2 * SD Memory Card emulation as defined in the "SD Memory Card Physical
3 * layer specification, Version 1.10."
6 * Copyright (c) 2007 CodeSourcery
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in
16 * the documentation and/or other materials provided with the
19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS''
20 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
21 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
22 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR
23 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
24 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
25 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
26 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
27 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
28 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
29 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
32 #include "qemu/osdep.h"
35 #include "sysemu/block-backend.h"
37 #include "qapi/error.h"
38 #include "qemu/bitmap.h"
39 #include "hw/qdev-properties.h"
40 #include "qemu/error-report.h"
41 #include "qemu/timer.h"
47 #define ACMD41_ENQUIRY_MASK 0x00ffffff
48 #define OCR_POWER_UP 0x80000000
49 #define OCR_POWER_DELAY_NS 500000 /* 0.5ms */
52 sd_r0 = 0, /* no response */
53 sd_r1, /* normal response command */
54 sd_r2_i, /* CID register */
55 sd_r2_s, /* CSD register */
56 sd_r3, /* OCR register */
57 sd_r6 = 6, /* Published RCA response */
58 sd_r7, /* Operating voltage */
65 sd_card_identification_mode,
66 sd_data_transfer_mode,
70 sd_inactive_state = -1,
73 sd_identification_state,
77 sd_receivingdata_state,
83 DeviceState parent_obj;
85 /* SD Memory Card Registers */
92 uint8_t sd_status[64];
94 /* Configurable properties */
98 uint32_t mode; /* current card mode, one of SDCardModes */
99 int32_t state; /* current card state, one of SDCardStates */
102 unsigned long *wp_groups;
106 uint32_t multi_blk_cnt;
107 uint32_t erase_start;
111 uint8_t function_group[6];
113 /* True if we will handle the next command as an ACMD. Note that this does
114 * *not* track the APP_CMD status bit!
117 uint32_t blk_written;
119 uint32_t data_offset;
121 qemu_irq readonly_cb;
122 qemu_irq inserted_cb;
123 QEMUTimer *ocr_power_timer;
129 static const char *sd_state_name(enum SDCardStates state)
131 static const char *state_name[] = {
132 [sd_idle_state] = "idle",
133 [sd_ready_state] = "ready",
134 [sd_identification_state] = "identification",
135 [sd_standby_state] = "standby",
136 [sd_transfer_state] = "transfer",
137 [sd_sendingdata_state] = "sendingdata",
138 [sd_receivingdata_state] = "receivingdata",
139 [sd_programming_state] = "programming",
140 [sd_disconnect_state] = "disconnect",
142 if (state == sd_inactive_state) {
145 assert(state <= ARRAY_SIZE(state_name));
146 return state_name[state];
149 static const char *sd_response_name(sd_rsp_type_t rsp)
151 static const char *response_name[] = {
152 [sd_r0] = "RESP#0 (no response)",
153 [sd_r1] = "RESP#1 (normal cmd)",
154 [sd_r2_i] = "RESP#2 (CID reg)",
155 [sd_r2_s] = "RESP#2 (CSD reg)",
156 [sd_r3] = "RESP#3 (OCR reg)",
157 [sd_r6] = "RESP#6 (RCA)",
158 [sd_r7] = "RESP#7 (operating voltage)",
160 if (rsp == sd_illegal) {
161 return "ILLEGAL RESP";
166 assert(rsp <= ARRAY_SIZE(response_name));
167 return response_name[rsp];
170 static uint8_t sd_get_dat_lines(SDState *sd)
172 return sd->enable ? sd->dat_lines : 0;
175 static bool sd_get_cmd_line(SDState *sd)
177 return sd->enable ? sd->cmd_line : false;
180 static void sd_set_voltage(SDState *sd, uint16_t millivolts)
182 switch (millivolts) {
183 case 3001 ... 3600: /* SD_VOLTAGE_3_3V */
184 case 2001 ... 3000: /* SD_VOLTAGE_3_0V */
187 qemu_log_mask(LOG_GUEST_ERROR, "SD card voltage not supported: %.3fV",
188 millivolts / 1000.f);
192 static void sd_set_mode(SDState *sd)
195 case sd_inactive_state:
196 sd->mode = sd_inactive;
201 case sd_identification_state:
202 sd->mode = sd_card_identification_mode;
205 case sd_standby_state:
206 case sd_transfer_state:
207 case sd_sendingdata_state:
208 case sd_receivingdata_state:
209 case sd_programming_state:
210 case sd_disconnect_state:
211 sd->mode = sd_data_transfer_mode;
216 static const sd_cmd_type_t sd_cmd_type[64] = {
217 sd_bc, sd_none, sd_bcr, sd_bcr, sd_none, sd_none, sd_none, sd_ac,
218 sd_bcr, sd_ac, sd_ac, sd_adtc, sd_ac, sd_ac, sd_none, sd_ac,
219 sd_ac, sd_adtc, sd_adtc, sd_none, sd_none, sd_none, sd_none, sd_none,
220 sd_adtc, sd_adtc, sd_adtc, sd_adtc, sd_ac, sd_ac, sd_adtc, sd_none,
221 sd_ac, sd_ac, sd_none, sd_none, sd_none, sd_none, sd_ac, sd_none,
222 sd_none, sd_none, sd_bc, sd_none, sd_none, sd_none, sd_none, sd_none,
223 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_ac,
224 sd_adtc, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
227 static const int sd_cmd_class[64] = {
228 0, 0, 0, 0, 0, 9, 10, 0, 0, 0, 0, 1, 0, 0, 0, 0,
229 2, 2, 2, 2, 3, 3, 3, 3, 4, 4, 4, 4, 6, 6, 6, 6,
230 5, 5, 10, 10, 10, 10, 5, 9, 9, 9, 7, 7, 7, 7, 7, 7,
231 7, 7, 10, 7, 9, 9, 9, 8, 8, 10, 8, 8, 8, 8, 8, 8,
234 static uint8_t sd_crc7(void *message, size_t width)
237 uint8_t shift_reg = 0x00;
238 uint8_t *msg = (uint8_t *) message;
240 for (i = 0; i < width; i ++, msg ++)
241 for (bit = 7; bit >= 0; bit --) {
243 if ((shift_reg >> 7) ^ ((*msg >> bit) & 1))
250 static uint16_t sd_crc16(void *message, size_t width)
253 uint16_t shift_reg = 0x0000;
254 uint16_t *msg = (uint16_t *) message;
257 for (i = 0; i < width; i ++, msg ++)
258 for (bit = 15; bit >= 0; bit --) {
260 if ((shift_reg >> 15) ^ ((*msg >> bit) & 1))
267 static void sd_set_ocr(SDState *sd)
269 /* All voltages OK, Standard Capacity SD Memory Card, not yet powered up */
270 sd->ocr = 0x00ffff00;
273 static void sd_ocr_powerup(void *opaque)
275 SDState *sd = opaque;
277 /* Set powered up bit in OCR */
278 assert(!(sd->ocr & OCR_POWER_UP));
