2 * SSI to SD card adapter.
4 * Copyright (c) 2007-2009 CodeSourcery.
5 * Written by Paul Brook
7 * Copyright (c) 2021 Wind River Systems, Inc.
8 * Improved by Bin Meng <bin.meng@windriver.com>
10 * Validated with U-Boot v2021.01 and Linux v5.10 mmc_spi driver
12 * This code is licensed under the GNU GPL v2.
14 * Contributions after 2012-01-13 are licensed under the terms of the
15 * GNU GPL, version 2 or (at your option) any later version.
18 #include "qemu/osdep.h"
19 #include "sysemu/blockdev.h"
20 #include "hw/ssi/ssi.h"
21 #include "migration/vmstate.h"
22 #include "hw/qdev-properties.h"
24 #include "qapi/error.h"
25 #include "qemu/crc-ccitt.h"
26 #include "qemu/module.h"
27 #include "qom/object.h"
29 //#define DEBUG_SSI_SD 1
32 #define DPRINTF(fmt, ...) \
33 do { printf("ssi_sd: " fmt , ## __VA_ARGS__); } while (0)
34 #define BADF(fmt, ...) \
35 do { fprintf(stderr, "ssi_sd: error: " fmt , ## __VA_ARGS__); exit(1);} while (0)
37 #define DPRINTF(fmt, ...) do {} while(0)
38 #define BADF(fmt, ...) \
39 do { fprintf(stderr, "ssi_sd: error: " fmt , ## __VA_ARGS__);} while (0)
70 #define TYPE_SSI_SD "ssi-sd"
71 OBJECT_DECLARE_SIMPLE_TYPE(ssi_sd_state
, SSI_SD
)
73 /* State word bits. */
74 #define SSI_SDR_LOCKED 0x0001
75 #define SSI_SDR_WP_ERASE 0x0002
76 #define SSI_SDR_ERROR 0x0004
77 #define SSI_SDR_CC_ERROR 0x0008
78 #define SSI_SDR_ECC_FAILED 0x0010
79 #define SSI_SDR_WP_VIOLATION 0x0020
80 #define SSI_SDR_ERASE_PARAM 0x0040
81 #define SSI_SDR_OUT_OF_RANGE 0x0080
82 #define SSI_SDR_IDLE 0x0100
83 #define SSI_SDR_ERASE_RESET 0x0200
84 #define SSI_SDR_ILLEGAL_COMMAND 0x0400
85 #define SSI_SDR_COM_CRC_ERROR 0x0800
86 #define SSI_SDR_ERASE_SEQ_ERROR 0x1000
87 #define SSI_SDR_ADDRESS_ERROR 0x2000
88 #define SSI_SDR_PARAMETER_ERROR 0x4000
90 /* multiple block write */
91 #define SSI_TOKEN_MULTI_WRITE 0xfc
92 /* terminate multiple block write */
93 #define SSI_TOKEN_STOP_TRAN 0xfd
94 /* single block read/write, multiple block read */
95 #define SSI_TOKEN_SINGLE 0xfe
97 /* dummy value - don't care */
98 #define SSI_DUMMY 0xff
101 #define DATA_RESPONSE_ACCEPTED 0x05
103 static uint32_t ssi_sd_transfer(SSIPeripheral
*dev
, uint32_t val
)
105 ssi_sd_state
*s
= SSI_SD(dev
);
107 uint8_t longresp
[16];
110 * Special case: allow CMD12 (STOP TRANSMISSION) while reading data.
112 * See "Physical Layer Specification Version 8.00" chapter 7.5.2.2,
113 * to avoid conflict between CMD12 response and next data block,
114 * timing of CMD12 should be controlled as follows:
116 * - CMD12 issued at the timing that end bit of CMD12 and end bit of
117 * data block is overlapped
118 * - CMD12 issued after one clock cycle after host receives a token
119 * (either Start Block token or Data Error token)
121 * We need to catch CMD12 in all of the data read states.
