]> git.proxmox.com Git - qemu.git/blame - hw/sd.c
projects / qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
block: Split change_cb() into change_media_cb(), resize_cb()
[qemu.git] / hw / sd.c
CommitLineData
5fafdf24 1/*
a1bb27b1
PB		 2 * SD Memory Card emulation as defined in the "SD Memory Card Physical
3 * layer specification, Version 1.10."
4 *
5 * Copyright (c) 2006 Andrzej Zaborowski <balrog@zabor.org>
6 * Copyright (c) 2007 CodeSourcery
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in
16 * the documentation and/or other materials provided with the
17 * distribution.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS''
20 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
21 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
22 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR
23 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
24 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
25 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
26 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
27 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
28 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
29 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
30 */
31
87ecb68b
PB		 32#include "hw.h"
33#include "block.h"
879f0655 34#include "block_int.h"
a1bb27b1
PB		 35#include "sd.h"
36
37//#define DEBUG_SD 1
38
39#ifdef DEBUG_SD
001faf32
BS		 40#define DPRINTF(fmt, ...) \
41do { fprintf(stderr, "SD: " fmt , ## __VA_ARGS__); } while (0)
a1bb27b1 42#else
001faf32 43#define DPRINTF(fmt, ...) do {} while(0)
a1bb27b1
PB		 44#endif
45
46typedef enum {
47 sd_r0 = 0, /* no response */
48 sd_r1, /* normal response command */
49 sd_r2_i, /* CID register */
50 sd_r2_s, /* CSD register */
51 sd_r3, /* OCR register */
52 sd_r6 = 6, /* Published RCA response */
1b088995 53 sd_r7, /* Operating voltage */
a1bb27b1 54 sd_r1b = -1,
c227f099 55} sd_rsp_type_t;
a1bb27b1
PB		 56
57struct SDState {
58 enum {
59 sd_inactive,
60 sd_card_identification_mode,
61 sd_data_transfer_mode,
62 } mode;
63 enum {
64 sd_inactive_state = -1,
65 sd_idle_state = 0,
66 sd_ready_state,
67 sd_identification_state,
68 sd_standby_state,
69 sd_transfer_state,
70 sd_sendingdata_state,
71 sd_receivingdata_state,
72 sd_programming_state,
73 sd_disconnect_state,
74 } state;
75 uint32_t ocr;
76 uint8_t scr[8];
77 uint8_t cid[16];
78 uint8_t csd[16];
79 uint16_t rca;
80 uint32_t card_status;
81 uint8_t sd_status[64];
1b088995 82 uint32_t vhs;
a1bb27b1
PB		 83 int wp_switch;
84 int *wp_groups;
2d7adea4 85 uint64_t size;
a1bb27b1
PB		 86 int blk_len;
87 uint32_t erase_start;
88 uint32_t erase_end;
89 uint8_t pwd[16];
90 int pwd_len;
91 int function_group[6];
92
775616c3 93 int spi;
a1bb27b1
PB		 94 int current_cmd;
95 int blk_written;
2d7adea4 96 uint64_t data_start;
a1bb27b1
PB		 97 uint32_t data_offset;
98 uint8_t data[512];
02ce600c
AZ		 99 qemu_irq readonly_cb;
100 qemu_irq inserted_cb;
a1bb27b1 101 BlockDriverState *bdrv;
33f00271 102 uint8_t *buf;
827df9f3
AZ		 103
104 int enable;
a1bb27b1
PB		 105};
106
107static void sd_set_status(SDState *sd)
108{
109 switch (sd->state) {
110 case sd_inactive_state:
111 sd->mode = sd_inactive;
112 break;
113
114 case sd_idle_state:
115 case sd_ready_state:
116 case sd_identification_state:
117 sd->mode = sd_card_identification_mode;
118 break;
119
120 case sd_standby_state:
121 case sd_transfer_state:
122 case sd_sendingdata_state:
123 case sd_receivingdata_state:
124 case sd_programming_state:
125 case sd_disconnect_state:
126 sd->mode = sd_data_transfer_mode;
127 break;
128 }
129
130 sd->card_status &= ~CURRENT_STATE;
131 sd->card_status |= sd->state << 9;
132}
133
c227f099 134static const sd_cmd_type_t sd_cmd_type[64] = {
a1bb27b1 135 sd_bc, sd_none, sd_bcr, sd_bcr, sd_none, sd_none, sd_none, sd_ac,
1b088995 136 sd_bcr, sd_ac, sd_ac, sd_adtc, sd_ac, sd_ac, sd_none, sd_ac,
a1bb27b1
PB		 137 sd_ac, sd_adtc, sd_adtc, sd_none, sd_none, sd_none, sd_none, sd_none,
138 sd_adtc, sd_adtc, sd_adtc, sd_adtc, sd_ac, sd_ac, sd_adtc, sd_none,
139 sd_ac, sd_ac, sd_none, sd_none, sd_none, sd_none, sd_ac, sd_none,
140 sd_none, sd_none, sd_bc, sd_none, sd_none, sd_none, sd_none, sd_none,
141 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_ac,
142 sd_adtc, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
143};
144
c227f099 145static const sd_cmd_type_t sd_acmd_type[64] = {
a1bb27b1
PB		 146 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_ac, sd_none,
147 sd_none, sd_none, sd_none, sd_none, sd_none, sd_adtc, sd_none, sd_none,
148 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_adtc, sd_ac,
149 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
150 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
151 sd_none, sd_bcr, sd_ac, sd_none, sd_none, sd_none, sd_none, sd_none,
152 sd_none, sd_none, sd_none, sd_adtc, sd_none, sd_none, sd_none, sd_none,
153 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
154};
155
156static const int sd_cmd_class[64] = {
157 0, 0, 0, 0, 0, 9, 10, 0, 0, 0, 0, 1, 0, 0, 0, 0,
158 2, 2, 2, 2, 3, 3, 3, 3, 4, 4, 4, 4, 6, 6, 6, 6,
159 5, 5, 10, 10, 10, 10, 5, 9, 9, 9, 7, 7, 7, 7, 7, 7,
160 7, 7, 10, 7, 9, 9, 9, 8, 8, 10, 8, 8, 8, 8, 8, 8,
161};
162
163static uint8_t sd_crc7(void *message, size_t width)
164{
165 int i, bit;
166 uint8_t shift_reg = 0x00;
167 uint8_t *msg = (uint8_t *) message;
168
169 for (i = 0; i < width; i ++, msg ++)
170 for (bit = 7; bit >= 0; bit --) {
171 shift_reg <<= 1;
172 if ((shift_reg >> 7) ^ ((*msg >> bit) & 1))
173 shift_reg ^= 0x89;
174 }
175
176 return shift_reg;
177}
178
179static uint16_t sd_crc16(void *message, size_t width)
180{
181 int i, bit;
182 uint16_t shift_reg = 0x0000;
183 uint16_t *msg = (uint16_t *) message;
184 width <<= 1;
185
186 for (i = 0; i < width; i ++, msg ++)
187 for (bit = 15; bit >= 0; bit --) {
188 shift_reg <<= 1;
189 if ((shift_reg >> 15) ^ ((*msg >> bit) & 1))
190 shift_reg ^= 0x1011;
191 }
192
193 return shift_reg;
194}
195
196static void sd_set_ocr(SDState *sd)
197{
1b088995 198 /* All voltages OK, card power-up OK, Standard Capacity SD Memory Card */
829ef7b0 199 sd->ocr = 0x80ffff00;
a1bb27b1
PB		 200}
201
202static void sd_set_scr(SDState *sd)
203{
204 sd->scr[0] = 0x00; /* SCR Structure */
205 sd->scr[1] = 0x2f; /* SD Security Support */
206 sd->scr[2] = 0x00;
207 sd->scr[3] = 0x00;
208 sd->scr[4] = 0x00;
209 sd->scr[5] = 0x00;
210 sd->scr[6] = 0x00;
211 sd->scr[7] = 0x00;
212}
213
214#define MID 0xaa
215#define OID "XY"
216#define PNM "QEMU!"
