]> git.proxmox.com Git - mirror_qemu.git/blob - hw/sd.c
projects / mirror_qemu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
hw/sd.c: Handle illegal commands in sd_do_command
[mirror_qemu.git] / hw / sd.c
1 /*
2 * SD Memory Card emulation as defined in the "SD Memory Card Physical
3 * layer specification, Version 1.10."
4 *
5 * Copyright (c) 2006 Andrzej Zaborowski <balrog@zabor.org>
6 * Copyright (c) 2007 CodeSourcery
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in
16 * the documentation and/or other materials provided with the
17 * distribution.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS''
20 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
21 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
22 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR
23 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
24 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
25 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
26 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
27 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
28 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
29 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
30 */
31
32 #include "hw.h"
33 #include "block.h"
34 #include "sd.h"
35
36 //#define DEBUG_SD 1
37
38 #ifdef DEBUG_SD
39 #define DPRINTF(fmt, ...) \
40 do { fprintf(stderr, "SD: " fmt , ## __VA_ARGS__); } while (0)
41 #else
42 #define DPRINTF(fmt, ...) do {} while(0)
43 #endif
44
45 typedef enum {
46 sd_r0 = 0, /* no response */
47 sd_r1, /* normal response command */
48 sd_r2_i, /* CID register */
49 sd_r2_s, /* CSD register */
50 sd_r3, /* OCR register */
51 sd_r6 = 6, /* Published RCA response */
52 sd_r7, /* Operating voltage */
53 sd_r1b = -1,
54 sd_illegal = -2,
55 } sd_rsp_type_t;
56
57 struct SDState {
58 enum {
59 sd_inactive,
60 sd_card_identification_mode,
61 sd_data_transfer_mode,
62 } mode;
63 enum {
64 sd_inactive_state = -1,
65 sd_idle_state = 0,
66 sd_ready_state,
67 sd_identification_state,
68 sd_standby_state,
69 sd_transfer_state,
70 sd_sendingdata_state,
71 sd_receivingdata_state,
72 sd_programming_state,
73 sd_disconnect_state,
74 } state;
75 uint32_t ocr;
76 uint8_t scr[8];
77 uint8_t cid[16];
78 uint8_t csd[16];
79 uint16_t rca;
80 uint32_t card_status;
81 uint8_t sd_status[64];
82 uint32_t vhs;
83 int wp_switch;
84 int *wp_groups;
85 uint64_t size;
86 int blk_len;
87 uint32_t erase_start;
88 uint32_t erase_end;
89 uint8_t pwd[16];
90 int pwd_len;
91 int function_group[6];
92
93 int spi;
94 int current_cmd;
95 int blk_written;
96 uint64_t data_start;
97 uint32_t data_offset;
98 uint8_t data[512];
99 qemu_irq readonly_cb;
100 qemu_irq inserted_cb;
101 BlockDriverState *bdrv;
102 uint8_t *buf;
103
104 int enable;
105 };
106
107 static void sd_set_status(SDState *sd)
108 {
109 switch (sd->state) {
110 case sd_inactive_state:
111 sd->mode = sd_inactive;
112 break;
113
114 case sd_idle_state:
115 case sd_ready_state:
116 case sd_identification_state:
117 sd->mode = sd_card_identification_mode;
118 break;
119
120 case sd_standby_state:
121 case sd_transfer_state:
122 case sd_sendingdata_state:
123 case sd_receivingdata_state:
124 case sd_programming_state:
125 case sd_disconnect_state:
126 sd->mode = sd_data_transfer_mode;
127 break;
128 }
129
130 sd->card_status &= ~CURRENT_STATE;
131 sd->card_status |= sd->state << 9;
132 }
133
134 static const sd_cmd_type_t sd_cmd_type[64] = {
135 sd_bc, sd_none, sd_bcr, sd_bcr, sd_none, sd_none, sd_none, sd_ac,
136 sd_bcr, sd_ac, sd_ac, sd_adtc, sd_ac, sd_ac, sd_none, sd_ac,
137 sd_ac, sd_adtc, sd_adtc, sd_none, sd_none, sd_none, sd_none, sd_none,
138 sd_adtc, sd_adtc, sd_adtc, sd_adtc, sd_ac, sd_ac, sd_adtc, sd_none,
139 sd_ac, sd_ac, sd_none, sd_none, sd_none, sd_none, sd_ac, sd_none,
140 sd_none, sd_none, sd_bc, sd_none, sd_none, sd_none, sd_none, sd_none,
141 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_ac,
142 sd_adtc, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
143 };
144
145 static const sd_cmd_type_t sd_acmd_type[64] = {
146 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_ac, sd_none,
147 sd_none, sd_none, sd_none, sd_none, sd_none, sd_adtc, sd_none, sd_none,
148 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_adtc, sd_ac,
149 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
150 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
151 sd_none, sd_bcr, sd_ac, sd_none, sd_none, sd_none, sd_none, sd_none,
152 sd_none, sd_none, sd_none, sd_adtc, sd_none, sd_none, sd_none, sd_none,
153 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
154 };
155
156 static const int sd_cmd_class[64] = {
157 0, 0, 0, 0, 0, 9, 10, 0, 0, 0, 0, 1, 0, 0, 0, 0,
158 2, 2, 2, 2, 3, 3, 3, 3, 4, 4, 4, 4, 6, 6, 6, 6,
159 5, 5, 10, 10, 10, 10, 5, 9, 9, 9, 7, 7, 7, 7, 7, 7,
160 7, 7, 10, 7, 9, 9, 9, 8, 8, 10, 8, 8, 8, 8, 8, 8,
161 };
162
163 static uint8_t sd_crc7(void *message, size_t width)
164 {
165 int i, bit;
166 uint8_t shift_reg = 0x00;
167 uint8_t *msg = (uint8_t *) message;
168
169 for (i = 0; i < width; i ++, msg ++)
170 for (bit = 7; bit >= 0; bit --) {
171 shift_reg <<= 1;
172 if ((shift_reg >> 7) ^ ((*msg >> bit) & 1))
173 shift_reg ^= 0x89;
174 }
175
176 return shift_reg;
177 }
178
179 static uint16_t sd_crc16(void *message, size_t width)
180 {
181 int i, bit;
182 uint16_t shift_reg = 0x0000;
183 uint16_t *msg = (uint16_t *) message;
184 width <<= 1;
185
186 for (i = 0; i < width; i ++, msg ++)
187 for (bit = 15; bit >= 0; bit --) {
188 shift_reg <<= 1;
189 if ((shift_reg >> 15) ^ ((*msg >> bit) & 1))
190 shift_reg ^= 0x1011;
191 }
192
193 return shift_reg;
194 }
195
196 static void sd_set_ocr(SDState *sd)
197 {
198 /* All voltages OK, card power-up OK, Standard Capacity SD Memory Card */
199 sd->ocr = 0x80ffff00;
200 }
201
202 static void sd_set_scr(SDState *sd)
203 {
204 sd->scr[0] = 0x00; /* SCR Structure */
205 sd->scr[1] = 0x2f; /* SD Security Support */
206 sd->scr[2] = 0x00;
207 sd->scr[3] = 0x00;
208 sd->scr[4] = 0x00;
209 sd->scr[5] = 0x00;
210 sd->scr[6] = 0x00;
211 sd->scr[7] = 0x00;
212 }
213
214 #define MID 0xaa
215 #define OID "XY"
216 #define PNM "QEMU!"
