4 * Nir Peleg, Tutis Systems Ltd. for Qumranet Inc.
5 * Copyright (c) 2008 Qumranet
6 * Based on work done by:
7 * Copyright (c) 2007 Dan Aloni
8 * Copyright (c) 2004 Antony T Curtis
10 * This library is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU Lesser General Public
12 * License as published by the Free Software Foundation; either
13 * version 2 of the License, or (at your option) any later version.
15 * This library is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
18 * Lesser General Public License for more details.
20 * You should have received a copy of the GNU Lesser General Public
21 * License along with this library; if not, write to the Free Software
22 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
36 DEBUG_GENERAL, DEBUG_IO, DEBUG_MMIO, DEBUG_INTERRUPT,
37 DEBUG_RX, DEBUG_TX, DEBUG_MDIC, DEBUG_EEPROM,
38 DEBUG_UNKNOWN, DEBUG_TXSUM, DEBUG_TXERR, DEBUG_RXERR,
39 DEBUG_RXFILTER, DEBUG_NOTYET,
41 #define DBGBIT(x) (1<<DEBUG_##x)
42 static int debugflags = DBGBIT(TXERR) | DBGBIT(GENERAL);
44 #define DBGOUT(what, fmt, params...) do { \
45 if (debugflags & DBGBIT(what)) \
46 fprintf(stderr, "e1000: " fmt, ##params); \
49 #define DBGOUT(what, fmt, params...) do {} while (0)
52 #define IOPORT_SIZE 0x40
53 #define PNPMMIO_SIZE 0x20000
57 * E1000_DEV_ID_82540EM works with Windows and Linux
58 * E1000_DEV_ID_82573L OK with windoze and Linux 2.6.22,
59 * appears to perform better than 82540EM, but breaks with Linux 2.6.18
60 * E1000_DEV_ID_82544GC_COPPER appears to work; not well tested
63 enum { E1000_DEVID = E1000_DEV_ID_82540EM };
66 * May need to specify additional MAC-to-PHY entries --
67 * Intel's Windows driver refuses to initialize unless they match
70 PHY_ID2_INIT = E1000_DEVID == E1000_DEV_ID_82573L ? 0xcc2 :
71 E1000_DEVID == E1000_DEV_ID_82544GC_COPPER ? 0xc30 :
72 /* default to E1000_DEV_ID_82540EM */ 0xc20
75 typedef struct E1000State_st {
83 uint32_t mac_reg[0x8000];
84 uint16_t phy_reg[0x20];
85 uint16_t eeprom_data[64];
88 uint32_t rxbuf_min_shift;
91 unsigned char header[256];
92 unsigned char data[0x10000];
94 unsigned char sum_needed;
111 uint32_t val_in; // shifted in from guest driver
119 #define defreg(x) x = (E1000_##x>>2)
121 defreg(CTRL), defreg(EECD), defreg(EERD), defreg(GPRC),
122 defreg(GPTC), defreg(ICR), defreg(ICS), defreg(IMC),
123 defreg(IMS), defreg(LEDCTL), defreg(MANC), defreg(MDIC),
124 defreg(MPC), defreg(PBA), defreg(RCTL), defreg(RDBAH),
125 defreg(RDBAL), defreg(RDH), defreg(RDLEN), defreg(RDT),
126 defreg(STATUS), defreg(SWSM), defreg(TCTL), defreg(TDBAH),
127 defreg(TDBAL), defreg(TDH), defreg(TDLEN), defreg(TDT),
128 defreg(TORH), defreg(TORL), defreg(TOTH), defreg(TOTL),
129 defreg(TPR), defreg(TPT), defreg(TXDCTL), defreg(WUFC),
130 defreg(RA), defreg(MTA), defreg(CRCERRS),
133 enum { PHY_R = 1, PHY_W = 2, PHY_RW = PHY_R | PHY_W };
134 static char phy_regcap[0x20] = {
135 [PHY_STATUS] = PHY_R, [M88E1000_EXT_PHY_SPEC_CTRL] = PHY_RW,
136 [PHY_ID1] = PHY_R, [M88E1000_PHY_SPEC_CTRL] = PHY_RW,
137 [PHY_CTRL] = PHY_RW, [PHY_1000T_CTRL] = PHY_RW,
138 [PHY_LP_ABILITY] = PHY_R, [PHY_1000T_STATUS] = PHY_R,
139 [PHY_AUTONEG_ADV] = PHY_RW, [M88E1000_RX_ERR_CNTR] = PHY_R,
144 ioport_map(PCIDevice *pci_dev, int region_num, uint32_t addr,
145 uint32_t size, int type)
147 DBGOUT(IO, "e1000_ioport_map addr=0x%04x size=0x%08x\n", addr, size);
