4 * Nir Peleg, Tutis Systems Ltd. for Qumranet Inc.
5 * Copyright (c) 2008 Qumranet
6 * Based on work done by:
7 * Copyright (c) 2007 Dan Aloni
8 * Copyright (c) 2004 Antony T Curtis
10 * This library is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU Lesser General Public
12 * License as published by the Free Software Foundation; either
13 * version 2 of the License, or (at your option) any later version.
15 * This library is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
18 * Lesser General Public License for more details.
20 * You should have received a copy of the GNU Lesser General Public
21 * License along with this library; if not, write to the Free Software
22 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston MA 02110-1301 USA
36 DEBUG_GENERAL, DEBUG_IO, DEBUG_MMIO, DEBUG_INTERRUPT,
37 DEBUG_RX, DEBUG_TX, DEBUG_MDIC, DEBUG_EEPROM,
38 DEBUG_UNKNOWN, DEBUG_TXSUM, DEBUG_TXERR, DEBUG_RXERR,
39 DEBUG_RXFILTER, DEBUG_NOTYET,
41 #define DBGBIT(x) (1<<DEBUG_##x)
42 static int debugflags = DBGBIT(TXERR) | DBGBIT(GENERAL);
44 #define DBGOUT(what, fmt, ...) do { \
45 if (debugflags & DBGBIT(what)) \
46 fprintf(stderr, "e1000: " fmt, ## __VA_ARGS__); \
49 #define DBGOUT(what, fmt, ...) do {} while (0)
52 #define IOPORT_SIZE 0x40
53 #define PNPMMIO_SIZE 0x20000
57 * E1000_DEV_ID_82540EM works with Windows and Linux
58 * E1000_DEV_ID_82573L OK with windoze and Linux 2.6.22,
59 * appears to perform better than 82540EM, but breaks with Linux 2.6.18
60 * E1000_DEV_ID_82544GC_COPPER appears to work; not well tested
63 enum { E1000_DEVID = E1000_DEV_ID_82540EM };
66 * May need to specify additional MAC-to-PHY entries --
67 * Intel's Windows driver refuses to initialize unless they match
70 PHY_ID2_INIT = E1000_DEVID == E1000_DEV_ID_82573L ? 0xcc2 :
71 E1000_DEVID == E1000_DEV_ID_82544GC_COPPER ? 0xc30 :
72 /* default to E1000_DEV_ID_82540EM */ 0xc20
75 typedef struct E1000State_st {
80 uint32_t mac_reg[0x8000];
81 uint16_t phy_reg[0x20];
82 uint16_t eeprom_data[64];
85 uint32_t rxbuf_min_shift;
88 unsigned char header[256];
89 unsigned char vlan_header[4];
90 unsigned char vlan[4];
91 unsigned char data[0x10000];
93 unsigned char sum_needed;
94 unsigned char vlan_needed;
108 char cptse; // current packet tse bit
112 uint32_t val_in; // shifted in from guest driver
120 #define defreg(x) x = (E1000_##x>>2)
122 defreg(CTRL), defreg(EECD), defreg(EERD), defreg(GPRC),
123 defreg(GPTC), defreg(ICR), defreg(ICS), defreg(IMC),
124 defreg(IMS), defreg(LEDCTL), defreg(MANC), defreg(MDIC),
125 defreg(MPC), defreg(PBA), defreg(RCTL), defreg(RDBAH),
126 defreg(RDBAL), defreg(RDH), defreg(RDLEN), defreg(RDT),
127 defreg(STATUS), defreg(SWSM), defreg(TCTL), defreg(TDBAH),
128 defreg(TDBAL), defreg(TDH), defreg(TDLEN), defreg(TDT),
129 defreg(TORH), defreg(TORL), defreg(TOTH), defreg(TOTL),
130 defreg(TPR), defreg(TPT), defreg(TXDCTL), defreg(WUFC),
131 defreg(RA), defreg(MTA), defreg(CRCERRS),defreg(VFTA),
135 enum { PHY_R = 1, PHY_W = 2, PHY_RW = PHY_R | PHY_W };
136 static const char phy_regcap[0x20] = {
137 [PHY_STATUS] = PHY_R, [M88E1000_EXT_PHY_SPEC_CTRL] = PHY_RW,
138 [PHY_ID1] = PHY_R, [M88E1000_PHY_SPEC_CTRL] = PHY_RW,
139 [PHY_CTRL] = PHY_RW, [PHY_1000T_CTRL] = PHY_RW,
140 [PHY_LP_ABILITY] = PHY_R, [PHY_1000T_STATUS] = PHY_R,
141 [PHY_AUTONEG_ADV] = PHY_RW, [M88E1000_RX_ERR_CNTR] = PHY_R,
142 [PHY_ID2] = PHY_R, [M88E1000_PHY_SPEC_STATUS] = PHY_R
146 ioport_map(PCIDevice *pci_dev, int region_num, uint32_t addr,
147 uint32_t size, int type)
149 DBGOUT(IO, "e1000_ioport_map addr=0x%04x size=0x%08x\n", addr, size);
153 set_interrupt_cause(E1000State *s, int index, uint32_t val)
156 val |= E1000_ICR_INT_ASSERTED;
157 s->mac_reg[ICR] = val;
