search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
hw/sd/sdcard: Add sd_cmd_APP_CMD handler (CMD55)
[qemu/armbru.git] / hw / sd / sd.c
blobf5548d5667b331185c713ce66d2a8f1aa16c2cdb
1 /*
2 * SD Memory Card emulation as defined in the "SD Memory Card Physical
3 * layer specification, Version 2.00."
4 *
5 * Copyright (c) 2006 Andrzej Zaborowski <balrog@zabor.org>
6 * Copyright (c) 2007 CodeSourcery
7 * Copyright (c) 2018 Philippe Mathieu-Daudé <f4bug@amsat.org>
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS''
21 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
22 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
23 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR
24 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
25 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
26 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
27 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
28 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
29 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
30 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
31 */
32
33 #include "qemu/osdep.h"
34 #include "qemu/units.h"
35 #include "qemu/cutils.h"
36 #include "hw/irq.h"
37 #include "hw/registerfields.h"
38 #include "sysemu/block-backend.h"
39 #include "hw/sd/sd.h"
40 #include "hw/sd/sdcard_legacy.h"
41 #include "migration/vmstate.h"
42 #include "qapi/error.h"
43 #include "qemu/bitmap.h"
44 #include "hw/qdev-properties.h"
45 #include "hw/qdev-properties-system.h"
46 #include "qemu/error-report.h"
47 #include "qemu/timer.h"
48 #include "qemu/log.h"
49 #include "qemu/module.h"
50 #include "sdmmc-internal.h"
51 #include "trace.h"
52
53 //#define DEBUG_SD 1
54
55 #define SDSC_MAX_CAPACITY (2 * GiB)
56
57 #define INVALID_ADDRESS UINT32_MAX
58
59 typedef enum {
60 sd_r0 = 0, /* no response */
61 sd_r1, /* normal response command */
62 sd_r2_i, /* CID register */
63 sd_r2_s, /* CSD register */
64 sd_r3, /* OCR register */
65 sd_r6 = 6, /* Published RCA response */
66 sd_r7, /* Operating voltage */
67 sd_r1b = -1,
68 sd_illegal = -2,
69 } sd_rsp_type_t;
70
71 enum SDCardModes {
72 sd_inactive,
73 sd_card_identification_mode,
74 sd_data_transfer_mode,
75 };
76
77 enum SDCardStates {
78 sd_inactive_state = -1,
79 sd_idle_state = 0,
80 sd_ready_state = 1,
81 sd_identification_state = 2,
82 sd_standby_state = 3,
83 sd_transfer_state = 4,
84 sd_sendingdata_state = 5,
85 sd_receivingdata_state = 6,
86 sd_programming_state = 7,
87 sd_disconnect_state = 8,
88 };
89
90 #define SDMMC_CMD_MAX 64
91
92 typedef sd_rsp_type_t (*sd_cmd_handler)(SDState *sd, SDRequest req);
93
94 typedef struct SDProto {
95 const char *name;
96 struct {
97 const unsigned class;
98 const sd_cmd_type_t type;
99 const char *name;
100 sd_cmd_handler handler;
101 } cmd[SDMMC_CMD_MAX], acmd[SDMMC_CMD_MAX];
102 } SDProto;
103
104 struct SDState {
105 DeviceState parent_obj;
106
107 /* If true, created by sd_init() for a non-qdevified caller */
108 /* TODO purge them with fire */
109 bool me_no_qdev_me_kill_mammoth_with_rocks;
110
111 /* SD Memory Card Registers */
112 uint32_t ocr;
113 uint8_t scr[8];
114 uint8_t cid[16];
115 uint8_t csd[16];
116 uint16_t rca;
117 uint32_t card_status;
118 uint8_t sd_status[64];
119
120 /* Static properties */
121
122 uint8_t spec_version;
123 BlockBackend *blk;
124
125 const SDProto *proto;
126
127 /* Runtime changeables */
128
129 uint32_t mode; /* current card mode, one of SDCardModes */
130 int32_t state; /* current card state, one of SDCardStates */
131 uint32_t vhs;
132 bool wp_switch;
133 unsigned long *wp_group_bmap;
134 int32_t wp_group_bits;
135 uint64_t size;
136 uint32_t blk_len;
137 uint32_t multi_blk_cnt;
138 uint32_t erase_start;
139 uint32_t erase_end;
140 uint8_t pwd[16];
141 uint32_t pwd_len;
142 uint8_t function_group[6];
143 uint8_t current_cmd;
144 const char *last_cmd_name;
145 /* True if we will handle the next command as an ACMD. Note that this does
146 * *not* track the APP_CMD status bit!
147 */
148 bool expecting_acmd;
149 uint32_t blk_written;
150
151 uint64_t data_start;
152 uint32_t data_offset;
153 size_t data_size;
154 uint8_t data[512];
155 qemu_irq readonly_cb;
156 qemu_irq inserted_cb;
157 QEMUTimer *ocr_power_timer;
158 bool enable;
159 uint8_t dat_lines;
160 bool cmd_line;
161 };
162
163 static void sd_realize(DeviceState *dev, Error **errp);
164
165 static const SDProto sd_proto_spi;
166
167 static bool sd_is_spi(SDState *sd)
168 {
169 return sd->proto == &sd_proto_spi;
170 }
171
172 static const char *sd_version_str(enum SDPhySpecificationVersion version)
173 {
174 static const char *sdphy_version[] = {
175 [SD_PHY_SPECv1_10_VERS] = "v1.10",
176 [SD_PHY_SPECv2_00_VERS] = "v2.00",
177 [SD_PHY_SPECv3_01_VERS] = "v3.01",
178 };
179 if (version >= ARRAY_SIZE(sdphy_version)) {
180 return "unsupported version";
181 }
182 return sdphy_version[version];
183 }
184
185 static const char *sd_mode_name(enum SDCardModes mode)
186 {
187 static const char *mode_name[] = {
188 [sd_inactive] = "inactive",
189 [sd_card_identification_mode] = "identification",
190 [sd_data_transfer_mode] = "transfer",
191 };
192 assert(mode < ARRAY_SIZE(mode_name));
193 return mode_name[mode];
194 }
195
196 static const char *sd_state_name(enum SDCardStates state)
197 {
198 static const char *state_name[] = {
199 [sd_idle_state] = "idle",
200 [sd_ready_state] = "ready",
201 [sd_identification_state] = "identification",
202 [sd_standby_state] = "standby",
203 [sd_transfer_state] = "transfer",
204 [sd_sendingdata_state] = "sendingdata",
205 [sd_receivingdata_state] = "receivingdata",
206 [sd_programming_state] = "programming",
207 [sd_disconnect_state] = "disconnect",
208 };
209 if (state == sd_inactive_state) {
210 return "inactive";
211 }
212 assert(state < ARRAY_SIZE(state_name));
213 return state_name[state];
214 }
215
216 static const char *sd_response_name(sd_rsp_type_t rsp)
217 {
218 static const char *response_name[] = {
219 [sd_r0] = "RESP#0 (no response)",
220 [sd_r1] = "RESP#1 (normal cmd)",
221 [sd_r2_i] = "RESP#2 (CID reg)",
222 [sd_r2_s] = "RESP#2 (CSD reg)",
223 [sd_r3] = "RESP#3 (OCR reg)",
224 [sd_r6] = "RESP#6 (RCA)",
225 [sd_r7] = "RESP#7 (operating voltage)",
226 };
227 if (rsp == sd_illegal) {
228 return "ILLEGAL RESP";
229 }
230 if (rsp == sd_r1b) {
231 rsp = sd_r1;
232 }
233 assert(rsp < ARRAY_SIZE(response_name));
234 return response_name[rsp];
235 }
236
237 static const char *sd_cmd_name(SDState *sd, uint8_t cmd)
238 {
239 static const char *cmd_abbrev[SDMMC_CMD_MAX] = {
240 [18] = "READ_MULTIPLE_BLOCK",
241 [21] = "DPS_spec",
242 [25] = "WRITE_MULTIPLE_BLOCK",
243 [26] = "MANUF_RSVD",
244 [40] = "DPS_spec",
245 [56] = "GEN_CMD",
246 [60] = "MANUF_RSVD", [61] = "MANUF_RSVD",
247 [62] = "MANUF_RSVD", [63] = "MANUF_RSVD",
248 };
249 const SDProto *sdp = sd->proto;
250
251 if (sdp->cmd[cmd].handler) {
252 assert(!cmd_abbrev[cmd]);
253 return sdp->cmd[cmd].name;
254 }
255 return cmd_abbrev[cmd] ? cmd_abbrev[cmd] : "UNKNOWN_CMD";
256 }
257
258 static const char *sd_acmd_name(SDState *sd, uint8_t cmd)
259 {
260 static const char *acmd_abbrev[SDMMC_CMD_MAX] = {
261 [6] = "SET_BUS_WIDTH",
262 [13] = "SD_STATUS",
263 [14] = "DPS_spec", [15] = "DPS_spec",
264 [16] = "DPS_spec",
265 [18] = "SECU_spec",
266 [22] = "SEND_NUM_WR_BLOCKS", [23] = "SET_WR_BLK_ERASE_COUNT",
267 [42] = "SET_CLR_CARD_DETECT",
268 [51] = "SEND_SCR",
269 [52] = "SECU_spec", [53] = "SECU_spec",
270 [54] = "SECU_spec",
271 [56] = "SECU_spec", [57] = "SECU_spec",
272 [58] = "SECU_spec", [59] = "SECU_spec",
273 };
274 const SDProto *sdp = sd->proto;
275
276 if (sdp->acmd[cmd].handler) {
277 assert(!acmd_abbrev[cmd]);
278 return sdp->acmd[cmd].name;
279 }
280
281 return acmd_abbrev[cmd] ? acmd_abbrev[cmd] : "UNKNOWN_ACMD";
282 }
283
284 static uint8_t sd_get_dat_lines(SDState *sd)
285 {
286 return sd->enable ? sd->dat_lines : 0;
287 }
288
289 static bool sd_get_cmd_line(SDState *sd)
290 {
291 return sd->enable ? sd->cmd_line : false;
292 }
293
294 static void sd_set_voltage(SDState *sd, uint16_t millivolts)
295 {
296 trace_sdcard_set_voltage(millivolts);
297
298 switch (millivolts) {
299 case 3001 ... 3600: /* SD_VOLTAGE_3_3V */
300 case 2001 ... 3000: /* SD_VOLTAGE_3_0V */
301 break;
302 default:
303 qemu_log_mask(LOG_GUEST_ERROR, "SD card voltage not supported: %.3fV",
304 millivolts / 1000.f);
305 }
306 }
307
308 static void sd_set_mode(SDState *sd)
309 {
310 switch (sd->state) {
311 case sd_inactive_state:
312 sd->mode = sd_inactive;
313 break;
314
315 case sd_idle_state:
316 case sd_ready_state:
317 case sd_identification_state:
318 sd->mode = sd_card_identification_mode;
319 break;
320
321 case sd_standby_state:
322 case sd_transfer_state:
323 case sd_sendingdata_state:
324 case sd_receivingdata_state:
325 case sd_programming_state:
326 case sd_disconnect_state:
327 sd->mode = sd_data_transfer_mode;
328 break;
329 }
330 }
331
332 static uint8_t sd_crc7(const void *message, size_t width)
333 {
334 int i, bit;
335 uint8_t shift_reg = 0x00;
336 const uint8_t *msg = (const uint8_t *)message;
337
338 for (i = 0; i < width; i ++, msg ++)
339 for (bit = 7; bit >= 0; bit --) {
340 shift_reg <<= 1;
341 if ((shift_reg >> 7) ^ ((*msg >> bit) & 1))
342 shift_reg ^= 0x89;
343 }
344
345 return shift_reg;
346 }
347
348 /* Operation Conditions register */
349
350 #define OCR_POWER_DELAY_NS 500000 /* 0.5ms */
351
352 FIELD(OCR, VDD_VOLTAGE_WINDOW, 0, 24)
353 FIELD(OCR, VDD_VOLTAGE_WIN_LO, 0, 8)
354 FIELD(OCR, DUAL_VOLTAGE_CARD, 7, 1)
355 FIELD(OCR, VDD_VOLTAGE_WIN_HI, 8, 16)
356 FIELD(OCR, ACCEPT_SWITCH_1V8, 24, 1) /* Only UHS-I */
357 FIELD(OCR, UHS_II_CARD, 29, 1) /* Only UHS-II */
358 FIELD(OCR, CARD_CAPACITY, 30, 1) /* 0:SDSC, 1:SDHC/SDXC */
359 FIELD(OCR, CARD_POWER_UP, 31, 1)
360
361 #define ACMD41_ENQUIRY_MASK 0x00ffffff
362 #define ACMD41_R3_MASK (R_OCR_VDD_VOLTAGE_WIN_HI_MASK \
363 | R_OCR_ACCEPT_SWITCH_1V8_MASK \
364 | R_OCR_UHS_II_CARD_MASK \
365 | R_OCR_CARD_CAPACITY_MASK \
366 | R_OCR_CARD_POWER_UP_MASK)
367
368 static void sd_ocr_powerup(void *opaque)
369 {
370 SDState *sd = opaque;
371
372 trace_sdcard_powerup();
373 assert(!FIELD_EX32(sd->ocr, OCR, CARD_POWER_UP));
374
375 /* card power-up OK */
376 sd->ocr = FIELD_DP32(sd->ocr, OCR, CARD_POWER_UP, 1);
377
378 if (sd->size > SDSC_MAX_CAPACITY) {
379 sd->ocr = FIELD_DP32(sd->ocr, OCR, CARD_CAPACITY, 1);
380 }
381 }
382
383 static void sd_set_ocr(SDState *sd)
384 {
385 /* All voltages OK */
386 sd->ocr = R_OCR_VDD_VOLTAGE_WIN_HI_MASK;
387
388 if (sd_is_spi(sd)) {
389 /*
390 * We don't need to emulate power up sequence in SPI-mode.
