2 * SMSC LAN9118 Ethernet interface emulation
4 * Copyright (c) 2009 CodeSourcery, LLC.
5 * Written by Paul Brook
7 * This code is licensed under the GNU GPL v2
9 * Contributions after 2012-01-13 are licensed under the terms of the
10 * GNU GPL, version 2 or (at your option) any later version.
13 #include "hw/sysbus.h"
15 #include "hw/devices.h"
16 #include "sysemu/sysemu.h"
17 #include "hw/ptimer.h"
21 //#define DEBUG_LAN9118
24 #define DPRINTF(fmt, ...) \
25 do { printf("lan9118: " fmt , ## __VA_ARGS__); } while (0)
26 #define BADF(fmt, ...) \
27 do { hw_error("lan9118: error: " fmt , ## __VA_ARGS__);} while (0)
29 #define DPRINTF(fmt, ...) do {} while(0)
30 #define BADF(fmt, ...) \
31 do { fprintf(stderr, "lan9118: error: " fmt , ## __VA_ARGS__);} while (0)
34 #define CSR_ID_REV 0x50
35 #define CSR_IRQ_CFG 0x54
36 #define CSR_INT_STS 0x58
37 #define CSR_INT_EN 0x5c
38 #define CSR_BYTE_TEST 0x64
39 #define CSR_FIFO_INT 0x68
40 #define CSR_RX_CFG 0x6c
41 #define CSR_TX_CFG 0x70
42 #define CSR_HW_CFG 0x74
43 #define CSR_RX_DP_CTRL 0x78
44 #define CSR_RX_FIFO_INF 0x7c
45 #define CSR_TX_FIFO_INF 0x80
46 #define CSR_PMT_CTRL 0x84
47 #define CSR_GPIO_CFG 0x88
48 #define CSR_GPT_CFG 0x8c
49 #define CSR_GPT_CNT 0x90
50 #define CSR_WORD_SWAP 0x98
51 #define CSR_FREE_RUN 0x9c
52 #define CSR_RX_DROP 0xa0
53 #define CSR_MAC_CSR_CMD 0xa4
54 #define CSR_MAC_CSR_DATA 0xa8
55 #define CSR_AFC_CFG 0xac
56 #define CSR_E2P_CMD 0xb0
57 #define CSR_E2P_DATA 0xb4
60 #define IRQ_INT 0x00001000
61 #define IRQ_EN 0x00000100
62 #define IRQ_POL 0x00000010
63 #define IRQ_TYPE 0x00000001
66 #define SW_INT 0x80000000
67 #define TXSTOP_INT 0x02000000
68 #define RXSTOP_INT 0x01000000
69 #define RXDFH_INT 0x00800000
70 #define TX_IOC_INT 0x00200000
71 #define RXD_INT 0x00100000
72 #define GPT_INT 0x00080000
73 #define PHY_INT 0x00040000
74 #define PME_INT 0x00020000
75 #define TXSO_INT 0x00010000
76 #define RWT_INT 0x00008000
77 #define RXE_INT 0x00004000
78 #define TXE_INT 0x00002000
79 #define TDFU_INT 0x00000800
80 #define TDFO_INT 0x00000400
81 #define TDFA_INT 0x00000200
82 #define TSFF_INT 0x00000100
83 #define TSFL_INT 0x00000080
84 #define RXDF_INT 0x00000040
85 #define RDFL_INT 0x00000020
86 #define RSFF_INT 0x00000010
87 #define RSFL_INT 0x00000008
88 #define GPIO2_INT 0x00000004
89 #define GPIO1_INT 0x00000002
90 #define GPIO0_INT 0x00000001
91 #define RESERVED_INT 0x7c001000
99 #define MAC_MII_DATA 7
101 #define MAC_VLAN1 9 /* TODO */
102 #define MAC_VLAN2 10 /* TODO */
103 #define MAC_WUFF 11 /* TODO */
104 #define MAC_WUCSR 12 /* TODO */
106 #define MAC_CR_RXALL 0x80000000
107 #define MAC_CR_RCVOWN 0x00800000
108 #define MAC_CR_LOOPBK 0x00200000
109 #define MAC_CR_FDPX 0x00100000
110 #define MAC_CR_MCPAS 0x00080000
111 #define MAC_CR_PRMS 0x00040000
112 #define MAC_CR_INVFILT 0x00020000
113 #define MAC_CR_PASSBAD 0x00010000
114 #define MAC_CR_HO 0x00008000
115 #define MAC_CR_HPFILT 0x00002000
116 #define MAC_CR_LCOLL 0x00001000
117 #define MAC_CR_BCAST 0x00000800
118 #define MAC_CR_DISRTY 0x00000400
119 #define MAC_CR_PADSTR 0x00000100
120 #define MAC_CR_BOLMT 0x000000c0
121 #define MAC_CR_DFCHK 0x00000020
122 #define MAC_CR_TXEN 0x00000008
123 #define MAC_CR_RXEN 0x00000004
124 #define MAC_CR_RESERVED 0x7f404213
126 #define PHY_INT_ENERGYON 0x80
127 #define PHY_INT_AUTONEG_COMPLETE 0x40
