]> Git Repo - qemu.git/blame - hw/sd/sd.c
projects / qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Merge remote-tracking branch 'remotes/sstabellini/tags/xen-2015-12-22' into staging
[qemu.git] / hw / sd / sd.c
CommitLineData
5fafdf24 1/*
a1bb27b1
PB		 2 * SD Memory Card emulation as defined in the "SD Memory Card Physical
3 * layer specification, Version 1.10."
4 *
5 * Copyright (c) 2006 Andrzej Zaborowski <[email protected]>
6 * Copyright (c) 2007 CodeSourcery
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in
16 * the documentation and/or other materials provided with the
17 * distribution.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS''
20 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
21 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
22 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR
23 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
24 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
25 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
26 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
27 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
28 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
29 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
30 */
31
83c9f4ca 32#include "hw/hw.h"
4be74634 33#include "sysemu/block-backend.h"
e3382ef0 34#include "hw/sd/sd.h"
1de7afc9 35#include "qemu/bitmap.h"
a1bb27b1
PB		 36
37//#define DEBUG_SD 1
38
39#ifdef DEBUG_SD
001faf32
BS		 40#define DPRINTF(fmt, ...) \
41do { fprintf(stderr, "SD: " fmt , ## __VA_ARGS__); } while (0)
a1bb27b1 42#else
001faf32 43#define DPRINTF(fmt, ...) do {} while(0)
a1bb27b1
PB		 44#endif
45
37ab4a56
PC		 46#define ACMD41_ENQUIRY_MASK 0x00ffffff
47
a1bb27b1
PB		 48typedef enum {
49 sd_r0 = 0, /* no response */
50 sd_r1, /* normal response command */
51 sd_r2_i, /* CID register */
52 sd_r2_s, /* CSD register */
53 sd_r3, /* OCR register */
54 sd_r6 = 6, /* Published RCA response */
1b088995 55 sd_r7, /* Operating voltage */
a1bb27b1 56 sd_r1b = -1,
53bb8cc4 57 sd_illegal = -2,
c227f099 58} sd_rsp_type_t;
a1bb27b1 59
50a5be6c
IM		 60enum SDCardModes {
61 sd_inactive,
62 sd_card_identification_mode,
63 sd_data_transfer_mode,
64};
65
66enum SDCardStates {
67 sd_inactive_state = -1,
68 sd_idle_state = 0,
69 sd_ready_state,
70 sd_identification_state,
71 sd_standby_state,
72 sd_transfer_state,
73 sd_sendingdata_state,
74 sd_receivingdata_state,
75 sd_programming_state,
76 sd_disconnect_state,
77};
78
a1bb27b1 79struct SDState {
50a5be6c
IM		 80 uint32_t mode; /* current card mode, one of SDCardModes */
81 int32_t state; /* current card state, one of SDCardStates */
a1bb27b1
PB		 82 uint32_t ocr;
83 uint8_t scr[8];
84 uint8_t cid[16];
85 uint8_t csd[16];
86 uint16_t rca;
87 uint32_t card_status;
88 uint8_t sd_status[64];
1b088995 89 uint32_t vhs;
bebd1271 90 bool wp_switch;
a9c01830 91 unsigned long *wp_groups;
50a5be6c 92 int32_t wpgrps_size;
2d7adea4 93 uint64_t size;
50a5be6c 94 uint32_t blk_len;
a1bb27b1
PB		 95 uint32_t erase_start;
96 uint32_t erase_end;
97 uint8_t pwd[16];
50a5be6c
IM		 98 uint32_t pwd_len;
99 uint8_t function_group[6];
a1bb27b1 100
bebd1271 101 bool spi;
50a5be6c 102 uint8_t current_cmd;
1d06cb7a
PM		 103 /* True if we will handle the next command as an ACMD. Note that this does
104 * *not* track the APP_CMD status bit!
105 */
bebd1271 106 bool expecting_acmd;
50a5be6c 107 uint32_t blk_written;
2d7adea4 108 uint64_t data_start;
a1bb27b1
PB		 109 uint32_t data_offset;
110 uint8_t data[512];
02ce600c
AZ		 111 qemu_irq readonly_cb;
112 qemu_irq inserted_cb;
4be74634 113 BlockBackend *blk;
33f00271 114 uint8_t *buf;
827df9f3 115
bebd1271 116 bool enable;
a1bb27b1
PB		 117};
118
10a412da 119static void sd_set_mode(SDState *sd)
a1bb27b1
PB		 120{
121 switch (sd->state) {
122 case sd_inactive_state:
123 sd->mode = sd_inactive;
124 break;
125
126 case sd_idle_state:
127 case sd_ready_state:
128 case sd_identification_state:
129 sd->mode = sd_card_identification_mode;
130 break;
131
132 case sd_standby_state:
133 case sd_transfer_state:
134 case sd_sendingdata_state:
135 case sd_receivingdata_state:
136 case sd_programming_state:
137 case sd_disconnect_state:
138 sd->mode = sd_data_transfer_mode;
139 break;
140 }
a1bb27b1
PB		 141}
142
c227f099 143static const sd_cmd_type_t sd_cmd_type[64] = {
a1bb27b1 144 sd_bc, sd_none, sd_bcr, sd_bcr, sd_none, sd_none, sd_none, sd_ac,
1b088995 145 sd_bcr, sd_ac, sd_ac, sd_adtc, sd_ac, sd_ac, sd_none, sd_ac,
a1bb27b1
PB		 146 sd_ac, sd_adtc, sd_adtc, sd_none, sd_none, sd_none, sd_none, sd_none,
147 sd_adtc, sd_adtc, sd_adtc, sd_adtc, sd_ac, sd_ac, sd_adtc, sd_none,
148 sd_ac, sd_ac, sd_none, sd_none, sd_none, sd_none, sd_ac, sd_none,
149 sd_none, sd_none, sd_bc, sd_none, sd_none, sd_none, sd_none, sd_none,
150 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_ac,
151 sd_adtc, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
152};
153
a1bb27b1
PB		 154static const int sd_cmd_class[64] = {
155 0, 0, 0, 0, 0, 9, 10, 0, 0, 0, 0, 1, 0, 0, 0, 0,
156 2, 2, 2, 2, 3, 3, 3, 3, 4, 4, 4, 4, 6, 6, 6, 6,
157 5, 5, 10, 10, 10, 10, 5, 9, 9, 9, 7, 7, 7, 7, 7, 7,
158 7, 7, 10, 7, 9, 9, 9, 8, 8, 10, 8, 8, 8, 8, 8, 8,
159};
160
161static uint8_t sd_crc7(void *message, size_t width)
162{
163 int i, bit;
164 uint8_t shift_reg = 0x00;
165 uint8_t *msg = (uint8_t *) message;
166
167 for (i = 0; i < width; i ++, msg ++)
168 for (bit = 7; bit >= 0; bit --) {
169 shift_reg <<= 1;
170 if ((shift_reg >> 7) ^ ((*msg >> bit) & 1))
171 shift_reg ^= 0x89;
172 }
173
174 return shift_reg;
175}
176
177static uint16_t sd_crc16(void *message, size_t width)
178{
179 int i, bit;
180 uint16_t shift_reg = 0x0000;
181 uint16_t *msg = (uint16_t *) message;
182 width <<= 1;
183
184 for (i = 0; i < width; i ++, msg ++)
185 for (bit = 15; bit >= 0; bit --) {
186 shift_reg <<= 1;
187 if ((shift_reg >> 15) ^ ((*msg >> bit) & 1))
188 shift_reg ^= 0x1011;
189 }
190
191 return shift_reg;
192}
193
194static void sd_set_ocr(SDState *sd)
195{
1b088995 196 /* All voltages OK, card power-up OK, Standard Capacity SD Memory Card */
829ef7b0 197 sd->ocr = 0x80ffff00;
a1bb27b1
PB		 198}
199
200static void sd_set_scr(SDState *sd)
201{
202 sd->scr[0] = 0x00; /* SCR Structure */
203 sd->scr[1] = 0x2f; /* SD Security Support */
204 sd->scr[2] = 0x00;
205 sd->scr[3] = 0x00;
206 sd->scr[4] = 0x00;
207 sd->scr[5] = 0x00;
208 sd->scr[6] = 0x00;
209 sd->scr[7] = 0x00;
210}
211
212#define MID 0xaa
213#define OID "XY"
214#define PNM "QEMU!"
