search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
hw/misc/edu: Convert to realize()
[qemu.git] / hw / sd / sd.c
blob1a9935cf916fc8d7febfd95c68e2587cb792cdd0
1 /*
2 * SD Memory Card emulation as defined in the "SD Memory Card Physical
3 * layer specification, Version 1.10."
4 *
5 * Copyright (c) 2006 Andrzej Zaborowski <balrog@zabor.org>
6 * Copyright (c) 2007 CodeSourcery
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in
16 * the documentation and/or other materials provided with the
17 * distribution.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS''
20 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
21 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
22 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR
23 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
24 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
25 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
26 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
27 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
28 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
29 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
30 */
31
32 #include "hw/hw.h"
33 #include "sysemu/block-backend.h"
34 #include "hw/sd/sd.h"
35 #include "qemu/bitmap.h"
36
37 //#define DEBUG_SD 1
38
39 #ifdef DEBUG_SD
40 #define DPRINTF(fmt, ...) \
41 do { fprintf(stderr, "SD: " fmt , ## __VA_ARGS__); } while (0)
42 #else
43 #define DPRINTF(fmt, ...) do {} while(0)
44 #endif
45
46 #define ACMD41_ENQUIRY_MASK 0x00ffffff
47
48 typedef enum {
49 sd_r0 = 0, /* no response */
50 sd_r1, /* normal response command */
51 sd_r2_i, /* CID register */
52 sd_r2_s, /* CSD register */
53 sd_r3, /* OCR register */
54 sd_r6 = 6, /* Published RCA response */
55 sd_r7, /* Operating voltage */
56 sd_r1b = -1,
57 sd_illegal = -2,
58 } sd_rsp_type_t;
59
60 enum SDCardModes {
61 sd_inactive,
62 sd_card_identification_mode,
63 sd_data_transfer_mode,
64 };
65
66 enum SDCardStates {
67 sd_inactive_state = -1,
68 sd_idle_state = 0,
69 sd_ready_state,
70 sd_identification_state,
71 sd_standby_state,
72 sd_transfer_state,
73 sd_sendingdata_state,
74 sd_receivingdata_state,
75 sd_programming_state,
76 sd_disconnect_state,
77 };
78
79 struct SDState {
80 uint32_t mode; /* current card mode, one of SDCardModes */
81 int32_t state; /* current card state, one of SDCardStates */
82 uint32_t ocr;
83 uint8_t scr[8];
84 uint8_t cid[16];
85 uint8_t csd[16];
86 uint16_t rca;
87 uint32_t card_status;
88 uint8_t sd_status[64];
89 uint32_t vhs;
90 bool wp_switch;
91 unsigned long *wp_groups;
92 int32_t wpgrps_size;
93 uint64_t size;
94 uint32_t blk_len;
95 uint32_t erase_start;
96 uint32_t erase_end;
97 uint8_t pwd[16];
98 uint32_t pwd_len;
99 uint8_t function_group[6];
100
101 bool spi;
102 uint8_t current_cmd;
103 /* True if we will handle the next command as an ACMD. Note that this does
104 * *not* track the APP_CMD status bit!
105 */
106 bool expecting_acmd;
107 uint32_t blk_written;
108 uint64_t data_start;
109 uint32_t data_offset;
110 uint8_t data[512];
111 qemu_irq readonly_cb;
112 qemu_irq inserted_cb;
113 BlockBackend *blk;
114 uint8_t *buf;
115
116 bool enable;
117 };
118
119 static void sd_set_mode(SDState *sd)
120 {
121 switch (sd->state) {
122 case sd_inactive_state:
123 sd->mode = sd_inactive;
124 break;
125
126 case sd_idle_state:
127 case sd_ready_state:
128 case sd_identification_state:
129 sd->mode = sd_card_identification_mode;
130 break;
131
132 case sd_standby_state:
133 case sd_transfer_state:
134 case sd_sendingdata_state:
135 case sd_receivingdata_state:
136 case sd_programming_state:
137 case sd_disconnect_state:
138 sd->mode = sd_data_transfer_mode;
139 break;
140 }
141 }
142
143 static const sd_cmd_type_t sd_cmd_type[64] = {
144 sd_bc, sd_none, sd_bcr, sd_bcr, sd_none, sd_none, sd_none, sd_ac,
145 sd_bcr, sd_ac, sd_ac, sd_adtc, sd_ac, sd_ac, sd_none, sd_ac,
146 sd_ac, sd_adtc, sd_adtc, sd_none, sd_none, sd_none, sd_none, sd_none,
147 sd_adtc, sd_adtc, sd_adtc, sd_adtc, sd_ac, sd_ac, sd_adtc, sd_none,
148 sd_ac, sd_ac, sd_none, sd_none, sd_none, sd_none, sd_ac, sd_none,
149 sd_none, sd_none, sd_bc, sd_none, sd_none, sd_none, sd_none, sd_none,
150 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_ac,
151 sd_adtc, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
152 };
153
154 static const int sd_cmd_class[64] = {
155 0, 0, 0, 0, 0, 9, 10, 0, 0, 0, 0, 1, 0, 0, 0, 0,
156 2, 2, 2, 2, 3, 3, 3, 3, 4, 4, 4, 4, 6, 6, 6, 6,
157 5, 5, 10, 10, 10, 10, 5, 9, 9, 9, 7, 7, 7, 7, 7, 7,
158 7, 7, 10, 7, 9, 9, 9, 8, 8, 10, 8, 8, 8, 8, 8, 8,
159 };
160
161 static uint8_t sd_crc7(void *message, size_t width)
162 {
163 int i, bit;
164 uint8_t shift_reg = 0x00;
165 uint8_t *msg = (uint8_t *) message;
166
167 for (i = 0; i < width; i ++, msg ++)
168 for (bit = 7; bit >= 0; bit --) {
169 shift_reg <<= 1;
170 if ((shift_reg >> 7) ^ ((*msg >> bit) & 1))
171 shift_reg ^= 0x89;
172 }
173
174 return shift_reg;
175 }
176
177 static uint16_t sd_crc16(void *message, size_t width)
178 {
179 int i, bit;
180 uint16_t shift_reg = 0x0000;
181 uint16_t *msg = (uint16_t *) message;
182 width <<= 1;
183
184 for (i = 0; i < width; i ++, msg ++)
185 for (bit = 15; bit >= 0; bit --) {
186 shift_reg <<= 1;
187 if ((shift_reg >> 15) ^ ((*msg >> bit) & 1))
188 shift_reg ^= 0x1011;
189 }
190
191 return shift_reg;
192 }
193
194 static void sd_set_ocr(SDState *sd)
195 {
196 /* All voltages OK, card power-up OK, Standard Capacity SD Memory Card */
197 sd->ocr = 0x80ffff00;
198 }
199
200 static void sd_set_scr(SDState *sd)
201 {
202 sd->scr[0] = 0x00; /* SCR Structure */
203 sd->scr[1] = 0x2f; /* SD Security Support */
204 sd->scr[2] = 0x00;
205 sd->scr[3] = 0x00;
206 sd->scr[4] = 0x00;
207 sd->scr[5] = 0x00;
208 sd->scr[6] = 0x00;
209 sd->scr[7] = 0x00;
210 }
211
212 #define MID 0xaa
213 #define OID "XY"
214 #define PNM "QEMU!"
