1 /* 2 * Faraday FTGMAC100 Gigabit Ethernet 3 * 4 * Copyright (C) 2016-2017, IBM Corporation. 5 * 6 * Based on Coldfire Fast Ethernet Controller emulation. 7 * 8 * Copyright (c) 2007 CodeSourcery. 9 * 10 * This code is licensed under the GPL version 2 or later. See the 11 * COPYING file in the top-level directory. 12 */ 13 14 #include "qemu/osdep.h" 15 #include "hw/irq.h" 16 #include "hw/net/ftgmac100.h" 17 #include "sysemu/dma.h" 18 #include "qapi/error.h" 19 #include "qemu/log.h" 20 #include "qemu/module.h" 21 #include "net/checksum.h" 22 #include "net/eth.h" 23 #include "hw/net/mii.h" 24 #include "hw/qdev-properties.h" 25 #include "migration/vmstate.h" 26 27 /* For crc32 */ 28 #include <zlib.h> 29 30 /* 31 * FTGMAC100 registers 32 */ 33 #define FTGMAC100_ISR 0x00 34 #define FTGMAC100_IER 0x04 35 #define FTGMAC100_MAC_MADR 0x08 36 #define FTGMAC100_MAC_LADR 0x0c 37 #define FTGMAC100_MATH0 0x10 38 #define FTGMAC100_MATH1 0x14 39 #define FTGMAC100_NPTXPD 0x18 40 #define FTGMAC100_RXPD 0x1C 41 #define FTGMAC100_NPTXR_BADR 0x20 42 #define FTGMAC100_RXR_BADR 0x24 43 #define FTGMAC100_HPTXPD 0x28 44 #define FTGMAC100_HPTXR_BADR 0x2c 45 #define FTGMAC100_ITC 0x30 46 #define FTGMAC100_APTC 0x34 47 #define FTGMAC100_DBLAC 0x38 48 #define FTGMAC100_REVR 0x40 49 #define FTGMAC100_FEAR1 0x44 50 #define FTGMAC100_RBSR 0x4c 51 #define FTGMAC100_TPAFCR 0x48 52 53 #define FTGMAC100_MACCR 0x50 54 #define FTGMAC100_MACSR 0x54 55 #define FTGMAC100_PHYCR 0x60 56 #define FTGMAC100_PHYDATA 0x64 57 #define FTGMAC100_FCR 0x68 58 59 /* 60 * Interrupt status register & interrupt enable register 61 */ 62 #define FTGMAC100_INT_RPKT_BUF (1 << 0) 63 #define FTGMAC100_INT_RPKT_FIFO (1 << 1) 64 #define FTGMAC100_INT_NO_RXBUF (1 << 2) 65 #define FTGMAC100_INT_RPKT_LOST (1 << 3) 66 #define FTGMAC100_INT_XPKT_ETH (1 << 4) 67 #define FTGMAC100_INT_XPKT_FIFO (1 << 5) 68 #define FTGMAC100_INT_NO_NPTXBUF (1 << 6) 69 #define FTGMAC100_INT_XPKT_LOST (1 << 7) 70 #define FTGMAC100_INT_AHB_ERR (1 << 8) 71 #define FTGMAC100_INT_PHYSTS_CHG (1 << 9) 72 #define FTGMAC100_INT_NO_HPTXBUF (1 << 10) 73 74 /* 75 * Automatic polling timer control register 76 */ 77 #define FTGMAC100_APTC_RXPOLL_CNT(x) ((x) & 0xf) 78 #define FTGMAC100_APTC_RXPOLL_TIME_SEL (1 << 4) 79 #define FTGMAC100_APTC_TXPOLL_CNT(x) (((x) >> 8) & 0xf) 80 #define FTGMAC100_APTC_TXPOLL_TIME_SEL (1 << 12) 81 82 /* 83 * PHY control register 84 */ 85 #define FTGMAC100_PHYCR_MIIRD (1 << 26) 86 #define FTGMAC100_PHYCR_MIIWR (1 << 27) 87 88 #define FTGMAC100_PHYCR_DEV(x) (((x) >> 16) & 0x1f) 89 #define FTGMAC100_PHYCR_REG(x) (((x) >> 21) & 0x1f) 90 91 /* 92 * PHY data register 93 */ 94 #define FTGMAC100_PHYDATA_MIIWDATA(x) ((x) & 0xffff) 95 #define FTGMAC100_PHYDATA_MIIRDATA(x) (((x) >> 16) & 0xffff) 96 97 /* 98 * PHY control register - New MDC/MDIO interface 99 */ 100 #define FTGMAC100_PHYCR_NEW_DATA(x) (((x) >> 16) & 0xffff) 101 #define FTGMAC100_PHYCR_NEW_FIRE (1 << 15) 102 #define FTGMAC100_PHYCR_NEW_ST_22 (1 << 12) 103 #define FTGMAC100_PHYCR_NEW_OP(x) (((x) >> 10) & 3) 104 #define FTGMAC100_PHYCR_NEW_OP_WRITE 0x1 105 #define FTGMAC100_PHYCR_NEW_OP_READ 0x2 106 #define FTGMAC100_PHYCR_NEW_DEV(x) (((x) >> 5) & 0x1f) 107 #define FTGMAC100_PHYCR_NEW_REG(x) ((x) & 0x1f) 108 109 /* 110 * Feature Register 111 */ 112 #define FTGMAC100_REVR_NEW_MDIO_INTERFACE (1 << 31) 113 114 /* 115 * MAC control register 116 */ 117 #define FTGMAC100_MACCR_TXDMA_EN (1 << 0) 118 #define FTGMAC100_MACCR_RXDMA_EN (1 << 1) 119 #define FTGMAC100_MACCR_TXMAC_EN (1 << 2) 120 #define FTGMAC100_MACCR_RXMAC_EN (1 << 3) 121 #define FTGMAC100_MACCR_RM_VLAN (1 << 4) 122 #define FTGMAC100_MACCR_HPTXR_EN (1 << 5) 123 #define FTGMAC100_MACCR_LOOP_EN (1 << 6) 124 #define FTGMAC100_MACCR_ENRX_IN_HALFTX (1 << 7) 125 #define FTGMAC100_MACCR_FULLDUP (1 << 8) 126 #define FTGMAC100_MACCR_GIGA_MODE (1 << 9) 127 #define FTGMAC100_MACCR_CRC_APD (1 << 10) /* not needed */ 128 #define FTGMAC100_MACCR_RX_RUNT (1 << 12) 129 #define FTGMAC100_MACCR_JUMBO_LF (1 << 13) 130 #define FTGMAC100_MACCR_RX_ALL (1 << 14) 131 #define FTGMAC100_MACCR_HT_MULTI_EN (1 << 15) 132 #define FTGMAC100_MACCR_RX_MULTIPKT (1 << 16) 133 #define FTGMAC100_MACCR_RX_BROADPKT (1 << 17) 134 #define FTGMAC100_MACCR_DISCARD_CRCERR (1 << 18) 135 #define FTGMAC100_MACCR_FAST_MODE (1 << 19) 136 #define FTGMAC100_MACCR_SW_RST (1 << 31) 137 138 /* 139 * Transmit descriptor 140 */ 141 #define FTGMAC100_TXDES0_TXBUF_SIZE(x) ((x) & 0x3fff) 142 #define FTGMAC100_TXDES0_EDOTR (1 << 15) 143 #define FTGMAC100_TXDES0_CRC_ERR (1 << 19) 144 #define FTGMAC100_TXDES0_LTS (1 << 28) 145 #define FTGMAC100_TXDES0_FTS (1 << 29) 146 #define FTGMAC100_TXDES0_EDOTR_ASPEED (1 << 30) 147 #define FTGMAC100_TXDES0_TXDMA_OWN (1 << 31) 148 149 #define FTGMAC100_TXDES1_VLANTAG_CI(x) ((x) & 0xffff) 150 #define FTGMAC100_TXDES1_INS_VLANTAG (1 << 16) 151 #define FTGMAC100_TXDES1_TCP_CHKSUM (1 << 17) 152 #define FTGMAC100_TXDES1_UDP_CHKSUM (1 << 18) 153 #define FTGMAC100_TXDES1_IP_CHKSUM (1 << 19) 154 #define FTGMAC100_TXDES1_LLC (1 << 22) 155 #define FTGMAC100_TXDES1_TX2FIC (1 << 30) 156 #define FTGMAC100_TXDES1_TXIC (1 << 31) 157 158 /* 159 * Receive descriptor 160 */ 161 #define FTGMAC100_RXDES0_VDBC 0x3fff 162 #define FTGMAC100_RXDES0_EDORR (1 << 15) 163 #define FTGMAC100_RXDES0_MULTICAST (1 << 16) 164 #define FTGMAC100_RXDES0_BROADCAST (1 << 17) 165 #define FTGMAC100_RXDES0_RX_ERR (1 << 18) 166 #define FTGMAC100_RXDES0_CRC_ERR (1 << 19) 167 #define FTGMAC100_RXDES0_FTL (1 << 20) 168 #define FTGMAC100_RXDES0_RUNT (1 << 21) 169 #define FTGMAC100_RXDES0_RX_ODD_NB (1 << 22) 170 #define FTGMAC100_RXDES0_FIFO_FULL (1 << 23) 171 #define FTGMAC100_RXDES0_PAUSE_OPCODE (1 << 24) 172 #define FTGMAC100_RXDES0_PAUSE_FRAME (1 << 25) 173 #define FTGMAC100_RXDES0_LRS (1 << 28) 174 #define FTGMAC100_RXDES0_FRS (1 << 29) 175 #define FTGMAC100_RXDES0_EDORR_ASPEED (1 << 30) 176 #define FTGMAC100_RXDES0_RXPKT_RDY (1 << 31) 177 178 #define FTGMAC100_RXDES1_VLANTAG_CI 0xffff 179 #define FTGMAC100_RXDES1_PROT_MASK (0x3 << 20) 180 #define FTGMAC100_RXDES1_PROT_NONIP (0x0 << 20) 181 #define FTGMAC100_RXDES1_PROT_IP (0x1 << 20) 182 #define FTGMAC100_RXDES1_PROT_TCPIP (0x2 << 20) 183 #define FTGMAC100_RXDES1_PROT_UDPIP (0x3 << 20) 184 #define FTGMAC100_RXDES1_LLC (1 << 22) 185 #define FTGMAC100_RXDES1_DF (1 << 23) 186 #define FTGMAC100_RXDES1_VLANTAG_AVAIL (1 << 24) 187 #define FTGMAC100_RXDES1_TCP_CHKSUM_ERR (1 << 25) 188 #define FTGMAC100_RXDES1_UDP_CHKSUM_ERR (1 << 26) 189 #define FTGMAC100_RXDES1_IP_CHKSUM_ERR (1 << 27) 190 191 /* 192 * Receive and transmit Buffer Descriptor 193 */ 194 typedef struct { 195 uint32_t des0; 196 uint32_t des1; 197 uint32_t des2; /* not used by HW */ 198 uint32_t des3; 199 } FTGMAC100Desc; 200 201 #define FTGMAC100_DESC_ALIGNMENT 16 202 203 /* 204 * Specific RTL8211E MII Registers 205 */ 206 #define RTL8211E_MII_PHYCR 16 /* PHY Specific Control */ 207 #define RTL8211E_MII_PHYSR 17 /* PHY Specific Status */ 208 #define RTL8211E_MII_INER 18 /* Interrupt Enable */ 209 #define RTL8211E_MII_INSR 19 /* Interrupt Status */ 210 #define RTL8211E_MII_RXERC 24 /* Receive Error Counter */ 211 #define RTL8211E_MII_LDPSR 27 /* Link Down Power Saving */ 212 #define RTL8211E_MII_EPAGSR 30 /* Extension Page Select */ 213 #define RTL8211E_MII_PAGSEL 31 /* Page Select */ 214 215 /* 216 * RTL8211E Interrupt Status 217 */ 218 #define PHY_INT_AUTONEG_ERROR (1 << 15) 219 #define PHY_INT_PAGE_RECV (1 << 12) 220 #define PHY_INT_AUTONEG_COMPLETE (1 << 11) 221 #define PHY_INT_LINK_STATUS (1 << 10) 222 #define PHY_INT_ERROR (1 << 9) 223 #define PHY_INT_DOWN (1 << 8) 224 #define PHY_INT_JABBER (1 << 0) 225 226 /* 227 * Max frame size for the receiving buffer 228 */ 229 #define FTGMAC100_MAX_FRAME_SIZE 9220 230 231 /* Limits depending on the type of the frame 232 * 233 * 9216 for Jumbo frames (+ 4 for VLAN) 234 * 1518 for other frames (+ 4 for VLAN) 235 */ 236 static int ftgmac100_max_frame_size(FTGMAC100State *s, uint16_t proto) 237 { 238 int max = (s->maccr & FTGMAC100_MACCR_JUMBO_LF ? 9216 : 1518); 239 240 return max + (proto == ETH_P_VLAN ? 4 : 0); 241 } 242 243 static void ftgmac100_update_irq(FTGMAC100State *s) 244 { 245 qemu_set_irq(s->irq, s->isr & s->ier); 246 } 247 248 /* 249 * The MII phy could raise a GPIO to the processor which in turn 250 * could be handled as an interrpt by the OS. 251 * For now we don't handle any GPIO/interrupt line, so the OS will 252 * have to poll for the PHY status. 253 */ 254 static void phy_update_irq(FTGMAC100State *s) 255 { 256 ftgmac100_update_irq(s); 257 } 258 259 static void phy_update_link(FTGMAC100State *s) 260 { 261 /* Autonegotiation status mirrors link status. */ 262 if (qemu_get_queue(s->nic)->link_down) { 263 s->phy_status &= ~(MII_BMSR_LINK_ST | MII_BMSR_AN_COMP); 264 s->phy_int |= PHY_INT_DOWN; 265 } else { 266 s->phy_status |= (MII_BMSR_LINK_ST | MII_BMSR_AN_COMP); 267 s->phy_int |= PHY_INT_AUTONEG_COMPLETE; 268 } 269 phy_update_irq(s); 270 } 271 272 static void ftgmac100_set_link(NetClientState *nc) 273 { 274 phy_update_link(FTGMAC100(qemu_get_nic_opaque(nc))); 275 } 276 277 static void phy_reset(FTGMAC100State *s) 278 { 279 s->phy_status = (MII_BMSR_100TX_FD | MII_BMSR_100TX_HD | MII_BMSR_10T_FD | 280 MII_BMSR_10T_HD | MII_BMSR_EXTSTAT | MII_BMSR_MFPS | 281 MII_BMSR_AN_COMP | MII_BMSR_AUTONEG | MII_BMSR_LINK_ST | 282 MII_BMSR_EXTCAP); 283 s->phy_control = (MII_BMCR_AUTOEN | MII_BMCR_FD | MII_BMCR_SPEED1000); 