215#define PRV 0x01
216#define MDT_YR 2006
217#define MDT_MON 2
218
219static void sd_set_cid(SDState *sd)
220{
221 sd->cid[0] = MID; /* Fake card manufacturer ID (MID) */
222 sd->cid[1] = OID[0]; /* OEM/Application ID (OID) */
223 sd->cid[2] = OID[1];
224 sd->cid[3] = PNM[0]; /* Fake product name (PNM) */
225 sd->cid[4] = PNM[1];
226 sd->cid[5] = PNM[2];
227 sd->cid[6] = PNM[3];
228 sd->cid[7] = PNM[4];
229 sd->cid[8] = PRV; /* Fake product revision (PRV) */
230 sd->cid[9] = 0xde; /* Fake serial number (PSN) */
231 sd->cid[10] = 0xad;
232 sd->cid[11] = 0xbe;
233 sd->cid[12] = 0xef;
234 sd->cid[13] = 0x00 | /* Manufacture date (MDT) */
235 ((MDT_YR - 2000) / 10);
236 sd->cid[14] = ((MDT_YR % 10) << 4) | MDT_MON;
237 sd->cid[15] = (sd_crc7(sd->cid, 15) << 1) | 1;
238}
239
240#define HWBLOCK_SHIFT 9 /* 512 bytes */
241#define SECTOR_SHIFT 5 /* 16 kilobytes */
242#define WPGROUP_SHIFT 7 /* 2 megs */
243#define CMULT_SHIFT 9 /* 512 times HWBLOCK_SIZE */
a1bb27b1
PB		 244#define WPGROUP_SIZE (1 << (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT))
245
246static const uint8_t sd_csd_rw_mask[16] = {
247 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
248 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xfc, 0xfe,
249};
250
2d7adea4 251static void sd_set_csd(SDState *sd, uint64_t size)
a1bb27b1
PB		 252{
253 uint32_t csize = (size >> (CMULT_SHIFT + HWBLOCK_SHIFT)) - 1;
254 uint32_t sectsize = (1 << (SECTOR_SHIFT + 1)) - 1;
255 uint32_t wpsize = (1 << (WPGROUP_SHIFT + 1)) - 1;
256
2d7adea4
AZ		 257 if (size <= 0x40000000) { /* Standard Capacity SD */
258 sd->csd[0] = 0x00; /* CSD structure */
259 sd->csd[1] = 0x26; /* Data read access-time-1 */
260 sd->csd[2] = 0x00; /* Data read access-time-2 */
261 sd->csd[3] = 0x5a; /* Max. data transfer rate */
262 sd->csd[4] = 0x5f; /* Card Command Classes */
263 sd->csd[5] = 0x50 | /* Max. read data block length */
264 HWBLOCK_SHIFT;
265 sd->csd[6] = 0xe0 | /* Partial block for read allowed */
266 ((csize >> 10) & 0x03);
267 sd->csd[7] = 0x00 | /* Device size */
268 ((csize >> 2) & 0xff);
269 sd->csd[8] = 0x3f | /* Max. read current */
270 ((csize << 6) & 0xc0);
271 sd->csd[9] = 0xfc | /* Max. write current */
272 ((CMULT_SHIFT - 2) >> 1);
273 sd->csd[10] = 0x40 | /* Erase sector size */
274 (((CMULT_SHIFT - 2) << 7) & 0x80) | (sectsize >> 1);
275 sd->csd[11] = 0x00 | /* Write protect group size */
276 ((sectsize << 7) & 0x80) | wpsize;
277 sd->csd[12] = 0x90 | /* Write speed factor */
278 (HWBLOCK_SHIFT >> 2);
279 sd->csd[13] = 0x20 | /* Max. write data block length */
280 ((HWBLOCK_SHIFT << 6) & 0xc0);
281 sd->csd[14] = 0x00; /* File format group */
282 sd->csd[15] = (sd_crc7(sd->csd, 15) << 1) | 1;
283 } else { /* SDHC */
284 size /= 512 * 1024;
285 size -= 1;
286 sd->csd[0] = 0x40;
287 sd->csd[1] = 0x0e;
288 sd->csd[2] = 0x00;
289 sd->csd[3] = 0x32;
290 sd->csd[4] = 0x5b;
291 sd->csd[5] = 0x59;
292 sd->csd[6] = 0x00;
293 sd->csd[7] = (size >> 16) & 0xff;
294 sd->csd[8] = (size >> 8) & 0xff;
295 sd->csd[9] = (size & 0xff);
296 sd->csd[10] = 0x7f;
297 sd->csd[11] = 0x80;
298 sd->csd[12] = 0x0a;
299 sd->csd[13] = 0x40;
300 sd->csd[14] = 0x00;
301 sd->csd[15] = 0x00;
e03ba136 302 sd->ocr |= 1 << 30; /* High Capacity SD Memory Card */
2d7adea4 303 }
a1bb27b1
PB		 304}
305
306static void sd_set_rca(SDState *sd)
307{
308 sd->rca += 0x4567;
309}
310
b8d334c8
PM		 311/* Card status bits, split by clear condition:
312 * A : According to the card current state
313 * B : Always related to the previous command
314 * C : Cleared by read
315 */
a1bb27b1
PB		 316#define CARD_STATUS_A 0x02004100
317#define CARD_STATUS_B 0x00c01e00
318#define CARD_STATUS_C 0xfd39a028
319
320static void sd_set_cardstatus(SDState *sd)
321{
322 sd->card_status = 0x00000100;
323}
324
325static void sd_set_sdstatus(SDState *sd)
326{
327 memset(sd->sd_status, 0, 64);
328}
329
bc24a225 330static int sd_req_crc_validate(SDRequest *req)
a1bb27b1
PB		 331{
332 uint8_t buffer[5];
333 buffer[0] = 0x40 | req->cmd;
334 buffer[1] = (req->arg >> 24) & 0xff;
335 buffer[2] = (req->arg >> 16) & 0xff;
336 buffer[3] = (req->arg >> 8) & 0xff;
337 buffer[4] = (req->arg >> 0) & 0xff;
338 return 0;
339 return sd_crc7(buffer, 5) != req->crc; /* TODO */
340}
341
10a412da 342static void sd_response_r1_make(SDState *sd, uint8_t *response)
a1bb27b1 343{
10a412da 344 uint32_t status = sd->card_status;
1d06cb7a
PM		 345 /* Clear the "clear on read" status bits */
346 sd->card_status &= ~CARD_STATUS_C;
a1bb27b1
PB		 347
348 response[0] = (status >> 24) & 0xff;
349 response[1] = (status >> 16) & 0xff;
350 response[2] = (status >> 8) & 0xff;
351 response[3] = (status >> 0) & 0xff;
352}
353
9596ebb7 354static void sd_response_r3_make(SDState *sd, uint8_t *response)
a1bb27b1
PB		 355{
356 response[0] = (sd->ocr >> 24) & 0xff;
357 response[1] = (sd->ocr >> 16) & 0xff;
358 response[2] = (sd->ocr >> 8) & 0xff;
359 response[3] = (sd->ocr >> 0) & 0xff;
360}
361
9596ebb7 362static void sd_response_r6_make(SDState *sd, uint8_t *response)
a1bb27b1
PB		 363{
364 uint16_t arg;
365 uint16_t status;
366
367 arg = sd->rca;
368 status = ((sd->card_status >> 8) & 0xc000) |
369 ((sd->card_status >> 6) & 0x2000) |
370 (sd->card_status & 0x1fff);
fcfa9351 371 sd->card_status &= ~(CARD_STATUS_C & 0xc81fff);
a1bb27b1
PB		 372
373 response[0] = (arg >> 8) & 0xff;
374 response[1] = arg & 0xff;
375 response[2] = (status >> 8) & 0xff;
376 response[3] = status & 0xff;
377}
378
1b088995
AZ		 379static void sd_response_r7_make(SDState *sd, uint8_t *response)
380{
381 response[0] = (sd->vhs >> 24) & 0xff;
382 response[1] = (sd->vhs >> 16) & 0xff;
383 response[2] = (sd->vhs >> 8) & 0xff;
384 response[3] = (sd->vhs >> 0) & 0xff;
385}
386
b7202b88
MI		 387static inline uint64_t sd_addr_to_wpnum(uint64_t addr)
388{
389 return addr >> (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT);
390}
391
16b781aa 392static void sd_reset(SDState *sd)
a1bb27b1 393{
2d7adea4 394 uint64_t size;
a1bb27b1
PB		 395 uint64_t sect;
396
16b781aa
PM		 397 if (sd->blk) {
398 blk_get_geometry(sd->blk, &sect);
03f311ed
PB		 399 } else {
400 sect = 0;
401 }
5e37141b 402 size = sect << 9;
a1bb27b1 403
b7202b88 404 sect = sd_addr_to_wpnum(size) + 1;
a1bb27b1
PB		 405
406 sd->state = sd_idle_state;
407 sd->rca = 0x0000;
408 sd_set_ocr(sd);
409 sd_set_scr(sd);
410 sd_set_cid(sd);
411 sd_set_csd(sd, size);
412 sd_set_cardstatus(sd);
413 sd_set_sdstatus(sd);
414
ef1e1e07 415 g_free(sd->wp_groups);
16b781aa 416 sd->wp_switch = sd->blk ? blk_is_read_only(sd->blk) : false;
50a5be6c
IM		 417 sd->wpgrps_size = sect;
