search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
hw/sd: sd: Move the sd_block_{read, write} and macros ahead
[qemu/ar7.git] / hw / sd / sd.c
blob4c6e7c2a33e7915ffe67fcc52ace7352bb7aea71
1 /*
2 * SD Memory Card emulation as defined in the "SD Memory Card Physical
3 * layer specification, Version 2.00."
4 *
5 * Copyright (c) 2006 Andrzej Zaborowski <balrog@zabor.org>
6 * Copyright (c) 2007 CodeSourcery
7 * Copyright (c) 2018 Philippe Mathieu-Daudé <f4bug@amsat.org>
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS''
21 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
22 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
23 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR
24 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
25 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
26 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
27 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
28 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
29 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
30 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
31 */
32
33 #include "qemu/osdep.h"
34 #include "qemu/units.h"
35 #include "qemu/cutils.h"
36 #include "hw/irq.h"
37 #include "hw/registerfields.h"
38 #include "sysemu/block-backend.h"
39 #include "hw/sd/sd.h"
40 #include "hw/sd/sdcard_legacy.h"
41 #include "migration/vmstate.h"
42 #include "qapi/error.h"
43 #include "qemu/bitmap.h"
44 #include "hw/qdev-properties.h"
45 #include "hw/qdev-properties-system.h"
46 #include "qemu/error-report.h"
47 #include "qemu/timer.h"
48 #include "qemu/log.h"
49 #include "qemu/module.h"
50 #include "sdmmc-internal.h"
51 #include "trace.h"
52
53 //#define DEBUG_SD 1
54
55 #define SDSC_MAX_CAPACITY (2 * GiB)
56
57 #define INVALID_ADDRESS UINT32_MAX
58
59 typedef enum {
60 sd_r0 = 0, /* no response */
61 sd_r1, /* normal response command */
62 sd_r2_i, /* CID register */
63 sd_r2_s, /* CSD register */
64 sd_r3, /* OCR register */
65 sd_r6 = 6, /* Published RCA response */
66 sd_r7, /* Operating voltage */
67 sd_r1b = -1,
68 sd_illegal = -2,
69 } sd_rsp_type_t;
70
71 enum SDCardModes {
72 sd_inactive,
73 sd_card_identification_mode,
74 sd_data_transfer_mode,
75 };
76
77 enum SDCardStates {
78 sd_inactive_state = -1,
79 sd_idle_state = 0,
80 sd_ready_state,
81 sd_identification_state,
82 sd_standby_state,
83 sd_transfer_state,
84 sd_sendingdata_state,
85 sd_receivingdata_state,
86 sd_programming_state,
87 sd_disconnect_state,
88 };
89
90 struct SDState {
91 DeviceState parent_obj;
92
93 /* If true, created by sd_init() for a non-qdevified caller */
94 /* TODO purge them with fire */
95 bool me_no_qdev_me_kill_mammoth_with_rocks;
96
97 /* SD Memory Card Registers */
98 uint32_t ocr;
99 uint8_t scr[8];
100 uint8_t cid[16];
101 uint8_t csd[16];
102 uint16_t rca;
103 uint32_t card_status;
104 uint8_t sd_status[64];
105
106 /* Static properties */
107
108 uint8_t spec_version;
109 BlockBackend *blk;
110 bool spi;
111
112 /* Runtime changeables */
113
114 uint32_t mode; /* current card mode, one of SDCardModes */
115 int32_t state; /* current card state, one of SDCardStates */
116 uint32_t vhs;
117 bool wp_switch;
118 unsigned long *wp_groups;
119 int32_t wpgrps_size;
120 uint64_t size;
121 uint32_t blk_len;
122 uint32_t multi_blk_cnt;
123 uint32_t erase_start;
124 uint32_t erase_end;
125 uint8_t pwd[16];
126 uint32_t pwd_len;
127 uint8_t function_group[6];
128 uint8_t current_cmd;
129 /* True if we will handle the next command as an ACMD. Note that this does
130 * *not* track the APP_CMD status bit!
131 */
132 bool expecting_acmd;
133 uint32_t blk_written;
134 uint64_t data_start;
135 uint32_t data_offset;
136 uint8_t data[512];
137 qemu_irq readonly_cb;
138 qemu_irq inserted_cb;
139 QEMUTimer *ocr_power_timer;
140 const char *proto_name;
141 bool enable;
142 uint8_t dat_lines;
143 bool cmd_line;
144 };
145
146 static void sd_realize(DeviceState *dev, Error **errp);
147
148 static const char *sd_state_name(enum SDCardStates state)
149 {
150 static const char *state_name[] = {
151 [sd_idle_state] = "idle",
152 [sd_ready_state] = "ready",
153 [sd_identification_state] = "identification",
154 [sd_standby_state] = "standby",
155 [sd_transfer_state] = "transfer",
156 [sd_sendingdata_state] = "sendingdata",
157 [sd_receivingdata_state] = "receivingdata",
158 [sd_programming_state] = "programming",
159 [sd_disconnect_state] = "disconnect",
160 };
161 if (state == sd_inactive_state) {
162 return "inactive";
163 }
164 assert(state < ARRAY_SIZE(state_name));
165 return state_name[state];
166 }
167
168 static const char *sd_response_name(sd_rsp_type_t rsp)
169 {
170 static const char *response_name[] = {
171 [sd_r0] = "RESP#0 (no response)",
172 [sd_r1] = "RESP#1 (normal cmd)",
173 [sd_r2_i] = "RESP#2 (CID reg)",
174 [sd_r2_s] = "RESP#2 (CSD reg)",
175 [sd_r3] = "RESP#3 (OCR reg)",
176 [sd_r6] = "RESP#6 (RCA)",
177 [sd_r7] = "RESP#7 (operating voltage)",
178 };
179 if (rsp == sd_illegal) {
180 return "ILLEGAL RESP";
181 }
182 if (rsp == sd_r1b) {
183 rsp = sd_r1;
184 }
185 assert(rsp < ARRAY_SIZE(response_name));
186 return response_name[rsp];
187 }
188
189 static uint8_t sd_get_dat_lines(SDState *sd)
190 {
191 return sd->enable ? sd->dat_lines : 0;
192 }
193
194 static bool sd_get_cmd_line(SDState *sd)
195 {
196 return sd->enable ? sd->cmd_line : false;
197 }
198
199 static void sd_set_voltage(SDState *sd, uint16_t millivolts)
200 {
201 trace_sdcard_set_voltage(millivolts);
202
203 switch (millivolts) {
204 case 3001 ... 3600: /* SD_VOLTAGE_3_3V */
205 case 2001 ... 3000: /* SD_VOLTAGE_3_0V */
206 break;
207 default:
208 qemu_log_mask(LOG_GUEST_ERROR, "SD card voltage not supported: %.3fV",
209 millivolts / 1000.f);
210 }
211 }
212
213 static void sd_set_mode(SDState *sd)
214 {
215 switch (sd->state) {
216 case sd_inactive_state:
217 sd->mode = sd_inactive;
218 break;
219
220 case sd_idle_state:
221 case sd_ready_state:
222 case sd_identification_state:
223 sd->mode = sd_card_identification_mode;
224 break;
225
226 case sd_standby_state:
227 case sd_transfer_state:
228 case sd_sendingdata_state:
229 case sd_receivingdata_state:
230 case sd_programming_state:
231 case sd_disconnect_state:
232 sd->mode = sd_data_transfer_mode;
233 break;
234 }
235 }
236
237 static const sd_cmd_type_t sd_cmd_type[SDMMC_CMD_MAX] = {
238 sd_bc, sd_none, sd_bcr, sd_bcr, sd_none, sd_none, sd_none, sd_ac,
239 sd_bcr, sd_ac, sd_ac, sd_adtc, sd_ac, sd_ac, sd_none, sd_ac,
240 /* 16 */
241 sd_ac, sd_adtc, sd_adtc, sd_none, sd_none, sd_none, sd_none, sd_none,
242 sd_adtc, sd_adtc, sd_adtc, sd_adtc, sd_ac, sd_ac, sd_adtc, sd_none,
243 /* 32 */
244 sd_ac, sd_ac, sd_none, sd_none, sd_none, sd_none, sd_ac, sd_none,
245 sd_none, sd_none, sd_bc, sd_none, sd_none, sd_none, sd_none, sd_none,
246 /* 48 */
247 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_ac,
248 sd_adtc, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
249 };
250
251 static const int sd_cmd_class[SDMMC_CMD_MAX] = {
252 0, 0, 0, 0, 0, 9, 10, 0, 0, 0, 0, 1, 0, 0, 0, 0,
253 2, 2, 2, 2, 3, 3, 3, 3, 4, 4, 4, 4, 6, 6, 6, 6,
254 5, 5, 10, 10, 10, 10, 5, 9, 9, 9, 7, 7, 7, 7, 7, 7,
255 7, 7, 10, 7, 9, 9, 9, 8, 8, 10, 8, 8, 8, 8, 8, 8,
256 };
257
258 static uint8_t sd_crc7(const void *message, size_t width)
259 {
260 int i, bit;
261 uint8_t shift_reg = 0x00;
262 const uint8_t *msg = (const uint8_t *)message;
263
264 for (i = 0; i < width; i ++, msg ++)
265 for (bit = 7; bit >= 0; bit --) {
266 shift_reg <<= 1;
267 if ((shift_reg >> 7) ^ ((*msg >> bit) & 1))
268 shift_reg ^= 0x89;
269 }
270
271 return shift_reg;
272 }
273
274 #define OCR_POWER_DELAY_NS 500000 /* 0.5ms */
275
276 FIELD(OCR, VDD_VOLTAGE_WINDOW, 0, 24)
277 FIELD(OCR, VDD_VOLTAGE_WIN_LO, 0, 8)
278 FIELD(OCR, DUAL_VOLTAGE_CARD, 7, 1)
279 FIELD(OCR, VDD_VOLTAGE_WIN_HI, 8, 16)
280 FIELD(OCR, ACCEPT_SWITCH_1V8, 24, 1) /* Only UHS-I */
281 FIELD(OCR, UHS_II_CARD, 29, 1) /* Only UHS-II */
282 FIELD(OCR, CARD_CAPACITY, 30, 1) /* 0:SDSC, 1:SDHC/SDXC */
283 FIELD(OCR, CARD_POWER_UP, 31, 1)
284
285 #define ACMD41_ENQUIRY_MASK 0x00ffffff
286 #define ACMD41_R3_MASK (R_OCR_VDD_VOLTAGE_WIN_HI_MASK \
287 | R_OCR_ACCEPT_SWITCH_1V8_MASK \
288 | R_OCR_UHS_II_CARD_MASK \
289 | R_OCR_CARD_CAPACITY_MASK \
290 | R_OCR_CARD_POWER_UP_MASK)
291
292 static void sd_set_ocr(SDState *sd)
293 {
294 /* All voltages OK */
295 sd->ocr = R_OCR_VDD_VOLTAGE_WIN_HI_MASK;
296 }
297
298 static void sd_ocr_powerup(void *opaque)
299 {
300 SDState *sd = opaque;
301
302 trace_sdcard_powerup();
303 assert(!FIELD_EX32(sd->ocr, OCR, CARD_POWER_UP));
304
305 /* card power-up OK */
306 sd->ocr = FIELD_DP32(sd->ocr, OCR, CARD_POWER_UP, 1);
307
308 if (sd->size > SDSC_MAX_CAPACITY) {
309 sd->ocr = FIELD_DP32(sd->ocr, OCR, CARD_CAPACITY, 1);
310 }
311 }
312
313 static void sd_set_scr(SDState *sd)
314 {
315 sd->scr[0] = 0 << 4; /* SCR structure version 1.0 */
316 if (sd->spec_version == SD_PHY_SPECv1_10_VERS) {
317 sd->scr[0] |= 1; /* Spec Version 1.10 */
318 } else {
319 sd->scr[0] |= 2; /* Spec Version 2.00 or Version 3.0X */
320 }
321 sd->scr[1] = (2 << 4) /* SDSC Card (Security Version 1.01) */
322 | 0b0101; /* 1-bit or 4-bit width bus modes */
323 sd->scr[2] = 0x00; /* Extended Security is not supported. */
324 if (sd->spec_version >= SD_PHY_SPECv3_01_VERS) {
325 sd->scr[2] |= 1 << 7; /* Spec Version 3.0X */
326 }
327 sd->scr[3] = 0x00;
328 /* reserved for manufacturer usage */
329 sd->scr[4] = 0x00;
330 sd->scr[5] = 0x00;
331 sd->scr[6] = 0x00;
332 sd->scr[7] = 0x00;
333 }
334
335 #define MID 0xaa
336 #define OID "XY"
337 #define PNM "QEMU!"