284 s->phy_advertise = (MII_ANAR_PAUSE_ASYM | MII_ANAR_PAUSE | MII_ANAR_TXFD | 285 MII_ANAR_TX | MII_ANAR_10FD | MII_ANAR_10 | 286 MII_ANAR_CSMACD); 287 s->phy_int_mask = 0; 288 s->phy_int = 0; 289 } 290 291 static uint16_t do_phy_read(FTGMAC100State *s, uint8_t reg) 292 { 293 uint16_t val; 294 295 switch (reg) { 296 case MII_BMCR: /* Basic Control */ 297 val = s->phy_control; 298 break; 299 case MII_BMSR: /* Basic Status */ 300 val = s->phy_status; 301 break; 302 case MII_PHYID1: /* ID1 */ 303 val = RTL8211E_PHYID1; 304 break; 305 case MII_PHYID2: /* ID2 */ 306 val = RTL8211E_PHYID2; 307 break; 308 case MII_ANAR: /* Auto-neg advertisement */ 309 val = s->phy_advertise; 310 break; 311 case MII_ANLPAR: /* Auto-neg Link Partner Ability */ 312 val = (MII_ANLPAR_ACK | MII_ANLPAR_PAUSE | MII_ANLPAR_TXFD | 313 MII_ANLPAR_TX | MII_ANLPAR_10FD | MII_ANLPAR_10 | 314 MII_ANLPAR_CSMACD); 315 break; 316 case MII_ANER: /* Auto-neg Expansion */ 317 val = MII_ANER_NWAY; 318 break; 319 case MII_CTRL1000: /* 1000BASE-T control */ 320 val = (MII_CTRL1000_HALF | MII_CTRL1000_FULL); 321 break; 322 case MII_STAT1000: /* 1000BASE-T status */ 323 val = MII_STAT1000_FULL; 324 break; 325 case RTL8211E_MII_INSR: /* Interrupt status. */ 326 val = s->phy_int; 327 s->phy_int = 0; 328 phy_update_irq(s); 329 break; 330 case RTL8211E_MII_INER: /* Interrupt enable */ 331 val = s->phy_int_mask; 332 break; 333 case RTL8211E_MII_PHYCR: 334 case RTL8211E_MII_PHYSR: 335 case RTL8211E_MII_RXERC: 336 case RTL8211E_MII_LDPSR: 337 case RTL8211E_MII_EPAGSR: 338 case RTL8211E_MII_PAGSEL: 339 qemu_log_mask(LOG_UNIMP, "%s: reg %d not implemented\n", 340 __func__, reg); 341 val = 0; 342 break; 343 default: 344 qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad address at offset %d\n", 345 __func__, reg); 346 val = 0; 347 break; 348 } 349 350 return val; 351 } 352 353 #define MII_BMCR_MASK (MII_BMCR_LOOPBACK | MII_BMCR_SPEED100 | \ 354 MII_BMCR_SPEED | MII_BMCR_AUTOEN | MII_BMCR_PDOWN | \ 355 MII_BMCR_FD | MII_BMCR_CTST) 356 #define MII_ANAR_MASK 0x2d7f 357 358 static void do_phy_write(FTGMAC100State *s, uint8_t reg, uint16_t val) 359 { 360 switch (reg) { 361 case MII_BMCR: /* Basic Control */ 362 if (val & MII_BMCR_RESET) { 363 phy_reset(s); 364 } else { 365 s->phy_control = val & MII_BMCR_MASK; 366 /* Complete autonegotiation immediately. */ 367 if (val & MII_BMCR_AUTOEN) { 368 s->phy_status |= MII_BMSR_AN_COMP; 369 } 370 } 371 break; 372 case MII_ANAR: /* Auto-neg advertisement */ 373 s->phy_advertise = (val & MII_ANAR_MASK) | MII_ANAR_TX; 374 break; 375 case RTL8211E_MII_INER: /* Interrupt enable */ 376 s->phy_int_mask = val & 0xff; 377 phy_update_irq(s); 378 break; 379 case RTL8211E_MII_PHYCR: 380 case RTL8211E_MII_PHYSR: 381 case RTL8211E_MII_RXERC: 382 case RTL8211E_MII_LDPSR: 383 case RTL8211E_MII_EPAGSR: 384 case RTL8211E_MII_PAGSEL: 385 qemu_log_mask(LOG_UNIMP, "%s: reg %d not implemented\n", 386 __func__, reg); 387 break; 388 default: 389 qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad address at offset %d\n", 390 __func__, reg); 391 break; 392 } 393 } 394 395 static void do_phy_new_ctl(FTGMAC100State *s) 396 { 397 uint8_t reg; 398 uint16_t data; 399 400 if (!(s->phycr & FTGMAC100_PHYCR_NEW_ST_22)) { 401 qemu_log_mask(LOG_UNIMP, "%s: unsupported ST code\n", __func__); 402 return; 403 } 404 405 /* Nothing to do */ 406 if (!(s->phycr & FTGMAC100_PHYCR_NEW_FIRE)) { 407 return; 408 } 409 410 reg = FTGMAC100_PHYCR_NEW_REG(s->phycr); 411 data = FTGMAC100_PHYCR_NEW_DATA(s->phycr); 412 413 switch (FTGMAC100_PHYCR_NEW_OP(s->phycr)) { 414 case FTGMAC100_PHYCR_NEW_OP_WRITE: 415 do_phy_write(s, reg, data); 416 break; 417 case FTGMAC100_PHYCR_NEW_OP_READ: 418 s->phydata = do_phy_read(s, reg) & 0xffff; 419 break; 420 default: 421 qemu_log_mask(LOG_GUEST_ERROR, "%s: invalid OP code %08x\n", 422 __func__, s->phycr); 423 } 424 425 s->phycr &= ~FTGMAC100_PHYCR_NEW_FIRE; 426 } 427 428 static void do_phy_ctl(FTGMAC100State *s) 429 { 430 uint8_t reg = FTGMAC100_PHYCR_REG(s->phycr); 431 432 if (s->phycr & FTGMAC100_PHYCR_MIIWR) { 433 do_phy_write(s, reg, s->phydata & 0xffff); 434 s->phycr &= ~FTGMAC100_PHYCR_MIIWR; 435 } else if (s->phycr & FTGMAC100_PHYCR_MIIRD) { 436 s->phydata = do_phy_read(s, reg) << 16; 437 s->phycr &= ~FTGMAC100_PHYCR_MIIRD; 438 } else { 439 qemu_log_mask(LOG_GUEST_ERROR, "%s: no OP code %08x\n", 440 __func__, s->phycr); 441 } 442 } 443 444 static int ftgmac100_read_bd(FTGMAC100Desc *bd, dma_addr_t addr) 445 { 446 if (dma_memory_read(&address_space_memory, addr, bd, sizeof(*bd))) { 447 qemu_log_mask(LOG_GUEST_ERROR, "%s: failed to read descriptor @ 0x%" 448 HWADDR_PRIx "\n", __func__, addr); 449 return -1; 450 } 451 bd->des0 = le32_to_cpu(bd->des0); 452 bd->des1 = le32_to_cpu(bd->des1); 453 bd->des2 = le32_to_cpu(bd->des2); 454 bd->des3 = le32_to_cpu(bd->des3); 455 return 0; 456 } 457 458 static int ftgmac100_write_bd(FTGMAC100Desc *bd, dma_addr_t addr) 459 { 460 FTGMAC100Desc lebd; 461 462 lebd.des0 = cpu_to_le32(bd->des0); 463 lebd.des1 = cpu_to_le32(bd->des1); 464 lebd.des2 = cpu_to_le32(bd->des2); 465 lebd.des3 = cpu_to_le32(bd->des3); 466 if (dma_memory_write(&address_space_memory, addr, &lebd, sizeof(lebd))) { 467 qemu_log_mask(LOG_GUEST_ERROR, "%s: failed to write descriptor @ 0x%" 468 HWADDR_PRIx "\n", __func__, addr); 469 return -1; 470 } 471 return 0; 472 } 473 474 static void ftgmac100_do_tx(FTGMAC100State *s, uint32_t tx_ring, 475 uint32_t tx_descriptor) 476 { 477 int frame_size = 0; 478 uint8_t *ptr = s->frame; 479 uint32_t addr = tx_descriptor; 480 uint32_t flags = 0; 481 482 while (1) { 483 FTGMAC100Desc bd; 484 int len; 485 486 if (ftgmac100_read_bd(&bd, addr) || 487 ((bd.des0 & FTGMAC100_TXDES0_TXDMA_OWN) == 0)) { 488 /* Run out of descriptors to transmit. */ 489 s->isr |= FTGMAC100_INT_NO_NPTXBUF; 490 break; 491 } 492 493 /* record transmit flags as they are valid only on the first 494 * segment */ 495 if (bd.des0 & FTGMAC100_TXDES0_FTS) { 496 flags = bd.des1; 497 } 498 499 len = FTGMAC100_TXDES0_TXBUF_SIZE(bd.des0); 500 if (frame_size + len > sizeof(s->frame)) { 501 qemu_log_mask(LOG_GUEST_ERROR, "%s: frame too big : %d bytes\n", 502 __func__, len); 503 s->isr |= FTGMAC100_INT_XPKT_LOST; 504 len = sizeof(s->frame) - frame_size; 505 } 506 507 if (dma_memory_read(&address_space_memory, bd.des3, ptr, len)) { 508 qemu_log_mask(LOG_GUEST_ERROR, "%s: failed to read packet @ 0x%x\n", 509 __func__, bd.des3); 510 s->isr |= FTGMAC100_INT_NO_NPTXBUF; 511 break; 512 } 513 514 /* Check for VLAN */ 515 if (bd.des0 & FTGMAC100_TXDES0_FTS && 516 bd.des1 & FTGMAC100_TXDES1_INS_VLANTAG && 517 be16_to_cpu(PKT_GET_ETH_HDR(ptr)->h_proto) != ETH_P_VLAN) { 518 if (frame_size + len + 4 > sizeof(s->frame)) { 519 qemu_log_mask(LOG_GUEST_ERROR, "%s: frame too big : %d bytes\n", 520 __func__, len); 521 s->isr |= FTGMAC100_INT_XPKT_LOST; 522 len = sizeof(s->frame) - frame_size - 4; 523 } 524 memmove(ptr + 16, ptr + 12, len - 12); 525 stw_be_p(ptr + 12, ETH_P_VLAN); 526 stw_be_p(ptr + 14, bd.des1); 527 len += 4; 528 } 529 530 ptr += len; 531 frame_size += len; 532 if (bd.des0 & FTGMAC100_TXDES0_LTS) { 533 if (flags & FTGMAC100_TXDES1_IP_CHKSUM) { 534 net_checksum_calculate(s->frame, frame_size); 535 } 536 /* Last buffer in frame. */ 537 qemu_send_packet(qemu_get_queue(s->nic), s->frame, frame_size); 538 ptr = s->frame; 539 frame_size = 0; 540 if (flags & FTGMAC100_TXDES1_TXIC) { 541 s->isr |= FTGMAC100_INT_XPKT_ETH; 542 } 543 } 544 545 if (flags & FTGMAC100_TXDES1_TX2FIC) { 546 s->isr |= FTGMAC100_INT_XPKT_FIFO; 547 } 548 bd.des0 &= ~FTGMAC100_TXDES0_TXDMA_OWN; 549 550 /* Write back the modified descriptor. */ 551 ftgmac100_write_bd(&bd, addr); 552 /* Advance to the next descriptor. */ 553 if (bd.des0 & s->txdes0_edotr) { 554 addr = tx_ring; 555 } else { 556 addr += sizeof(FTGMAC100Desc); 557 } 558 } 559 560 s->tx_descriptor = addr; 561 562 ftgmac100_update_irq(s); 563 } 564 565 static int ftgmac100_can_receive(NetClientState *nc) 566 { 567 FTGMAC100State *s = FTGMAC100(qemu_get_nic_opaque(nc)); 568 FTGMAC100Desc bd; 569 570 if ((s->maccr & (FTGMAC100_MACCR_RXDMA_EN | FTGMAC100_MACCR_RXMAC_EN)) 571 != (FTGMAC100_MACCR_RXDMA_EN | FTGMAC100_MACCR_RXMAC_EN)) { 572 return 0; 573 } 574 575 if (ftgmac100_read_bd(&bd, s->rx_descriptor)) { 576 return 0; 577 } 578 return !(bd.des0 & FTGMAC100_RXDES0_RXPKT_RDY); 579 } 580 581 /* 582 * This is purely informative. The HW can poll the RW (and RX) ring 583 * buffers for available descriptors but we don't need to trigger a 584 * timer for that in qemu. 585 */ 586 static uint32_t ftgmac100_rxpoll(FTGMAC100State *s) 587 { 588 /* Polling times : 589 * 590 * Speed TIME_SEL=0 TIME_SEL=1 591 * 592 * 10 51.2 ms 819.2 ms 593 * 100 5.12 ms 81.92 ms 594 * 1000 1.024 ms 16.384 ms 595 */ 596 static const int div[] = { 20, 200, 1000 }; 597 598 uint32_t cnt = 1024 * FTGMAC100_APTC_RXPOLL_CNT(s->aptcr); 599 uint32_t speed = (s->maccr & FTGMAC100_MACCR_FAST_MODE) ? 