4 * Nir Peleg, Tutis Systems Ltd. for Qumranet Inc.
5 * Copyright (c) 2008 Qumranet
6 * Based on work done by:
7 * Copyright (c) 2007 Dan Aloni
8 * Copyright (c) 2004 Antony T Curtis
10 * This library is free software; you can redistribute it and/or
11 * modify it under the terms of the GNU Lesser General Public
12 * License as published by the Free Software Foundation; either
13 * version 2 of the License, or (at your option) any later version.
15 * This library is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
18 * Lesser General Public License for more details.
20 * You should have received a copy of the GNU Lesser General Public
21 * License along with this library; if not, write to the Free Software
22 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston MA 02110-1301 USA
36 DEBUG_GENERAL, DEBUG_IO, DEBUG_MMIO, DEBUG_INTERRUPT,
37 DEBUG_RX, DEBUG_TX, DEBUG_MDIC, DEBUG_EEPROM,
38 DEBUG_UNKNOWN, DEBUG_TXSUM, DEBUG_TXERR, DEBUG_RXERR,
39 DEBUG_RXFILTER, DEBUG_NOTYET,
41 #define DBGBIT(x) (1<<DEBUG_##x)
42 static int debugflags = DBGBIT(TXERR) | DBGBIT(GENERAL);
44 #define DBGOUT(what, fmt, ...) do { \
45 if (debugflags & DBGBIT(what)) \
46 fprintf(stderr, "e1000: " fmt, ## __VA_ARGS__); \
49 #define DBGOUT(what, fmt, ...) do {} while (0)
52 #define IOPORT_SIZE 0x40
53 #define PNPMMIO_SIZE 0x20000
57 * E1000_DEV_ID_82540EM works with Windows and Linux
58 * E1000_DEV_ID_82573L OK with windoze and Linux 2.6.22,
59 * appears to perform better than 82540EM, but breaks with Linux 2.6.18
60 * E1000_DEV_ID_82544GC_COPPER appears to work; not well tested
63 enum { E1000_DEVID = E1000_DEV_ID_82540EM };
66 * May need to specify additional MAC-to-PHY entries --
67 * Intel's Windows driver refuses to initialize unless they match
70 PHY_ID2_INIT = E1000_DEVID == E1000_DEV_ID_82573L ? 0xcc2 :
71 E1000_DEVID == E1000_DEV_ID_82544GC_COPPER ? 0xc30 :
72 /* default to E1000_DEV_ID_82540EM */ 0xc20
75 typedef struct E1000State_st {
80 uint32_t mac_reg[0x8000];
81 uint16_t phy_reg[0x20];
82 uint16_t eeprom_data[64];
85 uint32_t rxbuf_min_shift;
88 unsigned char header[256];
89 unsigned char vlan_header[4];
90 unsigned char vlan[4];
91 unsigned char data[0x10000];
93 unsigned char sum_needed;
94 unsigned char vlan_needed;
108 char cptse; // current packet tse bit
112 uint32_t val_in; // shifted in from guest driver
120 #define defreg(x) x = (E1000_##x>>2)
122 defreg(CTRL), defreg(EECD), defreg(EERD), defreg(GPRC),
123 defreg(GPTC), defreg(ICR), defreg(ICS), defreg(IMC),
124 defreg(IMS), defreg(LEDCTL), defreg(MANC), defreg(MDIC),
125 defreg(MPC), defreg(PBA), defreg(RCTL), defreg(RDBAH),
126 defreg(RDBAL), defreg(RDH), defreg(RDLEN), defreg(RDT),
127 defreg(STATUS), defreg(SWSM), defreg(TCTL), defreg(TDBAH),
128 defreg(TDBAL), defreg(TDH), defreg(TDLEN), defreg(TDT),
129 defreg(TORH), defreg(TORL), defreg(TOTH), defreg(TOTL),
130 defreg(TPR), defreg(TPT), defreg(TXDCTL), defreg(WUFC),
131 defreg(RA), defreg(MTA), defreg(CRCERRS),defreg(VFTA),
135 enum { PHY_R = 1, PHY_W = 2, PHY_RW = PHY_R | PHY_W };
136 static const char phy_regcap[0x20] = {
137 [PHY_STATUS] = PHY_R, [M88E1000_EXT_PHY_SPEC_CTRL] = PHY_RW,
138 [PHY_ID1] = PHY_R, [M88E1000_PHY_SPEC_CTRL] = PHY_RW,
139 [PHY_CTRL] = PHY_RW, [PHY_1000T_CTRL] = PHY_RW,
140 [PHY_LP_ABILITY] = PHY_R, [PHY_1000T_STATUS] = PHY_R,
141 [PHY_AUTONEG_ADV] = PHY_RW, [M88E1000_RX_ERR_CNTR] = PHY_R,
142 [PHY_ID2] = PHY_R, [M88E1000_PHY_SPEC_STATUS] = PHY_R
146 ioport_map(PCIDevice *pci_dev, int region_num, uint32_t addr,
147 uint32_t size, int type)
149 DBGOUT(IO, "e1000_ioport_map addr=0x%04x size=0x%08x\n", addr, size);
153 set_interrupt_cause(E1000State *s, int index, uint32_t val)
156 val |= E1000_ICR_INT_ASSERTED;
157 s->mac_reg[ICR] = val;
