]> git.proxmox.com Git - qemu.git/blame - hw/e1000.c
projects / qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
e1000: Fix TCP checksum overflow with TSO
[qemu.git] / hw / e1000.c
CommitLineData
7c23b892
AZ		 1/*
2 * QEMU e1000 emulation
3 *
2758aa52
MT		 4 * Software developer's manual:
5 * http://download.intel.com/design/network/manuals/8254x_GBe_SDM.pdf
6 *
7c23b892
AZ		 7 * Nir Peleg, Tutis Systems Ltd. for Qumranet Inc.
8 * Copyright (c) 2008 Qumranet
9 * Based on work done by:
10 * Copyright (c) 2007 Dan Aloni
11 * Copyright (c) 2004 Antony T Curtis
12 *
13 * This library is free software; you can redistribute it and/or
14 * modify it under the terms of the GNU Lesser General Public
15 * License as published by the Free Software Foundation; either
16 * version 2 of the License, or (at your option) any later version.
17 *
18 * This library is distributed in the hope that it will be useful,
19 * but WITHOUT ANY WARRANTY; without even the implied warranty of
20 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
21 * Lesser General Public License for more details.
22 *
23 * You should have received a copy of the GNU Lesser General Public
8167ee88 24 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
7c23b892
AZ		 25 */
26
27
28#include "hw.h"
29#include "pci.h"
30#include "net.h"
7200ac3c 31#include "net/checksum.h"
fbdaa002 32#include "loader.h"
7c23b892 33
7c23b892
AZ		 34#include "e1000_hw.h"
35
27124888 36#define E1000_DEBUG
7c23b892 37
27124888 38#ifdef E1000_DEBUG
7c23b892
AZ		 39enum {
40 DEBUG_GENERAL, DEBUG_IO, DEBUG_MMIO, DEBUG_INTERRUPT,
41 DEBUG_RX, DEBUG_TX, DEBUG_MDIC, DEBUG_EEPROM,
42 DEBUG_UNKNOWN, DEBUG_TXSUM, DEBUG_TXERR, DEBUG_RXERR,
43 DEBUG_RXFILTER, DEBUG_NOTYET,
44};
45#define DBGBIT(x) (1<<DEBUG_##x)
46static int debugflags = DBGBIT(TXERR) | DBGBIT(GENERAL);
47
6c7f4b47 48#define DBGOUT(what, fmt, ...) do { \
7c23b892 49 if (debugflags & DBGBIT(what)) \
6c7f4b47 50 fprintf(stderr, "e1000: " fmt, ## __VA_ARGS__); \
7c23b892
AZ		 51 } while (0)
52#else
6c7f4b47 53#define DBGOUT(what, fmt, ...) do {} while (0)
7c23b892
AZ		 54#endif
55
56#define IOPORT_SIZE 0x40
e94bbefe 57#define PNPMMIO_SIZE 0x20000
78aeb23e 58#define MIN_BUF_SIZE 60 /* Min. octets in an ethernet frame sans FCS */
7c23b892
AZ		 59
60/*
61 * HW models:
62 * E1000_DEV_ID_82540EM works with Windows and Linux
63 * E1000_DEV_ID_82573L OK with windoze and Linux 2.6.22,
64 * appears to perform better than 82540EM, but breaks with Linux 2.6.18
65 * E1000_DEV_ID_82544GC_COPPER appears to work; not well tested
66 * Others never tested
67 */
68enum { E1000_DEVID = E1000_DEV_ID_82540EM };
69
70/*
71 * May need to specify additional MAC-to-PHY entries --
72 * Intel's Windows driver refuses to initialize unless they match
73 */
74enum {
75 PHY_ID2_INIT = E1000_DEVID == E1000_DEV_ID_82573L ? 0xcc2 :
76 E1000_DEVID == E1000_DEV_ID_82544GC_COPPER ? 0xc30 :
77 /* default to E1000_DEV_ID_82540EM */ 0xc20
78};
79
80typedef struct E1000State_st {
81 PCIDevice dev;
a03e2aec 82 NICState *nic;
fbdaa002 83 NICConf conf;
7c23b892
AZ		 84 int mmio_index;
85
86 uint32_t mac_reg[0x8000];
87 uint16_t phy_reg[0x20];
88 uint16_t eeprom_data[64];
89
90 uint32_t rxbuf_size;
91 uint32_t rxbuf_min_shift;
92 int check_rxov;
93 struct e1000_tx {
94 unsigned char header[256];
8f2e8d1f 95 unsigned char vlan_header[4];
b10fec9b 96 /* Fields vlan and data must not be reordered or separated. */
8f2e8d1f 97 unsigned char vlan[4];
7c23b892
AZ		 98 unsigned char data[0x10000];
99 uint16_t size;
100 unsigned char sum_needed;
8f2e8d1f 101 unsigned char vlan_needed;
7c23b892
AZ		 102 uint8_t ipcss;
103 uint8_t ipcso;
104 uint16_t ipcse;
105 uint8_t tucss;
106 uint8_t tucso;
107 uint16_t tucse;
108 uint8_t hdr_len;
109 uint16_t mss;
110 uint32_t paylen;
111 uint16_t tso_frames;
112 char tse;
b6c4f71f
BS		 113 int8_t ip;
114 int8_t tcp;
1b0009db 115 char cptse; // current packet tse bit
7c23b892
AZ		 116 } tx;
117
118 struct {
119 uint32_t val_in; // shifted in from guest driver
120 uint16_t bitnum_in;
121 uint16_t bitnum_out;
122 uint16_t reading;
123 uint32_t old_eecd;
124 } eecd_state;
125} E1000State;
126
127#define defreg(x) x = (E1000_##x>>2)
128enum {
129 defreg(CTRL), defreg(EECD), defreg(EERD), defreg(GPRC),
130 defreg(GPTC), defreg(ICR), defreg(ICS), defreg(IMC),
131 defreg(IMS), defreg(LEDCTL), defreg(MANC), defreg(MDIC),
132 defreg(MPC), defreg(PBA), defreg(RCTL), defreg(RDBAH),
133 defreg(RDBAL), defreg(RDH), defreg(RDLEN), defreg(RDT),
134 defreg(STATUS), defreg(SWSM), defreg(TCTL), defreg(TDBAH),
135 defreg(TDBAL), defreg(TDH), defreg(TDLEN), defreg(TDT),
136 defreg(TORH), defreg(TORL), defreg(TOTH), defreg(TOTL),
137 defreg(TPR), defreg(TPT), defreg(TXDCTL), defreg(WUFC),
8f2e8d1f
AL		 138 defreg(RA), defreg(MTA), defreg(CRCERRS),defreg(VFTA),
139 defreg(VET),
7c23b892
AZ		 140};
141
142enum { PHY_R = 1, PHY_W = 2, PHY_RW = PHY_R | PHY_W };
88b4e9db 143static const char phy_regcap[0x20] = {
7c23b892
AZ		 144 [PHY_STATUS] = PHY_R, [M88E1000_EXT_PHY_SPEC_CTRL] = PHY_RW,
145 [PHY_ID1] = PHY_R, [M88E1000_PHY_SPEC_CTRL] = PHY_RW,
146 [PHY_CTRL] = PHY_RW, [PHY_1000T_CTRL] = PHY_RW,
147 [PHY_LP_ABILITY] = PHY_R, [PHY_1000T_STATUS] = PHY_R,
