4 * Software developer's manual:
5 * http://download.intel.com/design/network/manuals/8254x_GBe_SDM.pdf
7 * Nir Peleg, Tutis Systems Ltd. for Qumranet Inc.
8 * Copyright (c) 2008 Qumranet
9 * Based on work done by:
10 * Copyright (c) 2007 Dan Aloni
11 * Copyright (c) 2004 Antony T Curtis
13 * This library is free software; you can redistribute it and/or
14 * modify it under the terms of the GNU Lesser General Public
15 * License as published by the Free Software Foundation; either
16 * version 2 of the License, or (at your option) any later version.
18 * This library is distributed in the hope that it will be useful,
19 * but WITHOUT ANY WARRANTY; without even the implied warranty of
20 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
21 * Lesser General Public License for more details.
23 * You should have received a copy of the GNU Lesser General Public
24 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
31 #include "net/checksum.h"
41 DEBUG_GENERAL, DEBUG_IO, DEBUG_MMIO, DEBUG_INTERRUPT,
42 DEBUG_RX, DEBUG_TX, DEBUG_MDIC, DEBUG_EEPROM,
43 DEBUG_UNKNOWN, DEBUG_TXSUM, DEBUG_TXERR, DEBUG_RXERR,
44 DEBUG_RXFILTER, DEBUG_NOTYET,
46 #define DBGBIT(x) (1<<DEBUG_##x)
47 static int debugflags = DBGBIT(TXERR) | DBGBIT(GENERAL);
49 #define DBGOUT(what, fmt, ...) do { \
50 if (debugflags & DBGBIT(what)) \
51 fprintf(stderr, "e1000: " fmt, ## __VA_ARGS__); \
54 #define DBGOUT(what, fmt, ...) do {} while (0)
57 #define IOPORT_SIZE 0x40
58 #define PNPMMIO_SIZE 0x20000
59 #define MIN_BUF_SIZE 60 /* Min. octets in an ethernet frame sans FCS */
63 * E1000_DEV_ID_82540EM works with Windows and Linux
64 * E1000_DEV_ID_82573L OK with windoze and Linux 2.6.22,
65 * appears to perform better than 82540EM, but breaks with Linux 2.6.18
66 * E1000_DEV_ID_82544GC_COPPER appears to work; not well tested
69 enum { E1000_DEVID = E1000_DEV_ID_82540EM };
72 * May need to specify additional MAC-to-PHY entries --
73 * Intel's Windows driver refuses to initialize unless they match
76 PHY_ID2_INIT = E1000_DEVID == E1000_DEV_ID_82573L ? 0xcc2 :
77 E1000_DEVID == E1000_DEV_ID_82544GC_COPPER ? 0xc30 :
78 /* default to E1000_DEV_ID_82540EM */ 0xc20
81 typedef struct E1000State_st {
87 uint32_t mac_reg[0x8000];
88 uint16_t phy_reg[0x20];
89 uint16_t eeprom_data[64];
92 uint32_t rxbuf_min_shift;
95 unsigned char header[256];
96 unsigned char vlan_header[4];
97 /* Fields vlan and data must not be reordered or separated. */
98 unsigned char vlan[4];
99 unsigned char data[0x10000];
101 unsigned char sum_needed;
102 unsigned char vlan_needed;
116 char cptse; // current packet tse bit
120 uint32_t val_in; // shifted in from guest driver
128 #define defreg(x) x = (E1000_##x>>2)
130 defreg(CTRL), defreg(EECD), defreg(EERD), defreg(GPRC),
131 defreg(GPTC), defreg(ICR), defreg(ICS), defreg(IMC),
132 defreg(IMS), defreg(LEDCTL), defreg(MANC), defreg(MDIC),
133 defreg(MPC), defreg(PBA), defreg(RCTL), defreg(RDBAH),
134 defreg(RDBAL), defreg(RDH), defreg(RDLEN), defreg(RDT),
135 defreg(STATUS), defreg(SWSM), defreg(TCTL), defreg(TDBAH),
136 defreg(TDBAL), defreg(TDH), defreg(TDLEN), defreg(TDT),
137 defreg(TORH), defreg(TORL), defreg(TOTH), defreg(TOTL),
138 defreg(TPR), defreg(TPT), defreg(TXDCTL), defreg(WUFC),
139 defreg(RA), defreg(MTA), defreg(CRCERRS),defreg(VFTA),
143 enum { PHY_R = 1, PHY_W = 2, PHY_RW = PHY_R | PHY_W };
144 static const char phy_regcap[0x20] = {
145 [PHY_STATUS] = PHY_R, [M88E1000_EXT_PHY_SPEC_CTRL] = PHY_RW,
146 [PHY_ID1] = PHY_R, [M88E1000_PHY_SPEC_CTRL] = PHY_RW,
147 [PHY_CTRL] = PHY_RW, [PHY_1000T_CTRL] = PHY_RW,
148 [PHY_LP_ABILITY] = PHY_R, [PHY_1000T_STATUS] = PHY_R,
149 [PHY_AUTONEG_ADV] = PHY_RW, [M88E1000_RX_ERR_CNTR] = PHY_R,
150 [PHY_ID2] = PHY_R, [M88E1000_PHY_SPEC_STATUS] = PHY_R
154 ioport_map(PCIDevice *pci_dev, int region_num, pcibus_t addr,
155 pcibus_t size, int type)
157 DBGOUT(IO, "e1000_ioport_map addr=0x%04"FMT_PCIBUS
158 " size=0x%08"FMT_PCIBUS"\n", addr, size);
162 set_interrupt_cause(E1000State *s, int index, uint32_t val)
165 val |= E1000_ICR_INT_ASSERTED;
166 s->mac_reg[ICR] = val;
167 s->mac_reg[ICS] = val;
168 qemu_set_irq(s->dev.irq[0], (s->mac_reg[IMS] & s->mac_reg[ICR]) != 0);
