]> git.proxmox.com Git - qemu.git/blame - hw/sd.c
projects / qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Revert "Get rid of _t suffix"
[qemu.git] / hw / sd.c
CommitLineData
5fafdf24 1/*
a1bb27b1
PB		 2 * SD Memory Card emulation as defined in the "SD Memory Card Physical
3 * layer specification, Version 1.10."
4 *
5 * Copyright (c) 2006 Andrzej Zaborowski <balrog@zabor.org>
6 * Copyright (c) 2007 CodeSourcery
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in
16 * the documentation and/or other materials provided with the
17 * distribution.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS''
20 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
21 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
22 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR
23 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
24 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
25 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
26 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
27 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
28 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
29 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
30 */
31
87ecb68b
PB		 32#include "hw.h"
33#include "block.h"
a1bb27b1
PB		 34#include "sd.h"
35
36//#define DEBUG_SD 1
37
38#ifdef DEBUG_SD
001faf32
BS		 39#define DPRINTF(fmt, ...) \
40do { fprintf(stderr, "SD: " fmt , ## __VA_ARGS__); } while (0)
a1bb27b1 41#else
001faf32 42#define DPRINTF(fmt, ...) do {} while(0)
a1bb27b1
PB		 43#endif
44
45typedef enum {
46 sd_r0 = 0, /* no response */
47 sd_r1, /* normal response command */
48 sd_r2_i, /* CID register */
49 sd_r2_s, /* CSD register */
50 sd_r3, /* OCR register */
51 sd_r6 = 6, /* Published RCA response */
1b088995 52 sd_r7, /* Operating voltage */
a1bb27b1 53 sd_r1b = -1,
c227f099 54} sd_rsp_type_t;
a1bb27b1
PB		 55
56struct SDState {
57 enum {
58 sd_inactive,
59 sd_card_identification_mode,
60 sd_data_transfer_mode,
61 } mode;
62 enum {
63 sd_inactive_state = -1,
64 sd_idle_state = 0,
65 sd_ready_state,
66 sd_identification_state,
67 sd_standby_state,
68 sd_transfer_state,
69 sd_sendingdata_state,
70 sd_receivingdata_state,
71 sd_programming_state,
72 sd_disconnect_state,
73 } state;
74 uint32_t ocr;
75 uint8_t scr[8];
76 uint8_t cid[16];
77 uint8_t csd[16];
78 uint16_t rca;
79 uint32_t card_status;
80 uint8_t sd_status[64];
1b088995 81 uint32_t vhs;
a1bb27b1
PB		 82 int wp_switch;
83 int *wp_groups;
84 uint32_t size;
85 int blk_len;
86 uint32_t erase_start;
87 uint32_t erase_end;
88 uint8_t pwd[16];
89 int pwd_len;
90 int function_group[6];
91
775616c3 92 int spi;
a1bb27b1
PB		 93 int current_cmd;
94 int blk_written;
95 uint32_t data_start;
96 uint32_t data_offset;
97 uint8_t data[512];
02ce600c
AZ		 98 qemu_irq readonly_cb;
99 qemu_irq inserted_cb;
a1bb27b1 100 BlockDriverState *bdrv;
33f00271 101 uint8_t *buf;
827df9f3
AZ		 102
103 int enable;
a1bb27b1
PB		 104};
105
106static void sd_set_status(SDState *sd)
107{
108 switch (sd->state) {
109 case sd_inactive_state:
110 sd->mode = sd_inactive;
111 break;
112
113 case sd_idle_state:
114 case sd_ready_state:
115 case sd_identification_state:
116 sd->mode = sd_card_identification_mode;
117 break;
118
119 case sd_standby_state:
120 case sd_transfer_state:
121 case sd_sendingdata_state:
122 case sd_receivingdata_state:
123 case sd_programming_state:
124 case sd_disconnect_state:
125 sd->mode = sd_data_transfer_mode;
126 break;
127 }
128
129 sd->card_status &= ~CURRENT_STATE;
130 sd->card_status |= sd->state << 9;
131}
132
c227f099 133static const sd_cmd_type_t sd_cmd_type[64] = {
a1bb27b1 134 sd_bc, sd_none, sd_bcr, sd_bcr, sd_none, sd_none, sd_none, sd_ac,
1b088995 135 sd_bcr, sd_ac, sd_ac, sd_adtc, sd_ac, sd_ac, sd_none, sd_ac,
a1bb27b1
PB		 136 sd_ac, sd_adtc, sd_adtc, sd_none, sd_none, sd_none, sd_none, sd_none,
137 sd_adtc, sd_adtc, sd_adtc, sd_adtc, sd_ac, sd_ac, sd_adtc, sd_none,
138 sd_ac, sd_ac, sd_none, sd_none, sd_none, sd_none, sd_ac, sd_none,
139 sd_none, sd_none, sd_bc, sd_none, sd_none, sd_none, sd_none, sd_none,
140 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_ac,
141 sd_adtc, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
142};
143
c227f099 144static const sd_cmd_type_t sd_acmd_type[64] = {
a1bb27b1
PB		 145 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_ac, sd_none,
146 sd_none, sd_none, sd_none, sd_none, sd_none, sd_adtc, sd_none, sd_none,
147 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_adtc, sd_ac,
148 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
149 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
150 sd_none, sd_bcr, sd_ac, sd_none, sd_none, sd_none, sd_none, sd_none,
151 sd_none, sd_none, sd_none, sd_adtc, sd_none, sd_none, sd_none, sd_none,
152 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
153};
154
155static const int sd_cmd_class[64] = {
156 0, 0, 0, 0, 0, 9, 10, 0, 0, 0, 0, 1, 0, 0, 0, 0,
157 2, 2, 2, 2, 3, 3, 3, 3, 4, 4, 4, 4, 6, 6, 6, 6,
158 5, 5, 10, 10, 10, 10, 5, 9, 9, 9, 7, 7, 7, 7, 7, 7,
159 7, 7, 10, 7, 9, 9, 9, 8, 8, 10, 8, 8, 8, 8, 8, 8,
160};
161
162static uint8_t sd_crc7(void *message, size_t width)
163{
164 int i, bit;
165 uint8_t shift_reg = 0x00;
166 uint8_t *msg = (uint8_t *) message;
167
168 for (i = 0; i < width; i ++, msg ++)
169 for (bit = 7; bit >= 0; bit --) {
170 shift_reg <<= 1;
171 if ((shift_reg >> 7) ^ ((*msg >> bit) & 1))
172 shift_reg ^= 0x89;
173 }
174
175 return shift_reg;
176}
177
178static uint16_t sd_crc16(void *message, size_t width)
179{
180 int i, bit;
181 uint16_t shift_reg = 0x0000;
182 uint16_t *msg = (uint16_t *) message;
183 width <<= 1;
184
185 for (i = 0; i < width; i ++, msg ++)
186 for (bit = 15; bit >= 0; bit --) {
187 shift_reg <<= 1;
188 if ((shift_reg >> 15) ^ ((*msg >> bit) & 1))
189 shift_reg ^= 0x1011;
190 }
191
192 return shift_reg;
193}
194
195static void sd_set_ocr(SDState *sd)
196{
1b088995 197 /* All voltages OK, card power-up OK, Standard Capacity SD Memory Card */
829ef7b0 198 sd->ocr = 0x80ffff00;
a1bb27b1
PB		 199}
200
201static void sd_set_scr(SDState *sd)
202{
203 sd->scr[0] = 0x00; /* SCR Structure */
204 sd->scr[1] = 0x2f; /* SD Security Support */
205 sd->scr[2] = 0x00;
206 sd->scr[3] = 0x00;
207 sd->scr[4] = 0x00;
208 sd->scr[5] = 0x00;
209 sd->scr[6] = 0x00;
210 sd->scr[7] = 0x00;
211}
212
213#define MID 0xaa
214#define OID "XY"
215#define PNM "QEMU!"