391 * Thus, the card's power up status bit should be set to 1 when reset.
392 * The card's capacity status bit should also be set if SD card size
393 * is larger than 2GB for SDHC support.
394 */
395 sd_ocr_powerup(sd);
396 }
397 }
398
399 /* SD Configuration register */
400
401 static void sd_set_scr(SDState *sd)
402 {
403 sd->scr[0] = 0 << 4; /* SCR structure version 1.0 */
404 if (sd->spec_version == SD_PHY_SPECv1_10_VERS) {
405 sd->scr[0] |= 1; /* Spec Version 1.10 */
406 } else {
407 sd->scr[0] |= 2; /* Spec Version 2.00 or Version 3.0X */
408 }
409 sd->scr[1] = (2 << 4) /* SDSC Card (Security Version 1.01) */
410 | 0b0101; /* 1-bit or 4-bit width bus modes */
411 sd->scr[2] = 0x00; /* Extended Security is not supported. */
412 if (sd->spec_version >= SD_PHY_SPECv3_01_VERS) {
413 sd->scr[2] |= 1 << 7; /* Spec Version 3.0X */
414 }
415 sd->scr[3] = 0x00;
416 /* reserved for manufacturer usage */
417 sd->scr[4] = 0x00;
418 sd->scr[5] = 0x00;
419 sd->scr[6] = 0x00;
420 sd->scr[7] = 0x00;
421 }
422
423 /* Card IDentification register */
424
425 #define MID 0xaa
426 #define OID "XY"
427 #define PNM "QEMU!"
428 #define PRV 0x01
429 #define MDT_YR 2006
430 #define MDT_MON 2
431
432 static void sd_set_cid(SDState *sd)
433 {
434 sd->cid[0] = MID; /* Fake card manufacturer ID (MID) */
435 sd->cid[1] = OID[0]; /* OEM/Application ID (OID) */
436 sd->cid[2] = OID[1];
437 sd->cid[3] = PNM[0]; /* Fake product name (PNM) */
438 sd->cid[4] = PNM[1];
439 sd->cid[5] = PNM[2];
440 sd->cid[6] = PNM[3];
441 sd->cid[7] = PNM[4];
442 sd->cid[8] = PRV; /* Fake product revision (PRV) */
443 stl_be_p(&sd->cid[9], 0xdeadbeef); /* Fake serial number (PSN) */
444 sd->cid[13] = 0x00 | /* Manufacture date (MDT) */
445 ((MDT_YR - 2000) / 10);
446 sd->cid[14] = ((MDT_YR % 10) << 4) | MDT_MON;
447 sd->cid[15] = (sd_crc7(sd->cid, 15) << 1) | 1;
448 }
449
450 /* Card-Specific Data register */
451
452 #define HWBLOCK_SHIFT 9 /* 512 bytes */
453 #define SECTOR_SHIFT 5 /* 16 kilobytes */
454 #define WPGROUP_SHIFT 7 /* 2 megs */
455 #define CMULT_SHIFT 9 /* 512 times HWBLOCK_SIZE */
456 #define WPGROUP_SIZE (1 << (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT))
457
458 static const uint8_t sd_csd_rw_mask[16] = {
459 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
460 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xfc, 0xfe,
461 };
462
463 static void sd_set_csd(SDState *sd, uint64_t size)
464 {
465 int hwblock_shift = HWBLOCK_SHIFT;
466 uint32_t csize;
467 uint32_t sectsize = (1 << (SECTOR_SHIFT + 1)) - 1;
468 uint32_t wpsize = (1 << (WPGROUP_SHIFT + 1)) - 1;
469
470 /* To indicate 2 GiB card, BLOCK_LEN shall be 1024 bytes */
471 if (size == SDSC_MAX_CAPACITY) {
472 hwblock_shift += 1;
473 }
474 csize = (size >> (CMULT_SHIFT + hwblock_shift)) - 1;
475
476 if (size <= SDSC_MAX_CAPACITY) { /* Standard Capacity SD */
477 sd->csd[0] = 0x00; /* CSD structure */
478 sd->csd[1] = 0x26; /* Data read access-time-1 */
479 sd->csd[2] = 0x00; /* Data read access-time-2 */
480 sd->csd[3] = 0x32; /* Max. data transfer rate: 25 MHz */
481 sd->csd[4] = 0x5f; /* Card Command Classes */
482 sd->csd[5] = 0x50 | /* Max. read data block length */
483 hwblock_shift;
484 sd->csd[6] = 0xe0 | /* Partial block for read allowed */
485 ((csize >> 10) & 0x03);
486 sd->csd[7] = 0x00 | /* Device size */
487 ((csize >> 2) & 0xff);
488 sd->csd[8] = 0x3f | /* Max. read current */
489 ((csize << 6) & 0xc0);
490 sd->csd[9] = 0xfc | /* Max. write current */
491 ((CMULT_SHIFT - 2) >> 1);
492 sd->csd[10] = 0x40 | /* Erase sector size */
493 (((CMULT_SHIFT - 2) << 7) & 0x80) | (sectsize >> 1);
494 sd->csd[11] = 0x00 | /* Write protect group size */
495 ((sectsize << 7) & 0x80) | wpsize;
496 sd->csd[12] = 0x90 | /* Write speed factor */
497 (hwblock_shift >> 2);
498 sd->csd[13] = 0x20 | /* Max. write data block length */
499 ((hwblock_shift << 6) & 0xc0);
500 sd->csd[14] = 0x00; /* File format group */
501 } else { /* SDHC */
502 size /= 512 * KiB;
503 size -= 1;
504 sd->csd[0] = 0x40;
505 sd->csd[1] = 0x0e;
506 sd->csd[2] = 0x00;
507 sd->csd[3] = 0x32;
508 sd->csd[4] = 0x5b;
509 sd->csd[5] = 0x59;
510 sd->csd[6] = 0x00;
511 st24_be_p(&sd->csd[7], size);
512 sd->csd[10] = 0x7f;
513 sd->csd[11] = 0x80;
514 sd->csd[12] = 0x0a;
515 sd->csd[13] = 0x40;
516 sd->csd[14] = 0x00;
517 }
518 sd->csd[15] = (sd_crc7(sd->csd, 15) << 1) | 1;
519 }
520
521 /* Relative Card Address register */
522
523 static void sd_set_rca(SDState *sd)
524 {
525 sd->rca += 0x4567;
526 }
527
528 static uint16_t sd_req_get_rca(SDState *s, SDRequest req)
529 {
530 switch (s->proto->cmd[req.cmd].type) {
531 case sd_none:
532 /* Called from legacy code not ported to SDProto array */
533 assert(!s->proto->cmd[req.cmd].handler);
534 /* fall-through */
535 case sd_ac:
536 case sd_adtc:
537 return req.arg >> 16;
538 case sd_spi:
539 g_assert_not_reached();
540 default:
541 return 0;
542 }
543 }
544
545 static bool sd_req_rca_same(SDState *s, SDRequest req)
546 {
547 return sd_req_get_rca(s, req) == s->rca;
548 }
549
550 /* Card Status register */
551
552 FIELD(CSR, AKE_SEQ_ERROR, 3, 1)
553 FIELD(CSR, APP_CMD, 5, 1)
554 FIELD(CSR, FX_EVENT, 6, 1)
555 FIELD(CSR, READY_FOR_DATA, 8, 1)
556 FIELD(CSR, CURRENT_STATE, 9, 4)
557 FIELD(CSR, ERASE_RESET, 13, 1)
558 FIELD(CSR, CARD_ECC_DISABLED, 14, 1)
559 FIELD(CSR, WP_ERASE_SKIP, 15, 1)
560 FIELD(CSR, CSD_OVERWRITE, 16, 1)
561 FIELD(CSR, DEFERRED_RESPONSE, 17, 1)
562 FIELD(CSR, ERROR, 19, 1)
563 FIELD(CSR, CC_ERROR, 20, 1)
564 FIELD(CSR, CARD_ECC_FAILED, 21, 1)
565 FIELD(CSR, ILLEGAL_COMMAND, 22, 1)
566 FIELD(CSR, COM_CRC_ERROR, 23, 1)
567 FIELD(CSR, LOCK_UNLOCK_FAILED, 24, 1)
568 FIELD(CSR, CARD_IS_LOCKED, 25, 1)
569 FIELD(CSR, WP_VIOLATION, 26, 1)
570 FIELD(CSR, ERASE_PARAM, 27, 1)
571 FIELD(CSR, ERASE_SEQ_ERROR, 28, 1)
572 FIELD(CSR, BLOCK_LEN_ERROR, 29, 1)
573 FIELD(CSR, ADDRESS_ERROR, 30, 1)
574 FIELD(CSR, OUT_OF_RANGE, 31, 1)
575
576 /* Card status bits, split by clear condition:
577 * A : According to the card current state
578 * B : Always related to the previous command
579 * C : Cleared by read
580 */
581 #define CARD_STATUS_A (R_CSR_READY_FOR_DATA_MASK \
582 | R_CSR_CARD_ECC_DISABLED_MASK \
583 | R_CSR_CARD_IS_LOCKED_MASK)
584 #define CARD_STATUS_B (R_CSR_CURRENT_STATE_MASK \
585 | R_CSR_ILLEGAL_COMMAND_MASK \
586 | R_CSR_COM_CRC_ERROR_MASK)
587 #define CARD_STATUS_C (R_CSR_AKE_SEQ_ERROR_MASK \
588 | R_CSR_APP_CMD_MASK \
589 | R_CSR_ERASE_RESET_MASK \
590 | R_CSR_WP_ERASE_SKIP_MASK \
591 | R_CSR_CSD_OVERWRITE_MASK \
592 | R_CSR_ERROR_MASK \
593 | R_CSR_CC_ERROR_MASK \
594 | R_CSR_CARD_ECC_FAILED_MASK \
595 | R_CSR_LOCK_UNLOCK_FAILED_MASK \
596 | R_CSR_WP_VIOLATION_MASK \
597 | R_CSR_ERASE_PARAM_MASK \
598 | R_CSR_ERASE_SEQ_ERROR_MASK \
599 | R_CSR_BLOCK_LEN_ERROR_MASK \
600 | R_CSR_ADDRESS_ERROR_MASK \
601 | R_CSR_OUT_OF_RANGE_MASK)
602
603 static void sd_set_cardstatus(SDState *sd)
604 {
605 sd->card_status = READY_FOR_DATA;
606 }
607
608 static void sd_set_sdstatus(SDState *sd)
609 {
610 memset(sd->sd_status, 0, 64);
611 }
612
613 static const uint8_t sd_tuning_block_pattern4[64] = {
614 /*
615 * See: Physical Layer Simplified Specification Version 3.01,
616 * Table 4-2.
