2 * SMSC 91C111 Ethernet interface emulation
4 * Copyright (c) 2005 CodeSourcery, LLC.
5 * Written by Paul Brook
7 * This code is licensed under the GPL
10 #include "qemu/osdep.h"
11 #include "hw/sysbus.h"
13 #include "hw/devices.h"
18 /* Number of 2k memory pages available. */
21 #define TYPE_SMC91C111 "smc91c111"
22 #define SMC91C111(obj) OBJECT_CHECK(smc91c111_state, (obj), TYPE_SMC91C111)
25 SysBusDevice parent_obj
;
40 /* Bitmask of allocated packets. */
43 int tx_fifo
[NUM_PACKETS
];
45 int rx_fifo
[NUM_PACKETS
];
47 int tx_fifo_done
[NUM_PACKETS
];
48 /* Packet buffer memory. */
49 uint8_t data
[NUM_PACKETS
][2048];
55 static const VMStateDescription vmstate_smc91c111
= {
58 .minimum_version_id
= 1,
59 .fields
= (VMStateField
[]) {
60 VMSTATE_UINT16(tcr
, smc91c111_state
),
61 VMSTATE_UINT16(rcr
, smc91c111_state
),
62 VMSTATE_UINT16(cr
, smc91c111_state
),
63 VMSTATE_UINT16(ctr
, smc91c111_state
),
64 VMSTATE_UINT16(gpr
, smc91c111_state
),
65 VMSTATE_UINT16(ptr
, smc91c111_state
),
66 VMSTATE_UINT16(ercv
, smc91c111_state
),
67 VMSTATE_INT32(bank
, smc91c111_state
),
68 VMSTATE_INT32(packet_num
, smc91c111_state
),
69 VMSTATE_INT32(tx_alloc
, smc91c111_state
),
70 VMSTATE_INT32(allocated
, smc91c111_state
),
71 VMSTATE_INT32(tx_fifo_len
, smc91c111_state
),
72 VMSTATE_INT32_ARRAY(tx_fifo
, smc91c111_state
, NUM_PACKETS
),
73 VMSTATE_INT32(rx_fifo_len
, smc91c111_state
),
74 VMSTATE_INT32_ARRAY(rx_fifo
, smc91c111_state
, NUM_PACKETS
),
75 VMSTATE_INT32(tx_fifo_done_len
, smc91c111_state
),
76 VMSTATE_INT32_ARRAY(tx_fifo_done
, smc91c111_state
, NUM_PACKETS
),
77 VMSTATE_BUFFER_UNSAFE(data
, smc91c111_state
, 0, NUM_PACKETS
* 2048),
78 VMSTATE_UINT8(int_level
, smc91c111_state
),
79 VMSTATE_UINT8(int_mask
, smc91c111_state
),
84 #define RCR_SOFT_RST 0x8000
85 #define RCR_STRIP_CRC 0x0200
86 #define RCR_RXEN 0x0100
88 #define TCR_EPH_LOOP 0x2000
89 #define TCR_NOCRC 0x0100
90 #define TCR_PAD_EN 0x0080
91 #define TCR_FORCOL 0x0004
92 #define TCR_LOOP 0x0002
93 #define TCR_TXEN 0x0001
98 #define INT_RX_OVRN 0x10
99 #define INT_ALLOC 0x08
100 #define INT_TX_EMPTY 0x04
104 #define CTR_AUTO_RELEASE 0x0800
105 #define CTR_RELOAD 0x0002
106 #define CTR_STORE 0x0001
108 #define RS_ALGNERR 0x8000
109 #define RS_BRODCAST 0x4000
110 #define RS_BADCRC 0x2000
111 #define RS_ODDFRAME 0x1000
112 #define RS_TOOLONG 0x0800
113 #define RS_TOOSHORT 0x0400
114 #define RS_MULTICAST 0x0001
116 /* Update interrupt status. */
117 static void smc91c111_update(smc91c111_state
*s
)
121 if (s
->tx_fifo_len
== 0)