338 #define PRV 0x01
339 #define MDT_YR 2006
340 #define MDT_MON 2
341
342 static void sd_set_cid(SDState *sd)
343 {
344 sd->cid[0] = MID; /* Fake card manufacturer ID (MID) */
345 sd->cid[1] = OID[0]; /* OEM/Application ID (OID) */
346 sd->cid[2] = OID[1];
347 sd->cid[3] = PNM[0]; /* Fake product name (PNM) */
348 sd->cid[4] = PNM[1];
349 sd->cid[5] = PNM[2];
350 sd->cid[6] = PNM[3];
351 sd->cid[7] = PNM[4];
352 sd->cid[8] = PRV; /* Fake product revision (PRV) */
353 sd->cid[9] = 0xde; /* Fake serial number (PSN) */
354 sd->cid[10] = 0xad;
355 sd->cid[11] = 0xbe;
356 sd->cid[12] = 0xef;
357 sd->cid[13] = 0x00 | /* Manufacture date (MDT) */
358 ((MDT_YR - 2000) / 10);
359 sd->cid[14] = ((MDT_YR % 10) << 4) | MDT_MON;
360 sd->cid[15] = (sd_crc7(sd->cid, 15) << 1) | 1;
361 }
362
363 #define HWBLOCK_SHIFT 9 /* 512 bytes */
364 #define SECTOR_SHIFT 5 /* 16 kilobytes */
365 #define WPGROUP_SHIFT 7 /* 2 megs */
366 #define CMULT_SHIFT 9 /* 512 times HWBLOCK_SIZE */
367 #define WPGROUP_SIZE (1 << (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT))
368
369 static const uint8_t sd_csd_rw_mask[16] = {
370 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
371 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xfc, 0xfe,
372 };
373
374 static void sd_set_csd(SDState *sd, uint64_t size)
375 {
376 int hwblock_shift = HWBLOCK_SHIFT;
377 uint32_t csize;
378 uint32_t sectsize = (1 << (SECTOR_SHIFT + 1)) - 1;
379 uint32_t wpsize = (1 << (WPGROUP_SHIFT + 1)) - 1;
380
381 /* To indicate 2 GiB card, BLOCK_LEN shall be 1024 bytes */
382 if (size == SDSC_MAX_CAPACITY) {
383 hwblock_shift += 1;
384 }
385 csize = (size >> (CMULT_SHIFT + hwblock_shift)) - 1;
386
387 if (size <= SDSC_MAX_CAPACITY) { /* Standard Capacity SD */
388 sd->csd[0] = 0x00; /* CSD structure */
389 sd->csd[1] = 0x26; /* Data read access-time-1 */
390 sd->csd[2] = 0x00; /* Data read access-time-2 */
391 sd->csd[3] = 0x32; /* Max. data transfer rate: 25 MHz */
392 sd->csd[4] = 0x5f; /* Card Command Classes */
393 sd->csd[5] = 0x50 | /* Max. read data block length */
394 hwblock_shift;
395 sd->csd[6] = 0xe0 | /* Partial block for read allowed */
396 ((csize >> 10) & 0x03);
397 sd->csd[7] = 0x00 | /* Device size */
398 ((csize >> 2) & 0xff);
399 sd->csd[8] = 0x3f | /* Max. read current */
400 ((csize << 6) & 0xc0);
401 sd->csd[9] = 0xfc | /* Max. write current */
402 ((CMULT_SHIFT - 2) >> 1);
403 sd->csd[10] = 0x40 | /* Erase sector size */
404 (((CMULT_SHIFT - 2) << 7) & 0x80) | (sectsize >> 1);
405 sd->csd[11] = 0x00 | /* Write protect group size */
406 ((sectsize << 7) & 0x80) | wpsize;
407 sd->csd[12] = 0x90 | /* Write speed factor */
408 (hwblock_shift >> 2);
409 sd->csd[13] = 0x20 | /* Max. write data block length */
410 ((hwblock_shift << 6) & 0xc0);
411 sd->csd[14] = 0x00; /* File format group */
412 } else { /* SDHC */
413 size /= 512 * KiB;
414 size -= 1;
415 sd->csd[0] = 0x40;
416 sd->csd[1] = 0x0e;
417 sd->csd[2] = 0x00;
418 sd->csd[3] = 0x32;
419 sd->csd[4] = 0x5b;
420 sd->csd[5] = 0x59;
421 sd->csd[6] = 0x00;
422 sd->csd[7] = (size >> 16) & 0xff;
423 sd->csd[8] = (size >> 8) & 0xff;
424 sd->csd[9] = (size & 0xff);
425 sd->csd[10] = 0x7f;
426 sd->csd[11] = 0x80;
427 sd->csd[12] = 0x0a;
428 sd->csd[13] = 0x40;
429 sd->csd[14] = 0x00;
430 }
431 sd->csd[15] = (sd_crc7(sd->csd, 15) << 1) | 1;
432 }
433
434 static void sd_set_rca(SDState *sd)
435 {
436 sd->rca += 0x4567;
437 }
438
439 FIELD(CSR, AKE_SEQ_ERROR, 3, 1)
440 FIELD(CSR, APP_CMD, 5, 1)
441 FIELD(CSR, FX_EVENT, 6, 1)
442 FIELD(CSR, READY_FOR_DATA, 8, 1)
443 FIELD(CSR, CURRENT_STATE, 9, 4)
444 FIELD(CSR, ERASE_RESET, 13, 1)
445 FIELD(CSR, CARD_ECC_DISABLED, 14, 1)
446 FIELD(CSR, WP_ERASE_SKIP, 15, 1)
447 FIELD(CSR, CSD_OVERWRITE, 16, 1)
448 FIELD(CSR, DEFERRED_RESPONSE, 17, 1)
449 FIELD(CSR, ERROR, 19, 1)
450 FIELD(CSR, CC_ERROR, 20, 1)
451 FIELD(CSR, CARD_ECC_FAILED, 21, 1)
452 FIELD(CSR, ILLEGAL_COMMAND, 22, 1)
453 FIELD(CSR, COM_CRC_ERROR, 23, 1)
454 FIELD(CSR, LOCK_UNLOCK_FAILED, 24, 1)
455 FIELD(CSR, CARD_IS_LOCKED, 25, 1)
456 FIELD(CSR, WP_VIOLATION, 26, 1)
457 FIELD(CSR, ERASE_PARAM, 27, 1)
458 FIELD(CSR, ERASE_SEQ_ERROR, 28, 1)
459 FIELD(CSR, BLOCK_LEN_ERROR, 29, 1)
460 FIELD(CSR, ADDRESS_ERROR, 30, 1)
461 FIELD(CSR, OUT_OF_RANGE, 31, 1)
462
463 /* Card status bits, split by clear condition:
464 * A : According to the card current state
465 * B : Always related to the previous command
466 * C : Cleared by read
467 */
468 #define CARD_STATUS_A (R_CSR_READY_FOR_DATA_MASK \
469 | R_CSR_CARD_ECC_DISABLED_MASK \
470 | R_CSR_CARD_IS_LOCKED_MASK)
471 #define CARD_STATUS_B (R_CSR_CURRENT_STATE_MASK \
472 | R_CSR_ILLEGAL_COMMAND_MASK \
473 | R_CSR_COM_CRC_ERROR_MASK)
474 #define CARD_STATUS_C (R_CSR_AKE_SEQ_ERROR_MASK \
475 | R_CSR_APP_CMD_MASK \
476 | R_CSR_ERASE_RESET_MASK \
477 | R_CSR_WP_ERASE_SKIP_MASK \
478 | R_CSR_CSD_OVERWRITE_MASK \
479 | R_CSR_ERROR_MASK \
480 | R_CSR_CC_ERROR_MASK \
481 | R_CSR_CARD_ECC_FAILED_MASK \
482 | R_CSR_LOCK_UNLOCK_FAILED_MASK \
483 | R_CSR_WP_VIOLATION_MASK \
484 | R_CSR_ERASE_PARAM_MASK \
485 | R_CSR_ERASE_SEQ_ERROR_MASK \
486 | R_CSR_BLOCK_LEN_ERROR_MASK \
487 | R_CSR_ADDRESS_ERROR_MASK \
488 | R_CSR_OUT_OF_RANGE_MASK)
489
490 static void sd_set_cardstatus(SDState *sd)
491 {
492 sd->card_status = 0x00000100;
493 }
494
495 static void sd_set_sdstatus(SDState *sd)
496 {
497 memset(sd->sd_status, 0, 64);
498 }
499
500 static int sd_req_crc_validate(SDRequest *req)
501 {
502 uint8_t buffer[5];
503 buffer[0] = 0x40 | req->cmd;
504 stl_be_p(&buffer[1], req->arg);
505 return 0;
506 return sd_crc7(buffer, 5) != req->crc; /* TODO */
507 }
508
509 static void sd_response_r1_make(SDState *sd, uint8_t *response)
510 {
511 stl_be_p(response, sd->card_status);
512
513 /* Clear the "clear on read" status bits */
