Statistics
| Branch: | Revision:

root / hw / e1000.c @ 1f892feb

History | View | Annotate | Download (38.1 kB)

1
/*
2
 * QEMU e1000 emulation
3
 *
4
 * Software developer's manual:
5
 * http://download.intel.com/design/network/manuals/8254x_GBe_SDM.pdf
6
 *
7
 * Nir Peleg, Tutis Systems Ltd. for Qumranet Inc.
8
 * Copyright (c) 2008 Qumranet
9
 * Based on work done by:
10
 * Copyright (c) 2007 Dan Aloni
11
 * Copyright (c) 2004 Antony T Curtis
12
 *
13
 * This library is free software; you can redistribute it and/or
14
 * modify it under the terms of the GNU Lesser General Public
15
 * License as published by the Free Software Foundation; either
16
 * version 2 of the License, or (at your option) any later version.
17
 *
18
 * This library is distributed in the hope that it will be useful,
19
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
20
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
21
 * Lesser General Public License for more details.
22
 *
23
 * You should have received a copy of the GNU Lesser General Public
24
 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
25
 */
26

    
27

    
28
#include "hw.h"
29
#include "pci.h"
30
#include "net.h"
31
#include "net/checksum.h"
32
#include "loader.h"
33

    
34
#include "e1000_hw.h"
35

    
36
#define E1000_DEBUG
37

    
38
#ifdef E1000_DEBUG
39
enum {
40
    DEBUG_GENERAL,        DEBUG_IO,        DEBUG_MMIO,        DEBUG_INTERRUPT,
41
    DEBUG_RX,                DEBUG_TX,        DEBUG_MDIC,        DEBUG_EEPROM,
42
    DEBUG_UNKNOWN,        DEBUG_TXSUM,        DEBUG_TXERR,        DEBUG_RXERR,
43
    DEBUG_RXFILTER,        DEBUG_NOTYET,
44
};
45
#define DBGBIT(x)        (1<<DEBUG_##x)
46
static int debugflags = DBGBIT(TXERR) | DBGBIT(GENERAL);
47

    
48
#define        DBGOUT(what, fmt, ...) do { \
49
    if (debugflags & DBGBIT(what)) \
50
        fprintf(stderr, "e1000: " fmt, ## __VA_ARGS__); \
51
    } while (0)
52
#else
53
#define        DBGOUT(what, fmt, ...) do {} while (0)
54
#endif
55

    
56
#define IOPORT_SIZE       0x40
57
#define PNPMMIO_SIZE      0x20000
58
#define MIN_BUF_SIZE      60 /* Min. octets in an ethernet frame sans FCS */
59

    
60
/*
61
 * HW models:
62
 *  E1000_DEV_ID_82540EM works with Windows and Linux
63
 *  E1000_DEV_ID_82573L OK with windoze and Linux 2.6.22,
64
 *        appears to perform better than 82540EM, but breaks with Linux 2.6.18
65
 *  E1000_DEV_ID_82544GC_COPPER appears to work; not well tested
66
 *  Others never tested
67
 */
68
enum { E1000_DEVID = E1000_DEV_ID_82540EM };
69

    
70
/*
71
 * May need to specify additional MAC-to-PHY entries --
72
 * Intel's Windows driver refuses to initialize unless they match
73
 */
74
enum {
75
    PHY_ID2_INIT = E1000_DEVID == E1000_DEV_ID_82573L ?                0xcc2 :
76
                   E1000_DEVID == E1000_DEV_ID_82544GC_COPPER ?        0xc30 :
77
                   /* default to E1000_DEV_ID_82540EM */        0xc20
78
};
79

    
80
typedef struct E1000State_st {
81
    PCIDevice dev;
82
    NICState *nic;
83
    NICConf conf;
84
    int mmio_index;
85

    
86
    uint32_t mac_reg[0x8000];
87
    uint16_t phy_reg[0x20];
88
    uint16_t eeprom_data[64];
89

    
90
    uint32_t rxbuf_size;
91
    uint32_t rxbuf_min_shift;
92
    int check_rxov;
93
    struct e1000_tx {
94
        unsigned char header[256];
95
        unsigned char vlan_header[4];
96
        /* Fields vlan and data must not be reordered or separated. */
97
        unsigned char vlan[4];
98
        unsigned char data[0x10000];
99
        uint16_t size;
100
        unsigned char sum_needed;
101
        unsigned char vlan_needed;
102
        uint8_t ipcss;
103
        uint8_t ipcso;
104
        uint16_t ipcse;
105
        uint8_t tucss;
106
        uint8_t tucso;
107
        uint16_t tucse;
108
        uint8_t hdr_len;
109
        uint16_t mss;
110
        uint32_t paylen;
111
        uint16_t tso_frames;
112
        char tse;
113
        int8_t ip;
114
        int8_t tcp;
115
        char cptse;     // current packet tse bit
116
    } tx;
117

    
118
    struct {
119
        uint32_t val_in;        // shifted in from guest driver
120
        uint16_t bitnum_in;
121
        uint16_t bitnum_out;
122
        uint16_t reading;
123
        uint32_t old_eecd;
124
    } eecd_state;
125
} E1000State;
126

    
127
#define        defreg(x)        x = (E1000_##x>>2)
128
enum {
129
    defreg(CTRL),        defreg(EECD),        defreg(EERD),        defreg(GPRC),
130
    defreg(GPTC),        defreg(ICR),        defreg(ICS),        defreg(IMC),
131
    defreg(IMS),        defreg(LEDCTL),        defreg(MANC),        defreg(MDIC),
132
    defreg(MPC),        defreg(PBA),        defreg(RCTL),        defreg(RDBAH),
133
    defreg(RDBAL),        defreg(RDH),        defreg(RDLEN),        defreg(RDT),
134
    defreg(STATUS),        defreg(SWSM),        defreg(TCTL),        defreg(TDBAH),
135
    defreg(TDBAL),        defreg(TDH),        defreg(TDLEN),        defreg(TDT),
136
    defreg(TORH),        defreg(TORL),        defreg(TOTH),        defreg(TOTL),
137
    defreg(TPR),        defreg(TPT),        defreg(TXDCTL),        defreg(WUFC),
138
    defreg(RA),                defreg(MTA),        defreg(CRCERRS),defreg(VFTA),
139
    defreg(VET),
140
};
141

    
142
enum { PHY_R = 1, PHY_W = 2, PHY_RW = PHY_R | PHY_W };
143
static const char phy_regcap[0x20] = {
144
    [PHY_STATUS] = PHY_R,        [M88E1000_EXT_PHY_SPEC_CTRL] = PHY_RW,
145
    [PHY_ID1] = PHY_R,                [M88E1000_PHY_SPEC_CTRL] = PHY_RW,
146
    [PHY_CTRL] = PHY_RW,        [PHY_1000T_CTRL] = PHY_RW,
147
    [PHY_LP_ABILITY] = PHY_R,        [PHY_1000T_STATUS] = PHY_R,
148
    [PHY_AUTONEG_ADV] = PHY_RW,        [M88E1000_RX_ERR_CNTR] = PHY_R,
149
    [PHY_ID2] = PHY_R,                [M88E1000_PHY_SPEC_STATUS] = PHY_R
150
};
151

    
152
static void
153
ioport_map(PCIDevice *pci_dev, int region_num, pcibus_t addr,
154
           pcibus_t size, int type)
155
{
156
    DBGOUT(IO, "e1000_ioport_map addr=0x%04"FMT_PCIBUS
157
           " size=0x%08"FMT_PCIBUS"\n", addr, size);
158
}
159

