]> git.proxmox.com Git - mirror_qemu.git/blame - hw/net/e1000.c
projects / mirror_qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
e1000: Introduced an array to control the access to the MAC registers
[mirror_qemu.git] / hw / net / e1000.c
CommitLineData
7c23b892
AZ		 1/*
2 * QEMU e1000 emulation
3 *
2758aa52
MT		 4 * Software developer's manual:
5 * http://download.intel.com/design/network/manuals/8254x_GBe_SDM.pdf
6 *
7c23b892
AZ		 7 * Nir Peleg, Tutis Systems Ltd. for Qumranet Inc.
8 * Copyright (c) 2008 Qumranet
9 * Based on work done by:
10 * Copyright (c) 2007 Dan Aloni
11 * Copyright (c) 2004 Antony T Curtis
12 *
13 * This library is free software; you can redistribute it and/or
14 * modify it under the terms of the GNU Lesser General Public
15 * License as published by the Free Software Foundation; either
16 * version 2 of the License, or (at your option) any later version.
17 *
18 * This library is distributed in the hope that it will be useful,
19 * but WITHOUT ANY WARRANTY; without even the implied warranty of
20 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
21 * Lesser General Public License for more details.
22 *
23 * You should have received a copy of the GNU Lesser General Public
8167ee88 24 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
7c23b892
AZ		 25 */
26
27
83c9f4ca
PB		 28#include "hw/hw.h"
29#include "hw/pci/pci.h"
1422e32d 30#include "net/net.h"
7200ac3c 31#include "net/checksum.h"
83c9f4ca 32#include "hw/loader.h"
9c17d615
PB		 33#include "sysemu/sysemu.h"
34#include "sysemu/dma.h"
97410dde 35#include "qemu/iov.h"
20302e71 36#include "qemu/range.h"
7c23b892 37
47b43a1f 38#include "e1000_regs.h"
7c23b892 39
27124888 40#define E1000_DEBUG
7c23b892 41
27124888 42#ifdef E1000_DEBUG
7c23b892 43enum {
20f3e863
LB		 44 DEBUG_GENERAL, DEBUG_IO, DEBUG_MMIO, DEBUG_INTERRUPT,
45 DEBUG_RX, DEBUG_TX, DEBUG_MDIC, DEBUG_EEPROM,
46 DEBUG_UNKNOWN, DEBUG_TXSUM, DEBUG_TXERR, DEBUG_RXERR,
f9c1cdf4 47 DEBUG_RXFILTER, DEBUG_PHY, DEBUG_NOTYET,
7c23b892 48};
20f3e863 49#define DBGBIT(x) (1<<DEBUG_##x)
7c23b892
AZ		 50static int debugflags = DBGBIT(TXERR) | DBGBIT(GENERAL);
51
20f3e863 52#define DBGOUT(what, fmt, ...) do { \
7c23b892 53 if (debugflags & DBGBIT(what)) \
6c7f4b47 54 fprintf(stderr, "e1000: " fmt, ## __VA_ARGS__); \
7c23b892
AZ		 55 } while (0)
56#else
20f3e863 57#define DBGOUT(what, fmt, ...) do {} while (0)
7c23b892
AZ		 58#endif
59
60#define IOPORT_SIZE 0x40
e94bbefe 61#define PNPMMIO_SIZE 0x20000
78aeb23e 62#define MIN_BUF_SIZE 60 /* Min. octets in an ethernet frame sans FCS */
7c23b892 63
b0d9ffcd
MC		 64/* this is the size past which hardware will drop packets when setting LPE=0 */
65#define MAXIMUM_ETHERNET_VLAN_SIZE 1522
2c0331f4
MC		 66/* this is the size past which hardware will drop packets when setting LPE=1 */
67#define MAXIMUM_ETHERNET_LPE_SIZE 16384
b0d9ffcd 68
97410dde
VM		 69#define MAXIMUM_ETHERNET_HDR_LEN (14+4)
70
7c23b892
AZ		 71/*
72 * HW models:
8597f2e1 73 * E1000_DEV_ID_82540EM works with Windows, Linux, and OS X <= 10.8
7c23b892 74 * E1000_DEV_ID_82544GC_COPPER appears to work; not well tested
8597f2e1 75 * E1000_DEV_ID_82545EM_COPPER works with Linux and OS X >= 10.6
7c23b892
AZ		 76 * Others never tested
77 */
7c23b892
AZ		 78
79typedef struct E1000State_st {
b08340d5
AF		 80 /*< private >*/
81 PCIDevice parent_obj;
82 /*< public >*/
83
a03e2aec 84 NICState *nic;
fbdaa002 85 NICConf conf;
ad00a9b9
AK		 86 MemoryRegion mmio;
87 MemoryRegion io;
7c23b892
AZ		 88
89 uint32_t mac_reg[0x8000];
90 uint16_t phy_reg[0x20];
91 uint16_t eeprom_data[64];
92
93 uint32_t rxbuf_size;
94 uint32_t rxbuf_min_shift;
7c23b892
AZ		 95 struct e1000_tx {
96 unsigned char header[256];
8f2e8d1f 97 unsigned char vlan_header[4];
b10fec9b 98 /* Fields vlan and data must not be reordered or separated. */
8f2e8d1f 99 unsigned char vlan[4];
7c23b892
AZ		 100 unsigned char data[0x10000];
101 uint16_t size;
102 unsigned char sum_needed;
8f2e8d1f 103 unsigned char vlan_needed;
7c23b892
AZ		 104 uint8_t ipcss;
105 uint8_t ipcso;
106 uint16_t ipcse;
107 uint8_t tucss;
108 uint8_t tucso;
109 uint16_t tucse;
110 uint8_t hdr_len;
111 uint16_t mss;
112 uint32_t paylen;
113 uint16_t tso_frames;
114 char tse;
b6c4f71f
BS		 115 int8_t ip;
116 int8_t tcp;
1b0009db 117 char cptse; // current packet tse bit
7c23b892
AZ		 118 } tx;
119
120 struct {
20f3e863 121 uint32_t val_in; /* shifted in from guest driver */
7c23b892
AZ		 122 uint16_t bitnum_in;
123 uint16_t bitnum_out;
124 uint16_t reading;
125 uint32_t old_eecd;
126 } eecd_state;
b9d03e35
JW		 127
128 QEMUTimer *autoneg_timer;
2af234e6 129
e9845f09
VM		 130 QEMUTimer *mit_timer; /* Mitigation timer. */
131 bool mit_timer_on; /* Mitigation timer is running. */
132 bool mit_irq_level; /* Tracks interrupt pin level. */
133 uint32_t mit_ide; /* Tracks E1000_TXD_CMD_IDE bit. */
134
2af234e6
MT		 135/* Compatibility flags for migration to/from qemu 1.3.0 and older */
136#define E1000_FLAG_AUTONEG_BIT 0
e9845f09 137#define E1000_FLAG_MIT_BIT 1
9e117734 138#define E1000_FLAG_MAC_BIT 2
2af234e6 139#define E1000_FLAG_AUTONEG (1 << E1000_FLAG_AUTONEG_BIT)
e9845f09 140#define E1000_FLAG_MIT (1 << E1000_FLAG_MIT_BIT)
9e117734 141#define E1000_FLAG_MAC (1 << E1000_FLAG_MAC_BIT)
2af234e6 142 uint32_t compat_flags;
7c23b892
AZ		 143} E1000State;
144
bc0f0674
LB		 145#define chkflag(x) (s->compat_flags & E1000_FLAG_##x)
146
8597f2e1
GS		 147typedef struct E1000BaseClass {
148 PCIDeviceClass parent_class;
149 uint16_t phy_id2;
8597f2e1
GS		 150} E1000BaseClass;
151
152#define TYPE_E1000_BASE "e1000-base"
567a3c9e
PC		 153
154#define E1000(obj) \
8597f2e1
GS		 155 OBJECT_CHECK(E1000State, (obj), TYPE_E1000_BASE)
156
157#define E1000_DEVICE_CLASS(klass) \
158 OBJECT_CLASS_CHECK(E1000BaseClass, (klass), TYPE_E1000_BASE)
159#define E1000_DEVICE_GET_CLASS(obj) \
160 OBJECT_GET_CLASS(E1000BaseClass, (obj), TYPE_E1000_BASE)
567a3c9e 161
20f3e863 162#define defreg(x) x = (E1000_##x>>2)
7c23b892 163enum {
20f3e863
LB		 164 defreg(CTRL), defreg(EECD), defreg(EERD), defreg(GPRC),
165 defreg(GPTC), defreg(ICR), defreg(ICS), defreg(IMC),
166 defreg(IMS), defreg(LEDCTL), defreg(MANC), defreg(MDIC),
167 defreg(MPC), defreg(PBA), defreg(RCTL), defreg(RDBAH),
168 defreg(RDBAL), defreg(RDH), defreg(RDLEN), defreg(RDT),
169 defreg(STATUS), defreg(SWSM), defreg(TCTL), defreg(TDBAH),
170 defreg(TDBAL), defreg(TDH), defreg(TDLEN), defreg(TDT),
171 defreg(TORH), defreg(TORL), defreg(TOTH), defreg(TOTL),
172 defreg(TPR), defreg(TPT), defreg(TXDCTL), defreg(WUFC),
173 defreg(RA), defreg(MTA), defreg(CRCERRS), defreg(VFTA),
174 defreg(VET), defreg(RDTR), defreg(RADV), defreg(TADV),
e9845f09 175 defreg(ITR),
7c23b892
AZ		 176};
177
71aadd3c
JW		 178static void
179e1000_link_down(E1000State *s)
180{
181 s->mac_reg[STATUS] &= ~E1000_STATUS_LU;
182 s->phy_reg[PHY_STATUS] &= ~MII_SR_LINK_STATUS;
6a2acedb 183 s->phy_reg[PHY_STATUS] &= ~MII_SR_AUTONEG_COMPLETE;
6883b591 184 s->phy_reg[PHY_LP_ABILITY] &= ~MII_LPAR_LPACK;
71aadd3c
JW		 185}
186
187static void
188e1000_link_up(E1000State *s)
189{
190 s->mac_reg[STATUS] |= E1000_STATUS_LU;
191 s->phy_reg[PHY_STATUS] |= MII_SR_LINK_STATUS;
5df6a185
SH		 192
193 /* E1000_STATUS_LU is tested by e1000_can_receive() */
194 qemu_flush_queued_packets(qemu_get_queue(s->nic));
71aadd3c
JW		 195}
196
1195fed9
GS		 197static bool
198have_autoneg(E1000State *s)
199{
bc0f0674 200 return chkflag(AUTONEG) && (s->phy_reg[PHY_CTRL] & MII_CR_AUTO_NEG_EN);
1195fed9
GS		 201}
202
b9d03e35
JW		 203static void
204set_phy_ctrl(E1000State *s, int index, uint16_t val)
205{
1195fed9
GS		 206 /* bits 0-5 reserved; MII_CR_[RESTART_AUTO_NEG,RESET] are self clearing */
207 s->phy_reg[PHY_CTRL] = val & ~(0x3f |
208 MII_CR_RESET |
209 MII_CR_RESTART_AUTO_NEG);
210
2af234e6
MT		 211 /*
212 * QEMU 1.3 does not support link auto-negotiation emulation, so if we
213 * migrate during auto negotiation, after migration the link will be
214 * down.
