hw/sd/sd.c: QOMify
[qemu.git] / hw / sd / sd.c
1 /*
2 * SD Memory Card emulation as defined in the "SD Memory Card Physical
3 * layer specification, Version 1.10."
4 *
5 * Copyright (c) 2006 Andrzej Zaborowski <balrog@zabor.org>
6 * Copyright (c) 2007 CodeSourcery
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in
16 * the documentation and/or other materials provided with the
17 * distribution.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS''
20 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
21 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
22 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR
23 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
24 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
25 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
26 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
27 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
28 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
29 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
30 */
31
32 #include "qemu/osdep.h"
33 #include "hw/hw.h"
34 #include "sysemu/block-backend.h"
35 #include "hw/sd/sd.h"
36 #include "qemu/bitmap.h"
37 #include "hw/qdev-properties.h"
38 #include "qemu/error-report.h"
39
40 //#define DEBUG_SD 1
41
42 #ifdef DEBUG_SD
43 #define DPRINTF(fmt, ...) \
44 do { fprintf(stderr, "SD: " fmt , ## __VA_ARGS__); } while (0)
45 #else
46 #define DPRINTF(fmt, ...) do {} while(0)
47 #endif
48
49 #define ACMD41_ENQUIRY_MASK 0x00ffffff
50
51 typedef enum {
52 sd_r0 = 0, /* no response */
53 sd_r1, /* normal response command */
54 sd_r2_i, /* CID register */
55 sd_r2_s, /* CSD register */
56 sd_r3, /* OCR register */
57 sd_r6 = 6, /* Published RCA response */
58 sd_r7, /* Operating voltage */
59 sd_r1b = -1,
60 sd_illegal = -2,
61 } sd_rsp_type_t;
62
63 enum SDCardModes {
64 sd_inactive,
65 sd_card_identification_mode,
66 sd_data_transfer_mode,
67 };
68
69 enum SDCardStates {
70 sd_inactive_state = -1,
71 sd_idle_state = 0,
72 sd_ready_state,
73 sd_identification_state,
74 sd_standby_state,
75 sd_transfer_state,
76 sd_sendingdata_state,
77 sd_receivingdata_state,
78 sd_programming_state,
79 sd_disconnect_state,
80 };
81
82 struct SDState {
83 DeviceState parent_obj;
84
85 uint32_t mode; /* current card mode, one of SDCardModes */
86 int32_t state; /* current card state, one of SDCardStates */
87 uint32_t ocr;
88 uint8_t scr[8];
89 uint8_t cid[16];
90 uint8_t csd[16];
91 uint16_t rca;
92 uint32_t card_status;
93 uint8_t sd_status[64];
94 uint32_t vhs;
95 bool wp_switch;
96 unsigned long *wp_groups;
97 int32_t wpgrps_size;
98 uint64_t size;
99 uint32_t blk_len;
100 uint32_t erase_start;
101 uint32_t erase_end;
102 uint8_t pwd[16];
103 uint32_t pwd_len;
104 uint8_t function_group[6];
105
106 bool spi;
107 uint8_t current_cmd;
108 /* True if we will handle the next command as an ACMD. Note that this does
109 * *not* track the APP_CMD status bit!
110 */
111 bool expecting_acmd;
112 uint32_t blk_written;
113 uint64_t data_start;
114 uint32_t data_offset;
115 uint8_t data[512];
116 qemu_irq readonly_cb;
117 qemu_irq inserted_cb;
118 BlockBackend *blk;
119 uint8_t *buf;
120
121 bool enable;
122 };
123
124 static void sd_set_mode(SDState *sd)
125 {
126 switch (sd->state) {
127 case sd_inactive_state:
128 sd->mode = sd_inactive;
129 break;
130
131 case sd_idle_state:
132 case sd_ready_state:
133 case sd_identification_state:
134 sd->mode = sd_card_identification_mode;
135 break;
136
137 case sd_standby_state:
138 case sd_transfer_state:
139 case sd_sendingdata_state:
140 case sd_receivingdata_state:
141 case sd_programming_state:
142 case sd_disconnect_state:
143 sd->mode = sd_data_transfer_mode;
144 break;
145 }
146 }
147
148 static const sd_cmd_type_t sd_cmd_type[64] = {
149 sd_bc, sd_none, sd_bcr, sd_bcr, sd_none, sd_none, sd_none, sd_ac,
150 sd_bcr, sd_ac, sd_ac, sd_adtc, sd_ac, sd_ac, sd_none, sd_ac,
151 sd_ac, sd_adtc, sd_adtc, sd_none, sd_none, sd_none, sd_none, sd_none,
152 sd_adtc, sd_adtc, sd_adtc, sd_adtc, sd_ac, sd_ac, sd_adtc, sd_none,
153 sd_ac, sd_ac, sd_none, sd_none, sd_none, sd_none, sd_ac, sd_none,
154 sd_none, sd_none, sd_bc, sd_none, sd_none, sd_none, sd_none, sd_none,
155 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_ac,
156 sd_adtc, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
157 };
158
159 static const int sd_cmd_class[64] = {
160 0, 0, 0, 0, 0, 9, 10, 0, 0, 0, 0, 1, 0, 0, 0, 0,
161 2, 2, 2, 2, 3, 3, 3, 3, 4, 4, 4, 4, 6, 6, 6, 6,
162 5, 5, 10, 10, 10, 10, 5, 9, 9, 9, 7, 7, 7, 7, 7, 7,
163 7, 7, 10, 7, 9, 9, 9, 8, 8, 10, 8, 8, 8, 8, 8, 8,
164 };
165
166 static uint8_t sd_crc7(void *message, size_t width)
167 {
168 int i, bit;
169 uint8_t shift_reg = 0x00;
170 uint8_t *msg = (uint8_t *) message;
171
172 for (i = 0; i < width; i ++, msg ++)
173 for (bit = 7; bit >= 0; bit --) {
174 shift_reg <<= 1;
175 if ((shift_reg >> 7) ^ ((*msg >> bit) & 1))
176 shift_reg ^= 0x89;
177 }
178
179 return shift_reg;
180 }
181
182 static uint16_t sd_crc16(void *message, size_t width)
183 {
184 int i, bit;
185 uint16_t shift_reg = 0x0000;
186 uint16_t *msg = (uint16_t *) message;
187 width <<= 1;
188
189 for (i = 0; i < width; i ++, msg ++)
190 for (bit = 15; bit >= 0; bit --) {
191 shift_reg <<= 1;
192 if ((shift_reg >> 15) ^ ((*msg >> bit) & 1))
193 shift_reg ^= 0x1011;
194 }
195
196 return shift_reg;
197 }
198
199 static void sd_set_ocr(SDState *sd)
200 {
201 /* All voltages OK, card power-up OK, Standard Capacity SD Memory Card */
202 sd->ocr = 0x80ffff00;
203 }
204
205 static void sd_set_scr(SDState *sd)
206 {
207 sd->scr[0] = 0x00; /* SCR Structure */
208 sd->scr[1] = 0x2f; /* SD Security Support */
209 sd->scr[2] = 0x00;
210 sd->scr[3] = 0x00;
211 sd->scr[4] = 0x00;
212 sd->scr[5] = 0x00;
213 sd->scr[6] = 0x00;
214 sd->scr[7] = 0x00;
215 }
216
217 #define MID 0xaa
218 #define OID "XY"
219 #define PNM "QEMU!"
