pcnet: fix rx buffer overflow(CVE-2015-7512)
[qemu.git] / hw / net / pcnet.c
1 /*
2 * QEMU AMD PC-Net II (Am79C970A) emulation
3 *
4 * Copyright (c) 2004 Antony T Curtis
5 *
6 * Permission is hereby granted, free of charge, to any person obtaining a copy
7 * of this software and associated documentation files (the "Software"), to deal
8 * in the Software without restriction, including without limitation the rights
9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10 * copies of the Software, and to permit persons to whom the Software is
11 * furnished to do so, subject to the following conditions:
12 *
13 * The above copyright notice and this permission notice shall be included in
14 * all copies or substantial portions of the Software.
15 *
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
22 * THE SOFTWARE.
23 */
24
25 /* This software was written to be compatible with the specification:
26 * AMD Am79C970A PCnet-PCI II Ethernet Controller Data-Sheet
27 * AMD Publication# 19436 Rev:E Amendment/0 Issue Date: June 2000
28 */
29
30 /*
31 * On Sparc32, this is the Lance (Am7990) part of chip STP2000 (Master I/O), also
32 * produced as NCR89C100. See
33 * http://www.ibiblio.org/pub/historic-linux/early-ports/Sparc/NCR/NCR89C100.txt
34 * and
35 * http://www.ibiblio.org/pub/historic-linux/early-ports/Sparc/NCR/NCR92C990.txt
36 */
37
38 #include "hw/qdev.h"
39 #include "net/net.h"
40 #include "qemu/timer.h"
41 #include "qemu/sockets.h"
42 #include "sysemu/sysemu.h"
43 #include "trace.h"
44
45 #include "pcnet.h"
46
47 //#define PCNET_DEBUG
48 //#define PCNET_DEBUG_IO
49 //#define PCNET_DEBUG_BCR
50 //#define PCNET_DEBUG_CSR
51 //#define PCNET_DEBUG_RMD
52 //#define PCNET_DEBUG_TMD
53 //#define PCNET_DEBUG_MATCH
54
55
56 struct qemu_ether_header {
57 uint8_t ether_dhost[6];
58 uint8_t ether_shost[6];
59 uint16_t ether_type;
60 };
61
62 #define CSR_INIT(S) !!(((S)->csr[0])&0x0001)
63 #define CSR_STRT(S) !!(((S)->csr[0])&0x0002)
64 #define CSR_STOP(S) !!(((S)->csr[0])&0x0004)
65 #define CSR_TDMD(S) !!(((S)->csr[0])&0x0008)
66 #define CSR_TXON(S) !!(((S)->csr[0])&0x0010)
67 #define CSR_RXON(S) !!(((S)->csr[0])&0x0020)
68 #define CSR_INEA(S) !!(((S)->csr[0])&0x0040)
69 #define CSR_BSWP(S) !!(((S)->csr[3])&0x0004)
70 #define CSR_LAPPEN(S) !!(((S)->csr[3])&0x0020)
71 #define CSR_DXSUFLO(S) !!(((S)->csr[3])&0x0040)
72 #define CSR_ASTRP_RCV(S) !!(((S)->csr[4])&0x0800)
73 #define CSR_DPOLL(S) !!(((S)->csr[4])&0x1000)
74 #define CSR_SPND(S) !!(((S)->csr[5])&0x0001)
75 #define CSR_LTINTEN(S) !!(((S)->csr[5])&0x4000)
76 #define CSR_TOKINTD(S) !!(((S)->csr[5])&0x8000)
77 #define CSR_DRX(S) !!(((S)->csr[15])&0x0001)
78 #define CSR_DTX(S) !!(((S)->csr[15])&0x0002)
79 #define CSR_LOOP(S) !!(((S)->csr[15])&0x0004)
80 #define CSR_DXMTFCS(S) !!(((S)->csr[15])&0x0008)
81 #define CSR_INTL(S) !!(((S)->csr[15])&0x0040)
82 #define CSR_DRCVPA(S) !!(((S)->csr[15])&0x2000)
83 #define CSR_DRCVBC(S) !!(((S)->csr[15])&0x4000)
84 #define CSR_PROM(S) !!(((S)->csr[15])&0x8000)
85
86 #define CSR_CRBC(S) ((S)->csr[40])
87 #define CSR_CRST(S) ((S)->csr[41])
88 #define CSR_CXBC(S) ((S)->csr[42])
89 #define CSR_CXST(S) ((S)->csr[43])
90 #define CSR_NRBC(S) ((S)->csr[44])
91 #define CSR_NRST(S) ((S)->csr[45])
92 #define CSR_POLL(S) ((S)->csr[46])
93 #define CSR_PINT(S) ((S)->csr[47])
94 #define CSR_RCVRC(S) ((S)->csr[72])
95 #define CSR_XMTRC(S) ((S)->csr[74])
96 #define CSR_RCVRL(S) ((S)->csr[76])
97 #define CSR_XMTRL(S) ((S)->csr[78])
98 #define CSR_MISSC(S) ((S)->csr[112])
99
100 #define CSR_IADR(S) ((S)->csr[ 1] | ((uint32_t)(S)->csr[ 2] << 16))
101 #define CSR_CRBA(S) ((S)->csr[18] | ((uint32_t)(S)->csr[19] << 16))
102 #define CSR_CXBA(S) ((S)->csr[20] | ((uint32_t)(S)->csr[21] << 16))
103 #define CSR_NRBA(S) ((S)->csr[22] | ((uint32_t)(S)->csr[23] << 16))
104 #define CSR_BADR(S) ((S)->csr[24] | ((uint32_t)(S)->csr[25] << 16))
105 #define CSR_NRDA(S) ((S)->csr[26] | ((uint32_t)(S)->csr[27] << 16))
106 #define CSR_CRDA(S) ((S)->csr[28] | ((uint32_t)(S)->csr[29] << 16))
107 #define CSR_BADX(S) ((S)->csr[30] | ((uint32_t)(S)->csr[31] << 16))
108 #define CSR_NXDA(S) ((S)->csr[32] | ((uint32_t)(S)->csr[33] << 16))
109 #define CSR_CXDA(S) ((S)->csr[34] | ((uint32_t)(S)->csr[35] << 16))
110 #define CSR_NNRD(S) ((S)->csr[36] | ((uint32_t)(S)->csr[37] << 16))
111 #define CSR_NNXD(S) ((S)->csr[38] | ((uint32_t)(S)->csr[39] << 16))
112 #define CSR_PXDA(S) ((S)->csr[60] | ((uint32_t)(S)->csr[61] << 16))
113 #define CSR_NXBA(S) ((S)->csr[64] | ((uint32_t)(S)->csr[65] << 16))
114
115 #define PHYSADDR(S,A) \
116 (BCR_SSIZE32(S) ? (A) : (A) | ((0xff00 & (uint32_t)(S)->csr[2])<<16))
117
118 struct pcnet_initblk16 {
119 uint16_t mode;
120 uint16_t padr[3];
121 uint16_t ladrf[4];
122 uint32_t rdra;
123 uint32_t tdra;
124 };
125
126 struct pcnet_initblk32 {
127 uint16_t mode;
128 uint8_t rlen;
129 uint8_t tlen;
130 uint16_t padr[3];
131 uint16_t _res;
132 uint16_t ladrf[4];
133 uint32_t rdra;
134 uint32_t tdra;
135 };
136
137 struct pcnet_TMD {
138 uint32_t tbadr;
139 int16_t length;
140 int16_t status;
141 uint32_t misc;
142 uint32_t res;
143 };
144
145 #define TMDL_BCNT_MASK 0x0fff
146 #define TMDL_BCNT_SH 0
147 #define TMDL_ONES_MASK 0xf000
148 #define TMDL_ONES_SH 12
149
150 #define TMDS_BPE_MASK 0x0080
151 #define TMDS_BPE_SH 7
152 #define TMDS_ENP_MASK 0x0100
153 #define TMDS_ENP_SH 8
154 #define TMDS_STP_MASK 0x0200
155 #define TMDS_STP_SH 9
156 #define TMDS_DEF_MASK 0x0400
157 #define TMDS_DEF_SH 10
158 #define TMDS_ONE_MASK 0x0800
159 #define TMDS_ONE_SH 11
160 #define TMDS_LTINT_MASK 0x1000
161 #define TMDS_LTINT_SH 12
162 #define TMDS_NOFCS_MASK 0x2000
163 #define TMDS_NOFCS_SH 13
164 #define TMDS_ADDFCS_MASK TMDS_NOFCS_MASK
165 #define TMDS_ADDFCS_SH TMDS_NOFCS_SH
166 #define TMDS_ERR_MASK 0x4000
167 #define TMDS_ERR_SH 14
168 #define TMDS_OWN_MASK 0x8000
169 #define TMDS_OWN_SH 15
170
171 #define TMDM_TRC_MASK 0x0000000f
172 #define TMDM_TRC_SH 0
173 #define TMDM_TDR_MASK 0x03ff0000
174 #define TMDM_TDR_SH 16
175 #define TMDM_RTRY_MASK 0x04000000
176 #define TMDM_RTRY_SH 26
177 #define TMDM_LCAR_MASK 0x08000000
178 #define TMDM_LCAR_SH 27
179 #define TMDM_LCOL_MASK 0x10000000
180 #define TMDM_LCOL_SH 28
181 #define TMDM_EXDEF_MASK 0x20000000
182 #define TMDM_EXDEF_SH 29
183 #define TMDM_UFLO_MASK 0x40000000
184 #define TMDM_UFLO_SH 30
185 #define TMDM_BUFF_MASK 0x80000000
186 #define TMDM_BUFF_SH 31
