Error check find_ram_offset
[qemu.git] / hw / sd.c
blob10e26ade583400772dc924d57d85019f4d034b03
1 /*
2 * SD Memory Card emulation as defined in the "SD Memory Card Physical
3 * layer specification, Version 1.10."
5 * Copyright (c) 2006 Andrzej Zaborowski <balrog@zabor.org>
6 * Copyright (c) 2007 CodeSourcery
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in
16 * the documentation and/or other materials provided with the
17 * distribution.
19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS''
20 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
21 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
22 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR
23 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
24 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
25 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
26 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
27 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
28 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
29 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
32 #include "hw.h"
33 #include "block.h"
34 #include "sd.h"
36 //#define DEBUG_SD 1
38 #ifdef DEBUG_SD
39 #define DPRINTF(fmt, ...) \
40 do { fprintf(stderr, "SD: " fmt , ## __VA_ARGS__); } while (0)
41 #else
42 #define DPRINTF(fmt, ...) do {} while(0)
43 #endif
45 typedef enum {
46 sd_r0 = 0, /* no response */
47 sd_r1, /* normal response command */
48 sd_r2_i, /* CID register */
49 sd_r2_s, /* CSD register */
50 sd_r3, /* OCR register */
51 sd_r6 = 6, /* Published RCA response */
52 sd_r7, /* Operating voltage */
53 sd_r1b = -1,
54 } sd_rsp_type_t;
56 struct SDState {
57 enum {
58 sd_inactive,
59 sd_card_identification_mode,
60 sd_data_transfer_mode,
61 } mode;
62 enum {
63 sd_inactive_state = -1,
64 sd_idle_state = 0,
65 sd_ready_state,
66 sd_identification_state,
67 sd_standby_state,
68 sd_transfer_state,
69 sd_sendingdata_state,
70 sd_receivingdata_state,
71 sd_programming_state,
72 sd_disconnect_state,
73 } state;
74 uint32_t ocr;
75 uint8_t scr[8];
76 uint8_t cid[16];
77 uint8_t csd[16];
78 uint16_t rca;
79 uint32_t card_status;
80 uint8_t sd_status[64];
81 uint32_t vhs;
82 int wp_switch;
83 int *wp_groups;
84 uint64_t size;
85 int blk_len;
86 uint32_t erase_start;
87 uint32_t erase_end;
88 uint8_t pwd[16];
89 int pwd_len;
90 int function_group[6];
92 int spi;
93 int current_cmd;
94 int blk_written;
95 uint64_t data_start;
96 uint32_t data_offset;
97 uint8_t data[512];
98 qemu_irq readonly_cb;
99 qemu_irq inserted_cb;
100 BlockDriverState *bdrv;
101 uint8_t *buf;
103 int enable;
106 static void sd_set_status(SDState *sd)
108 switch (sd->state) {
109 case sd_inactive_state:
110 sd->mode = sd_inactive;
111 break;
113 case sd_idle_state:
114 case sd_ready_state:
115 case sd_identification_state:
116 sd->mode = sd_card_identification_mode;
117 break;
119 case sd_standby_state:
120 case sd_transfer_state:
121 case sd_sendingdata_state:
122 case sd_receivingdata_state:
123 case sd_programming_state:
124 case sd_disconnect_state:
125 sd->mode = sd_data_transfer_mode;
126 break;
129 sd->card_status &= ~CURRENT_STATE;
130 sd->card_status |= sd->state << 9;
133 static const sd_cmd_type_t sd_cmd_type[64] = {
134 sd_bc, sd_none, sd_bcr, sd_bcr, sd_none, sd_none, sd_none, sd_ac,
135 sd_bcr, sd_ac, sd_ac, sd_adtc, sd_ac, sd_ac, sd_none, sd_ac,
136 sd_ac, sd_adtc, sd_adtc, sd_none, sd_none, sd_none, sd_none, sd_none,
137 sd_adtc, sd_adtc, sd_adtc, sd_adtc, sd_ac, sd_ac, sd_adtc, sd_none,
138 sd_ac, sd_ac, sd_none, sd_none, sd_none, sd_none, sd_ac, sd_none,
139 sd_none, sd_none, sd_bc, sd_none, sd_none, sd_none, sd_none, sd_none,
140 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_ac,
141 sd_adtc, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
144 static const sd_cmd_type_t sd_acmd_type[64] = {
145 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_ac, sd_none,
146 sd_none, sd_none, sd_none, sd_none, sd_none, sd_adtc, sd_none, sd_none,
147 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_adtc, sd_ac,
148 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
149 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
150 sd_none, sd_bcr, sd_ac, sd_none, sd_none, sd_none, sd_none, sd_none,
151 sd_none, sd_none, sd_none, sd_adtc, sd_none, sd_none, sd_none, sd_none,
152 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
155 static const int sd_cmd_class[64] = {
156 0, 0, 0, 0, 0, 9, 10, 0, 0, 0, 0, 1, 0, 0, 0, 0,
157 2, 2, 2, 2, 3, 3, 3, 3, 4, 4, 4, 4, 6, 6, 6, 6,
158 5, 5, 10, 10, 10, 10, 5, 9, 9, 9, 7, 7, 7, 7, 7, 7,
159 7, 7, 10, 7, 9, 9, 9, 8, 8, 10, 8, 8, 8, 8, 8, 8,
162 static uint8_t sd_crc7(void *message, size_t width)
164 int i, bit;
165 uint8_t shift_reg = 0x00;
166 uint8_t *msg = (uint8_t *) message;
168 for (i = 0; i < width; i ++, msg ++)
169 for (bit = 7; bit >= 0; bit --) {
170 shift_reg <<= 1;
171 if ((shift_reg >> 7) ^ ((*msg >> bit) & 1))
172 shift_reg ^= 0x89;
175 return shift_reg;
178 static uint16_t sd_crc16(void *message, size_t width)
180 int i, bit;
181 uint16_t shift_reg = 0x0000;
182 uint16_t *msg = (uint16_t *) message;
183 width <<= 1;
185 for (i = 0; i < width; i ++, msg ++)
186 for (bit = 15; bit >= 0; bit --) {
187 shift_reg <<= 1;
188 if ((shift_reg >> 15) ^ ((*msg >> bit) & 1))
189 shift_reg ^= 0x1011;
192 return shift_reg;
195 static void sd_set_ocr(SDState *sd)
197 /* All voltages OK, card power-up OK, Standard Capacity SD Memory Card */
198 sd->ocr = 0x80ffff00;
201 static void sd_set_scr(SDState *sd)
203 sd->scr[0] = 0x00; /* SCR Structure */
204 sd->scr[1] = 0x2f; /* SD Security Support */
205 sd->scr[2] = 0x00;
206 sd->scr[3] = 0x00;
207 sd->scr[4] = 0x00;
208 sd->scr[5] = 0x00;
209 sd->scr[6] = 0x00;
210 sd->scr[7] = 0x00;
213 #define MID 0xaa
214 #define OID "XY"
215 #define PNM "QEMU!"
