2 * SD Memory Card emulation as defined in the "SD Memory Card Physical
3 * layer specification, Version 1.10."
6 * Copyright (c) 2007 CodeSourcery
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in
16 * the documentation and/or other materials provided with the
19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS''
20 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
21 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
22 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR
23 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
24 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
25 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
26 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
27 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
28 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
29 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
34 #include "block_int.h"
40 #define DPRINTF(fmt, ...) \
41 do { fprintf(stderr, "SD: " fmt , ## __VA_ARGS__); } while (0)
43 #define DPRINTF(fmt, ...) do {} while(0)
47 sd_r0 = 0, /* no response */
48 sd_r1, /* normal response command */
49 sd_r2_i, /* CID register */
50 sd_r2_s, /* CSD register */
51 sd_r3, /* OCR register */
52 sd_r6 = 6, /* Published RCA response */
53 sd_r7, /* Operating voltage */
60 sd_card_identification_mode,
61 sd_data_transfer_mode,
64 sd_inactive_state = -1,
67 sd_identification_state,
71 sd_receivingdata_state,
81 uint8_t sd_status[64];
91 int function_group[6];
100 qemu_irq inserted_cb;
101 BlockDriverState *bdrv;
107 static void sd_set_status(SDState *sd)
110 case sd_inactive_state:
111 sd->mode = sd_inactive;
116 case sd_identification_state:
117 sd->mode = sd_card_identification_mode;
120 case sd_standby_state:
121 case sd_transfer_state:
122 case sd_sendingdata_state:
123 case sd_receivingdata_state:
124 case sd_programming_state:
125 case sd_disconnect_state:
126 sd->mode = sd_data_transfer_mode;
130 sd->card_status &= ~CURRENT_STATE;
131 sd->card_status |= sd->state << 9;
134 static const sd_cmd_type_t sd_cmd_type[64] = {
135 sd_bc, sd_none, sd_bcr, sd_bcr, sd_none, sd_none, sd_none, sd_ac,
136 sd_bcr, sd_ac, sd_ac, sd_adtc, sd_ac, sd_ac, sd_none, sd_ac,
137 sd_ac, sd_adtc, sd_adtc, sd_none, sd_none, sd_none, sd_none, sd_none,
138 sd_adtc, sd_adtc, sd_adtc, sd_adtc, sd_ac, sd_ac, sd_adtc, sd_none,
139 sd_ac, sd_ac, sd_none, sd_none, sd_none, sd_none, sd_ac, sd_none,
140 sd_none, sd_none, sd_bc, sd_none, sd_none, sd_none, sd_none, sd_none,
141 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_ac,
142 sd_adtc, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
145 static const sd_cmd_type_t sd_acmd_type[64] = {
146 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_ac, sd_none,
147 sd_none, sd_none, sd_none, sd_none, sd_none, sd_adtc, sd_none, sd_none,
148 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_adtc, sd_ac,
149 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
150 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
151 sd_none, sd_bcr, sd_ac, sd_none, sd_none, sd_none, sd_none, sd_none,
152 sd_none, sd_none, sd_none, sd_adtc, sd_none, sd_none, sd_none, sd_none,
153 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
156 static const int sd_cmd_class[64] = {
157 0, 0, 0, 0, 0, 9, 10, 0, 0, 0, 0, 1, 0, 0, 0, 0,
158 2, 2, 2, 2, 3, 3, 3, 3, 4, 4, 4, 4, 6, 6, 6, 6,
159 5, 5, 10, 10, 10, 10, 5, 9, 9, 9, 7, 7, 7, 7, 7, 7,
160 7, 7, 10, 7, 9, 9, 9, 8, 8, 10, 8, 8, 8, 8, 8, 8,
163 static uint8_t sd_crc7(void *message, size_t width)
166 uint8_t shift_reg = 0x00;
167 uint8_t *msg = (uint8_t *) message;
169 for (i = 0; i < width; i ++, msg ++)
170 for (bit = 7; bit >= 0; bit --) {
172 if ((shift_reg >> 7) ^ ((*msg >> bit) & 1))
179 static uint16_t sd_crc16(void *message, size_t width)
182 uint16_t shift_reg = 0x0000;
183 uint16_t *msg = (uint16_t *) message;
186 for (i = 0; i < width; i ++, msg ++)
