]> Git Repo - qemu.git/blame - hw/sd/sd.c
projects / qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
sdcard: Don't always set the high capacity bit
[qemu.git] / hw / sd / sd.c
CommitLineData
5fafdf24 1/*
a1bb27b1
PB		 2 * SD Memory Card emulation as defined in the "SD Memory Card Physical
3 * layer specification, Version 1.10."
4 *
5 * Copyright (c) 2006 Andrzej Zaborowski <[email protected]>
6 * Copyright (c) 2007 CodeSourcery
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in
16 * the documentation and/or other materials provided with the
17 * distribution.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS''
20 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
21 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
22 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR
23 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
24 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
25 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
26 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
27 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
28 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
29 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
30 */
31
0430891c 32#include "qemu/osdep.h"
c759a790 33#include "hw/qdev.h"
83c9f4ca 34#include "hw/hw.h"
6f296421 35#include "hw/registerfields.h"
4be74634 36#include "sysemu/block-backend.h"
e3382ef0 37#include "hw/sd/sd.h"
da34e65c 38#include "qapi/error.h"
1de7afc9 39#include "qemu/bitmap.h"
7af83490 40#include "qemu/cutils.h"
260bc9d8
PM		 41#include "hw/qdev-properties.h"
42#include "qemu/error-report.h"
dd26eb43 43#include "qemu/timer.h"
03dd024f 44#include "qemu/log.h"
f250015b 45#include "sdmmc-internal.h"
1b640aa9 46#include "trace.h"
a1bb27b1
PB		 47
48//#define DEBUG_SD 1
49
dd26eb43 50#define ACMD41_ENQUIRY_MASK 0x00ffffff
37ab4a56 51
a1bb27b1
PB		 52typedef enum {
53 sd_r0 = 0, /* no response */
54 sd_r1, /* normal response command */
55 sd_r2_i, /* CID register */
56 sd_r2_s, /* CSD register */
57 sd_r3, /* OCR register */
58 sd_r6 = 6, /* Published RCA response */
1b088995 59 sd_r7, /* Operating voltage */
a1bb27b1 60 sd_r1b = -1,
53bb8cc4 61 sd_illegal = -2,
c227f099 62} sd_rsp_type_t;
a1bb27b1 63
50a5be6c
IM		 64enum SDCardModes {
65 sd_inactive,
66 sd_card_identification_mode,
67 sd_data_transfer_mode,
68};
69
70enum SDCardStates {
71 sd_inactive_state = -1,
72 sd_idle_state = 0,
73 sd_ready_state,
74 sd_identification_state,
75 sd_standby_state,
76 sd_transfer_state,
77 sd_sendingdata_state,
78 sd_receivingdata_state,
79 sd_programming_state,
80 sd_disconnect_state,
81};
82
a1bb27b1 83struct SDState {
260bc9d8
PM		 84 DeviceState parent_obj;
85
d49b1ce0 86 /* SD Memory Card Registers */
a1bb27b1
PB		 87 uint32_t ocr;
88 uint8_t scr[8];
89 uint8_t cid[16];
90 uint8_t csd[16];
91 uint16_t rca;
92 uint32_t card_status;
93 uint8_t sd_status[64];
d49b1ce0
PMD		 94
95 /* Configurable properties */
96 BlockBackend *blk;
97 bool spi;
98
99 uint32_t mode; /* current card mode, one of SDCardModes */
100 int32_t state; /* current card state, one of SDCardStates */
1b088995 101 uint32_t vhs;
bebd1271 102 bool wp_switch;
a9c01830 103 unsigned long *wp_groups;
50a5be6c 104 int32_t wpgrps_size;
2d7adea4 105 uint64_t size;
50a5be6c 106 uint32_t blk_len;
4481bbc7 107 uint32_t multi_blk_cnt;
a1bb27b1
PB		 108 uint32_t erase_start;
109 uint32_t erase_end;
110 uint8_t pwd[16];
50a5be6c
IM		 111 uint32_t pwd_len;
112 uint8_t function_group[6];
50a5be6c 113 uint8_t current_cmd;
1d06cb7a
PM		 114 /* True if we will handle the next command as an ACMD. Note that this does
115 * *not* track the APP_CMD status bit!
116 */
bebd1271 117 bool expecting_acmd;
50a5be6c 118 uint32_t blk_written;
2d7adea4 119 uint64_t data_start;
a1bb27b1
PB		 120 uint32_t data_offset;
121 uint8_t data[512];
02ce600c
AZ		 122 qemu_irq readonly_cb;
123 qemu_irq inserted_cb;
d49b1ce0 124 QEMUTimer *ocr_power_timer;
bebd1271 125 bool enable;
da346922
PMD		 126 uint8_t dat_lines;
127 bool cmd_line;
a1bb27b1
PB		 128};
129
1b640aa9
PMD		 130static const char *sd_state_name(enum SDCardStates state)
131{
132 static const char *state_name[] = {
133 [sd_idle_state] = "idle",
134 [sd_ready_state] = "ready",
135 [sd_identification_state] = "identification",
136 [sd_standby_state] = "standby",
137 [sd_transfer_state] = "transfer",
138 [sd_sendingdata_state] = "sendingdata",
139 [sd_receivingdata_state] = "receivingdata",
140 [sd_programming_state] = "programming",
141 [sd_disconnect_state] = "disconnect",
142 };
143 if (state == sd_inactive_state) {
144 return "inactive";
145 }
146 assert(state <= ARRAY_SIZE(state_name));
147 return state_name[state];
148}
149
55921932
PMD		 150static const char *sd_response_name(sd_rsp_type_t rsp)
151{
152 static const char *response_name[] = {
153 [sd_r0] = "RESP#0 (no response)",
154 [sd_r1] = "RESP#1 (normal cmd)",
155 [sd_r2_i] = "RESP#2 (CID reg)",
156 [sd_r2_s] = "RESP#2 (CSD reg)",
157 [sd_r3] = "RESP#3 (OCR reg)",
158 [sd_r6] = "RESP#6 (RCA)",
159 [sd_r7] = "RESP#7 (operating voltage)",
160 };
161 if (rsp == sd_illegal) {
162 return "ILLEGAL RESP";
163 }
164 if (rsp == sd_r1b) {
165 rsp = sd_r1;
166 }
167 assert(rsp <= ARRAY_SIZE(response_name));
168 return response_name[rsp];
169}
170
da346922
PMD		 171static uint8_t sd_get_dat_lines(SDState *sd)
172{
173 return sd->enable ? sd->dat_lines : 0;
174}
175
176static bool sd_get_cmd_line(SDState *sd)
177{
178 return sd->enable ? sd->cmd_line : false;
179}
180
0034ebe6
PMD		 181static void sd_set_voltage(SDState *sd, uint16_t millivolts)
182{
814b2adc
PMD		 183 trace_sdcard_set_voltage(millivolts);
184
0034ebe6
PMD		 185 switch (millivolts) {
186 case 3001 ... 3600: /* SD_VOLTAGE_3_3V */
187 case 2001 ... 3000: /* SD_VOLTAGE_3_0V */
188 break;
189 default:
190 qemu_log_mask(LOG_GUEST_ERROR, "SD card voltage not supported: %.3fV",
191 millivolts / 1000.f);
192 }
193}
194
10a412da 195static void sd_set_mode(SDState *sd)
a1bb27b1
PB		 196{
197 switch (sd->state) {
198 case sd_inactive_state:
199 sd->mode = sd_inactive;
200 break;
201
202 case sd_idle_state:
203 case sd_ready_state:
204 case sd_identification_state:
205 sd->mode = sd_card_identification_mode;
206 break;
207
208 case sd_standby_state:
209 case sd_transfer_state:
210 case sd_sendingdata_state:
211 case sd_receivingdata_state:
212 case sd_programming_state:
213 case sd_disconnect_state:
214 sd->mode = sd_data_transfer_mode;
215 break;
216 }
a1bb27b1
PB		 217}
218
f250015b 219static const sd_cmd_type_t sd_cmd_type[SDMMC_CMD_MAX] = {
a1bb27b1 220 sd_bc, sd_none, sd_bcr, sd_bcr, sd_none, sd_none, sd_none, sd_ac,
1b088995 221 sd_bcr, sd_ac, sd_ac, sd_adtc, sd_ac, sd_ac, sd_none, sd_ac,
f250015b 222 /* 16 */
a1bb27b1
PB		 223 sd_ac, sd_adtc, sd_adtc, sd_none, sd_none, sd_none, sd_none, sd_none,
224 sd_adtc, sd_adtc, sd_adtc, sd_adtc, sd_ac, sd_ac, sd_adtc, sd_none,
f250015b 225 /* 32 */
a1bb27b1
PB		 226 sd_ac, sd_ac, sd_none, sd_none, sd_none, sd_none, sd_ac, sd_none,
227 sd_none, sd_none, sd_bc, sd_none, sd_none, sd_none, sd_none, sd_none,
f250015b 228 /* 48 */
a1bb27b1
PB		 229 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_ac,
230 sd_adtc, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
231};
232
f250015b 233static const int sd_cmd_class[SDMMC_CMD_MAX] = {
a1bb27b1
PB		 234 0, 0, 0, 0, 0, 9, 10, 0, 0, 0, 0, 1, 0, 0, 0, 0,
235 2, 2, 2, 2, 3, 3, 3, 3, 4, 4, 4, 4, 6, 6, 6, 6,
236 5, 5, 10, 10, 10, 10, 5, 9, 9, 9, 7, 7, 7, 7, 7, 7,
237 7, 7, 10, 7, 9, 9, 9, 8, 8, 10, 8, 8, 8, 8, 8, 8,
238};
239
240static uint8_t sd_crc7(void *message, size_t width)
241{
242 int i, bit;
243 uint8_t shift_reg = 0x00;
244 uint8_t *msg = (uint8_t *) message;
245
246 for (i = 0; i < width; i ++, msg ++)
247 for (bit = 7; bit >= 0; bit --) {
248 shift_reg <<= 1;
249 if ((shift_reg >> 7) ^ ((*msg >> bit) & 1))
250 shift_reg ^= 0x89;
251 }
252
253 return shift_reg;
254}
255
256static uint16_t sd_crc16(void *message, size_t width)
257{
258 int i, bit;
259 uint16_t shift_reg = 0x0000;
260 uint16_t *msg = (uint16_t *) message;
261 width <<= 1;
262
263 for (i = 0; i < width; i ++, msg ++)
264 for (bit = 15; bit >= 0; bit --) {
265 shift_reg <<= 1;
266 if ((shift_reg >> 15) ^ ((*msg >> bit) & 1))
267 shift_reg ^= 0x1011;
268 }
269
270 return shift_reg;
271}
272
6f296421
PMD		 273#define OCR_POWER_DELAY_NS 500000 /* 0.5ms */
274
275FIELD(OCR, CARD_CAPACITY, 30, 1) /* 0:SDSC, 1:SDHC/SDXC */
276FIELD(OCR, CARD_POWER_UP, 31, 1)
277
a1bb27b1
PB		 278static void sd_set_ocr(SDState *sd)
279{
dd26eb43
AB		 280 /* All voltages OK, Standard Capacity SD Memory Card, not yet powered up */
281 sd->ocr = 0x00ffff00;
282}
283
284static void sd_ocr_powerup(void *opaque)
285{
286 SDState *sd = opaque;
287
814b2adc 288 trace_sdcard_powerup();
6f296421
PMD		 289 assert(!FIELD_EX32(sd->ocr, OCR, CARD_POWER_UP));
290
291 /* card power-up OK */
292 sd->ocr = FIELD_DP32(sd->ocr, OCR, CARD_POWER_UP, 1);
9273ea61
PMD		 293
294 if (sd->size > 1 * G_BYTE) {
295 sd->ocr = FIELD_DP32(sd->ocr, OCR, CARD_CAPACITY, 1);
296 }
a1bb27b1
PB		 297}
298
299static void sd_set_scr(SDState *sd)
300{
301 sd->scr[0] = 0x00; /* SCR Structure */
302 sd->scr[1] = 0x2f; /* SD Security Support */
303 sd->scr[2] = 0x00;
304 sd->scr[3] = 0x00;
305 sd->scr[4] = 0x00;
306 sd->scr[5] = 0x00;
307 sd->scr[6] = 0x00;
308 sd->scr[7] = 0x00;
309}
310
311#define MID 0xaa
312#define OID "XY"
313#define PNM "QEMU!"
