search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
spapr: Simplify error handling in spapr_cpu_core_realize()
[qemu/ar7.git] / hw / sd / sd.c
blob00128822224d586ee5551a4156d1df32d45b8eb7
1 /*
2 * SD Memory Card emulation as defined in the "SD Memory Card Physical
3 * layer specification, Version 2.00."
4 *
5 * Copyright (c) 2006 Andrzej Zaborowski <balrog@zabor.org>
6 * Copyright (c) 2007 CodeSourcery
7 * Copyright (c) 2018 Philippe Mathieu-Daudé <f4bug@amsat.org>
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS''
21 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
22 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
23 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR
24 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
25 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
26 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
27 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
28 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
29 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
30 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
31 */
32
33 #include "qemu/osdep.h"
34 #include "qemu/units.h"
35 #include "qemu/cutils.h"
36 #include "hw/irq.h"
37 #include "hw/registerfields.h"
38 #include "sysemu/block-backend.h"
39 #include "hw/sd/sd.h"
40 #include "hw/sd/sdcard_legacy.h"
41 #include "migration/vmstate.h"
42 #include "qapi/error.h"
43 #include "qemu/bitmap.h"
44 #include "hw/qdev-properties.h"
45 #include "qemu/error-report.h"
46 #include "qemu/timer.h"
47 #include "qemu/log.h"
48 #include "qemu/module.h"
49 #include "sdmmc-internal.h"
50 #include "trace.h"
51
52 //#define DEBUG_SD 1
53
54 #define SDSC_MAX_CAPACITY (2 * GiB)
55
56 typedef enum {
57 sd_r0 = 0, /* no response */
58 sd_r1, /* normal response command */
59 sd_r2_i, /* CID register */
60 sd_r2_s, /* CSD register */
61 sd_r3, /* OCR register */
62 sd_r6 = 6, /* Published RCA response */
63 sd_r7, /* Operating voltage */
64 sd_r1b = -1,
65 sd_illegal = -2,
66 } sd_rsp_type_t;
67
68 enum SDCardModes {
69 sd_inactive,
70 sd_card_identification_mode,
71 sd_data_transfer_mode,
72 };
73
74 enum SDCardStates {
75 sd_inactive_state = -1,
76 sd_idle_state = 0,
77 sd_ready_state,
78 sd_identification_state,
79 sd_standby_state,
80 sd_transfer_state,
81 sd_sendingdata_state,
82 sd_receivingdata_state,
83 sd_programming_state,
84 sd_disconnect_state,
85 };
86
87 struct SDState {
88 DeviceState parent_obj;
89
90 /* If true, created by sd_init() for a non-qdevified caller */
91 /* TODO purge them with fire */
92 bool me_no_qdev_me_kill_mammoth_with_rocks;
93
94 /* SD Memory Card Registers */
95 uint32_t ocr;
96 uint8_t scr[8];
97 uint8_t cid[16];
98 uint8_t csd[16];
99 uint16_t rca;
100 uint32_t card_status;
101 uint8_t sd_status[64];
102
103 /* Configurable properties */
104 uint8_t spec_version;
105 BlockBackend *blk;
106 bool spi;
107
108 uint32_t mode; /* current card mode, one of SDCardModes */
109 int32_t state; /* current card state, one of SDCardStates */
110 uint32_t vhs;
111 bool wp_switch;
112 unsigned long *wp_groups;
113 int32_t wpgrps_size;
114 uint64_t size;
115 uint32_t blk_len;
116 uint32_t multi_blk_cnt;
117 uint32_t erase_start;
118 uint32_t erase_end;
119 uint8_t pwd[16];
120 uint32_t pwd_len;
121 uint8_t function_group[6];
122 uint8_t current_cmd;
123 /* True if we will handle the next command as an ACMD. Note that this does
124 * *not* track the APP_CMD status bit!
125 */
126 bool expecting_acmd;
127 uint32_t blk_written;
128 uint64_t data_start;
129 uint32_t data_offset;
130 uint8_t data[512];
131 qemu_irq readonly_cb;
132 qemu_irq inserted_cb;
133 QEMUTimer *ocr_power_timer;
134 const char *proto_name;
135 bool enable;
136 uint8_t dat_lines;
137 bool cmd_line;
138 };
139
140 static void sd_realize(DeviceState *dev, Error **errp);
141
142 static const char *sd_state_name(enum SDCardStates state)
143 {
144 static const char *state_name[] = {
145 [sd_idle_state] = "idle",
146 [sd_ready_state] = "ready",
147 [sd_identification_state] = "identification",
148 [sd_standby_state] = "standby",
149 [sd_transfer_state] = "transfer",
150 [sd_sendingdata_state] = "sendingdata",
151 [sd_receivingdata_state] = "receivingdata",
152 [sd_programming_state] = "programming",
153 [sd_disconnect_state] = "disconnect",
154 };
155 if (state == sd_inactive_state) {
156 return "inactive";
157 }
158 assert(state < ARRAY_SIZE(state_name));
159 return state_name[state];
160 }
161
162 static const char *sd_response_name(sd_rsp_type_t rsp)
163 {
164 static const char *response_name[] = {
165 [sd_r0] = "RESP#0 (no response)",
166 [sd_r1] = "RESP#1 (normal cmd)",
167 [sd_r2_i] = "RESP#2 (CID reg)",
168 [sd_r2_s] = "RESP#2 (CSD reg)",
169 [sd_r3] = "RESP#3 (OCR reg)",
170 [sd_r6] = "RESP#6 (RCA)",
171 [sd_r7] = "RESP#7 (operating voltage)",
172 };
173 if (rsp == sd_illegal) {
174 return "ILLEGAL RESP";
175 }
176 if (rsp == sd_r1b) {
177 rsp = sd_r1;
178 }
179 assert(rsp < ARRAY_SIZE(response_name));
180 return response_name[rsp];
181 }
182
183 static uint8_t sd_get_dat_lines(SDState *sd)
184 {
185 return sd->enable ? sd->dat_lines : 0;
186 }
187
188 static bool sd_get_cmd_line(SDState *sd)
189 {
190 return sd->enable ? sd->cmd_line : false;
191 }
192
193 static void sd_set_voltage(SDState *sd, uint16_t millivolts)
194 {
195 trace_sdcard_set_voltage(millivolts);
196
197 switch (millivolts) {
198 case 3001 ... 3600: /* SD_VOLTAGE_3_3V */
199 case 2001 ... 3000: /* SD_VOLTAGE_3_0V */
200 break;
201 default:
202 qemu_log_mask(LOG_GUEST_ERROR, "SD card voltage not supported: %.3fV",
203 millivolts / 1000.f);
204 }
205 }
206
207 static void sd_set_mode(SDState *sd)
208 {
209 switch (sd->state) {
210 case sd_inactive_state:
211 sd->mode = sd_inactive;
212 break;
213
214 case sd_idle_state:
215 case sd_ready_state:
216 case sd_identification_state:
217 sd->mode = sd_card_identification_mode;
218 break;
219
220 case sd_standby_state:
221 case sd_transfer_state:
222 case sd_sendingdata_state:
223 case sd_receivingdata_state:
224 case sd_programming_state:
225 case sd_disconnect_state:
226 sd->mode = sd_data_transfer_mode;
227 break;
228 }
229 }
230
231 static const sd_cmd_type_t sd_cmd_type[SDMMC_CMD_MAX] = {
232 sd_bc, sd_none, sd_bcr, sd_bcr, sd_none, sd_none, sd_none, sd_ac,
233 sd_bcr, sd_ac, sd_ac, sd_adtc, sd_ac, sd_ac, sd_none, sd_ac,
234 /* 16 */
235 sd_ac, sd_adtc, sd_adtc, sd_none, sd_none, sd_none, sd_none, sd_none,
236 sd_adtc, sd_adtc, sd_adtc, sd_adtc, sd_ac, sd_ac, sd_adtc, sd_none,
237 /* 32 */
238 sd_ac, sd_ac, sd_none, sd_none, sd_none, sd_none, sd_ac, sd_none,
239 sd_none, sd_none, sd_bc, sd_none, sd_none, sd_none, sd_none, sd_none,
240 /* 48 */
241 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_ac,
242 sd_adtc, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
243 };
244
245 static const int sd_cmd_class[SDMMC_CMD_MAX] = {
246 0, 0, 0, 0, 0, 9, 10, 0, 0, 0, 0, 1, 0, 0, 0, 0,
247 2, 2, 2, 2, 3, 3, 3, 3, 4, 4, 4, 4, 6, 6, 6, 6,
248 5, 5, 10, 10, 10, 10, 5, 9, 9, 9, 7, 7, 7, 7, 7, 7,
249 7, 7, 10, 7, 9, 9, 9, 8, 8, 10, 8, 8, 8, 8, 8, 8,
250 };
251
252 static uint8_t sd_crc7(void *message, size_t width)
253 {
254 int i, bit;
255 uint8_t shift_reg = 0x00;
256 uint8_t *msg = (uint8_t *) message;
257
258 for (i = 0; i < width; i ++, msg ++)
259 for (bit = 7; bit >= 0; bit --) {
260 shift_reg <<= 1;
261 if ((shift_reg >> 7) ^ ((*msg >> bit) & 1))
262 shift_reg ^= 0x89;
263 }
264
265 return shift_reg;
266 }
267
268 static uint16_t sd_crc16(void *message, size_t width)
269 {
270 int i, bit;
271 uint16_t shift_reg = 0x0000;
272 uint16_t *msg = (uint16_t *) message;
273 width <<= 1;
274
275 for (i = 0; i < width; i ++, msg ++)
276 for (bit = 15; bit >= 0; bit --) {
277 shift_reg <<= 1;
278 if ((shift_reg >> 15) ^ ((*msg >> bit) & 1))
279 shift_reg ^= 0x1011;
280 }
281
282 return shift_reg;
283 }
284
285 #define OCR_POWER_DELAY_NS 500000 /* 0.5ms */
286
287 FIELD(OCR, VDD_VOLTAGE_WINDOW, 0, 24)
288 FIELD(OCR, VDD_VOLTAGE_WIN_LO, 0, 8)
289 FIELD(OCR, DUAL_VOLTAGE_CARD, 7, 1)
290 FIELD(OCR, VDD_VOLTAGE_WIN_HI, 8, 16)
291 FIELD(OCR, ACCEPT_SWITCH_1V8, 24, 1) /* Only UHS-I */
292 FIELD(OCR, UHS_II_CARD, 29, 1) /* Only UHS-II */
293 FIELD(OCR, CARD_CAPACITY, 30, 1) /* 0:SDSC, 1:SDHC/SDXC */
294 FIELD(OCR, CARD_POWER_UP, 31, 1)
295
296 #define ACMD41_ENQUIRY_MASK 0x00ffffff
297 #define ACMD41_R3_MASK (R_OCR_VDD_VOLTAGE_WIN_HI_MASK \
298 | R_OCR_ACCEPT_SWITCH_1V8_MASK \
299 | R_OCR_UHS_II_CARD_MASK \
300 | R_OCR_CARD_CAPACITY_MASK \
301 | R_OCR_CARD_POWER_UP_MASK)
302
303 static void sd_set_ocr(SDState *sd)
304 {
305 /* All voltages OK */
306 sd->ocr = R_OCR_VDD_VOLTAGE_WIN_HI_MASK;
307 }
308
309 static void sd_ocr_powerup(void *opaque)
310 {
311 SDState *sd = opaque;
312
313 trace_sdcard_powerup();
314 assert(!FIELD_EX32(sd->ocr, OCR, CARD_POWER_UP));
315
316 /* card power-up OK */
317 sd->ocr = FIELD_DP32(sd->ocr, OCR, CARD_POWER_UP, 1);
318
319 if (sd->size > SDSC_MAX_CAPACITY) {
320 sd->ocr = FIELD_DP32(sd->ocr, OCR, CARD_CAPACITY, 1);
321 }
322 }
323
324 static void sd_set_scr(SDState *sd)
325 {
326 sd->scr[0] = 0 << 4; /* SCR structure version 1.0 */
327 if (sd->spec_version == SD_PHY_SPECv1_10_VERS) {
328 sd->scr[0] |= 1; /* Spec Version 1.10 */
329 } else {
330 sd->scr[0] |= 2; /* Spec Version 2.00 or Version 3.0X */
331 }
332 sd->scr[1] = (2 << 4) /* SDSC Card (Security Version 1.01) */
333 | 0b0101; /* 1-bit or 4-bit width bus modes */
334 sd->scr[2] = 0x00; /* Extended Security is not supported. */
335 if (sd->spec_version >= SD_PHY_SPECv3_01_VERS) {
336 sd->scr[2] |= 1 << 7; /* Spec Version 3.0X */
337 }
338 sd->scr[3] = 0x00;
339 /* reserved for manufacturer usage */
340 sd->scr[4] = 0x00;
341 sd->scr[5] = 0x00;
342 sd->scr[6] = 0x00;
343 sd->scr[7] = 0x00;
344 }
345
346 #define MID 0xaa
347 #define OID "XY"
348 #define PNM "QEMU!"