187 for (bit = 15; bit >= 0; bit --) {
189 if ((shift_reg >> 15) ^ ((*msg >> bit) & 1))
196 static void sd_set_ocr(SDState *sd)
198 /* All voltages OK, card power-up OK, Standard Capacity SD Memory Card */
199 sd->ocr = 0x80ffff00;
202 static void sd_set_scr(SDState *sd)
204 sd->scr[0] = 0x00; /* SCR Structure */
205 sd->scr[1] = 0x2f; /* SD Security Support */
221 static void sd_set_cid(SDState *sd)
223 sd->cid[0] = MID; /* Fake card manufacturer ID (MID) */
224 sd->cid[1] = OID[0]; /* OEM/Application ID (OID) */
226 sd->cid[3] = PNM[0]; /* Fake product name (PNM) */
231 sd->cid[8] = PRV; /* Fake product revision (PRV) */
232 sd->cid[9] = 0xde; /* Fake serial number (PSN) */
236 sd->cid[13] = 0x00 | /* Manufacture date (MDT) */
237 ((MDT_YR - 2000) / 10);
238 sd->cid[14] = ((MDT_YR % 10) << 4) | MDT_MON;
239 sd->cid[15] = (sd_crc7(sd->cid, 15) << 1) | 1;
242 #define HWBLOCK_SHIFT 9 /* 512 bytes */
243 #define SECTOR_SHIFT 5 /* 16 kilobytes */
244 #define WPGROUP_SHIFT 7 /* 2 megs */
245 #define CMULT_SHIFT 9 /* 512 times HWBLOCK_SIZE */
246 #define WPGROUP_SIZE (1 << (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT))
248 static const uint8_t sd_csd_rw_mask[16] = {
249 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
250 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xfc, 0xfe,
253 static void sd_set_csd(SDState *sd, uint64_t size)
255 uint32_t csize = (size >> (CMULT_SHIFT + HWBLOCK_SHIFT)) - 1;
256 uint32_t sectsize = (1 << (SECTOR_SHIFT + 1)) - 1;
257 uint32_t wpsize = (1 << (WPGROUP_SHIFT + 1)) - 1;
259 if (size <= 0x40000000) { /* Standard Capacity SD */
260 sd->csd[0] = 0x00; /* CSD structure */
261 sd->csd[1] = 0x26; /* Data read access-time-1 */
262 sd->csd[2] = 0x00; /* Data read access-time-2 */
263 sd->csd[3] = 0x5a; /* Max. data transfer rate */
264 sd->csd[4] = 0x5f; /* Card Command Classes */
265 sd->csd[5] = 0x50 | /* Max. read data block length */
267 sd->csd[6] = 0xe0 | /* Partial block for read allowed */
268 ((csize >> 10) & 0x03);
269 sd->csd[7] = 0x00 | /* Device size */
270 ((csize >> 2) & 0xff);
271 sd->csd[8] = 0x3f | /* Max. read current */
272 ((csize << 6) & 0xc0);
273 sd->csd[9] = 0xfc | /* Max. write current */
274 ((CMULT_SHIFT - 2) >> 1);
275 sd->csd[10] = 0x40 | /* Erase sector size */
276 (((CMULT_SHIFT - 2) << 7) & 0x80) | (sectsize >> 1);
277 sd->csd[11] = 0x00 | /* Write protect group size */
278 ((sectsize << 7) & 0x80) | wpsize;
279 sd->csd[12] = 0x90 | /* Write speed factor */
280 (HWBLOCK_SHIFT >> 2);
281 sd->csd[13] = 0x20 | /* Max. write data block length */
282 ((HWBLOCK_SHIFT << 6) & 0xc0);
283 sd->csd[14] = 0x00; /* File format group */
284 sd->csd[15] = (sd_crc7(sd->csd, 15) << 1) | 1;
295 sd->csd[7] = (size >> 16) & 0xff;
296 sd->csd[8] = (size >> 8) & 0xff;
297 sd->csd[9] = (size & 0xff);
304 sd->ocr |= 1 << 30; /* High Capacity SD Memort Card */
308 static void sd_set_rca(SDState *sd)
313 #define CARD_STATUS_A 0x02004100
314 #define CARD_STATUS_B 0x00c01e00
315 #define CARD_STATUS_C 0xfd39a028
317 static void sd_set_cardstatus(SDState *sd)
319 sd->card_status = 0x00000100;
322 static void sd_set_sdstatus(SDState *sd)
324 memset(sd->sd_status, 0, 64);
327 static int sd_req_crc_validate(SDRequest *req)
330 buffer[0] = 0x40 | req->cmd;
331 buffer[1] = (req->arg >> 24) & 0xff;
332 buffer[2] = (req->arg >> 16) & 0xff;
333 buffer[3] = (req->arg >> 8) & 0xff;
334 buffer[4] = (req->arg >> 0) & 0xff;
336 return sd_crc7(buffer, 5) != req->crc; /* TODO */
339 static void sd_response_r1_make(SDState *sd,
340 uint8_t *response, uint32_t last_status)
342 uint32_t mask = CARD_STATUS_B ^ ILLEGAL_COMMAND;
345 status = (sd->card_status & ~mask) | (last_status & mask);
346 sd->card_status &= ~CARD_STATUS_C | APP_CMD;
348 response[0] = (status >> 24) & 0xff;
349 response[1] = (status >> 16) & 0xff;
350 response[2] = (status >> 8) & 0xff;