172 set_ics(E1000State *s, int index, uint32_t val)
174 DBGOUT(INTERRUPT, "set_ics %x, ICR %x, IMR %x\n", val, s->mac_reg[ICR],
176 set_interrupt_cause(s, 0, val | s->mac_reg[ICR]);
180 rxbufsize(uint32_t v)
182 v &= E1000_RCTL_BSEX | E1000_RCTL_SZ_16384 | E1000_RCTL_SZ_8192 |
183 E1000_RCTL_SZ_4096 | E1000_RCTL_SZ_2048 | E1000_RCTL_SZ_1024 |
184 E1000_RCTL_SZ_512 | E1000_RCTL_SZ_256;
186 case E1000_RCTL_BSEX | E1000_RCTL_SZ_16384:
188 case E1000_RCTL_BSEX | E1000_RCTL_SZ_8192:
190 case E1000_RCTL_BSEX | E1000_RCTL_SZ_4096:
192 case E1000_RCTL_SZ_1024:
194 case E1000_RCTL_SZ_512:
196 case E1000_RCTL_SZ_256:
203 set_ctrl(E1000State *s, int index, uint32_t val)
205 /* RST is self clearing */
206 s->mac_reg[CTRL] = val & ~E1000_CTRL_RST;
210 set_rx_control(E1000State *s, int index, uint32_t val)
212 s->mac_reg[RCTL] = val;
213 s->rxbuf_size = rxbufsize(val);
214 s->rxbuf_min_shift = ((val / E1000_RCTL_RDMTS_QUAT) & 3) + 1;
215 DBGOUT(RX, "RCTL: %d, mac_reg[RCTL] = 0x%x\n", s->mac_reg[RDT],
220 set_mdic(E1000State *s, int index, uint32_t val)
222 uint32_t data = val & E1000_MDIC_DATA_MASK;
223 uint32_t addr = ((val & E1000_MDIC_REG_MASK) >> E1000_MDIC_REG_SHIFT);
225 if ((val & E1000_MDIC_PHY_MASK) >> E1000_MDIC_PHY_SHIFT != 1) // phy #
226 val = s->mac_reg[MDIC] | E1000_MDIC_ERROR;
227 else if (val & E1000_MDIC_OP_READ) {
228 DBGOUT(MDIC, "MDIC read reg 0x%x\n", addr);
229 if (!(phy_regcap[addr] & PHY_R)) {
230 DBGOUT(MDIC, "MDIC read reg %x unhandled\n", addr);
231 val |= E1000_MDIC_ERROR;
233 val = (val ^ data) | s->phy_reg[addr];
234 } else if (val & E1000_MDIC_OP_WRITE) {
235 DBGOUT(MDIC, "MDIC write reg 0x%x, value 0x%x\n", addr, data);
236 if (!(phy_regcap[addr] & PHY_W)) {
237 DBGOUT(MDIC, "MDIC write reg %x unhandled\n", addr);
238 val |= E1000_MDIC_ERROR;
240 s->phy_reg[addr] = data;
242 s->mac_reg[MDIC] = val | E1000_MDIC_READY;
243 set_ics(s, 0, E1000_ICR_MDAC);
247 get_eecd(E1000State *s, int index)
249 uint32_t ret = E1000_EECD_PRES|E1000_EECD_GNT | s->eecd_state.old_eecd;
251 DBGOUT(EEPROM, "reading eeprom bit %d (reading %d)\n",
252 s->eecd_state.bitnum_out, s->eecd_state.reading);
253 if (!s->eecd_state.reading ||
254 ((s->eeprom_data[(s->eecd_state.bitnum_out >> 4) & 0x3f] >>
255 ((s->eecd_state.bitnum_out & 0xf) ^ 0xf))) & 1)
256 ret |= E1000_EECD_DO;
261 set_eecd(E1000State *s, int index, uint32_t val)
263 uint32_t oldval = s->eecd_state.old_eecd;
265 s->eecd_state.old_eecd = val & (E1000_EECD_SK | E1000_EECD_CS |
266 E1000_EECD_DI|E1000_EECD_FWE_MASK|E1000_EECD_REQ);
267 if (!(E1000_EECD_CS & val)) // CS inactive; nothing to do
269 if (E1000_EECD_CS & (val ^ oldval)) { // CS rise edge; reset state
270 s->eecd_state.val_in = 0;
271 s->eecd_state.bitnum_in = 0;
272 s->eecd_state.bitnum_out = 0;
273 s->eecd_state.reading = 0;
275 if (!(E1000_EECD_SK & (val ^ oldval))) // no clock edge
277 if (!(E1000_EECD_SK & val)) { // falling edge
278 s->eecd_state.bitnum_out++;
281 s->eecd_state.val_in <<= 1;
282 if (val & E1000_EECD_DI)
283 s->eecd_state.val_in |= 1;
284 if (++s->eecd_state.bitnum_in == 9 && !s->eecd_state.reading) {
285 s->eecd_state.bitnum_out = ((s->eecd_state.val_in & 0x3f)<<4)-1;
286 s->eecd_state.reading = (((s->eecd_state.val_in >> 6) & 7) ==
287 EEPROM_READ_OPCODE_MICROWIRE);
289 DBGOUT(EEPROM, "eeprom bitnum in %d out %d, reading %d\n",
290 s->eecd_state.bitnum_in, s->eecd_state.bitnum_out,
291 s->eecd_state.reading);
295 flash_eerd_read(E1000State *s, int x)
297 unsigned int index, r = s->mac_reg[EERD] & ~E1000_EEPROM_RW_REG_START;
299 if ((s->mac_reg[EERD] & E1000_EEPROM_RW_REG_START) == 0)
300 return (s->mac_reg[EERD]);
302 if ((index = r >> E1000_EEPROM_RW_ADDR_SHIFT) > EEPROM_CHECKSUM_REG)
303 return (E1000_EEPROM_RW_REG_DONE | r);
305 return ((s->eeprom_data[index] << E1000_EEPROM_RW_REG_DATA) |
306 E1000_EEPROM_RW_REG_DONE | r);
310 putsum(uint8_t *data, uint32_t n, uint32_t sloc, uint32_t css, uint32_t cse)
317 sum = net_checksum_add(n-css, data+css);
318 cpu_to_be16wu((uint16_t *)(data + sloc),
319 net_checksum_finish(sum));
324 vlan_enabled(E1000State *s)
326 return ((s->mac_reg[CTRL] & E1000_CTRL_VME) != 0);