158 qemu_set_irq(s->dev.irq[0], (s->mac_reg[IMS] & s->mac_reg[ICR]) != 0);
162 set_ics(E1000State *s, int index, uint32_t val)
164 DBGOUT(INTERRUPT, "set_ics %x, ICR %x, IMR %x\n", val, s->mac_reg[ICR],
166 set_interrupt_cause(s, 0, val | s->mac_reg[ICR]);
170 rxbufsize(uint32_t v)
172 v &= E1000_RCTL_BSEX | E1000_RCTL_SZ_16384 | E1000_RCTL_SZ_8192 |
173 E1000_RCTL_SZ_4096 | E1000_RCTL_SZ_2048 | E1000_RCTL_SZ_1024 |
174 E1000_RCTL_SZ_512 | E1000_RCTL_SZ_256;
176 case E1000_RCTL_BSEX | E1000_RCTL_SZ_16384:
178 case E1000_RCTL_BSEX | E1000_RCTL_SZ_8192:
180 case E1000_RCTL_BSEX | E1000_RCTL_SZ_4096:
182 case E1000_RCTL_SZ_1024:
184 case E1000_RCTL_SZ_512:
186 case E1000_RCTL_SZ_256:
193 set_ctrl(E1000State *s, int index, uint32_t val)
195 /* RST is self clearing */
196 s->mac_reg[CTRL] = val & ~E1000_CTRL_RST;
200 set_rx_control(E1000State *s, int index, uint32_t val)
202 s->mac_reg[RCTL] = val;
203 s->rxbuf_size = rxbufsize(val);
204 s->rxbuf_min_shift = ((val / E1000_RCTL_RDMTS_QUAT) & 3) + 1;
205 DBGOUT(RX, "RCTL: %d, mac_reg[RCTL] = 0x%x\n", s->mac_reg[RDT],
210 set_mdic(E1000State *s, int index, uint32_t val)
212 uint32_t data = val & E1000_MDIC_DATA_MASK;
213 uint32_t addr = ((val & E1000_MDIC_REG_MASK) >> E1000_MDIC_REG_SHIFT);
215 if ((val & E1000_MDIC_PHY_MASK) >> E1000_MDIC_PHY_SHIFT != 1) // phy #
216 val = s->mac_reg[MDIC] | E1000_MDIC_ERROR;
217 else if (val & E1000_MDIC_OP_READ) {
218 DBGOUT(MDIC, "MDIC read reg 0x%x\n", addr);
219 if (!(phy_regcap[addr] & PHY_R)) {
220 DBGOUT(MDIC, "MDIC read reg %x unhandled\n", addr);
221 val |= E1000_MDIC_ERROR;
223 val = (val ^ data) | s->phy_reg[addr];
224 } else if (val & E1000_MDIC_OP_WRITE) {
225 DBGOUT(MDIC, "MDIC write reg 0x%x, value 0x%x\n", addr, data);
226 if (!(phy_regcap[addr] & PHY_W)) {
227 DBGOUT(MDIC, "MDIC write reg %x unhandled\n", addr);
228 val |= E1000_MDIC_ERROR;
230 s->phy_reg[addr] = data;
232 s->mac_reg[MDIC] = val | E1000_MDIC_READY;
233 set_ics(s, 0, E1000_ICR_MDAC);
237 get_eecd(E1000State *s, int index)
239 uint32_t ret = E1000_EECD_PRES|E1000_EECD_GNT | s->eecd_state.old_eecd;
241 DBGOUT(EEPROM, "reading eeprom bit %d (reading %d)\n",
242 s->eecd_state.bitnum_out, s->eecd_state.reading);
243 if (!s->eecd_state.reading ||
244 ((s->eeprom_data[(s->eecd_state.bitnum_out >> 4) & 0x3f] >>
245 ((s->eecd_state.bitnum_out & 0xf) ^ 0xf))) & 1)
246 ret |= E1000_EECD_DO;
251 set_eecd(E1000State *s, int index, uint32_t val)
253 uint32_t oldval = s->eecd_state.old_eecd;
255 s->eecd_state.old_eecd = val & (E1000_EECD_SK | E1000_EECD_CS |
256 E1000_EECD_DI|E1000_EECD_FWE_MASK|E1000_EECD_REQ);
257 if (!(E1000_EECD_SK & (val ^ oldval))) // no clock edge
259 if (!(E1000_EECD_SK & val)) { // falling edge
260 s->eecd_state.bitnum_out++;
263 if (!(val & E1000_EECD_CS)) { // rising, no CS (EEPROM reset)
264 memset(&s->eecd_state, 0, sizeof s->eecd_state);
267 s->eecd_state.val_in <<= 1;
268 if (val & E1000_EECD_DI)
269 s->eecd_state.val_in |= 1;
270 if (++s->eecd_state.bitnum_in == 9 && !s->eecd_state.reading) {
271 s->eecd_state.bitnum_out = ((s->eecd_state.val_in & 0x3f)<<4)-1;
272 s->eecd_state.reading = (((s->eecd_state.val_in >> 6) & 7) ==
273 EEPROM_READ_OPCODE_MICROWIRE);
275 DBGOUT(EEPROM, "eeprom bitnum in %d out %d, reading %d\n",
276 s->eecd_state.bitnum_in, s->eecd_state.bitnum_out,
277 s->eecd_state.reading);
281 flash_eerd_read(E1000State *s, int x)
283 unsigned int index, r = s->mac_reg[EERD] & ~E1000_EEPROM_RW_REG_START;
285 if ((index = r >> E1000_EEPROM_RW_ADDR_SHIFT) > EEPROM_CHECKSUM_REG)
287 return (s->eeprom_data[index] << E1000_EEPROM_RW_REG_DATA) |
288 E1000_EEPROM_RW_REG_DONE | r;
292 putsum(uint8_t *data, uint32_t n, uint32_t sloc, uint32_t css, uint32_t cse)
299 sum = net_checksum_add(n-css, data+css);
300 cpu_to_be16wu((uint16_t *)(data + sloc),