128 #define PHY_INT_FAULT 0x20
129 #define PHY_INT_DOWN 0x10
130 #define PHY_INT_AUTONEG_LP 0x08
131 #define PHY_INT_PARFAULT 0x04
132 #define PHY_INT_AUTONEG_PAGE 0x02
134 #define GPT_TIMER_EN 0x20000000
143 /* state is a tx_state but we can't put enums in VMStateDescriptions. */
155 static const VMStateDescription vmstate_lan9118_packet = {
156 .name = "lan9118_packet",
158 .minimum_version_id = 1,
159 .fields = (VMStateField[]) {
160 VMSTATE_UINT32(state, LAN9118Packet),
161 VMSTATE_UINT32(cmd_a, LAN9118Packet),
162 VMSTATE_UINT32(cmd_b, LAN9118Packet),
163 VMSTATE_INT32(buffer_size, LAN9118Packet),
164 VMSTATE_INT32(offset, LAN9118Packet),
165 VMSTATE_INT32(pad, LAN9118Packet),
166 VMSTATE_INT32(fifo_used, LAN9118Packet),
167 VMSTATE_INT32(len, LAN9118Packet),
168 VMSTATE_UINT8_ARRAY(data, LAN9118Packet, 2048),
169 VMSTATE_END_OF_LIST()
173 #define TYPE_LAN9118 "lan9118"
174 #define LAN9118(obj) OBJECT_CHECK(lan9118_state, (obj), TYPE_LAN9118)
177 SysBusDevice parent_obj;
196 uint32_t free_timer_start;
206 uint32_t mac_mii_acc;
207 uint32_t mac_mii_data;
211 uint32_t phy_control;
212 uint32_t phy_advertise;
214 uint32_t phy_int_mask;
216 int32_t eeprom_writable;
219 int32_t tx_fifo_size;
221 LAN9118Packet tx_packet;
223 int32_t tx_status_fifo_used;
224 int32_t tx_status_fifo_head;
225 uint32_t tx_status_fifo[512];
227 int32_t rx_status_fifo_size;
228 int32_t rx_status_fifo_used;
229 int32_t rx_status_fifo_head;
230 uint32_t rx_status_fifo[896];
231 int32_t rx_fifo_size;
232 int32_t rx_fifo_used;
233 int32_t rx_fifo_head;
234 uint32_t rx_fifo[3360];
235 int32_t rx_packet_size_head;
236 int32_t rx_packet_size_tail;
237 int32_t rx_packet_size[1024];
243 uint32_t write_word_prev_offset;
244 uint32_t write_word_n;
245 uint16_t write_word_l;
246 uint16_t write_word_h;
247 uint32_t read_word_prev_offset;
248 uint32_t read_word_n;
254 static const VMStateDescription vmstate_lan9118 = {
257 .minimum_version_id = 1,
258 .fields = (VMStateField[]) {
259 VMSTATE_PTIMER(timer, lan9118_state),
260 VMSTATE_UINT32(irq_cfg, lan9118_state),
261 VMSTATE_UINT32(int_sts, lan9118_state),
262 VMSTATE_UINT32(int_en, lan9118_state),
263 VMSTATE_UINT32(fifo_int, lan9118_state),
264 VMSTATE_UINT32(rx_cfg, lan9118_state),
265 VMSTATE_UINT32(tx_cfg, lan9118_state),
266 VMSTATE_UINT32(hw_cfg, lan9118_state),
267 VMSTATE_UINT32(pmt_ctrl, lan9118_state),
268 VMSTATE_UINT32(gpio_cfg, lan9118_state),
269 VMSTATE_UINT32(gpt_cfg, lan9118_state),
270 VMSTATE_UINT32(word_swap, lan9118_state),
271 VMSTATE_UINT32(free_timer_start, lan9118_state),
272 VMSTATE_UINT32(mac_cmd, lan9118_state),
273 VMSTATE_UINT32(mac_data, lan9118_state),
274 VMSTATE_UINT32(afc_cfg, lan9118_state),
275 VMSTATE_UINT32(e2p_cmd, lan9118_state),
276 VMSTATE_UINT32(e2p_data, lan9118_state),
277 VMSTATE_UINT32(mac_cr, lan9118_state),
278 VMSTATE_UINT32(mac_hashh, lan9118_state),
279 VMSTATE_UINT32(mac_hashl, lan9118_state),
280 VMSTATE_UINT32(mac_mii_acc, lan9118_state),
281 VMSTATE_UINT32(mac_mii_data, lan9118_state),
282 VMSTATE_UINT32(mac_flow, lan9118_state),
283 VMSTATE_UINT32(phy_status, lan9118_state),
284 VMSTATE_UINT32(phy_control, lan9118_state),
285 VMSTATE_UINT32(phy_advertise, lan9118_state),
286 VMSTATE_UINT32(phy_int, lan9118_state),
287 VMSTATE_UINT32(phy_int_mask, lan9118_state),
288 VMSTATE_INT32(eeprom_writable, lan9118_state),
