2 * SD Memory Card emulation as defined in the "SD Memory Card Physical
3 * layer specification, Version 1.10."
6 * Copyright (c) 2007 CodeSourcery
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in
16 * the documentation and/or other materials provided with the
19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS''
20 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
21 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
22 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR
23 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
24 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
25 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
26 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
27 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
28 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
29 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
33 #include "block/block.h"
35 #include "qemu/bitmap.h"
40 #define DPRINTF(fmt, ...) \
41 do { fprintf(stderr, "SD: " fmt , ## __VA_ARGS__); } while (0)
43 #define DPRINTF(fmt, ...) do {} while(0)
46 #define ACMD41_ENQUIRY_MASK 0x00ffffff
49 sd_r0 = 0, /* no response */
50 sd_r1, /* normal response command */
51 sd_r2_i, /* CID register */
52 sd_r2_s, /* CSD register */
53 sd_r3, /* OCR register */
54 sd_r6 = 6, /* Published RCA response */
55 sd_r7, /* Operating voltage */
62 sd_card_identification_mode,
63 sd_data_transfer_mode,
67 sd_inactive_state = -1,
70 sd_identification_state,
74 sd_receivingdata_state,
80 uint32_t mode; /* current card mode, one of SDCardModes */
81 int32_t state; /* current card state, one of SDCardStates */
88 uint8_t sd_status[64];
91 unsigned long *wp_groups;
99 uint8_t function_group[6];
103 /* True if we will handle the next command as an ACMD. Note that this does
104 * *not* track the APP_CMD status bit!
107 uint32_t blk_written;
109 uint32_t data_offset;
111 qemu_irq readonly_cb;
112 qemu_irq inserted_cb;
113 BlockDriverState *bdrv;
119 static void sd_set_mode(SDState *sd)
122 case sd_inactive_state:
123 sd->mode = sd_inactive;
128 case sd_identification_state:
129 sd->mode = sd_card_identification_mode;
132 case sd_standby_state:
133 case sd_transfer_state:
134 case sd_sendingdata_state:
135 case sd_receivingdata_state:
136 case sd_programming_state:
137 case sd_disconnect_state:
138 sd->mode = sd_data_transfer_mode;
143 static const sd_cmd_type_t sd_cmd_type[64] = {
144 sd_bc, sd_none, sd_bcr, sd_bcr, sd_none, sd_none, sd_none, sd_ac,
145 sd_bcr, sd_ac, sd_ac, sd_adtc, sd_ac, sd_ac, sd_none, sd_ac,
146 sd_ac, sd_adtc, sd_adtc, sd_none, sd_none, sd_none, sd_none, sd_none,
147 sd_adtc, sd_adtc, sd_adtc, sd_adtc, sd_ac, sd_ac, sd_adtc, sd_none,
148 sd_ac, sd_ac, sd_none, sd_none, sd_none, sd_none, sd_ac, sd_none,
149 sd_none, sd_none, sd_bc, sd_none, sd_none, sd_none, sd_none, sd_none,
150 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_ac,
151 sd_adtc, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
154 static const sd_cmd_type_t sd_acmd_type[64] = {
155 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_ac, sd_none,
156 sd_none, sd_none, sd_none, sd_none, sd_none, sd_adtc, sd_none, sd_none,
157 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_adtc, sd_ac,
158 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
159 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
160 sd_none, sd_bcr, sd_ac, sd_none, sd_none, sd_none, sd_none, sd_none,
161 sd_none, sd_none, sd_none, sd_adtc, sd_none, sd_none, sd_none, sd_none,
162 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
165 static const int sd_cmd_class[64] = {
166 0, 0, 0, 0, 0, 9, 10, 0, 0, 0, 0, 1, 0, 0, 0, 0,
167 2, 2, 2, 2, 3, 3, 3, 3, 4, 4, 4, 4, 6, 6, 6, 6,
168 5, 5, 10, 10, 10, 10, 5, 9, 9, 9, 7, 7, 7, 7, 7, 7,
169 7, 7, 10, 7, 9, 9, 9, 8, 8, 10, 8, 8, 8, 8, 8, 8,
172 static uint8_t sd_crc7(void *message, size_t width)
175 uint8_t shift_reg = 0x00;
176 uint8_t *msg = (uint8_t *) message;
178 for (i = 0; i < width; i ++, msg ++)
179 for (bit = 7; bit >= 0; bit --) {
181 if ((shift_reg >> 7) ^ ((*msg >> bit) & 1))
188 static uint16_t sd_crc16(void *message, size_t width)
191 uint16_t shift_reg = 0x0000;
192 uint16_t *msg = (uint16_t *) message;
195 for (i = 0; i < width; i ++, msg ++)
196 for (bit = 15; bit >= 0; bit --) {
198 if ((shift_reg >> 15) ^ ((*msg >> bit) & 1))
205 static void sd_set_ocr(SDState *sd)
