2 * SD Memory Card emulation as defined in the "SD Memory Card Physical
3 * layer specification, Version 1.10."
6 * Copyright (c) 2007 CodeSourcery
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in
16 * the documentation and/or other materials provided with the
19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS''
20 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
21 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
22 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR
23 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
24 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
25 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
26 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
27 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
28 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
29 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
32 #include "qemu/osdep.h"
35 #include "hw/registerfields.h"
36 #include "sysemu/block-backend.h"
38 #include "qapi/error.h"
39 #include "qemu/bitmap.h"
40 #include "qemu/cutils.h"
41 #include "hw/qdev-properties.h"
42 #include "qemu/error-report.h"
43 #include "qemu/timer.h"
45 #include "sdmmc-internal.h"
51 sd_r0 = 0, /* no response */
52 sd_r1, /* normal response command */
53 sd_r2_i, /* CID register */
54 sd_r2_s, /* CSD register */
55 sd_r3, /* OCR register */
56 sd_r6 = 6, /* Published RCA response */
57 sd_r7, /* Operating voltage */
64 sd_card_identification_mode,
65 sd_data_transfer_mode,
69 sd_inactive_state = -1,
72 sd_identification_state,
76 sd_receivingdata_state,
82 DeviceState parent_obj;
84 /* SD Memory Card Registers */
91 uint8_t sd_status[64];
93 /* Configurable properties */
97 uint32_t mode; /* current card mode, one of SDCardModes */
98 int32_t state; /* current card state, one of SDCardStates */
101 unsigned long *wp_groups;
105 uint32_t multi_blk_cnt;
106 uint32_t erase_start;
110 uint8_t function_group[6];
112 /* True if we will handle the next command as an ACMD. Note that this does
113 * *not* track the APP_CMD status bit!
116 uint32_t blk_written;
118 uint32_t data_offset;
120 qemu_irq readonly_cb;
121 qemu_irq inserted_cb;
122 QEMUTimer *ocr_power_timer;
128 static const char *sd_state_name(enum SDCardStates state)
130 static const char *state_name[] = {
131 [sd_idle_state] = "idle",
132 [sd_ready_state] = "ready",
133 [sd_identification_state] = "identification",
134 [sd_standby_state] = "standby",
135 [sd_transfer_state] = "transfer",
136 [sd_sendingdata_state] = "sendingdata",
137 [sd_receivingdata_state] = "receivingdata",
138 [sd_programming_state] = "programming",
139 [sd_disconnect_state] = "disconnect",
141 if (state == sd_inactive_state) {
144 assert(state <= ARRAY_SIZE(state_name));
145 return state_name[state];
148 static const char *sd_response_name(sd_rsp_type_t rsp)
150 static const char *response_name[] = {
151 [sd_r0] = "RESP#0 (no response)",
152 [sd_r1] = "RESP#1 (normal cmd)",
153 [sd_r2_i] = "RESP#2 (CID reg)",
154 [sd_r2_s] = "RESP#2 (CSD reg)",
155 [sd_r3] = "RESP#3 (OCR reg)",
156 [sd_r6] = "RESP#6 (RCA)",
157 [sd_r7] = "RESP#7 (operating voltage)",
159 if (rsp == sd_illegal) {
160 return "ILLEGAL RESP";
165 assert(rsp <= ARRAY_SIZE(response_name));
166 return response_name[rsp];
169 static uint8_t sd_get_dat_lines(SDState *sd)
171 return sd->enable ? sd->dat_lines : 0;
174 static bool sd_get_cmd_line(SDState *sd)
176 return sd->enable ? sd->cmd_line : false;
179 static void sd_set_voltage(SDState *sd, uint16_t millivolts)
181 trace_sdcard_set_voltage(millivolts);
183 switch (millivolts) {
184 case 3001 ... 3600: /* SD_VOLTAGE_3_3V */
185 case 2001 ... 3000: /* SD_VOLTAGE_3_0V */
188 qemu_log_mask(LOG_GUEST_ERROR, "SD card voltage not supported: %.3fV",
189 millivolts / 1000.f);
193 static void sd_set_mode(SDState *sd)
196 case sd_inactive_state:
197 sd->mode = sd_inactive;
202 case sd_identification_state:
203 sd->mode = sd_card_identification_mode;
206 case sd_standby_state:
207 case sd_transfer_state:
208 case sd_sendingdata_state:
209 case sd_receivingdata_state:
210 case sd_programming_state:
211 case sd_disconnect_state:
212 sd->mode = sd_data_transfer_mode;
217 static const sd_cmd_type_t sd_cmd_type[SDMMC_CMD_MAX] = {
218 sd_bc, sd_none, sd_bcr, sd_bcr, sd_none, sd_none, sd_none, sd_ac,
219 sd_bcr, sd_ac, sd_ac, sd_adtc, sd_ac, sd_ac, sd_none, sd_ac,
221 sd_ac, sd_adtc, sd_adtc, sd_none, sd_none, sd_none, sd_none, sd_none,
222 sd_adtc, sd_adtc, sd_adtc, sd_adtc, sd_ac, sd_ac, sd_adtc, sd_none,
224 sd_ac, sd_ac, sd_none, sd_none, sd_none, sd_none, sd_ac, sd_none,
225 sd_none, sd_none, sd_bc, sd_none, sd_none, sd_none, sd_none, sd_none,
227 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_ac,
228 sd_adtc, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
231 static const int sd_cmd_class[SDMMC_CMD_MAX] = {
232 0, 0, 0, 0, 0, 9, 10, 0, 0, 0, 0, 1, 0, 0, 0, 0,
