss, E1000State),
926 VMSTATE_UINT8(tx.tucso, E1000State),
927 VMSTATE_UINT16(tx.tucse, E1000State),
928 VMSTATE_UINT32(tx.paylen, E1000State),
929 VMSTATE_UINT8(tx.hdr_len, E1000State),
930 VMSTATE_UINT16(tx.mss, E1000State),
931 VMSTATE_UINT16(tx.size, E1000State),
932 VMSTATE_UINT16(tx.tso_frames, E1000State),
933 VMSTATE_UINT8(tx.sum_needed, E1000State),
934 VMSTATE_INT8(tx.ip, E1000State),
935 VMSTATE_INT8(tx.tcp, E1000State),
936 VMSTATE_BUFFER(tx.header, E1000State),
937 VMSTATE_BUFFER(tx.data, E1000State),
938 VMSTATE_UINT16_ARRAY(eeprom_data, E1000State, 64),
939 VMSTATE_UINT16_ARRAY(phy_reg, E1000State, 0x20),
940 VMSTATE_UINT32(mac_reg[CTRL], E1000State),
941 VMSTATE_UINT32(mac_reg[EECD], E1000State),
942 VMSTATE_UINT32(mac_reg[EERD], E1000State),
943 VMSTATE_UINT32(mac_reg[GPRC], E1000State),
944 VMSTATE_UINT32(mac_reg[GPTC], E1000State),
945 VMSTATE_UINT32(mac_reg[ICR], E1000State),
946 VMSTATE_UINT32(mac_reg[ICS], E1000State),
947 VMSTATE_UINT32(mac_reg[IMC], E1000State),
948 VMSTATE_UINT32(mac_reg[IMS], E1000State),
949 VMSTATE_UINT32(mac_reg[LEDCTL], E1000State),
950 VMSTATE_UINT32(mac_reg[MANC], E1000State),
951 VMSTATE_UINT32(mac_reg[MDIC], E1000State),
952 VMSTATE_UINT32(mac_reg[MPC], E1000State),
953 VMSTATE_UINT32(mac_reg[PBA], E1000State),
954 VMSTATE_UINT32(mac_reg[RCTL], E1000State),
955 VMSTATE_UINT32(mac_reg[RDBAH], E1000State),
956 VMSTATE_UINT32(mac_reg[RDBAL], E1000State),
957 VMSTATE_UINT32(mac_reg[RDH], E1000State),
958 VMSTATE_UINT32(mac_reg[RDLEN], E1000State),
959 VMSTATE_UINT32(mac_reg[RDT], E1000State),
960 VMSTATE_UINT32(mac_reg[STATUS], E1000State),
961 VMSTATE_UINT32(mac_reg[SWSM], E1000State),
962 VMSTATE_UINT32(mac_reg[TCTL], E1000State),
963 VMSTATE_UINT32(mac_reg[TDBAH], E1000State),
964 VMSTATE_UINT32(mac_reg[TDBAL], E1000State),
965 VMSTATE_UINT32(mac_reg[TDH], E1000State),
966 VMSTATE_UINT32(mac_reg[TDLEN], E1000State),
967 VMSTATE_UINT32(mac_reg[TDT], E1000State),
968 VMSTATE_UINT32(mac_reg[TORH], E1000State),
969 VMSTATE_UINT32(mac_reg[TORL], E1000State),
970 VMSTATE_UINT32(mac_reg[TOTH], E1000State),
971 VMSTATE_UINT32(mac_reg[TOTL], E1000State),
972 VMSTATE_UINT32(mac_reg[TPR], E1000State),
973 VMSTATE_UINT32(mac_reg[TPT], E1000State),
974 VMSTATE_UINT32(mac_reg[TXDCTL], E1000State),
975 VMSTATE_UINT32(mac_reg[WUFC], E1000State),
976 VMSTATE_UINT32(mac_reg[VET], E1000State),
977 VMSTATE_UINT32_SUB_ARRAY(mac_reg, E1000State, RA, 32),
978 VMSTATE_UINT32_SUB_ARRAY(mac_reg, E1000State, MTA, 128),
979 VMSTATE_UINT32_SUB_ARRAY(mac_reg, E1000State, VFTA, 128),
980 VMSTATE_END_OF_LIST()
984 static const uint16_t e1000_eeprom_template[64] = {
985 0x0000, 0x0000, 0x0000, 0x0000, 0xffff, 0x0000, 0x0000, 0x0000,
