]> Git Repo - qemu.git/blame - hw/sd/sd.c
projects / qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
sdcard: add more trace events
[qemu.git] / hw / sd / sd.c
CommitLineData
5fafdf24 1/*
a1bb27b1
PB		 2 * SD Memory Card emulation as defined in the "SD Memory Card Physical
3 * layer specification, Version 1.10."
4 *
5 * Copyright (c) 2006 Andrzej Zaborowski <[email protected]>
6 * Copyright (c) 2007 CodeSourcery
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in
16 * the documentation and/or other materials provided with the
17 * distribution.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS''
20 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
21 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
22 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR
23 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
24 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
25 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
26 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
27 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
28 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
29 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
30 */
31
0430891c 32#include "qemu/osdep.h"
c759a790 33#include "hw/qdev.h"
83c9f4ca 34#include "hw/hw.h"
4be74634 35#include "sysemu/block-backend.h"
e3382ef0 36#include "hw/sd/sd.h"
da34e65c 37#include "qapi/error.h"
1de7afc9 38#include "qemu/bitmap.h"
260bc9d8
PM		 39#include "hw/qdev-properties.h"
40#include "qemu/error-report.h"
dd26eb43 41#include "qemu/timer.h"
03dd024f 42#include "qemu/log.h"
1b640aa9 43#include "trace.h"
a1bb27b1
PB		 44
45//#define DEBUG_SD 1
46
dd26eb43
AB		 47#define ACMD41_ENQUIRY_MASK 0x00ffffff
48#define OCR_POWER_UP 0x80000000
49#define OCR_POWER_DELAY_NS 500000 /* 0.5ms */
37ab4a56 50
a1bb27b1
PB		 51typedef enum {
52 sd_r0 = 0, /* no response */
53 sd_r1, /* normal response command */
54 sd_r2_i, /* CID register */
55 sd_r2_s, /* CSD register */
56 sd_r3, /* OCR register */
57 sd_r6 = 6, /* Published RCA response */
1b088995 58 sd_r7, /* Operating voltage */
a1bb27b1 59 sd_r1b = -1,
53bb8cc4 60 sd_illegal = -2,
c227f099 61} sd_rsp_type_t;
a1bb27b1 62
50a5be6c
IM		 63enum SDCardModes {
64 sd_inactive,
65 sd_card_identification_mode,
66 sd_data_transfer_mode,
67};
68
69enum SDCardStates {
70 sd_inactive_state = -1,
71 sd_idle_state = 0,
72 sd_ready_state,
73 sd_identification_state,
74 sd_standby_state,
75 sd_transfer_state,
76 sd_sendingdata_state,
77 sd_receivingdata_state,
78 sd_programming_state,
79 sd_disconnect_state,
80};
81
a1bb27b1 82struct SDState {
260bc9d8
PM		 83 DeviceState parent_obj;
84
d49b1ce0 85 /* SD Memory Card Registers */
a1bb27b1
PB		 86 uint32_t ocr;
87 uint8_t scr[8];
88 uint8_t cid[16];
89 uint8_t csd[16];
90 uint16_t rca;
91 uint32_t card_status;
92 uint8_t sd_status[64];
d49b1ce0
PMD		 93
94 /* Configurable properties */
95 BlockBackend *blk;
96 bool spi;
97
98 uint32_t mode; /* current card mode, one of SDCardModes */
99 int32_t state; /* current card state, one of SDCardStates */
1b088995 100 uint32_t vhs;
bebd1271 101 bool wp_switch;
a9c01830 102 unsigned long *wp_groups;
50a5be6c 103 int32_t wpgrps_size;
2d7adea4 104 uint64_t size;
50a5be6c 105 uint32_t blk_len;
4481bbc7 106 uint32_t multi_blk_cnt;
a1bb27b1
PB		 107 uint32_t erase_start;
108 uint32_t erase_end;
109 uint8_t pwd[16];
50a5be6c
IM		 110 uint32_t pwd_len;
111 uint8_t function_group[6];
50a5be6c 112 uint8_t current_cmd;
1d06cb7a
PM		 113 /* True if we will handle the next command as an ACMD. Note that this does
114 * *not* track the APP_CMD status bit!
115 */
bebd1271 116 bool expecting_acmd;
50a5be6c 117 uint32_t blk_written;
2d7adea4 118 uint64_t data_start;
a1bb27b1
PB		 119 uint32_t data_offset;
120 uint8_t data[512];
02ce600c
AZ		 121 qemu_irq readonly_cb;
122 qemu_irq inserted_cb;
d49b1ce0 123 QEMUTimer *ocr_power_timer;
bebd1271 124 bool enable;
da346922
PMD		 125 uint8_t dat_lines;
126 bool cmd_line;
a1bb27b1
PB		 127};
128
1b640aa9
PMD		 129static const char *sd_state_name(enum SDCardStates state)
130{
131 static const char *state_name[] = {
132 [sd_idle_state] = "idle",
133 [sd_ready_state] = "ready",
134 [sd_identification_state] = "identification",
135 [sd_standby_state] = "standby",
136 [sd_transfer_state] = "transfer",
137 [sd_sendingdata_state] = "sendingdata",
138 [sd_receivingdata_state] = "receivingdata",
139 [sd_programming_state] = "programming",
140 [sd_disconnect_state] = "disconnect",
141 };
142 if (state == sd_inactive_state) {
143 return "inactive";
144 }
145 assert(state <= ARRAY_SIZE(state_name));
146 return state_name[state];
147}
148
55921932
PMD		 149static const char *sd_response_name(sd_rsp_type_t rsp)
150{
151 static const char *response_name[] = {
152 [sd_r0] = "RESP#0 (no response)",
153 [sd_r1] = "RESP#1 (normal cmd)",
154 [sd_r2_i] = "RESP#2 (CID reg)",
155 [sd_r2_s] = "RESP#2 (CSD reg)",
156 [sd_r3] = "RESP#3 (OCR reg)",
157 [sd_r6] = "RESP#6 (RCA)",
158 [sd_r7] = "RESP#7 (operating voltage)",
159 };
160 if (rsp == sd_illegal) {
161 return "ILLEGAL RESP";
162 }
163 if (rsp == sd_r1b) {
164 rsp = sd_r1;
165 }
166 assert(rsp <= ARRAY_SIZE(response_name));
167 return response_name[rsp];
168}
169
da346922
PMD		 170static uint8_t sd_get_dat_lines(SDState *sd)
171{
172 return sd->enable ? sd->dat_lines : 0;
173}
174
175static bool sd_get_cmd_line(SDState *sd)
176{
177 return sd->enable ? sd->cmd_line : false;
178}
179
0034ebe6
PMD		 180static void sd_set_voltage(SDState *sd, uint16_t millivolts)
181{
814b2adc
PMD		 182 trace_sdcard_set_voltage(millivolts);
183
0034ebe6
PMD		 184 switch (millivolts) {
185 case 3001 ... 3600: /* SD_VOLTAGE_3_3V */
186 case 2001 ... 3000: /* SD_VOLTAGE_3_0V */
187 break;
188 default:
189 qemu_log_mask(LOG_GUEST_ERROR, "SD card voltage not supported: %.3fV",
190 millivolts / 1000.f);
191 }
192}
193
10a412da 194static void sd_set_mode(SDState *sd)
a1bb27b1
PB		 195{
196 switch (sd->state) {
197 case sd_inactive_state:
198 sd->mode = sd_inactive;
199 break;
200
201 case sd_idle_state:
202 case sd_ready_state:
203 case sd_identification_state:
204 sd->mode = sd_card_identification_mode;
205 break;
206
207 case sd_standby_state:
208 case sd_transfer_state:
209 case sd_sendingdata_state:
210 case sd_receivingdata_state:
211 case sd_programming_state:
212 case sd_disconnect_state:
213 sd->mode = sd_data_transfer_mode;
214 break;
215 }
a1bb27b1
PB		 216}
217
c227f099 218static const sd_cmd_type_t sd_cmd_type[64] = {
a1bb27b1 219 sd_bc, sd_none, sd_bcr, sd_bcr, sd_none, sd_none, sd_none, sd_ac,
1b088995 220 sd_bcr, sd_ac, sd_ac, sd_adtc, sd_ac, sd_ac, sd_none, sd_ac,
a1bb27b1
PB		 221 sd_ac, sd_adtc, sd_adtc, sd_none, sd_none, sd_none, sd_none, sd_none,
222 sd_adtc, sd_adtc, sd_adtc, sd_adtc, sd_ac, sd_ac, sd_adtc, sd_none,
223 sd_ac, sd_ac, sd_none, sd_none, sd_none, sd_none, sd_ac, sd_none,
224 sd_none, sd_none, sd_bc, sd_none, sd_none, sd_none, sd_none, sd_none,
225 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_ac,
226 sd_adtc, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
227};
228
a1bb27b1
PB		 229static const int sd_cmd_class[64] = {
230 0, 0, 0, 0, 0, 9, 10, 0, 0, 0, 0, 1, 0, 0, 0, 0,
231 2, 2, 2, 2, 3, 3, 3, 3, 4, 4, 4, 4, 6, 6, 6, 6,
232 5, 5, 10, 10, 10, 10, 5, 9, 9, 9, 7, 7, 7, 7, 7, 7,
233 7, 7, 10, 7, 9, 9, 9, 8, 8, 10, 8, 8, 8, 8, 8, 8,
234};
235
236static uint8_t sd_crc7(void *message, size_t width)
237{
238 int i, bit;
239 uint8_t shift_reg = 0x00;
240 uint8_t *msg = (uint8_t *) message;
241
242 for (i = 0; i < width; i ++, msg ++)
243 for (bit = 7; bit >= 0; bit --) {
244 shift_reg <<= 1;
245 if ((shift_reg >> 7) ^ ((*msg >> bit) & 1))
246 shift_reg ^= 0x89;
247 }
248
249 return shift_reg;
250}
251
252static uint16_t sd_crc16(void *message, size_t width)
253{
254 int i, bit;
255 uint16_t shift_reg = 0x0000;
256 uint16_t *msg = (uint16_t *) message;
257 width <<= 1;
258
259 for (i = 0; i < width; i ++, msg ++)
260 for (bit = 15; bit >= 0; bit --) {
261 shift_reg <<= 1;
262 if ((shift_reg >> 15) ^ ((*msg >> bit) & 1))
263 shift_reg ^= 0x1011;
264 }
265
266 return shift_reg;
267}
268
269static void sd_set_ocr(SDState *sd)
270{
dd26eb43
AB		 271 /* All voltages OK, Standard Capacity SD Memory Card, not yet powered up */
272 sd->ocr = 0x00ffff00;
273}
274
275static void sd_ocr_powerup(void *opaque)
276{
277 SDState *sd = opaque;
278
814b2adc 279 trace_sdcard_powerup();
dd26eb43
AB		 280 /* Set powered up bit in OCR */
281 assert(!(sd->ocr & OCR_POWER_UP));
282 sd->ocr |= OCR_POWER_UP;
a1bb27b1
PB		 283}
284
285static void sd_set_scr(SDState *sd)
286{
287 sd->scr[0] = 0x00; /* SCR Structure */
288 sd->scr[1] = 0x2f; /* SD Security Support */
289 sd->scr[2] = 0x00;
290 sd->scr[3] = 0x00;
291 sd->scr[4] = 0x00;
292 sd->scr[5] = 0x00;
293 sd->scr[6] = 0x00;
294 sd->scr[7] = 0x00;
295}
296
297#define MID 0xaa
298#define OID "XY"
299#define PNM "QEMU!"