289 VMSTATE_UINT8_ARRAY(eeprom, lan9118_state, 128),
290 VMSTATE_INT32(tx_fifo_size, lan9118_state),
291 /* txp always points at tx_packet so need not be saved */
292 VMSTATE_STRUCT(tx_packet, lan9118_state, 0,
293 vmstate_lan9118_packet, LAN9118Packet),
294 VMSTATE_INT32(tx_status_fifo_used, lan9118_state),
295 VMSTATE_INT32(tx_status_fifo_head, lan9118_state),
296 VMSTATE_UINT32_ARRAY(tx_status_fifo, lan9118_state, 512),
297 VMSTATE_INT32(rx_status_fifo_size, lan9118_state),
298 VMSTATE_INT32(rx_status_fifo_used, lan9118_state),
299 VMSTATE_INT32(rx_status_fifo_head, lan9118_state),
300 VMSTATE_UINT32_ARRAY(rx_status_fifo, lan9118_state, 896),
301 VMSTATE_INT32(rx_fifo_size, lan9118_state),
302 VMSTATE_INT32(rx_fifo_used, lan9118_state),
303 VMSTATE_INT32(rx_fifo_head, lan9118_state),
304 VMSTATE_UINT32_ARRAY(rx_fifo, lan9118_state, 3360),
305 VMSTATE_INT32(rx_packet_size_head, lan9118_state),
306 VMSTATE_INT32(rx_packet_size_tail, lan9118_state),
307 VMSTATE_INT32_ARRAY(rx_packet_size, lan9118_state, 1024),
308 VMSTATE_INT32(rxp_offset, lan9118_state),
309 VMSTATE_INT32(rxp_size, lan9118_state),
310 VMSTATE_INT32(rxp_pad, lan9118_state),
311 VMSTATE_UINT32_V(write_word_prev_offset, lan9118_state, 2),
312 VMSTATE_UINT32_V(write_word_n, lan9118_state, 2),
313 VMSTATE_UINT16_V(write_word_l, lan9118_state, 2),
314 VMSTATE_UINT16_V(write_word_h, lan9118_state, 2),
315 VMSTATE_UINT32_V(read_word_prev_offset, lan9118_state, 2),
316 VMSTATE_UINT32_V(read_word_n, lan9118_state, 2),
317 VMSTATE_UINT32_V(read_long, lan9118_state, 2),
318 VMSTATE_UINT32_V(mode_16bit, lan9118_state, 2),
319 VMSTATE_END_OF_LIST()
323 static void lan9118_update(lan9118_state *s)
327 /* TODO: Implement FIFO level IRQs. */
328 level = (s->int_sts & s->int_en) != 0;
330 s->irq_cfg |= IRQ_INT;
332 s->irq_cfg &= ~IRQ_INT;
334 if ((s->irq_cfg & IRQ_EN) == 0) {
337 if ((s->irq_cfg & (IRQ_TYPE | IRQ_POL)) != (IRQ_TYPE | IRQ_POL)) {
338 /* Interrupt is active low unless we're configured as
339 * active-high polarity, push-pull type.
343 qemu_set_irq(s->irq, level);
346 static void lan9118_mac_changed(lan9118_state *s)
348 qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a);
351 static void lan9118_reload_eeprom(lan9118_state *s)
354 if (s->eeprom[0] != 0xa5) {
356 DPRINTF("MACADDR load failed\n");
359 for (i = 0; i < 6; i++) {
360 s->conf.macaddr.a[i] = s->eeprom[i + 1];
363 DPRINTF("MACADDR loaded from eeprom\n");
364 lan9118_mac_changed(s);
367 static void phy_update_irq(lan9118_state *s)
369 if (s->phy_int & s->phy_int_mask) {
370 s->int_sts |= PHY_INT;
372 s->int_sts &= ~PHY_INT;
377 static void phy_update_link(lan9118_state *s)
379 /* Autonegotiation status mirrors link status. */
380 if (qemu_get_queue(s->nic)->link_down) {
381 s->phy_status &= ~0x0024;
382 s->phy_int |= PHY_INT_DOWN;
384 s->phy_status |= 0x0024;
385 s->phy_int |= PHY_INT_ENERGYON;
386 s->phy_int |= PHY_INT_AUTONEG_COMPLETE;
391 static void lan9118_set_link(NetClientState *nc)
393 phy_update_link(qemu_get_nic_opaque(nc));
396 static void phy_reset(lan9118_state *s)
398 s->phy_status = 0x7809;
399 s->phy_control = 0x3000;
400 s->phy_advertise = 0x01e1;
406 static void lan9118_reset(DeviceState *d)
408 lan9118_state *s = LAN9118(d);
410 s->irq_cfg &= (IRQ_TYPE | IRQ_POL);
413 s->fifo_int = 0x48000000;
416 s->hw_cfg = s->mode_16bit ? 0x00050000 : 0x00050004;