207 /* All voltages OK, card power-up OK, Standard Capacity SD Memory Card */
208 sd->ocr = 0x80ffff00;
211 static void sd_set_scr(SDState *sd)
213 sd->scr[0] = 0x00; /* SCR Structure */
214 sd->scr[1] = 0x2f; /* SD Security Support */
230 static void sd_set_cid(SDState *sd)
232 sd->cid[0] = MID; /* Fake card manufacturer ID (MID) */
233 sd->cid[1] = OID[0]; /* OEM/Application ID (OID) */
235 sd->cid[3] = PNM[0]; /* Fake product name (PNM) */
240 sd->cid[8] = PRV; /* Fake product revision (PRV) */
241 sd->cid[9] = 0xde; /* Fake serial number (PSN) */
245 sd->cid[13] = 0x00 | /* Manufacture date (MDT) */
246 ((MDT_YR - 2000) / 10);
247 sd->cid[14] = ((MDT_YR % 10) << 4) | MDT_MON;
248 sd->cid[15] = (sd_crc7(sd->cid, 15) << 1) | 1;
251 #define HWBLOCK_SHIFT 9 /* 512 bytes */
252 #define SECTOR_SHIFT 5 /* 16 kilobytes */
253 #define WPGROUP_SHIFT 7 /* 2 megs */
254 #define CMULT_SHIFT 9 /* 512 times HWBLOCK_SIZE */
255 #define WPGROUP_SIZE (1 << (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT))
257 static const uint8_t sd_csd_rw_mask[16] = {
258 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
259 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xfc, 0xfe,
262 static void sd_set_csd(SDState *sd, uint64_t size)
264 uint32_t csize = (size >> (CMULT_SHIFT + HWBLOCK_SHIFT)) - 1;
265 uint32_t sectsize = (1 << (SECTOR_SHIFT + 1)) - 1;
266 uint32_t wpsize = (1 << (WPGROUP_SHIFT + 1)) - 1;
268 if (size <= 0x40000000) { /* Standard Capacity SD */
269 sd->csd[0] = 0x00; /* CSD structure */
270 sd->csd[1] = 0x26; /* Data read access-time-1 */
271 sd->csd[2] = 0x00; /* Data read access-time-2 */
272 sd->csd[3] = 0x5a; /* Max. data transfer rate */
273 sd->csd[4] = 0x5f; /* Card Command Classes */
274 sd->csd[5] = 0x50 | /* Max. read data block length */
276 sd->csd[6] = 0xe0 | /* Partial block for read allowed */
277 ((csize >> 10) & 0x03);
278 sd->csd[7] = 0x00 | /* Device size */
279 ((csize >> 2) & 0xff);
280 sd->csd[8] = 0x3f | /* Max. read current */
281 ((csize << 6) & 0xc0);
282 sd->csd[9] = 0xfc | /* Max. write current */
283 ((CMULT_SHIFT - 2) >> 1);
284 sd->csd[10] = 0x40 | /* Erase sector size */
285 (((CMULT_SHIFT - 2) << 7) & 0x80) | (sectsize >> 1);
286 sd->csd[11] = 0x00 | /* Write protect group size */
287 ((sectsize << 7) & 0x80) | wpsize;
288 sd->csd[12] = 0x90 | /* Write speed factor */
289 (HWBLOCK_SHIFT >> 2);
290 sd->csd[13] = 0x20 | /* Max. write data block length */
291 ((HWBLOCK_SHIFT << 6) & 0xc0);
292 sd->csd[14] = 0x00; /* File format group */
293 sd->csd[15] = (sd_crc7(sd->csd, 15) << 1) | 1;
304 sd->csd[7] = (size >> 16) & 0xff;
305 sd->csd[8] = (size >> 8) & 0xff;
306 sd->csd[9] = (size & 0xff);
313 sd->ocr |= 1 << 30; /* High Capacity SD Memory Card */
317 static void sd_set_rca(SDState *sd)
322 /* Card status bits, split by clear condition:
323 * A : According to the card current state
324 * B : Always related to the previous command
325 * C : Cleared by read
327 #define CARD_STATUS_A 0x02004100
328 #define CARD_STATUS_B 0x00c01e00
329 #define CARD_STATUS_C 0xfd39a028
331 static void sd_set_cardstatus(SDState *sd)
333 sd->card_status = 0x00000100;
336 static void sd_set_sdstatus(SDState *sd)
338 memset(sd->sd_status, 0, 64);
341 static int sd_req_crc_validate(SDRequest *req)
344 buffer[0] = 0x40 | req->cmd;
345 buffer[1] = (req->arg >> 24) & 0xff;
346 buffer[2] = (req->arg >> 16) & 0xff;
347 buffer[3] = (req->arg >> 8) & 0xff;
348 buffer[4] = (req->arg >> 0) & 0xff;
350 return sd_crc7(buffer, 5) != req->crc; /* TODO */
353 static void sd_response_r1_make(SDState *sd, uint8_t *response)
355 uint32_t status = sd->card_status;
356 /* Clear the "clear on read" status bits */
357 sd->card_status &= ~CARD_STATUS_C;
359 response[0] = (status >> 24) & 0xff;
360 response[1] = (status >> 16) & 0xff;
361 response[2] = (status >> 8) & 0xff;
362 response[3] = (status >> 0) & 0xff;
365 static void sd_response_r3_make(SDState *sd, uint8_t *response)
367 response[0] = (sd->ocr >> 24) & 0xff;
368 response[1] = (sd->ocr >> 16) & 0xff;
369 response[2] = (sd->ocr >> 8) & 0xff;
370 response[3] = (sd->ocr >> 0) & 0xff;
373 static void sd_response_r6_make(SDState *sd, uint8_t *response)
379 status = ((sd->card_status >> 8) & 0xc000) |
380 ((sd->card_status >> 6) & 0x2000) |
381 (sd->card_status & 0x1fff);
382 sd->card_status &= ~(CARD_STATUS_C & 0xc81fff);
384 response[0] = (arg >> 8) & 0xff;
385 response[1] = arg & 0xff;
386 response[2] = (status >> 8) & 0xff;