330 vlan_rx_filter_enabled(E1000State *s)
332 return ((s->mac_reg[RCTL] & E1000_RCTL_VFE) != 0);
336 is_vlan_packet(E1000State *s, const uint8_t *buf)
338 return (be16_to_cpup((uint16_t *)(buf + 12)) ==
339 le16_to_cpup((uint16_t *)(s->mac_reg + VET)));
343 is_vlan_txd(uint32_t txd_lower)
345 return ((txd_lower & E1000_TXD_CMD_VLE) != 0);
348 /* FCS aka Ethernet CRC-32. We don't get it from backends and can't
349 * fill it in, just pad descriptor length by 4 bytes unless guest
350 * told us to strip it off the packet. */
352 fcs_len(E1000State *s)
354 return (s->mac_reg[RCTL] & E1000_RCTL_SECRC) ? 0 : 4;
358 xmit_seg(E1000State *s)
361 unsigned int frames = s->tx.tso_frames, css, sofar, n;
362 struct e1000_tx *tp = &s->tx;
364 if (tp->tse && tp->cptse) {
366 DBGOUT(TXSUM, "frames %d size %d ipcss %d\n",
367 frames, tp->size, css);
368 if (tp->ip) { // IPv4
369 cpu_to_be16wu((uint16_t *)(tp->data+css+2),
371 cpu_to_be16wu((uint16_t *)(tp->data+css+4),
372 be16_to_cpup((uint16_t *)(tp->data+css+4))+frames);
374 cpu_to_be16wu((uint16_t *)(tp->data+css+4),
377 len = tp->size - css;
378 DBGOUT(TXSUM, "tcp %d tucss %d len %d\n", tp->tcp, css, len);
380 sofar = frames * tp->mss;
381 cpu_to_be32wu((uint32_t *)(tp->data+css+4), // seq
382 be32_to_cpupu((uint32_t *)(tp->data+css+4))+sofar);
383 if (tp->paylen - sofar > tp->mss)
384 tp->data[css + 13] &= ~9; // PSH, FIN
386 cpu_to_be16wu((uint16_t *)(tp->data+css+4), len);
387 if (tp->sum_needed & E1000_TXD_POPTS_TXSM) {
389 // add pseudo-header length before checksum calculation
390 sp = (uint16_t *)(tp->data + tp->tucso);
391 phsum = be16_to_cpup(sp) + len;
392 phsum = (phsum >> 16) + (phsum & 0xffff);
393 cpu_to_be16wu(sp, phsum);
398 if (tp->sum_needed & E1000_TXD_POPTS_TXSM)
399 putsum(tp->data, tp->size, tp->tucso, tp->tucss, tp->tucse);
400 if (tp->sum_needed & E1000_TXD_POPTS_IXSM)
401 putsum(tp->data, tp->size, tp->ipcso, tp->ipcss, tp->ipcse);
402 if (tp->vlan_needed) {
403 memmove(tp->vlan, tp->data, 4);
404 memmove(tp->data, tp->data + 4, 8);
405 memcpy(tp->data + 8, tp->vlan_header, 4);
406 qemu_send_packet(&s->nic->nc, tp->vlan, tp->size + 4);
408 qemu_send_packet(&s->nic->nc, tp->data, tp->size);
411 n = s->mac_reg[TOTL];
412 if ((s->mac_reg[TOTL] += s->tx.size) < n)
417 process_tx_desc(E1000State *s, struct e1000_tx_desc *dp)
419 uint32_t txd_lower = le32_to_cpu(dp->lower.data);
420 uint32_t dtype = txd_lower & (E1000_TXD_CMD_DEXT | E1000_TXD_DTYP_D);
421 unsigned int split_size = txd_lower & 0xffff, bytes, sz, op;
422 unsigned int msh = 0xfffff, hdr = 0;
424 struct e1000_context_desc *xp = (struct e1000_context_desc *)dp;
425 struct e1000_tx *tp = &s->tx;
427 if (dtype == E1000_TXD_CMD_DEXT) { // context descriptor
428 op = le32_to_cpu(xp->cmd_and_length);
429 tp->ipcss = xp->lower_setup.ip_fields.ipcss;
430 tp->ipcso = xp->lower_setup.ip_fields.ipcso;
431 tp->ipcse = le16_to_cpu(xp->lower_setup.ip_fields.ipcse);
432 tp->tucss = xp->upper_setup.tcp_fields.tucss;
433 tp->tucso = xp->upper_setup.tcp_fields.tucso;
434 tp->tucse = le16_to_cpu(xp->upper_setup.tcp_fields.tucse);
435 tp->paylen = op & 0xfffff;
436 tp->hdr_len = xp->tcp_seg_setup.fields.hdr_len;
437 tp->mss = le16_to_cpu(xp->tcp_seg_setup.fields.mss);
438 tp->ip = (op & E1000_TXD_CMD_IP) ? 1 : 0;
439 tp->tcp = (op & E1000_TXD_CMD_TCP) ? 1 : 0;
440 tp->tse = (op & E1000_TXD_CMD_TSE) ? 1 : 0;
442 if (tp->tucso == 0) { // this is probably wrong
443 DBGOUT(TXSUM, "TCP/UDP: cso 0!\n");
444 tp->tucso = tp->tucss + (tp->tcp ? 16 : 6);
447 } else if (dtype == (E1000_TXD_CMD_DEXT | E1000_TXD_DTYP_D)) {
449 tp->sum_needed = le32_to_cpu(dp->upper.data) >> 8;
450 tp->cptse = ( txd_lower & E1000_TXD_CMD_TSE ) ? 1 : 0;
456 if (vlan_enabled(s) && is_vlan_txd(txd_lower) &&
457 (tp->cptse || txd_lower & E1000_TXD_CMD_EOP)) {
459 cpu_to_be16wu((uint16_t *)(tp->vlan_header),
460 le16_to_cpup((uint16_t *)(s->mac_reg + VET)));
461 cpu_to_be16wu((uint16_t *)(tp->vlan_header + 2),
462 le16_to_cpu(dp->upper.fields.special));
465 addr = le64_to_cpu(dp->buffer_addr);
466 if (tp->tse && tp->cptse) {
471 if (tp->size + bytes > msh)
472 bytes = msh - tp->size;