220 #define PRV 0x01
221 #define MDT_YR 2006
222 #define MDT_MON 2
223
224 static void sd_set_cid(SDState *sd)
225 {
226 sd->cid[0] = MID; /* Fake card manufacturer ID (MID) */
227 sd->cid[1] = OID[0]; /* OEM/Application ID (OID) */
228 sd->cid[2] = OID[1];
229 sd->cid[3] = PNM[0]; /* Fake product name (PNM) */
230 sd->cid[4] = PNM[1];
231 sd->cid[5] = PNM[2];
232 sd->cid[6] = PNM[3];
233 sd->cid[7] = PNM[4];
234 sd->cid[8] = PRV; /* Fake product revision (PRV) */
235 sd->cid[9] = 0xde; /* Fake serial number (PSN) */
236 sd->cid[10] = 0xad;
237 sd->cid[11] = 0xbe;
238 sd->cid[12] = 0xef;
239 sd->cid[13] = 0x00 | /* Manufacture date (MDT) */
240 ((MDT_YR - 2000) / 10);
241 sd->cid[14] = ((MDT_YR % 10) << 4) | MDT_MON;
242 sd->cid[15] = (sd_crc7(sd->cid, 15) << 1) | 1;
243 }
244
245 #define HWBLOCK_SHIFT 9 /* 512 bytes */
246 #define SECTOR_SHIFT 5 /* 16 kilobytes */
247 #define WPGROUP_SHIFT 7 /* 2 megs */
248 #define CMULT_SHIFT 9 /* 512 times HWBLOCK_SIZE */
249 #define WPGROUP_SIZE (1 << (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT))
250
251 static const uint8_t sd_csd_rw_mask[16] = {
252 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
253 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xfc, 0xfe,
254 };
255
256 static void sd_set_csd(SDState *sd, uint64_t size)
257 {
258 uint32_t csize = (size >> (CMULT_SHIFT + HWBLOCK_SHIFT)) - 1;
259 uint32_t sectsize = (1 << (SECTOR_SHIFT + 1)) - 1;
260 uint32_t wpsize = (1 << (WPGROUP_SHIFT + 1)) - 1;
261
262 if (size <= 0x40000000) { /* Standard Capacity SD */
263 sd->csd[0] = 0x00; /* CSD structure */
264 sd->csd[1] = 0x26; /* Data read access-time-1 */
265 sd->csd[2] = 0x00; /* Data read access-time-2 */
266 sd->csd[3] = 0x5a; /* Max. data transfer rate */
267 sd->csd[4] = 0x5f; /* Card Command Classes */
268 sd->csd[5] = 0x50 | /* Max. read data block length */
269 HWBLOCK_SHIFT;
270 sd->csd[6] = 0xe0 | /* Partial block for read allowed */
271 ((csize >> 10) & 0x03);
272 sd->csd[7] = 0x00 | /* Device size */
273 ((csize >> 2) & 0xff);
274 sd->csd[8] = 0x3f | /* Max. read current */
275 ((csize << 6) & 0xc0);
276 sd->csd[9] = 0xfc | /* Max. write current */
277 ((CMULT_SHIFT - 2) >> 1);
278 sd->csd[10] = 0x40 | /* Erase sector size */
279 (((CMULT_SHIFT - 2) << 7) & 0x80) | (sectsize >> 1);
280 sd->csd[11] = 0x00 | /* Write protect group size */
281 ((sectsize << 7) & 0x80) | wpsize;
282 sd->csd[12] = 0x90 | /* Write speed factor */
283 (HWBLOCK_SHIFT >> 2);
284 sd->csd[13] = 0x20 | /* Max. write data block length */
285 ((HWBLOCK_SHIFT << 6) & 0xc0);
286 sd->csd[14] = 0x00; /* File format group */
287 sd->csd[15] = (sd_crc7(sd->csd, 15) << 1) | 1;
288 } else { /* SDHC */
289 size /= 512 * 1024;
290 size -= 1;
291 sd->csd[0] = 0x40;
292 sd->csd[1] = 0x0e;
293 sd->csd[2] = 0x00;
294 sd->csd[3] = 0x32;
295 sd->csd[4] = 0x5b;
296 sd->csd[5] = 0x59;
297 sd->csd[6] = 0x00;
298 sd->csd[7] = (size >> 16) & 0xff;
299 sd->csd[8] = (size >> 8) & 0xff;
300 sd->csd[9] = (size & 0xff);
301 sd->csd[10] = 0x7f;
302 sd->csd[11] = 0x80;
303 sd->csd[12] = 0x0a;
304 sd->csd[13] = 0x40;
305 sd->csd[14] = 0x00;
306 sd->csd[15] = 0x00;
307 sd->ocr |= 1 << 30; /* High Capacity SD Memory Card */
308 }
309 }
310
311 static void sd_set_rca(SDState *sd)
312 {
313 sd->rca += 0x4567;
314 }
315
316 /* Card status bits, split by clear condition:
317 * A : According to the card current state
318 * B : Always related to the previous command
319 * C : Cleared by read
320 */
321 #define CARD_STATUS_A 0x02004100
322 #define CARD_STATUS_B 0x00c01e00
323 #define CARD_STATUS_C 0xfd39a028
324
325 static void sd_set_cardstatus(SDState *sd)
326 {
327 sd->card_status = 0x00000100;
328 }
329
330 static void sd_set_sdstatus(SDState *sd)
331 {
332 memset(sd->sd_status, 0, 64);
333 }
334
335 static int sd_req_crc_validate(SDRequest *req)
336 {
337 uint8_t buffer[5];
338 buffer[0] = 0x40 | req->cmd;
339 buffer[1] = (req->arg >> 24) & 0xff;
340 buffer[2] = (req->arg >> 16) & 0xff;
341 buffer[3] = (req->arg >> 8) & 0xff;
342 buffer[4] = (req->arg >> 0) & 0xff;
343 return 0;
344 return sd_crc7(buffer, 5) != req->crc; /* TODO */
345 }
346
347 static void sd_response_r1_make(SDState *sd, uint8_t *response)
348 {
349 uint32_t status = sd->card_status;
350 /* Clear the "clear on read" status bits */
351 sd->card_status &= ~CARD_STATUS_C;
352
353 response[0] = (status >> 24) & 0xff;
354 response[1] = (status >> 16) & 0xff;
355 response[2] = (status >> 8) & 0xff;
356 response[3] = (status >> 0) & 0xff;
357 }
358
359 static void sd_response_r3_make(SDState *sd, uint8_t *response)
360 {
361 response[0] = (sd->ocr >> 24) & 0xff;
362 response[1] = (sd->ocr >> 16) & 0xff;
363 response[2] = (sd->ocr >> 8) & 0xff;
364 response[3] = (sd->ocr >> 0) & 0xff;
365 }
366
367 static void sd_response_r6_make(SDState *sd, uint8_t *response)
368 {
369 uint16_t arg;
370 uint16_t status;
371
372 arg = sd->rca;
373 status = ((sd->card_status >> 8) & 0xc000) |
374 ((sd->card_status >> 6) & 0x2000) |
375 (sd->card_status & 0x1fff);
376 sd->card_status &= ~(CARD_STATUS_C & 0xc81fff);
377
378 response[0] = (arg >> 8) & 0xff;
379 response[1] = arg & 0xff;
380 response[2] = (status >> 8) & 0xff;
381 response[3] = status & 0xff;
382 }
383
384 static void sd_response_r7_make(SDState *sd, uint8_t *response)
385 {
386 response[0] = (sd->vhs >> 24) & 0xff;
387 response[1] = (sd->vhs >> 16) & 0xff;
388 response[2] = (sd->vhs >> 8) & 0xff;
389 response[3] = (sd->vhs >> 0) & 0xff;
390 }
391
392 static inline uint64_t sd_addr_to_wpnum(uint64_t addr)
393 {
394 return addr >> (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT);
395 }
396
397 static void sd_reset(SDState *sd)
398 {
399 uint64_t size;
400 uint64_t sect;
401
402 if (sd->blk) {
403 blk_get_geometry(sd->blk, &sect);
404 } else {
405 sect = 0;
406 }
407 size = sect << 9;
408
409 sect = sd_addr_to_wpnum(size) + 1;
410
411 sd->state = sd_idle_state;
412 sd->rca = 0x0000;
413 sd_set_ocr(sd);
414 sd_set_scr(sd);