122 s
->int_level
|= INT_TX_EMPTY
;
123 if (s
->tx_fifo_done_len
!= 0)
124 s
->int_level
|= INT_TX
;
125 level
= (s
->int_level
& s
->int_mask
) != 0;
126 qemu_set_irq(s
->irq
, level
);
129 static int smc91c111_can_receive(smc91c111_state
*s
)
131 if ((s
->rcr
& RCR_RXEN
) == 0 || (s
->rcr
& RCR_SOFT_RST
)) {
134 if (s
->allocated
== (1 << NUM_PACKETS
) - 1 ||
135 s
->rx_fifo_len
== NUM_PACKETS
) {
141 static inline void smc91c111_flush_queued_packets(smc91c111_state
*s
)
143 if (smc91c111_can_receive(s
)) {
144 qemu_flush_queued_packets(qemu_get_queue(s
->nic
));
148 /* Try to allocate a packet. Returns 0x80 on failure. */
149 static int smc91c111_allocate_packet(smc91c111_state
*s
)
152 if (s
->allocated
== (1 << NUM_PACKETS
) - 1) {
156 for (i
= 0; i
< NUM_PACKETS
; i
++) {
157 if ((s
->allocated
& (1 << i
)) == 0)
160 s
->allocated
|= 1 << i
;
165 /* Process a pending TX allocate. */
166 static void smc91c111_tx_alloc(smc91c111_state
*s
)
168 s
->tx_alloc
= smc91c111_allocate_packet(s
);
169 if (s
->tx_alloc
== 0x80)
171 s
->int_level
|= INT_ALLOC
;
175 /* Remove and item from the RX FIFO. */
176 static void smc91c111_pop_rx_fifo(smc91c111_state
*s
)
181 if (s
->rx_fifo_len
) {
182 for (i
= 0; i
< s
->rx_fifo_len
; i
++)
183 s
->rx_fifo
[i
] = s
->rx_fifo
[i
+ 1];
184 s
->int_level
|= INT_RCV
;
186 s
->int_level
&= ~INT_RCV
;
188 smc91c111_flush_queued_packets(s
);
192 /* Remove an item from the TX completion FIFO. */
193 static void smc91c111_pop_tx_fifo_done(smc91c111_state
*s
)
197 if (s
->tx_fifo_done_len
== 0)
199 s
->tx_fifo_done_len
--;
200 for (i
= 0; i
< s
->tx_fifo_done_len
; i
++)
201 s
->tx_fifo_done
[i
] = s
->tx_fifo_done
[i
+ 1];
204 /* Release the memory allocated to a packet. */
205 static void smc91c111_release_packet(smc91c111_state
*s
, int packet
)
207 s
->allocated
&= ~(1 << packet
);
208 if (s
->tx_alloc
== 0x80)
209 smc91c111_tx_alloc(s
);
210 smc91c111_flush_queued_packets(s
);
213 /* Flush the TX FIFO. */
214 static void smc91c111_do_tx(smc91c111_state
*s
)
222 if ((s
->tcr
& TCR_TXEN
) == 0)
224 if (s
->tx_fifo_len
== 0)
226 for (i
= 0; i
< s
->tx_fifo_len
; i
++) {
227 packetnum
= s
->tx_fifo
[i
];
228 p
= &s
->data
[packetnum
][0];
229 /* Set status word. */
233 len
|= ((int)*(p
++)) << 8;
235 control
= p
[len
+ 1];
238 /* ??? This overwrites the data following the buffer.
239 Don't know what real hardware does. */
240 if (len
< 64 && (s
->tcr
& TCR_PAD_EN
)) {
241 memset(p
+ len
, 0, 64 - len
);
248 /* The card is supposed to append the CRC to the frame.
