net: pcnet: add check to validate receive data size(CVE-2015-7504)
[qemu.git] / hw / net / pcnet.c
1 /*
2 * QEMU AMD PC-Net II (Am79C970A) emulation
3 *
4 * Copyright (c) 2004 Antony T Curtis
5 *
6 * Permission is hereby granted, free of charge, to any person obtaining a copy
7 * of this software and associated documentation files (the "Software"), to deal
8 * in the Software without restriction, including without limitation the rights
9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
10 * copies of the Software, and to permit persons to whom the Software is
11 * furnished to do so, subject to the following conditions:
12 *
13 * The above copyright notice and this permission notice shall be included in
14 * all copies or substantial portions of the Software.
15 *
16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
19 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
22 * THE SOFTWARE.
23 */
24
25 /* This software was written to be compatible with the specification:
26 * AMD Am79C970A PCnet-PCI II Ethernet Controller Data-Sheet
27 * AMD Publication# 19436 Rev:E Amendment/0 Issue Date: June 2000
28 */
29
30 /*
31 * On Sparc32, this is the Lance (Am7990) part of chip STP2000 (Master I/O), also
32 * produced as NCR89C100. See
33 * http://www.ibiblio.org/pub/historic-linux/early-ports/Sparc/NCR/NCR89C100.txt
34 * and
35 * http://www.ibiblio.org/pub/historic-linux/early-ports/Sparc/NCR/NCR92C990.txt
36 */
37
38 #include "hw/qdev.h"
39 #include "net/net.h"
40 #include "qemu/timer.h"
41 #include "qemu/sockets.h"
42 #include "sysemu/sysemu.h"
43 #include "trace.h"
44
45 #include "pcnet.h"
46
47 //#define PCNET_DEBUG
48 //#define PCNET_DEBUG_IO
49 //#define PCNET_DEBUG_BCR
50 //#define PCNET_DEBUG_CSR
51 //#define PCNET_DEBUG_RMD
52 //#define PCNET_DEBUG_TMD
53 //#define PCNET_DEBUG_MATCH
54
55
56 struct qemu_ether_header {
57 uint8_t ether_dhost[6];
58 uint8_t ether_shost[6];
59 uint16_t ether_type;
60 };
61
62 #define CSR_INIT(S) !!(((S)->csr[0])&0x0001)
63 #define CSR_STRT(S) !!(((S)->csr[0])&0x0002)
64 #define CSR_STOP(S) !!(((S)->csr[0])&0x0004)
65 #define CSR_TDMD(S) !!(((S)->csr[0])&0x0008)
66 #define CSR_TXON(S) !!(((S)->csr[0])&0x0010)
67 #define CSR_RXON(S) !!(((S)->csr[0])&0x0020)
68 #define CSR_INEA(S) !!(((S)->csr[0])&0x0040)
69 #define CSR_BSWP(S) !!(((S)->csr[3])&0x0004)
70 #define CSR_LAPPEN(S) !!(((S)->csr[3])&0x0020)
71 #define CSR_DXSUFLO(S) !!(((S)->csr[3])&0x0040)
72 #define CSR_ASTRP_RCV(S) !!(((S)->csr[4])&0x0800)
73 #define CSR_DPOLL(S) !!(((S)->csr[4])&0x1000)
74 #define CSR_SPND(S) !!(((S)->csr[5])&0x0001)
75 #define CSR_LTINTEN(S) !!(((S)->csr[5])&0x4000)
76 #define CSR_TOKINTD(S) !!(((S)->csr[5])&0x8000)
77 #define CSR_DRX(S) !!(((S)->csr[15])&0x0001)
78 #define CSR_DTX(S) !!(((S)->csr[15])&0x0002)
79 #define CSR_LOOP(S) !!(((S)->csr[15])&0x0004)
80 #define CSR_DXMTFCS(S) !!(((S)->csr[15])&0x0008)
81 #define CSR_INTL(S) !!(((S)->csr[15])&0x0040)
82 #define CSR_DRCVPA(S) !!(((S)->csr[15])&0x2000)
83 #define CSR_DRCVBC(S) !!(((S)->csr[15])&0x4000)
84 #define CSR_PROM(S) !!(((S)->csr[15])&0x8000)
85
86 #define CSR_CRBC(S) ((S)->csr[40])
87 #define CSR_CRST(S) ((S)->csr[41])
88 #define CSR_CXBC(S) ((S)->csr[42])
89 #define CSR_CXST(S) ((S)->csr[43])
90 #define CSR_NRBC(S) ((S)->csr[44])
91 #define CSR_NRST(S) ((S)->csr[45])
92 #define CSR_POLL(S) ((S)->csr[46])
93 #define CSR_PINT(S) ((S)->csr[47])
94 #define CSR_RCVRC(S) ((S)->csr[72])
95 #define CSR_XMTRC(S) ((S)->csr[74])
96 #define CSR_RCVRL(S) ((S)->csr[76])
97 #define CSR_XMTRL(S) ((S)->csr[78])
98 #define CSR_MISSC(S) ((S)->csr[112])
99
100 #define CSR_IADR(S) ((S)->csr[ 1] | ((uint32_t)(S)->csr[ 2] << 16))
101 #define CSR_CRBA(S) ((S)->csr[18] | ((uint32_t)(S)->csr[19] << 16))
102 #define CSR_CXBA(S) ((S)->csr[20] | ((uint32_t)(S)->csr[21] << 16))
103 #define CSR_NRBA(S) ((S)->csr[22] | ((uint32_t)(S)->csr[23] << 16))
104 #define CSR_BADR(S) ((S)->csr[24] | ((uint32_t)(S)->csr[25] << 16))
105 #define CSR_NRDA(S) ((S)->csr[26] | ((uint32_t)(S)->csr[27] << 16))
106 #define CSR_CRDA(S) ((S)->csr[28] | ((uint32_t)(S)->csr[29] << 16))
107 #define CSR_BADX(S) ((S)->csr[30] | ((uint32_t)(S)->csr[31] << 16))
108 #define CSR_NXDA(S) ((S)->csr[32] | ((uint32_t)(S)->csr[33] << 16))
109 #define CSR_CXDA(S) ((S)->csr[34] | ((uint32_t)(S)->csr[35] << 16))
110 #define CSR_NNRD(S) ((S)->csr[36] | ((uint32_t)(S)->csr[37] << 16))
111 #define CSR_NNXD(S) ((S)->csr[38] | ((uint32_t)(S)->csr[39] << 16))
112 #define CSR_PXDA(S) ((S)->csr[60] | ((uint32_t)(S)->csr[61] << 16))
113 #define CSR_NXBA(S) ((S)->csr[64] | ((uint32_t)(S)->csr[65] << 16))
114
115 #define PHYSADDR(S,A) \
116 (BCR_SSIZE32(S) ? (A) : (A) | ((0xff00 & (uint32_t)(S)->csr[2])<<16))
117
118 struct pcnet_initblk16 {
119 uint16_t mode;
120 uint16_t padr[3];
121 uint16_t ladrf[4];
122 uint32_t rdra;
123 uint32_t tdra;
124 };
125
126 struct pcnet_initblk32 {
127 uint16_t mode;
128 uint8_t rlen;
129 uint8_t tlen;
130 uint16_t padr[3];
131 uint16_t _res;
132 uint16_t ladrf[4];
133 uint32_t rdra;
134 uint32_t tdra;
135 };
136
137 struct pcnet_TMD {
138 uint32_t tbadr;
139 int16_t length;
140 int16_t status;
141 uint32_t misc;
142 uint32_t res;
143 };
144
145 #define TMDL_BCNT_MASK 0x0fff
146 #define TMDL_BCNT_SH 0
147 #define TMDL_ONES_MASK 0xf000
148 #define TMDL_ONES_SH 12
149
150 #define TMDS_BPE_MASK 0x0080
151 #define TMDS_BPE_SH 7
152 #define TMDS_ENP_MASK 0x0100
153 #define TMDS_ENP_SH 8
154 #define TMDS_STP_MASK 0x0200
155 #define TMDS_STP_SH 9
156 #define TMDS_DEF_MASK 0x0400
157 #define TMDS_DEF_SH 10
158 #define TMDS_ONE_MASK 0x0800
159 #define TMDS_ONE_SH 11
160 #define TMDS_LTINT_MASK 0x1000
161 #define TMDS_LTINT_SH 12
162 #define TMDS_NOFCS_MASK 0x2000
163 #define TMDS_NOFCS_SH 13
164 #define TMDS_ADDFCS_MASK TMDS_NOFCS_MASK
165 #define TMDS_ADDFCS_SH TMDS_NOFCS_SH
166 #define TMDS_ERR_MASK 0x4000
167 #define TMDS_ERR_SH 14
168 #define TMDS_OWN_MASK 0x8000
169 #define TMDS_OWN_SH 15
170
171 #define TMDM_TRC_MASK 0x0000000f
172 #define TMDM_TRC_SH 0
173 #define TMDM_TDR_MASK 0x03ff0000
174 #define TMDM_TDR_SH 16
175 #define TMDM_RTRY_MASK 0x04000000
176 #define TMDM_RTRY_SH 26
177 #define TMDM_LCAR_MASK 0x08000000
178 #define TMDM_LCAR_SH 27
179 #define TMDM_LCOL_MASK 0x10000000
180 #define TMDM_LCOL_SH 28
181 #define TMDM_EXDEF_MASK 0x20000000
182 #define TMDM_EXDEF_SH 29
183 #define TMDM_UFLO_MASK 0x40000000
