1 /* 2 * SMSC 91C111 Ethernet interface emulation 3 * 4 * Copyright (c) 2005 CodeSourcery, LLC. 5 * Written by Paul Brook 6 * 7 * This code is licensed under the GPL 8 */ 9 10 #include "qemu/osdep.h" 11 #include "hw/sysbus.h" 12 #include "migration/vmstate.h" 13 #include "net/net.h" 14 #include "hw/irq.h" 15 #include "hw/net/smc91c111.h" 16 #include "hw/qdev-properties.h" 17 #include "qapi/error.h" 18 #include "qemu/log.h" 19 #include "qemu/module.h" 20 #include <zlib.h> /* for crc32 */ 21 #include "qom/object.h" 22 23 /* Number of 2k memory pages available. */ 24 #define NUM_PACKETS 4 25 /* 26 * Maximum size of a data frame, including the leading status word 27 * and byte count fields and the trailing CRC, last data byte 28 * and control byte (per figure 8-1 in the Microchip Technology 29 * LAN91C111 datasheet). 30 */ 31 #define MAX_PACKET_SIZE 2048 32 33 #define TYPE_SMC91C111 "smc91c111" 34 OBJECT_DECLARE_SIMPLE_TYPE(smc91c111_state, SMC91C111) 35 36 struct smc91c111_state { 37 SysBusDevice parent_obj; 38 39 NICState *nic; 40 NICConf conf; 41 uint16_t tcr; 42 uint16_t rcr; 43 uint16_t cr; 44 uint16_t ctr; 45 uint16_t gpr; 46 uint16_t ptr; 47 uint16_t ercv; 48 qemu_irq irq; 49 int bank; 50 int packet_num; 51 int tx_alloc; 52 /* Bitmask of allocated packets. */ 53 int allocated; 54 int tx_fifo_len; 55 int tx_fifo[NUM_PACKETS]; 56 int rx_fifo_len; 57 int rx_fifo[NUM_PACKETS]; 58 int tx_fifo_done_len; 59 int tx_fifo_done[NUM_PACKETS]; 60 /* Packet buffer memory. */ 61 uint8_t data[NUM_PACKETS][2048]; 62 uint8_t int_level; 63 uint8_t int_mask; 64 MemoryRegion mmio; 65 }; 66 67 static const VMStateDescription vmstate_smc91c111 = { 68 .name = "smc91c111", 69 .version_id = 1, 70 .minimum_version_id = 1, 71 .fields = (const VMStateField[]) { 72 VMSTATE_UINT16(tcr, smc91c111_state), 73 VMSTATE_UINT16(rcr, smc91c111_state), 74 VMSTATE_UINT16(cr, smc91c111_state), 75 VMSTATE_UINT16(ctr, smc91c111_state), 76 VMSTATE_UINT16(gpr, smc91c111_state), 77 VMSTATE_UINT16(ptr, smc91c111_state), 78 VMSTATE_UINT16(ercv, smc91c111_state), 79 VMSTATE_INT32(bank, smc91c111_state), 80 VMSTATE_INT32(packet_num, smc91c111_state), 81 VMSTATE_INT32(tx_alloc, smc91c111_state), 82 VMSTATE_INT32(allocated, smc91c111_state), 83 VMSTATE_INT32(tx_fifo_len, smc91c111_state), 84 VMSTATE_INT32_ARRAY(tx_fifo, smc91c111_state, NUM_PACKETS), 85 VMSTATE_INT32(rx_fifo_len, smc91c111_state), 86 VMSTATE_INT32_ARRAY(rx_fifo, smc91c111_state, NUM_PACKETS), 87 VMSTATE_INT32(tx_fifo_done_len, smc91c111_state), 88 VMSTATE_INT32_ARRAY(tx_fifo_done, smc91c111_state, NUM_PACKETS), 89 VMSTATE_BUFFER_UNSAFE(data, smc91c111_state, 0, NUM_PACKETS * 2048), 90 VMSTATE_UINT8(int_level, smc91c111_state), 91 VMSTATE_UINT8(int_mask, smc91c111_state), 92 VMSTATE_END_OF_LIST() 93 } 94 }; 95 96 #define RCR_SOFT_RST 0x8000 97 #define RCR_STRIP_CRC 0x0200 98 #define RCR_RXEN 0x0100 99 100 #define