387 response[3] = status & 0xff;
390 static void sd_response_r7_make(SDState *sd, uint8_t *response)
392 response[0] = (sd->vhs >> 24) & 0xff;
393 response[1] = (sd->vhs >> 16) & 0xff;
394 response[2] = (sd->vhs >> 8) & 0xff;
395 response[3] = (sd->vhs >> 0) & 0xff;
398 static inline uint64_t sd_addr_to_wpnum(uint64_t addr)
400 return addr >> (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT);
403 static void sd_reset(SDState *sd, BlockDriverState *bdrv)
409 bdrv_get_geometry(bdrv, §);
415 sect = sd_addr_to_wpnum(size) + 1;
417 sd->state = sd_idle_state;
422 sd_set_csd(sd, size);
423 sd_set_cardstatus(sd);
429 g_free(sd->wp_groups);
430 sd->wp_switch = bdrv ? bdrv_is_read_only(bdrv) : false;
431 sd->wpgrps_size = sect;
432 sd->wp_groups = bitmap_new(sd->wpgrps_size);
433 memset(sd->function_group, 0, sizeof(sd->function_group));
439 sd->expecting_acmd = false;
442 static void sd_cardchange(void *opaque, bool load)
444 SDState *sd = opaque;
446 qemu_set_irq(sd->inserted_cb, bdrv_is_inserted(sd->bdrv));
447 if (bdrv_is_inserted(sd->bdrv)) {
448 sd_reset(sd, sd->bdrv);
449 qemu_set_irq(sd->readonly_cb, sd->wp_switch);
453 static const BlockDevOps sd_block_ops = {
454 .change_media_cb = sd_cardchange,
457 static const VMStateDescription sd_vmstate = {
460 .minimum_version_id = 1,
461 .fields = (VMStateField[]) {
462 VMSTATE_UINT32(mode, SDState),
463 VMSTATE_INT32(state, SDState),
464 VMSTATE_UINT8_ARRAY(cid, SDState, 16),
465 VMSTATE_UINT8_ARRAY(csd, SDState, 16),
466 VMSTATE_UINT16(rca, SDState),
467 VMSTATE_UINT32(card_status, SDState),
468 VMSTATE_PARTIAL_BUFFER(sd_status, SDState, 1),
469 VMSTATE_UINT32(vhs, SDState),
470 VMSTATE_BITMAP(wp_groups, SDState, 0, wpgrps_size),
471 VMSTATE_UINT32(blk_len, SDState),
472 VMSTATE_UINT32(erase_start, SDState),
473 VMSTATE_UINT32(erase_end, SDState),
474 VMSTATE_UINT8_ARRAY(pwd, SDState, 16),
475 VMSTATE_UINT32(pwd_len, SDState),
476 VMSTATE_UINT8_ARRAY(function_group, SDState, 6),
477 VMSTATE_UINT8(current_cmd, SDState),
478 VMSTATE_BOOL(expecting_acmd, SDState),
479 VMSTATE_UINT32(blk_written, SDState),
480 VMSTATE_UINT64(data_start, SDState),
481 VMSTATE_UINT32(data_offset, SDState),
482 VMSTATE_UINT8_ARRAY(data, SDState, 512),
483 VMSTATE_BUFFER_POINTER_UNSAFE(buf, SDState, 1, 512),
484 VMSTATE_BOOL(enable, SDState),
485 VMSTATE_END_OF_LIST()
489 /* We do not model the chip select pin, so allow the board to select
490 whether card should be in SSI or MMC/SD mode. It is also up to the
491 board to ensure that ssi transfers only occur when the chip select
493 SDState *sd_init(BlockDriverState *bs, bool is_spi)
497 if (bdrv_is_read_only(bs)) {
498 fprintf(stderr, "sd_init: Cannot use read-only drive\n");
502 sd = (SDState *) g_malloc0(sizeof(SDState));
503 sd->buf = qemu_blockalign(bs, 512);
508 bdrv_attach_dev_nofail(sd->bdrv, sd);
509 bdrv_set_dev_ops(sd->bdrv, &sd_block_ops, sd);
511 vmstate_register(NULL, -1, &sd_vmstate, sd);
515 void sd_set_cb(SDState *sd, qemu_irq readonly, qemu_irq insert)
517 sd->readonly_cb = readonly;
518 sd->inserted_cb = insert;
519 qemu_set_irq(readonly, sd->bdrv ? bdrv_is_read_only(sd->bdrv) : 0);
520 qemu_set_irq(insert, sd->bdrv ? bdrv_is_inserted(sd->bdrv) : 0);
523 static void sd_erase(SDState *sd)
526 uint64_t erase_start = sd->erase_start;
527 uint64_t erase_end = sd->erase_end;
529 if (!sd->erase_start || !sd->erase_end) {
530 sd->card_status |= ERASE_SEQ_ERROR;
534 if (extract32(sd->ocr, OCR_CCS_BITN, 1)) {
535 /* High capacity memory card: erase units are 512 byte blocks */
540 erase_start = sd_addr_to_wpnum(erase_start);
541 erase_end = sd_addr_to_wpnum(erase_end);
546 for (i = erase_start; i <= erase_end; i++) {
547 if (test_bit(i, sd->wp_groups)) {
548 sd->card_status |= WP_ERASE_SKIP;
553 static uint32_t sd_wpbits(SDState *sd, uint64_t addr)
558 wpnum = sd_addr_to_wpnum(addr);
560 for (i = 0; i < 32; i++, wpnum++, addr += WPGROUP_SIZE) {
561 if (addr < sd->size && test_bit(wpnum, sd->wp_groups)) {
569 static void sd_function_switch(SDState *sd, uint32_t arg)
571 int i, mode, new_func, crc;
572 mode = !!(arg & 0x80000000);
574 sd->data[0] = 0x00; /* Maximum current consumption */
576 sd->data[2] = 0x80; /* Supported group 6 functions */
578 sd->data[4] = 0x80; /* Supported group 5 functions */
580 sd->data[6] = 0x80; /* Supported group 4 functions */
582 sd->data[8] = 0x80; /* Supported group 3 functions */
