]> git.proxmox.com Git - qemu.git/blame - hw/sd.c
projects / qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
sun4u: give ISA bus to ISA methods
[qemu.git] / hw / sd.c
CommitLineData
5fafdf24 1/*
a1bb27b1
PB		 2 * SD Memory Card emulation as defined in the "SD Memory Card Physical
3 * layer specification, Version 1.10."
4 *
5 * Copyright (c) 2006 Andrzej Zaborowski <balrog@zabor.org>
6 * Copyright (c) 2007 CodeSourcery
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in
16 * the documentation and/or other materials provided with the
17 * distribution.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS''
20 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
21 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
22 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR
23 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
24 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
25 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
26 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
27 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
28 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
29 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
30 */
31
87ecb68b
PB		 32#include "hw.h"
33#include "block.h"
a1bb27b1
PB		 34#include "sd.h"
35
36//#define DEBUG_SD 1
37
38#ifdef DEBUG_SD
001faf32
BS		 39#define DPRINTF(fmt, ...) \
40do { fprintf(stderr, "SD: " fmt , ## __VA_ARGS__); } while (0)
a1bb27b1 41#else
001faf32 42#define DPRINTF(fmt, ...) do {} while(0)
a1bb27b1
PB		 43#endif
44
45typedef enum {
46 sd_r0 = 0, /* no response */
47 sd_r1, /* normal response command */
48 sd_r2_i, /* CID register */
49 sd_r2_s, /* CSD register */
50 sd_r3, /* OCR register */
51 sd_r6 = 6, /* Published RCA response */
1b088995 52 sd_r7, /* Operating voltage */
a1bb27b1 53 sd_r1b = -1,
c227f099 54} sd_rsp_type_t;
a1bb27b1
PB		 55
56struct SDState {
57 enum {
58 sd_inactive,
59 sd_card_identification_mode,
60 sd_data_transfer_mode,
61 } mode;
62 enum {
63 sd_inactive_state = -1,
64 sd_idle_state = 0,
65 sd_ready_state,
66 sd_identification_state,
67 sd_standby_state,
68 sd_transfer_state,
69 sd_sendingdata_state,
70 sd_receivingdata_state,
71 sd_programming_state,
72 sd_disconnect_state,
73 } state;
74 uint32_t ocr;
75 uint8_t scr[8];
76 uint8_t cid[16];
77 uint8_t csd[16];
78 uint16_t rca;
79 uint32_t card_status;
80 uint8_t sd_status[64];
1b088995 81 uint32_t vhs;
a1bb27b1
PB		 82 int wp_switch;
83 int *wp_groups;
2d7adea4 84 uint64_t size;
a1bb27b1
PB		 85 int blk_len;
86 uint32_t erase_start;
87 uint32_t erase_end;
88 uint8_t pwd[16];
89 int pwd_len;
90 int function_group[6];
91
775616c3 92 int spi;
a1bb27b1
PB		 93 int current_cmd;
94 int blk_written;
2d7adea4 95 uint64_t data_start;
a1bb27b1
PB		 96 uint32_t data_offset;
97 uint8_t data[512];
02ce600c
AZ		 98 qemu_irq readonly_cb;
99 qemu_irq inserted_cb;
a1bb27b1 100 BlockDriverState *bdrv;
33f00271 101 uint8_t *buf;
827df9f3
AZ		 102
103 int enable;
a1bb27b1
PB		 104};
105
106static void sd_set_status(SDState *sd)
107{
108 switch (sd->state) {
109 case sd_inactive_state:
110 sd->mode = sd_inactive;
111 break;
112
113 case sd_idle_state:
114 case sd_ready_state:
115 case sd_identification_state:
116 sd->mode = sd_card_identification_mode;
117 break;
118
119 case sd_standby_state:
120 case sd_transfer_state:
121 case sd_sendingdata_state:
122 case sd_receivingdata_state:
123 case sd_programming_state:
124 case sd_disconnect_state:
125 sd->mode = sd_data_transfer_mode;
126 break;
127 }
128
129 sd->card_status &= ~CURRENT_STATE;
130 sd->card_status |= sd->state << 9;
131}
132
c227f099 133static const sd_cmd_type_t sd_cmd_type[64] = {
a1bb27b1 134 sd_bc, sd_none, sd_bcr, sd_bcr, sd_none, sd_none, sd_none, sd_ac,
1b088995 135 sd_bcr, sd_ac, sd_ac, sd_adtc, sd_ac, sd_ac, sd_none, sd_ac,
a1bb27b1
PB		 136 sd_ac, sd_adtc, sd_adtc, sd_none, sd_none, sd_none, sd_none, sd_none,
137 sd_adtc, sd_adtc, sd_adtc, sd_adtc, sd_ac, sd_ac, sd_adtc, sd_none,
138 sd_ac, sd_ac, sd_none, sd_none, sd_none, sd_none, sd_ac, sd_none,
139 sd_none, sd_none, sd_bc, sd_none, sd_none, sd_none, sd_none, sd_none,
140 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_ac,
141 sd_adtc, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
142};
143
c227f099 144static const sd_cmd_type_t sd_acmd_type[64] = {
a1bb27b1
PB		 145 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_ac, sd_none,
146 sd_none, sd_none, sd_none, sd_none, sd_none, sd_adtc, sd_none, sd_none,
147 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_adtc, sd_ac,
148 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
149 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
150 sd_none, sd_bcr, sd_ac, sd_none, sd_none, sd_none, sd_none, sd_none,
151 sd_none, sd_none, sd_none, sd_adtc, sd_none, sd_none, sd_none, sd_none,
152 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
153};
154
155static const int sd_cmd_class[64] = {
156 0, 0, 0, 0, 0, 9, 10, 0, 0, 0, 0, 1, 0, 0, 0, 0,
157 2, 2, 2, 2, 3, 3, 3, 3, 4, 4, 4, 4, 6, 6, 6, 6,
158 5, 5, 10, 10, 10, 10, 5, 9, 9, 9, 7, 7, 7, 7, 7, 7,
159 7, 7, 10, 7, 9, 9, 9, 8, 8, 10, 8, 8, 8, 8, 8, 8,
160};
161
162static uint8_t sd_crc7(void *message, size_t width)
163{
164 int i, bit;
165 uint8_t shift_reg = 0x00;
166 uint8_t *msg = (uint8_t *) message;
167
168 for (i = 0; i < width; i ++, msg ++)
169 for (bit = 7; bit >= 0; bit --) {
170 shift_reg <<= 1;
171 if ((shift_reg >> 7) ^ ((*msg >> bit) & 1))
172 shift_reg ^= 0x89;
173 }
174
175 return shift_reg;
176}
177
178static uint16_t sd_crc16(void *message, size_t width)
179{
180 int i, bit;
181 uint16_t shift_reg = 0x0000;
182 uint16_t *msg = (uint16_t *) message;
183 width <<= 1;
184
185 for (i = 0; i < width; i ++, msg ++)
186 for (bit = 15; bit >= 0; bit --) {
187 shift_reg <<= 1;
188 if ((shift_reg >> 15) ^ ((*msg >> bit) & 1))
189 shift_reg ^= 0x1011;
190 }
191
192 return shift_reg;
193}
194
195static void sd_set_ocr(SDState *sd)
196{
1b088995 197 /* All voltages OK, card power-up OK, Standard Capacity SD Memory Card */
829ef7b0 198 sd->ocr = 0x80ffff00;
a1bb27b1
PB		 199}
200
201static void sd_set_scr(SDState *sd)
202{
203 sd->scr[0] = 0x00; /* SCR Structure */
204 sd->scr[1] = 0x2f; /* SD Security Support */
205 sd->scr[2] = 0x00;
206 sd->scr[3] = 0x00;
207 sd->scr[4] = 0x00;
208 sd->scr[5] = 0x00;
209 sd->scr[6] = 0x00;
210 sd->scr[7] = 0x00;
211}
212
213#define MID 0xaa
214#define OID "XY"
215#define PNM "QEMU!"
