ftgmac100.c (42214B)
1/* 2 * Faraday FTGMAC100 Gigabit Ethernet 3 * 4 * Copyright (C) 2016-2017, IBM Corporation. 5 * 6 * Based on Coldfire Fast Ethernet Controller emulation. 7 * 8 * Copyright (c) 2007 CodeSourcery. 9 * 10 * This code is licensed under the GPL version 2 or later. See the 11 * COPYING file in the top-level directory. 12 */ 13 14#include "qemu/osdep.h" 15#include "hw/irq.h" 16#include "hw/net/ftgmac100.h" 17#include "sysemu/dma.h" 18#include "qapi/error.h" 19#include "qemu/log.h" 20#include "qemu/module.h" 21#include "net/checksum.h" 22#include "net/eth.h" 23#include "hw/net/mii.h" 24#include "hw/qdev-properties.h" 25#include "migration/vmstate.h" 26 27/* For crc32 */ 28#include <zlib.h> 29 30/* 31 * FTGMAC100 registers 32 */ 33#define FTGMAC100_ISR 0x00 34#define FTGMAC100_IER 0x04 35#define FTGMAC100_MAC_MADR 0x08 36#define FTGMAC100_MAC_LADR 0x0c 37#define FTGMAC100_MATH0 0x10 38#define FTGMAC100_MATH1 0x14 39#define FTGMAC100_NPTXPD 0x18 40#define FTGMAC100_RXPD 0x1C 41#define FTGMAC100_NPTXR_BADR 0x20 42#define FTGMAC100_RXR_BADR 0x24 43#define FTGMAC100_HPTXPD 0x28 44#define FTGMAC100_HPTXR_BADR 0x2c 45#define FTGMAC100_ITC 0x30 46#define FTGMAC100_APTC 0x34 47#define FTGMAC100_DBLAC 0x38 48#define FTGMAC100_REVR 0x40 49#define FTGMAC100_FEAR1 0x44 50#define FTGMAC100_RBSR 0x4c 51#define FTGMAC100_TPAFCR 0x48 52 53#define FTGMAC100_MACCR 0x50 54#define FTGMAC100_MACSR 0x54 55#define FTGMAC100_PHYCR 0x60 56#define FTGMAC100_PHYDATA 0x64 57#define FTGMAC100_FCR 0x68 58 59/* 60 * Interrupt status register & interrupt enable register 61 */ 62#define FTGMAC100_INT_RPKT_BUF (1 << 0) 63#define FTGMAC100_INT_RPKT_FIFO (1 << 1) 64#define FTGMAC100_INT_NO_RXBUF (1 << 2) 65#define FTGMAC100_INT_RPKT_LOST (1 << 3) 66#define FTGMAC100_INT_XPKT_ETH (1 << 4) 67#define FTGMAC100_INT_XPKT_FIFO (1 << 5) 68#define FTGMAC100_INT_NO_NPTXBUF (1 << 6) 69#define FTGMAC100_INT_XPKT_LOST (1 << 7) 70#define FTGMAC100_INT_AHB_ERR (1 << 8) 71#define FTGMAC100_INT_PHYSTS_CHG (1 << 9) 72#define FTGMAC100_INT_NO_HPTXBUF (1 << 10) 73 74/* 75 * Automatic polling timer control register 76 */ 77#define FTGMAC100_APTC_RXPOLL_CNT(x) ((x) & 0xf) 78#define FTGMAC100_APTC_RXPOLL_TIME_SEL (1 << 4) 79#define FTGMAC100_APTC_TXPOLL_CNT(x) (((x) >> 8) & 0xf) 80#define FTGMAC100_APTC_TXPOLL_TIME_SEL (1 << 12) 81 82/* 83 * DMA burst length and arbitration control register 84 */ 85#define FTGMAC100_DBLAC_RXBURST_SIZE(x) (((x) >> 8) & 0x3) 86#define FTGMAC100_DBLAC_TXBURST_SIZE(x) (((x) >> 10) & 0x3) 87#define FTGMAC100_DBLAC_RXDES_SIZE(x) ((((x) >> 12) & 0xf) * 8) 88#define FTGMAC100_DBLAC_TXDES_SIZE(x) ((((x) >> 16) & 0xf) * 8) 89#define FTGMAC100_DBLAC_IFG_CNT(x) (((x) >> 20) & 0x7) 90#define FTGMAC100_DBLAC_IFG_INC (1 << 23) 91 92/* 93 * PHY control register 94 */ 95#define FTGMAC100_PHYCR_MIIRD (1 << 26) 96#define FTGMAC100_PHYCR_MIIWR (1 << 27) 97 98#define FTGMAC100_PHYCR_DEV(x) (((x) >> 16) & 0x1f) 99#define FTGMAC100_PHYCR_REG(x) (((x) >> 21) & 0x1f) 100 101/* 102 * PHY data register 103 */ 104#define FTGMAC100_PHYDATA_MIIWDATA(x) ((x) & 0xffff) 105#define FTGMAC100_PHYDATA_MIIRDATA(x) (((x) >> 16) & 0xffff) 106 107/* 108 * PHY control register - New MDC/MDIO interface 109 */ 110#define FTGMAC100_PHYCR_NEW_DATA(x) (((x) >> 16) & 0xffff) 111#define FTGMAC100_PHYCR_NEW_FIRE (1 << 15) 112#define FTGMAC100_PHYCR_NEW_ST_22 (1 << 12) 113#define FTGMAC100_PHYCR_NEW_OP(x) (((x) >> 10) & 3) 114#define FTGMAC100_PHYCR_NEW_OP_WRITE 0x1 115#define FTGMAC100_PHYCR_NEW_OP_READ 0x2 116#define FTGMAC100_PHYCR_NEW_DEV(x) (((x) >> 5) & 0x1f) 117#define FTGMAC100_PHYCR_NEW_REG(x) ((x) & 0x1f) 118 119/* 120 * Feature Register 121 */ 122#define FTGMAC100_REVR_NEW_MDIO_INTERFACE (1 << 31) 123 124/* 125 * MAC control register 126 */ 127#define FTGMAC100_MACCR_TXDMA_EN (1 << 0) 128#define FTGMAC100_MACCR_RXDMA_EN (1 << 1) 129#define FTGMAC100_MACCR_TXMAC_EN (1 << 2) 130#define FTGMAC100_MACCR_RXMAC_EN (1 << 3) 131#define FTGMAC100_MACCR_RM_VLAN (1 << 4) 132#define FTGMAC100_MACCR_HPTXR_EN (1 << 5) 133#define FTGMAC100_MACCR_LOOP_EN (1 << 6) 134#define FTGMAC100_MACCR_ENRX_IN_HALFTX (1 << 7) 135#define FTGMAC100_MACCR_FULLDUP (1 << 8) 136#define FTGMAC100_MACCR_GIGA_MODE (1 << 9) 137#define FTGMAC100_MACCR_CRC_APD (1 << 10) /* not needed */ 138#define FTGMAC100_MACCR_RX_RUNT (1 << 12) 139#define FTGMAC100_MACCR_JUMBO_LF (1 << 13) 140#define FTGMAC100_MACCR_RX_ALL (1 << 14) 141#define FTGMAC100_MACCR_HT_MULTI_EN (1 << 15) 142#define FTGMAC100_MACCR_RX_MULTIPKT (1 << 16) 143#define FTGMAC100_MACCR_RX_BROADPKT (1 << 17) 144#define FTGMAC100_MACCR_DISCARD_CRCERR (1 << 18) 145#define FTGMAC100_MACCR_FAST_MODE (1 << 19) 146#define FTGMAC100_MACCR_SW_RST (1 << 31) 147 148/* 149 * Transmit descriptor 150 */ 151#define FTGMAC100_TXDES0_TXBUF_SIZE(x) ((x) & 0x3fff) 152#define FTGMAC100_TXDES0_EDOTR (1 << 15) 153#define FTGMAC100_TXDES0_CRC_ERR (1 << 19) 154#define FTGMAC100_TXDES0_LTS (1 << 28) 155#define FTGMAC100_TXDES0_FTS (1 << 29) 156#define FTGMAC100_TXDES0_EDOTR_ASPEED (1 << 30) 157#define FTGMAC100_TXDES0_TXDMA_OWN (1 << 31) 158 159#define FTGMAC100_TXDES1_VLANTAG_CI(x) ((x) & 0xffff) 160#define FTGMAC100_TXDES1_INS_VLANTAG (1 << 16) 161#define FTGMAC100_TXDES1_TCP_CHKSUM (1 << 17) 162#define FTGMAC100_TXDES1_UDP_CHKSUM (1 << 18) 163#define FTGMAC100_TXDES1_IP_CHKSUM (1 << 19) 164#define FTGMAC100_TXDES1_LLC (1 << 22) 165#define FTGMAC100_TXDES1_TX2FIC (1 << 30) 166#define FTGMAC100_TXDES1_TXIC (1 << 31) 167 168/* 169 * Receive descriptor 170 */ 171#define FTGMAC100_RXDES0_VDBC 0x3fff 172#define FTGMAC100_RXDES0_EDORR (1 << 15) 173#define FTGMAC100_RXDES0_MULTICAST (1 << 16) 174#define FTGMAC100_RXDES0_BROADCAST (1 << 17) 175#define FTGMAC100_RXDES0_RX_ERR (1 << 18) 176#define FTGMAC100_RXDES0_CRC_ERR (1 << 19) 177#define FTGMAC100_RXDES0_FTL (1 << 20) 178#define FTGMAC100_RXDES0_RUNT (1 << 21) 179#define FTGMAC100_RXDES0_RX_ODD_NB (1 << 22) 180#define FTGMAC100_RXDES0_FIFO_FULL (1 << 23) 181#define FTGMAC100_RXDES0_PAUSE_OPCODE (1 << 24) 182#define FTGMAC100_RXDES0_PAUSE_FRAME (1 << 25) 183#define FTGMAC100_RXDES0_LRS (1 << 28) 184#define FTGMAC100_RXDES0_FRS (1 << 29) 185#define FTGMAC100_RXDES0_EDORR_ASPEED (1 << 30) 186#define FTGMAC100_RXDES0_RXPKT_RDY (1 << 31) 187 188#define FTGMAC100_RXDES1_VLANTAG_CI 0xffff 189#define FTGMAC100_RXDES1_PROT_MASK (0x3 << 20) 190#define FTGMAC100_RXDES1_PROT_NONIP (0x0 << 20) 191#define FTGMAC100_RXDES1_PROT_IP (0x1 << 20) 192#define FTGMAC100_RXDES1_PROT_TCPIP (0x2 << 20) 193#define FTGMAC100_RXDES1_PROT_UDPIP (0x3 << 20) 194#define FTGMAC100_RXDES1_LLC (1 << 22) 195#define FTGMAC100_RXDES1_DF (1 << 23) 196#define FTGMAC100_RXDES1_VLANTAG_AVAIL (1 << 24) 197#define FTGMAC100_RXDES1_TCP_CHKSUM_ERR (1 << 25) 198#define FTGMAC100_RXDES1_UDP_CHKSUM_ERR (1 << 26) 199#define FTGMAC100_RXDES1_IP_CHKSUM_ERR (1 << 27) 200 201/* 202 * Receive and transmit Buffer Descriptor 203 */ 204typedef struct { 205 uint32_t des0; 206 uint32_t des1; 207 uint32_t des2; /* not used by HW */ 208 uint32_t des3; 209} FTGMAC100Desc; 210 211#define FTGMAC100_DESC_ALIGNMENT 16 212 213/* 214 * Specific RTL8211E MII Registers 215 */ 216#define RTL8211E_MII_PHYCR 16 /* PHY Specific Control */ 217#define RTL8211E_MII_PHYSR 17 /* PHY Specific Status */ 218#define RTL8211E_MII_INER 18 /* Interrupt Enable */ 219#define RTL8211E_MII_INSR 19 /* Interrupt Status */ 220#define RTL8211E_MII_RXERC 24 /* Receive Error Counter */ 221#define RTL8211E_MII_LDPSR 27 /* Link Down Power Saving */ 222#define RTL8211E_MII_EPAGSR 30 /* Extension Page Select */ 223#define RTL8211E_MII_PAGSEL 31 /* Page Select */ 224 225/* 226 * RTL8211E Interrupt Status 227 */ 228#define PHY_INT_AUTONEG_ERROR (1 << 15) 229#define PHY_INT_PAGE_RECV (1 << 12) 230#define PHY_INT_AUTONEG_COMPLETE (1 << 11) 231#define PHY_INT_LINK_STATUS (1 << 10) 232#define PHY_INT_ERROR (1 << 9) 233#define PHY_INT_DOWN (1 << 8) 234#define PHY_INT_JABBER (1 << 0) 235 236/* 237 * Max frame size for the receiving buffer 238 */ 239#define FTGMAC100_MAX_FRAME_SIZE 9220 240 241/* Limits depending on the type of the frame 242 * 243 * 9216 for Jumbo frames (+ 4 for VLAN) 244 * 1518 for other frames (+ 4 for VLAN) 245 */ 246static int ftgmac100_max_frame_size(FTGMAC100State *s, uint16_t proto) 247{ 248 int max = (s->maccr & FTGMAC100_MACCR_JUMBO_LF ? 9216 : 1518); 249 250 return max + (proto == ETH_P_VLAN ? 4 : 0); 251} 252 253static void ftgmac100_update_irq(FTGMAC100State *s) 254{ 255 qemu_set_irq(s->irq, s->isr & s->ier); 256} 257 258/* 259 * The MII phy could raise a GPIO to the processor which in turn 260 * could be handled as an interrpt by the OS. 261 * For now we don't handle any GPIO/interrupt line, so the OS will 262 * have to poll for the PHY status. 263 */ 264static void phy_update_irq(FTGMAC100State *s) 265{ 266 ftgmac100_update_irq(s); 267} 268 269static void phy_update_link(FTGMAC100State *s) 270{ 271 /* Autonegotiation status mirrors link status. */ 272 if (qemu_get_queue(s->nic)->link_down) { 273 s->phy_status &= ~(MII_BMSR_LINK_ST | MII_BMSR_AN_COMP); 274 s->phy_int |= PHY_INT_DOWN; 275 } else { 276 s->phy_status |= (MII_BMSR_LINK_ST | MII_BMSR_AN_COMP); 277 s->phy_int |= PHY_INT_AUTONEG_COMPLETE; 278 } 279 phy_update_irq(s); 280} 281 282static void ftgmac100_set_link(NetClientState *nc) 283{ 284 phy_update_link(FTGMAC100(qemu_get_nic_opaque(nc))); 285} 286 287static void phy_reset(FTGMAC100State *s) 288{ 289 s->phy_status = (MII_BMSR_100TX_FD | MII_BMSR_100TX_HD | MII_BMSR_10T_FD | 290 MII_BMSR_10T_HD | MII_BMSR_EXTSTAT | MII_BMSR_MFPS | 291 MII_BMSR_AN_COMP | MII_BMSR_AUTONEG | MII_BMSR_LINK_ST | 292 MII_BMSR_EXTCAP); 293 s->phy_control = (MII_BMCR_AUTOEN | MII_BMCR_FD | MII_BMCR_SPEED1000); 294 s->phy_advertise = (MII_ANAR_PAUSE_ASYM | MII_ANAR_PAUSE | MII_ANAR_TXFD | 295 MII_ANAR_TX | MII_ANAR_10FD | MII_ANAR_10 | 296 MII_ANAR_CSMACD); 297 s->phy_int_mask = 0; 298 s->phy_int = 0; 299} 300 301static uint16_t