]> git.proxmox.com Git - qemu.git/blame - hw/ne2000.c
projects / qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Avoid buffer overflow when sending slirp packets.
[qemu.git] / hw / ne2000.c
CommitLineData
80cabfad
FB		 1/*
2 * QEMU NE2000 emulation
3 *
4 * Copyright (c) 2003-2004 Fabrice Bellard
5 *
6 * Permission is hereby granted, free of charge, to any person obtaining a copy
7 * of this software and associated documentation files (the "Software"), to deal
8 * in the Software without restriction, including without limitation the rights
9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10 * copies of the Software, and to permit persons to whom the Software is
11 * furnished to do so, subject to the following conditions:
12 *
13 * The above copyright notice and this permission notice shall be included in
14 * all copies or substantial portions of the Software.
15 *
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
22 * THE SOFTWARE.
23 */
80cabfad
FB		 24#include "vl.h"
25
26/* debug NE2000 card */
27//#define DEBUG_NE2000
28
b41a2cd1 29#define MAX_ETH_FRAME_SIZE 1514
80cabfad
FB		 30
31#define E8390_CMD 0x00 /* The command register (for all pages) */
32/* Page 0 register offsets. */
33#define EN0_CLDALO 0x01 /* Low byte of current local dma addr RD */
34#define EN0_STARTPG 0x01 /* Starting page of ring bfr WR */
35#define EN0_CLDAHI 0x02 /* High byte of current local dma addr RD */
36#define EN0_STOPPG 0x02 /* Ending page +1 of ring bfr WR */
37#define EN0_BOUNDARY 0x03 /* Boundary page of ring bfr RD WR */
38#define EN0_TSR 0x04 /* Transmit status reg RD */
39#define EN0_TPSR 0x04 /* Transmit starting page WR */
40#define EN0_NCR 0x05 /* Number of collision reg RD */
41#define EN0_TCNTLO 0x05 /* Low byte of tx byte count WR */
42#define EN0_FIFO 0x06 /* FIFO RD */
43#define EN0_TCNTHI 0x06 /* High byte of tx byte count WR */
44#define EN0_ISR 0x07 /* Interrupt status reg RD WR */
45#define EN0_CRDALO 0x08 /* low byte of current remote dma address RD */
46#define EN0_RSARLO 0x08 /* Remote start address reg 0 */
47#define EN0_CRDAHI 0x09 /* high byte, current remote dma address RD */
48#define EN0_RSARHI 0x09 /* Remote start address reg 1 */
49#define EN0_RCNTLO 0x0a /* Remote byte count reg WR */
089af991 50#define EN0_RTL8029ID0 0x0a /* Realtek ID byte #1 RD */
80cabfad 51#define EN0_RCNTHI 0x0b /* Remote byte count reg WR */
089af991 52#define EN0_RTL8029ID1 0x0b /* Realtek ID byte #2 RD */
80cabfad
FB		 53#define EN0_RSR 0x0c /* rx status reg RD */
54#define EN0_RXCR 0x0c /* RX configuration reg WR */
55#define EN0_TXCR 0x0d /* TX configuration reg WR */
56#define EN0_COUNTER0 0x0d /* Rcv alignment error counter RD */
57#define EN0_DCFG 0x0e /* Data configuration reg WR */
58#define EN0_COUNTER1 0x0e /* Rcv CRC error counter RD */
59#define EN0_IMR 0x0f /* Interrupt mask reg WR */
60#define EN0_COUNTER2 0x0f /* Rcv missed frame error counter RD */
61
62#define EN1_PHYS 0x11
63#define EN1_CURPAG 0x17
64#define EN1_MULT 0x18
65
a343df16
FB		 66#define EN2_STARTPG 0x21 /* Starting page of ring bfr RD */
67#define EN2_STOPPG 0x22 /* Ending page +1 of ring bfr RD */
68
089af991