617 */
618 0xff, 0x0f, 0xff, 0x00, 0x0f, 0xfc, 0xc3, 0xcc,
619 0xc3, 0x3c, 0xcc, 0xff, 0xfe, 0xff, 0xfe, 0xef,
620 0xff, 0xdf, 0xff, 0xdd, 0xff, 0xfb, 0xff, 0xfb,
621 0xbf, 0xff, 0x7f, 0xff, 0x77, 0xf7, 0xbd, 0xef,
622 0xff, 0xf0, 0xff, 0xf0, 0x0f, 0xfc, 0xcc, 0x3c,
623 0xcc, 0x33, 0xcc, 0xcf, 0xff, 0xef, 0xff, 0xee,
624 0xff, 0xfd, 0xff, 0xfd, 0xdf, 0xff, 0xbf, 0xff,
625 0xbb, 0xff, 0xf7, 0xff, 0xf7, 0x7f, 0x7b, 0xde
626 };
627
628 static int sd_req_crc_validate(SDRequest *req)
629 {
630 uint8_t buffer[5];
631 buffer[0] = 0x40 | req->cmd;
632 stl_be_p(&buffer[1], req->arg);
633 return 0;
634 return sd_crc7(buffer, 5) != req->crc; /* TODO */
635 }
636
637 static void sd_response_r1_make(SDState *sd, uint8_t *response)
638 {
639 stl_be_p(response, sd->card_status);
640
641 /* Clear the "clear on read" status bits */
642 sd->card_status &= ~CARD_STATUS_C;
643 }
644
645 static void sd_response_r3_make(SDState *sd, uint8_t *response)
646 {
647 stl_be_p(response, sd->ocr & ACMD41_R3_MASK);
648 }
649
650 static void sd_response_r6_make(SDState *sd, uint8_t *response)
651 {
652 uint16_t status;
653
654 status = ((sd->card_status >> 8) & 0xc000) |
655 ((sd->card_status >> 6) & 0x2000) |
656 (sd->card_status & 0x1fff);
657 sd->card_status &= ~(CARD_STATUS_C & 0xc81fff);
658 stw_be_p(response + 0, sd->rca);
659 stw_be_p(response + 2, status);
660 }
661
662 static void sd_response_r7_make(SDState *sd, uint8_t *response)
663 {
664 stl_be_p(response, sd->vhs);
665 }
666
667 static uint32_t sd_blk_len(SDState *sd)
668 {
669 if (FIELD_EX32(sd->ocr, OCR, CARD_CAPACITY)) {
670 return 1 << HWBLOCK_SHIFT;
671 }
672 return sd->blk_len;
673 }
674
675 static uint64_t sd_req_get_address(SDState *sd, SDRequest req)
676 {
677 uint64_t addr;
678
679 if (FIELD_EX32(sd->ocr, OCR, CARD_CAPACITY)) {
680 addr = (uint64_t) req.arg << HWBLOCK_SHIFT;
681 } else {
682 addr = req.arg;
683 }
684 trace_sdcard_req_addr(req.arg, addr);
685 return addr;
686 }
687
688 static inline uint64_t sd_addr_to_wpnum(uint64_t addr)
689 {
690 return addr >> (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT);
691 }
692
693 static void sd_reset(DeviceState *dev)
694 {
695 SDState *sd = SD_CARD(dev);
696 uint64_t size;
697 uint64_t sect;
698
699 trace_sdcard_reset();
700 if (sd->blk) {
701 blk_get_geometry(sd->blk, &sect);
702 } else {
703 sect = 0;
704 }
705 size = sect << HWBLOCK_SHIFT;
706
707 sect = sd_addr_to_wpnum(size) + 1;
708
709 sd->state = sd_idle_state;
710
711 /* card registers */
712 sd->rca = 0x0000;
713 sd->size = size;
714 sd_set_ocr(sd);
715 sd_set_scr(sd);
716 sd_set_cid(sd);
717 sd_set_csd(sd, size);
718 sd_set_cardstatus(sd);
719 sd_set_sdstatus(sd);
720
721 g_free(sd->wp_group_bmap);
722 sd->wp_switch = sd->blk ? !blk_is_writable(sd->blk) : false;
723 sd->wp_group_bits = sect;
724 sd->wp_group_bmap = bitmap_new(sd->wp_group_bits);
725 memset(sd->function_group, 0, sizeof(sd->function_group));
726 sd->erase_start = INVALID_ADDRESS;
727 sd->erase_end = INVALID_ADDRESS;
728 sd->blk_len = 0x200;
729 sd->pwd_len = 0;
730 sd->expecting_acmd = false;
731 sd->dat_lines = 0xf;
732 sd->cmd_line = true;
733 sd->multi_blk_cnt = 0;
734 }
735
736 static bool sd_get_inserted(SDState *sd)
737 {
738 return sd->blk && blk_is_inserted(sd->blk);
739 }
740
741 static bool sd_get_readonly(SDState *sd)
742 {
743 return sd->wp_switch;
744 }
745
746 static void sd_cardchange(void *opaque, bool load, Error **errp)
747 {
748 SDState *sd = opaque;
749 DeviceState *dev = DEVICE(sd);
750 SDBus *sdbus;
751 bool inserted = sd_get_inserted(sd);
752 bool readonly = sd_get_readonly(sd);
753
754 if (inserted) {
755 trace_sdcard_inserted(readonly);
756 sd_reset(dev);
757 } else {
758 trace_sdcard_ejected();
759 }
760
761 if (sd->me_no_qdev_me_kill_mammoth_with_rocks) {
762 qemu_set_irq(sd->inserted_cb, inserted);
763 if (inserted) {
764 qemu_set_irq(sd->readonly_cb, readonly);
765 }
766 } else {
767 sdbus = SD_BUS(qdev_get_parent_bus(dev));
768 sdbus_set_inserted(sdbus, inserted);
769 if (inserted) {
770 sdbus_set_readonly(sdbus, readonly);
771 }
772 }
773 }
774
775 static const BlockDevOps sd_block_ops = {
776 .change_media_cb = sd_cardchange,
777 };
778
779 static bool sd_ocr_vmstate_needed(void *opaque)
780 {
781 SDState *sd = opaque;
782
783 /* Include the OCR state (and timer) if it is not yet powered up */
784 return !FIELD_EX32(sd->ocr, OCR, CARD_POWER_UP);
785 }
786
787 static const VMStateDescription sd_ocr_vmstate = {
788 .name = "sd-card/ocr-state",
789 .version_id = 1,
790 .minimum_version_id = 1,
791 .needed = sd_ocr_vmstate_needed,
792 .fields = (const VMStateField[]) {
793 VMSTATE_UINT32(ocr, SDState),
794 VMSTATE_TIMER_PTR(ocr_power_timer, SDState),
795 VMSTATE_END_OF_LIST()
796 },
797 };
798
799 static int sd_vmstate_pre_load(void *opaque)
800 {
801 SDState *sd = opaque;
802
803 /* If the OCR state is not included (prior versions, or not
804 * needed), then the OCR must be set as powered up. If the OCR state
805 * is included, this will be replaced by the state restore.
806 */
807 sd_ocr_powerup(sd);
808
809 return 0;
810 }
811
812 static const VMStateDescription sd_vmstate = {
813 .name = "sd-card",
814 .version_id = 2,
815 .minimum_version_id = 2,
816 .pre_load = sd_vmstate_pre_load,
817 .fields = (const VMStateField[]) {
818 VMSTATE_UINT32(mode, SDState),
819 VMSTATE_INT32(state, SDState),
820 VMSTATE_UINT8_ARRAY(cid, SDState, 16),
821 VMSTATE_UINT8_ARRAY(csd, SDState, 16),
822 VMSTATE_UINT16(rca, SDState),
823 VMSTATE_UINT32(card_status, SDState),
824 VMSTATE_PARTIAL_BUFFER(sd_status, SDState, 1),
825 VMSTATE_UINT32(vhs, SDState),
826 VMSTATE_BITMAP(wp_group_bmap, SDState, 0, wp_group_bits),
827 VMSTATE_UINT32(blk_len, SDState),
828 VMSTATE_UINT32(multi_blk_cnt, SDState),
829 VMSTATE_UINT32(erase_start, SDState),
830 VMSTATE_UINT32(erase_end, SDState),
831 VMSTATE_UINT8_ARRAY(pwd, SDState, 16),
832 VMSTATE_UINT32(pwd_len, SDState),
833 VMSTATE_UINT8_ARRAY(function_group, SDState, 6),
834 VMSTATE_UINT8(current_cmd, SDState),
835 VMSTATE_BOOL(expecting_acmd, SDState),
836 VMSTATE_UINT32(blk_written, SDState),
837 VMSTATE_UINT64(data_start, SDState),
838 VMSTATE_UINT32(data_offset, SDState),
839 VMSTATE_UINT8_ARRAY(data, SDState, 512),
840 VMSTATE_UNUSED_V(1, 512),
841 VMSTATE_BOOL(enable, SDState),
842 VMSTATE_END_OF_LIST()
843 },
844 .subsections = (const VMStateDescription * const []) {
845 &sd_ocr_vmstate,
846 NULL
847 },
848 };
849
850 /* Legacy initialization function for use by non-qdevified callers */
851 SDState *sd_init(BlockBackend *blk, bool is_spi)
852 {
853 Object *obj;
854 DeviceState *dev;
855 SDState *sd;
856 Error *err = NULL;
857
858 obj = object_new(is_spi ? TYPE_SD_CARD_SPI : TYPE_SD_CARD);
859 dev = DEVICE(obj);
860 if (!qdev_prop_set_drive_err(dev, "drive", blk, &err)) {
861 error_reportf_err(err, "sd_init failed: ");
862 return NULL;
863 }
864
865 /*
866 * Realizing the device properly would put it into the QOM
867 * composition tree even though it is not plugged into an
868 * appropriate bus. That's a no-no. Hide the device from
869 * QOM/qdev, and call its qdev realize callback directly.
870 */
871 object_ref(obj);
872 object_unparent(obj);
873 sd_realize(dev, &err);
874 if (err) {
875 error_reportf_err(err, "sd_init failed: ");
876 return NULL;
877 }
878
879 sd = SD_CARD(dev);
880 sd->me_no_qdev_me_kill_mammoth_with_rocks = true;
881 return sd;
882 }
883
884 void sd_set_cb(SDState *sd, qemu_irq readonly, qemu_irq insert)
885 {
886 sd->readonly_cb = readonly;
887 sd->inserted_cb = insert;
888 qemu_set_irq(readonly, sd->blk ? !blk_is_writable(sd->blk) : 0);
889 qemu_set_irq(insert, sd->blk ? blk_is_inserted(sd->blk) : 0);
890 }
891
892 static void sd_blk_read(SDState *sd, uint64_t addr, uint32_t len)
893 {
894 trace_sdcard_read_block(addr, len);
895 if (!sd->blk || blk_pread(sd->blk, addr, len, sd->data, 0) < 0) {
896 fprintf(stderr, "sd_blk_read: read error on host side\n");
897 }
898 }
899
900 static void sd_blk_write(SDState *sd, uint64_t addr, uint32_t len)
901 {
902 trace_sdcard_write_block(addr, len);
903 if (!sd->blk || blk_pwrite(sd->blk, addr, len, sd->data, 0) < 0) {
904 fprintf(stderr, "sd_blk_write: write error on host side\n");
905 }
906 }
907
908 #define APP_READ_BLOCK(a, len) memset(sd->data, 0xec, len)
909 #define APP_WRITE_BLOCK(a, len)
910
911 static void sd_erase(SDState *sd)
912 {
913 uint64_t erase_start = sd->erase_start;
914 uint64_t erase_end = sd->erase_end;
915 bool sdsc = true;
916 uint64_t wpnum;
917 uint64_t erase_addr;
918 int erase_len = 1 << HWBLOCK_SHIFT;
919
920 trace_sdcard_erase(sd->erase_start, sd->erase_end);
921 if (sd->erase_start == INVALID_ADDRESS
922 || sd->erase_end == INVALID_ADDRESS) {
923 sd->card_status |= ERASE_SEQ_ERROR;
924 sd->erase_start = INVALID_ADDRESS;
925 sd->erase_end = INVALID_ADDRESS;
926 return;
927 }
928
929 if (FIELD_EX32(sd->ocr, OCR, CARD_CAPACITY)) {
930 /* High capacity memory card: erase units are 512 byte blocks */
931 erase_start <<= HWBLOCK_SHIFT;
932 erase_end <<= HWBLOCK_SHIFT;
933 sdsc = false;
934 }
935
936 if (erase_start > sd->size || erase_end > sd->size) {
937 sd->card_status |= OUT_OF_RANGE;
938 sd->erase_start = INVALID_ADDRESS;
939 sd->erase_end = INVALID_ADDRESS;
940 return;
941 }
942
943 sd->erase_start = INVALID_ADDRESS;
944 sd->erase_end = INVALID_ADDRESS;
945 sd->csd[14] |= 0x40;
946
947 memset(sd->data, 0xff, erase_len);
948 for (erase_addr = erase_start; erase_addr <= erase_end;
949 erase_addr += erase_len) {
950 if (sdsc) {
951 /* Only SDSC cards support write protect groups */
952 wpnum = sd_addr_to_wpnum(erase_addr);
953 assert(wpnum < sd->wp_group_bits);
954 if (test_bit(wpnum, sd->wp_group_bmap)) {
955 sd->card_status |= WP_ERASE_SKIP;
956 continue;
957 }
958 }
959 sd_blk_write(sd, erase_addr, erase_len);
960 }
961 }
962
963 static uint32_t sd_wpbits(SDState *sd, uint64_t addr)
964 {
965 uint32_t i, wpnum;
966 uint32_t ret = 0;
967
968 wpnum = sd_addr_to_wpnum(addr);
969
970 for (i = 0; i < 32; i++, wpnum++, addr += WPGROUP_SIZE) {
971 if (addr >= sd->size) {
972 /*
973 * If the addresses of the last groups are outside the valid range,
974 * then the corresponding write protection bits shall be set to 0.