217 #define PRV 0x01
218 #define MDT_YR 2006
219 #define MDT_MON 2
220
221 static void sd_set_cid(SDState *sd)
222 {
223 sd->cid[0] = MID; /* Fake card manufacturer ID (MID) */
224 sd->cid[1] = OID[0]; /* OEM/Application ID (OID) */
225 sd->cid[2] = OID[1];
226 sd->cid[3] = PNM[0]; /* Fake product name (PNM) */
227 sd->cid[4] = PNM[1];
228 sd->cid[5] = PNM[2];
229 sd->cid[6] = PNM[3];
230 sd->cid[7] = PNM[4];
231 sd->cid[8] = PRV; /* Fake product revision (PRV) */
232 sd->cid[9] = 0xde; /* Fake serial number (PSN) */
233 sd->cid[10] = 0xad;
234 sd->cid[11] = 0xbe;
235 sd->cid[12] = 0xef;
236 sd->cid[13] = 0x00 | /* Manufacture date (MDT) */
237 ((MDT_YR - 2000) / 10);
238 sd->cid[14] = ((MDT_YR % 10) << 4) | MDT_MON;
239 sd->cid[15] = (sd_crc7(sd->cid, 15) << 1) | 1;
240 }
241
242 #define HWBLOCK_SHIFT 9 /* 512 bytes */
243 #define SECTOR_SHIFT 5 /* 16 kilobytes */
244 #define WPGROUP_SHIFT 7 /* 2 megs */
245 #define CMULT_SHIFT 9 /* 512 times HWBLOCK_SIZE */
246 #define WPGROUP_SIZE (1 << (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT))
247
248 static const uint8_t sd_csd_rw_mask[16] = {
249 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
250 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xfc, 0xfe,
251 };
252
253 static void sd_set_csd(SDState *sd, uint64_t size)
254 {
255 uint32_t csize = (size >> (CMULT_SHIFT + HWBLOCK_SHIFT)) - 1;
256 uint32_t sectsize = (1 << (SECTOR_SHIFT + 1)) - 1;
257 uint32_t wpsize = (1 << (WPGROUP_SHIFT + 1)) - 1;
258
259 if (size <= 0x40000000) { /* Standard Capacity SD */
260 sd->csd[0] = 0x00; /* CSD structure */
261 sd->csd[1] = 0x26; /* Data read access-time-1 */
262 sd->csd[2] = 0x00; /* Data read access-time-2 */
263 sd->csd[3] = 0x5a; /* Max. data transfer rate */
264 sd->csd[4] = 0x5f; /* Card Command Classes */
265 sd->csd[5] = 0x50 | /* Max. read data block length */
266 HWBLOCK_SHIFT;
267 sd->csd[6] = 0xe0 | /* Partial block for read allowed */
268 ((csize >> 10) & 0x03);
269 sd->csd[7] = 0x00 | /* Device size */
270 ((csize >> 2) & 0xff);
271 sd->csd[8] = 0x3f | /* Max. read current */
272 ((csize << 6) & 0xc0);
273 sd->csd[9] = 0xfc | /* Max. write current */
274 ((CMULT_SHIFT - 2) >> 1);
275 sd->csd[10] = 0x40 | /* Erase sector size */
276 (((CMULT_SHIFT - 2) << 7) & 0x80) | (sectsize >> 1);
277 sd->csd[11] = 0x00 | /* Write protect group size */
278 ((sectsize << 7) & 0x80) | wpsize;
279 sd->csd[12] = 0x90 | /* Write speed factor */
280 (HWBLOCK_SHIFT >> 2);
281 sd->csd[13] = 0x20 | /* Max. write data block length */
282 ((HWBLOCK_SHIFT << 6) & 0xc0);
283 sd->csd[14] = 0x00; /* File format group */
284 sd->csd[15] = (sd_crc7(sd->csd, 15) << 1) | 1;
285 } else { /* SDHC */
286 size /= 512 * 1024;
287 size -= 1;
288 sd->csd[0] = 0x40;
289 sd->csd[1] = 0x0e;
290 sd->csd[2] = 0x00;
291 sd->csd[3] = 0x32;
292 sd->csd[4] = 0x5b;
293 sd->csd[5] = 0x59;
294 sd->csd[6] = 0x00;
295 sd->csd[7] = (size >> 16) & 0xff;
296 sd->csd[8] = (size >> 8) & 0xff;
297 sd->csd[9] = (size & 0xff);
298 sd->csd[10] = 0x7f;
299 sd->csd[11] = 0x80;
300 sd->csd[12] = 0x0a;
301 sd->csd[13] = 0x40;
302 sd->csd[14] = 0x00;
303 sd->csd[15] = 0x00;
304 sd->ocr |= 1 << 30; /* High Capacity SD Memort Card */
305 }
306 }
307
308 static void sd_set_rca(SDState *sd)
309 {
310 sd->rca += 0x4567;
311 }
312
313 /* Card status bits, split by clear condition:
314 * A : According to the card current state
315 * B : Always related to the previous command
316 * C : Cleared by read
317 */
318 #define CARD_STATUS_A 0x02004100
319 #define CARD_STATUS_B 0x00c01e00
320 #define CARD_STATUS_C 0xfd39a028
321
322 static void sd_set_cardstatus(SDState *sd)
323 {
324 sd->card_status = 0x00000100;
325 }
326
327 static void sd_set_sdstatus(SDState *sd)
328 {
329 memset(sd->sd_status, 0, 64);
330 }
331
332 static int sd_req_crc_validate(SDRequest *req)
333 {
334 uint8_t buffer[5];
335 buffer[0] = 0x40 | req->cmd;
336 buffer[1] = (req->arg >> 24) & 0xff;
337 buffer[2] = (req->arg >> 16) & 0xff;
338 buffer[3] = (req->arg >> 8) & 0xff;
339 buffer[4] = (req->arg >> 0) & 0xff;
340 return 0;
341 return sd_crc7(buffer, 5) != req->crc; /* TODO */
342 }
343
344 static void sd_response_r1_make(SDState *sd,
345 uint8_t *response, uint32_t last_status)
346 {
347 uint32_t mask = CARD_STATUS_B ^ ILLEGAL_COMMAND;
348 uint32_t status;
349
350 status = (sd->card_status & ~mask) | (last_status & mask);
351 sd->card_status &= ~CARD_STATUS_C | APP_CMD;
352
353 response[0] = (status >> 24) & 0xff;
354 response[1] = (status >> 16) & 0xff;
355 response[2] = (status >> 8) & 0xff;
356 response[3] = (status >> 0) & 0xff;
357 }
358
359 static void sd_response_r3_make(SDState *sd, uint8_t *response)
360 {
361 response[0] = (sd->ocr >> 24) & 0xff;
362 response[1] = (sd->ocr >> 16) & 0xff;
363 response[2] = (sd->ocr >> 8) & 0xff;
364 response[3] = (sd->ocr >> 0) & 0xff;
365 }
366
367 static void sd_response_r6_make(SDState *sd, uint8_t *response)
368 {
369 uint16_t arg;
370 uint16_t status;
371
372 arg = sd->rca;
373 status = ((sd->card_status >> 8) & 0xc000) |
374 ((sd->card_status >> 6) & 0x2000) |
375 (sd->card_status & 0x1fff);
376
377 response[0] = (arg >> 8) & 0xff;
378 response[1] = arg & 0xff;
379 response[2] = (status >> 8) & 0xff;
380 response[3] = status & 0xff;
381 }
382
383 static void sd_response_r7_make(SDState *sd, uint8_t *response)
384 {
385 response[0] = (sd->vhs >> 24) & 0xff;
386 response[1] = (sd->vhs >> 16) & 0xff;
387 response[2] = (sd->vhs >> 8) & 0xff;
388 response[3] = (sd->vhs >> 0) & 0xff;
389 }
390
391 static void sd_reset(SDState *sd, BlockDriverState *bdrv)
392 {
393 uint64_t size;