314#define PRV 0x01
315#define MDT_YR 2006
316#define MDT_MON 2
317
318static void sd_set_cid(SDState *sd)
319{
320 sd->cid[0] = MID; /* Fake card manufacturer ID (MID) */
321 sd->cid[1] = OID[0]; /* OEM/Application ID (OID) */
322 sd->cid[2] = OID[1];
323 sd->cid[3] = PNM[0]; /* Fake product name (PNM) */
324 sd->cid[4] = PNM[1];
325 sd->cid[5] = PNM[2];
326 sd->cid[6] = PNM[3];
327 sd->cid[7] = PNM[4];
328 sd->cid[8] = PRV; /* Fake product revision (PRV) */
329 sd->cid[9] = 0xde; /* Fake serial number (PSN) */
330 sd->cid[10] = 0xad;
331 sd->cid[11] = 0xbe;
332 sd->cid[12] = 0xef;
333 sd->cid[13] = 0x00 | /* Manufacture date (MDT) */
334 ((MDT_YR - 2000) / 10);
335 sd->cid[14] = ((MDT_YR % 10) << 4) | MDT_MON;
336 sd->cid[15] = (sd_crc7(sd->cid, 15) << 1) | 1;
337}
338
339#define HWBLOCK_SHIFT 9 /* 512 bytes */
340#define SECTOR_SHIFT 5 /* 16 kilobytes */
341#define WPGROUP_SHIFT 7 /* 2 megs */
342#define CMULT_SHIFT 9 /* 512 times HWBLOCK_SIZE */
a1bb27b1
PB		 343#define WPGROUP_SIZE (1 << (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT))
344
345static const uint8_t sd_csd_rw_mask[16] = {
346 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
347 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xfc, 0xfe,
348};
349
2d7adea4 350static void sd_set_csd(SDState *sd, uint64_t size)
a1bb27b1
PB		 351{
352 uint32_t csize = (size >> (CMULT_SHIFT + HWBLOCK_SHIFT)) - 1;
353 uint32_t sectsize = (1 << (SECTOR_SHIFT + 1)) - 1;
354 uint32_t wpsize = (1 << (WPGROUP_SHIFT + 1)) - 1;
355
7af83490 356 if (size <= 1 * G_BYTE) { /* Standard Capacity SD */
2d7adea4
AZ		 357 sd->csd[0] = 0x00; /* CSD structure */
358 sd->csd[1] = 0x26; /* Data read access-time-1 */
359 sd->csd[2] = 0x00; /* Data read access-time-2 */
360 sd->csd[3] = 0x5a; /* Max. data transfer rate */
361 sd->csd[4] = 0x5f; /* Card Command Classes */
362 sd->csd[5] = 0x50 | /* Max. read data block length */
363 HWBLOCK_SHIFT;
364 sd->csd[6] = 0xe0 | /* Partial block for read allowed */
365 ((csize >> 10) & 0x03);
366 sd->csd[7] = 0x00 | /* Device size */
367 ((csize >> 2) & 0xff);
368 sd->csd[8] = 0x3f | /* Max. read current */
369 ((csize << 6) & 0xc0);
370 sd->csd[9] = 0xfc | /* Max. write current */
371 ((CMULT_SHIFT - 2) >> 1);
372 sd->csd[10] = 0x40 | /* Erase sector size */
373 (((CMULT_SHIFT - 2) << 7) & 0x80) | (sectsize >> 1);
374 sd->csd[11] = 0x00 | /* Write protect group size */
375 ((sectsize << 7) & 0x80) | wpsize;
376 sd->csd[12] = 0x90 | /* Write speed factor */
377 (HWBLOCK_SHIFT >> 2);
378 sd->csd[13] = 0x20 | /* Max. write data block length */
379 ((HWBLOCK_SHIFT << 6) & 0xc0);
380 sd->csd[14] = 0x00; /* File format group */
381 sd->csd[15] = (sd_crc7(sd->csd, 15) << 1) | 1;
382 } else { /* SDHC */
383 size /= 512 * 1024;
384 size -= 1;
385 sd->csd[0] = 0x40;
386 sd->csd[1] = 0x0e;
387 sd->csd[2] = 0x00;
388 sd->csd[3] = 0x32;
389 sd->csd[4] = 0x5b;
390 sd->csd[5] = 0x59;
391 sd->csd[6] = 0x00;
392 sd->csd[7] = (size >> 16) & 0xff;
393 sd->csd[8] = (size >> 8) & 0xff;
394 sd->csd[9] = (size & 0xff);
395 sd->csd[10] = 0x7f;
396 sd->csd[11] = 0x80;
397 sd->csd[12] = 0x0a;
398 sd->csd[13] = 0x40;
399 sd->csd[14] = 0x00;
400 sd->csd[15] = 0x00;
2d7adea4 401 }
a1bb27b1
PB		 402}
403
404static void sd_set_rca(SDState *sd)
405{
406 sd->rca += 0x4567;
407}
408
b8d334c8
PM		 409/* Card status bits, split by clear condition:
410 * A : According to the card current state
411 * B : Always related to the previous command
412 * C : Cleared by read
413 */
a1bb27b1
PB		 414#define CARD_STATUS_A 0x02004100
415#define CARD_STATUS_B 0x00c01e00
416#define CARD_STATUS_C 0xfd39a028
417
418static void sd_set_cardstatus(SDState *sd)
419{
420 sd->card_status = 0x00000100;
421}
422
423static void sd_set_sdstatus(SDState *sd)
424{
425 memset(sd->sd_status, 0, 64);
426}
427
bc24a225 428static int sd_req_crc_validate(SDRequest *req)
a1bb27b1
PB		 429{
430 uint8_t buffer[5];
431 buffer[0] = 0x40 | req->cmd;
432 buffer[1] = (req->arg >> 24) & 0xff;
433 buffer[2] = (req->arg >> 16) & 0xff;
434 buffer[3] = (req->arg >> 8) & 0xff;
435 buffer[4] = (req->arg >> 0) & 0xff;
436 return 0;
437 return sd_crc7(buffer, 5) != req->crc; /* TODO */
438}
439
10a412da 440static void sd_response_r1_make(SDState *sd, uint8_t *response)
a1bb27b1 441{
10a412da 442 uint32_t status = sd->card_status;
1d06cb7a
PM		 443 /* Clear the "clear on read" status bits */
444 sd->card_status &= ~CARD_STATUS_C;
a1bb27b1
PB		 445
446 response[0] = (status >> 24) & 0xff;
447 response[1] = (status >> 16) & 0xff;
448 response[2] = (status >> 8) & 0xff;
449 response[3] = (status >> 0) & 0xff;
450}
451
9596ebb7 452static void sd_response_r3_make(SDState *sd, uint8_t *response)
a1bb27b1
PB		 453{
454 response[0] = (sd->ocr >> 24) & 0xff;
455 response[1] = (sd->ocr >> 16) & 0xff;
456 response[2] = (sd->ocr >> 8) & 0xff;
457 response[3] = (sd->ocr >> 0) & 0xff;
458}
459
9596ebb7 460static void sd_response_r6_make(SDState *sd, uint8_t *response)
a1bb27b1
PB		 461{
462 uint16_t arg;
463 uint16_t status;
464
465 arg = sd->rca;
466 status = ((sd->card_status >> 8) & 0xc000) |
467 ((sd->card_status >> 6) & 0x2000) |
468 (sd->card_status & 0x1fff);
fcfa9351 469 sd->card_status &= ~(CARD_STATUS_C & 0xc81fff);
a1bb27b1
PB		 470
471 response[0] = (arg >> 8) & 0xff;
472 response[1] = arg & 0xff;
473 response[2] = (status >> 8) & 0xff;
474 response[3] = status & 0xff;
475}
476
1b088995
AZ		 477static void sd_response_r7_make(SDState *sd, uint8_t *response)
478{
479 response[0] = (sd->vhs >> 24) & 0xff;
480 response[1] = (sd->vhs >> 16) & 0xff;
481 response[2] = (sd->vhs >> 8) & 0xff;
482 response[3] = (sd->vhs >> 0) & 0xff;
483}
484
b7202b88
MI		 485static inline uint64_t sd_addr_to_wpnum(uint64_t addr)
486{
487 return addr >> (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT);
488}
489
ba3ed0fa 490static void sd_reset(DeviceState *dev)
a1bb27b1 491{
ba3ed0fa 492 SDState *sd = SD_CARD(dev);
2d7adea4 493 uint64_t size;
a1bb27b1
PB		 494 uint64_t sect;
495
814b2adc 496 trace_sdcard_reset();
16b781aa
PM		 497 if (sd->blk) {
498 blk_get_geometry(sd->blk, &sect);
03f311ed
PB		 499 } else {
500 sect = 0;
501 }
5e37141b 502 size = sect << 9;
a1bb27b1 503
b7202b88 504 sect = sd_addr_to_wpnum(size) + 1;
a1bb27b1
PB		 505
506 sd->state = sd_idle_state;
507 sd->rca = 0x0000;
508 sd_set_ocr(sd);
509 sd_set_scr(sd);
510 sd_set_cid(sd);
511 sd_set_csd(sd, size);
512 sd_set_cardstatus(sd);
513 sd_set_sdstatus(sd);
514
ef1e1e07 515 g_free(sd->wp_groups);
16b781aa 516 sd->wp_switch = sd->blk ? blk_is_read_only(sd->blk) : false;
50a5be6c
IM		 517 sd->wpgrps_size = sect;
518 sd->wp_groups = bitmap_new(sd->wpgrps_size);
519 memset(sd->function_group, 0, sizeof(sd->function_group));
a1bb27b1
PB		 520 sd->erase_start = 0;
521 sd->erase_end = 0;
522 sd->size = size;
523 sd->blk_len = 0x200;
524 sd->pwd_len = 0;
bebd1271 525 sd->expecting_acmd = false;
da346922
PMD		 526 sd->dat_lines = 0xf;
527 sd->cmd_line = true;
4481bbc7 528 sd->multi_blk_cnt = 0;
a1bb27b1
PB		 529}
530
c759a790
PM		 531static bool sd_get_inserted(SDState *sd)
532{
0719e71e 533 return sd->blk && blk_is_inserted(sd->blk);
c759a790
PM		 534}
535
536static bool sd_get_readonly(SDState *sd)
537{
538 return sd->wp_switch;
539}
540