975 */
976 continue;
977 }
978 assert(wpnum < sd->wp_group_bits);
979 if (test_bit(wpnum, sd->wp_group_bmap)) {
980 ret |= (1 << i);
981 }
982 }
983
984 return ret;
985 }
986
987 static void sd_function_switch(SDState *sd, uint32_t arg)
988 {
989 int i, mode, new_func;
990 mode = !!(arg & 0x80000000);
991
992 sd->data[0] = 0x00; /* Maximum current consumption */
993 sd->data[1] = 0x01;
994 sd->data[2] = 0x80; /* Supported group 6 functions */
995 sd->data[3] = 0x01;
996 sd->data[4] = 0x80; /* Supported group 5 functions */
997 sd->data[5] = 0x01;
998 sd->data[6] = 0x80; /* Supported group 4 functions */
999 sd->data[7] = 0x01;
1000 sd->data[8] = 0x80; /* Supported group 3 functions */
1001 sd->data[9] = 0x01;
1002 sd->data[10] = 0x80; /* Supported group 2 functions */
1003 sd->data[11] = 0x43;
1004 sd->data[12] = 0x80; /* Supported group 1 functions */
1005 sd->data[13] = 0x03;
1006
1007 memset(&sd->data[14], 0, 3);
1008 for (i = 0; i < 6; i ++) {
1009 new_func = (arg >> (i * 4)) & 0x0f;
1010 if (mode && new_func != 0x0f)
1011 sd->function_group[i] = new_func;
1012 sd->data[16 - (i >> 1)] |= new_func << ((i % 2) * 4);
1013 }
1014 memset(&sd->data[17], 0, 47);
1015 }
1016
1017 static inline bool sd_wp_addr(SDState *sd, uint64_t addr)
1018 {
1019 return test_bit(sd_addr_to_wpnum(addr), sd->wp_group_bmap);
1020 }
1021
1022 static void sd_lock_command(SDState *sd)
1023 {
1024 int erase, lock, clr_pwd, set_pwd, pwd_len;
1025 erase = !!(sd->data[0] & 0x08);
1026 lock = sd->data[0] & 0x04;
1027 clr_pwd = sd->data[0] & 0x02;
1028 set_pwd = sd->data[0] & 0x01;
1029
1030 if (sd->blk_len > 1)
1031 pwd_len = sd->data[1];
1032 else
1033 pwd_len = 0;
1034
1035 if (lock) {
1036 trace_sdcard_lock();
1037 } else {
1038 trace_sdcard_unlock();
1039 }
1040 if (erase) {
1041 if (!(sd->card_status & CARD_IS_LOCKED) || sd->blk_len > 1 ||
1042 set_pwd || clr_pwd || lock || sd->wp_switch ||
1043 (sd->csd[14] & 0x20)) {
1044 sd->card_status |= LOCK_UNLOCK_FAILED;
1045 return;
1046 }
1047 bitmap_zero(sd->wp_group_bmap, sd->wp_group_bits);
1048 sd->csd[14] &= ~0x10;
1049 sd->card_status &= ~CARD_IS_LOCKED;
1050 sd->pwd_len = 0;
1051 /* Erasing the entire card here! */
1052 fprintf(stderr, "SD: Card force-erased by CMD42\n");
1053 return;
1054 }
1055
1056 if (sd->blk_len < 2 + pwd_len ||
1057 pwd_len <= sd->pwd_len ||
1058 pwd_len > sd->pwd_len + 16) {
1059 sd->card_status |= LOCK_UNLOCK_FAILED;
1060 return;
1061 }
1062
1063 if (sd->pwd_len && memcmp(sd->pwd, sd->data + 2, sd->pwd_len)) {
1064 sd->card_status |= LOCK_UNLOCK_FAILED;
1065 return;
1066 }
1067
1068 pwd_len -= sd->pwd_len;
1069 if ((pwd_len && !set_pwd) ||
1070 (clr_pwd && (set_pwd || lock)) ||
1071 (lock && !sd->pwd_len && !set_pwd) ||
1072 (!set_pwd && !clr_pwd &&
1073 (((sd->card_status & CARD_IS_LOCKED) && lock) ||
1074 (!(sd->card_status & CARD_IS_LOCKED) && !lock)))) {
1075 sd->card_status |= LOCK_UNLOCK_FAILED;
1076 return;
1077 }
1078
1079 if (set_pwd) {
1080 memcpy(sd->pwd, sd->data + 2 + sd->pwd_len, pwd_len);
1081 sd->pwd_len = pwd_len;
1082 }
1083
1084 if (clr_pwd) {
1085 sd->pwd_len = 0;
1086 }
1087
1088 if (lock)
1089 sd->card_status |= CARD_IS_LOCKED;
1090 else
1091 sd->card_status &= ~CARD_IS_LOCKED;
1092 }
1093
1094 static bool address_in_range(SDState *sd, const char *desc,
1095 uint64_t addr, uint32_t length)
1096 {
1097 if (addr + length > sd->size) {
1098 qemu_log_mask(LOG_GUEST_ERROR,
1099 "%s offset %"PRIu64" > card %"PRIu64" [%%%u]\n",
1100 desc, addr, sd->size, length);
1101 sd->card_status |= ADDRESS_ERROR;
1102 return false;
1103 }
1104 return true;
1105 }
1106
1107 static sd_rsp_type_t sd_invalid_state_for_cmd(SDState *sd, SDRequest req)
1108 {
1109 qemu_log_mask(LOG_GUEST_ERROR, "%s: CMD%i in a wrong state: %s (spec %s)\n",
1110 sd->proto->name, req.cmd, sd_state_name(sd->state),
1111 sd_version_str(sd->spec_version));
1112
1113 return sd_illegal;
1114 }
1115
1116 static sd_rsp_type_t sd_invalid_mode_for_cmd(SDState *sd, SDRequest req)
1117 {
1118 qemu_log_mask(LOG_GUEST_ERROR, "%s: CMD%i in a wrong mode: %s (spec %s)\n",
1119 sd->proto->name, req.cmd, sd_mode_name(sd->mode),
1120 sd_version_str(sd->spec_version));
1121
1122 return sd_illegal;
1123 }
1124
1125 static sd_rsp_type_t sd_cmd_illegal(SDState *sd, SDRequest req)
1126 {
1127 qemu_log_mask(LOG_GUEST_ERROR, "%s: Unknown CMD%i for spec %s\n",
1128 sd->proto->name, req.cmd,
1129 sd_version_str(sd->spec_version));
1130
1131 return sd_illegal;
1132 }
1133
1134 /* Commands that are recognised but not yet implemented. */
1135 static sd_rsp_type_t sd_cmd_unimplemented(SDState *sd, SDRequest req)
1136 {
1137 qemu_log_mask(LOG_UNIMP, "%s: CMD%i not implemented\n",
1138 sd->proto->name, req.cmd);
1139
1140 return sd_illegal;
1141 }
1142
1143 static sd_rsp_type_t sd_cmd_optional(SDState *sd, SDRequest req)
1144 {
1145 qemu_log_mask(LOG_UNIMP, "%s: Optional CMD%i not implemented\n",
1146 sd->proto->name, req.cmd);
1147
1148 return sd_illegal;
1149 }
1150
1151 /* Configure fields for following sd_generic_write_byte() calls */
1152 static sd_rsp_type_t sd_cmd_to_receivingdata(SDState *sd, SDRequest req,
1153 uint64_t start, size_t size)
1154 {
1155 if (sd->state != sd_transfer_state) {
1156 return sd_invalid_state_for_cmd(sd, req);
1157 }
1158 sd->state = sd_receivingdata_state;
1159 sd->data_start = start;
1160 sd->data_offset = 0;
1161 /* sd->data[] used as receive buffer */
1162 sd->data_size = size ?: sizeof(sd->data);
1163 return sd_r1;
1164 }
1165
1166 /* Configure fields for following sd_generic_read_byte() calls */
1167 static sd_rsp_type_t sd_cmd_to_sendingdata(SDState *sd, SDRequest req,
1168 uint64_t start,
1169 const void *data, size_t size)
1170 {
1171 if (sd->state != sd_transfer_state) {
1172 sd_invalid_state_for_cmd(sd, req);
1173 }
1174
1175 sd->state = sd_sendingdata_state;
1176 sd->data_start = start;
1177 sd->data_offset = 0;
1178 if (data) {
1179 assert(size > 0 && size <= sizeof(sd->data));
1180 memcpy(sd->data, data, size);
1181 }
1182 if (size) {
1183 sd->data_size = size;
1184 }
1185 return sd_r1;
1186 }
1187
1188 /* CMD0 */
1189 static sd_rsp_type_t sd_cmd_GO_IDLE_STATE(SDState *sd, SDRequest req)
1190 {
1191 sd->state = sd_idle_state;
1192 sd_reset(DEVICE(sd));
1193
1194 return sd_is_spi(sd) ? sd_r1 : sd_r0;
1195 }
1196
1197 /* CMD1 */
1198 static sd_rsp_type_t spi_cmd_SEND_OP_COND(SDState *sd, SDRequest req)
1199 {
1200 sd->state = sd_transfer_state;
1201
1202 return sd_r1;
1203 }
1204
1205 /* CMD2 */
1206 static sd_rsp_type_t sd_cmd_ALL_SEND_CID(SDState *sd, SDRequest req)
1207 {
1208 switch (sd->state) {
1209 case sd_ready_state:
1210 sd->state = sd_identification_state;
1211 return sd_r2_i;
1212 default:
1213 return sd_invalid_state_for_cmd(sd, req);
1214 }
1215 }
1216
1217 /* CMD3 */
1218 static sd_rsp_type_t sd_cmd_SEND_RELATIVE_ADDR(SDState *sd, SDRequest req)
1219 {
1220 switch (sd->state) {
1221 case sd_identification_state:
1222 case sd_standby_state:
1223 sd->state = sd_standby_state;
1224 sd_set_rca(sd);
1225 return sd_r6;
1226
1227 default:
1228 return sd_invalid_state_for_cmd(sd, req);
1229 }
1230 }
1231
1232 /* CMD6 */
1233 static sd_rsp_type_t sd_cmd_SWITCH_FUNCTION(SDState *sd, SDRequest req)
1234 {
1235 if (sd->mode != sd_data_transfer_mode) {
1236 return sd_invalid_mode_for_cmd(sd, req);
1237 }
1238 if (sd->state != sd_transfer_state) {
1239 return sd_invalid_state_for_cmd(sd, req);
1240 }
1241
1242 sd_function_switch(sd, req.arg);
1243 return sd_cmd_to_sendingdata(sd, req, 0, NULL, 64);
1244 }
1245
1246 /* CMD7 */
1247 static sd_rsp_type_t sd_cmd_DE_SELECT_CARD(SDState *sd, SDRequest req)
1248 {
1249 bool same_rca = sd_req_rca_same(sd, req);
1250
1251 switch (sd->state) {
1252 case sd_standby_state:
1253 if (!same_rca) {
1254 return sd_r0;
1255 }
1256 sd->state = sd_transfer_state;
1257 return sd_r1b;
1258
1259 case sd_transfer_state:
1260 case sd_sendingdata_state:
1261 if (same_rca) {
1262 break;
1263 }
1264 sd->state = sd_standby_state;
1265 return sd_r1b;
1266
1267 case sd_disconnect_state:
1268 if (!same_rca) {
1269 return sd_r0;
1270 }
1271 sd->state = sd_programming_state;
1272 return sd_r1b;
1273
1274 case sd_programming_state:
1275 if (same_rca) {
1276 break;
1277 }
1278 sd->state = sd_disconnect_state;
1279 return sd_r1b;
1280
1281 default:
1282 break;
1283 }
1284 return sd_invalid_state_for_cmd(sd, req);
1285 }
1286
1287 /* CMD8 */
1288 static sd_rsp_type_t sd_cmd_SEND_IF_COND(SDState *sd, SDRequest req)
1289 {
1290 if (sd->spec_version < SD_PHY_SPECv2_00_VERS) {
1291 return sd_cmd_illegal(sd, req);
1292 }
1293 if (sd->state != sd_idle_state) {
1294 return sd_invalid_state_for_cmd(sd, req);
1295 }
1296 sd->vhs = 0;
1297
1298 /* No response if not exactly one VHS bit is set. */
1299 if (!(req.arg >> 8) || (req.arg >> (ctz32(req.arg & ~0xff) + 1))) {
1300 return sd_is_spi(sd) ? sd_r7 : sd_r0;
1301 }
1302
1303 /* Accept. */
1304 sd->vhs = req.arg;
1305 return sd_r7;
1306 }
1307
1308 /* CMD9 */
1309 static sd_rsp_type_t spi_cmd_SEND_CSD(SDState *sd, SDRequest req)
