2 * SD Memory Card emulation as defined in the "SD Memory Card Physical
3 * layer specification, Version 1.10."
6 * Copyright (c) 2007 CodeSourcery
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in
16 * the documentation and/or other materials provided with the
19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS''
20 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
21 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
22 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR
23 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
24 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
25 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
26 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
27 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
28 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
29 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
32 #include "qemu/osdep.h"
35 #include "sysemu/block-backend.h"
37 #include "qapi/error.h"
38 #include "qemu/bitmap.h"
39 #include "hw/qdev-properties.h"
40 #include "qemu/error-report.h"
41 #include "qemu/timer.h"
48 #define DPRINTF(fmt, ...) \
49 do { fprintf(stderr, "SD: " fmt , ## __VA_ARGS__); } while (0)
51 #define DPRINTF(fmt, ...) do {} while(0)
54 #define ACMD41_ENQUIRY_MASK 0x00ffffff
55 #define OCR_POWER_UP 0x80000000
56 #define OCR_POWER_DELAY_NS 500000 /* 0.5ms */
59 sd_r0 = 0, /* no response */
60 sd_r1, /* normal response command */
61 sd_r2_i, /* CID register */
62 sd_r2_s, /* CSD register */
63 sd_r3, /* OCR register */
64 sd_r6 = 6, /* Published RCA response */
65 sd_r7, /* Operating voltage */
72 sd_card_identification_mode,
73 sd_data_transfer_mode,
77 sd_inactive_state = -1,
80 sd_identification_state,
84 sd_receivingdata_state,
90 DeviceState parent_obj;
92 /* SD Memory Card Registers */
99 uint8_t sd_status[64];
101 /* Configurable properties */
105 uint32_t mode; /* current card mode, one of SDCardModes */
106 int32_t state; /* current card state, one of SDCardStates */
109 unsigned long *wp_groups;
113 uint32_t multi_blk_cnt;
114 uint32_t erase_start;
118 uint8_t function_group[6];
120 /* True if we will handle the next command as an ACMD. Note that this does
121 * *not* track the APP_CMD status bit!
124 uint32_t blk_written;
126 uint32_t data_offset;
128 qemu_irq readonly_cb;
129 qemu_irq inserted_cb;
130 QEMUTimer *ocr_power_timer;
136 static const char *sd_state_name(enum SDCardStates state)
138 static const char *state_name[] = {
139 [sd_idle_state] = "idle",
140 [sd_ready_state] = "ready",
141 [sd_identification_state] = "identification",
142 [sd_standby_state] = "standby",
143 [sd_transfer_state] = "transfer",
144 [sd_sendingdata_state] = "sendingdata",
145 [sd_receivingdata_state] = "receivingdata",
146 [sd_programming_state] = "programming",
147 [sd_disconnect_state] = "disconnect",
149 if (state == sd_inactive_state) {
152 assert(state <= ARRAY_SIZE(state_name));
153 return state_name[state];
156 static uint8_t sd_get_dat_lines(SDState *sd)
158 return sd->enable ? sd->dat_lines : 0;
161 static bool sd_get_cmd_line(SDState *sd)
163 return sd->enable ? sd->cmd_line : false;
166 static void sd_set_voltage(SDState *sd, uint16_t millivolts)
168 switch (millivolts) {
169 case 3001 ... 3600: /* SD_VOLTAGE_3_3V */
170 case 2001 ... 3000: /* SD_VOLTAGE_3_0V */
173 qemu_log_mask(LOG_GUEST_ERROR, "SD card voltage not supported: %.3fV",
174 millivolts / 1000.f);
178 static void sd_set_mode(SDState *sd)
181 case sd_inactive_state:
182 sd->mode = sd_inactive;
187 case sd_identification_state:
188 sd->mode = sd_card_identification_mode;
191 case sd_standby_state:
192 case sd_transfer_state:
193 case sd_sendingdata_state:
194 case sd_receivingdata_state:
195 case sd_programming_state:
196 case sd_disconnect_state:
197 sd->mode = sd_data_transfer_mode;
202 static const sd_cmd_type_t sd_cmd_type[64] = {
203 sd_bc, sd_none, sd_bcr, sd_bcr, sd_none, sd_none, sd_none, sd_ac,
204 sd_bcr, sd_ac, sd_ac, sd_adtc, sd_ac, sd_ac, sd_none, sd_ac,
205 sd_ac, sd_adtc, sd_adtc, sd_none, sd_none, sd_none, sd_none, sd_none,
206 sd_adtc, sd_adtc, sd_adtc, sd_adtc, sd_ac, sd_ac, sd_adtc, sd_none,
207 sd_ac, sd_ac, sd_none, sd_none, sd_none, sd_none, sd_ac, sd_none,
208 sd_none, sd_none, sd_bc, sd_none, sd_none, sd_none, sd_none, sd_none,
209 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_ac,
210 sd_adtc, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
213 static const int sd_cmd_class[64] = {
214 0, 0, 0, 0, 0, 9, 10, 0, 0, 0, 0, 1, 0, 0, 0, 0,
215 2, 2, 2, 2, 3, 3, 3, 3, 4, 4, 4, 4, 6, 6, 6, 6,
216 5, 5, 10, 10, 10, 10, 5, 9, 9, 9, 7, 7, 7, 7, 7, 7,
217 7, 7, 10, 7, 9, 9, 9, 8, 8, 10, 8, 8, 8, 8, 8, 8,
220 static uint8_t sd_crc7(void *message, size_t width)
223 uint8_t shift_reg = 0x00;
224 uint8_t *msg = (uint8_t *) message;
226 for (i = 0; i < width; i ++, msg ++)
227 for (bit = 7; bit >= 0; bit --) {
229 if ((shift_reg >> 7) ^ ((*msg >> bit) & 1))
236 static uint16_t sd_crc16(void *message, size_t width)
239 uint16_t shift_reg = 0x0000;
240 uint16_t *msg = (uint16_t *) message;
243 for (i = 0; i < width; i ++, msg ++)
244 for (bit = 15; bit >= 0; bit --) {
246 if ((shift_reg >> 15) ^ ((*msg >> bit) & 1))
253 static void sd_set_ocr(SDState *sd)
255 /* All voltages OK, Standard Capacity SD Memory Card, not yet powered up */
256 sd->ocr = 0x00ffff00;
259 static void sd_ocr_powerup(void *opaque)
261 SDState *sd = opaque;
263 /* Set powered up bit in OCR */
264 assert(!(sd->ocr & OCR_POWER_UP));
265 sd->ocr |= OCR_POWER_UP;
268 static void sd_set_scr(SDState *sd)
270 sd->scr[0] = 0x00; /* SCR Structure */
271 sd->scr[1] = 0x2f; /* SD Security Support */
287 static void sd_set_cid(SDState *sd)
