1 /* 2 * Faraday FTGMAC100 Gigabit Ethernet 3 * 4 * Copyright (C) 2016-2017, IBM Corporation. 5 * 6 * Based on Coldfire Fast Ethernet Controller emulation. 7 * 8 * Copyright (c) 2007 CodeSourcery. 9 * 10 * This code is licensed under the GPL version 2 or later. See the 11 * COPYING file in the top-level directory. 12 */ 13 14 #include "qemu/osdep.h" 15 #include "hw/irq.h" 16 #include "hw/net/ftgmac100.h" 17 #include "sysemu/dma.h" 18 #include "qapi/error.h" 19 #include "qemu/log.h" 20 #include "qemu/module.h" 21 #include "net/checksum.h" 22 #include "net/eth.h" 23 #include "hw/net/mii.h" 24 #include "hw/qdev-properties.h" 25 #include "migration/vmstate.h" 26 27 /* For crc32 */ 28 #include <zlib.h> 29 30 /* 31 * FTGMAC100 registers 32 */ 33 #define FTGMAC100_ISR 0x00 34 #define FTGMAC100_IER 0x04 35 #define FTGMAC100_MAC_MADR 0x08 36 #define FTGMAC100_MAC_LADR 0x0c 37 #define FTGMAC100_MATH0 0x10 38 #define FTGMAC100_MATH1 0x14 39 #define FTGMAC100_NPTXPD 0x18 40 #define FTGMAC100_RXPD 0x1C 41 #define FTGMAC100_NPTXR_BADR 0x20 42 #define FTGMAC100_RXR_BADR 0x24 43 #define FTGMAC100_HPTXPD 0x28 44 #define FTGMAC100_HPTXR_BADR 0x2c 45 #define FTGMAC100_ITC 0x30 46 #define FTGMAC100_APTC 0x34 47 #define FTGMAC100_DBLAC 0x38 48 #define FTGMAC100_REVR 0x40 49 #define FTGMAC100_FEAR1 0x44 50 #define FTGMAC100_RBSR 0x4c 51 #define FTGMAC100_TPAFCR 0x48 52 53 #define FTGMAC100_MACCR 0x50 54 #define FTGMAC100_MACSR 0x54 55 #define FTGMAC100_PHYCR 0x60 56 #define FTGMAC100_PHYDATA 0x64 57 #define FTGMAC100_FCR 0x68 58 59 /* 60 * Interrupt status register & interrupt enable register 61 */ 62 #define FTGMAC100_INT_RPKT_BUF (1 << 0) 63 #define FTGMAC100_INT_RPKT_FIFO (1 << 1) 64 #define FTGMAC100_INT_NO_RXBUF (1 << 2) 65 #define FTGMAC100_INT_RPKT_LOST (1 << 3) 66 #define FTGMAC100_INT_XPKT_ETH (1 << 4) 67 #define FTGMAC100_INT_XPKT_FIFO (1 << 5) 68 #define FTGMAC100_INT_NO_NPTXBUF (1 << 6) 69 #define FTGMAC100_INT_XPKT_LOST (1 << 7) 70 #define FTGMAC100_INT_AHB_ERR (1 << 8) 71 #define FTGMAC100_INT_PHYSTS_CHG (1 << 9) 72 #define FTGMAC100_INT_NO_HPTXBUF (1 << 10) 73 74 /* 75 * Automatic polling timer control register 76 */ 77 #define FTGMAC100_APTC_RXPOLL_CNT(x) ((x) & 0xf) 78 #define FTGMAC100_APTC_RXPOLL_TIME_SEL (1 << 4) 79 #define FTGMAC100_APTC_TXPOLL_CNT(x) (((x) >> 8) & 0xf) 80 #define FTGMAC100_APTC_TXPOLL_TIME_SEL (1 << 12) 81 82 /* 83 * DMA burst length and arbitration control register 84 */ 85 #define FTGMAC100_DBLAC_RXBURST_SIZE(x) (((x) >> 8) & 0x3) 86 #define FTGMAC100_DBLAC_TXBURST_SIZE(x) (((x) >> 10) & 0x3) 87 #define FTGMAC100_DBLAC_RXDES_SIZE(x) ((((x) >> 12) & 0xf) * 8) 88 #define FTGMAC100_DBLAC_TXDES_SIZE(x) ((((x) >> 16) & 0xf) * 8) 89 #define FTGMAC100_DBLAC_IFG_CNT(x) (((x) >> 20) & 0x7) 90 #define FTGMAC100_DBLAC_IFG_INC (1 << 23) 91 92 /* 93 * PHY control register 94 */ 95 #define FTGMAC100_PHYCR_MIIRD (1 << 26) 96 #define FTGMAC100_PHYCR_MIIWR (1 << 27) 97 98 #define FTGMAC100_PHYCR_DEV(x) (((x) >> 16) & 0x1f) 99 #define FTGMAC100_PHYCR_REG(x) (((x) >> 21) & 0x1f) 100 101 /* 102 * PHY data register 103 */ 104 #define FTGMAC100_PHYDATA_MIIWDATA(x) ((x) & 0xffff) 105 #define FTGMAC100_PHYDATA_MIIRDATA(x) (((x) >> 16) & 0xffff) 106 107 /* 108 * PHY control register - New MDC/MDIO interface 109 */ 110 #define FTGMAC100_PHYCR_NEW_DATA(x) (((x) >> 16) & 0xffff) 111 #define FTGMAC100_PHYCR_NEW_FIRE (1 << 15) 112 #define FTGMAC100_PHYCR_NEW_ST_22 (1 << 12) 113 #define FTGMAC100_PHYCR_NEW_OP(x) (((x) >> 10) & 3) 114 #define FTGMAC100_PHYCR_NEW_OP_WRITE 0x1 115 #define FTGMAC100_PHYCR_NEW_OP_READ 0x2 116 #define FTGMAC100_PHYCR_NEW_DEV(x) (((x) >> 5) & 0x1f) 117 #define FTGMAC100_PHYCR_NEW_REG(x) ((x) & 0x1f) 118 119 /* 120 * Feature Register 121 */ 122 #define FTGMAC100_REVR_NEW_MDIO_INTERFACE (1 << 31) 123 124 /* 125 * MAC control register 126 */ 127 #define FTGMAC100_MACCR_TXDMA_EN (1 << 0) 128 #define FTGMAC100_MACCR_RXDMA_EN (1 << 1) 129 #define FTGMAC100_MACCR_TXMAC_EN (1 << 2) 130 #define FTGMAC100_MACCR_RXMAC_EN (1 << 3) 131 #define FTGMAC100_MACCR_RM_VLAN (1 << 4) 132 #define FTGMAC100_MACCR_HPTXR_EN (1 << 5) 133 #define FTGMAC100_MACCR_LOOP_EN (1 << 6) 134 #define FTGMAC100_MACCR_ENRX_IN_HALFTX (1 << 7) 135 #define FTGMAC100_MACCR_FULLDUP (1 << 8) 136 #define FTGMAC100_MACCR_GIGA_MODE (1 << 9) 137 #define FTGMAC100_MACCR_CRC_APD (1 << 10) /* not needed */ 138 #define FTGMAC100_MACCR_RX_RUNT (1 << 12) 139 #define FTGMAC100_MACCR_JUMBO_LF (1 << 13) 140 #define FTGMAC100_MACCR_RX_ALL (1 << 14) 141 #define FTGMAC100_MACCR_HT_MULTI_EN (1 << 15) 142 #define FTGMAC100_MACCR_RX_MULTIPKT (1 << 16) 143 #define FTGMAC100_MACCR_RX_BROADPKT (1 << 17) 144 #define FTGMAC100_MACCR_DISCARD_CRCERR (1 << 18) 145 #define FTGMAC100_MACCR_FAST_MODE (1 << 19) 146 #define FTGMAC100_MACCR_SW_RST (1 << 31) 147 148 /* 149 * Transmit descriptor 150 */ 151 #define FTGMAC100_TXDES0_TXBUF_SIZE(x) ((x) & 0x3fff) 152 #define FTGMAC100_TXDES0_EDOTR (1 << 15) 153 #define FTGMAC100_TXDES0_CRC_ERR (1 << 19) 154 #define FTGMAC100_TXDES0_LTS (1 << 28) 155 #define FTGMAC100_TXDES0_FTS (1 << 29) 156 #define FTGMAC100_TXDES0_EDOTR_ASPEED (1 << 30) 157 #define FTGMAC100_TXDES0_TXDMA_OWN (1 << 31) 158 159 #define FTGMAC100_TXDES1_VLANTAG_CI(x) ((x) & 0xffff) 160 #define FTGMAC100_TXDES1_INS_VLANTAG (1 << 16) 161 #define FTGMAC100_TXDES1_TCP_CHKSUM (1 << 17) 162 #define FTGMAC100_TXDES1_UDP_CHKSUM (1 << 18) 163 #define FTGMAC100_TXDES1_IP_CHKSUM (1 << 19) 164 #define FTGMAC100_TXDES1_LLC (1 << 22) 165 #define FTGMAC100_TXDES1_TX2FIC (1 << 30) 166 #define FTGMAC100_TXDES1_TXIC (1 << 31) 167 168 /* 169 * Receive descriptor 170 */ 171 #define FTGMAC100_RXDES0_VDBC 0x3fff 172 #define FTGMAC100_RXDES0_EDORR (1 << 15) 173 #define FTGMAC100_RXDES0_MULTICAST (1 << 16) 174 #define FTGMAC100_RXDES0_BROADCAST (1 << 17) 175 #define FTGMAC100_RXDES0_RX_ERR (1 << 18) 176 #define FTGMAC100_RXDES0_CRC_ERR (1 << 19) 177 #define FTGMAC100_RXDES0_FTL (1 << 20) 178 #define FTGMAC100_RXDES0_RUNT (1 << 21) 179 #define FTGMAC100_RXDES0_RX_ODD_NB (1 << 22) 180 #define FTGMAC100_RXDES0_FIFO_FULL (1 << 23) 181 #define FTGMAC100_RXDES0_PAUSE_OPCODE (1 << 24) 182 #define FTGMAC100_RXDES0_PAUSE_FRAME (1 << 25) 183 #define FTGMAC100_RXDES0_LRS (1 << 28) 184 #define FTGMAC100_RXDES0_FRS (1 << 29) 185 #define FTGMAC100_RXDES0_EDORR_ASPEED (1 << 30) 186 #define FTGMAC100_RXDES0_RXPKT_RDY (1 << 31) 187 188 #define FTGMAC100_RXDES1_VLANTAG_CI 0xffff 189 #define FTGMAC100_RXDES1_PROT_MASK (0x3 << 20) 190 #define FTGMAC100_RXDES1_PROT_NONIP (0x0 << 20) 191 #define FTGMAC100_RXDES1_PROT_IP (0x1 << 20) 192 #define FTGMAC100_RXDES1_PROT_TCPIP (0x2 << 20) 193 #define FTGMAC100_RXDES1_PROT_UDPIP (0x3 << 20) 194 #define FTGMAC100_RXDES1_LLC (1 << 22) 195 #define FTGMAC100_RXDES1_DF (1 << 23) 196 #define FTGMAC100_RXDES1_VLANTAG_AVAIL (1 << 24) 197 #define FTGMAC100_RXDES1_TCP_CHKSUM_ERR (1 << 25) 198 #define FTGMAC100_RXDES1_UDP_CHKSUM_ERR (1 << 26) 199 #define FTGMAC100_RXDES1_IP_CHKSUM_ERR (1 << 27) 200 201 /* 202 * Receive and transmit Buffer Descriptor 203 */ 204 typedef struct { 205 uint32_t des0; 206 uint32_t des1; 207 uint32_t des2; /* not used by HW */ 208 uint32_t des3; 209 } FTGMAC100Desc; 210 211 #define FTGMAC100_DESC_ALIGNMENT 16 212 213 /* 214 * Specific RTL8211E MII Registers 215 */ 216 #define RTL8211E_MII_PHYCR 16 /* PHY Specific Control */ 217 #define RTL8211E_MII_PHYSR 17 /* PHY Specific Status */ 218 #define RTL8211E_MII_INER 18 /* Interrupt Enable */ 219 #define RTL8211E_MII_INSR 19 /* Interrupt Status */ 220 #define RTL8211E_MII_RXERC 24 /* Receive Error Counter */ 221 #define RTL8211E_MII_LDPSR 27 /* Link Down Power Saving */ 222 #define RTL8211E_MII_EPAGSR 30 /* Extension Page Select */ 223 #define RTL8211E_MII_PAGSEL 31 /* Page Select */ 224 225 /* 226 * RTL8211E Interrupt Status 227 */ 228 #define PHY_INT_AUTONEG_ERROR (1 << 15) 229 #define PHY_INT_PAGE_RECV (1 << 12) 230 #define PHY_INT_AUTONEG_COMPLETE (1 << 11) 231 #define PHY_INT_LINK_STATUS (1 << 10) 232 #define PHY_INT_ERROR (1 << 9) 233 #define PHY_INT_DOWN (1 << 8) 234 #define PHY_INT_JABBER (1 << 0) 235 236 /* 237 * Max frame size for the receiving buffer 238 */ 239 #define FTGMAC100_MAX_FRAME_SIZE 9220 240 241 /* Limits depending on the type of the frame 242 * 243 * 9216 for Jumbo frames (+ 4 for VLAN) 244 * 1518 for other frames (+ 4 for VLAN) 245 */ 246 static int ftgmac100_max_frame_size(FTGMAC100State *s, uint16_t proto) 247 { 248 int max = (s->maccr & FTGMAC100_MACCR_JUMBO_LF ? 9216 : 1518); 249 250 return max + (proto == ETH_P_VLAN ? 4 : 0); 251 } 252 253 static void ftgmac100_update_irq(FTGMAC100State *s) 254 { 255 qemu_set_irq(s->irq, s->isr & s->ier); 256 } 257 258 /* 259 * The MII phy could raise a GPIO to the processor which in turn 260 * could be handled as an interrpt by the OS. 261 * For now we don't handle any GPIO/interrupt line, so the OS will 262 * have to poll for the PHY status. 263 */ 264 static void phy_update_irq(FTGMAC100State *s) 265 { 266 ftgmac100_update_irq(s); 267 } 268 269 static void phy_update_link(FTGMAC100State *s) 270 { 271 /* Autonegotiation status mirrors link status. */ 272 if (qemu_get_queue(s->nic)->link_down) { 273 s->phy_status &= ~(MII_BMSR_LINK_ST | MII_BMSR_AN_COMP); 274 s->phy_int |= PHY_INT_DOWN; 275 } else { 276 s->phy_status |= (MII_BMSR_LINK_ST | MII_BMSR_AN_COMP); 277 s->phy_int |= PHY_INT_AUTONEG_COMPLETE; 278 } 279 phy_update_irq(s); 280 } 281 282 static void ftgmac100_set_link(NetClientState *nc) 283 { 284 phy_update_link(FTGMAC100(qemu_get_nic_opaque(nc))); 285 } 286 287 static void phy_reset(FTGMAC100State *s) 288 { 289 s->phy_status = (MII_BMSR_100TX_FD | MII_BMSR_100TX_HD | MII_BMSR_10T_FD | 290 MII_BMSR_10T_HD | MII_BMSR_EXTSTAT | MII_BMSR_MFPS | 291 MII_BMSR_AN_COMP | MII_BMSR_AUTONEG | MII_BMSR_LINK_ST | 292 MII_BMSR_EXTCAP); 293 s->phy_control = (MII_BMCR_AUTOEN | MII_BMCR_FD | MII_BMCR_SPEED1000); 294 s->phy_advertise = (MII_ANAR_PAUSE_ASYM | MII_ANAR_PAUSE | MII_ANAR_TXFD | 295 