2 * SD Memory Card emulation as defined in the "SD Memory Card Physical
3 * layer specification, Version 2.00."
5 * eMMC emulation defined in "JEDEC Standard No. 84-A43"
7 * Copyright (c) 2006 Andrzej Zaborowski <balrog@zabor.org>
8 * Copyright (c) 2007 CodeSourcery
9 * Copyright (c) 2018 Philippe Mathieu-Daudé <f4bug@amsat.org>
11 * Redistribution and use in source and binary forms, with or without
12 * modification, are permitted provided that the following conditions
15 * 1. Redistributions of source code must retain the above copyright
16 * notice, this list of conditions and the following disclaimer.
17 * 2. Redistributions in binary form must reproduce the above copyright
18 * notice, this list of conditions and the following disclaimer in
19 * the documentation and/or other materials provided with the
22 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS''
23 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
24 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
25 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR
26 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
27 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
28 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
29 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
30 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
31 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
32 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35 #include "qemu/osdep.h"
36 #include "qemu/units.h"
37 #include "qemu/cutils.h"
39 #include "hw/registerfields.h"
40 #include "sysemu/block-backend.h"
42 #include "hw/sd/sdcard_legacy.h"
43 #include "migration/vmstate.h"
44 #include "qapi/error.h"
45 #include "qemu/bitmap.h"
46 #include "hw/qdev-properties.h"
47 #include "hw/qdev-properties-system.h"
48 #include "qemu/error-report.h"
49 #include "qemu/timer.h"
51 #include "qemu/guest-random.h"
52 #include "qemu/module.h"
53 #include "sdmmc-internal.h"
58 #define SDSC_MAX_CAPACITY (2 * GiB)
60 #define INVALID_ADDRESS UINT32_MAX
63 sd_r0
= 0, /* no response */
64 sd_r1
, /* normal response command */
65 sd_r2_i
, /* CID register */
66 sd_r2_s
, /* CSD register */
67 sd_r3
, /* OCR register */
68 sd_r6
= 6, /* Published RCA response */
69 sd_r7
, /* Operating voltage */
76 sd_card_identification_mode
,
77 sd_data_transfer_mode
,
81 sd_waitirq_state
= -2, /* emmc */
82 sd_inactive_state
= -1,
86 sd_identification_state
= 2,
88 sd_transfer_state
= 4,
89 sd_sendingdata_state
= 5,
90 sd_receivingdata_state
= 6,
91 sd_programming_state
= 7,
92 sd_disconnect_state
= 8,
93 sd_bus_test_state
= 9, /* emmc */
94 sd_sleep_state
= 10, /* emmc */
95 sd_io_state
= 15 /* sd */
98 #define SDMMC_CMD_MAX 64
100 typedef sd_rsp_type_t (*sd_cmd_handler
)(SDState
*sd
, SDRequest req
);
102 typedef struct SDProto
{
105 const unsigned class;
106 const sd_cmd_type_t type
;
108 sd_cmd_handler handler
;
109 } cmd
[SDMMC_CMD_MAX
], acmd
[SDMMC_CMD_MAX
];
113 DeviceState parent_obj
;
115 /* If true, created by sd_init() for a non-qdevified caller */
116 /* TODO purge them with fire */
117 bool me_no_qdev_me_kill_mammoth_with_rocks
;
119 /* SD Memory Card Registers */
125 uint32_t card_status
;
126 uint8_t sd_status
[64];
128 uint8_t ext_csd
[512];
130 uint8_t ext_csd_rw
[192]; /* Modes segment */
131 uint8_t ext_csd_ro
[320]; /* Properties segment */
135 /* Static properties */
137 uint8_t spec_version
;
138 uint64_t boot_part_size
;
142 const SDProto
*proto
;
144 /* Runtime changeables */
146 uint32_t mode
; /* current card mode, one of SDCardModes */
147 int32_t state
; /* current card state, one of SDCardStates */
150 unsigned long *wp_group_bmap
;
151 int32_t wp_group_bits
;
154 uint32_t multi_blk_cnt
;
155 uint32_t erase_start
;
159 uint8_t function_group
[6];
161 const char *last_cmd_name
;
162 /* True if we will handle the next command as an ACMD. Note that this does
163 * *not* track the APP_CMD status bit!
166 uint32_t blk_written
;
169 uint32_t data_offset
;
172 qemu_irq readonly_cb
;
173 qemu_irq inserted_cb
;
174 QEMUTimer
*ocr_power_timer
;
180 static void sd_realize(DeviceState
*dev
, Error
**errp
);
182 static const SDProto sd_proto_spi
;
183 static const SDProto sd_proto_emmc
;
185 static bool sd_is_spi(SDState
*sd
)
187 return sd
->proto
== &sd_proto_spi
;
190 static bool sd_is_emmc(SDState
*sd
)
192 return sd
->proto
== &sd_proto_emmc
;
195 static const char *sd_version_str(enum SDPhySpecificationVersion version
)
197 static const char *sdphy_version
[] = {
198 [SD_PHY_SPECv1_10_VERS
] = "v1.10",
199 [SD_PHY_SPECv2_00_VERS
] = "v2.00",
200 [SD_PHY_SPECv3_01_VERS
] = "v3.01",
202 if (version
>= ARRAY_SIZE(sdphy_version
)) {
203 return "unsupported version";
205 return sdphy_version
[version
];
208 static const char *sd_mode_name(enum SDCardModes mode
)
210 static const char *mode_name
[] = {
211 [sd_inactive
] = "inactive",
212 [sd_card_identification_mode
] = "identification",
213 [sd_data_transfer_mode
] = "transfer",
215 assert(mode
< ARRAY_SIZE(mode_name
));
216 return mode_name
[mode
];
219 static const char *sd_state_name(enum SDCardStates state
)
221 static const char *state_name
[] = {
222 [sd_idle_state
] = "idle",
223 [sd_ready_state
] = "ready",
224 [sd_identification_state
] = "identification",
225 [sd_standby_state
] = "standby",
226 [sd_transfer_state
] = "transfer",
227 [sd_sendingdata_state
] = "sendingdata",
228 [sd_bus_test_state
] = "bus-test",
229 [sd_receivingdata_state
] = "receivingdata",
230 [sd_programming_state
] = "programming",
231 [sd_disconnect_state
] = "disconnect",
232 [sd_sleep_state
] = "sleep",
233 [sd_io_state
] = "i/o"
235 if (state
== sd_inactive_state
) {
238 if (state
== sd_waitirq_state
) {
241 assert(state
< ARRAY_SIZE(state_name
));
242 return state_name
[state
];
245 static const char *sd_response_name(sd_rsp_type_t rsp
)
247 static const char *response_name
[] = {
248 [sd_r0
] = "RESP#0 (no response)",
249 [sd_r1
] = "RESP#1 (normal cmd)",
250 [sd_r2_i
] = "RESP#2 (CID reg)",
251 [sd_r2_s
] = "RESP#2 (CSD reg)",
252 [sd_r3
] = "RESP#3 (OCR reg)",
253 [sd_r6
] = "RESP#6 (RCA)",
254 [sd_r7
] = "RESP#7 (operating voltage)",
256 if (rsp
== sd_illegal
) {
257 return "ILLEGAL RESP";
262 assert(rsp
< ARRAY_SIZE(response_name
));
263 return response_name
[rsp
];
266 static const char *sd_cmd_name(SDState
*sd
, uint8_t cmd
)
268 static const char *cmd_abbrev
[SDMMC_CMD_MAX
] = {
269 [18] = "READ_MULTIPLE_BLOCK",
270 [25] = "WRITE_MULTIPLE_BLOCK",
272 const SDProto
*sdp
= sd
->proto
;
274 if (sdp
->cmd
[cmd
].handler
) {
275 assert(!cmd_abbrev
[cmd
]);
276 return sdp
->cmd
[cmd
].name
;
278 return cmd_abbrev
[cmd
] ? cmd_abbrev
[cmd
] : "UNKNOWN_CMD";
281 static const char *sd_acmd_name(SDState
*sd
, uint8_t cmd
)
283 const SDProto
*sdp
= sd
->proto
;
285 if (sdp
->acmd
[cmd
].handler
) {
286 return sdp
->acmd
[cmd
].name
;
289 return "UNKNOWN_ACMD";
292 static uint8_t sd_get_dat_lines(SDState
*sd
)
294 return sd
->enable
? sd
->dat_lines
: 0;
297 static bool sd_get_cmd_line(SDState
*sd
)
299 return sd
->enable
? sd
->cmd_line
: false;
302 static void sd_set_voltage(SDState
*sd
, uint16_t millivolts
)
304 trace_sdcard_set_voltage(millivolts
);
306 switch (millivolts
) {
307 case 3001 ... 3600: /* SD_VOLTAGE_3_3V */
308 case 2001 ... 3000: /* SD_VOLTAGE_3_0V */
311 qemu_log_mask(LOG_GUEST_ERROR
, "SD card voltage not supported: %.3fV",
312 millivolts
/ 1000.f
);
316 static void sd_set_mode(SDState
*sd
)
319 case sd_inactive_state
:
320 sd
->mode
= sd_inactive
;
325 case sd_identification_state
:
326 sd
->mode
= sd_card_identification_mode
;
329 case sd_standby_state
:
330 case sd_transfer_state
:
331 case sd_sendingdata_state
:
332 case sd_receivingdata_state
:
333 case sd_programming_state
:
334 case sd_disconnect_state
:
335 sd
->mode
= sd_data_transfer_mode
;
340 static uint8_t sd_crc7(const void *message
, size_t width
)
343 uint8_t shift_reg
= 0x00;
344 const uint8_t *msg
= (const uint8_t *)message
;
346 for (i
= 0; i
< width
; i
++, msg
++)
347 for (bit
= 7; bit
>= 0; bit
--) {
349 if ((shift_reg
>> 7) ^ ((*msg
>> bit
) & 1))
356 /* Operation Conditions register */
358 #define OCR_POWER_DELAY_NS 500000 /* 0.5ms */
360 FIELD(OCR
, VDD_VOLTAGE_WINDOW
, 0, 24)
361 FIELD(OCR
, VDD_VOLTAGE_WIN_LO
, 0, 8)
362 FIELD(OCR
, DUAL_VOLTAGE_CARD
, 7, 1)
363 FIELD(OCR
, VDD_VOLTAGE_WIN_HI
, 8, 16)
364 FIELD(OCR
, ACCEPT_SWITCH_1V8
, 24, 1) /* Only UHS-I */
365 FIELD(OCR
, UHS_II_CARD
, 29, 1) /* Only UHS-II */
366 FIELD(OCR
, CARD_CAPACITY
, 30, 1) /* 0:SDSC, 1:SDHC/SDXC */
367 FIELD(OCR
, CARD_POWER_UP
, 31, 1)
369 #define ACMD41_ENQUIRY_MASK 0x00ffffff
370 #define ACMD41_R3_MASK (R_OCR_VDD_VOLTAGE_WIN_HI_MASK \
371 | R_OCR_ACCEPT_SWITCH_1V8_MASK \
372 | R_OCR_UHS_II_CARD_MASK \
373 | R_OCR_CARD_CAPACITY_MASK \
374 | R_OCR_CARD_POWER_UP_MASK)
376 static void sd_ocr_powerup(void *opaque
)
378 SDState
*sd
= opaque
;
380 trace_sdcard_powerup();
381 assert(!FIELD_EX32(sd
->ocr
, OCR
, CARD_POWER_UP
));
383 /* card power-up OK */
384 sd
->ocr
= FIELD_DP32(sd
->ocr
, OCR
, CARD_POWER_UP
, 1);
386 if (sd
->size
> SDSC_MAX_CAPACITY
) {
387 sd
->ocr
= FIELD_DP32(sd
->ocr
, OCR
, CARD_CAPACITY
, 1);
391 static void sd_set_ocr(SDState
*sd
)
393 /* All voltages OK */
394 sd
->ocr
= R_OCR_VDD_VOLTAGE_WIN_HI_MASK
;
398 * We don't need to emulate power up sequence in SPI-mode.
399 * Thus, the card's power up status bit should be set to 1 when reset.
400 * The card's capacity status bit should also be set if SD card size
401 * is larger than 2GB for SDHC support.
