2 * SMSC 91C111 Ethernet interface emulation
4 * Copyright (c) 2005 CodeSourcery, LLC.
5 * Written by Paul Brook
7 * This code is licenced under the GPL
16 /* Number of 2k memory pages available. */
32 /* Bitmask of allocated packets. */
35 int tx_fifo[NUM_PACKETS];
37 int rx_fifo[NUM_PACKETS];
39 int tx_fifo_done[NUM_PACKETS];
41 /* Packet buffer memory. */
42 uint8_t data[NUM_PACKETS][2048];
48 #define RCR_SOFT_RST 0x8000
49 #define RCR_STRIP_CRC 0x0200
50 #define RCR_RXEN 0x0100
52 #define TCR_EPH_LOOP 0x2000
53 #define TCR_NOCRC 0x0100
54 #define TCR_PAD_EN 0x0080
55 #define TCR_FORCOL 0x0004
56 #define TCR_LOOP 0x0002
57 #define TCR_TXEN 0x0001
62 #define INT_RX_OVRN 0x10
63 #define INT_ALLOC 0x08
64 #define INT_TX_EMPTY 0x04
68 #define CTR_AUTO_RELEASE 0x0800
69 #define CTR_RELOAD 0x0002
70 #define CTR_STORE 0x0001
72 #define RS_ALGNERR 0x8000
73 #define RS_BRODCAST 0x4000
74 #define RS_BADCRC 0x2000
75 #define RS_ODDFRAME 0x1000
76 #define RS_TOOLONG 0x0800
77 #define RS_TOOSHORT 0x0400
78 #define RS_MULTICAST 0x0001
80 /* Update interrupt status. */
81 static void smc91c111_update(smc91c111_state *s)
85 if (s->tx_fifo_len == 0)
86 s->int_level |= INT_TX_EMPTY;
87 if (s->tx_fifo_done_len != 0)
88 s->int_level |= INT_TX;
89 level = (s->int_level & s->int_mask) != 0;
90 qemu_set_irq(s->irq, level);
93 /* Try to allocate a packet. Returns 0x80 on failure. */
94 static int smc91c111_allocate_packet(smc91c111_state *s)
97 if (s->allocated == (1 << NUM_PACKETS) - 1) {
101 for (i = 0; i < NUM_PACKETS; i++) {
102 if ((s->allocated & (1 << i)) == 0)
105 s->allocated |= 1 << i;
110 /* Process a pending TX allocate. */
111 static void smc91c111_tx_alloc(smc91c111_state *s)
113 s->tx_alloc = smc91c111_allocate_packet(s);
114 if (s->tx_alloc == 0x80)
116 s->int_level |= INT_ALLOC;
120 /* Remove and item from the RX FIFO. */
121 static void smc91c111_pop_rx_fifo(smc91c111_state *s)
126 if (s->rx_fifo_len) {
127 for (i = 0; i < s->rx_fifo_len; i++)
128 s->rx_fifo[i] = s->rx_fifo[i + 1];
129 s->int_level |= INT_RCV;
131 s->int_level &= ~INT_RCV;
136 /* Remove an item from the TX completion FIFO. */
137 static void smc91c111_pop_tx_fifo_done(smc91c111_state *s)
141 if (s->tx_fifo_done_len == 0)
143 s->tx_fifo_done_len--;
144 for (i = 0; i < s->tx_fifo_done_len; i++)
145 s->tx_fifo_done[i] = s->tx_fifo_done[i + 1];
148 /* Release the memory allocated to a packet. */
149 static void smc91c111_release_packet(smc91c111_state *s, int packet)
151 s->allocated &= ~(1 << packet);
152 if (s->tx_alloc == 0x80)
153 smc91c111_tx_alloc(s);
156 /* Flush the TX FIFO. */
157 static void smc91c111_do_tx(smc91c111_state *s)
166 if ((s->tcr & TCR_TXEN) == 0)
168 if (s->tx_fifo_len == 0)
170 for (i = 0; i < s->tx_fifo_len; i++) {
171 packetnum = s->tx_fifo[i];
172 p = &s->data[packetnum][0];
173 /* Set status word. */
177 len |= ((int)*(p++)) << 8;
179 control = p[len + 1];
182 /* ??? This overwrites the data following the buffer.
183 Don't know what real hardware does. */
184 if (len < 64 && (s->tcr & TCR_PAD_EN)) {
185 memset(p + len, 0, 64 - len);
189 /* The card is supposed to append the CRC to the frame. However
190 none of the other network traffic has the CRC appended.
