]> git.proxmox.com Git - qemu.git/blame - hw/sd.c
projects / qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
xen: fix build problem introduced from per-queue peers
[qemu.git] / hw / sd.c
CommitLineData
5fafdf24 1/*
a1bb27b1
PB		 2 * SD Memory Card emulation as defined in the "SD Memory Card Physical
3 * layer specification, Version 1.10."
4 *
5 * Copyright (c) 2006 Andrzej Zaborowski <balrog@zabor.org>
6 * Copyright (c) 2007 CodeSourcery
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in
16 * the documentation and/or other materials provided with the
17 * distribution.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS''
20 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
21 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
22 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR
23 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
24 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
25 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
26 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
27 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
28 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
29 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
30 */
31
87ecb68b 32#include "hw.h"
737e150e 33#include "block/block.h"
a1bb27b1 34#include "sd.h"
1de7afc9 35#include "qemu/bitmap.h"
a1bb27b1
PB		 36
37//#define DEBUG_SD 1
38
39#ifdef DEBUG_SD
001faf32
BS		 40#define DPRINTF(fmt, ...) \
41do { fprintf(stderr, "SD: " fmt , ## __VA_ARGS__); } while (0)
a1bb27b1 42#else
001faf32 43#define DPRINTF(fmt, ...) do {} while(0)
a1bb27b1
PB		 44#endif
45
46typedef enum {
47 sd_r0 = 0, /* no response */
48 sd_r1, /* normal response command */
49 sd_r2_i, /* CID register */
50 sd_r2_s, /* CSD register */
51 sd_r3, /* OCR register */
52 sd_r6 = 6, /* Published RCA response */
1b088995 53 sd_r7, /* Operating voltage */
a1bb27b1 54 sd_r1b = -1,
53bb8cc4 55 sd_illegal = -2,
c227f099 56} sd_rsp_type_t;
a1bb27b1 57
50a5be6c
IM		 58enum SDCardModes {
59 sd_inactive,
60 sd_card_identification_mode,
61 sd_data_transfer_mode,
62};
63
64enum SDCardStates {
65 sd_inactive_state = -1,
66 sd_idle_state = 0,
67 sd_ready_state,
68 sd_identification_state,
69 sd_standby_state,
70 sd_transfer_state,
71 sd_sendingdata_state,
72 sd_receivingdata_state,
73 sd_programming_state,
74 sd_disconnect_state,
75};
76
a1bb27b1 77struct SDState {
50a5be6c
IM		 78 uint32_t mode; /* current card mode, one of SDCardModes */
79 int32_t state; /* current card state, one of SDCardStates */
a1bb27b1
PB		 80 uint32_t ocr;
81 uint8_t scr[8];
82 uint8_t cid[16];
83 uint8_t csd[16];
84 uint16_t rca;
85 uint32_t card_status;
86 uint8_t sd_status[64];
1b088995 87 uint32_t vhs;
bebd1271 88 bool wp_switch;
a9c01830 89 unsigned long *wp_groups;
50a5be6c 90 int32_t wpgrps_size;
2d7adea4 91 uint64_t size;
50a5be6c 92 uint32_t blk_len;
a1bb27b1
PB		 93 uint32_t erase_start;
94 uint32_t erase_end;
95 uint8_t pwd[16];
50a5be6c
IM		 96 uint32_t pwd_len;
97 uint8_t function_group[6];
a1bb27b1 98
bebd1271 99 bool spi;
50a5be6c 100 uint8_t current_cmd;
1d06cb7a
PM		 101 /* True if we will handle the next command as an ACMD. Note that this does
102 * *not* track the APP_CMD status bit!
103 */
bebd1271 104 bool expecting_acmd;
50a5be6c 105 uint32_t blk_written;
2d7adea4 106 uint64_t data_start;
a1bb27b1
PB		 107 uint32_t data_offset;
108 uint8_t data[512];
02ce600c
AZ		 109 qemu_irq readonly_cb;
110 qemu_irq inserted_cb;
a1bb27b1 111 BlockDriverState *bdrv;
33f00271 112 uint8_t *buf;
827df9f3 113
bebd1271 114 bool enable;
a1bb27b1
PB		 115};
116
10a412da 117static void sd_set_mode(SDState *sd)
a1bb27b1
PB		 118{
119 switch (sd->state) {
120 case sd_inactive_state:
121 sd->mode = sd_inactive;
122 break;
123
124 case sd_idle_state:
125 case sd_ready_state:
126 case sd_identification_state:
127 sd->mode = sd_card_identification_mode;
128 break;
129
130 case sd_standby_state:
131 case sd_transfer_state:
132 case sd_sendingdata_state:
133 case sd_receivingdata_state:
134 case sd_programming_state:
135 case sd_disconnect_state:
136 sd->mode = sd_data_transfer_mode;
137 break;
138 }
a1bb27b1
PB		 139}
140
c227f099 141static const sd_cmd_type_t sd_cmd_type[64] = {
a1bb27b1 142 sd_bc, sd_none, sd_bcr, sd_bcr, sd_none, sd_none, sd_none, sd_ac,
1b088995 143 sd_bcr, sd_ac, sd_ac, sd_adtc, sd_ac, sd_ac, sd_none, sd_ac,
a1bb27b1
PB		 144 sd_ac, sd_adtc, sd_adtc, sd_none, sd_none, sd_none, sd_none, sd_none,
145 sd_adtc, sd_adtc, sd_adtc, sd_adtc, sd_ac, sd_ac, sd_adtc, sd_none,
146 sd_ac, sd_ac, sd_none, sd_none, sd_none, sd_none, sd_ac, sd_none,
147 sd_none, sd_none, sd_bc, sd_none, sd_none, sd_none, sd_none, sd_none,
148 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_ac,
149 sd_adtc, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
150};
151
c227f099 152static const sd_cmd_type_t sd_acmd_type[64] = {
a1bb27b1
PB		 153 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_ac, sd_none,
154 sd_none, sd_none, sd_none, sd_none, sd_none, sd_adtc, sd_none, sd_none,
155 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_adtc, sd_ac,
156 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
157 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
158 sd_none, sd_bcr, sd_ac, sd_none, sd_none, sd_none, sd_none, sd_none,
159 sd_none, sd_none, sd_none, sd_adtc, sd_none, sd_none, sd_none, sd_none,
160 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
161};
162
163static const int sd_cmd_class[64] = {
164 0, 0, 0, 0, 0, 9, 10, 0, 0, 0, 0, 1, 0, 0, 0, 0,
165 2, 2, 2, 2, 3, 3, 3, 3, 4, 4, 4, 4, 6, 6, 6, 6,
166 5, 5, 10, 10, 10, 10, 5, 9, 9, 9, 7, 7, 7, 7, 7, 7,
167 7, 7, 10, 7, 9, 9, 9, 8, 8, 10, 8, 8, 8, 8, 8, 8,
168};
169
170static uint8_t sd_crc7(void *message, size_t width)
171{
172 int i, bit;
173 uint8_t shift_reg = 0x00;
174 uint8_t *msg = (uint8_t *) message;
175
176 for (i = 0; i < width; i ++, msg ++)
177 for (bit = 7; bit >= 0; bit --) {
178 shift_reg <<= 1;
179 if ((shift_reg >> 7) ^ ((*msg >> bit) & 1))
180 shift_reg ^= 0x89;
181 }
182
183 return shift_reg;
184}
185
186static uint16_t sd_crc16(void *message, size_t width)
187{
188 int i, bit;
189 uint16_t shift_reg = 0x0000;
190 uint16_t *msg = (uint16_t *) message;
191 width <<= 1;
192
193 for (i = 0; i < width; i ++, msg ++)
194 for (bit = 15; bit >= 0; bit --) {
195 shift_reg <<= 1;
196 if ((shift_reg >> 15) ^ ((*msg >> bit) & 1))
197 shift_reg ^= 0x1011;
198 }
199
200 return shift_reg;
201}
202
203static void sd_set_ocr(SDState *sd)
204{
1b088995 205 /* All voltages OK, card power-up OK, Standard Capacity SD Memory Card */
829ef7b0 206 sd->ocr = 0x80ffff00;
a1bb27b1
PB		 207}
208
209static void sd_set_scr(SDState *sd)
210{
211 sd->scr[0] = 0x00; /* SCR Structure */
212 sd->scr[1] = 0x2f; /* SD Security Support */
213 sd->scr[2] = 0x00;
214 sd->scr[3] = 0x00;
215 sd->scr[4] = 0x00;
216 sd->scr[5] = 0x00;
217 sd->scr[6] = 0x00;
218 sd->scr[7] = 0x00;
219}
220
221#define MID 0xaa
222#define OID "XY"
223#define PNM "QEMU!"