986 0x3000, 0x1000, 0x6403, E1000_DEVID, 0x8086, E1000_DEVID, 0x8086, 0x3040,
987 0x0008, 0x2000, 0x7e14, 0x0048, 0x1000, 0x00d8, 0x0000, 0x2700,
988 0x6cc9, 0x3150, 0x0722, 0x040b, 0x0984, 0x0000, 0xc000, 0x0706,
989 0x1008, 0x0000, 0x0f04, 0x7fff, 0x4d01, 0xffff, 0xffff, 0xffff,
990 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
991 0x0100, 0x4000, 0x121c, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
992 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0x0000,
995 static const uint16_t phy_reg_init[] = {
996 [PHY_CTRL] = 0x1140, [PHY_STATUS] = 0x796d, // link initially up
997 [PHY_ID1] = 0x141, [PHY_ID2] = PHY_ID2_INIT,
998 [PHY_1000T_CTRL] = 0x0e00, [M88E1000_PHY_SPEC_CTRL] = 0x360,
999 [M88E1000_EXT_PHY_SPEC_CTRL] = 0x0d60, [PHY_AUTONEG_ADV] = 0xde1,
1000 [PHY_LP_ABILITY] = 0x1e0, [PHY_1000T_STATUS] = 0x3c00,
1001 [M88E1000_PHY_SPEC_STATUS] = 0xac00,
1004 static const uint32_t mac_reg_init[] = {
1007 [CTRL] = E1000_CTRL_SWDPIN2 | E1000_CTRL_SWDPIN0 |
1008 E1000_CTRL_SPD_1000 | E1000_CTRL_SLU,
1009 [STATUS] = 0x80000000 | E1000_STATUS_GIO_MASTER_ENABLE |
1010 E1000_STATUS_ASDV | E1000_STATUS_MTXCKOK |
1011 E1000_STATUS_SPEED_1000 | E1000_STATUS_FD |
1013 [MANC] = E1000_MANC_EN_MNG2HOST | E1000_MANC_RCV_TCO_EN |
1014 E1000_MANC_ARP_EN | E1000_MANC_0298_EN |
1020 static CPUWriteMemoryFunc * const e1000_mmio_write[] = {
1021 e1000_mmio_writeb, e1000_mmio_writew, e1000_mmio_writel
1024 static CPUReadMemoryFunc * const e1000_mmio_read[] = {
1025 e1000_mmio_readb, e1000_mmio_readw, e1000_mmio_readl
1029 e1000_mmio_map(PCIDevice *pci_dev, int region_num,
1030 pcibus_t addr, pcibus_t size, int type)
1032 E1000State *d = DO_UPCAST(E1000State, dev, pci_dev);
1034 const uint32_t excluded_regs[] = {
1035 E1000_MDIC, E1000_ICR, E1000_ICS, E1000_IMS,
1036 E1000_IMC, E1000_TCTL, E1000_TDT, PNPMMIO_SIZE
1040 DBGOUT(MMIO, "e1000_mmio_map addr=0x%08"FMT_PCIBUS" 0x%08"FMT_PCIBUS"\n",
1043 cpu_register_physical_memory(addr, PNPMMIO_SIZE, d->mmio_index);
1044 qemu_register_coalesced_mmio(addr, excluded_regs[0]);
1046 for (i = 0; excluded_regs[i] != PNPMMIO_SIZE; i++)
1047 qemu_register_coalesced_mmio(addr + excluded_regs[i] + 4,
1048 excluded_regs[i + 1] -
1049 excluded_regs[i] - 4);
1053 e1000_cleanup(VLANClientState *nc)
1055 E1000State *s = DO_UPCAST(NICState, nc, nc)->opaque;
1061 pci_e1000_uninit(PCIDevice *dev)
1063 E1000State *d = DO_UPCAST(E1000State, dev, dev);
1065 cpu_unregister_io_memory(d->mmio_index);
1066 qemu_del_vlan_client(&d->nic->nc);
1070 static void e1000_reset(void *opaque)
1072 E1000State *d = opaque;
1074 memset(d->phy_reg, 0, sizeof d->phy_reg);
1075 memmove(d->phy_reg, phy_reg_init, sizeof phy_reg_init);
1076 memset(d->mac_reg, 0, sizeof d->mac_reg);