MII_ANAR_TX | MII_ANAR_10FD | MII_ANAR_10 | 296 MII_ANAR_CSMACD); 297 s->phy_int_mask = 0; 298 s->phy_int = 0; 299 } 300 301 static uint16_t do_phy_read(FTGMAC100State *s, uint8_t reg) 302 { 303 uint16_t val; 304 305 switch (reg) { 306 case MII_BMCR: /* Basic Control */ 307 val = s->phy_control; 308 break; 309 case MII_BMSR: /* Basic Status */ 310 val = s->phy_status; 311 break; 312 case MII_PHYID1: /* ID1 */ 313 val = RTL8211E_PHYID1; 314 break; 315 case MII_PHYID2: /* ID2 */ 316 val = RTL8211E_PHYID2; 317 break; 318 case MII_ANAR: /* Auto-neg advertisement */ 319 val = s->phy_advertise; 320 break; 321 case MII_ANLPAR: /* Auto-neg Link Partner Ability */ 322 val = (MII_ANLPAR_ACK | MII_ANLPAR_PAUSE | MII_ANLPAR_TXFD | 323 MII_ANLPAR_TX | MII_ANLPAR_10FD | MII_ANLPAR_10 | 324 MII_ANLPAR_CSMACD); 325 break; 326 case MII_ANER: /* Auto-neg Expansion */ 327 val = MII_ANER_NWAY; 328 break; 329 case MII_CTRL1000: /* 1000BASE-T control */ 330 val = (MII_CTRL1000_HALF | MII_CTRL1000_FULL); 331 break; 332 case MII_STAT1000: /* 1000BASE-T status */ 333 val = MII_STAT1000_FULL; 334 break; 335 case RTL8211E_MII_INSR: /* Interrupt status. */ 336 val = s->phy_int; 337 s->phy_int = 0; 338 phy_update_irq(s); 339 break; 340 case RTL8211E_MII_INER: /* Interrupt enable */ 341 val = s->phy_int_mask; 342 break; 343 case RTL8211E_MII_PHYCR: 344 case RTL8211E_MII_PHYSR: 345 case RTL8211E_MII_RXERC: 346 case RTL8211E_MII_LDPSR: 347 case RTL8211E_MII_EPAGSR: 348 case RTL8211E_MII_PAGSEL: 349 qemu_log_mask(LOG_UNIMP, "%s: reg %d not implemented\n", 350 __func__, reg); 351 val = 0; 352 break; 353 default: 354 qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad address at offset %d\n", 355 __func__, reg); 356 val = 0; 357 break; 358 } 359 360 return val; 361 } 362 363 #define MII_BMCR_MASK (MII_BMCR_LOOPBACK | MII_BMCR_SPEED100 | \ 364 MII_BMCR_SPEED | MII_BMCR_AUTOEN | MII_BMCR_PDOWN | \ 365 MII_BMCR_FD | MII_BMCR_CTST) 366 #define MII_ANAR_MASK 0x2d7f 367 368 static void do_phy_write(FTGMAC100State *s, uint8_t reg, uint16_t val) 369 { 370 switch (reg) { 371 case MII_BMCR: /* Basic Control */ 372 if (val & MII_BMCR_RESET) { 373 phy_reset(s); 374 } else { 375 s->phy_control = val & MII_BMCR_MASK; 376 /* Complete autonegotiation immediately. */ 377 if (val & MII_BMCR_AUTOEN) { 378 s->phy_status |= MII_BMSR_AN_COMP; 379 } 380 } 381 break; 382 case MII_ANAR: /* Auto-neg advertisement */ 383 s->phy_advertise = (val & MII_ANAR_MASK) | MII_ANAR_TX; 384 break; 385 case RTL8211E_MII_INER: /* Interrupt enable */ 386 s->phy_int_mask = val & 0xff; 387 phy_update_irq(s); 388 break; 389 case RTL8211E_MII_PHYCR: 390 case RTL8211E_MII_PHYSR: 391 case RTL8211E_MII_RXERC: 392 case RTL8211E_MII_LDPSR: 393 case RTL8211E_MII_EPAGSR: 394 case RTL8211E_MII_PAGSEL: 395 qemu_log_mask(LOG_UNIMP, "%s: reg %d not implemented\n", 396 __func__, reg); 397 break; 398 default: 399 qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad address at offset %d\n", 400 __func__, reg); 401 break; 402 } 403 } 404 405 static void do_phy_new_ctl(FTGMAC100State *s) 406 { 407 uint8_t reg; 408 uint16_t data; 409 410 if (!(s->phycr & FTGMAC100_PHYCR_NEW_ST_22)) { 411 qemu_log_mask(LOG_UNIMP, "%s: unsupported ST code\n", __func__); 412 return; 413 } 414 415 /* Nothing to do */ 416 if (!(s->phycr & FTGMAC100_PHYCR_NEW_FIRE)) { 417 return; 418 } 419 420 reg = FTGMAC100_PHYCR_NEW_REG(s->phycr); 421 data = FTGMAC100_PHYCR_NEW_DATA(s->phycr); 422 423 switch (FTGMAC100_PHYCR_NEW_OP(s->phycr)) { 424 case FTGMAC100_PHYCR_NEW_OP_WRITE: 425 do_phy_write(s, reg, data); 426 break; 427 case FTGMAC100_PHYCR_NEW_OP_READ: 428 s->phydata = do_phy_read(s, reg) & 0xffff; 429 break; 430 default: 431 qemu_log_mask(LOG_GUEST_ERROR, "%s: invalid OP code %08x\n", 432 __func__, s->phycr); 433 } 434 435 s->phycr &= ~FTGMAC100_PHYCR_NEW_FIRE; 436 } 437 438 static void do_phy_ctl(FTGMAC100State *s) 439 { 440 uint8_t reg = FTGMAC100_PHYCR_REG(s->phycr); 441 442 if (s->phycr & FTGMAC100_PHYCR_MIIWR) { 443 do_phy_write(s, reg, s->phydata & 0xffff); 444 s->phycr &= ~FTGMAC100_PHYCR_MIIWR; 445 } else if (s->phycr & FTGMAC100_PHYCR_MIIRD) { 446 s->phydata = do_phy_read(s, reg) << 16; 447 s->phycr &= ~FTGMAC100_PHYCR_MIIRD; 448 } else { 449 qemu_log_mask(LOG_GUEST_ERROR, "%s: no OP code %08x\n", 450 __func__, s->phycr); 451 } 452 } 453 454 static int ftgmac100_read_bd(FTGMAC100Desc *bd, dma_addr_t addr) 455 { 456 if (dma_memory_read(&address_space_memory, addr, bd, sizeof(*bd))) { 457 qemu_log_mask(LOG_GUEST_ERROR, "%s: failed to read descriptor @ 0x%" 458 HWADDR_PRIx "\n", __func__, addr); 459 return -1; 460 } 461 bd->des0 = le32_to_cpu(bd->des0); 462 bd->des1 = le32_to_cpu(bd->des1); 463 bd->des2 = le32_to_cpu(bd->des2); 464 bd->des3 = le32_to_cpu(bd->des3); 465 return 0; 466 } 467 468 static int ftgmac100_write_bd(FTGMAC100Desc *bd, dma_addr_t addr) 469 { 470 FTGMAC100Desc lebd; 471 472 lebd.des0 = cpu_to_le32(bd->des0); 473 lebd.des1 = cpu_to_le32(bd->des1); 474 lebd.des2 = cpu_to_le32(bd->des2); 475 lebd.des3 = cpu_to_le32(bd->des3); 476 if (dma_memory_write(&address_space_memory, addr, &lebd, sizeof(lebd))) { 477 qemu_log_mask(LOG_GUEST_ERROR, "%s: failed to write descriptor @ 0x%" 478 HWADDR_PRIx "\n", __func__, addr); 479 return -1; 480 } 481 return 0; 482 } 483 484 static int ftgmac100_insert_vlan(FTGMAC100State *s, int frame_size, 485 uint8_t vlan_tci) 486 { 487 uint8_t *vlan_hdr = s->frame + (ETH_ALEN * 2); 488 uint8_t *payload = vlan_hdr + sizeof(struct vlan_header); 489 490 if (frame_size < sizeof(struct eth_header)) { 491 qemu_log_mask(LOG_GUEST_ERROR, 492 "%s: frame too small for VLAN insertion : %d bytes\n", 493 __func__, frame_size); 494 s->isr |= FTGMAC100_INT_XPKT_LOST; 495 goto out; 496 } 497 498 if (frame_size + sizeof(struct vlan_header) > sizeof(s->frame)) { 499 qemu_log_mask(LOG_GUEST_ERROR, 500 "%s: frame too big : %d bytes\n", 501 __func__, frame_size); 502 s->isr |= FTGMAC100_INT_XPKT_LOST; 503 frame_size -= sizeof(struct vlan_header); 504 } 505 506 memmove(payload, vlan_hdr, frame_size - (ETH_ALEN * 2)); 507 stw_be_p(vlan_hdr, ETH_P_VLAN); 508 stw_be_p(vlan_hdr + 2, vlan_tci); 509 frame_size += sizeof(struct vlan_header); 510 511 out: 512 return frame_size; 513 } 514 515 static void ftgmac100_do_tx(FTGMAC100State *s, uint32_t tx_ring, 516 uint32_t tx_descriptor) 517 { 518 int frame_size = 0; 519 uint8_t *ptr = s->frame; 520 uint32_t addr = tx_descriptor; 521 uint32_t flags = 0; 522 523 while (1) { 524 FTGMAC100Desc bd; 525 int len; 526 527 if (ftgmac100_read_bd(&bd, addr) || 528 ((bd.des0 & FTGMAC100_TXDES0_TXDMA_OWN) == 0)) { 529 /* Run out of descriptors to transmit. */ 530 s->isr |= FTGMAC100_INT_NO_NPTXBUF; 531 break; 532 } 533 534 /* record transmit flags as they are valid only on the first 535 * segment */ 536 if (bd.des0 & FTGMAC100_TXDES0_FTS) { 537 flags = bd.des1; 538 } 539 540 len = FTGMAC100_TXDES0_TXBUF_SIZE(bd.des0); 541 if (!len) { 542 /* 543 * 0 is an invalid size, however the HW does not raise any 544 * interrupt. Flag an error because the guest is buggy. 545 */ 546 qemu_log_mask(LOG_GUEST_ERROR, "%s: invalid segment size\n", 547 __func__); 548 } 549 550 if (frame_size + len > sizeof(s->frame)) { 551 qemu_log_mask(LOG_GUEST_ERROR, "%s: frame too big : %d bytes\n", 552 __func__, len); 553 s->isr |= FTGMAC100_INT_XPKT_LOST; 554 len = sizeof(s->frame) - frame_size; 555 } 556 557 if (dma_memory_read(&address_space_memory, bd.des3, ptr, len)) { 558 qemu_log_mask(LOG_GUEST_ERROR, "%s: failed to read packet @ 0x%x\n", 559 __func__, bd.des3); 560 s->isr |= FTGMAC100_INT_AHB_ERR; 561 break; 562 } 563 564 ptr += len; 565 frame_size += len; 566 if (bd.des0 & FTGMAC100_TXDES0_LTS) { 567 568 /* Check for VLAN */ 569 if (flags & FTGMAC100_TXDES1_INS_VLANTAG && 570 be16_to_cpu(PKT_GET_ETH_HDR(s->frame)->h_proto) != ETH_P_VLAN) { 571 frame_size = ftgmac100_insert_vlan(s, frame_size, 572 FTGMAC100_TXDES1_VLANTAG_CI(flags)); 573 } 574 575 if (flags & FTGMAC100_TXDES1_IP_CHKSUM) { 576 net_checksum_calculate(s->frame, frame_size); 577 } 578 /* Last buffer in frame. */ 579 qemu_send_packet(qemu_get_queue(s->nic), s->frame, frame_size); 580 ptr = s->frame; 581 frame_size = 0; 582 s->isr |= FTGMAC100_INT_XPKT_ETH; 583 } 584 585 if (flags & FTGMAC100_TXDES1_TX2FIC) { 586 s->isr |= FTGMAC100_INT_XPKT_FIFO; 587 } 588 bd.des0 &= ~FTGMAC100_TXDES0_TXDMA_OWN; 589 590 /* Write back the modified descriptor. */ 591 ftgmac100_write_bd(&bd, addr); 592 /* Advance to the next descriptor. */ 593 if (bd.des0 & s->txdes0_edotr) { 594 addr = tx_ring; 595 } else { 596 addr += FTGMAC100_DBLAC_TXDES_SIZE(s->dblac); 597 } 598 } 599 600 s->tx_descriptor = addr; 601 602 ftgmac100_update_irq(s); 603 } 604 605 static bool ftgmac100_can_receive(NetClientState *nc) 606 { 607 FTGMAC100State *s = FTGMAC100(qemu_get_nic_opaque(nc)); 608 FTGMAC100Desc bd; 609 610 if ((s->maccr & (FTGMAC100_MACCR_RXDMA_EN | FTGMAC100_MACCR_RXMAC_EN)) 611 != (FTGMAC100_MACCR_RXDMA_EN | FTGMAC100_MACCR_RXMAC_EN)) { 612 return false; 613 } 614 615 if (ftgmac100_read_bd(&bd, s->rx_descriptor)) { 616 return false; 617 } 618 return !(bd.des0 & FTGMAC100_RXDES0_RXPKT_RDY); 619 } 620 621 /* 622 * This is purely informative. The HW can poll the RW (and RX) ring 623 * buffers for available descriptors but we don't need to trigger a 624 * timer for that in qemu. 625 */ 626 static uint32_t ftgmac100_rxpoll(FTGMAC100State *s) 627 { 628 /* Polling times : 629 * 630 * Speed TIME_SEL=0 TIME_SEL=1 631 * 632 * 10 51.2 ms 819.2 ms 633 * 100 5.12 ms 81.92 ms 634 * 1000 1.024 ms 16.384 ms 635 */ 636 static const int div[] = { 20, 200, 1000 }; 637 638 uint32_t cnt = 1024 * FTGMAC100_APTC_RXPOLL_CNT(s->aptcr); 639 uint32_t speed = (s->maccr & FTGMAC100_MACCR_FAST_MODE) ? 