419 s->txp->fifo_used = 0;
420 s->txp->state = TX_IDLE;
421 s->txp->cmd_a = 0xffffffffu;
422 s->txp->cmd_b = 0xffffffffu;
424 s->txp->fifo_used = 0;
425 s->tx_fifo_size = 4608;
426 s->tx_status_fifo_used = 0;
427 s->rx_status_fifo_size = 704;
428 s->rx_fifo_size = 2640;
430 s->rx_status_fifo_size = 176;
431 s->rx_status_fifo_used = 0;
435 s->rx_packet_size_tail = s->rx_packet_size_head;
436 s->rx_packet_size[s->rx_packet_size_head] = 0;
442 s->free_timer_start = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) / 40;
444 ptimer_stop(s->timer);
445 ptimer_set_count(s->timer, 0xffff);
448 s->mac_cr = MAC_CR_PRMS;
460 s->eeprom_writable = 0;
461 lan9118_reload_eeprom(s);
464 static void rx_fifo_push(lan9118_state *s, uint32_t val)
467 fifo_pos = s->rx_fifo_head + s->rx_fifo_used;
468 if (fifo_pos >= s->rx_fifo_size)
469 fifo_pos -= s->rx_fifo_size;
470 s->rx_fifo[fifo_pos] = val;
474 /* Return nonzero if the packet is accepted by the filter. */
475 static int lan9118_filter(lan9118_state *s, const uint8_t *addr)
480 if (s->mac_cr & MAC_CR_PRMS) {
483 if (addr[0] == 0xff && addr[1] == 0xff && addr[2] == 0xff &&
484 addr[3] == 0xff && addr[4] == 0xff && addr[5] == 0xff) {
485 return (s->mac_cr & MAC_CR_BCAST) == 0;
488 multicast = addr[0] & 1;
489 if (multicast &&s->mac_cr & MAC_CR_MCPAS) {
492 if (multicast ? (s->mac_cr & MAC_CR_HPFILT) == 0
493 : (s->mac_cr & MAC_CR_HO) == 0) {
494 /* Exact matching. */
495 hash = memcmp(addr, s->conf.macaddr.a, 6);
496 if (s->mac_cr & MAC_CR_INVFILT) {
503 hash = compute_mcast_idx(addr);
505 return (s->mac_hashh >> (hash & 0x1f)) & 1;
507 return (s->mac_hashl >> (hash & 0x1f)) & 1;
512 static ssize_t lan9118_receive(NetClientState *nc, const uint8_t *buf,
515 lan9118_state *s = qemu_get_nic_opaque(nc);
525 if ((s->mac_cr & MAC_CR_RXEN) == 0) {
529 if (size >= 2048 || size < 14) {
533 /* TODO: Implement FIFO overflow notification. */
534 if (s->rx_status_fifo_used == s->rx_status_fifo_size) {
538 filter = lan9118_filter(s, buf);
539 if (!filter && (s->mac_cr & MAC_CR_RXALL) == 0) {
543 offset = (s->rx_cfg >> 8) & 0x1f;
545 fifo_len = (size + n + 3) >> 2;
546 /* Add a word for the CRC. */
548 if (s->rx_fifo_size - s->rx_fifo_used < fifo_len) {
552 DPRINTF("Got packet len:%d fifo:%d filter:%s\n",
553 (int)size, fifo_len, filter ? "pass" : "fail");
555 crc = bswap32(crc32(~0, buf, size));
556 for (src_pos = 0; src_pos < size; src_pos++) {
557 val = (val >> 8) | ((uint32_t)buf[src_pos] << 24);
561 rx_fifo_push(s, val);
566 val >>= ((4 - n) * 8);
567 val |= crc << (n * 8);
568 rx_fifo_push(s, val);
569 val = crc >> ((4 - n) * 8);
570 rx_fifo_push(s, val);
572 rx_fifo_push(s, crc);
574 n = s->rx_status_fifo_head + s->rx_status_fifo_used;
575 if (n >= s->rx_status_fifo_size) {
576 n -= s->rx_status_fifo_size;
578 s->rx_packet_size[s->rx_packet_size_tail] = fifo_len;
579 s->rx_packet_size_tail = (s->rx_packet_size_tail + 1023) & 1023;
580 s->rx_status_fifo_used++;
582 status = (size + 4) << 16;
583 if (buf[0] == 0xff && buf[1] == 0xff && buf[2] == 0xff &&
584 buf[3] == 0xff && buf[4] == 0xff && buf[5] == 0xff) {
585 status |= 0x00002000;
586 } else if (buf[0] & 1) {
587 status |= 0x00000400;
590 status |= 0x40000000;
592 s->rx_status_fifo[n] = status;
594 if (s->rx_status_fifo_used > (s->fifo_int & 0xff)) {
595 s->int_sts |= RSFL_INT;
