]> Git Repo - qemu.git/blame - hw/sd/sd.c
projects / qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
vmport: Disentangle read handler type from portio
[qemu.git] / hw / sd / sd.c
CommitLineData
5fafdf24 1/*
a1bb27b1
PB		 2 * SD Memory Card emulation as defined in the "SD Memory Card Physical
3 * layer specification, Version 1.10."
4 *
5 * Copyright (c) 2006 Andrzej Zaborowski <[email protected]>
6 * Copyright (c) 2007 CodeSourcery
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in
16 * the documentation and/or other materials provided with the
17 * distribution.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS''
20 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
21 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
22 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR
23 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
24 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
25 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
26 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
27 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
28 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
29 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
30 */
31
83c9f4ca 32#include "hw/hw.h"
737e150e 33#include "block/block.h"
83c9f4ca 34#include "hw/sd.h"
1de7afc9 35#include "qemu/bitmap.h"
a1bb27b1
PB		 36
37//#define DEBUG_SD 1
38
39#ifdef DEBUG_SD
001faf32
BS		 40#define DPRINTF(fmt, ...) \
41do { fprintf(stderr, "SD: " fmt , ## __VA_ARGS__); } while (0)
a1bb27b1 42#else
001faf32 43#define DPRINTF(fmt, ...) do {} while(0)
a1bb27b1
PB		 44#endif
45
37ab4a56
PC		 46#define ACMD41_ENQUIRY_MASK 0x00ffffff
47
a1bb27b1
PB		 48typedef enum {
49 sd_r0 = 0, /* no response */
50 sd_r1, /* normal response command */
51 sd_r2_i, /* CID register */
52 sd_r2_s, /* CSD register */
53 sd_r3, /* OCR register */
54 sd_r6 = 6, /* Published RCA response */
1b088995 55 sd_r7, /* Operating voltage */
a1bb27b1 56 sd_r1b = -1,
53bb8cc4 57 sd_illegal = -2,
c227f099 58} sd_rsp_type_t;
a1bb27b1 59
50a5be6c
IM		 60enum SDCardModes {
61 sd_inactive,
62 sd_card_identification_mode,
63 sd_data_transfer_mode,
64};
65
66enum SDCardStates {
67 sd_inactive_state = -1,
68 sd_idle_state = 0,
69 sd_ready_state,
70 sd_identification_state,
71 sd_standby_state,
72 sd_transfer_state,
73 sd_sendingdata_state,
74 sd_receivingdata_state,
75 sd_programming_state,
76 sd_disconnect_state,
77};
78
a1bb27b1 79struct SDState {
50a5be6c
IM		 80 uint32_t mode; /* current card mode, one of SDCardModes */
81 int32_t state; /* current card state, one of SDCardStates */
a1bb27b1
PB		 82 uint32_t ocr;
83 uint8_t scr[8];
84 uint8_t cid[16];
85 uint8_t csd[16];
86 uint16_t rca;
87 uint32_t card_status;
88 uint8_t sd_status[64];
1b088995 89 uint32_t vhs;
bebd1271 90 bool wp_switch;
a9c01830 91 unsigned long *wp_groups;
50a5be6c 92 int32_t wpgrps_size;
2d7adea4 93 uint64_t size;
50a5be6c 94 uint32_t blk_len;
a1bb27b1
PB		 95 uint32_t erase_start;
96 uint32_t erase_end;
97 uint8_t pwd[16];
50a5be6c
IM		 98 uint32_t pwd_len;
99 uint8_t function_group[6];
a1bb27b1 100
bebd1271 101 bool spi;
50a5be6c 102 uint8_t current_cmd;
1d06cb7a
PM		 103 /* True if we will handle the next command as an ACMD. Note that this does
104 * *not* track the APP_CMD status bit!
105 */
bebd1271 106 bool expecting_acmd;
50a5be6c 107 uint32_t blk_written;
2d7adea4 108 uint64_t data_start;
a1bb27b1
PB		 109 uint32_t data_offset;
110 uint8_t data[512];
02ce600c
AZ		 111 qemu_irq readonly_cb;
112 qemu_irq inserted_cb;
a1bb27b1 113 BlockDriverState *bdrv;
33f00271 114 uint8_t *buf;
827df9f3 115
bebd1271 116 bool enable;
a1bb27b1
PB		 117};
118
10a412da 119static void sd_set_mode(SDState *sd)
a1bb27b1
PB		 120{
121 switch (sd->state) {
122 case sd_inactive_state:
123 sd->mode = sd_inactive;
124 break;
125
126 case sd_idle_state:
127 case sd_ready_state:
128 case sd_identification_state:
129 sd->mode = sd_card_identification_mode;
130 break;
131
132 case sd_standby_state:
133 case sd_transfer_state:
134 case sd_sendingdata_state:
135 case sd_receivingdata_state:
136 case sd_programming_state:
137 case sd_disconnect_state:
138 sd->mode = sd_data_transfer_mode;
139 break;
140 }
a1bb27b1
PB		 141}
142
c227f099 143static const sd_cmd_type_t sd_cmd_type[64] = {
a1bb27b1 144 sd_bc, sd_none, sd_bcr, sd_bcr, sd_none, sd_none, sd_none, sd_ac,
1b088995 145 sd_bcr, sd_ac, sd_ac, sd_adtc, sd_ac, sd_ac, sd_none, sd_ac,
a1bb27b1
PB		 146 sd_ac, sd_adtc, sd_adtc, sd_none, sd_none, sd_none, sd_none, sd_none,
147 sd_adtc, sd_adtc, sd_adtc, sd_adtc, sd_ac, sd_ac, sd_adtc, sd_none,
148 sd_ac, sd_ac, sd_none, sd_none, sd_none, sd_none, sd_ac, sd_none,
149 sd_none, sd_none, sd_bc, sd_none, sd_none, sd_none, sd_none, sd_none,
150 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_ac,
151 sd_adtc, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
152};
153
c227f099 154static const sd_cmd_type_t sd_acmd_type[64] = {
a1bb27b1
PB		 155 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_ac, sd_none,
156 sd_none, sd_none, sd_none, sd_none, sd_none, sd_adtc, sd_none, sd_none,
157 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_adtc, sd_ac,
158 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
159 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
160 sd_none, sd_bcr, sd_ac, sd_none, sd_none, sd_none, sd_none, sd_none,
161 sd_none, sd_none, sd_none, sd_adtc, sd_none, sd_none, sd_none, sd_none,
162 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
163};
164
165static const int sd_cmd_class[64] = {
166 0, 0, 0, 0, 0, 9, 10, 0, 0, 0, 0, 1, 0, 0, 0, 0,
167 2, 2, 2, 2, 3, 3, 3, 3, 4, 4, 4, 4, 6, 6, 6, 6,
168 5, 5, 10, 10, 10, 10, 5, 9, 9, 9, 7, 7, 7, 7, 7, 7,
169 7, 7, 10, 7, 9, 9, 9, 8, 8, 10, 8, 8, 8, 8, 8, 8,
170};
171
172static uint8_t sd_crc7(void *message, size_t width)
173{
174 int i, bit;
175 uint8_t shift_reg = 0x00;
176 uint8_t *msg = (uint8_t *) message;
177
178 for (i = 0; i < width; i ++, msg ++)
179 for (bit = 7; bit >= 0; bit --) {
180 shift_reg <<= 1;
181 if ((shift_reg >> 7) ^ ((*msg >> bit) & 1))
182 shift_reg ^= 0x89;
183 }
184
185 return shift_reg;
186}
187
188static uint16_t sd_crc16(void *message, size_t width)
189{
190 int i, bit;
191 uint16_t shift_reg = 0x0000;
192 uint16_t *msg = (uint16_t *) message;
193 width <<= 1;
194
195 for (i = 0; i < width; i ++, msg ++)
196 for (bit = 15; bit >= 0; bit --) {
197 shift_reg <<= 1;
198 if ((shift_reg >> 15) ^ ((*msg >> bit) & 1))
199 shift_reg ^= 0x1011;
200 }
201
202 return shift_reg;
203}
204
205static void sd_set_ocr(SDState *sd)
206{
1b088995 207 /* All voltages OK, card power-up OK, Standard Capacity SD Memory Card */
829ef7b0 208 sd->ocr = 0x80ffff00;
a1bb27b1
PB		 209}
210
211static void sd_set_scr(SDState *sd)
212{
213 sd->scr[0] = 0x00; /* SCR Structure */
214 sd->scr[1] = 0x2f; /* SD Security Support */
215 sd->scr[2] = 0x00;
216 sd->scr[3] = 0x00;
217 sd->scr[4] = 0x00;
218 sd->scr[5] = 0x00;
219 sd->scr[6] = 0x00;
220 sd->scr[7] = 0x00;
221}
222
223#define MID 0xaa
224#define OID "XY"
225#define PNM "QEMU!"