39829a01 541static void sd_cardchange(void *opaque, bool load, Error **errp)
a1bb27b1
PB		 542{
543 SDState *sd = opaque;
c759a790
PM		 544 DeviceState *dev = DEVICE(sd);
545 SDBus *sdbus = SD_BUS(qdev_get_parent_bus(dev));
546 bool inserted = sd_get_inserted(sd);
547 bool readonly = sd_get_readonly(sd);
db97ee6a 548
c759a790 549 if (inserted) {
814b2adc 550 trace_sdcard_inserted(readonly);
c759a790 551 sd_reset(dev);
814b2adc
PMD		 552 } else {
553 trace_sdcard_ejected();
c759a790
PM		 554 }
555
556 /* The IRQ notification is for legacy non-QOM SD controller devices;
557 * QOMified controllers use the SDBus APIs.
558 */
559 if (sdbus) {
560 sdbus_set_inserted(sdbus, inserted);
561 if (inserted) {
562 sdbus_set_readonly(sdbus, readonly);
563 }
564 } else {
565 qemu_set_irq(sd->inserted_cb, inserted);
566 if (inserted) {
567 qemu_set_irq(sd->readonly_cb, readonly);
568 }
a1bb27b1
PB		 569 }
570}
571
0e49de52 572static const BlockDevOps sd_block_ops = {
145feb17 573 .change_media_cb = sd_cardchange,
0e49de52
MA		 574};
575
dd26eb43
AB		 576static bool sd_ocr_vmstate_needed(void *opaque)
577{
578 SDState *sd = opaque;
579
580 /* Include the OCR state (and timer) if it is not yet powered up */
6f296421 581 return !FIELD_EX32(sd->ocr, OCR, CARD_POWER_UP);
dd26eb43
AB		 582}
583
584static const VMStateDescription sd_ocr_vmstate = {
585 .name = "sd-card/ocr-state",
586 .version_id = 1,
587 .minimum_version_id = 1,
588 .needed = sd_ocr_vmstate_needed,
589 .fields = (VMStateField[]) {
590 VMSTATE_UINT32(ocr, SDState),
591 VMSTATE_TIMER_PTR(ocr_power_timer, SDState),
592 VMSTATE_END_OF_LIST()
593 },
594};
595
596static int sd_vmstate_pre_load(void *opaque)
597{
598 SDState *sd = opaque;
599
600 /* If the OCR state is not included (prior versions, or not
601 * needed), then the OCR must be set as powered up. If the OCR state
602 * is included, this will be replaced by the state restore.
603 */
604 sd_ocr_powerup(sd);
605
606 return 0;
607}
608
50a5be6c
IM		 609static const VMStateDescription sd_vmstate = {
610 .name = "sd-card",
611 .version_id = 1,
612 .minimum_version_id = 1,
dd26eb43 613 .pre_load = sd_vmstate_pre_load,
50a5be6c
IM		 614 .fields = (VMStateField[]) {
615 VMSTATE_UINT32(mode, SDState),
616 VMSTATE_INT32(state, SDState),
617 VMSTATE_UINT8_ARRAY(cid, SDState, 16),
618 VMSTATE_UINT8_ARRAY(csd, SDState, 16),
619 VMSTATE_UINT16(rca, SDState),
620 VMSTATE_UINT32(card_status, SDState),
621 VMSTATE_PARTIAL_BUFFER(sd_status, SDState, 1),
622 VMSTATE_UINT32(vhs, SDState),
623 VMSTATE_BITMAP(wp_groups, SDState, 0, wpgrps_size),
624 VMSTATE_UINT32(blk_len, SDState),
4481bbc7 625 VMSTATE_UINT32(multi_blk_cnt, SDState),
50a5be6c
IM		 626 VMSTATE_UINT32(erase_start, SDState),
627 VMSTATE_UINT32(erase_end, SDState),
628 VMSTATE_UINT8_ARRAY(pwd, SDState, 16),
629 VMSTATE_UINT32(pwd_len, SDState),
630 VMSTATE_UINT8_ARRAY(function_group, SDState, 6),
631 VMSTATE_UINT8(current_cmd, SDState),
632 VMSTATE_BOOL(expecting_acmd, SDState),
633 VMSTATE_UINT32(blk_written, SDState),
634 VMSTATE_UINT64(data_start, SDState),
635 VMSTATE_UINT32(data_offset, SDState),
636 VMSTATE_UINT8_ARRAY(data, SDState, 512),
12c125cb 637 VMSTATE_UNUSED_V(1, 512),
50a5be6c
IM		 638 VMSTATE_BOOL(enable, SDState),
639 VMSTATE_END_OF_LIST()
dd26eb43
AB		 640 },
641 .subsections = (const VMStateDescription*[]) {
642 &sd_ocr_vmstate,
643 NULL
644 },
50a5be6c
IM		 645};
646
260bc9d8 647/* Legacy initialization function for use by non-qdevified callers */
4be74634 648SDState *sd_init(BlockBackend *blk, bool is_spi)
a1bb27b1 649{
fec44a8c 650 Object *obj;
260bc9d8
PM		 651 DeviceState *dev;
652 Error *err = NULL;
a1bb27b1 653
fec44a8c
PM		 654 obj = object_new(TYPE_SD_CARD);
655 dev = DEVICE(obj);
260bc9d8
PM		 656 qdev_prop_set_drive(dev, "drive", blk, &err);
657 if (err) {
658 error_report("sd_init failed: %s", error_get_pretty(err));
4f8a066b
KW		 659 return NULL;
660 }
260bc9d8 661 qdev_prop_set_bit(dev, "spi", is_spi);
fec44a8c 662 object_property_set_bool(obj, true, "realized", &err);
260bc9d8
PM		 663 if (err) {
664 error_report("sd_init failed: %s", error_get_pretty(err));
665 return NULL;
03f311ed 666 }
260bc9d8
PM		 667
668 return SD_CARD(dev);
a1bb27b1
PB		 669}
670
02ce600c 671void sd_set_cb(SDState *sd, qemu_irq readonly, qemu_irq insert)
a1bb27b1 672{
02ce600c
AZ		 673 sd->readonly_cb = readonly;
674 sd->inserted_cb = insert;
4be74634
MA		 675 qemu_set_irq(readonly, sd->blk ? blk_is_read_only(sd->blk) : 0);
676 qemu_set_irq(insert, sd->blk ? blk_is_inserted(sd->blk) : 0);
a1bb27b1
PB		 677}
678
679static void sd_erase(SDState *sd)
680{
f2d189d3
IM		 681 int i;
682 uint64_t erase_start = sd->erase_start;
683 uint64_t erase_end = sd->erase_end;
684
814b2adc 685 trace_sdcard_erase();
a1bb27b1
PB		 686 if (!sd->erase_start || !sd->erase_end) {
687 sd->card_status |= ERASE_SEQ_ERROR;
688 return;
689 }
690
6f296421 691 if (FIELD_EX32(sd->ocr, OCR, CARD_CAPACITY)) {
f2d189d3
IM		 692 /* High capacity memory card: erase units are 512 byte blocks */
693 erase_start *= 512;
694 erase_end *= 512;
695 }
696
697 erase_start = sd_addr_to_wpnum(erase_start);
698 erase_end = sd_addr_to_wpnum(erase_end);
a1bb27b1
PB		 699 sd->erase_start = 0;
700 sd->erase_end = 0;
701 sd->csd[14] |= 0x40;
702
f2d189d3 703 for (i = erase_start; i <= erase_end; i++) {
a9c01830 704 if (test_bit(i, sd->wp_groups)) {
a1bb27b1 705 sd->card_status |= WP_ERASE_SKIP;
a9c01830
MI		 706 }
707 }
a1bb27b1
PB		 708}
709
2d7adea4 710static uint32_t sd_wpbits(SDState *sd, uint64_t addr)
a1bb27b1
PB		 711{
712 uint32_t i, wpnum;
713 uint32_t ret = 0;
714
b7202b88 715 wpnum = sd_addr_to_wpnum(addr);
a1bb27b1 716
a9c01830
MI		 717 for (i = 0; i < 32; i++, wpnum++, addr += WPGROUP_SIZE) {
718 if (addr < sd->size && test_bit(wpnum, sd->wp_groups)) {
a1bb27b1 719 ret |= (1 << i);
a9c01830
MI		 720 }
721 }
a1bb27b1
PB		 722
723 return ret;
724}
725
726static void sd_function_switch(SDState *sd, uint32_t arg)
727{
728 int i, mode, new_func, crc;
729 mode = !!(arg & 0x80000000);
730
731 sd->data[0] = 0x00; /* Maximum current consumption */
732 sd->data[1] = 0x01;
733 sd->data[2] = 0x80; /* Supported group 6 functions */
734 sd->data[3] = 0x01;
735 sd->data[4] = 0x80; /* Supported group 5 functions */
736 sd->data[5] = 0x01;
737 sd->data[6] = 0x80; /* Supported group 4 functions */
738 sd->data[7] = 0x01;
739 sd->data[8] = 0x80; /* Supported group 3 functions */
740 sd->data[9] = 0x01;
741 sd->data[10] = 0x80; /* Supported group 2 functions */
742 sd->data[11] = 0x43;
743 sd->data[12] = 0x80; /* Supported group 1 functions */
744 sd->data[13] = 0x03;
745 for (i = 0; i < 6; i ++) {
746 new_func = (arg >> (i * 4)) & 0x0f;
747 if (mode && new_func != 0x0f)
748 sd->function_group[i] = new_func;
749 sd->data[14 + (i >> 1)] = new_func << ((i * 4) & 4);
750 }
751 memset(&sd->data[17], 0, 47);
752 crc = sd_crc16(sd->data, 64);
753 sd->data[65] = crc >> 8;
754 sd->data[66] = crc & 0xff;
755}
756
4e8f1be2 757static inline bool sd_wp_addr(SDState *sd, uint64_t addr)
a1bb27b1 758{
b7202b88 759 return test_bit(sd_addr_to_wpnum(addr), sd->wp_groups);
a1bb27b1
PB		 760}
761
762static void sd_lock_command(SDState *sd)
763{
764 int erase, lock, clr_pwd, set_pwd, pwd_len;
765 erase = !!(sd->data[0] & 0x08);
766 lock = sd->data[0] & 0x04;
