qemu/hw/net/tulip.c
<<
>>
Prefs
   1/*
   2 * QEMU TULIP Emulation
   3 *
   4 * Copyright (c) 2019 Sven Schnelle <svens@stackframe.org>
   5 *
   6 * This work is licensed under the GNU GPL license version 2 or later.
   7 */
   8
   9#include "qemu/osdep.h"
  10#include "qemu/log.h"
  11#include "hw/irq.h"
  12#include "hw/pci/pci.h"
  13#include "hw/qdev-properties.h"
  14#include "hw/nvram/eeprom93xx.h"
  15#include "migration/vmstate.h"
  16#include "sysemu/sysemu.h"
  17#include "tulip.h"
  18#include "trace.h"
  19#include "net/eth.h"
  20
  21typedef struct TULIPState {
  22    PCIDevice dev;
  23    MemoryRegion io;
  24    MemoryRegion memory;
  25    NICConf c;
  26    qemu_irq irq;
  27    NICState *nic;
  28    eeprom_t *eeprom;
  29    uint32_t csr[16];
  30
  31    /* state for MII */
  32    uint32_t old_csr9;
  33    uint32_t mii_word;
  34    uint32_t mii_bitcnt;
  35
  36    hwaddr current_rx_desc;
  37    hwaddr current_tx_desc;
  38
  39    uint8_t rx_frame[2048];
  40    uint8_t tx_frame[2048];
  41    uint16_t tx_frame_len;
  42    uint16_t rx_frame_len;
  43    uint16_t rx_frame_size;
  44
  45    uint32_t rx_status;
  46    uint8_t filter[16][6];
  47} TULIPState;
  48
  49static const VMStateDescription vmstate_pci_tulip = {
  50    .name = "tulip",
  51    .fields = (VMStateField[]) {
  52        VMSTATE_PCI_DEVICE(dev, TULIPState),
  53        VMSTATE_UINT32_ARRAY(csr, TULIPState, 16),
  54        VMSTATE_UINT32(old_csr9, TULIPState),
  55        VMSTATE_UINT32(mii_word, TULIPState),
  56        VMSTATE_UINT32(mii_bitcnt, TULIPState),
  57        VMSTATE_UINT64(current_rx_desc, TULIPState),
  58        VMSTATE_UINT64(current_tx_desc, TULIPState),
  59        VMSTATE_BUFFER(rx_frame, TULIPState),
  60        VMSTATE_BUFFER(tx_frame, TULIPState),
  61        VMSTATE_UINT16(rx_frame_len, TULIPState),
  62        VMSTATE_UINT16(tx_frame_len, TULIPState),
  63        VMSTATE_UINT16(rx_frame_size, TULIPState),
  64        VMSTATE_UINT32(rx_status, TULIPState),
  65        VMSTATE_UINT8_2DARRAY(filter, TULIPState, 16, 6),
  66        VMSTATE_END_OF_LIST()
  67    }
  68};
  69
  70static void tulip_desc_read(TULIPState *s, hwaddr p,
  71        struct tulip_descriptor *desc)
  72{
  73    if (s->csr[0] & CSR0_DBO) {
  74        desc->status = ldl_be_pci_dma(&s->dev, p);
  75        desc->control = ldl_be_pci_dma(&s->dev, p + 4);
  76        desc->buf_addr1 = ldl_be_pci_dma(&s->dev, p + 8);
  77        desc->buf_addr2 = ldl_be_pci_dma(&s->dev, p + 12);
  78    } else {
  79        desc->status = ldl_le_pci_dma(&s->dev, p);
  80        desc->control = ldl_le_pci_dma(&s->dev, p + 4);
  81        desc->buf_addr1 = ldl_le_pci_dma(&s->dev, p + 8);
  82        desc->buf_addr2 = ldl_le_pci_dma(&s->dev, p + 12);
  83    }
  84}
  85
  86static void tulip_desc_write(TULIPState *s, hwaddr p,
  87        struct tulip_descriptor *desc)
  88{
  89    if (s->csr[0] & CSR0_DBO) {
  90        stl_be_pci_dma(&s->dev, p, desc->status);
  91        stl_be_pci_dma(&s->dev, p + 4, desc->control);
  92        stl_be_pci_dma(&s->dev, p + 8, desc->buf_addr1);
  93        stl_be_pci_dma(&s->dev, p + 12, desc->buf_addr2);
  94    } else {
  95        stl_le_pci_dma(&s->dev, p, desc->status);
  96        stl_le_pci_dma(&s->dev, p + 4, desc->control);
  97        stl_le_pci_dma(&s->dev, p + 8, desc->buf_addr1);
  98        stl_le_pci_dma(&s->dev, p + 12, desc->buf_addr2);
  99    }
 100}
 101
 102static void tulip_update_int(TULIPState *s)
 103{
 104    uint32_t ie = s->csr[5] & s->csr[7];
 105    bool assert = false;
 106
 107    s->csr[5] &= ~(CSR5_AIS | CSR5_NIS);
 108
 109    if (ie & (CSR5_TI | CSR5_TU | CSR5_RI | CSR5_GTE | CSR5_ERI)) {
 110        s->csr[5] |= CSR5_NIS;
 111    }
 112
 113    if (ie & (CSR5_LC | CSR5_GPI | CSR5_FBE | CSR5_LNF | CSR5_ETI | CSR5_RWT |
 114              CSR5_RPS | CSR5_RU | CSR5_UNF | CSR5_LNP_ANC | CSR5_TJT |
 115              CSR5_TPS)) {
 116        s->csr[5] |= CSR5_AIS;
 117    }
 118
