2 * SMSC 91C111 Ethernet interface emulation
4 * Copyright (c) 2005 CodeSourcery, LLC.
5 * Written by Paul Brook
7 * This code is licenced under the GPL
16 /* Number of 2k memory pages available. */
33 /* Bitmask of allocated packets. */
36 int tx_fifo[NUM_PACKETS];
38 int rx_fifo[NUM_PACKETS];
40 int tx_fifo_done[NUM_PACKETS];
41 /* Packet buffer memory. */
42 uint8_t data[NUM_PACKETS][2048];
48 #define RCR_SOFT_RST 0x8000
49 #define RCR_STRIP_CRC 0x0200
50 #define RCR_RXEN 0x0100
52 #define TCR_EPH_LOOP 0x2000
53 #define TCR_NOCRC 0x0100
54 #define TCR_PAD_EN 0x0080
55 #define TCR_FORCOL 0x0004
56 #define TCR_LOOP 0x0002
57 #define TCR_TXEN 0x0001
62 #define INT_RX_OVRN 0x10
63 #define INT_ALLOC 0x08
64 #define INT_TX_EMPTY 0x04
68 #define CTR_AUTO_RELEASE 0x0800
69 #define CTR_RELOAD 0x0002
70 #define CTR_STORE 0x0001
72 #define RS_ALGNERR 0x8000
73 #define RS_BRODCAST 0x4000
74 #define RS_BADCRC 0x2000
75 #define RS_ODDFRAME 0x1000
76 #define RS_TOOLONG 0x0800
77 #define RS_TOOSHORT 0x0400
78 #define RS_MULTICAST 0x0001
80 /* Update interrupt status. */
81 static void smc91c111_update(smc91c111_state *s)
85 if (s->tx_fifo_len == 0)
86 s->int_level |= INT_TX_EMPTY;
87 if (s->tx_fifo_done_len != 0)
88 s->int_level |= INT_TX;
89 level = (s->int_level & s->int_mask) != 0;
90 qemu_set_irq(s->irq, level);
93 /* Try to allocate a packet. Returns 0x80 on failure. */
94 static int smc91c111_allocate_packet(smc91c111_state *s)
97 if (s->allocated == (1 << NUM_PACKETS) - 1) {
101 for (i = 0; i < NUM_PACKETS; i++) {
102 if ((s->allocated & (1 << i)) == 0)
105 s->allocated |= 1 << i;
110 /* Process a pending TX allocate. */
111 static void smc91c111_tx_alloc(smc91c111_state *s)
113 s->tx_alloc = smc91c111_allocate_packet(s);
114 if (s->tx_alloc == 0x80)
116 s->int_level |= INT_ALLOC;
120 /* Remove and item from the RX FIFO. */
121 static void smc91c111_pop_rx_fifo(smc91c111_state *s)
126 if (s->rx_fifo_len) {
127 for (i = 0; i < s->rx_fifo_len; i++)
128 s->rx_fifo[i] = s->rx_fifo[i + 1];
129 s->int_level |= INT_RCV;
131 s->int_level &= ~INT_RCV;
136 /* Remove an item from the TX completion FIFO. */
137 static void smc91c111_pop_tx_fifo_done(smc91c111_state *s)
141 if (s->tx_fifo_done_len == 0)
143 s->tx_fifo_done_len--;
144 for (i = 0; i < s->tx_fifo_done_len; i++)
145 s->tx_fifo_done[i] = s->tx_fifo_done[i + 1];
148 /* Release the memory allocated to a packet. */
149 static void smc91c111_release_packet(smc91c111_state *s, int packet)
151 s->allocated &= ~(1 << packet);
152 if (s->tx_alloc == 0x80)
153 smc91c111_tx_alloc(s);
156 /* Flush the TX FIFO. */
157 static void smc91c111_do_tx(smc91c111_state *s)
166 if ((s->tcr & TCR_TXEN) == 0)
168 if (s->tx_fifo_len == 0)
170 for (i = 0; i < s->tx_fifo_len; i++) {
171 packetnum = s->tx_fifo[i];
172 p = &s->data[packetnum][0];
173 /* Set status word. */
177 len |= ((int)*(p++)) << 8;
179 control = p[len + 1];
182 /* ??? This overwrites the data following the buffer.
183 Don't know what real hardware does. */
184 if (len < 64 && (s->tcr & TCR_PAD_EN)) {
185 memset(p + len, 0, 64 - len);
189 /* The card is supposed to append the CRC to the frame. However
190 none of the other network traffic has the CRC appended.