215 */
1195fed9 216 if (have_autoneg(s) && (val & MII_CR_RESTART_AUTO_NEG)) {
b9d03e35 217 e1000_link_down(s);
b9d03e35 218 DBGOUT(PHY, "Start link auto negotiation\n");
1195fed9
GS		 219 timer_mod(s->autoneg_timer,
220 qemu_clock_get_ms(QEMU_CLOCK_VIRTUAL) + 500);
b9d03e35
JW		 221 }
222}
223
b9d03e35
JW		 224static void (*phyreg_writeops[])(E1000State *, int, uint16_t) = {
225 [PHY_CTRL] = set_phy_ctrl,
226};
227
228enum { NPHYWRITEOPS = ARRAY_SIZE(phyreg_writeops) };
229
7c23b892 230enum { PHY_R = 1, PHY_W = 2, PHY_RW = PHY_R | PHY_W };
88b4e9db 231static const char phy_regcap[0x20] = {
20f3e863
LB		 232 [PHY_STATUS] = PHY_R, [M88E1000_EXT_PHY_SPEC_CTRL] = PHY_RW,
233 [PHY_ID1] = PHY_R, [M88E1000_PHY_SPEC_CTRL] = PHY_RW,
234 [PHY_CTRL] = PHY_RW, [PHY_1000T_CTRL] = PHY_RW,
235 [PHY_LP_ABILITY] = PHY_R, [PHY_1000T_STATUS] = PHY_R,
236 [PHY_AUTONEG_ADV] = PHY_RW, [M88E1000_RX_ERR_CNTR] = PHY_R,
237 [PHY_ID2] = PHY_R, [M88E1000_PHY_SPEC_STATUS] = PHY_R,
6883b591 238 [PHY_AUTONEG_EXP] = PHY_R,
7c23b892
AZ		 239};
240
8597f2e1 241/* PHY_ID2 documented in 8254x_GBe_SDM.pdf, pp. 250 */
814cd3ac 242static const uint16_t phy_reg_init[] = {
20f3e863 243 [PHY_CTRL] = MII_CR_SPEED_SELECT_MSB |
9616c290
GS		 244 MII_CR_FULL_DUPLEX |
245 MII_CR_AUTO_NEG_EN,
246
247 [PHY_STATUS] = MII_SR_EXTENDED_CAPS |
248 MII_SR_LINK_STATUS | /* link initially up */
249 MII_SR_AUTONEG_CAPS |
250 /* MII_SR_AUTONEG_COMPLETE: initially NOT completed */
251 MII_SR_PREAMBLE_SUPPRESS |
252 MII_SR_EXTENDED_STATUS |
253 MII_SR_10T_HD_CAPS |
254 MII_SR_10T_FD_CAPS |
255 MII_SR_100X_HD_CAPS |
256 MII_SR_100X_FD_CAPS,
257
258 [PHY_ID1] = 0x141,
259 /* [PHY_ID2] configured per DevId, from e1000_reset() */
260 [PHY_AUTONEG_ADV] = 0xde1,
261 [PHY_LP_ABILITY] = 0x1e0,
262 [PHY_1000T_CTRL] = 0x0e00,
263 [PHY_1000T_STATUS] = 0x3c00,
264 [M88E1000_PHY_SPEC_CTRL] = 0x360,
814cd3ac 265 [M88E1000_PHY_SPEC_STATUS] = 0xac00,
9616c290 266 [M88E1000_EXT_PHY_SPEC_CTRL] = 0x0d60,
814cd3ac
MT		 267};
268
269static const uint32_t mac_reg_init[] = {
20f3e863
LB		 270 [PBA] = 0x00100030,
271 [LEDCTL] = 0x602,
272 [CTRL] = E1000_CTRL_SWDPIN2 | E1000_CTRL_SWDPIN0 |
814cd3ac 273 E1000_CTRL_SPD_1000 | E1000_CTRL_SLU,
20f3e863 274 [STATUS] = 0x80000000 | E1000_STATUS_GIO_MASTER_ENABLE |
814cd3ac
MT		 275 E1000_STATUS_ASDV | E1000_STATUS_MTXCKOK |
276 E1000_STATUS_SPEED_1000 | E1000_STATUS_FD |
277 E1000_STATUS_LU,
20f3e863 278 [MANC] = E1000_MANC_EN_MNG2HOST | E1000_MANC_RCV_TCO_EN |
814cd3ac
MT		 279 E1000_MANC_ARP_EN | E1000_MANC_0298_EN |
280 E1000_MANC_RMCP_EN,
281};
282
e9845f09
VM		 283/* Helper function, *curr == 0 means the value is not set */
284static inline void
285mit_update_delay(uint32_t *curr, uint32_t value)
286{
287 if (value && (*curr == 0 || value < *curr)) {
288 *curr = value;
289 }
290}
291
7c23b892
AZ		 292static void
293set_interrupt_cause(E1000State *s, int index, uint32_t val)
294{
b08340d5 295 PCIDevice *d = PCI_DEVICE(s);
e9845f09
VM		 296 uint32_t pending_ints;
297 uint32_t mit_delay;
b08340d5 298
7c23b892 299 s->mac_reg[ICR] = val;
a52a8841
MT		 300
301 /*
302 * Make sure ICR and ICS registers have the same value.
303 * The spec says that the ICS register is write-only. However in practice,
304 * on real hardware ICS is readable, and for reads it has the same value as
305 * ICR (except that ICS does not have the clear on read behaviour of ICR).
306 *
307 * The VxWorks PRO/1000 driver uses this behaviour.
308 */
b1332393 309 s->mac_reg[ICS] = val;
a52a8841 310
e9845f09
VM		 311 pending_ints = (s->mac_reg[IMS] & s->mac_reg[ICR]);
312 if (!s->mit_irq_level && pending_ints) {
313 /*
314 * Here we detect a potential raising edge. We postpone raising the
315 * interrupt line if we are inside the mitigation delay window
316 * (s->mit_timer_on == 1).
317 * We provide a partial implementation of interrupt mitigation,
318 * emulating only RADV, TADV and ITR (lower 16 bits, 1024ns units for
319 * RADV and TADV, 256ns units for ITR). RDTR is only used to enable
320 * RADV; relative timers based on TIDV and RDTR are not implemented.
321 */
322 if (s->mit_timer_on) {
323 return;
324 }
bc0f0674 325 if (chkflag(MIT)) {
e9845f09
VM		 326 /* Compute the next mitigation delay according to pending
327 * interrupts and the current values of RADV (provided
328 * RDTR!=0), TADV and ITR.
329 * Then rearm the timer.
330 */
331 mit_delay = 0;
332 if (s->mit_ide &&
333 (pending_ints & (E1000_ICR_TXQE | E1000_ICR_TXDW))) {
334 mit_update_delay(&mit_delay, s->mac_reg[TADV] * 4);
335 }
336 if (s->mac_reg[RDTR] && (pending_ints & E1000_ICS_RXT0)) {
337 mit_update_delay(&mit_delay, s->mac_reg[RADV] * 4);
338 }
339 mit_update_delay(&mit_delay, s->mac_reg[ITR]);
340
341 if (mit_delay) {
342 s->mit_timer_on = 1;
343 timer_mod(s->mit_timer, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) +
344 mit_delay * 256);
345 }
346 s->mit_ide = 0;
347 }
348 }
349
350 s->mit_irq_level = (pending_ints != 0);
9e64f8a3 351 pci_set_irq(d, s->mit_irq_level);
e9845f09
VM		 352}
353
354static void
355e1000_mit_timer(void *opaque)
356{
357 E1000State *s = opaque;
358
359 s->mit_timer_on = 0;
360 /* Call set_interrupt_cause to update the irq level (if necessary). */
361 set_interrupt_cause(s, 0, s->mac_reg[ICR]);
7c23b892
AZ		 362}
363
364static void
365set_ics(E1000State *s, int index, uint32_t val)
366{
367 DBGOUT(INTERRUPT, "set_ics %x, ICR %x, IMR %x\n", val, s->mac_reg[ICR],
368 s->mac_reg[IMS]);
369 set_interrupt_cause(s, 0, val | s->mac_reg[ICR]);
370}
371
d52aec95
GS		 372static void
373e1000_autoneg_timer(void *opaque)
374{
375 E1000State *s = opaque;
376 if (!qemu_get_queue(s->nic)->link_down) {
377 e1000_link_up(s);
378 s->phy_reg[PHY_LP_ABILITY] |= MII_LPAR_LPACK;
379 s->phy_reg[PHY_STATUS] |= MII_SR_AUTONEG_COMPLETE;
380 DBGOUT(PHY, "Auto negotiation is completed\n");
381 set_ics(s, 0, E1000_ICS_LSC); /* signal link status change to guest */
382 }
383}
384
7c23b892
AZ		 385static int
386rxbufsize(uint32_t v)
387{
388 v &= E1000_RCTL_BSEX | E1000_RCTL_SZ_16384 | E1000_RCTL_SZ_8192 |
389 E1000_RCTL_SZ_4096 | E1000_RCTL_SZ_2048 | E1000_RCTL_SZ_1024 |
390 E1000_RCTL_SZ_512 | E1000_RCTL_SZ_256;
391 switch (v) {
392 case E1000_RCTL_BSEX | E1000_RCTL_SZ_16384:
393 return 16384;
394 case E1000_RCTL_BSEX | E1000_RCTL_SZ_8192:
395 return 8192;
396 case E1000_RCTL_BSEX | E1000_RCTL_SZ_4096:
397 return 4096;
398 case E1000_RCTL_SZ_1024:
399 return 1024;
400 case E1000_RCTL_SZ_512:
401 return 512;
402 case E1000_RCTL_SZ_256:
403 return 256;
404 }
405 return 2048;
406}
407
814cd3ac
MT		 408static void e1000_reset(void *opaque)
409{
410 E1000State *d = opaque;
8597f2e1 411 E1000BaseClass *edc = E1000_DEVICE_GET_CLASS(d);
372254c6
GS		 412 uint8_t *macaddr = d->conf.macaddr.a;
413 int i;
814cd3ac 414
bc72ad67 415 timer_del(d->autoneg_timer);
e9845f09
VM		 416 timer_del(d->mit_timer);
417 d->mit_timer_on = 0;
418 d->mit_irq_level = 0;
419 d->mit_ide = 0;
814cd3ac
MT		 420 memset(d->phy_reg, 0, sizeof d->phy_reg);
421 memmove(d->phy_reg, phy_reg_init, sizeof phy_reg_init);
8597f2e1 422 d->phy_reg[PHY_ID2] = edc->phy_id2;
814cd3ac
MT		 423 memset(d->mac_reg, 0, sizeof d->mac_reg);