767 clr_pwd = sd->data[0] & 0x02;
768 set_pwd = sd->data[0] & 0x01;
769
770 if (sd->blk_len > 1)
771 pwd_len = sd->data[1];
772 else
773 pwd_len = 0;
774
814b2adc
PMD		 775 if (lock) {
776 trace_sdcard_lock();
777 } else {
778 trace_sdcard_unlock();
779 }
a1bb27b1
PB		 780 if (erase) {
781 if (!(sd->card_status & CARD_IS_LOCKED) || sd->blk_len > 1 ||
782 set_pwd || clr_pwd || lock || sd->wp_switch ||
783 (sd->csd[14] & 0x20)) {
784 sd->card_status |= LOCK_UNLOCK_FAILED;
785 return;
786 }
50a5be6c 787 bitmap_zero(sd->wp_groups, sd->wpgrps_size);
a1bb27b1
PB		 788 sd->csd[14] &= ~0x10;
789 sd->card_status &= ~CARD_IS_LOCKED;
790 sd->pwd_len = 0;
791 /* Erasing the entire card here! */
827df9f3 792 fprintf(stderr, "SD: Card force-erased by CMD42\n");
a1bb27b1
PB		 793 return;
794 }
795
796 if (sd->blk_len < 2 + pwd_len ||
797 pwd_len <= sd->pwd_len ||
798 pwd_len > sd->pwd_len + 16) {
799 sd->card_status |= LOCK_UNLOCK_FAILED;
800 return;
801 }
802
803 if (sd->pwd_len && memcmp(sd->pwd, sd->data + 2, sd->pwd_len)) {
804 sd->card_status |= LOCK_UNLOCK_FAILED;
805 return;
806 }
807
808 pwd_len -= sd->pwd_len;
809 if ((pwd_len && !set_pwd) ||
810 (clr_pwd && (set_pwd || lock)) ||
811 (lock && !sd->pwd_len && !set_pwd) ||
812 (!set_pwd && !clr_pwd &&
813 (((sd->card_status & CARD_IS_LOCKED) && lock) ||
814 (!(sd->card_status & CARD_IS_LOCKED) && !lock)))) {
815 sd->card_status |= LOCK_UNLOCK_FAILED;
816 return;
817 }
818
819 if (set_pwd) {
820 memcpy(sd->pwd, sd->data + 2 + sd->pwd_len, pwd_len);
821 sd->pwd_len = pwd_len;
822 }
823
824 if (clr_pwd) {
825 sd->pwd_len = 0;
826 }
827
828 if (lock)
829 sd->card_status |= CARD_IS_LOCKED;
830 else
831 sd->card_status &= ~CARD_IS_LOCKED;
832}
833
c227f099 834static sd_rsp_type_t sd_normal_command(SDState *sd,
bc24a225 835 SDRequest req)
a1bb27b1
PB		 836{
837 uint32_t rca = 0x0000;
2d7adea4 838 uint64_t addr = (sd->ocr & (1 << 30)) ? (uint64_t) req.arg << 9 : req.arg;
a1bb27b1 839
1b640aa9
PMD		 840 trace_sdcard_normal_command(req.cmd, req.arg, sd_state_name(sd->state));
841
1d06cb7a
PM		 842 /* Not interpreting this as an app command */
843 sd->card_status &= ~APP_CMD;
844
f250015b
PMD		 845 if (sd_cmd_type[req.cmd] == sd_ac
846 || sd_cmd_type[req.cmd] == sd_adtc) {
a1bb27b1 847 rca = req.arg >> 16;
97f4ed3b 848 }
a1bb27b1 849
4481bbc7
AB		 850 /* CMD23 (set block count) must be immediately followed by CMD18 or CMD25
851 * if not, its effects are cancelled */
852 if (sd->multi_blk_cnt != 0 && !(req.cmd == 18 || req.cmd == 25)) {
853 sd->multi_blk_cnt = 0;
854 }
855
a1bb27b1
PB		 856 switch (req.cmd) {
857 /* Basic commands (Class 0 and Class 1) */
858 case 0: /* CMD0: GO_IDLE_STATE */
859 switch (sd->state) {
860 case sd_inactive_state:
775616c3 861 return sd->spi ? sd_r1 : sd_r0;
a1bb27b1
PB		 862
863 default:
864 sd->state = sd_idle_state;
ba3ed0fa 865 sd_reset(DEVICE(sd));
775616c3 866 return sd->spi ? sd_r1 : sd_r0;
a1bb27b1
PB		 867 }
868 break;
869
775616c3
PB		 870 case 1: /* CMD1: SEND_OP_CMD */
871 if (!sd->spi)
872 goto bad_cmd;
873
874 sd->state = sd_transfer_state;
875 return sd_r1;
876
a1bb27b1 877 case 2: /* CMD2: ALL_SEND_CID */
775616c3
PB		 878 if (sd->spi)
879 goto bad_cmd;
a1bb27b1
PB		 880 switch (sd->state) {
881 case sd_ready_state:
882 sd->state = sd_identification_state;
883 return sd_r2_i;
884
885 default:
886 break;
887 }
888 break;
889
890 case 3: /* CMD3: SEND_RELATIVE_ADDR */
775616c3
PB		 891 if (sd->spi)
892 goto bad_cmd;
a1bb27b1
PB		 893 switch (sd->state) {
894 case sd_identification_state:
895 case sd_standby_state:
896 sd->state = sd_standby_state;
897 sd_set_rca(sd);
898 return sd_r6;
899
900 default:
901 break;
902 }
903 break;
904
905 case 4: /* CMD4: SEND_DSR */
775616c3
PB		 906 if (sd->spi)
907 goto bad_cmd;
a1bb27b1
PB		 908 switch (sd->state) {
909 case sd_standby_state:
910 break;
911
912 default:
913 break;
914 }
915 break;
916
109ac32f 917 case 5: /* CMD5: reserved for SDIO cards */
53bb8cc4 918 return sd_illegal;
109ac32f 919
a1bb27b1 920 case 6: /* CMD6: SWITCH_FUNCTION */
775616c3
PB		 921 if (sd->spi)
922 goto bad_cmd;
a1bb27b1
PB		 923 switch (sd->mode) {
924 case sd_data_transfer_mode:
925 sd_function_switch(sd, req.arg);
926 sd->state = sd_sendingdata_state;
927 sd->data_start = 0;
928 sd->data_offset = 0;
929 return sd_r1;
930
931 default:
932 break;
933 }
934 break;
935
936 case 7: /* CMD7: SELECT/DESELECT_CARD */
775616c3
PB		 937 if (sd->spi)
938 goto bad_cmd;
a1bb27b1
PB		 939 switch (sd->state) {
940 case sd_standby_state:
941 if (sd->rca != rca)
942 return sd_r0;
943
944 sd->state = sd_transfer_state;
945 return sd_r1b;
946
947 case sd_transfer_state:
948 case sd_sendingdata_state:
949 if (sd->rca == rca)
950 break;
951
952 sd->state = sd_standby_state;
953 return sd_r1b;
954
955 case sd_disconnect_state:
956 if (sd->rca != rca)
957 return sd_r0;
958
959 sd->state = sd_programming_state;
960 return sd_r1b;
961
962 case sd_programming_state:
963 if (sd->rca == rca)
964 break;
965
966 sd->state = sd_disconnect_state;
967 return sd_r1b;
968
969 default:
970 break;
971 }
972 break;
973
1b088995
AZ		 974 case 8: /* CMD8: SEND_IF_COND */
975 /* Physical Layer Specification Version 2.00 command */
976 switch (sd->state) {
977 case sd_idle_state:
978 sd->vhs = 0;
979
980 /* No response if not exactly one VHS bit is set. */
c9d93318 981 if (!(req.arg >> 8) || (req.arg >> (ctz32(req.arg & ~0xff) + 1))) {
1b088995 982 return sd->spi ? sd_r7 : sd_r0;
c9d93318 983 }
1b088995
AZ		 984
985 /* Accept. */
986 sd->vhs = req.arg;
987 return sd_r7;
988
989 default:
990 break;
991 }
992 break;
993
a1bb27b1
PB		 994 case 9: /* CMD9: SEND_CSD */
995 switch (sd->state) {
996 case sd_standby_state:
997 if (sd->rca != rca)
998 return sd_r0;
999
1000 return sd_r2_s;
1001
775616c3
PB		 1002 case sd_transfer_state:
1003 if (!sd->spi)
1004 break;
1005 sd->state = sd_sendingdata_state;
1006 memcpy(sd->data, sd->csd, 16);
2d7adea4 1007 sd->data_start = addr;
775616c3
PB		 1008 sd->data_offset = 0;
1009 return sd_r1;
1010
a1bb27b1
PB		 1011 default:
1012 break;
1013 }
1014 break;
1015
1016 case 10: /* CMD10: SEND_CID */
1017 switch (sd->state) {
1018 case sd_standby_state:
1019 if (sd->rca != rca)
1020 return sd_r0;
1021
1022 return sd_r2_i;
1023
775616c3
PB		 1024 case sd_transfer_state:
1025 if (!sd->spi)
1026 break;
1027 sd->state = sd_sendingdata_state;
1028 memcpy(sd->data, sd->cid, 16);
2d7adea4 1029 sd->data_start = addr;
775616c3
PB		 1030 sd->data_offset = 0;
1031 return sd_r1;
1032
a1bb27b1
PB		 1033 default:
1034 break;
1035 }
1036 break;
1037
1038 case 11: /* CMD11: READ_DAT_UNTIL_STOP */
775616c3
PB		 1039 if (sd->spi)
1040 goto bad_cmd;
a1bb27b1
PB		 1041 switch (sd->state) {
1042 case sd_transfer_state:
1043 sd->state = sd_sendingdata_state;
1044 sd->data_start = req.arg;
1045 sd->data_offset = 0;
1046
1047 if (sd->data_start + sd->blk_len > sd->size)
1048 sd->card_status |= ADDRESS_ERROR;
1049 return sd_r0;
1050
1051 default:
1052 break;
1053 }
1054 break;
1055
1056 case 12: /* CMD12: STOP_TRANSMISSION */
1057 switch (sd->state) {
1058 case sd_sendingdata_state:
1059 sd->state = sd_transfer_state;
1060 return sd_r1b;
1061
1062 case sd_receivingdata_state:
1063 sd->state = sd_programming_state;