FB		 69#define EN3_CONFIG0 0x33
70#define EN3_CONFIG1 0x34
71#define EN3_CONFIG2 0x35
72#define EN3_CONFIG3 0x36
73
80cabfad
FB		 74/* Register accessed at EN_CMD, the 8390 base addr. */
75#define E8390_STOP 0x01 /* Stop and reset the chip */
76#define E8390_START 0x02 /* Start the chip, clear reset */
77#define E8390_TRANS 0x04 /* Transmit a frame */
78#define E8390_RREAD 0x08 /* Remote read */
79#define E8390_RWRITE 0x10 /* Remote write */
80#define E8390_NODMA 0x20 /* Remote DMA */
81#define E8390_PAGE0 0x00 /* Select page chip registers */
82#define E8390_PAGE1 0x40 /* using the two high-order bits */
83#define E8390_PAGE2 0x80 /* Page 3 is invalid. */
84
85/* Bits in EN0_ISR - Interrupt status register */
86#define ENISR_RX 0x01 /* Receiver, no error */
87#define ENISR_TX 0x02 /* Transmitter, no error */
88#define ENISR_RX_ERR 0x04 /* Receiver, with error */
89#define ENISR_TX_ERR 0x08 /* Transmitter, with error */
90#define ENISR_OVER 0x10 /* Receiver overwrote the ring */
91#define ENISR_COUNTERS 0x20 /* Counters need emptying */
92#define ENISR_RDC 0x40 /* remote dma complete */
93#define ENISR_RESET 0x80 /* Reset completed */
94#define ENISR_ALL 0x3f /* Interrupts we will enable */
95
96/* Bits in received packet status byte and EN0_RSR*/
97#define ENRSR_RXOK 0x01 /* Received a good packet */
98#define ENRSR_CRC 0x02 /* CRC error */
99#define ENRSR_FAE 0x04 /* frame alignment error */
100#define ENRSR_FO 0x08 /* FIFO overrun */
101#define ENRSR_MPA 0x10 /* missed pkt */
102#define ENRSR_PHY 0x20 /* physical/multicast address */
103#define ENRSR_DIS 0x40 /* receiver disable. set in monitor mode */
104#define ENRSR_DEF 0x80 /* deferring */
105
106/* Transmitted packet status, EN0_TSR. */
107#define ENTSR_PTX 0x01 /* Packet transmitted without error */
108#define ENTSR_ND 0x02 /* The transmit wasn't deferred. */
109#define ENTSR_COL 0x04 /* The transmit collided at least once. */
110#define ENTSR_ABT 0x08 /* The transmit collided 16 times, and was deferred. */
111#define ENTSR_CRS 0x10 /* The carrier sense was lost. */
112#define ENTSR_FU 0x20 /* A "FIFO underrun" occurred during transmit. */
113#define ENTSR_CDH 0x40 /* The collision detect "heartbeat" signal was lost. */
114#define ENTSR_OWC 0x80 /* There was an out-of-window collision. */
115
ee9dbb29
FB		 116#define NE2000_PMEM_SIZE (32*1024)
117#define NE2000_PMEM_START (16*1024)
118#define NE2000_PMEM_END (NE2000_PMEM_SIZE+NE2000_PMEM_START)
119#define NE2000_MEM_SIZE NE2000_PMEM_END
80cabfad
FB		 120
121typedef struct NE2000State {
122 uint8_t cmd;
123 uint32_t start;
124 uint32_t stop;
125 uint8_t boundary;
126 uint8_t tsr;
127 uint8_t tpsr;
128 uint16_t tcnt;
129 uint16_t rcnt;
130 uint32_t rsar;
8d6c7eb8 131 uint8_t rsr;
7c9d8e07 132 uint8_t rxcr;
80cabfad
FB		 133 uint8_t isr;
134 uint8_t dcfg;
135 uint8_t imr;
136 uint8_t phys[6]; /* mac address */
137 uint8_t curpag;
138 uint8_t mult[8]; /* multicast mask array */
139 int irq;
4a9c9687 140 PCIDevice *pci_dev;
7c9d8e07
FB		 141 VLANClientState *vc;
142 uint8_t macaddr[6];
80cabfad
FB		 143 uint8_t mem[NE2000_MEM_SIZE];
144} NE2000State;
145
80cabfad
FB		 146static void ne2000_reset(NE2000State *s)
