4 * Nir Peleg, Tutis Systems Ltd. for Qumranet Inc.
5 * Copyright (c) 2008 Qumranet
6 * Based on work done by:
7 * Copyright (c) 2007 Dan Aloni
8 * Copyright (c) 2004 Antony T Curtis
10 * This library is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU Lesser General Public
12 * License as published by the Free Software Foundation; either
13 * version 2 of the License, or (at your option) any later version.
15 * This library is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
18 * Lesser General Public License for more details.
20 * You should have received a copy of the GNU Lesser General Public
21 * License along with this library; if not, write to the Free Software
22 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
36 DEBUG_GENERAL, DEBUG_IO, DEBUG_MMIO, DEBUG_INTERRUPT,
37 DEBUG_RX, DEBUG_TX, DEBUG_MDIC, DEBUG_EEPROM,
38 DEBUG_UNKNOWN, DEBUG_TXSUM, DEBUG_TXERR, DEBUG_RXERR,
39 DEBUG_RXFILTER, DEBUG_NOTYET,
41 #define DBGBIT(x) (1<<DEBUG_##x)
42 static int debugflags = DBGBIT(TXERR) | DBGBIT(GENERAL);
44 #define DBGOUT(what, fmt, params...) do { \
45 if (debugflags & DBGBIT(what)) \
46 fprintf(stderr, "e1000: " fmt, ##params); \
49 #define DBGOUT(what, fmt, params...) do {} while (0)
52 #define IOPORT_SIZE 0x40
53 #define PNPMMIO_SIZE 0x20000
57 * E1000_DEV_ID_82540EM works with Windows and Linux
58 * E1000_DEV_ID_82573L OK with windoze and Linux 2.6.22,
59 * appears to perform better than 82540EM, but breaks with Linux 2.6.18
60 * E1000_DEV_ID_82544GC_COPPER appears to work; not well tested
63 enum { E1000_DEVID = E1000_DEV_ID_82540EM };
66 * May need to specify additional MAC-to-PHY entries --
67 * Intel's Windows driver refuses to initialize unless they match
70 PHY_ID2_INIT = E1000_DEVID == E1000_DEV_ID_82573L ? 0xcc2 :
71 E1000_DEVID == E1000_DEV_ID_82544GC_COPPER ? 0xc30 :
72 /* default to E1000_DEV_ID_82540EM */ 0xc20
75 typedef struct E1000State_st {
82 uint32_t mac_reg[0x8000];
83 uint16_t phy_reg[0x20];
84 uint16_t eeprom_data[64];
87 uint32_t rxbuf_min_shift;
90 unsigned char header[256];
91 unsigned char data[0x10000];
93 unsigned char sum_needed;
107 char cptse; // current packet tse bit
111 uint32_t val_in; // shifted in from guest driver
119 #define defreg(x) x = (E1000_##x>>2)
121 defreg(CTRL), defreg(EECD), defreg(EERD), defreg(GPRC),
122 defreg(GPTC), defreg(ICR), defreg(ICS), defreg(IMC),
123 defreg(IMS), defreg(LEDCTL), defreg(MANC), defreg(MDIC),
124 defreg(MPC), defreg(PBA), defreg(RCTL), defreg(RDBAH),
125 defreg(RDBAL), defreg(RDH), defreg(RDLEN), defreg(RDT),
126 defreg(STATUS), defreg(SWSM), defreg(TCTL), defreg(TDBAH),
127 defreg(TDBAL), defreg(TDH), defreg(TDLEN), defreg(TDT),
128 defreg(TORH), defreg(TORL), defreg(TOTH), defreg(TOTL),
129 defreg(TPR), defreg(TPT), defreg(TXDCTL), defreg(WUFC),
130 defreg(RA), defreg(MTA), defreg(CRCERRS),
133 enum { PHY_R = 1, PHY_W = 2, PHY_RW = PHY_R | PHY_W };
134 static char phy_regcap[0x20] = {
135 [PHY_STATUS] = PHY_R, [M88E1000_EXT_PHY_SPEC_CTRL] = PHY_RW,
136 [PHY_ID1] = PHY_R, [M88E1000_PHY_SPEC_CTRL] = PHY_RW,
137 [PHY_CTRL] = PHY_RW, [PHY_1000T_CTRL] = PHY_RW,
138 [PHY_LP_ABILITY] = PHY_R, [PHY_1000T_STATUS] = PHY_R,
139 [PHY_AUTONEG_ADV] = PHY_RW, [M88E1000_RX_ERR_CNTR] = PHY_R,
140 [PHY_ID2] = PHY_R, [M88E1000_PHY_SPEC_STATUS] = PHY_R
144 ioport_map(PCIDevice *pci_dev, int region_num, uint32_t addr,
145 uint32_t size, int type)