584 sd->data[10] = 0x80; /* Supported group 2 functions */
586 sd->data[12] = 0x80; /* Supported group 1 functions */
588 for (i = 0; i < 6; i ++) {
589 new_func = (arg >> (i * 4)) & 0x0f;
590 if (mode && new_func != 0x0f)
591 sd->function_group[i] = new_func;
592 sd->data[14 + (i >> 1)] = new_func << ((i * 4) & 4);
594 memset(&sd->data[17], 0, 47);
595 crc = sd_crc16(sd->data, 64);
596 sd->data[65] = crc >> 8;
597 sd->data[66] = crc & 0xff;
600 static inline bool sd_wp_addr(SDState *sd, uint64_t addr)
602 return test_bit(sd_addr_to_wpnum(addr), sd->wp_groups);
605 static void sd_lock_command(SDState *sd)
607 int erase, lock, clr_pwd, set_pwd, pwd_len;
608 erase = !!(sd->data[0] & 0x08);
609 lock = sd->data[0] & 0x04;
610 clr_pwd = sd->data[0] & 0x02;
611 set_pwd = sd->data[0] & 0x01;
614 pwd_len = sd->data[1];
619 if (!(sd->card_status & CARD_IS_LOCKED) || sd->blk_len > 1 ||
620 set_pwd || clr_pwd || lock || sd->wp_switch ||
621 (sd->csd[14] & 0x20)) {
622 sd->card_status |= LOCK_UNLOCK_FAILED;
625 bitmap_zero(sd->wp_groups, sd->wpgrps_size);
626 sd->csd[14] &= ~0x10;
627 sd->card_status &= ~CARD_IS_LOCKED;
629 /* Erasing the entire card here! */
630 fprintf(stderr, "SD: Card force-erased by CMD42\n");
634 if (sd->blk_len < 2 + pwd_len ||
635 pwd_len <= sd->pwd_len ||
636 pwd_len > sd->pwd_len + 16) {
637 sd->card_status |= LOCK_UNLOCK_FAILED;
641 if (sd->pwd_len && memcmp(sd->pwd, sd->data + 2, sd->pwd_len)) {
642 sd->card_status |= LOCK_UNLOCK_FAILED;
646 pwd_len -= sd->pwd_len;
647 if ((pwd_len && !set_pwd) ||
648 (clr_pwd && (set_pwd || lock)) ||
649 (lock && !sd->pwd_len && !set_pwd) ||
650 (!set_pwd && !clr_pwd &&
651 (((sd->card_status & CARD_IS_LOCKED) && lock) ||
652 (!(sd->card_status & CARD_IS_LOCKED) && !lock)))) {
653 sd->card_status |= LOCK_UNLOCK_FAILED;
658 memcpy(sd->pwd, sd->data + 2 + sd->pwd_len, pwd_len);
659 sd->pwd_len = pwd_len;
667 sd->card_status |= CARD_IS_LOCKED;
669 sd->card_status &= ~CARD_IS_LOCKED;
672 static sd_rsp_type_t sd_normal_command(SDState *sd,
675 uint32_t rca = 0x0000;
676 uint64_t addr = (sd->ocr & (1 << 30)) ? (uint64_t) req.arg << 9 : req.arg;
678 /* Not interpreting this as an app command */
679 sd->card_status &= ~APP_CMD;
681 if (sd_cmd_type[req.cmd] == sd_ac || sd_cmd_type[req.cmd] == sd_adtc)
684 DPRINTF("CMD%d 0x%08x state %d\n", req.cmd, req.arg, sd->state);
686 /* Basic commands (Class 0 and Class 1) */
687 case 0: /* CMD0: GO_IDLE_STATE */
689 case sd_inactive_state:
690 return sd->spi ? sd_r1 : sd_r0;
693 sd->state = sd_idle_state;
694 sd_reset(sd, sd->bdrv);
695 return sd->spi ? sd_r1 : sd_r0;
699 case 1: /* CMD1: SEND_OP_CMD */
703 sd->state = sd_transfer_state;
706 case 2: /* CMD2: ALL_SEND_CID */
711 sd->state = sd_identification_state;
719 case 3: /* CMD3: SEND_RELATIVE_ADDR */
723 case sd_identification_state:
724 case sd_standby_state:
725 sd->state = sd_standby_state;
734 case 4: /* CMD4: SEND_DSR */
738 case sd_standby_state:
746 case 5: /* CMD5: reserved for SDIO cards */
749 case 6: /* CMD6: SWITCH_FUNCTION */
753 case sd_data_transfer_mode:
754 sd_function_switch(sd, req.arg);
755 sd->state = sd_sendingdata_state;
765 case 7: /* CMD7: SELECT/DESELECT_CARD */
769 case sd_standby_state:
773 sd->state = sd_transfer_state;
776 case sd_transfer_state:
777 case sd_sendingdata_state:
781 sd->state = sd_standby_state;
784 case sd_disconnect_state:
788 sd->state = sd_programming_state;
791 case sd_programming_state:
795 sd->state = sd_disconnect_state;
803 case 8: /* CMD8: SEND_IF_COND */
804 /* Physical Layer Specification Version 2.00 command */
809 /* No response if not exactly one VHS bit is set. */
810 if (!(req.arg >> 8) || (req.arg >> ffs(req.arg & ~0xff)))
811 return sd->spi ? sd_r7 : sd_r0;
822 case 9: /* CMD9: SEND_CSD */
824 case sd_standby_state:
830 case sd_transfer_state:
833 sd->state = sd_sendingdata_state;
834 memcpy(sd->data, sd->csd, 16);
835 sd->data_start = addr;
844 case 10: /* CMD10: SEND_CID */
846 case sd_standby_state:
852 case sd_transfer_state:
855 sd->state = sd_sendingdata_state;
856 memcpy(sd->data, sd->cid, 16);
857 sd->data_start = addr;
866 case 11: /* CMD11: READ_DAT_UNTIL_STOP */
870 case sd_transfer_state:
871 sd->state = sd_sendingdata_state;
872 sd->data_start = req.arg;
875 if (sd->data_start + sd->blk_len > sd->size)
876 sd->card_status |= ADDRESS_ERROR;
884 case 12: /* CMD12: STOP_TRANSMISSION */
886 case sd_sendingdata_state:
887 sd->state = sd_transfer_state;