300#define PRV 0x01
301#define MDT_YR 2006
302#define MDT_MON 2
303
304static void sd_set_cid(SDState *sd)
305{
306 sd->cid[0] = MID; /* Fake card manufacturer ID (MID) */
307 sd->cid[1] = OID[0]; /* OEM/Application ID (OID) */
308 sd->cid[2] = OID[1];
309 sd->cid[3] = PNM[0]; /* Fake product name (PNM) */
310 sd->cid[4] = PNM[1];
311 sd->cid[5] = PNM[2];
312 sd->cid[6] = PNM[3];
313 sd->cid[7] = PNM[4];
314 sd->cid[8] = PRV; /* Fake product revision (PRV) */
315 sd->cid[9] = 0xde; /* Fake serial number (PSN) */
316 sd->cid[10] = 0xad;
317 sd->cid[11] = 0xbe;
318 sd->cid[12] = 0xef;
319 sd->cid[13] = 0x00 | /* Manufacture date (MDT) */
320 ((MDT_YR - 2000) / 10);
321 sd->cid[14] = ((MDT_YR % 10) << 4) | MDT_MON;
322 sd->cid[15] = (sd_crc7(sd->cid, 15) << 1) | 1;
323}
324
325#define HWBLOCK_SHIFT 9 /* 512 bytes */
326#define SECTOR_SHIFT 5 /* 16 kilobytes */
327#define WPGROUP_SHIFT 7 /* 2 megs */
328#define CMULT_SHIFT 9 /* 512 times HWBLOCK_SIZE */
a1bb27b1
PB		 329#define WPGROUP_SIZE (1 << (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT))
330
331static const uint8_t sd_csd_rw_mask[16] = {
332 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
333 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xfc, 0xfe,
334};
335
2d7adea4 336static void sd_set_csd(SDState *sd, uint64_t size)
a1bb27b1
PB		 337{
338 uint32_t csize = (size >> (CMULT_SHIFT + HWBLOCK_SHIFT)) - 1;
339 uint32_t sectsize = (1 << (SECTOR_SHIFT + 1)) - 1;
340 uint32_t wpsize = (1 << (WPGROUP_SHIFT + 1)) - 1;
341
2d7adea4
AZ		 342 if (size <= 0x40000000) { /* Standard Capacity SD */
343 sd->csd[0] = 0x00; /* CSD structure */
344 sd->csd[1] = 0x26; /* Data read access-time-1 */
345 sd->csd[2] = 0x00; /* Data read access-time-2 */
346 sd->csd[3] = 0x5a; /* Max. data transfer rate */
347 sd->csd[4] = 0x5f; /* Card Command Classes */
348 sd->csd[5] = 0x50 | /* Max. read data block length */
349 HWBLOCK_SHIFT;
350 sd->csd[6] = 0xe0 | /* Partial block for read allowed */
351 ((csize >> 10) & 0x03);
352 sd->csd[7] = 0x00 | /* Device size */
353 ((csize >> 2) & 0xff);
354 sd->csd[8] = 0x3f | /* Max. read current */
355 ((csize << 6) & 0xc0);
356 sd->csd[9] = 0xfc | /* Max. write current */
357 ((CMULT_SHIFT - 2) >> 1);
358 sd->csd[10] = 0x40 | /* Erase sector size */
359 (((CMULT_SHIFT - 2) << 7) & 0x80) | (sectsize >> 1);
360 sd->csd[11] = 0x00 | /* Write protect group size */
361 ((sectsize << 7) & 0x80) | wpsize;
362 sd->csd[12] = 0x90 | /* Write speed factor */
363 (HWBLOCK_SHIFT >> 2);
364 sd->csd[13] = 0x20 | /* Max. write data block length */
365 ((HWBLOCK_SHIFT << 6) & 0xc0);
366 sd->csd[14] = 0x00; /* File format group */
367 sd->csd[15] = (sd_crc7(sd->csd, 15) << 1) | 1;
368 } else { /* SDHC */
369 size /= 512 * 1024;
370 size -= 1;
371 sd->csd[0] = 0x40;
372 sd->csd[1] = 0x0e;
373 sd->csd[2] = 0x00;
374 sd->csd[3] = 0x32;
375 sd->csd[4] = 0x5b;
376 sd->csd[5] = 0x59;
377 sd->csd[6] = 0x00;
378 sd->csd[7] = (size >> 16) & 0xff;
379 sd->csd[8] = (size >> 8) & 0xff;
380 sd->csd[9] = (size & 0xff);
381 sd->csd[10] = 0x7f;
382 sd->csd[11] = 0x80;
383 sd->csd[12] = 0x0a;
384 sd->csd[13] = 0x40;
385 sd->csd[14] = 0x00;
386 sd->csd[15] = 0x00;
e03ba136 387 sd->ocr |= 1 << 30; /* High Capacity SD Memory Card */
2d7adea4 388 }
a1bb27b1
PB		 389}
390
391static void sd_set_rca(SDState *sd)
392{
393 sd->rca += 0x4567;
394}
395
b8d334c8
PM		 396/* Card status bits, split by clear condition:
397 * A : According to the card current state
398 * B : Always related to the previous command
399 * C : Cleared by read
400 */
a1bb27b1
PB		 401#define CARD_STATUS_A 0x02004100
402#define CARD_STATUS_B 0x00c01e00
403#define CARD_STATUS_C 0xfd39a028
404
405static void sd_set_cardstatus(SDState *sd)
406{
407 sd->card_status = 0x00000100;
408}
409
410static void sd_set_sdstatus(SDState *sd)
411{
412 memset(sd->sd_status, 0, 64);
413}
414
bc24a225 415static int sd_req_crc_validate(SDRequest *req)
a1bb27b1
PB		 416{
417 uint8_t buffer[5];
418 buffer[0] = 0x40 | req->cmd;
419 buffer[1] = (req->arg >> 24) & 0xff;
420 buffer[2] = (req->arg >> 16) & 0xff;
421 buffer[3] = (req->arg >> 8) & 0xff;
422 buffer[4] = (req->arg >> 0) & 0xff;
423 return 0;
424 return sd_crc7(buffer, 5) != req->crc; /* TODO */
425}
426
10a412da 427static void sd_response_r1_make(SDState *sd, uint8_t *response)
a1bb27b1 428{
10a412da 429 uint32_t status = sd->card_status;
1d06cb7a
PM		 430 /* Clear the "clear on read" status bits */
431 sd->card_status &= ~CARD_STATUS_C;
a1bb27b1
PB		 432
433 response[0] = (status >> 24) & 0xff;
434 response[1] = (status >> 16) & 0xff;
435 response[2] = (status >> 8) & 0xff;
436 response[3] = (status >> 0) & 0xff;
437}
438
9596ebb7 439static void sd_response_r3_make(SDState *sd, uint8_t *response)
a1bb27b1
PB		 440{
441 response[0] = (sd->ocr >> 24) & 0xff;
442 response[1] = (sd->ocr >> 16) & 0xff;
443 response[2] = (sd->ocr >> 8) & 0xff;
444 response[3] = (sd->ocr >> 0) & 0xff;
445}
446
9596ebb7 447static void sd_response_r6_make(SDState *sd, uint8_t *response)
a1bb27b1
PB		 448{
449 uint16_t arg;
450 uint16_t status;
451
452 arg = sd->rca;
453 status = ((sd->card_status >> 8) & 0xc000) |
454 ((sd->card_status >> 6) & 0x2000) |
455 (sd->card_status & 0x1fff);
fcfa9351 456 sd->card_status &= ~(CARD_STATUS_C & 0xc81fff);
a1bb27b1
PB		 457
458 response[0] = (arg >> 8) & 0xff;
459 response[1] = arg & 0xff;
460 response[2] = (status >> 8) & 0xff;
461 response[3] = status & 0xff;
462}
463
1b088995
AZ		 464static void sd_response_r7_make(SDState *sd, uint8_t *response)
465{
466 response[0] = (sd->vhs >> 24) & 0xff;
467 response[1] = (sd->vhs >> 16) & 0xff;
468 response[2] = (sd->vhs >> 8) & 0xff;
469 response[3] = (sd->vhs >> 0) & 0xff;
470}
471
b7202b88
MI		 472static inline uint64_t sd_addr_to_wpnum(uint64_t addr)
473{
474 return addr >> (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT);
475}
476
ba3ed0fa 477static void sd_reset(DeviceState *dev)
a1bb27b1 478{
ba3ed0fa 479 SDState *sd = SD_CARD(dev);
2d7adea4 480 uint64_t size;
a1bb27b1
PB		 481 uint64_t sect;
482
814b2adc 483 trace_sdcard_reset();
16b781aa
PM		 484 if (sd->blk) {
485 blk_get_geometry(sd->blk, &sect);
03f311ed
PB		 486 } else {
487 sect = 0;
488 }
5e37141b 489 size = sect << 9;
a1bb27b1 490
b7202b88 491 sect = sd_addr_to_wpnum(size) + 1;
a1bb27b1
PB		 492
493 sd->state = sd_idle_state;
494 sd->rca = 0x0000;
495 sd_set_ocr(sd);
496 sd_set_scr(sd);
497 sd_set_cid(sd);
498 sd_set_csd(sd, size);
499 sd_set_cardstatus(sd);
500 sd_set_sdstatus(sd);
501
ef1e1e07 502 g_free(sd->wp_groups);
16b781aa 503 sd->wp_switch = sd->blk ? blk_is_read_only(sd->blk) : false;
50a5be6c
IM		 504 sd->wpgrps_size = sect;
505 sd->wp_groups = bitmap_new(sd->wpgrps_size);
506 memset(sd->function_group, 0, sizeof(sd->function_group));
a1bb27b1
PB		 507 sd->erase_start = 0;
508 sd->erase_end = 0;
509 sd->size = size;
510 sd->blk_len = 0x200;
511 sd->pwd_len = 0;
bebd1271 512 sd->expecting_acmd = false;
da346922
PMD		 513 sd->dat_lines = 0xf;
514 sd->cmd_line = true;
4481bbc7 515 sd->multi_blk_cnt = 0;
a1bb27b1
PB		 516}
517
c759a790
PM		 518static bool sd_get_inserted(SDState *sd)
519{
0719e71e 520 return sd->blk && blk_is_inserted(sd->blk);
c759a790
PM		 521}
522
523static bool sd_get_readonly(SDState *sd)
524{
525 return sd->wp_switch;
526}
527
39829a01 528static void sd_cardchange(void *opaque, bool load, Error **errp)
a1bb27b1
PB		 529{
530 SDState *sd = opaque;
c759a790
PM		 531 DeviceState *dev = DEVICE(sd);
532 SDBus *sdbus = SD_BUS(qdev_get_parent_bus(dev));
533 bool inserted = sd_get_inserted(sd);
534 bool readonly = sd_get_readonly(sd);
db97ee6a 535
c759a790 536 if (inserted) {
814b2adc 537 trace_sdcard_inserted(readonly);
c759a790 538 sd_reset(dev);
814b2adc
PMD		 539 } else {
540 trace_sdcard_ejected();
c759a790
PM		 541 }
542
543 /* The IRQ notification is for legacy non-QOM SD controller devices;
544 * QOMified controllers use the SDBus APIs.