279 sd->ocr |= OCR_POWER_UP;
282 static void sd_set_scr(SDState *sd)
284 sd->scr[0] = 0x00; /* SCR Structure */
285 sd->scr[1] = 0x2f; /* SD Security Support */
301 static void sd_set_cid(SDState *sd)
303 sd->cid[0] = MID; /* Fake card manufacturer ID (MID) */
304 sd->cid[1] = OID[0]; /* OEM/Application ID (OID) */
306 sd->cid[3] = PNM[0]; /* Fake product name (PNM) */
311 sd->cid[8] = PRV; /* Fake product revision (PRV) */
312 sd->cid[9] = 0xde; /* Fake serial number (PSN) */
316 sd->cid[13] = 0x00 | /* Manufacture date (MDT) */
317 ((MDT_YR - 2000) / 10);
318 sd->cid[14] = ((MDT_YR % 10) << 4) | MDT_MON;
319 sd->cid[15] = (sd_crc7(sd->cid, 15) << 1) | 1;
322 #define HWBLOCK_SHIFT 9 /* 512 bytes */
323 #define SECTOR_SHIFT 5 /* 16 kilobytes */
324 #define WPGROUP_SHIFT 7 /* 2 megs */
325 #define CMULT_SHIFT 9 /* 512 times HWBLOCK_SIZE */
326 #define WPGROUP_SIZE (1 << (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT))
328 static const uint8_t sd_csd_rw_mask[16] = {
329 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
330 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xfc, 0xfe,
333 static void sd_set_csd(SDState *sd, uint64_t size)
335 uint32_t csize = (size >> (CMULT_SHIFT + HWBLOCK_SHIFT)) - 1;
336 uint32_t sectsize = (1 << (SECTOR_SHIFT + 1)) - 1;
337 uint32_t wpsize = (1 << (WPGROUP_SHIFT + 1)) - 1;
339 if (size <= 0x40000000) { /* Standard Capacity SD */
340 sd->csd[0] = 0x00; /* CSD structure */
341 sd->csd[1] = 0x26; /* Data read access-time-1 */
342 sd->csd[2] = 0x00; /* Data read access-time-2 */
343 sd->csd[3] = 0x5a; /* Max. data transfer rate */
344 sd->csd[4] = 0x5f; /* Card Command Classes */
345 sd->csd[5] = 0x50 | /* Max. read data block length */
347 sd->csd[6] = 0xe0 | /* Partial block for read allowed */
348 ((csize >> 10) & 0x03);
349 sd->csd[7] = 0x00 | /* Device size */
350 ((csize >> 2) & 0xff);
351 sd->csd[8] = 0x3f | /* Max. read current */
352 ((csize << 6) & 0xc0);
353 sd->csd[9] = 0xfc | /* Max. write current */
354 ((CMULT_SHIFT - 2) >> 1);
355 sd->csd[10] = 0x40 | /* Erase sector size */
356 (((CMULT_SHIFT - 2) << 7) & 0x80) | (sectsize >> 1);
357 sd->csd[11] = 0x00 | /* Write protect group size */
358 ((sectsize << 7) & 0x80) | wpsize;
359 sd->csd[12] = 0x90 | /* Write speed factor */
360 (HWBLOCK_SHIFT >> 2);
361 sd->csd[13] = 0x20 | /* Max. write data block length */
362 ((HWBLOCK_SHIFT << 6) & 0xc0);
363 sd->csd[14] = 0x00; /* File format group */
364 sd->csd[15] = (sd_crc7(sd->csd, 15) << 1) | 1;
375 sd->csd[7] = (size >> 16) & 0xff;
376 sd->csd[8] = (size >> 8) & 0xff;
377 sd->csd[9] = (size & 0xff);
384 sd->ocr |= 1 << 30; /* High Capacity SD Memory Card */
388 static void sd_set_rca(SDState *sd)
393 /* Card status bits, split by clear condition:
394 * A : According to the card current state
395 * B : Always related to the previous command
396 * C : Cleared by read
398 #define CARD_STATUS_A 0x02004100
399 #define CARD_STATUS_B 0x00c01e00
400 #define CARD_STATUS_C 0xfd39a028
402 static void sd_set_cardstatus(SDState *sd)
404 sd->card_status = 0x00000100;
407 static void sd_set_sdstatus(SDState *sd)
409 memset(sd->sd_status, 0, 64);
412 static int sd_req_crc_validate(SDRequest *req)
415 buffer[0] = 0x40 | req->cmd;
416 buffer[1] = (req->arg >> 24) & 0xff;
417 buffer[2] = (req->arg >> 16) & 0xff;
418 buffer[3] = (req->arg >> 8) & 0xff;
419 buffer[4] = (req->arg >> 0) & 0xff;
421 return sd_crc7(buffer, 5) != req->crc; /* TODO */
424 static void sd_response_r1_make(SDState *sd, uint8_t *response)
426 uint32_t status = sd->card_status;
427 /* Clear the "clear on read" status bits */
428 sd->card_status &= ~CARD_STATUS_C;
430 response[0] = (status >> 24) & 0xff;
431 response[1] = (status >> 16) & 0xff;
432 response[2] = (status >> 8) & 0xff;
433 response[3] = (status >> 0) & 0xff;
436 static void sd_response_r3_make(SDState *sd, uint8_t *response)
438 response[0] = (sd->ocr >> 24) & 0xff;
439 response[1] = (sd->ocr >> 16) & 0xff;
440 response[2] = (sd->ocr >> 8) & 0xff;
441 response[3] = (sd->ocr >> 0) & 0xff;
444 static void sd_response_r6_make(SDState *sd, uint8_t *response)
450 status = ((sd->card_status >> 8) & 0xc000) |
451 ((sd->card_status >> 6) & 0x2000) |
452 (sd->card_status & 0x1fff);
453 sd->card_status &= ~(CARD_STATUS_C & 0xc81fff);
455 response[0] = (arg >> 8) & 0xff;
456 response[1] = arg & 0xff;
457 response[2] = (status >> 8) & 0xff;
458 response[3] = status & 0xff;
461 static void sd_response_r7_make(SDState *sd, uint8_t *response)
463 response[0] = (sd->vhs >> 24) & 0xff;
464 response[1] = (sd->vhs >> 16) & 0xff;
465 response[2] = (sd->vhs >> 8) & 0xff;
466 response[3] = (sd->vhs >> 0) & 0xff;
469 static inline uint64_t sd_addr_to_wpnum(uint64_t addr)
471 return addr >> (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT);
474 static void sd_reset(DeviceState *dev)
476 SDState *sd = SD_CARD(dev);
481 blk_get_geometry(sd->blk, §);
487 sect = sd_addr_to_wpnum(size) + 1;
489 sd->state = sd_idle_state;
494 sd_set_csd(sd, size);
495 sd_set_cardstatus(sd);
498 g_free(sd->wp_groups);
499 sd->wp_switch = sd->blk ? blk_is_read_only(sd->blk) : false;
500 sd->wpgrps_size = sect;
501 sd->wp_groups = bitmap_new(sd->wpgrps_size);
502 memset(sd->function_group, 0, sizeof(sd->function_group));
508 sd->expecting_acmd = false;
511 sd->multi_blk_cnt = 0;
514 static bool sd_get_inserted(SDState *sd)
516 return sd->blk && blk_is_inserted(sd->blk);
519 static bool sd_get_readonly(SDState *sd)
521 return sd->wp_switch;
524 static void sd_cardchange(void *opaque, bool load, Error **errp)
526 SDState *sd = opaque;
527 DeviceState *dev = DEVICE(sd);
528 SDBus *sdbus = SD_BUS(qdev_get_parent_bus(dev));
529 bool inserted = sd_get_inserted(sd);
530 bool readonly = sd_get_readonly(sd);
536 /* The IRQ notification is for legacy non-QOM SD controller devices;
537 * QOMified controllers use the SDBus APIs.