424 memmove(d->mac_reg, mac_reg_init, sizeof mac_reg_init);
425 d->rxbuf_min_shift = 1;
426 memset(&d->tx, 0, sizeof d->tx);
427
b356f76d 428 if (qemu_get_queue(d->nic)->link_down) {
71aadd3c 429 e1000_link_down(d);
814cd3ac 430 }
372254c6
GS		 431
432 /* Some guests expect pre-initialized RAH/RAL (AddrValid flag + MACaddr) */
433 d->mac_reg[RA] = 0;
434 d->mac_reg[RA + 1] = E1000_RAH_AV;
435 for (i = 0; i < 4; i++) {
436 d->mac_reg[RA] |= macaddr[i] << (8 * i);
437 d->mac_reg[RA + 1] |= (i < 2) ? macaddr[i + 4] << (8 * i) : 0;
438 }
655d3b63 439 qemu_format_nic_info_str(qemu_get_queue(d->nic), macaddr);
814cd3ac
MT		 440}
441
cab3c825
KW		 442static void
443set_ctrl(E1000State *s, int index, uint32_t val)
444{
445 /* RST is self clearing */
446 s->mac_reg[CTRL] = val & ~E1000_CTRL_RST;
447}
448
7c23b892
AZ		 449static void
450set_rx_control(E1000State *s, int index, uint32_t val)
451{
452 s->mac_reg[RCTL] = val;
453 s->rxbuf_size = rxbufsize(val);
454 s->rxbuf_min_shift = ((val / E1000_RCTL_RDMTS_QUAT) & 3) + 1;
455 DBGOUT(RX, "RCTL: %d, mac_reg[RCTL] = 0x%x\n", s->mac_reg[RDT],
456 s->mac_reg[RCTL]);
b356f76d 457 qemu_flush_queued_packets(qemu_get_queue(s->nic));
7c23b892
AZ		 458}
459
460static void
461set_mdic(E1000State *s, int index, uint32_t val)
462{
463 uint32_t data = val & E1000_MDIC_DATA_MASK;
464 uint32_t addr = ((val & E1000_MDIC_REG_MASK) >> E1000_MDIC_REG_SHIFT);
465
466 if ((val & E1000_MDIC_PHY_MASK) >> E1000_MDIC_PHY_SHIFT != 1) // phy #
467 val = s->mac_reg[MDIC] | E1000_MDIC_ERROR;
468 else if (val & E1000_MDIC_OP_READ) {
469 DBGOUT(MDIC, "MDIC read reg 0x%x\n", addr);
470 if (!(phy_regcap[addr] & PHY_R)) {
471 DBGOUT(MDIC, "MDIC read reg %x unhandled\n", addr);
472 val |= E1000_MDIC_ERROR;
473 } else
474 val = (val ^ data) | s->phy_reg[addr];
475 } else if (val & E1000_MDIC_OP_WRITE) {
476 DBGOUT(MDIC, "MDIC write reg 0x%x, value 0x%x\n", addr, data);
477 if (!(phy_regcap[addr] & PHY_W)) {
478 DBGOUT(MDIC, "MDIC write reg %x unhandled\n", addr);
479 val |= E1000_MDIC_ERROR;
b9d03e35
JW		 480 } else {
481 if (addr < NPHYWRITEOPS && phyreg_writeops[addr]) {
482 phyreg_writeops[addr](s, index, data);
1195fed9
GS		 483 } else {
484 s->phy_reg[addr] = data;
b9d03e35 485 }
b9d03e35 486 }
7c23b892
AZ		 487 }
488 s->mac_reg[MDIC] = val | E1000_MDIC_READY;
17fbbb0b
JW		 489
490 if (val & E1000_MDIC_INT_EN) {
491 set_ics(s, 0, E1000_ICR_MDAC);
492 }
7c23b892
AZ		 493}
494
495static uint32_t
496get_eecd(E1000State *s, int index)
497{
498 uint32_t ret = E1000_EECD_PRES|E1000_EECD_GNT | s->eecd_state.old_eecd;
499
500 DBGOUT(EEPROM, "reading eeprom bit %d (reading %d)\n",
501 s->eecd_state.bitnum_out, s->eecd_state.reading);
502 if (!s->eecd_state.reading ||
503 ((s->eeprom_data[(s->eecd_state.bitnum_out >> 4) & 0x3f] >>
504 ((s->eecd_state.bitnum_out & 0xf) ^ 0xf))) & 1)
505 ret |= E1000_EECD_DO;
506 return ret;
507}
508
509static void
510set_eecd(E1000State *s, int index, uint32_t val)
511{
512 uint32_t oldval = s->eecd_state.old_eecd;
513
514 s->eecd_state.old_eecd = val & (E1000_EECD_SK | E1000_EECD_CS |
515 E1000_EECD_DI|E1000_EECD_FWE_MASK|E1000_EECD_REQ);
20f3e863
LB		 516 if (!(E1000_EECD_CS & val)) { /* CS inactive; nothing to do */
517 return;
518 }
519 if (E1000_EECD_CS & (val ^ oldval)) { /* CS rise edge; reset state */
520 s->eecd_state.val_in = 0;
521 s->eecd_state.bitnum_in = 0;
522 s->eecd_state.bitnum_out = 0;
523 s->eecd_state.reading = 0;
9651ac55 524 }
20f3e863 525 if (!(E1000_EECD_SK & (val ^ oldval))) { /* no clock edge */
7c23b892 526 return;
20f3e863
LB		 527 }
528 if (!(E1000_EECD_SK & val)) { /* falling edge */
7c23b892
AZ		 529 s->eecd_state.bitnum_out++;
530 return;
531 }
7c23b892
AZ		 532 s->eecd_state.val_in <<= 1;
533 if (val & E1000_EECD_DI)
534 s->eecd_state.val_in |= 1;
535 if (++s->eecd_state.bitnum_in == 9 && !s->eecd_state.reading) {
536 s->eecd_state.bitnum_out = ((s->eecd_state.val_in & 0x3f)<<4)-1;
537 s->eecd_state.reading = (((s->eecd_state.val_in >> 6) & 7) ==
538 EEPROM_READ_OPCODE_MICROWIRE);
539 }
540 DBGOUT(EEPROM, "eeprom bitnum in %d out %d, reading %d\n",
541 s->eecd_state.bitnum_in, s->eecd_state.bitnum_out,
542 s->eecd_state.reading);
543}
544
545static uint32_t
546flash_eerd_read(E1000State *s, int x)
547{
548 unsigned int index, r = s->mac_reg[EERD] & ~E1000_EEPROM_RW_REG_START;
549
b1332393
BP		 550 if ((s->mac_reg[EERD] & E1000_EEPROM_RW_REG_START) == 0)
551 return (s->mac_reg[EERD]);
552
7c23b892 553 if ((index = r >> E1000_EEPROM_RW_ADDR_SHIFT) > EEPROM_CHECKSUM_REG)
b1332393
BP		 554 return (E1000_EEPROM_RW_REG_DONE | r);
555
556 return ((s->eeprom_data[index] << E1000_EEPROM_RW_REG_DATA) |
557 E1000_EEPROM_RW_REG_DONE | r);
7c23b892
AZ		 558}
559
7c23b892
AZ		 560static void
561putsum(uint8_t *data, uint32_t n, uint32_t sloc, uint32_t css, uint32_t cse)
562{
c6a6a5e3
AL		 563 uint32_t sum;
564
7c23b892
AZ		 565 if (cse && cse < n)
566 n = cse + 1;
c6a6a5e3
AL		 567 if (sloc < n-1) {
568 sum = net_checksum_add(n-css, data+css);
d8ee2591 569 stw_be_p(data + sloc, net_checksum_finish(sum));
c6a6a5e3 570 }
7c23b892
AZ		 571}
572
8f2e8d1f
AL		 573static inline int
574vlan_enabled(E1000State *s)
575{
576 return ((s->mac_reg[CTRL] & E1000_CTRL_VME) != 0);
577}
578
579static inline int
580vlan_rx_filter_enabled(E1000State *s)
581{
582 return ((s->mac_reg[RCTL] & E1000_RCTL_VFE) != 0);
583}
584
585static inline int
586is_vlan_packet(E1000State *s, const uint8_t *buf)
587{
588 return (be16_to_cpup((uint16_t *)(buf + 12)) ==
4e60a250 589 le16_to_cpu(s->mac_reg[VET]));
8f2e8d1f
AL		 590}
591
592static inline int
593is_vlan_txd(uint32_t txd_lower)
594{
595 return ((txd_lower & E1000_TXD_CMD_VLE) != 0);
596}
597
55e8d1ce
MT		 598/* FCS aka Ethernet CRC-32. We don't get it from backends and can't
599 * fill it in, just pad descriptor length by 4 bytes unless guest
a05e8a6e 600 * told us to strip it off the packet. */
55e8d1ce
MT		 601static inline int
602fcs_len(E1000State *s)
603{
604 return (s->mac_reg[RCTL] & E1000_RCTL_SECRC) ? 0 : 4;
605}
606
93e37d76
JW		 607static void
608e1000_send_packet(E1000State *s, const uint8_t *buf, int size)
609{
b356f76d 610 NetClientState *nc = qemu_get_queue(s->nic);
93e37d76 611 if (s->phy_reg[PHY_CTRL] & MII_CR_LOOPBACK) {
b356f76d 612 nc->info->receive(nc, buf, size);
93e37d76 613 } else {
b356f76d 614 qemu_send_packet(nc, buf, size);
93e37d76
JW		 615 }
616}
617
7c23b892
AZ		 618static void
619xmit_seg(E1000State *s)
620{
621 uint16_t len, *sp;
622 unsigned int frames = s->tx.tso_frames, css, sofar, n;
623 struct e1000_tx *tp = &s->tx;
624
1b0009db 625 if (tp->tse && tp->cptse) {
7c23b892
AZ		 626 css = tp->ipcss;
627 DBGOUT(TXSUM, "frames %d size %d ipcss %d\n",
628 frames, tp->size, css);
20f3e863 629 if (tp->ip) { /* IPv4 */
d8ee2591
PM		 630 stw_be_p(tp->data+css+2, tp->size - css);
631 stw_be_p(tp->data+css+4,
20f3e863
LB		 632 be16_to_cpup((uint16_t *)(tp->data+css+4))+frames);
633 } else { /* IPv6 */
d8ee2591 634 stw_be_p(tp->data+css+4, tp->size - css);
20f3e863 635 }
7c23b892
AZ		 636 css = tp->tucss;
637 len = tp->size - css;
638 DBGOUT(TXSUM, "tcp %d tucss %d len %d\n", tp->tcp, css, len);
639 if (tp->tcp) {
