]> git.proxmox.com Git - mirror_qemu.git/blob - hw/sd.c
projects / mirror_qemu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
hw/sd.c: Correct handling of APP_CMD status bit
[mirror_qemu.git] / hw / sd.c
1 /*
2 * SD Memory Card emulation as defined in the "SD Memory Card Physical
3 * layer specification, Version 1.10."
4 *
5 * Copyright (c) 2006 Andrzej Zaborowski <balrog@zabor.org>
6 * Copyright (c) 2007 CodeSourcery
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in
16 * the documentation and/or other materials provided with the
17 * distribution.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS''
20 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
21 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
22 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR
23 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
24 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
25 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
26 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
27 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
28 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
29 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
30 */
31
32 #include "hw.h"
33 #include "block.h"
34 #include "sd.h"
35
36 //#define DEBUG_SD 1
37
38 #ifdef DEBUG_SD
39 #define DPRINTF(fmt, ...) \
40 do { fprintf(stderr, "SD: " fmt , ## __VA_ARGS__); } while (0)
41 #else
42 #define DPRINTF(fmt, ...) do {} while(0)
43 #endif
44
45 typedef enum {
46 sd_r0 = 0, /* no response */
47 sd_r1, /* normal response command */
48 sd_r2_i, /* CID register */
49 sd_r2_s, /* CSD register */
50 sd_r3, /* OCR register */
51 sd_r6 = 6, /* Published RCA response */
52 sd_r7, /* Operating voltage */
53 sd_r1b = -1,
54 sd_illegal = -2,
55 } sd_rsp_type_t;
56
57 struct SDState {
58 enum {
59 sd_inactive,
60 sd_card_identification_mode,
61 sd_data_transfer_mode,
62 } mode;
63 enum {
64 sd_inactive_state = -1,
65 sd_idle_state = 0,
66 sd_ready_state,
67 sd_identification_state,
68 sd_standby_state,
69 sd_transfer_state,
70 sd_sendingdata_state,
71 sd_receivingdata_state,
72 sd_programming_state,
73 sd_disconnect_state,
74 } state;
75 uint32_t ocr;
76 uint8_t scr[8];
77 uint8_t cid[16];
78 uint8_t csd[16];
79 uint16_t rca;
80 uint32_t card_status;
81 uint8_t sd_status[64];
82 uint32_t vhs;
83 int wp_switch;
84 int *wp_groups;
85 uint64_t size;
86 int blk_len;
87 uint32_t erase_start;
88 uint32_t erase_end;
89 uint8_t pwd[16];
90 int pwd_len;
91 int function_group[6];
92
93 int spi;
94 int current_cmd;
95 /* True if we will handle the next command as an ACMD. Note that this does
96 * *not* track the APP_CMD status bit!
97 */
98 int expecting_acmd;
99 int blk_written;
100 uint64_t data_start;
101 uint32_t data_offset;
102 uint8_t data[512];
103 qemu_irq readonly_cb;
104 qemu_irq inserted_cb;
105 BlockDriverState *bdrv;
106 uint8_t *buf;
107
108 int enable;
109 };
110
111 static void sd_set_mode(SDState *sd)
112 {
113 switch (sd->state) {
114 case sd_inactive_state:
115 sd->mode = sd_inactive;
116 break;
117
118 case sd_idle_state:
119 case sd_ready_state:
120 case sd_identification_state:
121 sd->mode = sd_card_identification_mode;
122 break;
123
124 case sd_standby_state:
125 case sd_transfer_state:
126 case sd_sendingdata_state:
127 case sd_receivingdata_state:
128 case sd_programming_state:
129 case sd_disconnect_state:
130 sd->mode = sd_data_transfer_mode;
131 break;
132 }
133 }
134
135 static const sd_cmd_type_t sd_cmd_type[64] = {
136 sd_bc, sd_none, sd_bcr, sd_bcr, sd_none, sd_none, sd_none, sd_ac,
137 sd_bcr, sd_ac, sd_ac, sd_adtc, sd_ac, sd_ac, sd_none, sd_ac,
138 sd_ac, sd_adtc, sd_adtc, sd_none, sd_none, sd_none, sd_none, sd_none,
139 sd_adtc, sd_adtc, sd_adtc, sd_adtc, sd_ac, sd_ac, sd_adtc, sd_none,
140 sd_ac, sd_ac, sd_none, sd_none, sd_none, sd_none, sd_ac, sd_none,
141 sd_none, sd_none, sd_bc, sd_none, sd_none, sd_none, sd_none, sd_none,
142 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_ac,
143 sd_adtc, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
144 };
145
146 static const sd_cmd_type_t sd_acmd_type[64] = {
147 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_ac, sd_none,
148 sd_none, sd_none, sd_none, sd_none, sd_none, sd_adtc, sd_none, sd_none,
149 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_adtc, sd_ac,
150 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
151 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
152 sd_none, sd_bcr, sd_ac, sd_none, sd_none, sd_none, sd_none, sd_none,
153 sd_none, sd_none, sd_none, sd_adtc, sd_none, sd_none, sd_none, sd_none,
154 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
155 };
156
157 static const int sd_cmd_class[64] = {
158 0, 0, 0, 0, 0, 9, 10, 0, 0, 0, 0, 1, 0, 0, 0, 0,
159 2, 2, 2, 2, 3, 3, 3, 3, 4, 4, 4, 4, 6, 6, 6, 6,
160 5, 5, 10, 10, 10, 10, 5, 9, 9, 9, 7, 7, 7, 7, 7, 7,
161 7, 7, 10, 7, 9, 9, 9, 8, 8, 10, 8, 8, 8, 8, 8, 8,
162 };
163
164 static uint8_t sd_crc7(void *message, size_t width)
165 {
166 int i, bit;
167 uint8_t shift_reg = 0x00;
168 uint8_t *msg = (uint8_t *) message;
169
170 for (i = 0; i < width; i ++, msg ++)
171 for (bit = 7; bit >= 0; bit --) {
172 shift_reg <<= 1;
173 if ((shift_reg >> 7) ^ ((*msg >> bit) & 1))
174 shift_reg ^= 0x89;
175 }
176
177 return shift_reg;
178 }
179
180 static uint16_t sd_crc16(void *message, size_t width)
181 {
182 int i, bit;
183 uint16_t shift_reg = 0x0000;
184 uint16_t *msg = (uint16_t *) message;
185 width <<= 1;
186
187 for (i = 0; i < width; i ++, msg ++)
188 for (bit = 15; bit >= 0; bit --) {
189 shift_reg <<= 1;
190 if ((shift_reg >> 15) ^ ((*msg >> bit) & 1))
191 shift_reg ^= 0x1011;
192 }
193
194 return shift_reg;
195 }
196
197 static void sd_set_ocr(SDState *sd)
198 {
199 /* All voltages OK, card power-up OK, Standard Capacity SD Memory Card */
200 sd->ocr = 0x80ffff00;
201 }
202
203 static void sd_set_scr(SDState *sd)
204 {
205 sd->scr[0] = 0x00; /* SCR Structure */
206 sd->scr[1] = 0x2f; /* SD Security Support */
207 sd->scr[2] = 0x00;
208 sd->scr[3] = 0x00;
209 sd->scr[4] = 0x00;
210 sd->scr[5] = 0x00;
211 sd->scr[6] = 0x00;
212 sd->scr[7] = 0x00;
213 }
214
215 #define MID 0xaa
216 #define OID "XY"
217 #define PNM "QEMU!"