540 sdbus_set_inserted(sdbus, inserted);
542 sdbus_set_readonly(sdbus, readonly);
545 qemu_set_irq(sd->inserted_cb, inserted);
547 qemu_set_irq(sd->readonly_cb, readonly);
552 static const BlockDevOps sd_block_ops = {
553 .change_media_cb = sd_cardchange,
556 static bool sd_ocr_vmstate_needed(void *opaque)
558 SDState *sd = opaque;
560 /* Include the OCR state (and timer) if it is not yet powered up */
561 return !(sd->ocr & OCR_POWER_UP);
564 static const VMStateDescription sd_ocr_vmstate = {
565 .name = "sd-card/ocr-state",
567 .minimum_version_id = 1,
568 .needed = sd_ocr_vmstate_needed,
569 .fields = (VMStateField[]) {
570 VMSTATE_UINT32(ocr, SDState),
571 VMSTATE_TIMER_PTR(ocr_power_timer, SDState),
572 VMSTATE_END_OF_LIST()
576 static int sd_vmstate_pre_load(void *opaque)
578 SDState *sd = opaque;
580 /* If the OCR state is not included (prior versions, or not
581 * needed), then the OCR must be set as powered up. If the OCR state
582 * is included, this will be replaced by the state restore.
589 static const VMStateDescription sd_vmstate = {
592 .minimum_version_id = 1,
593 .pre_load = sd_vmstate_pre_load,
594 .fields = (VMStateField[]) {
595 VMSTATE_UINT32(mode, SDState),
596 VMSTATE_INT32(state, SDState),
597 VMSTATE_UINT8_ARRAY(cid, SDState, 16),
598 VMSTATE_UINT8_ARRAY(csd, SDState, 16),
599 VMSTATE_UINT16(rca, SDState),
600 VMSTATE_UINT32(card_status, SDState),
601 VMSTATE_PARTIAL_BUFFER(sd_status, SDState, 1),
602 VMSTATE_UINT32(vhs, SDState),
603 VMSTATE_BITMAP(wp_groups, SDState, 0, wpgrps_size),
604 VMSTATE_UINT32(blk_len, SDState),
605 VMSTATE_UINT32(multi_blk_cnt, SDState),
606 VMSTATE_UINT32(erase_start, SDState),
607 VMSTATE_UINT32(erase_end, SDState),
608 VMSTATE_UINT8_ARRAY(pwd, SDState, 16),
609 VMSTATE_UINT32(pwd_len, SDState),
610 VMSTATE_UINT8_ARRAY(function_group, SDState, 6),
611 VMSTATE_UINT8(current_cmd, SDState),
612 VMSTATE_BOOL(expecting_acmd, SDState),
613 VMSTATE_UINT32(blk_written, SDState),
614 VMSTATE_UINT64(data_start, SDState),
615 VMSTATE_UINT32(data_offset, SDState),
616 VMSTATE_UINT8_ARRAY(data, SDState, 512),
617 VMSTATE_UNUSED_V(1, 512),
618 VMSTATE_BOOL(enable, SDState),
619 VMSTATE_END_OF_LIST()
621 .subsections = (const VMStateDescription*[]) {
627 /* Legacy initialization function for use by non-qdevified callers */
628 SDState *sd_init(BlockBackend *blk, bool is_spi)
634 obj = object_new(TYPE_SD_CARD);
636 qdev_prop_set_drive(dev, "drive", blk, &err);
638 error_report("sd_init failed: %s", error_get_pretty(err));
641 qdev_prop_set_bit(dev, "spi", is_spi);
642 object_property_set_bool(obj, true, "realized", &err);
644 error_report("sd_init failed: %s", error_get_pretty(err));
651 void sd_set_cb(SDState *sd, qemu_irq readonly, qemu_irq insert)
653 sd->readonly_cb = readonly;
654 sd->inserted_cb = insert;
655 qemu_set_irq(readonly, sd->blk ? blk_is_read_only(sd->blk) : 0);
656 qemu_set_irq(insert, sd->blk ? blk_is_inserted(sd->blk) : 0);
659 static void sd_erase(SDState *sd)
662 uint64_t erase_start = sd->erase_start;
663 uint64_t erase_end = sd->erase_end;
665 if (!sd->erase_start || !sd->erase_end) {
666 sd->card_status |= ERASE_SEQ_ERROR;
670 if (extract32(sd->ocr, OCR_CCS_BITN, 1)) {
671 /* High capacity memory card: erase units are 512 byte blocks */
676 erase_start = sd_addr_to_wpnum(erase_start);
677 erase_end = sd_addr_to_wpnum(erase_end);
682 for (i = erase_start; i <= erase_end; i++) {
683 if (test_bit(i, sd->wp_groups)) {
684 sd->card_status |= WP_ERASE_SKIP;
689 static uint32_t sd_wpbits(SDState *sd, uint64_t addr)
694 wpnum = sd_addr_to_wpnum(addr);
696 for (i = 0; i < 32; i++, wpnum++, addr += WPGROUP_SIZE) {
697 if (addr < sd->size && test_bit(wpnum, sd->wp_groups)) {
705 static void sd_function_switch(SDState *sd, uint32_t arg)
707 int i, mode, new_func, crc;
708 mode = !!(arg & 0x80000000);
710 sd->data[0] = 0x00; /* Maximum current consumption */
712 sd->data[2] = 0x80; /* Supported group 6 functions */
714 sd->data[4] = 0x80; /* Supported group 5 functions */
716 sd->data[6] = 0x80; /* Supported group 4 functions */
718 sd->data[8] = 0x80; /* Supported group 3 functions */
720 sd->data[10] = 0x80; /* Supported group 2 functions */
722 sd->data[12] = 0x80; /* Supported group 1 functions */
724 for (i = 0; i < 6; i ++) {
725 new_func = (arg >> (i * 4)) & 0x0f;
726 if (mode && new_func != 0x0f)
727 sd->function_group[i] = new_func;
728 sd->data[14 + (i >> 1)] = new_func << ((i * 4) & 4);
730 memset(&sd->data[17], 0, 47);
731 crc = sd_crc16(sd->data, 64);
732 sd->data[65] = crc >> 8;
733 sd->data[66] = crc & 0xff;
