1
2
3
4
5
6
7
8
9#include "qemu/osdep.h"
10#include "qemu/log.h"
11#include "hw/irq.h"
12#include "hw/pci/pci.h"
13#include "hw/qdev-properties.h"
14#include "hw/nvram/eeprom93xx.h"
15#include "migration/vmstate.h"
16#include "sysemu/sysemu.h"
17#include "tulip.h"
18#include "trace.h"
19#include "net/eth.h"
20
21typedef struct TULIPState {
22 PCIDevice dev;
23 MemoryRegion io;
24 MemoryRegion memory;
25 NICConf c;
26 qemu_irq irq;
27 NICState *nic;
28 eeprom_t *eeprom;
29 uint32_t csr[16];
30
31
32 uint32_t old_csr9;
33 uint32_t mii_word;
34 uint32_t mii_bitcnt;
35
36 hwaddr current_rx_desc;
37 hwaddr current_tx_desc;
38
39 uint8_t rx_frame[2048];
40 uint8_t tx_frame[2048];
41 uint16_t tx_frame_len;
42 uint16_t rx_frame_len;
43 uint16_t rx_frame_size;
44
45 uint32_t rx_status;
46 uint8_t filter[16][6];
47} TULIPState;
48
49static const VMStateDescription vmstate_pci_tulip = {
50 .name = "tulip",
51 .fields = (VMStateField[]) {
52 VMSTATE_PCI_DEVICE(dev, TULIPState),
53 VMSTATE_UINT32_ARRAY(csr, TULIPState, 16),
54 VMSTATE_UINT32(old_csr9, TULIPState),
55 VMSTATE_UINT32(mii_word, TULIPState),
56 VMSTATE_UINT32(mii_bitcnt, TULIPState),
57 VMSTATE_UINT64(current_rx_desc, TULIPState),
58 VMSTATE_UINT64(current_tx_desc, TULIPState),
59 VMSTATE_BUFFER(rx_frame, TULIPState),
60 VMSTATE_BUFFER(tx_frame, TULIPState),
61 VMSTATE_UINT16(rx_frame_len, TULIPState),
62 VMSTATE_UINT16(tx_frame_len, TULIPState),
63 VMSTATE_UINT16(rx_frame_size, TULIPState),
64 VMSTATE_UINT32(rx_status, TULIPState),
65 VMSTATE_UINT8_2DARRAY(filter, TULIPState, 16, 6),
66 VMSTATE_END_OF_LIST()
67 }
68};
69
70static void tulip_desc_read(TULIPState *s, hwaddr p,
71 struct tulip_descriptor *desc)
72{
73 if (s->csr[0] & CSR0_DBO) {
74 desc->status = ldl_be_pci_dma(&s->dev, p);
75 desc->control = ldl_be_pci_dma(&s->dev, p + 4);
76 desc->buf_addr1 = ldl_be_pci_dma(&s->dev, p + 8);
77 desc->buf_addr2 = ldl_be_pci_dma(&s->dev, p + 12);
78 } else {
79 desc->status = ldl_le_pci_dma(&s->dev, p);
80 desc->control = ldl_le_pci_dma(&s->dev, p + 4);
81 desc->buf_addr1 = ldl_le_pci_dma(&s->dev, p + 8);
82 desc->buf_addr2 = ldl_le_pci_dma(&s->dev, p + 12);
83 }
84}
85
86static void tulip_desc_write(TULIPState *s, hwaddr p,
87 struct tulip_descriptor *desc)
88{
89 if (s->csr[0] & CSR0_DBO) {
90 stl_be_pci_dma(&s->dev, p, desc->status);
91 stl_be_pci_dma(&s->dev, p + 4, desc->control);
92 stl_be_pci_dma(&s->dev, p + 8, desc->buf_addr1);
93 stl_be_pci_dma(&s->dev, p + 12, desc->buf_addr2);
94 } else {
95 stl_le_pci_dma(&s->dev, p, desc->status);
96 stl_le_pci_dma(&s->dev, p + 4, desc->control);
97 stl_le_pci_dma(&s->dev, p + 8, desc->buf_addr1);
98 stl_le_pci_dma(&s->dev, p + 12, desc->buf_addr2);
99 }
100}
101
102static void tulip_update_int(TULIPState *s)
103{
104 uint32_t ie = s->csr[5] & s->csr[7];
105 bool assert = false;
106
107 s->csr[5] &= ~(CSR5_AIS | CSR5_NIS);
108
109 if (ie & (CSR5_TI | CSR5_TU | CSR5_RI | CSR5_GTE | CSR5_ERI)) {
110 s->csr[5] |= CSR5_NIS;
111 }
112
113 if (ie & (CSR5_LC | CSR5_GPI | CSR5_FBE | CSR5_LNF | CSR5_ETI | CSR5_RWT |
114 CSR5_RPS | CSR5_RU | CSR5_UNF | CSR5_LNP_ANC | CSR5_TJT |
115 CSR5_TPS)) {
116 s->csr[5] |= CSR5_AIS;
117 }
118
119 assert = s->csr[5] & s->csr[7] & (CSR5_AIS | CSR5_NIS);