301 net_checksum_finish(sum));
306 vlan_enabled(E1000State *s)
308 return ((s->mac_reg[CTRL] & E1000_CTRL_VME) != 0);
312 vlan_rx_filter_enabled(E1000State *s)
314 return ((s->mac_reg[RCTL] & E1000_RCTL_VFE) != 0);
318 is_vlan_packet(E1000State *s, const uint8_t *buf)
320 return (be16_to_cpup((uint16_t *)(buf + 12)) ==
321 le16_to_cpup((uint16_t *)(s->mac_reg + VET)));
325 is_vlan_txd(uint32_t txd_lower)
327 return ((txd_lower & E1000_TXD_CMD_VLE) != 0);
331 xmit_seg(E1000State *s)
334 unsigned int frames = s->tx.tso_frames, css, sofar, n;
335 struct e1000_tx *tp = &s->tx;
337 if (tp->tse && tp->cptse) {
339 DBGOUT(TXSUM, "frames %d size %d ipcss %d\n",
340 frames, tp->size, css);
341 if (tp->ip) { // IPv4
342 cpu_to_be16wu((uint16_t *)(tp->data+css+2),
344 cpu_to_be16wu((uint16_t *)(tp->data+css+4),
345 be16_to_cpup((uint16_t *)(tp->data+css+4))+frames);
347 cpu_to_be16wu((uint16_t *)(tp->data+css+4),
350 len = tp->size - css;
351 DBGOUT(TXSUM, "tcp %d tucss %d len %d\n", tp->tcp, css, len);
353 sofar = frames * tp->mss;
354 cpu_to_be32wu((uint32_t *)(tp->data+css+4), // seq
355 be32_to_cpupu((uint32_t *)(tp->data+css+4))+sofar);
356 if (tp->paylen - sofar > tp->mss)
357 tp->data[css + 13] &= ~9; // PSH, FIN
359 cpu_to_be16wu((uint16_t *)(tp->data+css+4), len);
360 if (tp->sum_needed & E1000_TXD_POPTS_TXSM) {
361 // add pseudo-header length before checksum calculation
362 sp = (uint16_t *)(tp->data + tp->tucso);
363 cpu_to_be16wu(sp, be16_to_cpup(sp) + len);
368 if (tp->sum_needed & E1000_TXD_POPTS_TXSM)
369 putsum(tp->data, tp->size, tp->tucso, tp->tucss, tp->tucse);
370 if (tp->sum_needed & E1000_TXD_POPTS_IXSM)
371 putsum(tp->data, tp->size, tp->ipcso, tp->ipcss, tp->ipcse);
372 if (tp->vlan_needed) {
373 memmove(tp->vlan, tp->data, 12);
374 memcpy(tp->data + 8, tp->vlan_header, 4);
375 qemu_send_packet(s->vc, tp->vlan, tp->size + 4);
377 qemu_send_packet(s->vc, tp->data, tp->size);
380 n = s->mac_reg[TOTL];
381 if ((s->mac_reg[TOTL] += s->tx.size) < n)
386 process_tx_desc(E1000State *s, struct e1000_tx_desc *dp)
388 uint32_t txd_lower = le32_to_cpu(dp->lower.data);
389 uint32_t dtype = txd_lower & (E1000_TXD_CMD_DEXT | E1000_TXD_DTYP_D);
390 unsigned int split_size = txd_lower & 0xffff, bytes, sz, op;
391 unsigned int msh = 0xfffff, hdr = 0;
393 struct e1000_context_desc *xp = (struct e1000_context_desc *)dp;
394 struct e1000_tx *tp = &s->tx;
396 if (dtype == E1000_TXD_CMD_DEXT) { // context descriptor
397 op = le32_to_cpu(xp->cmd_and_length);
398 tp->ipcss = xp->lower_setup.ip_fields.ipcss;
399 tp->ipcso = xp->lower_setup.ip_fields.ipcso;
400 tp->ipcse = le16_to_cpu(xp->lower_setup.ip_fields.ipcse);
401 tp->tucss = xp->upper_setup.tcp_fields.tucss;
402 tp->tucso = xp->upper_setup.tcp_fields.tucso;
403 tp->tucse = le16_to_cpu(xp->upper_setup.tcp_fields.tucse);
404 tp->paylen = op & 0xfffff;
405 tp->hdr_len = xp->tcp_seg_setup.fields.hdr_len;
406 tp->mss = le16_to_cpu(xp->tcp_seg_setup.fields.mss);
407 tp->ip = (op & E1000_TXD_CMD_IP) ? 1 : 0;
408 tp->tcp = (op & E1000_TXD_CMD_TCP) ? 1 : 0;
409 tp->tse = (op & E1000_TXD_CMD_TSE) ? 1 : 0;
411 if (tp->tucso == 0) { // this is probably wrong
412 DBGOUT(TXSUM, "TCP/UDP: cso 0!\n");
413 tp->tucso = tp->tucss + (tp->tcp ? 16 : 6);
416 } else if (dtype == (E1000_TXD_CMD_DEXT | E1000_TXD_DTYP_D)) {
418 tp->sum_needed = le32_to_cpu(dp->upper.data) >> 8;
419 tp->cptse = ( txd_lower & E1000_TXD_CMD_TSE ) ? 1 : 0;
424 if (vlan_enabled(s) && is_vlan_txd(txd_lower) &&
425 (tp->cptse || txd_lower & E1000_TXD_CMD_EOP)) {
427 cpu_to_be16wu((uint16_t *)(tp->vlan_header),
428 le16_to_cpup((uint16_t *)(s->mac_reg + VET)));
429 cpu_to_be16wu((uint16_t *)(tp->vlan_header + 2),
430 le16_to_cpu(dp->upper.fields.special));
