Statistics
| Branch: | Revision:

root / hw / e1000.c @ 43ad7e3e

History | View | Annotate | Download (38.1 kB)

1
/*
2
 * QEMU e1000 emulation
3
 *
4
 * Software developer's manual:
5
 * http://download.intel.com/design/network/manuals/8254x_GBe_SDM.pdf
6
 *
7
 * Nir Peleg, Tutis Systems Ltd. for Qumranet Inc.
8
 * Copyright (c) 2008 Qumranet
9
 * Based on work done by:
10
 * Copyright (c) 2007 Dan Aloni
11
 * Copyright (c) 2004 Antony T Curtis
12
 *
13
 * This library is free software; you can redistribute it and/or
14
 * modify it under the terms of the GNU Lesser General Public
15
 * License as published by the Free Software Foundation; either
16
 * version 2 of the License, or (at your option) any later version.
17
 *
18
 * This library is distributed in the hope that it will be useful,
19
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
20
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
21
 * Lesser General Public License for more details.
22
 *
23
 * You should have received a copy of the GNU Lesser General Public
24
 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
25
 */
26

    
27

    
28
#include "hw.h"
29
#include "pci.h"
30
#include "net.h"
31
#include "net/checksum.h"
32
#include "loader.h"
33

    
34
#include "e1000_hw.h"
35

    
36
#define E1000_DEBUG
37

    
38
#ifdef E1000_DEBUG
39
enum {
40
    DEBUG_GENERAL,        DEBUG_IO,        DEBUG_MMIO,        DEBUG_INTERRUPT,
41
    DEBUG_RX,                DEBUG_TX,        DEBUG_MDIC,        DEBUG_EEPROM,
42
    DEBUG_UNKNOWN,        DEBUG_TXSUM,        DEBUG_TXERR,        DEBUG_RXERR,
43
    DEBUG_RXFILTER,        DEBUG_NOTYET,
44
};
45
#define DBGBIT(x)        (1<<DEBUG_##x)
46
static int debugflags = DBGBIT(TXERR) | DBGBIT(GENERAL);
47

    
48
#define        DBGOUT(what, fmt, ...) do { \
49
    if (debugflags & DBGBIT(what)) \
50
        fprintf(stderr, "e1000: " fmt, ## __VA_ARGS__); \
51
    } while (0)
52
#else
53
#define        DBGOUT(what, fmt, ...) do {} while (0)
54
#endif
55

    
56
#define IOPORT_SIZE       0x40
57
#define PNPMMIO_SIZE      0x20000
58
#define MIN_BUF_SIZE      60 /* Min. octets in an ethernet frame sans FCS */
59

    
60
/*
61
 * HW models:
62
 *  E1000_DEV_ID_82540EM works with Windows and Linux
63
 *  E1000_DEV_ID_82573L OK with windoze and Linux 2.6.22,
64
 *        appears to perform better than 82540EM, but breaks with Linux 2.6.18
65
 *  E1000_DEV_ID_82544GC_COPPER appears to work; not well tested
66
 *  Others never tested
67
 */
68
enum { E1000_DEVID = E1000_DEV_ID_82540EM };
69

    
70
/*
71
 * May need to specify additional MAC-to-PHY entries --
72
 * Intel's Windows driver refuses to initialize unless they match
73
 */
74
enum {
75
    PHY_ID2_INIT = E1000_DEVID == E1000_DEV_ID_82573L ?                0xcc2 :
76
                   E1000_DEVID == E1000_DEV_ID_82544GC_COPPER ?        0xc30 :
77
                   /* default to E1000_DEV_ID_82540EM */        0xc20
78
};
79

    
80
typedef struct E1000State_st {
81
    PCIDevice dev;
82
    NICState *nic;
83
    NICConf conf;
84
    int mmio_index;
85

    
86
    uint32_t mac_reg[0x8000];
87
    uint16_t phy_reg[0x20];
88
    uint16_t eeprom_data[64];
89

    
90
    uint32_t rxbuf_size;
91
    uint32_t rxbuf_min_shift;
92
    int check_rxov;
93
    struct e1000_tx {
94
        unsigned char header[256];
95
        unsigned char vlan_header[4];
96
        /* Fields vlan and data must not be reordered or separated. */
97
        unsigned char vlan[4];
98
        unsigned char data[0x10000];
99
        uint16_t size;
100
        unsigned char sum_needed;
101
        unsigned char vlan_needed;
102
        uint8_t ipcss;
103
        uint8_t ipcso;
104
        uint16_t ipcse;
105
        uint8_t tucss;
106
        uint8_t tucso;
107
        uint16_t tucse;
108
        uint8_t hdr_len;
109
        uint16_t mss;
110
        uint32_t paylen;
111
        uint16_t tso_frames;
112
        char tse;
113
        int8_t ip;
114
        int8_t tcp;
115
        char cptse;     // current packet tse bit
116
    } tx;
117

    
118
    struct {
119
        uint32_t val_in;        // shifted in from guest driver
120
        uint16_t bitnum_in;
121
        uint16_t bitnum_out;
122
        uint16_t reading;
123
        uint32_t old_eecd;
124
    } eecd_state;
125
} E1000State;
126

    
127
#define        defreg(x)        x = (E1000_##x>>2)
128
enum {
129
    defreg(CTRL),        defreg(EECD),        defreg(EERD),        defreg(GPRC),
130
    defreg(GPTC),        defreg(ICR),        defreg(ICS),        defreg(IMC),
131
    defreg(IMS),        defreg(LEDCTL),        defreg(MANC),        defreg(MDIC),
132
    defreg(MPC),        defreg(PBA),        defreg(RCTL),        defreg(RDBAH),
133
    defreg(RDBAL),        defreg(RDH),        defreg(RDLEN),        defreg(RDT),
134
    defreg(STATUS),        defreg(SWSM),        defreg(TCTL),        defreg(TDBAH),
135
    defreg(TDBAL),        defreg(TDH),        defreg(TDLEN),        defreg(TDT),
136
    defreg(TORH),        defreg(TORL),        defreg(TOTH),        defreg(TOTL),
137
    defreg(TPR),        defreg(TPT),        defreg(TXDCTL),        defreg(WUFC),
138
    defreg(RA),                defreg(MTA),        defreg(CRCERRS),defreg(VFTA),
139
    defreg(VET),
140
};
141

    
142
enum { PHY_R = 1, PHY_W = 2, PHY_RW = PHY_R | PHY_W };
143
static const char phy_regcap[0x20] = {
144
    [PHY_STATUS] = PHY_R,        [M88E1000_EXT_PHY_SPEC_CTRL] = PHY_RW,
145
    [PHY_ID1] = PHY_R,                [M88E1000_PHY_SPEC_CTRL] = PHY_RW,
146
    [PHY_CTRL] = PHY_RW,        [PHY_1000T_CTRL] = PHY_RW,
147
    [PHY_LP_ABILITY] = PHY_R,        [PHY_1000T_STATUS] = PHY_R,
148
    [PHY_AUTONEG_ADV] = PHY_RW,        [M88E1000_RX_ERR_CNTR] = PHY_R,
149
    [PHY_ID2] = PHY_R,                [M88E1000_PHY_SPEC_STATUS] = PHY_R
150
};
151

    
152
static void
153
ioport_map(PCIDevice *pci_dev, int region_num, pcibus_t addr,
154
           pcibus_t size, int type)
155
{
156
    DBGOUT(IO, "e1000_ioport_map addr=0x%04"FMT_PCIBUS
157
           " size=0x%08"FMT_PCIBUS"\n", addr, size);
158
}
159

