]> git.proxmox.com Git - mirror_qemu.git/blame - hw/e1000.c
projects / mirror_qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
net: tap: use abort() instead of assert(0)
[mirror_qemu.git] / hw / e1000.c
CommitLineData
7c23b892
AZ		 1/*
2 * QEMU e1000 emulation
3 *
2758aa52
MT		 4 * Software developer's manual:
5 * http://download.intel.com/design/network/manuals/8254x_GBe_SDM.pdf
6 *
7c23b892
AZ		 7 * Nir Peleg, Tutis Systems Ltd. for Qumranet Inc.
8 * Copyright (c) 2008 Qumranet
9 * Based on work done by:
10 * Copyright (c) 2007 Dan Aloni
11 * Copyright (c) 2004 Antony T Curtis
12 *
13 * This library is free software; you can redistribute it and/or
14 * modify it under the terms of the GNU Lesser General Public
15 * License as published by the Free Software Foundation; either
16 * version 2 of the License, or (at your option) any later version.
17 *
18 * This library is distributed in the hope that it will be useful,
19 * but WITHOUT ANY WARRANTY; without even the implied warranty of
20 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
21 * Lesser General Public License for more details.
22 *
23 * You should have received a copy of the GNU Lesser General Public
8167ee88 24 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
7c23b892
AZ		 25 */
26
27
28#include "hw.h"
a2cb15b0 29#include "pci/pci.h"
1422e32d 30#include "net/net.h"
7200ac3c 31#include "net/checksum.h"
fbdaa002 32#include "loader.h"
9c17d615
PB		 33#include "sysemu/sysemu.h"
34#include "sysemu/dma.h"
7c23b892 35
7c23b892
AZ		 36#include "e1000_hw.h"
37
27124888 38#define E1000_DEBUG
7c23b892 39
27124888 40#ifdef E1000_DEBUG
7c23b892
AZ		 41enum {
42 DEBUG_GENERAL, DEBUG_IO, DEBUG_MMIO, DEBUG_INTERRUPT,
43 DEBUG_RX, DEBUG_TX, DEBUG_MDIC, DEBUG_EEPROM,
44 DEBUG_UNKNOWN, DEBUG_TXSUM, DEBUG_TXERR, DEBUG_RXERR,
f9c1cdf4 45 DEBUG_RXFILTER, DEBUG_PHY, DEBUG_NOTYET,
7c23b892
AZ		 46};
47#define DBGBIT(x) (1<<DEBUG_##x)
48static int debugflags = DBGBIT(TXERR) | DBGBIT(GENERAL);
49
6c7f4b47 50#define DBGOUT(what, fmt, ...) do { \
7c23b892 51 if (debugflags & DBGBIT(what)) \
6c7f4b47 52 fprintf(stderr, "e1000: " fmt, ## __VA_ARGS__); \
7c23b892
AZ		 53 } while (0)
54#else
6c7f4b47 55#define DBGOUT(what, fmt, ...) do {} while (0)
7c23b892
AZ		 56#endif
57
58#define IOPORT_SIZE 0x40
e94bbefe 59#define PNPMMIO_SIZE 0x20000
78aeb23e 60#define MIN_BUF_SIZE 60 /* Min. octets in an ethernet frame sans FCS */
7c23b892 61
b0d9ffcd
MC		 62/* this is the size past which hardware will drop packets when setting LPE=0 */
63#define MAXIMUM_ETHERNET_VLAN_SIZE 1522
2c0331f4
MC		 64/* this is the size past which hardware will drop packets when setting LPE=1 */
65#define MAXIMUM_ETHERNET_LPE_SIZE 16384
b0d9ffcd 66
7c23b892
AZ		 67/*
68 * HW models:
69 * E1000_DEV_ID_82540EM works with Windows and Linux
70 * E1000_DEV_ID_82573L OK with windoze and Linux 2.6.22,
71 * appears to perform better than 82540EM, but breaks with Linux 2.6.18
72 * E1000_DEV_ID_82544GC_COPPER appears to work; not well tested
73 * Others never tested
74 */
75enum { E1000_DEVID = E1000_DEV_ID_82540EM };
76
77/*
78 * May need to specify additional MAC-to-PHY entries --
79 * Intel's Windows driver refuses to initialize unless they match
80 */
81enum {
82 PHY_ID2_INIT = E1000_DEVID == E1000_DEV_ID_82573L ? 0xcc2 :
83 E1000_DEVID == E1000_DEV_ID_82544GC_COPPER ? 0xc30 :
84 /* default to E1000_DEV_ID_82540EM */ 0xc20
85};
86
87typedef struct E1000State_st {
88 PCIDevice dev;
a03e2aec 89 NICState *nic;
fbdaa002 90 NICConf conf;
ad00a9b9
AK		 91 MemoryRegion mmio;
92 MemoryRegion io;
7c23b892
AZ		 93
94 uint32_t mac_reg[0x8000];
95 uint16_t phy_reg[0x20];
96 uint16_t eeprom_data[64];
97
98 uint32_t rxbuf_size;
99 uint32_t rxbuf_min_shift;
7c23b892
AZ		 100 struct e1000_tx {
101 unsigned char header[256];
8f2e8d1f 102 unsigned char vlan_header[4];
b10fec9b 103 /* Fields vlan and data must not be reordered or separated. */
8f2e8d1f 104 unsigned char vlan[4];
7c23b892
AZ		 105 unsigned char data[0x10000];
106 uint16_t size;
107 unsigned char sum_needed;
8f2e8d1f 108 unsigned char vlan_needed;
7c23b892
AZ		 109 uint8_t ipcss;
110 uint8_t ipcso;
111 uint16_t ipcse;
112 uint8_t tucss;
113 uint8_t tucso;
114 uint16_t tucse;
115 uint8_t hdr_len;
116 uint16_t mss;
117 uint32_t paylen;
118 uint16_t tso_frames;
119 char tse;
b6c4f71f
BS		 120 int8_t ip;
121 int8_t tcp;
1b0009db 122 char cptse; // current packet tse bit
7c23b892
AZ		 123 } tx;
124
125 struct {
126 uint32_t val_in; // shifted in from guest driver
127 uint16_t bitnum_in;
128 uint16_t bitnum_out;
129 uint16_t reading;
130 uint32_t old_eecd;
131 } eecd_state;
b9d03e35
JW		 132
133 QEMUTimer *autoneg_timer;
7c23b892
AZ		 134} E1000State;
135
136#define defreg(x) x = (E1000_##x>>2)
137enum {
138 defreg(CTRL), defreg(EECD), defreg(EERD), defreg(GPRC),
139 defreg(GPTC), defreg(ICR), defreg(ICS), defreg(IMC),
140 defreg(IMS), defreg(LEDCTL), defreg(MANC), defreg(MDIC),
141 defreg(MPC), defreg(PBA), defreg(RCTL), defreg(RDBAH),
142 defreg(RDBAL), defreg(RDH), defreg(RDLEN), defreg(RDT),
143 defreg(STATUS), defreg(SWSM), defreg(TCTL), defreg(TDBAH),
144 defreg(TDBAL), defreg(TDH), defreg(TDLEN), defreg(TDT),
145 defreg(TORH), defreg(TORL), defreg(TOTH), defreg(TOTL),
146 defreg(TPR), defreg(TPT), defreg(TXDCTL), defreg(WUFC),
8f2e8d1f
AL		 147 defreg(RA), defreg(MTA), defreg(CRCERRS),defreg(VFTA),
148 defreg(VET),
7c23b892
AZ		 149};
150
71aadd3c
JW		 151static void
152e1000_link_down(E1000State *s)
153{
154 s->mac_reg[STATUS] &= ~E1000_STATUS_LU;
155 s->phy_reg[PHY_STATUS] &= ~MII_SR_LINK_STATUS;
156}
157
158static void
159e1000_link_up(E1000State *s)
160{
161 s->mac_reg[STATUS] |= E1000_STATUS_LU;
162 s->phy_reg[PHY_STATUS] |= MII_SR_LINK_STATUS;
163}
164
b9d03e35
JW		 165static void
166set_phy_ctrl(E1000State *s, int index, uint16_t val)
167{
168 if ((val & MII_CR_AUTO_NEG_EN) && (val & MII_CR_RESTART_AUTO_NEG)) {
169 s->nic->nc.link_down = true;