640 sofar = frames * tp->mss;
6bd194ab 641 stl_be_p(tp->data+css+4, ldl_be_p(tp->data+css+4)+sofar); /* seq */
7c23b892 642 if (tp->paylen - sofar > tp->mss)
20f3e863
LB		 643 tp->data[css + 13] &= ~9; /* PSH, FIN */
644 } else /* UDP */
d8ee2591 645 stw_be_p(tp->data+css+4, len);
7c23b892 646 if (tp->sum_needed & E1000_TXD_POPTS_TXSM) {
e685b4eb 647 unsigned int phsum;
7c23b892
AZ		 648 // add pseudo-header length before checksum calculation
649 sp = (uint16_t *)(tp->data + tp->tucso);
e685b4eb
AW		 650 phsum = be16_to_cpup(sp) + len;
651 phsum = (phsum >> 16) + (phsum & 0xffff);
d8ee2591 652 stw_be_p(sp, phsum);
7c23b892
AZ		 653 }
654 tp->tso_frames++;
655 }
656
657 if (tp->sum_needed & E1000_TXD_POPTS_TXSM)
658 putsum(tp->data, tp->size, tp->tucso, tp->tucss, tp->tucse);
659 if (tp->sum_needed & E1000_TXD_POPTS_IXSM)
660 putsum(tp->data, tp->size, tp->ipcso, tp->ipcss, tp->ipcse);
8f2e8d1f 661 if (tp->vlan_needed) {
b10fec9b
SW		 662 memmove(tp->vlan, tp->data, 4);
663 memmove(tp->data, tp->data + 4, 8);
8f2e8d1f 664 memcpy(tp->data + 8, tp->vlan_header, 4);
93e37d76 665 e1000_send_packet(s, tp->vlan, tp->size + 4);
20f3e863 666 } else {
93e37d76 667 e1000_send_packet(s, tp->data, tp->size);
20f3e863
LB		 668 }
669
7c23b892
AZ		 670 s->mac_reg[TPT]++;
671 s->mac_reg[GPTC]++;
672 n = s->mac_reg[TOTL];
673 if ((s->mac_reg[TOTL] += s->tx.size) < n)
674 s->mac_reg[TOTH]++;
675}
676
677static void
678process_tx_desc(E1000State *s, struct e1000_tx_desc *dp)
679{
b08340d5 680 PCIDevice *d = PCI_DEVICE(s);
7c23b892
AZ		 681 uint32_t txd_lower = le32_to_cpu(dp->lower.data);
682 uint32_t dtype = txd_lower & (E1000_TXD_CMD_DEXT | E1000_TXD_DTYP_D);
683 unsigned int split_size = txd_lower & 0xffff, bytes, sz, op;
a0ae17a6 684 unsigned int msh = 0xfffff;
7c23b892
AZ		 685 uint64_t addr;
686 struct e1000_context_desc *xp = (struct e1000_context_desc *)dp;
687 struct e1000_tx *tp = &s->tx;
688
e9845f09 689 s->mit_ide |= (txd_lower & E1000_TXD_CMD_IDE);
20f3e863 690 if (dtype == E1000_TXD_CMD_DEXT) { /* context descriptor */
7c23b892
AZ		 691 op = le32_to_cpu(xp->cmd_and_length);
692 tp->ipcss = xp->lower_setup.ip_fields.ipcss;
693 tp->ipcso = xp->lower_setup.ip_fields.ipcso;
694 tp->ipcse = le16_to_cpu(xp->lower_setup.ip_fields.ipcse);
695 tp->tucss = xp->upper_setup.tcp_fields.tucss;
696 tp->tucso = xp->upper_setup.tcp_fields.tucso;
697 tp->tucse = le16_to_cpu(xp->upper_setup.tcp_fields.tucse);
698 tp->paylen = op & 0xfffff;
699 tp->hdr_len = xp->tcp_seg_setup.fields.hdr_len;
700 tp->mss = le16_to_cpu(xp->tcp_seg_setup.fields.mss);
701 tp->ip = (op & E1000_TXD_CMD_IP) ? 1 : 0;
702 tp->tcp = (op & E1000_TXD_CMD_TCP) ? 1 : 0;
703 tp->tse = (op & E1000_TXD_CMD_TSE) ? 1 : 0;
704 tp->tso_frames = 0;
20f3e863 705 if (tp->tucso == 0) { /* this is probably wrong */
7c23b892
AZ		 706 DBGOUT(TXSUM, "TCP/UDP: cso 0!\n");
707 tp->tucso = tp->tucss + (tp->tcp ? 16 : 6);
708 }
709 return;
1b0009db
AZ		 710 } else if (dtype == (E1000_TXD_CMD_DEXT | E1000_TXD_DTYP_D)) {
711 // data descriptor
735e77ec
SH		 712 if (tp->size == 0) {
713 tp->sum_needed = le32_to_cpu(dp->upper.data) >> 8;
714 }
1b0009db 715 tp->cptse = ( txd_lower & E1000_TXD_CMD_TSE ) ? 1 : 0;
43ad7e3e 716 } else {
1b0009db
AZ		 717 // legacy descriptor
718 tp->cptse = 0;
43ad7e3e 719 }
7c23b892 720
8f2e8d1f
AL		 721 if (vlan_enabled(s) && is_vlan_txd(txd_lower) &&
722 (tp->cptse || txd_lower & E1000_TXD_CMD_EOP)) {
723 tp->vlan_needed = 1;
d8ee2591 724 stw_be_p(tp->vlan_header,
4e60a250 725 le16_to_cpu(s->mac_reg[VET]));
d8ee2591 726 stw_be_p(tp->vlan_header + 2,
8f2e8d1f
AL		 727 le16_to_cpu(dp->upper.fields.special));
728 }
20f3e863 729
7c23b892 730 addr = le64_to_cpu(dp->buffer_addr);
1b0009db 731 if (tp->tse && tp->cptse) {
a0ae17a6 732 msh = tp->hdr_len + tp->mss;
1b0009db
AZ		 733 do {
734 bytes = split_size;
735 if (tp->size + bytes > msh)
736 bytes = msh - tp->size;
65f82df0
AL		 737
738 bytes = MIN(sizeof(tp->data) - tp->size, bytes);
b08340d5 739 pci_dma_read(d, addr, tp->data + tp->size, bytes);
a0ae17a6
AJ		 740 sz = tp->size + bytes;
741 if (sz >= tp->hdr_len && tp->size < tp->hdr_len) {
742 memmove(tp->header, tp->data, tp->hdr_len);
743 }
1b0009db
AZ		 744 tp->size = sz;
745 addr += bytes;
746 if (sz == msh) {
747 xmit_seg(s);
a0ae17a6
AJ		 748 memmove(tp->data, tp->header, tp->hdr_len);
749 tp->size = tp->hdr_len;
1b0009db 750 }
b947ac2b
PP		 751 split_size -= bytes;
752 } while (bytes && split_size);
1b0009db
AZ		 753 } else if (!tp->tse && tp->cptse) {
754 // context descriptor TSE is not set, while data descriptor TSE is set
362f5fb5 755 DBGOUT(TXERR, "TCP segmentation error\n");
1b0009db 756 } else {
65f82df0 757 split_size = MIN(sizeof(tp->data) - tp->size, split_size);
b08340d5 758 pci_dma_read(d, addr, tp->data + tp->size, split_size);
1b0009db 759 tp->size += split_size;
7c23b892 760 }
7c23b892
AZ		 761
762 if (!(txd_lower & E1000_TXD_CMD_EOP))
763 return;
a0ae17a6 764 if (!(tp->tse && tp->cptse && tp->size < tp->hdr_len)) {
7c23b892 765 xmit_seg(s);
a0ae17a6 766 }
7c23b892
AZ		 767 tp->tso_frames = 0;
768 tp->sum_needed = 0;
8f2e8d1f 769 tp->vlan_needed = 0;
7c23b892 770 tp->size = 0;
1b0009db 771 tp->cptse = 0;
7c23b892
AZ		 772}
773
774static uint32_t
62ecbd35 775txdesc_writeback(E1000State *s, dma_addr_t base, struct e1000_tx_desc *dp)
7c23b892 776{
b08340d5 777 PCIDevice *d = PCI_DEVICE(s);
7c23b892
AZ		 778 uint32_t txd_upper, txd_lower = le32_to_cpu(dp->lower.data);
779
780 if (!(txd_lower & (E1000_TXD_CMD_RS|E1000_TXD_CMD_RPS)))
781 return 0;
782 txd_upper = (le32_to_cpu(dp->upper.data) | E1000_TXD_STAT_DD) &
783 ~(E1000_TXD_STAT_EC | E1000_TXD_STAT_LC | E1000_TXD_STAT_TU);
784 dp->upper.data = cpu_to_le32(txd_upper);
b08340d5 785 pci_dma_write(d, base + ((char *)&dp->upper - (char *)dp),
00c3a05b 786 &dp->upper, sizeof(dp->upper));
7c23b892
AZ		 787 return E1000_ICR_TXDW;
788}
789
d17161f6
KW		 790static uint64_t tx_desc_base(E1000State *s)
791{
792 uint64_t bah = s->mac_reg[TDBAH];
793 uint64_t bal = s->mac_reg[TDBAL] & ~0xf;
794
795 return (bah << 32) + bal;
796}
797
7c23b892
AZ		 798static void
799start_xmit(E1000State *s)
800{
b08340d5 801 PCIDevice *d = PCI_DEVICE(s);
62ecbd35 802 dma_addr_t base;
7c23b892
AZ		 803 struct e1000_tx_desc desc;
804 uint32_t tdh_start = s->mac_reg[TDH], cause = E1000_ICS_TXQE;
805
806 if (!(s->mac_reg[TCTL] & E1000_TCTL_EN)) {
807 DBGOUT(TX, "tx disabled\n");
808 return;
809 }
810
811 while (s->mac_reg[TDH] != s->mac_reg[TDT]) {
d17161f6 812 base = tx_desc_base(s) +
7c23b892 813 sizeof(struct e1000_tx_desc) * s->mac_reg[TDH];
b08340d5 814 pci_dma_read(d, base, &desc, sizeof(desc));
7c23b892
AZ		 815
816 DBGOUT(TX, "index %d: %p : %x %x\n", s->mac_reg[TDH],
6106075b 817 (void *)(intptr_t)desc.buffer_addr, desc.lower.data,
7c23b892
AZ		 818 desc.upper.data);
819
820 process_tx_desc(s, &desc);
62ecbd35 821 cause |= txdesc_writeback(s, base, &desc);
7c23b892
AZ		 822
823 if (++s->mac_reg[TDH] * sizeof(desc) >= s->mac_reg[TDLEN])
824 s->mac_reg[TDH] = 0;
825 /*
826 * the following could happen only if guest sw assigns
827 * bogus values to TDT/TDLEN.
828 * there's nothing too intelligent we could do about this.