120 trace_tulip_irq(s->csr[5], s->csr[7], assert ? "assert" : "deassert");
121 qemu_set_irq(s->irq, assert);
122}
123
124static bool tulip_rx_stopped(TULIPState *s)
125{
126 return ((s->csr[5] >> CSR5_RS_SHIFT) & CSR5_RS_MASK) == CSR5_RS_STOPPED;
127}
128
129static void tulip_dump_tx_descriptor(TULIPState *s,
130 struct tulip_descriptor *desc)
131{
132 trace_tulip_descriptor("TX ", s->current_tx_desc,
133 desc->status, desc->control >> 22,
134 desc->control & 0x7ff, (desc->control >> 11) & 0x7ff,
135 desc->buf_addr1, desc->buf_addr2);
136}
137
138static void tulip_dump_rx_descriptor(TULIPState *s,
139 struct tulip_descriptor *desc)
140{
141 trace_tulip_descriptor("RX ", s->current_rx_desc,
142 desc->status, desc->control >> 22,
143 desc->control & 0x7ff, (desc->control >> 11) & 0x7ff,
144 desc->buf_addr1, desc->buf_addr2);
145}
146
147static void tulip_next_rx_descriptor(TULIPState *s,
148 struct tulip_descriptor *desc)
149{
150 if (desc->control & RDES1_RER) {
151 s->current_rx_desc = s->csr[3];
152 } else if (desc->control & RDES1_RCH) {
153 s->current_rx_desc = desc->buf_addr2;
154 } else {
155 s->current_rx_desc += sizeof(struct tulip_descriptor) +
156 (((s->csr[0] >> CSR0_DSL_SHIFT) & CSR0_DSL_MASK) << 2);
157 }
158 s->current_rx_desc &= ~3ULL;
159}
160
161static void tulip_copy_rx_bytes(TULIPState *s, struct tulip_descriptor *desc)
162{
163 int len1 = (desc->control >> RDES1_BUF1_SIZE_SHIFT) & RDES1_BUF1_SIZE_MASK;
164 int len2 = (desc->control >> RDES1_BUF2_SIZE_SHIFT) & RDES1_BUF2_SIZE_MASK;
165 int len;
166
167 if (s->rx_frame_len && len1) {
168 if (s->rx_frame_len > len1) {
169 len = len1;
170 } else {
171 len = s->rx_frame_len;
172 }
173
174 pci_dma_write(&s->dev, desc->buf_addr1, s->rx_frame +
175 (s->rx_frame_size - s->rx_frame_len), len);
176 s->rx_frame_len -= len;
177 }
178
179 if (s->rx_frame_len && len2) {
180 if (s->rx_frame_len > len2) {
181 len = len2;
182 } else {
183 len = s->rx_frame_len;
184 }
185
186 pci_dma_write(&s->dev, desc->buf_addr2, s->rx_frame +
187 (s->rx_frame_size - s->rx_frame_len), len);
188 s->rx_frame_len -= len;
189 }
190}
191
192static bool tulip_filter_address(TULIPState *s, const uint8_t *addr)
193{
194 static const char broadcast[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
195 bool ret = false;
196 int i;
197
198 for (i = 0; i < 16 && ret == false; i++) {
199 if (!memcmp(&s->filter[i], addr, ETH_ALEN)) {
200 ret = true;
201 }
202 }
203
204 if (!memcmp(addr, broadcast, ETH_ALEN)) {
205 return true;
206 }
207
208 if (s->csr[6] & (CSR6_PR | CSR6_RA)) {
209
210 s->rx_status |= RDES0_FF;
211 return true;
212 }
213
214 if ((s->csr[6] & CSR6_PM) && (addr[0] & 1)) {
215
216 s->rx_status |= RDES0_MF;
217 return true;
218 }
219
220 if (s->csr[6] & CSR6_IF) {
221 ret ^= true;
222 }
223 return ret;
224}
225
226static ssize_t tulip_receive(TULIPState *s, const uint8_t *buf, size_t size)
227{
228 struct tulip_descriptor desc;
229
230 trace_tulip_receive(buf, size);
231
232 if (size < 14 || size > sizeof(s->rx_frame) - 4
233 || s->rx_frame_len || tulip_rx_stopped(s)) {
234 return 0;
235 }
236
237 if (!tulip_filter_address(s, buf)) {
238 return size;
239 }
240
241 do {
242 tulip_desc_read(s, s->current_rx_desc, &desc);