    
160
static void
161
set_interrupt_cause(E1000State *s, int index, uint32_t val)
162
{
163
    if (val)
164
        val |= E1000_ICR_INT_ASSERTED;
165
    s->mac_reg[ICR] = val;
166
    s->mac_reg[ICS] = val;
167
    qemu_set_irq(s->dev.irq[0], (s->mac_reg[IMS] & s->mac_reg[ICR]) != 0);
168
}
169

    
170
static void
171
set_ics(E1000State *s, int index, uint32_t val)
172
{
173
    DBGOUT(INTERRUPT, "set_ics %x, ICR %x, IMR %x\n", val, s->mac_reg[ICR],
174
        s->mac_reg[IMS]);
175
    set_interrupt_cause(s, 0, val | s->mac_reg[ICR]);
176
}
177

    
178
static int
179
rxbufsize(uint32_t v)
180
{
181
    v &= E1000_RCTL_BSEX | E1000_RCTL_SZ_16384 | E1000_RCTL_SZ_8192 |
182
         E1000_RCTL_SZ_4096 | E1000_RCTL_SZ_2048 | E1000_RCTL_SZ_1024 |
183
         E1000_RCTL_SZ_512 | E1000_RCTL_SZ_256;
184
    switch (v) {
185
    case E1000_RCTL_BSEX | E1000_RCTL_SZ_16384:
186
        return 16384;
187
    case E1000_RCTL_BSEX | E1000_RCTL_SZ_8192:
188
        return 8192;
189
    case E1000_RCTL_BSEX | E1000_RCTL_SZ_4096:
190
        return 4096;
191
    case E1000_RCTL_SZ_1024:
192
        return 1024;
193
    case E1000_RCTL_SZ_512:
194
        return 512;
195
    case E1000_RCTL_SZ_256:
196
        return 256;
197
    }
198
    return 2048;
199
}
200

    
201
static void
202
set_ctrl(E1000State *s, int index, uint32_t val)
203
{
204
    /* RST is self clearing */
205
    s->mac_reg[CTRL] = val & ~E1000_CTRL_RST;
206
}
207

    
208
static void
209
set_rx_control(E1000State *s, int index, uint32_t val)
210
{
211
    s->mac_reg[RCTL] = val;
212
    s->rxbuf_size = rxbufsize(val);
213
    s->rxbuf_min_shift = ((val / E1000_RCTL_RDMTS_QUAT) & 3) + 1;
214
    DBGOUT(RX, "RCTL: %d, mac_reg[RCTL] = 0x%x\n", s->mac_reg[RDT],
215
           s->mac_reg[RCTL]);
216
}
217

    
218
static void
219
set_mdic(E1000State *s, int index, uint32_t val)
220
{
221
    uint32_t data = val & E1000_MDIC_DATA_MASK;
222
    uint32_t addr = ((val & E1000_MDIC_REG_MASK) >> E1000_MDIC_REG_SHIFT);
223

    
224
    if ((val & E1000_MDIC_PHY_MASK) >> E1000_MDIC_PHY_SHIFT != 1) // phy #
225
        val = s->mac_reg[MDIC] | E1000_MDIC_ERROR;
226
    else if (val & E1000_MDIC_OP_READ) {
227
        DBGOUT(MDIC, "MDIC read reg 0x%x\n", addr);
228
        if (!(phy_regcap[addr] & PHY_R)) {
229
            DBGOUT(MDIC, "MDIC read reg %x unhandled\n", addr);
230
            val |= E1000_MDIC_ERROR;
231
        } else
232
            val = (val ^ data) | s->phy_reg[addr];
233
    } else if (val & E1000_MDIC_OP_WRITE) {
234
        DBGOUT(MDIC, "MDIC write reg 0x%x, value 0x%x\n", addr, data);
235
        if (!(phy_regcap[addr] & PHY_W)) {
236
            DBGOUT(MDIC, "MDIC write reg %x unhandled\n", addr);
237
            val |= E1000_MDIC_ERROR;
238
        } else
239
            s->phy_reg[addr] = data;
240
    }
241
    s->mac_reg[MDIC] = val | E1000_MDIC_READY;
242
    set_ics(s, 0, E1000_ICR_MDAC);
243
}
244

    
245
static uint32_t
246
get_eecd(E1000State *s, int index)
247
{
248
    uint32_t ret = E1000_EECD_PRES|E1000_EECD_GNT | s->eecd_state.old_eecd;
249

    
250
    DBGOUT(EEPROM, "reading eeprom bit %d (reading %d)\n",
251
           s->eecd_state.bitnum_out, s->eecd_state.reading);
252
    if (!s->eecd_state.reading ||
253
        ((s->eeprom_data[(s->eecd_state.bitnum_out >> 4) & 0x3f] >>
254
          ((s->eecd_state.bitnum_out & 0xf) ^ 0xf))) & 1)
255
        ret |= E1000_EECD_DO;
256
    return ret;
257
}
258

    
259
static void
260
set_eecd(E1000State *s, int index, uint32_t val)
261
{
262
    uint32_t oldval = s->eecd_state.old_eecd;
263

    
264
    s->eecd_state.old_eecd = val & (E1000_EECD_SK | E1000_EECD_CS |
265
            E1000_EECD_DI|E1000_EECD_FWE_MASK|E1000_EECD_REQ);
266
    if (!(E1000_EECD_CS & val))                        // CS inactive; nothing to do
267
        return;
268
    if (E1000_EECD_CS & (val ^ oldval)) {        // CS rise edge; reset state
269
        s->eecd_state.val_in = 0;
270
        s->eecd_state.bitnum_in = 0;
271
        s->eecd_state.bitnum_out = 0;
272
        s->eecd_state.reading = 0;
273
    }
274
    if (!(E1000_EECD_SK & (val ^ oldval)))        // no clock edge
275
        return;
276
    if (!(E1000_EECD_SK & val)) {                // falling edge
277
        s->eecd_state.bitnum_out++;
278
        return;
279
    }
280
    s->eecd_state.val_in <<= 1;
281
    if (val & E1000_EECD_DI)
282
        s->eecd_state.val_in |= 1;
283
    if (++s->eecd_state.bitnum_in == 9 && !s->eecd_state.reading) {
284
        s->eecd_state.bitnum_out = ((s->eecd_state.val_in & 0x3f)<<4)-1;
285
        s->eecd_state.reading = (((s->eecd_state.val_in >> 6) & 7) ==
286
            EEPROM_READ_OPCODE_MICROWIRE);
287
    }
288
    DBGOUT(EEPROM, "eeprom bitnum in %d out %d, reading %d\n",
289
           s->eecd_state.bitnum_in, s->eecd_state.bitnum_out,
290
           s->eecd_state.reading);
291
}
292

    
293
static uint32_t
294
flash_eerd_read(E1000State *s, int x)
295
{
296
    unsigned int index, r = s->mac_reg[EERD] & ~E1000_EEPROM_RW_REG_START;
297

    
298
    if ((s->mac_reg[EERD] & E1000_EEPROM_RW_REG_START) == 0)
299
        return (s->mac_reg[EERD]);
300

    
301
    if ((index = r >> E1000_EEPROM_RW_ADDR_SHIFT) > EEPROM_CHECKSUM_REG)
302
        return (E1000_EEPROM_RW_REG_DONE | r);
303

    
304
    return ((s->eeprom_data[index] << E1000_EEPROM_RW_REG_DATA) |
305
           E1000_EEPROM_RW_REG_DONE | r);
306
}
307