 119    assert = s->csr[5] & s->csr[7] & (CSR5_AIS | CSR5_NIS);
 120    trace_tulip_irq(s->csr[5], s->csr[7], assert ? "assert" : "deassert");
 121    qemu_set_irq(s->irq, assert);
 122}
 123
 124static bool tulip_rx_stopped(TULIPState *s)
 125{
 126    return ((s->csr[5] >> CSR5_RS_SHIFT) & CSR5_RS_MASK) == CSR5_RS_STOPPED;
 127}
 128
 129static void tulip_dump_tx_descriptor(TULIPState *s,
 130        struct tulip_descriptor *desc)
 131{
 132    trace_tulip_descriptor("TX ", s->current_tx_desc,
 133                desc->status, desc->control >> 22,
 134                desc->control & 0x7ff, (desc->control >> 11) & 0x7ff,
 135                desc->buf_addr1, desc->buf_addr2);
 136}
 137
 138static void tulip_dump_rx_descriptor(TULIPState *s,
 139        struct tulip_descriptor *desc)
 140{
 141    trace_tulip_descriptor("RX ", s->current_rx_desc,
 142                desc->status, desc->control >> 22,
 143                desc->control & 0x7ff, (desc->control >> 11) & 0x7ff,
 144                desc->buf_addr1, desc->buf_addr2);
 145}
 146
 147static void tulip_next_rx_descriptor(TULIPState *s,
 148    struct tulip_descriptor *desc)
 149{
 150    if (desc->control & RDES1_RER) {
 151        s->current_rx_desc = s->csr[3];
 152    } else if (desc->control & RDES1_RCH) {
 153        s->current_rx_desc = desc->buf_addr2;
 154    } else {
 155        s->current_rx_desc += sizeof(struct tulip_descriptor) +
 156                (((s->csr[0] >> CSR0_DSL_SHIFT) & CSR0_DSL_MASK) << 2);
 157    }
 158    s->current_rx_desc &= ~3ULL;
 159}
 160
 161static void tulip_copy_rx_bytes(TULIPState *s, struct tulip_descriptor *desc)
 162{
 163    int len1 = (desc->control >> RDES1_BUF1_SIZE_SHIFT) & RDES1_BUF1_SIZE_MASK;
 164    int len2 = (desc->control >> RDES1_BUF2_SIZE_SHIFT) & RDES1_BUF2_SIZE_MASK;
 165    int len;
 166
 167    if (s->rx_frame_len && len1) {
 168        if (s->rx_frame_len > len1) {
 169            len = len1;
 170        } else {
 171            len = s->rx_frame_len;
 172        }
 173
 174        if (s->rx_frame_len + len > sizeof(s->rx_frame)) {
 175            return;
 176        }
 177        pci_dma_write(&s->dev, desc->buf_addr1, s->rx_frame +
 178            (s->rx_frame_size - s->rx_frame_len), len);
 179        s->rx_frame_len -= len;
 180    }
 181
 182    if (s->rx_frame_len && len2) {
 183        if (s->rx_frame_len > len2) {
 184            len = len2;
 185        } else {
 186            len = s->rx_frame_len;
 187        }
 188
 189        if (s->rx_frame_len + len > sizeof(s->rx_frame)) {
 190            return;
 191        }
 192        pci_dma_write(&s->dev, desc->buf_addr2, s->rx_frame +
 193            (s->rx_frame_size - s->rx_frame_len), len);
 194        s->rx_frame_len -= len;
 195    }
 196}
 197
 198static bool tulip_filter_address(TULIPState *s, const uint8_t *addr)
 199{
 200    static const char broadcast[] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
 201    bool ret = false;
 202    int i;
 203
 204    for (i = 0; i < 16 && ret == false; i++) {
 205        if (!memcmp(&s->filter[i], addr, ETH_ALEN)) {
 206            ret = true;
 207        }
 208    }
 209
 210    if (!memcmp(addr, broadcast, ETH_ALEN)) {
 211        return true;
 212    }
 213
 214    if (s->csr[6] & (CSR6_PR | CSR6_RA)) {
 215        /* Promiscuous mode enabled */
 216        s->rx_status |= RDES0_FF;
 217        return true;
 218    }
 219
 220    if ((s->csr[6] & CSR6_PM) && (addr[0] & 1)) {
 221        /* Pass all Multicast enabled */
 222        s->rx_status |= RDES0_MF;
 223        return true;
 224    }
 225
 226    if (s->csr[6] & CSR6_IF) {
 227        ret ^= true;
 228    }
 229    return ret;
 230}
 231
 232static ssize_t tulip_receive(TULIPState *s, const uint8_t *buf, size_t size)
 233{
 234    struct tulip_descriptor desc;
 235
 236    trace_tulip_receive(buf, size);
 237
 238    if (size < 14 || size > sizeof(s->rx_frame) - 4
 239        || s->rx_frame_len || tulip_rx_stopped(s)) {
 240        return 0;
 241    }
 242
 243    if (!tulip_filter_address(s, buf)) {
