1 /* 2 * SMSC 91C111 Ethernet interface emulation 3 * 4 * Copyright (c) 2005 CodeSourcery, LLC. 5 * Written by Paul Brook 6 * 7 * This code is licensed under the GPL 8 */ 9 10 #include "qemu/osdep.h" 11 #include "hw/sysbus.h" 12 #include "migration/vmstate.h" 13 #include "net/net.h" 14 #include "hw/irq.h" 15 #include "hw/net/smc91c111.h" 16 #include "hw/registerfields.h" 17 #include "hw/qdev-properties.h" 18 #include "qapi/error.h" 19 #include "qemu/log.h" 20 #include "qemu/module.h" 21 #include <zlib.h> /* for crc32 */ 22 #include "qom/object.h" 23 24 /* Number of 2k memory pages available. */ 25 #define NUM_PACKETS 4 26 /* 27 * Maximum size of a data frame, including the leading status word 28 * and byte count fields and the trailing CRC, last data byte 29 * and control byte (per figure 8-1 in the Microchip Technology 30 * LAN91C111 datasheet). 31 */ 32 #define MAX_PACKET_SIZE 2048 33 34 #define TYPE_SMC91C111 "smc91c111" 35 OBJECT_DECLARE_SIMPLE_TYPE(smc91c111_state, SMC91C111) 36 37 struct smc91c111_state { 38 SysBusDevice parent_obj; 39 40 NICState *nic; 41 NICConf conf; 42 uint16_t tcr; 43 uint16_t rcr; 44 uint16_t cr; 45 uint16_t ctr; 46 uint16_t gpr; 47 uint16_t ptr; 48 uint16_t ercv; 49 qemu_irq irq; 50 int bank; 51 int packet_num; 52 int tx_alloc; 53 /* Bitmask of allocated packets. */ 54 int allocated; 55 int tx_fifo_len; 56 int tx_fifo[NUM_PACKETS]; 57 int rx_fifo_len; 58 int rx_fifo[NUM_PACKETS]; 59 int tx_fifo_done_len; 60 int tx_fifo_done[NUM_PACKETS]; 61 /* Packet buffer memory. */ 62 uint8_t data[NUM_PACKETS][MAX_PACKET_SIZE]; 63 uint8_t int_level; 64 uint8_t int_mask; 65 MemoryRegion mmio; 66 }; 67 68 static const VMStateDescription vmstate_smc91c111 = { 69 .name = "smc91c111", 70 .version_id = 1, 71 .minimum_version_id = 1, 72 .fields = (const VMStateField[]) { 73 VMSTATE_UINT16(tcr, smc91c111_state), 74 VMSTATE_UINT16(rcr, smc91c111_state), 75 VMSTATE_UINT16(cr, smc91c111_state), 76 VMSTATE_UINT16(ctr, smc91c111_state), 77 VMSTATE_UINT16(gpr, smc91c111_state), 78 VMSTATE_UINT16(ptr, smc91c111_state), 79 VMSTATE_UINT16(ercv, smc91c111_state), 80 VMSTATE_INT32(bank, smc91c111_state), 81 VMSTATE_INT32(packet_num, smc91c111_state), 82 VMSTATE_INT32(tx_alloc, smc91c111_state), 83 VMSTATE_INT32(allocated, smc91c111_state), 84 VMSTATE_INT32(tx_fifo_len, smc91c111_state), 85 VMSTATE_INT32_ARRAY(tx_fifo, smc91c111_state, NUM_PACKETS), 86 VMSTATE_INT32(rx_fifo_len, smc91c111_state), 87 VMSTATE_INT32_ARRAY(rx_fifo, smc91c111_state, NUM_PACKETS), 88 VMSTATE_INT32(tx_fifo_done_len, smc91c111_state), 89 VMSTATE_INT32_ARRAY(tx_fifo_done, smc91c111_state, NUM_PACKETS), 90 VMSTATE_BUFFER_UNSAFE(data, smc91c111_state, 0, 91 NUM_PACKETS * MAX_PACKET_SIZE), 92 VMSTATE_UINT8(int_level, smc91c111_state), 93 VMSTATE_UINT8(int_mask, smc91c111_state), 94 VMSTATE_END_OF_LIST() 95 } 96 }; 97 98 #define RCR_SOFT_RST 0x8000 99 #define RCR_STRIP_CRC 0x0200 100 #define RCR_RXEN 0x0100 101 102 #define TCR_EPH_LOOP 0x2000 103 #define TCR_NOCRC 0x0100 104 #define TCR_PAD_EN 0x0080 105 #define TCR_FORCOL 0x0004 106 #define TCR_LOOP 0x0002 