1064 /* Bzzzzzzztt .... Operation complete. */
1065 sd->state = sd_transfer_state;
1066 return sd_r1b;
1067
1068 default:
1069 break;
1070 }
1071 break;
1072
1073 case 13: /* CMD13: SEND_STATUS */
1074 switch (sd->mode) {
1075 case sd_data_transfer_mode:
1076 if (sd->rca != rca)
1077 return sd_r0;
1078
1079 return sd_r1;
1080
1081 default:
1082 break;
1083 }
1084 break;
1085
1086 case 15: /* CMD15: GO_INACTIVE_STATE */
775616c3
PB		 1087 if (sd->spi)
1088 goto bad_cmd;
a1bb27b1
PB		 1089 switch (sd->mode) {
1090 case sd_data_transfer_mode:
1091 if (sd->rca != rca)
1092 return sd_r0;
1093
1094 sd->state = sd_inactive_state;
1095 return sd_r0;
1096
1097 default:
1098 break;
1099 }
1100 break;
1101
1102 /* Block read commands (Classs 2) */
1103 case 16: /* CMD16: SET_BLOCKLEN */
1104 switch (sd->state) {
1105 case sd_transfer_state:
814b2adc 1106 if (req.arg > (1 << HWBLOCK_SHIFT)) {
a1bb27b1 1107 sd->card_status |= BLOCK_LEN_ERROR;
814b2adc
PMD		 1108 } else {
1109 trace_sdcard_set_blocklen(req.arg);
a1bb27b1 1110 sd->blk_len = req.arg;
814b2adc 1111 }
a1bb27b1
PB		 1112
1113 return sd_r1;
1114
1115 default:
1116 break;
1117 }
1118 break;
1119
1120 case 17: /* CMD17: READ_SINGLE_BLOCK */
1121 switch (sd->state) {
1122 case sd_transfer_state:
1123 sd->state = sd_sendingdata_state;
2d7adea4 1124 sd->data_start = addr;
a1bb27b1
PB		 1125 sd->data_offset = 0;
1126
1127 if (sd->data_start + sd->blk_len > sd->size)
1128 sd->card_status |= ADDRESS_ERROR;
1129 return sd_r1;
1130
1131 default:
1132 break;
1133 }
1134 break;
1135
1136 case 18: /* CMD18: READ_MULTIPLE_BLOCK */
1137 switch (sd->state) {
1138 case sd_transfer_state:
1139 sd->state = sd_sendingdata_state;
2d7adea4 1140 sd->data_start = addr;
a1bb27b1
PB		 1141 sd->data_offset = 0;
1142
1143 if (sd->data_start + sd->blk_len > sd->size)
1144 sd->card_status |= ADDRESS_ERROR;
1145 return sd_r1;
1146
1147 default:
1148 break;
1149 }
1150 break;
1151
4481bbc7
AB		 1152 case 23: /* CMD23: SET_BLOCK_COUNT */
1153 switch (sd->state) {
1154 case sd_transfer_state:
1155 sd->multi_blk_cnt = req.arg;
1156 return sd_r1;
1157
1158 default:
1159 break;
1160 }
1161 break;
1162
a1bb27b1
PB		 1163 /* Block write commands (Class 4) */
1164 case 24: /* CMD24: WRITE_SINGLE_BLOCK */
775616c3
PB		 1165 if (sd->spi)
1166 goto unimplemented_cmd;
a1bb27b1
PB		 1167 switch (sd->state) {
1168 case sd_transfer_state:
775616c3
PB		 1169 /* Writing in SPI mode not implemented. */
1170 if (sd->spi)
1171 break;
a1bb27b1 1172 sd->state = sd_receivingdata_state;
2d7adea4 1173 sd->data_start = addr;
a1bb27b1
PB		 1174 sd->data_offset = 0;
1175 sd->blk_written = 0;
1176
1177 if (sd->data_start + sd->blk_len > sd->size)
1178 sd->card_status |= ADDRESS_ERROR;
1179 if (sd_wp_addr(sd, sd->data_start))
1180 sd->card_status |= WP_VIOLATION;
1181 if (sd->csd[14] & 0x30)
1182 sd->card_status |= WP_VIOLATION;
1183 return sd_r1;
1184
1185 default:
1186 break;
1187 }
1188 break;
1189
1190 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
775616c3
PB		 1191 if (sd->spi)
1192 goto unimplemented_cmd;
a1bb27b1
PB		 1193 switch (sd->state) {
1194 case sd_transfer_state:
775616c3
PB		 1195 /* Writing in SPI mode not implemented. */
1196 if (sd->spi)
1197 break;
a1bb27b1 1198 sd->state = sd_receivingdata_state;
2d7adea4 1199 sd->data_start = addr;
a1bb27b1
PB		 1200 sd->data_offset = 0;
1201 sd->blk_written = 0;
1202
1203 if (sd->data_start + sd->blk_len > sd->size)
1204 sd->card_status |= ADDRESS_ERROR;
1205 if (sd_wp_addr(sd, sd->data_start))
1206 sd->card_status |= WP_VIOLATION;
1207 if (sd->csd[14] & 0x30)
1208 sd->card_status |= WP_VIOLATION;
1209 return sd_r1;
1210
1211 default:
1212 break;
1213 }
1214 break;
1215
1216 case 26: /* CMD26: PROGRAM_CID */
775616c3
PB		 1217 if (sd->spi)
1218 goto bad_cmd;
a1bb27b1
PB		 1219 switch (sd->state) {
1220 case sd_transfer_state:
1221 sd->state = sd_receivingdata_state;
1222 sd->data_start = 0;
1223 sd->data_offset = 0;
1224 return sd_r1;
1225
1226 default:
1227 break;
1228 }
1229 break;
1230
1231 case 27: /* CMD27: PROGRAM_CSD */
775616c3
PB		 1232 if (sd->spi)
1233 goto unimplemented_cmd;
a1bb27b1
PB		 1234 switch (sd->state) {
1235 case sd_transfer_state:
1236 sd->state = sd_receivingdata_state;
1237 sd->data_start = 0;
1238 sd->data_offset = 0;
1239 return sd_r1;
1240
1241 default:
1242 break;
1243 }
1244 break;
1245
1246 /* Write protection (Class 6) */
1247 case 28: /* CMD28: SET_WRITE_PROT */
1248 switch (sd->state) {
1249 case sd_transfer_state:
2d7adea4 1250 if (addr >= sd->size) {
e30d5938 1251 sd->card_status |= ADDRESS_ERROR;
a1bb27b1
PB		 1252 return sd_r1b;
1253 }
1254
1255 sd->state = sd_programming_state;
b7202b88 1256 set_bit(sd_addr_to_wpnum(addr), sd->wp_groups);
a1bb27b1
PB		 1257 /* Bzzzzzzztt .... Operation complete. */
1258 sd->state = sd_transfer_state;
1259 return sd_r1b;
1260
1261 default:
1262 break;
1263 }
1264 break;
1265
1266 case 29: /* CMD29: CLR_WRITE_PROT */
1267 switch (sd->state) {
1268 case sd_transfer_state:
2d7adea4 1269 if (addr >= sd->size) {
e30d5938 1270 sd->card_status |= ADDRESS_ERROR;
a1bb27b1
PB		 1271 return sd_r1b;
1272 }
1273
1274 sd->state = sd_programming_state;
b7202b88 1275 clear_bit(sd_addr_to_wpnum(addr), sd->wp_groups);
a1bb27b1
PB		 1276 /* Bzzzzzzztt .... Operation complete. */
1277 sd->state = sd_transfer_state;
1278 return sd_r1b;
1279
1280 default:
1281 break;
1282 }
1283 break;
1284
1285 case 30: /* CMD30: SEND_WRITE_PROT */
1286 switch (sd->state) {
1287 case sd_transfer_state:
1288 sd->state = sd_sendingdata_state;
1289 *(uint32_t *) sd->data = sd_wpbits(sd, req.arg);
2d7adea4 1290 sd->data_start = addr;
a1bb27b1
PB		 1291 sd->data_offset = 0;
1292 return sd_r1b;
1293
1294 default:
1295 break;
1296 }
1297 break;
1298
1299 /* Erase commands (Class 5) */
1300 case 32: /* CMD32: ERASE_WR_BLK_START */
1301 switch (sd->state) {
1302 case sd_transfer_state:
1303 sd->erase_start = req.arg;
1304 return sd_r1;
1305
1306 default:
1307 break;
1308 }
1309 break;
1310
1311 case 33: /* CMD33: ERASE_WR_BLK_END */
1312 switch (sd->state) {
1313 case sd_transfer_state:
1314 sd->erase_end = req.arg;
1315 return sd_r1;
1316
1317 default:
1318 break;
1319 }
1320 break;
1321
1322 case 38: /* CMD38: ERASE */
1323 switch (sd->state) {
1324 case sd_transfer_state:
1325 if (sd->csd[14] & 0x30) {
1326 sd->card_status |= WP_VIOLATION;
1327 return sd_r1b;
1328 }
1329
1330 sd->state = sd_programming_state;
1331 sd_erase(sd);
1332 /* Bzzzzzzztt .... Operation complete. */
1333 sd->state = sd_transfer_state;
1334 return sd_r1b;
1335
1336 default:
1337 break;
1338 }
1339 break;
1340
1341 /* Lock card commands (Class 7) */
1342 case 42: /* CMD42: LOCK_UNLOCK */
775616c3
PB		 1343 if (sd->spi)
1344 goto unimplemented_cmd;
a1bb27b1
PB		 1345 switch (sd->state) {
1346 case sd_transfer_state:
1347 sd->state = sd_receivingdata_state;
1348 sd->data_start = 0;
1349 sd->data_offset = 0;
1350 return sd_r1;
1351
1352 default:
1353 break;
1354 }
1355 break;
1356
39e594db
PM		 1357 case 52:
1358 case 53:
1359 /* CMD52, CMD53: reserved for SDIO cards
1360 * (see the SDIO Simplified Specification V2.0)
1361 * Handle as illegal command but do not complain
1362 * on stderr, as some OSes may use these in their
1363 * probing for presence of an SDIO card.