249 However none of the other network traffic has the CRC
250 appended. Suspect this is low level ethernet detail we
251 don't need to worry about. */
252 add_crc
= (control
& 0x10) || (s
->tcr
& TCR_NOCRC
) == 0;
256 crc
= crc32(~0, p
, len
);
257 memcpy(p
+ len
, &crc
, 4);
262 if (s
->ctr
& CTR_AUTO_RELEASE
)
264 smc91c111_release_packet(s
, packetnum
);
265 else if (s
->tx_fifo_done_len
< NUM_PACKETS
)
266 s
->tx_fifo_done
[s
->tx_fifo_done_len
++] = packetnum
;
267 qemu_send_packet(qemu_get_queue(s
->nic
), p
, len
);
273 /* Add a packet to the TX FIFO. */
274 static void smc91c111_queue_tx(smc91c111_state
*s
, int packet
)
276 if (s
->tx_fifo_len
== NUM_PACKETS
)
278 s
->tx_fifo
[s
->tx_fifo_len
++] = packet
;
282 static void smc91c111_reset(DeviceState
*dev
)
284 smc91c111_state
*s
= SMC91C111(dev
);
288 s
->tx_fifo_done_len
= 0;
299 s
->int_level
= INT_TX_EMPTY
;
304 #define SET_LOW(name, val) s->name = (s->name & 0xff00) | val
305 #define SET_HIGH(name, val) s->name = (s->name & 0xff) | (val << 8)
307 static void smc91c111_writeb(void *opaque
, hwaddr offset
,
310 smc91c111_state
*s
= (smc91c111_state
*)opaque
;
312 offset
= offset
& 0xf;
326 SET_HIGH(tcr
, value
);
332 SET_HIGH(rcr
, value
);
333 if (s
->rcr
& RCR_SOFT_RST
) {
334 smc91c111_reset(DEVICE(s
));
336 smc91c111_flush_queued_packets(s
);
338 case 10: case 11: /* RPCR */
341 case 12: case 13: /* Reserved */
354 case 2: case 3: /* BASE */
355 case 4: case 5: case 6: case 7: case 8: case 9: /* IA */
356 /* Not implemented. */
358 case 10: /* Genral Purpose */
362 SET_HIGH(gpr
, value
);
364 case 12: /* Control */
366 qemu_log_mask(LOG_UNIMP
,
367 "smc91c111: EEPROM store not implemented\n");
370 qemu_log_mask(LOG_UNIMP
,
371 "smc91c111: EEPROM reload not implemented\n");
377 SET_HIGH(ctr
, value
);
384 case 0: /* MMU Command */
385 switch (value
>> 5) {
388 case 1: /* Allocate for TX. */
390 s
->int_level
&= ~INT_ALLOC
;
392 smc91c111_tx_alloc(s
);
394 case 2: /* Reset MMU. */
397 s
->tx_fifo_done_len
= 0;
401 case 3: /* Remove from RX FIFO. */
402 smc91c111_pop_rx_fifo(s
);
404 case 4: /* Remove from RX FIFO and release. */
405 if (s
->rx_fifo_len
> 0) {
406 smc91c111_release_packet(s
, s
->rx_fifo
[0]);
408 smc91c111_pop_rx_fifo(s
);
410 case 5: /* Release. */
411 smc91c111_release_packet(s
, s
->packet_num
);
413 case 6: /* Add to TX FIFO. */
414 smc91c111_queue_tx(s
, s
->packet_num
);
416 case 7: /* Reset TX FIFO. */
418 s
->tx_fifo_done_len
= 0;
425 case 2: /* Packet Number Register */
426 s
->packet_num
= value
;
428 case 3: case 4: case 5:
429 /* Should be readonly, but linux writes to them anyway. Ignore. */
431 case 6: /* Pointer */
435 SET_HIGH(ptr
, value
);
437 case 8: case 9: case 10: case 11: /* Data */
447 if (s
->ptr
& 0x4000) {
448 s
->ptr
= (s
->ptr
& 0xf800) | ((s
->ptr
+ 1) & 0x7ff);
452 s
->data
[n
][p
] = value
;
455 case 12: /* Interrupt ACK. */
456 s
->int_level
&= ~(value
& 0xd6);
458 smc91c111_pop_tx_fifo_done(s
);
461 case 13: /* Interrupt mask. */
470 case 0: case 1: case 2: case 3: case 4: case 5: case 6: case 7:
471 /* Multicast table. */
472 /* Not implemented. */
474 case 8: case 9: /* Management Interface. */
475 /* Not implemented. */
477 case 12: /* Early receive. */
478 s
->ercv
= value
& 0x1f;
486 qemu_log_mask(LOG_GUEST_ERROR
, "smc91c111_write(bank:%d) Illegal register"
487 " 0x%" HWADDR_PRIx
" = 0x%x\n",
488 s
->bank
, offset
, value
);
491 static uint32_t smc91c111_readb(void *opaque
, hwaddr offset
)
493 smc91c111_state