107 #define TCR_TXEN 0x0001 108 109 #define INT_MD 0x80 110 #define INT_ERCV 0x40 111 #define INT_EPH 0x20 112 #define INT_RX_OVRN 0x10 113 #define INT_ALLOC 0x08 114 #define INT_TX_EMPTY 0x04 115 #define INT_TX 0x02 116 #define INT_RCV 0x01 117 118 #define CTR_AUTO_RELEASE 0x0800 119 #define CTR_RELOAD 0x0002 120 #define CTR_STORE 0x0001 121 122 #define RS_ALGNERR 0x8000 123 #define RS_BRODCAST 0x4000 124 #define RS_BADCRC 0x2000 125 #define RS_ODDFRAME 0x1000 126 #define RS_TOOLONG 0x0800 127 #define RS_TOOSHORT 0x0400 128 #define RS_MULTICAST 0x0001 129 130 FIELD(PTR, PTR, 0, 11) 131 FIELD(PTR, NOT_EMPTY, 11, 1) 132 FIELD(PTR, RESERVED, 12, 1) 133 FIELD(PTR, READ, 13, 1) 134 FIELD(PTR, AUTOINCR, 14, 1) 135 FIELD(PTR, RCV, 15, 1) 136 137 static inline bool packetnum_valid(int packet_num) 138 { 139 return packet_num >= 0 && packet_num < NUM_PACKETS; 140 } 141 142 /* Update interrupt status. */ 143 static void smc91c111_update(smc91c111_state *s) 144 { 145 int level; 146 147 if (s->tx_fifo_len == 0) 148 s->int_level |= INT_TX_EMPTY; 149 if (s->tx_fifo_done_len != 0) 150 s->int_level |= INT_TX; 151 level = (s->int_level & s->int_mask) != 0; 152 qemu_set_irq(s->irq, level); 153 } 154 155 static bool smc91c111_can_receive(smc91c111_state *s) 156 { 157 if ((s->rcr & RCR_RXEN) == 0 || (s->rcr & RCR_SOFT_RST)) { 158 return true; 159 } 160 if (s->allocated == (1 << NUM_PACKETS) - 1 || 161 s->rx_fifo_len == NUM_PACKETS) { 162 return false; 163 } 164 return true; 165 } 166 167 static inline void smc91c111_flush_queued_packets(smc91c111_state *s) 168 { 169 if (smc91c111_can_receive(s)) { 170 qemu_flush_queued_packets(qemu_get_queue(s->nic)); 171 } 172 } 173 174 /* Try to allocate a packet. Returns 0x80 on failure. */ 175 static int smc91c111_allocate_packet(smc91c111_state *s) 176 { 177 int i; 178 if (s->allocated == (1 << NUM_PACKETS) - 1) { 179 return 0x80; 180 } 181 182 for (i = 0; i < NUM_PACKETS; i++) { 183 if ((s->allocated & (1 << i)) == 0) 184 break; 185 } 186 s->allocated |= 1 << i; 187 return i; 188 } 189 190 191 /* Process a pending TX allocate. */ 192 static void smc91c111_tx_alloc(smc91c111_state *s) 193 { 194 s->tx_alloc = smc91c111_allocate_packet(s); 195 if (s->tx_alloc == 0x80) 196 return; 197 s->int_level |= INT_ALLOC; 198 smc91c111_update(s); 199 } 200 201 /* Remove and item from the RX FIFO. */ 202 static void smc91c111_pop_rx_fifo(smc91c111_state *s) 203 { 204 int i; 205 206 if (s->rx_fifo_len == 0) { 207 /* 208 * The datasheet doesn't document what the behaviour is if the 209 * guest tries to pop an empty RX FIFO, and there's no obvious 210 * error status register to report it. Just ignore the attempt. 