216#define PRV 0x01
217#define MDT_YR 2006
218#define MDT_MON 2
219
220static void sd_set_cid(SDState *sd)
221{
222 sd->cid[0] = MID; /* Fake card manufacturer ID (MID) */
223 sd->cid[1] = OID[0]; /* OEM/Application ID (OID) */
224 sd->cid[2] = OID[1];
225 sd->cid[3] = PNM[0]; /* Fake product name (PNM) */
226 sd->cid[4] = PNM[1];
227 sd->cid[5] = PNM[2];
228 sd->cid[6] = PNM[3];
229 sd->cid[7] = PNM[4];
230 sd->cid[8] = PRV; /* Fake product revision (PRV) */
231 sd->cid[9] = 0xde; /* Fake serial number (PSN) */
232 sd->cid[10] = 0xad;
233 sd->cid[11] = 0xbe;
234 sd->cid[12] = 0xef;
235 sd->cid[13] = 0x00 | /* Manufacture date (MDT) */
236 ((MDT_YR - 2000) / 10);
237 sd->cid[14] = ((MDT_YR % 10) << 4) | MDT_MON;
238 sd->cid[15] = (sd_crc7(sd->cid, 15) << 1) | 1;
239}
240
241#define HWBLOCK_SHIFT 9 /* 512 bytes */
242#define SECTOR_SHIFT 5 /* 16 kilobytes */
243#define WPGROUP_SHIFT 7 /* 2 megs */
244#define CMULT_SHIFT 9 /* 512 times HWBLOCK_SIZE */
a1bb27b1
PB		 245#define WPGROUP_SIZE (1 << (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT))
246
247static const uint8_t sd_csd_rw_mask[16] = {
248 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
249 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xfc, 0xfe,
250};
251
252static void sd_set_csd(SDState *sd, uint32_t size)
253{
254 uint32_t csize = (size >> (CMULT_SHIFT + HWBLOCK_SHIFT)) - 1;
255 uint32_t sectsize = (1 << (SECTOR_SHIFT + 1)) - 1;
256 uint32_t wpsize = (1 << (WPGROUP_SHIFT + 1)) - 1;
257
258 sd->csd[0] = 0x00; /* CSD structure */
259 sd->csd[1] = 0x26; /* Data read access-time-1 */
260 sd->csd[2] = 0x00; /* Data read access-time-2 */
261 sd->csd[3] = 0x5a; /* Max. data transfer rate */
262 sd->csd[4] = 0x5f; /* Card Command Classes */
263 sd->csd[5] = 0x50 | /* Max. read data block length */
264 HWBLOCK_SHIFT;
265 sd->csd[6] = 0xe0 | /* Partial block for read allowed */
266 ((csize >> 10) & 0x03);
267 sd->csd[7] = 0x00 | /* Device size */
268 ((csize >> 2) & 0xff);
269 sd->csd[8] = 0x3f | /* Max. read current */
270 ((csize << 6) & 0xc0);
271 sd->csd[9] = 0xfc | /* Max. write current */
272 ((CMULT_SHIFT - 2) >> 1);
273 sd->csd[10] = 0x40 | /* Erase sector size */
274 (((CMULT_SHIFT - 2) << 7) & 0x80) | (sectsize >> 1);
275 sd->csd[11] = 0x00 | /* Write protect group size */
276 ((sectsize << 7) & 0x80) | wpsize;
277 sd->csd[12] = 0x90 | /* Write speed factor */
278 (HWBLOCK_SHIFT >> 2);
279 sd->csd[13] = 0x20 | /* Max. write data block length */
280 ((HWBLOCK_SHIFT << 6) & 0xc0);
281 sd->csd[14] = 0x00; /* File format group */
282 sd->csd[15] = (sd_crc7(sd->csd, 15) << 1) | 1;
283}
284
285static void sd_set_rca(SDState *sd)
286{
287 sd->rca += 0x4567;
288}
289
290#define CARD_STATUS_A 0x02004100
291#define CARD_STATUS_B 0x00c01e00
292#define CARD_STATUS_C 0xfd39a028
293
294static void sd_set_cardstatus(SDState *sd)
295{
296 sd->card_status = 0x00000100;
297}
298
299static void sd_set_sdstatus(SDState *sd)
300{
301 memset(sd->sd_status, 0, 64);
302}
303
bc24a225 304static int sd_req_crc_validate(SDRequest *req)
a1bb27b1
PB		 305{
306 uint8_t buffer[5];
307 buffer[0] = 0x40 | req->cmd;
308 buffer[1] = (req->arg >> 24) & 0xff;
309 buffer[2] = (req->arg >> 16) & 0xff;
310 buffer[3] = (req->arg >> 8) & 0xff;
311 buffer[4] = (req->arg >> 0) & 0xff;
312 return 0;
313 return sd_crc7(buffer, 5) != req->crc; /* TODO */
314}
315
9596ebb7
PB		 316static void sd_response_r1_make(SDState *sd,
317 uint8_t *response, uint32_t last_status)
a1bb27b1
PB		 318{
319 uint32_t mask = CARD_STATUS_B ^ ILLEGAL_COMMAND;
320 uint32_t status;
321
322 status = (sd->card_status & ~mask) | (last_status & mask);
323 sd->card_status &= ~CARD_STATUS_C | APP_CMD;
324
325 response[0] = (status >> 24) & 0xff;
326 response[1] = (status >> 16) & 0xff;
327 response[2] = (status >> 8) & 0xff;
328 response[3] = (status >> 0) & 0xff;
329}
330
9596ebb7 331static void sd_response_r3_make(SDState *sd, uint8_t *response)
a1bb27b1
PB		 332{
333 response[0] = (sd->ocr >> 24) & 0xff;
334 response[1] = (sd->ocr >> 16) & 0xff;
335 response[2] = (sd->ocr >> 8) & 0xff;
336 response[3] = (sd->ocr >> 0) & 0xff;
337}
338
9596ebb7 339static void sd_response_r6_make(SDState *sd, uint8_t *response)
a1bb27b1
PB		 340{
341 uint16_t arg;
342 uint16_t status;
343
344 arg = sd->rca;
345 status = ((sd->card_status >> 8) & 0xc000) |
346 ((sd->card_status >> 6) & 0x2000) |
347 (sd->card_status & 0x1fff);
348
349 response[0] = (arg >> 8) & 0xff;
350 response[1] = arg & 0xff;
351 response[2] = (status >> 8) & 0xff;
352 response[3] = status & 0xff;
353}
354
1b088995
AZ		 355static void sd_response_r7_make(SDState *sd, uint8_t *response)
356{
357 response[0] = (sd->vhs >> 24) & 0xff;
358 response[1] = (sd->vhs >> 16) & 0xff;
359 response[2] = (sd->vhs >> 8) & 0xff;
360 response[3] = (sd->vhs >> 0) & 0xff;
361}
362
a1bb27b1
PB		 363static void sd_reset(SDState *sd, BlockDriverState *bdrv)
364{
365 uint32_t size;
366 uint64_t sect;
367
03f311ed
PB		 368 if (bdrv) {
369 bdrv_get_geometry(bdrv, &sect);
370 } else {
371 sect = 0;
372 }
a1bb27b1
PB		 373 sect <<= 9;
374
375 if (sect > 0x40000000)
376 size = 0x40000000; /* 1 gig */
377 else
378 size = sect + 1;
379
380 sect = (size >> (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT)) + 1;
381
382 sd->state = sd_idle_state;
383 sd->rca = 0x0000;
384 sd_set_ocr(sd);
385 sd_set_scr(sd);
386 sd_set_cid(sd);