187
188 struct pcnet_RMD {
189 uint32_t rbadr;
190 int16_t buf_length;
191 int16_t status;
192 uint32_t msg_length;
193 uint32_t res;
194 };
195
196 #define RMDL_BCNT_MASK 0x0fff
197 #define RMDL_BCNT_SH 0
198 #define RMDL_ONES_MASK 0xf000
199 #define RMDL_ONES_SH 12
200
201 #define RMDS_BAM_MASK 0x0010
202 #define RMDS_BAM_SH 4
203 #define RMDS_LFAM_MASK 0x0020
204 #define RMDS_LFAM_SH 5
205 #define RMDS_PAM_MASK 0x0040
206 #define RMDS_PAM_SH 6
207 #define RMDS_BPE_MASK 0x0080
208 #define RMDS_BPE_SH 7
209 #define RMDS_ENP_MASK 0x0100
210 #define RMDS_ENP_SH 8
211 #define RMDS_STP_MASK 0x0200
212 #define RMDS_STP_SH 9
213 #define RMDS_BUFF_MASK 0x0400
214 #define RMDS_BUFF_SH 10
215 #define RMDS_CRC_MASK 0x0800
216 #define RMDS_CRC_SH 11
217 #define RMDS_OFLO_MASK 0x1000
218 #define RMDS_OFLO_SH 12
219 #define RMDS_FRAM_MASK 0x2000
220 #define RMDS_FRAM_SH 13
221 #define RMDS_ERR_MASK 0x4000
222 #define RMDS_ERR_SH 14
223 #define RMDS_OWN_MASK 0x8000
224 #define RMDS_OWN_SH 15
225
226 #define RMDM_MCNT_MASK 0x00000fff
227 #define RMDM_MCNT_SH 0
228 #define RMDM_ZEROS_MASK 0x0000f000
229 #define RMDM_ZEROS_SH 12
230 #define RMDM_RPC_MASK 0x00ff0000
231 #define RMDM_RPC_SH 16
232 #define RMDM_RCC_MASK 0xff000000
233 #define RMDM_RCC_SH 24
234
235 #define SET_FIELD(regp, name, field, value) \
236 (*(regp) = (*(regp) & ~(name ## _ ## field ## _MASK)) \
237 | ((value) << name ## _ ## field ## _SH))
238
239 #define GET_FIELD(reg, name, field) \
240 (((reg) & name ## _ ## field ## _MASK) >> name ## _ ## field ## _SH)
241
242 #define PRINT_TMD(T) printf( \
243 "TMD0 : TBADR=0x%08x\n" \
244 "TMD1 : OWN=%d, ERR=%d, FCS=%d, LTI=%d, " \
245 "ONE=%d, DEF=%d, STP=%d, ENP=%d,\n" \
246 " BPE=%d, BCNT=%d\n" \
247 "TMD2 : BUF=%d, UFL=%d, EXD=%d, LCO=%d, " \
248 "LCA=%d, RTR=%d,\n" \
249 " TDR=%d, TRC=%d\n", \
250 (T)->tbadr, \
251 GET_FIELD((T)->status, TMDS, OWN), \
252 GET_FIELD((T)->status, TMDS, ERR), \
253 GET_FIELD((T)->status, TMDS, NOFCS), \
254 GET_FIELD((T)->status, TMDS, LTINT), \
255 GET_FIELD((T)->status, TMDS, ONE), \
256 GET_FIELD((T)->status, TMDS, DEF), \
257 GET_FIELD((T)->status, TMDS, STP), \
258 GET_FIELD((T)->status, TMDS, ENP), \
259 GET_FIELD((T)->status, TMDS, BPE), \
260 4096-GET_FIELD((T)->length, TMDL, BCNT), \
261 GET_FIELD((T)->misc, TMDM, BUFF), \
262 GET_FIELD((T)->misc, TMDM, UFLO), \
263 GET_FIELD((T)->misc, TMDM, EXDEF), \
264 GET_FIELD((T)->misc, TMDM, LCOL), \
265 GET_FIELD((T)->misc, TMDM, LCAR), \
266 GET_FIELD((T)->misc, TMDM, RTRY), \
267 GET_FIELD((T)->misc, TMDM, TDR), \
268 GET_FIELD((T)->misc, TMDM, TRC))
269
270 #define PRINT_RMD(R) printf( \
271 "RMD0 : RBADR=0x%08x\n" \
272 "RMD1 : OWN=%d, ERR=%d, FRAM=%d, OFLO=%d, " \
273 "CRC=%d, BUFF=%d, STP=%d, ENP=%d,\n " \
274 "BPE=%d, PAM=%d, LAFM=%d, BAM=%d, ONES=%d, BCNT=%d\n" \
275 "RMD2 : RCC=%d, RPC=%d, MCNT=%d, ZEROS=%d\n", \
276 (R)->rbadr, \
277 GET_FIELD((R)->status, RMDS, OWN), \
278 GET_FIELD((R)->status, RMDS, ERR), \
279 GET_FIELD((R)->status, RMDS, FRAM), \
280 GET_FIELD((R)->status, RMDS, OFLO), \
281 GET_FIELD((R)->status, RMDS, CRC), \
282 GET_FIELD((R)->status, RMDS, BUFF), \
283 GET_FIELD((R)->status, RMDS, STP), \
284 GET_FIELD((R)->status, RMDS, ENP), \
285 GET_FIELD((R)->status, RMDS, BPE), \
286 GET_FIELD((R)->status, RMDS, PAM), \
287 GET_FIELD((R)->status, RMDS, LFAM), \
288 GET_FIELD((R)->status, RMDS, BAM), \
289 GET_FIELD((R)->buf_length, RMDL, ONES), \
290 4096-GET_FIELD((R)->buf_length, RMDL, BCNT), \
291 GET_FIELD((R)->msg_length, RMDM, RCC), \
292 GET_FIELD((R)->msg_length, RMDM, RPC), \
293 GET_FIELD((R)->msg_length, RMDM, MCNT), \
294 GET_FIELD((R)->msg_length, RMDM, ZEROS))
295
296 static inline void pcnet_tmd_load(PCNetState *s, struct pcnet_TMD *tmd,
297 hwaddr addr)
298 {
299 if (!BCR_SSIZE32(s)) {
300 struct {
301 uint32_t tbadr;
302 int16_t length;
303 int16_t status;
304 } xda;
305 s->phys_mem_read(s->dma_opaque, addr, (void *)&xda, sizeof(xda), 0);
306 tmd->tbadr = le32_to_cpu(xda.tbadr) & 0xffffff;
307 tmd->length = le16_to_cpu(xda.length);
308 tmd->status = (le32_to_cpu(xda.tbadr) >> 16) & 0xff00;
309 tmd->misc = le16_to_cpu(xda.status) << 16;
310 tmd->res = 0;
311 } else {
312 s->phys_mem_read(s->dma_opaque, addr, (void *)tmd, sizeof(*tmd), 0);
313 le32_to_cpus(&tmd->tbadr);
314 le16_to_cpus((uint16_t *)&tmd->length);
315 le16_to_cpus((uint16_t *)&tmd->status);
316 le32_to_cpus(&tmd->misc);
317 le32_to_cpus(&tmd->res);
318 if (BCR_SWSTYLE(s) == 3) {
319 uint32_t tmp = tmd->tbadr;
320 tmd->tbadr = tmd->misc;
321 tmd->misc = tmp;
322 }
323 }
324 }
325
326 static inline void pcnet_tmd_store(PCNetState *s, const struct pcnet_TMD *tmd,
327 hwaddr addr)
328 {
329 if (!BCR_SSIZE32(s)) {
330 struct {
331 uint32_t tbadr;
332 int16_t length;
333 int16_t status;
334 } xda;
335 xda.tbadr = cpu_to_le32((tmd->tbadr & 0xffffff) |
336 ((tmd->status & 0xff00) << 16));
337 xda.length = cpu_to_le16(tmd->length);
338 xda.status = cpu_to_le16(tmd->misc >> 16);
339 s->phys_mem_write(s->dma_opaque, addr, (void *)&xda, sizeof(xda), 0);
340 } else {
341 struct {
342 uint32_t tbadr;
343 int16_t length;
344 int16_t status;
345 uint32_t misc;
346 uint32_t res;
347 } xda;
348 xda.tbadr = cpu_to_le32(tmd->tbadr);
349 xda.length = cpu_to_le16(tmd->length);
350 xda.status = cpu_to_le16(tmd->status);
351 xda.misc = cpu_to_le32(tmd->misc);
352 xda.res = cpu_to_le32(tmd->res);
353 if (BCR_SWSTYLE(s) == 3) {
354 uint32_t tmp = xda.tbadr;
355 xda.tbadr = xda.misc;
356 xda.misc = tmp;
357 }
358 s->phys_mem_write(s->dma_opaque, addr, (void *)&xda, sizeof(xda), 0);
359 }
360 }
361
362 static inline void pcnet_rmd_load(PCNetState *s, struct pcnet_RMD *rmd,
363 hwaddr addr)
364 {
365 if (!BCR_SSIZE32(s)) {
366 struct {
367 uint32_t rbadr;
368 int16_t buf_length;
369 int16_t msg_length;
370 } rda;
371 s->phys_mem_read(s->dma_opaque, addr, (void *)&rda, sizeof(rda), 0);
372 rmd->rbadr = le32_to_cpu(rda.rbadr) & 0xffffff;
373 rmd->buf_length = le16_to_cpu(rda.buf_length);
374 rmd->status = (le32_to_cpu(rda.rbadr) >> 16) & 0xff00;
375 rmd->msg_length = le16_to_cpu(rda.msg_length);
376 rmd->res = 0;
377 } else {
378 s->phys_mem_read(s->dma_opaque, addr, (void *)rmd, sizeof(*rmd), 0);
379 le32_to_cpus(&rmd->rbadr);
380 le16_to_cpus((uint16_t *)&rmd->buf_length);
381 le16_to_cpus((uint16_t *)&rmd->status);
382 le32_to_cpus(&rmd->msg_length);
383 le32_to_cpus(&rmd->res);
384 if (BCR_SWSTYLE(s) == 3) {