890 case sd_receivingdata_state:
891 sd->state = sd_programming_state;
892 /* Bzzzzzzztt .... Operation complete. */
893 sd->state = sd_transfer_state;
901 case 13: /* CMD13: SEND_STATUS */
903 case sd_data_transfer_mode:
914 case 15: /* CMD15: GO_INACTIVE_STATE */
918 case sd_data_transfer_mode:
922 sd->state = sd_inactive_state;
930 /* Block read commands (Classs 2) */
931 case 16: /* CMD16: SET_BLOCKLEN */
933 case sd_transfer_state:
934 if (req.arg > (1 << HWBLOCK_SHIFT))
935 sd->card_status |= BLOCK_LEN_ERROR;
937 sd->blk_len = req.arg;
946 case 17: /* CMD17: READ_SINGLE_BLOCK */
948 case sd_transfer_state:
949 sd->state = sd_sendingdata_state;
950 sd->data_start = addr;
953 if (sd->data_start + sd->blk_len > sd->size)
954 sd->card_status |= ADDRESS_ERROR;
962 case 18: /* CMD18: READ_MULTIPLE_BLOCK */
964 case sd_transfer_state:
965 sd->state = sd_sendingdata_state;
966 sd->data_start = addr;
969 if (sd->data_start + sd->blk_len > sd->size)
970 sd->card_status |= ADDRESS_ERROR;
978 /* Block write commands (Class 4) */
979 case 24: /* CMD24: WRITE_SINGLE_BLOCK */
981 goto unimplemented_cmd;
983 case sd_transfer_state:
984 /* Writing in SPI mode not implemented. */
987 sd->state = sd_receivingdata_state;
988 sd->data_start = addr;
992 if (sd->data_start + sd->blk_len > sd->size)
993 sd->card_status |= ADDRESS_ERROR;
994 if (sd_wp_addr(sd, sd->data_start))
995 sd->card_status |= WP_VIOLATION;
996 if (sd->csd[14] & 0x30)
997 sd->card_status |= WP_VIOLATION;
1005 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
1007 goto unimplemented_cmd;
1008 switch (sd->state) {
1009 case sd_transfer_state:
1010 /* Writing in SPI mode not implemented. */
1013 sd->state = sd_receivingdata_state;
1014 sd->data_start = addr;
1015 sd->data_offset = 0;
1016 sd->blk_written = 0;
1018 if (sd->data_start + sd->blk_len > sd->size)
1019 sd->card_status |= ADDRESS_ERROR;
1020 if (sd_wp_addr(sd, sd->data_start))
1021 sd->card_status |= WP_VIOLATION;
1022 if (sd->csd[14] & 0x30)
1023 sd->card_status |= WP_VIOLATION;
1031 case 26: /* CMD26: PROGRAM_CID */
1034 switch (sd->state) {
1035 case sd_transfer_state:
1036 sd->state = sd_receivingdata_state;
1038 sd->data_offset = 0;
1046 case 27: /* CMD27: PROGRAM_CSD */
1048 goto unimplemented_cmd;
1049 switch (sd->state) {
1050 case sd_transfer_state:
1051 sd->state = sd_receivingdata_state;
1053 sd->data_offset = 0;
1061 /* Write protection (Class 6) */
1062 case 28: /* CMD28: SET_WRITE_PROT */
1063 switch (sd->state) {
1064 case sd_transfer_state:
1065 if (addr >= sd->size) {
1066 sd->card_status |= ADDRESS_ERROR;
1070 sd->state = sd_programming_state;
1071 set_bit(sd_addr_to_wpnum(addr), sd->wp_groups);
1072 /* Bzzzzzzztt .... Operation complete. */
1073 sd->state = sd_transfer_state;
1081 case 29: /* CMD29: CLR_WRITE_PROT */
1082 switch (sd->state) {
1083 case sd_transfer_state:
1084 if (addr >= sd->size) {
1085 sd->card_status |= ADDRESS_ERROR;
1089 sd->state = sd_programming_state;
1090 clear_bit(sd_addr_to_wpnum(addr), sd->wp_groups);
1091 /* Bzzzzzzztt .... Operation complete. */
1092 sd->state = sd_transfer_state;
1100 case 30: /* CMD30: SEND_WRITE_PROT */
1101 switch (sd->state) {
1102 case sd_transfer_state:
1103 sd->state = sd_sendingdata_state;
1104 *(uint32_t *) sd->data = sd_wpbits(sd, req.arg);
1105 sd->data_start = addr;
1106 sd->data_offset = 0;
1114 /* Erase commands (Class 5) */
1115 case 32: /* CMD32: ERASE_WR_BLK_START */
1116 switch (sd->state) {
1117 case sd_transfer_state:
1118 sd->erase_start = req.arg;
1126 case 33: /* CMD33: ERASE_WR_BLK_END */
1127 switch (sd->state) {
1128 case sd_transfer_state:
1129 sd->erase_end = req.arg;
1137 case 38: /* CMD38: ERASE */
1138 switch (sd->state) {
1139 case sd_transfer_state:
1140 if (sd->csd[14] & 0x30) {
1141 sd->card_status |= WP_VIOLATION;
1145 sd->state = sd_programming_state;
1147 /* Bzzzzzzztt .... Operation complete. */
1148 sd->state = sd_transfer_state;
1156 /* Lock card commands (Class 7) */
1157 case 42: /* CMD42: LOCK_UNLOCK */
1159 goto unimplemented_cmd;
1160 switch (sd->state) {
1161 case sd_transfer_state:
1162 sd->state = sd_receivingdata_state;
1164 sd->data_offset = 0;
1174 /* CMD52, CMD53: reserved for SDIO cards
1175 * (see the SDIO Simplified Specification V2.0)
1176 * Handle as illegal command but do not complain
1177 * on stderr, as some OSes may use these in their
1178 * probing for presence of an SDIO card.
