4 * Nir Peleg, Tutis Systems Ltd. for Qumranet Inc.
5 * Copyright (c) 2008 Qumranet
6 * Based on work done by:
7 * Copyright (c) 2007 Dan Aloni
8 * Copyright (c) 2004 Antony T Curtis
10 * This library is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU Lesser General Public
12 * License as published by the Free Software Foundation; either
13 * version 2 of the License, or (at your option) any later version.
15 * This library is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
18 * Lesser General Public License for more details.
20 * You should have received a copy of the GNU Lesser General Public
21 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
35 DEBUG_GENERAL, DEBUG_IO, DEBUG_MMIO, DEBUG_INTERRUPT,
36 DEBUG_RX, DEBUG_TX, DEBUG_MDIC, DEBUG_EEPROM,
37 DEBUG_UNKNOWN, DEBUG_TXSUM, DEBUG_TXERR, DEBUG_RXERR,
38 DEBUG_RXFILTER, DEBUG_NOTYET,
40 #define DBGBIT(x) (1<<DEBUG_##x)
41 static int debugflags = DBGBIT(TXERR) | DBGBIT(GENERAL);
43 #define DBGOUT(what, fmt, ...) do { \
44 if (debugflags & DBGBIT(what)) \
45 fprintf(stderr, "e1000: " fmt, ## __VA_ARGS__); \
48 #define DBGOUT(what, fmt, ...) do {} while (0)
51 #define IOPORT_SIZE 0x40
52 #define PNPMMIO_SIZE 0x20000
56 * E1000_DEV_ID_82540EM works with Windows and Linux
57 * E1000_DEV_ID_82573L OK with windoze and Linux 2.6.22,
58 * appears to perform better than 82540EM, but breaks with Linux 2.6.18
59 * E1000_DEV_ID_82544GC_COPPER appears to work; not well tested
62 enum { E1000_DEVID = E1000_DEV_ID_82540EM };
65 * May need to specify additional MAC-to-PHY entries --
66 * Intel's Windows driver refuses to initialize unless they match
69 PHY_ID2_INIT = E1000_DEVID == E1000_DEV_ID_82573L ? 0xcc2 :
70 E1000_DEVID == E1000_DEV_ID_82544GC_COPPER ? 0xc30 :
71 /* default to E1000_DEV_ID_82540EM */ 0xc20
74 typedef struct E1000State_st {
79 uint32_t mac_reg[0x8000];
80 uint16_t phy_reg[0x20];
81 uint16_t eeprom_data[64];
84 uint32_t rxbuf_min_shift;
87 unsigned char header[256];
88 unsigned char vlan_header[4];
89 unsigned char vlan[4];
90 unsigned char data[0x10000];
92 unsigned char sum_needed;
93 unsigned char vlan_needed;
107 char cptse; // current packet tse bit
111 uint32_t val_in; // shifted in from guest driver
119 #define defreg(x) x = (E1000_##x>>2)
121 defreg(CTRL), defreg(EECD), defreg(EERD), defreg(GPRC),
122 defreg(GPTC), defreg(ICR), defreg(ICS), defreg(IMC),
123 defreg(IMS), defreg(LEDCTL), defreg(MANC), defreg(MDIC),
124 defreg(MPC), defreg(PBA), defreg(RCTL), defreg(RDBAH),
125 defreg(RDBAL), defreg(RDH), defreg(RDLEN), defreg(RDT),
126 defreg(STATUS), defreg(SWSM), defreg(TCTL), defreg(TDBAH),
127 defreg(TDBAL), defreg(TDH), defreg(TDLEN), defreg(TDT),
128 defreg(TORH), defreg(TORL), defreg(TOTH), defreg(TOTL),
129 defreg(TPR), defreg(TPT), defreg(TXDCTL), defreg(WUFC),
130 defreg(RA), defreg(MTA), defreg(CRCERRS),defreg(VFTA),
134 enum { PHY_R = 1, PHY_W = 2, PHY_RW = PHY_R | PHY_W };
135 static const char phy_regcap[0x20] = {
136 [PHY_STATUS] = PHY_R, [M88E1000_EXT_PHY_SPEC_CTRL] = PHY_RW,
137 [PHY_ID1] = PHY_R, [M88E1000_PHY_SPEC_CTRL] = PHY_RW,
138 [PHY_CTRL] = PHY_RW, [PHY_1000T_CTRL] = PHY_RW,
139 [PHY_LP_ABILITY] = PHY_R, [PHY_1000T_STATUS] = PHY_R,
140 [PHY_AUTONEG_ADV] = PHY_RW, [M88E1000_RX_ERR_CNTR] = PHY_R,
141 [PHY_ID2] = PHY_R, [M88E1000_PHY_SPEC_STATUS] = PHY_R
145 ioport_map(PCIDevice *pci_dev, int region_num, uint32_t addr,
146 uint32_t size, int type)
148 DBGOUT(IO, "e1000_ioport_map addr=0x%04x size=0x%08x\n", addr, size);
152 set_interrupt_cause(E1000State *s, int index, uint32_t val)
155 val |= E1000_ICR_INT_ASSERTED;
156 s->mac_reg[ICR] = val;
157 qemu_set_irq(s->dev.irq[0], (s->mac_reg[IMS] & s->mac_reg[ICR]) != 0);
161 set_ics(E1000State *s, int index, uint32_t val)