216#define PRV 0x01
217#define MDT_YR 2006
218#define MDT_MON 2
219
220static void sd_set_cid(SDState *sd)
221{
222 sd->cid[0] = MID; /* Fake card manufacturer ID (MID) */
223 sd->cid[1] = OID[0]; /* OEM/Application ID (OID) */
224 sd->cid[2] = OID[1];
225 sd->cid[3] = PNM[0]; /* Fake product name (PNM) */
226 sd->cid[4] = PNM[1];
227 sd->cid[5] = PNM[2];
228 sd->cid[6] = PNM[3];
229 sd->cid[7] = PNM[4];
230 sd->cid[8] = PRV; /* Fake product revision (PRV) */
231 sd->cid[9] = 0xde; /* Fake serial number (PSN) */
232 sd->cid[10] = 0xad;
233 sd->cid[11] = 0xbe;
234 sd->cid[12] = 0xef;
235 sd->cid[13] = 0x00 | /* Manufacture date (MDT) */
236 ((MDT_YR - 2000) / 10);
237 sd->cid[14] = ((MDT_YR % 10) << 4) | MDT_MON;
238 sd->cid[15] = (sd_crc7(sd->cid, 15) << 1) | 1;
239}
240
241#define HWBLOCK_SHIFT 9 /* 512 bytes */
242#define SECTOR_SHIFT 5 /* 16 kilobytes */
243#define WPGROUP_SHIFT 7 /* 2 megs */
244#define CMULT_SHIFT 9 /* 512 times HWBLOCK_SIZE */
a1bb27b1
PB		 245#define WPGROUP_SIZE (1 << (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT))
246
247static const uint8_t sd_csd_rw_mask[16] = {
248 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
249 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xfc, 0xfe,
250};
251
2d7adea4 252static void sd_set_csd(SDState *sd, uint64_t size)
a1bb27b1
PB		 253{
254 uint32_t csize = (size >> (CMULT_SHIFT + HWBLOCK_SHIFT)) - 1;
255 uint32_t sectsize = (1 << (SECTOR_SHIFT + 1)) - 1;
256 uint32_t wpsize = (1 << (WPGROUP_SHIFT + 1)) - 1;
257
2d7adea4
AZ		 258 if (size <= 0x40000000) { /* Standard Capacity SD */
259 sd->csd[0] = 0x00; /* CSD structure */
260 sd->csd[1] = 0x26; /* Data read access-time-1 */
261 sd->csd[2] = 0x00; /* Data read access-time-2 */
262 sd->csd[3] = 0x5a; /* Max. data transfer rate */
263 sd->csd[4] = 0x5f; /* Card Command Classes */
264 sd->csd[5] = 0x50 | /* Max. read data block length */
265 HWBLOCK_SHIFT;
266 sd->csd[6] = 0xe0 | /* Partial block for read allowed */
267 ((csize >> 10) & 0x03);
268 sd->csd[7] = 0x00 | /* Device size */
269 ((csize >> 2) & 0xff);
270 sd->csd[8] = 0x3f | /* Max. read current */
271 ((csize << 6) & 0xc0);
272 sd->csd[9] = 0xfc | /* Max. write current */
273 ((CMULT_SHIFT - 2) >> 1);
274 sd->csd[10] = 0x40 | /* Erase sector size */
275 (((CMULT_SHIFT - 2) << 7) & 0x80) | (sectsize >> 1);
276 sd->csd[11] = 0x00 | /* Write protect group size */
277 ((sectsize << 7) & 0x80) | wpsize;
278 sd->csd[12] = 0x90 | /* Write speed factor */
279 (HWBLOCK_SHIFT >> 2);
280 sd->csd[13] = 0x20 | /* Max. write data block length */
281 ((HWBLOCK_SHIFT << 6) & 0xc0);
282 sd->csd[14] = 0x00; /* File format group */
283 sd->csd[15] = (sd_crc7(sd->csd, 15) << 1) | 1;
284 } else { /* SDHC */
285 size /= 512 * 1024;
286 size -= 1;
287 sd->csd[0] = 0x40;
288 sd->csd[1] = 0x0e;
289 sd->csd[2] = 0x00;
290 sd->csd[3] = 0x32;
291 sd->csd[4] = 0x5b;
292 sd->csd[5] = 0x59;
293 sd->csd[6] = 0x00;
294 sd->csd[7] = (size >> 16) & 0xff;
295 sd->csd[8] = (size >> 8) & 0xff;
296 sd->csd[9] = (size & 0xff);
297 sd->csd[10] = 0x7f;
298 sd->csd[11] = 0x80;
299 sd->csd[12] = 0x0a;
300 sd->csd[13] = 0x40;
301 sd->csd[14] = 0x00;
302 sd->csd[15] = 0x00;
303 sd->ocr |= 1 << 30; /* High Capacity SD Memort Card */
304 }
a1bb27b1
PB		 305}
306
307static void sd_set_rca(SDState *sd)
308{
309 sd->rca += 0x4567;
310}
311
312#define CARD_STATUS_A 0x02004100
313#define CARD_STATUS_B 0x00c01e00
314#define CARD_STATUS_C 0xfd39a028
315
316static void sd_set_cardstatus(SDState *sd)
317{
318 sd->card_status = 0x00000100;
319}
320
321static void sd_set_sdstatus(SDState *sd)
322{
323 memset(sd->sd_status, 0, 64);
324}
325
bc24a225 326static int sd_req_crc_validate(SDRequest *req)
a1bb27b1
PB		 327{
328 uint8_t buffer[5];
329 buffer[0] = 0x40 | req->cmd;
330 buffer[1] = (req->arg >> 24) & 0xff;
331 buffer[2] = (req->arg >> 16) & 0xff;
332 buffer[3] = (req->arg >> 8) & 0xff;
333 buffer[4] = (req->arg >> 0) & 0xff;
334 return 0;
335 return sd_crc7(buffer, 5) != req->crc; /* TODO */
336}
337
9596ebb7
PB		 338static void sd_response_r1_make(SDState *sd,
339 uint8_t *response, uint32_t last_status)
a1bb27b1
PB		 340{
341 uint32_t mask = CARD_STATUS_B ^ ILLEGAL_COMMAND;
342 uint32_t status;
343
344 status = (sd->card_status & ~mask) | (last_status & mask);
345 sd->card_status &= ~CARD_STATUS_C | APP_CMD;
346
347 response[0] = (status >> 24) & 0xff;
348 response[1] = (status >> 16) & 0xff;
349 response[2] = (status >> 8) & 0xff;
350 response[3] = (status >> 0) & 0xff;
351}
352
9596ebb7 353static void sd_response_r3_make(SDState *sd, uint8_t *response)
a1bb27b1
PB		 354{
355 response[0] = (sd->ocr >> 24) & 0xff;
356 response[1] = (sd->ocr >> 16) & 0xff;
357 response[2] = (sd->ocr >> 8) & 0xff;
358 response[3] = (sd->ocr >> 0) & 0xff;
359}
360
9596ebb7 361static void sd_response_r6_make(SDState *sd, uint8_t *response)
a1bb27b1
PB		 362{
363 uint16_t arg;
364 uint16_t status;
365
366 arg = sd->rca;
367 status = ((sd->card_status >> 8) & 0xc000) |
368 ((sd->card_status >> 6) & 0x2000) |
369 (sd->card_status & 0x1fff);
370
371 response[0] = (arg >> 8) & 0xff;
372 response[1] = arg & 0xff;
373 response[2] = (status >> 8) & 0xff;
374 response[3] = status & 0xff;
375}
376
1b088995
AZ		 377static void sd_response_r7_make(SDState *sd, uint8_t *response)
378{
379 response[0] = (sd->vhs >> 24) & 0xff;
380 response[1] = (sd->vhs >> 16) & 0xff;
381 response[2] = (sd->vhs >> 8) & 0xff;
382 response[3] = (sd->vhs >> 0) & 0xff;
383}
384
a1bb27b1
PB		 385static void sd_reset(SDState *sd, BlockDriverState *bdrv)
386{
2d7adea4 387 uint64_t size;
a1bb27b1
PB		 388 uint64_t sect;
389
03f311ed
PB		 390 if (bdrv) {
391 bdrv_get_geometry(bdrv, &sect);
392 } else {
393 sect = 0;
394 }
5e37141b 395 size = sect << 9;
a1bb27b1
PB		 396
397 sect = (size >> (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT)) + 1;
398
399 sd->state = sd_idle_state;
400 sd->rca = 0x0000;
401 sd_set_ocr(sd);
402 sd_set_scr(sd);