147{
148 int i;
149
150 s->isr = ENISR_RESET;
7c9d8e07 151 memcpy(s->mem, s->macaddr, 6);
80cabfad
FB		 152 s->mem[14] = 0x57;
153 s->mem[15] = 0x57;
154
155 /* duplicate prom data */
156 for(i = 15;i >= 0; i--) {
157 s->mem[2 * i] = s->mem[i];
158 s->mem[2 * i + 1] = s->mem[i];
159 }
160}
161
162static void ne2000_update_irq(NE2000State *s)
163{
164 int isr;
a343df16 165 isr = (s->isr & s->imr) & 0x7f;
a541f297
FB		 166#if defined(DEBUG_NE2000)
167 printf("NE2000: Set IRQ line %d to %d (%02x %02x)\n",
168 s->irq, isr ? 1 : 0, s->isr, s->imr);
169#endif
4a9c9687
FB		 170 if (s->irq == 16) {
171 /* PCI irq */
172 pci_set_irq(s->pci_dev, 0, (isr != 0));
173 } else {
174 /* ISA irq */
175 pic_set_irq(s->irq, (isr != 0));
176 }
80cabfad
FB		 177}
178
7c9d8e07
FB		 179#define POLYNOMIAL 0x04c11db6
180
181/* From FreeBSD */
182/* XXX: optimize */
183static int compute_mcast_idx(const uint8_t *ep)
184{
185 uint32_t crc;
186 int carry, i, j;
187 uint8_t b;
188
189 crc = 0xffffffff;
190 for (i = 0; i < 6; i++) {
191 b = *ep++;
192 for (j = 0; j < 8; j++) {
193 carry = ((crc & 0x80000000L) ? 1 : 0) ^ (b & 0x01);
194 crc <<= 1;
195 b >>= 1;
196 if (carry)
197 crc = ((crc ^ POLYNOMIAL) | carry);
198 }
199 }
200 return (crc >> 26);
201}
202
d861b05e 203static int ne2000_buffer_full(NE2000State *s)
80cabfad 204{
80cabfad 205 int avail, index, boundary;
d861b05e 206
80cabfad
FB		 207 index = s->curpag << 8;
208 boundary = s->boundary << 8;
209 if (index < boundary)
210 avail = boundary - index;
211 else
212 avail = (s->stop - s->start) - (index - boundary);
213 if (avail < (MAX_ETH_FRAME_SIZE + 4))
d861b05e
PB		 214 return 1;
215 return 0;
216}
217
218static int ne2000_can_receive(void *opaque)
219{
220 NE2000State *s = opaque;
221
222 if (s->cmd & E8390_STOP)
223 return 1;
224 return !ne2000_buffer_full(s);
80cabfad
FB		 225}
226
b41a2cd1
FB		 227#define MIN_BUF_SIZE 60
228
229static void ne2000_receive(void *opaque, const uint8_t *buf, int size)
80cabfad 230{
b41a2cd1 231 NE2000State *s = opaque;
80cabfad 232 uint8_t *p;
7c9d8e07 233 int total_len, next, avail, len, index, mcast_idx;
b41a2cd1 234 uint8_t buf1[60];
7c9d8e07
FB		 235 static const uint8_t broadcast_macaddr[6] =
236 { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
b41a2cd1 237
80cabfad
FB		 238#if defined(DEBUG_NE2000)
239 printf("NE2000: received len=%d\n", size);
240#endif
241
d861b05e 242 if (s->cmd & E8390_STOP || ne2000_buffer_full(s))
7c9d8e07
FB		 243 return;
244
245 /* XXX: check this */
246 if (s->rxcr & 0x10) {
247 /* promiscuous: receive all */
248 } else {
249 if (!memcmp(buf, broadcast_macaddr, 6)) {
250 /* broadcast address */
251 if (!(s->rxcr & 0x04))
252 return;
253 } else if (buf[0] & 0x01) {
254 /* multicast */
255 if (!(s->rxcr & 0x08))
256 return;
257 mcast_idx = compute_mcast_idx(buf);
258 if (!(s->mult[mcast_idx >> 3] & (1 << (mcast_idx & 7))))
259 return;
260 } else if (s->mem[0] == buf[0] &&
261 s->mem[2] == buf[1] &&
262 s->mem[4] == buf[2] &&
263 s->mem[6] == buf[3] &&
264 s->mem[8] == buf[4] &&
265 s->mem[10] == buf[5]) {
266 /* match */
267 } else {
268 return;
269 }
270 }
271
272
b41a2cd1