545 */
546 if (sdbus) {
547 sdbus_set_inserted(sdbus, inserted);
548 if (inserted) {
549 sdbus_set_readonly(sdbus, readonly);
550 }
551 } else {
552 qemu_set_irq(sd->inserted_cb, inserted);
553 if (inserted) {
554 qemu_set_irq(sd->readonly_cb, readonly);
555 }
a1bb27b1
PB		 556 }
557}
558
0e49de52 559static const BlockDevOps sd_block_ops = {
145feb17 560 .change_media_cb = sd_cardchange,
0e49de52
MA		 561};
562
dd26eb43
AB		 563static bool sd_ocr_vmstate_needed(void *opaque)
564{
565 SDState *sd = opaque;
566
567 /* Include the OCR state (and timer) if it is not yet powered up */
568 return !(sd->ocr & OCR_POWER_UP);
569}
570
571static const VMStateDescription sd_ocr_vmstate = {
572 .name = "sd-card/ocr-state",
573 .version_id = 1,
574 .minimum_version_id = 1,
575 .needed = sd_ocr_vmstate_needed,
576 .fields = (VMStateField[]) {
577 VMSTATE_UINT32(ocr, SDState),
578 VMSTATE_TIMER_PTR(ocr_power_timer, SDState),
579 VMSTATE_END_OF_LIST()
580 },
581};
582
583static int sd_vmstate_pre_load(void *opaque)
584{
585 SDState *sd = opaque;
586
587 /* If the OCR state is not included (prior versions, or not
588 * needed), then the OCR must be set as powered up. If the OCR state
589 * is included, this will be replaced by the state restore.
590 */
591 sd_ocr_powerup(sd);
592
593 return 0;
594}
595
50a5be6c
IM		 596static const VMStateDescription sd_vmstate = {
597 .name = "sd-card",
598 .version_id = 1,
599 .minimum_version_id = 1,
dd26eb43 600 .pre_load = sd_vmstate_pre_load,
50a5be6c
IM		 601 .fields = (VMStateField[]) {
602 VMSTATE_UINT32(mode, SDState),
603 VMSTATE_INT32(state, SDState),
604 VMSTATE_UINT8_ARRAY(cid, SDState, 16),
605 VMSTATE_UINT8_ARRAY(csd, SDState, 16),
606 VMSTATE_UINT16(rca, SDState),
607 VMSTATE_UINT32(card_status, SDState),
608 VMSTATE_PARTIAL_BUFFER(sd_status, SDState, 1),
609 VMSTATE_UINT32(vhs, SDState),
610 VMSTATE_BITMAP(wp_groups, SDState, 0, wpgrps_size),
611 VMSTATE_UINT32(blk_len, SDState),
4481bbc7 612 VMSTATE_UINT32(multi_blk_cnt, SDState),
50a5be6c
IM		 613 VMSTATE_UINT32(erase_start, SDState),
614 VMSTATE_UINT32(erase_end, SDState),
615 VMSTATE_UINT8_ARRAY(pwd, SDState, 16),
616 VMSTATE_UINT32(pwd_len, SDState),
617 VMSTATE_UINT8_ARRAY(function_group, SDState, 6),
618 VMSTATE_UINT8(current_cmd, SDState),
619 VMSTATE_BOOL(expecting_acmd, SDState),
620 VMSTATE_UINT32(blk_written, SDState),
621 VMSTATE_UINT64(data_start, SDState),
622 VMSTATE_UINT32(data_offset, SDState),
623 VMSTATE_UINT8_ARRAY(data, SDState, 512),
12c125cb 624 VMSTATE_UNUSED_V(1, 512),
50a5be6c
IM		 625 VMSTATE_BOOL(enable, SDState),
626 VMSTATE_END_OF_LIST()
dd26eb43
AB		 627 },
628 .subsections = (const VMStateDescription*[]) {
629 &sd_ocr_vmstate,
630 NULL
631 },
50a5be6c
IM		 632};
633
260bc9d8 634/* Legacy initialization function for use by non-qdevified callers */
4be74634 635SDState *sd_init(BlockBackend *blk, bool is_spi)
a1bb27b1 636{
fec44a8c 637 Object *obj;
260bc9d8
PM		 638 DeviceState *dev;
639 Error *err = NULL;
a1bb27b1 640
fec44a8c
PM		 641 obj = object_new(TYPE_SD_CARD);
642 dev = DEVICE(obj);
260bc9d8
PM		 643 qdev_prop_set_drive(dev, "drive", blk, &err);
644 if (err) {
645 error_report("sd_init failed: %s", error_get_pretty(err));
4f8a066b
KW		 646 return NULL;
647 }
260bc9d8 648 qdev_prop_set_bit(dev, "spi", is_spi);
fec44a8c 649 object_property_set_bool(obj, true, "realized", &err);
260bc9d8
PM		 650 if (err) {
651 error_report("sd_init failed: %s", error_get_pretty(err));
652 return NULL;
03f311ed 653 }
260bc9d8
PM		 654
655 return SD_CARD(dev);
a1bb27b1
PB		 656}
657
02ce600c 658void sd_set_cb(SDState *sd, qemu_irq readonly, qemu_irq insert)
a1bb27b1 659{
02ce600c
AZ		 660 sd->readonly_cb = readonly;
661 sd->inserted_cb = insert;
4be74634
MA		 662 qemu_set_irq(readonly, sd->blk ? blk_is_read_only(sd->blk) : 0);
663 qemu_set_irq(insert, sd->blk ? blk_is_inserted(sd->blk) : 0);
a1bb27b1
PB		 664}
665
666static void sd_erase(SDState *sd)
667{
f2d189d3
IM		 668 int i;
669 uint64_t erase_start = sd->erase_start;
670 uint64_t erase_end = sd->erase_end;
671
814b2adc 672 trace_sdcard_erase();
a1bb27b1
PB		 673 if (!sd->erase_start || !sd->erase_end) {
674 sd->card_status |= ERASE_SEQ_ERROR;
675 return;
676 }
677
f2d189d3
IM		 678 if (extract32(sd->ocr, OCR_CCS_BITN, 1)) {
679 /* High capacity memory card: erase units are 512 byte blocks */
680 erase_start *= 512;
681 erase_end *= 512;
682 }
683
684 erase_start = sd_addr_to_wpnum(erase_start);
685 erase_end = sd_addr_to_wpnum(erase_end);
a1bb27b1
PB		 686 sd->erase_start = 0;
687 sd->erase_end = 0;
688 sd->csd[14] |= 0x40;
689
f2d189d3 690 for (i = erase_start; i <= erase_end; i++) {
a9c01830 691 if (test_bit(i, sd->wp_groups)) {
a1bb27b1 692 sd->card_status |= WP_ERASE_SKIP;
a9c01830
MI		 693 }
694 }
a1bb27b1
PB		 695}
696
2d7adea4 697static uint32_t sd_wpbits(SDState *sd, uint64_t addr)
a1bb27b1
PB		 698{
699 uint32_t i, wpnum;
700 uint32_t ret = 0;
701
b7202b88 702 wpnum = sd_addr_to_wpnum(addr);
a1bb27b1 703
a9c01830
MI		 704 for (i = 0; i < 32; i++, wpnum++, addr += WPGROUP_SIZE) {
705 if (addr < sd->size && test_bit(wpnum, sd->wp_groups)) {
a1bb27b1 706 ret |= (1 << i);
a9c01830
MI		 707 }
708 }
a1bb27b1
PB		 709
710 return ret;
711}
712
713static void sd_function_switch(SDState *sd, uint32_t arg)
714{
715 int i, mode, new_func, crc;
716 mode = !!(arg & 0x80000000);
717
718 sd->data[0] = 0x00; /* Maximum current consumption */
719 sd->data[1] = 0x01;
720 sd->data[2] = 0x80; /* Supported group 6 functions */
721 sd->data[3] = 0x01;
722 sd->data[4] = 0x80; /* Supported group 5 functions */
723 sd->data[5] = 0x01;
724 sd->data[6] = 0x80; /* Supported group 4 functions */
725 sd->data[7] = 0x01;
726 sd->data[8] = 0x80; /* Supported group 3 functions */
727 sd->data[9] = 0x01;
728 sd->data[10] = 0x80; /* Supported group 2 functions */
729 sd->data[11] = 0x43;
730 sd->data[12] = 0x80; /* Supported group 1 functions */
731 sd->data[13] = 0x03;
732 for (i = 0; i < 6; i ++) {
733 new_func = (arg >> (i * 4)) & 0x0f;
734 if (mode && new_func != 0x0f)
735 sd->function_group[i] = new_func;
736 sd->data[14 + (i >> 1)] = new_func << ((i * 4) & 4);
737 }
738 memset(&sd->data[17], 0, 47);
739 crc = sd_crc16(sd->data, 64);
740 sd->data[65] = crc >> 8;
741 sd->data[66] = crc & 0xff;
742}
743
4e8f1be2 744static inline bool sd_wp_addr(SDState *sd, uint64_t addr)
a1bb27b1 745{
b7202b88 746 return test_bit(sd_addr_to_wpnum(addr), sd->wp_groups);
a1bb27b1
PB		 747}
748
749static void sd_lock_command(SDState *sd)
750{
751 int erase, lock, clr_pwd, set_pwd, pwd_len;
752 erase = !!(sd->data[0] & 0x08);
753 lock = sd->data[0] & 0x04;
754 clr_pwd = sd->data[0] & 0x02;
755 set_pwd = sd->data[0] & 0x01;
756
757 if (sd->blk_len > 1)
758 pwd_len = sd->data[1];
759 else
760 pwd_len = 0;
761
814b2adc
PMD		 762 if (lock) {
763 trace_sdcard_lock();
764 } else {
765 trace_sdcard_unlock();
766 }
a1bb27b1
PB		 767 if (erase) {
768 if (!(sd->card_status & CARD_IS_LOCKED) || sd->blk_len > 1 ||
769 set_pwd || clr_pwd || lock || sd->wp_switch ||
770 (sd->csd[14] & 0x20)) {