226#define PRV 0x01
227#define MDT_YR 2006
228#define MDT_MON 2
229
230static void sd_set_cid(SDState *sd)
231{
232 sd->cid[0] = MID; /* Fake card manufacturer ID (MID) */
233 sd->cid[1] = OID[0]; /* OEM/Application ID (OID) */
234 sd->cid[2] = OID[1];
235 sd->cid[3] = PNM[0]; /* Fake product name (PNM) */
236 sd->cid[4] = PNM[1];
237 sd->cid[5] = PNM[2];
238 sd->cid[6] = PNM[3];
239 sd->cid[7] = PNM[4];
240 sd->cid[8] = PRV; /* Fake product revision (PRV) */
241 sd->cid[9] = 0xde; /* Fake serial number (PSN) */
242 sd->cid[10] = 0xad;
243 sd->cid[11] = 0xbe;
244 sd->cid[12] = 0xef;
245 sd->cid[13] = 0x00 | /* Manufacture date (MDT) */
246 ((MDT_YR - 2000) / 10);
247 sd->cid[14] = ((MDT_YR % 10) << 4) | MDT_MON;
248 sd->cid[15] = (sd_crc7(sd->cid, 15) << 1) | 1;
249}
250
251#define HWBLOCK_SHIFT 9 /* 512 bytes */
252#define SECTOR_SHIFT 5 /* 16 kilobytes */
253#define WPGROUP_SHIFT 7 /* 2 megs */
254#define CMULT_SHIFT 9 /* 512 times HWBLOCK_SIZE */
a1bb27b1
PB		 255#define WPGROUP_SIZE (1 << (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT))
256
257static const uint8_t sd_csd_rw_mask[16] = {
258 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
259 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xfc, 0xfe,
260};
261
2d7adea4 262static void sd_set_csd(SDState *sd, uint64_t size)
a1bb27b1
PB		 263{
264 uint32_t csize = (size >> (CMULT_SHIFT + HWBLOCK_SHIFT)) - 1;
265 uint32_t sectsize = (1 << (SECTOR_SHIFT + 1)) - 1;
266 uint32_t wpsize = (1 << (WPGROUP_SHIFT + 1)) - 1;
267
2d7adea4
AZ		 268 if (size <= 0x40000000) { /* Standard Capacity SD */
269 sd->csd[0] = 0x00; /* CSD structure */
270 sd->csd[1] = 0x26; /* Data read access-time-1 */
271 sd->csd[2] = 0x00; /* Data read access-time-2 */
272 sd->csd[3] = 0x5a; /* Max. data transfer rate */
273 sd->csd[4] = 0x5f; /* Card Command Classes */
274 sd->csd[5] = 0x50 | /* Max. read data block length */
275 HWBLOCK_SHIFT;
276 sd->csd[6] = 0xe0 | /* Partial block for read allowed */
277 ((csize >> 10) & 0x03);
278 sd->csd[7] = 0x00 | /* Device size */
279 ((csize >> 2) & 0xff);
280 sd->csd[8] = 0x3f | /* Max. read current */
281 ((csize << 6) & 0xc0);
282 sd->csd[9] = 0xfc | /* Max. write current */
283 ((CMULT_SHIFT - 2) >> 1);
284 sd->csd[10] = 0x40 | /* Erase sector size */
285 (((CMULT_SHIFT - 2) << 7) & 0x80) | (sectsize >> 1);
286 sd->csd[11] = 0x00 | /* Write protect group size */
287 ((sectsize << 7) & 0x80) | wpsize;
288 sd->csd[12] = 0x90 | /* Write speed factor */
289 (HWBLOCK_SHIFT >> 2);
290 sd->csd[13] = 0x20 | /* Max. write data block length */
291 ((HWBLOCK_SHIFT << 6) & 0xc0);
292 sd->csd[14] = 0x00; /* File format group */
293 sd->csd[15] = (sd_crc7(sd->csd, 15) << 1) | 1;
294 } else { /* SDHC */
295 size /= 512 * 1024;
296 size -= 1;
297 sd->csd[0] = 0x40;
298 sd->csd[1] = 0x0e;
299 sd->csd[2] = 0x00;
300 sd->csd[3] = 0x32;
301 sd->csd[4] = 0x5b;
302 sd->csd[5] = 0x59;
303 sd->csd[6] = 0x00;
304 sd->csd[7] = (size >> 16) & 0xff;
305 sd->csd[8] = (size >> 8) & 0xff;
306 sd->csd[9] = (size & 0xff);
307 sd->csd[10] = 0x7f;
308 sd->csd[11] = 0x80;
309 sd->csd[12] = 0x0a;
310 sd->csd[13] = 0x40;
311 sd->csd[14] = 0x00;
312 sd->csd[15] = 0x00;
e03ba136 313 sd->ocr |= 1 << 30; /* High Capacity SD Memory Card */
2d7adea4 314 }
a1bb27b1
PB		 315}
316
317static void sd_set_rca(SDState *sd)
318{
319 sd->rca += 0x4567;
320}
321
b8d334c8
PM		 322/* Card status bits, split by clear condition:
323 * A : According to the card current state
324 * B : Always related to the previous command
325 * C : Cleared by read
326 */
a1bb27b1
PB		 327#define CARD_STATUS_A 0x02004100
328#define CARD_STATUS_B 0x00c01e00
329#define CARD_STATUS_C 0xfd39a028
330
331static void sd_set_cardstatus(SDState *sd)
332{
333 sd->card_status = 0x00000100;
334}
335
336static void sd_set_sdstatus(SDState *sd)
337{
338 memset(sd->sd_status, 0, 64);
339}
340
bc24a225 341static int sd_req_crc_validate(SDRequest *req)
a1bb27b1
PB		 342{
343 uint8_t buffer[5];
344 buffer[0] = 0x40 | req->cmd;
345 buffer[1] = (req->arg >> 24) & 0xff;
346 buffer[2] = (req->arg >> 16) & 0xff;
347 buffer[3] = (req->arg >> 8) & 0xff;
348 buffer[4] = (req->arg >> 0) & 0xff;
349 return 0;
350 return sd_crc7(buffer, 5) != req->crc; /* TODO */
351}
352
10a412da 353static void sd_response_r1_make(SDState *sd, uint8_t *response)
a1bb27b1 354{
10a412da 355 uint32_t status = sd->card_status;
1d06cb7a
PM		 356 /* Clear the "clear on read" status bits */
357 sd->card_status &= ~CARD_STATUS_C;
a1bb27b1
PB		 358
359 response[0] = (status >> 24) & 0xff;
360 response[1] = (status >> 16) & 0xff;
361 response[2] = (status >> 8) & 0xff;
362 response[3] = (status >> 0) & 0xff;
363}
364
9596ebb7 365static void sd_response_r3_make(SDState *sd, uint8_t *response)
a1bb27b1
PB		 366{
367 response[0] = (sd->ocr >> 24) & 0xff;
368 response[1] = (sd->ocr >> 16) & 0xff;
369 response[2] = (sd->ocr >> 8) & 0xff;
370 response[3] = (sd->ocr >> 0) & 0xff;
371}
372
9596ebb7 373static void sd_response_r6_make(SDState *sd, uint8_t *response)
a1bb27b1
PB		 374{
375 uint16_t arg;
376 uint16_t status;
377
378 arg = sd->rca;
379 status = ((sd->card_status >> 8) & 0xc000) |
380 ((sd->card_status >> 6) & 0x2000) |
381 (sd->card_status & 0x1fff);
fcfa9351 382 sd->card_status &= ~(CARD_STATUS_C & 0xc81fff);
a1bb27b1
PB		 383
384 response[0] = (arg >> 8) & 0xff;
385 response[1] = arg & 0xff;
386 response[2] = (status >> 8) & 0xff;
387 response[3] = status & 0xff;
388}
389
1b088995
AZ		 390static void sd_response_r7_make(SDState *sd, uint8_t *response)
391{
392 response[0] = (sd->vhs >> 24) & 0xff;
393 response[1] = (sd->vhs >> 16) & 0xff;
394 response[2] = (sd->vhs >> 8) & 0xff;
395 response[3] = (sd->vhs >> 0) & 0xff;
396}
397
b7202b88
MI		 398static inline uint64_t sd_addr_to_wpnum(uint64_t addr)
399{
400 return addr >> (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT);
401}
402
a1bb27b1
PB		 403static void sd_reset(SDState *sd, BlockDriverState *bdrv)
404{
2d7adea4 405 uint64_t size;
a1bb27b1
PB		 406 uint64_t sect;
407
03f311ed
PB		 408 if (bdrv) {
409 bdrv_get_geometry(bdrv, &sect);
410 } else {
411 sect = 0;
412 }
5e37141b 413 size = sect << 9;
a1bb27b1 414
b7202b88 415 sect = sd_addr_to_wpnum(size) + 1;
a1bb27b1
PB		 416
417 sd->state = sd_idle_state;
418 sd->rca = 0x0000;
419 sd_set_ocr(sd);
420 sd_set_scr(sd);
421 sd_set_cid(sd);
422 sd_set_csd(sd, size);
423 sd_set_cardstatus(sd);
424 sd_set_sdstatus(sd);
425
426 sd->bdrv = bdrv;
427
257514dd 428 if (sd->wp_groups)
