]> Git Repo - qemu.git/blame - hw/sd/sd.c
projects / qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Merge remote-tracking branch 'remotes/kraxel/tags/pull-ipxe-20150903-1' into staging
[qemu.git] / hw / sd / sd.c
CommitLineData
5fafdf24 1/*
a1bb27b1
PB		 2 * SD Memory Card emulation as defined in the "SD Memory Card Physical
3 * layer specification, Version 1.10."
4 *
5 * Copyright (c) 2006 Andrzej Zaborowski <[email protected]>
6 * Copyright (c) 2007 CodeSourcery
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in
16 * the documentation and/or other materials provided with the
17 * distribution.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS''
20 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
21 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
22 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR
23 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
24 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
25 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
26 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
27 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
28 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
29 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
30 */
31
83c9f4ca 32#include "hw/hw.h"
4be74634 33#include "sysemu/block-backend.h"
83c9f4ca 34#include "hw/sd.h"
1de7afc9 35#include "qemu/bitmap.h"
a1bb27b1
PB		 36
37//#define DEBUG_SD 1
38
39#ifdef DEBUG_SD
001faf32
BS		 40#define DPRINTF(fmt, ...) \
41do { fprintf(stderr, "SD: " fmt , ## __VA_ARGS__); } while (0)
a1bb27b1 42#else
001faf32 43#define DPRINTF(fmt, ...) do {} while(0)
a1bb27b1
PB		 44#endif
45
37ab4a56
PC		 46#define ACMD41_ENQUIRY_MASK 0x00ffffff
47
a1bb27b1
PB		 48typedef enum {
49 sd_r0 = 0, /* no response */
50 sd_r1, /* normal response command */
51 sd_r2_i, /* CID register */
52 sd_r2_s, /* CSD register */
53 sd_r3, /* OCR register */
54 sd_r6 = 6, /* Published RCA response */
1b088995 55 sd_r7, /* Operating voltage */
a1bb27b1 56 sd_r1b = -1,
53bb8cc4 57 sd_illegal = -2,
c227f099 58} sd_rsp_type_t;
a1bb27b1 59
50a5be6c
IM		 60enum SDCardModes {
61 sd_inactive,
62 sd_card_identification_mode,
63 sd_data_transfer_mode,
64};
65
66enum SDCardStates {
67 sd_inactive_state = -1,
68 sd_idle_state = 0,
69 sd_ready_state,
70 sd_identification_state,
71 sd_standby_state,
72 sd_transfer_state,
73 sd_sendingdata_state,
74 sd_receivingdata_state,
75 sd_programming_state,
76 sd_disconnect_state,
77};
78
a1bb27b1 79struct SDState {
50a5be6c
IM		 80 uint32_t mode; /* current card mode, one of SDCardModes */
81 int32_t state; /* current card state, one of SDCardStates */
a1bb27b1
PB		 82 uint32_t ocr;
83 uint8_t scr[8];
84 uint8_t cid[16];
85 uint8_t csd[16];
86 uint16_t rca;
87 uint32_t card_status;
88 uint8_t sd_status[64];
1b088995 89 uint32_t vhs;
bebd1271 90 bool wp_switch;
a9c01830 91 unsigned long *wp_groups;
50a5be6c 92 int32_t wpgrps_size;
2d7adea4 93 uint64_t size;
50a5be6c 94 uint32_t blk_len;
a1bb27b1
PB		 95 uint32_t erase_start;
96 uint32_t erase_end;
97 uint8_t pwd[16];
50a5be6c
IM		 98 uint32_t pwd_len;
99 uint8_t function_group[6];
a1bb27b1 100
bebd1271 101 bool spi;
50a5be6c 102 uint8_t current_cmd;
1d06cb7a
PM		 103 /* True if we will handle the next command as an ACMD. Note that this does
104 * *not* track the APP_CMD status bit!
105 */
bebd1271 106 bool expecting_acmd;
50a5be6c 107 uint32_t blk_written;
2d7adea4 108 uint64_t data_start;
a1bb27b1
PB		 109 uint32_t data_offset;
110 uint8_t data[512];
02ce600c
AZ		 111 qemu_irq readonly_cb;
112 qemu_irq inserted_cb;
4be74634 113 BlockBackend *blk;
33f00271 114 uint8_t *buf;
827df9f3 115
bebd1271 116 bool enable;
a1bb27b1
PB		 117};
118
10a412da 119static void sd_set_mode(SDState *sd)
a1bb27b1
PB		 120{
121 switch (sd->state) {
122 case sd_inactive_state:
123 sd->mode = sd_inactive;
124 break;
125
126 case sd_idle_state:
127 case sd_ready_state:
128 case sd_identification_state:
129 sd->mode = sd_card_identification_mode;
130 break;
131
132 case sd_standby_state:
133 case sd_transfer_state:
134 case sd_sendingdata_state:
135 case sd_receivingdata_state:
136 case sd_programming_state:
137 case sd_disconnect_state:
138 sd->mode = sd_data_transfer_mode;
139 break;
140 }
a1bb27b1
PB		 141}
142
c227f099 143static const sd_cmd_type_t sd_cmd_type[64] = {
a1bb27b1 144 sd_bc, sd_none, sd_bcr, sd_bcr, sd_none, sd_none, sd_none, sd_ac,
1b088995 145 sd_bcr, sd_ac, sd_ac, sd_adtc, sd_ac, sd_ac, sd_none, sd_ac,
a1bb27b1
PB		 146 sd_ac, sd_adtc, sd_adtc, sd_none, sd_none, sd_none, sd_none, sd_none,
147 sd_adtc, sd_adtc, sd_adtc, sd_adtc, sd_ac, sd_ac, sd_adtc, sd_none,
148 sd_ac, sd_ac, sd_none, sd_none, sd_none, sd_none, sd_ac, sd_none,
149 sd_none, sd_none, sd_bc, sd_none, sd_none, sd_none, sd_none, sd_none,
150 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_ac,
151 sd_adtc, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
152};
153
a1bb27b1
PB		 154static const int sd_cmd_class[64] = {
155 0, 0, 0, 0, 0, 9, 10, 0, 0, 0, 0, 1, 0, 0, 0, 0,
156 2, 2, 2, 2, 3, 3, 3, 3, 4, 4, 4, 4, 6, 6, 6, 6,
157 5, 5, 10, 10, 10, 10, 5, 9, 9, 9, 7, 7, 7, 7, 7, 7,
158 7, 7, 10, 7, 9, 9, 9, 8, 8, 10, 8, 8, 8, 8, 8, 8,
159};
160
161static uint8_t sd_crc7(void *message, size_t width)
162{
163 int i, bit;
164 uint8_t shift_reg = 0x00;
165 uint8_t *msg = (uint8_t *) message;
166
167 for (i = 0; i < width; i ++, msg ++)
168 for (bit = 7; bit >= 0; bit --) {
169 shift_reg <<= 1;
170 if ((shift_reg >> 7) ^ ((*msg >> bit) & 1))
171 shift_reg ^= 0x89;
172 }
173
174 return shift_reg;
175}
176
177static uint16_t sd_crc16(void *message, size_t width)
178{
179 int i, bit;
180 uint16_t shift_reg = 0x0000;
181 uint16_t *msg = (uint16_t *) message;
182 width <<= 1;
183
184 for (i = 0; i < width; i ++, msg ++)
185 for (bit = 15; bit >= 0; bit --) {
186 shift_reg <<= 1;
187 if ((shift_reg >> 15) ^ ((*msg >> bit) & 1))
188 shift_reg ^= 0x1011;
189 }
190
191 return shift_reg;
192}
193
194static void sd_set_ocr(SDState *sd)
195{
1b088995 196 /* All voltages OK, card power-up OK, Standard Capacity SD Memory Card */
829ef7b0 197 sd->ocr = 0x80ffff00;
a1bb27b1
PB		 198}
199
200static void sd_set_scr(SDState *sd)
201{
202 sd->scr[0] = 0x00; /* SCR Structure */
203 sd->scr[1] = 0x2f; /* SD Security Support */
204 sd->scr[2] = 0x00;
205 sd->scr[3] = 0x00;
206 sd->scr[4] = 0x00;
207 sd->scr[5] = 0x00;
208 sd->scr[6] = 0x00;
209 sd->scr[7] = 0x00;
210}
211
212#define MID 0xaa
213#define OID "XY"
214#define PNM "QEMU!"
