]> git.proxmox.com Git - qemu.git/blob - hw/sd.c
projects / qemu.git / blob
? search:


c2c80ab7b891efd9af9dfce9efade09666fcd1b4
[qemu.git] / hw / sd.c
1 /*
2 * SD Memory Card emulation as defined in the "SD Memory Card Physical
3 * layer specification, Version 1.10."
4 *
5 * Copyright (c) 2006 Andrzej Zaborowski <balrog@zabor.org>
6 * Copyright (c) 2007 CodeSourcery
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in
16 * the documentation and/or other materials provided with the
17 * distribution.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS''
20 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
21 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
22 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR
23 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
24 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
25 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
26 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
27 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
28 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
29 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
30 */
31
32 #include "hw.h"
33 #include "block.h"
34 #include "block_int.h"
35 #include "sd.h"
36
37 //#define DEBUG_SD 1
38
39 #ifdef DEBUG_SD
40 #define DPRINTF(fmt, ...) \
41 do { fprintf(stderr, "SD: " fmt , ## __VA_ARGS__); } while (0)
42 #else
43 #define DPRINTF(fmt, ...) do {} while(0)
44 #endif
45
46 typedef enum {
47 sd_r0 = 0, /* no response */
48 sd_r1, /* normal response command */
49 sd_r2_i, /* CID register */
50 sd_r2_s, /* CSD register */
51 sd_r3, /* OCR register */
52 sd_r6 = 6, /* Published RCA response */
53 sd_r7, /* Operating voltage */
54 sd_r1b = -1,
55 } sd_rsp_type_t;
56
57 struct SDState {
58 enum {
59 sd_inactive,
60 sd_card_identification_mode,
61 sd_data_transfer_mode,
62 } mode;
63 enum {
64 sd_inactive_state = -1,
65 sd_idle_state = 0,
66 sd_ready_state,
67 sd_identification_state,
68 sd_standby_state,
69 sd_transfer_state,
70 sd_sendingdata_state,
71 sd_receivingdata_state,
72 sd_programming_state,
73 sd_disconnect_state,
74 } state;
75 uint32_t ocr;
76 uint8_t scr[8];
77 uint8_t cid[16];
78 uint8_t csd[16];
79 uint16_t rca;
80 uint32_t card_status;
81 uint8_t sd_status[64];
82 uint32_t vhs;
83 int wp_switch;
84 int *wp_groups;
85 uint64_t size;
86 int blk_len;
87 uint32_t erase_start;
88 uint32_t erase_end;
89 uint8_t pwd[16];
90 int pwd_len;
91 int function_group[6];
92
93 int spi;
94 int current_cmd;
95 int blk_written;
96 uint64_t data_start;
97 uint32_t data_offset;
98 uint8_t data[512];
99 qemu_irq readonly_cb;
100 qemu_irq inserted_cb;
101 BlockDriverState *bdrv;
102 uint8_t *buf;
103
104 int enable;
105 };
106
107 static void sd_set_status(SDState *sd)
108 {
109 switch (sd->state) {
110 case sd_inactive_state:
111 sd->mode = sd_inactive;
112 break;
113
114 case sd_idle_state:
115 case sd_ready_state:
116 case sd_identification_state:
117 sd->mode = sd_card_identification_mode;
118 break;
119
120 case sd_standby_state:
121 case sd_transfer_state:
122 case sd_sendingdata_state:
123 case sd_receivingdata_state:
124 case sd_programming_state:
125 case sd_disconnect_state:
126 sd->mode = sd_data_transfer_mode;
127 break;
128 }
129
130 sd->card_status &= ~CURRENT_STATE;
131 sd->card_status |= sd->state << 9;
132 }
133
134 static const sd_cmd_type_t sd_cmd_type[64] = {
135 sd_bc, sd_none, sd_bcr, sd_bcr, sd_none, sd_none, sd_none, sd_ac,
136 sd_bcr, sd_ac, sd_ac, sd_adtc, sd_ac, sd_ac, sd_none, sd_ac,
137 sd_ac, sd_adtc, sd_adtc, sd_none, sd_none, sd_none, sd_none, sd_none,
138 sd_adtc, sd_adtc, sd_adtc, sd_adtc, sd_ac, sd_ac, sd_adtc, sd_none,
139 sd_ac, sd_ac, sd_none, sd_none, sd_none, sd_none, sd_ac, sd_none,
140 sd_none, sd_none, sd_bc, sd_none, sd_none, sd_none, sd_none, sd_none,
141 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_ac,
142 sd_adtc, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
143 };
144
145 static const sd_cmd_type_t sd_acmd_type[64] = {
146 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_ac, sd_none,
147 sd_none, sd_none, sd_none, sd_none, sd_none, sd_adtc, sd_none, sd_none,
148 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_adtc, sd_ac,
149 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
150 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
151 sd_none, sd_bcr, sd_ac, sd_none, sd_none, sd_none, sd_none, sd_none,
152 sd_none, sd_none, sd_none, sd_adtc, sd_none, sd_none, sd_none, sd_none,
153 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
154 };
155
156 static const int sd_cmd_class[64] = {
157 0, 0, 0, 0, 0, 9, 10, 0, 0, 0, 0, 1, 0, 0, 0, 0,
158 2, 2, 2, 2, 3, 3, 3, 3, 4, 4, 4, 4, 6, 6, 6, 6,
159 5, 5, 10, 10, 10, 10, 5, 9, 9, 9, 7, 7, 7, 7, 7, 7,
160 7, 7, 10, 7, 9, 9, 9, 8, 8, 10, 8, 8, 8, 8, 8, 8,
161 };
162
163 static uint8_t sd_crc7(void *message, size_t width)
164 {
165 int i, bit;
166 uint8_t shift_reg = 0x00;
167 uint8_t *msg = (uint8_t *) message;
168
169 for (i = 0; i < width; i ++, msg ++)
170 for (bit = 7; bit >= 0; bit --) {
171 shift_reg <<= 1;
172 if ((shift_reg >> 7) ^ ((*msg >> bit) & 1))
173 shift_reg ^= 0x89;
174 }
175
176 return shift_reg;
177 }
178
179 static uint16_t sd_crc16(void *message, size_t width)
180 {
181 int i, bit;
182 uint16_t shift_reg = 0x0000;
183 uint16_t *msg = (uint16_t *) message;
184 width <<= 1;
185
186 for (i = 0; i < width; i ++, msg ++)
187 for (bit = 15; bit >= 0; bit --) {
188 shift_reg <<= 1;
189 if ((shift_reg >> 15) ^ ((*msg >> bit) & 1))
190 shift_reg ^= 0x1011;
191 }
192
193 return shift_reg;
194 }
195
196 static void sd_set_ocr(SDState *sd)
197 {
198 /* All voltages OK, card power-up OK, Standard Capacity SD Memory Card */
199 sd->ocr = 0x80ffff00;
200 }
201
202 static void sd_set_scr(SDState *sd)
203 {
204 sd->scr[0] = 0x00; /* SCR Structure */
205 sd->scr[1] = 0x2f; /* SD Security Support */
206 sd->scr[2] = 0x00;
207 sd->scr[3] = 0x00;
208 sd->scr[4] = 0x00;
209 sd->scr[5] = 0x00;
210 sd->scr[6] = 0x00;
211 sd->scr[7] = 0x00;
212 }
213
214 #define MID 0xaa
215 #define OID "XY"
216 #define PNM "QEMU!"