736 static inline bool sd_wp_addr(SDState *sd, uint64_t addr)
738 return test_bit(sd_addr_to_wpnum(addr), sd->wp_groups);
741 static void sd_lock_command(SDState *sd)
743 int erase, lock, clr_pwd, set_pwd, pwd_len;
744 erase = !!(sd->data[0] & 0x08);
745 lock = sd->data[0] & 0x04;
746 clr_pwd = sd->data[0] & 0x02;
747 set_pwd = sd->data[0] & 0x01;
750 pwd_len = sd->data[1];
755 if (!(sd->card_status & CARD_IS_LOCKED) || sd->blk_len > 1 ||
756 set_pwd || clr_pwd || lock || sd->wp_switch ||
757 (sd->csd[14] & 0x20)) {
758 sd->card_status |= LOCK_UNLOCK_FAILED;
761 bitmap_zero(sd->wp_groups, sd->wpgrps_size);
762 sd->csd[14] &= ~0x10;
763 sd->card_status &= ~CARD_IS_LOCKED;
765 /* Erasing the entire card here! */
766 fprintf(stderr, "SD: Card force-erased by CMD42\n");
770 if (sd->blk_len < 2 + pwd_len ||
771 pwd_len <= sd->pwd_len ||
772 pwd_len > sd->pwd_len + 16) {
773 sd->card_status |= LOCK_UNLOCK_FAILED;
777 if (sd->pwd_len && memcmp(sd->pwd, sd->data + 2, sd->pwd_len)) {
778 sd->card_status |= LOCK_UNLOCK_FAILED;
782 pwd_len -= sd->pwd_len;
783 if ((pwd_len && !set_pwd) ||
784 (clr_pwd && (set_pwd || lock)) ||
785 (lock && !sd->pwd_len && !set_pwd) ||
786 (!set_pwd && !clr_pwd &&
787 (((sd->card_status & CARD_IS_LOCKED) && lock) ||
788 (!(sd->card_status & CARD_IS_LOCKED) && !lock)))) {
789 sd->card_status |= LOCK_UNLOCK_FAILED;
794 memcpy(sd->pwd, sd->data + 2 + sd->pwd_len, pwd_len);
795 sd->pwd_len = pwd_len;
803 sd->card_status |= CARD_IS_LOCKED;
805 sd->card_status &= ~CARD_IS_LOCKED;
808 static sd_rsp_type_t sd_normal_command(SDState *sd,
811 uint32_t rca = 0x0000;
812 uint64_t addr = (sd->ocr & (1 << 30)) ? (uint64_t) req.arg << 9 : req.arg;
814 trace_sdcard_normal_command(req.cmd, req.arg, sd_state_name(sd->state));
816 /* Not interpreting this as an app command */
817 sd->card_status &= ~APP_CMD;
819 if (sd_cmd_type[req.cmd & 0x3F] == sd_ac
820 || sd_cmd_type[req.cmd & 0x3F] == sd_adtc) {
824 /* CMD23 (set block count) must be immediately followed by CMD18 or CMD25
825 * if not, its effects are cancelled */
826 if (sd->multi_blk_cnt != 0 && !(req.cmd == 18 || req.cmd == 25)) {
827 sd->multi_blk_cnt = 0;
831 /* Basic commands (Class 0 and Class 1) */
832 case 0: /* CMD0: GO_IDLE_STATE */
834 case sd_inactive_state:
835 return sd->spi ? sd_r1 : sd_r0;
838 sd->state = sd_idle_state;
839 sd_reset(DEVICE(sd));
840 return sd->spi ? sd_r1 : sd_r0;
844 case 1: /* CMD1: SEND_OP_CMD */
848 sd->state = sd_transfer_state;
851 case 2: /* CMD2: ALL_SEND_CID */
856 sd->state = sd_identification_state;
864 case 3: /* CMD3: SEND_RELATIVE_ADDR */
868 case sd_identification_state:
869 case sd_standby_state:
870 sd->state = sd_standby_state;
879 case 4: /* CMD4: SEND_DSR */
883 case sd_standby_state:
891 case 5: /* CMD5: reserved for SDIO cards */
894 case 6: /* CMD6: SWITCH_FUNCTION */
898 case sd_data_transfer_mode:
899 sd_function_switch(sd, req.arg);
900 sd->state = sd_sendingdata_state;
910 case 7: /* CMD7: SELECT/DESELECT_CARD */
914 case sd_standby_state:
918 sd->state = sd_transfer_state;
921 case sd_transfer_state:
922 case sd_sendingdata_state:
926 sd->state = sd_standby_state;
929 case sd_disconnect_state:
933 sd->state = sd_programming_state;
936 case sd_programming_state:
940 sd->state = sd_disconnect_state;
948 case 8: /* CMD8: SEND_IF_COND */
949 /* Physical Layer Specification Version 2.00 command */
954 /* No response if not exactly one VHS bit is set. */
955 if (!(req.arg >> 8) || (req.arg >> (ctz32(req.arg & ~0xff) + 1))) {
956 return sd->spi ? sd_r7 : sd_r0;
968 case 9: /* CMD9: SEND_CSD */
970 case sd_standby_state:
976 case sd_transfer_state:
979 sd->state = sd_sendingdata_state;
980 memcpy(sd->data, sd->csd, 16);
981 sd->data_start = addr;
990 case 10: /* CMD10: SEND_CID */
992 case sd_standby_state:
998 case sd_transfer_state:
1001 sd->state = sd_sendingdata_state;
1002 memcpy(sd->data, sd->cid, 16);
1003 sd->data_start = addr;
1004 sd->data_offset = 0;
1012 case 11: /* CMD11: READ_DAT_UNTIL_STOP */
1015 switch (sd->state) {
1016 case sd_transfer_state:
1017 sd->state = sd_sendingdata_state;
1018 sd->data_start = req.arg;
1019 sd->data_offset = 0;
1021 if (sd->data_start + sd->blk_len > sd->size)
1022 sd->card_status |= ADDRESS_ERROR;
1030 case 12: /* CMD12: STOP_TRANSMISSION */
1031 switch (sd->state) {
1032 case sd_sendingdata_state:
1033 sd->state = sd_transfer_state;
1036 case sd_receivingdata_state:
1037 sd->state = sd_programming_state;
1038 /* Bzzzzzzztt .... Operation complete. */
1039 sd->state = sd_transfer_state;
1047 case 13: /* CMD13: SEND_STATUS */
1049 case sd_data_transfer_mode:
1060 case 15: /* CMD15: GO_INACTIVE_STATE */
1064 case sd_data_transfer_mode:
1068 sd->state = sd_inactive_state;
1076 /* Block read commands (Classs 2) */
1077 case 16: /* CMD16: SET_BLOCKLEN */
1078 switch (sd->state) {
1079 case sd_transfer_state:
1080 if (req.arg > (1 << HWBLOCK_SHIFT))
1081 sd->card_status |= BLOCK_LEN_ERROR;
1083 sd->blk_len = req.arg;
1092 case 17: /* CMD17: READ_SINGLE_BLOCK */
1093 switch (sd->state) {
1094 case sd_transfer_state:
1095 sd->state = sd_sendingdata_state;
1096 sd->data_start = addr;
1097 sd->data_offset = 0;
1099 if (sd->data_start + sd->blk_len > sd->size)
1100 sd->card_status |= ADDRESS_ERROR;
1108 case 18: /* CMD18: READ_MULTIPLE_BLOCK */
1109 switch (sd->state) {
1110 case sd_transfer_state:
1111 sd->state = sd_sendingdata_state;
1112 sd->data_start = addr;
1113 sd->data_offset = 0;
1115 if (sd->data_start + sd->blk_len > sd->size)
1116 sd->card_status |= ADDRESS_ERROR;
1124 case 23: /* CMD23: SET_BLOCK_COUNT */
1125 switch (sd->state) {
1126 case sd_transfer_state:
1127 sd->multi_blk_cnt = req.arg;
1135 /* Block write commands (Class 4) */
1136 case 24: /* CMD24: WRITE_SINGLE_BLOCK */
1138 goto unimplemented_cmd;
1139 switch (sd->state) {
1140 case sd_transfer_state:
1141 /* Writing in SPI mode not implemented. */
1144 sd->state = sd_receivingdata_state;
1145 sd->data_start = addr;
1146 sd->data_offset = 0;
1147 sd->blk_written = 0;
1149 if (sd->data_start + sd->blk_len > sd->size)
1150 sd->card_status |= ADDRESS_ERROR;
1151 if (sd_wp_addr(sd, sd->data_start))
1152 sd->card_status |= WP_VIOLATION;
1153 if (sd->csd[14] & 0x30)
1154 sd->card_status |= WP_VIOLATION;
1162 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
1164 goto unimplemented_cmd;
1165 switch (sd->state) {
1166 case sd_transfer_state:
1167 /* Writing in SPI mode not implemented. */
1170 sd->state = sd_receivingdata_state;
1171 sd->data_start = addr;
1172 sd->data_offset = 0;
1173 sd->blk_written = 0;
1175 if (sd->data_start + sd->blk_len > sd->size)
1176 sd->card_status |= ADDRESS_ERROR;
1177 if (sd_wp_addr(sd, sd->data_start))
1178 sd->card_status |= WP_VIOLATION;
1179 if (sd->csd[14] & 0x30)
1180 sd->card_status |= WP_VIOLATION;
1188 case 26: /* CMD26: PROGRAM_CID */
1191 switch (sd->state) {
1192 case sd_transfer_state:
1193 sd->state = sd_receivingdata_state;
1195 sd->data_offset = 0;
1203 case 27: /* CMD27: PROGRAM_CSD */
1205 goto unimplemented_cmd;
1206 switch (sd->state) {
1207 case sd_transfer_state:
1208 sd->state = sd_receivingdata_state;
1210 sd->data_offset = 0;
1218 /* Write protection (Class 6) */
1219 case 28: /* CMD28: SET_WRITE_PROT */
1220 switch (sd->state) {
1221 case sd_transfer_state:
1222 if (addr >= sd->size) {
1223 sd->card_status |= ADDRESS_ERROR;
1227 sd->state = sd_programming_state;
1228 set_bit(sd_addr_to_wpnum(addr), sd->wp_groups);
1229 /* Bzzzzzzztt .... Operation complete. */
1230 sd->state = sd_transfer_state;
1238 case 29: /* CMD29: CLR_WRITE_PROT */
1239 switch (sd->state) {
1240 case sd_transfer_state:
1241 if (addr >= sd->size) {
1242 sd->card_status |= ADDRESS_ERROR;
1246 sd->state = sd_programming_state;
1247 clear_bit(sd_addr_to_wpnum(addr), sd->wp_groups);
1248 /* Bzzzzzzztt .... Operation complete. */
1249 sd->state = sd_transfer_state;
1257 case 30: /* CMD30: SEND_WRITE_PROT */
1258 switch (sd->state) {
1259 case sd_transfer_state:
1260 sd->state = sd_sendingdata_state;
1261 *(uint32_t *) sd->data = sd_wpbits(sd, req.arg);
1262 sd->data_start = addr;
1263 sd->data_offset = 0;
1271 /* Erase commands (Class 5) */
1272 case 32: /* CMD32: ERASE_WR_BLK_START */
1273 switch (sd->state) {
1274 case sd_transfer_state:
1275 sd->erase_start = req.arg;
1283 case 33: /* CMD33: ERASE_WR_BLK_END */
1284 switch (sd->state) {
1285 case sd_transfer_state:
1286 sd->erase_end = req.arg;
1294 case 38: /* CMD38: ERASE */
1295 switch (sd->state) {
1296 case sd_transfer_state:
1297 if (sd->csd[14] & 0x30) {
1298 sd->card_status |= WP_VIOLATION;
1302 sd->state = sd_programming_state;
1304 /* Bzzzzzzztt .... Operation complete. */
1305 sd->state = sd_transfer_state;
1313 /* Lock card commands (Class 7) */
1314 case 42: /* CMD42: LOCK_UNLOCK */
1316 goto unimplemented_cmd;
1317 switch (sd->state) {
1318 case sd_transfer_state:
1319 sd->state = sd_receivingdata_state;
1321 sd->data_offset = 0;
1331 /* CMD52, CMD53: reserved for SDIO cards
1332 * (see the SDIO Simplified Specification V2.0)
1333 * Handle as illegal command but do not complain
1334 * on stderr, as some OSes may use these in their
1335 * probing for presence of an SDIO card.
