]> git.proxmox.com Git - qemu.git/blob - hw/smc91c111.c
projects / qemu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Random bug fixes from code inspection, by Wang Cheng Yeh.
[qemu.git] / hw / smc91c111.c
1 /*
2 * SMSC 91C111 Ethernet interface emulation
3 *
4 * Copyright (c) 2005 CodeSourcery, LLC.
5 * Written by Paul Brook
6 *
7 * This code is licenced under the GPL
8 */
9
10 #include "vl.h"
11 /* For crc32 */
12 #include <zlib.h>
13
14 /* Number of 2k memory pages available. */
15 #define NUM_PACKETS 4
16
17 typedef struct {
18 uint32_t base;
19 VLANClientState *vc;
20 uint16_t tcr;
21 uint16_t rcr;
22 uint16_t cr;
23 uint16_t ctr;
24 uint16_t gpr;
25 uint16_t ptr;
26 uint16_t ercv;
27 void *pic;
28 int irq;
29 int bank;
30 int packet_num;
31 int tx_alloc;
32 /* Bitmask of allocated packets. */
33 int allocated;
34 int tx_fifo_len;
35 int tx_fifo[NUM_PACKETS];
36 int rx_fifo_len;
37 int rx_fifo[NUM_PACKETS];
38 int tx_fifo_done_len;
39 int tx_fifo_done[NUM_PACKETS];
40 /* Packet buffer memory. */
41 uint8_t data[NUM_PACKETS][2048];
42 uint8_t int_level;
43 uint8_t int_mask;
44 uint8_t macaddr[6];
45 } smc91c111_state;
46
47 #define RCR_SOFT_RST 0x8000
48 #define RCR_STRIP_CRC 0x0200
49 #define RCR_RXEN 0x0100
50
51 #define TCR_EPH_LOOP 0x2000
52 #define TCR_NOCRC 0x0100
53 #define TCR_PAD_EN 0x0080
54 #define TCR_FORCOL 0x0004
55 #define TCR_LOOP 0x0002
56 #define TCR_TXEN 0x0001
57
58 #define INT_MD 0x80
59 #define INT_ERCV 0x40
60 #define INT_EPH 0x20
61 #define INT_RX_OVRN 0x10
62 #define INT_ALLOC 0x08
63 #define INT_TX_EMPTY 0x04
64 #define INT_TX 0x02
65 #define INT_RCV 0x01
66
67 #define CTR_AUTO_RELEASE 0x0800
68 #define CTR_RELOAD 0x0002
69 #define CTR_STORE 0x0001
70
71 #define RS_ALGNERR 0x8000
72 #define RS_BRODCAST 0x4000
73 #define RS_BADCRC 0x2000
74 #define RS_ODDFRAME 0x1000
75 #define RS_TOOLONG 0x0800
76 #define RS_TOOSHORT 0x0400
77 #define RS_MULTICAST 0x0001
78
79 /* Update interrupt status. */
80 static void smc91c111_update(smc91c111_state *s)
81 {
82 int level;
83
84 if (s->tx_fifo_len == 0)
85 s->int_level |= INT_TX_EMPTY;
86 if (s->tx_fifo_done_len != 0)
87 s->int_level |= INT_TX;
88 level = (s->int_level & s->int_mask) != 0;
89 pic_set_irq_new(s->pic, s->irq, level);
90 }
91
92 /* Try to allocate a packet. Returns 0x80 on failure. */
93 static int smc91c111_allocate_packet(smc91c111_state *s)
94 {
95 int i;
96 if (s->allocated == (1 << NUM_PACKETS) - 1) {
97 return 0x80;
98 }
99
100 for (i = 0; i < NUM_PACKETS; i++) {
101 if ((s->allocated & (1 << i)) == 0)
102 break;
103 }
104 s->allocated |= 1 << i;
105 return i;
106 }
107
108
109 /* Process a pending TX allocate. */
110 static void smc91c111_tx_alloc(smc91c111_state *s)
111 {
112 s->tx_alloc = smc91c111_allocate_packet(s);
113 if (s->tx_alloc == 0x80)
114 return;
115 s->int_level |= INT_ALLOC;
116 smc91c111_update(s);
117 }
118