829 */
830 if (s->mac_reg[TDH] == tdh_start) {
831 DBGOUT(TXERR, "TDH wraparound @%x, TDT %x, TDLEN %x\n",
832 tdh_start, s->mac_reg[TDT], s->mac_reg[TDLEN]);
833 break;
834 }
835 }
836 set_ics(s, 0, cause);
837}
838
839static int
840receive_filter(E1000State *s, const uint8_t *buf, int size)
841{
af2960f9
BS		 842 static const uint8_t bcast[] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
843 static const int mta_shift[] = {4, 3, 2, 0};
7c23b892
AZ		 844 uint32_t f, rctl = s->mac_reg[RCTL], ra[2], *rp;
845
8f2e8d1f
AL		 846 if (is_vlan_packet(s, buf) && vlan_rx_filter_enabled(s)) {
847 uint16_t vid = be16_to_cpup((uint16_t *)(buf + 14));
848 uint32_t vfta = le32_to_cpup((uint32_t *)(s->mac_reg + VFTA) +
849 ((vid >> 5) & 0x7f));
850 if ((vfta & (1 << (vid & 0x1f))) == 0)
851 return 0;
852 }
853
7c23b892
AZ		 854 if (rctl & E1000_RCTL_UPE) // promiscuous
855 return 1;
856
857 if ((buf[0] & 1) && (rctl & E1000_RCTL_MPE)) // promiscuous mcast
858 return 1;
859
860 if ((rctl & E1000_RCTL_BAM) && !memcmp(buf, bcast, sizeof bcast))
861 return 1;
862
863 for (rp = s->mac_reg + RA; rp < s->mac_reg + RA + 32; rp += 2) {
864 if (!(rp[1] & E1000_RAH_AV))
865 continue;
866 ra[0] = cpu_to_le32(rp[0]);
867 ra[1] = cpu_to_le32(rp[1]);
868 if (!memcmp(buf, (uint8_t *)ra, 6)) {
869 DBGOUT(RXFILTER,
870 "unicast match[%d]: %02x:%02x:%02x:%02x:%02x:%02x\n",
871 (int)(rp - s->mac_reg - RA)/2,
872 buf[0], buf[1], buf[2], buf[3], buf[4], buf[5]);
873 return 1;
874 }
875 }
876 DBGOUT(RXFILTER, "unicast mismatch: %02x:%02x:%02x:%02x:%02x:%02x\n",
877 buf[0], buf[1], buf[2], buf[3], buf[4], buf[5]);
878
879 f = mta_shift[(rctl >> E1000_RCTL_MO_SHIFT) & 3];
880 f = (((buf[5] << 8) | buf[4]) >> f) & 0xfff;
881 if (s->mac_reg[MTA + (f >> 5)] & (1 << (f & 0x1f)))
882 return 1;
883 DBGOUT(RXFILTER,
884 "dropping, inexact filter mismatch: %02x:%02x:%02x:%02x:%02x:%02x MO %d MTA[%d] %x\n",
885 buf[0], buf[1], buf[2], buf[3], buf[4], buf[5],
886 (rctl >> E1000_RCTL_MO_SHIFT) & 3, f >> 5,
887 s->mac_reg[MTA + (f >> 5)]);
888
889 return 0;
890}
891
99ed7e30 892static void
4e68f7a0 893e1000_set_link_status(NetClientState *nc)
99ed7e30 894{
cc1f0f45 895 E1000State *s = qemu_get_nic_opaque(nc);
99ed7e30
AL		 896 uint32_t old_status = s->mac_reg[STATUS];
897
d4044c2a 898 if (nc->link_down) {
71aadd3c 899 e1000_link_down(s);
d4044c2a 900 } else {
d7a41552 901 if (have_autoneg(s) &&
6a2acedb
GS		 902 !(s->phy_reg[PHY_STATUS] & MII_SR_AUTONEG_COMPLETE)) {
903 /* emulate auto-negotiation if supported */
904 timer_mod(s->autoneg_timer,
905 qemu_clock_get_ms(QEMU_CLOCK_VIRTUAL) + 500);
906 } else {
907 e1000_link_up(s);
908 }
d4044c2a 909 }
99ed7e30
AL		 910
911 if (s->mac_reg[STATUS] != old_status)
912 set_ics(s, 0, E1000_ICR_LSC);
913}
914
322fd48a
MT		 915static bool e1000_has_rxbufs(E1000State *s, size_t total_size)
916{
917 int bufs;
918 /* Fast-path short packets */
919 if (total_size <= s->rxbuf_size) {
e5b8b0d4 920 return s->mac_reg[RDH] != s->mac_reg[RDT];
322fd48a
MT		 921 }
922 if (s->mac_reg[RDH] < s->mac_reg[RDT]) {
923 bufs = s->mac_reg[RDT] - s->mac_reg[RDH];
e5b8b0d4 924 } else if (s->mac_reg[RDH] > s->mac_reg[RDT]) {
322fd48a
MT		 925 bufs = s->mac_reg[RDLEN] / sizeof(struct e1000_rx_desc) +
926 s->mac_reg[RDT] - s->mac_reg[RDH];
927 } else {
928 return false;
929 }
930 return total_size <= bufs * s->rxbuf_size;
931}
932
6cdfab28 933static int
4e68f7a0 934e1000_can_receive(NetClientState *nc)
6cdfab28 935{
cc1f0f45 936 E1000State *s = qemu_get_nic_opaque(nc);
6cdfab28 937
ddcb73b7 938 return (s->mac_reg[STATUS] & E1000_STATUS_LU) &&
20302e71
MT		 939 (s->mac_reg[RCTL] & E1000_RCTL_EN) &&
940 (s->parent_obj.config[PCI_COMMAND] & PCI_COMMAND_MASTER) &&
941 e1000_has_rxbufs(s, 1);
6cdfab28
MT		 942}
943
d17161f6
KW		 944static uint64_t rx_desc_base(E1000State *s)
945{
946 uint64_t bah = s->mac_reg[RDBAH];
947 uint64_t bal = s->mac_reg[RDBAL] & ~0xf;
948
949 return (bah << 32) + bal;
950}
951
4f1c942b 952static ssize_t
97410dde 953e1000_receive_iov(NetClientState *nc, const struct iovec *iov, int iovcnt)
7c23b892 954{
cc1f0f45 955 E1000State *s = qemu_get_nic_opaque(nc);
b08340d5 956 PCIDevice *d = PCI_DEVICE(s);
7c23b892 957 struct e1000_rx_desc desc;
62ecbd35 958 dma_addr_t base;
7c23b892
AZ		 959 unsigned int n, rdt;
960 uint32_t rdh_start;
8f2e8d1f 961 uint16_t vlan_special = 0;
97410dde 962 uint8_t vlan_status = 0;
78aeb23e 963 uint8_t min_buf[MIN_BUF_SIZE];
97410dde
VM		 964 struct iovec min_iov;
965 uint8_t *filter_buf = iov->iov_base;
966 size_t size = iov_size(iov, iovcnt);
967 size_t iov_ofs = 0;
b19487e2
MT		 968 size_t desc_offset;
969 size_t desc_size;
970 size_t total_size;
7c23b892 971
ddcb73b7
MT		 972 if (!(s->mac_reg[STATUS] & E1000_STATUS_LU)) {
973 return -1;
974 }
975
976 if (!(s->mac_reg[RCTL] & E1000_RCTL_EN)) {
4f1c942b 977 return -1;
ddcb73b7 978 }
7c23b892 979
78aeb23e
SH		 980 /* Pad to minimum Ethernet frame length */
981 if (size < sizeof(min_buf)) {
97410dde 982 iov_to_buf(iov, iovcnt, 0, min_buf, size);
78aeb23e 983 memset(&min_buf[size], 0, sizeof(min_buf) - size);
97410dde
VM		 984 min_iov.iov_base = filter_buf = min_buf;
985 min_iov.iov_len = size = sizeof(min_buf);
986 iovcnt = 1;
987 iov = &min_iov;
988 } else if (iov->iov_len < MAXIMUM_ETHERNET_HDR_LEN) {
989 /* This is very unlikely, but may happen. */
990 iov_to_buf(iov, iovcnt, 0, min_buf, MAXIMUM_ETHERNET_HDR_LEN);
991 filter_buf = min_buf;
78aeb23e
SH		 992 }
993
b0d9ffcd 994 /* Discard oversized packets if !LPE and !SBP. */
2c0331f4
MC		 995 if ((size > MAXIMUM_ETHERNET_LPE_SIZE ||
996 (size > MAXIMUM_ETHERNET_VLAN_SIZE
997 && !(s->mac_reg[RCTL] & E1000_RCTL_LPE)))
b0d9ffcd
MC		 998 && !(s->mac_reg[RCTL] & E1000_RCTL_SBP)) {
999 return size;
1000 }
1001
97410dde 1002 if (!receive_filter(s, filter_buf, size)) {
4f1c942b 1003 return size;
97410dde 1004 }
7c23b892 1005
97410dde
VM		 1006 if (vlan_enabled(s) && is_vlan_packet(s, filter_buf)) {
1007 vlan_special = cpu_to_le16(be16_to_cpup((uint16_t *)(filter_buf
1008 + 14)));
1009 iov_ofs = 4;
1010 if (filter_buf == iov->iov_base) {
1011 memmove(filter_buf + 4, filter_buf, 12);
1012 } else {
1013 iov_from_buf(iov, iovcnt, 4, filter_buf, 12);
1014 while (iov->iov_len <= iov_ofs) {
1015 iov_ofs -= iov->iov_len;
1016 iov++;
1017 }
1018 }
8f2e8d1f 1019 vlan_status = E1000_RXD_STAT_VP;
8f2e8d1f
AL		 1020 size -= 4;
1021 }
1022
7c23b892 1023 rdh_start = s->mac_reg[RDH];
b19487e2
MT		 1024 desc_offset = 0;
1025 total_size = size + fcs_len(s);
322fd48a
MT		 1026 if (!e1000_has_rxbufs(s, total_size)) {
1027 set_ics(s, 0, E1000_ICS_RXO);
1028 return -1;
1029 }
7c23b892 1030 do {
b19487e2
MT		 1031 desc_size = total_size - desc_offset;
1032 if (desc_size > s->rxbuf_size) {
1033 desc_size = s->rxbuf_size;
1034 }
d17161f6 1035 base = rx_desc_base(s) + sizeof(desc) * s->mac_reg[RDH];
b08340d5 1036 pci_dma_read(d, base, &desc, sizeof(desc));
8f2e8d1f
AL		 1037 desc.special = vlan_special;
1038 desc.status |= (vlan_status | E1000_RXD_STAT_DD);
7c23b892 1039 if (desc.buffer_addr) {
b19487e2 1040 if (desc_offset < size) {
97410dde
VM		 1041 size_t iov_copy;
1042 hwaddr ba = le64_to_cpu(desc.buffer_addr);
b19487e2
MT		 1043 size_t copy_size = size - desc_offset;
1044 if (copy_size > s->rxbuf_size) {
1045 copy_size = s->rxbuf_size;
1046 }
97410dde
VM		 1047 do {
1048 iov_copy = MIN(copy_size, iov->iov_len - iov_ofs);
1049 pci_dma_write(d, ba, iov->iov_base + iov_ofs, iov_copy);
1050 copy_size -= iov_copy;
1051 ba += iov_copy;
1052 iov_ofs += iov_copy;
1053 if (iov_ofs == iov->iov_len) {
1054 iov++;
1055 iov_ofs = 0;
1056 }
1057 } while (copy_size);
b19487e2
MT		 1058 }
1059 desc_offset += desc_size;
ee912ccf 1060 desc.length = cpu_to_le16(desc_size);
b19487e2 1061 if (desc_offset >= total_size) {
b19487e2
MT		 1062 desc.status |= E1000_RXD_STAT_EOP | E1000_RXD_STAT_IXSM;
1063 } else {
ee912ccf
MT		 1064 /* Guest zeroing out status is not a hardware requirement.
1065 Clear EOP in case guest didn't do it. */
1066 desc.status &= ~E1000_RXD_STAT_EOP;
b19487e2 1067 }
43ad7e3e 1068 } else { // as per intel docs; skip descriptors with null buf addr
7c23b892 1069 DBGOUT(RX, "Null RX descriptor!!\n");
43ad7e3e 1070 }
b08340d5 1071 pci_dma_write(d, base, &desc, sizeof(desc));
7c23b892
AZ		 1072
1073 if (++s->mac_reg[RDH] * sizeof(desc) >= s->mac_reg[RDLEN])
1074 s->mac_reg[RDH] = 0;
7c23b892
AZ		 1075 /* see comment in start_xmit; same here */
1076 if (s->mac_reg[RDH] == rdh_start) {
1077 DBGOUT(RXERR, "RDH wraparound @%x, RDT %x, RDLEN %x\n",
1078 rdh_start, s->mac_reg[RDT], s->mac_reg[RDLEN]);
1079 set_ics(s, 0, E1000_ICS_RXO);
4f1c942b 1080 return -1;
7c23b892 1081 }
b19487e2 1082 } while (desc_offset < total_size);
7c23b892
AZ		 1083
1084 s->mac_reg[GPRC]++;
1085 s->mac_reg[TPR]++;
a05e8a6e
MT		 1086 /* TOR - Total Octets Received:
1087 * This register includes bytes received in a packet from the <Destination
1088 * Address> field through the <CRC> field, inclusively.