216 #define PRV 0x01
217 #define MDT_YR 2006
218 #define MDT_MON 2
220 static void sd_set_cid(SDState *sd)
222 sd->cid[0] = MID; /* Fake card manufacturer ID (MID) */
223 sd->cid[1] = OID[0]; /* OEM/Application ID (OID) */
224 sd->cid[2] = OID[1];
225 sd->cid[3] = PNM[0]; /* Fake product name (PNM) */
226 sd->cid[4] = PNM[1];
227 sd->cid[5] = PNM[2];
228 sd->cid[6] = PNM[3];
229 sd->cid[7] = PNM[4];
230 sd->cid[8] = PRV; /* Fake product revision (PRV) */
231 sd->cid[9] = 0xde; /* Fake serial number (PSN) */
232 sd->cid[10] = 0xad;
233 sd->cid[11] = 0xbe;
234 sd->cid[12] = 0xef;
235 sd->cid[13] = 0x00 | /* Manufacture date (MDT) */
236 ((MDT_YR - 2000) / 10);
237 sd->cid[14] = ((MDT_YR % 10) << 4) | MDT_MON;
238 sd->cid[15] = (sd_crc7(sd->cid, 15) << 1) | 1;
241 #define HWBLOCK_SHIFT 9 /* 512 bytes */
242 #define SECTOR_SHIFT 5 /* 16 kilobytes */
243 #define WPGROUP_SHIFT 7 /* 2 megs */
244 #define CMULT_SHIFT 9 /* 512 times HWBLOCK_SIZE */
245 #define WPGROUP_SIZE (1 << (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT))
247 static const uint8_t sd_csd_rw_mask[16] = {
248 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
249 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xfc, 0xfe,
252 static void sd_set_csd(SDState *sd, uint64_t size)
254 uint32_t csize = (size >> (CMULT_SHIFT + HWBLOCK_SHIFT)) - 1;
255 uint32_t sectsize = (1 << (SECTOR_SHIFT + 1)) - 1;
256 uint32_t wpsize = (1 << (WPGROUP_SHIFT + 1)) - 1;
258 if (size <= 0x40000000) { /* Standard Capacity SD */
259 sd->csd[0] = 0x00; /* CSD structure */
260 sd->csd[1] = 0x26; /* Data read access-time-1 */
261 sd->csd[2] = 0x00; /* Data read access-time-2 */
262 sd->csd[3] = 0x5a; /* Max. data transfer rate */
263 sd->csd[4] = 0x5f; /* Card Command Classes */
264 sd->csd[5] = 0x50 | /* Max. read data block length */
265 HWBLOCK_SHIFT;
266 sd->csd[6] = 0xe0 | /* Partial block for read allowed */
267 ((csize >> 10) & 0x03);
268 sd->csd[7] = 0x00 | /* Device size */
269 ((csize >> 2) & 0xff);
270 sd->csd[8] = 0x3f | /* Max. read current */
271 ((csize << 6) & 0xc0);
272 sd->csd[9] = 0xfc | /* Max. write current */
273 ((CMULT_SHIFT - 2) >> 1);
274 sd->csd[10] = 0x40 | /* Erase sector size */
275 (((CMULT_SHIFT - 2) << 7) & 0x80) | (sectsize >> 1);
276 sd->csd[11] = 0x00 | /* Write protect group size */
277 ((sectsize << 7) & 0x80) | wpsize;
278 sd->csd[12] = 0x90 | /* Write speed factor */
279 (HWBLOCK_SHIFT >> 2);
280 sd->csd[13] = 0x20 | /* Max. write data block length */
281 ((HWBLOCK_SHIFT << 6) & 0xc0);
282 sd->csd[14] = 0x00; /* File format group */
283 sd->csd[15] = (sd_crc7(sd->csd, 15) << 1) | 1;
284 } else { /* SDHC */
285 size /= 512 * 1024;
286 size -= 1;
287 sd->csd[0] = 0x40;
288 sd->csd[1] = 0x0e;
289 sd->csd[2] = 0x00;
290 sd->csd[3] = 0x32;
291 sd->csd[4] = 0x5b;
292 sd->csd[5] = 0x59;
293 sd->csd[6] = 0x00;
294 sd->csd[7] = (size >> 16) & 0xff;
295 sd->csd[8] = (size >> 8) & 0xff;
296 sd->csd[9] = (size & 0xff);
297 sd->csd[10] = 0x7f;
298 sd->csd[11] = 0x80;
299 sd->csd[12] = 0x0a;
300 sd->csd[13] = 0x40;
301 sd->csd[14] = 0x00;
302 sd->csd[15] = 0x00;
303 sd->ocr |= 1 << 30; /* High Capacity SD Memort Card */
307 static void sd_set_rca(SDState *sd)
309 sd->rca += 0x4567;
312 #define CARD_STATUS_A 0x02004100
313 #define CARD_STATUS_B 0x00c01e00
314 #define CARD_STATUS_C 0xfd39a028
316 static void sd_set_cardstatus(SDState *sd)
318 sd->card_status = 0x00000100;
321 static void sd_set_sdstatus(SDState *sd)
323 memset(sd->sd_status, 0, 64);
326 static int sd_req_crc_validate(SDRequest *req)
328 uint8_t buffer[5];
329 buffer[0] = 0x40 | req->cmd;
330 buffer[1] = (req->arg >> 24) & 0xff;
331 buffer[2] = (req->arg >> 16) & 0xff;
332 buffer[3] = (req->arg >> 8) & 0xff;
333 buffer[4] = (req->arg >> 0) & 0xff;
334 return 0;
335 return sd_crc7(buffer, 5) != req->crc; /* TODO */
338 static void sd_response_r1_make(SDState *sd,
339 uint8_t *response, uint32_t last_status)
341 uint32_t mask = CARD_STATUS_B ^ ILLEGAL_COMMAND;
342 uint32_t status;
344 status = (sd->card_status & ~mask) | (last_status & mask);
345 sd->card_status &= ~CARD_STATUS_C | APP_CMD;
347 response[0] = (status >> 24) & 0xff;
348 response[1] = (status >> 16) & 0xff;
349 response[2] = (status >> 8) & 0xff;
350 response[3] = (status >> 0) & 0xff;
353 static void sd_response_r3_make(SDState *sd, uint8_t *response)
355 response[0] = (sd->ocr >> 24) & 0xff;
356 response[1] = (sd->ocr >> 16) & 0xff;
357 response[2] = (sd->ocr >> 8) & 0xff;
358 response[3] = (sd->ocr >> 0) & 0xff;
361 static void sd_response_r6_make(SDState *sd, uint8_t *response)
363 uint16_t arg;
364 uint16_t status;
366 arg = sd->rca;
367 status = ((sd->card_status >> 8) & 0xc000) |
368 ((sd->card_status >> 6) & 0x2000) |
369 (sd->card_status & 0x1fff);
371 response[0] = (arg >> 8) & 0xff;
372 response[1] = arg & 0xff;
373 response[2] = (status >> 8) & 0xff;
374 response[3] = status & 0xff;
377 static void sd_response_r7_make(SDState *sd, uint8_t *response)
379 response[0] = (sd->vhs >> 24) & 0xff;
380 response[1] = (sd->vhs >> 16) & 0xff;
381 response[2] = (sd->vhs >> 8) & 0xff;
382 response[3] = (sd->vhs >> 0) & 0xff;
385 static void sd_reset(SDState *sd, BlockDriverState *bdrv)
387 uint64_t size;
388 uint64_t sect;
390 if (bdrv) {
391 bdrv_get_geometry(bdrv, &sect);
392 } else {
393 sect = 0;