147 DBGOUT(IO, "e1000_ioport_map addr=0x%04x size=0x%08x\n", addr, size);
151 set_interrupt_cause(E1000State *s, int index, uint32_t val)
154 val |= E1000_ICR_INT_ASSERTED;
155 s->mac_reg[ICR] = val;
156 qemu_set_irq(s->dev.irq[0], (s->mac_reg[IMS] & s->mac_reg[ICR]) != 0);
160 set_ics(E1000State *s, int index, uint32_t val)
162 DBGOUT(INTERRUPT, "set_ics %x, ICR %x, IMR %x\n", val, s->mac_reg[ICR],
164 set_interrupt_cause(s, 0, val | s->mac_reg[ICR]);
168 rxbufsize(uint32_t v)
170 v &= E1000_RCTL_BSEX | E1000_RCTL_SZ_16384 | E1000_RCTL_SZ_8192 |
171 E1000_RCTL_SZ_4096 | E1000_RCTL_SZ_2048 | E1000_RCTL_SZ_1024 |
172 E1000_RCTL_SZ_512 | E1000_RCTL_SZ_256;
174 case E1000_RCTL_BSEX | E1000_RCTL_SZ_16384:
176 case E1000_RCTL_BSEX | E1000_RCTL_SZ_8192:
178 case E1000_RCTL_BSEX | E1000_RCTL_SZ_4096:
180 case E1000_RCTL_SZ_1024:
182 case E1000_RCTL_SZ_512:
184 case E1000_RCTL_SZ_256:
191 set_rx_control(E1000State *s, int index, uint32_t val)
193 s->mac_reg[RCTL] = val;
194 s->rxbuf_size = rxbufsize(val);
195 s->rxbuf_min_shift = ((val / E1000_RCTL_RDMTS_QUAT) & 3) + 1;
196 DBGOUT(RX, "RCTL: %d, mac_reg[RCTL] = 0x%x\n", s->mac_reg[RDT],
201 set_mdic(E1000State *s, int index, uint32_t val)
203 uint32_t data = val & E1000_MDIC_DATA_MASK;
204 uint32_t addr = ((val & E1000_MDIC_REG_MASK) >> E1000_MDIC_REG_SHIFT);
206 if ((val & E1000_MDIC_PHY_MASK) >> E1000_MDIC_PHY_SHIFT != 1) // phy #
207 val = s->mac_reg[MDIC] | E1000_MDIC_ERROR;
208 else if (val & E1000_MDIC_OP_READ) {
209 DBGOUT(MDIC, "MDIC read reg 0x%x\n", addr);
210 if (!(phy_regcap[addr] & PHY_R)) {
211 DBGOUT(MDIC, "MDIC read reg %x unhandled\n", addr);
212 val |= E1000_MDIC_ERROR;
214 val = (val ^ data) | s->phy_reg[addr];
215 } else if (val & E1000_MDIC_OP_WRITE) {
216 DBGOUT(MDIC, "MDIC write reg 0x%x, value 0x%x\n", addr, data);
217 if (!(phy_regcap[addr] & PHY_W)) {
218 DBGOUT(MDIC, "MDIC write reg %x unhandled\n", addr);
219 val |= E1000_MDIC_ERROR;
221 s->phy_reg[addr] = data;
223 s->mac_reg[MDIC] = val | E1000_MDIC_READY;
224 set_ics(s, 0, E1000_ICR_MDAC);
228 get_eecd(E1000State *s, int index)
230 uint32_t ret = E1000_EECD_PRES|E1000_EECD_GNT | s->eecd_state.old_eecd;
232 DBGOUT(EEPROM, "reading eeprom bit %d (reading %d)\n",
233 s->eecd_state.bitnum_out, s->eecd_state.reading);
234 if (!s->eecd_state.reading ||
235 ((s->eeprom_data[(s->eecd_state.bitnum_out >> 4) & 0x3f] >>
236 ((s->eecd_state.bitnum_out & 0xf) ^ 0xf))) & 1)
237 ret |= E1000_EECD_DO;
242 set_eecd(E1000State *s, int index, uint32_t val)
244 uint32_t oldval = s->eecd_state.old_eecd;
246 s->eecd_state.old_eecd = val & (E1000_EECD_SK | E1000_EECD_CS |
247 E1000_EECD_DI|E1000_EECD_FWE_MASK|E1000_EECD_REQ);
248 if (!(E1000_EECD_SK & (val ^ oldval))) // no clock edge
250 if (!(E1000_EECD_SK & val)) { // falling edge
251 s->eecd_state.bitnum_out++;
254 if (!(val & E1000_EECD_CS)) { // rising, no CS (EEPROM reset)
255 memset(&s->eecd_state, 0, sizeof s->eecd_state);
258 s->eecd_state.val_in <<= 1;
259 if (val & E1000_EECD_DI)
260 s->eecd_state.val_in |= 1;
261 if (++s->eecd_state.bitnum_in == 9 && !s->eecd_state.reading) {
262 s->eecd_state.bitnum_out = ((s->eecd_state.val_in & 0x3f)<<4)-1;
263 s->eecd_state.reading = (((s->eecd_state.val_in >> 6) & 7) ==
264 EEPROM_READ_OPCODE_MICROWIRE);
266 DBGOUT(EEPROM, "eeprom bitnum in %d out %d, reading %d\n",
267 s->eecd_state.bitnum_in, s->eecd_state.bitnum_out,
268 s->eecd_state.reading);