191 Suspect this is low level ethernet detail we don't need to worry
193 add_crc = (control & 0x10) || (s->tcr & TCR_NOCRC) == 0;
197 crc = crc32(~0, p, len);
198 memcpy(p + len, &crc, 4);
204 if (s->ctr & CTR_AUTO_RELEASE)
206 smc91c111_release_packet(s, packetnum);
207 else if (s->tx_fifo_done_len < NUM_PACKETS)
208 s->tx_fifo_done[s->tx_fifo_done_len++] = packetnum;
209 qemu_send_packet(s->vc, p, len);
215 /* Add a packet to the TX FIFO. */
216 static void smc91c111_queue_tx(smc91c111_state *s, int packet)
218 if (s->tx_fifo_len == NUM_PACKETS)
220 s->tx_fifo[s->tx_fifo_len++] = packet;
224 static void smc91c111_reset(smc91c111_state *s)
228 s->tx_fifo_done_len = 0;
239 s->int_level = INT_TX_EMPTY;
244 #define SET_LOW(name, val) s->name = (s->name & 0xff00) | val
245 #define SET_HIGH(name, val) s->name = (s->name & 0xff) | (val << 8)
247 static void smc91c111_writeb(void *opaque, target_phys_addr_t offset,
250 smc91c111_state *s = (smc91c111_state *)opaque;
266 SET_HIGH(tcr, value);
272 SET_HIGH(rcr, value);
273 if (s->rcr & RCR_SOFT_RST)
276 case 10: case 11: /* RPCR */
290 case 2: case 3: /* BASE */
291 case 4: case 5: case 6: case 7: case 8: case 9: /* IA */
292 /* Not implemented. */
294 case 10: /* Genral Purpose */
298 SET_HIGH(gpr, value);
300 case 12: /* Control */
302 fprintf(stderr, "smc91c111:EEPROM store not implemented\n");
304 fprintf(stderr, "smc91c111:EEPROM reload not implemented\n");
309 SET_HIGH(ctr, value);
316 case 0: /* MMU Command */
317 switch (value >> 5) {
320 case 1: /* Allocate for TX. */
322 s->int_level &= ~INT_ALLOC;
324 smc91c111_tx_alloc(s);
326 case 2: /* Reset MMU. */
329 s->tx_fifo_done_len = 0;
333 case 3: /* Remove from RX FIFO. */
334 smc91c111_pop_rx_fifo(s);
336 case 4: /* Remove from RX FIFO and release. */
337 if (s->rx_fifo_len > 0) {
338 smc91c111_release_packet(s, s->rx_fifo[0]);
340 smc91c111_pop_rx_fifo(s);
342 case 5: /* Release. */
343 smc91c111_release_packet(s, s->packet_num);
345 case 6: /* Add to TX FIFO. */
346 smc91c111_queue_tx(s, s->packet_num);
348 case 7: /* Reset TX FIFO. */
350 s->tx_fifo_done_len = 0;
357 case 2: /* Packet Number Register */
358 s->packet_num = value;
360 case 3: case 4: case 5:
361 /* Should be readonly, but linux writes to them anyway. Ignore. */
363 case 6: /* Pointer */
367 SET_HIGH(ptr, value);
369 case 8: case 9: case 10: case 11: /* Data */
379 if (s->ptr & 0x4000) {
380 s->ptr = (s->ptr & 0xf800) | ((s->ptr + 1) & 0x7ff);
384 s->data[n][p] = value;
387 case 12: /* Interrupt ACK. */
388 s->int_level &= ~(value & 0xd6);
390 smc91c111_pop_tx_fifo_done(s);
393 case 13: /* Interrupt mask. */
402 case 0: case 1: case 2: case 3: case 4: case 5: case 6: case 7:
403 /* Multicast table. */
404 /* Not implemented. */
406 case 8: case 9: /* Management Interface. */
407 /* Not implemented. */
409 case 12: /* Early receive. */
410 s->ercv = value & 0x1f;
417 cpu_abort (cpu_single_env, "smc91c111_write: Bad reg %d:%x\n",
418 s->bank, (int)offset);
421 static uint32_t smc91c111_readb(void *opaque, target_phys_addr_t offset)
423 smc91c111_state *s = (smc91c111_state *)opaque;
435 return s->tcr & 0xff;
438 case 2: /* EPH Status */
443 return s->rcr & 0xff;
446 case 6: /* Counter */
448 /* Not implemented. */
450 case 8: /* Memory size. */
452 case 9: /* Free memory available. */
457 for (i = 0; i < NUM_PACKETS; i++) {
458 if (s->allocated & (1 << i))
463 case 10: case 11: /* RPCR */
464 /* Not implemented. */
475 case 2: case 3: /* BASE */
476 /* Not implemented. */
478 case 4: case 5: case 6: case 7: case 8: case 9: /* IA */
479 return s->macaddr[offset - 4];
480 case 10: /* General Purpose */
481 return s->gpr & 0xff;
484 case 12: /* Control */
485 return s->ctr & 0xff;
493 case 0: case 1: /* MMUCR Busy bit. */
495 case 2: /* Packet Number. */
496 return s->packet_num;
497 case 3: /* Allocation Result. */
499 case 4: /* TX FIFO */