    
160
static void
161
set_interrupt_cause(E1000State *s, int index, uint32_t val)
162
{
163
    if (val)
164
        val |= E1000_ICR_INT_ASSERTED;
165
    s->mac_reg[ICR] = val;
166
    s->mac_reg[ICS] = val;
167
    qemu_set_irq(s->dev.irq[0], (s->mac_reg[IMS] & s->mac_reg[ICR]) != 0);
168
}
169

    
170
static void
171
set_ics(E1000State *s, int index, uint32_t val)
172
{
173
    DBGOUT(INTERRUPT, "set_ics %x, ICR %x, IMR %x\n", val, s->mac_reg[ICR],
174
        s->mac_reg[IMS]);
175
    set_interrupt_cause(s, 0, val | s->mac_reg[ICR]);
176
}
177

    
178
static int
179
rxbufsize(uint32_t v)
180
{
181
    v &= E1000_RCTL_BSEX | E1000_RCTL_SZ_16384 | E1000_RCTL_SZ_8192 |
182
         E1000_RCTL_SZ_4096 | E1000_RCTL_SZ_2048 | E1000_RCTL_SZ_1024 |
183
         E1000_RCTL_SZ_512 | E1000_RCTL_SZ_256;
184
    switch (v) {
185
    case E1000_RCTL_BSEX | E1000_RCTL_SZ_16384:
186
        return 16384;
187
    case E1000_RCTL_BSEX | E1000_RCTL_SZ_8192:
188
        return 8192;
189
    case E1000_RCTL_BSEX | E1000_RCTL_SZ_4096:
190
        return 4096;
191
    case E1000_RCTL_SZ_1024:
192
        return 1024;
193
    case E1000_RCTL_SZ_512:
194
        return 512;
195
    case E1000_RCTL_SZ_256:
196
        return 256;
197
    }
198
    return 2048;
199
}
200

    
201
static void
202
set_ctrl(E1000State *s, int index, uint32_t val)
203
{
204
    /* RST is self clearing */
205
    s->mac_reg[CTRL] = val & ~E1000_CTRL_RST;
206
}
207

    
208
static void
209
set_rx_control(E1000State *s, int index, uint32_t val)
210
{
211
    s->mac_reg[RCTL] = val;
212
    s->rxbuf_size = rxbufsize(val);
213
    s->rxbuf_min_shift = ((val / E1000_RCTL_RDMTS_QUAT) & 3) + 1;
214
    DBGOUT(RX, "RCTL: %d, mac_reg[RCTL] = 0x%x\n", s->mac_reg[RDT],
215
           s->mac_reg[RCTL]);
216
}
217

    
218
static void
219
set_mdic(E1000State *s, int index, uint32_t val)
220
{
221
    uint32_t data = val & E1000_MDIC_DATA_MASK;
222
    uint32_t addr = ((val & E1000_MDIC_REG_MASK) >> E1000_MDIC_REG_SHIFT);
223

    
224
    if ((val & E1000_MDIC_PHY_MASK) >> E1000_MDIC_PHY_SHIFT != 1) // phy #
225
        val = s->mac_reg[MDIC] | E1000_MDIC_ERROR;
226
    else if (val & E1000_MDIC_OP_READ) {
227
        DBGOUT(MDIC, "MDIC read reg 0x%x\n", addr);
228
        if (!(phy_regcap[addr] & PHY_R)) {
229
            DBGOUT(MDIC, "MDIC read reg %x unhandled\n", addr);
230
            val |= E1000_MDIC_ERROR;
231
        } else
232
            val = (val ^ data) | s->phy_reg[addr];
233
    } else if (val & E1000_MDIC_OP_WRITE) {
234
        DBGOUT(MDIC, "MDIC write reg 0x%x, value 0x%x\n", addr, data);
235
        if (!(phy_regcap[addr] & PHY_W)) {
236
            DBGOUT(MDIC, "MDIC write reg %x unhandled\n", addr);
237
            val |= E1000_MDIC_ERROR;
238
        } else
239
            s->phy_reg[addr] = data;
240
    }
241
    s->mac_reg[MDIC] = val | E1000_MDIC_READY;
242
    set_ics(s, 0, E1000_ICR_MDAC);
243
}
244

    
245
static uint32_t
246
get_eecd(E1000State *s, int index)
247
{
248
    uint32_t ret = E1000_EECD_PRES|E1000_EECD_GNT | s->eecd_state.old_eecd;
249

    
250
    DBGOUT(EEPROM, "reading eeprom bit %d (reading %d)\n",
251
           s->eecd_state.bitnum_out, s->eecd_state.reading);
252
    if (!s->eecd_state.reading ||
253
        ((s->eeprom_data[(s->eecd_state.bitnum_out >> 4) & 0x3f] >>
254
          ((s->eecd_state.bitnum_out & 0xf) ^ 0xf))) & 1)
255
        ret |= E1000_EECD_DO;
256
    return ret;
257
}
258

    
259
static void
260
set_eecd(E1000State *s, int index, uint32_t val)
261
{
262
    uint32_t oldval = s->eecd_state.old_eecd;
263

    
264
    s->eecd_state.old_eecd = val & (E1000_EECD_SK | E1000_EECD_CS |
265
            E1000_EECD_DI|E1000_EECD_FWE_MASK|E1000_EECD_REQ);
266
    if (!(E1000_EECD_CS & val))                        // CS inactive; nothing to do
267
        return;
268
    if (E1000_EECD_CS & (val ^ oldval)) {        // CS rise edge; reset state
269
        s->eecd_state.val_in = 0;
270
        s->eecd_state.bitnum_in = 0;
271
        s->eecd_state.bitnum_out = 0;
272
        s->eecd_state.reading = 0;
273
    }
274
    if (!(E1000_EECD_SK & (val ^ oldval)))        // no clock edge
275
        return;
276
    if (!(E1000_EECD_SK & val)) {                // falling edge
277
        s->eecd_state.bitnum_out++;
278
        return;
279
    }
280
    s->eecd_state.val_in <<= 1;
281
    if (val & E1000_EECD_DI)
282
        s->eecd_state.val_in |= 1;
283
    if (++s->eecd_state.bitnum_in == 9 && !s->eecd_state.reading) {
284
        s->eecd_state.bitnum_out = ((s->eecd_state.val_in & 0x3f)<<4)-1;
285
        s->eecd_state.reading = (((s->eecd_state.val_in >> 6) & 7) ==
286
            EEPROM_READ_OPCODE_MICROWIRE);
287
    }
288
    DBGOUT(EEPROM, "eeprom bitnum in %d out %d, reading %d\n",
289
           s->eecd_state.bitnum_in, s->eecd_state.bitnum_out,
290
           s->eecd_state.reading);
291
}
292

    
293
static uint32_t
294
flash_eerd_read(E1000State *s, int x)
295
{
296
    unsigned int index, r = s->mac_reg[EERD] & ~E1000_EEPROM_RW_REG_START;
297

    
298
    if ((s->mac_reg[EERD] & E1000_EEPROM_RW_REG_START) == 0)
299
        return (s->mac_reg[EERD]);
300

    
301
    if ((index = r >> E1000_EEPROM_RW_ADDR_SHIFT) > EEPROM_CHECKSUM_REG)
302
        return (E1000_EEPROM_RW_REG_DONE | r);
303

    
304
    return ((s->eeprom_data[index] << E1000_EEPROM_RW_REG_DATA) |
305
           E1000_EEPROM_RW_REG_DONE | r);
306
}
307