170 e1000_link_down(s);
171 s->phy_reg[PHY_STATUS] &= ~MII_SR_AUTONEG_COMPLETE;
172 DBGOUT(PHY, "Start link auto negotiation\n");
173 qemu_mod_timer(s->autoneg_timer, qemu_get_clock_ms(vm_clock) + 500);
174 }
175}
176
177static void
178e1000_autoneg_timer(void *opaque)
179{
180 E1000State *s = opaque;
181 s->nic->nc.link_down = false;
182 e1000_link_up(s);
183 s->phy_reg[PHY_STATUS] |= MII_SR_AUTONEG_COMPLETE;
184 DBGOUT(PHY, "Auto negotiation is completed\n");
185}
186
187static void (*phyreg_writeops[])(E1000State *, int, uint16_t) = {
188 [PHY_CTRL] = set_phy_ctrl,
189};
190
191enum { NPHYWRITEOPS = ARRAY_SIZE(phyreg_writeops) };
192
7c23b892 193enum { PHY_R = 1, PHY_W = 2, PHY_RW = PHY_R | PHY_W };
88b4e9db 194static const char phy_regcap[0x20] = {
7c23b892
AZ		 195 [PHY_STATUS] = PHY_R, [M88E1000_EXT_PHY_SPEC_CTRL] = PHY_RW,
196 [PHY_ID1] = PHY_R, [M88E1000_PHY_SPEC_CTRL] = PHY_RW,
197 [PHY_CTRL] = PHY_RW, [PHY_1000T_CTRL] = PHY_RW,
198 [PHY_LP_ABILITY] = PHY_R, [PHY_1000T_STATUS] = PHY_R,
199 [PHY_AUTONEG_ADV] = PHY_RW, [M88E1000_RX_ERR_CNTR] = PHY_R,
700f6e2c 200 [PHY_ID2] = PHY_R, [M88E1000_PHY_SPEC_STATUS] = PHY_R
7c23b892
AZ		 201};
202
814cd3ac 203static const uint16_t phy_reg_init[] = {
b9d03e35
JW		 204 [PHY_CTRL] = 0x1140,
205 [PHY_STATUS] = 0x794d, /* link initially up with not completed autoneg */
814cd3ac
MT		 206 [PHY_ID1] = 0x141, [PHY_ID2] = PHY_ID2_INIT,
207 [PHY_1000T_CTRL] = 0x0e00, [M88E1000_PHY_SPEC_CTRL] = 0x360,
208 [M88E1000_EXT_PHY_SPEC_CTRL] = 0x0d60, [PHY_AUTONEG_ADV] = 0xde1,
209 [PHY_LP_ABILITY] = 0x1e0, [PHY_1000T_STATUS] = 0x3c00,
210 [M88E1000_PHY_SPEC_STATUS] = 0xac00,
211};
212
213static const uint32_t mac_reg_init[] = {
214 [PBA] = 0x00100030,
215 [LEDCTL] = 0x602,
216 [CTRL] = E1000_CTRL_SWDPIN2 | E1000_CTRL_SWDPIN0 |
217 E1000_CTRL_SPD_1000 | E1000_CTRL_SLU,
218 [STATUS] = 0x80000000 | E1000_STATUS_GIO_MASTER_ENABLE |
219 E1000_STATUS_ASDV | E1000_STATUS_MTXCKOK |
220 E1000_STATUS_SPEED_1000 | E1000_STATUS_FD |
221 E1000_STATUS_LU,
222 [MANC] = E1000_MANC_EN_MNG2HOST | E1000_MANC_RCV_TCO_EN |
223 E1000_MANC_ARP_EN | E1000_MANC_0298_EN |
224 E1000_MANC_RMCP_EN,
225};
226
7c23b892
AZ		 227static void
228set_interrupt_cause(E1000State *s, int index, uint32_t val)
229{
f1219091
JW		 230 if (val && (E1000_DEVID >= E1000_DEV_ID_82547EI_MOBILE)) {
231 /* Only for 8257x */
7c23b892 232 val |= E1000_ICR_INT_ASSERTED;
f1219091 233 }
7c23b892 234 s->mac_reg[ICR] = val;
a52a8841
MT		 235
236 /*
237 * Make sure ICR and ICS registers have the same value.
238 * The spec says that the ICS register is write-only. However in practice,
239 * on real hardware ICS is readable, and for reads it has the same value as
240 * ICR (except that ICS does not have the clear on read behaviour of ICR).
241 *
242 * The VxWorks PRO/1000 driver uses this behaviour.
243 */
b1332393 244 s->mac_reg[ICS] = val;
a52a8841 245
bc26e55a 246 qemu_set_irq(s->dev.irq[0], (s->mac_reg[IMS] & s->mac_reg[ICR]) != 0);
7c23b892
AZ		 247}
248
249static void
250set_ics(E1000State *s, int index, uint32_t val)
251{
252 DBGOUT(INTERRUPT, "set_ics %x, ICR %x, IMR %x\n", val, s->mac_reg[ICR],
253 s->mac_reg[IMS]);
254 set_interrupt_cause(s, 0, val | s->mac_reg[ICR]);
255}
256
257static int
258rxbufsize(uint32_t v)
259{
260 v &= E1000_RCTL_BSEX | E1000_RCTL_SZ_16384 | E1000_RCTL_SZ_8192 |
261 E1000_RCTL_SZ_4096 | E1000_RCTL_SZ_2048 | E1000_RCTL_SZ_1024 |
262 E1000_RCTL_SZ_512 | E1000_RCTL_SZ_256;
263 switch (v) {
264 case E1000_RCTL_BSEX | E1000_RCTL_SZ_16384:
265 return 16384;
266 case E1000_RCTL_BSEX | E1000_RCTL_SZ_8192:
267 return 8192;
268 case E1000_RCTL_BSEX | E1000_RCTL_SZ_4096:
269 return 4096;
270 case E1000_RCTL_SZ_1024:
271 return 1024;
272 case E1000_RCTL_SZ_512:
273 return 512;
274 case E1000_RCTL_SZ_256:
275 return 256;
276 }
277 return 2048;
278}
279
814cd3ac
MT		 280static void e1000_reset(void *opaque)
281{
282 E1000State *d = opaque;
372254c6
GS		 283 uint8_t *macaddr = d->conf.macaddr.a;
284 int i;
814cd3ac 285
b9d03e35 286 qemu_del_timer(d->autoneg_timer);
814cd3ac
MT		 287 memset(d->phy_reg, 0, sizeof d->phy_reg);
288 memmove(d->phy_reg, phy_reg_init, sizeof phy_reg_init);
289 memset(d->mac_reg, 0, sizeof d->mac_reg);
290 memmove(d->mac_reg, mac_reg_init, sizeof mac_reg_init);
291 d->rxbuf_min_shift = 1;
292 memset(&d->tx, 0, sizeof d->tx);
293
294 if (d->nic->nc.link_down) {
71aadd3c 295 e1000_link_down(d);
814cd3ac 296 }
372254c6
GS		 297
298 /* Some guests expect pre-initialized RAH/RAL (AddrValid flag + MACaddr) */
299 d->mac_reg[RA] = 0;
300 d->mac_reg[RA + 1] = E1000_RAH_AV;
301 for (i = 0; i < 4; i++) {
302 d->mac_reg[RA] |= macaddr[i] << (8 * i);
303 d->mac_reg[RA + 1] |= (i < 2) ? macaddr[i + 4] << (8 * i) : 0;
304 }
814cd3ac
MT		 305}
306
cab3c825
KW		 307static void
308set_ctrl(E1000State *s, int index, uint32_t val)
309{
310 /* RST is self clearing */
311 s->mac_reg[CTRL] = val & ~E1000_CTRL_RST;
312}
313
7c23b892
AZ		 314static void
315set_rx_control(E1000State *s, int index, uint32_t val)
316{
317 s->mac_reg[RCTL] = val;
318 s->rxbuf_size = rxbufsize(val);
319 s->rxbuf_min_shift = ((val / E1000_RCTL_RDMTS_QUAT) & 3) + 1;
320 DBGOUT(RX, "RCTL: %d, mac_reg[RCTL] = 0x%x\n", s->mac_reg[RDT],
321 s->mac_reg[RCTL]);
e8b4c680 322 qemu_flush_queued_packets(&s->nic->nc);
7c23b892
AZ		 323}
324
325static void
326set_mdic(E1000State *s, int index, uint32_t val)
327{
328 uint32_t data = val & E1000_MDIC_DATA_MASK;
329 uint32_t addr = ((val & E1000_MDIC_REG_MASK) >> E1000_MDIC_REG_SHIFT);
330
331 if ((val & E1000_MDIC_PHY_MASK) >> E1000_MDIC_PHY_SHIFT != 1) // phy #
332 val = s->mac_reg[MDIC] | E1000_MDIC_ERROR;
333 else if (val & E1000_MDIC_OP_READ) {
334 DBGOUT(MDIC, "MDIC read reg 0x%x\n", addr);
335 if (!(phy_regcap[addr] & PHY_R)) {
336 DBGOUT(MDIC, "MDIC read reg %x unhandled\n", addr);
337 val |= E1000_MDIC_ERROR;
338 } else
339 val = (val ^ data) | s->phy_reg[addr];