289 sd->cid[0] = MID; /* Fake card manufacturer ID (MID) */
290 sd->cid[1] = OID[0]; /* OEM/Application ID (OID) */
292 sd->cid[3] = PNM[0]; /* Fake product name (PNM) */
297 sd->cid[8] = PRV; /* Fake product revision (PRV) */
298 sd->cid[9] = 0xde; /* Fake serial number (PSN) */
302 sd->cid[13] = 0x00 | /* Manufacture date (MDT) */
303 ((MDT_YR - 2000) / 10);
304 sd->cid[14] = ((MDT_YR % 10) << 4) | MDT_MON;
305 sd->cid[15] = (sd_crc7(sd->cid, 15) << 1) | 1;
308 #define HWBLOCK_SHIFT 9 /* 512 bytes */
309 #define SECTOR_SHIFT 5 /* 16 kilobytes */
310 #define WPGROUP_SHIFT 7 /* 2 megs */
311 #define CMULT_SHIFT 9 /* 512 times HWBLOCK_SIZE */
312 #define WPGROUP_SIZE (1 << (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT))
314 static const uint8_t sd_csd_rw_mask[16] = {
315 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
316 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xfc, 0xfe,
319 static void sd_set_csd(SDState *sd, uint64_t size)
321 uint32_t csize = (size >> (CMULT_SHIFT + HWBLOCK_SHIFT)) - 1;
322 uint32_t sectsize = (1 << (SECTOR_SHIFT + 1)) - 1;
323 uint32_t wpsize = (1 << (WPGROUP_SHIFT + 1)) - 1;
325 if (size <= 0x40000000) { /* Standard Capacity SD */
326 sd->csd[0] = 0x00; /* CSD structure */
327 sd->csd[1] = 0x26; /* Data read access-time-1 */
328 sd->csd[2] = 0x00; /* Data read access-time-2 */
329 sd->csd[3] = 0x5a; /* Max. data transfer rate */
330 sd->csd[4] = 0x5f; /* Card Command Classes */
331 sd->csd[5] = 0x50 | /* Max. read data block length */
333 sd->csd[6] = 0xe0 | /* Partial block for read allowed */
334 ((csize >> 10) & 0x03);
335 sd->csd[7] = 0x00 | /* Device size */
336 ((csize >> 2) & 0xff);
337 sd->csd[8] = 0x3f | /* Max. read current */
338 ((csize << 6) & 0xc0);
339 sd->csd[9] = 0xfc | /* Max. write current */
340 ((CMULT_SHIFT - 2) >> 1);
341 sd->csd[10] = 0x40 | /* Erase sector size */
342 (((CMULT_SHIFT - 2) << 7) & 0x80) | (sectsize >> 1);
343 sd->csd[11] = 0x00 | /* Write protect group size */
344 ((sectsize << 7) & 0x80) | wpsize;
345 sd->csd[12] = 0x90 | /* Write speed factor */
346 (HWBLOCK_SHIFT >> 2);
347 sd->csd[13] = 0x20 | /* Max. write data block length */
348 ((HWBLOCK_SHIFT << 6) & 0xc0);
349 sd->csd[14] = 0x00; /* File format group */
350 sd->csd[15] = (sd_crc7(sd->csd, 15) << 1) | 1;
361 sd->csd[7] = (size >> 16) & 0xff;
362 sd->csd[8] = (size >> 8) & 0xff;
363 sd->csd[9] = (size & 0xff);
370 sd->ocr |= 1 << 30; /* High Capacity SD Memory Card */
374 static void sd_set_rca(SDState *sd)
379 /* Card status bits, split by clear condition:
380 * A : According to the card current state
381 * B : Always related to the previous command
382 * C : Cleared by read
384 #define CARD_STATUS_A 0x02004100
385 #define CARD_STATUS_B 0x00c01e00
386 #define CARD_STATUS_C 0xfd39a028
388 static void sd_set_cardstatus(SDState *sd)
390 sd->card_status = 0x00000100;
393 static void sd_set_sdstatus(SDState *sd)
395 memset(sd->sd_status, 0, 64);
398 static int sd_req_crc_validate(SDRequest *req)
401 buffer[0] = 0x40 | req->cmd;
402 buffer[1] = (req->arg >> 24) & 0xff;
403 buffer[2] = (req->arg >> 16) & 0xff;
404 buffer[3] = (req->arg >> 8) & 0xff;
405 buffer[4] = (req->arg >> 0) & 0xff;
407 return sd_crc7(buffer, 5) != req->crc; /* TODO */
410 static void sd_response_r1_make(SDState *sd, uint8_t *response)
412 uint32_t status = sd->card_status;
413 /* Clear the "clear on read" status bits */
414 sd->card_status &= ~CARD_STATUS_C;
416 response[0] = (status >> 24) & 0xff;
417 response[1] = (status >> 16) & 0xff;
418 response[2] = (status >> 8) & 0xff;
419 response[3] = (status >> 0) & 0xff;
422 static void sd_response_r3_make(SDState *sd, uint8_t *response)
424 response[0] = (sd->ocr >> 24) & 0xff;
425 response[1] = (sd->ocr >> 16) & 0xff;
426 response[2] = (sd->ocr >> 8) & 0xff;
427 response[3] = (sd->ocr >> 0) & 0xff;
430 static void sd_response_r6_make(SDState *sd, uint8_t *response)
436 status = ((sd->card_status >> 8) & 0xc000) |
437 ((sd->card_status >> 6) & 0x2000) |
438 (sd->card_status & 0x1fff);
439 sd->card_status &= ~(CARD_STATUS_C & 0xc81fff);
441 response[0] = (arg >> 8) & 0xff;
442 response[1] = arg & 0xff;
443 response[2] = (status >> 8) & 0xff;
444 response[3] = status & 0xff;
447 static void sd_response_r7_make(SDState *sd, uint8_t *response)
449 response[0] = (sd->vhs >> 24) & 0xff;
450 response[1] = (sd->vhs >> 16) & 0xff;
451 response[2] = (sd->vhs >> 8) & 0xff;
452 response[3] = (sd->vhs >> 0) & 0xff;
455 static inline uint64_t sd_addr_to_wpnum(uint64_t addr)
457 return addr >> (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT);
460 static void sd_reset(DeviceState *dev)
462 SDState *sd = SD_CARD(dev);
467 blk_get_geometry(sd->blk, §);
473 sect = sd_addr_to_wpnum(size) + 1;
475 sd->state = sd_idle_state;
480 sd_set_csd(sd, size);
481 sd_set_cardstatus(sd);
484 g_free(sd->wp_groups);
485 sd->wp_switch = sd->blk ? blk_is_read_only(sd->blk) : false;
486 sd->wpgrps_size = sect;
487 sd->wp_groups = bitmap_new(sd->wpgrps_size);
488 memset(sd->function_group, 0, sizeof(sd->function_group));
494 sd->expecting_acmd = false;
497 sd->multi_blk_cnt = 0;
500 static bool sd_get_inserted(SDState *sd)
502 return sd->blk && blk_is_inserted(sd->blk);
505 static bool sd_get_readonly(SDState *sd)
507 return sd->wp_switch;
510 static void sd_cardchange(void *opaque, bool load, Error **errp)
512 SDState *sd = opaque;
513 DeviceState *dev = DEVICE(sd);
514 SDBus *sdbus = SD_BUS(qdev_get_parent_bus(dev));
515 bool inserted = sd_get_inserted(sd);
516 bool readonly = sd_get_readonly(sd);
522 /* The IRQ notification is for legacy non-QOM SD controller devices;
523 * QOMified controllers use the SDBus APIs.