602 static uint32_t rx_fifo_pop(lan9118_state *s)
607 if (s->rxp_size == 0 && s->rxp_pad == 0) {
608 s->rxp_size = s->rx_packet_size[s->rx_packet_size_head];
609 s->rx_packet_size[s->rx_packet_size_head] = 0;
610 if (s->rxp_size != 0) {
611 s->rx_packet_size_head = (s->rx_packet_size_head + 1023) & 1023;
612 s->rxp_offset = (s->rx_cfg >> 10) & 7;
613 n = s->rxp_offset + s->rxp_size;
614 switch (s->rx_cfg >> 30) {
626 DPRINTF("Pop packet size:%d offset:%d pad: %d\n",
627 s->rxp_size, s->rxp_offset, s->rxp_pad);
630 if (s->rxp_offset > 0) {
633 } else if (s->rxp_size > 0) {
635 val = s->rx_fifo[s->rx_fifo_head++];
636 if (s->rx_fifo_head >= s->rx_fifo_size) {
637 s->rx_fifo_head -= s->rx_fifo_size;
640 } else if (s->rxp_pad > 0) {
644 DPRINTF("RX underflow\n");
645 s->int_sts |= RXE_INT;
652 static void do_tx_packet(lan9118_state *s)
657 /* FIXME: Honor TX disable, and allow queueing of packets. */
658 if (s->phy_control & 0x4000) {
659 /* This assumes the receive routine doesn't touch the VLANClient. */
660 lan9118_receive(qemu_get_queue(s->nic), s->txp->data, s->txp->len);
662 qemu_send_packet(qemu_get_queue(s->nic), s->txp->data, s->txp->len);
664 s->txp->fifo_used = 0;
666 if (s->tx_status_fifo_used == 512) {
667 /* Status FIFO full */
670 /* Add entry to status FIFO. */
671 status = s->txp->cmd_b & 0xffff0000u;
672 DPRINTF("Sent packet tag:%04x len %d\n", status >> 16, s->txp->len);
673 n = (s->tx_status_fifo_head + s->tx_status_fifo_used) & 511;
674 s->tx_status_fifo[n] = status;
675 s->tx_status_fifo_used++;
676 if (s->tx_status_fifo_used == 512) {
677 s->int_sts |= TSFF_INT;
678 /* TODO: Stop transmission. */
682 static uint32_t rx_status_fifo_pop(lan9118_state *s)
686 val = s->rx_status_fifo[s->rx_status_fifo_head];
687 if (s->rx_status_fifo_used != 0) {
688 s->rx_status_fifo_used--;
689 s->rx_status_fifo_head++;
690 if (s->rx_status_fifo_head >= s->rx_status_fifo_size) {
691 s->rx_status_fifo_head -= s->rx_status_fifo_size;
693 /* ??? What value should be returned when the FIFO is empty? */
694 DPRINTF("RX status pop 0x%08x\n", val);
699 static uint32_t tx_status_fifo_pop(lan9118_state *s)
703 val = s->tx_status_fifo[s->tx_status_fifo_head];
704 if (s->tx_status_fifo_used != 0) {
705 s->tx_status_fifo_used--;
706 s->tx_status_fifo_head = (s->tx_status_fifo_head + 1) & 511;
707 /* ??? What value should be returned when the FIFO is empty? */
712 static void tx_fifo_push(lan9118_state *s, uint32_t val)
716 if (s->txp->fifo_used == s->tx_fifo_size) {
717 s->int_sts |= TDFO_INT;
720 switch (s->txp->state) {
722 s->txp->cmd_a = val & 0x831f37ff;
724 s->txp->state = TX_B;
725 s->txp->buffer_size = extract32(s->txp->cmd_a, 0, 11);
726 s->txp->offset = extract32(s->txp->cmd_a, 16, 5);
729 if (s->txp->cmd_a & 0x2000) {
733 /* End alignment does not include command words. */
734 n = (s->txp->buffer_size + s->txp->offset + 3) >> 2;
735 switch ((n >> 24) & 3) {
748 DPRINTF("Block len:%d offset:%d pad:%d cmd %08x\n",
749 s->txp->buffer_size, s->txp->offset, s->txp->pad,
751 s->txp->state = TX_DATA;
754 if (s->txp->offset >= 4) {
758 if (s->txp->buffer_size <= 0 && s->txp->pad != 0) {
761 n = MIN(4, s->txp->buffer_size + s->txp->offset);
762 while (s->txp->offset) {
767 /* Documentation is somewhat unclear on the ordering of bytes
768 in FIFO words. Empirical results show it to be little-endian.
