]> git.proxmox.com Git - mirror_qemu.git/blame - hw/sd/sd.c
projects / mirror_qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
hw/sd/ssi-sd: use the SDBus API, connect the SDCard to the bus
[mirror_qemu.git] / hw / sd / sd.c
CommitLineData
5fafdf24 1/*
a1bb27b1
PB		 2 * SD Memory Card emulation as defined in the "SD Memory Card Physical
3 * layer specification, Version 1.10."
4 *
5 * Copyright (c) 2006 Andrzej Zaborowski <balrog@zabor.org>
6 * Copyright (c) 2007 CodeSourcery
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in
16 * the documentation and/or other materials provided with the
17 * distribution.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS''
20 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
21 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
22 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR
23 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
24 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
25 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
26 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
27 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
28 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
29 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
30 */
31
0430891c 32#include "qemu/osdep.h"
c759a790 33#include "hw/qdev.h"
83c9f4ca 34#include "hw/hw.h"
4be74634 35#include "sysemu/block-backend.h"
e3382ef0 36#include "hw/sd/sd.h"
da34e65c 37#include "qapi/error.h"
1de7afc9 38#include "qemu/bitmap.h"
260bc9d8
PM		 39#include "hw/qdev-properties.h"
40#include "qemu/error-report.h"
dd26eb43 41#include "qemu/timer.h"
03dd024f 42#include "qemu/log.h"
a1bb27b1
PB		 43
44//#define DEBUG_SD 1
45
46#ifdef DEBUG_SD
001faf32
BS		 47#define DPRINTF(fmt, ...) \
48do { fprintf(stderr, "SD: " fmt , ## __VA_ARGS__); } while (0)
a1bb27b1 49#else
001faf32 50#define DPRINTF(fmt, ...) do {} while(0)
a1bb27b1
PB		 51#endif
52
dd26eb43
AB		 53#define ACMD41_ENQUIRY_MASK 0x00ffffff
54#define OCR_POWER_UP 0x80000000
55#define OCR_POWER_DELAY_NS 500000 /* 0.5ms */
37ab4a56 56
a1bb27b1
PB		 57typedef enum {
58 sd_r0 = 0, /* no response */
59 sd_r1, /* normal response command */
60 sd_r2_i, /* CID register */
61 sd_r2_s, /* CSD register */
62 sd_r3, /* OCR register */
63 sd_r6 = 6, /* Published RCA response */
1b088995 64 sd_r7, /* Operating voltage */
a1bb27b1 65 sd_r1b = -1,
53bb8cc4 66 sd_illegal = -2,
c227f099 67} sd_rsp_type_t;
a1bb27b1 68
50a5be6c
IM		 69enum SDCardModes {
70 sd_inactive,
71 sd_card_identification_mode,
72 sd_data_transfer_mode,
73};
74
75enum SDCardStates {
76 sd_inactive_state = -1,
77 sd_idle_state = 0,
78 sd_ready_state,
79 sd_identification_state,
80 sd_standby_state,
81 sd_transfer_state,
82 sd_sendingdata_state,
83 sd_receivingdata_state,
84 sd_programming_state,
85 sd_disconnect_state,
86};
87
a1bb27b1 88struct SDState {
260bc9d8
PM		 89 DeviceState parent_obj;
90
50a5be6c
IM		 91 uint32_t mode; /* current card mode, one of SDCardModes */
92 int32_t state; /* current card state, one of SDCardStates */
a1bb27b1 93 uint32_t ocr;
dd26eb43 94 QEMUTimer *ocr_power_timer;
a1bb27b1
PB		 95 uint8_t scr[8];
96 uint8_t cid[16];
97 uint8_t csd[16];
98 uint16_t rca;
99 uint32_t card_status;
100 uint8_t sd_status[64];
1b088995 101 uint32_t vhs;
bebd1271 102 bool wp_switch;
a9c01830 103 unsigned long *wp_groups;
50a5be6c 104 int32_t wpgrps_size;
2d7adea4 105 uint64_t size;
50a5be6c 106 uint32_t blk_len;
4481bbc7 107 uint32_t multi_blk_cnt;
a1bb27b1
PB		 108 uint32_t erase_start;
109 uint32_t erase_end;
110 uint8_t pwd[16];
50a5be6c
IM		 111 uint32_t pwd_len;
112 uint8_t function_group[6];
a1bb27b1 113
bebd1271 114 bool spi;
50a5be6c 115 uint8_t current_cmd;
1d06cb7a
PM		 116 /* True if we will handle the next command as an ACMD. Note that this does
117 * *not* track the APP_CMD status bit!
118 */
bebd1271 119 bool expecting_acmd;
50a5be6c 120 uint32_t blk_written;
2d7adea4 121 uint64_t data_start;
a1bb27b1
PB		 122 uint32_t data_offset;
123 uint8_t data[512];
02ce600c
AZ		 124 qemu_irq readonly_cb;
125 qemu_irq inserted_cb;
4be74634 126 BlockBackend *blk;
827df9f3 127
bebd1271 128 bool enable;
da346922
PMD		 129 uint8_t dat_lines;
130 bool cmd_line;
a1bb27b1
PB		 131};
132
da346922
PMD		 133static uint8_t sd_get_dat_lines(SDState *sd)
134{
135 return sd->enable ? sd->dat_lines : 0;
136}
137
138static bool sd_get_cmd_line(SDState *sd)
139{
140 return sd->enable ? sd->cmd_line : false;
141}
142
0034ebe6
PMD		 143static void sd_set_voltage(SDState *sd, uint16_t millivolts)
144{
145 switch (millivolts) {
146 case 3001 ... 3600: /* SD_VOLTAGE_3_3V */
147 case 2001 ... 3000: /* SD_VOLTAGE_3_0V */
148 break;
149 default:
150 qemu_log_mask(LOG_GUEST_ERROR, "SD card voltage not supported: %.3fV",
151 millivolts / 1000.f);
152 }
153}
154
10a412da 155static void sd_set_mode(SDState *sd)
a1bb27b1
PB		 156{
157 switch (sd->state) {
158 case sd_inactive_state:
159 sd->mode = sd_inactive;
160 break;
161
162 case sd_idle_state:
163 case sd_ready_state:
164 case sd_identification_state:
165 sd->mode = sd_card_identification_mode;
166 break;
167
168 case sd_standby_state:
169 case sd_transfer_state:
170 case sd_sendingdata_state:
171 case sd_receivingdata_state:
172 case sd_programming_state:
173 case sd_disconnect_state:
174 sd->mode = sd_data_transfer_mode;
175 break;
176 }
a1bb27b1
PB		 177}
178
c227f099 179static const sd_cmd_type_t sd_cmd_type[64] = {
a1bb27b1 180 sd_bc, sd_none, sd_bcr, sd_bcr, sd_none, sd_none, sd_none, sd_ac,
1b088995 181 sd_bcr, sd_ac, sd_ac, sd_adtc, sd_ac, sd_ac, sd_none, sd_ac,
a1bb27b1
PB		 182 sd_ac, sd_adtc, sd_adtc, sd_none, sd_none, sd_none, sd_none, sd_none,
183 sd_adtc, sd_adtc, sd_adtc, sd_adtc, sd_ac, sd_ac, sd_adtc, sd_none,
184 sd_ac, sd_ac, sd_none, sd_none, sd_none, sd_none, sd_ac, sd_none,
185 sd_none, sd_none, sd_bc, sd_none, sd_none, sd_none, sd_none, sd_none,
186 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_ac,
187 sd_adtc, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
188};
189
a1bb27b1
PB		 190static const int sd_cmd_class[64] = {
191 0, 0, 0, 0, 0, 9, 10, 0, 0, 0, 0, 1, 0, 0, 0, 0,
192 2, 2, 2, 2, 3, 3, 3, 3, 4, 4, 4, 4, 6, 6, 6, 6,
193 5, 5, 10, 10, 10, 10, 5, 9, 9, 9, 7, 7, 7, 7, 7, 7,
194 7, 7, 10, 7, 9, 9, 9, 8, 8, 10, 8, 8, 8, 8, 8, 8,
195};
196
197static uint8_t sd_crc7(void *message, size_t width)
198{
199 int i, bit;
200 uint8_t shift_reg = 0x00;
201 uint8_t *msg = (uint8_t *) message;
202
203 for (i = 0; i < width; i ++, msg ++)
204 for (bit = 7; bit >= 0; bit --) {
205 shift_reg <<= 1;
206 if ((shift_reg >> 7) ^ ((*msg >> bit) & 1))
207 shift_reg ^= 0x89;
208 }
209
210 return shift_reg;
211}
212
213static uint16_t sd_crc16(void *message, size_t width)
214{
215 int i, bit;
216 uint16_t shift_reg = 0x0000;
217 uint16_t *msg = (uint16_t *) message;
218 width <<= 1;
219
220 for (i = 0; i < width; i ++, msg ++)
221 for (bit = 15; bit >= 0; bit --) {
222 shift_reg <<= 1;
223 if ((shift_reg >> 15) ^ ((*msg >> bit) & 1))
224 shift_reg ^= 0x1011;
225 }
226
227 return shift_reg;
228}
229
230static void sd_set_ocr(SDState *sd)
231{
dd26eb43
AB		 232 /* All voltages OK, Standard Capacity SD Memory Card, not yet powered up */
233 sd->ocr = 0x00ffff00;
234}
235
236static void sd_ocr_powerup(void *opaque)
237{
238 SDState *sd = opaque;
239
240 /* Set powered up bit in OCR */
241 assert(!(sd->ocr & OCR_POWER_UP));
242 sd->ocr |= OCR_POWER_UP;
a1bb27b1
PB		 243}
244
245static void sd_set_scr(SDState *sd)
246{
247 sd->scr[0] = 0x00; /* SCR Structure */
248 sd->scr[1] = 0x2f; /* SD Security Support */
249 sd->scr[2] = 0x00;
250 sd->scr[3] = 0x00;
251 sd->scr[4] = 0x00;
252 sd->scr[5] = 0x00;
253 sd->scr[6] = 0x00;
254 sd->scr[7] = 0x00;
255}
256
257#define MID 0xaa
258#define OID "XY"
259#define PNM "QEMU!"