418 sd->wp_groups = bitmap_new(sd->wpgrps_size);
419 memset(sd->function_group, 0, sizeof(sd->function_group));
a1bb27b1
PB		 420 sd->erase_start = 0;
421 sd->erase_end = 0;
422 sd->size = size;
423 sd->blk_len = 0x200;
424 sd->pwd_len = 0;
bebd1271 425 sd->expecting_acmd = false;
a1bb27b1
PB		 426}
427
7d4b4ba5 428static void sd_cardchange(void *opaque, bool load)
a1bb27b1
PB		 429{
430 SDState *sd = opaque;
db97ee6a 431
4be74634
MA		 432 qemu_set_irq(sd->inserted_cb, blk_is_inserted(sd->blk));
433 if (blk_is_inserted(sd->blk)) {
16b781aa 434 sd_reset(sd);
257514dd 435 qemu_set_irq(sd->readonly_cb, sd->wp_switch);
a1bb27b1
PB		 436 }
437}
438
0e49de52 439static const BlockDevOps sd_block_ops = {
145feb17 440 .change_media_cb = sd_cardchange,
0e49de52
MA		 441};
442
50a5be6c
IM		 443static const VMStateDescription sd_vmstate = {
444 .name = "sd-card",
445 .version_id = 1,
446 .minimum_version_id = 1,
447 .fields = (VMStateField[]) {
448 VMSTATE_UINT32(mode, SDState),
449 VMSTATE_INT32(state, SDState),
450 VMSTATE_UINT8_ARRAY(cid, SDState, 16),
451 VMSTATE_UINT8_ARRAY(csd, SDState, 16),
452 VMSTATE_UINT16(rca, SDState),
453 VMSTATE_UINT32(card_status, SDState),
454 VMSTATE_PARTIAL_BUFFER(sd_status, SDState, 1),
455 VMSTATE_UINT32(vhs, SDState),
456 VMSTATE_BITMAP(wp_groups, SDState, 0, wpgrps_size),
457 VMSTATE_UINT32(blk_len, SDState),
458 VMSTATE_UINT32(erase_start, SDState),
459 VMSTATE_UINT32(erase_end, SDState),
460 VMSTATE_UINT8_ARRAY(pwd, SDState, 16),
461 VMSTATE_UINT32(pwd_len, SDState),
462 VMSTATE_UINT8_ARRAY(function_group, SDState, 6),
463 VMSTATE_UINT8(current_cmd, SDState),
464 VMSTATE_BOOL(expecting_acmd, SDState),
465 VMSTATE_UINT32(blk_written, SDState),
466 VMSTATE_UINT64(data_start, SDState),
467 VMSTATE_UINT32(data_offset, SDState),
468 VMSTATE_UINT8_ARRAY(data, SDState, 512),
5f00679e 469 VMSTATE_BUFFER_POINTER_UNSAFE(buf, SDState, 1, 512),
50a5be6c
IM		 470 VMSTATE_BOOL(enable, SDState),
471 VMSTATE_END_OF_LIST()
472 }
473};
474
775616c3 475/* We do not model the chip select pin, so allow the board to select
8ef6367e 476 whether card should be in SSI or MMC/SD mode. It is also up to the
775616c3
PB		 477 board to ensure that ssi transfers only occur when the chip select
478 is asserted. */
4be74634 479SDState *sd_init(BlockBackend *blk, bool is_spi)
a1bb27b1
PB		 480{
481 SDState *sd;
482
4be74634 483 if (blk && blk_is_read_only(blk)) {
4f8a066b
KW		 484 fprintf(stderr, "sd_init: Cannot use read-only drive\n");
485 return NULL;
486 }
487
7267c094 488 sd = (SDState *) g_malloc0(sizeof(SDState));
4be74634 489 sd->buf = blk_blockalign(blk, 512);
775616c3 490 sd->spi = is_spi;
bebd1271 491 sd->enable = true;
16b781aa
PM		 492 sd->blk = blk;
493 sd_reset(sd);
4be74634 494 if (sd->blk) {
5ec911c3
KC		 495 /* Attach dev if not already attached. (This call ignores an
496 * error return code if sd->blk is already attached.) */
ba306c7a 497 /* FIXME ignoring blk_attach_dev() failure is dangerously brittle */
5ec911c3 498 blk_attach_dev(sd->blk, sd);
4be74634 499 blk_set_dev_ops(sd->blk, &sd_block_ops, sd);
03f311ed 500 }
50a5be6c 501 vmstate_register(NULL, -1, &sd_vmstate, sd);
a1bb27b1
PB		 502 return sd;
503}
504
02ce600c 505void sd_set_cb(SDState *sd, qemu_irq readonly, qemu_irq insert)
a1bb27b1 506{
02ce600c
AZ		 507 sd->readonly_cb = readonly;
508 sd->inserted_cb = insert;
4be74634
MA		 509 qemu_set_irq(readonly, sd->blk ? blk_is_read_only(sd->blk) : 0);
510 qemu_set_irq(insert, sd->blk ? blk_is_inserted(sd->blk) : 0);
a1bb27b1
PB		 511}
512
513static void sd_erase(SDState *sd)
514{
f2d189d3
IM		 515 int i;
516 uint64_t erase_start = sd->erase_start;
517 uint64_t erase_end = sd->erase_end;
518
a1bb27b1
PB		 519 if (!sd->erase_start || !sd->erase_end) {
520 sd->card_status |= ERASE_SEQ_ERROR;
521 return;
522 }
523
f2d189d3
IM		 524 if (extract32(sd->ocr, OCR_CCS_BITN, 1)) {
525 /* High capacity memory card: erase units are 512 byte blocks */
526 erase_start *= 512;
527 erase_end *= 512;
528 }
529
530 erase_start = sd_addr_to_wpnum(erase_start);
531 erase_end = sd_addr_to_wpnum(erase_end);
a1bb27b1
PB		 532 sd->erase_start = 0;
533 sd->erase_end = 0;
534 sd->csd[14] |= 0x40;
535
f2d189d3 536 for (i = erase_start; i <= erase_end; i++) {
a9c01830 537 if (test_bit(i, sd->wp_groups)) {
a1bb27b1 538 sd->card_status |= WP_ERASE_SKIP;
a9c01830
MI		 539 }
540 }
a1bb27b1
PB		 541}
542
2d7adea4 543static uint32_t sd_wpbits(SDState *sd, uint64_t addr)
a1bb27b1
PB		 544{
545 uint32_t i, wpnum;
546 uint32_t ret = 0;
547
b7202b88 548 wpnum = sd_addr_to_wpnum(addr);
a1bb27b1 549
a9c01830
MI		 550 for (i = 0; i < 32; i++, wpnum++, addr += WPGROUP_SIZE) {
551 if (addr < sd->size && test_bit(wpnum, sd->wp_groups)) {
a1bb27b1 552 ret |= (1 << i);
a9c01830
MI		 553 }
554 }
a1bb27b1
PB		 555
556 return ret;
557}
558
559static void sd_function_switch(SDState *sd, uint32_t arg)
560{
561 int i, mode, new_func, crc;
562 mode = !!(arg & 0x80000000);
563
564 sd->data[0] = 0x00; /* Maximum current consumption */
565 sd->data[1] = 0x01;
566 sd->data[2] = 0x80; /* Supported group 6 functions */
567 sd->data[3] = 0x01;
568 sd->data[4] = 0x80; /* Supported group 5 functions */
569 sd->data[5] = 0x01;
570 sd->data[6] = 0x80; /* Supported group 4 functions */
571 sd->data[7] = 0x01;
572 sd->data[8] = 0x80; /* Supported group 3 functions */
573 sd->data[9] = 0x01;
574 sd->data[10] = 0x80; /* Supported group 2 functions */
575 sd->data[11] = 0x43;
576 sd->data[12] = 0x80; /* Supported group 1 functions */
577 sd->data[13] = 0x03;
578 for (i = 0; i < 6; i ++) {
579 new_func = (arg >> (i * 4)) & 0x0f;
580 if (mode && new_func != 0x0f)
581 sd->function_group[i] = new_func;
582 sd->data[14 + (i >> 1)] = new_func << ((i * 4) & 4);
583 }
584 memset(&sd->data[17], 0, 47);
585 crc = sd_crc16(sd->data, 64);
586 sd->data[65] = crc >> 8;
587 sd->data[66] = crc & 0xff;
588}
589
4e8f1be2 590static inline bool sd_wp_addr(SDState *sd, uint64_t addr)
a1bb27b1 591{
b7202b88 592 return test_bit(sd_addr_to_wpnum(addr), sd->wp_groups);
a1bb27b1
PB		 593}
594
595static void sd_lock_command(SDState *sd)
596{
597 int erase, lock, clr_pwd, set_pwd, pwd_len;
598 erase = !!(sd->data[0] & 0x08);
599 lock = sd->data[0] & 0x04;
600 clr_pwd = sd->data[0] & 0x02;
601 set_pwd = sd->data[0] & 0x01;
602
603 if (sd->blk_len > 1)
604 pwd_len = sd->data[1];
605 else
606 pwd_len = 0;
607
608 if (erase) {
609 if (!(sd->card_status & CARD_IS_LOCKED) || sd->blk_len > 1 ||
610 set_pwd || clr_pwd || lock || sd->wp_switch ||
611 (sd->csd[14] & 0x20)) {
612 sd->card_status |= LOCK_UNLOCK_FAILED;