    
308
static void
309
putsum(uint8_t *data, uint32_t n, uint32_t sloc, uint32_t css, uint32_t cse)
310
{
311
    uint32_t sum;
312

    
313
    if (cse && cse < n)
314
        n = cse + 1;
315
    if (sloc < n-1) {
316
        sum = net_checksum_add(n-css, data+css);
317
        cpu_to_be16wu((uint16_t *)(data + sloc),
318
                      net_checksum_finish(sum));
319
    }
320
}
321

    
322
static inline int
323
vlan_enabled(E1000State *s)
324
{
325
    return ((s->mac_reg[CTRL] & E1000_CTRL_VME) != 0);
326
}
327

    
328
static inline int
329
vlan_rx_filter_enabled(E1000State *s)
330
{
331
    return ((s->mac_reg[RCTL] & E1000_RCTL_VFE) != 0);
332
}
333

    
334
static inline int
335
is_vlan_packet(E1000State *s, const uint8_t *buf)
336
{
337
    return (be16_to_cpup((uint16_t *)(buf + 12)) ==
338
                le16_to_cpup((uint16_t *)(s->mac_reg + VET)));
339
}
340

    
341
static inline int
342
is_vlan_txd(uint32_t txd_lower)
343
{
344
    return ((txd_lower & E1000_TXD_CMD_VLE) != 0);
345
}
346

    
347
/* FCS aka Ethernet CRC-32. We don't get it from backends and can't
348
 * fill it in, just pad descriptor length by 4 bytes unless guest
349
 * told us to strip it off the packet. */
350
static inline int
351
fcs_len(E1000State *s)
352
{
353
    return (s->mac_reg[RCTL] & E1000_RCTL_SECRC) ? 0 : 4;
354
}
355

    
356
static void
357
xmit_seg(E1000State *s)
358
{
359
    uint16_t len, *sp;
360
    unsigned int frames = s->tx.tso_frames, css, sofar, n;
361
    struct e1000_tx *tp = &s->tx;
362

    
363
    if (tp->tse && tp->cptse) {
364
        css = tp->ipcss;
365
        DBGOUT(TXSUM, "frames %d size %d ipcss %d\n",
366
               frames, tp->size, css);
367
        if (tp->ip) {                // IPv4
368
            cpu_to_be16wu((uint16_t *)(tp->data+css+2),
369
                          tp->size - css);
370
            cpu_to_be16wu((uint16_t *)(tp->data+css+4),
371
                          be16_to_cpup((uint16_t *)(tp->data+css+4))+frames);
372
        } else                        // IPv6
373
            cpu_to_be16wu((uint16_t *)(tp->data+css+4),
374
                          tp->size - css);
375
        css = tp->tucss;
376
        len = tp->size - css;
377
        DBGOUT(TXSUM, "tcp %d tucss %d len %d\n", tp->tcp, css, len);
378
        if (tp->tcp) {
379
            sofar = frames * tp->mss;
380
            cpu_to_be32wu((uint32_t *)(tp->data+css+4),        // seq
381
                be32_to_cpupu((uint32_t *)(tp->data+css+4))+sofar);
382
            if (tp->paylen - sofar > tp->mss)
383
                tp->data[css + 13] &= ~9;                // PSH, FIN
384
        } else        // UDP
385
            cpu_to_be16wu((uint16_t *)(tp->data+css+4), len);
386
        if (tp->sum_needed & E1000_TXD_POPTS_TXSM) {
387
            unsigned int phsum;
388
            // add pseudo-header length before checksum calculation
389
            sp = (uint16_t *)(tp->data + tp->tucso);
390
            phsum = be16_to_cpup(sp) + len;
391
            phsum = (phsum >> 16) + (phsum & 0xffff);
392
            cpu_to_be16wu(sp, phsum);
393
        }
394
        tp->tso_frames++;
395
    }
396

    
397
    if (tp->sum_needed & E1000_TXD_POPTS_TXSM)
398
        putsum(tp->data, tp->size, tp->tucso, tp->tucss, tp->tucse);
399
    if (tp->sum_needed & E1000_TXD_POPTS_IXSM)
400
        putsum(tp->data, tp->size, tp->ipcso, tp->ipcss, tp->ipcse);
401
    if (tp->vlan_needed) {
402
        memmove(tp->vlan, tp->data, 4);
403
        memmove(tp->data, tp->data + 4, 8);
404
        memcpy(tp->data + 8, tp->vlan_header, 4);
405
        qemu_send_packet(&s->nic->nc, tp->vlan, tp->size + 4);
406
    } else
407
        qemu_send_packet(&s->nic->nc, tp->data, tp->size);
408
    s->mac_reg[TPT]++;
409
    s->mac_reg[GPTC]++;
410
    n = s->mac_reg[TOTL];
411
    if ((s->mac_reg[TOTL] += s->tx.size) < n)
412
        s->mac_reg[TOTH]++;
413
}
414

    
415
static void
416
process_tx_desc(E1000State *s, struct e1000_tx_desc *dp)
417
{
418
    uint32_t txd_lower = le32_to_cpu(dp->lower.data);
419
    uint32_t dtype = txd_lower & (E1000_TXD_CMD_DEXT | E1000_TXD_DTYP_D);
420
    unsigned int split_size = txd_lower & 0xffff, bytes, sz, op;
421
    unsigned int msh = 0xfffff, hdr = 0;
422
    uint64_t addr;
423
    struct e1000_context_desc *xp = (struct e1000_context_desc *)dp;
424
    struct e1000_tx *tp = &s->tx;
425

    
426
    if (dtype == E1000_TXD_CMD_DEXT) {        // context descriptor
427
        op = le32_to_cpu(xp->cmd_and_length);
428
        tp->ipcss = xp->lower_setup.ip_fields.ipcss;
429
        tp->ipcso = xp->lower_setup.ip_fields.ipcso;
430
        tp->ipcse = le16_to_cpu(xp->lower_setup.ip_fields.ipcse);
431
        tp->tucss = xp->upper_setup.tcp_fields.tucss;
432
        tp->tucso = xp->upper_setup.tcp_fields.tucso;
433
        tp->tucse = le16_to_cpu(xp->upper_setup.tcp_fields.tucse);
434
        tp->paylen = op & 0xfffff;
435
        tp->hdr_len = xp->tcp_seg_setup.fields.hdr_len;
436
        tp->mss = le16_to_cpu(xp->tcp_seg_setup.fields.mss);
437
        tp->ip = (op & E1000_TXD_CMD_IP) ? 1 : 0;
438
        tp->tcp = (op & E1000_TXD_CMD_TCP) ? 1 : 0;
439
        tp->tse = (op & E1000_TXD_CMD_TSE) ? 1 : 0;
440
        tp->tso_frames = 0;
441
        if (tp->tucso == 0) {        // this is probably wrong
442
            DBGOUT(TXSUM, "TCP/UDP: cso 0!\n");
443
            tp->tucso = tp->tucss + (tp->tcp ? 16 : 6);
444
        }
445
        return;
446
    } else if (dtype == (E1000_TXD_CMD_DEXT | E1000_TXD_DTYP_D)) {
447
        // data descriptor
448
        tp->sum_needed = le32_to_cpu(dp->upper.data) >> 8;
449
        tp->cptse = ( txd_lower & E1000_TXD_CMD_TSE ) ? 1 : 0;
450
    } else {
451
        // legacy descriptor
452
        tp->cptse = 0;
453
    }
454