260#define PRV 0x01
261#define MDT_YR 2006
262#define MDT_MON 2
263
264static void sd_set_cid(SDState *sd)
265{
266 sd->cid[0] = MID; /* Fake card manufacturer ID (MID) */
267 sd->cid[1] = OID[0]; /* OEM/Application ID (OID) */
268 sd->cid[2] = OID[1];
269 sd->cid[3] = PNM[0]; /* Fake product name (PNM) */
270 sd->cid[4] = PNM[1];
271 sd->cid[5] = PNM[2];
272 sd->cid[6] = PNM[3];
273 sd->cid[7] = PNM[4];
274 sd->cid[8] = PRV; /* Fake product revision (PRV) */
275 sd->cid[9] = 0xde; /* Fake serial number (PSN) */
276 sd->cid[10] = 0xad;
277 sd->cid[11] = 0xbe;
278 sd->cid[12] = 0xef;
279 sd->cid[13] = 0x00 | /* Manufacture date (MDT) */
280 ((MDT_YR - 2000) / 10);
281 sd->cid[14] = ((MDT_YR % 10) << 4) | MDT_MON;
282 sd->cid[15] = (sd_crc7(sd->cid, 15) << 1) | 1;
283}
284
285#define HWBLOCK_SHIFT 9 /* 512 bytes */
286#define SECTOR_SHIFT 5 /* 16 kilobytes */
287#define WPGROUP_SHIFT 7 /* 2 megs */
288#define CMULT_SHIFT 9 /* 512 times HWBLOCK_SIZE */
a1bb27b1
PB		 289#define WPGROUP_SIZE (1 << (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT))
290
291static const uint8_t sd_csd_rw_mask[16] = {
292 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
293 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xfc, 0xfe,
294};
295
2d7adea4 296static void sd_set_csd(SDState *sd, uint64_t size)
a1bb27b1
PB		 297{
298 uint32_t csize = (size >> (CMULT_SHIFT + HWBLOCK_SHIFT)) - 1;
299 uint32_t sectsize = (1 << (SECTOR_SHIFT + 1)) - 1;
300 uint32_t wpsize = (1 << (WPGROUP_SHIFT + 1)) - 1;
301
2d7adea4
AZ		 302 if (size <= 0x40000000) { /* Standard Capacity SD */
303 sd->csd[0] = 0x00; /* CSD structure */
304 sd->csd[1] = 0x26; /* Data read access-time-1 */
305 sd->csd[2] = 0x00; /* Data read access-time-2 */
306 sd->csd[3] = 0x5a; /* Max. data transfer rate */
307 sd->csd[4] = 0x5f; /* Card Command Classes */
308 sd->csd[5] = 0x50 | /* Max. read data block length */
309 HWBLOCK_SHIFT;
310 sd->csd[6] = 0xe0 | /* Partial block for read allowed */
311 ((csize >> 10) & 0x03);
312 sd->csd[7] = 0x00 | /* Device size */
313 ((csize >> 2) & 0xff);
314 sd->csd[8] = 0x3f | /* Max. read current */
315 ((csize << 6) & 0xc0);
316 sd->csd[9] = 0xfc | /* Max. write current */
317 ((CMULT_SHIFT - 2) >> 1);
318 sd->csd[10] = 0x40 | /* Erase sector size */
319 (((CMULT_SHIFT - 2) << 7) & 0x80) | (sectsize >> 1);
320 sd->csd[11] = 0x00 | /* Write protect group size */
321 ((sectsize << 7) & 0x80) | wpsize;
322 sd->csd[12] = 0x90 | /* Write speed factor */
323 (HWBLOCK_SHIFT >> 2);
324 sd->csd[13] = 0x20 | /* Max. write data block length */
325 ((HWBLOCK_SHIFT << 6) & 0xc0);
326 sd->csd[14] = 0x00; /* File format group */
327 sd->csd[15] = (sd_crc7(sd->csd, 15) << 1) | 1;
328 } else { /* SDHC */
329 size /= 512 * 1024;
330 size -= 1;
331 sd->csd[0] = 0x40;
332 sd->csd[1] = 0x0e;
333 sd->csd[2] = 0x00;
334 sd->csd[3] = 0x32;
335 sd->csd[4] = 0x5b;
336 sd->csd[5] = 0x59;
337 sd->csd[6] = 0x00;
338 sd->csd[7] = (size >> 16) & 0xff;
339 sd->csd[8] = (size >> 8) & 0xff;
340 sd->csd[9] = (size & 0xff);
341 sd->csd[10] = 0x7f;
342 sd->csd[11] = 0x80;
343 sd->csd[12] = 0x0a;
344 sd->csd[13] = 0x40;
345 sd->csd[14] = 0x00;
346 sd->csd[15] = 0x00;
e03ba136 347 sd->ocr |= 1 << 30; /* High Capacity SD Memory Card */
2d7adea4 348 }
a1bb27b1
PB		 349}
350
351static void sd_set_rca(SDState *sd)
352{
353 sd->rca += 0x4567;
354}
355
b8d334c8
PM		 356/* Card status bits, split by clear condition:
357 * A : According to the card current state
358 * B : Always related to the previous command
359 * C : Cleared by read
360 */
a1bb27b1
PB		 361#define CARD_STATUS_A 0x02004100
362#define CARD_STATUS_B 0x00c01e00
363#define CARD_STATUS_C 0xfd39a028
364
365static void sd_set_cardstatus(SDState *sd)
366{
367 sd->card_status = 0x00000100;
368}
369
370static void sd_set_sdstatus(SDState *sd)
371{
372 memset(sd->sd_status, 0, 64);
373}
374
bc24a225 375static int sd_req_crc_validate(SDRequest *req)
a1bb27b1
PB		 376{
377 uint8_t buffer[5];
378 buffer[0] = 0x40 | req->cmd;
379 buffer[1] = (req->arg >> 24) & 0xff;
380 buffer[2] = (req->arg >> 16) & 0xff;
381 buffer[3] = (req->arg >> 8) & 0xff;
382 buffer[4] = (req->arg >> 0) & 0xff;
383 return 0;
384 return sd_crc7(buffer, 5) != req->crc; /* TODO */
385}
386
10a412da 387static void sd_response_r1_make(SDState *sd, uint8_t *response)
a1bb27b1 388{
10a412da 389 uint32_t status = sd->card_status;
1d06cb7a
PM		 390 /* Clear the "clear on read" status bits */
391 sd->card_status &= ~CARD_STATUS_C;
a1bb27b1
PB		 392
393 response[0] = (status >> 24) & 0xff;
394 response[1] = (status >> 16) & 0xff;
395 response[2] = (status >> 8) & 0xff;
396 response[3] = (status >> 0) & 0xff;
397}
398
9596ebb7 399static void sd_response_r3_make(SDState *sd, uint8_t *response)
a1bb27b1
PB		 400{
401 response[0] = (sd->ocr >> 24) & 0xff;
402 response[1] = (sd->ocr >> 16) & 0xff;
403 response[2] = (sd->ocr >> 8) & 0xff;
404 response[3] = (sd->ocr >> 0) & 0xff;
405}
406
9596ebb7 407static void sd_response_r6_make(SDState *sd, uint8_t *response)
a1bb27b1
PB		 408{
409 uint16_t arg;
410 uint16_t status;
411
412 arg = sd->rca;
413 status = ((sd->card_status >> 8) & 0xc000) |
414 ((sd->card_status >> 6) & 0x2000) |
415 (sd->card_status & 0x1fff);
fcfa9351 416 sd->card_status &= ~(CARD_STATUS_C & 0xc81fff);
a1bb27b1
PB		 417
418 response[0] = (arg >> 8) & 0xff;
419 response[1] = arg & 0xff;
420 response[2] = (status >> 8) & 0xff;
421 response[3] = status & 0xff;
422}
423
1b088995
AZ		 424static void sd_response_r7_make(SDState *sd, uint8_t *response)
425{
426 response[0] = (sd->vhs >> 24) & 0xff;
427 response[1] = (sd->vhs >> 16) & 0xff;
428 response[2] = (sd->vhs >> 8) & 0xff;
429 response[3] = (sd->vhs >> 0) & 0xff;
430}
431
b7202b88
MI		 432static inline uint64_t sd_addr_to_wpnum(uint64_t addr)
433{
434 return addr >> (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT);
435}
436
ba3ed0fa 437static void sd_reset(DeviceState *dev)
a1bb27b1 438{
ba3ed0fa 439 SDState *sd = SD_CARD(dev);
2d7adea4 440 uint64_t size;
a1bb27b1
PB		 441 uint64_t sect;
442
16b781aa
PM		 443 if (sd->blk) {
444 blk_get_geometry(sd->blk, &sect);
03f311ed
PB		 445 } else {
446 sect = 0;
447 }
5e37141b 448 size = sect << 9;
a1bb27b1 449
b7202b88 450 sect = sd_addr_to_wpnum(size) + 1;
a1bb27b1
PB		 451
452 sd->state = sd_idle_state;
453 sd->rca = 0x0000;
454 sd_set_ocr(sd);
455 sd_set_scr(sd);
456 sd_set_cid(sd);
457 sd_set_csd(sd, size);
458 sd_set_cardstatus(sd);
459 sd_set_sdstatus(sd);
460
ef1e1e07 461 g_free(sd->wp_groups);
16b781aa 462 sd->wp_switch = sd->blk ? blk_is_read_only(sd->blk) : false;
50a5be6c
IM		 463 sd->wpgrps_size = sect;
464 sd->wp_groups = bitmap_new(sd->wpgrps_size);
465 memset(sd->function_group, 0, sizeof(sd->function_group));
a1bb27b1
PB		 466 sd->erase_start = 0;
467 sd->erase_end = 0;
468 sd->size = size;
469 sd->blk_len = 0x200;
470 sd->pwd_len = 0;
bebd1271 471 sd->expecting_acmd = false;
da346922
PMD		 472 sd->dat_lines = 0xf;
473 sd->cmd_line = true;
4481bbc7 474 sd->multi_blk_cnt = 0;
a1bb27b1
PB		 475}
476
c759a790
PM		 477static bool sd_get_inserted(SDState *sd)
478{
0719e71e 479 return sd->blk && blk_is_inserted(sd->blk);
c759a790
PM		 480}
481
482static bool sd_get_readonly(SDState *sd)
483{
484 return sd->wp_switch;
485}
486
39829a01 487static void sd_cardchange(void *opaque, bool load, Error **errp)
a1bb27b1
PB		 488{
489 SDState *sd = opaque;
c759a790
PM		 490 DeviceState *dev = DEVICE(sd);
491 SDBus *sdbus = SD_BUS(qdev_get_parent_bus(dev));
492 bool inserted = sd_get_inserted(sd);
493 bool readonly = sd_get_readonly(sd);
db97ee6a 494
c759a790
PM		 495 if (inserted) {
496 sd_reset(dev);
497 }
498
499 /* The IRQ notification is for legacy non-QOM SD controller devices;
500 * QOMified controllers use the SDBus APIs.