184 #define TMDM_UFLO_SH 30
185 #define TMDM_BUFF_MASK 0x80000000
186 #define TMDM_BUFF_SH 31
187
188 struct pcnet_RMD {
189 uint32_t rbadr;
190 int16_t buf_length;
191 int16_t status;
192 uint32_t msg_length;
193 uint32_t res;
194 };
195
196 #define RMDL_BCNT_MASK 0x0fff
197 #define RMDL_BCNT_SH 0
198 #define RMDL_ONES_MASK 0xf000
199 #define RMDL_ONES_SH 12
200
201 #define RMDS_BAM_MASK 0x0010
202 #define RMDS_BAM_SH 4
203 #define RMDS_LFAM_MASK 0x0020
204 #define RMDS_LFAM_SH 5
205 #define RMDS_PAM_MASK 0x0040
206 #define RMDS_PAM_SH 6
207 #define RMDS_BPE_MASK 0x0080
208 #define RMDS_BPE_SH 7
209 #define RMDS_ENP_MASK 0x0100
210 #define RMDS_ENP_SH 8
211 #define RMDS_STP_MASK 0x0200
212 #define RMDS_STP_SH 9
213 #define RMDS_BUFF_MASK 0x0400
214 #define RMDS_BUFF_SH 10
215 #define RMDS_CRC_MASK 0x0800
216 #define RMDS_CRC_SH 11
217 #define RMDS_OFLO_MASK 0x1000
218 #define RMDS_OFLO_SH 12
219 #define RMDS_FRAM_MASK 0x2000
220 #define RMDS_FRAM_SH 13
221 #define RMDS_ERR_MASK 0x4000
222 #define RMDS_ERR_SH 14
223 #define RMDS_OWN_MASK 0x8000
224 #define RMDS_OWN_SH 15
225
226 #define RMDM_MCNT_MASK 0x00000fff
227 #define RMDM_MCNT_SH 0
228 #define RMDM_ZEROS_MASK 0x0000f000
229 #define RMDM_ZEROS_SH 12
230 #define RMDM_RPC_MASK 0x00ff0000
231 #define RMDM_RPC_SH 16
232 #define RMDM_RCC_MASK 0xff000000
233 #define RMDM_RCC_SH 24
234
235 #define SET_FIELD(regp, name, field, value) \
236 (*(regp) = (*(regp) & ~(name ## _ ## field ## _MASK)) \
237 | ((value) << name ## _ ## field ## _SH))
238
239 #define GET_FIELD(reg, name, field) \
240 (((reg) & name ## _ ## field ## _MASK) >> name ## _ ## field ## _SH)
241
242 #define PRINT_TMD(T) printf( \
243 "TMD0 : TBADR=0x%08x\n" \
244 "TMD1 : OWN=%d, ERR=%d, FCS=%d, LTI=%d, " \
245 "ONE=%d, DEF=%d, STP=%d, ENP=%d,\n" \
246 " BPE=%d, BCNT=%d\n" \
247 "TMD2 : BUF=%d, UFL=%d, EXD=%d, LCO=%d, " \
248 "LCA=%d, RTR=%d,\n" \
249 " TDR=%d, TRC=%d\n", \
250 (T)->tbadr, \
251 GET_FIELD((T)->status, TMDS, OWN), \
252 GET_FIELD((T)->status, TMDS, ERR), \
253 GET_FIELD((T)->status, TMDS, NOFCS), \
254 GET_FIELD((T)->status, TMDS, LTINT), \
255 GET_FIELD((T)->status, TMDS, ONE), \
256 GET_FIELD((T)->status, TMDS, DEF), \
257 GET_FIELD((T)->status, TMDS, STP), \
258 GET_FIELD((T)->status, TMDS, ENP), \
259 GET_FIELD((T)->status, TMDS, BPE), \
260 4096-GET_FIELD((T)->length, TMDL, BCNT), \
261 GET_FIELD((T)->misc, TMDM, BUFF), \
262 GET_FIELD((T)->misc, TMDM, UFLO), \
263 GET_FIELD((T)->misc, TMDM, EXDEF), \
264 GET_FIELD((T)->misc, TMDM, LCOL), \
265 GET_FIELD((T)->misc, TMDM, LCAR), \
266 GET_FIELD((T)->misc, TMDM, RTRY), \
267 GET_FIELD((T)->misc, TMDM, TDR), \
268 GET_FIELD((T)->misc, TMDM, TRC))
269
270 #define PRINT_RMD(R) printf( \
271 "RMD0 : RBADR=0x%08x\n" \
272 "RMD1 : OWN=%d, ERR=%d, FRAM=%d, OFLO=%d, " \
273 "CRC=%d, BUFF=%d, STP=%d, ENP=%d,\n " \
274 "BPE=%d, PAM=%d, LAFM=%d, BAM=%d, ONES=%d, BCNT=%d\n" \
275 "RMD2 : RCC=%d, RPC=%d, MCNT=%d, ZEROS=%d\n", \
276 (R)->rbadr, \
277 GET_FIELD((R)->status, RMDS, OWN), \
278 GET_FIELD((R)->status, RMDS, ERR), \
279 GET_FIELD((R)->status, RMDS, FRAM), \
280 GET_FIELD((R)->status, RMDS, OFLO), \
281 GET_FIELD((R)->status, RMDS, CRC), \
282 GET_FIELD((R)->status, RMDS, BUFF), \
283 GET_FIELD((R)->status, RMDS, STP), \
284 GET_FIELD((R)->status, RMDS, ENP), \
285 GET_FIELD((R)->status, RMDS, BPE), \
286 GET_FIELD((R)->status, RMDS, PAM), \
287 GET_FIELD((R)->status, RMDS, LFAM), \
288 GET_FIELD((R)->status, RMDS, BAM), \
289 GET_FIELD((R)->buf_length, RMDL, ONES), \
290 4096-GET_FIELD((R)->buf_length, RMDL, BCNT), \
291 GET_FIELD((R)->msg_length, RMDM, RCC), \
292 GET_FIELD((R)->msg_length, RMDM, RPC), \
293 GET_FIELD((R)->msg_length, RMDM, MCNT), \
294 GET_FIELD((R)->msg_length, RMDM, ZEROS))
295
296 static inline void pcnet_tmd_load(PCNetState *s, struct pcnet_TMD *tmd,
297 hwaddr addr)
298 {
299 if (!BCR_SSIZE32(s)) {
300 struct {
301 uint32_t tbadr;
302 int16_t length;
303 int16_t status;
304 } xda;
305 s->phys_mem_read(s->dma_opaque, addr, (void *)&xda, sizeof(xda), 0);
306 tmd->tbadr = le32_to_cpu(xda.tbadr) & 0xffffff;
307 tmd->length = le16_to_cpu(xda.length);
308 tmd->status = (le32_to_cpu(xda.tbadr) >> 16) & 0xff00;
309 tmd->misc = le16_to_cpu(xda.status) << 16;
310 tmd->res = 0;
311 } else {
312 s->phys_mem_read(s->dma_opaque, addr, (void *)tmd, sizeof(*tmd), 0);
313 le32_to_cpus(&tmd->tbadr);
314 le16_to_cpus((uint16_t *)&tmd->length);
315 le16_to_cpus((uint16_t *)&tmd->status);
316 le32_to_cpus(&tmd->misc);
317 le32_to_cpus(&tmd->res);
318 if (BCR_SWSTYLE(s) == 3) {
319 uint32_t tmp = tmd->tbadr;
320 tmd->tbadr = tmd->misc;
321 tmd->misc = tmp;
322 }
323 }
324 }
325
326 static inline void pcnet_tmd_store(PCNetState *s, const struct pcnet_TMD *tmd,
327 hwaddr addr)
328 {
329 if (!BCR_SSIZE32(s)) {
330 struct {
331 uint32_t tbadr;
332 int16_t length;
333 int16_t status;
334 } xda;
335 xda.tbadr = cpu_to_le32((tmd->tbadr & 0xffffff) |
336 ((tmd->status & 0xff00) << 16));
337 xda.length = cpu_to_le16(tmd->length);
338 xda.status = cpu_to_le16(tmd->misc >> 16);
339 s->phys_mem_write(s->dma_opaque, addr, (void *)&xda, sizeof(xda), 0);
340 } else {
341 struct {
342 uint32_t tbadr;
343 int16_t length;
344 int16_t status;
345 uint32_t misc;
346 uint32_t res;
347 } xda;
348 xda.tbadr = cpu_to_le32(tmd->tbadr);
349 xda.length = cpu_to_le16(tmd->length);
350 xda.status = cpu_to_le16(tmd->status);
351 xda.misc = cpu_to_le32(tmd->misc);
352 xda.res = cpu_to_le32(tmd->res);
353 if (BCR_SWSTYLE(s) == 3) {
354 uint32_t tmp = xda.tbadr;
355 xda.tbadr = xda.misc;
356 xda.misc = tmp;
357 }
358 s->phys_mem_write(s->dma_opaque, addr, (void *)&xda, sizeof(xda), 0);
359 }
360 }
361
362 static inline void pcnet_rmd_load(PCNetState *s, struct pcnet_RMD *rmd,
363 hwaddr addr)
364 {
365 if (!BCR_SSIZE32(s)) {
366 struct {
367 uint32_t rbadr;
368 int16_t buf_length;
369 int16_t msg_length;
370 } rda;
371 s->phys_mem_read(s->dma_opaque, addr, (void *)&rda, sizeof(rda), 0);
372 rmd->rbadr = le32_to_cpu(rda.rbadr) & 0xffffff;
373 rmd->buf_length = le16_to_cpu(rda.buf_length);
374 rmd->status = (le32_to_cpu(rda.rbadr) >> 16) & 0xff00;
375 rmd->msg_length = le16_to_cpu(rda.msg_length);
376 rmd->res = 0;
377 } else {
378 s->phys_mem_read(s->dma_opaque, addr, (void *)rmd, sizeof(*rmd), 0);
379 le32_to_cpus(&rmd->rbadr);
380 le16_to_cpus((uint16_t *)&rmd->buf_length);
381 le16_to_cpus((uint16_t *)&rmd->status);
