]> Git Repo - qemu.git/blame - hw/sd/sd.c
projects / qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
sdcard: define SDMMC_CMD_MAX instead of using the magic '64'
[qemu.git] / hw / sd / sd.c
CommitLineData
5fafdf24 1/*
a1bb27b1
PB		 2 * SD Memory Card emulation as defined in the "SD Memory Card Physical
3 * layer specification, Version 1.10."
4 *
5 * Copyright (c) 2006 Andrzej Zaborowski <[email protected]>
6 * Copyright (c) 2007 CodeSourcery
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in
16 * the documentation and/or other materials provided with the
17 * distribution.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS''
20 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
21 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
22 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR
23 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
24 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
25 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
26 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
27 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
28 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
29 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
30 */
31
0430891c 32#include "qemu/osdep.h"
c759a790 33#include "hw/qdev.h"
83c9f4ca 34#include "hw/hw.h"
4be74634 35#include "sysemu/block-backend.h"
e3382ef0 36#include "hw/sd/sd.h"
da34e65c 37#include "qapi/error.h"
1de7afc9 38#include "qemu/bitmap.h"
260bc9d8
PM		 39#include "hw/qdev-properties.h"
40#include "qemu/error-report.h"
dd26eb43 41#include "qemu/timer.h"
03dd024f 42#include "qemu/log.h"
f250015b 43#include "sdmmc-internal.h"
1b640aa9 44#include "trace.h"
a1bb27b1
PB		 45
46//#define DEBUG_SD 1
47
dd26eb43
AB		 48#define ACMD41_ENQUIRY_MASK 0x00ffffff
49#define OCR_POWER_UP 0x80000000
50#define OCR_POWER_DELAY_NS 500000 /* 0.5ms */
37ab4a56 51
a1bb27b1
PB		 52typedef enum {
53 sd_r0 = 0, /* no response */
54 sd_r1, /* normal response command */
55 sd_r2_i, /* CID register */
56 sd_r2_s, /* CSD register */
57 sd_r3, /* OCR register */
58 sd_r6 = 6, /* Published RCA response */
1b088995 59 sd_r7, /* Operating voltage */
a1bb27b1 60 sd_r1b = -1,
53bb8cc4 61 sd_illegal = -2,
c227f099 62} sd_rsp_type_t;
a1bb27b1 63
50a5be6c
IM		 64enum SDCardModes {
65 sd_inactive,
66 sd_card_identification_mode,
67 sd_data_transfer_mode,
68};
69
70enum SDCardStates {
71 sd_inactive_state = -1,
72 sd_idle_state = 0,
73 sd_ready_state,
74 sd_identification_state,
75 sd_standby_state,
76 sd_transfer_state,
77 sd_sendingdata_state,
78 sd_receivingdata_state,
79 sd_programming_state,
80 sd_disconnect_state,
81};
82
a1bb27b1 83struct SDState {
260bc9d8
PM		 84 DeviceState parent_obj;
85
d49b1ce0 86 /* SD Memory Card Registers */
a1bb27b1
PB		 87 uint32_t ocr;
88 uint8_t scr[8];
89 uint8_t cid[16];
90 uint8_t csd[16];
91 uint16_t rca;
92 uint32_t card_status;
93 uint8_t sd_status[64];
d49b1ce0
PMD		 94
95 /* Configurable properties */
96 BlockBackend *blk;
97 bool spi;
98
99 uint32_t mode; /* current card mode, one of SDCardModes */
100 int32_t state; /* current card state, one of SDCardStates */
1b088995 101 uint32_t vhs;
bebd1271 102 bool wp_switch;
a9c01830 103 unsigned long *wp_groups;
50a5be6c 104 int32_t wpgrps_size;
2d7adea4 105 uint64_t size;
50a5be6c 106 uint32_t blk_len;
4481bbc7 107 uint32_t multi_blk_cnt;
a1bb27b1
PB		 108 uint32_t erase_start;
109 uint32_t erase_end;
110 uint8_t pwd[16];
50a5be6c
IM		 111 uint32_t pwd_len;
112 uint8_t function_group[6];
50a5be6c 113 uint8_t current_cmd;
1d06cb7a
PM		 114 /* True if we will handle the next command as an ACMD. Note that this does
115 * *not* track the APP_CMD status bit!
116 */
bebd1271 117 bool expecting_acmd;
50a5be6c 118 uint32_t blk_written;
2d7adea4 119 uint64_t data_start;
a1bb27b1
PB		 120 uint32_t data_offset;
121 uint8_t data[512];
02ce600c
AZ		 122 qemu_irq readonly_cb;
123 qemu_irq inserted_cb;
d49b1ce0 124 QEMUTimer *ocr_power_timer;
bebd1271 125 bool enable;
da346922
PMD		 126 uint8_t dat_lines;
127 bool cmd_line;
a1bb27b1
PB		 128};
129
1b640aa9
PMD		 130static const char *sd_state_name(enum SDCardStates state)
131{
132 static const char *state_name[] = {
133 [sd_idle_state] = "idle",
134 [sd_ready_state] = "ready",
135 [sd_identification_state] = "identification",
136 [sd_standby_state] = "standby",
137 [sd_transfer_state] = "transfer",
138 [sd_sendingdata_state] = "sendingdata",
139 [sd_receivingdata_state] = "receivingdata",
140 [sd_programming_state] = "programming",
141 [sd_disconnect_state] = "disconnect",
142 };
143 if (state == sd_inactive_state) {
144 return "inactive";
145 }
146 assert(state <= ARRAY_SIZE(state_name));
147 return state_name[state];
148}
149
55921932
PMD		 150static const char *sd_response_name(sd_rsp_type_t rsp)
151{
152 static const char *response_name[] = {
153 [sd_r0] = "RESP#0 (no response)",
154 [sd_r1] = "RESP#1 (normal cmd)",
155 [sd_r2_i] = "RESP#2 (CID reg)",
156 [sd_r2_s] = "RESP#2 (CSD reg)",
157 [sd_r3] = "RESP#3 (OCR reg)",
158 [sd_r6] = "RESP#6 (RCA)",
159 [sd_r7] = "RESP#7 (operating voltage)",
160 };
161 if (rsp == sd_illegal) {
162 return "ILLEGAL RESP";
163 }
164 if (rsp == sd_r1b) {
165 rsp = sd_r1;
166 }
167 assert(rsp <= ARRAY_SIZE(response_name));
168 return response_name[rsp];
169}
170
da346922
PMD		 171static uint8_t sd_get_dat_lines(SDState *sd)
172{
173 return sd->enable ? sd->dat_lines : 0;
174}
175
176static bool sd_get_cmd_line(SDState *sd)
177{
178 return sd->enable ? sd->cmd_line : false;
179}
180
0034ebe6
PMD		 181static void sd_set_voltage(SDState *sd, uint16_t millivolts)
182{
814b2adc
PMD		 183 trace_sdcard_set_voltage(millivolts);
184
0034ebe6
PMD		 185 switch (millivolts) {
186 case 3001 ... 3600: /* SD_VOLTAGE_3_3V */
187 case 2001 ... 3000: /* SD_VOLTAGE_3_0V */
188 break;
189 default:
190 qemu_log_mask(LOG_GUEST_ERROR, "SD card voltage not supported: %.3fV",
191 millivolts / 1000.f);
192 }
193}
194
10a412da 195static void sd_set_mode(SDState *sd)
a1bb27b1
PB		 196{
197 switch (sd->state) {
198 case sd_inactive_state:
199 sd->mode = sd_inactive;
200 break;
201
202 case sd_idle_state:
203 case sd_ready_state:
204 case sd_identification_state:
205 sd->mode = sd_card_identification_mode;
206 break;
207
208 case sd_standby_state:
209 case sd_transfer_state:
210 case sd_sendingdata_state:
211 case sd_receivingdata_state:
212 case sd_programming_state:
213 case sd_disconnect_state:
214 sd->mode = sd_data_transfer_mode;
215 break;
216 }
a1bb27b1
PB		 217}
218
f250015b 219static const sd_cmd_type_t sd_cmd_type[SDMMC_CMD_MAX] = {
a1bb27b1 220 sd_bc, sd_none, sd_bcr, sd_bcr, sd_none, sd_none, sd_none, sd_ac,
1b088995 221 sd_bcr, sd_ac, sd_ac, sd_adtc, sd_ac, sd_ac, sd_none, sd_ac,
f250015b 222 /* 16 */
a1bb27b1
PB		 223 sd_ac, sd_adtc, sd_adtc, sd_none, sd_none, sd_none, sd_none, sd_none,
224 sd_adtc, sd_adtc, sd_adtc, sd_adtc, sd_ac, sd_ac, sd_adtc, sd_none,
f250015b 225 /* 32 */
a1bb27b1
PB		 226 sd_ac, sd_ac, sd_none, sd_none, sd_none, sd_none, sd_ac, sd_none,
227 sd_none, sd_none, sd_bc, sd_none, sd_none, sd_none, sd_none, sd_none,
f250015b 228 /* 48 */
a1bb27b1
PB		 229 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_ac,
230 sd_adtc, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
231};
232
f250015b 233static const int sd_cmd_class[SDMMC_CMD_MAX] = {
a1bb27b1
PB		 234 0, 0, 0, 0, 0, 9, 10, 0, 0, 0, 0, 1, 0, 0, 0, 0,
235 2, 2, 2, 2, 3, 3, 3, 3, 4, 4, 4, 4, 6, 6, 6, 6,
236 5, 5, 10, 10, 10, 10, 5, 9, 9, 9, 7, 7, 7, 7, 7, 7,
237 7, 7, 10, 7, 9, 9, 9, 8, 8, 10, 8, 8, 8, 8, 8, 8,
238};
239
240static uint8_t sd_crc7(void *message, size_t width)
241{
242 int i, bit;
243 uint8_t shift_reg = 0x00;
244 uint8_t *msg = (uint8_t *) message;
245
246 for (i = 0; i < width; i ++, msg ++)
247 for (bit = 7; bit >= 0; bit --) {
248 shift_reg <<= 1;
249 if ((shift_reg >> 7) ^ ((*msg >> bit) & 1))
250 shift_reg ^= 0x89;
251 }
252
253 return shift_reg;
254}
255
256static uint16_t sd_crc16(void *message, size_t width)
257{
258 int i, bit;
259 uint16_t shift_reg = 0x0000;
260 uint16_t *msg = (uint16_t *) message;
261 width <<= 1;
262
263 for (i = 0; i < width; i ++, msg ++)
264 for (bit = 15; bit >= 0; bit --) {
265 shift_reg <<= 1;
266 if ((shift_reg >> 15) ^ ((*msg >> bit) & 1))
267 shift_reg ^= 0x1011;
268 }
269
270 return shift_reg;
271}
272
273static void sd_set_ocr(SDState *sd)
274{
dd26eb43
AB		 275 /* All voltages OK, Standard Capacity SD Memory Card, not yet powered up */
276 sd->ocr = 0x00ffff00;
277}
278
279static void sd_ocr_powerup(void *opaque)
280{
281 SDState *sd = opaque;
282
814b2adc 283 trace_sdcard_powerup();
dd26eb43
AB		 284 /* Set powered up bit in OCR */
285 assert(!(sd->ocr & OCR_POWER_UP));
286 sd->ocr |= OCR_POWER_UP;
a1bb27b1
PB		 287}
288
289static void sd_set_scr(SDState *sd)
290{
291 sd->scr[0] = 0x00; /* SCR Structure */
292 sd->scr[1] = 0x2f; /* SD Security Support */
293 sd->scr[2] = 0x00;
294 sd->scr[3] = 0x00;
295 sd->scr[4] = 0x00;
296 sd->scr[5] = 0x00;
297 sd->scr[6] = 0x00;
298 sd->scr[7] = 0x00;
299}
300
301#define MID 0xaa
302#define OID "XY"
303#define PNM "QEMU!"