415 sd_set_cid(sd);
416 sd_set_csd(sd, size);
417 sd_set_cardstatus(sd);
418 sd_set_sdstatus(sd);
419
420 g_free(sd->wp_groups);
421 sd->wp_switch = sd->blk ? blk_is_read_only(sd->blk) : false;
422 sd->wpgrps_size = sect;
423 sd->wp_groups = bitmap_new(sd->wpgrps_size);
424 memset(sd->function_group, 0, sizeof(sd->function_group));
425 sd->erase_start = 0;
426 sd->erase_end = 0;
427 sd->size = size;
428 sd->blk_len = 0x200;
429 sd->pwd_len = 0;
430 sd->expecting_acmd = false;
431 }
432
433 static void sd_cardchange(void *opaque, bool load)
434 {
435 SDState *sd = opaque;
436
437 qemu_set_irq(sd->inserted_cb, blk_is_inserted(sd->blk));
438 if (blk_is_inserted(sd->blk)) {
439 sd_reset(sd);
440 qemu_set_irq(sd->readonly_cb, sd->wp_switch);
441 }
442 }
443
444 static const BlockDevOps sd_block_ops = {
445 .change_media_cb = sd_cardchange,
446 };
447
448 static const VMStateDescription sd_vmstate = {
449 .name = "sd-card",
450 .version_id = 1,
451 .minimum_version_id = 1,
452 .fields = (VMStateField[]) {
453 VMSTATE_UINT32(mode, SDState),
454 VMSTATE_INT32(state, SDState),
455 VMSTATE_UINT8_ARRAY(cid, SDState, 16),
456 VMSTATE_UINT8_ARRAY(csd, SDState, 16),
457 VMSTATE_UINT16(rca, SDState),
458 VMSTATE_UINT32(card_status, SDState),
459 VMSTATE_PARTIAL_BUFFER(sd_status, SDState, 1),
460 VMSTATE_UINT32(vhs, SDState),
461 VMSTATE_BITMAP(wp_groups, SDState, 0, wpgrps_size),
462 VMSTATE_UINT32(blk_len, SDState),
463 VMSTATE_UINT32(erase_start, SDState),
464 VMSTATE_UINT32(erase_end, SDState),
465 VMSTATE_UINT8_ARRAY(pwd, SDState, 16),
466 VMSTATE_UINT32(pwd_len, SDState),
467 VMSTATE_UINT8_ARRAY(function_group, SDState, 6),
468 VMSTATE_UINT8(current_cmd, SDState),
469 VMSTATE_BOOL(expecting_acmd, SDState),
470 VMSTATE_UINT32(blk_written, SDState),
471 VMSTATE_UINT64(data_start, SDState),
472 VMSTATE_UINT32(data_offset, SDState),
473 VMSTATE_UINT8_ARRAY(data, SDState, 512),
474 VMSTATE_BUFFER_POINTER_UNSAFE(buf, SDState, 1, 512),
475 VMSTATE_BOOL(enable, SDState),
476 VMSTATE_END_OF_LIST()
477 }
478 };
479
480 /* Legacy initialization function for use by non-qdevified callers */
481 SDState *sd_init(BlockBackend *blk, bool is_spi)
482 {
483 DeviceState *dev;
484 Error *err = NULL;
485
486 dev = qdev_create(NULL, TYPE_SD_CARD);
487 qdev_prop_set_drive(dev, "drive", blk, &err);
488 if (err) {
489 error_report("sd_init failed: %s", error_get_pretty(err));
490 return NULL;
491 }
492 qdev_prop_set_bit(dev, "spi", is_spi);
493 object_property_set_bool(OBJECT(dev), true, "realized", &err);
494 if (err) {
495 error_report("sd_init failed: %s", error_get_pretty(err));
496 return NULL;
497 }
498
499 return SD_CARD(dev);
500 }
501
502 void sd_set_cb(SDState *sd, qemu_irq readonly, qemu_irq insert)
503 {
504 sd->readonly_cb = readonly;
505 sd->inserted_cb = insert;
506 qemu_set_irq(readonly, sd->blk ? blk_is_read_only(sd->blk) : 0);
507 qemu_set_irq(insert, sd->blk ? blk_is_inserted(sd->blk) : 0);
508 }
509
510 static void sd_erase(SDState *sd)
511 {
512 int i;
513 uint64_t erase_start = sd->erase_start;
514 uint64_t erase_end = sd->erase_end;
515
516 if (!sd->erase_start || !sd->erase_end) {
517 sd->card_status |= ERASE_SEQ_ERROR;
518 return;
519 }
520
521 if (extract32(sd->ocr, OCR_CCS_BITN, 1)) {
522 /* High capacity memory card: erase units are 512 byte blocks */
523 erase_start *= 512;
524 erase_end *= 512;
525 }
526
527 erase_start = sd_addr_to_wpnum(erase_start);
528 erase_end = sd_addr_to_wpnum(erase_end);
529 sd->erase_start = 0;
530 sd->erase_end = 0;
531 sd->csd[14] |= 0x40;
532
533 for (i = erase_start; i <= erase_end; i++) {
534 if (test_bit(i, sd->wp_groups)) {
535 sd->card_status |= WP_ERASE_SKIP;
536 }
537 }
538 }
539
540 static uint32_t sd_wpbits(SDState *sd, uint64_t addr)
541 {
542 uint32_t i, wpnum;
543 uint32_t ret = 0;
544
545 wpnum = sd_addr_to_wpnum(addr);
546
547 for (i = 0; i < 32; i++, wpnum++, addr += WPGROUP_SIZE) {
548 if (addr < sd->size && test_bit(wpnum, sd->wp_groups)) {
549 ret |= (1 << i);
550 }
551 }
552
553 return ret;
554 }
555
556 static void sd_function_switch(SDState *sd, uint32_t arg)
557 {
558 int i, mode, new_func, crc;
559 mode = !!(arg & 0x80000000);
560
561 sd->data[0] = 0x00; /* Maximum current consumption */
562 sd->data[1] = 0x01;
563 sd->data[2] = 0x80; /* Supported group 6 functions */
564 sd->data[3] = 0x01;
565 sd->data[4] = 0x80; /* Supported group 5 functions */
566 sd->data[5] = 0x01;
567 sd->data[6] = 0x80; /* Supported group 4 functions */
568 sd->data[7] = 0x01;
569 sd->data[8] = 0x80; /* Supported group 3 functions */
570 sd->data[9] = 0x01;
571 sd->data[10] = 0x80; /* Supported group 2 functions */
572 sd->data[11] = 0x43;
573 sd->data[12] = 0x80; /* Supported group 1 functions */
574 sd->data[13] = 0x03;
575 for (i = 0; i < 6; i ++) {
576 new_func = (arg >> (i * 4)) & 0x0f;
577 if (mode && new_func != 0x0f)
578 sd->function_group[i] = new_func;
579 sd->data[14 + (i >> 1)] = new_func << ((i * 4) & 4);
580 }
581 memset(&sd->data[17], 0, 47);
582 crc = sd_crc16(sd->data, 64);
583 sd->data[65] = crc >> 8;
584 sd->data[66] = crc & 0xff;
585 }
586
587 static inline bool sd_wp_addr(SDState *sd, uint64_t addr)
588 {
589 return test_bit(sd_addr_to_wpnum(addr), sd->wp_groups);
590 }
591
592 static void sd_lock_command(SDState *sd)
593 {
594 int erase, lock, clr_pwd, set_pwd, pwd_len;
595 erase = !!(sd->data[0] & 0x08);
596 lock = sd->data[0] & 0x04;
597 clr_pwd = sd->data[0] & 0x02;
598 set_pwd = sd->data[0] & 0x01;
599
600 if (sd->blk_len > 1)
601 pwd_len = sd->data[1];
602 else
603 pwd_len = 0;
604
605 if (erase) {
606 if (!(sd->card_status & CARD_IS_LOCKED) || sd->blk_len > 1 ||
607 set_pwd || clr_pwd || lock || sd->wp_switch ||
608 (sd->csd[14] & 0x20)) {
609 sd->card_status |= LOCK_UNLOCK_FAILED;
610 return;
611 }
612 bitmap_zero(sd->wp_groups, sd->wpgrps_size);
613 sd->csd[14] &= ~0x10;
614 sd->card_status &= ~CARD_IS_LOCKED;
615 sd->pwd_len = 0;
616 /* Erasing the entire card here! */