382 le32_to_cpus(&rmd->msg_length);
383 le32_to_cpus(&rmd->res);
384 if (BCR_SWSTYLE(s) == 3) {
385 uint32_t tmp = rmd->rbadr;
386 rmd->rbadr = rmd->msg_length;
387 rmd->msg_length = tmp;
388 }
389 }
390 }
391
392 static inline void pcnet_rmd_store(PCNetState *s, struct pcnet_RMD *rmd,
393 hwaddr addr)
394 {
395 if (!BCR_SSIZE32(s)) {
396 struct {
397 uint32_t rbadr;
398 int16_t buf_length;
399 int16_t msg_length;
400 } rda;
401 rda.rbadr = cpu_to_le32((rmd->rbadr & 0xffffff) |
402 ((rmd->status & 0xff00) << 16));
403 rda.buf_length = cpu_to_le16(rmd->buf_length);
404 rda.msg_length = cpu_to_le16(rmd->msg_length);
405 s->phys_mem_write(s->dma_opaque, addr, (void *)&rda, sizeof(rda), 0);
406 } else {
407 struct {
408 uint32_t rbadr;
409 int16_t buf_length;
410 int16_t status;
411 uint32_t msg_length;
412 uint32_t res;
413 } rda;
414 rda.rbadr = cpu_to_le32(rmd->rbadr);
415 rda.buf_length = cpu_to_le16(rmd->buf_length);
416 rda.status = cpu_to_le16(rmd->status);
417 rda.msg_length = cpu_to_le32(rmd->msg_length);
418 rda.res = cpu_to_le32(rmd->res);
419 if (BCR_SWSTYLE(s) == 3) {
420 uint32_t tmp = rda.rbadr;
421 rda.rbadr = rda.msg_length;
422 rda.msg_length = tmp;
423 }
424 s->phys_mem_write(s->dma_opaque, addr, (void *)&rda, sizeof(rda), 0);
425 }
426 }
427
428
429 #define TMDLOAD(TMD,ADDR) pcnet_tmd_load(s,TMD,ADDR)
430
431 #define TMDSTORE(TMD,ADDR) pcnet_tmd_store(s,TMD,ADDR)
432
433 #define RMDLOAD(RMD,ADDR) pcnet_rmd_load(s,RMD,ADDR)
434
435 #define RMDSTORE(RMD,ADDR) pcnet_rmd_store(s,RMD,ADDR)
436
437 #if 1
438
439 #define CHECK_RMD(ADDR,RES) do { \
440 struct pcnet_RMD rmd; \
441 RMDLOAD(&rmd,(ADDR)); \
442 (RES) |= (GET_FIELD(rmd.buf_length, RMDL, ONES) != 15) \
443 || (GET_FIELD(rmd.msg_length, RMDM, ZEROS) != 0); \
444 } while (0)
445
446 #define CHECK_TMD(ADDR,RES) do { \
447 struct pcnet_TMD tmd; \
448 TMDLOAD(&tmd,(ADDR)); \
449 (RES) |= (GET_FIELD(tmd.length, TMDL, ONES) != 15); \
450 } while (0)
451
452 #else
453
454 #define CHECK_RMD(ADDR,RES) do { \
455 switch (BCR_SWSTYLE(s)) { \
456 case 0x00: \
457 do { \
458 uint16_t rda[4]; \
459 s->phys_mem_read(s->dma_opaque, (ADDR), \
460 (void *)&rda[0], sizeof(rda), 0); \
461 (RES) |= (rda[2] & 0xf000)!=0xf000; \
462 (RES) |= (rda[3] & 0xf000)!=0x0000; \
463 } while (0); \
464 break; \
465 case 0x01: \
466 case 0x02: \
467 do { \
468 uint32_t rda[4]; \
469 s->phys_mem_read(s->dma_opaque, (ADDR), \
470 (void *)&rda[0], sizeof(rda), 0); \
471 (RES) |= (rda[1] & 0x0000f000L)!=0x0000f000L; \
472 (RES) |= (rda[2] & 0x0000f000L)!=0x00000000L; \
473 } while (0); \
474 break; \
475 case 0x03: \
476 do { \
477 uint32_t rda[4]; \
478 s->phys_mem_read(s->dma_opaque, (ADDR), \
479 (void *)&rda[0], sizeof(rda), 0); \
480 (RES) |= (rda[0] & 0x0000f000L)!=0x00000000L; \
481 (RES) |= (rda[1] & 0x0000f000L)!=0x0000f000L; \
482 } while (0); \
483 break; \
484 } \
485 } while (0)
486
487 #define CHECK_TMD(ADDR,RES) do { \
488 switch (BCR_SWSTYLE(s)) { \
489 case 0x00: \
490 do { \
491 uint16_t xda[4]; \
492 s->phys_mem_read(s->dma_opaque, (ADDR), \
493 (void *)&xda[0], sizeof(xda), 0); \
494 (RES) |= (xda[2] & 0xf000)!=0xf000; \
495 } while (0); \
496 break; \
497 case 0x01: \
498 case 0x02: \
499 case 0x03: \
500 do { \
501 uint32_t xda[4]; \
502 s->phys_mem_read(s->dma_opaque, (ADDR), \
503 (void *)&xda[0], sizeof(xda), 0); \
504 (RES) |= (xda[1] & 0x0000f000L)!=0x0000f000L; \
505 } while (0); \
506 break; \
507 } \
508 } while (0)
509
510 #endif
511
512 #define PRINT_PKTHDR(BUF) do { \
513 struct qemu_ether_header *hdr = (void *)(BUF); \
514 printf("packet dhost=%02x:%02x:%02x:%02x:%02x:%02x, " \
515 "shost=%02x:%02x:%02x:%02x:%02x:%02x, " \
516 "type=0x%04x\n", \
517 hdr->ether_dhost[0],hdr->ether_dhost[1],hdr->ether_dhost[2], \
518 hdr->ether_dhost[3],hdr->ether_dhost[4],hdr->ether_dhost[5], \
519 hdr->ether_shost[0],hdr->ether_shost[1],hdr->ether_shost[2], \
520 hdr->ether_shost[3],hdr->ether_shost[4],hdr->ether_shost[5], \
521 be16_to_cpu(hdr->ether_type)); \
522 } while (0)
523
524 #define MULTICAST_FILTER_LEN 8
525
526 static inline uint32_t lnc_mchash(const uint8_t *ether_addr)
527 {
528 #define LNC_POLYNOMIAL 0xEDB88320UL
529 uint32_t crc = 0xFFFFFFFF;
530 int idx, bit;
531 uint8_t data;
532
533 for (idx = 0; idx < 6; idx++) {
534 for (data = *ether_addr++, bit = 0; bit < MULTICAST_FILTER_LEN; bit++) {
535 crc = (crc >> 1) ^ (((crc ^ data) & 1) ? LNC_POLYNOMIAL : 0);
536 data >>= 1;
537 }
538 }
539 return crc;
540 #undef LNC_POLYNOMIAL
541 }
542
543 #define CRC(crc, ch) (crc = (crc >> 8) ^ crctab[(crc ^ (ch)) & 0xff])
544
545 /* generated using the AUTODIN II polynomial
546 * x^32 + x^26 + x^23 + x^22 + x^16 +
547 * x^12 + x^11 + x^10 + x^8 + x^7 + x^5 + x^4 + x^2 + x^1 + 1
548 */
549 static const uint32_t crctab[256] = {
550 0x00000000, 0x77073096, 0xee0e612c, 0x990951ba,
551 0x076dc419, 0x706af48f, 0xe963a535, 0x9e6495a3,
552 0x0edb8832, 0x79dcb8a4, 0xe0d5e91e, 0x97d2d988,
553 0x09b64c2b, 0x7eb17cbd, 0xe7b82d07, 0x90bf1d91,
554 0x1db71064, 0x6ab020f2, 0xf3b97148, 0x84be41de,
555 0x1adad47d, 0x6ddde4eb, 0xf4d4b551, 0x83d385c7,
556 0x136c9856, 0x646ba8c0, 0xfd62f97a, 0x8a65c9ec,
557 0x14015c4f, 0x63066cd9, 0xfa0f3d63, 0x8d080df5,
558 0x3b6e20c8, 0x4c69105e, 0xd56041e4, 0xa2677172,
559 0x3c03e4d1, 0x4b04d447, 0xd20d85fd, 0xa50ab56b,
560 0x35b5a8fa, 0x42b2986c, 0xdbbbc9d6, 0xacbcf940,
561 0x32d86ce3, 0x45df5c75, 0xdcd60dcf, 0xabd13d59,
562 0x26d930ac, 0x51de003a, 0xc8d75180, 0xbfd06116,
563 0x21b4f4b5, 0x56b3c423, 0xcfba9599, 0xb8bda50f,
564 0x2802b89e, 0x5f058808, 0xc60cd9b2, 0xb10be924,
565 0x2f6f7c87, 0x58684c11, 0xc1611dab, 0xb6662d3d,
566 0x76dc4190, 0x01db7106, 0x98d220bc, 0xefd5102a,
567 0x71b18589, 0x06b6b51f, 0x9fbfe4a5, 0xe8b8d433,
568 0x7807c9a2, 0x0f00f934, 0x9609a88e, 0xe10e9818,
569 0x7f6a0dbb, 0x086d3d2d, 0x91646c97, 0xe6635c01,
570 0x6b6b51f4, 0x1c6c6162, 0x856530d8, 0xf262004e,
571 0x6c0695ed, 0x1b01a57b, 0x8208f4c1, 0xf50fc457,
572 0x65b0d9c6, 0x12b7e950, 0x8bbeb8ea, 0xfcb9887c,
573 0x62dd1ddf, 0x15da2d49, 0x8cd37cf3, 0xfbd44c65,
574 0x4db26158, 0x3ab551ce, 0xa3bc0074, 0xd4bb30e2,
575 0x4adfa541, 0x3dd895d7, 0xa4d1c46d, 0xd3d6f4fb,
576 0x4369e96a, 0x346ed9fc, 0xad678846, 0xda60b8d0,
577 0x44042d73, 0x33031de5, 0xaa0a4c5f, 0xdd0d7cc9,
578 0x5005713c, 0x270241aa, 0xbe0b1010, 0xc90c2086,
579 0x5768b525, 0x206f85b3, 0xb966d409, 0xce61e49f,