FB		 273 /* if too small buffer, then expand it */
274 if (size < MIN_BUF_SIZE) {
275 memcpy(buf1, buf, size);
276 memset(buf1 + size, 0, MIN_BUF_SIZE - size);
277 buf = buf1;
278 size = MIN_BUF_SIZE;
279 }
280
80cabfad
FB		 281 index = s->curpag << 8;
282 /* 4 bytes for header */
283 total_len = size + 4;
284 /* address for next packet (4 bytes for CRC) */
285 next = index + ((total_len + 4 + 255) & ~0xff);
286 if (next >= s->stop)
287 next -= (s->stop - s->start);
288 /* prepare packet header */
289 p = s->mem + index;
8d6c7eb8
FB		 290 s->rsr = ENRSR_RXOK; /* receive status */
291 /* XXX: check this */
292 if (buf[0] & 0x01)
293 s->rsr |= ENRSR_PHY;
294 p[0] = s->rsr;
80cabfad
FB		 295 p[1] = next >> 8;
296 p[2] = total_len;
297 p[3] = total_len >> 8;
298 index += 4;
299
300 /* write packet data */
301 while (size > 0) {
302 avail = s->stop - index;
303 len = size;
304 if (len > avail)
305 len = avail;
306 memcpy(s->mem + index, buf, len);
307 buf += len;
308 index += len;
309 if (index == s->stop)
310 index = s->start;
311 size -= len;
312 }
313 s->curpag = next >> 8;
8d6c7eb8 314
80cabfad
FB		 315 /* now we can signal we have receive something */
316 s->isr |= ENISR_RX;
317 ne2000_update_irq(s);
318}
319
b41a2cd1 320static void ne2000_ioport_write(void *opaque, uint32_t addr, uint32_t val)
80cabfad 321{
b41a2cd1 322 NE2000State *s = opaque;
40545f84 323 int offset, page, index;
80cabfad
FB		 324
325 addr &= 0xf;
326#ifdef DEBUG_NE2000
327 printf("NE2000: write addr=0x%x val=0x%02x\n", addr, val);
328#endif
329 if (addr == E8390_CMD) {
330 /* control register */
331 s->cmd = val;
a343df16 332 if (!(val & E8390_STOP)) { /* START bit makes no sense on RTL8029... */
ee9dbb29 333 s->isr &= ~ENISR_RESET;
80cabfad
FB		 334 /* test specific case: zero length transfert */
335 if ((val & (E8390_RREAD | E8390_RWRITE)) &&
336 s->rcnt == 0) {
337 s->isr |= ENISR_RDC;
338 ne2000_update_irq(s);
339 }
340 if (val & E8390_TRANS) {
40545f84
FB		 341 index = (s->tpsr << 8);
342 /* XXX: next 2 lines are a hack to make netware 3.11 work */
343 if (index >= NE2000_PMEM_END)
344 index -= NE2000_PMEM_SIZE;
345 /* fail safe: check range on the transmitted length */
346 if (index + s->tcnt <= NE2000_PMEM_END) {
7c9d8e07 347 qemu_send_packet(s->vc, s->mem + index, s->tcnt);
40545f84 348 }
80cabfad
FB		 349 /* signal end of transfert */
350 s->tsr = ENTSR_PTX;
351 s->isr |= ENISR_TX;
40545f84 352 s->cmd &= ~E8390_TRANS;
80cabfad
FB		 353 ne2000_update_irq(s);
354 }
355 }
356 } else {
357 page = s->cmd >> 6;
358 offset = addr | (page << 4);
359 switch(offset) {
360 case EN0_STARTPG:
361 s->start = val << 8;
362 break;
363 case EN0_STOPPG:
364 s->stop = val << 8;
365 break;
366 case EN0_BOUNDARY:
367 s->boundary = val;
368 break;
369 case EN0_IMR:
370 s->imr = val;
371 ne2000_update_irq(s);
372 break;
373 case EN0_TPSR:
374 s->tpsr = val;
375 break;
376 case EN0_TCNTLO:
377 s->tcnt = (s->tcnt & 0xff00) | val;
378 break;
379 case EN0_TCNTHI:
380 s->tcnt = (s->tcnt & 0x00ff) | (val << 8);
381 break;
382 case EN0_RSARLO:
383 s->rsar = (s->rsar & 0xff00) | val;
384 break;
385 case EN0_RSARHI:
386 s->rsar = (s->rsar & 0x00ff) | (val << 8);