211 */ 212 return; 213 } 214 215 s->rx_fifo_len--; 216 if (s->rx_fifo_len) { 217 for (i = 0; i < s->rx_fifo_len; i++) 218 s->rx_fifo[i] = s->rx_fifo[i + 1]; 219 s->int_level |= INT_RCV; 220 } else { 221 s->int_level &= ~INT_RCV; 222 } 223 smc91c111_flush_queued_packets(s); 224 smc91c111_update(s); 225 } 226 227 /* Remove an item from the TX completion FIFO. */ 228 static void smc91c111_pop_tx_fifo_done(smc91c111_state *s) 229 { 230 int i; 231 232 if (s->tx_fifo_done_len == 0) 233 return; 234 s->tx_fifo_done_len--; 235 for (i = 0; i < s->tx_fifo_done_len; i++) 236 s->tx_fifo_done[i] = s->tx_fifo_done[i + 1]; 237 } 238 239 /* Release the memory allocated to a packet. */ 240 static void smc91c111_release_packet(smc91c111_state *s, int packet) 241 { 242 if (!packetnum_valid(packet)) { 243 /* 244 * Data sheet doesn't document behaviour in this guest error 245 * case, and there is no error status register to report it. 246 * Log and ignore the attempt. 247 */ 248 qemu_log_mask(LOG_GUEST_ERROR, 249 "smc91c111: attempt to release invalid packet %d\n", 250 packet); 251 return; 252 } 253 s->allocated &= ~(1 << packet); 254 if (s->tx_alloc == 0x80) 255 smc91c111_tx_alloc(s); 256 smc91c111_flush_queued_packets(s); 257 } 258 259 static void smc91c111_complete_tx_packet(smc91c111_state *s, int packetnum) 260 { 261 if (s->ctr & CTR_AUTO_RELEASE) { 262 /* Race? */ 263 smc91c111_release_packet(s, packetnum); 264 } else if (s->tx_fifo_done_len < NUM_PACKETS) { 265 s->tx_fifo_done[s->tx_fifo_done_len++] = packetnum; 266 } 267 } 268 269 /* Flush the TX FIFO. */ 270 static void smc91c111_do_tx(smc91c111_state *s) 271 { 272 int i; 273 int len; 274 int control; 275 int packetnum; 276 uint8_t *p; 277 278 if ((s->tcr & TCR_TXEN) == 0) 279 return; 280 if (s->tx_fifo_len == 0) 281 return; 282 for (i = 0; i < s->tx_fifo_len; i++) { 283 packetnum = s->tx_fifo[i]; 284 /* queue_tx checked the packet number was valid */ 285 assert(packetnum_valid(packetnum)); 286 p = &s->data[packetnum][0]; 287 /* Set status word. */ 288 *(p++) = 0x01; 289 *(p++) = 0x40; 290 len = *(p++); 291 len |= ((int)*(p++)) << 8; 292 if (len > MAX_PACKET_SIZE) { 293 /* 294 * Datasheet doesn't say what to do here, and there is no 295 * relevant tx error condition listed. Log, and drop the packet. 296 */ 297 qemu_log_mask(LOG_GUEST_ERROR, 298 "smc91c111: tx packet with bad length %d, dropping\n", 299 len); 300 smc91c111_complete_tx_packet(s, packetnum); 301 continue; 302 } 303 len -= 6; 304 control = p[len + 1]; 305 if (control & 0x20) 306 len++; 307 /* ??? This overwrites the data following the buffer. 308 Don't know what real hardware does. */ 309 if (len < 64 && (s->tcr & TCR_PAD_EN)) { 310 memset(p + len, 0, 64 - len); 311 len = 64; 312 } 313 #if 0 314 { 315 int add_crc; 316 317 /* The card is supposed to append the CRC to the frame. 318 However none of the other network traffic has the CRC 319 appended. Suspect this is low level ethernet detail we 320 don't need to worry about. */ 321 add_crc = (control & 0x10) || (s->tcr & TCR_NOCRC) == 0; 322 if (add_crc) { 323 uint32_t crc; 324 325 crc = crc32(~0, p, len); 326 memcpy(p + len, &crc, 4); 327 len += 4; 328 } 329 } 330 #endif 331 smc91c111_complete_tx_packet(s, packetnum); 332 qemu_send_packet(qemu_get_queue(s->nic), p, len); 333 } 334 s->tx_fifo_len = 0; 335 smc91c111_update(s); 336 } 337 338 /* Add a packet to the TX FIFO. */ 339 static void smc91c111_queue_tx(smc91c111_state *s, int packet) 340 { 341 if (!packetnum_valid(packet)) { 342 /* 343 * Datasheet doesn't document behaviour in this error case, and 344 * there's no error status register we could report it in. 345 * Log and ignore. 