514 sd->card_status &= ~CARD_STATUS_C;
515 }
516
517 static void sd_response_r3_make(SDState *sd, uint8_t *response)
518 {
519 stl_be_p(response, sd->ocr & ACMD41_R3_MASK);
520 }
521
522 static void sd_response_r6_make(SDState *sd, uint8_t *response)
523 {
524 uint16_t status;
525
526 status = ((sd->card_status >> 8) & 0xc000) |
527 ((sd->card_status >> 6) & 0x2000) |
528 (sd->card_status & 0x1fff);
529 sd->card_status &= ~(CARD_STATUS_C & 0xc81fff);
530 stw_be_p(response + 0, sd->rca);
531 stw_be_p(response + 2, status);
532 }
533
534 static void sd_response_r7_make(SDState *sd, uint8_t *response)
535 {
536 stl_be_p(response, sd->vhs);
537 }
538
539 static inline uint64_t sd_addr_to_wpnum(uint64_t addr)
540 {
541 return addr >> (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT);
542 }
543
544 static void sd_reset(DeviceState *dev)
545 {
546 SDState *sd = SD_CARD(dev);
547 uint64_t size;
548 uint64_t sect;
549
550 trace_sdcard_reset();
551 if (sd->blk) {
552 blk_get_geometry(sd->blk, &sect);
553 } else {
554 sect = 0;
555 }
556 size = sect << 9;
557
558 sect = sd_addr_to_wpnum(size) + 1;
559
560 sd->state = sd_idle_state;
561 sd->rca = 0x0000;
562 sd_set_ocr(sd);
563 sd_set_scr(sd);
564 sd_set_cid(sd);
565 sd_set_csd(sd, size);
566 sd_set_cardstatus(sd);
567 sd_set_sdstatus(sd);
568
569 g_free(sd->wp_groups);
570 sd->wp_switch = sd->blk ? !blk_is_writable(sd->blk) : false;
571 sd->wpgrps_size = sect;
572 sd->wp_groups = bitmap_new(sd->wpgrps_size);
573 memset(sd->function_group, 0, sizeof(sd->function_group));
574 sd->erase_start = INVALID_ADDRESS;
575 sd->erase_end = INVALID_ADDRESS;
576 sd->size = size;
577 sd->blk_len = 0x200;
578 sd->pwd_len = 0;
579 sd->expecting_acmd = false;
580 sd->dat_lines = 0xf;
581 sd->cmd_line = true;
582 sd->multi_blk_cnt = 0;
583 }
584
585 static bool sd_get_inserted(SDState *sd)
586 {
587 return sd->blk && blk_is_inserted(sd->blk);
588 }
589
590 static bool sd_get_readonly(SDState *sd)
591 {
592 return sd->wp_switch;
593 }
594
595 static void sd_cardchange(void *opaque, bool load, Error **errp)
596 {
597 SDState *sd = opaque;
598 DeviceState *dev = DEVICE(sd);
599 SDBus *sdbus;
600 bool inserted = sd_get_inserted(sd);
601 bool readonly = sd_get_readonly(sd);
602
603 if (inserted) {
604 trace_sdcard_inserted(readonly);
605 sd_reset(dev);
606 } else {
607 trace_sdcard_ejected();
608 }
609
610 if (sd->me_no_qdev_me_kill_mammoth_with_rocks) {
611 qemu_set_irq(sd->inserted_cb, inserted);
612 if (inserted) {
613 qemu_set_irq(sd->readonly_cb, readonly);
614 }
615 } else {
616 sdbus = SD_BUS(qdev_get_parent_bus(dev));
617 sdbus_set_inserted(sdbus, inserted);
618 if (inserted) {
619 sdbus_set_readonly(sdbus, readonly);
620 }
621 }
622 }
623
624 static const BlockDevOps sd_block_ops = {
625 .change_media_cb = sd_cardchange,
626 };
627
628 static bool sd_ocr_vmstate_needed(void *opaque)
629 {
630 SDState *sd = opaque;
631
632 /* Include the OCR state (and timer) if it is not yet powered up */
633 return !FIELD_EX32(sd->ocr, OCR, CARD_POWER_UP);
634 }
635
636 static const VMStateDescription sd_ocr_vmstate = {
637 .name = "sd-card/ocr-state",
638 .version_id = 1,
639 .minimum_version_id = 1,
640 .needed = sd_ocr_vmstate_needed,
641 .fields = (VMStateField[]) {
642 VMSTATE_UINT32(ocr, SDState),
643 VMSTATE_TIMER_PTR(ocr_power_timer, SDState),
644 VMSTATE_END_OF_LIST()
645 },
646 };
647
648 static int sd_vmstate_pre_load(void *opaque)
649 {
650 SDState *sd = opaque;
651
652 /* If the OCR state is not included (prior versions, or not
653 * needed), then the OCR must be set as powered up. If the OCR state
654 * is included, this will be replaced by the state restore.
655 */
656 sd_ocr_powerup(sd);
657
658 return 0;
659 }
660
661 static const VMStateDescription sd_vmstate = {
662 .name = "sd-card",
663 .version_id = 2,
664 .minimum_version_id = 2,
665 .pre_load = sd_vmstate_pre_load,
666 .fields = (VMStateField[]) {
667 VMSTATE_UINT32(mode, SDState),
668 VMSTATE_INT32(state, SDState),
669 VMSTATE_UINT8_ARRAY(cid, SDState, 16),
670 VMSTATE_UINT8_ARRAY(csd, SDState, 16),
671 VMSTATE_UINT16(rca, SDState),
672 VMSTATE_UINT32(card_status, SDState),
673 VMSTATE_PARTIAL_BUFFER(sd_status, SDState, 1),
674 VMSTATE_UINT32(vhs, SDState),
675 VMSTATE_BITMAP(wp_groups, SDState, 0, wpgrps_size),
676 VMSTATE_UINT32(blk_len, SDState),
677 VMSTATE_UINT32(multi_blk_cnt, SDState),
678 VMSTATE_UINT32(erase_start, SDState),
679 VMSTATE_UINT32(erase_end, SDState),
680 VMSTATE_UINT8_ARRAY(pwd, SDState, 16),
681 VMSTATE_UINT32(pwd_len, SDState),
682 VMSTATE_UINT8_ARRAY(function_group, SDState, 6),
683 VMSTATE_UINT8(current_cmd, SDState),
684 VMSTATE_BOOL(expecting_acmd, SDState),
685 VMSTATE_UINT32(blk_written, SDState),
686 VMSTATE_UINT64(data_start, SDState),
687 VMSTATE_UINT32(data_offset, SDState),
688 VMSTATE_UINT8_ARRAY(data, SDState, 512),
689 VMSTATE_UNUSED_V(1, 512),
690 VMSTATE_BOOL(enable, SDState),
691 VMSTATE_END_OF_LIST()
692 },
693 .subsections = (const VMStateDescription*[]) {
694 &sd_ocr_vmstate,
695 NULL
696 },
697 };
698
699 /* Legacy initialization function for use by non-qdevified callers */
700 SDState *sd_init(BlockBackend *blk, bool is_spi)
701 {
702 Object *obj;
703 DeviceState *dev;
704 SDState *sd;
705 Error *err = NULL;
706
707 obj = object_new(TYPE_SD_CARD);
708 dev = DEVICE(obj);
709 if (!qdev_prop_set_drive_err(dev, "drive", blk, &err)) {
710 error_reportf_err(err, "sd_init failed: ");
711 return NULL;
712 }
713 qdev_prop_set_bit(dev, "spi", is_spi);
714
715 /*
716 * Realizing the device properly would put it into the QOM
717 * composition tree even though it is not plugged into an
718 * appropriate bus. That's a no-no. Hide the device from
719 * QOM/qdev, and call its qdev realize callback directly.