394 uint64_t sect;
395
396 if (bdrv) {
397 bdrv_get_geometry(bdrv, &sect);
398 } else {
399 sect = 0;
400 }
401 size = sect << 9;
402
403 sect = (size >> (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT)) + 1;
404
405 sd->state = sd_idle_state;
406 sd->rca = 0x0000;
407 sd_set_ocr(sd);
408 sd_set_scr(sd);
409 sd_set_cid(sd);
410 sd_set_csd(sd, size);
411 sd_set_cardstatus(sd);
412 sd_set_sdstatus(sd);
413
414 sd->bdrv = bdrv;
415
416 if (sd->wp_groups)
417 g_free(sd->wp_groups);
418 sd->wp_switch = bdrv ? bdrv_is_read_only(bdrv) : 0;
419 sd->wp_groups = (int *) g_malloc0(sizeof(int) * sect);
420 memset(sd->function_group, 0, sizeof(int) * 6);
421 sd->erase_start = 0;
422 sd->erase_end = 0;
423 sd->size = size;
424 sd->blk_len = 0x200;
425 sd->pwd_len = 0;
426 }
427
428 static void sd_cardchange(void *opaque, bool load)
429 {
430 SDState *sd = opaque;
431
432 qemu_set_irq(sd->inserted_cb, bdrv_is_inserted(sd->bdrv));
433 if (bdrv_is_inserted(sd->bdrv)) {
434 sd_reset(sd, sd->bdrv);
435 qemu_set_irq(sd->readonly_cb, sd->wp_switch);
436 }
437 }
438
439 static const BlockDevOps sd_block_ops = {
440 .change_media_cb = sd_cardchange,
441 };
442
443 /* We do not model the chip select pin, so allow the board to select
444 whether card should be in SSI or MMC/SD mode. It is also up to the
445 board to ensure that ssi transfers only occur when the chip select
446 is asserted. */
447 SDState *sd_init(BlockDriverState *bs, int is_spi)
448 {
449 SDState *sd;
450
451 sd = (SDState *) g_malloc0(sizeof(SDState));
452 sd->buf = qemu_blockalign(bs, 512);
453 sd->spi = is_spi;
454 sd->enable = 1;
455 sd_reset(sd, bs);
456 if (sd->bdrv) {
457 bdrv_attach_dev_nofail(sd->bdrv, sd);
458 bdrv_set_dev_ops(sd->bdrv, &sd_block_ops, sd);
459 }
460 return sd;
461 }
462
463 void sd_set_cb(SDState *sd, qemu_irq readonly, qemu_irq insert)
464 {
465 sd->readonly_cb = readonly;
466 sd->inserted_cb = insert;
467 qemu_set_irq(readonly, sd->bdrv ? bdrv_is_read_only(sd->bdrv) : 0);
468 qemu_set_irq(insert, sd->bdrv ? bdrv_is_inserted(sd->bdrv) : 0);
469 }
470
471 static void sd_erase(SDState *sd)
472 {
473 int i, start, end;
474 if (!sd->erase_start || !sd->erase_end) {
475 sd->card_status |= ERASE_SEQ_ERROR;
476 return;
477 }
478
479 start = sd->erase_start >>
480 (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT);
481 end = sd->erase_end >>
482 (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT);
483 sd->erase_start = 0;
484 sd->erase_end = 0;
485 sd->csd[14] |= 0x40;
486
487 for (i = start; i <= end; i ++)
488 if (sd->wp_groups[i])
489 sd->card_status |= WP_ERASE_SKIP;
490 }
491
492 static uint32_t sd_wpbits(SDState *sd, uint64_t addr)
493 {
494 uint32_t i, wpnum;
495 uint32_t ret = 0;
496
497 wpnum = addr >> (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT);
498
499 for (i = 0; i < 32; i ++, wpnum ++, addr += WPGROUP_SIZE)
500 if (addr < sd->size && sd->wp_groups[wpnum])
501 ret |= (1 << i);
502
503 return ret;
504 }
505
506 static void sd_function_switch(SDState *sd, uint32_t arg)
507 {
508 int i, mode, new_func, crc;
509 mode = !!(arg & 0x80000000);
510
511 sd->data[0] = 0x00; /* Maximum current consumption */
512 sd->data[1] = 0x01;
513 sd->data[2] = 0x80; /* Supported group 6 functions */
514 sd->data[3] = 0x01;
515 sd->data[4] = 0x80; /* Supported group 5 functions */
516 sd->data[5] = 0x01;
517 sd->data[6] = 0x80; /* Supported group 4 functions */
518 sd->data[7] = 0x01;
519 sd->data[8] = 0x80; /* Supported group 3 functions */
520 sd->data[9] = 0x01;
521 sd->data[10] = 0x80; /* Supported group 2 functions */
522 sd->data[11] = 0x43;
523 sd->data[12] = 0x80; /* Supported group 1 functions */
524 sd->data[13] = 0x03;
525 for (i = 0; i < 6; i ++) {
526 new_func = (arg >> (i * 4)) & 0x0f;
527 if (mode && new_func != 0x0f)
528 sd->function_group[i] = new_func;
529 sd->data[14 + (i >> 1)] = new_func << ((i * 4) & 4);
530 }
531 memset(&sd->data[17], 0, 47);
532 crc = sd_crc16(sd->data, 64);
533 sd->data[65] = crc >> 8;
534 sd->data[66] = crc & 0xff;
535 }
536
537 static inline int sd_wp_addr(SDState *sd, uint32_t addr)
538 {
539 return sd->wp_groups[addr >>
540 (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT)];
541 }
542
543 static void sd_lock_command(SDState *sd)
544 {
545 int erase, lock, clr_pwd, set_pwd, pwd_len;
546 erase = !!(sd->data[0] & 0x08);
547 lock = sd->data[0] & 0x04;
548 clr_pwd = sd->data[0] & 0x02;
549 set_pwd = sd->data[0] & 0x01;
550
551 if (sd->blk_len > 1)
552 pwd_len = sd->data[1];
553 else
554 pwd_len = 0;
555
556 if (erase) {
557 if (!(sd->card_status & CARD_IS_LOCKED) || sd->blk_len > 1 ||
558 set_pwd || clr_pwd || lock || sd->wp_switch ||
559 (sd->csd[14] & 0x20)) {
560 sd->card_status |= LOCK_UNLOCK_FAILED;
561 return;
562 }
563 memset(sd->wp_groups, 0, sizeof(int) * (sd->size >>
564 (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT)));
565 sd->csd[14] &= ~0x10;
566 sd->card_status &= ~CARD_IS_LOCKED;
567 sd->pwd_len = 0;
568 /* Erasing the entire card here! */
569 fprintf(stderr, "SD: Card force-erased by CMD42\n");
570 return;
571 }
572
573 if (sd->blk_len < 2 + pwd_len ||
574 pwd_len <= sd->pwd_len ||
575 pwd_len > sd->pwd_len + 16) {
576 sd->card_status |= LOCK_UNLOCK_FAILED;
577 return;
578 }
579
580 if (sd->pwd_len && memcmp(sd->pwd, sd->data + 2, sd->pwd_len)) {
581 sd->card_status |= LOCK_UNLOCK_FAILED;
582 return;
583 }
584
585 pwd_len -= sd->pwd_len;
586 if ((pwd_len && !set_pwd) ||
587 (clr_pwd && (set_pwd || lock)) ||
588 (lock && !sd->pwd_len && !set_pwd) ||
589 (!set_pwd && !clr_pwd &&
590 (((sd->card_status & CARD_IS_LOCKED) && lock) ||