191 Suspect this is low level ethernet detail we don't need to worry
193 add_crc = (control & 0x10) || (s->tcr & TCR_NOCRC) == 0;
197 crc = crc32(~0, p, len);
198 memcpy(p + len, &crc, 4);
204 if (s->ctr & CTR_AUTO_RELEASE)
206 smc91c111_release_packet(s, packetnum);
207 else if (s->tx_fifo_done_len < NUM_PACKETS)
208 s->tx_fifo_done[s->tx_fifo_done_len++] = packetnum;
209 qemu_send_packet(s->vc, p, len);
215 /* Add a packet to the TX FIFO. */
216 static void smc91c111_queue_tx(smc91c111_state *s, int packet)
218 if (s->tx_fifo_len == NUM_PACKETS)
220 s->tx_fifo[s->tx_fifo_len++] = packet;
224 static void smc91c111_reset(smc91c111_state *s)
228 s->tx_fifo_done_len = 0;
239 s->int_level = INT_TX_EMPTY;
244 #define SET_LOW(name, val) s->name = (s->name & 0xff00) | val
245 #define SET_HIGH(name, val) s->name = (s->name & 0xff) | (val << 8)
247 static void smc91c111_writeb(void *opaque, target_phys_addr_t offset,
250 smc91c111_state *s = (smc91c111_state *)opaque;
265 SET_HIGH(tcr, value);
271 SET_HIGH(rcr, value);
272 if (s->rcr & RCR_SOFT_RST)
275 case 10: case 11: /* RPCR */
289 case 2: case 3: /* BASE */
290 case 4: case 5: case 6: case 7: case 8: case 9: /* IA */
291 /* Not implemented. */
293 case 10: /* Genral Purpose */
297 SET_HIGH(gpr, value);
299 case 12: /* Control */
301 fprintf(stderr, "smc91c111:EEPROM store not implemented\n");
303 fprintf(stderr, "smc91c111:EEPROM reload not implemented\n");
308 SET_HIGH(ctr, value);
315 case 0: /* MMU Command */
316 switch (value >> 5) {
319 case 1: /* Allocate for TX. */
321 s->int_level &= ~INT_ALLOC;
323 smc91c111_tx_alloc(s);
325 case 2: /* Reset MMU. */
328 s->tx_fifo_done_len = 0;
332 case 3: /* Remove from RX FIFO. */
333 smc91c111_pop_rx_fifo(s);
335 case 4: /* Remove from RX FIFO and release. */
336 if (s->rx_fifo_len > 0) {
337 smc91c111_release_packet(s, s->rx_fifo[0]);
339 smc91c111_pop_rx_fifo(s);
341 case 5: /* Release. */
342 smc91c111_release_packet(s, s->packet_num);
344 case 6: /* Add to TX FIFO. */
345 smc91c111_queue_tx(s, s->packet_num);
347 case 7: /* Reset TX FIFO. */
349 s->tx_fifo_done_len = 0;
356 case 2: /* Packet Number Register */
357 s->packet_num = value;
359 case 3: case 4: case 5:
360 /* Should be readonly, but linux writes to them anyway. Ignore. */
362 case 6: /* Pointer */
366 SET_HIGH(ptr, value);
368 case 8: case 9: case 10: case 11: /* Data */
378 if (s->ptr & 0x4000) {
379 s->ptr = (s->ptr & 0xf800) | ((s->ptr + 1) & 0x7ff);
383 s->data[n][p] = value;
386 case 12: /* Interrupt ACK. */
387 s->int_level &= ~(value & 0xd6);
389 smc91c111_pop_tx_fifo_done(s);
392 case 13: /* Interrupt mask. */
401 case 0: case 1: case 2: case 3: case 4: case 5: case 6: case 7:
402 /* Multicast table. */
403 /* Not implemented. */
405 case 8: case 9: /* Management Interface. */
406 /* Not implemented. */
408 case 12: /* Early receive. */
409 s->ercv = value & 0x1f;
416 cpu_abort (cpu_single_env, "smc91c111_write: Bad reg %d:%x\n",
417 s->bank, (int)offset);
420 static uint32_t smc91c111_readb(void *opaque, target_phys_addr_t offset)
422 smc91c111_state *s = (smc91c111_state *)opaque;
433 return s->tcr & 0xff;
436 case 2: /* EPH Status */
441 return s->rcr & 0xff;
444 case 6: /* Counter */
446 /* Not implemented. */
448 case 8: /* Memory size. */
450 case 9: /* Free memory available. */
455 for (i = 0; i < NUM_PACKETS; i++) {
456 if (s->allocated & (1 << i))
461 case 10: case 11: /* RPCR */
462 /* Not implemented. */
473 case 2: case 3: /* BASE */
474 /* Not implemented. */
476 case 4: case 5: case 6: case 7: case 8: case 9: /* IA */
477 return s->macaddr[offset - 4];
478 case 10: /* General Purpose */
479 return s->gpr & 0xff;
482 case 12: /* Control */
483 return s->ctr & 0xff;
491 case 0: case 1: /* MMUCR Busy bit. */
493 case 2: /* Packet Number. */
494 return s->packet_num;
495 case 3: /* Allocation Result. */
497 case 4: /* TX FIFO */
498 if (s->tx_fifo_done_len == 0)
501 return s->tx_fifo_done[0];
502 case 5: /* RX FIFO */