7267c094 429 g_free(sd->wp_groups);
bebd1271 430 sd->wp_switch = bdrv ? bdrv_is_read_only(bdrv) : false;
50a5be6c
IM		 431 sd->wpgrps_size = sect;
432 sd->wp_groups = bitmap_new(sd->wpgrps_size);
433 memset(sd->function_group, 0, sizeof(sd->function_group));
a1bb27b1
PB		 434 sd->erase_start = 0;
435 sd->erase_end = 0;
436 sd->size = size;
437 sd->blk_len = 0x200;
438 sd->pwd_len = 0;
bebd1271 439 sd->expecting_acmd = false;
a1bb27b1
PB		 440}
441
7d4b4ba5 442static void sd_cardchange(void *opaque, bool load)
a1bb27b1
PB		 443{
444 SDState *sd = opaque;
db97ee6a 445
02ce600c 446 qemu_set_irq(sd->inserted_cb, bdrv_is_inserted(sd->bdrv));
a1bb27b1
PB		 447 if (bdrv_is_inserted(sd->bdrv)) {
448 sd_reset(sd, sd->bdrv);
257514dd 449 qemu_set_irq(sd->readonly_cb, sd->wp_switch);
a1bb27b1
PB		 450 }
451}
452
0e49de52 453static const BlockDevOps sd_block_ops = {
145feb17 454 .change_media_cb = sd_cardchange,
0e49de52
MA		 455};
456
50a5be6c
IM		 457static const VMStateDescription sd_vmstate = {
458 .name = "sd-card",
459 .version_id = 1,
460 .minimum_version_id = 1,
461 .fields = (VMStateField[]) {
462 VMSTATE_UINT32(mode, SDState),
463 VMSTATE_INT32(state, SDState),
464 VMSTATE_UINT8_ARRAY(cid, SDState, 16),
465 VMSTATE_UINT8_ARRAY(csd, SDState, 16),
466 VMSTATE_UINT16(rca, SDState),
467 VMSTATE_UINT32(card_status, SDState),
468 VMSTATE_PARTIAL_BUFFER(sd_status, SDState, 1),
469 VMSTATE_UINT32(vhs, SDState),
470 VMSTATE_BITMAP(wp_groups, SDState, 0, wpgrps_size),
471 VMSTATE_UINT32(blk_len, SDState),
472 VMSTATE_UINT32(erase_start, SDState),
473 VMSTATE_UINT32(erase_end, SDState),
474 VMSTATE_UINT8_ARRAY(pwd, SDState, 16),
475 VMSTATE_UINT32(pwd_len, SDState),
476 VMSTATE_UINT8_ARRAY(function_group, SDState, 6),
477 VMSTATE_UINT8(current_cmd, SDState),
478 VMSTATE_BOOL(expecting_acmd, SDState),
479 VMSTATE_UINT32(blk_written, SDState),
480 VMSTATE_UINT64(data_start, SDState),
481 VMSTATE_UINT32(data_offset, SDState),
482 VMSTATE_UINT8_ARRAY(data, SDState, 512),
5f00679e 483 VMSTATE_BUFFER_POINTER_UNSAFE(buf, SDState, 1, 512),
50a5be6c
IM		 484 VMSTATE_BOOL(enable, SDState),
485 VMSTATE_END_OF_LIST()
486 }
487};
488
775616c3 489/* We do not model the chip select pin, so allow the board to select
8ef6367e 490 whether card should be in SSI or MMC/SD mode. It is also up to the
775616c3
PB		 491 board to ensure that ssi transfers only occur when the chip select
492 is asserted. */
bebd1271 493SDState *sd_init(BlockDriverState *bs, bool is_spi)
a1bb27b1
PB		 494{
495 SDState *sd;
496
7267c094 497 sd = (SDState *) g_malloc0(sizeof(SDState));
72aef731 498 sd->buf = qemu_blockalign(bs, 512);
775616c3 499 sd->spi = is_spi;
bebd1271 500 sd->enable = true;
a1bb27b1 501 sd_reset(sd, bs);
03f311ed 502 if (sd->bdrv) {
fa879d62 503 bdrv_attach_dev_nofail(sd->bdrv, sd);
0e49de52 504 bdrv_set_dev_ops(sd->bdrv, &sd_block_ops, sd);
03f311ed 505 }
50a5be6c 506 vmstate_register(NULL, -1, &sd_vmstate, sd);
a1bb27b1
PB		 507 return sd;
508}
509
02ce600c 510void sd_set_cb(SDState *sd, qemu_irq readonly, qemu_irq insert)
a1bb27b1 511{
02ce600c
AZ		 512 sd->readonly_cb = readonly;
513 sd->inserted_cb = insert;
0d2e91c1
AJ		 514 qemu_set_irq(readonly, sd->bdrv ? bdrv_is_read_only(sd->bdrv) : 0);
515 qemu_set_irq(insert, sd->bdrv ? bdrv_is_inserted(sd->bdrv) : 0);
a1bb27b1
PB		 516}
517
518static void sd_erase(SDState *sd)
519{
f2d189d3
IM		 520 int i;
521 uint64_t erase_start = sd->erase_start;
522 uint64_t erase_end = sd->erase_end;
523
a1bb27b1
PB		 524 if (!sd->erase_start || !sd->erase_end) {
525 sd->card_status |= ERASE_SEQ_ERROR;
526 return;
527 }
528
f2d189d3
IM		 529 if (extract32(sd->ocr, OCR_CCS_BITN, 1)) {
530 /* High capacity memory card: erase units are 512 byte blocks */
531 erase_start *= 512;
532 erase_end *= 512;
533 }
534
535 erase_start = sd_addr_to_wpnum(erase_start);
536 erase_end = sd_addr_to_wpnum(erase_end);
a1bb27b1
PB		 537 sd->erase_start = 0;
538 sd->erase_end = 0;
539 sd->csd[14] |= 0x40;
540
f2d189d3 541 for (i = erase_start; i <= erase_end; i++) {
a9c01830 542 if (test_bit(i, sd->wp_groups)) {
a1bb27b1 543 sd->card_status |= WP_ERASE_SKIP;
a9c01830
MI		 544 }
545 }
a1bb27b1
PB		 546}
547
2d7adea4 548static uint32_t sd_wpbits(SDState *sd, uint64_t addr)
a1bb27b1
PB		 549{
550 uint32_t i, wpnum;
551 uint32_t ret = 0;
552
b7202b88 553 wpnum = sd_addr_to_wpnum(addr);
a1bb27b1 554
a9c01830
MI		 555 for (i = 0; i < 32; i++, wpnum++, addr += WPGROUP_SIZE) {
556 if (addr < sd->size && test_bit(wpnum, sd->wp_groups)) {
a1bb27b1 557 ret |= (1 << i);
a9c01830
MI		 558 }
559 }
a1bb27b1
PB		 560
561 return ret;
562}
563
564static void sd_function_switch(SDState *sd, uint32_t arg)
565{
566 int i, mode, new_func, crc;
567 mode = !!(arg & 0x80000000);
568
569 sd->data[0] = 0x00; /* Maximum current consumption */
570 sd->data[1] = 0x01;
571 sd->data[2] = 0x80; /* Supported group 6 functions */
572 sd->data[3] = 0x01;
573 sd->data[4] = 0x80; /* Supported group 5 functions */
574 sd->data[5] = 0x01;
575 sd->data[6] = 0x80; /* Supported group 4 functions */
576 sd->data[7] = 0x01;
577 sd->data[8] = 0x80; /* Supported group 3 functions */
578 sd->data[9] = 0x01;
579 sd->data[10] = 0x80; /* Supported group 2 functions */
580 sd->data[11] = 0x43;
581 sd->data[12] = 0x80; /* Supported group 1 functions */
582 sd->data[13] = 0x03;
583 for (i = 0; i < 6; i ++) {
584 new_func = (arg >> (i * 4)) & 0x0f;
585 if (mode && new_func != 0x0f)
586 sd->function_group[i] = new_func;
587 sd->data[14 + (i >> 1)] = new_func << ((i * 4) & 4);
588 }
589 memset(&sd->data[17], 0, 47);
590 crc = sd_crc16(sd->data, 64);
591 sd->data[65] = crc >> 8;
592 sd->data[66] = crc & 0xff;
593}
594
4e8f1be2 595static inline bool sd_wp_addr(SDState *sd, uint64_t addr)
a1bb27b1 596{
b7202b88 597 return test_bit(sd_addr_to_wpnum(addr), sd->wp_groups);
a1bb27b1
PB		 598}
599
600static void sd_lock_command(SDState *sd)
601{
602 int erase, lock, clr_pwd, set_pwd, pwd_len;
603 erase = !!(sd->data[0] & 0x08);
604 lock = sd->data[0] & 0x04;
605 clr_pwd = sd->data[0] & 0x02;
606 set_pwd = sd->data[0] & 0x01;
607
608 if (sd->blk_len > 1)
609 pwd_len = sd->data[1];
610 else
611 pwd_len = 0;
612
613 if (erase) {
614 if (!(sd->card_status & CARD_IS_LOCKED) || sd->blk_len > 1 ||
615 set_pwd || clr_pwd || lock || sd->wp_switch ||
616 (sd->csd[14] & 0x20)) {
617 sd->card_status |= LOCK_UNLOCK_FAILED;
618 return;
619 }
50a5be6c 620 bitmap_zero(sd->wp_groups, sd->wpgrps_size);
a1bb27b1
PB		 621 sd->csd[14] &= ~0x10;