158 qemu_set_irq(s->dev.irq[0], (s->mac_reg[IMS] & s->mac_reg[ICR]) != 0);
162 set_ics(E1000State *s, int index, uint32_t val)
164 DBGOUT(INTERRUPT, "set_ics %x, ICR %x, IMR %x\n", val, s->mac_reg[ICR],
166 set_interrupt_cause(s, 0, val | s->mac_reg[ICR]);
170 rxbufsize(uint32_t v)
172 v &= E1000_RCTL_BSEX | E1000_RCTL_SZ_16384 | E1000_RCTL_SZ_8192 |
173 E1000_RCTL_SZ_4096 | E1000_RCTL_SZ_2048 | E1000_RCTL_SZ_1024 |
174 E1000_RCTL_SZ_512 | E1000_RCTL_SZ_256;
176 case E1000_RCTL_BSEX | E1000_RCTL_SZ_16384:
178 case E1000_RCTL_BSEX | E1000_RCTL_SZ_8192:
180 case E1000_RCTL_BSEX | E1000_RCTL_SZ_4096:
182 case E1000_RCTL_SZ_1024:
184 case E1000_RCTL_SZ_512:
186 case E1000_RCTL_SZ_256:
193 set_rx_control(E1000State *s, int index, uint32_t val)
195 s->mac_reg[RCTL] = val;
196 s->rxbuf_size = rxbufsize(val);
197 s->rxbuf_min_shift = ((val / E1000_RCTL_RDMTS_QUAT) & 3) + 1;
198 DBGOUT(RX, "RCTL: %d, mac_reg[RCTL] = 0x%x\n", s->mac_reg[RDT],
203 set_mdic(E1000State *s, int index, uint32_t val)
205 uint32_t data = val & E1000_MDIC_DATA_MASK;
206 uint32_t addr = ((val & E1000_MDIC_REG_MASK) >> E1000_MDIC_REG_SHIFT);
208 if ((val & E1000_MDIC_PHY_MASK) >> E1000_MDIC_PHY_SHIFT != 1) // phy #
209 val = s->mac_reg[MDIC] | E1000_MDIC_ERROR;
210 else if (val & E1000_MDIC_OP_READ) {
211 DBGOUT(MDIC, "MDIC read reg 0x%x\n", addr);
212 if (!(phy_regcap[addr] & PHY_R)) {
213 DBGOUT(MDIC, "MDIC read reg %x unhandled\n", addr);
214 val |= E1000_MDIC_ERROR;
216 val = (val ^ data) | s->phy_reg[addr];
217 } else if (val & E1000_MDIC_OP_WRITE) {
218 DBGOUT(MDIC, "MDIC write reg 0x%x, value 0x%x\n", addr, data);
219 if (!(phy_regcap[addr] & PHY_W)) {
220 DBGOUT(MDIC, "MDIC write reg %x unhandled\n", addr);
221 val |= E1000_MDIC_ERROR;
223 s->phy_reg[addr] = data;
225 s->mac_reg[MDIC] = val | E1000_MDIC_READY;
226 set_ics(s, 0, E1000_ICR_MDAC);
230 get_eecd(E1000State *s, int index)
232 uint32_t ret = E1000_EECD_PRES|E1000_EECD_GNT | s->eecd_state.old_eecd;
234 DBGOUT(EEPROM, "reading eeprom bit %d (reading %d)\n",
235 s->eecd_state.bitnum_out, s->eecd_state.reading);
236 if (!s->eecd_state.reading ||
237 ((s->eeprom_data[(s->eecd_state.bitnum_out >> 4) & 0x3f] >>
238 ((s->eecd_state.bitnum_out & 0xf) ^ 0xf))) & 1)
239 ret |= E1000_EECD_DO;
244 set_eecd(E1000State *s, int index, uint32_t val)
246 uint32_t oldval = s->eecd_state.old_eecd;
248 s->eecd_state.old_eecd = val & (E1000_EECD_SK | E1000_EECD_CS |
249 E1000_EECD_DI|E1000_EECD_FWE_MASK|E1000_EECD_REQ);
250 if (!(E1000_EECD_SK & (val ^ oldval))) // no clock edge
252 if (!(E1000_EECD_SK & val)) { // falling edge
253 s->eecd_state.bitnum_out++;
256 if (!(val & E1000_EECD_CS)) { // rising, no CS (EEPROM reset)
257 memset(&s->eecd_state, 0, sizeof s->eecd_state);
260 s->eecd_state.val_in <<= 1;
261 if (val & E1000_EECD_DI)
262 s->eecd_state.val_in |= 1;
263 if (++s->eecd_state.bitnum_in == 9 && !s->eecd_state.reading) {
264 s->eecd_state.bitnum_out = ((s->eecd_state.val_in & 0x3f)<<4)-1;
265 s->eecd_state.reading = (((s->eecd_state.val_in >> 6) & 7) ==
266 EEPROM_READ_OPCODE_MICROWIRE);
268 DBGOUT(EEPROM, "eeprom bitnum in %d out %d, reading %d\n",
269 s->eecd_state.bitnum_in, s->eecd_state.bitnum_out,
270 s->eecd_state.reading);
274 flash_eerd_read(E1000State *s, int x)
276 unsigned int index, r = s->mac_reg[EERD] & ~E1000_EEPROM_RW_REG_START;
278 if ((index = r >> E1000_EEPROM_RW_ADDR_SHIFT) > EEPROM_CHECKSUM_REG)
280 return (s->eeprom_data[index] << E1000_EEPROM_RW_REG_DATA) |
281 E1000_EEPROM_RW_REG_DONE | r;
285 putsum(uint8_t *data, uint32_t n, uint32_t sloc, uint32_t css, uint32_t cse)
292 sum = net_checksum_add(n-css, data+css);
293 cpu_to_be16wu((uint16_t *)(data + sloc),
294 net_checksum_finish(sum));