617 fprintf(stderr, "SD: Card force-erased by CMD42\n");
618 return;
619 }
620
621 if (sd->blk_len < 2 + pwd_len ||
622 pwd_len <= sd->pwd_len ||
623 pwd_len > sd->pwd_len + 16) {
624 sd->card_status |= LOCK_UNLOCK_FAILED;
625 return;
626 }
627
628 if (sd->pwd_len && memcmp(sd->pwd, sd->data + 2, sd->pwd_len)) {
629 sd->card_status |= LOCK_UNLOCK_FAILED;
630 return;
631 }
632
633 pwd_len -= sd->pwd_len;
634 if ((pwd_len && !set_pwd) ||
635 (clr_pwd && (set_pwd || lock)) ||
636 (lock && !sd->pwd_len && !set_pwd) ||
637 (!set_pwd && !clr_pwd &&
638 (((sd->card_status & CARD_IS_LOCKED) && lock) ||
639 (!(sd->card_status & CARD_IS_LOCKED) && !lock)))) {
640 sd->card_status |= LOCK_UNLOCK_FAILED;
641 return;
642 }
643
644 if (set_pwd) {
645 memcpy(sd->pwd, sd->data + 2 + sd->pwd_len, pwd_len);
646 sd->pwd_len = pwd_len;
647 }
648
649 if (clr_pwd) {
650 sd->pwd_len = 0;
651 }
652
653 if (lock)
654 sd->card_status |= CARD_IS_LOCKED;
655 else
656 sd->card_status &= ~CARD_IS_LOCKED;
657 }
658
659 static sd_rsp_type_t sd_normal_command(SDState *sd,
660 SDRequest req)
661 {
662 uint32_t rca = 0x0000;
663 uint64_t addr = (sd->ocr & (1 << 30)) ? (uint64_t) req.arg << 9 : req.arg;
664
665 /* Not interpreting this as an app command */
666 sd->card_status &= ~APP_CMD;
667
668 if (sd_cmd_type[req.cmd & 0x3F] == sd_ac
669 || sd_cmd_type[req.cmd & 0x3F] == sd_adtc) {
670 rca = req.arg >> 16;
671 }
672
673 DPRINTF("CMD%d 0x%08x state %d\n", req.cmd, req.arg, sd->state);
674 switch (req.cmd) {
675 /* Basic commands (Class 0 and Class 1) */
676 case 0: /* CMD0: GO_IDLE_STATE */
677 switch (sd->state) {
678 case sd_inactive_state:
679 return sd->spi ? sd_r1 : sd_r0;
680
681 default:
682 sd->state = sd_idle_state;
683 sd_reset(sd);
684 return sd->spi ? sd_r1 : sd_r0;
685 }
686 break;
687
688 case 1: /* CMD1: SEND_OP_CMD */
689 if (!sd->spi)
690 goto bad_cmd;
691
692 sd->state = sd_transfer_state;
693 return sd_r1;
694
695 case 2: /* CMD2: ALL_SEND_CID */
696 if (sd->spi)
697 goto bad_cmd;
698 switch (sd->state) {
699 case sd_ready_state:
700 sd->state = sd_identification_state;
701 return sd_r2_i;
702
703 default:
704 break;
705 }
706 break;
707
708 case 3: /* CMD3: SEND_RELATIVE_ADDR */
709 if (sd->spi)
710 goto bad_cmd;
711 switch (sd->state) {
712 case sd_identification_state:
713 case sd_standby_state:
714 sd->state = sd_standby_state;
715 sd_set_rca(sd);
716 return sd_r6;
717
718 default:
719 break;
720 }
721 break;
722
723 case 4: /* CMD4: SEND_DSR */
724 if (sd->spi)
725 goto bad_cmd;
726 switch (sd->state) {
727 case sd_standby_state:
728 break;
729
730 default:
731 break;
732 }
733 break;
734
735 case 5: /* CMD5: reserved for SDIO cards */
736 return sd_illegal;
737
738 case 6: /* CMD6: SWITCH_FUNCTION */
739 if (sd->spi)
740 goto bad_cmd;
741 switch (sd->mode) {
742 case sd_data_transfer_mode:
743 sd_function_switch(sd, req.arg);
744 sd->state = sd_sendingdata_state;
745 sd->data_start = 0;
746 sd->data_offset = 0;
747 return sd_r1;
748
749 default:
750 break;
751 }
752 break;
753
754 case 7: /* CMD7: SELECT/DESELECT_CARD */
755 if (sd->spi)
756 goto bad_cmd;
757 switch (sd->state) {
758 case sd_standby_state:
759 if (sd->rca != rca)
760 return sd_r0;
761
762 sd->state = sd_transfer_state;
763 return sd_r1b;
764
765 case sd_transfer_state:
766 case sd_sendingdata_state:
767 if (sd->rca == rca)
768 break;
769
770 sd->state = sd_standby_state;
771 return sd_r1b;
772
773 case sd_disconnect_state:
774 if (sd->rca != rca)
775 return sd_r0;
776
777 sd->state = sd_programming_state;
778 return sd_r1b;
779
780 case sd_programming_state:
781 if (sd->rca == rca)
782 break;
783
784 sd->state = sd_disconnect_state;
785 return sd_r1b;
786
787 default:
788 break;
789 }
790 break;
791
792 case 8: /* CMD8: SEND_IF_COND */
793 /* Physical Layer Specification Version 2.00 command */
794 switch (sd->state) {
795 case sd_idle_state:
796 sd->vhs = 0;
797
798 /* No response if not exactly one VHS bit is set. */
799 if (!(req.arg >> 8) || (req.arg >> (ctz32(req.arg & ~0xff) + 1))) {
800 return sd->spi ? sd_r7 : sd_r0;
801 }
802
803 /* Accept. */
804 sd->vhs = req.arg;
805 return sd_r7;
806
807 default:
808 break;
809 }
810 break;
811
812 case 9: /* CMD9: SEND_CSD */
813 switch (sd->state) {
814 case sd_standby_state:
815 if (sd->rca != rca)
816 return sd_r0;
817
818 return sd_r2_s;
819
820 case sd_transfer_state:
821 if (!sd->spi)
822 break;
823 sd->state = sd_sendingdata_state;
824 memcpy(sd->data, sd->csd, 16);
825 sd->data_start = addr;
826 sd->data_offset = 0;
827 return sd_r1;
828
829 default:
830 break;
831 }
832 break;
833
834 case 10: /* CMD10: SEND_CID */
835 switch (sd->state) {
836 case sd_standby_state:
837 if (sd->rca != rca)
838 return sd_r0;
839
840 return sd_r2_i;
841
842 case sd_transfer_state:
843 if (!sd->spi)
844 break;
845 sd->state = sd_sendingdata_state;
846 memcpy(sd->data, sd->cid, 16);
847 sd->data_start = addr;
848 sd->data_offset = 0;
849 return sd_r1;
850
851 default:
852 break;
853 }
854 break;
855
856 case 11: /* CMD11: READ_DAT_UNTIL_STOP */
857 if (sd->spi)
858 goto bad_cmd;
859 switch (sd->state) {
860 case sd_transfer_state:
861 sd->state = sd_sendingdata_state;
862 sd->data_start = req.arg;
863 sd->data_offset = 0;
864
865 if (sd->data_start + sd->blk_len > sd->size)
866 sd->card_status |= ADDRESS_ERROR;
867 return sd_r0;
868
869 default:
870 break;
871 }
872 break;
873
874 case 12: /* CMD12: STOP_TRANSMISSION */
875 switch (sd->state) {
876 case sd_sendingdata_state:
877 sd->state = sd_transfer_state;
878 return sd_r1b;
879
880 case sd_receivingdata_state:
881 sd->state = sd_programming_state;
882 /* Bzzzzzzztt .... Operation complete. */
883 sd->state = sd_transfer_state;
884 return sd_r1b;
885
886 default:
887 break;
888 }
889 break;
890
891 case 13: /* CMD13: SEND_STATUS */
892 switch (sd->mode) {
893 case sd_data_transfer_mode:
894 if (sd->rca != rca)
895 return sd_r0;
896
897 return sd_r1;
898
899 default:
900 break;
901 }
902 break;
903