387 break;
388 case EN0_RCNTLO:
389 s->rcnt = (s->rcnt & 0xff00) | val;
390 break;
391 case EN0_RCNTHI:
392 s->rcnt = (s->rcnt & 0x00ff) | (val << 8);
393 break;
7c9d8e07
FB		 394 case EN0_RXCR:
395 s->rxcr = val;
396 break;
80cabfad
FB		 397 case EN0_DCFG:
398 s->dcfg = val;
399 break;
400 case EN0_ISR:
ee9dbb29 401 s->isr &= ~(val & 0x7f);
80cabfad
FB		 402 ne2000_update_irq(s);
403 break;
404 case EN1_PHYS ... EN1_PHYS + 5:
405 s->phys[offset - EN1_PHYS] = val;
406 break;
407 case EN1_CURPAG:
408 s->curpag = val;
409 break;
410 case EN1_MULT ... EN1_MULT + 7:
411 s->mult[offset - EN1_MULT] = val;
412 break;
413 }
414 }
415}
416
b41a2cd1 417static uint32_t ne2000_ioport_read(void *opaque, uint32_t addr)
80cabfad 418{
b41a2cd1 419 NE2000State *s = opaque;
80cabfad
FB		 420 int offset, page, ret;
421
422 addr &= 0xf;
423 if (addr == E8390_CMD) {
424 ret = s->cmd;
425 } else {
426 page = s->cmd >> 6;
427 offset = addr | (page << 4);
428 switch(offset) {
429 case EN0_TSR:
430 ret = s->tsr;
431 break;
432 case EN0_BOUNDARY:
433 ret = s->boundary;
434 break;
435 case EN0_ISR:
436 ret = s->isr;
437 break;
ee9dbb29
FB		 438 case EN0_RSARLO:
439 ret = s->rsar & 0x00ff;
440 break;
441 case EN0_RSARHI:
442 ret = s->rsar >> 8;
443 break;
80cabfad
FB		 444 case EN1_PHYS ... EN1_PHYS + 5:
445 ret = s->phys[offset - EN1_PHYS];
446 break;
447 case EN1_CURPAG:
448 ret = s->curpag;
449 break;
450 case EN1_MULT ... EN1_MULT + 7:
451 ret = s->mult[offset - EN1_MULT];
452 break;
8d6c7eb8
FB		 453 case EN0_RSR:
454 ret = s->rsr;
455 break;
a343df16
FB		 456 case EN2_STARTPG:
457 ret = s->start >> 8;
458 break;
459 case EN2_STOPPG:
460 ret = s->stop >> 8;
461 break;
089af991
FB		 462 case EN0_RTL8029ID0:
463 ret = 0x50;
464 break;
465 case EN0_RTL8029ID1:
466 ret = 0x43;
467 break;
468 case EN3_CONFIG0:
469 ret = 0; /* 10baseT media */
470 break;
471 case EN3_CONFIG2:
472 ret = 0x40; /* 10baseT active */
473 break;
474 case EN3_CONFIG3:
475 ret = 0x40; /* Full duplex */
476 break;
80cabfad
FB		 477 default:
478 ret = 0x00;
479 break;
480 }
481 }
482#ifdef DEBUG_NE2000
483 printf("NE2000: read addr=0x%x val=%02x\n", addr, ret);
484#endif
485 return ret;
486}
487
ee9dbb29 488static inline void ne2000_mem_writeb(NE2000State *s, uint32_t addr,
69b91039 489 uint32_t val)
ee9dbb29
FB		 490{
491 if (addr < 32 ||
492 (addr >= NE2000_PMEM_START && addr < NE2000_MEM_SIZE)) {
493 s->mem[addr] = val;
494 }
495}
496
497static inline void ne2000_mem_writew(NE2000State *s, uint32_t addr,
498 uint32_t val)
499{
500 addr &= ~1; /* XXX: check exact behaviour if not even */
501 if (addr < 32 ||
502 (addr >= NE2000_PMEM_START && addr < NE2000_MEM_SIZE)) {
69b91039
FB		 503 *(uint16_t *)(s->mem + addr) = cpu_to_le16(val);
504 }
505}
506
507static inline void ne2000_mem_writel(NE2000State *s, uint32_t addr,
508 uint32_t val)
509{
57ccbabe 510 addr &= ~1; /* XXX: check exact behaviour if not even */
69b91039
FB		 511 if (addr < 32 ||
512 (addr >= NE2000_PMEM_START && addr < NE2000_MEM_SIZE)) {
57ccbabe 513 cpu_to_le32wu((uint32_t *)(s->mem + addr), val);
ee9dbb29
FB		 514 }
515}
516
517static inline uint32_t ne2000_mem_readb(NE2000State *s, uint32_t addr)