403 sd_set_cid(sd);
404 sd_set_csd(sd, size);
405 sd_set_cardstatus(sd);
406 sd_set_sdstatus(sd);
407
408 sd->bdrv = bdrv;
409
257514dd 410 if (sd->wp_groups)
7267c094 411 g_free(sd->wp_groups);
03f311ed 412 sd->wp_switch = bdrv ? bdrv_is_read_only(bdrv) : 0;
7267c094 413 sd->wp_groups = (int *) g_malloc0(sizeof(int) * sect);
a1bb27b1
PB		 414 memset(sd->function_group, 0, sizeof(int) * 6);
415 sd->erase_start = 0;
416 sd->erase_end = 0;
417 sd->size = size;
418 sd->blk_len = 0x200;
419 sd->pwd_len = 0;
420}
421
7d4b4ba5 422static void sd_cardchange(void *opaque, bool load)
a1bb27b1
PB		 423{
424 SDState *sd = opaque;
db97ee6a 425
02ce600c 426 qemu_set_irq(sd->inserted_cb, bdrv_is_inserted(sd->bdrv));
a1bb27b1
PB		 427 if (bdrv_is_inserted(sd->bdrv)) {
428 sd_reset(sd, sd->bdrv);
257514dd 429 qemu_set_irq(sd->readonly_cb, sd->wp_switch);
a1bb27b1
PB		 430 }
431}
432
0e49de52 433static const BlockDevOps sd_block_ops = {
145feb17 434 .change_media_cb = sd_cardchange,
0e49de52
MA		 435};
436
775616c3 437/* We do not model the chip select pin, so allow the board to select
8ef6367e 438 whether card should be in SSI or MMC/SD mode. It is also up to the
775616c3
PB		 439 board to ensure that ssi transfers only occur when the chip select
440 is asserted. */
441SDState *sd_init(BlockDriverState *bs, int is_spi)
a1bb27b1
PB		 442{
443 SDState *sd;
444
7267c094 445 sd = (SDState *) g_malloc0(sizeof(SDState));
72aef731 446 sd->buf = qemu_blockalign(bs, 512);
775616c3 447 sd->spi = is_spi;
4872aa13 448 sd->enable = 1;
a1bb27b1 449 sd_reset(sd, bs);
03f311ed 450 if (sd->bdrv) {
fa879d62 451 bdrv_attach_dev_nofail(sd->bdrv, sd);
0e49de52 452 bdrv_set_dev_ops(sd->bdrv, &sd_block_ops, sd);
03f311ed 453 }
a1bb27b1
PB		 454 return sd;
455}
456
02ce600c 457void sd_set_cb(SDState *sd, qemu_irq readonly, qemu_irq insert)
a1bb27b1 458{
02ce600c
AZ		 459 sd->readonly_cb = readonly;
460 sd->inserted_cb = insert;
0d2e91c1
AJ		 461 qemu_set_irq(readonly, sd->bdrv ? bdrv_is_read_only(sd->bdrv) : 0);
462 qemu_set_irq(insert, sd->bdrv ? bdrv_is_inserted(sd->bdrv) : 0);
a1bb27b1
PB		 463}
464
465static void sd_erase(SDState *sd)
466{
467 int i, start, end;
468 if (!sd->erase_start || !sd->erase_end) {
469 sd->card_status |= ERASE_SEQ_ERROR;
470 return;
471 }
472
473 start = sd->erase_start >>
474 (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT);
475 end = sd->erase_end >>
476 (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT);
477 sd->erase_start = 0;
478 sd->erase_end = 0;
479 sd->csd[14] |= 0x40;
480
481 for (i = start; i <= end; i ++)
482 if (sd->wp_groups[i])
483 sd->card_status |= WP_ERASE_SKIP;
484}
485
2d7adea4 486static uint32_t sd_wpbits(SDState *sd, uint64_t addr)
a1bb27b1
PB		 487{
488 uint32_t i, wpnum;
489 uint32_t ret = 0;
490
491 wpnum = addr >> (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT);
492
493 for (i = 0; i < 32; i ++, wpnum ++, addr += WPGROUP_SIZE)
494 if (addr < sd->size && sd->wp_groups[wpnum])
495 ret |= (1 << i);
496
497 return ret;
498}
499
500static void sd_function_switch(SDState *sd, uint32_t arg)
501{
502 int i, mode, new_func, crc;
503 mode = !!(arg & 0x80000000);
504
505 sd->data[0] = 0x00; /* Maximum current consumption */
506 sd->data[1] = 0x01;
507 sd->data[2] = 0x80; /* Supported group 6 functions */
508 sd->data[3] = 0x01;
509 sd->data[4] = 0x80; /* Supported group 5 functions */
510 sd->data[5] = 0x01;
511 sd->data[6] = 0x80; /* Supported group 4 functions */
512 sd->data[7] = 0x01;
513 sd->data[8] = 0x80; /* Supported group 3 functions */
514 sd->data[9] = 0x01;
515 sd->data[10] = 0x80; /* Supported group 2 functions */
516 sd->data[11] = 0x43;
517 sd->data[12] = 0x80; /* Supported group 1 functions */
518 sd->data[13] = 0x03;
519 for (i = 0; i < 6; i ++) {
520 new_func = (arg >> (i * 4)) & 0x0f;
521 if (mode && new_func != 0x0f)
522 sd->function_group[i] = new_func;
523 sd->data[14 + (i >> 1)] = new_func << ((i * 4) & 4);
524 }
525 memset(&sd->data[17], 0, 47);
526 crc = sd_crc16(sd->data, 64);
527 sd->data[65] = crc >> 8;
528 sd->data[66] = crc & 0xff;
529}
530
531static inline int sd_wp_addr(SDState *sd, uint32_t addr)
532{
533 return sd->wp_groups[addr >>
534 (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT)];
535}
536
537static void sd_lock_command(SDState *sd)
538{
539 int erase, lock, clr_pwd, set_pwd, pwd_len;
540 erase = !!(sd->data[0] & 0x08);
541 lock = sd->data[0] & 0x04;
542 clr_pwd = sd->data[0] & 0x02;
543 set_pwd = sd->data[0] & 0x01;
544
545 if (sd->blk_len > 1)
546 pwd_len = sd->data[1];
547 else
548 pwd_len = 0;
549
550 if (erase) {
551 if (!(sd->card_status & CARD_IS_LOCKED) || sd->blk_len > 1 ||
552 set_pwd || clr_pwd || lock || sd->wp_switch ||
553 (sd->csd[14] & 0x20)) {
554 sd->card_status |= LOCK_UNLOCK_FAILED;
555 return;
556 }
557 memset(sd->wp_groups, 0, sizeof(int) * (sd->size >>
558 (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT)));
559 sd->csd[14] &= ~0x10;
560 sd->card_status &= ~CARD_IS_LOCKED;
561 sd->pwd_len = 0;
562 /* Erasing the entire card here! */
827df9f3 563 fprintf(stderr, "SD: Card force-erased by CMD42\n");
a1bb27b1
PB		 564 return;
565 }
566
567 if (sd->blk_len < 2 + pwd_len ||
568 pwd_len <= sd->pwd_len ||
569 pwd_len > sd->pwd_len + 16) {
570 sd->card_status |= LOCK_UNLOCK_FAILED;
571 return;
572 }
573
574 if (sd->pwd_len && memcmp(sd->pwd, sd->data + 2, sd->pwd_len)) {
575 sd->card_status |= LOCK_UNLOCK_FAILED;
576 return;
577 }
578
579 pwd_len -= sd->pwd_len;
580 if ((pwd_len && !set_pwd) ||
581 (clr_pwd && (set_pwd || lock)) ||
582 (lock && !sd->pwd_len && !set_pwd) ||
583 (!set_pwd && !clr_pwd &&
584 (((sd->card_status & CARD_IS_LOCKED) && lock) ||
585 (!(sd->card_status & CARD_IS_LOCKED) && !lock)))) {
586 sd->card_status |= LOCK_UNLOCK_FAILED;
587 return;
588 }
589
590 if (set_pwd) {
591 memcpy(sd->pwd, sd->data + 2 + sd->pwd_len, pwd_len);
592 sd->pwd_len = pwd_len;
593 }
594
595 if (clr_pwd) {
596 sd->pwd_len = 0;