304#define PRV 0x01
305#define MDT_YR 2006
306#define MDT_MON 2
307
308static void sd_set_cid(SDState *sd)
309{
310 sd->cid[0] = MID; /* Fake card manufacturer ID (MID) */
311 sd->cid[1] = OID[0]; /* OEM/Application ID (OID) */
312 sd->cid[2] = OID[1];
313 sd->cid[3] = PNM[0]; /* Fake product name (PNM) */
314 sd->cid[4] = PNM[1];
315 sd->cid[5] = PNM[2];
316 sd->cid[6] = PNM[3];
317 sd->cid[7] = PNM[4];
318 sd->cid[8] = PRV; /* Fake product revision (PRV) */
319 sd->cid[9] = 0xde; /* Fake serial number (PSN) */
320 sd->cid[10] = 0xad;
321 sd->cid[11] = 0xbe;
322 sd->cid[12] = 0xef;
323 sd->cid[13] = 0x00 | /* Manufacture date (MDT) */
324 ((MDT_YR - 2000) / 10);
325 sd->cid[14] = ((MDT_YR % 10) << 4) | MDT_MON;
326 sd->cid[15] = (sd_crc7(sd->cid, 15) << 1) | 1;
327}
328
329#define HWBLOCK_SHIFT 9 /* 512 bytes */
330#define SECTOR_SHIFT 5 /* 16 kilobytes */
331#define WPGROUP_SHIFT 7 /* 2 megs */
332#define CMULT_SHIFT 9 /* 512 times HWBLOCK_SIZE */
a1bb27b1
PB		 333#define WPGROUP_SIZE (1 << (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT))
334
335static const uint8_t sd_csd_rw_mask[16] = {
336 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
337 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xfc, 0xfe,
338};
339
2d7adea4 340static void sd_set_csd(SDState *sd, uint64_t size)
a1bb27b1
PB		 341{
342 uint32_t csize = (size >> (CMULT_SHIFT + HWBLOCK_SHIFT)) - 1;
343 uint32_t sectsize = (1 << (SECTOR_SHIFT + 1)) - 1;
344 uint32_t wpsize = (1 << (WPGROUP_SHIFT + 1)) - 1;
345
2d7adea4
AZ		 346 if (size <= 0x40000000) { /* Standard Capacity SD */
347 sd->csd[0] = 0x00; /* CSD structure */
348 sd->csd[1] = 0x26; /* Data read access-time-1 */
349 sd->csd[2] = 0x00; /* Data read access-time-2 */
350 sd->csd[3] = 0x5a; /* Max. data transfer rate */
351 sd->csd[4] = 0x5f; /* Card Command Classes */
352 sd->csd[5] = 0x50 | /* Max. read data block length */
353 HWBLOCK_SHIFT;
354 sd->csd[6] = 0xe0 | /* Partial block for read allowed */
355 ((csize >> 10) & 0x03);
356 sd->csd[7] = 0x00 | /* Device size */
357 ((csize >> 2) & 0xff);
358 sd->csd[8] = 0x3f | /* Max. read current */
359 ((csize << 6) & 0xc0);
360 sd->csd[9] = 0xfc | /* Max. write current */
361 ((CMULT_SHIFT - 2) >> 1);
362 sd->csd[10] = 0x40 | /* Erase sector size */
363 (((CMULT_SHIFT - 2) << 7) & 0x80) | (sectsize >> 1);
364 sd->csd[11] = 0x00 | /* Write protect group size */
365 ((sectsize << 7) & 0x80) | wpsize;
366 sd->csd[12] = 0x90 | /* Write speed factor */
367 (HWBLOCK_SHIFT >> 2);
368 sd->csd[13] = 0x20 | /* Max. write data block length */
369 ((HWBLOCK_SHIFT << 6) & 0xc0);
370 sd->csd[14] = 0x00; /* File format group */
371 sd->csd[15] = (sd_crc7(sd->csd, 15) << 1) | 1;
372 } else { /* SDHC */
373 size /= 512 * 1024;
374 size -= 1;
375 sd->csd[0] = 0x40;
376 sd->csd[1] = 0x0e;
377 sd->csd[2] = 0x00;
378 sd->csd[3] = 0x32;
379 sd->csd[4] = 0x5b;
380 sd->csd[5] = 0x59;
381 sd->csd[6] = 0x00;
382 sd->csd[7] = (size >> 16) & 0xff;
383 sd->csd[8] = (size >> 8) & 0xff;
384 sd->csd[9] = (size & 0xff);
385 sd->csd[10] = 0x7f;
386 sd->csd[11] = 0x80;
387 sd->csd[12] = 0x0a;
388 sd->csd[13] = 0x40;
389 sd->csd[14] = 0x00;
390 sd->csd[15] = 0x00;
e03ba136 391 sd->ocr |= 1 << 30; /* High Capacity SD Memory Card */
2d7adea4 392 }
a1bb27b1
PB		 393}
394
395static void sd_set_rca(SDState *sd)
396{
397 sd->rca += 0x4567;
398}
399
b8d334c8
PM		 400/* Card status bits, split by clear condition:
401 * A : According to the card current state
402 * B : Always related to the previous command
403 * C : Cleared by read
404 */
a1bb27b1
PB		 405#define CARD_STATUS_A 0x02004100
406#define CARD_STATUS_B 0x00c01e00
407#define CARD_STATUS_C 0xfd39a028
408
409static void sd_set_cardstatus(SDState *sd)
410{
411 sd->card_status = 0x00000100;
412}
413
414static void sd_set_sdstatus(SDState *sd)
415{
416 memset(sd->sd_status, 0, 64);
417}
418
bc24a225 419static int sd_req_crc_validate(SDRequest *req)
a1bb27b1
PB		 420{
421 uint8_t buffer[5];
422 buffer[0] = 0x40 | req->cmd;
423 buffer[1] = (req->arg >> 24) & 0xff;
424 buffer[2] = (req->arg >> 16) & 0xff;
425 buffer[3] = (req->arg >> 8) & 0xff;
426 buffer[4] = (req->arg >> 0) & 0xff;
427 return 0;
428 return sd_crc7(buffer, 5) != req->crc; /* TODO */
429}
430
10a412da 431static void sd_response_r1_make(SDState *sd, uint8_t *response)
a1bb27b1 432{
10a412da 433 uint32_t status = sd->card_status;
1d06cb7a
PM		 434 /* Clear the "clear on read" status bits */
435 sd->card_status &= ~CARD_STATUS_C;
a1bb27b1
PB		 436
437 response[0] = (status >> 24) & 0xff;
438 response[1] = (status >> 16) & 0xff;
439 response[2] = (status >> 8) & 0xff;
440 response[3] = (status >> 0) & 0xff;
441}
442
9596ebb7 443static void sd_response_r3_make(SDState *sd, uint8_t *response)
a1bb27b1
PB		 444{
445 response[0] = (sd->ocr >> 24) & 0xff;
446 response[1] = (sd->ocr >> 16) & 0xff;
447 response[2] = (sd->ocr >> 8) & 0xff;
448 response[3] = (sd->ocr >> 0) & 0xff;
449}
450
9596ebb7 451static void sd_response_r6_make(SDState *sd, uint8_t *response)
a1bb27b1
PB		 452{
453 uint16_t arg;
454 uint16_t status;
455
456 arg = sd->rca;
457 status = ((sd->card_status >> 8) & 0xc000) |
458 ((sd->card_status >> 6) & 0x2000) |
459 (sd->card_status & 0x1fff);
fcfa9351 460 sd->card_status &= ~(CARD_STATUS_C & 0xc81fff);
a1bb27b1
PB		 461
462 response[0] = (arg >> 8) & 0xff;
463 response[1] = arg & 0xff;
464 response[2] = (status >> 8) & 0xff;
465 response[3] = status & 0xff;
466}
467
1b088995
AZ		 468static void sd_response_r7_make(SDState *sd, uint8_t *response)
469{
470 response[0] = (sd->vhs >> 24) & 0xff;
471 response[1] = (sd->vhs >> 16) & 0xff;
472 response[2] = (sd->vhs >> 8) & 0xff;
473 response[3] = (sd->vhs >> 0) & 0xff;
474}
475
b7202b88
MI		 476static inline uint64_t sd_addr_to_wpnum(uint64_t addr)
477{
478 return addr >> (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT);
479}
480
ba3ed0fa 481static void sd_reset(DeviceState *dev)
a1bb27b1 482{
ba3ed0fa 483 SDState *sd = SD_CARD(dev);
2d7adea4 484 uint64_t size;
a1bb27b1
PB		 485 uint64_t sect;
486
814b2adc 487 trace_sdcard_reset();
16b781aa
PM		 488 if (sd->blk) {
489 blk_get_geometry(sd->blk, &sect);
03f311ed
PB		 490 } else {
491 sect = 0;
492 }
5e37141b 493 size = sect << 9;
a1bb27b1 494
b7202b88 495 sect = sd_addr_to_wpnum(size) + 1;
a1bb27b1
PB		 496
497 sd->state = sd_idle_state;
498 sd->rca = 0x0000;
499 sd_set_ocr(sd);
500 sd_set_scr(sd);
501 sd_set_cid(sd);
502 sd_set_csd(sd, size);
503 sd_set_cardstatus(sd);
504 sd_set_sdstatus(sd);
505
ef1e1e07 506 g_free(sd->wp_groups);
16b781aa 507 sd->wp_switch = sd->blk ? blk_is_read_only(sd->blk) : false;
50a5be6c
IM		 508 sd->wpgrps_size = sect;
509 sd->wp_groups = bitmap_new(sd->wpgrps_size);
510 memset(sd->function_group, 0, sizeof(sd->function_group));
a1bb27b1
PB		 511 sd->erase_start = 0;
512 sd->erase_end = 0;
513 sd->size = size;
514 sd->blk_len = 0x200;
515 sd->pwd_len = 0;
bebd1271 516 sd->expecting_acmd = false;
da346922
PMD		 517 sd->dat_lines = 0xf;
518 sd->cmd_line = true;
4481bbc7 519 sd->multi_blk_cnt = 0;
a1bb27b1
PB		 520}
521
c759a790
PM		 522static bool sd_get_inserted(SDState *sd)
523{
0719e71e 524 return sd->blk && blk_is_inserted(sd->blk);
c759a790
PM		 525}
526
527static bool sd_get_readonly(SDState *sd)
528{
529 return sd->wp_switch;
530}
531
39829a01 532static void sd_cardchange(void *opaque, bool load, Error **errp)
a1bb27b1
PB		 533{
534 SDState *sd = opaque;
c759a790
PM		 535 DeviceState *dev = DEVICE(sd);
536 SDBus *sdbus = SD_BUS(qdev_get_parent_bus(dev));
537 bool inserted = sd_get_inserted(sd);
538 bool readonly = sd_get_readonly(sd);
db97ee6a 539
c759a790 540 if (inserted) {
814b2adc 541 trace_sdcard_inserted(readonly);
c759a790 542 sd_reset(dev);
814b2adc
PMD		 543 } else {
544 trace_sdcard_ejected();
c759a790
PM		 545 }
546
547 /* The IRQ notification is for legacy non-QOM SD controller devices;
548 * QOMified controllers use the SDBus APIs.