*s
= (smc91c111_state
*)opaque
;
495 offset
= offset
& 0xf;
505 return s
->tcr
& 0xff;
508 case 2: /* EPH Status */
513 return s
->rcr
& 0xff;
516 case 6: /* Counter */
518 /* Not implemented. */
520 case 8: /* Memory size. */
522 case 9: /* Free memory available. */
527 for (i
= 0; i
< NUM_PACKETS
; i
++) {
528 if (s
->allocated
& (1 << i
))
533 case 10: case 11: /* RPCR */
534 /* Not implemented. */
536 case 12: case 13: /* Reserved */
547 case 2: case 3: /* BASE */
548 /* Not implemented. */
550 case 4: case 5: case 6: case 7: case 8: case 9: /* IA */
551 return s
->conf
.macaddr
.a
[offset
- 4];
552 case 10: /* General Purpose */
553 return s
->gpr
& 0xff;
556 case 12: /* Control */
557 return s
->ctr
& 0xff;
565 case 0: case 1: /* MMUCR Busy bit. */
567 case 2: /* Packet Number. */
568 return s
->packet_num
;
569 case 3: /* Allocation Result. */
571 case 4: /* TX FIFO */
572 if (s
->tx_fifo_done_len
== 0)
575 return s
->tx_fifo_done
[0];
576 case 5: /* RX FIFO */
577 if (s
->rx_fifo_len
== 0)
580 return s
->rx_fifo
[0];
581 case 6: /* Pointer */
582 return s
->ptr
& 0xff;
584 return (s
->ptr
>> 8) & 0xf7;
585 case 8: case 9: case 10: case 11: /* Data */
595 if (s
->ptr
& 0x4000) {
596 s
->ptr
= (s
->ptr
& 0xf800) | ((s
->ptr
+ 1) & 0x07ff);
600 return s
->data
[n
][p
];
602 case 12: /* Interrupt status. */
604 case 13: /* Interrupt mask. */
611 case 0: case 1: case 2: case 3: case 4: case 5: case 6: case 7:
612 /* Multicast table. */
613 /* Not implemented. */
615 case 8: /* Management Interface. */
616 /* Not implemented. */
620 case 10: /* Revision. */
631 qemu_log_mask(LOG_GUEST_ERROR
, "smc91c111_read(bank:%d) Illegal register"
632 " 0x%" HWADDR_PRIx
"\n",
637 static uint64_t smc91c111_readfn(void *opaque
, hwaddr addr
, unsigned size
)
642 for (i
= 0; i
< size
; i
++) {
643 val
|= smc91c111_readb(opaque
, addr
+ i
) << (i
* 8);
648 static void smc91c111_writefn(void *opaque
, hwaddr addr
,
649 uint64_t value
, unsigned size
)
653 /* 32-bit writes to offset 0xc only actually write to the bank select
654 * register (offset 0xe), so skip the first two bytes we would write.
656 if (addr
== 0xc && size
== 4) {
660 for (; i
< size
; i
++) {
661 smc91c111_writeb(opaque
, addr
+ i
,
662 extract32(value
, i
* 8, 8));
666 static int smc91c111_can_receive_nc(NetClientState
*nc
)
668 smc91c111_state
*s
= qemu_get_nic_opaque(nc
);
670 return smc91c111_can_receive(s
);
673 static ssize_t
smc91c111_receive(NetClientState
*nc
, const uint8_t *buf
, size_t size
)
675 smc91c111_state
*s
= qemu_get_nic_opaque(nc
);
682 if ((s
->rcr
& RCR_RXEN
) == 0 || (s
->rcr
& RCR_SOFT_RST
))
684 /* Short packets are padded with zeros. Receiving a packet
685 < 64 bytes long is considered an error condition. */
689 packetsize
= (size
& ~1);
691 crc
= (s
->rcr
& RCR_STRIP_CRC
) == 0;
694 /* TODO: Flag overrun and receive errors. */
695 if (packetsize
> 2048)
697 packetnum
= smc91c111_allocate_packet(s
);
698 if (packetnum
== 0x80)
700 s
->rx_fifo
[s
->rx_fifo_len
++] = packetnum
;
702 p
= &s
->data
[packetnum
][0];
703 /* ??? Multicast packets? */
706 status
|= RS_TOOLONG
;
708 status
|= RS_ODDFRAME
;
709 *(p
++) = status
& 0xff;
710 *(p
++) = status
>> 8;
711 *(p
++) = packetsize
& 0xff;
712 *(p
++) = packetsize
>> 8;
713 memcpy(p
, buf
, size
& ~1);
715 /* Pad short packets. */
720 *(p
++) = buf
[size
- 1];
726 /* It's not clear if the CRC should go before or after the last byte in
727 odd sized packets. Linux disables the CRC, so that's no help.