340 } else if (val & E1000_MDIC_OP_WRITE) {
341 DBGOUT(MDIC, "MDIC write reg 0x%x, value 0x%x\n", addr, data);
342 if (!(phy_regcap[addr] & PHY_W)) {
343 DBGOUT(MDIC, "MDIC write reg %x unhandled\n", addr);
344 val |= E1000_MDIC_ERROR;
b9d03e35
JW		 345 } else {
346 if (addr < NPHYWRITEOPS && phyreg_writeops[addr]) {
347 phyreg_writeops[addr](s, index, data);
348 }
7c23b892 349 s->phy_reg[addr] = data;
b9d03e35 350 }
7c23b892
AZ		 351 }
352 s->mac_reg[MDIC] = val | E1000_MDIC_READY;
17fbbb0b
JW		 353
354 if (val & E1000_MDIC_INT_EN) {
355 set_ics(s, 0, E1000_ICR_MDAC);
356 }
7c23b892
AZ		 357}
358
359static uint32_t
360get_eecd(E1000State *s, int index)
361{
362 uint32_t ret = E1000_EECD_PRES|E1000_EECD_GNT | s->eecd_state.old_eecd;
363
364 DBGOUT(EEPROM, "reading eeprom bit %d (reading %d)\n",
365 s->eecd_state.bitnum_out, s->eecd_state.reading);
366 if (!s->eecd_state.reading ||
367 ((s->eeprom_data[(s->eecd_state.bitnum_out >> 4) & 0x3f] >>
368 ((s->eecd_state.bitnum_out & 0xf) ^ 0xf))) & 1)
369 ret |= E1000_EECD_DO;
370 return ret;
371}
372
373static void
374set_eecd(E1000State *s, int index, uint32_t val)
375{
376 uint32_t oldval = s->eecd_state.old_eecd;
377
378 s->eecd_state.old_eecd = val & (E1000_EECD_SK | E1000_EECD_CS |
379 E1000_EECD_DI|E1000_EECD_FWE_MASK|E1000_EECD_REQ);
9651ac55
IT		 380 if (!(E1000_EECD_CS & val)) // CS inactive; nothing to do
381 return;
382 if (E1000_EECD_CS & (val ^ oldval)) { // CS rise edge; reset state
383 s->eecd_state.val_in = 0;
384 s->eecd_state.bitnum_in = 0;
385 s->eecd_state.bitnum_out = 0;
386 s->eecd_state.reading = 0;
387 }
7c23b892
AZ		 388 if (!(E1000_EECD_SK & (val ^ oldval))) // no clock edge
389 return;
390 if (!(E1000_EECD_SK & val)) { // falling edge
391 s->eecd_state.bitnum_out++;
392 return;
393 }
7c23b892
AZ		 394 s->eecd_state.val_in <<= 1;
395 if (val & E1000_EECD_DI)
396 s->eecd_state.val_in |= 1;
397 if (++s->eecd_state.bitnum_in == 9 && !s->eecd_state.reading) {
398 s->eecd_state.bitnum_out = ((s->eecd_state.val_in & 0x3f)<<4)-1;
399 s->eecd_state.reading = (((s->eecd_state.val_in >> 6) & 7) ==
400 EEPROM_READ_OPCODE_MICROWIRE);
401 }
402 DBGOUT(EEPROM, "eeprom bitnum in %d out %d, reading %d\n",
403 s->eecd_state.bitnum_in, s->eecd_state.bitnum_out,
404 s->eecd_state.reading);
405}
406
407static uint32_t
408flash_eerd_read(E1000State *s, int x)
409{
410 unsigned int index, r = s->mac_reg[EERD] & ~E1000_EEPROM_RW_REG_START;
411
b1332393
BP		 412 if ((s->mac_reg[EERD] & E1000_EEPROM_RW_REG_START) == 0)
413 return (s->mac_reg[EERD]);
414
7c23b892 415 if ((index = r >> E1000_EEPROM_RW_ADDR_SHIFT) > EEPROM_CHECKSUM_REG)
b1332393
BP		 416 return (E1000_EEPROM_RW_REG_DONE | r);
417
418 return ((s->eeprom_data[index] << E1000_EEPROM_RW_REG_DATA) |
419 E1000_EEPROM_RW_REG_DONE | r);
7c23b892
AZ		 420}
421
7c23b892
AZ		 422static void
423putsum(uint8_t *data, uint32_t n, uint32_t sloc, uint32_t css, uint32_t cse)
424{
c6a6a5e3
AL		 425 uint32_t sum;
426
7c23b892
AZ		 427 if (cse && cse < n)
428 n = cse + 1;
c6a6a5e3
AL		 429 if (sloc < n-1) {
430 sum = net_checksum_add(n-css, data+css);
7c23b892 431 cpu_to_be16wu((uint16_t *)(data + sloc),
c6a6a5e3
AL		 432 net_checksum_finish(sum));
433 }
7c23b892
AZ		 434}
435
8f2e8d1f
AL		 436static inline int
437vlan_enabled(E1000State *s)
438{
439 return ((s->mac_reg[CTRL] & E1000_CTRL_VME) != 0);
440}
441
442static inline int
443vlan_rx_filter_enabled(E1000State *s)
444{
445 return ((s->mac_reg[RCTL] & E1000_RCTL_VFE) != 0);
446}
447
448static inline int
449is_vlan_packet(E1000State *s, const uint8_t *buf)
450{
451 return (be16_to_cpup((uint16_t *)(buf + 12)) ==
452 le16_to_cpup((uint16_t *)(s->mac_reg + VET)));
453}
454
455static inline int
456is_vlan_txd(uint32_t txd_lower)
457{
458 return ((txd_lower & E1000_TXD_CMD_VLE) != 0);
459}
460
55e8d1ce
MT		 461/* FCS aka Ethernet CRC-32. We don't get it from backends and can't
462 * fill it in, just pad descriptor length by 4 bytes unless guest
a05e8a6e 463 * told us to strip it off the packet. */
55e8d1ce
MT		 464static inline int
465fcs_len(E1000State *s)
466{
467 return (s->mac_reg[RCTL] & E1000_RCTL_SECRC) ? 0 : 4;
468}
469
93e37d76
JW		 470static void
471e1000_send_packet(E1000State *s, const uint8_t *buf, int size)
472{
473 if (s->phy_reg[PHY_CTRL] & MII_CR_LOOPBACK) {
474 s->nic->nc.info->receive(&s->nic->nc, buf, size);
475 } else {
476 qemu_send_packet(&s->nic->nc, buf, size);
477 }
478}
479
7c23b892
AZ		 480static void
481xmit_seg(E1000State *s)
482{
483 uint16_t len, *sp;
484 unsigned int frames = s->tx.tso_frames, css, sofar, n;
485 struct e1000_tx *tp = &s->tx;
486
1b0009db 487 if (tp->tse && tp->cptse) {
7c23b892
AZ		 488 css = tp->ipcss;
489 DBGOUT(TXSUM, "frames %d size %d ipcss %d\n",
490 frames, tp->size, css);
491 if (tp->ip) { // IPv4
492 cpu_to_be16wu((uint16_t *)(tp->data+css+2),
493 tp->size - css);
494 cpu_to_be16wu((uint16_t *)(tp->data+css+4),
495 be16_to_cpup((uint16_t *)(tp->data+css+4))+frames);
496 } else // IPv6
497 cpu_to_be16wu((uint16_t *)(tp->data+css+4),
498 tp->size - css);
499 css = tp->tucss;
500 len = tp->size - css;
501 DBGOUT(TXSUM, "tcp %d tucss %d len %d\n", tp->tcp, css, len);
502 if (tp->tcp) {
503 sofar = frames * tp->mss;
504 cpu_to_be32wu((uint32_t *)(tp->data+css+4), // seq
88738c09 505 be32_to_cpupu((uint32_t *)(tp->data+css+4))+sofar);
7c23b892
AZ		 506 if (tp->paylen - sofar > tp->mss)
507 tp->data[css + 13] &= ~9; // PSH, FIN
508 } else // UDP
509 cpu_to_be16wu((uint16_t *)(tp->data+css+4), len);
510 if (tp->sum_needed & E1000_TXD_POPTS_TXSM) {
e685b4eb 511 unsigned int phsum;
7c23b892
AZ		 512 // add pseudo-header length before checksum calculation
513 sp = (uint16_t *)(tp->data + tp->tucso);
e685b4eb
AW		 514 phsum = be16_to_cpup(sp) + len;
515 phsum = (phsum >> 16) + (phsum & 0xffff);
516 cpu_to_be16wu(sp, phsum);
7c23b892
AZ		 517 }
518 tp->tso_frames++;
519 }
520
521 if (tp->sum_needed & E1000_TXD_POPTS_TXSM)