148 [PHY_AUTONEG_ADV] = PHY_RW, [M88E1000_RX_ERR_CNTR] = PHY_R,
700f6e2c 149 [PHY_ID2] = PHY_R, [M88E1000_PHY_SPEC_STATUS] = PHY_R
7c23b892
AZ		 150};
151
152static void
6e355d90
IY		 153ioport_map(PCIDevice *pci_dev, int region_num, pcibus_t addr,
154 pcibus_t size, int type)
7c23b892 155{
89e8b13c
IY		 156 DBGOUT(IO, "e1000_ioport_map addr=0x%04"FMT_PCIBUS
157 " size=0x%08"FMT_PCIBUS"\n", addr, size);
7c23b892
AZ		 158}
159
160static void
161set_interrupt_cause(E1000State *s, int index, uint32_t val)
162{
163 if (val)
164 val |= E1000_ICR_INT_ASSERTED;
165 s->mac_reg[ICR] = val;
b1332393 166 s->mac_reg[ICS] = val;
bc26e55a 167 qemu_set_irq(s->dev.irq[0], (s->mac_reg[IMS] & s->mac_reg[ICR]) != 0);
7c23b892
AZ		 168}
169
170static void
171set_ics(E1000State *s, int index, uint32_t val)
172{
173 DBGOUT(INTERRUPT, "set_ics %x, ICR %x, IMR %x\n", val, s->mac_reg[ICR],
174 s->mac_reg[IMS]);
175 set_interrupt_cause(s, 0, val | s->mac_reg[ICR]);
176}
177
178static int
179rxbufsize(uint32_t v)
180{
181 v &= E1000_RCTL_BSEX | E1000_RCTL_SZ_16384 | E1000_RCTL_SZ_8192 |
182 E1000_RCTL_SZ_4096 | E1000_RCTL_SZ_2048 | E1000_RCTL_SZ_1024 |
183 E1000_RCTL_SZ_512 | E1000_RCTL_SZ_256;
184 switch (v) {
185 case E1000_RCTL_BSEX | E1000_RCTL_SZ_16384:
186 return 16384;
187 case E1000_RCTL_BSEX | E1000_RCTL_SZ_8192:
188 return 8192;
189 case E1000_RCTL_BSEX | E1000_RCTL_SZ_4096:
190 return 4096;
191 case E1000_RCTL_SZ_1024:
192 return 1024;
193 case E1000_RCTL_SZ_512:
194 return 512;
195 case E1000_RCTL_SZ_256:
196 return 256;
197 }
198 return 2048;
199}
200
cab3c825
KW		 201static void
202set_ctrl(E1000State *s, int index, uint32_t val)
203{
204 /* RST is self clearing */
205 s->mac_reg[CTRL] = val & ~E1000_CTRL_RST;
206}
207
7c23b892
AZ		 208static void
209set_rx_control(E1000State *s, int index, uint32_t val)
210{
211 s->mac_reg[RCTL] = val;
212 s->rxbuf_size = rxbufsize(val);
213 s->rxbuf_min_shift = ((val / E1000_RCTL_RDMTS_QUAT) & 3) + 1;
214 DBGOUT(RX, "RCTL: %d, mac_reg[RCTL] = 0x%x\n", s->mac_reg[RDT],
215 s->mac_reg[RCTL]);
216}
217
218static void
219set_mdic(E1000State *s, int index, uint32_t val)
220{
221 uint32_t data = val & E1000_MDIC_DATA_MASK;
222 uint32_t addr = ((val & E1000_MDIC_REG_MASK) >> E1000_MDIC_REG_SHIFT);
223
224 if ((val & E1000_MDIC_PHY_MASK) >> E1000_MDIC_PHY_SHIFT != 1) // phy #
225 val = s->mac_reg[MDIC] | E1000_MDIC_ERROR;
226 else if (val & E1000_MDIC_OP_READ) {
227 DBGOUT(MDIC, "MDIC read reg 0x%x\n", addr);
228 if (!(phy_regcap[addr] & PHY_R)) {
229 DBGOUT(MDIC, "MDIC read reg %x unhandled\n", addr);
230 val |= E1000_MDIC_ERROR;
231 } else
232 val = (val ^ data) | s->phy_reg[addr];
233 } else if (val & E1000_MDIC_OP_WRITE) {
234 DBGOUT(MDIC, "MDIC write reg 0x%x, value 0x%x\n", addr, data);
235 if (!(phy_regcap[addr] & PHY_W)) {
236 DBGOUT(MDIC, "MDIC write reg %x unhandled\n", addr);
237 val |= E1000_MDIC_ERROR;
238 } else
239 s->phy_reg[addr] = data;
240 }
241 s->mac_reg[MDIC] = val | E1000_MDIC_READY;
242 set_ics(s, 0, E1000_ICR_MDAC);
243}
244
245static uint32_t
246get_eecd(E1000State *s, int index)
247{
248 uint32_t ret = E1000_EECD_PRES|E1000_EECD_GNT | s->eecd_state.old_eecd;
249
250 DBGOUT(EEPROM, "reading eeprom bit %d (reading %d)\n",
251 s->eecd_state.bitnum_out, s->eecd_state.reading);
252 if (!s->eecd_state.reading ||
253 ((s->eeprom_data[(s->eecd_state.bitnum_out >> 4) & 0x3f] >>
254 ((s->eecd_state.bitnum_out & 0xf) ^ 0xf))) & 1)
255 ret |= E1000_EECD_DO;
256 return ret;
257}
258
259static void
260set_eecd(E1000State *s, int index, uint32_t val)
261{
262 uint32_t oldval = s->eecd_state.old_eecd;
263
264 s->eecd_state.old_eecd = val & (E1000_EECD_SK | E1000_EECD_CS |
265 E1000_EECD_DI|E1000_EECD_FWE_MASK|E1000_EECD_REQ);
9651ac55
IT		 266 if (!(E1000_EECD_CS & val)) // CS inactive; nothing to do
267 return;
268 if (E1000_EECD_CS & (val ^ oldval)) { // CS rise edge; reset state
269 s->eecd_state.val_in = 0;
270 s->eecd_state.bitnum_in = 0;
271 s->eecd_state.bitnum_out = 0;
272 s->eecd_state.reading = 0;
273 }
7c23b892
AZ		 274 if (!(E1000_EECD_SK & (val ^ oldval))) // no clock edge
275 return;
276 if (!(E1000_EECD_SK & val)) { // falling edge
277 s->eecd_state.bitnum_out++;
278 return;
279 }
7c23b892
AZ		 280 s->eecd_state.val_in <<= 1;
281 if (val & E1000_EECD_DI)
282 s->eecd_state.val_in |= 1;
283 if (++s->eecd_state.bitnum_in == 9 && !s->eecd_state.reading) {
284 s->eecd_state.bitnum_out = ((s->eecd_state.val_in & 0x3f)<<4)-1;
285 s->eecd_state.reading = (((s->eecd_state.val_in >> 6) & 7) ==
286 EEPROM_READ_OPCODE_MICROWIRE);
287 }
288 DBGOUT(EEPROM, "eeprom bitnum in %d out %d, reading %d\n",
289 s->eecd_state.bitnum_in, s->eecd_state.bitnum_out,
290 s->eecd_state.reading);
291}
292
293static uint32_t
294flash_eerd_read(E1000State *s, int x)
295{
296 unsigned int index, r = s->mac_reg[EERD] & ~E1000_EEPROM_RW_REG_START;
297
b1332393
BP		 298 if ((s->mac_reg[EERD] & E1000_EEPROM_RW_REG_START) == 0)
299 return (s->mac_reg[EERD]);
300
7c23b892 301 if ((index = r >> E1000_EEPROM_RW_ADDR_SHIFT) > EEPROM_CHECKSUM_REG)
b1332393
BP		 302 return (E1000_EEPROM_RW_REG_DONE | r);
303
304 return ((s->eeprom_data[index] << E1000_EEPROM_RW_REG_DATA) |