119 /* Remove and item from the RX FIFO. */
120 static void smc91c111_pop_rx_fifo(smc91c111_state *s)
121 {
122 int i;
123
124 s->rx_fifo_len--;
125 if (s->rx_fifo_len) {
126 for (i = 0; i < s->rx_fifo_len; i++)
127 s->rx_fifo[i] = s->rx_fifo[i + 1];
128 s->int_level |= INT_RCV;
129 } else {
130 s->int_level &= ~INT_RCV;
131 }
132 smc91c111_update(s);
133 }
134
135 /* Remove an item from the TX completion FIFO. */
136 static void smc91c111_pop_tx_fifo_done(smc91c111_state *s)
137 {
138 int i;
139
140 if (s->tx_fifo_done_len == 0)
141 return;
142 s->tx_fifo_done_len--;
143 for (i = 0; i < s->tx_fifo_done_len; i++)
144 s->tx_fifo_done[i] = s->tx_fifo_done[i + 1];
145 }
146
147 /* Release the memory allocated to a packet. */
148 static void smc91c111_release_packet(smc91c111_state *s, int packet)
149 {
150 s->allocated &= ~(1 << packet);
151 if (s->tx_alloc == 0x80)
152 smc91c111_tx_alloc(s);
153 }
154
155 /* Flush the TX FIFO. */
156 static void smc91c111_do_tx(smc91c111_state *s)
157 {
158 int i;
159 int len;
160 int control;
161 int add_crc;
162 int packetnum;
163 uint8_t *p;
164
165 if ((s->tcr & TCR_TXEN) == 0)
166 return;
167 if (s->tx_fifo_len == 0)
168 return;
169 for (i = 0; i < s->tx_fifo_len; i++) {
170 packetnum = s->tx_fifo[i];
171 p = &s->data[packetnum][0];
172 /* Set status word. */
173 *(p++) = 0x01;
174 *(p++) = 0x40;
175 len = *(p++);
176 len |= ((int)*(p++)) << 8;
177 len -= 6;
178 control = p[len + 1];
179 if (control & 0x20)
180 len++;
181 /* ??? This overwrites the data following the buffer.
182 Don't know what real hardware does. */
183 if (len < 64 && (s->tcr & TCR_PAD_EN)) {
184 memset(p + len, 0, 64 - len);
185 len = 64;
186 }
187 #if 0
188 /* The card is supposed to append the CRC to the frame. However
189 none of the other network traffic has the CRC appended.
190 Suspect this is low level ethernet detail we don't need to worry
191 about. */
192 add_crc = (control & 0x10) || (s->tcr & TCR_NOCRC) == 0;
193 if (add_crc) {
194 uint32_t crc;
195
196 crc = crc32(~0, p, len);
197 memcpy(p + len, &crc, 4);
198 len += 4;
199 }
200 #else
201 add_crc = 0;
202 #endif
203 if (s->ctr & CTR_AUTO_RELEASE)
204 /* Race? */
205 smc91c111_release_packet(s, packetnum);
206 else if (s->tx_fifo_done_len < NUM_PACKETS)
207 s->tx_fifo_done[s->tx_fifo_done_len++] = packetnum;
208 qemu_send_packet(s->vc, p, len);
209 }
210 s->tx_fifo_len = 0;
211 smc91c111_update(s);
212 }
213
214 /* Add a packet to the TX FIFO. */
215 static void smc91c111_queue_tx(smc91c111_state *s, int packet)
216 {
217 if (s->tx_fifo_len == NUM_PACKETS)
218 return;
219 s->tx_fifo[s->tx_fifo_len++] = packet;
220 smc91c111_do_tx(s);
221 }
222
223 static void smc91c111_reset(smc91c111_state *s)
224 {
225 s->bank = 0;
226 s->tx_fifo_len = 0;
227 s->tx_fifo_done_len = 0;
228 s->rx_fifo_len = 0;
229 s->allocated = 0;
230 s->packet_num = 0;
231 s->tx_alloc = 0;
