]> Git Repo - qemu.git/blame - hw/sd.c
projects / qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
block: Generalize change_cb() to BlockDevOps
[qemu.git] / hw / sd.c
CommitLineData
5fafdf24 1/*
a1bb27b1
PB		 2 * SD Memory Card emulation as defined in the "SD Memory Card Physical
3 * layer specification, Version 1.10."
4 *
5 * Copyright (c) 2006 Andrzej Zaborowski <[email protected]>
6 * Copyright (c) 2007 CodeSourcery
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in
16 * the documentation and/or other materials provided with the
17 * distribution.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS''
20 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
21 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
22 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR
23 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
24 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
25 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
26 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
27 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
28 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
29 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
30 */
31
87ecb68b
PB		 32#include "hw.h"
33#include "block.h"
879f0655 34#include "block_int.h"
a1bb27b1
PB		 35#include "sd.h"
36
37//#define DEBUG_SD 1
38
39#ifdef DEBUG_SD
001faf32
BS		 40#define DPRINTF(fmt, ...) \
41do { fprintf(stderr, "SD: " fmt , ## __VA_ARGS__); } while (0)
a1bb27b1 42#else
001faf32 43#define DPRINTF(fmt, ...) do {} while(0)
a1bb27b1
PB		 44#endif
45
46typedef enum {
47 sd_r0 = 0, /* no response */
48 sd_r1, /* normal response command */
49 sd_r2_i, /* CID register */
50 sd_r2_s, /* CSD register */
51 sd_r3, /* OCR register */
52 sd_r6 = 6, /* Published RCA response */
1b088995 53 sd_r7, /* Operating voltage */
a1bb27b1 54 sd_r1b = -1,
c227f099 55} sd_rsp_type_t;
a1bb27b1
PB		 56
57struct SDState {
58 enum {
59 sd_inactive,
60 sd_card_identification_mode,
61 sd_data_transfer_mode,
62 } mode;
63 enum {
64 sd_inactive_state = -1,
65 sd_idle_state = 0,
66 sd_ready_state,
67 sd_identification_state,
68 sd_standby_state,
69 sd_transfer_state,
70 sd_sendingdata_state,
71 sd_receivingdata_state,
72 sd_programming_state,
73 sd_disconnect_state,
74 } state;
75 uint32_t ocr;
76 uint8_t scr[8];
77 uint8_t cid[16];
78 uint8_t csd[16];
79 uint16_t rca;
80 uint32_t card_status;
81 uint8_t sd_status[64];
1b088995 82 uint32_t vhs;
a1bb27b1
PB		 83 int wp_switch;
84 int *wp_groups;
2d7adea4 85 uint64_t size;
a1bb27b1
PB		 86 int blk_len;
87 uint32_t erase_start;
88 uint32_t erase_end;
89 uint8_t pwd[16];
90 int pwd_len;
91 int function_group[6];
92
775616c3 93 int spi;
a1bb27b1
PB		 94 int current_cmd;
95 int blk_written;
2d7adea4 96 uint64_t data_start;
a1bb27b1
PB		 97 uint32_t data_offset;
98 uint8_t data[512];
02ce600c
AZ		 99 qemu_irq readonly_cb;
100 qemu_irq inserted_cb;
a1bb27b1 101 BlockDriverState *bdrv;
33f00271 102 uint8_t *buf;
827df9f3
AZ		 103
104 int enable;
a1bb27b1
PB		 105};
106
107static void sd_set_status(SDState *sd)
108{
109 switch (sd->state) {
110 case sd_inactive_state:
111 sd->mode = sd_inactive;
112 break;
113
114 case sd_idle_state:
115 case sd_ready_state:
116 case sd_identification_state:
117 sd->mode = sd_card_identification_mode;
118 break;
119
120 case sd_standby_state:
121 case sd_transfer_state:
122 case sd_sendingdata_state:
123 case sd_receivingdata_state:
124 case sd_programming_state:
125 case sd_disconnect_state:
126 sd->mode = sd_data_transfer_mode;
127 break;
128 }
129
130 sd->card_status &= ~CURRENT_STATE;
131 sd->card_status |= sd->state << 9;
132}
133
c227f099 134static const sd_cmd_type_t sd_cmd_type[64] = {
a1bb27b1 135 sd_bc, sd_none, sd_bcr, sd_bcr, sd_none, sd_none, sd_none, sd_ac,
1b088995 136 sd_bcr, sd_ac, sd_ac, sd_adtc, sd_ac, sd_ac, sd_none, sd_ac,
a1bb27b1
PB		 137 sd_ac, sd_adtc, sd_adtc, sd_none, sd_none, sd_none, sd_none, sd_none,
138 sd_adtc, sd_adtc, sd_adtc, sd_adtc, sd_ac, sd_ac, sd_adtc, sd_none,
139 sd_ac, sd_ac, sd_none, sd_none, sd_none, sd_none, sd_ac, sd_none,
140 sd_none, sd_none, sd_bc, sd_none, sd_none, sd_none, sd_none, sd_none,
141 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_ac,
142 sd_adtc, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
143};
144
c227f099 145static const sd_cmd_type_t sd_acmd_type[64] = {
a1bb27b1
PB		 146 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_ac, sd_none,
147 sd_none, sd_none, sd_none, sd_none, sd_none, sd_adtc, sd_none, sd_none,
148 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_adtc, sd_ac,
149 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
150 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
151 sd_none, sd_bcr, sd_ac, sd_none, sd_none, sd_none, sd_none, sd_none,
152 sd_none, sd_none, sd_none, sd_adtc, sd_none, sd_none, sd_none, sd_none,
153 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
154};
155
156static const int sd_cmd_class[64] = {
157 0, 0, 0, 0, 0, 9, 10, 0, 0, 0, 0, 1, 0, 0, 0, 0,
158 2, 2, 2, 2, 3, 3, 3, 3, 4, 4, 4, 4, 6, 6, 6, 6,
159 5, 5, 10, 10, 10, 10, 5, 9, 9, 9, 7, 7, 7, 7, 7, 7,
160 7, 7, 10, 7, 9, 9, 9, 8, 8, 10, 8, 8, 8, 8, 8, 8,
161};
162
163static uint8_t sd_crc7(void *message, size_t width)
164{
165 int i, bit;
166 uint8_t shift_reg = 0x00;
167 uint8_t *msg = (uint8_t *) message;
168
169 for (i = 0; i < width; i ++, msg ++)
170 for (bit = 7; bit >= 0; bit --) {
171 shift_reg <<= 1;
172 if ((shift_reg >> 7) ^ ((*msg >> bit) & 1))
173 shift_reg ^= 0x89;
174 }
175
176 return shift_reg;
177}
178
179static uint16_t sd_crc16(void *message, size_t width)
180{
181 int i, bit;
182 uint16_t shift_reg = 0x0000;
183 uint16_t *msg = (uint16_t *) message;
184 width <<= 1;
185
186 for (i = 0; i < width; i ++, msg ++)
187 for (bit = 15; bit >= 0; bit --) {
188 shift_reg <<= 1;
189 if ((shift_reg >> 15) ^ ((*msg >> bit) & 1))
190 shift_reg ^= 0x1011;
191 }
192
193 return shift_reg;
194}
195
196static void sd_set_ocr(SDState *sd)
197{
1b088995 198 /* All voltages OK, card power-up OK, Standard Capacity SD Memory Card */
829ef7b0 199 sd->ocr = 0x80ffff00;
a1bb27b1
PB		 200}
201
202static void sd_set_scr(SDState *sd)
203{
204 sd->scr[0] = 0x00; /* SCR Structure */
205 sd->scr[1] = 0x2f; /* SD Security Support */
206 sd->scr[2] = 0x00;
207 sd->scr[3] = 0x00;
208 sd->scr[4] = 0x00;
209 sd->scr[5] = 0x00;
210 sd->scr[6] = 0x00;
211 sd->scr[7] = 0x00;
212}
213
214#define MID 0xaa
215#define OID "XY"
216#define PNM "QEMU!"