580 0x5edef90e, 0x29d9c998, 0xb0d09822, 0xc7d7a8b4,
581 0x59b33d17, 0x2eb40d81, 0xb7bd5c3b, 0xc0ba6cad,
582 0xedb88320, 0x9abfb3b6, 0x03b6e20c, 0x74b1d29a,
583 0xead54739, 0x9dd277af, 0x04db2615, 0x73dc1683,
584 0xe3630b12, 0x94643b84, 0x0d6d6a3e, 0x7a6a5aa8,
585 0xe40ecf0b, 0x9309ff9d, 0x0a00ae27, 0x7d079eb1,
586 0xf00f9344, 0x8708a3d2, 0x1e01f268, 0x6906c2fe,
587 0xf762575d, 0x806567cb, 0x196c3671, 0x6e6b06e7,
588 0xfed41b76, 0x89d32be0, 0x10da7a5a, 0x67dd4acc,
589 0xf9b9df6f, 0x8ebeeff9, 0x17b7be43, 0x60b08ed5,
590 0xd6d6a3e8, 0xa1d1937e, 0x38d8c2c4, 0x4fdff252,
591 0xd1bb67f1, 0xa6bc5767, 0x3fb506dd, 0x48b2364b,
592 0xd80d2bda, 0xaf0a1b4c, 0x36034af6, 0x41047a60,
593 0xdf60efc3, 0xa867df55, 0x316e8eef, 0x4669be79,
594 0xcb61b38c, 0xbc66831a, 0x256fd2a0, 0x5268e236,
595 0xcc0c7795, 0xbb0b4703, 0x220216b9, 0x5505262f,
596 0xc5ba3bbe, 0xb2bd0b28, 0x2bb45a92, 0x5cb36a04,
597 0xc2d7ffa7, 0xb5d0cf31, 0x2cd99e8b, 0x5bdeae1d,
598 0x9b64c2b0, 0xec63f226, 0x756aa39c, 0x026d930a,
599 0x9c0906a9, 0xeb0e363f, 0x72076785, 0x05005713,
600 0x95bf4a82, 0xe2b87a14, 0x7bb12bae, 0x0cb61b38,
601 0x92d28e9b, 0xe5d5be0d, 0x7cdcefb7, 0x0bdbdf21,
602 0x86d3d2d4, 0xf1d4e242, 0x68ddb3f8, 0x1fda836e,
603 0x81be16cd, 0xf6b9265b, 0x6fb077e1, 0x18b74777,
604 0x88085ae6, 0xff0f6a70, 0x66063bca, 0x11010b5c,
605 0x8f659eff, 0xf862ae69, 0x616bffd3, 0x166ccf45,
606 0xa00ae278, 0xd70dd2ee, 0x4e048354, 0x3903b3c2,
607 0xa7672661, 0xd06016f7, 0x4969474d, 0x3e6e77db,
608 0xaed16a4a, 0xd9d65adc, 0x40df0b66, 0x37d83bf0,
609 0xa9bcae53, 0xdebb9ec5, 0x47b2cf7f, 0x30b5ffe9,
610 0xbdbdf21c, 0xcabac28a, 0x53b39330, 0x24b4a3a6,
611 0xbad03605, 0xcdd70693, 0x54de5729, 0x23d967bf,
612 0xb3667a2e, 0xc4614ab8, 0x5d681b02, 0x2a6f2b94,
613 0xb40bbe37, 0xc30c8ea1, 0x5a05df1b, 0x2d02ef8d,
614 };
615
616 static inline int padr_match(PCNetState *s, const uint8_t *buf, int size)
617 {
618 struct qemu_ether_header *hdr = (void *)buf;
619 uint8_t padr[6] = {
620 s->csr[12] & 0xff, s->csr[12] >> 8,
621 s->csr[13] & 0xff, s->csr[13] >> 8,
622 s->csr[14] & 0xff, s->csr[14] >> 8
623 };
624 int result = (!CSR_DRCVPA(s)) && !memcmp(hdr->ether_dhost, padr, 6);
625 #ifdef PCNET_DEBUG_MATCH
626 printf("packet dhost=%02x:%02x:%02x:%02x:%02x:%02x, "
627 "padr=%02x:%02x:%02x:%02x:%02x:%02x\n",
628 hdr->ether_dhost[0],hdr->ether_dhost[1],hdr->ether_dhost[2],
629 hdr->ether_dhost[3],hdr->ether_dhost[4],hdr->ether_dhost[5],
630 padr[0],padr[1],padr[2],padr[3],padr[4],padr[5]);
631 printf("padr_match result=%d\n", result);
632 #endif
633 return result;
634 }
635
636 static inline int padr_bcast(PCNetState *s, const uint8_t *buf, int size)
637 {
638 static const uint8_t BCAST[6] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
639 struct qemu_ether_header *hdr = (void *)buf;
640 int result = !CSR_DRCVBC(s) && !memcmp(hdr->ether_dhost, BCAST, 6);
641 #ifdef PCNET_DEBUG_MATCH
642 printf("padr_bcast result=%d\n", result);
643 #endif
644 return result;
645 }
646
647 static inline int ladr_match(PCNetState *s, const uint8_t *buf, int size)
648 {
649 struct qemu_ether_header *hdr = (void *)buf;
650 if ((*(hdr->ether_dhost)&0x01) &&
651 ((uint64_t *)&s->csr[8])[0] != 0LL) {
652 uint8_t ladr[8] = {
653 s->csr[8] & 0xff, s->csr[8] >> 8,
654 s->csr[9] & 0xff, s->csr[9] >> 8,
655 s->csr[10] & 0xff, s->csr[10] >> 8,
656 s->csr[11] & 0xff, s->csr[11] >> 8
657 };
658 int index = lnc_mchash(hdr->ether_dhost) >> 26;
659 return !!(ladr[index >> 3] & (1 << (index & 7)));
660 }
661 return 0;
662 }
663
664 static inline hwaddr pcnet_rdra_addr(PCNetState *s, int idx)
665 {
666 while (idx < 1) idx += CSR_RCVRL(s);
667 return s->rdra + ((CSR_RCVRL(s) - idx) * (BCR_SWSTYLE(s) ? 16 : 8));
668 }
669
670 static inline int64_t pcnet_get_next_poll_time(PCNetState *s, int64_t current_time)
671 {
672 int64_t next_time = current_time +
673 (65536 - (CSR_SPND(s) ? 0 : CSR_POLL(s))) * 30;
674 if (next_time <= current_time)
675 next_time = current_time + 1;
676 return next_time;
677 }
678
679 static void pcnet_poll(PCNetState *s);
680 static void pcnet_poll_timer(void *opaque);
681
682 static uint32_t pcnet_csr_readw(PCNetState *s, uint32_t rap);
683 static void pcnet_csr_writew(PCNetState *s, uint32_t rap, uint32_t new_value);
684 static void pcnet_bcr_writew(PCNetState *s, uint32_t rap, uint32_t val);
685
686 static void pcnet_s_reset(PCNetState *s)
687 {
688 trace_pcnet_s_reset(s);
689
690 s->rdra = 0;
691 s->tdra = 0;
692 s->rap = 0;
693
694 s->bcr[BCR_BSBC] &= ~0x0080;
695
696 s->csr[0] = 0x0004;
697 s->csr[3] = 0x0000;
698 s->csr[4] = 0x0115;
699 s->csr[5] = 0x0000;
700 s->csr[6] = 0x0000;
701 s->csr[8] = 0;
702 s->csr[9] = 0;
703 s->csr[10] = 0;
704 s->csr[11] = 0;
705 s->csr[12] = le16_to_cpu(((uint16_t *)&s->prom[0])[0]);
706 s->csr[13] = le16_to_cpu(((uint16_t *)&s->prom[0])[1]);
707 s->csr[14] = le16_to_cpu(((uint16_t *)&s->prom[0])[2]);
708 s->csr[15] &= 0x21c4;
709 s->csr[72] = 1;
710 s->csr[74] = 1;
711 s->csr[76] = 1;
712 s->csr[78] = 1;
713 s->csr[80] = 0x1410;
714 s->csr[88] = 0x1003;
715 s->csr[89] = 0x0262;
716 s->csr[94] = 0x0000;
717 s->csr[100] = 0x0200;
718 s->csr[103] = 0x0105;
719 s->csr[112] = 0x0000;
720 s->csr[114] = 0x0000;
721 s->csr[122] = 0x0000;
722 s->csr[124] = 0x0000;
723
724 s->tx_busy = 0;
725 }
726
727 static void pcnet_update_irq(PCNetState *s)
728 {
729 int isr = 0;
730 s->csr[0] &= ~0x0080;
731
732 #if 1
733 if (((s->csr[0] & ~s->csr[3]) & 0x5f00) ||
734 (((s->csr[4]>>1) & ~s->csr[4]) & 0x0115) ||
735 (((s->csr[5]>>1) & s->csr[5]) & 0x0048))
736 #else
737 if ((!(s->csr[3] & 0x4000) && !!(s->csr[0] & 0x4000)) /* BABL */ ||
738 (!(s->csr[3] & 0x1000) && !!(s->csr[0] & 0x1000)) /* MISS */ ||
739 (!(s->csr[3] & 0x0100) && !!(s->csr[0] & 0x0100)) /* IDON */ ||
740 (!(s->csr[3] & 0x0200) && !!(s->csr[0] & 0x0200)) /* TINT */ ||
741 (!(s->csr[3] & 0x0400) && !!(s->csr[0] & 0x0400)) /* RINT */ ||
742 (!(s->csr[3] & 0x0800) && !!(s->csr[0] & 0x0800)) /* MERR */ ||
743 (!(s->csr[4] & 0x0001) && !!(s->csr[4] & 0x0002)) /* JAB */ ||
744 (!(s->csr[4] & 0x0004) && !!(s->csr[4] & 0x0008)) /* TXSTRT */ ||
745 (!(s->csr[4] & 0x0010) && !!(s->csr[4] & 0x0020)) /* RCVO */ ||
746 (!(s->csr[4] & 0x0100) && !!(s->csr[4] & 0x0200)) /* MFCO */ ||
747 (!!(s->csr[5] & 0x0040) && !!(s->csr[5] & 0x0080)) /* EXDINT */ ||
748 (!!(s->csr[5] & 0x0008) && !!(s->csr[5] & 0x0010)) /* MPINT */)
749 #endif
750 {
751
752 isr = CSR_INEA(s);
753 s->csr[0] |= 0x0080;