613 return;
614 }
50a5be6c 615 bitmap_zero(sd->wp_groups, sd->wpgrps_size);
a1bb27b1
PB		 616 sd->csd[14] &= ~0x10;
617 sd->card_status &= ~CARD_IS_LOCKED;
618 sd->pwd_len = 0;
619 /* Erasing the entire card here! */
827df9f3 620 fprintf(stderr, "SD: Card force-erased by CMD42\n");
a1bb27b1
PB		 621 return;
622 }
623
624 if (sd->blk_len < 2 + pwd_len ||
625 pwd_len <= sd->pwd_len ||
626 pwd_len > sd->pwd_len + 16) {
627 sd->card_status |= LOCK_UNLOCK_FAILED;
628 return;
629 }
630
631 if (sd->pwd_len && memcmp(sd->pwd, sd->data + 2, sd->pwd_len)) {
632 sd->card_status |= LOCK_UNLOCK_FAILED;
633 return;
634 }
635
636 pwd_len -= sd->pwd_len;
637 if ((pwd_len && !set_pwd) ||
638 (clr_pwd && (set_pwd || lock)) ||
639 (lock && !sd->pwd_len && !set_pwd) ||
640 (!set_pwd && !clr_pwd &&
641 (((sd->card_status & CARD_IS_LOCKED) && lock) ||
642 (!(sd->card_status & CARD_IS_LOCKED) && !lock)))) {
643 sd->card_status |= LOCK_UNLOCK_FAILED;
644 return;
645 }
646
647 if (set_pwd) {
648 memcpy(sd->pwd, sd->data + 2 + sd->pwd_len, pwd_len);
649 sd->pwd_len = pwd_len;
650 }
651
652 if (clr_pwd) {
653 sd->pwd_len = 0;
654 }
655
656 if (lock)
657 sd->card_status |= CARD_IS_LOCKED;
658 else
659 sd->card_status &= ~CARD_IS_LOCKED;
660}
661
c227f099 662static sd_rsp_type_t sd_normal_command(SDState *sd,
bc24a225 663 SDRequest req)
a1bb27b1
PB		 664{
665 uint32_t rca = 0x0000;
2d7adea4 666 uint64_t addr = (sd->ocr & (1 << 30)) ? (uint64_t) req.arg << 9 : req.arg;
a1bb27b1 667
1d06cb7a
PM		 668 /* Not interpreting this as an app command */
669 sd->card_status &= ~APP_CMD;
670
a1bb27b1
PB		 671 if (sd_cmd_type[req.cmd] == sd_ac || sd_cmd_type[req.cmd] == sd_adtc)
672 rca = req.arg >> 16;
673
674 DPRINTF("CMD%d 0x%08x state %d\n", req.cmd, req.arg, sd->state);
675 switch (req.cmd) {
676 /* Basic commands (Class 0 and Class 1) */
677 case 0: /* CMD0: GO_IDLE_STATE */
678 switch (sd->state) {
679 case sd_inactive_state:
775616c3 680 return sd->spi ? sd_r1 : sd_r0;
a1bb27b1
PB		 681
682 default:
683 sd->state = sd_idle_state;
16b781aa 684 sd_reset(sd);
775616c3 685 return sd->spi ? sd_r1 : sd_r0;
a1bb27b1
PB		 686 }
687 break;
688
775616c3
PB		 689 case 1: /* CMD1: SEND_OP_CMD */
690 if (!sd->spi)
691 goto bad_cmd;
692
693 sd->state = sd_transfer_state;
694 return sd_r1;
695
a1bb27b1 696 case 2: /* CMD2: ALL_SEND_CID */
775616c3
PB		 697 if (sd->spi)
698 goto bad_cmd;
a1bb27b1
PB		 699 switch (sd->state) {
700 case sd_ready_state:
701 sd->state = sd_identification_state;
702 return sd_r2_i;
703
704 default:
705 break;
706 }
707 break;
708
709 case 3: /* CMD3: SEND_RELATIVE_ADDR */
775616c3
PB		 710 if (sd->spi)
711 goto bad_cmd;
a1bb27b1
PB		 712 switch (sd->state) {
713 case sd_identification_state:
714 case sd_standby_state:
715 sd->state = sd_standby_state;
716 sd_set_rca(sd);
717 return sd_r6;
718
719 default:
720 break;
721 }
722 break;
723
724 case 4: /* CMD4: SEND_DSR */
775616c3
PB		 725 if (sd->spi)
726 goto bad_cmd;
a1bb27b1
PB		 727 switch (sd->state) {
728 case sd_standby_state:
729 break;
730
731 default:
732 break;
733 }
734 break;
735
109ac32f 736 case 5: /* CMD5: reserved for SDIO cards */
53bb8cc4 737 return sd_illegal;
109ac32f 738
a1bb27b1 739 case 6: /* CMD6: SWITCH_FUNCTION */
775616c3
PB		 740 if (sd->spi)
741 goto bad_cmd;
a1bb27b1
PB		 742 switch (sd->mode) {
743 case sd_data_transfer_mode:
744 sd_function_switch(sd, req.arg);
745 sd->state = sd_sendingdata_state;
746 sd->data_start = 0;
747 sd->data_offset = 0;
748 return sd_r1;
749
750 default:
751 break;
752 }
753 break;
754
755 case 7: /* CMD7: SELECT/DESELECT_CARD */
775616c3
PB		 756 if (sd->spi)
757 goto bad_cmd;
a1bb27b1
PB		 758 switch (sd->state) {
759 case sd_standby_state:
760 if (sd->rca != rca)
761 return sd_r0;
762
763 sd->state = sd_transfer_state;
764 return sd_r1b;
765
766 case sd_transfer_state:
767 case sd_sendingdata_state:
768 if (sd->rca == rca)
769 break;
770
771 sd->state = sd_standby_state;
772 return sd_r1b;
773
774 case sd_disconnect_state:
775 if (sd->rca != rca)
776 return sd_r0;
777
778 sd->state = sd_programming_state;
779 return sd_r1b;
780
781 case sd_programming_state:
782 if (sd->rca == rca)
783 break;
784
785 sd->state = sd_disconnect_state;
786 return sd_r1b;
787
788 default:
789 break;
790 }
791 break;
792
1b088995
AZ		 793 case 8: /* CMD8: SEND_IF_COND */
794 /* Physical Layer Specification Version 2.00 command */
795 switch (sd->state) {
796 case sd_idle_state:
797 sd->vhs = 0;
798
799 /* No response if not exactly one VHS bit is set. */
c9d93318 800 if (!(req.arg >> 8) || (req.arg >> (ctz32(req.arg & ~0xff) + 1))) {
1b088995 801 return sd->spi ? sd_r7 : sd_r0;
c9d93318 802 }
1b088995
AZ		 803
804 /* Accept. */
805 sd->vhs = req.arg;
806 return sd_r7;
807
808 default:
809 break;
810 }
811 break;
812
a1bb27b1
PB		 813 case 9: /* CMD9: SEND_CSD */
814 switch (sd->state) {
815 case sd_standby_state:
816 if (sd->rca != rca)
817 return sd_r0;
818
819 return sd_r2_s;
820
775616c3
PB		 821 case sd_transfer_state:
822 if (!sd->spi)
823 break;
824 sd->state = sd_sendingdata_state;
825 memcpy(sd->data, sd->csd, 16);
2d7adea4 826 sd->data_start = addr;
775616c3
PB		 827 sd->data_offset = 0;
828 return sd_r1;
829
a1bb27b1
PB		 830 default:
831 break;
832 }
833 break;
834
835 case 10: /* CMD10: SEND_CID */
836 switch (sd->state) {
837 case sd_standby_state:
838 if (sd->rca != rca)
839 return sd_r0;
840
841 return sd_r2_i;
842
775616c3
PB		 843 case sd_transfer_state:
844 if (!sd->spi)
845 break;
846 sd->state = sd_sendingdata_state;
847 memcpy(sd->data, sd->cid, 16);
2d7adea4 848 sd->data_start = addr;
775616c3
PB		 849 sd->data_offset = 0;
850 return sd_r1;
851
a1bb27b1
PB		 852 default:
853 break;
854 }
855 break;
856
857 case 11: /* CMD11: READ_DAT_UNTIL_STOP */
775616c3
PB		 858 if (sd->spi)
859 goto bad_cmd;
a1bb27b1
PB		 860 switch (sd->state) {
861 case sd_transfer_state:
862 sd->state = sd_sendingdata_state;
863 sd->data_start = req.arg;
864 sd->data_offset = 0;
865
866 if (sd->data_start + sd->blk_len > sd->size)
867 sd->card_status |= ADDRESS_ERROR;
868 return sd_r0;
869
870 default:
871 break;
872 }
873 break;
874
875 case 12: /* CMD12: STOP_TRANSMISSION */
876 switch (sd->state) {
877 case sd_sendingdata_state:
878 sd->state = sd_transfer_state;
879 return sd_r1b;
880
881 case sd_receivingdata_state:
882 sd->state = sd_programming_state;
883 /* Bzzzzzzztt .... Operation complete. */
884 sd->state = sd_transfer_state;
885 return sd_r1b;
886
887 default:
888 break;
889 }
890 break;
891
892 case 13: /* CMD13: SEND_STATUS */
893 switch (sd->mode) {