526 sdbus_set_inserted(sdbus, inserted);
528 sdbus_set_readonly(sdbus, readonly);
531 qemu_set_irq(sd->inserted_cb, inserted);
533 qemu_set_irq(sd->readonly_cb, readonly);
538 static const BlockDevOps sd_block_ops = {
539 .change_media_cb = sd_cardchange,
542 static bool sd_ocr_vmstate_needed(void *opaque)
544 SDState *sd = opaque;
546 /* Include the OCR state (and timer) if it is not yet powered up */
547 return !(sd->ocr & OCR_POWER_UP);
550 static const VMStateDescription sd_ocr_vmstate = {
551 .name = "sd-card/ocr-state",
553 .minimum_version_id = 1,
554 .needed = sd_ocr_vmstate_needed,
555 .fields = (VMStateField[]) {
556 VMSTATE_UINT32(ocr, SDState),
557 VMSTATE_TIMER_PTR(ocr_power_timer, SDState),
558 VMSTATE_END_OF_LIST()
562 static int sd_vmstate_pre_load(void *opaque)
564 SDState *sd = opaque;
566 /* If the OCR state is not included (prior versions, or not
567 * needed), then the OCR must be set as powered up. If the OCR state
568 * is included, this will be replaced by the state restore.
575 static const VMStateDescription sd_vmstate = {
578 .minimum_version_id = 1,
579 .pre_load = sd_vmstate_pre_load,
580 .fields = (VMStateField[]) {
581 VMSTATE_UINT32(mode, SDState),
582 VMSTATE_INT32(state, SDState),
583 VMSTATE_UINT8_ARRAY(cid, SDState, 16),
584 VMSTATE_UINT8_ARRAY(csd, SDState, 16),
585 VMSTATE_UINT16(rca, SDState),
586 VMSTATE_UINT32(card_status, SDState),
587 VMSTATE_PARTIAL_BUFFER(sd_status, SDState, 1),
588 VMSTATE_UINT32(vhs, SDState),
589 VMSTATE_BITMAP(wp_groups, SDState, 0, wpgrps_size),
590 VMSTATE_UINT32(blk_len, SDState),
591 VMSTATE_UINT32(multi_blk_cnt, SDState),
592 VMSTATE_UINT32(erase_start, SDState),
593 VMSTATE_UINT32(erase_end, SDState),
594 VMSTATE_UINT8_ARRAY(pwd, SDState, 16),
595 VMSTATE_UINT32(pwd_len, SDState),
596 VMSTATE_UINT8_ARRAY(function_group, SDState, 6),
597 VMSTATE_UINT8(current_cmd, SDState),
598 VMSTATE_BOOL(expecting_acmd, SDState),
599 VMSTATE_UINT32(blk_written, SDState),
600 VMSTATE_UINT64(data_start, SDState),
601 VMSTATE_UINT32(data_offset, SDState),
602 VMSTATE_UINT8_ARRAY(data, SDState, 512),
603 VMSTATE_UNUSED_V(1, 512),
604 VMSTATE_BOOL(enable, SDState),
605 VMSTATE_END_OF_LIST()
607 .subsections = (const VMStateDescription*[]) {
613 /* Legacy initialization function for use by non-qdevified callers */
614 SDState *sd_init(BlockBackend *blk, bool is_spi)
620 obj = object_new(TYPE_SD_CARD);
622 qdev_prop_set_drive(dev, "drive", blk, &err);
624 error_report("sd_init failed: %s", error_get_pretty(err));
627 qdev_prop_set_bit(dev, "spi", is_spi);
628 object_property_set_bool(obj, true, "realized", &err);
630 error_report("sd_init failed: %s", error_get_pretty(err));
637 void sd_set_cb(SDState *sd, qemu_irq readonly, qemu_irq insert)
639 sd->readonly_cb = readonly;
640 sd->inserted_cb = insert;
641 qemu_set_irq(readonly, sd->blk ? blk_is_read_only(sd->blk) : 0);
642 qemu_set_irq(insert, sd->blk ? blk_is_inserted(sd->blk) : 0);
645 static void sd_erase(SDState *sd)
648 uint64_t erase_start = sd->erase_start;
649 uint64_t erase_end = sd->erase_end;
651 if (!sd->erase_start || !sd->erase_end) {
652 sd->card_status |= ERASE_SEQ_ERROR;
656 if (extract32(sd->ocr, OCR_CCS_BITN, 1)) {
657 /* High capacity memory card: erase units are 512 byte blocks */
662 erase_start = sd_addr_to_wpnum(erase_start);
663 erase_end = sd_addr_to_wpnum(erase_end);
668 for (i = erase_start; i <= erase_end; i++) {
669 if (test_bit(i, sd->wp_groups)) {
670 sd->card_status |= WP_ERASE_SKIP;
675 static uint32_t sd_wpbits(SDState *sd, uint64_t addr)
680 wpnum = sd_addr_to_wpnum(addr);
682 for (i = 0; i < 32; i++, wpnum++, addr += WPGROUP_SIZE) {
683 if (addr < sd->size && test_bit(wpnum, sd->wp_groups)) {
691 static void sd_function_switch(SDState *sd, uint32_t arg)
693 int i, mode, new_func, crc;
694 mode = !!(arg & 0x80000000);
696 sd->data[0] = 0x00; /* Maximum current consumption */
698 sd->data[2] = 0x80; /* Supported group 6 functions */
700 sd->data[4] = 0x80; /* Supported group 5 functions */
702 sd->data[6] = 0x80; /* Supported group 4 functions */
704 sd->data[8] = 0x80; /* Supported group 3 functions */
706 sd->data[10] = 0x80; /* Supported group 2 functions */
708 sd->data[12] = 0x80; /* Supported group 1 functions */
710 for (i = 0; i < 6; i ++) {
711 new_func = (arg >> (i * 4)) & 0x0f;
712 if (mode && new_func != 0x0f)
713 sd->function_group[i] = new_func;
714 sd->data[14 + (i >> 1)] = new_func << ((i * 4) & 4);
716 memset(&sd->data[17], 0, 47);
717 crc = sd_crc16(sd->data, 64);
718 sd->data[65] = crc >> 8;
719 sd->data[66] = crc & 0xff;