218 #define PRV 0x01
219 #define MDT_YR 2006
220 #define MDT_MON 2
221
222 static void sd_set_cid(SDState *sd)
223 {
224 sd->cid[0] = MID; /* Fake card manufacturer ID (MID) */
225 sd->cid[1] = OID[0]; /* OEM/Application ID (OID) */
226 sd->cid[2] = OID[1];
227 sd->cid[3] = PNM[0]; /* Fake product name (PNM) */
228 sd->cid[4] = PNM[1];
229 sd->cid[5] = PNM[2];
230 sd->cid[6] = PNM[3];
231 sd->cid[7] = PNM[4];
232 sd->cid[8] = PRV; /* Fake product revision (PRV) */
233 sd->cid[9] = 0xde; /* Fake serial number (PSN) */
234 sd->cid[10] = 0xad;
235 sd->cid[11] = 0xbe;
236 sd->cid[12] = 0xef;
237 sd->cid[13] = 0x00 | /* Manufacture date (MDT) */
238 ((MDT_YR - 2000) / 10);
239 sd->cid[14] = ((MDT_YR % 10) << 4) | MDT_MON;
240 sd->cid[15] = (sd_crc7(sd->cid, 15) << 1) | 1;
241 }
242
243 #define HWBLOCK_SHIFT 9 /* 512 bytes */
244 #define SECTOR_SHIFT 5 /* 16 kilobytes */
245 #define WPGROUP_SHIFT 7 /* 2 megs */
246 #define CMULT_SHIFT 9 /* 512 times HWBLOCK_SIZE */
247 #define WPGROUP_SIZE (1 << (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT))
248
249 static const uint8_t sd_csd_rw_mask[16] = {
250 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
251 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xfc, 0xfe,
252 };
253
254 static void sd_set_csd(SDState *sd, uint64_t size)
255 {
256 uint32_t csize = (size >> (CMULT_SHIFT + HWBLOCK_SHIFT)) - 1;
257 uint32_t sectsize = (1 << (SECTOR_SHIFT + 1)) - 1;
258 uint32_t wpsize = (1 << (WPGROUP_SHIFT + 1)) - 1;
259
260 if (size <= 0x40000000) { /* Standard Capacity SD */
261 sd->csd[0] = 0x00; /* CSD structure */
262 sd->csd[1] = 0x26; /* Data read access-time-1 */
263 sd->csd[2] = 0x00; /* Data read access-time-2 */
264 sd->csd[3] = 0x5a; /* Max. data transfer rate */
265 sd->csd[4] = 0x5f; /* Card Command Classes */
266 sd->csd[5] = 0x50 | /* Max. read data block length */
267 HWBLOCK_SHIFT;
268 sd->csd[6] = 0xe0 | /* Partial block for read allowed */
269 ((csize >> 10) & 0x03);
270 sd->csd[7] = 0x00 | /* Device size */
271 ((csize >> 2) & 0xff);
272 sd->csd[8] = 0x3f | /* Max. read current */
273 ((csize << 6) & 0xc0);
274 sd->csd[9] = 0xfc | /* Max. write current */
275 ((CMULT_SHIFT - 2) >> 1);
276 sd->csd[10] = 0x40 | /* Erase sector size */
277 (((CMULT_SHIFT - 2) << 7) & 0x80) | (sectsize >> 1);
278 sd->csd[11] = 0x00 | /* Write protect group size */
279 ((sectsize << 7) & 0x80) | wpsize;
280 sd->csd[12] = 0x90 | /* Write speed factor */
281 (HWBLOCK_SHIFT >> 2);
282 sd->csd[13] = 0x20 | /* Max. write data block length */
283 ((HWBLOCK_SHIFT << 6) & 0xc0);
284 sd->csd[14] = 0x00; /* File format group */
285 sd->csd[15] = (sd_crc7(sd->csd, 15) << 1) | 1;
286 } else { /* SDHC */
287 size /= 512 * 1024;
288 size -= 1;
289 sd->csd[0] = 0x40;
290 sd->csd[1] = 0x0e;
291 sd->csd[2] = 0x00;
292 sd->csd[3] = 0x32;
293 sd->csd[4] = 0x5b;
294 sd->csd[5] = 0x59;
295 sd->csd[6] = 0x00;
296 sd->csd[7] = (size >> 16) & 0xff;
297 sd->csd[8] = (size >> 8) & 0xff;
298 sd->csd[9] = (size & 0xff);
299 sd->csd[10] = 0x7f;
300 sd->csd[11] = 0x80;
301 sd->csd[12] = 0x0a;
302 sd->csd[13] = 0x40;
303 sd->csd[14] = 0x00;
304 sd->csd[15] = 0x00;
305 sd->ocr |= 1 << 30; /* High Capacity SD Memort Card */
306 }
307 }
308
309 static void sd_set_rca(SDState *sd)
310 {
311 sd->rca += 0x4567;
312 }
313
314 /* Card status bits, split by clear condition:
315 * A : According to the card current state
316 * B : Always related to the previous command
317 * C : Cleared by read
318 */
319 #define CARD_STATUS_A 0x02004100
320 #define CARD_STATUS_B 0x00c01e00
321 #define CARD_STATUS_C 0xfd39a028
322
323 static void sd_set_cardstatus(SDState *sd)
324 {
325 sd->card_status = 0x00000100;
326 }
327
328 static void sd_set_sdstatus(SDState *sd)
329 {
330 memset(sd->sd_status, 0, 64);
331 }
332
333 static int sd_req_crc_validate(SDRequest *req)
334 {
335 uint8_t buffer[5];
336 buffer[0] = 0x40 | req->cmd;
337 buffer[1] = (req->arg >> 24) & 0xff;
338 buffer[2] = (req->arg >> 16) & 0xff;
339 buffer[3] = (req->arg >> 8) & 0xff;
340 buffer[4] = (req->arg >> 0) & 0xff;
341 return 0;
342 return sd_crc7(buffer, 5) != req->crc; /* TODO */
343 }
344
345 static void sd_response_r1_make(SDState *sd, uint8_t *response)
346 {
347 uint32_t status = sd->card_status;
348 /* Clear the "clear on read" status bits */
349 sd->card_status &= ~CARD_STATUS_C;
350
351 response[0] = (status >> 24) & 0xff;
352 response[1] = (status >> 16) & 0xff;
353 response[2] = (status >> 8) & 0xff;
354 response[3] = (status >> 0) & 0xff;
355 }
356
357 static void sd_response_r3_make(SDState *sd, uint8_t *response)
358 {
359 response[0] = (sd->ocr >> 24) & 0xff;
360 response[1] = (sd->ocr >> 16) & 0xff;
361 response[2] = (sd->ocr >> 8) & 0xff;
362 response[3] = (sd->ocr >> 0) & 0xff;
363 }
364
365 static void sd_response_r6_make(SDState *sd, uint8_t *response)
366 {
367 uint16_t arg;
368 uint16_t status;
369
370 arg = sd->rca;
371 status = ((sd->card_status >> 8) & 0xc000) |
372 ((sd->card_status >> 6) & 0x2000) |
373 (sd->card_status & 0x1fff);
374
375 response[0] = (arg >> 8) & 0xff;
376 response[1] = arg & 0xff;
377 response[2] = (status >> 8) & 0xff;
378 response[3] = status & 0xff;
379 }
380
381 static void sd_response_r7_make(SDState *sd, uint8_t *response)
382 {
383 response[0] = (sd->vhs >> 24) & 0xff;
384 response[1] = (sd->vhs >> 16) & 0xff;
385 response[2] = (sd->vhs >> 8) & 0xff;
386 response[3] = (sd->vhs >> 0) & 0xff;
387 }
388
389 static void sd_reset(SDState *sd, BlockDriverState *bdrv)
390 {
391 uint64_t size;
392 uint64_t sect;
393
394 if (bdrv) {
395 bdrv_get_geometry(bdrv, &sect);
396 } else {
397 sect = 0;