407 /* SD Configuration register */
409 static void sd_set_scr(SDState
*sd
)
411 sd
->scr
[0] = 0 << 4; /* SCR structure version 1.0 */
412 if (sd
->spec_version
== SD_PHY_SPECv1_10_VERS
) {
413 sd
->scr
[0] |= 1; /* Spec Version 1.10 */
415 sd
->scr
[0] |= 2; /* Spec Version 2.00 or Version 3.0X */
417 sd
->scr
[1] = (2 << 4) /* SDSC Card (Security Version 1.01) */
418 | 0b0101; /* 1-bit or 4-bit width bus modes */
419 sd
->scr
[2] = 0x00; /* Extended Security is not supported. */
420 if (sd
->spec_version
>= SD_PHY_SPECv3_01_VERS
) {
421 sd
->scr
[2] |= 1 << 7; /* Spec Version 3.0X */
424 /* reserved for manufacturer usage */
431 /* Card IDentification register */
440 static void sd_set_cid(SDState
*sd
)
442 sd
->cid
[0] = MID
; /* Fake card manufacturer ID (MID) */
443 sd
->cid
[1] = OID
[0]; /* OEM/Application ID (OID) */
445 sd
->cid
[3] = PNM
[0]; /* Fake product name (PNM) */
450 sd
->cid
[8] = PRV
; /* Fake product revision (PRV) */
451 stl_be_p(&sd
->cid
[9], 0xdeadbeef); /* Fake serial number (PSN) */
452 sd
->cid
[13] = 0x00 | /* Manufacture date (MDT) */
453 ((MDT_YR
- 2000) / 10);
454 sd
->cid
[14] = ((MDT_YR
% 10) << 4) | MDT_MON
;
455 sd
->cid
[15] = (sd_crc7(sd
->cid
, 15) << 1) | 1;
458 static void emmc_set_cid(SDState
*sd
)
460 sd
->cid
[0] = MID
; /* Fake card manufacturer ID (MID) */
461 sd
->cid
[1] = 0b01; /* CBX: soldered BGA */
462 sd
->cid
[2] = OID
[0]; /* OEM/Application ID (OID) */
463 sd
->cid
[3] = PNM
[0]; /* Fake product name (PNM) */
469 sd
->cid
[9] = PRV
; /* Fake product revision (PRV) */
470 stl_be_p(&sd
->cid
[10], 0xdeadbeef); /* Fake serial number (PSN) */
471 sd
->cid
[14] = (MDT_MON
<< 4) | (MDT_YR
- 1997); /* Manufacture date (MDT) */
472 sd
->cid
[15] = (sd_crc7(sd
->cid
, 15) << 1) | 1;
475 /* Card-Specific Data register */
477 #define HWBLOCK_SHIFT 9 /* 512 bytes */
478 #define SECTOR_SHIFT 5 /* 16 kilobytes */
479 #define WPGROUP_SHIFT 7 /* 2 megs */
480 #define CMULT_SHIFT 9 /* 512 times HWBLOCK_SIZE */
481 #define WPGROUP_SIZE (1 << (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT))
483 static const uint8_t sd_csd_rw_mask
[16] = {
484 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
485 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xfc, 0xfe,
488 static void emmc_set_ext_csd(SDState
*sd
, uint64_t size
)
490 uint32_t sectcount
= size
>> HWBLOCK_SHIFT
;
492 memset(sd
->ext_csd
, 0, sizeof(sd
->ext_csd
)); /* FIXME only RW at reset */
494 /* Properties segment (RO) */
495 sd
->ext_csd
[EXT_CSD_S_CMD_SET
] = 0b1; /* supported command sets */
496 sd
->ext_csd
[EXT_CSD_BOOT_INFO
] = 0x0; /* Boot information */
497 /* Boot partition size. 128KB unit */
498 sd
->ext_csd
[EXT_CSD_BOOT_MULT
] = sd
->boot_part_size
/ (128 * KiB
);
499 sd
->ext_csd
[EXT_CSD_ACC_SIZE
] = 0x1; /* Access size */
500 sd
->ext_csd
[EXT_CSD_HC_ERASE_GRP_SIZE
] = 0x01; /* HC Erase unit size */
501 sd
->ext_csd
[EXT_CSD_ERASE_TIMEOUT_MULT
] = 0x01; /* HC erase timeout */
502 sd
->ext_csd
[EXT_CSD_REL_WR_SEC_C
] = 0x1; /* Reliable write sector count */
503 sd
->ext_csd
[EXT_CSD_HC_WP_GRP_SIZE
] = 0x01; /* HC write protect group size */
504 sd
->ext_csd
[EXT_CSD_S_C_VCC
] = 0x01; /* Sleep current VCC */
505 sd
->ext_csd
[EXT_CSD_S_C_VCCQ
] = 0x01; /* Sleep current VCCQ */
506 sd
->ext_csd
[EXT_CSD_S_A_TIMEOUT
] = 0x01; /* Sleep/Awake timeout */
507 stl_le_p(&sd
->ext_csd
[EXT_CSD_SEC_CNT
], sectcount
); /* Sector count */
508 sd
->ext_csd
[210] = 0x46; /* Min write perf for 8bit@52Mhz */
509 sd
->ext_csd
[209] = 0x46; /* Min read perf for 8bit@52Mhz */
510 sd
->ext_csd
[208] = 0x46; /* Min write perf for 4bit@52Mhz */
511 sd
->ext_csd
[207] = 0x46; /* Min read perf for 4bit@52Mhz */
512 sd
->ext_csd
[206] = 0x46; /* Min write perf for 4bit@26Mhz */
513 sd
->ext_csd
[205] = 0x46; /* Min read perf for 4bit@26Mhz */
514 sd
->ext_csd
[EXT_CSD_CARD_TYPE
] = 0b11;
515 sd
->ext_csd
[EXT_CSD_STRUCTURE
] = 2;
516 sd
->ext_csd
[EXT_CSD_REV
] = 3;
518 /* Mode segment (RW) */
519 sd
->ext_csd
[EXT_CSD_PART_CONFIG
] = sd
->boot_config
;
522 static void emmc_set_csd(SDState
*sd
, uint64_t size
)
524 int hwblock_shift
= HWBLOCK_SHIFT
;
525 uint32_t sectsize
= (1 << (SECTOR_SHIFT
+ 1)) - 1;
526 uint32_t wpsize
= (1 << (WPGROUP_SHIFT
+ 1)) - 1;
528 sd
->csd
[0] = (3 << 6) | (4 << 2); /* Spec v4.3 with EXT_CSD */
529 sd
->csd
[1] = (1 << 3) | 6; /* Asynchronous data access time: 1ms */
531 sd
->csd
[3] = (1 << 3) | 3;; /* Maximum bus clock frequency: 100MHz */
533 if (size
<= 2 * GiB
) {
535 uint32_t csize1k
= (size
>> (CMULT_SHIFT
+ 10)) - 1;
537 sd
->csd
[6] = 0x80 | ((csize1k
>> 10) & 0xf);
538 sd
->csd
[7] = (csize1k
>> 2) & 0xff;
539 } else { /* >= 2GB : size stored in ext CSD, block addressing */
543 sd
->ocr
= FIELD_DP32(sd
->ocr
, OCR
, CARD_CAPACITY
, 1);
546 sd
->csd
[9] = 0xfc | /* Max. write current */
547 ((CMULT_SHIFT
- 2) >> 1);
548 sd
->csd
[10] = 0x40 | /* Erase sector size */
549 (((CMULT_SHIFT
- 2) << 7) & 0x80) | (sectsize
>> 1);
550 sd
->csd
[11] = 0x00 | /* Write protect group size */
551 ((sectsize
<< 7) & 0x80) | wpsize
;
552 sd
->csd
[12] = 0x90 | /* Write speed factor */
553 (hwblock_shift
>> 2);
554 sd
->csd
[13] = 0x20 | /* Max. write data block length */
555 ((hwblock_shift
<< 6) & 0xc0);
557 sd
->csd
[15] = (sd_crc7(sd
->csd
, 15) << 1) | 1;
558 emmc_set_ext_csd(sd
, size
);
561 static void sd_set_csd(SDState
*sd
, uint64_t size
)
563 int hwblock_shift
= HWBLOCK_SHIFT
;
565 uint32_t sectsize
= (1 << (SECTOR_SHIFT
+ 1)) - 1;
566 uint32_t wpsize
= (1 << (WPGROUP_SHIFT
+ 1)) - 1;
568 /* To indicate 2 GiB card, BLOCK_LEN shall be 1024 bytes */
569 if (size
== SDSC_MAX_CAPACITY
) {
572 csize
= (size
>> (CMULT_SHIFT
+ hwblock_shift
)) - 1;
574 if (size
<= SDSC_MAX_CAPACITY
) { /* Standard Capacity SD */
575 sd
->csd
[0] = 0x00; /* CSD structure */
576 sd
->csd
[1] = 0x26; /* Data read access-time-1 */
577 sd
->csd
[2] = 0x00; /* Data read access-time-2 */
578 sd
->csd
[3] = 0x32; /* Max. data transfer rate: 25 MHz */
579 sd
->csd
[4] = 0x5f; /* Card Command Classes */
580 sd
->csd
[5] = 0x50 | /* Max. read data block length */
582 sd
->csd
[6] = 0xe0 | /* Partial block for read allowed */
583 ((csize
>> 10) & 0x03);
584 sd
->csd
[7] = 0x00 | /* Device size */
585 ((csize
>> 2) & 0xff);
586 sd
->csd
[8] = 0x3f | /* Max. read current */
587 ((csize
<< 6) & 0xc0);
588 sd
->csd
[9] = 0xfc | /* Max. write current */
589 ((CMULT_SHIFT
- 2) >> 1);
590 sd
->csd
[10] = 0x40 | /* Erase sector size */
591 (((CMULT_SHIFT
- 2) << 7) & 0x80) | (sectsize
>> 1);
592 sd
->csd
[11] = 0x00 | /* Write protect group size */
593 ((sectsize
<< 7) & 0x80) | wpsize
;
594 sd
->csd
[12] = 0x90 | /* Write speed factor */
595 (hwblock_shift
>> 2);
596 sd
->csd
[13] = 0x20 | /* Max. write data block length */
597 ((hwblock_shift
<< 6) & 0xc0);
598 sd
->csd
[14] = 0x00; /* File format group */
609 st24_be_p(&sd
->csd
[7], size
);
616 sd
->csd
[15] = (sd_crc7(sd
->csd
, 15) << 1) | 1;
619 /* Relative Card Address register */
621 static void sd_set_rca(SDState
*sd
, uint16_t value
)
623 trace_sdcard_set_rca(value
);
627 static uint16_t sd_req_get_rca(SDState
*s
, SDRequest req
)
629 switch (s
->proto
->cmd
[req
.cmd
].type
) {
632 return req
.arg
>> 16;
635 g_assert_not_reached();
639 static bool sd_req_rca_same(SDState
*s
, SDRequest req
)
641 return sd_req_get_rca(s
, req
) == s
->rca
;
644 /* Card Status register */
646 FIELD(CSR
, AKE_SEQ_ERROR
, 3, 1)
647 FIELD(CSR
, APP_CMD
, 5, 1)
648 FIELD(CSR
, FX_EVENT
, 6, 1)
649 FIELD(CSR
, SWITCH_ERROR
, 7, 1)
650 FIELD(CSR
, READY_FOR_DATA
, 8, 1)
651 FIELD(CSR
, CURRENT_STATE
, 9, 4)
652 FIELD(CSR
, ERASE_RESET
, 13, 1)
653 FIELD(CSR
, CARD_ECC_DISABLED
, 14, 1)
654 FIELD(CSR
, WP_ERASE_SKIP
, 15, 1)
655 FIELD(CSR
, CSD_OVERWRITE
, 16, 1)
656 FIELD(CSR
, DEFERRED_RESPONSE
, 17, 1)
657 FIELD(CSR
, ERROR
, 19, 1)
658 FIELD(CSR
, CC_ERROR
, 20, 1)
659 FIELD(CSR
, CARD_ECC_FAILED
, 21, 1)
660 FIELD(CSR
, ILLEGAL_COMMAND
, 22, 1)
661 FIELD(CSR
, COM_CRC_ERROR
, 23, 1)
662 FIELD(CSR
, LOCK_UNLOCK_FAILED
, 24, 1)
663 FIELD(CSR
, CARD_IS_LOCKED
, 25, 1)
664 FIELD(CSR
, WP_VIOLATION
, 26, 1)
665 FIELD(CSR
, ERASE_PARAM
, 27, 1)
666 FIELD(CSR
, ERASE_SEQ_ERROR
, 28, 1)
667 FIELD(CSR
, BLOCK_LEN_ERROR
, 29, 1)
668 FIELD(CSR
, ADDRESS_ERROR
, 30, 1)
669 FIELD(CSR
, OUT_OF_RANGE
, 31, 1)
671 /* Card status bits, split by clear condition:
672 * A : According to the card current state
673 * B : Always related to the previous command
674 * C : Cleared by read
676 #define CARD_STATUS_A (R_CSR_READY_FOR_DATA_MASK \
677 | R_CSR_CARD_ECC_DISABLED_MASK \
678 | R_CSR_CARD_IS_LOCKED_MASK)
679 #define CARD_STATUS_B (R_CSR_CURRENT_STATE_MASK \
680 | R_CSR_ILLEGAL_COMMAND_MASK \
681 | R_CSR_COM_CRC_ERROR_MASK)
682 #define CARD_STATUS_C (R_CSR_AKE_SEQ_ERROR_MASK \
683 | R_CSR_APP_CMD_MASK \
684 | R_CSR_ERASE_RESET_MASK \
685 | R_CSR_WP_ERASE_SKIP_MASK \
686 | R_CSR_CSD_OVERWRITE_MASK \
688 | R_CSR_CC_ERROR_MASK \
689 | R_CSR_CARD_ECC_FAILED_MASK \
690 | R_CSR_LOCK_UNLOCK_FAILED_MASK \
691 | R_CSR_WP_VIOLATION_MASK \
692 | R_CSR_ERASE_PARAM_MASK \
693 | R_CSR_ERASE_SEQ_ERROR_MASK \
694 | R_CSR_BLOCK_LEN_ERROR_MASK \
695 | R_CSR_ADDRESS_ERROR_MASK \
696 | R_CSR_OUT_OF_RANGE_MASK)
698 static void sd_set_cardstatus(SDState
*sd
)
700 sd
->card_status
= READY_FOR_DATA
;
703 static void sd_set_sdstatus(SDState
*sd
)
705 memset(sd
->sd_status
, 0, 64);
708 static const uint8_t sd_tuning_block_pattern4
[64] = {
710 * See: Physical Layer Simplified Specification Version 3.01,
713 0xff, 0x0f, 0xff, 0x00, 0x0f, 0xfc, 0xc3, 0xcc,
714 0xc3, 0x3c, 0xcc, 0xff, 0xfe, 0xff, 0xfe, 0xef,
715 0xff, 0xdf, 0xff, 0xdd, 0xff, 0xfb, 0xff, 0xfb,
716 0xbf, 0xff, 0x7f, 0xff, 0x77, 0xf7, 0xbd, 0xef,
717 0xff, 0xf0, 0xff, 0xf0, 0x0f, 0xfc, 0xcc, 0x3c,
718 0xcc, 0x33, 0xcc, 0xcf, 0xff, 0xef, 0xff, 0xee,
719 0xff, 0xfd, 0xff, 0xfd, 0xdf, 0xff, 0xbf, 0xff,
