]> git.proxmox.com Git - mirror_qemu.git/blame - hw/sd/sd.c
projects / mirror_qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
hw/sd: Move sdcard legacy API to 'hw/sd/sdcard_legacy.h'
[mirror_qemu.git] / hw / sd / sd.c
CommitLineData
5fafdf24 1/*
a1bb27b1 2 * SD Memory Card emulation as defined in the "SD Memory Card Physical
2f0939c2 3 * layer specification, Version 2.00."
a1bb27b1
PB		 4 *
5 * Copyright (c) 2006 Andrzej Zaborowski <balrog@zabor.org>
6 * Copyright (c) 2007 CodeSourcery
2f0939c2 7 * Copyright (c) 2018 Philippe Mathieu-Daudé <f4bug@amsat.org>
a1bb27b1
PB		 8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS''
21 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
22 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
23 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR
24 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
25 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
26 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
27 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
28 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
29 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
30 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
31 */
32
0430891c 33#include "qemu/osdep.h"
4c8f9735 34#include "qemu/units.h"
a9bcedd1 35#include "qemu/cutils.h"
64552b6b 36#include "hw/irq.h"
6f296421 37#include "hw/registerfields.h"
4be74634 38#include "sysemu/block-backend.h"
e3382ef0 39#include "hw/sd/sd.h"
9006f1e7 40#include "hw/sd/sdcard_legacy.h"
d6454270 41#include "migration/vmstate.h"
da34e65c 42#include "qapi/error.h"
1de7afc9 43#include "qemu/bitmap.h"
260bc9d8
PM		 44#include "hw/qdev-properties.h"
45#include "qemu/error-report.h"
dd26eb43 46#include "qemu/timer.h"
03dd024f 47#include "qemu/log.h"
0b8fa32f 48#include "qemu/module.h"
f250015b 49#include "sdmmc-internal.h"
1b640aa9 50#include "trace.h"
a1bb27b1
PB		 51
52//#define DEBUG_SD 1
53
a1bb27b1
PB		 54typedef enum {
55 sd_r0 = 0, /* no response */
56 sd_r1, /* normal response command */
57 sd_r2_i, /* CID register */
58 sd_r2_s, /* CSD register */
59 sd_r3, /* OCR register */
60 sd_r6 = 6, /* Published RCA response */
1b088995 61 sd_r7, /* Operating voltage */
a1bb27b1 62 sd_r1b = -1,
53bb8cc4 63 sd_illegal = -2,
c227f099 64} sd_rsp_type_t;
a1bb27b1 65
50a5be6c
IM		 66enum SDCardModes {
67 sd_inactive,
68 sd_card_identification_mode,
69 sd_data_transfer_mode,
70};
71
72enum SDCardStates {
73 sd_inactive_state = -1,
74 sd_idle_state = 0,
75 sd_ready_state,
76 sd_identification_state,
77 sd_standby_state,
78 sd_transfer_state,
79 sd_sendingdata_state,
80 sd_receivingdata_state,
81 sd_programming_state,
82 sd_disconnect_state,
83};
84
a1bb27b1 85struct SDState {
260bc9d8
PM		 86 DeviceState parent_obj;
87
007d1dbf
MA		 88 /* If true, created by sd_init() for a non-qdevified caller */
89 /* TODO purge them with fire */
90 bool me_no_qdev_me_kill_mammoth_with_rocks;
91
d49b1ce0 92 /* SD Memory Card Registers */
a1bb27b1
PB		 93 uint32_t ocr;
94 uint8_t scr[8];
95 uint8_t cid[16];
96 uint8_t csd[16];
97 uint16_t rca;
98 uint32_t card_status;
99 uint8_t sd_status[64];
d49b1ce0
PMD		 100
101 /* Configurable properties */
2f0939c2 102 uint8_t spec_version;
d49b1ce0
PMD		 103 BlockBackend *blk;
104 bool spi;
105
106 uint32_t mode; /* current card mode, one of SDCardModes */
107 int32_t state; /* current card state, one of SDCardStates */
1b088995 108 uint32_t vhs;
bebd1271 109 bool wp_switch;
a9c01830 110 unsigned long *wp_groups;
50a5be6c 111 int32_t wpgrps_size;
2d7adea4 112 uint64_t size;
50a5be6c 113 uint32_t blk_len;
4481bbc7 114 uint32_t multi_blk_cnt;
a1bb27b1
PB		 115 uint32_t erase_start;
116 uint32_t erase_end;
117 uint8_t pwd[16];
50a5be6c
IM		 118 uint32_t pwd_len;
119 uint8_t function_group[6];
50a5be6c 120 uint8_t current_cmd;
1d06cb7a
PM		 121 /* True if we will handle the next command as an ACMD. Note that this does
122 * *not* track the APP_CMD status bit!
123 */
bebd1271 124 bool expecting_acmd;
50a5be6c 125 uint32_t blk_written;
2d7adea4 126 uint64_t data_start;
a1bb27b1
PB		 127 uint32_t data_offset;
128 uint8_t data[512];
02ce600c
AZ		 129 qemu_irq readonly_cb;
130 qemu_irq inserted_cb;
d49b1ce0 131 QEMUTimer *ocr_power_timer;
75a96f5e 132 const char *proto_name;
bebd1271 133 bool enable;
da346922
PMD		 134 uint8_t dat_lines;
135 bool cmd_line;
a1bb27b1
PB		 136};
137
007d1dbf
MA		 138static void sd_realize(DeviceState *dev, Error **errp);
139
1b640aa9
PMD		 140static const char *sd_state_name(enum SDCardStates state)
141{
142 static const char *state_name[] = {
143 [sd_idle_state] = "idle",
144 [sd_ready_state] = "ready",
145 [sd_identification_state] = "identification",
146 [sd_standby_state] = "standby",
147 [sd_transfer_state] = "transfer",
148 [sd_sendingdata_state] = "sendingdata",
149 [sd_receivingdata_state] = "receivingdata",
150 [sd_programming_state] = "programming",
151 [sd_disconnect_state] = "disconnect",
152 };
153 if (state == sd_inactive_state) {
154 return "inactive";
155 }
1c598ab2 156 assert(state < ARRAY_SIZE(state_name));
1b640aa9
PMD		 157 return state_name[state];
158}
159
55921932
PMD		 160static const char *sd_response_name(sd_rsp_type_t rsp)
161{
162 static const char *response_name[] = {
163 [sd_r0] = "RESP#0 (no response)",
164 [sd_r1] = "RESP#1 (normal cmd)",
165 [sd_r2_i] = "RESP#2 (CID reg)",
166 [sd_r2_s] = "RESP#2 (CSD reg)",
167 [sd_r3] = "RESP#3 (OCR reg)",
168 [sd_r6] = "RESP#6 (RCA)",
169 [sd_r7] = "RESP#7 (operating voltage)",
170 };
171 if (rsp == sd_illegal) {
172 return "ILLEGAL RESP";
173 }
174 if (rsp == sd_r1b) {
175 rsp = sd_r1;
176 }
1c598ab2 177 assert(rsp < ARRAY_SIZE(response_name));
55921932
PMD		 178 return response_name[rsp];
179}
180
da346922
PMD		 181static uint8_t sd_get_dat_lines(SDState *sd)
182{
183 return sd->enable ? sd->dat_lines : 0;
184}
185
186static bool sd_get_cmd_line(SDState *sd)
187{
188 return sd->enable ? sd->cmd_line : false;
189}
190
0034ebe6
PMD		 191static void sd_set_voltage(SDState *sd, uint16_t millivolts)
192{
814b2adc
PMD		 193 trace_sdcard_set_voltage(millivolts);
194
0034ebe6
PMD		 195 switch (millivolts) {
196 case 3001 ... 3600: /* SD_VOLTAGE_3_3V */
197 case 2001 ... 3000: /* SD_VOLTAGE_3_0V */
198 break;
199 default:
200 qemu_log_mask(LOG_GUEST_ERROR, "SD card voltage not supported: %.3fV",
201 millivolts / 1000.f);
202 }
203}
204
10a412da 205static void sd_set_mode(SDState *sd)
a1bb27b1
PB		 206{
207 switch (sd->state) {
208 case sd_inactive_state:
209 sd->mode = sd_inactive;
210 break;
211
212 case sd_idle_state:
213 case sd_ready_state:
214 case sd_identification_state:
215 sd->mode = sd_card_identification_mode;
216 break;
217
218 case sd_standby_state:
219 case sd_transfer_state:
220 case sd_sendingdata_state:
221 case sd_receivingdata_state:
222 case sd_programming_state:
223 case sd_disconnect_state:
224 sd->mode = sd_data_transfer_mode;
225 break;
226 }
a1bb27b1
PB		 227}
228
f250015b 229static const sd_cmd_type_t sd_cmd_type[SDMMC_CMD_MAX] = {
a1bb27b1 230 sd_bc, sd_none, sd_bcr, sd_bcr, sd_none, sd_none, sd_none, sd_ac,
1b088995 231 sd_bcr, sd_ac, sd_ac, sd_adtc, sd_ac, sd_ac, sd_none, sd_ac,
f250015b 232 /* 16 */
a1bb27b1
PB		 233 sd_ac, sd_adtc, sd_adtc, sd_none, sd_none, sd_none, sd_none, sd_none,
234 sd_adtc, sd_adtc, sd_adtc, sd_adtc, sd_ac, sd_ac, sd_adtc, sd_none,
f250015b 235 /* 32 */
a1bb27b1
PB		 236 sd_ac, sd_ac, sd_none, sd_none, sd_none, sd_none, sd_ac, sd_none,
237 sd_none, sd_none, sd_bc, sd_none, sd_none, sd_none, sd_none, sd_none,
f250015b 238 /* 48 */
a1bb27b1
PB		 239 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_ac,
240 sd_adtc, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
241};
242
f250015b 243static const int sd_cmd_class[SDMMC_CMD_MAX] = {
a1bb27b1
PB		 244 0, 0, 0, 0, 0, 9, 10, 0, 0, 0, 0, 1, 0, 0, 0, 0,
245 2, 2, 2, 2, 3, 3, 3, 3, 4, 4, 4, 4, 6, 6, 6, 6,
246 5, 5, 10, 10, 10, 10, 5, 9, 9, 9, 7, 7, 7, 7, 7, 7,
247 7, 7, 10, 7, 9, 9, 9, 8, 8, 10, 8, 8, 8, 8, 8, 8,
248};
249
250static uint8_t sd_crc7(void *message, size_t width)
251{
252 int i, bit;
253 uint8_t shift_reg = 0x00;
254 uint8_t *msg = (uint8_t *) message;
255
256 for (i = 0; i < width; i ++, msg ++)
257 for (bit = 7; bit >= 0; bit --) {
258 shift_reg <<= 1;
259 if ((shift_reg >> 7) ^ ((*msg >> bit) & 1))
260 shift_reg ^= 0x89;
261 }
262
263 return shift_reg;
264}
265
266static uint16_t sd_crc16(void *message, size_t width)
267{
268 int i, bit;
269 uint16_t shift_reg = 0x0000;
270 uint16_t *msg = (uint16_t *) message;
271 width <<= 1;
272
273 for (i = 0; i < width; i ++, msg ++)
274 for (bit = 15; bit >= 0; bit --) {
275 shift_reg <<= 1;
276 if ((shift_reg >> 15) ^ ((*msg >> bit) & 1))
277 shift_reg ^= 0x1011;
278 }
279
280 return shift_reg;
281}
282
6f296421
PMD		 283#define OCR_POWER_DELAY_NS 500000 /* 0.5ms */
284
3d42fb52
PMD		 285FIELD(OCR, VDD_VOLTAGE_WINDOW, 0, 24)
286FIELD(OCR, VDD_VOLTAGE_WIN_LO, 0, 8)
287FIELD(OCR, DUAL_VOLTAGE_CARD, 7, 1)
288FIELD(OCR, VDD_VOLTAGE_WIN_HI, 8, 16)
289FIELD(OCR, ACCEPT_SWITCH_1V8, 24, 1) /* Only UHS-I */
290FIELD(OCR, UHS_II_CARD, 29, 1) /* Only UHS-II */
6f296421
PMD		 291FIELD(OCR, CARD_CAPACITY, 30, 1) /* 0:SDSC, 1:SDHC/SDXC */
292FIELD(OCR, CARD_POWER_UP, 31, 1)
293
3d42fb52
PMD		 294#define ACMD41_ENQUIRY_MASK 0x00ffffff
295#define ACMD41_R3_MASK (R_OCR_VDD_VOLTAGE_WIN_HI_MASK \
296 | R_OCR_ACCEPT_SWITCH_1V8_MASK \
297 | R_OCR_UHS_II_CARD_MASK \
298 | R_OCR_CARD_CAPACITY_MASK \
299 | R_OCR_CARD_POWER_UP_MASK)
300
a1bb27b1
PB		 301static void sd_set_ocr(SDState *sd)
302{
3d42fb52
PMD		 303 /* All voltages OK */
304 sd->ocr = R_OCR_VDD_VOLTAGE_WIN_HI_MASK;
dd26eb43
AB		 305}
306
307static void sd_ocr_powerup(void *opaque)
308{
309 SDState *sd = opaque;
310
814b2adc 311 trace_sdcard_powerup();
6f296421
PMD		 312 assert(!FIELD_EX32(sd->ocr, OCR, CARD_POWER_UP));
313
314 /* card power-up OK */
315 sd->ocr = FIELD_DP32(sd->ocr, OCR, CARD_POWER_UP, 1);
9273ea61 316
d23b6caa 317 if (sd->size > 1 * GiB) {
9273ea61
PMD		 318 sd->ocr = FIELD_DP32(sd->ocr, OCR, CARD_CAPACITY, 1);
319 }
a1bb27b1
PB		 320}
321
322static void sd_set_scr(SDState *sd)
323{
2f0939c2
PMD		 324 sd->scr[0] = 0 << 4; /* SCR structure version 1.0 */
325 if (sd->spec_version == SD_PHY_SPECv1_10_VERS) {
326 sd->scr[0] |= 1; /* Spec Version 1.10 */
327 } else {
2c511375 328 sd->scr[0] |= 2; /* Spec Version 2.00 or Version 3.0X */
2f0939c2 329 }
9b7ec55c
PMD		 330 sd->scr[1] = (2 << 4) /* SDSC Card (Security Version 1.01) */
331 | 0b0101; /* 1-bit or 4-bit width bus modes */
332 sd->scr[2] = 0x00; /* Extended Security is not supported. */
2c511375
PMD		 333 if (sd->spec_version >= SD_PHY_SPECv3_01_VERS) {
334 sd->scr[2] |= 1 << 7; /* Spec Version 3.0X */
335 }
a1bb27b1 336 sd->scr[3] = 0x00;
9b7ec55c 337 /* reserved for manufacturer usage */
a1bb27b1
PB		 338 sd->scr[4] = 0x00;
339 sd->scr[5] = 0x00;
340 sd->scr[6] = 0x00;
341 sd->scr[7] = 0x00;
342}
343
344#define MID 0xaa
345#define OID "XY"
346#define PNM "QEMU!"