398 }
399 size = sect << 9;
400
401 sect = (size >> (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT)) + 1;
402
403 sd->state = sd_idle_state;
404 sd->rca = 0x0000;
405 sd_set_ocr(sd);
406 sd_set_scr(sd);
407 sd_set_cid(sd);
408 sd_set_csd(sd, size);
409 sd_set_cardstatus(sd);
410 sd_set_sdstatus(sd);
411
412 sd->bdrv = bdrv;
413
414 if (sd->wp_groups)
415 g_free(sd->wp_groups);
416 sd->wp_switch = bdrv ? bdrv_is_read_only(bdrv) : 0;
417 sd->wp_groups = (int *) g_malloc0(sizeof(int) * sect);
418 memset(sd->function_group, 0, sizeof(int) * 6);
419 sd->erase_start = 0;
420 sd->erase_end = 0;
421 sd->size = size;
422 sd->blk_len = 0x200;
423 sd->pwd_len = 0;
424 }
425
426 static void sd_cardchange(void *opaque, bool load)
427 {
428 SDState *sd = opaque;
429
430 qemu_set_irq(sd->inserted_cb, bdrv_is_inserted(sd->bdrv));
431 if (bdrv_is_inserted(sd->bdrv)) {
432 sd_reset(sd, sd->bdrv);
433 qemu_set_irq(sd->readonly_cb, sd->wp_switch);
434 }
435 }
436
437 static const BlockDevOps sd_block_ops = {
438 .change_media_cb = sd_cardchange,
439 };
440
441 /* We do not model the chip select pin, so allow the board to select
442 whether card should be in SSI or MMC/SD mode. It is also up to the
443 board to ensure that ssi transfers only occur when the chip select
444 is asserted. */
445 SDState *sd_init(BlockDriverState *bs, int is_spi)
446 {
447 SDState *sd;
448
449 sd = (SDState *) g_malloc0(sizeof(SDState));
450 sd->buf = qemu_blockalign(bs, 512);
451 sd->spi = is_spi;
452 sd->enable = 1;
453 sd_reset(sd, bs);
454 if (sd->bdrv) {
455 bdrv_attach_dev_nofail(sd->bdrv, sd);
456 bdrv_set_dev_ops(sd->bdrv, &sd_block_ops, sd);
457 }
458 return sd;
459 }
460
461 void sd_set_cb(SDState *sd, qemu_irq readonly, qemu_irq insert)
462 {
463 sd->readonly_cb = readonly;
464 sd->inserted_cb = insert;
465 qemu_set_irq(readonly, sd->bdrv ? bdrv_is_read_only(sd->bdrv) : 0);
466 qemu_set_irq(insert, sd->bdrv ? bdrv_is_inserted(sd->bdrv) : 0);
467 }
468
469 static void sd_erase(SDState *sd)
470 {
471 int i, start, end;
472 if (!sd->erase_start || !sd->erase_end) {
473 sd->card_status |= ERASE_SEQ_ERROR;
474 return;
475 }
476
477 start = sd->erase_start >>
478 (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT);
479 end = sd->erase_end >>
480 (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT);
481 sd->erase_start = 0;
482 sd->erase_end = 0;
483 sd->csd[14] |= 0x40;
484
485 for (i = start; i <= end; i ++)
486 if (sd->wp_groups[i])
487 sd->card_status |= WP_ERASE_SKIP;
488 }
489
490 static uint32_t sd_wpbits(SDState *sd, uint64_t addr)
491 {
492 uint32_t i, wpnum;
493 uint32_t ret = 0;
494
495 wpnum = addr >> (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT);
496
497 for (i = 0; i < 32; i ++, wpnum ++, addr += WPGROUP_SIZE)
498 if (addr < sd->size && sd->wp_groups[wpnum])
499 ret |= (1 << i);
500
501 return ret;
502 }
503
504 static void sd_function_switch(SDState *sd, uint32_t arg)
505 {
506 int i, mode, new_func, crc;
507 mode = !!(arg & 0x80000000);
508
509 sd->data[0] = 0x00; /* Maximum current consumption */
510 sd->data[1] = 0x01;
511 sd->data[2] = 0x80; /* Supported group 6 functions */
512 sd->data[3] = 0x01;
513 sd->data[4] = 0x80; /* Supported group 5 functions */
514 sd->data[5] = 0x01;
515 sd->data[6] = 0x80; /* Supported group 4 functions */
516 sd->data[7] = 0x01;
517 sd->data[8] = 0x80; /* Supported group 3 functions */
518 sd->data[9] = 0x01;
519 sd->data[10] = 0x80; /* Supported group 2 functions */
520 sd->data[11] = 0x43;
521 sd->data[12] = 0x80; /* Supported group 1 functions */
522 sd->data[13] = 0x03;
523 for (i = 0; i < 6; i ++) {
524 new_func = (arg >> (i * 4)) & 0x0f;
525 if (mode && new_func != 0x0f)
526 sd->function_group[i] = new_func;
527 sd->data[14 + (i >> 1)] = new_func << ((i * 4) & 4);
528 }
529 memset(&sd->data[17], 0, 47);
530 crc = sd_crc16(sd->data, 64);
531 sd->data[65] = crc >> 8;
532 sd->data[66] = crc & 0xff;
533 }
534
535 static inline int sd_wp_addr(SDState *sd, uint32_t addr)
536 {
537 return sd->wp_groups[addr >>
538 (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT)];
539 }
540
541 static void sd_lock_command(SDState *sd)
542 {
543 int erase, lock, clr_pwd, set_pwd, pwd_len;
544 erase = !!(sd->data[0] & 0x08);
545 lock = sd->data[0] & 0x04;
546 clr_pwd = sd->data[0] & 0x02;
547 set_pwd = sd->data[0] & 0x01;
548
549 if (sd->blk_len > 1)
550 pwd_len = sd->data[1];
551 else
552 pwd_len = 0;
553
554 if (erase) {
555 if (!(sd->card_status & CARD_IS_LOCKED) || sd->blk_len > 1 ||
556 set_pwd || clr_pwd || lock || sd->wp_switch ||
557 (sd->csd[14] & 0x20)) {
558 sd->card_status |= LOCK_UNLOCK_FAILED;
559 return;
560 }
561 memset(sd->wp_groups, 0, sizeof(int) * (sd->size >>
562 (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT)));
563 sd->csd[14] &= ~0x10;
564 sd->card_status &= ~CARD_IS_LOCKED;
565 sd->pwd_len = 0;
566 /* Erasing the entire card here! */
567 fprintf(stderr, "SD: Card force-erased by CMD42\n");
568 return;
569 }
570
571 if (sd->blk_len < 2 + pwd_len ||
572 pwd_len <= sd->pwd_len ||
573 pwd_len > sd->pwd_len + 16) {
574 sd->card_status |= LOCK_UNLOCK_FAILED;
575 return;
576 }
577
578 if (sd->pwd_len && memcmp(sd->pwd, sd->data + 2, sd->pwd_len)) {
579 sd->card_status |= LOCK_UNLOCK_FAILED;
580 return;
581 }
582
583 pwd_len -= sd->pwd_len;
584 if ((pwd_len && !set_pwd) ||
585 (clr_pwd && (set_pwd || lock)) ||
586 (lock && !sd->pwd_len && !set_pwd) ||
587 (!set_pwd && !clr_pwd &&
588 (((sd->card_status & CARD_IS_LOCKED) && lock) ||
589 (!(sd->card_status & CARD_IS_LOCKED) && !lock)))) {
590 sd->card_status |= LOCK_UNLOCK_FAILED;
591 return;