272 flash_eerd_read(E1000State *s, int x)
274 unsigned int index, r = s->mac_reg[EERD] & ~E1000_EEPROM_RW_REG_START;
276 if ((index = r >> E1000_EEPROM_RW_ADDR_SHIFT) > EEPROM_CHECKSUM_REG)
278 return (s->eeprom_data[index] << E1000_EEPROM_RW_REG_DATA) |
279 E1000_EEPROM_RW_REG_DONE | r;
283 putsum(uint8_t *data, uint32_t n, uint32_t sloc, uint32_t css, uint32_t cse)
290 sum = net_checksum_add(n-css, data+css);
291 cpu_to_be16wu((uint16_t *)(data + sloc),
292 net_checksum_finish(sum));
297 xmit_seg(E1000State *s)
300 unsigned int frames = s->tx.tso_frames, css, sofar, n;
301 struct e1000_tx *tp = &s->tx;
303 if (tp->tse && tp->cptse) {
305 DBGOUT(TXSUM, "frames %d size %d ipcss %d\n",
306 frames, tp->size, css);
307 if (tp->ip) { // IPv4
308 cpu_to_be16wu((uint16_t *)(tp->data+css+2),
310 cpu_to_be16wu((uint16_t *)(tp->data+css+4),
311 be16_to_cpup((uint16_t *)(tp->data+css+4))+frames);
313 cpu_to_be16wu((uint16_t *)(tp->data+css+4),
316 len = tp->size - css;
317 DBGOUT(TXSUM, "tcp %d tucss %d len %d\n", tp->tcp, css, len);
319 sofar = frames * tp->mss;
320 cpu_to_be32wu((uint32_t *)(tp->data+css+4), // seq
321 be32_to_cpupu((uint32_t *)(tp->data+css+4))+sofar);
322 if (tp->paylen - sofar > tp->mss)
323 tp->data[css + 13] &= ~9; // PSH, FIN
325 cpu_to_be16wu((uint16_t *)(tp->data+css+4), len);
326 if (tp->sum_needed & E1000_TXD_POPTS_TXSM) {
327 // add pseudo-header length before checksum calculation
328 sp = (uint16_t *)(tp->data + tp->tucso);
329 cpu_to_be16wu(sp, be16_to_cpup(sp) + len);
334 if (tp->sum_needed & E1000_TXD_POPTS_TXSM)
335 putsum(tp->data, tp->size, tp->tucso, tp->tucss, tp->tucse);
336 if (tp->sum_needed & E1000_TXD_POPTS_IXSM)
337 putsum(tp->data, tp->size, tp->ipcso, tp->ipcss, tp->ipcse);
338 qemu_send_packet(s->vc, tp->data, tp->size);
341 n = s->mac_reg[TOTL];
342 if ((s->mac_reg[TOTL] += s->tx.size) < n)
347 process_tx_desc(E1000State *s, struct e1000_tx_desc *dp)
349 uint32_t txd_lower = le32_to_cpu(dp->lower.data);
350 uint32_t dtype = txd_lower & (E1000_TXD_CMD_DEXT | E1000_TXD_DTYP_D);
351 unsigned int split_size = txd_lower & 0xffff, bytes, sz, op;
352 unsigned int msh = 0xfffff, hdr = 0;
354 struct e1000_context_desc *xp = (struct e1000_context_desc *)dp;
355 struct e1000_tx *tp = &s->tx;
357 if (dtype == E1000_TXD_CMD_DEXT) { // context descriptor
358 op = le32_to_cpu(xp->cmd_and_length);
359 tp->ipcss = xp->lower_setup.ip_fields.ipcss;
360 tp->ipcso = xp->lower_setup.ip_fields.ipcso;
361 tp->ipcse = le16_to_cpu(xp->lower_setup.ip_fields.ipcse);
362 tp->tucss = xp->upper_setup.tcp_fields.tucss;
363 tp->tucso = xp->upper_setup.tcp_fields.tucso;
364 tp->tucse = le16_to_cpu(xp->upper_setup.tcp_fields.tucse);
365 tp->paylen = op & 0xfffff;
366 tp->hdr_len = xp->tcp_seg_setup.fields.hdr_len;
367 tp->mss = le16_to_cpu(xp->tcp_seg_setup.fields.mss);
368 tp->ip = (op & E1000_TXD_CMD_IP) ? 1 : 0;
369 tp->tcp = (op & E1000_TXD_CMD_TCP) ? 1 : 0;
370 tp->tse = (op & E1000_TXD_CMD_TSE) ? 1 : 0;
372 if (tp->tucso == 0) { // this is probably wrong
373 DBGOUT(TXSUM, "TCP/UDP: cso 0!\n");
374 tp->tucso = tp->tucss + (tp->tcp ? 16 : 6);
377 } else if (dtype == (E1000_TXD_CMD_DEXT | E1000_TXD_DTYP_D)) {
379 tp->sum_needed = le32_to_cpu(dp->upper.data) >> 8;
380 tp->cptse = ( txd_lower & E1000_TXD_CMD_TSE ) ? 1 : 0;
385 addr = le64_to_cpu(dp->buffer_addr);
386 if (tp->tse && tp->cptse) {
391 if (tp->size + bytes > msh)