904 case 15: /* CMD15: GO_INACTIVE_STATE */
905 if (sd->spi)
906 goto bad_cmd;
907 switch (sd->mode) {
908 case sd_data_transfer_mode:
909 if (sd->rca != rca)
910 return sd_r0;
911
912 sd->state = sd_inactive_state;
913 return sd_r0;
914
915 default:
916 break;
917 }
918 break;
919
920 /* Block read commands (Classs 2) */
921 case 16: /* CMD16: SET_BLOCKLEN */
922 switch (sd->state) {
923 case sd_transfer_state:
924 if (req.arg > (1 << HWBLOCK_SHIFT))
925 sd->card_status |= BLOCK_LEN_ERROR;
926 else
927 sd->blk_len = req.arg;
928
929 return sd_r1;
930
931 default:
932 break;
933 }
934 break;
935
936 case 17: /* CMD17: READ_SINGLE_BLOCK */
937 switch (sd->state) {
938 case sd_transfer_state:
939 sd->state = sd_sendingdata_state;
940 sd->data_start = addr;
941 sd->data_offset = 0;
942
943 if (sd->data_start + sd->blk_len > sd->size)
944 sd->card_status |= ADDRESS_ERROR;
945 return sd_r1;
946
947 default:
948 break;
949 }
950 break;
951
952 case 18: /* CMD18: READ_MULTIPLE_BLOCK */
953 switch (sd->state) {
954 case sd_transfer_state:
955 sd->state = sd_sendingdata_state;
956 sd->data_start = addr;
957 sd->data_offset = 0;
958
959 if (sd->data_start + sd->blk_len > sd->size)
960 sd->card_status |= ADDRESS_ERROR;
961 return sd_r1;
962
963 default:
964 break;
965 }
966 break;
967
968 /* Block write commands (Class 4) */
969 case 24: /* CMD24: WRITE_SINGLE_BLOCK */
970 if (sd->spi)
971 goto unimplemented_cmd;
972 switch (sd->state) {
973 case sd_transfer_state:
974 /* Writing in SPI mode not implemented. */
975 if (sd->spi)
976 break;
977 sd->state = sd_receivingdata_state;
978 sd->data_start = addr;
979 sd->data_offset = 0;
980 sd->blk_written = 0;
981
982 if (sd->data_start + sd->blk_len > sd->size)
983 sd->card_status |= ADDRESS_ERROR;
984 if (sd_wp_addr(sd, sd->data_start))
985 sd->card_status |= WP_VIOLATION;
986 if (sd->csd[14] & 0x30)
987 sd->card_status |= WP_VIOLATION;
988 return sd_r1;
989
990 default:
991 break;
992 }
993 break;
994
995 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
996 if (sd->spi)
997 goto unimplemented_cmd;
998 switch (sd->state) {
999 case sd_transfer_state:
1000 /* Writing in SPI mode not implemented. */
1001 if (sd->spi)
1002 break;
1003 sd->state = sd_receivingdata_state;
1004 sd->data_start = addr;
1005 sd->data_offset = 0;
1006 sd->blk_written = 0;
1007
1008 if (sd->data_start + sd->blk_len > sd->size)
1009 sd->card_status |= ADDRESS_ERROR;
1010 if (sd_wp_addr(sd, sd->data_start))
1011 sd->card_status |= WP_VIOLATION;
1012 if (sd->csd[14] & 0x30)
1013 sd->card_status |= WP_VIOLATION;
1014 return sd_r1;
1015
1016 default:
1017 break;
1018 }
1019 break;
1020
1021 case 26: /* CMD26: PROGRAM_CID */
1022 if (sd->spi)
1023 goto bad_cmd;
1024 switch (sd->state) {
1025 case sd_transfer_state:
1026 sd->state = sd_receivingdata_state;
1027 sd->data_start = 0;
1028 sd->data_offset = 0;
1029 return sd_r1;
1030
1031 default:
1032 break;
1033 }
1034 break;
1035
1036 case 27: /* CMD27: PROGRAM_CSD */
1037 if (sd->spi)
1038 goto unimplemented_cmd;
1039 switch (sd->state) {
1040 case sd_transfer_state:
1041 sd->state = sd_receivingdata_state;
1042 sd->data_start = 0;
1043 sd->data_offset = 0;
1044 return sd_r1;
1045
1046 default:
1047 break;
1048 }
1049 break;
1050
1051 /* Write protection (Class 6) */
1052 case 28: /* CMD28: SET_WRITE_PROT */
1053 switch (sd->state) {
1054 case sd_transfer_state:
1055 if (addr >= sd->size) {
1056 sd->card_status |= ADDRESS_ERROR;
1057 return sd_r1b;
1058 }
1059
1060 sd->state = sd_programming_state;
1061 set_bit(sd_addr_to_wpnum(addr), sd->wp_groups);
1062 /* Bzzzzzzztt .... Operation complete. */
1063 sd->state = sd_transfer_state;
1064 return sd_r1b;
1065
1066 default:
1067 break;
1068 }
1069 break;
1070
1071 case 29: /* CMD29: CLR_WRITE_PROT */
1072 switch (sd->state) {
1073 case sd_transfer_state:
1074 if (addr >= sd->size) {
1075 sd->card_status |= ADDRESS_ERROR;
1076 return sd_r1b;
1077 }
1078
1079 sd->state = sd_programming_state;
1080 clear_bit(sd_addr_to_wpnum(addr), sd->wp_groups);
1081 /* Bzzzzzzztt .... Operation complete. */
1082 sd->state = sd_transfer_state;
1083 return sd_r1b;
1084
1085 default:
1086 break;
1087 }
1088 break;
1089
1090 case 30: /* CMD30: SEND_WRITE_PROT */
1091 switch (sd->state) {
1092 case sd_transfer_state:
1093 sd->state = sd_sendingdata_state;
1094 *(uint32_t *) sd->data = sd_wpbits(sd, req.arg);
1095 sd->data_start = addr;
1096 sd->data_offset = 0;
1097 return sd_r1b;
1098
1099 default:
1100 break;
1101 }
1102 break;
1103
1104 /* Erase commands (Class 5) */
1105 case 32: /* CMD32: ERASE_WR_BLK_START */
1106 switch (sd->state) {
1107 case sd_transfer_state:
1108 sd->erase_start = req.arg;
1109 return sd_r1;
1110
1111 default:
1112 break;
1113 }
1114 break;
1115
1116 case 33: /* CMD33: ERASE_WR_BLK_END */
1117 switch (sd->state) {
1118 case sd_transfer_state:
1119 sd->erase_end = req.arg;
1120 return sd_r1;
1121
1122 default:
1123 break;
1124 }
1125 break;
1126
1127 case 38: /* CMD38: ERASE */
1128 switch (sd->state) {
1129 case sd_transfer_state:
1130 if (sd->csd[14] & 0x30) {
1131 sd->card_status |= WP_VIOLATION;
1132 return sd_r1b;
1133 }
1134
1135 sd->state = sd_programming_state;
1136 sd_erase(sd);
1137 /* Bzzzzzzztt .... Operation complete. */
1138 sd->state = sd_transfer_state;
1139 return sd_r1b;
1140
1141 default:
1142 break;
1143 }
1144 break;
1145
1146 /* Lock card commands (Class 7) */
1147 case 42: /* CMD42: LOCK_UNLOCK */
1148 if (sd->spi)
1149 goto unimplemented_cmd;
1150 switch (sd->state) {
1151 case sd_transfer_state:
1152 sd->state = sd_receivingdata_state;
1153 sd->data_start = 0;
1154 sd->data_offset = 0;
1155 return sd_r1;
1156
1157 default:
1158 break;
1159 }
1160 break;
1161
1162 case 52:
1163 case 53:
1164 /* CMD52, CMD53: reserved for SDIO cards
1165 * (see the SDIO Simplified Specification V2.0)
1166 * Handle as illegal command but do not complain
1167 * on stderr, as some OSes may use these in their
1168 * probing for presence of an SDIO card.