597 }
598
599 if (lock)
600 sd->card_status |= CARD_IS_LOCKED;
601 else
602 sd->card_status &= ~CARD_IS_LOCKED;
603}
604
c227f099 605static sd_rsp_type_t sd_normal_command(SDState *sd,
bc24a225 606 SDRequest req)
a1bb27b1
PB		 607{
608 uint32_t rca = 0x0000;
2d7adea4 609 uint64_t addr = (sd->ocr & (1 << 30)) ? (uint64_t) req.arg << 9 : req.arg;
a1bb27b1
PB		 610
611 if (sd_cmd_type[req.cmd] == sd_ac || sd_cmd_type[req.cmd] == sd_adtc)
612 rca = req.arg >> 16;
613
614 DPRINTF("CMD%d 0x%08x state %d\n", req.cmd, req.arg, sd->state);
615 switch (req.cmd) {
616 /* Basic commands (Class 0 and Class 1) */
617 case 0: /* CMD0: GO_IDLE_STATE */
618 switch (sd->state) {
619 case sd_inactive_state:
775616c3 620 return sd->spi ? sd_r1 : sd_r0;
a1bb27b1
PB		 621
622 default:
623 sd->state = sd_idle_state;
624 sd_reset(sd, sd->bdrv);
775616c3 625 return sd->spi ? sd_r1 : sd_r0;
a1bb27b1
PB		 626 }
627 break;
628
775616c3
PB		 629 case 1: /* CMD1: SEND_OP_CMD */
630 if (!sd->spi)
631 goto bad_cmd;
632
633 sd->state = sd_transfer_state;
634 return sd_r1;
635
a1bb27b1 636 case 2: /* CMD2: ALL_SEND_CID */
775616c3
PB		 637 if (sd->spi)
638 goto bad_cmd;
a1bb27b1
PB		 639 switch (sd->state) {
640 case sd_ready_state:
641 sd->state = sd_identification_state;
642 return sd_r2_i;
643
644 default:
645 break;
646 }
647 break;
648
649 case 3: /* CMD3: SEND_RELATIVE_ADDR */
775616c3
PB		 650 if (sd->spi)
651 goto bad_cmd;
a1bb27b1
PB		 652 switch (sd->state) {
653 case sd_identification_state:
654 case sd_standby_state:
655 sd->state = sd_standby_state;
656 sd_set_rca(sd);
657 return sd_r6;
658
659 default:
660 break;
661 }
662 break;
663
664 case 4: /* CMD4: SEND_DSR */
775616c3
PB		 665 if (sd->spi)
666 goto bad_cmd;
a1bb27b1
PB		 667 switch (sd->state) {
668 case sd_standby_state:
669 break;
670
671 default:
672 break;
673 }
674 break;
675
109ac32f
JR		 676 case 5: /* CMD5: reserved for SDIO cards */
677 sd->card_status |= ILLEGAL_COMMAND;
678 return sd_r0;
679
a1bb27b1 680 case 6: /* CMD6: SWITCH_FUNCTION */
775616c3
PB		 681 if (sd->spi)
682 goto bad_cmd;
a1bb27b1
PB		 683 switch (sd->mode) {
684 case sd_data_transfer_mode:
685 sd_function_switch(sd, req.arg);
686 sd->state = sd_sendingdata_state;
687 sd->data_start = 0;
688 sd->data_offset = 0;
689 return sd_r1;
690
691 default:
692 break;
693 }
694 break;
695
696 case 7: /* CMD7: SELECT/DESELECT_CARD */
775616c3
PB		 697 if (sd->spi)
698 goto bad_cmd;
a1bb27b1
PB		 699 switch (sd->state) {
700 case sd_standby_state:
701 if (sd->rca != rca)
702 return sd_r0;
703
704 sd->state = sd_transfer_state;
705 return sd_r1b;
706
707 case sd_transfer_state:
708 case sd_sendingdata_state:
709 if (sd->rca == rca)
710 break;
711
712 sd->state = sd_standby_state;
713 return sd_r1b;
714
715 case sd_disconnect_state:
716 if (sd->rca != rca)
717 return sd_r0;
718
719 sd->state = sd_programming_state;
720 return sd_r1b;
721
722 case sd_programming_state:
723 if (sd->rca == rca)
724 break;
725
726 sd->state = sd_disconnect_state;
727 return sd_r1b;
728
729 default:
730 break;
731 }
732 break;
733
1b088995
AZ		 734 case 8: /* CMD8: SEND_IF_COND */
735 /* Physical Layer Specification Version 2.00 command */
736 switch (sd->state) {
737 case sd_idle_state:
738 sd->vhs = 0;
739
740 /* No response if not exactly one VHS bit is set. */
741 if (!(req.arg >> 8) || (req.arg >> ffs(req.arg & ~0xff)))
742 return sd->spi ? sd_r7 : sd_r0;
743
744 /* Accept. */
745 sd->vhs = req.arg;
746 return sd_r7;
747
748 default:
749 break;
750 }
751 break;
752
a1bb27b1
PB		 753 case 9: /* CMD9: SEND_CSD */
754 switch (sd->state) {
755 case sd_standby_state:
756 if (sd->rca != rca)
757 return sd_r0;
758
759 return sd_r2_s;
760
775616c3
PB		 761 case sd_transfer_state:
762 if (!sd->spi)
763 break;
764 sd->state = sd_sendingdata_state;
765 memcpy(sd->data, sd->csd, 16);
2d7adea4 766 sd->data_start = addr;
775616c3
PB		 767 sd->data_offset = 0;
768 return sd_r1;
769
a1bb27b1
PB		 770 default:
771 break;
772 }
773 break;
774
775 case 10: /* CMD10: SEND_CID */
776 switch (sd->state) {
777 case sd_standby_state:
778 if (sd->rca != rca)
779 return sd_r0;
780
781 return sd_r2_i;
782
775616c3
PB		 783 case sd_transfer_state:
784 if (!sd->spi)
785 break;
786 sd->state = sd_sendingdata_state;
787 memcpy(sd->data, sd->cid, 16);
2d7adea4 788 sd->data_start = addr;
775616c3
PB		 789 sd->data_offset = 0;
790 return sd_r1;
791
a1bb27b1
PB		 792 default:
793 break;
794 }
795 break;
796
797 case 11: /* CMD11: READ_DAT_UNTIL_STOP */
775616c3
PB		 798 if (sd->spi)
799 goto bad_cmd;
a1bb27b1
PB		 800 switch (sd->state) {
801 case sd_transfer_state:
802 sd->state = sd_sendingdata_state;
803 sd->data_start = req.arg;
804 sd->data_offset = 0;
805
806 if (sd->data_start + sd->blk_len > sd->size)
807 sd->card_status |= ADDRESS_ERROR;
808 return sd_r0;
809
810 default:
811 break;
812 }
813 break;
814
815 case 12: /* CMD12: STOP_TRANSMISSION */
816 switch (sd->state) {
817 case sd_sendingdata_state:
818 sd->state = sd_transfer_state;
819 return sd_r1b;
820
821 case sd_receivingdata_state:
822 sd->state = sd_programming_state;
823 /* Bzzzzzzztt .... Operation complete. */
824 sd->state = sd_transfer_state;
825 return sd_r1b;
826
827 default:
828 break;
829 }
830 break;
831
832 case 13: /* CMD13: SEND_STATUS */
833 switch (sd->mode) {
834 case sd_data_transfer_mode:
835 if (sd->rca != rca)
836 return sd_r0;
837
838 return sd_r1;
839
840 default:
841 break;
842 }
843 break;
844
845 case 15: /* CMD15: GO_INACTIVE_STATE */
775616c3
PB		 846 if (sd->spi)
847 goto bad_cmd;
a1bb27b1
PB		 848 switch (sd->mode) {
849 case sd_data_transfer_mode:
850 if (sd->rca != rca)
851 return sd_r0;
852
853 sd->state = sd_inactive_state;
854 return sd_r0;
855
856 default:
857 break;
858 }
859 break;
860
861 /* Block read commands (Classs 2) */
862 case 16: /* CMD16: SET_BLOCKLEN */
863 switch (sd->state) {
864 case sd_transfer_state:
865 if (req.arg > (1 << HWBLOCK_SHIFT))