    
308
static void
309
putsum(uint8_t *data, uint32_t n, uint32_t sloc, uint32_t css, uint32_t cse)
310
{
311
    uint32_t sum;
312

    
313
    if (cse && cse < n)
314
        n = cse + 1;
315
    if (sloc < n-1) {
316
        sum = net_checksum_add(n-css, data+css);
317
        cpu_to_be16wu((uint16_t *)(data + sloc),
318
                      net_checksum_finish(sum));
319
    }
320
}
321

    
322
static inline int
323
vlan_enabled(E1000State *s)
324
{
325
    return ((s->mac_reg[CTRL] & E1000_CTRL_VME) != 0);
326
}
327

    
328
static inline int
329
vlan_rx_filter_enabled(E1000State *s)
330
{
331
    return ((s->mac_reg[RCTL] & E1000_RCTL_VFE) != 0);
332
}
333

    
334
static inline int
335
is_vlan_packet(E1000State *s, const uint8_t *buf)
336
{
337
    return (be16_to_cpup((uint16_t *)(buf + 12)) ==
338
                le16_to_cpup((uint16_t *)(s->mac_reg + VET)));
339
}
340

    
341
static inline int
342
is_vlan_txd(uint32_t txd_lower)
343
{
344
    return ((txd_lower & E1000_TXD_CMD_VLE) != 0);
345
}
346

    
347
/* FCS aka Ethernet CRC-32. We don't get it from backends and can't
348
 * fill it in, just pad descriptor length by 4 bytes unless guest
349
 * told us to strip it off the packet. */
350
static inline int
351
fcs_len(E1000State *s)
352
{
353
    return (s->mac_reg[RCTL] & E1000_RCTL_SECRC) ? 0 : 4;
354
}
355

    
356
static void
357
xmit_seg(E1000State *s)
358
{
359
    uint16_t len, *sp;
360
    unsigned int frames = s->tx.tso_frames, css, sofar, n;
361
    struct e1000_tx *tp = &s->tx;
362

    
363
    if (tp->tse && tp->cptse) {
364
        css = tp->ipcss;
365
        DBGOUT(TXSUM, "frames %d size %d ipcss %d\n",
366
               frames, tp->size, css);
367
        if (tp->ip) {                // IPv4
368
            cpu_to_be16wu((uint16_t *)(tp->data+css+2),
369
                          tp->size - css);
370
            cpu_to_be16wu((uint16_t *)(tp->data+css+4),
371
                          be16_to_cpup((uint16_t *)(tp->data+css+4))+frames);
372
        } else                        // IPv6
373
            cpu_to_be16wu((uint16_t *)(tp->data+css+4),
374
                          tp->size - css);
375
        css = tp->tucss;
376
        len = tp->size - css;
377
        DBGOUT(TXSUM, "tcp %d tucss %d len %d\n", tp->tcp, css, len);
378
        if (tp->tcp) {
379
            sofar = frames * tp->mss;
380
            cpu_to_be32wu((uint32_t *)(tp->data+css+4),        // seq
381
                be32_to_cpupu((uint32_t *)(tp->data+css+4))+sofar);
382
            if (tp->paylen - sofar > tp->mss)
383
                tp->data[css + 13] &= ~9;                // PSH, FIN
384
        } else        // UDP
385
            cpu_to_be16wu((uint16_t *)(tp->data+css+4), len);
386
        if (tp->sum_needed & E1000_TXD_POPTS_TXSM) {
387
            unsigned int phsum;
388
            // add pseudo-header length before checksum calculation
389
            sp = (uint16_t *)(tp->data + tp->tucso);
390
            phsum = be16_to_cpup(sp) + len;
391
            phsum = (phsum >> 16) + (phsum & 0xffff);
392
            cpu_to_be16wu(sp, phsum);
393
        }
394
        tp->tso_frames++;
395
    }
396

    
397
    if (tp->sum_needed & E1000_TXD_POPTS_TXSM)
398
        putsum(tp->data, tp->size, tp->tucso, tp->tucss, tp->tucse);
399
    if (tp->sum_needed & E1000_TXD_POPTS_IXSM)
400
        putsum(tp->data, tp->size, tp->ipcso, tp->ipcss, tp->ipcse);
401
    if (tp->vlan_needed) {
402
        memmove(tp->vlan, tp->data, 4);
403
        memmove(tp->data, tp->data + 4, 8);
404
        memcpy(tp->data + 8, tp->vlan_header, 4);
405
        qemu_send_packet(&s->nic->nc, tp->vlan, tp->size + 4);
406
    } else
407
        qemu_send_packet(&s->nic->nc, tp->data, tp->size);
408
    s->mac_reg[TPT]++;
409
    s->mac_reg[GPTC]++;
410
    n = s->mac_reg[TOTL];
411
    if ((s->mac_reg[TOTL] += s->tx.size) < n)
412
        s->mac_reg[TOTH]++;
413
}
414

    
415
static void
416
process_tx_desc(E1000State *s, struct e1000_tx_desc *dp)
417
{
418
    uint32_t txd_lower = le32_to_cpu(dp->lower.data);
419
    uint32_t dtype = txd_lower & (E1000_TXD_CMD_DEXT | E1000_TXD_DTYP_D);
420
    unsigned int split_size = txd_lower & 0xffff, bytes, sz, op;
421
    unsigned int msh = 0xfffff, hdr = 0;
422
    uint64_t addr;
423
    struct e1000_context_desc *xp = (struct e1000_context_desc *)dp;
424
    struct e1000_tx *tp = &s->tx;
425

    
426
    if (dtype == E1000_TXD_CMD_DEXT) {        // context descriptor
427
        op = le32_to_cpu(xp->cmd_and_length);
428
        tp->ipcss = xp->lower_setup.ip_fields.ipcss;
429
        tp->ipcso = xp->lower_setup.ip_fields.ipcso;
430
        tp->ipcse = le16_to_cpu(xp->lower_setup.ip_fields.ipcse);
431
        tp->tucss = xp->upper_setup.tcp_fields.tucss;
432
        tp->tucso = xp->upper_setup.tcp_fields.tucso;
433
        tp->tucse = le16_to_cpu(xp->upper_setup.tcp_fields.tucse);
434
        tp->paylen = op & 0xfffff;
435
        tp->hdr_len = xp->tcp_seg_setup.fields.hdr_len;
436
        tp->mss = le16_to_cpu(xp->tcp_seg_setup.fields.mss);
437
        tp->ip = (op & E1000_TXD_CMD_IP) ? 1 : 0;
438
        tp->tcp = (op & E1000_TXD_CMD_TCP) ? 1 : 0;
439
        tp->tse = (op & E1000_TXD_CMD_TSE) ? 1 : 0;
440
        tp->tso_frames = 0;
441
        if (tp->tucso == 0) {        // this is probably wrong
442
            DBGOUT(TXSUM, "TCP/UDP: cso 0!\n");
443
            tp->tucso = tp->tucss + (tp->tcp ? 16 : 6);
444
        }
445
        return;
446
    } else if (dtype == (E1000_TXD_CMD_DEXT | E1000_TXD_DTYP_D)) {
447
        // data descriptor
448
        tp->sum_needed = le32_to_cpu(dp->upper.data) >> 8;
449
        tp->cptse = ( txd_lower & E1000_TXD_CMD_TSE ) ? 1 : 0;
450
    } else
451
        // legacy descriptor
452
        tp->cptse = 0;
453