224#define PRV 0x01
225#define MDT_YR 2006
226#define MDT_MON 2
227
228static void sd_set_cid(SDState *sd)
229{
230 sd->cid[0] = MID; /* Fake card manufacturer ID (MID) */
231 sd->cid[1] = OID[0]; /* OEM/Application ID (OID) */
232 sd->cid[2] = OID[1];
233 sd->cid[3] = PNM[0]; /* Fake product name (PNM) */
234 sd->cid[4] = PNM[1];
235 sd->cid[5] = PNM[2];
236 sd->cid[6] = PNM[3];
237 sd->cid[7] = PNM[4];
238 sd->cid[8] = PRV; /* Fake product revision (PRV) */
239 sd->cid[9] = 0xde; /* Fake serial number (PSN) */
240 sd->cid[10] = 0xad;
241 sd->cid[11] = 0xbe;
242 sd->cid[12] = 0xef;
243 sd->cid[13] = 0x00 | /* Manufacture date (MDT) */
244 ((MDT_YR - 2000) / 10);
245 sd->cid[14] = ((MDT_YR % 10) << 4) | MDT_MON;
246 sd->cid[15] = (sd_crc7(sd->cid, 15) << 1) | 1;
247}
248
249#define HWBLOCK_SHIFT 9 /* 512 bytes */
250#define SECTOR_SHIFT 5 /* 16 kilobytes */
251#define WPGROUP_SHIFT 7 /* 2 megs */
252#define CMULT_SHIFT 9 /* 512 times HWBLOCK_SIZE */
a1bb27b1
PB		 253#define WPGROUP_SIZE (1 << (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT))
254
255static const uint8_t sd_csd_rw_mask[16] = {
256 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
257 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xfc, 0xfe,
258};
259
2d7adea4 260static void sd_set_csd(SDState *sd, uint64_t size)
a1bb27b1
PB		 261{
262 uint32_t csize = (size >> (CMULT_SHIFT + HWBLOCK_SHIFT)) - 1;
263 uint32_t sectsize = (1 << (SECTOR_SHIFT + 1)) - 1;
264 uint32_t wpsize = (1 << (WPGROUP_SHIFT + 1)) - 1;
265
2d7adea4
AZ		 266 if (size <= 0x40000000) { /* Standard Capacity SD */
267 sd->csd[0] = 0x00; /* CSD structure */
268 sd->csd[1] = 0x26; /* Data read access-time-1 */
269 sd->csd[2] = 0x00; /* Data read access-time-2 */
270 sd->csd[3] = 0x5a; /* Max. data transfer rate */
271 sd->csd[4] = 0x5f; /* Card Command Classes */
272 sd->csd[5] = 0x50 | /* Max. read data block length */
273 HWBLOCK_SHIFT;
274 sd->csd[6] = 0xe0 | /* Partial block for read allowed */
275 ((csize >> 10) & 0x03);
276 sd->csd[7] = 0x00 | /* Device size */
277 ((csize >> 2) & 0xff);
278 sd->csd[8] = 0x3f | /* Max. read current */
279 ((csize << 6) & 0xc0);
280 sd->csd[9] = 0xfc | /* Max. write current */
281 ((CMULT_SHIFT - 2) >> 1);
282 sd->csd[10] = 0x40 | /* Erase sector size */
283 (((CMULT_SHIFT - 2) << 7) & 0x80) | (sectsize >> 1);
284 sd->csd[11] = 0x00 | /* Write protect group size */
285 ((sectsize << 7) & 0x80) | wpsize;
286 sd->csd[12] = 0x90 | /* Write speed factor */
287 (HWBLOCK_SHIFT >> 2);
288 sd->csd[13] = 0x20 | /* Max. write data block length */
289 ((HWBLOCK_SHIFT << 6) & 0xc0);
290 sd->csd[14] = 0x00; /* File format group */
291 sd->csd[15] = (sd_crc7(sd->csd, 15) << 1) | 1;
292 } else { /* SDHC */
293 size /= 512 * 1024;
294 size -= 1;
295 sd->csd[0] = 0x40;
296 sd->csd[1] = 0x0e;
297 sd->csd[2] = 0x00;
298 sd->csd[3] = 0x32;
299 sd->csd[4] = 0x5b;
300 sd->csd[5] = 0x59;
301 sd->csd[6] = 0x00;
302 sd->csd[7] = (size >> 16) & 0xff;
303 sd->csd[8] = (size >> 8) & 0xff;
304 sd->csd[9] = (size & 0xff);
305 sd->csd[10] = 0x7f;
306 sd->csd[11] = 0x80;
307 sd->csd[12] = 0x0a;
308 sd->csd[13] = 0x40;
309 sd->csd[14] = 0x00;
310 sd->csd[15] = 0x00;
311 sd->ocr |= 1 << 30; /* High Capacity SD Memort Card */
312 }
a1bb27b1
PB		 313}
314
315static void sd_set_rca(SDState *sd)
316{
317 sd->rca += 0x4567;
318}
319
b8d334c8
PM		 320/* Card status bits, split by clear condition:
321 * A : According to the card current state
322 * B : Always related to the previous command
323 * C : Cleared by read
324 */
a1bb27b1
PB		 325#define CARD_STATUS_A 0x02004100
326#define CARD_STATUS_B 0x00c01e00
327#define CARD_STATUS_C 0xfd39a028
328
329static void sd_set_cardstatus(SDState *sd)
330{
331 sd->card_status = 0x00000100;
332}
333
334static void sd_set_sdstatus(SDState *sd)
335{
336 memset(sd->sd_status, 0, 64);
337}
338
bc24a225 339static int sd_req_crc_validate(SDRequest *req)
a1bb27b1
PB		 340{
341 uint8_t buffer[5];
342 buffer[0] = 0x40 | req->cmd;
343 buffer[1] = (req->arg >> 24) & 0xff;
344 buffer[2] = (req->arg >> 16) & 0xff;
345 buffer[3] = (req->arg >> 8) & 0xff;
346 buffer[4] = (req->arg >> 0) & 0xff;
347 return 0;
348 return sd_crc7(buffer, 5) != req->crc; /* TODO */
349}
350
10a412da 351static void sd_response_r1_make(SDState *sd, uint8_t *response)
a1bb27b1 352{
10a412da 353 uint32_t status = sd->card_status;
1d06cb7a
PM		 354 /* Clear the "clear on read" status bits */
355 sd->card_status &= ~CARD_STATUS_C;
a1bb27b1
PB		 356
357 response[0] = (status >> 24) & 0xff;
358 response[1] = (status >> 16) & 0xff;
359 response[2] = (status >> 8) & 0xff;
360 response[3] = (status >> 0) & 0xff;
361}
362
9596ebb7 363static void sd_response_r3_make(SDState *sd, uint8_t *response)
a1bb27b1
PB		 364{
365 response[0] = (sd->ocr >> 24) & 0xff;
366 response[1] = (sd->ocr >> 16) & 0xff;
367 response[2] = (sd->ocr >> 8) & 0xff;
368 response[3] = (sd->ocr >> 0) & 0xff;
369}
370
9596ebb7 371static void sd_response_r6_make(SDState *sd, uint8_t *response)
a1bb27b1
PB		 372{
373 uint16_t arg;
374 uint16_t status;
375
376 arg = sd->rca;
377 status = ((sd->card_status >> 8) & 0xc000) |
378 ((sd->card_status >> 6) & 0x2000) |
379 (sd->card_status & 0x1fff);
fcfa9351 380 sd->card_status &= ~(CARD_STATUS_C & 0xc81fff);
a1bb27b1
PB		 381
382 response[0] = (arg >> 8) & 0xff;
383 response[1] = arg & 0xff;
384 response[2] = (status >> 8) & 0xff;
385 response[3] = status & 0xff;
386}
387
1b088995
AZ		 388static void sd_response_r7_make(SDState *sd, uint8_t *response)
389{
390 response[0] = (sd->vhs >> 24) & 0xff;
391 response[1] = (sd->vhs >> 16) & 0xff;
392 response[2] = (sd->vhs >> 8) & 0xff;
393 response[3] = (sd->vhs >> 0) & 0xff;
394}
395
b7202b88
MI		 396static inline uint64_t sd_addr_to_wpnum(uint64_t addr)
397{
398 return addr >> (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT);
399}
400
a1bb27b1
PB		 401static void sd_reset(SDState *sd, BlockDriverState *bdrv)
402{
2d7adea4 403 uint64_t size;
a1bb27b1
PB		 404 uint64_t sect;
405
03f311ed
PB		 406 if (bdrv) {
407 bdrv_get_geometry(bdrv, &sect);
408 } else {
409 sect = 0;
410 }
5e37141b 411 size = sect << 9;
a1bb27b1 412
b7202b88 413 sect = sd_addr_to_wpnum(size) + 1;
a1bb27b1
PB		 414
415 sd->state = sd_idle_state;
416 sd->rca = 0x0000;
417 sd_set_ocr(sd);
418 sd_set_scr(sd);
419 sd_set_cid(sd);
420 sd_set_csd(sd, size);
421 sd_set_cardstatus(sd);
422 sd_set_sdstatus(sd);
423
424 sd->bdrv = bdrv;
425
257514dd 426 if (sd->wp_groups)
