#include "hw.h"
#include "block.h"
#include "sd.h"
+#include "bitmap.h"
//#define DEBUG_SD 1
sd_r6 = 6, /* Published RCA response */
sd_r7, /* Operating voltage */
sd_r1b = -1,
+ sd_illegal = -2,
} sd_rsp_type_t;
+enum SDCardModes {
+ sd_inactive,
+ sd_card_identification_mode,
+ sd_data_transfer_mode,
+};
+
+enum SDCardStates {
+ sd_inactive_state = -1,
+ sd_idle_state = 0,
+ sd_ready_state,
+ sd_identification_state,
+ sd_standby_state,
+ sd_transfer_state,
+ sd_sendingdata_state,
+ sd_receivingdata_state,
+ sd_programming_state,
+ sd_disconnect_state,
+};
+
struct SDState {
- enum {
- sd_inactive,
- sd_card_identification_mode,
- sd_data_transfer_mode,
- } mode;
- enum {
- sd_inactive_state = -1,
- sd_idle_state = 0,
- sd_ready_state,
- sd_identification_state,
- sd_standby_state,
- sd_transfer_state,
- sd_sendingdata_state,
- sd_receivingdata_state,
- sd_programming_state,
- sd_disconnect_state,
- } state;
+ uint32_t mode; /* current card mode, one of SDCardModes */
+ int32_t state; /* current card state, one of SDCardStates */
uint32_t ocr;
uint8_t scr[8];
uint8_t cid[16];
uint32_t card_status;
uint8_t sd_status[64];
uint32_t vhs;
- int wp_switch;
- int *wp_groups;
+ bool wp_switch;
+ unsigned long *wp_groups;
+ int32_t wpgrps_size;
uint64_t size;
- int blk_len;
+ uint32_t blk_len;
uint32_t erase_start;
uint32_t erase_end;
uint8_t pwd[16];
- int pwd_len;
- int function_group[6];
-
- int spi;
- int current_cmd;
- int blk_written;
+ uint32_t pwd_len;
+ uint8_t function_group[6];
+
+ bool spi;
+ uint8_t current_cmd;
+ /* True if we will handle the next command as an ACMD. Note that this does
+ * *not* track the APP_CMD status bit!
+ */
+ bool expecting_acmd;
+ uint32_t blk_written;
uint64_t data_start;
uint32_t data_offset;
uint8_t data[512];
BlockDriverState *bdrv;
uint8_t *buf;
- int enable;
+ bool enable;
};
-static void sd_set_status(SDState *sd)
+static void sd_set_mode(SDState *sd)
{
switch (sd->state) {
case sd_inactive_state:
sd->mode = sd_data_transfer_mode;
break;
}
-
- sd->card_status &= ~CURRENT_STATE;
- sd->card_status |= sd->state << 9;
}
static const sd_cmd_type_t sd_cmd_type[64] = {
sd->rca += 0x4567;
}
+/* Card status bits, split by clear condition:
+ * A : According to the card current state
+ * B : Always related to the previous command
+ * C : Cleared by read
+ */
#define CARD_STATUS_A 0x02004100
#define CARD_STATUS_B 0x00c01e00
#define CARD_STATUS_C 0xfd39a028
return sd_crc7(buffer, 5) != req->crc; /* TODO */
}
-static void sd_response_r1_make(SDState *sd,
- uint8_t *response, uint32_t last_status)
+static void sd_response_r1_make(SDState *sd, uint8_t *response)
{
- uint32_t mask = CARD_STATUS_B ^ ILLEGAL_COMMAND;
- uint32_t status;
-
- status = (sd->card_status & ~mask) | (last_status & mask);
- sd->card_status &= ~CARD_STATUS_C | APP_CMD;
+ uint32_t status = sd->card_status;
+ /* Clear the "clear on read" status bits */
+ sd->card_status &= ~CARD_STATUS_C;
response[0] = (status >> 24) & 0xff;
response[1] = (status >> 16) & 0xff;