151 set_interrupt_cause(E1000State *s, int index, uint32_t val)
154 val |= E1000_ICR_INT_ASSERTED;
155 s->mac_reg[ICR] = val;
156 qemu_set_irq(s->dev.irq[0], (s->mac_reg[IMS] & s->mac_reg[ICR]) != 0);
160 set_ics(E1000State *s, int index, uint32_t val)
162 DBGOUT(INTERRUPT, "set_ics %x, ICR %x, IMR %x\n", val, s->mac_reg[ICR],
164 set_interrupt_cause(s, 0, val | s->mac_reg[ICR]);
168 rxbufsize(uint32_t v)
170 v &= E1000_RCTL_BSEX | E1000_RCTL_SZ_16384 | E1000_RCTL_SZ_8192 |
171 E1000_RCTL_SZ_4096 | E1000_RCTL_SZ_2048 | E1000_RCTL_SZ_1024 |
172 E1000_RCTL_SZ_512 | E1000_RCTL_SZ_256;
174 case E1000_RCTL_BSEX | E1000_RCTL_SZ_16384:
176 case E1000_RCTL_BSEX | E1000_RCTL_SZ_8192:
178 case E1000_RCTL_BSEX | E1000_RCTL_SZ_4096:
180 case E1000_RCTL_SZ_1024:
182 case E1000_RCTL_SZ_512:
184 case E1000_RCTL_SZ_256:
191 set_rx_control(E1000State *s, int index, uint32_t val)
193 s->mac_reg[RCTL] = val;
194 s->rxbuf_size = rxbufsize(val);
195 s->rxbuf_min_shift = ((val / E1000_RCTL_RDMTS_QUAT) & 3) + 1;
196 DBGOUT(RX, "RCTL: %d, mac_reg[RCTL] = 0x%x\n", s->mac_reg[RDT],
201 set_mdic(E1000State *s, int index, uint32_t val)
203 uint32_t data = val & E1000_MDIC_DATA_MASK;
204 uint32_t addr = ((val & E1000_MDIC_REG_MASK) >> E1000_MDIC_REG_SHIFT);
206 if ((val & E1000_MDIC_PHY_MASK) >> E1000_MDIC_PHY_SHIFT != 1) // phy #
207 val = s->mac_reg[MDIC] | E1000_MDIC_ERROR;
208 else if (val & E1000_MDIC_OP_READ) {
209 DBGOUT(MDIC, "MDIC read reg 0x%x\n", addr);
210 if (!(phy_regcap[addr] & PHY_R)) {
211 DBGOUT(MDIC, "MDIC read reg %x unhandled\n", addr);
212 val |= E1000_MDIC_ERROR;
214 val = (val ^ data) | s->phy_reg[addr];
215 } else if (val & E1000_MDIC_OP_WRITE) {
216 DBGOUT(MDIC, "MDIC write reg 0x%x, value 0x%x\n", addr, data);
217 if (!(phy_regcap[addr] & PHY_W)) {
218 DBGOUT(MDIC, "MDIC write reg %x unhandled\n", addr);
219 val |= E1000_MDIC_ERROR;
221 s->phy_reg[addr] = data;
223 s->mac_reg[MDIC] = val | E1000_MDIC_READY;
224 set_ics(s, 0, E1000_ICR_MDAC);
228 get_eecd(E1000State *s, int index)
230 uint32_t ret = E1000_EECD_PRES|E1000_EECD_GNT | s->eecd_state.old_eecd;
232 DBGOUT(EEPROM, "reading eeprom bit %d (reading %d)\n",
233 s->eecd_state.bitnum_out, s->eecd_state.reading);
234 if (!s->eecd_state.reading ||
235 ((s->eeprom_data[(s->eecd_state.bitnum_out >> 4) & 0x3f] >>
236 ((s->eecd_state.bitnum_out & 0xf) ^ 0xf))) & 1)
237 ret |= E1000_EECD_DO;
242 set_eecd(E1000State *s, int index, uint32_t val)
244 uint32_t oldval = s->eecd_state.old_eecd;
246 s->eecd_state.old_eecd = val & (E1000_EECD_SK | E1000_EECD_CS |
247 E1000_EECD_DI|E1000_EECD_FWE_MASK|E1000_EECD_REQ);
248 if (!(E1000_EECD_SK & (val ^ oldval))) // no clock edge
250 if (!(E1000_EECD_SK & val)) { // falling edge
251 s->eecd_state.bitnum_out++;
254 if (!(val & E1000_EECD_CS)) { // rising, no CS (EEPROM reset)
255 memset(&s->eecd_state, 0, sizeof s->eecd_state);
258 s->eecd_state.val_in <<= 1;
259 if (val & E1000_EECD_DI)
260 s->eecd_state.val_in |= 1;
261 if (++s->eecd_state.bitnum_in == 9 && !s->eecd_state.reading) {
262 s->eecd_state.bitnum_out = ((s->eecd_state.val_in & 0x3f)<<4)-1;
263 s->eecd_state.reading = (((s->eecd_state.val_in >> 6) & 7) ==
264 EEPROM_READ_OPCODE_MICROWIRE);
266 DBGOUT(EEPROM, "eeprom bitnum in %d out %d, reading %d\n",
267 s->eecd_state.bitnum_in, s->eecd_state.bitnum_out,
268 s->eecd_state.reading);
272 flash_eerd_read(E1000State *s, int x)