433 addr = le64_to_cpu(dp->buffer_addr);
434 if (tp->tse && tp->cptse) {
439 if (tp->size + bytes > msh)
440 bytes = msh - tp->size;
441 cpu_physical_memory_read(addr, tp->data + tp->size, bytes);
442 if ((sz = tp->size + bytes) >= hdr && tp->size < hdr)
443 memmove(tp->header, tp->data, hdr);
448 memmove(tp->data, tp->header, hdr);
451 } while (split_size -= bytes);
452 } else if (!tp->tse && tp->cptse) {
453 // context descriptor TSE is not set, while data descriptor TSE is set
454 DBGOUT(TXERR, "TCP segmentaion Error\n");
456 cpu_physical_memory_read(addr, tp->data + tp->size, split_size);
457 tp->size += split_size;
460 if (!(txd_lower & E1000_TXD_CMD_EOP))
462 if (!(tp->tse && tp->cptse && tp->size < hdr))
472 txdesc_writeback(target_phys_addr_t base, struct e1000_tx_desc *dp)
474 uint32_t txd_upper, txd_lower = le32_to_cpu(dp->lower.data);
476 if (!(txd_lower & (E1000_TXD_CMD_RS|E1000_TXD_CMD_RPS)))
478 txd_upper = (le32_to_cpu(dp->upper.data) | E1000_TXD_STAT_DD) &
479 ~(E1000_TXD_STAT_EC | E1000_TXD_STAT_LC | E1000_TXD_STAT_TU);
480 dp->upper.data = cpu_to_le32(txd_upper);
481 cpu_physical_memory_write(base + ((char *)&dp->upper - (char *)dp),
482 (void *)&dp->upper, sizeof(dp->upper));
483 return E1000_ICR_TXDW;
487 start_xmit(E1000State *s)
489 target_phys_addr_t base;
490 struct e1000_tx_desc desc;
491 uint32_t tdh_start = s->mac_reg[TDH], cause = E1000_ICS_TXQE;
493 if (!(s->mac_reg[TCTL] & E1000_TCTL_EN)) {
494 DBGOUT(TX, "tx disabled\n");
498 while (s->mac_reg[TDH] != s->mac_reg[TDT]) {
499 base = ((uint64_t)s->mac_reg[TDBAH] << 32) + s->mac_reg[TDBAL] +
500 sizeof(struct e1000_tx_desc) * s->mac_reg[TDH];
501 cpu_physical_memory_read(base, (void *)&desc, sizeof(desc));
503 DBGOUT(TX, "index %d: %p : %x %x\n", s->mac_reg[TDH],
504 (void *)(intptr_t)desc.buffer_addr, desc.lower.data,
507 process_tx_desc(s, &desc);
508 cause |= txdesc_writeback(base, &desc);
510 if (++s->mac_reg[TDH] * sizeof(desc) >= s->mac_reg[TDLEN])
513 * the following could happen only if guest sw assigns
514 * bogus values to TDT/TDLEN.
515 * there's nothing too intelligent we could do about this.
517 if (s->mac_reg[TDH] == tdh_start) {
518 DBGOUT(TXERR, "TDH wraparound @%x, TDT %x, TDLEN %x\n",
519 tdh_start, s->mac_reg[TDT], s->mac_reg[TDLEN]);
523 set_ics(s, 0, cause);
527 receive_filter(E1000State *s, const uint8_t *buf, int size)
529 static uint8_t bcast[] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
530 static int mta_shift[] = {4, 3, 2, 0};
531 uint32_t f, rctl = s->mac_reg[RCTL], ra[2], *rp;
533 if (is_vlan_packet(s, buf) && vlan_rx_filter_enabled(s)) {
534 uint16_t vid = be16_to_cpup((uint16_t *)(buf + 14));
535 uint32_t vfta = le32_to_cpup((uint32_t *)(s->mac_reg + VFTA) +
536 ((vid >> 5) & 0x7f));
537 if ((vfta & (1 << (vid & 0x1f))) == 0)
541 if (rctl & E1000_RCTL_UPE) // promiscuous
544 if ((buf[0] & 1) && (rctl & E1000_RCTL_MPE)) // promiscuous mcast
547 if ((rctl & E1000_RCTL_BAM) && !memcmp(buf, bcast, sizeof bcast))
550 for (rp = s->mac_reg + RA; rp < s->mac_reg + RA + 32; rp += 2) {
551 if (!(rp[1] & E1000_RAH_AV))
553 ra[0] = cpu_to_le32(rp[0]);
554 ra[1] = cpu_to_le32(rp[1]);
555 if (!memcmp(buf, (uint8_t *)ra, 6)) {
557 "unicast match[%d]: %02x:%02x:%02x:%02x:%02x:%02x\n",
558 (int)(rp - s->mac_reg - RA)/2,
559 buf[0], buf[1], buf[2], buf[3], buf[4], buf[5]);
563 DBGOUT(RXFILTER, "unicast mismatch: %02x:%02x:%02x:%02x:%02x:%02x\n",
564 buf[0], buf[1], buf[2], buf[3], buf[4], buf[5]);
566 f = mta_shift[(rctl >> E1000_RCTL_MO_SHIFT) & 3];
567 f = (((buf[5] << 8) | buf[4]) >> f) & 0xfff;
568 if (s->mac_reg[MTA + (f >> 5)] & (1 << (f & 0x1f)))
571 "dropping, inexact filter mismatch: %02x:%02x:%02x:%02x:%02x:%02x MO %d MTA[%d] %x\n",
572 buf[0], buf[1], buf[2], buf[3], buf[4], buf[5],