894 case sd_data_transfer_mode:
895 if (sd->rca != rca)
896 return sd_r0;
897
898 return sd_r1;
899
900 default:
901 break;
902 }
903 break;
904
905 case 15: /* CMD15: GO_INACTIVE_STATE */
775616c3
PB		 906 if (sd->spi)
907 goto bad_cmd;
a1bb27b1
PB		 908 switch (sd->mode) {
909 case sd_data_transfer_mode:
910 if (sd->rca != rca)
911 return sd_r0;
912
913 sd->state = sd_inactive_state;
914 return sd_r0;
915
916 default:
917 break;
918 }
919 break;
920
921 /* Block read commands (Classs 2) */
922 case 16: /* CMD16: SET_BLOCKLEN */
923 switch (sd->state) {
924 case sd_transfer_state:
925 if (req.arg > (1 << HWBLOCK_SHIFT))
926 sd->card_status |= BLOCK_LEN_ERROR;
927 else
928 sd->blk_len = req.arg;
929
930 return sd_r1;
931
932 default:
933 break;
934 }
935 break;
936
937 case 17: /* CMD17: READ_SINGLE_BLOCK */
938 switch (sd->state) {
939 case sd_transfer_state:
940 sd->state = sd_sendingdata_state;
2d7adea4 941 sd->data_start = addr;
a1bb27b1
PB		 942 sd->data_offset = 0;
943
944 if (sd->data_start + sd->blk_len > sd->size)
945 sd->card_status |= ADDRESS_ERROR;
946 return sd_r1;
947
948 default:
949 break;
950 }
951 break;
952
953 case 18: /* CMD18: READ_MULTIPLE_BLOCK */
954 switch (sd->state) {
955 case sd_transfer_state:
956 sd->state = sd_sendingdata_state;
2d7adea4 957 sd->data_start = addr;
a1bb27b1
PB		 958 sd->data_offset = 0;
959
960 if (sd->data_start + sd->blk_len > sd->size)
961 sd->card_status |= ADDRESS_ERROR;
962 return sd_r1;
963
964 default:
965 break;
966 }
967 break;
968
969 /* Block write commands (Class 4) */
970 case 24: /* CMD24: WRITE_SINGLE_BLOCK */
775616c3
PB		 971 if (sd->spi)
972 goto unimplemented_cmd;
a1bb27b1
PB		 973 switch (sd->state) {
974 case sd_transfer_state:
775616c3
PB		 975 /* Writing in SPI mode not implemented. */
976 if (sd->spi)
977 break;
a1bb27b1 978 sd->state = sd_receivingdata_state;
2d7adea4 979 sd->data_start = addr;
a1bb27b1
PB		 980 sd->data_offset = 0;
981 sd->blk_written = 0;
982
983 if (sd->data_start + sd->blk_len > sd->size)
984 sd->card_status |= ADDRESS_ERROR;
985 if (sd_wp_addr(sd, sd->data_start))
986 sd->card_status |= WP_VIOLATION;
987 if (sd->csd[14] & 0x30)
988 sd->card_status |= WP_VIOLATION;
989 return sd_r1;
990
991 default:
992 break;
993 }
994 break;
995
996 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
775616c3
PB		 997 if (sd->spi)
998 goto unimplemented_cmd;
a1bb27b1
PB		 999 switch (sd->state) {
1000 case sd_transfer_state:
775616c3
PB		 1001 /* Writing in SPI mode not implemented. */
1002 if (sd->spi)
1003 break;
a1bb27b1 1004 sd->state = sd_receivingdata_state;
2d7adea4 1005 sd->data_start = addr;
a1bb27b1
PB		 1006 sd->data_offset = 0;
1007 sd->blk_written = 0;
1008
1009 if (sd->data_start + sd->blk_len > sd->size)
1010 sd->card_status |= ADDRESS_ERROR;
1011 if (sd_wp_addr(sd, sd->data_start))
1012 sd->card_status |= WP_VIOLATION;
1013 if (sd->csd[14] & 0x30)
1014 sd->card_status |= WP_VIOLATION;
1015 return sd_r1;
1016
1017 default:
1018 break;
1019 }
1020 break;
1021
1022 case 26: /* CMD26: PROGRAM_CID */
775616c3
PB		 1023 if (sd->spi)
1024 goto bad_cmd;
a1bb27b1
PB		 1025 switch (sd->state) {
1026 case sd_transfer_state:
1027 sd->state = sd_receivingdata_state;
1028 sd->data_start = 0;
1029 sd->data_offset = 0;
1030 return sd_r1;
1031
1032 default:
1033 break;
1034 }
1035 break;
1036
1037 case 27: /* CMD27: PROGRAM_CSD */
775616c3
PB		 1038 if (sd->spi)
1039 goto unimplemented_cmd;
a1bb27b1
PB		 1040 switch (sd->state) {
1041 case sd_transfer_state:
1042 sd->state = sd_receivingdata_state;
1043 sd->data_start = 0;
1044 sd->data_offset = 0;
1045 return sd_r1;
1046
1047 default:
1048 break;
1049 }
1050 break;
1051
1052 /* Write protection (Class 6) */
1053 case 28: /* CMD28: SET_WRITE_PROT */
1054 switch (sd->state) {
1055 case sd_transfer_state:
2d7adea4 1056 if (addr >= sd->size) {
e30d5938 1057 sd->card_status |= ADDRESS_ERROR;
a1bb27b1
PB		 1058 return sd_r1b;
1059 }
1060
1061 sd->state = sd_programming_state;
b7202b88 1062 set_bit(sd_addr_to_wpnum(addr), sd->wp_groups);
a1bb27b1
PB		 1063 /* Bzzzzzzztt .... Operation complete. */
1064 sd->state = sd_transfer_state;
1065 return sd_r1b;
1066
1067 default:
1068 break;
1069 }
1070 break;
1071
1072 case 29: /* CMD29: CLR_WRITE_PROT */
1073 switch (sd->state) {
1074 case sd_transfer_state:
2d7adea4 1075 if (addr >= sd->size) {
e30d5938 1076 sd->card_status |= ADDRESS_ERROR;
a1bb27b1
PB		 1077 return sd_r1b;
1078 }
1079
1080 sd->state = sd_programming_state;
b7202b88 1081 clear_bit(sd_addr_to_wpnum(addr), sd->wp_groups);
a1bb27b1
PB		 1082 /* Bzzzzzzztt .... Operation complete. */
1083 sd->state = sd_transfer_state;
1084 return sd_r1b;
1085
1086 default:
1087 break;
1088 }
1089 break;
1090
1091 case 30: /* CMD30: SEND_WRITE_PROT */
1092 switch (sd->state) {
1093 case sd_transfer_state:
1094 sd->state = sd_sendingdata_state;
1095 *(uint32_t *) sd->data = sd_wpbits(sd, req.arg);
2d7adea4 1096 sd->data_start = addr;
a1bb27b1
PB		 1097 sd->data_offset = 0;
1098 return sd_r1b;
1099
1100 default:
1101 break;
1102 }
1103 break;
1104
1105 /* Erase commands (Class 5) */
1106 case 32: /* CMD32: ERASE_WR_BLK_START */
1107 switch (sd->state) {
1108 case sd_transfer_state:
1109 sd->erase_start = req.arg;
1110 return sd_r1;
1111
1112 default:
1113 break;
1114 }
1115 break;
1116
1117 case 33: /* CMD33: ERASE_WR_BLK_END */
1118 switch (sd->state) {
1119 case sd_transfer_state:
1120 sd->erase_end = req.arg;
1121 return sd_r1;
1122
1123 default:
1124 break;
1125 }
1126 break;
1127
1128 case 38: /* CMD38: ERASE */
1129 switch (sd->state) {
1130 case sd_transfer_state:
1131 if (sd->csd[14] & 0x30) {
1132 sd->card_status |= WP_VIOLATION;
1133 return sd_r1b;
1134 }
1135
1136 sd->state = sd_programming_state;
1137 sd_erase(sd);
1138 /* Bzzzzzzztt .... Operation complete. */
1139 sd->state = sd_transfer_state;
1140 return sd_r1b;
1141
1142 default:
1143 break;
1144 }
1145 break;
1146
1147 /* Lock card commands (Class 7) */
1148 case 42: /* CMD42: LOCK_UNLOCK */
775616c3
PB		 1149 if (sd->spi)
1150 goto unimplemented_cmd;
a1bb27b1
PB		 1151 switch (sd->state) {
1152 case sd_transfer_state:
1153 sd->state = sd_receivingdata_state;
1154 sd->data_start = 0;
1155 sd->data_offset = 0;
1156 return sd_r1;
1157
1158 default:
1159 break;
1160 }
1161 break;
1162
39e594db
PM		 1163 case 52:
1164 case 53:
1165 /* CMD52, CMD53: reserved for SDIO cards
1166 * (see the SDIO Simplified Specification V2.0)
1167 * Handle as illegal command but do not complain
1168 * on stderr, as some OSes may use these in their
1169 * probing for presence of an SDIO card.