1310 {
1311 if (sd->state != sd_standby_state) {
1312 return sd_invalid_state_for_cmd(sd, req);
1313 }
1314 return sd_cmd_to_sendingdata(sd, req, sd_req_get_address(sd, req),
1315 sd->csd, 16);
1316 }
1317
1318 static sd_rsp_type_t sd_cmd_SEND_CSD(SDState *sd, SDRequest req)
1319 {
1320 if (sd->state != sd_standby_state) {
1321 return sd_invalid_state_for_cmd(sd, req);
1322 }
1323
1324 return sd_req_rca_same(sd, req) ? sd_r2_s : sd_r0;
1325 }
1326
1327 /* CMD10 */
1328 static sd_rsp_type_t spi_cmd_SEND_CID(SDState *sd, SDRequest req)
1329 {
1330 if (sd->state != sd_standby_state) {
1331 return sd_invalid_state_for_cmd(sd, req);
1332 }
1333 return sd_cmd_to_sendingdata(sd, req, sd_req_get_address(sd, req),
1334 sd->cid, 16);
1335 }
1336
1337 static sd_rsp_type_t sd_cmd_SEND_CID(SDState *sd, SDRequest req)
1338 {
1339 if (sd->state != sd_standby_state) {
1340 return sd_invalid_state_for_cmd(sd, req);
1341 }
1342
1343 return sd_req_rca_same(sd, req) ? sd_r2_i : sd_r0;
1344 }
1345
1346 /* CMD12 */
1347 static sd_rsp_type_t sd_cmd_STOP_TRANSMISSION(SDState *sd, SDRequest req)
1348 {
1349 switch (sd->state) {
1350 case sd_sendingdata_state:
1351 sd->state = sd_transfer_state;
1352 return sd_r1b;
1353 case sd_receivingdata_state:
1354 sd->state = sd_programming_state;
1355 /* Bzzzzzzztt .... Operation complete. */
1356 sd->state = sd_transfer_state;
1357 return sd_r1;
1358 default:
1359 return sd_invalid_state_for_cmd(sd, req);
1360 }
1361 }
1362
1363 /* CMD13 */
1364 static sd_rsp_type_t sd_cmd_SEND_STATUS(SDState *sd, SDRequest req)
1365 {
1366 if (sd->mode != sd_data_transfer_mode) {
1367 return sd_invalid_mode_for_cmd(sd, req);
1368 }
1369
1370 switch (sd->state) {
1371 case sd_standby_state:
1372 case sd_transfer_state:
1373 case sd_sendingdata_state:
1374 case sd_receivingdata_state:
1375 case sd_programming_state:
1376 case sd_disconnect_state:
1377 break;
1378 default:
1379 return sd_invalid_state_for_cmd(sd, req);
1380 }
1381
1382 if (sd_is_spi(sd)) {
1383 return sd_r2_s;
1384 }
1385
1386 return sd_req_rca_same(sd, req) ? sd_r1 : sd_r0;
1387 }
1388
1389 /* CMD15 */
1390 static sd_rsp_type_t sd_cmd_GO_INACTIVE_STATE(SDState *sd, SDRequest req)
1391 {
1392 if (sd->mode != sd_data_transfer_mode) {
1393 return sd_invalid_mode_for_cmd(sd, req);
1394 }
1395 switch (sd->state) {
1396 case sd_standby_state:
1397 case sd_transfer_state:
1398 case sd_sendingdata_state:
1399 case sd_receivingdata_state:
1400 case sd_programming_state:
1401 case sd_disconnect_state:
1402 break;
1403 default:
1404 return sd_invalid_state_for_cmd(sd, req);
1405 }
1406 if (sd_req_rca_same(sd, req)) {
1407 sd->state = sd_inactive_state;
1408 }
1409
1410 return sd_r0;
1411 }
1412
1413 /* CMD16 */
1414 static sd_rsp_type_t sd_cmd_SET_BLOCKLEN(SDState *sd, SDRequest req)
1415 {
1416 if (sd->state != sd_transfer_state) {
1417 return sd_invalid_state_for_cmd(sd, req);
1418 }
1419 if (req.arg > (1 << HWBLOCK_SHIFT)) {
1420 sd->card_status |= BLOCK_LEN_ERROR;
1421 } else {
1422 trace_sdcard_set_blocklen(req.arg);
1423 sd->blk_len = req.arg;
1424 }
1425
1426 return sd_r1;
1427 }
1428
1429 /* CMD17 */
1430 static sd_rsp_type_t sd_cmd_READ_SINGLE_BLOCK(SDState *sd, SDRequest req)
1431 {
1432 uint64_t addr;
1433
1434 if (sd->state != sd_transfer_state) {
1435 return sd_invalid_state_for_cmd(sd, req);
1436 }
1437
1438 addr = sd_req_get_address(sd, req);
1439 if (!address_in_range(sd, "READ_SINGLE_BLOCK", addr, sd->blk_len)) {
1440 return sd_r1;
1441 }
1442
1443 sd_blk_read(sd, addr, sd->blk_len);
1444 return sd_cmd_to_sendingdata(sd, req, addr, NULL, sd->blk_len);
1445 }
1446
1447 /* CMD19 */
1448 static sd_rsp_type_t sd_cmd_SEND_TUNING_BLOCK(SDState *sd, SDRequest req)
1449 {
1450 if (sd->spec_version < SD_PHY_SPECv3_01_VERS) {
1451 return sd_cmd_illegal(sd, req);
1452 }
1453
1454 return sd_cmd_to_sendingdata(sd, req, 0,
1455 sd_tuning_block_pattern4,
1456 sizeof(sd_tuning_block_pattern4));
1457 }
1458
1459 /* CMD23 */
1460 static sd_rsp_type_t sd_cmd_SET_BLOCK_COUNT(SDState *sd, SDRequest req)
1461 {
1462 if (sd->spec_version < SD_PHY_SPECv3_01_VERS) {
1463 return sd_cmd_illegal(sd, req);
1464 }
1465
1466 if (sd->state != sd_transfer_state) {
1467 return sd_invalid_state_for_cmd(sd, req);
1468 }
1469
1470 sd->multi_blk_cnt = req.arg;
1471 trace_sdcard_set_block_count(sd->multi_blk_cnt);
1472
1473 return sd_r1;
1474 }
1475
1476 /* CMD24 */
1477 static sd_rsp_type_t sd_cmd_WRITE_SINGLE_BLOCK(SDState *sd, SDRequest req)
1478 {
1479 uint64_t addr;
1480
1481 if (sd->state != sd_transfer_state) {
1482 return sd_invalid_state_for_cmd(sd, req);
1483 }
1484
1485 addr = sd_req_get_address(sd, req);
1486 if (!address_in_range(sd, "WRITE_SINGLE_BLOCK", addr, sd->blk_len)) {
1487 return sd_r1;
1488 }
1489
1490 if (sd->size <= SDSC_MAX_CAPACITY) {
1491 if (sd_wp_addr(sd, addr)) {
1492 sd->card_status |= WP_VIOLATION;
1493 }
1494 }
1495 if (sd->csd[14] & 0x30) {
1496 sd->card_status |= WP_VIOLATION;
1497 }
1498
1499 sd->blk_written = 0;
1500 return sd_cmd_to_receivingdata(sd, req, addr, sd->blk_len);
1501 }
1502
1503 /* CMD27 */
1504 static sd_rsp_type_t sd_cmd_PROGRAM_CSD(SDState *sd, SDRequest req)
1505 {
1506 return sd_cmd_to_receivingdata(sd, req, 0, sizeof(sd->csd));
1507 }
1508
1509 static sd_rsp_type_t sd_cmd_SET_CLR_WRITE_PROT(SDState *sd, SDRequest req,
1510 bool is_write)
1511 {
1512 uint64_t addr;
1513
1514 if (sd->size > SDSC_MAX_CAPACITY) {
1515 return sd_illegal;
1516 }
1517
1518 if (sd->state != sd_transfer_state) {
1519 return sd_invalid_state_for_cmd(sd, req);
1520 }
1521
1522 addr = sd_req_get_address(sd, req);
1523 if (!address_in_range(sd, is_write ? "SET_WRITE_PROT" : "CLR_WRITE_PROT",
1524 addr, 1)) {
1525 return sd_r1b;
1526 }
1527
1528 sd->state = sd_programming_state;
1529 if (is_write) {
1530 set_bit(sd_addr_to_wpnum(addr), sd->wp_group_bmap);
1531 } else {
1532 clear_bit(sd_addr_to_wpnum(addr), sd->wp_group_bmap);
1533 }
1534 /* Bzzzzzzztt .... Operation complete. */
1535 sd->state = sd_transfer_state;
1536 return sd_r1;
1537 }
1538
1539 /* CMD28 */
1540 static sd_rsp_type_t sd_cmd_SET_WRITE_PROT(SDState *sd, SDRequest req)
1541 {
1542 return sd_cmd_SET_CLR_WRITE_PROT(sd, req, true);
1543 }
1544
1545 /* CMD29 */
1546 static sd_rsp_type_t sd_cmd_CLR_WRITE_PROT(SDState *sd, SDRequest req)
1547 {
1548 return sd_cmd_SET_CLR_WRITE_PROT(sd, req, false);
1549 }
1550
1551 /* CMD30 */
1552 static sd_rsp_type_t sd_cmd_SEND_WRITE_PROT(SDState *sd, SDRequest req)
1553 {
1554 uint64_t addr;
1555 uint32_t data;
1556
1557 if (sd->size > SDSC_MAX_CAPACITY) {
1558 return sd_illegal;
1559 }
1560
1561 if (sd->state != sd_transfer_state) {
1562 return sd_invalid_state_for_cmd(sd, req);
1563 }
1564
1565 addr = sd_req_get_address(sd, req);
1566 if (!address_in_range(sd, "SEND_WRITE_PROT", addr, sd->blk_len)) {
1567 return sd_r1;
1568 }
1569
1570 data = sd_wpbits(sd, req.arg);
1571 return sd_cmd_to_sendingdata(sd, req, addr, &data, sizeof(data));
1572 }
1573
1574 /* CMD32 */
1575 static sd_rsp_type_t sd_cmd_ERASE_WR_BLK_START(SDState *sd, SDRequest req)
1576 {
1577 if (sd->state != sd_transfer_state) {
1578 return sd_invalid_state_for_cmd(sd, req);
1579 }
1580 sd->erase_start = req.arg;
1581 return sd_r1;
1582 }
1583
1584 /* CMD33 */
1585 static sd_rsp_type_t sd_cmd_ERASE_WR_BLK_END(SDState *sd, SDRequest req)
1586 {
1587 if (sd->state != sd_transfer_state) {
1588 return sd_invalid_state_for_cmd(sd, req);
1589 }
1590 sd->erase_end = req.arg;
1591 return sd_r1;
1592 }
1593
1594 /* CMD38 */
1595 static sd_rsp_type_t sd_cmd_ERASE(SDState *sd, SDRequest req)
1596 {
1597 if (sd->state != sd_transfer_state) {
1598 return sd_invalid_state_for_cmd(sd, req);
1599 }
1600 if (sd->csd[14] & 0x30) {
1601 sd->card_status |= WP_VIOLATION;
1602 return sd_r1b;
1603 }
1604
1605 sd->state = sd_programming_state;
1606 sd_erase(sd);
1607 /* Bzzzzzzztt .... Operation complete. */
1608 sd->state = sd_transfer_state;
1609 return sd_r1b;
1610 }
1611
1612 /* CMD42 */
1613 static sd_rsp_type_t sd_cmd_LOCK_UNLOCK(SDState *sd, SDRequest req)
1614 {
1615 return sd_cmd_to_receivingdata(sd, req, 0, 0);
1616 }
1617
1618 /* CMD55 */
1619 static sd_rsp_type_t sd_cmd_APP_CMD(SDState *sd, SDRequest req)
1620 {
1621 switch (sd->state) {
1622 case sd_ready_state:
1623 case sd_identification_state:
1624 case sd_inactive_state:
1625 return sd_invalid_state_for_cmd(sd, req);
1626 case sd_idle_state:
1627 if (!sd_is_spi(sd) && sd_req_get_rca(sd, req) != 0x0000) {
1628 qemu_log_mask(LOG_GUEST_ERROR,
1629 "SD: illegal RCA 0x%04x for APP_CMD\n", req.cmd);
1630 }
1631 /* fall-through */
1632 default:
1633 break;
1634 }
1635 if (!sd_is_spi(sd) && !sd_req_rca_same(sd, req)) {
1636 return sd_r0;
1637 }
1638 sd->expecting_acmd = true;
1639 sd->card_status |= APP_CMD;
1640
1641 return sd_r1;
1642 }
1643
1644 static sd_rsp_type_t sd_normal_command(SDState *sd, SDRequest req)
1645 {
1646 uint64_t addr;
1647
1648 sd->last_cmd_name = sd_cmd_name(sd, req.cmd);
1649 /* CMD55 precedes an ACMD, so we are not interested in tracing it.