163 DBGOUT(INTERRUPT, "set_ics %x, ICR %x, IMR %x\n", val, s->mac_reg[ICR],
165 set_interrupt_cause(s, 0, val | s->mac_reg[ICR]);
169 rxbufsize(uint32_t v)
171 v &= E1000_RCTL_BSEX | E1000_RCTL_SZ_16384 | E1000_RCTL_SZ_8192 |
172 E1000_RCTL_SZ_4096 | E1000_RCTL_SZ_2048 | E1000_RCTL_SZ_1024 |
173 E1000_RCTL_SZ_512 | E1000_RCTL_SZ_256;
175 case E1000_RCTL_BSEX | E1000_RCTL_SZ_16384:
177 case E1000_RCTL_BSEX | E1000_RCTL_SZ_8192:
179 case E1000_RCTL_BSEX | E1000_RCTL_SZ_4096:
181 case E1000_RCTL_SZ_1024:
183 case E1000_RCTL_SZ_512:
185 case E1000_RCTL_SZ_256:
192 set_ctrl(E1000State *s, int index, uint32_t val)
194 /* RST is self clearing */
195 s->mac_reg[CTRL] = val & ~E1000_CTRL_RST;
199 set_rx_control(E1000State *s, int index, uint32_t val)
201 s->mac_reg[RCTL] = val;
202 s->rxbuf_size = rxbufsize(val);
203 s->rxbuf_min_shift = ((val / E1000_RCTL_RDMTS_QUAT) & 3) + 1;
204 DBGOUT(RX, "RCTL: %d, mac_reg[RCTL] = 0x%x\n", s->mac_reg[RDT],
209 set_mdic(E1000State *s, int index, uint32_t val)
211 uint32_t data = val & E1000_MDIC_DATA_MASK;
212 uint32_t addr = ((val & E1000_MDIC_REG_MASK) >> E1000_MDIC_REG_SHIFT);
214 if ((val & E1000_MDIC_PHY_MASK) >> E1000_MDIC_PHY_SHIFT != 1) // phy #
215 val = s->mac_reg[MDIC] | E1000_MDIC_ERROR;
216 else if (val & E1000_MDIC_OP_READ) {
217 DBGOUT(MDIC, "MDIC read reg 0x%x\n", addr);
218 if (!(phy_regcap[addr] & PHY_R)) {
219 DBGOUT(MDIC, "MDIC read reg %x unhandled\n", addr);
220 val |= E1000_MDIC_ERROR;
222 val = (val ^ data) | s->phy_reg[addr];
223 } else if (val & E1000_MDIC_OP_WRITE) {
224 DBGOUT(MDIC, "MDIC write reg 0x%x, value 0x%x\n", addr, data);
225 if (!(phy_regcap[addr] & PHY_W)) {
226 DBGOUT(MDIC, "MDIC write reg %x unhandled\n", addr);
227 val |= E1000_MDIC_ERROR;
229 s->phy_reg[addr] = data;
231 s->mac_reg[MDIC] = val | E1000_MDIC_READY;
232 set_ics(s, 0, E1000_ICR_MDAC);
236 get_eecd(E1000State *s, int index)
238 uint32_t ret = E1000_EECD_PRES|E1000_EECD_GNT | s->eecd_state.old_eecd;
240 DBGOUT(EEPROM, "reading eeprom bit %d (reading %d)\n",
241 s->eecd_state.bitnum_out, s->eecd_state.reading);
242 if (!s->eecd_state.reading ||
243 ((s->eeprom_data[(s->eecd_state.bitnum_out >> 4) & 0x3f] >>
244 ((s->eecd_state.bitnum_out & 0xf) ^ 0xf))) & 1)
245 ret |= E1000_EECD_DO;
250 set_eecd(E1000State *s, int index, uint32_t val)
252 uint32_t oldval = s->eecd_state.old_eecd;
254 s->eecd_state.old_eecd = val & (E1000_EECD_SK | E1000_EECD_CS |
255 E1000_EECD_DI|E1000_EECD_FWE_MASK|E1000_EECD_REQ);
256 if (!(E1000_EECD_SK & (val ^ oldval))) // no clock edge
258 if (!(E1000_EECD_SK & val)) { // falling edge
259 s->eecd_state.bitnum_out++;
262 if (!(val & E1000_EECD_CS)) { // rising, no CS (EEPROM reset)
263 memset(&s->eecd_state, 0, sizeof s->eecd_state);
266 s->eecd_state.val_in <<= 1;
267 if (val & E1000_EECD_DI)
268 s->eecd_state.val_in |= 1;
269 if (++s->eecd_state.bitnum_in == 9 && !s->eecd_state.reading) {
270 s->eecd_state.bitnum_out = ((s->eecd_state.val_in & 0x3f)<<4)-1;
271 s->eecd_state.reading = (((s->eecd_state.val_in >> 6) & 7) ==
272 EEPROM_READ_OPCODE_MICROWIRE);
274 DBGOUT(EEPROM, "eeprom bitnum in %d out %d, reading %d\n",
275 s->eecd_state.bitnum_in, s->eecd_state.bitnum_out,
276 s->eecd_state.reading);
280 flash_eerd_read(E1000State *s, int x)
282 unsigned int index, r = s->mac_reg[EERD] & ~E1000_EEPROM_RW_REG_START;
284 if ((index = r >> E1000_EEPROM_RW_ADDR_SHIFT) > EEPROM_CHECKSUM_REG)
286 return (s->eeprom_data[index] << E1000_EEPROM_RW_REG_DATA) |
287 E1000_EEPROM_RW_REG_DONE | r;
291 putsum(uint8_t *data, uint32_t n, uint32_t sloc, uint32_t css, uint32_t cse)
298 sum = net_checksum_add(n-css, data+css);
299 cpu_to_be16wu((uint16_t *)(data + sloc),
300 net_checksum_finish(sum));
305 vlan_enabled(E1000State *s)
307 return ((s->mac_reg[CTRL] & E1000_CTRL_VME) != 0);