522 putsum(tp->data, tp->size, tp->tucso, tp->tucss, tp->tucse);
523 if (tp->sum_needed & E1000_TXD_POPTS_IXSM)
524 putsum(tp->data, tp->size, tp->ipcso, tp->ipcss, tp->ipcse);
8f2e8d1f 525 if (tp->vlan_needed) {
b10fec9b
SW		 526 memmove(tp->vlan, tp->data, 4);
527 memmove(tp->data, tp->data + 4, 8);
8f2e8d1f 528 memcpy(tp->data + 8, tp->vlan_header, 4);
93e37d76 529 e1000_send_packet(s, tp->vlan, tp->size + 4);
8f2e8d1f 530 } else
93e37d76 531 e1000_send_packet(s, tp->data, tp->size);
7c23b892
AZ		 532 s->mac_reg[TPT]++;
533 s->mac_reg[GPTC]++;
534 n = s->mac_reg[TOTL];
535 if ((s->mac_reg[TOTL] += s->tx.size) < n)
536 s->mac_reg[TOTH]++;
537}
538
539static void
540process_tx_desc(E1000State *s, struct e1000_tx_desc *dp)
541{
542 uint32_t txd_lower = le32_to_cpu(dp->lower.data);
543 uint32_t dtype = txd_lower & (E1000_TXD_CMD_DEXT | E1000_TXD_DTYP_D);
544 unsigned int split_size = txd_lower & 0xffff, bytes, sz, op;
545 unsigned int msh = 0xfffff, hdr = 0;
546 uint64_t addr;
547 struct e1000_context_desc *xp = (struct e1000_context_desc *)dp;
548 struct e1000_tx *tp = &s->tx;
549
550 if (dtype == E1000_TXD_CMD_DEXT) { // context descriptor
551 op = le32_to_cpu(xp->cmd_and_length);
552 tp->ipcss = xp->lower_setup.ip_fields.ipcss;
553 tp->ipcso = xp->lower_setup.ip_fields.ipcso;
554 tp->ipcse = le16_to_cpu(xp->lower_setup.ip_fields.ipcse);
555 tp->tucss = xp->upper_setup.tcp_fields.tucss;
556 tp->tucso = xp->upper_setup.tcp_fields.tucso;
557 tp->tucse = le16_to_cpu(xp->upper_setup.tcp_fields.tucse);
558 tp->paylen = op & 0xfffff;
559 tp->hdr_len = xp->tcp_seg_setup.fields.hdr_len;
560 tp->mss = le16_to_cpu(xp->tcp_seg_setup.fields.mss);
561 tp->ip = (op & E1000_TXD_CMD_IP) ? 1 : 0;
562 tp->tcp = (op & E1000_TXD_CMD_TCP) ? 1 : 0;
563 tp->tse = (op & E1000_TXD_CMD_TSE) ? 1 : 0;
564 tp->tso_frames = 0;
565 if (tp->tucso == 0) { // this is probably wrong
566 DBGOUT(TXSUM, "TCP/UDP: cso 0!\n");
567 tp->tucso = tp->tucss + (tp->tcp ? 16 : 6);
568 }
569 return;
1b0009db
AZ		 570 } else if (dtype == (E1000_TXD_CMD_DEXT | E1000_TXD_DTYP_D)) {
571 // data descriptor
735e77ec
SH		 572 if (tp->size == 0) {
573 tp->sum_needed = le32_to_cpu(dp->upper.data) >> 8;
574 }
1b0009db 575 tp->cptse = ( txd_lower & E1000_TXD_CMD_TSE ) ? 1 : 0;
43ad7e3e 576 } else {
1b0009db
AZ		 577 // legacy descriptor
578 tp->cptse = 0;
43ad7e3e 579 }
7c23b892 580
8f2e8d1f
AL		 581 if (vlan_enabled(s) && is_vlan_txd(txd_lower) &&
582 (tp->cptse || txd_lower & E1000_TXD_CMD_EOP)) {
583 tp->vlan_needed = 1;
584 cpu_to_be16wu((uint16_t *)(tp->vlan_header),
585 le16_to_cpup((uint16_t *)(s->mac_reg + VET)));
586 cpu_to_be16wu((uint16_t *)(tp->vlan_header + 2),
587 le16_to_cpu(dp->upper.fields.special));
588 }
589
7c23b892 590 addr = le64_to_cpu(dp->buffer_addr);
1b0009db 591 if (tp->tse && tp->cptse) {
7c23b892
AZ		 592 hdr = tp->hdr_len;
593 msh = hdr + tp->mss;
1b0009db
AZ		 594 do {
595 bytes = split_size;
596 if (tp->size + bytes > msh)
597 bytes = msh - tp->size;
65f82df0
AL		 598
599 bytes = MIN(sizeof(tp->data) - tp->size, bytes);
62ecbd35 600 pci_dma_read(&s->dev, addr, tp->data + tp->size, bytes);
1b0009db
AZ		 601 if ((sz = tp->size + bytes) >= hdr && tp->size < hdr)
602 memmove(tp->header, tp->data, hdr);
603 tp->size = sz;
604 addr += bytes;
605 if (sz == msh) {
606 xmit_seg(s);
607 memmove(tp->data, tp->header, hdr);
608 tp->size = hdr;
609 }
610 } while (split_size -= bytes);
611 } else if (!tp->tse && tp->cptse) {
612 // context descriptor TSE is not set, while data descriptor TSE is set
362f5fb5 613 DBGOUT(TXERR, "TCP segmentation error\n");
1b0009db 614 } else {
65f82df0 615 split_size = MIN(sizeof(tp->data) - tp->size, split_size);
62ecbd35 616 pci_dma_read(&s->dev, addr, tp->data + tp->size, split_size);
1b0009db 617 tp->size += split_size;
7c23b892 618 }
7c23b892
AZ		 619
620 if (!(txd_lower & E1000_TXD_CMD_EOP))
621 return;
1b0009db 622 if (!(tp->tse && tp->cptse && tp->size < hdr))
7c23b892
AZ		 623 xmit_seg(s);
624 tp->tso_frames = 0;
625 tp->sum_needed = 0;
8f2e8d1f 626 tp->vlan_needed = 0;
7c23b892 627 tp->size = 0;
1b0009db 628 tp->cptse = 0;
7c23b892
AZ		 629}
630
631static uint32_t
62ecbd35 632txdesc_writeback(E1000State *s, dma_addr_t base, struct e1000_tx_desc *dp)
7c23b892
AZ		 633{
634 uint32_t txd_upper, txd_lower = le32_to_cpu(dp->lower.data);
635
636 if (!(txd_lower & (E1000_TXD_CMD_RS|E1000_TXD_CMD_RPS)))
637 return 0;
638 txd_upper = (le32_to_cpu(dp->upper.data) | E1000_TXD_STAT_DD) &
639 ~(E1000_TXD_STAT_EC | E1000_TXD_STAT_LC | E1000_TXD_STAT_TU);
640 dp->upper.data = cpu_to_le32(txd_upper);
62ecbd35 641 pci_dma_write(&s->dev, base + ((char *)&dp->upper - (char *)dp),
00c3a05b 642 &dp->upper, sizeof(dp->upper));
7c23b892
AZ		 643 return E1000_ICR_TXDW;
644}
645
d17161f6
KW		 646static uint64_t tx_desc_base(E1000State *s)
647{
648 uint64_t bah = s->mac_reg[TDBAH];
649 uint64_t bal = s->mac_reg[TDBAL] & ~0xf;
650
651 return (bah << 32) + bal;
652}
653
7c23b892
AZ		 654static void
655start_xmit(E1000State *s)
656{
62ecbd35 657 dma_addr_t base;
7c23b892
AZ		 658 struct e1000_tx_desc desc;
659 uint32_t tdh_start = s->mac_reg[TDH], cause = E1000_ICS_TXQE;
660
661 if (!(s->mac_reg[TCTL] & E1000_TCTL_EN)) {
662 DBGOUT(TX, "tx disabled\n");
663 return;
664 }
665
666 while (s->mac_reg[TDH] != s->mac_reg[TDT]) {
d17161f6 667 base = tx_desc_base(s) +
7c23b892 668 sizeof(struct e1000_tx_desc) * s->mac_reg[TDH];
00c3a05b 669 pci_dma_read(&s->dev, base, &desc, sizeof(desc));
7c23b892
AZ		 670
671 DBGOUT(TX, "index %d: %p : %x %x\n", s->mac_reg[TDH],
6106075b 672 (void *)(intptr_t)desc.buffer_addr, desc.lower.data,
7c23b892
AZ		 673 desc.upper.data);
674
675 process_tx_desc(s, &desc);
62ecbd35 676 cause |= txdesc_writeback(s, base, &desc);
7c23b892
AZ		 677
678 if (++s->mac_reg[TDH] * sizeof(desc) >= s->mac_reg[TDLEN])
679 s->mac_reg[TDH] = 0;
680 /*
681 * the following could happen only if guest sw assigns
682 * bogus values to TDT/TDLEN.