347#define PRV 0x01
348#define MDT_YR 2006
349#define MDT_MON 2
350
351static void sd_set_cid(SDState *sd)
352{
353 sd->cid[0] = MID; /* Fake card manufacturer ID (MID) */
354 sd->cid[1] = OID[0]; /* OEM/Application ID (OID) */
355 sd->cid[2] = OID[1];
356 sd->cid[3] = PNM[0]; /* Fake product name (PNM) */
357 sd->cid[4] = PNM[1];
358 sd->cid[5] = PNM[2];
359 sd->cid[6] = PNM[3];
360 sd->cid[7] = PNM[4];
361 sd->cid[8] = PRV; /* Fake product revision (PRV) */
362 sd->cid[9] = 0xde; /* Fake serial number (PSN) */
363 sd->cid[10] = 0xad;
364 sd->cid[11] = 0xbe;
365 sd->cid[12] = 0xef;
366 sd->cid[13] = 0x00 | /* Manufacture date (MDT) */
367 ((MDT_YR - 2000) / 10);
368 sd->cid[14] = ((MDT_YR % 10) << 4) | MDT_MON;
369 sd->cid[15] = (sd_crc7(sd->cid, 15) << 1) | 1;
370}
371
372#define HWBLOCK_SHIFT 9 /* 512 bytes */
373#define SECTOR_SHIFT 5 /* 16 kilobytes */
374#define WPGROUP_SHIFT 7 /* 2 megs */
375#define CMULT_SHIFT 9 /* 512 times HWBLOCK_SIZE */
a1bb27b1
PB		 376#define WPGROUP_SIZE (1 << (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT))
377
378static const uint8_t sd_csd_rw_mask[16] = {
379 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
380 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xfc, 0xfe,
381};
382
2d7adea4 383static void sd_set_csd(SDState *sd, uint64_t size)
a1bb27b1
PB		 384{
385 uint32_t csize = (size >> (CMULT_SHIFT + HWBLOCK_SHIFT)) - 1;
386 uint32_t sectsize = (1 << (SECTOR_SHIFT + 1)) - 1;
387 uint32_t wpsize = (1 << (WPGROUP_SHIFT + 1)) - 1;
388
d23b6caa 389 if (size <= 1 * GiB) { /* Standard Capacity SD */
2d7adea4
AZ		 390 sd->csd[0] = 0x00; /* CSD structure */
391 sd->csd[1] = 0x26; /* Data read access-time-1 */
392 sd->csd[2] = 0x00; /* Data read access-time-2 */
d7ecb867 393 sd->csd[3] = 0x32; /* Max. data transfer rate: 25 MHz */
2d7adea4
AZ		 394 sd->csd[4] = 0x5f; /* Card Command Classes */
395 sd->csd[5] = 0x50 | /* Max. read data block length */
396 HWBLOCK_SHIFT;
397 sd->csd[6] = 0xe0 | /* Partial block for read allowed */
398 ((csize >> 10) & 0x03);
399 sd->csd[7] = 0x00 | /* Device size */
400 ((csize >> 2) & 0xff);
401 sd->csd[8] = 0x3f | /* Max. read current */
402 ((csize << 6) & 0xc0);
403 sd->csd[9] = 0xfc | /* Max. write current */
404 ((CMULT_SHIFT - 2) >> 1);
405 sd->csd[10] = 0x40 | /* Erase sector size */
406 (((CMULT_SHIFT - 2) << 7) & 0x80) | (sectsize >> 1);
407 sd->csd[11] = 0x00 | /* Write protect group size */
408 ((sectsize << 7) & 0x80) | wpsize;
409 sd->csd[12] = 0x90 | /* Write speed factor */
410 (HWBLOCK_SHIFT >> 2);
411 sd->csd[13] = 0x20 | /* Max. write data block length */
412 ((HWBLOCK_SHIFT << 6) & 0xc0);
413 sd->csd[14] = 0x00; /* File format group */
2d7adea4 414 } else { /* SDHC */
4c8f9735 415 size /= 512 * KiB;
2d7adea4
AZ		 416 size -= 1;
417 sd->csd[0] = 0x40;
418 sd->csd[1] = 0x0e;
419 sd->csd[2] = 0x00;
420 sd->csd[3] = 0x32;
421 sd->csd[4] = 0x5b;
422 sd->csd[5] = 0x59;
423 sd->csd[6] = 0x00;
424 sd->csd[7] = (size >> 16) & 0xff;
425 sd->csd[8] = (size >> 8) & 0xff;
426 sd->csd[9] = (size & 0xff);
427 sd->csd[10] = 0x7f;
428 sd->csd[11] = 0x80;
429 sd->csd[12] = 0x0a;
430 sd->csd[13] = 0x40;
431 sd->csd[14] = 0x00;
2d7adea4 432 }
e8feec80 433 sd->csd[15] = (sd_crc7(sd->csd, 15) << 1) | 1;
a1bb27b1
PB		 434}
435
436static void sd_set_rca(SDState *sd)
437{
438 sd->rca += 0x4567;
439}
440
da26e3f3
PMD		 441FIELD(CSR, AKE_SEQ_ERROR, 3, 1)
442FIELD(CSR, APP_CMD, 5, 1)
443FIELD(CSR, FX_EVENT, 6, 1)
444FIELD(CSR, READY_FOR_DATA, 8, 1)
445FIELD(CSR, CURRENT_STATE, 9, 4)
446FIELD(CSR, ERASE_RESET, 13, 1)
447FIELD(CSR, CARD_ECC_DISABLED, 14, 1)
448FIELD(CSR, WP_ERASE_SKIP, 15, 1)
449FIELD(CSR, CSD_OVERWRITE, 16, 1)
450FIELD(CSR, DEFERRED_RESPONSE, 17, 1)
451FIELD(CSR, ERROR, 19, 1)
452FIELD(CSR, CC_ERROR, 20, 1)
453FIELD(CSR, CARD_ECC_FAILED, 21, 1)
454FIELD(CSR, ILLEGAL_COMMAND, 22, 1)
455FIELD(CSR, COM_CRC_ERROR, 23, 1)
456FIELD(CSR, LOCK_UNLOCK_FAILED, 24, 1)
457FIELD(CSR, CARD_IS_LOCKED, 25, 1)
458FIELD(CSR, WP_VIOLATION, 26, 1)
459FIELD(CSR, ERASE_PARAM, 27, 1)
460FIELD(CSR, ERASE_SEQ_ERROR, 28, 1)
461FIELD(CSR, BLOCK_LEN_ERROR, 29, 1)
462FIELD(CSR, ADDRESS_ERROR, 30, 1)
463FIELD(CSR, OUT_OF_RANGE, 31, 1)
464
b8d334c8
PM		 465/* Card status bits, split by clear condition:
466 * A : According to the card current state
467 * B : Always related to the previous command
468 * C : Cleared by read
469 */
da26e3f3
PMD		 470#define CARD_STATUS_A (R_CSR_READY_FOR_DATA_MASK \
471 | R_CSR_CARD_ECC_DISABLED_MASK \
472 | R_CSR_CARD_IS_LOCKED_MASK)
473#define CARD_STATUS_B (R_CSR_CURRENT_STATE_MASK \
474 | R_CSR_ILLEGAL_COMMAND_MASK \
475 | R_CSR_COM_CRC_ERROR_MASK)
476#define CARD_STATUS_C (R_CSR_AKE_SEQ_ERROR_MASK \
477 | R_CSR_APP_CMD_MASK \
478 | R_CSR_ERASE_RESET_MASK \
479 | R_CSR_WP_ERASE_SKIP_MASK \
480 | R_CSR_CSD_OVERWRITE_MASK \
481 | R_CSR_ERROR_MASK \
482 | R_CSR_CC_ERROR_MASK \
483 | R_CSR_CARD_ECC_FAILED_MASK \
484 | R_CSR_LOCK_UNLOCK_FAILED_MASK \
485 | R_CSR_WP_VIOLATION_MASK \
486 | R_CSR_ERASE_PARAM_MASK \
487 | R_CSR_ERASE_SEQ_ERROR_MASK \
488 | R_CSR_BLOCK_LEN_ERROR_MASK \
489 | R_CSR_ADDRESS_ERROR_MASK \
490 | R_CSR_OUT_OF_RANGE_MASK)
a1bb27b1
PB		 491
492static void sd_set_cardstatus(SDState *sd)
493{
494 sd->card_status = 0x00000100;
495}
496
497static void sd_set_sdstatus(SDState *sd)
498{
499 memset(sd->sd_status, 0, 64);
500}
501
bc24a225 502static int sd_req_crc_validate(SDRequest *req)
a1bb27b1
PB		 503{
504 uint8_t buffer[5];
505 buffer[0] = 0x40 | req->cmd;
67bfddd6 506 stl_be_p(&buffer[1], req->arg);
a1bb27b1
PB		 507 return 0;
508 return sd_crc7(buffer, 5) != req->crc; /* TODO */
509}
510
10a412da 511static void sd_response_r1_make(SDState *sd, uint8_t *response)
a1bb27b1 512{
67bfddd6
PMD		 513 stl_be_p(response, sd->card_status);
514
1d06cb7a
PM		 515 /* Clear the "clear on read" status bits */
516 sd->card_status &= ~CARD_STATUS_C;
a1bb27b1
PB		 517}
518
9596ebb7 519static void sd_response_r3_make(SDState *sd, uint8_t *response)
a1bb27b1 520{
3d42fb52 521 stl_be_p(response, sd->ocr & ACMD41_R3_MASK);
a1bb27b1
PB		 522}
523
9596ebb7 524static void sd_response_r6_make(SDState *sd, uint8_t *response)
a1bb27b1 525{
a1bb27b1
PB		 526 uint16_t status;
527
a1bb27b1
PB		 528 status = ((sd->card_status >> 8) & 0xc000) |