215#define PRV 0x01
216#define MDT_YR 2006
217#define MDT_MON 2
218
219static void sd_set_cid(SDState *sd)
220{
221 sd->cid[0] = MID; /* Fake card manufacturer ID (MID) */
222 sd->cid[1] = OID[0]; /* OEM/Application ID (OID) */
223 sd->cid[2] = OID[1];
224 sd->cid[3] = PNM[0]; /* Fake product name (PNM) */
225 sd->cid[4] = PNM[1];
226 sd->cid[5] = PNM[2];
227 sd->cid[6] = PNM[3];
228 sd->cid[7] = PNM[4];
229 sd->cid[8] = PRV; /* Fake product revision (PRV) */
230 sd->cid[9] = 0xde; /* Fake serial number (PSN) */
231 sd->cid[10] = 0xad;
232 sd->cid[11] = 0xbe;
233 sd->cid[12] = 0xef;
234 sd->cid[13] = 0x00 | /* Manufacture date (MDT) */
235 ((MDT_YR - 2000) / 10);
236 sd->cid[14] = ((MDT_YR % 10) << 4) | MDT_MON;
237 sd->cid[15] = (sd_crc7(sd->cid, 15) << 1) | 1;
238}
239
240#define HWBLOCK_SHIFT 9 /* 512 bytes */
241#define SECTOR_SHIFT 5 /* 16 kilobytes */
242#define WPGROUP_SHIFT 7 /* 2 megs */
243#define CMULT_SHIFT 9 /* 512 times HWBLOCK_SIZE */
a1bb27b1
PB		 244#define WPGROUP_SIZE (1 << (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT))
245
246static const uint8_t sd_csd_rw_mask[16] = {
247 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
248 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xfc, 0xfe,
249};
250
2d7adea4 251static void sd_set_csd(SDState *sd, uint64_t size)
a1bb27b1
PB		 252{
253 uint32_t csize = (size >> (CMULT_SHIFT + HWBLOCK_SHIFT)) - 1;
254 uint32_t sectsize = (1 << (SECTOR_SHIFT + 1)) - 1;
255 uint32_t wpsize = (1 << (WPGROUP_SHIFT + 1)) - 1;
256
2d7adea4
AZ		 257 if (size <= 0x40000000) { /* Standard Capacity SD */
258 sd->csd[0] = 0x00; /* CSD structure */
259 sd->csd[1] = 0x26; /* Data read access-time-1 */
260 sd->csd[2] = 0x00; /* Data read access-time-2 */
261 sd->csd[3] = 0x5a; /* Max. data transfer rate */
262 sd->csd[4] = 0x5f; /* Card Command Classes */
263 sd->csd[5] = 0x50 | /* Max. read data block length */
264 HWBLOCK_SHIFT;
265 sd->csd[6] = 0xe0 | /* Partial block for read allowed */
266 ((csize >> 10) & 0x03);
267 sd->csd[7] = 0x00 | /* Device size */
268 ((csize >> 2) & 0xff);
269 sd->csd[8] = 0x3f | /* Max. read current */
270 ((csize << 6) & 0xc0);
271 sd->csd[9] = 0xfc | /* Max. write current */
272 ((CMULT_SHIFT - 2) >> 1);
273 sd->csd[10] = 0x40 | /* Erase sector size */
274 (((CMULT_SHIFT - 2) << 7) & 0x80) | (sectsize >> 1);
275 sd->csd[11] = 0x00 | /* Write protect group size */
276 ((sectsize << 7) & 0x80) | wpsize;
277 sd->csd[12] = 0x90 | /* Write speed factor */
278 (HWBLOCK_SHIFT >> 2);
279 sd->csd[13] = 0x20 | /* Max. write data block length */
280 ((HWBLOCK_SHIFT << 6) & 0xc0);
281 sd->csd[14] = 0x00; /* File format group */
282 sd->csd[15] = (sd_crc7(sd->csd, 15) << 1) | 1;
283 } else { /* SDHC */
284 size /= 512 * 1024;
285 size -= 1;
286 sd->csd[0] = 0x40;
287 sd->csd[1] = 0x0e;
288 sd->csd[2] = 0x00;
289 sd->csd[3] = 0x32;
290 sd->csd[4] = 0x5b;
291 sd->csd[5] = 0x59;
292 sd->csd[6] = 0x00;
293 sd->csd[7] = (size >> 16) & 0xff;
294 sd->csd[8] = (size >> 8) & 0xff;
295 sd->csd[9] = (size & 0xff);
296 sd->csd[10] = 0x7f;
297 sd->csd[11] = 0x80;
298 sd->csd[12] = 0x0a;
299 sd->csd[13] = 0x40;
300 sd->csd[14] = 0x00;
301 sd->csd[15] = 0x00;
e03ba136 302 sd->ocr |= 1 << 30; /* High Capacity SD Memory Card */
2d7adea4 303 }
a1bb27b1
PB		 304}
305
306static void sd_set_rca(SDState *sd)
307{
308 sd->rca += 0x4567;
309}
310
b8d334c8
PM		 311/* Card status bits, split by clear condition:
312 * A : According to the card current state
313 * B : Always related to the previous command
314 * C : Cleared by read
315 */
a1bb27b1
PB		 316#define CARD_STATUS_A 0x02004100
317#define CARD_STATUS_B 0x00c01e00
318#define CARD_STATUS_C 0xfd39a028
319
320static void sd_set_cardstatus(SDState *sd)
321{
322 sd->card_status = 0x00000100;
323}
324
325static void sd_set_sdstatus(SDState *sd)
326{
327 memset(sd->sd_status, 0, 64);
328}
329
bc24a225 330static int sd_req_crc_validate(SDRequest *req)
a1bb27b1
PB		 331{
332 uint8_t buffer[5];
333 buffer[0] = 0x40 | req->cmd;
334 buffer[1] = (req->arg >> 24) & 0xff;
335 buffer[2] = (req->arg >> 16) & 0xff;
336 buffer[3] = (req->arg >> 8) & 0xff;
337 buffer[4] = (req->arg >> 0) & 0xff;
338 return 0;
339 return sd_crc7(buffer, 5) != req->crc; /* TODO */
340}
341
10a412da 342static void sd_response_r1_make(SDState *sd, uint8_t *response)
a1bb27b1 343{
10a412da 344 uint32_t status = sd->card_status;
1d06cb7a
PM		 345 /* Clear the "clear on read" status bits */
346 sd->card_status &= ~CARD_STATUS_C;
a1bb27b1
PB		 347
348 response[0] = (status >> 24) & 0xff;
349 response[1] = (status >> 16) & 0xff;
350 response[2] = (status >> 8) & 0xff;
351 response[3] = (status >> 0) & 0xff;
352}
353
9596ebb7 354static void sd_response_r3_make(SDState *sd, uint8_t *response)
a1bb27b1
PB		 355{
356 response[0] = (sd->ocr >> 24) & 0xff;
357 response[1] = (sd->ocr >> 16) & 0xff;
358 response[2] = (sd->ocr >> 8) & 0xff;
359 response[3] = (sd->ocr >> 0) & 0xff;
360}
361
9596ebb7 362static void sd_response_r6_make(SDState *sd, uint8_t *response)
a1bb27b1
PB		 363{
364 uint16_t arg;
365 uint16_t status;
366
367 arg = sd->rca;
368 status = ((sd->card_status >> 8) & 0xc000) |
369 ((sd->card_status >> 6) & 0x2000) |
370 (sd->card_status & 0x1fff);
fcfa9351 371 sd->card_status &= ~(CARD_STATUS_C & 0xc81fff);
a1bb27b1
PB		 372
373 response[0] = (arg >> 8) & 0xff;
374 response[1] = arg & 0xff;
375 response[2] = (status >> 8) & 0xff;
376 response[3] = status & 0xff;
377}
378
1b088995
AZ		 379static void sd_response_r7_make(SDState *sd, uint8_t *response)
380{
381 response[0] = (sd->vhs >> 24) & 0xff;
382 response[1] = (sd->vhs >> 16) & 0xff;
383 response[2] = (sd->vhs >> 8) & 0xff;
384 response[3] = (sd->vhs >> 0) & 0xff;
385}
386
b7202b88
MI		 387static inline uint64_t sd_addr_to_wpnum(uint64_t addr)
388{
389 return addr >> (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT);
390}
391
16b781aa 392static void sd_reset(SDState *sd)
a1bb27b1 393{
2d7adea4 394 uint64_t size;
a1bb27b1
PB		 395 uint64_t sect;
396
16b781aa
PM		 397 if (sd->blk) {
398 blk_get_geometry(sd->blk, &sect);
03f311ed
PB		 399 } else {
400 sect = 0;
401 }
5e37141b 402 size = sect << 9;
a1bb27b1 403
b7202b88 404 sect = sd_addr_to_wpnum(size) + 1;
a1bb27b1
PB		 405
406 sd->state = sd_idle_state;
407 sd->rca = 0x0000;
408 sd_set_ocr(sd);
409 sd_set_scr(sd);
410 sd_set_cid(sd);
411 sd_set_csd(sd, size);
412 sd_set_cardstatus(sd);
413 sd_set_sdstatus(sd);
414
ef1e1e07 415 g_free(sd->wp_groups);
16b781aa 416 sd->wp_switch = sd->blk ? blk_is_read_only(sd->blk) : false;