 244        return size;
 245    }
 246
 247    do {
 248        tulip_desc_read(s, s->current_rx_desc, &desc);
 249        tulip_dump_rx_descriptor(s, &desc);
 250
 251        if (!(desc.status & RDES0_OWN)) {
 252            s->csr[5] |= CSR5_RU;
 253            tulip_update_int(s);
 254            return s->rx_frame_size - s->rx_frame_len;
 255        }
 256        desc.status = 0;
 257
 258        if (!s->rx_frame_len) {
 259            s->rx_frame_size = size + 4;
 260            s->rx_status = RDES0_LS |
 261                 ((s->rx_frame_size & RDES0_FL_MASK) << RDES0_FL_SHIFT);
 262            desc.status |= RDES0_FS;
 263            memcpy(s->rx_frame, buf, size);
 264            s->rx_frame_len = s->rx_frame_size;
 265        }
 266
 267        tulip_copy_rx_bytes(s, &desc);
 268
 269        if (!s->rx_frame_len) {
 270            desc.status |= s->rx_status;
 271            s->csr[5] |= CSR5_RI;
 272            tulip_update_int(s);
 273        }
 274        tulip_dump_rx_descriptor(s, &desc);
 275        tulip_desc_write(s, s->current_rx_desc, &desc);
 276        tulip_next_rx_descriptor(s, &desc);
 277    } while (s->rx_frame_len);
 278    return size;
 279}
 280
 281static ssize_t tulip_receive_nc(NetClientState *nc,
 282                             const uint8_t *buf, size_t size)
 283{
 284    return tulip_receive(qemu_get_nic_opaque(nc), buf, size);
 285}
 286
 287static NetClientInfo net_tulip_info = {
 288    .type = NET_CLIENT_DRIVER_NIC,
 289    .size = sizeof(NICState),
 290    .receive = tulip_receive_nc,
 291};
 292
 293static const char *tulip_reg_name(const hwaddr addr)
 294{
 295    switch (addr) {
 296    case CSR(0):
 297        return "CSR0";
 298
 299    case CSR(1):
 300        return "CSR1";
 301
 302    case CSR(2):
 303        return "CSR2";
 304
 305    case CSR(3):
 306        return "CSR3";
 307
 308    case CSR(4):
 309        return "CSR4";
 310
 311    case CSR(5):
 312        return "CSR5";
 313
 314    case CSR(6):
 315        return "CSR6";
 316
 317    case CSR(7):
 318        return "CSR7";
 319
 320    case CSR(8):
 321        return "CSR8";
 322
 323    case CSR(9):
 324        return "CSR9";
 325
 326    case CSR(10):
 327        return "CSR10";
 328
 329    case CSR(11):
 330        return "CSR11";
 331
 332    case CSR(12):
 333        return "CSR12";
 334
 335    case CSR(13):
 336        return "CSR13";
 337
 338    case CSR(14):
 339        return "CSR14";
 340
 341    case CSR(15):
 342        return "CSR15";
 343
 344    default:
 345        break;
 346    }
 347    return "";
 348}
 349
 350static const char *tulip_rx_state_name(int state)
 351{
 352    switch (state) {
 353    case CSR5_RS_STOPPED:
 354        return "STOPPED";
 355
 356    case CSR5_RS_RUNNING_FETCH:
 357        return "RUNNING/FETCH";
 358
 359    case CSR5_RS_RUNNING_CHECK_EOR:
 360        return "RUNNING/CHECK EOR";
 361
 362    case CSR5_RS_RUNNING_WAIT_RECEIVE:
 363        return "WAIT RECEIVE";
 364
 365    case CSR5_RS_SUSPENDED:
 366        return "SUSPENDED";
 367
 368    case CSR5_RS_RUNNING_CLOSE:
 369        return "RUNNING/CLOSE";
 370
 371    case CSR5_RS_RUNNING_FLUSH:
 372        return "RUNNING/FLUSH";
 373
 374    case CSR5_RS_RUNNING_QUEUE:
 375        return "RUNNING/QUEUE";
 376
 377    default:
 378        break;
 379    }
 380    return "";
 381}
 382
 383static const char *tulip_tx_state_name(int state)
 384{
 385    switch (state) {
 386    case CSR5_TS_STOPPED:
 387        return "STOPPED";
 388
 389    case CSR5_TS_RUNNING_FETCH:
 390        return "RUNNING/FETCH";
 391
 392    case CSR5_TS_RUNNING_WAIT_EOT:
 393        return "RUNNING/WAIT EOT";
 394
 395    case CSR5_TS_RUNNING_READ_BUF:
 396        return "RUNNING/READ BUF";
 397
 398    case CSR5_TS_RUNNING_SETUP:
 399        return "RUNNING/SETUP";
 400
 401    case CSR5_TS_SUSPENDED:
 402        return "SUSPENDED";
 403
 404    case CSR5_TS_RUNNING_CLOSE:
 405        return "RUNNING/CLOSE";
 406
 407    default:
 408        break;