720 0xbb, 0xff, 0xf7, 0xff, 0xf7, 0x7f, 0x7b, 0xde
723 static int sd_req_crc_validate(SDRequest
*req
)
726 buffer
[0] = 0x40 | req
->cmd
;
727 stl_be_p(&buffer
[1], req
->arg
);
729 return sd_crc7(buffer
, 5) != req
->crc
; /* TODO */
732 static void sd_response_r1_make(SDState
*sd
, uint8_t *response
)
734 stl_be_p(response
, sd
->card_status
);
736 /* Clear the "clear on read" status bits */
737 sd
->card_status
&= ~CARD_STATUS_C
;
740 static void sd_response_r3_make(SDState
*sd
, uint8_t *response
)
742 stl_be_p(response
, sd
->ocr
& ACMD41_R3_MASK
);
745 static void sd_response_r6_make(SDState
*sd
, uint8_t *response
)
749 status
= ((sd
->card_status
>> 8) & 0xc000) |
750 ((sd
->card_status
>> 6) & 0x2000) |
751 (sd
->card_status
& 0x1fff);
752 sd
->card_status
&= ~(CARD_STATUS_C
& 0xc81fff);
753 stw_be_p(response
+ 0, sd
->rca
);
754 stw_be_p(response
+ 2, status
);
757 static void sd_response_r7_make(SDState
*sd
, uint8_t *response
)
759 stl_be_p(response
, sd
->vhs
);
762 static uint32_t sd_blk_len(SDState
*sd
)
764 if (FIELD_EX32(sd
->ocr
, OCR
, CARD_CAPACITY
)) {
765 return 1 << HWBLOCK_SHIFT
;
771 * This requires a disk image that has two boot partitions inserted at the
772 * beginning of it. The size of the boot partitions is the "boot-size"
775 static uint32_t sd_bootpart_offset(SDState
*sd
)
777 bool partitions_enabled
;
778 unsigned partition_access
;
780 if (!sd
->boot_part_size
|| !sd_is_emmc(sd
)) {
784 partitions_enabled
= sd
->ext_csd
[EXT_CSD_PART_CONFIG
]
785 & EXT_CSD_PART_CONFIG_EN_MASK
;
786 if (!partitions_enabled
) {
790 partition_access
= sd
->ext_csd
[EXT_CSD_PART_CONFIG
]
791 & EXT_CSD_PART_CONFIG_ACC_MASK
;
792 switch (partition_access
) {
793 case EXT_CSD_PART_CONFIG_ACC_DEFAULT
:
794 return sd
->boot_part_size
* 2;
795 case EXT_CSD_PART_CONFIG_ACC_BOOT0
:
797 case EXT_CSD_PART_CONFIG_ACC_BOOT0
+ 1:
798 return sd
->boot_part_size
* 1;
800 g_assert_not_reached();
804 static uint64_t sd_req_get_address(SDState
*sd
, SDRequest req
)
808 if (FIELD_EX32(sd
->ocr
, OCR
, CARD_CAPACITY
)) {
809 addr
= (uint64_t) req
.arg
<< HWBLOCK_SHIFT
;
813 trace_sdcard_req_addr(req
.arg
, addr
);
817 static inline uint64_t sd_addr_to_wpnum(uint64_t addr
)
819 return addr
>> (HWBLOCK_SHIFT
+ SECTOR_SHIFT
+ WPGROUP_SHIFT
);
822 static void sd_reset(DeviceState
*dev
)
824 SDState
*sd
= SDMMC_COMMON(dev
);
825 SDCardClass
*sc
= SDMMC_COMMON_GET_CLASS(sd
);
829 trace_sdcard_reset();
831 blk_get_geometry(sd
->blk
, §
);
835 size
= sect
<< HWBLOCK_SHIFT
;
836 size
-= sd_bootpart_offset(sd
);
838 sect
= sd_addr_to_wpnum(size
) + 1;
840 sd
->state
= sd_idle_state
;
843 sd
->rca
= sd_is_emmc(sd
) ? 0x0001 : 0x0000;
848 sc
->set_csd(sd
, size
);
849 sd_set_cardstatus(sd
);
852 g_free(sd
->wp_group_bmap
);
853 sd
->wp_switch
= sd
->blk
? !blk_is_writable(sd
->blk
) : false;
854 sd
->wp_group_bits
= sect
;
855 sd
->wp_group_bmap
= bitmap_new(sd
->wp_group_bits
);
856 memset(sd
->function_group
, 0, sizeof(sd
->function_group
));
857 sd
->erase_start
= INVALID_ADDRESS
;
858 sd
->erase_end
= INVALID_ADDRESS
;
861 sd
->expecting_acmd
= false;
864 sd
->multi_blk_cnt
= 0;
867 static bool sd_get_inserted(SDState
*sd
)
869 return sd
->blk
&& blk_is_inserted(sd
->blk
);
872 static bool sd_get_readonly(SDState
*sd
)
874 return sd
->wp_switch
;
877 static void sd_cardchange(void *opaque
, bool load
, Error
**errp
)
879 SDState
*sd
= opaque
;
880 DeviceState
*dev
= DEVICE(sd
);
882 bool inserted
= sd_get_inserted(sd
);
883 bool readonly
= sd_get_readonly(sd
);
886 trace_sdcard_inserted(readonly
);
889 trace_sdcard_ejected();
892 if (sd
->me_no_qdev_me_kill_mammoth_with_rocks
) {
893 qemu_set_irq(sd
->inserted_cb
, inserted
);
895 qemu_set_irq(sd
->readonly_cb
, readonly
);
898 sdbus
= SD_BUS(qdev_get_parent_bus(dev
));
899 sdbus_set_inserted(sdbus
, inserted
);
901 sdbus_set_readonly(sdbus
, readonly
);
906 static const BlockDevOps sd_block_ops
= {
907 .change_media_cb
= sd_cardchange
,
910 static bool sd_ocr_vmstate_needed(void *opaque
)
912 SDState
*sd
= opaque
;
914 /* Include the OCR state (and timer) if it is not yet powered up */
915 return !FIELD_EX32(sd
->ocr
, OCR
, CARD_POWER_UP
);
918 static const VMStateDescription sd_ocr_vmstate
= {
919 .name
= "sd-card/ocr-state",
921 .minimum_version_id
= 1,
922 .needed
= sd_ocr_vmstate_needed
,
923 .fields
= (const VMStateField
[]) {
924 VMSTATE_UINT32(ocr
, SDState
),
925 VMSTATE_TIMER_PTR(ocr_power_timer
, SDState
),
926 VMSTATE_END_OF_LIST()
930 static bool vmstate_needed_for_emmc(void *opaque
)
932 SDState
*sd
= opaque
;
934 return sd_is_emmc(sd
);
937 static const VMStateDescription emmc_extcsd_vmstate
= {
938 .name
= "sd-card/ext_csd_modes-state",
940 .minimum_version_id
= 1,
941 .needed
= vmstate_needed_for_emmc
,
942 .fields
= (const VMStateField
[]) {
943 VMSTATE_UINT8_ARRAY(ext_csd_rw
, SDState
, 192),
944 VMSTATE_END_OF_LIST()
948 static int sd_vmstate_pre_load(void *opaque
)
950 SDState
*sd
= opaque
;
952 /* If the OCR state is not included (prior versions, or not
953 * needed), then the OCR must be set as powered up. If the OCR state
954 * is included, this will be replaced by the state restore.
961 static const VMStateDescription sd_vmstate
= {
964 .minimum_version_id
= 2,
965 .pre_load
= sd_vmstate_pre_load
,
966 .fields
= (const VMStateField
[]) {
967 VMSTATE_UINT32(mode
, SDState
),
968 VMSTATE_INT32(state
, SDState
),
969 VMSTATE_UINT8_ARRAY(cid
, SDState
, 16),
970 VMSTATE_UINT8_ARRAY(csd
, SDState
, 16),
971 VMSTATE_UINT16(rca
, SDState
),
972 VMSTATE_UINT32(card_status
, SDState
),
973 VMSTATE_PARTIAL_BUFFER(sd_status
, SDState
, 1),
974 VMSTATE_UINT32(vhs
, SDState
),
975 VMSTATE_BITMAP(wp_group_bmap
, SDState
, 0, wp_group_bits
),
976 VMSTATE_UINT32(blk_len
, SDState
),
977 VMSTATE_UINT32(multi_blk_cnt
, SDState
),
978 VMSTATE_UINT32(erase_start
, SDState
),
979 VMSTATE_UINT32(erase_end
, SDState
),
980 VMSTATE_UINT8_ARRAY(pwd
, SDState
, 16),
981 VMSTATE_UINT32(pwd_len
, SDState
),
982 VMSTATE_UINT8_ARRAY(function_group
, SDState
, 6),
983 VMSTATE_UINT8(current_cmd
, SDState
),
984 VMSTATE_BOOL(expecting_acmd
, SDState
),
985 VMSTATE_UINT32(blk_written
, SDState
),
986 VMSTATE_UINT64(data_start
, SDState
),
987 VMSTATE_UINT32(data_offset
, SDState
),
988 VMSTATE_UINT8_ARRAY(data
, SDState
, 512),
989 VMSTATE_UNUSED_V(1, 512),
990 VMSTATE_BOOL(enable
, SDState
),
991 VMSTATE_END_OF_LIST()
993 .subsections
= (const VMStateDescription
* const []) {
995 &emmc_extcsd_vmstate
,
1000 /* Legacy initialization function for use by non-qdevified callers */
1001 SDState
*sd_init(BlockBackend
*blk
, bool is_spi
)
1008 obj
= object_new(is_spi
? TYPE_SD_CARD_SPI
: TYPE_SD_CARD
);
1010 if (!qdev_prop_set_drive_err(dev
, "drive", blk
, &err
)) {
1011 error_reportf_err(err
, "sd_init failed: ");
1016 * Realizing the device properly would put it into the QOM
1017 * composition tree even though it is not plugged into an
1018 * appropriate bus. That's a no-no. Hide the device from
1019 * QOM/qdev, and call its qdev realize callback directly.
1022 object_unparent(obj
);
1023 sd_realize(dev
, &err
);
1025 error_reportf_err(err
, "sd_init failed: ");
1030 sd
->me_no_qdev_me_kill_mammoth_with_rocks
= true;
1034 void sd_set_cb(SDState
*sd
, qemu_irq readonly
, qemu_irq insert
)
1036 sd
->readonly_cb
= readonly
;
1037 sd
->inserted_cb
= insert
;
1038 qemu_set_irq(readonly
, sd
->blk
? !blk_is_writable(sd
->blk
) : 0);
1039 qemu_set_irq(insert
, sd
->blk
? blk_is_inserted(sd
->blk
) : 0);
1042 static void sd_blk_read(SDState
*sd
, uint64_t addr
, uint32_t len
)
1044 trace_sdcard_read_block(addr
, len
);
1045 addr
+= sd_bootpart_offset(sd
);
1046 if (!sd
->blk
|| blk_pread(sd
->blk
, addr
, len
, sd
->data
, 0) < 0) {
1047 fprintf(stderr
, "sd_blk_read: read error on host side\n");
1051 static void sd_blk_write(SDState
*sd
, uint64_t addr
, uint32_t len
)
1053 trace_sdcard_write_block(addr
, len
);
1054 addr
+= sd_bootpart_offset(sd
);
1055 if (!sd
->blk
|| blk_pwrite(sd
->blk
, addr
, len
, sd
->data
, 0) < 0) {
1056 fprintf(stderr
, "sd_blk_write: write error on host side\n");
1060 static void sd_erase(SDState
*sd
)
1062 uint64_t erase_start
= sd
->erase_start
;
1063 uint64_t erase_end
= sd
->erase_end
;
1066 uint64_t erase_addr
;
1067 int erase_len
= 1 << HWBLOCK_SHIFT
;
1069 trace_sdcard_erase(sd
->erase_start
, sd
->erase_end
);
1070 if (sd
->erase_start
== INVALID_ADDRESS
1071 || sd
->erase_end
== INVALID_ADDRESS
) {
1072 sd
->card_status
|= ERASE_SEQ_ERROR
;
1073 sd
->erase_start
= INVALID_ADDRESS
;
1074 sd
->erase_end
= INVALID_ADDRESS
;
1078 if (FIELD_EX32(sd
->ocr
, OCR
, CARD_CAPACITY
)) {
1079 /* High capacity memory card: erase units are 512 byte blocks */
1080 erase_start
<<= HWBLOCK_SHIFT
;
1081 erase_end
<<= HWBLOCK_SHIFT
;
1085 if (erase_start
> sd
->size
|| erase_end
> sd
->size
) {
1086 sd
->card_status
|= OUT_OF_RANGE
;
1087 sd
->erase_start
= INVALID_ADDRESS
;
1088 sd
->erase_end
= INVALID_ADDRESS
;
1092 sd
->erase_start
= INVALID_ADDRESS
;
1093 sd
->erase_end
= INVALID_ADDRESS
;
1094 sd
->csd
[14] |= 0x40;
1096 memset(sd
->data
, 0xff, erase_len
);
1097 for (erase_addr
= erase_start
; erase_addr
<= erase_end
;
1098 erase_addr
+= erase_len
) {
1100 /* Only SDSC cards support write protect groups */
1101 wpnum
= sd_addr_to_wpnum(erase_addr
);
1102 assert(wpnum
< sd
->wp_group_bits
);
1103 if (test_bit(wpnum
, sd
->wp_group_bmap
)) {
1104 sd
->card_status
|= WP_ERASE_SKIP
;
1108 sd_blk_write(sd
, erase_addr
, erase_len
);
1112 static uint32_t sd_wpbits(SDState
*sd
, uint64_t addr
)
1117 wpnum
= sd_addr_to_wpnum(addr
);
1119 for (i
= 0; i
< 32; i
++, wpnum
++, addr
+= WPGROUP_SIZE
) {
1120 if (addr
>= sd
->size
) {
1122 * If the addresses of the last groups are outside the valid range,
1123 * then the corresponding write protection bits shall be set to 0.