722 static inline bool sd_wp_addr(SDState *sd, uint64_t addr)
724 return test_bit(sd_addr_to_wpnum(addr), sd->wp_groups);
727 static void sd_lock_command(SDState *sd)
729 int erase, lock, clr_pwd, set_pwd, pwd_len;
730 erase = !!(sd->data[0] & 0x08);
731 lock = sd->data[0] & 0x04;
732 clr_pwd = sd->data[0] & 0x02;
733 set_pwd = sd->data[0] & 0x01;
736 pwd_len = sd->data[1];
741 if (!(sd->card_status & CARD_IS_LOCKED) || sd->blk_len > 1 ||
742 set_pwd || clr_pwd || lock || sd->wp_switch ||
743 (sd->csd[14] & 0x20)) {
744 sd->card_status |= LOCK_UNLOCK_FAILED;
747 bitmap_zero(sd->wp_groups, sd->wpgrps_size);
748 sd->csd[14] &= ~0x10;
749 sd->card_status &= ~CARD_IS_LOCKED;
751 /* Erasing the entire card here! */
752 fprintf(stderr, "SD: Card force-erased by CMD42\n");
756 if (sd->blk_len < 2 + pwd_len ||
757 pwd_len <= sd->pwd_len ||
758 pwd_len > sd->pwd_len + 16) {
759 sd->card_status |= LOCK_UNLOCK_FAILED;
763 if (sd->pwd_len && memcmp(sd->pwd, sd->data + 2, sd->pwd_len)) {
764 sd->card_status |= LOCK_UNLOCK_FAILED;
768 pwd_len -= sd->pwd_len;
769 if ((pwd_len && !set_pwd) ||
770 (clr_pwd && (set_pwd || lock)) ||
771 (lock && !sd->pwd_len && !set_pwd) ||
772 (!set_pwd && !clr_pwd &&
773 (((sd->card_status & CARD_IS_LOCKED) && lock) ||
774 (!(sd->card_status & CARD_IS_LOCKED) && !lock)))) {
775 sd->card_status |= LOCK_UNLOCK_FAILED;
780 memcpy(sd->pwd, sd->data + 2 + sd->pwd_len, pwd_len);
781 sd->pwd_len = pwd_len;
789 sd->card_status |= CARD_IS_LOCKED;
791 sd->card_status &= ~CARD_IS_LOCKED;
794 static sd_rsp_type_t sd_normal_command(SDState *sd,
797 uint32_t rca = 0x0000;
798 uint64_t addr = (sd->ocr & (1 << 30)) ? (uint64_t) req.arg << 9 : req.arg;
800 trace_sdcard_normal_command(req.cmd, req.arg, sd_state_name(sd->state));
802 /* Not interpreting this as an app command */
803 sd->card_status &= ~APP_CMD;
805 if (sd_cmd_type[req.cmd & 0x3F] == sd_ac
806 || sd_cmd_type[req.cmd & 0x3F] == sd_adtc) {
810 /* CMD23 (set block count) must be immediately followed by CMD18 or CMD25
811 * if not, its effects are cancelled */
812 if (sd->multi_blk_cnt != 0 && !(req.cmd == 18 || req.cmd == 25)) {
813 sd->multi_blk_cnt = 0;
817 /* Basic commands (Class 0 and Class 1) */
818 case 0: /* CMD0: GO_IDLE_STATE */
820 case sd_inactive_state:
821 return sd->spi ? sd_r1 : sd_r0;
824 sd->state = sd_idle_state;
825 sd_reset(DEVICE(sd));
826 return sd->spi ? sd_r1 : sd_r0;
830 case 1: /* CMD1: SEND_OP_CMD */
834 sd->state = sd_transfer_state;
837 case 2: /* CMD2: ALL_SEND_CID */
842 sd->state = sd_identification_state;
850 case 3: /* CMD3: SEND_RELATIVE_ADDR */
854 case sd_identification_state:
855 case sd_standby_state:
856 sd->state = sd_standby_state;
865 case 4: /* CMD4: SEND_DSR */
869 case sd_standby_state:
877 case 5: /* CMD5: reserved for SDIO cards */
880 case 6: /* CMD6: SWITCH_FUNCTION */
884 case sd_data_transfer_mode:
885 sd_function_switch(sd, req.arg);
886 sd->state = sd_sendingdata_state;
896 case 7: /* CMD7: SELECT/DESELECT_CARD */
900 case sd_standby_state:
904 sd->state = sd_transfer_state;
907 case sd_transfer_state:
908 case sd_sendingdata_state:
912 sd->state = sd_standby_state;
915 case sd_disconnect_state:
919 sd->state = sd_programming_state;
922 case sd_programming_state:
926 sd->state = sd_disconnect_state;
934 case 8: /* CMD8: SEND_IF_COND */
935 /* Physical Layer Specification Version 2.00 command */
940 /* No response if not exactly one VHS bit is set. */
941 if (!(req.arg >> 8) || (req.arg >> (ctz32(req.arg & ~0xff) + 1))) {
942 return sd->spi ? sd_r7 : sd_r0;
954 case 9: /* CMD9: SEND_CSD */
956 case sd_standby_state:
962 case sd_transfer_state:
965 sd->state = sd_sendingdata_state;
966 memcpy(sd->data, sd->csd, 16);
967 sd->data_start = addr;
976 case 10: /* CMD10: SEND_CID */
978 case sd_standby_state:
984 case sd_transfer_state:
987 sd->state = sd_sendingdata_state;
988 memcpy(sd->data, sd->cid, 16);
989 sd->data_start = addr;
998 case 11: /* CMD11: READ_DAT_UNTIL_STOP */
1001 switch (sd->state) {
1002 case sd_transfer_state:
1003 sd->state = sd_sendingdata_state;
1004 sd->data_start = req.arg;
1005 sd->data_offset = 0;
1007 if (sd->data_start + sd->blk_len > sd->size)
1008 sd->card_status |= ADDRESS_ERROR;
1016 case 12: /* CMD12: STOP_TRANSMISSION */
1017 switch (sd->state) {
1018 case sd_sendingdata_state:
1019 sd->state = sd_transfer_state;
1022 case sd_receivingdata_state:
1023 sd->state = sd_programming_state;
1024 /* Bzzzzzzztt .... Operation complete. */
1025 sd->state = sd_transfer_state;
1033 case 13: /* CMD13: SEND_STATUS */
1035 case sd_data_transfer_mode:
1046 case 15: /* CMD15: GO_INACTIVE_STATE */
1050 case sd_data_transfer_mode:
1054 sd->state = sd_inactive_state;
1062 /* Block read commands (Classs 2) */
1063 case 16: /* CMD16: SET_BLOCKLEN */
1064 switch (sd->state) {
1065 case sd_transfer_state:
1066 if (req.arg > (1 << HWBLOCK_SHIFT))
1067 sd->card_status |= BLOCK_LEN_ERROR;
1069 sd->blk_len = req.arg;
1078 case 17: /* CMD17: READ_SINGLE_BLOCK */
1079 switch (sd->state) {
1080 case sd_transfer_state:
1081 sd->state = sd_sendingdata_state;
1082 sd->data_start = addr;
1083 sd->data_offset = 0;
1085 if (sd->data_start + sd->blk_len > sd->size)
1086 sd->card_status |= ADDRESS_ERROR;
1094 case 18: /* CMD18: READ_MULTIPLE_BLOCK */
1095 switch (sd->state) {
1096 case sd_transfer_state:
1097 sd->state = sd_sendingdata_state;
1098 sd->data_start = addr;
1099 sd->data_offset = 0;
1101 if (sd->data_start + sd->blk_len > sd->size)
1102 sd->card_status |= ADDRESS_ERROR;
1110 case 23: /* CMD23: SET_BLOCK_COUNT */
1111 switch (sd->state) {
1112 case sd_transfer_state:
1113 sd->multi_blk_cnt = req.arg;
1121 /* Block write commands (Class 4) */
1122 case 24: /* CMD24: WRITE_SINGLE_BLOCK */
1124 goto unimplemented_cmd;
1125 switch (sd->state) {
1126 case sd_transfer_state:
1127 /* Writing in SPI mode not implemented. */
1130 sd->state = sd_receivingdata_state;
1131 sd->data_start = addr;
1132 sd->data_offset = 0;
1133 sd->blk_written = 0;
1135 if (sd->data_start + sd->blk_len > sd->size)
1136 sd->card_status |= ADDRESS_ERROR;
1137 if (sd_wp_addr(sd, sd->data_start))
1138 sd->card_status |= WP_VIOLATION;
1139 if (sd->csd[14] & 0x30)
1140 sd->card_status |= WP_VIOLATION;
1148 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
1150 goto unimplemented_cmd;
1151 switch (sd->state) {
1152 case sd_transfer_state:
1153 /* Writing in SPI mode not implemented. */
1156 sd->state = sd_receivingdata_state;
1157 sd->data_start = addr;
1158 sd->data_offset = 0;
1159 sd->blk_written = 0;
1161 if (sd->data_start + sd->blk_len > sd->size)
1162 sd->card_status |= ADDRESS_ERROR;
1163 if (sd_wp_addr(sd, sd->data_start))
1164 sd->card_status |= WP_VIOLATION;
1165 if (sd->csd[14] & 0x30)
1166 sd->card_status |= WP_VIOLATION;
1174 case 26: /* CMD26: PROGRAM_CID */
1177 switch (sd->state) {
1178 case sd_transfer_state:
1179 sd->state = sd_receivingdata_state;
1181 sd->data_offset = 0;
1189 case 27: /* CMD27: PROGRAM_CSD */
1191 goto unimplemented_cmd;
1192 switch (sd->state) {
1193 case sd_transfer_state:
1194 sd->state = sd_receivingdata_state;
1196 sd->data_offset = 0;
1204 /* Write protection (Class 6) */
1205 case 28: /* CMD28: SET_WRITE_PROT */
1206 switch (sd->state) {
1207 case sd_transfer_state:
1208 if (addr >= sd->size) {
1209 sd->card_status |= ADDRESS_ERROR;
1213 sd->state = sd_programming_state;
1214 set_bit(sd_addr_to_wpnum(addr), sd->wp_groups);
1215 /* Bzzzzzzztt .... Operation complete. */
1216 sd->state = sd_transfer_state;
1224 case 29: /* CMD29: CLR_WRITE_PROT */
1225 switch (sd->state) {
1226 case sd_transfer_state:
1227 if (addr >= sd->size) {
1228 sd->card_status |= ADDRESS_ERROR;
1232 sd->state = sd_programming_state;
1233 clear_bit(sd_addr_to_wpnum(addr), sd->wp_groups);
1234 /* Bzzzzzzztt .... Operation complete. */
1235 sd->state = sd_transfer_state;
1243 case 30: /* CMD30: SEND_WRITE_PROT */
1244 switch (sd->state) {
1245 case sd_transfer_state:
1246 sd->state = sd_sendingdata_state;
1247 *(uint32_t *) sd->data = sd_wpbits(sd, req.arg);
1248 sd->data_start = addr;
1249 sd->data_offset = 0;
1257 /* Erase commands (Class 5) */
1258 case 32: /* CMD32: ERASE_WR_BLK_START */
1259 switch (sd->state) {
1260 case sd_transfer_state:
1261 sd->erase_start = req.arg;
1269 case 33: /* CMD33: ERASE_WR_BLK_END */
1270 switch (sd->state) {
1271 case sd_transfer_state:
1272 sd->erase_end = req.arg;
1280 case 38: /* CMD38: ERASE */
1281 switch (sd->state) {
1282 case sd_transfer_state:
1283 if (sd->csd[14] & 0x30) {
1284 sd->card_status |= WP_VIOLATION;
1288 sd->state = sd_programming_state;
1290 /* Bzzzzzzztt .... Operation complete. */
1291 sd->state = sd_transfer_state;
1299 /* Lock card commands (Class 7) */
1300 case 42: /* CMD42: LOCK_UNLOCK */
1302 goto unimplemented_cmd;
1303 switch (sd->state) {
1304 case sd_transfer_state:
1305 sd->state = sd_receivingdata_state;
1307 sd->data_offset = 0;
1317 /* CMD52, CMD53: reserved for SDIO cards
1318 * (see the SDIO Simplified Specification V2.0)
1319 * Handle as illegal command but do not complain
1320 * on stderr, as some OSes may use these in their
1321 * probing for presence of an SDIO card.