215 #define PRV 0x01
216 #define MDT_YR 2006
217 #define MDT_MON 2
218
219 static void sd_set_cid(SDState *sd)
220 {
221 sd->cid[0] = MID; /* Fake card manufacturer ID (MID) */
222 sd->cid[1] = OID[0]; /* OEM/Application ID (OID) */
223 sd->cid[2] = OID[1];
224 sd->cid[3] = PNM[0]; /* Fake product name (PNM) */
225 sd->cid[4] = PNM[1];
226 sd->cid[5] = PNM[2];
227 sd->cid[6] = PNM[3];
228 sd->cid[7] = PNM[4];
229 sd->cid[8] = PRV; /* Fake product revision (PRV) */
230 sd->cid[9] = 0xde; /* Fake serial number (PSN) */
231 sd->cid[10] = 0xad;
232 sd->cid[11] = 0xbe;
233 sd->cid[12] = 0xef;
234 sd->cid[13] = 0x00 | /* Manufacture date (MDT) */
235 ((MDT_YR - 2000) / 10);
236 sd->cid[14] = ((MDT_YR % 10) << 4) | MDT_MON;
237 sd->cid[15] = (sd_crc7(sd->cid, 15) << 1) | 1;
238 }
239
240 #define HWBLOCK_SHIFT 9 /* 512 bytes */
241 #define SECTOR_SHIFT 5 /* 16 kilobytes */
242 #define WPGROUP_SHIFT 7 /* 2 megs */
243 #define CMULT_SHIFT 9 /* 512 times HWBLOCK_SIZE */
244 #define WPGROUP_SIZE (1 << (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT))
245
246 static const uint8_t sd_csd_rw_mask[16] = {
247 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
248 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xfc, 0xfe,
249 };
250
251 static void sd_set_csd(SDState *sd, uint64_t size)
252 {
253 uint32_t csize = (size >> (CMULT_SHIFT + HWBLOCK_SHIFT)) - 1;
254 uint32_t sectsize = (1 << (SECTOR_SHIFT + 1)) - 1;
255 uint32_t wpsize = (1 << (WPGROUP_SHIFT + 1)) - 1;
256
257 if (size <= 0x40000000) { /* Standard Capacity SD */
258 sd->csd[0] = 0x00; /* CSD structure */
259 sd->csd[1] = 0x26; /* Data read access-time-1 */
260 sd->csd[2] = 0x00; /* Data read access-time-2 */
261 sd->csd[3] = 0x5a; /* Max. data transfer rate */
262 sd->csd[4] = 0x5f; /* Card Command Classes */
263 sd->csd[5] = 0x50 | /* Max. read data block length */
264 HWBLOCK_SHIFT;
265 sd->csd[6] = 0xe0 | /* Partial block for read allowed */
266 ((csize >> 10) & 0x03);
267 sd->csd[7] = 0x00 | /* Device size */
268 ((csize >> 2) & 0xff);
269 sd->csd[8] = 0x3f | /* Max. read current */
270 ((csize << 6) & 0xc0);
271 sd->csd[9] = 0xfc | /* Max. write current */
272 ((CMULT_SHIFT - 2) >> 1);
273 sd->csd[10] = 0x40 | /* Erase sector size */
274 (((CMULT_SHIFT - 2) << 7) & 0x80) | (sectsize >> 1);
275 sd->csd[11] = 0x00 | /* Write protect group size */
276 ((sectsize << 7) & 0x80) | wpsize;
277 sd->csd[12] = 0x90 | /* Write speed factor */
278 (HWBLOCK_SHIFT >> 2);
279 sd->csd[13] = 0x20 | /* Max. write data block length */
280 ((HWBLOCK_SHIFT << 6) & 0xc0);
281 sd->csd[14] = 0x00; /* File format group */
282 sd->csd[15] = (sd_crc7(sd->csd, 15) << 1) | 1;
283 } else { /* SDHC */
284 size /= 512 * 1024;
285 size -= 1;
286 sd->csd[0] = 0x40;
287 sd->csd[1] = 0x0e;
288 sd->csd[2] = 0x00;
289 sd->csd[3] = 0x32;
290 sd->csd[4] = 0x5b;
291 sd->csd[5] = 0x59;
292 sd->csd[6] = 0x00;
293 sd->csd[7] = (size >> 16) & 0xff;
294 sd->csd[8] = (size >> 8) & 0xff;
295 sd->csd[9] = (size & 0xff);
296 sd->csd[10] = 0x7f;
297 sd->csd[11] = 0x80;
298 sd->csd[12] = 0x0a;
299 sd->csd[13] = 0x40;
300 sd->csd[14] = 0x00;
301 sd->csd[15] = 0x00;
302 sd->ocr |= 1 << 30; /* High Capacity SD Memory Card */
303 }
304 }
305
306 static void sd_set_rca(SDState *sd)
307 {
308 sd->rca += 0x4567;
309 }
310
311 /* Card status bits, split by clear condition:
312 * A : According to the card current state
313 * B : Always related to the previous command
314 * C : Cleared by read
315 */
316 #define CARD_STATUS_A 0x02004100
317 #define CARD_STATUS_B 0x00c01e00
318 #define CARD_STATUS_C 0xfd39a028
319
320 static void sd_set_cardstatus(SDState *sd)
321 {
322 sd->card_status = 0x00000100;
323 }
324
325 static void sd_set_sdstatus(SDState *sd)
326 {
327 memset(sd->sd_status, 0, 64);
328 }
329
330 static int sd_req_crc_validate(SDRequest *req)
331 {
332 uint8_t buffer[5];
333 buffer[0] = 0x40 | req->cmd;
334 buffer[1] = (req->arg >> 24) & 0xff;
335 buffer[2] = (req->arg >> 16) & 0xff;
336 buffer[3] = (req->arg >> 8) & 0xff;
337 buffer[4] = (req->arg >> 0) & 0xff;
338 return 0;
339 return sd_crc7(buffer, 5) != req->crc; /* TODO */
340 }
341
342 static void sd_response_r1_make(SDState *sd, uint8_t *response)
343 {
344 uint32_t status = sd->card_status;
345 /* Clear the "clear on read" status bits */
346 sd->card_status &= ~CARD_STATUS_C;
347
348 response[0] = (status >> 24) & 0xff;
349 response[1] = (status >> 16) & 0xff;
350 response[2] = (status >> 8) & 0xff;
351 response[3] = (status >> 0) & 0xff;
352 }
353
354 static void sd_response_r3_make(SDState *sd, uint8_t *response)
355 {
356 response[0] = (sd->ocr >> 24) & 0xff;
357 response[1] = (sd->ocr >> 16) & 0xff;
358 response[2] = (sd->ocr >> 8) & 0xff;
359 response[3] = (sd->ocr >> 0) & 0xff;
360 }
361
362 static void sd_response_r6_make(SDState *sd, uint8_t *response)
363 {
364 uint16_t arg;
365 uint16_t status;
366
367 arg = sd->rca;
368 status = ((sd->card_status >> 8) & 0xc000) |
369 ((sd->card_status >> 6) & 0x2000) |
370 (sd->card_status & 0x1fff);
371 sd->card_status &= ~(CARD_STATUS_C & 0xc81fff);
372
373 response[0] = (arg >> 8) & 0xff;
374 response[1] = arg & 0xff;
375 response[2] = (status >> 8) & 0xff;
376 response[3] = status & 0xff;
377 }
378
379 static void sd_response_r7_make(SDState *sd, uint8_t *response)
380 {
381 response[0] = (sd->vhs >> 24) & 0xff;
382 response[1] = (sd->vhs >> 16) & 0xff;
383 response[2] = (sd->vhs >> 8) & 0xff;
384 response[3] = (sd->vhs >> 0) & 0xff;
385 }
386
387 static inline uint64_t sd_addr_to_wpnum(uint64_t addr)
388 {
389 return addr >> (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT);
390 }
391
392 static void sd_reset(SDState *sd)
393 {
394 uint64_t size;
395 uint64_t sect;
396
397 if (sd->blk) {
398 blk_get_geometry(sd->blk, &sect);
399 } else {
400 sect = 0;
401 }
402 size = sect << 9;
403
404 sect = sd_addr_to_wpnum(size) + 1;
405
406 sd->state = sd_idle_state;
407 sd->rca = 0x0000;
408 sd_set_ocr(sd);
409 sd_set_scr(sd);
410 sd_set_cid(sd);
411 sd_set_csd(sd, size);
412 sd_set_cardstatus(sd);