232 s->tcr = 0;
233 s->rcr = 0;
234 s->cr = 0xa0b1;
235 s->ctr = 0x1210;
236 s->ptr = 0;
237 s->ercv = 0x1f;
238 s->int_level = INT_TX_EMPTY;
239 s->int_mask = 0;
240 smc91c111_update(s);
241 }
242
243 #define SET_LOW(name, val) s->name = (s->name & 0xff00) | val
244 #define SET_HIGH(name, val) s->name = (s->name & 0xff) | (val << 8)
245
246 static void smc91c111_writeb(void *opaque, target_phys_addr_t offset,
247 uint32_t value)
248 {
249 smc91c111_state *s = (smc91c111_state *)opaque;
250
251 offset -= s->base;
252 if (offset == 14) {
253 s->bank = value;
254 return;
255 }
256 if (offset == 15)
257 return;
258 switch (s->bank) {
259 case 0:
260 switch (offset) {
261 case 0: /* TCR */
262 SET_LOW(tcr, value);
263 return;
264 case 1:
265 SET_HIGH(tcr, value);
266 return;
267 case 4: /* RCR */
268 SET_LOW(rcr, value);
269 return;
270 case 5:
271 SET_HIGH(rcr, value);
272 if (s->rcr & RCR_SOFT_RST)
273 smc91c111_reset(s);
274 return;
275 case 10: case 11: /* RPCR */
276 /* Ignored */
277 return;
278 }
279 break;
280
281 case 1:
282 switch (offset) {
283 case 0: /* CONFIG */
284 SET_LOW(cr, value);
285 return;
286 case 1:
287 SET_HIGH(cr,value);
288 return;
289 case 2: case 3: /* BASE */
290 case 4: case 5: case 6: case 7: case 8: case 9: /* IA */
291 /* Not implemented. */
292 return;
293 case 10: /* Genral Purpose */
294 SET_LOW(gpr, value);
295 return;
296 case 11:
297 SET_HIGH(gpr, value);
298 return;
299 case 12: /* Control */
300 if (value & 1)
301 fprintf(stderr, "smc91c111:EEPROM store not implemented\n");
302 if (value & 2)
303 fprintf(stderr, "smc91c111:EEPROM reload not implemented\n");
304 value &= ~3;
305 SET_LOW(ctr, value);
306 return;
307 case 13:
308 SET_HIGH(ctr, value);
309 return;
310 }
311 break;
312
313 case 2:
314 switch (offset) {
315 case 0: /* MMU Command */
316 switch (value >> 5) {
317 case 0: /* no-op */
318 break;
319 case 1: /* Allocate for TX. */
320 s->tx_alloc = 0x80;
321 s->int_level &= ~INT_ALLOC;
322 smc91c111_update(s);
323 smc91c111_tx_alloc(s);
324 break;
325 case 2: /* Reset MMU. */
326 s->allocated = 0;
327 s->tx_fifo_len = 0;
328 s->tx_fifo_done_len = 0;
329 s->rx_fifo_len = 0;
330 s->tx_alloc = 0;
331 break;
332 case 3: /* Remove from RX FIFO. */
333 smc91c111_pop_rx_fifo(s);
334 break;
335 case 4: /* Remove from RX FIFO and release. */
336 if (s->rx_fifo_len > 0) {
337 smc91c111_release_packet(s, s->rx_fifo[0]);
338 }
339 smc91c111_pop_rx_fifo(s);
340 break;
341 case 5: /* Release. */
342 smc91c111_release_packet(s, s->packet_num);
343 break;
344 case 6: /* Add to TX FIFO. */
345 smc91c111_queue_tx(s, s->packet_num);
346 break;
347 case 7: /* Reset TX FIFO. */
348 s->tx_fifo_len = 0;
349 s->tx_fifo_done_len = 0;
350 break;
351 }
352 return;
353 case 1:
354 /* Ignore. */
355 return;
356 case 2: /* Packet Number Register */
357 s->packet_num = value;
358 return;
359 case 3: case 4: case 5:
360 /* Should be readonly, but linux writes to them anyway. Ignore. */
361 return;
362 case 6: /* Pointer */
363 SET_LOW(ptr, value);
364 return;
365 case 7:
366 SET_HIGH(ptr, value);
367 return;
368 case 8: case 9: case 10: case 11: /* Data */
369 {
370 int p;
371 int n;
372
373 if (s->ptr & 0x8000)
374 n = s->rx_fifo[0];
375 else
376 n = s->packet_num;
377 p = s->ptr & 0x07ff;
378 if (s->ptr & 0x4000) {
379 s->ptr = (s->ptr & 0xf800) | ((s->ptr + 1) & 0x7ff);
380 } else {
381 p += (offset & 3);
382 }
383 s->data[n][p] = value;
384 }
385 return;
386 case 12: /* Interrupt ACK. */
387 s->int_level &= ~(value & 0xd6);
388 if (value & INT_TX)
389 smc91c111_pop_tx_fifo_done(s);
390 smc91c111_update(s);
391 return;
392 case 13: /* Interrupt mask. */
393 s->int_mask = value;
394 smc91c111_update(s);
395 return;
396 }
397 break;;
398
399 case 3:
400 switch (offset) {
401 case 0: case 1: case 2: case 3: case 4: case 5: case 6: case 7:
402 /* Multicast table. */
403 /* Not implemented. */
404 return;
405 case 8: case 9: /* Management Interface. */
406 /* Not implemented. */
407 return;
408 case 12: /* Early receive. */
409 s->ercv = value & 0x1f;
410 case 13:
411 /* Ignore. */
412 return;
413 }
414 break;
415 }
416 cpu_abort (cpu_single_env, "smc91c111_write: Bad reg %d:%x\n",
417 s->bank, offset);
418 }
419
420 static uint32_t smc91c111_readb(void *opaque, target_phys_addr_t offset)
421 {
422 smc91c111_state *s = (smc91c111_state *)opaque;
423
424 offset -= s->base;
425 if (offset == 14) {
426 return s->bank;
427 }
428 if (offset == 15)
429 return 0x33;
430 switch (s->bank) {
431 case 0:
432 switch (offset) {
433 case 0: /* TCR */
434 return s->tcr & 0xff;
435 case 1:
436 return s->tcr >> 8;
437 case 2: /* EPH Status */
438 return 0;
439 case 3:
440 return 0x40;
441 case 4: /* RCR */
442 return s->rcr & 0xff;
443 case 5:
444 return s->rcr >> 8;
445 case 6: /* Counter */
446 case 7:
447 /* Not implemented. */
448 return 0;
449 case 8: /* Memory size. */
450 return NUM_PACKETS;
451 case 9: /* Free memory available. */
452 {
453 int i;
454 int n;
455 n = 0;
456 for (i = 0; i < NUM_PACKETS; i++) {
457 if (s->allocated & (1 << i))
458 n++;
459 }
460 return n;
461 }
462 case 10: case 11: /* RPCR */
463 /* Not implemented. */
464 return 0;
465 }
466 break;
467
468 case 1:
469 switch (offset) {
470 case 0: /* CONFIG */
471 return s->cr & 0xff;
472 case 1:
473 return s->cr >> 8;
474 case 2: case 3: /* BASE */
475 /* Not implemented. */
476 return 0;
477 case 4: case 5: case 6: case 7: case 8: case 9: /* IA */
478 return s->macaddr[offset - 4];
479 case 10: /* General Purpose */
480 return s->gpr & 0xff;
481 case 11:
482 return s->gpr >> 8;
483 case 12: /* Control */
484 return s->ctr & 0xff;
485 case 13:
486 return s->ctr >> 8;
487 }
488 break;
489
490 case 2:
491 switch (offset) {
492 case 0: case 1: /* MMUCR Busy bit. */
493 return 0;