1169 */
1170 return sd_illegal;
1171
1172 /* Application specific commands (Class 8) */
1173 case 55: /* CMD55: APP_CMD */
1174 if (sd->rca != rca)
1175 return sd_r0;
1176
1177 sd->expecting_acmd = true;
1178 sd->card_status |= APP_CMD;
1179 return sd_r1;
1180
1181 case 56: /* CMD56: GEN_CMD */
1182 fprintf(stderr, "SD: GEN_CMD 0x%08x\n", req.arg);
1183
1184 switch (sd->state) {
1185 case sd_transfer_state:
1186 sd->data_offset = 0;
1187 if (req.arg & 1)
1188 sd->state = sd_sendingdata_state;
1189 else
1190 sd->state = sd_receivingdata_state;
1191 return sd_r1;
1192
1193 default:
1194 break;
1195 }
1196 break;
1197
1198 default:
1199 bad_cmd:
1200 fprintf(stderr, "SD: Unknown CMD%i\n", req.cmd);
1201 return sd_illegal;
1202
1203 unimplemented_cmd:
1204 /* Commands that are recognised but not yet implemented in SPI mode. */
1205 fprintf(stderr, "SD: CMD%i not implemented in SPI mode\n", req.cmd);
1206 return sd_illegal;
1207 }
1208
1209 fprintf(stderr, "SD: CMD%i in a wrong state\n", req.cmd);
1210 return sd_illegal;
1211 }
1212
1213 static sd_rsp_type_t sd_app_command(SDState *sd,
1214 SDRequest req)
1215 {
1216 DPRINTF("ACMD%d 0x%08x\n", req.cmd, req.arg);
1217 sd->card_status |= APP_CMD;
1218 switch (req.cmd) {
1219 case 6: /* ACMD6: SET_BUS_WIDTH */
1220 switch (sd->state) {
1221 case sd_transfer_state:
1222 sd->sd_status[0] &= 0x3f;
1223 sd->sd_status[0] |= (req.arg & 0x03) << 6;
1224 return sd_r1;
1225
1226 default:
1227 break;
1228 }
1229 break;
1230
1231 case 13: /* ACMD13: SD_STATUS */
1232 switch (sd->state) {
1233 case sd_transfer_state:
1234 sd->state = sd_sendingdata_state;
1235 sd->data_start = 0;
1236 sd->data_offset = 0;
1237 return sd_r1;
1238
1239 default:
1240 break;
1241 }
1242 break;
1243
1244 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
1245 switch (sd->state) {
1246 case sd_transfer_state:
1247 *(uint32_t *) sd->data = sd->blk_written;
1248
1249 sd->state = sd_sendingdata_state;
1250 sd->data_start = 0;
1251 sd->data_offset = 0;
1252 return sd_r1;
1253
1254 default:
1255 break;
1256 }
1257 break;
1258
1259 case 23: /* ACMD23: SET_WR_BLK_ERASE_COUNT */
1260 switch (sd->state) {
1261 case sd_transfer_state:
1262 return sd_r1;
1263
1264 default:
1265 break;
1266 }
1267 break;
1268
1269 case 41: /* ACMD41: SD_APP_OP_COND */
1270 if (sd->spi) {
1271 /* SEND_OP_CMD */
1272 sd->state = sd_transfer_state;
1273 return sd_r1;
1274 }
1275 switch (sd->state) {
1276 case sd_idle_state:
1277 /* We accept any voltage. 10000 V is nothing.
1278 *
1279 * We don't model init delay so just advance straight to ready state
1280 * unless it's an enquiry ACMD41 (bits 23:0 == 0).
1281 */
1282 if (req.arg & ACMD41_ENQUIRY_MASK) {
1283 sd->state = sd_ready_state;
1284 }
1285
1286 return sd_r3;
1287
1288 default:
1289 break;
1290 }
1291 break;
1292
1293 case 42: /* ACMD42: SET_CLR_CARD_DETECT */
1294 switch (sd->state) {
1295 case sd_transfer_state:
1296 /* Bringing in the 50KOhm pull-up resistor... Done. */
1297 return sd_r1;
1298
1299 default:
1300 break;
1301 }
1302 break;
1303
1304 case 51: /* ACMD51: SEND_SCR */
1305 switch (sd->state) {
1306 case sd_transfer_state:
1307 sd->state = sd_sendingdata_state;
1308 sd->data_start = 0;
1309 sd->data_offset = 0;
1310 return sd_r1;
1311
1312 default:
1313 break;
1314 }
1315 break;
1316
1317 default:
1318 /* Fall back to standard commands. */
1319 return sd_normal_command(sd, req);
1320 }
1321
1322 fprintf(stderr, "SD: ACMD%i in a wrong state\n", req.cmd);
1323 return sd_illegal;
1324 }
1325
1326 static int cmd_valid_while_locked(SDState *sd, SDRequest *req)
1327 {
1328 /* Valid commands in locked state:
1329 * basic class (0)
1330 * lock card class (7)
1331 * CMD16
1332 * implicitly, the ACMD prefix CMD55
1333 * ACMD41 and ACMD42
1334 * Anything else provokes an "illegal command" response.
1335 */
1336 if (sd->expecting_acmd) {
1337 return req->cmd == 41 || req->cmd == 42;
1338 }
1339 if (req->cmd == 16 || req->cmd == 55) {
1340 return 1;
1341 }
1342 return sd_cmd_class[req->cmd & 0x3F] == 0
1343 || sd_cmd_class[req->cmd & 0x3F] == 7;
1344 }
1345
1346 int sd_do_command(SDState *sd, SDRequest *req,
1347 uint8_t *response) {
1348 int last_state;
1349 sd_rsp_type_t rtype;
1350 int rsplen;
1351
1352 if (!sd->blk || !blk_is_inserted(sd->blk) || !sd->enable) {
1353 return 0;
1354 }
1355
1356 if (sd_req_crc_validate(req)) {
1357 sd->card_status |= COM_CRC_ERROR;
1358 rtype = sd_illegal;
1359 goto send_response;
1360 }
1361
1362 if (sd->card_status & CARD_IS_LOCKED) {
1363 if (!cmd_valid_while_locked(sd, req)) {
1364 sd->card_status |= ILLEGAL_COMMAND;
1365 sd->expecting_acmd = false;
1366 fprintf(stderr, "SD: Card is locked\n");
1367 rtype = sd_illegal;
1368 goto send_response;
1369 }
1370 }
1371
1372 last_state = sd->state;
1373 sd_set_mode(sd);
1374
1375 if (sd->expecting_acmd) {
1376 sd->expecting_acmd = false;
1377 rtype = sd_app_command(sd, *req);
1378 } else {
1379 rtype = sd_normal_command(sd, *req);
1380 }
1381
1382 if (rtype == sd_illegal) {
1383 sd->card_status |= ILLEGAL_COMMAND;
1384 } else {
1385 /* Valid command, we can update the 'state before command' bits.
1386 * (Do this now so they appear in r1 responses.)