299 vlan_enabled(E1000State *s)
301 return ((s->mac_reg[CTRL] & E1000_CTRL_VME) != 0);
305 vlan_rx_filter_enabled(E1000State *s)
307 return ((s->mac_reg[RCTL] & E1000_RCTL_VFE) != 0);
311 is_vlan_packet(E1000State *s, const uint8_t *buf)
313 return (be16_to_cpup((uint16_t *)(buf + 12)) ==
314 le16_to_cpup((uint16_t *)(s->mac_reg + VET)));
318 is_vlan_txd(uint32_t txd_lower)
320 return ((txd_lower & E1000_TXD_CMD_VLE) != 0);
324 xmit_seg(E1000State *s)
327 unsigned int frames = s->tx.tso_frames, css, sofar, n;
328 struct e1000_tx *tp = &s->tx;
330 if (tp->tse && tp->cptse) {
332 DBGOUT(TXSUM, "frames %d size %d ipcss %d\n",
333 frames, tp->size, css);
334 if (tp->ip) { // IPv4
335 cpu_to_be16wu((uint16_t *)(tp->data+css+2),
337 cpu_to_be16wu((uint16_t *)(tp->data+css+4),
338 be16_to_cpup((uint16_t *)(tp->data+css+4))+frames);
340 cpu_to_be16wu((uint16_t *)(tp->data+css+4),
343 len = tp->size - css;
344 DBGOUT(TXSUM, "tcp %d tucss %d len %d\n", tp->tcp, css, len);
346 sofar = frames * tp->mss;
347 cpu_to_be32wu((uint32_t *)(tp->data+css+4), // seq
348 be32_to_cpupu((uint32_t *)(tp->data+css+4))+sofar);
349 if (tp->paylen - sofar > tp->mss)
350 tp->data[css + 13] &= ~9; // PSH, FIN
352 cpu_to_be16wu((uint16_t *)(tp->data+css+4), len);
353 if (tp->sum_needed & E1000_TXD_POPTS_TXSM) {
354 // add pseudo-header length before checksum calculation
355 sp = (uint16_t *)(tp->data + tp->tucso);
356 cpu_to_be16wu(sp, be16_to_cpup(sp) + len);
361 if (tp->sum_needed & E1000_TXD_POPTS_TXSM)
362 putsum(tp->data, tp->size, tp->tucso, tp->tucss, tp->tucse);
363 if (tp->sum_needed & E1000_TXD_POPTS_IXSM)
364 putsum(tp->data, tp->size, tp->ipcso, tp->ipcss, tp->ipcse);
365 if (tp->vlan_needed) {
366 memmove(tp->vlan, tp->data, 12);
367 memcpy(tp->data + 8, tp->vlan_header, 4);
368 qemu_send_packet(s->vc, tp->vlan, tp->size + 4);
370 qemu_send_packet(s->vc, tp->data, tp->size);
373 n = s->mac_reg[TOTL];
374 if ((s->mac_reg[TOTL] += s->tx.size) < n)
379 process_tx_desc(E1000State *s, struct e1000_tx_desc *dp)
381 uint32_t txd_lower = le32_to_cpu(dp->lower.data);
382 uint32_t dtype = txd_lower & (E1000_TXD_CMD_DEXT | E1000_TXD_DTYP_D);
383 unsigned int split_size = txd_lower & 0xffff, bytes, sz, op;
384 unsigned int msh = 0xfffff, hdr = 0;
386 struct e1000_context_desc *xp = (struct e1000_context_desc *)dp;
387 struct e1000_tx *tp = &s->tx;
389 if (dtype == E1000_TXD_CMD_DEXT) { // context descriptor
390 op = le32_to_cpu(xp->cmd_and_length);
391 tp->ipcss = xp->lower_setup.ip_fields.ipcss;
392 tp->ipcso = xp->lower_setup.ip_fields.ipcso;
393 tp->ipcse = le16_to_cpu(xp->lower_setup.ip_fields.ipcse);
394 tp->tucss = xp->upper_setup.tcp_fields.tucss;
395 tp->tucso = xp->upper_setup.tcp_fields.tucso;
396 tp->tucse = le16_to_cpu(xp->upper_setup.tcp_fields.tucse);
397 tp->paylen = op & 0xfffff;
398 tp->hdr_len = xp->tcp_seg_setup.fields.hdr_len;
399 tp->mss = le16_to_cpu(xp->tcp_seg_setup.fields.mss);
400 tp->ip = (op & E1000_TXD_CMD_IP) ? 1 : 0;
401 tp->tcp = (op & E1000_TXD_CMD_TCP) ? 1 : 0;
402 tp->tse = (op & E1000_TXD_CMD_TSE) ? 1 : 0;
404 if (tp->tucso == 0) { // this is probably wrong
405 DBGOUT(TXSUM, "TCP/UDP: cso 0!\n");
406 tp->tucso = tp->tucss + (tp->tcp ? 16 : 6);
409 } else if (dtype == (E1000_TXD_CMD_DEXT | E1000_TXD_DTYP_D)) {
411 tp->sum_needed = le32_to_cpu(dp->upper.data) >> 8;
412 tp->cptse = ( txd_lower & E1000_TXD_CMD_TSE ) ? 1 : 0;
417 if (vlan_enabled(s) && is_vlan_txd(txd_lower) &&
418 (tp->cptse || txd_lower & E1000_TXD_CMD_EOP)) {
420 cpu_to_be16wu((uint16_t *)(tp->vlan_header),
421 le16_to_cpup((uint16_t *)(s->mac_reg + VET)));
422 cpu_to_be16wu((uint16_t *)(tp->vlan_header + 2),
423 le16_to_cpu(dp->upper.fields.special));
426 addr = le64_to_cpu(dp->buffer_addr);