311 vlan_rx_filter_enabled(E1000State *s)
313 return ((s->mac_reg[RCTL] & E1000_RCTL_VFE) != 0);
317 is_vlan_packet(E1000State *s, const uint8_t *buf)
319 return (be16_to_cpup((uint16_t *)(buf + 12)) ==
320 le16_to_cpup((uint16_t *)(s->mac_reg + VET)));
324 is_vlan_txd(uint32_t txd_lower)
326 return ((txd_lower & E1000_TXD_CMD_VLE) != 0);
330 xmit_seg(E1000State *s)
333 unsigned int frames = s->tx.tso_frames, css, sofar, n;
334 struct e1000_tx *tp = &s->tx;
336 if (tp->tse && tp->cptse) {
338 DBGOUT(TXSUM, "frames %d size %d ipcss %d\n",
339 frames, tp->size, css);
340 if (tp->ip) { // IPv4
341 cpu_to_be16wu((uint16_t *)(tp->data+css+2),
343 cpu_to_be16wu((uint16_t *)(tp->data+css+4),
344 be16_to_cpup((uint16_t *)(tp->data+css+4))+frames);
346 cpu_to_be16wu((uint16_t *)(tp->data+css+4),
349 len = tp->size - css;
350 DBGOUT(TXSUM, "tcp %d tucss %d len %d\n", tp->tcp, css, len);
352 sofar = frames * tp->mss;
353 cpu_to_be32wu((uint32_t *)(tp->data+css+4), // seq
354 be32_to_cpupu((uint32_t *)(tp->data+css+4))+sofar);
355 if (tp->paylen - sofar > tp->mss)
356 tp->data[css + 13] &= ~9; // PSH, FIN
358 cpu_to_be16wu((uint16_t *)(tp->data+css+4), len);
359 if (tp->sum_needed & E1000_TXD_POPTS_TXSM) {
360 // add pseudo-header length before checksum calculation
361 sp = (uint16_t *)(tp->data + tp->tucso);
362 cpu_to_be16wu(sp, be16_to_cpup(sp) + len);
367 if (tp->sum_needed & E1000_TXD_POPTS_TXSM)
368 putsum(tp->data, tp->size, tp->tucso, tp->tucss, tp->tucse);
369 if (tp->sum_needed & E1000_TXD_POPTS_IXSM)
370 putsum(tp->data, tp->size, tp->ipcso, tp->ipcss, tp->ipcse);
371 if (tp->vlan_needed) {
372 memmove(tp->vlan, tp->data, 12);
373 memcpy(tp->data + 8, tp->vlan_header, 4);
374 qemu_send_packet(s->vc, tp->vlan, tp->size + 4);
376 qemu_send_packet(s->vc, tp->data, tp->size);
379 n = s->mac_reg[TOTL];
380 if ((s->mac_reg[TOTL] += s->tx.size) < n)
385 process_tx_desc(E1000State *s, struct e1000_tx_desc *dp)
387 uint32_t txd_lower = le32_to_cpu(dp->lower.data);
388 uint32_t dtype = txd_lower & (E1000_TXD_CMD_DEXT | E1000_TXD_DTYP_D);
389 unsigned int split_size = txd_lower & 0xffff, bytes, sz, op;
390 unsigned int msh = 0xfffff, hdr = 0;
392 struct e1000_context_desc *xp = (struct e1000_context_desc *)dp;
393 struct e1000_tx *tp = &s->tx;
395 if (dtype == E1000_TXD_CMD_DEXT) { // context descriptor
396 op = le32_to_cpu(xp->cmd_and_length);
397 tp->ipcss = xp->lower_setup.ip_fields.ipcss;
398 tp->ipcso = xp->lower_setup.ip_fields.ipcso;
399 tp->ipcse = le16_to_cpu(xp->lower_setup.ip_fields.ipcse);
400 tp->tucss = xp->upper_setup.tcp_fields.tucss;
401 tp->tucso = xp->upper_setup.tcp_fields.tucso;
402 tp->tucse = le16_to_cpu(xp->upper_setup.tcp_fields.tucse);
403 tp->paylen = op & 0xfffff;
404 tp->hdr_len = xp->tcp_seg_setup.fields.hdr_len;
405 tp->mss = le16_to_cpu(xp->tcp_seg_setup.fields.mss);
406 tp->ip = (op & E1000_TXD_CMD_IP) ? 1 : 0;
407 tp->tcp = (op & E1000_TXD_CMD_TCP) ? 1 : 0;
408 tp->tse = (op & E1000_TXD_CMD_TSE) ? 1 : 0;
410 if (tp->tucso == 0) { // this is probably wrong
411 DBGOUT(TXSUM, "TCP/UDP: cso 0!\n");
412 tp->tucso = tp->tucss + (tp->tcp ? 16 : 6);
415 } else if (dtype == (E1000_TXD_CMD_DEXT | E1000_TXD_DTYP_D)) {
417 tp->sum_needed = le32_to_cpu(dp->upper.data) >> 8;
418 tp->cptse = ( txd_lower & E1000_TXD_CMD_TSE ) ? 1 : 0;
423 if (vlan_enabled(s) && is_vlan_txd(txd_lower) &&
424 (tp->cptse || txd_lower & E1000_TXD_CMD_EOP)) {
426 cpu_to_be16wu((uint16_t *)(tp->vlan_header),
427 le16_to_cpup((uint16_t *)(s->mac_reg + VET)));
428 cpu_to_be16wu((uint16_t *)(tp->vlan_header + 2),
429 le16_to_cpu(dp->upper.fields.special));
432 addr = le64_to_cpu(dp->buffer_addr);
433 if (tp->tse && tp->cptse) {
438 if (tp->size + bytes > msh)
439 bytes = msh - tp->size;
440 cpu_physical_memory_read(addr, tp->data + tp->size, bytes);