217#define PRV 0x01
218#define MDT_YR 2006
219#define MDT_MON 2
220
221static void sd_set_cid(SDState *sd)
222{
223 sd->cid[0] = MID; /* Fake card manufacturer ID (MID) */
224 sd->cid[1] = OID[0]; /* OEM/Application ID (OID) */
225 sd->cid[2] = OID[1];
226 sd->cid[3] = PNM[0]; /* Fake product name (PNM) */
227 sd->cid[4] = PNM[1];
228 sd->cid[5] = PNM[2];
229 sd->cid[6] = PNM[3];
230 sd->cid[7] = PNM[4];
231 sd->cid[8] = PRV; /* Fake product revision (PRV) */
232 sd->cid[9] = 0xde; /* Fake serial number (PSN) */
233 sd->cid[10] = 0xad;
234 sd->cid[11] = 0xbe;
235 sd->cid[12] = 0xef;
236 sd->cid[13] = 0x00 | /* Manufacture date (MDT) */
237 ((MDT_YR - 2000) / 10);
238 sd->cid[14] = ((MDT_YR % 10) << 4) | MDT_MON;
239 sd->cid[15] = (sd_crc7(sd->cid, 15) << 1) | 1;
240}
241
242#define HWBLOCK_SHIFT 9 /* 512 bytes */
243#define SECTOR_SHIFT 5 /* 16 kilobytes */
244#define WPGROUP_SHIFT 7 /* 2 megs */
245#define CMULT_SHIFT 9 /* 512 times HWBLOCK_SIZE */
a1bb27b1
PB		 246#define WPGROUP_SIZE (1 << (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT))
247
248static const uint8_t sd_csd_rw_mask[16] = {
249 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
250 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xfc, 0xfe,
251};
252
2d7adea4 253static void sd_set_csd(SDState *sd, uint64_t size)
a1bb27b1
PB		 254{
255 uint32_t csize = (size >> (CMULT_SHIFT + HWBLOCK_SHIFT)) - 1;
256 uint32_t sectsize = (1 << (SECTOR_SHIFT + 1)) - 1;
257 uint32_t wpsize = (1 << (WPGROUP_SHIFT + 1)) - 1;
258
2d7adea4
AZ		 259 if (size <= 0x40000000) { /* Standard Capacity SD */
260 sd->csd[0] = 0x00; /* CSD structure */
261 sd->csd[1] = 0x26; /* Data read access-time-1 */
262 sd->csd[2] = 0x00; /* Data read access-time-2 */
263 sd->csd[3] = 0x5a; /* Max. data transfer rate */
264 sd->csd[4] = 0x5f; /* Card Command Classes */
265 sd->csd[5] = 0x50 | /* Max. read data block length */
266 HWBLOCK_SHIFT;
267 sd->csd[6] = 0xe0 | /* Partial block for read allowed */
268 ((csize >> 10) & 0x03);
269 sd->csd[7] = 0x00 | /* Device size */
270 ((csize >> 2) & 0xff);
271 sd->csd[8] = 0x3f | /* Max. read current */
272 ((csize << 6) & 0xc0);
273 sd->csd[9] = 0xfc | /* Max. write current */
274 ((CMULT_SHIFT - 2) >> 1);
275 sd->csd[10] = 0x40 | /* Erase sector size */
276 (((CMULT_SHIFT - 2) << 7) & 0x80) | (sectsize >> 1);
277 sd->csd[11] = 0x00 | /* Write protect group size */
278 ((sectsize << 7) & 0x80) | wpsize;
279 sd->csd[12] = 0x90 | /* Write speed factor */
280 (HWBLOCK_SHIFT >> 2);
281 sd->csd[13] = 0x20 | /* Max. write data block length */
282 ((HWBLOCK_SHIFT << 6) & 0xc0);
283 sd->csd[14] = 0x00; /* File format group */
284 sd->csd[15] = (sd_crc7(sd->csd, 15) << 1) | 1;
285 } else { /* SDHC */
286 size /= 512 * 1024;
287 size -= 1;
288 sd->csd[0] = 0x40;
289 sd->csd[1] = 0x0e;
290 sd->csd[2] = 0x00;
291 sd->csd[3] = 0x32;
292 sd->csd[4] = 0x5b;
293 sd->csd[5] = 0x59;
294 sd->csd[6] = 0x00;
295 sd->csd[7] = (size >> 16) & 0xff;
296 sd->csd[8] = (size >> 8) & 0xff;
297 sd->csd[9] = (size & 0xff);
298 sd->csd[10] = 0x7f;
299 sd->csd[11] = 0x80;
300 sd->csd[12] = 0x0a;
301 sd->csd[13] = 0x40;
302 sd->csd[14] = 0x00;
303 sd->csd[15] = 0x00;
304 sd->ocr |= 1 << 30; /* High Capacity SD Memort Card */
305 }
a1bb27b1
PB		 306}
307
308static void sd_set_rca(SDState *sd)
309{
310 sd->rca += 0x4567;
311}
312
313#define CARD_STATUS_A 0x02004100
314#define CARD_STATUS_B 0x00c01e00
315#define CARD_STATUS_C 0xfd39a028
316
317static void sd_set_cardstatus(SDState *sd)
318{
319 sd->card_status = 0x00000100;
320}
321
322static void sd_set_sdstatus(SDState *sd)
323{
324 memset(sd->sd_status, 0, 64);
325}
326
bc24a225 327static int sd_req_crc_validate(SDRequest *req)
a1bb27b1
PB		 328{
329 uint8_t buffer[5];
330 buffer[0] = 0x40 | req->cmd;
331 buffer[1] = (req->arg >> 24) & 0xff;
332 buffer[2] = (req->arg >> 16) & 0xff;
333 buffer[3] = (req->arg >> 8) & 0xff;
334 buffer[4] = (req->arg >> 0) & 0xff;
335 return 0;
336 return sd_crc7(buffer, 5) != req->crc; /* TODO */
337}
338
9596ebb7
PB		 339static void sd_response_r1_make(SDState *sd,
340 uint8_t *response, uint32_t last_status)
a1bb27b1
PB		 341{
342 uint32_t mask = CARD_STATUS_B ^ ILLEGAL_COMMAND;
343 uint32_t status;
344
345 status = (sd->card_status & ~mask) | (last_status & mask);
346 sd->card_status &= ~CARD_STATUS_C | APP_CMD;
347
348 response[0] = (status >> 24) & 0xff;
349 response[1] = (status >> 16) & 0xff;
350 response[2] = (status >> 8) & 0xff;
351 response[3] = (status >> 0) & 0xff;
352}
353
9596ebb7 354static void sd_response_r3_make(SDState *sd, uint8_t *response)
a1bb27b1
PB		 355{
356 response[0] = (sd->ocr >> 24) & 0xff;
357 response[1] = (sd->ocr >> 16) & 0xff;
358 response[2] = (sd->ocr >> 8) & 0xff;
359 response[3] = (sd->ocr >> 0) & 0xff;
360}
361
9596ebb7 362static void sd_response_r6_make(SDState *sd, uint8_t *response)
a1bb27b1
PB		 363{
364 uint16_t arg;
365 uint16_t status;
366
367 arg = sd->rca;
368 status = ((sd->card_status >> 8) & 0xc000) |
369 ((sd->card_status >> 6) & 0x2000) |
370 (sd->card_status & 0x1fff);
371
372 response[0] = (arg >> 8) & 0xff;
373 response[1] = arg & 0xff;
374 response[2] = (status >> 8) & 0xff;
375 response[3] = status & 0xff;
376}
377
1b088995
AZ		 378static void sd_response_r7_make(SDState *sd, uint8_t *response)
379{
380 response[0] = (sd->vhs >> 24) & 0xff;
381 response[1] = (sd->vhs >> 16) & 0xff;
382 response[2] = (sd->vhs >> 8) & 0xff;
383 response[3] = (sd->vhs >> 0) & 0xff;
384}
385
a1bb27b1
PB		 386static void sd_reset(SDState *sd, BlockDriverState *bdrv)
387{
2d7adea4 388 uint64_t size;
a1bb27b1
PB		 389 uint64_t sect;
390
03f311ed
PB		 391 if (bdrv) {
392 bdrv_get_geometry(bdrv, &sect);
393 } else {
394 sect = 0;
395 }
5e37141b 396 size = sect << 9;
a1bb27b1
PB		 397
398 sect = (size >> (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT)) + 1;
399
400 sd->state = sd_idle_state;
401 sd->rca = 0x0000;
402 sd_set_ocr(sd);
403 sd_set_scr(sd);