351 response[3] = (status >> 0) & 0xff;
354 static void sd_response_r3_make(SDState *sd, uint8_t *response)
356 response[0] = (sd->ocr >> 24) & 0xff;
357 response[1] = (sd->ocr >> 16) & 0xff;
358 response[2] = (sd->ocr >> 8) & 0xff;
359 response[3] = (sd->ocr >> 0) & 0xff;
362 static void sd_response_r6_make(SDState *sd, uint8_t *response)
368 status = ((sd->card_status >> 8) & 0xc000) |
369 ((sd->card_status >> 6) & 0x2000) |
370 (sd->card_status & 0x1fff);
372 response[0] = (arg >> 8) & 0xff;
373 response[1] = arg & 0xff;
374 response[2] = (status >> 8) & 0xff;
375 response[3] = status & 0xff;
378 static void sd_response_r7_make(SDState *sd, uint8_t *response)
380 response[0] = (sd->vhs >> 24) & 0xff;
381 response[1] = (sd->vhs >> 16) & 0xff;
382 response[2] = (sd->vhs >> 8) & 0xff;
383 response[3] = (sd->vhs >> 0) & 0xff;
386 static void sd_reset(SDState *sd, BlockDriverState *bdrv)
392 bdrv_get_geometry(bdrv, §);
400 sect = (size >> (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT)) + 1;
402 sd->state = sd_idle_state;
407 sd_set_csd(sd, size);
408 sd_set_cardstatus(sd);
414 qemu_free(sd->wp_groups);
415 sd->wp_switch = bdrv ? bdrv_is_read_only(bdrv) : 0;
416 sd->wp_groups = (int *) qemu_mallocz(sizeof(int) * sect);
417 memset(sd->function_group, 0, sizeof(int) * 6);
425 static void sd_cardchange(void *opaque, int reason)
427 SDState *sd = opaque;
429 if (!(reason & CHANGE_MEDIA)) {
433 qemu_set_irq(sd->inserted_cb, bdrv_is_inserted(sd->bdrv));
434 if (bdrv_is_inserted(sd->bdrv)) {
435 sd_reset(sd, sd->bdrv);
436 qemu_set_irq(sd->readonly_cb, sd->wp_switch);
440 /* We do not model the chip select pin, so allow the board to select
441 whether card should be in SSI or MMC/SD mode. It is also up to the
442 board to ensure that ssi transfers only occur when the chip select
444 SDState *sd_init(BlockDriverState *bs, int is_spi)
448 sd = (SDState *) qemu_mallocz(sizeof(SDState));
449 sd->buf = qemu_blockalign(bs, 512);
454 bdrv_set_change_cb(sd->bdrv, sd_cardchange, sd);
459 void sd_set_cb(SDState *sd, qemu_irq readonly, qemu_irq insert)
461 sd->readonly_cb = readonly;
462 sd->inserted_cb = insert;
463 qemu_set_irq(readonly, sd->bdrv ? bdrv_is_read_only(sd->bdrv) : 0);
464 qemu_set_irq(insert, sd->bdrv ? bdrv_is_inserted(sd->bdrv) : 0);
467 static void sd_erase(SDState *sd)
470 if (!sd->erase_start || !sd->erase_end) {
471 sd->card_status |= ERASE_SEQ_ERROR;
475 start = sd->erase_start >>
476 (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT);
477 end = sd->erase_end >>
478 (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT);
483 for (i = start; i <= end; i ++)
484 if (sd->wp_groups[i])
485 sd->card_status |= WP_ERASE_SKIP;
488 static uint32_t sd_wpbits(SDState *sd, uint64_t addr)
493 wpnum = addr >> (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT);
495 for (i = 0; i < 32; i ++, wpnum ++, addr += WPGROUP_SIZE)
496 if (addr < sd->size && sd->wp_groups[wpnum])
502 static void sd_function_switch(SDState *sd, uint32_t arg)
504 int i, mode, new_func, crc;
505 mode = !!(arg & 0x80000000);
507 sd->data[0] = 0x00; /* Maximum current consumption */
509 sd->data[2] = 0x80; /* Supported group 6 functions */
511 sd->data[4] = 0x80; /* Supported group 5 functions */
513 sd->data[6] = 0x80; /* Supported group 4 functions */
515 sd->data[8] = 0x80; /* Supported group 3 functions */
517 sd->data[10] = 0x80; /* Supported group 2 functions */
519 sd->data[12] = 0x80; /* Supported group 1 functions */
521 for (i = 0; i < 6; i ++) {
522 new_func = (arg >> (i * 4)) & 0x0f;
523 if (mode && new_func != 0x0f)
524 sd->function_group[i] = new_func;
525 sd->data[14 + (i >> 1)] = new_func << ((i * 4) & 4);
527 memset(&sd->data[17], 0, 47);
528 crc = sd_crc16(sd->data, 64);
529 sd->data[65] = crc >> 8;
530 sd->data[66] = crc & 0xff;
533 static inline int sd_wp_addr(SDState *sd, uint32_t addr)
535 return sd->wp_groups[addr >>