518{
519 if (addr < 32 ||
520 (addr >= NE2000_PMEM_START && addr < NE2000_MEM_SIZE)) {
521 return s->mem[addr];
522 } else {
523 return 0xff;
524 }
525}
526
527static inline uint32_t ne2000_mem_readw(NE2000State *s, uint32_t addr)
528{
529 addr &= ~1; /* XXX: check exact behaviour if not even */
530 if (addr < 32 ||
531 (addr >= NE2000_PMEM_START && addr < NE2000_MEM_SIZE)) {
69b91039 532 return le16_to_cpu(*(uint16_t *)(s->mem + addr));
ee9dbb29
FB		 533 } else {
534 return 0xffff;
535 }
536}
537
69b91039
FB		 538static inline uint32_t ne2000_mem_readl(NE2000State *s, uint32_t addr)
539{
57ccbabe 540 addr &= ~1; /* XXX: check exact behaviour if not even */
69b91039
FB		 541 if (addr < 32 ||
542 (addr >= NE2000_PMEM_START && addr < NE2000_MEM_SIZE)) {
57ccbabe 543 return le32_to_cpupu((uint32_t *)(s->mem + addr));
69b91039
FB		 544 } else {
545 return 0xffffffff;
546 }
547}
548
3df3f6fd
FB		 549static inline void ne2000_dma_update(NE2000State *s, int len)
550{
551 s->rsar += len;
552 /* wrap */
553 /* XXX: check what to do if rsar > stop */
554 if (s->rsar == s->stop)
555 s->rsar = s->start;
556
557 if (s->rcnt <= len) {
558 s->rcnt = 0;
559 /* signal end of transfert */
560 s->isr |= ENISR_RDC;
561 ne2000_update_irq(s);
562 } else {
563 s->rcnt -= len;
564 }
565}
566
b41a2cd1 567static void ne2000_asic_ioport_write(void *opaque, uint32_t addr, uint32_t val)
80cabfad 568{
b41a2cd1 569 NE2000State *s = opaque;
80cabfad
FB		 570
571#ifdef DEBUG_NE2000
572 printf("NE2000: asic write val=0x%04x\n", val);
573#endif
ee9dbb29 574 if (s->rcnt == 0)
3df3f6fd 575 return;
80cabfad
FB		 576 if (s->dcfg & 0x01) {
577 /* 16 bit access */
ee9dbb29 578 ne2000_mem_writew(s, s->rsar, val);
3df3f6fd 579 ne2000_dma_update(s, 2);
80cabfad
FB		 580 } else {
581 /* 8 bit access */
ee9dbb29 582 ne2000_mem_writeb(s, s->rsar, val);
3df3f6fd 583 ne2000_dma_update(s, 1);
80cabfad
FB		 584 }
585}
586
b41a2cd1 587static uint32_t ne2000_asic_ioport_read(void *opaque, uint32_t addr)
80cabfad 588{
b41a2cd1 589 NE2000State *s = opaque;
80cabfad
FB		 590 int ret;
591
80cabfad
FB		 592 if (s->dcfg & 0x01) {
593 /* 16 bit access */
ee9dbb29 594 ret = ne2000_mem_readw(s, s->rsar);
3df3f6fd 595 ne2000_dma_update(s, 2);
80cabfad
FB		 596 } else {
597 /* 8 bit access */
ee9dbb29 598 ret = ne2000_mem_readb(s, s->rsar);
3df3f6fd 599 ne2000_dma_update(s, 1);
80cabfad
FB		 600 }
601#ifdef DEBUG_NE2000
602 printf("NE2000: asic read val=0x%04x\n", ret);
603#endif
604 return ret;
605}
606
69b91039
FB		 607static void ne2000_asic_ioport_writel(void *opaque, uint32_t addr, uint32_t val)
608{
609 NE2000State *s = opaque;
610
611#ifdef DEBUG_NE2000
612 printf("NE2000: asic writel val=0x%04x\n", val);
613#endif
614 if (s->rcnt == 0)
3df3f6fd 615 return;
69b91039
FB		 616 /* 32 bit access */
617 ne2000_mem_writel(s, s->rsar, val);
3df3f6fd 618 ne2000_dma_update(s, 4);
69b91039
FB		 619}
620
621static uint32_t ne2000_asic_ioport_readl(void *opaque, uint32_t addr)
622{
623 NE2000State *s = opaque;
624 int ret;
625
626 /* 32 bit access */
627 ret = ne2000_mem_readl(s, s->rsar);
3df3f6fd 628 ne2000_dma_update(s, 4);