status = ((sd->card_status >> 8) & 0xc000) |
((sd->card_status >> 6) & 0x2000) |
(sd->card_status & 0x1fff);
+ sd->card_status &= ~(CARD_STATUS_C & 0xc81fff);
response[0] = (arg >> 8) & 0xff;
response[1] = arg & 0xff;
response[3] = (sd->vhs >> 0) & 0xff;
}
+static inline uint64_t sd_addr_to_wpnum(uint64_t addr)
+{
+ return addr >> (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT);
+}
+
static void sd_reset(SDState *sd, BlockDriverState *bdrv)
{
uint64_t size;
} else {
sect = 0;
}
- sect <<= 9;
-
- size = sect + 1;
+ size = sect << 9;
- sect = (size >> (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT)) + 1;
+ sect = sd_addr_to_wpnum(size) + 1;
sd->state = sd_idle_state;
sd->rca = 0x0000;
sd->bdrv = bdrv;
if (sd->wp_groups)
- qemu_free(sd->wp_groups);
- sd->wp_switch = bdrv ? bdrv_is_read_only(bdrv) : 0;
- sd->wp_groups = (int *) qemu_mallocz(sizeof(int) * sect);
- memset(sd->function_group, 0, sizeof(int) * 6);
+ g_free(sd->wp_groups);
+ sd->wp_switch = bdrv ? bdrv_is_read_only(bdrv) : false;
+ sd->wpgrps_size = sect;
+ sd->wp_groups = bitmap_new(sd->wpgrps_size);
+ memset(sd->function_group, 0, sizeof(sd->function_group));
sd->erase_start = 0;
sd->erase_end = 0;
sd->size = size;
sd->blk_len = 0x200;
sd->pwd_len = 0;
+ sd->expecting_acmd = false;
}
-static void sd_cardchange(void *opaque)
+static void sd_cardchange(void *opaque, bool load)
{
SDState *sd = opaque;
+
qemu_set_irq(sd->inserted_cb, bdrv_is_inserted(sd->bdrv));
if (bdrv_is_inserted(sd->bdrv)) {
sd_reset(sd, sd->bdrv);
}
}
+static const BlockDevOps sd_block_ops = {
+ .change_media_cb = sd_cardchange,
+};
+
+static const VMStateDescription sd_vmstate = {
+ .name = "sd-card",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT32(mode, SDState),
+ VMSTATE_INT32(state, SDState),
+ VMSTATE_UINT8_ARRAY(cid, SDState, 16),
+ VMSTATE_UINT8_ARRAY(csd, SDState, 16),
+ VMSTATE_UINT16(rca, SDState),
+ VMSTATE_UINT32(card_status, SDState),
+ VMSTATE_PARTIAL_BUFFER(sd_status, SDState, 1),
+ VMSTATE_UINT32(vhs, SDState),
+ VMSTATE_BITMAP(wp_groups, SDState, 0, wpgrps_size),
+ VMSTATE_UINT32(blk_len, SDState),
+ VMSTATE_UINT32(erase_start, SDState),
+ VMSTATE_UINT32(erase_end, SDState),
+ VMSTATE_UINT8_ARRAY(pwd, SDState, 16),
+ VMSTATE_UINT32(pwd_len, SDState),
+ VMSTATE_UINT8_ARRAY(function_group, SDState, 6),
+ VMSTATE_UINT8(current_cmd, SDState),
+ VMSTATE_BOOL(expecting_acmd, SDState),
+ VMSTATE_UINT32(blk_written, SDState),
+ VMSTATE_UINT64(data_start, SDState),
+ VMSTATE_UINT32(data_offset, SDState),
+ VMSTATE_UINT8_ARRAY(data, SDState, 512),
+ VMSTATE_BUFFER_UNSAFE(buf, SDState, 1, 512),
+ VMSTATE_BOOL(enable, SDState),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
/* We do not model the chip select pin, so allow the board to select
whether card should be in SSI or MMC/SD mode. It is also up to the
board to ensure that ssi transfers only occur when the chip select
is asserted. */
-SDState *sd_init(BlockDriverState *bs, int is_spi)
+SDState *sd_init(BlockDriverState *bs, bool is_spi)
{