349 #define PRV 0x01
350 #define MDT_YR 2006
351 #define MDT_MON 2
352
353 static void sd_set_cid(SDState *sd)
354 {
355 sd->cid[0] = MID; /* Fake card manufacturer ID (MID) */
356 sd->cid[1] = OID[0]; /* OEM/Application ID (OID) */
357 sd->cid[2] = OID[1];
358 sd->cid[3] = PNM[0]; /* Fake product name (PNM) */
359 sd->cid[4] = PNM[1];
360 sd->cid[5] = PNM[2];
361 sd->cid[6] = PNM[3];
362 sd->cid[7] = PNM[4];
363 sd->cid[8] = PRV; /* Fake product revision (PRV) */
364 sd->cid[9] = 0xde; /* Fake serial number (PSN) */
365 sd->cid[10] = 0xad;
366 sd->cid[11] = 0xbe;
367 sd->cid[12] = 0xef;
368 sd->cid[13] = 0x00 | /* Manufacture date (MDT) */
369 ((MDT_YR - 2000) / 10);
370 sd->cid[14] = ((MDT_YR % 10) << 4) | MDT_MON;
371 sd->cid[15] = (sd_crc7(sd->cid, 15) << 1) | 1;
372 }
373
374 #define HWBLOCK_SHIFT 9 /* 512 bytes */
375 #define SECTOR_SHIFT 5 /* 16 kilobytes */
376 #define WPGROUP_SHIFT 7 /* 2 megs */
377 #define CMULT_SHIFT 9 /* 512 times HWBLOCK_SIZE */
378 #define WPGROUP_SIZE (1 << (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT))
379
380 static const uint8_t sd_csd_rw_mask[16] = {
381 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
382 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xfc, 0xfe,
383 };
384
385 static void sd_set_csd(SDState *sd, uint64_t size)
386 {
387 uint32_t csize = (size >> (CMULT_SHIFT + HWBLOCK_SHIFT)) - 1;
388 uint32_t sectsize = (1 << (SECTOR_SHIFT + 1)) - 1;
389 uint32_t wpsize = (1 << (WPGROUP_SHIFT + 1)) - 1;
390
391 if (size <= SDSC_MAX_CAPACITY) { /* Standard Capacity SD */
392 sd->csd[0] = 0x00; /* CSD structure */
393 sd->csd[1] = 0x26; /* Data read access-time-1 */
394 sd->csd[2] = 0x00; /* Data read access-time-2 */
395 sd->csd[3] = 0x32; /* Max. data transfer rate: 25 MHz */
396 sd->csd[4] = 0x5f; /* Card Command Classes */
397 sd->csd[5] = 0x50 | /* Max. read data block length */
398 HWBLOCK_SHIFT;
399 sd->csd[6] = 0xe0 | /* Partial block for read allowed */
400 ((csize >> 10) & 0x03);
401 sd->csd[7] = 0x00 | /* Device size */
402 ((csize >> 2) & 0xff);
403 sd->csd[8] = 0x3f | /* Max. read current */
404 ((csize << 6) & 0xc0);
405 sd->csd[9] = 0xfc | /* Max. write current */
406 ((CMULT_SHIFT - 2) >> 1);
407 sd->csd[10] = 0x40 | /* Erase sector size */
408 (((CMULT_SHIFT - 2) << 7) & 0x80) | (sectsize >> 1);
409 sd->csd[11] = 0x00 | /* Write protect group size */
410 ((sectsize << 7) & 0x80) | wpsize;
411 sd->csd[12] = 0x90 | /* Write speed factor */
412 (HWBLOCK_SHIFT >> 2);
413 sd->csd[13] = 0x20 | /* Max. write data block length */
414 ((HWBLOCK_SHIFT << 6) & 0xc0);
415 sd->csd[14] = 0x00; /* File format group */
416 } else { /* SDHC */
417 size /= 512 * KiB;
418 size -= 1;
419 sd->csd[0] = 0x40;
420 sd->csd[1] = 0x0e;
421 sd->csd[2] = 0x00;
422 sd->csd[3] = 0x32;
423 sd->csd[4] = 0x5b;
424 sd->csd[5] = 0x59;
425 sd->csd[6] = 0x00;
426 sd->csd[7] = (size >> 16) & 0xff;
427 sd->csd[8] = (size >> 8) & 0xff;
428 sd->csd[9] = (size & 0xff);
429 sd->csd[10] = 0x7f;
430 sd->csd[11] = 0x80;
431 sd->csd[12] = 0x0a;
432 sd->csd[13] = 0x40;
433 sd->csd[14] = 0x00;
434 }
435 sd->csd[15] = (sd_crc7(sd->csd, 15) << 1) | 1;
436 }
437
438 static void sd_set_rca(SDState *sd)
439 {
440 sd->rca += 0x4567;
441 }
442
443 FIELD(CSR, AKE_SEQ_ERROR, 3, 1)
444 FIELD(CSR, APP_CMD, 5, 1)
445 FIELD(CSR, FX_EVENT, 6, 1)
446 FIELD(CSR, READY_FOR_DATA, 8, 1)
447 FIELD(CSR, CURRENT_STATE, 9, 4)
448 FIELD(CSR, ERASE_RESET, 13, 1)
449 FIELD(CSR, CARD_ECC_DISABLED, 14, 1)
450 FIELD(CSR, WP_ERASE_SKIP, 15, 1)
451 FIELD(CSR, CSD_OVERWRITE, 16, 1)
452 FIELD(CSR, DEFERRED_RESPONSE, 17, 1)
453 FIELD(CSR, ERROR, 19, 1)
454 FIELD(CSR, CC_ERROR, 20, 1)
455 FIELD(CSR, CARD_ECC_FAILED, 21, 1)
456 FIELD(CSR, ILLEGAL_COMMAND, 22, 1)
457 FIELD(CSR, COM_CRC_ERROR, 23, 1)
458 FIELD(CSR, LOCK_UNLOCK_FAILED, 24, 1)
459 FIELD(CSR, CARD_IS_LOCKED, 25, 1)
460 FIELD(CSR, WP_VIOLATION, 26, 1)
461 FIELD(CSR, ERASE_PARAM, 27, 1)
462 FIELD(CSR, ERASE_SEQ_ERROR, 28, 1)
463 FIELD(CSR, BLOCK_LEN_ERROR, 29, 1)
464 FIELD(CSR, ADDRESS_ERROR, 30, 1)
465 FIELD(CSR, OUT_OF_RANGE, 31, 1)
466
467 /* Card status bits, split by clear condition:
468 * A : According to the card current state
469 * B : Always related to the previous command
470 * C : Cleared by read
471 */
472 #define CARD_STATUS_A (R_CSR_READY_FOR_DATA_MASK \
473 | R_CSR_CARD_ECC_DISABLED_MASK \
474 | R_CSR_CARD_IS_LOCKED_MASK)
475 #define CARD_STATUS_B (R_CSR_CURRENT_STATE_MASK \
476 | R_CSR_ILLEGAL_COMMAND_MASK \
477 | R_CSR_COM_CRC_ERROR_MASK)
478 #define CARD_STATUS_C (R_CSR_AKE_SEQ_ERROR_MASK \
479 | R_CSR_APP_CMD_MASK \
480 | R_CSR_ERASE_RESET_MASK \
481 | R_CSR_WP_ERASE_SKIP_MASK \
482 | R_CSR_CSD_OVERWRITE_MASK \
483 | R_CSR_ERROR_MASK \
484 | R_CSR_CC_ERROR_MASK \
485 | R_CSR_CARD_ECC_FAILED_MASK \
486 | R_CSR_LOCK_UNLOCK_FAILED_MASK \
487 | R_CSR_WP_VIOLATION_MASK \
488 | R_CSR_ERASE_PARAM_MASK \
489 | R_CSR_ERASE_SEQ_ERROR_MASK \
490 | R_CSR_BLOCK_LEN_ERROR_MASK \
491 | R_CSR_ADDRESS_ERROR_MASK \
492 | R_CSR_OUT_OF_RANGE_MASK)
493
494 static void sd_set_cardstatus(SDState *sd)
495 {
496 sd->card_status = 0x00000100;
497 }
498
499 static void sd_set_sdstatus(SDState *sd)
500 {
501 memset(sd->sd_status, 0, 64);
502 }
503
504 static int sd_req_crc_validate(SDRequest *req)
505 {
506 uint8_t buffer[5];
507 buffer[0] = 0x40 | req->cmd;
508 stl_be_p(&buffer[1], req->arg);
509 return 0;
510 return sd_crc7(buffer, 5) != req->crc; /* TODO */
511 }
512
513 static void sd_response_r1_make(SDState *sd, uint8_t *response)
514 {
515 stl_be_p(response, sd->card_status);
516
517 /* Clear the "clear on read" status bits */
518 sd->card_status &= ~CARD_STATUS_C;
519 }
520