1 : 0; 640 641 if (s->aptcr & FTGMAC100_APTC_RXPOLL_TIME_SEL) { 642 cnt <<= 4; 643 } 644 645 if (s->maccr & FTGMAC100_MACCR_GIGA_MODE) { 646 speed = 2; 647 } 648 649 return cnt / div[speed]; 650 } 651 652 static void ftgmac100_do_reset(FTGMAC100State *s, bool sw_reset) 653 { 654 /* Reset the FTGMAC100 */ 655 s->isr = 0; 656 s->ier = 0; 657 s->rx_enabled = 0; 658 s->rx_ring = 0; 659 s->rbsr = 0x640; 660 s->rx_descriptor = 0; 661 s->tx_ring = 0; 662 s->tx_descriptor = 0; 663 s->math[0] = 0; 664 s->math[1] = 0; 665 s->itc = 0; 666 s->aptcr = 1; 667 s->dblac = 0x00022f00; 668 s->revr = 0; 669 s->fear1 = 0; 670 s->tpafcr = 0xf1; 671 672 if (sw_reset) { 673 s->maccr &= FTGMAC100_MACCR_GIGA_MODE | FTGMAC100_MACCR_FAST_MODE; 674 } else { 675 s->maccr = 0; 676 } 677 678 s->phycr = 0; 679 s->phydata = 0; 680 s->fcr = 0x400; 681 682 /* and the PHY */ 683 phy_reset(s); 684 } 685 686 static void ftgmac100_reset(DeviceState *d) 687 { 688 ftgmac100_do_reset(FTGMAC100(d), false); 689 } 690 691 static uint64_t ftgmac100_read(void *opaque, hwaddr addr, unsigned size) 692 { 693 FTGMAC100State *s = FTGMAC100(opaque); 694 695 switch (addr & 0xff) { 696 case FTGMAC100_ISR: 697 return s->isr; 698 case FTGMAC100_IER: 699 return s->ier; 700 case FTGMAC100_MAC_MADR: 701 return (s->conf.macaddr.a[0] << 8) | s->conf.macaddr.a[1]; 702 case FTGMAC100_MAC_LADR: 703 return ((uint32_t) s->conf.macaddr.a[2] << 24) | 704 (s->conf.macaddr.a[3] << 16) | (s->conf.macaddr.a[4] << 8) | 705 s->conf.macaddr.a[5]; 706 case FTGMAC100_MATH0: 707 return s->math[0]; 708 case FTGMAC100_MATH1: 709 return s->math[1]; 710 case FTGMAC100_RXR_BADR: 711 return s->rx_ring; 712 case FTGMAC100_NPTXR_BADR: 713 return s->tx_ring; 714 case FTGMAC100_ITC: 715 return s->itc; 716 case FTGMAC100_DBLAC: 717 return s->dblac; 718 case FTGMAC100_REVR: 719 return s->revr; 720 case FTGMAC100_FEAR1: 721 return s->fear1; 722 case FTGMAC100_TPAFCR: 723 return s->tpafcr; 724 case FTGMAC100_FCR: 725 return s->fcr; 726 case FTGMAC100_MACCR: 727 return s->maccr; 728 case FTGMAC100_PHYCR: 729 return s->phycr; 730 case FTGMAC100_PHYDATA: 731 return s->phydata; 732 733 /* We might want to support these one day */ 734 case FTGMAC100_HPTXPD: /* High Priority Transmit Poll Demand */ 735 case FTGMAC100_HPTXR_BADR: /* High Priority Transmit Ring Base Address */ 736 case FTGMAC100_MACSR: /* MAC Status Register (MACSR) */ 737 qemu_log_mask(LOG_UNIMP, "%s: read to unimplemented register 0x%" 738 HWADDR_PRIx "\n", __func__, addr); 739 return 0; 740 default: 741 qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad address at offset 0x%" 742 HWADDR_PRIx "\n", __func__, addr); 743 return 0; 744 } 745 } 746 747 static void ftgmac100_write(void *opaque, hwaddr addr, 748 uint64_t value, unsigned size) 749 { 750 FTGMAC100State *s = FTGMAC100(opaque); 751 752 switch (addr & 0xff) { 753 case FTGMAC100_ISR: /* Interrupt status */ 754 s->isr &= ~value; 755 break; 756 case FTGMAC100_IER: /* Interrupt control */ 757 s->ier = value; 758 break; 759 case FTGMAC100_MAC_MADR: /* MAC */ 760 s->conf.macaddr.a[0] = value >> 8; 761 s->conf.macaddr.a[1] = value; 762 break; 763 case FTGMAC100_MAC_LADR: 764 s->conf.macaddr.a[2] = value >> 24; 765 s->conf.macaddr.a[3] = value >> 16; 766 s->conf.macaddr.a[4] = value >> 8; 767 s->conf.macaddr.a[5] = value; 768 break; 769 case FTGMAC100_MATH0: /* Multicast Address Hash Table 0 */ 770 s->math[0] = value; 771 break; 772 case FTGMAC100_MATH1: /* Multicast Address Hash Table 1 */ 773 s->math[1] = value; 774 break; 775 case FTGMAC100_ITC: /* TODO: Interrupt Timer Control */ 776 s->itc = value; 777 break; 778 case FTGMAC100_RXR_BADR: /* Ring buffer address */ 779 if (!QEMU_IS_ALIGNED(value, FTGMAC100_DESC_ALIGNMENT)) { 780 qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad RX buffer alignment 0x%" 781 HWADDR_PRIx "\n", __func__, value); 782 return; 783 } 784 785 s->rx_ring = value; 786 s->rx_descriptor = s->rx_ring; 787 break; 788 789 case FTGMAC100_RBSR: /* DMA buffer size */ 790 s->rbsr = value; 791 break; 792 793 case FTGMAC100_NPTXR_BADR: /* Transmit buffer address */ 794 if (!QEMU_IS_ALIGNED(value, FTGMAC100_DESC_ALIGNMENT)) { 795 qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad TX buffer alignment 0x%" 796 HWADDR_PRIx "\n", __func__, value); 797 return; 798 } 799 s->tx_ring = value; 800 s->tx_descriptor = s->tx_ring; 801 break; 802 803 case FTGMAC100_NPTXPD: /* Trigger transmit */ 804 if ((s->maccr & (FTGMAC100_MACCR_TXDMA_EN | FTGMAC100_MACCR_TXMAC_EN)) 805 == (FTGMAC100_MACCR_TXDMA_EN | FTGMAC100_MACCR_TXMAC_EN)) { 806 /* TODO: high priority tx ring */ 807 ftgmac100_do_tx(s, s->tx_ring, s->tx_descriptor); 808 } 809 if (ftgmac100_can_receive(qemu_get_queue(s->nic))) { 810 qemu_flush_queued_packets(qemu_get_queue(s->nic)); 811 } 812 break; 813 814 case FTGMAC100_RXPD: /* Receive Poll Demand Register */ 815 if (ftgmac100_can_receive(qemu_get_queue(s->nic))) { 816 qemu_flush_queued_packets(qemu_get_queue(s->nic)); 817 } 818 break; 819 820 case FTGMAC100_APTC: /* Automatic polling */ 821 s->aptcr = value; 822 823 if (FTGMAC100_APTC_RXPOLL_CNT(s->aptcr)) { 824 ftgmac100_rxpoll(s); 825 } 826 827 if (FTGMAC100_APTC_TXPOLL_CNT(s->aptcr)) { 828 qemu_log_mask(LOG_UNIMP, "%s: no transmit polling\n", __func__); 829 } 830 break; 831 832 case FTGMAC100_MACCR: /* MAC Device control */ 833 s->maccr = value; 834 if (value & FTGMAC100_MACCR_SW_RST) { 835 ftgmac100_do_reset(s, true); 836 } 837 838 if (ftgmac100_can_receive(qemu_get_queue(s->nic))) { 839 qemu_flush_queued_packets(qemu_get_queue(s->nic)); 840 } 841 break; 842 843 case FTGMAC100_PHYCR: /* PHY Device control */ 844 s->phycr = value; 845 if (s->revr & FTGMAC100_REVR_NEW_MDIO_INTERFACE) { 846 do_phy_new_ctl(s); 847 } else { 848 do_phy_ctl(s); 849 } 850 break; 851 case FTGMAC100_PHYDATA: 852 s->phydata = value & 0xffff; 853 break; 854 case FTGMAC100_DBLAC: /* DMA Burst Length and Arbitration Control */ 855 if (FTGMAC100_DBLAC_TXDES_SIZE(value) < sizeof(FTGMAC100Desc)) { 856 qemu_log_mask(LOG_GUEST_ERROR, 857 "%s: transmit descriptor too small: %" PRIx64 858 " bytes\n", __func__, 859 FTGMAC100_DBLAC_TXDES_SIZE(value)); 860 break; 861 } 862 if (FTGMAC100_DBLAC_RXDES_SIZE(value) < sizeof(FTGMAC100Desc)) { 863 qemu_log_mask(LOG_GUEST_ERROR, 864 "%s: receive descriptor too small : %" PRIx64 865 " bytes\n", __func__, 866 FTGMAC100_DBLAC_RXDES_SIZE(value)); 867 break; 868 } 869 s->dblac = value; 870 break; 871 case FTGMAC100_REVR: /* Feature Register */ 872 s->revr = value; 873 break; 874 case FTGMAC100_FEAR1: /* Feature Register 1 */ 875 s->fear1 = value; 876 break; 877 case FTGMAC100_TPAFCR: /* Transmit Priority Arbitration and FIFO Control */ 878 s->tpafcr = value; 879 break; 880 case FTGMAC100_FCR: /* Flow Control */ 881 s->fcr = value; 882 break; 883 884 case FTGMAC100_HPTXPD: /* High Priority Transmit Poll Demand */ 885 case FTGMAC100_HPTXR_BADR: /* High Priority Transmit Ring Base Address */ 886 case FTGMAC100_MACSR: /* MAC Status Register (MACSR) */ 887 qemu_log_mask(LOG_UNIMP, "%s: write to unimplemented register 0x%" 888 HWADDR_PRIx "\n", __func__, addr); 889 break; 890 default: 891 qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad address at offset 0x%" 892 HWADDR_PRIx "\n", __func__, addr); 893 break; 894 } 895 896 ftgmac100_update_irq(s); 897 } 898 899 static int ftgmac100_filter(FTGMAC100State *s, const uint8_t *buf, size_t len) 900 { 901 unsigned mcast_idx; 902 903 if (s->maccr & FTGMAC100_MACCR_RX_ALL) { 904 return 1; 905 } 906 907 switch (get_eth_packet_type(PKT_GET_ETH_HDR(buf))) { 908 case ETH_PKT_BCAST: 909 if (!(s->maccr & FTGMAC100_MACCR_RX_BROADPKT)) { 910 return 0; 911 } 912 break; 913 case ETH_PKT_MCAST: 914 if (!(s->maccr & FTGMAC100_MACCR_RX_MULTIPKT)) { 915 if (!(s->maccr & FTGMAC100_MACCR_HT_MULTI_EN)) { 916 return 0; 917 } 918 919 mcast_idx = net_crc32_le(buf, ETH_ALEN); 920 mcast_idx = (~(mcast_idx >> 2)) & 0x3f; 921 if (!(s->math[mcast_idx / 32] & (1 << (mcast_idx % 32)))) { 922 return 0; 923 } 924 } 925 break; 926 case ETH_PKT_UCAST: 927 if (memcmp(s->conf.macaddr.a, buf, 6)) { 928 return 0; 929 } 930 break; 931 } 932 933 return 1; 934 } 935 936 static ssize_t ftgmac100_receive(NetClientState *nc, const uint8_t *buf, 937 size_t len) 938 { 939 FTGMAC100State *s = FTGMAC100(qemu_get_nic_opaque(nc)); 940 FTGMAC100Desc bd; 941 uint32_t flags = 0; 942 uint32_t addr; 943 uint32_t crc; 944 uint32_t buf_addr; 945 uint8_t *crc_ptr; 946 uint32_t buf_len; 947 size_t size = len; 948 uint32_t first = FTGMAC100_RXDES0_FRS; 949 uint16_t proto = be16_to_cpu(PKT_GET_ETH_HDR(buf)->h_proto); 950 int max_frame_size = ftgmac100_max_frame_size(s, proto); 951 952 if ((s->maccr & (FTGMAC100_MACCR_RXDMA_EN | FTGMAC100_MACCR_RXMAC_EN)) 953 != (FTGMAC100_MACCR_RXDMA_EN | FTGMAC100_MACCR_RXMAC_EN)) { 954 return -1; 955 } 956 957 /* TODO : Pad to minimum Ethernet frame length */ 958 /* handle small packets. */ 959 if (size < 10) { 960 qemu_log_mask(LOG_GUEST_ERROR, "%s: dropped frame of %zd bytes\n", 961 __func__, size); 962 return size; 963 } 964 965 if (!ftgmac100_filter(s, buf, size)) { 966 return size; 967 } 968 969 /* 4 bytes for the CRC. */ 970 size += 4; 971 crc = cpu_to_be32(crc32(~0, buf, size)); 972 crc_ptr = (uint8_t *) &crc; 973 974 /* Huge frames are truncated. */ 975 if (size > max_frame_size) { 976 qemu_log_mask(LOG_GUEST_ERROR, "%s: frame too big : %zd bytes\n", 977 __func__, size); 978 size = max_frame_size; 979 flags |= FTGMAC100_RXDES0_FTL; 980 } 981 982 switch (get_eth_packet_type(PKT_GET_ETH_HDR(buf))) { 983 case ETH_PKT_BCAST: 984 flags |= FTGMAC100_RXDES0_BROADCAST; 985 break; 986 case ETH_PKT_MCAST: 987 flags |= FTGMAC100_RXDES0_MULTICAST; 988 break; 989 case ETH_PKT_UCAST: 990 break; 991 } 992 993 s->isr |= FTGMAC100_INT_RPKT_FIFO; 994 addr = s->rx_descriptor; 995 while (size > 0) { 996 if (!ftgmac100_can_receive(nc)) { 997 qemu_log_mask(LOG_GUEST_ERROR, "%s: Unexpected packet\n", __func__); 998 return -1; 999 } 1000 1001 if (ftgmac100_read_bd(&bd, addr) || 1002 (bd.des0 & FTGMAC100_RXDES0_RXPKT_RDY)) { 1003 /* No descriptors available. Bail out. */ 1004 qemu_log_mask(LOG_GUEST_ERROR, "%s: Lost end of frame\n", 1005 __func__); 1006 s->isr |= FTGMAC100_INT_NO_RXBUF; 