591 (!(sd->card_status & CARD_IS_LOCKED) && !lock)))) {
592 sd->card_status |= LOCK_UNLOCK_FAILED;
593 return;
594 }
595
596 if (set_pwd) {
597 memcpy(sd->pwd, sd->data + 2 + sd->pwd_len, pwd_len);
598 sd->pwd_len = pwd_len;
599 }
600
601 if (clr_pwd) {
602 sd->pwd_len = 0;
603 }
604
605 if (lock)
606 sd->card_status |= CARD_IS_LOCKED;
607 else
608 sd->card_status &= ~CARD_IS_LOCKED;
609 }
610
611 static sd_rsp_type_t sd_normal_command(SDState *sd,
612 SDRequest req)
613 {
614 uint32_t rca = 0x0000;
615 uint64_t addr = (sd->ocr & (1 << 30)) ? (uint64_t) req.arg << 9 : req.arg;
616
617 if (sd_cmd_type[req.cmd] == sd_ac || sd_cmd_type[req.cmd] == sd_adtc)
618 rca = req.arg >> 16;
619
620 DPRINTF("CMD%d 0x%08x state %d\n", req.cmd, req.arg, sd->state);
621 switch (req.cmd) {
622 /* Basic commands (Class 0 and Class 1) */
623 case 0: /* CMD0: GO_IDLE_STATE */
624 switch (sd->state) {
625 case sd_inactive_state:
626 return sd->spi ? sd_r1 : sd_r0;
627
628 default:
629 sd->state = sd_idle_state;
630 sd_reset(sd, sd->bdrv);
631 return sd->spi ? sd_r1 : sd_r0;
632 }
633 break;
634
635 case 1: /* CMD1: SEND_OP_CMD */
636 if (!sd->spi)
637 goto bad_cmd;
638
639 sd->state = sd_transfer_state;
640 return sd_r1;
641
642 case 2: /* CMD2: ALL_SEND_CID */
643 if (sd->spi)
644 goto bad_cmd;
645 switch (sd->state) {
646 case sd_ready_state:
647 sd->state = sd_identification_state;
648 return sd_r2_i;
649
650 default:
651 break;
652 }
653 break;
654
655 case 3: /* CMD3: SEND_RELATIVE_ADDR */
656 if (sd->spi)
657 goto bad_cmd;
658 switch (sd->state) {
659 case sd_identification_state:
660 case sd_standby_state:
661 sd->state = sd_standby_state;
662 sd_set_rca(sd);
663 return sd_r6;
664
665 default:
666 break;
667 }
668 break;
669
670 case 4: /* CMD4: SEND_DSR */
671 if (sd->spi)
672 goto bad_cmd;
673 switch (sd->state) {
674 case sd_standby_state:
675 break;
676
677 default:
678 break;
679 }
680 break;
681
682 case 5: /* CMD5: reserved for SDIO cards */
683 return sd_illegal;
684
685 case 6: /* CMD6: SWITCH_FUNCTION */
686 if (sd->spi)
687 goto bad_cmd;
688 switch (sd->mode) {
689 case sd_data_transfer_mode:
690 sd_function_switch(sd, req.arg);
691 sd->state = sd_sendingdata_state;
692 sd->data_start = 0;
693 sd->data_offset = 0;
694 return sd_r1;
695
696 default:
697 break;
698 }
699 break;
700
701 case 7: /* CMD7: SELECT/DESELECT_CARD */
702 if (sd->spi)
703 goto bad_cmd;
704 switch (sd->state) {
705 case sd_standby_state:
706 if (sd->rca != rca)
707 return sd_r0;
708
709 sd->state = sd_transfer_state;
710 return sd_r1b;
711
712 case sd_transfer_state:
713 case sd_sendingdata_state:
714 if (sd->rca == rca)
715 break;
716
717 sd->state = sd_standby_state;
718 return sd_r1b;
719
720 case sd_disconnect_state:
721 if (sd->rca != rca)
722 return sd_r0;
723
724 sd->state = sd_programming_state;
725 return sd_r1b;
726
727 case sd_programming_state:
728 if (sd->rca == rca)
729 break;
730
731 sd->state = sd_disconnect_state;
732 return sd_r1b;
733
734 default:
735 break;
736 }
737 break;
738
739 case 8: /* CMD8: SEND_IF_COND */
740 /* Physical Layer Specification Version 2.00 command */
741 switch (sd->state) {
742 case sd_idle_state:
743 sd->vhs = 0;
744
745 /* No response if not exactly one VHS bit is set. */
746 if (!(req.arg >> 8) || (req.arg >> ffs(req.arg & ~0xff)))
747 return sd->spi ? sd_r7 : sd_r0;
748
749 /* Accept. */
750 sd->vhs = req.arg;
751 return sd_r7;
752
753 default:
754 break;
755 }
756 break;
757
758 case 9: /* CMD9: SEND_CSD */
759 switch (sd->state) {
760 case sd_standby_state:
761 if (sd->rca != rca)
762 return sd_r0;
763
764 return sd_r2_s;
765
766 case sd_transfer_state:
767 if (!sd->spi)
768 break;
769 sd->state = sd_sendingdata_state;
770 memcpy(sd->data, sd->csd, 16);
771 sd->data_start = addr;
772 sd->data_offset = 0;
773 return sd_r1;
774
775 default:
776 break;
777 }
778 break;
779
780 case 10: /* CMD10: SEND_CID */
781 switch (sd->state) {
782 case sd_standby_state:
783 if (sd->rca != rca)
784 return sd_r0;
785
786 return sd_r2_i;
787
788 case sd_transfer_state:
789 if (!sd->spi)
790 break;
791 sd->state = sd_sendingdata_state;
792 memcpy(sd->data, sd->cid, 16);
793 sd->data_start = addr;
794 sd->data_offset = 0;
795 return sd_r1;
796
797 default:
798 break;
799 }
800 break;
801
802 case 11: /* CMD11: READ_DAT_UNTIL_STOP */
803 if (sd->spi)
804 goto bad_cmd;
805 switch (sd->state) {
806 case sd_transfer_state:
807 sd->state = sd_sendingdata_state;
808 sd->data_start = req.arg;
809 sd->data_offset = 0;
810
811 if (sd->data_start + sd->blk_len > sd->size)
812 sd->card_status |= ADDRESS_ERROR;
813 return sd_r0;
814
815 default:
816 break;
817 }
818 break;
819
820 case 12: /* CMD12: STOP_TRANSMISSION */
821 switch (sd->state) {
822 case sd_sendingdata_state:
823 sd->state = sd_transfer_state;
824 return sd_r1b;
825
826 case sd_receivingdata_state:
827 sd->state = sd_programming_state;
828 /* Bzzzzzzztt .... Operation complete. */
829 sd->state = sd_transfer_state;
830 return sd_r1b;
831
832 default:
833 break;
834 }
835 break;
836
837 case 13: /* CMD13: SEND_STATUS */
838 switch (sd->mode) {
839 case sd_data_transfer_mode:
840 if (sd->rca != rca)
841 return sd_r0;
842
843 return sd_r1;
844
845 default:
846 break;
847 }
848 break;
849
850 case 15: /* CMD15: GO_INACTIVE_STATE */
851 if (sd->spi)
852 goto bad_cmd;
853 switch (sd->mode) {
854 case sd_data_transfer_mode:
855 if (sd->rca != rca)
856 return sd_r0;
857
858 sd->state = sd_inactive_state;
859 return sd_r0;
860
861 default:
862 break;
863 }
864 break;
865
866 /* Block read commands (Classs 2) */
867 case 16: /* CMD16: SET_BLOCKLEN */
868 switch (sd->state) {