1170 */
53bb8cc4 1171 return sd_illegal;
39e594db 1172
a1bb27b1
PB		 1173 /* Application specific commands (Class 8) */
1174 case 55: /* CMD55: APP_CMD */
1175 if (sd->rca != rca)
1176 return sd_r0;
1177
bebd1271 1178 sd->expecting_acmd = true;
a1bb27b1
PB		 1179 sd->card_status |= APP_CMD;
1180 return sd_r1;
1181
1182 case 56: /* CMD56: GEN_CMD */
827df9f3 1183 fprintf(stderr, "SD: GEN_CMD 0x%08x\n", req.arg);
a1bb27b1
PB		 1184
1185 switch (sd->state) {
1186 case sd_transfer_state:
1187 sd->data_offset = 0;
1188 if (req.arg & 1)
1189 sd->state = sd_sendingdata_state;
1190 else
1191 sd->state = sd_receivingdata_state;
1192 return sd_r1;
1193
1194 default:
1195 break;
1196 }
1197 break;
1198
1199 default:
775616c3 1200 bad_cmd:
827df9f3 1201 fprintf(stderr, "SD: Unknown CMD%i\n", req.cmd);
53bb8cc4 1202 return sd_illegal;
775616c3
PB		 1203
1204 unimplemented_cmd:
1205 /* Commands that are recognised but not yet implemented in SPI mode. */
827df9f3 1206 fprintf(stderr, "SD: CMD%i not implemented in SPI mode\n", req.cmd);
53bb8cc4 1207 return sd_illegal;
a1bb27b1
PB		 1208 }
1209
827df9f3 1210 fprintf(stderr, "SD: CMD%i in a wrong state\n", req.cmd);
53bb8cc4 1211 return sd_illegal;
a1bb27b1
PB		 1212}
1213
c227f099 1214static sd_rsp_type_t sd_app_command(SDState *sd,
22ed1d34
BS		 1215 SDRequest req)
1216{
a1bb27b1 1217 DPRINTF("ACMD%d 0x%08x\n", req.cmd, req.arg);
1d06cb7a 1218 sd->card_status |= APP_CMD;
a1bb27b1
PB		 1219 switch (req.cmd) {
1220 case 6: /* ACMD6: SET_BUS_WIDTH */
1221 switch (sd->state) {
1222 case sd_transfer_state:
1223 sd->sd_status[0] &= 0x3f;
1224 sd->sd_status[0] |= (req.arg & 0x03) << 6;
1225 return sd_r1;
1226
1227 default:
1228 break;
1229 }
1230 break;
1231
1232 case 13: /* ACMD13: SD_STATUS */
1233 switch (sd->state) {
1234 case sd_transfer_state:
fb1ba03a 1235 sd->state = sd_sendingdata_state;
a1bb27b1
PB		 1236 sd->data_start = 0;
1237 sd->data_offset = 0;
1238 return sd_r1;
1239
1240 default:
1241 break;
1242 }
1243 break;
1244
1245 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
1246 switch (sd->state) {
1247 case sd_transfer_state:
1248 *(uint32_t *) sd->data = sd->blk_written;
1249
fb1ba03a 1250 sd->state = sd_sendingdata_state;
a1bb27b1
PB		 1251 sd->data_start = 0;
1252 sd->data_offset = 0;
1253 return sd_r1;
1254
1255 default:
1256 break;
1257 }
1258 break;
1259
1260 case 23: /* ACMD23: SET_WR_BLK_ERASE_COUNT */
1261 switch (sd->state) {
1262 case sd_transfer_state:
1263 return sd_r1;
1264
1265 default:
1266 break;
1267 }
1268 break;
1269
1270 case 41: /* ACMD41: SD_APP_OP_COND */
775616c3
PB		 1271 if (sd->spi) {
1272 /* SEND_OP_CMD */
1273 sd->state = sd_transfer_state;
1274 return sd_r1;
1275 }
a1bb27b1
PB		 1276 switch (sd->state) {
1277 case sd_idle_state:
37ab4a56
PC		 1278 /* We accept any voltage. 10000 V is nothing.
1279 *
1280 * We don't model init delay so just advance straight to ready state
1281 * unless it's an enquiry ACMD41 (bits 23:0 == 0).
1282 */
1283 if (req.arg & ACMD41_ENQUIRY_MASK) {
a1bb27b1 1284 sd->state = sd_ready_state;
37ab4a56 1285 }
a1bb27b1
PB		 1286
1287 return sd_r3;
1288
1289 default:
1290 break;
1291 }
1292 break;
1293
1294 case 42: /* ACMD42: SET_CLR_CARD_DETECT */
1295 switch (sd->state) {
1296 case sd_transfer_state:
1297 /* Bringing in the 50KOhm pull-up resistor... Done. */
1298 return sd_r1;
1299
1300 default:
1301 break;
1302 }
1303 break;
1304
1305 case 51: /* ACMD51: SEND_SCR */
1306 switch (sd->state) {
1307 case sd_transfer_state:
1308 sd->state = sd_sendingdata_state;
1309 sd->data_start = 0;
1310 sd->data_offset = 0;
1311 return sd_r1;
1312
1313 default:
1314 break;
1315 }
1316 break;
1317
1318 default:
1319 /* Fall back to standard commands. */
a1bb27b1
PB		 1320 return sd_normal_command(sd, req);
1321 }
1322
827df9f3 1323 fprintf(stderr, "SD: ACMD%i in a wrong state\n", req.cmd);
5b08bfe2 1324 return sd_illegal;
a1bb27b1
PB		 1325}
1326
25881d33
PM		 1327static int cmd_valid_while_locked(SDState *sd, SDRequest *req)
1328{
1329 /* Valid commands in locked state:
1330 * basic class (0)
1331 * lock card class (7)
1332 * CMD16
1333 * implicitly, the ACMD prefix CMD55
1334 * ACMD41 and ACMD42
1335 * Anything else provokes an "illegal command" response.
1336 */
1d06cb7a 1337 if (sd->expecting_acmd) {
25881d33
PM		 1338 return req->cmd == 41 || req->cmd == 42;
1339 }
1340 if (req->cmd == 16 || req->cmd == 55) {
1341 return 1;
1342 }
1343 return sd_cmd_class[req->cmd] == 0 || sd_cmd_class[req->cmd] == 7;
1344}
1345
bc24a225 1346int sd_do_command(SDState *sd, SDRequest *req,
a1bb27b1 1347 uint8_t *response) {
10a412da 1348 int last_state;
c227f099 1349 sd_rsp_type_t rtype;
a1bb27b1
PB		 1350 int rsplen;
1351
4be74634 1352 if (!sd->blk || !blk_is_inserted(sd->blk) || !sd->enable) {
a1bb27b1
PB		 1353 return 0;
1354 }
1355
1356 if (sd_req_crc_validate(req)) {
abda1f37 1357 sd->card_status |= COM_CRC_ERROR;
b1f517ed
PM		 1358 rtype = sd_illegal;
1359 goto send_response;
a1bb27b1
PB		 1360 }
1361
10a412da 1362 if (sd->card_status & CARD_IS_LOCKED) {
25881d33 1363 if (!cmd_valid_while_locked(sd, req)) {
a1bb27b1 1364 sd->card_status |= ILLEGAL_COMMAND;
bebd1271 1365 sd->expecting_acmd = false;
827df9f3 1366 fprintf(stderr, "SD: Card is locked\n");
b1f517ed
PM		 1367 rtype = sd_illegal;
1368 goto send_response;
a1bb27b1 1369 }
25881d33 1370 }
a1bb27b1 1371
10a412da
PM		 1372 last_state = sd->state;
1373 sd_set_mode(sd);
1374
1d06cb7a 1375 if (sd->expecting_acmd) {
bebd1271 1376 sd->expecting_acmd = false;
a1bb27b1 1377 rtype = sd_app_command(sd, *req);
1d06cb7a 1378 } else {
a1bb27b1 1379 rtype = sd_normal_command(sd, *req);
1d06cb7a 1380 }
a1bb27b1 1381
53bb8cc4
PM		 1382 if (rtype == sd_illegal) {
1383 sd->card_status |= ILLEGAL_COMMAND;
10a412da
PM		 1384 } else {
1385 /* Valid command, we can update the 'state before command' bits.