529 ((sd->card_status >> 6) & 0x2000) |
530 (sd->card_status & 0x1fff);
fcfa9351 531 sd->card_status &= ~(CARD_STATUS_C & 0xc81fff);
67bfddd6
PMD		 532 stw_be_p(response + 0, sd->rca);
533 stw_be_p(response + 2, status);
a1bb27b1
PB		 534}
535
1b088995
AZ		 536static void sd_response_r7_make(SDState *sd, uint8_t *response)
537{
67bfddd6 538 stl_be_p(response, sd->vhs);
1b088995
AZ		 539}
540
b7202b88
MI		 541static inline uint64_t sd_addr_to_wpnum(uint64_t addr)
542{
543 return addr >> (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT);
544}
545
ba3ed0fa 546static void sd_reset(DeviceState *dev)
a1bb27b1 547{
ba3ed0fa 548 SDState *sd = SD_CARD(dev);
2d7adea4 549 uint64_t size;
a1bb27b1
PB		 550 uint64_t sect;
551
814b2adc 552 trace_sdcard_reset();
16b781aa
PM		 553 if (sd->blk) {
554 blk_get_geometry(sd->blk, &sect);
03f311ed
PB		 555 } else {
556 sect = 0;
557 }
5e37141b 558 size = sect << 9;
a1bb27b1 559
b7202b88 560 sect = sd_addr_to_wpnum(size) + 1;
a1bb27b1
PB		 561
562 sd->state = sd_idle_state;
563 sd->rca = 0x0000;
564 sd_set_ocr(sd);
565 sd_set_scr(sd);
566 sd_set_cid(sd);
567 sd_set_csd(sd, size);
568 sd_set_cardstatus(sd);
569 sd_set_sdstatus(sd);
570
ef1e1e07 571 g_free(sd->wp_groups);
16b781aa 572 sd->wp_switch = sd->blk ? blk_is_read_only(sd->blk) : false;
50a5be6c
IM		 573 sd->wpgrps_size = sect;
574 sd->wp_groups = bitmap_new(sd->wpgrps_size);
575 memset(sd->function_group, 0, sizeof(sd->function_group));
a1bb27b1
PB		 576 sd->erase_start = 0;
577 sd->erase_end = 0;
578 sd->size = size;
579 sd->blk_len = 0x200;
580 sd->pwd_len = 0;
bebd1271 581 sd->expecting_acmd = false;
da346922
PMD		 582 sd->dat_lines = 0xf;
583 sd->cmd_line = true;
4481bbc7 584 sd->multi_blk_cnt = 0;
a1bb27b1
PB		 585}
586
c759a790
PM		 587static bool sd_get_inserted(SDState *sd)
588{
0719e71e 589 return sd->blk && blk_is_inserted(sd->blk);
c759a790
PM		 590}
591
592static bool sd_get_readonly(SDState *sd)
593{
594 return sd->wp_switch;
595}
596
39829a01 597static void sd_cardchange(void *opaque, bool load, Error **errp)
a1bb27b1
PB		 598{
599 SDState *sd = opaque;
c759a790 600 DeviceState *dev = DEVICE(sd);
007d1dbf 601 SDBus *sdbus;
c759a790
PM		 602 bool inserted = sd_get_inserted(sd);
603 bool readonly = sd_get_readonly(sd);
db97ee6a 604
c759a790 605 if (inserted) {
814b2adc 606 trace_sdcard_inserted(readonly);
c759a790 607 sd_reset(dev);
814b2adc
PMD		 608 } else {
609 trace_sdcard_ejected();
c759a790
PM		 610 }
611
007d1dbf
MA		 612 if (sd->me_no_qdev_me_kill_mammoth_with_rocks) {
613 qemu_set_irq(sd->inserted_cb, inserted);
c759a790 614 if (inserted) {
007d1dbf 615 qemu_set_irq(sd->readonly_cb, readonly);
c759a790
PM		 616 }
617 } else {
007d1dbf
MA		 618 sdbus = SD_BUS(qdev_get_parent_bus(dev));
619 sdbus_set_inserted(sdbus, inserted);
c759a790 620 if (inserted) {
007d1dbf 621 sdbus_set_readonly(sdbus, readonly);
c759a790 622 }
a1bb27b1
PB		 623 }
624}
625
0e49de52 626static const BlockDevOps sd_block_ops = {
145feb17 627 .change_media_cb = sd_cardchange,
0e49de52
MA		 628};
629
dd26eb43
AB		 630static bool sd_ocr_vmstate_needed(void *opaque)
631{
632 SDState *sd = opaque;
633
634 /* Include the OCR state (and timer) if it is not yet powered up */
6f296421 635 return !FIELD_EX32(sd->ocr, OCR, CARD_POWER_UP);
dd26eb43
AB		 636}
637
638static const VMStateDescription sd_ocr_vmstate = {
639 .name = "sd-card/ocr-state",
640 .version_id = 1,
641 .minimum_version_id = 1,
642 .needed = sd_ocr_vmstate_needed,
643 .fields = (VMStateField[]) {
644 VMSTATE_UINT32(ocr, SDState),
645 VMSTATE_TIMER_PTR(ocr_power_timer, SDState),
646 VMSTATE_END_OF_LIST()
647 },
648};
649
650static int sd_vmstate_pre_load(void *opaque)
651{
652 SDState *sd = opaque;
653
654 /* If the OCR state is not included (prior versions, or not
655 * needed), then the OCR must be set as powered up. If the OCR state
656 * is included, this will be replaced by the state restore.
657 */
658 sd_ocr_powerup(sd);
659
660 return 0;
661}
662
50a5be6c
IM		 663static const VMStateDescription sd_vmstate = {
664 .name = "sd-card",
665 .version_id = 1,
666 .minimum_version_id = 1,
dd26eb43 667 .pre_load = sd_vmstate_pre_load,
50a5be6c
IM		 668 .fields = (VMStateField[]) {
669 VMSTATE_UINT32(mode, SDState),
670 VMSTATE_INT32(state, SDState),
671 VMSTATE_UINT8_ARRAY(cid, SDState, 16),
672 VMSTATE_UINT8_ARRAY(csd, SDState, 16),
673 VMSTATE_UINT16(rca, SDState),
674 VMSTATE_UINT32(card_status, SDState),
675 VMSTATE_PARTIAL_BUFFER(sd_status, SDState, 1),
676 VMSTATE_UINT32(vhs, SDState),
677 VMSTATE_BITMAP(wp_groups, SDState, 0, wpgrps_size),
678 VMSTATE_UINT32(blk_len, SDState),
4481bbc7 679 VMSTATE_UINT32(multi_blk_cnt, SDState),
50a5be6c
IM		 680 VMSTATE_UINT32(erase_start, SDState),
681 VMSTATE_UINT32(erase_end, SDState),
682 VMSTATE_UINT8_ARRAY(pwd, SDState, 16),
683 VMSTATE_UINT32(pwd_len, SDState),
684 VMSTATE_UINT8_ARRAY(function_group, SDState, 6),
685 VMSTATE_UINT8(current_cmd, SDState),
686 VMSTATE_BOOL(expecting_acmd, SDState),
687 VMSTATE_UINT32(blk_written, SDState),
688 VMSTATE_UINT64(data_start, SDState),
689 VMSTATE_UINT32(data_offset, SDState),
690 VMSTATE_UINT8_ARRAY(data, SDState, 512),
12c125cb 691 VMSTATE_UNUSED_V(1, 512),
50a5be6c
IM		 692 VMSTATE_BOOL(enable, SDState),
693 VMSTATE_END_OF_LIST()
dd26eb43
AB		 694 },
695 .subsections = (const VMStateDescription*[]) {
696 &sd_ocr_vmstate,
697 NULL
698 },
50a5be6c
IM		 699};
700
260bc9d8 701/* Legacy initialization function for use by non-qdevified callers */
4be74634 702SDState *sd_init(BlockBackend *blk, bool is_spi)
a1bb27b1 703{
fec44a8c 704 Object *obj;
260bc9d8 705 DeviceState *dev;
007d1dbf 706 SDState *sd;
260bc9d8 707 Error *err = NULL;
a1bb27b1 708
fec44a8c
PM		 709 obj = object_new(TYPE_SD_CARD);
710 dev = DEVICE(obj);
0c0e618d 711 if (!qdev_prop_set_drive_err(dev, "drive", blk, &err)) {
5217f188 712 error_reportf_err(err, "sd_init failed: ");
4f8a066b
KW		 713 return NULL;
714 }
260bc9d8 715 qdev_prop_set_bit(dev, "spi", is_spi);
007d1dbf
MA		 716
717 /*
718 * Realizing the device properly would put it into the QOM
719 * composition tree even though it is not plugged into an
720 * appropriate bus. That's a no-no. Hide the device from
721 * QOM/qdev, and call its qdev realize callback directly.