404 sd_set_cid(sd);
405 sd_set_csd(sd, size);
406 sd_set_cardstatus(sd);
407 sd_set_sdstatus(sd);
408
409 sd->bdrv = bdrv;
410
257514dd 411 if (sd->wp_groups)
7267c094 412 g_free(sd->wp_groups);
03f311ed 413 sd->wp_switch = bdrv ? bdrv_is_read_only(bdrv) : 0;
7267c094 414 sd->wp_groups = (int *) g_malloc0(sizeof(int) * sect);
a1bb27b1
PB		 415 memset(sd->function_group, 0, sizeof(int) * 6);
416 sd->erase_start = 0;
417 sd->erase_end = 0;
418 sd->size = size;
419 sd->blk_len = 0x200;
420 sd->pwd_len = 0;
421}
422
145feb17 423static void sd_cardchange(void *opaque)
a1bb27b1
PB		 424{
425 SDState *sd = opaque;
db97ee6a 426
02ce600c 427 qemu_set_irq(sd->inserted_cb, bdrv_is_inserted(sd->bdrv));
a1bb27b1
PB		 428 if (bdrv_is_inserted(sd->bdrv)) {
429 sd_reset(sd, sd->bdrv);
257514dd 430 qemu_set_irq(sd->readonly_cb, sd->wp_switch);
a1bb27b1
PB		 431 }
432}
433
0e49de52 434static const BlockDevOps sd_block_ops = {
145feb17 435 .change_media_cb = sd_cardchange,
0e49de52
MA		 436};
437
775616c3 438/* We do not model the chip select pin, so allow the board to select
8ef6367e 439 whether card should be in SSI or MMC/SD mode. It is also up to the
775616c3
PB		 440 board to ensure that ssi transfers only occur when the chip select
441 is asserted. */
442SDState *sd_init(BlockDriverState *bs, int is_spi)
a1bb27b1
PB		 443{
444 SDState *sd;
445
7267c094 446 sd = (SDState *) g_malloc0(sizeof(SDState));
72aef731 447 sd->buf = qemu_blockalign(bs, 512);
775616c3 448 sd->spi = is_spi;
4872aa13 449 sd->enable = 1;
a1bb27b1 450 sd_reset(sd, bs);
03f311ed 451 if (sd->bdrv) {
fa879d62 452 bdrv_attach_dev_nofail(sd->bdrv, sd);
0e49de52 453 bdrv_set_dev_ops(sd->bdrv, &sd_block_ops, sd);
03f311ed 454 }
a1bb27b1
PB		 455 return sd;
456}
457
02ce600c 458void sd_set_cb(SDState *sd, qemu_irq readonly, qemu_irq insert)
a1bb27b1 459{
02ce600c
AZ		 460 sd->readonly_cb = readonly;
461 sd->inserted_cb = insert;
0d2e91c1
AJ		 462 qemu_set_irq(readonly, sd->bdrv ? bdrv_is_read_only(sd->bdrv) : 0);
463 qemu_set_irq(insert, sd->bdrv ? bdrv_is_inserted(sd->bdrv) : 0);
a1bb27b1
PB		 464}
465
466static void sd_erase(SDState *sd)
467{
468 int i, start, end;
469 if (!sd->erase_start || !sd->erase_end) {
470 sd->card_status |= ERASE_SEQ_ERROR;
471 return;
472 }
473
474 start = sd->erase_start >>
475 (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT);
476 end = sd->erase_end >>
477 (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT);
478 sd->erase_start = 0;
479 sd->erase_end = 0;
480 sd->csd[14] |= 0x40;
481
482 for (i = start; i <= end; i ++)
483 if (sd->wp_groups[i])
484 sd->card_status |= WP_ERASE_SKIP;
485}
486
2d7adea4 487static uint32_t sd_wpbits(SDState *sd, uint64_t addr)
a1bb27b1
PB		 488{
489 uint32_t i, wpnum;
490 uint32_t ret = 0;
491
492 wpnum = addr >> (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT);
493
494 for (i = 0; i < 32; i ++, wpnum ++, addr += WPGROUP_SIZE)
495 if (addr < sd->size && sd->wp_groups[wpnum])
496 ret |= (1 << i);
497
498 return ret;
499}
500
501static void sd_function_switch(SDState *sd, uint32_t arg)
502{
503 int i, mode, new_func, crc;
504 mode = !!(arg & 0x80000000);
505
506 sd->data[0] = 0x00; /* Maximum current consumption */
507 sd->data[1] = 0x01;
508 sd->data[2] = 0x80; /* Supported group 6 functions */
509 sd->data[3] = 0x01;
510 sd->data[4] = 0x80; /* Supported group 5 functions */
511 sd->data[5] = 0x01;
512 sd->data[6] = 0x80; /* Supported group 4 functions */
513 sd->data[7] = 0x01;
514 sd->data[8] = 0x80; /* Supported group 3 functions */
515 sd->data[9] = 0x01;
516 sd->data[10] = 0x80; /* Supported group 2 functions */
517 sd->data[11] = 0x43;
518 sd->data[12] = 0x80; /* Supported group 1 functions */
519 sd->data[13] = 0x03;
520 for (i = 0; i < 6; i ++) {
521 new_func = (arg >> (i * 4)) & 0x0f;
522 if (mode && new_func != 0x0f)
523 sd->function_group[i] = new_func;
524 sd->data[14 + (i >> 1)] = new_func << ((i * 4) & 4);
525 }
526 memset(&sd->data[17], 0, 47);
527 crc = sd_crc16(sd->data, 64);
528 sd->data[65] = crc >> 8;
529 sd->data[66] = crc & 0xff;
530}
531
532static inline int sd_wp_addr(SDState *sd, uint32_t addr)
533{
534 return sd->wp_groups[addr >>
535 (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT)];
536}
537
538static void sd_lock_command(SDState *sd)
539{
540 int erase, lock, clr_pwd, set_pwd, pwd_len;
541 erase = !!(sd->data[0] & 0x08);
542 lock = sd->data[0] & 0x04;
543 clr_pwd = sd->data[0] & 0x02;
544 set_pwd = sd->data[0] & 0x01;
545
546 if (sd->blk_len > 1)
547 pwd_len = sd->data[1];
548 else
549 pwd_len = 0;
550
551 if (erase) {
552 if (!(sd->card_status & CARD_IS_LOCKED) || sd->blk_len > 1 ||
553 set_pwd || clr_pwd || lock || sd->wp_switch ||
554 (sd->csd[14] & 0x20)) {
555 sd->card_status |= LOCK_UNLOCK_FAILED;
556 return;
557 }
558 memset(sd->wp_groups, 0, sizeof(int) * (sd->size >>
559 (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT)));
560 sd->csd[14] &= ~0x10;
561 sd->card_status &= ~CARD_IS_LOCKED;
562 sd->pwd_len = 0;
563 /* Erasing the entire card here! */
827df9f3 564 fprintf(stderr, "SD: Card force-erased by CMD42\n");
a1bb27b1
PB		 565 return;
566 }
567
568 if (sd->blk_len < 2 + pwd_len ||
569 pwd_len <= sd->pwd_len ||
570 pwd_len > sd->pwd_len + 16) {
571 sd->card_status |= LOCK_UNLOCK_FAILED;
572 return;
573 }
574
575 if (sd->pwd_len && memcmp(sd->pwd, sd->data + 2, sd->pwd_len)) {
576 sd->card_status |= LOCK_UNLOCK_FAILED;
577 return;
578 }
579
580 pwd_len -= sd->pwd_len;
581 if ((pwd_len && !set_pwd) ||
582 (clr_pwd && (set_pwd || lock)) ||
583 (lock && !sd->pwd_len && !set_pwd) ||
584 (!set_pwd && !clr_pwd &&
585 (((sd->card_status & CARD_IS_LOCKED) && lock) ||
586 (!(sd->card_status & CARD_IS_LOCKED) && !lock)))) {
587 sd->card_status |= LOCK_UNLOCK_FAILED;
588 return;
589 }
590
591 if (set_pwd) {
592 memcpy(sd->pwd, sd->data + 2 + sd->pwd_len, pwd_len);
593 sd->pwd_len = pwd_len;
594 }
595
596 if (clr_pwd) {
597 sd->pwd_len = 0;