866 sd->card_status |= BLOCK_LEN_ERROR;
867 else
868 sd->blk_len = req.arg;
869
870 return sd_r1;
871
872 default:
873 break;
874 }
875 break;
876
877 case 17: /* CMD17: READ_SINGLE_BLOCK */
878 switch (sd->state) {
879 case sd_transfer_state:
880 sd->state = sd_sendingdata_state;
2d7adea4 881 sd->data_start = addr;
a1bb27b1
PB		 882 sd->data_offset = 0;
883
884 if (sd->data_start + sd->blk_len > sd->size)
885 sd->card_status |= ADDRESS_ERROR;
886 return sd_r1;
887
888 default:
889 break;
890 }
891 break;
892
893 case 18: /* CMD18: READ_MULTIPLE_BLOCK */
894 switch (sd->state) {
895 case sd_transfer_state:
896 sd->state = sd_sendingdata_state;
2d7adea4 897 sd->data_start = addr;
a1bb27b1
PB		 898 sd->data_offset = 0;
899
900 if (sd->data_start + sd->blk_len > sd->size)
901 sd->card_status |= ADDRESS_ERROR;
902 return sd_r1;
903
904 default:
905 break;
906 }
907 break;
908
909 /* Block write commands (Class 4) */
910 case 24: /* CMD24: WRITE_SINGLE_BLOCK */
775616c3
PB		 911 if (sd->spi)
912 goto unimplemented_cmd;
a1bb27b1
PB		 913 switch (sd->state) {
914 case sd_transfer_state:
775616c3
PB		 915 /* Writing in SPI mode not implemented. */
916 if (sd->spi)
917 break;
a1bb27b1 918 sd->state = sd_receivingdata_state;
2d7adea4 919 sd->data_start = addr;
a1bb27b1
PB		 920 sd->data_offset = 0;
921 sd->blk_written = 0;
922
923 if (sd->data_start + sd->blk_len > sd->size)
924 sd->card_status |= ADDRESS_ERROR;
925 if (sd_wp_addr(sd, sd->data_start))
926 sd->card_status |= WP_VIOLATION;
927 if (sd->csd[14] & 0x30)
928 sd->card_status |= WP_VIOLATION;
929 return sd_r1;
930
931 default:
932 break;
933 }
934 break;
935
936 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
775616c3
PB		 937 if (sd->spi)
938 goto unimplemented_cmd;
a1bb27b1
PB		 939 switch (sd->state) {
940 case sd_transfer_state:
775616c3
PB		 941 /* Writing in SPI mode not implemented. */
942 if (sd->spi)
943 break;
a1bb27b1 944 sd->state = sd_receivingdata_state;
2d7adea4 945 sd->data_start = addr;
a1bb27b1
PB		 946 sd->data_offset = 0;
947 sd->blk_written = 0;
948
949 if (sd->data_start + sd->blk_len > sd->size)
950 sd->card_status |= ADDRESS_ERROR;
951 if (sd_wp_addr(sd, sd->data_start))
952 sd->card_status |= WP_VIOLATION;
953 if (sd->csd[14] & 0x30)
954 sd->card_status |= WP_VIOLATION;
955 return sd_r1;
956
957 default:
958 break;
959 }
960 break;
961
962 case 26: /* CMD26: PROGRAM_CID */
775616c3
PB		 963 if (sd->spi)
964 goto bad_cmd;
a1bb27b1
PB		 965 switch (sd->state) {
966 case sd_transfer_state:
967 sd->state = sd_receivingdata_state;
968 sd->data_start = 0;
969 sd->data_offset = 0;
970 return sd_r1;
971
972 default:
973 break;
974 }
975 break;
976
977 case 27: /* CMD27: PROGRAM_CSD */
775616c3
PB		 978 if (sd->spi)
979 goto unimplemented_cmd;
a1bb27b1
PB		 980 switch (sd->state) {
981 case sd_transfer_state:
982 sd->state = sd_receivingdata_state;
983 sd->data_start = 0;
984 sd->data_offset = 0;
985 return sd_r1;
986
987 default:
988 break;
989 }
990 break;
991
992 /* Write protection (Class 6) */
993 case 28: /* CMD28: SET_WRITE_PROT */
994 switch (sd->state) {
995 case sd_transfer_state:
2d7adea4 996 if (addr >= sd->size) {
a1bb27b1
PB		 997 sd->card_status = ADDRESS_ERROR;
998 return sd_r1b;
999 }
1000
1001 sd->state = sd_programming_state;
2d7adea4 1002 sd->wp_groups[addr >> (HWBLOCK_SHIFT +
a1bb27b1
PB		 1003 SECTOR_SHIFT + WPGROUP_SHIFT)] = 1;
1004 /* Bzzzzzzztt .... Operation complete. */
1005 sd->state = sd_transfer_state;
1006 return sd_r1b;
1007
1008 default:
1009 break;
1010 }
1011 break;
1012
1013 case 29: /* CMD29: CLR_WRITE_PROT */
1014 switch (sd->state) {
1015 case sd_transfer_state:
2d7adea4 1016 if (addr >= sd->size) {
a1bb27b1
PB		 1017 sd->card_status = ADDRESS_ERROR;
1018 return sd_r1b;
1019 }
1020
1021 sd->state = sd_programming_state;
2d7adea4 1022 sd->wp_groups[addr >> (HWBLOCK_SHIFT +
a1bb27b1
PB		 1023 SECTOR_SHIFT + WPGROUP_SHIFT)] = 0;
1024 /* Bzzzzzzztt .... Operation complete. */
1025 sd->state = sd_transfer_state;
1026 return sd_r1b;
1027
1028 default:
1029 break;
1030 }
1031 break;
1032
1033 case 30: /* CMD30: SEND_WRITE_PROT */
1034 switch (sd->state) {
1035 case sd_transfer_state:
1036 sd->state = sd_sendingdata_state;
1037 *(uint32_t *) sd->data = sd_wpbits(sd, req.arg);
2d7adea4 1038 sd->data_start = addr;
a1bb27b1
PB		 1039 sd->data_offset = 0;
1040 return sd_r1b;
1041
1042 default:
1043 break;
1044 }
1045 break;
1046
1047 /* Erase commands (Class 5) */
1048 case 32: /* CMD32: ERASE_WR_BLK_START */
1049 switch (sd->state) {
1050 case sd_transfer_state:
1051 sd->erase_start = req.arg;
1052 return sd_r1;
1053
1054 default:
1055 break;
1056 }
1057 break;
1058
1059 case 33: /* CMD33: ERASE_WR_BLK_END */
1060 switch (sd->state) {
1061 case sd_transfer_state:
1062 sd->erase_end = req.arg;
1063 return sd_r1;
1064
1065 default:
1066 break;
1067 }
1068 break;
1069
1070 case 38: /* CMD38: ERASE */
1071 switch (sd->state) {
1072 case sd_transfer_state:
1073 if (sd->csd[14] & 0x30) {
1074 sd->card_status |= WP_VIOLATION;
1075 return sd_r1b;
1076 }
1077
1078 sd->state = sd_programming_state;
1079 sd_erase(sd);
1080 /* Bzzzzzzztt .... Operation complete. */
1081 sd->state = sd_transfer_state;
1082 return sd_r1b;
1083
1084 default:
1085 break;
1086 }
1087 break;
1088
1089 /* Lock card commands (Class 7) */
1090 case 42: /* CMD42: LOCK_UNLOCK */
775616c3
PB		 1091 if (sd->spi)
1092 goto unimplemented_cmd;
a1bb27b1
PB		 1093 switch (sd->state) {
1094 case sd_transfer_state:
1095 sd->state = sd_receivingdata_state;
1096 sd->data_start = 0;
1097 sd->data_offset = 0;
1098 return sd_r1;
1099
1100 default:
1101 break;
1102 }
1103 break;
1104
39e594db
PM		 1105 case 52:
1106 case 53:
1107 /* CMD52, CMD53: reserved for SDIO cards
1108 * (see the SDIO Simplified Specification V2.0)
1109 * Handle as illegal command but do not complain
1110 * on stderr, as some OSes may use these in their
1111 * probing for presence of an SDIO card.