385 uint32_t tmp = rmd->rbadr;
386 rmd->rbadr = rmd->msg_length;
387 rmd->msg_length = tmp;
388 }
389 }
390 }
391
392 static inline void pcnet_rmd_store(PCNetState *s, struct pcnet_RMD *rmd,
393 hwaddr addr)
394 {
395 if (!BCR_SSIZE32(s)) {
396 struct {
397 uint32_t rbadr;
398 int16_t buf_length;
399 int16_t msg_length;
400 } rda;
401 rda.rbadr = cpu_to_le32((rmd->rbadr & 0xffffff) |
402 ((rmd->status & 0xff00) << 16));
403 rda.buf_length = cpu_to_le16(rmd->buf_length);
404 rda.msg_length = cpu_to_le16(rmd->msg_length);
405 s->phys_mem_write(s->dma_opaque, addr, (void *)&rda, sizeof(rda), 0);
406 } else {
407 struct {
408 uint32_t rbadr;
409 int16_t buf_length;
410 int16_t status;
411 uint32_t msg_length;
412 uint32_t res;
413 } rda;
414 rda.rbadr = cpu_to_le32(rmd->rbadr);
415 rda.buf_length = cpu_to_le16(rmd->buf_length);
416 rda.status = cpu_to_le16(rmd->status);
417 rda.msg_length = cpu_to_le32(rmd->msg_length);
418 rda.res = cpu_to_le32(rmd->res);
419 if (BCR_SWSTYLE(s) == 3) {
420 uint32_t tmp = rda.rbadr;
421 rda.rbadr = rda.msg_length;
422 rda.msg_length = tmp;
423 }
424 s->phys_mem_write(s->dma_opaque, addr, (void *)&rda, sizeof(rda), 0);
425 }
426 }
427
428
429 #define TMDLOAD(TMD,ADDR) pcnet_tmd_load(s,TMD,ADDR)
430
431 #define TMDSTORE(TMD,ADDR) pcnet_tmd_store(s,TMD,ADDR)
432
433 #define RMDLOAD(RMD,ADDR) pcnet_rmd_load(s,RMD,ADDR)
434
435 #define RMDSTORE(RMD,ADDR) pcnet_rmd_store(s,RMD,ADDR)
436
437 #if 1
438
439 #define CHECK_RMD(ADDR,RES) do { \
440 struct pcnet_RMD rmd; \
441 RMDLOAD(&rmd,(ADDR)); \
442 (RES) |= (GET_FIELD(rmd.buf_length, RMDL, ONES) != 15) \
443 || (GET_FIELD(rmd.msg_length, RMDM, ZEROS) != 0); \
444 } while (0)
445
446 #define CHECK_TMD(ADDR,RES) do { \
447 struct pcnet_TMD tmd; \
448 TMDLOAD(&tmd,(ADDR)); \
449 (RES) |= (GET_FIELD(tmd.length, TMDL, ONES) != 15); \
450 } while (0)
451
452 #else
453
454 #define CHECK_RMD(ADDR,RES) do { \
455 switch (BCR_SWSTYLE(s)) { \
456 case 0x00: \
457 do { \
458 uint16_t rda[4]; \
459 s->phys_mem_read(s->dma_opaque, (ADDR), \
460 (void *)&rda[0], sizeof(rda), 0); \
461 (RES) |= (rda[2] & 0xf000)!=0xf000; \
462 (RES) |= (rda[3] & 0xf000)!=0x0000; \
463 } while (0); \
464 break; \
465 case 0x01: \
466 case 0x02: \
467 do { \
468 uint32_t rda[4]; \
469 s->phys_mem_read(s->dma_opaque, (ADDR), \
470 (void *)&rda[0], sizeof(rda), 0); \
471 (RES) |= (rda[1] & 0x0000f000L)!=0x0000f000L; \
472 (RES) |= (rda[2] & 0x0000f000L)!=0x00000000L; \
473 } while (0); \
474 break; \
475 case 0x03: \
476 do { \
477 uint32_t rda[4]; \
478 s->phys_mem_read(s->dma_opaque, (ADDR), \
479 (void *)&rda[0], sizeof(rda), 0); \
480 (RES) |= (rda[0] & 0x0000f000L)!=0x00000000L; \
481 (RES) |= (rda[1] & 0x0000f000L)!=0x0000f000L; \
482 } while (0); \
483 break; \
484 } \
485 } while (0)
486
487 #define CHECK_TMD(ADDR,RES) do { \
488 switch (BCR_SWSTYLE(s)) { \
489 case 0x00: \
490 do { \
491 uint16_t xda[4]; \
492 s->phys_mem_read(s->dma_opaque, (ADDR), \
493 (void *)&xda[0], sizeof(xda), 0); \
494 (RES) |= (xda[2] & 0xf000)!=0xf000; \
495 } while (0); \
496 break; \
497 case 0x01: \
498 case 0x02: \
499 case 0x03: \
500 do { \
501 uint32_t xda[4]; \
502 s->phys_mem_read(s->dma_opaque, (ADDR), \
503 (void *)&xda[0], sizeof(xda), 0); \
504 (RES) |= (xda[1] & 0x0000f000L)!=0x0000f000L; \
505 } while (0); \
506 break; \
507 } \
508 } while (0)
509
510 #endif
511
512 #define PRINT_PKTHDR(BUF) do { \
513 struct qemu_ether_header *hdr = (void *)(BUF); \
514 printf("packet dhost=%02x:%02x:%02x:%02x:%02x:%02x, " \
515 "shost=%02x:%02x:%02x:%02x:%02x:%02x, " \
516 "type=0x%04x\n", \
517 hdr->ether_dhost[0],hdr->ether_dhost[1],hdr->ether_dhost[2], \
518 hdr->ether_dhost[3],hdr->ether_dhost[4],hdr->ether_dhost[5], \
519 hdr->ether_shost[0],hdr->ether_shost[1],hdr->ether_shost[2], \
520 hdr->ether_shost[3],hdr->ether_shost[4],hdr->ether_shost[5], \
521 be16_to_cpu(hdr->ether_type)); \
522 } while (0)
523
524 #define MULTICAST_FILTER_LEN 8
525
526 static inline uint32_t lnc_mchash(const uint8_t *ether_addr)
527 {
528 #define LNC_POLYNOMIAL 0xEDB88320UL
529 uint32_t crc = 0xFFFFFFFF;
530 int idx, bit;
531 uint8_t data;
532
533 for (idx = 0; idx < 6; idx++) {
534 for (data = *ether_addr++, bit = 0; bit < MULTICAST_FILTER_LEN; bit++) {
535 crc = (crc >> 1) ^ (((crc ^ data) & 1) ? LNC_POLYNOMIAL : 0);
536 data >>= 1;
537 }
538 }
539 return crc;
540 #undef LNC_POLYNOMIAL
541 }
542
543 #define CRC(crc, ch) (crc = (crc >> 8) ^ crctab[(crc ^ (ch)) & 0xff])
544
545 /* generated using the AUTODIN II polynomial
546 * x^32 + x^26 + x^23 + x^22 + x^16 +
547 * x^12 + x^11 + x^10 + x^8 + x^7 + x^5 + x^4 + x^2 + x^1 + 1
548 */
549 static const uint32_t crctab[256] = {
550 0x00000000, 0x77073096, 0xee0e612c, 0x990951ba,
551 0x076dc419, 0x706af48f, 0xe963a535, 0x9e6495a3,
552 0x0edb8832, 0x79dcb8a4, 0xe0d5e91e, 0x97d2d988,
553 0x09b64c2b, 0x7eb17cbd, 0xe7b82d07, 0x90bf1d91,
554 0x1db71064, 0x6ab020f2, 0xf3b97148, 0x84be41de,
555 0x1adad47d, 0x6ddde4eb, 0xf4d4b551, 0x83d385c7,
556 0x136c9856, 0x646ba8c0, 0xfd62f97a, 0x8a65c9ec,
557 0x14015c4f, 0x63066cd9, 0xfa0f3d63, 0x8d080df5,
558 0x3b6e20c8, 0x4c69105e, 0xd56041e4, 0xa2677172,
559 0x3c03e4d1, 0x4b04d447, 0xd20d85fd, 0xa50ab56b,
560 0x35b5a8fa, 0x42b2986c, 0xdbbbc9d6, 0xacbcf940,
561 0x32d86ce3, 0x45df5c75, 0xdcd60dcf, 0xabd13d59,
562 0x26d930ac, 0x51de003a, 0xc8d75180, 0xbfd06116,
563 0x21b4f4b5, 0x56b3c423, 0xcfba9599, 0xb8bda50f,
564 0x2802b89e, 0x5f058808, 0xc60cd9b2, 0xb10be924,
565 0x2f6f7c87, 0x58684c11, 0xc1611dab, 0xb6662d3d,
566 0x76dc4190, 0x01db7106, 0x98d220bc, 0xefd5102a,
567 0x71b18589, 0x06b6b51f, 0x9fbfe4a5, 0xe8b8d433,
568 0x7807c9a2, 0x0f00f934, 0x9609a88e, 0xe10e9818,
569 0x7f6a0dbb, 0x086d3d2d, 0x91646c97, 0xe6635c01,
570 0x6b6b51f4, 0x1c6c6162, 0x856530d8, 0xf262004e,
571 0x6c0695ed, 0x1b01a57b, 0x8208f4c1, 0xf50fc457,
572 0x65b0d9c6, 0x12b7e950, 0x8bbeb8ea, 0xfcb9887c,
573 0x62dd1ddf, 0x15da2d49, 0x8cd37cf3, 0xfbd44c65,
574 0x4db26158, 0x3ab551ce, 0xa3bc0074, 0xd4bb30e2,
575 0x4adfa541, 0x3dd895d7, 0xa4d1c46d, 0xd3d6f4fb,
576 0x4369e96a, 0x346ed9fc, 0xad678846, 0xda60b8d0,
577 0x44042d73, 0x33031de5, 0xaa0a4c5f, 0xdd0d7cc9,
578 0x5005713c, 0x270241aa, 0xbe0b1010, 0xc90c2086,
579 0x5768b525, 0x206f85b3, 0xb966d409, 0xce61e49f,
580 0x5edef90e, 0x29d9c998, 0xb0d09822, 0xc7d7a8b4,
581 0x59b33d17, 0x2eb40d81, 0xb7bd5c3b, 0xc0ba6cad,
582 0xedb88320, 0x9abfb3b6, 0x03b6e20c, 0x74b1d29a,