346 */ 347 qemu_log_mask(LOG_GUEST_ERROR, 348 "smc91c111: attempt to queue invalid packet %d\n", 349 packet); 350 return; 351 } 352 if (s->tx_fifo_len == NUM_PACKETS) 353 return; 354 s->tx_fifo[s->tx_fifo_len++] = packet; 355 smc91c111_do_tx(s); 356 } 357 358 static void smc91c111_reset(DeviceState *dev) 359 { 360 smc91c111_state *s = SMC91C111(dev); 361 362 s->bank = 0; 363 s->tx_fifo_len = 0; 364 s->tx_fifo_done_len = 0; 365 s->rx_fifo_len = 0; 366 s->allocated = 0; 367 s->packet_num = 0; 368 s->tx_alloc = 0; 369 s->tcr = 0; 370 s->rcr = 0; 371 s->cr = 0xa0b1; 372 s->ctr = 0x1210; 373 s->ptr = 0; 374 s->ercv = 0x1f; 375 s->int_level = INT_TX_EMPTY; 376 s->int_mask = 0; 377 smc91c111_update(s); 378 } 379 380 #define SET_LOW(name, val) s->name = (s->name & 0xff00) | val 381 #define SET_HIGH(name, val) s->name = (s->name & 0xff) | (val << 8) 382 383 /* 384 * The pointer register's pointer is an 11 bit value (so it exactly 385 * indexes a 2048-byte data frame). Add the specified offset to it, 386 * wrapping around at the 2048 byte mark, and return the resulting 387 * wrapped value. There are flag bits in the top part of the register, 388 * but we can ignore them here as the mask will mask them out. 389 */ 390 static int ptr_reg_add(smc91c111_state *s, int offset) 391 { 392 return (s->ptr + offset) & R_PTR_PTR_MASK; 393 } 394 395 /* 396 * For an access to the Data Register at @offset, return the 397 * required offset into the packet's data frame. This will 398 * perform the pointer register autoincrement if required, and 399 * guarantees to return an in-bounds offset. 400 */ 401 static int data_reg_ptr(smc91c111_state *s, int offset) 402 { 403 int p; 404 405 if (s->ptr & R_PTR_AUTOINCR_MASK) { 406 /* 407 * Autoincrement: use the current pointer value, and 408 * increment the pointer register's pointer field. 409 */ 410 p = FIELD_EX32(s->ptr, PTR, PTR); 411 s->ptr = FIELD_DP32(s->ptr, PTR, PTR, ptr_reg_add(s, 1)); 412 } else { 413 /* 414 * No autoincrement: register offset determines which 415 * byte we're addressing. Setting the pointer to the top 416 * of the data buffer and then using the pointer wrapping 417 * to read the bottom byte of the buffer is not something 418 * sensible guest software will do, but the datasheet 419 * doesn't say what the behaviour is, so we don't forbid it. 420 */ 421 p = ptr_reg_add(s, offset & 3); 422 } 423 return p; 424 } 425 426 static void smc91c111_writeb(void *opaque, hwaddr offset, 427 uint32_t value) 428 { 429 smc91c111_state *s = (smc91c111_state *)opaque; 430 431 offset = offset & 0xf; 432 if (offset == 14) { 433 s->bank = value; 434 return; 435 } 436 if (offset == 15) 437 return; 438 switch (s->bank) { 439 case 0: 440 switch (offset) { 441 case 0: /* TCR */ 442 SET_LOW(tcr, value); 443 return; 444 case 1: 445 SET_HIGH(tcr, value); 446 return; 447 case 4: /* RCR */ 448 SET_LOW(rcr, value); 449 return; 450 case 5: 451 SET_HIGH(rcr, value); 452 