598 }
599
600 if (lock)
601 sd->card_status |= CARD_IS_LOCKED;
602 else
603 sd->card_status &= ~CARD_IS_LOCKED;
604}
605
c227f099 606static sd_rsp_type_t sd_normal_command(SDState *sd,
bc24a225 607 SDRequest req)
a1bb27b1
PB		 608{
609 uint32_t rca = 0x0000;
2d7adea4 610 uint64_t addr = (sd->ocr & (1 << 30)) ? (uint64_t) req.arg << 9 : req.arg;
a1bb27b1
PB		 611
612 if (sd_cmd_type[req.cmd] == sd_ac || sd_cmd_type[req.cmd] == sd_adtc)
613 rca = req.arg >> 16;
614
615 DPRINTF("CMD%d 0x%08x state %d\n", req.cmd, req.arg, sd->state);
616 switch (req.cmd) {
617 /* Basic commands (Class 0 and Class 1) */
618 case 0: /* CMD0: GO_IDLE_STATE */
619 switch (sd->state) {
620 case sd_inactive_state:
775616c3 621 return sd->spi ? sd_r1 : sd_r0;
a1bb27b1
PB		 622
623 default:
624 sd->state = sd_idle_state;
625 sd_reset(sd, sd->bdrv);
775616c3 626 return sd->spi ? sd_r1 : sd_r0;
a1bb27b1
PB		 627 }
628 break;
629
775616c3
PB		 630 case 1: /* CMD1: SEND_OP_CMD */
631 if (!sd->spi)
632 goto bad_cmd;
633
634 sd->state = sd_transfer_state;
635 return sd_r1;
636
a1bb27b1 637 case 2: /* CMD2: ALL_SEND_CID */
775616c3
PB		 638 if (sd->spi)
639 goto bad_cmd;
a1bb27b1
PB		 640 switch (sd->state) {
641 case sd_ready_state:
642 sd->state = sd_identification_state;
643 return sd_r2_i;
644
645 default:
646 break;
647 }
648 break;
649
650 case 3: /* CMD3: SEND_RELATIVE_ADDR */
775616c3
PB		 651 if (sd->spi)
652 goto bad_cmd;
a1bb27b1
PB		 653 switch (sd->state) {
654 case sd_identification_state:
655 case sd_standby_state:
656 sd->state = sd_standby_state;
657 sd_set_rca(sd);
658 return sd_r6;
659
660 default:
661 break;
662 }
663 break;
664
665 case 4: /* CMD4: SEND_DSR */
775616c3
PB		 666 if (sd->spi)
667 goto bad_cmd;
a1bb27b1
PB		 668 switch (sd->state) {
669 case sd_standby_state:
670 break;
671
672 default:
673 break;
674 }
675 break;
676
109ac32f
JR		 677 case 5: /* CMD5: reserved for SDIO cards */
678 sd->card_status |= ILLEGAL_COMMAND;
679 return sd_r0;
680
a1bb27b1 681 case 6: /* CMD6: SWITCH_FUNCTION */
775616c3
PB		 682 if (sd->spi)
683 goto bad_cmd;
a1bb27b1
PB		 684 switch (sd->mode) {
685 case sd_data_transfer_mode:
686 sd_function_switch(sd, req.arg);
687 sd->state = sd_sendingdata_state;
688 sd->data_start = 0;
689 sd->data_offset = 0;
690 return sd_r1;
691
692 default:
693 break;
694 }
695 break;
696
697 case 7: /* CMD7: SELECT/DESELECT_CARD */
775616c3
PB		 698 if (sd->spi)
699 goto bad_cmd;
a1bb27b1
PB		 700 switch (sd->state) {
701 case sd_standby_state:
702 if (sd->rca != rca)
703 return sd_r0;
704
705 sd->state = sd_transfer_state;
706 return sd_r1b;
707
708 case sd_transfer_state:
709 case sd_sendingdata_state:
710 if (sd->rca == rca)
711 break;
712
713 sd->state = sd_standby_state;
714 return sd_r1b;
715
716 case sd_disconnect_state:
717 if (sd->rca != rca)
718 return sd_r0;
719
720 sd->state = sd_programming_state;
721 return sd_r1b;
722
723 case sd_programming_state:
724 if (sd->rca == rca)
725 break;
726
727 sd->state = sd_disconnect_state;
728 return sd_r1b;
729
730 default:
731 break;
732 }
733 break;
734
1b088995
AZ		 735 case 8: /* CMD8: SEND_IF_COND */
736 /* Physical Layer Specification Version 2.00 command */
737 switch (sd->state) {
738 case sd_idle_state:
739 sd->vhs = 0;
740
741 /* No response if not exactly one VHS bit is set. */
742 if (!(req.arg >> 8) || (req.arg >> ffs(req.arg & ~0xff)))
743 return sd->spi ? sd_r7 : sd_r0;
744
745 /* Accept. */
746 sd->vhs = req.arg;
747 return sd_r7;
748
749 default:
750 break;
751 }
752 break;
753
a1bb27b1
PB		 754 case 9: /* CMD9: SEND_CSD */
755 switch (sd->state) {
756 case sd_standby_state:
757 if (sd->rca != rca)
758 return sd_r0;
759
760 return sd_r2_s;
761
775616c3
PB		 762 case sd_transfer_state:
763 if (!sd->spi)
764 break;
765 sd->state = sd_sendingdata_state;
766 memcpy(sd->data, sd->csd, 16);
2d7adea4 767 sd->data_start = addr;
775616c3
PB		 768 sd->data_offset = 0;
769 return sd_r1;
770
a1bb27b1
PB		 771 default:
772 break;
773 }
774 break;
775
776 case 10: /* CMD10: SEND_CID */
777 switch (sd->state) {
778 case sd_standby_state:
779 if (sd->rca != rca)
780 return sd_r0;
781
782 return sd_r2_i;
783
775616c3
PB		 784 case sd_transfer_state:
785 if (!sd->spi)
786 break;
787 sd->state = sd_sendingdata_state;
788 memcpy(sd->data, sd->cid, 16);
2d7adea4 789 sd->data_start = addr;
775616c3
PB		 790 sd->data_offset = 0;
791 return sd_r1;
792
a1bb27b1
PB		 793 default:
794 break;
795 }
796 break;
797
798 case 11: /* CMD11: READ_DAT_UNTIL_STOP */
775616c3
PB		 799 if (sd->spi)
800 goto bad_cmd;
a1bb27b1
PB		 801 switch (sd->state) {
802 case sd_transfer_state:
803 sd->state = sd_sendingdata_state;
804 sd->data_start = req.arg;
805 sd->data_offset = 0;
806
807 if (sd->data_start + sd->blk_len > sd->size)
808 sd->card_status |= ADDRESS_ERROR;
809 return sd_r0;
810
811 default:
812 break;
813 }
814 break;
815
816 case 12: /* CMD12: STOP_TRANSMISSION */
817 switch (sd->state) {
818 case sd_sendingdata_state:
819 sd->state = sd_transfer_state;
820 return sd_r1b;
821
822 case sd_receivingdata_state:
823 sd->state = sd_programming_state;
824 /* Bzzzzzzztt .... Operation complete. */
825 sd->state = sd_transfer_state;
826 return sd_r1b;
827
828 default:
829 break;
830 }
831 break;
832
833 case 13: /* CMD13: SEND_STATUS */
834 switch (sd->mode) {
835 case sd_data_transfer_mode:
836 if (sd->rca != rca)
837 return sd_r0;
838
839 return sd_r1;
840
841 default:
842 break;
843 }
844 break;
845
846 case 15: /* CMD15: GO_INACTIVE_STATE */
775616c3
PB		 847 if (sd->spi)
848 goto bad_cmd;
a1bb27b1
PB		 849 switch (sd->mode) {
850 case sd_data_transfer_mode:
851 if (sd->rca != rca)
852 return sd_r0;
853
854 sd->state = sd_inactive_state;
855 return sd_r0;
856
857 default:
858 break;
859 }
860 break;
861
862 /* Block read commands (Classs 2) */
863 case 16: /* CMD16: SET_BLOCKLEN */
864 switch (sd->state) {
865 case sd_transfer_state:
866 if (req.arg > (1 << HWBLOCK_SHIFT))
