2 * SD Memory Card emulation as defined in the "SD Memory Card Physical
3 * layer specification, Version 1.10."
5 * Copyright (c) 2006 Andrzej Zaborowski <balrog@zabor.org>
6 * Copyright (c) 2007 CodeSourcery
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in
16 * the documentation and/or other materials provided with the
19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS''
20 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
21 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
22 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR
23 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
24 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
25 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
26 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
27 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
28 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
29 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
32 #include "qemu/osdep.h"
35 #include "sysemu/block-backend.h"
37 #include "qemu/bitmap.h"
38 #include "hw/qdev-properties.h"
39 #include "qemu/error-report.h"
40 #include "qemu/timer.h"
45 #define DPRINTF(fmt, ...) \
46 do { fprintf(stderr, "SD: " fmt , ## __VA_ARGS__); } while (0)
48 #define DPRINTF(fmt, ...) do {} while(0)
51 #define ACMD41_ENQUIRY_MASK 0x00ffffff
52 #define OCR_POWER_UP 0x80000000
53 #define OCR_POWER_DELAY_NS 500000 /* 0.5ms */
56 sd_r0
= 0, /* no response */
57 sd_r1
, /* normal response command */
58 sd_r2_i
, /* CID register */
59 sd_r2_s
, /* CSD register */
60 sd_r3
, /* OCR register */
61 sd_r6
= 6, /* Published RCA response */
62 sd_r7
, /* Operating voltage */
69 sd_card_identification_mode
,
70 sd_data_transfer_mode
,
74 sd_inactive_state
= -1,
77 sd_identification_state
,
81 sd_receivingdata_state
,
87 DeviceState parent_obj
;
89 uint32_t mode
; /* current card mode, one of SDCardModes */
90 int32_t state
; /* current card state, one of SDCardStates */
92 QEMUTimer
*ocr_power_timer
;
98 uint8_t sd_status
[64];
101 unsigned long *wp_groups
;
105 uint32_t multi_blk_cnt
;
106 uint32_t erase_start
;
110 uint8_t function_group
[6];
114 /* True if we will handle the next command as an ACMD. Note that this does
115 * *not* track the APP_CMD status bit!
118 uint32_t blk_written
;
120 uint32_t data_offset
;
122 qemu_irq readonly_cb
;
123 qemu_irq inserted_cb
;
130 static void sd_set_mode(SDState
*sd
)
133 case sd_inactive_state
:
134 sd
->mode
= sd_inactive
;
139 case sd_identification_state
:
140 sd
->mode
= sd_card_identification_mode
;
143 case sd_standby_state
:
144 case sd_transfer_state
:
145 case sd_sendingdata_state
:
146 case sd_receivingdata_state
:
147 case sd_programming_state
:
148 case sd_disconnect_state
:
149 sd
->mode
= sd_data_transfer_mode
;
154 static const sd_cmd_type_t sd_cmd_type
[64] = {
155 sd_bc
, sd_none
, sd_bcr
, sd_bcr
, sd_none
, sd_none
, sd_none
, sd_ac
,
156 sd_bcr
, sd_ac
, sd_ac
, sd_adtc
, sd_ac
, sd_ac
, sd_none
, sd_ac
,
157 sd_ac
, sd_adtc
, sd_adtc
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
,
158 sd_adtc
, sd_adtc
, sd_adtc
, sd_adtc
, sd_ac
, sd_ac
, sd_adtc
, sd_none
,
159 sd_ac
, sd_ac
, sd_none
, sd_none
, sd_none
, sd_none
, sd_ac
, sd_none
,
160 sd_none
, sd_none
, sd_bc
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
,
161 sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_ac
,
162 sd_adtc
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
, sd_none
,
165 static const int sd_cmd_class
[64] = {
166 0, 0, 0, 0, 0, 9, 10, 0, 0, 0, 0, 1, 0, 0, 0, 0,
167 2, 2, 2, 2, 3, 3, 3, 3, 4, 4, 4, 4, 6, 6, 6, 6,
168 5, 5, 10, 10, 10, 10, 5, 9, 9, 9, 7, 7, 7, 7, 7, 7,
169 7, 7, 10, 7, 9, 9, 9, 8, 8, 10, 8, 8, 8, 8, 8, 8,
172 static uint8_t sd_crc7(void *message
, size_t width
)
175 uint8_t shift_reg
= 0x00;
176 uint8_t *msg
= (uint8_t *) message
;
178 for (i
= 0; i
< width
; i
++, msg
++)
179 for (bit
= 7; bit
>= 0; bit
--) {
181 if ((shift_reg
>> 7) ^ ((*msg
>> bit
) & 1))
188 static uint16_t sd_crc16(void *message
, size_t width
)
191 uint16_t shift_reg
= 0x0000;
192 uint16_t *msg
= (uint16_t *) message
;
195 for (i
= 0; i
< width
; i
++, msg
++)
196 for (bit
= 15; bit
>= 0; bit
--) {
198 if ((shift_reg
>> 15) ^ ((*msg
>> bit
) & 1))
205 static void sd_set_ocr(SDState
*sd
)
207 /* All voltages OK, Standard Capacity SD Memory Card, not yet powered up */
208 sd
->ocr
= 0x00ffff00;
211 static void sd_ocr_powerup(void *opaque
)
213 SDState
*sd
= opaque
;
215 /* Set powered up bit in OCR */
216 assert(!(sd
->ocr
& OCR_POWER_UP
));
217 sd
->ocr
|= OCR_POWER_UP
;
220 static void sd_set_scr(SDState
*sd
)
222 sd
->scr
[0] = 0x00; /* SCR Structure */
223 sd
->scr
[1] = 0x2f; /* SD Security Support */
239 static void sd_set_cid(SDState
*sd
)
241 sd
->cid
[0] = MID
; /* Fake card manufacturer ID (MID) */
242 sd
->cid
[1] = OID
[0]; /* OEM/Application ID (OID) */
244 sd
->cid
[3] = PNM
[0]; /* Fake product name (PNM) */
249 sd
->cid
[8] = PRV
; /* Fake product revision (PRV) */
250 sd
->cid
[9] = 0xde; /* Fake serial number (PSN) */
254 sd
->cid
[13] = 0x00 | /* Manufacture date (MDT) */
255 ((MDT_YR
- 2000) / 10);
256 sd
->cid
[14] = ((MDT_YR
% 10) << 4) | MDT_MON
;
257 sd
->cid
[15] = (sd_crc7(sd
->cid
, 15) << 1) | 1;
260 #define HWBLOCK_SHIFT 9 /* 512 bytes */