501 */
502 if (sdbus) {
503 sdbus_set_inserted(sdbus, inserted);
504 if (inserted) {
505 sdbus_set_readonly(sdbus, readonly);
506 }
507 } else {
508 qemu_set_irq(sd->inserted_cb, inserted);
509 if (inserted) {
510 qemu_set_irq(sd->readonly_cb, readonly);
511 }
a1bb27b1
PB		 512 }
513}
514
0e49de52 515static const BlockDevOps sd_block_ops = {
145feb17 516 .change_media_cb = sd_cardchange,
0e49de52
MA		 517};
518
dd26eb43
AB		 519static bool sd_ocr_vmstate_needed(void *opaque)
520{
521 SDState *sd = opaque;
522
523 /* Include the OCR state (and timer) if it is not yet powered up */
524 return !(sd->ocr & OCR_POWER_UP);
525}
526
527static const VMStateDescription sd_ocr_vmstate = {
528 .name = "sd-card/ocr-state",
529 .version_id = 1,
530 .minimum_version_id = 1,
531 .needed = sd_ocr_vmstate_needed,
532 .fields = (VMStateField[]) {
533 VMSTATE_UINT32(ocr, SDState),
534 VMSTATE_TIMER_PTR(ocr_power_timer, SDState),
535 VMSTATE_END_OF_LIST()
536 },
537};
538
539static int sd_vmstate_pre_load(void *opaque)
540{
541 SDState *sd = opaque;
542
543 /* If the OCR state is not included (prior versions, or not
544 * needed), then the OCR must be set as powered up. If the OCR state
545 * is included, this will be replaced by the state restore.
546 */
547 sd_ocr_powerup(sd);
548
549 return 0;
550}
551
50a5be6c
IM		 552static const VMStateDescription sd_vmstate = {
553 .name = "sd-card",
554 .version_id = 1,
555 .minimum_version_id = 1,
dd26eb43 556 .pre_load = sd_vmstate_pre_load,
50a5be6c
IM		 557 .fields = (VMStateField[]) {
558 VMSTATE_UINT32(mode, SDState),
559 VMSTATE_INT32(state, SDState),
560 VMSTATE_UINT8_ARRAY(cid, SDState, 16),
561 VMSTATE_UINT8_ARRAY(csd, SDState, 16),
562 VMSTATE_UINT16(rca, SDState),
563 VMSTATE_UINT32(card_status, SDState),
564 VMSTATE_PARTIAL_BUFFER(sd_status, SDState, 1),
565 VMSTATE_UINT32(vhs, SDState),
566 VMSTATE_BITMAP(wp_groups, SDState, 0, wpgrps_size),
567 VMSTATE_UINT32(blk_len, SDState),
4481bbc7 568 VMSTATE_UINT32(multi_blk_cnt, SDState),
50a5be6c
IM		 569 VMSTATE_UINT32(erase_start, SDState),
570 VMSTATE_UINT32(erase_end, SDState),
571 VMSTATE_UINT8_ARRAY(pwd, SDState, 16),
572 VMSTATE_UINT32(pwd_len, SDState),
573 VMSTATE_UINT8_ARRAY(function_group, SDState, 6),
574 VMSTATE_UINT8(current_cmd, SDState),
575 VMSTATE_BOOL(expecting_acmd, SDState),
576 VMSTATE_UINT32(blk_written, SDState),
577 VMSTATE_UINT64(data_start, SDState),
578 VMSTATE_UINT32(data_offset, SDState),
579 VMSTATE_UINT8_ARRAY(data, SDState, 512),
12c125cb 580 VMSTATE_UNUSED_V(1, 512),
50a5be6c
IM		 581 VMSTATE_BOOL(enable, SDState),
582 VMSTATE_END_OF_LIST()
dd26eb43
AB		 583 },
584 .subsections = (const VMStateDescription*[]) {
585 &sd_ocr_vmstate,
586 NULL
587 },
50a5be6c
IM		 588};
589
260bc9d8 590/* Legacy initialization function for use by non-qdevified callers */
4be74634 591SDState *sd_init(BlockBackend *blk, bool is_spi)
a1bb27b1 592{
fec44a8c 593 Object *obj;
260bc9d8
PM		 594 DeviceState *dev;
595 Error *err = NULL;
a1bb27b1 596
fec44a8c
PM		 597 obj = object_new(TYPE_SD_CARD);
598 dev = DEVICE(obj);
260bc9d8
PM		 599 qdev_prop_set_drive(dev, "drive", blk, &err);
600 if (err) {
601 error_report("sd_init failed: %s", error_get_pretty(err));
4f8a066b
KW		 602 return NULL;
603 }
260bc9d8 604 qdev_prop_set_bit(dev, "spi", is_spi);
fec44a8c 605 object_property_set_bool(obj, true, "realized", &err);
260bc9d8
PM		 606 if (err) {
607 error_report("sd_init failed: %s", error_get_pretty(err));
608 return NULL;
03f311ed 609 }
260bc9d8
PM		 610
611 return SD_CARD(dev);
a1bb27b1
PB		 612}
613
02ce600c 614void sd_set_cb(SDState *sd, qemu_irq readonly, qemu_irq insert)
a1bb27b1 615{
02ce600c
AZ		 616 sd->readonly_cb = readonly;
617 sd->inserted_cb = insert;
4be74634
MA		 618 qemu_set_irq(readonly, sd->blk ? blk_is_read_only(sd->blk) : 0);
619 qemu_set_irq(insert, sd->blk ? blk_is_inserted(sd->blk) : 0);
a1bb27b1
PB		 620}
621
622static void sd_erase(SDState *sd)
623{
f2d189d3
IM		 624 int i;
625 uint64_t erase_start = sd->erase_start;
626 uint64_t erase_end = sd->erase_end;
627
a1bb27b1
PB		 628 if (!sd->erase_start || !sd->erase_end) {
629 sd->card_status |= ERASE_SEQ_ERROR;
630 return;
631 }
632
f2d189d3
IM		 633 if (extract32(sd->ocr, OCR_CCS_BITN, 1)) {
634 /* High capacity memory card: erase units are 512 byte blocks */
635 erase_start *= 512;
636 erase_end *= 512;
637 }
638
639 erase_start = sd_addr_to_wpnum(erase_start);
640 erase_end = sd_addr_to_wpnum(erase_end);
a1bb27b1
PB		 641 sd->erase_start = 0;
642 sd->erase_end = 0;
643 sd->csd[14] |= 0x40;
644
f2d189d3 645 for (i = erase_start; i <= erase_end; i++) {
a9c01830 646 if (test_bit(i, sd->wp_groups)) {
a1bb27b1 647 sd->card_status |= WP_ERASE_SKIP;
a9c01830
MI		 648 }
649 }
a1bb27b1
PB		 650}
651
2d7adea4 652static uint32_t sd_wpbits(SDState *sd, uint64_t addr)
a1bb27b1
PB		 653{
654 uint32_t i, wpnum;
655 uint32_t ret = 0;
656
b7202b88 657 wpnum = sd_addr_to_wpnum(addr);
a1bb27b1 658
a9c01830
MI		 659 for (i = 0; i < 32; i++, wpnum++, addr += WPGROUP_SIZE) {
660 if (addr < sd->size && test_bit(wpnum, sd->wp_groups)) {
a1bb27b1 661 ret |= (1 << i);
a9c01830
MI		 662 }
663 }
a1bb27b1
PB		 664
665 return ret;
666}
667
668static void sd_function_switch(SDState *sd, uint32_t arg)
669{
670 int i, mode, new_func, crc;
671 mode = !!(arg & 0x80000000);
672
673 sd->data[0] = 0x00; /* Maximum current consumption */
674 sd->data[1] = 0x01;
675 sd->data[2] = 0x80; /* Supported group 6 functions */
676 sd->data[3] = 0x01;
677 sd->data[4] = 0x80; /* Supported group 5 functions */
678 sd->data[5] = 0x01;
679 sd->data[6] = 0x80; /* Supported group 4 functions */
680 sd->data[7] = 0x01;
681 sd->data[8] = 0x80; /* Supported group 3 functions */
682 sd->data[9] = 0x01;
683 sd->data[10] = 0x80; /* Supported group 2 functions */
684 sd->data[11] = 0x43;
685 sd->data[12] = 0x80; /* Supported group 1 functions */
686 sd->data[13] = 0x03;
687 for (i = 0; i < 6; i ++) {
688 new_func = (arg >> (i * 4)) & 0x0f;
689 if (mode && new_func != 0x0f)
690 sd->function_group[i] = new_func;
691 sd->data[14 + (i >> 1)] = new_func << ((i * 4) & 4);
692 }
693 memset(&sd->data[17], 0, 47);
694 crc = sd_crc16(sd->data, 64);
695 sd->data[65] = crc >> 8;
696 sd->data[66] = crc & 0xff;
697}
698
4e8f1be2 699static inline bool sd_wp_addr(SDState *sd, uint64_t addr)
a1bb27b1 700{
b7202b88 701 return test_bit(sd_addr_to_wpnum(addr), sd->wp_groups);
a1bb27b1
PB		 702}
703
704static void sd_lock_command(SDState *sd)
705{
706 int erase, lock, clr_pwd, set_pwd, pwd_len;
707 erase = !!(sd->data[0] & 0x08);
708 lock = sd->data[0] & 0x04;
709 clr_pwd = sd->data[0] & 0x02;
710 set_pwd = sd->data[0] & 0x01;
711
712 if (sd->blk_len > 1)
713 pwd_len = sd->data[1];
714 else
715 pwd_len = 0;
716
717 if (erase) {
718 if (!(sd->card_status & CARD_IS_LOCKED) || sd->blk_len > 1 ||
719 set_pwd || clr_pwd || lock || sd->wp_switch ||
720 (sd->csd[14] & 0x20)) {
721 sd->card_status |= LOCK_UNLOCK_FAILED;