50a5be6c
IM		 417 sd->wpgrps_size = sect;
418 sd->wp_groups = bitmap_new(sd->wpgrps_size);
419 memset(sd->function_group, 0, sizeof(sd->function_group));
a1bb27b1
PB		 420 sd->erase_start = 0;
421 sd->erase_end = 0;
422 sd->size = size;
423 sd->blk_len = 0x200;
424 sd->pwd_len = 0;
bebd1271 425 sd->expecting_acmd = false;
a1bb27b1
PB		 426}
427
7d4b4ba5 428static void sd_cardchange(void *opaque, bool load)
a1bb27b1
PB		 429{
430 SDState *sd = opaque;
db97ee6a 431
4be74634
MA		 432 qemu_set_irq(sd->inserted_cb, blk_is_inserted(sd->blk));
433 if (blk_is_inserted(sd->blk)) {
16b781aa 434 sd_reset(sd);
257514dd 435 qemu_set_irq(sd->readonly_cb, sd->wp_switch);
a1bb27b1
PB		 436 }
437}
438
0e49de52 439static const BlockDevOps sd_block_ops = {
145feb17 440 .change_media_cb = sd_cardchange,
0e49de52
MA		 441};
442
50a5be6c
IM		 443static const VMStateDescription sd_vmstate = {
444 .name = "sd-card",
445 .version_id = 1,
446 .minimum_version_id = 1,
447 .fields = (VMStateField[]) {
448 VMSTATE_UINT32(mode, SDState),
449 VMSTATE_INT32(state, SDState),
450 VMSTATE_UINT8_ARRAY(cid, SDState, 16),
451 VMSTATE_UINT8_ARRAY(csd, SDState, 16),
452 VMSTATE_UINT16(rca, SDState),
453 VMSTATE_UINT32(card_status, SDState),
454 VMSTATE_PARTIAL_BUFFER(sd_status, SDState, 1),
455 VMSTATE_UINT32(vhs, SDState),
456 VMSTATE_BITMAP(wp_groups, SDState, 0, wpgrps_size),
457 VMSTATE_UINT32(blk_len, SDState),
458 VMSTATE_UINT32(erase_start, SDState),
459 VMSTATE_UINT32(erase_end, SDState),
460 VMSTATE_UINT8_ARRAY(pwd, SDState, 16),
461 VMSTATE_UINT32(pwd_len, SDState),
462 VMSTATE_UINT8_ARRAY(function_group, SDState, 6),
463 VMSTATE_UINT8(current_cmd, SDState),
464 VMSTATE_BOOL(expecting_acmd, SDState),
465 VMSTATE_UINT32(blk_written, SDState),
466 VMSTATE_UINT64(data_start, SDState),
467 VMSTATE_UINT32(data_offset, SDState),
468 VMSTATE_UINT8_ARRAY(data, SDState, 512),
5f00679e 469 VMSTATE_BUFFER_POINTER_UNSAFE(buf, SDState, 1, 512),
50a5be6c
IM		 470 VMSTATE_BOOL(enable, SDState),
471 VMSTATE_END_OF_LIST()
472 }
473};
474
775616c3 475/* We do not model the chip select pin, so allow the board to select
8ef6367e 476 whether card should be in SSI or MMC/SD mode. It is also up to the
775616c3
PB		 477 board to ensure that ssi transfers only occur when the chip select
478 is asserted. */
4be74634 479SDState *sd_init(BlockBackend *blk, bool is_spi)
a1bb27b1
PB		 480{
481 SDState *sd;
482
4be74634 483 if (blk && blk_is_read_only(blk)) {
4f8a066b
KW		 484 fprintf(stderr, "sd_init: Cannot use read-only drive\n");
485 return NULL;
486 }
487
7267c094 488 sd = (SDState *) g_malloc0(sizeof(SDState));
4be74634 489 sd->buf = blk_blockalign(blk, 512);
775616c3 490 sd->spi = is_spi;
bebd1271 491 sd->enable = true;
16b781aa
PM		 492 sd->blk = blk;
493 sd_reset(sd);
4be74634
MA		 494 if (sd->blk) {
495 blk_attach_dev_nofail(sd->blk, sd);
496 blk_set_dev_ops(sd->blk, &sd_block_ops, sd);
03f311ed 497 }
50a5be6c 498 vmstate_register(NULL, -1, &sd_vmstate, sd);
a1bb27b1
PB		 499 return sd;
500}
501
02ce600c 502void sd_set_cb(SDState *sd, qemu_irq readonly, qemu_irq insert)
a1bb27b1 503{
02ce600c
AZ		 504 sd->readonly_cb = readonly;
505 sd->inserted_cb = insert;
4be74634
MA		 506 qemu_set_irq(readonly, sd->blk ? blk_is_read_only(sd->blk) : 0);
507 qemu_set_irq(insert, sd->blk ? blk_is_inserted(sd->blk) : 0);
a1bb27b1
PB		 508}
509
510static void sd_erase(SDState *sd)
511{
f2d189d3
IM		 512 int i;
513 uint64_t erase_start = sd->erase_start;
514 uint64_t erase_end = sd->erase_end;
515
a1bb27b1
PB		 516 if (!sd->erase_start || !sd->erase_end) {
517 sd->card_status |= ERASE_SEQ_ERROR;
518 return;
519 }
520
f2d189d3
IM		 521 if (extract32(sd->ocr, OCR_CCS_BITN, 1)) {
522 /* High capacity memory card: erase units are 512 byte blocks */
523 erase_start *= 512;
524 erase_end *= 512;
525 }
526
527 erase_start = sd_addr_to_wpnum(erase_start);
528 erase_end = sd_addr_to_wpnum(erase_end);
a1bb27b1
PB		 529 sd->erase_start = 0;
530 sd->erase_end = 0;
531 sd->csd[14] |= 0x40;
532
f2d189d3 533 for (i = erase_start; i <= erase_end; i++) {
a9c01830 534 if (test_bit(i, sd->wp_groups)) {
a1bb27b1 535 sd->card_status |= WP_ERASE_SKIP;
a9c01830
MI		 536 }
537 }
a1bb27b1
PB		 538}
539
2d7adea4 540static uint32_t sd_wpbits(SDState *sd, uint64_t addr)
a1bb27b1
PB		 541{
542 uint32_t i, wpnum;
543 uint32_t ret = 0;
544
b7202b88 545 wpnum = sd_addr_to_wpnum(addr);
a1bb27b1 546
a9c01830
MI		 547 for (i = 0; i < 32; i++, wpnum++, addr += WPGROUP_SIZE) {
548 if (addr < sd->size && test_bit(wpnum, sd->wp_groups)) {
a1bb27b1 549 ret |= (1 << i);
a9c01830
MI		 550 }
551 }
a1bb27b1
PB		 552
553 return ret;
554}
555
556static void sd_function_switch(SDState *sd, uint32_t arg)
557{
558 int i, mode, new_func, crc;
559 mode = !!(arg & 0x80000000);
560
561 sd->data[0] = 0x00; /* Maximum current consumption */
562 sd->data[1] = 0x01;
563 sd->data[2] = 0x80; /* Supported group 6 functions */
564 sd->data[3] = 0x01;
565 sd->data[4] = 0x80; /* Supported group 5 functions */
566 sd->data[5] = 0x01;
567 sd->data[6] = 0x80; /* Supported group 4 functions */
568 sd->data[7] = 0x01;
569 sd->data[8] = 0x80; /* Supported group 3 functions */
570 sd->data[9] = 0x01;
571 sd->data[10] = 0x80; /* Supported group 2 functions */
572 sd->data[11] = 0x43;
573 sd->data[12] = 0x80; /* Supported group 1 functions */
574 sd->data[13] = 0x03;
575 for (i = 0; i < 6; i ++) {
576 new_func = (arg >> (i * 4)) & 0x0f;
577 if (mode && new_func != 0x0f)
578 sd->function_group[i] = new_func;
579 sd->data[14 + (i >> 1)] = new_func << ((i * 4) & 4);
580 }
581 memset(&sd->data[17], 0, 47);
582 crc = sd_crc16(sd->data, 64);
583 sd->data[65] = crc >> 8;
584 sd->data[66] = crc & 0xff;
585}
586
4e8f1be2 587static inline bool sd_wp_addr(SDState *sd, uint64_t addr)
a1bb27b1 588{
b7202b88 589 return test_bit(sd_addr_to_wpnum(addr), sd->wp_groups);
a1bb27b1
PB		 590}
591
592static void sd_lock_command(SDState *sd)
593{
594 int erase, lock, clr_pwd, set_pwd, pwd_len;
595 erase = !!(sd->data[0] & 0x08);
596 lock = sd->data[0] & 0x04;
597 clr_pwd = sd->data[0] & 0x02;
598 set_pwd = sd->data[0] & 0x01;
599
600 if (sd->blk_len > 1)
601 pwd_len = sd->data[1];
602 else
603 pwd_len = 0;
604
605 if (erase) {
606 if (!(sd->card_status & CARD_IS_LOCKED) || sd->blk_len > 1 ||
607 set_pwd || clr_pwd || lock || sd->wp_switch ||
608 (sd->csd[14] & 0x20)) {
609 sd->card_status |= LOCK_UNLOCK_FAILED;
610 return;
611 }
50a5be6c 612 bitmap_zero(sd->wp_groups, sd->wpgrps_size);
a1bb27b1
PB		 613 sd->csd[14] &= ~0x10;