305 E1000_EEPROM_RW_REG_DONE | r);
7c23b892
AZ		 306}
307
7c23b892
AZ		 308static void
309putsum(uint8_t *data, uint32_t n, uint32_t sloc, uint32_t css, uint32_t cse)
310{
c6a6a5e3
AL		 311 uint32_t sum;
312
7c23b892
AZ		 313 if (cse && cse < n)
314 n = cse + 1;
c6a6a5e3
AL		 315 if (sloc < n-1) {
316 sum = net_checksum_add(n-css, data+css);
7c23b892 317 cpu_to_be16wu((uint16_t *)(data + sloc),
c6a6a5e3
AL		 318 net_checksum_finish(sum));
319 }
7c23b892
AZ		 320}
321
8f2e8d1f
AL		 322static inline int
323vlan_enabled(E1000State *s)
324{
325 return ((s->mac_reg[CTRL] & E1000_CTRL_VME) != 0);
326}
327
328static inline int
329vlan_rx_filter_enabled(E1000State *s)
330{
331 return ((s->mac_reg[RCTL] & E1000_RCTL_VFE) != 0);
332}
333
334static inline int
335is_vlan_packet(E1000State *s, const uint8_t *buf)
336{
337 return (be16_to_cpup((uint16_t *)(buf + 12)) ==
338 le16_to_cpup((uint16_t *)(s->mac_reg + VET)));
339}
340
341static inline int
342is_vlan_txd(uint32_t txd_lower)
343{
344 return ((txd_lower & E1000_TXD_CMD_VLE) != 0);
345}
346
55e8d1ce
MT		 347/* FCS aka Ethernet CRC-32. We don't get it from backends and can't
348 * fill it in, just pad descriptor length by 4 bytes unless guest
a05e8a6e 349 * told us to strip it off the packet. */
55e8d1ce
MT		 350static inline int
351fcs_len(E1000State *s)
352{
353 return (s->mac_reg[RCTL] & E1000_RCTL_SECRC) ? 0 : 4;
354}
355
7c23b892
AZ		 356static void
357xmit_seg(E1000State *s)
358{
359 uint16_t len, *sp;
360 unsigned int frames = s->tx.tso_frames, css, sofar, n;
361 struct e1000_tx *tp = &s->tx;
362
1b0009db 363 if (tp->tse && tp->cptse) {
7c23b892
AZ		 364 css = tp->ipcss;
365 DBGOUT(TXSUM, "frames %d size %d ipcss %d\n",
366 frames, tp->size, css);
367 if (tp->ip) { // IPv4
368 cpu_to_be16wu((uint16_t *)(tp->data+css+2),
369 tp->size - css);
370 cpu_to_be16wu((uint16_t *)(tp->data+css+4),
371 be16_to_cpup((uint16_t *)(tp->data+css+4))+frames);
372 } else // IPv6
373 cpu_to_be16wu((uint16_t *)(tp->data+css+4),
374 tp->size - css);
375 css = tp->tucss;
376 len = tp->size - css;
377 DBGOUT(TXSUM, "tcp %d tucss %d len %d\n", tp->tcp, css, len);
378 if (tp->tcp) {
379 sofar = frames * tp->mss;
380 cpu_to_be32wu((uint32_t *)(tp->data+css+4), // seq
88738c09 381 be32_to_cpupu((uint32_t *)(tp->data+css+4))+sofar);
7c23b892
AZ		 382 if (tp->paylen - sofar > tp->mss)
383 tp->data[css + 13] &= ~9; // PSH, FIN
384 } else // UDP
385 cpu_to_be16wu((uint16_t *)(tp->data+css+4), len);
386 if (tp->sum_needed & E1000_TXD_POPTS_TXSM) {
e685b4eb 387 unsigned int phsum;
7c23b892
AZ		 388 // add pseudo-header length before checksum calculation
389 sp = (uint16_t *)(tp->data + tp->tucso);
e685b4eb
AW		 390 phsum = be16_to_cpup(sp) + len;
391 phsum = (phsum >> 16) + (phsum & 0xffff);
392 cpu_to_be16wu(sp, phsum);
7c23b892
AZ		 393 }
394 tp->tso_frames++;
395 }
396
397 if (tp->sum_needed & E1000_TXD_POPTS_TXSM)
398 putsum(tp->data, tp->size, tp->tucso, tp->tucss, tp->tucse);
399 if (tp->sum_needed & E1000_TXD_POPTS_IXSM)
400 putsum(tp->data, tp->size, tp->ipcso, tp->ipcss, tp->ipcse);
8f2e8d1f 401 if (tp->vlan_needed) {
b10fec9b
SW		 402 memmove(tp->vlan, tp->data, 4);
403 memmove(tp->data, tp->data + 4, 8);
8f2e8d1f 404 memcpy(tp->data + 8, tp->vlan_header, 4);
a03e2aec 405 qemu_send_packet(&s->nic->nc, tp->vlan, tp->size + 4);
8f2e8d1f 406 } else
a03e2aec 407 qemu_send_packet(&s->nic->nc, tp->data, tp->size);
7c23b892
AZ		 408 s->mac_reg[TPT]++;
409 s->mac_reg[GPTC]++;
410 n = s->mac_reg[TOTL];
411 if ((s->mac_reg[TOTL] += s->tx.size) < n)
412 s->mac_reg[TOTH]++;
413}
414
415static void
416process_tx_desc(E1000State *s, struct e1000_tx_desc *dp)
417{
418 uint32_t txd_lower = le32_to_cpu(dp->lower.data);
419 uint32_t dtype = txd_lower & (E1000_TXD_CMD_DEXT | E1000_TXD_DTYP_D);
420 unsigned int split_size = txd_lower & 0xffff, bytes, sz, op;
421 unsigned int msh = 0xfffff, hdr = 0;
422 uint64_t addr;
423 struct e1000_context_desc *xp = (struct e1000_context_desc *)dp;
424 struct e1000_tx *tp = &s->tx;
425
426 if (dtype == E1000_TXD_CMD_DEXT) { // context descriptor
427 op = le32_to_cpu(xp->cmd_and_length);
428 tp->ipcss = xp->lower_setup.ip_fields.ipcss;
429 tp->ipcso = xp->lower_setup.ip_fields.ipcso;
430 tp->ipcse = le16_to_cpu(xp->lower_setup.ip_fields.ipcse);
431 tp->tucss = xp->upper_setup.tcp_fields.tucss;
432 tp->tucso = xp->upper_setup.tcp_fields.tucso;
433 tp->tucse = le16_to_cpu(xp->upper_setup.tcp_fields.tucse);
434 tp->paylen = op & 0xfffff;
435 tp->hdr_len = xp->tcp_seg_setup.fields.hdr_len;
436 tp->mss = le16_to_cpu(xp->tcp_seg_setup.fields.mss);
437 tp->ip = (op & E1000_TXD_CMD_IP) ? 1 : 0;
438 tp->tcp = (op & E1000_TXD_CMD_TCP) ? 1 : 0;
439 tp->tse = (op & E1000_TXD_CMD_TSE) ? 1 : 0;
440 tp->tso_frames = 0;
441 if (tp->tucso == 0) { // this is probably wrong
442 DBGOUT(TXSUM, "TCP/UDP: cso 0!\n");
443 tp->tucso = tp->tucss + (tp->tcp ? 16 : 6);
444 }
445 return;
1b0009db
AZ		 446 } else if (dtype == (E1000_TXD_CMD_DEXT | E1000_TXD_DTYP_D)) {
447 // data descriptor
7c23b892 448 tp->sum_needed = le32_to_cpu(dp->upper.data) >> 8;
1b0009db
AZ		 449 tp->cptse = ( txd_lower & E1000_TXD_CMD_TSE ) ? 1 : 0;
450 } else
451 // legacy descriptor
452 tp->cptse = 0;
7c23b892 453
8f2e8d1f