243 tulip_dump_rx_descriptor(s, &desc);
244
245 if (!(desc.status & RDES0_OWN)) {
246 s->csr[5] |= CSR5_RU;
247 tulip_update_int(s);
248 return s->rx_frame_size - s->rx_frame_len;
249 }
250 desc.status = 0;
251
252 if (!s->rx_frame_len) {
253 s->rx_frame_size = size + 4;
254 s->rx_status = RDES0_LS |
255 ((s->rx_frame_size & RDES0_FL_MASK) << RDES0_FL_SHIFT);
256 desc.status |= RDES0_FS;
257 memcpy(s->rx_frame, buf, size);
258 s->rx_frame_len = s->rx_frame_size;
259 }
260
261 tulip_copy_rx_bytes(s, &desc);
262
263 if (!s->rx_frame_len) {
264 desc.status |= s->rx_status;
265 s->csr[5] |= CSR5_RI;
266 tulip_update_int(s);
267 }
268 tulip_dump_rx_descriptor(s, &desc);
269 tulip_desc_write(s, s->current_rx_desc, &desc);
270 tulip_next_rx_descriptor(s, &desc);
271 } while (s->rx_frame_len);
272 return size;
273}
274
275static ssize_t tulip_receive_nc(NetClientState *nc,
276 const uint8_t *buf, size_t size)
277{
278 return tulip_receive(qemu_get_nic_opaque(nc), buf, size);
279}
280
281static NetClientInfo net_tulip_info = {
282 .type = NET_CLIENT_DRIVER_NIC,
283 .size = sizeof(NICState),
284 .receive = tulip_receive_nc,
285};
286
287static const char *tulip_reg_name(const hwaddr addr)
288{
289 switch (addr) {
290 case CSR(0):
291 return "CSR0";
292
293 case CSR(1):
294 return "CSR1";
295
296 case CSR(2):
297 return "CSR2";
298
299 case CSR(3):
300 return "CSR3";
301
302 case CSR(4):
303 return "CSR4";
304
305 case CSR(5):
306 return "CSR5";
307
308 case CSR(6):
309 return "CSR6";
310
311 case CSR(7):
312 return "CSR7";
313
314 case CSR(8):
315 return "CSR8";
316
317 case CSR(9):
318 return "CSR9";
319
320 case CSR(10):
321 return "CSR10";
322
323 case CSR(11):
324 return "CSR11";
325
326 case CSR(12):
327 return "CSR12";
328
329 case CSR(13):
330 return "CSR13";
331
332 case CSR(14):
333 return "CSR14";
334
335 case CSR(15):
336 return "CSR15";
337
338 default:
339 break;
340 }
341 return "";
342}
343
344static const char *tulip_rx_state_name(int state)
345{
346 switch (state) {
347 case CSR5_RS_STOPPED:
348 return "STOPPED";
349
350 case CSR5_RS_RUNNING_FETCH:
351 return "RUNNING/FETCH";
352
353 case CSR5_RS_RUNNING_CHECK_EOR:
354 return "RUNNING/CHECK EOR";
355
356 case CSR5_RS_RUNNING_WAIT_RECEIVE:
357 return "WAIT RECEIVE";
358
359 case CSR5_RS_SUSPENDED:
360 return "SUSPENDED";
361
362 case CSR5_RS_RUNNING_CLOSE:
363 return "RUNNING/CLOSE";
364
365 case CSR5_RS_RUNNING_FLUSH:
366 return "RUNNING/FLUSH";
367
368 case CSR5_RS_RUNNING_QUEUE:
369 return "RUNNING/QUEUE";
370
371 default:
372 break;
373 }
374 return "";
375}
376
377static const char *tulip_tx_state_name(int state)
378{
379 switch (state) {
380 case CSR5_TS_STOPPED:
381 return "STOPPED";
382
383 case CSR5_TS_RUNNING_FETCH:
384 return "RUNNING/FETCH";
385
386 case CSR5_TS_RUNNING_WAIT_EOT:
387 return "RUNNING/WAIT EOT";
388
389 case CSR5_TS_RUNNING_READ_BUF:
390 return "RUNNING/READ BUF";
391
392 case CSR5_TS_RUNNING_SETUP:
393 return "RUNNING/SETUP";
394
395 case CSR5_TS_SUSPENDED:
396 return "SUSPENDED";
397
398 case CSR5_TS_RUNNING_CLOSE:
399 return "RUNNING/CLOSE";
400
401 default:
402 break;
403 }
404 return "";
405}
406
407static void tulip_update_rs(TULIPState *s, int state)
408{