549 */
550 if (sdbus) {
551 sdbus_set_inserted(sdbus, inserted);
552 if (inserted) {
553 sdbus_set_readonly(sdbus, readonly);
554 }
555 } else {
556 qemu_set_irq(sd->inserted_cb, inserted);
557 if (inserted) {
558 qemu_set_irq(sd->readonly_cb, readonly);
559 }
a1bb27b1
PB		 560 }
561}
562
0e49de52 563static const BlockDevOps sd_block_ops = {
145feb17 564 .change_media_cb = sd_cardchange,
0e49de52
MA		 565};
566
dd26eb43
AB		 567static bool sd_ocr_vmstate_needed(void *opaque)
568{
569 SDState *sd = opaque;
570
571 /* Include the OCR state (and timer) if it is not yet powered up */
572 return !(sd->ocr & OCR_POWER_UP);
573}
574
575static const VMStateDescription sd_ocr_vmstate = {
576 .name = "sd-card/ocr-state",
577 .version_id = 1,
578 .minimum_version_id = 1,
579 .needed = sd_ocr_vmstate_needed,
580 .fields = (VMStateField[]) {
581 VMSTATE_UINT32(ocr, SDState),
582 VMSTATE_TIMER_PTR(ocr_power_timer, SDState),
583 VMSTATE_END_OF_LIST()
584 },
585};
586
587static int sd_vmstate_pre_load(void *opaque)
588{
589 SDState *sd = opaque;
590
591 /* If the OCR state is not included (prior versions, or not
592 * needed), then the OCR must be set as powered up. If the OCR state
593 * is included, this will be replaced by the state restore.
594 */
595 sd_ocr_powerup(sd);
596
597 return 0;
598}
599
50a5be6c
IM		 600static const VMStateDescription sd_vmstate = {
601 .name = "sd-card",
602 .version_id = 1,
603 .minimum_version_id = 1,
dd26eb43 604 .pre_load = sd_vmstate_pre_load,
50a5be6c
IM		 605 .fields = (VMStateField[]) {
606 VMSTATE_UINT32(mode, SDState),
607 VMSTATE_INT32(state, SDState),
608 VMSTATE_UINT8_ARRAY(cid, SDState, 16),
609 VMSTATE_UINT8_ARRAY(csd, SDState, 16),
610 VMSTATE_UINT16(rca, SDState),
611 VMSTATE_UINT32(card_status, SDState),
612 VMSTATE_PARTIAL_BUFFER(sd_status, SDState, 1),
613 VMSTATE_UINT32(vhs, SDState),
614 VMSTATE_BITMAP(wp_groups, SDState, 0, wpgrps_size),
615 VMSTATE_UINT32(blk_len, SDState),
4481bbc7 616 VMSTATE_UINT32(multi_blk_cnt, SDState),
50a5be6c
IM		 617 VMSTATE_UINT32(erase_start, SDState),
618 VMSTATE_UINT32(erase_end, SDState),
619 VMSTATE_UINT8_ARRAY(pwd, SDState, 16),
620 VMSTATE_UINT32(pwd_len, SDState),
621 VMSTATE_UINT8_ARRAY(function_group, SDState, 6),
622 VMSTATE_UINT8(current_cmd, SDState),
623 VMSTATE_BOOL(expecting_acmd, SDState),
624 VMSTATE_UINT32(blk_written, SDState),
625 VMSTATE_UINT64(data_start, SDState),
626 VMSTATE_UINT32(data_offset, SDState),
627 VMSTATE_UINT8_ARRAY(data, SDState, 512),
12c125cb 628 VMSTATE_UNUSED_V(1, 512),
50a5be6c
IM		 629 VMSTATE_BOOL(enable, SDState),
630 VMSTATE_END_OF_LIST()
dd26eb43
AB		 631 },
632 .subsections = (const VMStateDescription*[]) {
633 &sd_ocr_vmstate,
634 NULL
635 },
50a5be6c
IM		 636};
637
260bc9d8 638/* Legacy initialization function for use by non-qdevified callers */
4be74634 639SDState *sd_init(BlockBackend *blk, bool is_spi)
a1bb27b1 640{
fec44a8c 641 Object *obj;
260bc9d8
PM		 642 DeviceState *dev;
643 Error *err = NULL;
a1bb27b1 644
fec44a8c
PM		 645 obj = object_new(TYPE_SD_CARD);
646 dev = DEVICE(obj);
260bc9d8
PM		 647 qdev_prop_set_drive(dev, "drive", blk, &err);
648 if (err) {
649 error_report("sd_init failed: %s", error_get_pretty(err));
4f8a066b
KW		 650 return NULL;
651 }
260bc9d8 652 qdev_prop_set_bit(dev, "spi", is_spi);
fec44a8c 653 object_property_set_bool(obj, true, "realized", &err);
260bc9d8
PM		 654 if (err) {
655 error_report("sd_init failed: %s", error_get_pretty(err));
656 return NULL;
03f311ed 657 }
260bc9d8
PM		 658
659 return SD_CARD(dev);
a1bb27b1
PB		 660}
661
02ce600c 662void sd_set_cb(SDState *sd, qemu_irq readonly, qemu_irq insert)
a1bb27b1 663{
02ce600c
AZ		 664 sd->readonly_cb = readonly;
665 sd->inserted_cb = insert;
4be74634
MA		 666 qemu_set_irq(readonly, sd->blk ? blk_is_read_only(sd->blk) : 0);
667 qemu_set_irq(insert, sd->blk ? blk_is_inserted(sd->blk) : 0);
a1bb27b1
PB		 668}
669
670static void sd_erase(SDState *sd)
671{
f2d189d3
IM		 672 int i;
673 uint64_t erase_start = sd->erase_start;
674 uint64_t erase_end = sd->erase_end;
675
814b2adc 676 trace_sdcard_erase();
a1bb27b1
PB		 677 if (!sd->erase_start || !sd->erase_end) {
678 sd->card_status |= ERASE_SEQ_ERROR;
679 return;
680 }
681
f2d189d3
IM		 682 if (extract32(sd->ocr, OCR_CCS_BITN, 1)) {
683 /* High capacity memory card: erase units are 512 byte blocks */
684 erase_start *= 512;
685 erase_end *= 512;
686 }
687
688 erase_start = sd_addr_to_wpnum(erase_start);
689 erase_end = sd_addr_to_wpnum(erase_end);
a1bb27b1
PB		 690 sd->erase_start = 0;
691 sd->erase_end = 0;
692 sd->csd[14] |= 0x40;
693
f2d189d3 694 for (i = erase_start; i <= erase_end; i++) {
a9c01830 695 if (test_bit(i, sd->wp_groups)) {
a1bb27b1 696 sd->card_status |= WP_ERASE_SKIP;
a9c01830
MI		 697 }
698 }
a1bb27b1
PB		 699}
700
2d7adea4 701static uint32_t sd_wpbits(SDState *sd, uint64_t addr)
a1bb27b1
PB		 702{
703 uint32_t i, wpnum;
704 uint32_t ret = 0;
705
b7202b88 706 wpnum = sd_addr_to_wpnum(addr);
a1bb27b1 707
a9c01830
MI		 708 for (i = 0; i < 32; i++, wpnum++, addr += WPGROUP_SIZE) {
709 if (addr < sd->size && test_bit(wpnum, sd->wp_groups)) {
a1bb27b1 710 ret |= (1 << i);
a9c01830
MI		 711 }
712 }
a1bb27b1
PB		 713
714 return ret;
715}
716
717static void sd_function_switch(SDState *sd, uint32_t arg)
718{
719 int i, mode, new_func, crc;
720 mode = !!(arg & 0x80000000);
721
722 sd->data[0] = 0x00; /* Maximum current consumption */
723 sd->data[1] = 0x01;
724 sd->data[2] = 0x80; /* Supported group 6 functions */
725 sd->data[3] = 0x01;
726 sd->data[4] = 0x80; /* Supported group 5 functions */
727 sd->data[5] = 0x01;
728 sd->data[6] = 0x80; /* Supported group 4 functions */
729 sd->data[7] = 0x01;
730 sd->data[8] = 0x80; /* Supported group 3 functions */
731 sd->data[9] = 0x01;
732 sd->data[10] = 0x80; /* Supported group 2 functions */
733 sd->data[11] = 0x43;
734 sd->data[12] = 0x80; /* Supported group 1 functions */
735 sd->data[13] = 0x03;
736 for (i = 0; i < 6; i ++) {
737 new_func = (arg >> (i * 4)) & 0x0f;
738 if (mode && new_func != 0x0f)
739 sd->function_group[i] = new_func;
740 sd->data[14 + (i >> 1)] = new_func << ((i * 4) & 4);
741 }
742 memset(&sd->data[17], 0, 47);
743 crc = sd_crc16(sd->data, 64);
744 sd->data[65] = crc >> 8;
745 sd->data[66] = crc & 0xff;
746}
747
4e8f1be2 748static inline bool sd_wp_addr(SDState *sd, uint64_t addr)
a1bb27b1 749{
b7202b88 750 return test_bit(sd_addr_to_wpnum(addr), sd->wp_groups);
a1bb27b1
PB		 751}
752
753static void sd_lock_command(SDState *sd)
754{
755 int erase, lock, clr_pwd, set_pwd, pwd_len;
756 erase = !!(sd->data[0] & 0x08);
757 lock = sd->data[0] & 0x04;
758 clr_pwd = sd->data[0] & 0x02;
759 set_pwd = sd->data[0] & 0x01;
760
761 if (sd->blk_len > 1)
762 pwd_len = sd->data[1];
763 else
764 pwd_len = 0;
765
814b2adc
PMD		 766 if (lock) {
767 trace_sdcard_lock();
768 } else {
769 trace_sdcard_unlock();
770 }
a1bb27b1
PB		 771 if (erase) {
772 if (!(sd->card_status & CARD_IS_LOCKED) || sd->blk_len > 1 ||
773 set_pwd || clr_pwd || lock || sd->wp_switch ||
774 (sd->csd[14] & 0x20)) {