1364 */
53bb8cc4 1365 return sd_illegal;
39e594db 1366
a1bb27b1
PB		 1367 /* Application specific commands (Class 8) */
1368 case 55: /* CMD55: APP_CMD */
1369 if (sd->rca != rca)
1370 return sd_r0;
1371
bebd1271 1372 sd->expecting_acmd = true;
a1bb27b1
PB		 1373 sd->card_status |= APP_CMD;
1374 return sd_r1;
1375
1376 case 56: /* CMD56: GEN_CMD */
a1bb27b1
PB		 1377 switch (sd->state) {
1378 case sd_transfer_state:
1379 sd->data_offset = 0;
1380 if (req.arg & 1)
1381 sd->state = sd_sendingdata_state;
1382 else
1383 sd->state = sd_receivingdata_state;
1384 return sd_r1;
1385
1386 default:
1387 break;
1388 }
1389 break;
1390
1391 default:
775616c3 1392 bad_cmd:
9800ad88 1393 qemu_log_mask(LOG_GUEST_ERROR, "SD: Unknown CMD%i\n", req.cmd);
53bb8cc4 1394 return sd_illegal;
775616c3
PB		 1395
1396 unimplemented_cmd:
1397 /* Commands that are recognised but not yet implemented in SPI mode. */
9800ad88
AB		 1398 qemu_log_mask(LOG_UNIMP, "SD: CMD%i not implemented in SPI mode\n",
1399 req.cmd);
53bb8cc4 1400 return sd_illegal;
a1bb27b1
PB		 1401 }
1402
9800ad88 1403 qemu_log_mask(LOG_GUEST_ERROR, "SD: CMD%i in a wrong state\n", req.cmd);
53bb8cc4 1404 return sd_illegal;
a1bb27b1
PB		 1405}
1406
c227f099 1407static sd_rsp_type_t sd_app_command(SDState *sd,
22ed1d34
BS		 1408 SDRequest req)
1409{
1b640aa9 1410 trace_sdcard_app_command(req.cmd, req.arg);
1d06cb7a 1411 sd->card_status |= APP_CMD;
a1bb27b1
PB		 1412 switch (req.cmd) {
1413 case 6: /* ACMD6: SET_BUS_WIDTH */
1414 switch (sd->state) {
1415 case sd_transfer_state:
1416 sd->sd_status[0] &= 0x3f;
1417 sd->sd_status[0] |= (req.arg & 0x03) << 6;
1418 return sd_r1;
1419
1420 default:
1421 break;
1422 }
1423 break;
1424
1425 case 13: /* ACMD13: SD_STATUS */
1426 switch (sd->state) {
1427 case sd_transfer_state:
fb1ba03a 1428 sd->state = sd_sendingdata_state;
a1bb27b1
PB		 1429 sd->data_start = 0;
1430 sd->data_offset = 0;
1431 return sd_r1;
1432
1433 default:
1434 break;
1435 }
1436 break;
1437
1438 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
1439 switch (sd->state) {
1440 case sd_transfer_state:
1441 *(uint32_t *) sd->data = sd->blk_written;
1442
fb1ba03a 1443 sd->state = sd_sendingdata_state;
a1bb27b1
PB		 1444 sd->data_start = 0;
1445 sd->data_offset = 0;
1446 return sd_r1;
1447
1448 default:
1449 break;
1450 }
1451 break;
1452
1453 case 23: /* ACMD23: SET_WR_BLK_ERASE_COUNT */
1454 switch (sd->state) {
1455 case sd_transfer_state:
1456 return sd_r1;
1457
1458 default:
1459 break;
1460 }
1461 break;
1462
1463 case 41: /* ACMD41: SD_APP_OP_COND */
775616c3
PB		 1464 if (sd->spi) {
1465 /* SEND_OP_CMD */
1466 sd->state = sd_transfer_state;
1467 return sd_r1;
1468 }
a1bb27b1
PB		 1469 switch (sd->state) {
1470 case sd_idle_state:
dd26eb43
AB		 1471 /* If it's the first ACMD41 since reset, we need to decide
1472 * whether to power up. If this is not an enquiry ACMD41,
1473 * we immediately report power on and proceed below to the
1474 * ready state, but if it is, we set a timer to model a
1475 * delay for power up. This works around a bug in EDK2
1476 * UEFI, which sends an initial enquiry ACMD41, but
1477 * assumes that the card is in ready state as soon as it
1478 * sees the power up bit set. */
6f296421 1479 if (!FIELD_EX32(sd->ocr, OCR, CARD_POWER_UP)) {
dd26eb43
AB		 1480 if ((req.arg & ACMD41_ENQUIRY_MASK) != 0) {
1481 timer_del(sd->ocr_power_timer);
1482 sd_ocr_powerup(sd);
814b2adc
PMD		 1483 } else {
1484 trace_sdcard_inquiry_cmd41();
1485 if (!timer_pending(sd->ocr_power_timer)) {
1486 timer_mod_ns(sd->ocr_power_timer,
1487 (qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL)
1488 + OCR_POWER_DELAY_NS));
1489 }
dd26eb43
AB		 1490 }
1491 }
1492
37ab4a56
PC		 1493 /* We accept any voltage. 10000 V is nothing.
1494 *
dd26eb43 1495 * Once we're powered up, we advance straight to ready state
37ab4a56
PC		 1496 * unless it's an enquiry ACMD41 (bits 23:0 == 0).
1497 */
1498 if (req.arg & ACMD41_ENQUIRY_MASK) {
a1bb27b1 1499 sd->state = sd_ready_state;
37ab4a56 1500 }
a1bb27b1
PB		 1501
1502 return sd_r3;
1503
1504 default:
1505 break;
1506 }
1507 break;
1508
1509 case 42: /* ACMD42: SET_CLR_CARD_DETECT */
1510 switch (sd->state) {
1511 case sd_transfer_state:
1512 /* Bringing in the 50KOhm pull-up resistor... Done. */
1513 return sd_r1;
1514
1515 default:
1516 break;
1517 }
1518 break;
1519
1520 case 51: /* ACMD51: SEND_SCR */
1521 switch (sd->state) {
1522 case sd_transfer_state:
1523 sd->state = sd_sendingdata_state;
1524 sd->data_start = 0;
1525 sd->data_offset = 0;
1526 return sd_r1;
1527
1528 default:
1529 break;
1530 }
1531 break;
1532
1533 default:
1534 /* Fall back to standard commands. */
a1bb27b1
PB		 1535 return sd_normal_command(sd, req);
1536 }
1537
9800ad88 1538 qemu_log_mask(LOG_GUEST_ERROR, "SD: ACMD%i in a wrong state\n", req.cmd);
5b08bfe2 1539 return sd_illegal;
a1bb27b1
PB		 1540}
1541
25881d33
PM		 1542static int cmd_valid_while_locked(SDState *sd, SDRequest *req)
1543{
1544 /* Valid commands in locked state:
1545 * basic class (0)
1546 * lock card class (7)
1547 * CMD16
1548 * implicitly, the ACMD prefix CMD55
1549 * ACMD41 and ACMD42
1550 * Anything else provokes an "illegal command" response.