413 sd_set_sdstatus(sd);
414
415 g_free(sd->wp_groups);
416 sd->wp_switch = sd->blk ? blk_is_read_only(sd->blk) : false;
417 sd->wpgrps_size = sect;
418 sd->wp_groups = bitmap_new(sd->wpgrps_size);
419 memset(sd->function_group, 0, sizeof(sd->function_group));
420 sd->erase_start = 0;
421 sd->erase_end = 0;
422 sd->size = size;
423 sd->blk_len = 0x200;
424 sd->pwd_len = 0;
425 sd->expecting_acmd = false;
426 }
427
428 static void sd_cardchange(void *opaque, bool load)
429 {
430 SDState *sd = opaque;
431
432 qemu_set_irq(sd->inserted_cb, blk_is_inserted(sd->blk));
433 if (blk_is_inserted(sd->blk)) {
434 sd_reset(sd);
435 qemu_set_irq(sd->readonly_cb, sd->wp_switch);
436 }
437 }
438
439 static const BlockDevOps sd_block_ops = {
440 .change_media_cb = sd_cardchange,
441 };
442
443 static const VMStateDescription sd_vmstate = {
444 .name = "sd-card",
445 .version_id = 1,
446 .minimum_version_id = 1,
447 .fields = (VMStateField[]) {
448 VMSTATE_UINT32(mode, SDState),
449 VMSTATE_INT32(state, SDState),
450 VMSTATE_UINT8_ARRAY(cid, SDState, 16),
451 VMSTATE_UINT8_ARRAY(csd, SDState, 16),
452 VMSTATE_UINT16(rca, SDState),
453 VMSTATE_UINT32(card_status, SDState),
454 VMSTATE_PARTIAL_BUFFER(sd_status, SDState, 1),
455 VMSTATE_UINT32(vhs, SDState),
456 VMSTATE_BITMAP(wp_groups, SDState, 0, wpgrps_size),
457 VMSTATE_UINT32(blk_len, SDState),
458 VMSTATE_UINT32(erase_start, SDState),
459 VMSTATE_UINT32(erase_end, SDState),
460 VMSTATE_UINT8_ARRAY(pwd, SDState, 16),
461 VMSTATE_UINT32(pwd_len, SDState),
462 VMSTATE_UINT8_ARRAY(function_group, SDState, 6),
463 VMSTATE_UINT8(current_cmd, SDState),
464 VMSTATE_BOOL(expecting_acmd, SDState),
465 VMSTATE_UINT32(blk_written, SDState),
466 VMSTATE_UINT64(data_start, SDState),
467 VMSTATE_UINT32(data_offset, SDState),
468 VMSTATE_UINT8_ARRAY(data, SDState, 512),
469 VMSTATE_BUFFER_POINTER_UNSAFE(buf, SDState, 1, 512),
470 VMSTATE_BOOL(enable, SDState),
471 VMSTATE_END_OF_LIST()
472 }
473 };
474
475 /* We do not model the chip select pin, so allow the board to select
476 whether card should be in SSI or MMC/SD mode. It is also up to the
477 board to ensure that ssi transfers only occur when the chip select
478 is asserted. */
479 SDState *sd_init(BlockBackend *blk, bool is_spi)
480 {
481 SDState *sd;
482
483 if (blk && blk_is_read_only(blk)) {
484 fprintf(stderr, "sd_init: Cannot use read-only drive\n");
485 return NULL;
486 }
487
488 sd = (SDState *) g_malloc0(sizeof(SDState));
489 sd->buf = blk_blockalign(blk, 512);
490 sd->spi = is_spi;
491 sd->enable = true;
492 sd->blk = blk;
493 sd_reset(sd);
494 if (sd->blk) {
495 /* Attach dev if not already attached. (This call ignores an
496 * error return code if sd->blk is already attached.) */
497 /* FIXME ignoring blk_attach_dev() failure is dangerously brittle */
498 blk_attach_dev(sd->blk, sd);
499 blk_set_dev_ops(sd->blk, &sd_block_ops, sd);
500 }
501 vmstate_register(NULL, -1, &sd_vmstate, sd);
502 return sd;
503 }
504
505 void sd_set_cb(SDState *sd, qemu_irq readonly, qemu_irq insert)
506 {
507 sd->readonly_cb = readonly;
508 sd->inserted_cb = insert;
509 qemu_set_irq(readonly, sd->blk ? blk_is_read_only(sd->blk) : 0);
510 qemu_set_irq(insert, sd->blk ? blk_is_inserted(sd->blk) : 0);
511 }
512
513 static void sd_erase(SDState *sd)
514 {
515 int i;
516 uint64_t erase_start = sd->erase_start;
517 uint64_t erase_end = sd->erase_end;
518
519 if (!sd->erase_start || !sd->erase_end) {
520 sd->card_status |= ERASE_SEQ_ERROR;
521 return;
522 }
523
524 if (extract32(sd->ocr, OCR_CCS_BITN, 1)) {
525 /* High capacity memory card: erase units are 512 byte blocks */
526 erase_start *= 512;
527 erase_end *= 512;
528 }
529
530 erase_start = sd_addr_to_wpnum(erase_start);
531 erase_end = sd_addr_to_wpnum(erase_end);
532 sd->erase_start = 0;
533 sd->erase_end = 0;
534 sd->csd[14] |= 0x40;
535
536 for (i = erase_start; i <= erase_end; i++) {
537 if (test_bit(i, sd->wp_groups)) {
538 sd->card_status |= WP_ERASE_SKIP;
539 }
540 }
541 }
542
543 static uint32_t sd_wpbits(SDState *sd, uint64_t addr)
544 {
545 uint32_t i, wpnum;
546 uint32_t ret = 0;
547
548 wpnum = sd_addr_to_wpnum(addr);
549
550 for (i = 0; i < 32; i++, wpnum++, addr += WPGROUP_SIZE) {
551 if (addr < sd->size && test_bit(wpnum, sd->wp_groups)) {
552 ret |= (1 << i);
553 }
554 }
555
556 return ret;
557 }
558
559 static void sd_function_switch(SDState *sd, uint32_t arg)
560 {
561 int i, mode, new_func, crc;
562 mode = !!(arg & 0x80000000);
563
564 sd->data[0] = 0x00; /* Maximum current consumption */
565 sd->data[1] = 0x01;
566 sd->data[2] = 0x80; /* Supported group 6 functions */
567 sd->data[3] = 0x01;
568 sd->data[4] = 0x80; /* Supported group 5 functions */
569 sd->data[5] = 0x01;
570 sd->data[6] = 0x80; /* Supported group 4 functions */
571 sd->data[7] = 0x01;
572 sd->data[8] = 0x80; /* Supported group 3 functions */
573 sd->data[9] = 0x01;
574 sd->data[10] = 0x80; /* Supported group 2 functions */
575 sd->data[11] = 0x43;
576 sd->data[12] = 0x80; /* Supported group 1 functions */
577 sd->data[13] = 0x03;
578 for (i = 0; i < 6; i ++) {
579 new_func = (arg >> (i * 4)) & 0x0f;
580 if (mode && new_func != 0x0f)
581 sd->function_group[i] = new_func;
582 sd->data[14 + (i >> 1)] = new_func << ((i * 4) & 4);
583 }
584 memset(&sd->data[17], 0, 47);
585 crc = sd_crc16(sd->data, 64);
586 sd->data[65] = crc >> 8;
587 sd->data[66] = crc & 0xff;
588 }
589
590 static inline bool sd_wp_addr(SDState *sd, uint64_t addr)
591 {
592 return test_bit(sd_addr_to_wpnum(addr), sd->wp_groups);
593 }
594
595 static void sd_lock_command(SDState *sd)
596 {
597 int erase, lock, clr_pwd, set_pwd, pwd_len;
598 erase = !!(sd->data[0] & 0x08);
599 lock = sd->data[0] & 0x04;
600 clr_pwd = sd->data[0] & 0x02;
601 set_pwd = sd->data[0] & 0x01;
602
603 if (sd->blk_len > 1)
604 pwd_len = sd->data[1];
605 else
606 pwd_len = 0;
607
608 if (erase) {
609 if (!(sd->card_status & CARD_IS_LOCKED) || sd->blk_len > 1 ||
610 set_pwd || clr_pwd || lock || sd->wp_switch ||
611 (sd->csd[14] & 0x20)) {
612 sd->card_status |= LOCK_UNLOCK_FAILED;
613 return;
614 }