1182 /* Application specific commands (Class 8) */
1183 case 55: /* CMD55: APP_CMD */
1187 sd->expecting_acmd = true;
1188 sd->card_status |= APP_CMD;
1191 case 56: /* CMD56: GEN_CMD */
1192 fprintf(stderr, "SD: GEN_CMD 0x%08x\n", req.arg);
1194 switch (sd->state) {
1195 case sd_transfer_state:
1196 sd->data_offset = 0;
1198 sd->state = sd_sendingdata_state;
1200 sd->state = sd_receivingdata_state;
1210 fprintf(stderr, "SD: Unknown CMD%i\n", req.cmd);
1214 /* Commands that are recognised but not yet implemented in SPI mode. */
1215 fprintf(stderr, "SD: CMD%i not implemented in SPI mode\n", req.cmd);
1219 fprintf(stderr, "SD: CMD%i in a wrong state\n", req.cmd);
1223 static sd_rsp_type_t sd_app_command(SDState *sd,
1226 DPRINTF("ACMD%d 0x%08x\n", req.cmd, req.arg);
1227 sd->card_status |= APP_CMD;
1229 case 6: /* ACMD6: SET_BUS_WIDTH */
1230 switch (sd->state) {
1231 case sd_transfer_state:
1232 sd->sd_status[0] &= 0x3f;
1233 sd->sd_status[0] |= (req.arg & 0x03) << 6;
1241 case 13: /* ACMD13: SD_STATUS */
1242 switch (sd->state) {
1243 case sd_transfer_state:
1244 sd->state = sd_sendingdata_state;
1246 sd->data_offset = 0;
1254 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
1255 switch (sd->state) {
1256 case sd_transfer_state:
1257 *(uint32_t *) sd->data = sd->blk_written;
1259 sd->state = sd_sendingdata_state;
1261 sd->data_offset = 0;
1269 case 23: /* ACMD23: SET_WR_BLK_ERASE_COUNT */
1270 switch (sd->state) {
1271 case sd_transfer_state:
1279 case 41: /* ACMD41: SD_APP_OP_COND */
1282 sd->state = sd_transfer_state;
1285 switch (sd->state) {
1287 /* We accept any voltage. 10000 V is nothing.
1289 * We don't model init delay so just advance straight to ready state
1290 * unless it's an enquiry ACMD41 (bits 23:0 == 0).
1292 if (req.arg & ACMD41_ENQUIRY_MASK) {
1293 sd->state = sd_ready_state;
1303 case 42: /* ACMD42: SET_CLR_CARD_DETECT */
1304 switch (sd->state) {
1305 case sd_transfer_state:
1306 /* Bringing in the 50KOhm pull-up resistor... Done. */
1314 case 51: /* ACMD51: SEND_SCR */
1315 switch (sd->state) {
1316 case sd_transfer_state:
1317 sd->state = sd_sendingdata_state;
1319 sd->data_offset = 0;
1328 /* Fall back to standard commands. */
1329 return sd_normal_command(sd, req);
1332 fprintf(stderr, "SD: ACMD%i in a wrong state\n", req.cmd);
1336 static int cmd_valid_while_locked(SDState *sd, SDRequest *req)
1338 /* Valid commands in locked state:
1340 * lock card class (7)
1342 * implicitly, the ACMD prefix CMD55
1344 * Anything else provokes an "illegal command" response.
1346 if (sd->expecting_acmd) {
1347 return req->cmd == 41 || req->cmd == 42;
1349 if (req->cmd == 16 || req->cmd == 55) {
1352 return sd_cmd_class[req->cmd] == 0 || sd_cmd_class[req->cmd] == 7;
1355 int sd_do_command(SDState *sd, SDRequest *req,
1356 uint8_t *response) {
1358 sd_rsp_type_t rtype;
1361 if (!sd->bdrv || !bdrv_is_inserted(sd->bdrv) || !sd->enable) {
1365 if (sd_req_crc_validate(req)) {
1366 sd->card_status |= COM_CRC_ERROR;
1371 if (sd->card_status & CARD_IS_LOCKED) {
1372 if (!cmd_valid_while_locked(sd, req)) {
1373 sd->card_status |= ILLEGAL_COMMAND;
1374 sd->expecting_acmd = false;
1375 fprintf(stderr, "SD: Card is locked\n");
1381 last_state = sd->state;
1384 if (sd->expecting_acmd) {
1385 sd->expecting_acmd = false;
1386 rtype = sd_app_command(sd, *req);
1388 rtype = sd_normal_command(sd, *req);
1391 if (rtype == sd_illegal) {
1392 sd->card_status |= ILLEGAL_COMMAND;
1394 /* Valid command, we can update the 'state before command' bits.
1395 * (Do this now so they appear in r1 responses.)