261 #define SECTOR_SHIFT 5 /* 16 kilobytes */
262 #define WPGROUP_SHIFT 7 /* 2 megs */
263 #define CMULT_SHIFT 9 /* 512 times HWBLOCK_SIZE */
264 #define WPGROUP_SIZE (1 << (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT))
266 static const uint8_t sd_csd_rw_mask
[16] = {
267 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
268 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xfc, 0xfe,
271 static void sd_set_csd(SDState
*sd
, uint64_t size
)
273 uint32_t csize
= (size
>> (CMULT_SHIFT
+ HWBLOCK_SHIFT
)) - 1;
274 uint32_t sectsize
= (1 << (SECTOR_SHIFT
+ 1)) - 1;
275 uint32_t wpsize
= (1 << (WPGROUP_SHIFT
+ 1)) - 1;
277 if (size
<= 0x40000000) { /* Standard Capacity SD */
278 sd
->csd
[0] = 0x00; /* CSD structure */
279 sd
->csd
[1] = 0x26; /* Data read access-time-1 */
280 sd
->csd
[2] = 0x00; /* Data read access-time-2 */
281 sd
->csd
[3] = 0x5a; /* Max. data transfer rate */
282 sd
->csd
[4] = 0x5f; /* Card Command Classes */
283 sd
->csd
[5] = 0x50 | /* Max. read data block length */
285 sd
->csd
[6] = 0xe0 | /* Partial block for read allowed */
286 ((csize
>> 10) & 0x03);
287 sd
->csd
[7] = 0x00 | /* Device size */
288 ((csize
>> 2) & 0xff);
289 sd
->csd
[8] = 0x3f | /* Max. read current */
290 ((csize
<< 6) & 0xc0);
291 sd
->csd
[9] = 0xfc | /* Max. write current */
292 ((CMULT_SHIFT
- 2) >> 1);
293 sd
->csd
[10] = 0x40 | /* Erase sector size */
294 (((CMULT_SHIFT
- 2) << 7) & 0x80) | (sectsize
>> 1);
295 sd
->csd
[11] = 0x00 | /* Write protect group size */
296 ((sectsize
<< 7) & 0x80) | wpsize
;
297 sd
->csd
[12] = 0x90 | /* Write speed factor */
298 (HWBLOCK_SHIFT
>> 2);
299 sd
->csd
[13] = 0x20 | /* Max. write data block length */
300 ((HWBLOCK_SHIFT
<< 6) & 0xc0);
301 sd
->csd
[14] = 0x00; /* File format group */
302 sd
->csd
[15] = (sd_crc7(sd
->csd
, 15) << 1) | 1;
313 sd
->csd
[7] = (size
>> 16) & 0xff;
314 sd
->csd
[8] = (size
>> 8) & 0xff;
315 sd
->csd
[9] = (size
& 0xff);
322 sd
->ocr
|= 1 << 30; /* High Capacity SD Memory Card */
326 static void sd_set_rca(SDState
*sd
)
331 /* Card status bits, split by clear condition:
332 * A : According to the card current state
333 * B : Always related to the previous command
334 * C : Cleared by read
336 #define CARD_STATUS_A 0x02004100
337 #define CARD_STATUS_B 0x00c01e00
338 #define CARD_STATUS_C 0xfd39a028
340 static void sd_set_cardstatus(SDState
*sd
)
342 sd
->card_status
= 0x00000100;
345 static void sd_set_sdstatus(SDState
*sd
)
347 memset(sd
->sd_status
, 0, 64);
350 static int sd_req_crc_validate(SDRequest
*req
)
353 buffer
[0] = 0x40 | req
->cmd
;
354 buffer
[1] = (req
->arg
>> 24) & 0xff;
355 buffer
[2] = (req
->arg
>> 16) & 0xff;
356 buffer
[3] = (req
->arg
>> 8) & 0xff;
357 buffer
[4] = (req
->arg
>> 0) & 0xff;
359 return sd_crc7(buffer
, 5) != req
->crc
; /* TODO */
362 static void sd_response_r1_make(SDState
*sd
, uint8_t *response
)
364 uint32_t status
= sd
->card_status
;
365 /* Clear the "clear on read" status bits */
366 sd
->card_status
&= ~CARD_STATUS_C
;
368 response
[0] = (status
>> 24) & 0xff;
369 response
[1] = (status
>> 16) & 0xff;
370 response
[2] = (status
>> 8) & 0xff;
371 response
[3] = (status
>> 0) & 0xff;
374 static void sd_response_r3_make(SDState
*sd
, uint8_t *response
)
376 response
[0] = (sd
->ocr
>> 24) & 0xff;
377 response
[1] = (sd
->ocr
>> 16) & 0xff;
378 response
[2] = (sd
->ocr
>> 8) & 0xff;
379 response
[3] = (sd
->ocr
>> 0) & 0xff;
382 static void sd_response_r6_make(SDState
*sd
, uint8_t *response
)
388 status
= ((sd
->card_status
>> 8) & 0xc000) |
389 ((sd
->card_status
>> 6) & 0x2000) |
390 (sd
->card_status
& 0x1fff);
391 sd
->card_status
&= ~(CARD_STATUS_C
& 0xc81fff);
393 response
[0] = (arg
>> 8) & 0xff;
394 response
[1] = arg
& 0xff;
395 response
[2] = (status
>> 8) & 0xff;
396 response
[3] = status
& 0xff;
399 static void sd_response_r7_make(SDState
*sd
, uint8_t *response
)
401 response
[0] = (sd
->vhs
>> 24) & 0xff;
402 response
[1] = (sd
->vhs
>> 16) & 0xff;
403 response
[2] = (sd
->vhs
>> 8) & 0xff;
404 response
[3] = (sd
->vhs
>> 0) & 0xff;
407 static inline uint64_t sd_addr_to_wpnum(uint64_t addr
)
409 return addr
>> (HWBLOCK_SHIFT
+ SECTOR_SHIFT
+ WPGROUP_SHIFT
);
412 static void sd_reset(DeviceState
*dev
)
414 SDState
*sd
= SD_CARD(dev
);
419 blk_get_geometry(sd
->blk
, §
);
425 sect
= sd_addr_to_wpnum(size
) + 1;
427 sd
->state
= sd_idle_state
;
432 sd_set_csd(sd
, size
);
433 sd_set_cardstatus(sd
);
436 g_free(sd
->wp_groups
);
437 sd
->wp_switch
= sd
->blk
? blk_is_read_only(sd
->blk
) : false;
438 sd
->wpgrps_size
= sect
;
439 sd
->wp_groups
= bitmap_new(sd
->wpgrps_size
);
440 memset(sd
->function_group
, 0, sizeof(sd
->function_group
));
446 sd
->expecting_acmd
= false;
447 sd
->multi_blk_cnt
= 0;
450 static bool sd_get_inserted(SDState
*sd
)
452 return sd
->blk
&& blk_is_inserted(sd
->blk
);
455 static bool sd_get_readonly(SDState
*sd
)
457 return sd
->wp_switch
;
460 static void sd_cardchange(void *opaque
, bool load
)
462 SDState
*sd
= opaque
;
463 DeviceState
*dev
= DEVICE(sd
);
464 SDBus
*sdbus
= SD_BUS(qdev_get_parent_bus(dev
));
465 bool inserted
= sd_get_inserted(sd
);
466 bool readonly
= sd_get_readonly(sd
);
472 /* The IRQ notification is for legacy non-QOM SD controller devices;
473 * QOMified controllers use the SDBus APIs.