387 sd_set_csd(sd, size);
388 sd_set_cardstatus(sd);
389 sd_set_sdstatus(sd);
390
391 sd->bdrv = bdrv;
392
257514dd
PB		 393 if (sd->wp_groups)
394 qemu_free(sd->wp_groups);
03f311ed 395 sd->wp_switch = bdrv ? bdrv_is_read_only(bdrv) : 0;
a1bb27b1 396 sd->wp_groups = (int *) qemu_mallocz(sizeof(int) * sect);
a1bb27b1
PB		 397 memset(sd->function_group, 0, sizeof(int) * 6);
398 sd->erase_start = 0;
399 sd->erase_end = 0;
400 sd->size = size;
401 sd->blk_len = 0x200;
402 sd->pwd_len = 0;
403}
404
405static void sd_cardchange(void *opaque)
406{
407 SDState *sd = opaque;
02ce600c 408 qemu_set_irq(sd->inserted_cb, bdrv_is_inserted(sd->bdrv));
a1bb27b1
PB		 409 if (bdrv_is_inserted(sd->bdrv)) {
410 sd_reset(sd, sd->bdrv);
257514dd 411 qemu_set_irq(sd->readonly_cb, sd->wp_switch);
a1bb27b1
PB		 412 }
413}
414
775616c3 415/* We do not model the chip select pin, so allow the board to select
8ef6367e 416 whether card should be in SSI or MMC/SD mode. It is also up to the
775616c3
PB		 417 board to ensure that ssi transfers only occur when the chip select
418 is asserted. */
419SDState *sd_init(BlockDriverState *bs, int is_spi)
a1bb27b1
PB		 420{
421 SDState *sd;
422
423 sd = (SDState *) qemu_mallocz(sizeof(SDState));
33f00271 424 sd->buf = qemu_memalign(512, 512);
775616c3 425 sd->spi = is_spi;
4872aa13 426 sd->enable = 1;
a1bb27b1 427 sd_reset(sd, bs);
03f311ed
PB		 428 if (sd->bdrv) {
429 bdrv_set_change_cb(sd->bdrv, sd_cardchange, sd);
430 }
a1bb27b1
PB		 431 return sd;
432}
433
02ce600c 434void sd_set_cb(SDState *sd, qemu_irq readonly, qemu_irq insert)
a1bb27b1 435{
02ce600c
AZ		 436 sd->readonly_cb = readonly;
437 sd->inserted_cb = insert;
438 qemu_set_irq(readonly, bdrv_is_read_only(sd->bdrv));
439 qemu_set_irq(insert, bdrv_is_inserted(sd->bdrv));
a1bb27b1
PB		 440}
441
442static void sd_erase(SDState *sd)
443{
444 int i, start, end;
445 if (!sd->erase_start || !sd->erase_end) {
446 sd->card_status |= ERASE_SEQ_ERROR;
447 return;
448 }
449
450 start = sd->erase_start >>
451 (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT);
452 end = sd->erase_end >>
453 (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT);
454 sd->erase_start = 0;
455 sd->erase_end = 0;
456 sd->csd[14] |= 0x40;
457
458 for (i = start; i <= end; i ++)
459 if (sd->wp_groups[i])
460 sd->card_status |= WP_ERASE_SKIP;
461}
462
463static uint32_t sd_wpbits(SDState *sd, uint32_t addr)
464{
465 uint32_t i, wpnum;
466 uint32_t ret = 0;
467
468 wpnum = addr >> (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT);
469
470 for (i = 0; i < 32; i ++, wpnum ++, addr += WPGROUP_SIZE)
471 if (addr < sd->size && sd->wp_groups[wpnum])
472 ret |= (1 << i);
473
474 return ret;
475}
476
477static void sd_function_switch(SDState *sd, uint32_t arg)
478{
479 int i, mode, new_func, crc;
480 mode = !!(arg & 0x80000000);
481
482 sd->data[0] = 0x00; /* Maximum current consumption */
483 sd->data[1] = 0x01;
484 sd->data[2] = 0x80; /* Supported group 6 functions */
485 sd->data[3] = 0x01;
486 sd->data[4] = 0x80; /* Supported group 5 functions */
487 sd->data[5] = 0x01;
488 sd->data[6] = 0x80; /* Supported group 4 functions */
489 sd->data[7] = 0x01;
490 sd->data[8] = 0x80; /* Supported group 3 functions */
491 sd->data[9] = 0x01;
492 sd->data[10] = 0x80; /* Supported group 2 functions */
493 sd->data[11] = 0x43;
494 sd->data[12] = 0x80; /* Supported group 1 functions */
495 sd->data[13] = 0x03;
496 for (i = 0; i < 6; i ++) {
497 new_func = (arg >> (i * 4)) & 0x0f;
498 if (mode && new_func != 0x0f)
499 sd->function_group[i] = new_func;
500 sd->data[14 + (i >> 1)] = new_func << ((i * 4) & 4);
501 }
502 memset(&sd->data[17], 0, 47);
503 crc = sd_crc16(sd->data, 64);
504 sd->data[65] = crc >> 8;
505 sd->data[66] = crc & 0xff;
506}
507
508static inline int sd_wp_addr(SDState *sd, uint32_t addr)
509{
510 return sd->wp_groups[addr >>
511 (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT)];
512}
513
514static void sd_lock_command(SDState *sd)
515{
516 int erase, lock, clr_pwd, set_pwd, pwd_len;
517 erase = !!(sd->data[0] & 0x08);
518 lock = sd->data[0] & 0x04;
519 clr_pwd = sd->data[0] & 0x02;
520 set_pwd = sd->data[0] & 0x01;
521
522 if (sd->blk_len > 1)
523 pwd_len = sd->data[1];
524 else
525 pwd_len = 0;
526
527 if (erase) {
528 if (!(sd->card_status & CARD_IS_LOCKED) || sd->blk_len > 1 ||
529 set_pwd || clr_pwd || lock || sd->wp_switch ||
530 (sd->csd[14] & 0x20)) {
531 sd->card_status |= LOCK_UNLOCK_FAILED;
532 return;
533 }
534 memset(sd->wp_groups, 0, sizeof(int) * (sd->size >>
535 (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT)));
536 sd->csd[14] &= ~0x10;
537 sd->card_status &= ~CARD_IS_LOCKED;
538 sd->pwd_len = 0;
539 /* Erasing the entire card here! */
827df9f3 540 fprintf(stderr, "SD: Card force-erased by CMD42\n");
a1bb27b1
PB		 541 return;
542 }
543
544 if (sd->blk_len < 2 + pwd_len ||
545 pwd_len <= sd->pwd_len ||
546 pwd_len > sd->pwd_len + 16) {
547 sd->card_status |= LOCK_UNLOCK_FAILED;
548 return;
549 }
550
551 if (sd->pwd_len && memcmp(sd->pwd, sd->data + 2, sd->pwd_len)) {
552 sd->card_status |= LOCK_UNLOCK_FAILED;
553 return;
554 }
555
556 pwd_len -= sd->pwd_len;
557 if ((pwd_len && !set_pwd) ||
558 (clr_pwd && (set_pwd || lock)) ||
559 (lock && !sd->pwd_len && !set_pwd) ||
560 (!set_pwd && !clr_pwd &&
561 (((sd->card_status & CARD_IS_LOCKED) && lock) ||