1089 */
1090 n = s->mac_reg[TORL] + size + /* Always include FCS length. */ 4;
1091 if (n < s->mac_reg[TORL])
7c23b892 1092 s->mac_reg[TORH]++;
a05e8a6e 1093 s->mac_reg[TORL] = n;
7c23b892
AZ		 1094
1095 n = E1000_ICS_RXT0;
1096 if ((rdt = s->mac_reg[RDT]) < s->mac_reg[RDH])
1097 rdt += s->mac_reg[RDLEN] / sizeof(desc);
bf16cc8f
AL		 1098 if (((rdt - s->mac_reg[RDH]) * sizeof(desc)) <= s->mac_reg[RDLEN] >>
1099 s->rxbuf_min_shift)
7c23b892
AZ		 1100 n |= E1000_ICS_RXDMT0;
1101
1102 set_ics(s, 0, n);
4f1c942b
MM		 1103
1104 return size;
7c23b892
AZ		 1105}
1106
97410dde
VM		 1107static ssize_t
1108e1000_receive(NetClientState *nc, const uint8_t *buf, size_t size)
1109{
1110 const struct iovec iov = {
1111 .iov_base = (uint8_t *)buf,
1112 .iov_len = size
1113 };
1114
1115 return e1000_receive_iov(nc, &iov, 1);
1116}
1117
7c23b892
AZ		 1118static uint32_t
1119mac_readreg(E1000State *s, int index)
1120{
1121 return s->mac_reg[index];
1122}
1123
1124static uint32_t
1125mac_icr_read(E1000State *s, int index)
1126{
1127 uint32_t ret = s->mac_reg[ICR];
1128
1129 DBGOUT(INTERRUPT, "ICR read: %x\n", ret);
1130 set_interrupt_cause(s, 0, 0);
1131 return ret;
1132}
1133
1134static uint32_t
1135mac_read_clr4(E1000State *s, int index)
1136{
1137 uint32_t ret = s->mac_reg[index];
1138
1139 s->mac_reg[index] = 0;
1140 return ret;
1141}
1142
1143static uint32_t
1144mac_read_clr8(E1000State *s, int index)
1145{
1146 uint32_t ret = s->mac_reg[index];
1147
1148 s->mac_reg[index] = 0;
1149 s->mac_reg[index-1] = 0;
1150 return ret;
1151}
1152
1153static void
1154mac_writereg(E1000State *s, int index, uint32_t val)
1155{
7c36507c
AK		 1156 uint32_t macaddr[2];
1157
7c23b892 1158 s->mac_reg[index] = val;
7c36507c 1159
90d131fb 1160 if (index == RA + 1) {
7c36507c
AK		 1161 macaddr[0] = cpu_to_le32(s->mac_reg[RA]);
1162 macaddr[1] = cpu_to_le32(s->mac_reg[RA + 1]);
1163 qemu_format_nic_info_str(qemu_get_queue(s->nic), (uint8_t *)macaddr);
1164 }
7c23b892
AZ		 1165}
1166
1167static void
1168set_rdt(E1000State *s, int index, uint32_t val)
1169{
7c23b892 1170 s->mac_reg[index] = val & 0xffff;
e8b4c680 1171 if (e1000_has_rxbufs(s, 1)) {
b356f76d 1172 qemu_flush_queued_packets(qemu_get_queue(s->nic));
e8b4c680 1173 }
7c23b892
AZ		 1174}
1175
1176static void
1177set_16bit(E1000State *s, int index, uint32_t val)
1178{
1179 s->mac_reg[index] = val & 0xffff;
1180}
1181
1182static void
1183set_dlen(E1000State *s, int index, uint32_t val)
1184{
1185 s->mac_reg[index] = val & 0xfff80;
1186}
1187
1188static void
1189set_tctl(E1000State *s, int index, uint32_t val)
1190{
1191 s->mac_reg[index] = val;
1192 s->mac_reg[TDT] &= 0xffff;
1193 start_xmit(s);
1194}
1195
1196static void
1197set_icr(E1000State *s, int index, uint32_t val)
1198{
1199 DBGOUT(INTERRUPT, "set_icr %x\n", val);
1200 set_interrupt_cause(s, 0, s->mac_reg[ICR] & ~val);
1201}
1202
1203static void
1204set_imc(E1000State *s, int index, uint32_t val)
1205{
1206 s->mac_reg[IMS] &= ~val;
1207 set_ics(s, 0, 0);
1208}
1209
1210static void
1211set_ims(E1000State *s, int index, uint32_t val)
1212{
1213 s->mac_reg[IMS] |= val;
1214 set_ics(s, 0, 0);
1215}
1216
20f3e863 1217#define getreg(x) [x] = mac_readreg
7c23b892 1218static uint32_t (*macreg_readops[])(E1000State *, int) = {
20f3e863
LB		 1219 getreg(PBA), getreg(RCTL), getreg(TDH), getreg(TXDCTL),
1220 getreg(WUFC), getreg(TDT), getreg(CTRL), getreg(LEDCTL),
1221 getreg(MANC), getreg(MDIC), getreg(SWSM), getreg(STATUS),
1222 getreg(TORL), getreg(TOTL), getreg(IMS), getreg(TCTL),
1223 getreg(RDH), getreg(RDT), getreg(VET), getreg(ICS),
1224 getreg(TDBAL), getreg(TDBAH), getreg(RDBAH), getreg(RDBAL),
1225 getreg(TDLEN), getreg(RDLEN), getreg(RDTR), getreg(RADV),
1226 getreg(TADV), getreg(ITR),
1227
1228 [TOTH] = mac_read_clr8, [TORH] = mac_read_clr8,
1229 [GPRC] = mac_read_clr4, [GPTC] = mac_read_clr4,
1230 [TPT] = mac_read_clr4, [TPR] = mac_read_clr4,
1231 [ICR] = mac_icr_read, [EECD] = get_eecd,
1232 [EERD] = flash_eerd_read,
1233
1234 [CRCERRS ... MPC] = &mac_readreg,
1235 [RA ... RA+31] = &mac_readreg,
1236 [MTA ... MTA+127] = &mac_readreg,
8f2e8d1f 1237 [VFTA ... VFTA+127] = &mac_readreg,
7c23b892 1238};
b1503cda 1239enum { NREADOPS = ARRAY_SIZE(macreg_readops) };
7c23b892 1240
20f3e863 1241#define putreg(x) [x] = mac_writereg
7c23b892 1242static void (*macreg_writeops[])(E1000State *, int, uint32_t) = {
20f3e863
LB		 1243 putreg(PBA), putreg(EERD), putreg(SWSM), putreg(WUFC),
1244 putreg(TDBAL), putreg(TDBAH), putreg(TXDCTL), putreg(RDBAH),
1245 putreg(RDBAL), putreg(LEDCTL), putreg(VET),
1246
1247 [TDLEN] = set_dlen, [RDLEN] = set_dlen, [TCTL] = set_tctl,
1248 [TDT] = set_tctl, [MDIC] = set_mdic, [ICS] = set_ics,
1249 [TDH] = set_16bit, [RDH] = set_16bit, [RDT] = set_rdt,
1250 [IMC] = set_imc, [IMS] = set_ims, [ICR] = set_icr,
1251 [EECD] = set_eecd, [RCTL] = set_rx_control, [CTRL] = set_ctrl,
1252 [RDTR] = set_16bit, [RADV] = set_16bit, [TADV] = set_16bit,
1253 [ITR] = set_16bit,
1254
1255 [RA ... RA+31] = &mac_writereg,
1256 [MTA ... MTA+127] = &mac_writereg,
8f2e8d1f 1257 [VFTA ... VFTA+127] = &mac_writereg,
7c23b892 1258};
b9d03e35 1259
b1503cda 1260enum { NWRITEOPS = ARRAY_SIZE(macreg_writeops) };
7c23b892 1261
bc0f0674
LB		 1262enum { MAC_ACCESS_PARTIAL = 1, MAC_ACCESS_FLAG_NEEDED = 2 };
1263
1264#define markflag(x) ((E1000_FLAG_##x << 2) | MAC_ACCESS_FLAG_NEEDED)
1265/* In the array below the meaning of the bits is: [f|f|f|f|f|f|n|p]
1266 * f - flag bits (up to 6 possible flags)
1267 * n - flag needed
1268 * p - partially implenented */
1269static const uint8_t mac_reg_access[0x8000] = {
1270 [RDTR] = markflag(MIT), [TADV] = markflag(MIT),
1271 [RADV] = markflag(MIT), [ITR] = markflag(MIT),
1272};
1273
7c23b892 1274static void
a8170e5e 1275e1000_mmio_write(void *opaque, hwaddr addr, uint64_t val,
ad00a9b9 1276 unsigned size)
7c23b892
AZ		 1277{
1278 E1000State *s = opaque;
8da3ff18 1279 unsigned int index = (addr & 0x1ffff) >> 2;
7c23b892 1280
43ad7e3e 1281 if (index < NWRITEOPS && macreg_writeops[index]) {
bc0f0674
LB		 1282 if (!(mac_reg_access[index] & MAC_ACCESS_FLAG_NEEDED)
1283 || (s->compat_flags & (mac_reg_access[index] >> 2))) {
1284 if (mac_reg_access[index] & MAC_ACCESS_PARTIAL) {
1285 DBGOUT(GENERAL, "Writing to register at offset: 0x%08x. "
1286 "It is not fully implemented.\n", index<<2);
1287 }
1288 macreg_writeops[index](s, index, val);
1289 } else { /* "flag needed" bit is set, but the flag is not active */
1290 DBGOUT(MMIO, "MMIO write attempt to disabled reg. addr=0x%08x\n",
1291 index<<2);
1292 }
43ad7e3e 1293 } else if (index < NREADOPS && macreg_readops[index]) {
bc0f0674
LB		 1294 DBGOUT(MMIO, "e1000_mmio_writel RO %x: 0x%04"PRIx64"\n",
1295 index<<2, val);
43ad7e3e 1296 } else {
ad00a9b9 1297 DBGOUT(UNKNOWN, "MMIO unknown write addr=0x%08x,val=0x%08"PRIx64"\n",
7c23b892 1298 index<<2, val);
43ad7e3e 1299 }
7c23b892
AZ		 1300}
1301
ad00a9b9 1302static uint64_t
a8170e5e 1303e1000_mmio_read(void *opaque, hwaddr addr, unsigned size)
7c23b892
AZ		 1304{
1305 E1000State *s = opaque;
8da3ff18 1306 unsigned int index = (addr & 0x1ffff) >> 2;
7c23b892 1307
bc0f0674
LB		 1308 if (index < NREADOPS && macreg_readops[index]) {
1309 if (!(mac_reg_access[index] & MAC_ACCESS_FLAG_NEEDED)
1310 || (s->compat_flags & (mac_reg_access[index] >> 2))) {
1311 if (mac_reg_access[index] & MAC_ACCESS_PARTIAL) {
1312 DBGOUT(GENERAL, "Reading register at offset: 0x%08x. "
1313 "It is not fully implemented.\n", index<<2);
1314 }
1315 return macreg_readops[index](s, index);
1316 } else { /* "flag needed" bit is set, but the flag is not active */
1317 DBGOUT(MMIO, "MMIO read attempt of disabled reg. addr=0x%08x\n",
1318 index<<2);
1319 }
1320 } else {
1321 DBGOUT(UNKNOWN, "MMIO unknown read addr=0x%08x\n", index<<2);
6b59fc74 1322 }
7c23b892
AZ		 1323 return 0;
1324}
1325
ad00a9b9
AK		 1326static const MemoryRegionOps e1000_mmio_ops = {
1327 .read = e1000_mmio_read,
1328 .write = e1000_mmio_write,
1329 .endianness = DEVICE_LITTLE_ENDIAN,
1330 .impl = {
1331 .min_access_size = 4,
1332 .max_access_size = 4,
1333 },
1334};
1335
a8170e5e 1336static uint64_t e1000_io_read(void *opaque, hwaddr addr,
ad00a9b9 1337 unsigned size)
7c23b892 1338{
ad00a9b9
AK		 1339 E1000State *s = opaque;
1340
1341 (void)s;
1342 return 0;
7c23b892
AZ		 1343}
1344
a8170e5e 1345static void e1000_io_write(void *opaque, hwaddr addr,
ad00a9b9 1346 uint64_t val, unsigned size)
7c23b892 1347{
ad00a9b9
AK		 1348 E1000State *s = opaque;
1349
1350 (void)s;
7c23b892
AZ		 1351}
1352
ad00a9b9
AK		 1353static const MemoryRegionOps e1000_io_ops = {
1354 .read = e1000_io_read,
1355 .write = e1000_io_write,
1356 .endianness = DEVICE_LITTLE_ENDIAN,
1357};
1358
e482dc3e 1359static bool is_version_1(void *opaque, int version_id)
7c23b892 1360{
e482dc3e 1361 return version_id == 1;
7c23b892
AZ		 1362}
1363
ddcb73b7
MT		 1364static void e1000_pre_save(void *opaque)
1365{
1366 E1000State *s = opaque;
1367 NetClientState *nc = qemu_get_queue(s->nic);
2af234e6 1368
e9845f09
VM		 1369 /* If the mitigation timer is active, emulate a timeout now. */
1370 if (s->mit_timer_on) {
1371 e1000_mit_timer(s);
1372 }
1373
ddcb73b7 1374 /*
6a2acedb
GS		 1375 * If link is down and auto-negotiation is supported and ongoing,
1376 * complete auto-negotiation immediately. This allows us to look
1377 * at MII_SR_AUTONEG_COMPLETE to infer link status on load.