573 (rctl >> E1000_RCTL_MO_SHIFT) & 3, f >> 5,
574 s->mac_reg[MTA + (f >> 5)]);
580 e1000_set_link_status(VLANClientState *vc)
582 E1000State *s = vc->opaque;
583 uint32_t old_status = s->mac_reg[STATUS];
586 s->mac_reg[STATUS] &= ~E1000_STATUS_LU;
588 s->mac_reg[STATUS] |= E1000_STATUS_LU;
590 if (s->mac_reg[STATUS] != old_status)
591 set_ics(s, 0, E1000_ICR_LSC);
595 e1000_can_receive(void *opaque)
597 E1000State *s = opaque;
599 return (s->mac_reg[RCTL] & E1000_RCTL_EN);
603 e1000_receive(void *opaque, const uint8_t *buf, int size)
605 E1000State *s = opaque;
606 struct e1000_rx_desc desc;
607 target_phys_addr_t base;
610 uint16_t vlan_special = 0;
611 uint8_t vlan_status = 0, vlan_offset = 0;
613 if (!(s->mac_reg[RCTL] & E1000_RCTL_EN))
616 if (size > s->rxbuf_size) {
617 DBGOUT(RX, "packet too large for buffers (%d > %d)\n", size,
622 if (!receive_filter(s, buf, size))
625 if (vlan_enabled(s) && is_vlan_packet(s, buf)) {
626 vlan_special = cpu_to_le16(be16_to_cpup((uint16_t *)(buf + 14)));
627 memmove((void *)(buf + 4), buf, 12);
628 vlan_status = E1000_RXD_STAT_VP;
633 rdh_start = s->mac_reg[RDH];
634 size += 4; // for the header
636 if (s->mac_reg[RDH] == s->mac_reg[RDT] && s->check_rxov) {
637 set_ics(s, 0, E1000_ICS_RXO);
640 base = ((uint64_t)s->mac_reg[RDBAH] << 32) + s->mac_reg[RDBAL] +
641 sizeof(desc) * s->mac_reg[RDH];
642 cpu_physical_memory_read(base, (void *)&desc, sizeof(desc));
643 desc.special = vlan_special;
644 desc.status |= (vlan_status | E1000_RXD_STAT_DD);
645 if (desc.buffer_addr) {
646 cpu_physical_memory_write(le64_to_cpu(desc.buffer_addr),
647 (void *)(buf + vlan_offset), size);
648 desc.length = cpu_to_le16(size);
649 desc.status |= E1000_RXD_STAT_EOP|E1000_RXD_STAT_IXSM;
650 } else // as per intel docs; skip descriptors with null buf addr
651 DBGOUT(RX, "Null RX descriptor!!\n");
652 cpu_physical_memory_write(base, (void *)&desc, sizeof(desc));
654 if (++s->mac_reg[RDH] * sizeof(desc) >= s->mac_reg[RDLEN])
657 /* see comment in start_xmit; same here */
658 if (s->mac_reg[RDH] == rdh_start) {
659 DBGOUT(RXERR, "RDH wraparound @%x, RDT %x, RDLEN %x\n",
660 rdh_start, s->mac_reg[RDT], s->mac_reg[RDLEN]);
661 set_ics(s, 0, E1000_ICS_RXO);
664 } while (desc.buffer_addr == 0);
668 n = s->mac_reg[TORL];
669 if ((s->mac_reg[TORL] += size) < n)
673 if ((rdt = s->mac_reg[RDT]) < s->mac_reg[RDH])
674 rdt += s->mac_reg[RDLEN] / sizeof(desc);
675 if (((rdt - s->mac_reg[RDH]) * sizeof(desc)) <= s->mac_reg[RDLEN] >>
677 n |= E1000_ICS_RXDMT0;
683 mac_readreg(E1000State *s, int index)
685 return s->mac_reg[index];
689 mac_icr_read(E1000State *s, int index)
691 uint32_t ret = s->mac_reg[ICR];
693 DBGOUT(INTERRUPT, "ICR read: %x\n", ret);
694 set_interrupt_cause(s, 0, 0);
699 mac_read_clr4(E1000State *s, int index)
701 uint32_t ret = s->mac_reg[index];
703 s->mac_reg[index] = 0;
708 mac_read_clr8(E1000State *s, int index)
710 uint32_t ret = s->mac_reg[index];
712 s->mac_reg[index] = 0;
713 s->mac_reg[index-1] = 0;
718 mac_writereg(E1000State *s, int index, uint32_t val)
720 s->mac_reg[index] = val;
724 set_rdt(E1000State *s, int index, uint32_t val)
727 s->mac_reg[index] = val & 0xffff;
731 set_16bit(E1000State *s, int index, uint32_t val)
733 s->mac_reg[index] = val & 0xffff;
737 set_dlen(E1000State *s, int index, uint32_t val)
739 s->mac_reg[index] = val & 0xfff80;
743 set_tctl(E1000State *s, int index, uint32_t val)
745 s->mac_reg[index] = val;
746 s->mac_reg[TDT] &= 0xffff;
751 set_icr(E1000State *s, int index, uint32_t val)
753 DBGOUT(INTERRUPT, "set_icr %x\n", val);
754 set_interrupt_cause(s, 0, s->mac_reg[ICR] & ~val);
758 set_imc(E1000State *s, int index, uint32_t val)
760 s->mac_reg[IMS] &= ~val;
765 set_ims(E1000State *s, int index, uint32_t val)