if (s->rcr & RCR_SOFT_RST) { 453 smc91c111_reset(DEVICE(s)); 454 } 455 smc91c111_flush_queued_packets(s); 456 return; 457 case 10: case 11: /* RPCR */ 458 /* Ignored */ 459 return; 460 case 12: case 13: /* Reserved */ 461 return; 462 } 463 break; 464 465 case 1: 466 switch (offset) { 467 case 0: /* CONFIG */ 468 SET_LOW(cr, value); 469 return; 470 case 1: 471 SET_HIGH(cr,value); 472 return; 473 case 2: case 3: /* BASE */ 474 case 4: case 5: case 6: case 7: case 8: case 9: /* IA */ 475 /* Not implemented. */ 476 return; 477 case 10: /* General Purpose */ 478 SET_LOW(gpr, value); 479 return; 480 case 11: 481 SET_HIGH(gpr, value); 482 return; 483 case 12: /* Control */ 484 if (value & 1) { 485 qemu_log_mask(LOG_UNIMP, 486 "smc91c111: EEPROM store not implemented\n"); 487 } 488 if (value & 2) { 489 qemu_log_mask(LOG_UNIMP, 490 "smc91c111: EEPROM reload not implemented\n"); 491 } 492 value &= ~3; 493 SET_LOW(ctr, value); 494 return; 495 case 13: 496 SET_HIGH(ctr, value); 497 return; 498 } 499 break; 500 501 case 2: 502 switch (offset) { 503 case 0: /* MMU Command */ 504 switch (value >> 5) { 505 case 0: /* no-op */ 506 break; 507 case 1: /* Allocate for TX. */ 508 s->tx_alloc = 0x80; 509 s->int_level &= ~INT_ALLOC; 510 smc91c111_update(s); 511 smc91c111_tx_alloc(s); 512 break; 513 case 2: /* Reset MMU. */ 514 s->allocated = 0; 515 s->tx_fifo_len = 0; 516 s->tx_fifo_done_len = 0; 517 s->rx_fifo_len = 0; 518 s->tx_alloc = 0; 519 break; 520 case 3: /* Remove from RX FIFO. */ 521 smc91c111_pop_rx_fifo(s); 522 break; 523 case 4: /* Remove from RX FIFO and release. */ 524 if (s->rx_fifo_len > 0) { 525 smc91c111_release_packet(s, s->rx_fifo[0]); 526 } 527 smc91c111_pop_rx_fifo(s); 528 break; 529 case 5: /* Release. */ 530 smc91c111_release_packet(s, s->packet_num); 531 break; 532 case 6: /* Add to TX FIFO. */ 533 smc91c111_queue_tx(s, s->packet_num); 534 break; 535 case 7: /* Reset TX FIFO. */ 536 s->tx_fifo_len = 0; 537 s->tx_fifo_done_len = 0; 538 break; 539 } 540 return; 541 case 1: 542 /* Ignore. */ 543 return; 544 case 2: /* Packet Number Register */ 545 s->packet_num = value; 546 return; 547 case 3: case 4: case 5: 548 /* Should be readonly, but linux writes to them anyway. Ignore. */ 549 return; 550 case 6: /* Pointer */ 551 SET_LOW(ptr, value); 552 return; 553 case 7: 554 SET_HIGH(ptr, value); 555 return; 556 case 8: case 9: case 10: case 11: /* Data */ 557 { 558 int p; 559 int n; 560 561 if (s->ptr & 0x8000) 562 n = s->rx_fifo[0]; 563 else 564 n = s->packet_num; 565 if (!packetnum_valid(n)) { 566 /* Datasheet doesn't document what to do here */ 567 qemu_log_mask(LOG_GUEST_ERROR, 568 "smc91c111: attempt to write data to invalid packet %d\n", 569 n); 570 return; 571 } 572 p = data_reg_ptr(s, offset); 573 s->data[n][p] = value; 574 } 575 return; 576 case 12: /* Interrupt ACK. */ 577 s->int_level &= ~(value & 0xd6); 578 if (value & INT_TX) 579 smc91c111_pop_tx_fifo_done(s); 580 smc91c111_update(s); 581 return; 582 case 13: /* Interrupt mask. */ 583 s->int_mask = value; 584 smc91c111_update(s); 585 return; 586 } 587 break; 588 589 