869 case sd_transfer_state:
870 if (req.arg > (1 << HWBLOCK_SHIFT))
871 sd->card_status |= BLOCK_LEN_ERROR;
872 else
873 sd->blk_len = req.arg;
874
875 return sd_r1;
876
877 default:
878 break;
879 }
880 break;
881
882 case 17: /* CMD17: READ_SINGLE_BLOCK */
883 switch (sd->state) {
884 case sd_transfer_state:
885 sd->state = sd_sendingdata_state;
886 sd->data_start = addr;
887 sd->data_offset = 0;
888
889 if (sd->data_start + sd->blk_len > sd->size)
890 sd->card_status |= ADDRESS_ERROR;
891 return sd_r1;
892
893 default:
894 break;
895 }
896 break;
897
898 case 18: /* CMD18: READ_MULTIPLE_BLOCK */
899 switch (sd->state) {
900 case sd_transfer_state:
901 sd->state = sd_sendingdata_state;
902 sd->data_start = addr;
903 sd->data_offset = 0;
904
905 if (sd->data_start + sd->blk_len > sd->size)
906 sd->card_status |= ADDRESS_ERROR;
907 return sd_r1;
908
909 default:
910 break;
911 }
912 break;
913
914 /* Block write commands (Class 4) */
915 case 24: /* CMD24: WRITE_SINGLE_BLOCK */
916 if (sd->spi)
917 goto unimplemented_cmd;
918 switch (sd->state) {
919 case sd_transfer_state:
920 /* Writing in SPI mode not implemented. */
921 if (sd->spi)
922 break;
923 sd->state = sd_receivingdata_state;
924 sd->data_start = addr;
925 sd->data_offset = 0;
926 sd->blk_written = 0;
927
928 if (sd->data_start + sd->blk_len > sd->size)
929 sd->card_status |= ADDRESS_ERROR;
930 if (sd_wp_addr(sd, sd->data_start))
931 sd->card_status |= WP_VIOLATION;
932 if (sd->csd[14] & 0x30)
933 sd->card_status |= WP_VIOLATION;
934 return sd_r1;
935
936 default:
937 break;
938 }
939 break;
940
941 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
942 if (sd->spi)
943 goto unimplemented_cmd;
944 switch (sd->state) {
945 case sd_transfer_state:
946 /* Writing in SPI mode not implemented. */
947 if (sd->spi)
948 break;
949 sd->state = sd_receivingdata_state;
950 sd->data_start = addr;
951 sd->data_offset = 0;
952 sd->blk_written = 0;
953
954 if (sd->data_start + sd->blk_len > sd->size)
955 sd->card_status |= ADDRESS_ERROR;
956 if (sd_wp_addr(sd, sd->data_start))
957 sd->card_status |= WP_VIOLATION;
958 if (sd->csd[14] & 0x30)
959 sd->card_status |= WP_VIOLATION;
960 return sd_r1;
961
962 default:
963 break;
964 }
965 break;
966
967 case 26: /* CMD26: PROGRAM_CID */
968 if (sd->spi)
969 goto bad_cmd;
970 switch (sd->state) {
971 case sd_transfer_state:
972 sd->state = sd_receivingdata_state;
973 sd->data_start = 0;
974 sd->data_offset = 0;
975 return sd_r1;
976
977 default:
978 break;
979 }
980 break;
981
982 case 27: /* CMD27: PROGRAM_CSD */
983 if (sd->spi)
984 goto unimplemented_cmd;
985 switch (sd->state) {
986 case sd_transfer_state:
987 sd->state = sd_receivingdata_state;
988 sd->data_start = 0;
989 sd->data_offset = 0;
990 return sd_r1;
991
992 default:
993 break;
994 }
995 break;
996
997 /* Write protection (Class 6) */
998 case 28: /* CMD28: SET_WRITE_PROT */
999 switch (sd->state) {
1000 case sd_transfer_state:
1001 if (addr >= sd->size) {
1002 sd->card_status |= ADDRESS_ERROR;
1003 return sd_r1b;
1004 }
1005
1006 sd->state = sd_programming_state;
1007 sd->wp_groups[addr >> (HWBLOCK_SHIFT +
1008 SECTOR_SHIFT + WPGROUP_SHIFT)] = 1;
1009 /* Bzzzzzzztt .... Operation complete. */
1010 sd->state = sd_transfer_state;
1011 return sd_r1b;
1012
1013 default:
1014 break;
1015 }
1016 break;
1017
1018 case 29: /* CMD29: CLR_WRITE_PROT */
1019 switch (sd->state) {
1020 case sd_transfer_state:
1021 if (addr >= sd->size) {
1022 sd->card_status |= ADDRESS_ERROR;
1023 return sd_r1b;
1024 }
1025
1026 sd->state = sd_programming_state;
1027 sd->wp_groups[addr >> (HWBLOCK_SHIFT +
1028 SECTOR_SHIFT + WPGROUP_SHIFT)] = 0;
1029 /* Bzzzzzzztt .... Operation complete. */
1030 sd->state = sd_transfer_state;
1031 return sd_r1b;
1032
1033 default:
1034 break;
1035 }
1036 break;
1037
1038 case 30: /* CMD30: SEND_WRITE_PROT */
1039 switch (sd->state) {
1040 case sd_transfer_state:
1041 sd->state = sd_sendingdata_state;
1042 *(uint32_t *) sd->data = sd_wpbits(sd, req.arg);
1043 sd->data_start = addr;
1044 sd->data_offset = 0;
1045 return sd_r1b;
1046
1047 default:
1048 break;
1049 }
1050 break;
1051
1052 /* Erase commands (Class 5) */
1053 case 32: /* CMD32: ERASE_WR_BLK_START */
1054 switch (sd->state) {
1055 case sd_transfer_state:
1056 sd->erase_start = req.arg;
1057 return sd_r1;
1058
1059 default:
1060 break;
1061 }
1062 break;
1063
1064 case 33: /* CMD33: ERASE_WR_BLK_END */
1065 switch (sd->state) {
1066 case sd_transfer_state:
1067 sd->erase_end = req.arg;
1068 return sd_r1;
1069
1070 default:
1071 break;
1072 }
1073 break;
1074
1075 case 38: /* CMD38: ERASE */
1076 switch (sd->state) {
1077 case sd_transfer_state:
1078 if (sd->csd[14] & 0x30) {
1079 sd->card_status |= WP_VIOLATION;
1080 return sd_r1b;
1081 }
1082
1083 sd->state = sd_programming_state;
1084 sd_erase(sd);
1085 /* Bzzzzzzztt .... Operation complete. */
1086 sd->state = sd_transfer_state;
1087 return sd_r1b;
1088
1089 default:
1090 break;
1091 }
1092 break;
1093
1094 /* Lock card commands (Class 7) */
1095 case 42: /* CMD42: LOCK_UNLOCK */
1096 if (sd->spi)
1097 goto unimplemented_cmd;
1098 switch (sd->state) {
1099 case sd_transfer_state:
1100 sd->state = sd_receivingdata_state;
1101 sd->data_start = 0;
1102 sd->data_offset = 0;
1103 return sd_r1;
1104
1105 default:
1106 break;
1107 }
1108 break;
1109
1110 case 52:
1111 case 53:
1112 /* CMD52, CMD53: reserved for SDIO cards
1113 * (see the SDIO Simplified Specification V2.0)
1114 * Handle as illegal command but do not complain
1115 * on stderr, as some OSes may use these in their
1116 * probing for presence of an SDIO card.