767 s->mac_reg[IMS] |= val;
771 #define getreg(x) [x] = mac_readreg
772 static uint32_t (*macreg_readops[])(E1000State *, int) = {
773 getreg(PBA), getreg(RCTL), getreg(TDH), getreg(TXDCTL),
774 getreg(WUFC), getreg(TDT), getreg(CTRL), getreg(LEDCTL),
775 getreg(MANC), getreg(MDIC), getreg(SWSM), getreg(STATUS),
776 getreg(TORL), getreg(TOTL), getreg(IMS), getreg(TCTL),
777 getreg(RDH), getreg(RDT), getreg(VET),
779 [TOTH] = mac_read_clr8, [TORH] = mac_read_clr8, [GPRC] = mac_read_clr4,
780 [GPTC] = mac_read_clr4, [TPR] = mac_read_clr4, [TPT] = mac_read_clr4,
781 [ICR] = mac_icr_read, [EECD] = get_eecd, [EERD] = flash_eerd_read,
782 [CRCERRS ... MPC] = &mac_readreg,
783 [RA ... RA+31] = &mac_readreg,
784 [MTA ... MTA+127] = &mac_readreg,
785 [VFTA ... VFTA+127] = &mac_readreg,
787 enum { NREADOPS = ARRAY_SIZE(macreg_readops) };
789 #define putreg(x) [x] = mac_writereg
790 static void (*macreg_writeops[])(E1000State *, int, uint32_t) = {
791 putreg(PBA), putreg(EERD), putreg(SWSM), putreg(WUFC),
792 putreg(TDBAL), putreg(TDBAH), putreg(TXDCTL), putreg(RDBAH),
793 putreg(RDBAL), putreg(LEDCTL), putreg(VET),
794 [TDLEN] = set_dlen, [RDLEN] = set_dlen, [TCTL] = set_tctl,
795 [TDT] = set_tctl, [MDIC] = set_mdic, [ICS] = set_ics,
796 [TDH] = set_16bit, [RDH] = set_16bit, [RDT] = set_rdt,
797 [IMC] = set_imc, [IMS] = set_ims, [ICR] = set_icr,
798 [EECD] = set_eecd, [RCTL] = set_rx_control, [CTRL] = set_ctrl,
799 [RA ... RA+31] = &mac_writereg,
800 [MTA ... MTA+127] = &mac_writereg,
801 [VFTA ... VFTA+127] = &mac_writereg,
803 enum { NWRITEOPS = ARRAY_SIZE(macreg_writeops) };
806 e1000_mmio_writel(void *opaque, target_phys_addr_t addr, uint32_t val)
808 E1000State *s = opaque;
809 unsigned int index = (addr & 0x1ffff) >> 2;
811 #ifdef TARGET_WORDS_BIGENDIAN
814 if (index < NWRITEOPS && macreg_writeops[index])
815 macreg_writeops[index](s, index, val);
816 else if (index < NREADOPS && macreg_readops[index])
817 DBGOUT(MMIO, "e1000_mmio_writel RO %x: 0x%04x\n", index<<2, val);
819 DBGOUT(UNKNOWN, "MMIO unknown write addr=0x%08x,val=0x%08x\n",
824 e1000_mmio_writew(void *opaque, target_phys_addr_t addr, uint32_t val)
826 // emulate hw without byte enables: no RMW
827 e1000_mmio_writel(opaque, addr & ~3,
828 (val & 0xffff) << (8*(addr & 3)));
832 e1000_mmio_writeb(void *opaque, target_phys_addr_t addr, uint32_t val)
834 // emulate hw without byte enables: no RMW
835 e1000_mmio_writel(opaque, addr & ~3,
836 (val & 0xff) << (8*(addr & 3)));
840 e1000_mmio_readl(void *opaque, target_phys_addr_t addr)
842 E1000State *s = opaque;
843 unsigned int index = (addr & 0x1ffff) >> 2;
845 if (index < NREADOPS && macreg_readops[index])
847 uint32_t val = macreg_readops[index](s, index);
848 #ifdef TARGET_WORDS_BIGENDIAN
853 DBGOUT(UNKNOWN, "MMIO unknown read addr=0x%08x\n", index<<2);
858 e1000_mmio_readb(void *opaque, target_phys_addr_t addr)
860 return ((e1000_mmio_readl(opaque, addr & ~3)) >>
861 (8 * (addr & 3))) & 0xff;
865 e1000_mmio_readw(void *opaque, target_phys_addr_t addr)
867 return ((e1000_mmio_readl(opaque, addr & ~3)) >>
868 (8 * (addr & 3))) & 0xffff;
871 static const int mac_regtosave[] = {
872 CTRL, EECD, EERD, GPRC, GPTC, ICR, ICS, IMC, IMS,
873 LEDCTL, MANC, MDIC, MPC, PBA, RCTL, RDBAH, RDBAL, RDH,
874 RDLEN, RDT, STATUS, SWSM, TCTL, TDBAH, TDBAL, TDH, TDLEN,
875 TDT, TORH, TORL, TOTH, TOTL, TPR, TPT, TXDCTL, WUFC,
878 enum { MAC_NSAVE = ARRAY_SIZE(mac_regtosave) };
880 static const struct {
883 } mac_regarraystosave[] = { {32, RA}, {128, MTA}, {128, VFTA} };
884 enum { MAC_NARRAYS = ARRAY_SIZE(mac_regarraystosave) };
887 nic_save(QEMUFile *f, void *opaque)
889 E1000State *s = (E1000State *)opaque;
892 pci_device_save(&s->dev, f);
894 qemu_put_be32s(f, &s->rxbuf_size);