TCR_EPH_LOOP 0x2000 101 #define TCR_NOCRC 0x0100 102 #define TCR_PAD_EN 0x0080 103 #define TCR_FORCOL 0x0004 104 #define TCR_LOOP 0x0002 105 #define TCR_TXEN 0x0001 106 107 #define INT_MD 0x80 108 #define INT_ERCV 0x40 109 #define INT_EPH 0x20 110 #define INT_RX_OVRN 0x10 111 #define INT_ALLOC 0x08 112 #define INT_TX_EMPTY 0x04 113 #define INT_TX 0x02 114 #define INT_RCV 0x01 115 116 #define CTR_AUTO_RELEASE 0x0800 117 #define CTR_RELOAD 0x0002 118 #define CTR_STORE 0x0001 119 120 #define RS_ALGNERR 0x8000 121 #define RS_BRODCAST 0x4000 122 #define RS_BADCRC 0x2000 123 #define RS_ODDFRAME 0x1000 124 #define RS_TOOLONG 0x0800 125 #define RS_TOOSHORT 0x0400 126 #define RS_MULTICAST 0x0001 127 128 static inline bool packetnum_valid(int packet_num) 129 { 130 return packet_num >= 0 && packet_num < NUM_PACKETS; 131 } 132 133 /* Update interrupt status. */ 134 static void smc91c111_update(smc91c111_state *s) 135 { 136 int level; 137 138 if (s->tx_fifo_len == 0) 139 s->int_level |= INT_TX_EMPTY; 140 if (s->tx_fifo_done_len != 0) 141 s->int_level |= INT_TX; 142 level = (s->int_level & s->int_mask) != 0; 143 qemu_set_irq(s->irq, level); 144 } 145 146 static bool smc91c111_can_receive(smc91c111_state *s) 147 { 148 if ((s->rcr & RCR_RXEN) == 0 || (s->rcr & RCR_SOFT_RST)) { 149 return true; 150 } 151 if (s->allocated == (1 << NUM_PACKETS) - 1 || 152 s->rx_fifo_len == NUM_PACKETS) { 153 return false; 154 } 155 return true; 156 } 157 158 static inline void smc91c111_flush_queued_packets(smc91c111_state *s) 159 { 160 if (smc91c111_can_receive(s)) { 161 qemu_flush_queued_packets(qemu_get_queue(s->nic)); 162 } 163 } 164 165 /* Try to allocate a packet. Returns 0x80 on failure. */ 166 static int smc91c111_allocate_packet(smc91c111_state *s) 167 { 168 int i; 169 if (s->allocated == (1 << NUM_PACKETS) - 1) { 170 return 0x80; 171 } 172 173 for (i = 0; i < NUM_PACKETS; i++) { 174 if ((s->allocated & (1 << i)) == 0) 175 break; 176 } 177 s->allocated |= 1 << i; 178 return i; 179 } 180 181 182 /* Process a pending TX allocate. */ 183 static void smc91c111_tx_alloc(smc91c111_state *s) 184 { 185 s->tx_alloc = smc91c111_allocate_packet(s); 186 if (s->tx_alloc == 0x80) 187 return; 188 s->int_level |= INT_ALLOC; 189 smc91c111_update(s); 190 } 191 192 /* Remove and item from the RX FIFO. */ 193 static void smc91c111_pop_rx_fifo(smc91c111_state *s) 194 { 195 int i; 196 197 if (s->rx_fifo_len == 0) { 198 /* 199 * The datasheet doesn't document what the behaviour is if the 200 * guest tries to pop an empty RX FIFO, and there's no obvious 201 * error status register to report it. Just ignore the attempt. 