503 if (s->rx_fifo_len == 0)
506 return s->rx_fifo[0];
507 case 6: /* Pointer */
508 return s->ptr & 0xff;
510 return (s->ptr >> 8) & 0xf7;
511 case 8: case 9: case 10: case 11: /* Data */
521 if (s->ptr & 0x4000) {
522 s->ptr = (s->ptr & 0xf800) | ((s->ptr + 1) & 0x07ff);
526 return s->data[n][p];
528 case 12: /* Interrupt status. */
530 case 13: /* Interrupt mask. */
537 case 0: case 1: case 2: case 3: case 4: case 5: case 6: case 7:
538 /* Multicast table. */
539 /* Not implemented. */
541 case 8: /* Management Interface. */
542 /* Not implemented. */
546 case 10: /* Revision. */
557 cpu_abort (cpu_single_env, "smc91c111_read: Bad reg %d:%x\n",
558 s->bank, (int)offset);
562 static void smc91c111_writew(void *opaque, target_phys_addr_t offset,
565 smc91c111_writeb(opaque, offset, value & 0xff);
566 smc91c111_writeb(opaque, offset + 1, value >> 8);
569 static void smc91c111_writel(void *opaque, target_phys_addr_t offset,
572 /* 32-bit writes to offset 0xc only actually write to the bank select
573 register (offset 0xe) */
575 smc91c111_writew(opaque, offset, value & 0xffff);
576 smc91c111_writew(opaque, offset + 2, value >> 16);
579 static uint32_t smc91c111_readw(void *opaque, target_phys_addr_t offset)
582 val = smc91c111_readb(opaque, offset);
583 val |= smc91c111_readb(opaque, offset + 1) << 8;
587 static uint32_t smc91c111_readl(void *opaque, target_phys_addr_t offset)
590 val = smc91c111_readw(opaque, offset);
591 val |= smc91c111_readw(opaque, offset + 2) << 16;
595 static int smc91c111_can_receive(void *opaque)
597 smc91c111_state *s = (smc91c111_state *)opaque;
599 if ((s->rcr & RCR_RXEN) == 0 || (s->rcr & RCR_SOFT_RST))
601 if (s->allocated == (1 << NUM_PACKETS) - 1)
606 static void smc91c111_receive(void *opaque, const uint8_t *buf, int size)
608 smc91c111_state *s = (smc91c111_state *)opaque;
615 if ((s->rcr & RCR_RXEN) == 0 || (s->rcr & RCR_SOFT_RST))
617 /* Short packets are padded with zeros. Receiving a packet
618 < 64 bytes long is considered an error condition. */
622 packetsize = (size & ~1);
624 crc = (s->rcr & RCR_STRIP_CRC) == 0;
627 /* TODO: Flag overrun and receive errors. */
628 if (packetsize > 2048)
630 packetnum = smc91c111_allocate_packet(s);
631 if (packetnum == 0x80)
633 s->rx_fifo[s->rx_fifo_len++] = packetnum;
635 p = &s->data[packetnum][0];
636 /* ??? Multicast packets? */
639 status |= RS_TOOLONG;
641 status |= RS_ODDFRAME;
642 *(p++) = status & 0xff;
643 *(p++) = status >> 8;
644 *(p++) = packetsize & 0xff;
645 *(p++) = packetsize >> 8;
646 memcpy(p, buf, size & ~1);
648 /* Pad short packets. */
653 *(p++) = buf[size - 1];
659 /* It's not clear if the CRC should go before or after the last byte in
660 odd sized packets. Linux disables the CRC, so that's no help.
661 The pictures in the documentation show the CRC aligned on a 16-bit
662 boundary before the last odd byte, so that's what we do. */
664 crc = crc32(~0, buf, size);
665 *(p++) = crc & 0xff; crc >>= 8;
666 *(p++) = crc & 0xff; crc >>= 8;
667 *(p++) = crc & 0xff; crc >>= 8;
668 *(p++) = crc & 0xff; crc >>= 8;
671 *(p++) = buf[size - 1];
677 /* TODO: Raise early RX interrupt? */
678 s->int_level |= INT_RCV;
682 static CPUReadMemoryFunc *smc91c111_readfn[] = {
688 static CPUWriteMemoryFunc *smc91c111_writefn[] = {
694 int smc91c111_iomemtype(void *opaque) {
695 smc91c111_state *s=(smc91c111_state *) opaque;
699 void *smc91c111_init(NICInfo *nd, uint32_t base, qemu_irq irq, int phys_alloc)
703 qemu_check_nic_model(nd, "smc91c111");
705 s = (smc91c111_state *)qemu_mallocz(sizeof(smc91c111_state));
706 s->iomemtype = cpu_register_io_memory(0, smc91c111_readfn,
707 smc91c111_writefn, s);
709 cpu_register_physical_memory(base, 16, s->iomemtype);
711 memcpy(s->macaddr, nd->macaddr, 6);
715 s->vc = qemu_new_vlan_client(nd->vlan, nd->model, nd->name,
716 smc91c111_receive, smc91c111_can_receive, s);
717 qemu_format_nic_info_str(s->vc, s->macaddr);
718 /* ??? Save/restore. */
projects / qemu / blob