case 3: 590 switch (offset) { 591 case 0: case 1: case 2: case 3: case 4: case 5: case 6: case 7: 592 /* Multicast table. */ 593 /* Not implemented. */ 594 return; 595 case 8: case 9: /* Management Interface. */ 596 /* Not implemented. */ 597 return; 598 case 12: /* Early receive. */ 599 s->ercv = value & 0x1f; 600 return; 601 case 13: 602 /* Ignore. */ 603 return; 604 } 605 break; 606 } 607 qemu_log_mask(LOG_GUEST_ERROR, "smc91c111_write(bank:%d) Illegal register" 608 " 0x%" HWADDR_PRIx " = 0x%x\n", 609 s->bank, offset, value); 610 } 611 612 static uint32_t smc91c111_readb(void *opaque, hwaddr offset) 613 { 614 smc91c111_state *s = (smc91c111_state *)opaque; 615 616 offset = offset & 0xf; 617 if (offset == 14) { 618 return s->bank; 619 } 620 if (offset == 15) 621 return 0x33; 622 switch (s->bank) { 623 case 0: 624 switch (offset) { 625 case 0: /* TCR */ 626 return s->tcr & 0xff; 627 case 1: 628 return s->tcr >> 8; 629 case 2: /* EPH Status */ 630 return 0; 631 case 3: 632 return 0x40; 633 case 4: /* RCR */ 634 return s->rcr & 0xff; 635 case 5: 636 return s->rcr >> 8; 637 case 6: /* Counter */ 638 case 7: 639 /* Not implemented. */ 640 return 0; 641 case 8: /* Memory size. */ 642 return NUM_PACKETS; 643 case 9: /* Free memory available. */ 644 { 645 int i; 646 int n; 647 n = 0; 648 for (i = 0; i < NUM_PACKETS; i++) { 649 if (s->allocated & (1 << i)) 650 n++; 651 } 652 return n; 653 } 654 case 10: case 11: /* RPCR */ 655 /* Not implemented. */ 656 return 0; 657 case 12: case 13: /* Reserved */ 658 return 0; 659 } 660 break; 661 662 case 1: 663 switch (offset) { 664 case 0: /* CONFIG */ 665 return s->cr & 0xff; 666 case 1: 667 return s->cr >> 8; 668 case 2: case 3: /* BASE */ 669 /* Not implemented. */ 670 return 0; 671 case 4: case 5: case 6: case 7: case 8: case 9: /* IA */ 672 return s->conf.macaddr.a[offset - 4]; 673 case 10: /* General Purpose */ 674 return s->gpr & 0xff; 675 case 11: 676 return s->gpr >> 8; 677 case 12: /* Control */ 678 return s->ctr & 0xff; 679 case 13: 680 return s->ctr >> 8; 681 } 682 break; 683 684 case 2: 685 switch (offset) { 686 case 0: case 1: /* MMUCR Busy bit. */ 687 return 0; 688 case 2: /* Packet Number. */ 689 return s->packet_num; 690 case 3: /* Allocation Result. */ 691 return s->tx_alloc; 692 case 4: /* TX FIFO */ 693 if (s->tx_fifo_done_len == 0) 694 return 0x80; 695 else 696 return s->tx_fifo_done[0]; 697 case 5: /* RX FIFO */ 698 if (s->rx_fifo_len == 0) 699 return 0x80; 700 else 701 return s->rx_fifo[0]; 702 case 6: /* Pointer */ 703 return s->ptr & 0xff; 704 case 7: 705 return (s->ptr >> 8) & 0xf7; 706 case 8: case 9: case 10: case 11: /* Data */ 707 { 708 int p; 709 int n; 710 711 if (s->ptr & 0x8000) 712 n = s->rx_fifo[0]; 713 else 714 n = s->packet_num; 715 if (!packetnum_valid(n)) { 716 /* Datasheet doesn't document what to do here */ 717 qemu_log_mask(LOG_GUEST_ERROR, 718 "smc91c111: attempt to read data from invalid packet %d\n", 719 n); 720 return 0; 721 } 722 p = data_reg_ptr(s, offset); 723 return s->data[n][p]; 724 } 725 case 12: /* Interrupt status. */ 726 return s->int_level; 