1387 */
1388 sd->current_cmd = req->cmd;
1389 sd->card_status &= ~CURRENT_STATE;
1390 sd->card_status |= (last_state << 9);
1391 }
1392
1393 send_response:
1394 switch (rtype) {
1395 case sd_r1:
1396 case sd_r1b:
1397 sd_response_r1_make(sd, response);
1398 rsplen = 4;
1399 break;
1400
1401 case sd_r2_i:
1402 memcpy(response, sd->cid, sizeof(sd->cid));
1403 rsplen = 16;
1404 break;
1405
1406 case sd_r2_s:
1407 memcpy(response, sd->csd, sizeof(sd->csd));
1408 rsplen = 16;
1409 break;
1410
1411 case sd_r3:
1412 sd_response_r3_make(sd, response);
1413 rsplen = 4;
1414 break;
1415
1416 case sd_r6:
1417 sd_response_r6_make(sd, response);
1418 rsplen = 4;
1419 break;
1420
1421 case sd_r7:
1422 sd_response_r7_make(sd, response);
1423 rsplen = 4;
1424 break;
1425
1426 case sd_r0:
1427 case sd_illegal:
1428 default:
1429 rsplen = 0;
1430 break;
1431 }
1432
1433 if (rtype != sd_illegal) {
1434 /* Clear the "clear on valid command" status bits now we've
1435 * sent any response
1436 */
1437 sd->card_status &= ~CARD_STATUS_B;
1438 }
1439
1440 #ifdef DEBUG_SD
1441 if (rsplen) {
1442 int i;
1443 DPRINTF("Response:");
1444 for (i = 0; i < rsplen; i++)
1445 fprintf(stderr, " %02x", response[i]);
1446 fprintf(stderr, " state %d\n", sd->state);
1447 } else {
1448 DPRINTF("No response %d\n", sd->state);
1449 }
1450 #endif
1451
1452 return rsplen;
1453 }
1454
1455 static void sd_blk_read(SDState *sd, uint64_t addr, uint32_t len)
1456 {
1457 uint64_t end = addr + len;
1458
1459 DPRINTF("sd_blk_read: addr = 0x%08llx, len = %d\n",
1460 (unsigned long long) addr, len);
1461 if (!sd->blk || blk_read(sd->blk, addr >> 9, sd->buf, 1) < 0) {
1462 fprintf(stderr, "sd_blk_read: read error on host side\n");
1463 return;
1464 }
1465
1466 if (end > (addr & ~511) + 512) {
1467 memcpy(sd->data, sd->buf + (addr & 511), 512 - (addr & 511));
1468
1469 if (blk_read(sd->blk, end >> 9, sd->buf, 1) < 0) {
1470 fprintf(stderr, "sd_blk_read: read error on host side\n");
1471 return;
1472 }
1473 memcpy(sd->data + 512 - (addr & 511), sd->buf, end & 511);
1474 } else
1475 memcpy(sd->data, sd->buf + (addr & 511), len);
1476 }
1477
1478 static void sd_blk_write(SDState *sd, uint64_t addr, uint32_t len)
1479 {
1480 uint64_t end = addr + len;
1481
1482 if ((addr & 511) || len < 512)
1483 if (!sd->blk || blk_read(sd->blk, addr >> 9, sd->buf, 1) < 0) {
1484 fprintf(stderr, "sd_blk_write: read error on host side\n");
1485 return;
1486 }
1487
1488 if (end > (addr & ~511) + 512) {
1489 memcpy(sd->buf + (addr & 511), sd->data, 512 - (addr & 511));
1490 if (blk_write(sd->blk, addr >> 9, sd->buf, 1) < 0) {
1491 fprintf(stderr, "sd_blk_write: write error on host side\n");
1492 return;
1493 }
1494
1495 if (blk_read(sd->blk, end >> 9, sd->buf, 1) < 0) {
1496 fprintf(stderr, "sd_blk_write: read error on host side\n");
1497 return;
1498 }
1499 memcpy(sd->buf, sd->data + 512 - (addr & 511), end & 511);
1500 if (blk_write(sd->blk, end >> 9, sd->buf, 1) < 0) {
1501 fprintf(stderr, "sd_blk_write: write error on host side\n");
1502 }
1503 } else {
1504 memcpy(sd->buf + (addr & 511), sd->data, len);
1505 if (!sd->blk || blk_write(sd->blk, addr >> 9, sd->buf, 1) < 0) {
1506 fprintf(stderr, "sd_blk_write: write error on host side\n");
1507 }
1508 }
1509 }
1510
1511 #define BLK_READ_BLOCK(a, len) sd_blk_read(sd, a, len)
1512 #define BLK_WRITE_BLOCK(a, len) sd_blk_write(sd, a, len)
1513 #define APP_READ_BLOCK(a, len) memset(sd->data, 0xec, len)
1514 #define APP_WRITE_BLOCK(a, len)
1515
1516 void sd_write_data(SDState *sd, uint8_t value)
1517 {
1518 int i;
1519
1520 if (!sd->blk || !blk_is_inserted(sd->blk) || !sd->enable)
1521 return;
1522
1523 if (sd->state != sd_receivingdata_state) {
1524 fprintf(stderr, "sd_write_data: not in Receiving-Data state\n");
1525 return;
1526 }
1527
1528 if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION))
1529 return;
1530
1531 switch (sd->current_cmd) {
1532 case 24: /* CMD24: WRITE_SINGLE_BLOCK */
1533 sd->data[sd->data_offset ++] = value;
1534 if (sd->data_offset >= sd->blk_len) {
1535 /* TODO: Check CRC before committing */
1536 sd->state = sd_programming_state;
1537 BLK_WRITE_BLOCK(sd->data_start, sd->data_offset);
1538 sd->blk_written ++;
1539 sd->csd[14] |= 0x40;
1540 /* Bzzzzzzztt .... Operation complete. */
1541 sd->state = sd_transfer_state;
1542 }
1543 break;
1544
1545 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
1546 if (sd->data_offset == 0) {
1547 /* Start of the block - let's check the address is valid */
1548 if (sd->data_start + sd->blk_len > sd->size) {
1549 sd->card_status |= ADDRESS_ERROR;
1550 break;
1551 }
1552 if (sd_wp_addr(sd, sd->data_start)) {
1553 sd->card_status |= WP_VIOLATION;
1554 break;
1555 }
1556 }
1557 sd->data[sd->data_offset++] = value;
1558 if (sd->data_offset >= sd->blk_len) {
1559 /* TODO: Check CRC before committing */
1560 sd->state = sd_programming_state;
1561 BLK_WRITE_BLOCK(sd->data_start, sd->data_offset);
1562 sd->blk_written++;
1563 sd->data_start += sd->blk_len;
1564 sd->data_offset = 0;
1565 sd->csd[14] |= 0x40;
1566
1567 /* Bzzzzzzztt .... Operation complete. */
1568 sd->state = sd_receivingdata_state;
1569 }
1570 break;
1571
1572 case 26: /* CMD26: PROGRAM_CID */
1573 sd->data[sd->data_offset ++] = value;
1574 if (sd->data_offset >= sizeof(sd->cid)) {
1575 /* TODO: Check CRC before committing */
1576 sd->state = sd_programming_state;
1577 for (i = 0; i < sizeof(sd->cid); i ++)
1578 if ((sd->cid[i] | 0x00) != sd->data[i])
1579 sd->card_status |= CID_CSD_OVERWRITE;
1580
1581 if (!(sd->card_status & CID_CSD_OVERWRITE))
1582 for (i = 0; i < sizeof(sd->cid); i ++) {
1583 sd->cid[i] |= 0x00;
1584 sd->cid[i] &= sd->data[i];
1585 }
1586 /* Bzzzzzzztt .... Operation complete. */
1587 sd->state = sd_transfer_state;
1588 }
1589 break;
1590
1591 case 27: /* CMD27: PROGRAM_CSD */
1592 sd->data[sd->data_offset ++] = value;
1593 if (sd->data_offset >= sizeof(sd->csd)) {
1594 /* TODO: Check CRC before committing */
1595 sd->state = sd_programming_state;
1596 for (i = 0; i < sizeof(sd->csd); i ++)