536 (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT)];
539 static void sd_lock_command(SDState *sd)
541 int erase, lock, clr_pwd, set_pwd, pwd_len;
542 erase = !!(sd->data[0] & 0x08);
543 lock = sd->data[0] & 0x04;
544 clr_pwd = sd->data[0] & 0x02;
545 set_pwd = sd->data[0] & 0x01;
548 pwd_len = sd->data[1];
553 if (!(sd->card_status & CARD_IS_LOCKED) || sd->blk_len > 1 ||
554 set_pwd || clr_pwd || lock || sd->wp_switch ||
555 (sd->csd[14] & 0x20)) {
556 sd->card_status |= LOCK_UNLOCK_FAILED;
559 memset(sd->wp_groups, 0, sizeof(int) * (sd->size >>
560 (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT)));
561 sd->csd[14] &= ~0x10;
562 sd->card_status &= ~CARD_IS_LOCKED;
564 /* Erasing the entire card here! */
565 fprintf(stderr, "SD: Card force-erased by CMD42\n");
569 if (sd->blk_len < 2 + pwd_len ||
570 pwd_len <= sd->pwd_len ||
571 pwd_len > sd->pwd_len + 16) {
572 sd->card_status |= LOCK_UNLOCK_FAILED;
576 if (sd->pwd_len && memcmp(sd->pwd, sd->data + 2, sd->pwd_len)) {
577 sd->card_status |= LOCK_UNLOCK_FAILED;
581 pwd_len -= sd->pwd_len;
582 if ((pwd_len && !set_pwd) ||
583 (clr_pwd && (set_pwd || lock)) ||
584 (lock && !sd->pwd_len && !set_pwd) ||
585 (!set_pwd && !clr_pwd &&
586 (((sd->card_status & CARD_IS_LOCKED) && lock) ||
587 (!(sd->card_status & CARD_IS_LOCKED) && !lock)))) {
588 sd->card_status |= LOCK_UNLOCK_FAILED;
593 memcpy(sd->pwd, sd->data + 2 + sd->pwd_len, pwd_len);
594 sd->pwd_len = pwd_len;
602 sd->card_status |= CARD_IS_LOCKED;
604 sd->card_status &= ~CARD_IS_LOCKED;
607 static sd_rsp_type_t sd_normal_command(SDState *sd,
610 uint32_t rca = 0x0000;
611 uint64_t addr = (sd->ocr & (1 << 30)) ? (uint64_t) req.arg << 9 : req.arg;
613 if (sd_cmd_type[req.cmd] == sd_ac || sd_cmd_type[req.cmd] == sd_adtc)
616 DPRINTF("CMD%d 0x%08x state %d\n", req.cmd, req.arg, sd->state);
618 /* Basic commands (Class 0 and Class 1) */
619 case 0: /* CMD0: GO_IDLE_STATE */
621 case sd_inactive_state:
622 return sd->spi ? sd_r1 : sd_r0;
625 sd->state = sd_idle_state;
626 sd_reset(sd, sd->bdrv);
627 return sd->spi ? sd_r1 : sd_r0;
631 case 1: /* CMD1: SEND_OP_CMD */
635 sd->state = sd_transfer_state;
638 case 2: /* CMD2: ALL_SEND_CID */
643 sd->state = sd_identification_state;
651 case 3: /* CMD3: SEND_RELATIVE_ADDR */
655 case sd_identification_state:
656 case sd_standby_state:
657 sd->state = sd_standby_state;
666 case 4: /* CMD4: SEND_DSR */
670 case sd_standby_state:
678 case 5: /* CMD5: reserved for SDIO cards */
679 sd->card_status |= ILLEGAL_COMMAND;
682 case 6: /* CMD6: SWITCH_FUNCTION */
686 case sd_data_transfer_mode:
687 sd_function_switch(sd, req.arg);
688 sd->state = sd_sendingdata_state;
698 case 7: /* CMD7: SELECT/DESELECT_CARD */
702 case sd_standby_state:
706 sd->state = sd_transfer_state;
709 case sd_transfer_state:
710 case sd_sendingdata_state:
714 sd->state = sd_standby_state;
717 case sd_disconnect_state:
721 sd->state = sd_programming_state;
724 case sd_programming_state:
728 sd->state = sd_disconnect_state;
736 case 8: /* CMD8: SEND_IF_COND */
737 /* Physical Layer Specification Version 2.00 command */
742 /* No response if not exactly one VHS bit is set. */
743 if (!(req.arg >> 8) || (req.arg >> ffs(req.arg & ~0xff)))
744 return sd->spi ? sd_r7 : sd_r0;
755 case 9: /* CMD9: SEND_CSD */
757 case sd_standby_state:
763 case sd_transfer_state:
766 sd->state = sd_sendingdata_state;
767 memcpy(sd->data, sd->csd, 16);
768 sd->data_start = addr;
777 case 10: /* CMD10: SEND_CID */
779 case sd_standby_state:
785 case sd_transfer_state:
788 sd->state = sd_sendingdata_state;
789 memcpy(sd->data, sd->cid, 16);
790 sd->data_start = addr;
799 case 11: /* CMD11: READ_DAT_UNTIL_STOP */
803 case sd_transfer_state:
804 sd->state = sd_sendingdata_state;
805 sd->data_start = req.arg;
808 if (sd->data_start + sd->blk_len > sd->size)
809 sd->card_status |= ADDRESS_ERROR;
817 case 12: /* CMD12: STOP_TRANSMISSION */