1386 * (Do this now so they appear in r1 responses.)
1387 */
1388 sd->current_cmd = req->cmd;
1389 sd->card_status &= ~CURRENT_STATE;
1390 sd->card_status |= (last_state << 9);
53bb8cc4
PM		 1391 }
1392
b1f517ed 1393send_response:
a1bb27b1
PB		 1394 switch (rtype) {
1395 case sd_r1:
1396 case sd_r1b:
10a412da 1397 sd_response_r1_make(sd, response);
a1bb27b1
PB		 1398 rsplen = 4;
1399 break;
1400
1401 case sd_r2_i:
1402 memcpy(response, sd->cid, sizeof(sd->cid));
a1bb27b1
PB		 1403 rsplen = 16;
1404 break;
1405
1406 case sd_r2_s:
1407 memcpy(response, sd->csd, sizeof(sd->csd));
a1bb27b1
PB		 1408 rsplen = 16;
1409 break;
1410
1411 case sd_r3:
1412 sd_response_r3_make(sd, response);
1413 rsplen = 4;
1414 break;
1415
1416 case sd_r6:
1417 sd_response_r6_make(sd, response);
1418 rsplen = 4;
1419 break;
1420
1b088995
AZ		 1421 case sd_r7:
1422 sd_response_r7_make(sd, response);
1423 rsplen = 4;
1424 break;
1425
a1bb27b1 1426 case sd_r0:
53bb8cc4 1427 case sd_illegal:
a1bb27b1
PB		 1428 default:
1429 rsplen = 0;
1430 break;
1431 }
1432
10a412da
PM		 1433 if (rtype != sd_illegal) {
1434 /* Clear the "clear on valid command" status bits now we've
1435 * sent any response
1436 */
1437 sd->card_status &= ~CARD_STATUS_B;
1438 }
1439
a1bb27b1
PB		 1440#ifdef DEBUG_SD
1441 if (rsplen) {
1442 int i;
1443 DPRINTF("Response:");
1444 for (i = 0; i < rsplen; i++)
038d3d44
PC		 1445 fprintf(stderr, " %02x", response[i]);
1446 fprintf(stderr, " state %d\n", sd->state);
a1bb27b1
PB		 1447 } else {
1448 DPRINTF("No response %d\n", sd->state);
1449 }
1450#endif
1451
1452 return rsplen;
1453}
1454
2d7adea4 1455static void sd_blk_read(SDState *sd, uint64_t addr, uint32_t len)
a1bb27b1 1456{
2d7adea4 1457 uint64_t end = addr + len;
a1bb27b1 1458
2d7adea4
AZ		 1459 DPRINTF("sd_blk_read: addr = 0x%08llx, len = %d\n",
1460 (unsigned long long) addr, len);
4be74634 1461 if (!sd->blk || blk_read(sd->blk, addr >> 9, sd->buf, 1) < 0) {
827df9f3 1462 fprintf(stderr, "sd_blk_read: read error on host side\n");
a1bb27b1
PB		 1463 return;
1464 }
1465
1466 if (end > (addr & ~511) + 512) {
33f00271 1467 memcpy(sd->data, sd->buf + (addr & 511), 512 - (addr & 511));
a1bb27b1 1468
4be74634 1469 if (blk_read(sd->blk, end >> 9, sd->buf, 1) < 0) {
827df9f3 1470 fprintf(stderr, "sd_blk_read: read error on host side\n");
a1bb27b1
PB		 1471 return;
1472 }
33f00271 1473 memcpy(sd->data + 512 - (addr & 511), sd->buf, end & 511);
a1bb27b1 1474 } else
33f00271 1475 memcpy(sd->data, sd->buf + (addr & 511), len);
a1bb27b1
PB		 1476}
1477
2d7adea4 1478static void sd_blk_write(SDState *sd, uint64_t addr, uint32_t len)
a1bb27b1 1479{
2d7adea4 1480 uint64_t end = addr + len;
a1bb27b1
PB		 1481
1482 if ((addr & 511) || len < 512)
4be74634 1483 if (!sd->blk || blk_read(sd->blk, addr >> 9, sd->buf, 1) < 0) {
827df9f3 1484 fprintf(stderr, "sd_blk_write: read error on host side\n");
a1bb27b1
PB		 1485 return;
1486 }
1487
1488 if (end > (addr & ~511) + 512) {
33f00271 1489 memcpy(sd->buf + (addr & 511), sd->data, 512 - (addr & 511));
4be74634 1490 if (blk_write(sd->blk, addr >> 9, sd->buf, 1) < 0) {
827df9f3 1491 fprintf(stderr, "sd_blk_write: write error on host side\n");
a1bb27b1
PB		 1492 return;
1493 }
1494
4be74634 1495 if (blk_read(sd->blk, end >> 9, sd->buf, 1) < 0) {
827df9f3 1496 fprintf(stderr, "sd_blk_write: read error on host side\n");
a1bb27b1
PB		 1497 return;
1498 }
33f00271 1499 memcpy(sd->buf, sd->data + 512 - (addr & 511), end & 511);
4be74634 1500 if (blk_write(sd->blk, end >> 9, sd->buf, 1) < 0) {
827df9f3 1501 fprintf(stderr, "sd_blk_write: write error on host side\n");
7a608f56 1502 }
a1bb27b1 1503 } else {
33f00271 1504 memcpy(sd->buf + (addr & 511), sd->data, len);
4be74634 1505 if (!sd->blk || blk_write(sd->blk, addr >> 9, sd->buf, 1) < 0) {
827df9f3 1506 fprintf(stderr, "sd_blk_write: write error on host side\n");
7a608f56 1507 }
a1bb27b1
PB		 1508 }
1509}
1510
33f00271
AZ		 1511#define BLK_READ_BLOCK(a, len) sd_blk_read(sd, a, len)
1512#define BLK_WRITE_BLOCK(a, len) sd_blk_write(sd, a, len)
a1bb27b1
PB		 1513#define APP_READ_BLOCK(a, len) memset(sd->data, 0xec, len)
1514#define APP_WRITE_BLOCK(a, len)
1515
1516void sd_write_data(SDState *sd, uint8_t value)
1517{
1518 int i;
1519
4be74634 1520 if (!sd->blk || !blk_is_inserted(sd->blk) || !sd->enable)
a1bb27b1
PB		 1521 return;
1522
1523 if (sd->state != sd_receivingdata_state) {
827df9f3 1524 fprintf(stderr, "sd_write_data: not in Receiving-Data state\n");
a1bb27b1
PB		 1525 return;
1526 }
1527
1528 if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION))
1529 return;
1530
1531 switch (sd->current_cmd) {
1532 case 24: /* CMD24: WRITE_SINGLE_BLOCK */
1533 sd->data[sd->data_offset ++] = value;
1534 if (sd->data_offset >= sd->blk_len) {
1535 /* TODO: Check CRC before committing */
1536 sd->state = sd_programming_state;
1537 BLK_WRITE_BLOCK(sd->data_start, sd->data_offset);
1538 sd->blk_written ++;
1539 sd->csd[14] |= 0x40;
1540 /* Bzzzzzzztt .... Operation complete. */
1541 sd->state = sd_transfer_state;
1542 }
1543 break;
1544
1545 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
33fa8234 1546 if (sd->data_offset == 0) {
e03ba136 1547 /* Start of the block - let's check the address is valid */
a1bb27b1
PB		 1548 if (sd->data_start + sd->blk_len > sd->size) {
1549 sd->card_status |= ADDRESS_ERROR;
1550 break;
1551 }
1552 if (sd_wp_addr(sd, sd->data_start)) {
1553 sd->card_status |= WP_VIOLATION;
1554 break;
1555 }
33fa8234
DDAG		 1556 }
1557 sd->data[sd->data_offset++] = value;
1558 if (sd->data_offset >= sd->blk_len) {
1559 /* TODO: Check CRC before committing */
1560 sd->state = sd_programming_state;
1561 BLK_WRITE_BLOCK(sd->data_start, sd->data_offset);
1562 sd->blk_written++;
1563 sd->data_start += sd->blk_len;
1564 sd->data_offset = 0;
a1bb27b1
PB		 1565 sd->csd[14] |= 0x40;
1566
1567 /* Bzzzzzzztt .... Operation complete. */
1568 sd->state = sd_receivingdata_state;