720 */
721 object_ref(obj);
722 object_unparent(obj);
723 sd_realize(dev, &err);
724 if (err) {
725 error_reportf_err(err, "sd_init failed: ");
726 return NULL;
727 }
728
729 sd = SD_CARD(dev);
730 sd->me_no_qdev_me_kill_mammoth_with_rocks = true;
731 return sd;
732 }
733
734 void sd_set_cb(SDState *sd, qemu_irq readonly, qemu_irq insert)
735 {
736 sd->readonly_cb = readonly;
737 sd->inserted_cb = insert;
738 qemu_set_irq(readonly, sd->blk ? !blk_is_writable(sd->blk) : 0);
739 qemu_set_irq(insert, sd->blk ? blk_is_inserted(sd->blk) : 0);
740 }
741
742 static void sd_blk_read(SDState *sd, uint64_t addr, uint32_t len)
743 {
744 trace_sdcard_read_block(addr, len);
745 if (!sd->blk || blk_pread(sd->blk, addr, sd->data, len) < 0) {
746 fprintf(stderr, "sd_blk_read: read error on host side\n");
747 }
748 }
749
750 static void sd_blk_write(SDState *sd, uint64_t addr, uint32_t len)
751 {
752 trace_sdcard_write_block(addr, len);
753 if (!sd->blk || blk_pwrite(sd->blk, addr, sd->data, len, 0) < 0) {
754 fprintf(stderr, "sd_blk_write: write error on host side\n");
755 }
756 }
757
758 #define BLK_READ_BLOCK(a, len) sd_blk_read(sd, a, len)
759 #define BLK_WRITE_BLOCK(a, len) sd_blk_write(sd, a, len)
760 #define APP_READ_BLOCK(a, len) memset(sd->data, 0xec, len)
761 #define APP_WRITE_BLOCK(a, len)
762
763 static void sd_erase(SDState *sd)
764 {
765 int i;
766 uint64_t erase_start = sd->erase_start;
767 uint64_t erase_end = sd->erase_end;
768
769 trace_sdcard_erase(sd->erase_start, sd->erase_end);
770 if (sd->erase_start == INVALID_ADDRESS
771 || sd->erase_end == INVALID_ADDRESS) {
772 sd->card_status |= ERASE_SEQ_ERROR;
773 sd->erase_start = INVALID_ADDRESS;
774 sd->erase_end = INVALID_ADDRESS;
775 return;
776 }
777
778 if (FIELD_EX32(sd->ocr, OCR, CARD_CAPACITY)) {
779 /* High capacity memory card: erase units are 512 byte blocks */
780 erase_start *= 512;
781 erase_end *= 512;
782 }
783
784 if (erase_start > sd->size || erase_end > sd->size) {
785 sd->card_status |= OUT_OF_RANGE;
786 sd->erase_start = INVALID_ADDRESS;
787 sd->erase_end = INVALID_ADDRESS;
788 return;
789 }
790
791 erase_start = sd_addr_to_wpnum(erase_start);
792 erase_end = sd_addr_to_wpnum(erase_end);
793 sd->erase_start = INVALID_ADDRESS;
794 sd->erase_end = INVALID_ADDRESS;
795 sd->csd[14] |= 0x40;
796
797 for (i = erase_start; i <= erase_end; i++) {
798 assert(i < sd->wpgrps_size);
799 if (test_bit(i, sd->wp_groups)) {
800 sd->card_status |= WP_ERASE_SKIP;
801 }
802 }
803 }
804
805 static uint32_t sd_wpbits(SDState *sd, uint64_t addr)
806 {
807 uint32_t i, wpnum;
808 uint32_t ret = 0;
809
810 wpnum = sd_addr_to_wpnum(addr);
811
812 for (i = 0; i < 32; i++, wpnum++, addr += WPGROUP_SIZE) {
813 assert(wpnum < sd->wpgrps_size);
814 if (addr < sd->size && test_bit(wpnum, sd->wp_groups)) {
815 ret |= (1 << i);
816 }
817 }
818
819 return ret;
820 }
821
822 static void sd_function_switch(SDState *sd, uint32_t arg)
823 {
824 int i, mode, new_func;
825 mode = !!(arg & 0x80000000);
826
827 sd->data[0] = 0x00; /* Maximum current consumption */
828 sd->data[1] = 0x01;
829 sd->data[2] = 0x80; /* Supported group 6 functions */
830 sd->data[3] = 0x01;
831 sd->data[4] = 0x80; /* Supported group 5 functions */
832 sd->data[5] = 0x01;
833 sd->data[6] = 0x80; /* Supported group 4 functions */
834 sd->data[7] = 0x01;
835 sd->data[8] = 0x80; /* Supported group 3 functions */
836 sd->data[9] = 0x01;
837 sd->data[10] = 0x80; /* Supported group 2 functions */
838 sd->data[11] = 0x43;
839 sd->data[12] = 0x80; /* Supported group 1 functions */
840 sd->data[13] = 0x03;
841
842 memset(&sd->data[14], 0, 3);
843 for (i = 0; i < 6; i ++) {
844 new_func = (arg >> (i * 4)) & 0x0f;
845 if (mode && new_func != 0x0f)
846 sd->function_group[i] = new_func;
847 sd->data[16 - (i >> 1)] |= new_func << ((i % 2) * 4);
848 }
849 memset(&sd->data[17], 0, 47);
850 }
851
852 static inline bool sd_wp_addr(SDState *sd, uint64_t addr)
853 {
854 return test_bit(sd_addr_to_wpnum(addr), sd->wp_groups);
855 }
856
857 static void sd_lock_command(SDState *sd)
858 {
859 int erase, lock, clr_pwd, set_pwd, pwd_len;
860 erase = !!(sd->data[0] & 0x08);
861 lock = sd->data[0] & 0x04;
862 clr_pwd = sd->data[0] & 0x02;
863 set_pwd = sd->data[0] & 0x01;
864
865 if (sd->blk_len > 1)
866 pwd_len = sd->data[1];
867 else
868 pwd_len = 0;
869
870 if (lock) {
871 trace_sdcard_lock();
872 } else {
873 trace_sdcard_unlock();
874 }
875 if (erase) {
876 if (!(sd->card_status & CARD_IS_LOCKED) || sd->blk_len > 1 ||
877 set_pwd || clr_pwd || lock || sd->wp_switch ||
878 (sd->csd[14] & 0x20)) {
879 sd->card_status |= LOCK_UNLOCK_FAILED;
880 return;
881 }
882 bitmap_zero(sd->wp_groups, sd->wpgrps_size);
883 sd->csd[14] &= ~0x10;
884 sd->card_status &= ~CARD_IS_LOCKED;
885 sd->pwd_len = 0;
886 /* Erasing the entire card here! */
887 fprintf(stderr, "SD: Card force-erased by CMD42\n");
888 return;
889 }
890
891 if (sd->blk_len < 2 + pwd_len ||
892 pwd_len <= sd->pwd_len ||
893 pwd_len > sd->pwd_len + 16) {
894 sd->card_status |= LOCK_UNLOCK_FAILED;
895 return;
896 }
897
898 if (sd->pwd_len && memcmp(sd->pwd, sd->data + 2, sd->pwd_len)) {
899 sd->card_status |= LOCK_UNLOCK_FAILED;
900 return;
901 }
902
903 pwd_len -= sd->pwd_len;
904 if ((pwd_len && !set_pwd) ||
905 (clr_pwd && (set_pwd || lock)) ||
906 (lock && !sd->pwd_len && !set_pwd) ||
907 (!set_pwd && !clr_pwd &&
908 (((sd->card_status & CARD_IS_LOCKED) && lock) ||
909 (!(sd->card_status & CARD_IS_LOCKED) && !lock)))) {
910 sd->card_status |= LOCK_UNLOCK_FAILED;
911 return;
912 }
913
914 if (set_pwd) {
915 memcpy(sd->pwd, sd->data + 2 + sd->pwd_len, pwd_len);
916 sd->pwd_len = pwd_len;
917 }
918
919 if (clr_pwd) {
920 sd->pwd_len = 0;
921 }
922
923 if (lock)
924 sd->card_status |= CARD_IS_LOCKED;
925 else
926 sd->card_status &= ~CARD_IS_LOCKED;
927 }
928
929 static sd_rsp_type_t sd_normal_command(SDState *sd, SDRequest req)
930 {
931 uint32_t rca = 0x0000;
932 uint64_t addr = (sd->ocr & (1 << 30)) ? (uint64_t) req.arg << 9 : req.arg;
933
934 /* CMD55 precedes an ACMD, so we are not interested in tracing it.
935 * However there is no ACMD55, so we want to trace this particular case.