441 if ((sz = tp->size + bytes) >= hdr && tp->size < hdr)
442 memmove(tp->header, tp->data, hdr);
447 memmove(tp->data, tp->header, hdr);
450 } while (split_size -= bytes);
451 } else if (!tp->tse && tp->cptse) {
452 // context descriptor TSE is not set, while data descriptor TSE is set
453 DBGOUT(TXERR, "TCP segmentaion Error\n");
455 cpu_physical_memory_read(addr, tp->data + tp->size, split_size);
456 tp->size += split_size;
459 if (!(txd_lower & E1000_TXD_CMD_EOP))
461 if (!(tp->tse && tp->cptse && tp->size < hdr))
471 txdesc_writeback(target_phys_addr_t base, struct e1000_tx_desc *dp)
473 uint32_t txd_upper, txd_lower = le32_to_cpu(dp->lower.data);
475 if (!(txd_lower & (E1000_TXD_CMD_RS|E1000_TXD_CMD_RPS)))
477 txd_upper = (le32_to_cpu(dp->upper.data) | E1000_TXD_STAT_DD) &
478 ~(E1000_TXD_STAT_EC | E1000_TXD_STAT_LC | E1000_TXD_STAT_TU);
479 dp->upper.data = cpu_to_le32(txd_upper);
480 cpu_physical_memory_write(base + ((char *)&dp->upper - (char *)dp),
481 (void *)&dp->upper, sizeof(dp->upper));
482 return E1000_ICR_TXDW;
486 start_xmit(E1000State *s)
488 target_phys_addr_t base;
489 struct e1000_tx_desc desc;
490 uint32_t tdh_start = s->mac_reg[TDH], cause = E1000_ICS_TXQE;
492 if (!(s->mac_reg[TCTL] & E1000_TCTL_EN)) {
493 DBGOUT(TX, "tx disabled\n");
497 while (s->mac_reg[TDH] != s->mac_reg[TDT]) {
498 base = ((uint64_t)s->mac_reg[TDBAH] << 32) + s->mac_reg[TDBAL] +
499 sizeof(struct e1000_tx_desc) * s->mac_reg[TDH];
500 cpu_physical_memory_read(base, (void *)&desc, sizeof(desc));
502 DBGOUT(TX, "index %d: %p : %x %x\n", s->mac_reg[TDH],
503 (void *)(intptr_t)desc.buffer_addr, desc.lower.data,
506 process_tx_desc(s, &desc);
507 cause |= txdesc_writeback(base, &desc);
509 if (++s->mac_reg[TDH] * sizeof(desc) >= s->mac_reg[TDLEN])
512 * the following could happen only if guest sw assigns
513 * bogus values to TDT/TDLEN.
514 * there's nothing too intelligent we could do about this.
516 if (s->mac_reg[TDH] == tdh_start) {
517 DBGOUT(TXERR, "TDH wraparound @%x, TDT %x, TDLEN %x\n",
518 tdh_start, s->mac_reg[TDT], s->mac_reg[TDLEN]);
522 set_ics(s, 0, cause);
526 receive_filter(E1000State *s, const uint8_t *buf, int size)
528 static uint8_t bcast[] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
529 static int mta_shift[] = {4, 3, 2, 0};
530 uint32_t f, rctl = s->mac_reg[RCTL], ra[2], *rp;
532 if (is_vlan_packet(s, buf) && vlan_rx_filter_enabled(s)) {
533 uint16_t vid = be16_to_cpup((uint16_t *)(buf + 14));
534 uint32_t vfta = le32_to_cpup((uint32_t *)(s->mac_reg + VFTA) +
535 ((vid >> 5) & 0x7f));
536 if ((vfta & (1 << (vid & 0x1f))) == 0)
540 if (rctl & E1000_RCTL_UPE) // promiscuous
543 if ((buf[0] & 1) && (rctl & E1000_RCTL_MPE)) // promiscuous mcast
546 if ((rctl & E1000_RCTL_BAM) && !memcmp(buf, bcast, sizeof bcast))
549 for (rp = s->mac_reg + RA; rp < s->mac_reg + RA + 32; rp += 2) {
550 if (!(rp[1] & E1000_RAH_AV))
552 ra[0] = cpu_to_le32(rp[0]);
553 ra[1] = cpu_to_le32(rp[1]);
554 if (!memcmp(buf, (uint8_t *)ra, 6)) {
556 "unicast match[%d]: %02x:%02x:%02x:%02x:%02x:%02x\n",
557 (int)(rp - s->mac_reg - RA)/2,
558 buf[0], buf[1], buf[2], buf[3], buf[4], buf[5]);
562 DBGOUT(RXFILTER, "unicast mismatch: %02x:%02x:%02x:%02x:%02x:%02x\n",
563 buf[0], buf[1], buf[2], buf[3], buf[4], buf[5]);
565 f = mta_shift[(rctl >> E1000_RCTL_MO_SHIFT) & 3];
566 f = (((buf[5] << 8) | buf[4]) >> f) & 0xfff;
567 if (s->mac_reg[MTA + (f >> 5)] & (1 << (f & 0x1f)))
570 "dropping, inexact filter mismatch: %02x:%02x:%02x:%02x:%02x:%02x MO %d MTA[%d] %x\n",
571 buf[0], buf[1], buf[2], buf[3], buf[4], buf[5],
572 (rctl >> E1000_RCTL_MO_SHIFT) & 3, f >> 5,
573 s->mac_reg[MTA + (f >> 5)]);
579 e1000_set_link_status(VLANClientState *vc)
581 E1000State *s = vc->opaque;