1127 assert(wpnum
< sd
->wp_group_bits
);
1128 if (test_bit(wpnum
, sd
->wp_group_bmap
)) {
1136 enum ExtCsdAccessMode
{
1137 EXT_CSD_ACCESS_MODE_COMMAND_SET
= 0,
1138 EXT_CSD_ACCESS_MODE_SET_BITS
= 1,
1139 EXT_CSD_ACCESS_MODE_CLEAR_BITS
= 2,
1140 EXT_CSD_ACCESS_MODE_WRITE_BYTE
= 3
1143 static void emmc_function_switch(SDState
*sd
, uint32_t arg
)
1145 uint8_t access
= extract32(arg
, 24, 2);
1146 uint8_t index
= extract32(arg
, 16, 8);
1147 uint8_t value
= extract32(arg
, 8, 8);
1148 uint8_t b
= sd
->ext_csd
[index
];
1150 trace_sdcard_switch(access
, index
, value
, extract32(arg
, 0, 2));
1153 qemu_log_mask(LOG_GUEST_ERROR
, "MMC switching illegal offset\n");
1154 sd
->card_status
|= R_CSR_SWITCH_ERROR_MASK
;
1159 case EXT_CSD_ACCESS_MODE_COMMAND_SET
:
1160 qemu_log_mask(LOG_UNIMP
, "MMC Command set switching not supported\n");
1162 case EXT_CSD_ACCESS_MODE_SET_BITS
:
1165 case EXT_CSD_ACCESS_MODE_CLEAR_BITS
:
1168 case EXT_CSD_ACCESS_MODE_WRITE_BYTE
:
1173 trace_sdcard_ext_csd_update(index
, sd
->ext_csd
[index
], b
);
1174 sd
->ext_csd
[index
] = b
;
1177 static void sd_function_switch(SDState
*sd
, uint32_t arg
)
1179 int i
, mode
, new_func
;
1180 mode
= !!(arg
& 0x80000000);
1182 sd
->data
[0] = 0x00; /* Maximum current consumption */
1184 sd
->data
[2] = 0x80; /* Supported group 6 functions */
1186 sd
->data
[4] = 0x80; /* Supported group 5 functions */
1188 sd
->data
[6] = 0x80; /* Supported group 4 functions */
1190 sd
->data
[8] = 0x80; /* Supported group 3 functions */
1192 sd
->data
[10] = 0x80; /* Supported group 2 functions */
1193 sd
->data
[11] = 0x43;
1194 sd
->data
[12] = 0x80; /* Supported group 1 functions */
1195 sd
->data
[13] = 0x03;
1197 memset(&sd
->data
[14], 0, 3);
1198 for (i
= 0; i
< 6; i
++) {
1199 new_func
= (arg
>> (i
* 4)) & 0x0f;
1200 if (mode
&& new_func
!= 0x0f)
1201 sd
->function_group
[i
] = new_func
;
1202 sd
->data
[16 - (i
>> 1)] |= new_func
<< ((i
% 2) * 4);
1204 memset(&sd
->data
[17], 0, 47);
1207 static inline bool sd_wp_addr(SDState
*sd
, uint64_t addr
)
1209 return test_bit(sd_addr_to_wpnum(addr
), sd
->wp_group_bmap
);
1212 static void sd_lock_command(SDState
*sd
)
1214 int erase
, lock
, clr_pwd
, set_pwd
, pwd_len
;
1215 erase
= !!(sd
->data
[0] & 0x08);
1216 lock
= sd
->data
[0] & 0x04;
1217 clr_pwd
= sd
->data
[0] & 0x02;
1218 set_pwd
= sd
->data
[0] & 0x01;
1220 if (sd
->blk_len
> 1)
1221 pwd_len
= sd
->data
[1];
1226 trace_sdcard_lock();
1228 trace_sdcard_unlock();
1231 if (!(sd
->card_status
& CARD_IS_LOCKED
) || sd
->blk_len
> 1 ||
1232 set_pwd
|| clr_pwd
|| lock
|| sd
->wp_switch
||
1233 (sd
->csd
[14] & 0x20)) {
1234 sd
->card_status
|= LOCK_UNLOCK_FAILED
;
1237 bitmap_zero(sd
->wp_group_bmap
, sd
->wp_group_bits
);
1238 sd
->csd
[14] &= ~0x10;
1239 sd
->card_status
&= ~CARD_IS_LOCKED
;
1241 /* Erasing the entire card here! */
1242 fprintf(stderr
, "SD: Card force-erased by CMD42\n");
1246 if (sd
->blk_len
< 2 + pwd_len
||
1247 pwd_len
<= sd
->pwd_len
||
1248 pwd_len
> sd
->pwd_len
+ 16) {
1249 sd
->card_status
|= LOCK_UNLOCK_FAILED
;
1253 if (sd
->pwd_len
&& memcmp(sd
->pwd
, sd
->data
+ 2, sd
->pwd_len
)) {
1254 sd
->card_status
|= LOCK_UNLOCK_FAILED
;
1258 pwd_len
-= sd
->pwd_len
;
1259 if ((pwd_len
&& !set_pwd
) ||
1260 (clr_pwd
&& (set_pwd
|| lock
)) ||
1261 (lock
&& !sd
->pwd_len
&& !set_pwd
) ||
1262 (!set_pwd
&& !clr_pwd
&&
1263 (((sd
->card_status
& CARD_IS_LOCKED
) && lock
) ||
1264 (!(sd
->card_status
& CARD_IS_LOCKED
) && !lock
)))) {
1265 sd
->card_status
|= LOCK_UNLOCK_FAILED
;
1270 memcpy(sd
->pwd
, sd
->data
+ 2 + sd
->pwd_len
, pwd_len
);
1271 sd
->pwd_len
= pwd_len
;
1279 sd
->card_status
|= CARD_IS_LOCKED
;
1281 sd
->card_status
&= ~CARD_IS_LOCKED
;
1284 static bool address_in_range(SDState
*sd
, const char *desc
,
1285 uint64_t addr
, uint32_t length
)
1287 if (addr
+ length
> sd
->size
) {
1288 qemu_log_mask(LOG_GUEST_ERROR
,
1289 "%s offset %"PRIu64
" > card %"PRIu64
" [%%%u]\n",
1290 desc
, addr
, sd
->size
, length
);
1291 sd
->card_status
|= ADDRESS_ERROR
;
1297 static sd_rsp_type_t
sd_invalid_state_for_cmd(SDState
*sd
, SDRequest req
)
1299 qemu_log_mask(LOG_GUEST_ERROR
, "%s: CMD%i in a wrong state: %s (spec %s)\n",
1300 sd
->proto
->name
, req
.cmd
, sd_state_name(sd
->state
),
1301 sd_version_str(sd
->spec_version
));
1306 static sd_rsp_type_t
sd_invalid_mode_for_cmd(SDState
*sd
, SDRequest req
)
1308 qemu_log_mask(LOG_GUEST_ERROR
, "%s: CMD%i in a wrong mode: %s (spec %s)\n",
1309 sd
->proto
->name
, req
.cmd
, sd_mode_name(sd
->mode
),
1310 sd_version_str(sd
->spec_version
));
1315 static sd_rsp_type_t
sd_cmd_illegal(SDState
*sd
, SDRequest req
)
1317 qemu_log_mask(LOG_GUEST_ERROR
, "%s: Unknown CMD%i for spec %s\n",
1318 sd
->proto
->name
, req
.cmd
,
1319 sd_version_str(sd
->spec_version
));
1324 /* Commands that are recognised but not yet implemented. */
1325 static sd_rsp_type_t
sd_cmd_unimplemented(SDState
*sd
, SDRequest req
)
1327 qemu_log_mask(LOG_UNIMP
, "%s: CMD%i not implemented\n",
1328 sd
->proto
->name
, req
.cmd
);
1333 static sd_rsp_type_t
sd_cmd_optional(SDState
*sd
, SDRequest req
)
1335 qemu_log_mask(LOG_UNIMP
, "%s: Optional CMD%i not implemented\n",
1336 sd
->proto
->name
, req
.cmd
);
1341 /* Configure fields for following sd_generic_write_byte() calls */
1342 static sd_rsp_type_t
sd_cmd_to_receivingdata(SDState
*sd
, SDRequest req
,
1343 uint64_t start
, size_t size
)
1345 if (sd
->state
!= sd_transfer_state
) {
1346 return sd_invalid_state_for_cmd(sd
, req
);
1348 sd
->state
= sd_receivingdata_state
;
1349 sd
->data_start
= start
;
1350 sd
->data_offset
= 0;
1351 /* sd->data[] used as receive buffer */
1352 sd
->data_size
= size
?: sizeof(sd
->data
);
1356 /* Configure fields for following sd_generic_read_byte() calls */
1357 static sd_rsp_type_t
sd_cmd_to_sendingdata(SDState
*sd
, SDRequest req
,
1359 const void *data
, size_t size
)
1361 if (sd
->state
!= sd_transfer_state
) {
1362 sd_invalid_state_for_cmd(sd
, req
);
1365 sd
->state
= sd_sendingdata_state
;
1366 sd
->data_start
= start
;
1367 sd
->data_offset
= 0;
1369 assert(size
> 0 && size
<= sizeof(sd
->data
));
1370 memcpy(sd
->data
, data
, size
);
1373 sd
->data_size
= size
;
1379 static sd_rsp_type_t
sd_cmd_GO_IDLE_STATE(SDState
*sd
, SDRequest req
)
1381 if (sd
->state
== sd_sleep_state
) {
1390 if (sd
->state
!= sd_inactive_state
) {
1391 sd
->state
= sd_idle_state
;
1392 sd_reset(DEVICE(sd
));
1395 return sd_is_spi(sd
) ? sd_r1
: sd_r0
;
1399 static sd_rsp_type_t
spi_cmd_SEND_OP_COND(SDState
*sd
, SDRequest req
)
1401 sd
->state
= sd_transfer_state
;
1407 static sd_rsp_type_t
sd_cmd_ALL_SEND_CID(SDState
*sd
, SDRequest req
)
1409 switch (sd
->state
) {
1410 case sd_ready_state
:
1411 sd
->state
= sd_identification_state
;
1414 return sd_invalid_state_for_cmd(sd
, req
);
1419 static sd_rsp_type_t
sd_cmd_SEND_RELATIVE_ADDR(SDState
*sd
, SDRequest req
)
1421 uint16_t random_rca
;
1423 switch (sd
->state
) {
1424 case sd_identification_state
:
1425 case sd_standby_state
:
1426 sd
->state
= sd_standby_state
;
1427 qemu_guest_getrandom_nofail(&random_rca
, sizeof(random_rca
));
1428 sd_set_rca(sd
, random_rca
);
1432 return sd_invalid_state_for_cmd(sd
, req
);
1436 static sd_rsp_type_t
emmc_cmd_SET_RELATIVE_ADDR(SDState
*sd
, SDRequest req
)
1438 switch (sd
->state
) {
1439 case sd_identification_state
:
1440 case sd_standby_state
:
1441 sd
->state
= sd_standby_state
;
1442 sd_set_rca(sd
, req
.arg
>> 16);
1446 return sd_invalid_state_for_cmd(sd
, req
);
1451 static sd_rsp_type_t
emmc_cmd_sleep_awake(SDState
*sd
, SDRequest req
)
1453 bool do_sleep
= extract32(req
.arg
, 15, 1);
1455 switch (sd
->state
) {
1456 case sd_sleep_state
:
1459 sd
->state
= sd_standby_state
;
1463 case sd_standby_state
:
1465 sd
->state
= sd_sleep_state
;
1470 return sd_invalid_state_for_cmd(sd
, req
);
1475 static sd_rsp_type_t
sd_cmd_SWITCH_FUNCTION(SDState
*sd
, SDRequest req
)
1477 if (sd
->mode
!= sd_data_transfer_mode
) {
1478 return sd_invalid_mode_for_cmd(sd
, req
);
1480 if (sd
->state
!= sd_transfer_state
) {
1481 return sd_invalid_state_for_cmd(sd
, req
);
1484 sd_function_switch(sd
, req
.arg
);
1485 return sd_cmd_to_sendingdata(sd
, req
, 0, NULL
, 64);
1488 static sd_rsp_type_t
emmc_cmd_SWITCH(SDState
*sd
, SDRequest req
)
1490 switch (sd
->state
) {
1491 case sd_transfer_state
:
1492 sd
->state
= sd_programming_state
;
1493 emmc_function_switch(sd
, req
.arg
);
1494 sd
->state
= sd_transfer_state
;
1497 return sd_invalid_state_for_cmd(sd
, req
);
1502 static sd_rsp_type_t
sd_cmd_DE_SELECT_CARD(SDState
*sd
, SDRequest req
)
1504 bool same_rca
= sd_req_rca_same(sd
, req
);
1506 switch (sd
->state
) {
1507 case sd_standby_state
:
1511 sd
->state
= sd_transfer_state
;
1514 case sd_transfer_state
:
1515 case sd_sendingdata_state
:
1519 sd
->state
= sd_standby_state
;
1522 case sd_disconnect_state
:
1526 sd
->state
= sd_programming_state
;
1529 case sd_programming_state
:
1533 sd
->state
= sd_disconnect_state
;
1539 return sd_invalid_state_for_cmd(sd
, req
);
1543 static sd_rsp_type_t
sd_cmd_SEND_IF_COND(SDState
*sd
, SDRequest req
)
1545 if (sd
->spec_version
< SD_PHY_SPECv2_00_VERS
) {
1546 return sd_cmd_illegal(sd
, req
);
1548 if (sd
->state
!= sd_idle_state
) {
1549 return sd_invalid_state_for_cmd(sd
, req
);
1553 /* No response if not exactly one VHS bit is set. */
1554 if (!(req
.arg
>> 8) || (req
.arg
>> (ctz32(req
.arg
& ~0xff) + 1))) {
1555 return sd_is_spi(sd
) ? sd_r7
: sd_r0
;
1564 static sd_rsp_type_t
emmc_cmd_SEND_EXT_CSD(SDState
*sd
, SDRequest req
)
1566 if (sd
->state
!= sd_transfer_state
) {
1567 return sd_invalid_state_for_cmd(sd