1325 /* Application specific commands (Class 8) */
1326 case 55: /* CMD55: APP_CMD */
1330 sd->expecting_acmd = true;
1331 sd->card_status |= APP_CMD;
1334 case 56: /* CMD56: GEN_CMD */
1335 switch (sd->state) {
1336 case sd_transfer_state:
1337 sd->data_offset = 0;
1339 sd->state = sd_sendingdata_state;
1341 sd->state = sd_receivingdata_state;
1351 qemu_log_mask(LOG_GUEST_ERROR, "SD: Unknown CMD%i\n", req.cmd);
1355 /* Commands that are recognised but not yet implemented in SPI mode. */
1356 qemu_log_mask(LOG_UNIMP, "SD: CMD%i not implemented in SPI mode\n",
1361 qemu_log_mask(LOG_GUEST_ERROR, "SD: CMD%i in a wrong state\n", req.cmd);
1365 static sd_rsp_type_t sd_app_command(SDState *sd,
1368 trace_sdcard_app_command(req.cmd, req.arg);
1369 sd->card_status |= APP_CMD;
1371 case 6: /* ACMD6: SET_BUS_WIDTH */
1372 switch (sd->state) {
1373 case sd_transfer_state:
1374 sd->sd_status[0] &= 0x3f;
1375 sd->sd_status[0] |= (req.arg & 0x03) << 6;
1383 case 13: /* ACMD13: SD_STATUS */
1384 switch (sd->state) {
1385 case sd_transfer_state:
1386 sd->state = sd_sendingdata_state;
1388 sd->data_offset = 0;
1396 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
1397 switch (sd->state) {
1398 case sd_transfer_state:
1399 *(uint32_t *) sd->data = sd->blk_written;
1401 sd->state = sd_sendingdata_state;
1403 sd->data_offset = 0;
1411 case 23: /* ACMD23: SET_WR_BLK_ERASE_COUNT */
1412 switch (sd->state) {
1413 case sd_transfer_state:
1421 case 41: /* ACMD41: SD_APP_OP_COND */
1424 sd->state = sd_transfer_state;
1427 switch (sd->state) {
1429 /* If it's the first ACMD41 since reset, we need to decide
1430 * whether to power up. If this is not an enquiry ACMD41,
1431 * we immediately report power on and proceed below to the
1432 * ready state, but if it is, we set a timer to model a
1433 * delay for power up. This works around a bug in EDK2
1434 * UEFI, which sends an initial enquiry ACMD41, but
1435 * assumes that the card is in ready state as soon as it
1436 * sees the power up bit set. */
1437 if (!(sd->ocr & OCR_POWER_UP)) {
1438 if ((req.arg & ACMD41_ENQUIRY_MASK) != 0) {
1439 timer_del(sd->ocr_power_timer);
1441 } else if (!timer_pending(sd->ocr_power_timer)) {
1442 timer_mod_ns(sd->ocr_power_timer,
1443 (qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL)
1444 + OCR_POWER_DELAY_NS));
1448 /* We accept any voltage. 10000 V is nothing.
1450 * Once we're powered up, we advance straight to ready state
1451 * unless it's an enquiry ACMD41 (bits 23:0 == 0).
1453 if (req.arg & ACMD41_ENQUIRY_MASK) {
1454 sd->state = sd_ready_state;
1464 case 42: /* ACMD42: SET_CLR_CARD_DETECT */
1465 switch (sd->state) {
1466 case sd_transfer_state:
1467 /* Bringing in the 50KOhm pull-up resistor... Done. */
1475 case 51: /* ACMD51: SEND_SCR */
1476 switch (sd->state) {
1477 case sd_transfer_state:
1478 sd->state = sd_sendingdata_state;
1480 sd->data_offset = 0;
1489 /* Fall back to standard commands. */
1490 return sd_normal_command(sd, req);
1493 qemu_log_mask(LOG_GUEST_ERROR, "SD: ACMD%i in a wrong state\n", req.cmd);
1497 static int cmd_valid_while_locked(SDState *sd, SDRequest *req)
1499 /* Valid commands in locked state:
1501 * lock card class (7)
1503 * implicitly, the ACMD prefix CMD55
1505 * Anything else provokes an "illegal command" response.
1507 if (sd->expecting_acmd) {
1508 return req->cmd == 41 || req->cmd == 42;
1510 if (req->cmd == 16 || req->cmd == 55) {
1513 return sd_cmd_class[req->cmd & 0x3F] == 0
1514 || sd_cmd_class[req->cmd & 0x3F] == 7;
1517 int sd_do_command(SDState *sd, SDRequest *req,
1518 uint8_t *response) {
1520 sd_rsp_type_t rtype;
1523 if (!sd->blk || !blk_is_inserted(sd->blk) || !sd->enable) {
1527 if (sd_req_crc_validate(req)) {
1528 sd->card_status |= COM_CRC_ERROR;
1533 if (sd->card_status & CARD_IS_LOCKED) {
1534 if (!cmd_valid_while_locked(sd, req)) {
1535 sd->card_status |= ILLEGAL_COMMAND;
1536 sd->expecting_acmd = false;
1537 qemu_log_mask(LOG_GUEST_ERROR, "SD: Card is locked\n");
1543 last_state = sd->state;
1546 if (sd->expecting_acmd) {
1547 sd->expecting_acmd = false;
1548 rtype = sd_app_command(sd, *req);
1550 rtype = sd_normal_command(sd, *req);
1553 if (rtype == sd_illegal) {
1554 sd->card_status |= ILLEGAL_COMMAND;
1556 /* Valid command, we can update the 'state before command' bits.
1557 * (Do this now so they appear in r1 responses.)