427 if (tp->tse && tp->cptse) {
432 if (tp->size + bytes > msh)
433 bytes = msh - tp->size;
434 cpu_physical_memory_read(addr, tp->data + tp->size, bytes);
435 if ((sz = tp->size + bytes) >= hdr && tp->size < hdr)
436 memmove(tp->header, tp->data, hdr);
441 memmove(tp->data, tp->header, hdr);
444 } while (split_size -= bytes);
445 } else if (!tp->tse && tp->cptse) {
446 // context descriptor TSE is not set, while data descriptor TSE is set
447 DBGOUT(TXERR, "TCP segmentaion Error\n");
449 cpu_physical_memory_read(addr, tp->data + tp->size, split_size);
450 tp->size += split_size;
453 if (!(txd_lower & E1000_TXD_CMD_EOP))
455 if (!(tp->tse && tp->cptse && tp->size < hdr))
465 txdesc_writeback(target_phys_addr_t base, struct e1000_tx_desc *dp)
467 uint32_t txd_upper, txd_lower = le32_to_cpu(dp->lower.data);
469 if (!(txd_lower & (E1000_TXD_CMD_RS|E1000_TXD_CMD_RPS)))
471 txd_upper = (le32_to_cpu(dp->upper.data) | E1000_TXD_STAT_DD) &
472 ~(E1000_TXD_STAT_EC | E1000_TXD_STAT_LC | E1000_TXD_STAT_TU);
473 dp->upper.data = cpu_to_le32(txd_upper);
474 cpu_physical_memory_write(base + ((char *)&dp->upper - (char *)dp),
475 (void *)&dp->upper, sizeof(dp->upper));
476 return E1000_ICR_TXDW;
480 start_xmit(E1000State *s)
482 target_phys_addr_t base;
483 struct e1000_tx_desc desc;
484 uint32_t tdh_start = s->mac_reg[TDH], cause = E1000_ICS_TXQE;
486 if (!(s->mac_reg[TCTL] & E1000_TCTL_EN)) {
487 DBGOUT(TX, "tx disabled\n");
491 while (s->mac_reg[TDH] != s->mac_reg[TDT]) {
492 base = ((uint64_t)s->mac_reg[TDBAH] << 32) + s->mac_reg[TDBAL] +
493 sizeof(struct e1000_tx_desc) * s->mac_reg[TDH];
494 cpu_physical_memory_read(base, (void *)&desc, sizeof(desc));
496 DBGOUT(TX, "index %d: %p : %x %x\n", s->mac_reg[TDH],
497 (void *)(intptr_t)desc.buffer_addr, desc.lower.data,
500 process_tx_desc(s, &desc);
501 cause |= txdesc_writeback(base, &desc);
503 if (++s->mac_reg[TDH] * sizeof(desc) >= s->mac_reg[TDLEN])
506 * the following could happen only if guest sw assigns
507 * bogus values to TDT/TDLEN.
508 * there's nothing too intelligent we could do about this.
510 if (s->mac_reg[TDH] == tdh_start) {
511 DBGOUT(TXERR, "TDH wraparound @%x, TDT %x, TDLEN %x\n",
512 tdh_start, s->mac_reg[TDT], s->mac_reg[TDLEN]);
516 set_ics(s, 0, cause);
520 receive_filter(E1000State *s, const uint8_t *buf, int size)
522 static uint8_t bcast[] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
523 static int mta_shift[] = {4, 3, 2, 0};
524 uint32_t f, rctl = s->mac_reg[RCTL], ra[2], *rp;
526 if (is_vlan_packet(s, buf) && vlan_rx_filter_enabled(s)) {
527 uint16_t vid = be16_to_cpup((uint16_t *)(buf + 14));
528 uint32_t vfta = le32_to_cpup((uint32_t *)(s->mac_reg + VFTA) +
529 ((vid >> 5) & 0x7f));
530 if ((vfta & (1 << (vid & 0x1f))) == 0)
534 if (rctl & E1000_RCTL_UPE) // promiscuous
537 if ((buf[0] & 1) && (rctl & E1000_RCTL_MPE)) // promiscuous mcast
540 if ((rctl & E1000_RCTL_BAM) && !memcmp(buf, bcast, sizeof bcast))
543 for (rp = s->mac_reg + RA; rp < s->mac_reg + RA + 32; rp += 2) {
544 if (!(rp[1] & E1000_RAH_AV))
546 ra[0] = cpu_to_le32(rp[0]);
547 ra[1] = cpu_to_le32(rp[1]);
548 if (!memcmp(buf, (uint8_t *)ra, 6)) {
550 "unicast match[%d]: %02x:%02x:%02x:%02x:%02x:%02x\n",
551 (int)(rp - s->mac_reg - RA)/2,
552 buf[0], buf[1], buf[2], buf[3], buf[4], buf[5]);
556 DBGOUT(RXFILTER, "unicast mismatch: %02x:%02x:%02x:%02x:%02x:%02x\n",
557 buf[0], buf[1], buf[2], buf[3], buf[4], buf[5]);
559 f = mta_shift[(rctl >> E1000_RCTL_MO_SHIFT) & 3];
560 f = (((buf[5] << 8) | buf[4]) >> f) & 0xfff;
561 if (s->mac_reg[MTA + (f >> 5)] & (1 << (f & 0x1f)))
564 "dropping, inexact filter mismatch: %02x:%02x:%02x:%02x:%02x:%02x MO %d MTA[%d] %x\n",
565 buf[0], buf[1], buf[2], buf[3], buf[4], buf[5],