1397 sd->current_cmd = req->cmd;
1398 sd->card_status &= ~CURRENT_STATE;
1399 sd->card_status |= (last_state << 9);
1406 sd_response_r1_make(sd, response);
1411 memcpy(response, sd->cid, sizeof(sd->cid));
1416 memcpy(response, sd->csd, sizeof(sd->csd));
1421 sd_response_r3_make(sd, response);
1426 sd_response_r6_make(sd, response);
1431 sd_response_r7_make(sd, response);
1442 if (rtype != sd_illegal) {
1443 /* Clear the "clear on valid command" status bits now we've
1446 sd->card_status &= ~CARD_STATUS_B;
1452 DPRINTF("Response:");
1453 for (i = 0; i < rsplen; i++)
1454 fprintf(stderr, " %02x", response[i]);
1455 fprintf(stderr, " state %d\n", sd->state);
1457 DPRINTF("No response %d\n", sd->state);
1464 static void sd_blk_read(SDState *sd, uint64_t addr, uint32_t len)
1466 uint64_t end = addr + len;
1468 DPRINTF("sd_blk_read: addr = 0x%08llx, len = %d\n",
1469 (unsigned long long) addr, len);
1470 if (!sd->bdrv || bdrv_read(sd->bdrv, addr >> 9, sd->buf, 1) < 0) {
1471 fprintf(stderr, "sd_blk_read: read error on host side\n");
1475 if (end > (addr & ~511) + 512) {
1476 memcpy(sd->data, sd->buf + (addr & 511), 512 - (addr & 511));
1478 if (bdrv_read(sd->bdrv, end >> 9, sd->buf, 1) < 0) {
1479 fprintf(stderr, "sd_blk_read: read error on host side\n");
1482 memcpy(sd->data + 512 - (addr & 511), sd->buf, end & 511);
1484 memcpy(sd->data, sd->buf + (addr & 511), len);
1487 static void sd_blk_write(SDState *sd, uint64_t addr, uint32_t len)
1489 uint64_t end = addr + len;
1491 if ((addr & 511) || len < 512)
1492 if (!sd->bdrv || bdrv_read(sd->bdrv, addr >> 9, sd->buf, 1) < 0) {
1493 fprintf(stderr, "sd_blk_write: read error on host side\n");
1497 if (end > (addr & ~511) + 512) {
1498 memcpy(sd->buf + (addr & 511), sd->data, 512 - (addr & 511));
1499 if (bdrv_write(sd->bdrv, addr >> 9, sd->buf, 1) < 0) {
1500 fprintf(stderr, "sd_blk_write: write error on host side\n");
1504 if (bdrv_read(sd->bdrv, end >> 9, sd->buf, 1) < 0) {
1505 fprintf(stderr, "sd_blk_write: read error on host side\n");
1508 memcpy(sd->buf, sd->data + 512 - (addr & 511), end & 511);
1509 if (bdrv_write(sd->bdrv, end >> 9, sd->buf, 1) < 0) {
1510 fprintf(stderr, "sd_blk_write: write error on host side\n");
1513 memcpy(sd->buf + (addr & 511), sd->data, len);
1514 if (!sd->bdrv || bdrv_write(sd->bdrv, addr >> 9, sd->buf, 1) < 0) {
1515 fprintf(stderr, "sd_blk_write: write error on host side\n");
1520 #define BLK_READ_BLOCK(a, len) sd_blk_read(sd, a, len)
1521 #define BLK_WRITE_BLOCK(a, len) sd_blk_write(sd, a, len)
1522 #define APP_READ_BLOCK(a, len) memset(sd->data, 0xec, len)
1523 #define APP_WRITE_BLOCK(a, len)
1525 void sd_write_data(SDState *sd, uint8_t value)
1529 if (!sd->bdrv || !bdrv_is_inserted(sd->bdrv) || !sd->enable)
1532 if (sd->state != sd_receivingdata_state) {
1533 fprintf(stderr, "sd_write_data: not in Receiving-Data state\n");
1537 if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION))
1540 switch (sd->current_cmd) {
1541 case 24: /* CMD24: WRITE_SINGLE_BLOCK */
1542 sd->data[sd->data_offset ++] = value;
1543 if (sd->data_offset >= sd->blk_len) {
1544 /* TODO: Check CRC before committing */
1545 sd->state = sd_programming_state;
1546 BLK_WRITE_BLOCK(sd->data_start, sd->data_offset);
1548 sd->csd[14] |= 0x40;
1549 /* Bzzzzzzztt .... Operation complete. */
1550 sd->state = sd_transfer_state;
1554 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
1555 if (sd->data_offset == 0) {
1556 /* Start of the block - let's check the address is valid */
1557 if (sd->data_start + sd->blk_len > sd->size) {
1558 sd->card_status |= ADDRESS_ERROR;
1561 if (sd_wp_addr(sd, sd->data_start)) {
1562 sd->card_status |= WP_VIOLATION;
1566 sd->data[sd->data_offset++] = value;
1567 if (sd->data_offset >= sd->blk_len) {
1568 /* TODO: Check CRC before committing */
1569 sd->state = sd_programming_state;
1570 BLK_WRITE_BLOCK(sd->data_start, sd->data_offset);
1572 sd->data_start += sd->blk_len;
1573 sd->data_offset = 0;
1574 sd->csd[14] |= 0x40;
1576 /* Bzzzzzzztt .... Operation complete. */
1577 sd->state = sd_receivingdata_state;
1581 case 26: /* CMD26: PROGRAM_CID */
1582 sd->data[sd->data_offset ++] = value;
1583 if (sd->data_offset >= sizeof(sd->cid)) {
1584 /* TODO: Check CRC before committing */
1585 sd->state = sd_programming_state;
1586 for (i = 0; i < sizeof(sd->cid); i ++)
1587 if ((sd->cid[i] | 0x00) != sd->data[i])