771 sd->card_status |= LOCK_UNLOCK_FAILED;
772 return;
773 }
50a5be6c 774 bitmap_zero(sd->wp_groups, sd->wpgrps_size);
a1bb27b1
PB		 775 sd->csd[14] &= ~0x10;
776 sd->card_status &= ~CARD_IS_LOCKED;
777 sd->pwd_len = 0;
778 /* Erasing the entire card here! */
827df9f3 779 fprintf(stderr, "SD: Card force-erased by CMD42\n");
a1bb27b1
PB		 780 return;
781 }
782
783 if (sd->blk_len < 2 + pwd_len ||
784 pwd_len <= sd->pwd_len ||
785 pwd_len > sd->pwd_len + 16) {
786 sd->card_status |= LOCK_UNLOCK_FAILED;
787 return;
788 }
789
790 if (sd->pwd_len && memcmp(sd->pwd, sd->data + 2, sd->pwd_len)) {
791 sd->card_status |= LOCK_UNLOCK_FAILED;
792 return;
793 }
794
795 pwd_len -= sd->pwd_len;
796 if ((pwd_len && !set_pwd) ||
797 (clr_pwd && (set_pwd || lock)) ||
798 (lock && !sd->pwd_len && !set_pwd) ||
799 (!set_pwd && !clr_pwd &&
800 (((sd->card_status & CARD_IS_LOCKED) && lock) ||
801 (!(sd->card_status & CARD_IS_LOCKED) && !lock)))) {
802 sd->card_status |= LOCK_UNLOCK_FAILED;
803 return;
804 }
805
806 if (set_pwd) {
807 memcpy(sd->pwd, sd->data + 2 + sd->pwd_len, pwd_len);
808 sd->pwd_len = pwd_len;
809 }
810
811 if (clr_pwd) {
812 sd->pwd_len = 0;
813 }
814
815 if (lock)
816 sd->card_status |= CARD_IS_LOCKED;
817 else
818 sd->card_status &= ~CARD_IS_LOCKED;
819}
820
c227f099 821static sd_rsp_type_t sd_normal_command(SDState *sd,
bc24a225 822 SDRequest req)
a1bb27b1
PB		 823{
824 uint32_t rca = 0x0000;
2d7adea4 825 uint64_t addr = (sd->ocr & (1 << 30)) ? (uint64_t) req.arg << 9 : req.arg;
a1bb27b1 826
1b640aa9
PMD		 827 trace_sdcard_normal_command(req.cmd, req.arg, sd_state_name(sd->state));
828
1d06cb7a
PM		 829 /* Not interpreting this as an app command */
830 sd->card_status &= ~APP_CMD;
831
97f4ed3b
PP		 832 if (sd_cmd_type[req.cmd & 0x3F] == sd_ac
833 || sd_cmd_type[req.cmd & 0x3F] == sd_adtc) {
a1bb27b1 834 rca = req.arg >> 16;
97f4ed3b 835 }
a1bb27b1 836
4481bbc7
AB		 837 /* CMD23 (set block count) must be immediately followed by CMD18 or CMD25
838 * if not, its effects are cancelled */
839 if (sd->multi_blk_cnt != 0 && !(req.cmd == 18 || req.cmd == 25)) {
840 sd->multi_blk_cnt = 0;
841 }
842
a1bb27b1
PB		 843 switch (req.cmd) {
844 /* Basic commands (Class 0 and Class 1) */
845 case 0: /* CMD0: GO_IDLE_STATE */
846 switch (sd->state) {
847 case sd_inactive_state:
775616c3 848 return sd->spi ? sd_r1 : sd_r0;
a1bb27b1
PB		 849
850 default:
851 sd->state = sd_idle_state;
ba3ed0fa 852 sd_reset(DEVICE(sd));
775616c3 853 return sd->spi ? sd_r1 : sd_r0;
a1bb27b1
PB		 854 }
855 break;
856
775616c3
PB		 857 case 1: /* CMD1: SEND_OP_CMD */
858 if (!sd->spi)
859 goto bad_cmd;
860
861 sd->state = sd_transfer_state;
862 return sd_r1;
863
a1bb27b1 864 case 2: /* CMD2: ALL_SEND_CID */
775616c3
PB		 865 if (sd->spi)
866 goto bad_cmd;
a1bb27b1
PB		 867 switch (sd->state) {
868 case sd_ready_state:
869 sd->state = sd_identification_state;
870 return sd_r2_i;
871
872 default:
873 break;
874 }
875 break;
876
877 case 3: /* CMD3: SEND_RELATIVE_ADDR */
775616c3
PB		 878 if (sd->spi)
879 goto bad_cmd;
a1bb27b1
PB		 880 switch (sd->state) {
881 case sd_identification_state:
882 case sd_standby_state:
883 sd->state = sd_standby_state;
884 sd_set_rca(sd);
885 return sd_r6;
886
887 default:
888 break;
889 }
890 break;
891
892 case 4: /* CMD4: SEND_DSR */
775616c3
PB		 893 if (sd->spi)
894 goto bad_cmd;
a1bb27b1
PB		 895 switch (sd->state) {
896 case sd_standby_state:
897 break;
898
899 default:
900 break;
901 }
902 break;
903
109ac32f 904 case 5: /* CMD5: reserved for SDIO cards */
53bb8cc4 905 return sd_illegal;
109ac32f 906
a1bb27b1 907 case 6: /* CMD6: SWITCH_FUNCTION */
775616c3
PB		 908 if (sd->spi)
909 goto bad_cmd;
a1bb27b1
PB		 910 switch (sd->mode) {
911 case sd_data_transfer_mode:
912 sd_function_switch(sd, req.arg);
913 sd->state = sd_sendingdata_state;
914 sd->data_start = 0;
915 sd->data_offset = 0;
916 return sd_r1;
917
918 default:
919 break;
920 }
921 break;
922
923 case 7: /* CMD7: SELECT/DESELECT_CARD */
775616c3
PB		 924 if (sd->spi)
925 goto bad_cmd;
a1bb27b1
PB		 926 switch (sd->state) {
927 case sd_standby_state:
928 if (sd->rca != rca)
929 return sd_r0;
930
931 sd->state = sd_transfer_state;
932 return sd_r1b;
933
934 case sd_transfer_state:
935 case sd_sendingdata_state:
936 if (sd->rca == rca)
937 break;
938
939 sd->state = sd_standby_state;
940 return sd_r1b;
941
942 case sd_disconnect_state:
943 if (sd->rca != rca)
944 return sd_r0;
945
946 sd->state = sd_programming_state;
947 return sd_r1b;
948
949 case sd_programming_state:
950 if (sd->rca == rca)
951 break;
952
953 sd->state = sd_disconnect_state;
954 return sd_r1b;
955
956 default:
957 break;
958 }
959 break;
960
1b088995
AZ		 961 case 8: /* CMD8: SEND_IF_COND */
962 /* Physical Layer Specification Version 2.00 command */
963 switch (sd->state) {
964 case sd_idle_state:
965 sd->vhs = 0;
966
967 /* No response if not exactly one VHS bit is set. */
c9d93318 968 if (!(req.arg >> 8) || (req.arg >> (ctz32(req.arg & ~0xff) + 1))) {
1b088995 969 return sd->spi ? sd_r7 : sd_r0;
c9d93318 970 }
1b088995
AZ		 971
972 /* Accept. */
973 sd->vhs = req.arg;
974 return sd_r7;
975
976 default:
977 break;
978 }
979 break;
980
a1bb27b1
PB		 981 case 9: /* CMD9: SEND_CSD */
982 switch (sd->state) {
983 case sd_standby_state:
984 if (sd->rca != rca)
985 return sd_r0;
986
987 return sd_r2_s;
988
775616c3
PB		 989 case sd_transfer_state:
990 if (!sd->spi)
991 break;
992 sd->state = sd_sendingdata_state;
993 memcpy(sd->data, sd->csd, 16);
2d7adea4 994 sd->data_start = addr;
775616c3
PB		 995 sd->data_offset = 0;
996 return sd_r1;
997
a1bb27b1
PB		 998 default:
999 break;
1000 }
1001 break;
1002
1003 case 10: /* CMD10: SEND_CID */
1004 switch (sd->state) {
1005 case sd_standby_state:
1006 if (sd->rca != rca)
1007 return sd_r0;
1008
1009 return sd_r2_i;
1010
775616c3
PB		 1011 case sd_transfer_state:
1012 if (!sd->spi)
1013 break;
1014 sd->state = sd_sendingdata_state;
1015 memcpy(sd->data, sd->cid, 16);
2d7adea4 1016 sd->data_start = addr;
775616c3
PB		 1017 sd->data_offset = 0;
1018 return sd_r1;
1019
a1bb27b1
PB		 1020 default:
1021 break;
1022 }
1023 break;
1024
1025 case 11: /* CMD11: READ_DAT_UNTIL_STOP */
775616c3
PB		 1026 if (sd->spi)
1027 goto bad_cmd;
a1bb27b1
PB		 1028 switch (sd->state) {
1029 case sd_transfer_state:
1030 sd->state = sd_sendingdata_state;
1031 sd->data_start = req.arg;
1032 sd->data_offset = 0;
1033
1034 if (sd->data_start + sd->blk_len > sd->size)
1035 sd->card_status |= ADDRESS_ERROR;
1036 return sd_r0;
1037
1038 default:
1039 break;
1040 }
1041 break;
1042
1043 case 12: /* CMD12: STOP_TRANSMISSION */
1044 switch (sd->state) {
1045 case sd_sendingdata_state:
1046 sd->state = sd_transfer_state;
1047 return sd_r1b;
1048
1049 case sd_receivingdata_state:
1050 sd->state = sd_programming_state;
1051 /* Bzzzzzzztt .... Operation complete. */
1052 sd->state = sd_transfer_state;
1053 return sd_r1b;
1054
1055 default:
1056 break;
1057 }
1058 break;
1059
1060 case 13: /* CMD13: SEND_STATUS */
1061 switch (sd->mode) {