592 }
593
594 if (set_pwd) {
595 memcpy(sd->pwd, sd->data + 2 + sd->pwd_len, pwd_len);
596 sd->pwd_len = pwd_len;
597 }
598
599 if (clr_pwd) {
600 sd->pwd_len = 0;
601 }
602
603 if (lock)
604 sd->card_status |= CARD_IS_LOCKED;
605 else
606 sd->card_status &= ~CARD_IS_LOCKED;
607 }
608
609 static sd_rsp_type_t sd_normal_command(SDState *sd,
610 SDRequest req)
611 {
612 uint32_t rca = 0x0000;
613 uint64_t addr = (sd->ocr & (1 << 30)) ? (uint64_t) req.arg << 9 : req.arg;
614
615 /* Not interpreting this as an app command */
616 sd->card_status &= ~APP_CMD;
617
618 if (sd_cmd_type[req.cmd] == sd_ac || sd_cmd_type[req.cmd] == sd_adtc)
619 rca = req.arg >> 16;
620
621 DPRINTF("CMD%d 0x%08x state %d\n", req.cmd, req.arg, sd->state);
622 switch (req.cmd) {
623 /* Basic commands (Class 0 and Class 1) */
624 case 0: /* CMD0: GO_IDLE_STATE */
625 switch (sd->state) {
626 case sd_inactive_state:
627 return sd->spi ? sd_r1 : sd_r0;
628
629 default:
630 sd->state = sd_idle_state;
631 sd_reset(sd, sd->bdrv);
632 return sd->spi ? sd_r1 : sd_r0;
633 }
634 break;
635
636 case 1: /* CMD1: SEND_OP_CMD */
637 if (!sd->spi)
638 goto bad_cmd;
639
640 sd->state = sd_transfer_state;
641 return sd_r1;
642
643 case 2: /* CMD2: ALL_SEND_CID */
644 if (sd->spi)
645 goto bad_cmd;
646 switch (sd->state) {
647 case sd_ready_state:
648 sd->state = sd_identification_state;
649 return sd_r2_i;
650
651 default:
652 break;
653 }
654 break;
655
656 case 3: /* CMD3: SEND_RELATIVE_ADDR */
657 if (sd->spi)
658 goto bad_cmd;
659 switch (sd->state) {
660 case sd_identification_state:
661 case sd_standby_state:
662 sd->state = sd_standby_state;
663 sd_set_rca(sd);
664 return sd_r6;
665
666 default:
667 break;
668 }
669 break;
670
671 case 4: /* CMD4: SEND_DSR */
672 if (sd->spi)
673 goto bad_cmd;
674 switch (sd->state) {
675 case sd_standby_state:
676 break;
677
678 default:
679 break;
680 }
681 break;
682
683 case 5: /* CMD5: reserved for SDIO cards */
684 return sd_illegal;
685
686 case 6: /* CMD6: SWITCH_FUNCTION */
687 if (sd->spi)
688 goto bad_cmd;
689 switch (sd->mode) {
690 case sd_data_transfer_mode:
691 sd_function_switch(sd, req.arg);
692 sd->state = sd_sendingdata_state;
693 sd->data_start = 0;
694 sd->data_offset = 0;
695 return sd_r1;
696
697 default:
698 break;
699 }
700 break;
701
702 case 7: /* CMD7: SELECT/DESELECT_CARD */
703 if (sd->spi)
704 goto bad_cmd;
705 switch (sd->state) {
706 case sd_standby_state:
707 if (sd->rca != rca)
708 return sd_r0;
709
710 sd->state = sd_transfer_state;
711 return sd_r1b;
712
713 case sd_transfer_state:
714 case sd_sendingdata_state:
715 if (sd->rca == rca)
716 break;
717
718 sd->state = sd_standby_state;
719 return sd_r1b;
720
721 case sd_disconnect_state:
722 if (sd->rca != rca)
723 return sd_r0;
724
725 sd->state = sd_programming_state;
726 return sd_r1b;
727
728 case sd_programming_state:
729 if (sd->rca == rca)
730 break;
731
732 sd->state = sd_disconnect_state;
733 return sd_r1b;
734
735 default:
736 break;
737 }
738 break;
739
740 case 8: /* CMD8: SEND_IF_COND */
741 /* Physical Layer Specification Version 2.00 command */
742 switch (sd->state) {
743 case sd_idle_state:
744 sd->vhs = 0;
745
746 /* No response if not exactly one VHS bit is set. */
747 if (!(req.arg >> 8) || (req.arg >> ffs(req.arg & ~0xff)))
748 return sd->spi ? sd_r7 : sd_r0;
749
750 /* Accept. */
751 sd->vhs = req.arg;
752 return sd_r7;
753
754 default:
755 break;
756 }
757 break;
758
759 case 9: /* CMD9: SEND_CSD */
760 switch (sd->state) {
761 case sd_standby_state:
762 if (sd->rca != rca)
763 return sd_r0;
764
765 return sd_r2_s;
766
767 case sd_transfer_state:
768 if (!sd->spi)
769 break;
770 sd->state = sd_sendingdata_state;
771 memcpy(sd->data, sd->csd, 16);
772 sd->data_start = addr;
773 sd->data_offset = 0;
774 return sd_r1;
775
776 default:
777 break;
778 }
779 break;
780
781 case 10: /* CMD10: SEND_CID */
782 switch (sd->state) {
783 case sd_standby_state:
784 if (sd->rca != rca)
785 return sd_r0;
786
787 return sd_r2_i;
788
789 case sd_transfer_state:
790 if (!sd->spi)
791 break;
792 sd->state = sd_sendingdata_state;
793 memcpy(sd->data, sd->cid, 16);
794 sd->data_start = addr;
795 sd->data_offset = 0;
796 return sd_r1;
797
798 default:
799 break;
800 }
801 break;
802
803 case 11: /* CMD11: READ_DAT_UNTIL_STOP */
804 if (sd->spi)
805 goto bad_cmd;
806 switch (sd->state) {
807 case sd_transfer_state:
808 sd->state = sd_sendingdata_state;
809 sd->data_start = req.arg;
810 sd->data_offset = 0;
811
812 if (sd->data_start + sd->blk_len > sd->size)
813 sd->card_status |= ADDRESS_ERROR;
814 return sd_r0;
815
816 default:
817 break;
818 }
819 break;
820
821 case 12: /* CMD12: STOP_TRANSMISSION */
822 switch (sd->state) {
823 case sd_sendingdata_state:
824 sd->state = sd_transfer_state;
825 return sd_r1b;
826
827 case sd_receivingdata_state:
828 sd->state = sd_programming_state;
829 /* Bzzzzzzztt .... Operation complete. */
830 sd->state = sd_transfer_state;
831 return sd_r1b;
832
833 default:
834 break;
835 }
836 break;
837
838 case 13: /* CMD13: SEND_STATUS */
839 switch (sd->mode) {
840 case sd_data_transfer_mode:
841 if (sd->rca != rca)
842 return sd_r0;
843
844 return sd_r1;
845
846 default:
847 break;
848 }
849 break;
850
851 case 15: /* CMD15: GO_INACTIVE_STATE */
852 if (sd->spi)
853 goto bad_cmd;
854 switch (sd->mode) {
855 case sd_data_transfer_mode:
856 if (sd->rca != rca)
857 return sd_r0;
858
859 sd->state = sd_inactive_state;
860 return sd_r0;
861
862 default:
863 break;
864 }
865 break;
866
867 /* Block read commands (Classs 2) */
868 case 16: /* CMD16: SET_BLOCKLEN */
869 switch (sd->state) {