217#define PRV 0x01
218#define MDT_YR 2006
219#define MDT_MON 2
220
221static void sd_set_cid(SDState *sd)
222{
223 sd->cid[0] = MID; /* Fake card manufacturer ID (MID) */
224 sd->cid[1] = OID[0]; /* OEM/Application ID (OID) */
225 sd->cid[2] = OID[1];
226 sd->cid[3] = PNM[0]; /* Fake product name (PNM) */
227 sd->cid[4] = PNM[1];
228 sd->cid[5] = PNM[2];
229 sd->cid[6] = PNM[3];
230 sd->cid[7] = PNM[4];
231 sd->cid[8] = PRV; /* Fake product revision (PRV) */
232 sd->cid[9] = 0xde; /* Fake serial number (PSN) */
233 sd->cid[10] = 0xad;
234 sd->cid[11] = 0xbe;
235 sd->cid[12] = 0xef;
236 sd->cid[13] = 0x00 | /* Manufacture date (MDT) */
237 ((MDT_YR - 2000) / 10);
238 sd->cid[14] = ((MDT_YR % 10) << 4) | MDT_MON;
239 sd->cid[15] = (sd_crc7(sd->cid, 15) << 1) | 1;
240}
241
242#define HWBLOCK_SHIFT 9 /* 512 bytes */
243#define SECTOR_SHIFT 5 /* 16 kilobytes */
244#define WPGROUP_SHIFT 7 /* 2 megs */
245#define CMULT_SHIFT 9 /* 512 times HWBLOCK_SIZE */
a1bb27b1
PB		 246#define WPGROUP_SIZE (1 << (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT))
247
248static const uint8_t sd_csd_rw_mask[16] = {
249 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
250 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xfc, 0xfe,
251};
252
2d7adea4 253static void sd_set_csd(SDState *sd, uint64_t size)
a1bb27b1
PB		 254{
255 uint32_t csize = (size >> (CMULT_SHIFT + HWBLOCK_SHIFT)) - 1;
256 uint32_t sectsize = (1 << (SECTOR_SHIFT + 1)) - 1;
257 uint32_t wpsize = (1 << (WPGROUP_SHIFT + 1)) - 1;
258
2d7adea4
AZ		 259 if (size <= 0x40000000) { /* Standard Capacity SD */
260 sd->csd[0] = 0x00; /* CSD structure */
261 sd->csd[1] = 0x26; /* Data read access-time-1 */
262 sd->csd[2] = 0x00; /* Data read access-time-2 */
263 sd->csd[3] = 0x5a; /* Max. data transfer rate */
264 sd->csd[4] = 0x5f; /* Card Command Classes */
265 sd->csd[5] = 0x50 | /* Max. read data block length */
266 HWBLOCK_SHIFT;
267 sd->csd[6] = 0xe0 | /* Partial block for read allowed */
268 ((csize >> 10) & 0x03);
269 sd->csd[7] = 0x00 | /* Device size */
270 ((csize >> 2) & 0xff);
271 sd->csd[8] = 0x3f | /* Max. read current */
272 ((csize << 6) & 0xc0);
273 sd->csd[9] = 0xfc | /* Max. write current */
274 ((CMULT_SHIFT - 2) >> 1);
275 sd->csd[10] = 0x40 | /* Erase sector size */
276 (((CMULT_SHIFT - 2) << 7) & 0x80) | (sectsize >> 1);
277 sd->csd[11] = 0x00 | /* Write protect group size */
278 ((sectsize << 7) & 0x80) | wpsize;
279 sd->csd[12] = 0x90 | /* Write speed factor */
280 (HWBLOCK_SHIFT >> 2);
281 sd->csd[13] = 0x20 | /* Max. write data block length */
282 ((HWBLOCK_SHIFT << 6) & 0xc0);
283 sd->csd[14] = 0x00; /* File format group */
284 sd->csd[15] = (sd_crc7(sd->csd, 15) << 1) | 1;
285 } else { /* SDHC */
286 size /= 512 * 1024;
287 size -= 1;
288 sd->csd[0] = 0x40;
289 sd->csd[1] = 0x0e;
290 sd->csd[2] = 0x00;
291 sd->csd[3] = 0x32;
292 sd->csd[4] = 0x5b;
293 sd->csd[5] = 0x59;
294 sd->csd[6] = 0x00;
295 sd->csd[7] = (size >> 16) & 0xff;
296 sd->csd[8] = (size >> 8) & 0xff;
297 sd->csd[9] = (size & 0xff);
298 sd->csd[10] = 0x7f;
299 sd->csd[11] = 0x80;
300 sd->csd[12] = 0x0a;
301 sd->csd[13] = 0x40;
302 sd->csd[14] = 0x00;
303 sd->csd[15] = 0x00;
304 sd->ocr |= 1 << 30; /* High Capacity SD Memort Card */
305 }
a1bb27b1
PB		 306}
307
308static void sd_set_rca(SDState *sd)
309{
310 sd->rca += 0x4567;
311}
312
313#define CARD_STATUS_A 0x02004100
314#define CARD_STATUS_B 0x00c01e00
315#define CARD_STATUS_C 0xfd39a028
316
317static void sd_set_cardstatus(SDState *sd)
318{
319 sd->card_status = 0x00000100;
320}
321
322static void sd_set_sdstatus(SDState *sd)
323{
324 memset(sd->sd_status, 0, 64);
325}
326
bc24a225 327static int sd_req_crc_validate(SDRequest *req)
a1bb27b1
PB		 328{
329 uint8_t buffer[5];
330 buffer[0] = 0x40 | req->cmd;
331 buffer[1] = (req->arg >> 24) & 0xff;
332 buffer[2] = (req->arg >> 16) & 0xff;
333 buffer[3] = (req->arg >> 8) & 0xff;
334 buffer[4] = (req->arg >> 0) & 0xff;
335 return 0;
336 return sd_crc7(buffer, 5) != req->crc; /* TODO */
337}
338
9596ebb7
PB		 339static void sd_response_r1_make(SDState *sd,
340 uint8_t *response, uint32_t last_status)
a1bb27b1
PB		 341{
342 uint32_t mask = CARD_STATUS_B ^ ILLEGAL_COMMAND;
343 uint32_t status;
344
345 status = (sd->card_status & ~mask) | (last_status & mask);
346 sd->card_status &= ~CARD_STATUS_C | APP_CMD;
347
348 response[0] = (status >> 24) & 0xff;
349 response[1] = (status >> 16) & 0xff;
350 response[2] = (status >> 8) & 0xff;
351 response[3] = (status >> 0) & 0xff;
352}
353
9596ebb7 354static void sd_response_r3_make(SDState *sd, uint8_t *response)
a1bb27b1
PB		 355{
356 response[0] = (sd->ocr >> 24) & 0xff;
357 response[1] = (sd->ocr >> 16) & 0xff;
358 response[2] = (sd->ocr >> 8) & 0xff;
359 response[3] = (sd->ocr >> 0) & 0xff;
360}
361
9596ebb7 362static void sd_response_r6_make(SDState *sd, uint8_t *response)
a1bb27b1
PB		 363{
364 uint16_t arg;
365 uint16_t status;
366
367 arg = sd->rca;
368 status = ((sd->card_status >> 8) & 0xc000) |
369 ((sd->card_status >> 6) & 0x2000) |
370 (sd->card_status & 0x1fff);
371
372 response[0] = (arg >> 8) & 0xff;
373 response[1] = arg & 0xff;
374 response[2] = (status >> 8) & 0xff;
375 response[3] = status & 0xff;
376}
377
1b088995
AZ		 378static void sd_response_r7_make(SDState *sd, uint8_t *response)
379{
380 response[0] = (sd->vhs >> 24) & 0xff;
381 response[1] = (sd->vhs >> 16) & 0xff;
382 response[2] = (sd->vhs >> 8) & 0xff;
383 response[3] = (sd->vhs >> 0) & 0xff;
384}
385
a1bb27b1
PB		 386static void sd_reset(SDState *sd, BlockDriverState *bdrv)
387{
2d7adea4 388 uint64_t size;
a1bb27b1
PB		 389 uint64_t sect;
390
03f311ed
PB		 391 if (bdrv) {
392 bdrv_get_geometry(bdrv, &sect);
393 } else {
394 sect = 0;
395 }
5e37141b 396 size = sect << 9;
a1bb27b1
PB		 397
398 sect = (size >> (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT)) + 1;
399
400 sd->state = sd_idle_state;
401 sd->rca = 0x0000;
402 sd_set_ocr(sd);
403 sd_set_scr(sd);