583 0xead54739, 0x9dd277af, 0x04db2615, 0x73dc1683,
584 0xe3630b12, 0x94643b84, 0x0d6d6a3e, 0x7a6a5aa8,
585 0xe40ecf0b, 0x9309ff9d, 0x0a00ae27, 0x7d079eb1,
586 0xf00f9344, 0x8708a3d2, 0x1e01f268, 0x6906c2fe,
587 0xf762575d, 0x806567cb, 0x196c3671, 0x6e6b06e7,
588 0xfed41b76, 0x89d32be0, 0x10da7a5a, 0x67dd4acc,
589 0xf9b9df6f, 0x8ebeeff9, 0x17b7be43, 0x60b08ed5,
590 0xd6d6a3e8, 0xa1d1937e, 0x38d8c2c4, 0x4fdff252,
591 0xd1bb67f1, 0xa6bc5767, 0x3fb506dd, 0x48b2364b,
592 0xd80d2bda, 0xaf0a1b4c, 0x36034af6, 0x41047a60,
593 0xdf60efc3, 0xa867df55, 0x316e8eef, 0x4669be79,
594 0xcb61b38c, 0xbc66831a, 0x256fd2a0, 0x5268e236,
595 0xcc0c7795, 0xbb0b4703, 0x220216b9, 0x5505262f,
596 0xc5ba3bbe, 0xb2bd0b28, 0x2bb45a92, 0x5cb36a04,
597 0xc2d7ffa7, 0xb5d0cf31, 0x2cd99e8b, 0x5bdeae1d,
598 0x9b64c2b0, 0xec63f226, 0x756aa39c, 0x026d930a,
599 0x9c0906a9, 0xeb0e363f, 0x72076785, 0x05005713,
600 0x95bf4a82, 0xe2b87a14, 0x7bb12bae, 0x0cb61b38,
601 0x92d28e9b, 0xe5d5be0d, 0x7cdcefb7, 0x0bdbdf21,
602 0x86d3d2d4, 0xf1d4e242, 0x68ddb3f8, 0x1fda836e,
603 0x81be16cd, 0xf6b9265b, 0x6fb077e1, 0x18b74777,
604 0x88085ae6, 0xff0f6a70, 0x66063bca, 0x11010b5c,
605 0x8f659eff, 0xf862ae69, 0x616bffd3, 0x166ccf45,
606 0xa00ae278, 0xd70dd2ee, 0x4e048354, 0x3903b3c2,
607 0xa7672661, 0xd06016f7, 0x4969474d, 0x3e6e77db,
608 0xaed16a4a, 0xd9d65adc, 0x40df0b66, 0x37d83bf0,
609 0xa9bcae53, 0xdebb9ec5, 0x47b2cf7f, 0x30b5ffe9,
610 0xbdbdf21c, 0xcabac28a, 0x53b39330, 0x24b4a3a6,
611 0xbad03605, 0xcdd70693, 0x54de5729, 0x23d967bf,
612 0xb3667a2e, 0xc4614ab8, 0x5d681b02, 0x2a6f2b94,
613 0xb40bbe37, 0xc30c8ea1, 0x5a05df1b, 0x2d02ef8d,
614 };
615
616 static inline int padr_match(PCNetState *s, const uint8_t *buf, int size)
617 {
618 struct qemu_ether_header *hdr = (void *)buf;
619 uint8_t padr[6] = {
620 s->csr[12] & 0xff, s->csr[12] >> 8,
621 s->csr[13] & 0xff, s->csr[13] >> 8,
622 s->csr[14] & 0xff, s->csr[14] >> 8
623 };
624 int result = (!CSR_DRCVPA(s)) && !memcmp(hdr->ether_dhost, padr, 6);
625 #ifdef PCNET_DEBUG_MATCH
626 printf("packet dhost=%02x:%02x:%02x:%02x:%02x:%02x, "
627 "padr=%02x:%02x:%02x:%02x:%02x:%02x\n",
628 hdr->ether_dhost[0],hdr->ether_dhost[1],hdr->ether_dhost[2],
629 hdr->ether_dhost[3],hdr->ether_dhost[4],hdr->ether_dhost[5],
630 padr[0],padr[1],padr[2],padr[3],padr[4],padr[5]);
631 printf("padr_match result=%d\n", result);
632 #endif
633 return result;
634 }
635
636 static inline int padr_bcast(PCNetState *s, const uint8_t *buf, int size)
637 {
638 static const uint8_t BCAST[6] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
639 struct qemu_ether_header *hdr = (void *)buf;
640 int result = !CSR_DRCVBC(s) && !memcmp(hdr->ether_dhost, BCAST, 6);
641 #ifdef PCNET_DEBUG_MATCH
642 printf("padr_bcast result=%d\n", result);
643 #endif
644 return result;
645 }
646
647 static inline int ladr_match(PCNetState *s, const uint8_t *buf, int size)
648 {
649 struct qemu_ether_header *hdr = (void *)buf;
650 if ((*(hdr->ether_dhost)&0x01) &&
651 ((uint64_t *)&s->csr[8])[0] != 0LL) {
652 uint8_t ladr[8] = {
653 s->csr[8] & 0xff, s->csr[8] >> 8,
654 s->csr[9] & 0xff, s->csr[9] >> 8,
655 s->csr[10] & 0xff, s->csr[10] >> 8,
656 s->csr[11] & 0xff, s->csr[11] >> 8
657 };
658 int index = lnc_mchash(hdr->ether_dhost) >> 26;
659 return !!(ladr[index >> 3] & (1 << (index & 7)));
660 }
661 return 0;
662 }
663
664 static inline hwaddr pcnet_rdra_addr(PCNetState *s, int idx)
665 {
666 while (idx < 1) idx += CSR_RCVRL(s);
667 return s->rdra + ((CSR_RCVRL(s) - idx) * (BCR_SWSTYLE(s) ? 16 : 8));
668 }
669
670 static inline int64_t pcnet_get_next_poll_time(PCNetState *s, int64_t current_time)
671 {
672 int64_t next_time = current_time +
673 (65536 - (CSR_SPND(s) ? 0 : CSR_POLL(s))) * 30;
674 if (next_time <= current_time)
675 next_time = current_time + 1;
676 return next_time;
677 }
678
679 static void pcnet_poll(PCNetState *s);
680 static void pcnet_poll_timer(void *opaque);
681
682 static uint32_t pcnet_csr_readw(PCNetState *s, uint32_t rap);
683 static void pcnet_csr_writew(PCNetState *s, uint32_t rap, uint32_t new_value);
684 static void pcnet_bcr_writew(PCNetState *s, uint32_t rap, uint32_t val);
685
686 static void pcnet_s_reset(PCNetState *s)
687 {
688 trace_pcnet_s_reset(s);
689
690 s->rdra = 0;
691 s->tdra = 0;
692 s->rap = 0;
693
694 s->bcr[BCR_BSBC] &= ~0x0080;
695
696 s->csr[0] = 0x0004;
697 s->csr[3] = 0x0000;
698 s->csr[4] = 0x0115;
699 s->csr[5] = 0x0000;
700 s->csr[6] = 0x0000;
701 s->csr[8] = 0;
702 s->csr[9] = 0;
703 s->csr[10] = 0;
704 s->csr[11] = 0;
705 s->csr[12] = le16_to_cpu(((uint16_t *)&s->prom[0])[0]);
706 s->csr[13] = le16_to_cpu(((uint16_t *)&s->prom[0])[1]);
707 s->csr[14] = le16_to_cpu(((uint16_t *)&s->prom[0])[2]);
708 s->csr[15] &= 0x21c4;
709 s->csr[72] = 1;
710 s->csr[74] = 1;
711 s->csr[76] = 1;
712 s->csr[78] = 1;
713 s->csr[80] = 0x1410;
714 s->csr[88] = 0x1003;
715 s->csr[89] = 0x0262;
716 s->csr[94] = 0x0000;
717 s->csr[100] = 0x0200;
718 s->csr[103] = 0x0105;
719 s->csr[112] = 0x0000;
720 s->csr[114] = 0x0000;
721 s->csr[122] = 0x0000;
722 s->csr[124] = 0x0000;
723
724 s->tx_busy = 0;
725 }
726
727 static void pcnet_update_irq(PCNetState *s)
728 {
729 int isr = 0;
730 s->csr[0] &= ~0x0080;
731
732 #if 1
733 if (((s->csr[0] & ~s->csr[3]) & 0x5f00) ||
734 (((s->csr[4]>>1) & ~s->csr[4]) & 0x0115) ||
735 (((s->csr[5]>>1) & s->csr[5]) & 0x0048))
736 #else
737 if ((!(s->csr[3] & 0x4000) && !!(s->csr[0] & 0x4000)) /* BABL */ ||
738 (!(s->csr[3] & 0x1000) && !!(s->csr[0] & 0x1000)) /* MISS */ ||
739 (!(s->csr[3] & 0x0100) && !!(s->csr[0] & 0x0100)) /* IDON */ ||
740 (!(s->csr[3] & 0x0200) && !!(s->csr[0] & 0x0200)) /* TINT */ ||
741 (!(s->csr[3] & 0x0400) && !!(s->csr[0] & 0x0400)) /* RINT */ ||
742 (!(s->csr[3] & 0x0800) && !!(s->csr[0] & 0x0800)) /* MERR */ ||
743 (!(s->csr[4] & 0x0001) && !!(s->csr[4] & 0x0002)) /* JAB */ ||
744 (!(s->csr[4] & 0x0004) && !!(s->csr[4] & 0x0008)) /* TXSTRT */ ||
745 (!(s->csr[4] & 0x0010) && !!(s->csr[4] & 0x0020)) /* RCVO */ ||
746 (!(s->csr[4] & 0x0100) && !!(s->csr[4] & 0x0200)) /* MFCO */ ||
747 (!!(s->csr[5] & 0x0040) && !!(s->csr[5] & 0x0080)) /* EXDINT */ ||
748 (!!(s->csr[5] & 0x0008) && !!(s->csr[5] & 0x0010)) /* MPINT */)
749 #endif
750 {
751
752 isr = CSR_INEA(s);
753 s->csr[0] |= 0x0080;
754 }
755
756 if (!!(s->csr[4] & 0x0080) && CSR_INEA(s)) { /* UINT */
757 s->csr[4] &= ~0x0080;
758 s->csr[4] |= 0x0040;