AL		 454 if (vlan_enabled(s) && is_vlan_txd(txd_lower) &&
455 (tp->cptse || txd_lower & E1000_TXD_CMD_EOP)) {
456 tp->vlan_needed = 1;
457 cpu_to_be16wu((uint16_t *)(tp->vlan_header),
458 le16_to_cpup((uint16_t *)(s->mac_reg + VET)));
459 cpu_to_be16wu((uint16_t *)(tp->vlan_header + 2),
460 le16_to_cpu(dp->upper.fields.special));
461 }
462
7c23b892 463 addr = le64_to_cpu(dp->buffer_addr);
1b0009db 464 if (tp->tse && tp->cptse) {
7c23b892
AZ		 465 hdr = tp->hdr_len;
466 msh = hdr + tp->mss;
1b0009db
AZ		 467 do {
468 bytes = split_size;
469 if (tp->size + bytes > msh)
470 bytes = msh - tp->size;
471 cpu_physical_memory_read(addr, tp->data + tp->size, bytes);
472 if ((sz = tp->size + bytes) >= hdr && tp->size < hdr)
473 memmove(tp->header, tp->data, hdr);
474 tp->size = sz;
475 addr += bytes;
476 if (sz == msh) {
477 xmit_seg(s);
478 memmove(tp->data, tp->header, hdr);
479 tp->size = hdr;
480 }
481 } while (split_size -= bytes);
482 } else if (!tp->tse && tp->cptse) {
483 // context descriptor TSE is not set, while data descriptor TSE is set
484 DBGOUT(TXERR, "TCP segmentaion Error\n");
485 } else {
486 cpu_physical_memory_read(addr, tp->data + tp->size, split_size);
487 tp->size += split_size;
7c23b892 488 }
7c23b892
AZ		 489
490 if (!(txd_lower & E1000_TXD_CMD_EOP))
491 return;
1b0009db 492 if (!(tp->tse && tp->cptse && tp->size < hdr))
7c23b892
AZ		 493 xmit_seg(s);
494 tp->tso_frames = 0;
495 tp->sum_needed = 0;
8f2e8d1f 496 tp->vlan_needed = 0;
7c23b892 497 tp->size = 0;
1b0009db 498 tp->cptse = 0;
7c23b892
AZ		 499}
500
501static uint32_t
c227f099 502txdesc_writeback(target_phys_addr_t base, struct e1000_tx_desc *dp)
7c23b892
AZ		 503{
504 uint32_t txd_upper, txd_lower = le32_to_cpu(dp->lower.data);
505
506 if (!(txd_lower & (E1000_TXD_CMD_RS|E1000_TXD_CMD_RPS)))
507 return 0;
508 txd_upper = (le32_to_cpu(dp->upper.data) | E1000_TXD_STAT_DD) &
509 ~(E1000_TXD_STAT_EC | E1000_TXD_STAT_LC | E1000_TXD_STAT_TU);
510 dp->upper.data = cpu_to_le32(txd_upper);
511 cpu_physical_memory_write(base + ((char *)&dp->upper - (char *)dp),
512 (void *)&dp->upper, sizeof(dp->upper));
513 return E1000_ICR_TXDW;
514}
515
516static void
517start_xmit(E1000State *s)
518{
c227f099 519 target_phys_addr_t base;
7c23b892
AZ		 520 struct e1000_tx_desc desc;
521 uint32_t tdh_start = s->mac_reg[TDH], cause = E1000_ICS_TXQE;
522
523 if (!(s->mac_reg[TCTL] & E1000_TCTL_EN)) {
524 DBGOUT(TX, "tx disabled\n");
525 return;
526 }
527
528 while (s->mac_reg[TDH] != s->mac_reg[TDT]) {
529 base = ((uint64_t)s->mac_reg[TDBAH] << 32) + s->mac_reg[TDBAL] +
530 sizeof(struct e1000_tx_desc) * s->mac_reg[TDH];
531 cpu_physical_memory_read(base, (void *)&desc, sizeof(desc));
532
533 DBGOUT(TX, "index %d: %p : %x %x\n", s->mac_reg[TDH],
6106075b 534 (void *)(intptr_t)desc.buffer_addr, desc.lower.data,
7c23b892
AZ		 535 desc.upper.data);
536
537 process_tx_desc(s, &desc);
538 cause |= txdesc_writeback(base, &desc);
539
540 if (++s->mac_reg[TDH] * sizeof(desc) >= s->mac_reg[TDLEN])
541 s->mac_reg[TDH] = 0;
542 /*
543 * the following could happen only if guest sw assigns
544 * bogus values to TDT/TDLEN.
545 * there's nothing too intelligent we could do about this.
546 */
547 if (s->mac_reg[TDH] == tdh_start) {
548 DBGOUT(TXERR, "TDH wraparound @%x, TDT %x, TDLEN %x\n",
549 tdh_start, s->mac_reg[TDT], s->mac_reg[TDLEN]);
550 break;
551 }
552 }
553 set_ics(s, 0, cause);
554}
555
556static int
557receive_filter(E1000State *s, const uint8_t *buf, int size)
558{
af2960f9
BS		 559 static const uint8_t bcast[] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
560 static const int mta_shift[] = {4, 3, 2, 0};
7c23b892
AZ		 561 uint32_t f, rctl = s->mac_reg[RCTL], ra[2], *rp;
562
8f2e8d1f
AL		 563 if (is_vlan_packet(s, buf) && vlan_rx_filter_enabled(s)) {
564 uint16_t vid = be16_to_cpup((uint16_t *)(buf + 14));
565 uint32_t vfta = le32_to_cpup((uint32_t *)(s->mac_reg + VFTA) +
566 ((vid >> 5) & 0x7f));
567 if ((vfta & (1 << (vid & 0x1f))) == 0)
568 return 0;
569 }
570
7c23b892
AZ		 571 if (rctl & E1000_RCTL_UPE) // promiscuous
572 return 1;
573
574 if ((buf[0] & 1) && (rctl & E1000_RCTL_MPE)) // promiscuous mcast
575 return 1;
576
577 if ((rctl & E1000_RCTL_BAM) && !memcmp(buf, bcast, sizeof bcast))
578 return 1;
579
580 for (rp = s->mac_reg + RA; rp < s->mac_reg + RA + 32; rp += 2) {
581 if (!(rp[1] & E1000_RAH_AV))
582 continue;
583 ra[0] = cpu_to_le32(rp[0]);
584 ra[1] = cpu_to_le32(rp[1]);
585 if (!memcmp(buf, (uint8_t *)ra, 6)) {
586 DBGOUT(RXFILTER,
587 "unicast match[%d]: %02x:%02x:%02x:%02x:%02x:%02x\n",
588 (int)(rp - s->mac_reg - RA)/2,
589 buf[0], buf[1], buf[2], buf[3], buf[4], buf[5]);
590 return 1;
591 }
592 }
593 DBGOUT(RXFILTER, "unicast mismatch: %02x:%02x:%02x:%02x:%02x:%02x\n",
594 buf[0], buf[1], buf[2], buf[3], buf[4], buf[5]);
595
596 f = mta_shift[(rctl >> E1000_RCTL_MO_SHIFT) & 3];
597 f = (((buf[5] << 8) | buf[4]) >> f) & 0xfff;
598 if (s->mac_reg[MTA + (f >> 5)] & (1 << (f & 0x1f)))
599 return 1;
600 DBGOUT(RXFILTER,
601 "dropping, inexact filter mismatch: %02x:%02x:%02x:%02x:%02x:%02x MO %d MTA[%d] %x\n",
602 buf[0], buf[1], buf[2], buf[3], buf[4], buf[5],
603 (rctl >> E1000_RCTL_MO_SHIFT) & 3, f >> 5,
604 s->mac_reg[MTA + (f >> 5)]);