 409    }
 410    return "";
 411}
 412
 413static void tulip_update_rs(TULIPState *s, int state)
 414{
 415    s->csr[5] &= ~(CSR5_RS_MASK << CSR5_RS_SHIFT);
 416    s->csr[5] |= (state & CSR5_RS_MASK) << CSR5_RS_SHIFT;
 417    trace_tulip_rx_state(tulip_rx_state_name(state));
 418}
 419
 420static uint16_t tulip_mdi_default[] = {
 421    /* MDI Registers 0 - 6, 7 */
 422    0x3100, 0xf02c, 0x7810, 0x0000, 0x0501, 0x4181, 0x0000, 0x0000,
 423    /* MDI Registers 8 - 15 */
 424    0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
 425    /* MDI Registers 16 - 31 */
 426    0x0003, 0x0000, 0x0001, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
 427    0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
 428};
 429
 430/* Readonly mask for MDI (PHY) registers */
 431static const uint16_t tulip_mdi_mask[] = {
 432    0x0000, 0xffff, 0xffff, 0xffff, 0xc01f, 0xffff, 0xffff, 0x0000,
 433    0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
 434    0x0fff, 0x0000, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
 435    0xffff, 0xffff, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000, 0x0000,
 436};
 437
 438static uint16_t tulip_mii_read(TULIPState *s, int phy, int reg)
 439{
 440    uint16_t ret = 0;
 441    if (phy == 1) {
 442        ret = tulip_mdi_default[reg];
 443    }
 444    trace_tulip_mii_read(phy, reg, ret);
 445    return ret;
 446}
 447
 448static void tulip_mii_write(TULIPState *s, int phy, int reg, uint16_t data)
 449{
 450    trace_tulip_mii_write(phy, reg, data);
 451
 452    if (phy != 1) {
 453        return;
 454    }
 455
 456    tulip_mdi_default[reg] &= ~tulip_mdi_mask[reg];
 457    tulip_mdi_default[reg] |= (data & tulip_mdi_mask[reg]);
 458}
 459
 460static void tulip_mii(TULIPState *s)
 461{
 462    uint32_t changed = s->old_csr9 ^ s->csr[9];
 463    uint16_t data;
 464    int op, phy, reg;
 465
 466    if (!(changed & CSR9_MDC)) {
 467        return;
 468    }
 469
 470    if (!(s->csr[9] & CSR9_MDC)) {
 471        return;
 472    }
 473
 474    s->mii_bitcnt++;
 475    s->mii_word <<= 1;
 476
 477    if (s->csr[9] & CSR9_MDO && (s->mii_bitcnt < 16 ||
 478        !(s->csr[9] & CSR9_MII))) {
 479        /* write op or address bits */
 480        s->mii_word |= 1;
 481    }
 482
 483    if (s->mii_bitcnt >= 16 && (s->csr[9] & CSR9_MII)) {
 484        if (s->mii_word & 0x8000) {
 485            s->csr[9] |= CSR9_MDI;
 486        } else {
 487            s->csr[9] &= ~CSR9_MDI;
 488        }
 489    }
 490
 491    if (s->mii_word == 0xffffffff) {
 492        s->mii_bitcnt = 0;
 493    } else if (s->mii_bitcnt == 16) {
 494        op = (s->mii_word >> 12) & 0x0f;
 495        phy = (s->mii_word >> 7) & 0x1f;
 496        reg = (s->mii_word >> 2) & 0x1f;
 497
 498        if (op == 6) {
 499            s->mii_word = tulip_mii_read(s, phy, reg);
 500        }
 501    } else if (s->mii_bitcnt == 32) {
 502            op = (s->mii_word >> 28) & 0x0f;
 503            phy = (s->mii_word >> 23) & 0x1f;
 504            reg = (s->mii_word >> 18) & 0x1f;
 505            data = s->mii_word & 0xffff;
 506
 507        if (op == 5) {
 508            tulip_mii_write(s, phy, reg, data);
 509        }
 510    }
 511}
 512
 513static uint32_t tulip_csr9_read(TULIPState *s)
 514{
 515    if (s->csr[9] & CSR9_SR) {
 516        if (eeprom93xx_read(s->eeprom)) {
 517            s->csr[9] |= CSR9_SR_DO;
 518        } else {
 519            s->csr[9] &= ~CSR9_SR_DO;
 520        }
 521    }
 522
 523    tulip_mii(s);
 524    return s->csr[9];
 525}
 526
 527static void tulip_update_ts(TULIPState *s, int state)
 528{
 529        s->csr[5] &= ~(CSR5_TS_MASK << CSR5_TS_SHIFT);
 530        s->csr[5] |= (state & CSR5_TS_MASK) << CSR5_TS_SHIFT;
 531        trace_tulip_tx_state(tulip_tx_state_name(state));
 532}
 533
 534static uint64_t tulip_read(void *opaque, hwaddr addr,
 535                              unsigned size)
 536{
 537    TULIPState *s = opaque;
 538    uint64_t data = 0;
 539
 540    switch (addr) {
 541    case CSR(9):