1339 /* Application specific commands (Class 8) */
1340 case 55: /* CMD55: APP_CMD */
1344 sd->expecting_acmd = true;
1345 sd->card_status |= APP_CMD;
1348 case 56: /* CMD56: GEN_CMD */
1349 switch (sd->state) {
1350 case sd_transfer_state:
1351 sd->data_offset = 0;
1353 sd->state = sd_sendingdata_state;
1355 sd->state = sd_receivingdata_state;
1365 qemu_log_mask(LOG_GUEST_ERROR, "SD: Unknown CMD%i\n", req.cmd);
1369 /* Commands that are recognised but not yet implemented in SPI mode. */
1370 qemu_log_mask(LOG_UNIMP, "SD: CMD%i not implemented in SPI mode\n",
1375 qemu_log_mask(LOG_GUEST_ERROR, "SD: CMD%i in a wrong state\n", req.cmd);
1379 static sd_rsp_type_t sd_app_command(SDState *sd,
1382 trace_sdcard_app_command(req.cmd, req.arg);
1383 sd->card_status |= APP_CMD;
1385 case 6: /* ACMD6: SET_BUS_WIDTH */
1386 switch (sd->state) {
1387 case sd_transfer_state:
1388 sd->sd_status[0] &= 0x3f;
1389 sd->sd_status[0] |= (req.arg & 0x03) << 6;
1397 case 13: /* ACMD13: SD_STATUS */
1398 switch (sd->state) {
1399 case sd_transfer_state:
1400 sd->state = sd_sendingdata_state;
1402 sd->data_offset = 0;
1410 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
1411 switch (sd->state) {
1412 case sd_transfer_state:
1413 *(uint32_t *) sd->data = sd->blk_written;
1415 sd->state = sd_sendingdata_state;
1417 sd->data_offset = 0;
1425 case 23: /* ACMD23: SET_WR_BLK_ERASE_COUNT */
1426 switch (sd->state) {
1427 case sd_transfer_state:
1435 case 41: /* ACMD41: SD_APP_OP_COND */
1438 sd->state = sd_transfer_state;
1441 switch (sd->state) {
1443 /* If it's the first ACMD41 since reset, we need to decide
1444 * whether to power up. If this is not an enquiry ACMD41,
1445 * we immediately report power on and proceed below to the
1446 * ready state, but if it is, we set a timer to model a
1447 * delay for power up. This works around a bug in EDK2
1448 * UEFI, which sends an initial enquiry ACMD41, but
1449 * assumes that the card is in ready state as soon as it
1450 * sees the power up bit set. */
1451 if (!(sd->ocr & OCR_POWER_UP)) {
1452 if ((req.arg & ACMD41_ENQUIRY_MASK) != 0) {
1453 timer_del(sd->ocr_power_timer);
1455 } else if (!timer_pending(sd->ocr_power_timer)) {
1456 timer_mod_ns(sd->ocr_power_timer,
1457 (qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL)
1458 + OCR_POWER_DELAY_NS));
1462 /* We accept any voltage. 10000 V is nothing.
1464 * Once we're powered up, we advance straight to ready state
1465 * unless it's an enquiry ACMD41 (bits 23:0 == 0).
1467 if (req.arg & ACMD41_ENQUIRY_MASK) {
1468 sd->state = sd_ready_state;
1478 case 42: /* ACMD42: SET_CLR_CARD_DETECT */
1479 switch (sd->state) {
1480 case sd_transfer_state:
1481 /* Bringing in the 50KOhm pull-up resistor... Done. */
1489 case 51: /* ACMD51: SEND_SCR */
1490 switch (sd->state) {
1491 case sd_transfer_state:
1492 sd->state = sd_sendingdata_state;
1494 sd->data_offset = 0;
1503 /* Fall back to standard commands. */
1504 return sd_normal_command(sd, req);
1507 qemu_log_mask(LOG_GUEST_ERROR, "SD: ACMD%i in a wrong state\n", req.cmd);
1511 static int cmd_valid_while_locked(SDState *sd, SDRequest *req)
1513 /* Valid commands in locked state:
1515 * lock card class (7)
1517 * implicitly, the ACMD prefix CMD55
1519 * Anything else provokes an "illegal command" response.
1521 if (sd->expecting_acmd) {
1522 return req->cmd == 41 || req->cmd == 42;
1524 if (req->cmd == 16 || req->cmd == 55) {
1527 return sd_cmd_class[req->cmd & 0x3F] == 0
1528 || sd_cmd_class[req->cmd & 0x3F] == 7;
1531 int sd_do_command(SDState *sd, SDRequest *req,
1532 uint8_t *response) {
1534 sd_rsp_type_t rtype;
1537 if (!sd->blk || !blk_is_inserted(sd->blk) || !sd->enable) {
1541 if (sd_req_crc_validate(req)) {
1542 sd->card_status |= COM_CRC_ERROR;
1547 if (sd->card_status & CARD_IS_LOCKED) {
1548 if (!cmd_valid_while_locked(sd, req)) {
1549 sd->card_status |= ILLEGAL_COMMAND;
1550 sd->expecting_acmd = false;
1551 qemu_log_mask(LOG_GUEST_ERROR, "SD: Card is locked\n");
1557 last_state = sd->state;
1560 if (sd->expecting_acmd) {
1561 sd->expecting_acmd = false;
1562 rtype = sd_app_command(sd, *req);
1564 rtype = sd_normal_command(sd, *req);
1567 if (rtype == sd_illegal) {
1568 sd->card_status |= ILLEGAL_COMMAND;
1570 /* Valid command, we can update the 'state before command' bits.
1571 * (Do this now so they appear in r1 responses.)