562 (!(sd->card_status & CARD_IS_LOCKED) && !lock)))) {
563 sd->card_status |= LOCK_UNLOCK_FAILED;
564 return;
565 }
566
567 if (set_pwd) {
568 memcpy(sd->pwd, sd->data + 2 + sd->pwd_len, pwd_len);
569 sd->pwd_len = pwd_len;
570 }
571
572 if (clr_pwd) {
573 sd->pwd_len = 0;
574 }
575
576 if (lock)
577 sd->card_status |= CARD_IS_LOCKED;
578 else
579 sd->card_status &= ~CARD_IS_LOCKED;
580}
581
c227f099 582static sd_rsp_type_t sd_normal_command(SDState *sd,
bc24a225 583 SDRequest req)
a1bb27b1
PB		 584{
585 uint32_t rca = 0x0000;
586
587 if (sd_cmd_type[req.cmd] == sd_ac || sd_cmd_type[req.cmd] == sd_adtc)
588 rca = req.arg >> 16;
589
590 DPRINTF("CMD%d 0x%08x state %d\n", req.cmd, req.arg, sd->state);
591 switch (req.cmd) {
592 /* Basic commands (Class 0 and Class 1) */
593 case 0: /* CMD0: GO_IDLE_STATE */
594 switch (sd->state) {
595 case sd_inactive_state:
775616c3 596 return sd->spi ? sd_r1 : sd_r0;
a1bb27b1
PB		 597
598 default:
599 sd->state = sd_idle_state;
600 sd_reset(sd, sd->bdrv);
775616c3 601 return sd->spi ? sd_r1 : sd_r0;
a1bb27b1
PB		 602 }
603 break;
604
775616c3
PB		 605 case 1: /* CMD1: SEND_OP_CMD */
606 if (!sd->spi)
607 goto bad_cmd;
608
609 sd->state = sd_transfer_state;
610 return sd_r1;
611
a1bb27b1 612 case 2: /* CMD2: ALL_SEND_CID */
775616c3
PB		 613 if (sd->spi)
614 goto bad_cmd;
a1bb27b1
PB		 615 switch (sd->state) {
616 case sd_ready_state:
617 sd->state = sd_identification_state;
618 return sd_r2_i;
619
620 default:
621 break;
622 }
623 break;
624
625 case 3: /* CMD3: SEND_RELATIVE_ADDR */
775616c3
PB		 626 if (sd->spi)
627 goto bad_cmd;
a1bb27b1
PB		 628 switch (sd->state) {
629 case sd_identification_state:
630 case sd_standby_state:
631 sd->state = sd_standby_state;
632 sd_set_rca(sd);
633 return sd_r6;
634
635 default:
636 break;
637 }
638 break;
639
640 case 4: /* CMD4: SEND_DSR */
775616c3
PB		 641 if (sd->spi)
642 goto bad_cmd;
a1bb27b1
PB		 643 switch (sd->state) {
644 case sd_standby_state:
645 break;
646
647 default:
648 break;
649 }
650 break;
651
652 case 6: /* CMD6: SWITCH_FUNCTION */
775616c3
PB		 653 if (sd->spi)
654 goto bad_cmd;
a1bb27b1
PB		 655 switch (sd->mode) {
656 case sd_data_transfer_mode:
657 sd_function_switch(sd, req.arg);
658 sd->state = sd_sendingdata_state;
659 sd->data_start = 0;
660 sd->data_offset = 0;
661 return sd_r1;
662
663 default:
664 break;
665 }
666 break;
667
668 case 7: /* CMD7: SELECT/DESELECT_CARD */
775616c3
PB		 669 if (sd->spi)
670 goto bad_cmd;
a1bb27b1
PB		 671 switch (sd->state) {
672 case sd_standby_state:
673 if (sd->rca != rca)
674 return sd_r0;
675
676 sd->state = sd_transfer_state;
677 return sd_r1b;
678
679 case sd_transfer_state:
680 case sd_sendingdata_state:
681 if (sd->rca == rca)
682 break;
683
684 sd->state = sd_standby_state;
685 return sd_r1b;
686
687 case sd_disconnect_state:
688 if (sd->rca != rca)
689 return sd_r0;
690
691 sd->state = sd_programming_state;
692 return sd_r1b;
693
694 case sd_programming_state:
695 if (sd->rca == rca)
696 break;
697
698 sd->state = sd_disconnect_state;
699 return sd_r1b;
700
701 default:
702 break;
703 }
704 break;
705
1b088995
AZ		 706 case 8: /* CMD8: SEND_IF_COND */
707 /* Physical Layer Specification Version 2.00 command */
708 switch (sd->state) {
709 case sd_idle_state:
710 sd->vhs = 0;
711
712 /* No response if not exactly one VHS bit is set. */
713 if (!(req.arg >> 8) || (req.arg >> ffs(req.arg & ~0xff)))
714 return sd->spi ? sd_r7 : sd_r0;
715
716 /* Accept. */
717 sd->vhs = req.arg;
718 return sd_r7;
719
720 default:
721 break;
722 }
723 break;
724
a1bb27b1
PB		 725 case 9: /* CMD9: SEND_CSD */
726 switch (sd->state) {
727 case sd_standby_state:
728 if (sd->rca != rca)
729 return sd_r0;
730
731 return sd_r2_s;
732
775616c3
PB		 733 case sd_transfer_state:
734 if (!sd->spi)
735 break;
736 sd->state = sd_sendingdata_state;
737 memcpy(sd->data, sd->csd, 16);
738 sd->data_start = req.arg;
739 sd->data_offset = 0;
740 return sd_r1;
741
a1bb27b1
PB		 742 default:
743 break;
744 }
745 break;
746
747 case 10: /* CMD10: SEND_CID */
748 switch (sd->state) {
749 case sd_standby_state:
750 if (sd->rca != rca)
751 return sd_r0;
752
753 return sd_r2_i;
754
775616c3
PB		 755 case sd_transfer_state:
756 if (!sd->spi)
757 break;
758 sd->state = sd_sendingdata_state;
759 memcpy(sd->data, sd->cid, 16);
760 sd->data_start = req.arg;
761 sd->data_offset = 0;
762 return sd_r1;
763
a1bb27b1
PB		 764 default:
765 break;
766 }
767 break;
768
769 case 11: /* CMD11: READ_DAT_UNTIL_STOP */
775616c3
PB		 770 if (sd->spi)
771 goto bad_cmd;
a1bb27b1
PB		 772 switch (sd->state) {
773 case sd_transfer_state:
774 sd->state = sd_sendingdata_state;
775 sd->data_start = req.arg;
776 sd->data_offset = 0;
777
778 if (sd->data_start + sd->blk_len > sd->size)
779 sd->card_status |= ADDRESS_ERROR;
780 return sd_r0;
781
782 default:
783 break;
784 }
785 break;
786
787 case 12: /* CMD12: STOP_TRANSMISSION */
788 switch (sd->state) {
789 case sd_sendingdata_state:
790 sd->state = sd_transfer_state;
791 return sd_r1b;
792
793 case sd_receivingdata_state:
794 sd->state = sd_programming_state;
795 /* Bzzzzzzztt .... Operation complete. */
796 sd->state = sd_transfer_state;
797 return sd_r1b;
798
799 default:
800 break;
801 }
802 break;
803
804 case 13: /* CMD13: SEND_STATUS */
805 switch (sd->mode) {
806 case sd_data_transfer_mode:
807 if (sd->rca != rca)
808 return sd_r0;
809