870 case sd_transfer_state:
871 if (req.arg > (1 << HWBLOCK_SHIFT))
872 sd->card_status |= BLOCK_LEN_ERROR;
873 else
874 sd->blk_len = req.arg;
875
876 return sd_r1;
877
878 default:
879 break;
880 }
881 break;
882
883 case 17: /* CMD17: READ_SINGLE_BLOCK */
884 switch (sd->state) {
885 case sd_transfer_state:
886 sd->state = sd_sendingdata_state;
887 sd->data_start = addr;
888 sd->data_offset = 0;
889
890 if (sd->data_start + sd->blk_len > sd->size)
891 sd->card_status |= ADDRESS_ERROR;
892 return sd_r1;
893
894 default:
895 break;
896 }
897 break;
898
899 case 18: /* CMD18: READ_MULTIPLE_BLOCK */
900 switch (sd->state) {
901 case sd_transfer_state:
902 sd->state = sd_sendingdata_state;
903 sd->data_start = addr;
904 sd->data_offset = 0;
905
906 if (sd->data_start + sd->blk_len > sd->size)
907 sd->card_status |= ADDRESS_ERROR;
908 return sd_r1;
909
910 default:
911 break;
912 }
913 break;
914
915 /* Block write commands (Class 4) */
916 case 24: /* CMD24: WRITE_SINGLE_BLOCK */
917 if (sd->spi)
918 goto unimplemented_cmd;
919 switch (sd->state) {
920 case sd_transfer_state:
921 /* Writing in SPI mode not implemented. */
922 if (sd->spi)
923 break;
924 sd->state = sd_receivingdata_state;
925 sd->data_start = addr;
926 sd->data_offset = 0;
927 sd->blk_written = 0;
928
929 if (sd->data_start + sd->blk_len > sd->size)
930 sd->card_status |= ADDRESS_ERROR;
931 if (sd_wp_addr(sd, sd->data_start))
932 sd->card_status |= WP_VIOLATION;
933 if (sd->csd[14] & 0x30)
934 sd->card_status |= WP_VIOLATION;
935 return sd_r1;
936
937 default:
938 break;
939 }
940 break;
941
942 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
943 if (sd->spi)
944 goto unimplemented_cmd;
945 switch (sd->state) {
946 case sd_transfer_state:
947 /* Writing in SPI mode not implemented. */
948 if (sd->spi)
949 break;
950 sd->state = sd_receivingdata_state;
951 sd->data_start = addr;
952 sd->data_offset = 0;
953 sd->blk_written = 0;
954
955 if (sd->data_start + sd->blk_len > sd->size)
956 sd->card_status |= ADDRESS_ERROR;
957 if (sd_wp_addr(sd, sd->data_start))
958 sd->card_status |= WP_VIOLATION;
959 if (sd->csd[14] & 0x30)
960 sd->card_status |= WP_VIOLATION;
961 return sd_r1;
962
963 default:
964 break;
965 }
966 break;
967
968 case 26: /* CMD26: PROGRAM_CID */
969 if (sd->spi)
970 goto bad_cmd;
971 switch (sd->state) {
972 case sd_transfer_state:
973 sd->state = sd_receivingdata_state;
974 sd->data_start = 0;
975 sd->data_offset = 0;
976 return sd_r1;
977
978 default:
979 break;
980 }
981 break;
982
983 case 27: /* CMD27: PROGRAM_CSD */
984 if (sd->spi)
985 goto unimplemented_cmd;
986 switch (sd->state) {
987 case sd_transfer_state:
988 sd->state = sd_receivingdata_state;
989 sd->data_start = 0;
990 sd->data_offset = 0;
991 return sd_r1;
992
993 default:
994 break;
995 }
996 break;
997
998 /* Write protection (Class 6) */
999 case 28: /* CMD28: SET_WRITE_PROT */
1000 switch (sd->state) {
1001 case sd_transfer_state:
1002 if (addr >= sd->size) {
1003 sd->card_status |= ADDRESS_ERROR;
1004 return sd_r1b;
1005 }
1006
1007 sd->state = sd_programming_state;
1008 sd->wp_groups[addr >> (HWBLOCK_SHIFT +
1009 SECTOR_SHIFT + WPGROUP_SHIFT)] = 1;
1010 /* Bzzzzzzztt .... Operation complete. */
1011 sd->state = sd_transfer_state;
1012 return sd_r1b;
1013
1014 default:
1015 break;
1016 }
1017 break;
1018
1019 case 29: /* CMD29: CLR_WRITE_PROT */
1020 switch (sd->state) {
1021 case sd_transfer_state:
1022 if (addr >= sd->size) {
1023 sd->card_status |= ADDRESS_ERROR;
1024 return sd_r1b;
1025 }
1026
1027 sd->state = sd_programming_state;
1028 sd->wp_groups[addr >> (HWBLOCK_SHIFT +
1029 SECTOR_SHIFT + WPGROUP_SHIFT)] = 0;
1030 /* Bzzzzzzztt .... Operation complete. */
1031 sd->state = sd_transfer_state;
1032 return sd_r1b;
1033
1034 default:
1035 break;
1036 }
1037 break;
1038
1039 case 30: /* CMD30: SEND_WRITE_PROT */
1040 switch (sd->state) {
1041 case sd_transfer_state:
1042 sd->state = sd_sendingdata_state;
1043 *(uint32_t *) sd->data = sd_wpbits(sd, req.arg);
1044 sd->data_start = addr;
1045 sd->data_offset = 0;
1046 return sd_r1b;
1047
1048 default:
1049 break;
1050 }
1051 break;
1052
1053 /* Erase commands (Class 5) */
1054 case 32: /* CMD32: ERASE_WR_BLK_START */
1055 switch (sd->state) {
1056 case sd_transfer_state:
1057 sd->erase_start = req.arg;
1058 return sd_r1;
1059
1060 default:
1061 break;
1062 }
1063 break;
1064
1065 case 33: /* CMD33: ERASE_WR_BLK_END */
1066 switch (sd->state) {
1067 case sd_transfer_state:
1068 sd->erase_end = req.arg;
1069 return sd_r1;
1070
1071 default:
1072 break;
1073 }
1074 break;
1075
1076 case 38: /* CMD38: ERASE */
1077 switch (sd->state) {
1078 case sd_transfer_state:
1079 if (sd->csd[14] & 0x30) {
1080 sd->card_status |= WP_VIOLATION;
1081 return sd_r1b;
1082 }
1083
1084 sd->state = sd_programming_state;
1085 sd_erase(sd);
1086 /* Bzzzzzzztt .... Operation complete. */
1087 sd->state = sd_transfer_state;
1088 return sd_r1b;
1089
1090 default:
1091 break;
1092 }
1093 break;
1094
1095 /* Lock card commands (Class 7) */
1096 case 42: /* CMD42: LOCK_UNLOCK */
1097 if (sd->spi)
1098 goto unimplemented_cmd;
1099 switch (sd->state) {
1100 case sd_transfer_state:
1101 sd->state = sd_receivingdata_state;
1102 sd->data_start = 0;
1103 sd->data_offset = 0;
1104 return sd_r1;
1105
1106 default:
1107 break;
1108 }
1109 break;
1110
1111 case 52:
1112 case 53:
1113 /* CMD52, CMD53: reserved for SDIO cards
1114 * (see the SDIO Simplified Specification V2.0)
1115 * Handle as illegal command but do not complain
1116 * on stderr, as some OSes may use these in their
1117 * probing for presence of an SDIO card.