 542        data = tulip_csr9_read(s);
 543        break;
 544
 545    case CSR(12):
 546        /* Fake autocompletion complete until we have PHY emulation */
 547        data = 5 << CSR12_ANS_SHIFT;
 548        break;
 549
 550    default:
 551        if (addr & 7) {
 552            qemu_log_mask(LOG_GUEST_ERROR, "%s: read access at unknown address"
 553                " 0x%"PRIx64"\n", __func__, addr);
 554        } else {
 555            data = s->csr[addr >> 3];
 556        }
 557        break;
 558    }
 559    trace_tulip_reg_read(addr, tulip_reg_name(addr), size, data);
 560    return data;
 561}
 562
 563static void tulip_tx(TULIPState *s, struct tulip_descriptor *desc)
 564{
 565    if (s->tx_frame_len) {
 566        if ((s->csr[6] >> CSR6_OM_SHIFT) & CSR6_OM_MASK) {
 567            /* Internal or external Loopback */
 568            tulip_receive(s, s->tx_frame, s->tx_frame_len);
 569        } else if (s->tx_frame_len <= sizeof(s->tx_frame)) {
 570            qemu_send_packet(qemu_get_queue(s->nic),
 571                s->tx_frame, s->tx_frame_len);
 572        }
 573    }
 574
 575    if (desc->control & TDES1_IC) {
 576        s->csr[5] |= CSR5_TI;
 577        tulip_update_int(s);
 578    }
 579}
 580
 581static int tulip_copy_tx_buffers(TULIPState *s, struct tulip_descriptor *desc)
 582{
 583    int len1 = (desc->control >> TDES1_BUF1_SIZE_SHIFT) & TDES1_BUF1_SIZE_MASK;
 584    int len2 = (desc->control >> TDES1_BUF2_SIZE_SHIFT) & TDES1_BUF2_SIZE_MASK;
 585
 586    if (s->tx_frame_len + len1 > sizeof(s->tx_frame)) {
 587        return -1;
 588    }
 589    if (len1) {
 590        pci_dma_read(&s->dev, desc->buf_addr1,
 591            s->tx_frame + s->tx_frame_len, len1);
 592        s->tx_frame_len += len1;
 593    }
 594
 595    if (s->tx_frame_len + len2 > sizeof(s->tx_frame)) {
 596        return -1;
 597    }
 598    if (len2) {
 599        pci_dma_read(&s->dev, desc->buf_addr2,
 600            s->tx_frame + s->tx_frame_len, len2);
 601        s->tx_frame_len += len2;
 602    }
 603    desc->status = (len1 + len2) ? 0 : 0x7fffffff;
 604
 605    return 0;
 606}
 607
 608static void tulip_setup_filter_addr(TULIPState *s, uint8_t *buf, int n)
 609{
 610    int offset = n * 12;
 611
 612    s->filter[n][0] = buf[offset];
 613    s->filter[n][1] = buf[offset + 1];
 614
 615    s->filter[n][2] = buf[offset + 4];
 616    s->filter[n][3] = buf[offset + 5];
 617
 618    s->filter[n][4] = buf[offset + 8];
 619    s->filter[n][5] = buf[offset + 9];
 620
 621    trace_tulip_setup_filter(n, s->filter[n][5], s->filter[n][4],
 622            s->filter[n][3], s->filter[n][2], s->filter[n][1], s->filter[n][0]);
 623}
 624
 625static void tulip_setup_frame(TULIPState *s,
 626        struct tulip_descriptor *desc)
 627{
 628    uint8_t buf[4096];
 629    int len = (desc->control >> TDES1_BUF1_SIZE_SHIFT) & TDES1_BUF1_SIZE_MASK;
 630    int i;
 631
 632    trace_tulip_setup_frame();
 633
 634    if (len == 192) {
 635        pci_dma_read(&s->dev, desc->buf_addr1, buf, len);
 636        for (i = 0; i < 16; i++) {
 637            tulip_setup_filter_addr(s, buf, i);
 638        }
 639    }
 640
 641    desc->status = 0x7fffffff;
 642
 643    if (desc->control & TDES1_IC) {
 644        s->csr[5] |= CSR5_TI;
 645        tulip_update_int(s);
 646    }
 647}
 648
 649static void tulip_next_tx_descriptor(TULIPState *s,
 650    struct tulip_descriptor *desc)
 651{
 652    if (desc->control & TDES1_TER) {
 653        s->current_tx_desc = s->csr[4];
 654    } else if (desc->control & TDES1_TCH) {
 655        s->current_tx_desc = desc->buf_addr2;
 656    } else {
 657        s->current_tx_desc += sizeof(struct tulip_descriptor) +
 658                (((s->csr[0] >> CSR0_DSL_SHIFT) & CSR0_DSL_MASK) << 2);
 659    }
 660    s->current_tx_desc &= ~3ULL;
 661}
 662
 663static uint32_t tulip_ts(TULIPState *s)
 664{
 665    return (s->csr[5] >> CSR5_TS_SHIFT) & CSR5_TS_MASK;
 666}
 667
 668static void tulip_xmit_list_update(TULIPState *s)
 669{
 670#define TULIP_DESC_MAX 128