123 if (s
->mode
>= SSI_SD_PREP_DATA
&& s
->mode
<= SSI_SD_DATA_CRC16
) {
125 s
->mode
= SSI_SD_CMD
;
126 /* There must be at least one byte delay before the card responds */
135 DPRINTF("NULL command\n");
138 case SSI_TOKEN_SINGLE
:
139 case SSI_TOKEN_MULTI_WRITE
:
140 DPRINTF("Start write block\n");
141 s
->mode
= SSI_SD_DATA_WRITE
;
143 case SSI_TOKEN_STOP_TRAN
:
144 DPRINTF("Stop multiple write\n");
146 /* manually issue cmd12 to stop the transfer */
149 s
->arglen
= sdbus_do_command(&s
->sdbus
, &request
, longresp
);
150 if (s
->arglen
<= 0) {
152 /* a zero value indicates the card is busy */
154 DPRINTF("SD card busy\n");
157 /* a non-zero value indicates the card is ready */
158 s
->response
[0] = SSI_DUMMY
;
165 s
->mode
= SSI_SD_CMDARG
;
169 if (s
->arglen
== 4) {
170 /* FIXME: Check CRC. */
171 request
.cmd
= s
->cmd
;
172 request
.arg
= ldl_be_p(s
->cmdarg
);
173 DPRINTF("CMD%d arg 0x%08x\n", s
->cmd
, request
.arg
);
174 s
->arglen
= sdbus_do_command(&s
->sdbus
, &request
, longresp
);
175 if (s
->arglen
<= 0) {
178 DPRINTF("SD command failed\n");
179 } else if (s
->cmd
== 8 || s
->cmd
== 58) {
180 /* CMD8/CMD58 returns R3/R7 response */
181 DPRINTF("Returned R3/R7\n");
184 memcpy(&s
->response
[1], longresp
, 4);
185 } else if (s
->arglen
!= 4) {
186 BADF("Unexpected response to cmd %d\n", s
->cmd
);
187 /* Illegal command is about as near as we can get. */
191 /* All other commands return status. */
194 /* CMD13 returns a 2-byte statuse work. Other commands
195 only return the first byte. */
196 s
->arglen
= (s
->cmd
== 13) ? 2 : 1;
199 if (s
->cmd
== 28 || s
->cmd
== 29 || s
->cmd
== 38) {
203 cardstatus
= ldl_be_p(longresp
);
205 if (((cardstatus
>> 9) & 0xf) < 4)
206 status
|= SSI_SDR_IDLE
;
207 if (cardstatus
& ERASE_RESET
)
208 status
|= SSI_SDR_ERASE_RESET
;
209 if (cardstatus
& ILLEGAL_COMMAND
)
210 status
|= SSI_SDR_ILLEGAL_COMMAND
;
211 if (cardstatus
& COM_CRC_ERROR
)
212 status
|= SSI_SDR_COM_CRC_ERROR
;
213 if (cardstatus
& ERASE_SEQ_ERROR
)
214 status
|= SSI_SDR_ERASE_SEQ_ERROR
;
215 if (cardstatus
& ADDRESS_ERROR
)
216 status
|= SSI_SDR_ADDRESS_ERROR
;
217 if (cardstatus
& CARD_IS_LOCKED
)
218 status
|= SSI_SDR_LOCKED
;
219 if (cardstatus
& (LOCK_UNLOCK_FAILED
| WP_ERASE_SKIP
))
220 status
|= SSI_SDR_WP_ERASE
;
221 if (cardstatus
& SD_ERROR
)
222 status
|= SSI_SDR_ERROR
;
223 if (cardstatus
& CC_ERROR
)
224 status
|= SSI_SDR_CC_ERROR
;
225 if (cardstatus
& CARD_ECC_FAILED
)
226 status
|= SSI_SDR_ECC_FAILED
;
227 if (cardstatus