217 #define PRV 0x01
218 #define MDT_YR 2006
219 #define MDT_MON 2
220
221 static void sd_set_cid(SDState *sd)
222 {
223 sd->cid[0] = MID; /* Fake card manufacturer ID (MID) */
224 sd->cid[1] = OID[0]; /* OEM/Application ID (OID) */
225 sd->cid[2] = OID[1];
226 sd->cid[3] = PNM[0]; /* Fake product name (PNM) */
227 sd->cid[4] = PNM[1];
228 sd->cid[5] = PNM[2];
229 sd->cid[6] = PNM[3];
230 sd->cid[7] = PNM[4];
231 sd->cid[8] = PRV; /* Fake product revision (PRV) */
232 sd->cid[9] = 0xde; /* Fake serial number (PSN) */
233 sd->cid[10] = 0xad;
234 sd->cid[11] = 0xbe;
235 sd->cid[12] = 0xef;
236 sd->cid[13] = 0x00 | /* Manufacture date (MDT) */
237 ((MDT_YR - 2000) / 10);
238 sd->cid[14] = ((MDT_YR % 10) << 4) | MDT_MON;
239 sd->cid[15] = (sd_crc7(sd->cid, 15) << 1) | 1;
240 }
241
242 #define HWBLOCK_SHIFT 9 /* 512 bytes */
243 #define SECTOR_SHIFT 5 /* 16 kilobytes */
244 #define WPGROUP_SHIFT 7 /* 2 megs */
245 #define CMULT_SHIFT 9 /* 512 times HWBLOCK_SIZE */
246 #define WPGROUP_SIZE (1 << (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT))
247
248 static const uint8_t sd_csd_rw_mask[16] = {
249 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
250 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xfc, 0xfe,
251 };
252
253 static void sd_set_csd(SDState *sd, uint64_t size)
254 {
255 uint32_t csize = (size >> (CMULT_SHIFT + HWBLOCK_SHIFT)) - 1;
256 uint32_t sectsize = (1 << (SECTOR_SHIFT + 1)) - 1;
257 uint32_t wpsize = (1 << (WPGROUP_SHIFT + 1)) - 1;
258
259 if (size <= 0x40000000) { /* Standard Capacity SD */
260 sd->csd[0] = 0x00; /* CSD structure */
261 sd->csd[1] = 0x26; /* Data read access-time-1 */
262 sd->csd[2] = 0x00; /* Data read access-time-2 */
263 sd->csd[3] = 0x5a; /* Max. data transfer rate */
264 sd->csd[4] = 0x5f; /* Card Command Classes */
265 sd->csd[5] = 0x50 | /* Max. read data block length */
266 HWBLOCK_SHIFT;
267 sd->csd[6] = 0xe0 | /* Partial block for read allowed */
268 ((csize >> 10) & 0x03);
269 sd->csd[7] = 0x00 | /* Device size */
270 ((csize >> 2) & 0xff);
271 sd->csd[8] = 0x3f | /* Max. read current */
272 ((csize << 6) & 0xc0);
273 sd->csd[9] = 0xfc | /* Max. write current */
274 ((CMULT_SHIFT - 2) >> 1);
275 sd->csd[10] = 0x40 | /* Erase sector size */
276 (((CMULT_SHIFT - 2) << 7) & 0x80) | (sectsize >> 1);
277 sd->csd[11] = 0x00 | /* Write protect group size */
278 ((sectsize << 7) & 0x80) | wpsize;
279 sd->csd[12] = 0x90 | /* Write speed factor */
280 (HWBLOCK_SHIFT >> 2);
281 sd->csd[13] = 0x20 | /* Max. write data block length */
282 ((HWBLOCK_SHIFT << 6) & 0xc0);
283 sd->csd[14] = 0x00; /* File format group */
284 sd->csd[15] = (sd_crc7(sd->csd, 15) << 1) | 1;
285 } else { /* SDHC */
286 size /= 512 * 1024;
287 size -= 1;
288 sd->csd[0] = 0x40;
289 sd->csd[1] = 0x0e;
290 sd->csd[2] = 0x00;
291 sd->csd[3] = 0x32;
292 sd->csd[4] = 0x5b;
293 sd->csd[5] = 0x59;
294 sd->csd[6] = 0x00;
295 sd->csd[7] = (size >> 16) & 0xff;
296 sd->csd[8] = (size >> 8) & 0xff;
297 sd->csd[9] = (size & 0xff);
298 sd->csd[10] = 0x7f;
299 sd->csd[11] = 0x80;
300 sd->csd[12] = 0x0a;
301 sd->csd[13] = 0x40;
302 sd->csd[14] = 0x00;
303 sd->csd[15] = 0x00;
304 sd->ocr |= 1 << 30; /* High Capacity SD Memort Card */
305 }
306 }
307
308 static void sd_set_rca(SDState *sd)
309 {
310 sd->rca += 0x4567;
311 }
312
313 #define CARD_STATUS_A 0x02004100
314 #define CARD_STATUS_B 0x00c01e00
315 #define CARD_STATUS_C 0xfd39a028
316
317 static void sd_set_cardstatus(SDState *sd)
318 {
319 sd->card_status = 0x00000100;
320 }
321
322 static void sd_set_sdstatus(SDState *sd)
323 {
324 memset(sd->sd_status, 0, 64);
325 }
326
327 static int sd_req_crc_validate(SDRequest *req)
328 {
329 uint8_t buffer[5];
330 buffer[0] = 0x40 | req->cmd;
331 buffer[1] = (req->arg >> 24) & 0xff;
332 buffer[2] = (req->arg >> 16) & 0xff;
333 buffer[3] = (req->arg >> 8) & 0xff;
334 buffer[4] = (req->arg >> 0) & 0xff;
335 return 0;
336 return sd_crc7(buffer, 5) != req->crc; /* TODO */
337 }
338
339 static void sd_response_r1_make(SDState *sd,
340 uint8_t *response, uint32_t last_status)
341 {
342 uint32_t mask = CARD_STATUS_B ^ ILLEGAL_COMMAND;
343 uint32_t status;
344
345 status = (sd->card_status & ~mask) | (last_status & mask);
346 sd->card_status &= ~CARD_STATUS_C | APP_CMD;
347
348 response[0] = (status >> 24) & 0xff;
349 response[1] = (status >> 16) & 0xff;
350 response[2] = (status >> 8) & 0xff;
351 response[3] = (status >> 0) & 0xff;
352 }
353
354 static void sd_response_r3_make(SDState *sd, uint8_t *response)
355 {
356 response[0] = (sd->ocr >> 24) & 0xff;
357 response[1] = (sd->ocr >> 16) & 0xff;
358 response[2] = (sd->ocr >> 8) & 0xff;
359 response[3] = (sd->ocr >> 0) & 0xff;
360 }
361
362 static void sd_response_r6_make(SDState *sd, uint8_t *response)
363 {
364 uint16_t arg;
365 uint16_t status;
366
367 arg = sd->rca;
368 status = ((sd->card_status >> 8) & 0xc000) |
369 ((sd->card_status >> 6) & 0x2000) |
370 (sd->card_status & 0x1fff);
371
372 response[0] = (arg >> 8) & 0xff;
373 response[1] = arg & 0xff;
374 response[2] = (status >> 8) & 0xff;
375 response[3] = status & 0xff;
376 }
377
378 static void sd_response_r7_make(SDState *sd, uint8_t *response)
379 {
380 response[0] = (sd->vhs >> 24) & 0xff;
381 response[1] = (sd->vhs >> 16) & 0xff;
382 response[2] = (sd->vhs >> 8) & 0xff;
383 response[3] = (sd->vhs >> 0) & 0xff;
384 }
385
386 static void sd_reset(SDState *sd, BlockDriverState *bdrv)
387 {
388 uint64_t size;
389 uint64_t sect;
390
391 if (bdrv) {
392 bdrv_get_geometry(bdrv, &sect);
393 } else {
394 sect = 0;
395 }
396 size = sect << 9;