622 sd->card_status &= ~CARD_IS_LOCKED;
623 sd->pwd_len = 0;
624 /* Erasing the entire card here! */
827df9f3 625 fprintf(stderr, "SD: Card force-erased by CMD42\n");
a1bb27b1
PB		 626 return;
627 }
628
629 if (sd->blk_len < 2 + pwd_len ||
630 pwd_len <= sd->pwd_len ||
631 pwd_len > sd->pwd_len + 16) {
632 sd->card_status |= LOCK_UNLOCK_FAILED;
633 return;
634 }
635
636 if (sd->pwd_len && memcmp(sd->pwd, sd->data + 2, sd->pwd_len)) {
637 sd->card_status |= LOCK_UNLOCK_FAILED;
638 return;
639 }
640
641 pwd_len -= sd->pwd_len;
642 if ((pwd_len && !set_pwd) ||
643 (clr_pwd && (set_pwd || lock)) ||
644 (lock && !sd->pwd_len && !set_pwd) ||
645 (!set_pwd && !clr_pwd &&
646 (((sd->card_status & CARD_IS_LOCKED) && lock) ||
647 (!(sd->card_status & CARD_IS_LOCKED) && !lock)))) {
648 sd->card_status |= LOCK_UNLOCK_FAILED;
649 return;
650 }
651
652 if (set_pwd) {
653 memcpy(sd->pwd, sd->data + 2 + sd->pwd_len, pwd_len);
654 sd->pwd_len = pwd_len;
655 }
656
657 if (clr_pwd) {
658 sd->pwd_len = 0;
659 }
660
661 if (lock)
662 sd->card_status |= CARD_IS_LOCKED;
663 else
664 sd->card_status &= ~CARD_IS_LOCKED;
665}
666
c227f099 667static sd_rsp_type_t sd_normal_command(SDState *sd,
bc24a225 668 SDRequest req)
a1bb27b1
PB		 669{
670 uint32_t rca = 0x0000;
2d7adea4 671 uint64_t addr = (sd->ocr & (1 << 30)) ? (uint64_t) req.arg << 9 : req.arg;
a1bb27b1 672
1d06cb7a
PM		 673 /* Not interpreting this as an app command */
674 sd->card_status &= ~APP_CMD;
675
a1bb27b1
PB		 676 if (sd_cmd_type[req.cmd] == sd_ac || sd_cmd_type[req.cmd] == sd_adtc)
677 rca = req.arg >> 16;
678
679 DPRINTF("CMD%d 0x%08x state %d\n", req.cmd, req.arg, sd->state);
680 switch (req.cmd) {
681 /* Basic commands (Class 0 and Class 1) */
682 case 0: /* CMD0: GO_IDLE_STATE */
683 switch (sd->state) {
684 case sd_inactive_state:
775616c3 685 return sd->spi ? sd_r1 : sd_r0;
a1bb27b1
PB		 686
687 default:
688 sd->state = sd_idle_state;
689 sd_reset(sd, sd->bdrv);
775616c3 690 return sd->spi ? sd_r1 : sd_r0;
a1bb27b1
PB		 691 }
692 break;
693
775616c3
PB		 694 case 1: /* CMD1: SEND_OP_CMD */
695 if (!sd->spi)
696 goto bad_cmd;
697
698 sd->state = sd_transfer_state;
699 return sd_r1;
700
a1bb27b1 701 case 2: /* CMD2: ALL_SEND_CID */
775616c3
PB		 702 if (sd->spi)
703 goto bad_cmd;
a1bb27b1
PB		 704 switch (sd->state) {
705 case sd_ready_state:
706 sd->state = sd_identification_state;
707 return sd_r2_i;
708
709 default:
710 break;
711 }
712 break;
713
714 case 3: /* CMD3: SEND_RELATIVE_ADDR */
775616c3
PB		 715 if (sd->spi)
716 goto bad_cmd;
a1bb27b1
PB		 717 switch (sd->state) {
718 case sd_identification_state:
719 case sd_standby_state:
720 sd->state = sd_standby_state;
721 sd_set_rca(sd);
722 return sd_r6;
723
724 default:
725 break;
726 }
727 break;
728
729 case 4: /* CMD4: SEND_DSR */
775616c3
PB		 730 if (sd->spi)
731 goto bad_cmd;
a1bb27b1
PB		 732 switch (sd->state) {
733 case sd_standby_state:
734 break;
735
736 default:
737 break;
738 }
739 break;
740
109ac32f 741 case 5: /* CMD5: reserved for SDIO cards */
53bb8cc4 742 return sd_illegal;
109ac32f 743
a1bb27b1 744 case 6: /* CMD6: SWITCH_FUNCTION */
775616c3
PB		 745 if (sd->spi)
746 goto bad_cmd;
a1bb27b1
PB		 747 switch (sd->mode) {
748 case sd_data_transfer_mode:
749 sd_function_switch(sd, req.arg);
750 sd->state = sd_sendingdata_state;
751 sd->data_start = 0;
752 sd->data_offset = 0;
753 return sd_r1;
754
755 default:
756 break;
757 }
758 break;
759
760 case 7: /* CMD7: SELECT/DESELECT_CARD */
775616c3
PB		 761 if (sd->spi)
762 goto bad_cmd;
a1bb27b1
PB		 763 switch (sd->state) {
764 case sd_standby_state:
765 if (sd->rca != rca)
766 return sd_r0;
767
768 sd->state = sd_transfer_state;
769 return sd_r1b;
770
771 case sd_transfer_state:
772 case sd_sendingdata_state:
773 if (sd->rca == rca)
774 break;
775
776 sd->state = sd_standby_state;
777 return sd_r1b;
778
779 case sd_disconnect_state:
780 if (sd->rca != rca)
781 return sd_r0;
782
783 sd->state = sd_programming_state;
784 return sd_r1b;
785
786 case sd_programming_state:
787 if (sd->rca == rca)
788 break;
789
790 sd->state = sd_disconnect_state;
791 return sd_r1b;
792
793 default:
794 break;
795 }
796 break;
797
1b088995
AZ		 798 case 8: /* CMD8: SEND_IF_COND */
799 /* Physical Layer Specification Version 2.00 command */
800 switch (sd->state) {
801 case sd_idle_state:
802 sd->vhs = 0;
803
804 /* No response if not exactly one VHS bit is set. */
805 if (!(req.arg >> 8) || (req.arg >> ffs(req.arg & ~0xff)))
806 return sd->spi ? sd_r7 : sd_r0;
807
808 /* Accept. */
809 sd->vhs = req.arg;
810 return sd_r7;
811
812 default:
813 break;
814 }
815 break;
816
a1bb27b1
PB		 817 case 9: /* CMD9: SEND_CSD */
818 switch (sd->state) {
819 case sd_standby_state:
820 if (sd->rca != rca)
821 return sd_r0;
822
823 return sd_r2_s;
824
775616c3
PB		 825 case sd_transfer_state:
826 if (!sd->spi)
827 break;
828 sd->state = sd_sendingdata_state;
829 memcpy(sd->data, sd->csd, 16);
2d7adea4 830 sd->data_start = addr;
775616c3
PB		 831 sd->data_offset = 0;
832 return sd_r1;
833
a1bb27b1
PB		 834 default:
835 break;
836 }
837 break;
838
839 case 10: /* CMD10: SEND_CID */
840 switch (sd->state) {
841 case sd_standby_state:
842 if (sd->rca != rca)
843 return sd_r0;
844
845 return sd_r2_i;
846
775616c3
PB		 847 case sd_transfer_state:
848 if (!sd->spi)
849 break;
850 sd->state = sd_sendingdata_state;
851 memcpy(sd->data, sd->cid, 16);
2d7adea4 852 sd->data_start = addr;
775616c3
PB		 853 sd->data_offset = 0;
854 return sd_r1;
855
a1bb27b1
PB		 856 default:
857 break;
858 }
859 break;
860
861 case 11: /* CMD11: READ_DAT_UNTIL_STOP */
775616c3
PB		 862 if (sd->spi)
863 goto bad_cmd;
a1bb27b1
PB		 864 switch (sd->state) {
865 case sd_transfer_state:
866 sd->state = sd_sendingdata_state;
867 sd->data_start = req.arg;
868 sd->data_offset = 0;
869
870 if (sd->data_start + sd->blk_len > sd->size)
871 sd->card_status |= ADDRESS_ERROR;
872 return sd_r0;
873
874 default:
875 break;
876 }
877 break;
878
879 case 12: /* CMD12: STOP_TRANSMISSION */
880 switch (sd->state) {
881 case sd_sendingdata_state:
882 sd->state = sd_transfer_state;
883 return sd_r1b;
884
885 case sd_receivingdata_state:
886 sd->state = sd_programming_state;
887 /* Bzzzzzzztt .... Operation complete. */
888 sd->state = sd_transfer_state;
889 return sd_r1b;
890
891 default:
892 break;
893 }
894 break;
895
896 case 13: /* CMD13: SEND_STATUS */
897 switch (sd->mode) {
898 case sd_data_transfer_mode:
899 if (sd->rca != rca)
900 return sd_r0;
901
902 return sd_r1;
903