1077 memmove(d->mac_reg, mac_reg_init, sizeof mac_reg_init);
1078 d->rxbuf_min_shift = 1;
1079 memset(&d->tx, 0, sizeof d->tx);
1082 static NetClientInfo net_e1000_info = {
1083 .type = NET_CLIENT_TYPE_NIC,
1084 .size = sizeof(NICState),
1085 .can_receive = e1000_can_receive,
1086 .receive = e1000_receive,
1087 .cleanup = e1000_cleanup,
1088 .link_status_changed = e1000_set_link_status,
1091 static int pci_e1000_init(PCIDevice *pci_dev)
1093 E1000State *d = DO_UPCAST(E1000State, dev, pci_dev);
1095 uint16_t checksum = 0;
1099 pci_conf = d->dev.config;
1101 pci_config_set_vendor_id(pci_conf, PCI_VENDOR_ID_INTEL);
1102 pci_config_set_device_id(pci_conf, E1000_DEVID);
1103 /* TODO: we have no capabilities, so why is this bit set? */
1104 pci_set_word(pci_conf + PCI_STATUS, PCI_STATUS_CAP_LIST);
1105 pci_conf[PCI_REVISION_ID] = 0x03;
1106 pci_config_set_class(pci_conf, PCI_CLASS_NETWORK_ETHERNET);
1107 /* TODO: RST# value should be 0, PCI spec 6.2.4 */
1108 pci_conf[PCI_CACHE_LINE_SIZE] = 0x10;
1110 /* TODO: RST# value should be 0 if programmable, PCI spec 6.2.4 */
1111 pci_conf[PCI_INTERRUPT_PIN] = 1; // interrupt pin 0
1113 d->mmio_index = cpu_register_io_memory(e1000_mmio_read,
1114 e1000_mmio_write, d);
1116 pci_register_bar((PCIDevice *)d, 0, PNPMMIO_SIZE,
1117 PCI_BASE_ADDRESS_SPACE_MEMORY, e1000_mmio_map);
1119 pci_register_bar((PCIDevice *)d, 1, IOPORT_SIZE,
1120 PCI_BASE_ADDRESS_SPACE_IO, ioport_map);
1122 memmove(d->eeprom_data, e1000_eeprom_template,
1123 sizeof e1000_eeprom_template);
1124 qemu_macaddr_default_if_unset(&d->conf.macaddr);
1125 macaddr = d->conf.macaddr.a;
1126 for (i = 0; i < 3; i++)
1127 d->eeprom_data[i] = (macaddr[2*i+1]<<8) | macaddr[2*i];
1128 for (i = 0; i < EEPROM_CHECKSUM_REG; i++)
1129 checksum += d->eeprom_data[i];
1130 checksum = (uint16_t) EEPROM_SUM - checksum;
1131 d->eeprom_data[EEPROM_CHECKSUM_REG] = checksum;
1133 d->nic = qemu_new_nic(&net_e1000_info, &d->conf,
1134 d->dev.qdev.info->name, d->dev.qdev.id, d);
1136 qemu_format_nic_info_str(&d->nic->nc, macaddr);
1140 static void qdev_e1000_reset(DeviceState *dev)
1142 E1000State *d = DO_UPCAST(E1000State, dev.qdev, dev);
1146 static PCIDeviceInfo e1000_info = {
1147 .qdev.name = "e1000",
1148 .qdev.desc = "Intel Gigabit Ethernet",
1149 .qdev.size = sizeof(E1000State),
1150 .qdev.reset = qdev_e1000_reset,
1151 .qdev.vmsd = &vmstate_e1000,
1152 .init = pci_e1000_init,
1153 .exit = pci_e1000_uninit,
1154 .romfile = "pxe-e1000.bin",
1155 .qdev.props = (Property[]) {
1156 DEFINE_NIC_PROPERTIES(E1000State, conf),
1157 DEFINE_PROP_END_OF_LIST(),
1161 static void e1000_register_devices(void)
1163 pci_qdev_register(&e1000_info);
1166 device_init(e1000_register_devices)
projects / sdk / emulator / qemu.git / blob