473 cpu_physical_memory_read(addr, tp->data + tp->size, bytes);
474 if ((sz = tp->size + bytes) >= hdr && tp->size < hdr)
475 memmove(tp->header, tp->data, hdr);
480 memmove(tp->data, tp->header, hdr);
483 } while (split_size -= bytes);
484 } else if (!tp->tse && tp->cptse) {
485 // context descriptor TSE is not set, while data descriptor TSE is set
486 DBGOUT(TXERR, "TCP segmentaion Error\n");
488 cpu_physical_memory_read(addr, tp->data + tp->size, split_size);
489 tp->size += split_size;
492 if (!(txd_lower & E1000_TXD_CMD_EOP))
494 if (!(tp->tse && tp->cptse && tp->size < hdr))
504 txdesc_writeback(target_phys_addr_t base, struct e1000_tx_desc *dp)
506 uint32_t txd_upper, txd_lower = le32_to_cpu(dp->lower.data);
508 if (!(txd_lower & (E1000_TXD_CMD_RS|E1000_TXD_CMD_RPS)))
510 txd_upper = (le32_to_cpu(dp->upper.data) | E1000_TXD_STAT_DD) &
511 ~(E1000_TXD_STAT_EC | E1000_TXD_STAT_LC | E1000_TXD_STAT_TU);
512 dp->upper.data = cpu_to_le32(txd_upper);
513 cpu_physical_memory_write(base + ((char *)&dp->upper - (char *)dp),
514 (void *)&dp->upper, sizeof(dp->upper));
515 return E1000_ICR_TXDW;
519 start_xmit(E1000State *s)
521 target_phys_addr_t base;
522 struct e1000_tx_desc desc;
523 uint32_t tdh_start = s->mac_reg[TDH], cause = E1000_ICS_TXQE;
525 if (!(s->mac_reg[TCTL] & E1000_TCTL_EN)) {
526 DBGOUT(TX, "tx disabled\n");
530 while (s->mac_reg[TDH] != s->mac_reg[TDT]) {
531 base = ((uint64_t)s->mac_reg[TDBAH] << 32) + s->mac_reg[TDBAL] +
532 sizeof(struct e1000_tx_desc) * s->mac_reg[TDH];
533 cpu_physical_memory_read(base, (void *)&desc, sizeof(desc));
535 DBGOUT(TX, "index %d: %p : %x %x\n", s->mac_reg[TDH],
536 (void *)(intptr_t)desc.buffer_addr, desc.lower.data,
539 process_tx_desc(s, &desc);
540 cause |= txdesc_writeback(base, &desc);
542 if (++s->mac_reg[TDH] * sizeof(desc) >= s->mac_reg[TDLEN])
545 * the following could happen only if guest sw assigns
546 * bogus values to TDT/TDLEN.
547 * there's nothing too intelligent we could do about this.
549 if (s->mac_reg[TDH] == tdh_start) {
550 DBGOUT(TXERR, "TDH wraparound @%x, TDT %x, TDLEN %x\n",
551 tdh_start, s->mac_reg[TDT], s->mac_reg[TDLEN]);
555 set_ics(s, 0, cause);
559 receive_filter(E1000State *s, const uint8_t *buf, int size)
561 static const uint8_t bcast[] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
562 static const int mta_shift[] = {4, 3, 2, 0};
563 uint32_t f, rctl = s->mac_reg[RCTL], ra[2], *rp;
565 if (is_vlan_packet(s, buf) && vlan_rx_filter_enabled(s)) {
566 uint16_t vid = be16_to_cpup((uint16_t *)(buf + 14));
567 uint32_t vfta = le32_to_cpup((uint32_t *)(s->mac_reg + VFTA) +
568 ((vid >> 5) & 0x7f));
569 if ((vfta & (1 << (vid & 0x1f))) == 0)
573 if (rctl & E1000_RCTL_UPE) // promiscuous
576 if ((buf[0] & 1) && (rctl & E1000_RCTL_MPE)) // promiscuous mcast
579 if ((rctl & E1000_RCTL_BAM) && !memcmp(buf, bcast, sizeof bcast))
582 for (rp = s->mac_reg + RA; rp < s->mac_reg + RA + 32; rp += 2) {
583 if (!(rp[1] & E1000_RAH_AV))
585 ra[0] = cpu_to_le32(rp[0]);
586 ra[1] = cpu_to_le32(rp[1]);
587 if (!memcmp(buf, (uint8_t *)ra, 6)) {
589 "unicast match[%d]: %02x:%02x:%02x:%02x:%02x:%02x\n",
590 (int)(rp - s->mac_reg - RA)/2,
591 buf[0], buf[1], buf[2], buf[3], buf[4], buf[5]);
595 DBGOUT(RXFILTER, "unicast mismatch: %02x:%02x:%02x:%02x:%02x:%02x\n",
596 buf[0], buf[1], buf[2], buf[3], buf[4], buf[5]);
598 f = mta_shift[(rctl >> E1000_RCTL_MO_SHIFT) & 3];
599 f = (((buf[5] << 8) | buf[4]) >> f) & 0xfff;
600 if (s->mac_reg[MTA + (f >> 5)] & (1 << (f & 0x1f)))
603 "dropping, inexact filter mismatch: %02x:%02x:%02x:%02x:%02x:%02x MO %d MTA[%d] %x\n",
604 buf[0], buf[1], buf[2], buf[3], buf[4], buf[5],
605 (rctl >> E1000_RCTL_MO_SHIFT) & 3, f >> 5,
606 s->mac_reg[MTA + (f >> 5)]);
612 e1000_set_link_status(VLANClientState *nc)
614 E1000State *s = DO_UPCAST(NICState, nc, nc)->opaque;
615 uint32_t old_status = s->mac_reg[STATUS];
618 s->mac_reg[STATUS] &= ~E1000_STATUS_LU;
620 s->mac_reg[STATUS] |= E1000_STATUS_LU;
622 if (s->mac_reg[STATUS] != old_status)
623 set_ics(s, 0, E1000_ICR_LSC);
627 e1000_can_receive(VLANClientState *nc)
629 E1000State *s = DO_UPCAST(NICState, nc, nc)->opaque;