615 bitmap_zero(sd->wp_groups, sd->wpgrps_size);
616 sd->csd[14] &= ~0x10;
617 sd->card_status &= ~CARD_IS_LOCKED;
618 sd->pwd_len = 0;
619 /* Erasing the entire card here! */
620 fprintf(stderr, "SD: Card force-erased by CMD42\n");
621 return;
622 }
623
624 if (sd->blk_len < 2 + pwd_len ||
625 pwd_len <= sd->pwd_len ||
626 pwd_len > sd->pwd_len + 16) {
627 sd->card_status |= LOCK_UNLOCK_FAILED;
628 return;
629 }
630
631 if (sd->pwd_len && memcmp(sd->pwd, sd->data + 2, sd->pwd_len)) {
632 sd->card_status |= LOCK_UNLOCK_FAILED;
633 return;
634 }
635
636 pwd_len -= sd->pwd_len;
637 if ((pwd_len && !set_pwd) ||
638 (clr_pwd && (set_pwd || lock)) ||
639 (lock && !sd->pwd_len && !set_pwd) ||
640 (!set_pwd && !clr_pwd &&
641 (((sd->card_status & CARD_IS_LOCKED) && lock) ||
642 (!(sd->card_status & CARD_IS_LOCKED) && !lock)))) {
643 sd->card_status |= LOCK_UNLOCK_FAILED;
644 return;
645 }
646
647 if (set_pwd) {
648 memcpy(sd->pwd, sd->data + 2 + sd->pwd_len, pwd_len);
649 sd->pwd_len = pwd_len;
650 }
651
652 if (clr_pwd) {
653 sd->pwd_len = 0;
654 }
655
656 if (lock)
657 sd->card_status |= CARD_IS_LOCKED;
658 else
659 sd->card_status &= ~CARD_IS_LOCKED;
660 }
661
662 static sd_rsp_type_t sd_normal_command(SDState *sd,
663 SDRequest req)
664 {
665 uint32_t rca = 0x0000;
666 uint64_t addr = (sd->ocr & (1 << 30)) ? (uint64_t) req.arg << 9 : req.arg;
667
668 /* Not interpreting this as an app command */
669 sd->card_status &= ~APP_CMD;
670
671 if (sd_cmd_type[req.cmd] == sd_ac || sd_cmd_type[req.cmd] == sd_adtc)
672 rca = req.arg >> 16;
673
674 DPRINTF("CMD%d 0x%08x state %d\n", req.cmd, req.arg, sd->state);
675 switch (req.cmd) {
676 /* Basic commands (Class 0 and Class 1) */
677 case 0: /* CMD0: GO_IDLE_STATE */
678 switch (sd->state) {
679 case sd_inactive_state:
680 return sd->spi ? sd_r1 : sd_r0;
681
682 default:
683 sd->state = sd_idle_state;
684 sd_reset(sd);
685 return sd->spi ? sd_r1 : sd_r0;
686 }
687 break;
688
689 case 1: /* CMD1: SEND_OP_CMD */
690 if (!sd->spi)
691 goto bad_cmd;
692
693 sd->state = sd_transfer_state;
694 return sd_r1;
695
696 case 2: /* CMD2: ALL_SEND_CID */
697 if (sd->spi)
698 goto bad_cmd;
699 switch (sd->state) {
700 case sd_ready_state:
701 sd->state = sd_identification_state;
702 return sd_r2_i;
703
704 default:
705 break;
706 }
707 break;
708
709 case 3: /* CMD3: SEND_RELATIVE_ADDR */
710 if (sd->spi)
711 goto bad_cmd;
712 switch (sd->state) {
713 case sd_identification_state:
714 case sd_standby_state:
715 sd->state = sd_standby_state;
716 sd_set_rca(sd);
717 return sd_r6;
718
719 default:
720 break;
721 }
722 break;
723
724 case 4: /* CMD4: SEND_DSR */
725 if (sd->spi)
726 goto bad_cmd;
727 switch (sd->state) {
728 case sd_standby_state:
729 break;
730
731 default:
732 break;
733 }
734 break;
735
736 case 5: /* CMD5: reserved for SDIO cards */
737 return sd_illegal;
738
739 case 6: /* CMD6: SWITCH_FUNCTION */
740 if (sd->spi)
741 goto bad_cmd;
742 switch (sd->mode) {
743 case sd_data_transfer_mode:
744 sd_function_switch(sd, req.arg);
745 sd->state = sd_sendingdata_state;
746 sd->data_start = 0;
747 sd->data_offset = 0;
748 return sd_r1;
749
750 default:
751 break;
752 }
753 break;
754
755 case 7: /* CMD7: SELECT/DESELECT_CARD */
756 if (sd->spi)
757 goto bad_cmd;
758 switch (sd->state) {
759 case sd_standby_state:
760 if (sd->rca != rca)
761 return sd_r0;
762
763 sd->state = sd_transfer_state;
764 return sd_r1b;
765
766 case sd_transfer_state:
767 case sd_sendingdata_state:
768 if (sd->rca == rca)
769 break;
770
771 sd->state = sd_standby_state;
772 return sd_r1b;
773
774 case sd_disconnect_state:
775 if (sd->rca != rca)
776 return sd_r0;
777
778 sd->state = sd_programming_state;
779 return sd_r1b;
780
781 case sd_programming_state:
782 if (sd->rca == rca)
783 break;
784
785 sd->state = sd_disconnect_state;
786 return sd_r1b;
787
788 default:
789 break;
790 }
791 break;
792
793 case 8: /* CMD8: SEND_IF_COND */
794 /* Physical Layer Specification Version 2.00 command */
795 switch (sd->state) {
796 case sd_idle_state:
797 sd->vhs = 0;
798
799 /* No response if not exactly one VHS bit is set. */
800 if (!(req.arg >> 8) || (req.arg >> (ctz32(req.arg & ~0xff) + 1))) {
801 return sd->spi ? sd_r7 : sd_r0;
802 }
803
804 /* Accept. */
805 sd->vhs = req.arg;
806 return sd_r7;
807
808 default:
809 break;
810 }
811 break;
812
813 case 9: /* CMD9: SEND_CSD */
814 switch (sd->state) {
815 case sd_standby_state:
816 if (sd->rca != rca)
817 return sd_r0;
818
819 return sd_r2_s;
820
821 case sd_transfer_state:
822 if (!sd->spi)
823 break;
824 sd->state = sd_sendingdata_state;
825 memcpy(sd->data, sd->csd, 16);
826 sd->data_start = addr;
827 sd->data_offset = 0;
828 return sd_r1;
829
830 default:
831 break;
832 }
833 break;
834
835 case 10: /* CMD10: SEND_CID */
836 switch (sd->state) {
837 case sd_standby_state:
838 if (sd->rca != rca)
839 return sd_r0;
840
841 return sd_r2_i;
842
843 case sd_transfer_state:
844 if (!sd->spi)
845 break;
846 sd->state = sd_sendingdata_state;
847 memcpy(sd->data, sd->cid, 16);
848 sd->data_start = addr;
849 sd->data_offset = 0;
850 return sd_r1;
851
852 default:
853 break;
854 }
855 break;
856
857 case 11: /* CMD11: READ_DAT_UNTIL_STOP */
858 if (sd->spi)
859 goto bad_cmd;
860 switch (sd->state) {
861 case sd_transfer_state:
862 sd->state = sd_sendingdata_state;
863 sd->data_start = req.arg;
864 sd->data_offset = 0;
865
866 if (sd->data_start + sd->blk_len > sd->size)
867 sd->card_status |= ADDRESS_ERROR;
868 return sd_r0;
869
870 default:
871 break;
872 }
873 break;
874
875 case 12: /* CMD12: STOP_TRANSMISSION */
876 switch (sd->state) {
877 case sd_sendingdata_state:
878 sd->state = sd_transfer_state;
879 return sd_r1b;
880
881 case sd_receivingdata_state:
882 sd->state = sd_programming_state;
883 /* Bzzzzzzztt .... Operation complete. */
884 sd->state = sd_transfer_state;
885 return sd_r1b;
886
887 default:
888 break;
889 }
890 break;
891
892 case 13: /* CMD13: SEND_STATUS */
893 switch (sd->mode) {
894 case sd_data_transfer_mode:
895 if (sd->rca != rca)
896 return sd_r0;
897