202 */ 203 return; 204 } 205 206 s->rx_fifo_len--; 207 if (s->rx_fifo_len) { 208 for (i = 0; i < s->rx_fifo_len; i++) 209 s->rx_fifo[i] = s->rx_fifo[i + 1]; 210 s->int_level |= INT_RCV; 211 } else { 212 s->int_level &= ~INT_RCV; 213 } 214 smc91c111_flush_queued_packets(s); 215 smc91c111_update(s); 216 } 217 218 /* Remove an item from the TX completion FIFO. */ 219 static void smc91c111_pop_tx_fifo_done(smc91c111_state *s) 220 { 221 int i; 222 223 if (s->tx_fifo_done_len == 0) 224 return; 225 s->tx_fifo_done_len--; 226 for (i = 0; i < s->tx_fifo_done_len; i++) 227 s->tx_fifo_done[i] = s->tx_fifo_done[i + 1]; 228 } 229 230 /* Release the memory allocated to a packet. */ 231 static void smc91c111_release_packet(smc91c111_state *s, int packet) 232 { 233 if (!packetnum_valid(packet)) { 234 /* 235 * Data sheet doesn't document behaviour in this guest error 236 * case, and there is no error status register to report it. 237 * Log and ignore the attempt. 238 */ 239 qemu_log_mask(LOG_GUEST_ERROR, 240 "smc91c111: attempt to release invalid packet %d\n", 241 packet); 242 return; 243 } 244 s->allocated &= ~(1 << packet); 245 if (s->tx_alloc == 0x80) 246 smc91c111_tx_alloc(s); 247 smc91c111_flush_queued_packets(s); 248 } 249 250 static void smc91c111_complete_tx_packet(smc91c111_state *s, int packetnum) 251 { 252 if (s->ctr & CTR_AUTO_RELEASE) { 253 /* Race? */ 254 smc91c111_release_packet(s, packetnum); 255 } else if (s->tx_fifo_done_len < NUM_PACKETS) { 256 s->tx_fifo_done[s->tx_fifo_done_len++] = packetnum; 257 } 258 } 259 260 /* Flush the TX FIFO. */ 261 static void smc91c111_do_tx(smc91c111_state *s) 262 { 263 int i; 264 int len; 265 int control; 266 int packetnum; 267 uint8_t *p; 268 269 if ((s->tcr & TCR_TXEN) == 0) 270 return; 271 if (s->tx_fifo_len == 0) 272 return; 273 for (i = 0; i < s->tx_fifo_len; i++) { 274 packetnum = s->tx_fifo[i]; 275 /* queue_tx checked the packet number was valid */ 276 assert(packetnum_valid(packetnum)); 277 p = &s->data[packetnum][0]; 278 /* Set status word. */ 279 *(p++) = 0x01; 280 *(p++) = 0x40; 281 len = *(p++); 282 len |= ((int)*(p++)) << 8; 283 if (len > MAX_PACKET_SIZE) { 284 /* 285 * Datasheet doesn't say what to do here, and there is no 286 * relevant tx error condition listed. Log, and drop the packet. 287 */ 288 qemu_log_mask(LOG_GUEST_ERROR, 289 "smc91c111: tx packet with bad length %d, dropping\n", 290 len); 291 smc91c111_complete_tx_packet(s, packetnum); 292 continue; 293 } 294 len -= 6; 295 control = p[len + 1]; 296 if (control & 0x20) 297 len++; 298 /* ??? This overwrites the data following the buffer. 299 Don't know what real hardware does. */ 300 if (len < 64 && (s->tcr & TCR_PAD_EN)) { 301 memset(p + len, 0, 64 - len); 302 len = 64; 303 } 304 #if 0 305 { 306 int add_crc; 307 308 /* The card is supposed to append the CRC to the frame. 