1062 case sd_data_transfer_mode:
1063 if (sd->rca != rca)
1064 return sd_r0;
1065
1066 return sd_r1;
1067
1068 default:
1069 break;
1070 }
1071 break;
1072
1073 case 15: /* CMD15: GO_INACTIVE_STATE */
775616c3
PB		 1074 if (sd->spi)
1075 goto bad_cmd;
a1bb27b1
PB		 1076 switch (sd->mode) {
1077 case sd_data_transfer_mode:
1078 if (sd->rca != rca)
1079 return sd_r0;
1080
1081 sd->state = sd_inactive_state;
1082 return sd_r0;
1083
1084 default:
1085 break;
1086 }
1087 break;
1088
1089 /* Block read commands (Classs 2) */
1090 case 16: /* CMD16: SET_BLOCKLEN */
1091 switch (sd->state) {
1092 case sd_transfer_state:
814b2adc 1093 if (req.arg > (1 << HWBLOCK_SHIFT)) {
a1bb27b1 1094 sd->card_status |= BLOCK_LEN_ERROR;
814b2adc
PMD		 1095 } else {
1096 trace_sdcard_set_blocklen(req.arg);
a1bb27b1 1097 sd->blk_len = req.arg;
814b2adc 1098 }
a1bb27b1
PB		 1099
1100 return sd_r1;
1101
1102 default:
1103 break;
1104 }
1105 break;
1106
1107 case 17: /* CMD17: READ_SINGLE_BLOCK */
1108 switch (sd->state) {
1109 case sd_transfer_state:
1110 sd->state = sd_sendingdata_state;
2d7adea4 1111 sd->data_start = addr;
a1bb27b1
PB		 1112 sd->data_offset = 0;
1113
1114 if (sd->data_start + sd->blk_len > sd->size)
1115 sd->card_status |= ADDRESS_ERROR;
1116 return sd_r1;
1117
1118 default:
1119 break;
1120 }
1121 break;
1122
1123 case 18: /* CMD18: READ_MULTIPLE_BLOCK */
1124 switch (sd->state) {
1125 case sd_transfer_state:
1126 sd->state = sd_sendingdata_state;
2d7adea4 1127 sd->data_start = addr;
a1bb27b1
PB		 1128 sd->data_offset = 0;
1129
1130 if (sd->data_start + sd->blk_len > sd->size)
1131 sd->card_status |= ADDRESS_ERROR;
1132 return sd_r1;
1133
1134 default:
1135 break;
1136 }
1137 break;
1138
4481bbc7
AB		 1139 case 23: /* CMD23: SET_BLOCK_COUNT */
1140 switch (sd->state) {
1141 case sd_transfer_state:
1142 sd->multi_blk_cnt = req.arg;
1143 return sd_r1;
1144
1145 default:
1146 break;
1147 }
1148 break;
1149
a1bb27b1
PB		 1150 /* Block write commands (Class 4) */
1151 case 24: /* CMD24: WRITE_SINGLE_BLOCK */
775616c3
PB		 1152 if (sd->spi)
1153 goto unimplemented_cmd;
a1bb27b1
PB		 1154 switch (sd->state) {
1155 case sd_transfer_state:
775616c3
PB		 1156 /* Writing in SPI mode not implemented. */
1157 if (sd->spi)
1158 break;
a1bb27b1 1159 sd->state = sd_receivingdata_state;
2d7adea4 1160 sd->data_start = addr;
a1bb27b1
PB		 1161 sd->data_offset = 0;
1162 sd->blk_written = 0;
1163
1164 if (sd->data_start + sd->blk_len > sd->size)
1165 sd->card_status |= ADDRESS_ERROR;
1166 if (sd_wp_addr(sd, sd->data_start))
1167 sd->card_status |= WP_VIOLATION;
1168 if (sd->csd[14] & 0x30)
1169 sd->card_status |= WP_VIOLATION;
1170 return sd_r1;
1171
1172 default:
1173 break;
1174 }
1175 break;
1176
1177 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
775616c3
PB		 1178 if (sd->spi)
1179 goto unimplemented_cmd;
a1bb27b1
PB		 1180 switch (sd->state) {
1181 case sd_transfer_state:
775616c3
PB		 1182 /* Writing in SPI mode not implemented. */
1183 if (sd->spi)
1184 break;
a1bb27b1 1185 sd->state = sd_receivingdata_state;
2d7adea4 1186 sd->data_start = addr;
a1bb27b1
PB		 1187 sd->data_offset = 0;
1188 sd->blk_written = 0;
1189
1190 if (sd->data_start + sd->blk_len > sd->size)
1191 sd->card_status |= ADDRESS_ERROR;
1192 if (sd_wp_addr(sd, sd->data_start))
1193 sd->card_status |= WP_VIOLATION;
1194 if (sd->csd[14] & 0x30)
1195 sd->card_status |= WP_VIOLATION;
1196 return sd_r1;
1197
1198 default:
1199 break;
1200 }
1201 break;
1202
1203 case 26: /* CMD26: PROGRAM_CID */
775616c3
PB		 1204 if (sd->spi)
1205 goto bad_cmd;
a1bb27b1
PB		 1206 switch (sd->state) {
1207 case sd_transfer_state:
1208 sd->state = sd_receivingdata_state;
1209 sd->data_start = 0;
1210 sd->data_offset = 0;
1211 return sd_r1;
1212
1213 default:
1214 break;
1215 }
1216 break;
1217
1218 case 27: /* CMD27: PROGRAM_CSD */
775616c3
PB		 1219 if (sd->spi)
1220 goto unimplemented_cmd;
a1bb27b1
PB		 1221 switch (sd->state) {
1222 case sd_transfer_state:
1223 sd->state = sd_receivingdata_state;
1224 sd->data_start = 0;
1225 sd->data_offset = 0;
1226 return sd_r1;
1227
1228 default:
1229 break;
1230 }
1231 break;
1232
1233 /* Write protection (Class 6) */
1234 case 28: /* CMD28: SET_WRITE_PROT */
1235 switch (sd->state) {
1236 case sd_transfer_state:
2d7adea4 1237 if (addr >= sd->size) {
e30d5938 1238 sd->card_status |= ADDRESS_ERROR;
a1bb27b1
PB		 1239 return sd_r1b;
1240 }
1241
1242 sd->state = sd_programming_state;
b7202b88 1243 set_bit(sd_addr_to_wpnum(addr), sd->wp_groups);
a1bb27b1
PB		 1244 /* Bzzzzzzztt .... Operation complete. */
1245 sd->state = sd_transfer_state;
1246 return sd_r1b;
1247
1248 default:
1249 break;
1250 }
1251 break;
1252
1253 case 29: /* CMD29: CLR_WRITE_PROT */
1254 switch (sd->state) {
1255 case sd_transfer_state:
2d7adea4 1256 if (addr >= sd->size) {
e30d5938 1257 sd->card_status |= ADDRESS_ERROR;
a1bb27b1
PB		 1258 return sd_r1b;
1259 }
1260
1261 sd->state = sd_programming_state;
b7202b88 1262 clear_bit(sd_addr_to_wpnum(addr), sd->wp_groups);
a1bb27b1
PB		 1263 /* Bzzzzzzztt .... Operation complete. */
1264 sd->state = sd_transfer_state;
1265 return sd_r1b;
1266
1267 default:
1268 break;
1269 }
1270 break;
1271
1272 case 30: /* CMD30: SEND_WRITE_PROT */
1273 switch (sd->state) {
1274 case sd_transfer_state:
1275 sd->state = sd_sendingdata_state;
1276 *(uint32_t *) sd->data = sd_wpbits(sd, req.arg);
2d7adea4 1277 sd->data_start = addr;
a1bb27b1
PB		 1278 sd->data_offset = 0;
1279 return sd_r1b;
1280
1281 default:
1282 break;
1283 }
1284 break;
1285
1286 /* Erase commands (Class 5) */
1287 case 32: /* CMD32: ERASE_WR_BLK_START */
1288 switch (sd->state) {
1289 case sd_transfer_state:
1290 sd->erase_start = req.arg;
1291 return sd_r1;
1292
1293 default:
1294 break;
1295 }
1296 break;
1297
1298 case 33: /* CMD33: ERASE_WR_BLK_END */
1299 switch (sd->state) {
1300 case sd_transfer_state:
1301 sd->erase_end = req.arg;
1302 return sd_r1;
1303
1304 default:
1305 break;
1306 }
1307 break;
1308
1309 case 38: /* CMD38: ERASE */
1310 switch (sd->state) {
1311 case sd_transfer_state:
1312 if (sd->csd[14] & 0x30) {
1313 sd->card_status |= WP_VIOLATION;
1314 return sd_r1b;
1315 }
1316
1317 sd->state = sd_programming_state;
1318 sd_erase(sd);
1319 /* Bzzzzzzztt .... Operation complete. */
1320 sd->state = sd_transfer_state;
1321 return sd_r1b;
1322
1323 default:
1324 break;
1325 }
1326 break;
1327
1328 /* Lock card commands (Class 7) */
1329 case 42: /* CMD42: LOCK_UNLOCK */
775616c3
PB		 1330 if (sd->spi)
1331 goto unimplemented_cmd;
a1bb27b1
PB		 1332 switch (sd->state) {
1333 case sd_transfer_state:
1334 sd->state = sd_receivingdata_state;
1335 sd->data_start = 0;
1336 sd->data_offset = 0;
1337 return sd_r1;
1338
1339 default:
1340 break;
1341 }
1342 break;
1343
39e594db
PM		 1344 case 52:
1345 case 53:
1346 /* CMD52, CMD53: reserved for SDIO cards
1347 * (see the SDIO Simplified Specification V2.0)
1348 * Handle as illegal command but do not complain
1349 * on stderr, as some OSes may use these in their
1350 * probing for presence of an SDIO card.