409 s->csr[5] &= ~(CSR5_RS_MASK << CSR5_RS_SHIFT);
410 s->csr[5] |= (state & CSR5_RS_MASK) << CSR5_RS_SHIFT;
411 trace_tulip_rx_state(tulip_rx_state_name(state));
412}
413
414static uint16_t tulip_mdi_default[] = {
415
416 0x3100, 0xf02c, 0x7810, 0x0000, 0x0501, 0x4181, 0x0000, 0x0000,
417
418 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
419
420 0x0003, 0x0000, 0x0001, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
421 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
422};
423
424
425static const uint16_t tulip_mdi_mask[] = {
426 0x0000, 0xffff, 0xffff, 0xffff, 0xc01f, 0xffff, 0xffff, 0x0000,
427 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
428 0x0fff, 0x0000, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
429 0xffff, 0xffff, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
430};
431
432static uint16_t tulip_mii_read(TULIPState *s, int phy, int reg)
433{
434 uint16_t ret = 0;
435 if (phy == 1) {
436 ret = tulip_mdi_default[reg];
437 }
438 trace_tulip_mii_read(phy, reg, ret);
439 return ret;
440}
441
442static void tulip_mii_write(TULIPState *s, int phy, int reg, uint16_t data)
443{
444 trace_tulip_mii_write(phy, reg, data);
445
446 if (phy != 1) {
447 return;
448 }
449
450 tulip_mdi_default[reg] &= ~tulip_mdi_mask[reg];
451 tulip_mdi_default[reg] |= (data & tulip_mdi_mask[reg]);
452}
453
454static void tulip_mii(TULIPState *s)
455{
456 uint32_t changed = s->old_csr9 ^ s->csr[9];
457 uint16_t data;
458 int op, phy, reg;
459
460 if (!(changed & CSR9_MDC)) {
461 return;
462 }
463
464 if (!(s->csr[9] & CSR9_MDC)) {
465 return;
466 }
467
468 s->mii_bitcnt++;
469 s->mii_word <<= 1;
470
471 if (s->csr[9] & CSR9_MDO && (s->mii_bitcnt < 16 ||
472 !(s->csr[9] & CSR9_MII))) {
473
474 s->mii_word |= 1;
475 }
476
477 if (s->mii_bitcnt >= 16 && (s->csr[9] & CSR9_MII)) {
478 if (s->mii_word & 0x8000) {
479 s->csr[9] |= CSR9_MDI;
480 } else {
481 s->csr[9] &= ~CSR9_MDI;
482 }
483 }
484
485 if (s->mii_word == 0xffffffff) {
486 s->mii_bitcnt = 0;
487 } else if (s->mii_bitcnt == 16) {
488 op = (s->mii_word >> 12) & 0x0f;
489 phy = (s->mii_word >> 7) & 0x1f;
490 reg = (s->mii_word >> 2) & 0x1f;
491
492 if (op == 6) {
493 s->mii_word = tulip_mii_read(s, phy, reg);
494 }
495 } else if (s->mii_bitcnt == 32) {
496 op = (s->mii_word >> 28) & 0x0f;
497 phy = (s->mii_word >> 23) & 0x1f;
498 reg = (s->mii_word >> 18) & 0x1f;
499 data = s->mii_word & 0xffff;
500
501 if (op == 5) {
502 tulip_mii_write(s, phy, reg, data);
503 }
504 }
505}
506
507static uint32_t tulip_csr9_read(TULIPState *s)
508{
509 if (s->csr[9] & CSR9_SR) {
510 if (eeprom93xx_read(s->eeprom)) {
511 s->csr[9] |= CSR9_SR_DO;
512 } else {
513 s->csr[9] &= ~CSR9_SR_DO;
514 }
515 }
516
517 tulip_mii(s);
518 return s->csr[9];
519}
520
521static void tulip_update_ts(TULIPState *s, int state)
522{
523 s->csr[5] &= ~(CSR5_TS_MASK << CSR5_TS_SHIFT);
524 s->csr[5] |= (state & CSR5_TS_MASK) << CSR5_TS_SHIFT;
525 trace_tulip_tx_state(tulip_tx_state_name(state));
526}
527
528static uint64_t tulip_read(void *opaque, hwaddr addr,
529 unsigned size)
530{
531 TULIPState *s = opaque;
532 uint64_t data = 0;
533
534 switch (addr) {
535 case CSR(9):
536 data = tulip_csr9_read(s);
537 break;
538
539 case CSR(12):