722 return;
723 }
50a5be6c 724 bitmap_zero(sd->wp_groups, sd->wpgrps_size);
a1bb27b1
PB		 725 sd->csd[14] &= ~0x10;
726 sd->card_status &= ~CARD_IS_LOCKED;
727 sd->pwd_len = 0;
728 /* Erasing the entire card here! */
827df9f3 729 fprintf(stderr, "SD: Card force-erased by CMD42\n");
a1bb27b1
PB		 730 return;
731 }
732
733 if (sd->blk_len < 2 + pwd_len ||
734 pwd_len <= sd->pwd_len ||
735 pwd_len > sd->pwd_len + 16) {
736 sd->card_status |= LOCK_UNLOCK_FAILED;
737 return;
738 }
739
740 if (sd->pwd_len && memcmp(sd->pwd, sd->data + 2, sd->pwd_len)) {
741 sd->card_status |= LOCK_UNLOCK_FAILED;
742 return;
743 }
744
745 pwd_len -= sd->pwd_len;
746 if ((pwd_len && !set_pwd) ||
747 (clr_pwd && (set_pwd || lock)) ||
748 (lock && !sd->pwd_len && !set_pwd) ||
749 (!set_pwd && !clr_pwd &&
750 (((sd->card_status & CARD_IS_LOCKED) && lock) ||
751 (!(sd->card_status & CARD_IS_LOCKED) && !lock)))) {
752 sd->card_status |= LOCK_UNLOCK_FAILED;
753 return;
754 }
755
756 if (set_pwd) {
757 memcpy(sd->pwd, sd->data + 2 + sd->pwd_len, pwd_len);
758 sd->pwd_len = pwd_len;
759 }
760
761 if (clr_pwd) {
762 sd->pwd_len = 0;
763 }
764
765 if (lock)
766 sd->card_status |= CARD_IS_LOCKED;
767 else
768 sd->card_status &= ~CARD_IS_LOCKED;
769}
770
c227f099 771static sd_rsp_type_t sd_normal_command(SDState *sd,
bc24a225 772 SDRequest req)
a1bb27b1
PB		 773{
774 uint32_t rca = 0x0000;
2d7adea4 775 uint64_t addr = (sd->ocr & (1 << 30)) ? (uint64_t) req.arg << 9 : req.arg;
a1bb27b1 776
1d06cb7a
PM		 777 /* Not interpreting this as an app command */
778 sd->card_status &= ~APP_CMD;
779
97f4ed3b
PP		 780 if (sd_cmd_type[req.cmd & 0x3F] == sd_ac
781 || sd_cmd_type[req.cmd & 0x3F] == sd_adtc) {
a1bb27b1 782 rca = req.arg >> 16;
97f4ed3b 783 }
a1bb27b1 784
4481bbc7
AB		 785 /* CMD23 (set block count) must be immediately followed by CMD18 or CMD25
786 * if not, its effects are cancelled */
787 if (sd->multi_blk_cnt != 0 && !(req.cmd == 18 || req.cmd == 25)) {
788 sd->multi_blk_cnt = 0;
789 }
790
a1bb27b1
PB		 791 DPRINTF("CMD%d 0x%08x state %d\n", req.cmd, req.arg, sd->state);
792 switch (req.cmd) {
793 /* Basic commands (Class 0 and Class 1) */
794 case 0: /* CMD0: GO_IDLE_STATE */
795 switch (sd->state) {
796 case sd_inactive_state:
775616c3 797 return sd->spi ? sd_r1 : sd_r0;
a1bb27b1
PB		 798
799 default:
800 sd->state = sd_idle_state;
ba3ed0fa 801 sd_reset(DEVICE(sd));
775616c3 802 return sd->spi ? sd_r1 : sd_r0;
a1bb27b1
PB		 803 }
804 break;
805
775616c3
PB		 806 case 1: /* CMD1: SEND_OP_CMD */
807 if (!sd->spi)
808 goto bad_cmd;
809
810 sd->state = sd_transfer_state;
811 return sd_r1;
812
a1bb27b1 813 case 2: /* CMD2: ALL_SEND_CID */
775616c3
PB		 814 if (sd->spi)
815 goto bad_cmd;
a1bb27b1
PB		 816 switch (sd->state) {
817 case sd_ready_state:
818 sd->state = sd_identification_state;
819 return sd_r2_i;
820
821 default:
822 break;
823 }
824 break;
825
826 case 3: /* CMD3: SEND_RELATIVE_ADDR */
775616c3
PB		 827 if (sd->spi)
828 goto bad_cmd;
a1bb27b1
PB		 829 switch (sd->state) {
830 case sd_identification_state:
831 case sd_standby_state:
832 sd->state = sd_standby_state;
833 sd_set_rca(sd);
834 return sd_r6;
835
836 default:
837 break;
838 }
839 break;
840
841 case 4: /* CMD4: SEND_DSR */
775616c3
PB		 842 if (sd->spi)
843 goto bad_cmd;
a1bb27b1
PB		 844 switch (sd->state) {
845 case sd_standby_state:
846 break;
847
848 default:
849 break;
850 }
851 break;
852
109ac32f 853 case 5: /* CMD5: reserved for SDIO cards */
53bb8cc4 854 return sd_illegal;
109ac32f 855
a1bb27b1 856 case 6: /* CMD6: SWITCH_FUNCTION */
775616c3
PB		 857 if (sd->spi)
858 goto bad_cmd;
a1bb27b1
PB		 859 switch (sd->mode) {
860 case sd_data_transfer_mode:
861 sd_function_switch(sd, req.arg);
862 sd->state = sd_sendingdata_state;
863 sd->data_start = 0;
864 sd->data_offset = 0;
865 return sd_r1;
866
867 default:
868 break;
869 }
870 break;
871
872 case 7: /* CMD7: SELECT/DESELECT_CARD */
775616c3
PB		 873 if (sd->spi)
874 goto bad_cmd;
a1bb27b1
PB		 875 switch (sd->state) {
876 case sd_standby_state:
877 if (sd->rca != rca)
878 return sd_r0;
879
880 sd->state = sd_transfer_state;
881 return sd_r1b;
882
883 case sd_transfer_state:
884 case sd_sendingdata_state:
885 if (sd->rca == rca)
886 break;
887
888 sd->state = sd_standby_state;
889 return sd_r1b;
890
891 case sd_disconnect_state:
892 if (sd->rca != rca)
893 return sd_r0;
894
895 sd->state = sd_programming_state;
896 return sd_r1b;
897
898 case sd_programming_state:
899 if (sd->rca == rca)
900 break;
901
902 sd->state = sd_disconnect_state;
903 return sd_r1b;
904
905 default:
906 break;
907 }
908 break;
909
1b088995
AZ		 910 case 8: /* CMD8: SEND_IF_COND */
911 /* Physical Layer Specification Version 2.00 command */
912 switch (sd->state) {
913 case sd_idle_state:
914 sd->vhs = 0;
915
916 /* No response if not exactly one VHS bit is set. */
c9d93318 917 if (!(req.arg >> 8) || (req.arg >> (ctz32(req.arg & ~0xff) + 1))) {
1b088995 918 return sd->spi ? sd_r7 : sd_r0;
c9d93318 919 }
1b088995
AZ		 920
921 /* Accept. */
922 sd->vhs = req.arg;
923 return sd_r7;
924
925 default:
926 break;
927 }
928 break;
929
a1bb27b1
PB		 930 case 9: /* CMD9: SEND_CSD */
931 switch (sd->state) {
932 case sd_standby_state:
933 if (sd->rca != rca)
934 return sd_r0;
935
936 return sd_r2_s;
937
775616c3
PB		 938 case sd_transfer_state:
939 if (!sd->spi)
940 break;
941 sd->state = sd_sendingdata_state;
942 memcpy(sd->data, sd->csd, 16);
2d7adea4 943 sd->data_start = addr;
775616c3
PB		 944 sd->data_offset = 0;
945 return sd_r1;
946
a1bb27b1
PB		 947 default:
948 break;
949 }
950 break;
951
952 case 10: /* CMD10: SEND_CID */
953 switch (sd->state) {
954 case sd_standby_state:
955 if (sd->rca != rca)
956 return sd_r0;
957
958 return sd_r2_i;
959
775616c3
PB		 960 case sd_transfer_state:
961 if (!sd->spi)
962 break;
963 sd->state = sd_sendingdata_state;
964 memcpy(sd->data, sd->cid, 16);
2d7adea4 965 sd->data_start = addr;
775616c3
PB		 966 sd->data_offset = 0;
967 return sd_r1;
968
a1bb27b1
PB		 969 default:
970 break;
971 }
972 break;
973
974 case 11: /* CMD11: READ_DAT_UNTIL_STOP */
775616c3
PB		 975 if (sd->spi)
976 goto bad_cmd;
a1bb27b1
PB		 977 switch (sd->state) {
978 case sd_transfer_state:
979 sd->state = sd_sendingdata_state;
980 sd->data_start = req.arg;
981 sd->data_offset = 0;
982
983 if (sd->data_start + sd->blk_len > sd->size)
984 sd->card_status |= ADDRESS_ERROR;
985 return sd_r0;
986
987 default:
988 break;
989 }
990 break;
991
992 case 12: /* CMD12: STOP_TRANSMISSION */
993 switch (sd->state) {
994 case sd_sendingdata_state:
995 sd->state = sd_transfer_state;
996 return sd_r1b;
997
998 case sd_receivingdata_state:
999 sd->state = sd_programming_state;
1000 /* Bzzzzzzztt .... Operation complete. */
1001 sd->state = sd_transfer_state;
1002 return sd_r1b;
1003
1004 default:
1005 break;
1006 }
1007 break;
1008
1009 case 13: /* CMD13: SEND_STATUS */
1010 switch (sd->mode) {