1112 */
1113 sd->card_status |= ILLEGAL_COMMAND;
1114 return sd_r0;
1115
a1bb27b1
PB		 1116 /* Application specific commands (Class 8) */
1117 case 55: /* CMD55: APP_CMD */
1118 if (sd->rca != rca)
1119 return sd_r0;
1120
1121 sd->card_status |= APP_CMD;
1122 return sd_r1;
1123
1124 case 56: /* CMD56: GEN_CMD */
827df9f3 1125 fprintf(stderr, "SD: GEN_CMD 0x%08x\n", req.arg);
a1bb27b1
PB		 1126
1127 switch (sd->state) {
1128 case sd_transfer_state:
1129 sd->data_offset = 0;
1130 if (req.arg & 1)
1131 sd->state = sd_sendingdata_state;
1132 else
1133 sd->state = sd_receivingdata_state;
1134 return sd_r1;
1135
1136 default:
1137 break;
1138 }
1139 break;
1140
1141 default:
775616c3 1142 bad_cmd:
a1bb27b1
PB		 1143 sd->card_status |= ILLEGAL_COMMAND;
1144
827df9f3 1145 fprintf(stderr, "SD: Unknown CMD%i\n", req.cmd);
a1bb27b1 1146 return sd_r0;
775616c3
PB		 1147
1148 unimplemented_cmd:
1149 /* Commands that are recognised but not yet implemented in SPI mode. */
1150 sd->card_status |= ILLEGAL_COMMAND;
827df9f3 1151 fprintf(stderr, "SD: CMD%i not implemented in SPI mode\n", req.cmd);
775616c3 1152 return sd_r0;
a1bb27b1
PB		 1153 }
1154
1155 sd->card_status |= ILLEGAL_COMMAND;
827df9f3 1156 fprintf(stderr, "SD: CMD%i in a wrong state\n", req.cmd);
a1bb27b1
PB		 1157 return sd_r0;
1158}
1159
c227f099 1160static sd_rsp_type_t sd_app_command(SDState *sd,
22ed1d34
BS		 1161 SDRequest req)
1162{
a1bb27b1
PB		 1163 DPRINTF("ACMD%d 0x%08x\n", req.cmd, req.arg);
1164 switch (req.cmd) {
1165 case 6: /* ACMD6: SET_BUS_WIDTH */
1166 switch (sd->state) {
1167 case sd_transfer_state:
1168 sd->sd_status[0] &= 0x3f;
1169 sd->sd_status[0] |= (req.arg & 0x03) << 6;
1170 return sd_r1;
1171
1172 default:
1173 break;
1174 }
1175 break;
1176
1177 case 13: /* ACMD13: SD_STATUS */
1178 switch (sd->state) {
1179 case sd_transfer_state:
fb1ba03a 1180 sd->state = sd_sendingdata_state;
a1bb27b1
PB		 1181 sd->data_start = 0;
1182 sd->data_offset = 0;
1183 return sd_r1;
1184
1185 default:
1186 break;
1187 }
1188 break;
1189
1190 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
1191 switch (sd->state) {
1192 case sd_transfer_state:
1193 *(uint32_t *) sd->data = sd->blk_written;
1194
fb1ba03a 1195 sd->state = sd_sendingdata_state;
a1bb27b1
PB		 1196 sd->data_start = 0;
1197 sd->data_offset = 0;
1198 return sd_r1;
1199
1200 default:
1201 break;
1202 }
1203 break;
1204
1205 case 23: /* ACMD23: SET_WR_BLK_ERASE_COUNT */
1206 switch (sd->state) {
1207 case sd_transfer_state:
1208 return sd_r1;
1209
1210 default:
1211 break;
1212 }
1213 break;
1214
1215 case 41: /* ACMD41: SD_APP_OP_COND */
775616c3
PB		 1216 if (sd->spi) {
1217 /* SEND_OP_CMD */
1218 sd->state = sd_transfer_state;
1219 return sd_r1;
1220 }
a1bb27b1
PB		 1221 switch (sd->state) {
1222 case sd_idle_state:
1223 /* We accept any voltage. 10000 V is nothing. */
1224 if (req.arg)
1225 sd->state = sd_ready_state;
1226
1227 return sd_r3;
1228
1229 default:
1230 break;
1231 }
1232 break;
1233
1234 case 42: /* ACMD42: SET_CLR_CARD_DETECT */
1235 switch (sd->state) {
1236 case sd_transfer_state:
1237 /* Bringing in the 50KOhm pull-up resistor... Done. */
1238 return sd_r1;
1239
1240 default:
1241 break;
1242 }
1243 break;
1244
1245 case 51: /* ACMD51: SEND_SCR */
1246 switch (sd->state) {
1247 case sd_transfer_state:
1248 sd->state = sd_sendingdata_state;
1249 sd->data_start = 0;
1250 sd->data_offset = 0;
1251 return sd_r1;
1252
1253 default:
1254 break;
1255 }
1256 break;
1257
1258 default:
1259 /* Fall back to standard commands. */
1260 sd->card_status &= ~APP_CMD;
1261 return sd_normal_command(sd, req);
1262 }
1263
827df9f3 1264 fprintf(stderr, "SD: ACMD%i in a wrong state\n", req.cmd);
a1bb27b1
PB		 1265 return sd_r0;
1266}
1267
bc24a225 1268int sd_do_command(SDState *sd, SDRequest *req,
a1bb27b1
PB		 1269 uint8_t *response) {
1270 uint32_t last_status = sd->card_status;
c227f099 1271 sd_rsp_type_t rtype;
a1bb27b1
PB		 1272 int rsplen;
1273
03f311ed 1274 if (!sd->bdrv || !bdrv_is_inserted(sd->bdrv) || !sd->enable) {
a1bb27b1
PB		 1275 return 0;
1276 }
1277
1278 if (sd_req_crc_validate(req)) {
1279 sd->card_status &= ~COM_CRC_ERROR;
1280 return 0;
1281 }
1282
1283 sd->card_status &= ~CARD_STATUS_B;
1284 sd_set_status(sd);
1285
1286 if (last_status & CARD_IS_LOCKED)
1287 if (((last_status & APP_CMD) &&
1288 req->cmd == 41) ||
1289 (!(last_status & APP_CMD) &&
1290 (sd_cmd_class[req->cmd] == 0 ||
1291 sd_cmd_class[req->cmd] == 7 ||
1292 req->cmd == 16 || req->cmd == 55))) {
1293 sd->card_status |= ILLEGAL_COMMAND;
827df9f3 1294 fprintf(stderr, "SD: Card is locked\n");
a1bb27b1
PB		 1295 return 0;
1296 }
1297
724d3a8f 1298 if (last_status & APP_CMD) {
a1bb27b1 1299 rtype = sd_app_command(sd, *req);
724d3a8f
AZ		 1300 sd->card_status &= ~APP_CMD;
1301 } else
a1bb27b1
PB		 1302 rtype = sd_normal_command(sd, *req);
1303
1304 sd->current_cmd = req->cmd;
1305
1306 switch (rtype) {
1307 case sd_r1:
1308 case sd_r1b:
1309 sd_response_r1_make(sd, response, last_status);
1310 rsplen = 4;
1311 break;
1312
1313 case sd_r2_i:
1314 memcpy(response, sd->cid, sizeof(sd->cid));
a1bb27b1
PB		 1315 rsplen = 16;
1316 break;
1317
1318 case sd_r2_s:
1319 memcpy(response, sd->csd, sizeof(sd->csd));
a1bb27b1
PB		 1320 rsplen = 16;
1321 break;
1322
1323 case sd_r3:
1324 sd_response_r3_make(sd, response);
1325 rsplen = 4;
1326 break;
1327