770 /* TODO: FIFO overflow checking. */
772 s->txp->data[s->txp->len] = val & 0xff;
775 s->txp->buffer_size--;
779 if (s->txp->buffer_size <= 0 && s->txp->pad == 0) {
780 if (s->txp->cmd_a & 0x1000) {
783 if (s->txp->cmd_a & 0x80000000) {
784 s->int_sts |= TX_IOC_INT;
786 s->txp->state = TX_IDLE;
792 static uint32_t do_phy_read(lan9118_state *s, int reg)
797 case 0: /* Basic Control */
798 return s->phy_control;
799 case 1: /* Basic Status */
800 return s->phy_status;
805 case 4: /* Auto-neg advertisement */
806 return s->phy_advertise;
807 case 5: /* Auto-neg Link Partner Ability */
809 case 6: /* Auto-neg Expansion */
811 /* TODO 17, 18, 27, 29, 30, 31 */
812 case 29: /* Interrupt source. */
817 case 30: /* Interrupt mask */
818 return s->phy_int_mask;
820 BADF("PHY read reg %d\n", reg);
825 static void do_phy_write(lan9118_state *s, int reg, uint32_t val)
828 case 0: /* Basic Control */
833 s->phy_control = val & 0x7980;
834 /* Complete autonegotiation immediately. */
836 s->phy_status |= 0x0020;
839 case 4: /* Auto-neg advertisement */
840 s->phy_advertise = (val & 0x2d7f) | 0x80;
842 /* TODO 17, 18, 27, 31 */
843 case 30: /* Interrupt mask */
844 s->phy_int_mask = val & 0xff;
848 BADF("PHY write reg %d = 0x%04x\n", reg, val);
852 static void do_mac_write(lan9118_state *s, int reg, uint32_t val)
856 if ((s->mac_cr & MAC_CR_RXEN) != 0 && (val & MAC_CR_RXEN) == 0) {
857 s->int_sts |= RXSTOP_INT;
859 s->mac_cr = val & ~MAC_CR_RESERVED;
860 DPRINTF("MAC_CR: %08x\n", val);
863 s->conf.macaddr.a[4] = val & 0xff;
864 s->conf.macaddr.a[5] = (val >> 8) & 0xff;
865 lan9118_mac_changed(s);
868 s->conf.macaddr.a[0] = val & 0xff;
869 s->conf.macaddr.a[1] = (val >> 8) & 0xff;
870 s->conf.macaddr.a[2] = (val >> 16) & 0xff;
871 s->conf.macaddr.a[3] = (val >> 24) & 0xff;
872 lan9118_mac_changed(s);
881 s->mac_mii_acc = val & 0xffc2;
883 DPRINTF("PHY write %d = 0x%04x\n",
884 (val >> 6) & 0x1f, s->mac_mii_data);
885 do_phy_write(s, (val >> 6) & 0x1f, s->mac_mii_data);
887 s->mac_mii_data = do_phy_read(s, (val >> 6) & 0x1f);
888 DPRINTF("PHY read %d = 0x%04x\n",
889 (val >> 6) & 0x1f, s->mac_mii_data);
893 s->mac_mii_data = val & 0xffff;
896 s->mac_flow = val & 0xffff0000;
899 /* Writing to this register changes a condition for
900 * FrameTooLong bit in rx_status. Since we do not set
901 * FrameTooLong anyway, just ignore write to this.
905 hw_error("lan9118: Unimplemented MAC register write: %d = 0x%x\n",
906 s->mac_cmd & 0xf, val);
910 static uint32_t do_mac_read(lan9118_state *s, int reg)
916 return s->conf.macaddr.a[4] | (s->conf.macaddr.a[5] << 8);
918 return s->conf.macaddr.a[0] | (s->conf.macaddr.a[1] << 8)
919 | (s->conf.macaddr.a[2] << 16) | (s->conf.macaddr.a[3] << 24);
927 return s->mac_mii_acc;
929 return s->mac_mii_data;
933 hw_error("lan9118: Unimplemented MAC register read: %d\n",
938 static void lan9118_eeprom_cmd(lan9118_state *s, int cmd, int addr)
940 s->e2p_cmd = (s->e2p_cmd & 0x10) | (cmd << 28) | addr;
943 s->e2p_data = s->eeprom[addr];
944 DPRINTF("EEPROM Read %d = 0x%02x\n", addr, s->e2p_data);
947 s->eeprom_writable = 0;
948 DPRINTF("EEPROM Write Disable\n");
951 s->eeprom_writable = 1;
952 DPRINTF("EEPROM Write Enable\n");
955 if (s->eeprom_writable) {
956 s->eeprom[addr] &= s->e2p_data;
957 DPRINTF("EEPROM Write %d = 0x%02x\n", addr, s->e2p_data);
959 DPRINTF("EEPROM Write %d (ignored)\n", addr);
963 if (s->eeprom_writable) {
964 for (addr = 0; addr < 128; addr++) {
965 s->eeprom[addr] &= s->e2p_data;
967 DPRINTF("EEPROM Write All 0x%02x\n", s->e2p_data);
969 DPRINTF("EEPROM Write All (ignored)\n");
973 if (s->eeprom_writable) {
974 s->eeprom[addr] = 0xff;
975 DPRINTF("EEPROM Erase %d\n", addr);
977 DPRINTF("EEPROM Erase %d (ignored)\n", addr);
981 if (s->eeprom_writable) {
982 memset(s->eeprom, 0xff, 128);
983 DPRINTF("EEPROM Erase All\n");