, req
);
1570 return sd_cmd_to_sendingdata(sd
, req
, sd_req_get_address(sd
, req
),
1571 sd
->ext_csd
, sizeof(sd
->ext_csd
));
1575 static sd_rsp_type_t
spi_cmd_SEND_CSD(SDState
*sd
, SDRequest req
)
1577 if (sd
->state
!= sd_standby_state
) {
1578 return sd_invalid_state_for_cmd(sd
, req
);
1580 return sd_cmd_to_sendingdata(sd
, req
, sd_req_get_address(sd
, req
),
1584 static sd_rsp_type_t
sd_cmd_SEND_CSD(SDState
*sd
, SDRequest req
)
1586 if (sd
->state
!= sd_standby_state
) {
1587 return sd_invalid_state_for_cmd(sd
, req
);
1590 return sd_req_rca_same(sd
, req
) ? sd_r2_s
: sd_r0
;
1594 static sd_rsp_type_t
spi_cmd_SEND_CID(SDState
*sd
, SDRequest req
)
1596 if (sd
->state
!= sd_standby_state
) {
1597 return sd_invalid_state_for_cmd(sd
, req
);
1599 return sd_cmd_to_sendingdata(sd
, req
, sd_req_get_address(sd
, req
),
1603 static sd_rsp_type_t
sd_cmd_SEND_CID(SDState
*sd
, SDRequest req
)
1605 if (sd
->state
!= sd_standby_state
) {
1606 return sd_invalid_state_for_cmd(sd
, req
);
1609 return sd_req_rca_same(sd
, req
) ? sd_r2_i
: sd_r0
;
1613 static sd_rsp_type_t
sd_cmd_STOP_TRANSMISSION(SDState
*sd
, SDRequest req
)
1615 switch (sd
->state
) {
1616 case sd_sendingdata_state
:
1617 sd
->state
= sd_transfer_state
;
1619 case sd_receivingdata_state
:
1620 sd
->state
= sd_programming_state
;
1621 /* Bzzzzzzztt .... Operation complete. */
1622 sd
->state
= sd_transfer_state
;
1625 return sd_invalid_state_for_cmd(sd
, req
);
1630 static sd_rsp_type_t
sd_cmd_SEND_STATUS(SDState
*sd
, SDRequest req
)
1632 if (sd
->mode
!= sd_data_transfer_mode
) {
1633 return sd_invalid_mode_for_cmd(sd
, req
);
1636 switch (sd
->state
) {
1637 case sd_standby_state
:
1638 case sd_transfer_state
:
1639 case sd_sendingdata_state
:
1640 case sd_receivingdata_state
:
1641 case sd_programming_state
:
1642 case sd_disconnect_state
:
1645 return sd_invalid_state_for_cmd(sd
, req
);
1648 if (sd_is_spi(sd
)) {
1652 return sd_req_rca_same(sd
, req
) ? sd_r1
: sd_r0
;
1656 static sd_rsp_type_t
sd_cmd_GO_INACTIVE_STATE(SDState
*sd
, SDRequest req
)
1658 if (sd
->mode
!= sd_data_transfer_mode
) {
1659 return sd_invalid_mode_for_cmd(sd
, req
);
1661 switch (sd
->state
) {
1662 case sd_standby_state
:
1663 case sd_transfer_state
:
1664 case sd_sendingdata_state
:
1665 case sd_receivingdata_state
:
1666 case sd_programming_state
:
1667 case sd_disconnect_state
:
1670 return sd_invalid_state_for_cmd(sd
, req
);
1672 if (sd_req_rca_same(sd
, req
)) {
1673 sd
->state
= sd_inactive_state
;
1680 static sd_rsp_type_t
sd_cmd_SET_BLOCKLEN(SDState
*sd
, SDRequest req
)
1682 if (sd
->state
!= sd_transfer_state
) {
1683 return sd_invalid_state_for_cmd(sd
, req
);
1685 if (req
.arg
> (1 << HWBLOCK_SHIFT
)) {
1686 sd
->card_status
|= BLOCK_LEN_ERROR
;
1688 trace_sdcard_set_blocklen(req
.arg
);
1689 sd
->blk_len
= req
.arg
;
1696 static sd_rsp_type_t
sd_cmd_READ_SINGLE_BLOCK(SDState
*sd
, SDRequest req
)
1700 if (sd
->state
!= sd_transfer_state
) {
1701 return sd_invalid_state_for_cmd(sd
, req
);
1704 addr
= sd_req_get_address(sd
, req
);
1705 if (!address_in_range(sd
, "READ_SINGLE_BLOCK", addr
, sd
->blk_len
)) {
1709 sd_blk_read(sd
, addr
, sd
->blk_len
);
1710 return sd_cmd_to_sendingdata(sd
, req
, addr
, NULL
, sd
->blk_len
);
1714 static sd_rsp_type_t
sd_cmd_SEND_TUNING_BLOCK(SDState
*sd
, SDRequest req
)
1716 if (sd
->spec_version
< SD_PHY_SPECv3_01_VERS
) {
1717 return sd_cmd_illegal(sd
, req
);
1720 return sd_cmd_to_sendingdata(sd
, req
, 0,
1721 sd_tuning_block_pattern4
,
1722 sizeof(sd_tuning_block_pattern4
));
1726 static sd_rsp_type_t
sd_cmd_SET_BLOCK_COUNT(SDState
*sd
, SDRequest req
)
1728 if (sd
->spec_version
< SD_PHY_SPECv3_01_VERS
) {
1729 return sd_cmd_illegal(sd
, req
);
1732 if (sd
->state
!= sd_transfer_state
) {
1733 return sd_invalid_state_for_cmd(sd
, req
);
1736 sd
->multi_blk_cnt
= req
.arg
;
1737 if (sd_is_emmc(sd
)) {
1738 sd
->multi_blk_cnt
&= 0xffff;
1740 trace_sdcard_set_block_count(sd
->multi_blk_cnt
);
1746 static sd_rsp_type_t
sd_cmd_WRITE_SINGLE_BLOCK(SDState
*sd
, SDRequest req
)
1750 if (sd
->state
!= sd_transfer_state
) {
1751 return sd_invalid_state_for_cmd(sd
, req
);
1754 addr
= sd_req_get_address(sd
, req
);
1755 if (!address_in_range(sd
, "WRITE_SINGLE_BLOCK", addr
, sd
->blk_len
)) {
1759 if (sd
->size
<= SDSC_MAX_CAPACITY
) {
1760 if (sd_wp_addr(sd
, addr
)) {
1761 sd
->card_status
|= WP_VIOLATION
;
1764 if (sd
->csd
[14] & 0x30) {
1765 sd
->card_status
|= WP_VIOLATION
;
1768 sd
->blk_written
= 0;
1769 return sd_cmd_to_receivingdata(sd
, req
, addr
, sd
->blk_len
);
1773 static sd_rsp_type_t
emmc_cmd_PROGRAM_CID(SDState
*sd
, SDRequest req
)
1775 return sd_cmd_to_receivingdata(sd
, req
, 0, sizeof(sd
->cid
));
1779 static sd_rsp_type_t
sd_cmd_PROGRAM_CSD(SDState
*sd
, SDRequest req
)
1781 return sd_cmd_to_receivingdata(sd
, req
, 0, sizeof(sd
->csd
));
1784 static sd_rsp_type_t
sd_cmd_SET_CLR_WRITE_PROT(SDState
*sd
, SDRequest req
,
1789 if (sd
->size
> SDSC_MAX_CAPACITY
) {
1793 if (sd
->state
!= sd_transfer_state
) {
1794 return sd_invalid_state_for_cmd(sd
, req
);
1797 addr
= sd_req_get_address(sd
, req
);
1798 if (!address_in_range(sd
, is_write
? "SET_WRITE_PROT" : "CLR_WRITE_PROT",
1803 sd
->state
= sd_programming_state
;
1805 set_bit(sd_addr_to_wpnum(addr
), sd
->wp_group_bmap
);
1807 clear_bit(sd_addr_to_wpnum(addr
), sd
->wp_group_bmap
);
1809 /* Bzzzzzzztt .... Operation complete. */
1810 sd
->state
= sd_transfer_state
;
1815 static sd_rsp_type_t
sd_cmd_SET_WRITE_PROT(SDState
*sd
, SDRequest req
)
1817 return sd_cmd_SET_CLR_WRITE_PROT(sd
, req
, true);
1821 static sd_rsp_type_t
sd_cmd_CLR_WRITE_PROT(SDState
*sd
, SDRequest req
)
1823 return sd_cmd_SET_CLR_WRITE_PROT(sd
, req
, false);
1827 static sd_rsp_type_t
sd_cmd_SEND_WRITE_PROT(SDState
*sd
, SDRequest req
)
1832 if (sd
->size
> SDSC_MAX_CAPACITY
) {
1836 if (sd
->state
!= sd_transfer_state
) {
1837 return sd_invalid_state_for_cmd(sd
, req
);
1840 addr
= sd_req_get_address(sd
, req
);
1841 if (!address_in_range(sd
, "SEND_WRITE_PROT", addr
, sd
->blk_len
)) {
1845 data
= sd_wpbits(sd
, req
.arg
);
1846 return sd_cmd_to_sendingdata(sd
, req
, addr
, &data
, sizeof(data
));
1850 static sd_rsp_type_t
sd_cmd_ERASE_WR_BLK_START(SDState
*sd
, SDRequest req
)
1852 if (sd
->state
!= sd_transfer_state
) {
1853 return sd_invalid_state_for_cmd(sd
, req
);
1855 sd
->erase_start
= req
.arg
;
1860 static sd_rsp_type_t
sd_cmd_ERASE_WR_BLK_END(SDState
*sd
, SDRequest req
)
1862 if (sd
->state
!= sd_transfer_state
) {
1863 return sd_invalid_state_for_cmd(sd
, req
);
1865 sd
->erase_end
= req
.arg
;
1870 static sd_rsp_type_t
sd_cmd_ERASE(SDState
*sd
, SDRequest req
)
1872 if (sd
->state
!= sd_transfer_state
) {
1873 return sd_invalid_state_for_cmd(sd
, req
);
1875 if (sd
->csd
[14] & 0x30) {
1876 sd
->card_status
|= WP_VIOLATION
;
1880 sd
->state
= sd_programming_state
;
1882 /* Bzzzzzzztt .... Operation complete. */
1883 sd
->state
= sd_transfer_state
;
1888 static sd_rsp_type_t
sd_cmd_LOCK_UNLOCK(SDState
*sd
, SDRequest req
)
1890 return sd_cmd_to_receivingdata(sd
, req
, 0, 0);
1894 static sd_rsp_type_t
sd_cmd_APP_CMD(SDState
*sd
, SDRequest req
)
1896 switch (sd
->state
) {
1897 case sd_ready_state
:
1898 case sd_identification_state
:
1899 case sd_inactive_state
:
1900 case sd_sleep_state
:
1901 return sd_invalid_state_for_cmd(sd
, req
);
1903 if (!sd_is_spi(sd
) && sd_req_get_rca(sd
, req
) != 0x0000) {
1904 qemu_log_mask(LOG_GUEST_ERROR
,
1905 "SD: illegal RCA 0x%04x for APP_CMD\n", req
.cmd
);
1911 if (!sd_is_spi(sd
) && !sd_req_rca_same(sd
, req
)) {
1914 sd
->expecting_acmd
= true;
1915 sd
->card_status
|= APP_CMD
;
1921 static sd_rsp_type_t
sd_cmd_GEN_CMD(SDState
*sd
, SDRequest req
)
1923 if (sd
->state
!= sd_transfer_state
) {
1924 return sd_invalid_state_for_cmd(sd
, req
);
1927 /* Vendor specific command: our model is RAZ/WI */
1929 memset(sd
->data
, 0, sizeof(sd
->data
));
1930 return sd_cmd_to_sendingdata(sd
, req
, 0, NULL
, 0);
1932 return sd_cmd_to_receivingdata(sd
, req
, 0, 0);
1937 static sd_rsp_type_t
spi_cmd_READ_OCR(SDState
*sd
, SDRequest req
)
1943 static sd_rsp_type_t
spi_cmd_CRC_ON_OFF(SDState
*sd
, SDRequest req
)
1949 static sd_rsp_type_t
sd_acmd_SET_BUS_WIDTH(SDState
*sd
, SDRequest req
)
1951 if (sd
->state
!= sd_transfer_state
) {
1952 return sd_invalid_state_for_cmd(sd
, req
);
1955 sd
->sd_status
[0] &= 0x3f;
1956 sd
->sd_status
[0] |= (req
.arg
& 0x03) << 6;
1961 static sd_rsp_type_t
sd_acmd_SD_STATUS(SDState
*sd
, SDRequest req
)
1963 return sd_cmd_to_sendingdata(sd
, req
, 0,
1964 sd
->sd_status
, sizeof(sd
->sd_status
));
1968 static sd_rsp_type_t
sd_acmd_SEND_NUM_WR_BLOCKS(SDState
*sd
, SDRequest req
)
1970 return sd_cmd_to_sendingdata(sd
, req
, 0,
1971 &sd
->blk_written
, sizeof(sd
->blk_written
));
1975 static sd_rsp_type_t
sd_acmd_SET_WR_BLK_ERASE_COUNT(SDState
*sd
, SDRequest req
)
1977 if (sd
->state
!= sd_transfer_state
) {
1978 return sd_invalid_state_for_cmd(sd
, req
);
1984 static sd_rsp_type_t
sd_cmd_SEND_OP_COND(SDState
*sd
, SDRequest req
)
1986 if (sd
->state
!= sd_idle_state
) {
1987 return sd_invalid_state_for_cmd(sd
, req
);
1991 * If it's the first ACMD41 since reset, we need to decide
1992 * whether to power up. If this is not an enquiry ACMD41,
1993 * we immediately report power on and proceed below to the
1994 * ready state, but if it is, we set a timer to model a
1995 * delay for power up. This works around a bug in EDK2
1996 * UEFI, which sends an initial enquiry ACMD41, but
1997 * assumes that the card is in ready state as soon as it
1998 * sees the power up bit set.