1551 */
1d06cb7a 1552 if (sd->expecting_acmd) {
25881d33
PM		 1553 return req->cmd == 41 || req->cmd == 42;
1554 }
1555 if (req->cmd == 16 || req->cmd == 55) {
1556 return 1;
1557 }
f250015b
PMD		 1558 return sd_cmd_class[req->cmd] == 0
1559 || sd_cmd_class[req->cmd] == 7;
25881d33
PM		 1560}
1561
bc24a225 1562int sd_do_command(SDState *sd, SDRequest *req,
a1bb27b1 1563 uint8_t *response) {
10a412da 1564 int last_state;
c227f099 1565 sd_rsp_type_t rtype;
a1bb27b1
PB		 1566 int rsplen;
1567
4be74634 1568 if (!sd->blk || !blk_is_inserted(sd->blk) || !sd->enable) {
a1bb27b1
PB		 1569 return 0;
1570 }
1571
1572 if (sd_req_crc_validate(req)) {
abda1f37 1573 sd->card_status |= COM_CRC_ERROR;
b1f517ed
PM		 1574 rtype = sd_illegal;
1575 goto send_response;
a1bb27b1
PB		 1576 }
1577
f250015b
PMD		 1578 if (req->cmd >= SDMMC_CMD_MAX) {
1579 qemu_log_mask(LOG_GUEST_ERROR, "SD: incorrect command 0x%02x\n",
1580 req->cmd);
1581 req->cmd &= 0x3f;
1582 }
1583
10a412da 1584 if (sd->card_status & CARD_IS_LOCKED) {
25881d33 1585 if (!cmd_valid_while_locked(sd, req)) {
a1bb27b1 1586 sd->card_status |= ILLEGAL_COMMAND;
bebd1271 1587 sd->expecting_acmd = false;
9800ad88 1588 qemu_log_mask(LOG_GUEST_ERROR, "SD: Card is locked\n");
b1f517ed
PM		 1589 rtype = sd_illegal;
1590 goto send_response;
a1bb27b1 1591 }
25881d33 1592 }
a1bb27b1 1593
10a412da
PM		 1594 last_state = sd->state;
1595 sd_set_mode(sd);
1596
1d06cb7a 1597 if (sd->expecting_acmd) {
bebd1271 1598 sd->expecting_acmd = false;
a1bb27b1 1599 rtype = sd_app_command(sd, *req);
1d06cb7a 1600 } else {
a1bb27b1 1601 rtype = sd_normal_command(sd, *req);
1d06cb7a 1602 }
a1bb27b1 1603
53bb8cc4
PM		 1604 if (rtype == sd_illegal) {
1605 sd->card_status |= ILLEGAL_COMMAND;
10a412da
PM		 1606 } else {
1607 /* Valid command, we can update the 'state before command' bits.
1608 * (Do this now so they appear in r1 responses.)
1609 */
1610 sd->current_cmd = req->cmd;
1611 sd->card_status &= ~CURRENT_STATE;
1612 sd->card_status |= (last_state << 9);
53bb8cc4
PM		 1613 }
1614
b1f517ed 1615send_response:
a1bb27b1
PB		 1616 switch (rtype) {
1617 case sd_r1:
1618 case sd_r1b:
10a412da 1619 sd_response_r1_make(sd, response);
a1bb27b1
PB		 1620 rsplen = 4;
1621 break;
1622
1623 case sd_r2_i:
1624 memcpy(response, sd->cid, sizeof(sd->cid));
a1bb27b1
PB		 1625 rsplen = 16;
1626 break;
1627
1628 case sd_r2_s:
1629 memcpy(response, sd->csd, sizeof(sd->csd));
a1bb27b1
PB		 1630 rsplen = 16;
1631 break;
1632
1633 case sd_r3:
1634 sd_response_r3_make(sd, response);
1635 rsplen = 4;
1636 break;
1637
1638 case sd_r6:
1639 sd_response_r6_make(sd, response);
1640 rsplen = 4;
1641 break;
1642
1b088995
AZ		 1643 case sd_r7:
1644 sd_response_r7_make(sd, response);
1645 rsplen = 4;
1646 break;
1647
a1bb27b1 1648 case sd_r0:
53bb8cc4 1649 case sd_illegal:
a1bb27b1
PB		 1650 rsplen = 0;
1651 break;
55921932
PMD		 1652 default:
1653 g_assert_not_reached();
a1bb27b1 1654 }
55921932 1655 trace_sdcard_response(sd_response_name(rtype), rsplen);
a1bb27b1 1656
10a412da
PM		 1657 if (rtype != sd_illegal) {
1658 /* Clear the "clear on valid command" status bits now we've
1659 * sent any response
1660 */
1661 sd->card_status &= ~CARD_STATUS_B;
1662 }
1663
a1bb27b1 1664#ifdef DEBUG_SD
5cd5e2e7 1665 qemu_hexdump((const char *)response, stderr, "Response", rsplen);
a1bb27b1
PB		 1666#endif
1667
1668 return rsplen;
1669}
1670
2d7adea4 1671static void sd_blk_read(SDState *sd, uint64_t addr, uint32_t len)
a1bb27b1 1672{
1b640aa9 1673 trace_sdcard_read_block(addr, len);
12c125cb 1674 if (!sd->blk || blk_pread(sd->blk, addr, sd->data, len) < 0) {
827df9f3 1675 fprintf(stderr, "sd_blk_read: read error on host side\n");
a1bb27b1 1676 }
a1bb27b1
PB		 1677}
1678
2d7adea4 1679static void sd_blk_write(SDState *sd, uint64_t addr, uint32_t len)
a1bb27b1 1680{
1b640aa9 1681 trace_sdcard_write_block(addr, len);
12c125cb
EB		 1682 if (!sd->blk || blk_pwrite(sd->blk, addr, sd->data, len, 0) < 0) {
1683 fprintf(stderr, "sd_blk_write: write error on host side\n");
a1bb27b1
PB		 1684 }
1685}
1686
33f00271
AZ		 1687#define BLK_READ_BLOCK(a, len) sd_blk_read(sd, a, len)
1688#define BLK_WRITE_BLOCK(a, len) sd_blk_write(sd, a, len)
a1bb27b1
PB		 1689#define APP_READ_BLOCK(a, len) memset(sd->data, 0xec, len)
1690#define APP_WRITE_BLOCK(a, len)
1691
1692void sd_write_data(SDState *sd, uint8_t value)
1693{
1694 int i;
1695
4be74634 1696 if (!sd->blk || !blk_is_inserted(sd->blk) || !sd->enable)
a1bb27b1
PB		 1697 return;
1698
1699 if (sd->state != sd_receivingdata_state) {
9800ad88
AB		 1700 qemu_log_mask(LOG_GUEST_ERROR,
1701 "sd_write_data: not in Receiving-Data state\n");
a1bb27b1
PB		 1702 return;
1703 }
1704
1705 if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION))
1706 return;
1707
814b2adc 1708 trace_sdcard_write_data(sd->current_cmd, value);
a1bb27b1
PB		 1709 switch (sd->current_cmd) {
1710 case 24: /* CMD24: WRITE_SINGLE_BLOCK */
1711 sd->data[sd->data_offset ++] = value;
1712 if (sd->data_offset >= sd->blk_len) {
1713 /* TODO: Check CRC before committing */
1714 sd->state = sd_programming_state;
1715 BLK_WRITE_BLOCK(sd->data_start, sd->data_offset);
1716 sd->blk_written ++;
1717 sd->csd[14] |= 0x40;
1718 /* Bzzzzzzztt .... Operation complete. */
1719 sd->state = sd_transfer_state;
1720 }
1721 break;
1722
1723 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
33fa8234 1724 if (sd->data_offset == 0) {
e03ba136 1725 /* Start of the block - let's check the address is valid */
a1bb27b1
PB		 1726 if (sd->data_start + sd->blk_len > sd->size) {
1727 sd->card_status |= ADDRESS_ERROR;
1728 break;
1729 }
1730 if (sd_wp_addr(sd, sd->data_start)) {
1731 sd->card_status |= WP_VIOLATION;
1732 break;
1733 }
33fa8234
DDAG		 1734 }
1735 sd->data[sd->data_offset++] = value;
1736 if (sd->data_offset >= sd->blk_len) {
1737 /* TODO: Check CRC before committing */
1738 sd->state = sd_programming_state;
1739 BLK_WRITE_BLOCK(sd->data_start, sd->data_offset);
1740 sd->blk_written++;
1741 sd->data_start += sd->blk_len;
1742 sd->data_offset = 0;
a1bb27b1
PB		 1743 sd->csd[14] |= 0x40;
1744
1745 /* Bzzzzzzztt .... Operation complete. */
4481bbc7
AB		 1746 if (sd->multi_blk_cnt != 0) {
1747 if (--sd->multi_blk_cnt == 0) {
1748 /* Stop! */
1749 sd->state = sd_transfer_state;
1750 break;
1751 }
1752 }
1753
a1bb27b1
PB		 1754 sd->state = sd_receivingdata_state;
1755 }
1756 break;
1757
1758 case 26: /* CMD26: PROGRAM_CID */
1759 sd->data[sd->data_offset ++] = value;
1760 if (sd->data_offset >= sizeof(sd->cid)) {
1761 /* TODO: Check CRC before committing */
1762 sd->state = sd_programming_state;
1763 for (i = 0; i < sizeof(sd->cid); i ++)
1764 if ((sd->cid[i] | 0x00) != sd->data[i])
1765 sd->card_status |= CID_CSD_OVERWRITE;
1766
1767 if (!(sd->card_status & CID_CSD_OVERWRITE))
1768 for (i = 0; i < sizeof(sd->cid); i ++) {
1769 sd->cid[i] |= 0x00;
1770 sd->cid[i] &= sd->data[i];
1771 }
1772 /* Bzzzzzzztt .... Operation complete. */
1773 sd->state = sd_transfer_state;
1774 }
1775 break;
1776
1777 case 27: /* CMD27: PROGRAM_CSD */
1778 sd->data[sd->data_offset ++] = value;
1779 if (sd->data_offset >= sizeof(sd->csd)) {
1780 /* TODO: Check CRC before committing */
1781 sd->state = sd_programming_state;
1782 for (i = 0; i < sizeof(sd->csd); i ++)
1783 if ((sd->csd[i] | sd_csd_rw_mask[i]) !=
1784 (sd->data[i] | sd_csd_rw_mask[i]))
1785 sd->card_status |= CID_CSD_OVERWRITE;
1786
1787 /* Copy flag (OTP) & Permanent write protect */
1788 if (sd->csd[14] & ~sd->data[14] & 0x60)
1789 sd->card_status |= CID_CSD_OVERWRITE;
1790
1791 if (!(sd->card_status & CID_CSD_OVERWRITE))
1792 for (i = 0; i < sizeof(sd->csd); i ++) {
1793 sd->csd[i] |= sd_csd_rw_mask[i];