    
454
    if (vlan_enabled(s) && is_vlan_txd(txd_lower) &&
455
        (tp->cptse || txd_lower & E1000_TXD_CMD_EOP)) {
456
        tp->vlan_needed = 1;
457
        cpu_to_be16wu((uint16_t *)(tp->vlan_header),
458
                      le16_to_cpup((uint16_t *)(s->mac_reg + VET)));
459
        cpu_to_be16wu((uint16_t *)(tp->vlan_header + 2),
460
                      le16_to_cpu(dp->upper.fields.special));
461
    }
462
        
463
    addr = le64_to_cpu(dp->buffer_addr);
464
    if (tp->tse && tp->cptse) {
465
        hdr = tp->hdr_len;
466
        msh = hdr + tp->mss;
467
        do {
468
            bytes = split_size;
469
            if (tp->size + bytes > msh)
470
                bytes = msh - tp->size;
471
            cpu_physical_memory_read(addr, tp->data + tp->size, bytes);
472
            if ((sz = tp->size + bytes) >= hdr && tp->size < hdr)
473
                memmove(tp->header, tp->data, hdr);
474
            tp->size = sz;
475
            addr += bytes;
476
            if (sz == msh) {
477
                xmit_seg(s);
478
                memmove(tp->data, tp->header, hdr);
479
                tp->size = hdr;
480
            }
481
        } while (split_size -= bytes);
482
    } else if (!tp->tse && tp->cptse) {
483
        // context descriptor TSE is not set, while data descriptor TSE is set
484
        DBGOUT(TXERR, "TCP segmentaion Error\n");
485
    } else {
486
        cpu_physical_memory_read(addr, tp->data + tp->size, split_size);
487
        tp->size += split_size;
488
    }
489

    
490
    if (!(txd_lower & E1000_TXD_CMD_EOP))
491
        return;
492
    if (!(tp->tse && tp->cptse && tp->size < hdr))
493
        xmit_seg(s);
494
    tp->tso_frames = 0;
495
    tp->sum_needed = 0;
496
    tp->vlan_needed = 0;
497
    tp->size = 0;
498
    tp->cptse = 0;
499
}
500

    
501
static uint32_t
502
txdesc_writeback(target_phys_addr_t base, struct e1000_tx_desc *dp)
503
{
504
    uint32_t txd_upper, txd_lower = le32_to_cpu(dp->lower.data);
505

    
506
    if (!(txd_lower & (E1000_TXD_CMD_RS|E1000_TXD_CMD_RPS)))
507
        return 0;
508
    txd_upper = (le32_to_cpu(dp->upper.data) | E1000_TXD_STAT_DD) &
509
                ~(E1000_TXD_STAT_EC | E1000_TXD_STAT_LC | E1000_TXD_STAT_TU);
510
    dp->upper.data = cpu_to_le32(txd_upper);
511
    cpu_physical_memory_write(base + ((char *)&dp->upper - (char *)dp),
512
                              (void *)&dp->upper, sizeof(dp->upper));
513
    return E1000_ICR_TXDW;
514
}
515

    
516
static void
517
start_xmit(E1000State *s)
518
{
519
    target_phys_addr_t base;
520
    struct e1000_tx_desc desc;
521
    uint32_t tdh_start = s->mac_reg[TDH], cause = E1000_ICS_TXQE;
522

    
523
    if (!(s->mac_reg[TCTL] & E1000_TCTL_EN)) {
524
        DBGOUT(TX, "tx disabled\n");
525
        return;
526
    }
527

    
528
    while (s->mac_reg[TDH] != s->mac_reg[TDT]) {
529
        base = ((uint64_t)s->mac_reg[TDBAH] << 32) + s->mac_reg[TDBAL] +
530
               sizeof(struct e1000_tx_desc) * s->mac_reg[TDH];
531
        cpu_physical_memory_read(base, (void *)&desc, sizeof(desc));
532

    
533
        DBGOUT(TX, "index %d: %p : %x %x\n", s->mac_reg[TDH],
534
               (void *)(intptr_t)desc.buffer_addr, desc.lower.data,
535
               desc.upper.data);
536

    
537
        process_tx_desc(s, &desc);
538
        cause |= txdesc_writeback(base, &desc);
539

    
540
        if (++s->mac_reg[TDH] * sizeof(desc) >= s->mac_reg[TDLEN])
541
            s->mac_reg[TDH] = 0;
542
        /*
543
         * the following could happen only if guest sw assigns
544
         * bogus values to TDT/TDLEN.
545
         * there's nothing too intelligent we could do about this.
546
         */
547
        if (s->mac_reg[TDH] == tdh_start) {
548
            DBGOUT(TXERR, "TDH wraparound @%x, TDT %x, TDLEN %x\n",
549
                   tdh_start, s->mac_reg[TDT], s->mac_reg[TDLEN]);
550
            break;
551
        }
552
    }
553
    set_ics(s, 0, cause);
554
}
555

    
556
static int
557
receive_filter(E1000State *s, const uint8_t *buf, int size)
558
{
559
    static const uint8_t bcast[] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
560
    static const int mta_shift[] = {4, 3, 2, 0};
561
    uint32_t f, rctl = s->mac_reg[RCTL], ra[2], *rp;
562

    
563
    if (is_vlan_packet(s, buf) && vlan_rx_filter_enabled(s)) {
564
        uint16_t vid = be16_to_cpup((uint16_t *)(buf + 14));
565
        uint32_t vfta = le32_to_cpup((uint32_t *)(s->mac_reg + VFTA) +
566
                                     ((vid >> 5) & 0x7f));
567
        if ((vfta & (1 << (vid & 0x1f))) == 0)
568
            return 0;
569
    }
570

    
571
    if (rctl & E1000_RCTL_UPE)                        // promiscuous
572
        return 1;
573

    
574
    if ((buf[0] & 1) && (rctl & E1000_RCTL_MPE))        // promiscuous mcast
575
        return 1;
576

    
577
    if ((rctl & E1000_RCTL_BAM) && !memcmp(buf, bcast, sizeof bcast))
578
        return 1;
579

    
580
    for (rp = s->mac_reg + RA; rp < s->mac_reg + RA + 32; rp += 2) {
581
        if (!(rp[1] & E1000_RAH_AV))
582
            continue;
583
        ra[0] = cpu_to_le32(rp[0]);
584
        ra[1] = cpu_to_le32(rp[1]);
585
        if (!memcmp(buf, (uint8_t *)ra, 6)) {
586
            DBGOUT(RXFILTER,
587
                   "unicast match[%d]: %02x:%02x:%02x:%02x:%02x:%02x\n",
588
                   (int)(rp - s->mac_reg - RA)/2,
589
                   buf[0], buf[1], buf[2], buf[3], buf[4], buf[5]);
590
            return 1;
591
        }
592
    }
593
    DBGOUT(RXFILTER, "unicast mismatch: %02x:%02x:%02x:%02x:%02x:%02x\n",
594
           buf[0], buf[1], buf[2], buf[3], buf[4], buf[5]);
595

    
596
    f = mta_shift[(rctl >> E1000_RCTL_MO_SHIFT) & 3];
597
    f = (((buf[5] << 8) | buf[4]) >> f) & 0xfff;
598
    if (s->mac_reg[MTA + (f >> 5)] & (1 << (f & 0x1f)))
599
        return 1;
600
    DBGOUT(RXFILTER,
601
           "dropping, inexact filter mismatch: %02x:%02x:%02x:%02x:%02x:%02x MO %d MTA[%d] %x\n",
602
           buf[0], buf[1], buf[2], buf[3], buf[4], buf[5],
603
           (rctl >> E1000_RCTL_MO_SHIFT) & 3, f >> 5,
604
           s->mac_reg[MTA + (f >> 5)]);
605