274 unsigned int index, r = s->mac_reg[EERD] & ~E1000_EEPROM_RW_REG_START;
276 if ((index = r >> E1000_EEPROM_RW_ADDR_SHIFT) > EEPROM_CHECKSUM_REG)
278 return (s->eeprom_data[index] << E1000_EEPROM_RW_REG_DATA) |
279 E1000_EEPROM_RW_REG_DONE | r;
283 do_cksum(uint8_t *dp, uint8_t *de)
285 unsigned int bsum[2] = {0, 0}, i, sum;
287 for (i = 1; dp < de; bsum[i^=1] += *dp++)
289 sum = (bsum[0] << 8) + bsum[1];
290 sum = (sum >> 16) + (sum & 0xffff);
291 return ~(sum + (sum >> 16));
295 putsum(uint8_t *data, uint32_t n, uint32_t sloc, uint32_t css, uint32_t cse)
300 cpu_to_be16wu((uint16_t *)(data + sloc),
301 do_cksum(data + css, data + n));
305 xmit_seg(E1000State *s)
308 unsigned int frames = s->tx.tso_frames, css, sofar, n;
309 struct e1000_tx *tp = &s->tx;
313 DBGOUT(TXSUM, "frames %d size %d ipcss %d\n",
314 frames, tp->size, css);
315 if (tp->ip) { // IPv4
316 cpu_to_be16wu((uint16_t *)(tp->data+css+2),
318 cpu_to_be16wu((uint16_t *)(tp->data+css+4),
319 be16_to_cpup((uint16_t *)(tp->data+css+4))+frames);
321 cpu_to_be16wu((uint16_t *)(tp->data+css+4),
324 len = tp->size - css;
325 DBGOUT(TXSUM, "tcp %d tucss %d len %d\n", tp->tcp, css, len);
327 sofar = frames * tp->mss;
328 cpu_to_be32wu((uint32_t *)(tp->data+css+4), // seq
329 be32_to_cpup((uint32_t *)(tp->data+css+4))+sofar);
330 if (tp->paylen - sofar > tp->mss)
331 tp->data[css + 13] &= ~9; // PSH, FIN
333 cpu_to_be16wu((uint16_t *)(tp->data+css+4), len);
334 if (tp->sum_needed & E1000_TXD_POPTS_TXSM) {
335 // add pseudo-header length before checksum calculation
336 sp = (uint16_t *)(tp->data + tp->tucso);
337 cpu_to_be16wu(sp, be16_to_cpup(sp) + len);
342 if (tp->sum_needed & E1000_TXD_POPTS_TXSM)
343 putsum(tp->data, tp->size, tp->tucso, tp->tucss, tp->tucse);
344 if (tp->sum_needed & E1000_TXD_POPTS_IXSM)
345 putsum(tp->data, tp->size, tp->ipcso, tp->ipcss, tp->ipcse);
346 qemu_send_packet(s->vc, tp->data, tp->size);
349 n = s->mac_reg[TOTL];
350 if ((s->mac_reg[TOTL] += s->tx.size) < n)
355 process_tx_desc(E1000State *s, struct e1000_tx_desc *dp)
357 uint32_t txd_lower = le32_to_cpu(dp->lower.data);
358 uint32_t dtype = txd_lower & (E1000_TXD_CMD_DEXT | E1000_TXD_DTYP_D);
359 unsigned int split_size = txd_lower & 0xffff, bytes, sz, op;
360 unsigned int msh = 0xfffff, hdr = 0;
362 struct e1000_context_desc *xp = (struct e1000_context_desc *)dp;
363 struct e1000_tx *tp = &s->tx;
365 if (dtype == E1000_TXD_CMD_DEXT) { // context descriptor
366 op = le32_to_cpu(xp->cmd_and_length);
367 tp->ipcss = xp->lower_setup.ip_fields.ipcss;
368 tp->ipcso = xp->lower_setup.ip_fields.ipcso;
369 tp->ipcse = le16_to_cpu(xp->lower_setup.ip_fields.ipcse);
370 tp->tucss = xp->upper_setup.tcp_fields.tucss;
371 tp->tucso = xp->upper_setup.tcp_fields.tucso;
372 tp->tucse = le16_to_cpu(xp->upper_setup.tcp_fields.tucse);
373 tp->paylen = op & 0xfffff;
374 tp->hdr_len = xp->tcp_seg_setup.fields.hdr_len;
375 tp->mss = le16_to_cpu(xp->tcp_seg_setup.fields.mss);
376 tp->ip = (op & E1000_TXD_CMD_IP) ? 1 : 0;
377 tp->tcp = (op & E1000_TXD_CMD_TCP) ? 1 : 0;
378 tp->tse = (op & E1000_TXD_CMD_TSE) ? 1 : 0;
380 if (tp->tucso == 0) { // this is probably wrong
381 DBGOUT(TXSUM, "TCP/UDP: cso 0!\n");
382 tp->tucso = tp->tucss + (tp->tcp ? 16 : 6);
385 } else if (dtype == (E1000_TXD_CMD_DEXT | E1000_TXD_DTYP_D))
386 tp->sum_needed = le32_to_cpu(dp->upper.data) >> 8;