631 return (s->mac_reg[RCTL] & E1000_RCTL_EN);
635 e1000_receive(VLANClientState *nc, const uint8_t *buf, size_t size)
637 E1000State *s = DO_UPCAST(NICState, nc, nc)->opaque;
638 struct e1000_rx_desc desc;
639 target_phys_addr_t base;
642 uint16_t vlan_special = 0;
643 uint8_t vlan_status = 0, vlan_offset = 0;
644 uint8_t min_buf[MIN_BUF_SIZE];
649 if (!(s->mac_reg[RCTL] & E1000_RCTL_EN))
652 /* Pad to minimum Ethernet frame length */
653 if (size < sizeof(min_buf)) {
654 memcpy(min_buf, buf, size);
655 memset(&min_buf[size], 0, sizeof(min_buf) - size);
657 size = sizeof(min_buf);
660 if (!receive_filter(s, buf, size))
663 if (vlan_enabled(s) && is_vlan_packet(s, buf)) {
664 vlan_special = cpu_to_le16(be16_to_cpup((uint16_t *)(buf + 14)));
665 memmove((uint8_t *)buf + 4, buf, 12);
666 vlan_status = E1000_RXD_STAT_VP;
671 rdh_start = s->mac_reg[RDH];
673 total_size = size + fcs_len(s);
675 desc_size = total_size - desc_offset;
676 if (desc_size > s->rxbuf_size) {
677 desc_size = s->rxbuf_size;
679 if (s->mac_reg[RDH] == s->mac_reg[RDT] && s->check_rxov) {
680 /* Discard all data written so far */
681 s->mac_reg[RDH] = rdh_start;
682 set_ics(s, 0, E1000_ICS_RXO);
685 base = ((uint64_t)s->mac_reg[RDBAH] << 32) + s->mac_reg[RDBAL] +
686 sizeof(desc) * s->mac_reg[RDH];
687 cpu_physical_memory_read(base, (void *)&desc, sizeof(desc));
688 desc.special = vlan_special;
689 desc.status |= (vlan_status | E1000_RXD_STAT_DD);
690 if (desc.buffer_addr) {
691 if (desc_offset < size) {
692 size_t copy_size = size - desc_offset;
693 if (copy_size > s->rxbuf_size) {
694 copy_size = s->rxbuf_size;
696 cpu_physical_memory_write(le64_to_cpu(desc.buffer_addr),
697 (void *)(buf + desc_offset + vlan_offset),
700 desc_offset += desc_size;
701 desc.length = cpu_to_le16(desc_size);
702 if (desc_offset >= total_size) {
703 desc.status |= E1000_RXD_STAT_EOP | E1000_RXD_STAT_IXSM;
705 /* Guest zeroing out status is not a hardware requirement.
706 Clear EOP in case guest didn't do it. */
707 desc.status &= ~E1000_RXD_STAT_EOP;
709 } else { // as per intel docs; skip descriptors with null buf addr
710 DBGOUT(RX, "Null RX descriptor!!\n");
712 cpu_physical_memory_write(base, (void *)&desc, sizeof(desc));
714 if (++s->mac_reg[RDH] * sizeof(desc) >= s->mac_reg[RDLEN])
717 /* see comment in start_xmit; same here */
718 if (s->mac_reg[RDH] == rdh_start) {
719 DBGOUT(RXERR, "RDH wraparound @%x, RDT %x, RDLEN %x\n",
720 rdh_start, s->mac_reg[RDT], s->mac_reg[RDLEN]);
721 set_ics(s, 0, E1000_ICS_RXO);
724 } while (desc_offset < total_size);
728 /* TOR - Total Octets Received:
729 * This register includes bytes received in a packet from the <Destination
730 * Address> field through the <CRC> field, inclusively.
732 n = s->mac_reg[TORL] + size + /* Always include FCS length. */ 4;
733 if (n < s->mac_reg[TORL])
735 s->mac_reg[TORL] = n;
738 if ((rdt = s->mac_reg[RDT]) < s->mac_reg[RDH])
739 rdt += s->mac_reg[RDLEN] / sizeof(desc);
740 if (((rdt - s->mac_reg[RDH]) * sizeof(desc)) <= s->mac_reg[RDLEN] >>
742 n |= E1000_ICS_RXDMT0;
750 mac_readreg(E1000State *s, int index)
752 return s->mac_reg[index];
756 mac_icr_read(E1000State *s, int index)
758 uint32_t ret = s->mac_reg[ICR];
760 DBGOUT(INTERRUPT, "ICR read: %x\n", ret);
761 set_interrupt_cause(s, 0, 0);
766 mac_read_clr4(E1000State *s, int index)
768 uint32_t ret = s->mac_reg[index];
770 s->mac_reg[index] = 0;
775 mac_read_clr8(E1000State *s, int index)
777 uint32_t ret = s->mac_reg[index];
779 s->mac_reg[index] = 0;
780 s->mac_reg[index-1] = 0;
785 mac_writereg(E1000State *s, int index, uint32_t val)
787 s->mac_reg[index] = val;
791 set_rdt(E1000State *s, int index, uint32_t val)
794 s->mac_reg[index] = val & 0xffff;
798 set_16bit(E1000State *s, int index, uint32_t val)
800 s->mac_reg[index] = val & 0xffff;
804 set_dlen(E1000State *s, int index, uint32_t val)
806 s->mac_reg[index] = val & 0xfff80;
810 set_tctl(E1000State *s, int index, uint32_t val)
812 s->mac_reg[index] = val;
813 s->mac_reg[TDT] &= 0xffff;
818 set_icr(E1000State *s, int index, uint32_t val)
820 DBGOUT(INTERRUPT, "set_icr %x\n", val);
821 set_interrupt_cause(s, 0, s->mac_reg[ICR] & ~val);