819 case sd_sendingdata_state:
820 sd->state = sd_transfer_state;
823 case sd_receivingdata_state:
824 sd->state = sd_programming_state;
825 /* Bzzzzzzztt .... Operation complete. */
826 sd->state = sd_transfer_state;
834 case 13: /* CMD13: SEND_STATUS */
836 case sd_data_transfer_mode:
847 case 15: /* CMD15: GO_INACTIVE_STATE */
851 case sd_data_transfer_mode:
855 sd->state = sd_inactive_state;
863 /* Block read commands (Classs 2) */
864 case 16: /* CMD16: SET_BLOCKLEN */
866 case sd_transfer_state:
867 if (req.arg > (1 << HWBLOCK_SHIFT))
868 sd->card_status |= BLOCK_LEN_ERROR;
870 sd->blk_len = req.arg;
879 case 17: /* CMD17: READ_SINGLE_BLOCK */
881 case sd_transfer_state:
882 sd->state = sd_sendingdata_state;
883 sd->data_start = addr;
886 if (sd->data_start + sd->blk_len > sd->size)
887 sd->card_status |= ADDRESS_ERROR;
895 case 18: /* CMD18: READ_MULTIPLE_BLOCK */
897 case sd_transfer_state:
898 sd->state = sd_sendingdata_state;
899 sd->data_start = addr;
902 if (sd->data_start + sd->blk_len > sd->size)
903 sd->card_status |= ADDRESS_ERROR;
911 /* Block write commands (Class 4) */
912 case 24: /* CMD24: WRITE_SINGLE_BLOCK */
914 goto unimplemented_cmd;
916 case sd_transfer_state:
917 /* Writing in SPI mode not implemented. */
920 sd->state = sd_receivingdata_state;
921 sd->data_start = addr;
925 if (sd->data_start + sd->blk_len > sd->size)
926 sd->card_status |= ADDRESS_ERROR;
927 if (sd_wp_addr(sd, sd->data_start))
928 sd->card_status |= WP_VIOLATION;
929 if (sd->csd[14] & 0x30)
930 sd->card_status |= WP_VIOLATION;
938 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
940 goto unimplemented_cmd;
942 case sd_transfer_state:
943 /* Writing in SPI mode not implemented. */
946 sd->state = sd_receivingdata_state;
947 sd->data_start = addr;
951 if (sd->data_start + sd->blk_len > sd->size)
952 sd->card_status |= ADDRESS_ERROR;
953 if (sd_wp_addr(sd, sd->data_start))
954 sd->card_status |= WP_VIOLATION;
955 if (sd->csd[14] & 0x30)
956 sd->card_status |= WP_VIOLATION;
964 case 26: /* CMD26: PROGRAM_CID */
968 case sd_transfer_state:
969 sd->state = sd_receivingdata_state;
979 case 27: /* CMD27: PROGRAM_CSD */
981 goto unimplemented_cmd;
983 case sd_transfer_state:
984 sd->state = sd_receivingdata_state;
994 /* Write protection (Class 6) */
995 case 28: /* CMD28: SET_WRITE_PROT */
997 case sd_transfer_state:
998 if (addr >= sd->size) {
999 sd->card_status = ADDRESS_ERROR;
1003 sd->state = sd_programming_state;
1004 sd->wp_groups[addr >> (HWBLOCK_SHIFT +
1005 SECTOR_SHIFT + WPGROUP_SHIFT)] = 1;
1006 /* Bzzzzzzztt .... Operation complete. */
1007 sd->state = sd_transfer_state;
1015 case 29: /* CMD29: CLR_WRITE_PROT */
1016 switch (sd->state) {
1017 case sd_transfer_state:
1018 if (addr >= sd->size) {
1019 sd->card_status = ADDRESS_ERROR;
1023 sd->state = sd_programming_state;
1024 sd->wp_groups[addr >> (HWBLOCK_SHIFT +
1025 SECTOR_SHIFT + WPGROUP_SHIFT)] = 0;
1026 /* Bzzzzzzztt .... Operation complete. */
1027 sd->state = sd_transfer_state;
1035 case 30: /* CMD30: SEND_WRITE_PROT */
1036 switch (sd->state) {
1037 case sd_transfer_state:
1038 sd->state = sd_sendingdata_state;
1039 *(uint32_t *) sd->data = sd_wpbits(sd, req.arg);
1040 sd->data_start = addr;
1041 sd->data_offset = 0;
1049 /* Erase commands (Class 5) */
1050 case 32: /* CMD32: ERASE_WR_BLK_START */
1051 switch (sd->state) {
1052 case sd_transfer_state:
1053 sd->erase_start = req.arg;
1061 case 33: /* CMD33: ERASE_WR_BLK_END */
1062 switch (sd->state) {
1063 case sd_transfer_state:
1064 sd->erase_end = req.arg;
1072 case 38: /* CMD38: ERASE */
1073 switch (sd->state) {
1074 case sd_transfer_state:
1075 if (sd->csd[14] & 0x30) {
1076 sd->card_status |= WP_VIOLATION;
1080 sd->state = sd_programming_state;
1082 /* Bzzzzzzztt .... Operation complete. */
1083 sd->state = sd_transfer_state;
1091 /* Lock card commands (Class 7) */
1092 case 42: /* CMD42: LOCK_UNLOCK */