494 case 2: /* Packet Number. */
495 return s->packet_num;
496 case 3: /* Allocation Result. */
497 return s->tx_alloc;
498 case 4: /* TX FIFO */
499 if (s->tx_fifo_done_len == 0)
500 return 0x80;
501 else
502 return s->tx_fifo_done[0];
503 case 5: /* RX FIFO */
504 if (s->rx_fifo_len == 0)
505 return 0x80;
506 else
507 return s->rx_fifo[0];
508 case 6: /* Pointer */
509 return s->ptr & 0xff;
510 case 7:
511 return (s->ptr >> 8) & 0xf7;
512 case 8: case 9: case 10: case 11: /* Data */
513 {
514 int p;
515 int n;
516
517 if (s->ptr & 0x8000)
518 n = s->rx_fifo[0];
519 else
520 n = s->packet_num;
521 p = s->ptr & 0x07ff;
522 if (s->ptr & 0x4000) {
523 s->ptr = (s->ptr & 0xf800) | ((s->ptr + 1) & 0x07ff);
524 } else {
525 p += (offset & 3);
526 }
527 return s->data[n][p];
528 }
529 case 12: /* Interrupt status. */
530 return s->int_level;
531 case 13: /* Interrupt mask. */
532 return s->int_mask;
533 }
534 break;
535
536 case 3:
537 switch (offset) {
538 case 0: case 1: case 2: case 3: case 4: case 5: case 6: case 7:
539 /* Multicast table. */
540 /* Not implemented. */
541 return 0;
542 case 8: /* Management Interface. */
543 /* Not implemented. */
544 return 0x30;
545 case 9:
546 return 0x33;
547 case 10: /* Revision. */
548 return 0x91;
549 case 11:
550 return 0x33;
551 case 12:
552 return s->ercv;
553 case 13:
554 return 0;
555 }
556 break;
557 }
558 cpu_abort (cpu_single_env, "smc91c111_read: Bad reg %d:%x\n",
559 s->bank, offset);
560 return 0;
561 }
562
563 static void smc91c111_writew(void *opaque, target_phys_addr_t offset,
564 uint32_t value)
565 {
566 smc91c111_writeb(opaque, offset, value & 0xff);
567 smc91c111_writeb(opaque, offset + 1, value >> 8);
568 }
569
570 static void smc91c111_writel(void *opaque, target_phys_addr_t offset,
571 uint32_t value)
572 {
573 smc91c111_state *s = (smc91c111_state *)opaque;
574 /* 32-bit writes to offset 0xc only actually write to the bank select
575 register (offset 0xe) */
576 if (offset != s->base + 0xc)
577 smc91c111_writew(opaque, offset, value & 0xffff);
578 smc91c111_writew(opaque, offset + 2, value >> 16);
579 }
580
581 static uint32_t smc91c111_readw(void *opaque, target_phys_addr_t offset)
582 {
583 uint32_t val;
584 val = smc91c111_readb(opaque, offset);
585 val |= smc91c111_readb(opaque, offset + 1) << 8;
586 return val;
587 }
588
589 static uint32_t smc91c111_readl(void *opaque, target_phys_addr_t offset)
590 {
591 uint32_t val;
592 val = smc91c111_readw(opaque, offset);
593 val |= smc91c111_readw(opaque, offset + 2) << 16;
594 return val;
595 }
596
597 static int smc91c111_can_receive(void *opaque)
598 {
599 smc91c111_state *s = (smc91c111_state *)opaque;
600
601 if ((s->rcr & RCR_RXEN) == 0 || (s->rcr & RCR_SOFT_RST))
602 return 1;
603 if (s->allocated == (1 << NUM_PACKETS) - 1)
604 return 0;
605 return 1;
606 }
607
608 static void smc91c111_receive(void *opaque, const uint8_t *buf, int size)