309 However none of the other network traffic has the CRC 310 appended. Suspect this is low level ethernet detail we 311 don't need to worry about. */ 312 add_crc = (control & 0x10) || (s->tcr & TCR_NOCRC) == 0; 313 if (add_crc) { 314 uint32_t crc; 315 316 crc = crc32(~0, p, len); 317 memcpy(p + len, &crc, 4); 318 len += 4; 319 } 320 } 321 #endif 322 smc91c111_complete_tx_packet(s, packetnum); 323 qemu_send_packet(qemu_get_queue(s->nic), p, len); 324 } 325 s->tx_fifo_len = 0; 326 smc91c111_update(s); 327 } 328 329 /* Add a packet to the TX FIFO. */ 330 static void smc91c111_queue_tx(smc91c111_state *s, int packet) 331 { 332 if (!packetnum_valid(packet)) { 333 /* 334 * Datasheet doesn't document behaviour in this error case, and 335 * there's no error status register we could report it in. 336 * Log and ignore. 337 */ 338 qemu_log_mask(LOG_GUEST_ERROR, 339 "smc91c111: attempt to queue invalid packet %d\n", 340 packet); 341 return; 342 } 343 if (s->tx_fifo_len == NUM_PACKETS) 344 return; 345 s->tx_fifo[s->tx_fifo_len++] = packet; 346 smc91c111_do_tx(s); 347 } 348 349 static void smc91c111_reset(DeviceState *dev) 350 { 351 smc91c111_state *s = SMC91C111(dev); 352 353 s->bank = 0; 354 s->tx_fifo_len = 0; 355 s->tx_fifo_done_len = 0; 356 s->rx_fifo_len = 0; 357 s->allocated = 0; 358 s->packet_num = 0; 359 s->tx_alloc = 0; 360 s->tcr = 0; 361 s->rcr = 0; 362 s->cr = 0xa0b1; 363 s->ctr = 0x1210; 364 s->ptr = 0; 365 s->ercv = 0x1f; 366 s->int_level = INT_TX_EMPTY; 367 s->int_mask = 0; 368 smc91c111_update(s); 369 } 370 371 #define SET_LOW(name, val) s->name = (s->name & 0xff00) | val 372 #define SET_HIGH(name, val) s->name = (s->name & 0xff) | (val << 8) 373 374 static void smc91c111_writeb(void *opaque, hwaddr offset, 375 uint32_t value) 376 { 377 smc91c111_state *s = (smc91c111_state *)opaque; 378 379 offset = offset & 0xf; 380 if (offset == 14) { 381 s->bank = value; 382 return; 383 } 384 if (offset == 15) 385 return; 386 switch (s->bank) { 387 case 0: 388 switch (offset) { 389 case 0: /* TCR */ 390 SET_LOW(tcr, value); 391 return; 392 case 1: 393 SET_HIGH(tcr, value); 394 return; 395 case 4: /* RCR */ 396 SET_LOW(rcr, value); 397 return; 398 case 5: 399 SET_HIGH(rcr, value); 400 if (s->rcr & RCR_SOFT_RST) { 401 smc91c111_reset(DEVICE(s)); 402 } 403 smc91c111_flush_queued_packets(s); 404 return; 405 case 10: case 11: /* RPCR */ 406 /* Ignored */ 407 return; 408 case 12: case 13: /* Reserved */ 409 return; 410 } 411 break; 412 413 case 1: 414 switch (offset) { 415 case 0: /* CONFIG */ 416 SET_LOW(cr, value); 417 return; 418 case 1: 419 SET_HIGH(cr,value); 420 return; 421 case 2: case 3: /* BASE */ 422 case 4: case 5: case 6: case 7: case 8: case 9: /* IA */ 423 /* Not implemented. */ 424 return; 425 case 10: /* General Purpose */ 426 SET_LOW(gpr, value); 427 return; 428 case 11: 429 SET_HIGH(gpr, value); 430 return; 431 case 12: /* Control */ 432 if (value & 1) { 433 qemu_log_mask(LOG_UNIMP, 434 "smc91c111: EEPROM store not implemented\n"); 435 } 436 if (value & 2) { 437 qemu_log_mask(LOG_UNIMP, 438 "smc91c111: EEPROM reload not implemented\n"); 439 } 440 value &= ~3; 441 SET_LOW(ctr, value); 442 return; 443 case 13: 444 SET_HIGH(ctr, value); 445 return; 446 } 