7267c094 427 g_free(sd->wp_groups);
bebd1271 428 sd->wp_switch = bdrv ? bdrv_is_read_only(bdrv) : false;
50a5be6c
IM		 429 sd->wpgrps_size = sect;
430 sd->wp_groups = bitmap_new(sd->wpgrps_size);
431 memset(sd->function_group, 0, sizeof(sd->function_group));
a1bb27b1
PB		 432 sd->erase_start = 0;
433 sd->erase_end = 0;
434 sd->size = size;
435 sd->blk_len = 0x200;
436 sd->pwd_len = 0;
bebd1271 437 sd->expecting_acmd = false;
a1bb27b1
PB		 438}
439
7d4b4ba5 440static void sd_cardchange(void *opaque, bool load)
a1bb27b1
PB		 441{
442 SDState *sd = opaque;
db97ee6a 443
02ce600c 444 qemu_set_irq(sd->inserted_cb, bdrv_is_inserted(sd->bdrv));
a1bb27b1
PB		 445 if (bdrv_is_inserted(sd->bdrv)) {
446 sd_reset(sd, sd->bdrv);
257514dd 447 qemu_set_irq(sd->readonly_cb, sd->wp_switch);
a1bb27b1
PB		 448 }
449}
450
0e49de52 451static const BlockDevOps sd_block_ops = {
145feb17 452 .change_media_cb = sd_cardchange,
0e49de52
MA		 453};
454
50a5be6c
IM		 455static const VMStateDescription sd_vmstate = {
456 .name = "sd-card",
457 .version_id = 1,
458 .minimum_version_id = 1,
459 .fields = (VMStateField[]) {
460 VMSTATE_UINT32(mode, SDState),
461 VMSTATE_INT32(state, SDState),
462 VMSTATE_UINT8_ARRAY(cid, SDState, 16),
463 VMSTATE_UINT8_ARRAY(csd, SDState, 16),
464 VMSTATE_UINT16(rca, SDState),
465 VMSTATE_UINT32(card_status, SDState),
466 VMSTATE_PARTIAL_BUFFER(sd_status, SDState, 1),
467 VMSTATE_UINT32(vhs, SDState),
468 VMSTATE_BITMAP(wp_groups, SDState, 0, wpgrps_size),
469 VMSTATE_UINT32(blk_len, SDState),
470 VMSTATE_UINT32(erase_start, SDState),
471 VMSTATE_UINT32(erase_end, SDState),
472 VMSTATE_UINT8_ARRAY(pwd, SDState, 16),
473 VMSTATE_UINT32(pwd_len, SDState),
474 VMSTATE_UINT8_ARRAY(function_group, SDState, 6),
475 VMSTATE_UINT8(current_cmd, SDState),
476 VMSTATE_BOOL(expecting_acmd, SDState),
477 VMSTATE_UINT32(blk_written, SDState),
478 VMSTATE_UINT64(data_start, SDState),
479 VMSTATE_UINT32(data_offset, SDState),
480 VMSTATE_UINT8_ARRAY(data, SDState, 512),
481 VMSTATE_BUFFER_UNSAFE(buf, SDState, 1, 512),
482 VMSTATE_BOOL(enable, SDState),
483 VMSTATE_END_OF_LIST()
484 }
485};
486
775616c3 487/* We do not model the chip select pin, so allow the board to select
8ef6367e 488 whether card should be in SSI or MMC/SD mode. It is also up to the
775616c3
PB		 489 board to ensure that ssi transfers only occur when the chip select
490 is asserted. */
bebd1271 491SDState *sd_init(BlockDriverState *bs, bool is_spi)
a1bb27b1
PB		 492{
493 SDState *sd;
494
7267c094 495 sd = (SDState *) g_malloc0(sizeof(SDState));
72aef731 496 sd->buf = qemu_blockalign(bs, 512);
775616c3 497 sd->spi = is_spi;
bebd1271 498 sd->enable = true;
a1bb27b1 499 sd_reset(sd, bs);
03f311ed 500 if (sd->bdrv) {
fa879d62 501 bdrv_attach_dev_nofail(sd->bdrv, sd);
0e49de52 502 bdrv_set_dev_ops(sd->bdrv, &sd_block_ops, sd);
03f311ed 503 }
50a5be6c 504 vmstate_register(NULL, -1, &sd_vmstate, sd);
a1bb27b1
PB		 505 return sd;
506}
507
02ce600c 508void sd_set_cb(SDState *sd, qemu_irq readonly, qemu_irq insert)
a1bb27b1 509{
02ce600c
AZ		 510 sd->readonly_cb = readonly;
511 sd->inserted_cb = insert;
0d2e91c1
AJ		 512 qemu_set_irq(readonly, sd->bdrv ? bdrv_is_read_only(sd->bdrv) : 0);
513 qemu_set_irq(insert, sd->bdrv ? bdrv_is_inserted(sd->bdrv) : 0);
a1bb27b1
PB		 514}
515
516static void sd_erase(SDState *sd)
517{
f2d189d3
IM		 518 int i;
519 uint64_t erase_start = sd->erase_start;
520 uint64_t erase_end = sd->erase_end;
521
a1bb27b1
PB		 522 if (!sd->erase_start || !sd->erase_end) {
523 sd->card_status |= ERASE_SEQ_ERROR;
524 return;
525 }
526
f2d189d3
IM		 527 if (extract32(sd->ocr, OCR_CCS_BITN, 1)) {
528 /* High capacity memory card: erase units are 512 byte blocks */
529 erase_start *= 512;
530 erase_end *= 512;
531 }
532
533 erase_start = sd_addr_to_wpnum(erase_start);
534 erase_end = sd_addr_to_wpnum(erase_end);
a1bb27b1
PB		 535 sd->erase_start = 0;
536 sd->erase_end = 0;
537 sd->csd[14] |= 0x40;
538
f2d189d3 539 for (i = erase_start; i <= erase_end; i++) {
a9c01830 540 if (test_bit(i, sd->wp_groups)) {
a1bb27b1 541 sd->card_status |= WP_ERASE_SKIP;
a9c01830
MI		 542 }
543 }
a1bb27b1
PB		 544}
545
2d7adea4 546static uint32_t sd_wpbits(SDState *sd, uint64_t addr)
a1bb27b1
PB		 547{
548 uint32_t i, wpnum;
549 uint32_t ret = 0;
550
b7202b88 551 wpnum = sd_addr_to_wpnum(addr);
a1bb27b1 552
a9c01830
MI		 553 for (i = 0; i < 32; i++, wpnum++, addr += WPGROUP_SIZE) {
554 if (addr < sd->size && test_bit(wpnum, sd->wp_groups)) {
a1bb27b1 555 ret |= (1 << i);
a9c01830
MI		 556 }
557 }
a1bb27b1
PB		 558
559 return ret;
560}
561
562static void sd_function_switch(SDState *sd, uint32_t arg)
563{
564 int i, mode, new_func, crc;
565 mode = !!(arg & 0x80000000);
566
567 sd->data[0] = 0x00; /* Maximum current consumption */
568 sd->data[1] = 0x01;
569 sd->data[2] = 0x80; /* Supported group 6 functions */
570 sd->data[3] = 0x01;
571 sd->data[4] = 0x80; /* Supported group 5 functions */
572 sd->data[5] = 0x01;
573 sd->data[6] = 0x80; /* Supported group 4 functions */
574 sd->data[7] = 0x01;
575 sd->data[8] = 0x80; /* Supported group 3 functions */
576 sd->data[9] = 0x01;
577 sd->data[10] = 0x80; /* Supported group 2 functions */
578 sd->data[11] = 0x43;
579 sd->data[12] = 0x80; /* Supported group 1 functions */
580 sd->data[13] = 0x03;
581 for (i = 0; i < 6; i ++) {
582 new_func = (arg >> (i * 4)) & 0x0f;
583 if (mode && new_func != 0x0f)
584 sd->function_group[i] = new_func;
585 sd->data[14 + (i >> 1)] = new_func << ((i * 4) & 4);
586 }
587 memset(&sd->data[17], 0, 47);
588 crc = sd_crc16(sd->data, 64);
589 sd->data[65] = crc >> 8;
590 sd->data[66] = crc & 0xff;
591}
592
4e8f1be2 593static inline bool sd_wp_addr(SDState *sd, uint64_t addr)
a1bb27b1 594{
b7202b88 595 return test_bit(sd_addr_to_wpnum(addr), sd->wp_groups);
a1bb27b1
PB		 596}
597
598static void sd_lock_command(SDState *sd)
599{
600 int erase, lock, clr_pwd, set_pwd, pwd_len;
601 erase = !!(sd->data[0] & 0x08);
602 lock = sd->data[0] & 0x04;
603 clr_pwd = sd->data[0] & 0x02;
604 set_pwd = sd->data[0] & 0x01;
605
606 if (sd->blk_len > 1)
607 pwd_len = sd->data[1];
608 else
609 pwd_len = 0;
610
611 if (erase) {
612 if (!(sd->card_status & CARD_IS_LOCKED) || sd->blk_len > 1 ||
613 set_pwd || clr_pwd || lock || sd->wp_switch ||
614 (sd->csd[14] & 0x20)) {
615 sd->card_status |= LOCK_UNLOCK_FAILED;
616 return;
617 }
50a5be6c 618 bitmap_zero(sd->wp_groups, sd->wpgrps_size);
a1bb27b1
PB		 619 sd->csd[14] &= ~0x10;
620 sd->card_status &= ~CARD_IS_LOCKED;