754 }
755
756 if (!!(s->csr[4] & 0x0080) && CSR_INEA(s)) { /* UINT */
757 s->csr[4] &= ~0x0080;
758 s->csr[4] |= 0x0040;
759 s->csr[0] |= 0x0080;
760 isr = 1;
761 trace_pcnet_user_int(s);
762 }
763
764 #if 1
765 if (((s->csr[5]>>1) & s->csr[5]) & 0x0500)
766 #else
767 if ((!!(s->csr[5] & 0x0400) && !!(s->csr[5] & 0x0800)) /* SINT */ ||
768 (!!(s->csr[5] & 0x0100) && !!(s->csr[5] & 0x0200)) /* SLPINT */ )
769 #endif
770 {
771 isr = 1;
772 s->csr[0] |= 0x0080;
773 }
774
775 if (isr != s->isr) {
776 trace_pcnet_isr_change(s, isr, s->isr);
777 }
778 qemu_set_irq(s->irq, isr);
779 s->isr = isr;
780 }
781
782 static void pcnet_init(PCNetState *s)
783 {
784 int rlen, tlen;
785 uint16_t padr[3], ladrf[4], mode;
786 uint32_t rdra, tdra;
787
788 trace_pcnet_init(s, PHYSADDR(s, CSR_IADR(s)));
789
790 if (BCR_SSIZE32(s)) {
791 struct pcnet_initblk32 initblk;
792 s->phys_mem_read(s->dma_opaque, PHYSADDR(s,CSR_IADR(s)),
793 (uint8_t *)&initblk, sizeof(initblk), 0);
794 mode = le16_to_cpu(initblk.mode);
795 rlen = initblk.rlen >> 4;
796 tlen = initblk.tlen >> 4;
797 ladrf[0] = le16_to_cpu(initblk.ladrf[0]);
798 ladrf[1] = le16_to_cpu(initblk.ladrf[1]);
799 ladrf[2] = le16_to_cpu(initblk.ladrf[2]);
800 ladrf[3] = le16_to_cpu(initblk.ladrf[3]);
801 padr[0] = le16_to_cpu(initblk.padr[0]);
802 padr[1] = le16_to_cpu(initblk.padr[1]);
803 padr[2] = le16_to_cpu(initblk.padr[2]);
804 rdra = le32_to_cpu(initblk.rdra);
805 tdra = le32_to_cpu(initblk.tdra);
806 } else {
807 struct pcnet_initblk16 initblk;
808 s->phys_mem_read(s->dma_opaque, PHYSADDR(s,CSR_IADR(s)),
809 (uint8_t *)&initblk, sizeof(initblk), 0);
810 mode = le16_to_cpu(initblk.mode);
811 ladrf[0] = le16_to_cpu(initblk.ladrf[0]);
812 ladrf[1] = le16_to_cpu(initblk.ladrf[1]);
813 ladrf[2] = le16_to_cpu(initblk.ladrf[2]);
814 ladrf[3] = le16_to_cpu(initblk.ladrf[3]);
815 padr[0] = le16_to_cpu(initblk.padr[0]);
816 padr[1] = le16_to_cpu(initblk.padr[1]);
817 padr[2] = le16_to_cpu(initblk.padr[2]);
818 rdra = le32_to_cpu(initblk.rdra);
819 tdra = le32_to_cpu(initblk.tdra);
820 rlen = rdra >> 29;
821 tlen = tdra >> 29;
822 rdra &= 0x00ffffff;
823 tdra &= 0x00ffffff;
824 }
825
826 trace_pcnet_rlen_tlen(s, rlen, tlen);
827
828 CSR_RCVRL(s) = (rlen < 9) ? (1 << rlen) : 512;
829 CSR_XMTRL(s) = (tlen < 9) ? (1 << tlen) : 512;
830 s->csr[ 6] = (tlen << 12) | (rlen << 8);
831 s->csr[15] = mode;
832 s->csr[ 8] = ladrf[0];
833 s->csr[ 9] = ladrf[1];
834 s->csr[10] = ladrf[2];
835 s->csr[11] = ladrf[3];
836 s->csr[12] = padr[0];
837 s->csr[13] = padr[1];
838 s->csr[14] = padr[2];
839 s->rdra = PHYSADDR(s, rdra);
840 s->tdra = PHYSADDR(s, tdra);
841
842 CSR_RCVRC(s) = CSR_RCVRL(s);
843 CSR_XMTRC(s) = CSR_XMTRL(s);
844
845 trace_pcnet_ss32_rdra_tdra(s, BCR_SSIZE32(s),
846 s->rdra, CSR_RCVRL(s), s->tdra, CSR_XMTRL(s));
847
848 s->csr[0] |= 0x0101;
849 s->csr[0] &= ~0x0004; /* clear STOP bit */
850
851 qemu_flush_queued_packets(qemu_get_queue(s->nic));
852 }
853
854 static void pcnet_start(PCNetState *s)
855 {
856 #ifdef PCNET_DEBUG
857 printf("pcnet_start\n");
858 #endif
859
860 if (!CSR_DTX(s))
861 s->csr[0] |= 0x0010; /* set TXON */
862
863 if (!CSR_DRX(s))
864 s->csr[0] |= 0x0020; /* set RXON */
865
866 s->csr[0] &= ~0x0004; /* clear STOP bit */
867 s->csr[0] |= 0x0002;
868 pcnet_poll_timer(s);
869
870 qemu_flush_queued_packets(qemu_get_queue(s->nic));
871 }
872
873 static void pcnet_stop(PCNetState *s)
874 {
875 #ifdef PCNET_DEBUG
876 printf("pcnet_stop\n");
877 #endif
878 s->csr[0] &= ~0xffeb;
879 s->csr[0] |= 0x0014;
880 s->csr[4] &= ~0x02c2;
881 s->csr[5] &= ~0x0011;
882 pcnet_poll_timer(s);
883 }
884
885 static void pcnet_rdte_poll(PCNetState *s)
886 {
887 s->csr[28] = s->csr[29] = 0;
888 if (s->rdra) {
889 int bad = 0;
890 #if 1
891 hwaddr crda = pcnet_rdra_addr(s, CSR_RCVRC(s));
892 hwaddr nrda = pcnet_rdra_addr(s, -1 + CSR_RCVRC(s));
893 hwaddr nnrd = pcnet_rdra_addr(s, -2 + CSR_RCVRC(s));
894 #else
895 hwaddr crda = s->rdra +
896 (CSR_RCVRL(s) - CSR_RCVRC(s)) *
897 (BCR_SWSTYLE(s) ? 16 : 8 );
898 int nrdc = CSR_RCVRC(s)<=1 ? CSR_RCVRL(s) : CSR_RCVRC(s)-1;
899 hwaddr nrda = s->rdra +
900 (CSR_RCVRL(s) - nrdc) *
901 (BCR_SWSTYLE(s) ? 16 : 8 );
902 int nnrc = nrdc<=1 ? CSR_RCVRL(s) : nrdc-1;
903 hwaddr nnrd = s->rdra +
904 (CSR_RCVRL(s) - nnrc) *
905 (BCR_SWSTYLE(s) ? 16 : 8 );
906 #endif
907
908 CHECK_RMD(crda, bad);
909 if (!bad) {
910 CHECK_RMD(nrda, bad);
911 if (bad || (nrda == crda)) nrda = 0;
912 CHECK_RMD(nnrd, bad);
913 if (bad || (nnrd == crda)) nnrd = 0;
914
915 s->csr[28] = crda & 0xffff;
916 s->csr[29] = crda >> 16;
917 s->csr[26] = nrda & 0xffff;
918 s->csr[27] = nrda >> 16;
919 s->csr[36] = nnrd & 0xffff;
920 s->csr[37] = nnrd >> 16;
921 #ifdef PCNET_DEBUG
922 if (bad) {
923 printf("pcnet: BAD RMD RECORDS AFTER 0x" TARGET_FMT_plx "\n",
924 crda);
925 }
926 } else {
927 printf("pcnet: BAD RMD RDA=0x" TARGET_FMT_plx "\n",
928 crda);
929 #endif
930 }
931 }
932
933 if (CSR_CRDA(s)) {
934 struct pcnet_RMD rmd;
935 RMDLOAD(&rmd, PHYSADDR(s,CSR_CRDA(s)));
936 CSR_CRBC(s) = GET_FIELD(rmd.buf_length, RMDL, BCNT);
937 CSR_CRST(s) = rmd.status;
938 #ifdef PCNET_DEBUG_RMD_X
939 printf("CRDA=0x%08x CRST=0x%04x RCVRC=%d RMDL=0x%04x RMDS=0x%04x RMDM=0x%08x\n",
940 PHYSADDR(s,CSR_CRDA(s)), CSR_CRST(s), CSR_RCVRC(s),
941 rmd.buf_length, rmd.status, rmd.msg_length);
942 PRINT_RMD(&rmd);
943 #endif
944 } else {
945 CSR_CRBC(s) = CSR_CRST(s) = 0;
946 }
947
948 if (CSR_NRDA(s)) {
949 struct pcnet_RMD rmd;
950 RMDLOAD(&rmd, PHYSADDR(s,CSR_NRDA(s)));
951 CSR_NRBC(s) = GET_FIELD(rmd.buf_length, RMDL, BCNT);
952 CSR_NRST(s) = rmd.status;
953 } else {
954 CSR_NRBC(s) = CSR_NRST(s) = 0;
955 }
956
957 }
958
959 static int pcnet_tdte_poll(PCNetState *s)
960 {
961 s->csr[34] = s->csr[35] = 0;
962 if (s->tdra) {
963 hwaddr cxda = s->tdra +
964 (CSR_XMTRL(s) - CSR_XMTRC(s)) *
965 (BCR_SWSTYLE(s) ? 16 : 8);
966 int bad = 0;
967 CHECK_TMD(cxda, bad);
968 if (!bad) {
969 if (CSR_CXDA(s) != cxda) {
970 s->csr[60] = s->csr[34];
971 s->csr[61] = s->csr[35];
972 s->csr[62] = CSR_CXBC(s);
973 s->csr[63] = CSR_CXST(s);
974 }
975 s->csr[34] = cxda & 0xffff;
976 s->csr[35] = cxda >> 16;
977 #ifdef PCNET_DEBUG_X
978 printf("pcnet: BAD TMD XDA=0x%08x\n", cxda);
979 #endif
980 }
981 }
982
983 if (CSR_CXDA(s)) {
984 struct pcnet_TMD tmd;
985
986 TMDLOAD(&tmd, PHYSADDR(s,CSR_CXDA(s)));
987
988 CSR_CXBC(s) = GET_FIELD(tmd.length, TMDL, BCNT);