395 size = sect << 9;
397 sect = (size >> (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT)) + 1;
399 sd->state = sd_idle_state;
400 sd->rca = 0x0000;
401 sd_set_ocr(sd);
402 sd_set_scr(sd);
403 sd_set_cid(sd);
404 sd_set_csd(sd, size);
405 sd_set_cardstatus(sd);
406 sd_set_sdstatus(sd);
408 sd->bdrv = bdrv;
410 if (sd->wp_groups)
411 g_free(sd->wp_groups);
412 sd->wp_switch = bdrv ? bdrv_is_read_only(bdrv) : 0;
413 sd->wp_groups = (int *) g_malloc0(sizeof(int) * sect);
414 memset(sd->function_group, 0, sizeof(int) * 6);
415 sd->erase_start = 0;
416 sd->erase_end = 0;
417 sd->size = size;
418 sd->blk_len = 0x200;
419 sd->pwd_len = 0;
422 static void sd_cardchange(void *opaque, bool load)
424 SDState *sd = opaque;
426 qemu_set_irq(sd->inserted_cb, bdrv_is_inserted(sd->bdrv));
427 if (bdrv_is_inserted(sd->bdrv)) {
428 sd_reset(sd, sd->bdrv);
429 qemu_set_irq(sd->readonly_cb, sd->wp_switch);
433 static const BlockDevOps sd_block_ops = {
434 .change_media_cb = sd_cardchange,
437 /* We do not model the chip select pin, so allow the board to select
438 whether card should be in SSI or MMC/SD mode. It is also up to the
439 board to ensure that ssi transfers only occur when the chip select
440 is asserted. */
441 SDState *sd_init(BlockDriverState *bs, int is_spi)
443 SDState *sd;
445 sd = (SDState *) g_malloc0(sizeof(SDState));
446 sd->buf = qemu_blockalign(bs, 512);
447 sd->spi = is_spi;
448 sd->enable = 1;
449 sd_reset(sd, bs);
450 if (sd->bdrv) {
451 bdrv_attach_dev_nofail(sd->bdrv, sd);
452 bdrv_set_dev_ops(sd->bdrv, &sd_block_ops, sd);
454 return sd;
457 void sd_set_cb(SDState *sd, qemu_irq readonly, qemu_irq insert)
459 sd->readonly_cb = readonly;
460 sd->inserted_cb = insert;
461 qemu_set_irq(readonly, sd->bdrv ? bdrv_is_read_only(sd->bdrv) : 0);
462 qemu_set_irq(insert, sd->bdrv ? bdrv_is_inserted(sd->bdrv) : 0);
465 static void sd_erase(SDState *sd)
467 int i, start, end;
468 if (!sd->erase_start || !sd->erase_end) {
469 sd->card_status |= ERASE_SEQ_ERROR;
470 return;
473 start = sd->erase_start >>
474 (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT);
475 end = sd->erase_end >>
476 (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT);
477 sd->erase_start = 0;
478 sd->erase_end = 0;
479 sd->csd[14] |= 0x40;
481 for (i = start; i <= end; i ++)
482 if (sd->wp_groups[i])
483 sd->card_status |= WP_ERASE_SKIP;
486 static uint32_t sd_wpbits(SDState *sd, uint64_t addr)
488 uint32_t i, wpnum;
489 uint32_t ret = 0;
491 wpnum = addr >> (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT);
493 for (i = 0; i < 32; i ++, wpnum ++, addr += WPGROUP_SIZE)
494 if (addr < sd->size && sd->wp_groups[wpnum])
495 ret |= (1 << i);
497 return ret;
500 static void sd_function_switch(SDState *sd, uint32_t arg)
502 int i, mode, new_func, crc;
503 mode = !!(arg & 0x80000000);
505 sd->data[0] = 0x00; /* Maximum current consumption */
506 sd->data[1] = 0x01;
507 sd->data[2] = 0x80; /* Supported group 6 functions */
508 sd->data[3] = 0x01;
509 sd->data[4] = 0x80; /* Supported group 5 functions */
510 sd->data[5] = 0x01;
511 sd->data[6] = 0x80; /* Supported group 4 functions */
512 sd->data[7] = 0x01;
513 sd->data[8] = 0x80; /* Supported group 3 functions */
514 sd->data[9] = 0x01;
515 sd->data[10] = 0x80; /* Supported group 2 functions */
516 sd->data[11] = 0x43;
517 sd->data[12] = 0x80; /* Supported group 1 functions */
518 sd->data[13] = 0x03;
519 for (i = 0; i < 6; i ++) {
520 new_func = (arg >> (i * 4)) & 0x0f;
521 if (mode && new_func != 0x0f)
522 sd->function_group[i] = new_func;
523 sd->data[14 + (i >> 1)] = new_func << ((i * 4) & 4);
525 memset(&sd->data[17], 0, 47);
526 crc = sd_crc16(sd->data, 64);
527 sd->data[65] = crc >> 8;
528 sd->data[66] = crc & 0xff;
531 static inline int sd_wp_addr(SDState *sd, uint32_t addr)
533 return sd->wp_groups[addr >>
534 (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT)];
537 static void sd_lock_command(SDState *sd)
539 int erase, lock, clr_pwd, set_pwd, pwd_len;
540 erase = !!(sd->data[0] & 0x08);
541 lock = sd->data[0] & 0x04;
542 clr_pwd = sd->data[0] & 0x02;
543 set_pwd = sd->data[0] & 0x01;
545 if (sd->blk_len > 1)
546 pwd_len = sd->data[1];
547 else
548 pwd_len = 0;
550 if (erase) {
551 if (!(sd->card_status & CARD_IS_LOCKED) || sd->blk_len > 1 ||
552 set_pwd || clr_pwd || lock || sd->wp_switch ||
553 (sd->csd[14] & 0x20)) {
554 sd->card_status |= LOCK_UNLOCK_FAILED;
555 return;
557 memset(sd->wp_groups, 0, sizeof(int) * (sd->size >>
558 (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT)));
559 sd->csd[14] &= ~0x10;
560 sd->card_status &= ~CARD_IS_LOCKED;
561 sd->pwd_len = 0;
562 /* Erasing the entire card here! */
563 fprintf(stderr, "SD: Card force-erased by CMD42\n");
564 return;
567 if (sd->blk_len < 2 + pwd_len ||
568 pwd_len <= sd->pwd_len ||
569 pwd_len > sd->pwd_len + 16) {
570 sd->card_status |= LOCK_UNLOCK_FAILED;
571 return;
574 if (sd->pwd_len && memcmp(sd->pwd, sd->data + 2, sd->pwd_len)) {
575 sd->card_status |= LOCK_UNLOCK_FAILED;
576 return;
579 pwd_len -= sd->pwd_len;
580 if ((pwd_len && !set_pwd) ||
581 (clr_pwd && (set_pwd || lock)) ||
582 (lock && !sd->pwd_len && !set_pwd) ||
583 (!set_pwd && !clr_pwd &&
584 (((sd->card_status & CARD_IS_LOCKED) && lock) ||
585 (!(sd->card_status & CARD_IS_LOCKED) && !lock)))) {