683 * there's nothing too intelligent we could do about this.
684 */
685 if (s->mac_reg[TDH] == tdh_start) {
686 DBGOUT(TXERR, "TDH wraparound @%x, TDT %x, TDLEN %x\n",
687 tdh_start, s->mac_reg[TDT], s->mac_reg[TDLEN]);
688 break;
689 }
690 }
691 set_ics(s, 0, cause);
692}
693
694static int
695receive_filter(E1000State *s, const uint8_t *buf, int size)
696{
af2960f9
BS		 697 static const uint8_t bcast[] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
698 static const int mta_shift[] = {4, 3, 2, 0};
7c23b892
AZ		 699 uint32_t f, rctl = s->mac_reg[RCTL], ra[2], *rp;
700
8f2e8d1f
AL		 701 if (is_vlan_packet(s, buf) && vlan_rx_filter_enabled(s)) {
702 uint16_t vid = be16_to_cpup((uint16_t *)(buf + 14));
703 uint32_t vfta = le32_to_cpup((uint32_t *)(s->mac_reg + VFTA) +
704 ((vid >> 5) & 0x7f));
705 if ((vfta & (1 << (vid & 0x1f))) == 0)
706 return 0;
707 }
708
7c23b892
AZ		 709 if (rctl & E1000_RCTL_UPE) // promiscuous
710 return 1;
711
712 if ((buf[0] & 1) && (rctl & E1000_RCTL_MPE)) // promiscuous mcast
713 return 1;
714
715 if ((rctl & E1000_RCTL_BAM) && !memcmp(buf, bcast, sizeof bcast))
716 return 1;
717
718 for (rp = s->mac_reg + RA; rp < s->mac_reg + RA + 32; rp += 2) {
719 if (!(rp[1] & E1000_RAH_AV))
720 continue;
721 ra[0] = cpu_to_le32(rp[0]);
722 ra[1] = cpu_to_le32(rp[1]);
723 if (!memcmp(buf, (uint8_t *)ra, 6)) {
724 DBGOUT(RXFILTER,
725 "unicast match[%d]: %02x:%02x:%02x:%02x:%02x:%02x\n",
726 (int)(rp - s->mac_reg - RA)/2,
727 buf[0], buf[1], buf[2], buf[3], buf[4], buf[5]);
728 return 1;
729 }
730 }
731 DBGOUT(RXFILTER, "unicast mismatch: %02x:%02x:%02x:%02x:%02x:%02x\n",
732 buf[0], buf[1], buf[2], buf[3], buf[4], buf[5]);
733
734 f = mta_shift[(rctl >> E1000_RCTL_MO_SHIFT) & 3];
735 f = (((buf[5] << 8) | buf[4]) >> f) & 0xfff;
736 if (s->mac_reg[MTA + (f >> 5)] & (1 << (f & 0x1f)))
737 return 1;
738 DBGOUT(RXFILTER,
739 "dropping, inexact filter mismatch: %02x:%02x:%02x:%02x:%02x:%02x MO %d MTA[%d] %x\n",
740 buf[0], buf[1], buf[2], buf[3], buf[4], buf[5],
741 (rctl >> E1000_RCTL_MO_SHIFT) & 3, f >> 5,
742 s->mac_reg[MTA + (f >> 5)]);
743
744 return 0;
745}
746
99ed7e30 747static void
4e68f7a0 748e1000_set_link_status(NetClientState *nc)
99ed7e30 749{
a03e2aec 750 E1000State *s = DO_UPCAST(NICState, nc, nc)->opaque;
99ed7e30
AL		 751 uint32_t old_status = s->mac_reg[STATUS];
752
d4044c2a 753 if (nc->link_down) {
71aadd3c 754 e1000_link_down(s);
d4044c2a 755 } else {
71aadd3c 756 e1000_link_up(s);
d4044c2a 757 }
99ed7e30
AL		 758
759 if (s->mac_reg[STATUS] != old_status)
760 set_ics(s, 0, E1000_ICR_LSC);
761}
762
322fd48a
MT		 763static bool e1000_has_rxbufs(E1000State *s, size_t total_size)
764{
765 int bufs;
766 /* Fast-path short packets */
767 if (total_size <= s->rxbuf_size) {
e5b8b0d4 768 return s->mac_reg[RDH] != s->mac_reg[RDT];
322fd48a
MT		 769 }
770 if (s->mac_reg[RDH] < s->mac_reg[RDT]) {
771 bufs = s->mac_reg[RDT] - s->mac_reg[RDH];
e5b8b0d4 772 } else if (s->mac_reg[RDH] > s->mac_reg[RDT]) {
322fd48a
MT		 773 bufs = s->mac_reg[RDLEN] / sizeof(struct e1000_rx_desc) +
774 s->mac_reg[RDT] - s->mac_reg[RDH];
775 } else {
776 return false;
777 }
778 return total_size <= bufs * s->rxbuf_size;
779}
780
6cdfab28 781static int
4e68f7a0 782e1000_can_receive(NetClientState *nc)
6cdfab28
MT		 783{
784 E1000State *s = DO_UPCAST(NICState, nc, nc)->opaque;
785
786 return (s->mac_reg[RCTL] & E1000_RCTL_EN) && e1000_has_rxbufs(s, 1);
787}
788
d17161f6
KW		 789static uint64_t rx_desc_base(E1000State *s)
790{
791 uint64_t bah = s->mac_reg[RDBAH];
792 uint64_t bal = s->mac_reg[RDBAL] & ~0xf;
793
794 return (bah << 32) + bal;
795}
796
4f1c942b 797static ssize_t
4e68f7a0 798e1000_receive(NetClientState *nc, const uint8_t *buf, size_t size)
7c23b892 799{
a03e2aec 800 E1000State *s = DO_UPCAST(NICState, nc, nc)->opaque;
7c23b892 801 struct e1000_rx_desc desc;
62ecbd35 802 dma_addr_t base;
7c23b892
AZ		 803 unsigned int n, rdt;
804 uint32_t rdh_start;
8f2e8d1f
AL		 805 uint16_t vlan_special = 0;
806 uint8_t vlan_status = 0, vlan_offset = 0;
78aeb23e 807 uint8_t min_buf[MIN_BUF_SIZE];
b19487e2
MT		 808 size_t desc_offset;
809 size_t desc_size;
810 size_t total_size;
7c23b892
AZ		 811
812 if (!(s->mac_reg[RCTL] & E1000_RCTL_EN))
4f1c942b 813 return -1;
7c23b892 814
78aeb23e
SH		 815 /* Pad to minimum Ethernet frame length */
816 if (size < sizeof(min_buf)) {
817 memcpy(min_buf, buf, size);
818 memset(&min_buf[size], 0, sizeof(min_buf) - size);
819 buf = min_buf;
820 size = sizeof(min_buf);
821 }
822
b0d9ffcd 823 /* Discard oversized packets if !LPE and !SBP. */
2c0331f4
MC		 824 if ((size > MAXIMUM_ETHERNET_LPE_SIZE ||
825 (size > MAXIMUM_ETHERNET_VLAN_SIZE
826 && !(s->mac_reg[RCTL] & E1000_RCTL_LPE)))
b0d9ffcd
MC		 827 && !(s->mac_reg[RCTL] & E1000_RCTL_SBP)) {
828 return size;
829 }
830
7c23b892 831 if (!receive_filter(s, buf, size))
4f1c942b 832 return size;
7c23b892 833
8f2e8d1f
AL		 834 if (vlan_enabled(s) && is_vlan_packet(s, buf)) {
835 vlan_special = cpu_to_le16(be16_to_cpup((uint16_t *)(buf + 14)));
98835fe3 836 memmove((uint8_t *)buf + 4, buf, 12);
8f2e8d1f
AL		 837 vlan_status = E1000_RXD_STAT_VP;
838 vlan_offset = 4;
839 size -= 4;
840 }
841
7c23b892 842 rdh_start = s->mac_reg[RDH];
b19487e2
MT		 843 desc_offset = 0;
844 total_size = size + fcs_len(s);
322fd48a
MT		 845 if (!e1000_has_rxbufs(s, total_size)) {
846 set_ics(s, 0, E1000_ICS_RXO);
847 return -1;
848 }
7c23b892 849 do {
b19487e2
MT		 850 desc_size = total_size - desc_offset;
851 if (desc_size > s->rxbuf_size) {
852 desc_size = s->rxbuf_size;
853 }
d17161f6 854 base = rx_desc_base(s) + sizeof(desc) * s->mac_reg[RDH];
00c3a05b 855 pci_dma_read(&s->dev, base, &desc, sizeof(desc));
8f2e8d1f
AL		 856 desc.special = vlan_special;
857 desc.status |= (vlan_status | E1000_RXD_STAT_DD);
7c23b892 858 if (desc.buffer_addr) {
b19487e2
MT		 859 if (desc_offset < size) {
860 size_t copy_size = size - desc_offset;
861 if (copy_size > s->rxbuf_size) {
862 copy_size = s->rxbuf_size;
863 }
62ecbd35 864 pci_dma_write(&s->dev, le64_to_cpu(desc.buffer_addr),
00c3a05b 865 buf + desc_offset + vlan_offset, copy_size);
b19487e2
MT		 866 }
867 desc_offset += desc_size;
ee912ccf 868 desc.length = cpu_to_le16(desc_size);
b19487e2 869 if (desc_offset >= total_size) {
b19487e2
MT		 870 desc.status |= E1000_RXD_STAT_EOP | E1000_RXD_STAT_IXSM;
871 } else {
ee912ccf
MT		 872 /* Guest zeroing out status is not a hardware requirement.