1569 }
1570 break;
1571
1572 case 26: /* CMD26: PROGRAM_CID */
1573 sd->data[sd->data_offset ++] = value;
1574 if (sd->data_offset >= sizeof(sd->cid)) {
1575 /* TODO: Check CRC before committing */
1576 sd->state = sd_programming_state;
1577 for (i = 0; i < sizeof(sd->cid); i ++)
1578 if ((sd->cid[i] | 0x00) != sd->data[i])
1579 sd->card_status |= CID_CSD_OVERWRITE;
1580
1581 if (!(sd->card_status & CID_CSD_OVERWRITE))
1582 for (i = 0; i < sizeof(sd->cid); i ++) {
1583 sd->cid[i] |= 0x00;
1584 sd->cid[i] &= sd->data[i];
1585 }
1586 /* Bzzzzzzztt .... Operation complete. */
1587 sd->state = sd_transfer_state;
1588 }
1589 break;
1590
1591 case 27: /* CMD27: PROGRAM_CSD */
1592 sd->data[sd->data_offset ++] = value;
1593 if (sd->data_offset >= sizeof(sd->csd)) {
1594 /* TODO: Check CRC before committing */
1595 sd->state = sd_programming_state;
1596 for (i = 0; i < sizeof(sd->csd); i ++)
1597 if ((sd->csd[i] | sd_csd_rw_mask[i]) !=
1598 (sd->data[i] | sd_csd_rw_mask[i]))
1599 sd->card_status |= CID_CSD_OVERWRITE;
1600
1601 /* Copy flag (OTP) & Permanent write protect */
1602 if (sd->csd[14] & ~sd->data[14] & 0x60)
1603 sd->card_status |= CID_CSD_OVERWRITE;
1604
1605 if (!(sd->card_status & CID_CSD_OVERWRITE))
1606 for (i = 0; i < sizeof(sd->csd); i ++) {
1607 sd->csd[i] |= sd_csd_rw_mask[i];
1608 sd->csd[i] &= sd->data[i];
1609 }
1610 /* Bzzzzzzztt .... Operation complete. */
1611 sd->state = sd_transfer_state;
1612 }
1613 break;
1614
1615 case 42: /* CMD42: LOCK_UNLOCK */
1616 sd->data[sd->data_offset ++] = value;
1617 if (sd->data_offset >= sd->blk_len) {
1618 /* TODO: Check CRC before committing */
1619 sd->state = sd_programming_state;
1620 sd_lock_command(sd);
1621 /* Bzzzzzzztt .... Operation complete. */
1622 sd->state = sd_transfer_state;
1623 }
1624 break;
1625
1626 case 56: /* CMD56: GEN_CMD */
1627 sd->data[sd->data_offset ++] = value;
1628 if (sd->data_offset >= sd->blk_len) {
1629 APP_WRITE_BLOCK(sd->data_start, sd->data_offset);
1630 sd->state = sd_transfer_state;
1631 }
1632 break;
1633
1634 default:
827df9f3 1635 fprintf(stderr, "sd_write_data: unknown command\n");
a1bb27b1
PB		 1636 break;
1637 }
1638}
1639
1640uint8_t sd_read_data(SDState *sd)
1641{
1642 /* TODO: Append CRCs */
1643 uint8_t ret;
2d7adea4 1644 int io_len;
a1bb27b1 1645
4be74634 1646 if (!sd->blk || !blk_is_inserted(sd->blk) || !sd->enable)
a1bb27b1
PB		 1647 return 0x00;
1648
1649 if (sd->state != sd_sendingdata_state) {
827df9f3 1650 fprintf(stderr, "sd_read_data: not in Sending-Data state\n");
a1bb27b1
PB		 1651 return 0x00;
1652 }
1653
1654 if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION))
1655 return 0x00;
1656
2d7adea4
AZ		 1657 io_len = (sd->ocr & (1 << 30)) ? 512 : sd->blk_len;
1658
a1bb27b1
PB		 1659 switch (sd->current_cmd) {
1660 case 6: /* CMD6: SWITCH_FUNCTION */
1661 ret = sd->data[sd->data_offset ++];
1662
1663 if (sd->data_offset >= 64)
1664 sd->state = sd_transfer_state;
1665 break;
1666
775616c3
PB		 1667 case 9: /* CMD9: SEND_CSD */
1668 case 10: /* CMD10: SEND_CID */
1669 ret = sd->data[sd->data_offset ++];
1670
1671 if (sd->data_offset >= 16)
1672 sd->state = sd_transfer_state;
1673 break;
1674
a1bb27b1
PB		 1675 case 11: /* CMD11: READ_DAT_UNTIL_STOP */
1676 if (sd->data_offset == 0)
2d7adea4 1677 BLK_READ_BLOCK(sd->data_start, io_len);
a1bb27b1
PB		 1678 ret = sd->data[sd->data_offset ++];
1679
2d7adea4
AZ		 1680 if (sd->data_offset >= io_len) {
1681 sd->data_start += io_len;
a1bb27b1 1682 sd->data_offset = 0;
2d7adea4 1683 if (sd->data_start + io_len > sd->size) {
a1bb27b1
PB		 1684 sd->card_status |= ADDRESS_ERROR;
1685 break;
1686 }
1687 }
1688 break;
1689
1690 case 13: /* ACMD13: SD_STATUS */
1691 ret = sd->sd_status[sd->data_offset ++];
1692
1693 if (sd->data_offset >= sizeof(sd->sd_status))
1694 sd->state = sd_transfer_state;
1695 break;
1696
1697 case 17: /* CMD17: READ_SINGLE_BLOCK */
1698 if (sd->data_offset == 0)
2d7adea4 1699 BLK_READ_BLOCK(sd->data_start, io_len);
a1bb27b1
PB		 1700 ret = sd->data[sd->data_offset ++];
1701
2d7adea4 1702 if (sd->data_offset >= io_len)
a1bb27b1
PB		 1703 sd->state = sd_transfer_state;
1704 break;
1705
1706 case 18: /* CMD18: READ_MULTIPLE_BLOCK */
1707 if (sd->data_offset == 0)
2d7adea4 1708 BLK_READ_BLOCK(sd->data_start, io_len);
a1bb27b1
PB		 1709 ret = sd->data[sd->data_offset ++];
1710
2d7adea4
AZ		 1711 if (sd->data_offset >= io_len) {
1712 sd->data_start += io_len;
a1bb27b1 1713 sd->data_offset = 0;
2d7adea4 1714 if (sd->data_start + io_len > sd->size) {
a1bb27b1
PB		 1715 sd->card_status |= ADDRESS_ERROR;
1716 break;
1717 }
1718 }
1719 break;
1720
1721 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
1722 ret = sd->data[sd->data_offset ++];
1723
1724 if (sd->data_offset >= 4)
1725 sd->state = sd_transfer_state;
1726 break;
1727
1728 case 30: /* CMD30: SEND_WRITE_PROT */
1729 ret = sd->data[sd->data_offset ++];
1730
1731 if (sd->data_offset >= 4)
1732 sd->state = sd_transfer_state;
1733 break;
1734
1735 case 51: /* ACMD51: SEND_SCR */
1736 ret = sd->scr[sd->data_offset ++];
1737
1738 if (sd->data_offset >= sizeof(sd->scr))
1739 sd->state = sd_transfer_state;
1740 break;
1741
1742 case 56: /* CMD56: GEN_CMD */
1743 if (sd->data_offset == 0)
1744 APP_READ_BLOCK(sd->data_start, sd->blk_len);
1745 ret = sd->data[sd->data_offset ++];
1746
1747 if (sd->data_offset >= sd->blk_len)
1748 sd->state = sd_transfer_state;
1749 break;
1750
1751 default:
827df9f3 1752 fprintf(stderr, "sd_read_data: unknown command\n");
a1bb27b1
PB		 1753 return 0x00;
1754 }
1755
1756 return ret;
1757}
1758
879bf4a7 1759bool sd_data_ready(SDState *sd)
a1bb27b1
PB		 1760{
1761 return sd->state == sd_sendingdata_state;
1762}
827df9f3 1763
bebd1271 1764void sd_enable(SDState *sd, bool enable)
827df9f3
AZ		 1765{
1766 sd->enable = enable;
1767}
Empty description
This page took 1.090275 seconds and 4 git commands to generate.