69b91039
FB		 629#ifdef DEBUG_NE2000
630 printf("NE2000: asic readl val=0x%04x\n", ret);
631#endif
632 return ret;
633}
634
b41a2cd1 635static void ne2000_reset_ioport_write(void *opaque, uint32_t addr, uint32_t val)
80cabfad
FB		 636{
637 /* nothing to do (end of reset pulse) */
638}
639
b41a2cd1 640static uint32_t ne2000_reset_ioport_read(void *opaque, uint32_t addr)
80cabfad 641{
b41a2cd1 642 NE2000State *s = opaque;
80cabfad
FB		 643 ne2000_reset(s);
644 return 0;
645}
646
30ca2aab
FB		 647static void ne2000_save(QEMUFile* f,void* opaque)
648{
649 NE2000State* s=(NE2000State*)opaque;
650
acff9df6
FB		 651 qemu_put_8s(f, &s->rxcr);
652
30ca2aab
FB		 653 qemu_put_8s(f, &s->cmd);
654 qemu_put_be32s(f, &s->start);
655 qemu_put_be32s(f, &s->stop);
656 qemu_put_8s(f, &s->boundary);
657 qemu_put_8s(f, &s->tsr);
658 qemu_put_8s(f, &s->tpsr);
659 qemu_put_be16s(f, &s->tcnt);
660 qemu_put_be16s(f, &s->rcnt);
661 qemu_put_be32s(f, &s->rsar);
662 qemu_put_8s(f, &s->rsr);
663 qemu_put_8s(f, &s->isr);
664 qemu_put_8s(f, &s->dcfg);
665 qemu_put_8s(f, &s->imr);
666 qemu_put_buffer(f, s->phys, 6);
667 qemu_put_8s(f, &s->curpag);
668 qemu_put_buffer(f, s->mult, 8);
669 qemu_put_be32s(f, &s->irq);
670 qemu_put_buffer(f, s->mem, NE2000_MEM_SIZE);
671}
672
673static int ne2000_load(QEMUFile* f,void* opaque,int version_id)
674{
675 NE2000State* s=(NE2000State*)opaque;
676
acff9df6
FB		 677 if (version_id == 2) {
678 qemu_get_8s(f, &s->rxcr);
679 } else if (version_id == 1) {
680 s->rxcr = 0x0c;
681 } else {
30ca2aab 682 return -EINVAL;
acff9df6 683 }
30ca2aab
FB		 684
685 qemu_get_8s(f, &s->cmd);
686 qemu_get_be32s(f, &s->start);
687 qemu_get_be32s(f, &s->stop);
688 qemu_get_8s(f, &s->boundary);
689 qemu_get_8s(f, &s->tsr);
690 qemu_get_8s(f, &s->tpsr);
691 qemu_get_be16s(f, &s->tcnt);
692 qemu_get_be16s(f, &s->rcnt);
693 qemu_get_be32s(f, &s->rsar);
694 qemu_get_8s(f, &s->rsr);
695 qemu_get_8s(f, &s->isr);
696 qemu_get_8s(f, &s->dcfg);
697 qemu_get_8s(f, &s->imr);
698 qemu_get_buffer(f, s->phys, 6);
699 qemu_get_8s(f, &s->curpag);
700 qemu_get_buffer(f, s->mult, 8);
701 qemu_get_be32s(f, &s->irq);
702 qemu_get_buffer(f, s->mem, NE2000_MEM_SIZE);
703
704 return 0;
705}
706
7c9d8e07 707void isa_ne2000_init(int base, int irq, NICInfo *nd)
80cabfad 708{
b41a2cd1 709 NE2000State *s;
7c9d8e07 710
b41a2cd1
FB		 711 s = qemu_mallocz(sizeof(NE2000State));
712 if (!s)
713 return;
714
715 register_ioport_write(base, 16, 1, ne2000_ioport_write, s);
716 register_ioport_read(base, 16, 1, ne2000_ioport_read, s);
80cabfad 717
b41a2cd1
FB		 718 register_ioport_write(base + 0x10, 1, 1, ne2000_asic_ioport_write, s);
719 register_ioport_read(base + 0x10, 1, 1, ne2000_asic_ioport_read, s);
720 register_ioport_write(base + 0x10, 2, 2, ne2000_asic_ioport_write, s);
721 register_ioport_read(base + 0x10, 2, 2, ne2000_asic_ioport_read, s);
80cabfad 722
b41a2cd1
FB		 723 register_ioport_write(base + 0x1f, 1, 1, ne2000_reset_ioport_write, s);
724 register_ioport_read(base + 0x1f, 1, 1, ne2000_reset_ioport_read, s);
80cabfad 725 s->irq = irq;
7c9d8e07 726 memcpy(s->macaddr, nd->macaddr, 6);
80cabfad
FB		 727
728 ne2000_reset(s);
b41a2cd1 729