1011 case sd_data_transfer_mode:
1012 if (sd->rca != rca)
1013 return sd_r0;
1014
1015 return sd_r1;
1016
1017 default:
1018 break;
1019 }
1020 break;
1021
1022 case 15: /* CMD15: GO_INACTIVE_STATE */
775616c3
PB		 1023 if (sd->spi)
1024 goto bad_cmd;
a1bb27b1
PB		 1025 switch (sd->mode) {
1026 case sd_data_transfer_mode:
1027 if (sd->rca != rca)
1028 return sd_r0;
1029
1030 sd->state = sd_inactive_state;
1031 return sd_r0;
1032
1033 default:
1034 break;
1035 }
1036 break;
1037
1038 /* Block read commands (Classs 2) */
1039 case 16: /* CMD16: SET_BLOCKLEN */
1040 switch (sd->state) {
1041 case sd_transfer_state:
1042 if (req.arg > (1 << HWBLOCK_SHIFT))
1043 sd->card_status |= BLOCK_LEN_ERROR;
1044 else
1045 sd->blk_len = req.arg;
1046
1047 return sd_r1;
1048
1049 default:
1050 break;
1051 }
1052 break;
1053
1054 case 17: /* CMD17: READ_SINGLE_BLOCK */
1055 switch (sd->state) {
1056 case sd_transfer_state:
1057 sd->state = sd_sendingdata_state;
2d7adea4 1058 sd->data_start = addr;
a1bb27b1
PB		 1059 sd->data_offset = 0;
1060
1061 if (sd->data_start + sd->blk_len > sd->size)
1062 sd->card_status |= ADDRESS_ERROR;
1063 return sd_r1;
1064
1065 default:
1066 break;
1067 }
1068 break;
1069
1070 case 18: /* CMD18: READ_MULTIPLE_BLOCK */
1071 switch (sd->state) {
1072 case sd_transfer_state:
1073 sd->state = sd_sendingdata_state;
2d7adea4 1074 sd->data_start = addr;
a1bb27b1
PB		 1075 sd->data_offset = 0;
1076
1077 if (sd->data_start + sd->blk_len > sd->size)
1078 sd->card_status |= ADDRESS_ERROR;
1079 return sd_r1;
1080
1081 default:
1082 break;
1083 }
1084 break;
1085
4481bbc7
AB		 1086 case 23: /* CMD23: SET_BLOCK_COUNT */
1087 switch (sd->state) {
1088 case sd_transfer_state:
1089 sd->multi_blk_cnt = req.arg;
1090 return sd_r1;
1091
1092 default:
1093 break;
1094 }
1095 break;
1096
a1bb27b1
PB		 1097 /* Block write commands (Class 4) */
1098 case 24: /* CMD24: WRITE_SINGLE_BLOCK */
775616c3
PB		 1099 if (sd->spi)
1100 goto unimplemented_cmd;
a1bb27b1
PB		 1101 switch (sd->state) {
1102 case sd_transfer_state:
775616c3
PB		 1103 /* Writing in SPI mode not implemented. */
1104 if (sd->spi)
1105 break;
a1bb27b1 1106 sd->state = sd_receivingdata_state;
2d7adea4 1107 sd->data_start = addr;
a1bb27b1
PB		 1108 sd->data_offset = 0;
1109 sd->blk_written = 0;
1110
1111 if (sd->data_start + sd->blk_len > sd->size)
1112 sd->card_status |= ADDRESS_ERROR;
1113 if (sd_wp_addr(sd, sd->data_start))
1114 sd->card_status |= WP_VIOLATION;
1115 if (sd->csd[14] & 0x30)
1116 sd->card_status |= WP_VIOLATION;
1117 return sd_r1;
1118
1119 default:
1120 break;
1121 }
1122 break;
1123
1124 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
775616c3
PB		 1125 if (sd->spi)
1126 goto unimplemented_cmd;
a1bb27b1
PB		 1127 switch (sd->state) {
1128 case sd_transfer_state:
775616c3
PB		 1129 /* Writing in SPI mode not implemented. */
1130 if (sd->spi)
1131 break;
a1bb27b1 1132 sd->state = sd_receivingdata_state;
2d7adea4 1133 sd->data_start = addr;
a1bb27b1
PB		 1134 sd->data_offset = 0;
1135 sd->blk_written = 0;
1136
1137 if (sd->data_start + sd->blk_len > sd->size)
1138 sd->card_status |= ADDRESS_ERROR;
1139 if (sd_wp_addr(sd, sd->data_start))
1140 sd->card_status |= WP_VIOLATION;
1141 if (sd->csd[14] & 0x30)
1142 sd->card_status |= WP_VIOLATION;
1143 return sd_r1;
1144
1145 default:
1146 break;
1147 }
1148 break;
1149
1150 case 26: /* CMD26: PROGRAM_CID */
775616c3
PB		 1151 if (sd->spi)
1152 goto bad_cmd;
a1bb27b1
PB		 1153 switch (sd->state) {
1154 case sd_transfer_state:
1155 sd->state = sd_receivingdata_state;
1156 sd->data_start = 0;
1157 sd->data_offset = 0;
1158 return sd_r1;
1159
1160 default:
1161 break;
1162 }
1163 break;
1164
1165 case 27: /* CMD27: PROGRAM_CSD */
775616c3
PB		 1166 if (sd->spi)
1167 goto unimplemented_cmd;
a1bb27b1
PB		 1168 switch (sd->state) {
1169 case sd_transfer_state:
1170 sd->state = sd_receivingdata_state;
1171 sd->data_start = 0;
1172 sd->data_offset = 0;
1173 return sd_r1;
1174
1175 default:
1176 break;
1177 }
1178 break;
1179
1180 /* Write protection (Class 6) */
1181 case 28: /* CMD28: SET_WRITE_PROT */
1182 switch (sd->state) {
1183 case sd_transfer_state:
2d7adea4 1184 if (addr >= sd->size) {
e30d5938 1185 sd->card_status |= ADDRESS_ERROR;
a1bb27b1
PB		 1186 return sd_r1b;
1187 }
1188
1189 sd->state = sd_programming_state;
b7202b88 1190 set_bit(sd_addr_to_wpnum(addr), sd->wp_groups);
a1bb27b1
PB		 1191 /* Bzzzzzzztt .... Operation complete. */
1192 sd->state = sd_transfer_state;
1193 return sd_r1b;
1194
1195 default:
1196 break;
1197 }
1198 break;
1199
1200 case 29: /* CMD29: CLR_WRITE_PROT */
1201 switch (sd->state) {
1202 case sd_transfer_state:
2d7adea4 1203 if (addr >= sd->size) {
e30d5938 1204 sd->card_status |= ADDRESS_ERROR;
a1bb27b1
PB		 1205 return sd_r1b;
1206 }
1207
1208 sd->state = sd_programming_state;
b7202b88 1209 clear_bit(sd_addr_to_wpnum(addr), sd->wp_groups);
a1bb27b1
PB		 1210 /* Bzzzzzzztt .... Operation complete. */
1211 sd->state = sd_transfer_state;
1212 return sd_r1b;
1213
1214 default:
1215 break;
1216 }
1217 break;
1218
1219 case 30: /* CMD30: SEND_WRITE_PROT */
1220 switch (sd->state) {
1221 case sd_transfer_state:
1222 sd->state = sd_sendingdata_state;
1223 *(uint32_t *) sd->data = sd_wpbits(sd, req.arg);
2d7adea4 1224 sd->data_start = addr;
a1bb27b1
PB		 1225 sd->data_offset = 0;
1226 return sd_r1b;
1227
1228 default:
1229 break;
1230 }
1231 break;
1232
1233 /* Erase commands (Class 5) */
1234 case 32: /* CMD32: ERASE_WR_BLK_START */
1235 switch (sd->state) {
1236 case sd_transfer_state:
1237 sd->erase_start = req.arg;
1238 return sd_r1;
1239
1240 default:
1241 break;
1242 }
1243 break;
1244
1245 case 33: /* CMD33: ERASE_WR_BLK_END */
1246 switch (sd->state) {
1247 case sd_transfer_state:
1248 sd->erase_end = req.arg;
1249 return sd_r1;
1250
1251 default:
1252 break;
1253 }
1254 break;
1255
1256 case 38: /* CMD38: ERASE */
1257 switch (sd->state) {
1258 case sd_transfer_state:
1259 if (sd->csd[14] & 0x30) {
1260 sd->card_status |= WP_VIOLATION;
1261 return sd_r1b;
1262 }
1263
1264 sd->state = sd_programming_state;
1265 sd_erase(sd);
1266 /* Bzzzzzzztt .... Operation complete. */
1267 sd->state = sd_transfer_state;
1268 return sd_r1b;
1269
1270 default:
1271 break;
1272 }
1273 break;
1274
1275 /* Lock card commands (Class 7) */
1276 case 42: /* CMD42: LOCK_UNLOCK */
775616c3
PB		 1277 if (sd->spi)
1278 goto unimplemented_cmd;
a1bb27b1
PB		 1279 switch (sd->state) {
1280 case sd_transfer_state:
1281 sd->state = sd_receivingdata_state;
1282 sd->data_start = 0;
1283 sd->data_offset = 0;
1284 return sd_r1;
1285
1286 default:
1287 break;
1288 }
1289 break;
1290
39e594db
PM		 1291 case 52:
1292 case 53:
1293 /* CMD52, CMD53: reserved for SDIO cards
1294 * (see the SDIO Simplified Specification V2.0)
1295 * Handle as illegal command but do not complain
1296 * on stderr, as some OSes may use these in their
1297 * probing for presence of an SDIO card.