540
541 data = 5 << CSR12_ANS_SHIFT;
542 break;
543
544 default:
545 if (addr & 7) {
546 qemu_log_mask(LOG_GUEST_ERROR, "%s: read access at unknown address"
547 " 0x%"PRIx64"\n", __func__, addr);
548 } else {
549 data = s->csr[addr >> 3];
550 }
551 break;
552 }
553 trace_tulip_reg_read(addr, tulip_reg_name(addr), size, data);
554 return data;
555}
556
557static void tulip_tx(TULIPState *s, struct tulip_descriptor *desc)
558{
559 if (s->tx_frame_len) {
560 if ((s->csr[6] >> CSR6_OM_SHIFT) & CSR6_OM_MASK) {
561
562 tulip_receive(s, s->tx_frame, s->tx_frame_len);
563 } else if (s->tx_frame_len <= sizeof(s->tx_frame)) {
564 qemu_send_packet(qemu_get_queue(s->nic),
565 s->tx_frame, s->tx_frame_len);
566 }
567 }
568
569 if (desc->control & TDES1_IC) {
570 s->csr[5] |= CSR5_TI;
571 tulip_update_int(s);
572 }
573}
574
575static int tulip_copy_tx_buffers(TULIPState *s, struct tulip_descriptor *desc)
576{
577 int len1 = (desc->control >> TDES1_BUF1_SIZE_SHIFT) & TDES1_BUF1_SIZE_MASK;
578 int len2 = (desc->control >> TDES1_BUF2_SIZE_SHIFT) & TDES1_BUF2_SIZE_MASK;
579
580 if (s->tx_frame_len + len1 > sizeof(s->tx_frame)) {
581 return -1;
582 }
583 if (len1) {
584 pci_dma_read(&s->dev, desc->buf_addr1,
585 s->tx_frame + s->tx_frame_len, len1);
586 s->tx_frame_len += len1;
587 }
588
589 if (s->tx_frame_len + len2 > sizeof(s->tx_frame)) {
590 return -1;
591 }
592 if (len2) {
593 pci_dma_read(&s->dev, desc->buf_addr2,
594 s->tx_frame + s->tx_frame_len, len2);
595 s->tx_frame_len += len2;
596 }
597 desc->status = (len1 + len2) ? 0 : 0x7fffffff;
598
599 return 0;
600}
601
602static void tulip_setup_filter_addr(TULIPState *s, uint8_t *buf, int n)
603{
604 int offset = n * 12;
605
606 s->filter[n][0] = buf[offset];
607 s->filter[n][1] = buf[offset + 1];
608
609 s->filter[n][2] = buf[offset + 4];
610 s->filter[n][3] = buf[offset + 5];
611
612 s->filter[n][4] = buf[offset + 8];
613 s->filter[n][5] = buf[offset + 9];
614
615 trace_tulip_setup_filter(n, s->filter[n][5], s->filter[n][4],
616 s->filter[n][3], s->filter[n][2], s->filter[n][1], s->filter[n][0]);
617}
618
619static void tulip_setup_frame(TULIPState *s,
620 struct tulip_descriptor *desc)
621{
622 uint8_t buf[4096];
623 int len = (desc->control >> TDES1_BUF1_SIZE_SHIFT) & TDES1_BUF1_SIZE_MASK;
624 int i;
625
626 trace_tulip_setup_frame();
627
628 if (len == 192) {
629 pci_dma_read(&s->dev, desc->buf_addr1, buf, len);
630 for (i = 0; i < 16; i++) {
631 tulip_setup_filter_addr(s, buf, i);
632 }
633 }
634
635 desc->status = 0x7fffffff;
636
637 if (desc->control & TDES1_IC) {
638 s->csr[5] |= CSR5_TI;
639 tulip_update_int(s);
640 }
641}
642
643static void tulip_next_tx_descriptor(TULIPState *s,
644 struct tulip_descriptor *desc)
645{
646 if (desc->control & TDES1_TER) {
647 s->current_tx_desc = s->csr[4];
648 } else if (desc->control & TDES1_TCH) {
649 s->current_tx_desc = desc->buf_addr2;
650 } else {
651 s->current_tx_desc += sizeof(struct tulip_descriptor) +
652 (((s->csr[0] >> CSR0_DSL_SHIFT) & CSR0_DSL_MASK) << 2);
653 }
654 s->current_tx_desc &= ~3ULL;
655}
656
657static uint32_t tulip_ts(TULIPState *s)
658{
659 return (s->csr[5] >> CSR5_TS_SHIFT) & CSR5_TS_MASK;
660}
661
662static void tulip_xmit_list_update(TULIPState *s)