1117 */
1118 return sd_illegal;
1119
1120 /* Application specific commands (Class 8) */
1121 case 55: /* CMD55: APP_CMD */
1122 if (sd->rca != rca)
1123 return sd_r0;
1124
1125 sd->card_status |= APP_CMD;
1126 return sd_r1;
1127
1128 case 56: /* CMD56: GEN_CMD */
1129 fprintf(stderr, "SD: GEN_CMD 0x%08x\n", req.arg);
1130
1131 switch (sd->state) {
1132 case sd_transfer_state:
1133 sd->data_offset = 0;
1134 if (req.arg & 1)
1135 sd->state = sd_sendingdata_state;
1136 else
1137 sd->state = sd_receivingdata_state;
1138 return sd_r1;
1139
1140 default:
1141 break;
1142 }
1143 break;
1144
1145 default:
1146 bad_cmd:
1147 fprintf(stderr, "SD: Unknown CMD%i\n", req.cmd);
1148 return sd_illegal;
1149
1150 unimplemented_cmd:
1151 /* Commands that are recognised but not yet implemented in SPI mode. */
1152 fprintf(stderr, "SD: CMD%i not implemented in SPI mode\n", req.cmd);
1153 return sd_illegal;
1154 }
1155
1156 fprintf(stderr, "SD: CMD%i in a wrong state\n", req.cmd);
1157 return sd_illegal;
1158 }
1159
1160 static sd_rsp_type_t sd_app_command(SDState *sd,
1161 SDRequest req)
1162 {
1163 DPRINTF("ACMD%d 0x%08x\n", req.cmd, req.arg);
1164 switch (req.cmd) {
1165 case 6: /* ACMD6: SET_BUS_WIDTH */
1166 switch (sd->state) {
1167 case sd_transfer_state:
1168 sd->sd_status[0] &= 0x3f;
1169 sd->sd_status[0] |= (req.arg & 0x03) << 6;
1170 return sd_r1;
1171
1172 default:
1173 break;
1174 }
1175 break;
1176
1177 case 13: /* ACMD13: SD_STATUS */
1178 switch (sd->state) {
1179 case sd_transfer_state:
1180 sd->state = sd_sendingdata_state;
1181 sd->data_start = 0;
1182 sd->data_offset = 0;
1183 return sd_r1;
1184
1185 default:
1186 break;
1187 }
1188 break;
1189
1190 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
1191 switch (sd->state) {
1192 case sd_transfer_state:
1193 *(uint32_t *) sd->data = sd->blk_written;
1194
1195 sd->state = sd_sendingdata_state;
1196 sd->data_start = 0;
1197 sd->data_offset = 0;
1198 return sd_r1;
1199
1200 default:
1201 break;
1202 }
1203 break;
1204
1205 case 23: /* ACMD23: SET_WR_BLK_ERASE_COUNT */
1206 switch (sd->state) {
1207 case sd_transfer_state:
1208 return sd_r1;
1209
1210 default:
1211 break;
1212 }
1213 break;
1214
1215 case 41: /* ACMD41: SD_APP_OP_COND */
1216 if (sd->spi) {
1217 /* SEND_OP_CMD */
1218 sd->state = sd_transfer_state;
1219 return sd_r1;
1220 }
1221 switch (sd->state) {
1222 case sd_idle_state:
1223 /* We accept any voltage. 10000 V is nothing. */
1224 if (req.arg)
1225 sd->state = sd_ready_state;
1226
1227 return sd_r3;
1228
1229 default:
1230 break;
1231 }
1232 break;
1233
1234 case 42: /* ACMD42: SET_CLR_CARD_DETECT */
1235 switch (sd->state) {
1236 case sd_transfer_state:
1237 /* Bringing in the 50KOhm pull-up resistor... Done. */
1238 return sd_r1;
1239
1240 default:
1241 break;
1242 }
1243 break;
1244
1245 case 51: /* ACMD51: SEND_SCR */
1246 switch (sd->state) {
1247 case sd_transfer_state:
1248 sd->state = sd_sendingdata_state;
1249 sd->data_start = 0;
1250 sd->data_offset = 0;
1251 return sd_r1;
1252
1253 default:
1254 break;
1255 }
1256 break;
1257
1258 default:
1259 /* Fall back to standard commands. */
1260 sd->card_status &= ~APP_CMD;
1261 return sd_normal_command(sd, req);
1262 }
1263
1264 fprintf(stderr, "SD: ACMD%i in a wrong state\n", req.cmd);
1265 return sd_r0;
1266 }
1267
1268 static int cmd_valid_while_locked(SDState *sd, SDRequest *req)
1269 {
1270 /* Valid commands in locked state:
1271 * basic class (0)
1272 * lock card class (7)
1273 * CMD16
1274 * implicitly, the ACMD prefix CMD55
1275 * ACMD41 and ACMD42
1276 * Anything else provokes an "illegal command" response.