447 break; 448 449 case 2: 450 switch (offset) { 451 case 0: /* MMU Command */ 452 switch (value >> 5) { 453 case 0: /* no-op */ 454 break; 455 case 1: /* Allocate for TX. */ 456 s->tx_alloc = 0x80; 457 s->int_level &= ~INT_ALLOC; 458 smc91c111_update(s); 459 smc91c111_tx_alloc(s); 460 break; 461 case 2: /* Reset MMU. */ 462 s->allocated = 0; 463 s->tx_fifo_len = 0; 464 s->tx_fifo_done_len = 0; 465 s->rx_fifo_len = 0; 466 s->tx_alloc = 0; 467 break; 468 case 3: /* Remove from RX FIFO. */ 469 smc91c111_pop_rx_fifo(s); 470 break; 471 case 4: /* Remove from RX FIFO and release. */ 472 if (s->rx_fifo_len > 0) { 473 smc91c111_release_packet(s, s->rx_fifo[0]); 474 } 475 smc91c111_pop_rx_fifo(s); 476 break; 477 case 5: /* Release. */ 478 smc91c111_release_packet(s, s->packet_num); 479 break; 480 case 6: /* Add to TX FIFO. */ 481 smc91c111_queue_tx(s, s->packet_num); 482 break; 483 case 7: /* Reset TX FIFO. */ 484 s->tx_fifo_len = 0; 485 s->tx_fifo_done_len = 0; 486 break; 487 } 488 return; 489 case 1: 490 /* Ignore. */ 491 return; 492 case 2: /* Packet Number Register */ 493 s->packet_num = value; 494 return; 495 case 3: case 4: case 5: 496 /* Should be readonly, but linux writes to them anyway. Ignore. */ 497 return; 498 case 6: /* Pointer */ 499 SET_LOW(ptr, value); 500 return; 501 case 7: 502 SET_HIGH(ptr, value); 503 return; 504 case 8: case 9: case 10: case 11: /* Data */ 505 { 506 int p; 507 int n; 508 509 if (s->ptr & 0x8000) 510 n = s->rx_fifo[0]; 511 else 512 n = s->packet_num; 513 if (!packetnum_valid(n)) { 514 /* Datasheet doesn't document what to do here */ 515 qemu_log_mask(LOG_GUEST_ERROR, 516 "smc91c111: attempt to write data to invalid packet %d\n", 517 n); 518 return; 519 } 520 p = s->ptr & 0x07ff; 521 if (s->ptr & 0x4000) { 522 s->ptr = (s->ptr & 0xf800) | ((s->ptr + 1) & 0x7ff); 523 } else { 524 p += (offset & 3); 525 } 526 s->data[n][p] = value; 527 } 528 return; 529 case 12: /* Interrupt ACK. */ 530 s->int_level &= ~(value & 0xd6); 531 if (value & INT_TX) 532 smc91c111_pop_tx_fifo_done(s); 533 smc91c111_update(s); 534 return; 535 case 13: /* Interrupt mask. */ 536 s->int_mask = value; 537 smc91c111_update(s); 538 return; 539 } 540 break; 541 542 case 3: 543 switch (offset) { 544 case 0: case 1: case 2: case 3: case 4: case 5: case 6: case 7: 545 /* Multicast table. */ 546 /* Not implemented. */ 547 return; 548 case 8: case 9: /* Management Interface. */ 549 /* Not implemented. */ 550 return; 551 case 12: /* Early receive. */ 552 s->ercv = value & 0x1f; 553 return; 554 case 13: 555 /* Ignore. */ 556 return; 557 } 558 break; 559 } 560 qemu_log_mask(LOG_GUEST_ERROR, "smc91c111_write(bank:%d) Illegal register" 561 " 0x%" HWADDR_PRIx " = 0x%x\n", 562 s->bank, offset, value); 563 } 564 565 static uint32_t smc91c111_readb(void *opaque, hwaddr offset) 566 { 567 smc91c111_state *s = (smc91c111_state *)opaque; 568 569 offset = offset & 0xf; 570 if (offset == 14) { 571 return s->bank; 572 } 573 if (offset == 15) 574 return 0x33; 575 switch (s->bank) { 576 case 0: 577 switch (offset) { 578 case 0: /* TCR */ 579 return s->tcr & 0xff; 580 case 1: 581 return s->tcr >> 8; 582 case 2: /* EPH Status */ 583 return 0; 584 case 3: 585 return 0x40; 586 case 4: /* RCR */ 587 return s->rcr & 0xff; 588 case 5: 589 return s->rcr >> 8; 590 case 6: /* Counter */ 591 case 7: 592 /* Not implemented. */ 593 return 0; 594 case 8: /* Memory size. */ 595 return NUM_PACKETS; 596 case 9: /* Free memory available. */ 597 { 598 int i; 599 int n; 600 n = 0; 601 for (i = 0; i < NUM_PACKETS; i++) { 602 if (s->allocated & (1 << i)) 603 n++; 604 } 605 return n; 606 } 607 case 10: case 11: /* RPCR */ 608 /* Not implemented. */ 609 return 0; 610 case 12: case 13: /* Reserved */ 611 return 0; 612 } 613 break; 614 615 case 1: 616 switch (offset) { 617 case 0: /* CONFIG */ 618 return s->cr & 0xff; 619 case 1: 620 return s->cr >> 8; 621 case 2: case 3: /* BASE */ 622 /* Not implemented. */ 623 return 0; 624 case 4: case 5: case 6: case 7: case 8: case 9: /* IA */ 625 return s->conf.macaddr.a[offset - 4]; 626 case 10: /* General Purpose */ 627 return s->gpr & 0xff; 628 case 11: 629 return s->gpr >> 8; 630 case 12: /* Control */ 631 return s->ctr & 0xff; 632 case 13: 633 return s->ctr >> 8; 634 } 635 break; 636 637 case 2: 638 switch (offset) { 639 case 0: case 1: /* MMUCR Busy bit. */ 640 return 0; 641 case 2: /* Packet Number. */ 642 return s->packet_num; 643 case 3: /* Allocation Result. */ 644 return s->tx_alloc; 645 case 4: /* TX FIFO */ 646 if (s->tx_fifo_done_len == 0) 647 return 0x80; 648 else 649 return s->tx_fifo_done[0]; 650 case 5: /* RX FIFO */ 651 if (s->rx_fifo_len == 0) 652 return 0x80; 653 else 654 return s->rx_fifo[0]; 655 case 6: /* Pointer */ 656 return s->ptr & 0xff; 657 case 7: 658 return (s->ptr >> 8) & 0xf7; 659 case 8: case 9: case 10: case 11: /* Data */ 660 { 661 int p; 662 int n; 663 664 if (s->ptr & 0x8000) 665 n = s->rx_fifo[0]; 666 else 667 n = s->packet_num; 668 if (!packetnum_valid(n)) { 669 /* Datasheet doesn't document what to do here */ 670 qemu_log_mask(LOG_GUEST_ERROR, 671 "smc91c111: attempt to read data from invalid packet %d\n", 672 n); 673 return 0; 674 } 675 p = s->ptr & 0x07ff; 676 if (s->ptr & 0x4000) { 677 s->ptr = (s->ptr & 0xf800) | ((s->ptr + 1) & 0x07ff); 678 } else { 679 p += (offset & 3); 680 } 681 return s->data[n][p]; 682 } 683 case 12: /* Interrupt status. */ 684 return s->int_level; 685 case 13: /* Interrupt mask. */ 686 return s->int_mask; 687 } 688 break; 689 690 case 3: 691 switch (offset) { 692 case 0: case 1: case 2: case 3: case 4: case 5: case 6: case 7: 693 /* Multicast table. */ 694 /* Not implemented. */ 695 return 0; 696 case 8: /* Management Interface. */ 697 /* Not implemented. */ 698 return 0x30; 699 case 9: 700 return 0x33; 701 