605
606 return 0;
607}
608
99ed7e30 609static void
a03e2aec 610e1000_set_link_status(VLANClientState *nc)
99ed7e30 611{
a03e2aec 612 E1000State *s = DO_UPCAST(NICState, nc, nc)->opaque;
99ed7e30
AL		 613 uint32_t old_status = s->mac_reg[STATUS];
614
a03e2aec 615 if (nc->link_down)
99ed7e30
AL		 616 s->mac_reg[STATUS] &= ~E1000_STATUS_LU;
617 else
618 s->mac_reg[STATUS] |= E1000_STATUS_LU;
619
620 if (s->mac_reg[STATUS] != old_status)
621 set_ics(s, 0, E1000_ICR_LSC);
622}
623
7c23b892 624static int
a03e2aec 625e1000_can_receive(VLANClientState *nc)
7c23b892 626{
a03e2aec 627 E1000State *s = DO_UPCAST(NICState, nc, nc)->opaque;
7c23b892 628
4105de67 629 return (s->mac_reg[RCTL] & E1000_RCTL_EN);
7c23b892
AZ		 630}
631
4f1c942b 632static ssize_t
a03e2aec 633e1000_receive(VLANClientState *nc, const uint8_t *buf, size_t size)
7c23b892 634{
a03e2aec 635 E1000State *s = DO_UPCAST(NICState, nc, nc)->opaque;
7c23b892 636 struct e1000_rx_desc desc;
c227f099 637 target_phys_addr_t base;
7c23b892
AZ		 638 unsigned int n, rdt;
639 uint32_t rdh_start;
8f2e8d1f
AL		 640 uint16_t vlan_special = 0;
641 uint8_t vlan_status = 0, vlan_offset = 0;
78aeb23e 642 uint8_t min_buf[MIN_BUF_SIZE];
7c23b892
AZ		 643
644 if (!(s->mac_reg[RCTL] & E1000_RCTL_EN))
4f1c942b 645 return -1;
7c23b892 646
78aeb23e
SH		 647 /* Pad to minimum Ethernet frame length */
648 if (size < sizeof(min_buf)) {
649 memcpy(min_buf, buf, size);
650 memset(&min_buf[size], 0, sizeof(min_buf) - size);
651 buf = min_buf;
652 size = sizeof(min_buf);
653 }
654
7c23b892 655 if (size > s->rxbuf_size) {
cda9046b
MM		 656 DBGOUT(RX, "packet too large for buffers (%lu > %d)\n",
657 (unsigned long)size, s->rxbuf_size);
4f1c942b 658 return -1;
7c23b892
AZ		 659 }
660
661 if (!receive_filter(s, buf, size))
4f1c942b 662 return size;
7c23b892 663
8f2e8d1f
AL		 664 if (vlan_enabled(s) && is_vlan_packet(s, buf)) {
665 vlan_special = cpu_to_le16(be16_to_cpup((uint16_t *)(buf + 14)));
98835fe3 666 memmove((uint8_t *)buf + 4, buf, 12);
8f2e8d1f
AL		 667 vlan_status = E1000_RXD_STAT_VP;
668 vlan_offset = 4;
669 size -= 4;
670 }
671
7c23b892 672 rdh_start = s->mac_reg[RDH];
7c23b892
AZ		 673 do {
674 if (s->mac_reg[RDH] == s->mac_reg[RDT] && s->check_rxov) {
675 set_ics(s, 0, E1000_ICS_RXO);
4f1c942b 676 return -1;
7c23b892
AZ		 677 }
678 base = ((uint64_t)s->mac_reg[RDBAH] << 32) + s->mac_reg[RDBAL] +
679 sizeof(desc) * s->mac_reg[RDH];
680 cpu_physical_memory_read(base, (void *)&desc, sizeof(desc));
8f2e8d1f
AL		 681 desc.special = vlan_special;
682 desc.status |= (vlan_status | E1000_RXD_STAT_DD);
7c23b892
AZ		 683 if (desc.buffer_addr) {
684 cpu_physical_memory_write(le64_to_cpu(desc.buffer_addr),
8f2e8d1f 685 (void *)(buf + vlan_offset), size);
55e8d1ce 686 desc.length = cpu_to_le16(size + fcs_len(s));
7c23b892
AZ		 687 desc.status |= E1000_RXD_STAT_EOP|E1000_RXD_STAT_IXSM;
688 } else // as per intel docs; skip descriptors with null buf addr
689 DBGOUT(RX, "Null RX descriptor!!\n");
690 cpu_physical_memory_write(base, (void *)&desc, sizeof(desc));
691
692 if (++s->mac_reg[RDH] * sizeof(desc) >= s->mac_reg[RDLEN])
693 s->mac_reg[RDH] = 0;
694 s->check_rxov = 1;
695 /* see comment in start_xmit; same here */
696 if (s->mac_reg[RDH] == rdh_start) {
697 DBGOUT(RXERR, "RDH wraparound @%x, RDT %x, RDLEN %x\n",
698 rdh_start, s->mac_reg[RDT], s->mac_reg[RDLEN]);
699 set_ics(s, 0, E1000_ICS_RXO);
4f1c942b 700 return -1;
7c23b892
AZ		 701 }
702 } while (desc.buffer_addr == 0);
703
704 s->mac_reg[GPRC]++;
705 s->mac_reg[TPR]++;
a05e8a6e
MT		 706 /* TOR - Total Octets Received:
707 * This register includes bytes received in a packet from the <Destination
708 * Address> field through the <CRC> field, inclusively.
709 */
710 n = s->mac_reg[TORL] + size + /* Always include FCS length. */ 4;
711 if (n < s->mac_reg[TORL])
7c23b892 712 s->mac_reg[TORH]++;
a05e8a6e 713 s->mac_reg[TORL] = n;
7c23b892
AZ		 714
715 n = E1000_ICS_RXT0;
716 if ((rdt = s->mac_reg[RDT]) < s->mac_reg[RDH])
717 rdt += s->mac_reg[RDLEN] / sizeof(desc);
bf16cc8f
AL		 718 if (((rdt - s->mac_reg[RDH]) * sizeof(desc)) <= s->mac_reg[RDLEN] >>
719 s->rxbuf_min_shift)
7c23b892
AZ		 720 n |= E1000_ICS_RXDMT0;
721
722 set_ics(s, 0, n);
4f1c942b
MM		 723
724 return size;
7c23b892
AZ		 725}
726
727static uint32_t
728mac_readreg(E1000State *s, int index)
729{
730 return s->mac_reg[index];
731}
732
733static uint32_t
734mac_icr_read(E1000State *s, int index)
735{
736 uint32_t ret = s->mac_reg[ICR];
737
738 DBGOUT(INTERRUPT, "ICR read: %x\n", ret);
739 set_interrupt_cause(s, 0, 0);
740 return ret;
741}
742
743static uint32_t
744mac_read_clr4(E1000State *s, int index)
745{
746 uint32_t ret = s->mac_reg[index];
747
748 s->mac_reg[index] = 0;
749 return ret;
750}
751
752static uint32_t
753mac_read_clr8(E1000State *s, int index)
754{
755 uint32_t ret = s->mac_reg[index];
756
757 s->mac_reg[index] = 0;
758 s->mac_reg[index-1] = 0;
759 return ret;
760}
761
762static void
763mac_writereg(E1000State *s, int index, uint32_t val)
764{
765 s->mac_reg[index] = val;
766}
767
768static void
769set_rdt(E1000State *s, int index, uint32_t val)
770{
771 s->check_rxov = 0;
772 s->mac_reg[index] = val & 0xffff;
773}
774
