]> git.proxmox.com Git - mirror_qemu.git/blame - hw/sd/sd.c
projects / mirror_qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
sdcard: Do not trace CMD55, except when we already expect an ACMD
[mirror_qemu.git] / hw / sd / sd.c
CommitLineData
5fafdf24 1/*
a1bb27b1
PB		 2 * SD Memory Card emulation as defined in the "SD Memory Card Physical
3 * layer specification, Version 1.10."
4 *
5 * Copyright (c) 2006 Andrzej Zaborowski <balrog@zabor.org>
6 * Copyright (c) 2007 CodeSourcery
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in
16 * the documentation and/or other materials provided with the
17 * distribution.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS''
20 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
21 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
22 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR
23 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
24 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
25 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
26 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
27 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
28 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
29 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
30 */
31
0430891c 32#include "qemu/osdep.h"
c759a790 33#include "hw/qdev.h"
83c9f4ca 34#include "hw/hw.h"
6f296421 35#include "hw/registerfields.h"
4be74634 36#include "sysemu/block-backend.h"
e3382ef0 37#include "hw/sd/sd.h"
da34e65c 38#include "qapi/error.h"
1de7afc9 39#include "qemu/bitmap.h"
7af83490 40#include "qemu/cutils.h"
260bc9d8
PM		 41#include "hw/qdev-properties.h"
42#include "qemu/error-report.h"
dd26eb43 43#include "qemu/timer.h"
03dd024f 44#include "qemu/log.h"
f250015b 45#include "sdmmc-internal.h"
1b640aa9 46#include "trace.h"
a1bb27b1
PB		 47
48//#define DEBUG_SD 1
49
a1bb27b1
PB		 50typedef enum {
51 sd_r0 = 0, /* no response */
52 sd_r1, /* normal response command */
53 sd_r2_i, /* CID register */
54 sd_r2_s, /* CSD register */
55 sd_r3, /* OCR register */
56 sd_r6 = 6, /* Published RCA response */
1b088995 57 sd_r7, /* Operating voltage */
a1bb27b1 58 sd_r1b = -1,
53bb8cc4 59 sd_illegal = -2,
c227f099 60} sd_rsp_type_t;
a1bb27b1 61
50a5be6c
IM		 62enum SDCardModes {
63 sd_inactive,
64 sd_card_identification_mode,
65 sd_data_transfer_mode,
66};
67
68enum SDCardStates {
69 sd_inactive_state = -1,
70 sd_idle_state = 0,
71 sd_ready_state,
72 sd_identification_state,
73 sd_standby_state,
74 sd_transfer_state,
75 sd_sendingdata_state,
76 sd_receivingdata_state,
77 sd_programming_state,
78 sd_disconnect_state,
79};
80
a1bb27b1 81struct SDState {
260bc9d8
PM		 82 DeviceState parent_obj;
83
d49b1ce0 84 /* SD Memory Card Registers */
a1bb27b1
PB		 85 uint32_t ocr;
86 uint8_t scr[8];
87 uint8_t cid[16];
88 uint8_t csd[16];
89 uint16_t rca;
90 uint32_t card_status;
91 uint8_t sd_status[64];
d49b1ce0
PMD		 92
93 /* Configurable properties */
94 BlockBackend *blk;
95 bool spi;
96
97 uint32_t mode; /* current card mode, one of SDCardModes */
98 int32_t state; /* current card state, one of SDCardStates */
1b088995 99 uint32_t vhs;
bebd1271 100 bool wp_switch;
a9c01830 101 unsigned long *wp_groups;
50a5be6c 102 int32_t wpgrps_size;
2d7adea4 103 uint64_t size;
50a5be6c 104 uint32_t blk_len;
4481bbc7 105 uint32_t multi_blk_cnt;
a1bb27b1
PB		 106 uint32_t erase_start;
107 uint32_t erase_end;
108 uint8_t pwd[16];
50a5be6c
IM		 109 uint32_t pwd_len;
110 uint8_t function_group[6];
50a5be6c 111 uint8_t current_cmd;
1d06cb7a
PM		 112 /* True if we will handle the next command as an ACMD. Note that this does
113 * *not* track the APP_CMD status bit!
114 */
bebd1271 115 bool expecting_acmd;
50a5be6c 116 uint32_t blk_written;
2d7adea4 117 uint64_t data_start;
a1bb27b1
PB		 118 uint32_t data_offset;
119 uint8_t data[512];
02ce600c
AZ		 120 qemu_irq readonly_cb;
121 qemu_irq inserted_cb;
d49b1ce0 122 QEMUTimer *ocr_power_timer;
bebd1271 123 bool enable;
da346922
PMD		 124 uint8_t dat_lines;
125 bool cmd_line;
a1bb27b1
PB		 126};
127
1b640aa9
PMD		 128static const char *sd_state_name(enum SDCardStates state)
129{
130 static const char *state_name[] = {
131 [sd_idle_state] = "idle",
132 [sd_ready_state] = "ready",
133 [sd_identification_state] = "identification",
134 [sd_standby_state] = "standby",
135 [sd_transfer_state] = "transfer",
136 [sd_sendingdata_state] = "sendingdata",
137 [sd_receivingdata_state] = "receivingdata",
138 [sd_programming_state] = "programming",
139 [sd_disconnect_state] = "disconnect",
140 };
141 if (state == sd_inactive_state) {
142 return "inactive";
143 }
144 assert(state <= ARRAY_SIZE(state_name));
145 return state_name[state];
146}
147
55921932
PMD		 148static const char *sd_response_name(sd_rsp_type_t rsp)
149{
150 static const char *response_name[] = {
151 [sd_r0] = "RESP#0 (no response)",
152 [sd_r1] = "RESP#1 (normal cmd)",
153 [sd_r2_i] = "RESP#2 (CID reg)",
154 [sd_r2_s] = "RESP#2 (CSD reg)",
155 [sd_r3] = "RESP#3 (OCR reg)",
156 [sd_r6] = "RESP#6 (RCA)",
157 [sd_r7] = "RESP#7 (operating voltage)",
158 };
159 if (rsp == sd_illegal) {
160 return "ILLEGAL RESP";
161 }
162 if (rsp == sd_r1b) {
163 rsp = sd_r1;
164 }
165 assert(rsp <= ARRAY_SIZE(response_name));
166 return response_name[rsp];
167}
168
da346922
PMD		 169static uint8_t sd_get_dat_lines(SDState *sd)
170{
171 return sd->enable ? sd->dat_lines : 0;
172}
173
174static bool sd_get_cmd_line(SDState *sd)
175{
176 return sd->enable ? sd->cmd_line : false;
177}
178
0034ebe6
PMD		 179static void sd_set_voltage(SDState *sd, uint16_t millivolts)
180{
814b2adc
PMD		 181 trace_sdcard_set_voltage(millivolts);
182
0034ebe6
PMD		 183 switch (millivolts) {
184 case 3001 ... 3600: /* SD_VOLTAGE_3_3V */
185 case 2001 ... 3000: /* SD_VOLTAGE_3_0V */
186 break;
187 default:
188 qemu_log_mask(LOG_GUEST_ERROR, "SD card voltage not supported: %.3fV",
189 millivolts / 1000.f);
190 }
191}
192
10a412da 193static void sd_set_mode(SDState *sd)
a1bb27b1
PB		 194{
195 switch (sd->state) {
196 case sd_inactive_state:
197 sd->mode = sd_inactive;
198 break;
199
200 case sd_idle_state:
201 case sd_ready_state:
202 case sd_identification_state:
203 sd->mode = sd_card_identification_mode;
204 break;
205
206 case sd_standby_state:
207 case sd_transfer_state:
208 case sd_sendingdata_state:
209 case sd_receivingdata_state:
210 case sd_programming_state:
211 case sd_disconnect_state:
212 sd->mode = sd_data_transfer_mode;
213 break;
214 }
a1bb27b1
PB		 215}
216
f250015b 217static const sd_cmd_type_t sd_cmd_type[SDMMC_CMD_MAX] = {
a1bb27b1 218 sd_bc, sd_none, sd_bcr, sd_bcr, sd_none, sd_none, sd_none, sd_ac,
1b088995 219 sd_bcr, sd_ac, sd_ac, sd_adtc, sd_ac, sd_ac, sd_none, sd_ac,
f250015b 220 /* 16 */
a1bb27b1
PB		 221 sd_ac, sd_adtc, sd_adtc, sd_none, sd_none, sd_none, sd_none, sd_none,
222 sd_adtc, sd_adtc, sd_adtc, sd_adtc, sd_ac, sd_ac, sd_adtc, sd_none,
f250015b 223 /* 32 */
a1bb27b1
PB		 224 sd_ac, sd_ac, sd_none, sd_none, sd_none, sd_none, sd_ac, sd_none,
225 sd_none, sd_none, sd_bc, sd_none, sd_none, sd_none, sd_none, sd_none,
f250015b 226 /* 48 */
a1bb27b1
PB		 227 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_ac,
228 sd_adtc, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
229};
230
f250015b 231static const int sd_cmd_class[SDMMC_CMD_MAX] = {
a1bb27b1
PB		 232 0, 0, 0, 0, 0, 9, 10, 0, 0, 0, 0, 1, 0, 0, 0, 0,
233 2, 2, 2, 2, 3, 3, 3, 3, 4, 4, 4, 4, 6, 6, 6, 6,
234 5, 5, 10, 10, 10, 10, 5, 9, 9, 9, 7, 7, 7, 7, 7, 7,
235 7, 7, 10, 7, 9, 9, 9, 8, 8, 10, 8, 8, 8, 8, 8, 8,
236};
237
238static uint8_t sd_crc7(void *message, size_t width)
239{
240 int i, bit;
241 uint8_t shift_reg = 0x00;
242 uint8_t *msg = (uint8_t *) message;
243
244 for (i = 0; i < width; i ++, msg ++)
245 for (bit = 7; bit >= 0; bit --) {
246 shift_reg <<= 1;
247 if ((shift_reg >> 7) ^ ((*msg >> bit) & 1))
248 shift_reg ^= 0x89;
249 }
250
251 return shift_reg;
252}
253
254static uint16_t sd_crc16(void *message, size_t width)
255{
256 int i, bit;
257 uint16_t shift_reg = 0x0000;
258 uint16_t *msg = (uint16_t *) message;
259 width <<= 1;
260
261 for (i = 0; i < width; i ++, msg ++)
262 for (bit = 15; bit >= 0; bit --) {
263 shift_reg <<= 1;
264 if ((shift_reg >> 15) ^ ((*msg >> bit) & 1))
265 shift_reg ^= 0x1011;
266 }
267
268 return shift_reg;
269}
270
6f296421
PMD		 271#define OCR_POWER_DELAY_NS 500000 /* 0.5ms */
272
3d42fb52
PMD		 273FIELD(OCR, VDD_VOLTAGE_WINDOW, 0, 24)
274FIELD(OCR, VDD_VOLTAGE_WIN_LO, 0, 8)
275FIELD(OCR, DUAL_VOLTAGE_CARD, 7, 1)
276FIELD(OCR, VDD_VOLTAGE_WIN_HI, 8, 16)
277FIELD(OCR, ACCEPT_SWITCH_1V8, 24, 1) /* Only UHS-I */
278FIELD(OCR, UHS_II_CARD, 29, 1) /* Only UHS-II */
6f296421
PMD		 279FIELD(OCR, CARD_CAPACITY, 30, 1) /* 0:SDSC, 1:SDHC/SDXC */
280FIELD(OCR, CARD_POWER_UP, 31, 1)
281
3d42fb52
PMD		 282#define ACMD41_ENQUIRY_MASK 0x00ffffff
283#define ACMD41_R3_MASK (R_OCR_VDD_VOLTAGE_WIN_HI_MASK \
284 | R_OCR_ACCEPT_SWITCH_1V8_MASK \
285 | R_OCR_UHS_II_CARD_MASK \
286 | R_OCR_CARD_CAPACITY_MASK \
287 | R_OCR_CARD_POWER_UP_MASK)
288
a1bb27b1
PB		 289static void sd_set_ocr(SDState *sd)
290{
3d42fb52
PMD		 291 /* All voltages OK */
292 sd->ocr = R_OCR_VDD_VOLTAGE_WIN_HI_MASK;
dd26eb43
AB		 293}
294
295static void sd_ocr_powerup(void *opaque)
296{
297 SDState *sd = opaque;
298
814b2adc 299 trace_sdcard_powerup();
6f296421
PMD		 300 assert(!FIELD_EX32(sd->ocr, OCR, CARD_POWER_UP));
301
302 /* card power-up OK */
303 sd->ocr = FIELD_DP32(sd->ocr, OCR, CARD_POWER_UP, 1);
9273ea61
PMD		 304
305 if (sd->size > 1 * G_BYTE) {
306 sd->ocr = FIELD_DP32(sd->ocr, OCR, CARD_CAPACITY, 1);
307 }
a1bb27b1
PB		 308}
309
310static void sd_set_scr(SDState *sd)
311{
9b7ec55c
PMD		 312 sd->scr[0] = (0 << 4) /* SCR version 1.0 */
313 | 0; /* Spec Versions 1.0 and 1.01 */
314 sd->scr[1] = (2 << 4) /* SDSC Card (Security Version 1.01) */
315 | 0b0101; /* 1-bit or 4-bit width bus modes */
316 sd->scr[2] = 0x00; /* Extended Security is not supported. */
a1bb27b1 317 sd->scr[3] = 0x00;
9b7ec55c 318 /* reserved for manufacturer usage */
a1bb27b1
PB		 319 sd->scr[4] = 0x00;
320 sd->scr[5] = 0x00;
321 sd->scr[6] = 0x00;
322 sd->scr[7] = 0x00;
323}
324
325#define MID 0xaa
326#define OID "XY"
327#define PNM "QEMU!"