775 sd->card_status |= LOCK_UNLOCK_FAILED;
776 return;
777 }
50a5be6c 778 bitmap_zero(sd->wp_groups, sd->wpgrps_size);
a1bb27b1
PB		 779 sd->csd[14] &= ~0x10;
780 sd->card_status &= ~CARD_IS_LOCKED;
781 sd->pwd_len = 0;
782 /* Erasing the entire card here! */
827df9f3 783 fprintf(stderr, "SD: Card force-erased by CMD42\n");
a1bb27b1
PB		 784 return;
785 }
786
787 if (sd->blk_len < 2 + pwd_len ||
788 pwd_len <= sd->pwd_len ||
789 pwd_len > sd->pwd_len + 16) {
790 sd->card_status |= LOCK_UNLOCK_FAILED;
791 return;
792 }
793
794 if (sd->pwd_len && memcmp(sd->pwd, sd->data + 2, sd->pwd_len)) {
795 sd->card_status |= LOCK_UNLOCK_FAILED;
796 return;
797 }
798
799 pwd_len -= sd->pwd_len;
800 if ((pwd_len && !set_pwd) ||
801 (clr_pwd && (set_pwd || lock)) ||
802 (lock && !sd->pwd_len && !set_pwd) ||
803 (!set_pwd && !clr_pwd &&
804 (((sd->card_status & CARD_IS_LOCKED) && lock) ||
805 (!(sd->card_status & CARD_IS_LOCKED) && !lock)))) {
806 sd->card_status |= LOCK_UNLOCK_FAILED;
807 return;
808 }
809
810 if (set_pwd) {
811 memcpy(sd->pwd, sd->data + 2 + sd->pwd_len, pwd_len);
812 sd->pwd_len = pwd_len;
813 }
814
815 if (clr_pwd) {
816 sd->pwd_len = 0;
817 }
818
819 if (lock)
820 sd->card_status |= CARD_IS_LOCKED;
821 else
822 sd->card_status &= ~CARD_IS_LOCKED;
823}
824
c227f099 825static sd_rsp_type_t sd_normal_command(SDState *sd,
bc24a225 826 SDRequest req)
a1bb27b1
PB		 827{
828 uint32_t rca = 0x0000;
2d7adea4 829 uint64_t addr = (sd->ocr & (1 << 30)) ? (uint64_t) req.arg << 9 : req.arg;
a1bb27b1 830
1b640aa9
PMD		 831 trace_sdcard_normal_command(req.cmd, req.arg, sd_state_name(sd->state));
832
1d06cb7a
PM		 833 /* Not interpreting this as an app command */
834 sd->card_status &= ~APP_CMD;
835
f250015b
PMD		 836 if (sd_cmd_type[req.cmd] == sd_ac
837 || sd_cmd_type[req.cmd] == sd_adtc) {
a1bb27b1 838 rca = req.arg >> 16;
97f4ed3b 839 }
a1bb27b1 840
4481bbc7
AB		 841 /* CMD23 (set block count) must be immediately followed by CMD18 or CMD25
842 * if not, its effects are cancelled */
843 if (sd->multi_blk_cnt != 0 && !(req.cmd == 18 || req.cmd == 25)) {
844 sd->multi_blk_cnt = 0;
845 }
846
a1bb27b1
PB		 847 switch (req.cmd) {
848 /* Basic commands (Class 0 and Class 1) */
849 case 0: /* CMD0: GO_IDLE_STATE */
850 switch (sd->state) {
851 case sd_inactive_state:
775616c3 852 return sd->spi ? sd_r1 : sd_r0;
a1bb27b1
PB		 853
854 default:
855 sd->state = sd_idle_state;
ba3ed0fa 856 sd_reset(DEVICE(sd));
775616c3 857 return sd->spi ? sd_r1 : sd_r0;
a1bb27b1
PB		 858 }
859 break;
860
775616c3
PB		 861 case 1: /* CMD1: SEND_OP_CMD */
862 if (!sd->spi)
863 goto bad_cmd;
864
865 sd->state = sd_transfer_state;
866 return sd_r1;
867
a1bb27b1 868 case 2: /* CMD2: ALL_SEND_CID */
775616c3
PB		 869 if (sd->spi)
870 goto bad_cmd;
a1bb27b1
PB		 871 switch (sd->state) {
872 case sd_ready_state:
873 sd->state = sd_identification_state;
874 return sd_r2_i;
875
876 default:
877 break;
878 }
879 break;
880
881 case 3: /* CMD3: SEND_RELATIVE_ADDR */
775616c3
PB		 882 if (sd->spi)
883 goto bad_cmd;
a1bb27b1
PB		 884 switch (sd->state) {
885 case sd_identification_state:
886 case sd_standby_state:
887 sd->state = sd_standby_state;
888 sd_set_rca(sd);
889 return sd_r6;
890
891 default:
892 break;
893 }
894 break;
895
896 case 4: /* CMD4: SEND_DSR */
775616c3
PB		 897 if (sd->spi)
898 goto bad_cmd;
a1bb27b1
PB		 899 switch (sd->state) {
900 case sd_standby_state:
901 break;
902
903 default:
904 break;
905 }
906 break;
907
109ac32f 908 case 5: /* CMD5: reserved for SDIO cards */
53bb8cc4 909 return sd_illegal;
109ac32f 910
a1bb27b1 911 case 6: /* CMD6: SWITCH_FUNCTION */
775616c3
PB		 912 if (sd->spi)
913 goto bad_cmd;
a1bb27b1
PB		 914 switch (sd->mode) {
915 case sd_data_transfer_mode:
916 sd_function_switch(sd, req.arg);
917 sd->state = sd_sendingdata_state;
918 sd->data_start = 0;
919 sd->data_offset = 0;
920 return sd_r1;
921
922 default:
923 break;
924 }
925 break;
926
927 case 7: /* CMD7: SELECT/DESELECT_CARD */
775616c3
PB		 928 if (sd->spi)
929 goto bad_cmd;
a1bb27b1
PB		 930 switch (sd->state) {
931 case sd_standby_state:
932 if (sd->rca != rca)
933 return sd_r0;
934
935 sd->state = sd_transfer_state;
936 return sd_r1b;
937
938 case sd_transfer_state:
939 case sd_sendingdata_state:
940 if (sd->rca == rca)
941 break;
942
943 sd->state = sd_standby_state;
944 return sd_r1b;
945
946 case sd_disconnect_state:
947 if (sd->rca != rca)
948 return sd_r0;
949
950 sd->state = sd_programming_state;
951 return sd_r1b;
952
953 case sd_programming_state:
954 if (sd->rca == rca)
955 break;
956
957 sd->state = sd_disconnect_state;
958 return sd_r1b;
959
960 default:
961 break;
962 }
963 break;
964
1b088995
AZ		 965 case 8: /* CMD8: SEND_IF_COND */
966 /* Physical Layer Specification Version 2.00 command */
967 switch (sd->state) {
968 case sd_idle_state:
969 sd->vhs = 0;
970
971 /* No response if not exactly one VHS bit is set. */
c9d93318 972 if (!(req.arg >> 8) || (req.arg >> (ctz32(req.arg & ~0xff) + 1))) {
1b088995 973 return sd->spi ? sd_r7 : sd_r0;
c9d93318 974 }
1b088995
AZ		 975
976 /* Accept. */
977 sd->vhs = req.arg;
978 return sd_r7;
979
980 default:
981 break;
982 }
983 break;
984
a1bb27b1
PB		 985 case 9: /* CMD9: SEND_CSD */
986 switch (sd->state) {
987 case sd_standby_state:
988 if (sd->rca != rca)
989 return sd_r0;
990
991 return sd_r2_s;
992
775616c3
PB		 993 case sd_transfer_state:
994 if (!sd->spi)
995 break;
996 sd->state = sd_sendingdata_state;
997 memcpy(sd->data, sd->csd, 16);
2d7adea4 998 sd->data_start = addr;
775616c3
PB		 999 sd->data_offset = 0;
1000 return sd_r1;
1001
a1bb27b1
PB		 1002 default:
1003 break;
1004 }
1005 break;
1006
1007 case 10: /* CMD10: SEND_CID */
1008 switch (sd->state) {
1009 case sd_standby_state:
1010 if (sd->rca != rca)
1011 return sd_r0;
1012
1013 return sd_r2_i;
1014
775616c3
PB		 1015 case sd_transfer_state:
1016 if (!sd->spi)
1017 break;
1018 sd->state = sd_sendingdata_state;
1019 memcpy(sd->data, sd->cid, 16);
2d7adea4 1020 sd->data_start = addr;
775616c3
PB		 1021 sd->data_offset = 0;
1022 return sd_r1;
1023
a1bb27b1
PB		 1024 default:
1025 break;
1026 }
1027 break;
1028
1029 case 11: /* CMD11: READ_DAT_UNTIL_STOP */
775616c3
PB		 1030 if (sd->spi)
1031 goto bad_cmd;
a1bb27b1
PB		 1032 switch (sd->state) {
1033 case sd_transfer_state:
1034 sd->state = sd_sendingdata_state;
1035 sd->data_start = req.arg;
1036 sd->data_offset = 0;
1037
1038 if (sd->data_start + sd->blk_len > sd->size)
1039 sd->card_status |= ADDRESS_ERROR;
1040 return sd_r0;
1041
1042 default:
1043 break;
1044 }
1045 break;
1046
1047 case 12: /* CMD12: STOP_TRANSMISSION */
1048 switch (sd->state) {
1049 case sd_sendingdata_state:
1050 sd->state = sd_transfer_state;
1051 return sd_r1b;
1052
1053 case sd_receivingdata_state:
1054 sd->state = sd_programming_state;
1055 /* Bzzzzzzztt .... Operation complete. */
1056 sd->state = sd_transfer_state;
1057 return sd_r1b;
1058
1059 default:
1060 break;
1061 }
1062 break;
1063
1064 case 13: /* CMD13: SEND_STATUS */
1065 switch (sd->mode) {