775static void
776set_16bit(E1000State *s, int index, uint32_t val)
777{
778 s->mac_reg[index] = val & 0xffff;
779}
780
781static void
782set_dlen(E1000State *s, int index, uint32_t val)
783{
784 s->mac_reg[index] = val & 0xfff80;
785}
786
787static void
788set_tctl(E1000State *s, int index, uint32_t val)
789{
790 s->mac_reg[index] = val;
791 s->mac_reg[TDT] &= 0xffff;
792 start_xmit(s);
793}
794
795static void
796set_icr(E1000State *s, int index, uint32_t val)
797{
798 DBGOUT(INTERRUPT, "set_icr %x\n", val);
799 set_interrupt_cause(s, 0, s->mac_reg[ICR] & ~val);
800}
801
802static void
803set_imc(E1000State *s, int index, uint32_t val)
804{
805 s->mac_reg[IMS] &= ~val;
806 set_ics(s, 0, 0);
807}
808
809static void
810set_ims(E1000State *s, int index, uint32_t val)
811{
812 s->mac_reg[IMS] |= val;
813 set_ics(s, 0, 0);
814}
815
816#define getreg(x) [x] = mac_readreg
817static uint32_t (*macreg_readops[])(E1000State *, int) = {
818 getreg(PBA), getreg(RCTL), getreg(TDH), getreg(TXDCTL),
819 getreg(WUFC), getreg(TDT), getreg(CTRL), getreg(LEDCTL),
820 getreg(MANC), getreg(MDIC), getreg(SWSM), getreg(STATUS),
821 getreg(TORL), getreg(TOTL), getreg(IMS), getreg(TCTL),
b1332393 822 getreg(RDH), getreg(RDT), getreg(VET), getreg(ICS),
a00b2335
KA		 823 getreg(TDBAL), getreg(TDBAH), getreg(RDBAH), getreg(RDBAL),
824 getreg(TDLEN), getreg(RDLEN),
7c23b892
AZ		 825
826 [TOTH] = mac_read_clr8, [TORH] = mac_read_clr8, [GPRC] = mac_read_clr4,
827 [GPTC] = mac_read_clr4, [TPR] = mac_read_clr4, [TPT] = mac_read_clr4,
828 [ICR] = mac_icr_read, [EECD] = get_eecd, [EERD] = flash_eerd_read,
829 [CRCERRS ... MPC] = &mac_readreg,
830 [RA ... RA+31] = &mac_readreg,
831 [MTA ... MTA+127] = &mac_readreg,
8f2e8d1f 832 [VFTA ... VFTA+127] = &mac_readreg,
7c23b892 833};
b1503cda 834enum { NREADOPS = ARRAY_SIZE(macreg_readops) };
7c23b892
AZ		 835
836#define putreg(x) [x] = mac_writereg
837static void (*macreg_writeops[])(E1000State *, int, uint32_t) = {
838 putreg(PBA), putreg(EERD), putreg(SWSM), putreg(WUFC),
839 putreg(TDBAL), putreg(TDBAH), putreg(TXDCTL), putreg(RDBAH),
cab3c825 840 putreg(RDBAL), putreg(LEDCTL), putreg(VET),
7c23b892
AZ		 841 [TDLEN] = set_dlen, [RDLEN] = set_dlen, [TCTL] = set_tctl,
842 [TDT] = set_tctl, [MDIC] = set_mdic, [ICS] = set_ics,
843 [TDH] = set_16bit, [RDH] = set_16bit, [RDT] = set_rdt,
844 [IMC] = set_imc, [IMS] = set_ims, [ICR] = set_icr,
cab3c825 845 [EECD] = set_eecd, [RCTL] = set_rx_control, [CTRL] = set_ctrl,
7c23b892
AZ		 846 [RA ... RA+31] = &mac_writereg,
847 [MTA ... MTA+127] = &mac_writereg,
8f2e8d1f 848 [VFTA ... VFTA+127] = &mac_writereg,
7c23b892 849};
b1503cda 850enum { NWRITEOPS = ARRAY_SIZE(macreg_writeops) };
7c23b892
AZ		 851
852static void
c227f099 853e1000_mmio_writel(void *opaque, target_phys_addr_t addr, uint32_t val)
7c23b892
AZ		 854{
855 E1000State *s = opaque;
8da3ff18 856 unsigned int index = (addr & 0x1ffff) >> 2;
7c23b892 857
6b59fc74
AJ		 858#ifdef TARGET_WORDS_BIGENDIAN
859 val = bswap32(val);
860#endif
7c23b892 861 if (index < NWRITEOPS && macreg_writeops[index])
6b59fc74 862 macreg_writeops[index](s, index, val);
7c23b892
AZ		 863 else if (index < NREADOPS && macreg_readops[index])
864 DBGOUT(MMIO, "e1000_mmio_writel RO %x: 0x%04x\n", index<<2, val);
865 else
866 DBGOUT(UNKNOWN, "MMIO unknown write addr=0x%08x,val=0x%08x\n",
867 index<<2, val);
868}
869
870static void
c227f099 871e1000_mmio_writew(void *opaque, target_phys_addr_t addr, uint32_t val)
7c23b892
AZ		 872{
873 // emulate hw without byte enables: no RMW
874 e1000_mmio_writel(opaque, addr & ~3,
6b59fc74 875 (val & 0xffff) << (8*(addr & 3)));
7c23b892
AZ		 876}
877
878static void
c227f099 879e1000_mmio_writeb(void *opaque, target_phys_addr_t addr, uint32_t val)
7c23b892
AZ		 880{
881 // emulate hw without byte enables: no RMW
882 e1000_mmio_writel(opaque, addr & ~3,
6b59fc74 883 (val & 0xff) << (8*(addr & 3)));
7c23b892
AZ		 884}
885
886static uint32_t
c227f099 887e1000_mmio_readl(void *opaque, target_phys_addr_t addr)
7c23b892
AZ		 888{
889 E1000State *s = opaque;
8da3ff18 890 unsigned int index = (addr & 0x1ffff) >> 2;
7c23b892
AZ		 891
892 if (index < NREADOPS && macreg_readops[index])
6b59fc74
AJ		 893 {
894 uint32_t val = macreg_readops[index](s, index);
895#ifdef TARGET_WORDS_BIGENDIAN
896 val = bswap32(val);
897#endif
898 return val;
899 }
7c23b892
AZ		 900 DBGOUT(UNKNOWN, "MMIO unknown read addr=0x%08x\n", index<<2);
901 return 0;
902}
903
904static uint32_t
c227f099 905e1000_mmio_readb(void *opaque, target_phys_addr_t addr)
7c23b892 906{
6b59fc74 907 return ((e1000_mmio_readl(opaque, addr & ~3)) >>
7c23b892
AZ		 908 (8 * (addr & 3))) & 0xff;
909}
910
911static uint32_t
c227f099 912e1000_mmio_readw(void *opaque, target_phys_addr_t addr)
7c23b892 913{
6b59fc74
AJ		 914 return ((e1000_mmio_readl(opaque, addr & ~3)) >>
915 (8 * (addr & 3))) & 0xffff;
7c23b892
AZ		 916}
917
e482dc3e 918static bool is_version_1(void *opaque, int version_id)
7c23b892 919{
e482dc3e 920 return version_id == 1;
7c23b892
AZ		 921}
922
e482dc3e
JQ		 923static const VMStateDescription vmstate_e1000 = {
924 .name = "e1000",
925 .version_id = 2,
926 .minimum_version_id = 1,
927 .minimum_version_id_old = 1,
928 .fields = (VMStateField []) {