621 sd->pwd_len = 0;
622 /* Erasing the entire card here! */
827df9f3 623 fprintf(stderr, "SD: Card force-erased by CMD42\n");
a1bb27b1
PB		 624 return;
625 }
626
627 if (sd->blk_len < 2 + pwd_len ||
628 pwd_len <= sd->pwd_len ||
629 pwd_len > sd->pwd_len + 16) {
630 sd->card_status |= LOCK_UNLOCK_FAILED;
631 return;
632 }
633
634 if (sd->pwd_len && memcmp(sd->pwd, sd->data + 2, sd->pwd_len)) {
635 sd->card_status |= LOCK_UNLOCK_FAILED;
636 return;
637 }
638
639 pwd_len -= sd->pwd_len;
640 if ((pwd_len && !set_pwd) ||
641 (clr_pwd && (set_pwd || lock)) ||
642 (lock && !sd->pwd_len && !set_pwd) ||
643 (!set_pwd && !clr_pwd &&
644 (((sd->card_status & CARD_IS_LOCKED) && lock) ||
645 (!(sd->card_status & CARD_IS_LOCKED) && !lock)))) {
646 sd->card_status |= LOCK_UNLOCK_FAILED;
647 return;
648 }
649
650 if (set_pwd) {
651 memcpy(sd->pwd, sd->data + 2 + sd->pwd_len, pwd_len);
652 sd->pwd_len = pwd_len;
653 }
654
655 if (clr_pwd) {
656 sd->pwd_len = 0;
657 }
658
659 if (lock)
660 sd->card_status |= CARD_IS_LOCKED;
661 else
662 sd->card_status &= ~CARD_IS_LOCKED;
663}
664
c227f099 665static sd_rsp_type_t sd_normal_command(SDState *sd,
bc24a225 666 SDRequest req)
a1bb27b1
PB		 667{
668 uint32_t rca = 0x0000;
2d7adea4 669 uint64_t addr = (sd->ocr & (1 << 30)) ? (uint64_t) req.arg << 9 : req.arg;
a1bb27b1 670
1d06cb7a
PM		 671 /* Not interpreting this as an app command */
672 sd->card_status &= ~APP_CMD;
673
a1bb27b1
PB		 674 if (sd_cmd_type[req.cmd] == sd_ac || sd_cmd_type[req.cmd] == sd_adtc)
675 rca = req.arg >> 16;
676
677 DPRINTF("CMD%d 0x%08x state %d\n", req.cmd, req.arg, sd->state);
678 switch (req.cmd) {
679 /* Basic commands (Class 0 and Class 1) */
680 case 0: /* CMD0: GO_IDLE_STATE */
681 switch (sd->state) {
682 case sd_inactive_state:
775616c3 683 return sd->spi ? sd_r1 : sd_r0;
a1bb27b1
PB		 684
685 default:
686 sd->state = sd_idle_state;
687 sd_reset(sd, sd->bdrv);
775616c3 688 return sd->spi ? sd_r1 : sd_r0;
a1bb27b1
PB		 689 }
690 break;
691
775616c3
PB		 692 case 1: /* CMD1: SEND_OP_CMD */
693 if (!sd->spi)
694 goto bad_cmd;
695
696 sd->state = sd_transfer_state;
697 return sd_r1;
698
a1bb27b1 699 case 2: /* CMD2: ALL_SEND_CID */
775616c3
PB		 700 if (sd->spi)
701 goto bad_cmd;
a1bb27b1
PB		 702 switch (sd->state) {
703 case sd_ready_state:
704 sd->state = sd_identification_state;
705 return sd_r2_i;
706
707 default:
708 break;
709 }
710 break;
711
712 case 3: /* CMD3: SEND_RELATIVE_ADDR */
775616c3
PB		 713 if (sd->spi)
714 goto bad_cmd;
a1bb27b1
PB		 715 switch (sd->state) {
716 case sd_identification_state:
717 case sd_standby_state:
718 sd->state = sd_standby_state;
719 sd_set_rca(sd);
720 return sd_r6;
721
722 default:
723 break;
724 }
725 break;
726
727 case 4: /* CMD4: SEND_DSR */
775616c3
PB		 728 if (sd->spi)
729 goto bad_cmd;
a1bb27b1
PB		 730 switch (sd->state) {
731 case sd_standby_state:
732 break;
733
734 default:
735 break;
736 }
737 break;
738
109ac32f 739 case 5: /* CMD5: reserved for SDIO cards */
53bb8cc4 740 return sd_illegal;
109ac32f 741
a1bb27b1 742 case 6: /* CMD6: SWITCH_FUNCTION */
775616c3
PB		 743 if (sd->spi)
744 goto bad_cmd;
a1bb27b1
PB		 745 switch (sd->mode) {
746 case sd_data_transfer_mode:
747 sd_function_switch(sd, req.arg);
748 sd->state = sd_sendingdata_state;
749 sd->data_start = 0;
750 sd->data_offset = 0;
751 return sd_r1;
752
753 default:
754 break;
755 }
756 break;
757
758 case 7: /* CMD7: SELECT/DESELECT_CARD */
775616c3
PB		 759 if (sd->spi)
760 goto bad_cmd;
a1bb27b1
PB		 761 switch (sd->state) {
762 case sd_standby_state:
763 if (sd->rca != rca)
764 return sd_r0;
765
766 sd->state = sd_transfer_state;
767 return sd_r1b;
768
769 case sd_transfer_state:
770 case sd_sendingdata_state:
771 if (sd->rca == rca)
772 break;
773
774 sd->state = sd_standby_state;
775 return sd_r1b;
776
777 case sd_disconnect_state:
778 if (sd->rca != rca)
779 return sd_r0;
780
781 sd->state = sd_programming_state;
782 return sd_r1b;
783
784 case sd_programming_state:
785 if (sd->rca == rca)
786 break;
787
788 sd->state = sd_disconnect_state;
789 return sd_r1b;
790
791 default:
792 break;
793 }
794 break;
795
1b088995
AZ		 796 case 8: /* CMD8: SEND_IF_COND */
797 /* Physical Layer Specification Version 2.00 command */
798 switch (sd->state) {
799 case sd_idle_state:
800 sd->vhs = 0;
801
802 /* No response if not exactly one VHS bit is set. */
803 if (!(req.arg >> 8) || (req.arg >> ffs(req.arg & ~0xff)))
804 return sd->spi ? sd_r7 : sd_r0;
805
806 /* Accept. */
807 sd->vhs = req.arg;
808 return sd_r7;
809
810 default:
811 break;
812 }
813 break;
814
a1bb27b1
PB		 815 case 9: /* CMD9: SEND_CSD */
816 switch (sd->state) {
817 case sd_standby_state:
818 if (sd->rca != rca)
819 return sd_r0;
820
821 return sd_r2_s;
822
775616c3
PB		 823 case sd_transfer_state:
824 if (!sd->spi)
825 break;
826 sd->state = sd_sendingdata_state;
827 memcpy(sd->data, sd->csd, 16);
2d7adea4 828 sd->data_start = addr;
775616c3
PB		 829 sd->data_offset = 0;
830 return sd_r1;
831
a1bb27b1
PB		 832 default:
833 break;
834 }
835 break;
836
837 case 10: /* CMD10: SEND_CID */
838 switch (sd->state) {
839 case sd_standby_state:
840 if (sd->rca != rca)
841 return sd_r0;
842
843 return sd_r2_i;
844
775616c3
PB		 845 case sd_transfer_state:
846 if (!sd->spi)
847 break;
848 sd->state = sd_sendingdata_state;
849 memcpy(sd->data, sd->cid, 16);
2d7adea4 850 sd->data_start = addr;
775616c3
PB		 851 sd->data_offset = 0;
852 return sd_r1;
853
a1bb27b1
PB		 854 default:
855 break;
856 }
857 break;
858
859 case 11: /* CMD11: READ_DAT_UNTIL_STOP */
775616c3
PB		 860 if (sd->spi)
861 goto bad_cmd;
a1bb27b1
PB		 862 switch (sd->state) {
863 case sd_transfer_state:
864 sd->state = sd_sendingdata_state;
865 sd->data_start = req.arg;
866 sd->data_offset = 0;
867
868 if (sd->data_start + sd->blk_len > sd->size)
869 sd->card_status |= ADDRESS_ERROR;
870 return sd_r0;
871
872 default:
873 break;
874 }
875 break;
876
877 case 12: /* CMD12: STOP_TRANSMISSION */
878 switch (sd->state) {
879 case sd_sendingdata_state:
880 sd->state = sd_transfer_state;
881 return sd_r1b;
882
883 case sd_receivingdata_state:
884 sd->state = sd_programming_state;
885 /* Bzzzzzzztt .... Operation complete. */
886 sd->state = sd_transfer_state;
887 return sd_r1b;
888
889 default:
890 break;
891 }
892 break;
893
894 case 13: /* CMD13: SEND_STATUS */
895 switch (sd->mode) {
896 case sd_data_transfer_mode:
897 if (sd->rca != rca)
898 return sd_r0;
899
900 return sd_r1;
901
902 default:
903 break;
904 }
905 break;
906
907 case 15: /* CMD15: GO_INACTIVE_STATE */
775616c3
PB		 908 if (sd->spi)
909 goto bad_cmd;
a1bb27b1
PB		 910 switch (sd->mode) {
911 case sd_data_transfer_mode:
912 if (sd->rca != rca)
913 return sd_r0;
914
915 sd->state = sd_inactive_state;
916 return sd_r0;
917
918 default:
919 break;
920 }
921 break;
922
923 /* Block read commands (Classs 2) */
924 case 16: /* CMD16: SET_BLOCKLEN */
925 switch (sd->state) {
926 case sd_transfer_state:
927 if (req.arg > (1 << HWBLOCK_SHIFT))
928 sd->card_status |= BLOCK_LEN_ERROR;
929 else
930 sd->blk_len = req.arg;
931
932 return sd_r1;
933
934 default:
935 break;
936 }
937 break;
938
939 case 17: /* CMD17: READ_SINGLE_BLOCK */
940 switch (sd->state) {
941 case sd_transfer_state:
942 sd->state = sd_sendingdata_state;
2d7adea4 943 sd->data_start = addr;
a1bb27b1
PB		 944 sd->data_offset = 0;
945
946 if (sd->data_start + sd->blk_len > sd->size)
947 sd->card_status |= ADDRESS_ERROR;
948 return sd_r1;
949
950 default:
951 break;
952 }
953 break;
954
955 case 18: /* CMD18: READ_MULTIPLE_BLOCK */
956 switch (sd->state) {
957 case sd_transfer_state:
958 sd->state = sd_sendingdata_state;
2d7adea4 959 sd->data_start = addr;
a1bb27b1
PB		 960 sd->data_offset = 0;
961
962 if (sd->data_start + sd->blk_len > sd->size)
963 sd->card_status |= ADDRESS_ERROR;
964 return sd_r1;
965
966 default:
967 break;
968 }
969 break;
970
971 /* Block write commands (Class 4) */
972 case 24: /* CMD24: WRITE_SINGLE_BLOCK */
775616c3
PB		 973 if (sd->spi)
974 goto unimplemented_cmd;
a1bb27b1
PB		 975 switch (sd->state) {
976 case sd_transfer_state:
775616c3
PB		 977 /* Writing in SPI mode not implemented. */
978 if (sd->spi)
979 break;
a1bb27b1 980 sd->state = sd_receivingdata_state;
2d7adea4 981 sd->data_start = addr;
a1bb27b1
PB		 982 sd->data_offset = 0;
983 sd->blk_written = 0;
984
985 if (sd->data_start + sd->blk_len > sd->size)
986 sd->card_status |= ADDRESS_ERROR;
987 if (sd_wp_addr(sd, sd->data_start))
988 sd->card_status |= WP_VIOLATION;
989 if (sd->csd[14] & 0x30)
990 sd->card_status |= WP_VIOLATION;
991 return sd_r1;
992
993 default:
994 break;
995 }
996 break;
997
998 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
775616c3
PB		 999 if (sd->spi)
1000 goto unimplemented_cmd;
a1bb27b1
PB		 1001 switch (sd->state) {
1002 case sd_transfer_state:
775616c3
PB		 1003 /* Writing in SPI mode not implemented. */
1004 if (sd->spi)
1005 break;
a1bb27b1 1006 sd->state = sd_receivingdata_state;
2d7adea4 1007 sd->data_start = addr;
a1bb27b1
PB		 1008 sd->data_offset = 0;
1009 sd->blk_written = 0;
1010
1011 if (sd->data_start + sd->blk_len > sd->size)
1012 sd->card_status |= ADDRESS_ERROR;
1013 if (sd_wp_addr(sd, sd->data_start))
1014 sd->card_status |= WP_VIOLATION;
1015 if (sd->csd[14] & 0x30)
1016 sd->card_status |= WP_VIOLATION;
1017 return sd_r1;
1018
1019 default:
1020 break;
1021 }
1022 break;
1023
1024 case 26: /* CMD26: PROGRAM_CID */
775616c3
PB		 1025 if (sd->spi)
1026 goto bad_cmd;
a1bb27b1
PB		 1027 switch (sd->state) {
1028 case sd_transfer_state:
1029 sd->state = sd_receivingdata_state;
1030 sd->data_start = 0;
1031 sd->data_offset = 0;
1032 return sd_r1;
1033
1034 default:
1035 break;
1036 }
1037 break;
1038
1039 case 27: /* CMD27: PROGRAM_CSD */
775616c3
PB		 1040 if (sd->spi)
1041 goto unimplemented_cmd;
a1bb27b1
PB		 1042 switch (sd->state) {
1043 case sd_transfer_state:
1044 sd->state = sd_receivingdata_state;
1045 sd->data_start = 0;
1046 sd->data_offset = 0;
1047 return sd_r1;
1048
1049 default:
1050 break;
1051 }
1052 break;
1053
1054 /* Write protection (Class 6) */
1055 case 28: /* CMD28: SET_WRITE_PROT */
1056 switch (sd->state) {
1057 case sd_transfer_state:
2d7adea4 1058 if (addr >= sd->size) {
e30d5938 1059 sd->card_status |= ADDRESS_ERROR;
a1bb27b1
PB		 1060 return sd_r1b;
1061 }
1062
1063 sd->state = sd_programming_state;
b7202b88 1064 set_bit(sd_addr_to_wpnum(addr), sd->wp_groups);
a1bb27b1
PB		 1065 /* Bzzzzzzztt .... Operation complete. */
1066 sd->state = sd_transfer_state;
1067 return sd_r1b;
1068
1069 default:
1070 break;
1071 }
1072 break;
1073
1074 case 29: /* CMD29: CLR_WRITE_PROT */
1075 switch (sd->state) {
1076 case sd_transfer_state:
2d7adea4 1077 if (addr >= sd->size) {
e30d5938 1078 sd->card_status |= ADDRESS_ERROR;
a1bb27b1
PB		 1079 return sd_r1b;
1080 }
1081
1082 sd->state = sd_programming_state;
b7202b88 1083 clear_bit(sd_addr_to_wpnum(addr), sd->wp_groups);
a1bb27b1
PB		 1084 /* Bzzzzzzztt .... Operation complete. */
1085 sd->state = sd_transfer_state;
1086 return sd_r1b;
1087
1088 default:
1089 break;
1090 }
1091 break;
1092
1093 case 30: /* CMD30: SEND_WRITE_PROT */
1094 switch (sd->state) {
1095 case sd_transfer_state:
1096 sd->state = sd_sendingdata_state;
1097 *(uint32_t *) sd->data = sd_wpbits(sd, req.arg);
2d7adea4 1098 sd->data_start = addr;
a1bb27b1
PB		 1099 sd->data_offset = 0;
1100 return sd_r1b;
1101
1102 default:
1103 break;
1104 }
1105 break;
1106
1107 /* Erase commands (Class 5) */
1108 case 32: /* CMD32: ERASE_WR_BLK_START */
1109 switch (sd->state) {
1110 case sd_transfer_state:
1111 sd->erase_start = req.arg;
1112 return sd_r1;
1113
1114 default:
1115 break;
1116 }
1117 break;
1118
1119 case 33: /* CMD33: ERASE_WR_BLK_END */
1120 switch (sd->state) {
1121 case sd_transfer_state:
1122 sd->erase_end = req.arg;
1123 return sd_r1;
1124
1125 default:
1126 break;
1127 }
1128 break;
1129
1130 case 38: /* CMD38: ERASE */
1131 switch (sd->state) {
1132 case sd_transfer_state:
1133 if (sd->csd[14] & 0x30) {
1134 sd->card_status |= WP_VIOLATION;
1135 return sd_r1b;
1136 }
1137
1138 sd->state = sd_programming_state;
1139 sd_erase(sd);
1140 /* Bzzzzzzztt .... Operation complete. */
1141 sd->state = sd_transfer_state;
1142 return sd_r1b;
1143
1144 default:
1145 break;
1146 }
1147 break;
1148
1149 /* Lock card commands (Class 7) */
1150 case 42: /* CMD42: LOCK_UNLOCK */
775616c3
PB		 1151 if (sd->spi)
1152 goto unimplemented_cmd;
a1bb27b1
PB		 1153 switch (sd->state) {
1154 case sd_transfer_state:
1155 sd->state = sd_receivingdata_state;
1156 sd->data_start = 0;
1157 sd->data_offset = 0;
1158 return sd_r1;
1159
1160 default:
1161 break;
1162 }
1163 break;
1164
39e594db
PM		 1165 case 52:
1166 case 53:
1167 /* CMD52, CMD53: reserved for SDIO cards
1168 * (see the SDIO Simplified Specification V2.0)
1169 * Handle as illegal command but do not complain
1170 * on stderr, as some OSes may use these in their
1171 * probing for presence of an SDIO card.