936 */
937 if (req.cmd != 55 || sd->expecting_acmd) {
938 trace_sdcard_normal_command(sd->proto_name,
939 sd_cmd_name(req.cmd), req.cmd,
940 req.arg, sd_state_name(sd->state));
941 }
942
943 /* Not interpreting this as an app command */
944 sd->card_status &= ~APP_CMD;
945
946 if (sd_cmd_type[req.cmd] == sd_ac
947 || sd_cmd_type[req.cmd] == sd_adtc) {
948 rca = req.arg >> 16;
949 }
950
951 /* CMD23 (set block count) must be immediately followed by CMD18 or CMD25
952 * if not, its effects are cancelled */
953 if (sd->multi_blk_cnt != 0 && !(req.cmd == 18 || req.cmd == 25)) {
954 sd->multi_blk_cnt = 0;
955 }
956
957 if (sd_cmd_class[req.cmd] == 6 && FIELD_EX32(sd->ocr, OCR, CARD_CAPACITY)) {
958 /* Only Standard Capacity cards support class 6 commands */
959 return sd_illegal;
960 }
961
962 switch (req.cmd) {
963 /* Basic commands (Class 0 and Class 1) */
964 case 0: /* CMD0: GO_IDLE_STATE */
965 switch (sd->state) {
966 case sd_inactive_state:
967 return sd->spi ? sd_r1 : sd_r0;
968
969 default:
970 sd->state = sd_idle_state;
971 sd_reset(DEVICE(sd));
972 return sd->spi ? sd_r1 : sd_r0;
973 }
974 break;
975
976 case 1: /* CMD1: SEND_OP_CMD */
977 if (!sd->spi)
978 goto bad_cmd;
979
980 sd->state = sd_transfer_state;
981 return sd_r1;
982
983 case 2: /* CMD2: ALL_SEND_CID */
984 if (sd->spi)
985 goto bad_cmd;
986 switch (sd->state) {
987 case sd_ready_state:
988 sd->state = sd_identification_state;
989 return sd_r2_i;
990
991 default:
992 break;
993 }
994 break;
995
996 case 3: /* CMD3: SEND_RELATIVE_ADDR */
997 if (sd->spi)
998 goto bad_cmd;
999 switch (sd->state) {
1000 case sd_identification_state:
1001 case sd_standby_state:
1002 sd->state = sd_standby_state;
1003 sd_set_rca(sd);
1004 return sd_r6;
1005
1006 default:
1007 break;
1008 }
1009 break;
1010
1011 case 4: /* CMD4: SEND_DSR */
1012 if (sd->spi)
1013 goto bad_cmd;
1014 switch (sd->state) {
1015 case sd_standby_state:
1016 break;
1017
1018 default:
1019 break;
1020 }
1021 break;
1022
1023 case 5: /* CMD5: reserved for SDIO cards */
1024 return sd_illegal;
1025
1026 case 6: /* CMD6: SWITCH_FUNCTION */
1027 switch (sd->mode) {
1028 case sd_data_transfer_mode:
1029 sd_function_switch(sd, req.arg);
1030 sd->state = sd_sendingdata_state;
1031 sd->data_start = 0;
1032 sd->data_offset = 0;
1033 return sd_r1;
1034
1035 default:
1036 break;
1037 }
1038 break;
1039
1040 case 7: /* CMD7: SELECT/DESELECT_CARD */
1041 if (sd->spi)
1042 goto bad_cmd;
1043 switch (sd->state) {
1044 case sd_standby_state:
1045 if (sd->rca != rca)
1046 return sd_r0;
1047
1048 sd->state = sd_transfer_state;
1049 return sd_r1b;
1050
1051 case sd_transfer_state:
1052 case sd_sendingdata_state:
1053 if (sd->rca == rca)
1054 break;
1055
1056 sd->state = sd_standby_state;
1057 return sd_r1b;
1058
1059 case sd_disconnect_state:
1060 if (sd->rca != rca)
1061 return sd_r0;
1062
1063 sd->state = sd_programming_state;
1064 return sd_r1b;
1065
1066 case sd_programming_state:
1067 if (sd->rca == rca)
1068 break;
1069
1070 sd->state = sd_disconnect_state;
1071 return sd_r1b;
1072
1073 default:
1074 break;
1075 }
1076 break;
1077
1078 case 8: /* CMD8: SEND_IF_COND */
1079 if (sd->spec_version < SD_PHY_SPECv2_00_VERS) {
1080 break;
1081 }
1082 if (sd->state != sd_idle_state) {
1083 break;
1084 }
1085 sd->vhs = 0;
1086
1087 /* No response if not exactly one VHS bit is set. */
1088 if (!(req.arg >> 8) || (req.arg >> (ctz32(req.arg & ~0xff) + 1))) {
1089 return sd->spi ? sd_r7 : sd_r0;
1090 }
1091
1092 /* Accept. */
1093 sd->vhs = req.arg;
1094 return sd_r7;
1095
1096 case 9: /* CMD9: SEND_CSD */
1097 switch (sd->state) {
1098 case sd_standby_state:
1099 if (sd->rca != rca)
1100 return sd_r0;
1101
1102 return sd_r2_s;
1103
1104 case sd_transfer_state:
1105 if (!sd->spi)
1106 break;
1107 sd->state = sd_sendingdata_state;
1108 memcpy(sd->data, sd->csd, 16);
1109 sd->data_start = addr;
1110 sd->data_offset = 0;
1111 return sd_r1;
1112
1113 default:
1114 break;
1115 }
1116 break;
1117
1118 case 10: /* CMD10: SEND_CID */
1119 switch (sd->state) {
1120 case sd_standby_state:
1121 if (sd->rca != rca)
1122 return sd_r0;
1123
1124 return sd_r2_i;
1125
1126 case sd_transfer_state:
1127 if (!sd->spi)
1128 break;
1129 sd->state = sd_sendingdata_state;
1130 memcpy(sd->data, sd->cid, 16);
1131 sd->data_start = addr;
1132 sd->data_offset = 0;
1133 return sd_r1;
1134
1135 default:
1136 break;
1137 }
1138 break;
1139
1140 case 12: /* CMD12: STOP_TRANSMISSION */
1141 switch (sd->state) {
1142 case sd_sendingdata_state:
1143 sd->state = sd_transfer_state;
1144 return sd_r1b;
1145
1146 case sd_receivingdata_state:
1147 sd->state = sd_programming_state;
1148 /* Bzzzzzzztt .... Operation complete. */
1149 sd->state = sd_transfer_state;
1150 return sd_r1b;
1151
1152 default:
1153 break;
1154 }
1155 break;
1156
1157 case 13: /* CMD13: SEND_STATUS */
1158 switch (sd->mode) {
1159 case sd_data_transfer_mode:
1160 if (sd->rca != rca)
1161 return sd_r0;
1162
1163 return sd_r1;
1164
1165 default:
1166 break;
1167 }
1168 break;
1169
1170 case 15: /* CMD15: GO_INACTIVE_STATE */
1171 if (sd->spi)
1172 goto bad_cmd;
1173 switch (sd->mode) {
1174 case sd_data_transfer_mode:
1175 if (sd->rca != rca)
1176 return sd_r0;
1177
1178 sd->state = sd_inactive_state;
1179 return sd_r0;
1180
1181 default:
1182 break;
1183 }
1184 break;
1185
1186 /* Block read commands (Classs 2) */
1187 case 16: /* CMD16: SET_BLOCKLEN */
1188 switch (sd->state) {
1189 case sd_transfer_state:
1190 if (req.arg > (1 << HWBLOCK_SHIFT)) {
1191 sd->card_status |= BLOCK_LEN_ERROR;
1192 } else {
1193 trace_sdcard_set_blocklen(req.arg);
1194 sd->blk_len = req.arg;
1195 }
1196
1197 return sd_r1;
1198
1199 default:
1200 break;
1201 }
1202 break;
1203
1204 case 17: /* CMD17: READ_SINGLE_BLOCK */
1205 case 18: /* CMD18: READ_MULTIPLE_BLOCK */
1206 switch (sd->state) {
1207 case sd_transfer_state:
1208
1209 if (addr + sd->blk_len > sd->size) {
1210 sd->card_status |= ADDRESS_ERROR;
1211 return sd_r1;
1212 }
1213
1214 sd->state = sd_sendingdata_state;
1215 sd->data_start = addr;
1216 sd->data_offset = 0;
1217 return sd_r1;
1218
1219 default:
1220 break;
1221 }
1222 break;
1223
1224 case 19: /* CMD19: SEND_TUNING_BLOCK (SD) */
1225 if (sd->spec_version < SD_PHY_SPECv3_01_VERS) {
1226 break;
1227 }
1228 if (sd->state == sd_transfer_state) {
1229 sd->state = sd_sendingdata_state;
1230 sd->data_offset = 0;
1231 return sd_r1;
1232 }
1233 break;
1234
1235 case 23: /* CMD23: SET_BLOCK_COUNT */
1236 if (sd->spec_version < SD_PHY_SPECv3_01_VERS) {
1237 break;
1238 }
1239 switch (sd->state) {
1240 case sd_transfer_state:
1241 sd->multi_blk_cnt = req.arg;
1242 return sd_r1;
1243
1244 default:
1245 break;
1246 }
1247 break;
1248
1249 /* Block write commands (Class 4) */
1250 case 24: /* CMD24: WRITE_SINGLE_BLOCK */
1251 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
1252 switch (sd->state) {
1253 case sd_transfer_state:
1254
1255 if (addr + sd->blk_len > sd->size) {
1256 sd->card_status |= ADDRESS_ERROR;
1257 return sd_r1;
1258 }
1259
1260 sd->state = sd_receivingdata_state;
1261 sd->data_start = addr;
1262 sd->data_offset = 0;
1263 sd->blk_written = 0;
1264
1265 if (sd_wp_addr(sd, sd->data_start)) {
1266 sd->card_status |= WP_VIOLATION;
1267 }
1268 if (sd->csd[14] & 0x30) {
1269 sd->card_status |= WP_VIOLATION;
1270 }
1271 return sd_r1;
1272
1273 default:
1274 break;
1275 }
1276 break;
1277
1278 case 26: /* CMD26: PROGRAM_CID */
1279 if (sd->spi)
1280 goto bad_cmd;
1281 switch (sd->state) {
1282 case sd_transfer_state:
1283 sd->state = sd_receivingdata_state;
1284 sd->data_start = 0;
1285 sd->data_offset = 0;
1286 return sd_r1;
1287
1288 default:
1289 break;
1290 }
1291 break;
1292
1293 case 27: /* CMD27: PROGRAM_CSD */
1294 switch (sd->state) {
1295 case sd_transfer_state:
1296 sd->state = sd_receivingdata_state;
1297 sd->data_start = 0;
1298 sd->data_offset = 0;
1299 return sd_r1;
1300
1301 default:
1302 break;
1303 }
1304 break;
1305
1306 /* Write protection (Class 6) */
1307 case 28: /* CMD28: SET_WRITE_PROT */
1308 if (sd->size > SDSC_MAX_CAPACITY) {
1309 return sd_illegal;
1310 }
1311
1312 switch (sd->state) {
1313 case sd_transfer_state:
1314 if (addr >= sd->size) {
1315 sd->card_status |= ADDRESS_ERROR;
1316 return sd_r1b;
1317 }
1318
1319 sd->state = sd_programming_state;
1320 set_bit(sd_addr_to_wpnum(addr), sd->wp_groups);
1321 /* Bzzzzzzztt .... Operation complete. */
1322 sd->state = sd_transfer_state;
1323 return sd_r1b;
1324
1325 default:
1326 break;
1327 }
1328 break;
1329
1330 case 29: /* CMD29: CLR_WRITE_PROT */
1331 if (sd->size > SDSC_MAX_CAPACITY) {
1332 return sd_illegal;
1333 }
1334
1335 switch (sd->state) {
1336 case sd_transfer_state:
1337 if (addr >= sd->size) {
1338 sd->card_status |= ADDRESS_ERROR;
1339 return sd_r1b;
1340 }
1341
1342 sd->state = sd_programming_state;
1343 clear_bit(sd_addr_to_wpnum(addr), sd->wp_groups);
1344 /* Bzzzzzzztt .... Operation complete. */
1345 sd->state = sd_transfer_state;
1346 return sd_r1b;
1347
1348 default:
1349 break;
1350 }
1351 break;
1352
1353 case 30: /* CMD30: SEND_WRITE_PROT */
1354 if (sd->size > SDSC_MAX_CAPACITY) {
1355 return sd_illegal;
1356 }
1357
1358 switch (sd->state) {
1359 case sd_transfer_state:
1360 sd->state = sd_sendingdata_state;
1361 *(uint32_t *) sd->data = sd_wpbits(sd, req.arg);
1362 sd->data_start = addr;
1363 sd->data_offset = 0;
1364 return sd_r1;
1365
1366 default:
1367 break;
1368 }
1369 break;
1370
1371 /* Erase commands (Class 5) */
1372 case 32: /* CMD32: ERASE_WR_BLK_START */
1373 switch (sd->state) {
1374 case sd_transfer_state:
1375 sd->erase_start = req.arg;
1376 return sd_r1;
1377
1378 default:
1379 break;
1380 }
1381 break;
1382
1383 case 33: /* CMD33: ERASE_WR_BLK_END */
1384 switch (sd->state) {
1385 case sd_transfer_state:
1386 sd->erase_end = req.arg;
1387 return sd_r1;
1388
1389 default:
1390 break;
1391 }
1392 break;
1393
1394 case 38: /* CMD38: ERASE */
1395 switch (sd->state) {
1396 case sd_transfer_state:
1397 if (sd->csd[14] & 0x30) {
1398 sd->card_status |= WP_VIOLATION;
1399 return sd_r1b;
1400 }
1401
1402 sd->state = sd_programming_state;
1403 sd_erase(sd);
1404 /* Bzzzzzzztt .... Operation complete. */
1405 sd->state = sd_transfer_state;
1406 return sd_r1b;
1407
1408 default:
1409 break;
1410 }
1411 break;
1412
1413 /* Lock card commands (Class 7) */
1414 case 42: /* CMD42: LOCK_UNLOCK */
1415 switch (sd->state) {
1416 case sd_transfer_state:
1417 sd->state = sd_receivingdata_state;
1418 sd->data_start = 0;
1419 sd->data_offset = 0;
1420 return sd_r1;
1421
1422 default:
1423 break;
1424 }
1425 break;
1426
1427 case 52 ... 54:
1428 /* CMD52, CMD53, CMD54: reserved for SDIO cards
1429 * (see the SDIO Simplified Specification V2.0)
1430 * Handle as illegal command but do not complain
1431 * on stderr, as some OSes may use these in their
1432 * probing for presence of an SDIO card.