614 sd->card_status &= ~CARD_IS_LOCKED;
615 sd->pwd_len = 0;
616 /* Erasing the entire card here! */
827df9f3 617 fprintf(stderr, "SD: Card force-erased by CMD42\n");
a1bb27b1
PB		 618 return;
619 }
620
621 if (sd->blk_len < 2 + pwd_len ||
622 pwd_len <= sd->pwd_len ||
623 pwd_len > sd->pwd_len + 16) {
624 sd->card_status |= LOCK_UNLOCK_FAILED;
625 return;
626 }
627
628 if (sd->pwd_len && memcmp(sd->pwd, sd->data + 2, sd->pwd_len)) {
629 sd->card_status |= LOCK_UNLOCK_FAILED;
630 return;
631 }
632
633 pwd_len -= sd->pwd_len;
634 if ((pwd_len && !set_pwd) ||
635 (clr_pwd && (set_pwd || lock)) ||
636 (lock && !sd->pwd_len && !set_pwd) ||
637 (!set_pwd && !clr_pwd &&
638 (((sd->card_status & CARD_IS_LOCKED) && lock) ||
639 (!(sd->card_status & CARD_IS_LOCKED) && !lock)))) {
640 sd->card_status |= LOCK_UNLOCK_FAILED;
641 return;
642 }
643
644 if (set_pwd) {
645 memcpy(sd->pwd, sd->data + 2 + sd->pwd_len, pwd_len);
646 sd->pwd_len = pwd_len;
647 }
648
649 if (clr_pwd) {
650 sd->pwd_len = 0;
651 }
652
653 if (lock)
654 sd->card_status |= CARD_IS_LOCKED;
655 else
656 sd->card_status &= ~CARD_IS_LOCKED;
657}
658
c227f099 659static sd_rsp_type_t sd_normal_command(SDState *sd,
bc24a225 660 SDRequest req)
a1bb27b1
PB		 661{
662 uint32_t rca = 0x0000;
2d7adea4 663 uint64_t addr = (sd->ocr & (1 << 30)) ? (uint64_t) req.arg << 9 : req.arg;
a1bb27b1 664
1d06cb7a
PM		 665 /* Not interpreting this as an app command */
666 sd->card_status &= ~APP_CMD;
667
a1bb27b1
PB		 668 if (sd_cmd_type[req.cmd] == sd_ac || sd_cmd_type[req.cmd] == sd_adtc)
669 rca = req.arg >> 16;
670
671 DPRINTF("CMD%d 0x%08x state %d\n", req.cmd, req.arg, sd->state);
672 switch (req.cmd) {
673 /* Basic commands (Class 0 and Class 1) */
674 case 0: /* CMD0: GO_IDLE_STATE */
675 switch (sd->state) {
676 case sd_inactive_state:
775616c3 677 return sd->spi ? sd_r1 : sd_r0;
a1bb27b1
PB		 678
679 default:
680 sd->state = sd_idle_state;
16b781aa 681 sd_reset(sd);
775616c3 682 return sd->spi ? sd_r1 : sd_r0;
a1bb27b1
PB		 683 }
684 break;
685
775616c3
PB		 686 case 1: /* CMD1: SEND_OP_CMD */
687 if (!sd->spi)
688 goto bad_cmd;
689
690 sd->state = sd_transfer_state;
691 return sd_r1;
692
a1bb27b1 693 case 2: /* CMD2: ALL_SEND_CID */
775616c3
PB		 694 if (sd->spi)
695 goto bad_cmd;
a1bb27b1
PB		 696 switch (sd->state) {
697 case sd_ready_state:
698 sd->state = sd_identification_state;
699 return sd_r2_i;
700
701 default:
702 break;
703 }
704 break;
705
706 case 3: /* CMD3: SEND_RELATIVE_ADDR */
775616c3
PB		 707 if (sd->spi)
708 goto bad_cmd;
a1bb27b1
PB		 709 switch (sd->state) {
710 case sd_identification_state:
711 case sd_standby_state:
712 sd->state = sd_standby_state;
713 sd_set_rca(sd);
714 return sd_r6;
715
716 default:
717 break;
718 }
719 break;
720
721 case 4: /* CMD4: SEND_DSR */
775616c3
PB		 722 if (sd->spi)
723 goto bad_cmd;
a1bb27b1
PB		 724 switch (sd->state) {
725 case sd_standby_state:
726 break;
727
728 default:
729 break;
730 }
731 break;
732
109ac32f 733 case 5: /* CMD5: reserved for SDIO cards */
53bb8cc4 734 return sd_illegal;
109ac32f 735
a1bb27b1 736 case 6: /* CMD6: SWITCH_FUNCTION */
775616c3
PB		 737 if (sd->spi)
738 goto bad_cmd;
a1bb27b1
PB		 739 switch (sd->mode) {
740 case sd_data_transfer_mode:
741 sd_function_switch(sd, req.arg);
742 sd->state = sd_sendingdata_state;
743 sd->data_start = 0;
744 sd->data_offset = 0;
745 return sd_r1;
746
747 default:
748 break;
749 }
750 break;
751
752 case 7: /* CMD7: SELECT/DESELECT_CARD */
775616c3
PB		 753 if (sd->spi)
754 goto bad_cmd;
a1bb27b1
PB		 755 switch (sd->state) {
756 case sd_standby_state:
757 if (sd->rca != rca)
758 return sd_r0;
759
760 sd->state = sd_transfer_state;
761 return sd_r1b;
762
763 case sd_transfer_state:
764 case sd_sendingdata_state:
765 if (sd->rca == rca)
766 break;
767
768 sd->state = sd_standby_state;
769 return sd_r1b;
770
771 case sd_disconnect_state:
772 if (sd->rca != rca)
773 return sd_r0;
774
775 sd->state = sd_programming_state;
776 return sd_r1b;
777
778 case sd_programming_state:
779 if (sd->rca == rca)
780 break;
781
782 sd->state = sd_disconnect_state;
783 return sd_r1b;
784
785 default:
786 break;
787 }
788 break;
789
1b088995
AZ		 790 case 8: /* CMD8: SEND_IF_COND */
791 /* Physical Layer Specification Version 2.00 command */
792 switch (sd->state) {
793 case sd_idle_state:
794 sd->vhs = 0;
795
796 /* No response if not exactly one VHS bit is set. */
c9d93318 797 if (!(req.arg >> 8) || (req.arg >> (ctz32(req.arg & ~0xff) + 1))) {
1b088995 798 return sd->spi ? sd_r7 : sd_r0;
c9d93318 799 }
1b088995
AZ		 800
801 /* Accept. */
802 sd->vhs = req.arg;
803 return sd_r7;
804
805 default:
806 break;
807 }
808 break;
809
a1bb27b1
PB		 810 case 9: /* CMD9: SEND_CSD */
811 switch (sd->state) {
812 case sd_standby_state:
813 if (sd->rca != rca)
814 return sd_r0;
815
816 return sd_r2_s;
817
775616c3
PB		 818 case sd_transfer_state:
819 if (!sd->spi)
820 break;
821 sd->state = sd_sendingdata_state;
822 memcpy(sd->data, sd->csd, 16);
2d7adea4 823 sd->data_start = addr;
775616c3
PB		 824 sd->data_offset = 0;
825 return sd_r1;
826
a1bb27b1
PB		 827 default:
828 break;
829 }
830 break;
831
832 case 10: /* CMD10: SEND_CID */
833 switch (sd->state) {
834 case sd_standby_state:
835 if (sd->rca != rca)
836 return sd_r0;
837
838 return sd_r2_i;
839
775616c3
PB		 840 case sd_transfer_state:
841 if (!sd->spi)
842 break;
843 sd->state = sd_sendingdata_state;
844 memcpy(sd->data, sd->cid, 16);
2d7adea4 845 sd->data_start = addr;
775616c3
PB		 846 sd->data_offset = 0;
847 return sd_r1;
848
a1bb27b1
PB		 849 default:
850 break;
851 }
852 break;
853
854 case 11: /* CMD11: READ_DAT_UNTIL_STOP */
775616c3
PB		 855 if (sd->spi)
856 goto bad_cmd;
a1bb27b1
PB		 857 switch (sd->state) {
858 case sd_transfer_state:
859 sd->state = sd_sendingdata_state;
860 sd->data_start = req.arg;
861 sd->data_offset = 0;
862
863 if (sd->data_start + sd->blk_len > sd->size)
864 sd->card_status |= ADDRESS_ERROR;
865 return sd_r0;
866
867 default:
868 break;
869 }
870 break;
871
872 case 12: /* CMD12: STOP_TRANSMISSION */
873 switch (sd->state) {
874 case sd_sendingdata_state:
875 sd->state = sd_transfer_state;
876 return sd_r1b;
877
878 case sd_receivingdata_state:
879 sd->state = sd_programming_state;
880 /* Bzzzzzzztt .... Operation complete. */
881 sd->state = sd_transfer_state;
882 return sd_r1b;
883
884 default:
885 break;
886 }
887 break;
888
889 case 13: /* CMD13: SEND_STATUS */
890 switch (sd->mode) {
891 case sd_data_transfer_mode:
892 if (sd->rca != rca)
893 return sd_r0;