388 addr = le64_to_cpu(dp->buffer_addr);
395 if (tp->size + bytes > msh)
396 bytes = msh - tp->size;
397 cpu_physical_memory_read(addr, tp->data + tp->size, bytes);
398 if ((sz = tp->size + bytes) >= hdr && tp->size < hdr)
399 memmove(tp->header, tp->data, hdr);
404 memmove(tp->data, tp->header, hdr);
407 } while (split_size -= bytes);
409 if (!(txd_lower & E1000_TXD_CMD_EOP))
419 txdesc_writeback(target_phys_addr_t base, struct e1000_tx_desc *dp)
421 uint32_t txd_upper, txd_lower = le32_to_cpu(dp->lower.data);
423 if (!(txd_lower & (E1000_TXD_CMD_RS|E1000_TXD_CMD_RPS)))
425 txd_upper = (le32_to_cpu(dp->upper.data) | E1000_TXD_STAT_DD) &
426 ~(E1000_TXD_STAT_EC | E1000_TXD_STAT_LC | E1000_TXD_STAT_TU);
427 dp->upper.data = cpu_to_le32(txd_upper);
428 cpu_physical_memory_write(base + ((char *)&dp->upper - (char *)dp),
429 (void *)&dp->upper, sizeof(dp->upper));
430 return E1000_ICR_TXDW;
434 start_xmit(E1000State *s)
436 target_phys_addr_t base;
437 struct e1000_tx_desc desc;
438 uint32_t tdh_start = s->mac_reg[TDH], cause = E1000_ICS_TXQE;
440 if (!(s->mac_reg[TCTL] & E1000_TCTL_EN)) {
441 DBGOUT(TX, "tx disabled\n");
445 while (s->mac_reg[TDH] != s->mac_reg[TDT]) {
446 base = ((uint64_t)s->mac_reg[TDBAH] << 32) + s->mac_reg[TDBAL] +
447 sizeof(struct e1000_tx_desc) * s->mac_reg[TDH];
448 cpu_physical_memory_read(base, (void *)&desc, sizeof(desc));
450 DBGOUT(TX, "index %d: %p : %x %x\n", s->mac_reg[TDH],
451 (void *)desc.buffer_addr, desc.lower.data,
454 process_tx_desc(s, &desc);
455 cause |= txdesc_writeback(base, &desc);
457 if (++s->mac_reg[TDH] * sizeof(desc) >= s->mac_reg[TDLEN])
460 * the following could happen only if guest sw assigns
461 * bogus values to TDT/TDLEN.
462 * there's nothing too intelligent we could do about this.
464 if (s->mac_reg[TDH] == tdh_start) {
465 DBGOUT(TXERR, "TDH wraparound @%x, TDT %x, TDLEN %x\n",
466 tdh_start, s->mac_reg[TDT], s->mac_reg[TDLEN]);
470 set_ics(s, 0, cause);
474 receive_filter(E1000State *s, const uint8_t *buf, int size)
476 static uint8_t bcast[] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
477 static int mta_shift[] = {4, 3, 2, 0};
478 uint32_t f, rctl = s->mac_reg[RCTL], ra[2], *rp;
480 if (rctl & E1000_RCTL_UPE) // promiscuous
483 if ((buf[0] & 1) && (rctl & E1000_RCTL_MPE)) // promiscuous mcast
486 if ((rctl & E1000_RCTL_BAM) && !memcmp(buf, bcast, sizeof bcast))
489 for (rp = s->mac_reg + RA; rp < s->mac_reg + RA + 32; rp += 2) {
490 if (!(rp[1] & E1000_RAH_AV))
492 ra[0] = cpu_to_le32(rp[0]);
493 ra[1] = cpu_to_le32(rp[1]);
494 if (!memcmp(buf, (uint8_t *)ra, 6)) {
496 "unicast match[%d]: %02x:%02x:%02x:%02x:%02x:%02x\n",
497 (int)(rp - s->mac_reg - RA)/2,
498 buf[0], buf[1], buf[2], buf[3], buf[4], buf[5]);
502 DBGOUT(RXFILTER, "unicast mismatch: %02x:%02x:%02x:%02x:%02x:%02x\n",
503 buf[0], buf[1], buf[2], buf[3], buf[4], buf[5]);
505 f = mta_shift[(rctl >> E1000_RCTL_MO_SHIFT) & 3];
506 f = (((buf[5] << 8) | buf[4]) >> f) & 0xfff;
507 if (s->mac_reg[MTA + (f >> 5)] & (1 << (f & 0x1f)))
510 "dropping, inexact filter mismatch: %02x:%02x:%02x:%02x:%02x:%02x MO %d MTA[%d] %x\n",
511 buf[0], buf[1], buf[2], buf[3], buf[4], buf[5],
512 (rctl >> E1000_RCTL_MO_SHIFT) & 3, f >> 5,
513 s->mac_reg[MTA + (f >> 5)]);
519 e1000_can_receive(void *opaque)
521 E1000State *s = opaque;
523 return (!(s->mac_reg[RCTL] & E1000_RCTL_EN) ||