759 s->csr[0] |= 0x0080;
760 isr = 1;
761 trace_pcnet_user_int(s);
762 }
763
764 #if 1
765 if (((s->csr[5]>>1) & s->csr[5]) & 0x0500)
766 #else
767 if ((!!(s->csr[5] & 0x0400) && !!(s->csr[5] & 0x0800)) /* SINT */ ||
768 (!!(s->csr[5] & 0x0100) && !!(s->csr[5] & 0x0200)) /* SLPINT */ )
769 #endif
770 {
771 isr = 1;
772 s->csr[0] |= 0x0080;
773 }
774
775 if (isr != s->isr) {
776 trace_pcnet_isr_change(s, isr, s->isr);
777 }
778 qemu_set_irq(s->irq, isr);
779 s->isr = isr;
780 }
781
782 static void pcnet_init(PCNetState *s)
783 {
784 int rlen, tlen;
785 uint16_t padr[3], ladrf[4], mode;
786 uint32_t rdra, tdra;
787
788 trace_pcnet_init(s, PHYSADDR(s, CSR_IADR(s)));
789
790 if (BCR_SSIZE32(s)) {
791 struct pcnet_initblk32 initblk;
792 s->phys_mem_read(s->dma_opaque, PHYSADDR(s,CSR_IADR(s)),
793 (uint8_t *)&initblk, sizeof(initblk), 0);
794 mode = le16_to_cpu(initblk.mode);
795 rlen = initblk.rlen >> 4;
796 tlen = initblk.tlen >> 4;
797 ladrf[0] = le16_to_cpu(initblk.ladrf[0]);
798 ladrf[1] = le16_to_cpu(initblk.ladrf[1]);
799 ladrf[2] = le16_to_cpu(initblk.ladrf[2]);
800 ladrf[3] = le16_to_cpu(initblk.ladrf[3]);
801 padr[0] = le16_to_cpu(initblk.padr[0]);
802 padr[1] = le16_to_cpu(initblk.padr[1]);
803 padr[2] = le16_to_cpu(initblk.padr[2]);
804 rdra = le32_to_cpu(initblk.rdra);
805 tdra = le32_to_cpu(initblk.tdra);
806 } else {
807 struct pcnet_initblk16 initblk;
808 s->phys_mem_read(s->dma_opaque, PHYSADDR(s,CSR_IADR(s)),
809 (uint8_t *)&initblk, sizeof(initblk), 0);
810 mode = le16_to_cpu(initblk.mode);
811 ladrf[0] = le16_to_cpu(initblk.ladrf[0]);
812 ladrf[1] = le16_to_cpu(initblk.ladrf[1]);
813 ladrf[2] = le16_to_cpu(initblk.ladrf[2]);
814 ladrf[3] = le16_to_cpu(initblk.ladrf[3]);
815 padr[0] = le16_to_cpu(initblk.padr[0]);
816 padr[1] = le16_to_cpu(initblk.padr[1]);
817 padr[2] = le16_to_cpu(initblk.padr[2]);
818 rdra = le32_to_cpu(initblk.rdra);
819 tdra = le32_to_cpu(initblk.tdra);
820 rlen = rdra >> 29;
821 tlen = tdra >> 29;
822 rdra &= 0x00ffffff;
823 tdra &= 0x00ffffff;
824 }
825
826 trace_pcnet_rlen_tlen(s, rlen, tlen);
827
828 CSR_RCVRL(s) = (rlen < 9) ? (1 << rlen) : 512;
829 CSR_XMTRL(s) = (tlen < 9) ? (1 << tlen) : 512;
830 s->csr[ 6] = (tlen << 12) | (rlen << 8);
831 s->csr[15] = mode;
832 s->csr[ 8] = ladrf[0];
833 s->csr[ 9] = ladrf[1];
834 s->csr[10] = ladrf[2];
835 s->csr[11] = ladrf[3];
836 s->csr[12] = padr[0];
837 s->csr[13] = padr[1];
838 s->csr[14] = padr[2];
839 s->rdra = PHYSADDR(s, rdra);
840 s->tdra = PHYSADDR(s, tdra);
841
842 CSR_RCVRC(s) = CSR_RCVRL(s);
843 CSR_XMTRC(s) = CSR_XMTRL(s);
844
845 trace_pcnet_ss32_rdra_tdra(s, BCR_SSIZE32(s),
846 s->rdra, CSR_RCVRL(s), s->tdra, CSR_XMTRL(s));
847
848 s->csr[0] |= 0x0101;
849 s->csr[0] &= ~0x0004; /* clear STOP bit */
850
851 qemu_flush_queued_packets(qemu_get_queue(s->nic));
852 }
853
854 static void pcnet_start(PCNetState *s)
855 {
856 #ifdef PCNET_DEBUG
857 printf("pcnet_start\n");
858 #endif
859
860 if (!CSR_DTX(s))
861 s->csr[0] |= 0x0010; /* set TXON */
862
863 if (!CSR_DRX(s))
864 s->csr[0] |= 0x0020; /* set RXON */
865
866 s->csr[0] &= ~0x0004; /* clear STOP bit */
867 s->csr[0] |= 0x0002;
868 pcnet_poll_timer(s);
869
870 qemu_flush_queued_packets(qemu_get_queue(s->nic));
871 }
872
873 static void pcnet_stop(PCNetState *s)
874 {
875 #ifdef PCNET_DEBUG
876 printf("pcnet_stop\n");
877 #endif
878 s->csr[0] &= ~0xffeb;
879 s->csr[0] |= 0x0014;
880 s->csr[4] &= ~0x02c2;
881 s->csr[5] &= ~0x0011;
882 pcnet_poll_timer(s);
883 }
884
885 static void pcnet_rdte_poll(PCNetState *s)
886 {
887 s->csr[28] = s->csr[29] = 0;
888 if (s->rdra) {
889 int bad = 0;
890 #if 1
891 hwaddr crda = pcnet_rdra_addr(s, CSR_RCVRC(s));
892 hwaddr nrda = pcnet_rdra_addr(s, -1 + CSR_RCVRC(s));
893 hwaddr nnrd = pcnet_rdra_addr(s, -2 + CSR_RCVRC(s));
894 #else
895 hwaddr crda = s->rdra +
896 (CSR_RCVRL(s) - CSR_RCVRC(s)) *
897 (BCR_SWSTYLE(s) ? 16 : 8 );
898 int nrdc = CSR_RCVRC(s)<=1 ? CSR_RCVRL(s) : CSR_RCVRC(s)-1;
899 hwaddr nrda = s->rdra +
900 (CSR_RCVRL(s) - nrdc) *
901 (BCR_SWSTYLE(s) ? 16 : 8 );
902 int nnrc = nrdc<=1 ? CSR_RCVRL(s) : nrdc-1;
903 hwaddr nnrd = s->rdra +
904 (CSR_RCVRL(s) - nnrc) *
905 (BCR_SWSTYLE(s) ? 16 : 8 );
906 #endif
907
908 CHECK_RMD(crda, bad);
909 if (!bad) {
910 CHECK_RMD(nrda, bad);
911 if (bad || (nrda == crda)) nrda = 0;
912 CHECK_RMD(nnrd, bad);
913 if (bad || (nnrd == crda)) nnrd = 0;
914
915 s->csr[28] = crda & 0xffff;
916 s->csr[29] = crda >> 16;
917 s->csr[26] = nrda & 0xffff;
918 s->csr[27] = nrda >> 16;
919 s->csr[36] = nnrd & 0xffff;
920 s->csr[37] = nnrd >> 16;
921 #ifdef PCNET_DEBUG
922 if (bad) {
923 printf("pcnet: BAD RMD RECORDS AFTER 0x" TARGET_FMT_plx "\n",
924 crda);
925 }
926 } else {
927 printf("pcnet: BAD RMD RDA=0x" TARGET_FMT_plx "\n",
928 crda);
929 #endif
930 }
931 }
932
933 if (CSR_CRDA(s)) {
934 struct pcnet_RMD rmd;
935 RMDLOAD(&rmd, PHYSADDR(s,CSR_CRDA(s)));
936 CSR_CRBC(s) = GET_FIELD(rmd.buf_length, RMDL, BCNT);
937 CSR_CRST(s) = rmd.status;
938 #ifdef PCNET_DEBUG_RMD_X
939 printf("CRDA=0x%08x CRST=0x%04x RCVRC=%d RMDL=0x%04x RMDS=0x%04x RMDM=0x%08x\n",
940 PHYSADDR(s,CSR_CRDA(s)), CSR_CRST(s), CSR_RCVRC(s),
941 rmd.buf_length, rmd.status, rmd.msg_length);
942 PRINT_RMD(&rmd);
943 #endif
944 } else {
945 CSR_CRBC(s) = CSR_CRST(s) = 0;
946 }
947
948 if (CSR_NRDA(s)) {
949 struct pcnet_RMD rmd;
950 RMDLOAD(&rmd, PHYSADDR(s,CSR_NRDA(s)));
951 CSR_NRBC(s) = GET_FIELD(rmd.buf_length, RMDL, BCNT);
952 CSR_NRST(s) = rmd.status;
953 } else {
954 CSR_NRBC(s) = CSR_NRST(s) = 0;
955 }
956
957 }
958
959 static int pcnet_tdte_poll(PCNetState *s)
960 {
961 s->csr[34] = s->csr[35] = 0;
962 if (s->tdra) {
963 hwaddr cxda = s->tdra +
964 (CSR_XMTRL(s) - CSR_XMTRC(s)) *
965 (BCR_SWSTYLE(s) ? 16 : 8);
966 int bad = 0;
967 CHECK_TMD(cxda, bad);
968 if (!bad) {
969 if (CSR_CXDA(s) != cxda) {
970 s->csr[60] = s->csr[34];
971 s->csr[61] = s->csr[35];
972 s->csr[62] = CSR_CXBC(s);
973 s->csr[63] = CSR_CXST(s);
974 }
975 s->csr[34] = cxda & 0xffff;
976 s->csr[35] = cxda >> 16;
977 #ifdef PCNET_DEBUG_X
978 printf("pcnet: BAD TMD XDA=0x%08x\n", cxda);
979 #endif
980 }
981 }
982
983 if (CSR_CXDA(s)) {
984 struct pcnet_TMD tmd;
985
986 TMDLOAD(&tmd, PHYSADDR(s,CSR_CXDA(s)));
987
988 CSR_CXBC(s) = GET_FIELD(tmd.length, TMDL, BCNT);
989 CSR_CXST(s) = tmd.status;
990 } else {
991 CSR_CXBC(s) = CSR_CXST(s) = 0;
992 }
993
994 return !!(CSR_CXST(s) & 0x8000);
995 }
996