ddcb73b7 1378 */
d7a41552
GS		 1379 if (nc->link_down && have_autoneg(s)) {
1380 s->phy_reg[PHY_STATUS] |= MII_SR_AUTONEG_COMPLETE;
ddcb73b7
MT		 1381 }
1382}
1383
e4b82364
AK		 1384static int e1000_post_load(void *opaque, int version_id)
1385{
1386 E1000State *s = opaque;
b356f76d 1387 NetClientState *nc = qemu_get_queue(s->nic);
e4b82364 1388
bc0f0674 1389 if (!chkflag(MIT)) {
e9845f09
VM		 1390 s->mac_reg[ITR] = s->mac_reg[RDTR] = s->mac_reg[RADV] =
1391 s->mac_reg[TADV] = 0;
1392 s->mit_irq_level = false;
1393 }
1394 s->mit_ide = 0;
1395 s->mit_timer_on = false;
1396
e4b82364 1397 /* nc.link_down can't be migrated, so infer link_down according
ddcb73b7
MT		 1398 * to link status bit in mac_reg[STATUS].
1399 * Alternatively, restart link negotiation if it was in progress. */
b356f76d 1400 nc->link_down = (s->mac_reg[STATUS] & E1000_STATUS_LU) == 0;
2af234e6 1401
d7a41552 1402 if (have_autoneg(s) &&
ddcb73b7
MT		 1403 !(s->phy_reg[PHY_STATUS] & MII_SR_AUTONEG_COMPLETE)) {
1404 nc->link_down = false;
d7a41552
GS		 1405 timer_mod(s->autoneg_timer,
1406 qemu_clock_get_ms(QEMU_CLOCK_VIRTUAL) + 500);
ddcb73b7 1407 }
e4b82364
AK		 1408
1409 return 0;
1410}
1411
e9845f09
VM		 1412static bool e1000_mit_state_needed(void *opaque)
1413{
1414 E1000State *s = opaque;
1415
bc0f0674 1416 return chkflag(MIT);
e9845f09
VM		 1417}
1418
9e117734
LB		 1419static bool e1000_full_mac_needed(void *opaque)
1420{
1421 E1000State *s = opaque;
1422
bc0f0674 1423 return chkflag(MAC);
9e117734
LB		 1424}
1425
e9845f09
VM		 1426static const VMStateDescription vmstate_e1000_mit_state = {
1427 .name = "e1000/mit_state",
1428 .version_id = 1,
1429 .minimum_version_id = 1,
5cd8cada 1430 .needed = e1000_mit_state_needed,
d49805ae 1431 .fields = (VMStateField[]) {
e9845f09
VM		 1432 VMSTATE_UINT32(mac_reg[RDTR], E1000State),
1433 VMSTATE_UINT32(mac_reg[RADV], E1000State),
1434 VMSTATE_UINT32(mac_reg[TADV], E1000State),
1435 VMSTATE_UINT32(mac_reg[ITR], E1000State),
1436 VMSTATE_BOOL(mit_irq_level, E1000State),
1437 VMSTATE_END_OF_LIST()
1438 }
1439};
1440
9e117734
LB		 1441static const VMStateDescription vmstate_e1000_full_mac_state = {
1442 .name = "e1000/full_mac_state",
1443 .version_id = 1,
1444 .minimum_version_id = 1,
1445 .needed = e1000_full_mac_needed,
1446 .fields = (VMStateField[]) {
1447 VMSTATE_UINT32_ARRAY(mac_reg, E1000State, 0x8000),
1448 VMSTATE_END_OF_LIST()
1449 }
1450};
1451
e482dc3e
JQ		 1452static const VMStateDescription vmstate_e1000 = {
1453 .name = "e1000",
1454 .version_id = 2,
1455 .minimum_version_id = 1,
ddcb73b7 1456 .pre_save = e1000_pre_save,
e4b82364 1457 .post_load = e1000_post_load,
d49805ae 1458 .fields = (VMStateField[]) {
b08340d5 1459 VMSTATE_PCI_DEVICE(parent_obj, E1000State),
e482dc3e
JQ		 1460 VMSTATE_UNUSED_TEST(is_version_1, 4), /* was instance id */
1461 VMSTATE_UNUSED(4), /* Was mmio_base. */
1462 VMSTATE_UINT32(rxbuf_size, E1000State),
1463 VMSTATE_UINT32(rxbuf_min_shift, E1000State),
1464 VMSTATE_UINT32(eecd_state.val_in, E1000State),
1465 VMSTATE_UINT16(eecd_state.bitnum_in, E1000State),
1466 VMSTATE_UINT16(eecd_state.bitnum_out, E1000State),
1467 VMSTATE_UINT16(eecd_state.reading, E1000State),
1468 VMSTATE_UINT32(eecd_state.old_eecd, E1000State),
1469 VMSTATE_UINT8(tx.ipcss, E1000State),
1470 VMSTATE_UINT8(tx.ipcso, E1000State),
1471 VMSTATE_UINT16(tx.ipcse, E1000State),
1472 VMSTATE_UINT8(tx.tucss, E1000State),
1473 VMSTATE_UINT8(tx.tucso, E1000State),
1474 VMSTATE_UINT16(tx.tucse, E1000State),
1475 VMSTATE_UINT32(tx.paylen, E1000State),
1476 VMSTATE_UINT8(tx.hdr_len, E1000State),
1477 VMSTATE_UINT16(tx.mss, E1000State),
1478 VMSTATE_UINT16(tx.size, E1000State),
1479 VMSTATE_UINT16(tx.tso_frames, E1000State),
1480 VMSTATE_UINT8(tx.sum_needed, E1000State),
1481 VMSTATE_INT8(tx.ip, E1000State),
1482 VMSTATE_INT8(tx.tcp, E1000State),
1483 VMSTATE_BUFFER(tx.header, E1000State),
1484 VMSTATE_BUFFER(tx.data, E1000State),
1485 VMSTATE_UINT16_ARRAY(eeprom_data, E1000State, 64),
1486 VMSTATE_UINT16_ARRAY(phy_reg, E1000State, 0x20),
1487 VMSTATE_UINT32(mac_reg[CTRL], E1000State),
1488 VMSTATE_UINT32(mac_reg[EECD], E1000State),
1489 VMSTATE_UINT32(mac_reg[EERD], E1000State),
1490 VMSTATE_UINT32(mac_reg[GPRC], E1000State),
1491 VMSTATE_UINT32(mac_reg[GPTC], E1000State),
1492 VMSTATE_UINT32(mac_reg[ICR], E1000State),
1493 VMSTATE_UINT32(mac_reg[ICS], E1000State),
1494 VMSTATE_UINT32(mac_reg[IMC], E1000State),
1495 VMSTATE_UINT32(mac_reg[IMS], E1000State),
1496 VMSTATE_UINT32(mac_reg[LEDCTL], E1000State),
1497 VMSTATE_UINT32(mac_reg[MANC], E1000State),
1498 VMSTATE_UINT32(mac_reg[MDIC], E1000State),
1499 VMSTATE_UINT32(mac_reg[MPC], E1000State),
1500 VMSTATE_UINT32(mac_reg[PBA], E1000State),
1501 VMSTATE_UINT32(mac_reg[RCTL], E1000State),
1502 VMSTATE_UINT32(mac_reg[RDBAH], E1000State),
1503 VMSTATE_UINT32(mac_reg[RDBAL], E1000State),
1504 VMSTATE_UINT32(mac_reg[RDH], E1000State),
1505 VMSTATE_UINT32(mac_reg[RDLEN], E1000State),
1506 VMSTATE_UINT32(mac_reg[RDT], E1000State),
1507 VMSTATE_UINT32(mac_reg[STATUS], E1000State),
1508 VMSTATE_UINT32(mac_reg[SWSM], E1000State),
1509 VMSTATE_UINT32(mac_reg[TCTL], E1000State),
1510 VMSTATE_UINT32(mac_reg[TDBAH], E1000State),
1511 VMSTATE_UINT32(mac_reg[TDBAL], E1000State),
1512 VMSTATE_UINT32(mac_reg[TDH], E1000State),
1513 VMSTATE_UINT32(mac_reg[TDLEN], E1000State),
1514 VMSTATE_UINT32(mac_reg[TDT], E1000State),
1515 VMSTATE_UINT32(mac_reg[TORH], E1000State),
1516 VMSTATE_UINT32(mac_reg[TORL], E1000State),
1517 VMSTATE_UINT32(mac_reg[TOTH], E1000State),
1518 VMSTATE_UINT32(mac_reg[TOTL], E1000State),
1519 VMSTATE_UINT32(mac_reg[TPR], E1000State),
1520 VMSTATE_UINT32(mac_reg[TPT], E1000State),
1521 VMSTATE_UINT32(mac_reg[TXDCTL], E1000State),
1522 VMSTATE_UINT32(mac_reg[WUFC], E1000State),
1523 VMSTATE_UINT32(mac_reg[VET], E1000State),
1524 VMSTATE_UINT32_SUB_ARRAY(mac_reg, E1000State, RA, 32),
1525 VMSTATE_UINT32_SUB_ARRAY(mac_reg, E1000State, MTA, 128),
1526 VMSTATE_UINT32_SUB_ARRAY(mac_reg, E1000State, VFTA, 128),
1527 VMSTATE_END_OF_LIST()
e9845f09 1528 },
5cd8cada
JQ		 1529 .subsections = (const VMStateDescription*[]) {
1530 &vmstate_e1000_mit_state,
9e117734 1531 &vmstate_e1000_full_mac_state,
5cd8cada 1532 NULL
e482dc3e
JQ		 1533 }
1534};
7c23b892 1535
8597f2e1
GS		 1536/*
1537 * EEPROM contents documented in Tables 5-2 and 5-3, pp. 98-102.
1538 * Note: A valid DevId will be inserted during pci_e1000_init().