328#define PRV 0x01
329#define MDT_YR 2006
330#define MDT_MON 2
331
332static void sd_set_cid(SDState *sd)
333{
334 sd->cid[0] = MID; /* Fake card manufacturer ID (MID) */
335 sd->cid[1] = OID[0]; /* OEM/Application ID (OID) */
336 sd->cid[2] = OID[1];
337 sd->cid[3] = PNM[0]; /* Fake product name (PNM) */
338 sd->cid[4] = PNM[1];
339 sd->cid[5] = PNM[2];
340 sd->cid[6] = PNM[3];
341 sd->cid[7] = PNM[4];
342 sd->cid[8] = PRV; /* Fake product revision (PRV) */
343 sd->cid[9] = 0xde; /* Fake serial number (PSN) */
344 sd->cid[10] = 0xad;
345 sd->cid[11] = 0xbe;
346 sd->cid[12] = 0xef;
347 sd->cid[13] = 0x00 | /* Manufacture date (MDT) */
348 ((MDT_YR - 2000) / 10);
349 sd->cid[14] = ((MDT_YR % 10) << 4) | MDT_MON;
350 sd->cid[15] = (sd_crc7(sd->cid, 15) << 1) | 1;
351}
352
353#define HWBLOCK_SHIFT 9 /* 512 bytes */
354#define SECTOR_SHIFT 5 /* 16 kilobytes */
355#define WPGROUP_SHIFT 7 /* 2 megs */
356#define CMULT_SHIFT 9 /* 512 times HWBLOCK_SIZE */
a1bb27b1
PB		 357#define WPGROUP_SIZE (1 << (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT))
358
359static const uint8_t sd_csd_rw_mask[16] = {
360 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
361 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xfc, 0xfe,
362};
363
2d7adea4 364static void sd_set_csd(SDState *sd, uint64_t size)
a1bb27b1
PB		 365{
366 uint32_t csize = (size >> (CMULT_SHIFT + HWBLOCK_SHIFT)) - 1;
367 uint32_t sectsize = (1 << (SECTOR_SHIFT + 1)) - 1;
368 uint32_t wpsize = (1 << (WPGROUP_SHIFT + 1)) - 1;
369
7af83490 370 if (size <= 1 * G_BYTE) { /* Standard Capacity SD */
2d7adea4
AZ		 371 sd->csd[0] = 0x00; /* CSD structure */
372 sd->csd[1] = 0x26; /* Data read access-time-1 */
373 sd->csd[2] = 0x00; /* Data read access-time-2 */
d7ecb867 374 sd->csd[3] = 0x32; /* Max. data transfer rate: 25 MHz */
2d7adea4
AZ		 375 sd->csd[4] = 0x5f; /* Card Command Classes */
376 sd->csd[5] = 0x50 | /* Max. read data block length */
377 HWBLOCK_SHIFT;
378 sd->csd[6] = 0xe0 | /* Partial block for read allowed */
379 ((csize >> 10) & 0x03);
380 sd->csd[7] = 0x00 | /* Device size */
381 ((csize >> 2) & 0xff);
382 sd->csd[8] = 0x3f | /* Max. read current */
383 ((csize << 6) & 0xc0);
384 sd->csd[9] = 0xfc | /* Max. write current */
385 ((CMULT_SHIFT - 2) >> 1);
386 sd->csd[10] = 0x40 | /* Erase sector size */
387 (((CMULT_SHIFT - 2) << 7) & 0x80) | (sectsize >> 1);
388 sd->csd[11] = 0x00 | /* Write protect group size */
389 ((sectsize << 7) & 0x80) | wpsize;
390 sd->csd[12] = 0x90 | /* Write speed factor */
391 (HWBLOCK_SHIFT >> 2);
392 sd->csd[13] = 0x20 | /* Max. write data block length */
393 ((HWBLOCK_SHIFT << 6) & 0xc0);
394 sd->csd[14] = 0x00; /* File format group */
2d7adea4
AZ		 395 } else { /* SDHC */
396 size /= 512 * 1024;
397 size -= 1;
398 sd->csd[0] = 0x40;
399 sd->csd[1] = 0x0e;
400 sd->csd[2] = 0x00;
401 sd->csd[3] = 0x32;
402 sd->csd[4] = 0x5b;
403 sd->csd[5] = 0x59;
404 sd->csd[6] = 0x00;
405 sd->csd[7] = (size >> 16) & 0xff;
406 sd->csd[8] = (size >> 8) & 0xff;
407 sd->csd[9] = (size & 0xff);
408 sd->csd[10] = 0x7f;
409 sd->csd[11] = 0x80;
410 sd->csd[12] = 0x0a;
411 sd->csd[13] = 0x40;
412 sd->csd[14] = 0x00;
2d7adea4 413 }
e8feec80 414 sd->csd[15] = (sd_crc7(sd->csd, 15) << 1) | 1;
a1bb27b1
PB		 415}
416
417static void sd_set_rca(SDState *sd)
418{
419 sd->rca += 0x4567;
420}
421
da26e3f3
PMD		 422FIELD(CSR, AKE_SEQ_ERROR, 3, 1)
423FIELD(CSR, APP_CMD, 5, 1)
424FIELD(CSR, FX_EVENT, 6, 1)
425FIELD(CSR, READY_FOR_DATA, 8, 1)
426FIELD(CSR, CURRENT_STATE, 9, 4)
427FIELD(CSR, ERASE_RESET, 13, 1)
428FIELD(CSR, CARD_ECC_DISABLED, 14, 1)
429FIELD(CSR, WP_ERASE_SKIP, 15, 1)
430FIELD(CSR, CSD_OVERWRITE, 16, 1)
431FIELD(CSR, DEFERRED_RESPONSE, 17, 1)
432FIELD(CSR, ERROR, 19, 1)
433FIELD(CSR, CC_ERROR, 20, 1)
434FIELD(CSR, CARD_ECC_FAILED, 21, 1)
435FIELD(CSR, ILLEGAL_COMMAND, 22, 1)
436FIELD(CSR, COM_CRC_ERROR, 23, 1)
437FIELD(CSR, LOCK_UNLOCK_FAILED, 24, 1)
438FIELD(CSR, CARD_IS_LOCKED, 25, 1)
439FIELD(CSR, WP_VIOLATION, 26, 1)
440FIELD(CSR, ERASE_PARAM, 27, 1)
441FIELD(CSR, ERASE_SEQ_ERROR, 28, 1)
442FIELD(CSR, BLOCK_LEN_ERROR, 29, 1)
443FIELD(CSR, ADDRESS_ERROR, 30, 1)
444FIELD(CSR, OUT_OF_RANGE, 31, 1)
445
b8d334c8
PM		 446/* Card status bits, split by clear condition:
447 * A : According to the card current state
448 * B : Always related to the previous command
449 * C : Cleared by read
450 */
da26e3f3
PMD		 451#define CARD_STATUS_A (R_CSR_READY_FOR_DATA_MASK \
452 | R_CSR_CARD_ECC_DISABLED_MASK \
453 | R_CSR_CARD_IS_LOCKED_MASK)
454#define CARD_STATUS_B (R_CSR_CURRENT_STATE_MASK \
455 | R_CSR_ILLEGAL_COMMAND_MASK \
456 | R_CSR_COM_CRC_ERROR_MASK)
457#define CARD_STATUS_C (R_CSR_AKE_SEQ_ERROR_MASK \
458 | R_CSR_APP_CMD_MASK \
459 | R_CSR_ERASE_RESET_MASK \
460 | R_CSR_WP_ERASE_SKIP_MASK \
461 | R_CSR_CSD_OVERWRITE_MASK \
462 | R_CSR_ERROR_MASK \
463 | R_CSR_CC_ERROR_MASK \
464 | R_CSR_CARD_ECC_FAILED_MASK \
465 | R_CSR_LOCK_UNLOCK_FAILED_MASK \
466 | R_CSR_WP_VIOLATION_MASK \
467 | R_CSR_ERASE_PARAM_MASK \
468 | R_CSR_ERASE_SEQ_ERROR_MASK \
469 | R_CSR_BLOCK_LEN_ERROR_MASK \
470 | R_CSR_ADDRESS_ERROR_MASK \
471 | R_CSR_OUT_OF_RANGE_MASK)
a1bb27b1
PB		 472
473static void sd_set_cardstatus(SDState *sd)
474{
475 sd->card_status = 0x00000100;
476}
477
478static void sd_set_sdstatus(SDState *sd)
479{
480 memset(sd->sd_status, 0, 64);
481}
482
bc24a225 483static int sd_req_crc_validate(SDRequest *req)
a1bb27b1
PB		 484{
485 uint8_t buffer[5];
486 buffer[0] = 0x40 | req->cmd;
67bfddd6 487 stl_be_p(&buffer[1], req->arg);
a1bb27b1
PB		 488 return 0;
489 return sd_crc7(buffer, 5) != req->crc; /* TODO */
490}
491
10a412da 492static void sd_response_r1_make(SDState *sd, uint8_t *response)
a1bb27b1 493{
67bfddd6
PMD		 494 stl_be_p(response, sd->card_status);
495
1d06cb7a
PM		 496 /* Clear the "clear on read" status bits */
497 sd->card_status &= ~CARD_STATUS_C;
a1bb27b1
PB		 498}
499
9596ebb7 500static void sd_response_r3_make(SDState *sd, uint8_t *response)
a1bb27b1 501{
3d42fb52 502 stl_be_p(response, sd->ocr & ACMD41_R3_MASK);
a1bb27b1
PB		 503}
504
9596ebb7 505static void sd_response_r6_make(SDState *sd, uint8_t *response)
a1bb27b1 506{
a1bb27b1
PB		 507 uint16_t status;
508
a1bb27b1
PB		 509 status = ((sd->card_status >> 8) & 0xc000) |
510 ((sd->card_status >> 6) & 0x2000) |
511 (sd->card_status & 0x1fff);
fcfa9351 512 sd->card_status &= ~(CARD_STATUS_C & 0xc81fff);
67bfddd6
PMD		 513 stw_be_p(response + 0, sd->rca);
514 stw_be_p(response + 2, status);
a1bb27b1
PB		 515}
516
1b088995
AZ		 517static void sd_response_r7_make(SDState *sd, uint8_t *response)
518{
67bfddd6 519 stl_be_p(response, sd->vhs);
1b088995
AZ		 520}
521
b7202b88
MI		 522static inline uint64_t sd_addr_to_wpnum(uint64_t addr)
523{
524 return addr >> (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT);
525}
526
ba3ed0fa 527static void sd_reset(DeviceState *dev)
a1bb27b1 528{
ba3ed0fa 529 SDState *sd = SD_CARD(dev);
2d7adea4 530 uint64_t size;
a1bb27b1
PB		 531 uint64_t sect;
532
814b2adc 533 trace_sdcard_reset();
16b781aa
PM		 534 if (sd->blk) {
535 blk_get_geometry(sd->blk, &sect);
03f311ed
PB		 536 } else {
537 sect = 0;
538 }
5e37141b 539 size = sect << 9;
a1bb27b1 540
b7202b88 541 sect = sd_addr_to_wpnum(size) + 1;
a1bb27b1
PB		 542
543 sd->state = sd_idle_state;
544 sd->rca = 0x0000;
545 sd_set_ocr(sd);
546 sd_set_scr(sd);
547 sd_set_cid(sd);
548 sd_set_csd(sd, size);
549 sd_set_cardstatus(sd);
550 sd_set_sdstatus(sd);
551
ef1e1e07 552 g_free(sd->wp_groups);