521 static void sd_response_r3_make(SDState *sd, uint8_t *response)
522 {
523 stl_be_p(response, sd->ocr & ACMD41_R3_MASK);
524 }
525
526 static void sd_response_r6_make(SDState *sd, uint8_t *response)
527 {
528 uint16_t status;
529
530 status = ((sd->card_status >> 8) & 0xc000) |
531 ((sd->card_status >> 6) & 0x2000) |
532 (sd->card_status & 0x1fff);
533 sd->card_status &= ~(CARD_STATUS_C & 0xc81fff);
534 stw_be_p(response + 0, sd->rca);
535 stw_be_p(response + 2, status);
536 }
537
538 static void sd_response_r7_make(SDState *sd, uint8_t *response)
539 {
540 stl_be_p(response, sd->vhs);
541 }
542
543 static inline uint64_t sd_addr_to_wpnum(uint64_t addr)
544 {
545 return addr >> (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT);
546 }
547
548 static void sd_reset(DeviceState *dev)
549 {
550 SDState *sd = SD_CARD(dev);
551 uint64_t size;
552 uint64_t sect;
553
554 trace_sdcard_reset();
555 if (sd->blk) {
556 blk_get_geometry(sd->blk, &sect);
557 } else {
558 sect = 0;
559 }
560 size = sect << 9;
561
562 sect = sd_addr_to_wpnum(size) + 1;
563
564 sd->state = sd_idle_state;
565 sd->rca = 0x0000;
566 sd_set_ocr(sd);
567 sd_set_scr(sd);
568 sd_set_cid(sd);
569 sd_set_csd(sd, size);
570 sd_set_cardstatus(sd);
571 sd_set_sdstatus(sd);
572
573 g_free(sd->wp_groups);
574 sd->wp_switch = sd->blk ? blk_is_read_only(sd->blk) : false;
575 sd->wpgrps_size = sect;
576 sd->wp_groups = bitmap_new(sd->wpgrps_size);
577 memset(sd->function_group, 0, sizeof(sd->function_group));
578 sd->erase_start = 0;
579 sd->erase_end = 0;
580 sd->size = size;
581 sd->blk_len = 0x200;
582 sd->pwd_len = 0;
583 sd->expecting_acmd = false;
584 sd->dat_lines = 0xf;
585 sd->cmd_line = true;
586 sd->multi_blk_cnt = 0;
587 }
588
589 static bool sd_get_inserted(SDState *sd)
590 {
591 return sd->blk && blk_is_inserted(sd->blk);
592 }
593
594 static bool sd_get_readonly(SDState *sd)
595 {
596 return sd->wp_switch;
597 }
598
599 static void sd_cardchange(void *opaque, bool load, Error **errp)
600 {
601 SDState *sd = opaque;
602 DeviceState *dev = DEVICE(sd);
603 SDBus *sdbus;
604 bool inserted = sd_get_inserted(sd);
605 bool readonly = sd_get_readonly(sd);
606
607 if (inserted) {
608 trace_sdcard_inserted(readonly);
609 sd_reset(dev);
610 } else {
611 trace_sdcard_ejected();
612 }
613
614 if (sd->me_no_qdev_me_kill_mammoth_with_rocks) {
615 qemu_set_irq(sd->inserted_cb, inserted);
616 if (inserted) {
617 qemu_set_irq(sd->readonly_cb, readonly);
618 }
619 } else {
620 sdbus = SD_BUS(qdev_get_parent_bus(dev));
621 sdbus_set_inserted(sdbus, inserted);
622 if (inserted) {
623 sdbus_set_readonly(sdbus, readonly);
624 }
625 }
626 }
627
628 static const BlockDevOps sd_block_ops = {
629 .change_media_cb = sd_cardchange,
630 };
631
632 static bool sd_ocr_vmstate_needed(void *opaque)
633 {
634 SDState *sd = opaque;
635
636 /* Include the OCR state (and timer) if it is not yet powered up */
637 return !FIELD_EX32(sd->ocr, OCR, CARD_POWER_UP);
638 }
639
640 static const VMStateDescription sd_ocr_vmstate = {
641 .name = "sd-card/ocr-state",
642 .version_id = 1,
643 .minimum_version_id = 1,
644 .needed = sd_ocr_vmstate_needed,
645 .fields = (VMStateField[]) {
646 VMSTATE_UINT32(ocr, SDState),
647 VMSTATE_TIMER_PTR(ocr_power_timer, SDState),
648 VMSTATE_END_OF_LIST()
649 },
650 };
651
652 static int sd_vmstate_pre_load(void *opaque)
653 {
654 SDState *sd = opaque;
655
656 /* If the OCR state is not included (prior versions, or not
657 * needed), then the OCR must be set as powered up. If the OCR state
658 * is included, this will be replaced by the state restore.
659 */
660 sd_ocr_powerup(sd);
661
662 return 0;
663 }
664
665 static const VMStateDescription sd_vmstate = {
666 .name = "sd-card",
667 .version_id = 1,
668 .minimum_version_id = 1,
669 .pre_load = sd_vmstate_pre_load,
670 .fields = (VMStateField[]) {
671 VMSTATE_UINT32(mode, SDState),
672 VMSTATE_INT32(state, SDState),
673 VMSTATE_UINT8_ARRAY(cid, SDState, 16),
674 VMSTATE_UINT8_ARRAY(csd, SDState, 16),
675 VMSTATE_UINT16(rca, SDState),
676 VMSTATE_UINT32(card_status, SDState),
677 VMSTATE_PARTIAL_BUFFER(sd_status, SDState, 1),
678 VMSTATE_UINT32(vhs, SDState),
679 VMSTATE_BITMAP(wp_groups, SDState, 0, wpgrps_size),
680 VMSTATE_UINT32(blk_len, SDState),
681 VMSTATE_UINT32(multi_blk_cnt, SDState),
682 VMSTATE_UINT32(erase_start, SDState),
683 VMSTATE_UINT32(erase_end, SDState),
684 VMSTATE_UINT8_ARRAY(pwd, SDState, 16),
685 VMSTATE_UINT32(pwd_len, SDState),
686 VMSTATE_UINT8_ARRAY(function_group, SDState, 6),
687 VMSTATE_UINT8(current_cmd, SDState),
688 VMSTATE_BOOL(expecting_acmd, SDState),
689 VMSTATE_UINT32(blk_written, SDState),
690 VMSTATE_UINT64(data_start, SDState),
691 VMSTATE_UINT32(data_offset, SDState),
692 VMSTATE_UINT8_ARRAY(data, SDState, 512),
693 VMSTATE_UNUSED_V(1, 512),
694 VMSTATE_BOOL(enable, SDState),
695 VMSTATE_END_OF_LIST()
696 },
697 .subsections = (const VMStateDescription*[]) {
698 &sd_ocr_vmstate,
699 NULL
700 },
701 };
702
703 /* Legacy initialization function for use by non-qdevified callers */
704 SDState *sd_init(BlockBackend *blk, bool is_spi)
705 {
706 Object *obj;
707 DeviceState *dev;
708 SDState *sd;
709 Error *err = NULL;
710
711 obj = object_new(TYPE_SD_CARD);
712 dev = DEVICE(obj);
713 if (!qdev_prop_set_drive_err(dev, "drive", blk, &err)) {
714 error_reportf_err(err, "sd_init failed: ");
715 return NULL;
716 }
717 qdev_prop_set_bit(dev, "spi", is_spi);
718
719 /*
720 * Realizing the device properly would put it into the QOM
721 * composition tree even though it is not plugged into an
722 * appropriate bus. That's a no-no. Hide the device from
723 * QOM/qdev, and call its qdev realize callback directly.