1066 case sd_data_transfer_mode:
1067 if (sd->rca != rca)
1068 return sd_r0;
1069
1070 return sd_r1;
1071
1072 default:
1073 break;
1074 }
1075 break;
1076
1077 case 15: /* CMD15: GO_INACTIVE_STATE */
775616c3
PB		 1078 if (sd->spi)
1079 goto bad_cmd;
a1bb27b1
PB		 1080 switch (sd->mode) {
1081 case sd_data_transfer_mode:
1082 if (sd->rca != rca)
1083 return sd_r0;
1084
1085 sd->state = sd_inactive_state;
1086 return sd_r0;
1087
1088 default:
1089 break;
1090 }
1091 break;
1092
1093 /* Block read commands (Classs 2) */
1094 case 16: /* CMD16: SET_BLOCKLEN */
1095 switch (sd->state) {
1096 case sd_transfer_state:
814b2adc 1097 if (req.arg > (1 << HWBLOCK_SHIFT)) {
a1bb27b1 1098 sd->card_status |= BLOCK_LEN_ERROR;
814b2adc
PMD		 1099 } else {
1100 trace_sdcard_set_blocklen(req.arg);
a1bb27b1 1101 sd->blk_len = req.arg;
814b2adc 1102 }
a1bb27b1
PB		 1103
1104 return sd_r1;
1105
1106 default:
1107 break;
1108 }
1109 break;
1110
1111 case 17: /* CMD17: READ_SINGLE_BLOCK */
1112 switch (sd->state) {
1113 case sd_transfer_state:
1114 sd->state = sd_sendingdata_state;
2d7adea4 1115 sd->data_start = addr;
a1bb27b1
PB		 1116 sd->data_offset = 0;
1117
1118 if (sd->data_start + sd->blk_len > sd->size)
1119 sd->card_status |= ADDRESS_ERROR;
1120 return sd_r1;
1121
1122 default:
1123 break;
1124 }
1125 break;
1126
1127 case 18: /* CMD18: READ_MULTIPLE_BLOCK */
1128 switch (sd->state) {
1129 case sd_transfer_state:
1130 sd->state = sd_sendingdata_state;
2d7adea4 1131 sd->data_start = addr;
a1bb27b1
PB		 1132 sd->data_offset = 0;
1133
1134 if (sd->data_start + sd->blk_len > sd->size)
1135 sd->card_status |= ADDRESS_ERROR;
1136 return sd_r1;
1137
1138 default:
1139 break;
1140 }
1141 break;
1142
4481bbc7
AB		 1143 case 23: /* CMD23: SET_BLOCK_COUNT */
1144 switch (sd->state) {
1145 case sd_transfer_state:
1146 sd->multi_blk_cnt = req.arg;
1147 return sd_r1;
1148
1149 default:
1150 break;
1151 }
1152 break;
1153
a1bb27b1
PB		 1154 /* Block write commands (Class 4) */
1155 case 24: /* CMD24: WRITE_SINGLE_BLOCK */
775616c3
PB		 1156 if (sd->spi)
1157 goto unimplemented_cmd;
a1bb27b1
PB		 1158 switch (sd->state) {
1159 case sd_transfer_state:
775616c3
PB		 1160 /* Writing in SPI mode not implemented. */
1161 if (sd->spi)
1162 break;
a1bb27b1 1163 sd->state = sd_receivingdata_state;
2d7adea4 1164 sd->data_start = addr;
a1bb27b1
PB		 1165 sd->data_offset = 0;
1166 sd->blk_written = 0;
1167
1168 if (sd->data_start + sd->blk_len > sd->size)
1169 sd->card_status |= ADDRESS_ERROR;
1170 if (sd_wp_addr(sd, sd->data_start))
1171 sd->card_status |= WP_VIOLATION;
1172 if (sd->csd[14] & 0x30)
1173 sd->card_status |= WP_VIOLATION;
1174 return sd_r1;
1175
1176 default:
1177 break;
1178 }
1179 break;
1180
1181 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
775616c3
PB		 1182 if (sd->spi)
1183 goto unimplemented_cmd;
a1bb27b1
PB		 1184 switch (sd->state) {
1185 case sd_transfer_state:
775616c3
PB		 1186 /* Writing in SPI mode not implemented. */
1187 if (sd->spi)
1188 break;
a1bb27b1 1189 sd->state = sd_receivingdata_state;
2d7adea4 1190 sd->data_start = addr;
a1bb27b1
PB		 1191 sd->data_offset = 0;
1192 sd->blk_written = 0;
1193
1194 if (sd->data_start + sd->blk_len > sd->size)
1195 sd->card_status |= ADDRESS_ERROR;
1196 if (sd_wp_addr(sd, sd->data_start))
1197 sd->card_status |= WP_VIOLATION;
1198 if (sd->csd[14] & 0x30)
1199 sd->card_status |= WP_VIOLATION;
1200 return sd_r1;
1201
1202 default:
1203 break;
1204 }
1205 break;
1206
1207 case 26: /* CMD26: PROGRAM_CID */
775616c3
PB		 1208 if (sd->spi)
1209 goto bad_cmd;
a1bb27b1
PB		 1210 switch (sd->state) {
1211 case sd_transfer_state:
1212 sd->state = sd_receivingdata_state;
1213 sd->data_start = 0;
1214 sd->data_offset = 0;
1215 return sd_r1;
1216
1217 default:
1218 break;
1219 }
1220 break;
1221
1222 case 27: /* CMD27: PROGRAM_CSD */
775616c3
PB		 1223 if (sd->spi)
1224 goto unimplemented_cmd;
a1bb27b1
PB		 1225 switch (sd->state) {
1226 case sd_transfer_state:
1227 sd->state = sd_receivingdata_state;
1228 sd->data_start = 0;
1229 sd->data_offset = 0;
1230 return sd_r1;
1231
1232 default:
1233 break;
1234 }
1235 break;
1236
1237 /* Write protection (Class 6) */
1238 case 28: /* CMD28: SET_WRITE_PROT */
1239 switch (sd->state) {
1240 case sd_transfer_state:
2d7adea4 1241 if (addr >= sd->size) {
e30d5938 1242 sd->card_status |= ADDRESS_ERROR;
a1bb27b1
PB		 1243 return sd_r1b;
1244 }
1245
1246 sd->state = sd_programming_state;
b7202b88 1247 set_bit(sd_addr_to_wpnum(addr), sd->wp_groups);
a1bb27b1
PB		 1248 /* Bzzzzzzztt .... Operation complete. */
1249 sd->state = sd_transfer_state;
1250 return sd_r1b;
1251
1252 default:
1253 break;
1254 }
1255 break;
1256
1257 case 29: /* CMD29: CLR_WRITE_PROT */
1258 switch (sd->state) {
1259 case sd_transfer_state:
2d7adea4 1260 if (addr >= sd->size) {
e30d5938 1261 sd->card_status |= ADDRESS_ERROR;
a1bb27b1
PB		 1262 return sd_r1b;
1263 }
1264
1265 sd->state = sd_programming_state;
b7202b88 1266 clear_bit(sd_addr_to_wpnum(addr), sd->wp_groups);
a1bb27b1
PB		 1267 /* Bzzzzzzztt .... Operation complete. */
1268 sd->state = sd_transfer_state;
1269 return sd_r1b;
1270
1271 default:
1272 break;
1273 }
1274 break;
1275
1276 case 30: /* CMD30: SEND_WRITE_PROT */
1277 switch (sd->state) {
1278 case sd_transfer_state:
1279 sd->state = sd_sendingdata_state;
1280 *(uint32_t *) sd->data = sd_wpbits(sd, req.arg);
2d7adea4 1281 sd->data_start = addr;
a1bb27b1
PB		 1282 sd->data_offset = 0;
1283 return sd_r1b;
1284
1285 default:
1286 break;
1287 }
1288 break;
1289
1290 /* Erase commands (Class 5) */
1291 case 32: /* CMD32: ERASE_WR_BLK_START */
1292 switch (sd->state) {
1293 case sd_transfer_state:
1294 sd->erase_start = req.arg;
1295 return sd_r1;
1296
1297 default:
1298 break;
1299 }
1300 break;
1301
1302 case 33: /* CMD33: ERASE_WR_BLK_END */
1303 switch (sd->state) {
1304 case sd_transfer_state:
1305 sd->erase_end = req.arg;
1306 return sd_r1;
1307
1308 default:
1309 break;
1310 }
1311 break;
1312
1313 case 38: /* CMD38: ERASE */
1314 switch (sd->state) {
1315 case sd_transfer_state:
1316 if (sd->csd[14] & 0x30) {
1317 sd->card_status |= WP_VIOLATION;
1318 return sd_r1b;
1319 }
1320
1321 sd->state = sd_programming_state;
1322 sd_erase(sd);
1323 /* Bzzzzzzztt .... Operation complete. */
1324 sd->state = sd_transfer_state;
1325 return sd_r1b;
1326
1327 default:
1328 break;
1329 }
1330 break;
1331
1332 /* Lock card commands (Class 7) */
1333 case 42: /* CMD42: LOCK_UNLOCK */
775616c3
PB		 1334 if (sd->spi)
1335 goto unimplemented_cmd;
a1bb27b1
PB		 1336 switch (sd->state) {
1337 case sd_transfer_state:
1338 sd->state = sd_receivingdata_state;
1339 sd->data_start = 0;
1340 sd->data_offset = 0;
1341 return sd_r1;
1342
1343 default:
1344 break;
1345 }
1346 break;
1347
39e594db
PM		 1348 case 52:
1349 case 53:
1350 /* CMD52, CMD53: reserved for SDIO cards
1351 * (see the SDIO Simplified Specification V2.0)
1352 * Handle as illegal command but do not complain
1353 * on stderr, as some OSes may use these in their
1354 * probing for presence of an SDIO card.