SDState *sd;
- sd = (SDState *) qemu_mallocz(sizeof(SDState));
+ sd = (SDState *) g_malloc0(sizeof(SDState));
sd->buf = qemu_blockalign(bs, 512);
sd->spi = is_spi;
- sd->enable = 1;
+ sd->enable = true;
sd_reset(sd, bs);
if (sd->bdrv) {
- bdrv_set_change_cb(sd->bdrv, sd_cardchange, sd);
+ bdrv_attach_dev_nofail(sd->bdrv, sd);
+ bdrv_set_dev_ops(sd->bdrv, &sd_block_ops, sd);
}
+ vmstate_register(NULL, -1, &sd_vmstate, sd);
return sd;
}
{
sd->readonly_cb = readonly;
sd->inserted_cb = insert;
- qemu_set_irq(readonly, bdrv_is_read_only(sd->bdrv));
- qemu_set_irq(insert, bdrv_is_inserted(sd->bdrv));
+ qemu_set_irq(readonly, sd->bdrv ? bdrv_is_read_only(sd->bdrv) : 0);
+ qemu_set_irq(insert, sd->bdrv ? bdrv_is_inserted(sd->bdrv) : 0);
}
static void sd_erase(SDState *sd)
{
- int i, start, end;
+ int i;
+ uint64_t erase_start = sd->erase_start;
+ uint64_t erase_end = sd->erase_end;
+
if (!sd->erase_start || !sd->erase_end) {
sd->card_status |= ERASE_SEQ_ERROR;
return;
}
- start = sd->erase_start >>
- (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT);
- end = sd->erase_end >>
- (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT);
+ if (extract32(sd->ocr, OCR_CCS_BITN, 1)) {
+ /* High capacity memory card: erase units are 512 byte blocks */
+ erase_start *= 512;
+ erase_end *= 512;
+ }
+
+ erase_start = sd_addr_to_wpnum(erase_start);
+ erase_end = sd_addr_to_wpnum(erase_end);
sd->erase_start = 0;
sd->erase_end = 0;
sd->csd[14] |= 0x40;
- for (i = start; i <= end; i ++)
- if (sd->wp_groups[i])
+ for (i = erase_start; i <= erase_end; i++) {
+ if (test_bit(i, sd->wp_groups)) {
sd->card_status |= WP_ERASE_SKIP;
+ }
+ }
}
static uint32_t sd_wpbits(SDState *sd, uint64_t addr)
uint32_t i, wpnum;
uint32_t ret = 0;
- wpnum = addr >> (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT);
+ wpnum = sd_addr_to_wpnum(addr);
- for (i = 0; i < 32; i ++, wpnum ++, addr += WPGROUP_SIZE)
- if (addr < sd->size && sd->wp_groups[wpnum])
+ for (i = 0; i < 32; i++, wpnum++, addr += WPGROUP_SIZE) {
+ if (addr < sd->size && test_bit(wpnum, sd->wp_groups)) {
ret |= (1 << i);
+ }
+ }
return ret;
}
sd->data[66] = crc & 0xff;
}
-static inline int sd_wp_addr(SDState *sd, uint32_t addr)
+static inline bool sd_wp_addr(SDState *sd, uint64_t addr)
{
- return sd->wp_groups[addr >>
- (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT)];
+ return test_bit(sd_addr_to_wpnum(addr), sd->wp_groups);
}
static void sd_lock_command(SDState *sd)
sd->card_status |= LOCK_UNLOCK_FAILED;
return;
}
- memset(sd->wp_groups, 0, sizeof(int) * (sd->size >>
- (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT)));
+ bitmap_zero(sd->wp_groups, sd->wpgrps_size);
sd->csd[14] &= ~0x10;
sd->card_status &= ~CARD_IS_LOCKED;
sd->pwd_len = 0;
uint32_t rca = 0x0000;
uint64_t addr = (sd->ocr & (1 << 30)) ? (uint64_t) req.arg << 9 : req.arg;
+ /* Not interpreting this as an app command */
+ sd->card_status &= ~APP_CMD;
+
if (sd_cmd_type[req.cmd] == sd_ac || sd_cmd_type[req.cmd] == sd_adtc)
rca = req.arg >> 16;
break;