1298 */
53bb8cc4 1299 return sd_illegal;
39e594db 1300
a1bb27b1
PB		 1301 /* Application specific commands (Class 8) */
1302 case 55: /* CMD55: APP_CMD */
1303 if (sd->rca != rca)
1304 return sd_r0;
1305
bebd1271 1306 sd->expecting_acmd = true;
a1bb27b1
PB		 1307 sd->card_status |= APP_CMD;
1308 return sd_r1;
1309
1310 case 56: /* CMD56: GEN_CMD */
827df9f3 1311 fprintf(stderr, "SD: GEN_CMD 0x%08x\n", req.arg);
a1bb27b1
PB		 1312
1313 switch (sd->state) {
1314 case sd_transfer_state:
1315 sd->data_offset = 0;
1316 if (req.arg & 1)
1317 sd->state = sd_sendingdata_state;
1318 else
1319 sd->state = sd_receivingdata_state;
1320 return sd_r1;
1321
1322 default:
1323 break;
1324 }
1325 break;
1326
1327 default:
775616c3 1328 bad_cmd:
9800ad88 1329 qemu_log_mask(LOG_GUEST_ERROR, "SD: Unknown CMD%i\n", req.cmd);
53bb8cc4 1330 return sd_illegal;
775616c3
PB		 1331
1332 unimplemented_cmd:
1333 /* Commands that are recognised but not yet implemented in SPI mode. */
9800ad88
AB		 1334 qemu_log_mask(LOG_UNIMP, "SD: CMD%i not implemented in SPI mode\n",
1335 req.cmd);
53bb8cc4 1336 return sd_illegal;
a1bb27b1
PB		 1337 }
1338
9800ad88 1339 qemu_log_mask(LOG_GUEST_ERROR, "SD: CMD%i in a wrong state\n", req.cmd);
53bb8cc4 1340 return sd_illegal;
a1bb27b1
PB		 1341}
1342
c227f099 1343static sd_rsp_type_t sd_app_command(SDState *sd,
22ed1d34
BS		 1344 SDRequest req)
1345{
a1bb27b1 1346 DPRINTF("ACMD%d 0x%08x\n", req.cmd, req.arg);
1d06cb7a 1347 sd->card_status |= APP_CMD;
a1bb27b1
PB		 1348 switch (req.cmd) {
1349 case 6: /* ACMD6: SET_BUS_WIDTH */
1350 switch (sd->state) {
1351 case sd_transfer_state:
1352 sd->sd_status[0] &= 0x3f;
1353 sd->sd_status[0] |= (req.arg & 0x03) << 6;
1354 return sd_r1;
1355
1356 default:
1357 break;
1358 }
1359 break;
1360
1361 case 13: /* ACMD13: SD_STATUS */
1362 switch (sd->state) {
1363 case sd_transfer_state:
fb1ba03a 1364 sd->state = sd_sendingdata_state;
a1bb27b1
PB		 1365 sd->data_start = 0;
1366 sd->data_offset = 0;
1367 return sd_r1;
1368
1369 default:
1370 break;
1371 }
1372 break;
1373
1374 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
1375 switch (sd->state) {
1376 case sd_transfer_state:
1377 *(uint32_t *) sd->data = sd->blk_written;
1378
fb1ba03a 1379 sd->state = sd_sendingdata_state;
a1bb27b1
PB		 1380 sd->data_start = 0;
1381 sd->data_offset = 0;
1382 return sd_r1;
1383
1384 default:
1385 break;
1386 }
1387 break;
1388
1389 case 23: /* ACMD23: SET_WR_BLK_ERASE_COUNT */
1390 switch (sd->state) {
1391 case sd_transfer_state:
1392 return sd_r1;
1393
1394 default:
1395 break;
1396 }
1397 break;
1398
1399 case 41: /* ACMD41: SD_APP_OP_COND */
775616c3
PB		 1400 if (sd->spi) {
1401 /* SEND_OP_CMD */
1402 sd->state = sd_transfer_state;
1403 return sd_r1;
1404 }
a1bb27b1
PB		 1405 switch (sd->state) {
1406 case sd_idle_state:
dd26eb43
AB		 1407 /* If it's the first ACMD41 since reset, we need to decide
1408 * whether to power up. If this is not an enquiry ACMD41,
1409 * we immediately report power on and proceed below to the
1410 * ready state, but if it is, we set a timer to model a
1411 * delay for power up. This works around a bug in EDK2
1412 * UEFI, which sends an initial enquiry ACMD41, but
1413 * assumes that the card is in ready state as soon as it
1414 * sees the power up bit set. */
1415 if (!(sd->ocr & OCR_POWER_UP)) {
1416 if ((req.arg & ACMD41_ENQUIRY_MASK) != 0) {
1417 timer_del(sd->ocr_power_timer);
1418 sd_ocr_powerup(sd);
1419 } else if (!timer_pending(sd->ocr_power_timer)) {
1420 timer_mod_ns(sd->ocr_power_timer,
1421 (qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL)
1422 + OCR_POWER_DELAY_NS));
1423 }
1424 }
1425
37ab4a56
PC		 1426 /* We accept any voltage. 10000 V is nothing.
1427 *
dd26eb43 1428 * Once we're powered up, we advance straight to ready state
37ab4a56
PC		 1429 * unless it's an enquiry ACMD41 (bits 23:0 == 0).
1430 */
1431 if (req.arg & ACMD41_ENQUIRY_MASK) {
a1bb27b1 1432 sd->state = sd_ready_state;
37ab4a56 1433 }
a1bb27b1
PB		 1434
1435 return sd_r3;
1436
1437 default:
1438 break;
1439 }
1440 break;
1441
1442 case 42: /* ACMD42: SET_CLR_CARD_DETECT */
1443 switch (sd->state) {
1444 case sd_transfer_state:
1445 /* Bringing in the 50KOhm pull-up resistor... Done. */
1446 return sd_r1;
1447
1448 default:
1449 break;
1450 }
1451 break;
1452
1453 case 51: /* ACMD51: SEND_SCR */
1454 switch (sd->state) {
1455 case sd_transfer_state:
1456 sd->state = sd_sendingdata_state;
1457 sd->data_start = 0;
1458 sd->data_offset = 0;
1459 return sd_r1;
1460
1461 default:
1462 break;
1463 }
1464 break;
1465
1466 default:
1467 /* Fall back to standard commands. */
a1bb27b1
PB		 1468 return sd_normal_command(sd, req);
1469 }
1470
9800ad88 1471 qemu_log_mask(LOG_GUEST_ERROR, "SD: ACMD%i in a wrong state\n", req.cmd);
5b08bfe2 1472 return sd_illegal;
a1bb27b1
PB		 1473}
1474
25881d33
PM		 1475static int cmd_valid_while_locked(SDState *sd, SDRequest *req)
1476{
1477 /* Valid commands in locked state:
1478 * basic class (0)
1479 * lock card class (7)
1480 * CMD16
1481 * implicitly, the ACMD prefix CMD55
1482 * ACMD41 and ACMD42
1483 * Anything else provokes an "illegal command" response.
1484 */
1d06cb7a 1485 if (sd->expecting_acmd) {
25881d33
PM		 1486 return req->cmd == 41 || req->cmd == 42;
1487 }
1488 if (req->cmd == 16 || req->cmd == 55) {
1489 return 1;
1490 }
97f4ed3b
PP		 1491 return sd_cmd_class[req->cmd & 0x3F] == 0
1492 || sd_cmd_class[req->cmd & 0x3F] == 7;
25881d33
PM		 1493}
1494
bc24a225 1495int sd_do_command(SDState *sd, SDRequest *req,
a1bb27b1 1496 uint8_t *response) {
10a412da 1497 int last_state;
c227f099 1498 sd_rsp_type_t rtype;
a1bb27b1
PB		 1499 int rsplen;
1500
4be74634 1501 if (!sd->blk || !blk_is_inserted(sd->blk) || !sd->enable) {
a1bb27b1
PB		 1502 return 0;
1503 }
1504
1505 if (sd_req_crc_validate(req)) {
abda1f37 1506 sd->card_status |= COM_CRC_ERROR;
b1f517ed
PM		 1507 rtype = sd_illegal;
1508 goto send_response;
a1bb27b1
PB		 1509 }
1510
10a412da 1511 if (sd->card_status & CARD_IS_LOCKED) {
25881d33 1512 if (!cmd_valid_while_locked(sd, req)) {
a1bb27b1 1513 sd->card_status |= ILLEGAL_COMMAND;
bebd1271 1514 sd->expecting_acmd = false;
9800ad88 1515 qemu_log_mask(LOG_GUEST_ERROR, "SD: Card is locked\n");
b1f517ed
PM		 1516 rtype = sd_illegal;
1517 goto send_response;
a1bb27b1 1518 }
25881d33 1519 }
a1bb27b1 1520
10a412da
PM		 1521 last_state = sd->state;
1522 sd_set_mode(sd);
1523
1d06cb7a 1524 if (sd->expecting_acmd) {
bebd1271 1525 sd->expecting_acmd = false;
a1bb27b1 1526 rtype = sd_app_command(sd, *req);
1d06cb7a 1527 } else {
a1bb27b1 1528 rtype = sd_normal_command(sd, *req);
1d06cb7a 1529 }
a1bb27b1 1530
53bb8cc4
PM		 1531 if (rtype == sd_illegal) {
1532 sd->card_status |= ILLEGAL_COMMAND;
10a412da
PM		 1533 } else {
1534 /* Valid command, we can update the 'state before command' bits.