895 qemu_put_be32s(f, &s->rxbuf_min_shift);
896 qemu_put_be32s(f, &s->eecd_state.val_in);
897 qemu_put_be16s(f, &s->eecd_state.bitnum_in);
898 qemu_put_be16s(f, &s->eecd_state.bitnum_out);
899 qemu_put_be16s(f, &s->eecd_state.reading);
900 qemu_put_be32s(f, &s->eecd_state.old_eecd);
901 qemu_put_8s(f, &s->tx.ipcss);
902 qemu_put_8s(f, &s->tx.ipcso);
903 qemu_put_be16s(f, &s->tx.ipcse);
904 qemu_put_8s(f, &s->tx.tucss);
905 qemu_put_8s(f, &s->tx.tucso);
906 qemu_put_be16s(f, &s->tx.tucse);
907 qemu_put_be32s(f, &s->tx.paylen);
908 qemu_put_8s(f, &s->tx.hdr_len);
909 qemu_put_be16s(f, &s->tx.mss);
910 qemu_put_be16s(f, &s->tx.size);
911 qemu_put_be16s(f, &s->tx.tso_frames);
912 qemu_put_8s(f, &s->tx.sum_needed);
913 qemu_put_s8s(f, &s->tx.ip);
914 qemu_put_s8s(f, &s->tx.tcp);
915 qemu_put_buffer(f, s->tx.header, sizeof s->tx.header);
916 qemu_put_buffer(f, s->tx.data, sizeof s->tx.data);
917 for (i = 0; i < 64; i++)
918 qemu_put_be16s(f, s->eeprom_data + i);
919 for (i = 0; i < 0x20; i++)
920 qemu_put_be16s(f, s->phy_reg + i);
921 for (i = 0; i < MAC_NSAVE; i++)
922 qemu_put_be32s(f, s->mac_reg + mac_regtosave[i]);
923 for (i = 0; i < MAC_NARRAYS; i++)
924 for (j = 0; j < mac_regarraystosave[i].size; j++)
926 s->mac_reg + mac_regarraystosave[i].array0 + j);
930 nic_load(QEMUFile *f, void *opaque, int version_id)
932 E1000State *s = (E1000State *)opaque;
935 if ((ret = pci_device_load(&s->dev, f)) < 0)
938 qemu_get_sbe32s(f, &i); /* once some unused instance id */
939 qemu_get_be32(f); /* Ignored. Was mmio_base. */
940 qemu_get_be32s(f, &s->rxbuf_size);
941 qemu_get_be32s(f, &s->rxbuf_min_shift);
942 qemu_get_be32s(f, &s->eecd_state.val_in);
943 qemu_get_be16s(f, &s->eecd_state.bitnum_in);
944 qemu_get_be16s(f, &s->eecd_state.bitnum_out);
945 qemu_get_be16s(f, &s->eecd_state.reading);
946 qemu_get_be32s(f, &s->eecd_state.old_eecd);
947 qemu_get_8s(f, &s->tx.ipcss);
948 qemu_get_8s(f, &s->tx.ipcso);
949 qemu_get_be16s(f, &s->tx.ipcse);
950 qemu_get_8s(f, &s->tx.tucss);
951 qemu_get_8s(f, &s->tx.tucso);
952 qemu_get_be16s(f, &s->tx.tucse);
953 qemu_get_be32s(f, &s->tx.paylen);
954 qemu_get_8s(f, &s->tx.hdr_len);
955 qemu_get_be16s(f, &s->tx.mss);
956 qemu_get_be16s(f, &s->tx.size);
957 qemu_get_be16s(f, &s->tx.tso_frames);
958 qemu_get_8s(f, &s->tx.sum_needed);
959 qemu_get_s8s(f, &s->tx.ip);
960 qemu_get_s8s(f, &s->tx.tcp);
961 qemu_get_buffer(f, s->tx.header, sizeof s->tx.header);
962 qemu_get_buffer(f, s->tx.data, sizeof s->tx.data);
963 for (i = 0; i < 64; i++)
964 qemu_get_be16s(f, s->eeprom_data + i);
965 for (i = 0; i < 0x20; i++)
966 qemu_get_be16s(f, s->phy_reg + i);
967 for (i = 0; i < MAC_NSAVE; i++)
968 qemu_get_be32s(f, s->mac_reg + mac_regtosave[i]);
969 for (i = 0; i < MAC_NARRAYS; i++)
970 for (j = 0; j < mac_regarraystosave[i].size; j++)
972 s->mac_reg + mac_regarraystosave[i].array0 + j);
976 static const uint16_t e1000_eeprom_template[64] = {
977 0x0000, 0x0000, 0x0000, 0x0000, 0xffff, 0x0000, 0x0000, 0x0000,
978 0x3000, 0x1000, 0x6403, E1000_DEVID, 0x8086, E1000_DEVID, 0x8086, 0x3040,
979 0x0008, 0x2000, 0x7e14, 0x0048, 0x1000, 0x00d8, 0x0000, 0x2700,
980 0x6cc9, 0x3150, 0x0722, 0x040b, 0x0984, 0x0000, 0xc000, 0x0706,
981 0x1008, 0x0000, 0x0f04, 0x7fff, 0x4d01, 0xffff, 0xffff, 0xffff,
982 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
983 0x0100, 0x4000, 0x121c, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
984 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0x0000,
987 static const uint16_t phy_reg_init[] = {
988 [PHY_CTRL] = 0x1140, [PHY_STATUS] = 0x796d, // link initially up
989 [PHY_ID1] = 0x141, [PHY_ID2] = PHY_ID2_INIT,
990 [PHY_1000T_CTRL] = 0x0e00, [M88E1000_PHY_SPEC_CTRL] = 0x360,
991 [M88E1000_EXT_PHY_SPEC_CTRL] = 0x0d60, [PHY_AUTONEG_ADV] = 0xde1,