1094 goto unimplemented_cmd;
1095 switch (sd->state) {
1096 case sd_transfer_state:
1097 sd->state = sd_receivingdata_state;
1099 sd->data_offset = 0;
1107 /* Application specific commands (Class 8) */
1108 case 55: /* CMD55: APP_CMD */
1112 sd->card_status |= APP_CMD;
1115 case 56: /* CMD56: GEN_CMD */
1116 fprintf(stderr, "SD: GEN_CMD 0x%08x\n", req.arg);
1118 switch (sd->state) {
1119 case sd_transfer_state:
1120 sd->data_offset = 0;
1122 sd->state = sd_sendingdata_state;
1124 sd->state = sd_receivingdata_state;
1134 sd->card_status |= ILLEGAL_COMMAND;
1136 fprintf(stderr, "SD: Unknown CMD%i\n", req.cmd);
1140 /* Commands that are recognised but not yet implemented in SPI mode. */
1141 sd->card_status |= ILLEGAL_COMMAND;
1142 fprintf(stderr, "SD: CMD%i not implemented in SPI mode\n", req.cmd);
1146 sd->card_status |= ILLEGAL_COMMAND;
1147 fprintf(stderr, "SD: CMD%i in a wrong state\n", req.cmd);
1151 static sd_rsp_type_t sd_app_command(SDState *sd,
1154 DPRINTF("ACMD%d 0x%08x\n", req.cmd, req.arg);
1156 case 6: /* ACMD6: SET_BUS_WIDTH */
1157 switch (sd->state) {
1158 case sd_transfer_state:
1159 sd->sd_status[0] &= 0x3f;
1160 sd->sd_status[0] |= (req.arg & 0x03) << 6;
1168 case 13: /* ACMD13: SD_STATUS */
1169 switch (sd->state) {
1170 case sd_transfer_state:
1171 sd->state = sd_sendingdata_state;
1173 sd->data_offset = 0;
1181 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
1182 switch (sd->state) {
1183 case sd_transfer_state:
1184 *(uint32_t *) sd->data = sd->blk_written;
1186 sd->state = sd_sendingdata_state;
1188 sd->data_offset = 0;
1196 case 23: /* ACMD23: SET_WR_BLK_ERASE_COUNT */
1197 switch (sd->state) {
1198 case sd_transfer_state:
1206 case 41: /* ACMD41: SD_APP_OP_COND */
1209 sd->state = sd_transfer_state;
1212 switch (sd->state) {
1214 /* We accept any voltage. 10000 V is nothing. */
1216 sd->state = sd_ready_state;
1225 case 42: /* ACMD42: SET_CLR_CARD_DETECT */
1226 switch (sd->state) {
1227 case sd_transfer_state:
1228 /* Bringing in the 50KOhm pull-up resistor... Done. */
1236 case 51: /* ACMD51: SEND_SCR */
1237 switch (sd->state) {
1238 case sd_transfer_state:
1239 sd->state = sd_sendingdata_state;
1241 sd->data_offset = 0;
1250 /* Fall back to standard commands. */
1251 sd->card_status &= ~APP_CMD;
1252 return sd_normal_command(sd, req);
1255 fprintf(stderr, "SD: ACMD%i in a wrong state\n", req.cmd);
1259 int sd_do_command(SDState *sd, SDRequest *req,
1260 uint8_t *response) {
1261 uint32_t last_status = sd->card_status;
1262 sd_rsp_type_t rtype;
1265 if (!sd->bdrv || !bdrv_is_inserted(sd->bdrv) || !sd->enable) {
1269 if (sd_req_crc_validate(req)) {
1270 sd->card_status &= ~COM_CRC_ERROR;
1274 sd->card_status &= ~CARD_STATUS_B;
1277 if (last_status & CARD_IS_LOCKED)
1278 if (((last_status & APP_CMD) &&
1280 (!(last_status & APP_CMD) &&
1281 (sd_cmd_class[req->cmd] == 0 ||
1282 sd_cmd_class[req->cmd] == 7 ||
1283 req->cmd == 16 || req->cmd == 55))) {
1284 sd->card_status |= ILLEGAL_COMMAND;
1285 fprintf(stderr, "SD: Card is locked\n");
1289 if (last_status & APP_CMD) {
1290 rtype = sd_app_command(sd, *req);
1291 sd->card_status &= ~APP_CMD;
1293 rtype = sd_normal_command(sd, *req);
1295 sd->current_cmd = req->cmd;
1300 sd_response_r1_make(sd, response, last_status);
1305 memcpy(response, sd->cid, sizeof(sd->cid));
1310 memcpy(response, sd->csd, sizeof(sd->csd));
1315 sd_response_r3_make(sd, response);
1320 sd_response_r6_make(sd, response);
1325 sd_response_r7_make(sd, response);
1335 if (sd->card_status & ILLEGAL_COMMAND)
1341 DPRINTF("Response:");
1342 for (i = 0; i < rsplen; i++)
1343 printf(" %02x", response[i]);
1344 printf(" state %d\n", sd->state);
1346 DPRINTF("No response %d\n", sd->state);
1353 static void sd_blk_read(SDState *sd, uint64_t addr, uint32_t len)
1355 uint64_t end = addr + len;
1357 DPRINTF("sd_blk_read: addr = 0x%08llx, len = %d\n",
1358 (unsigned long long) addr, len);