476 sdbus_set_inserted(sdbus
, inserted
);
478 sdbus_set_readonly(sdbus
, readonly
);
481 qemu_set_irq(sd
->inserted_cb
, inserted
);
483 qemu_set_irq(sd
->readonly_cb
, readonly
);
488 static const BlockDevOps sd_block_ops
= {
489 .change_media_cb
= sd_cardchange
,
492 static bool sd_ocr_vmstate_needed(void *opaque
)
494 SDState
*sd
= opaque
;
496 /* Include the OCR state (and timer) if it is not yet powered up */
497 return !(sd
->ocr
& OCR_POWER_UP
);
500 static const VMStateDescription sd_ocr_vmstate
= {
501 .name
= "sd-card/ocr-state",
503 .minimum_version_id
= 1,
504 .needed
= sd_ocr_vmstate_needed
,
505 .fields
= (VMStateField
[]) {
506 VMSTATE_UINT32(ocr
, SDState
),
507 VMSTATE_TIMER_PTR(ocr_power_timer
, SDState
),
508 VMSTATE_END_OF_LIST()
512 static int sd_vmstate_pre_load(void *opaque
)
514 SDState
*sd
= opaque
;
516 /* If the OCR state is not included (prior versions, or not
517 * needed), then the OCR must be set as powered up. If the OCR state
518 * is included, this will be replaced by the state restore.
525 static const VMStateDescription sd_vmstate
= {
528 .minimum_version_id
= 1,
529 .pre_load
= sd_vmstate_pre_load
,
530 .fields
= (VMStateField
[]) {
531 VMSTATE_UINT32(mode
, SDState
),
532 VMSTATE_INT32(state
, SDState
),
533 VMSTATE_UINT8_ARRAY(cid
, SDState
, 16),
534 VMSTATE_UINT8_ARRAY(csd
, SDState
, 16),
535 VMSTATE_UINT16(rca
, SDState
),
536 VMSTATE_UINT32(card_status
, SDState
),
537 VMSTATE_PARTIAL_BUFFER(sd_status
, SDState
, 1),
538 VMSTATE_UINT32(vhs
, SDState
),
539 VMSTATE_BITMAP(wp_groups
, SDState
, 0, wpgrps_size
),
540 VMSTATE_UINT32(blk_len
, SDState
),
541 VMSTATE_UINT32(multi_blk_cnt
, SDState
),
542 VMSTATE_UINT32(erase_start
, SDState
),
543 VMSTATE_UINT32(erase_end
, SDState
),
544 VMSTATE_UINT8_ARRAY(pwd
, SDState
, 16),
545 VMSTATE_UINT32(pwd_len
, SDState
),
546 VMSTATE_UINT8_ARRAY(function_group
, SDState
, 6),
547 VMSTATE_UINT8(current_cmd
, SDState
),
548 VMSTATE_BOOL(expecting_acmd
, SDState
),
549 VMSTATE_UINT32(blk_written
, SDState
),
550 VMSTATE_UINT64(data_start
, SDState
),
551 VMSTATE_UINT32(data_offset
, SDState
),
552 VMSTATE_UINT8_ARRAY(data
, SDState
, 512),
553 VMSTATE_BUFFER_POINTER_UNSAFE(buf
, SDState
, 1, 512),
554 VMSTATE_BOOL(enable
, SDState
),
555 VMSTATE_END_OF_LIST()
557 .subsections
= (const VMStateDescription
*[]) {
563 /* Legacy initialization function for use by non-qdevified callers */
564 SDState
*sd_init(BlockBackend
*blk
, bool is_spi
)
570 obj
= object_new(TYPE_SD_CARD
);
572 qdev_prop_set_drive(dev
, "drive", blk
, &err
);
574 error_report("sd_init failed: %s", error_get_pretty(err
));
577 qdev_prop_set_bit(dev
, "spi", is_spi
);
578 object_property_set_bool(obj
, true, "realized", &err
);
580 error_report("sd_init failed: %s", error_get_pretty(err
));
587 void sd_set_cb(SDState
*sd
, qemu_irq readonly
, qemu_irq insert
)
589 sd
->readonly_cb
= readonly
;
590 sd
->inserted_cb
= insert
;
591 qemu_set_irq(readonly
, sd
->blk
? blk_is_read_only(sd
->blk
) : 0);
592 qemu_set_irq(insert
, sd
->blk
? blk_is_inserted(sd
->blk
) : 0);
595 static void sd_erase(SDState
*sd
)
598 uint64_t erase_start
= sd
->erase_start
;
599 uint64_t erase_end
= sd
->erase_end
;
601 if (!sd
->erase_start
|| !sd
->erase_end
) {
602 sd
->card_status
|= ERASE_SEQ_ERROR
;
606 if (extract32(sd
->ocr
, OCR_CCS_BITN
, 1)) {
607 /* High capacity memory card: erase units are 512 byte blocks */
612 erase_start
= sd_addr_to_wpnum(erase_start
);
613 erase_end
= sd_addr_to_wpnum(erase_end
);
618 for (i
= erase_start
; i
<= erase_end
; i
++) {
619 if (test_bit(i
, sd
->wp_groups
)) {
620 sd
->card_status
|= WP_ERASE_SKIP
;
625 static uint32_t sd_wpbits(SDState
*sd
, uint64_t addr
)
630 wpnum
= sd_addr_to_wpnum(addr
);
632 for (i
= 0; i
< 32; i
++, wpnum
++, addr
+= WPGROUP_SIZE
) {
633 if (addr
< sd
->size
&& test_bit(wpnum
, sd
->wp_groups
)) {
641 static void sd_function_switch(SDState
*sd
, uint32_t arg
)
643 int i
, mode
, new_func
, crc
;
644 mode
= !!(arg
& 0x80000000);
646 sd
->data
[0] = 0x00; /* Maximum current consumption */
648 sd
->data
[2] = 0x80; /* Supported group 6 functions */
650 sd
->data
[4] = 0x80; /* Supported group 5 functions */
652 sd
->data
[6] = 0x80; /* Supported group 4 functions */
654 sd
->data
[8] = 0x80; /* Supported group 3 functions */
656 sd
->data
[10] = 0x80; /* Supported group 2 functions */
658 sd
->data
[12] = 0x80; /* Supported group 1 functions */
660 for (i
= 0; i
< 6; i
++) {
661 new_func
= (arg
>> (i
* 4)) & 0x0f;
662 if (mode
&& new_func
!= 0x0f)
663 sd
->function_group
[i
] = new_func
;
664 sd
->data
[14 + (i
>> 1)] = new_func
<< ((i
* 4) & 4);
666 memset(&sd
->data
[17], 0, 47);
667 crc
= sd_crc16(sd
->data
, 64);
668 sd
->data
[65] = crc