404 sd_set_cid(sd);
405 sd_set_csd(sd, size);
406 sd_set_cardstatus(sd);
407 sd_set_sdstatus(sd);
408
409 sd->bdrv = bdrv;
410
257514dd 411 if (sd->wp_groups)
7267c094 412 g_free(sd->wp_groups);
03f311ed 413 sd->wp_switch = bdrv ? bdrv_is_read_only(bdrv) : 0;
7267c094 414 sd->wp_groups = (int *) g_malloc0(sizeof(int) * sect);
a1bb27b1
PB		 415 memset(sd->function_group, 0, sizeof(int) * 6);
416 sd->erase_start = 0;
417 sd->erase_end = 0;
418 sd->size = size;
419 sd->blk_len = 0x200;
420 sd->pwd_len = 0;
421}
422
db97ee6a 423static void sd_cardchange(void *opaque, int reason)
a1bb27b1
PB		 424{
425 SDState *sd = opaque;
db97ee6a
CH		 426
427 if (!(reason & CHANGE_MEDIA)) {
428 return;
429 }
430
02ce600c 431 qemu_set_irq(sd->inserted_cb, bdrv_is_inserted(sd->bdrv));
a1bb27b1
PB		 432 if (bdrv_is_inserted(sd->bdrv)) {
433 sd_reset(sd, sd->bdrv);
257514dd 434 qemu_set_irq(sd->readonly_cb, sd->wp_switch);
a1bb27b1
PB		 435 }
436}
437
0e49de52
MA		 438static const BlockDevOps sd_block_ops = {
439 .change_cb = sd_cardchange,
440};
441
775616c3 442/* We do not model the chip select pin, so allow the board to select
8ef6367e 443 whether card should be in SSI or MMC/SD mode. It is also up to the
775616c3
PB		 444 board to ensure that ssi transfers only occur when the chip select
445 is asserted. */
446SDState *sd_init(BlockDriverState *bs, int is_spi)
a1bb27b1
PB		 447{
448 SDState *sd;
449
7267c094 450 sd = (SDState *) g_malloc0(sizeof(SDState));
72aef731 451 sd->buf = qemu_blockalign(bs, 512);
775616c3 452 sd->spi = is_spi;
4872aa13 453 sd->enable = 1;
a1bb27b1 454 sd_reset(sd, bs);
03f311ed 455 if (sd->bdrv) {
fa879d62 456 bdrv_attach_dev_nofail(sd->bdrv, sd);
0e49de52 457 bdrv_set_dev_ops(sd->bdrv, &sd_block_ops, sd);
03f311ed 458 }
a1bb27b1
PB		 459 return sd;
460}
461
02ce600c 462void sd_set_cb(SDState *sd, qemu_irq readonly, qemu_irq insert)
a1bb27b1 463{
02ce600c
AZ		 464 sd->readonly_cb = readonly;
465 sd->inserted_cb = insert;
0d2e91c1
AJ		 466 qemu_set_irq(readonly, sd->bdrv ? bdrv_is_read_only(sd->bdrv) : 0);
467 qemu_set_irq(insert, sd->bdrv ? bdrv_is_inserted(sd->bdrv) : 0);
a1bb27b1
PB		 468}
469
470static void sd_erase(SDState *sd)
471{
472 int i, start, end;
473 if (!sd->erase_start || !sd->erase_end) {
474 sd->card_status |= ERASE_SEQ_ERROR;
475 return;
476 }
477
478 start = sd->erase_start >>
479 (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT);
480 end = sd->erase_end >>
481 (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT);
482 sd->erase_start = 0;
483 sd->erase_end = 0;
484 sd->csd[14] |= 0x40;
485
486 for (i = start; i <= end; i ++)
487 if (sd->wp_groups[i])
488 sd->card_status |= WP_ERASE_SKIP;
489}
490
2d7adea4 491static uint32_t sd_wpbits(SDState *sd, uint64_t addr)
a1bb27b1
PB		 492{
493 uint32_t i, wpnum;
494 uint32_t ret = 0;
495
496 wpnum = addr >> (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT);
497
498 for (i = 0; i < 32; i ++, wpnum ++, addr += WPGROUP_SIZE)
499 if (addr < sd->size && sd->wp_groups[wpnum])
500 ret |= (1 << i);
501
502 return ret;
503}
504
505static void sd_function_switch(SDState *sd, uint32_t arg)
506{
507 int i, mode, new_func, crc;
508 mode = !!(arg & 0x80000000);
509
510 sd->data[0] = 0x00; /* Maximum current consumption */
511 sd->data[1] = 0x01;
512 sd->data[2] = 0x80; /* Supported group 6 functions */
513 sd->data[3] = 0x01;
514 sd->data[4] = 0x80; /* Supported group 5 functions */
515 sd->data[5] = 0x01;
516 sd->data[6] = 0x80; /* Supported group 4 functions */
517 sd->data[7] = 0x01;
518 sd->data[8] = 0x80; /* Supported group 3 functions */
519 sd->data[9] = 0x01;
520 sd->data[10] = 0x80; /* Supported group 2 functions */
521 sd->data[11] = 0x43;
522 sd->data[12] = 0x80; /* Supported group 1 functions */
523 sd->data[13] = 0x03;
524 for (i = 0; i < 6; i ++) {
525 new_func = (arg >> (i * 4)) & 0x0f;
526 if (mode && new_func != 0x0f)
527 sd->function_group[i] = new_func;
528 sd->data[14 + (i >> 1)] = new_func << ((i * 4) & 4);
529 }
530 memset(&sd->data[17], 0, 47);
531 crc = sd_crc16(sd->data, 64);
532 sd->data[65] = crc >> 8;
533 sd->data[66] = crc & 0xff;
534}
535
536static inline int sd_wp_addr(SDState *sd, uint32_t addr)
537{
538 return sd->wp_groups[addr >>
539 (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT)];
540}
541
542static void sd_lock_command(SDState *sd)
543{
544 int erase, lock, clr_pwd, set_pwd, pwd_len;
545 erase = !!(sd->data[0] & 0x08);
546 lock = sd->data[0] & 0x04;
547 clr_pwd = sd->data[0] & 0x02;
548 set_pwd = sd->data[0] & 0x01;
549
550 if (sd->blk_len > 1)
551 pwd_len = sd->data[1];
552 else
553 pwd_len = 0;
554
555 if (erase) {
556 if (!(sd->card_status & CARD_IS_LOCKED) || sd->blk_len > 1 ||
557 set_pwd || clr_pwd || lock || sd->wp_switch ||
558 (sd->csd[14] & 0x20)) {
559 sd->card_status |= LOCK_UNLOCK_FAILED;
560 return;
561 }
562 memset(sd->wp_groups, 0, sizeof(int) * (sd->size >>
563 (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT)));
564 sd->csd[14] &= ~0x10;
565 sd->card_status &= ~CARD_IS_LOCKED;
566 sd->pwd_len = 0;
567 /* Erasing the entire card here! */
827df9f3 568 fprintf(stderr, "SD: Card force-erased by CMD42\n");
a1bb27b1
PB		 569 return;
570 }
571
572 if (sd->blk_len < 2 + pwd_len ||
573 pwd_len <= sd->pwd_len ||
574 pwd_len > sd->pwd_len + 16) {
575 sd->card_status |= LOCK_UNLOCK_FAILED;
576 return;
577 }
578
579 if (sd->pwd_len && memcmp(sd->pwd, sd->data + 2, sd->pwd_len)) {
580 sd->card_status |= LOCK_UNLOCK_FAILED;
581 return;
582 }
583
584 pwd_len -= sd->pwd_len;
585 if ((pwd_len && !set_pwd) ||
586 (clr_pwd && (set_pwd || lock)) ||
587 (lock && !sd->pwd_len && !set_pwd) ||
588 (!set_pwd && !clr_pwd &&
589 (((sd->card_status & CARD_IS_LOCKED) && lock) ||
590 (!(sd->card_status & CARD_IS_LOCKED) && !lock)))) {
591 sd->card_status |= LOCK_UNLOCK_FAILED;
592 return;
593 }
594
595 if (set_pwd) {
596 memcpy(sd->pwd, sd->data + 2 + sd->pwd_len, pwd_len);
597 sd->pwd_len = pwd_len;
598 }
599
600 if (clr_pwd) {