1359 if (!sd->bdrv || bdrv_read(sd->bdrv, addr >> 9, sd->buf, 1) == -1) {
1360 fprintf(stderr, "sd_blk_read: read error on host side\n");
1364 if (end > (addr & ~511) + 512) {
1365 memcpy(sd->data, sd->buf + (addr & 511), 512 - (addr & 511));
1367 if (bdrv_read(sd->bdrv, end >> 9, sd->buf, 1) == -1) {
1368 fprintf(stderr, "sd_blk_read: read error on host side\n");
1371 memcpy(sd->data + 512 - (addr & 511), sd->buf, end & 511);
1373 memcpy(sd->data, sd->buf + (addr & 511), len);
1376 static void sd_blk_write(SDState *sd, uint64_t addr, uint32_t len)
1378 uint64_t end = addr + len;
1380 if ((addr & 511) || len < 512)
1381 if (!sd->bdrv || bdrv_read(sd->bdrv, addr >> 9, sd->buf, 1) == -1) {
1382 fprintf(stderr, "sd_blk_write: read error on host side\n");
1386 if (end > (addr & ~511) + 512) {
1387 memcpy(sd->buf + (addr & 511), sd->data, 512 - (addr & 511));
1388 if (bdrv_write(sd->bdrv, addr >> 9, sd->buf, 1) == -1) {
1389 fprintf(stderr, "sd_blk_write: write error on host side\n");
1393 if (bdrv_read(sd->bdrv, end >> 9, sd->buf, 1) == -1) {
1394 fprintf(stderr, "sd_blk_write: read error on host side\n");
1397 memcpy(sd->buf, sd->data + 512 - (addr & 511), end & 511);
1398 if (bdrv_write(sd->bdrv, end >> 9, sd->buf, 1) == -1)
1399 fprintf(stderr, "sd_blk_write: write error on host side\n");
1401 memcpy(sd->buf + (addr & 511), sd->data, len);
1402 if (!sd->bdrv || bdrv_write(sd->bdrv, addr >> 9, sd->buf, 1) == -1)
1403 fprintf(stderr, "sd_blk_write: write error on host side\n");
1407 #define BLK_READ_BLOCK(a, len) sd_blk_read(sd, a, len)
1408 #define BLK_WRITE_BLOCK(a, len) sd_blk_write(sd, a, len)
1409 #define APP_READ_BLOCK(a, len) memset(sd->data, 0xec, len)
1410 #define APP_WRITE_BLOCK(a, len)
1412 void sd_write_data(SDState *sd, uint8_t value)
1416 if (!sd->bdrv || !bdrv_is_inserted(sd->bdrv) || !sd->enable)
1419 if (sd->state != sd_receivingdata_state) {
1420 fprintf(stderr, "sd_write_data: not in Receiving-Data state\n");
1424 if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION))
1427 switch (sd->current_cmd) {
1428 case 24: /* CMD24: WRITE_SINGLE_BLOCK */
1429 sd->data[sd->data_offset ++] = value;
1430 if (sd->data_offset >= sd->blk_len) {
1431 /* TODO: Check CRC before committing */
1432 sd->state = sd_programming_state;
1433 BLK_WRITE_BLOCK(sd->data_start, sd->data_offset);
1435 sd->csd[14] |= 0x40;
1436 /* Bzzzzzzztt .... Operation complete. */
1437 sd->state = sd_transfer_state;
1441 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
1442 sd->data[sd->data_offset ++] = value;
1443 if (sd->data_offset >= sd->blk_len) {
1444 /* TODO: Check CRC before committing */
1445 sd->state = sd_programming_state;
1446 BLK_WRITE_BLOCK(sd->data_start, sd->data_offset);
1448 sd->data_start += sd->blk_len;
1449 sd->data_offset = 0;
1450 if (sd->data_start + sd->blk_len > sd->size) {
1451 sd->card_status |= ADDRESS_ERROR;
1454 if (sd_wp_addr(sd, sd->data_start)) {
1455 sd->card_status |= WP_VIOLATION;
1458 sd->csd[14] |= 0x40;
1460 /* Bzzzzzzztt .... Operation complete. */
1461 sd->state = sd_receivingdata_state;
1465 case 26: /* CMD26: PROGRAM_CID */
1466 sd->data[sd->data_offset ++] = value;
1467 if (sd->data_offset >= sizeof(sd->cid)) {
1468 /* TODO: Check CRC before committing */
1469 sd->state = sd_programming_state;
1470 for (i = 0; i < sizeof(sd->cid); i ++)
1471 if ((sd->cid[i] | 0x00) != sd->data[i])
1472 sd->card_status |= CID_CSD_OVERWRITE;
1474 if (!(sd->card_status & CID_CSD_OVERWRITE))
1475 for (i = 0; i < sizeof(sd->cid); i ++) {
1477 sd->cid[i] &= sd->data[i];
1479 /* Bzzzzzzztt .... Operation complete. */
1480 sd->state = sd_transfer_state;
1484 case 27: /* CMD27: PROGRAM_CSD */
1485 sd->data[sd->data_offset ++] = value;
1486 if (sd->data_offset >= sizeof(sd->csd)) {
1487 /* TODO: Check CRC before committing */
1488 sd->state = sd_programming_state;
1489 for (i = 0; i < sizeof(sd->csd); i ++)