233 2, 2, 2, 2, 3, 3, 3, 3, 4, 4, 4, 4, 6, 6, 6, 6,
234 5, 5, 10, 10, 10, 10, 5, 9, 9, 9, 7, 7, 7, 7, 7, 7,
235 7, 7, 10, 7, 9, 9, 9, 8, 8, 10, 8, 8, 8, 8, 8, 8,
238 static uint8_t sd_crc7(void *message, size_t width)
241 uint8_t shift_reg = 0x00;
242 uint8_t *msg = (uint8_t *) message;
244 for (i = 0; i < width; i ++, msg ++)
245 for (bit = 7; bit >= 0; bit --) {
247 if ((shift_reg >> 7) ^ ((*msg >> bit) & 1))
254 static uint16_t sd_crc16(void *message, size_t width)
257 uint16_t shift_reg = 0x0000;
258 uint16_t *msg = (uint16_t *) message;
261 for (i = 0; i < width; i ++, msg ++)
262 for (bit = 15; bit >= 0; bit --) {
264 if ((shift_reg >> 15) ^ ((*msg >> bit) & 1))
271 #define OCR_POWER_DELAY_NS 500000 /* 0.5ms */
273 FIELD(OCR, VDD_VOLTAGE_WINDOW, 0, 24)
274 FIELD(OCR, VDD_VOLTAGE_WIN_LO, 0, 8)
275 FIELD(OCR, DUAL_VOLTAGE_CARD, 7, 1)
276 FIELD(OCR, VDD_VOLTAGE_WIN_HI, 8, 16)
277 FIELD(OCR, ACCEPT_SWITCH_1V8, 24, 1) /* Only UHS-I */
278 FIELD(OCR, UHS_II_CARD, 29, 1) /* Only UHS-II */
279 FIELD(OCR, CARD_CAPACITY, 30, 1) /* 0:SDSC, 1:SDHC/SDXC */
280 FIELD(OCR, CARD_POWER_UP, 31, 1)
282 #define ACMD41_ENQUIRY_MASK 0x00ffffff
283 #define ACMD41_R3_MASK (R_OCR_VDD_VOLTAGE_WIN_HI_MASK \
284 | R_OCR_ACCEPT_SWITCH_1V8_MASK \
285 | R_OCR_UHS_II_CARD_MASK \
286 | R_OCR_CARD_CAPACITY_MASK \
287 | R_OCR_CARD_POWER_UP_MASK)
289 static void sd_set_ocr(SDState *sd)
291 /* All voltages OK */
292 sd->ocr = R_OCR_VDD_VOLTAGE_WIN_HI_MASK;
295 static void sd_ocr_powerup(void *opaque)
297 SDState *sd = opaque;
299 trace_sdcard_powerup();
300 assert(!FIELD_EX32(sd->ocr, OCR, CARD_POWER_UP));
302 /* card power-up OK */
303 sd->ocr = FIELD_DP32(sd->ocr, OCR, CARD_POWER_UP, 1);
305 if (sd->size > 1 * G_BYTE) {
306 sd->ocr = FIELD_DP32(sd->ocr, OCR, CARD_CAPACITY, 1);
310 static void sd_set_scr(SDState *sd)
312 sd->scr[0] = (0 << 4) /* SCR version 1.0 */
313 | 0; /* Spec Versions 1.0 and 1.01 */
314 sd->scr[1] = (2 << 4) /* SDSC Card (Security Version 1.01) */
315 | 0b0101; /* 1-bit or 4-bit width bus modes */
316 sd->scr[2] = 0x00; /* Extended Security is not supported. */
318 /* reserved for manufacturer usage */
332 static void sd_set_cid(SDState *sd)
334 sd->cid[0] = MID; /* Fake card manufacturer ID (MID) */
335 sd->cid[1] = OID[0]; /* OEM/Application ID (OID) */
337 sd->cid[3] = PNM[0]; /* Fake product name (PNM) */
342 sd->cid[8] = PRV; /* Fake product revision (PRV) */
343 sd->cid[9] = 0xde; /* Fake serial number (PSN) */
347 sd->cid[13] = 0x00 | /* Manufacture date (MDT) */
348 ((MDT_YR - 2000) / 10);
349 sd->cid[14] = ((MDT_YR % 10) << 4) | MDT_MON;
350 sd->cid[15] = (sd_crc7(sd->cid, 15) << 1) | 1;
353 #define HWBLOCK_SHIFT 9 /* 512 bytes */
354 #define SECTOR_SHIFT 5 /* 16 kilobytes */
355 #define WPGROUP_SHIFT 7 /* 2 megs */
356 #define CMULT_SHIFT 9 /* 512 times HWBLOCK_SIZE */
357 #define WPGROUP_SIZE (1 << (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT))
359 static const uint8_t sd_csd_rw_mask[16] = {
360 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
361 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xfc, 0xfe,
364 static void sd_set_csd(SDState *sd, uint64_t size)
366 uint32_t csize = (size >> (CMULT_SHIFT + HWBLOCK_SHIFT)) - 1;
367 uint32_t sectsize = (1 << (SECTOR_SHIFT + 1)) - 1;
368 uint32_t wpsize = (1 << (WPGROUP_SHIFT + 1)) - 1;
370 if (size <= 1 * G_BYTE) { /* Standard Capacity SD */
371 sd->csd[0] = 0x00; /* CSD structure */
372 sd->csd[1] = 0x26; /* Data read access-time-1 */
373 sd->csd[2] = 0x00; /* Data read access-time-2 */
374 sd->csd[3] = 0x32; /* Max. data transfer rate: 25 MHz */
375 sd->csd[4] = 0x5f; /* Card Command Classes */
376 sd->csd[5] = 0x50 | /* Max. read data block length */
378 sd->csd[6] = 0xe0 | /* Partial block for read allowed */
379 ((csize >> 10) & 0x03);
380 sd->csd[7] = 0x00 | /* Device size */
381 ((csize >> 2) & 0xff);
382 sd->csd[8] = 0x3f | /* Max. read current */
383 ((csize << 6) & 0xc0);
384 sd->csd[9] = 0xfc | /* Max. write current */
385 ((CMULT_SHIFT - 2) >> 1);
386 sd->csd[10] = 0x40 | /* Erase sector size */
387 (((CMULT_SHIFT - 2) << 7) & 0x80) | (sectsize >> 1);
388 sd->csd[11] = 0x00 | /* Write protect group size */
389 ((sectsize << 7) & 0x80) | wpsize;
390 sd->csd[12] = 0x90 | /* Write speed factor */
391 (HWBLOCK_SHIFT >> 2);
392 sd->csd[13] = 0x20 | /* Max. write data block length */
393 ((HWBLOCK_SHIFT << 6) & 0xc0);
394 sd->csd[14] = 0x00; /* File format group */
405 sd->csd[7] = (size >> 16) & 0xff;
406 sd->csd[8] = (size >> 8) & 0xff;
407 sd->csd[9] = (size & 0xff);
414 sd->csd[15] = (sd_crc7(sd->csd, 15) << 1) | 1;
417 static void sd_set_rca(SDState *sd)
422 FIELD(CSR, AKE_SEQ_ERROR, 3, 1)
423 FIELD(CSR, APP_CMD, 5, 1)
424 FIELD(CSR, FX_EVENT, 6, 1)
425 FIELD(CSR, READY_FOR_DATA, 8, 1)
426 FIELD(CSR, CURRENT_STATE, 9, 4)
427 FIELD(CSR, ERASE_RESET, 13, 1)
428 FIELD(CSR, CARD_ECC_DISABLED, 14, 1)