1351 */
53bb8cc4 1352 return sd_illegal;
39e594db 1353
a1bb27b1
PB		 1354 /* Application specific commands (Class 8) */
1355 case 55: /* CMD55: APP_CMD */
1356 if (sd->rca != rca)
1357 return sd_r0;
1358
bebd1271 1359 sd->expecting_acmd = true;
a1bb27b1
PB		 1360 sd->card_status |= APP_CMD;
1361 return sd_r1;
1362
1363 case 56: /* CMD56: GEN_CMD */
a1bb27b1
PB		 1364 switch (sd->state) {
1365 case sd_transfer_state:
1366 sd->data_offset = 0;
1367 if (req.arg & 1)
1368 sd->state = sd_sendingdata_state;
1369 else
1370 sd->state = sd_receivingdata_state;
1371 return sd_r1;
1372
1373 default:
1374 break;
1375 }
1376 break;
1377
1378 default:
775616c3 1379 bad_cmd:
9800ad88 1380 qemu_log_mask(LOG_GUEST_ERROR, "SD: Unknown CMD%i\n", req.cmd);
53bb8cc4 1381 return sd_illegal;
775616c3
PB		 1382
1383 unimplemented_cmd:
1384 /* Commands that are recognised but not yet implemented in SPI mode. */
9800ad88
AB		 1385 qemu_log_mask(LOG_UNIMP, "SD: CMD%i not implemented in SPI mode\n",
1386 req.cmd);
53bb8cc4 1387 return sd_illegal;
a1bb27b1
PB		 1388 }
1389
9800ad88 1390 qemu_log_mask(LOG_GUEST_ERROR, "SD: CMD%i in a wrong state\n", req.cmd);
53bb8cc4 1391 return sd_illegal;
a1bb27b1
PB		 1392}
1393
c227f099 1394static sd_rsp_type_t sd_app_command(SDState *sd,
22ed1d34
BS		 1395 SDRequest req)
1396{
1b640aa9 1397 trace_sdcard_app_command(req.cmd, req.arg);
1d06cb7a 1398 sd->card_status |= APP_CMD;
a1bb27b1
PB		 1399 switch (req.cmd) {
1400 case 6: /* ACMD6: SET_BUS_WIDTH */
1401 switch (sd->state) {
1402 case sd_transfer_state:
1403 sd->sd_status[0] &= 0x3f;
1404 sd->sd_status[0] |= (req.arg & 0x03) << 6;
1405 return sd_r1;
1406
1407 default:
1408 break;
1409 }
1410 break;
1411
1412 case 13: /* ACMD13: SD_STATUS */
1413 switch (sd->state) {
1414 case sd_transfer_state:
fb1ba03a 1415 sd->state = sd_sendingdata_state;
a1bb27b1
PB		 1416 sd->data_start = 0;
1417 sd->data_offset = 0;
1418 return sd_r1;
1419
1420 default:
1421 break;
1422 }
1423 break;
1424
1425 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
1426 switch (sd->state) {
1427 case sd_transfer_state:
1428 *(uint32_t *) sd->data = sd->blk_written;
1429
fb1ba03a 1430 sd->state = sd_sendingdata_state;
a1bb27b1
PB		 1431 sd->data_start = 0;
1432 sd->data_offset = 0;
1433 return sd_r1;
1434
1435 default:
1436 break;
1437 }
1438 break;
1439
1440 case 23: /* ACMD23: SET_WR_BLK_ERASE_COUNT */
1441 switch (sd->state) {
1442 case sd_transfer_state:
1443 return sd_r1;
1444
1445 default:
1446 break;
1447 }
1448 break;
1449
1450 case 41: /* ACMD41: SD_APP_OP_COND */
775616c3
PB		 1451 if (sd->spi) {
1452 /* SEND_OP_CMD */
1453 sd->state = sd_transfer_state;
1454 return sd_r1;
1455 }
a1bb27b1
PB		 1456 switch (sd->state) {
1457 case sd_idle_state:
dd26eb43
AB		 1458 /* If it's the first ACMD41 since reset, we need to decide
1459 * whether to power up. If this is not an enquiry ACMD41,
1460 * we immediately report power on and proceed below to the
1461 * ready state, but if it is, we set a timer to model a
1462 * delay for power up. This works around a bug in EDK2
1463 * UEFI, which sends an initial enquiry ACMD41, but
1464 * assumes that the card is in ready state as soon as it
1465 * sees the power up bit set. */
1466 if (!(sd->ocr & OCR_POWER_UP)) {
1467 if ((req.arg & ACMD41_ENQUIRY_MASK) != 0) {
1468 timer_del(sd->ocr_power_timer);
1469 sd_ocr_powerup(sd);
814b2adc
PMD		 1470 } else {
1471 trace_sdcard_inquiry_cmd41();
1472 if (!timer_pending(sd->ocr_power_timer)) {
1473 timer_mod_ns(sd->ocr_power_timer,
1474 (qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL)
1475 + OCR_POWER_DELAY_NS));
1476 }
dd26eb43
AB		 1477 }
1478 }
1479
37ab4a56
PC		 1480 /* We accept any voltage. 10000 V is nothing.
1481 *
dd26eb43 1482 * Once we're powered up, we advance straight to ready state
37ab4a56
PC		 1483 * unless it's an enquiry ACMD41 (bits 23:0 == 0).
1484 */
1485 if (req.arg & ACMD41_ENQUIRY_MASK) {
a1bb27b1 1486 sd->state = sd_ready_state;
37ab4a56 1487 }
a1bb27b1
PB		 1488
1489 return sd_r3;
1490
1491 default:
1492 break;
1493 }
1494 break;
1495
1496 case 42: /* ACMD42: SET_CLR_CARD_DETECT */
1497 switch (sd->state) {
1498 case sd_transfer_state:
1499 /* Bringing in the 50KOhm pull-up resistor... Done. */
1500 return sd_r1;
1501
1502 default:
1503 break;
1504 }
1505 break;
1506
1507 case 51: /* ACMD51: SEND_SCR */
1508 switch (sd->state) {
1509 case sd_transfer_state:
1510 sd->state = sd_sendingdata_state;
1511 sd->data_start = 0;
1512 sd->data_offset = 0;
1513 return sd_r1;
1514
1515 default:
1516 break;
1517 }
1518 break;
1519
1520 default:
1521 /* Fall back to standard commands. */
a1bb27b1
PB		 1522 return sd_normal_command(sd, req);
1523 }
1524
9800ad88 1525 qemu_log_mask(LOG_GUEST_ERROR, "SD: ACMD%i in a wrong state\n", req.cmd);
5b08bfe2 1526 return sd_illegal;
a1bb27b1
PB		 1527}
1528
25881d33
PM		 1529static int cmd_valid_while_locked(SDState *sd, SDRequest *req)
1530{
1531 /* Valid commands in locked state:
1532 * basic class (0)
1533 * lock card class (7)
1534 * CMD16
1535 * implicitly, the ACMD prefix CMD55
1536 * ACMD41 and ACMD42
1537 * Anything else provokes an "illegal command" response.