397
398 sect = (size >> (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT)) + 1;
399
400 sd->state = sd_idle_state;
401 sd->rca = 0x0000;
402 sd_set_ocr(sd);
403 sd_set_scr(sd);
404 sd_set_cid(sd);
405 sd_set_csd(sd, size);
406 sd_set_cardstatus(sd);
407 sd_set_sdstatus(sd);
408
409 sd->bdrv = bdrv;
410
411 if (sd->wp_groups)
412 qemu_free(sd->wp_groups);
413 sd->wp_switch = bdrv ? bdrv_is_read_only(bdrv) : 0;
414 sd->wp_groups = (int *) qemu_mallocz(sizeof(int) * sect);
415 memset(sd->function_group, 0, sizeof(int) * 6);
416 sd->erase_start = 0;
417 sd->erase_end = 0;
418 sd->size = size;
419 sd->blk_len = 0x200;
420 sd->pwd_len = 0;
421 }
422
423 static void sd_cardchange(void *opaque, int reason)
424 {
425 SDState *sd = opaque;
426
427 if (!(reason & CHANGE_MEDIA)) {
428 return;
429 }
430
431 qemu_set_irq(sd->inserted_cb, bdrv_is_inserted(sd->bdrv));
432 if (bdrv_is_inserted(sd->bdrv)) {
433 sd_reset(sd, sd->bdrv);
434 qemu_set_irq(sd->readonly_cb, sd->wp_switch);
435 }
436 }
437
438 /* We do not model the chip select pin, so allow the board to select
439 whether card should be in SSI or MMC/SD mode. It is also up to the
440 board to ensure that ssi transfers only occur when the chip select
441 is asserted. */
442 SDState *sd_init(BlockDriverState *bs, int is_spi)
443 {
444 SDState *sd;
445
446 sd = (SDState *) qemu_mallocz(sizeof(SDState));
447 sd->buf = qemu_blockalign(bs, 512);
448 sd->spi = is_spi;
449 sd->enable = 1;
450 sd_reset(sd, bs);
451 if (sd->bdrv) {
452 bdrv_set_change_cb(sd->bdrv, sd_cardchange, sd);
453 }
454 return sd;
455 }
456
457 void sd_set_cb(SDState *sd, qemu_irq readonly, qemu_irq insert)
458 {
459 sd->readonly_cb = readonly;
460 sd->inserted_cb = insert;
461 qemu_set_irq(readonly, sd->bdrv ? bdrv_is_read_only(sd->bdrv) : 0);
462 qemu_set_irq(insert, sd->bdrv ? bdrv_is_inserted(sd->bdrv) : 0);
463 }
464
465 static void sd_erase(SDState *sd)
466 {
467 int i, start, end;
468 if (!sd->erase_start || !sd->erase_end) {
469 sd->card_status |= ERASE_SEQ_ERROR;
470 return;
471 }
472
473 start = sd->erase_start >>
474 (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT);
475 end = sd->erase_end >>
476 (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT);
477 sd->erase_start = 0;
478 sd->erase_end = 0;
479 sd->csd[14] |= 0x40;
480
481 for (i = start; i <= end; i ++)
482 if (sd->wp_groups[i])
483 sd->card_status |= WP_ERASE_SKIP;
484 }
485
486 static uint32_t sd_wpbits(SDState *sd, uint64_t addr)
487 {
488 uint32_t i, wpnum;
489 uint32_t ret = 0;
490
491 wpnum = addr >> (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT);
492
493 for (i = 0; i < 32; i ++, wpnum ++, addr += WPGROUP_SIZE)
494 if (addr < sd->size && sd->wp_groups[wpnum])
495 ret |= (1 << i);
496
497 return ret;
498 }
499
500 static void sd_function_switch(SDState *sd, uint32_t arg)
501 {
502 int i, mode, new_func, crc;
503 mode = !!(arg & 0x80000000);
504
505 sd->data[0] = 0x00; /* Maximum current consumption */
506 sd->data[1] = 0x01;
507 sd->data[2] = 0x80; /* Supported group 6 functions */
508 sd->data[3] = 0x01;
509 sd->data[4] = 0x80; /* Supported group 5 functions */
510 sd->data[5] = 0x01;
511 sd->data[6] = 0x80; /* Supported group 4 functions */
512 sd->data[7] = 0x01;
513 sd->data[8] = 0x80; /* Supported group 3 functions */
514 sd->data[9] = 0x01;
515 sd->data[10] = 0x80; /* Supported group 2 functions */
516 sd->data[11] = 0x43;
517 sd->data[12] = 0x80; /* Supported group 1 functions */
518 sd->data[13] = 0x03;
519 for (i = 0; i < 6; i ++) {
520 new_func = (arg >> (i * 4)) & 0x0f;
521 if (mode && new_func != 0x0f)
522 sd->function_group[i] = new_func;
523 sd->data[14 + (i >> 1)] = new_func << ((i * 4) & 4);
524 }
525 memset(&sd->data[17], 0, 47);
526 crc = sd_crc16(sd->data, 64);
527 sd->data[65] = crc >> 8;
528 sd->data[66] = crc & 0xff;
529 }
530
531 static inline int sd_wp_addr(SDState *sd, uint32_t addr)
532 {
533 return sd->wp_groups[addr >>
534 (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT)];
535 }
536
537 static void sd_lock_command(SDState *sd)
538 {
539 int erase, lock, clr_pwd, set_pwd, pwd_len;
540 erase = !!(sd->data[0] & 0x08);
541 lock = sd->data[0] & 0x04;
542 clr_pwd = sd->data[0] & 0x02;
543 set_pwd = sd->data[0] & 0x01;
544
545 if (sd->blk_len > 1)
546 pwd_len = sd->data[1];
547 else
548 pwd_len = 0;
549
550 if (erase) {
551 if (!(sd->card_status & CARD_IS_LOCKED) || sd->blk_len > 1 ||
552 set_pwd || clr_pwd || lock || sd->wp_switch ||
553 (sd->csd[14] & 0x20)) {
554 sd->card_status |= LOCK_UNLOCK_FAILED;
555 return;
556 }
557 memset(sd->wp_groups, 0, sizeof(int) * (sd->size >>
558 (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT)));
559 sd->csd[14] &= ~0x10;
560 sd->card_status &= ~CARD_IS_LOCKED;
561 sd->pwd_len = 0;
562 /* Erasing the entire card here! */
563 fprintf(stderr, "SD: Card force-erased by CMD42\n");
564 return;
565 }
566
567 if (sd->blk_len < 2 + pwd_len ||
568 pwd_len <= sd->pwd_len ||
569 pwd_len > sd->pwd_len + 16) {
570 sd->card_status |= LOCK_UNLOCK_FAILED;
571 return;
572 }
573
574 if (sd->pwd_len && memcmp(sd->pwd, sd->data + 2, sd->pwd_len)) {
575 sd->card_status |= LOCK_UNLOCK_FAILED;
576 return;
577 }
578
579 pwd_len -= sd->pwd_len;
580 if ((pwd_len && !set_pwd) ||
581 (clr_pwd && (set_pwd || lock)) ||
582 (lock && !sd->pwd_len && !set_pwd) ||
583 (!set_pwd && !clr_pwd &&
584 (((sd->card_status & CARD_IS_LOCKED) && lock) ||
585 (!(sd->card_status & CARD_IS_LOCKED) && !lock)))) {
586 sd->card_status |= LOCK_UNLOCK_FAILED;
587 return;
588 }
589
590 if (set_pwd) {