1433 */
1434 return sd_illegal;
1435
1436 /* Application specific commands (Class 8) */
1437 case 55: /* CMD55: APP_CMD */
1438 switch (sd->state) {
1439 case sd_ready_state:
1440 case sd_identification_state:
1441 case sd_inactive_state:
1442 return sd_illegal;
1443 case sd_idle_state:
1444 if (rca) {
1445 qemu_log_mask(LOG_GUEST_ERROR,
1446 "SD: illegal RCA 0x%04x for APP_CMD\n", req.cmd);
1447 }
1448 default:
1449 break;
1450 }
1451 if (!sd->spi) {
1452 if (sd->rca != rca) {
1453 return sd_r0;
1454 }
1455 }
1456 sd->expecting_acmd = true;
1457 sd->card_status |= APP_CMD;
1458 return sd_r1;
1459
1460 case 56: /* CMD56: GEN_CMD */
1461 switch (sd->state) {
1462 case sd_transfer_state:
1463 sd->data_offset = 0;
1464 if (req.arg & 1)
1465 sd->state = sd_sendingdata_state;
1466 else
1467 sd->state = sd_receivingdata_state;
1468 return sd_r1;
1469
1470 default:
1471 break;
1472 }
1473 break;
1474
1475 case 58: /* CMD58: READ_OCR (SPI) */
1476 if (!sd->spi) {
1477 goto bad_cmd;
1478 }
1479 return sd_r3;
1480
1481 case 59: /* CMD59: CRC_ON_OFF (SPI) */
1482 if (!sd->spi) {
1483 goto bad_cmd;
1484 }
1485 return sd_r1;
1486
1487 default:
1488 bad_cmd:
1489 qemu_log_mask(LOG_GUEST_ERROR, "SD: Unknown CMD%i\n", req.cmd);
1490 return sd_illegal;
1491 }
1492
1493 qemu_log_mask(LOG_GUEST_ERROR, "SD: CMD%i in a wrong state\n", req.cmd);
1494 return sd_illegal;
1495 }
1496
1497 static sd_rsp_type_t sd_app_command(SDState *sd,
1498 SDRequest req)
1499 {
1500 trace_sdcard_app_command(sd->proto_name, sd_acmd_name(req.cmd),
1501 req.cmd, req.arg, sd_state_name(sd->state));
1502 sd->card_status |= APP_CMD;
1503 switch (req.cmd) {
1504 case 6: /* ACMD6: SET_BUS_WIDTH */
1505 if (sd->spi) {
1506 goto unimplemented_spi_cmd;
1507 }
1508 switch (sd->state) {
1509 case sd_transfer_state:
1510 sd->sd_status[0] &= 0x3f;
1511 sd->sd_status[0] |= (req.arg & 0x03) << 6;
1512 return sd_r1;
1513
1514 default:
1515 break;
1516 }
1517 break;
1518
1519 case 13: /* ACMD13: SD_STATUS */
1520 switch (sd->state) {
1521 case sd_transfer_state:
1522 sd->state = sd_sendingdata_state;
1523 sd->data_start = 0;
1524 sd->data_offset = 0;
1525 return sd_r1;
1526
1527 default:
1528 break;
1529 }
1530 break;
1531
1532 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
1533 switch (sd->state) {
1534 case sd_transfer_state:
1535 *(uint32_t *) sd->data = sd->blk_written;
1536
1537 sd->state = sd_sendingdata_state;
1538 sd->data_start = 0;
1539 sd->data_offset = 0;
1540 return sd_r1;
1541
1542 default:
1543 break;
1544 }
1545 break;
1546
1547 case 23: /* ACMD23: SET_WR_BLK_ERASE_COUNT */
1548 switch (sd->state) {
1549 case sd_transfer_state:
1550 return sd_r1;
1551
1552 default:
1553 break;
1554 }
1555 break;
1556
1557 case 41: /* ACMD41: SD_APP_OP_COND */
1558 if (sd->spi) {
1559 /* SEND_OP_CMD */
1560 sd->state = sd_transfer_state;
1561 return sd_r1;
1562 }
1563 if (sd->state != sd_idle_state) {
1564 break;
1565 }
1566 /* If it's the first ACMD41 since reset, we need to decide
1567 * whether to power up. If this is not an enquiry ACMD41,
1568 * we immediately report power on and proceed below to the
1569 * ready state, but if it is, we set a timer to model a
1570 * delay for power up. This works around a bug in EDK2
1571 * UEFI, which sends an initial enquiry ACMD41, but
1572 * assumes that the card is in ready state as soon as it
1573 * sees the power up bit set. */
1574 if (!FIELD_EX32(sd->ocr, OCR, CARD_POWER_UP)) {
1575 if ((req.arg & ACMD41_ENQUIRY_MASK) != 0) {
1576 timer_del(sd->ocr_power_timer);
1577 sd_ocr_powerup(sd);
1578 } else {
1579 trace_sdcard_inquiry_cmd41();
1580 if (!timer_pending(sd->ocr_power_timer)) {
1581 timer_mod_ns(sd->ocr_power_timer,
1582 (qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL)
1583 + OCR_POWER_DELAY_NS));
1584 }
1585 }
1586 }
1587
1588 if (FIELD_EX32(sd->ocr & req.arg, OCR, VDD_VOLTAGE_WINDOW)) {
1589 /* We accept any voltage. 10000 V is nothing.
1590 *
1591 * Once we're powered up, we advance straight to ready state
1592 * unless it's an enquiry ACMD41 (bits 23:0 == 0).
1593 */
1594 sd->state = sd_ready_state;
1595 }
1596
1597 return sd_r3;
1598
1599 case 42: /* ACMD42: SET_CLR_CARD_DETECT */
1600 switch (sd->state) {
1601 case sd_transfer_state:
1602 /* Bringing in the 50KOhm pull-up resistor... Done. */
1603 return sd_r1;
1604
1605 default:
1606 break;
1607 }
1608 break;
1609
1610 case 51: /* ACMD51: SEND_SCR */
1611 switch (sd->state) {
1612 case sd_transfer_state:
1613 sd->state = sd_sendingdata_state;
1614 sd->data_start = 0;
1615 sd->data_offset = 0;
1616 return sd_r1;
1617
1618 default:
1619 break;
1620 }
1621 break;
1622
1623 case 18: /* Reserved for SD security applications */
1624 case 25:
1625 case 26:
1626 case 38:
1627 case 43 ... 49:
1628 /* Refer to the "SD Specifications Part3 Security Specification" for
1629 * information about the SD Security Features.
1630 */
1631 qemu_log_mask(LOG_UNIMP, "SD: CMD%i Security not implemented\n",
1632 req.cmd);
1633 return sd_illegal;
1634
1635 default:
1636 /* Fall back to standard commands. */
1637 return sd_normal_command(sd, req);
1638
1639 unimplemented_spi_cmd:
1640 /* Commands that are recognised but not yet implemented in SPI mode. */
1641 qemu_log_mask(LOG_UNIMP, "SD: CMD%i not implemented in SPI mode\n",
1642 req.cmd);
1643 return sd_illegal;
1644 }
1645
1646 qemu_log_mask(LOG_GUEST_ERROR, "SD: ACMD%i in a wrong state\n", req.cmd);
1647 return sd_illegal;
1648 }
1649
1650 static int cmd_valid_while_locked(SDState *sd, const uint8_t cmd)
1651 {
1652 /* Valid commands in locked state:
1653 * basic class (0)
1654 * lock card class (7)
1655 * CMD16
1656 * implicitly, the ACMD prefix CMD55
1657 * ACMD41 and ACMD42
1658 * Anything else provokes an "illegal command" response.