429 FIELD(CSR, WP_ERASE_SKIP, 15, 1)
430 FIELD(CSR, CSD_OVERWRITE, 16, 1)
431 FIELD(CSR, DEFERRED_RESPONSE, 17, 1)
432 FIELD(CSR, ERROR, 19, 1)
433 FIELD(CSR, CC_ERROR, 20, 1)
434 FIELD(CSR, CARD_ECC_FAILED, 21, 1)
435 FIELD(CSR, ILLEGAL_COMMAND, 22, 1)
436 FIELD(CSR, COM_CRC_ERROR, 23, 1)
437 FIELD(CSR, LOCK_UNLOCK_FAILED, 24, 1)
438 FIELD(CSR, CARD_IS_LOCKED, 25, 1)
439 FIELD(CSR, WP_VIOLATION, 26, 1)
440 FIELD(CSR, ERASE_PARAM, 27, 1)
441 FIELD(CSR, ERASE_SEQ_ERROR, 28, 1)
442 FIELD(CSR, BLOCK_LEN_ERROR, 29, 1)
443 FIELD(CSR, ADDRESS_ERROR, 30, 1)
444 FIELD(CSR, OUT_OF_RANGE, 31, 1)
446 /* Card status bits, split by clear condition:
447 * A : According to the card current state
448 * B : Always related to the previous command
449 * C : Cleared by read
451 #define CARD_STATUS_A (R_CSR_READY_FOR_DATA_MASK \
452 | R_CSR_CARD_ECC_DISABLED_MASK \
453 | R_CSR_CARD_IS_LOCKED_MASK)
454 #define CARD_STATUS_B (R_CSR_CURRENT_STATE_MASK \
455 | R_CSR_ILLEGAL_COMMAND_MASK \
456 | R_CSR_COM_CRC_ERROR_MASK)
457 #define CARD_STATUS_C (R_CSR_AKE_SEQ_ERROR_MASK \
458 | R_CSR_APP_CMD_MASK \
459 | R_CSR_ERASE_RESET_MASK \
460 | R_CSR_WP_ERASE_SKIP_MASK \
461 | R_CSR_CSD_OVERWRITE_MASK \
463 | R_CSR_CC_ERROR_MASK \
464 | R_CSR_CARD_ECC_FAILED_MASK \
465 | R_CSR_LOCK_UNLOCK_FAILED_MASK \
466 | R_CSR_WP_VIOLATION_MASK \
467 | R_CSR_ERASE_PARAM_MASK \
468 | R_CSR_ERASE_SEQ_ERROR_MASK \
469 | R_CSR_BLOCK_LEN_ERROR_MASK \
470 | R_CSR_ADDRESS_ERROR_MASK \
471 | R_CSR_OUT_OF_RANGE_MASK)
473 static void sd_set_cardstatus(SDState *sd)
475 sd->card_status = 0x00000100;
478 static void sd_set_sdstatus(SDState *sd)
480 memset(sd->sd_status, 0, 64);
483 static int sd_req_crc_validate(SDRequest *req)
486 buffer[0] = 0x40 | req->cmd;
487 stl_be_p(&buffer[1], req->arg);
489 return sd_crc7(buffer, 5) != req->crc; /* TODO */
492 static void sd_response_r1_make(SDState *sd, uint8_t *response)
494 stl_be_p(response, sd->card_status);
496 /* Clear the "clear on read" status bits */
497 sd->card_status &= ~CARD_STATUS_C;
500 static void sd_response_r3_make(SDState *sd, uint8_t *response)
502 stl_be_p(response, sd->ocr & ACMD41_R3_MASK);
505 static void sd_response_r6_make(SDState *sd, uint8_t *response)
509 status = ((sd->card_status >> 8) & 0xc000) |
510 ((sd->card_status >> 6) & 0x2000) |
511 (sd->card_status & 0x1fff);
512 sd->card_status &= ~(CARD_STATUS_C & 0xc81fff);
513 stw_be_p(response + 0, sd->rca);
514 stw_be_p(response + 2, status);
517 static void sd_response_r7_make(SDState *sd, uint8_t *response)
519 stl_be_p(response, sd->vhs);
522 static inline uint64_t sd_addr_to_wpnum(uint64_t addr)
524 return addr >> (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT);
527 static void sd_reset(DeviceState *dev)
529 SDState *sd = SD_CARD(dev);
533 trace_sdcard_reset();
535 blk_get_geometry(sd->blk, §);
541 sect = sd_addr_to_wpnum(size) + 1;
543 sd->state = sd_idle_state;
548 sd_set_csd(sd, size);
549 sd_set_cardstatus(sd);
552 g_free(sd->wp_groups);
553 sd->wp_switch = sd->blk ? blk_is_read_only(sd->blk) : false;
554 sd->wpgrps_size = sect;
555 sd->wp_groups = bitmap_new(sd->wpgrps_size);
556 memset(sd->function_group, 0, sizeof(sd->function_group));
562 sd->expecting_acmd = false;
565 sd->multi_blk_cnt = 0;
568 static bool sd_get_inserted(SDState *sd)
570 return sd->blk && blk_is_inserted(sd->blk);
573 static bool sd_get_readonly(SDState *sd)
575 return sd->wp_switch;
578 static void sd_cardchange(void *opaque, bool load, Error **errp)
580 SDState *sd = opaque;
581 DeviceState *dev = DEVICE(sd);
582 SDBus *sdbus = SD_BUS(qdev_get_parent_bus(dev));
583 bool inserted = sd_get_inserted(sd);
584 bool readonly = sd_get_readonly(sd);
587 trace_sdcard_inserted(readonly);
590 trace_sdcard_ejected();
593 /* The IRQ notification is for legacy non-QOM SD controller devices;
594 * QOMified controllers use the SDBus APIs.
597 sdbus_set_inserted(sdbus, inserted);
599 sdbus_set_readonly(sdbus, readonly);
602 qemu_set_irq(sd->inserted_cb, inserted);
604 qemu_set_irq(sd->readonly_cb, readonly);
609 static const BlockDevOps sd_block_ops = {
610 .change_media_cb = sd_cardchange,
613 static bool sd_ocr_vmstate_needed(void *opaque)
615 SDState *sd = opaque;
617 /* Include the OCR state (and timer) if it is not yet powered up */
618 return !FIELD_EX32(sd->ocr, OCR, CARD_POWER_UP);
621 static const VMStateDescription sd_ocr_vmstate = {
622 .name = "sd-card/ocr-state",
624 .minimum_version_id = 1,
625 .needed = sd_ocr_vmstate_needed,
626 .fields = (VMStateField[]) {
627 VMSTATE_UINT32(ocr, SDState),
628 VMSTATE_TIMER_PTR(ocr_power_timer, SDState),
629 VMSTATE_END_OF_LIST()
633 static int sd_vmstate_pre_load(void *opaque)
635 SDState *sd = opaque;
637 /* If the OCR state is not included (prior versions, or not
638 * needed), then the OCR must be set as powered up. If the OCR state
639 * is included, this will be replaced by the state restore.