566 (rctl >> E1000_RCTL_MO_SHIFT) & 3, f >> 5,
567 s->mac_reg[MTA + (f >> 5)]);
573 e1000_set_link_status(VLANClientState *vc)
575 E1000State *s = vc->opaque;
576 uint32_t old_status = s->mac_reg[STATUS];
579 s->mac_reg[STATUS] &= ~E1000_STATUS_LU;
581 s->mac_reg[STATUS] |= E1000_STATUS_LU;
583 if (s->mac_reg[STATUS] != old_status)
584 set_ics(s, 0, E1000_ICR_LSC);
588 e1000_can_receive(void *opaque)
590 E1000State *s = opaque;
592 return (s->mac_reg[RCTL] & E1000_RCTL_EN);
596 e1000_receive(void *opaque, const uint8_t *buf, int size)
598 E1000State *s = opaque;
599 struct e1000_rx_desc desc;
600 target_phys_addr_t base;
603 uint16_t vlan_special = 0;
604 uint8_t vlan_status = 0, vlan_offset = 0;
606 if (!(s->mac_reg[RCTL] & E1000_RCTL_EN))
609 if (size > s->rxbuf_size) {
610 DBGOUT(RX, "packet too large for buffers (%d > %d)\n", size,
615 if (!receive_filter(s, buf, size))
618 if (vlan_enabled(s) && is_vlan_packet(s, buf)) {
619 vlan_special = cpu_to_le16(be16_to_cpup((uint16_t *)(buf + 14)));
620 memmove((void *)(buf + 4), buf, 12);
621 vlan_status = E1000_RXD_STAT_VP;
626 rdh_start = s->mac_reg[RDH];
627 size += 4; // for the header
629 if (s->mac_reg[RDH] == s->mac_reg[RDT] && s->check_rxov) {
630 set_ics(s, 0, E1000_ICS_RXO);
633 base = ((uint64_t)s->mac_reg[RDBAH] << 32) + s->mac_reg[RDBAL] +
634 sizeof(desc) * s->mac_reg[RDH];
635 cpu_physical_memory_read(base, (void *)&desc, sizeof(desc));
636 desc.special = vlan_special;
637 desc.status |= (vlan_status | E1000_RXD_STAT_DD);
638 if (desc.buffer_addr) {
639 cpu_physical_memory_write(le64_to_cpu(desc.buffer_addr),
640 (void *)(buf + vlan_offset), size);
641 desc.length = cpu_to_le16(size);
642 desc.status |= E1000_RXD_STAT_EOP|E1000_RXD_STAT_IXSM;
643 } else // as per intel docs; skip descriptors with null buf addr
644 DBGOUT(RX, "Null RX descriptor!!\n");
645 cpu_physical_memory_write(base, (void *)&desc, sizeof(desc));
647 if (++s->mac_reg[RDH] * sizeof(desc) >= s->mac_reg[RDLEN])
650 /* see comment in start_xmit; same here */
651 if (s->mac_reg[RDH] == rdh_start) {
652 DBGOUT(RXERR, "RDH wraparound @%x, RDT %x, RDLEN %x\n",
653 rdh_start, s->mac_reg[RDT], s->mac_reg[RDLEN]);
654 set_ics(s, 0, E1000_ICS_RXO);
657 } while (desc.buffer_addr == 0);
661 n = s->mac_reg[TORL];
662 if ((s->mac_reg[TORL] += size) < n)
666 if ((rdt = s->mac_reg[RDT]) < s->mac_reg[RDH])
667 rdt += s->mac_reg[RDLEN] / sizeof(desc);
668 if (((rdt - s->mac_reg[RDH]) * sizeof(desc)) <= s->mac_reg[RDLEN] >>
670 n |= E1000_ICS_RXDMT0;
676 mac_readreg(E1000State *s, int index)
678 return s->mac_reg[index];
682 mac_icr_read(E1000State *s, int index)
684 uint32_t ret = s->mac_reg[ICR];
686 DBGOUT(INTERRUPT, "ICR read: %x\n", ret);
687 set_interrupt_cause(s, 0, 0);
692 mac_read_clr4(E1000State *s, int index)
694 uint32_t ret = s->mac_reg[index];
696 s->mac_reg[index] = 0;
701 mac_read_clr8(E1000State *s, int index)
703 uint32_t ret = s->mac_reg[index];
705 s->mac_reg[index] = 0;
706 s->mac_reg[index-1] = 0;
711 mac_writereg(E1000State *s, int index, uint32_t val)
713 s->mac_reg[index] = val;
717 set_rdt(E1000State *s, int index, uint32_t val)
720 s->mac_reg[index] = val & 0xffff;
724 set_16bit(E1000State *s, int index, uint32_t val)
726 s->mac_reg[index] = val & 0xffff;
730 set_dlen(E1000State *s, int index, uint32_t val)
732 s->mac_reg[index] = val & 0xfff80;
736 set_tctl(E1000State *s, int index, uint32_t val)
738 s->mac_reg[index] = val;
739 s->mac_reg[TDT] &= 0xffff;
744 set_icr(E1000State *s, int index, uint32_t val)
746 DBGOUT(INTERRUPT, "set_icr %x\n", val);
747 set_interrupt_cause(s, 0, s->mac_reg[ICR] & ~val);
751 set_imc(E1000State *s, int index, uint32_t val)
753 s->mac_reg[IMS] &= ~val;
758 set_ims(E1000State *s, int index, uint32_t val)