898 return sd_r1;
899
900 default:
901 break;
902 }
903 break;
904
905 case 15: /* CMD15: GO_INACTIVE_STATE */
906 if (sd->spi)
907 goto bad_cmd;
908 switch (sd->mode) {
909 case sd_data_transfer_mode:
910 if (sd->rca != rca)
911 return sd_r0;
912
913 sd->state = sd_inactive_state;
914 return sd_r0;
915
916 default:
917 break;
918 }
919 break;
920
921 /* Block read commands (Classs 2) */
922 case 16: /* CMD16: SET_BLOCKLEN */
923 switch (sd->state) {
924 case sd_transfer_state:
925 if (req.arg > (1 << HWBLOCK_SHIFT))
926 sd->card_status |= BLOCK_LEN_ERROR;
927 else
928 sd->blk_len = req.arg;
929
930 return sd_r1;
931
932 default:
933 break;
934 }
935 break;
936
937 case 17: /* CMD17: READ_SINGLE_BLOCK */
938 switch (sd->state) {
939 case sd_transfer_state:
940 sd->state = sd_sendingdata_state;
941 sd->data_start = addr;
942 sd->data_offset = 0;
943
944 if (sd->data_start + sd->blk_len > sd->size)
945 sd->card_status |= ADDRESS_ERROR;
946 return sd_r1;
947
948 default:
949 break;
950 }
951 break;
952
953 case 18: /* CMD18: READ_MULTIPLE_BLOCK */
954 switch (sd->state) {
955 case sd_transfer_state:
956 sd->state = sd_sendingdata_state;
957 sd->data_start = addr;
958 sd->data_offset = 0;
959
960 if (sd->data_start + sd->blk_len > sd->size)
961 sd->card_status |= ADDRESS_ERROR;
962 return sd_r1;
963
964 default:
965 break;
966 }
967 break;
968
969 /* Block write commands (Class 4) */
970 case 24: /* CMD24: WRITE_SINGLE_BLOCK */
971 if (sd->spi)
972 goto unimplemented_cmd;
973 switch (sd->state) {
974 case sd_transfer_state:
975 /* Writing in SPI mode not implemented. */
976 if (sd->spi)
977 break;
978 sd->state = sd_receivingdata_state;
979 sd->data_start = addr;
980 sd->data_offset = 0;
981 sd->blk_written = 0;
982
983 if (sd->data_start + sd->blk_len > sd->size)
984 sd->card_status |= ADDRESS_ERROR;
985 if (sd_wp_addr(sd, sd->data_start))
986 sd->card_status |= WP_VIOLATION;
987 if (sd->csd[14] & 0x30)
988 sd->card_status |= WP_VIOLATION;
989 return sd_r1;
990
991 default:
992 break;
993 }
994 break;
995
996 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
997 if (sd->spi)
998 goto unimplemented_cmd;
999 switch (sd->state) {
1000 case sd_transfer_state:
1001 /* Writing in SPI mode not implemented. */
1002 if (sd->spi)
1003 break;
1004 sd->state = sd_receivingdata_state;
1005 sd->data_start = addr;
1006 sd->data_offset = 0;
1007 sd->blk_written = 0;
1008
1009 if (sd->data_start + sd->blk_len > sd->size)
1010 sd->card_status |= ADDRESS_ERROR;
1011 if (sd_wp_addr(sd, sd->data_start))
1012 sd->card_status |= WP_VIOLATION;
1013 if (sd->csd[14] & 0x30)
1014 sd->card_status |= WP_VIOLATION;
1015 return sd_r1;
1016
1017 default:
1018 break;
1019 }
1020 break;
1021
1022 case 26: /* CMD26: PROGRAM_CID */
1023 if (sd->spi)
1024 goto bad_cmd;
1025 switch (sd->state) {
1026 case sd_transfer_state:
1027 sd->state = sd_receivingdata_state;
1028 sd->data_start = 0;
1029 sd->data_offset = 0;
1030 return sd_r1;
1031
1032 default:
1033 break;
1034 }
1035 break;
1036
1037 case 27: /* CMD27: PROGRAM_CSD */
1038 if (sd->spi)
1039 goto unimplemented_cmd;
1040 switch (sd->state) {
1041 case sd_transfer_state:
1042 sd->state = sd_receivingdata_state;
1043 sd->data_start = 0;
1044 sd->data_offset = 0;
1045 return sd_r1;
1046
1047 default:
1048 break;
1049 }
1050 break;
1051
1052 /* Write protection (Class 6) */
1053 case 28: /* CMD28: SET_WRITE_PROT */
1054 switch (sd->state) {
1055 case sd_transfer_state:
1056 if (addr >= sd->size) {
1057 sd->card_status |= ADDRESS_ERROR;
1058 return sd_r1b;
1059 }
1060
1061 sd->state = sd_programming_state;
1062 set_bit(sd_addr_to_wpnum(addr), sd->wp_groups);
1063 /* Bzzzzzzztt .... Operation complete. */
1064 sd->state = sd_transfer_state;
1065 return sd_r1b;
1066
1067 default:
1068 break;
1069 }
1070 break;
1071
1072 case 29: /* CMD29: CLR_WRITE_PROT */
1073 switch (sd->state) {
1074 case sd_transfer_state:
1075 if (addr >= sd->size) {
1076 sd->card_status |= ADDRESS_ERROR;
1077 return sd_r1b;
1078 }
1079
1080 sd->state = sd_programming_state;
1081 clear_bit(sd_addr_to_wpnum(addr), sd->wp_groups);
1082 /* Bzzzzzzztt .... Operation complete. */
1083 sd->state = sd_transfer_state;
1084 return sd_r1b;
1085
1086 default:
1087 break;
1088 }
1089 break;
1090
1091 case 30: /* CMD30: SEND_WRITE_PROT */
1092 switch (sd->state) {
1093 case sd_transfer_state:
1094 sd->state = sd_sendingdata_state;
1095 *(uint32_t *) sd->data = sd_wpbits(sd, req.arg);
1096 sd->data_start = addr;
1097 sd->data_offset = 0;
1098 return sd_r1b;
1099
1100 default:
1101 break;
1102 }
1103 break;
1104
1105 /* Erase commands (Class 5) */
1106 case 32: /* CMD32: ERASE_WR_BLK_START */
1107 switch (sd->state) {
1108 case sd_transfer_state:
1109 sd->erase_start = req.arg;
1110 return sd_r1;
1111
1112 default:
1113 break;
1114 }
1115 break;
1116
1117 case 33: /* CMD33: ERASE_WR_BLK_END */
1118 switch (sd->state) {
1119 case sd_transfer_state:
1120 sd->erase_end = req.arg;
1121 return sd_r1;
1122
1123 default:
1124 break;
1125 }
1126 break;
1127
1128 case 38: /* CMD38: ERASE */
1129 switch (sd->state) {
1130 case sd_transfer_state:
1131 if (sd->csd[14] & 0x30) {
1132 sd->card_status |= WP_VIOLATION;
1133 return sd_r1b;
1134 }
1135
1136 sd->state = sd_programming_state;
1137 sd_erase(sd);
1138 /* Bzzzzzzztt .... Operation complete. */
1139 sd->state = sd_transfer_state;
1140 return sd_r1b;
1141
1142 default:
1143 break;
1144 }
1145 break;
1146
1147 /* Lock card commands (Class 7) */
1148 case 42: /* CMD42: LOCK_UNLOCK */
1149 if (sd->spi)
1150 goto unimplemented_cmd;
1151 switch (sd->state) {
1152 case sd_transfer_state:
1153 sd->state = sd_receivingdata_state;
1154 sd->data_start = 0;
1155 sd->data_offset = 0;
1156 return sd_r1;
1157
1158 default:
1159 break;
1160 }
1161 break;
1162
1163 case 52:
1164 case 53:
1165 /* CMD52, CMD53: reserved for SDIO cards
1166 * (see the SDIO Simplified Specification V2.0)
1167 * Handle as illegal command but do not complain
1168 * on stderr, as some OSes may use these in their
1169 * probing for presence of an SDIO card.