>> 8;
669 sd
->data
[66] = crc
& 0xff;
672 static inline bool sd_wp_addr(SDState
*sd
, uint64_t addr
)
674 return test_bit(sd_addr_to_wpnum(addr
), sd
->wp_groups
);
677 static void sd_lock_command(SDState
*sd
)
679 int erase
, lock
, clr_pwd
, set_pwd
, pwd_len
;
680 erase
= !!(sd
->data
[0] & 0x08);
681 lock
= sd
->data
[0] & 0x04;
682 clr_pwd
= sd
->data
[0] & 0x02;
683 set_pwd
= sd
->data
[0] & 0x01;
686 pwd_len
= sd
->data
[1];
691 if (!(sd
->card_status
& CARD_IS_LOCKED
) || sd
->blk_len
> 1 ||
692 set_pwd
|| clr_pwd
|| lock
|| sd
->wp_switch
||
693 (sd
->csd
[14] & 0x20)) {
694 sd
->card_status
|= LOCK_UNLOCK_FAILED
;
697 bitmap_zero(sd
->wp_groups
, sd
->wpgrps_size
);
698 sd
->csd
[14] &= ~0x10;
699 sd
->card_status
&= ~CARD_IS_LOCKED
;
701 /* Erasing the entire card here! */
702 fprintf(stderr
, "SD: Card force-erased by CMD42\n");
706 if (sd
->blk_len
< 2 + pwd_len
||
707 pwd_len
<= sd
->pwd_len
||
708 pwd_len
> sd
->pwd_len
+ 16) {
709 sd
->card_status
|= LOCK_UNLOCK_FAILED
;
713 if (sd
->pwd_len
&& memcmp(sd
->pwd
, sd
->data
+ 2, sd
->pwd_len
)) {
714 sd
->card_status
|= LOCK_UNLOCK_FAILED
;
718 pwd_len
-= sd
->pwd_len
;
719 if ((pwd_len
&& !set_pwd
) ||
720 (clr_pwd
&& (set_pwd
|| lock
)) ||
721 (lock
&& !sd
->pwd_len
&& !set_pwd
) ||
722 (!set_pwd
&& !clr_pwd
&&
723 (((sd
->card_status
& CARD_IS_LOCKED
) && lock
) ||
724 (!(sd
->card_status
& CARD_IS_LOCKED
) && !lock
)))) {
725 sd
->card_status
|= LOCK_UNLOCK_FAILED
;
730 memcpy(sd
->pwd
, sd
->data
+ 2 + sd
->pwd_len
, pwd_len
);
731 sd
->pwd_len
= pwd_len
;
739 sd
->card_status
|= CARD_IS_LOCKED
;
741 sd
->card_status
&= ~CARD_IS_LOCKED
;
744 static sd_rsp_type_t
sd_normal_command(SDState
*sd
,
747 uint32_t rca
= 0x0000;
748 uint64_t addr
= (sd
->ocr
& (1 << 30)) ? (uint64_t) req
.arg
<< 9 : req
.arg
;
750 /* Not interpreting this as an app command */
751 sd
->card_status
&= ~APP_CMD
;
753 if (sd_cmd_type
[req
.cmd
& 0x3F] == sd_ac
754 || sd_cmd_type
[req
.cmd
& 0x3F] == sd_adtc
) {
758 /* CMD23 (set block count) must be immediately followed by CMD18 or CMD25
759 * if not, its effects are cancelled */
760 if (sd
->multi_blk_cnt
!= 0 && !(req
.cmd
== 18 || req
.cmd
== 25)) {
761 sd
->multi_blk_cnt
= 0;
764 DPRINTF("CMD%d 0x%08x state %d\n", req
.cmd
, req
.arg
, sd
->state
);
766 /* Basic commands (Class 0 and Class 1) */
767 case 0: /* CMD0: GO_IDLE_STATE */
769 case sd_inactive_state
:
770 return sd
->spi
? sd_r1
: sd_r0
;
773 sd
->state
= sd_idle_state
;
774 sd_reset(DEVICE(sd
));
775 return sd
->spi
? sd_r1
: sd_r0
;
779 case 1: /* CMD1: SEND_OP_CMD */
783 sd
->state
= sd_transfer_state
;
786 case 2: /* CMD2: ALL_SEND_CID */
791 sd
->state
= sd_identification_state
;
799 case 3: /* CMD3: SEND_RELATIVE_ADDR */
803 case sd_identification_state
:
804 case sd_standby_state
:
805 sd
->state
= sd_standby_state
;
814 case 4: /* CMD4: SEND_DSR */
818 case sd_standby_state
:
826 case 5: /* CMD5: reserved for SDIO cards */
829 case 6: /* CMD6: SWITCH_FUNCTION */
833 case sd_data_transfer_mode
:
834 sd_function_switch(sd
, req
.arg
);
835 sd
->state
= sd_sendingdata_state
;
845 case 7: /* CMD7: SELECT/DESELECT_CARD */
849 case sd_standby_state
:
853 sd
->state
= sd_transfer_state
;
856 case sd_transfer_state
:
857 case sd_sendingdata_state
:
861 sd
->state
= sd_standby_state
;
864 case sd_disconnect_state
:
868 sd
->state
= sd_programming_state
;
871 case sd_programming_state
:
875 sd
->state
= sd_disconnect_state
;
883 case 8: /* CMD8: SEND_IF_COND */
884 /* Physical Layer Specification Version 2.00 command */
889 /* No response if not exactly one VHS bit is set. */
890 if (!(req
.arg
>> 8) || (req
.arg
>> (ctz32(req
.arg
& ~0xff) + 1))) {
891 return sd
->spi
? sd_r7
: sd_r0
;
903 case 9: /* CMD9: SEND_CSD */
905 case sd_standby_state
:
911 case sd_transfer_state
:
914 sd
->state
= sd_sendingdata_state
;
915 memcpy(sd
->data
, sd
->csd
, 16);
916 sd
->data_start
= addr
;
925 case 10: /* CMD10: SEND_CID */
927 case sd_standby_state
:
933 case sd_transfer_state
:
936 sd
->state
= sd_sendingdata_state
;
937 memcpy(sd
->data
, sd
->cid
, 16);
938 sd
->data_start
= addr
;
947 case 11: /* CMD11: READ_DAT_UNTIL_STOP */
951 case sd_transfer_state
:
952 sd
->state
= sd_sendingdata_state
;
953 sd
->data_start
= req
.arg
;
956 if (sd
->data_start
+ sd
->blk_len
> sd
->size
)
957 sd
->card_status
|= ADDRESS_ERROR
;
965 case 12: /* CMD12: STOP_TRANSMISSION */
967 case sd_sendingdata_state
:
968 sd
->state
= sd_transfer_state
;
971 case sd_receivingdata_state
:
972 sd
->state
= sd_programming_state
;
973 /* Bzzzzzzztt .... Operation complete. */
974 sd
->state
= sd_transfer_state
;
982 case 13: /* CMD13: SEND_STATUS */
984 case sd_data_transfer_mode
:
995 case 15: /* CMD15: GO_INACTIVE_STATE */
999 case sd_data_transfer_mode
:
1003 sd
->state
= sd_inactive_state
;
1011 /* Block read commands (Classs 2) */
1012 case 16: /* CMD16: SET_BLOCKLEN */
1013 switch (sd
->state
) {
1014 case sd_transfer_state
:
1015 if (req
.arg
> (1 << HWBLOCK_SHIFT
))
1016 sd
->card_status
|= BLOCK_LEN_ERROR
;
1018 sd
->blk_len
= req
.arg
;
1027 case 17: /* CMD17: READ_SINGLE_BLOCK */
1028 switch (sd
->state
) {
1029 case sd_transfer_state
:
1030 sd
->state
= sd_sendingdata_state
;
1031 sd
->data_start
= addr
;
1032 sd
->data_offset
= 0;
1034 if (sd
->data_start
+ sd
->blk_len
> sd
->size
)
1035 sd
->card_status
|= ADDRESS_ERROR
;
1043 case 18: /* CMD18: READ_MULTIPLE_BLOCK */
1044 switch (sd
->state
) {
1045 case sd_transfer_state
:
1046 sd
->state
= sd_sendingdata_state
;
1047 sd
->data_start
= addr
;
1048 sd
->data_offset
= 0;
1050 if (sd
->data_start
+ sd
->blk_len
> sd
->size
)
1051 sd
->card_status
|= ADDRESS_ERROR
;
1059 case 23: /* CMD23: SET_BLOCK_COUNT */
1060 switch (sd
->state
) {
1061 case sd_transfer_state
:
1062 sd
->multi_blk_cnt
= req
.arg
;
1070 /* Block write commands (Class 4) */
1071 case 24: /* CMD24: WRITE_SINGLE_BLOCK */
1073 goto unimplemented_cmd
;
1074 switch (sd
->state
) {
1075 case sd_transfer_state
:
1076 /* Writing in SPI mode not implemented. */
1079 sd
->state
= sd_receivingdata_state
;
1080 sd
->data_start
= addr
;
1081 sd
->data_offset
= 0;
1082 sd
->blk_written
= 0;
1084 if (sd
->data_start
+ sd
->blk_len
> sd
->size
)
1085 sd
->card_status
|= ADDRESS_ERROR
;
1086 if (sd_wp_addr(sd
, sd
->data_start
))
1087 sd
->card_status
|= WP_VIOLATION
;
1088 if (sd
->csd
[14] & 0x30)
1089 sd
->card_status
|= WP_VIOLATION
;
1097 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
1099 goto unimplemented_cmd
;
1100 switch (sd
->state
) {
1101 case sd_transfer_state
:
1102 /* Writing in SPI mode not implemented. */
1105 sd
->state
= sd_receivingdata_state
;
1106 sd
->data_start
= addr
;
1107 sd
->data_offset
= 0;
1108 sd
->blk_written
= 0;
1110 if (sd
->data_start
+ sd
->blk_len
> sd
->size
)
1111 sd
->card_status
|= ADDRESS_ERROR
;
1112 if (sd_wp_addr(sd
, sd
->data_start
))
1113 sd
->card_status
|= WP_VIOLATION
;
1114 if (sd
->csd
[14] & 0x30)
1115 sd
->card_status
|= WP_VIOLATION
;
1123 case 26: /* CMD26: PROGRAM_CID */
1126 switch (sd
->state
) {
1127 case sd_transfer_state
:
1128 sd
->state
= sd_receivingdata_state
;
1130 sd
->data_offset
= 0;
1138 case 27: /* CMD27: PROGRAM_CSD */
1140 goto unimplemented_cmd
;
1141 switch (sd
->state
) {
1142 case sd_transfer_state
:
1143 sd
->state
= sd_receivingdata_state
;
1145 sd
->data_offset
= 0;
1153 /* Write protection (Class 6) */
1154 case 28: /* CMD28: SET_WRITE_PROT */
1155 switch (sd
->state
) {
1156 case sd_transfer_state
:
1157 if (addr
>= sd
->size
) {
1158 sd
->card_status
|= ADDRESS_ERROR
;
1162 sd
->state
= sd_programming_state
;
1163 set_bit(sd_addr_to_wpnum(addr
), sd
->wp_groups
);
1164 /* Bzzzzzzztt .... Operation complete. */
1165 sd
->state
= sd_transfer_state
;
1173 case 29: /* CMD29: CLR_WRITE_PROT */
1174 switch (sd
->state
) {
1175 case sd_transfer_state
:
1176 if (addr
>= sd
->size
) {
1177 sd
->card_status
|= ADDRESS_ERROR
;
1181 sd
->state
= sd_programming_state
;
1182 clear_bit(sd_addr_to_wpnum(addr
), sd
->wp_groups
);
1183 /* Bzzzzzzztt .... Operation complete. */
1184 sd
->state
= sd_transfer_state
;
1192 case 30: /* CMD30: SEND_WRITE_PROT */
1193 switch (sd
->state
) {
1194 case sd_transfer_state
:
1195 sd
->state
= sd_sendingdata_state
;
1196 *(uint32_t *) sd
->data
= sd_wpbits(sd
, req
.arg
);
1197 sd
->data_start
= addr
;
1198 sd
->data_offset
= 0;
1206 /* Erase commands (Class 5) */
1207 case 32: /* CMD32: ERASE_WR_BLK_START */
1208 switch (sd
->state
) {
1209 case sd_transfer_state
:
1210 sd
->erase_start
= req
.arg
;
1218 case 33: /* CMD33: ERASE_WR_BLK_END */
1219 switch (sd
->state
) {
1220 case sd_transfer_state
:
1221 sd
->erase_end
= req
.arg
;
1229 case 38: /* CMD38: ERASE */
1230 switch (sd
->state
) {
1231 case sd_transfer_state
:
1232 if (sd
->csd
[14] & 0x30) {
1233 sd
->card_status
|= WP_VIOLATION
;
1237 sd
->state
= sd_programming_state
;
1239 /* Bzzzzzzztt .... Operation complete. */
1240 sd
->state
= sd_transfer_state
;
1248 /* Lock card commands (Class 7) */
1249 case 42: /* CMD42: LOCK_UNLOCK */
1251 goto unimplemented_cmd
;
1252 switch (sd
->state
) {
1253 case sd_transfer_state
:
1254 sd
->state
= sd_receivingdata_state
;
1256 sd
->data_offset
= 0;
1266 /* CMD52, CMD53: reserved for SDIO cards
1267 * (see the SDIO Simplified Specification V2.0)
1268 * Handle as illegal command but do not complain
1269 * on stderr, as some OSes may use these in their
1270 * probing for presence of an SDIO card.