582 uint32_t old_status = s->mac_reg[STATUS];
585 s->mac_reg[STATUS] &= ~E1000_STATUS_LU;
587 s->mac_reg[STATUS] |= E1000_STATUS_LU;
589 if (s->mac_reg[STATUS] != old_status)
590 set_ics(s, 0, E1000_ICR_LSC);
594 e1000_can_receive(VLANClientState *vc)
596 E1000State *s = vc->opaque;
598 return (s->mac_reg[RCTL] & E1000_RCTL_EN);
602 e1000_receive(VLANClientState *vc, const uint8_t *buf, size_t size)
604 E1000State *s = vc->opaque;
605 struct e1000_rx_desc desc;
606 target_phys_addr_t base;
609 uint16_t vlan_special = 0;
610 uint8_t vlan_status = 0, vlan_offset = 0;
612 if (!(s->mac_reg[RCTL] & E1000_RCTL_EN))
615 if (size > s->rxbuf_size) {
616 DBGOUT(RX, "packet too large for buffers (%lu > %d)\n",
617 (unsigned long)size, s->rxbuf_size);
621 if (!receive_filter(s, buf, size))
624 if (vlan_enabled(s) && is_vlan_packet(s, buf)) {
625 vlan_special = cpu_to_le16(be16_to_cpup((uint16_t *)(buf + 14)));
626 memmove((void *)(buf + 4), buf, 12);
627 vlan_status = E1000_RXD_STAT_VP;
632 rdh_start = s->mac_reg[RDH];
633 size += 4; // for the header
635 if (s->mac_reg[RDH] == s->mac_reg[RDT] && s->check_rxov) {
636 set_ics(s, 0, E1000_ICS_RXO);
639 base = ((uint64_t)s->mac_reg[RDBAH] << 32) + s->mac_reg[RDBAL] +
640 sizeof(desc) * s->mac_reg[RDH];
641 cpu_physical_memory_read(base, (void *)&desc, sizeof(desc));
642 desc.special = vlan_special;
643 desc.status |= (vlan_status | E1000_RXD_STAT_DD);
644 if (desc.buffer_addr) {
645 cpu_physical_memory_write(le64_to_cpu(desc.buffer_addr),
646 (void *)(buf + vlan_offset), size);
647 desc.length = cpu_to_le16(size);
648 desc.status |= E1000_RXD_STAT_EOP|E1000_RXD_STAT_IXSM;
649 } else // as per intel docs; skip descriptors with null buf addr
650 DBGOUT(RX, "Null RX descriptor!!\n");
651 cpu_physical_memory_write(base, (void *)&desc, sizeof(desc));
653 if (++s->mac_reg[RDH] * sizeof(desc) >= s->mac_reg[RDLEN])
656 /* see comment in start_xmit; same here */
657 if (s->mac_reg[RDH] == rdh_start) {
658 DBGOUT(RXERR, "RDH wraparound @%x, RDT %x, RDLEN %x\n",
659 rdh_start, s->mac_reg[RDT], s->mac_reg[RDLEN]);
660 set_ics(s, 0, E1000_ICS_RXO);
663 } while (desc.buffer_addr == 0);
667 n = s->mac_reg[TORL];
668 if ((s->mac_reg[TORL] += size) < n)
672 if ((rdt = s->mac_reg[RDT]) < s->mac_reg[RDH])
673 rdt += s->mac_reg[RDLEN] / sizeof(desc);
674 if (((rdt - s->mac_reg[RDH]) * sizeof(desc)) <= s->mac_reg[RDLEN] >>
676 n |= E1000_ICS_RXDMT0;
684 mac_readreg(E1000State *s, int index)
686 return s->mac_reg[index];
690 mac_icr_read(E1000State *s, int index)
692 uint32_t ret = s->mac_reg[ICR];
694 DBGOUT(INTERRUPT, "ICR read: %x\n", ret);
695 set_interrupt_cause(s, 0, 0);
700 mac_read_clr4(E1000State *s, int index)
702 uint32_t ret = s->mac_reg[index];
704 s->mac_reg[index] = 0;
709 mac_read_clr8(E1000State *s, int index)
711 uint32_t ret = s->mac_reg[index];
713 s->mac_reg[index] = 0;
714 s->mac_reg[index-1] = 0;
719 mac_writereg(E1000State *s, int index, uint32_t val)
721 s->mac_reg[index] = val;
725 set_rdt(E1000State *s, int index, uint32_t val)
728 s->mac_reg[index] = val & 0xffff;
732 set_16bit(E1000State *s, int index, uint32_t val)
734 s->mac_reg[index] = val & 0xffff;
738 set_dlen(E1000State *s, int index, uint32_t val)
740 s->mac_reg[index] = val & 0xfff80;
744 set_tctl(E1000State *s, int index, uint32_t val)
746 s->mac_reg[index] = val;
747 s->mac_reg[TDT] &= 0xffff;
752 set_icr(E1000State *s, int index, uint32_t val)
754 DBGOUT(INTERRUPT, "set_icr %x\n", val);
755 set_interrupt_cause(s, 0, s->mac_reg[ICR] & ~val);
759 set_imc(E1000State *s, int index, uint32_t val)
761 s->mac_reg[IMS] &= ~val;
766 set_ims(E1000State *s, int index, uint32_t val)
768 s->mac_reg[IMS] |= val;
772 #define getreg(x) [x] = mac_readreg
773 static uint32_t (*macreg_readops[])(E1000State *, int) = {