1007 break; 1008 } 1009 buf_len = (size <= s->rbsr) ? size : s->rbsr; 1010 bd.des0 |= buf_len & 0x3fff; 1011 size -= buf_len; 1012 1013 /* The last 4 bytes are the CRC. */ 1014 if (size < 4) { 1015 buf_len += size - 4; 1016 } 1017 buf_addr = bd.des3; 1018 if (first && proto == ETH_P_VLAN && buf_len >= 18) { 1019 bd.des1 = lduw_be_p(buf + 14) | FTGMAC100_RXDES1_VLANTAG_AVAIL; 1020 1021 if (s->maccr & FTGMAC100_MACCR_RM_VLAN) { 1022 dma_memory_write(&address_space_memory, buf_addr, buf, 12); 1023 dma_memory_write(&address_space_memory, buf_addr + 12, buf + 16, 1024 buf_len - 16); 1025 } else { 1026 dma_memory_write(&address_space_memory, buf_addr, buf, buf_len); 1027 } 1028 } else { 1029 bd.des1 = 0; 1030 dma_memory_write(&address_space_memory, buf_addr, buf, buf_len); 1031 } 1032 buf += buf_len; 1033 if (size < 4) { 1034 dma_memory_write(&address_space_memory, buf_addr + buf_len, 1035 crc_ptr, 4 - size); 1036 crc_ptr += 4 - size; 1037 } 1038 1039 bd.des0 |= first | FTGMAC100_RXDES0_RXPKT_RDY; 1040 first = 0; 1041 if (size == 0) { 1042 /* Last buffer in frame. */ 1043 bd.des0 |= flags | FTGMAC100_RXDES0_LRS; 1044 s->isr |= FTGMAC100_INT_RPKT_BUF; 1045 } 1046 ftgmac100_write_bd(&bd, addr); 1047 if (bd.des0 & s->rxdes0_edorr) { 1048 addr = s->rx_ring; 1049 } else { 1050 addr += FTGMAC100_DBLAC_RXDES_SIZE(s->dblac); 1051 } 1052 } 1053 s->rx_descriptor = addr; 1054 1055 ftgmac100_update_irq(s); 1056 return len; 1057 } 1058 1059 static const MemoryRegionOps ftgmac100_ops = { 1060 .read = ftgmac100_read, 1061 .write = ftgmac100_write, 1062 .valid.min_access_size = 4, 1063 .valid.max_access_size = 4, 1064 .endianness = DEVICE_LITTLE_ENDIAN, 1065 }; 1066 1067 static void ftgmac100_cleanup(NetClientState *nc) 1068 { 1069 FTGMAC100State *s = FTGMAC100(qemu_get_nic_opaque(nc)); 1070 1071 s->nic = NULL; 1072 } 1073 1074 static NetClientInfo net_ftgmac100_info = { 1075 .type = NET_CLIENT_DRIVER_NIC, 1076 .size = sizeof(NICState), 1077 .can_receive = ftgmac100_can_receive, 1078 .receive = ftgmac100_receive, 1079 .cleanup = ftgmac100_cleanup, 1080 .link_status_changed = ftgmac100_set_link, 1081 }; 1082 1083 static void ftgmac100_realize(DeviceState *dev, Error **errp) 1084 { 1085 FTGMAC100State *s = FTGMAC100(dev); 1086 SysBusDevice *sbd = SYS_BUS_DEVICE(dev); 1087 1088 if (s->aspeed) { 1089 s->txdes0_edotr = FTGMAC100_TXDES0_EDOTR_ASPEED; 1090 s->rxdes0_edorr = FTGMAC100_RXDES0_EDORR_ASPEED; 1091 } else { 1092 s->txdes0_edotr = FTGMAC100_TXDES0_EDOTR; 1093 s->rxdes0_edorr = FTGMAC100_RXDES0_EDORR; 1094 } 1095 1096 memory_region_init_io(&s->iomem, OBJECT(dev), &ftgmac100_ops, s, 1097 TYPE_FTGMAC100, 0x2000); 1098 sysbus_init_mmio(sbd, &s->iomem); 1099 sysbus_init_irq(sbd, &s->irq); 1100 qemu_macaddr_default_if_unset(&s->conf.macaddr); 1101 1102 s->nic = qemu_new_nic(&net_ftgmac100_info, &s->conf, 1103 object_get_typename(OBJECT(dev)), dev->id, s); 1104 qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a); 1105 } 1106 1107 static const VMStateDescription vmstate_ftgmac100 = { 1108 .name = TYPE_FTGMAC100, 1109 .version_id = 1, 1110 .minimum_version_id = 1, 1111 .fields = (VMStateField[]) { 1112 VMSTATE_UINT32(irq_state, FTGMAC100State), 1113 VMSTATE_UINT32(isr, FTGMAC100State), 1114 VMSTATE_UINT32(ier, FTGMAC100State), 1115 VMSTATE_UINT32(rx_enabled, FTGMAC100State), 1116 VMSTATE_UINT32(rx_ring, FTGMAC100State), 1117 VMSTATE_UINT32(rbsr, FTGMAC100State), 1118 VMSTATE_UINT32(tx_ring, FTGMAC100State), 1119 VMSTATE_UINT32(rx_descriptor, FTGMAC100State), 1120 VMSTATE_UINT32(tx_descriptor, FTGMAC100State), 1121 VMSTATE_UINT32_ARRAY(math, FTGMAC100State, 2), 1122 VMSTATE_UINT32(itc, FTGMAC100State), 1123 VMSTATE_UINT32(aptcr, FTGMAC100State), 1124 VMSTATE_UINT32(dblac, FTGMAC100State), 1125 VMSTATE_UINT32(revr, FTGMAC100State), 1126 VMSTATE_UINT32(fear1, FTGMAC100State), 1127 VMSTATE_UINT32(tpafcr, FTGMAC100State), 1128 VMSTATE_UINT32(maccr, FTGMAC100State), 1129 VMSTATE_UINT32(phycr, FTGMAC100State), 1130 VMSTATE_UINT32(phydata, FTGMAC100State), 1131 VMSTATE_UINT32(fcr, FTGMAC100State), 1132 VMSTATE_UINT32(phy_status, FTGMAC100State), 1133 VMSTATE_UINT32(phy_control, FTGMAC100State), 1134 VMSTATE_UINT32(phy_advertise, FTGMAC100State), 1135 VMSTATE_UINT32(phy_int, FTGMAC100State), 1136 VMSTATE_UINT32(phy_int_mask, FTGMAC100State), 1137 VMSTATE_UINT32(txdes0_edotr, FTGMAC100State), 1138 VMSTATE_UINT32(rxdes0_edorr, FTGMAC100State), 1139 VMSTATE_END_OF_LIST() 1140 } 1141 }; 1142 1143 static Property ftgmac100_properties[] = { 1144 DEFINE_PROP_BOOL("aspeed", FTGMAC100State, aspeed, false), 1145 DEFINE_NIC_PROPERTIES(FTGMAC100State, conf), 1146 DEFINE_PROP_END_OF_LIST(), 1147 }; 1148 1149 static void ftgmac100_class_init(ObjectClass *klass, void *data) 1150 { 1151 DeviceClass *dc = DEVICE_CLASS(klass); 1152 1153 dc->vmsd = &vmstate_ftgmac100; 1154 dc->reset = ftgmac100_reset; 1155 device_class_set_props(dc, ftgmac100_properties); 1156 set_bit(DEVICE_CATEGORY_NETWORK, dc->categories); 1157 dc->realize = ftgmac100_realize; 1158 dc->desc = "Faraday FTGMAC100 Gigabit Ethernet emulation"; 1159 } 1160 1161 static const TypeInfo ftgmac100_info = { 1162 .name = TYPE_FTGMAC100, 1163 .parent = TYPE_SYS_BUS_DEVICE, 1164 .instance_size = sizeof(FTGMAC100State), 1165 .class_init = ftgmac100_class_init, 1166 }; 1167 1168 /* 1169 * AST2600 MII controller 1170 */ 1171 #define ASPEED_MII_PHYCR_FIRE BIT(31) 1172 #define ASPEED_MII_PHYCR_ST_22 BIT(28) 1173 #define ASPEED_MII_PHYCR_OP(x) ((x) & (ASPEED_MII_PHYCR_OP_WRITE | \ 1174 ASPEED_MII_PHYCR_OP_READ)) 1175 #define ASPEED_MII_PHYCR_OP_WRITE BIT(26) 1176 #define ASPEED_MII_PHYCR_OP_READ BIT(27) 1177 #define ASPEED_MII_PHYCR_DATA(x) (x & 0xffff) 1178 #define ASPEED_MII_PHYCR_PHY(x) (((x) >> 21) & 0x1f) 1179 #define ASPEED_MII_PHYCR_REG(x) (((x) >> 16) & 0x1f) 1180 1181 #define ASPEED_MII_PHYDATA_IDLE BIT(16) 1182 1183 static void aspeed_mii_transition(AspeedMiiState *s, bool fire) 1184 { 1185 if (fire) { 1186 s->phycr |= ASPEED_MII_PHYCR_FIRE; 1187 s->phydata &= ~ASPEED_MII_PHYDATA_IDLE; 1188 } else { 1189 s->phycr &= ~ASPEED_MII_PHYCR_FIRE; 1190 s->phydata |= ASPEED_MII_PHYDATA_IDLE; 1191 } 1192 } 1193 1194 static void aspeed_mii_do_phy_ctl(AspeedMiiState *s) 1195 { 1196 uint8_t reg; 1197 uint16_t data; 1198 1199 if (!(s->phycr & ASPEED_MII_PHYCR_ST_22)) { 1200 aspeed_mii_transition(s, !ASPEED_MII_PHYCR_FIRE); 1201 qemu_log_mask(LOG_UNIMP, "%s: unsupported ST code\n", __func__); 1202 return; 1203 } 1204 1205 /* Nothing to do */ 1206 if (!(s->phycr & ASPEED_MII_PHYCR_FIRE)) { 1207 return; 1208 } 1209 1210 reg = ASPEED_MII_PHYCR_REG(s->phycr); 1211 data = ASPEED_MII_PHYCR_DATA(s->phycr); 1212 1213 switch (ASPEED_MII_PHYCR_OP(s->phycr)) { 1214 case ASPEED_MII_PHYCR_OP_WRITE: 1215 do_phy_write(s->nic, reg, data); 1216 break; 1217 case ASPEED_MII_PHYCR_OP_READ: 1218 s->phydata = (s->phydata & ~0xffff) | do_phy_read(s->nic, reg); 1219 break; 1220 default: 1221 qemu_log_mask(LOG_GUEST_ERROR, "%s: invalid OP code %08x\n", 1222 __func__, s->phycr); 1223 } 1224 1225 aspeed_mii_transition(s, !ASPEED_MII_PHYCR_FIRE); 1226 } 1227 1228 static uint64_t aspeed_mii_read(void *opaque, hwaddr addr, unsigned size) 1229 { 1230 AspeedMiiState *s = ASPEED_MII(opaque); 1231 1232 switch (addr) { 1233 case 0x0: 1234 return s->phycr; 1235 case 0x4: 1236 return s->phydata; 1237 default: 1238 g_assert_not_reached(); 1239 } 1240 } 1241 1242 static void aspeed_mii_write(void *opaque, hwaddr addr, 1243 uint64_t value, unsigned size) 1244 { 1245 AspeedMiiState *s = ASPEED_MII(opaque); 1246 1247 switch (addr) { 1248 case 0x0: 1249 s->phycr = value & ~(s->phycr & ASPEED_MII_PHYCR_FIRE); 1250 break; 1251 case 0x4: 1252 s->phydata = value & ~(0xffff | ASPEED_MII_PHYDATA_IDLE); 1253 break; 1254 default: 1255 g_assert_not_reached(); 1256 } 1257 1258 aspeed_mii_transition(s, !!(s->phycr & ASPEED_MII_PHYCR_FIRE)); 1259 aspeed_mii_do_phy_ctl(s); 1260 } 1261 1262 static const MemoryRegionOps aspeed_mii_ops = { 1263 .read = aspeed_mii_read, 1264 .write = aspeed_mii_write, 1265 .valid.min_access_size = 4, 1266 .valid.max_access_size = 4, 1267 .endianness = DEVICE_LITTLE_ENDIAN, 1268 }; 1269 1270 static void aspeed_mii_reset(DeviceState *dev) 1271 { 1272 AspeedMiiState *s = ASPEED_MII(dev); 1273 1274 s->phycr = 0; 1275 s->phydata = 0; 1276 1277 aspeed_mii_transition(s, !!(s->phycr & ASPEED_MII_PHYCR_FIRE)); 1278 }; 1279 1280 static void aspeed_mii_realize(DeviceState *dev, Error **errp) 1281 { 1282 AspeedMiiState *s = ASPEED_MII(dev); 1283 SysBusDevice *sbd = SYS_BUS_DEVICE(dev); 1284 1285 assert(s->nic); 1286 1287 memory_region_init_io(&s->iomem, OBJECT(dev), &aspeed_mii_ops, s, 1288 TYPE_ASPEED_MII, 0x8); 1289 sysbus_init_mmio(sbd, &s->iomem); 1290 } 1291 1292 static const VMStateDescription vmstate_aspeed_mii = { 1293 .name = TYPE_ASPEED_MII, 1294 .version_id = 1, 1295 .minimum_version_id = 1, 1296 .fields = (VMStateField[]) { 1297 VMSTATE_UINT32(phycr, FTGMAC100State), 1298 VMSTATE_UINT32(phydata, FTGMAC100State), 1299 VMSTATE_END_OF_LIST() 1300 } 1301 }; 1302 1303 static Property aspeed_mii_properties[] = { 1304 DEFINE_PROP_LINK("nic", AspeedMiiState, nic, TYPE_FTGMAC100, 1305 FTGMAC100State *), 1306 DEFINE_PROP_END_OF_LIST(), 1307 }; 1308 1309 static void aspeed_mii_class_init(ObjectClass *klass, void *data) 1310 { 1311 DeviceClass *dc = DEVICE_CLASS(klass); 1312 1313 dc->vmsd = &vmstate_aspeed_mii; 1314 dc->reset = aspeed_mii_reset; 1315 dc->realize = aspeed_mii_realize; 1316 dc->desc = "Aspeed MII controller"; 1317 device_class_set_props(dc, aspeed_mii_properties); 1318 } 1319 1320 static const TypeInfo aspeed_mii_info = { 1321 .name = TYPE_ASPEED_MII, 1322 .parent = TYPE_SYS_BUS_DEVICE, 1323 .instance_size = sizeof(AspeedMiiState), 1324 .class_init = aspeed_mii_class_init, 1325 }; 1326 1327 static void ftgmac100_register_types(void) 1328 { 1329 type_register_static(&ftgmac100_info); 1330 type_register_static(&aspeed_mii_info); 1331 } 1332 1333 type_init(ftgmac100_register_types) 1334