2000 if (!FIELD_EX32(sd
->ocr
, OCR
, CARD_POWER_UP
)) {
2001 if ((req
.arg
& ACMD41_ENQUIRY_MASK
) != 0) {
2002 timer_del(sd
->ocr_power_timer
);
2005 trace_sdcard_inquiry_cmd41();
2006 if (!timer_pending(sd
->ocr_power_timer
)) {
2007 timer_mod_ns(sd
->ocr_power_timer
,
2008 (qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL
)
2009 + OCR_POWER_DELAY_NS
));
2014 if (FIELD_EX32(sd
->ocr
& req
.arg
, OCR
, VDD_VOLTAGE_WINDOW
)) {
2016 * We accept any voltage. 10000 V is nothing.
2018 * Once we're powered up, we advance straight to ready state
2019 * unless it's an enquiry ACMD41 (bits 23:0 == 0).
2021 sd
->state
= sd_ready_state
;
2028 static sd_rsp_type_t
sd_acmd_SET_CLR_CARD_DETECT(SDState
*sd
, SDRequest req
)
2030 if (sd
->state
!= sd_transfer_state
) {
2031 return sd_invalid_state_for_cmd(sd
, req
);
2034 /* Bringing in the 50KOhm pull-up resistor... Done. */
2039 static sd_rsp_type_t
sd_acmd_SEND_SCR(SDState
*sd
, SDRequest req
)
2041 return sd_cmd_to_sendingdata(sd
, req
, 0, sd
->scr
, sizeof(sd
->scr
));
2044 static sd_rsp_type_t
sd_normal_command(SDState
*sd
, SDRequest req
)
2048 sd
->last_cmd_name
= sd_cmd_name(sd
, req
.cmd
);
2049 /* CMD55 precedes an ACMD, so we are not interested in tracing it.
2050 * However there is no ACMD55, so we want to trace this particular case.
2052 if (req
.cmd
!= 55 || sd
->expecting_acmd
) {
2053 trace_sdcard_normal_command(sd
->proto
->name
,
2054 sd
->last_cmd_name
, req
.cmd
,
2055 req
.arg
, sd_state_name(sd
->state
));
2058 /* Not interpreting this as an app command */
2059 sd
->card_status
&= ~APP_CMD
;
2061 /* CMD23 (set block count) must be immediately followed by CMD18 or CMD25
2062 * if not, its effects are cancelled */
2063 if (sd
->multi_blk_cnt
!= 0 && !(req
.cmd
== 18 || req
.cmd
== 25)) {
2064 sd
->multi_blk_cnt
= 0;
2067 if (sd
->proto
->cmd
[req
.cmd
].class == 6 && FIELD_EX32(sd
->ocr
, OCR
,
2069 /* Only Standard Capacity cards support class 6 commands */
2073 if (sd
->proto
->cmd
[req
.cmd
].handler
) {
2074 return sd
->proto
->cmd
[req
.cmd
].handler(sd
, req
);
2078 /* Block read commands (Class 2) */
2079 case 18: /* CMD18: READ_MULTIPLE_BLOCK */
2080 addr
= sd_req_get_address(sd
, req
);
2081 switch (sd
->state
) {
2082 case sd_transfer_state
:
2084 if (!address_in_range(sd
, "READ_BLOCK", addr
, sd
->blk_len
)) {
2088 sd
->state
= sd_sendingdata_state
;
2089 sd
->data_start
= addr
;
2090 sd
->data_offset
= 0;
2098 /* Block write commands (Class 4) */
2099 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
2100 addr
= sd_req_get_address(sd
, req
);
2101 switch (sd
->state
) {
2102 case sd_transfer_state
:
2104 if (!address_in_range(sd
, "WRITE_BLOCK", addr
, sd
->blk_len
)) {
2108 sd
->state
= sd_receivingdata_state
;
2109 sd
->data_start
= addr
;
2110 sd
->data_offset
= 0;
2111 sd
->blk_written
= 0;
2113 if (sd
->size
<= SDSC_MAX_CAPACITY
) {
2114 if (sd_wp_addr(sd
, sd
->data_start
)) {
2115 sd
->card_status
|= WP_VIOLATION
;
2118 if (sd
->csd
[14] & 0x30) {
2119 sd
->card_status
|= WP_VIOLATION
;
2129 qemu_log_mask(LOG_GUEST_ERROR
, "SD: Unknown CMD%i\n", req
.cmd
);
2133 return sd_invalid_state_for_cmd(sd
, req
);
2136 static sd_rsp_type_t
sd_app_command(SDState
*sd
,
2139 sd
->last_cmd_name
= sd_acmd_name(sd
, req
.cmd
);
2140 trace_sdcard_app_command(sd
->proto
->name
, sd
->last_cmd_name
,
2141 req
.cmd
, req
.arg
, sd_state_name(sd
->state
));
2142 sd
->card_status
|= APP_CMD
;
2144 if (sd
->proto
->acmd
[req
.cmd
].handler
) {
2145 return sd
->proto
->acmd
[req
.cmd
].handler(sd
, req
);
2149 case 18: /* Reserved for SD security applications */
2154 /* Refer to the "SD Specifications Part3 Security Specification" for
2155 * information about the SD Security Features.
2157 qemu_log_mask(LOG_UNIMP
, "SD: CMD%i Security not implemented\n",
2162 /* Fall back to standard commands. */
2163 return sd_normal_command(sd
, req
);
2166 qemu_log_mask(LOG_GUEST_ERROR
, "SD: ACMD%i in a wrong state\n", req
.cmd
);
2170 static bool cmd_valid_while_locked(SDState
*sd
, unsigned cmd
)
2174 /* Valid commands in locked state:
2176 * lock card class (7)
2178 * implicitly, the ACMD prefix CMD55
2180 * Anything else provokes an "illegal command" response.
2182 if (sd
->expecting_acmd
) {
2183 return cmd
== 41 || cmd
== 42;
2185 if (cmd
== 16 || cmd
== 55) {
2188 if (!sd
->proto
->cmd
[cmd
].handler
) {
2191 cmd_class
= sd
->proto
->cmd
[cmd
].class;
2193 return cmd_class
== 0 || cmd_class
== 7;
2196 int sd_do_command(SDState
*sd
, SDRequest
*req
,
2197 uint8_t *response
) {
2199 sd_rsp_type_t rtype
;
2202 if (!sd
->blk
|| !blk_is_inserted(sd
->blk
) || !sd
->enable
) {
2206 if (sd
->state
== sd_inactive_state
) {
2211 if (sd_req_crc_validate(req
)) {
2212 sd
->card_status
|= COM_CRC_ERROR
;
2217 if (req
->cmd
>= SDMMC_CMD_MAX
) {
2218 qemu_log_mask(LOG_GUEST_ERROR
, "SD: incorrect command 0x%02x\n",
2223 if (sd
->state
== sd_sleep_state
&& req
->cmd
) {
2224 qemu_log_mask(LOG_GUEST_ERROR
, "SD: Card is sleeping\n");
2229 if (sd
->card_status
& CARD_IS_LOCKED
) {
2230 if (!cmd_valid_while_locked(sd
, req
->cmd
)) {
2231 sd
->card_status
|= ILLEGAL_COMMAND
;
2232 sd
->expecting_acmd
= false;
2233 qemu_log_mask(LOG_GUEST_ERROR
, "SD: Card is locked\n");
2239 last_state
= sd
->state
;
2242 if (sd
->expecting_acmd
) {
2243 sd
->expecting_acmd
= false;
2244 rtype
= sd_app_command(sd
, *req
);
2246 rtype
= sd_normal_command(sd
, *req
);
2249 if (rtype
== sd_illegal
) {
2250 sd
->card_status
|= ILLEGAL_COMMAND
;
2252 /* Valid command, we can update the 'state before command' bits.
2253 * (Do this now so they appear in r1 responses.)
2255 sd
->card_status
= FIELD_DP32(sd
->card_status
, CSR
,
2256 CURRENT_STATE
, last_state
);
2263 sd_response_r1_make(sd
, response
);
2268 memcpy(response
, sd
->cid
, sizeof(sd
->cid
));
2273 memcpy(response
, sd
->csd
, sizeof(sd
->csd
));
2278 sd_response_r3_make(sd
, response
);
2283 sd_response_r6_make(sd
, response
);
2288 sd_response_r7_make(sd
, response
);
2294 * Invalid state transition, reset implementation
2295 * fields to avoid OOB abuse.
2298 sd
->data_offset
= 0;
2304 g_assert_not_reached();
2306 trace_sdcard_response(sd_response_name(rtype
), rsplen
);
2308 if (rtype
!= sd_illegal
) {
2309 /* Clear the "clear on valid command" status bits now we've
2312 sd
->card_status
&= ~CARD_STATUS_B
;
2316 qemu_hexdump(stderr
, "Response", response
, rsplen
);
2319 sd
->current_cmd
= rtype
== sd_illegal
? 0 : req
->cmd
;
2324 /* Return true if buffer is consumed. Configured by sd_cmd_to_receivingdata() */
2325 static bool sd_generic_write_byte(SDState
*sd
, uint8_t value
)
2327 sd
->data
[sd
->data_offset
] = value
;
2329 if (++sd
->data_offset
>= sd
->data_size
) {
2330 sd
->state
= sd_transfer_state
;
2336 /* Return true when buffer is consumed. Configured by sd_cmd_to_sendingdata() */
2337 static bool sd_generic_read_byte(SDState
*sd
, uint8_t *value
)
2339 *value
= sd
->data
[sd
->data_offset
];
2341 if (++sd
->data_offset
>= sd
->data_size
) {
2342 sd
->state
= sd_transfer_state
;
2349 void sd_write_byte(SDState
*sd
, uint8_t value
)
2353 if (!sd
->blk
|| !blk_is_inserted(sd
->blk
) || !sd
->enable
)
2356 if (sd
->state
!= sd_receivingdata_state
) {
2357 qemu_log_mask(LOG_GUEST_ERROR
,
2358 "%s: not in Receiving-Data state\n", __func__
);
2362 if (sd
->card_status
& (ADDRESS_ERROR
| WP_VIOLATION
))
2365 trace_sdcard_write_data(sd
->proto
->name
,
2367 sd
->current_cmd
, sd
->data_offset
, value
);
2368 switch (sd
->current_cmd
) {
2369 case 24: /* CMD24: WRITE_SINGLE_BLOCK */
2370 if (sd_generic_write_byte(sd
, value
)) {
2371 /* TODO: Check CRC before committing */
2372 sd
->state
= sd_programming_state
;
2373 sd_blk_write(sd
, sd
->data_start
, sd
->data_offset
);
2375 sd
->csd
[14] |= 0x40;
2376 /* Bzzzzzzztt .... Operation complete. */
2377 sd
->state
= sd_transfer_state
;
2381 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
2382 if (sd
->data_offset
== 0) {
2383 /* Start of the block - let's check the address is valid */
2384 if (!address_in_range(sd
, "WRITE_MULTIPLE_BLOCK",
2385 sd
->data_start
, sd
->blk_len
)) {
2388 if (sd
->size
<= SDSC_MAX_CAPACITY
) {
2389 if (sd_wp_addr(sd
, sd
->data_start
)) {
2390 sd
->card_status
|= WP_VIOLATION
;
2395 sd
->data
[sd
->data_offset
++] = value
;
2396 if (sd
->data_offset
>= sd
->blk_len
) {
2397 /* TODO: Check CRC before committing */
2398 sd
->state
= sd_programming_state
;
2399 sd_blk_write(sd
, sd
->data_start
, sd
->data_offset
);
2401 sd
->data_start
+= sd
->blk_len
;
2402 sd
->data_offset
= 0;
2403 sd
->csd
[14] |= 0x40;
2405 /* Bzzzzzzztt .... Operation complete. */
2406 if (sd
->multi_blk_cnt
!= 0) {
2407 if (--sd
->multi_blk_cnt