601 sd->pwd_len = 0;
602 }
603
604 if (lock)
605 sd->card_status |= CARD_IS_LOCKED;
606 else
607 sd->card_status &= ~CARD_IS_LOCKED;
608}
609
c227f099 610static sd_rsp_type_t sd_normal_command(SDState *sd,
bc24a225 611 SDRequest req)
a1bb27b1
PB		 612{
613 uint32_t rca = 0x0000;
2d7adea4 614 uint64_t addr = (sd->ocr & (1 << 30)) ? (uint64_t) req.arg << 9 : req.arg;
a1bb27b1
PB		 615
616 if (sd_cmd_type[req.cmd] == sd_ac || sd_cmd_type[req.cmd] == sd_adtc)
617 rca = req.arg >> 16;
618
619 DPRINTF("CMD%d 0x%08x state %d\n", req.cmd, req.arg, sd->state);
620 switch (req.cmd) {
621 /* Basic commands (Class 0 and Class 1) */
622 case 0: /* CMD0: GO_IDLE_STATE */
623 switch (sd->state) {
624 case sd_inactive_state:
775616c3 625 return sd->spi ? sd_r1 : sd_r0;
a1bb27b1
PB		 626
627 default:
628 sd->state = sd_idle_state;
629 sd_reset(sd, sd->bdrv);
775616c3 630 return sd->spi ? sd_r1 : sd_r0;
a1bb27b1
PB		 631 }
632 break;
633
775616c3
PB		 634 case 1: /* CMD1: SEND_OP_CMD */
635 if (!sd->spi)
636 goto bad_cmd;
637
638 sd->state = sd_transfer_state;
639 return sd_r1;
640
a1bb27b1 641 case 2: /* CMD2: ALL_SEND_CID */
775616c3
PB		 642 if (sd->spi)
643 goto bad_cmd;
a1bb27b1
PB		 644 switch (sd->state) {
645 case sd_ready_state:
646 sd->state = sd_identification_state;
647 return sd_r2_i;
648
649 default:
650 break;
651 }
652 break;
653
654 case 3: /* CMD3: SEND_RELATIVE_ADDR */
775616c3
PB		 655 if (sd->spi)
656 goto bad_cmd;
a1bb27b1
PB		 657 switch (sd->state) {
658 case sd_identification_state:
659 case sd_standby_state:
660 sd->state = sd_standby_state;
661 sd_set_rca(sd);
662 return sd_r6;
663
664 default:
665 break;
666 }
667 break;
668
669 case 4: /* CMD4: SEND_DSR */
775616c3
PB		 670 if (sd->spi)
671 goto bad_cmd;
a1bb27b1
PB		 672 switch (sd->state) {
673 case sd_standby_state:
674 break;
675
676 default:
677 break;
678 }
679 break;
680
109ac32f
JR		 681 case 5: /* CMD5: reserved for SDIO cards */
682 sd->card_status |= ILLEGAL_COMMAND;
683 return sd_r0;
684
a1bb27b1 685 case 6: /* CMD6: SWITCH_FUNCTION */
775616c3
PB		 686 if (sd->spi)
687 goto bad_cmd;
a1bb27b1
PB		 688 switch (sd->mode) {
689 case sd_data_transfer_mode:
690 sd_function_switch(sd, req.arg);
691 sd->state = sd_sendingdata_state;
692 sd->data_start = 0;
693 sd->data_offset = 0;
694 return sd_r1;
695
696 default:
697 break;
698 }
699 break;
700
701 case 7: /* CMD7: SELECT/DESELECT_CARD */
775616c3
PB		 702 if (sd->spi)
703 goto bad_cmd;
a1bb27b1
PB		 704 switch (sd->state) {
705 case sd_standby_state:
706 if (sd->rca != rca)
707 return sd_r0;
708
709 sd->state = sd_transfer_state;
710 return sd_r1b;
711
712 case sd_transfer_state:
713 case sd_sendingdata_state:
714 if (sd->rca == rca)
715 break;
716
717 sd->state = sd_standby_state;
718 return sd_r1b;
719
720 case sd_disconnect_state:
721 if (sd->rca != rca)
722 return sd_r0;
723
724 sd->state = sd_programming_state;
725 return sd_r1b;
726
727 case sd_programming_state:
728 if (sd->rca == rca)
729 break;
730
731 sd->state = sd_disconnect_state;
732 return sd_r1b;
733
734 default:
735 break;
736 }
737 break;
738
1b088995
AZ		 739 case 8: /* CMD8: SEND_IF_COND */
740 /* Physical Layer Specification Version 2.00 command */
741 switch (sd->state) {
742 case sd_idle_state:
743 sd->vhs = 0;
744
745 /* No response if not exactly one VHS bit is set. */
746 if (!(req.arg >> 8) || (req.arg >> ffs(req.arg & ~0xff)))
747 return sd->spi ? sd_r7 : sd_r0;
748
749 /* Accept. */
750 sd->vhs = req.arg;
751 return sd_r7;
752
753 default:
754 break;
755 }
756 break;
757
a1bb27b1
PB		 758 case 9: /* CMD9: SEND_CSD */
759 switch (sd->state) {
760 case sd_standby_state:
761 if (sd->rca != rca)
762 return sd_r0;
763
764 return sd_r2_s;
765
775616c3
PB		 766 case sd_transfer_state:
767 if (!sd->spi)
768 break;
769 sd->state = sd_sendingdata_state;
770 memcpy(sd->data, sd->csd, 16);
2d7adea4 771 sd->data_start = addr;
775616c3
PB		 772 sd->data_offset = 0;
773 return sd_r1;
774
a1bb27b1
PB		 775 default:
776 break;
777 }
778 break;
779
780 case 10: /* CMD10: SEND_CID */
781 switch (sd->state) {
782 case sd_standby_state:
783 if (sd->rca != rca)
784 return sd_r0;
785
786 return sd_r2_i;
787
775616c3
PB		 788 case sd_transfer_state:
789 if (!sd->spi)
790 break;
791 sd->state = sd_sendingdata_state;
792 memcpy(sd->data, sd->cid, 16);
2d7adea4 793 sd->data_start = addr;
775616c3
PB		 794 sd->data_offset = 0;
795 return sd_r1;
796
a1bb27b1
PB		 797 default:
798 break;
799 }
800 break;
801
802 case 11: /* CMD11: READ_DAT_UNTIL_STOP */
775616c3
PB		 803 if (sd->spi)
804 goto bad_cmd;
a1bb27b1
PB		 805 switch (sd->state) {
806 case sd_transfer_state:
807 sd->state = sd_sendingdata_state;
808 sd->data_start = req.arg;
809 sd->data_offset = 0;
810
811 if (sd->data_start + sd->blk_len > sd->size)
812 sd->card_status |= ADDRESS_ERROR;
813 return sd_r0;
814
815 default:
816 break;
817 }
818 break;
819
820 case 12: /* CMD12: STOP_TRANSMISSION */
821 switch (sd->state) {
822 case sd_sendingdata_state:
823 sd->state = sd_transfer_state;
824 return sd_r1b;
825
826 case sd_receivingdata_state:
827 sd->state = sd_programming_state;
828 /* Bzzzzzzztt .... Operation complete. */
829 sd->state = sd_transfer_state;
830 return sd_r1b;
831
832 default:
833 break;
834 }
835 break;
836
837 case 13: /* CMD13: SEND_STATUS */
838 switch (sd->mode) {
839 case sd_data_transfer_mode:
840 if (sd->rca != rca)
841 return sd_r0;
842
843 return sd_r1;
844
845 default:
846 break;
847 }
848 break;
849
850 case 15: /* CMD15: GO_INACTIVE_STATE */
775616c3
PB		 851 if (sd->spi)
852 goto bad_cmd;
a1bb27b1
PB		 853 switch (sd->mode) {
854 case sd_data_transfer_mode:
855 if (sd->rca != rca)
856 return sd_r0;
857
858 sd->state = sd_inactive_state;
859 return sd_r0;
860
861 default:
862 break;
863 }
864 break;
865
866 /* Block read commands (Classs 2) */
867 case 16: /* CMD16: SET_BLOCKLEN */
868 switch (sd->state) {
869 case sd_transfer_state:
870 if (req.arg > (1 << HWBLOCK_SHIFT))