722 */
723 object_ref(obj);
724 object_unparent(obj);
725 sd_realize(dev, &err);
260bc9d8 726 if (err) {
5217f188 727 error_reportf_err(err, "sd_init failed: ");
260bc9d8 728 return NULL;
03f311ed 729 }
260bc9d8 730
007d1dbf
MA		 731 sd = SD_CARD(dev);
732 sd->me_no_qdev_me_kill_mammoth_with_rocks = true;
733 return sd;
a1bb27b1
PB		 734}
735
02ce600c 736void sd_set_cb(SDState *sd, qemu_irq readonly, qemu_irq insert)
a1bb27b1 737{
02ce600c
AZ		 738 sd->readonly_cb = readonly;
739 sd->inserted_cb = insert;
4be74634
MA		 740 qemu_set_irq(readonly, sd->blk ? blk_is_read_only(sd->blk) : 0);
741 qemu_set_irq(insert, sd->blk ? blk_is_inserted(sd->blk) : 0);
a1bb27b1
PB		 742}
743
744static void sd_erase(SDState *sd)
745{
f2d189d3
IM		 746 int i;
747 uint64_t erase_start = sd->erase_start;
748 uint64_t erase_end = sd->erase_end;
749
814b2adc 750 trace_sdcard_erase();
a1bb27b1
PB		 751 if (!sd->erase_start || !sd->erase_end) {
752 sd->card_status |= ERASE_SEQ_ERROR;
753 return;
754 }
755
6f296421 756 if (FIELD_EX32(sd->ocr, OCR, CARD_CAPACITY)) {
f2d189d3
IM		 757 /* High capacity memory card: erase units are 512 byte blocks */
758 erase_start *= 512;
759 erase_end *= 512;
760 }
761
762 erase_start = sd_addr_to_wpnum(erase_start);
763 erase_end = sd_addr_to_wpnum(erase_end);
a1bb27b1
PB		 764 sd->erase_start = 0;
765 sd->erase_end = 0;
766 sd->csd[14] |= 0x40;
767
f2d189d3 768 for (i = erase_start; i <= erase_end; i++) {
a9c01830 769 if (test_bit(i, sd->wp_groups)) {
a1bb27b1 770 sd->card_status |= WP_ERASE_SKIP;
a9c01830
MI		 771 }
772 }
a1bb27b1
PB		 773}
774
2d7adea4 775static uint32_t sd_wpbits(SDState *sd, uint64_t addr)
a1bb27b1
PB		 776{
777 uint32_t i, wpnum;
778 uint32_t ret = 0;
779
b7202b88 780 wpnum = sd_addr_to_wpnum(addr);
a1bb27b1 781
a9c01830
MI		 782 for (i = 0; i < 32; i++, wpnum++, addr += WPGROUP_SIZE) {
783 if (addr < sd->size && test_bit(wpnum, sd->wp_groups)) {
a1bb27b1 784 ret |= (1 << i);
a9c01830
MI		 785 }
786 }
a1bb27b1
PB		 787
788 return ret;
789}
790
791static void sd_function_switch(SDState *sd, uint32_t arg)
792{
67bfddd6 793 int i, mode, new_func;
a1bb27b1
PB		 794 mode = !!(arg & 0x80000000);
795
796 sd->data[0] = 0x00; /* Maximum current consumption */
797 sd->data[1] = 0x01;
798 sd->data[2] = 0x80; /* Supported group 6 functions */
799 sd->data[3] = 0x01;
800 sd->data[4] = 0x80; /* Supported group 5 functions */
801 sd->data[5] = 0x01;
802 sd->data[6] = 0x80; /* Supported group 4 functions */
803 sd->data[7] = 0x01;
804 sd->data[8] = 0x80; /* Supported group 3 functions */
805 sd->data[9] = 0x01;
806 sd->data[10] = 0x80; /* Supported group 2 functions */
807 sd->data[11] = 0x43;
808 sd->data[12] = 0x80; /* Supported group 1 functions */
809 sd->data[13] = 0x03;
810 for (i = 0; i < 6; i ++) {
811 new_func = (arg >> (i * 4)) & 0x0f;
812 if (mode && new_func != 0x0f)
813 sd->function_group[i] = new_func;
814 sd->data[14 + (i >> 1)] = new_func << ((i * 4) & 4);
815 }
816 memset(&sd->data[17], 0, 47);
f6fb1f9b 817 stw_be_p(sd->data + 64, sd_crc16(sd->data, 64));
a1bb27b1
PB		 818}
819
4e8f1be2 820static inline bool sd_wp_addr(SDState *sd, uint64_t addr)
a1bb27b1 821{
b7202b88 822 return test_bit(sd_addr_to_wpnum(addr), sd->wp_groups);
a1bb27b1
PB		 823}
824
825static void sd_lock_command(SDState *sd)
826{
827 int erase, lock, clr_pwd, set_pwd, pwd_len;
828 erase = !!(sd->data[0] & 0x08);
829 lock = sd->data[0] & 0x04;
830 clr_pwd = sd->data[0] & 0x02;
831 set_pwd = sd->data[0] & 0x01;
832
833 if (sd->blk_len > 1)
834 pwd_len = sd->data[1];
835 else
836 pwd_len = 0;
837
814b2adc
PMD		 838 if (lock) {
839 trace_sdcard_lock();
840 } else {
841 trace_sdcard_unlock();
842 }
a1bb27b1
PB		 843 if (erase) {
844 if (!(sd->card_status & CARD_IS_LOCKED) || sd->blk_len > 1 ||
845 set_pwd || clr_pwd || lock || sd->wp_switch ||
846 (sd->csd[14] & 0x20)) {
847 sd->card_status |= LOCK_UNLOCK_FAILED;
848 return;
849 }
50a5be6c 850 bitmap_zero(sd->wp_groups, sd->wpgrps_size);
a1bb27b1
PB		 851 sd->csd[14] &= ~0x10;
852 sd->card_status &= ~CARD_IS_LOCKED;
853 sd->pwd_len = 0;
854 /* Erasing the entire card here! */
827df9f3 855 fprintf(stderr, "SD: Card force-erased by CMD42\n");
a1bb27b1
PB		 856 return;
857 }
858
859 if (sd->blk_len < 2 + pwd_len ||
860 pwd_len <= sd->pwd_len ||
861 pwd_len > sd->pwd_len + 16) {
862 sd->card_status |= LOCK_UNLOCK_FAILED;
863 return;
864 }
865
866 if (sd->pwd_len && memcmp(sd->pwd, sd->data + 2, sd->pwd_len)) {
867 sd->card_status |= LOCK_UNLOCK_FAILED;
868 return;
869 }
870
871 pwd_len -= sd->pwd_len;
872 if ((pwd_len && !set_pwd) ||
873 (clr_pwd && (set_pwd || lock)) ||
874 (lock && !sd->pwd_len && !set_pwd) ||
875 (!set_pwd && !clr_pwd &&
876 (((sd->card_status & CARD_IS_LOCKED) && lock) ||
877 (!(sd->card_status & CARD_IS_LOCKED) && !lock)))) {
878 sd->card_status |= LOCK_UNLOCK_FAILED;
879 return;
880 }
881
882 if (set_pwd) {
883 memcpy(sd->pwd, sd->data + 2 + sd->pwd_len, pwd_len);
884 sd->pwd_len = pwd_len;
885 }
886
887 if (clr_pwd) {
888 sd->pwd_len = 0;
889 }
890
891 if (lock)
892 sd->card_status |= CARD_IS_LOCKED;
893 else
894 sd->card_status &= ~CARD_IS_LOCKED;
895}
896
586634b9 897static sd_rsp_type_t sd_normal_command(SDState *sd, SDRequest req)
a1bb27b1
PB		 898{
899 uint32_t rca = 0x0000;
2d7adea4 900 uint64_t addr = (sd->ocr & (1 << 30)) ? (uint64_t) req.arg << 9 : req.arg;
a1bb27b1 901
586634b9
PMD		 902 /* CMD55 precedes an ACMD, so we are not interested in tracing it.
903 * However there is no ACMD55, so we want to trace this particular case.
904 */
905 if (req.cmd != 55 || sd->expecting_acmd) {
75a96f5e
PMD		 906 trace_sdcard_normal_command(sd->proto_name,
907 sd_cmd_name(req.cmd), req.cmd,
2ed61fb5 908 req.arg, sd_state_name(sd->state));
586634b9 909 }
1b640aa9 910
1d06cb7a
PM		 911 /* Not interpreting this as an app command */
912 sd->card_status &= ~APP_CMD;
913
f250015b
PMD		 914 if (sd_cmd_type[req.cmd] == sd_ac
915 || sd_cmd_type[req.cmd] == sd_adtc) {
a1bb27b1 916 rca = req.arg >> 16;
97f4ed3b 917 }
a1bb27b1 918
4481bbc7
AB		 919 /* CMD23 (set block count) must be immediately followed by CMD18 or CMD25
920 * if not, its effects are cancelled */
921 if (sd->multi_blk_cnt != 0 && !(req.cmd == 18 || req.cmd == 25)) {
922 sd->multi_blk_cnt = 0;
923 }
924
9157dd59
PMD		 925 if (sd_cmd_class[req.cmd] == 6 && FIELD_EX32(sd->ocr, OCR, CARD_CAPACITY)) {
926 /* Only Standard Capacity cards support class 6 commands */
927 return sd_illegal;
928 }
929
a1bb27b1
PB		 930 switch (req.cmd) {
931 /* Basic commands (Class 0 and Class 1) */
932 case 0: /* CMD0: GO_IDLE_STATE */
933 switch (sd->state) {
934 case sd_inactive_state:
775616c3 935 return sd->spi ? sd_r1 : sd_r0;
a1bb27b1
PB		 936
937 default:
938 sd->state = sd_idle_state;
ba3ed0fa 939 sd_reset(DEVICE(sd));
775616c3 940 return sd->spi ? sd_r1 : sd_r0;
a1bb27b1
PB		 941 }
942 break;
943
775616c3
PB		 944 case 1: /* CMD1: SEND_OP_CMD */
945 if (!sd->spi)
946 goto bad_cmd;
947
948 sd->state = sd_transfer_state;
949 return sd_r1;
950
a1bb27b1 951 case 2: /* CMD2: ALL_SEND_CID */
775616c3
PB		 952 if (sd->spi)
953 goto bad_cmd;
a1bb27b1
PB		 954 switch (sd->state) {
955 case sd_ready_state:
956 sd->state = sd_identification_state;
957 return sd_r2_i;
958
959 default:
960 break;
961 }
962 break;
963
964 case 3: /* CMD3: SEND_RELATIVE_ADDR */
775616c3
PB		 965 if (sd->spi)
966 goto bad_cmd;
a1bb27b1
PB		 967 switch (sd->state) {
968 case sd_identification_state:
969 case sd_standby_state:
970 sd->state = sd_standby_state;
971 sd_set_rca(sd);
972 return sd_r6;
973
974 default:
975 break;
976 }
977 break;
978
979 case 4: /* CMD4: SEND_DSR */
775616c3
PB		 980 if (sd->spi)
981 goto bad_cmd;
a1bb27b1
PB		 982 switch (sd->state) {
983 case sd_standby_state:
984 break;
985
986 default:
987 break;
988 }
989 break;
990
109ac32f 991 case 5: /* CMD5: reserved for SDIO cards */
53bb8cc4 992 return sd_illegal;
109ac32f 993
a1bb27b1
PB		 994 case 6: /* CMD6: SWITCH_FUNCTION */
995 switch (sd->mode) {
996 case sd_data_transfer_mode:
997 sd_function_switch(sd, req.arg);
998 sd->state = sd_sendingdata_state;
999 sd->data_start = 0;
1000 sd->data_offset = 0;
1001 return sd_r1;
1002
1003 default:
1004 break;
1005 }
1006 break;
1007
1008 case 7: /* CMD7: SELECT/DESELECT_CARD */
775616c3
PB		 1009 if (sd->spi)
1010 goto bad_cmd;
a1bb27b1
PB		 1011 switch (sd->state) {
1012 case sd_standby_state:
1013 if (sd->rca != rca)
1014 return sd_r0;
1015
1016 sd->state = sd_transfer_state;
1017 return sd_r1b;
1018
1019 case sd_transfer_state:
1020 case sd_sendingdata_state:
1021 if (sd->rca == rca)
1022 break;
1023
1024 sd->state = sd_standby_state;
1025 return sd_r1b;
1026
1027 case sd_disconnect_state:
1028 if (sd->rca != rca)
1029 return sd_r0;
1030
1031 sd->state = sd_programming_state;
1032 return sd_r1b;
1033
1034 case sd_programming_state:
1035 if (sd->rca == rca)
1036 break;
1037
1038 sd->state = sd_disconnect_state;
1039 return sd_r1b;
1040
1041 default:
1042 break;
1043 }
1044 break;
1045
1b088995 1046 case 8: /* CMD8: SEND_IF_COND */
d1b32218
PMD		 1047 if (sd->spec_version < SD_PHY_SPECv2_00_VERS) {
1048 break;
1049 }
ad0ade55 1050 if (sd->state != sd_idle_state) {
1b088995
AZ		 1051 break;
1052 }
ad0ade55
PMD		 1053 sd->vhs = 0;
1054
1055 /* No response if not exactly one VHS bit is set. */