1 : 0; 600 601 if (s->aptcr & FTGMAC100_APTC_RXPOLL_TIME_SEL) { 602 cnt <<= 4; 603 } 604 605 if (s->maccr & FTGMAC100_MACCR_GIGA_MODE) { 606 speed = 2; 607 } 608 609 return cnt / div[speed]; 610 } 611 612 static void ftgmac100_reset(DeviceState *d) 613 { 614 FTGMAC100State *s = FTGMAC100(d); 615 616 /* Reset the FTGMAC100 */ 617 s->isr = 0; 618 s->ier = 0; 619 s->rx_enabled = 0; 620 s->rx_ring = 0; 621 s->rbsr = 0x640; 622 s->rx_descriptor = 0; 623 s->tx_ring = 0; 624 s->tx_descriptor = 0; 625 s->math[0] = 0; 626 s->math[1] = 0; 627 s->itc = 0; 628 s->aptcr = 1; 629 s->dblac = 0x00022f00; 630 s->revr = 0; 631 s->fear1 = 0; 632 s->tpafcr = 0xf1; 633 634 s->maccr = 0; 635 s->phycr = 0; 636 s->phydata = 0; 637 s->fcr = 0x400; 638 639 /* and the PHY */ 640 phy_reset(s); 641 } 642 643 static uint64_t ftgmac100_read(void *opaque, hwaddr addr, unsigned size) 644 { 645 FTGMAC100State *s = FTGMAC100(opaque); 646 647 switch (addr & 0xff) { 648 case FTGMAC100_ISR: 649 return s->isr; 650 case FTGMAC100_IER: 651 return s->ier; 652 case FTGMAC100_MAC_MADR: 653 return (s->conf.macaddr.a[0] << 8) | s->conf.macaddr.a[1]; 654 case FTGMAC100_MAC_LADR: 655 return ((uint32_t) s->conf.macaddr.a[2] << 24) | 656 (s->conf.macaddr.a[3] << 16) | (s->conf.macaddr.a[4] << 8) | 657 s->conf.macaddr.a[5]; 658 case FTGMAC100_MATH0: 659 return s->math[0]; 660 case FTGMAC100_MATH1: 661 return s->math[1]; 662 case FTGMAC100_ITC: 663 return s->itc; 664 case FTGMAC100_DBLAC: 665 return s->dblac; 666 case FTGMAC100_REVR: 667 return s->revr; 668 case FTGMAC100_FEAR1: 669 return s->fear1; 670 case FTGMAC100_TPAFCR: 671 return s->tpafcr; 672 case FTGMAC100_FCR: 673 return s->fcr; 674 case FTGMAC100_MACCR: 675 return s->maccr; 676 case FTGMAC100_PHYCR: 677 return s->phycr; 678 case FTGMAC100_PHYDATA: 679 return s->phydata; 680 681 /* We might want to support these one day */ 682 case FTGMAC100_HPTXPD: /* High Priority Transmit Poll Demand */ 683 case FTGMAC100_HPTXR_BADR: /* High Priority Transmit Ring Base Address */ 684 case FTGMAC100_MACSR: /* MAC Status Register (MACSR) */ 685 qemu_log_mask(LOG_UNIMP, "%s: read to unimplemented register 0x%" 686 HWADDR_PRIx "\n", __func__, addr); 687 return 0; 688 default: 689 qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad address at offset 0x%" 690 HWADDR_PRIx "\n", __func__, addr); 691 return 0; 692 } 693 } 694 695 static void ftgmac100_write(void *opaque, hwaddr addr, 696 uint64_t value, unsigned size) 697 { 698 FTGMAC100State *s = FTGMAC100(opaque); 699 700 switch (addr & 0xff) { 701 case FTGMAC100_ISR: /* Interrupt status */ 702 s->isr &= ~value; 703 break; 704 case FTGMAC100_IER: /* Interrupt control */ 705 s->ier = value; 706 break; 707 case FTGMAC100_MAC_MADR: /* MAC */ 708 s->conf.macaddr.a[0] = value >> 8; 709 s->conf.macaddr.a[1] = value; 710 break; 711 case FTGMAC100_MAC_LADR: 712 s->conf.macaddr.a[2] = value >> 24; 713 s->conf.macaddr.a[3] = value >> 16; 714 s->conf.macaddr.a[4] = value >> 8; 715 s->conf.macaddr.a[5] = value; 716 break; 717 case FTGMAC100_MATH0: /* Multicast Address Hash Table 0 */ 718 s->math[0] = value; 719 break; 720 case FTGMAC100_MATH1: /* Multicast Address Hash Table 1 */ 721 s->math[1] = value; 722 break; 723 case FTGMAC100_ITC: /* TODO: Interrupt Timer Control */ 724 s->itc = value; 725 break; 726 case FTGMAC100_RXR_BADR: /* Ring buffer address */ 727 if (!QEMU_IS_ALIGNED(value, FTGMAC100_DESC_ALIGNMENT)) { 728 qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad RX buffer alignment 0x%" 729 HWADDR_PRIx "\n", __func__, value); 730 return; 731 } 732 733 s->rx_ring = value; 734 s->rx_descriptor = s->rx_ring; 735 break; 736 737 case FTGMAC100_RBSR: /* DMA buffer size */ 738 s->rbsr = value; 739 break; 740 741 case FTGMAC100_NPTXR_BADR: /* Transmit buffer address */ 742 if (!QEMU_IS_ALIGNED(value, FTGMAC100_DESC_ALIGNMENT)) { 743 qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad TX buffer alignment 0x%" 744 HWADDR_PRIx "\n", __func__, value); 745 return; 746 } 747 s->tx_ring = value; 748 s->tx_descriptor = s->tx_ring; 749 break; 750 751 case FTGMAC100_NPTXPD: /* Trigger transmit */ 752 if ((s->maccr & (FTGMAC100_MACCR_TXDMA_EN | FTGMAC100_MACCR_TXMAC_EN)) 753 == (FTGMAC100_MACCR_TXDMA_EN | FTGMAC100_MACCR_TXMAC_EN)) { 754 /* TODO: high priority tx ring */ 755 ftgmac100_do_tx(s, s->tx_ring, s->tx_descriptor); 756 } 757 if (ftgmac100_can_receive(qemu_get_queue(s->nic))) { 758 qemu_flush_queued_packets(qemu_get_queue(s->nic)); 759 } 760 break; 761 762 case FTGMAC100_RXPD: /* Receive Poll Demand Register */ 763 if (ftgmac100_can_receive(qemu_get_queue(s->nic))) { 764 qemu_flush_queued_packets(qemu_get_queue(s->nic)); 765 } 766 break; 767 768 case FTGMAC100_APTC: /* Automatic polling */ 769 s->aptcr = value; 770 771 if (FTGMAC100_APTC_RXPOLL_CNT(s->aptcr)) { 772 ftgmac100_rxpoll(s); 773 } 774 775 if (FTGMAC100_APTC_TXPOLL_CNT(s->aptcr)) { 776 qemu_log_mask(LOG_UNIMP, "%s: no transmit polling\n", __func__); 777 } 778 break; 779 780 case FTGMAC100_MACCR: /* MAC Device control */ 781 s->maccr = value; 782 if (value & FTGMAC100_MACCR_SW_RST) { 783 ftgmac100_reset(DEVICE(s)); 784 } 785 786 if (ftgmac100_can_receive(qemu_get_queue(s->nic))) { 