    
606
    return 0;
607
}
608

    
609
static void
610
e1000_set_link_status(VLANClientState *nc)
611
{
612
    E1000State *s = DO_UPCAST(NICState, nc, nc)->opaque;
613
    uint32_t old_status = s->mac_reg[STATUS];
614

    
615
    if (nc->link_down)
616
        s->mac_reg[STATUS] &= ~E1000_STATUS_LU;
617
    else
618
        s->mac_reg[STATUS] |= E1000_STATUS_LU;
619

    
620
    if (s->mac_reg[STATUS] != old_status)
621
        set_ics(s, 0, E1000_ICR_LSC);
622
}
623

    
624
static int
625
e1000_can_receive(VLANClientState *nc)
626
{
627
    E1000State *s = DO_UPCAST(NICState, nc, nc)->opaque;
628

    
629
    return (s->mac_reg[RCTL] & E1000_RCTL_EN);
630
}
631

    
632
static ssize_t
633
e1000_receive(VLANClientState *nc, const uint8_t *buf, size_t size)
634
{
635
    E1000State *s = DO_UPCAST(NICState, nc, nc)->opaque;
636
    struct e1000_rx_desc desc;
637
    target_phys_addr_t base;
638
    unsigned int n, rdt;
639
    uint32_t rdh_start;
640
    uint16_t vlan_special = 0;
641
    uint8_t vlan_status = 0, vlan_offset = 0;
642
    uint8_t min_buf[MIN_BUF_SIZE];
643

    
644
    if (!(s->mac_reg[RCTL] & E1000_RCTL_EN))
645
        return -1;
646

    
647
    /* Pad to minimum Ethernet frame length */
648
    if (size < sizeof(min_buf)) {
649
        memcpy(min_buf, buf, size);
650
        memset(&min_buf[size], 0, sizeof(min_buf) - size);
651
        buf = min_buf;
652
        size = sizeof(min_buf);
653
    }
654

    
655
    if (size > s->rxbuf_size) {
656
        DBGOUT(RX, "packet too large for buffers (%lu > %d)\n",
657
               (unsigned long)size, s->rxbuf_size);
658
        return -1;
659
    }
660

    
661
    if (!receive_filter(s, buf, size))
662
        return size;
663

    
664
    if (vlan_enabled(s) && is_vlan_packet(s, buf)) {
665
        vlan_special = cpu_to_le16(be16_to_cpup((uint16_t *)(buf + 14)));
666
        memmove((uint8_t *)buf + 4, buf, 12);
667
        vlan_status = E1000_RXD_STAT_VP;
668
        vlan_offset = 4;
669
        size -= 4;
670
    }
671

    
672
    rdh_start = s->mac_reg[RDH];
673
    do {
674
        if (s->mac_reg[RDH] == s->mac_reg[RDT] && s->check_rxov) {
675
            set_ics(s, 0, E1000_ICS_RXO);
676
            return -1;
677
        }
678
        base = ((uint64_t)s->mac_reg[RDBAH] << 32) + s->mac_reg[RDBAL] +
679
               sizeof(desc) * s->mac_reg[RDH];
680
        cpu_physical_memory_read(base, (void *)&desc, sizeof(desc));
681
        desc.special = vlan_special;
682
        desc.status |= (vlan_status | E1000_RXD_STAT_DD);
683
        if (desc.buffer_addr) {
684
            cpu_physical_memory_write(le64_to_cpu(desc.buffer_addr),
685
                                      (void *)(buf + vlan_offset), size);
686
            desc.length = cpu_to_le16(size + fcs_len(s));
687
            desc.status |= E1000_RXD_STAT_EOP|E1000_RXD_STAT_IXSM;
688
        } else // as per intel docs; skip descriptors with null buf addr
689
            DBGOUT(RX, "Null RX descriptor!!\n");
690
        cpu_physical_memory_write(base, (void *)&desc, sizeof(desc));
691

    
692
        if (++s->mac_reg[RDH] * sizeof(desc) >= s->mac_reg[RDLEN])
693
            s->mac_reg[RDH] = 0;
694
        s->check_rxov = 1;
695
        /* see comment in start_xmit; same here */
696
        if (s->mac_reg[RDH] == rdh_start) {
697
            DBGOUT(RXERR, "RDH wraparound @%x, RDT %x, RDLEN %x\n",
698
                   rdh_start, s->mac_reg[RDT], s->mac_reg[RDLEN]);
699
            set_ics(s, 0, E1000_ICS_RXO);
700
            return -1;
701
        }
702
    } while (desc.buffer_addr == 0);
703

    
704
    s->mac_reg[GPRC]++;
705
    s->mac_reg[TPR]++;
706
    /* TOR - Total Octets Received:
707
     * This register includes bytes received in a packet from the <Destination
708
     * Address> field through the <CRC> field, inclusively.
709
     */
710
    n = s->mac_reg[TORL] + size + /* Always include FCS length. */ 4;
711
    if (n < s->mac_reg[TORL])
712
        s->mac_reg[TORH]++;
713
    s->mac_reg[TORL] = n;
714

    
715
    n = E1000_ICS_RXT0;
716
    if ((rdt = s->mac_reg[RDT]) < s->mac_reg[RDH])
717
        rdt += s->mac_reg[RDLEN] / sizeof(desc);
718
    if (((rdt - s->mac_reg[RDH]) * sizeof(desc)) <= s->mac_reg[RDLEN] >>
719
        s->rxbuf_min_shift)
720
        n |= E1000_ICS_RXDMT0;
721

    
722
    set_ics(s, 0, n);
723

    
724
    return size;
725
}
726

    
727
static uint32_t
728
mac_readreg(E1000State *s, int index)
729
{
730
    return s->mac_reg[index];
731
}
732

    
733
static uint32_t
734
mac_icr_read(E1000State *s, int index)
735
{
736
    uint32_t ret = s->mac_reg[ICR];
737

    
738
    DBGOUT(INTERRUPT, "ICR read: %x\n", ret);
739
    set_interrupt_cause(s, 0, 0);
740
    return ret;
741
}
742

    
743
static uint32_t
744
mac_read_clr4(E1000State *s, int index)
745
{
746
    uint32_t ret = s->mac_reg[index];
747

    
748
    s->mac_reg[index] = 0;
749
    return ret;
750
}
751

    
752
static uint32_t
753
mac_read_clr8(E1000State *s, int index)
754
{
755
    uint32_t ret = s->mac_reg[index];
756

    
757
    s->mac_reg[index] = 0;
758
    s->mac_reg[index-1] = 0;
759
    return ret;
760
}
761

    
762
static void
763
mac_writereg(E1000State *s, int index, uint32_t val)
764
{
765
    s->mac_reg[index] = val;
766
}
767

    
768
static void
769
set_rdt(E1000State *s, int index, uint32_t val)
770
{
771
    s->check_rxov = 0;
772
    s->mac_reg[index] = val & 0xffff;
773
}
774

    
775
static void
776
set_16bit(E1000State *s, int index, uint32_t val)
777
{
778
    s->mac_reg[index] = val & 0xffff;
779
}
780

    
781
static void
782
set_dlen(E1000State *s, int index, uint32_t val)
783
{
784
    s->mac_reg[index] = val & 0xfff80;
785
}
786