524 s->mac_reg[RDH] != s->mac_reg[RDT]);
528 e1000_receive(void *opaque, const uint8_t *buf, int size)
530 E1000State *s = opaque;
531 struct e1000_rx_desc desc;
532 target_phys_addr_t base;
536 if (!(s->mac_reg[RCTL] & E1000_RCTL_EN))
539 if (size > s->rxbuf_size) {
540 DBGOUT(RX, "packet too large for buffers (%d > %d)\n", size,
545 if (!receive_filter(s, buf, size))
548 rdh_start = s->mac_reg[RDH];
549 size += 4; // for the header
551 if (s->mac_reg[RDH] == s->mac_reg[RDT] && s->check_rxov) {
552 set_ics(s, 0, E1000_ICS_RXO);
555 base = ((uint64_t)s->mac_reg[RDBAH] << 32) + s->mac_reg[RDBAL] +
556 sizeof(desc) * s->mac_reg[RDH];
557 cpu_physical_memory_read(base, (void *)&desc, sizeof(desc));
558 desc.status |= E1000_RXD_STAT_DD;
559 if (desc.buffer_addr) {
560 cpu_physical_memory_write(le64_to_cpu(desc.buffer_addr),
562 desc.length = cpu_to_le16(size);
563 desc.status |= E1000_RXD_STAT_EOP|E1000_RXD_STAT_IXSM;
564 } else // as per intel docs; skip descriptors with null buf addr
565 DBGOUT(RX, "Null RX descriptor!!\n");
566 cpu_physical_memory_write(base, (void *)&desc, sizeof(desc));
568 if (++s->mac_reg[RDH] * sizeof(desc) >= s->mac_reg[RDLEN])
571 /* see comment in start_xmit; same here */
572 if (s->mac_reg[RDH] == rdh_start) {
573 DBGOUT(RXERR, "RDH wraparound @%x, RDT %x, RDLEN %x\n",
574 rdh_start, s->mac_reg[RDT], s->mac_reg[RDLEN]);
575 set_ics(s, 0, E1000_ICS_RXO);
578 } while (desc.buffer_addr == 0);
582 n = s->mac_reg[TORL];
583 if ((s->mac_reg[TORL] += size) < n)
587 if ((rdt = s->mac_reg[RDT]) < s->mac_reg[RDH])
588 rdt += s->mac_reg[RDLEN] / sizeof(desc);
589 if (((rdt - s->mac_reg[RDH]) * sizeof(desc)) << s->rxbuf_min_shift >=
591 n |= E1000_ICS_RXDMT0;
597 mac_readreg(E1000State *s, int index)
599 return s->mac_reg[index];
603 mac_icr_read(E1000State *s, int index)
605 uint32_t ret = s->mac_reg[ICR];
607 DBGOUT(INTERRUPT, "ICR read: %x\n", ret);
608 set_interrupt_cause(s, 0, 0);
613 mac_read_clr4(E1000State *s, int index)
615 uint32_t ret = s->mac_reg[index];
617 s->mac_reg[index] = 0;
622 mac_read_clr8(E1000State *s, int index)
624 uint32_t ret = s->mac_reg[index];
626 s->mac_reg[index] = 0;
627 s->mac_reg[index-1] = 0;
632 mac_writereg(E1000State *s, int index, uint32_t val)
634 s->mac_reg[index] = val;
638 set_rdt(E1000State *s, int index, uint32_t val)
641 s->mac_reg[index] = val & 0xffff;
645 set_16bit(E1000State *s, int index, uint32_t val)
647 s->mac_reg[index] = val & 0xffff;
651 set_dlen(E1000State *s, int index, uint32_t val)
653 s->mac_reg[index] = val & 0xfff80;
657 set_tctl(E1000State *s, int index, uint32_t val)
659 s->mac_reg[index] = val;
660 s->mac_reg[TDT] &= 0xffff;
665 set_icr(E1000State *s, int index, uint32_t val)
667 DBGOUT(INTERRUPT, "set_icr %x\n", val);
668 set_interrupt_cause(s, 0, s->mac_reg[ICR] & ~val);
672 set_imc(E1000State *s, int index, uint32_t val)
674 s->mac_reg[IMS] &= ~val;
679 set_ims(E1000State *s, int index, uint32_t val)
681 s->mac_reg[IMS] |= val;
685 #define getreg(x) [x] = mac_readreg
686 static uint32_t (*macreg_readops[])(E1000State *, int) = {
687 getreg(PBA), getreg(RCTL), getreg(TDH), getreg(TXDCTL),
688 getreg(WUFC), getreg(TDT), getreg(CTRL), getreg(LEDCTL),
689 getreg(MANC), getreg(MDIC), getreg(SWSM), getreg(STATUS),
690 getreg(TORL), getreg(TOTL), getreg(IMS), getreg(TCTL),
691 getreg(RDH), getreg(RDT),