16b781aa 553 sd->wp_switch = sd->blk ? blk_is_read_only(sd->blk) : false;
50a5be6c
IM		 554 sd->wpgrps_size = sect;
555 sd->wp_groups = bitmap_new(sd->wpgrps_size);
556 memset(sd->function_group, 0, sizeof(sd->function_group));
a1bb27b1
PB		 557 sd->erase_start = 0;
558 sd->erase_end = 0;
559 sd->size = size;
560 sd->blk_len = 0x200;
561 sd->pwd_len = 0;
bebd1271 562 sd->expecting_acmd = false;
da346922
PMD		 563 sd->dat_lines = 0xf;
564 sd->cmd_line = true;
4481bbc7 565 sd->multi_blk_cnt = 0;
a1bb27b1
PB		 566}
567
c759a790
PM		 568static bool sd_get_inserted(SDState *sd)
569{
0719e71e 570 return sd->blk && blk_is_inserted(sd->blk);
c759a790
PM		 571}
572
573static bool sd_get_readonly(SDState *sd)
574{
575 return sd->wp_switch;
576}
577
39829a01 578static void sd_cardchange(void *opaque, bool load, Error **errp)
a1bb27b1
PB		 579{
580 SDState *sd = opaque;
c759a790
PM		 581 DeviceState *dev = DEVICE(sd);
582 SDBus *sdbus = SD_BUS(qdev_get_parent_bus(dev));
583 bool inserted = sd_get_inserted(sd);
584 bool readonly = sd_get_readonly(sd);
db97ee6a 585
c759a790 586 if (inserted) {
814b2adc 587 trace_sdcard_inserted(readonly);
c759a790 588 sd_reset(dev);
814b2adc
PMD		 589 } else {
590 trace_sdcard_ejected();
c759a790
PM		 591 }
592
593 /* The IRQ notification is for legacy non-QOM SD controller devices;
594 * QOMified controllers use the SDBus APIs.
595 */
596 if (sdbus) {
597 sdbus_set_inserted(sdbus, inserted);
598 if (inserted) {
599 sdbus_set_readonly(sdbus, readonly);
600 }
601 } else {
602 qemu_set_irq(sd->inserted_cb, inserted);
603 if (inserted) {
604 qemu_set_irq(sd->readonly_cb, readonly);
605 }
a1bb27b1
PB		 606 }
607}
608
0e49de52 609static const BlockDevOps sd_block_ops = {
145feb17 610 .change_media_cb = sd_cardchange,
0e49de52
MA		 611};
612
dd26eb43
AB		 613static bool sd_ocr_vmstate_needed(void *opaque)
614{
615 SDState *sd = opaque;
616
617 /* Include the OCR state (and timer) if it is not yet powered up */
6f296421 618 return !FIELD_EX32(sd->ocr, OCR, CARD_POWER_UP);
dd26eb43
AB		 619}
620
621static const VMStateDescription sd_ocr_vmstate = {
622 .name = "sd-card/ocr-state",
623 .version_id = 1,
624 .minimum_version_id = 1,
625 .needed = sd_ocr_vmstate_needed,
626 .fields = (VMStateField[]) {
627 VMSTATE_UINT32(ocr, SDState),
628 VMSTATE_TIMER_PTR(ocr_power_timer, SDState),
629 VMSTATE_END_OF_LIST()
630 },
631};
632
633static int sd_vmstate_pre_load(void *opaque)
634{
635 SDState *sd = opaque;
636
637 /* If the OCR state is not included (prior versions, or not
638 * needed), then the OCR must be set as powered up. If the OCR state
639 * is included, this will be replaced by the state restore.
640 */
641 sd_ocr_powerup(sd);
642
643 return 0;
644}
645
50a5be6c
IM		 646static const VMStateDescription sd_vmstate = {
647 .name = "sd-card",
648 .version_id = 1,
649 .minimum_version_id = 1,
dd26eb43 650 .pre_load = sd_vmstate_pre_load,
50a5be6c
IM		 651 .fields = (VMStateField[]) {
652 VMSTATE_UINT32(mode, SDState),
653 VMSTATE_INT32(state, SDState),
654 VMSTATE_UINT8_ARRAY(cid, SDState, 16),
655 VMSTATE_UINT8_ARRAY(csd, SDState, 16),
656 VMSTATE_UINT16(rca, SDState),
657 VMSTATE_UINT32(card_status, SDState),
658 VMSTATE_PARTIAL_BUFFER(sd_status, SDState, 1),
659 VMSTATE_UINT32(vhs, SDState),
660 VMSTATE_BITMAP(wp_groups, SDState, 0, wpgrps_size),
661 VMSTATE_UINT32(blk_len, SDState),
4481bbc7 662 VMSTATE_UINT32(multi_blk_cnt, SDState),
50a5be6c
IM		 663 VMSTATE_UINT32(erase_start, SDState),
664 VMSTATE_UINT32(erase_end, SDState),
665 VMSTATE_UINT8_ARRAY(pwd, SDState, 16),
666 VMSTATE_UINT32(pwd_len, SDState),
667 VMSTATE_UINT8_ARRAY(function_group, SDState, 6),
668 VMSTATE_UINT8(current_cmd, SDState),
669 VMSTATE_BOOL(expecting_acmd, SDState),
670 VMSTATE_UINT32(blk_written, SDState),
671 VMSTATE_UINT64(data_start, SDState),
672 VMSTATE_UINT32(data_offset, SDState),
673 VMSTATE_UINT8_ARRAY(data, SDState, 512),
12c125cb 674 VMSTATE_UNUSED_V(1, 512),
50a5be6c
IM		 675 VMSTATE_BOOL(enable, SDState),
676 VMSTATE_END_OF_LIST()
dd26eb43
AB		 677 },
678 .subsections = (const VMStateDescription*[]) {
679 &sd_ocr_vmstate,
680 NULL
681 },
50a5be6c
IM		 682};
683
260bc9d8 684/* Legacy initialization function for use by non-qdevified callers */
4be74634 685SDState *sd_init(BlockBackend *blk, bool is_spi)
a1bb27b1 686{
fec44a8c 687 Object *obj;
260bc9d8
PM		 688 DeviceState *dev;
689 Error *err = NULL;
a1bb27b1 690
fec44a8c
PM		 691 obj = object_new(TYPE_SD_CARD);
692 dev = DEVICE(obj);
260bc9d8
PM		 693 qdev_prop_set_drive(dev, "drive", blk, &err);
694 if (err) {
695 error_report("sd_init failed: %s", error_get_pretty(err));
4f8a066b
KW		 696 return NULL;
697 }
260bc9d8 698 qdev_prop_set_bit(dev, "spi", is_spi);
fec44a8c 699 object_property_set_bool(obj, true, "realized", &err);
260bc9d8
PM		 700 if (err) {
701 error_report("sd_init failed: %s", error_get_pretty(err));
702 return NULL;
03f311ed 703 }
260bc9d8
PM		 704
705 return SD_CARD(dev);
a1bb27b1
PB		 706}
707
02ce600c 708void sd_set_cb(SDState *sd, qemu_irq readonly, qemu_irq insert)
a1bb27b1 709{
02ce600c
AZ		 710 sd->readonly_cb = readonly;
711 sd->inserted_cb = insert;
4be74634
MA		 712 qemu_set_irq(readonly, sd->blk ? blk_is_read_only(sd->blk) : 0);
713 qemu_set_irq(insert, sd->blk ? blk_is_inserted(sd->blk) : 0);
a1bb27b1
PB		 714}
715
716static void sd_erase(SDState *sd)
717{
f2d189d3
IM		 718 int i;
719 uint64_t erase_start = sd->erase_start;
720 uint64_t erase_end = sd->erase_end;
721
814b2adc 722 trace_sdcard_erase();
a1bb27b1
PB		 723 if (!sd->erase_start || !sd->erase_end) {
724 sd->card_status |= ERASE_SEQ_ERROR;
725 return;
726 }
727
6f296421 728 if (FIELD_EX32(sd->ocr, OCR, CARD_CAPACITY)) {
f2d189d3
IM		 729 /* High capacity memory card: erase units are 512 byte blocks */
730 erase_start *= 512;
731 erase_end *= 512;
732 }
733
734 erase_start = sd_addr_to_wpnum(erase_start);
735 erase_end = sd_addr_to_wpnum(erase_end);
a1bb27b1
PB		 736 sd->erase_start = 0;
737 sd->erase_end = 0;
738 sd->csd[14] |= 0x40;
739
f2d189d3 740 for (i = erase_start; i <= erase_end; i++) {
a9c01830 741 if (test_bit(i, sd->wp_groups)) {
a1bb27b1 742 sd->card_status |= WP_ERASE_SKIP;
a9c01830
MI		 743 }
744 }
a1bb27b1
PB		 745}
746
2d7adea4 747static uint32_t sd_wpbits(SDState *sd, uint64_t addr)
a1bb27b1
PB		 748{
749 uint32_t i, wpnum;
750 uint32_t ret = 0;
751
b7202b88 752 wpnum = sd_addr_to_wpnum(addr);
a1bb27b1 753
a9c01830
MI		 754 for (i = 0; i < 32; i++, wpnum++, addr += WPGROUP_SIZE) {
755 if (addr < sd->size && test_bit(wpnum, sd->wp_groups)) {
a1bb27b1 756 ret |= (1 << i);
a9c01830
MI		 757 }
758 }
a1bb27b1
PB		 759
760 return ret;
761}
762
763static void sd_function_switch(SDState *sd, uint32_t arg)
764{
67bfddd6 765 int i, mode, new_func;
a1bb27b1
PB		 766 mode = !!(arg & 0x80000000);
767
768 sd->data[0] = 0x00; /* Maximum current consumption */
769 sd->data[1] = 0x01;
770 sd->data[2] = 0x80; /* Supported group 6 functions */
771 sd->data[3] = 0x01;
772 sd->data[4] = 0x80; /* Supported group 5 functions */
773 sd->data[5] = 0x01;
774 sd->data[6] = 0x80; /* Supported group 4 functions */
775 sd->data[7] = 0x01;
776 sd->data[8] = 0x80; /* Supported group 3 functions */
777 sd->data[9] = 0x01;
778 sd->data[10] = 0x80; /* Supported group 2 functions */
779 sd->data[11] = 0x43;
780 sd->data[12] = 0x80; /* Supported group 1 functions */
781 sd->data[13] = 0x03;
782 for (i = 0; i < 6; i ++) {
783 new_func = (arg >> (i * 4)) & 0x0f;
784 if (mode && new_func != 0x0f)