985 DPRINTF("EEPROM Erase All (ignored)\n");
989 lan9118_reload_eeprom(s);
994 static void lan9118_tick(void *opaque)
996 lan9118_state *s = (lan9118_state *)opaque;
997 if (s->int_en & GPT_INT) {
998 s->int_sts |= GPT_INT;
1003 static void lan9118_writel(void *opaque, hwaddr offset,
1004 uint64_t val, unsigned size)
1006 lan9118_state *s = (lan9118_state *)opaque;
1009 //DPRINTF("Write reg 0x%02x = 0x%08x\n", (int)offset, val);
1010 if (offset >= 0x20 && offset < 0x40) {
1012 tx_fifo_push(s, val);
1017 /* TODO: Implement interrupt deassertion intervals. */
1018 val &= (IRQ_EN | IRQ_POL | IRQ_TYPE);
1019 s->irq_cfg = (s->irq_cfg & IRQ_INT) | val;
1025 s->int_en = val & ~RESERVED_INT;
1026 s->int_sts |= val & SW_INT;
1029 DPRINTF("FIFO INT levels %08x\n", val);
1035 s->rx_fifo_used = 0;
1036 s->rx_status_fifo_used = 0;
1037 s->rx_packet_size_tail = s->rx_packet_size_head;
1038 s->rx_packet_size[s->rx_packet_size_head] = 0;
1040 s->rx_cfg = val & 0xcfff1ff0;
1044 s->tx_status_fifo_used = 0;
1047 s->txp->state = TX_IDLE;
1048 s->txp->fifo_used = 0;
1049 s->txp->cmd_a = 0xffffffff;
1051 s->tx_cfg = val & 6;
1056 lan9118_reset(DEVICE(s));
1058 s->hw_cfg = (val & 0x003f300) | (s->hw_cfg & 0x4);
1061 case CSR_RX_DP_CTRL:
1062 if (val & 0x80000000) {
1063 /* Skip forward to next packet. */
1066 if (s->rxp_size == 0) {
1067 /* Pop a word to start the next packet. */
1072 s->rx_fifo_head += s->rxp_size;
1073 if (s->rx_fifo_head >= s->rx_fifo_size) {
1074 s->rx_fifo_head -= s->rx_fifo_size;
1082 s->pmt_ctrl &= ~0x34e;
1083 s->pmt_ctrl |= (val & 0x34e);
1086 /* Probably just enabling LEDs. */
1087 s->gpio_cfg = val & 0x7777071f;
1090 if ((s->gpt_cfg ^ val) & GPT_TIMER_EN) {
1091 if (val & GPT_TIMER_EN) {
1092 ptimer_set_count(s->timer, val & 0xffff);
1093 ptimer_run(s->timer, 0);
1095 ptimer_stop(s->timer);
1096 ptimer_set_count(s->timer, 0xffff);
1099 s->gpt_cfg = val & (GPT_TIMER_EN | 0xffff);
1102 /* Ignored because we're in 32-bit mode. */
1105 case CSR_MAC_CSR_CMD:
1106 s->mac_cmd = val & 0x4000000f;
1107 if (val & 0x80000000) {
1108 if (val & 0x40000000) {
1109 s->mac_data = do_mac_read(s, val & 0xf);
1110 DPRINTF("MAC read %d = 0x%08x\n", val & 0xf, s->mac_data);
1112 DPRINTF("MAC write %d = 0x%08x\n", val & 0xf, s->mac_data);
1113 do_mac_write(s, val & 0xf, s->mac_data);
1117 case CSR_MAC_CSR_DATA:
1121 s->afc_cfg = val & 0x00ffffff;
1124 lan9118_eeprom_cmd(s, (val >> 28) & 7, val & 0x7f);
1127 s->e2p_data = val & 0xff;
1131 hw_error("lan9118_write: Bad reg 0x%x = %x\n", (int)offset, (int)val);
1137 static void lan9118_writew(void *opaque, hwaddr offset,
1140 lan9118_state *s = (lan9118_state *)opaque;
1143 if (s->write_word_prev_offset != (offset & ~0x3)) {
1144 /* New offset, reset word counter */
1145 s->write_word_n = 0;
1146 s->write_word_prev_offset = offset & ~0x3;
1150 s->write_word_h = val;
1152 s->write_word_l = val;
1155 //DPRINTF("Writew reg 0x%02x = 0x%08x\n", (int)offset, val);
1157 if (s->write_word_n == 2) {
1158 s->write_word_n = 0;
1159 lan9118_writel(s, offset & ~3, s->write_word_l +
1160 (s->write_word_h << 16), 4);
1164 static void lan9118_16bit_mode_write(void *opaque, hwaddr offset,
1165 uint64_t val, unsigned size)
1169 lan9118_writew(opaque, offset, (uint32_t)val);
1172 lan9118_writel(opaque, offset, val, size);
1176 hw_error("lan9118_write: Bad size 0x%x\n", size);
1179 static uint64_t lan9118_readl(void *opaque, hwaddr offset,
1182 lan9118_state *s = (lan9118_state *)opaque;
1184 //DPRINTF("Read reg 0x%02x\n", (int)offset);
1185 if (offset < 0x20) {
1187 return rx_fifo_pop(s);
1191 return rx_status_fifo_pop(s);
1193 return s->rx_status_fifo[s->tx_status_fifo_head];
1195 return tx_status_fifo_pop(s);
1197 return s->tx_status_fifo[s->tx_status_fifo_head];
1216 case CSR_RX_DP_CTRL:
1218 case CSR_RX_FIFO_INF:
1219 return (s->rx_status_fifo_used << 16) | (s->rx_fifo_used << 2);