873 Clear EOP in case guest didn't do it. */
874 desc.status &= ~E1000_RXD_STAT_EOP;
b19487e2 875 }
43ad7e3e 876 } else { // as per intel docs; skip descriptors with null buf addr
7c23b892 877 DBGOUT(RX, "Null RX descriptor!!\n");
43ad7e3e 878 }
00c3a05b 879 pci_dma_write(&s->dev, base, &desc, sizeof(desc));
7c23b892
AZ		 880
881 if (++s->mac_reg[RDH] * sizeof(desc) >= s->mac_reg[RDLEN])
882 s->mac_reg[RDH] = 0;
7c23b892
AZ		 883 /* see comment in start_xmit; same here */
884 if (s->mac_reg[RDH] == rdh_start) {
885 DBGOUT(RXERR, "RDH wraparound @%x, RDT %x, RDLEN %x\n",
886 rdh_start, s->mac_reg[RDT], s->mac_reg[RDLEN]);
887 set_ics(s, 0, E1000_ICS_RXO);
4f1c942b 888 return -1;
7c23b892 889 }
b19487e2 890 } while (desc_offset < total_size);
7c23b892
AZ		 891
892 s->mac_reg[GPRC]++;
893 s->mac_reg[TPR]++;
a05e8a6e
MT		 894 /* TOR - Total Octets Received:
895 * This register includes bytes received in a packet from the <Destination
896 * Address> field through the <CRC> field, inclusively.
897 */
898 n = s->mac_reg[TORL] + size + /* Always include FCS length. */ 4;
899 if (n < s->mac_reg[TORL])
7c23b892 900 s->mac_reg[TORH]++;
a05e8a6e 901 s->mac_reg[TORL] = n;
7c23b892
AZ		 902
903 n = E1000_ICS_RXT0;
904 if ((rdt = s->mac_reg[RDT]) < s->mac_reg[RDH])
905 rdt += s->mac_reg[RDLEN] / sizeof(desc);
bf16cc8f
AL		 906 if (((rdt - s->mac_reg[RDH]) * sizeof(desc)) <= s->mac_reg[RDLEN] >>
907 s->rxbuf_min_shift)
7c23b892
AZ		 908 n |= E1000_ICS_RXDMT0;
909
910 set_ics(s, 0, n);
4f1c942b
MM		 911
912 return size;
7c23b892
AZ		 913}
914
915static uint32_t
916mac_readreg(E1000State *s, int index)
917{
918 return s->mac_reg[index];
919}
920
921static uint32_t
922mac_icr_read(E1000State *s, int index)
923{
924 uint32_t ret = s->mac_reg[ICR];
925
926 DBGOUT(INTERRUPT, "ICR read: %x\n", ret);
927 set_interrupt_cause(s, 0, 0);
928 return ret;
929}
930
931static uint32_t
932mac_read_clr4(E1000State *s, int index)
933{
934 uint32_t ret = s->mac_reg[index];
935
936 s->mac_reg[index] = 0;
937 return ret;
938}
939
940static uint32_t
941mac_read_clr8(E1000State *s, int index)
942{
943 uint32_t ret = s->mac_reg[index];
944
945 s->mac_reg[index] = 0;
946 s->mac_reg[index-1] = 0;
947 return ret;
948}
949
950static void
951mac_writereg(E1000State *s, int index, uint32_t val)
952{
953 s->mac_reg[index] = val;
954}
955
956static void
957set_rdt(E1000State *s, int index, uint32_t val)
958{
7c23b892 959 s->mac_reg[index] = val & 0xffff;
e8b4c680
PB		 960 if (e1000_has_rxbufs(s, 1)) {
961 qemu_flush_queued_packets(&s->nic->nc);
962 }
7c23b892
AZ		 963}
964
965static void
966set_16bit(E1000State *s, int index, uint32_t val)
967{
968 s->mac_reg[index] = val & 0xffff;
969}
970
971static void
972set_dlen(E1000State *s, int index, uint32_t val)
973{
974 s->mac_reg[index] = val & 0xfff80;
975}
976
977static void
978set_tctl(E1000State *s, int index, uint32_t val)
979{
980 s->mac_reg[index] = val;
981 s->mac_reg[TDT] &= 0xffff;
982 start_xmit(s);
983}
984
985static void
986set_icr(E1000State *s, int index, uint32_t val)
987{
988 DBGOUT(INTERRUPT, "set_icr %x\n", val);
989 set_interrupt_cause(s, 0, s->mac_reg[ICR] & ~val);
990}
991
992static void
993set_imc(E1000State *s, int index, uint32_t val)
994{
995 s->mac_reg[IMS] &= ~val;
996 set_ics(s, 0, 0);
997}
998
999static void
1000set_ims(E1000State *s, int index, uint32_t val)
1001{
1002 s->mac_reg[IMS] |= val;
1003 set_ics(s, 0, 0);
1004}
1005
1006#define getreg(x) [x] = mac_readreg
1007static uint32_t (*macreg_readops[])(E1000State *, int) = {
1008 getreg(PBA), getreg(RCTL), getreg(TDH), getreg(TXDCTL),
1009 getreg(WUFC), getreg(TDT), getreg(CTRL), getreg(LEDCTL),
1010 getreg(MANC), getreg(MDIC), getreg(SWSM), getreg(STATUS),
1011 getreg(TORL), getreg(TOTL), getreg(IMS), getreg(TCTL),
b1332393 1012 getreg(RDH), getreg(RDT), getreg(VET), getreg(ICS),
a00b2335
KA		 1013 getreg(TDBAL), getreg(TDBAH), getreg(RDBAH), getreg(RDBAL),
1014 getreg(TDLEN), getreg(RDLEN),
7c23b892
AZ		 1015
1016 [TOTH] = mac_read_clr8, [TORH] = mac_read_clr8, [GPRC] = mac_read_clr4,
1017 [GPTC] = mac_read_clr4, [TPR] = mac_read_clr4, [TPT] = mac_read_clr4,
1018 [ICR] = mac_icr_read, [EECD] = get_eecd, [EERD] = flash_eerd_read,
1019 [CRCERRS ... MPC] = &mac_readreg,
1020 [RA ... RA+31] = &mac_readreg,
1021 [MTA ... MTA+127] = &mac_readreg,
8f2e8d1f 1022 [VFTA ... VFTA+127] = &mac_readreg,
7c23b892 1023};
b1503cda 1024enum { NREADOPS = ARRAY_SIZE(macreg_readops) };
7c23b892
AZ		 1025
1026#define putreg(x) [x] = mac_writereg
1027static void (*macreg_writeops[])(E1000State *, int, uint32_t) = {
1028 putreg(PBA), putreg(EERD), putreg(SWSM), putreg(WUFC),
1029 putreg(TDBAL), putreg(TDBAH), putreg(TXDCTL), putreg(RDBAH),
cab3c825 1030 putreg(RDBAL), putreg(LEDCTL), putreg(VET),
7c23b892
AZ		 1031 [TDLEN] = set_dlen, [RDLEN] = set_dlen, [TCTL] = set_tctl,
1032 [TDT] = set_tctl, [MDIC] = set_mdic, [ICS] = set_ics,
1033 [TDH] = set_16bit, [RDH] = set_16bit, [RDT] = set_rdt,
1034 [IMC] = set_imc, [IMS] = set_ims, [ICR] = set_icr,
cab3c825 1035 [EECD] = set_eecd, [RCTL] = set_rx_control, [CTRL] = set_ctrl,
7c23b892
AZ		 1036 [RA ... RA+31] = &mac_writereg,
1037 [MTA ... MTA+127] = &mac_writereg,
8f2e8d1f 1038 [VFTA ... VFTA+127] = &mac_writereg,
7c23b892 1039};
b9d03e35 1040
b1503cda 1041enum { NWRITEOPS = ARRAY_SIZE(macreg_writeops) };
7c23b892
AZ		 1042
1043static void
a8170e5e 1044e1000_mmio_write(void *opaque, hwaddr addr, uint64_t val,
ad00a9b9 1045 unsigned size)
7c23b892
AZ		 1046{
1047 E1000State *s = opaque;
8da3ff18 1048 unsigned int index = (addr & 0x1ffff) >> 2;
7c23b892 1049
43ad7e3e 1050 if (index < NWRITEOPS && macreg_writeops[index]) {