    
455
    if (vlan_enabled(s) && is_vlan_txd(txd_lower) &&
456
        (tp->cptse || txd_lower & E1000_TXD_CMD_EOP)) {
457
        tp->vlan_needed = 1;
458
        cpu_to_be16wu((uint16_t *)(tp->vlan_header),
459
                      le16_to_cpup((uint16_t *)(s->mac_reg + VET)));
460
        cpu_to_be16wu((uint16_t *)(tp->vlan_header + 2),
461
                      le16_to_cpu(dp->upper.fields.special));
462
    }
463
        
464
    addr = le64_to_cpu(dp->buffer_addr);
465
    if (tp->tse && tp->cptse) {
466
        hdr = tp->hdr_len;
467
        msh = hdr + tp->mss;
468
        do {
469
            bytes = split_size;
470
            if (tp->size + bytes > msh)
471
                bytes = msh - tp->size;
472
            cpu_physical_memory_read(addr, tp->data + tp->size, bytes);
473
            if ((sz = tp->size + bytes) >= hdr && tp->size < hdr)
474
                memmove(tp->header, tp->data, hdr);
475
            tp->size = sz;
476
            addr += bytes;
477
            if (sz == msh) {
478
                xmit_seg(s);
479
                memmove(tp->data, tp->header, hdr);
480
                tp->size = hdr;
481
            }
482
        } while (split_size -= bytes);
483
    } else if (!tp->tse && tp->cptse) {
484
        // context descriptor TSE is not set, while data descriptor TSE is set
485
        DBGOUT(TXERR, "TCP segmentaion Error\n");
486
    } else {
487
        cpu_physical_memory_read(addr, tp->data + tp->size, split_size);
488
        tp->size += split_size;
489
    }
490

    
491
    if (!(txd_lower & E1000_TXD_CMD_EOP))
492
        return;
493
    if (!(tp->tse && tp->cptse && tp->size < hdr))
494
        xmit_seg(s);
495
    tp->tso_frames = 0;
496
    tp->sum_needed = 0;
497
    tp->vlan_needed = 0;
498
    tp->size = 0;
499
    tp->cptse = 0;
500
}
501

    
502
static uint32_t
503
txdesc_writeback(target_phys_addr_t base, struct e1000_tx_desc *dp)
504
{
505
    uint32_t txd_upper, txd_lower = le32_to_cpu(dp->lower.data);
506

    
507
    if (!(txd_lower & (E1000_TXD_CMD_RS|E1000_TXD_CMD_RPS)))
508
        return 0;
509
    txd_upper = (le32_to_cpu(dp->upper.data) | E1000_TXD_STAT_DD) &
510
                ~(E1000_TXD_STAT_EC | E1000_TXD_STAT_LC | E1000_TXD_STAT_TU);
511
    dp->upper.data = cpu_to_le32(txd_upper);
512
    cpu_physical_memory_write(base + ((char *)&dp->upper - (char *)dp),
513
                              (void *)&dp->upper, sizeof(dp->upper));
514
    return E1000_ICR_TXDW;
515
}
516

    
517
static void
518
start_xmit(E1000State *s)
519
{
520
    target_phys_addr_t base;
521
    struct e1000_tx_desc desc;
522
    uint32_t tdh_start = s->mac_reg[TDH], cause = E1000_ICS_TXQE;
523

    
524
    if (!(s->mac_reg[TCTL] & E1000_TCTL_EN)) {
525
        DBGOUT(TX, "tx disabled\n");
526
        return;
527
    }
528

    
529
    while (s->mac_reg[TDH] != s->mac_reg[TDT]) {
530
        base = ((uint64_t)s->mac_reg[TDBAH] << 32) + s->mac_reg[TDBAL] +
531
               sizeof(struct e1000_tx_desc) * s->mac_reg[TDH];
532
        cpu_physical_memory_read(base, (void *)&desc, sizeof(desc));
533

    
534
        DBGOUT(TX, "index %d: %p : %x %x\n", s->mac_reg[TDH],
535
               (void *)(intptr_t)desc.buffer_addr, desc.lower.data,
536
               desc.upper.data);
537

    
538
        process_tx_desc(s, &desc);
539
        cause |= txdesc_writeback(base, &desc);
540

    
541
        if (++s->mac_reg[TDH] * sizeof(desc) >= s->mac_reg[TDLEN])
542
            s->mac_reg[TDH] = 0;
543
        /*
544
         * the following could happen only if guest sw assigns
545
         * bogus values to TDT/TDLEN.
546
         * there's nothing too intelligent we could do about this.
547
         */
548
        if (s->mac_reg[TDH] == tdh_start) {
549
            DBGOUT(TXERR, "TDH wraparound @%x, TDT %x, TDLEN %x\n",
550
                   tdh_start, s->mac_reg[TDT], s->mac_reg[TDLEN]);
551
            break;
552
        }
553
    }
554
    set_ics(s, 0, cause);
555
}
556

    
557
static int
558
receive_filter(E1000State *s, const uint8_t *buf, int size)
559
{
560
    static const uint8_t bcast[] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
561
    static const int mta_shift[] = {4, 3, 2, 0};
562
    uint32_t f, rctl = s->mac_reg[RCTL], ra[2], *rp;
563

    
564
    if (is_vlan_packet(s, buf) && vlan_rx_filter_enabled(s)) {
565
        uint16_t vid = be16_to_cpup((uint16_t *)(buf + 14));
566
        uint32_t vfta = le32_to_cpup((uint32_t *)(s->mac_reg + VFTA) +
567
                                     ((vid >> 5) & 0x7f));
568
        if ((vfta & (1 << (vid & 0x1f))) == 0)
569
            return 0;
570
    }
571

    
572
    if (rctl & E1000_RCTL_UPE)                        // promiscuous
573
        return 1;
574

    
575
    if ((buf[0] & 1) && (rctl & E1000_RCTL_MPE))        // promiscuous mcast
576
        return 1;
577

    
578
    if ((rctl & E1000_RCTL_BAM) && !memcmp(buf, bcast, sizeof bcast))
579
        return 1;
580

    
581
    for (rp = s->mac_reg + RA; rp < s->mac_reg + RA + 32; rp += 2) {
582
        if (!(rp[1] & E1000_RAH_AV))
583
            continue;
584
        ra[0] = cpu_to_le32(rp[0]);
585
        ra[1] = cpu_to_le32(rp[1]);
586
        if (!memcmp(buf, (uint8_t *)ra, 6)) {
587
            DBGOUT(RXFILTER,
588
                   "unicast match[%d]: %02x:%02x:%02x:%02x:%02x:%02x\n",
589
                   (int)(rp - s->mac_reg - RA)/2,
590
                   buf[0], buf[1], buf[2], buf[3], buf[4], buf[5]);
591
            return 1;
592
        }
593
    }
594
    DBGOUT(RXFILTER, "unicast mismatch: %02x:%02x:%02x:%02x:%02x:%02x\n",
595
           buf[0], buf[1], buf[2], buf[3], buf[4], buf[5]);
596

    
597
    f = mta_shift[(rctl >> E1000_RCTL_MO_SHIFT) & 3];
598
    f = (((buf[5] << 8) | buf[4]) >> f) & 0xfff;
599
    if (s->mac_reg[MTA + (f >> 5)] & (1 << (f & 0x1f)))
600
        return 1;
601
    DBGOUT(RXFILTER,
602
           "dropping, inexact filter mismatch: %02x:%02x:%02x:%02x:%02x:%02x MO %d MTA[%d] %x\n",
603
           buf[0], buf[1], buf[2], buf[3], buf[4], buf[5],
604
           (rctl >> E1000_RCTL_MO_SHIFT) & 3, f >> 5,
605
           s->mac_reg[MTA + (f >> 5)]);
606