1170 */
1171 return sd_illegal;
1172
1173 /* Application specific commands (Class 8) */
1174 case 55: /* CMD55: APP_CMD */
1175 if (sd->rca != rca)
1176 return sd_r0;
1177
1178 sd->expecting_acmd = true;
1179 sd->card_status |= APP_CMD;
1180 return sd_r1;
1181
1182 case 56: /* CMD56: GEN_CMD */
1183 fprintf(stderr, "SD: GEN_CMD 0x%08x\n", req.arg);
1184
1185 switch (sd->state) {
1186 case sd_transfer_state:
1187 sd->data_offset = 0;
1188 if (req.arg & 1)
1189 sd->state = sd_sendingdata_state;
1190 else
1191 sd->state = sd_receivingdata_state;
1192 return sd_r1;
1193
1194 default:
1195 break;
1196 }
1197 break;
1198
1199 default:
1200 bad_cmd:
1201 fprintf(stderr, "SD: Unknown CMD%i\n", req.cmd);
1202 return sd_illegal;
1203
1204 unimplemented_cmd:
1205 /* Commands that are recognised but not yet implemented in SPI mode. */
1206 fprintf(stderr, "SD: CMD%i not implemented in SPI mode\n", req.cmd);
1207 return sd_illegal;
1208 }
1209
1210 fprintf(stderr, "SD: CMD%i in a wrong state\n", req.cmd);
1211 return sd_illegal;
1212 }
1213
1214 static sd_rsp_type_t sd_app_command(SDState *sd,
1215 SDRequest req)
1216 {
1217 DPRINTF("ACMD%d 0x%08x\n", req.cmd, req.arg);
1218 sd->card_status |= APP_CMD;
1219 switch (req.cmd) {
1220 case 6: /* ACMD6: SET_BUS_WIDTH */
1221 switch (sd->state) {
1222 case sd_transfer_state:
1223 sd->sd_status[0] &= 0x3f;
1224 sd->sd_status[0] |= (req.arg & 0x03) << 6;
1225 return sd_r1;
1226
1227 default:
1228 break;
1229 }
1230 break;
1231
1232 case 13: /* ACMD13: SD_STATUS */
1233 switch (sd->state) {
1234 case sd_transfer_state:
1235 sd->state = sd_sendingdata_state;
1236 sd->data_start = 0;
1237 sd->data_offset = 0;
1238 return sd_r1;
1239
1240 default:
1241 break;
1242 }
1243 break;
1244
1245 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
1246 switch (sd->state) {
1247 case sd_transfer_state:
1248 *(uint32_t *) sd->data = sd->blk_written;
1249
1250 sd->state = sd_sendingdata_state;
1251 sd->data_start = 0;
1252 sd->data_offset = 0;
1253 return sd_r1;
1254
1255 default:
1256 break;
1257 }
1258 break;
1259
1260 case 23: /* ACMD23: SET_WR_BLK_ERASE_COUNT */
1261 switch (sd->state) {
1262 case sd_transfer_state:
1263 return sd_r1;
1264
1265 default:
1266 break;
1267 }
1268 break;
1269
1270 case 41: /* ACMD41: SD_APP_OP_COND */
1271 if (sd->spi) {
1272 /* SEND_OP_CMD */
1273 sd->state = sd_transfer_state;
1274 return sd_r1;
1275 }
1276 switch (sd->state) {
1277 case sd_idle_state:
1278 /* We accept any voltage. 10000 V is nothing.
1279 *
1280 * We don't model init delay so just advance straight to ready state
1281 * unless it's an enquiry ACMD41 (bits 23:0 == 0).
1282 */
1283 if (req.arg & ACMD41_ENQUIRY_MASK) {
1284 sd->state = sd_ready_state;
1285 }
1286
1287 return sd_r3;
1288
1289 default:
1290 break;
1291 }
1292 break;
1293
1294 case 42: /* ACMD42: SET_CLR_CARD_DETECT */
1295 switch (sd->state) {
1296 case sd_transfer_state:
1297 /* Bringing in the 50KOhm pull-up resistor... Done. */
1298 return sd_r1;
1299
1300 default:
1301 break;
1302 }
1303 break;
1304
1305 case 51: /* ACMD51: SEND_SCR */
1306 switch (sd->state) {
1307 case sd_transfer_state:
1308 sd->state = sd_sendingdata_state;
1309 sd->data_start = 0;
1310 sd->data_offset = 0;
1311 return sd_r1;
1312
1313 default:
1314 break;
1315 }
1316 break;
1317
1318 default:
1319 /* Fall back to standard commands. */
1320 return sd_normal_command(sd, req);
1321 }
1322
1323 fprintf(stderr, "SD: ACMD%i in a wrong state\n", req.cmd);
1324 return sd_illegal;
1325 }
1326
1327 static int cmd_valid_while_locked(SDState *sd, SDRequest *req)
1328 {
1329 /* Valid commands in locked state:
1330 * basic class (0)
1331 * lock card class (7)
1332 * CMD16
1333 * implicitly, the ACMD prefix CMD55
1334 * ACMD41 and ACMD42
1335 * Anything else provokes an "illegal command" response.