867 sd->card_status |= BLOCK_LEN_ERROR;
868 else
869 sd->blk_len = req.arg;
870
871 return sd_r1;
872
873 default:
874 break;
875 }
876 break;
877
878 case 17: /* CMD17: READ_SINGLE_BLOCK */
879 switch (sd->state) {
880 case sd_transfer_state:
881 sd->state = sd_sendingdata_state;
2d7adea4 882 sd->data_start = addr;
a1bb27b1
PB		 883 sd->data_offset = 0;
884
885 if (sd->data_start + sd->blk_len > sd->size)
886 sd->card_status |= ADDRESS_ERROR;
887 return sd_r1;
888
889 default:
890 break;
891 }
892 break;
893
894 case 18: /* CMD18: READ_MULTIPLE_BLOCK */
895 switch (sd->state) {
896 case sd_transfer_state:
897 sd->state = sd_sendingdata_state;
2d7adea4 898 sd->data_start = addr;
a1bb27b1
PB		 899 sd->data_offset = 0;
900
901 if (sd->data_start + sd->blk_len > sd->size)
902 sd->card_status |= ADDRESS_ERROR;
903 return sd_r1;
904
905 default:
906 break;
907 }
908 break;
909
910 /* Block write commands (Class 4) */
911 case 24: /* CMD24: WRITE_SINGLE_BLOCK */
775616c3
PB		 912 if (sd->spi)
913 goto unimplemented_cmd;
a1bb27b1
PB		 914 switch (sd->state) {
915 case sd_transfer_state:
775616c3
PB		 916 /* Writing in SPI mode not implemented. */
917 if (sd->spi)
918 break;
a1bb27b1 919 sd->state = sd_receivingdata_state;
2d7adea4 920 sd->data_start = addr;
a1bb27b1
PB		 921 sd->data_offset = 0;
922 sd->blk_written = 0;
923
924 if (sd->data_start + sd->blk_len > sd->size)
925 sd->card_status |= ADDRESS_ERROR;
926 if (sd_wp_addr(sd, sd->data_start))
927 sd->card_status |= WP_VIOLATION;
928 if (sd->csd[14] & 0x30)
929 sd->card_status |= WP_VIOLATION;
930 return sd_r1;
931
932 default:
933 break;
934 }
935 break;
936
937 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
775616c3
PB		 938 if (sd->spi)
939 goto unimplemented_cmd;
a1bb27b1
PB		 940 switch (sd->state) {
941 case sd_transfer_state:
775616c3
PB		 942 /* Writing in SPI mode not implemented. */
943 if (sd->spi)
944 break;
a1bb27b1 945 sd->state = sd_receivingdata_state;
2d7adea4 946 sd->data_start = addr;
a1bb27b1
PB		 947 sd->data_offset = 0;
948 sd->blk_written = 0;
949
950 if (sd->data_start + sd->blk_len > sd->size)
951 sd->card_status |= ADDRESS_ERROR;
952 if (sd_wp_addr(sd, sd->data_start))
953 sd->card_status |= WP_VIOLATION;
954 if (sd->csd[14] & 0x30)
955 sd->card_status |= WP_VIOLATION;
956 return sd_r1;
957
958 default:
959 break;
960 }
961 break;
962
963 case 26: /* CMD26: PROGRAM_CID */
775616c3
PB		 964 if (sd->spi)
965 goto bad_cmd;
a1bb27b1
PB		 966 switch (sd->state) {
967 case sd_transfer_state:
968 sd->state = sd_receivingdata_state;
969 sd->data_start = 0;
970 sd->data_offset = 0;
971 return sd_r1;
972
973 default:
974 break;
975 }
976 break;
977
978 case 27: /* CMD27: PROGRAM_CSD */
775616c3
PB		 979 if (sd->spi)
980 goto unimplemented_cmd;
a1bb27b1
PB		 981 switch (sd->state) {
982 case sd_transfer_state:
983 sd->state = sd_receivingdata_state;
984 sd->data_start = 0;
985 sd->data_offset = 0;
986 return sd_r1;
987
988 default:
989 break;
990 }
991 break;
992
993 /* Write protection (Class 6) */
994 case 28: /* CMD28: SET_WRITE_PROT */
995 switch (sd->state) {
996 case sd_transfer_state:
2d7adea4 997 if (addr >= sd->size) {
a1bb27b1
PB		 998 sd->card_status = ADDRESS_ERROR;
999 return sd_r1b;
1000 }
1001
1002 sd->state = sd_programming_state;
2d7adea4 1003 sd->wp_groups[addr >> (HWBLOCK_SHIFT +
a1bb27b1
PB		 1004 SECTOR_SHIFT + WPGROUP_SHIFT)] = 1;
1005 /* Bzzzzzzztt .... Operation complete. */
1006 sd->state = sd_transfer_state;
1007 return sd_r1b;
1008
1009 default:
1010 break;
1011 }
1012 break;
1013
1014 case 29: /* CMD29: CLR_WRITE_PROT */
1015 switch (sd->state) {
1016 case sd_transfer_state:
2d7adea4 1017 if (addr >= sd->size) {
a1bb27b1
PB		 1018 sd->card_status = ADDRESS_ERROR;
1019 return sd_r1b;
1020 }
1021
1022 sd->state = sd_programming_state;
2d7adea4 1023 sd->wp_groups[addr >> (HWBLOCK_SHIFT +
a1bb27b1
PB		 1024 SECTOR_SHIFT + WPGROUP_SHIFT)] = 0;
1025 /* Bzzzzzzztt .... Operation complete. */
1026 sd->state = sd_transfer_state;
1027 return sd_r1b;
1028
1029 default:
1030 break;
1031 }
1032 break;
1033
1034 case 30: /* CMD30: SEND_WRITE_PROT */
1035 switch (sd->state) {
1036 case sd_transfer_state:
1037 sd->state = sd_sendingdata_state;
1038 *(uint32_t *) sd->data = sd_wpbits(sd, req.arg);
2d7adea4 1039 sd->data_start = addr;
a1bb27b1
PB		 1040 sd->data_offset = 0;
1041 return sd_r1b;
1042
1043 default:
1044 break;
1045 }
1046 break;
1047
1048 /* Erase commands (Class 5) */
1049 case 32: /* CMD32: ERASE_WR_BLK_START */
1050 switch (sd->state) {
1051 case sd_transfer_state:
1052 sd->erase_start = req.arg;
1053 return sd_r1;
1054
1055 default:
1056 break;
1057 }
1058 break;
1059
1060 case 33: /* CMD33: ERASE_WR_BLK_END */
1061 switch (sd->state) {
1062 case sd_transfer_state:
1063 sd->erase_end = req.arg;
1064 return sd_r1;
1065
1066 default:
1067 break;
1068 }
1069 break;
1070
1071 case 38: /* CMD38: ERASE */
1072 switch (sd->state) {
1073 case sd_transfer_state:
1074 if (sd->csd[14] & 0x30) {
1075 sd->card_status |= WP_VIOLATION;
1076 return sd_r1b;
1077 }
1078
1079 sd->state = sd_programming_state;
1080 sd_erase(sd);
1081 /* Bzzzzzzztt .... Operation complete. */
1082 sd->state = sd_transfer_state;
1083 return sd_r1b;
1084
1085 default:
1086 break;
1087 }
1088 break;
1089
1090 /* Lock card commands (Class 7) */
1091 case 42: /* CMD42: LOCK_UNLOCK */
775616c3
PB		 1092 if (sd->spi)
1093 goto unimplemented_cmd;
a1bb27b1
PB		 1094 switch (sd->state) {
1095 case sd_transfer_state:
1096 sd->state = sd_receivingdata_state;
1097 sd->data_start = 0;
1098 sd->data_offset = 0;
1099 return sd_r1;
1100
1101 default:
1102 break;
1103 }
1104 break;
1105
39e594db
PM		 1106 case 52:
1107 case 53:
1108 /* CMD52, CMD53: reserved for SDIO cards
1109 * (see the SDIO Simplified Specification V2.0)
1110 * Handle as illegal command but do not complain
1111 * on stderr, as some OSes may use these in their
1112 * probing for presence of an SDIO card.