& WP_VIOLATION
)
228 status
|= SSI_SDR_WP_VIOLATION
;
229 if (cardstatus
& ERASE_PARAM
)
230 status
|= SSI_SDR_ERASE_PARAM
;
231 if (cardstatus
& (OUT_OF_RANGE
| CID_CSD_OVERWRITE
))
232 status
|= SSI_SDR_OUT_OF_RANGE
;
233 /* ??? Don't know what Parameter Error really means, so
234 assume it's set if the second byte is nonzero. */
236 status
|= SSI_SDR_PARAMETER_ERROR
;
237 s
->response
[0] = status
>> 8;
238 s
->response
[1] = status
;
239 DPRINTF("Card status 0x%02x\n", status
);
241 s
->mode
= SSI_SD_PREP_RESP
;
244 s
->cmdarg
[s
->arglen
++] = val
;
247 case SSI_SD_PREP_RESP
:
248 DPRINTF("Prepare card response (Ncr)\n");
249 s
->mode
= SSI_SD_RESPONSE
;
251 case SSI_SD_RESPONSE
:
252 if (s
->response_pos
< s
->arglen
) {
253 DPRINTF("Response 0x%02x\n", s
->response
[s
->response_pos
]);
254 return s
->response
[s
->response_pos
++];
258 s
->mode
= SSI_SD_CMD
;
261 if (sdbus_data_ready(&s
->sdbus
)) {
262 DPRINTF("Data read\n");
263 s
->mode
= SSI_SD_DATA_START
;
265 DPRINTF("End of command\n");
266 s
->mode
= SSI_SD_CMD
;
269 case SSI_SD_PREP_DATA
:
270 DPRINTF("Prepare data block (Nac)\n");
271 s
->mode
= SSI_SD_DATA_START
;
273 case SSI_SD_DATA_START
:
274 DPRINTF("Start read block\n");
275 s
->mode
= SSI_SD_DATA_READ
;
277 return SSI_TOKEN_SINGLE
;
278 case SSI_SD_DATA_READ
:
279 val
= sdbus_read_byte(&s
->sdbus
);
281 s
->crc16
= crc_ccitt_false(s
->crc16
, (uint8_t *)&val
, 1);
282 if (!sdbus_data_ready(&s
->sdbus
) || s
->read_bytes
== 512) {
283 DPRINTF("Data read end\n");
284 s
->mode
= SSI_SD_DATA_CRC16
;
287 case SSI_SD_DATA_CRC16
:
288 val
= (s
->crc16
& 0xff00) >> 8;
291 if (s
->response_pos
== 2) {
292 DPRINTF("CRC16 read end\n");
293 if (s
->read_bytes
== 512 && s
->cmd
!= 17) {
294 s
->mode
= SSI_SD_PREP_DATA
;
296 s
->mode
= SSI_SD_CMD
;
302 case SSI_SD_DATA_WRITE
:
303 sdbus_write_byte(&s
->sdbus
, val
);
305 if (!sdbus_receive_ready(&s
->sdbus
) || s
->write_bytes
== 512) {
306 DPRINTF("Data write end\n");
307 s
->mode
= SSI_SD_SKIP_CRC16
;
311 case SSI_SD_SKIP_CRC16
:
312 /* we don't verify the crc16 */
314 if (s
->response_pos
== 2) {
315 DPRINTF("CRC16 receive end\n");
316 s
->mode
= SSI_SD_RESPONSE
;
319 s
->response
[0] = DATA_RESPONSE_ACCEPTED
;
324 /* Should never happen. */
328 static int ssi_sd_post_load(void *opaque
, int version_id
)
330 ssi_sd_state
*s
= (ssi_sd_state
*)opaque
;
332 if (s
->mode
> SSI_SD_SKIP_CRC16
) {
335 if (s
->mode
== SSI_SD_CMDARG
&&
336 (s
->arglen
< 0 || s
->arglen
>= ARRAY_SIZE(s
->cmdarg
))) {
339 if (s