== 0) {
2409 sd
->state
= sd_transfer_state
;
2414 sd
->state
= sd_receivingdata_state
;
2418 case 26: /* CMD26: PROGRAM_CID */
2419 if (sd_generic_write_byte(sd
, value
)) {
2420 /* TODO: Check CRC before committing */
2421 sd
->state
= sd_programming_state
;
2422 for (i
= 0; i
< sizeof(sd
->cid
); i
++)
2423 if ((sd
->cid
[i
] | 0x00) != sd
->data
[i
])
2424 sd
->card_status
|= CID_CSD_OVERWRITE
;
2426 if (!(sd
->card_status
& CID_CSD_OVERWRITE
))
2427 for (i
= 0; i
< sizeof(sd
->cid
); i
++) {
2429 sd
->cid
[i
] &= sd
->data
[i
];
2431 /* Bzzzzzzztt .... Operation complete. */
2432 sd
->state
= sd_transfer_state
;
2436 case 27: /* CMD27: PROGRAM_CSD */
2437 if (sd_generic_write_byte(sd
, value
)) {
2438 /* TODO: Check CRC before committing */
2439 sd
->state
= sd_programming_state
;
2440 for (i
= 0; i
< sizeof(sd
->csd
); i
++)
2441 if ((sd
->csd
[i
] | sd_csd_rw_mask
[i
]) !=
2442 (sd
->data
[i
] | sd_csd_rw_mask
[i
]))
2443 sd
->card_status
|= CID_CSD_OVERWRITE
;
2445 /* Copy flag (OTP) & Permanent write protect */
2446 if (sd
->csd
[14] & ~sd
->data
[14] & 0x60)
2447 sd
->card_status
|= CID_CSD_OVERWRITE
;
2449 if (!(sd
->card_status
& CID_CSD_OVERWRITE
))
2450 for (i
= 0; i
< sizeof(sd
->csd
); i
++) {
2451 sd
->csd
[i
] |= sd_csd_rw_mask
[i
];
2452 sd
->csd
[i
] &= sd
->data
[i
];
2454 /* Bzzzzzzztt .... Operation complete. */
2455 sd
->state
= sd_transfer_state
;
2459 case 42: /* CMD42: LOCK_UNLOCK */
2460 if (sd_generic_write_byte(sd
, value
)) {
2461 /* TODO: Check CRC before committing */
2462 sd
->state
= sd_programming_state
;
2463 sd_lock_command(sd
);
2464 /* Bzzzzzzztt .... Operation complete. */
2465 sd
->state
= sd_transfer_state
;
2469 case 56: /* CMD56: GEN_CMD */
2470 sd_generic_write_byte(sd
, value
);
2474 g_assert_not_reached();
2478 uint8_t sd_read_byte(SDState
*sd
)
2480 /* TODO: Append CRCs */
2481 const uint8_t dummy_byte
= 0x00;
2485 if (!sd
->blk
|| !blk_is_inserted(sd
->blk
) || !sd
->enable
)
2488 if (sd
->state
!= sd_sendingdata_state
) {
2489 qemu_log_mask(LOG_GUEST_ERROR
,
2490 "%s: not in Sending-Data state\n", __func__
);
2494 if (sd
->card_status
& (ADDRESS_ERROR
| WP_VIOLATION
)) {
2498 io_len
= sd_blk_len(sd
);
2500 trace_sdcard_read_data(sd
->proto
->name
,
2501 sd
->last_cmd_name
, sd
->current_cmd
,
2502 sd
->data_offset
, sd
->data_size
, io_len
);
2503 switch (sd
->current_cmd
) {
2504 case 6: /* CMD6: SWITCH_FUNCTION */
2505 case 8: /* CMD8: SEND_EXT_CSD */
2506 case 9: /* CMD9: SEND_CSD */
2507 case 10: /* CMD10: SEND_CID */
2508 case 13: /* ACMD13: SD_STATUS */
2509 case 17: /* CMD17: READ_SINGLE_BLOCK */
2510 case 19: /* CMD19: SEND_TUNING_BLOCK (SD) */
2511 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
2512 case 30: /* CMD30: SEND_WRITE_PROT */
2513 case 51: /* ACMD51: SEND_SCR */
2514 case 56: /* CMD56: GEN_CMD */
2515 sd_generic_read_byte(sd
, &ret
);
2518 case 18: /* CMD18: READ_MULTIPLE_BLOCK */
2519 if (sd
->data_offset
== 0) {
2520 if (!address_in_range(sd
, "READ_MULTIPLE_BLOCK",
2521 sd
->data_start
, io_len
)) {
2524 sd_blk_read(sd
, sd
->data_start
, io_len
);
2526 ret
= sd
->data
[sd
->data_offset
++];
2528 if (sd
->data_offset
>= io_len
) {
2529 sd
->data_start
+= io_len
;
2530 sd
->data_offset
= 0;
2532 if (sd
->multi_blk_cnt
!= 0) {
2533 if (--sd
->multi_blk_cnt
== 0) {
2535 sd
->state
= sd_transfer_state
;
2543 qemu_log_mask(LOG_GUEST_ERROR
, "%s: DAT read illegal for command %s\n",
2544 __func__
, sd
->last_cmd_name
);
2551 static bool sd_receive_ready(SDState
*sd
)
2553 return sd
->state
== sd_receivingdata_state
;
2556 static bool sd_data_ready(SDState
*sd
)
2558 return sd
->state
== sd_sendingdata_state
;
2561 void sd_enable(SDState
*sd
, bool enable
)
2563 sd
->enable
= enable
;
2566 static const SDProto sd_proto_spi
= {
2569 [0] = {0, sd_spi
, "GO_IDLE_STATE", sd_cmd_GO_IDLE_STATE
},
2570 [1] = {0, sd_spi
, "SEND_OP_COND", spi_cmd_SEND_OP_COND
},
2571 [5] = {9, sd_spi
, "IO_SEND_OP_COND", sd_cmd_optional
},
2572 [6] = {10, sd_spi
, "SWITCH_FUNCTION", sd_cmd_SWITCH_FUNCTION
},
2573 [8] = {0, sd_spi
, "SEND_IF_COND", sd_cmd_SEND_IF_COND
},
2574 [9] = {0, sd_spi
, "SEND_CSD", spi_cmd_SEND_CSD
},
2575 [10] = {0, sd_spi
, "SEND_CID", spi_cmd_SEND_CID
},
2576 [12] = {0, sd_spi
, "STOP_TRANSMISSION", sd_cmd_STOP_TRANSMISSION
},
2577 [13] = {0, sd_spi
, "SEND_STATUS", sd_cmd_SEND_STATUS
},
2578 [16] = {2, sd_spi
, "SET_BLOCKLEN", sd_cmd_SET_BLOCKLEN
},
2579 [17] = {2, sd_spi
, "READ_SINGLE_BLOCK", sd_cmd_READ_SINGLE_BLOCK
},
2580 [24] = {4, sd_spi
, "WRITE_SINGLE_BLOCK", sd_cmd_WRITE_SINGLE_BLOCK
},
2581 [27] = {4, sd_spi
, "PROGRAM_CSD", sd_cmd_PROGRAM_CSD
},
2582 [28] = {6, sd_spi
, "SET_WRITE_PROT", sd_cmd_SET_WRITE_PROT
},
2583 [29] = {6, sd_spi
, "CLR_WRITE_PROT", sd_cmd_CLR_WRITE_PROT
},
2584 [30] = {6, sd_spi
, "SEND_WRITE_PROT", sd_cmd_SEND_WRITE_PROT
},
2585 [32] = {5, sd_spi
, "ERASE_WR_BLK_START", sd_cmd_ERASE_WR_BLK_START
},
2586 [33] = {5, sd_spi
, "ERASE_WR_BLK_END", sd_cmd_ERASE_WR_BLK_END
},
2587 [34] = {10, sd_spi
, "READ_SEC_CMD", sd_cmd_optional
},
2588 [35] = {10, sd_spi
, "WRITE_SEC_CMD", sd_cmd_optional
},
2589 [36] = {10, sd_spi
, "SEND_PSI", sd_cmd_optional
},
2590 [37] = {10, sd_spi
, "CONTROL_ASSD_SYSTEM", sd_cmd_optional
},
2591 [38] = {5, sd_spi
, "ERASE", sd_cmd_ERASE
},
2592 [42] = {7, sd_spi
, "LOCK_UNLOCK", sd_cmd_LOCK_UNLOCK
},
2593 [50] = {10, sd_spi
, "DIRECT_SECURE_READ", sd_cmd_optional
},
2594 [52] = {9, sd_spi
, "IO_RW_DIRECT", sd_cmd_optional
},
2595 [53] = {9, sd_spi
, "IO_RW_EXTENDED", sd_cmd_optional
},
2596 [55] = {8, sd_spi
, "APP_CMD", sd_cmd_APP_CMD
},
2597 [56] = {8, sd_spi
, "GEN_CMD", sd_cmd_GEN_CMD
},
2598 [57] = {10, sd_spi
, "DIRECT_SECURE_WRITE", sd_cmd_optional
},
2599 [58] = {0, sd_spi
, "READ_OCR", spi_cmd_READ_OCR
},
2600 [59] = {0, sd_spi
, "CRC_ON_OFF", spi_cmd_CRC_ON_OFF
},
2603 [13] = {8, sd_spi
, "SD_STATUS", sd_acmd_SD_STATUS
},
2604 [22] = {8, sd_spi
, "SEND_NUM_WR_BLOCKS", sd_acmd_SEND_NUM_WR_BLOCKS
},
2605 [23] = {8, sd_spi
, "SET_WR_BLK_ERASE_COUNT", sd_acmd_SET_WR_BLK_ERASE_COUNT
},
2606 [41] = {8, sd_spi
, "SEND_OP_COND", spi_cmd_SEND_OP_COND
},
2607 [42] = {8, sd_spi
, "SET_CLR_CARD_DETECT", sd_acmd_SET_CLR_CARD_DETECT
},
2608 [51] = {8, sd_spi
, "SEND_SCR", sd_acmd_SEND_SCR
},
2612 static const SDProto sd_proto_sd
= {
2615 [0] = {0, sd_bc
, "GO_IDLE_STATE", sd_cmd_GO_IDLE_STATE
},
2616 [2] = {0, sd_bcr
, "ALL_SEND_CID", sd_cmd_ALL_SEND_CID
},
2617 [3] = {0, sd_bcr
, "SEND_RELATIVE_ADDR", sd_cmd_SEND_RELATIVE_ADDR
},
2618 [4] = {0, sd_bc
, "SEND_DSR", sd_cmd_unimplemented
},
2619 [5] = {9, sd_bc
, "IO_SEND_OP_COND", sd_cmd_optional
},
2620 [6] = {10, sd_adtc
, "SWITCH_FUNCTION", sd_cmd_SWITCH_FUNCTION
},
2621 [7] = {0, sd_ac
, "(DE)SELECT_CARD", sd_cmd_DE_SELECT_CARD
},
2622 [8] = {0, sd_bcr
, "SEND_IF_COND", sd_cmd_SEND_IF_COND
},
2623 [9] = {0, sd_ac
, "SEND_CSD", sd_cmd_SEND_CSD
},
2624 [10] = {0, sd_ac
, "SEND_CID", sd_cmd_SEND_CID
},
2625 [11] = {0, sd_ac
, "VOLTAGE_SWITCH", sd_cmd_optional
},
2626 [12] = {0, sd_ac
, "STOP_TRANSMISSION", sd_cmd_STOP_TRANSMISSION
},
2627 [13] = {0, sd_ac
, "SEND_STATUS", sd_cmd_SEND_STATUS
},
2628 [15] = {0, sd_ac
, "GO_INACTIVE_STATE", sd_cmd_GO_INACTIVE_STATE
},
2629 [16] = {2, sd_ac
, "SET_BLOCKLEN", sd_cmd_SET_BLOCKLEN
},
2630 [17] = {2, sd_adtc
, "READ_SINGLE_BLOCK", sd_cmd_READ_SINGLE_BLOCK
},
2631 [19] = {2, sd_adtc
, "SEND_TUNING_BLOCK", sd_cmd_SEND_TUNING_BLOCK
},
2632 [20] = {2, sd_ac
, "SPEED_CLASS_CONTROL", sd_cmd_optional
},
2633 [23] = {2, sd_ac
, "SET_BLOCK_COUNT", sd_cmd_SET_BLOCK_COUNT
},
2634 [24] = {4, sd_adtc
, "WRITE_SINGLE_BLOCK", sd_cmd_WRITE_SINGLE_BLOCK
},
2635 [27] = {4, sd_adtc
, "PROGRAM_CSD", sd_cmd_PROGRAM_CSD
},
2636 [28] = {6, sd_ac
, "SET_WRITE_PROT", sd_cmd_SET_WRITE_PROT
},
2637 [29] = {6, sd_ac
, "CLR_WRITE_PROT", sd_cmd_CLR_WRITE_PROT
},
2638 [30] = {6, sd_adtc
, "SEND_WRITE_PROT", sd_cmd_SEND_WRITE_PROT
},
2639 [32] = {5, sd_ac
, "ERASE_WR_BLK_START", sd_cmd_ERASE_WR_BLK_START
},
2640 [33] = {5, sd_ac
, "ERASE_WR_BLK_END", sd_cmd_ERASE_WR_BLK_END
},
2641 [34] = {10, sd_adtc
, "READ_SEC_CMD", sd_cmd_optional
},
2642 [35] = {10, sd_adtc
, "WRITE_SEC_CMD", sd_cmd_optional
},
2643 [36] = {10, sd_adtc
, "SEND_PSI", sd_cmd_optional
},
2644 [37] = {10, sd_ac
, "CONTROL_ASSD_SYSTEM", sd_cmd_optional
},
2645 [38] = {5, sd_ac
, "ERASE", sd_cmd_ERASE
},
2646 [42] = {7, sd_adtc
, "LOCK_UNLOCK", sd_cmd_LOCK_UNLOCK
},
2647 [43] = {1, sd_ac
, "Q_MANAGEMENT", sd_cmd_optional
},
2648 [44] = {1, sd_ac
, "Q_TASK_INFO_A", sd_cmd_optional
},
2649 [45] = {1, sd_ac
, "Q_TASK_INFO_B", sd_cmd_optional
},
2650 [46] = {1, sd_adtc
, "Q_RD_TASK", sd_cmd_optional
},
2651 [47] = {1, sd_adtc