1113 */
1114 sd->card_status |= ILLEGAL_COMMAND;
1115 return sd_r0;
1116
a1bb27b1
PB		 1117 /* Application specific commands (Class 8) */
1118 case 55: /* CMD55: APP_CMD */
1119 if (sd->rca != rca)
1120 return sd_r0;
1121
1122 sd->card_status |= APP_CMD;
1123 return sd_r1;
1124
1125 case 56: /* CMD56: GEN_CMD */
827df9f3 1126 fprintf(stderr, "SD: GEN_CMD 0x%08x\n", req.arg);
a1bb27b1
PB		 1127
1128 switch (sd->state) {
1129 case sd_transfer_state:
1130 sd->data_offset = 0;
1131 if (req.arg & 1)
1132 sd->state = sd_sendingdata_state;
1133 else
1134 sd->state = sd_receivingdata_state;
1135 return sd_r1;
1136
1137 default:
1138 break;
1139 }
1140 break;
1141
1142 default:
775616c3 1143 bad_cmd:
a1bb27b1
PB		 1144 sd->card_status |= ILLEGAL_COMMAND;
1145
827df9f3 1146 fprintf(stderr, "SD: Unknown CMD%i\n", req.cmd);
a1bb27b1 1147 return sd_r0;
775616c3
PB		 1148
1149 unimplemented_cmd:
1150 /* Commands that are recognised but not yet implemented in SPI mode. */
1151 sd->card_status |= ILLEGAL_COMMAND;
827df9f3 1152 fprintf(stderr, "SD: CMD%i not implemented in SPI mode\n", req.cmd);
775616c3 1153 return sd_r0;
a1bb27b1
PB		 1154 }
1155
1156 sd->card_status |= ILLEGAL_COMMAND;
827df9f3 1157 fprintf(stderr, "SD: CMD%i in a wrong state\n", req.cmd);
a1bb27b1
PB		 1158 return sd_r0;
1159}
1160
c227f099 1161static sd_rsp_type_t sd_app_command(SDState *sd,
22ed1d34
BS		 1162 SDRequest req)
1163{
a1bb27b1
PB		 1164 DPRINTF("ACMD%d 0x%08x\n", req.cmd, req.arg);
1165 switch (req.cmd) {
1166 case 6: /* ACMD6: SET_BUS_WIDTH */
1167 switch (sd->state) {
1168 case sd_transfer_state:
1169 sd->sd_status[0] &= 0x3f;
1170 sd->sd_status[0] |= (req.arg & 0x03) << 6;
1171 return sd_r1;
1172
1173 default:
1174 break;
1175 }
1176 break;
1177
1178 case 13: /* ACMD13: SD_STATUS */
1179 switch (sd->state) {
1180 case sd_transfer_state:
fb1ba03a 1181 sd->state = sd_sendingdata_state;
a1bb27b1
PB		 1182 sd->data_start = 0;
1183 sd->data_offset = 0;
1184 return sd_r1;
1185
1186 default:
1187 break;
1188 }
1189 break;
1190
1191 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
1192 switch (sd->state) {
1193 case sd_transfer_state:
1194 *(uint32_t *) sd->data = sd->blk_written;
1195
fb1ba03a 1196 sd->state = sd_sendingdata_state;
a1bb27b1
PB		 1197 sd->data_start = 0;
1198 sd->data_offset = 0;
1199 return sd_r1;
1200
1201 default:
1202 break;
1203 }
1204 break;
1205
1206 case 23: /* ACMD23: SET_WR_BLK_ERASE_COUNT */
1207 switch (sd->state) {
1208 case sd_transfer_state:
1209 return sd_r1;
1210
1211 default:
1212 break;
1213 }
1214 break;
1215
1216 case 41: /* ACMD41: SD_APP_OP_COND */
775616c3
PB		 1217 if (sd->spi) {
1218 /* SEND_OP_CMD */
1219 sd->state = sd_transfer_state;
1220 return sd_r1;
1221 }
a1bb27b1
PB		 1222 switch (sd->state) {
1223 case sd_idle_state:
1224 /* We accept any voltage. 10000 V is nothing. */
1225 if (req.arg)
1226 sd->state = sd_ready_state;
1227
1228 return sd_r3;
1229
1230 default:
1231 break;
1232 }
1233 break;
1234
1235 case 42: /* ACMD42: SET_CLR_CARD_DETECT */
1236 switch (sd->state) {
1237 case sd_transfer_state:
1238 /* Bringing in the 50KOhm pull-up resistor... Done. */
1239 return sd_r1;
1240
1241 default:
1242 break;
1243 }
1244 break;
1245
1246 case 51: /* ACMD51: SEND_SCR */
1247 switch (sd->state) {
1248 case sd_transfer_state:
1249 sd->state = sd_sendingdata_state;
1250 sd->data_start = 0;
1251 sd->data_offset = 0;
1252 return sd_r1;
1253
1254 default:
1255 break;
1256 }
1257 break;
1258
1259 default:
1260 /* Fall back to standard commands. */
1261 sd->card_status &= ~APP_CMD;
1262 return sd_normal_command(sd, req);
1263 }
1264
827df9f3 1265 fprintf(stderr, "SD: ACMD%i in a wrong state\n", req.cmd);
a1bb27b1
PB		 1266 return sd_r0;
1267}
1268
bc24a225 1269int sd_do_command(SDState *sd, SDRequest *req,
a1bb27b1
PB		 1270 uint8_t *response) {
1271 uint32_t last_status = sd->card_status;
c227f099 1272 sd_rsp_type_t rtype;
a1bb27b1
PB		 1273 int rsplen;
1274
03f311ed 1275 if (!sd->bdrv || !bdrv_is_inserted(sd->bdrv) || !sd->enable) {
a1bb27b1
PB		 1276 return 0;
1277 }
1278
1279 if (sd_req_crc_validate(req)) {
1280 sd->card_status &= ~COM_CRC_ERROR;
1281 return 0;
1282 }
1283
1284 sd->card_status &= ~CARD_STATUS_B;
1285 sd_set_status(sd);
1286
1287 if (last_status & CARD_IS_LOCKED)
1288 if (((last_status & APP_CMD) &&
1289 req->cmd == 41) ||
1290 (!(last_status & APP_CMD) &&
1291 (sd_cmd_class[req->cmd] == 0 ||
1292 sd_cmd_class[req->cmd] == 7 ||
1293 req->cmd == 16 || req->cmd == 55))) {
1294 sd->card_status |= ILLEGAL_COMMAND;
827df9f3 1295 fprintf(stderr, "SD: Card is locked\n");
a1bb27b1
PB		 1296 return 0;
1297 }
1298
724d3a8f 1299 if (last_status & APP_CMD) {
a1bb27b1 1300 rtype = sd_app_command(sd, *req);
724d3a8f
AZ		 1301 sd->card_status &= ~APP_CMD;
1302 } else
a1bb27b1
PB		 1303 rtype = sd_normal_command(sd, *req);
1304
1305 sd->current_cmd = req->cmd;
1306
1307 switch (rtype) {
1308 case sd_r1:
1309 case sd_r1b:
1310 sd_response_r1_make(sd, response, last_status);
1311 rsplen = 4;
1312 break;
1313
1314 case sd_r2_i:
1315 memcpy(response, sd->cid, sizeof(sd->cid));
a1bb27b1
PB		 1316 rsplen = 16;
1317 break;
1318
1319 case sd_r2_s:
1320 memcpy(response, sd->csd, sizeof(sd->csd));
a1bb27b1
PB		 1321 rsplen = 16;
1322 break;
1323
1324 case sd_r3:
1325 sd_response_r3_make(sd, response);
1326 rsplen = 4;
1327 break;
1328