case 5: /* CMD5: reserved for SDIO cards */
- sd->card_status |= ILLEGAL_COMMAND;
- return sd_r0;
+ return sd_illegal;
case 6: /* CMD6: SWITCH_FUNCTION */
if (sd->spi)
switch (sd->state) {
case sd_transfer_state:
if (addr >= sd->size) {
- sd->card_status = ADDRESS_ERROR;
+ sd->card_status |= ADDRESS_ERROR;
return sd_r1b;
}
sd->state = sd_programming_state;
- sd->wp_groups[addr >> (HWBLOCK_SHIFT +
- SECTOR_SHIFT + WPGROUP_SHIFT)] = 1;
+ set_bit(sd_addr_to_wpnum(addr), sd->wp_groups);
/* Bzzzzzzztt .... Operation complete. */
sd->state = sd_transfer_state;
return sd_r1b;
switch (sd->state) {
case sd_transfer_state:
if (addr >= sd->size) {
- sd->card_status = ADDRESS_ERROR;
+ sd->card_status |= ADDRESS_ERROR;
return sd_r1b;
}
sd->state = sd_programming_state;
- sd->wp_groups[addr >> (HWBLOCK_SHIFT +
- SECTOR_SHIFT + WPGROUP_SHIFT)] = 0;
+ clear_bit(sd_addr_to_wpnum(addr), sd->wp_groups);
/* Bzzzzzzztt .... Operation complete. */
sd->state = sd_transfer_state;
return sd_r1b;
}
break;
+ case 52:
+ case 53:
+ /* CMD52, CMD53: reserved for SDIO cards
+ * (see the SDIO Simplified Specification V2.0)
+ * Handle as illegal command but do not complain
+ * on stderr, as some OSes may use these in their
+ * probing for presence of an SDIO card.
+ */
+ return sd_illegal;
+
/* Application specific commands (Class 8) */
case 55: /* CMD55: APP_CMD */
if (sd->rca != rca)
return sd_r0;
+ sd->expecting_acmd = true;
sd->card_status |= APP_CMD;
return sd_r1;
default:
bad_cmd:
- sd->card_status |= ILLEGAL_COMMAND;
-
fprintf(stderr, "SD: Unknown CMD%i\n", req.cmd);
- return sd_r0;
+ return sd_illegal;
unimplemented_cmd:
/* Commands that are recognised but not yet implemented in SPI mode. */
- sd->card_status |= ILLEGAL_COMMAND;
fprintf(stderr, "SD: CMD%i not implemented in SPI mode\n", req.cmd);
- return sd_r0;
+ return sd_illegal;
}
- sd->card_status |= ILLEGAL_COMMAND;
fprintf(stderr, "SD: CMD%i in a wrong state\n", req.cmd);
- return sd_r0;
+ return sd_illegal;
}
static sd_rsp_type_t sd_app_command(SDState *sd,
SDRequest req)
{
DPRINTF("ACMD%d 0x%08x\n", req.cmd, req.arg);
+ sd->card_status |= APP_CMD;
switch (req.cmd) {
case 6: /* ACMD6: SET_BUS_WIDTH */
switch (sd->state) {
case 13: /* ACMD13: SD_STATUS */
switch (sd->state) {
case sd_transfer_state:
+ sd->state = sd_sendingdata_state;
sd->data_start = 0;
sd->data_offset = 0;
return sd_r1;
case sd_transfer_state:
*(uint32_t *) sd->data = sd->blk_written;
+ sd->state = sd_sendingdata_state;
sd->data_start = 0;
sd->data_offset = 0;
return sd_r1;
default:
/* Fall back to standard commands. */
- sd->card_status &= ~APP_CMD;
return sd_normal_command(sd, req);
}
fprintf(stderr, "SD: ACMD%i in a wrong state\n", req.cmd);
- return sd_r0;
+ return sd_illegal;
+}
+
+static int cmd_valid_while_locked(SDState *sd, SDRequest *req)
+{
+ /* Valid commands in locked state:
+ * basic class (0)
+ * lock card class (7)
+ * CMD16
+ * implicitly, the ACMD prefix CMD55
+ * ACMD41 and ACMD42
+ * Anything else provokes an "illegal command" response.