1220 case CSR_TX_FIFO_INF:
1221 return (s->tx_status_fifo_used << 16)
1222 | (s->tx_fifo_size - s->txp->fifo_used);
1230 return ptimer_get_count(s->timer);
1232 return s->word_swap;
1234 return (qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) / 40) - s->free_timer_start;
1236 /* TODO: Implement dropped frames counter. */
1238 case CSR_MAC_CSR_CMD:
1240 case CSR_MAC_CSR_DATA:
1249 hw_error("lan9118_read: Bad reg 0x%x\n", (int)offset);
1253 static uint32_t lan9118_readw(void *opaque, hwaddr offset)
1255 lan9118_state *s = (lan9118_state *)opaque;
1258 if (s->read_word_prev_offset != (offset & ~0x3)) {
1259 /* New offset, reset word counter */
1261 s->read_word_prev_offset = offset & ~0x3;
1265 if (s->read_word_n == 1) {
1266 s->read_long = lan9118_readl(s, offset & ~3, 4);
1272 val = s->read_long >> 16;
1274 val = s->read_long & 0xFFFF;
1277 //DPRINTF("Readw reg 0x%02x, val 0x%x\n", (int)offset, val);
1281 static uint64_t lan9118_16bit_mode_read(void *opaque, hwaddr offset,
1286 return lan9118_readw(opaque, offset);
1288 return lan9118_readl(opaque, offset, size);
1291 hw_error("lan9118_read: Bad size 0x%x\n", size);
1295 static const MemoryRegionOps lan9118_mem_ops = {
1296 .read = lan9118_readl,
1297 .write = lan9118_writel,
1298 .endianness = DEVICE_NATIVE_ENDIAN,
1301 static const MemoryRegionOps lan9118_16bit_mem_ops = {
1302 .read = lan9118_16bit_mode_read,
1303 .write = lan9118_16bit_mode_write,
1304 .endianness = DEVICE_NATIVE_ENDIAN,
1307 static NetClientInfo net_lan9118_info = {
1308 .type = NET_CLIENT_OPTIONS_KIND_NIC,
1309 .size = sizeof(NICState),
1310 .receive = lan9118_receive,
1311 .link_status_changed = lan9118_set_link,
1314 static int lan9118_init1(SysBusDevice *sbd)
1316 DeviceState *dev = DEVICE(sbd);
1317 lan9118_state *s = LAN9118(dev);
1320 const MemoryRegionOps *mem_ops =
1321 s->mode_16bit ? &lan9118_16bit_mem_ops : &lan9118_mem_ops;
1323 memory_region_init_io(&s->mmio, OBJECT(dev), mem_ops, s,
1324 "lan9118-mmio", 0x100);
1325 sysbus_init_mmio(sbd, &s->mmio);
1326 sysbus_init_irq(sbd, &s->irq);
1327 qemu_macaddr_default_if_unset(&s->conf.macaddr);
1329 s->nic = qemu_new_nic(&net_lan9118_info, &s->conf,
1330 object_get_typename(OBJECT(dev)), dev->id, s);
1331 qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a);
1332 s->eeprom[0] = 0xa5;
1333 for (i = 0; i < 6; i++) {
1334 s->eeprom[i + 1] = s->conf.macaddr.a[i];
1337 s->txp = &s->tx_packet;
1339 bh = qemu_bh_new(lan9118_tick, s);
1340 s->timer = ptimer_init(bh);
1341 ptimer_set_freq(s->timer, 10000);
1342 ptimer_set_limit(s->timer, 0xffff, 1);
1347 static Property lan9118_properties[] = {
1348 DEFINE_NIC_PROPERTIES(lan9118_state, conf),
1349 DEFINE_PROP_UINT32("mode_16bit", lan9118_state, mode_16bit, 0),
1350 DEFINE_PROP_END_OF_LIST(),
1353 static void lan9118_class_init(ObjectClass *klass, void *data)
1355 DeviceClass *dc = DEVICE_CLASS(klass);
1356 SysBusDeviceClass *k = SYS_BUS_DEVICE_CLASS(klass);
1358 k->init = lan9118_init1;
1359 dc->reset = lan9118_reset;
1360 dc->props = lan9118_properties;
1361 dc->vmsd = &vmstate_lan9118;
1364 static const TypeInfo lan9118_info = {
1365 .name = TYPE_LAN9118,
1366 .parent = TYPE_SYS_BUS_DEVICE,
1367 .instance_size = sizeof(lan9118_state),
1368 .class_init = lan9118_class_init,
1371 static void lan9118_register_types(void)
1373 type_register_static(&lan9118_info);
1376 /* Legacy helper function. Should go away when machine config files are
1378 void lan9118_init(NICInfo *nd, uint32_t base, qemu_irq irq)
1383 qemu_check_nic_model(nd, "lan9118");
1384 dev = qdev_create(NULL, TYPE_LAN9118);
1385 qdev_set_nic_properties(dev, nd);
1386 qdev_init_nofail(dev);
1387 s = SYS_BUS_DEVICE(dev);
1388 sysbus_mmio_map(s, 0, base);
1389 sysbus_connect_irq(s, 0, irq);
1392 type_init(lan9118_register_types)
Code Review / kvmfornfv.git / blob