    
607
    return 0;
608
}
609

    
610
static void
611
e1000_set_link_status(VLANClientState *nc)
612
{
613
    E1000State *s = DO_UPCAST(NICState, nc, nc)->opaque;
614
    uint32_t old_status = s->mac_reg[STATUS];
615

    
616
    if (nc->link_down)
617
        s->mac_reg[STATUS] &= ~E1000_STATUS_LU;
618
    else
619
        s->mac_reg[STATUS] |= E1000_STATUS_LU;
620

    
621
    if (s->mac_reg[STATUS] != old_status)
622
        set_ics(s, 0, E1000_ICR_LSC);
623
}
624

    
625
static int
626
e1000_can_receive(VLANClientState *nc)
627
{
628
    E1000State *s = DO_UPCAST(NICState, nc, nc)->opaque;
629

    
630
    return (s->mac_reg[RCTL] & E1000_RCTL_EN);
631
}
632

    
633
static ssize_t
634
e1000_receive(VLANClientState *nc, const uint8_t *buf, size_t size)
635
{
636
    E1000State *s = DO_UPCAST(NICState, nc, nc)->opaque;
637
    struct e1000_rx_desc desc;
638
    target_phys_addr_t base;
639
    unsigned int n, rdt;
640
    uint32_t rdh_start;
641
    uint16_t vlan_special = 0;
642
    uint8_t vlan_status = 0, vlan_offset = 0;
643
    uint8_t min_buf[MIN_BUF_SIZE];
644

    
645
    if (!(s->mac_reg[RCTL] & E1000_RCTL_EN))
646
        return -1;
647

    
648
    /* Pad to minimum Ethernet frame length */
649
    if (size < sizeof(min_buf)) {
650
        memcpy(min_buf, buf, size);
651
        memset(&min_buf[size], 0, sizeof(min_buf) - size);
652
        buf = min_buf;
653
        size = sizeof(min_buf);
654
    }
655

    
656
    if (size > s->rxbuf_size) {
657
        DBGOUT(RX, "packet too large for buffers (%lu > %d)\n",
658
               (unsigned long)size, s->rxbuf_size);
659
        return -1;
660
    }
661

    
662
    if (!receive_filter(s, buf, size))
663
        return size;
664

    
665
    if (vlan_enabled(s) && is_vlan_packet(s, buf)) {
666
        vlan_special = cpu_to_le16(be16_to_cpup((uint16_t *)(buf + 14)));
667
        memmove((uint8_t *)buf + 4, buf, 12);
668
        vlan_status = E1000_RXD_STAT_VP;
669
        vlan_offset = 4;
670
        size -= 4;
671
    }
672

    
673
    rdh_start = s->mac_reg[RDH];
674
    do {
675
        if (s->mac_reg[RDH] == s->mac_reg[RDT] && s->check_rxov) {
676
            set_ics(s, 0, E1000_ICS_RXO);
677
            return -1;
678
        }
679
        base = ((uint64_t)s->mac_reg[RDBAH] << 32) + s->mac_reg[RDBAL] +
680
               sizeof(desc) * s->mac_reg[RDH];
681
        cpu_physical_memory_read(base, (void *)&desc, sizeof(desc));
682
        desc.special = vlan_special;
683
        desc.status |= (vlan_status | E1000_RXD_STAT_DD);
684
        if (desc.buffer_addr) {
685
            cpu_physical_memory_write(le64_to_cpu(desc.buffer_addr),
686
                                      (void *)(buf + vlan_offset), size);
687
            desc.length = cpu_to_le16(size + fcs_len(s));
688
            desc.status |= E1000_RXD_STAT_EOP|E1000_RXD_STAT_IXSM;
689
        } else { // as per intel docs; skip descriptors with null buf addr
690
            DBGOUT(RX, "Null RX descriptor!!\n");
691
        }
692
        cpu_physical_memory_write(base, (void *)&desc, sizeof(desc));
693

    
694
        if (++s->mac_reg[RDH] * sizeof(desc) >= s->mac_reg[RDLEN])
695
            s->mac_reg[RDH] = 0;
696
        s->check_rxov = 1;
697
        /* see comment in start_xmit; same here */
698
        if (s->mac_reg[RDH] == rdh_start) {
699
            DBGOUT(RXERR, "RDH wraparound @%x, RDT %x, RDLEN %x\n",
700
                   rdh_start, s->mac_reg[RDT], s->mac_reg[RDLEN]);
701
            set_ics(s, 0, E1000_ICS_RXO);
702
            return -1;
703
        }
704
    } while (desc.buffer_addr == 0);
705

    
706
    s->mac_reg[GPRC]++;
707
    s->mac_reg[TPR]++;
708
    /* TOR - Total Octets Received:
709
     * This register includes bytes received in a packet from the <Destination
710
     * Address> field through the <CRC> field, inclusively.
711
     */
712
    n = s->mac_reg[TORL] + size + /* Always include FCS length. */ 4;
713
    if (n < s->mac_reg[TORL])
714
        s->mac_reg[TORH]++;
715
    s->mac_reg[TORL] = n;
716

    
717
    n = E1000_ICS_RXT0;
718
    if ((rdt = s->mac_reg[RDT]) < s->mac_reg[RDH])
719
        rdt += s->mac_reg[RDLEN] / sizeof(desc);
720
    if (((rdt - s->mac_reg[RDH]) * sizeof(desc)) <= s->mac_reg[RDLEN] >>
721
        s->rxbuf_min_shift)
722
        n |= E1000_ICS_RXDMT0;
723

    
724
    set_ics(s, 0, n);
725

    
726
    return size;
727
}
728

    
729
static uint32_t
730
mac_readreg(E1000State *s, int index)
731
{
732
    return s->mac_reg[index];
733
}
734

    
735
static uint32_t
736
mac_icr_read(E1000State *s, int index)
737
{
738
    uint32_t ret = s->mac_reg[ICR];
739

    
740
    DBGOUT(INTERRUPT, "ICR read: %x\n", ret);
741
    set_interrupt_cause(s, 0, 0);
742
    return ret;
743
}
744

    
745
static uint32_t
746
mac_read_clr4(E1000State *s, int index)
747
{
748
    uint32_t ret = s->mac_reg[index];
749

    
750
    s->mac_reg[index] = 0;
751
    return ret;
752
}
753

    
754
static uint32_t
755
mac_read_clr8(E1000State *s, int index)
756
{
757
    uint32_t ret = s->mac_reg[index];
758

    
759
    s->mac_reg[index] = 0;
760
    s->mac_reg[index-1] = 0;
761
    return ret;
762
}
763

    
764
static void
765
mac_writereg(E1000State *s, int index, uint32_t val)
766
{
767
    s->mac_reg[index] = val;
768
}
769

    
770
static void
771
set_rdt(E1000State *s, int index, uint32_t val)
772
{
773
    s->check_rxov = 0;
774
    s->mac_reg[index] = val & 0xffff;
775
}
776

    
777
static void
778
set_16bit(E1000State *s, int index, uint32_t val)
779
{
780
    s->mac_reg[index] = val & 0xffff;
781
}
782

    
783
static void
784
set_dlen(E1000State *s, int index, uint32_t val)
785
{
786
    s->mac_reg[index] = val & 0xfff80;
787
}
788