500 if (s->tx_fifo_done_len == 0)
503 return s->tx_fifo_done[0];
504 case 5: /* RX FIFO */
505 if (s->rx_fifo_len == 0)
508 return s->rx_fifo[0];
509 case 6: /* Pointer */
510 return s->ptr & 0xff;
512 return (s->ptr >> 8) & 0xf7;
513 case 8: case 9: case 10: case 11: /* Data */
523 if (s->ptr & 0x4000) {
524 s->ptr = (s->ptr & 0xf800) | ((s->ptr + 1) & 0x07ff);
528 return s->data[n][p];
530 case 12: /* Interrupt status. */
532 case 13: /* Interrupt mask. */
539 case 0: case 1: case 2: case 3: case 4: case 5: case 6: case 7:
540 /* Multicast table. */
541 /* Not implemented. */
543 case 8: /* Management Interface. */
544 /* Not implemented. */
548 case 10: /* Revision. */
559 cpu_abort (cpu_single_env, "smc91c111_read: Bad reg %d:%x\n",
560 s->bank, (int)offset);
564 static void smc91c111_writew(void *opaque, target_phys_addr_t offset,
567 smc91c111_writeb(opaque, offset, value & 0xff);
568 smc91c111_writeb(opaque, offset + 1, value >> 8);
571 static void smc91c111_writel(void *opaque, target_phys_addr_t offset,
574 smc91c111_state *s = (smc91c111_state *)opaque;
575 /* 32-bit writes to offset 0xc only actually write to the bank select
576 register (offset 0xe) */
577 if (offset != s->base + 0xc)
578 smc91c111_writew(opaque, offset, value & 0xffff);
579 smc91c111_writew(opaque, offset + 2, value >> 16);
582 static uint32_t smc91c111_readw(void *opaque, target_phys_addr_t offset)
585 val = smc91c111_readb(opaque, offset);
586 val |= smc91c111_readb(opaque, offset + 1) << 8;
590 static uint32_t smc91c111_readl(void *opaque, target_phys_addr_t offset)
593 val = smc91c111_readw(opaque, offset);
594 val |= smc91c111_readw(opaque, offset + 2) << 16;
598 static int smc91c111_can_receive(void *opaque)
600 smc91c111_state *s = (smc91c111_state *)opaque;
602 if ((s->rcr & RCR_RXEN) == 0 || (s->rcr & RCR_SOFT_RST))
604 if (s->allocated == (1 << NUM_PACKETS) - 1)
609 static void smc91c111_receive(void *opaque, const uint8_t *buf, int size)
611 smc91c111_state *s = (smc91c111_state *)opaque;
618 if ((s->rcr & RCR_RXEN) == 0 || (s->rcr & RCR_SOFT_RST))
620 /* Short packets are padded with zeros. Receiving a packet
621 < 64 bytes long is considered an error condition. */
625 packetsize = (size & ~1);
627 crc = (s->rcr & RCR_STRIP_CRC) == 0;
630 /* TODO: Flag overrun and receive errors. */
631 if (packetsize > 2048)
633 packetnum = smc91c111_allocate_packet(s);
634 if (packetnum == 0x80)
636 s->rx_fifo[s->rx_fifo_len++] = packetnum;
638 p = &s->data[packetnum][0];
639 /* ??? Multicast packets? */
642 status |= RS_TOOLONG;
644 status |= RS_ODDFRAME;
645 *(p++) = status & 0xff;
646 *(p++) = status >> 8;
647 *(p++) = packetsize & 0xff;
648 *(p++) = packetsize >> 8;
649 memcpy(p, buf, size & ~1);
651 /* Pad short packets. */
656 *(p++) = buf[size - 1];
662 /* It's not clear if the CRC should go before or after the last byte in
663 odd sized packets. Linux disables the CRC, so that's no help.
664 The pictures in the documentation show the CRC aligned on a 16-bit
665 boundary before the last odd byte, so that's what we do. */
667 crc = crc32(~0, buf, size);
668 *(p++) = crc & 0xff; crc >>= 8;
669 *(p++) = crc & 0xff; crc >>= 8;
670 *(p++) = crc & 0xff; crc >>= 8;
671 *(p++) = crc & 0xff; crc >>= 8;
674 *(p++) = buf[size - 1];
680 /* TODO: Raise early RX interrupt? */
681 s->int_level |= INT_RCV;
685 static CPUReadMemoryFunc *smc91c111_readfn[] = {
691 static CPUWriteMemoryFunc *smc91c111_writefn[] = {
697 void smc91c111_init(NICInfo *nd, uint32_t base, qemu_irq irq)
702 s = (smc91c111_state *)qemu_mallocz(sizeof(smc91c111_state));
703 iomemtype = cpu_register_io_memory(0, smc91c111_readfn,
704 smc91c111_writefn, s);
705 cpu_register_physical_memory(base, 16, iomemtype);
708 memcpy(s->macaddr, nd->macaddr, 6);
712 s->vc = qemu_new_vlan_client(nd->vlan, smc91c111_receive,
713 smc91c111_can_receive, s);
714 /* ??? Save/restore. */
projects / qemu / blob