1559 sd->current_cmd = req->cmd;
1560 sd->card_status &= ~CURRENT_STATE;
1561 sd->card_status |= (last_state << 9);
1568 sd_response_r1_make(sd, response);
1573 memcpy(response, sd->cid, sizeof(sd->cid));
1578 memcpy(response, sd->csd, sizeof(sd->csd));
1583 sd_response_r3_make(sd, response);
1588 sd_response_r6_make(sd, response);
1593 sd_response_r7_make(sd, response);
1604 if (rtype != sd_illegal) {
1605 /* Clear the "clear on valid command" status bits now we've
1608 sd->card_status &= ~CARD_STATUS_B;
1614 DPRINTF("Response:");
1615 for (i = 0; i < rsplen; i++) {
1616 DPRINTF(" %02x", response[i]);
1618 DPRINTF(" state %d\n", sd->state);
1620 DPRINTF("No response %d\n", sd->state);
1627 static void sd_blk_read(SDState *sd, uint64_t addr, uint32_t len)
1629 trace_sdcard_read_block(addr, len);
1630 if (!sd->blk || blk_pread(sd->blk, addr, sd->data, len) < 0) {
1631 fprintf(stderr, "sd_blk_read: read error on host side\n");
1635 static void sd_blk_write(SDState *sd, uint64_t addr, uint32_t len)
1637 trace_sdcard_write_block(addr, len);
1638 if (!sd->blk || blk_pwrite(sd->blk, addr, sd->data, len, 0) < 0) {
1639 fprintf(stderr, "sd_blk_write: write error on host side\n");
1643 #define BLK_READ_BLOCK(a, len) sd_blk_read(sd, a, len)
1644 #define BLK_WRITE_BLOCK(a, len) sd_blk_write(sd, a, len)
1645 #define APP_READ_BLOCK(a, len) memset(sd->data, 0xec, len)
1646 #define APP_WRITE_BLOCK(a, len)
1648 void sd_write_data(SDState *sd, uint8_t value)
1652 if (!sd->blk || !blk_is_inserted(sd->blk) || !sd->enable)
1655 if (sd->state != sd_receivingdata_state) {
1656 qemu_log_mask(LOG_GUEST_ERROR,
1657 "sd_write_data: not in Receiving-Data state\n");
1661 if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION))
1664 switch (sd->current_cmd) {
1665 case 24: /* CMD24: WRITE_SINGLE_BLOCK */
1666 sd->data[sd->data_offset ++] = value;
1667 if (sd->data_offset >= sd->blk_len) {
1668 /* TODO: Check CRC before committing */
1669 sd->state = sd_programming_state;
1670 BLK_WRITE_BLOCK(sd->data_start, sd->data_offset);
1672 sd->csd[14] |= 0x40;
1673 /* Bzzzzzzztt .... Operation complete. */
1674 sd->state = sd_transfer_state;
1678 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
1679 if (sd->data_offset == 0) {
1680 /* Start of the block - let's check the address is valid */
1681 if (sd->data_start + sd->blk_len > sd->size) {
1682 sd->card_status |= ADDRESS_ERROR;
1685 if (sd_wp_addr(sd, sd->data_start)) {
1686 sd->card_status |= WP_VIOLATION;
1690 sd->data[sd->data_offset++] = value;
1691 if (sd->data_offset >= sd->blk_len) {
1692 /* TODO: Check CRC before committing */
1693 sd->state = sd_programming_state;
1694 BLK_WRITE_BLOCK(sd->data_start, sd->data_offset);
1696 sd->data_start += sd->blk_len;
1697 sd->data_offset = 0;
1698 sd->csd[14] |= 0x40;
1700 /* Bzzzzzzztt .... Operation complete. */
1701 if (sd->multi_blk_cnt != 0) {
1702 if (--sd->multi_blk_cnt == 0) {
1704 sd->state = sd_transfer_state;
1709 sd->state = sd_receivingdata_state;
1713 case 26: /* CMD26: PROGRAM_CID */
1714 sd->data[sd->data_offset ++] = value;
1715 if (sd->data_offset >= sizeof(sd->cid)) {
1716 /* TODO: Check CRC before committing */
1717 sd->state = sd_programming_state;
1718 for (i = 0; i < sizeof(sd->cid); i ++)
1719 if ((sd->cid[i] | 0x00) != sd->data[i])
1720 sd->card_status |= CID_CSD_OVERWRITE;
1722 if (!(sd->card_status & CID_CSD_OVERWRITE))
1723 for (i = 0; i < sizeof(sd->cid); i ++) {
1725 sd->cid[i] &= sd->data[i];
1727 /* Bzzzzzzztt .... Operation complete. */
1728 sd->state = sd_transfer_state;
1732 case 27: /* CMD27: PROGRAM_CSD */
1733 sd->data[sd->data_offset ++] = value;
1734 if (sd->data_offset >= sizeof(sd->csd)) {
1735 /* TODO: Check CRC before committing */
1736 sd->state = sd_programming_state;
1737 for (i = 0; i < sizeof(sd->csd); i ++)
1738 if ((sd->csd[i] | sd_csd_rw_mask[i]) !=
1739 (sd->data[i] | sd_csd_rw_mask[i]))
1740 sd->card_status |= CID_CSD_OVERWRITE;
1742 /* Copy flag (OTP) & Permanent write protect */
1743 if (sd->csd[14] & ~sd->data[14] & 0x60)
1744 sd->card_status |= CID_CSD_OVERWRITE;
1746 if (!(sd->card_status & CID_CSD_OVERWRITE))
1747 for (i = 0; i < sizeof(sd->csd); i ++) {
1748 sd->csd[i] |= sd_csd_rw_mask[i];
1749 sd->csd[i] &= sd->data[i];
1751 /* Bzzzzzzztt .... Operation complete. */
1752 sd->state = sd_transfer_state;
1756 case 42: /* CMD42: LOCK_UNLOCK */
1757 sd->data[sd->data_offset ++] = value;
1758 if (sd->data_offset >= sd->blk_len) {
1759 /* TODO: Check CRC before committing */
1760 sd->state = sd_programming_state;
1761 sd_lock_command(sd);
1762 /* Bzzzzzzztt .... Operation complete. */
1763 sd->state = sd_transfer_state;
1767 case 56: /* CMD56: GEN_CMD */
1768 sd->data[sd->data_offset ++] = value;
1769 if (sd->data_offset >= sd->blk_len) {
1770 APP_WRITE_BLOCK(sd->data_start, sd->data_offset);
1771 sd->state = sd_transfer_state;
1776 qemu_log_mask(LOG_GUEST_ERROR, "sd_write_data: unknown command\n");
1781 uint8_t sd_read_data(SDState *sd)
1783 /* TODO: Append CRCs */