724 */
725 object_ref(obj);
726 object_unparent(obj);
727 sd_realize(dev, &err);
728 if (err) {
729 error_reportf_err(err, "sd_init failed: ");
730 return NULL;
731 }
732
733 sd = SD_CARD(dev);
734 sd->me_no_qdev_me_kill_mammoth_with_rocks = true;
735 return sd;
736 }
737
738 void sd_set_cb(SDState *sd, qemu_irq readonly, qemu_irq insert)
739 {
740 sd->readonly_cb = readonly;
741 sd->inserted_cb = insert;
742 qemu_set_irq(readonly, sd->blk ? blk_is_read_only(sd->blk) : 0);
743 qemu_set_irq(insert, sd->blk ? blk_is_inserted(sd->blk) : 0);
744 }
745
746 static void sd_erase(SDState *sd)
747 {
748 int i;
749 uint64_t erase_start = sd->erase_start;
750 uint64_t erase_end = sd->erase_end;
751
752 trace_sdcard_erase();
753 if (!sd->erase_start || !sd->erase_end) {
754 sd->card_status |= ERASE_SEQ_ERROR;
755 return;
756 }
757
758 if (FIELD_EX32(sd->ocr, OCR, CARD_CAPACITY)) {
759 /* High capacity memory card: erase units are 512 byte blocks */
760 erase_start *= 512;
761 erase_end *= 512;
762 }
763
764 erase_start = sd_addr_to_wpnum(erase_start);
765 erase_end = sd_addr_to_wpnum(erase_end);
766 sd->erase_start = 0;
767 sd->erase_end = 0;
768 sd->csd[14] |= 0x40;
769
770 for (i = erase_start; i <= erase_end; i++) {
771 if (test_bit(i, sd->wp_groups)) {
772 sd->card_status |= WP_ERASE_SKIP;
773 }
774 }
775 }
776
777 static uint32_t sd_wpbits(SDState *sd, uint64_t addr)
778 {
779 uint32_t i, wpnum;
780 uint32_t ret = 0;
781
782 wpnum = sd_addr_to_wpnum(addr);
783
784 for (i = 0; i < 32; i++, wpnum++, addr += WPGROUP_SIZE) {
785 if (addr < sd->size && test_bit(wpnum, sd->wp_groups)) {
786 ret |= (1 << i);
787 }
788 }
789
790 return ret;
791 }
792
793 static void sd_function_switch(SDState *sd, uint32_t arg)
794 {
795 int i, mode, new_func;
796 mode = !!(arg & 0x80000000);
797
798 sd->data[0] = 0x00; /* Maximum current consumption */
799 sd->data[1] = 0x01;
800 sd->data[2] = 0x80; /* Supported group 6 functions */
801 sd->data[3] = 0x01;
802 sd->data[4] = 0x80; /* Supported group 5 functions */
803 sd->data[5] = 0x01;
804 sd->data[6] = 0x80; /* Supported group 4 functions */
805 sd->data[7] = 0x01;
806 sd->data[8] = 0x80; /* Supported group 3 functions */
807 sd->data[9] = 0x01;
808 sd->data[10] = 0x80; /* Supported group 2 functions */
809 sd->data[11] = 0x43;
810 sd->data[12] = 0x80; /* Supported group 1 functions */
811 sd->data[13] = 0x03;
812
813 for (i = 0; i < 6; i ++) {
814 new_func = (arg >> (i * 4)) & 0x0f;
815 if (mode && new_func != 0x0f)
816 sd->function_group[i] = new_func;
817 sd->data[16 - (i >> 1)] |= new_func << ((i % 2) * 4);
818 }
819 memset(&sd->data[17], 0, 47);
820 stw_be_p(sd->data + 64, sd_crc16(sd->data, 64));
821 }
822
823 static inline bool sd_wp_addr(SDState *sd, uint64_t addr)
824 {
825 return test_bit(sd_addr_to_wpnum(addr), sd->wp_groups);
826 }
827
828 static void sd_lock_command(SDState *sd)
829 {
830 int erase, lock, clr_pwd, set_pwd, pwd_len;
831 erase = !!(sd->data[0] & 0x08);
832 lock = sd->data[0] & 0x04;
833 clr_pwd = sd->data[0] & 0x02;
834 set_pwd = sd->data[0] & 0x01;
835
836 if (sd->blk_len > 1)
837 pwd_len = sd->data[1];
838 else
839 pwd_len = 0;
840
841 if (lock) {
842 trace_sdcard_lock();
843 } else {
844 trace_sdcard_unlock();
845 }
846 if (erase) {
847 if (!(sd->card_status & CARD_IS_LOCKED) || sd->blk_len > 1 ||
848 set_pwd || clr_pwd || lock || sd->wp_switch ||
849 (sd->csd[14] & 0x20)) {
850 sd->card_status |= LOCK_UNLOCK_FAILED;
851 return;
852 }
853 bitmap_zero(sd->wp_groups, sd->wpgrps_size);
854 sd->csd[14] &= ~0x10;
855 sd->card_status &= ~CARD_IS_LOCKED;
856 sd->pwd_len = 0;
857 /* Erasing the entire card here! */
858 fprintf(stderr, "SD: Card force-erased by CMD42\n");
859 return;
860 }
861
862 if (sd->blk_len < 2 + pwd_len ||
863 pwd_len <= sd->pwd_len ||
864 pwd_len > sd->pwd_len + 16) {
865 sd->card_status |= LOCK_UNLOCK_FAILED;
866 return;
867 }
868
869 if (sd->pwd_len && memcmp(sd->pwd, sd->data + 2, sd->pwd_len)) {
870 sd->card_status |= LOCK_UNLOCK_FAILED;
871 return;
872 }
873
874 pwd_len -= sd->pwd_len;
875 if ((pwd_len && !set_pwd) ||
876 (clr_pwd && (set_pwd || lock)) ||
877 (lock && !sd->pwd_len && !set_pwd) ||
878 (!set_pwd && !clr_pwd &&
879 (((sd->card_status & CARD_IS_LOCKED) && lock) ||
880 (!(sd->card_status & CARD_IS_LOCKED) && !lock)))) {
881 sd->card_status |= LOCK_UNLOCK_FAILED;
882 return;
883 }
884
885 if (set_pwd) {
886 memcpy(sd->pwd, sd->data + 2 + sd->pwd_len, pwd_len);
887 sd->pwd_len = pwd_len;
888 }
889
890 if (clr_pwd) {
891 sd->pwd_len = 0;
892 }
893
894 if (lock)
895 sd->card_status |= CARD_IS_LOCKED;
896 else
897 sd->card_status &= ~CARD_IS_LOCKED;
898 }
899
900 static sd_rsp_type_t sd_normal_command(SDState *sd, SDRequest req)
901 {
902 uint32_t rca = 0x0000;
903 uint64_t addr = (sd->ocr & (1 << 30)) ? (uint64_t) req.arg << 9 : req.arg;
904
905 /* CMD55 precedes an ACMD, so we are not interested in tracing it.
906 * However there is no ACMD55, so we want to trace this particular case.
907 */
908 if (req.cmd != 55 || sd->expecting_acmd) {
909 trace_sdcard_normal_command(sd->proto_name,
910 sd_cmd_name(req.cmd), req.cmd,
911 req.arg, sd_state_name(sd->state));
912 }
913
914 /* Not interpreting this as an app command */
915 sd->card_status &= ~APP_CMD;
916
917 if (sd_cmd_type[req.cmd] == sd_ac
918 || sd_cmd_type[req.cmd] == sd_adtc) {
919 rca = req.arg >> 16;
920 }
921
922 /* CMD23 (set block count) must be immediately followed by CMD18 or CMD25
923 * if not, its effects are cancelled */
924 if (sd->multi_blk_cnt != 0 && !(req.cmd == 18 || req.cmd == 25)) {
925 sd->multi_blk_cnt = 0;
926 }
927
928 if (sd_cmd_class[req.cmd] == 6 && FIELD_EX32(sd->ocr, OCR, CARD_CAPACITY)) {
929 /* Only Standard Capacity cards support class 6 commands */
930 return sd_illegal;
931 }
932
933 switch (req.cmd) {
934 /* Basic commands (Class 0 and Class 1) */
935 case 0: /* CMD0: GO_IDLE_STATE */
936 switch (sd->state) {
937 case sd_inactive_state:
938 return sd->spi ? sd_r1 : sd_r0;
939
940 default:
941 sd->state = sd_idle_state;
942 sd_reset(DEVICE(sd));
943 return sd->spi ? sd_r1 : sd_r0;
944 }
945 break;
946
947 case 1: /* CMD1: SEND_OP_CMD */
948 if (!sd->spi)
949 goto bad_cmd;
950
951 sd->state = sd_transfer_state;
952 return sd_r1;
953
954 case 2: /* CMD2: ALL_SEND_CID */
955 if (sd->spi)
956 goto bad_cmd;
957 switch (sd->state) {
958 case sd_ready_state:
959 sd->state = sd_identification_state;
960 return sd_r2_i;
961
962 default:
963 break;
964 }
965 break;
966
967 case 3: /* CMD3: SEND_RELATIVE_ADDR */
968 if (sd->spi)
969 goto bad_cmd;
970 switch (sd->state) {
971 case sd_identification_state:
972 case sd_standby_state:
973 sd->state = sd_standby_state;
974 sd_set_rca(sd);
975 return sd_r6;
976
977 default:
978 break;
979 }
980 break;
981
982 case 4: /* CMD4: SEND_DSR */
983 if (sd->spi)
984 goto bad_cmd;
985 switch (sd->state) {
986 case sd_standby_state:
987 break;
988
989 default:
990 break;
991 }
992 break;
993
994 case 5: /* CMD5: reserved for SDIO cards */
995 return sd_illegal;
996
997 case 6: /* CMD6: SWITCH_FUNCTION */
998 switch (sd->mode) {
999 case sd_data_transfer_mode:
1000 sd_function_switch(sd, req.arg);
1001 sd->state = sd_sendingdata_state;
1002 sd->data_start = 0;
1003 sd->data_offset = 0;
1004 return sd_r1;
1005
1006 default:
1007 break;
1008 }
1009 break;
1010
1011 case 7: /* CMD7: SELECT/DESELECT_CARD */
1012 if (sd->spi)
1013 goto bad_cmd;
1014 switch (sd->state) {
1015 case sd_standby_state:
1016 if (sd->rca != rca)
1017 return sd_r0;
1018
1019 sd->state = sd_transfer_state;
1020 return sd_r1b;
1021
1022 case sd_transfer_state:
1023 case sd_sendingdata_state:
1024 if (sd->rca == rca)
1025 break;
1026
1027 sd->state = sd_standby_state;
1028 return sd_r1b;
1029
1030 case sd_disconnect_state:
1031 if (sd->rca != rca)
1032 return sd_r0;
1033
1034 sd->state = sd_programming_state;
1035 return sd_r1b;
1036
1037 case sd_programming_state:
1038 if (sd->rca == rca)
1039 break;
1040
1041 sd->state = sd_disconnect_state;
1042 return sd_r1b;
1043
1044 default:
1045 break;
1046 }
1047 break;
1048
1049 case 8: /* CMD8: SEND_IF_COND */
1050 if (sd->spec_version < SD_PHY_SPECv2_00_VERS) {
1051 break;
1052 }
1053 if (sd->state != sd_idle_state) {
1054 break;
1055 }
1056 sd->vhs = 0;
1057
1058 /* No response if not exactly one VHS bit is set. */