do_phy_read(FTGMAC100State *s, uint8_t reg) 302{ 303 uint16_t val; 304 305 switch (reg) { 306 case MII_BMCR: /* Basic Control */ 307 val = s->phy_control; 308 break; 309 case MII_BMSR: /* Basic Status */ 310 val = s->phy_status; 311 break; 312 case MII_PHYID1: /* ID1 */ 313 val = RTL8211E_PHYID1; 314 break; 315 case MII_PHYID2: /* ID2 */ 316 val = RTL8211E_PHYID2; 317 break; 318 case MII_ANAR: /* Auto-neg advertisement */ 319 val = s->phy_advertise; 320 break; 321 case MII_ANLPAR: /* Auto-neg Link Partner Ability */ 322 val = (MII_ANLPAR_ACK | MII_ANLPAR_PAUSE | MII_ANLPAR_TXFD | 323 MII_ANLPAR_TX | MII_ANLPAR_10FD | MII_ANLPAR_10 | 324 MII_ANLPAR_CSMACD); 325 break; 326 case MII_ANER: /* Auto-neg Expansion */ 327 val = MII_ANER_NWAY; 328 break; 329 case MII_CTRL1000: /* 1000BASE-T control */ 330 val = (MII_CTRL1000_HALF | MII_CTRL1000_FULL); 331 break; 332 case MII_STAT1000: /* 1000BASE-T status */ 333 val = MII_STAT1000_FULL; 334 break; 335 case RTL8211E_MII_INSR: /* Interrupt status. */ 336 val = s->phy_int; 337 s->phy_int = 0; 338 phy_update_irq(s); 339 break; 340 case RTL8211E_MII_INER: /* Interrupt enable */ 341 val = s->phy_int_mask; 342 break; 343 case RTL8211E_MII_PHYCR: 344 case RTL8211E_MII_PHYSR: 345 case RTL8211E_MII_RXERC: 346 case RTL8211E_MII_LDPSR: 347 case RTL8211E_MII_EPAGSR: 348 case RTL8211E_MII_PAGSEL: 349 qemu_log_mask(LOG_UNIMP, "%s: reg %d not implemented\n", 350 __func__, reg); 351 val = 0; 352 break; 353 default: 354 qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad address at offset %d\n", 355 __func__, reg); 356 val = 0; 357 break; 358 } 359 360 return val; 361} 362 363#define MII_BMCR_MASK (MII_BMCR_LOOPBACK | MII_BMCR_SPEED100 | \ 364 MII_BMCR_SPEED | MII_BMCR_AUTOEN | MII_BMCR_PDOWN | \ 365 MII_BMCR_FD | MII_BMCR_CTST) 366#define MII_ANAR_MASK 0x2d7f 367 368static void do_phy_write(FTGMAC100State *s, uint8_t reg, uint16_t val) 369{ 370 switch (reg) { 371 case MII_BMCR: /* Basic Control */ 372 if (val & MII_BMCR_RESET) { 373 phy_reset(s); 374 } else { 375 s->phy_control = val & MII_BMCR_MASK; 376 /* Complete autonegotiation immediately. */ 377 if (val & MII_BMCR_AUTOEN) { 378 s->phy_status |= MII_BMSR_AN_COMP; 379 } 380 } 381 break; 382 case MII_ANAR: /* Auto-neg advertisement */ 383 s->phy_advertise = (val & MII_ANAR_MASK) | MII_ANAR_TX; 384 break; 385 case RTL8211E_MII_INER: /* Interrupt enable */ 386 s->phy_int_mask = val & 0xff; 387 phy_update_irq(s); 388 break; 389 case RTL8211E_MII_PHYCR: 390 case RTL8211E_MII_PHYSR: 391 case RTL8211E_MII_RXERC: 392 case RTL8211E_MII_LDPSR: 393 case RTL8211E_MII_EPAGSR: 394 case RTL8211E_MII_PAGSEL: 395 qemu_log_mask(LOG_UNIMP, "%s: reg %d not implemented\n", 396 __func__, reg); 397 break; 398 default: 399 qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad address at offset %d\n", 400 __func__, reg); 401 break; 402 } 403} 404 405static void do_phy_new_ctl(FTGMAC100State *s) 406{ 407 uint8_t reg; 408 uint16_t data; 409 410 if (!(s->phycr & FTGMAC100_PHYCR_NEW_ST_22)) { 411 qemu_log_mask(LOG_UNIMP, "%s: unsupported ST code\n", __func__); 412 return; 413 } 414 415 /* Nothing to do */ 416 if (!(s->phycr & FTGMAC100_PHYCR_NEW_FIRE)) { 417 return; 418 } 419 420 reg = FTGMAC100_PHYCR_NEW_REG(s->phycr); 421 data = FTGMAC100_PHYCR_NEW_DATA(s->phycr); 422 423 switch (FTGMAC100_PHYCR_NEW_OP(s->phycr)) { 424 case FTGMAC100_PHYCR_NEW_OP_WRITE: 425 do_phy_write(s, reg, data); 426 break; 427 case FTGMAC100_PHYCR_NEW_OP_READ: 428 s->phydata = do_phy_read(s, reg) & 0xffff; 429 break; 430 default: 431 qemu_log_mask(LOG_GUEST_ERROR, "%s: invalid OP code %08x\n", 432 __func__, s->phycr); 433 } 434 435 s->phycr &= ~FTGMAC100_PHYCR_NEW_FIRE; 436} 437 438static void do_phy_ctl(FTGMAC100State *s) 439{ 440 uint8_t reg = FTGMAC100_PHYCR_REG(s->phycr); 441 442 if (s->phycr & FTGMAC100_PHYCR_MIIWR) { 443 do_phy_write(s, reg, s->phydata & 0xffff); 444 s->phycr &= ~FTGMAC100_PHYCR_MIIWR; 445 } else if (s->phycr & FTGMAC100_PHYCR_MIIRD) { 446 s->phydata = do_phy_read(s, reg) << 16; 447 s->phycr &= ~FTGMAC100_PHYCR_MIIRD; 448 } else { 449 qemu_log_mask(LOG_GUEST_ERROR, "%s: no OP code %08x\n", 450 __func__, s->phycr); 451 } 452} 453 454static int ftgmac100_read_bd(FTGMAC100Desc *bd, dma_addr_t addr) 455{ 456 if (dma_memory_read(&address_space_memory, addr, bd, sizeof(*bd))) { 457 qemu_log_mask(LOG_GUEST_ERROR, "%s: failed to read descriptor @ 0x%" 458 HWADDR_PRIx "\n", __func__, addr); 459 return -1; 460 } 461 bd->des0 = le32_to_cpu(bd->des0); 462 bd->des1 = le32_to_cpu(bd->des1); 463 bd->des2 = le32_to_cpu(bd->des2); 464 bd->des3 = le32_to_cpu(bd->des3); 465 return 0; 466} 467 468static int ftgmac100_write_bd(FTGMAC100Desc *bd, dma_addr_t addr) 469{ 470 FTGMAC100Desc lebd; 471 472 lebd.des0 = cpu_to_le32(bd->des0); 473 lebd.des1 = cpu_to_le32(bd->des1); 474 lebd.des2 = cpu_to_le32(bd->des2); 475 lebd.des3 = cpu_to_le32(bd->des3); 476 if (dma_memory_write(&address_space_memory, addr, &lebd, sizeof(lebd))) { 477 qemu_log_mask(LOG_GUEST_ERROR, "%s: failed to write descriptor @ 0x%" 478 HWADDR_PRIx "\n", __func__, addr); 479 return -1; 480 } 481 return 0; 482} 483 484static int ftgmac100_insert_vlan(FTGMAC100State *s, int frame_size, 485 uint8_t vlan_tci) 486{ 487 uint8_t *vlan_hdr = s->frame + (ETH_ALEN * 2); 488 uint8_t *payload = vlan_hdr + sizeof(struct vlan_header); 489 490 if (frame_size < sizeof(struct eth_header)) { 491 qemu_log_mask(LOG_GUEST_ERROR, 492 "%s: frame too small for VLAN insertion : %d bytes\n", 493 __func__, frame_size); 494 s->isr |= FTGMAC100_INT_XPKT_LOST; 495 goto out; 496 } 497 498 if (frame_size + sizeof(struct vlan_header) > sizeof(s->frame)) { 499 qemu_log_mask(LOG_GUEST_ERROR, 500 "%s: frame too big : %d bytes\n", 501 __func__, frame_size); 502 s->isr |= FTGMAC100_INT_XPKT_LOST; 503 frame_size -= sizeof(struct vlan_header); 504 } 505 506 memmove(payload, vlan_hdr, frame_size - (ETH_ALEN * 2)); 507 stw_be_p(vlan_hdr, ETH_P_VLAN); 508 stw_be_p(vlan_hdr + 2, vlan_tci); 509 frame_size += sizeof(struct vlan_header); 510 511out: 512 return frame_size; 513} 514 515static void ftgmac100_do_tx(FTGMAC100State *s, uint32_t tx_ring, 516 uint32_t tx_descriptor) 517{ 518 int frame_size = 0; 519 uint8_t *ptr = s->frame; 520 uint32_t addr = tx_descriptor; 521 uint32_t flags = 0; 522 523 while (1) { 524 FTGMAC100Desc bd; 525 int len; 526 527 if (ftgmac100_read_bd(&bd, addr) || 528 ((bd.des0 & FTGMAC100_TXDES0_TXDMA_OWN) == 0)) { 529 /* Run out of descriptors to transmit. */ 530 s->isr |= FTGMAC100_INT_NO_NPTXBUF; 531 break; 532 } 533 534 /* record transmit flags as they are valid only on the first 535 * segment */ 536 if (bd.des0 & FTGMAC100_TXDES0_FTS) { 537 flags = bd.des1; 538 } 539 540 len = FTGMAC100_TXDES0_TXBUF_SIZE(bd.des0); 541 if (!len) { 542 /* 543 * 0 is an invalid size, however the HW does not raise any 544 * interrupt. Flag an error because the guest is buggy. 545 */ 546 qemu_log_mask(LOG_GUEST_ERROR, "%s: invalid segment size\n", 547 __func__); 548 } 549 550 if (frame_size + len > sizeof(s->frame)) { 551 qemu_log_mask(LOG_GUEST_ERROR, "%s: frame too big : %d bytes\n", 552 __func__, len); 553 s->isr |= FTGMAC100_INT_XPKT_LOST; 554 len = sizeof(s->frame) - frame_size; 555 } 556 557 if (dma_memory_read(&address_space_memory, bd.des3, ptr, len)) { 558 qemu_log_mask(LOG_GUEST_ERROR, "%s: failed to read packet @ 0x%x\n", 559 __func__, bd.des3); 560 s->isr |= FTGMAC100_INT_AHB_ERR; 561 break; 562 } 563 564 ptr += len; 565 frame_size += len; 566 if (bd.des0 & FTGMAC100_TXDES0_LTS) { 567 int csum = 0; 568 569 /* Check for VLAN */ 570 if (flags & FTGMAC100_TXDES1_INS_VLANTAG && 571 be16_to_cpu(PKT_GET_ETH_HDR(s->frame)->h_proto) != ETH_P_VLAN) { 572 frame_size = ftgmac100_insert_vlan(s, frame_size, 573 FTGMAC100_TXDES1_VLANTAG_CI(flags)); 574 } 575 576 if (flags & FTGMAC100_TXDES1_IP_CHKSUM) { 577 csum |= CSUM_IP; 578 } 579 if (flags & FTGMAC100_TXDES1_TCP_CHKSUM) { 580 csum |= CSUM_TCP; 581 } 582 if (flags & FTGMAC100_TXDES1_UDP_CHKSUM) { 583 csum |= CSUM_UDP; 584 } 585 if (csum) { 586 net_checksum_calculate(s->frame, frame_size, csum); 587 } 588 589 /* Last buffer in frame. */ 590 qemu_send_packet(qemu_get_queue(s->nic), s->frame, frame_size); 591 ptr = s->frame; 592 frame_size = 0; 593 s->isr |= FTGMAC100_INT_XPKT_ETH; 594 } 595 596 if (flags & FTGMAC100_TXDES1_TX2FIC) { 597 s->isr |= FTGMAC100_INT_XPKT_FIFO; 598 } 599 bd.des0 &= ~FTGMAC100_TXDES0_TXDMA_OWN; 600 601 /* Write back the modified descriptor. */ 602 ftgmac100_write_bd(&bd, addr); 603 /* Advance to the next descriptor. */ 604 if (bd.des0 & s->txdes0_edotr) { 605 addr = tx_ring; 606 } else { 607 addr += FTGMAC100_DBLAC_TXDES_SIZE(s->dblac); 608 } 609 } 610 611 s->tx_descriptor = addr; 612 613 ftgmac100_update_irq(s); 614} 615 616static bool ftgmac100_can_receive(NetClientState *nc) 617{ 618 FTGMAC100State *s = FTGMAC100(qemu_get_nic_opaque(nc)); 619 FTGMAC100Desc bd; 620 621 if ((s->maccr & (FTGMAC100_MACCR_RXDMA_EN | FTGMAC100_MACCR_RXMAC_EN)) 622 != (FTGMAC100_MACCR_RXDMA_EN | FTGMAC100_MACCR_RXMAC_EN)) { 623 return false; 624 } 625 626 if (ftgmac100_read_bd(&bd, s->rx_descriptor)) { 627 return false; 628 } 629 return !(bd.des0 & FTGMAC100_RXDES0_RXPKT_RDY); 630} 631 632/* 633 * This is purely informative. The HW can poll the RW (and RX) ring 634 * buffers for available descriptors but we don't need to trigger a 635 * timer for that in qemu. 636 */ 637static uint32_t ftgmac100_rxpoll(FTGMAC100State *s) 638{ 639 /* Polling times : 640 * 641 * Speed TIME_SEL=0 TIME_SEL=1 642 * 643 * 10 51.2 ms 819.2 ms 644 * 100 5.12 ms 81.92 ms 645 * 1000 1.024 ms 16.384 ms 646 */ 647 static const int div[] = { 20, 200, 1000 }; 648 649 uint32_t cnt = 1024 * FTGMAC100_APTC_RXPOLL_CNT(s->aptcr); 650 uint32_t speed = (s->maccr & FTGMAC100_MACCR_FAST_MODE) ? 