 671    uint8_t i = 0;
 672    struct tulip_descriptor desc;
 673
 674    if (tulip_ts(s) != CSR5_TS_SUSPENDED) {
 675        return;
 676    }
 677
 678    for (i = 0; i < TULIP_DESC_MAX; i++) {
 679        tulip_desc_read(s, s->current_tx_desc, &desc);
 680        tulip_dump_tx_descriptor(s, &desc);
 681
 682        if (!(desc.status & TDES0_OWN)) {
 683            tulip_update_ts(s, CSR5_TS_SUSPENDED);
 684            s->csr[5] |= CSR5_TU;
 685            tulip_update_int(s);
 686            return;
 687        }
 688
 689        if (desc.control & TDES1_SET) {
 690            tulip_setup_frame(s, &desc);
 691        } else {
 692            if (desc.control & TDES1_FS) {
 693                s->tx_frame_len = 0;
 694            }
 695
 696            if (!tulip_copy_tx_buffers(s, &desc)) {
 697                if (desc.control & TDES1_LS) {
 698                    tulip_tx(s, &desc);
 699                }
 700            }
 701        }
 702        tulip_desc_write(s, s->current_tx_desc, &desc);
 703        tulip_next_tx_descriptor(s, &desc);
 704    }
 705}
 706
 707static void tulip_csr9_write(TULIPState *s, uint32_t old_val,
 708        uint32_t new_val)
 709{
 710    if (new_val & CSR9_SR) {
 711        eeprom93xx_write(s->eeprom,
 712            !!(new_val & CSR9_SR_CS),
 713            !!(new_val & CSR9_SR_SK),
 714            !!(new_val & CSR9_SR_DI));
 715    }
 716}
 717
 718static void tulip_reset(TULIPState *s)
 719{
 720    trace_tulip_reset();
 721
 722    s->csr[0] = 0xfe000000;
 723    s->csr[1] = 0xffffffff;
 724    s->csr[2] = 0xffffffff;
 725    s->csr[5] = 0xf0000000;
 726    s->csr[6] = 0x32000040;
 727    s->csr[7] = 0xf3fe0000;
 728    s->csr[8] = 0xe0000000;
 729    s->csr[9] = 0xfff483ff;
 730    s->csr[11] = 0xfffe0000;
 731    s->csr[12] = 0x000000c6;
 732    s->csr[13] = 0xffff0000;
 733    s->csr[14] = 0xffffffff;
 734    s->csr[15] = 0x8ff00000;
 735}
 736
 737static void tulip_qdev_reset(DeviceState *dev)
 738{
 739    PCIDevice *d = PCI_DEVICE(dev);
 740    TULIPState *s = TULIP(d);
 741
 742    tulip_reset(s);
 743}
 744
 745static void tulip_write(void *opaque, hwaddr addr,
 746                           uint64_t data, unsigned size)
 747{
 748    TULIPState *s = opaque;
 749    trace_tulip_reg_write(addr, tulip_reg_name(addr), size, data);
 750
 751    switch (addr) {
 752    case CSR(0):
 753        s->csr[0] = data;
 754        if (data & CSR0_SWR) {
 755            tulip_reset(s);
 756            tulip_update_int(s);
 757        }
 758        break;
 759
 760    case CSR(1):
 761        tulip_xmit_list_update(s);
 762        break;
 763
 764    case CSR(2):
 765        qemu_flush_queued_packets(qemu_get_queue(s->nic));
 766        break;
 767
 768    case CSR(3):
 769        s->csr[3] = data & ~3ULL;
 770        s->current_rx_desc = s->csr[3];
 771        qemu_flush_queued_packets(qemu_get_queue(s->nic));
 772        break;
 773
 774    case CSR(4):
 775        s->csr[4] = data & ~3ULL;
 776        s->current_tx_desc = s->csr[4];
 777        tulip_xmit_list_update(s);
 778        break;
 779
 780    case CSR(5):
 781        /* Status register, write clears bit */
 782        s->csr[5] &= ~(data & (CSR5_TI | CSR5_TPS | CSR5_TU | CSR5_TJT |
 783                               CSR5_LNP_ANC | CSR5_UNF | CSR5_RI | CSR5_RU |
 784                               CSR5_RPS | CSR5_RWT | CSR5_ETI | CSR5_GTE |
 785                               CSR5_LNF | CSR5_FBE | CSR5_ERI | CSR5_AIS |
 786                               CSR5_NIS | CSR5_GPI | CSR5_LC));
 787        tulip_update_int(s);
 788        break;
 789
 790    case CSR(6):
 791        s->csr[6] = data;
 792        if (s->csr[6] & CSR6_SR) {
 793            tulip_update_rs(s, CSR5_RS_RUNNING_WAIT_RECEIVE);
 794            qemu_flush_queued_packets(qemu_get_queue(s->nic));
 795        } else {
 796            tulip_update_rs(s, CSR5_RS_STOPPED);
 797        }
 798
 799        if (s->csr[6] & CSR6_ST) {
 800            tulip_update_ts(s, CSR5_TS_SUSPENDED);