392 bytes = msh - tp->size;
393 cpu_physical_memory_read(addr, tp->data + tp->size, bytes);
394 if ((sz = tp->size + bytes) >= hdr && tp->size < hdr)
395 memmove(tp->header, tp->data, hdr);
400 memmove(tp->data, tp->header, hdr);
403 } while (split_size -= bytes);
404 } else if (!tp->tse && tp->cptse) {
405 // context descriptor TSE is not set, while data descriptor TSE is set
406 DBGOUT(TXERR, "TCP segmentaion Error\n");
408 cpu_physical_memory_read(addr, tp->data + tp->size, split_size);
409 tp->size += split_size;
412 if (!(txd_lower & E1000_TXD_CMD_EOP))
414 if (!(tp->tse && tp->cptse && tp->size < hdr))
423 txdesc_writeback(target_phys_addr_t base, struct e1000_tx_desc *dp)
425 uint32_t txd_upper, txd_lower = le32_to_cpu(dp->lower.data);
427 if (!(txd_lower & (E1000_TXD_CMD_RS|E1000_TXD_CMD_RPS)))
429 txd_upper = (le32_to_cpu(dp->upper.data) | E1000_TXD_STAT_DD) &
430 ~(E1000_TXD_STAT_EC | E1000_TXD_STAT_LC | E1000_TXD_STAT_TU);
431 dp->upper.data = cpu_to_le32(txd_upper);
432 cpu_physical_memory_write(base + ((char *)&dp->upper - (char *)dp),
433 (void *)&dp->upper, sizeof(dp->upper));
434 return E1000_ICR_TXDW;
438 start_xmit(E1000State *s)
440 target_phys_addr_t base;
441 struct e1000_tx_desc desc;
442 uint32_t tdh_start = s->mac_reg[TDH], cause = E1000_ICS_TXQE;
444 if (!(s->mac_reg[TCTL] & E1000_TCTL_EN)) {
445 DBGOUT(TX, "tx disabled\n");
449 while (s->mac_reg[TDH] != s->mac_reg[TDT]) {
450 base = ((uint64_t)s->mac_reg[TDBAH] << 32) + s->mac_reg[TDBAL] +
451 sizeof(struct e1000_tx_desc) * s->mac_reg[TDH];
452 cpu_physical_memory_read(base, (void *)&desc, sizeof(desc));
454 DBGOUT(TX, "index %d: %p : %x %x\n", s->mac_reg[TDH],
455 (void *)(intptr_t)desc.buffer_addr, desc.lower.data,
458 process_tx_desc(s, &desc);
459 cause |= txdesc_writeback(base, &desc);
461 if (++s->mac_reg[TDH] * sizeof(desc) >= s->mac_reg[TDLEN])
464 * the following could happen only if guest sw assigns
465 * bogus values to TDT/TDLEN.
466 * there's nothing too intelligent we could do about this.
468 if (s->mac_reg[TDH] == tdh_start) {
469 DBGOUT(TXERR, "TDH wraparound @%x, TDT %x, TDLEN %x\n",
470 tdh_start, s->mac_reg[TDT], s->mac_reg[TDLEN]);
474 set_ics(s, 0, cause);
478 receive_filter(E1000State *s, const uint8_t *buf, int size)
480 static uint8_t bcast[] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
481 static int mta_shift[] = {4, 3, 2, 0};
482 uint32_t f, rctl = s->mac_reg[RCTL], ra[2], *rp;
484 if (rctl & E1000_RCTL_UPE) // promiscuous
487 if ((buf[0] & 1) && (rctl & E1000_RCTL_MPE)) // promiscuous mcast
490 if ((rctl & E1000_RCTL_BAM) && !memcmp(buf, bcast, sizeof bcast))
493 for (rp = s->mac_reg + RA; rp < s->mac_reg + RA + 32; rp += 2) {
494 if (!(rp[1] & E1000_RAH_AV))
496 ra[0] = cpu_to_le32(rp[0]);
497 ra[1] = cpu_to_le32(rp[1]);
498 if (!memcmp(buf, (uint8_t *)ra, 6)) {
500 "unicast match[%d]: %02x:%02x:%02x:%02x:%02x:%02x\n",
501 (int)(rp - s->mac_reg - RA)/2,
502 buf[0], buf[1], buf[2], buf[3], buf[4], buf[5]);
506 DBGOUT(RXFILTER, "unicast mismatch: %02x:%02x:%02x:%02x:%02x:%02x\n",
507 buf[0], buf[1], buf[2], buf[3], buf[4], buf[5]);
509 f = mta_shift[(rctl >> E1000_RCTL_MO_SHIFT) & 3];
510 f = (((buf[5] << 8) | buf[4]) >> f) & 0xfff;
511 if (s->mac_reg[MTA + (f >> 5)] & (1 << (f & 0x1f)))
514 "dropping, inexact filter mismatch: %02x:%02x:%02x:%02x:%02x:%02x MO %d MTA[%d] %x\n",
515 buf[0], buf[1], buf[2], buf[3], buf[4], buf[5],