+ */
+ if (sd->expecting_acmd) {
+ return req->cmd == 41 || req->cmd == 42;
+ }
+ if (req->cmd == 16 || req->cmd == 55) {
+ return 1;
+ }
+ return sd_cmd_class[req->cmd] == 0 || sd_cmd_class[req->cmd] == 7;
}
int sd_do_command(SDState *sd, SDRequest *req,
uint8_t *response) {
- uint32_t last_status = sd->card_status;
+ int last_state;
sd_rsp_type_t rtype;
int rsplen;
}
if (sd_req_crc_validate(req)) {
- sd->card_status &= ~COM_CRC_ERROR;
- return 0;
+ sd->card_status |= COM_CRC_ERROR;
+ rtype = sd_illegal;
+ goto send_response;
}
- sd->card_status &= ~CARD_STATUS_B;
- sd_set_status(sd);
-
- if (last_status & CARD_IS_LOCKED)
- if (((last_status & APP_CMD) &&
- req->cmd == 41) ||
- (!(last_status & APP_CMD) &&
- (sd_cmd_class[req->cmd] == 0 ||
- sd_cmd_class[req->cmd] == 7 ||
- req->cmd == 16 || req->cmd == 55))) {
+ if (sd->card_status & CARD_IS_LOCKED) {
+ if (!cmd_valid_while_locked(sd, req)) {
sd->card_status |= ILLEGAL_COMMAND;
+ sd->expecting_acmd = false;
fprintf(stderr, "SD: Card is locked\n");
- return 0;
+ rtype = sd_illegal;
+ goto send_response;
}
+ }
- if (last_status & APP_CMD) {
+ last_state = sd->state;
+ sd_set_mode(sd);
+
+ if (sd->expecting_acmd) {
+ sd->expecting_acmd = false;
rtype = sd_app_command(sd, *req);
- sd->card_status &= ~APP_CMD;
- } else
+ } else {
rtype = sd_normal_command(sd, *req);
+ }
- sd->current_cmd = req->cmd;
+ if (rtype == sd_illegal) {
+ sd->card_status |= ILLEGAL_COMMAND;
+ } else {
+ /* Valid command, we can update the 'state before command' bits.
+ * (Do this now so they appear in r1 responses.)