929 VMSTATE_PCI_DEVICE(dev, E1000State),
930 VMSTATE_UNUSED_TEST(is_version_1, 4), /* was instance id */
931 VMSTATE_UNUSED(4), /* Was mmio_base. */
932 VMSTATE_UINT32(rxbuf_size, E1000State),
933 VMSTATE_UINT32(rxbuf_min_shift, E1000State),
934 VMSTATE_UINT32(eecd_state.val_in, E1000State),
935 VMSTATE_UINT16(eecd_state.bitnum_in, E1000State),
936 VMSTATE_UINT16(eecd_state.bitnum_out, E1000State),
937 VMSTATE_UINT16(eecd_state.reading, E1000State),
938 VMSTATE_UINT32(eecd_state.old_eecd, E1000State),
939 VMSTATE_UINT8(tx.ipcss, E1000State),
940 VMSTATE_UINT8(tx.ipcso, E1000State),
941 VMSTATE_UINT16(tx.ipcse, E1000State),
942 VMSTATE_UINT8(tx.tucss, E1000State),
943 VMSTATE_UINT8(tx.tucso, E1000State),
944 VMSTATE_UINT16(tx.tucse, E1000State),
945 VMSTATE_UINT32(tx.paylen, E1000State),
946 VMSTATE_UINT8(tx.hdr_len, E1000State),
947 VMSTATE_UINT16(tx.mss, E1000State),
948 VMSTATE_UINT16(tx.size, E1000State),
949 VMSTATE_UINT16(tx.tso_frames, E1000State),
950 VMSTATE_UINT8(tx.sum_needed, E1000State),
951 VMSTATE_INT8(tx.ip, E1000State),
952 VMSTATE_INT8(tx.tcp, E1000State),
953 VMSTATE_BUFFER(tx.header, E1000State),
954 VMSTATE_BUFFER(tx.data, E1000State),
955 VMSTATE_UINT16_ARRAY(eeprom_data, E1000State, 64),
956 VMSTATE_UINT16_ARRAY(phy_reg, E1000State, 0x20),
957 VMSTATE_UINT32(mac_reg[CTRL], E1000State),
958 VMSTATE_UINT32(mac_reg[EECD], E1000State),
959 VMSTATE_UINT32(mac_reg[EERD], E1000State),
960 VMSTATE_UINT32(mac_reg[GPRC], E1000State),
961 VMSTATE_UINT32(mac_reg[GPTC], E1000State),
962 VMSTATE_UINT32(mac_reg[ICR], E1000State),
963 VMSTATE_UINT32(mac_reg[ICS], E1000State),
964 VMSTATE_UINT32(mac_reg[IMC], E1000State),
965 VMSTATE_UINT32(mac_reg[IMS], E1000State),
966 VMSTATE_UINT32(mac_reg[LEDCTL], E1000State),
967 VMSTATE_UINT32(mac_reg[MANC], E1000State),
968 VMSTATE_UINT32(mac_reg[MDIC], E1000State),
969 VMSTATE_UINT32(mac_reg[MPC], E1000State),
970 VMSTATE_UINT32(mac_reg[PBA], E1000State),
971 VMSTATE_UINT32(mac_reg[RCTL], E1000State),
972 VMSTATE_UINT32(mac_reg[RDBAH], E1000State),
973 VMSTATE_UINT32(mac_reg[RDBAL], E1000State),
974 VMSTATE_UINT32(mac_reg[RDH], E1000State),
975 VMSTATE_UINT32(mac_reg[RDLEN], E1000State),
976 VMSTATE_UINT32(mac_reg[RDT], E1000State),
977 VMSTATE_UINT32(mac_reg[STATUS], E1000State),
978 VMSTATE_UINT32(mac_reg[SWSM], E1000State),
979 VMSTATE_UINT32(mac_reg[TCTL], E1000State),
980 VMSTATE_UINT32(mac_reg[TDBAH], E1000State),
981 VMSTATE_UINT32(mac_reg[TDBAL], E1000State),
982 VMSTATE_UINT32(mac_reg[TDH], E1000State),
983 VMSTATE_UINT32(mac_reg[TDLEN], E1000State),
984 VMSTATE_UINT32(mac_reg[TDT], E1000State),
985 VMSTATE_UINT32(mac_reg[TORH], E1000State),
986 VMSTATE_UINT32(mac_reg[TORL], E1000State),
987 VMSTATE_UINT32(mac_reg[TOTH], E1000State),
988 VMSTATE_UINT32(mac_reg[TOTL], E1000State),
989 VMSTATE_UINT32(mac_reg[TPR], E1000State),
990 VMSTATE_UINT32(mac_reg[TPT], E1000State),
991 VMSTATE_UINT32(mac_reg[TXDCTL], E1000State),
992 VMSTATE_UINT32(mac_reg[WUFC], E1000State),
993 VMSTATE_UINT32(mac_reg[VET], E1000State),
994 VMSTATE_UINT32_SUB_ARRAY(mac_reg, E1000State, RA, 32),
995 VMSTATE_UINT32_SUB_ARRAY(mac_reg, E1000State, MTA, 128),
996 VMSTATE_UINT32_SUB_ARRAY(mac_reg, E1000State, VFTA, 128),
997 VMSTATE_END_OF_LIST()
998 }
999};
7c23b892 1000
88b4e9db 1001static const uint16_t e1000_eeprom_template[64] = {
7c23b892
AZ		 1002 0x0000, 0x0000, 0x0000, 0x0000, 0xffff, 0x0000, 0x0000, 0x0000,
1003 0x3000, 0x1000, 0x6403, E1000_DEVID, 0x8086, E1000_DEVID, 0x8086, 0x3040,
1004 0x0008, 0x2000, 0x7e14, 0x0048, 0x1000, 0x00d8, 0x0000, 0x2700,
1005 0x6cc9, 0x3150, 0x0722, 0x040b, 0x0984, 0x0000, 0xc000, 0x0706,
1006 0x1008, 0x0000, 0x0f04, 0x7fff, 0x4d01, 0xffff, 0xffff, 0xffff,
1007 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
1008 0x0100, 0x4000, 0x121c, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
1009 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0x0000,
1010};
1011
88b4e9db 1012static const uint16_t phy_reg_init[] = {
7c23b892
AZ		 1013 [PHY_CTRL] = 0x1140, [PHY_STATUS] = 0x796d, // link initially up
1014 [PHY_ID1] = 0x141, [PHY_ID2] = PHY_ID2_INIT,
1015 [PHY_1000T_CTRL] = 0x0e00, [M88E1000_PHY_SPEC_CTRL] = 0x360,
1016 [M88E1000_EXT_PHY_SPEC_CTRL] = 0x0d60, [PHY_AUTONEG_ADV] = 0xde1,
1017 [PHY_LP_ABILITY] = 0x1e0, [PHY_1000T_STATUS] = 0x3c00,
700f6e2c 1018 [M88E1000_PHY_SPEC_STATUS] = 0xac00,
7c23b892
AZ		 1019};
1020
88b4e9db 1021static const uint32_t mac_reg_init[] = {
7c23b892
AZ		 1022 [PBA] = 0x00100030,
1023 [LEDCTL] = 0x602,
1024 [CTRL] = E1000_CTRL_SWDPIN2 | E1000_CTRL_SWDPIN0 |
1025 E1000_CTRL_SPD_1000 | E1000_CTRL_SLU,
1026 [STATUS] = 0x80000000 | E1000_STATUS_GIO_MASTER_ENABLE |
1027 E1000_STATUS_ASDV | E1000_STATUS_MTXCKOK |
1028 E1000_STATUS_SPEED_1000 | E1000_STATUS_FD |
1029 E1000_STATUS_LU,
1030 [MANC] = E1000_MANC_EN_MNG2HOST | E1000_MANC_RCV_TCO_EN |
1031 E1000_MANC_ARP_EN | E1000_MANC_0298_EN |
1032 E1000_MANC_RMCP_EN,
1033};
1034
1035/* PCI interface */
1036
d60efc6b 1037static CPUWriteMemoryFunc * const e1000_mmio_write[] = {
7c23b892
AZ		 1038 e1000_mmio_writeb, e1000_mmio_writew, e1000_mmio_writel
1039};
1040
d60efc6b 1041static CPUReadMemoryFunc * const e1000_mmio_read[] = {
7c23b892