663{
664#define TULIP_DESC_MAX 128
665 uint8_t i = 0;
666 struct tulip_descriptor desc;
667
668 if (tulip_ts(s) != CSR5_TS_SUSPENDED) {
669 return;
670 }
671
672 for (i = 0; i < TULIP_DESC_MAX; i++) {
673 tulip_desc_read(s, s->current_tx_desc, &desc);
674 tulip_dump_tx_descriptor(s, &desc);
675
676 if (!(desc.status & TDES0_OWN)) {
677 tulip_update_ts(s, CSR5_TS_SUSPENDED);
678 s->csr[5] |= CSR5_TU;
679 tulip_update_int(s);
680 return;
681 }
682
683 if (desc.control & TDES1_SET) {
684 tulip_setup_frame(s, &desc);
685 } else {
686 if (desc.control & TDES1_FS) {
687 s->tx_frame_len = 0;
688 }
689
690 if (!tulip_copy_tx_buffers(s, &desc)) {
691 if (desc.control & TDES1_LS) {
692 tulip_tx(s, &desc);
693 }
694 }
695 }
696 tulip_desc_write(s, s->current_tx_desc, &desc);
697 tulip_next_tx_descriptor(s, &desc);
698 }
699}
700
701static void tulip_csr9_write(TULIPState *s, uint32_t old_val,
702 uint32_t new_val)
703{
704 if (new_val & CSR9_SR) {
705 eeprom93xx_write(s->eeprom,
706 !!(new_val & CSR9_SR_CS),
707 !!(new_val & CSR9_SR_SK),
708 !!(new_val & CSR9_SR_DI));
709 }
710}
711
712static void tulip_reset(TULIPState *s)
713{
714 trace_tulip_reset();
715
716 s->csr[0] = 0xfe000000;
717 s->csr[1] = 0xffffffff;
718 s->csr[2] = 0xffffffff;
719 s->csr[5] = 0xf0000000;
720 s->csr[6] = 0x32000040;
721 s->csr[7] = 0xf3fe0000;
722 s->csr[8] = 0xe0000000;
723 s->csr[9] = 0xfff483ff;
724 s->csr[11] = 0xfffe0000;
725 s->csr[12] = 0x000000c6;
726 s->csr[13] = 0xffff0000;
727 s->csr[14] = 0xffffffff;
728 s->csr[15] = 0x8ff00000;
729}
730
731static void tulip_qdev_reset(DeviceState *dev)
732{
733 PCIDevice *d = PCI_DEVICE(dev);
734 TULIPState *s = TULIP(d);
735
736 tulip_reset(s);
737}
738
739static void tulip_write(void *opaque, hwaddr addr,
740 uint64_t data, unsigned size)
741{
742 TULIPState *s = opaque;
743 trace_tulip_reg_write(addr, tulip_reg_name(addr), size, data);
744
745 switch (addr) {
746 case CSR(0):
747 s->csr[0] = data;
748 if (data & CSR0_SWR) {
749 tulip_reset(s);
750 tulip_update_int(s);
751 }
752 break;
753
754 case CSR(1):
755 tulip_xmit_list_update(s);
756 break;
757
758 case CSR(2):
759 qemu_flush_queued_packets(qemu_get_queue(s->nic));
760 break;
761
762 case CSR(3):
763 s->csr[3] = data & ~3ULL;
764 s->current_rx_desc = s->csr[3];
765 qemu_flush_queued_packets(qemu_get_queue(s->nic));
766 break;
767
768 case CSR(4):
769 s->csr[4] = data & ~3ULL;
770 s->current_tx_desc = s->csr[4];
771 tulip_xmit_list_update(s);
772 break;
773
774 case CSR(5):
775
776 s->csr[5] &= ~(data & (CSR5_TI | CSR5_TPS | CSR5_TU | CSR5_TJT |
777 CSR5_LNP_ANC | CSR5_UNF | CSR5_RI | CSR5_RU |
778 CSR5_RPS | CSR5_RWT | CSR5_ETI | CSR5_GTE |
779 CSR5_LNF | CSR5_FBE | CSR5_ERI | CSR5_AIS |
780 CSR5_NIS | CSR5_GPI | CSR5_LC));
781 tulip_update_int(s);
782 break;
783
784 case CSR(6):
785 s->csr[6] = data;
786 if (s->csr[6] & CSR6_SR) {
787 tulip_update_rs(s, CSR5_RS_RUNNING_WAIT_RECEIVE);
788 qemu_flush_queued_packets(qemu_get_queue(s->nic));
789 } else {
790 tulip_update_rs(s, CSR5_RS_STOPPED);
791 }
792
793 if (s->csr[6] & CSR6_ST) {
794 tulip_update_ts(s, CSR5_TS_SUSPENDED);
795 tulip_xmit_list_update(s);
796 } else {
797 tulip_update_ts(s, CSR5_TS_STOPPED);
798 }
799 break;
800