871 sd->card_status |= BLOCK_LEN_ERROR;
872 else
873 sd->blk_len = req.arg;
874
875 return sd_r1;
876
877 default:
878 break;
879 }
880 break;
881
882 case 17: /* CMD17: READ_SINGLE_BLOCK */
883 switch (sd->state) {
884 case sd_transfer_state:
885 sd->state = sd_sendingdata_state;
2d7adea4 886 sd->data_start = addr;
a1bb27b1
PB		 887 sd->data_offset = 0;
888
889 if (sd->data_start + sd->blk_len > sd->size)
890 sd->card_status |= ADDRESS_ERROR;
891 return sd_r1;
892
893 default:
894 break;
895 }
896 break;
897
898 case 18: /* CMD18: READ_MULTIPLE_BLOCK */
899 switch (sd->state) {
900 case sd_transfer_state:
901 sd->state = sd_sendingdata_state;
2d7adea4 902 sd->data_start = addr;
a1bb27b1
PB		 903 sd->data_offset = 0;
904
905 if (sd->data_start + sd->blk_len > sd->size)
906 sd->card_status |= ADDRESS_ERROR;
907 return sd_r1;
908
909 default:
910 break;
911 }
912 break;
913
914 /* Block write commands (Class 4) */
915 case 24: /* CMD24: WRITE_SINGLE_BLOCK */
775616c3
PB		 916 if (sd->spi)
917 goto unimplemented_cmd;
a1bb27b1
PB		 918 switch (sd->state) {
919 case sd_transfer_state:
775616c3
PB		 920 /* Writing in SPI mode not implemented. */
921 if (sd->spi)
922 break;
a1bb27b1 923 sd->state = sd_receivingdata_state;
2d7adea4 924 sd->data_start = addr;
a1bb27b1
PB		 925 sd->data_offset = 0;
926 sd->blk_written = 0;
927
928 if (sd->data_start + sd->blk_len > sd->size)
929 sd->card_status |= ADDRESS_ERROR;
930 if (sd_wp_addr(sd, sd->data_start))
931 sd->card_status |= WP_VIOLATION;
932 if (sd->csd[14] & 0x30)
933 sd->card_status |= WP_VIOLATION;
934 return sd_r1;
935
936 default:
937 break;
938 }
939 break;
940
941 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
775616c3
PB		 942 if (sd->spi)
943 goto unimplemented_cmd;
a1bb27b1
PB		 944 switch (sd->state) {
945 case sd_transfer_state:
775616c3
PB		 946 /* Writing in SPI mode not implemented. */
947 if (sd->spi)
948 break;
a1bb27b1 949 sd->state = sd_receivingdata_state;
2d7adea4 950 sd->data_start = addr;
a1bb27b1
PB		 951 sd->data_offset = 0;
952 sd->blk_written = 0;
953
954 if (sd->data_start + sd->blk_len > sd->size)
955 sd->card_status |= ADDRESS_ERROR;
956 if (sd_wp_addr(sd, sd->data_start))
957 sd->card_status |= WP_VIOLATION;
958 if (sd->csd[14] & 0x30)
959 sd->card_status |= WP_VIOLATION;
960 return sd_r1;
961
962 default:
963 break;
964 }
965 break;
966
967 case 26: /* CMD26: PROGRAM_CID */
775616c3
PB		 968 if (sd->spi)
969 goto bad_cmd;
a1bb27b1
PB		 970 switch (sd->state) {
971 case sd_transfer_state:
972 sd->state = sd_receivingdata_state;
973 sd->data_start = 0;
974 sd->data_offset = 0;
975 return sd_r1;
976
977 default:
978 break;
979 }
980 break;
981
982 case 27: /* CMD27: PROGRAM_CSD */
775616c3
PB		 983 if (sd->spi)
984 goto unimplemented_cmd;
a1bb27b1
PB		 985 switch (sd->state) {
986 case sd_transfer_state:
987 sd->state = sd_receivingdata_state;
988 sd->data_start = 0;
989 sd->data_offset = 0;
990 return sd_r1;
991
992 default:
993 break;
994 }
995 break;
996
997 /* Write protection (Class 6) */
998 case 28: /* CMD28: SET_WRITE_PROT */
999 switch (sd->state) {
1000 case sd_transfer_state:
2d7adea4 1001 if (addr >= sd->size) {
a1bb27b1
PB		 1002 sd->card_status = ADDRESS_ERROR;
1003 return sd_r1b;
1004 }
1005
1006 sd->state = sd_programming_state;
2d7adea4 1007 sd->wp_groups[addr >> (HWBLOCK_SHIFT +
a1bb27b1
PB		 1008 SECTOR_SHIFT + WPGROUP_SHIFT)] = 1;
1009 /* Bzzzzzzztt .... Operation complete. */
1010 sd->state = sd_transfer_state;
1011 return sd_r1b;
1012
1013 default:
1014 break;
1015 }
1016 break;
1017
1018 case 29: /* CMD29: CLR_WRITE_PROT */
1019 switch (sd->state) {
1020 case sd_transfer_state:
2d7adea4 1021 if (addr >= sd->size) {
a1bb27b1
PB		 1022 sd->card_status = ADDRESS_ERROR;
1023 return sd_r1b;
1024 }
1025
1026 sd->state = sd_programming_state;
2d7adea4 1027 sd->wp_groups[addr >> (HWBLOCK_SHIFT +
a1bb27b1
PB		 1028 SECTOR_SHIFT + WPGROUP_SHIFT)] = 0;
1029 /* Bzzzzzzztt .... Operation complete. */
1030 sd->state = sd_transfer_state;
1031 return sd_r1b;
1032
1033 default:
1034 break;
1035 }
1036 break;
1037
1038 case 30: /* CMD30: SEND_WRITE_PROT */
1039 switch (sd->state) {
1040 case sd_transfer_state:
1041 sd->state = sd_sendingdata_state;
1042 *(uint32_t *) sd->data = sd_wpbits(sd, req.arg);
2d7adea4 1043 sd->data_start = addr;
a1bb27b1
PB		 1044 sd->data_offset = 0;
1045 return sd_r1b;
1046
1047 default:
1048 break;
1049 }
1050 break;
1051
1052 /* Erase commands (Class 5) */
1053 case 32: /* CMD32: ERASE_WR_BLK_START */
1054 switch (sd->state) {
1055 case sd_transfer_state:
1056 sd->erase_start = req.arg;
1057 return sd_r1;
1058
1059 default:
1060 break;
1061 }
1062 break;
1063
1064 case 33: /* CMD33: ERASE_WR_BLK_END */
1065 switch (sd->state) {
1066 case sd_transfer_state:
1067 sd->erase_end = req.arg;
1068 return sd_r1;
1069
1070 default:
1071 break;
1072 }
1073 break;
1074
1075 case 38: /* CMD38: ERASE */
1076 switch (sd->state) {
1077 case sd_transfer_state:
1078 if (sd->csd[14] & 0x30) {
1079 sd->card_status |= WP_VIOLATION;
1080 return sd_r1b;
1081 }
1082
1083 sd->state = sd_programming_state;
1084 sd_erase(sd);
1085 /* Bzzzzzzztt .... Operation complete. */
1086 sd->state = sd_transfer_state;
1087 return sd_r1b;
1088
1089 default:
1090 break;
1091 }
1092 break;
1093
1094 /* Lock card commands (Class 7) */
1095 case 42: /* CMD42: LOCK_UNLOCK */
775616c3
PB		 1096 if (sd->spi)
1097 goto unimplemented_cmd;
a1bb27b1
PB		 1098 switch (sd->state) {
1099 case sd_transfer_state:
1100 sd->state = sd_receivingdata_state;
1101 sd->data_start = 0;
1102 sd->data_offset = 0;
1103 return sd_r1;
1104
1105 default:
1106 break;
1107 }
1108 break;
1109
39e594db
PM		 1110 case 52:
1111 case 53:
1112 /* CMD52, CMD53: reserved for SDIO cards
1113 * (see the SDIO Simplified Specification V2.0)
1114 * Handle as illegal command but do not complain
1115 * on stderr, as some OSes may use these in their
1116 * probing for presence of an SDIO card.