1535 * (Do this now so they appear in r1 responses.)
1536 */
1537 sd->current_cmd = req->cmd;
1538 sd->card_status &= ~CURRENT_STATE;
1539 sd->card_status |= (last_state << 9);
53bb8cc4
PM		 1540 }
1541
b1f517ed 1542send_response:
a1bb27b1
PB		 1543 switch (rtype) {
1544 case sd_r1:
1545 case sd_r1b:
10a412da 1546 sd_response_r1_make(sd, response);
a1bb27b1
PB		 1547 rsplen = 4;
1548 break;
1549
1550 case sd_r2_i:
1551 memcpy(response, sd->cid, sizeof(sd->cid));
a1bb27b1
PB		 1552 rsplen = 16;
1553 break;
1554
1555 case sd_r2_s:
1556 memcpy(response, sd->csd, sizeof(sd->csd));
a1bb27b1
PB		 1557 rsplen = 16;
1558 break;
1559
1560 case sd_r3:
1561 sd_response_r3_make(sd, response);
1562 rsplen = 4;
1563 break;
1564
1565 case sd_r6:
1566 sd_response_r6_make(sd, response);
1567 rsplen = 4;
1568 break;
1569
1b088995
AZ		 1570 case sd_r7:
1571 sd_response_r7_make(sd, response);
1572 rsplen = 4;
1573 break;
1574
a1bb27b1 1575 case sd_r0:
53bb8cc4 1576 case sd_illegal:
a1bb27b1
PB		 1577 default:
1578 rsplen = 0;
1579 break;
1580 }
1581
10a412da
PM		 1582 if (rtype != sd_illegal) {
1583 /* Clear the "clear on valid command" status bits now we've
1584 * sent any response
1585 */
1586 sd->card_status &= ~CARD_STATUS_B;
1587 }
1588
a1bb27b1
PB		 1589#ifdef DEBUG_SD
1590 if (rsplen) {
1591 int i;
1592 DPRINTF("Response:");
4e825125
AF		 1593 for (i = 0; i < rsplen; i++) {
1594 DPRINTF(" %02x", response[i]);
1595 }
1596 DPRINTF(" state %d\n", sd->state);
a1bb27b1
PB		 1597 } else {
1598 DPRINTF("No response %d\n", sd->state);
1599 }
1600#endif
1601
1602 return rsplen;
1603}
1604
2d7adea4 1605static void sd_blk_read(SDState *sd, uint64_t addr, uint32_t len)
a1bb27b1 1606{
2d7adea4
AZ		 1607 DPRINTF("sd_blk_read: addr = 0x%08llx, len = %d\n",
1608 (unsigned long long) addr, len);
12c125cb 1609 if (!sd->blk || blk_pread(sd->blk, addr, sd->data, len) < 0) {
827df9f3 1610 fprintf(stderr, "sd_blk_read: read error on host side\n");
a1bb27b1 1611 }
a1bb27b1
PB		 1612}
1613
2d7adea4 1614static void sd_blk_write(SDState *sd, uint64_t addr, uint32_t len)
a1bb27b1 1615{
12c125cb
EB		 1616 if (!sd->blk || blk_pwrite(sd->blk, addr, sd->data, len, 0) < 0) {
1617 fprintf(stderr, "sd_blk_write: write error on host side\n");
a1bb27b1
PB		 1618 }
1619}
1620
33f00271
AZ		 1621#define BLK_READ_BLOCK(a, len) sd_blk_read(sd, a, len)
1622#define BLK_WRITE_BLOCK(a, len) sd_blk_write(sd, a, len)
a1bb27b1
PB		 1623#define APP_READ_BLOCK(a, len) memset(sd->data, 0xec, len)
1624#define APP_WRITE_BLOCK(a, len)
1625
1626void sd_write_data(SDState *sd, uint8_t value)
1627{
1628 int i;
1629
4be74634 1630 if (!sd->blk || !blk_is_inserted(sd->blk) || !sd->enable)
a1bb27b1
PB		 1631 return;
1632
1633 if (sd->state != sd_receivingdata_state) {
9800ad88
AB		 1634 qemu_log_mask(LOG_GUEST_ERROR,
1635 "sd_write_data: not in Receiving-Data state\n");
a1bb27b1
PB		 1636 return;
1637 }
1638
1639 if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION))
1640 return;
1641
1642 switch (sd->current_cmd) {
1643 case 24: /* CMD24: WRITE_SINGLE_BLOCK */
1644 sd->data[sd->data_offset ++] = value;
1645 if (sd->data_offset >= sd->blk_len) {
1646 /* TODO: Check CRC before committing */
1647 sd->state = sd_programming_state;
1648 BLK_WRITE_BLOCK(sd->data_start, sd->data_offset);
1649 sd->blk_written ++;
1650 sd->csd[14] |= 0x40;
1651 /* Bzzzzzzztt .... Operation complete. */
1652 sd->state = sd_transfer_state;
1653 }
1654 break;
1655
1656 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
33fa8234 1657 if (sd->data_offset == 0) {
e03ba136 1658 /* Start of the block - let's check the address is valid */
a1bb27b1
PB		 1659 if (sd->data_start + sd->blk_len > sd->size) {
1660 sd->card_status |= ADDRESS_ERROR;
1661 break;
1662 }
1663 if (sd_wp_addr(sd, sd->data_start)) {
1664 sd->card_status |= WP_VIOLATION;
1665 break;
1666 }
33fa8234
DDAG		 1667 }
1668 sd->data[sd->data_offset++] = value;
1669 if (sd->data_offset >= sd->blk_len) {
1670 /* TODO: Check CRC before committing */
1671 sd->state = sd_programming_state;
1672 BLK_WRITE_BLOCK(sd->data_start, sd->data_offset);
1673 sd->blk_written++;
1674 sd->data_start += sd->blk_len;
1675 sd->data_offset = 0;
a1bb27b1
PB		 1676 sd->csd[14] |= 0x40;
1677
1678 /* Bzzzzzzztt .... Operation complete. */
4481bbc7
AB		 1679 if (sd->multi_blk_cnt != 0) {
1680 if (--sd->multi_blk_cnt == 0) {
1681 /* Stop! */
1682 sd->state = sd_transfer_state;
1683 break;
1684 }
1685 }
1686
a1bb27b1
PB		 1687 sd->state = sd_receivingdata_state;
1688 }
1689 break;
1690
1691 case 26: /* CMD26: PROGRAM_CID */
1692 sd->data[sd->data_offset ++] = value;
1693 if (sd->data_offset >= sizeof(sd->cid)) {
1694 /* TODO: Check CRC before committing */
1695 sd->state = sd_programming_state;
1696 for (i = 0; i < sizeof(sd->cid); i ++)
1697 if ((sd->cid[i] | 0x00) != sd->data[i])
1698 sd->card_status |= CID_CSD_OVERWRITE;
1699
1700 if (!(sd->card_status & CID_CSD_OVERWRITE))
1701 for (i = 0; i < sizeof(sd->cid); i ++) {
1702 sd->cid[i] |= 0x00;
1703 sd->cid[i] &= sd->data[i];
1704 }
1705 /* Bzzzzzzztt .... Operation complete. */
1706 sd->state = sd_transfer_state;
1707 }
1708 break;
1709
1710 case 27: /* CMD27: PROGRAM_CSD */
1711 sd->data[sd->data_offset ++] = value;
1712 if (sd->data_offset >= sizeof(sd->csd)) {
1713 /* TODO: Check CRC before committing */
1714 sd->state = sd_programming_state;
1715 for (i = 0; i < sizeof(sd->csd); i ++)
1716 if ((sd->csd[i] | sd_csd_rw_mask[i]) !=
1717 (sd->data[i] | sd_csd_rw_mask[i]))
1718 sd->card_status |= CID_CSD_OVERWRITE;
1719
1720 /* Copy flag (OTP) & Permanent write protect */
1721 if (sd->csd[14] & ~sd->data[14] & 0x60)
1722 sd->card_status |= CID_CSD_OVERWRITE;
1723
1724 if (!(sd->card_status & CID_CSD_OVERWRITE))
1725 for (i = 0; i < sizeof(sd->csd); i ++) {
1726 sd->csd[i] |= sd_csd_rw_mask[i];
1727 sd->csd[i] &= sd->data[i];
1728 }
1729 /* Bzzzzzzztt .... Operation complete. */
1730 sd->state = sd_transfer_state;
1731 }
1732 break;
1733
1734 case 42: /* CMD42: LOCK_UNLOCK */
1735 sd->data[sd->data_offset ++] = value;
1736 if (sd->data_offset >= sd->blk_len) {
1737 /* TODO: Check CRC before committing */
1738 sd->state = sd_programming_state;
1739 sd_lock_command(sd);
1740 /* Bzzzzzzztt .... Operation complete. */
1741 sd->state = sd_transfer_state;
1742 }
1743 break;
1744
1745 case 56: /* CMD56: GEN_CMD */
1746 sd->data[sd->data_offset ++] = value;
1747 if (sd->data_offset >= sd->blk_len) {
1748 APP_WRITE_BLOCK(sd->data_start, sd->data_offset);
1749 sd->state = sd_transfer_state;
1750 }
1751 break;
1752
1753 default:
9800ad88 1754 qemu_log_mask(LOG_GUEST_ERROR, "sd_write_data: unknown command\n");
a1bb27b1
PB		 1755 break;