693 [TOTH] = mac_read_clr8, [TORH] = mac_read_clr8, [GPRC] = mac_read_clr4,
694 [GPTC] = mac_read_clr4, [TPR] = mac_read_clr4, [TPT] = mac_read_clr4,
695 [ICR] = mac_icr_read, [EECD] = get_eecd, [EERD] = flash_eerd_read,
696 [CRCERRS ... MPC] = &mac_readreg,
697 [RA ... RA+31] = &mac_readreg,
698 [MTA ... MTA+127] = &mac_readreg,
700 enum { NREADOPS = sizeof(macreg_readops) / sizeof(*macreg_readops) };
702 #define putreg(x) [x] = mac_writereg
703 static void (*macreg_writeops[])(E1000State *, int, uint32_t) = {
704 putreg(PBA), putreg(EERD), putreg(SWSM), putreg(WUFC),
705 putreg(TDBAL), putreg(TDBAH), putreg(TXDCTL), putreg(RDBAH),
706 putreg(RDBAL), putreg(LEDCTL),
707 [TDLEN] = set_dlen, [RDLEN] = set_dlen, [TCTL] = set_tctl,
708 [TDT] = set_tctl, [MDIC] = set_mdic, [ICS] = set_ics,
709 [TDH] = set_16bit, [RDH] = set_16bit, [RDT] = set_rdt,
710 [IMC] = set_imc, [IMS] = set_ims, [ICR] = set_icr,
711 [EECD] = set_eecd, [RCTL] = set_rx_control,
712 [RA ... RA+31] = &mac_writereg,
713 [MTA ... MTA+127] = &mac_writereg,
715 enum { NWRITEOPS = sizeof(macreg_writeops) / sizeof(*macreg_writeops) };
718 e1000_mmio_writel(void *opaque, target_phys_addr_t addr, uint32_t val)
720 E1000State *s = opaque;
721 unsigned int index = ((addr - s->mmio_base) & 0x1ffff) >> 2;
723 if (index < NWRITEOPS && macreg_writeops[index])
724 macreg_writeops[index](s, index, le32_to_cpu(val));
725 else if (index < NREADOPS && macreg_readops[index])
726 DBGOUT(MMIO, "e1000_mmio_writel RO %x: 0x%04x\n", index<<2, val);
728 DBGOUT(UNKNOWN, "MMIO unknown write addr=0x%08x,val=0x%08x\n",
733 e1000_mmio_writew(void *opaque, target_phys_addr_t addr, uint32_t val)
735 // emulate hw without byte enables: no RMW
736 e1000_mmio_writel(opaque, addr & ~3,
737 cpu_to_le32(le16_to_cpu(val & 0xffff) << (8*(addr & 3))));
741 e1000_mmio_writeb(void *opaque, target_phys_addr_t addr, uint32_t val)
743 // emulate hw without byte enables: no RMW
744 e1000_mmio_writel(opaque, addr & ~3,
745 cpu_to_le32((val & 0xff) << (8*(addr & 3))));
749 e1000_mmio_readl(void *opaque, target_phys_addr_t addr)
751 E1000State *s = opaque;
752 unsigned int index = ((addr - s->mmio_base) & 0x1ffff) >> 2;
754 if (index < NREADOPS && macreg_readops[index])
755 return cpu_to_le32(macreg_readops[index](s, index));
756 DBGOUT(UNKNOWN, "MMIO unknown read addr=0x%08x\n", index<<2);
761 e1000_mmio_readb(void *opaque, target_phys_addr_t addr)
763 return (le32_to_cpu(e1000_mmio_readl(opaque, addr & ~3)) >>
764 (8 * (addr & 3))) & 0xff;
768 e1000_mmio_readw(void *opaque, target_phys_addr_t addr)
770 return cpu_to_le16((le32_to_cpu(e1000_mmio_readl(opaque, addr & ~3)) >>
771 (8 * (addr & 3))) & 0xffff);
774 int mac_regtosave[] = {
775 CTRL, EECD, EERD, GPRC, GPTC, ICR, ICS, IMC, IMS,
776 LEDCTL, MANC, MDIC, MPC, PBA, RCTL, RDBAH, RDBAL, RDH,
777 RDLEN, RDT, STATUS, SWSM, TCTL, TDBAH, TDBAL, TDH, TDLEN,
778 TDT, TORH, TORL, TOTH, TOTL, TPR, TPT, TXDCTL, WUFC,
780 enum { MAC_NSAVE = sizeof mac_regtosave/sizeof *mac_regtosave };
785 } mac_regarraystosave[] = { {32, RA}, {128, MTA} };
786 enum { MAC_NARRAYS = sizeof mac_regarraystosave/sizeof *mac_regarraystosave };
789 nic_save(QEMUFile *f, void *opaque)
791 E1000State *s = (E1000State *)opaque;
794 pci_device_save(&s->dev, f);
795 qemu_put_be32s(f, &s->instance);
796 qemu_put_be32s(f, &s->mmio_base);
797 qemu_put_be32s(f, &s->rxbuf_size);