1650 * However there is no ACMD55, so we want to trace this particular case.
1651 */
1652 if (req.cmd != 55 || sd->expecting_acmd) {
1653 trace_sdcard_normal_command(sd->proto->name,
1654 sd->last_cmd_name, req.cmd,
1655 req.arg, sd_state_name(sd->state));
1656 }
1657
1658 /* Not interpreting this as an app command */
1659 sd->card_status &= ~APP_CMD;
1660
1661 /* CMD23 (set block count) must be immediately followed by CMD18 or CMD25
1662 * if not, its effects are cancelled */
1663 if (sd->multi_blk_cnt != 0 && !(req.cmd == 18 || req.cmd == 25)) {
1664 sd->multi_blk_cnt = 0;
1665 }
1666
1667 if (sd->proto->cmd[req.cmd].class == 6 && FIELD_EX32(sd->ocr, OCR,
1668 CARD_CAPACITY)) {
1669 /* Only Standard Capacity cards support class 6 commands */
1670 return sd_illegal;
1671 }
1672
1673 if (sd->proto->cmd[req.cmd].handler) {
1674 return sd->proto->cmd[req.cmd].handler(sd, req);
1675 }
1676
1677 switch (req.cmd) {
1678 /* Block read commands (Class 2) */
1679 case 18: /* CMD18: READ_MULTIPLE_BLOCK */
1680 addr = sd_req_get_address(sd, req);
1681 switch (sd->state) {
1682 case sd_transfer_state:
1683
1684 if (!address_in_range(sd, "READ_BLOCK", addr, sd->blk_len)) {
1685 return sd_r1;
1686 }
1687
1688 sd->state = sd_sendingdata_state;
1689 sd->data_start = addr;
1690 sd->data_offset = 0;
1691 return sd_r1;
1692
1693 default:
1694 break;
1695 }
1696 break;
1697
1698 /* Block write commands (Class 4) */
1699 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
1700 addr = sd_req_get_address(sd, req);
1701 switch (sd->state) {
1702 case sd_transfer_state:
1703
1704 if (!address_in_range(sd, "WRITE_BLOCK", addr, sd->blk_len)) {
1705 return sd_r1;
1706 }
1707
1708 sd->state = sd_receivingdata_state;
1709 sd->data_start = addr;
1710 sd->data_offset = 0;
1711 sd->blk_written = 0;
1712
1713 if (sd->size <= SDSC_MAX_CAPACITY) {
1714 if (sd_wp_addr(sd, sd->data_start)) {
1715 sd->card_status |= WP_VIOLATION;
1716 }
1717 }
1718 if (sd->csd[14] & 0x30) {
1719 sd->card_status |= WP_VIOLATION;
1720 }
1721 return sd_r1;
1722
1723 default:
1724 break;
1725 }
1726 break;
1727
1728 case 26: /* CMD26: PROGRAM_CID */
1729 return sd_cmd_to_receivingdata(sd, req, 0, sizeof(sd->cid));
1730
1731 /* Application specific commands (Class 8) */
1732 case 56: /* CMD56: GEN_CMD */
1733 switch (sd->state) {
1734 case sd_transfer_state:
1735 sd->data_offset = 0;
1736 if (req.arg & 1)
1737 sd->state = sd_sendingdata_state;
1738 else
1739 sd->state = sd_receivingdata_state;
1740 return sd_r1;
1741
1742 default:
1743 break;
1744 }
1745 break;
1746
1747 case 58: /* CMD58: READ_OCR (SPI) */
1748 return sd_r3;
1749
1750 case 59: /* CMD59: CRC_ON_OFF (SPI) */
1751 return sd_r1;
1752
1753 default:
1754 qemu_log_mask(LOG_GUEST_ERROR, "SD: Unknown CMD%i\n", req.cmd);
1755 return sd_illegal;
1756 }
1757
1758 return sd_invalid_state_for_cmd(sd, req);
1759 }
1760
1761 static sd_rsp_type_t sd_app_command(SDState *sd,
1762 SDRequest req)
1763 {
1764 sd->last_cmd_name = sd_acmd_name(sd, req.cmd);
1765 trace_sdcard_app_command(sd->proto->name, sd->last_cmd_name,
1766 req.cmd, req.arg, sd_state_name(sd->state));
1767 sd->card_status |= APP_CMD;
1768
1769 if (sd->proto->acmd[req.cmd].handler) {
1770 return sd->proto->acmd[req.cmd].handler(sd, req);
1771 }
1772
1773 switch (req.cmd) {
1774 case 6: /* ACMD6: SET_BUS_WIDTH */
1775 switch (sd->state) {
1776 case sd_transfer_state:
1777 sd->sd_status[0] &= 0x3f;
1778 sd->sd_status[0] |= (req.arg & 0x03) << 6;
1779 return sd_r1;
1780
1781 default:
1782 break;
1783 }
1784 break;
1785
1786 case 13: /* ACMD13: SD_STATUS */
1787 switch (sd->state) {
1788 case sd_transfer_state:
1789 return sd_cmd_to_sendingdata(sd, req, 0,
1790 sd->sd_status,
1791 sizeof(sd->sd_status));
1792
1793 default:
1794 break;
1795 }
1796 break;
1797
1798 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
1799 switch (sd->state) {
1800 case sd_transfer_state:
1801 return sd_cmd_to_sendingdata(sd, req, 0,
1802 &sd->blk_written,
1803 sizeof(sd->blk_written));
1804
1805 default:
1806 break;
1807 }
1808 break;
1809
1810 case 23: /* ACMD23: SET_WR_BLK_ERASE_COUNT */
1811 switch (sd->state) {
1812 case sd_transfer_state:
1813 return sd_r1;
1814
1815 default:
1816 break;
1817 }
1818 break;
1819
1820 case 41: /* ACMD41: SD_APP_OP_COND */
1821 if (sd->state != sd_idle_state) {
1822 break;
1823 }
1824 /* If it's the first ACMD41 since reset, we need to decide
1825 * whether to power up. If this is not an enquiry ACMD41,
1826 * we immediately report power on and proceed below to the
1827 * ready state, but if it is, we set a timer to model a
1828 * delay for power up. This works around a bug in EDK2
1829 * UEFI, which sends an initial enquiry ACMD41, but
1830 * assumes that the card is in ready state as soon as it
1831 * sees the power up bit set. */
1832 if (!FIELD_EX32(sd->ocr, OCR, CARD_POWER_UP)) {
1833 if ((req.arg & ACMD41_ENQUIRY_MASK) != 0) {
1834 timer_del(sd->ocr_power_timer);
1835 sd_ocr_powerup(sd);
1836 } else {
1837 trace_sdcard_inquiry_cmd41();
1838 if (!timer_pending(sd->ocr_power_timer)) {
1839 timer_mod_ns(sd->ocr_power_timer,
1840 (qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL)
1841 + OCR_POWER_DELAY_NS));
1842 }
1843 }
1844 }
1845
1846 if (FIELD_EX32(sd->ocr & req.arg, OCR, VDD_VOLTAGE_WINDOW)) {
1847 /* We accept any voltage. 10000 V is nothing.
1848 *
1849 * Once we're powered up, we advance straight to ready state
1850 * unless it's an enquiry ACMD41 (bits 23:0 == 0).
1851 */
1852 sd->state = sd_ready_state;
1853 }
1854
1855 return sd_r3;
1856
1857 case 42: /* ACMD42: SET_CLR_CARD_DETECT */
1858 switch (sd->state) {
1859 case sd_transfer_state:
1860 /* Bringing in the 50KOhm pull-up resistor... Done. */
1861 return sd_r1;
1862
1863 default:
1864 break;
1865 }
1866 break;
1867
1868 case 51: /* ACMD51: SEND_SCR */
1869 switch (sd->state) {
1870 case sd_transfer_state:
1871 return sd_cmd_to_sendingdata(sd, req, 0, sd->scr, sizeof(sd->scr));
1872
1873 default:
1874 break;
1875 }
1876 break;
1877
1878 case 18: /* Reserved for SD security applications */
1879 case 25:
1880 case 26:
1881 case 38:
1882 case 43 ... 49:
1883 /* Refer to the "SD Specifications Part3 Security Specification" for
1884 * information about the SD Security Features.
1885 */
1886 qemu_log_mask(LOG_UNIMP, "SD: CMD%i Security not implemented\n",
1887 req.cmd);
1888 return sd_illegal;
1889
1890 default:
1891 /* Fall back to standard commands. */
1892 return sd_normal_command(sd, req);
1893 }
1894
1895 qemu_log_mask(LOG_GUEST_ERROR, "SD: ACMD%i in a wrong state\n", req.cmd);
1896 return sd_illegal;
1897 }
1898
1899 static bool cmd_valid_while_locked(SDState *sd, unsigned cmd)
1900 {
1901 unsigned cmd_class;
1902
1903 /* Valid commands in locked state:
1904 * basic class (0)
1905 * lock card class (7)
1906 * CMD16
1907 * implicitly, the ACMD prefix CMD55
1908 * ACMD41 and ACMD42
1909 * Anything else provokes an "illegal command" response.
1910 */
1911 if (sd->expecting_acmd) {
1912 return cmd == 41 || cmd == 42;
1913 }
1914 if (cmd == 16 || cmd == 55) {
1915 return true;
1916 }
1917 if (!sd->proto->cmd[cmd].handler) {
1918 return false;
1919 }
1920 cmd_class = sd->proto->cmd[cmd].class;
1921
1922 return cmd_class == 0 || cmd_class == 7;
1923 }
1924
1925 int sd_do_command(SDState *sd, SDRequest *req,
1926 uint8_t *response) {
1927 int last_state;
1928 sd_rsp_type_t rtype;
1929 int rsplen;
1930
1931 if (!sd->blk || !blk_is_inserted(sd->blk) || !sd->enable) {
1932 return 0;
1933 }
1934
1935 if (sd->state == sd_inactive_state) {
1936 rtype = sd_illegal;
1937 goto send_response;
1938 }
1939
1940 if (sd_req_crc_validate(req)) {
1941 sd->card_status |= COM_CRC_ERROR;
1942 rtype = sd_illegal;
1943 goto send_response;
1944 }
1945
1946 if (req->cmd >= SDMMC_CMD_MAX) {
1947 qemu_log_mask(LOG_GUEST_ERROR, "SD: incorrect command 0x%02x\n",
1948 req->cmd);
1949 req->cmd &= 0x3f;
1950 }
1951
1952 if (sd->card_status & CARD_IS_LOCKED) {
1953 if (!cmd_valid_while_locked(sd, req->cmd)) {
1954 sd->card_status |= ILLEGAL_COMMAND;
1955 sd->expecting_acmd = false;
1956 qemu_log_mask(LOG_GUEST_ERROR, "SD: Card is locked\n");
1957 rtype = sd_illegal;
1958 goto send_response;
1959 }
1960 }
1961
1962 last_state = sd->state;
1963 sd_set_mode(sd);
1964
1965 if (sd->expecting_acmd) {
1966 sd->expecting_acmd = false;
1967 rtype = sd_app_command(sd, *req);
1968 } else {
1969 rtype = sd_normal_command(sd, *req);
1970 }
1971
1972 if (rtype == sd_illegal) {
1973 sd->card_status |= ILLEGAL_COMMAND;
1974 } else {
1975 /* Valid command, we can update the 'state before command' bits.
1976 * (Do this now so they appear in r1 responses.)