1 : 0; 651 652 if (s->aptcr & FTGMAC100_APTC_RXPOLL_TIME_SEL) { 653 cnt <<= 4; 654 } 655 656 if (s->maccr & FTGMAC100_MACCR_GIGA_MODE) { 657 speed = 2; 658 } 659 660 return cnt / div[speed]; 661} 662 663static void ftgmac100_do_reset(FTGMAC100State *s, bool sw_reset) 664{ 665 /* Reset the FTGMAC100 */ 666 s->isr = 0; 667 s->ier = 0; 668 s->rx_enabled = 0; 669 s->rx_ring = 0; 670 s->rbsr = 0x640; 671 s->rx_descriptor = 0; 672 s->tx_ring = 0; 673 s->tx_descriptor = 0; 674 s->math[0] = 0; 675 s->math[1] = 0; 676 s->itc = 0; 677 s->aptcr = 1; 678 s->dblac = 0x00022f00; 679 s->revr = 0; 680 s->fear1 = 0; 681 s->tpafcr = 0xf1; 682 683 if (sw_reset) { 684 s->maccr &= FTGMAC100_MACCR_GIGA_MODE | FTGMAC100_MACCR_FAST_MODE; 685 } else { 686 s->maccr = 0; 687 } 688 689 s->phycr = 0; 690 s->phydata = 0; 691 s->fcr = 0x400; 692 693 /* and the PHY */ 694 phy_reset(s); 695} 696 697static void ftgmac100_reset(DeviceState *d) 698{ 699 ftgmac100_do_reset(FTGMAC100(d), false); 700} 701 702static uint64_t ftgmac100_read(void *opaque, hwaddr addr, unsigned size) 703{ 704 FTGMAC100State *s = FTGMAC100(opaque); 705 706 switch (addr & 0xff) { 707 case FTGMAC100_ISR: 708 return s->isr; 709 case FTGMAC100_IER: 710 return s->ier; 711 case FTGMAC100_MAC_MADR: 712 return (s->conf.macaddr.a[0] << 8) | s->conf.macaddr.a[1]; 713 case FTGMAC100_MAC_LADR: 714 return ((uint32_t) s->conf.macaddr.a[2] << 24) | 715 (s->conf.macaddr.a[3] << 16) | (s->conf.macaddr.a[4] << 8) | 716 s->conf.macaddr.a[5]; 717 case FTGMAC100_MATH0: 718 return s->math[0]; 719 case FTGMAC100_MATH1: 720 return s->math[1]; 721 case FTGMAC100_RXR_BADR: 722 return s->rx_ring; 723 case FTGMAC100_NPTXR_BADR: 724 return s->tx_ring; 725 case FTGMAC100_ITC: 726 return s->itc; 727 case FTGMAC100_DBLAC: 728 return s->dblac; 729 case FTGMAC100_REVR: 730 return s->revr; 731 case FTGMAC100_FEAR1: 732 return s->fear1; 733 case FTGMAC100_TPAFCR: 734 return s->tpafcr; 735 case FTGMAC100_FCR: 736 return s->fcr; 737 case FTGMAC100_MACCR: 738 return s->maccr; 739 case FTGMAC100_PHYCR: 740 return s->phycr; 741 case FTGMAC100_PHYDATA: 742 return s->phydata; 743 744 /* We might want to support these one day */ 745 case FTGMAC100_HPTXPD: /* High Priority Transmit Poll Demand */ 746 case FTGMAC100_HPTXR_BADR: /* High Priority Transmit Ring Base Address */ 747 case FTGMAC100_MACSR: /* MAC Status Register (MACSR) */ 748 qemu_log_mask(LOG_UNIMP, "%s: read to unimplemented register 0x%" 749 HWADDR_PRIx "\n", __func__, addr); 750 return 0; 751 default: 752 qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad address at offset 0x%" 753 HWADDR_PRIx "\n", __func__, addr); 754 return 0; 755 } 756} 757 758static void ftgmac100_write(void *opaque, hwaddr addr, 759 uint64_t value, unsigned size) 760{ 761 FTGMAC100State *s = FTGMAC100(opaque); 762 763 switch (addr & 0xff) { 764 case FTGMAC100_ISR: /* Interrupt status */ 765 s->isr &= ~value; 766 break; 767 case FTGMAC100_IER: /* Interrupt control */ 768 s->ier = value; 769 break; 770 case FTGMAC100_MAC_MADR: /* MAC */ 771 s->conf.macaddr.a[0] = value >> 8; 772 s->conf.macaddr.a[1] = value; 773 break; 774 case FTGMAC100_MAC_LADR: 775 s->conf.macaddr.a[2] = value >> 24; 776 s->conf.macaddr.a[3] = value >> 16; 777 s->conf.macaddr.a[4] = value >> 8; 778 s->conf.macaddr.a[5] = value; 779 break; 780 case FTGMAC100_MATH0: /* Multicast Address Hash Table 0 */ 781 s->math[0] = value; 782 break; 783 case FTGMAC100_MATH1: /* Multicast Address Hash Table 1 */ 784 s->math[1] = value; 785 break; 786 case FTGMAC100_ITC: /* TODO: Interrupt Timer Control */ 787 s->itc = value; 788 break; 789 case FTGMAC100_RXR_BADR: /* Ring buffer address */ 790 if (!QEMU_IS_ALIGNED(value, FTGMAC100_DESC_ALIGNMENT)) { 791 qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad RX buffer alignment 0x%" 792 HWADDR_PRIx "\n", __func__, value); 793 return; 794 } 795 796 s->rx_ring = value; 797 s->rx_descriptor = s->rx_ring; 798 break; 799 800 case FTGMAC100_RBSR: /* DMA buffer size */ 801 s->rbsr = value; 802 break; 803 804 case FTGMAC100_NPTXR_BADR: /* Transmit buffer address */ 805 if (!QEMU_IS_ALIGNED(value, FTGMAC100_DESC_ALIGNMENT)) { 806 qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad TX buffer alignment 0x%" 807 HWADDR_PRIx "\n", __func__, value); 808 return; 809 } 810 s->tx_ring = value; 811 s->tx_descriptor = s->tx_ring; 812 break; 813 814 case FTGMAC100_NPTXPD: /* Trigger transmit */ 815 if ((s->maccr & (FTGMAC100_MACCR_TXDMA_EN | FTGMAC100_MACCR_TXMAC_EN)) 816 == (FTGMAC100_MACCR_TXDMA_EN | FTGMAC100_MACCR_TXMAC_EN)) { 817 /* TODO: high priority tx ring */ 818 ftgmac100_do_tx(s, s->tx_ring, s->tx_descriptor); 819 } 820 if (ftgmac100_can_receive(qemu_get_queue(s->nic))) { 821 qemu_flush_queued_packets(qemu_get_queue(s->nic)); 822 } 823 break; 824 825 case FTGMAC100_RXPD: /* Receive Poll Demand Register */ 826 if (ftgmac100_can_receive(qemu_get_queue(s->nic))) { 827 qemu_flush_queued_packets(qemu_get_queue(s->nic)); 828 } 829 break; 830 831 case FTGMAC100_APTC: /* Automatic polling */ 832 s->aptcr = value; 833 834 if (FTGMAC100_APTC_RXPOLL_CNT(s->aptcr)) { 835 ftgmac100_rxpoll(s); 836 } 837 838 if (FTGMAC100_APTC_TXPOLL_CNT(s->aptcr)) { 839 qemu_log_mask(LOG_UNIMP, "%s: no transmit polling\n", __func__); 840 } 841 break; 842 843 case FTGMAC100_MACCR: /* MAC Device control */ 844 s->maccr = value; 845 if (value & FTGMAC100_MACCR_SW_RST) { 846 ftgmac100_do_reset(s, true); 847 } 848 849 if (ftgmac100_can_receive(qemu_get_queue(s->nic))) { 850 qemu_flush_queued_packets(qemu_get_queue(s->nic)); 851 } 852 break; 853 854 case FTGMAC100_PHYCR: /* PHY Device control */ 855 s->phycr = value; 856 if (s->revr & FTGMAC100_REVR_NEW_MDIO_INTERFACE) { 857 do_phy_new_ctl(s); 858 } else { 859 do_phy_ctl(s); 860 } 861 break; 862 case FTGMAC100_PHYDATA: 863 s->phydata = value & 0xffff; 864 break; 865 case FTGMAC100_DBLAC: /* DMA Burst Length and Arbitration Control */ 866 if (FTGMAC100_DBLAC_TXDES_SIZE(value) < sizeof(FTGMAC100Desc)) { 867 qemu_log_mask(LOG_GUEST_ERROR, 868 "%s: transmit descriptor too small: %" PRIx64 869 " bytes\n", __func__, 870 FTGMAC100_DBLAC_TXDES_SIZE(value)); 871 break; 872 } 873 if (FTGMAC100_DBLAC_RXDES_SIZE(value) < sizeof(FTGMAC100Desc)) { 874 qemu_log_mask(LOG_GUEST_ERROR, 875 "%s: receive descriptor too small : %" PRIx64 876 " bytes\n", __func__, 877 FTGMAC100_DBLAC_RXDES_SIZE(value)); 878 break; 879 } 880 s->dblac = value; 881 break; 882 case FTGMAC100_REVR: /* Feature Register */ 883 s->revr = value; 884 break; 885 case FTGMAC100_FEAR1: /* Feature Register 1 */ 886 s->fear1 = value; 887 break; 888 case FTGMAC100_TPAFCR: /* Transmit Priority Arbitration and FIFO Control */ 889 s->tpafcr = value; 890 break; 891 case FTGMAC100_FCR: /* Flow Control */ 892 s->fcr = value; 893 break; 894 895 case FTGMAC100_HPTXPD: /* High Priority Transmit Poll Demand */ 896 case FTGMAC100_HPTXR_BADR: /* High Priority Transmit Ring Base Address */ 897 case FTGMAC100_MACSR: /* MAC Status Register (MACSR) */ 898 qemu_log_mask(LOG_UNIMP, "%s: write to unimplemented register 0x%" 899 HWADDR_PRIx "\n", __func__, addr); 900 break; 901 default: 902 qemu_log_mask(LOG_GUEST_ERROR, "%s: Bad address at offset 0x%" 903 HWADDR_PRIx "\n", __func__, addr); 904 break; 905 } 906 907 ftgmac100_update_irq(s); 908} 909 910static int ftgmac100_filter(FTGMAC100State *s, const uint8_t *buf, size_t len) 911{ 912 unsigned mcast_idx; 913 914 if (s->maccr & FTGMAC100_MACCR_RX_ALL) { 915 return 1; 916 } 917 918 switch (get_eth_packet_type(PKT_GET_ETH_HDR(buf))) { 919 case ETH_PKT_BCAST: 920 if (!(s->maccr & FTGMAC100_MACCR_RX_BROADPKT)) { 921 return 0; 922 } 923 break; 924 case ETH_PKT_MCAST: 925 if (!(s->maccr & FTGMAC100_MACCR_RX_MULTIPKT)) { 926 if (!(s->maccr & FTGMAC100_MACCR_HT_MULTI_EN)) { 927 return 0; 928 } 929 930 mcast_idx = net_crc32_le(buf, ETH_ALEN); 931 mcast_idx = (~(mcast_idx >> 2)) & 0x3f; 932 if (!(s->math[mcast_idx / 32] & (1 << (mcast_idx % 32)))) { 933 return 0; 934 } 935 } 936 break; 937 case ETH_PKT_UCAST: 938 if (memcmp(s->conf.macaddr.a, buf, 6)) { 939 return 0; 940 } 941 break; 942 } 943 944 return 1; 945} 946 947static ssize_t ftgmac100_receive(NetClientState *nc, const uint8_t *buf, 948 size_t len) 949{ 950 FTGMAC100State *s = FTGMAC100(qemu_get_nic_opaque(nc)); 951 FTGMAC100Desc bd; 952 uint32_t flags = 0; 953 uint32_t addr; 954 uint32_t crc; 955 uint32_t buf_addr; 956 uint8_t *crc_ptr; 957 uint32_t buf_len; 958 size_t size = len; 959 uint32_t first = FTGMAC100_RXDES0_FRS; 960 uint16_t proto = be16_to_cpu(PKT_GET_ETH_HDR(buf)->h_proto); 961 int max_frame_size = ftgmac100_max_frame_size(s, proto); 962 963 if ((s->maccr & (FTGMAC100_MACCR_RXDMA_EN | FTGMAC100_MACCR_RXMAC_EN)) 964 != (FTGMAC100_MACCR_RXDMA_EN | FTGMAC100_MACCR_RXMAC_EN)) { 965 return -1; 966 } 967 968 /* TODO : Pad to minimum Ethernet frame length */ 969 /* handle small packets. */ 970 if (size < 10) { 971 qemu_log_mask(LOG_GUEST_ERROR, "%s: dropped frame of %zd bytes\n", 972 __func__, size); 973 return size; 974 } 975 976 if (!ftgmac100_filter(s, buf, size)) { 977 return size; 978 } 979 980 /* 4 bytes for the CRC. */ 981 size += 4; 982 crc = cpu_to_be32(crc32(~0, buf, size)); 983 crc_ptr = (uint8_t *) &crc; 984 985 /* Huge frames are truncated. */ 986 if (size > max_frame_size) { 987 qemu_log_mask(LOG_GUEST_ERROR, "%s: frame too big : %zd bytes\n", 988 __func__, size); 989 size = max_frame_size; 990 flags |= FTGMAC100_RXDES0_FTL; 991 } 992 993 switch (get_eth_packet_type(PKT_GET_ETH_HDR(buf))) { 994 case ETH_PKT_BCAST: 995 flags |= FTGMAC100_RXDES0_BROADCAST; 996 break; 997 case ETH_PKT_MCAST: 998 flags |= FTGMAC100_RXDES0_MULTICAST; 999 break; 1000 case ETH_PKT_UCAST: 1001 break; 1002 } 1003 1004 s->isr |= FTGMAC100_INT_RPKT_FIFO; 1005 addr = s->rx_descriptor; 1006 while (size > 0) { 1007 if (!ftgmac100_can_receive(nc)) { 1008 qemu_log_mask(LOG_GUEST_ERROR, "%s: Unexpected packet\n", __func__); 1009 return -1; 1010 } 1011 1012 if (ftgmac100_read_bd(&bd, addr) || 1013 (bd.des0 & FTGMAC100_RXDES0_RXPKT_RDY)) { 1014 /* No descriptors available. Bail out. */ 1015 qemu_log_mask(LOG_GUEST_ERROR, "%s: Lost end of frame\n", 1016 __func__); 1017 s->isr |= FTGMAC100_INT_NO_RXBUF; 1018 break; 1019 } 1020 buf_len = (size <= s->rbsr) ? size : s->rbsr; 1021 bd.des0 |= buf_len & 0x3fff; 1022 size -= buf_len; 1023 1024 /* The last 4 bytes are the CRC. */ 1025 if (size < 4) { 1026 buf_len += size - 4; 1027 } 1028 buf_addr = bd.des3; 1029 if (first && proto == ETH_P_VLAN && buf_len >= 18) { 1030 bd.des1 = lduw_be_p(buf + 14) | FTGMAC100_RXDES1_VLANTAG_AVAIL; 1031 1032 if (s->maccr & FTGMAC100_MACCR_RM_VLAN) { 1033 dma_memory_write(&address_space_memory, buf_addr, buf, 12); 1034 dma_memory_write(&address_space_memory, buf_addr + 12, buf + 16, 1035 buf_len - 16); 1036 } else { 1037 dma_memory_write(&address_space_memory, buf_addr, buf, buf_len); 1038 } 1039 } else { 1040 bd.des1 = 0; 1041 dma_memory_write(&address_space_memory, buf_addr, buf, buf_len); 1042 } 1043 buf += buf_len; 1044 if (size < 4) { 1045 dma_memory_write(&address_space_memory, buf_addr + buf_len, 1046 crc_ptr, 4 - size); 1047 crc_ptr += 4 - size; 1048 } 1049 1050 bd.des0 |= first | FTGMAC100_RXDES0_RXPKT_RDY; 1051 first = 0; 1052 if (size == 0) { 1053 /* Last buffer in frame. */ 1054 bd.des0 |= flags | FTGMAC100_RXDES0_LRS; 1055 s->isr |= FTGMAC100_INT_RPKT_BUF; 1056 } 1057 ftgmac100_write_bd(&bd, addr); 1058 if (bd.des0 & s->rxdes0_edorr) { 1059 addr = s->rx_ring; 1060 } else { 1061 addr += FTGMAC100_DBLAC_RXDES_SIZE(s->dblac); 1062 } 1063 } 1064 s->rx_descriptor = addr; 1065 1066 ftgmac100_update_irq(s); 1067 return len; 1068} 1069 1070static const MemoryRegionOps ftgmac100_ops = { 1071 .read = ftgmac100_read, 1072 .write = ftgmac100_write, 1073 .valid.min_access_size = 4, 1074 .valid.max_access_size = 4, 1075 .endianness = DEVICE_LITTLE_ENDIAN, 1076}; 1077 1078static void ftgmac100_cleanup(NetClientState *nc) 1079{ 1080 FTGMAC100State *s = FTGMAC100(qemu_get_nic_opaque(nc)); 1081 1082 s->nic = NULL; 1083} 1084 1085static NetClientInfo net_ftgmac100_info = { 1086 .type = NET_CLIENT_DRIVER_NIC, 1087 .size = sizeof(NICState), 1088 .can_receive = ftgmac100_can_receive, 1089 .receive = ftgmac100_receive, 1090 .cleanup = ftgmac100_cleanup, 1091 .link_status_changed = ftgmac100_set_link, 1092}; 1093 1094static void ftgmac100_realize(DeviceState *dev, Error **errp) 1095{ 1096 FTGMAC100State *s = FTGMAC100(dev); 1097 SysBusDevice *sbd = SYS_BUS_DEVICE(dev); 1098 1099 if (s->aspeed) { 1100 s->txdes0_edotr = FTGMAC100_TXDES0_EDOTR_ASPEED; 1101 s->rxdes0_edorr = FTGMAC100_RXDES0_EDORR_ASPEED; 1102 } else { 1103 s->txdes0_edotr = FTGMAC100_TXDES0_EDOTR; 1104 s->rxdes0_edorr = FTGMAC100_RXDES0_EDORR; 1105 } 1106 1107 memory_region_init_io(&s->iomem, OBJECT(dev), &ftgmac100_ops, s, 1108 TYPE_FTGMAC100, 0x2000); 1109 sysbus_init_mmio(sbd, &s->iomem); 1110 sysbus_init_irq(sbd, &s->irq); 1111 qemu_macaddr_default_if_unset(&s->conf.macaddr); 1112 1113 s->nic = qemu_new_nic(&net_ftgmac100_info, &s->conf, 1114 object_get_typename(OBJECT(dev)), dev->id, s); 1115 qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a); 1116} 1117 1118static const VMStateDescription vmstate_ftgmac100 = { 1119 .name = TYPE_FTGMAC100, 1120 .version_id = 1, 1121 .minimum_version_id = 1, 1122 .fields = (VMStateField[]) { 1123 VMSTATE_UINT32(irq_state, FTGMAC100State), 1124 VMSTATE_UINT32(isr, FTGMAC100State), 1125 VMSTATE_UINT32(ier, FTGMAC100State), 1126 VMSTATE_UINT32(rx_enabled, FTGMAC100State), 1127 VMSTATE_UINT32(rx_ring, FTGMAC100State), 1128 VMSTATE_UINT32(rbsr, FTGMAC100State), 1129 VMSTATE_UINT32(tx_ring, FTGMAC100State), 1130 VMSTATE_UINT32(rx_descriptor, FTGMAC100State), 1131 VMSTATE_UINT32(tx_descriptor, FTGMAC100State), 1132 VMSTATE_UINT32_ARRAY(math, FTGMAC100State, 2), 1133 VMSTATE_UINT32(itc, FTGMAC100State), 1134 VMSTATE_UINT32(aptcr, FTGMAC100State), 1135 VMSTATE_UINT32(dblac, FTGMAC100State), 1136 VMSTATE_UINT32(revr, FTGMAC100State), 1137 VMSTATE_UINT32(fear1, FTGMAC100State), 1138 VMSTATE_UINT32(tpafcr, FTGMAC100State), 1139 VMSTATE_UINT32(maccr, FTGMAC100State), 1140 VMSTATE_UINT32(phycr, FTGMAC100State), 1141 VMSTATE_UINT32(phydata, FTGMAC100State), 1142 VMSTATE_UINT32(fcr, FTGMAC100State), 1143 VMSTATE_UINT32(phy_status, FTGMAC100State), 1144 VMSTATE_UINT32(phy_control, FTGMAC100State), 1145 VMSTATE_UINT32(phy_advertise, FTGMAC100State), 1146 VMSTATE_UINT32(phy_int, FTGMAC100State), 1147 VMSTATE_UINT32(phy_int_mask, FTGMAC100State), 1148 VMSTATE_UINT32(txdes0_edotr, FTGMAC100State), 1149 VMSTATE_UINT32(rxdes0_edorr, FTGMAC100State), 1150 VMSTATE_END_OF_LIST() 1151 } 1152}; 1153 1154static Property ftgmac100_properties[] = { 1155 DEFINE_PROP_BOOL("aspeed", FTGMAC100State, aspeed, false), 1156 DEFINE_NIC_PROPERTIES(FTGMAC100State, conf), 1157 DEFINE_PROP_END_OF_LIST(), 1158}; 1159 1160static void ftgmac100_class_init(ObjectClass *klass, void *data) 1161{ 1162 DeviceClass *dc = DEVICE_CLASS(klass); 1163 1164 dc->vmsd = &vmstate_ftgmac100; 1165 dc->reset = ftgmac100_reset; 1166 device_class_set_props(dc, ftgmac100_properties); 1167 set_bit(DEVICE_CATEGORY_NETWORK, dc->categories); 