#include "hw.h"
#include "block.h"
-#include "block_int.h"
#include "sd.h"
//#define DEBUG_SD 1
sd_r6 = 6, /* Published RCA response */
sd_r7, /* Operating voltage */
sd_r1b = -1,
+ sd_illegal = -2,
} sd_rsp_type_t;
struct SDState {
int spi;
int current_cmd;
+ /* True if we will handle the next command as an ACMD. Note that this does
+ * *not* track the APP_CMD status bit!
+ */
+ int expecting_acmd;
int blk_written;
uint64_t data_start;
uint32_t data_offset;
int enable;
};
-static void sd_set_status(SDState *sd)
+static void sd_set_mode(SDState *sd)
{
switch (sd->state) {
case sd_inactive_state:
sd->mode = sd_data_transfer_mode;
break;
}
-
- sd->card_status &= ~CURRENT_STATE;
- sd->card_status |= sd->state << 9;
}
static const sd_cmd_type_t sd_cmd_type[64] = {
sd->rca += 0x4567;
}
+/* Card status bits, split by clear condition:
+ * A : According to the card current state
+ * B : Always related to the previous command
+ * C : Cleared by read
+ */
#define CARD_STATUS_A 0x02004100
#define CARD_STATUS_B 0x00c01e00
#define CARD_STATUS_C 0xfd39a028
return sd_crc7(buffer, 5) != req->crc; /* TODO */
}
-static void sd_response_r1_make(SDState *sd,
- uint8_t *response, uint32_t last_status)
+static void sd_response_r1_make(SDState *sd, uint8_t *response)
{
- uint32_t mask = CARD_STATUS_B ^ ILLEGAL_COMMAND;
- uint32_t status;
-
- status = (sd->card_status & ~mask) | (last_status & mask);
- sd->card_status &= ~CARD_STATUS_C | APP_CMD;
+ uint32_t status = sd->card_status;
+ /* Clear the "clear on read" status bits */
+ sd->card_status &= ~CARD_STATUS_C;
response[0] = (status >> 24) & 0xff;
response[1] = (status >> 16) & 0xff;
status = ((sd->card_status >> 8) & 0xc000) |
((sd->card_status >> 6) & 0x2000) |
(sd->card_status & 0x1fff);
+ sd->card_status &= ~(CARD_STATUS_C & 0xc81fff);
response[0] = (arg >> 8) & 0xff;
response[1] = arg & 0xff;
} else {
sect = 0;
}
- sect <<= 9;
-
- size = sect + 1;
+ size = sect << 9;
sect = (size >> (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT)) + 1;
sd->bdrv = bdrv;
if (sd->wp_groups)
- qemu_free(sd->wp_groups);
+ g_free(sd->wp_groups);
sd->wp_switch = bdrv ? bdrv_is_read_only(bdrv) : 0;
- sd->wp_groups = (int *) qemu_mallocz(sizeof(int) * sect);
+ sd->wp_groups = (int *) g_malloc0(sizeof(int) * sect);
memset(sd->function_group, 0, sizeof(int) * 6);
sd->erase_start = 0;
sd->erase_end = 0;
sd->size = size;
sd->blk_len = 0x200;
sd->pwd_len = 0;
+ sd->expecting_acmd = 0;
}
-static void sd_cardchange(void *opaque, int reason)
+static void sd_cardchange(void *opaque, bool load)
{
SDState *sd = opaque;
- if (!(reason & CHANGE_MEDIA)) {
- return;
- }
-
qemu_set_irq(sd->inserted_cb, bdrv_is_inserted(sd->bdrv));
if (bdrv_is_inserted(sd->bdrv)) {
sd_reset(sd, sd->bdrv);
}
}
+static const BlockDevOps sd_block_ops = {
+ .change_media_cb = sd_cardchange,
+};
+
/* We do not model the chip select pin, so allow the board to select