1328 case sd_r6:
1329 sd_response_r6_make(sd, response);
1330 rsplen = 4;
1331 break;
1332
1b088995
AZ		 1333 case sd_r7:
1334 sd_response_r7_make(sd, response);
1335 rsplen = 4;
1336 break;
1337
a1bb27b1
PB		 1338 case sd_r0:
1339 default:
1340 rsplen = 0;
1341 break;
1342 }
1343
1344 if (sd->card_status & ILLEGAL_COMMAND)
1345 rsplen = 0;
1346
1347#ifdef DEBUG_SD
1348 if (rsplen) {
1349 int i;
1350 DPRINTF("Response:");
1351 for (i = 0; i < rsplen; i++)
1352 printf(" %02x", response[i]);
1353 printf(" state %d\n", sd->state);
1354 } else {
1355 DPRINTF("No response %d\n", sd->state);
1356 }
1357#endif
1358
1359 return rsplen;
1360}
1361
2d7adea4 1362static void sd_blk_read(SDState *sd, uint64_t addr, uint32_t len)
a1bb27b1 1363{
2d7adea4 1364 uint64_t end = addr + len;
a1bb27b1 1365
2d7adea4
AZ		 1366 DPRINTF("sd_blk_read: addr = 0x%08llx, len = %d\n",
1367 (unsigned long long) addr, len);
33f00271 1368 if (!sd->bdrv || bdrv_read(sd->bdrv, addr >> 9, sd->buf, 1) == -1) {
827df9f3 1369 fprintf(stderr, "sd_blk_read: read error on host side\n");
a1bb27b1
PB		 1370 return;
1371 }
1372
1373 if (end > (addr & ~511) + 512) {
33f00271 1374 memcpy(sd->data, sd->buf + (addr & 511), 512 - (addr & 511));
a1bb27b1 1375
33f00271 1376 if (bdrv_read(sd->bdrv, end >> 9, sd->buf, 1) == -1) {
827df9f3 1377 fprintf(stderr, "sd_blk_read: read error on host side\n");
a1bb27b1
PB		 1378 return;
1379 }
33f00271 1380 memcpy(sd->data + 512 - (addr & 511), sd->buf, end & 511);
a1bb27b1 1381 } else
33f00271 1382 memcpy(sd->data, sd->buf + (addr & 511), len);
a1bb27b1
PB		 1383}
1384
2d7adea4 1385static void sd_blk_write(SDState *sd, uint64_t addr, uint32_t len)
a1bb27b1 1386{
2d7adea4 1387 uint64_t end = addr + len;
a1bb27b1
PB		 1388
1389 if ((addr & 511) || len < 512)
33f00271 1390 if (!sd->bdrv || bdrv_read(sd->bdrv, addr >> 9, sd->buf, 1) == -1) {
827df9f3 1391 fprintf(stderr, "sd_blk_write: read error on host side\n");
a1bb27b1
PB		 1392 return;
1393 }
1394
1395 if (end > (addr & ~511) + 512) {
33f00271
AZ		 1396 memcpy(sd->buf + (addr & 511), sd->data, 512 - (addr & 511));
1397 if (bdrv_write(sd->bdrv, addr >> 9, sd->buf, 1) == -1) {
827df9f3 1398 fprintf(stderr, "sd_blk_write: write error on host side\n");
a1bb27b1
PB		 1399 return;
1400 }
1401
33f00271 1402 if (bdrv_read(sd->bdrv, end >> 9, sd->buf, 1) == -1) {
827df9f3 1403 fprintf(stderr, "sd_blk_write: read error on host side\n");
a1bb27b1
PB		 1404 return;
1405 }
33f00271
AZ		 1406 memcpy(sd->buf, sd->data + 512 - (addr & 511), end & 511);
1407 if (bdrv_write(sd->bdrv, end >> 9, sd->buf, 1) == -1)
827df9f3 1408 fprintf(stderr, "sd_blk_write: write error on host side\n");
a1bb27b1 1409 } else {
33f00271
AZ		 1410 memcpy(sd->buf + (addr & 511), sd->data, len);
1411 if (!sd->bdrv || bdrv_write(sd->bdrv, addr >> 9, sd->buf, 1) == -1)
827df9f3 1412 fprintf(stderr, "sd_blk_write: write error on host side\n");
a1bb27b1
PB		 1413 }
1414}
1415
33f00271
AZ		 1416#define BLK_READ_BLOCK(a, len) sd_blk_read(sd, a, len)
1417#define BLK_WRITE_BLOCK(a, len) sd_blk_write(sd, a, len)
a1bb27b1
PB		 1418#define APP_READ_BLOCK(a, len) memset(sd->data, 0xec, len)
1419#define APP_WRITE_BLOCK(a, len)
1420
1421void sd_write_data(SDState *sd, uint8_t value)
1422{
1423 int i;
1424
827df9f3 1425 if (!sd->bdrv || !bdrv_is_inserted(sd->bdrv) || !sd->enable)
a1bb27b1
PB		 1426 return;
1427
1428 if (sd->state != sd_receivingdata_state) {
827df9f3 1429 fprintf(stderr, "sd_write_data: not in Receiving-Data state\n");
a1bb27b1
PB		 1430 return;
1431 }
1432
1433 if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION))
1434 return;
1435
1436 switch (sd->current_cmd) {
1437 case 24: /* CMD24: WRITE_SINGLE_BLOCK */
1438 sd->data[sd->data_offset ++] = value;
1439 if (sd->data_offset >= sd->blk_len) {
1440 /* TODO: Check CRC before committing */
1441 sd->state = sd_programming_state;
1442 BLK_WRITE_BLOCK(sd->data_start, sd->data_offset);
1443 sd->blk_written ++;
1444 sd->csd[14] |= 0x40;
1445 /* Bzzzzzzztt .... Operation complete. */
1446 sd->state = sd_transfer_state;
1447 }
1448 break;
1449
1450 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
33fa8234
DDAG		 1451 if (sd->data_offset == 0) {
1452 /* Start of the block - lets check the address is valid */
a1bb27b1
PB		 1453 if (sd->data_start + sd->blk_len > sd->size) {
1454 sd->card_status |= ADDRESS_ERROR;
1455 break;
1456 }
1457 if (sd_wp_addr(sd, sd->data_start)) {
1458 sd->card_status |= WP_VIOLATION;
1459 break;
1460 }
33fa8234
DDAG		 1461 }
1462 sd->data[sd->data_offset++] = value;
1463 if (sd->data_offset >= sd->blk_len) {
1464 /* TODO: Check CRC before committing */
1465 sd->state = sd_programming_state;
1466 BLK_WRITE_BLOCK(sd->data_start, sd->data_offset);
1467 sd->blk_written++;
1468 sd->data_start += sd->blk_len;
1469 sd->data_offset = 0;
a1bb27b1
PB		 1470 sd->csd[14] |= 0x40;
1471
1472 /* Bzzzzzzztt .... Operation complete. */
1473 sd->state = sd_receivingdata_state;
1474 }
1475 break;
1476
1477 case 26: /* CMD26: PROGRAM_CID */
1478 sd->data[sd->data_offset ++] = value;
1479 if (sd->data_offset >= sizeof(sd->cid)) {
1480 /* TODO: Check CRC before committing */
1481 sd->state = sd_programming_state;
1482 for (i = 0; i < sizeof(sd->cid); i ++)
1483 if ((sd->cid[i] | 0x00) != sd->data[i])
1484 sd->card_status |= CID_CSD_OVERWRITE;
1485
1486 if (!(sd->card_status & CID_CSD_OVERWRITE))