1117 */
1118 sd->card_status |= ILLEGAL_COMMAND;
1119 return sd_r0;
1120
a1bb27b1
PB		 1121 /* Application specific commands (Class 8) */
1122 case 55: /* CMD55: APP_CMD */
1123 if (sd->rca != rca)
1124 return sd_r0;
1125
1126 sd->card_status |= APP_CMD;
1127 return sd_r1;
1128
1129 case 56: /* CMD56: GEN_CMD */
827df9f3 1130 fprintf(stderr, "SD: GEN_CMD 0x%08x\n", req.arg);
a1bb27b1
PB		 1131
1132 switch (sd->state) {
1133 case sd_transfer_state:
1134 sd->data_offset = 0;
1135 if (req.arg & 1)
1136 sd->state = sd_sendingdata_state;
1137 else
1138 sd->state = sd_receivingdata_state;
1139 return sd_r1;
1140
1141 default:
1142 break;
1143 }
1144 break;
1145
1146 default:
775616c3 1147 bad_cmd:
a1bb27b1
PB		 1148 sd->card_status |= ILLEGAL_COMMAND;
1149
827df9f3 1150 fprintf(stderr, "SD: Unknown CMD%i\n", req.cmd);
a1bb27b1 1151 return sd_r0;
775616c3
PB		 1152
1153 unimplemented_cmd:
1154 /* Commands that are recognised but not yet implemented in SPI mode. */
1155 sd->card_status |= ILLEGAL_COMMAND;
827df9f3 1156 fprintf(stderr, "SD: CMD%i not implemented in SPI mode\n", req.cmd);
775616c3 1157 return sd_r0;
a1bb27b1
PB		 1158 }
1159
1160 sd->card_status |= ILLEGAL_COMMAND;
827df9f3 1161 fprintf(stderr, "SD: CMD%i in a wrong state\n", req.cmd);
a1bb27b1
PB		 1162 return sd_r0;
1163}
1164
c227f099 1165static sd_rsp_type_t sd_app_command(SDState *sd,
22ed1d34
BS		 1166 SDRequest req)
1167{
a1bb27b1
PB		 1168 DPRINTF("ACMD%d 0x%08x\n", req.cmd, req.arg);
1169 switch (req.cmd) {
1170 case 6: /* ACMD6: SET_BUS_WIDTH */
1171 switch (sd->state) {
1172 case sd_transfer_state:
1173 sd->sd_status[0] &= 0x3f;
1174 sd->sd_status[0] |= (req.arg & 0x03) << 6;
1175 return sd_r1;
1176
1177 default:
1178 break;
1179 }
1180 break;
1181
1182 case 13: /* ACMD13: SD_STATUS */
1183 switch (sd->state) {
1184 case sd_transfer_state:
fb1ba03a 1185 sd->state = sd_sendingdata_state;
a1bb27b1
PB		 1186 sd->data_start = 0;
1187 sd->data_offset = 0;
1188 return sd_r1;
1189
1190 default:
1191 break;
1192 }
1193 break;
1194
1195 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
1196 switch (sd->state) {
1197 case sd_transfer_state:
1198 *(uint32_t *) sd->data = sd->blk_written;
1199
fb1ba03a 1200 sd->state = sd_sendingdata_state;
a1bb27b1
PB		 1201 sd->data_start = 0;
1202 sd->data_offset = 0;
1203 return sd_r1;
1204
1205 default:
1206 break;
1207 }
1208 break;
1209
1210 case 23: /* ACMD23: SET_WR_BLK_ERASE_COUNT */
1211 switch (sd->state) {
1212 case sd_transfer_state:
1213 return sd_r1;
1214
1215 default:
1216 break;
1217 }
1218 break;
1219
1220 case 41: /* ACMD41: SD_APP_OP_COND */
775616c3
PB		 1221 if (sd->spi) {
1222 /* SEND_OP_CMD */
1223 sd->state = sd_transfer_state;
1224 return sd_r1;
1225 }
a1bb27b1
PB		 1226 switch (sd->state) {
1227 case sd_idle_state:
1228 /* We accept any voltage. 10000 V is nothing. */
1229 if (req.arg)
1230 sd->state = sd_ready_state;
1231
1232 return sd_r3;
1233
1234 default:
1235 break;
1236 }
1237 break;
1238
1239 case 42: /* ACMD42: SET_CLR_CARD_DETECT */
1240 switch (sd->state) {
1241 case sd_transfer_state:
1242 /* Bringing in the 50KOhm pull-up resistor... Done. */
1243 return sd_r1;
1244
1245 default:
1246 break;
1247 }
1248 break;
1249
1250 case 51: /* ACMD51: SEND_SCR */
1251 switch (sd->state) {
1252 case sd_transfer_state:
1253 sd->state = sd_sendingdata_state;
1254 sd->data_start = 0;
1255 sd->data_offset = 0;
1256 return sd_r1;
1257
1258 default:
1259 break;
1260 }
1261 break;
1262
1263 default:
1264 /* Fall back to standard commands. */
1265 sd->card_status &= ~APP_CMD;
1266 return sd_normal_command(sd, req);
1267 }
1268
827df9f3 1269 fprintf(stderr, "SD: ACMD%i in a wrong state\n", req.cmd);
a1bb27b1
PB		 1270 return sd_r0;
1271}
1272
bc24a225 1273int sd_do_command(SDState *sd, SDRequest *req,
a1bb27b1
PB		 1274 uint8_t *response) {
1275 uint32_t last_status = sd->card_status;
c227f099 1276 sd_rsp_type_t rtype;
a1bb27b1
PB		 1277 int rsplen;
1278
03f311ed 1279 if (!sd->bdrv || !bdrv_is_inserted(sd->bdrv) || !sd->enable) {
a1bb27b1
PB		 1280 return 0;
1281 }
1282
1283 if (sd_req_crc_validate(req)) {
1284 sd->card_status &= ~COM_CRC_ERROR;
1285 return 0;
1286 }
1287
1288 sd->card_status &= ~CARD_STATUS_B;
1289 sd_set_status(sd);
1290
1291 if (last_status & CARD_IS_LOCKED)
1292 if (((last_status & APP_CMD) &&
1293 req->cmd == 41) ||
1294 (!(last_status & APP_CMD) &&
1295 (sd_cmd_class[req->cmd] == 0 ||
1296 sd_cmd_class[req->cmd] == 7 ||
1297 req->cmd == 16 || req->cmd == 55))) {
1298 sd->card_status |= ILLEGAL_COMMAND;
827df9f3 1299 fprintf(stderr, "SD: Card is locked\n");
a1bb27b1
PB		 1300 return 0;
1301 }
1302
724d3a8f 1303 if (last_status & APP_CMD) {
a1bb27b1 1304 rtype = sd_app_command(sd, *req);
724d3a8f
AZ		 1305 sd->card_status &= ~APP_CMD;
1306 } else
a1bb27b1
PB		 1307 rtype = sd_normal_command(sd, *req);
1308
1309 sd->current_cmd = req->cmd;
1310
1311 switch (rtype) {
1312 case sd_r1:
1313 case sd_r1b:
1314 sd_response_r1_make(sd, response, last_status);
1315 rsplen = 4;
1316 break;
1317
1318 case sd_r2_i:
1319 memcpy(response, sd->cid, sizeof(sd->cid));
a1bb27b1
PB		 1320 rsplen = 16;
1321 break;
1322
1323 case sd_r2_s:
1324 memcpy(response, sd->csd, sizeof(sd->csd));
a1bb27b1
PB		 1325 rsplen = 16;
1326 break;
1327
1328 case sd_r3:
1329 sd_response_r3_make(sd, response);
1330 rsplen = 4;
1331 break;
1332
1333 case sd_r6:
1334 sd_response_r6_make(sd, response);
1335 rsplen = 4;
1336 break;
1337
1b088995
AZ		 1338 case sd_r7:
1339 sd_response_r7_make(sd, response);
1340 rsplen = 4;
1341 break;
1342
a1bb27b1
PB		 1343 case sd_r0:
1344 default:
1345 rsplen = 0;
1346 break;
1347 }
1348
1349 if (sd->card_status & ILLEGAL_COMMAND)
1350 rsplen = 0;
1351
1352#ifdef DEBUG_SD
1353 if (rsplen) {
1354 int i;
1355 DPRINTF("Response:");
1356 for (i = 0; i < rsplen; i++)
1357 printf(" %02x", response[i]);
1358 printf(" state %d\n", sd->state);
1359 } else {
1360 DPRINTF("No response %d\n", sd->state);
1361 }
1362#endif
1363
1364 return rsplen;
1365}
1366
2d7adea4 1367static void sd_blk_read(SDState *sd, uint64_t addr, uint32_t len)
a1bb27b1 1368{
2d7adea4 1369 uint64_t end = addr + len;
a1bb27b1 1370
2d7adea4
AZ		 1371 DPRINTF("sd_blk_read: addr = 0x%08llx, len = %d\n",
1372 (unsigned long long) addr, len);
33f00271 1373 if (!sd->bdrv || bdrv_read(sd->bdrv, addr >> 9, sd->buf, 1) == -1) {
827df9f3 1374 fprintf(stderr, "sd_blk_read: read error on host side\n");
a1bb27b1
PB		 1375 return;
1376 }
1377
1378 if (end > (addr & ~511) + 512) {
33f00271 1379 memcpy(sd->data, sd->buf + (addr & 511), 512 - (addr & 511));
a1bb27b1 1380
33f00271 1381 if (bdrv_read(sd->bdrv, end >> 9, sd->buf, 1) == -1) {
827df9f3 1382 fprintf(stderr, "sd_blk_read: read error on host side\n");
a1bb27b1
PB		 1383 return;
1384 }
33f00271 1385 memcpy(sd->data + 512 - (addr & 511), sd->buf, end & 511);
a1bb27b1 1386 } else
33f00271 1387 memcpy(sd->data, sd->buf + (addr & 511), len);
a1bb27b1
PB		 1388}
1389
2d7adea4 1390static void sd_blk_write(SDState *sd, uint64_t addr, uint32_t len)
a1bb27b1 1391{
2d7adea4 1392 uint64_t end = addr + len;
a1bb27b1
PB		 1393
1394 if ((addr & 511) || len < 512)
33f00271 1395 if (!sd->bdrv || bdrv_read(sd->bdrv, addr >> 9, sd->buf, 1) == -1) {
827df9f3 1396 fprintf(stderr, "sd_blk_write: read error on host side\n");
a1bb27b1
PB		 1397 return;
1398 }
1399
1400 if (end > (addr & ~511) + 512) {
33f00271
AZ		 1401 memcpy(sd->buf + (addr & 511), sd->data, 512 - (addr & 511));
1402 if (bdrv_write(sd->bdrv, addr >> 9, sd->buf, 1) == -1) {
827df9f3 1403 fprintf(stderr, "sd_blk_write: write error on host side\n");
a1bb27b1
PB		 1404 return;
1405 }
1406
33f00271 1407 if (bdrv_read(sd->bdrv, end >> 9, sd->buf, 1) == -1) {
827df9f3 1408 fprintf(stderr, "sd_blk_write: read error on host side\n");
a1bb27b1
PB		 1409 return;
1410 }
33f00271
AZ		 1411 memcpy(sd->buf, sd->data + 512 - (addr & 511), end & 511);
1412 if (bdrv_write(sd->bdrv, end >> 9, sd->buf, 1) == -1)
827df9f3 1413 fprintf(stderr, "sd_blk_write: write error on host side\n");
a1bb27b1 1414 } else {
33f00271
AZ		 1415 memcpy(sd->buf + (addr & 511), sd->data, len);
1416 if (!sd->bdrv || bdrv_write(sd->bdrv, addr >> 9, sd->buf, 1) == -1)
827df9f3 1417 fprintf(stderr, "sd_blk_write: write error on host side\n");
a1bb27b1
PB		 1418 }
1419}
1420
33f00271
AZ		 1421#define BLK_READ_BLOCK(a, len) sd_blk_read(sd, a, len)
1422#define BLK_WRITE_BLOCK(a, len) sd_blk_write(sd, a, len)
a1bb27b1
PB		 1423#define APP_READ_BLOCK(a, len) memset(sd->data, 0xec, len)
1424#define APP_WRITE_BLOCK(a, len)
1425
1426void sd_write_data(SDState *sd, uint8_t value)
1427{
1428 int i;
1429
827df9f3 1430 if (!sd->bdrv || !bdrv_is_inserted(sd->bdrv) || !sd->enable)
a1bb27b1
PB		 1431 return;
1432
1433 if (sd->state != sd_receivingdata_state) {
827df9f3 1434 fprintf(stderr, "sd_write_data: not in Receiving-Data state\n");
a1bb27b1
PB		 1435 return;
1436 }
1437
1438 if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION))
1439 return;
1440
1441 switch (sd->current_cmd) {
1442 case 24: /* CMD24: WRITE_SINGLE_BLOCK */
1443 sd->data[sd->data_offset ++] = value;
1444 if (sd->data_offset >= sd->blk_len) {
1445 /* TODO: Check CRC before committing */
1446 sd->state = sd_programming_state;
1447 BLK_WRITE_BLOCK(sd->data_start, sd->data_offset);
1448 sd->blk_written ++;
1449 sd->csd[14] |= 0x40;
1450 /* Bzzzzzzztt .... Operation complete. */
1451 sd->state = sd_transfer_state;
1452 }
1453 break;
1454
1455 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
33fa8234
DDAG		 1456 if (sd->data_offset == 0) {
1457 /* Start of the block - lets check the address is valid */
a1bb27b1
PB		 1458 if (sd->data_start + sd->blk_len > sd->size) {
1459 sd->card_status |= ADDRESS_ERROR;
1460 break;
1461 }
1462 if (sd_wp_addr(sd, sd->data_start)) {
1463 sd->card_status |= WP_VIOLATION;
1464 break;
1465 }
33fa8234
DDAG		 1466 }
1467 sd->data[sd->data_offset++] = value;
1468 if (sd->data_offset >= sd->blk_len) {
1469 /* TODO: Check CRC before committing */
1470 sd->state = sd_programming_state;
1471 BLK_WRITE_BLOCK(sd->data_start, sd->data_offset);
1472 sd->blk_written++;
1473 sd->data_start += sd->blk_len;
1474 sd->data_offset = 0;
a1bb27b1
PB		 1475 sd->csd[14] |= 0x40;
1476
1477 /* Bzzzzzzztt .... Operation complete. */
1478 sd->state = sd_receivingdata_state;
1479 }
1480 break;
1481
1482 case 26: /* CMD26: PROGRAM_CID */
1483 sd->data[sd->data_offset ++] = value;
1484 if (sd->data_offset >= sizeof(sd->cid)) {
1485 /* TODO: Check CRC before committing */
1486 sd->state = sd_programming_state;
1487 for (i = 0; i < sizeof(sd->cid); i ++)
1488 if ((sd->cid[i] | 0x00) != sd->data[i])
1489 sd->card_status |= CID_CSD_OVERWRITE;
1490
1491 if (!(sd->card_status & CID_CSD_OVERWRITE))
1492 for (i = 0; i < sizeof(sd->cid); i ++) {