801 case CSR(7):
802 s->csr[7] = data;
803 tulip_update_int(s);
804 break;
805
806 case CSR(8):
807 s->csr[9] = data;
808 break;
809
810 case CSR(9):
811 tulip_csr9_write(s, s->csr[9], data);
812
813 s->csr[9] &= CSR9_MDI;
814 s->csr[9] |= (data & ~CSR9_MDI);
815 tulip_mii(s);
816 s->old_csr9 = s->csr[9];
817 break;
818
819 case CSR(10):
820 s->csr[10] = data;
821 break;
822
823 case CSR(11):
824 s->csr[11] = data;
825 break;
826
827 case CSR(12):
828
829 s->csr[12] &= ~(data & (CSR12_MRA | CSR12_TRA | CSR12_ARA));
830 break;
831
832 case CSR(13):
833 s->csr[13] = data;
834 break;
835
836 case CSR(14):
837 s->csr[14] = data;
838 break;
839
840 case CSR(15):
841 s->csr[15] = data;
842 break;
843
844 default:
845 qemu_log_mask(LOG_GUEST_ERROR, "%s: write to CSR at unknown address "
846 "0x%"PRIx64"\n", __func__, addr);
847 break;
848 }
849}
850
851static const MemoryRegionOps tulip_ops = {
852 .read = tulip_read,
853 .write = tulip_write,
854 .endianness = DEVICE_LITTLE_ENDIAN,
855 .impl = {
856 .min_access_size = 4,
857 .max_access_size = 4,
858 },
859};
860
861static void tulip_idblock_crc(TULIPState *s, uint16_t *srom)
862{
863 int word, n;
864 int bit;
865 unsigned char bitval, crc;
866 const int len = 9;
867 n = 0;
868 crc = -1;
869
870 for (word = 0; word < len; word++) {
871 for (bit = 15; bit >= 0; bit--) {
872 if ((word == (len - 1)) && (bit == 7)) {
873
874
875
876
877 srom[len - 1] = (srom[len - 1] & 0xff00) | (unsigned short)crc;
878 break;
879 }
880 n++;
881 bitval = ((srom[word] >> bit) & 1) ^ ((crc >> 7) & 1);
882 crc = crc << 1;
883 if (bitval == 1) {
884 crc ^= 6;
885 crc |= 0x01;
886 }
887 }
888 }
889}
890
891static uint16_t tulip_srom_crc(TULIPState *s, uint8_t *eeprom, size_t len)
892{
893 unsigned long crc = 0xffffffff;
894 unsigned long flippedcrc = 0;
895 unsigned char currentbyte;
896 unsigned int msb, bit, i;
897
898 for (i = 0; i < len; i++) {
899 currentbyte = eeprom[i];
900 for (bit = 0; bit < 8; bit++) {
901 msb = (crc >> 31) & 1;
902 crc <<= 1;
903 if (msb ^ (currentbyte & 1)) {
904 crc ^= 0x04c11db6;
905 crc |= 0x00000001;
906 }
907 currentbyte >>= 1;
908 }
909 }
910
911 for (i = 0; i < 32; i++) {
912 flippedcrc <<= 1;
913 bit = crc & 1;
914 crc >>= 1;
915 flippedcrc += bit;
916 }
917 return (flippedcrc ^ 0xffffffff) & 0xffff;
918}
919
920static const uint8_t eeprom_default[128] = {
921 0x3c, 0x10, 0x4f, 0x10, 0x00, 0x00, 0x00, 0x00,
922 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
923 0x56, 0x08, 0x04, 0x01, 0x00, 0x80, 0x48, 0xb3,
924 0x0e, 0xa7, 0x00, 0x1e, 0x00, 0x00, 0x00, 0x08,
925 0x01, 0x8d, 0x03, 0x00, 0x00, 0x00, 0x00, 0x78,
926 0xe0, 0x01, 0x00, 0x50, 0x00, 0x18, 0x00, 0x00,
927 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
928 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
929 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
930 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
931 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
932 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xe8, 0x6b,
933 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80,
934 0x48, 0xb3, 0x0e, 0xa7, 0x40, 0x00, 0x00, 0x00,
935 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