646 static const VMStateDescription sd_vmstate = {
649 .minimum_version_id = 1,
650 .pre_load = sd_vmstate_pre_load,
651 .fields = (VMStateField[]) {
652 VMSTATE_UINT32(mode, SDState),
653 VMSTATE_INT32(state, SDState),
654 VMSTATE_UINT8_ARRAY(cid, SDState, 16),
655 VMSTATE_UINT8_ARRAY(csd, SDState, 16),
656 VMSTATE_UINT16(rca, SDState),
657 VMSTATE_UINT32(card_status, SDState),
658 VMSTATE_PARTIAL_BUFFER(sd_status, SDState, 1),
659 VMSTATE_UINT32(vhs, SDState),
660 VMSTATE_BITMAP(wp_groups, SDState, 0, wpgrps_size),
661 VMSTATE_UINT32(blk_len, SDState),
662 VMSTATE_UINT32(multi_blk_cnt, SDState),
663 VMSTATE_UINT32(erase_start, SDState),
664 VMSTATE_UINT32(erase_end, SDState),
665 VMSTATE_UINT8_ARRAY(pwd, SDState, 16),
666 VMSTATE_UINT32(pwd_len, SDState),
667 VMSTATE_UINT8_ARRAY(function_group, SDState, 6),
668 VMSTATE_UINT8(current_cmd, SDState),
669 VMSTATE_BOOL(expecting_acmd, SDState),
670 VMSTATE_UINT32(blk_written, SDState),
671 VMSTATE_UINT64(data_start, SDState),
672 VMSTATE_UINT32(data_offset, SDState),
673 VMSTATE_UINT8_ARRAY(data, SDState, 512),
674 VMSTATE_UNUSED_V(1, 512),
675 VMSTATE_BOOL(enable, SDState),
676 VMSTATE_END_OF_LIST()
678 .subsections = (const VMStateDescription*[]) {
684 /* Legacy initialization function for use by non-qdevified callers */
685 SDState *sd_init(BlockBackend *blk, bool is_spi)
691 obj = object_new(TYPE_SD_CARD);
693 qdev_prop_set_drive(dev, "drive", blk, &err);
695 error_report("sd_init failed: %s", error_get_pretty(err));
698 qdev_prop_set_bit(dev, "spi", is_spi);
699 object_property_set_bool(obj, true, "realized", &err);
701 error_report("sd_init failed: %s", error_get_pretty(err));
708 void sd_set_cb(SDState *sd, qemu_irq readonly, qemu_irq insert)
710 sd->readonly_cb = readonly;
711 sd->inserted_cb = insert;
712 qemu_set_irq(readonly, sd->blk ? blk_is_read_only(sd->blk) : 0);
713 qemu_set_irq(insert, sd->blk ? blk_is_inserted(sd->blk) : 0);
716 static void sd_erase(SDState *sd)
719 uint64_t erase_start = sd->erase_start;
720 uint64_t erase_end = sd->erase_end;
722 trace_sdcard_erase();
723 if (!sd->erase_start || !sd->erase_end) {
724 sd->card_status |= ERASE_SEQ_ERROR;
728 if (FIELD_EX32(sd->ocr, OCR, CARD_CAPACITY)) {
729 /* High capacity memory card: erase units are 512 byte blocks */
734 erase_start = sd_addr_to_wpnum(erase_start);
735 erase_end = sd_addr_to_wpnum(erase_end);
740 for (i = erase_start; i <= erase_end; i++) {
741 if (test_bit(i, sd->wp_groups)) {
742 sd->card_status |= WP_ERASE_SKIP;
747 static uint32_t sd_wpbits(SDState *sd, uint64_t addr)
752 wpnum = sd_addr_to_wpnum(addr);
754 for (i = 0; i < 32; i++, wpnum++, addr += WPGROUP_SIZE) {
755 if (addr < sd->size && test_bit(wpnum, sd->wp_groups)) {
763 static void sd_function_switch(SDState *sd, uint32_t arg)
765 int i, mode, new_func;
766 mode = !!(arg & 0x80000000);
768 sd->data[0] = 0x00; /* Maximum current consumption */
770 sd->data[2] = 0x80; /* Supported group 6 functions */
772 sd->data[4] = 0x80; /* Supported group 5 functions */
774 sd->data[6] = 0x80; /* Supported group 4 functions */
776 sd->data[8] = 0x80; /* Supported group 3 functions */
778 sd->data[10] = 0x80; /* Supported group 2 functions */
780 sd->data[12] = 0x80; /* Supported group 1 functions */
782 for (i = 0; i < 6; i ++) {
783 new_func = (arg >> (i * 4)) & 0x0f;
784 if (mode && new_func != 0x0f)
785 sd->function_group[i] = new_func;
786 sd->data[14 + (i >> 1)] = new_func << ((i * 4) & 4);
788 memset(&sd->data[17], 0, 47);
789 stw_be_p(sd->data + 65, sd_crc16(sd->data, 64));
792 static inline bool sd_wp_addr(SDState *sd, uint64_t addr)
794 return test_bit(sd_addr_to_wpnum(addr), sd->wp_groups);
797 static void sd_lock_command(SDState *sd)
799 int erase, lock, clr_pwd, set_pwd, pwd_len;
800 erase = !!(sd->data[0] & 0x08);
801 lock = sd->data[0] & 0x04;
802 clr_pwd = sd->data[0] & 0x02;
803 set_pwd = sd->data[0] & 0x01;
806 pwd_len = sd->data[1];
813 trace_sdcard_unlock();
816 if (!(sd->card_status & CARD_IS_LOCKED) || sd->blk_len > 1 ||
817 set_pwd || clr_pwd || lock || sd->wp_switch ||
818 (sd->csd[14] & 0x20)) {
819 sd->card_status |= LOCK_UNLOCK_FAILED;
822 bitmap_zero(sd->wp_groups, sd->wpgrps_size);
823 sd->csd[14] &= ~0x10;
824 sd->card_status &= ~CARD_IS_LOCKED;
826 /* Erasing the entire card here! */
827 fprintf(stderr, "SD: Card force-erased by CMD42\n");
831 if (sd->blk_len < 2 + pwd_len ||
832 pwd_len <= sd->pwd_len ||
833 pwd_len > sd->pwd_len + 16) {
834 sd->card_status |= LOCK_UNLOCK_FAILED;
838 if (sd->pwd_len && memcmp(sd->pwd, sd->data + 2, sd->pwd_len)) {
839 sd->card_status |= LOCK_UNLOCK_FAILED;
843 pwd_len -= sd->pwd_len;
844 if ((pwd_len && !set_pwd) ||
845 (clr_pwd && (set_pwd || lock)) ||
846 (lock && !sd->pwd_len && !set_pwd) ||
847 (!set_pwd && !clr_pwd &&
848 (((sd->card_status & CARD_IS_LOCKED) && lock) ||
849 (!(sd->card_status & CARD_IS_LOCKED) && !lock)))) {
850 sd->card_status |= LOCK_UNLOCK_FAILED;
855 memcpy(sd->pwd, sd->data + 2 + sd->pwd_len, pwd_len);
856 sd->pwd_len = pwd_len;
864 sd->card_status |= CARD_IS_LOCKED;
866 sd->card_status &= ~CARD_IS_LOCKED;
869 static sd_rsp_type_t sd_normal_command(SDState *sd,
872 uint32_t rca = 0x0000;
873 uint64_t addr = (sd->ocr & (1 << 30)) ? (uint64_t) req.arg << 9 : req.arg;
875 trace_sdcard_normal_command(req.cmd, req.arg, sd_state_name(sd->state));
877 /* Not interpreting this as an app command */
878 sd->card_status &= ~APP_CMD;
880 if (sd_cmd_type[req.cmd] == sd_ac
881 || sd_cmd_type[req.cmd] == sd_adtc) {
885 /* CMD23 (set block count) must be immediately followed by CMD18 or CMD25
886 * if not, its effects are cancelled */
887 if (sd->multi_blk_cnt != 0 && !(req.cmd == 18 || req.cmd == 25)) {
888 sd->multi_blk_cnt = 0;
892 /* Basic commands (Class 0 and Class 1) */
893 case 0: /* CMD0: GO_IDLE_STATE */
895 case sd_inactive_state:
896 return sd->spi ? sd_r1 : sd_r0;
899 sd->state = sd_idle_state;
900 sd_reset(DEVICE(sd));
901 return sd->spi ? sd_r1 : sd_r0;
905 case 1: /* CMD1: SEND_OP_CMD */
909 sd->state = sd_transfer_state;
912 case 2: /* CMD2: ALL_SEND_CID */
917 sd->state = sd_identification_state;
925 case 3: /* CMD3: SEND_RELATIVE_ADDR */
929 case sd_identification_state:
930 case sd_standby_state:
931 sd->state = sd_standby_state;
940 case 4: /* CMD4: SEND_DSR */
944 case sd_standby_state:
952 case 5: /* CMD5: reserved for SDIO cards */
955 case 6: /* CMD6: SWITCH_FUNCTION */
959 case sd_data_transfer_mode:
960 sd_function_switch(sd, req.arg);
961 sd->state = sd_sendingdata_state;
971 case 7: /* CMD7: SELECT/DESELECT_CARD */
975 case sd_standby_state:
979 sd->state = sd_transfer_state;
982 case sd_transfer_state:
983 case sd_sendingdata_state:
987 sd->state = sd_standby_state;
990 case sd_disconnect_state:
994 sd->state = sd_programming_state;
997 case sd_programming_state:
1001 sd->state = sd_disconnect_state;
1009 case 8: /* CMD8: SEND_IF_COND */
1010 /* Physical Layer Specification Version 2.00 command */
1011 if (sd->state != sd_idle_state) {
1016 /* No response if not exactly one VHS bit is set. */
1017 if (!(req.arg >> 8) || (req.arg >> (ctz32(req.arg & ~0xff) + 1))) {
1018 return sd->spi ? sd_r7 : sd_r0;
1025 case 9: /* CMD9: SEND_CSD */
1026 switch (sd->state) {
1027 case sd_standby_state:
1033 case sd_transfer_state:
1036 sd->state = sd_sendingdata_state;
1037 memcpy(sd->data, sd->csd, 16);
1038 sd->data_start = addr;
1039 sd->data_offset = 0;
1047 case 10: /* CMD10: SEND_CID */
1048 switch (sd->state) {
1049 case sd_standby_state:
1055 case sd_transfer_state:
1058 sd->state = sd_sendingdata_state;
1059 memcpy(sd->data, sd->cid, 16);
1060 sd->data_start = addr;
1061 sd->data_offset = 0;
1069 case 12: /* CMD12: STOP_TRANSMISSION */
1070 switch (sd->state) {
1071 case sd_sendingdata_state:
1072 sd->state = sd_transfer_state;
1075 case sd_receivingdata_state:
1076 sd->state = sd_programming_state;
1077 /* Bzzzzzzztt .... Operation complete. */
1078 sd->state = sd_transfer_state;
1086 case 13: /* CMD13: SEND_STATUS */
1088 case sd_data_transfer_mode:
1099 case 15: /* CMD15: GO_INACTIVE_STATE */
1103 case sd_data_transfer_mode:
1107 sd->state = sd_inactive_state;
1115 /* Block read commands (Classs 2) */
1116 case 16: /* CMD16: SET_BLOCKLEN */
1117 switch (sd->state) {
1118 case sd_transfer_state:
1119 if (req.arg > (1 << HWBLOCK_SHIFT)) {
1120 sd->card_status |= BLOCK_LEN_ERROR;
1122 trace_sdcard_set_blocklen(req.arg);
1123 sd->blk_len = req.arg;
1133 case 17: /* CMD17: READ_SINGLE_BLOCK */
1134 switch (sd->state) {
1135 case sd_transfer_state:
1136 sd->state = sd_sendingdata_state;
1137 sd->data_start = addr;
1138 sd->data_offset = 0;
1140 if (sd->data_start + sd->blk_len > sd->size)
1141 sd->card_status |= ADDRESS_ERROR;
1149 case 18: /* CMD18: READ_MULTIPLE_BLOCK */
1150 switch (sd->state) {
1151 case sd_transfer_state:
1152 sd->state = sd_sendingdata_state;
1153 sd->data_start = addr;
1154 sd->data_offset = 0;
1156 if (sd->data_start + sd->blk_len > sd->size)
1157 sd->card_status |= ADDRESS_ERROR;
1165 case 23: /* CMD23: SET_BLOCK_COUNT */
1166 switch (sd->state) {
1167 case sd_transfer_state:
1168 sd->multi_blk_cnt = req.arg;
1176 /* Block write commands (Class 4) */
1177 case 24: /* CMD24: WRITE_SINGLE_BLOCK */
1179 goto unimplemented_spi_cmd;
1181 switch (sd->state) {
1182 case sd_transfer_state:
1183 /* Writing in SPI mode not implemented. */
1186 sd->state = sd_receivingdata_state;
1187 sd->data_start = addr;
1188 sd->data_offset = 0;
1189 sd->blk_written = 0;
1191 if (sd->data_start + sd->blk_len > sd->size)
1192 sd->card_status |= ADDRESS_ERROR;
1193 if (sd_wp_addr(sd, sd->data_start))
1194 sd->card_status |= WP_VIOLATION;
1195 if (sd->csd[14] & 0x30)
1196 sd->card_status |= WP_VIOLATION;
1204 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
1206 goto unimplemented_spi_cmd;
1208 switch (sd->state) {
1209 case sd_transfer_state:
1210 /* Writing in SPI mode not implemented. */
1213 sd->state = sd_receivingdata_state;
1214 sd->data_start = addr;
1215 sd->data_offset = 0;
1216 sd->blk_written = 0;
1218 if (sd->data_start + sd->blk_len > sd->size)
1219 sd->card_status |= ADDRESS_ERROR;
1220 if (sd_wp_addr(sd, sd->data_start))
1221 sd->card_status |= WP_VIOLATION;
1222 if (sd->csd[14] & 0x30)
1223 sd->card_status |= WP_VIOLATION;
1231 case 26: /* CMD26: PROGRAM_CID */
1234 switch (sd->state) {
1235 case sd_transfer_state:
1236 sd->state = sd_receivingdata_state;
1238 sd->data_offset = 0;
1246 case 27: /* CMD27: PROGRAM_CSD */
1248 goto unimplemented_spi_cmd;
1250 switch (sd->state) {
1251 case sd_transfer_state:
1252 sd->state = sd_receivingdata_state;
1254 sd->data_offset = 0;
1262 /* Write protection (Class 6) */
1263 case 28: /* CMD28: SET_WRITE_PROT */
1264 switch (sd->state) {
1265 case sd_transfer_state:
1266 if (addr >= sd->size) {
1267 sd->card_status |= ADDRESS_ERROR;
1271 sd->state = sd_programming_state;
1272 set_bit(sd_addr_to_wpnum(addr), sd->wp_groups);
1273 /* Bzzzzzzztt .... Operation complete. */
1274 sd->state = sd_transfer_state;
1282 case 29: /* CMD29: CLR_WRITE_PROT */
1283 switch (sd->state) {
1284 case sd_transfer_state:
1285 if (addr >= sd->size) {
1286 sd->card_status |= ADDRESS_ERROR;
1290 sd->state = sd_programming_state;
1291 clear_bit(sd_addr_to_wpnum(addr), sd->wp_groups);
1292 /* Bzzzzzzztt .... Operation complete. */
1293 sd->state = sd_transfer_state;
1301 case 30: /* CMD30: SEND_WRITE_PROT */
1302 switch (sd->state) {
1303 case sd_transfer_state:
1304 sd->state = sd_sendingdata_state;
1305 *(uint32_t *) sd->data = sd_wpbits(sd, req.arg);
1306 sd->data_start = addr;
1307 sd->data_offset = 0;
1315 /* Erase commands (Class 5) */
1316 case 32: /* CMD32: ERASE_WR_BLK_START */
1317 switch (sd->state) {
1318 case sd_transfer_state:
1319 sd->erase_start = req.arg;
1327 case 33: /* CMD33: ERASE_WR_BLK_END */
1328 switch (sd->state) {
1329 case sd_transfer_state:
1330 sd->erase_end = req.arg;
1338 case 38: /* CMD38: ERASE */
1339 switch (sd->state) {
1340 case sd_transfer_state:
1341 if (sd->csd[14] & 0x30) {
1342 sd->card_status |= WP_VIOLATION;
1346 sd->state = sd_programming_state;
1348 /* Bzzzzzzztt .... Operation complete. */
1349 sd->state = sd_transfer_state;
1357 /* Lock card commands (Class 7) */
1358 case 42: /* CMD42: LOCK_UNLOCK */
1360 goto unimplemented_spi_cmd;
1362 switch (sd->state) {
1363 case sd_transfer_state:
1364 sd->state = sd_receivingdata_state;
1366 sd->data_offset = 0;
1375 /* CMD52, CMD53, CMD54: reserved for SDIO cards
1376 * (see the SDIO Simplified Specification V2.0)
1377 * Handle as illegal command but do not complain
1378 * on stderr, as some OSes may use these in their
1379 * probing for presence of an SDIO card.