1977 */
1978 sd->current_cmd = req->cmd;
1979 sd->card_status = FIELD_DP32(sd->card_status, CSR,
1980 CURRENT_STATE, last_state);
1981 }
1982
1983 send_response:
1984 switch (rtype) {
1985 case sd_r1:
1986 case sd_r1b:
1987 sd_response_r1_make(sd, response);
1988 rsplen = 4;
1989 break;
1990
1991 case sd_r2_i:
1992 memcpy(response, sd->cid, sizeof(sd->cid));
1993 rsplen = 16;
1994 break;
1995
1996 case sd_r2_s:
1997 memcpy(response, sd->csd, sizeof(sd->csd));
1998 rsplen = 16;
1999 break;
2000
2001 case sd_r3:
2002 sd_response_r3_make(sd, response);
2003 rsplen = 4;
2004 break;
2005
2006 case sd_r6:
2007 sd_response_r6_make(sd, response);
2008 rsplen = 4;
2009 break;
2010
2011 case sd_r7:
2012 sd_response_r7_make(sd, response);
2013 rsplen = 4;
2014 break;
2015
2016 case sd_r0:
2017 /*
2018 * Invalid state transition, reset implementation
2019 * fields to avoid OOB abuse.
2020 */
2021 sd->data_start = 0;
2022 sd->data_offset = 0;
2023 /* fall-through */
2024 case sd_illegal:
2025 rsplen = 0;
2026 break;
2027 default:
2028 g_assert_not_reached();
2029 }
2030 trace_sdcard_response(sd_response_name(rtype), rsplen);
2031
2032 if (rtype != sd_illegal) {
2033 /* Clear the "clear on valid command" status bits now we've
2034 * sent any response
2035 */
2036 sd->card_status &= ~CARD_STATUS_B;
2037 }
2038
2039 #ifdef DEBUG_SD
2040 qemu_hexdump(stderr, "Response", response, rsplen);
2041 #endif
2042
2043 return rsplen;
2044 }
2045
2046 /* Return true if buffer is consumed. Configured by sd_cmd_to_receivingdata() */
2047 static bool sd_generic_write_byte(SDState *sd, uint8_t value)
2048 {
2049 sd->data[sd->data_offset] = value;
2050
2051 if (++sd->data_offset >= sd->data_size) {
2052 sd->state = sd_transfer_state;
2053 return true;
2054 }
2055 return false;
2056 }
2057
2058 /* Return true when buffer is consumed. Configured by sd_cmd_to_sendingdata() */
2059 static bool sd_generic_read_byte(SDState *sd, uint8_t *value)
2060 {
2061 *value = sd->data[sd->data_offset];
2062
2063 if (++sd->data_offset >= sd->data_size) {
2064 sd->state = sd_transfer_state;
2065 return true;
2066 }
2067
2068 return false;
2069 }
2070
2071 void sd_write_byte(SDState *sd, uint8_t value)
2072 {
2073 int i;
2074
2075 if (!sd->blk || !blk_is_inserted(sd->blk) || !sd->enable)
2076 return;
2077
2078 if (sd->state != sd_receivingdata_state) {
2079 qemu_log_mask(LOG_GUEST_ERROR,
2080 "%s: not in Receiving-Data state\n", __func__);
2081 return;
2082 }
2083
2084 if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION))
2085 return;
2086
2087 trace_sdcard_write_data(sd->proto->name,
2088 sd->last_cmd_name,
2089 sd->current_cmd, sd->data_offset, value);
2090 switch (sd->current_cmd) {
2091 case 24: /* CMD24: WRITE_SINGLE_BLOCK */
2092 if (sd_generic_write_byte(sd, value)) {
2093 /* TODO: Check CRC before committing */
2094 sd->state = sd_programming_state;
2095 sd_blk_write(sd, sd->data_start, sd->data_offset);
2096 sd->blk_written ++;
2097 sd->csd[14] |= 0x40;
2098 /* Bzzzzzzztt .... Operation complete. */
2099 sd->state = sd_transfer_state;
2100 }
2101 break;
2102
2103 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
2104 if (sd->data_offset == 0) {
2105 /* Start of the block - let's check the address is valid */
2106 if (!address_in_range(sd, "WRITE_MULTIPLE_BLOCK",
2107 sd->data_start, sd->blk_len)) {
2108 break;
2109 }
2110 if (sd->size <= SDSC_MAX_CAPACITY) {
2111 if (sd_wp_addr(sd, sd->data_start)) {
2112 sd->card_status |= WP_VIOLATION;
2113 break;
2114 }
2115 }
2116 }
2117 sd->data[sd->data_offset++] = value;
2118 if (sd->data_offset >= sd->blk_len) {
2119 /* TODO: Check CRC before committing */
2120 sd->state = sd_programming_state;
2121 sd_blk_write(sd, sd->data_start, sd->data_offset);
2122 sd->blk_written++;
2123 sd->data_start += sd->blk_len;
2124 sd->data_offset = 0;
2125 sd->csd[14] |= 0x40;
2126
2127 /* Bzzzzzzztt .... Operation complete. */
2128 if (sd->multi_blk_cnt != 0) {
2129 if (--sd->multi_blk_cnt == 0) {
2130 /* Stop! */
2131 sd->state = sd_transfer_state;
2132 break;
2133 }
2134 }
2135
2136 sd->state = sd_receivingdata_state;
2137 }
2138 break;
2139
2140 case 26: /* CMD26: PROGRAM_CID */
2141 if (sd_generic_write_byte(sd, value)) {
2142 /* TODO: Check CRC before committing */
2143 sd->state = sd_programming_state;
2144 for (i = 0; i < sizeof(sd->cid); i ++)
2145 if ((sd->cid[i] | 0x00) != sd->data[i])
2146 sd->card_status |= CID_CSD_OVERWRITE;
2147
2148 if (!(sd->card_status & CID_CSD_OVERWRITE))
2149 for (i = 0; i < sizeof(sd->cid); i ++) {
2150 sd->cid[i] |= 0x00;
2151 sd->cid[i] &= sd->data[i];
2152 }
2153 /* Bzzzzzzztt .... Operation complete. */
2154 sd->state = sd_transfer_state;
2155 }
2156 break;
2157
2158 case 27: /* CMD27: PROGRAM_CSD */
2159 if (sd_generic_write_byte(sd, value)) {
2160 /* TODO: Check CRC before committing */
2161 sd->state = sd_programming_state;
2162 for (i = 0; i < sizeof(sd->csd); i ++)
2163 if ((sd->csd[i] | sd_csd_rw_mask[i]) !=
2164 (sd->data[i] | sd_csd_rw_mask[i]))
2165 sd->card_status |= CID_CSD_OVERWRITE;
2166
2167 /* Copy flag (OTP) & Permanent write protect */
2168 if (sd->csd[14] & ~sd->data[14] & 0x60)
2169 sd->card_status |= CID_CSD_OVERWRITE;
2170
2171 if (!(sd->card_status & CID_CSD_OVERWRITE))
2172 for (i = 0; i < sizeof(sd->csd); i ++) {
2173 sd->csd[i] |= sd_csd_rw_mask[i];
2174 sd->csd[i] &= sd->data[i];
2175 }
2176 /* Bzzzzzzztt .... Operation complete. */
2177 sd->state = sd_transfer_state;
2178 }
2179 break;
2180
2181 case 42: /* CMD42: LOCK_UNLOCK */
2182 if (sd_generic_write_byte(sd, value)) {
2183 /* TODO: Check CRC before committing */
2184 sd->state = sd_programming_state;
2185 sd_lock_command(sd);
2186 /* Bzzzzzzztt .... Operation complete. */
2187 sd->state = sd_transfer_state;
2188 }
2189 break;
2190
2191 case 56: /* CMD56: GEN_CMD */
2192 sd->data[sd->data_offset ++] = value;
2193 if (sd->data_offset >= sd->blk_len) {
2194 APP_WRITE_BLOCK(sd->data_start, sd->data_offset);
2195 sd->state = sd_transfer_state;
2196 }
2197 break;
2198
2199 default:
2200 qemu_log_mask(LOG_GUEST_ERROR, "%s: unknown command\n", __func__);
2201 break;
2202 }
2203 }
2204
2205 uint8_t sd_read_byte(SDState *sd)
2206 {
2207 /* TODO: Append CRCs */
2208 uint8_t ret;
2209 uint32_t io_len;
2210
2211 if (!sd->blk || !blk_is_inserted(sd->blk) || !sd->enable)
2212 return 0x00;
2213
2214 if (sd->state != sd_sendingdata_state) {
2215 qemu_log_mask(LOG_GUEST_ERROR,
2216 "%s: not in Sending-Data state\n", __func__);
2217 return 0x00;
2218 }
2219
2220 if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION))
2221 return 0x00;
2222
2223 io_len = sd_blk_len(sd);
2224
2225 trace_sdcard_read_data(sd->proto->name,
2226 sd->last_cmd_name,
2227 sd->current_cmd, sd->data_offset, io_len);
2228 switch (sd->current_cmd) {
2229 case 6: /* CMD6: SWITCH_FUNCTION */
2230 case 9: /* CMD9: SEND_CSD */
2231 case 10: /* CMD10: SEND_CID */
2232 case 13: /* ACMD13: SD_STATUS */
2233 case 17: /* CMD17: READ_SINGLE_BLOCK */
2234 case 19: /* CMD19: SEND_TUNING_BLOCK (SD) */
2235 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
2236 case 30: /* CMD30: SEND_WRITE_PROT */
2237 case 51: /* ACMD51: SEND_SCR */
2238 sd_generic_read_byte(sd, &ret);
2239 break;
2240
2241 case 18: /* CMD18: READ_MULTIPLE_BLOCK */
2242 if (sd->data_offset == 0) {
2243 if (!address_in_range(sd, "READ_MULTIPLE_BLOCK",
2244 sd->data_start, io_len)) {
2245 return 0x00;
2246 }
2247 sd_blk_read(sd, sd->data_start, io_len);
2248 }
2249 ret = sd->data[sd->data_offset ++];
2250
2251 if (sd->data_offset >= io_len) {
2252 sd->data_start += io_len;
2253 sd->data_offset = 0;
2254
2255 if (sd->multi_blk_cnt != 0) {
2256 if (--sd->multi_blk_cnt == 0) {
2257 /* Stop! */
2258 sd->state = sd_transfer_state;
2259 break;
2260 }
2261 }
2262 }
2263 break;
2264
2265 case 56: /* CMD56: GEN_CMD */
2266 if (sd->data_offset == 0)
2267 APP_READ_BLOCK(sd->data_start, sd->blk_len);
2268 ret = sd->data[sd->data_offset ++];
2269
2270 if (sd->data_offset >= sd->blk_len)
2271 sd->state = sd_transfer_state;
2272 break;
2273
2274 default:
2275 qemu_log_mask(LOG_GUEST_ERROR, "%s: unknown command\n", __func__);
2276 return 0x00;
2277 }
2278
2279 return ret;
2280 }
2281
2282 static bool sd_receive_ready(SDState *sd)
2283 {
2284 return sd->state == sd_receivingdata_state;
2285 }
2286
2287 static bool sd_data_ready(SDState *sd)
2288 {
2289 return sd->state == sd_sendingdata_state;
2290 }
2291
2292 void sd_enable(SDState *sd, bool enable)
2293 {
2294 sd->enable = enable;
2295 }
2296
2297 static const SDProto sd_proto_spi = {
2298 .name = "SPI",
2299 .cmd = {
2300 [0] = {0, sd_spi, "GO_IDLE_STATE", sd_cmd_GO_IDLE_STATE},
2301 [1] = {0, sd_spi, "SEND_OP_COND", spi_cmd_SEND_OP_COND},
2302 [5] = {9, sd_spi, "IO_SEND_OP_COND", sd_cmd_optional},
2303 [6] = {10, sd_spi, "SWITCH_FUNCTION", sd_cmd_SWITCH_FUNCTION},
2304 [8] = {0, sd_spi, "SEND_IF_COND", sd_cmd_SEND_IF_COND},