1659 */
1660 if (sd->expecting_acmd) {
1661 return cmd == 41 || cmd == 42;
1662 }
1663 if (cmd == 16 || cmd == 55) {
1664 return 1;
1665 }
1666 return sd_cmd_class[cmd] == 0 || sd_cmd_class[cmd] == 7;
1667 }
1668
1669 int sd_do_command(SDState *sd, SDRequest *req,
1670 uint8_t *response) {
1671 int last_state;
1672 sd_rsp_type_t rtype;
1673 int rsplen;
1674
1675 if (!sd->blk || !blk_is_inserted(sd->blk) || !sd->enable) {
1676 return 0;
1677 }
1678
1679 if (sd_req_crc_validate(req)) {
1680 sd->card_status |= COM_CRC_ERROR;
1681 rtype = sd_illegal;
1682 goto send_response;
1683 }
1684
1685 if (req->cmd >= SDMMC_CMD_MAX) {
1686 qemu_log_mask(LOG_GUEST_ERROR, "SD: incorrect command 0x%02x\n",
1687 req->cmd);
1688 req->cmd &= 0x3f;
1689 }
1690
1691 if (sd->card_status & CARD_IS_LOCKED) {
1692 if (!cmd_valid_while_locked(sd, req->cmd)) {
1693 sd->card_status |= ILLEGAL_COMMAND;
1694 sd->expecting_acmd = false;
1695 qemu_log_mask(LOG_GUEST_ERROR, "SD: Card is locked\n");
1696 rtype = sd_illegal;
1697 goto send_response;
1698 }
1699 }
1700
1701 last_state = sd->state;
1702 sd_set_mode(sd);
1703
1704 if (sd->expecting_acmd) {
1705 sd->expecting_acmd = false;
1706 rtype = sd_app_command(sd, *req);
1707 } else {
1708 rtype = sd_normal_command(sd, *req);
1709 }
1710
1711 if (rtype == sd_illegal) {
1712 sd->card_status |= ILLEGAL_COMMAND;
1713 } else {
1714 /* Valid command, we can update the 'state before command' bits.
1715 * (Do this now so they appear in r1 responses.)
1716 */
1717 sd->current_cmd = req->cmd;
1718 sd->card_status &= ~CURRENT_STATE;
1719 sd->card_status |= (last_state << 9);
1720 }
1721
1722 send_response:
1723 switch (rtype) {
1724 case sd_r1:
1725 case sd_r1b:
1726 sd_response_r1_make(sd, response);
1727 rsplen = 4;
1728 break;
1729
1730 case sd_r2_i:
1731 memcpy(response, sd->cid, sizeof(sd->cid));
1732 rsplen = 16;
1733 break;
1734
1735 case sd_r2_s:
1736 memcpy(response, sd->csd, sizeof(sd->csd));
1737 rsplen = 16;
1738 break;
1739
1740 case sd_r3:
1741 sd_response_r3_make(sd, response);
1742 rsplen = 4;
1743 break;
1744
1745 case sd_r6:
1746 sd_response_r6_make(sd, response);
1747 rsplen = 4;
1748 break;
1749
1750 case sd_r7:
1751 sd_response_r7_make(sd, response);
1752 rsplen = 4;
1753 break;
1754
1755 case sd_r0:
1756 case sd_illegal:
1757 rsplen = 0;
1758 break;
1759 default:
1760 g_assert_not_reached();
1761 }
1762 trace_sdcard_response(sd_response_name(rtype), rsplen);
1763
1764 if (rtype != sd_illegal) {
1765 /* Clear the "clear on valid command" status bits now we've
1766 * sent any response
1767 */
1768 sd->card_status &= ~CARD_STATUS_B;
1769 }
1770
1771 #ifdef DEBUG_SD
1772 qemu_hexdump(stderr, "Response", response, rsplen);
1773 #endif
1774
1775 return rsplen;
1776 }
1777
1778 void sd_write_byte(SDState *sd, uint8_t value)
1779 {
1780 int i;
1781
1782 if (!sd->blk || !blk_is_inserted(sd->blk) || !sd->enable)
1783 return;
1784
1785 if (sd->state != sd_receivingdata_state) {
1786 qemu_log_mask(LOG_GUEST_ERROR,
1787 "%s: not in Receiving-Data state\n", __func__);
1788 return;
1789 }
1790
1791 if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION))
1792 return;
1793
1794 trace_sdcard_write_data(sd->proto_name,
1795 sd_acmd_name(sd->current_cmd),
1796 sd->current_cmd, value);
1797 switch (sd->current_cmd) {
1798 case 24: /* CMD24: WRITE_SINGLE_BLOCK */
1799 sd->data[sd->data_offset ++] = value;
1800 if (sd->data_offset >= sd->blk_len) {
1801 /* TODO: Check CRC before committing */
1802 sd->state = sd_programming_state;
1803 BLK_WRITE_BLOCK(sd->data_start, sd->data_offset);
1804 sd->blk_written ++;
1805 sd->csd[14] |= 0x40;
1806 /* Bzzzzzzztt .... Operation complete. */
1807 sd->state = sd_transfer_state;
1808 }
1809 break;
1810
1811 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
1812 if (sd->data_offset == 0) {
1813 /* Start of the block - let's check the address is valid */
1814 if (sd->data_start + sd->blk_len > sd->size) {
1815 sd->card_status |= ADDRESS_ERROR;
1816 break;
1817 }
1818 if (sd_wp_addr(sd, sd->data_start)) {
1819 sd->card_status |= WP_VIOLATION;
1820 break;
1821 }
1822 }
1823 sd->data[sd->data_offset++] = value;
1824 if (sd->data_offset >= sd->blk_len) {
1825 /* TODO: Check CRC before committing */
1826 sd->state = sd_programming_state;
1827 BLK_WRITE_BLOCK(sd->data_start, sd->data_offset);
1828 sd->blk_written++;
1829 sd->data_start += sd->blk_len;
1830 sd->data_offset = 0;
1831 sd->csd[14] |= 0x40;
1832
1833 /* Bzzzzzzztt .... Operation complete. */
1834 if (sd->multi_blk_cnt != 0) {
1835 if (--sd->multi_blk_cnt == 0) {
1836 /* Stop! */
1837 sd->state = sd_transfer_state;
1838 break;
1839 }
1840 }
1841
1842 sd->state = sd_receivingdata_state;
1843 }
1844 break;
1845
1846 case 26: /* CMD26: PROGRAM_CID */
1847 sd->data[sd->data_offset ++] = value;
1848 if (sd->data_offset >= sizeof(sd->cid)) {
1849 /* TODO: Check CRC before committing */
1850 sd->state = sd_programming_state;
1851 for (i = 0; i < sizeof(sd->cid); i ++)
1852 if ((sd->cid[i] | 0x00) != sd->data[i])
1853 sd->card_status |= CID_CSD_OVERWRITE;
1854
1855 if (!(sd->card_status & CID_CSD_OVERWRITE))
1856 for (i = 0; i < sizeof(sd->cid); i ++) {
1857 sd->cid[i] |= 0x00;
1858 sd->cid[i] &= sd->data[i];
1859 }
1860 /* Bzzzzzzztt .... Operation complete. */
1861 sd->state = sd_transfer_state;
1862 }
1863 break;
1864
1865 case 27: /* CMD27: PROGRAM_CSD */
1866 sd->data[sd->data_offset ++] = value;
1867 if (sd->data_offset >= sizeof(sd->csd)) {
1868 /* TODO: Check CRC before committing */
1869 sd->state = sd_programming_state;
1870 for (i = 0; i < sizeof(sd->csd); i ++)
1871 if ((sd->csd[i] | sd_csd_rw_mask[i]) !=
1872 (sd->data[i] | sd_csd_rw_mask[i]))
1873 sd->card_status |= CID_CSD_OVERWRITE;
1874
1875 /* Copy flag (OTP) & Permanent write protect */
1876 if (sd->csd[14] & ~sd->data[14] & 0x60)
1877 sd->card_status |= CID_CSD_OVERWRITE;
1878
1879 if (!(sd->card_status & CID_CSD_OVERWRITE))
1880 for (i = 0; i < sizeof(sd->csd); i ++) {
1881 sd->csd[i] |= sd_csd_rw_mask[i];
1882 sd->csd[i] &= sd->data[i];
1883 }
1884 /* Bzzzzzzztt .... Operation complete. */
1885 sd->state = sd_transfer_state;
1886 }
1887 break;
1888
1889 case 42: /* CMD42: LOCK_UNLOCK */
1890 sd->data[sd->data_offset ++] = value;
1891 if (sd->data_offset >= sd->blk_len) {
1892 /* TODO: Check CRC before committing */
1893 sd->state = sd_programming_state;
1894 sd_lock_command(sd);
1895 /* Bzzzzzzztt .... Operation complete. */
1896 sd->state = sd_transfer_state;
1897 }
1898 break;
1899
1900 case 56: /* CMD56: GEN_CMD */
1901 sd->data[sd->data_offset ++] = value;
1902 if (sd->data_offset >= sd->blk_len) {
1903 APP_WRITE_BLOCK(sd->data_start, sd->data_offset);
1904 sd->state = sd_transfer_state;
1905 }
1906 break;
1907
1908 default:
1909 qemu_log_mask(LOG_GUEST_ERROR, "%s: unknown command\n", __func__);
1910 break;
1911 }
1912 }
1913
1914 #define SD_TUNING_BLOCK_SIZE 64
1915
1916 static const uint8_t sd_tuning_block_pattern[SD_TUNING_BLOCK_SIZE] = {
1917 /* See: Physical Layer Simplified Specification Version 3.01, Table 4-2 */
1918 0xff, 0x0f, 0xff, 0x00, 0x0f, 0xfc, 0xc3, 0xcc,
1919 0xc3, 0x3c, 0xcc, 0xff, 0xfe, 0xff, 0xfe, 0xef,
1920 0xff, 0xdf, 0xff, 0xdd, 0xff, 0xfb, 0xff, 0xfb,
1921 0xbf, 0xff, 0x7f, 0xff, 0x77, 0xf7, 0xbd, 0xef,
1922 0xff, 0xf0, 0xff, 0xf0, 0x0f, 0xfc, 0xcc, 0x3c,
1923 0xcc, 0x33, 0xcc, 0xcf, 0xff, 0xef, 0xff, 0xee,