825 set_imc(E1000State *s, int index, uint32_t val)
827 s->mac_reg[IMS] &= ~val;
832 set_ims(E1000State *s, int index, uint32_t val)
834 s->mac_reg[IMS] |= val;
838 #define getreg(x) [x] = mac_readreg
839 static uint32_t (*macreg_readops[])(E1000State *, int) = {
840 getreg(PBA), getreg(RCTL), getreg(TDH), getreg(TXDCTL),
841 getreg(WUFC), getreg(TDT), getreg(CTRL), getreg(LEDCTL),
842 getreg(MANC), getreg(MDIC), getreg(SWSM), getreg(STATUS),
843 getreg(TORL), getreg(TOTL), getreg(IMS), getreg(TCTL),
844 getreg(RDH), getreg(RDT), getreg(VET), getreg(ICS),
845 getreg(TDBAL), getreg(TDBAH), getreg(RDBAH), getreg(RDBAL),
846 getreg(TDLEN), getreg(RDLEN),
848 [TOTH] = mac_read_clr8, [TORH] = mac_read_clr8, [GPRC] = mac_read_clr4,
849 [GPTC] = mac_read_clr4, [TPR] = mac_read_clr4, [TPT] = mac_read_clr4,
850 [ICR] = mac_icr_read, [EECD] = get_eecd, [EERD] = flash_eerd_read,
851 [CRCERRS ... MPC] = &mac_readreg,
852 [RA ... RA+31] = &mac_readreg,
853 [MTA ... MTA+127] = &mac_readreg,
854 [VFTA ... VFTA+127] = &mac_readreg,
856 enum { NREADOPS = ARRAY_SIZE(macreg_readops) };
858 #define putreg(x) [x] = mac_writereg
859 static void (*macreg_writeops[])(E1000State *, int, uint32_t) = {
860 putreg(PBA), putreg(EERD), putreg(SWSM), putreg(WUFC),
861 putreg(TDBAL), putreg(TDBAH), putreg(TXDCTL), putreg(RDBAH),
862 putreg(RDBAL), putreg(LEDCTL), putreg(VET),
863 [TDLEN] = set_dlen, [RDLEN] = set_dlen, [TCTL] = set_tctl,
864 [TDT] = set_tctl, [MDIC] = set_mdic, [ICS] = set_ics,
865 [TDH] = set_16bit, [RDH] = set_16bit, [RDT] = set_rdt,
866 [IMC] = set_imc, [IMS] = set_ims, [ICR] = set_icr,
867 [EECD] = set_eecd, [RCTL] = set_rx_control, [CTRL] = set_ctrl,
868 [RA ... RA+31] = &mac_writereg,
869 [MTA ... MTA+127] = &mac_writereg,
870 [VFTA ... VFTA+127] = &mac_writereg,
872 enum { NWRITEOPS = ARRAY_SIZE(macreg_writeops) };
875 e1000_mmio_writel(void *opaque, target_phys_addr_t addr, uint32_t val)
877 E1000State *s = opaque;
878 unsigned int index = (addr & 0x1ffff) >> 2;
880 if (index < NWRITEOPS && macreg_writeops[index]) {
881 macreg_writeops[index](s, index, val);
882 } else if (index < NREADOPS && macreg_readops[index]) {
883 DBGOUT(MMIO, "e1000_mmio_writel RO %x: 0x%04x\n", index<<2, val);
885 DBGOUT(UNKNOWN, "MMIO unknown write addr=0x%08x,val=0x%08x\n",
891 e1000_mmio_writew(void *opaque, target_phys_addr_t addr, uint32_t val)
893 // emulate hw without byte enables: no RMW
894 e1000_mmio_writel(opaque, addr & ~3,
895 (val & 0xffff) << (8*(addr & 3)));
899 e1000_mmio_writeb(void *opaque, target_phys_addr_t addr, uint32_t val)
901 // emulate hw without byte enables: no RMW
902 e1000_mmio_writel(opaque, addr & ~3,
903 (val & 0xff) << (8*(addr & 3)));
907 e1000_mmio_readl(void *opaque, target_phys_addr_t addr)
909 E1000State *s = opaque;
910 unsigned int index = (addr & 0x1ffff) >> 2;
912 if (index < NREADOPS && macreg_readops[index])
914 return macreg_readops[index](s, index);
916 DBGOUT(UNKNOWN, "MMIO unknown read addr=0x%08x\n", index<<2);
921 e1000_mmio_readb(void *opaque, target_phys_addr_t addr)
923 return ((e1000_mmio_readl(opaque, addr & ~3)) >>
924 (8 * (addr & 3))) & 0xff;
928 e1000_mmio_readw(void *opaque, target_phys_addr_t addr)
930 return ((e1000_mmio_readl(opaque, addr & ~3)) >>
931 (8 * (addr & 3))) & 0xffff;
934 static bool is_version_1(void *opaque, int version_id)
936 return version_id == 1;
939 static const VMStateDescription vmstate_e1000 = {
942 .minimum_version_id = 1,
943 .minimum_version_id_old = 1,
944 .fields = (VMStateField []) {
945 VMSTATE_PCI_DEVICE(dev, E1000State),
946 VMSTATE_UNUSED_TEST(is_version_1, 4), /* was instance id */
947 VMSTATE_UNUSED(4), /* Was mmio_base. */
948 VMSTATE_UINT32(rxbuf_size, E1000State),
949 VMSTATE_UINT32(rxbuf_min_shift, E1000State),
950 VMSTATE_UINT32(eecd_state.val_in, E1000State),
951 VMSTATE_UINT16(eecd_state.bitnum_in, E1000State),
952 VMSTATE_UINT16(eecd_state.bitnum_out, E1000State),
953 VMSTATE_UINT16(eecd_state.reading, E1000State),
954 VMSTATE_UINT32(eecd_state.old_eecd, E1000State),
955 VMSTATE_UINT8(tx.ipcss, E1000State),
956 VMSTATE_UINT8(tx.ipcso, E1000State),
957 VMSTATE_UINT16(tx.ipcse, E1000State),
958 VMSTATE_UINT8(tx.tucss, E1000State),