727 case 13: /* Interrupt mask. */ 728 return s->int_mask; 729 } 730 break; 731 732 case 3: 733 switch (offset) { 734 case 0: case 1: case 2: case 3: case 4: case 5: case 6: case 7: 735 /* Multicast table. */ 736 /* Not implemented. */ 737 return 0; 738 case 8: /* Management Interface. */ 739 /* Not implemented. */ 740 return 0x30; 741 case 9: 742 return 0x33; 743 case 10: /* Revision. */ 744 return 0x91; 745 case 11: 746 return 0x33; 747 case 12: 748 return s->ercv; 749 case 13: 750 return 0; 751 } 752 break; 753 } 754 qemu_log_mask(LOG_GUEST_ERROR, "smc91c111_read(bank:%d) Illegal register" 755 " 0x%" HWADDR_PRIx "\n", 756 s->bank, offset); 757 return 0; 758 } 759 760 static uint64_t smc91c111_readfn(void *opaque, hwaddr addr, unsigned size) 761 { 762 int i; 763 uint32_t val = 0; 764 765 for (i = 0; i < size; i++) { 766 val |= smc91c111_readb(opaque, addr + i) << (i * 8); 767 } 768 return val; 769 } 770 771 static void smc91c111_writefn(void *opaque, hwaddr addr, 772 uint64_t value, unsigned size) 773 { 774 int i = 0; 775 776 /* 32-bit writes to offset 0xc only actually write to the bank select 777 * register (offset 0xe), so skip the first two bytes we would write. 778 */ 779 if (addr == 0xc && size == 4) { 780 i += 2; 781 } 782 783 for (; i < size; i++) { 784 smc91c111_writeb(opaque, addr + i, 785 extract32(value, i * 8, 8)); 786 } 787 } 788 789 static bool smc91c111_can_receive_nc(NetClientState *nc) 790 { 791 smc91c111_state *s = qemu_get_nic_opaque(nc); 792 793 return smc91c111_can_receive(s); 794 } 795 796 static ssize_t smc91c111_receive(NetClientState *nc, const uint8_t *buf, size_t size) 797 { 798 smc91c111_state *s = qemu_get_nic_opaque(nc); 799 int status; 800 int packetsize; 801 uint32_t crc; 802 int packetnum; 803 uint8_t *p; 804 805 if ((s->rcr & RCR_RXEN) == 0 || (s->rcr & RCR_SOFT_RST)) 806 return -1; 807 /* Short packets are padded with zeros. Receiving a packet 808 < 64 bytes long is considered an error condition. */ 809 if (size < 64) 810 packetsize = 64; 811 else 812 packetsize = (size & ~1); 813 packetsize += 6; 814 crc = (s->rcr & RCR_STRIP_CRC) == 0; 815 if (crc) 816 packetsize += 4; 817 /* TODO: Flag overrun and receive errors. */ 818 if (packetsize > MAX_PACKET_SIZE) { 819 return -1; 820 } 821 packetnum = smc91c111_allocate_packet(s); 822 if (packetnum == 0x80) 823 return -1; 824 s->rx_fifo[s->rx_fifo_len++] = packetnum; 825 826 /* allocate_packet() will not hand us back an invalid packet number */ 827 assert(packetnum_valid(packetnum)); 828 p = &s->data[packetnum][0]; 829 /* ??? Multicast packets? */ 830 status = 0; 831 if (size > 1518) 832 status |= RS_TOOLONG; 833 if (size & 1) 834 status |= RS_ODDFRAME; 835 *(p++) = status & 0xff; 836 *(p++) = status >> 8; 837 *(p++) = packetsize & 0xff; 838 *(p++) = packetsize >> 8; 839 memcpy(p, buf, size & ~1); 840 p += (size & ~1); 841 /* Pad short packets. */ 842 if (size < 64) { 843 int pad; 844 845 if (size & 1) 846 *(p++) = buf[size - 1]; 847 pad = 64 - size; 848 memset(p, 0, pad); 849 p += pad; 850 size = 64; 851 } 852 /* It's not clear if the CRC