904 default:
905 break;
906 }
907 break;
908
909 case 15: /* CMD15: GO_INACTIVE_STATE */
775616c3
PB		 910 if (sd->spi)
911 goto bad_cmd;
a1bb27b1
PB		 912 switch (sd->mode) {
913 case sd_data_transfer_mode:
914 if (sd->rca != rca)
915 return sd_r0;
916
917 sd->state = sd_inactive_state;
918 return sd_r0;
919
920 default:
921 break;
922 }
923 break;
924
925 /* Block read commands (Classs 2) */
926 case 16: /* CMD16: SET_BLOCKLEN */
927 switch (sd->state) {
928 case sd_transfer_state:
929 if (req.arg > (1 << HWBLOCK_SHIFT))
930 sd->card_status |= BLOCK_LEN_ERROR;
931 else
932 sd->blk_len = req.arg;
933
934 return sd_r1;
935
936 default:
937 break;
938 }
939 break;
940
941 case 17: /* CMD17: READ_SINGLE_BLOCK */
942 switch (sd->state) {
943 case sd_transfer_state:
944 sd->state = sd_sendingdata_state;
2d7adea4 945 sd->data_start = addr;
a1bb27b1
PB		 946 sd->data_offset = 0;
947
948 if (sd->data_start + sd->blk_len > sd->size)
949 sd->card_status |= ADDRESS_ERROR;
950 return sd_r1;
951
952 default:
953 break;
954 }
955 break;
956
957 case 18: /* CMD18: READ_MULTIPLE_BLOCK */
958 switch (sd->state) {
959 case sd_transfer_state:
960 sd->state = sd_sendingdata_state;
2d7adea4 961 sd->data_start = addr;
a1bb27b1
PB		 962 sd->data_offset = 0;
963
964 if (sd->data_start + sd->blk_len > sd->size)
965 sd->card_status |= ADDRESS_ERROR;
966 return sd_r1;
967
968 default:
969 break;
970 }
971 break;
972
973 /* Block write commands (Class 4) */
974 case 24: /* CMD24: WRITE_SINGLE_BLOCK */
775616c3
PB		 975 if (sd->spi)
976 goto unimplemented_cmd;
a1bb27b1
PB		 977 switch (sd->state) {
978 case sd_transfer_state:
775616c3
PB		 979 /* Writing in SPI mode not implemented. */
980 if (sd->spi)
981 break;
a1bb27b1 982 sd->state = sd_receivingdata_state;
2d7adea4 983 sd->data_start = addr;
a1bb27b1
PB		 984 sd->data_offset = 0;
985 sd->blk_written = 0;
986
987 if (sd->data_start + sd->blk_len > sd->size)
988 sd->card_status |= ADDRESS_ERROR;
989 if (sd_wp_addr(sd, sd->data_start))
990 sd->card_status |= WP_VIOLATION;
991 if (sd->csd[14] & 0x30)
992 sd->card_status |= WP_VIOLATION;
993 return sd_r1;
994
995 default:
996 break;
997 }
998 break;
999
1000 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
775616c3
PB		 1001 if (sd->spi)
1002 goto unimplemented_cmd;
a1bb27b1
PB		 1003 switch (sd->state) {
1004 case sd_transfer_state:
775616c3
PB		 1005 /* Writing in SPI mode not implemented. */
1006 if (sd->spi)
1007 break;
a1bb27b1 1008 sd->state = sd_receivingdata_state;
2d7adea4 1009 sd->data_start = addr;
a1bb27b1
PB		 1010 sd->data_offset = 0;
1011 sd->blk_written = 0;
1012
1013 if (sd->data_start + sd->blk_len > sd->size)
1014 sd->card_status |= ADDRESS_ERROR;
1015 if (sd_wp_addr(sd, sd->data_start))
1016 sd->card_status |= WP_VIOLATION;
1017 if (sd->csd[14] & 0x30)
1018 sd->card_status |= WP_VIOLATION;
1019 return sd_r1;
1020
1021 default:
1022 break;
1023 }
1024 break;
1025
1026 case 26: /* CMD26: PROGRAM_CID */
775616c3
PB		 1027 if (sd->spi)
1028 goto bad_cmd;
a1bb27b1
PB		 1029 switch (sd->state) {
1030 case sd_transfer_state:
1031 sd->state = sd_receivingdata_state;
1032 sd->data_start = 0;
1033 sd->data_offset = 0;
1034 return sd_r1;
1035
1036 default:
1037 break;
1038 }
1039 break;
1040
1041 case 27: /* CMD27: PROGRAM_CSD */
775616c3
PB		 1042 if (sd->spi)
1043 goto unimplemented_cmd;
a1bb27b1
PB		 1044 switch (sd->state) {
1045 case sd_transfer_state:
1046 sd->state = sd_receivingdata_state;
1047 sd->data_start = 0;
1048 sd->data_offset = 0;
1049 return sd_r1;
1050
1051 default:
1052 break;
1053 }
1054 break;
1055
1056 /* Write protection (Class 6) */
1057 case 28: /* CMD28: SET_WRITE_PROT */
1058 switch (sd->state) {
1059 case sd_transfer_state:
2d7adea4 1060 if (addr >= sd->size) {
e30d5938 1061 sd->card_status |= ADDRESS_ERROR;
a1bb27b1
PB		 1062 return sd_r1b;
1063 }
1064
1065 sd->state = sd_programming_state;
b7202b88 1066 set_bit(sd_addr_to_wpnum(addr), sd->wp_groups);
a1bb27b1
PB		 1067 /* Bzzzzzzztt .... Operation complete. */
1068 sd->state = sd_transfer_state;
1069 return sd_r1b;
1070
1071 default:
1072 break;
1073 }
1074 break;
1075
1076 case 29: /* CMD29: CLR_WRITE_PROT */
1077 switch (sd->state) {
1078 case sd_transfer_state:
2d7adea4 1079 if (addr >= sd->size) {
e30d5938 1080 sd->card_status |= ADDRESS_ERROR;
a1bb27b1
PB		 1081 return sd_r1b;
1082 }
1083
1084 sd->state = sd_programming_state;
b7202b88 1085 clear_bit(sd_addr_to_wpnum(addr), sd->wp_groups);
a1bb27b1
PB		 1086 /* Bzzzzzzztt .... Operation complete. */
1087 sd->state = sd_transfer_state;
1088 return sd_r1b;
1089
1090 default:
1091 break;
1092 }
1093 break;
1094
1095 case 30: /* CMD30: SEND_WRITE_PROT */
1096 switch (sd->state) {
1097 case sd_transfer_state:
1098 sd->state = sd_sendingdata_state;
1099 *(uint32_t *) sd->data = sd_wpbits(sd, req.arg);
2d7adea4 1100 sd->data_start = addr;
a1bb27b1
PB		 1101 sd->data_offset = 0;
1102 return sd_r1b;
1103
1104 default:
1105 break;
1106 }
1107 break;
1108
1109 /* Erase commands (Class 5) */
1110 case 32: /* CMD32: ERASE_WR_BLK_START */
1111 switch (sd->state) {
1112 case sd_transfer_state:
1113 sd->erase_start = req.arg;
1114 return sd_r1;
1115
1116 default:
1117 break;
1118 }
1119 break;
1120
1121 case 33: /* CMD33: ERASE_WR_BLK_END */
1122 switch (sd->state) {
1123 case sd_transfer_state:
1124 sd->erase_end = req.arg;
1125 return sd_r1;
1126
1127 default:
1128 break;
1129 }
1130 break;
1131
1132 case 38: /* CMD38: ERASE */
1133 switch (sd->state) {
1134 case sd_transfer_state:
1135 if (sd->csd[14] & 0x30) {
1136 sd->card_status |= WP_VIOLATION;
1137 return sd_r1b;
1138 }
1139
1140 sd->state = sd_programming_state;
1141 sd_erase(sd);
1142 /* Bzzzzzzztt .... Operation complete. */
1143 sd->state = sd_transfer_state;
1144 return sd_r1b;
1145
1146 default:
1147 break;
1148 }
1149 break;
1150
1151 /* Lock card commands (Class 7) */
1152 case 42: /* CMD42: LOCK_UNLOCK */
775616c3
PB		 1153 if (sd->spi)
1154 goto unimplemented_cmd;
a1bb27b1
PB		 1155 switch (sd->state) {
1156 case sd_transfer_state:
1157 sd->state = sd_receivingdata_state;
1158 sd->data_start = 0;
1159 sd->data_offset = 0;
1160 return sd_r1;
1161
1162 default:
1163 break;
1164 }
1165 break;
1166
39e594db
PM		 1167 case 52:
1168 case 53:
1169 /* CMD52, CMD53: reserved for SDIO cards
1170 * (see the SDIO Simplified Specification V2.0)
1171 * Handle as illegal command but do not complain
1172 * on stderr, as some OSes may use these in their
1173 * probing for presence of an SDIO card.