989 CSR_CXST(s) = tmd.status;
990 } else {
991 CSR_CXBC(s) = CSR_CXST(s) = 0;
992 }
993
994 return !!(CSR_CXST(s) & 0x8000);
995 }
996
997 #define MIN_BUF_SIZE 60
998
999 ssize_t pcnet_receive(NetClientState *nc, const uint8_t *buf, size_t size_)
1000 {
1001 PCNetState *s = qemu_get_nic_opaque(nc);
1002 int is_padr = 0, is_bcast = 0, is_ladr = 0;
1003 uint8_t buf1[60];
1004 int remaining;
1005 int crc_err = 0;
1006 int size = size_;
1007
1008 if (CSR_DRX(s) || CSR_STOP(s) || CSR_SPND(s) || !size ||
1009 (CSR_LOOP(s) && !s->looptest)) {
1010 return -1;
1011 }
1012 #ifdef PCNET_DEBUG
1013 printf("pcnet_receive size=%d\n", size);
1014 #endif
1015
1016 /* if too small buffer, then expand it */
1017 if (size < MIN_BUF_SIZE) {
1018 memcpy(buf1, buf, size);
1019 memset(buf1 + size, 0, MIN_BUF_SIZE - size);
1020 buf = buf1;
1021 size = MIN_BUF_SIZE;
1022 }
1023
1024 if (CSR_PROM(s)
1025 || (is_padr=padr_match(s, buf, size))
1026 || (is_bcast=padr_bcast(s, buf, size))
1027 || (is_ladr=ladr_match(s, buf, size))) {
1028
1029 pcnet_rdte_poll(s);
1030
1031 if (!(CSR_CRST(s) & 0x8000) && s->rdra) {
1032 struct pcnet_RMD rmd;
1033 int rcvrc = CSR_RCVRC(s)-1,i;
1034 hwaddr nrda;
1035 for (i = CSR_RCVRL(s)-1; i > 0; i--, rcvrc--) {
1036 if (rcvrc <= 1)
1037 rcvrc = CSR_RCVRL(s);
1038 nrda = s->rdra +
1039 (CSR_RCVRL(s) - rcvrc) *
1040 (BCR_SWSTYLE(s) ? 16 : 8 );
1041 RMDLOAD(&rmd, nrda);
1042 if (GET_FIELD(rmd.status, RMDS, OWN)) {
1043 #ifdef PCNET_DEBUG_RMD
1044 printf("pcnet - scan buffer: RCVRC=%d PREV_RCVRC=%d\n",
1045 rcvrc, CSR_RCVRC(s));
1046 #endif
1047 CSR_RCVRC(s) = rcvrc;
1048 pcnet_rdte_poll(s);
1049 break;
1050 }
1051 }
1052 }
1053
1054 if (!(CSR_CRST(s) & 0x8000)) {
1055 #ifdef PCNET_DEBUG_RMD
1056 printf("pcnet - no buffer: RCVRC=%d\n", CSR_RCVRC(s));
1057 #endif
1058 s->csr[0] |= 0x1000; /* Set MISS flag */
1059 CSR_MISSC(s)++;
1060 } else {
1061 uint8_t *src = s->buffer;
1062 hwaddr crda = CSR_CRDA(s);
1063 struct pcnet_RMD rmd;
1064 int pktcount = 0;
1065
1066 if (!s->looptest) {
1067 memcpy(src, buf, size);
1068 /* no need to compute the CRC */
1069 src[size] = 0;
1070 src[size + 1] = 0;
1071 src[size + 2] = 0;
1072 src[size + 3] = 0;
1073 size += 4;
1074 } else if (s->looptest == PCNET_LOOPTEST_CRC ||
1075 !CSR_DXMTFCS(s) || size < MIN_BUF_SIZE+4) {
1076 uint32_t fcs = ~0;
1077 uint8_t *p = src;
1078
1079 while (p != &src[size])
1080 CRC(fcs, *p++);
1081 *(uint32_t *)p = htonl(fcs);
1082 size += 4;
1083 } else {
1084 uint32_t fcs = ~0;
1085 uint8_t *p = src;
1086
1087 while (p != &src[size])
1088 CRC(fcs, *p++);
1089 crc_err = (*(uint32_t *)p != htonl(fcs));
1090 }
1091
1092 #ifdef PCNET_DEBUG_MATCH
1093 PRINT_PKTHDR(buf);
1094 #endif
1095
1096 RMDLOAD(&rmd, PHYSADDR(s,crda));
1097 /*if (!CSR_LAPPEN(s))*/
1098 SET_FIELD(&rmd.status, RMDS, STP, 1);
1099
1100 #define PCNET_RECV_STORE() do { \
1101 int count = MIN(4096 - GET_FIELD(rmd.buf_length, RMDL, BCNT),remaining); \
1102 hwaddr rbadr = PHYSADDR(s, rmd.rbadr); \
1103 s->phys_mem_write(s->dma_opaque, rbadr, src, count, CSR_BSWP(s)); \
1104 src += count; remaining -= count; \
1105 SET_FIELD(&rmd.status, RMDS, OWN, 0); \
1106 RMDSTORE(&rmd, PHYSADDR(s,crda)); \
1107 pktcount++; \
1108 } while (0)
1109
1110 remaining = size;
1111 PCNET_RECV_STORE();
1112 if ((remaining > 0) && CSR_NRDA(s)) {
1113 hwaddr nrda = CSR_NRDA(s);
1114 #ifdef PCNET_DEBUG_RMD
1115 PRINT_RMD(&rmd);
1116 #endif
1117 RMDLOAD(&rmd, PHYSADDR(s,nrda));
1118 if (GET_FIELD(rmd.status, RMDS, OWN)) {
1119 crda = nrda;
1120 PCNET_RECV_STORE();
1121 #ifdef PCNET_DEBUG_RMD
1122 PRINT_RMD(&rmd);
1123 #endif
1124 if ((remaining > 0) && (nrda=CSR_NNRD(s))) {
1125 RMDLOAD(&rmd, PHYSADDR(s,nrda));
1126 if (GET_FIELD(rmd.status, RMDS, OWN)) {
1127 crda = nrda;
1128 PCNET_RECV_STORE();
1129 }
1130 }
1131 }
1132 }
1133
1134 #undef PCNET_RECV_STORE
1135
1136 RMDLOAD(&rmd, PHYSADDR(s,crda));
1137 if (remaining == 0) {
1138 SET_FIELD(&rmd.msg_length, RMDM, MCNT, size);
1139 SET_FIELD(&rmd.status, RMDS, ENP, 1);
1140 SET_FIELD(&rmd.status, RMDS, PAM, !CSR_PROM(s) && is_padr);
1141 SET_FIELD(&rmd.status, RMDS, LFAM, !CSR_PROM(s) && is_ladr);
1142 SET_FIELD(&rmd.status, RMDS, BAM, !CSR_PROM(s) && is_bcast);
1143 if (crc_err) {
1144 SET_FIELD(&rmd.status, RMDS, CRC, 1);
1145 SET_FIELD(&rmd.status, RMDS, ERR, 1);
1146 }
1147 } else {
1148 SET_FIELD(&rmd.status, RMDS, OFLO, 1);
1149 SET_FIELD(&rmd.status, RMDS, BUFF, 1);
1150 SET_FIELD(&rmd.status, RMDS, ERR, 1);
1151 }
1152 RMDSTORE(&rmd, PHYSADDR(s,crda));
1153 s->csr[0] |= 0x0400;
1154
1155 #ifdef PCNET_DEBUG
1156 printf("RCVRC=%d CRDA=0x%08x BLKS=%d\n",
1157 CSR_RCVRC(s), PHYSADDR(s,CSR_CRDA(s)), pktcount);
1158 #endif
1159 #ifdef PCNET_DEBUG_RMD
1160 PRINT_RMD(&rmd);
1161 #endif
1162
1163 while (pktcount--) {
1164 if (CSR_RCVRC(s) <= 1)
1165 CSR_RCVRC(s) = CSR_RCVRL(s);
1166 else
1167 CSR_RCVRC(s)--;
1168 }
1169
1170 pcnet_rdte_poll(s);
1171
1172 }
1173 }
1174
1175 pcnet_poll(s);
1176 pcnet_update_irq(s);
1177
1178 return size_;
1179 }
1180
1181 void pcnet_set_link_status(NetClientState *nc)
1182 {
1183 PCNetState *d = qemu_get_nic_opaque(nc);
1184
1185 d->lnkst = nc->link_down ? 0 : 0x40;
1186 }
1187
1188 static void pcnet_transmit(PCNetState *s)
1189 {
1190 hwaddr xmit_cxda = 0;
1191 int count = CSR_XMTRL(s)-1;
1192 int add_crc = 0;
1193 int bcnt;
1194 s->xmit_pos = -1;
1195
1196 if (!CSR_TXON(s)) {
1197 s->csr[0] &= ~0x0008;
1198 return;
1199 }
1200
1201 s->tx_busy = 1;
1202
1203 txagain:
1204 if (pcnet_tdte_poll(s)) {
1205 struct pcnet_TMD tmd;
1206
1207 TMDLOAD(&tmd, PHYSADDR(s,CSR_CXDA(s)));
1208
1209 #ifdef PCNET_DEBUG_TMD
1210 printf(" TMDLOAD 0x%08x\n", PHYSADDR(s,CSR_CXDA(s)));
1211 PRINT_TMD(&tmd);
1212 #endif
1213 if (GET_FIELD(tmd.status, TMDS, STP)) {
1214 s->xmit_pos = 0;
1215 xmit_cxda = PHYSADDR(s,CSR_CXDA(s));
1216 if (BCR_SWSTYLE(s) != 1)
1217 add_crc = GET_FIELD(tmd.status, TMDS, ADDFCS);
1218 }
1219 if (s->lnkst == 0 &&
1220 (!CSR_LOOP(s) || (!CSR_INTL(s) && !BCR_TMAULOOP(s)))) {
1221 SET_FIELD(&tmd.misc, TMDM, LCAR, 1);
1222 SET_FIELD(&tmd.status, TMDS, ERR, 1);
1223 SET_FIELD(&tmd.status, TMDS, OWN, 0);
1224 s->csr[0] |= 0xa000; /* ERR | CERR */
1225 s->xmit_pos = -1;
1226 goto txdone;
1227 }
1228
1229 if (s->xmit_pos < 0) {
1230 goto txdone;
1231 }
1232
1233 bcnt = 4096 - GET_FIELD(tmd.length, TMDL, BCNT);
1234
1235 /* if multi-tmd packet outsizes s->buffer then skip it silently.