1588 sd->card_status |= CID_CSD_OVERWRITE;
1590 if (!(sd->card_status & CID_CSD_OVERWRITE))
1591 for (i = 0; i < sizeof(sd->cid); i ++) {
1593 sd->cid[i] &= sd->data[i];
1595 /* Bzzzzzzztt .... Operation complete. */
1596 sd->state = sd_transfer_state;
1600 case 27: /* CMD27: PROGRAM_CSD */
1601 sd->data[sd->data_offset ++] = value;
1602 if (sd->data_offset >= sizeof(sd->csd)) {
1603 /* TODO: Check CRC before committing */
1604 sd->state = sd_programming_state;
1605 for (i = 0; i < sizeof(sd->csd); i ++)
1606 if ((sd->csd[i] | sd_csd_rw_mask[i]) !=
1607 (sd->data[i] | sd_csd_rw_mask[i]))
1608 sd->card_status |= CID_CSD_OVERWRITE;
1610 /* Copy flag (OTP) & Permanent write protect */
1611 if (sd->csd[14] & ~sd->data[14] & 0x60)
1612 sd->card_status |= CID_CSD_OVERWRITE;
1614 if (!(sd->card_status & CID_CSD_OVERWRITE))
1615 for (i = 0; i < sizeof(sd->csd); i ++) {
1616 sd->csd[i] |= sd_csd_rw_mask[i];
1617 sd->csd[i] &= sd->data[i];
1619 /* Bzzzzzzztt .... Operation complete. */
1620 sd->state = sd_transfer_state;
1624 case 42: /* CMD42: LOCK_UNLOCK */
1625 sd->data[sd->data_offset ++] = value;
1626 if (sd->data_offset >= sd->blk_len) {
1627 /* TODO: Check CRC before committing */
1628 sd->state = sd_programming_state;
1629 sd_lock_command(sd);
1630 /* Bzzzzzzztt .... Operation complete. */
1631 sd->state = sd_transfer_state;
1635 case 56: /* CMD56: GEN_CMD */
1636 sd->data[sd->data_offset ++] = value;
1637 if (sd->data_offset >= sd->blk_len) {
1638 APP_WRITE_BLOCK(sd->data_start, sd->data_offset);
1639 sd->state = sd_transfer_state;
1644 fprintf(stderr, "sd_write_data: unknown command\n");
1649 uint8_t sd_read_data(SDState *sd)
1651 /* TODO: Append CRCs */
1655 if (!sd->bdrv || !bdrv_is_inserted(sd->bdrv) || !sd->enable)
1658 if (sd->state != sd_sendingdata_state) {
1659 fprintf(stderr, "sd_read_data: not in Sending-Data state\n");
1663 if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION))
1666 io_len = (sd->ocr & (1 << 30)) ? 512 : sd->blk_len;
1668 switch (sd->current_cmd) {
1669 case 6: /* CMD6: SWITCH_FUNCTION */
1670 ret = sd->data[sd->data_offset ++];
1672 if (sd->data_offset >= 64)
1673 sd->state = sd_transfer_state;
1676 case 9: /* CMD9: SEND_CSD */
1677 case 10: /* CMD10: SEND_CID */
1678 ret = sd->data[sd->data_offset ++];
1680 if (sd->data_offset >= 16)
1681 sd->state = sd_transfer_state;
1684 case 11: /* CMD11: READ_DAT_UNTIL_STOP */
1685 if (sd->data_offset == 0)
1686 BLK_READ_BLOCK(sd->data_start, io_len);
1687 ret = sd->data[sd->data_offset ++];
1689 if (sd->data_offset >= io_len) {
1690 sd->data_start += io_len;
1691 sd->data_offset = 0;
1692 if (sd->data_start + io_len > sd->size) {
1693 sd->card_status |= ADDRESS_ERROR;
1699 case 13: /* ACMD13: SD_STATUS */
1700 ret = sd->sd_status[sd->data_offset ++];
1702 if (sd->data_offset >= sizeof(sd->sd_status))
1703 sd->state = sd_transfer_state;
1706 case 17: /* CMD17: READ_SINGLE_BLOCK */
1707 if (sd->data_offset == 0)
1708 BLK_READ_BLOCK(sd->data_start, io_len);
1709 ret = sd->data[sd->data_offset ++];
1711 if (sd->data_offset >= io_len)
1712 sd->state = sd_transfer_state;
1715 case 18: /* CMD18: READ_MULTIPLE_BLOCK */
1716 if (sd->data_offset == 0)
1717 BLK_READ_BLOCK(sd->data_start, io_len);
1718 ret = sd->data[sd->data_offset ++];
1720 if (sd->data_offset >= io_len) {
1721 sd->data_start += io_len;
1722 sd->data_offset = 0;
1723 if (sd->data_start + io_len > sd->size) {
1724 sd->card_status |= ADDRESS_ERROR;
1730 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
1731 ret = sd->data[sd->data_offset ++];
1733 if (sd->data_offset >= 4)
1734 sd->state = sd_transfer_state;
1737 case 30: /* CMD30: SEND_WRITE_PROT */
1738 ret = sd->data[sd->data_offset ++];
1740 if (sd->data_offset >= 4)
1741 sd->state = sd_transfer_state;
1744 case 51: /* ACMD51: SEND_SCR */
1745 ret = sd->scr[sd->data_offset ++];
1747 if (sd->data_offset >= sizeof(sd->scr))
1748 sd->state = sd_transfer_state;
1751 case 56: /* CMD56: GEN_CMD */
1752 if (sd->data_offset == 0)
1753 APP_READ_BLOCK(sd->data_start, sd->blk_len);
1754 ret = sd->data[sd->data_offset ++];
1756 if (sd->data_offset >= sd->blk_len)
1757 sd->state = sd_transfer_state;
1761 fprintf(stderr, "sd_read_data: unknown command\n");
1768 bool sd_data_ready(SDState *sd)
1770 return sd->state == sd_sendingdata_state;
1773 void sd_enable(SDState *sd, bool enable)
1775 sd->enable = enable;
projects / qemu.git / blob