1383 /* Application specific commands (Class 8) */
1384 case 55: /* CMD55: APP_CMD */
1385 switch (sd->state) {
1386 case sd_ready_state:
1387 case sd_identification_state:
1388 case sd_inactive_state:
1392 qemu_log_mask(LOG_GUEST_ERROR,
1393 "SD: illegal RCA 0x%04x for APP_CMD\n", req.cmd);
1399 if (sd->rca != rca) {
1403 sd->expecting_acmd = true;
1404 sd->card_status |= APP_CMD;
1407 case 56: /* CMD56: GEN_CMD */
1408 switch (sd->state) {
1409 case sd_transfer_state:
1410 sd->data_offset = 0;
1412 sd->state = sd_sendingdata_state;
1414 sd->state = sd_receivingdata_state;
1422 case 58: /* CMD58: READ_OCR (SPI) */
1428 case 59: /* CMD59: CRC_ON_OFF (SPI) */
1432 goto unimplemented_spi_cmd;
1436 qemu_log_mask(LOG_GUEST_ERROR, "SD: Unknown CMD%i\n", req.cmd);
1439 unimplemented_spi_cmd:
1440 /* Commands that are recognised but not yet implemented in SPI mode. */
1441 qemu_log_mask(LOG_UNIMP, "SD: CMD%i not implemented in SPI mode\n",
1446 qemu_log_mask(LOG_GUEST_ERROR, "SD: CMD%i in a wrong state\n", req.cmd);
1450 static sd_rsp_type_t sd_app_command(SDState *sd,
1453 trace_sdcard_app_command(req.cmd, req.arg);
1454 sd->card_status |= APP_CMD;
1456 case 6: /* ACMD6: SET_BUS_WIDTH */
1458 goto unimplemented_spi_cmd;
1460 switch (sd->state) {
1461 case sd_transfer_state:
1462 sd->sd_status[0] &= 0x3f;
1463 sd->sd_status[0] |= (req.arg & 0x03) << 6;
1471 case 13: /* ACMD13: SD_STATUS */
1472 switch (sd->state) {
1473 case sd_transfer_state:
1474 sd->state = sd_sendingdata_state;
1476 sd->data_offset = 0;
1484 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
1485 switch (sd->state) {
1486 case sd_transfer_state:
1487 *(uint32_t *) sd->data = sd->blk_written;
1489 sd->state = sd_sendingdata_state;
1491 sd->data_offset = 0;
1499 case 23: /* ACMD23: SET_WR_BLK_ERASE_COUNT */
1500 switch (sd->state) {
1501 case sd_transfer_state:
1509 case 41: /* ACMD41: SD_APP_OP_COND */
1512 sd->state = sd_transfer_state;
1515 if (sd->state != sd_idle_state) {
1518 /* If it's the first ACMD41 since reset, we need to decide
1519 * whether to power up. If this is not an enquiry ACMD41,
1520 * we immediately report power on and proceed below to the
1521 * ready state, but if it is, we set a timer to model a
1522 * delay for power up. This works around a bug in EDK2
1523 * UEFI, which sends an initial enquiry ACMD41, but
1524 * assumes that the card is in ready state as soon as it
1525 * sees the power up bit set. */
1526 if (!FIELD_EX32(sd->ocr, OCR, CARD_POWER_UP)) {
1527 if ((req.arg & ACMD41_ENQUIRY_MASK) != 0) {
1528 timer_del(sd->ocr_power_timer);
1531 trace_sdcard_inquiry_cmd41();
1532 if (!timer_pending(sd->ocr_power_timer)) {
1533 timer_mod_ns(sd->ocr_power_timer,
1534 (qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL)
1535 + OCR_POWER_DELAY_NS));
1540 if (FIELD_EX32(sd->ocr & req.arg, OCR, VDD_VOLTAGE_WINDOW)) {
1541 /* We accept any voltage. 10000 V is nothing.
1543 * Once we're powered up, we advance straight to ready state
1544 * unless it's an enquiry ACMD41 (bits 23:0 == 0).
1546 sd->state = sd_ready_state;
1551 case 42: /* ACMD42: SET_CLR_CARD_DETECT */
1552 switch (sd->state) {
1553 case sd_transfer_state:
1554 /* Bringing in the 50KOhm pull-up resistor... Done. */
1562 case 51: /* ACMD51: SEND_SCR */
1563 switch (sd->state) {
1564 case sd_transfer_state:
1565 sd->state = sd_sendingdata_state;
1567 sd->data_offset = 0;
1575 case 18: /* Reserved for SD security applications */
1580 /* Refer to the "SD Specifications Part3 Security Specification" for
1581 * information about the SD Security Features.
1583 qemu_log_mask(LOG_UNIMP, "SD: CMD%i Security not implemented\n",
1588 /* Fall back to standard commands. */
1589 return sd_normal_command(sd, req);
1591 unimplemented_spi_cmd:
1592 /* Commands that are recognised but not yet implemented in SPI mode. */
1593 qemu_log_mask(LOG_UNIMP, "SD: CMD%i not implemented in SPI mode\n",
1598 qemu_log_mask(LOG_GUEST_ERROR, "SD: ACMD%i in a wrong state\n", req.cmd);
1602 static int cmd_valid_while_locked(SDState *sd, SDRequest *req)
1604 /* Valid commands in locked state:
1606 * lock card class (7)
1608 * implicitly, the ACMD prefix CMD55
1610 * Anything else provokes an "illegal command" response.