1236 * Note: this is not what real hw does.
1237 * Last four bytes of s->buffer are used to store CRC FCS code.
1238 */
1239 if (s->xmit_pos + bcnt > sizeof(s->buffer) - 4) {
1240 s->xmit_pos = -1;
1241 goto txdone;
1242 }
1243
1244 s->phys_mem_read(s->dma_opaque, PHYSADDR(s, tmd.tbadr),
1245 s->buffer + s->xmit_pos, bcnt, CSR_BSWP(s));
1246 s->xmit_pos += bcnt;
1247
1248 if (!GET_FIELD(tmd.status, TMDS, ENP)) {
1249 goto txdone;
1250 }
1251
1252 #ifdef PCNET_DEBUG
1253 printf("pcnet_transmit size=%d\n", s->xmit_pos);
1254 #endif
1255 if (CSR_LOOP(s)) {
1256 if (BCR_SWSTYLE(s) == 1)
1257 add_crc = !GET_FIELD(tmd.status, TMDS, NOFCS);
1258 s->looptest = add_crc ? PCNET_LOOPTEST_CRC : PCNET_LOOPTEST_NOCRC;
1259 pcnet_receive(qemu_get_queue(s->nic), s->buffer, s->xmit_pos);
1260 s->looptest = 0;
1261 } else {
1262 if (s->nic) {
1263 qemu_send_packet(qemu_get_queue(s->nic), s->buffer,
1264 s->xmit_pos);
1265 }
1266 }
1267
1268 s->csr[0] &= ~0x0008; /* clear TDMD */
1269 s->csr[4] |= 0x0004; /* set TXSTRT */
1270 s->xmit_pos = -1;
1271
1272 txdone:
1273 SET_FIELD(&tmd.status, TMDS, OWN, 0);
1274 TMDSTORE(&tmd, PHYSADDR(s,CSR_CXDA(s)));
1275 if (!CSR_TOKINTD(s) || (CSR_LTINTEN(s) && GET_FIELD(tmd.status, TMDS, LTINT)))
1276 s->csr[0] |= 0x0200; /* set TINT */
1277
1278 if (CSR_XMTRC(s)<=1)
1279 CSR_XMTRC(s) = CSR_XMTRL(s);
1280 else
1281 CSR_XMTRC(s)--;
1282 if (count--)
1283 goto txagain;
1284
1285 } else
1286 if (s->xmit_pos >= 0) {
1287 struct pcnet_TMD tmd;
1288 TMDLOAD(&tmd, xmit_cxda);
1289 SET_FIELD(&tmd.misc, TMDM, BUFF, 1);
1290 SET_FIELD(&tmd.misc, TMDM, UFLO, 1);
1291 SET_FIELD(&tmd.status, TMDS, ERR, 1);
1292 SET_FIELD(&tmd.status, TMDS, OWN, 0);
1293 TMDSTORE(&tmd, xmit_cxda);
1294 s->csr[0] |= 0x0200; /* set TINT */
1295 if (!CSR_DXSUFLO(s)) {
1296 s->csr[0] &= ~0x0010;
1297 } else
1298 if (count--)
1299 goto txagain;
1300 }
1301
1302 s->tx_busy = 0;
1303 }
1304
1305 static void pcnet_poll(PCNetState *s)
1306 {
1307 if (CSR_RXON(s)) {
1308 pcnet_rdte_poll(s);
1309 }
1310
1311 if (CSR_TDMD(s) ||
1312 (CSR_TXON(s) && !CSR_DPOLL(s) && pcnet_tdte_poll(s)))
1313 {
1314 /* prevent recursion */
1315 if (s->tx_busy)
1316 return;
1317
1318 pcnet_transmit(s);
1319 }
1320 }
1321
1322 static void pcnet_poll_timer(void *opaque)
1323 {
1324 PCNetState *s = opaque;
1325
1326 timer_del(s->poll_timer);
1327
1328 if (CSR_TDMD(s)) {
1329 pcnet_transmit(s);
1330 }
1331
1332 pcnet_update_irq(s);
1333
1334 if (!CSR_STOP(s) && !CSR_SPND(s) && !CSR_DPOLL(s)) {
1335 uint64_t now = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) * 33;
1336 if (!s->timer || !now)
1337 s->timer = now;
1338 else {
1339 uint64_t t = now - s->timer + CSR_POLL(s);
1340 if (t > 0xffffLL) {
1341 pcnet_poll(s);
1342 CSR_POLL(s) = CSR_PINT(s);
1343 } else
1344 CSR_POLL(s) = t;
1345 }
1346 timer_mod(s->poll_timer,
1347 pcnet_get_next_poll_time(s,qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL)));
1348 }
1349 }
1350
1351
1352 static void pcnet_csr_writew(PCNetState *s, uint32_t rap, uint32_t new_value)
1353 {
1354 uint16_t val = new_value;
1355 #ifdef PCNET_DEBUG_CSR
1356 printf("pcnet_csr_writew rap=%d val=0x%04x\n", rap, val);
1357 #endif
1358 switch (rap) {
1359 case 0:
1360 s->csr[0] &= ~(val & 0x7f00); /* Clear any interrupt flags */
1361
1362 s->csr[0] = (s->csr[0] & ~0x0040) | (val & 0x0048);
1363
1364 val = (val & 0x007f) | (s->csr[0] & 0x7f00);
1365
1366 /* IFF STOP, STRT and INIT are set, clear STRT and INIT */
1367 if ((val&7) == 7)
1368 val &= ~3;
1369
1370 if (!CSR_STOP(s) && (val & 4))
1371 pcnet_stop(s);
1372
1373 if (!CSR_INIT(s) && (val & 1))
1374 pcnet_init(s);
1375
1376 if (!CSR_STRT(s) && (val & 2))
1377 pcnet_start(s);
1378
1379 if (CSR_TDMD(s))
1380 pcnet_transmit(s);
1381
1382 return;
1383 case 1:
1384 case 2:
1385 case 8:
1386 case 9:
1387 case 10:
1388 case 11:
1389 case 12:
1390 case 13:
1391 case 14:
1392 case 15:
1393 case 18: /* CRBAL */
1394 case 19: /* CRBAU */
1395 case 20: /* CXBAL */
1396 case 21: /* CXBAU */
1397 case 22: /* NRBAU */
1398 case 23: /* NRBAU */
1399 case 24:
1400 case 25:
1401 case 26:
1402 case 27:
1403 case 28:
1404 case 29:
1405 case 30:
1406 case 31:
1407 case 32:
1408 case 33:
1409 case 34:
1410 case 35:
1411 case 36:
1412 case 37:
1413 case 38:
1414 case 39:
1415 case 40: /* CRBC */
1416 case 41:
1417 case 42: /* CXBC */
1418 case 43:
1419 case 44:
1420 case 45:
1421 case 46: /* POLL */
1422 case 47: /* POLLINT */
1423 case 72:
1424 case 74:
1425 case 76: /* RCVRL */
1426 case 78: /* XMTRL */
1427 case 112:
1428 if (CSR_STOP(s) || CSR_SPND(s))
1429 break;
1430 return;
1431 case 3:
1432 break;
1433 case 4:
1434 s->csr[4] &= ~(val & 0x026a);
1435 val &= ~0x026a; val |= s->csr[4] & 0x026a;
1436 break;
1437 case 5:
1438 s->csr[5] &= ~(val & 0x0a90);
1439 val &= ~0x0a90; val |= s->csr[5] & 0x0a90;
1440 break;
1441 case 16:
1442 pcnet_csr_writew(s,1,val);
1443 return;
1444 case 17:
1445 pcnet_csr_writew(s,2,val);
1446 return;
1447 case 58:
1448 pcnet_bcr_writew(s,BCR_SWS,val);
1449 break;
1450 default:
1451 return;
1452 }
1453 s->csr[rap] = val;
1454 }
1455
1456 static uint32_t pcnet_csr_readw(PCNetState *s, uint32_t rap)
1457 {
1458 uint32_t val;
1459 switch (rap) {
1460 case 0:
1461 pcnet_update_irq(s);
1462 val = s->csr[0];
1463 val |= (val & 0x7800) ? 0x8000 : 0;
1464 break;
1465 case 16:
1466 return pcnet_csr_readw(s,1);
1467 case 17:
1468 return pcnet_csr_readw(s,2);
1469 case 58:
1470 return pcnet_bcr_readw(s,BCR_SWS);
1471 case 88:
1472 val = s->csr[89];
1473 val <<= 16;
1474 val |= s->csr[88];
1475 break;
1476 default:
1477 val = s->csr[rap];
1478 }
1479 #ifdef PCNET_DEBUG_CSR
1480 printf("pcnet_csr_readw rap=%d val=0x%04x\n", rap, val);
1481 #endif
1482 return val;
1483 }
1484
1485 static void pcnet_bcr_writew(PCNetState *s, uint32_t rap, uint32_t val)
1486 {
1487 rap &= 127;
1488 #ifdef PCNET_DEBUG_BCR
1489 printf("pcnet_bcr_writew rap=%d val=0x%04x\n", rap, val);
1490 #endif
1491 switch (rap) {
1492 case BCR_SWS:
1493 if (!(CSR_STOP(s) || CSR_SPND(s)))
1494 return;
1495 val &= ~0x0300;
1496 switch (val & 0x00ff) {
1497 case 0:
1498 val |= 0x0200;
1499 break;
1500 case 1:
1501 val |= 0x0100;
1502 break;
1503 case 2:
1504 case 3:
1505 val |= 0x0300;
1506 break;
1507 default:
1508 printf("Bad SWSTYLE=0x%02x\n", val & 0xff);
1509 val = 0x0200;
1510 break;
1511 }
1512 #ifdef PCNET_DEBUG
1513 printf("BCR_SWS=0x%04x\n", val);