1056 if (!(req.arg >> 8) || (req.arg >> (ctz32(req.arg & ~0xff) + 1))) {
1057 return sd->spi ? sd_r7 : sd_r0;
1058 }
1059
1060 /* Accept. */
1061 sd->vhs = req.arg;
1062 return sd_r7;
1b088995 1063
a1bb27b1
PB		 1064 case 9: /* CMD9: SEND_CSD */
1065 switch (sd->state) {
1066 case sd_standby_state:
1067 if (sd->rca != rca)
1068 return sd_r0;
1069
1070 return sd_r2_s;
1071
775616c3
PB		 1072 case sd_transfer_state:
1073 if (!sd->spi)
1074 break;
1075 sd->state = sd_sendingdata_state;
1076 memcpy(sd->data, sd->csd, 16);
2d7adea4 1077 sd->data_start = addr;
775616c3
PB		 1078 sd->data_offset = 0;
1079 return sd_r1;
1080
a1bb27b1
PB		 1081 default:
1082 break;
1083 }
1084 break;
1085
1086 case 10: /* CMD10: SEND_CID */
1087 switch (sd->state) {
1088 case sd_standby_state:
1089 if (sd->rca != rca)
1090 return sd_r0;
1091
1092 return sd_r2_i;
1093
775616c3
PB		 1094 case sd_transfer_state:
1095 if (!sd->spi)
1096 break;
1097 sd->state = sd_sendingdata_state;
1098 memcpy(sd->data, sd->cid, 16);
2d7adea4 1099 sd->data_start = addr;
775616c3
PB		 1100 sd->data_offset = 0;
1101 return sd_r1;
1102
a1bb27b1
PB		 1103 default:
1104 break;
1105 }
1106 break;
1107
a1bb27b1
PB		 1108 case 12: /* CMD12: STOP_TRANSMISSION */
1109 switch (sd->state) {
1110 case sd_sendingdata_state:
1111 sd->state = sd_transfer_state;
1112 return sd_r1b;
1113
1114 case sd_receivingdata_state:
1115 sd->state = sd_programming_state;
1116 /* Bzzzzzzztt .... Operation complete. */
1117 sd->state = sd_transfer_state;
1118 return sd_r1b;
1119
1120 default:
1121 break;
1122 }
1123 break;
1124
1125 case 13: /* CMD13: SEND_STATUS */
1126 switch (sd->mode) {
1127 case sd_data_transfer_mode:
1128 if (sd->rca != rca)
1129 return sd_r0;
1130
1131 return sd_r1;
1132
1133 default:
1134 break;
1135 }
1136 break;
1137
1138 case 15: /* CMD15: GO_INACTIVE_STATE */
775616c3
PB		 1139 if (sd->spi)
1140 goto bad_cmd;
a1bb27b1
PB		 1141 switch (sd->mode) {
1142 case sd_data_transfer_mode:
1143 if (sd->rca != rca)
1144 return sd_r0;
1145
1146 sd->state = sd_inactive_state;
1147 return sd_r0;
1148
1149 default:
1150 break;
1151 }
1152 break;
1153
1154 /* Block read commands (Classs 2) */
1155 case 16: /* CMD16: SET_BLOCKLEN */
1156 switch (sd->state) {
1157 case sd_transfer_state:
814b2adc 1158 if (req.arg > (1 << HWBLOCK_SHIFT)) {
a1bb27b1 1159 sd->card_status |= BLOCK_LEN_ERROR;
814b2adc
PMD		 1160 } else {
1161 trace_sdcard_set_blocklen(req.arg);
a1bb27b1 1162 sd->blk_len = req.arg;
814b2adc 1163 }
a1bb27b1
PB		 1164
1165 return sd_r1;
1166
1167 default:
1168 break;
1169 }
1170 break;
1171
1172 case 17: /* CMD17: READ_SINGLE_BLOCK */
1173 switch (sd->state) {
1174 case sd_transfer_state:
a1bb27b1 1175
790762e5 1176 if (addr + sd->blk_len > sd->size) {
a1bb27b1 1177 sd->card_status |= ADDRESS_ERROR;
790762e5 1178 return sd_r1;
794d68de 1179 }
790762e5
PMD		 1180
1181 sd->state = sd_sendingdata_state;
1182 sd->data_start = addr;
1183 sd->data_offset = 0;
a1bb27b1
PB		 1184 return sd_r1;
1185
1186 default:
1187 break;
1188 }
1189 break;
1190
1191 case 18: /* CMD18: READ_MULTIPLE_BLOCK */
1192 switch (sd->state) {
1193 case sd_transfer_state:
a1bb27b1 1194
790762e5 1195 if (addr + sd->blk_len > sd->size) {
a1bb27b1 1196 sd->card_status |= ADDRESS_ERROR;
790762e5 1197 return sd_r1;
794d68de 1198 }
790762e5
PMD		 1199
1200 sd->state = sd_sendingdata_state;
1201 sd->data_start = addr;
1202 sd->data_offset = 0;
a1bb27b1
PB		 1203 return sd_r1;
1204
1205 default:
1206 break;
1207 }
1208 break;
1209
0c3fb03f 1210 case 19: /* CMD19: SEND_TUNING_BLOCK (SD) */
113f31c0
PMD		 1211 if (sd->spec_version < SD_PHY_SPECv3_01_VERS) {
1212 break;
1213 }
0c3fb03f
PMD		 1214 if (sd->state == sd_transfer_state) {
1215 sd->state = sd_sendingdata_state;
1216 sd->data_offset = 0;
1217 return sd_r1;
1218 }
1219 break;
1220
4481bbc7 1221 case 23: /* CMD23: SET_BLOCK_COUNT */
113f31c0
PMD		 1222 if (sd->spec_version < SD_PHY_SPECv3_01_VERS) {
1223 break;
1224 }
4481bbc7
AB		 1225 switch (sd->state) {
1226 case sd_transfer_state:
1227 sd->multi_blk_cnt = req.arg;
1228 return sd_r1;
1229
1230 default:
1231 break;
1232 }
1233 break;
1234
a1bb27b1
PB		 1235 /* Block write commands (Class 4) */
1236 case 24: /* CMD24: WRITE_SINGLE_BLOCK */
1237 switch (sd->state) {
1238 case sd_transfer_state:
775616c3
PB		 1239 /* Writing in SPI mode not implemented. */
1240 if (sd->spi)
1241 break;
790762e5
PMD		 1242
1243 if (addr + sd->blk_len > sd->size) {
1244 sd->card_status |= ADDRESS_ERROR;
1245 return sd_r1;
1246 }
1247
a1bb27b1 1248 sd->state = sd_receivingdata_state;
2d7adea4 1249 sd->data_start = addr;
a1bb27b1
PB		 1250 sd->data_offset = 0;
1251 sd->blk_written = 0;
1252
794d68de 1253 if (sd_wp_addr(sd, sd->data_start)) {
a1bb27b1 1254 sd->card_status |= WP_VIOLATION;
794d68de
PMD		 1255 }
1256 if (sd->csd[14] & 0x30) {
a1bb27b1 1257 sd->card_status |= WP_VIOLATION;
794d68de 1258 }
a1bb27b1
PB		 1259 return sd_r1;
1260
1261 default:
1262 break;
1263 }
1264 break;
1265
1266 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
1267 switch (sd->state) {
1268 case sd_transfer_state:
775616c3
PB		 1269 /* Writing in SPI mode not implemented. */
1270 if (sd->spi)
1271 break;
790762e5
PMD		 1272
1273 if (addr + sd->blk_len > sd->size) {
1274 sd->card_status |= ADDRESS_ERROR;
1275 return sd_r1;
1276 }
1277
a1bb27b1 1278 sd->state = sd_receivingdata_state;
2d7adea4 1279 sd->data_start = addr;
a1bb27b1
PB		 1280 sd->data_offset = 0;
1281 sd->blk_written = 0;
1282
794d68de 1283 if (sd_wp_addr(sd, sd->data_start)) {
a1bb27b1 1284 sd->card_status |= WP_VIOLATION;
794d68de
PMD		 1285 }
1286 if (sd->csd[14] & 0x30) {
a1bb27b1 1287 sd->card_status |= WP_VIOLATION;
794d68de 1288 }
a1bb27b1
PB		 1289 return sd_r1;
1290
1291 default:
1292 break;
1293 }
1294 break;
1295
1296 case 26: /* CMD26: PROGRAM_CID */
775616c3
PB		 1297 if (sd->spi)
1298 goto bad_cmd;
a1bb27b1
PB		 1299 switch (sd->state) {
1300 case sd_transfer_state:
1301 sd->state = sd_receivingdata_state;
1302 sd->data_start = 0;
1303 sd->data_offset = 0;
1304 return sd_r1;
1305
1306 default:
1307 break;
1308 }
1309 break;
1310
1311 case 27: /* CMD27: PROGRAM_CSD */
1312 switch (sd->state) {
1313 case sd_transfer_state:
1314 sd->state = sd_receivingdata_state;
1315 sd->data_start = 0;
1316 sd->data_offset = 0;
1317 return sd_r1;
1318
1319 default:
1320 break;
1321 }
1322 break;
1323
1324 /* Write protection (Class 6) */
1325 case 28: /* CMD28: SET_WRITE_PROT */
1326 switch (sd->state) {
1327 case sd_transfer_state:
2d7adea4 1328 if (addr >= sd->size) {
e30d5938 1329 sd->card_status |= ADDRESS_ERROR;
a1bb27b1
PB		 1330 return sd_r1b;
1331 }
1332
1333 sd->state = sd_programming_state;
b7202b88 1334 set_bit(sd_addr_to_wpnum(addr), sd->wp_groups);
a1bb27b1
PB		 1335 /* Bzzzzzzztt .... Operation complete. */
1336 sd->state = sd_transfer_state;
1337 return sd_r1b;
1338
1339 default:
1340 break;
1341 }
1342 break;
1343
1344 case 29: /* CMD29: CLR_WRITE_PROT */
1345 switch (sd->state) {
1346 case sd_transfer_state:
2d7adea4 1347 if (addr >= sd->size) {
e30d5938 1348 sd->card_status |= ADDRESS_ERROR;
a1bb27b1
PB		 1349 return sd_r1b;
1350 }
1351
1352 sd->state = sd_programming_state;
b7202b88 1353 clear_bit(sd_addr_to_wpnum(addr), sd->wp_groups);
a1bb27b1
PB		 1354 /* Bzzzzzzztt .... Operation complete. */
1355 sd->state = sd_transfer_state;
1356 return sd_r1b;
1357
1358 default:
1359 break;
1360 }
1361 break;
1362
1363 case 30: /* CMD30: SEND_WRITE_PROT */
1364 switch (sd->state) {
1365 case sd_transfer_state:
1366 sd->state = sd_sendingdata_state;
1367 *(uint32_t *) sd->data = sd_wpbits(sd, req.arg);
2d7adea4 1368 sd->data_start = addr;
a1bb27b1
PB		 1369 sd->data_offset = 0;
1370 return sd_r1b;
1371
1372 default:
1373 break;
1374 }
1375 break;
1376
1377 /* Erase commands (Class 5) */
1378 case 32: /* CMD32: ERASE_WR_BLK_START */
1379 switch (sd->state) {
1380 case sd_transfer_state:
1381 sd->erase_start = req.arg;
1382 return sd_r1;
1383
1384 default:
1385 break;
1386 }
1387 break;
1388
1389 case 33: /* CMD33: ERASE_WR_BLK_END */
1390 switch (sd->state) {
1391 case sd_transfer_state:
1392 sd->erase_end = req.arg;
1393 return sd_r1;
1394
1395 default:
1396 break;
1397 }
1398 break;
1399
1400 case 38: /* CMD38: ERASE */
1401 switch (sd->state) {
1402 case sd_transfer_state:
1403 if (sd->csd[14] & 0x30) {
1404 sd->card_status |= WP_VIOLATION;
1405 return sd_r1b;
1406 }
1407
1408 sd->state = sd_programming_state;
1409 sd_erase(sd);
1410 /* Bzzzzzzztt .... Operation complete. */
1411 sd->state = sd_transfer_state;
1412 return sd_r1b;
1413
1414 default:
1415 break;
1416 }
1417 break;
1418
1419 /* Lock card commands (Class 7) */
1420 case 42: /* CMD42: LOCK_UNLOCK */
1421 switch (sd->state) {
1422 case sd_transfer_state:
1423 sd->state = sd_receivingdata_state;
1424 sd->data_start = 0;
1425 sd->data_offset = 0;
1426 return sd_r1;
1427
1428 default:
1429 break;
1430 }
1431 break;
1432
49fb7381
PMD		 1433 case 52 ... 54:
1434 /* CMD52, CMD53, CMD54: reserved for SDIO cards
39e594db
PM		 1435 * (see the SDIO Simplified Specification V2.0)
1436 * Handle as illegal command but do not complain
1437 * on stderr, as some OSes may use these in their
1438 * probing for presence of an SDIO card.