798 qemu_put_be32s(f, &s->rxbuf_min_shift);
799 qemu_put_be32s(f, &s->eecd_state.val_in);
800 qemu_put_be16s(f, &s->eecd_state.bitnum_in);
801 qemu_put_be16s(f, &s->eecd_state.bitnum_out);
802 qemu_put_be16s(f, &s->eecd_state.reading);
803 qemu_put_be32s(f, &s->eecd_state.old_eecd);
804 qemu_put_8s(f, &s->tx.ipcss);
805 qemu_put_8s(f, &s->tx.ipcso);
806 qemu_put_be16s(f, &s->tx.ipcse);
807 qemu_put_8s(f, &s->tx.tucss);
808 qemu_put_8s(f, &s->tx.tucso);
809 qemu_put_be16s(f, &s->tx.tucse);
810 qemu_put_be32s(f, &s->tx.paylen);
811 qemu_put_8s(f, &s->tx.hdr_len);
812 qemu_put_be16s(f, &s->tx.mss);
813 qemu_put_be16s(f, &s->tx.size);
814 qemu_put_be16s(f, &s->tx.tso_frames);
815 qemu_put_8s(f, &s->tx.sum_needed);
816 qemu_put_8s(f, &s->tx.ip);
817 qemu_put_8s(f, &s->tx.tcp);
818 qemu_put_buffer(f, s->tx.header, sizeof s->tx.header);
819 qemu_put_buffer(f, s->tx.data, sizeof s->tx.data);
820 for (i = 0; i < 64; i++)
821 qemu_put_be16s(f, s->eeprom_data + i);
822 for (i = 0; i < 0x20; i++)
823 qemu_put_be16s(f, s->phy_reg + i);
824 for (i = 0; i < MAC_NSAVE; i++)
825 qemu_put_be32s(f, s->mac_reg + mac_regtosave[i]);
826 for (i = 0; i < MAC_NARRAYS; i++)
827 for (j = 0; j < mac_regarraystosave[i].size; j++)
829 s->mac_reg + mac_regarraystosave[i].array0 + j);
833 nic_load(QEMUFile *f, void *opaque, int version_id)
835 E1000State *s = (E1000State *)opaque;
838 if ((ret = pci_device_load(&s->dev, f)) < 0)
840 qemu_get_be32s(f, &s->instance);
841 qemu_get_be32s(f, &s->mmio_base);
842 qemu_get_be32s(f, &s->rxbuf_size);
843 qemu_get_be32s(f, &s->rxbuf_min_shift);
844 qemu_get_be32s(f, &s->eecd_state.val_in);
845 qemu_get_be16s(f, &s->eecd_state.bitnum_in);
846 qemu_get_be16s(f, &s->eecd_state.bitnum_out);
847 qemu_get_be16s(f, &s->eecd_state.reading);
848 qemu_get_be32s(f, &s->eecd_state.old_eecd);
849 qemu_get_8s(f, &s->tx.ipcss);
850 qemu_get_8s(f, &s->tx.ipcso);
851 qemu_get_be16s(f, &s->tx.ipcse);
852 qemu_get_8s(f, &s->tx.tucss);
853 qemu_get_8s(f, &s->tx.tucso);
854 qemu_get_be16s(f, &s->tx.tucse);
855 qemu_get_be32s(f, &s->tx.paylen);
856 qemu_get_8s(f, &s->tx.hdr_len);
857 qemu_get_be16s(f, &s->tx.mss);
858 qemu_get_be16s(f, &s->tx.size);
859 qemu_get_be16s(f, &s->tx.tso_frames);
860 qemu_get_8s(f, &s->tx.sum_needed);
861 qemu_get_8s(f, &s->tx.ip);
862 qemu_get_8s(f, &s->tx.tcp);
863 qemu_get_buffer(f, s->tx.header, sizeof s->tx.header);
864 qemu_get_buffer(f, s->tx.data, sizeof s->tx.data);
865 for (i = 0; i < 64; i++)
866 qemu_get_be16s(f, s->eeprom_data + i);
867 for (i = 0; i < 0x20; i++)
868 qemu_get_be16s(f, s->phy_reg + i);
869 for (i = 0; i < MAC_NSAVE; i++)
870 qemu_get_be32s(f, s->mac_reg + mac_regtosave[i]);
871 for (i = 0; i < MAC_NARRAYS; i++)
872 for (j = 0; j < mac_regarraystosave[i].size; j++)
874 s->mac_reg + mac_regarraystosave[i].array0 + j);
878 static uint16_t e1000_eeprom_template[64] = {
879 0x0000, 0x0000, 0x0000, 0x0000, 0xffff, 0x0000, 0x0000, 0x0000,
880 0x3000, 0x1000, 0x6403, E1000_DEVID, 0x8086, E1000_DEVID, 0x8086, 0x3040,
881 0x0008, 0x2000, 0x7e14, 0x0048, 0x1000, 0x00d8, 0x0000, 0x2700,
882 0x6cc9, 0x3150, 0x0722, 0x040b, 0x0984, 0x0000, 0xc000, 0x0706,
883 0x1008, 0x0000, 0x0f04, 0x7fff, 0x4d01, 0xffff, 0xffff, 0xffff,
884 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
885 0x0100, 0x4000, 0x121c, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