should go before or after the last byte in 853 odd sized packets. Linux disables the CRC, so that's no help. 854 The pictures in the documentation show the CRC aligned on a 16-bit 855 boundary before the last odd byte, so that's what we do. */ 856 if (crc) { 857 crc = crc32(~0, buf, size); 858 *(p++) = crc & 0xff; crc >>= 8; 859 *(p++) = crc & 0xff; crc >>= 8; 860 *(p++) = crc & 0xff; crc >>= 8; 861 *(p++) = crc & 0xff; 862 } 863 if (size & 1) { 864 *(p++) = buf[size - 1]; 865 *p = 0x60; 866 } else { 867 *(p++) = 0; 868 *p = 0x40; 869 } 870 /* TODO: Raise early RX interrupt? */ 871 s->int_level |= INT_RCV; 872 smc91c111_update(s); 873 874 return size; 875 } 876 877 static const MemoryRegionOps smc91c111_mem_ops = { 878 /* The special case for 32 bit writes to 0xc means we can't just 879 * set .impl.min/max_access_size to 1, unfortunately 880 */ 881 .read = smc91c111_readfn, 882 .write = smc91c111_writefn, 883 .valid.min_access_size = 1, 884 .valid.max_access_size = 4, 885 .endianness = DEVICE_NATIVE_ENDIAN, 886 }; 887 888 static NetClientInfo net_smc91c111_info = { 889 .type = NET_CLIENT_DRIVER_NIC, 890 .size = sizeof(NICState), 891 .can_receive = smc91c111_can_receive_nc, 892 .receive = smc91c111_receive, 893 }; 894 895 static void smc91c111_realize(DeviceState *dev, Error **errp) 896 { 897 SysBusDevice *sbd = SYS_BUS_DEVICE(dev); 898 smc91c111_state *s = SMC91C111(dev); 899 900 memory_region_init_io(&s->mmio, OBJECT(s), &smc91c111_mem_ops, s, 901 "smc91c111-mmio", 16); 902 sysbus_init_mmio(sbd, &s->mmio); 903 sysbus_init_irq(sbd, &s->irq); 904 qemu_macaddr_default_if_unset(&s->conf.macaddr); 905 s->nic = qemu_new_nic(&net_smc91c111_info, &s->conf, 906 object_get_typename(OBJECT(dev)), dev->id, 907 &dev->mem_reentrancy_guard, s); 908 qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a); 909 /* ??? Save/restore. */ 910 } 911 912 static const Property smc91c111_properties[] = { 913 DEFINE_NIC_PROPERTIES(smc91c111_state, conf), 914 }; 915 916 static void smc91c111_class_init(ObjectClass *klass, void *data) 917 { 918 DeviceClass *dc = DEVICE_CLASS(klass); 919 920 dc->realize = smc91c111_realize; 921 device_class_set_legacy_reset(dc, smc91c111_reset); 922 dc->vmsd = &vmstate_smc91c111; 923 device_class_set_props(dc, smc91c111_properties); 924 } 925 926 static const TypeInfo smc91c111_info = { 927 .name = TYPE_SMC91C111, 928 .parent = TYPE_SYS_BUS_DEVICE, 929 .instance_size = sizeof(smc91c111_state), 930 .class_init = smc91c111_class_init, 931 }; 932 933 static void smc91c111_register_types(void) 934 { 935 type_register_static(&smc91c111_info); 936 } 937 938 /* Legacy helper function. Should go away when machine config files are 939 implemented. */ 940 void smc91c111_init(uint32_t base, qemu_irq irq) 941 { 942 DeviceState *dev; 943 SysBusDevice *s; 944 945 dev = qdev_new(TYPE_SMC91C111); 946 qemu_configure_nic_device(dev, true, NULL); 947 s = SYS_BUS_DEVICE(dev); 948 sysbus_realize_and_unref(s, &error_fatal); 949 sysbus_mmio_map(s, 0, base); 950 sysbus_connect_irq(s, 0, irq); 951 } 952 953 type_init(smc91c111_register_types) 954