1118 */
1119 return sd_illegal;
1120
1121 /* Application specific commands (Class 8) */
1122 case 55: /* CMD55: APP_CMD */
1123 if (sd->rca != rca)
1124 return sd_r0;
1125
1126 sd->expecting_acmd = 1;
1127 sd->card_status |= APP_CMD;
1128 return sd_r1;
1129
1130 case 56: /* CMD56: GEN_CMD */
1131 fprintf(stderr, "SD: GEN_CMD 0x%08x\n", req.arg);
1132
1133 switch (sd->state) {
1134 case sd_transfer_state:
1135 sd->data_offset = 0;
1136 if (req.arg & 1)
1137 sd->state = sd_sendingdata_state;
1138 else
1139 sd->state = sd_receivingdata_state;
1140 return sd_r1;
1141
1142 default:
1143 break;
1144 }
1145 break;
1146
1147 default:
1148 bad_cmd:
1149 fprintf(stderr, "SD: Unknown CMD%i\n", req.cmd);
1150 return sd_illegal;
1151
1152 unimplemented_cmd:
1153 /* Commands that are recognised but not yet implemented in SPI mode. */
1154 fprintf(stderr, "SD: CMD%i not implemented in SPI mode\n", req.cmd);
1155 return sd_illegal;
1156 }
1157
1158 fprintf(stderr, "SD: CMD%i in a wrong state\n", req.cmd);
1159 return sd_illegal;
1160 }
1161
1162 static sd_rsp_type_t sd_app_command(SDState *sd,
1163 SDRequest req)
1164 {
1165 DPRINTF("ACMD%d 0x%08x\n", req.cmd, req.arg);
1166 sd->card_status |= APP_CMD;
1167 switch (req.cmd) {
1168 case 6: /* ACMD6: SET_BUS_WIDTH */
1169 switch (sd->state) {
1170 case sd_transfer_state:
1171 sd->sd_status[0] &= 0x3f;
1172 sd->sd_status[0] |= (req.arg & 0x03) << 6;
1173 return sd_r1;
1174
1175 default:
1176 break;
1177 }
1178 break;
1179
1180 case 13: /* ACMD13: SD_STATUS */
1181 switch (sd->state) {
1182 case sd_transfer_state:
1183 sd->state = sd_sendingdata_state;
1184 sd->data_start = 0;
1185 sd->data_offset = 0;
1186 return sd_r1;
1187
1188 default:
1189 break;
1190 }
1191 break;
1192
1193 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
1194 switch (sd->state) {
1195 case sd_transfer_state:
1196 *(uint32_t *) sd->data = sd->blk_written;
1197
1198 sd->state = sd_sendingdata_state;
1199 sd->data_start = 0;
1200 sd->data_offset = 0;
1201 return sd_r1;
1202
1203 default:
1204 break;
1205 }
1206 break;
1207
1208 case 23: /* ACMD23: SET_WR_BLK_ERASE_COUNT */
1209 switch (sd->state) {
1210 case sd_transfer_state:
1211 return sd_r1;
1212
1213 default:
1214 break;
1215 }
1216 break;
1217
1218 case 41: /* ACMD41: SD_APP_OP_COND */
1219 if (sd->spi) {
1220 /* SEND_OP_CMD */
1221 sd->state = sd_transfer_state;
1222 return sd_r1;
1223 }
1224 switch (sd->state) {
1225 case sd_idle_state:
1226 /* We accept any voltage. 10000 V is nothing. */
1227 if (req.arg)
1228 sd->state = sd_ready_state;
1229
1230 return sd_r3;
1231
1232 default:
1233 break;
1234 }
1235 break;
1236
1237 case 42: /* ACMD42: SET_CLR_CARD_DETECT */
1238 switch (sd->state) {
1239 case sd_transfer_state:
1240 /* Bringing in the 50KOhm pull-up resistor... Done. */
1241 return sd_r1;
1242
1243 default:
1244 break;
1245 }
1246 break;
1247
1248 case 51: /* ACMD51: SEND_SCR */
1249 switch (sd->state) {
1250 case sd_transfer_state:
1251 sd->state = sd_sendingdata_state;
1252 sd->data_start = 0;
1253 sd->data_offset = 0;
1254 return sd_r1;
1255
1256 default:
1257 break;
1258 }
1259 break;
1260
1261 default:
1262 /* Fall back to standard commands. */
1263 return sd_normal_command(sd, req);
1264 }
1265
1266 fprintf(stderr, "SD: ACMD%i in a wrong state\n", req.cmd);
1267 return sd_illegal;
1268 }
1269
1270 static int cmd_valid_while_locked(SDState *sd, SDRequest *req)
1271 {
1272 /* Valid commands in locked state:
1273 * basic class (0)
1274 * lock card class (7)
1275 * CMD16
1276 * implicitly, the ACMD prefix CMD55
1277 * ACMD41 and ACMD42
1278 * Anything else provokes an "illegal command" response.
1279 */
1280 if (sd->expecting_acmd) {
1281 return req->cmd == 41 || req->cmd == 42;
1282 }
1283 if (req->cmd == 16 || req->cmd == 55) {
1284 return 1;
1285 }
1286 return sd_cmd_class[req->cmd] == 0 || sd_cmd_class[req->cmd] == 7;
1287 }
1288
1289 int sd_do_command(SDState *sd, SDRequest *req,
1290 uint8_t *response) {
1291 int last_state;
1292 sd_rsp_type_t rtype;
1293 int rsplen;
1294
1295 if (!sd->bdrv || !bdrv_is_inserted(sd->bdrv) || !sd->enable) {
1296 return 0;
1297 }
1298
1299 if (sd_req_crc_validate(req)) {
1300 sd->card_status |= COM_CRC_ERROR;
1301 rtype = sd_illegal;
1302 goto send_response;
1303 }
1304
1305 if (sd->card_status & CARD_IS_LOCKED) {
1306 if (!cmd_valid_while_locked(sd, req)) {
1307 sd->card_status |= ILLEGAL_COMMAND;
1308 sd->expecting_acmd = 0;
1309 fprintf(stderr, "SD: Card is locked\n");
1310 rtype = sd_illegal;
1311 goto send_response;
1312 }
1313 }
1314
1315 last_state = sd->state;
1316 sd_set_mode(sd);
1317
1318 if (sd->expecting_acmd) {
1319 sd->expecting_acmd = 0;
1320 rtype = sd_app_command(sd, *req);
1321 } else {
1322 rtype = sd_normal_command(sd, *req);
1323 }
1324
1325 if (rtype == sd_illegal) {
1326 sd->card_status |= ILLEGAL_COMMAND;
1327 } else {
1328 /* Valid command, we can update the 'state before command' bits.