609 {
610 smc91c111_state *s = (smc91c111_state *)opaque;
611 int status;
612 int packetsize;
613 uint32_t crc;
614 int packetnum;
615 uint8_t *p;
616
617 if ((s->rcr & RCR_RXEN) == 0 || (s->rcr & RCR_SOFT_RST))
618 return;
619 /* Short packets are padded with zeros. Receiving a packet
620 < 64 bytes long is considered an error condition. */
621 if (size < 64)
622 packetsize = 64;
623 else
624 packetsize = (size & ~1);
625 packetsize += 6;
626 crc = (s->rcr & RCR_STRIP_CRC) == 0;
627 if (crc)
628 packetsize += 4;
629 /* TODO: Flag overrun and receive errors. */
630 if (packetsize > 2048)
631 return;
632 packetnum = smc91c111_allocate_packet(s);
633 if (packetnum == 0x80)
634 return;
635 s->rx_fifo[s->rx_fifo_len++] = packetnum;
636
637 p = &s->data[packetnum][0];
638 /* ??? Multicast packets? */
639 status = 0;
640 if (size > 1518)
641 status |= RS_TOOLONG;
642 if (size & 1)
643 status |= RS_ODDFRAME;
644 *(p++) = status & 0xff;
645 *(p++) = status >> 8;
646 *(p++) = packetsize & 0xff;
647 *(p++) = packetsize >> 8;
648 memcpy(p, buf, size & ~1);
649 p += (size & ~1);
650 /* Pad short packets. */
651 if (size < 64) {
652 int pad;
653
654 if (size & 1)
655 *(p++) = buf[size - 1];
656 pad = 64 - size;
657 memset(p, 0, pad);
658 p += pad;
659 size = 64;
660 }
661 /* It's not clear if the CRC should go before or after the last byte in
662 odd sized packets. Linux disables the CRC, so that's no help.
663 The pictures in the documentation show the CRC aligned on a 16-bit
664 boundary before the last odd byte, so that's what we do. */
665 if (crc) {
666 crc = crc32(~0, buf, size);
667 *(p++) = crc & 0xff; crc >>= 8;
668 *(p++) = crc & 0xff; crc >>= 8;
669 *(p++) = crc & 0xff; crc >>= 8;
670 *(p++) = crc & 0xff; crc >>= 8;
671 }
672 if (size & 1) {
673 *(p++) = buf[size - 1];
674 *(p++) = 0x60;
675 } else {
676 *(p++) = 0;
677 *(p++) = 0x40;
678 }
679 /* TODO: Raise early RX interrupt? */
680 s->int_level |= INT_RCV;
681 smc91c111_update(s);
682 }
683
684 static CPUReadMemoryFunc *smc91c111_readfn[] = {
685 smc91c111_readb,
686 smc91c111_readw,
687 smc91c111_readl
688 };
689
690 static CPUWriteMemoryFunc *smc91c111_writefn[] = {
691 smc91c111_writeb,
692 smc91c111_writew,
693 smc91c111_writel
694 };
695
696 void smc91c111_init(NICInfo *nd, uint32_t base, void *pic, int irq)
697 {
698 smc91c111_state *s;
699 int iomemtype;
700
701 s = (smc91c111_state *)qemu_mallocz(sizeof(smc91c111_state));
702 iomemtype = cpu_register_io_memory(0, smc91c111_readfn,
703 smc91c111_writefn, s);
704 cpu_register_physical_memory(base, 16, iomemtype);
705 s->base = base;
706 s->pic = pic;
707 s->irq = irq;
708 memcpy(s->macaddr, nd->macaddr, 6);
709
710 smc91c111_reset(s);
711
712 s->vc = qemu_new_vlan_client(nd->vlan, smc91c111_receive,
713 smc91c111_can_receive, s);
714 /* ??? Save/restore. */
715 }
Qemu copy for testing