1493 sd->cid[i] |= 0x00;
1494 sd->cid[i] &= sd->data[i];
1495 }
1496 /* Bzzzzzzztt .... Operation complete. */
1497 sd->state = sd_transfer_state;
1498 }
1499 break;
1500
1501 case 27: /* CMD27: PROGRAM_CSD */
1502 sd->data[sd->data_offset ++] = value;
1503 if (sd->data_offset >= sizeof(sd->csd)) {
1504 /* TODO: Check CRC before committing */
1505 sd->state = sd_programming_state;
1506 for (i = 0; i < sizeof(sd->csd); i ++)
1507 if ((sd->csd[i] | sd_csd_rw_mask[i]) !=
1508 (sd->data[i] | sd_csd_rw_mask[i]))
1509 sd->card_status |= CID_CSD_OVERWRITE;
1510
1511 /* Copy flag (OTP) & Permanent write protect */
1512 if (sd->csd[14] & ~sd->data[14] & 0x60)
1513 sd->card_status |= CID_CSD_OVERWRITE;
1514
1515 if (!(sd->card_status & CID_CSD_OVERWRITE))
1516 for (i = 0; i < sizeof(sd->csd); i ++) {
1517 sd->csd[i] |= sd_csd_rw_mask[i];
1518 sd->csd[i] &= sd->data[i];
1519 }
1520 /* Bzzzzzzztt .... Operation complete. */
1521 sd->state = sd_transfer_state;
1522 }
1523 break;
1524
1525 case 42: /* CMD42: LOCK_UNLOCK */
1526 sd->data[sd->data_offset ++] = value;
1527 if (sd->data_offset >= sd->blk_len) {
1528 /* TODO: Check CRC before committing */
1529 sd->state = sd_programming_state;
1530 sd_lock_command(sd);
1531 /* Bzzzzzzztt .... Operation complete. */
1532 sd->state = sd_transfer_state;
1533 }
1534 break;
1535
1536 case 56: /* CMD56: GEN_CMD */
1537 sd->data[sd->data_offset ++] = value;
1538 if (sd->data_offset >= sd->blk_len) {
1539 APP_WRITE_BLOCK(sd->data_start, sd->data_offset);
1540 sd->state = sd_transfer_state;
1541 }
1542 break;
1543
1544 default:
827df9f3 1545 fprintf(stderr, "sd_write_data: unknown command\n");
a1bb27b1
PB		 1546 break;
1547 }
1548}
1549
1550uint8_t sd_read_data(SDState *sd)
1551{
1552 /* TODO: Append CRCs */
1553 uint8_t ret;
2d7adea4 1554 int io_len;
a1bb27b1 1555
827df9f3 1556 if (!sd->bdrv || !bdrv_is_inserted(sd->bdrv) || !sd->enable)
a1bb27b1
PB		 1557 return 0x00;
1558
1559 if (sd->state != sd_sendingdata_state) {
827df9f3 1560 fprintf(stderr, "sd_read_data: not in Sending-Data state\n");
a1bb27b1
PB		 1561 return 0x00;
1562 }
1563
1564 if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION))
1565 return 0x00;
1566
2d7adea4
AZ		 1567 io_len = (sd->ocr & (1 << 30)) ? 512 : sd->blk_len;
1568
a1bb27b1
PB		 1569 switch (sd->current_cmd) {
1570 case 6: /* CMD6: SWITCH_FUNCTION */
1571 ret = sd->data[sd->data_offset ++];
1572
1573 if (sd->data_offset >= 64)
1574 sd->state = sd_transfer_state;
1575 break;
1576
775616c3
PB		 1577 case 9: /* CMD9: SEND_CSD */
1578 case 10: /* CMD10: SEND_CID */
1579 ret = sd->data[sd->data_offset ++];
1580
1581 if (sd->data_offset >= 16)
1582 sd->state = sd_transfer_state;
1583 break;
1584
a1bb27b1
PB		 1585 case 11: /* CMD11: READ_DAT_UNTIL_STOP */
1586 if (sd->data_offset == 0)
2d7adea4 1587 BLK_READ_BLOCK(sd->data_start, io_len);
a1bb27b1
PB		 1588 ret = sd->data[sd->data_offset ++];
1589
2d7adea4
AZ		 1590 if (sd->data_offset >= io_len) {
1591 sd->data_start += io_len;
a1bb27b1 1592 sd->data_offset = 0;
2d7adea4 1593 if (sd->data_start + io_len > sd->size) {
a1bb27b1
PB		 1594 sd->card_status |= ADDRESS_ERROR;
1595 break;
1596 }
1597 }
1598 break;
1599
1600 case 13: /* ACMD13: SD_STATUS */
1601 ret = sd->sd_status[sd->data_offset ++];
1602
1603 if (sd->data_offset >= sizeof(sd->sd_status))
1604 sd->state = sd_transfer_state;
1605 break;
1606
1607 case 17: /* CMD17: READ_SINGLE_BLOCK */
1608 if (sd->data_offset == 0)
2d7adea4 1609 BLK_READ_BLOCK(sd->data_start, io_len);
a1bb27b1
PB		 1610 ret = sd->data[sd->data_offset ++];
1611
2d7adea4 1612 if (sd->data_offset >= io_len)
a1bb27b1
PB		 1613 sd->state = sd_transfer_state;
1614 break;
1615
1616 case 18: /* CMD18: READ_MULTIPLE_BLOCK */
1617 if (sd->data_offset == 0)
2d7adea4 1618 BLK_READ_BLOCK(sd->data_start, io_len);
a1bb27b1
PB		 1619 ret = sd->data[sd->data_offset ++];
1620
2d7adea4
AZ		 1621 if (sd->data_offset >= io_len) {
1622 sd->data_start += io_len;
a1bb27b1 1623 sd->data_offset = 0;
2d7adea4 1624 if (sd->data_start + io_len > sd->size) {
a1bb27b1
PB		 1625 sd->card_status |= ADDRESS_ERROR;
1626 break;
1627 }
1628 }
1629 break;
1630
1631 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
1632 ret = sd->data[sd->data_offset ++];
1633
1634 if (sd->data_offset >= 4)
1635 sd->state = sd_transfer_state;
1636 break;
1637
1638 case 30: /* CMD30: SEND_WRITE_PROT */
1639 ret = sd->data[sd->data_offset ++];
1640
1641 if (sd->data_offset >= 4)
1642 sd->state = sd_transfer_state;
1643 break;
1644
1645 case 51: /* ACMD51: SEND_SCR */
1646 ret = sd->scr[sd->data_offset ++];
1647
1648 if (sd->data_offset >= sizeof(sd->scr))
1649 sd->state = sd_transfer_state;
1650 break;
1651
1652 case 56: /* CMD56: GEN_CMD */
1653 if (sd->data_offset == 0)
1654 APP_READ_BLOCK(sd->data_start, sd->blk_len);
1655 ret = sd->data[sd->data_offset ++];
1656
1657 if (sd->data_offset >= sd->blk_len)
1658 sd->state = sd_transfer_state;
1659 break;
1660
1661 default:
827df9f3 1662 fprintf(stderr, "sd_read_data: unknown command\n");
a1bb27b1
PB		 1663 return 0x00;
1664 }
1665
1666 return ret;
1667}
1668
1669int sd_data_ready(SDState *sd)
1670{
1671 return sd->state == sd_sendingdata_state;
1672}
827df9f3
AZ		 1673
1674void sd_enable(SDState *sd, int enable)
1675{
1676 sd->enable = enable;
1677}
Empty description
This page took 0.791344 seconds and 4 git commands to generate.