1355 */
53bb8cc4 1356 return sd_illegal;
39e594db 1357
a1bb27b1
PB		 1358 /* Application specific commands (Class 8) */
1359 case 55: /* CMD55: APP_CMD */
1360 if (sd->rca != rca)
1361 return sd_r0;
1362
bebd1271 1363 sd->expecting_acmd = true;
a1bb27b1
PB		 1364 sd->card_status |= APP_CMD;
1365 return sd_r1;
1366
1367 case 56: /* CMD56: GEN_CMD */
a1bb27b1
PB		 1368 switch (sd->state) {
1369 case sd_transfer_state:
1370 sd->data_offset = 0;
1371 if (req.arg & 1)
1372 sd->state = sd_sendingdata_state;
1373 else
1374 sd->state = sd_receivingdata_state;
1375 return sd_r1;
1376
1377 default:
1378 break;
1379 }
1380 break;
1381
1382 default:
775616c3 1383 bad_cmd:
9800ad88 1384 qemu_log_mask(LOG_GUEST_ERROR, "SD: Unknown CMD%i\n", req.cmd);
53bb8cc4 1385 return sd_illegal;
775616c3
PB		 1386
1387 unimplemented_cmd:
1388 /* Commands that are recognised but not yet implemented in SPI mode. */
9800ad88
AB		 1389 qemu_log_mask(LOG_UNIMP, "SD: CMD%i not implemented in SPI mode\n",
1390 req.cmd);
53bb8cc4 1391 return sd_illegal;
a1bb27b1
PB		 1392 }
1393
9800ad88 1394 qemu_log_mask(LOG_GUEST_ERROR, "SD: CMD%i in a wrong state\n", req.cmd);
53bb8cc4 1395 return sd_illegal;
a1bb27b1
PB		 1396}
1397
c227f099 1398static sd_rsp_type_t sd_app_command(SDState *sd,
22ed1d34
BS		 1399 SDRequest req)
1400{
1b640aa9 1401 trace_sdcard_app_command(req.cmd, req.arg);
1d06cb7a 1402 sd->card_status |= APP_CMD;
a1bb27b1
PB		 1403 switch (req.cmd) {
1404 case 6: /* ACMD6: SET_BUS_WIDTH */
1405 switch (sd->state) {
1406 case sd_transfer_state:
1407 sd->sd_status[0] &= 0x3f;
1408 sd->sd_status[0] |= (req.arg & 0x03) << 6;
1409 return sd_r1;
1410
1411 default:
1412 break;
1413 }
1414 break;
1415
1416 case 13: /* ACMD13: SD_STATUS */
1417 switch (sd->state) {
1418 case sd_transfer_state:
fb1ba03a 1419 sd->state = sd_sendingdata_state;
a1bb27b1
PB		 1420 sd->data_start = 0;
1421 sd->data_offset = 0;
1422 return sd_r1;
1423
1424 default:
1425 break;
1426 }
1427 break;
1428
1429 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
1430 switch (sd->state) {
1431 case sd_transfer_state:
1432 *(uint32_t *) sd->data = sd->blk_written;
1433
fb1ba03a 1434 sd->state = sd_sendingdata_state;
a1bb27b1
PB		 1435 sd->data_start = 0;
1436 sd->data_offset = 0;
1437 return sd_r1;
1438
1439 default:
1440 break;
1441 }
1442 break;
1443
1444 case 23: /* ACMD23: SET_WR_BLK_ERASE_COUNT */
1445 switch (sd->state) {
1446 case sd_transfer_state:
1447 return sd_r1;
1448
1449 default:
1450 break;
1451 }
1452 break;
1453
1454 case 41: /* ACMD41: SD_APP_OP_COND */
775616c3
PB		 1455 if (sd->spi) {
1456 /* SEND_OP_CMD */
1457 sd->state = sd_transfer_state;
1458 return sd_r1;
1459 }
a1bb27b1
PB		 1460 switch (sd->state) {
1461 case sd_idle_state:
dd26eb43
AB		 1462 /* If it's the first ACMD41 since reset, we need to decide
1463 * whether to power up. If this is not an enquiry ACMD41,
1464 * we immediately report power on and proceed below to the
1465 * ready state, but if it is, we set a timer to model a
1466 * delay for power up. This works around a bug in EDK2
1467 * UEFI, which sends an initial enquiry ACMD41, but
1468 * assumes that the card is in ready state as soon as it
1469 * sees the power up bit set. */
1470 if (!(sd->ocr & OCR_POWER_UP)) {
1471 if ((req.arg & ACMD41_ENQUIRY_MASK) != 0) {
1472 timer_del(sd->ocr_power_timer);
1473 sd_ocr_powerup(sd);
814b2adc
PMD		 1474 } else {
1475 trace_sdcard_inquiry_cmd41();
1476 if (!timer_pending(sd->ocr_power_timer)) {
1477 timer_mod_ns(sd->ocr_power_timer,
1478 (qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL)
1479 + OCR_POWER_DELAY_NS));
1480 }
dd26eb43
AB		 1481 }
1482 }
1483
37ab4a56
PC		 1484 /* We accept any voltage. 10000 V is nothing.
1485 *
dd26eb43 1486 * Once we're powered up, we advance straight to ready state
37ab4a56
PC		 1487 * unless it's an enquiry ACMD41 (bits 23:0 == 0).
1488 */
1489 if (req.arg & ACMD41_ENQUIRY_MASK) {
a1bb27b1 1490 sd->state = sd_ready_state;
37ab4a56 1491 }
a1bb27b1
PB		 1492
1493 return sd_r3;
1494
1495 default:
1496 break;
1497 }
1498 break;
1499
1500 case 42: /* ACMD42: SET_CLR_CARD_DETECT */
1501 switch (sd->state) {
1502 case sd_transfer_state:
1503 /* Bringing in the 50KOhm pull-up resistor... Done. */
1504 return sd_r1;
1505
1506 default:
1507 break;
1508 }
1509 break;
1510
1511 case 51: /* ACMD51: SEND_SCR */
1512 switch (sd->state) {
1513 case sd_transfer_state:
1514 sd->state = sd_sendingdata_state;
1515 sd->data_start = 0;
1516 sd->data_offset = 0;
1517 return sd_r1;
1518
1519 default:
1520 break;
1521 }
1522 break;
1523
1524 default:
1525 /* Fall back to standard commands. */
a1bb27b1
PB		 1526 return sd_normal_command(sd, req);
1527 }
1528
9800ad88 1529 qemu_log_mask(LOG_GUEST_ERROR, "SD: ACMD%i in a wrong state\n", req.cmd);
5b08bfe2 1530 return sd_illegal;
a1bb27b1
PB		 1531}
1532
25881d33
PM		 1533static int cmd_valid_while_locked(SDState *sd, SDRequest *req)
1534{
1535 /* Valid commands in locked state:
1536 * basic class (0)
1537 * lock card class (7)
1538 * CMD16
1539 * implicitly, the ACMD prefix CMD55
1540 * ACMD41 and ACMD42
1541 * Anything else provokes an "illegal command" response.