810 return sd_r1;
811
812 default:
813 break;
814 }
815 break;
816
817 case 15: /* CMD15: GO_INACTIVE_STATE */
775616c3
PB		 818 if (sd->spi)
819 goto bad_cmd;
a1bb27b1
PB		 820 switch (sd->mode) {
821 case sd_data_transfer_mode:
822 if (sd->rca != rca)
823 return sd_r0;
824
825 sd->state = sd_inactive_state;
826 return sd_r0;
827
828 default:
829 break;
830 }
831 break;
832
833 /* Block read commands (Classs 2) */
834 case 16: /* CMD16: SET_BLOCKLEN */
835 switch (sd->state) {
836 case sd_transfer_state:
837 if (req.arg > (1 << HWBLOCK_SHIFT))
838 sd->card_status |= BLOCK_LEN_ERROR;
839 else
840 sd->blk_len = req.arg;
841
842 return sd_r1;
843
844 default:
845 break;
846 }
847 break;
848
849 case 17: /* CMD17: READ_SINGLE_BLOCK */
850 switch (sd->state) {
851 case sd_transfer_state:
852 sd->state = sd_sendingdata_state;
853 sd->data_start = req.arg;
854 sd->data_offset = 0;
855
856 if (sd->data_start + sd->blk_len > sd->size)
857 sd->card_status |= ADDRESS_ERROR;
858 return sd_r1;
859
860 default:
861 break;
862 }
863 break;
864
865 case 18: /* CMD18: READ_MULTIPLE_BLOCK */
866 switch (sd->state) {
867 case sd_transfer_state:
868 sd->state = sd_sendingdata_state;
869 sd->data_start = req.arg;
870 sd->data_offset = 0;
871
872 if (sd->data_start + sd->blk_len > sd->size)
873 sd->card_status |= ADDRESS_ERROR;
874 return sd_r1;
875
876 default:
877 break;
878 }
879 break;
880
881 /* Block write commands (Class 4) */
882 case 24: /* CMD24: WRITE_SINGLE_BLOCK */
775616c3
PB		 883 if (sd->spi)
884 goto unimplemented_cmd;
a1bb27b1
PB		 885 switch (sd->state) {
886 case sd_transfer_state:
775616c3
PB		 887 /* Writing in SPI mode not implemented. */
888 if (sd->spi)
889 break;
a1bb27b1
PB		 890 sd->state = sd_receivingdata_state;
891 sd->data_start = req.arg;
892 sd->data_offset = 0;
893 sd->blk_written = 0;
894
895 if (sd->data_start + sd->blk_len > sd->size)
896 sd->card_status |= ADDRESS_ERROR;
897 if (sd_wp_addr(sd, sd->data_start))
898 sd->card_status |= WP_VIOLATION;
899 if (sd->csd[14] & 0x30)
900 sd->card_status |= WP_VIOLATION;
901 return sd_r1;
902
903 default:
904 break;
905 }
906 break;
907
908 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
775616c3
PB		 909 if (sd->spi)
910 goto unimplemented_cmd;
a1bb27b1
PB		 911 switch (sd->state) {
912 case sd_transfer_state:
775616c3
PB		 913 /* Writing in SPI mode not implemented. */
914 if (sd->spi)
915 break;
a1bb27b1
PB		 916 sd->state = sd_receivingdata_state;
917 sd->data_start = req.arg;
918 sd->data_offset = 0;
919 sd->blk_written = 0;
920
921 if (sd->data_start + sd->blk_len > sd->size)
922 sd->card_status |= ADDRESS_ERROR;
923 if (sd_wp_addr(sd, sd->data_start))
924 sd->card_status |= WP_VIOLATION;
925 if (sd->csd[14] & 0x30)
926 sd->card_status |= WP_VIOLATION;
927 return sd_r1;
928
929 default:
930 break;
931 }
932 break;
933
934 case 26: /* CMD26: PROGRAM_CID */
775616c3
PB		 935 if (sd->spi)
936 goto bad_cmd;
a1bb27b1
PB		 937 switch (sd->state) {
938 case sd_transfer_state:
939 sd->state = sd_receivingdata_state;
940 sd->data_start = 0;
941 sd->data_offset = 0;
942 return sd_r1;
943
944 default:
945 break;
946 }
947 break;
948
949 case 27: /* CMD27: PROGRAM_CSD */
775616c3
PB		 950 if (sd->spi)
951 goto unimplemented_cmd;
a1bb27b1
PB		 952 switch (sd->state) {
953 case sd_transfer_state:
954 sd->state = sd_receivingdata_state;
955 sd->data_start = 0;
956 sd->data_offset = 0;
957 return sd_r1;
958
959 default:
960 break;
961 }
962 break;
963
964 /* Write protection (Class 6) */
965 case 28: /* CMD28: SET_WRITE_PROT */
966 switch (sd->state) {
967 case sd_transfer_state:
968 if (req.arg >= sd->size) {
969 sd->card_status = ADDRESS_ERROR;
970 return sd_r1b;
971 }
972
973 sd->state = sd_programming_state;
974 sd->wp_groups[req.arg >> (HWBLOCK_SHIFT +
975 SECTOR_SHIFT + WPGROUP_SHIFT)] = 1;
976 /* Bzzzzzzztt .... Operation complete. */
977 sd->state = sd_transfer_state;
978 return sd_r1b;
979
980 default:
981 break;
982 }
983 break;
984
985 case 29: /* CMD29: CLR_WRITE_PROT */
986 switch (sd->state) {
987 case sd_transfer_state:
988 if (req.arg >= sd->size) {
989 sd->card_status = ADDRESS_ERROR;
990 return sd_r1b;
991 }
992
993 sd->state = sd_programming_state;
994 sd->wp_groups[req.arg >> (HWBLOCK_SHIFT +
995 SECTOR_SHIFT + WPGROUP_SHIFT)] = 0;
996 /* Bzzzzzzztt .... Operation complete. */
997 sd->state = sd_transfer_state;
998 return sd_r1b;
999
1000 default:
1001 break;
1002 }
1003 break;
1004
1005 case 30: /* CMD30: SEND_WRITE_PROT */
1006 switch (sd->state) {
1007 case sd_transfer_state:
1008 sd->state = sd_sendingdata_state;
1009 *(uint32_t *) sd->data = sd_wpbits(sd, req.arg);
1010 sd->data_start = req.arg;
1011 sd->data_offset = 0;
1012 return sd_r1b;
1013
1014 default:
1015 break;
1016 }
1017 break;
1018
1019 /* Erase commands (Class 5) */
1020 case 32: /* CMD32: ERASE_WR_BLK_START */
1021 switch (sd->state) {
1022 case sd_transfer_state:
1023 sd->erase_start = req.arg;
1024 return sd_r1;
1025
1026 default:
1027 break;
1028 }
1029 break;
1030
1031 case 33: /* CMD33: ERASE_WR_BLK_END */
1032 switch (sd->state) {
1033 case sd_transfer_state:
1034 sd->erase_end = req.arg;
1035 return sd_r1;
1036
1037 default:
1038 break;
1039 }
1040 break;
1041
1042 case 38: /* CMD38: ERASE */
1043 switch (sd->state) {
1044 case sd_transfer_state:
1045 if (sd->csd[14] & 0x30) {
1046 sd->card_status |= WP_VIOLATION;