    
789
static void
790
set_tctl(E1000State *s, int index, uint32_t val)
791
{
792
    s->mac_reg[index] = val;
793
    s->mac_reg[TDT] &= 0xffff;
794
    start_xmit(s);
795
}
796

    
797
static void
798
set_icr(E1000State *s, int index, uint32_t val)
799
{
800
    DBGOUT(INTERRUPT, "set_icr %x\n", val);
801
    set_interrupt_cause(s, 0, s->mac_reg[ICR] & ~val);
802
}
803

    
804
static void
805
set_imc(E1000State *s, int index, uint32_t val)
806
{
807
    s->mac_reg[IMS] &= ~val;
808
    set_ics(s, 0, 0);
809
}
810

    
811
static void
812
set_ims(E1000State *s, int index, uint32_t val)
813
{
814
    s->mac_reg[IMS] |= val;
815
    set_ics(s, 0, 0);
816
}
817

    
818
#define getreg(x)        [x] = mac_readreg
819
static uint32_t (*macreg_readops[])(E1000State *, int) = {
820
    getreg(PBA),        getreg(RCTL),        getreg(TDH),        getreg(TXDCTL),
821
    getreg(WUFC),        getreg(TDT),        getreg(CTRL),        getreg(LEDCTL),
822
    getreg(MANC),        getreg(MDIC),        getreg(SWSM),        getreg(STATUS),
823
    getreg(TORL),        getreg(TOTL),        getreg(IMS),        getreg(TCTL),
824
    getreg(RDH),        getreg(RDT),        getreg(VET),        getreg(ICS),
825
    getreg(TDBAL),        getreg(TDBAH),        getreg(RDBAH),        getreg(RDBAL),
826
    getreg(TDLEN),        getreg(RDLEN),
827

    
828
    [TOTH] = mac_read_clr8,        [TORH] = mac_read_clr8,        [GPRC] = mac_read_clr4,
829
    [GPTC] = mac_read_clr4,        [TPR] = mac_read_clr4,        [TPT] = mac_read_clr4,
830
    [ICR] = mac_icr_read,        [EECD] = get_eecd,        [EERD] = flash_eerd_read,
831
    [CRCERRS ... MPC] = &mac_readreg,
832
    [RA ... RA+31] = &mac_readreg,
833
    [MTA ... MTA+127] = &mac_readreg,
834
    [VFTA ... VFTA+127] = &mac_readreg,
835
};
836
enum { NREADOPS = ARRAY_SIZE(macreg_readops) };
837

    
838
#define putreg(x)        [x] = mac_writereg
839
static void (*macreg_writeops[])(E1000State *, int, uint32_t) = {
840
    putreg(PBA),        putreg(EERD),        putreg(SWSM),        putreg(WUFC),
841
    putreg(TDBAL),        putreg(TDBAH),        putreg(TXDCTL),        putreg(RDBAH),
842
    putreg(RDBAL),        putreg(LEDCTL), putreg(VET),
843
    [TDLEN] = set_dlen,        [RDLEN] = set_dlen,        [TCTL] = set_tctl,
844
    [TDT] = set_tctl,        [MDIC] = set_mdic,        [ICS] = set_ics,
845
    [TDH] = set_16bit,        [RDH] = set_16bit,        [RDT] = set_rdt,
846
    [IMC] = set_imc,        [IMS] = set_ims,        [ICR] = set_icr,
847
    [EECD] = set_eecd,        [RCTL] = set_rx_control, [CTRL] = set_ctrl,
848
    [RA ... RA+31] = &mac_writereg,
849
    [MTA ... MTA+127] = &mac_writereg,
850
    [VFTA ... VFTA+127] = &mac_writereg,
851
};
852
enum { NWRITEOPS = ARRAY_SIZE(macreg_writeops) };
853

    
854
static void
855
e1000_mmio_writel(void *opaque, target_phys_addr_t addr, uint32_t val)
856
{
857
    E1000State *s = opaque;
858
    unsigned int index = (addr & 0x1ffff) >> 2;
859

    
860
#ifdef TARGET_WORDS_BIGENDIAN
861
    val = bswap32(val);
862
#endif
863
    if (index < NWRITEOPS && macreg_writeops[index]) {
864
        macreg_writeops[index](s, index, val);
865
    } else if (index < NREADOPS && macreg_readops[index]) {
866
        DBGOUT(MMIO, "e1000_mmio_writel RO %x: 0x%04x\n", index<<2, val);
867
    } else {
868
        DBGOUT(UNKNOWN, "MMIO unknown write addr=0x%08x,val=0x%08x\n",
869
               index<<2, val);
870
    }
871
}
872

    
873
static void
874
e1000_mmio_writew(void *opaque, target_phys_addr_t addr, uint32_t val)
875
{
876
    // emulate hw without byte enables: no RMW
877
    e1000_mmio_writel(opaque, addr & ~3,
878
                      (val & 0xffff) << (8*(addr & 3)));
879
}
880

    
881
static void
882
e1000_mmio_writeb(void *opaque, target_phys_addr_t addr, uint32_t val)
883
{
884
    // emulate hw without byte enables: no RMW
885
    e1000_mmio_writel(opaque, addr & ~3,
886
                      (val & 0xff) << (8*(addr & 3)));
887
}
888

    
889
static uint32_t
890
e1000_mmio_readl(void *opaque, target_phys_addr_t addr)
891
{
892
    E1000State *s = opaque;
893
    unsigned int index = (addr & 0x1ffff) >> 2;
894

    
895
    if (index < NREADOPS && macreg_readops[index])
896
    {
897
        uint32_t val = macreg_readops[index](s, index);
898
#ifdef TARGET_WORDS_BIGENDIAN
899
        val = bswap32(val);
900
#endif
901
        return val;
902
    }
903
    DBGOUT(UNKNOWN, "MMIO unknown read addr=0x%08x\n", index<<2);
904
    return 0;
905
}
906

    
907
static uint32_t
908
e1000_mmio_readb(void *opaque, target_phys_addr_t addr)
909
{
910
    return ((e1000_mmio_readl(opaque, addr & ~3)) >>
911
            (8 * (addr & 3))) & 0xff;
912
}
913

    
914
static uint32_t
915
e1000_mmio_readw(void *opaque, target_phys_addr_t addr)
916
{
917
    return ((e1000_mmio_readl(opaque, addr & ~3)) >>
918
            (8 * (addr & 3))) & 0xffff;
919
}
920

    
921
static bool is_version_1(void *opaque, int version_id)
922
{
923
    return version_id == 1;
924
}
925