591 memcpy(sd->pwd, sd->data + 2 + sd->pwd_len, pwd_len);
592 sd->pwd_len = pwd_len;
593 }
594
595 if (clr_pwd) {
596 sd->pwd_len = 0;
597 }
598
599 if (lock)
600 sd->card_status |= CARD_IS_LOCKED;
601 else
602 sd->card_status &= ~CARD_IS_LOCKED;
603 }
604
605 static sd_rsp_type_t sd_normal_command(SDState *sd,
606 SDRequest req)
607 {
608 uint32_t rca = 0x0000;
609 uint64_t addr = (sd->ocr & (1 << 30)) ? (uint64_t) req.arg << 9 : req.arg;
610
611 if (sd_cmd_type[req.cmd] == sd_ac || sd_cmd_type[req.cmd] == sd_adtc)
612 rca = req.arg >> 16;
613
614 DPRINTF("CMD%d 0x%08x state %d\n", req.cmd, req.arg, sd->state);
615 switch (req.cmd) {
616 /* Basic commands (Class 0 and Class 1) */
617 case 0: /* CMD0: GO_IDLE_STATE */
618 switch (sd->state) {
619 case sd_inactive_state:
620 return sd->spi ? sd_r1 : sd_r0;
621
622 default:
623 sd->state = sd_idle_state;
624 sd_reset(sd, sd->bdrv);
625 return sd->spi ? sd_r1 : sd_r0;
626 }
627 break;
628
629 case 1: /* CMD1: SEND_OP_CMD */
630 if (!sd->spi)
631 goto bad_cmd;
632
633 sd->state = sd_transfer_state;
634 return sd_r1;
635
636 case 2: /* CMD2: ALL_SEND_CID */
637 if (sd->spi)
638 goto bad_cmd;
639 switch (sd->state) {
640 case sd_ready_state:
641 sd->state = sd_identification_state;
642 return sd_r2_i;
643
644 default:
645 break;
646 }
647 break;
648
649 case 3: /* CMD3: SEND_RELATIVE_ADDR */
650 if (sd->spi)
651 goto bad_cmd;
652 switch (sd->state) {
653 case sd_identification_state:
654 case sd_standby_state:
655 sd->state = sd_standby_state;
656 sd_set_rca(sd);
657 return sd_r6;
658
659 default:
660 break;
661 }
662 break;
663
664 case 4: /* CMD4: SEND_DSR */
665 if (sd->spi)
666 goto bad_cmd;
667 switch (sd->state) {
668 case sd_standby_state:
669 break;
670
671 default:
672 break;
673 }
674 break;
675
676 case 5: /* CMD5: reserved for SDIO cards */
677 sd->card_status |= ILLEGAL_COMMAND;
678 return sd_r0;
679
680 case 6: /* CMD6: SWITCH_FUNCTION */
681 if (sd->spi)
682 goto bad_cmd;
683 switch (sd->mode) {
684 case sd_data_transfer_mode:
685 sd_function_switch(sd, req.arg);
686 sd->state = sd_sendingdata_state;
687 sd->data_start = 0;
688 sd->data_offset = 0;
689 return sd_r1;
690
691 default:
692 break;
693 }
694 break;
695
696 case 7: /* CMD7: SELECT/DESELECT_CARD */
697 if (sd->spi)
698 goto bad_cmd;
699 switch (sd->state) {
700 case sd_standby_state:
701 if (sd->rca != rca)
702 return sd_r0;
703
704 sd->state = sd_transfer_state;
705 return sd_r1b;
706
707 case sd_transfer_state:
708 case sd_sendingdata_state:
709 if (sd->rca == rca)
710 break;
711
712 sd->state = sd_standby_state;
713 return sd_r1b;
714
715 case sd_disconnect_state:
716 if (sd->rca != rca)
717 return sd_r0;
718
719 sd->state = sd_programming_state;
720 return sd_r1b;
721
722 case sd_programming_state:
723 if (sd->rca == rca)
724 break;
725
726 sd->state = sd_disconnect_state;
727 return sd_r1b;
728
729 default:
730 break;
731 }
732 break;
733
734 case 8: /* CMD8: SEND_IF_COND */
735 /* Physical Layer Specification Version 2.00 command */
736 switch (sd->state) {
737 case sd_idle_state:
738 sd->vhs = 0;
739
740 /* No response if not exactly one VHS bit is set. */
741 if (!(req.arg >> 8) || (req.arg >> ffs(req.arg & ~0xff)))
742 return sd->spi ? sd_r7 : sd_r0;
743
744 /* Accept. */
745 sd->vhs = req.arg;
746 return sd_r7;
747
748 default:
749 break;
750 }
751 break;
752
753 case 9: /* CMD9: SEND_CSD */
754 switch (sd->state) {
755 case sd_standby_state:
756 if (sd->rca != rca)
757 return sd_r0;
758
759 return sd_r2_s;
760
761 case sd_transfer_state:
762 if (!sd->spi)
763 break;
764 sd->state = sd_sendingdata_state;
765 memcpy(sd->data, sd->csd, 16);
766 sd->data_start = addr;
767 sd->data_offset = 0;
768 return sd_r1;
769
770 default:
771 break;
772 }
773 break;
774
775 case 10: /* CMD10: SEND_CID */
776 switch (sd->state) {
777 case sd_standby_state:
778 if (sd->rca != rca)
779 return sd_r0;
780
781 return sd_r2_i;
782
783 case sd_transfer_state:
784 if (!sd->spi)
785 break;
786 sd->state = sd_sendingdata_state;
787 memcpy(sd->data, sd->cid, 16);
788 sd->data_start = addr;
789 sd->data_offset = 0;
790 return sd_r1;
791
792 default:
793 break;
794 }
795 break;
796
797 case 11: /* CMD11: READ_DAT_UNTIL_STOP */
798 if (sd->spi)
799 goto bad_cmd;
800 switch (sd->state) {
801 case sd_transfer_state:
802 sd->state = sd_sendingdata_state;
803 sd->data_start = req.arg;
804 sd->data_offset = 0;
805
806 if (sd->data_start + sd->blk_len > sd->size)
807 sd->card_status |= ADDRESS_ERROR;
808 return sd_r0;
809
810 default:
811 break;
812 }
813 break;
814
815 case 12: /* CMD12: STOP_TRANSMISSION */
816 switch (sd->state) {
817 case sd_sendingdata_state:
818 sd->state = sd_transfer_state;
819 return sd_r1b;
820
821 case sd_receivingdata_state:
822 sd->state = sd_programming_state;
823 /* Bzzzzzzztt .... Operation complete. */
824 sd->state = sd_transfer_state;
825 return sd_r1b;
826
827 default:
828 break;
829 }
830 break;
831
832 case 13: /* CMD13: SEND_STATUS */
833 switch (sd->mode) {
834 case sd_data_transfer_mode:
835 if (sd->rca != rca)
836 return sd_r0;
837
838 return sd_r1;
839
840 default:
841 break;
842 }
843 break;
844
845 case 15: /* CMD15: GO_INACTIVE_STATE */
846 if (sd->spi)
847 goto bad_cmd;
848 switch (sd->mode) {
849 case sd_data_transfer_mode:
850 if (sd->rca != rca)
851 return sd_r0;
852
853 sd->state = sd_inactive_state;
854 return sd_r0;
855
856 default:
857 break;
858 }
859 break;
860
861 /* Block read commands (Classs 2) */
862 case 16: /* CMD16: SET_BLOCKLEN */
863 switch (sd->state) {
864 case sd_transfer_state:
865 if (req.arg > (1 << HWBLOCK_SHIFT))
866 sd->card_status |= BLOCK_LEN_ERROR;
867 else
868 sd->blk_len = req.arg;
869
870 return sd_r1;
871
872 default:
873 break;
874 }
875 break;
876
877 case 17: /* CMD17: READ_SINGLE_BLOCK */
878 switch (sd->state) {
879 case sd_transfer_state:
880 sd->state = sd_sendingdata_state;
881 sd->data_start = addr;
882 sd->data_offset = 0;
883
884 if (sd->data_start + sd->blk_len > sd->size)
885 sd->card_status |= ADDRESS_ERROR;
886 return sd_r1;
887
888 default:
889 break;
890 }
891 break;
892
893 case 18: /* CMD18: READ_MULTIPLE_BLOCK */
894 switch (sd->state) {
895 case sd_transfer_state:
896 sd->state = sd_sendingdata_state;
897 sd->data_start = addr;
898 sd->data_offset = 0;
899
900 if (sd->data_start + sd->blk_len > sd->size)
901 sd->card_status |= ADDRESS_ERROR;
902 return sd_r1;
903
904 default:
905 break;
906 }
907 break;
908
909 /* Block write commands (Class 4) */
910 case 24: /* CMD24: WRITE_SINGLE_BLOCK */
911 if (sd->spi)
912 goto unimplemented_cmd;
913 switch (sd->state) {
914 case sd_transfer_state:
915 /* Writing in SPI mode not implemented. */
916 if (sd->spi)
917 break;
918 sd->state = sd_receivingdata_state;
919 sd->data_start = addr;
920 sd->data_offset = 0;
921 sd->blk_written = 0;
922
923 if (sd->data_start + sd->blk_len > sd->size)
924 sd->card_status |= ADDRESS_ERROR;
925 if (sd_wp_addr(sd, sd->data_start))
926 sd->card_status |= WP_VIOLATION;
927 if (sd->csd[14] & 0x30)
928 sd->card_status |= WP_VIOLATION;
929 return sd_r1;
930
931 default:
932 break;
933 }
934 break;
935
936 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
937 if (sd->spi)
938 goto unimplemented_cmd;
939 switch (sd->state) {
940 case sd_transfer_state:
941 /* Writing in SPI mode not implemented. */
942 if (sd->spi)
943 break;
944 sd->state = sd_receivingdata_state;
945 sd->data_start = addr;
946 sd->data_offset = 0;
947 sd->blk_written = 0;
948
949 if (sd->data_start + sd->blk_len > sd->size)
950 sd->card_status |= ADDRESS_ERROR;
951 if (sd_wp_addr(sd, sd->data_start))
952 sd->card_status |= WP_VIOLATION;
953 if (sd->csd[14] & 0x30)
954 sd->card_status |= WP_VIOLATION;
955 return sd_r1;
956
957 default:
958 break;
959 }
960 break;
961
962 case 26: /* CMD26: PROGRAM_CID */
963 if (sd->spi)
964 goto bad_cmd;
965 switch (sd->state) {
966 case sd_transfer_state:
967 sd->state = sd_receivingdata_state;
968 sd->data_start = 0;
969 sd->data_offset = 0;
970 return sd_r1;
971
972 default:
973 break;
974 }
975 break;
976
977 case 27: /* CMD27: PROGRAM_CSD */
978 if (sd->spi)
979 goto unimplemented_cmd;
980 switch (sd->state) {
981 case sd_transfer_state:
982 sd->state = sd_receivingdata_state;
983 sd->data_start = 0;
984 sd->data_offset = 0;
985 return sd_r1;
986
987 default:
988 break;
989 }
990 break;
991
992 /* Write protection (Class 6) */
993 case 28: /* CMD28: SET_WRITE_PROT */
994 switch (sd->state) {
995 case sd_transfer_state:
996 if (addr >= sd->size) {
997 sd->card_status = ADDRESS_ERROR;
998 return sd_r1b;
999 }
1000
1001 sd->state = sd_programming_state;
1002 sd->wp_groups[addr >> (HWBLOCK_SHIFT +
1003 SECTOR_SHIFT + WPGROUP_SHIFT)] = 1;
1004 /* Bzzzzzzztt .... Operation complete. */
1005 sd->state = sd_transfer_state;
1006 return sd_r1b;
1007
1008 default:
1009 break;
1010 }
1011 break;
1012
1013 case 29: /* CMD29: CLR_WRITE_PROT */
1014 switch (sd->state) {
1015 case sd_transfer_state:
1016 if (addr >= sd->size) {
1017 sd->card_status = ADDRESS_ERROR;
1018 return sd_r1b;
1019 }
1020
1021 sd->state = sd_programming_state;
1022 sd->wp_groups[addr >> (HWBLOCK_SHIFT +
1023 SECTOR_SHIFT + WPGROUP_SHIFT)] = 0;
1024 /* Bzzzzzzztt .... Operation complete. */
1025 sd->state = sd_transfer_state;
1026 return sd_r1b;
1027
1028 default:
1029 break;
1030 }
1031 break;
1032
1033 case 30: /* CMD30: SEND_WRITE_PROT */
1034 switch (sd->state) {
1035 case sd_transfer_state:
1036 sd->state = sd_sendingdata_state;
1037 *(uint32_t *) sd->data = sd_wpbits(sd, req.arg);
1038 sd->data_start = addr;
1039 sd->data_offset = 0;
1040 return sd_r1b;
1041
1042 default:
1043 break;
1044 }
1045 break;
1046
1047 /* Erase commands (Class 5) */
1048 case 32: /* CMD32: ERASE_WR_BLK_START */
1049 switch (sd->state) {
1050 case sd_transfer_state:
1051 sd->erase_start = req.arg;
1052 return sd_r1;
1053
1054 default:
1055 break;
1056 }
1057 break;
1058
1059 case 33: /* CMD33: ERASE_WR_BLK_END */
1060 switch (sd->state) {
1061 case sd_transfer_state:
1062 sd->erase_end = req.arg;
1063 return sd_r1;
1064
1065 default:
1066 break;
1067 }
1068 break;
1069
1070 case 38: /* CMD38: ERASE */
1071 switch (sd->state) {
1072 case sd_transfer_state:
1073 if (sd->csd[14] & 0x30) {
1074 sd->card_status |= WP_VIOLATION;
1075 return sd_r1b;
1076 }
1077
1078 sd->state = sd_programming_state;
1079 sd_erase(sd);
1080 /* Bzzzzzzztt .... Operation complete. */
1081 sd->state = sd_transfer_state;
1082 return sd_r1b;
1083
1084 default:
1085 break;
1086 }
1087 break;
1088
1089 /* Lock card commands (Class 7) */
1090 case 42: /* CMD42: LOCK_UNLOCK */
1091 if (sd->spi)
1092 goto unimplemented_cmd;
1093 switch (sd->state) {
1094 case sd_transfer_state:
1095 sd->state = sd_receivingdata_state;
1096 sd->data_start = 0;
1097 sd->data_offset = 0;
1098 return sd_r1;
1099
1100 default:
1101 break;
1102 }
1103 break;
1104
1105 case 52:
1106 case 53:
1107 /* CMD52, CMD53: reserved for SDIO cards
1108 * (see the SDIO Simplified Specification V2.0)
1109 * Handle as illegal command but do not complain
1110 * on stderr, as some OSes may use these in their
1111 * probing for presence of an SDIO card.