    
787
static void
788
set_tctl(E1000State *s, int index, uint32_t val)
789
{
790
    s->mac_reg[index] = val;
791
    s->mac_reg[TDT] &= 0xffff;
792
    start_xmit(s);
793
}
794

    
795
static void
796
set_icr(E1000State *s, int index, uint32_t val)
797
{
798
    DBGOUT(INTERRUPT, "set_icr %x\n", val);
799
    set_interrupt_cause(s, 0, s->mac_reg[ICR] & ~val);
800
}
801

    
802
static void
803
set_imc(E1000State *s, int index, uint32_t val)
804
{
805
    s->mac_reg[IMS] &= ~val;
806
    set_ics(s, 0, 0);
807
}
808

    
809
static void
810
set_ims(E1000State *s, int index, uint32_t val)
811
{
812
    s->mac_reg[IMS] |= val;
813
    set_ics(s, 0, 0);
814
}
815

    
816
#define getreg(x)        [x] = mac_readreg
817
static uint32_t (*macreg_readops[])(E1000State *, int) = {
818
    getreg(PBA),        getreg(RCTL),        getreg(TDH),        getreg(TXDCTL),
819
    getreg(WUFC),        getreg(TDT),        getreg(CTRL),        getreg(LEDCTL),
820
    getreg(MANC),        getreg(MDIC),        getreg(SWSM),        getreg(STATUS),
821
    getreg(TORL),        getreg(TOTL),        getreg(IMS),        getreg(TCTL),
822
    getreg(RDH),        getreg(RDT),        getreg(VET),        getreg(ICS),
823
    getreg(TDBAL),        getreg(TDBAH),        getreg(RDBAH),        getreg(RDBAL),
824
    getreg(TDLEN),        getreg(RDLEN),
825

    
826
    [TOTH] = mac_read_clr8,        [TORH] = mac_read_clr8,        [GPRC] = mac_read_clr4,
827
    [GPTC] = mac_read_clr4,        [TPR] = mac_read_clr4,        [TPT] = mac_read_clr4,
828
    [ICR] = mac_icr_read,        [EECD] = get_eecd,        [EERD] = flash_eerd_read,
829
    [CRCERRS ... MPC] = &mac_readreg,
830
    [RA ... RA+31] = &mac_readreg,
831
    [MTA ... MTA+127] = &mac_readreg,
832
    [VFTA ... VFTA+127] = &mac_readreg,
833
};
834
enum { NREADOPS = ARRAY_SIZE(macreg_readops) };
835

    
836
#define putreg(x)        [x] = mac_writereg
837
static void (*macreg_writeops[])(E1000State *, int, uint32_t) = {
838
    putreg(PBA),        putreg(EERD),        putreg(SWSM),        putreg(WUFC),
839
    putreg(TDBAL),        putreg(TDBAH),        putreg(TXDCTL),        putreg(RDBAH),
840
    putreg(RDBAL),        putreg(LEDCTL), putreg(VET),
841
    [TDLEN] = set_dlen,        [RDLEN] = set_dlen,        [TCTL] = set_tctl,
842
    [TDT] = set_tctl,        [MDIC] = set_mdic,        [ICS] = set_ics,
843
    [TDH] = set_16bit,        [RDH] = set_16bit,        [RDT] = set_rdt,
844
    [IMC] = set_imc,        [IMS] = set_ims,        [ICR] = set_icr,
845
    [EECD] = set_eecd,        [RCTL] = set_rx_control, [CTRL] = set_ctrl,
846
    [RA ... RA+31] = &mac_writereg,
847
    [MTA ... MTA+127] = &mac_writereg,
848
    [VFTA ... VFTA+127] = &mac_writereg,
849
};
850
enum { NWRITEOPS = ARRAY_SIZE(macreg_writeops) };
851

    
852
static void
853
e1000_mmio_writel(void *opaque, target_phys_addr_t addr, uint32_t val)
854
{
855
    E1000State *s = opaque;
856
    unsigned int index = (addr & 0x1ffff) >> 2;
857

    
858
#ifdef TARGET_WORDS_BIGENDIAN
859
    val = bswap32(val);
860
#endif
861
    if (index < NWRITEOPS && macreg_writeops[index])
862
        macreg_writeops[index](s, index, val);
863
    else if (index < NREADOPS && macreg_readops[index])
864
        DBGOUT(MMIO, "e1000_mmio_writel RO %x: 0x%04x\n", index<<2, val);
865
    else
866
        DBGOUT(UNKNOWN, "MMIO unknown write addr=0x%08x,val=0x%08x\n",
867
               index<<2, val);
868
}
869

    
870
static void
871
e1000_mmio_writew(void *opaque, target_phys_addr_t addr, uint32_t val)
872
{
873
    // emulate hw without byte enables: no RMW
874
    e1000_mmio_writel(opaque, addr & ~3,
875
                      (val & 0xffff) << (8*(addr & 3)));
876
}
877

    
878
static void
879
e1000_mmio_writeb(void *opaque, target_phys_addr_t addr, uint32_t val)
880
{
881
    // emulate hw without byte enables: no RMW
882
    e1000_mmio_writel(opaque, addr & ~3,
883
                      (val & 0xff) << (8*(addr & 3)));
884
}
885

    
886
static uint32_t
887
e1000_mmio_readl(void *opaque, target_phys_addr_t addr)
888
{
889
    E1000State *s = opaque;
890
    unsigned int index = (addr & 0x1ffff) >> 2;
891

    
892
    if (index < NREADOPS && macreg_readops[index])
893
    {
894
        uint32_t val = macreg_readops[index](s, index);
895
#ifdef TARGET_WORDS_BIGENDIAN
896
        val = bswap32(val);
897
#endif
898
        return val;
899
    }
900
    DBGOUT(UNKNOWN, "MMIO unknown read addr=0x%08x\n", index<<2);
901
    return 0;
902
}
903

    
904
static uint32_t
905
e1000_mmio_readb(void *opaque, target_phys_addr_t addr)
906
{
907
    return ((e1000_mmio_readl(opaque, addr & ~3)) >>
908
            (8 * (addr & 3))) & 0xff;
909
}
910

    
911
static uint32_t
912
e1000_mmio_readw(void *opaque, target_phys_addr_t addr)
913
{
914
    return ((e1000_mmio_readl(opaque, addr & ~3)) >>
915
            (8 * (addr & 3))) & 0xffff;
916
}
917

    
918
static bool is_version_1(void *opaque, int version_id)
919
{
920
    return version_id == 1;
921
}
922