894
895 return sd_r1;
896
897 default:
898 break;
899 }
900 break;
901
902 case 15: /* CMD15: GO_INACTIVE_STATE */
775616c3
PB		 903 if (sd->spi)
904 goto bad_cmd;
a1bb27b1
PB		 905 switch (sd->mode) {
906 case sd_data_transfer_mode:
907 if (sd->rca != rca)
908 return sd_r0;
909
910 sd->state = sd_inactive_state;
911 return sd_r0;
912
913 default:
914 break;
915 }
916 break;
917
918 /* Block read commands (Classs 2) */
919 case 16: /* CMD16: SET_BLOCKLEN */
920 switch (sd->state) {
921 case sd_transfer_state:
922 if (req.arg > (1 << HWBLOCK_SHIFT))
923 sd->card_status |= BLOCK_LEN_ERROR;
924 else
925 sd->blk_len = req.arg;
926
927 return sd_r1;
928
929 default:
930 break;
931 }
932 break;
933
934 case 17: /* CMD17: READ_SINGLE_BLOCK */
935 switch (sd->state) {
936 case sd_transfer_state:
937 sd->state = sd_sendingdata_state;
2d7adea4 938 sd->data_start = addr;
a1bb27b1
PB		 939 sd->data_offset = 0;
940
941 if (sd->data_start + sd->blk_len > sd->size)
942 sd->card_status |= ADDRESS_ERROR;
943 return sd_r1;
944
945 default:
946 break;
947 }
948 break;
949
950 case 18: /* CMD18: READ_MULTIPLE_BLOCK */
951 switch (sd->state) {
952 case sd_transfer_state:
953 sd->state = sd_sendingdata_state;
2d7adea4 954 sd->data_start = addr;
a1bb27b1
PB		 955 sd->data_offset = 0;
956
957 if (sd->data_start + sd->blk_len > sd->size)
958 sd->card_status |= ADDRESS_ERROR;
959 return sd_r1;
960
961 default:
962 break;
963 }
964 break;
965
966 /* Block write commands (Class 4) */
967 case 24: /* CMD24: WRITE_SINGLE_BLOCK */
775616c3
PB		 968 if (sd->spi)
969 goto unimplemented_cmd;
a1bb27b1
PB		 970 switch (sd->state) {
971 case sd_transfer_state:
775616c3
PB		 972 /* Writing in SPI mode not implemented. */
973 if (sd->spi)
974 break;
a1bb27b1 975 sd->state = sd_receivingdata_state;
2d7adea4 976 sd->data_start = addr;
a1bb27b1
PB		 977 sd->data_offset = 0;
978 sd->blk_written = 0;
979
980 if (sd->data_start + sd->blk_len > sd->size)
981 sd->card_status |= ADDRESS_ERROR;
982 if (sd_wp_addr(sd, sd->data_start))
983 sd->card_status |= WP_VIOLATION;
984 if (sd->csd[14] & 0x30)
985 sd->card_status |= WP_VIOLATION;
986 return sd_r1;
987
988 default:
989 break;
990 }
991 break;
992
993 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
775616c3
PB		 994 if (sd->spi)
995 goto unimplemented_cmd;
a1bb27b1
PB		 996 switch (sd->state) {
997 case sd_transfer_state:
775616c3
PB		 998 /* Writing in SPI mode not implemented. */
999 if (sd->spi)
1000 break;
a1bb27b1 1001 sd->state = sd_receivingdata_state;
2d7adea4 1002 sd->data_start = addr;
a1bb27b1
PB		 1003 sd->data_offset = 0;
1004 sd->blk_written = 0;
1005
1006 if (sd->data_start + sd->blk_len > sd->size)
1007 sd->card_status |= ADDRESS_ERROR;
1008 if (sd_wp_addr(sd, sd->data_start))
1009 sd->card_status |= WP_VIOLATION;
1010 if (sd->csd[14] & 0x30)
1011 sd->card_status |= WP_VIOLATION;
1012 return sd_r1;
1013
1014 default:
1015 break;
1016 }
1017 break;
1018
1019 case 26: /* CMD26: PROGRAM_CID */
775616c3
PB		 1020 if (sd->spi)
1021 goto bad_cmd;
a1bb27b1
PB		 1022 switch (sd->state) {
1023 case sd_transfer_state:
1024 sd->state = sd_receivingdata_state;
1025 sd->data_start = 0;
1026 sd->data_offset = 0;
1027 return sd_r1;
1028
1029 default:
1030 break;
1031 }
1032 break;
1033
1034 case 27: /* CMD27: PROGRAM_CSD */
775616c3
PB		 1035 if (sd->spi)
1036 goto unimplemented_cmd;
a1bb27b1
PB		 1037 switch (sd->state) {
1038 case sd_transfer_state:
1039 sd->state = sd_receivingdata_state;
1040 sd->data_start = 0;
1041 sd->data_offset = 0;
1042 return sd_r1;
1043
1044 default:
1045 break;
1046 }
1047 break;
1048
1049 /* Write protection (Class 6) */
1050 case 28: /* CMD28: SET_WRITE_PROT */
1051 switch (sd->state) {
1052 case sd_transfer_state:
2d7adea4 1053 if (addr >= sd->size) {
e30d5938 1054 sd->card_status |= ADDRESS_ERROR;
a1bb27b1
PB		 1055 return sd_r1b;
1056 }
1057
1058 sd->state = sd_programming_state;
b7202b88 1059 set_bit(sd_addr_to_wpnum(addr), sd->wp_groups);
a1bb27b1
PB		 1060 /* Bzzzzzzztt .... Operation complete. */
1061 sd->state = sd_transfer_state;
1062 return sd_r1b;
1063
1064 default:
1065 break;
1066 }
1067 break;
1068
1069 case 29: /* CMD29: CLR_WRITE_PROT */
1070 switch (sd->state) {
1071 case sd_transfer_state:
2d7adea4 1072 if (addr >= sd->size) {
e30d5938 1073 sd->card_status |= ADDRESS_ERROR;
a1bb27b1
PB		 1074 return sd_r1b;
1075 }
1076
1077 sd->state = sd_programming_state;
b7202b88 1078 clear_bit(sd_addr_to_wpnum(addr), sd->wp_groups);
a1bb27b1
PB		 1079 /* Bzzzzzzztt .... Operation complete. */
1080 sd->state = sd_transfer_state;
1081 return sd_r1b;
1082
1083 default:
1084 break;
1085 }
1086 break;
1087
1088 case 30: /* CMD30: SEND_WRITE_PROT */
1089 switch (sd->state) {
1090 case sd_transfer_state:
1091 sd->state = sd_sendingdata_state;
1092 *(uint32_t *) sd->data = sd_wpbits(sd, req.arg);
2d7adea4 1093 sd->data_start = addr;
a1bb27b1
PB		 1094 sd->data_offset = 0;
1095 return sd_r1b;
1096
1097 default:
1098 break;
1099 }
1100 break;
1101
1102 /* Erase commands (Class 5) */
1103 case 32: /* CMD32: ERASE_WR_BLK_START */
1104 switch (sd->state) {
1105 case sd_transfer_state:
1106 sd->erase_start = req.arg;
1107 return sd_r1;
1108
1109 default:
1110 break;
1111 }
1112 break;
1113
1114 case 33: /* CMD33: ERASE_WR_BLK_END */
1115 switch (sd->state) {
1116 case sd_transfer_state:
1117 sd->erase_end = req.arg;
1118 return sd_r1;
1119
1120 default:
1121 break;
1122 }
1123 break;
1124
1125 case 38: /* CMD38: ERASE */
1126 switch (sd->state) {
1127 case sd_transfer_state:
1128 if (sd->csd[14] & 0x30) {
1129 sd->card_status |= WP_VIOLATION;
1130 return sd_r1b;
1131 }
1132
1133 sd->state = sd_programming_state;
1134 sd_erase(sd);
1135 /* Bzzzzzzztt .... Operation complete. */
1136 sd->state = sd_transfer_state;
1137 return sd_r1b;
1138
1139 default:
1140 break;
1141 }
1142 break;
1143
1144 /* Lock card commands (Class 7) */
1145 case 42: /* CMD42: LOCK_UNLOCK */
775616c3
PB		 1146 if (sd->spi)
1147 goto unimplemented_cmd;
a1bb27b1
PB		 1148 switch (sd->state) {
1149 case sd_transfer_state:
1150 sd->state = sd_receivingdata_state;
1151 sd->data_start = 0;
1152 sd->data_offset = 0;
1153 return sd_r1;
1154
1155 default:
1156 break;
1157 }
1158 break;
1159
39e594db
PM		 1160 case 52:
1161 case 53:
1162 /* CMD52, CMD53: reserved for SDIO cards
1163 * (see the SDIO Simplified Specification V2.0)
1164 * Handle as illegal command but do not complain
1165 * on stderr, as some OSes may use these in their
1166 * probing for presence of an SDIO card.