1274 /* Application specific commands (Class 8) */
1275 case 55: /* CMD55: APP_CMD */
1279 sd
->expecting_acmd
= true;
1280 sd
->card_status
|= APP_CMD
;
1283 case 56: /* CMD56: GEN_CMD */
1284 fprintf(stderr
, "SD: GEN_CMD 0x%08x\n", req
.arg
);
1286 switch (sd
->state
) {
1287 case sd_transfer_state
:
1288 sd
->data_offset
= 0;
1290 sd
->state
= sd_sendingdata_state
;
1292 sd
->state
= sd_receivingdata_state
;
1302 qemu_log_mask(LOG_GUEST_ERROR
, "SD: Unknown CMD%i\n", req
.cmd
);
1306 /* Commands that are recognised but not yet implemented in SPI mode. */
1307 qemu_log_mask(LOG_UNIMP
, "SD: CMD%i not implemented in SPI mode\n",
1312 qemu_log_mask(LOG_GUEST_ERROR
, "SD: CMD%i in a wrong state\n", req
.cmd
);
1316 static sd_rsp_type_t
sd_app_command(SDState
*sd
,
1319 DPRINTF("ACMD%d 0x%08x\n", req
.cmd
, req
.arg
);
1320 sd
->card_status
|= APP_CMD
;
1322 case 6: /* ACMD6: SET_BUS_WIDTH */
1323 switch (sd
->state
) {
1324 case sd_transfer_state
:
1325 sd
->sd_status
[0] &= 0x3f;
1326 sd
->sd_status
[0] |= (req
.arg
& 0x03) << 6;
1334 case 13: /* ACMD13: SD_STATUS */
1335 switch (sd
->state
) {
1336 case sd_transfer_state
:
1337 sd
->state
= sd_sendingdata_state
;
1339 sd
->data_offset
= 0;
1347 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
1348 switch (sd
->state
) {
1349 case sd_transfer_state
:
1350 *(uint32_t *) sd
->data
= sd
->blk_written
;
1352 sd
->state
= sd_sendingdata_state
;
1354 sd
->data_offset
= 0;
1362 case 23: /* ACMD23: SET_WR_BLK_ERASE_COUNT */
1363 switch (sd
->state
) {
1364 case sd_transfer_state
:
1372 case 41: /* ACMD41: SD_APP_OP_COND */
1375 sd
->state
= sd_transfer_state
;
1378 switch (sd
->state
) {
1380 /* If it's the first ACMD41 since reset, we need to decide
1381 * whether to power up. If this is not an enquiry ACMD41,
1382 * we immediately report power on and proceed below to the
1383 * ready state, but if it is, we set a timer to model a
1384 * delay for power up. This works around a bug in EDK2
1385 * UEFI, which sends an initial enquiry ACMD41, but
1386 * assumes that the card is in ready state as soon as it
1387 * sees the power up bit set. */
1388 if (!(sd
->ocr
& OCR_POWER_UP
)) {
1389 if ((req
.arg
& ACMD41_ENQUIRY_MASK
) != 0) {
1390 timer_del(sd
->ocr_power_timer
);
1392 } else if (!timer_pending(sd
->ocr_power_timer
)) {
1393 timer_mod_ns(sd
->ocr_power_timer
,
1394 (qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL
)
1395 + OCR_POWER_DELAY_NS
));
1399 /* We accept any voltage. 10000 V is nothing.
1401 * Once we're powered up, we advance straight to ready state
1402 * unless it's an enquiry ACMD41 (bits 23:0 == 0).
1404 if (req
.arg
& ACMD41_ENQUIRY_MASK
) {
1405 sd
->state
= sd_ready_state
;
1415 case 42: /* ACMD42: SET_CLR_CARD_DETECT */
1416 switch (sd
->state
) {
1417 case sd_transfer_state
:
1418 /* Bringing in the 50KOhm pull-up resistor... Done. */
1426 case 51: /* ACMD51: SEND_SCR */
1427 switch (sd
->state
) {
1428 case sd_transfer_state
:
1429 sd
->state
= sd_sendingdata_state
;
1431 sd
->data_offset
= 0;
1440 /* Fall back to standard commands. */
1441 return sd_normal_command(sd
, req
);
1444 qemu_log_mask(LOG_GUEST_ERROR
, "SD: ACMD%i in a wrong state\n", req
.cmd
);
1448 static int cmd_valid_while_locked(SDState
*sd
, SDRequest
*req
)
1450 /* Valid commands in locked state:
1452 * lock card class (7)
1454 * implicitly, the ACMD prefix CMD55
1456 * Anything else provokes an "illegal command" response.
1458 if (sd
->expecting_acmd
) {
1459 return req
->cmd
== 41 || req
->cmd
== 42;
1461 if (req
->cmd
== 16 || req
->cmd
== 55) {
1464 return sd_cmd_class
[req
->cmd
& 0x3F] == 0
1465 || sd_cmd_class
[req
->cmd
& 0x3F] == 7;
1468 int sd_do_command(SDState
*sd
, SDRequest
*req
,
1469 uint8_t *response
) {
1471 sd_rsp_type_t rtype
;
1474 if (!sd
->blk
|| !blk_is_inserted(sd
->blk
) || !sd
->enable
) {
1478 if (sd_req_crc_validate(req
)) {
1479 sd
->card_status
|= COM_CRC_ERROR
;
1484 if (sd
->card_status
& CARD_IS_LOCKED
) {
1485 if (!cmd_valid_while_locked(sd
, req
)) {
1486 sd
->card_status
|= ILLEGAL_COMMAND
;
1487 sd
->expecting_acmd
= false;
1488 qemu_log_mask(LOG_GUEST_ERROR
, "SD: Card is locked\n");
1494 last_state
= sd
->state
;
1497 if (sd
->expecting_acmd
) {
1498 sd
->expecting_acmd
= false;
1499 rtype
= sd_app_command(sd
, *req
);
1501 rtype
= sd_normal_command(sd
, *req
);
1504 if (rtype
== sd_illegal
) {
1505 sd
->card_status
|= ILLEGAL_COMMAND
;
1507 /* Valid command, we can update the 'state before command' bits.
1508 * (Do this now so they appear in r1 responses.)