case 10: /* Revision. */ 702 return 0x91; 703 case 11: 704 return 0x33; 705 case 12: 706 return s->ercv; 707 case 13: 708 return 0; 709 } 710 break; 711 } 712 qemu_log_mask(LOG_GUEST_ERROR, "smc91c111_read(bank:%d) Illegal register" 713 " 0x%" HWADDR_PRIx "\n", 714 s->bank, offset); 715 return 0; 716 } 717 718 static uint64_t smc91c111_readfn(void *opaque, hwaddr addr, unsigned size) 719 { 720 int i; 721 uint32_t val = 0; 722 723 for (i = 0; i < size; i++) { 724 val |= smc91c111_readb(opaque, addr + i) << (i * 8); 725 } 726 return val; 727 } 728 729 static void smc91c111_writefn(void *opaque, hwaddr addr, 730 uint64_t value, unsigned size) 731 { 732 int i = 0; 733 734 /* 32-bit writes to offset 0xc only actually write to the bank select 735 * register (offset 0xe), so skip the first two bytes we would write. 736 */ 737 if (addr == 0xc && size == 4) { 738 i += 2; 739 } 740 741 for (; i < size; i++) { 742 smc91c111_writeb(opaque, addr + i, 743 extract32(value, i * 8, 8)); 744 } 745 } 746 747 static bool smc91c111_can_receive_nc(NetClientState *nc) 748 { 749 smc91c111_state *s = qemu_get_nic_opaque(nc); 750 751 return smc91c111_can_receive(s); 752 } 753 754 static ssize_t smc91c111_receive(NetClientState *nc, const uint8_t *buf, size_t size) 755 { 756 smc91c111_state *s = qemu_get_nic_opaque(nc); 757 int status; 758 int packetsize; 759 uint32_t crc; 760 int packetnum; 761 uint8_t *p; 762 763 if ((s->rcr & RCR_RXEN) == 0 || (s->rcr & RCR_SOFT_RST)) 764 return -1; 765 /* Short packets are padded with zeros. Receiving a packet 766 < 64 bytes long is considered an error condition. */ 767 if (size < 64) 768 packetsize = 64; 769 else 770 packetsize = (size & ~1); 771 packetsize += 6; 772 crc = (s->rcr & RCR_STRIP_CRC) == 0; 773 if (crc) 774 packetsize += 4; 775 /* TODO: Flag overrun and receive errors. */ 776 if (packetsize > 2048) 777 return -1; 778 packetnum = smc91c111_allocate_packet(s); 779 if (packetnum == 0x80) 780 return -1; 781 s->rx_fifo[s->rx_fifo_len++] = packetnum; 782 783 /* allocate_packet() will not hand us back an invalid packet number */ 784 assert(packetnum_valid(packetnum)); 785 p = &s->data[packetnum][0]; 786 /* ??? Multicast packets? */ 787 status = 0; 788 if (size > 1518) 789 status |= RS_TOOLONG; 790 if (size & 1) 791 status |= RS_ODDFRAME; 792 *(p++) = status & 0xff; 793 *(p++) = status >> 8; 794 *(p++) = packetsize & 0xff; 795 *(p++) = packetsize >> 8; 796 memcpy(p, buf, size & ~1); 797 p += (size & ~1); 798 /* Pad short packets. */ 799 if (size < 64) { 800 int pad; 801 802 if (size & 1) 803 *(p++) = buf[size - 1]; 804 pad = 64 - size; 805 memset(p, 0, pad); 806 p += pad; 807 size = 64; 808 } 809 /* It's not clear if the CRC should go before or after the last byte in 810 odd sized packets. Linux disables the CRC, so that's no help. 811 The pictures in the documentation show the CRC aligned on a 16-bit 812 boundary before