516 (rctl >> E1000_RCTL_MO_SHIFT) & 3, f >> 5,
517 s->mac_reg[MTA + (f >> 5)]);
523 e1000_can_receive(void *opaque)
525 E1000State *s = opaque;
527 return (s->mac_reg[RCTL] & E1000_RCTL_EN);
531 e1000_receive(void *opaque, const uint8_t *buf, int size)
533 E1000State *s = opaque;
534 struct e1000_rx_desc desc;
535 target_phys_addr_t base;
539 if (!(s->mac_reg[RCTL] & E1000_RCTL_EN))
542 if (size > s->rxbuf_size) {
543 DBGOUT(RX, "packet too large for buffers (%d > %d)\n", size,
548 if (!receive_filter(s, buf, size))
551 rdh_start = s->mac_reg[RDH];
552 size += 4; // for the header
554 if (s->mac_reg[RDH] == s->mac_reg[RDT] && s->check_rxov) {
555 set_ics(s, 0, E1000_ICS_RXO);
558 base = ((uint64_t)s->mac_reg[RDBAH] << 32) + s->mac_reg[RDBAL] +
559 sizeof(desc) * s->mac_reg[RDH];
560 cpu_physical_memory_read(base, (void *)&desc, sizeof(desc));
561 desc.status |= E1000_RXD_STAT_DD;
562 if (desc.buffer_addr) {
563 cpu_physical_memory_write(le64_to_cpu(desc.buffer_addr),
565 desc.length = cpu_to_le16(size);
566 desc.status |= E1000_RXD_STAT_EOP|E1000_RXD_STAT_IXSM;
567 } else // as per intel docs; skip descriptors with null buf addr
568 DBGOUT(RX, "Null RX descriptor!!\n");
569 cpu_physical_memory_write(base, (void *)&desc, sizeof(desc));
571 if (++s->mac_reg[RDH] * sizeof(desc) >= s->mac_reg[RDLEN])
574 /* see comment in start_xmit; same here */
575 if (s->mac_reg[RDH] == rdh_start) {
576 DBGOUT(RXERR, "RDH wraparound @%x, RDT %x, RDLEN %x\n",
577 rdh_start, s->mac_reg[RDT], s->mac_reg[RDLEN]);
578 set_ics(s, 0, E1000_ICS_RXO);
581 } while (desc.buffer_addr == 0);
585 n = s->mac_reg[TORL];
586 if ((s->mac_reg[TORL] += size) < n)
590 if ((rdt = s->mac_reg[RDT]) < s->mac_reg[RDH])
591 rdt += s->mac_reg[RDLEN] / sizeof(desc);
592 if (((rdt - s->mac_reg[RDH]) * sizeof(desc)) << s->rxbuf_min_shift >=
594 n |= E1000_ICS_RXDMT0;
600 mac_readreg(E1000State *s, int index)
602 return s->mac_reg[index];
606 mac_icr_read(E1000State *s, int index)
608 uint32_t ret = s->mac_reg[ICR];
610 DBGOUT(INTERRUPT, "ICR read: %x\n", ret);
611 set_interrupt_cause(s, 0, 0);
616 mac_read_clr4(E1000State *s, int index)
618 uint32_t ret = s->mac_reg[index];
620 s->mac_reg[index] = 0;
625 mac_read_clr8(E1000State *s, int index)
627 uint32_t ret = s->mac_reg[index];
629 s->mac_reg[index] = 0;
630 s->mac_reg[index-1] = 0;
635 mac_writereg(E1000State *s, int index, uint32_t val)
637 s->mac_reg[index] = val;
641 set_rdt(E1000State *s, int index, uint32_t val)
644 s->mac_reg[index] = val & 0xffff;
648 set_16bit(E1000State *s, int index, uint32_t val)
650 s->mac_reg[index] = val & 0xffff;
654 set_dlen(E1000State *s, int index, uint32_t val)
656 s->mac_reg[index] = val & 0xfff80;
660 set_tctl(E1000State *s, int index, uint32_t val)
662 s->mac_reg[index] = val;
663 s->mac_reg[TDT] &= 0xffff;
668 set_icr(E1000State *s, int index, uint32_t val)
670 DBGOUT(INTERRUPT, "set_icr %x\n", val);
671 set_interrupt_cause(s, 0, s->mac_reg[ICR] & ~val);
675 set_imc(E1000State *s, int index, uint32_t val)
677 s->mac_reg[IMS] &= ~val;
682 set_ims(E1000State *s, int index, uint32_t val)
684 s->mac_reg[IMS] |= val;
688 #define getreg(x) [x] = mac_readreg
689 static uint32_t (*macreg_readops[])(E1000State *, int) = {
690 getreg(PBA), getreg(RCTL), getreg(TDH), getreg(TXDCTL),
691 getreg(WUFC), getreg(TDT), getreg(CTRL), getreg(LEDCTL),
692 getreg(MANC), getreg(MDIC), getreg(SWSM), getreg(STATUS),