whether card should be in SSI or MMC/SD mode. It is also up to the
board to ensure that ssi transfers only occur when the chip select
{
SDState *sd;
- sd = (SDState *) qemu_mallocz(sizeof(SDState));
+ sd = (SDState *) g_malloc0(sizeof(SDState));
sd->buf = qemu_blockalign(bs, 512);
sd->spi = is_spi;
sd->enable = 1;
sd_reset(sd, bs);
if (sd->bdrv) {
- bdrv_set_change_cb(sd->bdrv, sd_cardchange, sd);
+ bdrv_attach_dev_nofail(sd->bdrv, sd);
+ bdrv_set_dev_ops(sd->bdrv, &sd_block_ops, sd);
}
return sd;
}
uint32_t rca = 0x0000;
uint64_t addr = (sd->ocr & (1 << 30)) ? (uint64_t) req.arg << 9 : req.arg;
+ /* Not interpreting this as an app command */
+ sd->card_status &= ~APP_CMD;
+
if (sd_cmd_type[req.cmd] == sd_ac || sd_cmd_type[req.cmd] == sd_adtc)
rca = req.arg >> 16;
break;
case 5: /* CMD5: reserved for SDIO cards */
- sd->card_status |= ILLEGAL_COMMAND;
- return sd_r0;
+ return sd_illegal;
case 6: /* CMD6: SWITCH_FUNCTION */
if (sd->spi)
switch (sd->state) {
case sd_transfer_state:
if (addr >= sd->size) {
- sd->card_status = ADDRESS_ERROR;
+ sd->card_status |= ADDRESS_ERROR;
return sd_r1b;
}
switch (sd->state) {
case sd_transfer_state:
if (addr >= sd->size) {
- sd->card_status = ADDRESS_ERROR;
+ sd->card_status |= ADDRESS_ERROR;
return sd_r1b;
}
* on stderr, as some OSes may use these in their
* probing for presence of an SDIO card.
*/
- sd->card_status |= ILLEGAL_COMMAND;
- return sd_r0;
+ return sd_illegal;
/* Application specific commands (Class 8) */
case 55: /* CMD55: APP_CMD */
if (sd->rca != rca)
return sd_r0;
+ sd->expecting_acmd = 1;
sd->card_status |= APP_CMD;
return sd_r1;
default:
bad_cmd:
- sd->card_status |= ILLEGAL_COMMAND;
-
fprintf(stderr, "SD: Unknown CMD%i\n", req.cmd);
- return sd_r0;
+ return sd_illegal;
unimplemented_cmd:
/* Commands that are recognised but not yet implemented in SPI mode. */
- sd->card_status |= ILLEGAL_COMMAND;
fprintf(stderr, "SD: CMD%i not implemented in SPI mode\n", req.cmd);
- return sd_r0;
+ return sd_illegal;
}
- sd->card_status |= ILLEGAL_COMMAND;
fprintf(stderr, "SD: CMD%i in a wrong state\n", req.cmd);
- return sd_r0;
+ return sd_illegal;
}
static sd_rsp_type_t sd_app_command(SDState *sd,
SDRequest req)
{
DPRINTF("ACMD%d 0x%08x\n", req.cmd, req.arg);
+ sd->card_status |= APP_CMD;
switch (req.cmd) {
case 6: /* ACMD6: SET_BUS_WIDTH */
switch (sd->state) {
default:
/* Fall back to standard commands. */
- sd->card_status &= ~APP_CMD;
return sd_normal_command(sd, req);
}
fprintf(stderr, "SD: ACMD%i in a wrong state\n", req.cmd);
- return sd_r0;
+ return sd_illegal;
+}
+
+static int cmd_valid_while_locked(SDState *sd, SDRequest *req)
+{
+ /* Valid commands in locked state:
+ * basic class (0)
+ * lock card class (7)
+ * CMD16
+ * implicitly, the ACMD prefix CMD55
+ * ACMD41 and ACMD42
+ * Anything else provokes an "illegal command" response.