785 sd->function_group[i] = new_func;
786 sd->data[14 + (i >> 1)] = new_func << ((i * 4) & 4);
787 }
788 memset(&sd->data[17], 0, 47);
67bfddd6 789 stw_be_p(sd->data + 65, sd_crc16(sd->data, 64));
a1bb27b1
PB		 790}
791
4e8f1be2 792static inline bool sd_wp_addr(SDState *sd, uint64_t addr)
a1bb27b1 793{
b7202b88 794 return test_bit(sd_addr_to_wpnum(addr), sd->wp_groups);
a1bb27b1
PB		 795}
796
797static void sd_lock_command(SDState *sd)
798{
799 int erase, lock, clr_pwd, set_pwd, pwd_len;
800 erase = !!(sd->data[0] & 0x08);
801 lock = sd->data[0] & 0x04;
802 clr_pwd = sd->data[0] & 0x02;
803 set_pwd = sd->data[0] & 0x01;
804
805 if (sd->blk_len > 1)
806 pwd_len = sd->data[1];
807 else
808 pwd_len = 0;
809
814b2adc
PMD		 810 if (lock) {
811 trace_sdcard_lock();
812 } else {
813 trace_sdcard_unlock();
814 }
a1bb27b1
PB		 815 if (erase) {
816 if (!(sd->card_status & CARD_IS_LOCKED) || sd->blk_len > 1 ||
817 set_pwd || clr_pwd || lock || sd->wp_switch ||
818 (sd->csd[14] & 0x20)) {
819 sd->card_status |= LOCK_UNLOCK_FAILED;
820 return;
821 }
50a5be6c 822 bitmap_zero(sd->wp_groups, sd->wpgrps_size);
a1bb27b1
PB		 823 sd->csd[14] &= ~0x10;
824 sd->card_status &= ~CARD_IS_LOCKED;
825 sd->pwd_len = 0;
826 /* Erasing the entire card here! */
827df9f3 827 fprintf(stderr, "SD: Card force-erased by CMD42\n");
a1bb27b1
PB		 828 return;
829 }
830
831 if (sd->blk_len < 2 + pwd_len ||
832 pwd_len <= sd->pwd_len ||
833 pwd_len > sd->pwd_len + 16) {
834 sd->card_status |= LOCK_UNLOCK_FAILED;
835 return;
836 }
837
838 if (sd->pwd_len && memcmp(sd->pwd, sd->data + 2, sd->pwd_len)) {
839 sd->card_status |= LOCK_UNLOCK_FAILED;
840 return;
841 }
842
843 pwd_len -= sd->pwd_len;
844 if ((pwd_len && !set_pwd) ||
845 (clr_pwd && (set_pwd || lock)) ||
846 (lock && !sd->pwd_len && !set_pwd) ||
847 (!set_pwd && !clr_pwd &&
848 (((sd->card_status & CARD_IS_LOCKED) && lock) ||
849 (!(sd->card_status & CARD_IS_LOCKED) && !lock)))) {
850 sd->card_status |= LOCK_UNLOCK_FAILED;
851 return;
852 }
853
854 if (set_pwd) {
855 memcpy(sd->pwd, sd->data + 2 + sd->pwd_len, pwd_len);
856 sd->pwd_len = pwd_len;
857 }
858
859 if (clr_pwd) {
860 sd->pwd_len = 0;
861 }
862
863 if (lock)
864 sd->card_status |= CARD_IS_LOCKED;
865 else
866 sd->card_status &= ~CARD_IS_LOCKED;
867}
868
586634b9 869static sd_rsp_type_t sd_normal_command(SDState *sd, SDRequest req)
a1bb27b1
PB		 870{
871 uint32_t rca = 0x0000;
2d7adea4 872 uint64_t addr = (sd->ocr & (1 << 30)) ? (uint64_t) req.arg << 9 : req.arg;
a1bb27b1 873
586634b9
PMD		 874 /* CMD55 precedes an ACMD, so we are not interested in tracing it.
875 * However there is no ACMD55, so we want to trace this particular case.
876 */
877 if (req.cmd != 55 || sd->expecting_acmd) {
878 trace_sdcard_normal_command(req.cmd, req.arg,
879 sd_state_name(sd->state));
880 }
1b640aa9 881
1d06cb7a
PM		 882 /* Not interpreting this as an app command */
883 sd->card_status &= ~APP_CMD;
884
f250015b
PMD		 885 if (sd_cmd_type[req.cmd] == sd_ac
886 || sd_cmd_type[req.cmd] == sd_adtc) {
a1bb27b1 887 rca = req.arg >> 16;
97f4ed3b 888 }
a1bb27b1 889
4481bbc7
AB		 890 /* CMD23 (set block count) must be immediately followed by CMD18 or CMD25
891 * if not, its effects are cancelled */
892 if (sd->multi_blk_cnt != 0 && !(req.cmd == 18 || req.cmd == 25)) {
893 sd->multi_blk_cnt = 0;
894 }
895
a1bb27b1
PB		 896 switch (req.cmd) {
897 /* Basic commands (Class 0 and Class 1) */
898 case 0: /* CMD0: GO_IDLE_STATE */
899 switch (sd->state) {
900 case sd_inactive_state:
775616c3 901 return sd->spi ? sd_r1 : sd_r0;
a1bb27b1
PB		 902
903 default:
904 sd->state = sd_idle_state;
ba3ed0fa 905 sd_reset(DEVICE(sd));
775616c3 906 return sd->spi ? sd_r1 : sd_r0;
a1bb27b1
PB		 907 }
908 break;
909
775616c3
PB		 910 case 1: /* CMD1: SEND_OP_CMD */
911 if (!sd->spi)
912 goto bad_cmd;
913
914 sd->state = sd_transfer_state;
915 return sd_r1;
916
a1bb27b1 917 case 2: /* CMD2: ALL_SEND_CID */
775616c3
PB		 918 if (sd->spi)
919 goto bad_cmd;
a1bb27b1
PB		 920 switch (sd->state) {
921 case sd_ready_state:
922 sd->state = sd_identification_state;
923 return sd_r2_i;
924
925 default:
926 break;
927 }
928 break;
929
930 case 3: /* CMD3: SEND_RELATIVE_ADDR */
775616c3
PB		 931 if (sd->spi)
932 goto bad_cmd;
a1bb27b1
PB		 933 switch (sd->state) {
934 case sd_identification_state:
935 case sd_standby_state:
936 sd->state = sd_standby_state;
937 sd_set_rca(sd);
938 return sd_r6;
939
940 default:
941 break;
942 }
943 break;
944
945 case 4: /* CMD4: SEND_DSR */
775616c3
PB		 946 if (sd->spi)
947 goto bad_cmd;
a1bb27b1
PB		 948 switch (sd->state) {
949 case sd_standby_state:
950 break;
951
952 default:
953 break;
954 }
955 break;
956
109ac32f 957 case 5: /* CMD5: reserved for SDIO cards */
53bb8cc4 958 return sd_illegal;
109ac32f 959
a1bb27b1 960 case 6: /* CMD6: SWITCH_FUNCTION */
775616c3
PB		 961 if (sd->spi)
962 goto bad_cmd;
a1bb27b1
PB		 963 switch (sd->mode) {
964 case sd_data_transfer_mode:
965 sd_function_switch(sd, req.arg);
966 sd->state = sd_sendingdata_state;
967 sd->data_start = 0;
968 sd->data_offset = 0;
969 return sd_r1;
970
971 default:
972 break;
973 }
974 break;
975
976 case 7: /* CMD7: SELECT/DESELECT_CARD */
775616c3
PB		 977 if (sd->spi)
978 goto bad_cmd;
a1bb27b1
PB		 979 switch (sd->state) {
980 case sd_standby_state:
981 if (sd->rca != rca)
982 return sd_r0;
983
984 sd->state = sd_transfer_state;
985 return sd_r1b;
986
987 case sd_transfer_state:
988 case sd_sendingdata_state:
989 if (sd->rca == rca)
990 break;
991
992 sd->state = sd_standby_state;
993 return sd_r1b;
994
995 case sd_disconnect_state:
996 if (sd->rca != rca)
997 return sd_r0;
998
999 sd->state = sd_programming_state;
1000 return sd_r1b;
1001
1002 case sd_programming_state:
1003 if (sd->rca == rca)
1004 break;
1005
1006 sd->state = sd_disconnect_state;
1007 return sd_r1b;
1008
1009 default:
1010 break;
1011 }
1012 break;
1013
1b088995
AZ		 1014 case 8: /* CMD8: SEND_IF_COND */
1015 /* Physical Layer Specification Version 2.00 command */
ad0ade55 1016 if (sd->state != sd_idle_state) {
1b088995
AZ		 1017 break;
1018 }
ad0ade55
PMD		 1019 sd->vhs = 0;
1020
1021 /* No response if not exactly one VHS bit is set. */
1022 if (!(req.arg >> 8) || (req.arg >> (ctz32(req.arg & ~0xff) + 1))) {
1023 return sd->spi ? sd_r7 : sd_r0;
1024 }
1025
1026 /* Accept. */
1027 sd->vhs = req.arg;
1028 return sd_r7;
1b088995 1029
a1bb27b1
PB		 1030 case 9: /* CMD9: SEND_CSD */
1031 switch (sd->state) {
1032 case sd_standby_state:
1033 if (sd->rca != rca)
1034 return sd_r0;
1035
1036 return sd_r2_s;
1037
775616c3
PB		 1038 case sd_transfer_state:
1039 if (!sd->spi)
1040 break;
1041 sd->state = sd_sendingdata_state;
1042 memcpy(sd->data, sd->csd, 16);
2d7adea4 1043 sd->data_start = addr;
775616c3
PB		 1044 sd->data_offset = 0;
1045 return sd_r1;
1046
a1bb27b1
PB		 1047 default:
1048 break;
1049 }
1050 break;
1051
1052 case 10: /* CMD10: SEND_CID */
1053 switch (sd->state) {
1054 case sd_standby_state:
1055 if (sd->rca != rca)
1056 return sd_r0;
1057
1058 return sd_r2_i;
1059
775616c3
PB		 1060 case sd_transfer_state:
1061 if (!sd->spi)
1062 break;
1063 sd->state = sd_sendingdata_state;
1064 memcpy(sd->data, sd->cid, 16);
2d7adea4 1065 sd->data_start = addr;
775616c3
PB		 1066 sd->data_offset = 0;
1067 return sd_r1;
1068
a1bb27b1
PB		 1069 default:
1070 break;
1071 }
1072 break;
1073
a1bb27b1
PB		 1074 case 12: /* CMD12: STOP_TRANSMISSION */
1075 switch (sd->state) {
1076 case sd_sendingdata_state:
1077 sd->state = sd_transfer_state;
1078 return sd_r1b;
1079
1080 case sd_receivingdata_state:
1081 sd->state = sd_programming_state;
1082 /* Bzzzzzzztt .... Operation complete. */
1083 sd->state = sd_transfer_state;
1084 return sd_r1b;
1085
1086 default:
1087 break;
1088 }
1089 break;
1090
1091 case 13: /* CMD13: SEND_STATUS */
1092 switch (sd->mode) {
1093 case sd_data_transfer_mode:
1094 if (sd->rca != rca)
1095 return sd_r0;
1096
1097 return sd_r1;
1098
1099 default:
1100 break;
1101 }
1102 break;
1103
1104 case 15: /* CMD15: GO_INACTIVE_STATE */
775616c3
PB		 1105 if (sd->spi)
1106 goto bad_cmd;
a1bb27b1
PB		 1107 switch (sd->mode) {
1108 case sd_data_transfer_mode:
1109 if (sd->rca != rca)
1110 return sd_r0;
1111
1112 sd->state = sd_inactive_state;
1113 return sd_r0;
1114
1115 default:
1116 break;
1117 }
1118 break;
1119
1120 /* Block read commands (Classs 2) */
1121 case 16: /* CMD16: SET_BLOCKLEN */
1122 switch (sd->state) {
1123 case sd_transfer_state:
814b2adc 1124 if (req.arg > (1 << HWBLOCK_SHIFT)) {
a1bb27b1 1125 sd->card_status |= BLOCK_LEN_ERROR;
814b2adc
PMD		 1126 } else {
1127 trace_sdcard_set_blocklen(req.arg);
a1bb27b1 1128 sd->blk_len = req.arg;
814b2adc 1129 }
a1bb27b1
PB		 1130
1131 return sd_r1;
1132
1133 default:
1134 break;
1135 }
1136 break;
1137
1138 case 17: /* CMD17: READ_SINGLE_BLOCK */
1139 switch (sd->state) {
1140 case sd_transfer_state:
1141 sd->state = sd_sendingdata_state;
2d7adea4 1142 sd->data_start = addr;
a1bb27b1
PB		 1143 sd->data_offset = 0;
1144
1145 if (sd->data_start + sd->blk_len > sd->size)
1146 sd->card_status |= ADDRESS_ERROR;
1147 return sd_r1;
1148
1149 default:
1150 break;
1151 }
1152 break;
1153
1154 case 18: /* CMD18: READ_MULTIPLE_BLOCK */
1155 switch (sd->state) {
1156 case sd_transfer_state:
1157 sd->state = sd_sendingdata_state;
2d7adea4 1158 sd->data_start = addr;
a1bb27b1
PB		 1159 sd->data_offset = 0;
1160
1161 if (sd->data_start + sd->blk_len > sd->size)
1162 sd->card_status |= ADDRESS_ERROR;
1163 return sd_r1;
1164
1165 default:
1166 break;
1167 }
1168 break;
1169
4481bbc7
AB		 1170 case 23: /* CMD23: SET_BLOCK_COUNT */
1171 switch (sd->state) {
1172 case sd_transfer_state:
1173 sd->multi_blk_cnt = req.arg;
1174 return sd_r1;
1175
1176 default:
1177 break;
1178 }
1179 break;
1180
a1bb27b1
PB		 1181 /* Block write commands (Class 4) */
1182 case 24: /* CMD24: WRITE_SINGLE_BLOCK */
a2120864
PMD		 1183 if (sd->spi) {
1184 goto unimplemented_spi_cmd;
1185 }
a1bb27b1
PB		 1186 switch (sd->state) {
1187 case sd_transfer_state:
775616c3
PB		 1188 /* Writing in SPI mode not implemented. */
1189 if (sd->spi)
1190 break;
a1bb27b1 1191 sd->state = sd_receivingdata_state;
2d7adea4 1192 sd->data_start = addr;
a1bb27b1
PB		 1193 sd->data_offset = 0;
1194 sd->blk_written = 0;
1195
1196 if (sd->data_start + sd->blk_len > sd->size)
1197 sd->card_status |= ADDRESS_ERROR;
1198 if (sd_wp_addr(sd, sd->data_start))
1199 sd->card_status |= WP_VIOLATION;
1200 if (sd->csd[14] & 0x30)
1201 sd->card_status |= WP_VIOLATION;
1202 return sd_r1;
1203
1204 default:
1205 break;
1206 }
1207 break;
1208
1209 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
a2120864
PMD		 1210 if (sd->spi) {
1211 goto unimplemented_spi_cmd;
1212 }
a1bb27b1
PB		 1213 switch (sd->state) {
1214 case sd_transfer_state:
775616c3
PB		 1215 /* Writing in SPI mode not implemented. */
1216 if (sd->spi)
1217 break;
a1bb27b1 1218 sd->state = sd_receivingdata_state;
2d7adea4 1219 sd->data_start = addr;
a1bb27b1
PB		 1220 sd->data_offset = 0;
1221 sd->blk_written = 0;
1222
1223 if (sd->data_start + sd->blk_len > sd->size)
1224 sd->card_status |= ADDRESS_ERROR;
1225 if (sd_wp_addr(sd, sd->data_start))
1226 sd->card_status |= WP_VIOLATION;
1227 if (sd->csd[14] & 0x30)
1228 sd->card_status |= WP_VIOLATION;
1229 return sd_r1;
1230
1231 default:
1232 break;
1233 }
1234 break;
1235
1236 case 26: /* CMD26: PROGRAM_CID */
775616c3
PB		 1237 if (sd->spi)
1238 goto bad_cmd;
a1bb27b1
PB		 1239 switch (sd->state) {
1240 case sd_transfer_state:
1241 sd->state = sd_receivingdata_state;
1242 sd->data_start = 0;
1243 sd->data_offset = 0;
1244 return sd_r1;
1245
1246 default:
1247 break;
1248 }
1249 break;
1250
1251 case 27: /* CMD27: PROGRAM_CSD */
a2120864
PMD		 1252 if (sd->spi) {
1253 goto unimplemented_spi_cmd;
1254 }
a1bb27b1
PB		 1255 switch (sd->state) {
1256 case sd_transfer_state:
1257 sd->state = sd_receivingdata_state;
1258 sd->data_start = 0;
1259 sd->data_offset = 0;
1260 return sd_r1;
1261
1262 default:
1263 break;
1264 }
1265 break;
1266
1267 /* Write protection (Class 6) */
1268 case 28: /* CMD28: SET_WRITE_PROT */
1269 switch (sd->state) {
1270 case sd_transfer_state:
2d7adea4 1271 if (addr >= sd->size) {
e30d5938 1272 sd->card_status |= ADDRESS_ERROR;
a1bb27b1
PB		 1273 return sd_r1b;
1274 }
1275
1276 sd->state = sd_programming_state;
b7202b88 1277 set_bit(sd_addr_to_wpnum(addr), sd->wp_groups);
a1bb27b1
PB		 1278 /* Bzzzzzzztt .... Operation complete. */
1279 sd->state = sd_transfer_state;
1280 return sd_r1b;
1281
1282 default:
1283 break;
1284 }
1285 break;
1286
1287 case 29: /* CMD29: CLR_WRITE_PROT */
1288 switch (sd->state) {
1289 case sd_transfer_state:
2d7adea4 1290 if (addr >= sd->size) {
e30d5938 1291 sd->card_status |= ADDRESS_ERROR;
a1bb27b1
PB		 1292 return sd_r1b;
1293 }
1294
1295 sd->state = sd_programming_state;
b7202b88 1296 clear_bit(sd_addr_to_wpnum(addr), sd->wp_groups);
a1bb27b1
PB		 1297 /* Bzzzzzzztt .... Operation complete. */
1298 sd->state = sd_transfer_state;
1299 return sd_r1b;
1300
1301 default:
1302 break;
1303 }
1304 break;
1305
1306 case 30: /* CMD30: SEND_WRITE_PROT */
1307 switch (sd->state) {
1308 case sd_transfer_state:
1309 sd->state = sd_sendingdata_state;
1310 *(uint32_t *) sd->data = sd_wpbits(sd, req.arg);
2d7adea4 1311 sd->data_start = addr;
a1bb27b1
PB		 1312 sd->data_offset = 0;
1313 return sd_r1b;
1314
1315 default:
1316 break;
1317 }
1318 break;
1319
1320 /* Erase commands (Class 5) */
1321 case 32: /* CMD32: ERASE_WR_BLK_START */
1322 switch (sd->state) {
1323 case sd_transfer_state:
1324 sd->erase_start = req.arg;
1325 return sd_r1;
1326
1327 default:
1328 break;
1329 }
1330 break;
1331
1332 case 33: /* CMD33: ERASE_WR_BLK_END */
1333 switch (sd->state) {
1334 case sd_transfer_state:
1335 sd->erase_end = req.arg;
1336 return sd_r1;
1337
1338 default:
1339 break;
1340 }
1341 break;
1342
1343 case 38: /* CMD38: ERASE */
1344 switch (sd->state) {
1345 case sd_transfer_state:
1346 if (sd->csd[14] & 0x30) {
1347 sd->card_status |= WP_VIOLATION;
1348 return sd_r1b;
1349 }
1350
1351 sd->state = sd_programming_state;
1352 sd_erase(sd);
1353 /* Bzzzzzzztt .... Operation complete. */
1354 sd->state = sd_transfer_state;
1355 return sd_r1b;
1356
1357 default:
1358 break;
1359 }
1360 break;
1361
1362 /* Lock card commands (Class 7) */
1363 case 42: /* CMD42: LOCK_UNLOCK */
a2120864
PMD		 1364 if (sd->spi) {
1365 goto unimplemented_spi_cmd;
1366 }
a1bb27b1
PB		 1367 switch (sd->state) {
1368 case sd_transfer_state:
1369 sd->state = sd_receivingdata_state;
1370 sd->data_start = 0;
1371 sd->data_offset = 0;
1372 return sd_r1;
1373
1374 default:
1375 break;
1376 }
1377 break;
1378
49fb7381
PMD		 1379 case 52 ... 54:
1380 /* CMD52, CMD53, CMD54: reserved for SDIO cards
39e594db
PM		 1381 * (see the SDIO Simplified Specification V2.0)
1382 * Handle as illegal command but do not complain
1383 * on stderr, as some OSes may use these in their
1384 * probing for presence of an SDIO card.