1336 */
1337 if (sd->expecting_acmd) {
1338 return req->cmd == 41 || req->cmd == 42;
1339 }
1340 if (req->cmd == 16 || req->cmd == 55) {
1341 return 1;
1342 }
1343 return sd_cmd_class[req->cmd] == 0 || sd_cmd_class[req->cmd] == 7;
1344 }
1345
1346 int sd_do_command(SDState *sd, SDRequest *req,
1347 uint8_t *response) {
1348 int last_state;
1349 sd_rsp_type_t rtype;
1350 int rsplen;
1351
1352 if (!sd->blk || !blk_is_inserted(sd->blk) || !sd->enable) {
1353 return 0;
1354 }
1355
1356 if (sd_req_crc_validate(req)) {
1357 sd->card_status |= COM_CRC_ERROR;
1358 rtype = sd_illegal;
1359 goto send_response;
1360 }
1361
1362 if (sd->card_status & CARD_IS_LOCKED) {
1363 if (!cmd_valid_while_locked(sd, req)) {
1364 sd->card_status |= ILLEGAL_COMMAND;
1365 sd->expecting_acmd = false;
1366 fprintf(stderr, "SD: Card is locked\n");
1367 rtype = sd_illegal;
1368 goto send_response;
1369 }
1370 }
1371
1372 last_state = sd->state;
1373 sd_set_mode(sd);
1374
1375 if (sd->expecting_acmd) {
1376 sd->expecting_acmd = false;
1377 rtype = sd_app_command(sd, *req);
1378 } else {
1379 rtype = sd_normal_command(sd, *req);
1380 }
1381
1382 if (rtype == sd_illegal) {
1383 sd->card_status |= ILLEGAL_COMMAND;
1384 } else {
1385 /* Valid command, we can update the 'state before command' bits.
1386 * (Do this now so they appear in r1 responses.)
1387 */
1388 sd->current_cmd = req->cmd;
1389 sd->card_status &= ~CURRENT_STATE;
1390 sd->card_status |= (last_state << 9);
1391 }
1392
1393 send_response:
1394 switch (rtype) {
1395 case sd_r1:
1396 case sd_r1b:
1397 sd_response_r1_make(sd, response);
1398 rsplen = 4;
1399 break;
1400
1401 case sd_r2_i:
1402 memcpy(response, sd->cid, sizeof(sd->cid));
1403 rsplen = 16;
1404 break;
1405
1406 case sd_r2_s:
1407 memcpy(response, sd->csd, sizeof(sd->csd));
1408 rsplen = 16;
1409 break;
1410
1411 case sd_r3:
1412 sd_response_r3_make(sd, response);
1413 rsplen = 4;
1414 break;
1415
1416 case sd_r6:
1417 sd_response_r6_make(sd, response);
1418 rsplen = 4;
1419 break;
1420
1421 case sd_r7:
1422 sd_response_r7_make(sd, response);
1423 rsplen = 4;
1424 break;
1425
1426 case sd_r0:
1427 case sd_illegal:
1428 default:
1429 rsplen = 0;
1430 break;
1431 }
1432
1433 if (rtype != sd_illegal) {
1434 /* Clear the "clear on valid command" status bits now we've
1435 * sent any response
1436 */
1437 sd->card_status &= ~CARD_STATUS_B;
1438 }
1439
1440 #ifdef DEBUG_SD
1441 if (rsplen) {
1442 int i;
1443 DPRINTF("Response:");
1444 for (i = 0; i < rsplen; i++)
1445 fprintf(stderr, " %02x", response[i]);
1446 fprintf(stderr, " state %d\n", sd->state);
1447 } else {
1448 DPRINTF("No response %d\n", sd->state);
1449 }
1450 #endif
1451
1452 return rsplen;
1453 }
1454
1455 static void sd_blk_read(SDState *sd, uint64_t addr, uint32_t len)
1456 {
1457 uint64_t end = addr + len;
1458
1459 DPRINTF("sd_blk_read: addr = 0x%08llx, len = %d\n",
1460 (unsigned long long) addr, len);
1461 if (!sd->blk || blk_read(sd->blk, addr >> 9, sd->buf, 1) < 0) {
1462 fprintf(stderr, "sd_blk_read: read error on host side\n");
1463 return;
1464 }
1465
1466 if (end > (addr & ~511) + 512) {
1467 memcpy(sd->data, sd->buf + (addr & 511), 512 - (addr & 511));
1468
1469 if (blk_read(sd->blk, end >> 9, sd->buf, 1) < 0) {
1470 fprintf(stderr, "sd_blk_read: read error on host side\n");
1471 return;
1472 }
1473 memcpy(sd->data + 512 - (addr & 511), sd->buf, end & 511);
1474 } else
1475 memcpy(sd->data, sd->buf + (addr & 511), len);
1476 }
1477
1478 static void sd_blk_write(SDState *sd, uint64_t addr, uint32_t len)
1479 {
1480 uint64_t end = addr + len;
1481
1482 if ((addr & 511) || len < 512)
1483 if (!sd->blk || blk_read(sd->blk, addr >> 9, sd->buf, 1) < 0) {
1484 fprintf(stderr, "sd_blk_write: read error on host side\n");
1485 return;
1486 }
1487
1488 if (end > (addr & ~511) + 512) {
1489 memcpy(sd->buf + (addr & 511), sd->data, 512 - (addr & 511));
1490 if (blk_write(sd->blk, addr >> 9, sd->buf, 1) < 0) {
1491 fprintf(stderr, "sd_blk_write: write error on host side\n");
1492 return;
1493 }
1494
1495 if (blk_read(sd->blk, end >> 9, sd->buf, 1) < 0) {
1496 fprintf(stderr, "sd_blk_write: read error on host side\n");
1497 return;
1498 }
1499 memcpy(sd->buf, sd->data + 512 - (addr & 511), end & 511);
1500 if (blk_write(sd->blk, end >> 9, sd->buf, 1) < 0) {
1501 fprintf(stderr, "sd_blk_write: write error on host side\n");
1502 }
1503 } else {
1504 memcpy(sd->buf + (addr & 511), sd->data, len);
1505 if (!sd->blk || blk_write(sd->blk, addr >> 9, sd->buf, 1) < 0) {
1506 fprintf(stderr, "sd_blk_write: write error on host side\n");
1507 }
1508 }
1509 }
1510
1511 #define BLK_READ_BLOCK(a, len) sd_blk_read(sd, a, len)
1512 #define BLK_WRITE_BLOCK(a, len) sd_blk_write(sd, a, len)
1513 #define APP_READ_BLOCK(a, len) memset(sd->data, 0xec, len)
1514 #define APP_WRITE_BLOCK(a, len)
1515
1516 void sd_write_data(SDState *sd, uint8_t value)
1517 {
1518 int i;
1519
1520 if (!sd->blk || !blk_is_inserted(sd->blk) || !sd->enable)
1521 return;
1522
1523 if (sd->state != sd_receivingdata_state) {
1524 fprintf(stderr, "sd_write_data: not in Receiving-Data state\n");
1525 return;
1526 }
1527
1528 if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION))
1529 return;
1530
1531 switch (sd->current_cmd) {
1532 case 24: /* CMD24: WRITE_SINGLE_BLOCK */
1533 sd->data[sd->data_offset ++] = value;
1534 if (sd->data_offset >= sd->blk_len) {
1535 /* TODO: Check CRC before committing */
1536 sd->state = sd_programming_state;
1537 BLK_WRITE_BLOCK(sd->data_start, sd->data_offset);
1538 sd->blk_written ++;
1539 sd->csd[14] |= 0x40;
1540 /* Bzzzzzzztt .... Operation complete. */
1541 sd->state = sd_transfer_state;
1542 }
1543 break;
1544
1545 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
1546 if (sd->data_offset == 0) {
1547 /* Start of the block - let's check the address is valid */
1548 if (sd->data_start + sd->blk_len > sd->size) {
1549 sd->card_status |= ADDRESS_ERROR;
1550 break;
1551 }