1439 */
53bb8cc4 1440 return sd_illegal;
39e594db 1441
a1bb27b1
PB		 1442 /* Application specific commands (Class 8) */
1443 case 55: /* CMD55: APP_CMD */
d6911486
PMD		 1444 switch (sd->state) {
1445 case sd_ready_state:
1446 case sd_identification_state:
1447 case sd_inactive_state:
1448 return sd_illegal;
31162800
PMD		 1449 case sd_idle_state:
1450 if (rca) {
1451 qemu_log_mask(LOG_GUEST_ERROR,
1452 "SD: illegal RCA 0x%04x for APP_CMD\n", req.cmd);
1453 }
d6911486
PMD		 1454 default:
1455 break;
1456 }
946897ce
PMD		 1457 if (!sd->spi) {
1458 if (sd->rca != rca) {
1459 return sd_r0;
1460 }
1461 }
bebd1271 1462 sd->expecting_acmd = true;
a1bb27b1
PB		 1463 sd->card_status |= APP_CMD;
1464 return sd_r1;
1465
1466 case 56: /* CMD56: GEN_CMD */
a1bb27b1
PB		 1467 switch (sd->state) {
1468 case sd_transfer_state:
1469 sd->data_offset = 0;
1470 if (req.arg & 1)
1471 sd->state = sd_sendingdata_state;
1472 else
1473 sd->state = sd_receivingdata_state;
1474 return sd_r1;
1475
1476 default:
1477 break;
1478 }
1479 break;
1480
946897ce
PMD		 1481 case 58: /* CMD58: READ_OCR (SPI) */
1482 if (!sd->spi) {
1483 goto bad_cmd;
1484 }
1485 return sd_r3;
1486
1487 case 59: /* CMD59: CRC_ON_OFF (SPI) */
1488 if (!sd->spi) {
1489 goto bad_cmd;
1490 }
1491 goto unimplemented_spi_cmd;
1492
a1bb27b1 1493 default:
775616c3 1494 bad_cmd:
9800ad88 1495 qemu_log_mask(LOG_GUEST_ERROR, "SD: Unknown CMD%i\n", req.cmd);
53bb8cc4 1496 return sd_illegal;
775616c3 1497
a2120864 1498 unimplemented_spi_cmd:
775616c3 1499 /* Commands that are recognised but not yet implemented in SPI mode. */
9800ad88
AB		 1500 qemu_log_mask(LOG_UNIMP, "SD: CMD%i not implemented in SPI mode\n",
1501 req.cmd);
53bb8cc4 1502 return sd_illegal;
a1bb27b1
PB		 1503 }
1504
9800ad88 1505 qemu_log_mask(LOG_GUEST_ERROR, "SD: CMD%i in a wrong state\n", req.cmd);
53bb8cc4 1506 return sd_illegal;
a1bb27b1
PB		 1507}
1508
c227f099 1509static sd_rsp_type_t sd_app_command(SDState *sd,
22ed1d34
BS		 1510 SDRequest req)
1511{
75a96f5e 1512 trace_sdcard_app_command(sd->proto_name, sd_acmd_name(req.cmd),
2ed61fb5 1513 req.cmd, req.arg, sd_state_name(sd->state));
1d06cb7a 1514 sd->card_status |= APP_CMD;
a1bb27b1
PB		 1515 switch (req.cmd) {
1516 case 6: /* ACMD6: SET_BUS_WIDTH */
946897ce
PMD		 1517 if (sd->spi) {
1518 goto unimplemented_spi_cmd;
1519 }
a1bb27b1
PB		 1520 switch (sd->state) {
1521 case sd_transfer_state:
1522 sd->sd_status[0] &= 0x3f;
1523 sd->sd_status[0] |= (req.arg & 0x03) << 6;
1524 return sd_r1;
1525
1526 default:
1527 break;
1528 }
1529 break;
1530
1531 case 13: /* ACMD13: SD_STATUS */
1532 switch (sd->state) {
1533 case sd_transfer_state:
fb1ba03a 1534 sd->state = sd_sendingdata_state;
a1bb27b1
PB		 1535 sd->data_start = 0;
1536 sd->data_offset = 0;
1537 return sd_r1;
1538
1539 default:
1540 break;
1541 }
1542 break;
1543
1544 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
1545 switch (sd->state) {
1546 case sd_transfer_state:
1547 *(uint32_t *) sd->data = sd->blk_written;
1548
fb1ba03a 1549 sd->state = sd_sendingdata_state;
a1bb27b1
PB		 1550 sd->data_start = 0;
1551 sd->data_offset = 0;
1552 return sd_r1;
1553
1554 default:
1555 break;
1556 }
1557 break;
1558
1559 case 23: /* ACMD23: SET_WR_BLK_ERASE_COUNT */
1560 switch (sd->state) {
1561 case sd_transfer_state:
1562 return sd_r1;
1563
1564 default:
1565 break;
1566 }
1567 break;
1568
1569 case 41: /* ACMD41: SD_APP_OP_COND */
775616c3
PB		 1570 if (sd->spi) {
1571 /* SEND_OP_CMD */
1572 sd->state = sd_transfer_state;
1573 return sd_r1;
1574 }
4e5cc675
PMD		 1575 if (sd->state != sd_idle_state) {
1576 break;
1577 }
1578 /* If it's the first ACMD41 since reset, we need to decide
1579 * whether to power up. If this is not an enquiry ACMD41,
1580 * we immediately report power on and proceed below to the
1581 * ready state, but if it is, we set a timer to model a
1582 * delay for power up. This works around a bug in EDK2
1583 * UEFI, which sends an initial enquiry ACMD41, but
1584 * assumes that the card is in ready state as soon as it
1585 * sees the power up bit set. */
1586 if (!FIELD_EX32(sd->ocr, OCR, CARD_POWER_UP)) {
1587 if ((req.arg & ACMD41_ENQUIRY_MASK) != 0) {
1588 timer_del(sd->ocr_power_timer);
1589 sd_ocr_powerup(sd);
1590 } else {
1591 trace_sdcard_inquiry_cmd41();
1592 if (!timer_pending(sd->ocr_power_timer)) {
1593 timer_mod_ns(sd->ocr_power_timer,
1594 (qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL)
1595 + OCR_POWER_DELAY_NS));
dd26eb43
AB		 1596 }
1597 }
4e5cc675 1598 }
dd26eb43 1599
4e5cc675 1600 if (FIELD_EX32(sd->ocr & req.arg, OCR, VDD_VOLTAGE_WINDOW)) {
37ab4a56
PC		 1601 /* We accept any voltage. 10000 V is nothing.
1602 *
dd26eb43 1603 * Once we're powered up, we advance straight to ready state
37ab4a56
PC		 1604 * unless it's an enquiry ACMD41 (bits 23:0 == 0).
1605 */
4e5cc675 1606 sd->state = sd_ready_state;
a1bb27b1 1607 }
4e5cc675
PMD		 1608
1609 return sd_r3;
a1bb27b1
PB		 1610
1611 case 42: /* ACMD42: SET_CLR_CARD_DETECT */
1612 switch (sd->state) {
1613 case sd_transfer_state:
1614 /* Bringing in the 50KOhm pull-up resistor... Done. */
1615 return sd_r1;
1616
1617 default:
1618 break;
1619 }
1620 break;
1621
1622 case 51: /* ACMD51: SEND_SCR */
1623 switch (sd->state) {
1624 case sd_transfer_state:
1625 sd->state = sd_sendingdata_state;
1626 sd->data_start = 0;
1627 sd->data_offset = 0;
1628 return sd_r1;
1629
1630 default:
1631 break;
1632 }
1633 break;
1634
688491c7
PMD		 1635 case 18: /* Reserved for SD security applications */
1636 case 25:
1637 case 26:
1638 case 38:
1639 case 43 ... 49:
1640 /* Refer to the "SD Specifications Part3 Security Specification" for
1641 * information about the SD Security Features.
1642 */
1643 qemu_log_mask(LOG_UNIMP, "SD: CMD%i Security not implemented\n",
1644 req.cmd);
1645 return sd_illegal;
1646
a1bb27b1
PB		 1647 default:
1648 /* Fall back to standard commands. */
a1bb27b1 1649 return sd_normal_command(sd, req);
946897ce
PMD		 1650
1651 unimplemented_spi_cmd:
1652 /* Commands that are recognised but not yet implemented in SPI mode. */
1653 qemu_log_mask(LOG_UNIMP, "SD: CMD%i not implemented in SPI mode\n",
1654 req.cmd);
1655 return sd_illegal;
a1bb27b1
PB		 1656 }
1657
9800ad88 1658 qemu_log_mask(LOG_GUEST_ERROR, "SD: ACMD%i in a wrong state\n", req.cmd);
5b08bfe2 1659 return sd_illegal;
a1bb27b1
PB		 1660}
1661
25881d33
PM		 1662static int cmd_valid_while_locked(SDState *sd, SDRequest *req)
1663{
1664 /* Valid commands in locked state:
1665 * basic class (0)
1666 * lock card class (7)
1667 * CMD16
1668 * implicitly, the ACMD prefix CMD55
1669 * ACMD41 and ACMD42
1670 * Anything else provokes an "illegal command" response.