992 [PHY_LP_ABILITY] = 0x1e0, [PHY_1000T_STATUS] = 0x3c00,
993 [M88E1000_PHY_SPEC_STATUS] = 0xac00,
996 static const uint32_t mac_reg_init[] = {
999 [CTRL] = E1000_CTRL_SWDPIN2 | E1000_CTRL_SWDPIN0 |
1000 E1000_CTRL_SPD_1000 | E1000_CTRL_SLU,
1001 [STATUS] = 0x80000000 | E1000_STATUS_GIO_MASTER_ENABLE |
1002 E1000_STATUS_ASDV | E1000_STATUS_MTXCKOK |
1003 E1000_STATUS_SPEED_1000 | E1000_STATUS_FD |
1005 [MANC] = E1000_MANC_EN_MNG2HOST | E1000_MANC_RCV_TCO_EN |
1006 E1000_MANC_ARP_EN | E1000_MANC_0298_EN |
1012 static CPUWriteMemoryFunc *e1000_mmio_write[] = {
1013 e1000_mmio_writeb, e1000_mmio_writew, e1000_mmio_writel
1016 static CPUReadMemoryFunc *e1000_mmio_read[] = {
1017 e1000_mmio_readb, e1000_mmio_readw, e1000_mmio_readl
1021 e1000_mmio_map(PCIDevice *pci_dev, int region_num,
1022 uint32_t addr, uint32_t size, int type)
1024 E1000State *d = (E1000State *)pci_dev;
1026 const uint32_t excluded_regs[] = {
1027 E1000_MDIC, E1000_ICR, E1000_ICS, E1000_IMS,
1028 E1000_IMC, E1000_TCTL, E1000_TDT, PNPMMIO_SIZE
1032 DBGOUT(MMIO, "e1000_mmio_map addr=0x%08x 0x%08x\n", addr, size);
1034 cpu_register_physical_memory(addr, PNPMMIO_SIZE, d->mmio_index);
1035 qemu_register_coalesced_mmio(addr, excluded_regs[0]);
1037 for (i = 0; excluded_regs[i] != PNPMMIO_SIZE; i++)
1038 qemu_register_coalesced_mmio(addr + excluded_regs[i] + 4,
1039 excluded_regs[i + 1] -
1040 excluded_regs[i] - 4);
1044 e1000_cleanup(VLANClientState *vc)
1046 E1000State *d = vc->opaque;
1048 unregister_savevm("e1000", d);
1052 pci_e1000_uninit(PCIDevice *dev)
1054 E1000State *d = (E1000State *) dev;
1056 cpu_unregister_io_memory(d->mmio_index);
1061 static void pci_e1000_init(PCIDevice *pci_dev)
1063 E1000State *d = (E1000State *)pci_dev;
1065 uint16_t checksum = 0;
1066 static const char info_str[] = "e1000";
1070 pci_conf = d->dev.config;
1072 pci_config_set_vendor_id(pci_conf, PCI_VENDOR_ID_INTEL);
1073 pci_config_set_device_id(pci_conf, E1000_DEVID);
1074 *(uint16_t *)(pci_conf+0x04) = cpu_to_le16(0x0407);
1075 *(uint16_t *)(pci_conf+0x06) = cpu_to_le16(0x0010);
1076 pci_conf[0x08] = 0x03;
1077 pci_config_set_class(pci_conf, PCI_CLASS_NETWORK_ETHERNET);
1078 pci_conf[0x0c] = 0x10;
1080 pci_conf[0x3d] = 1; // interrupt pin 0
1082 d->mmio_index = cpu_register_io_memory(0, e1000_mmio_read,
1083 e1000_mmio_write, d);
1085 pci_register_io_region((PCIDevice *)d, 0, PNPMMIO_SIZE,
1086 PCI_ADDRESS_SPACE_MEM, e1000_mmio_map);
1088 pci_register_io_region((PCIDevice *)d, 1, IOPORT_SIZE,
1089 PCI_ADDRESS_SPACE_IO, ioport_map);
1091 memmove(d->eeprom_data, e1000_eeprom_template,
1092 sizeof e1000_eeprom_template);
1093 qdev_get_macaddr(&d->dev.qdev, macaddr);
1094 for (i = 0; i < 3; i++)
1095 d->eeprom_data[i] = (macaddr[2*i+1]<<8) | macaddr[2*i];
1096 for (i = 0; i < EEPROM_CHECKSUM_REG; i++)
1097 checksum += d->eeprom_data[i];
1098 checksum = (uint16_t) EEPROM_SUM - checksum;
1099 d->eeprom_data[EEPROM_CHECKSUM_REG] = checksum;
1101 memset(d->phy_reg, 0, sizeof d->phy_reg);
1102 memmove(d->phy_reg, phy_reg_init, sizeof phy_reg_init);
1103 memset(d->mac_reg, 0, sizeof d->mac_reg);
1104 memmove(d->mac_reg, mac_reg_init, sizeof mac_reg_init);
1105 d->rxbuf_min_shift = 1;
1106 memset(&d->tx, 0, sizeof d->tx);
1108 d->vc = qdev_get_vlan_client(&d->dev.qdev,
1109 e1000_can_receive, e1000_receive,
1110 NULL, e1000_cleanup, d);
1111 d->vc->link_status_changed = e1000_set_link_status;
1113 qemu_format_nic_info_str(d->vc, macaddr);
1115 register_savevm(info_str, -1, 2, nic_save, nic_load, d);
1116 d->dev.unregister = pci_e1000_uninit;
1119 static void e1000_register_devices(void)
1121 pci_qdev_register("e1000", sizeof(E1000State), pci_e1000_init);
1124 device_init(e1000_register_devices)
projects / qemu / blob