1059 if (!(req.arg >> 8) || (req.arg >> (ctz32(req.arg & ~0xff) + 1))) {
1060 return sd->spi ? sd_r7 : sd_r0;
1061 }
1062
1063 /* Accept. */
1064 sd->vhs = req.arg;
1065 return sd_r7;
1066
1067 case 9: /* CMD9: SEND_CSD */
1068 switch (sd->state) {
1069 case sd_standby_state:
1070 if (sd->rca != rca)
1071 return sd_r0;
1072
1073 return sd_r2_s;
1074
1075 case sd_transfer_state:
1076 if (!sd->spi)
1077 break;
1078 sd->state = sd_sendingdata_state;
1079 memcpy(sd->data, sd->csd, 16);
1080 sd->data_start = addr;
1081 sd->data_offset = 0;
1082 return sd_r1;
1083
1084 default:
1085 break;
1086 }
1087 break;
1088
1089 case 10: /* CMD10: SEND_CID */
1090 switch (sd->state) {
1091 case sd_standby_state:
1092 if (sd->rca != rca)
1093 return sd_r0;
1094
1095 return sd_r2_i;
1096
1097 case sd_transfer_state:
1098 if (!sd->spi)
1099 break;
1100 sd->state = sd_sendingdata_state;
1101 memcpy(sd->data, sd->cid, 16);
1102 sd->data_start = addr;
1103 sd->data_offset = 0;
1104 return sd_r1;
1105
1106 default:
1107 break;
1108 }
1109 break;
1110
1111 case 12: /* CMD12: STOP_TRANSMISSION */
1112 switch (sd->state) {
1113 case sd_sendingdata_state:
1114 sd->state = sd_transfer_state;
1115 return sd_r1b;
1116
1117 case sd_receivingdata_state:
1118 sd->state = sd_programming_state;
1119 /* Bzzzzzzztt .... Operation complete. */
1120 sd->state = sd_transfer_state;
1121 return sd_r1b;
1122
1123 default:
1124 break;
1125 }
1126 break;
1127
1128 case 13: /* CMD13: SEND_STATUS */
1129 switch (sd->mode) {
1130 case sd_data_transfer_mode:
1131 if (sd->rca != rca)
1132 return sd_r0;
1133
1134 return sd_r1;
1135
1136 default:
1137 break;
1138 }
1139 break;
1140
1141 case 15: /* CMD15: GO_INACTIVE_STATE */
1142 if (sd->spi)
1143 goto bad_cmd;
1144 switch (sd->mode) {
1145 case sd_data_transfer_mode:
1146 if (sd->rca != rca)
1147 return sd_r0;
1148
1149 sd->state = sd_inactive_state;
1150 return sd_r0;
1151
1152 default:
1153 break;
1154 }
1155 break;
1156
1157 /* Block read commands (Classs 2) */
1158 case 16: /* CMD16: SET_BLOCKLEN */
1159 switch (sd->state) {
1160 case sd_transfer_state:
1161 if (req.arg > (1 << HWBLOCK_SHIFT)) {
1162 sd->card_status |= BLOCK_LEN_ERROR;
1163 } else {
1164 trace_sdcard_set_blocklen(req.arg);
1165 sd->blk_len = req.arg;
1166 }
1167
1168 return sd_r1;
1169
1170 default:
1171 break;
1172 }
1173 break;
1174
1175 case 17: /* CMD17: READ_SINGLE_BLOCK */
1176 switch (sd->state) {
1177 case sd_transfer_state:
1178
1179 if (addr + sd->blk_len > sd->size) {
1180 sd->card_status |= ADDRESS_ERROR;
1181 return sd_r1;
1182 }
1183
1184 sd->state = sd_sendingdata_state;
1185 sd->data_start = addr;
1186 sd->data_offset = 0;
1187 return sd_r1;
1188
1189 default:
1190 break;
1191 }
1192 break;
1193
1194 case 18: /* CMD18: READ_MULTIPLE_BLOCK */
1195 switch (sd->state) {
1196 case sd_transfer_state:
1197
1198 if (addr + sd->blk_len > sd->size) {
1199 sd->card_status |= ADDRESS_ERROR;
1200 return sd_r1;
1201 }
1202
1203 sd->state = sd_sendingdata_state;
1204 sd->data_start = addr;
1205 sd->data_offset = 0;
1206 return sd_r1;
1207
1208 default:
1209 break;
1210 }
1211 break;
1212
1213 case 19: /* CMD19: SEND_TUNING_BLOCK (SD) */
1214 if (sd->spec_version < SD_PHY_SPECv3_01_VERS) {
1215 break;
1216 }
1217 if (sd->state == sd_transfer_state) {
1218 sd->state = sd_sendingdata_state;
1219 sd->data_offset = 0;
1220 return sd_r1;
1221 }
1222 break;
1223
1224 case 23: /* CMD23: SET_BLOCK_COUNT */
1225 if (sd->spec_version < SD_PHY_SPECv3_01_VERS) {
1226 break;
1227 }
1228 switch (sd->state) {
1229 case sd_transfer_state:
1230 sd->multi_blk_cnt = req.arg;
1231 return sd_r1;
1232
1233 default:
1234 break;
1235 }
1236 break;
1237
1238 /* Block write commands (Class 4) */
1239 case 24: /* CMD24: WRITE_SINGLE_BLOCK */
1240 switch (sd->state) {
1241 case sd_transfer_state:
1242 /* Writing in SPI mode not implemented. */
1243 if (sd->spi)
1244 break;
1245
1246 if (addr + sd->blk_len > sd->size) {
1247 sd->card_status |= ADDRESS_ERROR;
1248 return sd_r1;
1249 }
1250
1251 sd->state = sd_receivingdata_state;
1252 sd->data_start = addr;
1253 sd->data_offset = 0;
1254 sd->blk_written = 0;
1255
1256 if (sd_wp_addr(sd, sd->data_start)) {
1257 sd->card_status |= WP_VIOLATION;
1258 }
1259 if (sd->csd[14] & 0x30) {
1260 sd->card_status |= WP_VIOLATION;
1261 }
1262 return sd_r1;
1263
1264 default:
1265 break;
1266 }
1267 break;
1268
1269 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
1270 switch (sd->state) {
1271 case sd_transfer_state:
1272 /* Writing in SPI mode not implemented. */
1273 if (sd->spi)
1274 break;
1275
1276 if (addr + sd->blk_len > sd->size) {
1277 sd->card_status |= ADDRESS_ERROR;
1278 return sd_r1;
1279 }
1280
1281 sd->state = sd_receivingdata_state;
1282 sd->data_start = addr;
1283 sd->data_offset = 0;
1284 sd->blk_written = 0;
1285
1286 if (sd_wp_addr(sd, sd->data_start)) {
1287 sd->card_status |= WP_VIOLATION;
1288 }
1289 if (sd->csd[14] & 0x30) {
1290 sd->card_status |= WP_VIOLATION;
1291 }
1292 return sd_r1;
1293
1294 default:
1295 break;
1296 }
1297 break;
1298
1299 case 26: /* CMD26: PROGRAM_CID */
1300 if (sd->spi)
1301 goto bad_cmd;
1302 switch (sd->state) {
1303 case sd_transfer_state:
1304 sd->state = sd_receivingdata_state;
1305 sd->data_start = 0;
1306 sd->data_offset = 0;
1307 return sd_r1;
1308
1309 default:
1310 break;
1311 }
1312 break;
1313
1314 case 27: /* CMD27: PROGRAM_CSD */
1315 switch (sd->state) {
1316 case sd_transfer_state:
1317 sd->state = sd_receivingdata_state;
1318 sd->data_start = 0;
1319 sd->data_offset = 0;
1320 return sd_r1;
1321
1322 default:
1323 break;
1324 }
1325 break;
1326
1327 /* Write protection (Class 6) */
1328 case 28: /* CMD28: SET_WRITE_PROT */
1329 switch (sd->state) {
1330 case sd_transfer_state:
1331 if (addr >= sd->size) {
1332 sd->card_status |= ADDRESS_ERROR;
1333 return sd_r1b;
1334 }
1335
1336 sd->state = sd_programming_state;
1337 set_bit(sd_addr_to_wpnum(addr), sd->wp_groups);
1338 /* Bzzzzzzztt .... Operation complete. */
1339 sd->state = sd_transfer_state;
1340 return sd_r1b;
1341
1342 default:
1343 break;
1344 }
1345 break;
1346
1347 case 29: /* CMD29: CLR_WRITE_PROT */
1348 switch (sd->state) {
1349 case sd_transfer_state:
1350 if (addr >= sd->size) {
1351 sd->card_status |= ADDRESS_ERROR;
1352 return sd_r1b;
1353 }
1354
1355 sd->state = sd_programming_state;
1356 clear_bit(sd_addr_to_wpnum(addr), sd->wp_groups);
1357 /* Bzzzzzzztt .... Operation complete. */
1358 sd->state = sd_transfer_state;
1359 return sd_r1b;
1360
1361 default:
1362 break;
1363 }
1364 break;
1365
1366 case 30: /* CMD30: SEND_WRITE_PROT */
1367 switch (sd->state) {
1368 case sd_transfer_state:
1369 sd->state = sd_sendingdata_state;
1370 *(uint32_t *) sd->data = sd_wpbits(sd, req.arg);
1371 sd->data_start = addr;
1372 sd->data_offset = 0;
1373 return sd_r1b;
1374
1375 default:
1376 break;
1377 }
1378 break;
1379
1380 /* Erase commands (Class 5) */
1381 case 32: /* CMD32: ERASE_WR_BLK_START */
1382 switch (sd->state) {
1383 case sd_transfer_state:
1384 sd->erase_start = req.arg;
1385 return sd_r1;
1386
1387 default:
1388 break;
1389 }
1390 break;
1391
1392 case 33: /* CMD33: ERASE_WR_BLK_END */
1393 switch (sd->state) {
1394 case sd_transfer_state:
1395 sd->erase_end = req.arg;
1396 return sd_r1;
1397
1398 default:
1399 break;
1400 }
1401 break;
1402
1403 case 38: /* CMD38: ERASE */
1404 switch (sd->state) {
1405 case sd_transfer_state:
1406 if (sd->csd[14] & 0x30) {
1407 sd->card_status |= WP_VIOLATION;
1408 return sd_r1b;
1409 }
1410
1411 sd->state = sd_programming_state;
1412 sd_erase(sd);
1413 /* Bzzzzzzztt .... Operation complete. */
1414 sd->state = sd_transfer_state;
1415 return sd_r1b;
1416
1417 default:
1418 break;
1419 }
1420 break;
1421
1422 /* Lock card commands (Class 7) */
1423 case 42: /* CMD42: LOCK_UNLOCK */
1424 switch (sd->state) {
1425 case sd_transfer_state:
1426 sd->state = sd_receivingdata_state;
1427 sd->data_start = 0;
1428 sd->data_offset = 0;
1429 return sd_r1;
1430
1431 default:
1432 break;
1433 }
1434 break;
1435
1436 case 52 ... 54:
1437 /* CMD52, CMD53, CMD54: reserved for SDIO cards
1438 * (see the SDIO Simplified Specification V2.0)
1439 * Handle as illegal command but do not complain
1440 * on stderr, as some OSes may use these in their
1441 * probing for presence of an SDIO card.