AZ		 1042 e1000_mmio_readb, e1000_mmio_readw, e1000_mmio_readl
1043};
1044
1045static void
1046e1000_mmio_map(PCIDevice *pci_dev, int region_num,
6e355d90 1047 pcibus_t addr, pcibus_t size, int type)
7c23b892 1048{
7d9e52bd 1049 E1000State *d = DO_UPCAST(E1000State, dev, pci_dev);
f65ed4c1
AL		 1050 int i;
1051 const uint32_t excluded_regs[] = {
1052 E1000_MDIC, E1000_ICR, E1000_ICS, E1000_IMS,
1053 E1000_IMC, E1000_TCTL, E1000_TDT, PNPMMIO_SIZE
1054 };
1055
7c23b892 1056
89e8b13c
IY		 1057 DBGOUT(MMIO, "e1000_mmio_map addr=0x%08"FMT_PCIBUS" 0x%08"FMT_PCIBUS"\n",
1058 addr, size);
7c23b892 1059
7c23b892 1060 cpu_register_physical_memory(addr, PNPMMIO_SIZE, d->mmio_index);
f65ed4c1
AL		 1061 qemu_register_coalesced_mmio(addr, excluded_regs[0]);
1062
1063 for (i = 0; excluded_regs[i] != PNPMMIO_SIZE; i++)
1064 qemu_register_coalesced_mmio(addr + excluded_regs[i] + 4,
1065 excluded_regs[i + 1] -
1066 excluded_regs[i] - 4);
7c23b892
AZ		 1067}
1068
b946a153 1069static void
a03e2aec 1070e1000_cleanup(VLANClientState *nc)
b946a153 1071{
a03e2aec 1072 E1000State *s = DO_UPCAST(NICState, nc, nc)->opaque;
b946a153 1073
a03e2aec 1074 s->nic = NULL;
b946a153
AL		 1075}
1076
4b09be85
AL		 1077static int
1078pci_e1000_uninit(PCIDevice *dev)
1079{
7d9e52bd 1080 E1000State *d = DO_UPCAST(E1000State, dev, dev);
4b09be85
AL		 1081
1082 cpu_unregister_io_memory(d->mmio_index);
a03e2aec 1083 qemu_del_vlan_client(&d->nic->nc);
4b09be85
AL		 1084 return 0;
1085}
1086
32c86e95
BS		 1087static void e1000_reset(void *opaque)
1088{
1089 E1000State *d = opaque;
1090
1091 memset(d->phy_reg, 0, sizeof d->phy_reg);
1092 memmove(d->phy_reg, phy_reg_init, sizeof phy_reg_init);
1093 memset(d->mac_reg, 0, sizeof d->mac_reg);
1094 memmove(d->mac_reg, mac_reg_init, sizeof mac_reg_init);
1095 d->rxbuf_min_shift = 1;
1096 memset(&d->tx, 0, sizeof d->tx);
1097}
1098
a03e2aec
MM		 1099static NetClientInfo net_e1000_info = {
1100 .type = NET_CLIENT_TYPE_NIC,
1101 .size = sizeof(NICState),
1102 .can_receive = e1000_can_receive,
1103 .receive = e1000_receive,
1104 .cleanup = e1000_cleanup,
1105 .link_status_changed = e1000_set_link_status,
1106};
1107
81a322d4 1108static int pci_e1000_init(PCIDevice *pci_dev)
7c23b892 1109{
7d9e52bd 1110 E1000State *d = DO_UPCAST(E1000State, dev, pci_dev);
7c23b892 1111 uint8_t *pci_conf;
7c23b892 1112 uint16_t checksum = 0;
7c23b892 1113 int i;
fbdaa002 1114 uint8_t *macaddr;
aff427a1 1115
7c23b892 1116 pci_conf = d->dev.config;
7c23b892 1117
deb54399
AL		 1118 pci_config_set_vendor_id(pci_conf, PCI_VENDOR_ID_INTEL);
1119 pci_config_set_device_id(pci_conf, E1000_DEVID);
a9cbacb0
MT		 1120 /* TODO: we have no capabilities, so why is this bit set? */
1121 pci_set_word(pci_conf + PCI_STATUS, PCI_STATUS_CAP_LIST);
1122 pci_conf[PCI_REVISION_ID] = 0x03;
173a543b 1123 pci_config_set_class(pci_conf, PCI_CLASS_NETWORK_ETHERNET);
a9cbacb0
MT		 1124 /* TODO: RST# value should be 0, PCI spec 6.2.4 */
1125 pci_conf[PCI_CACHE_LINE_SIZE] = 0x10;
7c23b892 1126
a9cbacb0
MT		 1127 /* TODO: RST# value should be 0 if programmable, PCI spec 6.2.4 */
1128 pci_conf[PCI_INTERRUPT_PIN] = 1; // interrupt pin 0
7c23b892 1129
1eed09cb 1130 d->mmio_index = cpu_register_io_memory(e1000_mmio_read,
7c23b892
AZ		 1131 e1000_mmio_write, d);
1132
28c2c264 1133 pci_register_bar((PCIDevice *)d, 0, PNPMMIO_SIZE,
0392a017 1134 PCI_BASE_ADDRESS_SPACE_MEMORY, e1000_mmio_map);
7c23b892 1135
28c2c264 1136 pci_register_bar((PCIDevice *)d, 1, IOPORT_SIZE,
0392a017 1137 PCI_BASE_ADDRESS_SPACE_IO, ioport_map);
7c23b892 1138
7c23b892
AZ		 1139 memmove(d->eeprom_data, e1000_eeprom_template,
1140 sizeof e1000_eeprom_template);
fbdaa002
GH		 1141 qemu_macaddr_default_if_unset(&d->conf.macaddr);
1142 macaddr = d->conf.macaddr.a;
7c23b892 1143 for (i = 0; i < 3; i++)
9d07d757 1144 d->eeprom_data[i] = (macaddr[2*i+1]<<8) | macaddr[2*i];
7c23b892
AZ		 1145 for (i = 0; i < EEPROM_CHECKSUM_REG; i++)
1146 checksum += d->eeprom_data[i];
1147 checksum = (uint16_t) EEPROM_SUM - checksum;
1148 d->eeprom_data[EEPROM_CHECKSUM_REG] = checksum;
1149
a03e2aec
MM		 1150 d->nic = qemu_new_nic(&net_e1000_info, &d->conf,
1151 d->dev.qdev.info->name, d->dev.qdev.id, d);
7c23b892 1152
a03e2aec 1153 qemu_format_nic_info_str(&d->nic->nc, macaddr);
81a322d4 1154 return 0;
9d07d757 1155}
72da4208 1156
fbdaa002
GH		 1157static void qdev_e1000_reset(DeviceState *dev)
1158{
1159 E1000State *d = DO_UPCAST(E1000State, dev.qdev, dev);
1160 e1000_reset(d);
1161}
1162
0aab0d3a 1163static PCIDeviceInfo e1000_info = {
fbdaa002
GH		 1164 .qdev.name = "e1000",
1165 .qdev.desc = "Intel Gigabit Ethernet",
1166 .qdev.size = sizeof(E1000State),
1167 .qdev.reset = qdev_e1000_reset,
be73cfe2 1168 .qdev.vmsd = &vmstate_e1000,
fbdaa002
GH		 1169 .init = pci_e1000_init,
1170 .exit = pci_e1000_uninit,
8c52c8f3 1171 .romfile = "pxe-e1000.bin",
fbdaa002
GH		 1172 .qdev.props = (Property[]) {
1173 DEFINE_NIC_PROPERTIES(E1000State, conf),
1174 DEFINE_PROP_END_OF_LIST(),
1175 }
0aab0d3a
GH		 1176};
1177
9d07d757
PB		 1178static void e1000_register_devices(void)
1179{
0aab0d3a 1180 pci_qdev_register(&e1000_info);
7c23b892 1181}
9d07d757
PB		 1182
1183device_init(e1000_register_devices)
Qemu copy for testing