1277 */
1278 if (sd->card_status & APP_CMD) {
1279 return req->cmd == 41 || req->cmd == 42;
1280 }
1281 if (req->cmd == 16 || req->cmd == 55) {
1282 return 1;
1283 }
1284 return sd_cmd_class[req->cmd] == 0 || sd_cmd_class[req->cmd] == 7;
1285 }
1286
1287 int sd_do_command(SDState *sd, SDRequest *req,
1288 uint8_t *response) {
1289 uint32_t last_status = sd->card_status;
1290 sd_rsp_type_t rtype;
1291 int rsplen;
1292
1293 if (!sd->bdrv || !bdrv_is_inserted(sd->bdrv) || !sd->enable) {
1294 return 0;
1295 }
1296
1297 if (sd_req_crc_validate(req)) {
1298 sd->card_status |= COM_CRC_ERROR;
1299 return 0;
1300 }
1301
1302 sd->card_status &= ~CARD_STATUS_B;
1303 sd_set_status(sd);
1304
1305 if (last_status & CARD_IS_LOCKED) {
1306 if (!cmd_valid_while_locked(sd, req)) {
1307 sd->card_status |= ILLEGAL_COMMAND;
1308 fprintf(stderr, "SD: Card is locked\n");
1309 return 0;
1310 }
1311 }
1312
1313 if (last_status & APP_CMD) {
1314 rtype = sd_app_command(sd, *req);
1315 sd->card_status &= ~APP_CMD;
1316 } else
1317 rtype = sd_normal_command(sd, *req);
1318
1319 if (rtype == sd_illegal) {
1320 sd->card_status |= ILLEGAL_COMMAND;
1321 }
1322
1323 sd->current_cmd = req->cmd;
1324
1325 switch (rtype) {
1326 case sd_r1:
1327 case sd_r1b:
1328 sd_response_r1_make(sd, response, last_status);
1329 rsplen = 4;
1330 break;
1331
1332 case sd_r2_i:
1333 memcpy(response, sd->cid, sizeof(sd->cid));
1334 rsplen = 16;
1335 break;
1336
1337 case sd_r2_s:
1338 memcpy(response, sd->csd, sizeof(sd->csd));
1339 rsplen = 16;
1340 break;
1341
1342 case sd_r3:
1343 sd_response_r3_make(sd, response);
1344 rsplen = 4;
1345 break;
1346
1347 case sd_r6:
1348 sd_response_r6_make(sd, response);
1349 rsplen = 4;
1350 break;
1351
1352 case sd_r7:
1353 sd_response_r7_make(sd, response);
1354 rsplen = 4;
1355 break;
1356
1357 case sd_r0:
1358 case sd_illegal:
1359 default:
1360 rsplen = 0;
1361 break;
1362 }
1363
1364 #ifdef DEBUG_SD
1365 if (rsplen) {
1366 int i;
1367 DPRINTF("Response:");
1368 for (i = 0; i < rsplen; i++)
1369 printf(" %02x", response[i]);
1370 printf(" state %d\n", sd->state);
1371 } else {
1372 DPRINTF("No response %d\n", sd->state);
1373 }
1374 #endif
1375
1376 return rsplen;
1377 }
1378
1379 static void sd_blk_read(SDState *sd, uint64_t addr, uint32_t len)
1380 {
1381 uint64_t end = addr + len;
1382
1383 DPRINTF("sd_blk_read: addr = 0x%08llx, len = %d\n",
1384 (unsigned long long) addr, len);
1385 if (!sd->bdrv || bdrv_read(sd->bdrv, addr >> 9, sd->buf, 1) == -1) {
1386 fprintf(stderr, "sd_blk_read: read error on host side\n");
1387 return;
1388 }
1389
1390 if (end > (addr & ~511) + 512) {
1391 memcpy(sd->data, sd->buf + (addr & 511), 512 - (addr & 511));
1392
1393 if (bdrv_read(sd->bdrv, end >> 9, sd->buf, 1) == -1) {
1394 fprintf(stderr, "sd_blk_read: read error on host side\n");
1395 return;
1396 }
1397 memcpy(sd->data + 512 - (addr & 511), sd->buf, end & 511);
1398 } else
1399 memcpy(sd->data, sd->buf + (addr & 511), len);
1400 }
1401
1402 static void sd_blk_write(SDState *sd, uint64_t addr, uint32_t len)
1403 {
1404 uint64_t end = addr + len;
1405
1406 if ((addr & 511) || len < 512)
1407 if (!sd->bdrv || bdrv_read(sd->bdrv, addr >> 9, sd->buf, 1) == -1) {
1408 fprintf(stderr, "sd_blk_write: read error on host side\n");
1409 return;
1410 }
1411
1412 if (end > (addr & ~511) + 512) {
1413 memcpy(sd->buf + (addr & 511), sd->data, 512 - (addr & 511));
1414 if (bdrv_write(sd->bdrv, addr >> 9, sd->buf, 1) == -1) {
1415 fprintf(stderr, "sd_blk_write: write error on host side\n");
1416 return;
1417 }
1418
1419 if (bdrv_read(sd->bdrv, end >> 9, sd->buf, 1) == -1) {
1420 fprintf(stderr, "sd_blk_write: read error on host side\n");
1421 return;
1422 }
1423 memcpy(sd->buf, sd->data + 512 - (addr & 511), end & 511);
1424 if (bdrv_write(sd->bdrv, end >> 9, sd->buf, 1) == -1)
1425 fprintf(stderr, "sd_blk_write: write error on host side\n");
1426 } else {
1427 memcpy(sd->buf + (addr & 511), sd->data, len);
1428 if (!sd->bdrv || bdrv_write(sd->bdrv, addr >> 9, sd->buf, 1) == -1)
1429 fprintf(stderr, "sd_blk_write: write error on host side\n");
1430 }
1431 }
1432
1433 #define BLK_READ_BLOCK(a, len) sd_blk_read(sd, a, len)
1434 #define BLK_WRITE_BLOCK(a, len) sd_blk_write(sd, a, len)
1435 #define APP_READ_BLOCK(a, len) memset(sd->data, 0xec, len)
1436 #define APP_WRITE_BLOCK(a, len)
1437
1438 void sd_write_data(SDState *sd, uint8_t value)
1439 {
1440 int i;
1441
1442 if (!sd->bdrv || !bdrv_is_inserted(sd->bdrv) || !sd->enable)
1443 return;
1444
1445 if (sd->state != sd_receivingdata_state) {
1446 fprintf(stderr, "sd_write_data: not in Receiving-Data state\n");
1447 return;
1448 }
1449
1450 if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION))
1451 return;
1452
1453 switch (sd->current_cmd) {
1454 case 24: /* CMD24: WRITE_SINGLE_BLOCK */
1455 sd->data[sd->data_offset ++] = value;
1456 if (sd->data_offset >= sd->blk_len) {
1457 /* TODO: Check CRC before committing */
1458 sd->state = sd_programming_state;
1459 BLK_WRITE_BLOCK(sd->data_start, sd->data_offset);
1460 sd->blk_written ++;
1461 sd->csd[14] |= 0x40;
1462 /* Bzzzzzzztt .... Operation complete. */
1463 sd->state = sd_transfer_state;
1464 }
1465 break;
1466
1467 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
1468 if (sd->data_offset == 0) {
1469 /* Start of the block - lets check the address is valid */
1470 if (sd->data_start + sd->blk_len > sd->size) {
1471 sd->card_status |= ADDRESS_ERROR;
1472 break;
1473 }
1474 if (sd_wp_addr(sd, sd->data_start)) {
1475 sd->card_status |= WP_VIOLATION;
1476 break;
1477 }
1478 }
1479 sd->data[sd->data_offset++] = value;
1480 if (sd->data_offset >= sd->blk_len) {
1481 /* TODO: Check CRC before committing */