586 sd->card_status |= LOCK_UNLOCK_FAILED;
587 return;
590 if (set_pwd) {
591 memcpy(sd->pwd, sd->data + 2 + sd->pwd_len, pwd_len);
592 sd->pwd_len = pwd_len;
595 if (clr_pwd) {
596 sd->pwd_len = 0;
599 if (lock)
600 sd->card_status |= CARD_IS_LOCKED;
601 else
602 sd->card_status &= ~CARD_IS_LOCKED;
605 static sd_rsp_type_t sd_normal_command(SDState *sd,
606 SDRequest req)
608 uint32_t rca = 0x0000;
609 uint64_t addr = (sd->ocr & (1 << 30)) ? (uint64_t) req.arg << 9 : req.arg;
611 if (sd_cmd_type[req.cmd] == sd_ac || sd_cmd_type[req.cmd] == sd_adtc)
612 rca = req.arg >> 16;
614 DPRINTF("CMD%d 0x%08x state %d\n", req.cmd, req.arg, sd->state);
615 switch (req.cmd) {
616 /* Basic commands (Class 0 and Class 1) */
617 case 0: /* CMD0: GO_IDLE_STATE */
618 switch (sd->state) {
619 case sd_inactive_state:
620 return sd->spi ? sd_r1 : sd_r0;
622 default:
623 sd->state = sd_idle_state;
624 sd_reset(sd, sd->bdrv);
625 return sd->spi ? sd_r1 : sd_r0;
627 break;
629 case 1: /* CMD1: SEND_OP_CMD */
630 if (!sd->spi)
631 goto bad_cmd;
633 sd->state = sd_transfer_state;
634 return sd_r1;
636 case 2: /* CMD2: ALL_SEND_CID */
637 if (sd->spi)
638 goto bad_cmd;
639 switch (sd->state) {
640 case sd_ready_state:
641 sd->state = sd_identification_state;
642 return sd_r2_i;
644 default:
645 break;
647 break;
649 case 3: /* CMD3: SEND_RELATIVE_ADDR */
650 if (sd->spi)
651 goto bad_cmd;
652 switch (sd->state) {
653 case sd_identification_state:
654 case sd_standby_state:
655 sd->state = sd_standby_state;
656 sd_set_rca(sd);
657 return sd_r6;
659 default:
660 break;
662 break;
664 case 4: /* CMD4: SEND_DSR */
665 if (sd->spi)
666 goto bad_cmd;
667 switch (sd->state) {
668 case sd_standby_state:
669 break;
671 default:
672 break;
674 break;
676 case 5: /* CMD5: reserved for SDIO cards */
677 sd->card_status |= ILLEGAL_COMMAND;
678 return sd_r0;
680 case 6: /* CMD6: SWITCH_FUNCTION */
681 if (sd->spi)
682 goto bad_cmd;
683 switch (sd->mode) {
684 case sd_data_transfer_mode:
685 sd_function_switch(sd, req.arg);
686 sd->state = sd_sendingdata_state;
687 sd->data_start = 0;
688 sd->data_offset = 0;
689 return sd_r1;
691 default:
692 break;
694 break;
696 case 7: /* CMD7: SELECT/DESELECT_CARD */
697 if (sd->spi)
698 goto bad_cmd;
699 switch (sd->state) {
700 case sd_standby_state:
701 if (sd->rca != rca)
702 return sd_r0;
704 sd->state = sd_transfer_state;
705 return sd_r1b;
707 case sd_transfer_state:
708 case sd_sendingdata_state:
709 if (sd->rca == rca)
710 break;
712 sd->state = sd_standby_state;
713 return sd_r1b;
715 case sd_disconnect_state:
716 if (sd->rca != rca)
717 return sd_r0;
719 sd->state = sd_programming_state;
720 return sd_r1b;
722 case sd_programming_state:
723 if (sd->rca == rca)
724 break;
726 sd->state = sd_disconnect_state;
727 return sd_r1b;
729 default:
730 break;
732 break;
734 case 8: /* CMD8: SEND_IF_COND */
735 /* Physical Layer Specification Version 2.00 command */
736 switch (sd->state) {
737 case sd_idle_state:
738 sd->vhs = 0;
740 /* No response if not exactly one VHS bit is set. */
741 if (!(req.arg >> 8) || (req.arg >> ffs(req.arg & ~0xff)))
742 return sd->spi ? sd_r7 : sd_r0;
744 /* Accept. */
745 sd->vhs = req.arg;
746 return sd_r7;
748 default:
749 break;
751 break;
753 case 9: /* CMD9: SEND_CSD */
754 switch (sd->state) {
755 case sd_standby_state:
756 if (sd->rca != rca)
757 return sd_r0;
759 return sd_r2_s;
761 case sd_transfer_state:
762 if (!sd->spi)
763 break;
764 sd->state = sd_sendingdata_state;
765 memcpy(sd->data, sd->csd, 16);
766 sd->data_start = addr;
767 sd->data_offset = 0;
768 return sd_r1;
770 default:
771 break;
773 break;
775 case 10: /* CMD10: SEND_CID */
776 switch (sd->state) {
777 case sd_standby_state:
778 if (sd->rca != rca)
779 return sd_r0;
781 return sd_r2_i;
783 case sd_transfer_state:
784 if (!sd->spi)
785 break;
786 sd->state = sd_sendingdata_state;
787 memcpy(sd->data, sd->cid, 16);
788 sd->data_start = addr;
789 sd->data_offset = 0;
790 return sd_r1;
792 default:
793 break;
795 break;
797 case 11: /* CMD11: READ_DAT_UNTIL_STOP */
798 if (sd->spi)
799 goto bad_cmd;
800 switch (sd->state) {
801 case sd_transfer_state:
802 sd->state = sd_sendingdata_state;
803 sd->data_start = req.arg;
804 sd->data_offset = 0;
806 if (sd->data_start + sd->blk_len > sd->size)
807 sd->card_status |= ADDRESS_ERROR;
808 return sd_r0;
810 default:
811 break;
813 break;
815 case 12: /* CMD12: STOP_TRANSMISSION */
816 switch (sd->state) {
817 case sd_sendingdata_state:
818 sd->state = sd_transfer_state;
819 return sd_r1b;
821 case sd_receivingdata_state:
822 sd->state = sd_programming_state;
823 /* Bzzzzzzztt .... Operation complete. */
824 sd->state = sd_transfer_state;
825 return sd_r1b;
827 default:
828 break;
830 break;
832 case 13: /* CMD13: SEND_STATUS */
833 switch (sd->mode) {
834 case sd_data_transfer_mode:
835 if (sd->rca != rca)
836 return sd_r0;
838 return sd_r1;
840 default:
841 break;
843 break;
845 case 15: /* CMD15: GO_INACTIVE_STATE */
846 if (sd->spi)
847 goto bad_cmd;
848 switch (sd->mode) {
849 case sd_data_transfer_mode:
850 if (sd->rca != rca)
851 return sd_r0;
853 sd->state = sd_inactive_state;
854 return sd_r0;
856 default:
857 break;
859 break;
861 /* Block read commands (Classs 2) */
862 case 16: /* CMD16: SET_BLOCKLEN */
863 switch (sd->state) {
864 case sd_transfer_state:
865 if (req.arg > (1 << HWBLOCK_SHIFT))
866 sd->card_status |= BLOCK_LEN_ERROR;
867 else
868 sd->blk_len = req.arg;
870 return sd_r1;
872 default:
873 break;
875 break;
877 case 17: /* CMD17: READ_SINGLE_BLOCK */
878 switch (sd->state) {
879 case sd_transfer_state:
880 sd->state = sd_sendingdata_state;
881 sd->data_start = addr;
882 sd->data_offset = 0;
884 if (sd->data_start + sd->blk_len > sd->size)
885 sd->card_status |= ADDRESS_ERROR;
886 return sd_r1;
888 default:
889 break;
891 break;
893 case 18: /* CMD18: READ_MULTIPLE_BLOCK */
894 switch (sd->state) {
895 case sd_transfer_state:
896 sd->state = sd_sendingdata_state;
897 sd->data_start = addr;
898 sd->data_offset = 0;
900 if (sd->data_start + sd->blk_len > sd->size)
901 sd->card_status |= ADDRESS_ERROR;
902 return sd_r1;
904 default:
905 break;
907 break;
909 /* Block write commands (Class 4) */
910 case 24: /* CMD24: WRITE_SINGLE_BLOCK */
911 if (sd->spi)
912 goto unimplemented_cmd;
913 switch (sd->state) {
914 case sd_transfer_state:
915 /* Writing in SPI mode not implemented. */
916 if (sd->spi)
917 break;
918 sd->state = sd_receivingdata_state;
919 sd->data_start = addr;
920 sd->data_offset = 0;
921 sd->blk_written = 0;
923 if (sd->data_start + sd->blk_len > sd->size)
924 sd->card_status |= ADDRESS_ERROR;
925 if (sd_wp_addr(sd, sd->data_start))
926 sd->card_status |= WP_VIOLATION;
927 if (sd->csd[14] & 0x30)
928 sd->card_status |= WP_VIOLATION;
929 return sd_r1;
931 default:
932 break;
934 break;
936 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
937 if (sd->spi)
938 goto unimplemented_cmd;
939 switch (sd->state) {
940 case sd_transfer_state:
941 /* Writing in SPI mode not implemented. */
942 if (sd->spi)
943 break;
944 sd->state = sd_receivingdata_state;
945 sd->data_start = addr;
946 sd->data_offset = 0;
947 sd->blk_written = 0;
949 if (sd->data_start + sd->blk_len > sd->size)
950 sd->card_status |= ADDRESS_ERROR;
951 if (sd_wp_addr(sd, sd->data_start))
952 sd->card_status |= WP_VIOLATION;
953 if (sd->csd[14] & 0x30)
954 sd->card_status |= WP_VIOLATION;
955 return sd_r1;
957 default:
958 break;
960 break;
962 case 26: /* CMD26: PROGRAM_CID */
963 if (sd->spi)
964 goto bad_cmd;
965 switch (sd->state) {
966 case sd_transfer_state:
967 sd->state = sd_receivingdata_state;
968 sd->data_start = 0;
969 sd->data_offset = 0;
970 return sd_r1;
972 default:
973 break;
975 break;
977 case 27: /* CMD27: PROGRAM_CSD */
978 if (sd->spi)
979 goto unimplemented_cmd;
980 switch (sd->state) {
981 case sd_transfer_state:
982 sd->state = sd_receivingdata_state;
983 sd->data_start = 0;
984 sd->data_offset = 0;
985 return sd_r1;
987 default:
988 break;
990 break;
992 /* Write protection (Class 6) */
993 case 28: /* CMD28: SET_WRITE_PROT */
994 switch (sd->state) {
995 case sd_transfer_state:
996 if (addr >= sd->size) {
997 sd->card_status = ADDRESS_ERROR;
998 return sd_r1b;
1001 sd->state = sd_programming_state;
1002 sd->wp_groups[addr >> (HWBLOCK_SHIFT +
1003 SECTOR_SHIFT + WPGROUP_SHIFT)] = 1;
1004 /* Bzzzzzzztt .... Operation complete. */
1005 sd->state = sd_transfer_state;
1006 return sd_r1b;
1008 default:
1009 break;
1011 break;
1013 case 29: /* CMD29: CLR_WRITE_PROT */
1014 switch (sd->state) {
1015 case sd_transfer_state:
1016 if (addr >= sd->size) {
1017 sd->card_status = ADDRESS_ERROR;
1018 return sd_r1b;
1021 sd->state = sd_programming_state;
1022 sd->wp_groups[addr >> (HWBLOCK_SHIFT +
1023 SECTOR_SHIFT + WPGROUP_SHIFT)] = 0;
1024 /* Bzzzzzzztt .... Operation complete. */
1025 sd->state = sd_transfer_state;
1026 return sd_r1b;
1028 default:
1029 break;
1031 break;
1033 case 30: /* CMD30: SEND_WRITE_PROT */
1034 switch (sd->state) {
1035 case sd_transfer_state:
1036 sd->state = sd_sendingdata_state;
1037 *(uint32_t *) sd->data = sd_wpbits(sd, req.arg);
1038 sd->data_start = addr;
1039 sd->data_offset = 0;
1040 return sd_r1b;
1042 default:
1043 break;
1045 break;
1047 /* Erase commands (Class 5) */
1048 case 32: /* CMD32: ERASE_WR_BLK_START */
1049 switch (sd->state) {
1050 case sd_transfer_state:
1051 sd->erase_start = req.arg;
1052 return sd_r1;
1054 default:
1055 break;
1057 break;
1059 case 33: /* CMD33: ERASE_WR_BLK_END */
1060 switch (sd->state) {
1061 case sd_transfer_state:
1062 sd->erase_end = req.arg;
1063 return sd_r1;
1065 default:
1066 break;
1068 break;
1070 case 38: /* CMD38: ERASE */
1071 switch (sd->state) {
1072 case sd_transfer_state:
1073 if (sd->csd[14] & 0x30) {
1074 sd->card_status |= WP_VIOLATION;
1075 return sd_r1b;
1078 sd->state = sd_programming_state;
1079 sd_erase(sd);
1080 /* Bzzzzzzztt .... Operation complete. */
1081 sd->state = sd_transfer_state;
1082 return sd_r1b;
1084 default:
1085 break;
1087 break;
1089 /* Lock card commands (Class 7) */
1090 case 42: /* CMD42: LOCK_UNLOCK */
1091 if (sd->spi)
1092 goto unimplemented_cmd;
1093 switch (sd->state) {
1094 case sd_transfer_state:
1095 sd->state = sd_receivingdata_state;
1096 sd->data_start = 0;
1097 sd->data_offset = 0;
1098 return sd_r1;
1100 default:
1101 break;
1103 break;
1105 case 52:
1106 case 53:
1107 /* CMD52, CMD53: reserved for SDIO cards
1108 * (see the SDIO Simplified Specification V2.0)
1109 * Handle as illegal command but do not complain
1110 * on stderr, as some OSes may use these in their
1111 * probing for presence of an SDIO card.