760 s->mac_reg[IMS] |= val;
764 #define getreg(x) [x] = mac_readreg
765 static uint32_t (*macreg_readops[])(E1000State *, int) = {
766 getreg(PBA), getreg(RCTL), getreg(TDH), getreg(TXDCTL),
767 getreg(WUFC), getreg(TDT), getreg(CTRL), getreg(LEDCTL),
768 getreg(MANC), getreg(MDIC), getreg(SWSM), getreg(STATUS),
769 getreg(TORL), getreg(TOTL), getreg(IMS), getreg(TCTL),
770 getreg(RDH), getreg(RDT), getreg(VET),
772 [TOTH] = mac_read_clr8, [TORH] = mac_read_clr8, [GPRC] = mac_read_clr4,
773 [GPTC] = mac_read_clr4, [TPR] = mac_read_clr4, [TPT] = mac_read_clr4,
774 [ICR] = mac_icr_read, [EECD] = get_eecd, [EERD] = flash_eerd_read,
775 [CRCERRS ... MPC] = &mac_readreg,
776 [RA ... RA+31] = &mac_readreg,
777 [MTA ... MTA+127] = &mac_readreg,
778 [VFTA ... VFTA+127] = &mac_readreg,
780 enum { NREADOPS = ARRAY_SIZE(macreg_readops) };
782 #define putreg(x) [x] = mac_writereg
783 static void (*macreg_writeops[])(E1000State *, int, uint32_t) = {
784 putreg(PBA), putreg(EERD), putreg(SWSM), putreg(WUFC),
785 putreg(TDBAL), putreg(TDBAH), putreg(TXDCTL), putreg(RDBAH),
786 putreg(RDBAL), putreg(LEDCTL), putreg(CTRL), putreg(VET),
787 [TDLEN] = set_dlen, [RDLEN] = set_dlen, [TCTL] = set_tctl,
788 [TDT] = set_tctl, [MDIC] = set_mdic, [ICS] = set_ics,
789 [TDH] = set_16bit, [RDH] = set_16bit, [RDT] = set_rdt,
790 [IMC] = set_imc, [IMS] = set_ims, [ICR] = set_icr,
791 [EECD] = set_eecd, [RCTL] = set_rx_control,
792 [RA ... RA+31] = &mac_writereg,
793 [MTA ... MTA+127] = &mac_writereg,
794 [VFTA ... VFTA+127] = &mac_writereg,
796 enum { NWRITEOPS = ARRAY_SIZE(macreg_writeops) };
799 e1000_mmio_writel(void *opaque, target_phys_addr_t addr, uint32_t val)
801 E1000State *s = opaque;
802 unsigned int index = (addr & 0x1ffff) >> 2;
804 #ifdef TARGET_WORDS_BIGENDIAN
807 if (index < NWRITEOPS && macreg_writeops[index])
808 macreg_writeops[index](s, index, val);
809 else if (index < NREADOPS && macreg_readops[index])
810 DBGOUT(MMIO, "e1000_mmio_writel RO %x: 0x%04x\n", index<<2, val);
812 DBGOUT(UNKNOWN, "MMIO unknown write addr=0x%08x,val=0x%08x\n",
817 e1000_mmio_writew(void *opaque, target_phys_addr_t addr, uint32_t val)
819 // emulate hw without byte enables: no RMW
820 e1000_mmio_writel(opaque, addr & ~3,
821 (val & 0xffff) << (8*(addr & 3)));
825 e1000_mmio_writeb(void *opaque, target_phys_addr_t addr, uint32_t val)
827 // emulate hw without byte enables: no RMW
828 e1000_mmio_writel(opaque, addr & ~3,
829 (val & 0xff) << (8*(addr & 3)));
833 e1000_mmio_readl(void *opaque, target_phys_addr_t addr)
835 E1000State *s = opaque;
836 unsigned int index = (addr & 0x1ffff) >> 2;
838 if (index < NREADOPS && macreg_readops[index])
840 uint32_t val = macreg_readops[index](s, index);
841 #ifdef TARGET_WORDS_BIGENDIAN
846 DBGOUT(UNKNOWN, "MMIO unknown read addr=0x%08x\n", index<<2);
851 e1000_mmio_readb(void *opaque, target_phys_addr_t addr)
853 return ((e1000_mmio_readl(opaque, addr & ~3)) >>
854 (8 * (addr & 3))) & 0xff;
858 e1000_mmio_readw(void *opaque, target_phys_addr_t addr)
860 return ((e1000_mmio_readl(opaque, addr & ~3)) >>
861 (8 * (addr & 3))) & 0xffff;
864 static const int mac_regtosave[] = {
865 CTRL, EECD, EERD, GPRC, GPTC, ICR, ICS, IMC, IMS,
866 LEDCTL, MANC, MDIC, MPC, PBA, RCTL, RDBAH, RDBAL, RDH,
867 RDLEN, RDT, STATUS, SWSM, TCTL, TDBAH, TDBAL, TDH, TDLEN,
868 TDT, TORH, TORL, TOTH, TOTL, TPR, TPT, TXDCTL, WUFC,
871 enum { MAC_NSAVE = ARRAY_SIZE(mac_regtosave) };
873 static const struct {
876 } mac_regarraystosave[] = { {32, RA}, {128, MTA}, {128, VFTA} };
877 enum { MAC_NARRAYS = ARRAY_SIZE(mac_regarraystosave) };
880 nic_save(QEMUFile *f, void *opaque)
882 E1000State *s = (E1000State *)opaque;
885 pci_device_save(&s->dev, f);
887 qemu_put_be32s(f, &s->rxbuf_size);