774 getreg(PBA), getreg(RCTL), getreg(TDH), getreg(TXDCTL),
775 getreg(WUFC), getreg(TDT), getreg(CTRL), getreg(LEDCTL),
776 getreg(MANC), getreg(MDIC), getreg(SWSM), getreg(STATUS),
777 getreg(TORL), getreg(TOTL), getreg(IMS), getreg(TCTL),
778 getreg(RDH), getreg(RDT), getreg(VET),
780 [TOTH] = mac_read_clr8, [TORH] = mac_read_clr8, [GPRC] = mac_read_clr4,
781 [GPTC] = mac_read_clr4, [TPR] = mac_read_clr4, [TPT] = mac_read_clr4,
782 [ICR] = mac_icr_read, [EECD] = get_eecd, [EERD] = flash_eerd_read,
783 [CRCERRS ... MPC] = &mac_readreg,
784 [RA ... RA+31] = &mac_readreg,
785 [MTA ... MTA+127] = &mac_readreg,
786 [VFTA ... VFTA+127] = &mac_readreg,
788 enum { NREADOPS = ARRAY_SIZE(macreg_readops) };
790 #define putreg(x) [x] = mac_writereg
791 static void (*macreg_writeops[])(E1000State *, int, uint32_t) = {
792 putreg(PBA), putreg(EERD), putreg(SWSM), putreg(WUFC),
793 putreg(TDBAL), putreg(TDBAH), putreg(TXDCTL), putreg(RDBAH),
794 putreg(RDBAL), putreg(LEDCTL), putreg(VET),
795 [TDLEN] = set_dlen, [RDLEN] = set_dlen, [TCTL] = set_tctl,
796 [TDT] = set_tctl, [MDIC] = set_mdic, [ICS] = set_ics,
797 [TDH] = set_16bit, [RDH] = set_16bit, [RDT] = set_rdt,
798 [IMC] = set_imc, [IMS] = set_ims, [ICR] = set_icr,
799 [EECD] = set_eecd, [RCTL] = set_rx_control, [CTRL] = set_ctrl,
800 [RA ... RA+31] = &mac_writereg,
801 [MTA ... MTA+127] = &mac_writereg,
802 [VFTA ... VFTA+127] = &mac_writereg,
804 enum { NWRITEOPS = ARRAY_SIZE(macreg_writeops) };
807 e1000_mmio_writel(void *opaque, target_phys_addr_t addr, uint32_t val)
809 E1000State *s = opaque;
810 unsigned int index = (addr & 0x1ffff) >> 2;
812 #ifdef TARGET_WORDS_BIGENDIAN
815 if (index < NWRITEOPS && macreg_writeops[index])
816 macreg_writeops[index](s, index, val);
817 else if (index < NREADOPS && macreg_readops[index])
818 DBGOUT(MMIO, "e1000_mmio_writel RO %x: 0x%04x\n", index<<2, val);
820 DBGOUT(UNKNOWN, "MMIO unknown write addr=0x%08x,val=0x%08x\n",
825 e1000_mmio_writew(void *opaque, target_phys_addr_t addr, uint32_t val)
827 // emulate hw without byte enables: no RMW
828 e1000_mmio_writel(opaque, addr & ~3,
829 (val & 0xffff) << (8*(addr & 3)));
833 e1000_mmio_writeb(void *opaque, target_phys_addr_t addr, uint32_t val)
835 // emulate hw without byte enables: no RMW
836 e1000_mmio_writel(opaque, addr & ~3,
837 (val & 0xff) << (8*(addr & 3)));
841 e1000_mmio_readl(void *opaque, target_phys_addr_t addr)
843 E1000State *s = opaque;
844 unsigned int index = (addr & 0x1ffff) >> 2;
846 if (index < NREADOPS && macreg_readops[index])
848 uint32_t val = macreg_readops[index](s, index);
849 #ifdef TARGET_WORDS_BIGENDIAN
854 DBGOUT(UNKNOWN, "MMIO unknown read addr=0x%08x\n", index<<2);
859 e1000_mmio_readb(void *opaque, target_phys_addr_t addr)
861 return ((e1000_mmio_readl(opaque, addr & ~3)) >>
862 (8 * (addr & 3))) & 0xff;
866 e1000_mmio_readw(void *opaque, target_phys_addr_t addr)
868 return ((e1000_mmio_readl(opaque, addr & ~3)) >>
869 (8 * (addr & 3))) & 0xffff;
872 static const int mac_regtosave[] = {
873 CTRL, EECD, EERD, GPRC, GPTC, ICR, ICS, IMC, IMS,
874 LEDCTL, MANC, MDIC, MPC, PBA, RCTL, RDBAH, RDBAL, RDH,
875 RDLEN, RDT, STATUS, SWSM, TCTL, TDBAH, TDBAL, TDH, TDLEN,
876 TDT, TORH, TORL, TOTH, TOTL, TPR, TPT, TXDCTL, WUFC,
879 enum { MAC_NSAVE = ARRAY_SIZE(mac_regtosave) };
881 static const struct {
884 } mac_regarraystosave[] = { {32, RA}, {128, MTA}, {128, VFTA} };
885 enum { MAC_NARRAYS = ARRAY_SIZE(mac_regarraystosave) };
888 nic_save(QEMUFile *f, void *opaque)
890 E1000State *s = (E1000State *)opaque;
893 pci_device_save(&s->dev, f);
895 qemu_put_be32s(f, &s->rxbuf_size);
896 qemu_put_be32s(f, &s->rxbuf_min_shift);
897 qemu_put_be32s(f, &s->eecd_state.val_in);
898 qemu_put_be16s(f, &s->eecd_state.bitnum_in);
899 qemu_put_be16s(f, &s->eecd_state.bitnum_out);