1047 return sd_r1b;
1048 }
1049
1050 sd->state = sd_programming_state;
1051 sd_erase(sd);
1052 /* Bzzzzzzztt .... Operation complete. */
1053 sd->state = sd_transfer_state;
1054 return sd_r1b;
1055
1056 default:
1057 break;
1058 }
1059 break;
1060
1061 /* Lock card commands (Class 7) */
1062 case 42: /* CMD42: LOCK_UNLOCK */
775616c3
PB		 1063 if (sd->spi)
1064 goto unimplemented_cmd;
a1bb27b1
PB		 1065 switch (sd->state) {
1066 case sd_transfer_state:
1067 sd->state = sd_receivingdata_state;
1068 sd->data_start = 0;
1069 sd->data_offset = 0;
1070 return sd_r1;
1071
1072 default:
1073 break;
1074 }
1075 break;
1076
1077 /* Application specific commands (Class 8) */
1078 case 55: /* CMD55: APP_CMD */
1079 if (sd->rca != rca)
1080 return sd_r0;
1081
1082 sd->card_status |= APP_CMD;
1083 return sd_r1;
1084
1085 case 56: /* CMD56: GEN_CMD */
827df9f3 1086 fprintf(stderr, "SD: GEN_CMD 0x%08x\n", req.arg);
a1bb27b1
PB		 1087
1088 switch (sd->state) {
1089 case sd_transfer_state:
1090 sd->data_offset = 0;
1091 if (req.arg & 1)
1092 sd->state = sd_sendingdata_state;
1093 else
1094 sd->state = sd_receivingdata_state;
1095 return sd_r1;
1096
1097 default:
1098 break;
1099 }
1100 break;
1101
1102 default:
775616c3 1103 bad_cmd:
a1bb27b1
PB		 1104 sd->card_status |= ILLEGAL_COMMAND;
1105
827df9f3 1106 fprintf(stderr, "SD: Unknown CMD%i\n", req.cmd);
a1bb27b1 1107 return sd_r0;
775616c3
PB		 1108
1109 unimplemented_cmd:
1110 /* Commands that are recognised but not yet implemented in SPI mode. */
1111 sd->card_status |= ILLEGAL_COMMAND;
827df9f3 1112 fprintf(stderr, "SD: CMD%i not implemented in SPI mode\n", req.cmd);
775616c3 1113 return sd_r0;
a1bb27b1
PB		 1114 }
1115
1116 sd->card_status |= ILLEGAL_COMMAND;
827df9f3 1117 fprintf(stderr, "SD: CMD%i in a wrong state\n", req.cmd);
a1bb27b1
PB		 1118 return sd_r0;
1119}
1120
c227f099 1121static sd_rsp_type_t sd_app_command(SDState *sd,
bc24a225 1122 SDRequest req) {
a1bb27b1
PB		 1123 uint32_t rca;
1124
1125 if (sd_cmd_type[req.cmd] == sd_ac || sd_cmd_type[req.cmd] == sd_adtc)
1126 rca = req.arg >> 16;
1127
1128 DPRINTF("ACMD%d 0x%08x\n", req.cmd, req.arg);
1129 switch (req.cmd) {
1130 case 6: /* ACMD6: SET_BUS_WIDTH */
1131 switch (sd->state) {
1132 case sd_transfer_state:
1133 sd->sd_status[0] &= 0x3f;
1134 sd->sd_status[0] |= (req.arg & 0x03) << 6;
1135 return sd_r1;
1136
1137 default:
1138 break;
1139 }
1140 break;
1141
1142 case 13: /* ACMD13: SD_STATUS */
1143 switch (sd->state) {
1144 case sd_transfer_state:
1145 sd->data_start = 0;
1146 sd->data_offset = 0;
1147 return sd_r1;
1148
1149 default:
1150 break;
1151 }
1152 break;
1153
1154 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
1155 switch (sd->state) {
1156 case sd_transfer_state:
1157 *(uint32_t *) sd->data = sd->blk_written;
1158
1159 sd->data_start = 0;
1160 sd->data_offset = 0;
1161 return sd_r1;
1162
1163 default:
1164 break;
1165 }
1166 break;
1167
1168 case 23: /* ACMD23: SET_WR_BLK_ERASE_COUNT */
1169 switch (sd->state) {
1170 case sd_transfer_state:
1171 return sd_r1;
1172
1173 default:
1174 break;
1175 }
1176 break;
1177
1178 case 41: /* ACMD41: SD_APP_OP_COND */
775616c3
PB		 1179 if (sd->spi) {
1180 /* SEND_OP_CMD */
1181 sd->state = sd_transfer_state;
1182 return sd_r1;
1183 }
a1bb27b1
PB		 1184 switch (sd->state) {
1185 case sd_idle_state:
1186 /* We accept any voltage. 10000 V is nothing. */
1187 if (req.arg)
1188 sd->state = sd_ready_state;
1189
1190 return sd_r3;
1191
1192 default:
1193 break;
1194 }
1195 break;
1196
1197 case 42: /* ACMD42: SET_CLR_CARD_DETECT */
1198 switch (sd->state) {
1199 case sd_transfer_state:
1200 /* Bringing in the 50KOhm pull-up resistor... Done. */
1201 return sd_r1;
1202
1203 default:
1204 break;
1205 }
1206 break;
1207
1208 case 51: /* ACMD51: SEND_SCR */
1209 switch (sd->state) {
1210 case sd_transfer_state:
1211 sd->state = sd_sendingdata_state;
1212 sd->data_start = 0;
1213 sd->data_offset = 0;
1214 return sd_r1;
1215
1216 default:
1217 break;
1218 }
1219 break;
1220
1221 default:
1222 /* Fall back to standard commands. */
1223 sd->card_status &= ~APP_CMD;
1224 return sd_normal_command(sd, req);
1225 }
1226
827df9f3 1227 fprintf(stderr, "SD: ACMD%i in a wrong state\n", req.cmd);
a1bb27b1
PB		 1228 return sd_r0;
1229}
1230
bc24a225 1231int sd_do_command(SDState *sd, SDRequest *req,
a1bb27b1
PB		 1232 uint8_t *response) {
1233 uint32_t last_status = sd->card_status;
c227f099 1234 sd_rsp_type_t rtype;
a1bb27b1
PB		 1235 int rsplen;
1236
03f311ed 1237 if (!sd->bdrv || !bdrv_is_inserted(sd->bdrv) || !sd->enable) {
a1bb27b1
PB		 1238 return 0;
1239 }
1240
1241 if (sd_req_crc_validate(req)) {
1242 sd->card_status &= ~COM_CRC_ERROR;
1243 return 0;
1244 }
1245
1246 sd->card_status &= ~CARD_STATUS_B;
1247 sd_set_status(sd);
1248
1249 if (last_status & CARD_IS_LOCKED)
1250 if (((last_status & APP_CMD) &&
1251 req->cmd == 41) ||
1252 (!(last_status & APP_CMD) &&
1253 (sd_cmd_class[req->cmd] == 0 ||
1254 sd_cmd_class[req->cmd] == 7 ||
1255 req->cmd == 16 || req->cmd == 55))) {
1256 sd->card_status |= ILLEGAL_COMMAND;
827df9f3 1257 fprintf(stderr, "SD: Card is locked\n");
a1bb27b1
PB		 1258 return 0;
1259 }
1260
724d3a8f 1261 if (last_status & APP_CMD) {
a1bb27b1 1262 rtype = sd_app_command(sd, *req);
724d3a8f
AZ		 1263 sd->card_status &= ~APP_CMD;
1264 } else
a1bb27b1
PB		 1265 rtype = sd_normal_command(sd, *req);