1168 dc->realize = ftgmac100_realize; 1169 dc->desc = "Faraday FTGMAC100 Gigabit Ethernet emulation"; 1170} 1171 1172static const TypeInfo ftgmac100_info = { 1173 .name = TYPE_FTGMAC100, 1174 .parent = TYPE_SYS_BUS_DEVICE, 1175 .instance_size = sizeof(FTGMAC100State), 1176 .class_init = ftgmac100_class_init, 1177}; 1178 1179/* 1180 * AST2600 MII controller 1181 */ 1182#define ASPEED_MII_PHYCR_FIRE BIT(31) 1183#define ASPEED_MII_PHYCR_ST_22 BIT(28) 1184#define ASPEED_MII_PHYCR_OP(x) ((x) & (ASPEED_MII_PHYCR_OP_WRITE | \ 1185 ASPEED_MII_PHYCR_OP_READ)) 1186#define ASPEED_MII_PHYCR_OP_WRITE BIT(26) 1187#define ASPEED_MII_PHYCR_OP_READ BIT(27) 1188#define ASPEED_MII_PHYCR_DATA(x) (x & 0xffff) 1189#define ASPEED_MII_PHYCR_PHY(x) (((x) >> 21) & 0x1f) 1190#define ASPEED_MII_PHYCR_REG(x) (((x) >> 16) & 0x1f) 1191 1192#define ASPEED_MII_PHYDATA_IDLE BIT(16) 1193 1194static void aspeed_mii_transition(AspeedMiiState *s, bool fire) 1195{ 1196 if (fire) { 1197 s->phycr |= ASPEED_MII_PHYCR_FIRE; 1198 s->phydata &= ~ASPEED_MII_PHYDATA_IDLE; 1199 } else { 1200 s->phycr &= ~ASPEED_MII_PHYCR_FIRE; 1201 s->phydata |= ASPEED_MII_PHYDATA_IDLE; 1202 } 1203} 1204 1205static void aspeed_mii_do_phy_ctl(AspeedMiiState *s) 1206{ 1207 uint8_t reg; 1208 uint16_t data; 1209 1210 if (!(s->phycr & ASPEED_MII_PHYCR_ST_22)) { 1211 aspeed_mii_transition(s, !ASPEED_MII_PHYCR_FIRE); 1212 qemu_log_mask(LOG_UNIMP, "%s: unsupported ST code\n", __func__); 1213 return; 1214 } 1215 1216 /* Nothing to do */ 1217 if (!(s->phycr & ASPEED_MII_PHYCR_FIRE)) { 1218 return; 1219 } 1220 1221 reg = ASPEED_MII_PHYCR_REG(s->phycr); 1222 data = ASPEED_MII_PHYCR_DATA(s->phycr); 1223 1224 switch (ASPEED_MII_PHYCR_OP(s->phycr)) { 1225 case ASPEED_MII_PHYCR_OP_WRITE: 1226 do_phy_write(s->nic, reg, data); 1227 break; 1228 case ASPEED_MII_PHYCR_OP_READ: 1229 s->phydata = (s->phydata & ~0xffff) | do_phy_read(s->nic, reg); 1230 break; 1231 default: 1232 qemu_log_mask(LOG_GUEST_ERROR, "%s: invalid OP code %08x\n", 1233 __func__, s->phycr); 1234 } 1235 1236 aspeed_mii_transition(s, !ASPEED_MII_PHYCR_FIRE); 1237} 1238 1239static uint64_t aspeed_mii_read(void *opaque, hwaddr addr, unsigned size) 1240{ 1241 AspeedMiiState *s = ASPEED_MII(opaque); 1242 1243 switch (addr) { 1244 case 0x0: 1245 return s->phycr; 1246 case 0x4: 1247 return s->phydata; 1248 default: 1249 g_assert_not_reached(); 1250 } 1251} 1252 1253static void aspeed_mii_write(void *opaque, hwaddr addr, 1254 uint64_t value, unsigned size) 1255{ 1256 AspeedMiiState *s = ASPEED_MII(opaque); 1257 1258 switch (addr) { 1259 case 0x0: 1260 s->phycr = value & ~(s->phycr & ASPEED_MII_PHYCR_FIRE); 1261 break; 1262 case 0x4: 1263 s->phydata = value & ~(0xffff | ASPEED_MII_PHYDATA_IDLE); 1264 break; 1265 default: 1266 g_assert_not_reached(); 1267 } 1268 1269 aspeed_mii_transition(s, !!(s->phycr & ASPEED_MII_PHYCR_FIRE)); 1270 aspeed_mii_do_phy_ctl(s); 1271} 1272 1273static const MemoryRegionOps aspeed_mii_ops = { 1274 .read = aspeed_mii_read, 1275 .write = aspeed_mii_write, 1276 .valid.min_access_size = 4, 1277 .valid.max_access_size = 4, 1278 .endianness = DEVICE_LITTLE_ENDIAN, 1279}; 1280 1281static void aspeed_mii_reset(DeviceState *dev) 1282{ 1283 AspeedMiiState *s = ASPEED_MII(dev); 1284 1285 s->phycr = 0; 1286 s->phydata = 0; 1287 1288 aspeed_mii_transition(s, !!(s->phycr & ASPEED_MII_PHYCR_FIRE)); 1289}; 1290 1291static void aspeed_mii_realize(DeviceState *dev, Error **errp) 1292{ 1293 AspeedMiiState *s = ASPEED_MII(dev); 1294 SysBusDevice *sbd = SYS_BUS_DEVICE(dev); 1295 1296 assert(s->nic); 1297 1298 memory_region_init_io(&s->iomem, OBJECT(dev), &aspeed_mii_ops, s, 1299 TYPE_ASPEED_MII, 0x8); 1300 sysbus_init_mmio(sbd, &s->iomem); 1301} 1302 1303static const VMStateDescription vmstate_aspeed_mii = { 1304 .name = TYPE_ASPEED_MII, 1305 .version_id = 1, 1306 .minimum_version_id = 1, 1307 .fields = (VMStateField[]) { 1308 VMSTATE_UINT32(phycr, FTGMAC100State), 1309 VMSTATE_UINT32(phydata, FTGMAC100State), 1310 VMSTATE_END_OF_LIST() 1311 } 1312}; 1313 1314static Property aspeed_mii_properties[] = { 1315 DEFINE_PROP_LINK("nic", AspeedMiiState, nic, TYPE_FTGMAC100, 1316 FTGMAC100State *), 1317 DEFINE_PROP_END_OF_LIST(), 1318}; 1319 1320static void aspeed_mii_class_init(ObjectClass *klass, void *data) 1321{ 1322 DeviceClass *dc = DEVICE_CLASS(klass); 1323 1324 dc->vmsd = &vmstate_aspeed_mii; 1325 dc->reset = aspeed_mii_reset; 1326 dc->realize = aspeed_mii_realize; 1327 dc->desc = "Aspeed MII controller"; 1328 device_class_set_props(dc, aspeed_mii_properties); 1329} 1330 1331static const TypeInfo aspeed_mii_info = { 1332 .name = TYPE_ASPEED_MII, 1333 .parent = TYPE_SYS_BUS_DEVICE, 1334 .instance_size = sizeof(AspeedMiiState), 1335 .class_init = aspeed_mii_class_init, 1336}; 1337 1338static void ftgmac100_register_types(void) 1339{ 1340 type_register_static(&ftgmac100_info); 1341 type_register_static(&aspeed_mii_info); 1342} 1343 1344type_init(ftgmac100_register_types)