1442 */
1443 return sd_illegal;
1444
1445 /* Application specific commands (Class 8) */
1446 case 55: /* CMD55: APP_CMD */
1447 switch (sd->state) {
1448 case sd_ready_state:
1449 case sd_identification_state:
1450 case sd_inactive_state:
1451 return sd_illegal;
1452 case sd_idle_state:
1453 if (rca) {
1454 qemu_log_mask(LOG_GUEST_ERROR,
1455 "SD: illegal RCA 0x%04x for APP_CMD\n", req.cmd);
1456 }
1457 default:
1458 break;
1459 }
1460 if (!sd->spi) {
1461 if (sd->rca != rca) {
1462 return sd_r0;
1463 }
1464 }
1465 sd->expecting_acmd = true;
1466 sd->card_status |= APP_CMD;
1467 return sd_r1;
1468
1469 case 56: /* CMD56: GEN_CMD */
1470 switch (sd->state) {
1471 case sd_transfer_state:
1472 sd->data_offset = 0;
1473 if (req.arg & 1)
1474 sd->state = sd_sendingdata_state;
1475 else
1476 sd->state = sd_receivingdata_state;
1477 return sd_r1;
1478
1479 default:
1480 break;
1481 }
1482 break;
1483
1484 case 58: /* CMD58: READ_OCR (SPI) */
1485 if (!sd->spi) {
1486 goto bad_cmd;
1487 }
1488 return sd_r3;
1489
1490 case 59: /* CMD59: CRC_ON_OFF (SPI) */
1491 if (!sd->spi) {
1492 goto bad_cmd;
1493 }
1494 goto unimplemented_spi_cmd;
1495
1496 default:
1497 bad_cmd:
1498 qemu_log_mask(LOG_GUEST_ERROR, "SD: Unknown CMD%i\n", req.cmd);
1499 return sd_illegal;
1500
1501 unimplemented_spi_cmd:
1502 /* Commands that are recognised but not yet implemented in SPI mode. */
1503 qemu_log_mask(LOG_UNIMP, "SD: CMD%i not implemented in SPI mode\n",
1504 req.cmd);
1505 return sd_illegal;
1506 }
1507
1508 qemu_log_mask(LOG_GUEST_ERROR, "SD: CMD%i in a wrong state\n", req.cmd);
1509 return sd_illegal;
1510 }
1511
1512 static sd_rsp_type_t sd_app_command(SDState *sd,
1513 SDRequest req)
1514 {
1515 trace_sdcard_app_command(sd->proto_name, sd_acmd_name(req.cmd),
1516 req.cmd, req.arg, sd_state_name(sd->state));
1517 sd->card_status |= APP_CMD;
1518 switch (req.cmd) {
1519 case 6: /* ACMD6: SET_BUS_WIDTH */
1520 if (sd->spi) {
1521 goto unimplemented_spi_cmd;
1522 }
1523 switch (sd->state) {
1524 case sd_transfer_state:
1525 sd->sd_status[0] &= 0x3f;
1526 sd->sd_status[0] |= (req.arg & 0x03) << 6;
1527 return sd_r1;
1528
1529 default:
1530 break;
1531 }
1532 break;
1533
1534 case 13: /* ACMD13: SD_STATUS */
1535 switch (sd->state) {
1536 case sd_transfer_state:
1537 sd->state = sd_sendingdata_state;
1538 sd->data_start = 0;
1539 sd->data_offset = 0;
1540 return sd_r1;
1541
1542 default:
1543 break;
1544 }
1545 break;
1546
1547 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
1548 switch (sd->state) {
1549 case sd_transfer_state:
1550 *(uint32_t *) sd->data = sd->blk_written;
1551
1552 sd->state = sd_sendingdata_state;
1553 sd->data_start = 0;
1554 sd->data_offset = 0;
1555 return sd_r1;
1556
1557 default:
1558 break;
1559 }
1560 break;
1561
1562 case 23: /* ACMD23: SET_WR_BLK_ERASE_COUNT */
1563 switch (sd->state) {
1564 case sd_transfer_state:
1565 return sd_r1;
1566
1567 default:
1568 break;
1569 }
1570 break;
1571
1572 case 41: /* ACMD41: SD_APP_OP_COND */
1573 if (sd->spi) {
1574 /* SEND_OP_CMD */
1575 sd->state = sd_transfer_state;
1576 return sd_r1;
1577 }
1578 if (sd->state != sd_idle_state) {
1579 break;
1580 }
1581 /* If it's the first ACMD41 since reset, we need to decide
1582 * whether to power up. If this is not an enquiry ACMD41,
1583 * we immediately report power on and proceed below to the
1584 * ready state, but if it is, we set a timer to model a
1585 * delay for power up. This works around a bug in EDK2
1586 * UEFI, which sends an initial enquiry ACMD41, but
1587 * assumes that the card is in ready state as soon as it
1588 * sees the power up bit set. */
1589 if (!FIELD_EX32(sd->ocr, OCR, CARD_POWER_UP)) {
1590 if ((req.arg & ACMD41_ENQUIRY_MASK) != 0) {
1591 timer_del(sd->ocr_power_timer);
1592 sd_ocr_powerup(sd);
1593 } else {
1594 trace_sdcard_inquiry_cmd41();
1595 if (!timer_pending(sd->ocr_power_timer)) {
1596 timer_mod_ns(sd->ocr_power_timer,
1597 (qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL)
1598 + OCR_POWER_DELAY_NS));
1599 }
1600 }
1601 }
1602
1603 if (FIELD_EX32(sd->ocr & req.arg, OCR, VDD_VOLTAGE_WINDOW)) {
1604 /* We accept any voltage. 10000 V is nothing.
1605 *
1606 * Once we're powered up, we advance straight to ready state
1607 * unless it's an enquiry ACMD41 (bits 23:0 == 0).
1608 */
1609 sd->state = sd_ready_state;
1610 }
1611
1612 return sd_r3;
1613
1614 case 42: /* ACMD42: SET_CLR_CARD_DETECT */
1615 switch (sd->state) {
1616 case sd_transfer_state:
1617 /* Bringing in the 50KOhm pull-up resistor... Done. */
1618 return sd_r1;
1619
1620 default:
1621 break;
1622 }
1623 break;
1624
1625 case 51: /* ACMD51: SEND_SCR */
1626 switch (sd->state) {
1627 case sd_transfer_state:
1628 sd->state = sd_sendingdata_state;
1629 sd->data_start = 0;
1630 sd->data_offset = 0;
1631 return sd_r1;
1632
1633 default:
1634 break;
1635 }
1636 break;
1637
1638 case 18: /* Reserved for SD security applications */
1639 case 25:
1640 case 26:
1641 case 38:
1642 case 43 ... 49:
1643 /* Refer to the "SD Specifications Part3 Security Specification" for
1644 * information about the SD Security Features.
1645 */
1646 qemu_log_mask(LOG_UNIMP, "SD: CMD%i Security not implemented\n",
1647 req.cmd);
1648 return sd_illegal;
1649
1650 default:
1651 /* Fall back to standard commands. */
1652 return sd_normal_command(sd, req);
1653
1654 unimplemented_spi_cmd:
1655 /* Commands that are recognised but not yet implemented in SPI mode. */
1656 qemu_log_mask(LOG_UNIMP, "SD: CMD%i not implemented in SPI mode\n",
1657 req.cmd);
1658 return sd_illegal;
1659 }
1660
1661 qemu_log_mask(LOG_GUEST_ERROR, "SD: ACMD%i in a wrong state\n", req.cmd);
1662 return sd_illegal;
1663 }
1664
1665 static int cmd_valid_while_locked(SDState *sd, SDRequest *req)
1666 {
1667 /* Valid commands in locked state:
1668 * basic class (0)
1669 * lock card class (7)
1670 * CMD16
1671 * implicitly, the ACMD prefix CMD55
1672 * ACMD41 and ACMD42
1673 * Anything else provokes an "illegal command" response.