997 #define MIN_BUF_SIZE 60
998
999 ssize_t pcnet_receive(NetClientState *nc, const uint8_t *buf, size_t size_)
1000 {
1001 PCNetState *s = qemu_get_nic_opaque(nc);
1002 int is_padr = 0, is_bcast = 0, is_ladr = 0;
1003 uint8_t buf1[60];
1004 int remaining;
1005 int crc_err = 0;
1006 int size = size_;
1007
1008 if (CSR_DRX(s) || CSR_STOP(s) || CSR_SPND(s) || !size ||
1009 (CSR_LOOP(s) && !s->looptest)) {
1010 return -1;
1011 }
1012 #ifdef PCNET_DEBUG
1013 printf("pcnet_receive size=%d\n", size);
1014 #endif
1015
1016 /* if too small buffer, then expand it */
1017 if (size < MIN_BUF_SIZE) {
1018 memcpy(buf1, buf, size);
1019 memset(buf1 + size, 0, MIN_BUF_SIZE - size);
1020 buf = buf1;
1021 size = MIN_BUF_SIZE;
1022 }
1023
1024 if (CSR_PROM(s)
1025 || (is_padr=padr_match(s, buf, size))
1026 || (is_bcast=padr_bcast(s, buf, size))
1027 || (is_ladr=ladr_match(s, buf, size))) {
1028
1029 pcnet_rdte_poll(s);
1030
1031 if (!(CSR_CRST(s) & 0x8000) && s->rdra) {
1032 struct pcnet_RMD rmd;
1033 int rcvrc = CSR_RCVRC(s)-1,i;
1034 hwaddr nrda;
1035 for (i = CSR_RCVRL(s)-1; i > 0; i--, rcvrc--) {
1036 if (rcvrc <= 1)
1037 rcvrc = CSR_RCVRL(s);
1038 nrda = s->rdra +
1039 (CSR_RCVRL(s) - rcvrc) *
1040 (BCR_SWSTYLE(s) ? 16 : 8 );
1041 RMDLOAD(&rmd, nrda);
1042 if (GET_FIELD(rmd.status, RMDS, OWN)) {
1043 #ifdef PCNET_DEBUG_RMD
1044 printf("pcnet - scan buffer: RCVRC=%d PREV_RCVRC=%d\n",
1045 rcvrc, CSR_RCVRC(s));
1046 #endif
1047 CSR_RCVRC(s) = rcvrc;
1048 pcnet_rdte_poll(s);
1049 break;
1050 }
1051 }
1052 }
1053
1054 if (!(CSR_CRST(s) & 0x8000)) {
1055 #ifdef PCNET_DEBUG_RMD
1056 printf("pcnet - no buffer: RCVRC=%d\n", CSR_RCVRC(s));
1057 #endif
1058 s->csr[0] |= 0x1000; /* Set MISS flag */
1059 CSR_MISSC(s)++;
1060 } else {
1061 uint8_t *src = s->buffer;
1062 hwaddr crda = CSR_CRDA(s);
1063 struct pcnet_RMD rmd;
1064 int pktcount = 0;
1065
1066 if (!s->looptest) {
1067 if (size > 4092) {
1068 #ifdef PCNET_DEBUG_RMD
1069 fprintf(stderr, "pcnet: truncates rx packet.\n");
1070 #endif
1071 size = 4092;
1072 }
1073 memcpy(src, buf, size);
1074 /* no need to compute the CRC */
1075 src[size] = 0;
1076 src[size + 1] = 0;
1077 src[size + 2] = 0;
1078 src[size + 3] = 0;
1079 size += 4;
1080 } else if (s->looptest == PCNET_LOOPTEST_CRC ||
1081 !CSR_DXMTFCS(s) || size < MIN_BUF_SIZE+4) {
1082 uint32_t fcs = ~0;
1083 uint8_t *p = src;
1084
1085 while (p != &src[size])
1086 CRC(fcs, *p++);
1087 *(uint32_t *)p = htonl(fcs);
1088 size += 4;
1089 } else {
1090 uint32_t fcs = ~0;
1091 uint8_t *p = src;
1092
1093 while (p != &src[size])
1094 CRC(fcs, *p++);
1095 crc_err = (*(uint32_t *)p != htonl(fcs));
1096 }
1097
1098 #ifdef PCNET_DEBUG_MATCH
1099 PRINT_PKTHDR(buf);
1100 #endif
1101
1102 RMDLOAD(&rmd, PHYSADDR(s,crda));
1103 /*if (!CSR_LAPPEN(s))*/
1104 SET_FIELD(&rmd.status, RMDS, STP, 1);
1105
1106 #define PCNET_RECV_STORE() do { \
1107 int count = MIN(4096 - GET_FIELD(rmd.buf_length, RMDL, BCNT),remaining); \
1108 hwaddr rbadr = PHYSADDR(s, rmd.rbadr); \
1109 s->phys_mem_write(s->dma_opaque, rbadr, src, count, CSR_BSWP(s)); \
1110 src += count; remaining -= count; \
1111 SET_FIELD(&rmd.status, RMDS, OWN, 0); \
1112 RMDSTORE(&rmd, PHYSADDR(s,crda)); \
1113 pktcount++; \
1114 } while (0)
1115
1116 remaining = size;
1117 PCNET_RECV_STORE();
1118 if ((remaining > 0) && CSR_NRDA(s)) {
1119 hwaddr nrda = CSR_NRDA(s);
1120 #ifdef PCNET_DEBUG_RMD
1121 PRINT_RMD(&rmd);
1122 #endif
1123 RMDLOAD(&rmd, PHYSADDR(s,nrda));
1124 if (GET_FIELD(rmd.status, RMDS, OWN)) {
1125 crda = nrda;
1126 PCNET_RECV_STORE();
1127 #ifdef PCNET_DEBUG_RMD
1128 PRINT_RMD(&rmd);
1129 #endif
1130 if ((remaining > 0) && (nrda=CSR_NNRD(s))) {
1131 RMDLOAD(&rmd, PHYSADDR(s,nrda));
1132 if (GET_FIELD(rmd.status, RMDS, OWN)) {
1133 crda = nrda;
1134 PCNET_RECV_STORE();
1135 }
1136 }
1137 }
1138 }
1139
1140 #undef PCNET_RECV_STORE
1141
1142 RMDLOAD(&rmd, PHYSADDR(s,crda));
1143 if (remaining == 0) {
1144 SET_FIELD(&rmd.msg_length, RMDM, MCNT, size);
1145 SET_FIELD(&rmd.status, RMDS, ENP, 1);
1146 SET_FIELD(&rmd.status, RMDS, PAM, !CSR_PROM(s) && is_padr);
1147 SET_FIELD(&rmd.status, RMDS, LFAM, !CSR_PROM(s) && is_ladr);
1148 SET_FIELD(&rmd.status, RMDS, BAM, !CSR_PROM(s) && is_bcast);
1149 if (crc_err) {
1150 SET_FIELD(&rmd.status, RMDS, CRC, 1);
1151 SET_FIELD(&rmd.status, RMDS, ERR, 1);
1152 }
1153 } else {
1154 SET_FIELD(&rmd.status, RMDS, OFLO, 1);
1155 SET_FIELD(&rmd.status, RMDS, BUFF, 1);
1156 SET_FIELD(&rmd.status, RMDS, ERR, 1);
1157 }
1158 RMDSTORE(&rmd, PHYSADDR(s,crda));
1159 s->csr[0] |= 0x0400;
1160
1161 #ifdef PCNET_DEBUG
1162 printf("RCVRC=%d CRDA=0x%08x BLKS=%d\n",
1163 CSR_RCVRC(s), PHYSADDR(s,CSR_CRDA(s)), pktcount);
1164 #endif
1165 #ifdef PCNET_DEBUG_RMD
1166 PRINT_RMD(&rmd);
1167 #endif
1168
1169 while (pktcount--) {
1170 if (CSR_RCVRC(s) <= 1)
1171 CSR_RCVRC(s) = CSR_RCVRL(s);
1172 else
1173 CSR_RCVRC(s)--;
1174 }
1175
1176 pcnet_rdte_poll(s);
1177
1178 }
1179 }
1180
1181 pcnet_poll(s);
1182 pcnet_update_irq(s);
1183
1184 return size_;
1185 }
1186
1187 void pcnet_set_link_status(NetClientState *nc)
1188 {
1189 PCNetState *d = qemu_get_nic_opaque(nc);
1190
1191 d->lnkst = nc->link_down ? 0 : 0x40;
1192 }
1193
1194 static void pcnet_transmit(PCNetState *s)
1195 {
1196 hwaddr xmit_cxda = 0;
1197 int count = CSR_XMTRL(s)-1;
1198 int add_crc = 0;
1199 int bcnt;
1200 s->xmit_pos = -1;
1201
1202 if (!CSR_TXON(s)) {
1203 s->csr[0] &= ~0x0008;
1204 return;
1205 }
1206
1207 s->tx_busy = 1;
1208
1209 txagain:
1210 if (pcnet_tdte_poll(s)) {
1211 struct pcnet_TMD tmd;
1212
1213 TMDLOAD(&tmd, PHYSADDR(s,CSR_CXDA(s)));
1214
1215 #ifdef PCNET_DEBUG_TMD
1216 printf(" TMDLOAD 0x%08x\n", PHYSADDR(s,CSR_CXDA(s)));
1217 PRINT_TMD(&tmd);
1218 #endif
1219 if (GET_FIELD(tmd.status, TMDS, STP)) {
1220 s->xmit_pos = 0;
1221 xmit_cxda = PHYSADDR(s,CSR_CXDA(s));
1222 if (BCR_SWSTYLE(s) != 1)
1223 add_crc = GET_FIELD(tmd.status, TMDS, ADDFCS);
1224 }
1225 if (s->lnkst == 0 &&
1226 (!CSR_LOOP(s) || (!CSR_INTL(s) && !BCR_TMAULOOP(s)))) {
1227 SET_FIELD(&tmd.misc, TMDM, LCAR, 1);
1228 SET_FIELD(&tmd.status, TMDS, ERR, 1);
1229 SET_FIELD(&tmd.status, TMDS, OWN, 0);
1230 s->csr[0] |= 0xa000; /* ERR | CERR */
1231 s->xmit_pos = -1;
1232 goto txdone;
1233 }
1234
1235 if (s->xmit_pos < 0) {
1236 goto txdone;
1237 }
1238
1239 bcnt = 4096 - GET_FIELD(tmd.length, TMDL, BCNT);
1240
1241 /* if multi-tmd packet outsizes s->buffer then skip it silently.