787 qemu_flush_queued_packets(qemu_get_queue(s->nic)); 788 } 789 break; 790 791 case FTGMAC100_PHYCR: /* PHY Device control */ 792 s->phycr = value; 793 if (s->revr & FTGMAC100_REVR_NEW_MDIO_INTERFACE) { 794 do_phy_new_ctl(s); 795 } else { 796 do_phy_ctl(s); 797 } 798 break; 799 case FTGMAC100_PHYDATA: 800 s->phydata = value & 0xffff; 801 break; 802 case FTGMAC100_DBLAC: /* DMA Burst Length and Arbitration Control */ 803 s->dblac = value; 804 break; 805 case FTGMAC100_REVR: /* Feature Register */ 806 s->revr = value; 807 break; 808 case FTGMAC100_FEAR1: /* Feature Register 1 */ 809 s->fear1 = value; 810 break; 811 case FTGMAC100_TPAFCR: /* Transmit Priority Arbitration and FIFO Control */ 812 s->tpafcr = value; 813 break; 814 case FTGMAC100_FCR: /* Flow Control */ 815 s->fcr = value; 816 break; 817 818 case FTGMAC100_HPTXPD: /* High Priority Transmit Poll Demand */ 819 case FTGMAC100_HPTXR_BADR: /* High Priority Transmit Ring Base Address */ 820 case FTGMAC100_MACSR: /* MAC Status Register (MACSR) */ 821 qemu_log_mask(LOG_UNIMP, "%s: write to unimplemented register 0x%" 822 HWADDR_PRIx "\n", __func__, addr); 823 break; 824 default: 825 qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad address at offset 0x%" 826 HWADDR_PRIx "\n", __func__, addr); 827 break; 828 } 829 830 ftgmac100_update_irq(s); 831 } 832 833 static int ftgmac100_filter(FTGMAC100State *s, const uint8_t *buf, size_t len) 834 { 835 unsigned mcast_idx; 836 837 if (s->maccr & FTGMAC100_MACCR_RX_ALL) { 838 return 1; 839 } 840 841 switch (get_eth_packet_type(PKT_GET_ETH_HDR(buf))) { 842 case ETH_PKT_BCAST: 843 if (!(s->maccr & FTGMAC100_MACCR_RX_BROADPKT)) { 844 return 0; 845 } 846 break; 847 case ETH_PKT_MCAST: 848 if (!(s->maccr & FTGMAC100_MACCR_RX_MULTIPKT)) { 849 if (!(s->maccr & FTGMAC100_MACCR_HT_MULTI_EN)) { 850 return 0; 851 } 852 853 mcast_idx = net_crc32_le(buf, ETH_ALEN); 854 mcast_idx = (~(mcast_idx >> 2)) & 0x3f; 855 if (!(s->math[mcast_idx / 32] & (1 << (mcast_idx % 32)))) { 856 return 0; 857 } 858 } 859 break; 860 case ETH_PKT_UCAST: 861 if (memcmp(s->conf.macaddr.a, buf, 6)) { 862 return 0; 863 } 864 break; 865 } 866 867 return 1; 868 } 869 870 static ssize_t ftgmac100_receive(NetClientState *nc, const uint8_t *buf, 871 size_t len) 872 { 873 FTGMAC100State *s = FTGMAC100(qemu_get_nic_opaque(nc)); 874 FTGMAC100Desc bd; 875 uint32_t flags = 0; 876 uint32_t addr; 877 uint32_t crc; 878 uint32_t buf_addr; 879 uint8_t *crc_ptr; 880 uint32_t buf_len; 881 size_t size = len; 882 uint32_t first = FTGMAC100_RXDES0_FRS; 883 uint16_t proto = be16_to_cpu(PKT_GET_ETH_HDR(buf)->h_proto); 884 int max_frame_size = ftgmac100_max_frame_size(s, proto); 885 886 if ((s->maccr & (FTGMAC100_MACCR_RXDMA_EN | FTGMAC100_MACCR_RXMAC_EN)) 887 != (FTGMAC100_MACCR_RXDMA_EN | FTGMAC100_MACCR_RXMAC_EN)) { 888 return -1; 889 } 890 891 /* TODO : Pad to minimum Ethernet frame length */ 892 /* handle small packets. */ 893 if (size < 10) { 894 qemu_log_mask(LOG_GUEST_ERROR, "%s: dropped frame of %zd bytes\n", 895 __func__, size); 896 return size; 897 } 898 899 if (!ftgmac100_filter(s, buf, size)) { 900 return size; 901 } 902 903 /* 4 bytes for the CRC. */ 904 size += 4; 905 crc = cpu_to_be32(crc32(~0, buf, size)); 906 crc_ptr = (uint8_t *) &crc; 907 908 /* Huge frames are truncated. */ 909 if (size > max_frame_size) { 910 qemu_log_mask(LOG_GUEST_ERROR, "%s: frame too big : %zd bytes\n", 911 __func__, size); 912 size = max_frame_size; 913 flags |= FTGMAC100_RXDES0_FTL; 914 } 915 916 switch (get_eth_packet_type(PKT_GET_ETH_HDR(buf))) { 917 case ETH_PKT_BCAST: 918 flags |= FTGMAC100_RXDES0_BROADCAST; 919 break; 920 case ETH_PKT_MCAST: 921 flags |= FTGMAC100_RXDES0_MULTICAST; 922 break; 923 case ETH_PKT_UCAST: 924 break; 925 } 926 927 addr = s->rx_descriptor; 928 while (size > 0) { 929 if (!ftgmac100_can_receive(nc)) { 930 qemu_log_mask(LOG_GUEST_ERROR, "%s: Unexpected packet\n", __func__); 931 return -1; 932 } 933 934 if (ftgmac100_read_bd(&bd, addr) || 935 (bd.des0 & FTGMAC100_RXDES0_RXPKT_RDY)) { 936 /* No descriptors available. Bail out. */ 937 qemu_log_mask(LOG_GUEST_ERROR, "%s: Lost end of frame\n", 938 __func__); 939 s->isr |= FTGMAC100_INT_NO_RXBUF; 940 break; 941 } 942 buf_len = (size <= s->rbsr) ? size : s->rbsr; 943 bd.des0 |= buf_len & 0x3fff; 944 size -= buf_len; 945 946 /* The last 4 bytes are the CRC. */ 947 if (size < 4) { 948 buf_len += size - 4; 949 } 950 buf_addr = bd.des3; 951 if (first && proto == ETH_P_VLAN && buf_len >= 18) { 952 bd.des1 = lduw_be_p(buf + 14) | FTGMAC100_RXDES1_VLANTAG_AVAIL; 953 954 if (s->maccr & FTGMAC100_MACCR_RM_VLAN) { 955 dma_memory_write(&address_space_memory, buf_addr, buf, 12); 956 dma_memory_write(&address_space_memory, buf_addr + 12, buf + 16, 957 buf_len - 16); 958 } else { 959 dma_memory_write(&address_space_memory, buf_addr, buf, buf_len); 960 } 961 } else { 962 bd.des1 = 0; 963 dma_memory_write(&address_space_memory, buf_addr, buf, buf_len); 964 } 965 buf += buf_len; 966 if (size < 4) { 967 dma_memory_write(&address_space_memory, buf_addr + buf_len, 968 crc_ptr, 4 - size); 969 crc_ptr += 4 - size; 970 } 971 972 bd.des0 |= first | FTGMAC100_RXDES0_RXPKT_RDY; 973 first = 0; 974 if (size == 0) { 975 /* Last buffer in frame. */ 976 bd.des0 |= flags | FTGMAC100_RXDES0_LRS; 977 s->isr |= FTGMAC100_INT_RPKT_BUF; 978 } else { 979 s->isr |= FTGMAC100_INT_RPKT_FIFO; 980 } 981 ftgmac100_write_bd(&bd, addr); 982 if (bd.des0 & s->rxdes0_edorr) { 983 addr = s->rx_ring; 984 } else { 985 addr += sizeof(FTGMAC100Desc); 986 } 987 } 988 s->rx_descriptor = addr; 989 990 ftgmac100_update_irq(s); 991 return len; 992 } 993 994 static const MemoryRegionOps ftgmac100_ops = { 995 .read = ftgmac100_read, 996 .write = ftgmac100_write, 997 .valid.min_access_size = 4, 998 .valid.max_access_size = 4, 999 .endianness = DEVICE_LITTLE_ENDIAN, 1000 }; 1001 1002 static void ftgmac100_cleanup(NetClientState *nc) 1003 { 1004 FTGMAC100State *s = FTGMAC100(qemu_get_nic_opaque(nc)); 1005 1006 s->nic = NULL; 1007 } 1008 1009 static NetClientInfo net_ftgmac100_info = { 1010 .type = NET_CLIENT_DRIVER_NIC, 1011 .size = sizeof(NICState), 1012 .can_receive = ftgmac100_can_receive, 1013 .receive = ftgmac100_receive, 1014 .cleanup = ftgmac100_cleanup, 1015 .link_status_changed = ftgmac100_set_link, 1016 }; 1017 1018 static void ftgmac100_realize(DeviceState *dev, Error **errp) 1019 { 1020 FTGMAC100State *s = FTGMAC100(dev); 1021 SysBusDevice *sbd = SYS_BUS_DEVICE(dev); 1022 1023 if (s->aspeed) { 1024 s->txdes0_edotr = FTGMAC100_TXDES0_EDOTR_ASPEED; 1025 s->rxdes0_edorr = FTGMAC100_RXDES0_EDORR_ASPEED; 1026 } else { 1027 s->txdes0_edotr = FTGMAC100_TXDES0_EDOTR; 1028 s->rxdes0_edorr = FTGMAC100_RXDES0_EDORR; 1029 } 1030 1031 memory_region_init_io(&s->iomem, OBJECT(dev), &ftgmac100_ops, s, 1032 TYPE_FTGMAC100, 0x2000); 1033 sysbus_init_mmio(sbd, &s->iomem); 1034 sysbus_init_irq(sbd, &s->irq); 1035 qemu_macaddr_default_if_unset(&s->conf.macaddr); 1036 1037 s->nic = qemu_new_nic(&net_ftgmac100_info, &s->conf, 1038 object_get_typename(OBJECT(dev)), DEVICE(dev)->id, 1039 s); 1040 qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a); 1041 } 1042 1043 static const VMStateDescription vmstate_ftgmac100 = { 1044 .name = TYPE_FTGMAC100, 1045 .version_id = 1, 1046 .minimum_version_id = 1, 1047 .fields = (VMStateField[]) { 1048 VMSTATE_UINT32(irq_state, FTGMAC100State), 1049 VMSTATE_UINT32(isr, FTGMAC100State), 1050 VMSTATE_UINT32(ier, FTGMAC100State), 1051 VMSTATE_UINT32(rx_enabled, FTGMAC100State), 1052 VMSTATE_UINT32(rx_ring, FTGMAC100State), 1053 VMSTATE_UINT32(rbsr, FTGMAC100State), 1054 VMSTATE_UINT32(tx_ring, FTGMAC100State), 1055 VMSTATE_UINT32(rx_descriptor, FTGMAC100State), 1056 VMSTATE_UINT32(tx_descriptor, FTGMAC100State), 1057 VMSTATE_UINT32_ARRAY(math, FTGMAC100State, 2), 1058 VMSTATE_UINT32(itc, FTGMAC100State), 1059 VMSTATE_UINT32(aptcr, FTGMAC100State), 1060 VMSTATE_UINT32(dblac, FTGMAC100State), 1061 VMSTATE_UINT32(revr, FTGMAC100State), 1062 VMSTATE_UINT32(fear1, FTGMAC100State), 1063 VMSTATE_UINT32(tpafcr, FTGMAC100State), 1064 VMSTATE_UINT32(maccr, FTGMAC100State), 1065 VMSTATE_UINT32(phycr, FTGMAC100State), 1066 VMSTATE_UINT32(phydata, FTGMAC100State), 1067 VMSTATE_UINT32(fcr, FTGMAC100State), 1068 VMSTATE_UINT32(phy_status, FTGMAC100State), 1069 VMSTATE_UINT32(phy_control, FTGMAC100State), 1070 VMSTATE_UINT32(phy_advertise, FTGMAC100State), 1071 VMSTATE_UINT32(phy_int, FTGMAC100State), 1072 VMSTATE_UINT32(phy_int_mask, FTGMAC100State), 1073 VMSTATE_UINT32(txdes0_edotr, FTGMAC100State), 1074 VMSTATE_UINT32(rxdes0_edorr, FTGMAC100State), 1075 VMSTATE_END_OF_LIST() 1076 } 1077 }; 1078 1079 static Property ftgmac100_properties[] = { 1080 DEFINE_PROP_BOOL("aspeed", FTGMAC100State, aspeed, false), 1081 DEFINE_NIC_PROPERTIES(FTGMAC100State, conf), 1082 DEFINE_PROP_END_OF_LIST(), 1083 }; 1084 1085 static void ftgmac100_class_init(ObjectClass *klass, void *data) 1086 { 1087 DeviceClass *dc = DEVICE_CLASS(klass); 1088 1089 dc->vmsd = &vmstate_ftgmac100; 1090 dc->reset = ftgmac100_reset; 1091 device_class_set_props(dc, ftgmac100_properties); 1092 set_bit(DEVICE_CATEGORY_NETWORK, dc->categories); 1093 dc->realize = ftgmac100_realize; 1094 dc->desc = "Faraday FTGMAC100 Gigabit Ethernet emulation"; 1095 } 1096 1097 static const TypeInfo ftgmac100_info = { 1098 .name = TYPE_FTGMAC100, 1099 .parent = TYPE_SYS_BUS_DEVICE, 1100 .instance_size = sizeof(FTGMAC100State), 1101 .class_init = ftgmac100_class_init, 1102 }; 1103 1104 /* 1105 * AST2600 MII controller 1106 */ 1107 #define ASPEED_MII_PHYCR_FIRE BIT(31) 1108 #define ASPEED_MII_PHYCR_ST_22 BIT(28) 1109 #define ASPEED_MII_PHYCR_OP(x) ((x) & (ASPEED_MII_PHYCR_OP_WRITE | \ 1110 ASPEED_MII_PHYCR_OP_READ)) 1111 #define ASPEED_MII_PHYCR_OP_WRITE BIT(26) 1112 #define ASPEED_MII_PHYCR_OP_READ BIT(27) 1113 #define ASPEED_MII_PHYCR_DATA(x) (x & 0xffff) 1114 #define ASPEED_MII_PHYCR_PHY(x) (((x) >> 21) & 0x1f) 1115 #define ASPEED_MII_PHYCR_REG(x) (((x) >> 16) & 0x1f) 1116 1117 #define ASPEED_MII_PHYDATA_IDLE BIT(16) 1118 1119 static void aspeed_mii_transition(AspeedMiiState *s, bool fire) 1120 { 1121 if (fire) { 1122 s->phycr |= ASPEED_MII_PHYCR_FIRE; 1123 s->phydata &= ~ASPEED_MII_PHYDATA_IDLE; 1124 } else { 1125 s->phycr &= ~ASPEED_MII_PHYCR_FIRE; 1126 s->phydata |= ASPEED_MII_PHYDATA_IDLE; 1127 } 1128 } 1129 1130 static void aspeed_mii_do_phy_ctl(AspeedMiiState *s) 1131 { 1132 uint8_t reg; 1133 uint16_t data; 1134 1135 if (!(s->phycr & ASPEED_MII_PHYCR_ST_22)) { 1136 aspeed_mii_transition(s, !ASPEED_MII_PHYCR_FIRE); 1137 qemu_log_mask(LOG_UNIMP, "%s: unsupported ST code\n", __func__); 1138 return; 1139 } 1140 1141 /* Nothing to do */ 1142 if (!(s->phycr & ASPEED_MII_PHYCR_FIRE)) { 1143 return; 1144 } 1145 1146 reg = ASPEED_MII_PHYCR_REG(s->phycr); 1147 data = ASPEED_MII_PHYCR_DATA(s->phycr); 1148 1149 switch (ASPEED_MII_PHYCR_OP(s->phycr)) { 1150 case ASPEED_MII_PHYCR_OP_WRITE: 1151 do_phy_write(s->nic, reg, data); 1152 break; 1153 case ASPEED_MII_PHYCR_OP_READ: 1154 s->phydata = (s->phydata & ~0xffff) | do_phy_read(s->nic, reg); 1155 break; 1156 default: 1157 qemu_log_mask(LOG_GUEST_ERROR, "%s: invalid OP code %08x\n", 1158 __func__, s->phycr); 1159 } 1160 1161 aspeed_mii_transition(s, !ASPEED_MII_PHYCR_FIRE); 1162 } 1163 1164 static uint64_t aspeed_mii_read(void *opaque, hwaddr addr, unsigned size) 1165 { 1166 AspeedMiiState *s = ASPEED_MII(opaque); 1167 1168 switch (addr) { 1169 case 0x0: 1170 return s->phycr; 1171 case 0x4: 1172 return s->phydata; 1173 default: 1174 g_assert_not_reached(); 1175 } 1176 } 1177 1178 static void aspeed_mii_write(void *opaque, hwaddr addr, 1179 uint64_t value, unsigned size) 1180 { 1181 AspeedMiiState *s = ASPEED_MII(opaque); 1182 1183 switch (addr) { 1184 case 0x0: 1185 s->phycr = value & ~(s->phycr & ASPEED_MII_PHYCR_FIRE); 1186 break; 1187 case 0x4: 1188 s->phydata = value & ~(0xffff | ASPEED_MII_PHYDATA_IDLE); 1189 break; 1190 default: 1191 g_assert_not_reached(); 1192 } 1193 1194 aspeed_mii_transition(s, !!(s->phycr & ASPEED_MII_PHYCR_FIRE)); 1195 aspeed_mii_do_phy_ctl(s); 1196 } 1197 1198 static const MemoryRegionOps aspeed_mii_ops = { 1199 .read = aspeed_mii_read, 1200 .write = aspeed_mii_write, 1201 .valid.min_access_size = 4, 1202 .valid.max_access_size = 4, 1203 .endianness = DEVICE_LITTLE_ENDIAN, 1204 }; 1205 1206 static void aspeed_mii_reset(DeviceState *dev) 1207 { 1208 AspeedMiiState *s = ASPEED_MII(dev); 1209 1210 s->phycr = 0; 1211 s->phydata = 0; 1212 1213 aspeed_mii_transition(s, !!(s->phycr & ASPEED_MII_PHYCR_FIRE)); 1214 }; 1215 1216 static void aspeed_mii_realize(DeviceState *dev, Error **errp) 1217 { 1218 AspeedMiiState *s = ASPEED_MII(dev); 1219 SysBusDevice *sbd = SYS_BUS_DEVICE(dev); 1220 1221 assert(s->nic); 1222 1223 memory_region_init_io(&s->iomem, OBJECT(dev), &aspeed_mii_ops, s, 1224 TYPE_ASPEED_MII, 0x8); 1225 sysbus_init_mmio(sbd, &s->iomem); 1226 } 1227 1228 static const VMStateDescription vmstate_aspeed_mii = { 1229 .name = TYPE_ASPEED_MII, 1230 .version_id = 1, 1231 .minimum_version_id = 1, 1232 .fields = (VMStateField[]) { 1233 VMSTATE_UINT32(phycr, FTGMAC100State), 1234 VMSTATE_UINT32(phydata, FTGMAC100State), 1235 VMSTATE_END_OF_LIST() 1236 } 1237 }; 1238 1239 static Property aspeed_mii_properties[] = { 1240 DEFINE_PROP_LINK("nic", AspeedMiiState, nic, TYPE_FTGMAC100, 1241 FTGMAC100State *), 1242 DEFINE_PROP_END_OF_LIST(), 1243 }; 1244 1245 static void aspeed_mii_class_init(ObjectClass *klass, void *data) 1246 { 1247 DeviceClass *dc = DEVICE_CLASS(klass); 1248 1249 dc->vmsd = &vmstate_aspeed_mii; 1250 dc->reset = aspeed_mii_reset; 1251 dc->realize = aspeed_mii_realize; 1252 dc->desc = "Aspeed MII controller"; 1253 device_class_set_props(dc, aspeed_mii_properties); 1254 } 1255 1256 static const TypeInfo aspeed_mii_info = { 1257 .name = TYPE_ASPEED_MII, 1258 .parent = TYPE_SYS_BUS_DEVICE, 1259 .instance_size = sizeof(AspeedMiiState), 1260 .class_init = aspeed_mii_class_init, 1261 }; 1262 1263 static void ftgmac100_register_types(void) 1264 { 1265 type_register_static(&ftgmac100_info); 1266 type_register_static(&aspeed_mii_info); 1267 } 1268 1269 type_init(ftgmac100_register_types) 1270