1167 */
53bb8cc4 1168 return sd_illegal;
39e594db 1169
a1bb27b1
PB		 1170 /* Application specific commands (Class 8) */
1171 case 55: /* CMD55: APP_CMD */
1172 if (sd->rca != rca)
1173 return sd_r0;
1174
bebd1271 1175 sd->expecting_acmd = true;
a1bb27b1
PB		 1176 sd->card_status |= APP_CMD;
1177 return sd_r1;
1178
1179 case 56: /* CMD56: GEN_CMD */
827df9f3 1180 fprintf(stderr, "SD: GEN_CMD 0x%08x\n", req.arg);
a1bb27b1
PB		 1181
1182 switch (sd->state) {
1183 case sd_transfer_state:
1184 sd->data_offset = 0;
1185 if (req.arg & 1)
1186 sd->state = sd_sendingdata_state;
1187 else
1188 sd->state = sd_receivingdata_state;
1189 return sd_r1;
1190
1191 default:
1192 break;
1193 }
1194 break;
1195
1196 default:
775616c3 1197 bad_cmd:
827df9f3 1198 fprintf(stderr, "SD: Unknown CMD%i\n", req.cmd);
53bb8cc4 1199 return sd_illegal;
775616c3
PB		 1200
1201 unimplemented_cmd:
1202 /* Commands that are recognised but not yet implemented in SPI mode. */
827df9f3 1203 fprintf(stderr, "SD: CMD%i not implemented in SPI mode\n", req.cmd);
53bb8cc4 1204 return sd_illegal;
a1bb27b1
PB		 1205 }
1206
827df9f3 1207 fprintf(stderr, "SD: CMD%i in a wrong state\n", req.cmd);
53bb8cc4 1208 return sd_illegal;
a1bb27b1
PB		 1209}
1210
c227f099 1211static sd_rsp_type_t sd_app_command(SDState *sd,
22ed1d34
BS		 1212 SDRequest req)
1213{
a1bb27b1 1214 DPRINTF("ACMD%d 0x%08x\n", req.cmd, req.arg);
1d06cb7a 1215 sd->card_status |= APP_CMD;
a1bb27b1
PB		 1216 switch (req.cmd) {
1217 case 6: /* ACMD6: SET_BUS_WIDTH */
1218 switch (sd->state) {
1219 case sd_transfer_state:
1220 sd->sd_status[0] &= 0x3f;
1221 sd->sd_status[0] |= (req.arg & 0x03) << 6;
1222 return sd_r1;
1223
1224 default:
1225 break;
1226 }
1227 break;
1228
1229 case 13: /* ACMD13: SD_STATUS */
1230 switch (sd->state) {
1231 case sd_transfer_state:
fb1ba03a 1232 sd->state = sd_sendingdata_state;
a1bb27b1
PB		 1233 sd->data_start = 0;
1234 sd->data_offset = 0;
1235 return sd_r1;
1236
1237 default:
1238 break;
1239 }
1240 break;
1241
1242 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
1243 switch (sd->state) {
1244 case sd_transfer_state:
1245 *(uint32_t *) sd->data = sd->blk_written;
1246
fb1ba03a 1247 sd->state = sd_sendingdata_state;
a1bb27b1
PB		 1248 sd->data_start = 0;
1249 sd->data_offset = 0;
1250 return sd_r1;
1251
1252 default:
1253 break;
1254 }
1255 break;
1256
1257 case 23: /* ACMD23: SET_WR_BLK_ERASE_COUNT */
1258 switch (sd->state) {
1259 case sd_transfer_state:
1260 return sd_r1;
1261
1262 default:
1263 break;
1264 }
1265 break;
1266
1267 case 41: /* ACMD41: SD_APP_OP_COND */
775616c3
PB		 1268 if (sd->spi) {
1269 /* SEND_OP_CMD */
1270 sd->state = sd_transfer_state;
1271 return sd_r1;
1272 }
a1bb27b1
PB		 1273 switch (sd->state) {
1274 case sd_idle_state:
37ab4a56
PC		 1275 /* We accept any voltage. 10000 V is nothing.
1276 *
1277 * We don't model init delay so just advance straight to ready state
1278 * unless it's an enquiry ACMD41 (bits 23:0 == 0).
1279 */
1280 if (req.arg & ACMD41_ENQUIRY_MASK) {
a1bb27b1 1281 sd->state = sd_ready_state;
37ab4a56 1282 }
a1bb27b1
PB		 1283
1284 return sd_r3;
1285
1286 default:
1287 break;
1288 }
1289 break;
1290
1291 case 42: /* ACMD42: SET_CLR_CARD_DETECT */
1292 switch (sd->state) {
1293 case sd_transfer_state:
1294 /* Bringing in the 50KOhm pull-up resistor... Done. */
1295 return sd_r1;
1296
1297 default:
1298 break;
1299 }
1300 break;
1301
1302 case 51: /* ACMD51: SEND_SCR */
1303 switch (sd->state) {
1304 case sd_transfer_state:
1305 sd->state = sd_sendingdata_state;
1306 sd->data_start = 0;
1307 sd->data_offset = 0;
1308 return sd_r1;
1309
1310 default:
1311 break;
1312 }
1313 break;
1314
1315 default:
1316 /* Fall back to standard commands. */
a1bb27b1
PB		 1317 return sd_normal_command(sd, req);
1318 }
1319
827df9f3 1320 fprintf(stderr, "SD: ACMD%i in a wrong state\n", req.cmd);
5b08bfe2 1321 return sd_illegal;
a1bb27b1
PB		 1322}
1323
25881d33
PM		 1324static int cmd_valid_while_locked(SDState *sd, SDRequest *req)
1325{
1326 /* Valid commands in locked state:
1327 * basic class (0)
1328 * lock card class (7)
1329 * CMD16
1330 * implicitly, the ACMD prefix CMD55
1331 * ACMD41 and ACMD42
1332 * Anything else provokes an "illegal command" response.
1333 */
1d06cb7a 1334 if (sd->expecting_acmd) {
25881d33
PM		 1335 return req->cmd == 41 || req->cmd == 42;
1336 }
1337 if (req->cmd == 16 || req->cmd == 55) {
1338 return 1;
1339 }
1340 return sd_cmd_class[req->cmd] == 0 || sd_cmd_class[req->cmd] == 7;
1341}
1342
bc24a225 1343int sd_do_command(SDState *sd, SDRequest *req,
a1bb27b1 1344 uint8_t *response) {
10a412da 1345 int last_state;
c227f099 1346 sd_rsp_type_t rtype;
a1bb27b1
PB		 1347 int rsplen;
1348
4be74634 1349 if (!sd->blk || !blk_is_inserted(sd->blk) || !sd->enable) {
a1bb27b1
PB		 1350 return 0;
1351 }
1352
1353 if (sd_req_crc_validate(req)) {
abda1f37 1354 sd->card_status |= COM_CRC_ERROR;
b1f517ed
PM		 1355 rtype = sd_illegal;
1356 goto send_response;
a1bb27b1
PB		 1357 }
1358
10a412da 1359 if (sd->card_status & CARD_IS_LOCKED) {
25881d33 1360 if (!cmd_valid_while_locked(sd, req)) {
a1bb27b1 1361 sd->card_status |= ILLEGAL_COMMAND;
bebd1271 1362 sd->expecting_acmd = false;
827df9f3 1363 fprintf(stderr, "SD: Card is locked\n");
b1f517ed
PM		 1364 rtype = sd_illegal;
1365 goto send_response;
a1bb27b1 1366 }
25881d33 1367 }
a1bb27b1 1368
10a412da
PM		 1369 last_state = sd->state;
1370 sd_set_mode(sd);
1371
1d06cb7a 1372 if (sd->expecting_acmd) {
bebd1271 1373 sd->expecting_acmd = false;
a1bb27b1 1374 rtype = sd_app_command(sd, *req);
1d06cb7a 1375 } else {
a1bb27b1 1376 rtype = sd_normal_command(sd, *req);
1d06cb7a 1377 }
a1bb27b1 1378
53bb8cc4
PM		 1379 if (rtype == sd_illegal) {
1380 sd->card_status |= ILLEGAL_COMMAND;
10a412da
PM		 1381 } else {
1382 /* Valid command, we can update the 'state before command' bits.