1542 */
1d06cb7a 1543 if (sd->expecting_acmd) {
25881d33
PM		 1544 return req->cmd == 41 || req->cmd == 42;
1545 }
1546 if (req->cmd == 16 || req->cmd == 55) {
1547 return 1;
1548 }
f250015b
PMD		 1549 return sd_cmd_class[req->cmd] == 0
1550 || sd_cmd_class[req->cmd] == 7;
25881d33
PM		 1551}
1552
bc24a225 1553int sd_do_command(SDState *sd, SDRequest *req,
a1bb27b1 1554 uint8_t *response) {
10a412da 1555 int last_state;
c227f099 1556 sd_rsp_type_t rtype;
a1bb27b1
PB		 1557 int rsplen;
1558
4be74634 1559 if (!sd->blk || !blk_is_inserted(sd->blk) || !sd->enable) {
a1bb27b1
PB		 1560 return 0;
1561 }
1562
1563 if (sd_req_crc_validate(req)) {
abda1f37 1564 sd->card_status |= COM_CRC_ERROR;
b1f517ed
PM		 1565 rtype = sd_illegal;
1566 goto send_response;
a1bb27b1
PB		 1567 }
1568
f250015b
PMD		 1569 if (req->cmd >= SDMMC_CMD_MAX) {
1570 qemu_log_mask(LOG_GUEST_ERROR, "SD: incorrect command 0x%02x\n",
1571 req->cmd);
1572 req->cmd &= 0x3f;
1573 }
1574
10a412da 1575 if (sd->card_status & CARD_IS_LOCKED) {
25881d33 1576 if (!cmd_valid_while_locked(sd, req)) {
a1bb27b1 1577 sd->card_status |= ILLEGAL_COMMAND;
bebd1271 1578 sd->expecting_acmd = false;
9800ad88 1579 qemu_log_mask(LOG_GUEST_ERROR, "SD: Card is locked\n");
b1f517ed
PM		 1580 rtype = sd_illegal;
1581 goto send_response;
a1bb27b1 1582 }
25881d33 1583 }
a1bb27b1 1584
10a412da
PM		 1585 last_state = sd->state;
1586 sd_set_mode(sd);
1587
1d06cb7a 1588 if (sd->expecting_acmd) {
bebd1271 1589 sd->expecting_acmd = false;
a1bb27b1 1590 rtype = sd_app_command(sd, *req);
1d06cb7a 1591 } else {
a1bb27b1 1592 rtype = sd_normal_command(sd, *req);
1d06cb7a 1593 }
a1bb27b1 1594
53bb8cc4
PM		 1595 if (rtype == sd_illegal) {
1596 sd->card_status |= ILLEGAL_COMMAND;
10a412da
PM		 1597 } else {
1598 /* Valid command, we can update the 'state before command' bits.
1599 * (Do this now so they appear in r1 responses.)
1600 */
1601 sd->current_cmd = req->cmd;
1602 sd->card_status &= ~CURRENT_STATE;
1603 sd->card_status |= (last_state << 9);
53bb8cc4
PM		 1604 }
1605
b1f517ed 1606send_response:
a1bb27b1
PB		 1607 switch (rtype) {
1608 case sd_r1:
1609 case sd_r1b:
10a412da 1610 sd_response_r1_make(sd, response);
a1bb27b1
PB		 1611 rsplen = 4;
1612 break;
1613
1614 case sd_r2_i:
1615 memcpy(response, sd->cid, sizeof(sd->cid));
a1bb27b1
PB		 1616 rsplen = 16;
1617 break;
1618
1619 case sd_r2_s:
1620 memcpy(response, sd->csd, sizeof(sd->csd));
a1bb27b1
PB		 1621 rsplen = 16;
1622 break;
1623
1624 case sd_r3:
1625 sd_response_r3_make(sd, response);
1626 rsplen = 4;
1627 break;
1628
1629 case sd_r6:
1630 sd_response_r6_make(sd, response);
1631 rsplen = 4;
1632 break;
1633
1b088995
AZ		 1634 case sd_r7:
1635 sd_response_r7_make(sd, response);
1636 rsplen = 4;
1637 break;
1638
a1bb27b1 1639 case sd_r0:
53bb8cc4 1640 case sd_illegal:
a1bb27b1
PB		 1641 rsplen = 0;
1642 break;
55921932
PMD		 1643 default:
1644 g_assert_not_reached();
a1bb27b1 1645 }
55921932 1646 trace_sdcard_response(sd_response_name(rtype), rsplen);
a1bb27b1 1647
10a412da
PM		 1648 if (rtype != sd_illegal) {
1649 /* Clear the "clear on valid command" status bits now we've
1650 * sent any response
1651 */
1652 sd->card_status &= ~CARD_STATUS_B;
1653 }
1654
a1bb27b1 1655#ifdef DEBUG_SD
5cd5e2e7 1656 qemu_hexdump((const char *)response, stderr, "Response", rsplen);
a1bb27b1
PB		 1657#endif
1658
1659 return rsplen;
1660}
1661
2d7adea4 1662static void sd_blk_read(SDState *sd, uint64_t addr, uint32_t len)
a1bb27b1 1663{
1b640aa9 1664 trace_sdcard_read_block(addr, len);
12c125cb 1665 if (!sd->blk || blk_pread(sd->blk, addr, sd->data, len) < 0) {
827df9f3 1666 fprintf(stderr, "sd_blk_read: read error on host side\n");
a1bb27b1 1667 }
a1bb27b1
PB		 1668}
1669
2d7adea4 1670static void sd_blk_write(SDState *sd, uint64_t addr, uint32_t len)
a1bb27b1 1671{
1b640aa9 1672 trace_sdcard_write_block(addr, len);
12c125cb
EB		 1673 if (!sd->blk || blk_pwrite(sd->blk, addr, sd->data, len, 0) < 0) {
1674 fprintf(stderr, "sd_blk_write: write error on host side\n");
a1bb27b1
PB		 1675 }
1676}
1677
33f00271
AZ		 1678#define BLK_READ_BLOCK(a, len) sd_blk_read(sd, a, len)
1679#define BLK_WRITE_BLOCK(a, len) sd_blk_write(sd, a, len)
a1bb27b1
PB		 1680#define APP_READ_BLOCK(a, len) memset(sd->data, 0xec, len)
1681#define APP_WRITE_BLOCK(a, len)
1682
1683void sd_write_data(SDState *sd, uint8_t value)
1684{
1685 int i;
1686
4be74634 1687 if (!sd->blk || !blk_is_inserted(sd->blk) || !sd->enable)
a1bb27b1
PB		 1688 return;
1689
1690 if (sd->state != sd_receivingdata_state) {
9800ad88
AB		 1691 qemu_log_mask(LOG_GUEST_ERROR,
1692 "sd_write_data: not in Receiving-Data state\n");
a1bb27b1
PB		 1693 return;
1694 }
1695
1696 if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION))
1697 return;
1698
814b2adc 1699 trace_sdcard_write_data(sd->current_cmd, value);
a1bb27b1
PB		 1700 switch (sd->current_cmd) {
1701 case 24: /* CMD24: WRITE_SINGLE_BLOCK */
1702 sd->data[sd->data_offset ++] = value;
1703 if (sd->data_offset >= sd->blk_len) {
1704 /* TODO: Check CRC before committing */
1705 sd->state = sd_programming_state;
1706 BLK_WRITE_BLOCK(sd->data_start, sd->data_offset);
1707 sd->blk_written ++;
1708 sd->csd[14] |= 0x40;
1709 /* Bzzzzzzztt .... Operation complete. */
1710 sd->state = sd_transfer_state;
1711 }
1712 break;
1713
1714 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
33fa8234 1715 if (sd->data_offset == 0) {
e03ba136 1716 /* Start of the block - let's check the address is valid */
a1bb27b1
PB		 1717 if (sd->data_start + sd->blk_len > sd->size) {
1718 sd->card_status |= ADDRESS_ERROR;
1719 break;
1720 }
1721 if (sd_wp_addr(sd, sd->data_start)) {
1722 sd->card_status |= WP_VIOLATION;
1723 break;
1724 }
33fa8234
DDAG		 1725 }
1726 sd->data[sd->data_offset++] = value;
1727 if (sd->data_offset >= sd->blk_len) {
1728 /* TODO: Check CRC before committing */
1729 sd->state = sd_programming_state;
1730 BLK_WRITE_BLOCK(sd->data_start, sd->data_offset);
1731 sd->blk_written++;
1732 sd->data_start += sd->blk_len;
1733 sd->data_offset = 0;
a1bb27b1
PB		 1734 sd->csd[14] |= 0x40;
1735
1736 /* Bzzzzzzztt .... Operation complete. */
4481bbc7
AB		 1737 if (sd->multi_blk_cnt != 0) {
1738 if (--sd->multi_blk_cnt == 0) {
1739 /* Stop! */
1740 sd->state = sd_transfer_state;
1741 break;
1742 }
1743 }
1744
a1bb27b1
PB		 1745 sd->state = sd_receivingdata_state;
1746 }
1747 break;
1748
1749 case 26: /* CMD26: PROGRAM_CID */
1750 sd->data[sd->data_offset ++] = value;
1751 if (sd->data_offset >= sizeof(sd->cid)) {
1752 /* TODO: Check CRC before committing */
1753 sd->state = sd_programming_state;
1754 for (i = 0; i < sizeof(sd->cid); i ++)
1755 if ((sd->cid[i] | 0x00) != sd->data[i])
1756 sd->card_status |= CID_CSD_OVERWRITE;
1757
1758 if (!(sd->card_status & CID_CSD_OVERWRITE))
1759 for (i = 0; i < sizeof(sd->cid); i ++) {
1760 sd->cid[i] |= 0x00;
1761 sd->cid[i] &= sd->data[i];
1762 }
1763 /* Bzzzzzzztt .... Operation complete. */
1764 sd->state = sd_transfer_state;
1765 }
1766 break;
1767
1768 case 27: /* CMD27: PROGRAM_CSD */
1769 sd->data[sd->data_offset ++] = value;
1770 if (sd->data_offset >= sizeof(sd->csd)) {
1771 /* TODO: Check CRC before committing */
1772 sd->state = sd_programming_state;
1773 for (i = 0; i < sizeof(sd->csd); i ++)
1774 if ((sd->csd[i] | sd_csd_rw_mask[i]) !=
1775 (sd->data[i] | sd_csd_rw_mask[i]))
1776 sd->card_status |= CID_CSD_OVERWRITE;
1777
1778 /* Copy flag (OTP) & Permanent write protect */
1779 if (sd->csd[14] & ~sd->data[14] & 0x60)
1780 sd->card_status |= CID_CSD_OVERWRITE;
1781
1782 if (!(sd->card_status & CID_CSD_OVERWRITE))
1783 for (i = 0; i < sizeof(sd->csd); i ++) {
1784 sd->csd[i] |= sd_csd_rw_mask[i];