->mode
== SSI_SD_RESPONSE
&&
340 (s
->response_pos
< 0 || s
->response_pos
>= ARRAY_SIZE(s
->response
) ||
341 (!s
->stopping
&& s
->arglen
> ARRAY_SIZE(s
->response
)))) {
348 static const VMStateDescription vmstate_ssi_sd
= {
351 .minimum_version_id
= 7,
352 .post_load
= ssi_sd_post_load
,
353 .fields
= (VMStateField
[]) {
354 VMSTATE_UINT32(mode
, ssi_sd_state
),
355 VMSTATE_INT32(cmd
, ssi_sd_state
),
356 VMSTATE_UINT8_ARRAY(cmdarg
, ssi_sd_state
, 4),
357 VMSTATE_UINT8_ARRAY(response
, ssi_sd_state
, 5),
358 VMSTATE_UINT16(crc16
, ssi_sd_state
),
359 VMSTATE_INT32(read_bytes
, ssi_sd_state
),
360 VMSTATE_INT32(write_bytes
, ssi_sd_state
),
361 VMSTATE_INT32(arglen
, ssi_sd_state
),
362 VMSTATE_INT32(response_pos
, ssi_sd_state
),
363 VMSTATE_INT32(stopping
, ssi_sd_state
),
364 VMSTATE_SSI_PERIPHERAL(ssidev
, ssi_sd_state
),
365 VMSTATE_END_OF_LIST()
369 static void ssi_sd_realize(SSIPeripheral
*d
, Error
**errp
)
372 ssi_sd_state
*s
= SSI_SD(d
);
373 DeviceState
*carddev
;
376 qbus_create_inplace(&s
->sdbus
, sizeof(s
->sdbus
), TYPE_SD_BUS
,
377 DEVICE(d
), "sd-bus");
379 /* Create and plug in the sd card */
380 /* FIXME use a qdev drive property instead of drive_get_next() */
381 dinfo
= drive_get_next(IF_SD
);
382 carddev
= qdev_new(TYPE_SD_CARD
);
384 if (!qdev_prop_set_drive_err(carddev
, "drive",
385 blk_by_legacy_dinfo(dinfo
), errp
)) {
390 if (!object_property_set_bool(OBJECT(carddev
), "spi", true, errp
)) {
394 if (!qdev_realize_and_unref(carddev
, BUS(&s
->sdbus
), errp
)) {
401 error_prepend(errp
, "failed to init SD card: ");
404 static void ssi_sd_reset(DeviceState
*dev
)
406 ssi_sd_state
*s
= SSI_SD(dev
);
408 s
->mode
= SSI_SD_CMD
;
410 memset(s
->cmdarg
, 0, sizeof(s
->cmdarg
));
411 memset(s
->response
, 0, sizeof(s
->response
));
420 static void ssi_sd_class_init(ObjectClass
*klass
, void *data
)
422 DeviceClass
*dc
= DEVICE_CLASS(klass
);
423 SSIPeripheralClass
*k
= SSI_PERIPHERAL_CLASS(klass
);
425 k
->realize
= ssi_sd_realize
;
426 k
->transfer
= ssi_sd_transfer
;
427 k
->cs_polarity
= SSI_CS_LOW
;
428 dc
->vmsd
= &vmstate_ssi_sd
;
429 dc
->reset
= ssi_sd_reset
;
430 /* Reason: init() method uses drive_get_next() */
431 dc
->user_creatable
= false;
434 static const TypeInfo ssi_sd_info
= {
436 .parent
= TYPE_SSI_PERIPHERAL
,
437 .instance_size
= sizeof(ssi_sd_state
),
438 .class_init
= ssi_sd_class_init
,
441 static void ssi_sd_register_types(void)
443 type_register_static(&ssi_sd_info
);
446 type_init(ssi_sd_register_types
)