1172 */
53bb8cc4 1173 return sd_illegal;
39e594db 1174
a1bb27b1
PB		 1175 /* Application specific commands (Class 8) */
1176 case 55: /* CMD55: APP_CMD */
1177 if (sd->rca != rca)
1178 return sd_r0;
1179
bebd1271 1180 sd->expecting_acmd = true;
a1bb27b1
PB		 1181 sd->card_status |= APP_CMD;
1182 return sd_r1;
1183
1184 case 56: /* CMD56: GEN_CMD */
827df9f3 1185 fprintf(stderr, "SD: GEN_CMD 0x%08x\n", req.arg);
a1bb27b1
PB		 1186
1187 switch (sd->state) {
1188 case sd_transfer_state:
1189 sd->data_offset = 0;
1190 if (req.arg & 1)
1191 sd->state = sd_sendingdata_state;
1192 else
1193 sd->state = sd_receivingdata_state;
1194 return sd_r1;
1195
1196 default:
1197 break;
1198 }
1199 break;
1200
1201 default:
775616c3 1202 bad_cmd:
827df9f3 1203 fprintf(stderr, "SD: Unknown CMD%i\n", req.cmd);
53bb8cc4 1204 return sd_illegal;
775616c3
PB		 1205
1206 unimplemented_cmd:
1207 /* Commands that are recognised but not yet implemented in SPI mode. */
827df9f3 1208 fprintf(stderr, "SD: CMD%i not implemented in SPI mode\n", req.cmd);
53bb8cc4 1209 return sd_illegal;
a1bb27b1
PB		 1210 }
1211
827df9f3 1212 fprintf(stderr, "SD: CMD%i in a wrong state\n", req.cmd);
53bb8cc4 1213 return sd_illegal;
a1bb27b1
PB		 1214}
1215
c227f099 1216static sd_rsp_type_t sd_app_command(SDState *sd,
22ed1d34
BS		 1217 SDRequest req)
1218{
a1bb27b1 1219 DPRINTF("ACMD%d 0x%08x\n", req.cmd, req.arg);
1d06cb7a 1220 sd->card_status |= APP_CMD;
a1bb27b1
PB		 1221 switch (req.cmd) {
1222 case 6: /* ACMD6: SET_BUS_WIDTH */
1223 switch (sd->state) {
1224 case sd_transfer_state:
1225 sd->sd_status[0] &= 0x3f;
1226 sd->sd_status[0] |= (req.arg & 0x03) << 6;
1227 return sd_r1;
1228
1229 default:
1230 break;
1231 }
1232 break;
1233
1234 case 13: /* ACMD13: SD_STATUS */
1235 switch (sd->state) {
1236 case sd_transfer_state:
fb1ba03a 1237 sd->state = sd_sendingdata_state;
a1bb27b1
PB		 1238 sd->data_start = 0;
1239 sd->data_offset = 0;
1240 return sd_r1;
1241
1242 default:
1243 break;
1244 }
1245 break;
1246
1247 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
1248 switch (sd->state) {
1249 case sd_transfer_state:
1250 *(uint32_t *) sd->data = sd->blk_written;
1251
fb1ba03a 1252 sd->state = sd_sendingdata_state;
a1bb27b1
PB		 1253 sd->data_start = 0;
1254 sd->data_offset = 0;
1255 return sd_r1;
1256
1257 default:
1258 break;
1259 }
1260 break;
1261
1262 case 23: /* ACMD23: SET_WR_BLK_ERASE_COUNT */
1263 switch (sd->state) {
1264 case sd_transfer_state:
1265 return sd_r1;
1266
1267 default:
1268 break;
1269 }
1270 break;
1271
1272 case 41: /* ACMD41: SD_APP_OP_COND */
775616c3
PB		 1273 if (sd->spi) {
1274 /* SEND_OP_CMD */
1275 sd->state = sd_transfer_state;
1276 return sd_r1;
1277 }
a1bb27b1
PB		 1278 switch (sd->state) {
1279 case sd_idle_state:
1280 /* We accept any voltage. 10000 V is nothing. */
1281 if (req.arg)
1282 sd->state = sd_ready_state;
1283
1284 return sd_r3;
1285
1286 default:
1287 break;
1288 }
1289 break;
1290
1291 case 42: /* ACMD42: SET_CLR_CARD_DETECT */
1292 switch (sd->state) {
1293 case sd_transfer_state:
1294 /* Bringing in the 50KOhm pull-up resistor... Done. */
1295 return sd_r1;
1296
1297 default:
1298 break;
1299 }
1300 break;
1301
1302 case 51: /* ACMD51: SEND_SCR */
1303 switch (sd->state) {
1304 case sd_transfer_state:
1305 sd->state = sd_sendingdata_state;
1306 sd->data_start = 0;
1307 sd->data_offset = 0;
1308 return sd_r1;
1309
1310 default:
1311 break;
1312 }
1313 break;
1314
1315 default:
1316 /* Fall back to standard commands. */
a1bb27b1
PB		 1317 return sd_normal_command(sd, req);
1318 }
1319
827df9f3 1320 fprintf(stderr, "SD: ACMD%i in a wrong state\n", req.cmd);
5b08bfe2 1321 return sd_illegal;
a1bb27b1
PB		 1322}
1323
25881d33
PM		 1324static int cmd_valid_while_locked(SDState *sd, SDRequest *req)
1325{
1326 /* Valid commands in locked state:
1327 * basic class (0)
1328 * lock card class (7)
1329 * CMD16
1330 * implicitly, the ACMD prefix CMD55
1331 * ACMD41 and ACMD42
1332 * Anything else provokes an "illegal command" response.
1333 */
1d06cb7a 1334 if (sd->expecting_acmd) {
25881d33
PM		 1335 return req->cmd == 41 || req->cmd == 42;
1336 }
1337 if (req->cmd == 16 || req->cmd == 55) {
1338 return 1;
1339 }
1340 return sd_cmd_class[req->cmd] == 0 || sd_cmd_class[req->cmd] == 7;
1341}
1342
bc24a225 1343int sd_do_command(SDState *sd, SDRequest *req,
a1bb27b1 1344 uint8_t *response) {
10a412da 1345 int last_state;
c227f099 1346 sd_rsp_type_t rtype;
a1bb27b1
PB		 1347 int rsplen;
1348
03f311ed 1349 if (!sd->bdrv || !bdrv_is_inserted(sd->bdrv) || !sd->enable) {
a1bb27b1
PB		 1350 return 0;
1351 }
1352
1353 if (sd_req_crc_validate(req)) {
abda1f37 1354 sd->card_status |= COM_CRC_ERROR;
b1f517ed
PM		 1355 rtype = sd_illegal;
1356 goto send_response;
a1bb27b1
PB		 1357 }
1358
10a412da 1359 if (sd->card_status & CARD_IS_LOCKED) {
25881d33 1360 if (!cmd_valid_while_locked(sd, req)) {
a1bb27b1 1361 sd->card_status |= ILLEGAL_COMMAND;
bebd1271 1362 sd->expecting_acmd = false;
827df9f3 1363 fprintf(stderr, "SD: Card is locked\n");
b1f517ed
PM		 1364 rtype = sd_illegal;
1365 goto send_response;
a1bb27b1 1366 }
25881d33 1367 }
a1bb27b1 1368
10a412da
PM		 1369 last_state = sd->state;
1370 sd_set_mode(sd);
1371
1d06cb7a 1372 if (sd->expecting_acmd) {
bebd1271 1373 sd->expecting_acmd = false;
a1bb27b1 1374 rtype = sd_app_command(sd, *req);
1d06cb7a 1375 } else {
a1bb27b1 1376 rtype = sd_normal_command(sd, *req);
1d06cb7a 1377 }
a1bb27b1 1378
53bb8cc4
PM		 1379 if (rtype == sd_illegal) {
1380 sd->card_status |= ILLEGAL_COMMAND;
10a412da
PM		 1381 } else {
1382 /* Valid command, we can update the 'state before command' bits.