886 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0x0000,
889 static uint16_t phy_reg_init[] = {
890 [PHY_CTRL] = 0x1140, [PHY_STATUS] = 0x796d, // link initially up
891 [PHY_ID1] = 0x141, [PHY_ID2] = PHY_ID2_INIT,
892 [PHY_1000T_CTRL] = 0x0e00, [M88E1000_PHY_SPEC_CTRL] = 0x360,
893 [M88E1000_EXT_PHY_SPEC_CTRL] = 0x0d60, [PHY_AUTONEG_ADV] = 0xde1,
894 [PHY_LP_ABILITY] = 0x1e0, [PHY_1000T_STATUS] = 0x3c00,
897 static uint32_t mac_reg_init[] = {
900 [CTRL] = E1000_CTRL_SWDPIN2 | E1000_CTRL_SWDPIN0 |
901 E1000_CTRL_SPD_1000 | E1000_CTRL_SLU,
902 [STATUS] = 0x80000000 | E1000_STATUS_GIO_MASTER_ENABLE |
903 E1000_STATUS_ASDV | E1000_STATUS_MTXCKOK |
904 E1000_STATUS_SPEED_1000 | E1000_STATUS_FD |
906 [MANC] = E1000_MANC_EN_MNG2HOST | E1000_MANC_RCV_TCO_EN |
907 E1000_MANC_ARP_EN | E1000_MANC_0298_EN |
913 static CPUWriteMemoryFunc *e1000_mmio_write[] = {
914 e1000_mmio_writeb, e1000_mmio_writew, e1000_mmio_writel
917 static CPUReadMemoryFunc *e1000_mmio_read[] = {
918 e1000_mmio_readb, e1000_mmio_readw, e1000_mmio_readl
922 e1000_mmio_map(PCIDevice *pci_dev, int region_num,
923 uint32_t addr, uint32_t size, int type)
925 E1000State *d = (E1000State *)pci_dev;
927 DBGOUT(MMIO, "e1000_mmio_map addr=0x%08x 0x%08x\n", addr, size);
930 cpu_register_physical_memory(addr, PNPMMIO_SIZE, d->mmio_index);
934 pci_e1000_init(PCIBus *bus, NICInfo *nd, int devfn)
939 uint16_t checksum = 0;
940 char *info_str = "e1000";
943 d = (E1000State *)pci_register_device(bus, "e1000",
944 sizeof(E1000State), devfn, NULL, NULL);
946 pci_conf = d->dev.config;
947 memset(pci_conf, 0, 256);
949 *(uint16_t *)(pci_conf+0x00) = cpu_to_le16(0x8086);
950 *(uint16_t *)(pci_conf+0x02) = cpu_to_le16(E1000_DEVID);
951 *(uint16_t *)(pci_conf+0x04) = cpu_to_le16(0x0407);
952 *(uint16_t *)(pci_conf+0x06) = cpu_to_le16(0x0010);
953 pci_conf[0x08] = 0x03;
954 pci_conf[0x0a] = 0x00; // ethernet network controller
955 pci_conf[0x0b] = 0x02;
956 pci_conf[0x0c] = 0x10;
958 pci_conf[0x3d] = 1; // interrupt pin 0
960 d->mmio_index = cpu_register_io_memory(0, e1000_mmio_read,
961 e1000_mmio_write, d);
963 pci_register_io_region((PCIDevice *)d, 0, PNPMMIO_SIZE,
964 PCI_ADDRESS_SPACE_MEM, e1000_mmio_map);
966 pci_register_io_region((PCIDevice *)d, 1, IOPORT_SIZE,
967 PCI_ADDRESS_SPACE_IO, ioport_map);
969 d->instance = instance++;
972 memmove(d->eeprom_data, e1000_eeprom_template,
973 sizeof e1000_eeprom_template);
974 for (i = 0; i < 3; i++)
975 d->eeprom_data[i] = (nd->macaddr[2*i+1]<<8) | nd->macaddr[2*i];
976 for (i = 0; i < EEPROM_CHECKSUM_REG; i++)
977 checksum += d->eeprom_data[i];
978 checksum = (uint16_t) EEPROM_SUM - checksum;
979 d->eeprom_data[EEPROM_CHECKSUM_REG] = checksum;
981 memset(d->phy_reg, 0, sizeof d->phy_reg);
982 memmove(d->phy_reg, phy_reg_init, sizeof phy_reg_init);
983 memset(d->mac_reg, 0, sizeof d->mac_reg);
984 memmove(d->mac_reg, mac_reg_init, sizeof mac_reg_init);
985 d->rxbuf_min_shift = 1;
986 memset(&d->tx, 0, sizeof d->tx);
988 d->vc = qemu_new_vlan_client(nd->vlan, e1000_receive,
989 e1000_can_receive, d);
991 snprintf(d->vc->info_str, sizeof(d->vc->info_str),
992 "%s macaddr=%02x:%02x:%02x:%02x:%02x:%02x", info_str,
993 d->nd->macaddr[0], d->nd->macaddr[1], d->nd->macaddr[2],
994 d->nd->macaddr[3], d->nd->macaddr[4], d->nd->macaddr[5]);
996 register_savevm(info_str, d->instance, 1, nic_save, nic_load, d);
projects / qemu / blob