1756 }
1757}
1758
1759uint8_t sd_read_data(SDState *sd)
1760{
1761 /* TODO: Append CRCs */
1762 uint8_t ret;
2d7adea4 1763 int io_len;
a1bb27b1 1764
4be74634 1765 if (!sd->blk || !blk_is_inserted(sd->blk) || !sd->enable)
a1bb27b1
PB		 1766 return 0x00;
1767
1768 if (sd->state != sd_sendingdata_state) {
9800ad88
AB		 1769 qemu_log_mask(LOG_GUEST_ERROR,
1770 "sd_read_data: not in Sending-Data state\n");
a1bb27b1
PB		 1771 return 0x00;
1772 }
1773
1774 if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION))
1775 return 0x00;
1776
2d7adea4
AZ		 1777 io_len = (sd->ocr & (1 << 30)) ? 512 : sd->blk_len;
1778
a1bb27b1
PB		 1779 switch (sd->current_cmd) {
1780 case 6: /* CMD6: SWITCH_FUNCTION */
1781 ret = sd->data[sd->data_offset ++];
1782
1783 if (sd->data_offset >= 64)
1784 sd->state = sd_transfer_state;
1785 break;
1786
775616c3
PB		 1787 case 9: /* CMD9: SEND_CSD */
1788 case 10: /* CMD10: SEND_CID */
1789 ret = sd->data[sd->data_offset ++];
1790
1791 if (sd->data_offset >= 16)
1792 sd->state = sd_transfer_state;
1793 break;
1794
a1bb27b1
PB		 1795 case 11: /* CMD11: READ_DAT_UNTIL_STOP */
1796 if (sd->data_offset == 0)
2d7adea4 1797 BLK_READ_BLOCK(sd->data_start, io_len);
a1bb27b1
PB		 1798 ret = sd->data[sd->data_offset ++];
1799
2d7adea4
AZ		 1800 if (sd->data_offset >= io_len) {
1801 sd->data_start += io_len;
a1bb27b1 1802 sd->data_offset = 0;
2d7adea4 1803 if (sd->data_start + io_len > sd->size) {
a1bb27b1
PB		 1804 sd->card_status |= ADDRESS_ERROR;
1805 break;
1806 }
1807 }
1808 break;
1809
1810 case 13: /* ACMD13: SD_STATUS */
1811 ret = sd->sd_status[sd->data_offset ++];
1812
1813 if (sd->data_offset >= sizeof(sd->sd_status))
1814 sd->state = sd_transfer_state;
1815 break;
1816
1817 case 17: /* CMD17: READ_SINGLE_BLOCK */
1818 if (sd->data_offset == 0)
2d7adea4 1819 BLK_READ_BLOCK(sd->data_start, io_len);
a1bb27b1
PB		 1820 ret = sd->data[sd->data_offset ++];
1821
2d7adea4 1822 if (sd->data_offset >= io_len)
a1bb27b1
PB		 1823 sd->state = sd_transfer_state;
1824 break;
1825
1826 case 18: /* CMD18: READ_MULTIPLE_BLOCK */
8573378e
MO		 1827 if (sd->data_offset == 0) {
1828 if (sd->data_start + io_len > sd->size) {
1829 sd->card_status |= ADDRESS_ERROR;
1830 return 0x00;
1831 }
2d7adea4 1832 BLK_READ_BLOCK(sd->data_start, io_len);
8573378e 1833 }
a1bb27b1
PB		 1834 ret = sd->data[sd->data_offset ++];
1835
2d7adea4
AZ		 1836 if (sd->data_offset >= io_len) {
1837 sd->data_start += io_len;
a1bb27b1 1838 sd->data_offset = 0;
4481bbc7
AB		 1839
1840 if (sd->multi_blk_cnt != 0) {
1841 if (--sd->multi_blk_cnt == 0) {
1842 /* Stop! */
1843 sd->state = sd_transfer_state;
1844 break;
1845 }
1846 }
a1bb27b1
PB		 1847 }
1848 break;
1849
1850 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
1851 ret = sd->data[sd->data_offset ++];
1852
1853 if (sd->data_offset >= 4)
1854 sd->state = sd_transfer_state;
1855 break;
1856
1857 case 30: /* CMD30: SEND_WRITE_PROT */
1858 ret = sd->data[sd->data_offset ++];
1859
1860 if (sd->data_offset >= 4)
1861 sd->state = sd_transfer_state;
1862 break;
1863
1864 case 51: /* ACMD51: SEND_SCR */
1865 ret = sd->scr[sd->data_offset ++];
1866
1867 if (sd->data_offset >= sizeof(sd->scr))
1868 sd->state = sd_transfer_state;
1869 break;
1870
1871 case 56: /* CMD56: GEN_CMD */
1872 if (sd->data_offset == 0)
1873 APP_READ_BLOCK(sd->data_start, sd->blk_len);
1874 ret = sd->data[sd->data_offset ++];
1875
1876 if (sd->data_offset >= sd->blk_len)
1877 sd->state = sd_transfer_state;
1878 break;
1879
1880 default:
9800ad88 1881 qemu_log_mask(LOG_GUEST_ERROR, "sd_read_data: unknown command\n");
a1bb27b1
PB		 1882 return 0x00;
1883 }
1884
1885 return ret;
1886}
1887
879bf4a7 1888bool sd_data_ready(SDState *sd)
a1bb27b1
PB		 1889{
1890 return sd->state == sd_sendingdata_state;
1891}
827df9f3 1892
bebd1271 1893void sd_enable(SDState *sd, bool enable)
827df9f3
AZ		 1894{
1895 sd->enable = enable;
1896}
260bc9d8
PM		 1897
1898static void sd_instance_init(Object *obj)
1899{
1900 SDState *sd = SD_CARD(obj);
1901
1902 sd->enable = true;
dd26eb43 1903 sd->ocr_power_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, sd_ocr_powerup, sd);
260bc9d8
PM		 1904}
1905
5ba34401
MAL		 1906static void sd_instance_finalize(Object *obj)
1907{
1908 SDState *sd = SD_CARD(obj);
1909
1910 timer_del(sd->ocr_power_timer);
1911 timer_free(sd->ocr_power_timer);
1912}
1913
260bc9d8
PM		 1914static void sd_realize(DeviceState *dev, Error **errp)
1915{
1916 SDState *sd = SD_CARD(dev);
a17c17a2 1917 int ret;
260bc9d8
PM		 1918
1919 if (sd->blk && blk_is_read_only(sd->blk)) {
1920 error_setg(errp, "Cannot use read-only drive as SD card");
1921 return;
1922 }
1923
260bc9d8 1924 if (sd->blk) {
a17c17a2
KW		 1925 ret = blk_set_perm(sd->blk, BLK_PERM_CONSISTENT_READ | BLK_PERM_WRITE,
1926 BLK_PERM_ALL, errp);
1927 if (ret < 0) {
1928 return;
1929 }
260bc9d8
PM		 1930 blk_set_dev_ops(sd->blk, &sd_block_ops, sd);
1931 }
260bc9d8
PM		 1932}
1933
1934static Property sd_properties[] = {
1935 DEFINE_PROP_DRIVE("drive", SDState, blk),
1936 /* We do not model the chip select pin, so allow the board to select
1937 * whether card should be in SSI or MMC/SD mode. It is also up to the
1938 * board to ensure that ssi transfers only occur when the chip select
1939 * is asserted. */
1940 DEFINE_PROP_BOOL("spi", SDState, spi, false),
1941 DEFINE_PROP_END_OF_LIST()
1942};
1943
1944static void sd_class_init(ObjectClass *klass, void *data)
1945{
1946 DeviceClass *dc = DEVICE_CLASS(klass);
c759a790 1947 SDCardClass *sc = SD_CARD_CLASS(klass);
260bc9d8
PM		 1948
1949 dc->realize = sd_realize;
1950 dc->props = sd_properties;
1951 dc->vmsd = &sd_vmstate;
ba3ed0fa 1952 dc->reset = sd_reset;
c759a790
PM		 1953 dc->bus_type = TYPE_SD_BUS;
1954
0034ebe6 1955 sc->set_voltage = sd_set_voltage;
da346922
PMD		 1956 sc->get_dat_lines = sd_get_dat_lines;
1957 sc->get_cmd_line = sd_get_cmd_line;
c759a790
PM		 1958 sc->do_command = sd_do_command;
1959 sc->write_data = sd_write_data;
1960 sc->read_data = sd_read_data;
1961 sc->data_ready = sd_data_ready;
1962 sc->enable = sd_enable;
1963 sc->get_inserted = sd_get_inserted;
1964 sc->get_readonly = sd_get_readonly;
260bc9d8
PM		 1965}
1966
1967static const TypeInfo sd_info = {
1968 .name = TYPE_SD_CARD,
1969 .parent = TYPE_DEVICE,
1970 .instance_size = sizeof(SDState),
c759a790 1971 .class_size = sizeof(SDCardClass),
260bc9d8
PM		 1972 .class_init = sd_class_init,
1973 .instance_init = sd_instance_init,
5ba34401 1974 .instance_finalize = sd_instance_finalize,
260bc9d8
PM		 1975};
1976
1977static void sd_register_types(void)
1978{
1979 type_register_static(&sd_info);
1980}
1981
1982type_init(sd_register_types)
QEMU mirror