1514 #endif
1515 /* fall through */
1516 case BCR_LNKST:
1517 case BCR_LED1:
1518 case BCR_LED2:
1519 case BCR_LED3:
1520 case BCR_MC:
1521 case BCR_FDC:
1522 case BCR_BSBC:
1523 case BCR_EECAS:
1524 case BCR_PLAT:
1525 s->bcr[rap] = val;
1526 break;
1527 default:
1528 break;
1529 }
1530 }
1531
1532 uint32_t pcnet_bcr_readw(PCNetState *s, uint32_t rap)
1533 {
1534 uint32_t val;
1535 rap &= 127;
1536 switch (rap) {
1537 case BCR_LNKST:
1538 case BCR_LED1:
1539 case BCR_LED2:
1540 case BCR_LED3:
1541 val = s->bcr[rap] & ~0x8000;
1542 val |= (val & 0x017f & s->lnkst) ? 0x8000 : 0;
1543 break;
1544 default:
1545 val = rap < 32 ? s->bcr[rap] : 0;
1546 break;
1547 }
1548 #ifdef PCNET_DEBUG_BCR
1549 printf("pcnet_bcr_readw rap=%d val=0x%04x\n", rap, val);
1550 #endif
1551 return val;
1552 }
1553
1554 void pcnet_h_reset(void *opaque)
1555 {
1556 PCNetState *s = opaque;
1557
1558 s->bcr[BCR_MSRDA] = 0x0005;
1559 s->bcr[BCR_MSWRA] = 0x0005;
1560 s->bcr[BCR_MC ] = 0x0002;
1561 s->bcr[BCR_LNKST] = 0x00c0;
1562 s->bcr[BCR_LED1 ] = 0x0084;
1563 s->bcr[BCR_LED2 ] = 0x0088;
1564 s->bcr[BCR_LED3 ] = 0x0090;
1565 s->bcr[BCR_FDC ] = 0x0000;
1566 s->bcr[BCR_BSBC ] = 0x9001;
1567 s->bcr[BCR_EECAS] = 0x0002;
1568 s->bcr[BCR_SWS ] = 0x0200;
1569 s->bcr[BCR_PLAT ] = 0xff06;
1570
1571 pcnet_s_reset(s);
1572 pcnet_update_irq(s);
1573 pcnet_poll_timer(s);
1574 }
1575
1576 void pcnet_ioport_writew(void *opaque, uint32_t addr, uint32_t val)
1577 {
1578 PCNetState *s = opaque;
1579 pcnet_poll_timer(s);
1580 #ifdef PCNET_DEBUG_IO
1581 printf("pcnet_ioport_writew addr=0x%08x val=0x%04x\n", addr, val);
1582 #endif
1583 if (!BCR_DWIO(s)) {
1584 switch (addr & 0x0f) {
1585 case 0x00: /* RDP */
1586 pcnet_csr_writew(s, s->rap, val);
1587 break;
1588 case 0x02:
1589 s->rap = val & 0x7f;
1590 break;
1591 case 0x06:
1592 pcnet_bcr_writew(s, s->rap, val);
1593 break;
1594 }
1595 }
1596 pcnet_update_irq(s);
1597 }
1598
1599 uint32_t pcnet_ioport_readw(void *opaque, uint32_t addr)
1600 {
1601 PCNetState *s = opaque;
1602 uint32_t val = -1;
1603 pcnet_poll_timer(s);
1604 if (!BCR_DWIO(s)) {
1605 switch (addr & 0x0f) {
1606 case 0x00: /* RDP */
1607 val = pcnet_csr_readw(s, s->rap);
1608 break;
1609 case 0x02:
1610 val = s->rap;
1611 break;
1612 case 0x04:
1613 pcnet_s_reset(s);
1614 val = 0;
1615 break;
1616 case 0x06:
1617 val = pcnet_bcr_readw(s, s->rap);
1618 break;
1619 }
1620 }
1621 pcnet_update_irq(s);
1622 #ifdef PCNET_DEBUG_IO
1623 printf("pcnet_ioport_readw addr=0x%08x val=0x%04x\n", addr, val & 0xffff);
1624 #endif
1625 return val;
1626 }
1627
1628 void pcnet_ioport_writel(void *opaque, uint32_t addr, uint32_t val)
1629 {
1630 PCNetState *s = opaque;
1631 pcnet_poll_timer(s);
1632 #ifdef PCNET_DEBUG_IO
1633 printf("pcnet_ioport_writel addr=0x%08x val=0x%08x\n", addr, val);
1634 #endif
1635 if (BCR_DWIO(s)) {
1636 switch (addr & 0x0f) {
1637 case 0x00: /* RDP */
1638 pcnet_csr_writew(s, s->rap, val & 0xffff);
1639 break;
1640 case 0x04:
1641 s->rap = val & 0x7f;
1642 break;
1643 case 0x0c:
1644 pcnet_bcr_writew(s, s->rap, val & 0xffff);
1645 break;
1646 }
1647 } else
1648 if ((addr & 0x0f) == 0) {
1649 /* switch device to dword i/o mode */
1650 pcnet_bcr_writew(s, BCR_BSBC, pcnet_bcr_readw(s, BCR_BSBC) | 0x0080);
1651 #ifdef PCNET_DEBUG_IO
1652 printf("device switched into dword i/o mode\n");
1653 #endif
1654 }
1655 pcnet_update_irq(s);
1656 }
1657
1658 uint32_t pcnet_ioport_readl(void *opaque, uint32_t addr)
1659 {
1660 PCNetState *s = opaque;
1661 uint32_t val = -1;
1662 pcnet_poll_timer(s);
1663 if (BCR_DWIO(s)) {
1664 switch (addr & 0x0f) {
1665 case 0x00: /* RDP */
1666 val = pcnet_csr_readw(s, s->rap);
1667 break;
1668 case 0x04:
1669 val = s->rap;
1670 break;
1671 case 0x08:
1672 pcnet_s_reset(s);
1673 val = 0;
1674 break;
1675 case 0x0c:
1676 val = pcnet_bcr_readw(s, s->rap);
1677 break;
1678 }
1679 }
1680 pcnet_update_irq(s);
1681 #ifdef PCNET_DEBUG_IO
1682 printf("pcnet_ioport_readl addr=0x%08x val=0x%08x\n", addr, val);
1683 #endif
1684 return val;
1685 }
1686
1687 static bool is_version_2(void *opaque, int version_id)
1688 {
1689 return version_id == 2;
1690 }
1691
1692 const VMStateDescription vmstate_pcnet = {
1693 .name = "pcnet",
1694 .version_id = 3,
1695 .minimum_version_id = 2,
1696 .fields = (VMStateField[]) {
1697 VMSTATE_INT32(rap, PCNetState),
1698 VMSTATE_INT32(isr, PCNetState),
1699 VMSTATE_INT32(lnkst, PCNetState),
1700 VMSTATE_UINT32(rdra, PCNetState),
1701 VMSTATE_UINT32(tdra, PCNetState),
1702 VMSTATE_BUFFER(prom, PCNetState),
1703 VMSTATE_UINT16_ARRAY(csr, PCNetState, 128),
1704 VMSTATE_UINT16_ARRAY(bcr, PCNetState, 32),
1705 VMSTATE_UINT64(timer, PCNetState),
1706 VMSTATE_INT32(xmit_pos, PCNetState),
1707 VMSTATE_BUFFER(buffer, PCNetState),
1708 VMSTATE_UNUSED_TEST(is_version_2, 4),
1709 VMSTATE_INT32(tx_busy, PCNetState),
1710 VMSTATE_TIMER_PTR(poll_timer, PCNetState),
1711 VMSTATE_END_OF_LIST()
1712 }
1713 };
1714
1715 void pcnet_common_init(DeviceState *dev, PCNetState *s, NetClientInfo *info)
1716 {
1717 int i;
1718 uint16_t checksum;
1719
1720 s->poll_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, pcnet_poll_timer, s);
1721
1722 qemu_macaddr_default_if_unset(&s->conf.macaddr);
1723 s->nic = qemu_new_nic(info, &s->conf, object_get_typename(OBJECT(dev)), dev->id, s);
1724 qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a);
1725
1726 /* Initialize the PROM */
1727
1728 /*
1729 Datasheet: http://pdfdata.datasheetsite.com/web/24528/AM79C970A.pdf
1730 page 95
1731 */
1732 memcpy(s->prom, s->conf.macaddr.a, 6);
1733 /* Reserved Location: must be 00h */
1734 s->prom[6] = s->prom[7] = 0x00;
1735 /* Reserved Location: must be 00h */
1736 s->prom[8] = 0x00;
1737 /* Hardware ID: must be 11h if compatibility to AMD drivers is desired */
1738 s->prom[9] = 0x11;
1739 /* User programmable space, init with 0 */
1740 s->prom[10] = s->prom[11] = 0x00;
1741 /* LSByte of two-byte checksum, which is the sum of bytes 00h-0Bh
1742 and bytes 0Eh and 0Fh, must therefore be initialized with 0! */
1743 s->prom[12] = s->prom[13] = 0x00;
1744 /* Must be ASCII W (57h) if compatibility to AMD
1745 driver software is desired */
1746 s->prom[14] = s->prom[15] = 0x57;
1747
1748 for (i = 0, checksum = 0; i < 16; i++) {
1749 checksum += s->prom[i];
1750 }
1751 *(uint16_t *)&s->prom[12] = cpu_to_le16(checksum);
1752
1753 s->lnkst = 0x40; /* initial link state: up */
1754 }