6b59fc74 1051 macreg_writeops[index](s, index, val);
43ad7e3e 1052 } else if (index < NREADOPS && macreg_readops[index]) {
ad00a9b9 1053 DBGOUT(MMIO, "e1000_mmio_writel RO %x: 0x%04"PRIx64"\n", index<<2, val);
43ad7e3e 1054 } else {
ad00a9b9 1055 DBGOUT(UNKNOWN, "MMIO unknown write addr=0x%08x,val=0x%08"PRIx64"\n",
7c23b892 1056 index<<2, val);
43ad7e3e 1057 }
7c23b892
AZ		 1058}
1059
ad00a9b9 1060static uint64_t
a8170e5e 1061e1000_mmio_read(void *opaque, hwaddr addr, unsigned size)
7c23b892
AZ		 1062{
1063 E1000State *s = opaque;
8da3ff18 1064 unsigned int index = (addr & 0x1ffff) >> 2;
7c23b892
AZ		 1065
1066 if (index < NREADOPS && macreg_readops[index])
6b59fc74 1067 {
32600a30 1068 return macreg_readops[index](s, index);
6b59fc74 1069 }
7c23b892
AZ		 1070 DBGOUT(UNKNOWN, "MMIO unknown read addr=0x%08x\n", index<<2);
1071 return 0;
1072}
1073
ad00a9b9
AK		 1074static const MemoryRegionOps e1000_mmio_ops = {
1075 .read = e1000_mmio_read,
1076 .write = e1000_mmio_write,
1077 .endianness = DEVICE_LITTLE_ENDIAN,
1078 .impl = {
1079 .min_access_size = 4,
1080 .max_access_size = 4,
1081 },
1082};
1083
a8170e5e 1084static uint64_t e1000_io_read(void *opaque, hwaddr addr,
ad00a9b9 1085 unsigned size)
7c23b892 1086{
ad00a9b9
AK		 1087 E1000State *s = opaque;
1088
1089 (void)s;
1090 return 0;
7c23b892
AZ		 1091}
1092
a8170e5e 1093static void e1000_io_write(void *opaque, hwaddr addr,
ad00a9b9 1094 uint64_t val, unsigned size)
7c23b892 1095{
ad00a9b9
AK		 1096 E1000State *s = opaque;
1097
1098 (void)s;
7c23b892
AZ		 1099}
1100
ad00a9b9
AK		 1101static const MemoryRegionOps e1000_io_ops = {
1102 .read = e1000_io_read,
1103 .write = e1000_io_write,
1104 .endianness = DEVICE_LITTLE_ENDIAN,
1105};
1106
e482dc3e 1107static bool is_version_1(void *opaque, int version_id)
7c23b892 1108{
e482dc3e 1109 return version_id == 1;
7c23b892
AZ		 1110}
1111
e4b82364
AK		 1112static int e1000_post_load(void *opaque, int version_id)
1113{
1114 E1000State *s = opaque;
1115
1116 /* nc.link_down can't be migrated, so infer link_down according
1117 * to link status bit in mac_reg[STATUS] */
1118 s->nic->nc.link_down = (s->mac_reg[STATUS] & E1000_STATUS_LU) == 0;
1119
1120 return 0;
1121}
1122
e482dc3e
JQ		 1123static const VMStateDescription vmstate_e1000 = {
1124 .name = "e1000",
1125 .version_id = 2,
1126 .minimum_version_id = 1,
1127 .minimum_version_id_old = 1,
e4b82364 1128 .post_load = e1000_post_load,
e482dc3e
JQ		 1129 .fields = (VMStateField []) {
1130 VMSTATE_PCI_DEVICE(dev, E1000State),
1131 VMSTATE_UNUSED_TEST(is_version_1, 4), /* was instance id */
1132 VMSTATE_UNUSED(4), /* Was mmio_base. */
1133 VMSTATE_UINT32(rxbuf_size, E1000State),
1134 VMSTATE_UINT32(rxbuf_min_shift, E1000State),
1135 VMSTATE_UINT32(eecd_state.val_in, E1000State),
1136 VMSTATE_UINT16(eecd_state.bitnum_in, E1000State),
1137 VMSTATE_UINT16(eecd_state.bitnum_out, E1000State),
1138 VMSTATE_UINT16(eecd_state.reading, E1000State),
1139 VMSTATE_UINT32(eecd_state.old_eecd, E1000State),
1140 VMSTATE_UINT8(tx.ipcss, E1000State),
1141 VMSTATE_UINT8(tx.ipcso, E1000State),
1142 VMSTATE_UINT16(tx.ipcse, E1000State),
1143 VMSTATE_UINT8(tx.tucss, E1000State),
1144 VMSTATE_UINT8(tx.tucso, E1000State),
1145 VMSTATE_UINT16(tx.tucse, E1000State),
1146 VMSTATE_UINT32(tx.paylen, E1000State),
1147 VMSTATE_UINT8(tx.hdr_len, E1000State),
1148 VMSTATE_UINT16(tx.mss, E1000State),
1149 VMSTATE_UINT16(tx.size, E1000State),
1150 VMSTATE_UINT16(tx.tso_frames, E1000State),
1151 VMSTATE_UINT8(tx.sum_needed, E1000State),
1152 VMSTATE_INT8(tx.ip, E1000State),
1153 VMSTATE_INT8(tx.tcp, E1000State),
1154 VMSTATE_BUFFER(tx.header, E1000State),
1155 VMSTATE_BUFFER(tx.data, E1000State),
1156 VMSTATE_UINT16_ARRAY(eeprom_data, E1000State, 64),
1157 VMSTATE_UINT16_ARRAY(phy_reg, E1000State, 0x20),
1158 VMSTATE_UINT32(mac_reg[CTRL], E1000State),
1159 VMSTATE_UINT32(mac_reg[EECD], E1000State),
1160 VMSTATE_UINT32(mac_reg[EERD], E1000State),
1161 VMSTATE_UINT32(mac_reg[GPRC], E1000State),
1162 VMSTATE_UINT32(mac_reg[GPTC], E1000State),
1163 VMSTATE_UINT32(mac_reg[ICR], E1000State),
1164 VMSTATE_UINT32(mac_reg[ICS], E1000State),
1165 VMSTATE_UINT32(mac_reg[IMC], E1000State),
1166 VMSTATE_UINT32(mac_reg[IMS], E1000State),
1167 VMSTATE_UINT32(mac_reg[LEDCTL], E1000State),
1168 VMSTATE_UINT32(mac_reg[MANC], E1000State),
1169 VMSTATE_UINT32(mac_reg[MDIC], E1000State),
1170 VMSTATE_UINT32(mac_reg[MPC], E1000State),
1171 VMSTATE_UINT32(mac_reg[PBA], E1000State),
1172 VMSTATE_UINT32(mac_reg[RCTL], E1000State),
1173 VMSTATE_UINT32(mac_reg[RDBAH], E1000State),
1174 VMSTATE_UINT32(mac_reg[RDBAL], E1000State),
1175 VMSTATE_UINT32(mac_reg[RDH], E1000State),
1176 VMSTATE_UINT32(mac_reg[RDLEN], E1000State),
1177 VMSTATE_UINT32(mac_reg[RDT], E1000State),
1178 VMSTATE_UINT32(mac_reg[STATUS], E1000State),
1179 VMSTATE_UINT32(mac_reg[SWSM], E1000State),
1180 VMSTATE_UINT32(mac_reg[TCTL], E1000State),
1181 VMSTATE_UINT32(mac_reg[TDBAH], E1000State),
1182 VMSTATE_UINT32(mac_reg[TDBAL], E1000State),
1183 VMSTATE_UINT32(mac_reg[TDH], E1000State),
1184 VMSTATE_UINT32(mac_reg[TDLEN], E1000State),
1185 VMSTATE_UINT32(mac_reg[TDT], E1000State),
1186 VMSTATE_UINT32(mac_reg[TORH], E1000State),
1187 VMSTATE_UINT32(mac_reg[TORL], E1000State),
1188 VMSTATE_UINT32(mac_reg[TOTH], E1000State),
1189 VMSTATE_UINT32(mac_reg[TOTL], E1000State),
1190 VMSTATE_UINT32(mac_reg[TPR], E1000State),
1191 VMSTATE_UINT32(mac_reg[TPT], E1000State),
1192 VMSTATE_UINT32(mac_reg[TXDCTL], E1000State),
1193 VMSTATE_UINT32(mac_reg[WUFC], E1000State),
1194 VMSTATE_UINT32(mac_reg[VET], E1000State),
1195 VMSTATE_UINT32_SUB_ARRAY(mac_reg, E1000State, RA, 32),
1196 VMSTATE_UINT32_SUB_ARRAY(mac_reg, E1000State, MTA, 128),