1538 */
1d06cb7a 1539 if (sd->expecting_acmd) {
25881d33
PM		 1540 return req->cmd == 41 || req->cmd == 42;
1541 }
1542 if (req->cmd == 16 || req->cmd == 55) {
1543 return 1;
1544 }
97f4ed3b
PP		 1545 return sd_cmd_class[req->cmd & 0x3F] == 0
1546 || sd_cmd_class[req->cmd & 0x3F] == 7;
25881d33
PM		 1547}
1548
bc24a225 1549int sd_do_command(SDState *sd, SDRequest *req,
a1bb27b1 1550 uint8_t *response) {
10a412da 1551 int last_state;
c227f099 1552 sd_rsp_type_t rtype;
a1bb27b1
PB		 1553 int rsplen;
1554
4be74634 1555 if (!sd->blk || !blk_is_inserted(sd->blk) || !sd->enable) {
a1bb27b1
PB		 1556 return 0;
1557 }
1558
1559 if (sd_req_crc_validate(req)) {
abda1f37 1560 sd->card_status |= COM_CRC_ERROR;
b1f517ed
PM		 1561 rtype = sd_illegal;
1562 goto send_response;
a1bb27b1
PB		 1563 }
1564
10a412da 1565 if (sd->card_status & CARD_IS_LOCKED) {
25881d33 1566 if (!cmd_valid_while_locked(sd, req)) {
a1bb27b1 1567 sd->card_status |= ILLEGAL_COMMAND;
bebd1271 1568 sd->expecting_acmd = false;
9800ad88 1569 qemu_log_mask(LOG_GUEST_ERROR, "SD: Card is locked\n");
b1f517ed
PM		 1570 rtype = sd_illegal;
1571 goto send_response;
a1bb27b1 1572 }
25881d33 1573 }
a1bb27b1 1574
10a412da
PM		 1575 last_state = sd->state;
1576 sd_set_mode(sd);
1577
1d06cb7a 1578 if (sd->expecting_acmd) {
bebd1271 1579 sd->expecting_acmd = false;
a1bb27b1 1580 rtype = sd_app_command(sd, *req);
1d06cb7a 1581 } else {
a1bb27b1 1582 rtype = sd_normal_command(sd, *req);
1d06cb7a 1583 }
a1bb27b1 1584
53bb8cc4
PM		 1585 if (rtype == sd_illegal) {
1586 sd->card_status |= ILLEGAL_COMMAND;
10a412da
PM		 1587 } else {
1588 /* Valid command, we can update the 'state before command' bits.
1589 * (Do this now so they appear in r1 responses.)
1590 */
1591 sd->current_cmd = req->cmd;
1592 sd->card_status &= ~CURRENT_STATE;
1593 sd->card_status |= (last_state << 9);
53bb8cc4
PM		 1594 }
1595
b1f517ed 1596send_response:
a1bb27b1
PB		 1597 switch (rtype) {
1598 case sd_r1:
1599 case sd_r1b:
10a412da 1600 sd_response_r1_make(sd, response);
a1bb27b1
PB		 1601 rsplen = 4;
1602 break;
1603
1604 case sd_r2_i:
1605 memcpy(response, sd->cid, sizeof(sd->cid));
a1bb27b1
PB		 1606 rsplen = 16;
1607 break;
1608
1609 case sd_r2_s:
1610 memcpy(response, sd->csd, sizeof(sd->csd));
a1bb27b1
PB		 1611 rsplen = 16;
1612 break;
1613
1614 case sd_r3:
1615 sd_response_r3_make(sd, response);
1616 rsplen = 4;
1617 break;
1618
1619 case sd_r6:
1620 sd_response_r6_make(sd, response);
1621 rsplen = 4;
1622 break;
1623
1b088995
AZ		 1624 case sd_r7:
1625 sd_response_r7_make(sd, response);
1626 rsplen = 4;
1627 break;
1628
a1bb27b1 1629 case sd_r0:
53bb8cc4 1630 case sd_illegal:
a1bb27b1
PB		 1631 rsplen = 0;
1632 break;
55921932
PMD		 1633 default:
1634 g_assert_not_reached();
a1bb27b1 1635 }
55921932 1636 trace_sdcard_response(sd_response_name(rtype), rsplen);
a1bb27b1 1637
10a412da
PM		 1638 if (rtype != sd_illegal) {
1639 /* Clear the "clear on valid command" status bits now we've
1640 * sent any response
1641 */
1642 sd->card_status &= ~CARD_STATUS_B;
1643 }
1644
a1bb27b1 1645#ifdef DEBUG_SD
5cd5e2e7 1646 qemu_hexdump((const char *)response, stderr, "Response", rsplen);
a1bb27b1
PB		 1647#endif
1648
1649 return rsplen;
1650}
1651
2d7adea4 1652static void sd_blk_read(SDState *sd, uint64_t addr, uint32_t len)
a1bb27b1 1653{
1b640aa9 1654 trace_sdcard_read_block(addr, len);
12c125cb 1655 if (!sd->blk || blk_pread(sd->blk, addr, sd->data, len) < 0) {
827df9f3 1656 fprintf(stderr, "sd_blk_read: read error on host side\n");
a1bb27b1 1657 }
a1bb27b1
PB		 1658}
1659
2d7adea4 1660static void sd_blk_write(SDState *sd, uint64_t addr, uint32_t len)
a1bb27b1 1661{
1b640aa9 1662 trace_sdcard_write_block(addr, len);
12c125cb
EB		 1663 if (!sd->blk || blk_pwrite(sd->blk, addr, sd->data, len, 0) < 0) {
1664 fprintf(stderr, "sd_blk_write: write error on host side\n");
a1bb27b1
PB		 1665 }
1666}
1667
33f00271
AZ		 1668#define BLK_READ_BLOCK(a, len) sd_blk_read(sd, a, len)
1669#define BLK_WRITE_BLOCK(a, len) sd_blk_write(sd, a, len)
a1bb27b1
PB		 1670#define APP_READ_BLOCK(a, len) memset(sd->data, 0xec, len)
1671#define APP_WRITE_BLOCK(a, len)
1672
1673void sd_write_data(SDState *sd, uint8_t value)
1674{
1675 int i;
1676
4be74634 1677 if (!sd->blk || !blk_is_inserted(sd->blk) || !sd->enable)
a1bb27b1
PB		 1678 return;
1679
1680 if (sd->state != sd_receivingdata_state) {
9800ad88
AB		 1681 qemu_log_mask(LOG_GUEST_ERROR,
1682 "sd_write_data: not in Receiving-Data state\n");
a1bb27b1
PB		 1683 return;
1684 }
1685
1686 if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION))
1687 return;
1688
814b2adc 1689 trace_sdcard_write_data(sd->current_cmd, value);
a1bb27b1
PB		 1690 switch (sd->current_cmd) {
1691 case 24: /* CMD24: WRITE_SINGLE_BLOCK */
1692 sd->data[sd->data_offset ++] = value;
1693 if (sd->data_offset >= sd->blk_len) {
1694 /* TODO: Check CRC before committing */
1695 sd->state = sd_programming_state;
1696 BLK_WRITE_BLOCK(sd->data_start, sd->data_offset);
1697 sd->blk_written ++;
1698 sd->csd[14] |= 0x40;
1699 /* Bzzzzzzztt .... Operation complete. */
1700 sd->state = sd_transfer_state;
1701 }
1702 break;
1703
1704 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
33fa8234 1705 if (sd->data_offset == 0) {
e03ba136 1706 /* Start of the block - let's check the address is valid */
a1bb27b1
PB		 1707 if (sd->data_start + sd->blk_len > sd->size) {
1708 sd->card_status |= ADDRESS_ERROR;
1709 break;
1710 }
1711 if (sd_wp_addr(sd, sd->data_start)) {
1712 sd->card_status |= WP_VIOLATION;
1713 break;
1714 }
33fa8234
DDAG		 1715 }
1716 sd->data[sd->data_offset++] = value;
1717 if (sd->data_offset >= sd->blk_len) {
1718 /* TODO: Check CRC before committing */
1719 sd->state = sd_programming_state;
1720 BLK_WRITE_BLOCK(sd->data_start, sd->data_offset);
1721 sd->blk_written++;
1722 sd->data_start += sd->blk_len;
1723 sd->data_offset = 0;
a1bb27b1
PB		 1724 sd->csd[14] |= 0x40;
1725
1726 /* Bzzzzzzztt .... Operation complete. */
4481bbc7
AB		 1727 if (sd->multi_blk_cnt != 0) {
1728 if (--sd->multi_blk_cnt == 0) {
1729 /* Stop! */
1730 sd->state = sd_transfer_state;
1731 break;
1732 }
1733 }
1734
a1bb27b1
PB		 1735 sd->state = sd_receivingdata_state;
1736 }
1737 break;
1738
1739 case 26: /* CMD26: PROGRAM_CID */
1740 sd->data[sd->data_offset ++] = value;
1741 if (sd->data_offset >= sizeof(sd->cid)) {
1742 /* TODO: Check CRC before committing */
1743 sd->state = sd_programming_state;
1744 for (i = 0; i < sizeof(sd->cid); i ++)
1745 if ((sd->cid[i] | 0x00) != sd->data[i])
1746 sd->card_status |= CID_CSD_OVERWRITE;
1747
1748 if (!(sd->card_status & CID_CSD_OVERWRITE))
1749 for (i = 0; i < sizeof(sd->cid); i ++) {
1750 sd->cid[i] |= 0x00;
1751 sd->cid[i] &= sd->data[i];
1752 }
1753 /* Bzzzzzzztt .... Operation complete. */
1754 sd->state = sd_transfer_state;
1755 }
1756 break;
1757
1758 case 27: /* CMD27: PROGRAM_CSD */
1759 sd->data[sd->data_offset ++] = value;
1760 if (sd->data_offset >= sizeof(sd->csd)) {
1761 /* TODO: Check CRC before committing */
1762 sd->state = sd_programming_state;
1763 for (i = 0; i < sizeof(sd->csd); i ++)
1764 if ((sd->csd[i] | sd_csd_rw_mask[i]) !=
1765 (sd->data[i] | sd_csd_rw_mask[i]))
1766 sd->card_status |= CID_CSD_OVERWRITE;
1767
1768 /* Copy flag (OTP) & Permanent write protect */
1769 if (sd->csd[14] & ~sd->data[14] & 0x60)
1770 sd->card_status |= CID_CSD_OVERWRITE;
1771
1772 if (!(sd->card_status & CID_CSD_OVERWRITE))
1773 for (i = 0; i < sizeof(sd->csd); i ++) {
1774 sd->csd[i] |= sd_csd_rw_mask[i];
1775 sd->csd[i] &= sd->data[i];
1776 }
1777 /* Bzzzzzzztt .... Operation complete. */