 801            tulip_xmit_list_update(s);
 802        } else {
 803            tulip_update_ts(s, CSR5_TS_STOPPED);
 804        }
 805        break;
 806
 807    case CSR(7):
 808        s->csr[7] = data;
 809        tulip_update_int(s);
 810        break;
 811
 812    case CSR(8):
 813        s->csr[9] = data;
 814        break;
 815
 816    case CSR(9):
 817        tulip_csr9_write(s, s->csr[9], data);
 818        /* don't clear MII read data */
 819        s->csr[9] &= CSR9_MDI;
 820        s->csr[9] |= (data & ~CSR9_MDI);
 821        tulip_mii(s);
 822        s->old_csr9 = s->csr[9];
 823        break;
 824
 825    case CSR(10):
 826        s->csr[10] = data;
 827        break;
 828
 829    case CSR(11):
 830        s->csr[11] = data;
 831        break;
 832
 833    case CSR(12):
 834        /* SIA Status register, some bits are cleared by writing 1 */
 835        s->csr[12] &= ~(data & (CSR12_MRA | CSR12_TRA | CSR12_ARA));
 836        break;
 837
 838    case CSR(13):
 839        s->csr[13] = data;
 840        break;
 841
 842    case CSR(14):
 843        s->csr[14] = data;
 844        break;
 845
 846    case CSR(15):
 847        s->csr[15] = data;
 848        break;
 849
 850    default:
 851        qemu_log_mask(LOG_GUEST_ERROR, "%s: write to CSR at unknown address "
 852                "0x%"PRIx64"\n", __func__, addr);
 853        break;
 854    }
 855}
 856
 857static const MemoryRegionOps tulip_ops = {
 858    .read = tulip_read,
 859    .write = tulip_write,
 860    .endianness = DEVICE_LITTLE_ENDIAN,
 861    .impl = {
 862        .min_access_size = 4,
 863        .max_access_size = 4,
 864    },
 865};
 866
 867static void tulip_idblock_crc(TULIPState *s, uint16_t *srom)
 868{
 869    int word, n;
 870    int bit;
 871    unsigned char bitval, crc;
 872    const int len = 9;
 873    n = 0;
 874    crc = -1;
 875
 876    for (word = 0; word < len; word++) {
 877        for (bit = 15; bit >= 0; bit--) {
 878            if ((word == (len - 1)) && (bit == 7)) {
 879                /*
 880                 * Insert the correct CRC result into input data stream
 881                 * in place.
 882                 */
 883                srom[len - 1] = (srom[len - 1] & 0xff00) | (unsigned short)crc;
 884                break;
 885            }
 886            n++;
 887            bitval = ((srom[word] >> bit) & 1) ^ ((crc >> 7) & 1);
 888            crc = crc << 1;
 889            if (bitval == 1) {
 890                crc ^= 6;
 891                crc |= 0x01;
 892            }
 893        }
 894    }
 895}
 896
 897static uint16_t tulip_srom_crc(TULIPState *s, uint8_t *eeprom, size_t len)
 898{
 899    unsigned long crc = 0xffffffff;
 900    unsigned long flippedcrc = 0;
 901    unsigned char currentbyte;
 902    unsigned int msb, bit, i;
 903
 904    for (i = 0; i < len; i++) {
 905        currentbyte = eeprom[i];
 906        for (bit = 0; bit < 8; bit++) {
 907            msb = (crc >> 31) & 1;
 908            crc <<= 1;
 909            if (msb ^ (currentbyte & 1)) {
 910                crc ^= 0x04c11db6;
 911                crc |= 0x00000001;
 912            }
 913            currentbyte >>= 1;
 914        }
 915    }
 916
 917    for (i = 0; i < 32; i++) {
 918        flippedcrc <<= 1;
 919        bit = crc & 1;
 920        crc >>= 1;
 921        flippedcrc += bit;
 922    }
 923    return (flippedcrc ^ 0xffffffff) & 0xffff;
 924}
 925
 926static const uint8_t eeprom_default[128] = {
 927    0x3c, 0x10, 0x4f, 0x10, 0x00, 0x00, 0x00, 0x00,
 928    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 929    0x56, 0x08, 0x04, 0x01, 0x00, 0x80, 0x48, 0xb3,
 930    0x0e, 0xa7, 0x00, 0x1e, 0x00, 0x00, 0x00, 0x08,
 931    0x01, 0x8d, 0x03, 0x00, 0x00, 0x00, 0x00, 0x78,
 932    0xe0, 0x01, 0x00, 0x50, 0x00, 0x18, 0x00, 0x00,
 933    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 934    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 935    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 936    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 937    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 938    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xe8, 0x6b,