1266
1267 sd->current_cmd = req->cmd;
1268
1269 switch (rtype) {
1270 case sd_r1:
1271 case sd_r1b:
1272 sd_response_r1_make(sd, response, last_status);
1273 rsplen = 4;
1274 break;
1275
1276 case sd_r2_i:
1277 memcpy(response, sd->cid, sizeof(sd->cid));
a1bb27b1
PB		 1278 rsplen = 16;
1279 break;
1280
1281 case sd_r2_s:
1282 memcpy(response, sd->csd, sizeof(sd->csd));
a1bb27b1
PB		 1283 rsplen = 16;
1284 break;
1285
1286 case sd_r3:
1287 sd_response_r3_make(sd, response);
1288 rsplen = 4;
1289 break;
1290
1291 case sd_r6:
1292 sd_response_r6_make(sd, response);
1293 rsplen = 4;
1294 break;
1295
1b088995
AZ		 1296 case sd_r7:
1297 sd_response_r7_make(sd, response);
1298 rsplen = 4;
1299 break;
1300
a1bb27b1
PB		 1301 case sd_r0:
1302 default:
1303 rsplen = 0;
1304 break;
1305 }
1306
1307 if (sd->card_status & ILLEGAL_COMMAND)
1308 rsplen = 0;
1309
1310#ifdef DEBUG_SD
1311 if (rsplen) {
1312 int i;
1313 DPRINTF("Response:");
1314 for (i = 0; i < rsplen; i++)
1315 printf(" %02x", response[i]);
1316 printf(" state %d\n", sd->state);
1317 } else {
1318 DPRINTF("No response %d\n", sd->state);
1319 }
1320#endif
1321
1322 return rsplen;
1323}
1324
1325/* No real need for 64 bit addresses here */
33f00271 1326static void sd_blk_read(SDState *sd, uint32_t addr, uint32_t len)
a1bb27b1 1327{
a1bb27b1
PB		 1328 uint32_t end = addr + len;
1329
33f00271 1330 if (!sd->bdrv || bdrv_read(sd->bdrv, addr >> 9, sd->buf, 1) == -1) {
827df9f3 1331 fprintf(stderr, "sd_blk_read: read error on host side\n");
a1bb27b1
PB		 1332 return;
1333 }
1334
1335 if (end > (addr & ~511) + 512) {
33f00271 1336 memcpy(sd->data, sd->buf + (addr & 511), 512 - (addr & 511));
a1bb27b1 1337
33f00271 1338 if (bdrv_read(sd->bdrv, end >> 9, sd->buf, 1) == -1) {
827df9f3 1339 fprintf(stderr, "sd_blk_read: read error on host side\n");
a1bb27b1
PB		 1340 return;
1341 }
33f00271 1342 memcpy(sd->data + 512 - (addr & 511), sd->buf, end & 511);
a1bb27b1 1343 } else
33f00271 1344 memcpy(sd->data, sd->buf + (addr & 511), len);
a1bb27b1
PB		 1345}
1346
33f00271 1347static void sd_blk_write(SDState *sd, uint32_t addr, uint32_t len)
a1bb27b1 1348{
a1bb27b1
PB		 1349 uint32_t end = addr + len;
1350
1351 if ((addr & 511) || len < 512)
33f00271 1352 if (!sd->bdrv || bdrv_read(sd->bdrv, addr >> 9, sd->buf, 1) == -1) {
827df9f3 1353 fprintf(stderr, "sd_blk_write: read error on host side\n");
a1bb27b1
PB		 1354 return;
1355 }
1356
1357 if (end > (addr & ~511) + 512) {
33f00271
AZ		 1358 memcpy(sd->buf + (addr & 511), sd->data, 512 - (addr & 511));
1359 if (bdrv_write(sd->bdrv, addr >> 9, sd->buf, 1) == -1) {
827df9f3 1360 fprintf(stderr, "sd_blk_write: write error on host side\n");
a1bb27b1
PB		 1361 return;
1362 }
1363
33f00271 1364 if (bdrv_read(sd->bdrv, end >> 9, sd->buf, 1) == -1) {
827df9f3 1365 fprintf(stderr, "sd_blk_write: read error on host side\n");
a1bb27b1
PB		 1366 return;
1367 }
33f00271
AZ		 1368 memcpy(sd->buf, sd->data + 512 - (addr & 511), end & 511);
1369 if (bdrv_write(sd->bdrv, end >> 9, sd->buf, 1) == -1)
827df9f3 1370 fprintf(stderr, "sd_blk_write: write error on host side\n");
a1bb27b1 1371 } else {
33f00271
AZ		 1372 memcpy(sd->buf + (addr & 511), sd->data, len);
1373 if (!sd->bdrv || bdrv_write(sd->bdrv, addr >> 9, sd->buf, 1) == -1)
827df9f3 1374 fprintf(stderr, "sd_blk_write: write error on host side\n");
a1bb27b1
PB		 1375 }
1376}
1377
33f00271
AZ		 1378#define BLK_READ_BLOCK(a, len) sd_blk_read(sd, a, len)
1379#define BLK_WRITE_BLOCK(a, len) sd_blk_write(sd, a, len)
a1bb27b1
PB		 1380#define APP_READ_BLOCK(a, len) memset(sd->data, 0xec, len)
1381#define APP_WRITE_BLOCK(a, len)
1382
1383void sd_write_data(SDState *sd, uint8_t value)
1384{
1385 int i;
1386
827df9f3 1387 if (!sd->bdrv || !bdrv_is_inserted(sd->bdrv) || !sd->enable)
a1bb27b1
PB		 1388 return;
1389
1390 if (sd->state != sd_receivingdata_state) {
827df9f3 1391 fprintf(stderr, "sd_write_data: not in Receiving-Data state\n");
a1bb27b1
PB		 1392 return;
1393 }
1394
1395 if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION))
1396 return;
1397
1398 switch (sd->current_cmd) {
1399 case 24: /* CMD24: WRITE_SINGLE_BLOCK */
1400 sd->data[sd->data_offset ++] = value;
1401 if (sd->data_offset >= sd->blk_len) {
1402 /* TODO: Check CRC before committing */
1403 sd->state = sd_programming_state;
1404 BLK_WRITE_BLOCK(sd->data_start, sd->data_offset);
1405 sd->blk_written ++;
1406 sd->csd[14] |= 0x40;
1407 /* Bzzzzzzztt .... Operation complete. */
1408 sd->state = sd_transfer_state;
1409 }
1410 break;
1411
1412 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
1413 sd->data[sd->data_offset ++] = value;
1414 if (sd->data_offset >= sd->blk_len) {
1415 /* TODO: Check CRC before committing */
1416 sd->state = sd_programming_state;
1417 BLK_WRITE_BLOCK(sd->data_start, sd->data_offset);
1418 sd->blk_written ++;
1419 sd->data_start += sd->blk_len;
1420 sd->data_offset = 0;
1421 if (sd->data_start + sd->blk_len > sd->size) {
1422 sd->card_status |= ADDRESS_ERROR;
1423 break;
1424 }
1425 if (sd_wp_addr(sd, sd->data_start)) {
1426 sd->card_status |= WP_VIOLATION;
1427 break;
1428 }
1429 sd->csd[14] |= 0x40;
1430
1431 /* Bzzzzzzztt .... Operation complete. */
1432 sd->state = sd_receivingdata_state;
1433 }
1434 break;
1435
1436 case 26: /* CMD26: PROGRAM_CID */
1437 sd->data[sd->data_offset ++] = value;
1438 if (sd->data_offset >= sizeof(sd->cid)) {