1329 case sd_r6:
1330 sd_response_r6_make(sd, response);
1331 rsplen = 4;
1332 break;
1333
1b088995
AZ		 1334 case sd_r7:
1335 sd_response_r7_make(sd, response);
1336 rsplen = 4;
1337 break;
1338
a1bb27b1
PB		 1339 case sd_r0:
1340 default:
1341 rsplen = 0;
1342 break;
1343 }
1344
1345 if (sd->card_status & ILLEGAL_COMMAND)
1346 rsplen = 0;
1347
1348#ifdef DEBUG_SD
1349 if (rsplen) {
1350 int i;
1351 DPRINTF("Response:");
1352 for (i = 0; i < rsplen; i++)
1353 printf(" %02x", response[i]);
1354 printf(" state %d\n", sd->state);
1355 } else {
1356 DPRINTF("No response %d\n", sd->state);
1357 }
1358#endif
1359
1360 return rsplen;
1361}
1362
2d7adea4 1363static void sd_blk_read(SDState *sd, uint64_t addr, uint32_t len)
a1bb27b1 1364{
2d7adea4 1365 uint64_t end = addr + len;
a1bb27b1 1366
2d7adea4
AZ		 1367 DPRINTF("sd_blk_read: addr = 0x%08llx, len = %d\n",
1368 (unsigned long long) addr, len);
33f00271 1369 if (!sd->bdrv || bdrv_read(sd->bdrv, addr >> 9, sd->buf, 1) == -1) {
827df9f3 1370 fprintf(stderr, "sd_blk_read: read error on host side\n");
a1bb27b1
PB		 1371 return;
1372 }
1373
1374 if (end > (addr & ~511) + 512) {
33f00271 1375 memcpy(sd->data, sd->buf + (addr & 511), 512 - (addr & 511));
a1bb27b1 1376
33f00271 1377 if (bdrv_read(sd->bdrv, end >> 9, sd->buf, 1) == -1) {
827df9f3 1378 fprintf(stderr, "sd_blk_read: read error on host side\n");
a1bb27b1
PB		 1379 return;
1380 }
33f00271 1381 memcpy(sd->data + 512 - (addr & 511), sd->buf, end & 511);
a1bb27b1 1382 } else
33f00271 1383 memcpy(sd->data, sd->buf + (addr & 511), len);
a1bb27b1
PB		 1384}
1385
2d7adea4 1386static void sd_blk_write(SDState *sd, uint64_t addr, uint32_t len)
a1bb27b1 1387{
2d7adea4 1388 uint64_t end = addr + len;
a1bb27b1
PB		 1389
1390 if ((addr & 511) || len < 512)
33f00271 1391 if (!sd->bdrv || bdrv_read(sd->bdrv, addr >> 9, sd->buf, 1) == -1) {
827df9f3 1392 fprintf(stderr, "sd_blk_write: read error on host side\n");
a1bb27b1
PB		 1393 return;
1394 }
1395
1396 if (end > (addr & ~511) + 512) {
33f00271
AZ		 1397 memcpy(sd->buf + (addr & 511), sd->data, 512 - (addr & 511));
1398 if (bdrv_write(sd->bdrv, addr >> 9, sd->buf, 1) == -1) {
827df9f3 1399 fprintf(stderr, "sd_blk_write: write error on host side\n");
a1bb27b1
PB		 1400 return;
1401 }
1402
33f00271 1403 if (bdrv_read(sd->bdrv, end >> 9, sd->buf, 1) == -1) {
827df9f3 1404 fprintf(stderr, "sd_blk_write: read error on host side\n");
a1bb27b1
PB		 1405 return;
1406 }
33f00271
AZ		 1407 memcpy(sd->buf, sd->data + 512 - (addr & 511), end & 511);
1408 if (bdrv_write(sd->bdrv, end >> 9, sd->buf, 1) == -1)
827df9f3 1409 fprintf(stderr, "sd_blk_write: write error on host side\n");
a1bb27b1 1410 } else {
33f00271
AZ		 1411 memcpy(sd->buf + (addr & 511), sd->data, len);
1412 if (!sd->bdrv || bdrv_write(sd->bdrv, addr >> 9, sd->buf, 1) == -1)
827df9f3 1413 fprintf(stderr, "sd_blk_write: write error on host side\n");
a1bb27b1
PB		 1414 }
1415}
1416
33f00271
AZ		 1417#define BLK_READ_BLOCK(a, len) sd_blk_read(sd, a, len)
1418#define BLK_WRITE_BLOCK(a, len) sd_blk_write(sd, a, len)
a1bb27b1
PB		 1419#define APP_READ_BLOCK(a, len) memset(sd->data, 0xec, len)
1420#define APP_WRITE_BLOCK(a, len)
1421
1422void sd_write_data(SDState *sd, uint8_t value)
1423{
1424 int i;
1425
827df9f3 1426 if (!sd->bdrv || !bdrv_is_inserted(sd->bdrv) || !sd->enable)
a1bb27b1
PB		 1427 return;
1428
1429 if (sd->state != sd_receivingdata_state) {
827df9f3 1430 fprintf(stderr, "sd_write_data: not in Receiving-Data state\n");
a1bb27b1
PB		 1431 return;
1432 }
1433
1434 if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION))
1435 return;
1436
1437 switch (sd->current_cmd) {
1438 case 24: /* CMD24: WRITE_SINGLE_BLOCK */
1439 sd->data[sd->data_offset ++] = value;
1440 if (sd->data_offset >= sd->blk_len) {
1441 /* TODO: Check CRC before committing */
1442 sd->state = sd_programming_state;
1443 BLK_WRITE_BLOCK(sd->data_start, sd->data_offset);
1444 sd->blk_written ++;
1445 sd->csd[14] |= 0x40;
1446 /* Bzzzzzzztt .... Operation complete. */
1447 sd->state = sd_transfer_state;
1448 }
1449 break;
1450
1451 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
33fa8234
DDAG		 1452 if (sd->data_offset == 0) {
1453 /* Start of the block - lets check the address is valid */
a1bb27b1
PB		 1454 if (sd->data_start + sd->blk_len > sd->size) {
1455 sd->card_status |= ADDRESS_ERROR;
1456 break;
1457 }
1458 if (sd_wp_addr(sd, sd->data_start)) {
1459 sd->card_status |= WP_VIOLATION;
1460 break;
1461 }
33fa8234
DDAG		 1462 }
1463 sd->data[sd->data_offset++] = value;
1464 if (sd->data_offset >= sd->blk_len) {
1465 /* TODO: Check CRC before committing */
1466 sd->state = sd_programming_state;
1467 BLK_WRITE_BLOCK(sd->data_start, sd->data_offset);
1468 sd->blk_written++;
1469 sd->data_start += sd->blk_len;
1470 sd->data_offset = 0;
a1bb27b1
PB		 1471 sd->csd[14] |= 0x40;
1472
1473 /* Bzzzzzzztt .... Operation complete. */
1474 sd->state = sd_receivingdata_state;
1475 }
1476 break;
1477
1478 case 26: /* CMD26: PROGRAM_CID */
1479 sd->data[sd->data_offset ++] = value;
1480 if (sd->data_offset >= sizeof(sd->cid)) {
1481 /* TODO: Check CRC before committing */
1482 sd->state = sd_programming_state;
1483 for (i = 0; i < sizeof(sd->cid); i ++)
1484 if ((sd->cid[i] | 0x00) != sd->data[i])
1485 sd->card_status |= CID_CSD_OVERWRITE;
1486
1487 if (!(sd->card_status & CID_CSD_OVERWRITE))