1385 */
53bb8cc4 1386 return sd_illegal;
39e594db 1387
a1bb27b1
PB		 1388 /* Application specific commands (Class 8) */
1389 case 55: /* CMD55: APP_CMD */
d6911486
PMD		 1390 switch (sd->state) {
1391 case sd_ready_state:
1392 case sd_identification_state:
1393 case sd_inactive_state:
1394 return sd_illegal;
31162800
PMD		 1395 case sd_idle_state:
1396 if (rca) {
1397 qemu_log_mask(LOG_GUEST_ERROR,
1398 "SD: illegal RCA 0x%04x for APP_CMD\n", req.cmd);
1399 }
d6911486
PMD		 1400 default:
1401 break;
1402 }
946897ce
PMD		 1403 if (!sd->spi) {
1404 if (sd->rca != rca) {
1405 return sd_r0;
1406 }
1407 }
bebd1271 1408 sd->expecting_acmd = true;
a1bb27b1
PB		 1409 sd->card_status |= APP_CMD;
1410 return sd_r1;
1411
1412 case 56: /* CMD56: GEN_CMD */
a1bb27b1
PB		 1413 switch (sd->state) {
1414 case sd_transfer_state:
1415 sd->data_offset = 0;
1416 if (req.arg & 1)
1417 sd->state = sd_sendingdata_state;
1418 else
1419 sd->state = sd_receivingdata_state;
1420 return sd_r1;
1421
1422 default:
1423 break;
1424 }
1425 break;
1426
946897ce
PMD		 1427 case 58: /* CMD58: READ_OCR (SPI) */
1428 if (!sd->spi) {
1429 goto bad_cmd;
1430 }
1431 return sd_r3;
1432
1433 case 59: /* CMD59: CRC_ON_OFF (SPI) */
1434 if (!sd->spi) {
1435 goto bad_cmd;
1436 }
1437 goto unimplemented_spi_cmd;
1438
a1bb27b1 1439 default:
775616c3 1440 bad_cmd:
9800ad88 1441 qemu_log_mask(LOG_GUEST_ERROR, "SD: Unknown CMD%i\n", req.cmd);
53bb8cc4 1442 return sd_illegal;
775616c3 1443
a2120864 1444 unimplemented_spi_cmd:
775616c3 1445 /* Commands that are recognised but not yet implemented in SPI mode. */
9800ad88
AB		 1446 qemu_log_mask(LOG_UNIMP, "SD: CMD%i not implemented in SPI mode\n",
1447 req.cmd);
53bb8cc4 1448 return sd_illegal;
a1bb27b1
PB		 1449 }
1450
9800ad88 1451 qemu_log_mask(LOG_GUEST_ERROR, "SD: CMD%i in a wrong state\n", req.cmd);
53bb8cc4 1452 return sd_illegal;
a1bb27b1
PB		 1453}
1454
c227f099 1455static sd_rsp_type_t sd_app_command(SDState *sd,
22ed1d34
BS		 1456 SDRequest req)
1457{
1b640aa9 1458 trace_sdcard_app_command(req.cmd, req.arg);
1d06cb7a 1459 sd->card_status |= APP_CMD;
a1bb27b1
PB		 1460 switch (req.cmd) {
1461 case 6: /* ACMD6: SET_BUS_WIDTH */
946897ce
PMD		 1462 if (sd->spi) {
1463 goto unimplemented_spi_cmd;
1464 }
a1bb27b1
PB		 1465 switch (sd->state) {
1466 case sd_transfer_state:
1467 sd->sd_status[0] &= 0x3f;
1468 sd->sd_status[0] |= (req.arg & 0x03) << 6;
1469 return sd_r1;
1470
1471 default:
1472 break;
1473 }
1474 break;
1475
1476 case 13: /* ACMD13: SD_STATUS */
1477 switch (sd->state) {
1478 case sd_transfer_state:
fb1ba03a 1479 sd->state = sd_sendingdata_state;
a1bb27b1
PB		 1480 sd->data_start = 0;
1481 sd->data_offset = 0;
1482 return sd_r1;
1483
1484 default:
1485 break;
1486 }
1487 break;
1488
1489 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
1490 switch (sd->state) {
1491 case sd_transfer_state:
1492 *(uint32_t *) sd->data = sd->blk_written;
1493
fb1ba03a 1494 sd->state = sd_sendingdata_state;
a1bb27b1
PB		 1495 sd->data_start = 0;
1496 sd->data_offset = 0;
1497 return sd_r1;
1498
1499 default:
1500 break;
1501 }
1502 break;
1503
1504 case 23: /* ACMD23: SET_WR_BLK_ERASE_COUNT */
1505 switch (sd->state) {
1506 case sd_transfer_state:
1507 return sd_r1;
1508
1509 default:
1510 break;
1511 }
1512 break;
1513
1514 case 41: /* ACMD41: SD_APP_OP_COND */
775616c3
PB		 1515 if (sd->spi) {
1516 /* SEND_OP_CMD */
1517 sd->state = sd_transfer_state;
1518 return sd_r1;
1519 }
4e5cc675
PMD		 1520 if (sd->state != sd_idle_state) {
1521 break;
1522 }
1523 /* If it's the first ACMD41 since reset, we need to decide
1524 * whether to power up. If this is not an enquiry ACMD41,
1525 * we immediately report power on and proceed below to the
1526 * ready state, but if it is, we set a timer to model a
1527 * delay for power up. This works around a bug in EDK2
1528 * UEFI, which sends an initial enquiry ACMD41, but
1529 * assumes that the card is in ready state as soon as it
1530 * sees the power up bit set. */
1531 if (!FIELD_EX32(sd->ocr, OCR, CARD_POWER_UP)) {
1532 if ((req.arg & ACMD41_ENQUIRY_MASK) != 0) {
1533 timer_del(sd->ocr_power_timer);
1534 sd_ocr_powerup(sd);
1535 } else {
1536 trace_sdcard_inquiry_cmd41();
1537 if (!timer_pending(sd->ocr_power_timer)) {
1538 timer_mod_ns(sd->ocr_power_timer,
1539 (qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL)
1540 + OCR_POWER_DELAY_NS));
dd26eb43
AB		 1541 }
1542 }
4e5cc675 1543 }
dd26eb43 1544
4e5cc675 1545 if (FIELD_EX32(sd->ocr & req.arg, OCR, VDD_VOLTAGE_WINDOW)) {
37ab4a56
PC		 1546 /* We accept any voltage. 10000 V is nothing.
1547 *
dd26eb43 1548 * Once we're powered up, we advance straight to ready state
37ab4a56
PC		 1549 * unless it's an enquiry ACMD41 (bits 23:0 == 0).
1550 */
4e5cc675 1551 sd->state = sd_ready_state;
a1bb27b1 1552 }
4e5cc675
PMD		 1553
1554 return sd_r3;
a1bb27b1
PB		 1555
1556 case 42: /* ACMD42: SET_CLR_CARD_DETECT */
1557 switch (sd->state) {
1558 case sd_transfer_state:
1559 /* Bringing in the 50KOhm pull-up resistor... Done. */
1560 return sd_r1;
1561
1562 default:
1563 break;
1564 }
1565 break;
1566
1567 case 51: /* ACMD51: SEND_SCR */
1568 switch (sd->state) {
1569 case sd_transfer_state:
1570 sd->state = sd_sendingdata_state;
1571 sd->data_start = 0;
1572 sd->data_offset = 0;
1573 return sd_r1;
1574
1575 default:
1576 break;
1577 }
1578 break;
1579
688491c7
PMD		 1580 case 18: /* Reserved for SD security applications */
1581 case 25:
1582 case 26:
1583 case 38:
1584 case 43 ... 49:
1585 /* Refer to the "SD Specifications Part3 Security Specification" for
1586 * information about the SD Security Features.