900 qemu_put_be16s(f, &s->eecd_state.reading);
901 qemu_put_be32s(f, &s->eecd_state.old_eecd);
902 qemu_put_8s(f, &s->tx.ipcss);
903 qemu_put_8s(f, &s->tx.ipcso);
904 qemu_put_be16s(f, &s->tx.ipcse);
905 qemu_put_8s(f, &s->tx.tucss);
906 qemu_put_8s(f, &s->tx.tucso);
907 qemu_put_be16s(f, &s->tx.tucse);
908 qemu_put_be32s(f, &s->tx.paylen);
909 qemu_put_8s(f, &s->tx.hdr_len);
910 qemu_put_be16s(f, &s->tx.mss);
911 qemu_put_be16s(f, &s->tx.size);
912 qemu_put_be16s(f, &s->tx.tso_frames);
913 qemu_put_8s(f, &s->tx.sum_needed);
914 qemu_put_s8s(f, &s->tx.ip);
915 qemu_put_s8s(f, &s->tx.tcp);
916 qemu_put_buffer(f, s->tx.header, sizeof s->tx.header);
917 qemu_put_buffer(f, s->tx.data, sizeof s->tx.data);
918 for (i = 0; i < 64; i++)
919 qemu_put_be16s(f, s->eeprom_data + i);
920 for (i = 0; i < 0x20; i++)
921 qemu_put_be16s(f, s->phy_reg + i);
922 for (i = 0; i < MAC_NSAVE; i++)
923 qemu_put_be32s(f, s->mac_reg + mac_regtosave[i]);
924 for (i = 0; i < MAC_NARRAYS; i++)
925 for (j = 0; j < mac_regarraystosave[i].size; j++)
927 s->mac_reg + mac_regarraystosave[i].array0 + j);
931 nic_load(QEMUFile *f, void *opaque, int version_id)
933 E1000State *s = (E1000State *)opaque;
936 if ((ret = pci_device_load(&s->dev, f)) < 0)
939 qemu_get_sbe32s(f, &i); /* once some unused instance id */
940 qemu_get_be32(f); /* Ignored. Was mmio_base. */
941 qemu_get_be32s(f, &s->rxbuf_size);
942 qemu_get_be32s(f, &s->rxbuf_min_shift);
943 qemu_get_be32s(f, &s->eecd_state.val_in);
944 qemu_get_be16s(f, &s->eecd_state.bitnum_in);
945 qemu_get_be16s(f, &s->eecd_state.bitnum_out);
946 qemu_get_be16s(f, &s->eecd_state.reading);
947 qemu_get_be32s(f, &s->eecd_state.old_eecd);
948 qemu_get_8s(f, &s->tx.ipcss);
949 qemu_get_8s(f, &s->tx.ipcso);
950 qemu_get_be16s(f, &s->tx.ipcse);
951 qemu_get_8s(f, &s->tx.tucss);
952 qemu_get_8s(f, &s->tx.tucso);
953 qemu_get_be16s(f, &s->tx.tucse);
954 qemu_get_be32s(f, &s->tx.paylen);
955 qemu_get_8s(f, &s->tx.hdr_len);
956 qemu_get_be16s(f, &s->tx.mss);
957 qemu_get_be16s(f, &s->tx.size);
958 qemu_get_be16s(f, &s->tx.tso_frames);
959 qemu_get_8s(f, &s->tx.sum_needed);
960 qemu_get_s8s(f, &s->tx.ip);
961 qemu_get_s8s(f, &s->tx.tcp);
962 qemu_get_buffer(f, s->tx.header, sizeof s->tx.header);
963 qemu_get_buffer(f, s->tx.data, sizeof s->tx.data);
964 for (i = 0; i < 64; i++)
965 qemu_get_be16s(f, s->eeprom_data + i);
966 for (i = 0; i < 0x20; i++)
967 qemu_get_be16s(f, s->phy_reg + i);
968 for (i = 0; i < MAC_NSAVE; i++)
969 qemu_get_be32s(f, s->mac_reg + mac_regtosave[i]);
970 for (i = 0; i < MAC_NARRAYS; i++)
971 for (j = 0; j < mac_regarraystosave[i].size; j++)
973 s->mac_reg + mac_regarraystosave[i].array0 + j);
977 static const uint16_t e1000_eeprom_template[64] = {
978 0x0000, 0x0000, 0x0000, 0x0000, 0xffff, 0x0000, 0x0000, 0x0000,
979 0x3000, 0x1000, 0x6403, E1000_DEVID, 0x8086, E1000_DEVID, 0x8086, 0x3040,
980 0x0008, 0x2000, 0x7e14, 0x0048, 0x1000, 0x00d8, 0x0000, 0x2700,
981 0x6cc9, 0x3150, 0x0722, 0x040b, 0x0984, 0x0000, 0xc000, 0x0706,
982 0x1008, 0x0000, 0x0f04, 0x7fff, 0x4d01, 0xffff, 0xffff, 0xffff,
983 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
984 0x0100, 0x4000, 0x121c, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
985 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0x0000,
988 static const uint16_t phy_reg_init[] = {
989 [PHY_CTRL] = 0x1140, [PHY_STATUS] = 0x796d, // link initially up
990 [PHY_ID1] = 0x141, [PHY_ID2] = PHY_ID2_INIT,
991 [PHY_1000T_CTRL] = 0x0e00, [M88E1000_PHY_SPEC_CTRL] = 0x360,
992 [M88E1000_EXT_PHY_SPEC_CTRL] = 0x0d60, [PHY_AUTONEG_ADV] = 0xde1,
993 [PHY_LP_ABILITY] = 0x1e0, [PHY_1000T_STATUS] = 0x3c00,
994 [M88E1000_PHY_SPEC_STATUS] = 0xac00,
997 static const uint32_t mac_reg_init[] = {
1000 [CTRL] = E1000_CTRL_SWDPIN2 | E1000_CTRL_SWDPIN0 |