1242 * Note: this is not what real hw does.
1243 * Last four bytes of s->buffer are used to store CRC FCS code.
1244 */
1245 if (s->xmit_pos + bcnt > sizeof(s->buffer) - 4) {
1246 s->xmit_pos = -1;
1247 goto txdone;
1248 }
1249
1250 s->phys_mem_read(s->dma_opaque, PHYSADDR(s, tmd.tbadr),
1251 s->buffer + s->xmit_pos, bcnt, CSR_BSWP(s));
1252 s->xmit_pos += bcnt;
1253
1254 if (!GET_FIELD(tmd.status, TMDS, ENP)) {
1255 goto txdone;
1256 }
1257
1258 #ifdef PCNET_DEBUG
1259 printf("pcnet_transmit size=%d\n", s->xmit_pos);
1260 #endif
1261 if (CSR_LOOP(s)) {
1262 if (BCR_SWSTYLE(s) == 1)
1263 add_crc = !GET_FIELD(tmd.status, TMDS, NOFCS);
1264 s->looptest = add_crc ? PCNET_LOOPTEST_CRC : PCNET_LOOPTEST_NOCRC;
1265 pcnet_receive(qemu_get_queue(s->nic), s->buffer, s->xmit_pos);
1266 s->looptest = 0;
1267 } else {
1268 if (s->nic) {
1269 qemu_send_packet(qemu_get_queue(s->nic), s->buffer,
1270 s->xmit_pos);
1271 }
1272 }
1273
1274 s->csr[0] &= ~0x0008; /* clear TDMD */
1275 s->csr[4] |= 0x0004; /* set TXSTRT */
1276 s->xmit_pos = -1;
1277
1278 txdone:
1279 SET_FIELD(&tmd.status, TMDS, OWN, 0);
1280 TMDSTORE(&tmd, PHYSADDR(s,CSR_CXDA(s)));
1281 if (!CSR_TOKINTD(s) || (CSR_LTINTEN(s) && GET_FIELD(tmd.status, TMDS, LTINT)))
1282 s->csr[0] |= 0x0200; /* set TINT */
1283
1284 if (CSR_XMTRC(s)<=1)
1285 CSR_XMTRC(s) = CSR_XMTRL(s);
1286 else
1287 CSR_XMTRC(s)--;
1288 if (count--)
1289 goto txagain;
1290
1291 } else
1292 if (s->xmit_pos >= 0) {
1293 struct pcnet_TMD tmd;
1294 TMDLOAD(&tmd, xmit_cxda);
1295 SET_FIELD(&tmd.misc, TMDM, BUFF, 1);
1296 SET_FIELD(&tmd.misc, TMDM, UFLO, 1);
1297 SET_FIELD(&tmd.status, TMDS, ERR, 1);
1298 SET_FIELD(&tmd.status, TMDS, OWN, 0);
1299 TMDSTORE(&tmd, xmit_cxda);
1300 s->csr[0] |= 0x0200; /* set TINT */
1301 if (!CSR_DXSUFLO(s)) {
1302 s->csr[0] &= ~0x0010;
1303 } else
1304 if (count--)
1305 goto txagain;
1306 }
1307
1308 s->tx_busy = 0;
1309 }
1310
1311 static void pcnet_poll(PCNetState *s)
1312 {
1313 if (CSR_RXON(s)) {
1314 pcnet_rdte_poll(s);
1315 }
1316
1317 if (CSR_TDMD(s) ||
1318 (CSR_TXON(s) && !CSR_DPOLL(s) && pcnet_tdte_poll(s)))
1319 {
1320 /* prevent recursion */
1321 if (s->tx_busy)
1322 return;
1323
1324 pcnet_transmit(s);
1325 }
1326 }
1327
1328 static void pcnet_poll_timer(void *opaque)
1329 {
1330 PCNetState *s = opaque;
1331
1332 timer_del(s->poll_timer);
1333
1334 if (CSR_TDMD(s)) {
1335 pcnet_transmit(s);
1336 }
1337
1338 pcnet_update_irq(s);
1339
1340 if (!CSR_STOP(s) && !CSR_SPND(s) && !CSR_DPOLL(s)) {
1341 uint64_t now = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) * 33;
1342 if (!s->timer || !now)
1343 s->timer = now;
1344 else {
1345 uint64_t t = now - s->timer + CSR_POLL(s);
1346 if (t > 0xffffLL) {
1347 pcnet_poll(s);
1348 CSR_POLL(s) = CSR_PINT(s);
1349 } else
1350 CSR_POLL(s) = t;
1351 }
1352 timer_mod(s->poll_timer,
1353 pcnet_get_next_poll_time(s,qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL)));
1354 }
1355 }
1356
1357
1358 static void pcnet_csr_writew(PCNetState *s, uint32_t rap, uint32_t new_value)
1359 {
1360 uint16_t val = new_value;
1361 #ifdef PCNET_DEBUG_CSR
1362 printf("pcnet_csr_writew rap=%d val=0x%04x\n", rap, val);
1363 #endif
1364 switch (rap) {
1365 case 0:
1366 s->csr[0] &= ~(val & 0x7f00); /* Clear any interrupt flags */
1367
1368 s->csr[0] = (s->csr[0] & ~0x0040) | (val & 0x0048);
1369
1370 val = (val & 0x007f) | (s->csr[0] & 0x7f00);
1371
1372 /* IFF STOP, STRT and INIT are set, clear STRT and INIT */
1373 if ((val&7) == 7)
1374 val &= ~3;
1375
1376 if (!CSR_STOP(s) && (val & 4))
1377 pcnet_stop(s);
1378
1379 if (!CSR_INIT(s) && (val & 1))
1380 pcnet_init(s);
1381
1382 if (!CSR_STRT(s) && (val & 2))
1383 pcnet_start(s);
1384
1385 if (CSR_TDMD(s))
1386 pcnet_transmit(s);
1387
1388 return;
1389 case 1:
1390 case 2:
1391 case 8:
1392 case 9:
1393 case 10:
1394 case 11:
1395 case 12:
1396 case 13:
1397 case 14:
1398 case 15:
1399 case 18: /* CRBAL */
1400 case 19: /* CRBAU */
1401 case 20: /* CXBAL */
1402 case 21: /* CXBAU */
1403 case 22: /* NRBAU */
1404 case 23: /* NRBAU */
1405 case 24:
1406 case 25:
1407 case 26:
1408 case 27:
1409 case 28:
1410 case 29:
1411 case 30:
1412 case 31:
1413 case 32:
1414 case 33:
1415 case 34:
1416 case 35:
1417 case 36:
1418 case 37:
1419 case 38:
1420 case 39:
1421 case 40: /* CRBC */
1422 case 41:
1423 case 42: /* CXBC */
1424 case 43:
1425 case 44:
1426 case 45:
1427 case 46: /* POLL */
1428 case 47: /* POLLINT */
1429 case 72:
1430 case 74:
1431 case 76: /* RCVRL */
1432 case 78: /* XMTRL */
1433 case 112:
1434 if (CSR_STOP(s) || CSR_SPND(s))
1435 break;
1436 return;
1437 case 3:
1438 break;
1439 case 4:
1440 s->csr[4] &= ~(val & 0x026a);
1441 val &= ~0x026a; val |= s->csr[4] & 0x026a;
1442 break;
1443 case 5:
1444 s->csr[5] &= ~(val & 0x0a90);
1445 val &= ~0x0a90; val |= s->csr[5] & 0x0a90;
1446 break;
1447 case 16:
1448 pcnet_csr_writew(s,1,val);
1449 return;
1450 case 17:
1451 pcnet_csr_writew(s,2,val);
1452 return;
1453 case 58:
1454 pcnet_bcr_writew(s,BCR_SWS,val);
1455 break;
1456 default:
1457 return;
1458 }
1459 s->csr[rap] = val;
1460 }
1461
1462 static uint32_t pcnet_csr_readw(PCNetState *s, uint32_t rap)
1463 {
1464 uint32_t val;
1465 switch (rap) {
1466 case 0:
1467 pcnet_update_irq(s);
1468 val = s->csr[0];
1469 val |= (val & 0x7800) ? 0x8000 : 0;
1470 break;
1471 case 16:
1472 return pcnet_csr_readw(s,1);
1473 case 17:
1474 return pcnet_csr_readw(s,2);
1475 case 58:
1476 return pcnet_bcr_readw(s,BCR_SWS);
1477 case 88:
1478 val = s->csr[89];
1479 val <<= 16;
1480 val |= s->csr[88];
1481 break;
1482 default:
1483 val = s->csr[rap];
1484 }
1485 #ifdef PCNET_DEBUG_CSR
1486 printf("pcnet_csr_readw rap=%d val=0x%04x\n", rap, val);
1487 #endif
1488 return val;
1489 }
1490
1491 static void pcnet_bcr_writew(PCNetState *s, uint32_t rap, uint32_t val)
1492 {
1493 rap &= 127;
1494 #ifdef PCNET_DEBUG_BCR
1495 printf("pcnet_bcr_writew rap=%d val=0x%04x\n", rap, val);
1496 #endif
1497 switch (rap) {
1498 case BCR_SWS:
1499 if (!(CSR_STOP(s) || CSR_SPND(s)))
1500 return;
1501 val &= ~0x0300;
1502 switch (val & 0x00ff) {
1503 case 0:
1504 val |= 0x0200;
1505 break;
1506 case 1:
1507 val |= 0x0100;
1508 break;
1509 case 2:
1510 case 3:
1511 val |= 0x0300;
1512 break;
1513 default:
1514 printf("Bad SWSTYLE=0x%02x\n", val & 0xff);
1515 val = 0x0200;
1516 break;
1517 }
1518 #ifdef PCNET_DEBUG
1519 printf("BCR_SWS=0x%04x\n", val);