1671 */
1d06cb7a 1672 if (sd->expecting_acmd) {
25881d33
PM		 1673 return req->cmd == 41 || req->cmd == 42;
1674 }
1675 if (req->cmd == 16 || req->cmd == 55) {
1676 return 1;
1677 }
f250015b
PMD		 1678 return sd_cmd_class[req->cmd] == 0
1679 || sd_cmd_class[req->cmd] == 7;
25881d33
PM		 1680}
1681
bc24a225 1682int sd_do_command(SDState *sd, SDRequest *req,
a1bb27b1 1683 uint8_t *response) {
10a412da 1684 int last_state;
c227f099 1685 sd_rsp_type_t rtype;
a1bb27b1
PB		 1686 int rsplen;
1687
4be74634 1688 if (!sd->blk || !blk_is_inserted(sd->blk) || !sd->enable) {
a1bb27b1
PB		 1689 return 0;
1690 }
1691
1692 if (sd_req_crc_validate(req)) {
abda1f37 1693 sd->card_status |= COM_CRC_ERROR;
b1f517ed
PM		 1694 rtype = sd_illegal;
1695 goto send_response;
a1bb27b1
PB		 1696 }
1697
f250015b
PMD		 1698 if (req->cmd >= SDMMC_CMD_MAX) {
1699 qemu_log_mask(LOG_GUEST_ERROR, "SD: incorrect command 0x%02x\n",
1700 req->cmd);
1701 req->cmd &= 0x3f;
1702 }
1703
10a412da 1704 if (sd->card_status & CARD_IS_LOCKED) {
25881d33 1705 if (!cmd_valid_while_locked(sd, req)) {
a1bb27b1 1706 sd->card_status |= ILLEGAL_COMMAND;
bebd1271 1707 sd->expecting_acmd = false;
9800ad88 1708 qemu_log_mask(LOG_GUEST_ERROR, "SD: Card is locked\n");
b1f517ed
PM		 1709 rtype = sd_illegal;
1710 goto send_response;
a1bb27b1 1711 }
25881d33 1712 }
a1bb27b1 1713
10a412da
PM		 1714 last_state = sd->state;
1715 sd_set_mode(sd);
1716
1d06cb7a 1717 if (sd->expecting_acmd) {
bebd1271 1718 sd->expecting_acmd = false;
a1bb27b1 1719 rtype = sd_app_command(sd, *req);
1d06cb7a 1720 } else {
a1bb27b1 1721 rtype = sd_normal_command(sd, *req);
1d06cb7a 1722 }
a1bb27b1 1723
53bb8cc4
PM		 1724 if (rtype == sd_illegal) {
1725 sd->card_status |= ILLEGAL_COMMAND;
10a412da
PM		 1726 } else {
1727 /* Valid command, we can update the 'state before command' bits.
1728 * (Do this now so they appear in r1 responses.)
1729 */
1730 sd->current_cmd = req->cmd;
1731 sd->card_status &= ~CURRENT_STATE;
1732 sd->card_status |= (last_state << 9);
53bb8cc4
PM		 1733 }
1734
b1f517ed 1735send_response:
a1bb27b1
PB		 1736 switch (rtype) {
1737 case sd_r1:
1738 case sd_r1b:
10a412da 1739 sd_response_r1_make(sd, response);
a1bb27b1
PB		 1740 rsplen = 4;
1741 break;
1742
1743 case sd_r2_i:
1744 memcpy(response, sd->cid, sizeof(sd->cid));
a1bb27b1
PB		 1745 rsplen = 16;
1746 break;
1747
1748 case sd_r2_s:
1749 memcpy(response, sd->csd, sizeof(sd->csd));
a1bb27b1
PB		 1750 rsplen = 16;
1751 break;
1752
1753 case sd_r3:
1754 sd_response_r3_make(sd, response);
1755 rsplen = 4;
1756 break;
1757
1758 case sd_r6:
1759 sd_response_r6_make(sd, response);
1760 rsplen = 4;
1761 break;
1762
1b088995
AZ		 1763 case sd_r7:
1764 sd_response_r7_make(sd, response);
1765 rsplen = 4;
1766 break;
1767
a1bb27b1 1768 case sd_r0:
53bb8cc4 1769 case sd_illegal:
a1bb27b1
PB		 1770 rsplen = 0;
1771 break;
55921932
PMD		 1772 default:
1773 g_assert_not_reached();
a1bb27b1 1774 }
55921932 1775 trace_sdcard_response(sd_response_name(rtype), rsplen);
a1bb27b1 1776
10a412da
PM		 1777 if (rtype != sd_illegal) {
1778 /* Clear the "clear on valid command" status bits now we've
1779 * sent any response
1780 */
1781 sd->card_status &= ~CARD_STATUS_B;
1782 }
1783
a1bb27b1 1784#ifdef DEBUG_SD
5cd5e2e7 1785 qemu_hexdump((const char *)response, stderr, "Response", rsplen);
a1bb27b1
PB		 1786#endif
1787
1788 return rsplen;
1789}
1790
2d7adea4 1791static void sd_blk_read(SDState *sd, uint64_t addr, uint32_t len)
a1bb27b1 1792{
1b640aa9 1793 trace_sdcard_read_block(addr, len);
12c125cb 1794 if (!sd->blk || blk_pread(sd->blk, addr, sd->data, len) < 0) {
827df9f3 1795 fprintf(stderr, "sd_blk_read: read error on host side\n");
a1bb27b1 1796 }
a1bb27b1
PB		 1797}
1798
2d7adea4 1799static void sd_blk_write(SDState *sd, uint64_t addr, uint32_t len)
a1bb27b1 1800{
1b640aa9 1801 trace_sdcard_write_block(addr, len);
12c125cb
EB		 1802 if (!sd->blk || blk_pwrite(sd->blk, addr, sd->data, len, 0) < 0) {
1803 fprintf(stderr, "sd_blk_write: write error on host side\n");
a1bb27b1
PB		 1804 }
1805}
1806
33f00271
AZ		 1807#define BLK_READ_BLOCK(a, len) sd_blk_read(sd, a, len)
1808#define BLK_WRITE_BLOCK(a, len) sd_blk_write(sd, a, len)
a1bb27b1
PB		 1809#define APP_READ_BLOCK(a, len) memset(sd->data, 0xec, len)
1810#define APP_WRITE_BLOCK(a, len)
1811
1812void sd_write_data(SDState *sd, uint8_t value)
1813{
1814 int i;
1815
4be74634 1816 if (!sd->blk || !blk_is_inserted(sd->blk) || !sd->enable)
a1bb27b1
PB		 1817 return;
1818
1819 if (sd->state != sd_receivingdata_state) {
9800ad88
AB		 1820 qemu_log_mask(LOG_GUEST_ERROR,
1821 "sd_write_data: not in Receiving-Data state\n");
a1bb27b1
PB		 1822 return;
1823 }
1824
1825 if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION))
1826 return;
1827
75a96f5e
PMD		 1828 trace_sdcard_write_data(sd->proto_name,
1829 sd_acmd_name(sd->current_cmd),
2ed61fb5 1830 sd->current_cmd, value);
a1bb27b1
PB		 1831 switch (sd->current_cmd) {
1832 case 24: /* CMD24: WRITE_SINGLE_BLOCK */
1833 sd->data[sd->data_offset ++] = value;
1834 if (sd->data_offset >= sd->blk_len) {
1835 /* TODO: Check CRC before committing */
1836 sd->state = sd_programming_state;
1837 BLK_WRITE_BLOCK(sd->data_start, sd->data_offset);
1838 sd->blk_written ++;
1839 sd->csd[14] |= 0x40;
1840 /* Bzzzzzzztt .... Operation complete. */
1841 sd->state = sd_transfer_state;
1842 }
1843 break;
1844
1845 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
33fa8234 1846 if (sd->data_offset == 0) {
e03ba136 1847 /* Start of the block - let's check the address is valid */
a1bb27b1
PB		 1848 if (sd->data_start + sd->blk_len > sd->size) {
1849 sd->card_status |= ADDRESS_ERROR;
1850 break;
1851 }
1852 if (sd_wp_addr(sd, sd->data_start)) {
1853 sd->card_status |= WP_VIOLATION;
1854 break;
1855 }
33fa8234
DDAG		 1856 }
1857 sd->data[sd->data_offset++] = value;
1858 if (sd->data_offset >= sd->blk_len) {
1859 /* TODO: Check CRC before committing */
1860 sd->state = sd_programming_state;
1861 BLK_WRITE_BLOCK(sd->data_start, sd->data_offset);
1862 sd->blk_written++;
1863 sd->data_start += sd->blk_len;
1864 sd->data_offset = 0;
a1bb27b1
PB		 1865 sd->csd[14] |= 0x40;
1866
1867 /* Bzzzzzzztt .... Operation complete. */
4481bbc7
AB		 1868 if (sd->multi_blk_cnt != 0) {
1869 if (--sd->multi_blk_cnt == 0) {
1870 /* Stop! */
1871 sd->state = sd_transfer_state;
1872 break;
1873 }
1874 }
1875
a1bb27b1
PB		 1876 sd->state = sd_receivingdata_state;
1877 }
1878 break;
1879
1880 case 26: /* CMD26: PROGRAM_CID */
1881 sd->data[sd->data_offset ++] = value;
1882 if (sd->data_offset >= sizeof(sd->cid)) {
1883 /* TODO: Check CRC before committing */
1884 sd->state = sd_programming_state;
1885 for (i = 0; i < sizeof(sd->cid); i ++)
1886 if ((sd->cid[i] | 0x00) != sd->data[i])
1887 sd->card_status |= CID_CSD_OVERWRITE;
1888
1889 if (!(sd->card_status & CID_CSD_OVERWRITE))
1890 for (i = 0; i < sizeof(sd->cid); i ++) {
1891 sd->cid[i] |= 0x00;
1892 sd->cid[i] &= sd->data[i];
1893 }
1894 /* Bzzzzzzztt .... Operation complete. */
1895 sd->state = sd_transfer_state;
1896 }
1897 break;
1898
1899 case 27: /* CMD27: PROGRAM_CSD */
1900 sd->data[sd->data_offset ++] = value;
1901 if (sd->data_offset >= sizeof(sd->csd)) {
1902 /* TODO: Check CRC before committing */
1903 sd->state = sd_programming_state;
1904 for (i = 0; i < sizeof(sd->csd); i ++)
1905 if ((sd->csd[i] | sd_csd_rw_mask[i]) !=
1906 (sd->data[i] | sd_csd_rw_mask[i]))
1907 sd->card_status |= CID_CSD_OVERWRITE;
1908
1909 /* Copy flag (OTP) & Permanent write protect */
1910 if (sd->csd[14] & ~sd->data[14] & 0x60)
1911 sd->card_status |= CID_CSD_OVERWRITE;
1912
1913 if (!(sd->card_status & CID_CSD_OVERWRITE))
1914 for (i = 0; i < sizeof(sd->csd); i ++) {
1915 sd->csd[i] |= sd_csd_rw_mask[i];
1916 sd->csd[i] &= sd->data[i];
1917 }
1918 /* Bzzzzzzztt .... Operation complete. */
1919 sd->state = sd_transfer_state;
1920 }
1921 break;
1922
1923 case 42: /* CMD42: LOCK_UNLOCK */
1924 sd->data[sd->data_offset ++] = value;
1925 if (sd->data_offset >= sd->blk_len) {
1926 /* TODO: Check CRC before committing */
1927 sd->state = sd_programming_state;
1928 sd_lock_command(sd);
1929 /* Bzzzzzzztt .... Operation complete. */
1930 sd->state = sd_transfer_state;
1931 }
1932 break;
1933
1934 case 56: /* CMD56: GEN_CMD */
1935 sd->data[sd->data_offset ++] = value;
1936 if (sd->data_offset >= sd->blk_len) {
1937 APP_WRITE_BLOCK(sd->data_start, sd->data_offset);
1938 sd->state = sd_transfer_state;
1939 }
1940 break;
1941
1942 default:
9800ad88 1943 qemu_log_mask(LOG_GUEST_ERROR, "sd_write_data: unknown command\n");
a1bb27b1
PB		 1944 break;