1794 sd->csd[i] &= sd->data[i];
1795 }
1796 /* Bzzzzzzztt .... Operation complete. */
1797 sd->state = sd_transfer_state;
1798 }
1799 break;
1800
1801 case 42: /* CMD42: LOCK_UNLOCK */
1802 sd->data[sd->data_offset ++] = value;
1803 if (sd->data_offset >= sd->blk_len) {
1804 /* TODO: Check CRC before committing */
1805 sd->state = sd_programming_state;
1806 sd_lock_command(sd);
1807 /* Bzzzzzzztt .... Operation complete. */
1808 sd->state = sd_transfer_state;
1809 }
1810 break;
1811
1812 case 56: /* CMD56: GEN_CMD */
1813 sd->data[sd->data_offset ++] = value;
1814 if (sd->data_offset >= sd->blk_len) {
1815 APP_WRITE_BLOCK(sd->data_start, sd->data_offset);
1816 sd->state = sd_transfer_state;
1817 }
1818 break;
1819
1820 default:
9800ad88 1821 qemu_log_mask(LOG_GUEST_ERROR, "sd_write_data: unknown command\n");
a1bb27b1
PB		 1822 break;
1823 }
1824}
1825
1826uint8_t sd_read_data(SDState *sd)
1827{
1828 /* TODO: Append CRCs */
1829 uint8_t ret;
2d7adea4 1830 int io_len;
a1bb27b1 1831
4be74634 1832 if (!sd->blk || !blk_is_inserted(sd->blk) || !sd->enable)
a1bb27b1
PB		 1833 return 0x00;
1834
1835 if (sd->state != sd_sendingdata_state) {
9800ad88
AB		 1836 qemu_log_mask(LOG_GUEST_ERROR,
1837 "sd_read_data: not in Sending-Data state\n");
a1bb27b1
PB		 1838 return 0x00;
1839 }
1840
1841 if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION))
1842 return 0x00;
1843
2d7adea4
AZ		 1844 io_len = (sd->ocr & (1 << 30)) ? 512 : sd->blk_len;
1845
814b2adc 1846 trace_sdcard_read_data(sd->current_cmd, io_len);
a1bb27b1
PB		 1847 switch (sd->current_cmd) {
1848 case 6: /* CMD6: SWITCH_FUNCTION */
1849 ret = sd->data[sd->data_offset ++];
1850
1851 if (sd->data_offset >= 64)
1852 sd->state = sd_transfer_state;
1853 break;
1854
775616c3
PB		 1855 case 9: /* CMD9: SEND_CSD */
1856 case 10: /* CMD10: SEND_CID */
1857 ret = sd->data[sd->data_offset ++];
1858
1859 if (sd->data_offset >= 16)
1860 sd->state = sd_transfer_state;
1861 break;
1862
a1bb27b1
PB		 1863 case 11: /* CMD11: READ_DAT_UNTIL_STOP */
1864 if (sd->data_offset == 0)
2d7adea4 1865 BLK_READ_BLOCK(sd->data_start, io_len);
a1bb27b1
PB		 1866 ret = sd->data[sd->data_offset ++];
1867
2d7adea4
AZ		 1868 if (sd->data_offset >= io_len) {
1869 sd->data_start += io_len;
a1bb27b1 1870 sd->data_offset = 0;
2d7adea4 1871 if (sd->data_start + io_len > sd->size) {
a1bb27b1
PB		 1872 sd->card_status |= ADDRESS_ERROR;
1873 break;
1874 }
1875 }
1876 break;
1877
1878 case 13: /* ACMD13: SD_STATUS */
1879 ret = sd->sd_status[sd->data_offset ++];
1880
1881 if (sd->data_offset >= sizeof(sd->sd_status))
1882 sd->state = sd_transfer_state;
1883 break;
1884
1885 case 17: /* CMD17: READ_SINGLE_BLOCK */
1886 if (sd->data_offset == 0)
2d7adea4 1887 BLK_READ_BLOCK(sd->data_start, io_len);
a1bb27b1
PB		 1888 ret = sd->data[sd->data_offset ++];
1889
2d7adea4 1890 if (sd->data_offset >= io_len)
a1bb27b1
PB		 1891 sd->state = sd_transfer_state;
1892 break;
1893
1894 case 18: /* CMD18: READ_MULTIPLE_BLOCK */
8573378e
MO		 1895 if (sd->data_offset == 0) {
1896 if (sd->data_start + io_len > sd->size) {
1897 sd->card_status |= ADDRESS_ERROR;
1898 return 0x00;
1899 }
2d7adea4 1900 BLK_READ_BLOCK(sd->data_start, io_len);
8573378e 1901 }
a1bb27b1
PB		 1902 ret = sd->data[sd->data_offset ++];
1903
2d7adea4
AZ		 1904 if (sd->data_offset >= io_len) {
1905 sd->data_start += io_len;
a1bb27b1 1906 sd->data_offset = 0;
4481bbc7
AB		 1907
1908 if (sd->multi_blk_cnt != 0) {
1909 if (--sd->multi_blk_cnt == 0) {
1910 /* Stop! */
1911 sd->state = sd_transfer_state;
1912 break;
1913 }
1914 }
a1bb27b1
PB		 1915 }
1916 break;
1917
1918 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
1919 ret = sd->data[sd->data_offset ++];
1920
1921 if (sd->data_offset >= 4)
1922 sd->state = sd_transfer_state;
1923 break;
1924
1925 case 30: /* CMD30: SEND_WRITE_PROT */
1926 ret = sd->data[sd->data_offset ++];
1927
1928 if (sd->data_offset >= 4)
1929 sd->state = sd_transfer_state;
1930 break;
1931
1932 case 51: /* ACMD51: SEND_SCR */
1933 ret = sd->scr[sd->data_offset ++];
1934
1935 if (sd->data_offset >= sizeof(sd->scr))
1936 sd->state = sd_transfer_state;
1937 break;
1938
1939 case 56: /* CMD56: GEN_CMD */
1940 if (sd->data_offset == 0)
1941 APP_READ_BLOCK(sd->data_start, sd->blk_len);
1942 ret = sd->data[sd->data_offset ++];
1943
1944 if (sd->data_offset >= sd->blk_len)
1945 sd->state = sd_transfer_state;
1946 break;
1947
1948 default:
9800ad88 1949 qemu_log_mask(LOG_GUEST_ERROR, "sd_read_data: unknown command\n");
a1bb27b1
PB		 1950 return 0x00;
1951 }
1952
1953 return ret;
1954}
1955
879bf4a7 1956bool sd_data_ready(SDState *sd)
a1bb27b1
PB		 1957{
1958 return sd->state == sd_sendingdata_state;
1959}
827df9f3 1960
bebd1271 1961void sd_enable(SDState *sd, bool enable)
827df9f3
AZ		 1962{
1963 sd->enable = enable;
1964}
260bc9d8
PM		 1965
1966static void sd_instance_init(Object *obj)
1967{
1968 SDState *sd = SD_CARD(obj);
1969
1970 sd->enable = true;
dd26eb43 1971 sd->ocr_power_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, sd_ocr_powerup, sd);
260bc9d8
PM		 1972}
1973
5ba34401
MAL		 1974static void sd_instance_finalize(Object *obj)
1975{
1976 SDState *sd = SD_CARD(obj);
1977
1978 timer_del(sd->ocr_power_timer);
1979 timer_free(sd->ocr_power_timer);
1980}
1981
260bc9d8
PM		 1982static void sd_realize(DeviceState *dev, Error **errp)
1983{
1984 SDState *sd = SD_CARD(dev);
a17c17a2 1985 int ret;
260bc9d8
PM		 1986
1987 if (sd->blk && blk_is_read_only(sd->blk)) {
1988 error_setg(errp, "Cannot use read-only drive as SD card");
1989 return;
1990 }
1991
260bc9d8 1992 if (sd->blk) {
a17c17a2
KW		 1993 ret = blk_set_perm(sd->blk, BLK_PERM_CONSISTENT_READ | BLK_PERM_WRITE,
1994 BLK_PERM_ALL, errp);
1995 if (ret < 0) {
1996 return;
1997 }
260bc9d8
PM		 1998 blk_set_dev_ops(sd->blk, &sd_block_ops, sd);
1999 }
260bc9d8
PM		 2000}
2001
2002static Property sd_properties[] = {
2003 DEFINE_PROP_DRIVE("drive", SDState, blk),
2004 /* We do not model the chip select pin, so allow the board to select
2005 * whether card should be in SSI or MMC/SD mode. It is also up to the
2006 * board to ensure that ssi transfers only occur when the chip select
2007 * is asserted. */
2008 DEFINE_PROP_BOOL("spi", SDState, spi, false),
2009 DEFINE_PROP_END_OF_LIST()
2010};
2011
2012static void sd_class_init(ObjectClass *klass, void *data)
2013{
2014 DeviceClass *dc = DEVICE_CLASS(klass);
c759a790 2015 SDCardClass *sc = SD_CARD_CLASS(klass);
260bc9d8
PM		 2016
2017 dc->realize = sd_realize;
2018 dc->props = sd_properties;
2019 dc->vmsd = &sd_vmstate;
ba3ed0fa 2020 dc->reset = sd_reset;
c759a790
PM		 2021 dc->bus_type = TYPE_SD_BUS;
2022
0034ebe6 2023 sc->set_voltage = sd_set_voltage;
da346922
PMD		 2024 sc->get_dat_lines = sd_get_dat_lines;
2025 sc->get_cmd_line = sd_get_cmd_line;
c759a790
PM		 2026 sc->do_command = sd_do_command;
2027 sc->write_data = sd_write_data;
2028 sc->read_data = sd_read_data;
2029 sc->data_ready = sd_data_ready;
2030 sc->enable = sd_enable;
2031 sc->get_inserted = sd_get_inserted;
2032 sc->get_readonly = sd_get_readonly;
260bc9d8
PM		 2033}
2034
2035static const TypeInfo sd_info = {
2036 .name = TYPE_SD_CARD,
2037 .parent = TYPE_DEVICE,
2038 .instance_size = sizeof(SDState),
c759a790 2039 .class_size = sizeof(SDCardClass),
260bc9d8
PM		 2040 .class_init = sd_class_init,
2041 .instance_init = sd_instance_init,
5ba34401 2042 .instance_finalize = sd_instance_finalize,
260bc9d8
PM		 2043};
2044
2045static void sd_register_types(void)
2046{
2047 type_register_static(&sd_info);
2048}
2049
2050type_init(sd_register_types)
Empty description
This page took 1.22525 seconds and 4 git commands to generate.