1674 */
1675 if (sd->expecting_acmd) {
1676 return req->cmd == 41 || req->cmd == 42;
1677 }
1678 if (req->cmd == 16 || req->cmd == 55) {
1679 return 1;
1680 }
1681 return sd_cmd_class[req->cmd] == 0
1682 || sd_cmd_class[req->cmd] == 7;
1683 }
1684
1685 int sd_do_command(SDState *sd, SDRequest *req,
1686 uint8_t *response) {
1687 int last_state;
1688 sd_rsp_type_t rtype;
1689 int rsplen;
1690
1691 if (!sd->blk || !blk_is_inserted(sd->blk) || !sd->enable) {
1692 return 0;
1693 }
1694
1695 if (sd_req_crc_validate(req)) {
1696 sd->card_status |= COM_CRC_ERROR;
1697 rtype = sd_illegal;
1698 goto send_response;
1699 }
1700
1701 if (req->cmd >= SDMMC_CMD_MAX) {
1702 qemu_log_mask(LOG_GUEST_ERROR, "SD: incorrect command 0x%02x\n",
1703 req->cmd);
1704 req->cmd &= 0x3f;
1705 }
1706
1707 if (sd->card_status & CARD_IS_LOCKED) {
1708 if (!cmd_valid_while_locked(sd, req)) {
1709 sd->card_status |= ILLEGAL_COMMAND;
1710 sd->expecting_acmd = false;
1711 qemu_log_mask(LOG_GUEST_ERROR, "SD: Card is locked\n");
1712 rtype = sd_illegal;
1713 goto send_response;
1714 }
1715 }
1716
1717 last_state = sd->state;
1718 sd_set_mode(sd);
1719
1720 if (sd->expecting_acmd) {
1721 sd->expecting_acmd = false;
1722 rtype = sd_app_command(sd, *req);
1723 } else {
1724 rtype = sd_normal_command(sd, *req);
1725 }
1726
1727 if (rtype == sd_illegal) {
1728 sd->card_status |= ILLEGAL_COMMAND;
1729 } else {
1730 /* Valid command, we can update the 'state before command' bits.
1731 * (Do this now so they appear in r1 responses.)
1732 */
1733 sd->current_cmd = req->cmd;
1734 sd->card_status &= ~CURRENT_STATE;
1735 sd->card_status |= (last_state << 9);
1736 }
1737
1738 send_response:
1739 switch (rtype) {
1740 case sd_r1:
1741 case sd_r1b:
1742 sd_response_r1_make(sd, response);
1743 rsplen = 4;
1744 break;
1745
1746 case sd_r2_i:
1747 memcpy(response, sd->cid, sizeof(sd->cid));
1748 rsplen = 16;
1749 break;
1750
1751 case sd_r2_s:
1752 memcpy(response, sd->csd, sizeof(sd->csd));
1753 rsplen = 16;
1754 break;
1755
1756 case sd_r3:
1757 sd_response_r3_make(sd, response);
1758 rsplen = 4;
1759 break;
1760
1761 case sd_r6:
1762 sd_response_r6_make(sd, response);
1763 rsplen = 4;
1764 break;
1765
1766 case sd_r7:
1767 sd_response_r7_make(sd, response);
1768 rsplen = 4;
1769 break;
1770
1771 case sd_r0:
1772 case sd_illegal:
1773 rsplen = 0;
1774 break;
1775 default:
1776 g_assert_not_reached();
1777 }
1778 trace_sdcard_response(sd_response_name(rtype), rsplen);
1779
1780 if (rtype != sd_illegal) {
1781 /* Clear the "clear on valid command" status bits now we've
1782 * sent any response
1783 */
1784 sd->card_status &= ~CARD_STATUS_B;
1785 }
1786
1787 #ifdef DEBUG_SD
1788 qemu_hexdump(stderr, "Response", response, rsplen);
1789 #endif
1790
1791 return rsplen;
1792 }
1793
1794 static void sd_blk_read(SDState *sd, uint64_t addr, uint32_t len)
1795 {
1796 trace_sdcard_read_block(addr, len);
1797 if (!sd->blk || blk_pread(sd->blk, addr, sd->data, len) < 0) {
1798 fprintf(stderr, "sd_blk_read: read error on host side\n");
1799 }
1800 }
1801
1802 static void sd_blk_write(SDState *sd, uint64_t addr, uint32_t len)
1803 {
1804 trace_sdcard_write_block(addr, len);
1805 if (!sd->blk || blk_pwrite(sd->blk, addr, sd->data, len, 0) < 0) {
1806 fprintf(stderr, "sd_blk_write: write error on host side\n");
1807 }
1808 }
1809
1810 #define BLK_READ_BLOCK(a, len) sd_blk_read(sd, a, len)
1811 #define BLK_WRITE_BLOCK(a, len) sd_blk_write(sd, a, len)
1812 #define APP_READ_BLOCK(a, len) memset(sd->data, 0xec, len)
1813 #define APP_WRITE_BLOCK(a, len)
1814
1815 void sd_write_byte(SDState *sd, uint8_t value)
1816 {
1817 int i;
1818
1819 if (!sd->blk || !blk_is_inserted(sd->blk) || !sd->enable)
1820 return;
1821
1822 if (sd->state != sd_receivingdata_state) {
1823 qemu_log_mask(LOG_GUEST_ERROR,
1824 "%s: not in Receiving-Data state\n", __func__);
1825 return;
1826 }
1827
1828 if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION))
1829 return;
1830
1831 trace_sdcard_write_data(sd->proto_name,
1832 sd_acmd_name(sd->current_cmd),
1833 sd->current_cmd, value);
1834 switch (sd->current_cmd) {
1835 case 24: /* CMD24: WRITE_SINGLE_BLOCK */
1836 sd->data[sd->data_offset ++] = value;
1837 if (sd->data_offset >= sd->blk_len) {
1838 /* TODO: Check CRC before committing */
1839 sd->state = sd_programming_state;
1840 BLK_WRITE_BLOCK(sd->data_start, sd->data_offset);
1841 sd->blk_written ++;
1842 sd->csd[14] |= 0x40;
1843 /* Bzzzzzzztt .... Operation complete. */
1844 sd->state = sd_transfer_state;
1845 }
1846 break;
1847
1848 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
1849 if (sd->data_offset == 0) {
1850 /* Start of the block - let's check the address is valid */
1851 if (sd->data_start + sd->blk_len > sd->size) {
1852 sd->card_status |= ADDRESS_ERROR;
1853 break;
1854 }
1855 if (sd_wp_addr(sd, sd->data_start)) {
1856 sd->card_status |= WP_VIOLATION;
1857 break;
1858 }
1859 }
1860 sd->data[sd->data_offset++] = value;
1861 if (sd->data_offset >= sd->blk_len) {
1862 /* TODO: Check CRC before committing */
1863 sd->state = sd_programming_state;
1864 BLK_WRITE_BLOCK(sd->data_start, sd->data_offset);
1865 sd->blk_written++;
1866 sd->data_start += sd->blk_len;
1867 sd->data_offset = 0;
1868 sd->csd[14] |= 0x40;
1869
1870 /* Bzzzzzzztt .... Operation complete. */
1871 if (sd->multi_blk_cnt != 0) {
1872 if (--sd->multi_blk_cnt == 0) {
1873 /* Stop! */
1874 sd->state = sd_transfer_state;
1875 break;
1876 }
1877 }
1878
1879 sd->state = sd_receivingdata_state;
1880 }
1881 break;
1882
1883 case 26: /* CMD26: PROGRAM_CID */
1884 sd->data[sd->data_offset ++] = value;
1885 if (sd->data_offset >= sizeof(sd->cid)) {
1886 /* TODO: Check CRC before committing */
1887 sd->state = sd_programming_state;
1888 for (i = 0; i < sizeof(sd->cid); i ++)
1889 if ((sd->cid[i] | 0x00) != sd->data[i])
1890 sd->card_status |= CID_CSD_OVERWRITE;
1891
1892 if (!(sd->card_status & CID_CSD_OVERWRITE))
1893 for (i = 0; i < sizeof(sd->cid); i ++) {
1894 sd->cid[i] |= 0x00;
1895 sd->cid[i] &= sd->data[i];
1896 }
1897 /* Bzzzzzzztt .... Operation complete. */
1898 sd->state = sd_transfer_state;
1899 }
1900 break;
1901
1902 case 27: /* CMD27: PROGRAM_CSD */
1903 sd->data[sd->data_offset ++] = value;
1904 if (sd->data_offset >= sizeof(sd->csd)) {
1905 /* TODO: Check CRC before committing */
1906 sd->state = sd_programming_state;
1907 for (i = 0; i < sizeof(sd->csd); i ++)
1908 if ((sd->csd[i] | sd_csd_rw_mask[i]) !=
1909 (sd->data[i] | sd_csd_rw_mask[i]))
1910 sd->card_status |= CID_CSD_OVERWRITE;
1911
1912 /* Copy flag (OTP) & Permanent write protect */
1913 if (sd->csd[14] & ~sd->data[14] & 0x60)
1914 sd->card_status |= CID_CSD_OVERWRITE;
1915
1916 if (!(sd->card_status & CID_CSD_OVERWRITE))
1917 for (i = 0; i < sizeof(sd->csd); i ++) {
1918 sd->csd[i] |= sd_csd_rw_mask[i];
1919 sd->csd[i] &= sd->data[i];
1920 }
1921 /* Bzzzzzzztt .... Operation complete. */
1922 sd->state = sd_transfer_state;
1923 }
1924 break;
1925
1926 case 42: /* CMD42: LOCK_UNLOCK */
1927 sd->data[sd->data_offset ++] = value;
1928 if (sd->data_offset >= sd->blk_len) {
1929 /* TODO: Check CRC before committing */
1930 sd->state = sd_programming_state;
1931 sd_lock_command(sd);
1932 /* Bzzzzzzztt .... Operation complete. */
1933 sd->state = sd_transfer_state;
1934 }
1935 break;
1936
1937 case 56: /* CMD56: GEN_CMD */
1938 sd->data[sd->data_offset ++] = value;
1939 if (sd->data_offset >= sd->blk_len) {
1940 APP_WRITE_BLOCK(sd->data_start, sd->data_offset);
1941 sd->state = sd_transfer_state;
1942 }
1943 break;
1944
1945 default:
1946 qemu_log_mask(LOG_GUEST_ERROR, "%s: unknown command\n", __func__);
1947 break;
1948 }
1949 }
1950
1951 #define SD_TUNING_BLOCK_SIZE 64
1952