1174 */
53bb8cc4 1175 return sd_illegal;
39e594db 1176
a1bb27b1
PB		 1177 /* Application specific commands (Class 8) */
1178 case 55: /* CMD55: APP_CMD */
1179 if (sd->rca != rca)
1180 return sd_r0;
1181
bebd1271 1182 sd->expecting_acmd = true;
a1bb27b1
PB		 1183 sd->card_status |= APP_CMD;
1184 return sd_r1;
1185
1186 case 56: /* CMD56: GEN_CMD */
827df9f3 1187 fprintf(stderr, "SD: GEN_CMD 0x%08x\n", req.arg);
a1bb27b1
PB		 1188
1189 switch (sd->state) {
1190 case sd_transfer_state:
1191 sd->data_offset = 0;
1192 if (req.arg & 1)
1193 sd->state = sd_sendingdata_state;
1194 else
1195 sd->state = sd_receivingdata_state;
1196 return sd_r1;
1197
1198 default:
1199 break;
1200 }
1201 break;
1202
1203 default:
775616c3 1204 bad_cmd:
827df9f3 1205 fprintf(stderr, "SD: Unknown CMD%i\n", req.cmd);
53bb8cc4 1206 return sd_illegal;
775616c3
PB		 1207
1208 unimplemented_cmd:
1209 /* Commands that are recognised but not yet implemented in SPI mode. */
827df9f3 1210 fprintf(stderr, "SD: CMD%i not implemented in SPI mode\n", req.cmd);
53bb8cc4 1211 return sd_illegal;
a1bb27b1
PB		 1212 }
1213
827df9f3 1214 fprintf(stderr, "SD: CMD%i in a wrong state\n", req.cmd);
53bb8cc4 1215 return sd_illegal;
a1bb27b1
PB		 1216}
1217
c227f099 1218static sd_rsp_type_t sd_app_command(SDState *sd,
22ed1d34
BS		 1219 SDRequest req)
1220{
a1bb27b1 1221 DPRINTF("ACMD%d 0x%08x\n", req.cmd, req.arg);
1d06cb7a 1222 sd->card_status |= APP_CMD;
a1bb27b1
PB		 1223 switch (req.cmd) {
1224 case 6: /* ACMD6: SET_BUS_WIDTH */
1225 switch (sd->state) {
1226 case sd_transfer_state:
1227 sd->sd_status[0] &= 0x3f;
1228 sd->sd_status[0] |= (req.arg & 0x03) << 6;
1229 return sd_r1;
1230
1231 default:
1232 break;
1233 }
1234 break;
1235
1236 case 13: /* ACMD13: SD_STATUS */
1237 switch (sd->state) {
1238 case sd_transfer_state:
fb1ba03a 1239 sd->state = sd_sendingdata_state;
a1bb27b1
PB		 1240 sd->data_start = 0;
1241 sd->data_offset = 0;
1242 return sd_r1;
1243
1244 default:
1245 break;
1246 }
1247 break;
1248
1249 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
1250 switch (sd->state) {
1251 case sd_transfer_state:
1252 *(uint32_t *) sd->data = sd->blk_written;
1253
fb1ba03a 1254 sd->state = sd_sendingdata_state;
a1bb27b1
PB		 1255 sd->data_start = 0;
1256 sd->data_offset = 0;
1257 return sd_r1;
1258
1259 default:
1260 break;
1261 }
1262 break;
1263
1264 case 23: /* ACMD23: SET_WR_BLK_ERASE_COUNT */
1265 switch (sd->state) {
1266 case sd_transfer_state:
1267 return sd_r1;
1268
1269 default:
1270 break;
1271 }
1272 break;
1273
1274 case 41: /* ACMD41: SD_APP_OP_COND */
775616c3
PB		 1275 if (sd->spi) {
1276 /* SEND_OP_CMD */
1277 sd->state = sd_transfer_state;
1278 return sd_r1;
1279 }
a1bb27b1
PB		 1280 switch (sd->state) {
1281 case sd_idle_state:
37ab4a56
PC		 1282 /* We accept any voltage. 10000 V is nothing.
1283 *
1284 * We don't model init delay so just advance straight to ready state
1285 * unless it's an enquiry ACMD41 (bits 23:0 == 0).
1286 */
1287 if (req.arg & ACMD41_ENQUIRY_MASK) {
a1bb27b1 1288 sd->state = sd_ready_state;
37ab4a56 1289 }
a1bb27b1
PB		 1290
1291 return sd_r3;
1292
1293 default:
1294 break;
1295 }
1296 break;
1297
1298 case 42: /* ACMD42: SET_CLR_CARD_DETECT */
1299 switch (sd->state) {
1300 case sd_transfer_state:
1301 /* Bringing in the 50KOhm pull-up resistor... Done. */
1302 return sd_r1;
1303
1304 default:
1305 break;
1306 }
1307 break;
1308
1309 case 51: /* ACMD51: SEND_SCR */
1310 switch (sd->state) {
1311 case sd_transfer_state:
1312 sd->state = sd_sendingdata_state;
1313 sd->data_start = 0;
1314 sd->data_offset = 0;
1315 return sd_r1;
1316
1317 default:
1318 break;
1319 }
1320 break;
1321
1322 default:
1323 /* Fall back to standard commands. */
a1bb27b1
PB		 1324 return sd_normal_command(sd, req);
1325 }
1326
827df9f3 1327 fprintf(stderr, "SD: ACMD%i in a wrong state\n", req.cmd);
5b08bfe2 1328 return sd_illegal;
a1bb27b1
PB		 1329}
1330
25881d33
PM		 1331static int cmd_valid_while_locked(SDState *sd, SDRequest *req)
1332{
1333 /* Valid commands in locked state:
1334 * basic class (0)
1335 * lock card class (7)
1336 * CMD16
1337 * implicitly, the ACMD prefix CMD55
1338 * ACMD41 and ACMD42
1339 * Anything else provokes an "illegal command" response.
1340 */
1d06cb7a 1341 if (sd->expecting_acmd) {
25881d33
PM		 1342 return req->cmd == 41 || req->cmd == 42;
1343 }
1344 if (req->cmd == 16 || req->cmd == 55) {
1345 return 1;
1346 }
1347 return sd_cmd_class[req->cmd] == 0 || sd_cmd_class[req->cmd] == 7;
1348}
1349
bc24a225 1350int sd_do_command(SDState *sd, SDRequest *req,
a1bb27b1 1351 uint8_t *response) {
10a412da 1352 int last_state;
c227f099 1353 sd_rsp_type_t rtype;
a1bb27b1
PB		 1354 int rsplen;
1355
03f311ed 1356 if (!sd->bdrv || !bdrv_is_inserted(sd->bdrv) || !sd->enable) {
a1bb27b1
PB		 1357 return 0;
1358 }
1359
1360 if (sd_req_crc_validate(req)) {
abda1f37 1361 sd->card_status |= COM_CRC_ERROR;
b1f517ed
PM		 1362 rtype = sd_illegal;
1363 goto send_response;
a1bb27b1
PB		 1364 }
1365
10a412da 1366 if (sd->card_status & CARD_IS_LOCKED) {
25881d33 1367 if (!cmd_valid_while_locked(sd, req)) {
a1bb27b1 1368 sd->card_status |= ILLEGAL_COMMAND;
bebd1271 1369 sd->expecting_acmd = false;
827df9f3 1370 fprintf(stderr, "SD: Card is locked\n");
b1f517ed
PM		 1371 rtype = sd_illegal;
1372 goto send_response;
a1bb27b1 1373 }
25881d33 1374 }
a1bb27b1 1375
10a412da
PM		 1376 last_state = sd->state;
1377 sd_set_mode(sd);
1378
1d06cb7a 1379 if (sd->expecting_acmd) {
bebd1271 1380 sd->expecting_acmd = false;
a1bb27b1 1381 rtype = sd_app_command(sd, *req);
1d06cb7a 1382 } else {
a1bb27b1 1383 rtype = sd_normal_command(sd, *req);
1d06cb7a 1384 }
a1bb27b1 1385
53bb8cc4
PM		 1386 if (rtype == sd_illegal) {
1387 sd->card_status |= ILLEGAL_COMMAND;
10a412da
PM		 1388 } else {
1389 /* Valid command, we can update the 'state before command' bits.