1587 */
1588 qemu_log_mask(LOG_UNIMP, "SD: CMD%i Security not implemented\n",
1589 req.cmd);
1590 return sd_illegal;
1591
a1bb27b1
PB		 1592 default:
1593 /* Fall back to standard commands. */
a1bb27b1 1594 return sd_normal_command(sd, req);
946897ce
PMD		 1595
1596 unimplemented_spi_cmd:
1597 /* Commands that are recognised but not yet implemented in SPI mode. */
1598 qemu_log_mask(LOG_UNIMP, "SD: CMD%i not implemented in SPI mode\n",
1599 req.cmd);
1600 return sd_illegal;
a1bb27b1
PB		 1601 }
1602
9800ad88 1603 qemu_log_mask(LOG_GUEST_ERROR, "SD: ACMD%i in a wrong state\n", req.cmd);
5b08bfe2 1604 return sd_illegal;
a1bb27b1
PB		 1605}
1606
25881d33
PM		 1607static int cmd_valid_while_locked(SDState *sd, SDRequest *req)
1608{
1609 /* Valid commands in locked state:
1610 * basic class (0)
1611 * lock card class (7)
1612 * CMD16
1613 * implicitly, the ACMD prefix CMD55
1614 * ACMD41 and ACMD42
1615 * Anything else provokes an "illegal command" response.
1616 */
1d06cb7a 1617 if (sd->expecting_acmd) {
25881d33
PM		 1618 return req->cmd == 41 || req->cmd == 42;
1619 }
1620 if (req->cmd == 16 || req->cmd == 55) {
1621 return 1;
1622 }
f250015b
PMD		 1623 return sd_cmd_class[req->cmd] == 0
1624 || sd_cmd_class[req->cmd] == 7;
25881d33
PM		 1625}
1626
bc24a225 1627int sd_do_command(SDState *sd, SDRequest *req,
a1bb27b1 1628 uint8_t *response) {
10a412da 1629 int last_state;
c227f099 1630 sd_rsp_type_t rtype;
a1bb27b1
PB		 1631 int rsplen;
1632
4be74634 1633 if (!sd->blk || !blk_is_inserted(sd->blk) || !sd->enable) {
a1bb27b1
PB		 1634 return 0;
1635 }
1636
1637 if (sd_req_crc_validate(req)) {
abda1f37 1638 sd->card_status |= COM_CRC_ERROR;
b1f517ed
PM		 1639 rtype = sd_illegal;
1640 goto send_response;
a1bb27b1
PB		 1641 }
1642
f250015b
PMD		 1643 if (req->cmd >= SDMMC_CMD_MAX) {
1644 qemu_log_mask(LOG_GUEST_ERROR, "SD: incorrect command 0x%02x\n",
1645 req->cmd);
1646 req->cmd &= 0x3f;
1647 }
1648
10a412da 1649 if (sd->card_status & CARD_IS_LOCKED) {
25881d33 1650 if (!cmd_valid_while_locked(sd, req)) {
a1bb27b1 1651 sd->card_status |= ILLEGAL_COMMAND;
bebd1271 1652 sd->expecting_acmd = false;
9800ad88 1653 qemu_log_mask(LOG_GUEST_ERROR, "SD: Card is locked\n");
b1f517ed
PM		 1654 rtype = sd_illegal;
1655 goto send_response;
a1bb27b1 1656 }
25881d33 1657 }
a1bb27b1 1658
10a412da
PM		 1659 last_state = sd->state;
1660 sd_set_mode(sd);
1661
1d06cb7a 1662 if (sd->expecting_acmd) {
bebd1271 1663 sd->expecting_acmd = false;
a1bb27b1 1664 rtype = sd_app_command(sd, *req);
1d06cb7a 1665 } else {
a1bb27b1 1666 rtype = sd_normal_command(sd, *req);
1d06cb7a 1667 }
a1bb27b1 1668
53bb8cc4
PM		 1669 if (rtype == sd_illegal) {
1670 sd->card_status |= ILLEGAL_COMMAND;
10a412da
PM		 1671 } else {
1672 /* Valid command, we can update the 'state before command' bits.
1673 * (Do this now so they appear in r1 responses.)
1674 */
1675 sd->current_cmd = req->cmd;
1676 sd->card_status &= ~CURRENT_STATE;
1677 sd->card_status |= (last_state << 9);
53bb8cc4
PM		 1678 }
1679
b1f517ed 1680send_response:
a1bb27b1
PB		 1681 switch (rtype) {
1682 case sd_r1:
1683 case sd_r1b:
10a412da 1684 sd_response_r1_make(sd, response);
a1bb27b1
PB		 1685 rsplen = 4;
1686 break;
1687
1688 case sd_r2_i:
1689 memcpy(response, sd->cid, sizeof(sd->cid));
a1bb27b1
PB		 1690 rsplen = 16;
1691 break;
1692
1693 case sd_r2_s:
1694 memcpy(response, sd->csd, sizeof(sd->csd));
a1bb27b1
PB		 1695 rsplen = 16;
1696 break;
1697
1698 case sd_r3:
1699 sd_response_r3_make(sd, response);
1700 rsplen = 4;
1701 break;
1702
1703 case sd_r6:
1704 sd_response_r6_make(sd, response);
1705 rsplen = 4;
1706 break;
1707
1b088995
AZ		 1708 case sd_r7:
1709 sd_response_r7_make(sd, response);
1710 rsplen = 4;
1711 break;
1712
a1bb27b1 1713 case sd_r0:
53bb8cc4 1714 case sd_illegal:
a1bb27b1
PB		 1715 rsplen = 0;
1716 break;
55921932
PMD		 1717 default:
1718 g_assert_not_reached();
a1bb27b1 1719 }
55921932 1720 trace_sdcard_response(sd_response_name(rtype), rsplen);
a1bb27b1 1721
10a412da
PM		 1722 if (rtype != sd_illegal) {
1723 /* Clear the "clear on valid command" status bits now we've
1724 * sent any response
1725 */
1726 sd->card_status &= ~CARD_STATUS_B;
1727 }
1728
a1bb27b1 1729#ifdef DEBUG_SD
5cd5e2e7 1730 qemu_hexdump((const char *)response, stderr, "Response", rsplen);
a1bb27b1
PB		 1731#endif
1732
1733 return rsplen;
1734}
1735
2d7adea4 1736static void sd_blk_read(SDState *sd, uint64_t addr, uint32_t len)
a1bb27b1 1737{
1b640aa9 1738 trace_sdcard_read_block(addr, len);
12c125cb 1739 if (!sd->blk || blk_pread(sd->blk, addr, sd->data, len) < 0) {
827df9f3 1740 fprintf(stderr, "sd_blk_read: read error on host side\n");
a1bb27b1 1741 }
a1bb27b1
PB		 1742}
1743
2d7adea4 1744static void sd_blk_write(SDState *sd, uint64_t addr, uint32_t len)
a1bb27b1 1745{
1b640aa9 1746 trace_sdcard_write_block(addr, len);
12c125cb
EB		 1747 if (!sd->blk || blk_pwrite(sd->blk, addr, sd->data, len, 0) < 0) {
1748 fprintf(stderr, "sd_blk_write: write error on host side\n");
a1bb27b1
PB		 1749 }
1750}
1751
33f00271
AZ		 1752#define BLK_READ_BLOCK(a, len) sd_blk_read(sd, a, len)
1753#define BLK_WRITE_BLOCK(a, len) sd_blk_write(sd, a, len)
a1bb27b1
PB		 1754#define APP_READ_BLOCK(a, len) memset(sd->data, 0xec, len)
1755#define APP_WRITE_BLOCK(a, len)
1756
1757void sd_write_data(SDState *sd, uint8_t value)
1758{
1759 int i;
1760
4be74634 1761 if (!sd->blk || !blk_is_inserted(sd->blk) || !sd->enable)
a1bb27b1
PB		 1762 return;
1763
1764 if (sd->state != sd_receivingdata_state) {
9800ad88
AB		 1765 qemu_log_mask(LOG_GUEST_ERROR,
1766 "sd_write_data: not in Receiving-Data state\n");
a1bb27b1
PB		 1767 return;
1768 }
1769
1770 if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION))
1771 return;
1772
814b2adc 1773 trace_sdcard_write_data(sd->current_cmd, value);
a1bb27b1
PB		 1774 switch (sd->current_cmd) {
1775 case 24: /* CMD24: WRITE_SINGLE_BLOCK */
1776 sd->data[sd->data_offset ++] = value;
1777 if (sd->data_offset >= sd->blk_len) {
1778 /* TODO: Check CRC before committing */
1779 sd->state = sd_programming_state;
1780 BLK_WRITE_BLOCK(sd->data_start, sd->data_offset);
1781 sd->blk_written ++;
1782 sd->csd[14] |= 0x40;
1783 /* Bzzzzzzztt .... Operation complete. */
1784 sd->state = sd_transfer_state;
1785 }
1786 break;
1787
1788 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
33fa8234 1789 if (sd->data_offset == 0) {
e03ba136 1790 /* Start of the block - let's check the address is valid */
a1bb27b1
PB		 1791 if (sd->data_start + sd->blk_len > sd->size) {
1792 sd->card_status |= ADDRESS_ERROR;
1793 break;
1794 }
1795 if (sd_wp_addr(sd, sd->data_start)) {
1796 sd->card_status |= WP_VIOLATION;
1797 break;
1798 }
33fa8234
DDAG		 1799 }
1800 sd->data[sd->data_offset++] = value;
1801 if (sd->data_offset >= sd->blk_len) {
1802 /* TODO: Check CRC before committing */
1803 sd->state = sd_programming_state;
1804 BLK_WRITE_BLOCK(sd->data_start, sd->data_offset);
1805 sd->blk_written++;
1806 sd->data_start += sd->blk_len;
1807 sd->data_offset = 0;
a1bb27b1
PB		 1808 sd->csd[14] |= 0x40;
1809
1810 /* Bzzzzzzztt .... Operation complete. */
4481bbc7
AB		 1811 if (sd->multi_blk_cnt != 0) {
1812 if (--sd->multi_blk_cnt == 0) {
1813 /* Stop! */
1814 sd->state = sd_transfer_state;
1815 break;
1816 }
1817 }
1818
a1bb27b1
PB		 1819 sd->state = sd_receivingdata_state;
1820 }
1821 break;
1822
1823 case 26: /* CMD26: PROGRAM_CID */
1824 sd->data[sd->data_offset ++] = value;
1825 if (sd->data_offset >= sizeof(sd->cid)) {
1826 /* TODO: Check CRC before committing */
1827 sd->state = sd_programming_state;
1828 for (i = 0; i < sizeof(sd->cid); i ++)
1829 if ((sd->cid[i] | 0x00) != sd->data[i])
1830 sd->card_status |= CID_CSD_OVERWRITE;
1831
1832 if (!(sd->card_status & CID_CSD_OVERWRITE))
1833 for (i = 0; i < sizeof(sd->cid); i ++) {
1834 sd->cid[i] |= 0x00;
1835 sd->cid[i] &= sd->data[i];
1836 }