1112 */
1113 sd->card_status |= ILLEGAL_COMMAND;
1114 return sd_r0;
1115
1116 /* Application specific commands (Class 8) */
1117 case 55: /* CMD55: APP_CMD */
1118 if (sd->rca != rca)
1119 return sd_r0;
1120
1121 sd->card_status |= APP_CMD;
1122 return sd_r1;
1123
1124 case 56: /* CMD56: GEN_CMD */
1125 fprintf(stderr, "SD: GEN_CMD 0x%08x\n", req.arg);
1126
1127 switch (sd->state) {
1128 case sd_transfer_state:
1129 sd->data_offset = 0;
1130 if (req.arg & 1)
1131 sd->state = sd_sendingdata_state;
1132 else
1133 sd->state = sd_receivingdata_state;
1134 return sd_r1;
1135
1136 default:
1137 break;
1138 }
1139 break;
1140
1141 default:
1142 bad_cmd:
1143 sd->card_status |= ILLEGAL_COMMAND;
1144
1145 fprintf(stderr, "SD: Unknown CMD%i\n", req.cmd);
1146 return sd_r0;
1147
1148 unimplemented_cmd:
1149 /* Commands that are recognised but not yet implemented in SPI mode. */
1150 sd->card_status |= ILLEGAL_COMMAND;
1151 fprintf(stderr, "SD: CMD%i not implemented in SPI mode\n", req.cmd);
1152 return sd_r0;
1153 }
1154
1155 sd->card_status |= ILLEGAL_COMMAND;
1156 fprintf(stderr, "SD: CMD%i in a wrong state\n", req.cmd);
1157 return sd_r0;
1158 }
1159
1160 static sd_rsp_type_t sd_app_command(SDState *sd,
1161 SDRequest req)
1162 {
1163 DPRINTF("ACMD%d 0x%08x\n", req.cmd, req.arg);
1164 switch (req.cmd) {
1165 case 6: /* ACMD6: SET_BUS_WIDTH */
1166 switch (sd->state) {
1167 case sd_transfer_state:
1168 sd->sd_status[0] &= 0x3f;
1169 sd->sd_status[0] |= (req.arg & 0x03) << 6;
1170 return sd_r1;
1171
1172 default:
1173 break;
1174 }
1175 break;
1176
1177 case 13: /* ACMD13: SD_STATUS */
1178 switch (sd->state) {
1179 case sd_transfer_state:
1180 sd->state = sd_sendingdata_state;
1181 sd->data_start = 0;
1182 sd->data_offset = 0;
1183 return sd_r1;
1184
1185 default:
1186 break;
1187 }
1188 break;
1189
1190 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
1191 switch (sd->state) {
1192 case sd_transfer_state:
1193 *(uint32_t *) sd->data = sd->blk_written;
1194
1195 sd->state = sd_sendingdata_state;
1196 sd->data_start = 0;
1197 sd->data_offset = 0;
1198 return sd_r1;
1199
1200 default:
1201 break;
1202 }
1203 break;
1204
1205 case 23: /* ACMD23: SET_WR_BLK_ERASE_COUNT */
1206 switch (sd->state) {
1207 case sd_transfer_state:
1208 return sd_r1;
1209
1210 default:
1211 break;
1212 }
1213 break;
1214
1215 case 41: /* ACMD41: SD_APP_OP_COND */
1216 if (sd->spi) {
1217 /* SEND_OP_CMD */
1218 sd->state = sd_transfer_state;
1219 return sd_r1;
1220 }
1221 switch (sd->state) {
1222 case sd_idle_state:
1223 /* We accept any voltage. 10000 V is nothing. */
1224 if (req.arg)
1225 sd->state = sd_ready_state;
1226
1227 return sd_r3;
1228
1229 default:
1230 break;
1231 }
1232 break;
1233
1234 case 42: /* ACMD42: SET_CLR_CARD_DETECT */
1235 switch (sd->state) {
1236 case sd_transfer_state:
1237 /* Bringing in the 50KOhm pull-up resistor... Done. */
1238 return sd_r1;
1239
1240 default:
1241 break;
1242 }
1243 break;
1244
1245 case 51: /* ACMD51: SEND_SCR */
1246 switch (sd->state) {
1247 case sd_transfer_state:
1248 sd->state = sd_sendingdata_state;
1249 sd->data_start = 0;
1250 sd->data_offset = 0;
1251 return sd_r1;
1252
1253 default:
1254 break;
1255 }
1256 break;
1257
1258 default:
1259 /* Fall back to standard commands. */
1260 sd->card_status &= ~APP_CMD;
1261 return sd_normal_command(sd, req);
1262 }
1263
1264 fprintf(stderr, "SD: ACMD%i in a wrong state\n", req.cmd);
1265 return sd_r0;
1266 }
1267
1268 int sd_do_command(SDState *sd, SDRequest *req,
1269 uint8_t *response) {
1270 uint32_t last_status = sd->card_status;
1271 sd_rsp_type_t rtype;
1272 int rsplen;
1273
1274 if (!sd->bdrv || !bdrv_is_inserted(sd->bdrv) || !sd->enable) {
1275 return 0;
1276 }
1277
1278 if (sd_req_crc_validate(req)) {
1279 sd->card_status &= ~COM_CRC_ERROR;
1280 return 0;
1281 }
1282
1283 sd->card_status &= ~CARD_STATUS_B;
1284 sd_set_status(sd);
1285
1286 if (last_status & CARD_IS_LOCKED)
1287 if (((last_status & APP_CMD) &&
1288 req->cmd == 41) ||
1289 (!(last_status & APP_CMD) &&
1290 (sd_cmd_class[req->cmd] == 0 ||
1291 sd_cmd_class[req->cmd] == 7 ||
1292 req->cmd == 16 || req->cmd == 55))) {
1293 sd->card_status |= ILLEGAL_COMMAND;
1294 fprintf(stderr, "SD: Card is locked\n");
1295 return 0;
1296 }
1297
1298 if (last_status & APP_CMD) {
1299 rtype = sd_app_command(sd, *req);
1300 sd->card_status &= ~APP_CMD;
1301 } else
1302 rtype = sd_normal_command(sd, *req);
1303
1304 sd->current_cmd = req->cmd;
1305
1306 switch (rtype) {
1307 case sd_r1:
1308 case sd_r1b:
1309 sd_response_r1_make(sd, response, last_status);
1310 rsplen = 4;
1311 break;
1312
1313 case sd_r2_i:
1314 memcpy(response, sd->cid, sizeof(sd->cid));
1315 rsplen = 16;
1316 break;
1317
1318 case sd_r2_s:
1319 memcpy(response, sd->csd, sizeof(sd->csd));
1320 rsplen = 16;
1321 break;
1322
1323 case sd_r3:
1324 sd_response_r3_make(sd, response);
1325 rsplen = 4;
1326 break;
1327