1785 sd->csd[i] &= sd->data[i];
1786 }
1787 /* Bzzzzzzztt .... Operation complete. */
1788 sd->state = sd_transfer_state;
1789 }
1790 break;
1791
1792 case 42: /* CMD42: LOCK_UNLOCK */
1793 sd->data[sd->data_offset ++] = value;
1794 if (sd->data_offset >= sd->blk_len) {
1795 /* TODO: Check CRC before committing */
1796 sd->state = sd_programming_state;
1797 sd_lock_command(sd);
1798 /* Bzzzzzzztt .... Operation complete. */
1799 sd->state = sd_transfer_state;
1800 }
1801 break;
1802
1803 case 56: /* CMD56: GEN_CMD */
1804 sd->data[sd->data_offset ++] = value;
1805 if (sd->data_offset >= sd->blk_len) {
1806 APP_WRITE_BLOCK(sd->data_start, sd->data_offset);
1807 sd->state = sd_transfer_state;
1808 }
1809 break;
1810
1811 default:
9800ad88 1812 qemu_log_mask(LOG_GUEST_ERROR, "sd_write_data: unknown command\n");
a1bb27b1
PB		 1813 break;
1814 }
1815}
1816
1817uint8_t sd_read_data(SDState *sd)
1818{
1819 /* TODO: Append CRCs */
1820 uint8_t ret;
2d7adea4 1821 int io_len;
a1bb27b1 1822
4be74634 1823 if (!sd->blk || !blk_is_inserted(sd->blk) || !sd->enable)
a1bb27b1
PB		 1824 return 0x00;
1825
1826 if (sd->state != sd_sendingdata_state) {
9800ad88
AB		 1827 qemu_log_mask(LOG_GUEST_ERROR,
1828 "sd_read_data: not in Sending-Data state\n");
a1bb27b1
PB		 1829 return 0x00;
1830 }
1831
1832 if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION))
1833 return 0x00;
1834
2d7adea4
AZ		 1835 io_len = (sd->ocr & (1 << 30)) ? 512 : sd->blk_len;
1836
814b2adc 1837 trace_sdcard_read_data(sd->current_cmd, io_len);
a1bb27b1
PB		 1838 switch (sd->current_cmd) {
1839 case 6: /* CMD6: SWITCH_FUNCTION */
1840 ret = sd->data[sd->data_offset ++];
1841
1842 if (sd->data_offset >= 64)
1843 sd->state = sd_transfer_state;
1844 break;
1845
775616c3
PB		 1846 case 9: /* CMD9: SEND_CSD */
1847 case 10: /* CMD10: SEND_CID */
1848 ret = sd->data[sd->data_offset ++];
1849
1850 if (sd->data_offset >= 16)
1851 sd->state = sd_transfer_state;
1852 break;
1853
a1bb27b1
PB		 1854 case 11: /* CMD11: READ_DAT_UNTIL_STOP */
1855 if (sd->data_offset == 0)
2d7adea4 1856 BLK_READ_BLOCK(sd->data_start, io_len);
a1bb27b1
PB		 1857 ret = sd->data[sd->data_offset ++];
1858
2d7adea4
AZ		 1859 if (sd->data_offset >= io_len) {
1860 sd->data_start += io_len;
a1bb27b1 1861 sd->data_offset = 0;
2d7adea4 1862 if (sd->data_start + io_len > sd->size) {
a1bb27b1
PB		 1863 sd->card_status |= ADDRESS_ERROR;
1864 break;
1865 }
1866 }
1867 break;
1868
1869 case 13: /* ACMD13: SD_STATUS */
1870 ret = sd->sd_status[sd->data_offset ++];
1871
1872 if (sd->data_offset >= sizeof(sd->sd_status))
1873 sd->state = sd_transfer_state;
1874 break;
1875
1876 case 17: /* CMD17: READ_SINGLE_BLOCK */
1877 if (sd->data_offset == 0)
2d7adea4 1878 BLK_READ_BLOCK(sd->data_start, io_len);
a1bb27b1
PB		 1879 ret = sd->data[sd->data_offset ++];
1880
2d7adea4 1881 if (sd->data_offset >= io_len)
a1bb27b1
PB		 1882 sd->state = sd_transfer_state;
1883 break;
1884
1885 case 18: /* CMD18: READ_MULTIPLE_BLOCK */
8573378e
MO		 1886 if (sd->data_offset == 0) {
1887 if (sd->data_start + io_len > sd->size) {
1888 sd->card_status |= ADDRESS_ERROR;
1889 return 0x00;
1890 }
2d7adea4 1891 BLK_READ_BLOCK(sd->data_start, io_len);
8573378e 1892 }
a1bb27b1
PB		 1893 ret = sd->data[sd->data_offset ++];
1894
2d7adea4
AZ		 1895 if (sd->data_offset >= io_len) {
1896 sd->data_start += io_len;
a1bb27b1 1897 sd->data_offset = 0;
4481bbc7
AB		 1898
1899 if (sd->multi_blk_cnt != 0) {
1900 if (--sd->multi_blk_cnt == 0) {
1901 /* Stop! */
1902 sd->state = sd_transfer_state;
1903 break;
1904 }
1905 }
a1bb27b1
PB		 1906 }
1907 break;
1908
1909 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
1910 ret = sd->data[sd->data_offset ++];
1911
1912 if (sd->data_offset >= 4)
1913 sd->state = sd_transfer_state;
1914 break;
1915
1916 case 30: /* CMD30: SEND_WRITE_PROT */
1917 ret = sd->data[sd->data_offset ++];
1918
1919 if (sd->data_offset >= 4)
1920 sd->state = sd_transfer_state;
1921 break;
1922
1923 case 51: /* ACMD51: SEND_SCR */
1924 ret = sd->scr[sd->data_offset ++];
1925
1926 if (sd->data_offset >= sizeof(sd->scr))
1927 sd->state = sd_transfer_state;
1928 break;
1929
1930 case 56: /* CMD56: GEN_CMD */
1931 if (sd->data_offset == 0)
1932 APP_READ_BLOCK(sd->data_start, sd->blk_len);
1933 ret = sd->data[sd->data_offset ++];
1934
1935 if (sd->data_offset >= sd->blk_len)
1936 sd->state = sd_transfer_state;
1937 break;
1938
1939 default:
9800ad88 1940 qemu_log_mask(LOG_GUEST_ERROR, "sd_read_data: unknown command\n");
a1bb27b1
PB		 1941 return 0x00;
1942 }
1943
1944 return ret;
1945}
1946
879bf4a7 1947bool sd_data_ready(SDState *sd)
a1bb27b1
PB		 1948{
1949 return sd->state == sd_sendingdata_state;
1950}
827df9f3 1951
bebd1271 1952void sd_enable(SDState *sd, bool enable)
827df9f3
AZ		 1953{
1954 sd->enable = enable;
1955}
260bc9d8
PM		 1956
1957static void sd_instance_init(Object *obj)
1958{
1959 SDState *sd = SD_CARD(obj);
1960
1961 sd->enable = true;
dd26eb43 1962 sd->ocr_power_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, sd_ocr_powerup, sd);
260bc9d8
PM		 1963}
1964
5ba34401
MAL		 1965static void sd_instance_finalize(Object *obj)
1966{
1967 SDState *sd = SD_CARD(obj);
1968
1969 timer_del(sd->ocr_power_timer);
1970 timer_free(sd->ocr_power_timer);
1971}
1972
260bc9d8
PM		 1973static void sd_realize(DeviceState *dev, Error **errp)
1974{
1975 SDState *sd = SD_CARD(dev);
a17c17a2 1976 int ret;
260bc9d8
PM		 1977
1978 if (sd->blk && blk_is_read_only(sd->blk)) {
1979 error_setg(errp, "Cannot use read-only drive as SD card");
1980 return;
1981 }
1982
260bc9d8 1983 if (sd->blk) {
a17c17a2
KW		 1984 ret = blk_set_perm(sd->blk, BLK_PERM_CONSISTENT_READ | BLK_PERM_WRITE,
1985 BLK_PERM_ALL, errp);
1986 if (ret < 0) {
1987 return;
1988 }
260bc9d8
PM		 1989 blk_set_dev_ops(sd->blk, &sd_block_ops, sd);
1990 }
260bc9d8
PM		 1991}
1992
1993static Property sd_properties[] = {
1994 DEFINE_PROP_DRIVE("drive", SDState, blk),
1995 /* We do not model the chip select pin, so allow the board to select
1996 * whether card should be in SSI or MMC/SD mode. It is also up to the
1997 * board to ensure that ssi transfers only occur when the chip select
1998 * is asserted. */
1999 DEFINE_PROP_BOOL("spi", SDState, spi, false),
2000 DEFINE_PROP_END_OF_LIST()
2001};
2002
2003static void sd_class_init(ObjectClass *klass, void *data)
2004{
2005 DeviceClass *dc = DEVICE_CLASS(klass);
c759a790 2006 SDCardClass *sc = SD_CARD_CLASS(klass);
260bc9d8
PM		 2007
2008 dc->realize = sd_realize;
2009 dc->props = sd_properties;
2010 dc->vmsd = &sd_vmstate;
ba3ed0fa 2011 dc->reset = sd_reset;
c759a790
PM		 2012 dc->bus_type = TYPE_SD_BUS;
2013
0034ebe6 2014 sc->set_voltage = sd_set_voltage;
da346922
PMD		 2015 sc->get_dat_lines = sd_get_dat_lines;
2016 sc->get_cmd_line = sd_get_cmd_line;
c759a790
PM		 2017 sc->do_command = sd_do_command;
2018 sc->write_data = sd_write_data;
2019 sc->read_data = sd_read_data;
2020 sc->data_ready = sd_data_ready;
2021 sc->enable = sd_enable;
2022 sc->get_inserted = sd_get_inserted;
2023 sc->get_readonly = sd_get_readonly;
260bc9d8
PM		 2024}
2025
2026static const TypeInfo sd_info = {
2027 .name = TYPE_SD_CARD,
2028 .parent = TYPE_DEVICE,
2029 .instance_size = sizeof(SDState),
c759a790 2030 .class_size = sizeof(SDCardClass),
260bc9d8
PM		 2031 .class_init = sd_class_init,
2032 .instance_init = sd_instance_init,
5ba34401 2033 .instance_finalize = sd_instance_finalize,
260bc9d8
PM		 2034};
2035
2036static void sd_register_types(void)
2037{
2038 type_register_static(&sd_info);
2039}
2040
2041type_init(sd_register_types)
Empty description
This page took 1.197905 seconds and 4 git commands to generate.