    
923
static const VMStateDescription vmstate_e1000 = {
924
    .name = "e1000",
925
    .version_id = 2,
926
    .minimum_version_id = 1,
927
    .minimum_version_id_old = 1,
928
    .fields      = (VMStateField []) {
929
        VMSTATE_PCI_DEVICE(dev, E1000State),
930
        VMSTATE_UNUSED_TEST(is_version_1, 4), /* was instance id */
931
        VMSTATE_UNUSED(4), /* Was mmio_base.  */
932
        VMSTATE_UINT32(rxbuf_size, E1000State),
933
        VMSTATE_UINT32(rxbuf_min_shift, E1000State),
934
        VMSTATE_UINT32(eecd_state.val_in, E1000State),
935
        VMSTATE_UINT16(eecd_state.bitnum_in, E1000State),
936
        VMSTATE_UINT16(eecd_state.bitnum_out, E1000State),
937
        VMSTATE_UINT16(eecd_state.reading, E1000State),
938
        VMSTATE_UINT32(eecd_state.old_eecd, E1000State),
939
        VMSTATE_UINT8(tx.ipcss, E1000State),
940
        VMSTATE_UINT8(tx.ipcso, E1000State),
941
        VMSTATE_UINT16(tx.ipcse, E1000State),
942
        VMSTATE_UINT8(tx.tucss, E1000State),
943
        VMSTATE_UINT8(tx.tucso, E1000State),
944
        VMSTATE_UINT16(tx.tucse, E1000State),
945
        VMSTATE_UINT32(tx.paylen, E1000State),
946
        VMSTATE_UINT8(tx.hdr_len, E1000State),
947
        VMSTATE_UINT16(tx.mss, E1000State),
948
        VMSTATE_UINT16(tx.size, E1000State),
949
        VMSTATE_UINT16(tx.tso_frames, E1000State),
950
        VMSTATE_UINT8(tx.sum_needed, E1000State),
951
        VMSTATE_INT8(tx.ip, E1000State),
952
        VMSTATE_INT8(tx.tcp, E1000State),
953
        VMSTATE_BUFFER(tx.header, E1000State),
954
        VMSTATE_BUFFER(tx.data, E1000State),
955
        VMSTATE_UINT16_ARRAY(eeprom_data, E1000State, 64),
956
        VMSTATE_UINT16_ARRAY(phy_reg, E1000State, 0x20),
957
        VMSTATE_UINT32(mac_reg[CTRL], E1000State),
958
        VMSTATE_UINT32(mac_reg[EECD], E1000State),
959
        VMSTATE_UINT32(mac_reg[EERD], E1000State),
960
        VMSTATE_UINT32(mac_reg[GPRC], E1000State),
961
        VMSTATE_UINT32(mac_reg[GPTC], E1000State),
962
        VMSTATE_UINT32(mac_reg[ICR], E1000State),
963
        VMSTATE_UINT32(mac_reg[ICS], E1000State),
964
        VMSTATE_UINT32(mac_reg[IMC], E1000State),
965
        VMSTATE_UINT32(mac_reg[IMS], E1000State),
966
        VMSTATE_UINT32(mac_reg[LEDCTL], E1000State),
967
        VMSTATE_UINT32(mac_reg[MANC], E1000State),
968
        VMSTATE_UINT32(mac_reg[MDIC], E1000State),
969
        VMSTATE_UINT32(mac_reg[MPC], E1000State),
970
        VMSTATE_UINT32(mac_reg[PBA], E1000State),
971
        VMSTATE_UINT32(mac_reg[RCTL], E1000State),
972
        VMSTATE_UINT32(mac_reg[RDBAH], E1000State),
973
        VMSTATE_UINT32(mac_reg[RDBAL], E1000State),
974
        VMSTATE_UINT32(mac_reg[RDH], E1000State),
975
        VMSTATE_UINT32(mac_reg[RDLEN], E1000State),
976
        VMSTATE_UINT32(mac_reg[RDT], E1000State),
977
        VMSTATE_UINT32(mac_reg[STATUS], E1000State),
978
        VMSTATE_UINT32(mac_reg[SWSM], E1000State),
979
        VMSTATE_UINT32(mac_reg[TCTL], E1000State),
980
        VMSTATE_UINT32(mac_reg[TDBAH], E1000State),
981
        VMSTATE_UINT32(mac_reg[TDBAL], E1000State),
982
        VMSTATE_UINT32(mac_reg[TDH], E1000State),
983
        VMSTATE_UINT32(mac_reg[TDLEN], E1000State),
984
        VMSTATE_UINT32(mac_reg[TDT], E1000State),
985
        VMSTATE_UINT32(mac_reg[TORH], E1000State),
986
        VMSTATE_UINT32(mac_reg[TORL], E1000State),
987
        VMSTATE_UINT32(mac_reg[TOTH], E1000State),
988
        VMSTATE_UINT32(mac_reg[TOTL], E1000State),
989
        VMSTATE_UINT32(mac_reg[TPR], E1000State),
990
        VMSTATE_UINT32(mac_reg[TPT], E1000State),
991
        VMSTATE_UINT32(mac_reg[TXDCTL], E1000State),
992
        VMSTATE_UINT32(mac_reg[WUFC], E1000State),
993
        VMSTATE_UINT32(mac_reg[VET], E1000State),
994
        VMSTATE_UINT32_SUB_ARRAY(mac_reg, E1000State, RA, 32),
995
        VMSTATE_UINT32_SUB_ARRAY(mac_reg, E1000State, MTA, 128),
996
        VMSTATE_UINT32_SUB_ARRAY(mac_reg, E1000State, VFTA, 128),
997
        VMSTATE_END_OF_LIST()
998
    }
999
};
1000

    
1001
static const uint16_t e1000_eeprom_template[64] = {
1002
    0x0000, 0x0000, 0x0000, 0x0000,      0xffff, 0x0000,      0x0000, 0x0000,
1003
    0x3000, 0x1000, 0x6403, E1000_DEVID, 0x8086, E1000_DEVID, 0x8086, 0x3040,
1004
    0x0008, 0x2000, 0x7e14, 0x0048,      0x1000, 0x00d8,      0x0000, 0x2700,
1005
    0x6cc9, 0x3150, 0x0722, 0x040b,      0x0984, 0x0000,      0xc000, 0x0706,
1006
    0x1008, 0x0000, 0x0f04, 0x7fff,      0x4d01, 0xffff,      0xffff, 0xffff,
1007
    0xffff, 0xffff, 0xffff, 0xffff,      0xffff, 0xffff,      0xffff, 0xffff,
1008
    0x0100, 0x4000, 0x121c, 0xffff,      0xffff, 0xffff,      0xffff, 0xffff,
1009
    0xffff, 0xffff, 0xffff, 0xffff,      0xffff, 0xffff,      0xffff, 0x0000,
1010
};
1011

    
1012
static const uint16_t phy_reg_init[] = {
1013
    [PHY_CTRL] = 0x1140,                        [PHY_STATUS] = 0x796d, // link initially up
1014
    [PHY_ID1] = 0x141,                                [PHY_ID2] = PHY_ID2_INIT,
1015
    [PHY_1000T_CTRL] = 0x0e00,                        [M88E1000_PHY_SPEC_CTRL] = 0x360,
1016
    [M88E1000_EXT_PHY_SPEC_CTRL] = 0x0d60,        [PHY_AUTONEG_ADV] = 0xde1,
1017
    [PHY_LP_ABILITY] = 0x1e0,                        [PHY_1000T_STATUS] = 0x3c00,
1018
    [M88E1000_PHY_SPEC_STATUS] = 0xac00,
1019
};
1020

    
1021
static const uint32_t mac_reg_init[] = {
1022
    [PBA] =     0x00100030,
1023
    [LEDCTL] =  0x602,
1024
    [CTRL] =    E1000_CTRL_SWDPIN2 | E1000_CTRL_SWDPIN0 |
1025
                E1000_CTRL_SPD_1000 | E1000_CTRL_SLU,
1026
    [STATUS] =  0x80000000 | E1000_STATUS_GIO_MASTER_ENABLE |
1027
                E1000_STATUS_ASDV | E1000_STATUS_MTXCKOK |
1028
                E1000_STATUS_SPEED_1000 | E1000_STATUS_FD |
1029
                E1000_STATUS_LU,
1030
    [MANC] =    E1000_MANC_EN_MNG2HOST | E1000_MANC_RCV_TCO_EN |
1031
                E1000_MANC_ARP_EN | E1000_MANC_0298_EN |
1032
                E1000_MANC_RMCP_EN,
1033
};
1034