1510 sd
->current_cmd
= req
->cmd
;
1511 sd
->card_status
&= ~CURRENT_STATE
;
1512 sd
->card_status
|= (last_state
<< 9);
1519 sd_response_r1_make(sd
, response
);
1524 memcpy(response
, sd
->cid
, sizeof(sd
->cid
));
1529 memcpy(response
, sd
->csd
, sizeof(sd
->csd
));
1534 sd_response_r3_make(sd
, response
);
1539 sd_response_r6_make(sd
, response
);
1544 sd_response_r7_make(sd
, response
);
1555 if (rtype
!= sd_illegal
) {
1556 /* Clear the "clear on valid command" status bits now we've
1559 sd
->card_status
&= ~CARD_STATUS_B
;
1565 DPRINTF("Response:");
1566 for (i
= 0; i
< rsplen
; i
++)
1567 fprintf(stderr
, " %02x", response
[i
]);
1568 fprintf(stderr
, " state %d\n", sd
->state
);
1570 DPRINTF("No response %d\n", sd
->state
);
1577 static void sd_blk_read(SDState
*sd
, uint64_t addr
, uint32_t len
)
1579 uint64_t end
= addr
+ len
;
1581 DPRINTF("sd_blk_read: addr = 0x%08llx, len = %d\n",
1582 (unsigned long long) addr
, len
);
1583 if (!sd
->blk
|| blk_read(sd
->blk
, addr
>> 9, sd
->buf
, 1) < 0) {
1584 fprintf(stderr
, "sd_blk_read: read error on host side\n");
1588 if (end
> (addr
& ~511) + 512) {
1589 memcpy(sd
->data
, sd
->buf
+ (addr
& 511), 512 - (addr
& 511));
1591 if (blk_read(sd
->blk
, end
>> 9, sd
->buf
, 1) < 0) {
1592 fprintf(stderr
, "sd_blk_read: read error on host side\n");
1595 memcpy(sd
->data
+ 512 - (addr
& 511), sd
->buf
, end
& 511);
1597 memcpy(sd
->data
, sd
->buf
+ (addr
& 511), len
);
1600 static void sd_blk_write(SDState
*sd
, uint64_t addr
, uint32_t len
)
1602 uint64_t end
= addr
+ len
;
1604 if ((addr
& 511) || len
< 512)
1605 if (!sd
->blk
|| blk_read(sd
->blk
, addr
>> 9, sd
->buf
, 1) < 0) {
1606 fprintf(stderr
, "sd_blk_write: read error on host side\n");
1610 if (end
> (addr
& ~511) + 512) {
1611 memcpy(sd
->buf
+ (addr
& 511), sd
->data
, 512 - (addr
& 511));
1612 if (blk_write(sd
->blk
, addr
>> 9, sd
->buf
, 1) < 0) {
1613 fprintf(stderr
, "sd_blk_write: write error on host side\n");
1617 if (blk_read(sd
->blk
, end
>> 9, sd
->buf
, 1) < 0) {
1618 fprintf(stderr
, "sd_blk_write: read error on host side\n");
1621 memcpy(sd
->buf
, sd
->data
+ 512 - (addr
& 511), end
& 511);
1622 if (blk_write(sd
->blk
, end
>> 9, sd
->buf
, 1) < 0) {
1623 fprintf(stderr
, "sd_blk_write: write error on host side\n");
1626 memcpy(sd
->buf
+ (addr
& 511), sd
->data
, len
);
1627 if (!sd
->blk
|| blk_write(sd
->blk
, addr
>> 9, sd
->buf
, 1) < 0) {
1628 fprintf(stderr
, "sd_blk_write: write error on host side\n");
1633 #define BLK_READ_BLOCK(a, len) sd_blk_read(sd, a, len)
1634 #define BLK_WRITE_BLOCK(a, len) sd_blk_write(sd, a, len)
1635 #define APP_READ_BLOCK(a, len) memset(sd->data, 0xec, len)
1636 #define APP_WRITE_BLOCK(a, len)
1638 void sd_write_data(SDState
*sd
, uint8_t value
)
1642 if (!sd
->blk
|| !blk_is_inserted(sd
->blk
) || !sd
->enable
)
1645 if (sd
->state
!= sd_receivingdata_state
) {
1646 qemu_log_mask(LOG_GUEST_ERROR
,
1647 "sd_write_data: not in Receiving-Data state\n");
1651 if (sd
->card_status
& (ADDRESS_ERROR
| WP_VIOLATION
))
1654 switch (sd
->current_cmd
) {
1655 case 24: /* CMD24: WRITE_SINGLE_BLOCK */
1656 sd
->data
[sd
->data_offset
++] = value
;
1657 if (sd
->data_offset
>= sd
->blk_len
) {
1658 /* TODO: Check CRC before committing */
1659 sd
->state
= sd_programming_state
;
1660 BLK_WRITE_BLOCK(sd
->data_start
, sd
->data_offset
);
1662 sd
->csd
[14] |= 0x40;
1663 /* Bzzzzzzztt .... Operation complete. */
1664 sd
->state
= sd_transfer_state
;
1668 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
1669 if (sd
->data_offset
== 0) {
1670 /* Start of the block - let's check the address is valid */
1671 if (sd
->data_start
+ sd
->blk_len
> sd
->size
) {
1672 sd
->card_status
|= ADDRESS_ERROR
;
1675 if (sd_wp_addr(sd
, sd
->data_start
)) {
1676 sd
->card_status
|= WP_VIOLATION
;
1680 sd
->data
[sd
->data_offset
++] = value
;
1681 if (sd
->data_offset
>= sd
->blk_len
) {
1682 /* TODO: Check CRC before committing */
1683 sd
->state
= sd_programming_state
;
1684 BLK_WRITE_BLOCK(sd
->data_start
, sd
->data_offset
);
1686 sd
->data_start
+= sd
->blk_len
;
1687 sd
->data_offset
= 0;
1688 sd
->csd
[14] |= 0x40;
1690 /* Bzzzzzzztt .... Operation complete. */
1691 if (sd
->multi_blk_cnt
!= 0) {
1692 if (--sd
->multi_blk_cnt
== 0) {
1694 sd
->state
= sd_transfer_state
;
1699 sd
->state
= sd_receivingdata_state
;
1703 case 26: /* CMD26: PROGRAM_CID */
1704 sd
->data
[sd
->data_offset
++] = value
;
1705 if (sd
->data_offset
>= sizeof(sd
->cid
)) {
1706 /* TODO: Check CRC before committing */
1707 sd
->state
= sd_programming_state
;
1708 for (i
= 0; i
< sizeof(sd
->cid
); i
++)
1709 if ((sd
->cid
[i
] | 0x00) != sd
->data
[i
])
1710 sd
->card_status
|= CID_CSD_OVERWRITE
;
1712 if (!(sd
->card_status
& CID_CSD_OVERWRITE
))
1713 for (i
= 0; i
< sizeof(sd
->cid
); i
++) {
1715 sd
->cid
[i
] &= sd
->data
[i
];
1717 /* Bzzzzzzztt .... Operation complete. */
1718 sd
->state
= sd_transfer_state
;
1722 case 27: /* CMD27: PROGRAM_CSD */
1723 sd
->data
[sd
->data_offset
++] = value
;
1724 if (sd
->data_offset
>= sizeof(sd
->csd
)) {
1725 /* TODO: Check CRC before committing */
1726 sd
->state
= sd_programming_state
;
1727 for (i
= 0; i
< sizeof(sd
->csd
); i
++)
1728 if ((sd
->csd
[i
] | sd_csd_rw_mask
[i
]) !=
1729 (sd
->data
[i
] | sd_csd_rw_mask
[i
]))
1730 sd
->card_status
|= CID_CSD_OVERWRITE
;
1732 /* Copy flag (OTP) & Permanent write protect */
1733 if (sd
->csd
[14] & ~sd
->data
[14] & 0x60)
1734 sd
->card_status
|= CID_CSD_OVERWRITE
;
1736 if (!(sd
->card_status
& CID_CSD_OVERWRITE
))
1737 for (i
= 0; i
< sizeof(sd
->csd
); i
++) {
1738 sd
->csd
[i
] |= sd_csd_rw_mask