959 VMSTATE_UINT8(tx.tucso, E1000State),
960 VMSTATE_UINT16(tx.tucse, E1000State),
961 VMSTATE_UINT32(tx.paylen, E1000State),
962 VMSTATE_UINT8(tx.hdr_len, E1000State),
963 VMSTATE_UINT16(tx.mss, E1000State),
964 VMSTATE_UINT16(tx.size, E1000State),
965 VMSTATE_UINT16(tx.tso_frames, E1000State),
966 VMSTATE_UINT8(tx.sum_needed, E1000State),
967 VMSTATE_INT8(tx.ip, E1000State),
968 VMSTATE_INT8(tx.tcp, E1000State),
969 VMSTATE_BUFFER(tx.header, E1000State),
970 VMSTATE_BUFFER(tx.data, E1000State),
971 VMSTATE_UINT16_ARRAY(eeprom_data, E1000State, 64),
972 VMSTATE_UINT16_ARRAY(phy_reg, E1000State, 0x20),
973 VMSTATE_UINT32(mac_reg[CTRL], E1000State),
974 VMSTATE_UINT32(mac_reg[EECD], E1000State),
975 VMSTATE_UINT32(mac_reg[EERD], E1000State),
976 VMSTATE_UINT32(mac_reg[GPRC], E1000State),
977 VMSTATE_UINT32(mac_reg[GPTC], E1000State),
978 VMSTATE_UINT32(mac_reg[ICR], E1000State),
979 VMSTATE_UINT32(mac_reg[ICS], E1000State),
980 VMSTATE_UINT32(mac_reg[IMC], E1000State),
981 VMSTATE_UINT32(mac_reg[IMS], E1000State),
982 VMSTATE_UINT32(mac_reg[LEDCTL], E1000State),
983 VMSTATE_UINT32(mac_reg[MANC], E1000State),
984 VMSTATE_UINT32(mac_reg[MDIC], E1000State),
985 VMSTATE_UINT32(mac_reg[MPC], E1000State),
986 VMSTATE_UINT32(mac_reg[PBA], E1000State),
987 VMSTATE_UINT32(mac_reg[RCTL], E1000State),
988 VMSTATE_UINT32(mac_reg[RDBAH], E1000State),
989 VMSTATE_UINT32(mac_reg[RDBAL], E1000State),
990 VMSTATE_UINT32(mac_reg[RDH], E1000State),
991 VMSTATE_UINT32(mac_reg[RDLEN], E1000State),
992 VMSTATE_UINT32(mac_reg[RDT], E1000State),
993 VMSTATE_UINT32(mac_reg[STATUS], E1000State),
994 VMSTATE_UINT32(mac_reg[SWSM], E1000State),
995 VMSTATE_UINT32(mac_reg[TCTL], E1000State),
996 VMSTATE_UINT32(mac_reg[TDBAH], E1000State),
997 VMSTATE_UINT32(mac_reg[TDBAL], E1000State),
998 VMSTATE_UINT32(mac_reg[TDH], E1000State),
999 VMSTATE_UINT32(mac_reg[TDLEN], E1000State),
1000 VMSTATE_UINT32(mac_reg[TDT], E1000State),
1001 VMSTATE_UINT32(mac_reg[TORH], E1000State),
1002 VMSTATE_UINT32(mac_reg[TORL], E1000State),
1003 VMSTATE_UINT32(mac_reg[TOTH], E1000State),
1004 VMSTATE_UINT32(mac_reg[TOTL], E1000State),
1005 VMSTATE_UINT32(mac_reg[TPR], E1000State),
1006 VMSTATE_UINT32(mac_reg[TPT], E1000State),
1007 VMSTATE_UINT32(mac_reg[TXDCTL], E1000State),
1008 VMSTATE_UINT32(mac_reg[WUFC], E1000State),
1009 VMSTATE_UINT32(mac_reg[VET], E1000State),
1010 VMSTATE_UINT32_SUB_ARRAY(mac_reg, E1000State, RA, 32),
1011 VMSTATE_UINT32_SUB_ARRAY(mac_reg, E1000State, MTA, 128),
1012 VMSTATE_UINT32_SUB_ARRAY(mac_reg, E1000State, VFTA, 128),
1013 VMSTATE_END_OF_LIST()
1017 static const uint16_t e1000_eeprom_template[64] = {
1018 0x0000, 0x0000, 0x0000, 0x0000, 0xffff, 0x0000, 0x0000, 0x0000,
1019 0x3000, 0x1000, 0x6403, E1000_DEVID, 0x8086, E1000_DEVID, 0x8086, 0x3040,
1020 0x0008, 0x2000, 0x7e14, 0x0048, 0x1000, 0x00d8, 0x0000, 0x2700,
1021 0x6cc9, 0x3150, 0x0722, 0x040b, 0x0984, 0x0000, 0xc000, 0x0706,
1022 0x1008, 0x0000, 0x0f04, 0x7fff, 0x4d01, 0xffff, 0xffff, 0xffff,
1023 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
1024 0x0100, 0x4000, 0x121c, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
1025 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0x0000,
1028 static const uint16_t phy_reg_init[] = {
1029 [PHY_CTRL] = 0x1140, [PHY_STATUS] = 0x796d, // link initially up
1030 [PHY_ID1] = 0x141, [PHY_ID2] = PHY_ID2_INIT,
1031 [PHY_1000T_CTRL] = 0x0e00, [M88E1000_PHY_SPEC_CTRL] = 0x360,
1032 [M88E1000_EXT_PHY_SPEC_CTRL] = 0x0d60, [PHY_AUTONEG_ADV] = 0xde1,
1033 [PHY_LP_ABILITY] = 0x1e0, [PHY_1000T_STATUS] = 0x3c00,
1034 [M88E1000_PHY_SPEC_STATUS] = 0xac00,
1037 static const uint32_t mac_reg_init[] = {
1040 [CTRL] = E1000_CTRL_SWDPIN2 | E1000_CTRL_SWDPIN0 |
1041 E1000_CTRL_SPD_1000 | E1000_CTRL_SLU,
1042 [STATUS] = 0x80000000 | E1000_STATUS_GIO_MASTER_ENABLE |
1043 E1000_STATUS_ASDV | E1000_STATUS_MTXCKOK |
1044 E1000_STATUS_SPEED_1000 | E1000_STATUS_FD |
1046 [MANC] = E1000_MANC_EN_MNG2HOST | E1000_MANC_RCV_TCO_EN |
1047 E1000_MANC_ARP_EN | E1000_MANC_0298_EN |
1053 static CPUWriteMemoryFunc * const e1000_mmio_write[] = {
1054 e1000_mmio_writeb, e1000_mmio_writew, e1000_mmio_writel