1778 sd->state = sd_transfer_state;
1779 }
1780 break;
1781
1782 case 42: /* CMD42: LOCK_UNLOCK */
1783 sd->data[sd->data_offset ++] = value;
1784 if (sd->data_offset >= sd->blk_len) {
1785 /* TODO: Check CRC before committing */
1786 sd->state = sd_programming_state;
1787 sd_lock_command(sd);
1788 /* Bzzzzzzztt .... Operation complete. */
1789 sd->state = sd_transfer_state;
1790 }
1791 break;
1792
1793 case 56: /* CMD56: GEN_CMD */
1794 sd->data[sd->data_offset ++] = value;
1795 if (sd->data_offset >= sd->blk_len) {
1796 APP_WRITE_BLOCK(sd->data_start, sd->data_offset);
1797 sd->state = sd_transfer_state;
1798 }
1799 break;
1800
1801 default:
9800ad88 1802 qemu_log_mask(LOG_GUEST_ERROR, "sd_write_data: unknown command\n");
a1bb27b1
PB		 1803 break;
1804 }
1805}
1806
1807uint8_t sd_read_data(SDState *sd)
1808{
1809 /* TODO: Append CRCs */
1810 uint8_t ret;
2d7adea4 1811 int io_len;
a1bb27b1 1812
4be74634 1813 if (!sd->blk || !blk_is_inserted(sd->blk) || !sd->enable)
a1bb27b1
PB		 1814 return 0x00;
1815
1816 if (sd->state != sd_sendingdata_state) {
9800ad88
AB		 1817 qemu_log_mask(LOG_GUEST_ERROR,
1818 "sd_read_data: not in Sending-Data state\n");
a1bb27b1
PB		 1819 return 0x00;
1820 }
1821
1822 if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION))
1823 return 0x00;
1824
2d7adea4
AZ		 1825 io_len = (sd->ocr & (1 << 30)) ? 512 : sd->blk_len;
1826
814b2adc 1827 trace_sdcard_read_data(sd->current_cmd, io_len);
a1bb27b1
PB		 1828 switch (sd->current_cmd) {
1829 case 6: /* CMD6: SWITCH_FUNCTION */
1830 ret = sd->data[sd->data_offset ++];
1831
1832 if (sd->data_offset >= 64)
1833 sd->state = sd_transfer_state;
1834 break;
1835
775616c3
PB		 1836 case 9: /* CMD9: SEND_CSD */
1837 case 10: /* CMD10: SEND_CID */
1838 ret = sd->data[sd->data_offset ++];
1839
1840 if (sd->data_offset >= 16)
1841 sd->state = sd_transfer_state;
1842 break;
1843
a1bb27b1
PB		 1844 case 11: /* CMD11: READ_DAT_UNTIL_STOP */
1845 if (sd->data_offset == 0)
2d7adea4 1846 BLK_READ_BLOCK(sd->data_start, io_len);
a1bb27b1
PB		 1847 ret = sd->data[sd->data_offset ++];
1848
2d7adea4
AZ		 1849 if (sd->data_offset >= io_len) {
1850 sd->data_start += io_len;
a1bb27b1 1851 sd->data_offset = 0;
2d7adea4 1852 if (sd->data_start + io_len > sd->size) {
a1bb27b1
PB		 1853 sd->card_status |= ADDRESS_ERROR;
1854 break;
1855 }
1856 }
1857 break;
1858
1859 case 13: /* ACMD13: SD_STATUS */
1860 ret = sd->sd_status[sd->data_offset ++];
1861
1862 if (sd->data_offset >= sizeof(sd->sd_status))
1863 sd->state = sd_transfer_state;
1864 break;
1865
1866 case 17: /* CMD17: READ_SINGLE_BLOCK */
1867 if (sd->data_offset == 0)
2d7adea4 1868 BLK_READ_BLOCK(sd->data_start, io_len);
a1bb27b1
PB		 1869 ret = sd->data[sd->data_offset ++];
1870
2d7adea4 1871 if (sd->data_offset >= io_len)
a1bb27b1
PB		 1872 sd->state = sd_transfer_state;
1873 break;
1874
1875 case 18: /* CMD18: READ_MULTIPLE_BLOCK */
8573378e
MO		 1876 if (sd->data_offset == 0) {
1877 if (sd->data_start + io_len > sd->size) {
1878 sd->card_status |= ADDRESS_ERROR;
1879 return 0x00;
1880 }
2d7adea4 1881 BLK_READ_BLOCK(sd->data_start, io_len);
8573378e 1882 }
a1bb27b1
PB		 1883 ret = sd->data[sd->data_offset ++];
1884
2d7adea4
AZ		 1885 if (sd->data_offset >= io_len) {
1886 sd->data_start += io_len;
a1bb27b1 1887 sd->data_offset = 0;
4481bbc7
AB		 1888
1889 if (sd->multi_blk_cnt != 0) {
1890 if (--sd->multi_blk_cnt == 0) {
1891 /* Stop! */
1892 sd->state = sd_transfer_state;
1893 break;
1894 }
1895 }
a1bb27b1
PB		 1896 }
1897 break;
1898
1899 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
1900 ret = sd->data[sd->data_offset ++];
1901
1902 if (sd->data_offset >= 4)
1903 sd->state = sd_transfer_state;
1904 break;
1905
1906 case 30: /* CMD30: SEND_WRITE_PROT */
1907 ret = sd->data[sd->data_offset ++];
1908
1909 if (sd->data_offset >= 4)
1910 sd->state = sd_transfer_state;
1911 break;
1912
1913 case 51: /* ACMD51: SEND_SCR */
1914 ret = sd->scr[sd->data_offset ++];
1915
1916 if (sd->data_offset >= sizeof(sd->scr))
1917 sd->state = sd_transfer_state;
1918 break;
1919
1920 case 56: /* CMD56: GEN_CMD */
1921 if (sd->data_offset == 0)
1922 APP_READ_BLOCK(sd->data_start, sd->blk_len);
1923 ret = sd->data[sd->data_offset ++];
1924
1925 if (sd->data_offset >= sd->blk_len)
1926 sd->state = sd_transfer_state;
1927 break;
1928
1929 default:
9800ad88 1930 qemu_log_mask(LOG_GUEST_ERROR, "sd_read_data: unknown command\n");
a1bb27b1
PB		 1931 return 0x00;
1932 }
1933
1934 return ret;
1935}
1936
879bf4a7 1937bool sd_data_ready(SDState *sd)
a1bb27b1
PB		 1938{
1939 return sd->state == sd_sendingdata_state;
1940}
827df9f3 1941
bebd1271 1942void sd_enable(SDState *sd, bool enable)
827df9f3
AZ		 1943{
1944 sd->enable = enable;
1945}
260bc9d8
PM		 1946
1947static void sd_instance_init(Object *obj)
1948{
1949 SDState *sd = SD_CARD(obj);
1950
1951 sd->enable = true;
dd26eb43 1952 sd->ocr_power_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, sd_ocr_powerup, sd);
260bc9d8
PM		 1953}
1954
5ba34401
MAL		 1955static void sd_instance_finalize(Object *obj)
1956{
1957 SDState *sd = SD_CARD(obj);
1958
1959 timer_del(sd->ocr_power_timer);
1960 timer_free(sd->ocr_power_timer);
1961}
1962
260bc9d8
PM		 1963static void sd_realize(DeviceState *dev, Error **errp)
1964{
1965 SDState *sd = SD_CARD(dev);
a17c17a2 1966 int ret;
260bc9d8
PM		 1967
1968 if (sd->blk && blk_is_read_only(sd->blk)) {
1969 error_setg(errp, "Cannot use read-only drive as SD card");
1970 return;
1971 }
1972
260bc9d8 1973 if (sd->blk) {
a17c17a2
KW		 1974 ret = blk_set_perm(sd->blk, BLK_PERM_CONSISTENT_READ | BLK_PERM_WRITE,
1975 BLK_PERM_ALL, errp);
1976 if (ret < 0) {
1977 return;
1978 }
260bc9d8
PM		 1979 blk_set_dev_ops(sd->blk, &sd_block_ops, sd);
1980 }
260bc9d8
PM		 1981}
1982
1983static Property sd_properties[] = {
1984 DEFINE_PROP_DRIVE("drive", SDState, blk),
1985 /* We do not model the chip select pin, so allow the board to select
1986 * whether card should be in SSI or MMC/SD mode. It is also up to the
1987 * board to ensure that ssi transfers only occur when the chip select
1988 * is asserted. */
1989 DEFINE_PROP_BOOL("spi", SDState, spi, false),
1990 DEFINE_PROP_END_OF_LIST()
1991};
1992
1993static void sd_class_init(ObjectClass *klass, void *data)
1994{
1995 DeviceClass *dc = DEVICE_CLASS(klass);
c759a790 1996 SDCardClass *sc = SD_CARD_CLASS(klass);
260bc9d8
PM		 1997
1998 dc->realize = sd_realize;
1999 dc->props = sd_properties;
2000 dc->vmsd = &sd_vmstate;
ba3ed0fa 2001 dc->reset = sd_reset;
c759a790
PM		 2002 dc->bus_type = TYPE_SD_BUS;
2003
0034ebe6 2004 sc->set_voltage = sd_set_voltage;
da346922
PMD		 2005 sc->get_dat_lines = sd_get_dat_lines;
2006 sc->get_cmd_line = sd_get_cmd_line;
c759a790
PM		 2007 sc->do_command = sd_do_command;
2008 sc->write_data = sd_write_data;
2009 sc->read_data = sd_read_data;
2010 sc->data_ready = sd_data_ready;
2011 sc->enable = sd_enable;
2012 sc->get_inserted = sd_get_inserted;
2013 sc->get_readonly = sd_get_readonly;
260bc9d8
PM		 2014}
2015
2016static const TypeInfo sd_info = {
2017 .name = TYPE_SD_CARD,
2018 .parent = TYPE_DEVICE,
2019 .instance_size = sizeof(SDState),
c759a790 2020 .class_size = sizeof(SDCardClass),
260bc9d8
PM		 2021 .class_init = sd_class_init,
2022 .instance_init = sd_instance_init,
5ba34401 2023 .instance_finalize = sd_instance_finalize,
260bc9d8
PM		 2024};
2025
2026static void sd_register_types(void)
2027{
2028 type_register_static(&sd_info);
2029}
2030
2031type_init(sd_register_types)
Empty description
This page took 1.193905 seconds and 4 git commands to generate.