1520 #endif
1521 /* fall through */
1522 case BCR_LNKST:
1523 case BCR_LED1:
1524 case BCR_LED2:
1525 case BCR_LED3:
1526 case BCR_MC:
1527 case BCR_FDC:
1528 case BCR_BSBC:
1529 case BCR_EECAS:
1530 case BCR_PLAT:
1531 s->bcr[rap] = val;
1532 break;
1533 default:
1534 break;
1535 }
1536 }
1537
1538 uint32_t pcnet_bcr_readw(PCNetState *s, uint32_t rap)
1539 {
1540 uint32_t val;
1541 rap &= 127;
1542 switch (rap) {
1543 case BCR_LNKST:
1544 case BCR_LED1:
1545 case BCR_LED2:
1546 case BCR_LED3:
1547 val = s->bcr[rap] & ~0x8000;
1548 val |= (val & 0x017f & s->lnkst) ? 0x8000 : 0;
1549 break;
1550 default:
1551 val = rap < 32 ? s->bcr[rap] : 0;
1552 break;
1553 }
1554 #ifdef PCNET_DEBUG_BCR
1555 printf("pcnet_bcr_readw rap=%d val=0x%04x\n", rap, val);
1556 #endif
1557 return val;
1558 }
1559
1560 void pcnet_h_reset(void *opaque)
1561 {
1562 PCNetState *s = opaque;
1563
1564 s->bcr[BCR_MSRDA] = 0x0005;
1565 s->bcr[BCR_MSWRA] = 0x0005;
1566 s->bcr[BCR_MC ] = 0x0002;
1567 s->bcr[BCR_LNKST] = 0x00c0;
1568 s->bcr[BCR_LED1 ] = 0x0084;
1569 s->bcr[BCR_LED2 ] = 0x0088;
1570 s->bcr[BCR_LED3 ] = 0x0090;
1571 s->bcr[BCR_FDC ] = 0x0000;
1572 s->bcr[BCR_BSBC ] = 0x9001;
1573 s->bcr[BCR_EECAS] = 0x0002;
1574 s->bcr[BCR_SWS ] = 0x0200;
1575 s->bcr[BCR_PLAT ] = 0xff06;
1576
1577 pcnet_s_reset(s);
1578 pcnet_update_irq(s);
1579 pcnet_poll_timer(s);
1580 }
1581
1582 void pcnet_ioport_writew(void *opaque, uint32_t addr, uint32_t val)
1583 {
1584 PCNetState *s = opaque;
1585 pcnet_poll_timer(s);
1586 #ifdef PCNET_DEBUG_IO
1587 printf("pcnet_ioport_writew addr=0x%08x val=0x%04x\n", addr, val);
1588 #endif
1589 if (!BCR_DWIO(s)) {
1590 switch (addr & 0x0f) {
1591 case 0x00: /* RDP */
1592 pcnet_csr_writew(s, s->rap, val);
1593 break;
1594 case 0x02:
1595 s->rap = val & 0x7f;
1596 break;
1597 case 0x06:
1598 pcnet_bcr_writew(s, s->rap, val);
1599 break;
1600 }
1601 }
1602 pcnet_update_irq(s);
1603 }
1604
1605 uint32_t pcnet_ioport_readw(void *opaque, uint32_t addr)
1606 {
1607 PCNetState *s = opaque;
1608 uint32_t val = -1;
1609 pcnet_poll_timer(s);
1610 if (!BCR_DWIO(s)) {
1611 switch (addr & 0x0f) {
1612 case 0x00: /* RDP */
1613 val = pcnet_csr_readw(s, s->rap);
1614 break;
1615 case 0x02:
1616 val = s->rap;
1617 break;
1618 case 0x04:
1619 pcnet_s_reset(s);
1620 val = 0;
1621 break;
1622 case 0x06:
1623 val = pcnet_bcr_readw(s, s->rap);
1624 break;
1625 }
1626 }
1627 pcnet_update_irq(s);
1628 #ifdef PCNET_DEBUG_IO
1629 printf("pcnet_ioport_readw addr=0x%08x val=0x%04x\n", addr, val & 0xffff);
1630 #endif
1631 return val;
1632 }
1633
1634 void pcnet_ioport_writel(void *opaque, uint32_t addr, uint32_t val)
1635 {
1636 PCNetState *s = opaque;
1637 pcnet_poll_timer(s);
1638 #ifdef PCNET_DEBUG_IO
1639 printf("pcnet_ioport_writel addr=0x%08x val=0x%08x\n", addr, val);
1640 #endif
1641 if (BCR_DWIO(s)) {
1642 switch (addr & 0x0f) {
1643 case 0x00: /* RDP */
1644 pcnet_csr_writew(s, s->rap, val & 0xffff);
1645 break;
1646 case 0x04:
1647 s->rap = val & 0x7f;
1648 break;
1649 case 0x0c:
1650 pcnet_bcr_writew(s, s->rap, val & 0xffff);
1651 break;
1652 }
1653 } else
1654 if ((addr & 0x0f) == 0) {
1655 /* switch device to dword i/o mode */
1656 pcnet_bcr_writew(s, BCR_BSBC, pcnet_bcr_readw(s, BCR_BSBC) | 0x0080);
1657 #ifdef PCNET_DEBUG_IO
1658 printf("device switched into dword i/o mode\n");
1659 #endif
1660 }
1661 pcnet_update_irq(s);
1662 }
1663
1664 uint32_t pcnet_ioport_readl(void *opaque, uint32_t addr)
1665 {
1666 PCNetState *s = opaque;
1667 uint32_t val = -1;
1668 pcnet_poll_timer(s);
1669 if (BCR_DWIO(s)) {
1670 switch (addr & 0x0f) {
1671 case 0x00: /* RDP */
1672 val = pcnet_csr_readw(s, s->rap);
1673 break;
1674 case 0x04:
1675 val = s->rap;
1676 break;
1677 case 0x08:
1678 pcnet_s_reset(s);
1679 val = 0;
1680 break;
1681 case 0x0c:
1682 val = pcnet_bcr_readw(s, s->rap);
1683 break;
1684 }
1685 }
1686 pcnet_update_irq(s);
1687 #ifdef PCNET_DEBUG_IO
1688 printf("pcnet_ioport_readl addr=0x%08x val=0x%08x\n", addr, val);
1689 #endif
1690 return val;
1691 }
1692
1693 static bool is_version_2(void *opaque, int version_id)
1694 {
1695 return version_id == 2;
1696 }
1697
1698 const VMStateDescription vmstate_pcnet = {
1699 .name = "pcnet",
1700 .version_id = 3,
1701 .minimum_version_id = 2,
1702 .fields = (VMStateField[]) {
1703 VMSTATE_INT32(rap, PCNetState),
1704 VMSTATE_INT32(isr, PCNetState),
1705 VMSTATE_INT32(lnkst, PCNetState),
1706 VMSTATE_UINT32(rdra, PCNetState),
1707 VMSTATE_UINT32(tdra, PCNetState),
1708 VMSTATE_BUFFER(prom, PCNetState),
1709 VMSTATE_UINT16_ARRAY(csr, PCNetState, 128),
1710 VMSTATE_UINT16_ARRAY(bcr, PCNetState, 32),
1711 VMSTATE_UINT64(timer, PCNetState),
1712 VMSTATE_INT32(xmit_pos, PCNetState),
1713 VMSTATE_BUFFER(buffer, PCNetState),
1714 VMSTATE_UNUSED_TEST(is_version_2, 4),
1715 VMSTATE_INT32(tx_busy, PCNetState),
1716 VMSTATE_TIMER_PTR(poll_timer, PCNetState),
1717 VMSTATE_END_OF_LIST()
1718 }
1719 };
1720
1721 void pcnet_common_init(DeviceState *dev, PCNetState *s, NetClientInfo *info)
1722 {
1723 int i;
1724 uint16_t checksum;
1725
1726 s->poll_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, pcnet_poll_timer, s);
1727
1728 qemu_macaddr_default_if_unset(&s->conf.macaddr);
1729 s->nic = qemu_new_nic(info, &s->conf, object_get_typename(OBJECT(dev)), dev->id, s);
1730 qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a);
1731
1732 /* Initialize the PROM */
1733
1734 /*
1735 Datasheet: http://pdfdata.datasheetsite.com/web/24528/AM79C970A.pdf
1736 page 95
1737 */
1738 memcpy(s->prom, s->conf.macaddr.a, 6);
1739 /* Reserved Location: must be 00h */
1740 s->prom[6] = s->prom[7] = 0x00;
1741 /* Reserved Location: must be 00h */
1742 s->prom[8] = 0x00;
1743 /* Hardware ID: must be 11h if compatibility to AMD drivers is desired */
1744 s->prom[9] = 0x11;
1745 /* User programmable space, init with 0 */
1746 s->prom[10] = s->prom[11] = 0x00;
1747 /* LSByte of two-byte checksum, which is the sum of bytes 00h-0Bh
1748 and bytes 0Eh and 0Fh, must therefore be initialized with 0! */
1749 s->prom[12] = s->prom[13] = 0x00;
1750 /* Must be ASCII W (57h) if compatibility to AMD
1751 driver software is desired */
1752 s->prom[14] = s->prom[15] = 0x57;
1753
1754 for (i = 0, checksum = 0; i < 16; i++) {
1755 checksum += s->prom[i];
1756 }
1757 *(uint16_t *)&s->prom[12] = cpu_to_le16(checksum);
1758
1759 s->lnkst = 0x40; /* initial link state: up */
1760 }