    
926
static const VMStateDescription vmstate_e1000 = {
927
    .name = "e1000",
928
    .version_id = 2,
929
    .minimum_version_id = 1,
930
    .minimum_version_id_old = 1,
931
    .fields      = (VMStateField []) {
932
        VMSTATE_PCI_DEVICE(dev, E1000State),
933
        VMSTATE_UNUSED_TEST(is_version_1, 4), /* was instance id */
934
        VMSTATE_UNUSED(4), /* Was mmio_base.  */
935
        VMSTATE_UINT32(rxbuf_size, E1000State),
936
        VMSTATE_UINT32(rxbuf_min_shift, E1000State),
937
        VMSTATE_UINT32(eecd_state.val_in, E1000State),
938
        VMSTATE_UINT16(eecd_state.bitnum_in, E1000State),
939
        VMSTATE_UINT16(eecd_state.bitnum_out, E1000State),
940
        VMSTATE_UINT16(eecd_state.reading, E1000State),
941
        VMSTATE_UINT32(eecd_state.old_eecd, E1000State),
942
        VMSTATE_UINT8(tx.ipcss, E1000State),
943
        VMSTATE_UINT8(tx.ipcso, E1000State),
944
        VMSTATE_UINT16(tx.ipcse, E1000State),
945
        VMSTATE_UINT8(tx.tucss, E1000State),
946
        VMSTATE_UINT8(tx.tucso, E1000State),
947
        VMSTATE_UINT16(tx.tucse, E1000State),
948
        VMSTATE_UINT32(tx.paylen, E1000State),
949
        VMSTATE_UINT8(tx.hdr_len, E1000State),
950
        VMSTATE_UINT16(tx.mss, E1000State),
951
        VMSTATE_UINT16(tx.size, E1000State),
952
        VMSTATE_UINT16(tx.tso_frames, E1000State),
953
        VMSTATE_UINT8(tx.sum_needed, E1000State),
954
        VMSTATE_INT8(tx.ip, E1000State),
955
        VMSTATE_INT8(tx.tcp, E1000State),
956
        VMSTATE_BUFFER(tx.header, E1000State),
957
        VMSTATE_BUFFER(tx.data, E1000State),
958
        VMSTATE_UINT16_ARRAY(eeprom_data, E1000State, 64),
959
        VMSTATE_UINT16_ARRAY(phy_reg, E1000State, 0x20),
960
        VMSTATE_UINT32(mac_reg[CTRL], E1000State),
961
        VMSTATE_UINT32(mac_reg[EECD], E1000State),
962
        VMSTATE_UINT32(mac_reg[EERD], E1000State),
963
        VMSTATE_UINT32(mac_reg[GPRC], E1000State),
964
        VMSTATE_UINT32(mac_reg[GPTC], E1000State),
965
        VMSTATE_UINT32(mac_reg[ICR], E1000State),
966
        VMSTATE_UINT32(mac_reg[ICS], E1000State),
967
        VMSTATE_UINT32(mac_reg[IMC], E1000State),
968
        VMSTATE_UINT32(mac_reg[IMS], E1000State),
969
        VMSTATE_UINT32(mac_reg[LEDCTL], E1000State),
970
        VMSTATE_UINT32(mac_reg[MANC], E1000State),
971
        VMSTATE_UINT32(mac_reg[MDIC], E1000State),
972
        VMSTATE_UINT32(mac_reg[MPC], E1000State),
973
        VMSTATE_UINT32(mac_reg[PBA], E1000State),
974
        VMSTATE_UINT32(mac_reg[RCTL], E1000State),
975
        VMSTATE_UINT32(mac_reg[RDBAH], E1000State),
976
        VMSTATE_UINT32(mac_reg[RDBAL], E1000State),
977
        VMSTATE_UINT32(mac_reg[RDH], E1000State),
978
        VMSTATE_UINT32(mac_reg[RDLEN], E1000State),
979
        VMSTATE_UINT32(mac_reg[RDT], E1000State),
980
        VMSTATE_UINT32(mac_reg[STATUS], E1000State),
981
        VMSTATE_UINT32(mac_reg[SWSM], E1000State),
982
        VMSTATE_UINT32(mac_reg[TCTL], E1000State),
983
        VMSTATE_UINT32(mac_reg[TDBAH], E1000State),
984
        VMSTATE_UINT32(mac_reg[TDBAL], E1000State),
985
        VMSTATE_UINT32(mac_reg[TDH], E1000State),
986
        VMSTATE_UINT32(mac_reg[TDLEN], E1000State),
987
        VMSTATE_UINT32(mac_reg[TDT], E1000State),
988
        VMSTATE_UINT32(mac_reg[TORH], E1000State),
989
        VMSTATE_UINT32(mac_reg[TORL], E1000State),
990
        VMSTATE_UINT32(mac_reg[TOTH], E1000State),
991
        VMSTATE_UINT32(mac_reg[TOTL], E1000State),
992
        VMSTATE_UINT32(mac_reg[TPR], E1000State),
993
        VMSTATE_UINT32(mac_reg[TPT], E1000State),
994
        VMSTATE_UINT32(mac_reg[TXDCTL], E1000State),
995
        VMSTATE_UINT32(mac_reg[WUFC], E1000State),
996
        VMSTATE_UINT32(mac_reg[VET], E1000State),
997
        VMSTATE_UINT32_SUB_ARRAY(mac_reg, E1000State, RA, 32),
998
        VMSTATE_UINT32_SUB_ARRAY(mac_reg, E1000State, MTA, 128),
999
        VMSTATE_UINT32_SUB_ARRAY(mac_reg, E1000State, VFTA, 128),
1000
        VMSTATE_END_OF_LIST()
1001
    }
1002
};
1003

    
1004
static const uint16_t e1000_eeprom_template[64] = {
1005
    0x0000, 0x0000, 0x0000, 0x0000,      0xffff, 0x0000,      0x0000, 0x0000,
1006
    0x3000, 0x1000, 0x6403, E1000_DEVID, 0x8086, E1000_DEVID, 0x8086, 0x3040,
1007
    0x0008, 0x2000, 0x7e14, 0x0048,      0x1000, 0x00d8,      0x0000, 0x2700,
1008
    0x6cc9, 0x3150, 0x0722, 0x040b,      0x0984, 0x0000,      0xc000, 0x0706,
1009
    0x1008, 0x0000, 0x0f04, 0x7fff,      0x4d01, 0xffff,      0xffff, 0xffff,
1010
    0xffff, 0xffff, 0xffff, 0xffff,      0xffff, 0xffff,      0xffff, 0xffff,
1011
    0x0100, 0x4000, 0x121c, 0xffff,      0xffff, 0xffff,      0xffff, 0xffff,
1012
    0xffff, 0xffff, 0xffff, 0xffff,      0xffff, 0xffff,      0xffff, 0x0000,
1013
};
1014

    
1015
static const uint16_t phy_reg_init[] = {
1016
    [PHY_CTRL] = 0x1140,                        [PHY_STATUS] = 0x796d, // link initially up
1017
    [PHY_ID1] = 0x141,                                [PHY_ID2] = PHY_ID2_INIT,
1018
    [PHY_1000T_CTRL] = 0x0e00,                        [M88E1000_PHY_SPEC_CTRL] = 0x360,
1019
    [M88E1000_EXT_PHY_SPEC_CTRL] = 0x0d60,        [PHY_AUTONEG_ADV] = 0xde1,
1020
    [PHY_LP_ABILITY] = 0x1e0,                        [PHY_1000T_STATUS] = 0x3c00,
1021
    [M88E1000_PHY_SPEC_STATUS] = 0xac00,
1022
};
1023

    
1024
static const uint32_t mac_reg_init[] = {
1025
    [PBA] =     0x00100030,
1026
    [LEDCTL] =  0x602,
1027
    [CTRL] =    E1000_CTRL_SWDPIN2 | E1000_CTRL_SWDPIN0 |
1028
                E1000_CTRL_SPD_1000 | E1000_CTRL_SLU,
1029
    [STATUS] =  0x80000000 | E1000_STATUS_GIO_MASTER_ENABLE |
1030
                E1000_STATUS_ASDV | E1000_STATUS_MTXCKOK |
1031
                E1000_STATUS_SPEED_1000 | E1000_STATUS_FD |
1032
                E1000_STATUS_LU,
1033
    [MANC] =    E1000_MANC_EN_MNG2HOST | E1000_MANC_RCV_TCO_EN |
1034
                E1000_MANC_ARP_EN | E1000_MANC_0298_EN |
1035
                E1000_MANC_RMCP_EN,
1036
};
1037