1597 if ((sd->csd[i] | sd_csd_rw_mask[i]) !=
1598 (sd->data[i] | sd_csd_rw_mask[i]))
1599 sd->card_status |= CID_CSD_OVERWRITE;
1600
1601 /* Copy flag (OTP) & Permanent write protect */
1602 if (sd->csd[14] & ~sd->data[14] & 0x60)
1603 sd->card_status |= CID_CSD_OVERWRITE;
1604
1605 if (!(sd->card_status & CID_CSD_OVERWRITE))
1606 for (i = 0; i < sizeof(sd->csd); i ++) {
1607 sd->csd[i] |= sd_csd_rw_mask[i];
1608 sd->csd[i] &= sd->data[i];
1609 }
1610 /* Bzzzzzzztt .... Operation complete. */
1611 sd->state = sd_transfer_state;
1612 }
1613 break;
1614
1615 case 42: /* CMD42: LOCK_UNLOCK */
1616 sd->data[sd->data_offset ++] = value;
1617 if (sd->data_offset >= sd->blk_len) {
1618 /* TODO: Check CRC before committing */
1619 sd->state = sd_programming_state;
1620 sd_lock_command(sd);
1621 /* Bzzzzzzztt .... Operation complete. */
1622 sd->state = sd_transfer_state;
1623 }
1624 break;
1625
1626 case 56: /* CMD56: GEN_CMD */
1627 sd->data[sd->data_offset ++] = value;
1628 if (sd->data_offset >= sd->blk_len) {
1629 APP_WRITE_BLOCK(sd->data_start, sd->data_offset);
1630 sd->state = sd_transfer_state;
1631 }
1632 break;
1633
1634 default:
1635 fprintf(stderr, "sd_write_data: unknown command\n");
1636 break;
1637 }
1638 }
1639
1640 uint8_t sd_read_data(SDState *sd)
1641 {
1642 /* TODO: Append CRCs */
1643 uint8_t ret;
1644 int io_len;
1645
1646 if (!sd->blk || !blk_is_inserted(sd->blk) || !sd->enable)
1647 return 0x00;
1648
1649 if (sd->state != sd_sendingdata_state) {
1650 fprintf(stderr, "sd_read_data: not in Sending-Data state\n");
1651 return 0x00;
1652 }
1653
1654 if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION))
1655 return 0x00;
1656
1657 io_len = (sd->ocr & (1 << 30)) ? 512 : sd->blk_len;
1658
1659 switch (sd->current_cmd) {
1660 case 6: /* CMD6: SWITCH_FUNCTION */
1661 ret = sd->data[sd->data_offset ++];
1662
1663 if (sd->data_offset >= 64)
1664 sd->state = sd_transfer_state;
1665 break;
1666
1667 case 9: /* CMD9: SEND_CSD */
1668 case 10: /* CMD10: SEND_CID */
1669 ret = sd->data[sd->data_offset ++];
1670
1671 if (sd->data_offset >= 16)
1672 sd->state = sd_transfer_state;
1673 break;
1674
1675 case 11: /* CMD11: READ_DAT_UNTIL_STOP */
1676 if (sd->data_offset == 0)
1677 BLK_READ_BLOCK(sd->data_start, io_len);
1678 ret = sd->data[sd->data_offset ++];
1679
1680 if (sd->data_offset >= io_len) {
1681 sd->data_start += io_len;
1682 sd->data_offset = 0;
1683 if (sd->data_start + io_len > sd->size) {
1684 sd->card_status |= ADDRESS_ERROR;
1685 break;
1686 }
1687 }
1688 break;
1689
1690 case 13: /* ACMD13: SD_STATUS */
1691 ret = sd->sd_status[sd->data_offset ++];
1692
1693 if (sd->data_offset >= sizeof(sd->sd_status))
1694 sd->state = sd_transfer_state;
1695 break;
1696
1697 case 17: /* CMD17: READ_SINGLE_BLOCK */
1698 if (sd->data_offset == 0)
1699 BLK_READ_BLOCK(sd->data_start, io_len);
1700 ret = sd->data[sd->data_offset ++];
1701
1702 if (sd->data_offset >= io_len)
1703 sd->state = sd_transfer_state;
1704 break;
1705
1706 case 18: /* CMD18: READ_MULTIPLE_BLOCK */
1707 if (sd->data_offset == 0)
1708 BLK_READ_BLOCK(sd->data_start, io_len);
1709 ret = sd->data[sd->data_offset ++];
1710
1711 if (sd->data_offset >= io_len) {
1712 sd->data_start += io_len;
1713 sd->data_offset = 0;
1714 if (sd->data_start + io_len > sd->size) {
1715 sd->card_status |= ADDRESS_ERROR;
1716 break;
1717 }
1718 }
1719 break;
1720
1721 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
1722 ret = sd->data[sd->data_offset ++];
1723
1724 if (sd->data_offset >= 4)
1725 sd->state = sd_transfer_state;
1726 break;
1727
1728 case 30: /* CMD30: SEND_WRITE_PROT */
1729 ret = sd->data[sd->data_offset ++];
1730
1731 if (sd->data_offset >= 4)
1732 sd->state = sd_transfer_state;
1733 break;
1734
1735 case 51: /* ACMD51: SEND_SCR */
1736 ret = sd->scr[sd->data_offset ++];
1737
1738 if (sd->data_offset >= sizeof(sd->scr))
1739 sd->state = sd_transfer_state;
1740 break;
1741
1742 case 56: /* CMD56: GEN_CMD */
1743 if (sd->data_offset == 0)
1744 APP_READ_BLOCK(sd->data_start, sd->blk_len);
1745 ret = sd->data[sd->data_offset ++];
1746
1747 if (sd->data_offset >= sd->blk_len)
1748 sd->state = sd_transfer_state;
1749 break;
1750
1751 default:
1752 fprintf(stderr, "sd_read_data: unknown command\n");
1753 return 0x00;
1754 }
1755
1756 return ret;
1757 }
1758
1759 bool sd_data_ready(SDState *sd)
1760 {
1761 return sd->state == sd_sendingdata_state;
1762 }
1763
1764 void sd_enable(SDState *sd, bool enable)
1765 {
1766 sd->enable = enable;
1767 }
1768
1769 static void sd_instance_init(Object *obj)
1770 {
1771 SDState *sd = SD_CARD(obj);
1772
1773 sd->enable = true;
1774 }
1775
1776 static void sd_realize(DeviceState *dev, Error **errp)
1777 {
1778 SDState *sd = SD_CARD(dev);
1779
1780 if (sd->blk && blk_is_read_only(sd->blk)) {
1781 error_setg(errp, "Cannot use read-only drive as SD card");
1782 return;
1783 }
1784
1785 sd->buf = blk_blockalign(sd->blk, 512);
1786
1787 if (sd->blk) {
1788 blk_set_dev_ops(sd->blk, &sd_block_ops, sd);
1789 }
1790
1791 sd_reset(sd);
1792 }
1793
1794 static Property sd_properties[] = {
1795 DEFINE_PROP_DRIVE("drive", SDState, blk),
1796 /* We do not model the chip select pin, so allow the board to select
1797 * whether card should be in SSI or MMC/SD mode. It is also up to the
1798 * board to ensure that ssi transfers only occur when the chip select
1799 * is asserted. */
1800 DEFINE_PROP_BOOL("spi", SDState, spi, false),
1801 DEFINE_PROP_END_OF_LIST()
1802 };
1803
1804 static void sd_class_init(ObjectClass *klass, void *data)
1805 {
1806 DeviceClass *dc = DEVICE_CLASS(klass);
1807
1808 dc->realize = sd_realize;
1809 dc->props = sd_properties;
1810 dc->vmsd = &sd_vmstate;
1811 }
1812
1813 static const TypeInfo sd_info = {
1814 .name = TYPE_SD_CARD,
1815 .parent = TYPE_DEVICE,
1816 .instance_size = sizeof(SDState),
1817 .class_init = sd_class_init,
1818 .instance_init = sd_instance_init,
1819 };
1820
1821 static void sd_register_types(void)
1822 {
1823 type_register_static(&sd_info);
1824 }
1825
1826 type_init(sd_register_types)