2305 [9] = {0, sd_spi, "SEND_CSD", spi_cmd_SEND_CSD},
2306 [10] = {0, sd_spi, "SEND_CID", spi_cmd_SEND_CID},
2307 [12] = {0, sd_spi, "STOP_TRANSMISSION", sd_cmd_STOP_TRANSMISSION},
2308 [13] = {0, sd_spi, "SEND_STATUS", sd_cmd_SEND_STATUS},
2309 [16] = {2, sd_spi, "SET_BLOCKLEN", sd_cmd_SET_BLOCKLEN},
2310 [17] = {2, sd_spi, "READ_SINGLE_BLOCK", sd_cmd_READ_SINGLE_BLOCK},
2311 [24] = {4, sd_spi, "WRITE_SINGLE_BLOCK", sd_cmd_WRITE_SINGLE_BLOCK},
2312 [27] = {4, sd_spi, "PROGRAM_CSD", sd_cmd_PROGRAM_CSD},
2313 [28] = {6, sd_spi, "SET_WRITE_PROT", sd_cmd_SET_WRITE_PROT},
2314 [29] = {6, sd_spi, "CLR_WRITE_PROT", sd_cmd_CLR_WRITE_PROT},
2315 [30] = {6, sd_spi, "SEND_WRITE_PROT", sd_cmd_SEND_WRITE_PROT},
2316 [32] = {5, sd_spi, "ERASE_WR_BLK_START", sd_cmd_ERASE_WR_BLK_START},
2317 [33] = {5, sd_spi, "ERASE_WR_BLK_END", sd_cmd_ERASE_WR_BLK_END},
2318 [34] = {10, sd_spi, "READ_SEC_CMD", sd_cmd_optional},
2319 [35] = {10, sd_spi, "WRITE_SEC_CMD", sd_cmd_optional},
2320 [36] = {10, sd_spi, "SEND_PSI", sd_cmd_optional},
2321 [37] = {10, sd_spi, "CONTROL_ASSD_SYSTEM", sd_cmd_optional},
2322 [38] = {5, sd_spi, "ERASE", sd_cmd_ERASE},
2323 [42] = {7, sd_spi, "LOCK_UNLOCK", sd_cmd_LOCK_UNLOCK},
2324 [50] = {10, sd_spi, "DIRECT_SECURE_READ", sd_cmd_optional},
2325 [52] = {9, sd_spi, "IO_RW_DIRECT", sd_cmd_optional},
2326 [53] = {9, sd_spi, "IO_RW_EXTENDED", sd_cmd_optional},
2327 [55] = {8, sd_spi, "APP_CMD", sd_cmd_APP_CMD},
2328 [57] = {10, sd_spi, "DIRECT_SECURE_WRITE", sd_cmd_optional},
2329 },
2330 .acmd = {
2331 [41] = {8, sd_spi, "SEND_OP_COND", spi_cmd_SEND_OP_COND},
2332 },
2333 };
2334
2335 static const SDProto sd_proto_sd = {
2336 .name = "SD",
2337 .cmd = {
2338 [0] = {0, sd_bc, "GO_IDLE_STATE", sd_cmd_GO_IDLE_STATE},
2339 [2] = {0, sd_bcr, "ALL_SEND_CID", sd_cmd_ALL_SEND_CID},
2340 [3] = {0, sd_bcr, "SEND_RELATIVE_ADDR", sd_cmd_SEND_RELATIVE_ADDR},
2341 [4] = {0, sd_bc, "SEND_DSR", sd_cmd_unimplemented},
2342 [5] = {9, sd_bc, "IO_SEND_OP_COND", sd_cmd_optional},
2343 [6] = {10, sd_adtc, "SWITCH_FUNCTION", sd_cmd_SWITCH_FUNCTION},
2344 [7] = {0, sd_ac, "(DE)SELECT_CARD", sd_cmd_DE_SELECT_CARD},
2345 [8] = {0, sd_bcr, "SEND_IF_COND", sd_cmd_SEND_IF_COND},
2346 [9] = {0, sd_ac, "SEND_CSD", sd_cmd_SEND_CSD},
2347 [10] = {0, sd_ac, "SEND_CID", sd_cmd_SEND_CID},
2348 [11] = {0, sd_ac, "VOLTAGE_SWITCH", sd_cmd_optional},
2349 [12] = {0, sd_ac, "STOP_TRANSMISSION", sd_cmd_STOP_TRANSMISSION},
2350 [13] = {0, sd_ac, "SEND_STATUS", sd_cmd_SEND_STATUS},
2351 [15] = {0, sd_ac, "GO_INACTIVE_STATE", sd_cmd_GO_INACTIVE_STATE},
2352 [16] = {2, sd_ac, "SET_BLOCKLEN", sd_cmd_SET_BLOCKLEN},
2353 [17] = {2, sd_adtc, "READ_SINGLE_BLOCK", sd_cmd_READ_SINGLE_BLOCK},
2354 [19] = {2, sd_adtc, "SEND_TUNING_BLOCK", sd_cmd_SEND_TUNING_BLOCK},
2355 [20] = {2, sd_ac, "SPEED_CLASS_CONTROL", sd_cmd_optional},
2356 [23] = {2, sd_ac, "SET_BLOCK_COUNT", sd_cmd_SET_BLOCK_COUNT},
2357 [24] = {4, sd_adtc, "WRITE_SINGLE_BLOCK", sd_cmd_WRITE_SINGLE_BLOCK},
2358 [27] = {4, sd_adtc, "PROGRAM_CSD", sd_cmd_PROGRAM_CSD},
2359 [28] = {6, sd_ac, "SET_WRITE_PROT", sd_cmd_SET_WRITE_PROT},
2360 [29] = {6, sd_ac, "CLR_WRITE_PROT", sd_cmd_CLR_WRITE_PROT},
2361 [30] = {6, sd_adtc, "SEND_WRITE_PROT", sd_cmd_SEND_WRITE_PROT},
2362 [32] = {5, sd_ac, "ERASE_WR_BLK_START", sd_cmd_ERASE_WR_BLK_START},
2363 [33] = {5, sd_ac, "ERASE_WR_BLK_END", sd_cmd_ERASE_WR_BLK_END},
2364 [34] = {10, sd_adtc, "READ_SEC_CMD", sd_cmd_optional},
2365 [35] = {10, sd_adtc, "WRITE_SEC_CMD", sd_cmd_optional},
2366 [36] = {10, sd_adtc, "SEND_PSI", sd_cmd_optional},
2367 [37] = {10, sd_ac, "CONTROL_ASSD_SYSTEM", sd_cmd_optional},
2368 [38] = {5, sd_ac, "ERASE", sd_cmd_ERASE},
2369 [42] = {7, sd_adtc, "LOCK_UNLOCK", sd_cmd_LOCK_UNLOCK},
2370 [43] = {1, sd_ac, "Q_MANAGEMENT", sd_cmd_optional},
2371 [44] = {1, sd_ac, "Q_TASK_INFO_A", sd_cmd_optional},
2372 [45] = {1, sd_ac, "Q_TASK_INFO_B", sd_cmd_optional},
2373 [46] = {1, sd_adtc, "Q_RD_TASK", sd_cmd_optional},
2374 [47] = {1, sd_adtc, "Q_WR_TASK", sd_cmd_optional},
2375 [48] = {1, sd_adtc, "READ_EXTR_SINGLE", sd_cmd_optional},
2376 [49] = {1, sd_adtc, "WRITE_EXTR_SINGLE", sd_cmd_optional},
2377 [50] = {10, sd_adtc, "DIRECT_SECURE_READ", sd_cmd_optional},
2378 [52] = {9, sd_bc, "IO_RW_DIRECT", sd_cmd_optional},
2379 [53] = {9, sd_bc, "IO_RW_EXTENDED", sd_cmd_optional},
2380 [55] = {8, sd_ac, "APP_CMD", sd_cmd_APP_CMD},
2381 [57] = {10, sd_adtc, "DIRECT_SECURE_WRITE", sd_cmd_optional},
2382 [58] = {11, sd_adtc, "READ_EXTR_MULTI", sd_cmd_optional},
2383 [59] = {11, sd_adtc, "WRITE_EXTR_MULTI", sd_cmd_optional},
2384 },
2385 };
2386
2387 static void sd_instance_init(Object *obj)
2388 {
2389 SDState *sd = SD_CARD(obj);
2390 SDCardClass *sc = SD_CARD_GET_CLASS(sd);
2391
2392 sd->proto = sc->proto;
2393 sd->last_cmd_name = "UNSET";
2394 sd->enable = true;
2395 sd->ocr_power_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, sd_ocr_powerup, sd);
2396 }
2397
2398 static void sd_instance_finalize(Object *obj)
2399 {
2400 SDState *sd = SD_CARD(obj);
2401
2402 timer_free(sd->ocr_power_timer);
2403 }
2404
2405 static void sd_realize(DeviceState *dev, Error **errp)
2406 {
2407 SDState *sd = SD_CARD(dev);
2408 int ret;
2409
2410 switch (sd->spec_version) {
2411 case SD_PHY_SPECv1_10_VERS
2412 ... SD_PHY_SPECv3_01_VERS:
2413 break;
2414 default:
2415 error_setg(errp, "Invalid SD card Spec version: %u", sd->spec_version);
2416 return;
2417 }
2418
2419 if (sd->blk) {
2420 int64_t blk_size;
2421
2422 if (!blk_supports_write_perm(sd->blk)) {
2423 error_setg(errp, "Cannot use read-only drive as SD card");
2424 return;
2425 }
2426
2427 blk_size = blk_getlength(sd->blk);
2428 if (blk_size > 0 && !is_power_of_2(blk_size)) {
2429 int64_t blk_size_aligned = pow2ceil(blk_size);
2430 char *blk_size_str;
2431
2432 blk_size_str = size_to_str(blk_size);
2433 error_setg(errp, "Invalid SD card size: %s", blk_size_str);
2434 g_free(blk_size_str);
2435
2436 blk_size_str = size_to_str(blk_size_aligned);
2437 error_append_hint(errp,
2438 "SD card size has to be a power of 2, e.g. %s.\n"
2439 "You can resize disk images with"
2440 " 'qemu-img resize <imagefile> <new-size>'\n"
2441 "(note that this will lose data if you make the"
2442 " image smaller than it currently is).\n",
2443 blk_size_str);
2444 g_free(blk_size_str);
2445
2446 return;
2447 }
2448
2449 ret = blk_set_perm(sd->blk, BLK_PERM_CONSISTENT_READ | BLK_PERM_WRITE,
2450 BLK_PERM_ALL, errp);
2451 if (ret < 0) {
2452 return;
2453 }
2454 blk_set_dev_ops(sd->blk, &sd_block_ops, sd);
2455 }
2456 }
2457
2458 static Property sd_properties[] = {
2459 DEFINE_PROP_UINT8("spec_version", SDState,
2460 spec_version, SD_PHY_SPECv2_00_VERS),
2461 DEFINE_PROP_DRIVE("drive", SDState, blk),
2462 /* We do not model the chip select pin, so allow the board to select
2463 * whether card should be in SSI or MMC/SD mode. It is also up to the
2464 * board to ensure that ssi transfers only occur when the chip select
2465 * is asserted. */
2466 DEFINE_PROP_END_OF_LIST()
2467 };
2468
2469 static void sd_class_init(ObjectClass *klass, void *data)
2470 {
2471 DeviceClass *dc = DEVICE_CLASS(klass);
2472 SDCardClass *sc = SD_CARD_CLASS(klass);
2473
2474 dc->realize = sd_realize;
2475 device_class_set_props(dc, sd_properties);
2476 dc->vmsd = &sd_vmstate;
2477 dc->reset = sd_reset;
2478 dc->bus_type = TYPE_SD_BUS;
2479 set_bit(DEVICE_CATEGORY_STORAGE, dc->categories);
2480
2481 sc->set_voltage = sd_set_voltage;
2482 sc->get_dat_lines = sd_get_dat_lines;
2483 sc->get_cmd_line = sd_get_cmd_line;
2484 sc->do_command = sd_do_command;
2485 sc->write_byte = sd_write_byte;
2486 sc->read_byte = sd_read_byte;
2487 sc->receive_ready = sd_receive_ready;
2488 sc->data_ready = sd_data_ready;
2489 sc->enable = sd_enable;
2490 sc->get_inserted = sd_get_inserted;
2491 sc->get_readonly = sd_get_readonly;
2492 sc->proto = &sd_proto_sd;
2493 }
2494
2495 /*
2496 * We do not model the chip select pin, so allow the board to select
2497 * whether card should be in SSI or MMC/SD mode. It is also up to the
2498 * board to ensure that ssi transfers only occur when the chip select
2499 * is asserted.
2500 */
2501 static void sd_spi_class_init(ObjectClass *klass, void *data)
2502 {
2503 DeviceClass *dc = DEVICE_CLASS(klass);
2504 SDCardClass *sc = SD_CARD_CLASS(klass);
2505
2506 dc->desc = "SD SPI";
2507 sc->proto = &sd_proto_spi;
2508 }
2509
2510 static const TypeInfo sd_types[] = {
2511 {
2512 .name = TYPE_SD_CARD,
2513 .parent = TYPE_DEVICE,
2514 .instance_size = sizeof(SDState),
2515 .class_size = sizeof(SDCardClass),
2516 .class_init = sd_class_init,
2517 .instance_init = sd_instance_init,
2518 .instance_finalize = sd_instance_finalize,
2519 },
2520 {
2521 .name = TYPE_SD_CARD_SPI,
2522 .parent = TYPE_SD_CARD,
2523 .class_init = sd_spi_class_init,
2524 },
2525 };
2526
2527 DEFINE_TYPES(sd_types)
armbru's QEMU hackery