693 getreg(TORL), getreg(TOTL), getreg(IMS), getreg(TCTL),
694 getreg(RDH), getreg(RDT),
696 [TOTH] = mac_read_clr8, [TORH] = mac_read_clr8, [GPRC] = mac_read_clr4,
697 [GPTC] = mac_read_clr4, [TPR] = mac_read_clr4, [TPT] = mac_read_clr4,
698 [ICR] = mac_icr_read, [EECD] = get_eecd, [EERD] = flash_eerd_read,
699 [CRCERRS ... MPC] = &mac_readreg,
700 [RA ... RA+31] = &mac_readreg,
701 [MTA ... MTA+127] = &mac_readreg,
703 enum { NREADOPS = sizeof(macreg_readops) / sizeof(*macreg_readops) };
705 #define putreg(x) [x] = mac_writereg
706 static void (*macreg_writeops[])(E1000State *, int, uint32_t) = {
707 putreg(PBA), putreg(EERD), putreg(SWSM), putreg(WUFC),
708 putreg(TDBAL), putreg(TDBAH), putreg(TXDCTL), putreg(RDBAH),
709 putreg(RDBAL), putreg(LEDCTL),
710 [TDLEN] = set_dlen, [RDLEN] = set_dlen, [TCTL] = set_tctl,
711 [TDT] = set_tctl, [MDIC] = set_mdic, [ICS] = set_ics,
712 [TDH] = set_16bit, [RDH] = set_16bit, [RDT] = set_rdt,
713 [IMC] = set_imc, [IMS] = set_ims, [ICR] = set_icr,
714 [EECD] = set_eecd, [RCTL] = set_rx_control,
715 [RA ... RA+31] = &mac_writereg,
716 [MTA ... MTA+127] = &mac_writereg,
718 enum { NWRITEOPS = sizeof(macreg_writeops) / sizeof(*macreg_writeops) };
721 e1000_mmio_writel(void *opaque, target_phys_addr_t addr, uint32_t val)
723 E1000State *s = opaque;
724 unsigned int index = ((addr - s->mmio_base) & 0x1ffff) >> 2;
726 #ifdef TARGET_WORDS_BIGENDIAN
729 if (index < NWRITEOPS && macreg_writeops[index])
730 macreg_writeops[index](s, index, val);
731 else if (index < NREADOPS && macreg_readops[index])
732 DBGOUT(MMIO, "e1000_mmio_writel RO %x: 0x%04x\n", index<<2, val);
734 DBGOUT(UNKNOWN, "MMIO unknown write addr=0x%08x,val=0x%08x\n",
739 e1000_mmio_writew(void *opaque, target_phys_addr_t addr, uint32_t val)
741 // emulate hw without byte enables: no RMW
742 e1000_mmio_writel(opaque, addr & ~3,
743 (val & 0xffff) << (8*(addr & 3)));
747 e1000_mmio_writeb(void *opaque, target_phys_addr_t addr, uint32_t val)
749 // emulate hw without byte enables: no RMW
750 e1000_mmio_writel(opaque, addr & ~3,
751 (val & 0xff) << (8*(addr & 3)));
755 e1000_mmio_readl(void *opaque, target_phys_addr_t addr)
757 E1000State *s = opaque;
758 unsigned int index = ((addr - s->mmio_base) & 0x1ffff) >> 2;
760 if (index < NREADOPS && macreg_readops[index])
762 uint32_t val = macreg_readops[index](s, index);
763 #ifdef TARGET_WORDS_BIGENDIAN
768 DBGOUT(UNKNOWN, "MMIO unknown read addr=0x%08x\n", index<<2);
773 e1000_mmio_readb(void *opaque, target_phys_addr_t addr)
775 return ((e1000_mmio_readl(opaque, addr & ~3)) >>
776 (8 * (addr & 3))) & 0xff;
780 e1000_mmio_readw(void *opaque, target_phys_addr_t addr)
782 return ((e1000_mmio_readl(opaque, addr & ~3)) >>
783 (8 * (addr & 3))) & 0xffff;
786 int mac_regtosave[] = {
787 CTRL, EECD, EERD, GPRC, GPTC, ICR, ICS, IMC, IMS,
788 LEDCTL, MANC, MDIC, MPC, PBA, RCTL, RDBAH, RDBAL, RDH,
789 RDLEN, RDT, STATUS, SWSM, TCTL, TDBAH, TDBAL, TDH, TDLEN,
790 TDT, TORH, TORL, TOTH, TOTL, TPR, TPT, TXDCTL, WUFC,
792 enum { MAC_NSAVE = sizeof mac_regtosave/sizeof *mac_regtosave };
797 } mac_regarraystosave[] = { {32, RA}, {128, MTA} };
798 enum { MAC_NARRAYS = sizeof mac_regarraystosave/sizeof *mac_regarraystosave };
801 nic_save(QEMUFile *f, void *opaque)
803 E1000State *s = (E1000State *)opaque;
806 pci_device_save(&s->dev, f);
807 qemu_put_be32s(f, &s->mmio_base);
808 qemu_put_be32s(f, &s->rxbuf_size);