1057 static CPUReadMemoryFunc * const e1000_mmio_read[] = {
1058 e1000_mmio_readb, e1000_mmio_readw, e1000_mmio_readl
1062 e1000_mmio_map(PCIDevice *pci_dev, int region_num,
1063 pcibus_t addr, pcibus_t size, int type)
1065 E1000State *d = DO_UPCAST(E1000State, dev, pci_dev);
1067 const uint32_t excluded_regs[] = {
1068 E1000_MDIC, E1000_ICR, E1000_ICS, E1000_IMS,
1069 E1000_IMC, E1000_TCTL, E1000_TDT, PNPMMIO_SIZE
1073 DBGOUT(MMIO, "e1000_mmio_map addr=0x%08"FMT_PCIBUS" 0x%08"FMT_PCIBUS"\n",
1076 cpu_register_physical_memory(addr, PNPMMIO_SIZE, d->mmio_index);
1077 qemu_register_coalesced_mmio(addr, excluded_regs[0]);
1079 for (i = 0; excluded_regs[i] != PNPMMIO_SIZE; i++)
1080 qemu_register_coalesced_mmio(addr + excluded_regs[i] + 4,
1081 excluded_regs[i + 1] -
1082 excluded_regs[i] - 4);
1086 e1000_cleanup(VLANClientState *nc)
1088 E1000State *s = DO_UPCAST(NICState, nc, nc)->opaque;
1094 pci_e1000_uninit(PCIDevice *dev)
1096 E1000State *d = DO_UPCAST(E1000State, dev, dev);
1098 cpu_unregister_io_memory(d->mmio_index);
1099 qemu_del_vlan_client(&d->nic->nc);
1103 static void e1000_reset(void *opaque)
1105 E1000State *d = opaque;
1107 memset(d->phy_reg, 0, sizeof d->phy_reg);
1108 memmove(d->phy_reg, phy_reg_init, sizeof phy_reg_init);
1109 memset(d->mac_reg, 0, sizeof d->mac_reg);
1110 memmove(d->mac_reg, mac_reg_init, sizeof mac_reg_init);
1111 d->rxbuf_min_shift = 1;
1112 memset(&d->tx, 0, sizeof d->tx);
1115 static NetClientInfo net_e1000_info = {
1116 .type = NET_CLIENT_TYPE_NIC,
1117 .size = sizeof(NICState),
1118 .can_receive = e1000_can_receive,
1119 .receive = e1000_receive,
1120 .cleanup = e1000_cleanup,
1121 .link_status_changed = e1000_set_link_status,
1124 static int pci_e1000_init(PCIDevice *pci_dev)
1126 E1000State *d = DO_UPCAST(E1000State, dev, pci_dev);
1128 uint16_t checksum = 0;
1132 pci_conf = d->dev.config;
1134 pci_config_set_vendor_id(pci_conf, PCI_VENDOR_ID_INTEL);
1135 pci_config_set_device_id(pci_conf, E1000_DEVID);
1136 /* TODO: we have no capabilities, so why is this bit set? */
1137 pci_set_word(pci_conf + PCI_STATUS, PCI_STATUS_CAP_LIST);
1138 pci_conf[PCI_REVISION_ID] = 0x03;
1139 pci_config_set_class(pci_conf, PCI_CLASS_NETWORK_ETHERNET);
1140 /* TODO: RST# value should be 0, PCI spec 6.2.4 */
1141 pci_conf[PCI_CACHE_LINE_SIZE] = 0x10;
1143 /* TODO: RST# value should be 0 if programmable, PCI spec 6.2.4 */
1144 pci_conf[PCI_INTERRUPT_PIN] = 1; // interrupt pin 0
1146 d->mmio_index = cpu_register_io_memory(e1000_mmio_read,
1147 e1000_mmio_write, d, DEVICE_LITTLE_ENDIAN);
1149 pci_register_bar(&d->dev, 0, PNPMMIO_SIZE,
1150 PCI_BASE_ADDRESS_SPACE_MEMORY, e1000_mmio_map);
1152 pci_register_bar(&d->dev, 1, IOPORT_SIZE,
1153 PCI_BASE_ADDRESS_SPACE_IO, ioport_map);
1155 memmove(d->eeprom_data, e1000_eeprom_template,
1156 sizeof e1000_eeprom_template);
1157 qemu_macaddr_default_if_unset(&d->conf.macaddr);
1158 macaddr = d->conf.macaddr.a;
1159 for (i = 0; i < 3; i++)
1160 d->eeprom_data[i] = (macaddr[2*i+1]<<8) | macaddr[2*i];
1161 for (i = 0; i < EEPROM_CHECKSUM_REG; i++)
1162 checksum += d->eeprom_data[i];
1163 checksum = (uint16_t) EEPROM_SUM - checksum;
1164 d->eeprom_data[EEPROM_CHECKSUM_REG] = checksum;
1166 d->nic = qemu_new_nic(&net_e1000_info, &d->conf,
1167 d->dev.qdev.info->name, d->dev.qdev.id, d);
1169 qemu_format_nic_info_str(&d->nic->nc, macaddr);
1171 add_boot_device_path(d->conf.bootindex, &pci_dev->qdev, "/ethernet-phy@0");
1176 static void qdev_e1000_reset(DeviceState *dev)
1178 E1000State *d = DO_UPCAST(E1000State, dev.qdev, dev);
1182 static PCIDeviceInfo e1000_info = {
1183 .qdev.name = "e1000",
1184 .qdev.desc = "Intel Gigabit Ethernet",
1185 .qdev.size = sizeof(E1000State),
1186 .qdev.reset = qdev_e1000_reset,
1187 .qdev.vmsd = &vmstate_e1000,
1188 .init = pci_e1000_init,
1189 .exit = pci_e1000_uninit,
1190 .romfile = "pxe-e1000.bin",
1191 .qdev.props = (Property[]) {
1192 DEFINE_NIC_PROPERTIES(E1000State, conf),
1193 DEFINE_PROP_END_OF_LIST(),
1197 static void e1000_register_devices(void)
1199 pci_qdev_register(&e1000_info);
1202 device_init(e1000_register_devices)
projects / sdk / emulator / qemu.git / blob