1113 sd->card_status |= ILLEGAL_COMMAND;
1114 return sd_r0;
1116 /* Application specific commands (Class 8) */
1117 case 55: /* CMD55: APP_CMD */
1118 if (sd->rca != rca)
1119 return sd_r0;
1121 sd->card_status |= APP_CMD;
1122 return sd_r1;
1124 case 56: /* CMD56: GEN_CMD */
1125 fprintf(stderr, "SD: GEN_CMD 0x%08x\n", req.arg);
1127 switch (sd->state) {
1128 case sd_transfer_state:
1129 sd->data_offset = 0;
1130 if (req.arg & 1)
1131 sd->state = sd_sendingdata_state;
1132 else
1133 sd->state = sd_receivingdata_state;
1134 return sd_r1;
1136 default:
1137 break;
1139 break;
1141 default:
1142 bad_cmd:
1143 sd->card_status |= ILLEGAL_COMMAND;
1145 fprintf(stderr, "SD: Unknown CMD%i\n", req.cmd);
1146 return sd_r0;
1148 unimplemented_cmd:
1149 /* Commands that are recognised but not yet implemented in SPI mode. */
1150 sd->card_status |= ILLEGAL_COMMAND;
1151 fprintf(stderr, "SD: CMD%i not implemented in SPI mode\n", req.cmd);
1152 return sd_r0;
1155 sd->card_status |= ILLEGAL_COMMAND;
1156 fprintf(stderr, "SD: CMD%i in a wrong state\n", req.cmd);
1157 return sd_r0;
1160 static sd_rsp_type_t sd_app_command(SDState *sd,
1161 SDRequest req)
1163 DPRINTF("ACMD%d 0x%08x\n", req.cmd, req.arg);
1164 switch (req.cmd) {
1165 case 6: /* ACMD6: SET_BUS_WIDTH */
1166 switch (sd->state) {
1167 case sd_transfer_state:
1168 sd->sd_status[0] &= 0x3f;
1169 sd->sd_status[0] |= (req.arg & 0x03) << 6;
1170 return sd_r1;
1172 default:
1173 break;
1175 break;
1177 case 13: /* ACMD13: SD_STATUS */
1178 switch (sd->state) {
1179 case sd_transfer_state:
1180 sd->state = sd_sendingdata_state;
1181 sd->data_start = 0;
1182 sd->data_offset = 0;
1183 return sd_r1;
1185 default:
1186 break;
1188 break;
1190 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
1191 switch (sd->state) {
1192 case sd_transfer_state:
1193 *(uint32_t *) sd->data = sd->blk_written;
1195 sd->state = sd_sendingdata_state;
1196 sd->data_start = 0;
1197 sd->data_offset = 0;
1198 return sd_r1;
1200 default:
1201 break;
1203 break;
1205 case 23: /* ACMD23: SET_WR_BLK_ERASE_COUNT */
1206 switch (sd->state) {
1207 case sd_transfer_state:
1208 return sd_r1;
1210 default:
1211 break;
1213 break;
1215 case 41: /* ACMD41: SD_APP_OP_COND */
1216 if (sd->spi) {
1217 /* SEND_OP_CMD */
1218 sd->state = sd_transfer_state;
1219 return sd_r1;
1221 switch (sd->state) {
1222 case sd_idle_state:
1223 /* We accept any voltage. 10000 V is nothing. */
1224 if (req.arg)
1225 sd->state = sd_ready_state;
1227 return sd_r3;
1229 default:
1230 break;
1232 break;
1234 case 42: /* ACMD42: SET_CLR_CARD_DETECT */
1235 switch (sd->state) {
1236 case sd_transfer_state:
1237 /* Bringing in the 50KOhm pull-up resistor... Done. */
1238 return sd_r1;
1240 default:
1241 break;
1243 break;
1245 case 51: /* ACMD51: SEND_SCR */
1246 switch (sd->state) {
1247 case sd_transfer_state:
1248 sd->state = sd_sendingdata_state;
1249 sd->data_start = 0;
1250 sd->data_offset = 0;
1251 return sd_r1;
1253 default:
1254 break;
1256 break;
1258 default:
1259 /* Fall back to standard commands. */
1260 sd->card_status &= ~APP_CMD;
1261 return sd_normal_command(sd, req);
1264 fprintf(stderr, "SD: ACMD%i in a wrong state\n", req.cmd);
1265 return sd_r0;
1268 int sd_do_command(SDState *sd, SDRequest *req,
1269 uint8_t *response) {
1270 uint32_t last_status = sd->card_status;
1271 sd_rsp_type_t rtype;
1272 int rsplen;
1274 if (!sd->bdrv || !bdrv_is_inserted(sd->bdrv) || !sd->enable) {
1275 return 0;
1278 if (sd_req_crc_validate(req)) {
1279 sd->card_status &= ~COM_CRC_ERROR;
1280 return 0;
1283 sd->card_status &= ~CARD_STATUS_B;
1284 sd_set_status(sd);
1286 if (last_status & CARD_IS_LOCKED)
1287 if (((last_status & APP_CMD) &&
1288 req->cmd == 41) ||
1289 (!(last_status & APP_CMD) &&
1290 (sd_cmd_class[req->cmd] == 0 ||
1291 sd_cmd_class[req->cmd] == 7 ||
1292 req->cmd == 16 || req->cmd == 55))) {
1293 sd->card_status |= ILLEGAL_COMMAND;
1294 fprintf(stderr, "SD: Card is locked\n");
1295 return 0;
1298 if (last_status & APP_CMD) {
1299 rtype = sd_app_command(sd, *req);
1300 sd->card_status &= ~APP_CMD;
1301 } else
1302 rtype = sd_normal_command(sd, *req);
1304 sd->current_cmd = req->cmd;
1306 switch (rtype) {
1307 case sd_r1:
1308 case sd_r1b:
1309 sd_response_r1_make(sd, response, last_status);
1310 rsplen = 4;
1311 break;
1313 case sd_r2_i:
1314 memcpy(response, sd->cid, sizeof(sd->cid));
1315 rsplen = 16;
1316 break;
1318 case sd_r2_s:
1319 memcpy(response, sd->csd, sizeof(sd->csd));
1320 rsplen = 16;
1321 break;
1323 case sd_r3:
1324 sd_response_r3_make(sd, response);
1325 rsplen = 4;
1326 break;
1328 case sd_r6:
1329 sd_response_r6_make(sd, response);
1330 rsplen = 4;
1331 break;
1333 case sd_r7:
1334 sd_response_r7_make(sd, response);
1335 rsplen = 4;
1336 break;
1338 case sd_r0:
1339 default:
1340 rsplen = 0;
1341 break;
1344 if (sd->card_status & ILLEGAL_COMMAND)
1345 rsplen = 0;
1347 #ifdef DEBUG_SD
1348 if (rsplen) {
1349 int i;
1350 DPRINTF("Response:");
1351 for (i = 0; i < rsplen; i++)
1352 printf(" %02x", response[i]);
1353 printf(" state %d\n", sd->state);
1354 } else {
1355 DPRINTF("No response %d\n", sd->state);
1357 #endif
1359 return rsplen;
1362 static void sd_blk_read(SDState *sd, uint64_t addr, uint32_t len)
1364 uint64_t end = addr + len;
1366 DPRINTF("sd_blk_read: addr = 0x%08llx, len = %d\n",
1367 (unsigned long long) addr, len);
1368 if (!sd->bdrv || bdrv_read(sd->bdrv, addr >> 9, sd->buf, 1) == -1) {
1369 fprintf(stderr, "sd_blk_read: read error on host side\n");
1370 return;
1373 if (end > (addr & ~511) + 512) {
1374 memcpy(sd->data, sd->buf + (addr & 511), 512 - (addr & 511));
1376 if (bdrv_read(sd->bdrv, end >> 9, sd->buf, 1) == -1) {
1377 fprintf(stderr, "sd_blk_read: read error on host side\n");
1378 return;
1380 memcpy(sd->data + 512 - (addr & 511), sd->buf, end & 511);
1381 } else
1382 memcpy(sd->data, sd->buf + (addr & 511), len);
1385 static void sd_blk_write(SDState *sd, uint64_t addr, uint32_t len)
1387 uint64_t end = addr + len;
1389 if ((addr & 511) || len < 512)
1390 if (!sd->bdrv || bdrv_read(sd->bdrv, addr >> 9, sd->buf, 1) == -1) {
1391 fprintf(stderr, "sd_blk_write: read error on host side\n");
1392 return;
1395 if (end > (addr & ~511) + 512) {
1396 memcpy(sd->buf + (addr & 511), sd->data, 512 - (addr & 511));
1397 if (bdrv_write(sd->bdrv, addr >> 9, sd->buf, 1) == -1) {
1398 fprintf(stderr, "sd_blk_write: write error on host side\n");
1399 return;
1402 if (bdrv_read(sd->bdrv, end >> 9, sd->buf, 1) == -1) {
1403 fprintf(stderr, "sd_blk_write: read error on host side\n");
1404 return;
1406 memcpy(sd->buf, sd->data + 512 - (addr & 511), end & 511);
1407 if (bdrv_write(sd->bdrv, end >> 9, sd->buf, 1) == -1)
1408 fprintf(stderr, "sd_blk_write: write error on host side\n");
1409 } else {
1410 memcpy(sd->buf + (addr & 511), sd->data, len);
1411 if (!sd->bdrv || bdrv_write(sd->bdrv, addr >> 9, sd->buf, 1) == -1)
1412 fprintf(stderr, "sd_blk_write: write error on host side\n");
1416 #define BLK_READ_BLOCK(a, len) sd_blk_read(sd, a, len)
1417 #define BLK_WRITE_BLOCK(a, len) sd_blk_write(sd, a, len)
1418 #define APP_READ_BLOCK(a, len) memset(sd->data, 0xec, len)
1419 #define APP_WRITE_BLOCK(a, len)
1421 void sd_write_data(SDState *sd, uint8_t value)
1423 int i;
1425 if (!sd->bdrv || !bdrv_is_inserted(sd->bdrv) || !sd->enable)
1426 return;
1428 if (sd->state != sd_receivingdata_state) {
1429 fprintf(stderr, "sd_write_data: not in Receiving-Data state\n");
1430 return;
1433 if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION))
1434 return;
1436 switch (sd->current_cmd) {
1437 case 24: /* CMD24: WRITE_SINGLE_BLOCK */
1438 sd->data[sd->data_offset ++] = value;
1439 if (sd->data_offset >= sd->blk_len) {
1440 /* TODO: Check CRC before committing */
1441 sd->state = sd_programming_state;
1442 BLK_WRITE_BLOCK(sd->data_start, sd->data_offset);
1443 sd->blk_written ++;
1444 sd->csd[14] |= 0x40;
1445 /* Bzzzzzzztt .... Operation complete. */
1446 sd->state = sd_transfer_state;
1448 break;
1450 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
1451 if (sd->data_offset == 0) {
1452 /* Start of the block - lets check the address is valid */
1453 if (sd->data_start + sd->blk_len > sd->size) {
1454 sd->card_status |= ADDRESS_ERROR;
1455 break;
1457 if (sd_wp_addr(sd, sd->data_start)) {
1458 sd->card_status |= WP_VIOLATION;
1459 break;
1462 sd->data[sd->data_offset++] = value;
1463 if (sd->data_offset >= sd->blk_len) {
1464 /* TODO: Check CRC before committing */
1465 sd->state = sd_programming_state;
1466 BLK_WRITE_BLOCK(sd->data_start, sd->data_offset);
1467 sd->blk_written++;
1468 sd->data_start += sd->blk_len;
1469 sd->data_offset = 0;
1470 sd->csd[14] |= 0x40;
1472 /* Bzzzzzzztt .... Operation complete. */
1473 sd->state = sd_receivingdata_state;
1475 break;
1477 case 26: /* CMD26: PROGRAM_CID */
1478 sd->data[sd->data_offset ++] = value;
1479 if (sd->data_offset >= sizeof(sd->cid)) {
1480 /* TODO: Check CRC before committing */
1481 sd->state = sd_programming_state;
1482 for (i = 0; i < sizeof(sd->cid); i ++)
1483 if ((sd->cid[i] | 0x00) != sd->data[i])
1484 sd->card_status |= CID_CSD_OVERWRITE;
1486 if (!(sd->card_status & CID_CSD_OVERWRITE))
1487 for (i = 0; i < sizeof(sd->cid); i ++) {