728 The pictures in the documentation show the CRC aligned on a 16-bit
729 boundary before the last odd byte, so that's what we do. */
731 crc
= crc32(~0, buf
, size
);
732 *(p
++) = crc
& 0xff; crc
>>= 8;
733 *(p
++) = crc
& 0xff; crc
>>= 8;
734 *(p
++) = crc
& 0xff; crc
>>= 8;
738 *(p
++) = buf
[size
- 1];
744 /* TODO: Raise early RX interrupt? */
745 s
->int_level
|= INT_RCV
;
751 static const MemoryRegionOps smc91c111_mem_ops
= {
752 /* The special case for 32 bit writes to 0xc means we can't just
753 * set .impl.min/max_access_size to 1, unfortunately
755 .read
= smc91c111_readfn
,
756 .write
= smc91c111_writefn
,
757 .valid
.min_access_size
= 1,
758 .valid
.max_access_size
= 4,
759 .endianness
= DEVICE_NATIVE_ENDIAN
,
762 static NetClientInfo net_smc91c111_info
= {
763 .type
= NET_CLIENT_DRIVER_NIC
,
764 .size
= sizeof(NICState
),
765 .can_receive
= smc91c111_can_receive_nc
,
766 .receive
= smc91c111_receive
,
769 static int smc91c111_init1(SysBusDevice
*sbd
)
771 DeviceState
*dev
= DEVICE(sbd
);
772 smc91c111_state
*s
= SMC91C111(dev
);
774 memory_region_init_io(&s
->mmio
, OBJECT(s
), &smc91c111_mem_ops
, s
,
775 "smc91c111-mmio", 16);
776 sysbus_init_mmio(sbd
, &s
->mmio
);
777 sysbus_init_irq(sbd
, &s
->irq
);
778 qemu_macaddr_default_if_unset(&s
->conf
.macaddr
);
779 s
->nic
= qemu_new_nic(&net_smc91c111_info
, &s
->conf
,
780 object_get_typename(OBJECT(dev
)), dev
->id
, s
);
781 qemu_format_nic_info_str(qemu_get_queue(s
->nic
), s
->conf
.macaddr
.a
);
782 /* ??? Save/restore. */
786 static Property smc91c111_properties
[] = {
787 DEFINE_NIC_PROPERTIES(smc91c111_state
, conf
),
788 DEFINE_PROP_END_OF_LIST(),
791 static void smc91c111_class_init(ObjectClass
*klass
, void *data
)
793 DeviceClass
*dc
= DEVICE_CLASS(klass
);
794 SysBusDeviceClass
*k
= SYS_BUS_DEVICE_CLASS(klass
);
796 k
->init
= smc91c111_init1
;
797 dc
->reset
= smc91c111_reset
;
798 dc
->vmsd
= &vmstate_smc91c111
;
799 dc
->props
= smc91c111_properties
;
802 static const TypeInfo smc91c111_info
= {
803 .name
= TYPE_SMC91C111
,
804 .parent
= TYPE_SYS_BUS_DEVICE
,
805 .instance_size
= sizeof(smc91c111_state
),
806 .class_init
= smc91c111_class_init
,
809 static void smc91c111_register_types(void)
811 type_register_static(&smc91c111_info
);
814 /* Legacy helper function. Should go away when machine config files are
816 void smc91c111_init(NICInfo
*nd
, uint32_t base
, qemu_irq irq
)
821 qemu_check_nic_model(nd
, "smc91c111");
822 dev
= qdev_create(NULL
, TYPE_SMC91C111
);
823 qdev_set_nic_properties(dev
, nd
);
824 qdev_init_nofail(dev
);
825 s
= SYS_BUS_DEVICE(dev
);
826 sysbus_mmio_map(s
, 0, base
);
827 sysbus_connect_irq(s
, 0, irq
);
830 type_init(smc91c111_register_types
)