1945 }
1946}
1947
0c3fb03f
PMD		 1948#define SD_TUNING_BLOCK_SIZE 64
1949
1950static const uint8_t sd_tuning_block_pattern[SD_TUNING_BLOCK_SIZE] = {
1951 /* See: Physical Layer Simplified Specification Version 3.01, Table 4-2 */
1952 0xff, 0x0f, 0xff, 0x00, 0x0f, 0xfc, 0xc3, 0xcc,
1953 0xc3, 0x3c, 0xcc, 0xff, 0xfe, 0xff, 0xfe, 0xef,
1954 0xff, 0xdf, 0xff, 0xdd, 0xff, 0xfb, 0xff, 0xfb,
1955 0xbf, 0xff, 0x7f, 0xff, 0x77, 0xf7, 0xbd, 0xef,
1956 0xff, 0xf0, 0xff, 0xf0, 0x0f, 0xfc, 0xcc, 0x3c,
1957 0xcc, 0x33, 0xcc, 0xcf, 0xff, 0xef, 0xff, 0xee,
1958 0xff, 0xfd, 0xff, 0xfd, 0xdf, 0xff, 0xbf, 0xff,
1959 0xbb, 0xff, 0xf7, 0xff, 0xf7, 0x7f, 0x7b, 0xde,
1960};
1961
a1bb27b1
PB		 1962uint8_t sd_read_data(SDState *sd)
1963{
1964 /* TODO: Append CRCs */
1965 uint8_t ret;
2d7adea4 1966 int io_len;
a1bb27b1 1967
4be74634 1968 if (!sd->blk || !blk_is_inserted(sd->blk) || !sd->enable)
a1bb27b1
PB		 1969 return 0x00;
1970
1971 if (sd->state != sd_sendingdata_state) {
9800ad88
AB		 1972 qemu_log_mask(LOG_GUEST_ERROR,
1973 "sd_read_data: not in Sending-Data state\n");
a1bb27b1
PB		 1974 return 0x00;
1975 }
1976
1977 if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION))
1978 return 0x00;
1979
2d7adea4
AZ		 1980 io_len = (sd->ocr & (1 << 30)) ? 512 : sd->blk_len;
1981
75a96f5e
PMD		 1982 trace_sdcard_read_data(sd->proto_name,
1983 sd_acmd_name(sd->current_cmd),
2ed61fb5 1984 sd->current_cmd, io_len);
a1bb27b1
PB		 1985 switch (sd->current_cmd) {
1986 case 6: /* CMD6: SWITCH_FUNCTION */
1987 ret = sd->data[sd->data_offset ++];
1988
1989 if (sd->data_offset >= 64)
1990 sd->state = sd_transfer_state;
1991 break;
1992
775616c3
PB		 1993 case 9: /* CMD9: SEND_CSD */
1994 case 10: /* CMD10: SEND_CID */
1995 ret = sd->data[sd->data_offset ++];
1996
1997 if (sd->data_offset >= 16)
1998 sd->state = sd_transfer_state;
1999 break;
2000
a1bb27b1
PB		 2001 case 13: /* ACMD13: SD_STATUS */
2002 ret = sd->sd_status[sd->data_offset ++];
2003
2004 if (sd->data_offset >= sizeof(sd->sd_status))
2005 sd->state = sd_transfer_state;
2006 break;
2007
2008 case 17: /* CMD17: READ_SINGLE_BLOCK */
2009 if (sd->data_offset == 0)
2d7adea4 2010 BLK_READ_BLOCK(sd->data_start, io_len);
a1bb27b1
PB		 2011 ret = sd->data[sd->data_offset ++];
2012
2d7adea4 2013 if (sd->data_offset >= io_len)
a1bb27b1
PB		 2014 sd->state = sd_transfer_state;
2015 break;
2016
2017 case 18: /* CMD18: READ_MULTIPLE_BLOCK */
8573378e
MO		 2018 if (sd->data_offset == 0) {
2019 if (sd->data_start + io_len > sd->size) {
2020 sd->card_status |= ADDRESS_ERROR;
2021 return 0x00;
2022 }
2d7adea4 2023 BLK_READ_BLOCK(sd->data_start, io_len);
8573378e 2024 }
a1bb27b1
PB		 2025 ret = sd->data[sd->data_offset ++];
2026
2d7adea4
AZ		 2027 if (sd->data_offset >= io_len) {
2028 sd->data_start += io_len;
a1bb27b1 2029 sd->data_offset = 0;
4481bbc7
AB		 2030
2031 if (sd->multi_blk_cnt != 0) {
2032 if (--sd->multi_blk_cnt == 0) {
2033 /* Stop! */
2034 sd->state = sd_transfer_state;
2035 break;
2036 }
2037 }
a1bb27b1
PB		 2038 }
2039 break;
2040
0c3fb03f
PMD		 2041 case 19: /* CMD19: SEND_TUNING_BLOCK (SD) */
2042 if (sd->data_offset >= SD_TUNING_BLOCK_SIZE - 1) {
2043 sd->state = sd_transfer_state;
2044 }
2045 ret = sd_tuning_block_pattern[sd->data_offset++];
2046 break;
2047
a1bb27b1
PB		 2048 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
2049 ret = sd->data[sd->data_offset ++];
2050
2051 if (sd->data_offset >= 4)
2052 sd->state = sd_transfer_state;
2053 break;
2054
2055 case 30: /* CMD30: SEND_WRITE_PROT */
2056 ret = sd->data[sd->data_offset ++];
2057
2058 if (sd->data_offset >= 4)
2059 sd->state = sd_transfer_state;
2060 break;
2061
2062 case 51: /* ACMD51: SEND_SCR */
2063 ret = sd->scr[sd->data_offset ++];
2064
2065 if (sd->data_offset >= sizeof(sd->scr))
2066 sd->state = sd_transfer_state;
2067 break;
2068
2069 case 56: /* CMD56: GEN_CMD */
2070 if (sd->data_offset == 0)
2071 APP_READ_BLOCK(sd->data_start, sd->blk_len);
2072 ret = sd->data[sd->data_offset ++];
2073
2074 if (sd->data_offset >= sd->blk_len)
2075 sd->state = sd_transfer_state;
2076 break;
2077
2078 default:
9800ad88 2079 qemu_log_mask(LOG_GUEST_ERROR, "sd_read_data: unknown command\n");
a1bb27b1
PB		 2080 return 0x00;
2081 }
2082
2083 return ret;
2084}
2085
38626a33 2086static bool sd_data_ready(SDState *sd)
a1bb27b1
PB		 2087{
2088 return sd->state == sd_sendingdata_state;
2089}
827df9f3 2090
bebd1271 2091void sd_enable(SDState *sd, bool enable)
827df9f3
AZ		 2092{
2093 sd->enable = enable;
2094}
260bc9d8
PM		 2095
2096static void sd_instance_init(Object *obj)
2097{
2098 SDState *sd = SD_CARD(obj);
2099
2100 sd->enable = true;
dd26eb43 2101 sd->ocr_power_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, sd_ocr_powerup, sd);
260bc9d8
PM		 2102}
2103
5ba34401
MAL		 2104static void sd_instance_finalize(Object *obj)
2105{
2106 SDState *sd = SD_CARD(obj);
2107
2108 timer_del(sd->ocr_power_timer);
2109 timer_free(sd->ocr_power_timer);
2110}
2111
260bc9d8
PM		 2112static void sd_realize(DeviceState *dev, Error **errp)
2113{
2114 SDState *sd = SD_CARD(dev);
a17c17a2 2115 int ret;
260bc9d8 2116
75a96f5e
PMD		 2117 sd->proto_name = sd->spi ? "SPI" : "SD";
2118
2f0939c2
PMD		 2119 switch (sd->spec_version) {
2120 case SD_PHY_SPECv1_10_VERS
2c511375 2121 ... SD_PHY_SPECv3_01_VERS:
2f0939c2
PMD		 2122 break;
2123 default:
2124 error_setg(errp, "Invalid SD card Spec version: %u", sd->spec_version);
2125 return;
2126 }
2127
260bc9d8 2128 if (sd->blk) {
a9bcedd1
PMD		 2129 int64_t blk_size;
2130
6dd3a164
PMD		 2131 if (blk_is_read_only(sd->blk)) {
2132 error_setg(errp, "Cannot use read-only drive as SD card");
2133 return;
2134 }
2135
a9bcedd1
PMD		 2136 blk_size = blk_getlength(sd->blk);
2137 if (blk_size > 0 && !is_power_of_2(blk_size)) {
2138 int64_t blk_size_aligned = pow2ceil(blk_size);
2139 char *blk_size_str;
2140
2141 blk_size_str = size_to_str(blk_size);
2142 error_setg(errp, "Invalid SD card size: %s", blk_size_str);
2143 g_free(blk_size_str);
2144
2145 blk_size_str = size_to_str(blk_size_aligned);
2146 error_append_hint(errp,
2147 "SD card size has to be a power of 2, e.g. %s.\n"
2148 "You can resize disk images with"
2149 " 'qemu-img resize <imagefile> <new-size>'\n"
2150 "(note that this will lose data if you make the"
2151 " image smaller than it currently is).\n",
2152 blk_size_str);
2153 g_free(blk_size_str);
2154
2155 return;
2156 }
2157
a17c17a2
KW		 2158 ret = blk_set_perm(sd->blk, BLK_PERM_CONSISTENT_READ | BLK_PERM_WRITE,
2159 BLK_PERM_ALL, errp);
2160 if (ret < 0) {
2161 return;
2162 }
260bc9d8
PM		 2163 blk_set_dev_ops(sd->blk, &sd_block_ops, sd);
2164 }
260bc9d8
PM		 2165}
2166
2167static Property sd_properties[] = {
2f0939c2
PMD		 2168 DEFINE_PROP_UINT8("spec_version", SDState,
2169 spec_version, SD_PHY_SPECv2_00_VERS),
260bc9d8
PM		 2170 DEFINE_PROP_DRIVE("drive", SDState, blk),
2171 /* We do not model the chip select pin, so allow the board to select
2172 * whether card should be in SSI or MMC/SD mode. It is also up to the
2173 * board to ensure that ssi transfers only occur when the chip select
2174 * is asserted. */
2175 DEFINE_PROP_BOOL("spi", SDState, spi, false),
2176 DEFINE_PROP_END_OF_LIST()
2177};
2178
2179static void sd_class_init(ObjectClass *klass, void *data)
2180{
2181 DeviceClass *dc = DEVICE_CLASS(klass);
c759a790 2182 SDCardClass *sc = SD_CARD_CLASS(klass);
260bc9d8
PM		 2183
2184 dc->realize = sd_realize;
4f67d30b 2185 device_class_set_props(dc, sd_properties);
260bc9d8 2186 dc->vmsd = &sd_vmstate;
ba3ed0fa 2187 dc->reset = sd_reset;
c759a790 2188 dc->bus_type = TYPE_SD_BUS;
2bbf3a91 2189 set_bit(DEVICE_CATEGORY_STORAGE, dc->categories);
c759a790 2190
0034ebe6 2191 sc->set_voltage = sd_set_voltage;
da346922
PMD		 2192 sc->get_dat_lines = sd_get_dat_lines;
2193 sc->get_cmd_line = sd_get_cmd_line;
c759a790
PM		 2194 sc->do_command = sd_do_command;
2195 sc->write_data = sd_write_data;
2196 sc->read_data = sd_read_data;
2197 sc->data_ready = sd_data_ready;
2198 sc->enable = sd_enable;
2199 sc->get_inserted = sd_get_inserted;
2200 sc->get_readonly = sd_get_readonly;
260bc9d8
PM		 2201}
2202
2203static const TypeInfo sd_info = {
2204 .name = TYPE_SD_CARD,
2205 .parent = TYPE_DEVICE,
2206 .instance_size = sizeof(SDState),
c759a790 2207 .class_size = sizeof(SDCardClass),
260bc9d8
PM		 2208 .class_init = sd_class_init,
2209 .instance_init = sd_instance_init,
5ba34401 2210 .instance_finalize = sd_instance_finalize,
260bc9d8
PM		 2211};
2212
2213static void sd_register_types(void)
2214{
2215 type_register_static(&sd_info);
2216}
2217
2218type_init(sd_register_types)
QEMU mirror