1488 sd->cid[i] |= 0x00;
1489 sd->cid[i] &= sd->data[i];
1491 /* Bzzzzzzztt .... Operation complete. */
1492 sd->state = sd_transfer_state;
1494 break;
1496 case 27: /* CMD27: PROGRAM_CSD */
1497 sd->data[sd->data_offset ++] = value;
1498 if (sd->data_offset >= sizeof(sd->csd)) {
1499 /* TODO: Check CRC before committing */
1500 sd->state = sd_programming_state;
1501 for (i = 0; i < sizeof(sd->csd); i ++)
1502 if ((sd->csd[i] | sd_csd_rw_mask[i]) !=
1503 (sd->data[i] | sd_csd_rw_mask[i]))
1504 sd->card_status |= CID_CSD_OVERWRITE;
1506 /* Copy flag (OTP) & Permanent write protect */
1507 if (sd->csd[14] & ~sd->data[14] & 0x60)
1508 sd->card_status |= CID_CSD_OVERWRITE;
1510 if (!(sd->card_status & CID_CSD_OVERWRITE))
1511 for (i = 0; i < sizeof(sd->csd); i ++) {
1512 sd->csd[i] |= sd_csd_rw_mask[i];
1513 sd->csd[i] &= sd->data[i];
1515 /* Bzzzzzzztt .... Operation complete. */
1516 sd->state = sd_transfer_state;
1518 break;
1520 case 42: /* CMD42: LOCK_UNLOCK */
1521 sd->data[sd->data_offset ++] = value;
1522 if (sd->data_offset >= sd->blk_len) {
1523 /* TODO: Check CRC before committing */
1524 sd->state = sd_programming_state;
1525 sd_lock_command(sd);
1526 /* Bzzzzzzztt .... Operation complete. */
1527 sd->state = sd_transfer_state;
1529 break;
1531 case 56: /* CMD56: GEN_CMD */
1532 sd->data[sd->data_offset ++] = value;
1533 if (sd->data_offset >= sd->blk_len) {
1534 APP_WRITE_BLOCK(sd->data_start, sd->data_offset);
1535 sd->state = sd_transfer_state;
1537 break;
1539 default:
1540 fprintf(stderr, "sd_write_data: unknown command\n");
1541 break;
1545 uint8_t sd_read_data(SDState *sd)
1547 /* TODO: Append CRCs */
1548 uint8_t ret;
1549 int io_len;
1551 if (!sd->bdrv || !bdrv_is_inserted(sd->bdrv) || !sd->enable)
1552 return 0x00;
1554 if (sd->state != sd_sendingdata_state) {
1555 fprintf(stderr, "sd_read_data: not in Sending-Data state\n");
1556 return 0x00;
1559 if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION))
1560 return 0x00;
1562 io_len = (sd->ocr & (1 << 30)) ? 512 : sd->blk_len;
1564 switch (sd->current_cmd) {
1565 case 6: /* CMD6: SWITCH_FUNCTION */
1566 ret = sd->data[sd->data_offset ++];
1568 if (sd->data_offset >= 64)
1569 sd->state = sd_transfer_state;
1570 break;
1572 case 9: /* CMD9: SEND_CSD */
1573 case 10: /* CMD10: SEND_CID */
1574 ret = sd->data[sd->data_offset ++];
1576 if (sd->data_offset >= 16)
1577 sd->state = sd_transfer_state;
1578 break;
1580 case 11: /* CMD11: READ_DAT_UNTIL_STOP */
1581 if (sd->data_offset == 0)
1582 BLK_READ_BLOCK(sd->data_start, io_len);
1583 ret = sd->data[sd->data_offset ++];
1585 if (sd->data_offset >= io_len) {
1586 sd->data_start += io_len;
1587 sd->data_offset = 0;
1588 if (sd->data_start + io_len > sd->size) {
1589 sd->card_status |= ADDRESS_ERROR;
1590 break;
1593 break;
1595 case 13: /* ACMD13: SD_STATUS */
1596 ret = sd->sd_status[sd->data_offset ++];
1598 if (sd->data_offset >= sizeof(sd->sd_status))
1599 sd->state = sd_transfer_state;
1600 break;
1602 case 17: /* CMD17: READ_SINGLE_BLOCK */
1603 if (sd->data_offset == 0)
1604 BLK_READ_BLOCK(sd->data_start, io_len);
1605 ret = sd->data[sd->data_offset ++];
1607 if (sd->data_offset >= io_len)
1608 sd->state = sd_transfer_state;
1609 break;
1611 case 18: /* CMD18: READ_MULTIPLE_BLOCK */
1612 if (sd->data_offset == 0)
1613 BLK_READ_BLOCK(sd->data_start, io_len);
1614 ret = sd->data[sd->data_offset ++];
1616 if (sd->data_offset >= io_len) {
1617 sd->data_start += io_len;
1618 sd->data_offset = 0;
1619 if (sd->data_start + io_len > sd->size) {
1620 sd->card_status |= ADDRESS_ERROR;
1621 break;
1624 break;
1626 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
1627 ret = sd->data[sd->data_offset ++];
1629 if (sd->data_offset >= 4)
1630 sd->state = sd_transfer_state;
1631 break;
1633 case 30: /* CMD30: SEND_WRITE_PROT */
1634 ret = sd->data[sd->data_offset ++];
1636 if (sd->data_offset >= 4)
1637 sd->state = sd_transfer_state;
1638 break;
1640 case 51: /* ACMD51: SEND_SCR */
1641 ret = sd->scr[sd->data_offset ++];
1643 if (sd->data_offset >= sizeof(sd->scr))
1644 sd->state = sd_transfer_state;
1645 break;
1647 case 56: /* CMD56: GEN_CMD */
1648 if (sd->data_offset == 0)
1649 APP_READ_BLOCK(sd->data_start, sd->blk_len);
1650 ret = sd->data[sd->data_offset ++];
1652 if (sd->data_offset >= sd->blk_len)
1653 sd->state = sd_transfer_state;
1654 break;
1656 default:
1657 fprintf(stderr, "sd_read_data: unknown command\n");
1658 return 0x00;
1661 return ret;
1664 int sd_data_ready(SDState *sd)
1666 return sd->state == sd_sendingdata_state;
1669 void sd_enable(SDState *sd, int enable)
1671 sd->enable = enable;