, "Q_WR_TASK", sd_cmd_optional
},
2652 [48] = {1, sd_adtc
, "READ_EXTR_SINGLE", sd_cmd_optional
},
2653 [49] = {1, sd_adtc
, "WRITE_EXTR_SINGLE", sd_cmd_optional
},
2654 [50] = {10, sd_adtc
, "DIRECT_SECURE_READ", sd_cmd_optional
},
2655 [52] = {9, sd_bc
, "IO_RW_DIRECT", sd_cmd_optional
},
2656 [53] = {9, sd_bc
, "IO_RW_EXTENDED", sd_cmd_optional
},
2657 [55] = {8, sd_ac
, "APP_CMD", sd_cmd_APP_CMD
},
2658 [56] = {8, sd_adtc
, "GEN_CMD", sd_cmd_GEN_CMD
},
2659 [57] = {10, sd_adtc
, "DIRECT_SECURE_WRITE", sd_cmd_optional
},
2660 [58] = {11, sd_adtc
, "READ_EXTR_MULTI", sd_cmd_optional
},
2661 [59] = {11, sd_adtc
, "WRITE_EXTR_MULTI", sd_cmd_optional
},
2664 [6] = {8, sd_ac
, "SET_BUS_WIDTH", sd_acmd_SET_BUS_WIDTH
},
2665 [13] = {8, sd_adtc
, "SD_STATUS", sd_acmd_SD_STATUS
},
2666 [22] = {8, sd_adtc
, "SEND_NUM_WR_BLOCKS", sd_acmd_SEND_NUM_WR_BLOCKS
},
2667 [23] = {8, sd_ac
, "SET_WR_BLK_ERASE_COUNT", sd_acmd_SET_WR_BLK_ERASE_COUNT
},
2668 [41] = {8, sd_bcr
, "SEND_OP_COND", sd_cmd_SEND_OP_COND
},
2669 [42] = {8, sd_ac
, "SET_CLR_CARD_DETECT", sd_acmd_SET_CLR_CARD_DETECT
},
2670 [51] = {8, sd_adtc
, "SEND_SCR", sd_acmd_SEND_SCR
},
2674 static const SDProto sd_proto_emmc
= {
2675 /* Only v4.3 is supported */
2678 [0] = {0, sd_bc
, "GO_IDLE_STATE", sd_cmd_GO_IDLE_STATE
},
2679 [1] = {0, sd_bcr
, "SEND_OP_COND", sd_cmd_SEND_OP_COND
},
2680 [2] = {0, sd_bcr
, "ALL_SEND_CID", sd_cmd_ALL_SEND_CID
},
2681 [3] = {0, sd_ac
, "SET_RELATIVE_ADDR", emmc_cmd_SET_RELATIVE_ADDR
},
2682 [4] = {0, sd_bc
, "SEND_DSR", sd_cmd_unimplemented
},
2683 [5] = {0, sd_ac
, "SLEEP/AWAKE", emmc_cmd_sleep_awake
},
2684 [6] = {10, sd_adtc
, "SWITCH", emmc_cmd_SWITCH
},
2685 [7] = {0, sd_ac
, "(DE)SELECT_CARD", sd_cmd_DE_SELECT_CARD
},
2686 [8] = {0, sd_adtc
, "SEND_EXT_CSD", emmc_cmd_SEND_EXT_CSD
},
2687 [9] = {0, sd_ac
, "SEND_CSD", sd_cmd_SEND_CSD
},
2688 [10] = {0, sd_ac
, "SEND_CID", sd_cmd_SEND_CID
},
2689 [11] = {1, sd_adtc
, "READ_DAT_UNTIL_STOP", sd_cmd_unimplemented
},
2690 [12] = {0, sd_ac
, "STOP_TRANSMISSION", sd_cmd_STOP_TRANSMISSION
},
2691 [13] = {0, sd_ac
, "SEND_STATUS", sd_cmd_SEND_STATUS
},
2692 [14] = {0, sd_adtc
, "BUSTEST_R", sd_cmd_unimplemented
},
2693 [15] = {0, sd_ac
, "GO_INACTIVE_STATE", sd_cmd_GO_INACTIVE_STATE
},
2694 [16] = {2, sd_ac
, "SET_BLOCKLEN", sd_cmd_SET_BLOCKLEN
},
2695 [17] = {2, sd_adtc
, "READ_SINGLE_BLOCK", sd_cmd_READ_SINGLE_BLOCK
},
2696 [19] = {0, sd_adtc
, "BUSTEST_W", sd_cmd_unimplemented
},
2697 [20] = {3, sd_adtc
, "WRITE_DAT_UNTIL_STOP", sd_cmd_unimplemented
},
2698 [23] = {2, sd_ac
, "SET_BLOCK_COUNT", sd_cmd_SET_BLOCK_COUNT
},
2699 [24] = {4, sd_adtc
, "WRITE_SINGLE_BLOCK", sd_cmd_WRITE_SINGLE_BLOCK
},
2700 [26] = {4, sd_adtc
, "PROGRAM_CID", emmc_cmd_PROGRAM_CID
},
2701 [27] = {4, sd_adtc
, "PROGRAM_CSD", sd_cmd_PROGRAM_CSD
},
2702 [28] = {6, sd_ac
, "SET_WRITE_PROT", sd_cmd_SET_WRITE_PROT
},
2703 [29] = {6, sd_ac
, "CLR_WRITE_PROT", sd_cmd_CLR_WRITE_PROT
},
2704 [30] = {6, sd_adtc
, "SEND_WRITE_PROT", sd_cmd_SEND_WRITE_PROT
},
2705 [31] = {6, sd_adtc
, "SEND_WRITE_PROT_TYPE", sd_cmd_unimplemented
},
2706 [35] = {5, sd_ac
, "ERASE_WR_BLK_START", sd_cmd_ERASE_WR_BLK_START
},
2707 [36] = {5, sd_ac
, "ERASE_WR_BLK_END", sd_cmd_ERASE_WR_BLK_END
},
2708 [38] = {5, sd_ac
, "ERASE", sd_cmd_ERASE
},
2709 [39] = {9, sd_ac
, "FAST_IO", sd_cmd_unimplemented
},
2710 [40] = {9, sd_bcr
, "GO_IRQ_STATE", sd_cmd_unimplemented
},
2711 [42] = {7, sd_adtc
, "LOCK_UNLOCK", sd_cmd_LOCK_UNLOCK
},
2712 [49] = {0, sd_adtc
, "SET_TIME", sd_cmd_unimplemented
},
2713 [55] = {8, sd_ac
, "APP_CMD", sd_cmd_APP_CMD
},
2714 [56] = {8, sd_adtc
, "GEN_CMD", sd_cmd_GEN_CMD
},
2718 static void sd_instance_init(Object
*obj
)
2720 SDState
*sd
= SDMMC_COMMON(obj
);
2721 SDCardClass
*sc
= SDMMC_COMMON_GET_CLASS(sd
);
2723 sd
->proto
= sc
->proto
;
2724 sd
->last_cmd_name
= "UNSET";
2726 sd
->ocr_power_timer
= timer_new_ns(QEMU_CLOCK_VIRTUAL
, sd_ocr_powerup
, sd
);
2729 static void sd_instance_finalize(Object
*obj
)
2731 SDState
*sd
= SDMMC_COMMON(obj
);
2733 timer_free(sd
->ocr_power_timer
);
2736 static void sd_realize(DeviceState
*dev
, Error
**errp
)
2738 SDState
*sd
= SDMMC_COMMON(dev
);
2741 switch (sd
->spec_version
) {
2742 case SD_PHY_SPECv1_10_VERS
2743 ... SD_PHY_SPECv3_01_VERS
:
2746 error_setg(errp
, "Invalid SD card Spec version: %u", sd
->spec_version
);
2753 if (!blk_supports_write_perm(sd
->blk
)) {
2754 error_setg(errp
, "Cannot use read-only drive as SD card");
2758 blk_size
= blk_getlength(sd
->blk
);
2759 if (blk_size
> 0 && !is_power_of_2(blk_size
)) {
2760 int64_t blk_size_aligned
= pow2ceil(blk_size
);
2763 blk_size_str
= size_to_str(blk_size
);
2764 error_setg(errp
, "Invalid SD card size: %s", blk_size_str
);
2765 g_free(blk_size_str
);
2767 blk_size_str
= size_to_str(blk_size_aligned
);
2768 error_append_hint(errp
,
2769 "SD card size has to be a power of 2, e.g. %s.\n"
2770 "You can resize disk images with"
2771 " 'qemu-img resize <imagefile> <new-size>'\n"
2772 "(note that this will lose data if you make the"
2773 " image smaller than it currently is).\n",
2775 g_free(blk_size_str
);
2780 ret
= blk_set_perm(sd
->blk
, BLK_PERM_CONSISTENT_READ
| BLK_PERM_WRITE
,
2781 BLK_PERM_ALL
, errp
);
2785 blk_set_dev_ops(sd
->blk
, &sd_block_ops
, sd
);
2789 static void emmc_realize(DeviceState
*dev
, Error
**errp
)
2791 SDState
*sd
= SDMMC_COMMON(dev
);
2793 sd
->spec_version
= SD_PHY_SPECv3_01_VERS
; /* Actually v4.3 */
2795 sd_realize(dev
, errp
);
2798 static Property sdmmc_common_properties
[] = {
2799 DEFINE_PROP_DRIVE("drive", SDState
, blk
),
2800 DEFINE_PROP_END_OF_LIST()
2803 static Property sd_properties
[] = {
2804 DEFINE_PROP_UINT8("spec_version", SDState
,
2805 spec_version
, SD_PHY_SPECv3_01_VERS
),
2806 DEFINE_PROP_END_OF_LIST()
2809 static Property emmc_properties
[] = {
2810 DEFINE_PROP_UINT64("boot-partition-size", SDState
, boot_part_size
, 0),
2811 DEFINE_PROP_UINT8("boot-config", SDState
, boot_config
, 0x0),
2812 DEFINE_PROP_END_OF_LIST()
2815 static void sdmmc_common_class_init(ObjectClass
*klass
, void *data
)
2817 DeviceClass
*dc
= DEVICE_CLASS(klass
);
2818 SDCardClass
*sc
= SDMMC_COMMON_CLASS(klass
);
2820 device_class_set_props(dc
, sdmmc_common_properties
);
2821 dc
->vmsd
= &sd_vmstate
;
2822 device_class_set_legacy_reset(dc
, sd_reset
);
2823 dc
->bus_type
= TYPE_SD_BUS
;
2824 set_bit(DEVICE_CATEGORY_STORAGE
, dc
->categories
);
2826 sc
->set_voltage
= sd_set_voltage
;
2827 sc
->get_dat_lines
= sd_get_dat_lines
;
2828 sc
->get_cmd_line
= sd_get_cmd_line
;
2829 sc
->do_command
= sd_do_command
;
2830 sc
->write_byte
= sd_write_byte
;
2831 sc
->read_byte
= sd_read_byte
;
2832 sc
->receive_ready
= sd_receive_ready
;
2833 sc
->data_ready
= sd_data_ready
;
2834 sc
->enable
= sd_enable
;
2835 sc
->get_inserted
= sd_get_inserted
;
2836 sc
->get_readonly
= sd_get_readonly
;
2839 static void sd_class_init(ObjectClass
*klass
, void *data
)
2841 DeviceClass
*dc
= DEVICE_CLASS(klass
);
2842 SDCardClass
*sc
= SDMMC_COMMON_CLASS(klass
);
2844 dc
->realize
= sd_realize
;
2845 device_class_set_props(dc
, sd_properties
);
2847 sc
->set_cid
= sd_set_cid
;
2848 sc
->set_csd
= sd_set_csd
;
2849 sc
->proto
= &sd_proto_sd
;
2853 * We do not model the chip select pin, so allow the board to select
2854 * whether card should be in SSI or MMC/SD mode. It is also up to the
2855 * board to ensure that ssi transfers only occur when the chip select
2858 static void sd_spi_class_init(ObjectClass
*klass
, void *data
)
2860 DeviceClass
*dc
= DEVICE_CLASS(klass
);
2861 SDCardClass
*sc
= SDMMC_COMMON_CLASS(klass
);
2863 dc
->desc
= "SD SPI";
2864 sc
->proto
= &sd_proto_spi
;
2867 static void emmc_class_init(ObjectClass
*klass
, void *data
)
2869 DeviceClass
*dc
= DEVICE_CLASS(klass
);
2870 SDCardClass
*sc
= SDMMC_COMMON_CLASS(klass
);
2873 dc
->realize
= emmc_realize
;
2874 device_class_set_props(dc
, emmc_properties
);
2875 /* Reason: Soldered on board */
2876 dc
->user_creatable
= false;
2878 sc
->proto
= &sd_proto_emmc
;
2880 sc
->set_cid
= emmc_set_cid
;
2881 sc
->set_csd
= emmc_set_csd
;
2884 static const TypeInfo sd_types
[] = {
2886 .name
= TYPE_SDMMC_COMMON
,
2887 .parent
= TYPE_DEVICE
,
2889 .instance_size
= sizeof(SDState
),
2890 .class_size
= sizeof(SDCardClass
),
2891 .class_init
= sdmmc_common_class_init
,
2892 .instance_init
= sd_instance_init
,
2893 .instance_finalize
= sd_instance_finalize
,
2896 .name
= TYPE_SD_CARD
,
2897 .parent
= TYPE_SDMMC_COMMON
,
2898 .class_init
= sd_class_init
,
2901 .name
= TYPE_SD_CARD_SPI
,
2902 .parent
= TYPE_SD_CARD
,
2903 .class_init
= sd_spi_class_init
,
2907 .parent
= TYPE_SDMMC_COMMON
,
2908 .class_init
= emmc_class_init
,
2912 DEFINE_TYPES(sd_types
)