936 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
937};
938
939static void tulip_fill_eeprom(TULIPState *s)
940{
941 uint16_t *eeprom = eeprom93xx_data(s->eeprom);
942 memcpy(eeprom, eeprom_default, 128);
943
944
945 eeprom[10] = cpu_to_le16(s->c.macaddr.a[0] | (s->c.macaddr.a[1] << 8));
946 eeprom[11] = cpu_to_le16(s->c.macaddr.a[2] | (s->c.macaddr.a[3] << 8));
947 eeprom[12] = cpu_to_le16(s->c.macaddr.a[4] | (s->c.macaddr.a[5] << 8));
948 tulip_idblock_crc(s, eeprom);
949 eeprom[63] = cpu_to_le16(tulip_srom_crc(s, (uint8_t *)eeprom, 126));
950}
951
952static void pci_tulip_realize(PCIDevice *pci_dev, Error **errp)
953{
954 TULIPState *s = DO_UPCAST(TULIPState, dev, pci_dev);
955 uint8_t *pci_conf;
956
957 pci_conf = s->dev.config;
958 pci_conf[PCI_INTERRUPT_PIN] = 1;
959
960 s->eeprom = eeprom93xx_new(&pci_dev->qdev, 64);
961 tulip_fill_eeprom(s);
962
963 memory_region_init_io(&s->io, OBJECT(&s->dev), &tulip_ops, s,
964 "tulip-io", 128);
965
966 memory_region_init_io(&s->memory, OBJECT(&s->dev), &tulip_ops, s,
967 "tulip-mem", 128);
968
969 pci_register_bar(&s->dev, 0, PCI_BASE_ADDRESS_SPACE_IO, &s->io);
970 pci_register_bar(&s->dev, 1, PCI_BASE_ADDRESS_SPACE_MEMORY, &s->memory);
971
972 s->irq = pci_allocate_irq(&s->dev);
973
974 qemu_macaddr_default_if_unset(&s->c.macaddr);
975
976 s->nic = qemu_new_nic(&net_tulip_info, &s->c,
977 object_get_typename(OBJECT(pci_dev)),
978 pci_dev->qdev.id, s);
979 qemu_format_nic_info_str(qemu_get_queue(s->nic), s->c.macaddr.a);
980}
981
982static void pci_tulip_exit(PCIDevice *pci_dev)
983{
984 TULIPState *s = DO_UPCAST(TULIPState, dev, pci_dev);
985
986 qemu_del_nic(s->nic);
987 qemu_free_irq(s->irq);
988 eeprom93xx_free(&pci_dev->qdev, s->eeprom);
989}
990
991static void tulip_instance_init(Object *obj)
992{
993 PCIDevice *pci_dev = PCI_DEVICE(obj);
994 TULIPState *d = DO_UPCAST(TULIPState, dev, pci_dev);
995
996 device_add_bootindex_property(obj, &d->c.bootindex,
997 "bootindex", "/ethernet-phy@0",
998 &pci_dev->qdev, NULL);
999}
1000
1001static Property tulip_properties[] = {
1002 DEFINE_NIC_PROPERTIES(TULIPState, c),
1003 DEFINE_PROP_END_OF_LIST(),
1004};
1005
1006static void tulip_class_init(ObjectClass *klass, void *data)
1007{
1008 DeviceClass *dc = DEVICE_CLASS(klass);
1009 PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
1010
1011 k->realize = pci_tulip_realize;
1012 k->exit = pci_tulip_exit;
1013 k->vendor_id = PCI_VENDOR_ID_DEC;
1014 k->device_id = PCI_DEVICE_ID_DEC_21143;
1015 k->subsystem_vendor_id = 0x103c;
1016 k->subsystem_id = 0x104f;
1017 k->class_id = PCI_CLASS_NETWORK_ETHERNET;
1018 dc->vmsd = &vmstate_pci_tulip;
1019 dc->props = tulip_properties;
1020 dc->reset = tulip_qdev_reset;
1021 set_bit(DEVICE_CATEGORY_NETWORK, dc->categories);
1022}
1023
1024static const TypeInfo tulip_info = {
1025 .name = TYPE_TULIP,
1026 .parent = TYPE_PCI_DEVICE,
1027 .instance_size = sizeof(TULIPState),
1028 .class_init = tulip_class_init,
1029 .instance_init = tulip_instance_init,
1030 .interfaces = (InterfaceInfo[]) {
1031 { INTERFACE_CONVENTIONAL_PCI_DEVICE },
1032 { },
1033 },
1034};
1035
1036static void tulip_register_types(void)
1037{
1038 type_register_static(&tulip_info);
1039}
1040
1041type_init(tulip_register_types)
1042