809 qemu_put_be32s(f, &s->rxbuf_min_shift);
810 qemu_put_be32s(f, &s->eecd_state.val_in);
811 qemu_put_be16s(f, &s->eecd_state.bitnum_in);
812 qemu_put_be16s(f, &s->eecd_state.bitnum_out);
813 qemu_put_be16s(f, &s->eecd_state.reading);
814 qemu_put_be32s(f, &s->eecd_state.old_eecd);
815 qemu_put_8s(f, &s->tx.ipcss);
816 qemu_put_8s(f, &s->tx.ipcso);
817 qemu_put_be16s(f, &s->tx.ipcse);
818 qemu_put_8s(f, &s->tx.tucss);
819 qemu_put_8s(f, &s->tx.tucso);
820 qemu_put_be16s(f, &s->tx.tucse);
821 qemu_put_be32s(f, &s->tx.paylen);
822 qemu_put_8s(f, &s->tx.hdr_len);
823 qemu_put_be16s(f, &s->tx.mss);
824 qemu_put_be16s(f, &s->tx.size);
825 qemu_put_be16s(f, &s->tx.tso_frames);
826 qemu_put_8s(f, &s->tx.sum_needed);
827 qemu_put_s8s(f, &s->tx.ip);
828 qemu_put_s8s(f, &s->tx.tcp);
829 qemu_put_buffer(f, s->tx.header, sizeof s->tx.header);
830 qemu_put_buffer(f, s->tx.data, sizeof s->tx.data);
831 for (i = 0; i < 64; i++)
832 qemu_put_be16s(f, s->eeprom_data + i);
833 for (i = 0; i < 0x20; i++)
834 qemu_put_be16s(f, s->phy_reg + i);
835 for (i = 0; i < MAC_NSAVE; i++)
836 qemu_put_be32s(f, s->mac_reg + mac_regtosave[i]);
837 for (i = 0; i < MAC_NARRAYS; i++)
838 for (j = 0; j < mac_regarraystosave[i].size; j++)
840 s->mac_reg + mac_regarraystosave[i].array0 + j);
844 nic_load(QEMUFile *f, void *opaque, int version_id)
846 E1000State *s = (E1000State *)opaque;
849 if ((ret = pci_device_load(&s->dev, f)) < 0)
852 qemu_get_sbe32s(f, &i); /* once some unused instance id */
853 qemu_get_be32s(f, &s->mmio_base);
854 qemu_get_be32s(f, &s->rxbuf_size);
855 qemu_get_be32s(f, &s->rxbuf_min_shift);
856 qemu_get_be32s(f, &s->eecd_state.val_in);
857 qemu_get_be16s(f, &s->eecd_state.bitnum_in);
858 qemu_get_be16s(f, &s->eecd_state.bitnum_out);
859 qemu_get_be16s(f, &s->eecd_state.reading);
860 qemu_get_be32s(f, &s->eecd_state.old_eecd);
861 qemu_get_8s(f, &s->tx.ipcss);
862 qemu_get_8s(f, &s->tx.ipcso);
863 qemu_get_be16s(f, &s->tx.ipcse);
864 qemu_get_8s(f, &s->tx.tucss);
865 qemu_get_8s(f, &s->tx.tucso);
866 qemu_get_be16s(f, &s->tx.tucse);
867 qemu_get_be32s(f, &s->tx.paylen);
868 qemu_get_8s(f, &s->tx.hdr_len);
869 qemu_get_be16s(f, &s->tx.mss);
870 qemu_get_be16s(f, &s->tx.size);
871 qemu_get_be16s(f, &s->tx.tso_frames);
872 qemu_get_8s(f, &s->tx.sum_needed);
873 qemu_get_s8s(f, &s->tx.ip);
874 qemu_get_s8s(f, &s->tx.tcp);
875 qemu_get_buffer(f, s->tx.header, sizeof s->tx.header);
876 qemu_get_buffer(f, s->tx.data, sizeof s->tx.data);
877 for (i = 0; i < 64; i++)
878 qemu_get_be16s(f, s->eeprom_data + i);
879 for (i = 0; i < 0x20; i++)
880 qemu_get_be16s(f, s->phy_reg + i);
881 for (i = 0; i < MAC_NSAVE; i++)
882 qemu_get_be32s(f, s->mac_reg + mac_regtosave[i]);
883 for (i = 0; i < MAC_NARRAYS; i++)
884 for (j = 0; j < mac_regarraystosave[i].size; j++)
886 s->mac_reg + mac_regarraystosave[i].array0 + j);
890 static uint16_t e1000_eeprom_template[64] = {
891 0x0000, 0x0000, 0x0000, 0x0000, 0xffff, 0x0000, 0x0000, 0x0000,
892 0x3000, 0x1000, 0x6403, E1000_DEVID, 0x8086, E1000_DEVID, 0x8086, 0x3040,
893 0x0008, 0x2000, 0x7e14, 0x0048, 0x1000, 0x00d8, 0x0000, 0x2700,
894 0x6cc9, 0x3150, 0x0722, 0x040b, 0x0984, 0x0000, 0xc000, 0x0706,
895 0x1008, 0x0000, 0x0f04, 0x7fff, 0x4d01, 0xffff, 0xffff, 0xffff,
896 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
897 0x0100, 0x4000, 0x121c, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