 939    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80,
 940    0x48, 0xb3, 0x0e, 0xa7, 0x40, 0x00, 0x00, 0x00,
 941    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 942    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
 943};
 944
 945static void tulip_fill_eeprom(TULIPState *s)
 946{
 947    uint16_t *eeprom = eeprom93xx_data(s->eeprom);
 948    memcpy(eeprom, eeprom_default, 128);
 949
 950    /* patch in our mac address */
 951    eeprom[10] = cpu_to_le16(s->c.macaddr.a[0] | (s->c.macaddr.a[1] << 8));
 952    eeprom[11] = cpu_to_le16(s->c.macaddr.a[2] | (s->c.macaddr.a[3] << 8));
 953    eeprom[12] = cpu_to_le16(s->c.macaddr.a[4] | (s->c.macaddr.a[5] << 8));
 954    tulip_idblock_crc(s, eeprom);
 955    eeprom[63] = cpu_to_le16(tulip_srom_crc(s, (uint8_t *)eeprom, 126));
 956}
 957
 958static void pci_tulip_realize(PCIDevice *pci_dev, Error **errp)
 959{
 960    TULIPState *s = DO_UPCAST(TULIPState, dev, pci_dev);
 961    uint8_t *pci_conf;
 962
 963    pci_conf = s->dev.config;
 964    pci_conf[PCI_INTERRUPT_PIN] = 1; /* interrupt pin A */
 965
 966    s->eeprom = eeprom93xx_new(&pci_dev->qdev, 64);
 967    tulip_fill_eeprom(s);
 968
 969    memory_region_init_io(&s->io, OBJECT(&s->dev), &tulip_ops, s,
 970            "tulip-io", 128);
 971
 972    memory_region_init_io(&s->memory, OBJECT(&s->dev), &tulip_ops, s,
 973            "tulip-mem", 128);
 974
 975    pci_register_bar(&s->dev, 0, PCI_BASE_ADDRESS_SPACE_IO, &s->io);
 976    pci_register_bar(&s->dev, 1, PCI_BASE_ADDRESS_SPACE_MEMORY, &s->memory);
 977
 978    s->irq = pci_allocate_irq(&s->dev);
 979
 980    qemu_macaddr_default_if_unset(&s->c.macaddr);
 981
 982    s->nic = qemu_new_nic(&net_tulip_info, &s->c,
 983                          object_get_typename(OBJECT(pci_dev)),
 984                          pci_dev->qdev.id, s);
 985    qemu_format_nic_info_str(qemu_get_queue(s->nic), s->c.macaddr.a);
 986}
 987
 988static void pci_tulip_exit(PCIDevice *pci_dev)
 989{
 990    TULIPState *s = DO_UPCAST(TULIPState, dev, pci_dev);
 991
 992    qemu_del_nic(s->nic);
 993    qemu_free_irq(s->irq);
 994    eeprom93xx_free(&pci_dev->qdev, s->eeprom);
 995}
 996
 997static void tulip_instance_init(Object *obj)
 998{
 999    PCIDevice *pci_dev = PCI_DEVICE(obj);
1000    TULIPState *d = DO_UPCAST(TULIPState, dev, pci_dev);
1001
1002    device_add_bootindex_property(obj, &d->c.bootindex,
1003                                  "bootindex", "/ethernet-phy@0",
1004                                  &pci_dev->qdev, NULL);
1005}
1006
1007static Property tulip_properties[] = {
1008    DEFINE_NIC_PROPERTIES(TULIPState, c),
1009    DEFINE_PROP_END_OF_LIST(),
1010};
1011
1012static void tulip_class_init(ObjectClass *klass, void *data)
1013{
1014    DeviceClass *dc = DEVICE_CLASS(klass);
1015    PCIDeviceClass *k = PCI_DEVICE_CLASS(klass);
1016
1017    k->realize = pci_tulip_realize;
1018    k->exit = pci_tulip_exit;
1019    k->vendor_id = PCI_VENDOR_ID_DEC;
1020    k->device_id = PCI_DEVICE_ID_DEC_21143;
1021    k->subsystem_vendor_id = 0x103c;
1022    k->subsystem_id = 0x104f;
1023    k->class_id = PCI_CLASS_NETWORK_ETHERNET;
1024    dc->vmsd = &vmstate_pci_tulip;
1025    device_class_set_props(dc, tulip_properties);
1026    dc->reset = tulip_qdev_reset;
1027    set_bit(DEVICE_CATEGORY_NETWORK, dc->categories);
1028}
1029
1030static const TypeInfo tulip_info = {
1031    .name          = TYPE_TULIP,
1032    .parent        = TYPE_PCI_DEVICE,
1033    .instance_size = sizeof(TULIPState),
1034    .class_init    = tulip_class_init,
1035    .instance_init = tulip_instance_init,
1036    .interfaces = (InterfaceInfo[]) {
1037        { INTERFACE_CONVENTIONAL_PCI_DEVICE },
1038        { },
1039    },
1040};
1041
1042static void tulip_register_types(void)
1043{
1044    type_register_static(&tulip_info);
1045}
1046
1047type_init(tulip_register_types)
1048