1488 for (i = 0; i < sizeof(sd->cid); i ++) {
1489 sd->cid[i] |= 0x00;
1490 sd->cid[i] &= sd->data[i];
1491 }
1492 /* Bzzzzzzztt .... Operation complete. */
1493 sd->state = sd_transfer_state;
1494 }
1495 break;
1496
1497 case 27: /* CMD27: PROGRAM_CSD */
1498 sd->data[sd->data_offset ++] = value;
1499 if (sd->data_offset >= sizeof(sd->csd)) {
1500 /* TODO: Check CRC before committing */
1501 sd->state = sd_programming_state;
1502 for (i = 0; i < sizeof(sd->csd); i ++)
1503 if ((sd->csd[i] | sd_csd_rw_mask[i]) !=
1504 (sd->data[i] | sd_csd_rw_mask[i]))
1505 sd->card_status |= CID_CSD_OVERWRITE;
1506
1507 /* Copy flag (OTP) & Permanent write protect */
1508 if (sd->csd[14] & ~sd->data[14] & 0x60)
1509 sd->card_status |= CID_CSD_OVERWRITE;
1510
1511 if (!(sd->card_status & CID_CSD_OVERWRITE))
1512 for (i = 0; i < sizeof(sd->csd); i ++) {
1513 sd->csd[i] |= sd_csd_rw_mask[i];
1514 sd->csd[i] &= sd->data[i];
1515 }
1516 /* Bzzzzzzztt .... Operation complete. */
1517 sd->state = sd_transfer_state;
1518 }
1519 break;
1520
1521 case 42: /* CMD42: LOCK_UNLOCK */
1522 sd->data[sd->data_offset ++] = value;
1523 if (sd->data_offset >= sd->blk_len) {
1524 /* TODO: Check CRC before committing */
1525 sd->state = sd_programming_state;
1526 sd_lock_command(sd);
1527 /* Bzzzzzzztt .... Operation complete. */
1528 sd->state = sd_transfer_state;
1529 }
1530 break;
1531
1532 case 56: /* CMD56: GEN_CMD */
1533 sd->data[sd->data_offset ++] = value;
1534 if (sd->data_offset >= sd->blk_len) {
1535 APP_WRITE_BLOCK(sd->data_start, sd->data_offset);
1536 sd->state = sd_transfer_state;
1537 }
1538 break;
1539
1540 default:
827df9f3 1541 fprintf(stderr, "sd_write_data: unknown command\n");
a1bb27b1
PB		 1542 break;
1543 }
1544}
1545
1546uint8_t sd_read_data(SDState *sd)
1547{
1548 /* TODO: Append CRCs */
1549 uint8_t ret;
2d7adea4 1550 int io_len;
a1bb27b1 1551
827df9f3 1552 if (!sd->bdrv || !bdrv_is_inserted(sd->bdrv) || !sd->enable)
a1bb27b1
PB		 1553 return 0x00;
1554
1555 if (sd->state != sd_sendingdata_state) {
827df9f3 1556 fprintf(stderr, "sd_read_data: not in Sending-Data state\n");
a1bb27b1
PB		 1557 return 0x00;
1558 }
1559
1560 if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION))
1561 return 0x00;
1562
2d7adea4
AZ		 1563 io_len = (sd->ocr & (1 << 30)) ? 512 : sd->blk_len;
1564
a1bb27b1
PB		 1565 switch (sd->current_cmd) {
1566 case 6: /* CMD6: SWITCH_FUNCTION */
1567 ret = sd->data[sd->data_offset ++];
1568
1569 if (sd->data_offset >= 64)
1570 sd->state = sd_transfer_state;
1571 break;
1572
775616c3
PB		 1573 case 9: /* CMD9: SEND_CSD */
1574 case 10: /* CMD10: SEND_CID */
1575 ret = sd->data[sd->data_offset ++];
1576
1577 if (sd->data_offset >= 16)
1578 sd->state = sd_transfer_state;
1579 break;
1580
a1bb27b1
PB		 1581 case 11: /* CMD11: READ_DAT_UNTIL_STOP */
1582 if (sd->data_offset == 0)
2d7adea4 1583 BLK_READ_BLOCK(sd->data_start, io_len);
a1bb27b1
PB		 1584 ret = sd->data[sd->data_offset ++];
1585
2d7adea4
AZ		 1586 if (sd->data_offset >= io_len) {
1587 sd->data_start += io_len;
a1bb27b1 1588 sd->data_offset = 0;
2d7adea4 1589 if (sd->data_start + io_len > sd->size) {
a1bb27b1
PB		 1590 sd->card_status |= ADDRESS_ERROR;
1591 break;
1592 }
1593 }
1594 break;
1595
1596 case 13: /* ACMD13: SD_STATUS */
1597 ret = sd->sd_status[sd->data_offset ++];
1598
1599 if (sd->data_offset >= sizeof(sd->sd_status))
1600 sd->state = sd_transfer_state;
1601 break;
1602
1603 case 17: /* CMD17: READ_SINGLE_BLOCK */
1604 if (sd->data_offset == 0)
2d7adea4 1605 BLK_READ_BLOCK(sd->data_start, io_len);
a1bb27b1
PB		 1606 ret = sd->data[sd->data_offset ++];
1607
2d7adea4 1608 if (sd->data_offset >= io_len)
a1bb27b1
PB		 1609 sd->state = sd_transfer_state;
1610 break;
1611
1612 case 18: /* CMD18: READ_MULTIPLE_BLOCK */
1613 if (sd->data_offset == 0)
2d7adea4 1614 BLK_READ_BLOCK(sd->data_start, io_len);
a1bb27b1
PB		 1615 ret = sd->data[sd->data_offset ++];
1616
2d7adea4
AZ		 1617 if (sd->data_offset >= io_len) {
1618 sd->data_start += io_len;
a1bb27b1 1619 sd->data_offset = 0;
2d7adea4 1620 if (sd->data_start + io_len > sd->size) {
a1bb27b1
PB		 1621 sd->card_status |= ADDRESS_ERROR;
1622 break;
1623 }
1624 }
1625 break;
1626
1627 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
1628 ret = sd->data[sd->data_offset ++];
1629
1630 if (sd->data_offset >= 4)
1631 sd->state = sd_transfer_state;
1632 break;
1633
1634 case 30: /* CMD30: SEND_WRITE_PROT */
1635 ret = sd->data[sd->data_offset ++];
1636
1637 if (sd->data_offset >= 4)
1638 sd->state = sd_transfer_state;
1639 break;
1640
1641 case 51: /* ACMD51: SEND_SCR */
1642 ret = sd->scr[sd->data_offset ++];
1643
1644 if (sd->data_offset >= sizeof(sd->scr))
1645 sd->state = sd_transfer_state;
1646 break;
1647
1648 case 56: /* CMD56: GEN_CMD */
1649 if (sd->data_offset == 0)
1650 APP_READ_BLOCK(sd->data_start, sd->blk_len);
1651 ret = sd->data[sd->data_offset ++];
1652
1653 if (sd->data_offset >= sd->blk_len)
1654 sd->state = sd_transfer_state;
1655 break;
1656
1657 default:
827df9f3 1658 fprintf(stderr, "sd_read_data: unknown command\n");
a1bb27b1
PB		 1659 return 0x00;
1660 }
1661
1662 return ret;
1663}
1664
1665int sd_data_ready(SDState *sd)
1666{
1667 return sd->state == sd_sendingdata_state;
1668}
827df9f3
AZ		 1669
1670void sd_enable(SDState *sd, int enable)
1671{
1672 sd->enable = enable;
1673}
Qemu copy for testing