1197 VMSTATE_UINT32_SUB_ARRAY(mac_reg, E1000State, VFTA, 128),
1198 VMSTATE_END_OF_LIST()
1199 }
1200};
7c23b892 1201
88b4e9db 1202static const uint16_t e1000_eeprom_template[64] = {
7c23b892
AZ		 1203 0x0000, 0x0000, 0x0000, 0x0000, 0xffff, 0x0000, 0x0000, 0x0000,
1204 0x3000, 0x1000, 0x6403, E1000_DEVID, 0x8086, E1000_DEVID, 0x8086, 0x3040,
1205 0x0008, 0x2000, 0x7e14, 0x0048, 0x1000, 0x00d8, 0x0000, 0x2700,
1206 0x6cc9, 0x3150, 0x0722, 0x040b, 0x0984, 0x0000, 0xc000, 0x0706,
1207 0x1008, 0x0000, 0x0f04, 0x7fff, 0x4d01, 0xffff, 0xffff, 0xffff,
1208 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
1209 0x0100, 0x4000, 0x121c, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
1210 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0x0000,
1211};
1212
7c23b892
AZ		 1213/* PCI interface */
1214
7c23b892 1215static void
ad00a9b9 1216e1000_mmio_setup(E1000State *d)
7c23b892 1217{
f65ed4c1
AL		 1218 int i;
1219 const uint32_t excluded_regs[] = {
1220 E1000_MDIC, E1000_ICR, E1000_ICS, E1000_IMS,
1221 E1000_IMC, E1000_TCTL, E1000_TDT, PNPMMIO_SIZE
1222 };
1223
ad00a9b9
AK		 1224 memory_region_init_io(&d->mmio, &e1000_mmio_ops, d, "e1000-mmio",
1225 PNPMMIO_SIZE);
1226 memory_region_add_coalescing(&d->mmio, 0, excluded_regs[0]);
f65ed4c1 1227 for (i = 0; excluded_regs[i] != PNPMMIO_SIZE; i++)
ad00a9b9
AK		 1228 memory_region_add_coalescing(&d->mmio, excluded_regs[i] + 4,
1229 excluded_regs[i+1] - excluded_regs[i] - 4);
1230 memory_region_init_io(&d->io, &e1000_io_ops, d, "e1000-io", IOPORT_SIZE);
7c23b892
AZ		 1231}
1232
b946a153 1233static void
4e68f7a0 1234e1000_cleanup(NetClientState *nc)
b946a153 1235{
a03e2aec 1236 E1000State *s = DO_UPCAST(NICState, nc, nc)->opaque;
b946a153 1237
a03e2aec 1238 s->nic = NULL;
b946a153
AL		 1239}
1240
f90c2bcd 1241static void
4b09be85
AL		 1242pci_e1000_uninit(PCIDevice *dev)
1243{
7d9e52bd 1244 E1000State *d = DO_UPCAST(E1000State, dev, dev);
4b09be85 1245
b9d03e35
JW		 1246 qemu_del_timer(d->autoneg_timer);
1247 qemu_free_timer(d->autoneg_timer);
ad00a9b9
AK		 1248 memory_region_destroy(&d->mmio);
1249 memory_region_destroy(&d->io);
b20c6b9e 1250 qemu_del_net_client(&d->nic->nc);
4b09be85
AL		 1251}
1252
a03e2aec 1253static NetClientInfo net_e1000_info = {
2be64a68 1254 .type = NET_CLIENT_OPTIONS_KIND_NIC,
a03e2aec
MM		 1255 .size = sizeof(NICState),
1256 .can_receive = e1000_can_receive,
1257 .receive = e1000_receive,
1258 .cleanup = e1000_cleanup,
1259 .link_status_changed = e1000_set_link_status,
1260};
1261
81a322d4 1262static int pci_e1000_init(PCIDevice *pci_dev)
7c23b892 1263{
7d9e52bd 1264 E1000State *d = DO_UPCAST(E1000State, dev, pci_dev);
7c23b892 1265 uint8_t *pci_conf;
7c23b892 1266 uint16_t checksum = 0;
7c23b892 1267 int i;
fbdaa002 1268 uint8_t *macaddr;
aff427a1 1269
7c23b892 1270 pci_conf = d->dev.config;
7c23b892 1271
a9cbacb0
MT		 1272 /* TODO: RST# value should be 0, PCI spec 6.2.4 */
1273 pci_conf[PCI_CACHE_LINE_SIZE] = 0x10;
7c23b892 1274
817e0b6f 1275 pci_conf[PCI_INTERRUPT_PIN] = 1; /* interrupt pin A */
7c23b892 1276
ad00a9b9 1277 e1000_mmio_setup(d);
7c23b892 1278
e824b2cc 1279 pci_register_bar(&d->dev, 0, PCI_BASE_ADDRESS_SPACE_MEMORY, &d->mmio);
7c23b892 1280
e824b2cc 1281 pci_register_bar(&d->dev, 1, PCI_BASE_ADDRESS_SPACE_IO, &d->io);
7c23b892 1282
7c23b892
AZ		 1283 memmove(d->eeprom_data, e1000_eeprom_template,
1284 sizeof e1000_eeprom_template);
fbdaa002
GH		 1285 qemu_macaddr_default_if_unset(&d->conf.macaddr);
1286 macaddr = d->conf.macaddr.a;
7c23b892 1287 for (i = 0; i < 3; i++)
9d07d757 1288 d->eeprom_data[i] = (macaddr[2*i+1]<<8) | macaddr[2*i];
7c23b892
AZ		 1289 for (i = 0; i < EEPROM_CHECKSUM_REG; i++)
1290 checksum += d->eeprom_data[i];
1291 checksum = (uint16_t) EEPROM_SUM - checksum;
1292 d->eeprom_data[EEPROM_CHECKSUM_REG] = checksum;
1293
a03e2aec 1294 d->nic = qemu_new_nic(&net_e1000_info, &d->conf,
f79f2bfc 1295 object_get_typename(OBJECT(d)), d->dev.qdev.id, d);
7c23b892 1296
a03e2aec 1297 qemu_format_nic_info_str(&d->nic->nc, macaddr);
1ca4d09a
GN		 1298
1299 add_boot_device_path(d->conf.bootindex, &pci_dev->qdev, "/ethernet-phy@0");
1300
b9d03e35
JW		 1301 d->autoneg_timer = qemu_new_timer_ms(vm_clock, e1000_autoneg_timer, d);
1302
81a322d4 1303 return 0;
9d07d757 1304}
72da4208 1305
fbdaa002
GH		 1306static void qdev_e1000_reset(DeviceState *dev)
1307{
1308 E1000State *d = DO_UPCAST(E1000State, dev.qdev, dev);
1309 e1000_reset(d);
1310}
1311
40021f08
AL		 1312static Property e1000_properties[] = {
1313 DEFINE_NIC_PROPERTIES(E1000State, conf),
1314 DEFINE_PROP_END_OF_LIST(),
1315};
1316
1317static void e1000_class_init(ObjectClass *klass, void *data)
1318{
39bffca2 1319 DeviceClass *dc = DEVICE_CLASS(klass);
40021f08
AL		 1320 PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
1321
1322 k->init = pci_e1000_init;
1323 k->exit = pci_e1000_uninit;
1324 k->romfile = "pxe-e1000.rom";
1325 k->vendor_id = PCI_VENDOR_ID_INTEL;
1326 k->device_id = E1000_DEVID;
1327 k->revision = 0x03;
1328 k->class_id = PCI_CLASS_NETWORK_ETHERNET;
39bffca2
AL		 1329 dc->desc = "Intel Gigabit Ethernet";
1330 dc->reset = qdev_e1000_reset;
1331 dc->vmsd = &vmstate_e1000;
1332 dc->props = e1000_properties;
40021f08
AL		 1333}
1334
8c43a6f0 1335static const TypeInfo e1000_info = {
39bffca2
AL		 1336 .name = "e1000",
1337 .parent = TYPE_PCI_DEVICE,
1338 .instance_size = sizeof(E1000State),
1339 .class_init = e1000_class_init,
0aab0d3a
GH		 1340};
1341
83f7d43a 1342static void e1000_register_types(void)
9d07d757 1343{
39bffca2 1344 type_register_static(&e1000_info);
7c23b892 1345}
9d07d757 1346
83f7d43a 1347type_init(e1000_register_types)
QEMU mirror