1329 * (Do this now so they appear in r1 responses.)
1330 */
1331 sd->current_cmd = req->cmd;
1332 sd->card_status &= ~CURRENT_STATE;
1333 sd->card_status |= (last_state << 9);
1334 }
1335
1336 send_response:
1337 switch (rtype) {
1338 case sd_r1:
1339 case sd_r1b:
1340 sd_response_r1_make(sd, response);
1341 rsplen = 4;
1342 break;
1343
1344 case sd_r2_i:
1345 memcpy(response, sd->cid, sizeof(sd->cid));
1346 rsplen = 16;
1347 break;
1348
1349 case sd_r2_s:
1350 memcpy(response, sd->csd, sizeof(sd->csd));
1351 rsplen = 16;
1352 break;
1353
1354 case sd_r3:
1355 sd_response_r3_make(sd, response);
1356 rsplen = 4;
1357 break;
1358
1359 case sd_r6:
1360 sd_response_r6_make(sd, response);
1361 rsplen = 4;
1362 break;
1363
1364 case sd_r7:
1365 sd_response_r7_make(sd, response);
1366 rsplen = 4;
1367 break;
1368
1369 case sd_r0:
1370 case sd_illegal:
1371 default:
1372 rsplen = 0;
1373 break;
1374 }
1375
1376 if (rtype != sd_illegal) {
1377 /* Clear the "clear on valid command" status bits now we've
1378 * sent any response
1379 */
1380 sd->card_status &= ~CARD_STATUS_B;
1381 }
1382
1383 #ifdef DEBUG_SD
1384 if (rsplen) {
1385 int i;
1386 DPRINTF("Response:");
1387 for (i = 0; i < rsplen; i++)
1388 printf(" %02x", response[i]);
1389 printf(" state %d\n", sd->state);
1390 } else {
1391 DPRINTF("No response %d\n", sd->state);
1392 }
1393 #endif
1394
1395 return rsplen;
1396 }
1397
1398 static void sd_blk_read(SDState *sd, uint64_t addr, uint32_t len)
1399 {
1400 uint64_t end = addr + len;
1401
1402 DPRINTF("sd_blk_read: addr = 0x%08llx, len = %d\n",
1403 (unsigned long long) addr, len);
1404 if (!sd->bdrv || bdrv_read(sd->bdrv, addr >> 9, sd->buf, 1) == -1) {
1405 fprintf(stderr, "sd_blk_read: read error on host side\n");
1406 return;
1407 }
1408
1409 if (end > (addr & ~511) + 512) {
1410 memcpy(sd->data, sd->buf + (addr & 511), 512 - (addr & 511));
1411
1412 if (bdrv_read(sd->bdrv, end >> 9, sd->buf, 1) == -1) {
1413 fprintf(stderr, "sd_blk_read: read error on host side\n");
1414 return;
1415 }
1416 memcpy(sd->data + 512 - (addr & 511), sd->buf, end & 511);
1417 } else
1418 memcpy(sd->data, sd->buf + (addr & 511), len);
1419 }
1420
1421 static void sd_blk_write(SDState *sd, uint64_t addr, uint32_t len)
1422 {
1423 uint64_t end = addr + len;
1424
1425 if ((addr & 511) || len < 512)
1426 if (!sd->bdrv || bdrv_read(sd->bdrv, addr >> 9, sd->buf, 1) == -1) {
1427 fprintf(stderr, "sd_blk_write: read error on host side\n");
1428 return;
1429 }
1430
1431 if (end > (addr & ~511) + 512) {
1432 memcpy(sd->buf + (addr & 511), sd->data, 512 - (addr & 511));
1433 if (bdrv_write(sd->bdrv, addr >> 9, sd->buf, 1) == -1) {
1434 fprintf(stderr, "sd_blk_write: write error on host side\n");
1435 return;
1436 }
1437
1438 if (bdrv_read(sd->bdrv, end >> 9, sd->buf, 1) == -1) {
1439 fprintf(stderr, "sd_blk_write: read error on host side\n");
1440 return;
1441 }
1442 memcpy(sd->buf, sd->data + 512 - (addr & 511), end & 511);
1443 if (bdrv_write(sd->bdrv, end >> 9, sd->buf, 1) == -1)
1444 fprintf(stderr, "sd_blk_write: write error on host side\n");
1445 } else {
1446 memcpy(sd->buf + (addr & 511), sd->data, len);
1447 if (!sd->bdrv || bdrv_write(sd->bdrv, addr >> 9, sd->buf, 1) == -1)
1448 fprintf(stderr, "sd_blk_write: write error on host side\n");
1449 }
1450 }
1451
1452 #define BLK_READ_BLOCK(a, len) sd_blk_read(sd, a, len)
1453 #define BLK_WRITE_BLOCK(a, len) sd_blk_write(sd, a, len)
1454 #define APP_READ_BLOCK(a, len) memset(sd->data, 0xec, len)
1455 #define APP_WRITE_BLOCK(a, len)
1456
1457 void sd_write_data(SDState *sd, uint8_t value)
1458 {
1459 int i;
1460
1461 if (!sd->bdrv || !bdrv_is_inserted(sd->bdrv) || !sd->enable)
1462 return;
1463
1464 if (sd->state != sd_receivingdata_state) {
1465 fprintf(stderr, "sd_write_data: not in Receiving-Data state\n");
1466 return;
1467 }
1468
1469 if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION))
1470 return;
1471
1472 switch (sd->current_cmd) {
1473 case 24: /* CMD24: WRITE_SINGLE_BLOCK */
1474 sd->data[sd->data_offset ++] = value;
1475 if (sd->data_offset >= sd->blk_len) {
1476 /* TODO: Check CRC before committing */
1477 sd->state = sd_programming_state;
1478 BLK_WRITE_BLOCK(sd->data_start, sd->data_offset);
1479 sd->blk_written ++;
1480 sd->csd[14] |= 0x40;
1481 /* Bzzzzzzztt .... Operation complete. */
1482 sd->state = sd_transfer_state;
1483 }
1484 break;
1485
1486 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
1487 if (sd->data_offset == 0) {
1488 /* Start of the block - lets check the address is valid */
1489 if (sd->data_start + sd->blk_len > sd->size) {
1490 sd->card_status |= ADDRESS_ERROR;
1491 break;
1492 }
1493 if (sd_wp_addr(sd, sd->data_start)) {
1494 sd->card_status |= WP_VIOLATION;
1495 break;
1496 }
1497 }
1498 sd->data[sd->data_offset++] = value;
1499 if (sd->data_offset >= sd->blk_len) {
1500 /* TODO: Check CRC before committing */
1501 sd->state = sd_programming_state;
1502 BLK_WRITE_BLOCK(sd->data_start, sd->data_offset);
1503 sd->blk_written++;
1504 sd->data_start += sd->blk_len;
1505 sd->data_offset = 0;
1506 sd->csd[14] |= 0x40;
1507
1508 /* Bzzzzzzztt .... Operation complete. */
1509 sd->state = sd_receivingdata_state;
1510 }
1511 break;
1512
1513 case 26: /* CMD26: PROGRAM_CID */
1514 sd->data[sd->data_offset ++] = value;