1539 */
88b4e9db 1540static const uint16_t e1000_eeprom_template[64] = {
7c23b892 1541 0x0000, 0x0000, 0x0000, 0x0000, 0xffff, 0x0000, 0x0000, 0x0000,
8597f2e1 1542 0x3000, 0x1000, 0x6403, 0 /*DevId*/, 0x8086, 0 /*DevId*/, 0x8086, 0x3040,
7c23b892
AZ		 1543 0x0008, 0x2000, 0x7e14, 0x0048, 0x1000, 0x00d8, 0x0000, 0x2700,
1544 0x6cc9, 0x3150, 0x0722, 0x040b, 0x0984, 0x0000, 0xc000, 0x0706,
1545 0x1008, 0x0000, 0x0f04, 0x7fff, 0x4d01, 0xffff, 0xffff, 0xffff,
1546 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
1547 0x0100, 0x4000, 0x121c, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
1548 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0x0000,
1549};
1550
7c23b892
AZ		 1551/* PCI interface */
1552
7c23b892 1553static void
ad00a9b9 1554e1000_mmio_setup(E1000State *d)
7c23b892 1555{
f65ed4c1
AL		 1556 int i;
1557 const uint32_t excluded_regs[] = {
1558 E1000_MDIC, E1000_ICR, E1000_ICS, E1000_IMS,
1559 E1000_IMC, E1000_TCTL, E1000_TDT, PNPMMIO_SIZE
1560 };
1561
eedfac6f
PB		 1562 memory_region_init_io(&d->mmio, OBJECT(d), &e1000_mmio_ops, d,
1563 "e1000-mmio", PNPMMIO_SIZE);
ad00a9b9 1564 memory_region_add_coalescing(&d->mmio, 0, excluded_regs[0]);
f65ed4c1 1565 for (i = 0; excluded_regs[i] != PNPMMIO_SIZE; i++)
ad00a9b9
AK		 1566 memory_region_add_coalescing(&d->mmio, excluded_regs[i] + 4,
1567 excluded_regs[i+1] - excluded_regs[i] - 4);
eedfac6f 1568 memory_region_init_io(&d->io, OBJECT(d), &e1000_io_ops, d, "e1000-io", IOPORT_SIZE);
7c23b892
AZ		 1569}
1570
f90c2bcd 1571static void
4b09be85
AL		 1572pci_e1000_uninit(PCIDevice *dev)
1573{
567a3c9e 1574 E1000State *d = E1000(dev);
4b09be85 1575
bc72ad67
AB		 1576 timer_del(d->autoneg_timer);
1577 timer_free(d->autoneg_timer);
e9845f09
VM		 1578 timer_del(d->mit_timer);
1579 timer_free(d->mit_timer);
948ecf21 1580 qemu_del_nic(d->nic);
4b09be85
AL		 1581}
1582
a03e2aec 1583static NetClientInfo net_e1000_info = {
2be64a68 1584 .type = NET_CLIENT_OPTIONS_KIND_NIC,
a03e2aec
MM		 1585 .size = sizeof(NICState),
1586 .can_receive = e1000_can_receive,
1587 .receive = e1000_receive,
97410dde 1588 .receive_iov = e1000_receive_iov,
a03e2aec
MM		 1589 .link_status_changed = e1000_set_link_status,
1590};
1591
20302e71
MT		 1592static void e1000_write_config(PCIDevice *pci_dev, uint32_t address,
1593 uint32_t val, int len)
1594{
1595 E1000State *s = E1000(pci_dev);
1596
1597 pci_default_write_config(pci_dev, address, val, len);
1598
1599 if (range_covers_byte(address, len, PCI_COMMAND) &&
1600 (pci_dev->config[PCI_COMMAND] & PCI_COMMAND_MASTER)) {
1601 qemu_flush_queued_packets(qemu_get_queue(s->nic));
1602 }
1603}
1604
1605
9af21dbe 1606static void pci_e1000_realize(PCIDevice *pci_dev, Error **errp)
7c23b892 1607{
567a3c9e
PC		 1608 DeviceState *dev = DEVICE(pci_dev);
1609 E1000State *d = E1000(pci_dev);
8597f2e1 1610 PCIDeviceClass *pdc = PCI_DEVICE_GET_CLASS(pci_dev);
7c23b892 1611 uint8_t *pci_conf;
7c23b892 1612 uint16_t checksum = 0;
7c23b892 1613 int i;
fbdaa002 1614 uint8_t *macaddr;
aff427a1 1615
20302e71
MT		 1616 pci_dev->config_write = e1000_write_config;
1617
b08340d5 1618 pci_conf = pci_dev->config;
7c23b892 1619
a9cbacb0
MT		 1620 /* TODO: RST# value should be 0, PCI spec 6.2.4 */
1621 pci_conf[PCI_CACHE_LINE_SIZE] = 0x10;
7c23b892 1622
817e0b6f 1623 pci_conf[PCI_INTERRUPT_PIN] = 1; /* interrupt pin A */
7c23b892 1624
ad00a9b9 1625 e1000_mmio_setup(d);
7c23b892 1626
b08340d5 1627 pci_register_bar(pci_dev, 0, PCI_BASE_ADDRESS_SPACE_MEMORY, &d->mmio);
7c23b892 1628
b08340d5 1629 pci_register_bar(pci_dev, 1, PCI_BASE_ADDRESS_SPACE_IO, &d->io);
7c23b892 1630
7c23b892
AZ		 1631 memmove(d->eeprom_data, e1000_eeprom_template,
1632 sizeof e1000_eeprom_template);
fbdaa002
GH		 1633 qemu_macaddr_default_if_unset(&d->conf.macaddr);
1634 macaddr = d->conf.macaddr.a;
7c23b892 1635 for (i = 0; i < 3; i++)
9d07d757 1636 d->eeprom_data[i] = (macaddr[2*i+1]<<8) | macaddr[2*i];
8597f2e1 1637 d->eeprom_data[11] = d->eeprom_data[13] = pdc->device_id;
7c23b892
AZ		 1638 for (i = 0; i < EEPROM_CHECKSUM_REG; i++)
1639 checksum += d->eeprom_data[i];
1640 checksum = (uint16_t) EEPROM_SUM - checksum;
1641 d->eeprom_data[EEPROM_CHECKSUM_REG] = checksum;
1642
a03e2aec 1643 d->nic = qemu_new_nic(&net_e1000_info, &d->conf,
567a3c9e 1644 object_get_typename(OBJECT(d)), dev->id, d);
7c23b892 1645
b356f76d 1646 qemu_format_nic_info_str(qemu_get_queue(d->nic), macaddr);
1ca4d09a 1647
bc72ad67 1648 d->autoneg_timer = timer_new_ms(QEMU_CLOCK_VIRTUAL, e1000_autoneg_timer, d);
e9845f09 1649 d->mit_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, e1000_mit_timer, d);
9d07d757 1650}
72da4208 1651
fbdaa002
GH		 1652static void qdev_e1000_reset(DeviceState *dev)
1653{
567a3c9e 1654 E1000State *d = E1000(dev);
fbdaa002
GH		 1655 e1000_reset(d);
1656}
1657
40021f08
AL		 1658static Property e1000_properties[] = {
1659 DEFINE_NIC_PROPERTIES(E1000State, conf),
2af234e6
MT		 1660 DEFINE_PROP_BIT("autonegotiation", E1000State,
1661 compat_flags, E1000_FLAG_AUTONEG_BIT, true),
e9845f09
VM		 1662 DEFINE_PROP_BIT("mitigation", E1000State,
1663 compat_flags, E1000_FLAG_MIT_BIT, true),
40021f08
AL		 1664 DEFINE_PROP_END_OF_LIST(),
1665};
1666
8597f2e1
GS		 1667typedef struct E1000Info {
1668 const char *name;
1669 uint16_t device_id;
1670 uint8_t revision;
1671 uint16_t phy_id2;
8597f2e1
GS		 1672} E1000Info;
1673
40021f08
AL		 1674static void e1000_class_init(ObjectClass *klass, void *data)
1675{
39bffca2 1676 DeviceClass *dc = DEVICE_CLASS(klass);
40021f08 1677 PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
8597f2e1
GS		 1678 E1000BaseClass *e = E1000_DEVICE_CLASS(klass);
1679 const E1000Info *info = data;
40021f08 1680
9af21dbe 1681 k->realize = pci_e1000_realize;
40021f08 1682 k->exit = pci_e1000_uninit;
c45e5b5b 1683 k->romfile = "efi-e1000.rom";
40021f08 1684 k->vendor_id = PCI_VENDOR_ID_INTEL;
8597f2e1
GS		 1685 k->device_id = info->device_id;
1686 k->revision = info->revision;
1687 e->phy_id2 = info->phy_id2;
40021f08 1688 k->class_id = PCI_CLASS_NETWORK_ETHERNET;
125ee0ed 1689 set_bit(DEVICE_CATEGORY_NETWORK, dc->categories);
39bffca2
AL		 1690 dc->desc = "Intel Gigabit Ethernet";
1691 dc->reset = qdev_e1000_reset;
1692 dc->vmsd = &vmstate_e1000;
1693 dc->props = e1000_properties;
40021f08
AL		 1694}
1695
5df3bf62
GA		 1696static void e1000_instance_init(Object *obj)
1697{
1698 E1000State *n = E1000(obj);
1699 device_add_bootindex_property(obj, &n->conf.bootindex,
1700 "bootindex", "/ethernet-phy@0",
1701 DEVICE(n), NULL);
1702}
1703
8597f2e1
GS		 1704static const TypeInfo e1000_base_info = {
1705 .name = TYPE_E1000_BASE,
39bffca2
AL		 1706 .parent = TYPE_PCI_DEVICE,
1707 .instance_size = sizeof(E1000State),
5df3bf62 1708 .instance_init = e1000_instance_init,
8597f2e1
GS		 1709 .class_size = sizeof(E1000BaseClass),
1710 .abstract = true,
1711};
1712
1713static const E1000Info e1000_devices[] = {
1714 {
83044020 1715 .name = "e1000",
8597f2e1
GS		 1716 .device_id = E1000_DEV_ID_82540EM,
1717 .revision = 0x03,
1718 .phy_id2 = E1000_PHY_ID2_8254xx_DEFAULT,
1719 },
1720 {
1721 .name = "e1000-82544gc",
1722 .device_id = E1000_DEV_ID_82544GC_COPPER,
1723 .revision = 0x03,
1724 .phy_id2 = E1000_PHY_ID2_82544x,
1725 },
1726 {
1727 .name = "e1000-82545em",
1728 .device_id = E1000_DEV_ID_82545EM_COPPER,
1729 .revision = 0x03,
1730 .phy_id2 = E1000_PHY_ID2_8254xx_DEFAULT,
1731 },
8597f2e1
GS		 1732};
1733
83f7d43a 1734static void e1000_register_types(void)
9d07d757 1735{
8597f2e1
GS		 1736 int i;
1737
1738 type_register_static(&e1000_base_info);
1739 for (i = 0; i < ARRAY_SIZE(e1000_devices); i++) {
1740 const E1000Info *info = &e1000_devices[i];
1741 TypeInfo type_info = {};
1742
1743 type_info.name = info->name;
1744 type_info.parent = TYPE_E1000_BASE;
1745 type_info.class_data = (void *)info;
1746 type_info.class_init = e1000_class_init;
5df3bf62 1747 type_info.instance_init = e1000_instance_init;
8597f2e1
GS		 1748
1749 type_register(&type_info);
1750 }
7c23b892 1751}
9d07d757 1752
83f7d43a 1753type_init(e1000_register_types)
QEMU mirror