1573 sd->current_cmd = req->cmd;
1574 sd->card_status &= ~CURRENT_STATE;
1575 sd->card_status |= (last_state << 9);
1582 sd_response_r1_make(sd, response);
1587 memcpy(response, sd->cid, sizeof(sd->cid));
1592 memcpy(response, sd->csd, sizeof(sd->csd));
1597 sd_response_r3_make(sd, response);
1602 sd_response_r6_make(sd, response);
1607 sd_response_r7_make(sd, response);
1616 g_assert_not_reached();
1618 trace_sdcard_response(sd_response_name(rtype), rsplen);
1620 if (rtype != sd_illegal) {
1621 /* Clear the "clear on valid command" status bits now we've
1624 sd->card_status &= ~CARD_STATUS_B;
1628 qemu_hexdump((const char *)response, stderr, "Response", rsplen);
1634 static void sd_blk_read(SDState *sd, uint64_t addr, uint32_t len)
1636 trace_sdcard_read_block(addr, len);
1637 if (!sd->blk || blk_pread(sd->blk, addr, sd->data, len) < 0) {
1638 fprintf(stderr, "sd_blk_read: read error on host side\n");
1642 static void sd_blk_write(SDState *sd, uint64_t addr, uint32_t len)
1644 trace_sdcard_write_block(addr, len);
1645 if (!sd->blk || blk_pwrite(sd->blk, addr, sd->data, len, 0) < 0) {
1646 fprintf(stderr, "sd_blk_write: write error on host side\n");
1650 #define BLK_READ_BLOCK(a, len) sd_blk_read(sd, a, len)
1651 #define BLK_WRITE_BLOCK(a, len) sd_blk_write(sd, a, len)
1652 #define APP_READ_BLOCK(a, len) memset(sd->data, 0xec, len)
1653 #define APP_WRITE_BLOCK(a, len)
1655 void sd_write_data(SDState *sd, uint8_t value)
1659 if (!sd->blk || !blk_is_inserted(sd->blk) || !sd->enable)
1662 if (sd->state != sd_receivingdata_state) {
1663 qemu_log_mask(LOG_GUEST_ERROR,
1664 "sd_write_data: not in Receiving-Data state\n");
1668 if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION))
1671 switch (sd->current_cmd) {
1672 case 24: /* CMD24: WRITE_SINGLE_BLOCK */
1673 sd->data[sd->data_offset ++] = value;
1674 if (sd->data_offset >= sd->blk_len) {
1675 /* TODO: Check CRC before committing */
1676 sd->state = sd_programming_state;
1677 BLK_WRITE_BLOCK(sd->data_start, sd->data_offset);
1679 sd->csd[14] |= 0x40;
1680 /* Bzzzzzzztt .... Operation complete. */
1681 sd->state = sd_transfer_state;
1685 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
1686 if (sd->data_offset == 0) {
1687 /* Start of the block - let's check the address is valid */
1688 if (sd->data_start + sd->blk_len > sd->size) {
1689 sd->card_status |= ADDRESS_ERROR;
1692 if (sd_wp_addr(sd, sd->data_start)) {
1693 sd->card_status |= WP_VIOLATION;
1697 sd->data[sd->data_offset++] = value;
1698 if (sd->data_offset >= sd->blk_len) {
1699 /* TODO: Check CRC before committing */
1700 sd->state = sd_programming_state;
1701 BLK_WRITE_BLOCK(sd->data_start, sd->data_offset);
1703 sd->data_start += sd->blk_len;
1704 sd->data_offset = 0;
1705 sd->csd[14] |= 0x40;
1707 /* Bzzzzzzztt .... Operation complete. */
1708 if (sd->multi_blk_cnt != 0) {
1709 if (--sd->multi_blk_cnt == 0) {
1711 sd->state = sd_transfer_state;
1716 sd->state = sd_receivingdata_state;
1720 case 26: /* CMD26: PROGRAM_CID */
1721 sd->data[sd->data_offset ++] = value;
1722 if (sd->data_offset >= sizeof(sd->cid)) {
1723 /* TODO: Check CRC before committing */
1724 sd->state = sd_programming_state;
1725 for (i = 0; i < sizeof(sd->cid); i ++)
1726 if ((sd->cid[i] | 0x00) != sd->data[i])
1727 sd->card_status |= CID_CSD_OVERWRITE;
1729 if (!(sd->card_status & CID_CSD_OVERWRITE))
1730 for (i = 0; i < sizeof(sd->cid); i ++) {
1732 sd->cid[i] &= sd->data[i];
1734 /* Bzzzzzzztt .... Operation complete. */
1735 sd->state = sd_transfer_state;
1739 case 27: /* CMD27: PROGRAM_CSD */
1740 sd->data[sd->data_offset ++] = value;
1741 if (sd->data_offset >= sizeof(sd->csd)) {
1742 /* TODO: Check CRC before committing */
1743 sd->state = sd_programming_state;
1744 for (i = 0; i < sizeof(sd->csd); i ++)
1745 if ((sd->csd[i] | sd_csd_rw_mask[i]) !=
1746 (sd->data[i] | sd_csd_rw_mask[i]))
1747 sd->card_status |= CID_CSD_OVERWRITE;
1749 /* Copy flag (OTP) & Permanent write protect */
1750 if (sd->csd[14] & ~sd->data[14] & 0x60)
1751 sd->card_status |= CID_CSD_OVERWRITE;
1753 if (!(sd->card_status & CID_CSD_OVERWRITE))
1754 for (i = 0; i < sizeof(sd->csd); i ++) {
1755 sd->csd[i] |= sd_csd_rw_mask[i];
1756 sd->csd[i] &= sd->data[i];
1758 /* Bzzzzzzztt .... Operation complete. */
1759 sd->state = sd_transfer_state;
1763 case 42: /* CMD42: LOCK_UNLOCK */
1764 sd->data[sd->data_offset ++] = value;
1765 if (sd->data_offset >= sd->blk_len) {
1766 /* TODO: Check CRC before committing */
1767 sd->state = sd_programming_state;
1768 sd_lock_command(sd);
1769 /* Bzzzzzzztt .... Operation complete. */
1770 sd->state = sd_transfer_state;
1774 case 56: /* CMD56: GEN_CMD */
1775 sd->data[sd->data_offset ++] = value;
1776 if (sd->data_offset >= sd->blk_len) {
1777 APP_WRITE_BLOCK(sd->data_start, sd->data_offset);
1778 sd->state = sd_transfer_state;
1783 qemu_log_mask(LOG_GUEST_ERROR, "sd_write_data: unknown command\n");
1788 uint8_t sd_read_data(SDState *sd)
1790 /* TODO: Append CRCs */
1794 if (!sd->blk || !blk_is_inserted(sd->blk) || !sd->enable)