1924 0xff, 0xfd, 0xff, 0xfd, 0xdf, 0xff, 0xbf, 0xff,
1925 0xbb, 0xff, 0xf7, 0xff, 0xf7, 0x7f, 0x7b, 0xde,
1926 };
1927
1928 uint8_t sd_read_byte(SDState *sd)
1929 {
1930 /* TODO: Append CRCs */
1931 uint8_t ret;
1932 uint32_t io_len;
1933
1934 if (!sd->blk || !blk_is_inserted(sd->blk) || !sd->enable)
1935 return 0x00;
1936
1937 if (sd->state != sd_sendingdata_state) {
1938 qemu_log_mask(LOG_GUEST_ERROR,
1939 "%s: not in Sending-Data state\n", __func__);
1940 return 0x00;
1941 }
1942
1943 if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION))
1944 return 0x00;
1945
1946 io_len = (sd->ocr & (1 << 30)) ? 512 : sd->blk_len;
1947
1948 trace_sdcard_read_data(sd->proto_name,
1949 sd_acmd_name(sd->current_cmd),
1950 sd->current_cmd, io_len);
1951 switch (sd->current_cmd) {
1952 case 6: /* CMD6: SWITCH_FUNCTION */
1953 ret = sd->data[sd->data_offset ++];
1954
1955 if (sd->data_offset >= 64)
1956 sd->state = sd_transfer_state;
1957 break;
1958
1959 case 9: /* CMD9: SEND_CSD */
1960 case 10: /* CMD10: SEND_CID */
1961 ret = sd->data[sd->data_offset ++];
1962
1963 if (sd->data_offset >= 16)
1964 sd->state = sd_transfer_state;
1965 break;
1966
1967 case 13: /* ACMD13: SD_STATUS */
1968 ret = sd->sd_status[sd->data_offset ++];
1969
1970 if (sd->data_offset >= sizeof(sd->sd_status))
1971 sd->state = sd_transfer_state;
1972 break;
1973
1974 case 17: /* CMD17: READ_SINGLE_BLOCK */
1975 if (sd->data_offset == 0)
1976 BLK_READ_BLOCK(sd->data_start, io_len);
1977 ret = sd->data[sd->data_offset ++];
1978
1979 if (sd->data_offset >= io_len)
1980 sd->state = sd_transfer_state;
1981 break;
1982
1983 case 18: /* CMD18: READ_MULTIPLE_BLOCK */
1984 if (sd->data_offset == 0) {
1985 if (sd->data_start + io_len > sd->size) {
1986 sd->card_status |= ADDRESS_ERROR;
1987 return 0x00;
1988 }
1989 BLK_READ_BLOCK(sd->data_start, io_len);
1990 }
1991 ret = sd->data[sd->data_offset ++];
1992
1993 if (sd->data_offset >= io_len) {
1994 sd->data_start += io_len;
1995 sd->data_offset = 0;
1996
1997 if (sd->multi_blk_cnt != 0) {
1998 if (--sd->multi_blk_cnt == 0) {
1999 /* Stop! */
2000 sd->state = sd_transfer_state;
2001 break;
2002 }
2003 }
2004 }
2005 break;
2006
2007 case 19: /* CMD19: SEND_TUNING_BLOCK (SD) */
2008 if (sd->data_offset >= SD_TUNING_BLOCK_SIZE - 1) {
2009 sd->state = sd_transfer_state;
2010 }
2011 ret = sd_tuning_block_pattern[sd->data_offset++];
2012 break;
2013
2014 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
2015 ret = sd->data[sd->data_offset ++];
2016
2017 if (sd->data_offset >= 4)
2018 sd->state = sd_transfer_state;
2019 break;
2020
2021 case 30: /* CMD30: SEND_WRITE_PROT */
2022 ret = sd->data[sd->data_offset ++];
2023
2024 if (sd->data_offset >= 4)
2025 sd->state = sd_transfer_state;
2026 break;
2027
2028 case 51: /* ACMD51: SEND_SCR */
2029 ret = sd->scr[sd->data_offset ++];
2030
2031 if (sd->data_offset >= sizeof(sd->scr))
2032 sd->state = sd_transfer_state;
2033 break;
2034
2035 case 56: /* CMD56: GEN_CMD */
2036 if (sd->data_offset == 0)
2037 APP_READ_BLOCK(sd->data_start, sd->blk_len);
2038 ret = sd->data[sd->data_offset ++];
2039
2040 if (sd->data_offset >= sd->blk_len)
2041 sd->state = sd_transfer_state;
2042 break;
2043
2044 default:
2045 qemu_log_mask(LOG_GUEST_ERROR, "%s: unknown command\n", __func__);
2046 return 0x00;
2047 }
2048
2049 return ret;
2050 }
2051
2052 static bool sd_receive_ready(SDState *sd)
2053 {
2054 return sd->state == sd_receivingdata_state;
2055 }
2056
2057 static bool sd_data_ready(SDState *sd)
2058 {
2059 return sd->state == sd_sendingdata_state;
2060 }
2061
2062 void sd_enable(SDState *sd, bool enable)
2063 {
2064 sd->enable = enable;
2065 }
2066
2067 static void sd_instance_init(Object *obj)
2068 {
2069 SDState *sd = SD_CARD(obj);
2070
2071 sd->enable = true;
2072 sd->ocr_power_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, sd_ocr_powerup, sd);
2073 }
2074
2075 static void sd_instance_finalize(Object *obj)
2076 {
2077 SDState *sd = SD_CARD(obj);
2078
2079 timer_free(sd->ocr_power_timer);
2080 }
2081
2082 static void sd_realize(DeviceState *dev, Error **errp)
2083 {
2084 SDState *sd = SD_CARD(dev);
2085 int ret;
2086
2087 sd->proto_name = sd->spi ? "SPI" : "SD";
2088
2089 switch (sd->spec_version) {
2090 case SD_PHY_SPECv1_10_VERS
2091 ... SD_PHY_SPECv3_01_VERS:
2092 break;
2093 default:
2094 error_setg(errp, "Invalid SD card Spec version: %u", sd->spec_version);
2095 return;
2096 }
2097
2098 if (sd->blk) {
2099 int64_t blk_size;
2100
2101 if (!blk_supports_write_perm(sd->blk)) {
2102 error_setg(errp, "Cannot use read-only drive as SD card");
2103 return;
2104 }
2105
2106 blk_size = blk_getlength(sd->blk);
2107 if (blk_size > 0 && !is_power_of_2(blk_size)) {
2108 int64_t blk_size_aligned = pow2ceil(blk_size);
2109 char *blk_size_str;
2110
2111 blk_size_str = size_to_str(blk_size);
2112 error_setg(errp, "Invalid SD card size: %s", blk_size_str);
2113 g_free(blk_size_str);
2114
2115 blk_size_str = size_to_str(blk_size_aligned);
2116 error_append_hint(errp,
2117 "SD card size has to be a power of 2, e.g. %s.\n"
2118 "You can resize disk images with"
2119 " 'qemu-img resize <imagefile> <new-size>'\n"
2120 "(note that this will lose data if you make the"
2121 " image smaller than it currently is).\n",
2122 blk_size_str);
2123 g_free(blk_size_str);
2124
2125 return;
2126 }
2127
2128 ret = blk_set_perm(sd->blk, BLK_PERM_CONSISTENT_READ | BLK_PERM_WRITE,
2129 BLK_PERM_ALL, errp);
2130 if (ret < 0) {
2131 return;
2132 }
2133 blk_set_dev_ops(sd->blk, &sd_block_ops, sd);
2134 }
2135 }
2136
2137 static Property sd_properties[] = {
2138 DEFINE_PROP_UINT8("spec_version", SDState,
2139 spec_version, SD_PHY_SPECv2_00_VERS),
2140 DEFINE_PROP_DRIVE("drive", SDState, blk),
2141 /* We do not model the chip select pin, so allow the board to select
2142 * whether card should be in SSI or MMC/SD mode. It is also up to the
2143 * board to ensure that ssi transfers only occur when the chip select
2144 * is asserted. */
2145 DEFINE_PROP_BOOL("spi", SDState, spi, false),
2146 DEFINE_PROP_END_OF_LIST()
2147 };
2148
2149 static void sd_class_init(ObjectClass *klass, void *data)
2150 {
2151 DeviceClass *dc = DEVICE_CLASS(klass);
2152 SDCardClass *sc = SD_CARD_CLASS(klass);
2153
2154 dc->realize = sd_realize;
2155 device_class_set_props(dc, sd_properties);
2156 dc->vmsd = &sd_vmstate;
2157 dc->reset = sd_reset;
2158 dc->bus_type = TYPE_SD_BUS;
2159 set_bit(DEVICE_CATEGORY_STORAGE, dc->categories);
2160
2161 sc->set_voltage = sd_set_voltage;
2162 sc->get_dat_lines = sd_get_dat_lines;
2163 sc->get_cmd_line = sd_get_cmd_line;
2164 sc->do_command = sd_do_command;
2165 sc->write_byte = sd_write_byte;
2166 sc->read_byte = sd_read_byte;
2167 sc->receive_ready = sd_receive_ready;
2168 sc->data_ready = sd_data_ready;
2169 sc->enable = sd_enable;
2170 sc->get_inserted = sd_get_inserted;
2171 sc->get_readonly = sd_get_readonly;
2172 }
2173
2174 static const TypeInfo sd_info = {
2175 .name = TYPE_SD_CARD,
2176 .parent = TYPE_DEVICE,
2177 .instance_size = sizeof(SDState),
2178 .class_size = sizeof(SDCardClass),
2179 .class_init = sd_class_init,
2180 .instance_init = sd_instance_init,
2181 .instance_finalize = sd_instance_finalize,
2182 };
2183
2184 static void sd_register_types(void)
2185 {
2186 type_register_static(&sd_info);
2187 }
2188
2189 type_init(sd_register_types)
AR7 emulation for QEMU