    
1038
/* PCI interface */
1039

    
1040
static CPUWriteMemoryFunc * const e1000_mmio_write[] = {
1041
    e1000_mmio_writeb,        e1000_mmio_writew,        e1000_mmio_writel
1042
};
1043

    
1044
static CPUReadMemoryFunc * const e1000_mmio_read[] = {
1045
    e1000_mmio_readb,        e1000_mmio_readw,        e1000_mmio_readl
1046
};
1047

    
1048
static void
1049
e1000_mmio_map(PCIDevice *pci_dev, int region_num,
1050
                pcibus_t addr, pcibus_t size, int type)
1051
{
1052
    E1000State *d = DO_UPCAST(E1000State, dev, pci_dev);
1053
    int i;
1054
    const uint32_t excluded_regs[] = {
1055
        E1000_MDIC, E1000_ICR, E1000_ICS, E1000_IMS,
1056
        E1000_IMC, E1000_TCTL, E1000_TDT, PNPMMIO_SIZE
1057
    };
1058

    
1059

    
1060
    DBGOUT(MMIO, "e1000_mmio_map addr=0x%08"FMT_PCIBUS" 0x%08"FMT_PCIBUS"\n",
1061
           addr, size);
1062

    
1063
    cpu_register_physical_memory(addr, PNPMMIO_SIZE, d->mmio_index);
1064
    qemu_register_coalesced_mmio(addr, excluded_regs[0]);
1065

    
1066
    for (i = 0; excluded_regs[i] != PNPMMIO_SIZE; i++)
1067
        qemu_register_coalesced_mmio(addr + excluded_regs[i] + 4,
1068
                                     excluded_regs[i + 1] -
1069
                                     excluded_regs[i] - 4);
1070
}
1071

    
1072
static void
1073
e1000_cleanup(VLANClientState *nc)
1074
{
1075
    E1000State *s = DO_UPCAST(NICState, nc, nc)->opaque;
1076

    
1077
    s->nic = NULL;
1078
}
1079

    
1080
static int
1081
pci_e1000_uninit(PCIDevice *dev)
1082
{
1083
    E1000State *d = DO_UPCAST(E1000State, dev, dev);
1084

    
1085
    cpu_unregister_io_memory(d->mmio_index);
1086
    qemu_del_vlan_client(&d->nic->nc);
1087
    return 0;
1088
}
1089

    
1090
static void e1000_reset(void *opaque)
1091
{
1092
    E1000State *d = opaque;
1093

    
1094
    memset(d->phy_reg, 0, sizeof d->phy_reg);
1095
    memmove(d->phy_reg, phy_reg_init, sizeof phy_reg_init);
1096
    memset(d->mac_reg, 0, sizeof d->mac_reg);
1097
    memmove(d->mac_reg, mac_reg_init, sizeof mac_reg_init);
1098
    d->rxbuf_min_shift = 1;
1099
    memset(&d->tx, 0, sizeof d->tx);
1100
}
1101

    
1102
static NetClientInfo net_e1000_info = {
1103
    .type = NET_CLIENT_TYPE_NIC,
1104
    .size = sizeof(NICState),
1105
    .can_receive = e1000_can_receive,
1106
    .receive = e1000_receive,
1107
    .cleanup = e1000_cleanup,
1108
    .link_status_changed = e1000_set_link_status,
1109
};
1110

    
1111
static int pci_e1000_init(PCIDevice *pci_dev)
1112
{
1113
    E1000State *d = DO_UPCAST(E1000State, dev, pci_dev);
1114
    uint8_t *pci_conf;
1115
    uint16_t checksum = 0;
1116
    int i;
1117
    uint8_t *macaddr;
1118

    
1119
    pci_conf = d->dev.config;
1120

    
1121
    pci_config_set_vendor_id(pci_conf, PCI_VENDOR_ID_INTEL);
1122
    pci_config_set_device_id(pci_conf, E1000_DEVID);
1123
    /* TODO: we have no capabilities, so why is this bit set? */
1124
    pci_set_word(pci_conf + PCI_STATUS, PCI_STATUS_CAP_LIST);
1125
    pci_conf[PCI_REVISION_ID] = 0x03;
1126
    pci_config_set_class(pci_conf, PCI_CLASS_NETWORK_ETHERNET);
1127
    /* TODO: RST# value should be 0, PCI spec 6.2.4 */
1128
    pci_conf[PCI_CACHE_LINE_SIZE] = 0x10;
1129

    
1130
    /* TODO: RST# value should be 0 if programmable, PCI spec 6.2.4 */
1131
    pci_conf[PCI_INTERRUPT_PIN] = 1; // interrupt pin 0
1132

    
1133
    d->mmio_index = cpu_register_io_memory(e1000_mmio_read,
1134
            e1000_mmio_write, d);
1135

    
1136
    pci_register_bar((PCIDevice *)d, 0, PNPMMIO_SIZE,
1137
                           PCI_BASE_ADDRESS_SPACE_MEMORY, e1000_mmio_map);
1138

    
1139
    pci_register_bar((PCIDevice *)d, 1, IOPORT_SIZE,
1140
                           PCI_BASE_ADDRESS_SPACE_IO, ioport_map);
1141

    
1142
    memmove(d->eeprom_data, e1000_eeprom_template,
1143
        sizeof e1000_eeprom_template);
1144
    qemu_macaddr_default_if_unset(&d->conf.macaddr);
1145
    macaddr = d->conf.macaddr.a;
1146
    for (i = 0; i < 3; i++)
1147
        d->eeprom_data[i] = (macaddr[2*i+1]<<8) | macaddr[2*i];
1148
    for (i = 0; i < EEPROM_CHECKSUM_REG; i++)
1149
        checksum += d->eeprom_data[i];
1150
    checksum = (uint16_t) EEPROM_SUM - checksum;
1151
    d->eeprom_data[EEPROM_CHECKSUM_REG] = checksum;
1152

    
1153
    d->nic = qemu_new_nic(&net_e1000_info, &d->conf,
1154
                          d->dev.qdev.info->name, d->dev.qdev.id, d);
1155

    
1156
    qemu_format_nic_info_str(&d->nic->nc, macaddr);
1157
    return 0;
1158
}
1159

    
1160
static void qdev_e1000_reset(DeviceState *dev)
1161
{
1162
    E1000State *d = DO_UPCAST(E1000State, dev.qdev, dev);
1163
    e1000_reset(d);
1164
}
1165

    
1166
static PCIDeviceInfo e1000_info = {
1167
    .qdev.name  = "e1000",
1168
    .qdev.desc  = "Intel Gigabit Ethernet",
1169
    .qdev.size  = sizeof(E1000State),
1170
    .qdev.reset = qdev_e1000_reset,
1171
    .qdev.vmsd  = &vmstate_e1000,
1172
    .init       = pci_e1000_init,
1173
    .exit       = pci_e1000_uninit,
1174
    .romfile    = "pxe-e1000.bin",
1175
    .qdev.props = (Property[]) {
1176
        DEFINE_NIC_PROPERTIES(E1000State, conf),
1177
        DEFINE_PROP_END_OF_LIST(),
1178
    }
1179
};
1180

    
1181
static void e1000_register_devices(void)
1182
{
1183
    pci_qdev_register(&e1000_info);
1184
}
1185

    
1186
device_init(e1000_register_devices)