1487 for (i = 0; i < sizeof(sd->cid); i ++) {
1488 sd->cid[i] |= 0x00;
1489 sd->cid[i] &= sd->data[i];
1490 }
1491 /* Bzzzzzzztt .... Operation complete. */
1492 sd->state = sd_transfer_state;
1493 }
1494 break;
1495
1496 case 27: /* CMD27: PROGRAM_CSD */
1497 sd->data[sd->data_offset ++] = value;
1498 if (sd->data_offset >= sizeof(sd->csd)) {
1499 /* TODO: Check CRC before committing */
1500 sd->state = sd_programming_state;
1501 for (i = 0; i < sizeof(sd->csd); i ++)
1502 if ((sd->csd[i] | sd_csd_rw_mask[i]) !=
1503 (sd->data[i] | sd_csd_rw_mask[i]))
1504 sd->card_status |= CID_CSD_OVERWRITE;
1505
1506 /* Copy flag (OTP) & Permanent write protect */
1507 if (sd->csd[14] & ~sd->data[14] & 0x60)
1508 sd->card_status |= CID_CSD_OVERWRITE;
1509
1510 if (!(sd->card_status & CID_CSD_OVERWRITE))
1511 for (i = 0; i < sizeof(sd->csd); i ++) {
1512 sd->csd[i] |= sd_csd_rw_mask[i];
1513 sd->csd[i] &= sd->data[i];
1514 }
1515 /* Bzzzzzzztt .... Operation complete. */
1516 sd->state = sd_transfer_state;
1517 }
1518 break;
1519
1520 case 42: /* CMD42: LOCK_UNLOCK */
1521 sd->data[sd->data_offset ++] = value;
1522 if (sd->data_offset >= sd->blk_len) {
1523 /* TODO: Check CRC before committing */
1524 sd->state = sd_programming_state;
1525 sd_lock_command(sd);
1526 /* Bzzzzzzztt .... Operation complete. */
1527 sd->state = sd_transfer_state;
1528 }
1529 break;
1530
1531 case 56: /* CMD56: GEN_CMD */
1532 sd->data[sd->data_offset ++] = value;
1533 if (sd->data_offset >= sd->blk_len) {
1534 APP_WRITE_BLOCK(sd->data_start, sd->data_offset);
1535 sd->state = sd_transfer_state;
1536 }
1537 break;
1538
1539 default:
827df9f3 1540 fprintf(stderr, "sd_write_data: unknown command\n");
a1bb27b1
PB		 1541 break;
1542 }
1543}
1544
1545uint8_t sd_read_data(SDState *sd)
1546{
1547 /* TODO: Append CRCs */
1548 uint8_t ret;
2d7adea4 1549 int io_len;
a1bb27b1 1550
827df9f3 1551 if (!sd->bdrv || !bdrv_is_inserted(sd->bdrv) || !sd->enable)
a1bb27b1
PB		 1552 return 0x00;
1553
1554 if (sd->state != sd_sendingdata_state) {
827df9f3 1555 fprintf(stderr, "sd_read_data: not in Sending-Data state\n");
a1bb27b1
PB		 1556 return 0x00;
1557 }
1558
1559 if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION))
1560 return 0x00;
1561
2d7adea4
AZ		 1562 io_len = (sd->ocr & (1 << 30)) ? 512 : sd->blk_len;
1563
a1bb27b1
PB		 1564 switch (sd->current_cmd) {
1565 case 6: /* CMD6: SWITCH_FUNCTION */
1566 ret = sd->data[sd->data_offset ++];
1567
1568 if (sd->data_offset >= 64)
1569 sd->state = sd_transfer_state;
1570 break;
1571
775616c3
PB		 1572 case 9: /* CMD9: SEND_CSD */
1573 case 10: /* CMD10: SEND_CID */
1574 ret = sd->data[sd->data_offset ++];
1575
1576 if (sd->data_offset >= 16)
1577 sd->state = sd_transfer_state;
1578 break;
1579
a1bb27b1
PB		 1580 case 11: /* CMD11: READ_DAT_UNTIL_STOP */
1581 if (sd->data_offset == 0)
2d7adea4 1582 BLK_READ_BLOCK(sd->data_start, io_len);
a1bb27b1
PB		 1583 ret = sd->data[sd->data_offset ++];
1584
2d7adea4
AZ		 1585 if (sd->data_offset >= io_len) {
1586 sd->data_start += io_len;
a1bb27b1 1587 sd->data_offset = 0;
2d7adea4 1588 if (sd->data_start + io_len > sd->size) {
a1bb27b1
PB		 1589 sd->card_status |= ADDRESS_ERROR;
1590 break;
1591 }
1592 }
1593 break;
1594
1595 case 13: /* ACMD13: SD_STATUS */
1596 ret = sd->sd_status[sd->data_offset ++];
1597
1598 if (sd->data_offset >= sizeof(sd->sd_status))
1599 sd->state = sd_transfer_state;
1600 break;
1601
1602 case 17: /* CMD17: READ_SINGLE_BLOCK */
1603 if (sd->data_offset == 0)
2d7adea4 1604 BLK_READ_BLOCK(sd->data_start, io_len);
a1bb27b1
PB		 1605 ret = sd->data[sd->data_offset ++];
1606
2d7adea4 1607 if (sd->data_offset >= io_len)
a1bb27b1
PB		 1608 sd->state = sd_transfer_state;
1609 break;
1610
1611 case 18: /* CMD18: READ_MULTIPLE_BLOCK */
1612 if (sd->data_offset == 0)
2d7adea4 1613 BLK_READ_BLOCK(sd->data_start, io_len);
a1bb27b1
PB		 1614 ret = sd->data[sd->data_offset ++];
1615
2d7adea4
AZ		 1616 if (sd->data_offset >= io_len) {
1617 sd->data_start += io_len;
a1bb27b1 1618 sd->data_offset = 0;
2d7adea4 1619 if (sd->data_start + io_len > sd->size) {
a1bb27b1
PB		 1620 sd->card_status |= ADDRESS_ERROR;
1621 break;
1622 }
1623 }
1624 break;
1625
1626 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
1627 ret = sd->data[sd->data_offset ++];
1628
1629 if (sd->data_offset >= 4)
1630 sd->state = sd_transfer_state;
1631 break;
1632
1633 case 30: /* CMD30: SEND_WRITE_PROT */
1634 ret = sd->data[sd->data_offset ++];
1635
1636 if (sd->data_offset >= 4)
1637 sd->state = sd_transfer_state;
1638 break;
1639
1640 case 51: /* ACMD51: SEND_SCR */
1641 ret = sd->scr[sd->data_offset ++];
1642
1643 if (sd->data_offset >= sizeof(sd->scr))
1644 sd->state = sd_transfer_state;
1645 break;
1646
1647 case 56: /* CMD56: GEN_CMD */
1648 if (sd->data_offset == 0)
1649 APP_READ_BLOCK(sd->data_start, sd->blk_len);
1650 ret = sd->data[sd->data_offset ++];
1651
1652 if (sd->data_offset >= sd->blk_len)
1653 sd->state = sd_transfer_state;
1654 break;
1655
1656 default:
827df9f3 1657 fprintf(stderr, "sd_read_data: unknown command\n");
a1bb27b1
PB		 1658 return 0x00;
1659 }
1660
1661 return ret;
1662}
1663
1664int sd_data_ready(SDState *sd)
1665{
1666 return sd->state == sd_sendingdata_state;
1667}
827df9f3
AZ		 1668
1669void sd_enable(SDState *sd, int enable)
1670{
1671 sd->enable = enable;
1672}
Qemu copy for testing