1439 /* TODO: Check CRC before committing */
1440 sd->state = sd_programming_state;
1441 for (i = 0; i < sizeof(sd->cid); i ++)
1442 if ((sd->cid[i] | 0x00) != sd->data[i])
1443 sd->card_status |= CID_CSD_OVERWRITE;
1444
1445 if (!(sd->card_status & CID_CSD_OVERWRITE))
1446 for (i = 0; i < sizeof(sd->cid); i ++) {
1447 sd->cid[i] |= 0x00;
1448 sd->cid[i] &= sd->data[i];
1449 }
1450 /* Bzzzzzzztt .... Operation complete. */
1451 sd->state = sd_transfer_state;
1452 }
1453 break;
1454
1455 case 27: /* CMD27: PROGRAM_CSD */
1456 sd->data[sd->data_offset ++] = value;
1457 if (sd->data_offset >= sizeof(sd->csd)) {
1458 /* TODO: Check CRC before committing */
1459 sd->state = sd_programming_state;
1460 for (i = 0; i < sizeof(sd->csd); i ++)
1461 if ((sd->csd[i] | sd_csd_rw_mask[i]) !=
1462 (sd->data[i] | sd_csd_rw_mask[i]))
1463 sd->card_status |= CID_CSD_OVERWRITE;
1464
1465 /* Copy flag (OTP) & Permanent write protect */
1466 if (sd->csd[14] & ~sd->data[14] & 0x60)
1467 sd->card_status |= CID_CSD_OVERWRITE;
1468
1469 if (!(sd->card_status & CID_CSD_OVERWRITE))
1470 for (i = 0; i < sizeof(sd->csd); i ++) {
1471 sd->csd[i] |= sd_csd_rw_mask[i];
1472 sd->csd[i] &= sd->data[i];
1473 }
1474 /* Bzzzzzzztt .... Operation complete. */
1475 sd->state = sd_transfer_state;
1476 }
1477 break;
1478
1479 case 42: /* CMD42: LOCK_UNLOCK */
1480 sd->data[sd->data_offset ++] = value;
1481 if (sd->data_offset >= sd->blk_len) {
1482 /* TODO: Check CRC before committing */
1483 sd->state = sd_programming_state;
1484 sd_lock_command(sd);
1485 /* Bzzzzzzztt .... Operation complete. */
1486 sd->state = sd_transfer_state;
1487 }
1488 break;
1489
1490 case 56: /* CMD56: GEN_CMD */
1491 sd->data[sd->data_offset ++] = value;
1492 if (sd->data_offset >= sd->blk_len) {
1493 APP_WRITE_BLOCK(sd->data_start, sd->data_offset);
1494 sd->state = sd_transfer_state;
1495 }
1496 break;
1497
1498 default:
827df9f3 1499 fprintf(stderr, "sd_write_data: unknown command\n");
a1bb27b1
PB		 1500 break;
1501 }
1502}
1503
1504uint8_t sd_read_data(SDState *sd)
1505{
1506 /* TODO: Append CRCs */
1507 uint8_t ret;
1508
827df9f3 1509 if (!sd->bdrv || !bdrv_is_inserted(sd->bdrv) || !sd->enable)
a1bb27b1
PB		 1510 return 0x00;
1511
1512 if (sd->state != sd_sendingdata_state) {
827df9f3 1513 fprintf(stderr, "sd_read_data: not in Sending-Data state\n");
a1bb27b1
PB		 1514 return 0x00;
1515 }
1516
1517 if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION))
1518 return 0x00;
1519
1520 switch (sd->current_cmd) {
1521 case 6: /* CMD6: SWITCH_FUNCTION */
1522 ret = sd->data[sd->data_offset ++];
1523
1524 if (sd->data_offset >= 64)
1525 sd->state = sd_transfer_state;
1526 break;
1527
775616c3
PB		 1528 case 9: /* CMD9: SEND_CSD */
1529 case 10: /* CMD10: SEND_CID */
1530 ret = sd->data[sd->data_offset ++];
1531
1532 if (sd->data_offset >= 16)
1533 sd->state = sd_transfer_state;
1534 break;
1535
a1bb27b1
PB		 1536 case 11: /* CMD11: READ_DAT_UNTIL_STOP */
1537 if (sd->data_offset == 0)
1538 BLK_READ_BLOCK(sd->data_start, sd->blk_len);
1539 ret = sd->data[sd->data_offset ++];
1540
1541 if (sd->data_offset >= sd->blk_len) {
1542 sd->data_start += sd->blk_len;
1543 sd->data_offset = 0;
1544 if (sd->data_start + sd->blk_len > sd->size) {
1545 sd->card_status |= ADDRESS_ERROR;
1546 break;
1547 }
1548 }
1549 break;
1550
1551 case 13: /* ACMD13: SD_STATUS */
1552 ret = sd->sd_status[sd->data_offset ++];
1553
1554 if (sd->data_offset >= sizeof(sd->sd_status))
1555 sd->state = sd_transfer_state;
1556 break;
1557
1558 case 17: /* CMD17: READ_SINGLE_BLOCK */
1559 if (sd->data_offset == 0)
1560 BLK_READ_BLOCK(sd->data_start, sd->blk_len);
1561 ret = sd->data[sd->data_offset ++];
1562
1563 if (sd->data_offset >= sd->blk_len)
1564 sd->state = sd_transfer_state;
1565 break;
1566
1567 case 18: /* CMD18: READ_MULTIPLE_BLOCK */
1568 if (sd->data_offset == 0)
1569 BLK_READ_BLOCK(sd->data_start, sd->blk_len);
1570 ret = sd->data[sd->data_offset ++];
1571
1572 if (sd->data_offset >= sd->blk_len) {
1573 sd->data_start += sd->blk_len;
1574 sd->data_offset = 0;
1575 if (sd->data_start + sd->blk_len > sd->size) {
1576 sd->card_status |= ADDRESS_ERROR;
1577 break;
1578 }
1579 }
1580 break;
1581
1582 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
1583 ret = sd->data[sd->data_offset ++];
1584
1585 if (sd->data_offset >= 4)
1586 sd->state = sd_transfer_state;
1587 break;
1588
1589 case 30: /* CMD30: SEND_WRITE_PROT */
1590 ret = sd->data[sd->data_offset ++];
1591
1592 if (sd->data_offset >= 4)
1593 sd->state = sd_transfer_state;
1594 break;
1595
1596 case 51: /* ACMD51: SEND_SCR */
1597 ret = sd->scr[sd->data_offset ++];
1598
1599 if (sd->data_offset >= sizeof(sd->scr))
1600 sd->state = sd_transfer_state;
1601 break;
1602
1603 case 56: /* CMD56: GEN_CMD */
1604 if (sd->data_offset == 0)
1605 APP_READ_BLOCK(sd->data_start, sd->blk_len);
1606 ret = sd->data[sd->data_offset ++];
1607
1608 if (sd->data_offset >= sd->blk_len)
1609 sd->state = sd_transfer_state;
1610 break;
1611
1612 default:
827df9f3 1613 fprintf(stderr, "sd_read_data: unknown command\n");
a1bb27b1
PB		 1614 return 0x00;
1615 }
1616
1617 return ret;
1618}
1619
1620int sd_data_ready(SDState *sd)
1621{
1622 return sd->state == sd_sendingdata_state;
1623}
827df9f3
AZ		 1624
1625void sd_enable(SDState *sd, int enable)
1626{
1627 sd->enable = enable;
1628}
Qemu copy for testing