1953 static const uint8_t sd_tuning_block_pattern[SD_TUNING_BLOCK_SIZE] = {
1954 /* See: Physical Layer Simplified Specification Version 3.01, Table 4-2 */
1955 0xff, 0x0f, 0xff, 0x00, 0x0f, 0xfc, 0xc3, 0xcc,
1956 0xc3, 0x3c, 0xcc, 0xff, 0xfe, 0xff, 0xfe, 0xef,
1957 0xff, 0xdf, 0xff, 0xdd, 0xff, 0xfb, 0xff, 0xfb,
1958 0xbf, 0xff, 0x7f, 0xff, 0x77, 0xf7, 0xbd, 0xef,
1959 0xff, 0xf0, 0xff, 0xf0, 0x0f, 0xfc, 0xcc, 0x3c,
1960 0xcc, 0x33, 0xcc, 0xcf, 0xff, 0xef, 0xff, 0xee,
1961 0xff, 0xfd, 0xff, 0xfd, 0xdf, 0xff, 0xbf, 0xff,
1962 0xbb, 0xff, 0xf7, 0xff, 0xf7, 0x7f, 0x7b, 0xde,
1963 };
1964
1965 uint8_t sd_read_byte(SDState *sd)
1966 {
1967 /* TODO: Append CRCs */
1968 uint8_t ret;
1969 int io_len;
1970
1971 if (!sd->blk || !blk_is_inserted(sd->blk) || !sd->enable)
1972 return 0x00;
1973
1974 if (sd->state != sd_sendingdata_state) {
1975 qemu_log_mask(LOG_GUEST_ERROR,
1976 "%s: not in Sending-Data state\n", __func__);
1977 return 0x00;
1978 }
1979
1980 if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION))
1981 return 0x00;
1982
1983 io_len = (sd->ocr & (1 << 30)) ? 512 : sd->blk_len;
1984
1985 trace_sdcard_read_data(sd->proto_name,
1986 sd_acmd_name(sd->current_cmd),
1987 sd->current_cmd, io_len);
1988 switch (sd->current_cmd) {
1989 case 6: /* CMD6: SWITCH_FUNCTION */
1990 ret = sd->data[sd->data_offset ++];
1991
1992 if (sd->data_offset >= 64)
1993 sd->state = sd_transfer_state;
1994 break;
1995
1996 case 9: /* CMD9: SEND_CSD */
1997 case 10: /* CMD10: SEND_CID */
1998 ret = sd->data[sd->data_offset ++];
1999
2000 if (sd->data_offset >= 16)
2001 sd->state = sd_transfer_state;
2002 break;
2003
2004 case 13: /* ACMD13: SD_STATUS */
2005 ret = sd->sd_status[sd->data_offset ++];
2006
2007 if (sd->data_offset >= sizeof(sd->sd_status))
2008 sd->state = sd_transfer_state;
2009 break;
2010
2011 case 17: /* CMD17: READ_SINGLE_BLOCK */
2012 if (sd->data_offset == 0)
2013 BLK_READ_BLOCK(sd->data_start, io_len);
2014 ret = sd->data[sd->data_offset ++];
2015
2016 if (sd->data_offset >= io_len)
2017 sd->state = sd_transfer_state;
2018 break;
2019
2020 case 18: /* CMD18: READ_MULTIPLE_BLOCK */
2021 if (sd->data_offset == 0) {
2022 if (sd->data_start + io_len > sd->size) {
2023 sd->card_status |= ADDRESS_ERROR;
2024 return 0x00;
2025 }
2026 BLK_READ_BLOCK(sd->data_start, io_len);
2027 }
2028 ret = sd->data[sd->data_offset ++];
2029
2030 if (sd->data_offset >= io_len) {
2031 sd->data_start += io_len;
2032 sd->data_offset = 0;
2033
2034 if (sd->multi_blk_cnt != 0) {
2035 if (--sd->multi_blk_cnt == 0) {
2036 /* Stop! */
2037 sd->state = sd_transfer_state;
2038 break;
2039 }
2040 }
2041 }
2042 break;
2043
2044 case 19: /* CMD19: SEND_TUNING_BLOCK (SD) */
2045 if (sd->data_offset >= SD_TUNING_BLOCK_SIZE - 1) {
2046 sd->state = sd_transfer_state;
2047 }
2048 ret = sd_tuning_block_pattern[sd->data_offset++];
2049 break;
2050
2051 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
2052 ret = sd->data[sd->data_offset ++];
2053
2054 if (sd->data_offset >= 4)
2055 sd->state = sd_transfer_state;
2056 break;
2057
2058 case 30: /* CMD30: SEND_WRITE_PROT */
2059 ret = sd->data[sd->data_offset ++];
2060
2061 if (sd->data_offset >= 4)
2062 sd->state = sd_transfer_state;
2063 break;
2064
2065 case 51: /* ACMD51: SEND_SCR */
2066 ret = sd->scr[sd->data_offset ++];
2067
2068 if (sd->data_offset >= sizeof(sd->scr))
2069 sd->state = sd_transfer_state;
2070 break;
2071
2072 case 56: /* CMD56: GEN_CMD */
2073 if (sd->data_offset == 0)
2074 APP_READ_BLOCK(sd->data_start, sd->blk_len);
2075 ret = sd->data[sd->data_offset ++];
2076
2077 if (sd->data_offset >= sd->blk_len)
2078 sd->state = sd_transfer_state;
2079 break;
2080
2081 default:
2082 qemu_log_mask(LOG_GUEST_ERROR, "%s: unknown command\n", __func__);
2083 return 0x00;
2084 }
2085
2086 return ret;
2087 }
2088
2089 static bool sd_data_ready(SDState *sd)
2090 {
2091 return sd->state == sd_sendingdata_state;
2092 }
2093
2094 void sd_enable(SDState *sd, bool enable)
2095 {
2096 sd->enable = enable;
2097 }
2098
2099 static void sd_instance_init(Object *obj)
2100 {
2101 SDState *sd = SD_CARD(obj);
2102
2103 sd->enable = true;
2104 sd->ocr_power_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, sd_ocr_powerup, sd);
2105 }
2106
2107 static void sd_instance_finalize(Object *obj)
2108 {
2109 SDState *sd = SD_CARD(obj);
2110
2111 timer_del(sd->ocr_power_timer);
2112 timer_free(sd->ocr_power_timer);
2113 }
2114
2115 static void sd_realize(DeviceState *dev, Error **errp)
2116 {
2117 SDState *sd = SD_CARD(dev);
2118 int ret;
2119
2120 sd->proto_name = sd->spi ? "SPI" : "SD";
2121
2122 switch (sd->spec_version) {
2123 case SD_PHY_SPECv1_10_VERS
2124 ... SD_PHY_SPECv3_01_VERS:
2125 break;
2126 default:
2127 error_setg(errp, "Invalid SD card Spec version: %u", sd->spec_version);
2128 return;
2129 }
2130
2131 if (sd->blk) {
2132 int64_t blk_size;
2133
2134 if (blk_is_read_only(sd->blk)) {
2135 error_setg(errp, "Cannot use read-only drive as SD card");
2136 return;
2137 }
2138
2139 blk_size = blk_getlength(sd->blk);
2140 if (blk_size > 0 && !is_power_of_2(blk_size)) {
2141 int64_t blk_size_aligned = pow2ceil(blk_size);
2142 char *blk_size_str;
2143
2144 blk_size_str = size_to_str(blk_size);
2145 error_setg(errp, "Invalid SD card size: %s", blk_size_str);
2146 g_free(blk_size_str);
2147
2148 blk_size_str = size_to_str(blk_size_aligned);
2149 error_append_hint(errp,
2150 "SD card size has to be a power of 2, e.g. %s.\n"
2151 "You can resize disk images with"
2152 " 'qemu-img resize <imagefile> <new-size>'\n"
2153 "(note that this will lose data if you make the"
2154 " image smaller than it currently is).\n",
2155 blk_size_str);
2156 g_free(blk_size_str);
2157
2158 return;
2159 }
2160
2161 ret = blk_set_perm(sd->blk, BLK_PERM_CONSISTENT_READ | BLK_PERM_WRITE,
2162 BLK_PERM_ALL, errp);
2163 if (ret < 0) {
2164 return;
2165 }
2166 blk_set_dev_ops(sd->blk, &sd_block_ops, sd);
2167 }
2168 }
2169
2170 static Property sd_properties[] = {
2171 DEFINE_PROP_UINT8("spec_version", SDState,
2172 spec_version, SD_PHY_SPECv2_00_VERS),
2173 DEFINE_PROP_DRIVE("drive", SDState, blk),
2174 /* We do not model the chip select pin, so allow the board to select
2175 * whether card should be in SSI or MMC/SD mode. It is also up to the
2176 * board to ensure that ssi transfers only occur when the chip select
2177 * is asserted. */
2178 DEFINE_PROP_BOOL("spi", SDState, spi, false),
2179 DEFINE_PROP_END_OF_LIST()
2180 };
2181
2182 static void sd_class_init(ObjectClass *klass, void *data)
2183 {
2184 DeviceClass *dc = DEVICE_CLASS(klass);
2185 SDCardClass *sc = SD_CARD_CLASS(klass);
2186
2187 dc->realize = sd_realize;
2188 device_class_set_props(dc, sd_properties);
2189 dc->vmsd = &sd_vmstate;
2190 dc->reset = sd_reset;
2191 dc->bus_type = TYPE_SD_BUS;
2192 set_bit(DEVICE_CATEGORY_STORAGE, dc->categories);
2193
2194 sc->set_voltage = sd_set_voltage;
2195 sc->get_dat_lines = sd_get_dat_lines;
2196 sc->get_cmd_line = sd_get_cmd_line;
2197 sc->do_command = sd_do_command;
2198 sc->write_byte = sd_write_byte;
2199 sc->read_byte = sd_read_byte;
2200 sc->data_ready = sd_data_ready;
2201 sc->enable = sd_enable;
2202 sc->get_inserted = sd_get_inserted;
2203 sc->get_readonly = sd_get_readonly;
2204 }
2205
2206 static const TypeInfo sd_info = {
2207 .name = TYPE_SD_CARD,
2208 .parent = TYPE_DEVICE,
2209 .instance_size = sizeof(SDState),
2210 .class_size = sizeof(SDCardClass),
2211 .class_init = sd_class_init,
2212 .instance_init = sd_instance_init,
2213 .instance_finalize = sd_instance_finalize,
2214 };
2215
2216 static void sd_register_types(void)
2217 {
2218 type_register_static(&sd_info);
2219 }
2220
2221 type_init(sd_register_types)
AR7 emulation for QEMU