888 qemu_put_be32s(f, &s->rxbuf_min_shift);
889 qemu_put_be32s(f, &s->eecd_state.val_in);
890 qemu_put_be16s(f, &s->eecd_state.bitnum_in);
891 qemu_put_be16s(f, &s->eecd_state.bitnum_out);
892 qemu_put_be16s(f, &s->eecd_state.reading);
893 qemu_put_be32s(f, &s->eecd_state.old_eecd);
894 qemu_put_8s(f, &s->tx.ipcss);
895 qemu_put_8s(f, &s->tx.ipcso);
896 qemu_put_be16s(f, &s->tx.ipcse);
897 qemu_put_8s(f, &s->tx.tucss);
898 qemu_put_8s(f, &s->tx.tucso);
899 qemu_put_be16s(f, &s->tx.tucse);
900 qemu_put_be32s(f, &s->tx.paylen);
901 qemu_put_8s(f, &s->tx.hdr_len);
902 qemu_put_be16s(f, &s->tx.mss);
903 qemu_put_be16s(f, &s->tx.size);
904 qemu_put_be16s(f, &s->tx.tso_frames);
905 qemu_put_8s(f, &s->tx.sum_needed);
906 qemu_put_s8s(f, &s->tx.ip);
907 qemu_put_s8s(f, &s->tx.tcp);
908 qemu_put_buffer(f, s->tx.header, sizeof s->tx.header);
909 qemu_put_buffer(f, s->tx.data, sizeof s->tx.data);
910 for (i = 0; i < 64; i++)
911 qemu_put_be16s(f, s->eeprom_data + i);
912 for (i = 0; i < 0x20; i++)
913 qemu_put_be16s(f, s->phy_reg + i);
914 for (i = 0; i < MAC_NSAVE; i++)
915 qemu_put_be32s(f, s->mac_reg + mac_regtosave[i]);
916 for (i = 0; i < MAC_NARRAYS; i++)
917 for (j = 0; j < mac_regarraystosave[i].size; j++)
919 s->mac_reg + mac_regarraystosave[i].array0 + j);
923 nic_load(QEMUFile *f, void *opaque, int version_id)
925 E1000State *s = (E1000State *)opaque;
928 if ((ret = pci_device_load(&s->dev, f)) < 0)
931 qemu_get_sbe32s(f, &i); /* once some unused instance id */
932 qemu_get_be32(f); /* Ignored. Was mmio_base. */
933 qemu_get_be32s(f, &s->rxbuf_size);
934 qemu_get_be32s(f, &s->rxbuf_min_shift);
935 qemu_get_be32s(f, &s->eecd_state.val_in);
936 qemu_get_be16s(f, &s->eecd_state.bitnum_in);
937 qemu_get_be16s(f, &s->eecd_state.bitnum_out);
938 qemu_get_be16s(f, &s->eecd_state.reading);
939 qemu_get_be32s(f, &s->eecd_state.old_eecd);
940 qemu_get_8s(f, &s->tx.ipcss);
941 qemu_get_8s(f, &s->tx.ipcso);
942 qemu_get_be16s(f, &s->tx.ipcse);
943 qemu_get_8s(f, &s->tx.tucss);
944 qemu_get_8s(f, &s->tx.tucso);
945 qemu_get_be16s(f, &s->tx.tucse);
946 qemu_get_be32s(f, &s->tx.paylen);
947 qemu_get_8s(f, &s->tx.hdr_len);
948 qemu_get_be16s(f, &s->tx.mss);
949 qemu_get_be16s(f, &s->tx.size);
950 qemu_get_be16s(f, &s->tx.tso_frames);
951 qemu_get_8s(f, &s->tx.sum_needed);
952 qemu_get_s8s(f, &s->tx.ip);
953 qemu_get_s8s(f, &s->tx.tcp);
954 qemu_get_buffer(f, s->tx.header, sizeof s->tx.header);
955 qemu_get_buffer(f, s->tx.data, sizeof s->tx.data);
956 for (i = 0; i < 64; i++)
957 qemu_get_be16s(f, s->eeprom_data + i);
958 for (i = 0; i < 0x20; i++)
959 qemu_get_be16s(f, s->phy_reg + i);
960 for (i = 0; i < MAC_NSAVE; i++)
961 qemu_get_be32s(f, s->mac_reg + mac_regtosave[i]);
962 for (i = 0; i < MAC_NARRAYS; i++)
963 for (j = 0; j < mac_regarraystosave[i].size; j++)
965 s->mac_reg + mac_regarraystosave[i].array0 + j);
969 static const uint16_t e1000_eeprom_template[64] = {
970 0x0000, 0x0000, 0x0000, 0x0000, 0xffff, 0x0000, 0x0000, 0x0000,
971 0x3000, 0x1000, 0x6403, E1000_DEVID, 0x8086, E1000_DEVID, 0x8086, 0x3040,
972 0x0008, 0x2000, 0x7e14, 0x0048, 0x1000, 0x00d8, 0x0000, 0x2700,
973 0x6cc9, 0x3150, 0x0722, 0x040b, 0x0984, 0x0000, 0xc000, 0x0706,
974 0x1008, 0x0000, 0x0f04, 0x7fff, 0x4d01, 0xffff, 0xffff, 0xffff,
975 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
976 0x0100, 0x4000, 0x121c, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff,
977 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0xffff, 0x0000,
980 static const uint16_t phy_reg_init[] = {
981 [PHY_CTRL] = 0x1140, [PHY_STATUS] = 0x796d, // link initially up
982 [PHY_ID1] = 0x141, [PHY_ID2] = PHY_ID2_INIT,
983 [PHY_1000T_CTRL] = 0x0e00, [M88E1000_PHY_SPEC_CTRL] = 0x360,