1612 if (sd->expecting_acmd) {
1613 return req->cmd == 41 || req->cmd == 42;
1615 if (req->cmd == 16 || req->cmd == 55) {
1618 return sd_cmd_class[req->cmd] == 0
1619 || sd_cmd_class[req->cmd] == 7;
1622 int sd_do_command(SDState *sd, SDRequest *req,
1623 uint8_t *response) {
1625 sd_rsp_type_t rtype;
1628 if (!sd->blk || !blk_is_inserted(sd->blk) || !sd->enable) {
1632 if (sd_req_crc_validate(req)) {
1633 sd->card_status |= COM_CRC_ERROR;
1638 if (req->cmd >= SDMMC_CMD_MAX) {
1639 qemu_log_mask(LOG_GUEST_ERROR, "SD: incorrect command 0x%02x\n",
1644 if (sd->card_status & CARD_IS_LOCKED) {
1645 if (!cmd_valid_while_locked(sd, req)) {
1646 sd->card_status |= ILLEGAL_COMMAND;
1647 sd->expecting_acmd = false;
1648 qemu_log_mask(LOG_GUEST_ERROR, "SD: Card is locked\n");
1654 last_state = sd->state;
1657 if (sd->expecting_acmd) {
1658 sd->expecting_acmd = false;
1659 rtype = sd_app_command(sd, *req);
1661 rtype = sd_normal_command(sd, *req);
1664 if (rtype == sd_illegal) {
1665 sd->card_status |= ILLEGAL_COMMAND;
1667 /* Valid command, we can update the 'state before command' bits.
1668 * (Do this now so they appear in r1 responses.)
1670 sd->current_cmd = req->cmd;
1671 sd->card_status &= ~CURRENT_STATE;
1672 sd->card_status |= (last_state << 9);
1679 sd_response_r1_make(sd, response);
1684 memcpy(response, sd->cid, sizeof(sd->cid));
1689 memcpy(response, sd->csd, sizeof(sd->csd));
1694 sd_response_r3_make(sd, response);
1699 sd_response_r6_make(sd, response);
1704 sd_response_r7_make(sd, response);
1713 g_assert_not_reached();
1715 trace_sdcard_response(sd_response_name(rtype), rsplen);
1717 if (rtype != sd_illegal) {
1718 /* Clear the "clear on valid command" status bits now we've
1721 sd->card_status &= ~CARD_STATUS_B;
1725 qemu_hexdump((const char *)response, stderr, "Response", rsplen);
1731 static void sd_blk_read(SDState *sd, uint64_t addr, uint32_t len)
1733 trace_sdcard_read_block(addr, len);
1734 if (!sd->blk || blk_pread(sd->blk, addr, sd->data, len) < 0) {
1735 fprintf(stderr, "sd_blk_read: read error on host side\n");
1739 static void sd_blk_write(SDState *sd, uint64_t addr, uint32_t len)
1741 trace_sdcard_write_block(addr, len);
1742 if (!sd->blk || blk_pwrite(sd->blk, addr, sd->data, len, 0) < 0) {
1743 fprintf(stderr, "sd_blk_write: write error on host side\n");
1747 #define BLK_READ_BLOCK(a, len) sd_blk_read(sd, a, len)
1748 #define BLK_WRITE_BLOCK(a, len) sd_blk_write(sd, a, len)
1749 #define APP_READ_BLOCK(a, len) memset(sd->data, 0xec, len)
1750 #define APP_WRITE_BLOCK(a, len)
1752 void sd_write_data(SDState *sd, uint8_t value)
1756 if (!sd->blk || !blk_is_inserted(sd->blk) || !sd->enable)
1759 if (sd->state != sd_receivingdata_state) {
1760 qemu_log_mask(LOG_GUEST_ERROR,
1761 "sd_write_data: not in Receiving-Data state\n");
1765 if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION))
1768 trace_sdcard_write_data(sd->current_cmd, value);
1769 switch (sd->current_cmd) {
1770 case 24: /* CMD24: WRITE_SINGLE_BLOCK */
1771 sd->data[sd->data_offset ++] = value;
1772 if (sd->data_offset >= sd->blk_len) {
1773 /* TODO: Check CRC before committing */
1774 sd->state = sd_programming_state;
1775 BLK_WRITE_BLOCK(sd->data_start, sd->data_offset);
1777 sd->csd[14] |= 0x40;
1778 /* Bzzzzzzztt .... Operation complete. */
1779 sd->state = sd_transfer_state;
1783 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
1784 if (sd->data_offset == 0) {
1785 /* Start of the block - let's check the address is valid */
1786 if (sd->data_start + sd->blk_len > sd->size) {
1787 sd->card_status |= ADDRESS_ERROR;
1790 if (sd_wp_addr(sd, sd->data_start)) {
1791 sd->card_status |= WP_VIOLATION;
1795 sd->data[sd->data_offset++] = value;
1796 if (sd->data_offset >= sd->blk_len) {
1797 /* TODO: Check CRC before committing */
1798 sd->state = sd_programming_state;
1799 BLK_WRITE_BLOCK(sd->data_start, sd->data_offset);
1801 sd->data_start += sd->blk_len;
1802 sd->data_offset = 0;
1803 sd->csd[14] |= 0x40;
1805 /* Bzzzzzzztt .... Operation complete. */
1806 if (sd->multi_blk_cnt != 0) {
1807 if (--sd->multi_blk_cnt == 0) {
1809 sd->state = sd_transfer_state;
1814 sd->state = sd_receivingdata_state;
1818 case 26: /* CMD26: PROGRAM_CID */
1819 sd->data[sd->data_offset ++] = value;
1820 if (sd->data_offset >= sizeof(sd->cid)) {
1821 /* TODO: Check CRC before committing */
1822 sd->state = sd_programming_state;
1823 for (i = 0; i < sizeof(sd->cid); i ++)
1824 if ((sd->cid[i] | 0x00) != sd->data[i])
1825 sd->card_status |= CID_CSD_OVERWRITE;
1827 if (!(sd->card_status & CID_CSD_OVERWRITE))
1828 for (i = 0; i < sizeof(sd->cid); i ++) {
1830 sd->cid[i] &= sd->data[i];
1832 /* Bzzzzzzztt .... Operation complete. */
1833 sd->state = sd_transfer_state;
1837 case 27: /* CMD27: PROGRAM_CSD */
1838 sd->data[sd->data_offset ++] = value;
1839 if (sd->data_offset >= sizeof(sd->csd)) {
1840 /* TODO: Check CRC before committing */
1841 sd->state = sd_programming_state;
1842 for (i = 0; i < sizeof(sd->csd); i ++)
1843 if ((sd->csd[i] | sd_csd_rw_mask[i]) !=
1844 (sd->data[i] | sd_csd_rw_mask[i]))
1845 sd->card_status |= CID_CSD_OVERWRITE;
1847 /* Copy flag (OTP) & Permanent write protect */
1848 if (sd->csd[14] & ~sd->data[14] & 0x60)
1849 sd->card_status |= CID_CSD_OVERWRITE;
1851 if (!(sd->card_status & CID_CSD_OVERWRITE))
1852 for (i = 0; i < sizeof(sd->csd); i ++) {
1853 sd->csd[i] |= sd_csd_rw_mask[i];
1854 sd->csd[i] &= sd->data[i];
1856 /* Bzzzzzzztt .... Operation complete. */