898 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0x0000,
901 static uint16_t phy_reg_init[] = {
902 [PHY_CTRL] = 0x1140, [PHY_STATUS] = 0x796d, // link initially up
903 [PHY_ID1] = 0x141, [PHY_ID2] = PHY_ID2_INIT,
904 [PHY_1000T_CTRL] = 0x0e00, [M88E1000_PHY_SPEC_CTRL] = 0x360,
905 [M88E1000_EXT_PHY_SPEC_CTRL] = 0x0d60, [PHY_AUTONEG_ADV] = 0xde1,
906 [PHY_LP_ABILITY] = 0x1e0, [PHY_1000T_STATUS] = 0x3c00,
907 [M88E1000_PHY_SPEC_STATUS] = 0xac00,
910 static uint32_t mac_reg_init[] = {
913 [CTRL] = E1000_CTRL_SWDPIN2 | E1000_CTRL_SWDPIN0 |
914 E1000_CTRL_SPD_1000 | E1000_CTRL_SLU,
915 [STATUS] = 0x80000000 | E1000_STATUS_GIO_MASTER_ENABLE |
916 E1000_STATUS_ASDV | E1000_STATUS_MTXCKOK |
917 E1000_STATUS_SPEED_1000 | E1000_STATUS_FD |
919 [MANC] = E1000_MANC_EN_MNG2HOST | E1000_MANC_RCV_TCO_EN |
920 E1000_MANC_ARP_EN | E1000_MANC_0298_EN |
926 static CPUWriteMemoryFunc *e1000_mmio_write[] = {
927 e1000_mmio_writeb, e1000_mmio_writew, e1000_mmio_writel
930 static CPUReadMemoryFunc *e1000_mmio_read[] = {
931 e1000_mmio_readb, e1000_mmio_readw, e1000_mmio_readl
935 e1000_mmio_map(PCIDevice *pci_dev, int region_num,
936 uint32_t addr, uint32_t size, int type)
938 E1000State *d = (E1000State *)pci_dev;
940 DBGOUT(MMIO, "e1000_mmio_map addr=0x%08x 0x%08x\n", addr, size);
943 cpu_register_physical_memory(addr, PNPMMIO_SIZE, d->mmio_index);
947 pci_e1000_init(PCIBus *bus, NICInfo *nd, int devfn)
951 uint16_t checksum = 0;
952 static const char info_str[] = "e1000";
955 d = (E1000State *)pci_register_device(bus, "e1000",
956 sizeof(E1000State), devfn, NULL, NULL);
958 pci_conf = d->dev.config;
959 memset(pci_conf, 0, 256);
961 *(uint16_t *)(pci_conf+0x00) = cpu_to_le16(0x8086);
962 *(uint16_t *)(pci_conf+0x02) = cpu_to_le16(E1000_DEVID);
963 *(uint16_t *)(pci_conf+0x04) = cpu_to_le16(0x0407);
964 *(uint16_t *)(pci_conf+0x06) = cpu_to_le16(0x0010);
965 pci_conf[0x08] = 0x03;
966 pci_conf[0x0a] = 0x00; // ethernet network controller
967 pci_conf[0x0b] = 0x02;
968 pci_conf[0x0c] = 0x10;
970 pci_conf[0x3d] = 1; // interrupt pin 0
972 d->mmio_index = cpu_register_io_memory(0, e1000_mmio_read,
973 e1000_mmio_write, d);
975 pci_register_io_region((PCIDevice *)d, 0, PNPMMIO_SIZE,
976 PCI_ADDRESS_SPACE_MEM, e1000_mmio_map);
978 pci_register_io_region((PCIDevice *)d, 1, IOPORT_SIZE,
979 PCI_ADDRESS_SPACE_IO, ioport_map);
982 memmove(d->eeprom_data, e1000_eeprom_template,
983 sizeof e1000_eeprom_template);
984 for (i = 0; i < 3; i++)
985 d->eeprom_data[i] = (nd->macaddr[2*i+1]<<8) | nd->macaddr[2*i];
986 for (i = 0; i < EEPROM_CHECKSUM_REG; i++)
987 checksum += d->eeprom_data[i];
988 checksum = (uint16_t) EEPROM_SUM - checksum;
989 d->eeprom_data[EEPROM_CHECKSUM_REG] = checksum;
991 memset(d->phy_reg, 0, sizeof d->phy_reg);
992 memmove(d->phy_reg, phy_reg_init, sizeof phy_reg_init);
993 memset(d->mac_reg, 0, sizeof d->mac_reg);
994 memmove(d->mac_reg, mac_reg_init, sizeof mac_reg_init);
995 d->rxbuf_min_shift = 1;
996 memset(&d->tx, 0, sizeof d->tx);
998 d->vc = qemu_new_vlan_client(nd->vlan, e1000_receive,
999 e1000_can_receive, d);
1001 snprintf(d->vc->info_str, sizeof(d->vc->info_str),
1002 "%s macaddr=%02x:%02x:%02x:%02x:%02x:%02x", info_str,
1003 d->nd->macaddr[0], d->nd->macaddr[1], d->nd->macaddr[2],
1004 d->nd->macaddr[3], d->nd->macaddr[4], d->nd->macaddr[5]);
1006 register_savevm(info_str, -1, 2, nic_save, nic_load, d);
projects / qemu / blob