1837 /* Bzzzzzzztt .... Operation complete. */
1838 sd->state = sd_transfer_state;
1839 }
1840 break;
1841
1842 case 27: /* CMD27: PROGRAM_CSD */
1843 sd->data[sd->data_offset ++] = value;
1844 if (sd->data_offset >= sizeof(sd->csd)) {
1845 /* TODO: Check CRC before committing */
1846 sd->state = sd_programming_state;
1847 for (i = 0; i < sizeof(sd->csd); i ++)
1848 if ((sd->csd[i] | sd_csd_rw_mask[i]) !=
1849 (sd->data[i] | sd_csd_rw_mask[i]))
1850 sd->card_status |= CID_CSD_OVERWRITE;
1851
1852 /* Copy flag (OTP) & Permanent write protect */
1853 if (sd->csd[14] & ~sd->data[14] & 0x60)
1854 sd->card_status |= CID_CSD_OVERWRITE;
1855
1856 if (!(sd->card_status & CID_CSD_OVERWRITE))
1857 for (i = 0; i < sizeof(sd->csd); i ++) {
1858 sd->csd[i] |= sd_csd_rw_mask[i];
1859 sd->csd[i] &= sd->data[i];
1860 }
1861 /* Bzzzzzzztt .... Operation complete. */
1862 sd->state = sd_transfer_state;
1863 }
1864 break;
1865
1866 case 42: /* CMD42: LOCK_UNLOCK */
1867 sd->data[sd->data_offset ++] = value;
1868 if (sd->data_offset >= sd->blk_len) {
1869 /* TODO: Check CRC before committing */
1870 sd->state = sd_programming_state;
1871 sd_lock_command(sd);
1872 /* Bzzzzzzztt .... Operation complete. */
1873 sd->state = sd_transfer_state;
1874 }
1875 break;
1876
1877 case 56: /* CMD56: GEN_CMD */
1878 sd->data[sd->data_offset ++] = value;
1879 if (sd->data_offset >= sd->blk_len) {
1880 APP_WRITE_BLOCK(sd->data_start, sd->data_offset);
1881 sd->state = sd_transfer_state;
1882 }
1883 break;
1884
1885 default:
9800ad88 1886 qemu_log_mask(LOG_GUEST_ERROR, "sd_write_data: unknown command\n");
a1bb27b1
PB		 1887 break;
1888 }
1889}
1890
1891uint8_t sd_read_data(SDState *sd)
1892{
1893 /* TODO: Append CRCs */
1894 uint8_t ret;
2d7adea4 1895 int io_len;
a1bb27b1 1896
4be74634 1897 if (!sd->blk || !blk_is_inserted(sd->blk) || !sd->enable)
a1bb27b1
PB		 1898 return 0x00;
1899
1900 if (sd->state != sd_sendingdata_state) {
9800ad88
AB		 1901 qemu_log_mask(LOG_GUEST_ERROR,
1902 "sd_read_data: not in Sending-Data state\n");
a1bb27b1
PB		 1903 return 0x00;
1904 }
1905
1906 if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION))
1907 return 0x00;
1908
2d7adea4
AZ		 1909 io_len = (sd->ocr & (1 << 30)) ? 512 : sd->blk_len;
1910
814b2adc 1911 trace_sdcard_read_data(sd->current_cmd, io_len);
a1bb27b1
PB		 1912 switch (sd->current_cmd) {
1913 case 6: /* CMD6: SWITCH_FUNCTION */
1914 ret = sd->data[sd->data_offset ++];
1915
1916 if (sd->data_offset >= 64)
1917 sd->state = sd_transfer_state;
1918 break;
1919
775616c3
PB		 1920 case 9: /* CMD9: SEND_CSD */
1921 case 10: /* CMD10: SEND_CID */
1922 ret = sd->data[sd->data_offset ++];
1923
1924 if (sd->data_offset >= 16)
1925 sd->state = sd_transfer_state;
1926 break;
1927
a1bb27b1
PB		 1928 case 13: /* ACMD13: SD_STATUS */
1929 ret = sd->sd_status[sd->data_offset ++];
1930
1931 if (sd->data_offset >= sizeof(sd->sd_status))
1932 sd->state = sd_transfer_state;
1933 break;
1934
1935 case 17: /* CMD17: READ_SINGLE_BLOCK */
1936 if (sd->data_offset == 0)
2d7adea4 1937 BLK_READ_BLOCK(sd->data_start, io_len);
a1bb27b1
PB		 1938 ret = sd->data[sd->data_offset ++];
1939
2d7adea4 1940 if (sd->data_offset >= io_len)
a1bb27b1
PB		 1941 sd->state = sd_transfer_state;
1942 break;
1943
1944 case 18: /* CMD18: READ_MULTIPLE_BLOCK */
8573378e
MO		 1945 if (sd->data_offset == 0) {
1946 if (sd->data_start + io_len > sd->size) {
1947 sd->card_status |= ADDRESS_ERROR;
1948 return 0x00;
1949 }
2d7adea4 1950 BLK_READ_BLOCK(sd->data_start, io_len);
8573378e 1951 }
a1bb27b1
PB		 1952 ret = sd->data[sd->data_offset ++];
1953
2d7adea4
AZ		 1954 if (sd->data_offset >= io_len) {
1955 sd->data_start += io_len;
a1bb27b1 1956 sd->data_offset = 0;
4481bbc7
AB		 1957
1958 if (sd->multi_blk_cnt != 0) {
1959 if (--sd->multi_blk_cnt == 0) {
1960 /* Stop! */
1961 sd->state = sd_transfer_state;
1962 break;
1963 }
1964 }
a1bb27b1
PB		 1965 }
1966 break;
1967
1968 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
1969 ret = sd->data[sd->data_offset ++];
1970
1971 if (sd->data_offset >= 4)
1972 sd->state = sd_transfer_state;
1973 break;
1974
1975 case 30: /* CMD30: SEND_WRITE_PROT */
1976 ret = sd->data[sd->data_offset ++];
1977
1978 if (sd->data_offset >= 4)
1979 sd->state = sd_transfer_state;
1980 break;
1981
1982 case 51: /* ACMD51: SEND_SCR */
1983 ret = sd->scr[sd->data_offset ++];
1984
1985 if (sd->data_offset >= sizeof(sd->scr))
1986 sd->state = sd_transfer_state;
1987 break;
1988
1989 case 56: /* CMD56: GEN_CMD */
1990 if (sd->data_offset == 0)
1991 APP_READ_BLOCK(sd->data_start, sd->blk_len);
1992 ret = sd->data[sd->data_offset ++];
1993
1994 if (sd->data_offset >= sd->blk_len)
1995 sd->state = sd_transfer_state;
1996 break;
1997
1998 default:
9800ad88 1999 qemu_log_mask(LOG_GUEST_ERROR, "sd_read_data: unknown command\n");
a1bb27b1
PB		 2000 return 0x00;
2001 }
2002
2003 return ret;
2004}
2005
879bf4a7 2006bool sd_data_ready(SDState *sd)
a1bb27b1
PB		 2007{
2008 return sd->state == sd_sendingdata_state;
2009}
827df9f3 2010
bebd1271 2011void sd_enable(SDState *sd, bool enable)
827df9f3
AZ		 2012{
2013 sd->enable = enable;
2014}
260bc9d8
PM		 2015
2016static void sd_instance_init(Object *obj)
2017{
2018 SDState *sd = SD_CARD(obj);
2019
2020 sd->enable = true;
dd26eb43 2021 sd->ocr_power_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, sd_ocr_powerup, sd);
260bc9d8
PM		 2022}
2023
5ba34401
MAL		 2024static void sd_instance_finalize(Object *obj)
2025{
2026 SDState *sd = SD_CARD(obj);
2027
2028 timer_del(sd->ocr_power_timer);
2029 timer_free(sd->ocr_power_timer);
2030}
2031
260bc9d8
PM		 2032static void sd_realize(DeviceState *dev, Error **errp)
2033{
2034 SDState *sd = SD_CARD(dev);
a17c17a2 2035 int ret;
260bc9d8
PM		 2036
2037 if (sd->blk && blk_is_read_only(sd->blk)) {
2038 error_setg(errp, "Cannot use read-only drive as SD card");
2039 return;
2040 }
2041
260bc9d8 2042 if (sd->blk) {
a17c17a2
KW		 2043 ret = blk_set_perm(sd->blk, BLK_PERM_CONSISTENT_READ | BLK_PERM_WRITE,
2044 BLK_PERM_ALL, errp);
2045 if (ret < 0) {
2046 return;
2047 }
260bc9d8
PM		 2048 blk_set_dev_ops(sd->blk, &sd_block_ops, sd);
2049 }
260bc9d8
PM		 2050}
2051
2052static Property sd_properties[] = {
2053 DEFINE_PROP_DRIVE("drive", SDState, blk),
2054 /* We do not model the chip select pin, so allow the board to select
2055 * whether card should be in SSI or MMC/SD mode. It is also up to the
2056 * board to ensure that ssi transfers only occur when the chip select
2057 * is asserted. */
2058 DEFINE_PROP_BOOL("spi", SDState, spi, false),
2059 DEFINE_PROP_END_OF_LIST()
2060};
2061
2062static void sd_class_init(ObjectClass *klass, void *data)
2063{
2064 DeviceClass *dc = DEVICE_CLASS(klass);
c759a790 2065 SDCardClass *sc = SD_CARD_CLASS(klass);
260bc9d8
PM		 2066
2067 dc->realize = sd_realize;
2068 dc->props = sd_properties;
2069 dc->vmsd = &sd_vmstate;
ba3ed0fa 2070 dc->reset = sd_reset;
c759a790
PM		 2071 dc->bus_type = TYPE_SD_BUS;
2072
0034ebe6 2073 sc->set_voltage = sd_set_voltage;
da346922
PMD		 2074 sc->get_dat_lines = sd_get_dat_lines;
2075 sc->get_cmd_line = sd_get_cmd_line;
c759a790
PM		 2076 sc->do_command = sd_do_command;
2077 sc->write_data = sd_write_data;
2078 sc->read_data = sd_read_data;
2079 sc->data_ready = sd_data_ready;
2080 sc->enable = sd_enable;
2081 sc->get_inserted = sd_get_inserted;
2082 sc->get_readonly = sd_get_readonly;
260bc9d8
PM		 2083}
2084
2085static const TypeInfo sd_info = {
2086 .name = TYPE_SD_CARD,
2087 .parent = TYPE_DEVICE,
2088 .instance_size = sizeof(SDState),
c759a790 2089 .class_size = sizeof(SDCardClass),
260bc9d8
PM		 2090 .class_init = sd_class_init,
2091 .instance_init = sd_instance_init,
5ba34401 2092 .instance_finalize = sd_instance_finalize,
260bc9d8
PM		 2093};
2094
2095static void sd_register_types(void)
2096{
2097 type_register_static(&sd_info);
2098}
2099
2100type_init(sd_register_types)
QEMU mirror