the last odd byte, so that's what we do. */ 813 if (crc) { 814 crc = crc32(~0, buf, size); 815 *(p++) = crc & 0xff; crc >>= 8; 816 *(p++) = crc & 0xff; crc >>= 8; 817 *(p++) = crc & 0xff; crc >>= 8; 818 *(p++) = crc & 0xff; 819 } 820 if (size & 1) { 821 *(p++) = buf[size - 1]; 822 *p = 0x60; 823 } else { 824 *(p++) = 0; 825 *p = 0x40; 826 } 827 /* TODO: Raise early RX interrupt? */ 828 s->int_level |= INT_RCV; 829 smc91c111_update(s); 830 831 return size; 832 } 833 834 static const MemoryRegionOps smc91c111_mem_ops = { 835 /* The special case for 32 bit writes to 0xc means we can't just 836 * set .impl.min/max_access_size to 1, unfortunately 837 */ 838 .read = smc91c111_readfn, 839 .write = smc91c111_writefn, 840 .valid.min_access_size = 1, 841 .valid.max_access_size = 4, 842 .endianness = DEVICE_NATIVE_ENDIAN, 843 }; 844 845 static NetClientInfo net_smc91c111_info = { 846 .type = NET_CLIENT_DRIVER_NIC, 847 .size = sizeof(NICState), 848 .can_receive = smc91c111_can_receive_nc, 849 .receive = smc91c111_receive, 850 }; 851 852 static void smc91c111_realize(DeviceState *dev, Error **errp) 853 { 854 SysBusDevice *sbd = SYS_BUS_DEVICE(dev); 855 smc91c111_state *s = SMC91C111(dev); 856 857 memory_region_init_io(&s->mmio, OBJECT(s), &smc91c111_mem_ops, s, 858 "smc91c111-mmio", 16); 859 sysbus_init_mmio(sbd, &s->mmio); 860 sysbus_init_irq(sbd, &s->irq); 861 qemu_macaddr_default_if_unset(&s->conf.macaddr); 862 s->nic = qemu_new_nic(&net_smc91c111_info, &s->conf, 863 object_get_typename(OBJECT(dev)), dev->id, 864 &dev->mem_reentrancy_guard, s); 865 qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a); 866 /* ??? Save/restore. */ 867 } 868 869 static const Property smc91c111_properties[] = { 870 DEFINE_NIC_PROPERTIES(smc91c111_state, conf), 871 }; 872 873 static void smc91c111_class_init(ObjectClass *klass, void *data) 874 { 875 DeviceClass *dc = DEVICE_CLASS(klass); 876 877 dc->realize = smc91c111_realize; 878 device_class_set_legacy_reset(dc, smc91c111_reset); 879 dc->vmsd = &vmstate_smc91c111; 880 device_class_set_props(dc, smc91c111_properties); 881 } 882 883 static const TypeInfo smc91c111_info = { 884 .name = TYPE_SMC91C111, 885 .parent = TYPE_SYS_BUS_DEVICE, 886 .instance_size = sizeof(smc91c111_state), 887 .class_init = smc91c111_class_init, 888 }; 889 890 static void smc91c111_register_types(void) 891 { 892 type_register_static(&smc91c111_info); 893 } 894 895 /* Legacy helper function. Should go away when machine config files are 896 implemented. */ 897 void smc91c111_init(uint32_t base, qemu_irq irq) 898 { 899 DeviceState *dev; 900 SysBusDevice *s; 901 902 dev = qdev_new(TYPE_SMC91C111); 903 qemu_configure_nic_device(dev, true, NULL); 904 s = SYS_BUS_DEVICE(dev); 905 sysbus_realize_and_unref(s, &error_fatal); 906 sysbus_mmio_map(s, 0, base); 907 sysbus_connect_irq(s, 0, irq); 908 } 909 910 type_init(smc91c111_register_types) 911