984 [M88E1000_EXT_PHY_SPEC_CTRL] = 0x0d60, [PHY_AUTONEG_ADV] = 0xde1,
985 [PHY_LP_ABILITY] = 0x1e0, [PHY_1000T_STATUS] = 0x3c00,
986 [M88E1000_PHY_SPEC_STATUS] = 0xac00,
989 static const uint32_t mac_reg_init[] = {
992 [CTRL] = E1000_CTRL_SWDPIN2 | E1000_CTRL_SWDPIN0 |
993 E1000_CTRL_SPD_1000 | E1000_CTRL_SLU,
994 [STATUS] = 0x80000000 | E1000_STATUS_GIO_MASTER_ENABLE |
995 E1000_STATUS_ASDV | E1000_STATUS_MTXCKOK |
996 E1000_STATUS_SPEED_1000 | E1000_STATUS_FD |
998 [MANC] = E1000_MANC_EN_MNG2HOST | E1000_MANC_RCV_TCO_EN |
999 E1000_MANC_ARP_EN | E1000_MANC_0298_EN |
1005 static CPUWriteMemoryFunc *e1000_mmio_write[] = {
1006 e1000_mmio_writeb, e1000_mmio_writew, e1000_mmio_writel
1009 static CPUReadMemoryFunc *e1000_mmio_read[] = {
1010 e1000_mmio_readb, e1000_mmio_readw, e1000_mmio_readl
1014 e1000_mmio_map(PCIDevice *pci_dev, int region_num,
1015 uint32_t addr, uint32_t size, int type)
1017 E1000State *d = (E1000State *)pci_dev;
1019 const uint32_t excluded_regs[] = {
1020 E1000_MDIC, E1000_ICR, E1000_ICS, E1000_IMS,
1021 E1000_IMC, E1000_TCTL, E1000_TDT, PNPMMIO_SIZE
1025 DBGOUT(MMIO, "e1000_mmio_map addr=0x%08x 0x%08x\n", addr, size);
1027 cpu_register_physical_memory(addr, PNPMMIO_SIZE, d->mmio_index);
1028 qemu_register_coalesced_mmio(addr, excluded_regs[0]);
1030 for (i = 0; excluded_regs[i] != PNPMMIO_SIZE; i++)
1031 qemu_register_coalesced_mmio(addr + excluded_regs[i] + 4,
1032 excluded_regs[i + 1] -
1033 excluded_regs[i] - 4);
1037 e1000_cleanup(VLANClientState *vc)
1039 E1000State *d = vc->opaque;
1041 unregister_savevm("e1000", d);
1045 pci_e1000_uninit(PCIDevice *dev)
1047 E1000State *d = (E1000State *) dev;
1049 cpu_unregister_io_memory(d->mmio_index);
1054 static void pci_e1000_init(PCIDevice *pci_dev)
1056 E1000State *d = (E1000State *)pci_dev;
1058 uint16_t checksum = 0;
1059 static const char info_str[] = "e1000";
1063 pci_conf = d->dev.config;
1065 pci_config_set_vendor_id(pci_conf, PCI_VENDOR_ID_INTEL);
1066 pci_config_set_device_id(pci_conf, E1000_DEVID);
1067 *(uint16_t *)(pci_conf+0x04) = cpu_to_le16(0x0407);
1068 *(uint16_t *)(pci_conf+0x06) = cpu_to_le16(0x0010);
1069 pci_conf[0x08] = 0x03;
1070 pci_config_set_class(pci_conf, PCI_CLASS_NETWORK_ETHERNET);
1071 pci_conf[0x0c] = 0x10;
1073 pci_conf[0x3d] = 1; // interrupt pin 0
1075 d->mmio_index = cpu_register_io_memory(0, e1000_mmio_read,
1076 e1000_mmio_write, d);
1078 pci_register_io_region((PCIDevice *)d, 0, PNPMMIO_SIZE,
1079 PCI_ADDRESS_SPACE_MEM, e1000_mmio_map);
1081 pci_register_io_region((PCIDevice *)d, 1, IOPORT_SIZE,
1082 PCI_ADDRESS_SPACE_IO, ioport_map);
1084 memmove(d->eeprom_data, e1000_eeprom_template,
1085 sizeof e1000_eeprom_template);
1086 qdev_get_macaddr(&d->dev.qdev, macaddr);
1087 for (i = 0; i < 3; i++)
1088 d->eeprom_data[i] = (macaddr[2*i+1]<<8) | macaddr[2*i];
1089 for (i = 0; i < EEPROM_CHECKSUM_REG; i++)
1090 checksum += d->eeprom_data[i];
1091 checksum = (uint16_t) EEPROM_SUM - checksum;
1092 d->eeprom_data[EEPROM_CHECKSUM_REG] = checksum;
1094 memset(d->phy_reg, 0, sizeof d->phy_reg);
1095 memmove(d->phy_reg, phy_reg_init, sizeof phy_reg_init);
1096 memset(d->mac_reg, 0, sizeof d->mac_reg);
1097 memmove(d->mac_reg, mac_reg_init, sizeof mac_reg_init);
1098 d->rxbuf_min_shift = 1;
1099 memset(&d->tx, 0, sizeof d->tx);
1101 d->vc = qdev_get_vlan_client(&d->dev.qdev,
1102 e1000_receive, e1000_can_receive,
1104 d->vc->link_status_changed = e1000_set_link_status;
1106 qemu_format_nic_info_str(d->vc, macaddr);
1108 register_savevm(info_str, -1, 2, nic_save, nic_load, d);
1109 d->dev.unregister = pci_e1000_uninit;
1112 static void e1000_register_devices(void)
1114 pci_qdev_register("e1000", sizeof(E1000State), pci_e1000_init);
1117 device_init(e1000_register_devices)
projects / qemu / blob