1390 * (Do this now so they appear in r1 responses.)
1391 */
1392 sd->current_cmd = req->cmd;
1393 sd->card_status &= ~CURRENT_STATE;
1394 sd->card_status |= (last_state << 9);
53bb8cc4
PM		 1395 }
1396
b1f517ed 1397send_response:
a1bb27b1
PB		 1398 switch (rtype) {
1399 case sd_r1:
1400 case sd_r1b:
10a412da 1401 sd_response_r1_make(sd, response);
a1bb27b1
PB		 1402 rsplen = 4;
1403 break;
1404
1405 case sd_r2_i:
1406 memcpy(response, sd->cid, sizeof(sd->cid));
a1bb27b1
PB		 1407 rsplen = 16;
1408 break;
1409
1410 case sd_r2_s:
1411 memcpy(response, sd->csd, sizeof(sd->csd));
a1bb27b1
PB		 1412 rsplen = 16;
1413 break;
1414
1415 case sd_r3:
1416 sd_response_r3_make(sd, response);
1417 rsplen = 4;
1418 break;
1419
1420 case sd_r6:
1421 sd_response_r6_make(sd, response);
1422 rsplen = 4;
1423 break;
1424
1b088995
AZ		 1425 case sd_r7:
1426 sd_response_r7_make(sd, response);
1427 rsplen = 4;
1428 break;
1429
a1bb27b1 1430 case sd_r0:
53bb8cc4 1431 case sd_illegal:
a1bb27b1
PB		 1432 default:
1433 rsplen = 0;
1434 break;
1435 }
1436
10a412da
PM		 1437 if (rtype != sd_illegal) {
1438 /* Clear the "clear on valid command" status bits now we've
1439 * sent any response
1440 */
1441 sd->card_status &= ~CARD_STATUS_B;
1442 }
1443
a1bb27b1
PB		 1444#ifdef DEBUG_SD
1445 if (rsplen) {
1446 int i;
1447 DPRINTF("Response:");
1448 for (i = 0; i < rsplen; i++)
038d3d44
PC		 1449 fprintf(stderr, " %02x", response[i]);
1450 fprintf(stderr, " state %d\n", sd->state);
a1bb27b1
PB		 1451 } else {
1452 DPRINTF("No response %d\n", sd->state);
1453 }
1454#endif
1455
1456 return rsplen;
1457}
1458
2d7adea4 1459static void sd_blk_read(SDState *sd, uint64_t addr, uint32_t len)
a1bb27b1 1460{
2d7adea4 1461 uint64_t end = addr + len;
a1bb27b1 1462
2d7adea4
AZ		 1463 DPRINTF("sd_blk_read: addr = 0x%08llx, len = %d\n",
1464 (unsigned long long) addr, len);
7a608f56 1465 if (!sd->bdrv || bdrv_read(sd->bdrv, addr >> 9, sd->buf, 1) < 0) {
827df9f3 1466 fprintf(stderr, "sd_blk_read: read error on host side\n");
a1bb27b1
PB		 1467 return;
1468 }
1469
1470 if (end > (addr & ~511) + 512) {
33f00271 1471 memcpy(sd->data, sd->buf + (addr & 511), 512 - (addr & 511));
a1bb27b1 1472
7a608f56 1473 if (bdrv_read(sd->bdrv, end >> 9, sd->buf, 1) < 0) {
827df9f3 1474 fprintf(stderr, "sd_blk_read: read error on host side\n");
a1bb27b1
PB		 1475 return;
1476 }
33f00271 1477 memcpy(sd->data + 512 - (addr & 511), sd->buf, end & 511);
a1bb27b1 1478 } else
33f00271 1479 memcpy(sd->data, sd->buf + (addr & 511), len);
a1bb27b1
PB		 1480}
1481
2d7adea4 1482static void sd_blk_write(SDState *sd, uint64_t addr, uint32_t len)
a1bb27b1 1483{
2d7adea4 1484 uint64_t end = addr + len;
a1bb27b1
PB		 1485
1486 if ((addr & 511) || len < 512)
7a608f56 1487 if (!sd->bdrv || bdrv_read(sd->bdrv, addr >> 9, sd->buf, 1) < 0) {
827df9f3 1488 fprintf(stderr, "sd_blk_write: read error on host side\n");
a1bb27b1
PB		 1489 return;
1490 }
1491
1492 if (end > (addr & ~511) + 512) {
33f00271 1493 memcpy(sd->buf + (addr & 511), sd->data, 512 - (addr & 511));
7a608f56 1494 if (bdrv_write(sd->bdrv, addr >> 9, sd->buf, 1) < 0) {
827df9f3 1495 fprintf(stderr, "sd_blk_write: write error on host side\n");
a1bb27b1
PB		 1496 return;
1497 }
1498
7a608f56 1499 if (bdrv_read(sd->bdrv, end >> 9, sd->buf, 1) < 0) {
827df9f3 1500 fprintf(stderr, "sd_blk_write: read error on host side\n");
a1bb27b1
PB		 1501 return;
1502 }
33f00271 1503 memcpy(sd->buf, sd->data + 512 - (addr & 511), end & 511);
7a608f56 1504 if (bdrv_write(sd->bdrv, end >> 9, sd->buf, 1) < 0) {
827df9f3 1505 fprintf(stderr, "sd_blk_write: write error on host side\n");
7a608f56 1506 }
a1bb27b1 1507 } else {
33f00271 1508 memcpy(sd->buf + (addr & 511), sd->data, len);
7a608f56 1509 if (!sd->bdrv || bdrv_write(sd->bdrv, addr >> 9, sd->buf, 1) < 0) {
827df9f3 1510 fprintf(stderr, "sd_blk_write: write error on host side\n");
7a608f56 1511 }
a1bb27b1
PB		 1512 }
1513}
1514
33f00271
AZ		 1515#define BLK_READ_BLOCK(a, len) sd_blk_read(sd, a, len)
1516#define BLK_WRITE_BLOCK(a, len) sd_blk_write(sd, a, len)
a1bb27b1
PB		 1517#define APP_READ_BLOCK(a, len) memset(sd->data, 0xec, len)
1518#define APP_WRITE_BLOCK(a, len)
1519
1520void sd_write_data(SDState *sd, uint8_t value)
1521{
1522 int i;
1523
827df9f3 1524 if (!sd->bdrv || !bdrv_is_inserted(sd->bdrv) || !sd->enable)
a1bb27b1
PB		 1525 return;
1526
1527 if (sd->state != sd_receivingdata_state) {
827df9f3 1528 fprintf(stderr, "sd_write_data: not in Receiving-Data state\n");
a1bb27b1
PB		 1529 return;
1530 }
1531
1532 if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION))
1533 return;
1534
1535 switch (sd->current_cmd) {
1536 case 24: /* CMD24: WRITE_SINGLE_BLOCK */
1537 sd->data[sd->data_offset ++] = value;
1538 if (sd->data_offset >= sd->blk_len) {
1539 /* TODO: Check CRC before committing */
1540 sd->state = sd_programming_state;
1541 BLK_WRITE_BLOCK(sd->data_start, sd->data_offset);
1542 sd->blk_written ++;
1543 sd->csd[14] |= 0x40;
1544 /* Bzzzzzzztt .... Operation complete. */
1545 sd->state = sd_transfer_state;
1546 }
1547 break;
1548
1549 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
33fa8234 1550 if (sd->data_offset == 0) {
e03ba136 1551 /* Start of the block - let's check the address is valid */
a1bb27b1
PB		 1552 if (sd->data_start + sd->blk_len > sd->size) {
1553 sd->card_status |= ADDRESS_ERROR;
1554 break;
1555 }
1556 if (sd_wp_addr(sd, sd->data_start)) {
1557 sd->card_status |= WP_VIOLATION;
1558 break;
1559 }
33fa8234
DDAG		 1560 }
1561 sd->data[sd->data_offset++] = value;
1562 if (sd->data_offset >= sd->blk_len) {
1563 /* TODO: Check CRC before committing */
1564 sd->state = sd_programming_state;
1565 BLK_WRITE_BLOCK(sd->data_start, sd->data_offset);
1566 sd->blk_written++;
1567 sd->data_start += sd->blk_len;
1568 sd->data_offset = 0;
a1bb27b1
PB		 1569 sd->csd[14] |= 0x40;
1570
1571 /* Bzzzzzzztt .... Operation complete. */