1383 * (Do this now so they appear in r1 responses.)
1384 */
1385 sd->current_cmd = req->cmd;
1386 sd->card_status &= ~CURRENT_STATE;
1387 sd->card_status |= (last_state << 9);
53bb8cc4
PM		 1388 }
1389
b1f517ed 1390send_response:
a1bb27b1
PB		 1391 switch (rtype) {
1392 case sd_r1:
1393 case sd_r1b:
10a412da 1394 sd_response_r1_make(sd, response);
a1bb27b1
PB		 1395 rsplen = 4;
1396 break;
1397
1398 case sd_r2_i:
1399 memcpy(response, sd->cid, sizeof(sd->cid));
a1bb27b1
PB		 1400 rsplen = 16;
1401 break;
1402
1403 case sd_r2_s:
1404 memcpy(response, sd->csd, sizeof(sd->csd));
a1bb27b1
PB		 1405 rsplen = 16;
1406 break;
1407
1408 case sd_r3:
1409 sd_response_r3_make(sd, response);
1410 rsplen = 4;
1411 break;
1412
1413 case sd_r6:
1414 sd_response_r6_make(sd, response);
1415 rsplen = 4;
1416 break;
1417
1b088995
AZ		 1418 case sd_r7:
1419 sd_response_r7_make(sd, response);
1420 rsplen = 4;
1421 break;
1422
a1bb27b1 1423 case sd_r0:
53bb8cc4 1424 case sd_illegal:
a1bb27b1
PB		 1425 default:
1426 rsplen = 0;
1427 break;
1428 }
1429
10a412da
PM		 1430 if (rtype != sd_illegal) {
1431 /* Clear the "clear on valid command" status bits now we've
1432 * sent any response
1433 */
1434 sd->card_status &= ~CARD_STATUS_B;
1435 }
1436
a1bb27b1
PB		 1437#ifdef DEBUG_SD
1438 if (rsplen) {
1439 int i;
1440 DPRINTF("Response:");
1441 for (i = 0; i < rsplen; i++)
038d3d44
PC		 1442 fprintf(stderr, " %02x", response[i]);
1443 fprintf(stderr, " state %d\n", sd->state);
a1bb27b1
PB		 1444 } else {
1445 DPRINTF("No response %d\n", sd->state);
1446 }
1447#endif
1448
1449 return rsplen;
1450}
1451
2d7adea4 1452static void sd_blk_read(SDState *sd, uint64_t addr, uint32_t len)
a1bb27b1 1453{
2d7adea4 1454 uint64_t end = addr + len;
a1bb27b1 1455
2d7adea4
AZ		 1456 DPRINTF("sd_blk_read: addr = 0x%08llx, len = %d\n",
1457 (unsigned long long) addr, len);
4be74634 1458 if (!sd->blk || blk_read(sd->blk, addr >> 9, sd->buf, 1) < 0) {
827df9f3 1459 fprintf(stderr, "sd_blk_read: read error on host side\n");
a1bb27b1
PB		 1460 return;
1461 }
1462
1463 if (end > (addr & ~511) + 512) {
33f00271 1464 memcpy(sd->data, sd->buf + (addr & 511), 512 - (addr & 511));
a1bb27b1 1465
4be74634 1466 if (blk_read(sd->blk, end >> 9, sd->buf, 1) < 0) {
827df9f3 1467 fprintf(stderr, "sd_blk_read: read error on host side\n");
a1bb27b1
PB		 1468 return;
1469 }
33f00271 1470 memcpy(sd->data + 512 - (addr & 511), sd->buf, end & 511);
a1bb27b1 1471 } else
33f00271 1472 memcpy(sd->data, sd->buf + (addr & 511), len);
a1bb27b1
PB		 1473}
1474
2d7adea4 1475static void sd_blk_write(SDState *sd, uint64_t addr, uint32_t len)
a1bb27b1 1476{
2d7adea4 1477 uint64_t end = addr + len;
a1bb27b1
PB		 1478
1479 if ((addr & 511) || len < 512)
4be74634 1480 if (!sd->blk || blk_read(sd->blk, addr >> 9, sd->buf, 1) < 0) {
827df9f3 1481 fprintf(stderr, "sd_blk_write: read error on host side\n");
a1bb27b1
PB		 1482 return;
1483 }
1484
1485 if (end > (addr & ~511) + 512) {
33f00271 1486 memcpy(sd->buf + (addr & 511), sd->data, 512 - (addr & 511));
4be74634 1487 if (blk_write(sd->blk, addr >> 9, sd->buf, 1) < 0) {
827df9f3 1488 fprintf(stderr, "sd_blk_write: write error on host side\n");
a1bb27b1
PB		 1489 return;
1490 }
1491
4be74634 1492 if (blk_read(sd->blk, end >> 9, sd->buf, 1) < 0) {
827df9f3 1493 fprintf(stderr, "sd_blk_write: read error on host side\n");
a1bb27b1
PB		 1494 return;
1495 }
33f00271 1496 memcpy(sd->buf, sd->data + 512 - (addr & 511), end & 511);
4be74634 1497 if (blk_write(sd->blk, end >> 9, sd->buf, 1) < 0) {
827df9f3 1498 fprintf(stderr, "sd_blk_write: write error on host side\n");
7a608f56 1499 }
a1bb27b1 1500 } else {
33f00271 1501 memcpy(sd->buf + (addr & 511), sd->data, len);
4be74634 1502 if (!sd->blk || blk_write(sd->blk, addr >> 9, sd->buf, 1) < 0) {
827df9f3 1503 fprintf(stderr, "sd_blk_write: write error on host side\n");
7a608f56 1504 }
a1bb27b1
PB		 1505 }
1506}
1507
33f00271
AZ		 1508#define BLK_READ_BLOCK(a, len) sd_blk_read(sd, a, len)
1509#define BLK_WRITE_BLOCK(a, len) sd_blk_write(sd, a, len)
a1bb27b1
PB		 1510#define APP_READ_BLOCK(a, len) memset(sd->data, 0xec, len)
1511#define APP_WRITE_BLOCK(a, len)
1512
1513void sd_write_data(SDState *sd, uint8_t value)
1514{
1515 int i;
1516
4be74634 1517 if (!sd->blk || !blk_is_inserted(sd->blk) || !sd->enable)
a1bb27b1
PB		 1518 return;
1519
1520 if (sd->state != sd_receivingdata_state) {
827df9f3 1521 fprintf(stderr, "sd_write_data: not in Receiving-Data state\n");
a1bb27b1
PB		 1522 return;
1523 }
1524
1525 if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION))
1526 return;
1527
1528 switch (sd->current_cmd) {
1529 case 24: /* CMD24: WRITE_SINGLE_BLOCK */
1530 sd->data[sd->data_offset ++] = value;
1531 if (sd->data_offset >= sd->blk_len) {
1532 /* TODO: Check CRC before committing */
1533 sd->state = sd_programming_state;
1534 BLK_WRITE_BLOCK(sd->data_start, sd->data_offset);
1535 sd->blk_written ++;
1536 sd->csd[14] |= 0x40;
1537 /* Bzzzzzzztt .... Operation complete. */
1538 sd->state = sd_transfer_state;
1539 }
1540 break;
1541
1542 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
33fa8234 1543 if (sd->data_offset == 0) {
e03ba136 1544 /* Start of the block - let's check the address is valid */
a1bb27b1
PB		 1545 if (sd->data_start + sd->blk_len > sd->size) {
1546 sd->card_status |= ADDRESS_ERROR;
1547 break;
1548 }
1549 if (sd_wp_addr(sd, sd->data_start)) {
1550 sd->card_status |= WP_VIOLATION;
1551 break;
1552 }
33fa8234
DDAG		 1553 }
1554 sd->data[sd->data_offset++] = value;
1555 if (sd->data_offset >= sd->blk_len) {
1556 /* TODO: Check CRC before committing */
1557 sd->state = sd_programming_state;
1558 BLK_WRITE_BLOCK(sd->data_start, sd->data_offset);
1559 sd->blk_written++;
1560 sd->data_start += sd->blk_len;
1561 sd->data_offset = 0;
a1bb27b1
PB		 1562 sd->csd[14] |= 0x40;
1563
1564 /* Bzzzzzzztt .... Operation complete. */
1565 sd->state = sd_receivingdata_state;