1552 if (sd_wp_addr(sd, sd->data_start)) {
1553 sd->card_status |= WP_VIOLATION;
1554 break;
1555 }
1556 }
1557 sd->data[sd->data_offset++] = value;
1558 if (sd->data_offset >= sd->blk_len) {
1559 /* TODO: Check CRC before committing */
1560 sd->state = sd_programming_state;
1561 BLK_WRITE_BLOCK(sd->data_start, sd->data_offset);
1562 sd->blk_written++;
1563 sd->data_start += sd->blk_len;
1564 sd->data_offset = 0;
1565 sd->csd[14] |= 0x40;
1566
1567 /* Bzzzzzzztt .... Operation complete. */
1568 sd->state = sd_receivingdata_state;
1569 }
1570 break;
1571
1572 case 26: /* CMD26: PROGRAM_CID */
1573 sd->data[sd->data_offset ++] = value;
1574 if (sd->data_offset >= sizeof(sd->cid)) {
1575 /* TODO: Check CRC before committing */
1576 sd->state = sd_programming_state;
1577 for (i = 0; i < sizeof(sd->cid); i ++)
1578 if ((sd->cid[i] | 0x00) != sd->data[i])
1579 sd->card_status |= CID_CSD_OVERWRITE;
1580
1581 if (!(sd->card_status & CID_CSD_OVERWRITE))
1582 for (i = 0; i < sizeof(sd->cid); i ++) {
1583 sd->cid[i] |= 0x00;
1584 sd->cid[i] &= sd->data[i];
1585 }
1586 /* Bzzzzzzztt .... Operation complete. */
1587 sd->state = sd_transfer_state;
1588 }
1589 break;
1590
1591 case 27: /* CMD27: PROGRAM_CSD */
1592 sd->data[sd->data_offset ++] = value;
1593 if (sd->data_offset >= sizeof(sd->csd)) {
1594 /* TODO: Check CRC before committing */
1595 sd->state = sd_programming_state;
1596 for (i = 0; i < sizeof(sd->csd); i ++)
1597 if ((sd->csd[i] | sd_csd_rw_mask[i]) !=
1598 (sd->data[i] | sd_csd_rw_mask[i]))
1599 sd->card_status |= CID_CSD_OVERWRITE;
1600
1601 /* Copy flag (OTP) & Permanent write protect */
1602 if (sd->csd[14] & ~sd->data[14] & 0x60)
1603 sd->card_status |= CID_CSD_OVERWRITE;
1604
1605 if (!(sd->card_status & CID_CSD_OVERWRITE))
1606 for (i = 0; i < sizeof(sd->csd); i ++) {
1607 sd->csd[i] |= sd_csd_rw_mask[i];
1608 sd->csd[i] &= sd->data[i];
1609 }
1610 /* Bzzzzzzztt .... Operation complete. */
1611 sd->state = sd_transfer_state;
1612 }
1613 break;
1614
1615 case 42: /* CMD42: LOCK_UNLOCK */
1616 sd->data[sd->data_offset ++] = value;
1617 if (sd->data_offset >= sd->blk_len) {
1618 /* TODO: Check CRC before committing */
1619 sd->state = sd_programming_state;
1620 sd_lock_command(sd);
1621 /* Bzzzzzzztt .... Operation complete. */
1622 sd->state = sd_transfer_state;
1623 }
1624 break;
1625
1626 case 56: /* CMD56: GEN_CMD */
1627 sd->data[sd->data_offset ++] = value;
1628 if (sd->data_offset >= sd->blk_len) {
1629 APP_WRITE_BLOCK(sd->data_start, sd->data_offset);
1630 sd->state = sd_transfer_state;
1631 }
1632 break;
1633
1634 default:
1635 fprintf(stderr, "sd_write_data: unknown command\n");
1636 break;
1637 }
1638 }
1639
1640 uint8_t sd_read_data(SDState *sd)
1641 {
1642 /* TODO: Append CRCs */
1643 uint8_t ret;
1644 int io_len;
1645
1646 if (!sd->blk || !blk_is_inserted(sd->blk) || !sd->enable)
1647 return 0x00;
1648
1649 if (sd->state != sd_sendingdata_state) {
1650 fprintf(stderr, "sd_read_data: not in Sending-Data state\n");
1651 return 0x00;
1652 }
1653
1654 if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION))
1655 return 0x00;
1656
1657 io_len = (sd->ocr & (1 << 30)) ? 512 : sd->blk_len;
1658
1659 switch (sd->current_cmd) {
1660 case 6: /* CMD6: SWITCH_FUNCTION */
1661 ret = sd->data[sd->data_offset ++];
1662
1663 if (sd->data_offset >= 64)
1664 sd->state = sd_transfer_state;
1665 break;
1666
1667 case 9: /* CMD9: SEND_CSD */
1668 case 10: /* CMD10: SEND_CID */
1669 ret = sd->data[sd->data_offset ++];
1670
1671 if (sd->data_offset >= 16)
1672 sd->state = sd_transfer_state;
1673 break;
1674
1675 case 11: /* CMD11: READ_DAT_UNTIL_STOP */
1676 if (sd->data_offset == 0)
1677 BLK_READ_BLOCK(sd->data_start, io_len);
1678 ret = sd->data[sd->data_offset ++];
1679
1680 if (sd->data_offset >= io_len) {
1681 sd->data_start += io_len;
1682 sd->data_offset = 0;
1683 if (sd->data_start + io_len > sd->size) {
1684 sd->card_status |= ADDRESS_ERROR;
1685 break;
1686 }
1687 }
1688 break;
1689
1690 case 13: /* ACMD13: SD_STATUS */
1691 ret = sd->sd_status[sd->data_offset ++];
1692
1693 if (sd->data_offset >= sizeof(sd->sd_status))
1694 sd->state = sd_transfer_state;
1695 break;
1696
1697 case 17: /* CMD17: READ_SINGLE_BLOCK */
1698 if (sd->data_offset == 0)
1699 BLK_READ_BLOCK(sd->data_start, io_len);
1700 ret = sd->data[sd->data_offset ++];
1701
1702 if (sd->data_offset >= io_len)
1703 sd->state = sd_transfer_state;
1704 break;
1705
1706 case 18: /* CMD18: READ_MULTIPLE_BLOCK */
1707 if (sd->data_offset == 0)
1708 BLK_READ_BLOCK(sd->data_start, io_len);
1709 ret = sd->data[sd->data_offset ++];
1710
1711 if (sd->data_offset >= io_len) {
1712 sd->data_start += io_len;
1713 sd->data_offset = 0;
1714 if (sd->data_start + io_len > sd->size) {
1715 sd->card_status |= ADDRESS_ERROR;
1716 break;
1717 }
1718 }
1719 break;
1720
1721 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
1722 ret = sd->data[sd->data_offset ++];
1723
1724 if (sd->data_offset >= 4)
1725 sd->state = sd_transfer_state;
1726 break;
1727
1728 case 30: /* CMD30: SEND_WRITE_PROT */
1729 ret = sd->data[sd->data_offset ++];
1730
1731 if (sd->data_offset >= 4)
1732 sd->state = sd_transfer_state;
1733 break;
1734
1735 case 51: /* ACMD51: SEND_SCR */
1736 ret = sd->scr[sd->data_offset ++];
1737
1738 if (sd->data_offset >= sizeof(sd->scr))
1739 sd->state = sd_transfer_state;
1740 break;
1741
1742 case 56: /* CMD56: GEN_CMD */
1743 if (sd->data_offset == 0)
1744 APP_READ_BLOCK(sd->data_start, sd->blk_len);
1745 ret = sd->data[sd->data_offset ++];
1746
1747 if (sd->data_offset >= sd->blk_len)
1748 sd->state = sd_transfer_state;
1749 break;
1750
1751 default:
1752 fprintf(stderr, "sd_read_data: unknown command\n");
1753 return 0x00;
1754 }
1755
1756 return ret;
1757 }
1758
1759 bool sd_data_ready(SDState *sd)
1760 {
1761 return sd->state == sd_sendingdata_state;
1762 }
1763
1764 void sd_enable(SDState *sd, bool enable)
1765 {
1766 sd->enable = enable;
1767 }
QEmu