1787 if (!sd->blk || !blk_is_inserted(sd->blk) || !sd->enable)
1790 if (sd->state != sd_sendingdata_state) {
1791 qemu_log_mask(LOG_GUEST_ERROR,
1792 "sd_read_data: not in Sending-Data state\n");
1796 if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION))
1799 io_len = (sd->ocr & (1 << 30)) ? 512 : sd->blk_len;
1801 switch (sd->current_cmd) {
1802 case 6: /* CMD6: SWITCH_FUNCTION */
1803 ret = sd->data[sd->data_offset ++];
1805 if (sd->data_offset >= 64)
1806 sd->state = sd_transfer_state;
1809 case 9: /* CMD9: SEND_CSD */
1810 case 10: /* CMD10: SEND_CID */
1811 ret = sd->data[sd->data_offset ++];
1813 if (sd->data_offset >= 16)
1814 sd->state = sd_transfer_state;
1817 case 11: /* CMD11: READ_DAT_UNTIL_STOP */
1818 if (sd->data_offset == 0)
1819 BLK_READ_BLOCK(sd->data_start, io_len);
1820 ret = sd->data[sd->data_offset ++];
1822 if (sd->data_offset >= io_len) {
1823 sd->data_start += io_len;
1824 sd->data_offset = 0;
1825 if (sd->data_start + io_len > sd->size) {
1826 sd->card_status |= ADDRESS_ERROR;
1832 case 13: /* ACMD13: SD_STATUS */
1833 ret = sd->sd_status[sd->data_offset ++];
1835 if (sd->data_offset >= sizeof(sd->sd_status))
1836 sd->state = sd_transfer_state;
1839 case 17: /* CMD17: READ_SINGLE_BLOCK */
1840 if (sd->data_offset == 0)
1841 BLK_READ_BLOCK(sd->data_start, io_len);
1842 ret = sd->data[sd->data_offset ++];
1844 if (sd->data_offset >= io_len)
1845 sd->state = sd_transfer_state;
1848 case 18: /* CMD18: READ_MULTIPLE_BLOCK */
1849 if (sd->data_offset == 0) {
1850 if (sd->data_start + io_len > sd->size) {
1851 sd->card_status |= ADDRESS_ERROR;
1854 BLK_READ_BLOCK(sd->data_start, io_len);
1856 ret = sd->data[sd->data_offset ++];
1858 if (sd->data_offset >= io_len) {
1859 sd->data_start += io_len;
1860 sd->data_offset = 0;
1862 if (sd->multi_blk_cnt != 0) {
1863 if (--sd->multi_blk_cnt == 0) {
1865 sd->state = sd_transfer_state;
1872 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
1873 ret = sd->data[sd->data_offset ++];
1875 if (sd->data_offset >= 4)
1876 sd->state = sd_transfer_state;
1879 case 30: /* CMD30: SEND_WRITE_PROT */
1880 ret = sd->data[sd->data_offset ++];
1882 if (sd->data_offset >= 4)
1883 sd->state = sd_transfer_state;
1886 case 51: /* ACMD51: SEND_SCR */
1887 ret = sd->scr[sd->data_offset ++];
1889 if (sd->data_offset >= sizeof(sd->scr))
1890 sd->state = sd_transfer_state;
1893 case 56: /* CMD56: GEN_CMD */
1894 if (sd->data_offset == 0)
1895 APP_READ_BLOCK(sd->data_start, sd->blk_len);
1896 ret = sd->data[sd->data_offset ++];
1898 if (sd->data_offset >= sd->blk_len)
1899 sd->state = sd_transfer_state;
1903 qemu_log_mask(LOG_GUEST_ERROR, "sd_read_data: unknown command\n");
1910 bool sd_data_ready(SDState *sd)
1912 return sd->state == sd_sendingdata_state;
1915 void sd_enable(SDState *sd, bool enable)
1917 sd->enable = enable;
1920 static void sd_instance_init(Object *obj)
1922 SDState *sd = SD_CARD(obj);
1925 sd->ocr_power_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, sd_ocr_powerup, sd);
1928 static void sd_instance_finalize(Object *obj)
1930 SDState *sd = SD_CARD(obj);
1932 timer_del(sd->ocr_power_timer);
1933 timer_free(sd->ocr_power_timer);
1936 static void sd_realize(DeviceState *dev, Error **errp)
1938 SDState *sd = SD_CARD(dev);
1941 if (sd->blk && blk_is_read_only(sd->blk)) {
1942 error_setg(errp, "Cannot use read-only drive as SD card");
1947 ret = blk_set_perm(sd->blk, BLK_PERM_CONSISTENT_READ | BLK_PERM_WRITE,
1948 BLK_PERM_ALL, errp);
1952 blk_set_dev_ops(sd->blk, &sd_block_ops, sd);
1956 static Property sd_properties[] = {
1957 DEFINE_PROP_DRIVE("drive", SDState, blk),
1958 /* We do not model the chip select pin, so allow the board to select
1959 * whether card should be in SSI or MMC/SD mode. It is also up to the
1960 * board to ensure that ssi transfers only occur when the chip select
1962 DEFINE_PROP_BOOL("spi", SDState, spi, false),
1963 DEFINE_PROP_END_OF_LIST()
1966 static void sd_class_init(ObjectClass *klass, void *data)
1968 DeviceClass *dc = DEVICE_CLASS(klass);
1969 SDCardClass *sc = SD_CARD_CLASS(klass);
1971 dc->realize = sd_realize;
1972 dc->props = sd_properties;
1973 dc->vmsd = &sd_vmstate;
1974 dc->reset = sd_reset;
1975 dc->bus_type = TYPE_SD_BUS;
1977 sc->set_voltage = sd_set_voltage;
1978 sc->get_dat_lines = sd_get_dat_lines;
1979 sc->get_cmd_line = sd_get_cmd_line;
1980 sc->do_command = sd_do_command;
1981 sc->write_data = sd_write_data;
1982 sc->read_data = sd_read_data;
1983 sc->data_ready = sd_data_ready;
1984 sc->enable = sd_enable;
1985 sc->get_inserted = sd_get_inserted;
1986 sc->get_readonly = sd_get_readonly;
1989 static const TypeInfo sd_info = {
1990 .name = TYPE_SD_CARD,
1991 .parent = TYPE_DEVICE,
1992 .instance_size = sizeof(SDState),
1993 .class_size = sizeof(SDCardClass),
1994 .class_init = sd_class_init,
1995 .instance_init = sd_instance_init,
1996 .instance_finalize = sd_instance_finalize,
1999 static void sd_register_types(void)
2001 type_register_static(&sd_info);
2004 type_init(sd_register_types)
projects / qemu.git / blob