1515 if (sd->data_offset >= sizeof(sd->cid)) {
1516 /* TODO: Check CRC before committing */
1517 sd->state = sd_programming_state;
1518 for (i = 0; i < sizeof(sd->cid); i ++)
1519 if ((sd->cid[i] | 0x00) != sd->data[i])
1520 sd->card_status |= CID_CSD_OVERWRITE;
1521
1522 if (!(sd->card_status & CID_CSD_OVERWRITE))
1523 for (i = 0; i < sizeof(sd->cid); i ++) {
1524 sd->cid[i] |= 0x00;
1525 sd->cid[i] &= sd->data[i];
1526 }
1527 /* Bzzzzzzztt .... Operation complete. */
1528 sd->state = sd_transfer_state;
1529 }
1530 break;
1531
1532 case 27: /* CMD27: PROGRAM_CSD */
1533 sd->data[sd->data_offset ++] = value;
1534 if (sd->data_offset >= sizeof(sd->csd)) {
1535 /* TODO: Check CRC before committing */
1536 sd->state = sd_programming_state;
1537 for (i = 0; i < sizeof(sd->csd); i ++)
1538 if ((sd->csd[i] | sd_csd_rw_mask[i]) !=
1539 (sd->data[i] | sd_csd_rw_mask[i]))
1540 sd->card_status |= CID_CSD_OVERWRITE;
1541
1542 /* Copy flag (OTP) & Permanent write protect */
1543 if (sd->csd[14] & ~sd->data[14] & 0x60)
1544 sd->card_status |= CID_CSD_OVERWRITE;
1545
1546 if (!(sd->card_status & CID_CSD_OVERWRITE))
1547 for (i = 0; i < sizeof(sd->csd); i ++) {
1548 sd->csd[i] |= sd_csd_rw_mask[i];
1549 sd->csd[i] &= sd->data[i];
1550 }
1551 /* Bzzzzzzztt .... Operation complete. */
1552 sd->state = sd_transfer_state;
1553 }
1554 break;
1555
1556 case 42: /* CMD42: LOCK_UNLOCK */
1557 sd->data[sd->data_offset ++] = value;
1558 if (sd->data_offset >= sd->blk_len) {
1559 /* TODO: Check CRC before committing */
1560 sd->state = sd_programming_state;
1561 sd_lock_command(sd);
1562 /* Bzzzzzzztt .... Operation complete. */
1563 sd->state = sd_transfer_state;
1564 }
1565 break;
1566
1567 case 56: /* CMD56: GEN_CMD */
1568 sd->data[sd->data_offset ++] = value;
1569 if (sd->data_offset >= sd->blk_len) {
1570 APP_WRITE_BLOCK(sd->data_start, sd->data_offset);
1571 sd->state = sd_transfer_state;
1572 }
1573 break;
1574
1575 default:
1576 fprintf(stderr, "sd_write_data: unknown command\n");
1577 break;
1578 }
1579 }
1580
1581 uint8_t sd_read_data(SDState *sd)
1582 {
1583 /* TODO: Append CRCs */
1584 uint8_t ret;
1585 int io_len;
1586
1587 if (!sd->bdrv || !bdrv_is_inserted(sd->bdrv) || !sd->enable)
1588 return 0x00;
1589
1590 if (sd->state != sd_sendingdata_state) {
1591 fprintf(stderr, "sd_read_data: not in Sending-Data state\n");
1592 return 0x00;
1593 }
1594
1595 if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION))
1596 return 0x00;
1597
1598 io_len = (sd->ocr & (1 << 30)) ? 512 : sd->blk_len;
1599
1600 switch (sd->current_cmd) {
1601 case 6: /* CMD6: SWITCH_FUNCTION */
1602 ret = sd->data[sd->data_offset ++];
1603
1604 if (sd->data_offset >= 64)
1605 sd->state = sd_transfer_state;
1606 break;
1607
1608 case 9: /* CMD9: SEND_CSD */
1609 case 10: /* CMD10: SEND_CID */
1610 ret = sd->data[sd->data_offset ++];
1611
1612 if (sd->data_offset >= 16)
1613 sd->state = sd_transfer_state;
1614 break;
1615
1616 case 11: /* CMD11: READ_DAT_UNTIL_STOP */
1617 if (sd->data_offset == 0)
1618 BLK_READ_BLOCK(sd->data_start, io_len);
1619 ret = sd->data[sd->data_offset ++];
1620
1621 if (sd->data_offset >= io_len) {
1622 sd->data_start += io_len;
1623 sd->data_offset = 0;
1624 if (sd->data_start + io_len > sd->size) {
1625 sd->card_status |= ADDRESS_ERROR;
1626 break;
1627 }
1628 }
1629 break;
1630
1631 case 13: /* ACMD13: SD_STATUS */
1632 ret = sd->sd_status[sd->data_offset ++];
1633
1634 if (sd->data_offset >= sizeof(sd->sd_status))
1635 sd->state = sd_transfer_state;
1636 break;
1637
1638 case 17: /* CMD17: READ_SINGLE_BLOCK */
1639 if (sd->data_offset == 0)
1640 BLK_READ_BLOCK(sd->data_start, io_len);
1641 ret = sd->data[sd->data_offset ++];
1642
1643 if (sd->data_offset >= io_len)
1644 sd->state = sd_transfer_state;
1645 break;
1646
1647 case 18: /* CMD18: READ_MULTIPLE_BLOCK */
1648 if (sd->data_offset == 0)
1649 BLK_READ_BLOCK(sd->data_start, io_len);
1650 ret = sd->data[sd->data_offset ++];
1651
1652 if (sd->data_offset >= io_len) {
1653 sd->data_start += io_len;
1654 sd->data_offset = 0;
1655 if (sd->data_start + io_len > sd->size) {
1656 sd->card_status |= ADDRESS_ERROR;
1657 break;
1658 }
1659 }
1660 break;
1661
1662 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
1663 ret = sd->data[sd->data_offset ++];
1664
1665 if (sd->data_offset >= 4)
1666 sd->state = sd_transfer_state;
1667 break;
1668
1669 case 30: /* CMD30: SEND_WRITE_PROT */
1670 ret = sd->data[sd->data_offset ++];
1671
1672 if (sd->data_offset >= 4)
1673 sd->state = sd_transfer_state;
1674 break;
1675
1676 case 51: /* ACMD51: SEND_SCR */
1677 ret = sd->scr[sd->data_offset ++];
1678
1679 if (sd->data_offset >= sizeof(sd->scr))
1680 sd->state = sd_transfer_state;
1681 break;
1682
1683 case 56: /* CMD56: GEN_CMD */
1684 if (sd->data_offset == 0)
1685 APP_READ_BLOCK(sd->data_start, sd->blk_len);
1686 ret = sd->data[sd->data_offset ++];
1687
1688 if (sd->data_offset >= sd->blk_len)
1689 sd->state = sd_transfer_state;
1690 break;
1691
1692 default:
1693 fprintf(stderr, "sd_read_data: unknown command\n");
1694 return 0x00;
1695 }
1696
1697 return ret;
1698 }
1699
1700 int sd_data_ready(SDState *sd)
1701 {
1702 return sd->state == sd_sendingdata_state;
1703 }
1704
1705 void sd_enable(SDState *sd, int enable)
1706 {
1707 sd->enable = enable;
1708 }
QEMU mirror