1490 if ((sd->csd[i] | sd_csd_rw_mask[i]) !=
1491 (sd->data[i] | sd_csd_rw_mask[i]))
1492 sd->card_status |= CID_CSD_OVERWRITE;
1494 /* Copy flag (OTP) & Permanent write protect */
1495 if (sd->csd[14] & ~sd->data[14] & 0x60)
1496 sd->card_status |= CID_CSD_OVERWRITE;
1498 if (!(sd->card_status & CID_CSD_OVERWRITE))
1499 for (i = 0; i < sizeof(sd->csd); i ++) {
1500 sd->csd[i] |= sd_csd_rw_mask[i];
1501 sd->csd[i] &= sd->data[i];
1503 /* Bzzzzzzztt .... Operation complete. */
1504 sd->state = sd_transfer_state;
1508 case 42: /* CMD42: LOCK_UNLOCK */
1509 sd->data[sd->data_offset ++] = value;
1510 if (sd->data_offset >= sd->blk_len) {
1511 /* TODO: Check CRC before committing */
1512 sd->state = sd_programming_state;
1513 sd_lock_command(sd);
1514 /* Bzzzzzzztt .... Operation complete. */
1515 sd->state = sd_transfer_state;
1519 case 56: /* CMD56: GEN_CMD */
1520 sd->data[sd->data_offset ++] = value;
1521 if (sd->data_offset >= sd->blk_len) {
1522 APP_WRITE_BLOCK(sd->data_start, sd->data_offset);
1523 sd->state = sd_transfer_state;
1528 fprintf(stderr, "sd_write_data: unknown command\n");
1533 uint8_t sd_read_data(SDState *sd)
1535 /* TODO: Append CRCs */
1539 if (!sd->bdrv || !bdrv_is_inserted(sd->bdrv) || !sd->enable)
1542 if (sd->state != sd_sendingdata_state) {
1543 fprintf(stderr, "sd_read_data: not in Sending-Data state\n");
1547 if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION))
1550 io_len = (sd->ocr & (1 << 30)) ? 512 : sd->blk_len;
1552 switch (sd->current_cmd) {
1553 case 6: /* CMD6: SWITCH_FUNCTION */
1554 ret = sd->data[sd->data_offset ++];
1556 if (sd->data_offset >= 64)
1557 sd->state = sd_transfer_state;
1560 case 9: /* CMD9: SEND_CSD */
1561 case 10: /* CMD10: SEND_CID */
1562 ret = sd->data[sd->data_offset ++];
1564 if (sd->data_offset >= 16)
1565 sd->state = sd_transfer_state;
1568 case 11: /* CMD11: READ_DAT_UNTIL_STOP */
1569 if (sd->data_offset == 0)
1570 BLK_READ_BLOCK(sd->data_start, io_len);
1571 ret = sd->data[sd->data_offset ++];
1573 if (sd->data_offset >= io_len) {
1574 sd->data_start += io_len;
1575 sd->data_offset = 0;
1576 if (sd->data_start + io_len > sd->size) {
1577 sd->card_status |= ADDRESS_ERROR;
1583 case 13: /* ACMD13: SD_STATUS */
1584 ret = sd->sd_status[sd->data_offset ++];
1586 if (sd->data_offset >= sizeof(sd->sd_status))
1587 sd->state = sd_transfer_state;
1590 case 17: /* CMD17: READ_SINGLE_BLOCK */
1591 if (sd->data_offset == 0)
1592 BLK_READ_BLOCK(sd->data_start, io_len);
1593 ret = sd->data[sd->data_offset ++];
1595 if (sd->data_offset >= io_len)
1596 sd->state = sd_transfer_state;
1599 case 18: /* CMD18: READ_MULTIPLE_BLOCK */
1600 if (sd->data_offset == 0)
1601 BLK_READ_BLOCK(sd->data_start, io_len);
1602 ret = sd->data[sd->data_offset ++];
1604 if (sd->data_offset >= io_len) {
1605 sd->data_start += io_len;
1606 sd->data_offset = 0;
1607 if (sd->data_start + io_len > sd->size) {
1608 sd->card_status |= ADDRESS_ERROR;
1614 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
1615 ret = sd->data[sd->data_offset ++];
1617 if (sd->data_offset >= 4)
1618 sd->state = sd_transfer_state;
1621 case 30: /* CMD30: SEND_WRITE_PROT */
1622 ret = sd->data[sd->data_offset ++];
1624 if (sd->data_offset >= 4)
1625 sd->state = sd_transfer_state;
1628 case 51: /* ACMD51: SEND_SCR */
1629 ret = sd->scr[sd->data_offset ++];
1631 if (sd->data_offset >= sizeof(sd->scr))
1632 sd->state = sd_transfer_state;
1635 case 56: /* CMD56: GEN_CMD */
1636 if (sd->data_offset == 0)
1637 APP_READ_BLOCK(sd->data_start, sd->blk_len);
1638 ret = sd->data[sd->data_offset ++];
1640 if (sd->data_offset >= sd->blk_len)
1641 sd->state = sd_transfer_state;
1645 fprintf(stderr, "sd_read_data: unknown command\n");
1652 int sd_data_ready(SDState *sd)
1654 return sd->state == sd_sendingdata_state;
1657 void sd_enable(SDState *sd, int enable)
1659 sd->enable = enable;
projects / qemu.git / blob