+ */
+ if (sd->expecting_acmd) {
+ return req->cmd == 41 || req->cmd == 42;
+ }
+ if (req->cmd == 16 || req->cmd == 55) {
+ return 1;
+ }
+ return sd_cmd_class[req->cmd] == 0 || sd_cmd_class[req->cmd] == 7;
}
int sd_do_command(SDState *sd, SDRequest *req,
uint8_t *response) {
- uint32_t last_status = sd->card_status;
+ int last_state;
sd_rsp_type_t rtype;
int rsplen;
}
if (sd_req_crc_validate(req)) {
- sd->card_status &= ~COM_CRC_ERROR;
- return 0;
+ sd->card_status |= COM_CRC_ERROR;
+ rtype = sd_illegal;
+ goto send_response;
}
- sd->card_status &= ~CARD_STATUS_B;
- sd_set_status(sd);
-
- if (last_status & CARD_IS_LOCKED)
- if (((last_status & APP_CMD) &&
- req->cmd == 41) ||
- (!(last_status & APP_CMD) &&
- (sd_cmd_class[req->cmd] == 0 ||
- sd_cmd_class[req->cmd] == 7 ||
- req->cmd == 16 || req->cmd == 55))) {
+ if (sd->card_status & CARD_IS_LOCKED) {
+ if (!cmd_valid_while_locked(sd, req)) {
sd->card_status |= ILLEGAL_COMMAND;
+ sd->expecting_acmd = 0;
fprintf(stderr, "SD: Card is locked\n");
- return 0;
+ rtype = sd_illegal;
+ goto send_response;
}
+ }
+
+ last_state = sd->state;
+ sd_set_mode(sd);
- if (last_status & APP_CMD) {
+ if (sd->expecting_acmd) {
+ sd->expecting_acmd = 0;
rtype = sd_app_command(sd, *req);
- sd->card_status &= ~APP_CMD;
- } else
+ } else {
rtype = sd_normal_command(sd, *req);
+ }
- sd->current_cmd = req->cmd;
+ if (rtype == sd_illegal) {
+ sd->card_status |= ILLEGAL_COMMAND;
+ } else {
+ /* Valid command, we can update the 'state before command' bits.
+ * (Do this now so they appear in r1 responses.)
+ */
+ sd->current_cmd = req->cmd;
+ sd->card_status &= ~CURRENT_STATE;
+ sd->card_status |= (last_state << 9);
+ }
+send_response:
switch (rtype) {
case sd_r1:
case sd_r1b:
- sd_response_r1_make(sd, response, last_status);
+ sd_response_r1_make(sd, response);
rsplen = 4;
break;
break;
case sd_r0:
+ case sd_illegal:
default:
rsplen = 0;
break;
}
- if (sd->card_status & ILLEGAL_COMMAND)
- rsplen = 0;
+ if (rtype != sd_illegal) {
+ /* Clear the "clear on valid command" status bits now we've
+ * sent any response
+ */
+ sd->card_status &= ~CARD_STATUS_B;
+ }
#ifdef DEBUG_SD
if (rsplen) {
break;
case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
- sd->data[sd->data_offset ++] = value;
- if (sd->data_offset >= sd->blk_len) {
- /* TODO: Check CRC before committing */
- sd->state = sd_programming_state;
- BLK_WRITE_BLOCK(sd->data_start, sd->data_offset);
- sd->blk_written ++;
- sd->data_start += sd->blk_len;
- sd->data_offset = 0;
+ if (sd->data_offset == 0) {
+ /* Start of the block - lets check the address is valid */
if (sd->data_start + sd->blk_len > sd->size) {
sd->card_status |= ADDRESS_ERROR;
break;
sd->card_status |= WP_VIOLATION;
break;
}
+ }
+ sd->data[sd->data_offset++] = value;
+ if (sd->data_offset >= sd->blk_len) {
+ /* TODO: Check CRC before committing */
+ sd->state = sd_programming_state;
+ BLK_WRITE_BLOCK(sd->data_start, sd->data_offset);
+ sd->blk_written++;
+ sd->data_start += sd->blk_len;
+ sd->data_offset = 0;
sd->csd[14] |= 0x40;
/* Bzzzzzzztt .... Operation complete. */
projects / qemu.git / blobdiff