[i
];
1739 sd
->csd
[i
] &= sd
->data
[i
];
1741 /* Bzzzzzzztt .... Operation complete. */
1742 sd
->state
= sd_transfer_state
;
1746 case 42: /* CMD42: LOCK_UNLOCK */
1747 sd
->data
[sd
->data_offset
++] = value
;
1748 if (sd
->data_offset
>= sd
->blk_len
) {
1749 /* TODO: Check CRC before committing */
1750 sd
->state
= sd_programming_state
;
1751 sd_lock_command(sd
);
1752 /* Bzzzzzzztt .... Operation complete. */
1753 sd
->state
= sd_transfer_state
;
1757 case 56: /* CMD56: GEN_CMD */
1758 sd
->data
[sd
->data_offset
++] = value
;
1759 if (sd
->data_offset
>= sd
->blk_len
) {
1760 APP_WRITE_BLOCK(sd
->data_start
, sd
->data_offset
);
1761 sd
->state
= sd_transfer_state
;
1766 qemu_log_mask(LOG_GUEST_ERROR
, "sd_write_data: unknown command\n");
1771 uint8_t sd_read_data(SDState
*sd
)
1773 /* TODO: Append CRCs */
1777 if (!sd
->blk
|| !blk_is_inserted(sd
->blk
) || !sd
->enable
)
1780 if (sd
->state
!= sd_sendingdata_state
) {
1781 qemu_log_mask(LOG_GUEST_ERROR
,
1782 "sd_read_data: not in Sending-Data state\n");
1786 if (sd
->card_status
& (ADDRESS_ERROR
| WP_VIOLATION
))
1789 io_len
= (sd
->ocr
& (1 << 30)) ? 512 : sd
->blk_len
;
1791 switch (sd
->current_cmd
) {
1792 case 6: /* CMD6: SWITCH_FUNCTION */
1793 ret
= sd
->data
[sd
->data_offset
++];
1795 if (sd
->data_offset
>= 64)
1796 sd
->state
= sd_transfer_state
;
1799 case 9: /* CMD9: SEND_CSD */
1800 case 10: /* CMD10: SEND_CID */
1801 ret
= sd
->data
[sd
->data_offset
++];
1803 if (sd
->data_offset
>= 16)
1804 sd
->state
= sd_transfer_state
;
1807 case 11: /* CMD11: READ_DAT_UNTIL_STOP */
1808 if (sd
->data_offset
== 0)
1809 BLK_READ_BLOCK(sd
->data_start
, io_len
);
1810 ret
= sd
->data
[sd
->data_offset
++];
1812 if (sd
->data_offset
>= io_len
) {
1813 sd
->data_start
+= io_len
;
1814 sd
->data_offset
= 0;
1815 if (sd
->data_start
+ io_len
> sd
->size
) {
1816 sd
->card_status
|= ADDRESS_ERROR
;
1822 case 13: /* ACMD13: SD_STATUS */
1823 ret
= sd
->sd_status
[sd
->data_offset
++];
1825 if (sd
->data_offset
>= sizeof(sd
->sd_status
))
1826 sd
->state
= sd_transfer_state
;
1829 case 17: /* CMD17: READ_SINGLE_BLOCK */
1830 if (sd
->data_offset
== 0)
1831 BLK_READ_BLOCK(sd
->data_start
, io_len
);
1832 ret
= sd
->data
[sd
->data_offset
++];
1834 if (sd
->data_offset
>= io_len
)
1835 sd
->state
= sd_transfer_state
;
1838 case 18: /* CMD18: READ_MULTIPLE_BLOCK */
1839 if (sd
->data_offset
== 0)
1840 BLK_READ_BLOCK(sd
->data_start
, io_len
);
1841 ret
= sd
->data
[sd
->data_offset
++];
1843 if (sd
->data_offset
>= io_len
) {
1844 sd
->data_start
+= io_len
;
1845 sd
->data_offset
= 0;
1847 if (sd
->multi_blk_cnt
!= 0) {
1848 if (--sd
->multi_blk_cnt
== 0) {
1850 sd
->state
= sd_transfer_state
;
1855 if (sd
->data_start
+ io_len
> sd
->size
) {
1856 sd
->card_status
|= ADDRESS_ERROR
;
1862 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
1863 ret
= sd
->data
[sd
->data_offset
++];
1865 if (sd
->data_offset
>= 4)
1866 sd
->state
= sd_transfer_state
;
1869 case 30: /* CMD30: SEND_WRITE_PROT */
1870 ret
= sd
->data
[sd
->data_offset
++];
1872 if (sd
->data_offset
>= 4)
1873 sd
->state
= sd_transfer_state
;
1876 case 51: /* ACMD51: SEND_SCR */
1877 ret
= sd
->scr
[sd
->data_offset
++];
1879 if (sd
->data_offset
>= sizeof(sd
->scr
))
1880 sd
->state
= sd_transfer_state
;
1883 case 56: /* CMD56: GEN_CMD */
1884 if (sd
->data_offset
== 0)
1885 APP_READ_BLOCK(sd
->data_start
, sd
->blk_len
);
1886 ret
= sd
->data
[sd
->data_offset
++];
1888 if (sd
->data_offset
>= sd
->blk_len
)
1889 sd
->state
= sd_transfer_state
;
1893 qemu_log_mask(LOG_GUEST_ERROR
, "sd_read_data: unknown command\n");
1900 bool sd_data_ready(SDState
*sd
)
1902 return sd
->state
== sd_sendingdata_state
;
1905 void sd_enable(SDState
*sd
, bool enable
)
1907 sd
->enable
= enable
;
1910 static void sd_instance_init(Object
*obj
)
1912 SDState
*sd
= SD_CARD(obj
);
1915 sd
->ocr_power_timer
= timer_new_ns(QEMU_CLOCK_VIRTUAL
, sd_ocr_powerup
, sd
);
1918 static void sd_realize(DeviceState
*dev
, Error
**errp
)
1920 SDState
*sd
= SD_CARD(dev
);
1922 if (sd
->blk
&& blk_is_read_only(sd
->blk
)) {
1923 error_setg(errp
, "Cannot use read-only drive as SD card");
1927 sd
->buf
= blk_blockalign(sd
->blk
, 512);
1930 blk_set_dev_ops(sd
->blk
, &sd_block_ops
, sd
);
1934 static Property sd_properties
[] = {
1935 DEFINE_PROP_DRIVE("drive", SDState
, blk
),
1936 /* We do not model the chip select pin, so allow the board to select
1937 * whether card should be in SSI or MMC/SD mode. It is also up to the
1938 * board to ensure that ssi transfers only occur when the chip select
1940 DEFINE_PROP_BOOL("spi", SDState
, spi
, false),
1941 DEFINE_PROP_END_OF_LIST()
1944 static void sd_class_init(ObjectClass
*klass
, void *data
)
1946 DeviceClass
*dc
= DEVICE_CLASS(klass
);
1947 SDCardClass
*sc
= SD_CARD_CLASS(klass
);
1949 dc
->realize
= sd_realize
;
1950 dc
->props
= sd_properties
;
1951 dc
->vmsd
= &sd_vmstate
;
1952 dc
->reset
= sd_reset
;
1953 dc
->bus_type
= TYPE_SD_BUS
;
1955 sc
->do_command
= sd_do_command
;
1956 sc
->write_data
= sd_write_data
;
1957 sc
->read_data
= sd_read_data
;
1958 sc
->data_ready
= sd_data_ready
;
1959 sc
->enable
= sd_enable
;
1960 sc
->get_inserted
= sd_get_inserted
;
1961 sc
->get_readonly
= sd_get_readonly
;
1964 static const TypeInfo sd_info
= {
1965 .name
= TYPE_SD_CARD
,
1966 .parent
= TYPE_DEVICE
,
1967 .instance_size
= sizeof(SDState
),
1968 .class_size
= sizeof(SDCardClass
),
1969 .class_init
= sd_class_init
,
1970 .instance_init
= sd_instance_init
,
1973 static void sd_register_types(void)
1975 type_register_static(&sd_info
);
1978 type_init(sd_register_types
)