1797 if (sd->state != sd_sendingdata_state) {
1798 qemu_log_mask(LOG_GUEST_ERROR,
1799 "sd_read_data: not in Sending-Data state\n");
1803 if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION))
1806 io_len = (sd->ocr & (1 << 30)) ? 512 : sd->blk_len;
1808 switch (sd->current_cmd) {
1809 case 6: /* CMD6: SWITCH_FUNCTION */
1810 ret = sd->data[sd->data_offset ++];
1812 if (sd->data_offset >= 64)
1813 sd->state = sd_transfer_state;
1816 case 9: /* CMD9: SEND_CSD */
1817 case 10: /* CMD10: SEND_CID */
1818 ret = sd->data[sd->data_offset ++];
1820 if (sd->data_offset >= 16)
1821 sd->state = sd_transfer_state;
1824 case 11: /* CMD11: READ_DAT_UNTIL_STOP */
1825 if (sd->data_offset == 0)
1826 BLK_READ_BLOCK(sd->data_start, io_len);
1827 ret = sd->data[sd->data_offset ++];
1829 if (sd->data_offset >= io_len) {
1830 sd->data_start += io_len;
1831 sd->data_offset = 0;
1832 if (sd->data_start + io_len > sd->size) {
1833 sd->card_status |= ADDRESS_ERROR;
1839 case 13: /* ACMD13: SD_STATUS */
1840 ret = sd->sd_status[sd->data_offset ++];
1842 if (sd->data_offset >= sizeof(sd->sd_status))
1843 sd->state = sd_transfer_state;
1846 case 17: /* CMD17: READ_SINGLE_BLOCK */
1847 if (sd->data_offset == 0)
1848 BLK_READ_BLOCK(sd->data_start, io_len);
1849 ret = sd->data[sd->data_offset ++];
1851 if (sd->data_offset >= io_len)
1852 sd->state = sd_transfer_state;
1855 case 18: /* CMD18: READ_MULTIPLE_BLOCK */
1856 if (sd->data_offset == 0) {
1857 if (sd->data_start + io_len > sd->size) {
1858 sd->card_status |= ADDRESS_ERROR;
1861 BLK_READ_BLOCK(sd->data_start, io_len);
1863 ret = sd->data[sd->data_offset ++];
1865 if (sd->data_offset >= io_len) {
1866 sd->data_start += io_len;
1867 sd->data_offset = 0;
1869 if (sd->multi_blk_cnt != 0) {
1870 if (--sd->multi_blk_cnt == 0) {
1872 sd->state = sd_transfer_state;
1879 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
1880 ret = sd->data[sd->data_offset ++];
1882 if (sd->data_offset >= 4)
1883 sd->state = sd_transfer_state;
1886 case 30: /* CMD30: SEND_WRITE_PROT */
1887 ret = sd->data[sd->data_offset ++];
1889 if (sd->data_offset >= 4)
1890 sd->state = sd_transfer_state;
1893 case 51: /* ACMD51: SEND_SCR */
1894 ret = sd->scr[sd->data_offset ++];
1896 if (sd->data_offset >= sizeof(sd->scr))
1897 sd->state = sd_transfer_state;
1900 case 56: /* CMD56: GEN_CMD */
1901 if (sd->data_offset == 0)
1902 APP_READ_BLOCK(sd->data_start, sd->blk_len);
1903 ret = sd->data[sd->data_offset ++];
1905 if (sd->data_offset >= sd->blk_len)
1906 sd->state = sd_transfer_state;
1910 qemu_log_mask(LOG_GUEST_ERROR, "sd_read_data: unknown command\n");
1917 bool sd_data_ready(SDState *sd)
1919 return sd->state == sd_sendingdata_state;
1922 void sd_enable(SDState *sd, bool enable)
1924 sd->enable = enable;
1927 static void sd_instance_init(Object *obj)
1929 SDState *sd = SD_CARD(obj);
1932 sd->ocr_power_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, sd_ocr_powerup, sd);
1935 static void sd_instance_finalize(Object *obj)
1937 SDState *sd = SD_CARD(obj);
1939 timer_del(sd->ocr_power_timer);
1940 timer_free(sd->ocr_power_timer);
1943 static void sd_realize(DeviceState *dev, Error **errp)
1945 SDState *sd = SD_CARD(dev);
1948 if (sd->blk && blk_is_read_only(sd->blk)) {
1949 error_setg(errp, "Cannot use read-only drive as SD card");
1954 ret = blk_set_perm(sd->blk, BLK_PERM_CONSISTENT_READ | BLK_PERM_WRITE,
1955 BLK_PERM_ALL, errp);
1959 blk_set_dev_ops(sd->blk, &sd_block_ops, sd);
1963 static Property sd_properties[] = {
1964 DEFINE_PROP_DRIVE("drive", SDState, blk),
1965 /* We do not model the chip select pin, so allow the board to select
1966 * whether card should be in SSI or MMC/SD mode. It is also up to the
1967 * board to ensure that ssi transfers only occur when the chip select
1969 DEFINE_PROP_BOOL("spi", SDState, spi, false),
1970 DEFINE_PROP_END_OF_LIST()
1973 static void sd_class_init(ObjectClass *klass, void *data)
1975 DeviceClass *dc = DEVICE_CLASS(klass);
1976 SDCardClass *sc = SD_CARD_CLASS(klass);
1978 dc->realize = sd_realize;
1979 dc->props = sd_properties;
1980 dc->vmsd = &sd_vmstate;
1981 dc->reset = sd_reset;
1982 dc->bus_type = TYPE_SD_BUS;
1984 sc->set_voltage = sd_set_voltage;
1985 sc->get_dat_lines = sd_get_dat_lines;
1986 sc->get_cmd_line = sd_get_cmd_line;
1987 sc->do_command = sd_do_command;
1988 sc->write_data = sd_write_data;
1989 sc->read_data = sd_read_data;
1990 sc->data_ready = sd_data_ready;
1991 sc->enable = sd_enable;
1992 sc->get_inserted = sd_get_inserted;
1993 sc->get_readonly = sd_get_readonly;
1996 static const TypeInfo sd_info = {
1997 .name = TYPE_SD_CARD,
1998 .parent = TYPE_DEVICE,
1999 .instance_size = sizeof(SDState),
2000 .class_size = sizeof(SDCardClass),
2001 .class_init = sd_class_init,
2002 .instance_init = sd_instance_init,
2003 .instance_finalize = sd_instance_finalize,
2006 static void sd_register_types(void)
2008 type_register_static(&sd_info);
2011 type_init(sd_register_types)
projects / qemu.git / blob