1482 sd->state = sd_programming_state;
1483 BLK_WRITE_BLOCK(sd->data_start, sd->data_offset);
1484 sd->blk_written++;
1485 sd->data_start += sd->blk_len;
1486 sd->data_offset = 0;
1487 sd->csd[14] |= 0x40;
1488
1489 /* Bzzzzzzztt .... Operation complete. */
1490 sd->state = sd_receivingdata_state;
1491 }
1492 break;
1493
1494 case 26: /* CMD26: PROGRAM_CID */
1495 sd->data[sd->data_offset ++] = value;
1496 if (sd->data_offset >= sizeof(sd->cid)) {
1497 /* TODO: Check CRC before committing */
1498 sd->state = sd_programming_state;
1499 for (i = 0; i < sizeof(sd->cid); i ++)
1500 if ((sd->cid[i] | 0x00) != sd->data[i])
1501 sd->card_status |= CID_CSD_OVERWRITE;
1502
1503 if (!(sd->card_status & CID_CSD_OVERWRITE))
1504 for (i = 0; i < sizeof(sd->cid); i ++) {
1505 sd->cid[i] |= 0x00;
1506 sd->cid[i] &= sd->data[i];
1507 }
1508 /* Bzzzzzzztt .... Operation complete. */
1509 sd->state = sd_transfer_state;
1510 }
1511 break;
1512
1513 case 27: /* CMD27: PROGRAM_CSD */
1514 sd->data[sd->data_offset ++] = value;
1515 if (sd->data_offset >= sizeof(sd->csd)) {
1516 /* TODO: Check CRC before committing */
1517 sd->state = sd_programming_state;
1518 for (i = 0; i < sizeof(sd->csd); i ++)
1519 if ((sd->csd[i] | sd_csd_rw_mask[i]) !=
1520 (sd->data[i] | sd_csd_rw_mask[i]))
1521 sd->card_status |= CID_CSD_OVERWRITE;
1522
1523 /* Copy flag (OTP) & Permanent write protect */
1524 if (sd->csd[14] & ~sd->data[14] & 0x60)
1525 sd->card_status |= CID_CSD_OVERWRITE;
1526
1527 if (!(sd->card_status & CID_CSD_OVERWRITE))
1528 for (i = 0; i < sizeof(sd->csd); i ++) {
1529 sd->csd[i] |= sd_csd_rw_mask[i];
1530 sd->csd[i] &= sd->data[i];
1531 }
1532 /* Bzzzzzzztt .... Operation complete. */
1533 sd->state = sd_transfer_state;
1534 }
1535 break;
1536
1537 case 42: /* CMD42: LOCK_UNLOCK */
1538 sd->data[sd->data_offset ++] = value;
1539 if (sd->data_offset >= sd->blk_len) {
1540 /* TODO: Check CRC before committing */
1541 sd->state = sd_programming_state;
1542 sd_lock_command(sd);
1543 /* Bzzzzzzztt .... Operation complete. */
1544 sd->state = sd_transfer_state;
1545 }
1546 break;
1547
1548 case 56: /* CMD56: GEN_CMD */
1549 sd->data[sd->data_offset ++] = value;
1550 if (sd->data_offset >= sd->blk_len) {
1551 APP_WRITE_BLOCK(sd->data_start, sd->data_offset);
1552 sd->state = sd_transfer_state;
1553 }
1554 break;
1555
1556 default:
1557 fprintf(stderr, "sd_write_data: unknown command\n");
1558 break;
1559 }
1560 }
1561
1562 uint8_t sd_read_data(SDState *sd)
1563 {
1564 /* TODO: Append CRCs */
1565 uint8_t ret;
1566 int io_len;
1567
1568 if (!sd->bdrv || !bdrv_is_inserted(sd->bdrv) || !sd->enable)
1569 return 0x00;
1570
1571 if (sd->state != sd_sendingdata_state) {
1572 fprintf(stderr, "sd_read_data: not in Sending-Data state\n");
1573 return 0x00;
1574 }
1575
1576 if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION))
1577 return 0x00;
1578
1579 io_len = (sd->ocr & (1 << 30)) ? 512 : sd->blk_len;
1580
1581 switch (sd->current_cmd) {
1582 case 6: /* CMD6: SWITCH_FUNCTION */
1583 ret = sd->data[sd->data_offset ++];
1584
1585 if (sd->data_offset >= 64)
1586 sd->state = sd_transfer_state;
1587 break;
1588
1589 case 9: /* CMD9: SEND_CSD */
1590 case 10: /* CMD10: SEND_CID */
1591 ret = sd->data[sd->data_offset ++];
1592
1593 if (sd->data_offset >= 16)
1594 sd->state = sd_transfer_state;
1595 break;
1596
1597 case 11: /* CMD11: READ_DAT_UNTIL_STOP */
1598 if (sd->data_offset == 0)
1599 BLK_READ_BLOCK(sd->data_start, io_len);
1600 ret = sd->data[sd->data_offset ++];
1601
1602 if (sd->data_offset >= io_len) {
1603 sd->data_start += io_len;
1604 sd->data_offset = 0;
1605 if (sd->data_start + io_len > sd->size) {
1606 sd->card_status |= ADDRESS_ERROR;
1607 break;
1608 }
1609 }
1610 break;
1611
1612 case 13: /* ACMD13: SD_STATUS */
1613 ret = sd->sd_status[sd->data_offset ++];
1614
1615 if (sd->data_offset >= sizeof(sd->sd_status))
1616 sd->state = sd_transfer_state;
1617 break;
1618
1619 case 17: /* CMD17: READ_SINGLE_BLOCK */
1620 if (sd->data_offset == 0)
1621 BLK_READ_BLOCK(sd->data_start, io_len);
1622 ret = sd->data[sd->data_offset ++];
1623
1624 if (sd->data_offset >= io_len)
1625 sd->state = sd_transfer_state;
1626 break;
1627
1628 case 18: /* CMD18: READ_MULTIPLE_BLOCK */
1629 if (sd->data_offset == 0)
1630 BLK_READ_BLOCK(sd->data_start, io_len);
1631 ret = sd->data[sd->data_offset ++];
1632
1633 if (sd->data_offset >= io_len) {
1634 sd->data_start += io_len;
1635 sd->data_offset = 0;
1636 if (sd->data_start + io_len > sd->size) {
1637 sd->card_status |= ADDRESS_ERROR;
1638 break;
1639 }
1640 }
1641 break;
1642
1643 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
1644 ret = sd->data[sd->data_offset ++];
1645
1646 if (sd->data_offset >= 4)
1647 sd->state = sd_transfer_state;
1648 break;
1649
1650 case 30: /* CMD30: SEND_WRITE_PROT */
1651 ret = sd->data[sd->data_offset ++];
1652
1653 if (sd->data_offset >= 4)
1654 sd->state = sd_transfer_state;
1655 break;
1656
1657 case 51: /* ACMD51: SEND_SCR */
1658 ret = sd->scr[sd->data_offset ++];
1659
1660 if (sd->data_offset >= sizeof(sd->scr))
1661 sd->state = sd_transfer_state;
1662 break;
1663
1664 case 56: /* CMD56: GEN_CMD */
1665 if (sd->data_offset == 0)
1666 APP_READ_BLOCK(sd->data_start, sd->blk_len);
1667 ret = sd->data[sd->data_offset ++];
1668
1669 if (sd->data_offset >= sd->blk_len)
1670 sd->state = sd_transfer_state;
1671 break;
1672
1673 default:
1674 fprintf(stderr, "sd_read_data: unknown command\n");
1675 return 0x00;
1676 }
1677
1678 return ret;
1679 }
1680
1681 int sd_data_ready(SDState *sd)
1682 {
1683 return sd->state == sd_sendingdata_state;
1684 }
1685
1686 void sd_enable(SDState *sd, int enable)
1687 {
1688 sd->enable = enable;
1689 }
QEMU mirror