1383 * (Do this now so they appear in r1 responses.)
1384 */
1385 sd->current_cmd = req->cmd;
1386 sd->card_status &= ~CURRENT_STATE;
1387 sd->card_status |= (last_state << 9);
53bb8cc4
PM		 1388 }
1389
b1f517ed 1390send_response:
a1bb27b1
PB		 1391 switch (rtype) {
1392 case sd_r1:
1393 case sd_r1b:
10a412da 1394 sd_response_r1_make(sd, response);
a1bb27b1
PB		 1395 rsplen = 4;
1396 break;
1397
1398 case sd_r2_i:
1399 memcpy(response, sd->cid, sizeof(sd->cid));
a1bb27b1
PB		 1400 rsplen = 16;
1401 break;
1402
1403 case sd_r2_s:
1404 memcpy(response, sd->csd, sizeof(sd->csd));
a1bb27b1
PB		 1405 rsplen = 16;
1406 break;
1407
1408 case sd_r3:
1409 sd_response_r3_make(sd, response);
1410 rsplen = 4;
1411 break;
1412
1413 case sd_r6:
1414 sd_response_r6_make(sd, response);
1415 rsplen = 4;
1416 break;
1417
1b088995
AZ		 1418 case sd_r7:
1419 sd_response_r7_make(sd, response);
1420 rsplen = 4;
1421 break;
1422
a1bb27b1 1423 case sd_r0:
53bb8cc4 1424 case sd_illegal:
a1bb27b1
PB		 1425 default:
1426 rsplen = 0;
1427 break;
1428 }
1429
10a412da
PM		 1430 if (rtype != sd_illegal) {
1431 /* Clear the "clear on valid command" status bits now we've
1432 * sent any response
1433 */
1434 sd->card_status &= ~CARD_STATUS_B;
1435 }
1436
a1bb27b1
PB		 1437#ifdef DEBUG_SD
1438 if (rsplen) {
1439 int i;
1440 DPRINTF("Response:");
1441 for (i = 0; i < rsplen; i++)
038d3d44
PC		 1442 fprintf(stderr, " %02x", response[i]);
1443 fprintf(stderr, " state %d\n", sd->state);
a1bb27b1
PB		 1444 } else {
1445 DPRINTF("No response %d\n", sd->state);
1446 }
1447#endif
1448
1449 return rsplen;
1450}
1451
2d7adea4 1452static void sd_blk_read(SDState *sd, uint64_t addr, uint32_t len)
a1bb27b1 1453{
2d7adea4 1454 uint64_t end = addr + len;
a1bb27b1 1455
2d7adea4
AZ		 1456 DPRINTF("sd_blk_read: addr = 0x%08llx, len = %d\n",
1457 (unsigned long long) addr, len);
7a608f56 1458 if (!sd->bdrv || bdrv_read(sd->bdrv, addr >> 9, sd->buf, 1) < 0) {
827df9f3 1459 fprintf(stderr, "sd_blk_read: read error on host side\n");
a1bb27b1
PB		 1460 return;
1461 }
1462
1463 if (end > (addr & ~511) + 512) {
33f00271 1464 memcpy(sd->data, sd->buf + (addr & 511), 512 - (addr & 511));
a1bb27b1 1465
7a608f56 1466 if (bdrv_read(sd->bdrv, end >> 9, sd->buf, 1) < 0) {
827df9f3 1467 fprintf(stderr, "sd_blk_read: read error on host side\n");
a1bb27b1
PB		 1468 return;
1469 }
33f00271 1470 memcpy(sd->data + 512 - (addr & 511), sd->buf, end & 511);
a1bb27b1 1471 } else
33f00271 1472 memcpy(sd->data, sd->buf + (addr & 511), len);
a1bb27b1
PB		 1473}
1474
2d7adea4 1475static void sd_blk_write(SDState *sd, uint64_t addr, uint32_t len)
a1bb27b1 1476{
2d7adea4 1477 uint64_t end = addr + len;
a1bb27b1
PB		 1478
1479 if ((addr & 511) || len < 512)
7a608f56 1480 if (!sd->bdrv || bdrv_read(sd->bdrv, addr >> 9, sd->buf, 1) < 0) {
827df9f3 1481 fprintf(stderr, "sd_blk_write: read error on host side\n");
a1bb27b1
PB		 1482 return;
1483 }
1484
1485 if (end > (addr & ~511) + 512) {
33f00271 1486 memcpy(sd->buf + (addr & 511), sd->data, 512 - (addr & 511));
7a608f56 1487 if (bdrv_write(sd->bdrv, addr >> 9, sd->buf, 1) < 0) {
827df9f3 1488 fprintf(stderr, "sd_blk_write: write error on host side\n");
a1bb27b1
PB		 1489 return;
1490 }
1491
7a608f56 1492 if (bdrv_read(sd->bdrv, end >> 9, sd->buf, 1) < 0) {
827df9f3 1493 fprintf(stderr, "sd_blk_write: read error on host side\n");
a1bb27b1
PB		 1494 return;
1495 }
33f00271 1496 memcpy(sd->buf, sd->data + 512 - (addr & 511), end & 511);
7a608f56 1497 if (bdrv_write(sd->bdrv, end >> 9, sd->buf, 1) < 0) {
827df9f3 1498 fprintf(stderr, "sd_blk_write: write error on host side\n");
7a608f56 1499 }
a1bb27b1 1500 } else {
33f00271 1501 memcpy(sd->buf + (addr & 511), sd->data, len);
7a608f56 1502 if (!sd->bdrv || bdrv_write(sd->bdrv, addr >> 9, sd->buf, 1) < 0) {
827df9f3 1503 fprintf(stderr, "sd_blk_write: write error on host side\n");
7a608f56 1504 }
a1bb27b1
PB		 1505 }
1506}
1507
33f00271
AZ		 1508#define BLK_READ_BLOCK(a, len) sd_blk_read(sd, a, len)
1509#define BLK_WRITE_BLOCK(a, len) sd_blk_write(sd, a, len)
a1bb27b1
PB		 1510#define APP_READ_BLOCK(a, len) memset(sd->data, 0xec, len)
1511#define APP_WRITE_BLOCK(a, len)
1512
1513void sd_write_data(SDState *sd, uint8_t value)
1514{
1515 int i;
1516
827df9f3 1517 if (!sd->bdrv || !bdrv_is_inserted(sd->bdrv) || !sd->enable)
a1bb27b1
PB		 1518 return;
1519
1520 if (sd->state != sd_receivingdata_state) {
827df9f3 1521 fprintf(stderr, "sd_write_data: not in Receiving-Data state\n");
a1bb27b1
PB		 1522 return;
1523 }
1524
1525 if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION))
1526 return;
1527
1528 switch (sd->current_cmd) {
1529 case 24: /* CMD24: WRITE_SINGLE_BLOCK */
1530 sd->data[sd->data_offset ++] = value;
1531 if (sd->data_offset >= sd->blk_len) {
1532 /* TODO: Check CRC before committing */
1533 sd->state = sd_programming_state;
1534 BLK_WRITE_BLOCK(sd->data_start, sd->data_offset);
1535 sd->blk_written ++;
1536 sd->csd[14] |= 0x40;
1537 /* Bzzzzzzztt .... Operation complete. */
1538 sd->state = sd_transfer_state;
1539 }
1540 break;
1541
1542 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
33fa8234
DDAG		 1543 if (sd->data_offset == 0) {
1544 /* Start of the block - lets check the address is valid */
a1bb27b1
PB		 1545 if (sd->data_start + sd->blk_len > sd->size) {
1546 sd->card_status |= ADDRESS_ERROR;
1547 break;
1548 }
1549 if (sd_wp_addr(sd, sd->data_start)) {
1550 sd->card_status |= WP_VIOLATION;
1551 break;
1552 }
33fa8234
DDAG		 1553 }
1554 sd->data[sd->data_offset++] = value;
1555 if (sd->data_offset >= sd->blk_len) {
1556 /* TODO: Check CRC before committing */
1557 sd->state = sd_programming_state;
1558 BLK_WRITE_BLOCK(sd->data_start, sd->data_offset);
1559 sd->blk_written++;
1560 sd->data_start += sd->blk_len;
1561 sd->data_offset = 0;
a1bb27b1
PB		 1562 sd->csd[14] |= 0x40;
1563
1564 /* Bzzzzzzztt .... Operation complete. */