+ */
+ sd->current_cmd = req->cmd;
+ sd->card_status &= ~CURRENT_STATE;
+ sd->card_status |= (last_state << 9);
+ }
+send_response:
switch (rtype) {
case sd_r1:
case sd_r1b:
- sd_response_r1_make(sd, response, last_status);
+ sd_response_r1_make(sd, response);
rsplen = 4;
break;
break;
case sd_r0:
+ case sd_illegal:
default:
rsplen = 0;
break;
}
- if (sd->card_status & ILLEGAL_COMMAND)
- rsplen = 0;
+ if (rtype != sd_illegal) {
+ /* Clear the "clear on valid command" status bits now we've
+ * sent any response
+ */
+ sd->card_status &= ~CARD_STATUS_B;
+ }
#ifdef DEBUG_SD
if (rsplen) {
DPRINTF("sd_blk_read: addr = 0x%08llx, len = %d\n",
(unsigned long long) addr, len);
- if (!sd->bdrv || bdrv_read(sd->bdrv, addr >> 9, sd->buf, 1) == -1) {
+ if (!sd->bdrv || bdrv_read(sd->bdrv, addr >> 9, sd->buf, 1) < 0) {
fprintf(stderr, "sd_blk_read: read error on host side\n");
return;
}
if (end > (addr & ~511) + 512) {
memcpy(sd->data, sd->buf + (addr & 511), 512 - (addr & 511));
- if (bdrv_read(sd->bdrv, end >> 9, sd->buf, 1) == -1) {
+ if (bdrv_read(sd->bdrv, end >> 9, sd->buf, 1) < 0) {
fprintf(stderr, "sd_blk_read: read error on host side\n");
return;
}
uint64_t end = addr + len;
if ((addr & 511) || len < 512)
- if (!sd->bdrv || bdrv_read(sd->bdrv, addr >> 9, sd->buf, 1) == -1) {
+ if (!sd->bdrv || bdrv_read(sd->bdrv, addr >> 9, sd->buf, 1) < 0) {
fprintf(stderr, "sd_blk_write: read error on host side\n");
return;
}
if (end > (addr & ~511) + 512) {
memcpy(sd->buf + (addr & 511), sd->data, 512 - (addr & 511));
- if (bdrv_write(sd->bdrv, addr >> 9, sd->buf, 1) == -1) {
+ if (bdrv_write(sd->bdrv, addr >> 9, sd->buf, 1) < 0) {
fprintf(stderr, "sd_blk_write: write error on host side\n");
return;
}
- if (bdrv_read(sd->bdrv, end >> 9, sd->buf, 1) == -1) {
+ if (bdrv_read(sd->bdrv, end >> 9, sd->buf, 1) < 0) {
fprintf(stderr, "sd_blk_write: read error on host side\n");
return;
}
memcpy(sd->buf, sd->data + 512 - (addr & 511), end & 511);
- if (bdrv_write(sd->bdrv, end >> 9, sd->buf, 1) == -1)
+ if (bdrv_write(sd->bdrv, end >> 9, sd->buf, 1) < 0) {
fprintf(stderr, "sd_blk_write: write error on host side\n");
+ }
} else {
memcpy(sd->buf + (addr & 511), sd->data, len);
- if (!sd->bdrv || bdrv_write(sd->bdrv, addr >> 9, sd->buf, 1) == -1)
+ if (!sd->bdrv || bdrv_write(sd->bdrv, addr >> 9, sd->buf, 1) < 0) {
fprintf(stderr, "sd_blk_write: write error on host side\n");
+ }
}
}
break;
case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
- sd->data[sd->data_offset ++] = value;
- if (sd->data_offset >= sd->blk_len) {
- /* TODO: Check CRC before committing */
- sd->state = sd_programming_state;
- BLK_WRITE_BLOCK(sd->data_start, sd->data_offset);
- sd->blk_written ++;
- sd->data_start += sd->blk_len;
- sd->data_offset = 0;
+ if (sd->data_offset == 0) {
+ /* Start of the block - lets check the address is valid */
if (sd->data_start + sd->blk_len > sd->size) {
sd->card_status |= ADDRESS_ERROR;
break;
sd->card_status |= WP_VIOLATION;
break;
}
+ }
+ sd->data[sd->data_offset++] = value;
+ if (sd->data_offset >= sd->blk_len) {
+ /* TODO: Check CRC before committing */
+ sd->state = sd_programming_state;
+ BLK_WRITE_BLOCK(sd->data_start, sd->data_offset);
+ sd->blk_written++;
+ sd->data_start += sd->blk_len;
+ sd->data_offset = 0;
sd->csd[14] |= 0x40;
/* Bzzzzzzztt .... Operation complete. */
return ret;
}
-int sd_data_ready(SDState *sd)
+bool sd_data_ready(SDState *sd)
{
return sd->state == sd_sendingdata_state;
}
-void sd_enable(SDState *sd, int enable)
+void sd_enable(SDState *sd, bool enable)
{
sd->enable = enable;
}
projects / qemu.git / blobdiff