d861b05e
PB		 730 s->vc = qemu_new_vlan_client(nd->vlan, ne2000_receive,
731 ne2000_can_receive, s);
7c9d8e07
FB		 732
733 snprintf(s->vc->info_str, sizeof(s->vc->info_str),
734 "ne2000 macaddr=%02x:%02x:%02x:%02x:%02x:%02x",
735 s->macaddr[0],
736 s->macaddr[1],
737 s->macaddr[2],
738 s->macaddr[3],
739 s->macaddr[4],
740 s->macaddr[5]);
741
acff9df6 742 register_savevm("ne2000", 0, 2, ne2000_save, ne2000_load, s);
80cabfad 743}
69b91039
FB		 744
745/***********************************************************/
746/* PCI NE2000 definitions */
747
748typedef struct PCINE2000State {
749 PCIDevice dev;
750 NE2000State ne2000;
751} PCINE2000State;
752
69b91039
FB		 753static void ne2000_map(PCIDevice *pci_dev, int region_num,
754 uint32_t addr, uint32_t size, int type)
755{
756 PCINE2000State *d = (PCINE2000State *)pci_dev;
757 NE2000State *s = &d->ne2000;
758
759 register_ioport_write(addr, 16, 1, ne2000_ioport_write, s);
760 register_ioport_read(addr, 16, 1, ne2000_ioport_read, s);
761
762 register_ioport_write(addr + 0x10, 1, 1, ne2000_asic_ioport_write, s);
763 register_ioport_read(addr + 0x10, 1, 1, ne2000_asic_ioport_read, s);
764 register_ioport_write(addr + 0x10, 2, 2, ne2000_asic_ioport_write, s);
765 register_ioport_read(addr + 0x10, 2, 2, ne2000_asic_ioport_read, s);
766 register_ioport_write(addr + 0x10, 4, 4, ne2000_asic_ioport_writel, s);
767 register_ioport_read(addr + 0x10, 4, 4, ne2000_asic_ioport_readl, s);
768
769 register_ioport_write(addr + 0x1f, 1, 1, ne2000_reset_ioport_write, s);
770 register_ioport_read(addr + 0x1f, 1, 1, ne2000_reset_ioport_read, s);
771}
772
7c9d8e07 773void pci_ne2000_init(PCIBus *bus, NICInfo *nd)
69b91039
FB		 774{
775 PCINE2000State *d;
776 NE2000State *s;
777 uint8_t *pci_conf;
778
46e50e9d
FB		 779 d = (PCINE2000State *)pci_register_device(bus,
780 "NE2000", sizeof(PCINE2000State),
781 -1,
4a9c9687 782 NULL, NULL);
69b91039
FB		 783 pci_conf = d->dev.config;
784 pci_conf[0x00] = 0xec; // Realtek 8029
785 pci_conf[0x01] = 0x10;
786 pci_conf[0x02] = 0x29;
787 pci_conf[0x03] = 0x80;
788 pci_conf[0x0a] = 0x00; // ethernet network controller
789 pci_conf[0x0b] = 0x02;
790 pci_conf[0x0e] = 0x00; // header_type
4a9c9687 791 pci_conf[0x3d] = 1; // interrupt pin 0
69b91039 792
30ca2aab 793 pci_register_io_region(&d->dev, 0, 0x100,
69b91039
FB		 794 PCI_ADDRESS_SPACE_IO, ne2000_map);
795 s = &d->ne2000;
4a9c9687
FB		 796 s->irq = 16; // PCI interrupt
797 s->pci_dev = (PCIDevice *)d;
7c9d8e07 798 memcpy(s->macaddr, nd->macaddr, 6);
69b91039 799 ne2000_reset(s);
d861b05e
PB		 800 s->vc = qemu_new_vlan_client(nd->vlan, ne2000_receive,
801 ne2000_can_receive, s);
7c9d8e07
FB		 802
803 snprintf(s->vc->info_str, sizeof(s->vc->info_str),
804 "ne2000 pci macaddr=%02x:%02x:%02x:%02x:%02x:%02x",
805 s->macaddr[0],
806 s->macaddr[1],
807 s->macaddr[2],
808 s->macaddr[3],
809 s->macaddr[4],
810 s->macaddr[5]);
811
30ca2aab 812 /* XXX: instance number ? */
acff9df6 813 register_savevm("ne2000", 0, 2, ne2000_save, ne2000_load, s);
30ca2aab
FB		 814 register_savevm("ne2000_pci", 0, 1, generic_pci_save, generic_pci_load,
815 &d->dev);
69b91039 816}
Qemu copy for testing