    
1035
/* PCI interface */
1036

    
1037
static CPUWriteMemoryFunc * const e1000_mmio_write[] = {
1038
    e1000_mmio_writeb,        e1000_mmio_writew,        e1000_mmio_writel
1039
};
1040

    
1041
static CPUReadMemoryFunc * const e1000_mmio_read[] = {
1042
    e1000_mmio_readb,        e1000_mmio_readw,        e1000_mmio_readl
1043
};
1044

    
1045
static void
1046
e1000_mmio_map(PCIDevice *pci_dev, int region_num,
1047
                pcibus_t addr, pcibus_t size, int type)
1048
{
1049
    E1000State *d = DO_UPCAST(E1000State, dev, pci_dev);
1050
    int i;
1051
    const uint32_t excluded_regs[] = {
1052
        E1000_MDIC, E1000_ICR, E1000_ICS, E1000_IMS,
1053
        E1000_IMC, E1000_TCTL, E1000_TDT, PNPMMIO_SIZE
1054
    };
1055

    
1056

    
1057
    DBGOUT(MMIO, "e1000_mmio_map addr=0x%08"FMT_PCIBUS" 0x%08"FMT_PCIBUS"\n",
1058
           addr, size);
1059

    
1060
    cpu_register_physical_memory(addr, PNPMMIO_SIZE, d->mmio_index);
1061
    qemu_register_coalesced_mmio(addr, excluded_regs[0]);
1062

    
1063
    for (i = 0; excluded_regs[i] != PNPMMIO_SIZE; i++)
1064
        qemu_register_coalesced_mmio(addr + excluded_regs[i] + 4,
1065
                                     excluded_regs[i + 1] -
1066
                                     excluded_regs[i] - 4);
1067
}
1068

    
1069
static void
1070
e1000_cleanup(VLANClientState *nc)
1071
{
1072
    E1000State *s = DO_UPCAST(NICState, nc, nc)->opaque;
1073

    
1074
    s->nic = NULL;
1075
}
1076

    
1077
static int
1078
pci_e1000_uninit(PCIDevice *dev)
1079
{
1080
    E1000State *d = DO_UPCAST(E1000State, dev, dev);
1081

    
1082
    cpu_unregister_io_memory(d->mmio_index);
1083
    qemu_del_vlan_client(&d->nic->nc);
1084
    return 0;
1085
}
1086

    
1087
static void e1000_reset(void *opaque)
1088
{
1089
    E1000State *d = opaque;
1090

    
1091
    memset(d->phy_reg, 0, sizeof d->phy_reg);
1092
    memmove(d->phy_reg, phy_reg_init, sizeof phy_reg_init);
1093
    memset(d->mac_reg, 0, sizeof d->mac_reg);
1094
    memmove(d->mac_reg, mac_reg_init, sizeof mac_reg_init);
1095
    d->rxbuf_min_shift = 1;
1096
    memset(&d->tx, 0, sizeof d->tx);
1097
}
1098

    
1099
static NetClientInfo net_e1000_info = {
1100
    .type = NET_CLIENT_TYPE_NIC,
1101
    .size = sizeof(NICState),
1102
    .can_receive = e1000_can_receive,
1103
    .receive = e1000_receive,
1104
    .cleanup = e1000_cleanup,
1105
    .link_status_changed = e1000_set_link_status,
1106
};
1107

    
1108
static int pci_e1000_init(PCIDevice *pci_dev)
1109
{
1110
    E1000State *d = DO_UPCAST(E1000State, dev, pci_dev);
1111
    uint8_t *pci_conf;
1112
    uint16_t checksum = 0;
1113
    int i;
1114
    uint8_t *macaddr;
1115

    
1116
    pci_conf = d->dev.config;
1117

    
1118
    pci_config_set_vendor_id(pci_conf, PCI_VENDOR_ID_INTEL);
1119
    pci_config_set_device_id(pci_conf, E1000_DEVID);
1120
    /* TODO: we have no capabilities, so why is this bit set? */
1121
    pci_set_word(pci_conf + PCI_STATUS, PCI_STATUS_CAP_LIST);
1122
    pci_conf[PCI_REVISION_ID] = 0x03;
1123
    pci_config_set_class(pci_conf, PCI_CLASS_NETWORK_ETHERNET);
1124
    /* TODO: RST# value should be 0, PCI spec 6.2.4 */
1125
    pci_conf[PCI_CACHE_LINE_SIZE] = 0x10;
1126

    
1127
    /* TODO: RST# value should be 0 if programmable, PCI spec 6.2.4 */
1128
    pci_conf[PCI_INTERRUPT_PIN] = 1; // interrupt pin 0
1129

    
1130
    d->mmio_index = cpu_register_io_memory(e1000_mmio_read,
1131
            e1000_mmio_write, d);
1132

    
1133
    pci_register_bar((PCIDevice *)d, 0, PNPMMIO_SIZE,
1134
                           PCI_BASE_ADDRESS_SPACE_MEMORY, e1000_mmio_map);
1135

    
1136
    pci_register_bar((PCIDevice *)d, 1, IOPORT_SIZE,
1137
                           PCI_BASE_ADDRESS_SPACE_IO, ioport_map);
1138

    
1139
    memmove(d->eeprom_data, e1000_eeprom_template,
1140
        sizeof e1000_eeprom_template);
1141
    qemu_macaddr_default_if_unset(&d->conf.macaddr);
1142
    macaddr = d->conf.macaddr.a;
1143
    for (i = 0; i < 3; i++)
1144
        d->eeprom_data[i] = (macaddr[2*i+1]<<8) | macaddr[2*i];
1145
    for (i = 0; i < EEPROM_CHECKSUM_REG; i++)
1146
        checksum += d->eeprom_data[i];
1147
    checksum = (uint16_t) EEPROM_SUM - checksum;
1148
    d->eeprom_data[EEPROM_CHECKSUM_REG] = checksum;
1149

    
1150
    d->nic = qemu_new_nic(&net_e1000_info, &d->conf,
1151
                          d->dev.qdev.info->name, d->dev.qdev.id, d);
1152

    
1153
    qemu_format_nic_info_str(&d->nic->nc, macaddr);
1154
    return 0;
1155
}
1156

    
1157
static void qdev_e1000_reset(DeviceState *dev)
1158
{
1159
    E1000State *d = DO_UPCAST(E1000State, dev.qdev, dev);
1160
    e1000_reset(d);
1161
}
1162

    
1163
static PCIDeviceInfo e1000_info = {
1164
    .qdev.name  = "e1000",
1165
    .qdev.desc  = "Intel Gigabit Ethernet",
1166
    .qdev.size  = sizeof(E1000State),
1167
    .qdev.reset = qdev_e1000_reset,
1168
    .qdev.vmsd  = &vmstate_e1000,
1169
    .init       = pci_e1000_init,
1170
    .exit       = pci_e1000_uninit,
1171
    .romfile    = "pxe-e1000.bin",
1172
    .qdev.props = (Property[]) {
1173
        DEFINE_NIC_PROPERTIES(E1000State, conf),
1174
        DEFINE_PROP_END_OF_LIST(),
1175
    }
1176
};
1177

    
1178
static void e1000_register_devices(void)
1179
{
1180
    pci_qdev_register(&e1000_info);
1181
}
1182

    
1183
device_init(e1000_register_devices)