1566 }
1567 break;
1568
1569 case 26: /* CMD26: PROGRAM_CID */
1570 sd->data[sd->data_offset ++] = value;
1571 if (sd->data_offset >= sizeof(sd->cid)) {
1572 /* TODO: Check CRC before committing */
1573 sd->state = sd_programming_state;
1574 for (i = 0; i < sizeof(sd->cid); i ++)
1575 if ((sd->cid[i] | 0x00) != sd->data[i])
1576 sd->card_status |= CID_CSD_OVERWRITE;
1577
1578 if (!(sd->card_status & CID_CSD_OVERWRITE))
1579 for (i = 0; i < sizeof(sd->cid); i ++) {
1580 sd->cid[i] |= 0x00;
1581 sd->cid[i] &= sd->data[i];
1582 }
1583 /* Bzzzzzzztt .... Operation complete. */
1584 sd->state = sd_transfer_state;
1585 }
1586 break;
1587
1588 case 27: /* CMD27: PROGRAM_CSD */
1589 sd->data[sd->data_offset ++] = value;
1590 if (sd->data_offset >= sizeof(sd->csd)) {
1591 /* TODO: Check CRC before committing */
1592 sd->state = sd_programming_state;
1593 for (i = 0; i < sizeof(sd->csd); i ++)
1594 if ((sd->csd[i] | sd_csd_rw_mask[i]) !=
1595 (sd->data[i] | sd_csd_rw_mask[i]))
1596 sd->card_status |= CID_CSD_OVERWRITE;
1597
1598 /* Copy flag (OTP) & Permanent write protect */
1599 if (sd->csd[14] & ~sd->data[14] & 0x60)
1600 sd->card_status |= CID_CSD_OVERWRITE;
1601
1602 if (!(sd->card_status & CID_CSD_OVERWRITE))
1603 for (i = 0; i < sizeof(sd->csd); i ++) {
1604 sd->csd[i] |= sd_csd_rw_mask[i];
1605 sd->csd[i] &= sd->data[i];
1606 }
1607 /* Bzzzzzzztt .... Operation complete. */
1608 sd->state = sd_transfer_state;
1609 }
1610 break;
1611
1612 case 42: /* CMD42: LOCK_UNLOCK */
1613 sd->data[sd->data_offset ++] = value;
1614 if (sd->data_offset >= sd->blk_len) {
1615 /* TODO: Check CRC before committing */
1616 sd->state = sd_programming_state;
1617 sd_lock_command(sd);
1618 /* Bzzzzzzztt .... Operation complete. */
1619 sd->state = sd_transfer_state;
1620 }
1621 break;
1622
1623 case 56: /* CMD56: GEN_CMD */
1624 sd->data[sd->data_offset ++] = value;
1625 if (sd->data_offset >= sd->blk_len) {
1626 APP_WRITE_BLOCK(sd->data_start, sd->data_offset);
1627 sd->state = sd_transfer_state;
1628 }
1629 break;
1630
1631 default:
827df9f3 1632 fprintf(stderr, "sd_write_data: unknown command\n");
a1bb27b1
PB		 1633 break;
1634 }
1635}
1636
1637uint8_t sd_read_data(SDState *sd)
1638{
1639 /* TODO: Append CRCs */
1640 uint8_t ret;
2d7adea4 1641 int io_len;
a1bb27b1 1642
4be74634 1643 if (!sd->blk || !blk_is_inserted(sd->blk) || !sd->enable)
a1bb27b1
PB		 1644 return 0x00;
1645
1646 if (sd->state != sd_sendingdata_state) {
827df9f3 1647 fprintf(stderr, "sd_read_data: not in Sending-Data state\n");
a1bb27b1
PB		 1648 return 0x00;
1649 }
1650
1651 if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION))
1652 return 0x00;
1653
2d7adea4
AZ		 1654 io_len = (sd->ocr & (1 << 30)) ? 512 : sd->blk_len;
1655
a1bb27b1
PB		 1656 switch (sd->current_cmd) {
1657 case 6: /* CMD6: SWITCH_FUNCTION */
1658 ret = sd->data[sd->data_offset ++];
1659
1660 if (sd->data_offset >= 64)
1661 sd->state = sd_transfer_state;
1662 break;
1663
775616c3
PB		 1664 case 9: /* CMD9: SEND_CSD */
1665 case 10: /* CMD10: SEND_CID */
1666 ret = sd->data[sd->data_offset ++];
1667
1668 if (sd->data_offset >= 16)
1669 sd->state = sd_transfer_state;
1670 break;
1671
a1bb27b1
PB		 1672 case 11: /* CMD11: READ_DAT_UNTIL_STOP */
1673 if (sd->data_offset == 0)
2d7adea4 1674 BLK_READ_BLOCK(sd->data_start, io_len);
a1bb27b1
PB		 1675 ret = sd->data[sd->data_offset ++];
1676
2d7adea4
AZ		 1677 if (sd->data_offset >= io_len) {
1678 sd->data_start += io_len;
a1bb27b1 1679 sd->data_offset = 0;
2d7adea4 1680 if (sd->data_start + io_len > sd->size) {
a1bb27b1
PB		 1681 sd->card_status |= ADDRESS_ERROR;
1682 break;
1683 }
1684 }
1685 break;
1686
1687 case 13: /* ACMD13: SD_STATUS */
1688 ret = sd->sd_status[sd->data_offset ++];
1689
1690 if (sd->data_offset >= sizeof(sd->sd_status))
1691 sd->state = sd_transfer_state;
1692 break;
1693
1694 case 17: /* CMD17: READ_SINGLE_BLOCK */
1695 if (sd->data_offset == 0)
2d7adea4 1696 BLK_READ_BLOCK(sd->data_start, io_len);
a1bb27b1
PB		 1697 ret = sd->data[sd->data_offset ++];
1698
2d7adea4 1699 if (sd->data_offset >= io_len)
a1bb27b1
PB		 1700 sd->state = sd_transfer_state;
1701 break;
1702
1703 case 18: /* CMD18: READ_MULTIPLE_BLOCK */
1704 if (sd->data_offset == 0)
2d7adea4 1705 BLK_READ_BLOCK(sd->data_start, io_len);
a1bb27b1
PB		 1706 ret = sd->data[sd->data_offset ++];
1707
2d7adea4
AZ		 1708 if (sd->data_offset >= io_len) {
1709 sd->data_start += io_len;
a1bb27b1 1710 sd->data_offset = 0;
2d7adea4 1711 if (sd->data_start + io_len > sd->size) {
a1bb27b1
PB		 1712 sd->card_status |= ADDRESS_ERROR;
1713 break;
1714 }
1715 }
1716 break;
1717
1718 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
1719 ret = sd->data[sd->data_offset ++];
1720
1721 if (sd->data_offset >= 4)
1722 sd->state = sd_transfer_state;
1723 break;
1724
1725 case 30: /* CMD30: SEND_WRITE_PROT */
1726 ret = sd->data[sd->data_offset ++];
1727
1728 if (sd->data_offset >= 4)
1729 sd->state = sd_transfer_state;
1730 break;
1731
1732 case 51: /* ACMD51: SEND_SCR */
1733 ret = sd->scr[sd->data_offset ++];
1734
1735 if (sd->data_offset >= sizeof(sd->scr))
1736 sd->state = sd_transfer_state;
1737 break;
1738
1739 case 56: /* CMD56: GEN_CMD */
1740 if (sd->data_offset == 0)
1741 APP_READ_BLOCK(sd->data_start, sd->blk_len);
1742 ret = sd->data[sd->data_offset ++];
1743
1744 if (sd->data_offset >= sd->blk_len)
1745 sd->state = sd_transfer_state;
1746 break;
1747
1748 default:
827df9f3 1749 fprintf(stderr, "sd_read_data: unknown command\n");
a1bb27b1
PB		 1750 return 0x00;
1751 }
1752
1753 return ret;
1754}
1755
879bf4a7 1756bool sd_data_ready(SDState *sd)
a1bb27b1
PB		 1757{
1758 return sd->state == sd_sendingdata_state;
1759}
827df9f3 1760
bebd1271 1761void sd_enable(SDState *sd, bool enable)
827df9f3
AZ		 1762{
1763 sd->enable = enable;
1764}
Empty description
This page took 1.103136 seconds and 4 git commands to generate.