1328 case sd_r6:
1329 sd_response_r6_make(sd, response);
1330 rsplen = 4;
1331 break;
1332
1333 case sd_r7:
1334 sd_response_r7_make(sd, response);
1335 rsplen = 4;
1336 break;
1337
1338 case sd_r0:
1339 default:
1340 rsplen = 0;
1341 break;
1342 }
1343
1344 if (sd->card_status & ILLEGAL_COMMAND)
1345 rsplen = 0;
1346
1347 #ifdef DEBUG_SD
1348 if (rsplen) {
1349 int i;
1350 DPRINTF("Response:");
1351 for (i = 0; i < rsplen; i++)
1352 printf(" %02x", response[i]);
1353 printf(" state %d\n", sd->state);
1354 } else {
1355 DPRINTF("No response %d\n", sd->state);
1356 }
1357 #endif
1358
1359 return rsplen;
1360 }
1361
1362 static void sd_blk_read(SDState *sd, uint64_t addr, uint32_t len)
1363 {
1364 uint64_t end = addr + len;
1365
1366 DPRINTF("sd_blk_read: addr = 0x%08llx, len = %d\n",
1367 (unsigned long long) addr, len);
1368 if (!sd->bdrv || bdrv_read(sd->bdrv, addr >> 9, sd->buf, 1) == -1) {
1369 fprintf(stderr, "sd_blk_read: read error on host side\n");
1370 return;
1371 }
1372
1373 if (end > (addr & ~511) + 512) {
1374 memcpy(sd->data, sd->buf + (addr & 511), 512 - (addr & 511));
1375
1376 if (bdrv_read(sd->bdrv, end >> 9, sd->buf, 1) == -1) {
1377 fprintf(stderr, "sd_blk_read: read error on host side\n");
1378 return;
1379 }
1380 memcpy(sd->data + 512 - (addr & 511), sd->buf, end & 511);
1381 } else
1382 memcpy(sd->data, sd->buf + (addr & 511), len);
1383 }
1384
1385 static void sd_blk_write(SDState *sd, uint64_t addr, uint32_t len)
1386 {
1387 uint64_t end = addr + len;
1388
1389 if ((addr & 511) || len < 512)
1390 if (!sd->bdrv || bdrv_read(sd->bdrv, addr >> 9, sd->buf, 1) == -1) {
1391 fprintf(stderr, "sd_blk_write: read error on host side\n");
1392 return;
1393 }
1394
1395 if (end > (addr & ~511) + 512) {
1396 memcpy(sd->buf + (addr & 511), sd->data, 512 - (addr & 511));
1397 if (bdrv_write(sd->bdrv, addr >> 9, sd->buf, 1) == -1) {
1398 fprintf(stderr, "sd_blk_write: write error on host side\n");
1399 return;
1400 }
1401
1402 if (bdrv_read(sd->bdrv, end >> 9, sd->buf, 1) == -1) {
1403 fprintf(stderr, "sd_blk_write: read error on host side\n");
1404 return;
1405 }
1406 memcpy(sd->buf, sd->data + 512 - (addr & 511), end & 511);
1407 if (bdrv_write(sd->bdrv, end >> 9, sd->buf, 1) == -1)
1408 fprintf(stderr, "sd_blk_write: write error on host side\n");
1409 } else {
1410 memcpy(sd->buf + (addr & 511), sd->data, len);
1411 if (!sd->bdrv || bdrv_write(sd->bdrv, addr >> 9, sd->buf, 1) == -1)
1412 fprintf(stderr, "sd_blk_write: write error on host side\n");
1413 }
1414 }
1415
1416 #define BLK_READ_BLOCK(a, len) sd_blk_read(sd, a, len)
1417 #define BLK_WRITE_BLOCK(a, len) sd_blk_write(sd, a, len)
1418 #define APP_READ_BLOCK(a, len) memset(sd->data, 0xec, len)
1419 #define APP_WRITE_BLOCK(a, len)
1420
1421 void sd_write_data(SDState *sd, uint8_t value)
1422 {
1423 int i;
1424
1425 if (!sd->bdrv || !bdrv_is_inserted(sd->bdrv) || !sd->enable)
1426 return;
1427
1428 if (sd->state != sd_receivingdata_state) {
1429 fprintf(stderr, "sd_write_data: not in Receiving-Data state\n");
1430 return;
1431 }
1432
1433 if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION))
1434 return;
1435
1436 switch (sd->current_cmd) {
1437 case 24: /* CMD24: WRITE_SINGLE_BLOCK */
1438 sd->data[sd->data_offset ++] = value;
1439 if (sd->data_offset >= sd->blk_len) {
1440 /* TODO: Check CRC before committing */
1441 sd->state = sd_programming_state;
1442 BLK_WRITE_BLOCK(sd->data_start, sd->data_offset);
1443 sd->blk_written ++;
1444 sd->csd[14] |= 0x40;
1445 /* Bzzzzzzztt .... Operation complete. */
1446 sd->state = sd_transfer_state;
1447 }
1448 break;
1449
1450 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
1451 if (sd->data_offset == 0) {
1452 /* Start of the block - lets check the address is valid */
1453 if (sd->data_start + sd->blk_len > sd->size) {
1454 sd->card_status |= ADDRESS_ERROR;
1455 break;
1456 }
1457 if (sd_wp_addr(sd, sd->data_start)) {
1458 sd->card_status |= WP_VIOLATION;
1459 break;
1460 }
1461 }
1462 sd->data[sd->data_offset++] = value;
1463 if (sd->data_offset >= sd->blk_len) {
1464 /* TODO: Check CRC before committing */
1465 sd->state = sd_programming_state;
1466 BLK_WRITE_BLOCK(sd->data_start, sd->data_offset);
1467 sd->blk_written++;
1468 sd->data_start += sd->blk_len;
1469 sd->data_offset = 0;
1470 sd->csd[14] |= 0x40;
1471
1472 /* Bzzzzzzztt .... Operation complete. */
1473 sd->state = sd_receivingdata_state;
1474 }
1475 break;
1476
1477 case 26: /* CMD26: PROGRAM_CID */
1478 sd->data[sd->data_offset ++] = value;
1479 if (sd->data_offset >= sizeof(sd->cid)) {
1480 /* TODO: Check CRC before committing */
1481 sd->state = sd_programming_state;
1482 for (i = 0; i < sizeof(sd->cid); i ++)
1483 if ((sd->cid[i] | 0x00) != sd->data[i])
1484 sd->card_status |= CID_CSD_OVERWRITE;
1485
1486 if (!(sd->card_status & CID_CSD_OVERWRITE))
1487 for (i = 0; i < sizeof(sd->cid); i ++) {
1488 sd->cid[i] |= 0x00;