1001 E1000_CTRL_SPD_1000 | E1000_CTRL_SLU,
1002 [STATUS] = 0x80000000 | E1000_STATUS_GIO_MASTER_ENABLE |
1003 E1000_STATUS_ASDV | E1000_STATUS_MTXCKOK |
1004 E1000_STATUS_SPEED_1000 | E1000_STATUS_FD |
1006 [MANC] = E1000_MANC_EN_MNG2HOST | E1000_MANC_RCV_TCO_EN |
1007 E1000_MANC_ARP_EN | E1000_MANC_0298_EN |
1013 static CPUWriteMemoryFunc *e1000_mmio_write[] = {
1014 e1000_mmio_writeb, e1000_mmio_writew, e1000_mmio_writel
1017 static CPUReadMemoryFunc *e1000_mmio_read[] = {
1018 e1000_mmio_readb, e1000_mmio_readw, e1000_mmio_readl
1022 e1000_mmio_map(PCIDevice *pci_dev, int region_num,
1023 uint32_t addr, uint32_t size, int type)
1025 E1000State *d = (E1000State *)pci_dev;
1027 const uint32_t excluded_regs[] = {
1028 E1000_MDIC, E1000_ICR, E1000_ICS, E1000_IMS,
1029 E1000_IMC, E1000_TCTL, E1000_TDT, PNPMMIO_SIZE
1033 DBGOUT(MMIO, "e1000_mmio_map addr=0x%08x 0x%08x\n", addr, size);
1035 cpu_register_physical_memory(addr, PNPMMIO_SIZE, d->mmio_index);
1036 qemu_register_coalesced_mmio(addr, excluded_regs[0]);
1038 for (i = 0; excluded_regs[i] != PNPMMIO_SIZE; i++)
1039 qemu_register_coalesced_mmio(addr + excluded_regs[i] + 4,
1040 excluded_regs[i + 1] -
1041 excluded_regs[i] - 4);
1045 e1000_cleanup(VLANClientState *vc)
1047 E1000State *d = vc->opaque;
1049 unregister_savevm("e1000", d);
1053 pci_e1000_uninit(PCIDevice *dev)
1055 E1000State *d = (E1000State *) dev;
1057 cpu_unregister_io_memory(d->mmio_index);
1062 static void e1000_reset(void *opaque)
1064 E1000State *d = opaque;
1066 memset(d->phy_reg, 0, sizeof d->phy_reg);
1067 memmove(d->phy_reg, phy_reg_init, sizeof phy_reg_init);
1068 memset(d->mac_reg, 0, sizeof d->mac_reg);
1069 memmove(d->mac_reg, mac_reg_init, sizeof mac_reg_init);
1070 d->rxbuf_min_shift = 1;
1071 memset(&d->tx, 0, sizeof d->tx);
1074 static void pci_e1000_init(PCIDevice *pci_dev)
1076 E1000State *d = (E1000State *)pci_dev;
1078 uint16_t checksum = 0;
1079 static const char info_str[] = "e1000";
1083 pci_conf = d->dev.config;
1085 pci_config_set_vendor_id(pci_conf, PCI_VENDOR_ID_INTEL);
1086 pci_config_set_device_id(pci_conf, E1000_DEVID);
1087 *(uint16_t *)(pci_conf+0x04) = cpu_to_le16(0x0407);
1088 *(uint16_t *)(pci_conf+0x06) = cpu_to_le16(0x0010);
1089 pci_conf[0x08] = 0x03;
1090 pci_config_set_class(pci_conf, PCI_CLASS_NETWORK_ETHERNET);
1091 pci_conf[0x0c] = 0x10;
1093 pci_conf[0x3d] = 1; // interrupt pin 0
1095 d->mmio_index = cpu_register_io_memory(e1000_mmio_read,
1096 e1000_mmio_write, d);
1098 pci_register_bar((PCIDevice *)d, 0, PNPMMIO_SIZE,
1099 PCI_ADDRESS_SPACE_MEM, e1000_mmio_map);
1101 pci_register_bar((PCIDevice *)d, 1, IOPORT_SIZE,
1102 PCI_ADDRESS_SPACE_IO, ioport_map);
1104 memmove(d->eeprom_data, e1000_eeprom_template,
1105 sizeof e1000_eeprom_template);
1106 qdev_get_macaddr(&d->dev.qdev, macaddr);
1107 for (i = 0; i < 3; i++)
1108 d->eeprom_data[i] = (macaddr[2*i+1]<<8) | macaddr[2*i];
1109 for (i = 0; i < EEPROM_CHECKSUM_REG; i++)
1110 checksum += d->eeprom_data[i];
1111 checksum = (uint16_t) EEPROM_SUM - checksum;
1112 d->eeprom_data[EEPROM_CHECKSUM_REG] = checksum;
1114 d->vc = qdev_get_vlan_client(&d->dev.qdev,
1115 e1000_can_receive, e1000_receive,
1116 NULL, e1000_cleanup, d);
1117 d->vc->link_status_changed = e1000_set_link_status;
1119 qemu_format_nic_info_str(d->vc, macaddr);
1121 register_savevm(info_str, -1, 2, nic_save, nic_load, d);
1122 d->dev.unregister = pci_e1000_uninit;
1123 qemu_register_reset(e1000_reset, d);
1127 static PCIDeviceInfo e1000_info = {
1128 .qdev.name = "e1000",
1129 .qdev.size = sizeof(E1000State),
1130 .init = pci_e1000_init,
1133 static void e1000_register_devices(void)
1135 pci_qdev_register(&e1000_info);
1138 device_init(e1000_register_devices)
projects / sdk / emulator / qemu.git / blob