1565 sd->state = sd_receivingdata_state;
1566 }
1567 break;
1568
1569 case 26: /* CMD26: PROGRAM_CID */
1570 sd->data[sd->data_offset ++] = value;
1571 if (sd->data_offset >= sizeof(sd->cid)) {
1572 /* TODO: Check CRC before committing */
1573 sd->state = sd_programming_state;
1574 for (i = 0; i < sizeof(sd->cid); i ++)
1575 if ((sd->cid[i] | 0x00) != sd->data[i])
1576 sd->card_status |= CID_CSD_OVERWRITE;
1577
1578 if (!(sd->card_status & CID_CSD_OVERWRITE))
1579 for (i = 0; i < sizeof(sd->cid); i ++) {
1580 sd->cid[i] |= 0x00;
1581 sd->cid[i] &= sd->data[i];
1582 }
1583 /* Bzzzzzzztt .... Operation complete. */
1584 sd->state = sd_transfer_state;
1585 }
1586 break;
1587
1588 case 27: /* CMD27: PROGRAM_CSD */
1589 sd->data[sd->data_offset ++] = value;
1590 if (sd->data_offset >= sizeof(sd->csd)) {
1591 /* TODO: Check CRC before committing */
1592 sd->state = sd_programming_state;
1593 for (i = 0; i < sizeof(sd->csd); i ++)
1594 if ((sd->csd[i] | sd_csd_rw_mask[i]) !=
1595 (sd->data[i] | sd_csd_rw_mask[i]))
1596 sd->card_status |= CID_CSD_OVERWRITE;
1597
1598 /* Copy flag (OTP) & Permanent write protect */
1599 if (sd->csd[14] & ~sd->data[14] & 0x60)
1600 sd->card_status |= CID_CSD_OVERWRITE;
1601
1602 if (!(sd->card_status & CID_CSD_OVERWRITE))
1603 for (i = 0; i < sizeof(sd->csd); i ++) {
1604 sd->csd[i] |= sd_csd_rw_mask[i];
1605 sd->csd[i] &= sd->data[i];
1606 }
1607 /* Bzzzzzzztt .... Operation complete. */
1608 sd->state = sd_transfer_state;
1609 }
1610 break;
1611
1612 case 42: /* CMD42: LOCK_UNLOCK */
1613 sd->data[sd->data_offset ++] = value;
1614 if (sd->data_offset >= sd->blk_len) {
1615 /* TODO: Check CRC before committing */
1616 sd->state = sd_programming_state;
1617 sd_lock_command(sd);
1618 /* Bzzzzzzztt .... Operation complete. */
1619 sd->state = sd_transfer_state;
1620 }
1621 break;
1622
1623 case 56: /* CMD56: GEN_CMD */
1624 sd->data[sd->data_offset ++] = value;
1625 if (sd->data_offset >= sd->blk_len) {
1626 APP_WRITE_BLOCK(sd->data_start, sd->data_offset);
1627 sd->state = sd_transfer_state;
1628 }
1629 break;
1630
1631 default:
827df9f3 1632 fprintf(stderr, "sd_write_data: unknown command\n");
a1bb27b1
PB		 1633 break;
1634 }
1635}
1636
1637uint8_t sd_read_data(SDState *sd)
1638{
1639 /* TODO: Append CRCs */
1640 uint8_t ret;
2d7adea4 1641 int io_len;
a1bb27b1 1642
827df9f3 1643 if (!sd->bdrv || !bdrv_is_inserted(sd->bdrv) || !sd->enable)
a1bb27b1
PB		 1644 return 0x00;
1645
1646 if (sd->state != sd_sendingdata_state) {
827df9f3 1647 fprintf(stderr, "sd_read_data: not in Sending-Data state\n");
a1bb27b1
PB		 1648 return 0x00;
1649 }
1650
1651 if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION))
1652 return 0x00;
1653
2d7adea4
AZ		 1654 io_len = (sd->ocr & (1 << 30)) ? 512 : sd->blk_len;
1655
a1bb27b1
PB		 1656 switch (sd->current_cmd) {
1657 case 6: /* CMD6: SWITCH_FUNCTION */
1658 ret = sd->data[sd->data_offset ++];
1659
1660 if (sd->data_offset >= 64)
1661 sd->state = sd_transfer_state;
1662 break;
1663
775616c3
PB		 1664 case 9: /* CMD9: SEND_CSD */
1665 case 10: /* CMD10: SEND_CID */
1666 ret = sd->data[sd->data_offset ++];
1667
1668 if (sd->data_offset >= 16)
1669 sd->state = sd_transfer_state;
1670 break;
1671
a1bb27b1
PB		 1672 case 11: /* CMD11: READ_DAT_UNTIL_STOP */
1673 if (sd->data_offset == 0)
2d7adea4 1674 BLK_READ_BLOCK(sd->data_start, io_len);
a1bb27b1
PB		 1675 ret = sd->data[sd->data_offset ++];
1676
2d7adea4
AZ		 1677 if (sd->data_offset >= io_len) {
1678 sd->data_start += io_len;
a1bb27b1 1679 sd->data_offset = 0;
2d7adea4 1680 if (sd->data_start + io_len > sd->size) {
a1bb27b1
PB		 1681 sd->card_status |= ADDRESS_ERROR;
1682 break;
1683 }
1684 }
1685 break;
1686
1687 case 13: /* ACMD13: SD_STATUS */
1688 ret = sd->sd_status[sd->data_offset ++];
1689
1690 if (sd->data_offset >= sizeof(sd->sd_status))
1691 sd->state = sd_transfer_state;
1692 break;
1693
1694 case 17: /* CMD17: READ_SINGLE_BLOCK */
1695 if (sd->data_offset == 0)
2d7adea4 1696 BLK_READ_BLOCK(sd->data_start, io_len);
a1bb27b1
PB		 1697 ret = sd->data[sd->data_offset ++];
1698
2d7adea4 1699 if (sd->data_offset >= io_len)
a1bb27b1
PB		 1700 sd->state = sd_transfer_state;
1701 break;
1702
1703 case 18: /* CMD18: READ_MULTIPLE_BLOCK */
1704 if (sd->data_offset == 0)
2d7adea4 1705 BLK_READ_BLOCK(sd->data_start, io_len);
a1bb27b1
PB		 1706 ret = sd->data[sd->data_offset ++];
1707
2d7adea4
AZ		 1708 if (sd->data_offset >= io_len) {
1709 sd->data_start += io_len;
a1bb27b1 1710 sd->data_offset = 0;
2d7adea4 1711 if (sd->data_start + io_len > sd->size) {
a1bb27b1
PB		 1712 sd->card_status |= ADDRESS_ERROR;
1713 break;
1714 }
1715 }
1716 break;
1717
1718 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
1719 ret = sd->data[sd->data_offset ++];
1720
1721 if (sd->data_offset >= 4)
1722 sd->state = sd_transfer_state;
1723 break;
1724
1725 case 30: /* CMD30: SEND_WRITE_PROT */
1726 ret = sd->data[sd->data_offset ++];
1727
1728 if (sd->data_offset >= 4)
1729 sd->state = sd_transfer_state;
1730 break;
1731
1732 case 51: /* ACMD51: SEND_SCR */
1733 ret = sd->scr[sd->data_offset ++];
1734
1735 if (sd->data_offset >= sizeof(sd->scr))
1736 sd->state = sd_transfer_state;
1737 break;
1738
1739 case 56: /* CMD56: GEN_CMD */
1740 if (sd->data_offset == 0)
1741 APP_READ_BLOCK(sd->data_start, sd->blk_len);
1742 ret = sd->data[sd->data_offset ++];
1743
1744 if (sd->data_offset >= sd->blk_len)
1745 sd->state = sd_transfer_state;
1746 break;
1747
1748 default:
827df9f3 1749 fprintf(stderr, "sd_read_data: unknown command\n");
a1bb27b1
PB		 1750 return 0x00;
1751 }
1752
1753 return ret;
1754}
1755
879bf4a7 1756bool sd_data_ready(SDState *sd)
a1bb27b1
PB		 1757{
1758 return sd->state == sd_sendingdata_state;
1759}
827df9f3 1760
bebd1271 1761void sd_enable(SDState *sd, bool enable)
827df9f3
AZ		 1762{
1763 sd->enable = enable;
1764}
Qemu copy for testing