1489 sd->cid[i] &= sd->data[i];
1490 }
1491 /* Bzzzzzzztt .... Operation complete. */
1492 sd->state = sd_transfer_state;
1493 }
1494 break;
1495
1496 case 27: /* CMD27: PROGRAM_CSD */
1497 sd->data[sd->data_offset ++] = value;
1498 if (sd->data_offset >= sizeof(sd->csd)) {
1499 /* TODO: Check CRC before committing */
1500 sd->state = sd_programming_state;
1501 for (i = 0; i < sizeof(sd->csd); i ++)
1502 if ((sd->csd[i] | sd_csd_rw_mask[i]) !=
1503 (sd->data[i] | sd_csd_rw_mask[i]))
1504 sd->card_status |= CID_CSD_OVERWRITE;
1505
1506 /* Copy flag (OTP) & Permanent write protect */
1507 if (sd->csd[14] & ~sd->data[14] & 0x60)
1508 sd->card_status |= CID_CSD_OVERWRITE;
1509
1510 if (!(sd->card_status & CID_CSD_OVERWRITE))
1511 for (i = 0; i < sizeof(sd->csd); i ++) {
1512 sd->csd[i] |= sd_csd_rw_mask[i];
1513 sd->csd[i] &= sd->data[i];
1514 }
1515 /* Bzzzzzzztt .... Operation complete. */
1516 sd->state = sd_transfer_state;
1517 }
1518 break;
1519
1520 case 42: /* CMD42: LOCK_UNLOCK */
1521 sd->data[sd->data_offset ++] = value;
1522 if (sd->data_offset >= sd->blk_len) {
1523 /* TODO: Check CRC before committing */
1524 sd->state = sd_programming_state;
1525 sd_lock_command(sd);
1526 /* Bzzzzzzztt .... Operation complete. */
1527 sd->state = sd_transfer_state;
1528 }
1529 break;
1530
1531 case 56: /* CMD56: GEN_CMD */
1532 sd->data[sd->data_offset ++] = value;
1533 if (sd->data_offset >= sd->blk_len) {
1534 APP_WRITE_BLOCK(sd->data_start, sd->data_offset);
1535 sd->state = sd_transfer_state;
1536 }
1537 break;
1538
1539 default:
1540 fprintf(stderr, "sd_write_data: unknown command\n");
1541 break;
1542 }
1543 }
1544
1545 uint8_t sd_read_data(SDState *sd)
1546 {
1547 /* TODO: Append CRCs */
1548 uint8_t ret;
1549 int io_len;
1550
1551 if (!sd->bdrv || !bdrv_is_inserted(sd->bdrv) || !sd->enable)
1552 return 0x00;
1553
1554 if (sd->state != sd_sendingdata_state) {
1555 fprintf(stderr, "sd_read_data: not in Sending-Data state\n");
1556 return 0x00;
1557 }
1558
1559 if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION))
1560 return 0x00;
1561
1562 io_len = (sd->ocr & (1 << 30)) ? 512 : sd->blk_len;
1563
1564 switch (sd->current_cmd) {
1565 case 6: /* CMD6: SWITCH_FUNCTION */
1566 ret = sd->data[sd->data_offset ++];
1567
1568 if (sd->data_offset >= 64)
1569 sd->state = sd_transfer_state;
1570 break;
1571
1572 case 9: /* CMD9: SEND_CSD */
1573 case 10: /* CMD10: SEND_CID */
1574 ret = sd->data[sd->data_offset ++];
1575
1576 if (sd->data_offset >= 16)
1577 sd->state = sd_transfer_state;
1578 break;
1579
1580 case 11: /* CMD11: READ_DAT_UNTIL_STOP */
1581 if (sd->data_offset == 0)
1582 BLK_READ_BLOCK(sd->data_start, io_len);
1583 ret = sd->data[sd->data_offset ++];
1584
1585 if (sd->data_offset >= io_len) {
1586 sd->data_start += io_len;
1587 sd->data_offset = 0;
1588 if (sd->data_start + io_len > sd->size) {
1589 sd->card_status |= ADDRESS_ERROR;
1590 break;
1591 }
1592 }
1593 break;
1594
1595 case 13: /* ACMD13: SD_STATUS */
1596 ret = sd->sd_status[sd->data_offset ++];
1597
1598 if (sd->data_offset >= sizeof(sd->sd_status))
1599 sd->state = sd_transfer_state;
1600 break;
1601
1602 case 17: /* CMD17: READ_SINGLE_BLOCK */
1603 if (sd->data_offset == 0)
1604 BLK_READ_BLOCK(sd->data_start, io_len);
1605 ret = sd->data[sd->data_offset ++];
1606
1607 if (sd->data_offset >= io_len)
1608 sd->state = sd_transfer_state;
1609 break;
1610
1611 case 18: /* CMD18: READ_MULTIPLE_BLOCK */
1612 if (sd->data_offset == 0)
1613 BLK_READ_BLOCK(sd->data_start, io_len);
1614 ret = sd->data[sd->data_offset ++];
1615
1616 if (sd->data_offset >= io_len) {
1617 sd->data_start += io_len;
1618 sd->data_offset = 0;
1619 if (sd->data_start + io_len > sd->size) {
1620 sd->card_status |= ADDRESS_ERROR;
1621 break;
1622 }
1623 }
1624 break;
1625
1626 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
1627 ret = sd->data[sd->data_offset ++];
1628
1629 if (sd->data_offset >= 4)
1630 sd->state = sd_transfer_state;
1631 break;
1632
1633 case 30: /* CMD30: SEND_WRITE_PROT */
1634 ret = sd->data[sd->data_offset ++];
1635
1636 if (sd->data_offset >= 4)
1637 sd->state = sd_transfer_state;
1638 break;
1639
1640 case 51: /* ACMD51: SEND_SCR */
1641 ret = sd->scr[sd->data_offset ++];
1642
1643 if (sd->data_offset >= sizeof(sd->scr))
1644 sd->state = sd_transfer_state;
1645 break;
1646
1647 case 56: /* CMD56: GEN_CMD */
1648 if (sd->data_offset == 0)
1649 APP_READ_BLOCK(sd->data_start, sd->blk_len);
1650 ret = sd->data[sd->data_offset ++];
1651
1652 if (sd->data_offset >= sd->blk_len)
1653 sd->state = sd_transfer_state;
1654 break;
1655
1656 default:
1657 fprintf(stderr, "sd_read_data: unknown command\n");
1658 return 0x00;
1659 }
1660
1661 return ret;
1662 }
1663
1664 int sd_data_ready(SDState *sd)
1665 {
1666 return sd->state == sd_sendingdata_state;
1667 }
1668
1669 void sd_enable(SDState *sd, int enable)
1670 {
1671 sd->enable = enable;
1672 }
Qemu copy for testing