1857 sd->state = sd_transfer_state;
1861 case 42: /* CMD42: LOCK_UNLOCK */
1862 sd->data[sd->data_offset ++] = value;
1863 if (sd->data_offset >= sd->blk_len) {
1864 /* TODO: Check CRC before committing */
1865 sd->state = sd_programming_state;
1866 sd_lock_command(sd);
1867 /* Bzzzzzzztt .... Operation complete. */
1868 sd->state = sd_transfer_state;
1872 case 56: /* CMD56: GEN_CMD */
1873 sd->data[sd->data_offset ++] = value;
1874 if (sd->data_offset >= sd->blk_len) {
1875 APP_WRITE_BLOCK(sd->data_start, sd->data_offset);
1876 sd->state = sd_transfer_state;
1881 qemu_log_mask(LOG_GUEST_ERROR, "sd_write_data: unknown command\n");
1886 uint8_t sd_read_data(SDState *sd)
1888 /* TODO: Append CRCs */
1892 if (!sd->blk || !blk_is_inserted(sd->blk) || !sd->enable)
1895 if (sd->state != sd_sendingdata_state) {
1896 qemu_log_mask(LOG_GUEST_ERROR,
1897 "sd_read_data: not in Sending-Data state\n");
1901 if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION))
1904 io_len = (sd->ocr & (1 << 30)) ? 512 : sd->blk_len;
1906 trace_sdcard_read_data(sd->current_cmd, io_len);
1907 switch (sd->current_cmd) {
1908 case 6: /* CMD6: SWITCH_FUNCTION */
1909 ret = sd->data[sd->data_offset ++];
1911 if (sd->data_offset >= 64)
1912 sd->state = sd_transfer_state;
1915 case 9: /* CMD9: SEND_CSD */
1916 case 10: /* CMD10: SEND_CID */
1917 ret = sd->data[sd->data_offset ++];
1919 if (sd->data_offset >= 16)
1920 sd->state = sd_transfer_state;
1923 case 13: /* ACMD13: SD_STATUS */
1924 ret = sd->sd_status[sd->data_offset ++];
1926 if (sd->data_offset >= sizeof(sd->sd_status))
1927 sd->state = sd_transfer_state;
1930 case 17: /* CMD17: READ_SINGLE_BLOCK */
1931 if (sd->data_offset == 0)
1932 BLK_READ_BLOCK(sd->data_start, io_len);
1933 ret = sd->data[sd->data_offset ++];
1935 if (sd->data_offset >= io_len)
1936 sd->state = sd_transfer_state;
1939 case 18: /* CMD18: READ_MULTIPLE_BLOCK */
1940 if (sd->data_offset == 0) {
1941 if (sd->data_start + io_len > sd->size) {
1942 sd->card_status |= ADDRESS_ERROR;
1945 BLK_READ_BLOCK(sd->data_start, io_len);
1947 ret = sd->data[sd->data_offset ++];
1949 if (sd->data_offset >= io_len) {
1950 sd->data_start += io_len;
1951 sd->data_offset = 0;
1953 if (sd->multi_blk_cnt != 0) {
1954 if (--sd->multi_blk_cnt == 0) {
1956 sd->state = sd_transfer_state;
1963 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
1964 ret = sd->data[sd->data_offset ++];
1966 if (sd->data_offset >= 4)
1967 sd->state = sd_transfer_state;
1970 case 30: /* CMD30: SEND_WRITE_PROT */
1971 ret = sd->data[sd->data_offset ++];
1973 if (sd->data_offset >= 4)
1974 sd->state = sd_transfer_state;
1977 case 51: /* ACMD51: SEND_SCR */
1978 ret = sd->scr[sd->data_offset ++];
1980 if (sd->data_offset >= sizeof(sd->scr))
1981 sd->state = sd_transfer_state;
1984 case 56: /* CMD56: GEN_CMD */
1985 if (sd->data_offset == 0)
1986 APP_READ_BLOCK(sd->data_start, sd->blk_len);
1987 ret = sd->data[sd->data_offset ++];
1989 if (sd->data_offset >= sd->blk_len)
1990 sd->state = sd_transfer_state;
1994 qemu_log_mask(LOG_GUEST_ERROR, "sd_read_data: unknown command\n");
2001 bool sd_data_ready(SDState *sd)
2003 return sd->state == sd_sendingdata_state;
2006 void sd_enable(SDState *sd, bool enable)
2008 sd->enable = enable;
2011 static void sd_instance_init(Object *obj)
2013 SDState *sd = SD_CARD(obj);
2016 sd->ocr_power_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, sd_ocr_powerup, sd);
2019 static void sd_instance_finalize(Object *obj)
2021 SDState *sd = SD_CARD(obj);
2023 timer_del(sd->ocr_power_timer);
2024 timer_free(sd->ocr_power_timer);
2027 static void sd_realize(DeviceState *dev, Error **errp)
2029 SDState *sd = SD_CARD(dev);
2032 if (sd->blk && blk_is_read_only(sd->blk)) {
2033 error_setg(errp, "Cannot use read-only drive as SD card");
2038 ret = blk_set_perm(sd->blk, BLK_PERM_CONSISTENT_READ | BLK_PERM_WRITE,
2039 BLK_PERM_ALL, errp);
2043 blk_set_dev_ops(sd->blk, &sd_block_ops, sd);
2047 static Property sd_properties[] = {
2048 DEFINE_PROP_DRIVE("drive", SDState, blk),
2049 /* We do not model the chip select pin, so allow the board to select
2050 * whether card should be in SSI or MMC/SD mode. It is also up to the
2051 * board to ensure that ssi transfers only occur when the chip select
2053 DEFINE_PROP_BOOL("spi", SDState, spi, false),
2054 DEFINE_PROP_END_OF_LIST()
2057 static void sd_class_init(ObjectClass *klass, void *data)
2059 DeviceClass *dc = DEVICE_CLASS(klass);
2060 SDCardClass *sc = SD_CARD_CLASS(klass);
2062 dc->realize = sd_realize;
2063 dc->props = sd_properties;
2064 dc->vmsd = &sd_vmstate;
2065 dc->reset = sd_reset;
2066 dc->bus_type = TYPE_SD_BUS;
2068 sc->set_voltage = sd_set_voltage;
2069 sc->get_dat_lines = sd_get_dat_lines;
2070 sc->get_cmd_line = sd_get_cmd_line;
2071 sc->do_command = sd_do_command;
2072 sc->write_data = sd_write_data;
2073 sc->read_data = sd_read_data;
2074 sc->data_ready = sd_data_ready;
2075 sc->enable = sd_enable;
2076 sc->get_inserted = sd_get_inserted;
2077 sc->get_readonly = sd_get_readonly;
2080 static const TypeInfo sd_info = {
2081 .name = TYPE_SD_CARD,
2082 .parent = TYPE_DEVICE,
2083 .instance_size = sizeof(SDState),
2084 .class_size = sizeof(SDCardClass),
2085 .class_init = sd_class_init,
2086 .instance_init = sd_instance_init,
2087 .instance_finalize = sd_instance_finalize,
2090 static void sd_register_types(void)
2092 type_register_static(&sd_info);
2095 type_init(sd_register_types)
projects / qemu.git / blob