1572 sd->state = sd_receivingdata_state;
1573 }
1574 break;
1575
1576 case 26: /* CMD26: PROGRAM_CID */
1577 sd->data[sd->data_offset ++] = value;
1578 if (sd->data_offset >= sizeof(sd->cid)) {
1579 /* TODO: Check CRC before committing */
1580 sd->state = sd_programming_state;
1581 for (i = 0; i < sizeof(sd->cid); i ++)
1582 if ((sd->cid[i] | 0x00) != sd->data[i])
1583 sd->card_status |= CID_CSD_OVERWRITE;
1584
1585 if (!(sd->card_status & CID_CSD_OVERWRITE))
1586 for (i = 0; i < sizeof(sd->cid); i ++) {
1587 sd->cid[i] |= 0x00;
1588 sd->cid[i] &= sd->data[i];
1589 }
1590 /* Bzzzzzzztt .... Operation complete. */
1591 sd->state = sd_transfer_state;
1592 }
1593 break;
1594
1595 case 27: /* CMD27: PROGRAM_CSD */
1596 sd->data[sd->data_offset ++] = value;
1597 if (sd->data_offset >= sizeof(sd->csd)) {
1598 /* TODO: Check CRC before committing */
1599 sd->state = sd_programming_state;
1600 for (i = 0; i < sizeof(sd->csd); i ++)
1601 if ((sd->csd[i] | sd_csd_rw_mask[i]) !=
1602 (sd->data[i] | sd_csd_rw_mask[i]))
1603 sd->card_status |= CID_CSD_OVERWRITE;
1604
1605 /* Copy flag (OTP) & Permanent write protect */
1606 if (sd->csd[14] & ~sd->data[14] & 0x60)
1607 sd->card_status |= CID_CSD_OVERWRITE;
1608
1609 if (!(sd->card_status & CID_CSD_OVERWRITE))
1610 for (i = 0; i < sizeof(sd->csd); i ++) {
1611 sd->csd[i] |= sd_csd_rw_mask[i];
1612 sd->csd[i] &= sd->data[i];
1613 }
1614 /* Bzzzzzzztt .... Operation complete. */
1615 sd->state = sd_transfer_state;
1616 }
1617 break;
1618
1619 case 42: /* CMD42: LOCK_UNLOCK */
1620 sd->data[sd->data_offset ++] = value;
1621 if (sd->data_offset >= sd->blk_len) {
1622 /* TODO: Check CRC before committing */
1623 sd->state = sd_programming_state;
1624 sd_lock_command(sd);
1625 /* Bzzzzzzztt .... Operation complete. */
1626 sd->state = sd_transfer_state;
1627 }
1628 break;
1629
1630 case 56: /* CMD56: GEN_CMD */
1631 sd->data[sd->data_offset ++] = value;
1632 if (sd->data_offset >= sd->blk_len) {
1633 APP_WRITE_BLOCK(sd->data_start, sd->data_offset);
1634 sd->state = sd_transfer_state;
1635 }
1636 break;
1637
1638 default:
827df9f3 1639 fprintf(stderr, "sd_write_data: unknown command\n");
a1bb27b1
PB		 1640 break;
1641 }
1642}
1643
1644uint8_t sd_read_data(SDState *sd)
1645{
1646 /* TODO: Append CRCs */
1647 uint8_t ret;
2d7adea4 1648 int io_len;
a1bb27b1 1649
827df9f3 1650 if (!sd->bdrv || !bdrv_is_inserted(sd->bdrv) || !sd->enable)
a1bb27b1
PB		 1651 return 0x00;
1652
1653 if (sd->state != sd_sendingdata_state) {
827df9f3 1654 fprintf(stderr, "sd_read_data: not in Sending-Data state\n");
a1bb27b1
PB		 1655 return 0x00;
1656 }
1657
1658 if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION))
1659 return 0x00;
1660
2d7adea4
AZ		 1661 io_len = (sd->ocr & (1 << 30)) ? 512 : sd->blk_len;
1662
a1bb27b1
PB		 1663 switch (sd->current_cmd) {
1664 case 6: /* CMD6: SWITCH_FUNCTION */
1665 ret = sd->data[sd->data_offset ++];
1666
1667 if (sd->data_offset >= 64)
1668 sd->state = sd_transfer_state;
1669 break;
1670
775616c3
PB		 1671 case 9: /* CMD9: SEND_CSD */
1672 case 10: /* CMD10: SEND_CID */
1673 ret = sd->data[sd->data_offset ++];
1674
1675 if (sd->data_offset >= 16)
1676 sd->state = sd_transfer_state;
1677 break;
1678
a1bb27b1
PB		 1679 case 11: /* CMD11: READ_DAT_UNTIL_STOP */
1680 if (sd->data_offset == 0)
2d7adea4 1681 BLK_READ_BLOCK(sd->data_start, io_len);
a1bb27b1
PB		 1682 ret = sd->data[sd->data_offset ++];
1683
2d7adea4
AZ		 1684 if (sd->data_offset >= io_len) {
1685 sd->data_start += io_len;
a1bb27b1 1686 sd->data_offset = 0;
2d7adea4 1687 if (sd->data_start + io_len > sd->size) {
a1bb27b1
PB		 1688 sd->card_status |= ADDRESS_ERROR;
1689 break;
1690 }
1691 }
1692 break;
1693
1694 case 13: /* ACMD13: SD_STATUS */
1695 ret = sd->sd_status[sd->data_offset ++];
1696
1697 if (sd->data_offset >= sizeof(sd->sd_status))
1698 sd->state = sd_transfer_state;
1699 break;
1700
1701 case 17: /* CMD17: READ_SINGLE_BLOCK */
1702 if (sd->data_offset == 0)
2d7adea4 1703 BLK_READ_BLOCK(sd->data_start, io_len);
a1bb27b1
PB		 1704 ret = sd->data[sd->data_offset ++];
1705
2d7adea4 1706 if (sd->data_offset >= io_len)
a1bb27b1
PB		 1707 sd->state = sd_transfer_state;
1708 break;
1709
1710 case 18: /* CMD18: READ_MULTIPLE_BLOCK */
1711 if (sd->data_offset == 0)
2d7adea4 1712 BLK_READ_BLOCK(sd->data_start, io_len);
a1bb27b1
PB		 1713 ret = sd->data[sd->data_offset ++];
1714
2d7adea4
AZ		 1715 if (sd->data_offset >= io_len) {
1716 sd->data_start += io_len;
a1bb27b1 1717 sd->data_offset = 0;
2d7adea4 1718 if (sd->data_start + io_len > sd->size) {
a1bb27b1
PB		 1719 sd->card_status |= ADDRESS_ERROR;
1720 break;
1721 }
1722 }
1723 break;
1724
1725 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
1726 ret = sd->data[sd->data_offset ++];
1727
1728 if (sd->data_offset >= 4)
1729 sd->state = sd_transfer_state;
1730 break;
1731
1732 case 30: /* CMD30: SEND_WRITE_PROT */
1733 ret = sd->data[sd->data_offset ++];
1734
1735 if (sd->data_offset >= 4)
1736 sd->state = sd_transfer_state;
1737 break;
1738
1739 case 51: /* ACMD51: SEND_SCR */
1740 ret = sd->scr[sd->data_offset ++];
1741
1742 if (sd->data_offset >= sizeof(sd->scr))
1743 sd->state = sd_transfer_state;
1744 break;
1745
1746 case 56: /* CMD56: GEN_CMD */
1747 if (sd->data_offset == 0)
1748 APP_READ_BLOCK(sd->data_start, sd->blk_len);
1749 ret = sd->data[sd->data_offset ++];
1750
1751 if (sd->data_offset >= sd->blk_len)
1752 sd->state = sd_transfer_state;
1753 break;
1754
1755 default:
827df9f3 1756 fprintf(stderr, "sd_read_data: unknown command\n");
a1bb27b1
PB		 1757 return 0x00;
1758 }
1759
1760 return ret;
1761}
1762
879bf4a7 1763bool sd_data_ready(SDState *sd)
a1bb27b1
PB		 1764{
1765 return sd->state == sd_sendingdata_state;
1766}
827df9f3 1767
bebd1271 1768void sd_enable(SDState *sd, bool enable)
827df9f3
AZ		 1769{
1770 sd->enable = enable;
1771}
Empty description
This page took 1.039193 seconds and 4 git commands to generate.