]>
Commit | Line | Data |
---|---|---|
5fafdf24 | 1 | /* |
a1bb27b1 | 2 | * SD Memory Card emulation as defined in the "SD Memory Card Physical |
2f0939c2 | 3 | * layer specification, Version 2.00." |
a1bb27b1 PB |
4 | * |
5 | * Copyright (c) 2006 Andrzej Zaborowski <balrog@zabor.org> | |
6 | * Copyright (c) 2007 CodeSourcery | |
2f0939c2 | 7 | * Copyright (c) 2018 Philippe Mathieu-Daudé <f4bug@amsat.org> |
a1bb27b1 PB |
8 | * |
9 | * Redistribution and use in source and binary forms, with or without | |
10 | * modification, are permitted provided that the following conditions | |
11 | * are met: | |
12 | * | |
13 | * 1. Redistributions of source code must retain the above copyright | |
14 | * notice, this list of conditions and the following disclaimer. | |
15 | * 2. Redistributions in binary form must reproduce the above copyright | |
16 | * notice, this list of conditions and the following disclaimer in | |
17 | * the documentation and/or other materials provided with the | |
18 | * distribution. | |
19 | * | |
20 | * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' | |
21 | * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, | |
22 | * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A | |
23 | * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR | |
24 | * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, | |
25 | * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, | |
26 | * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR | |
27 | * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY | |
28 | * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | |
29 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE | |
30 | * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | |
31 | */ | |
32 | ||
0430891c | 33 | #include "qemu/osdep.h" |
4c8f9735 | 34 | #include "qemu/units.h" |
a9bcedd1 | 35 | #include "qemu/cutils.h" |
64552b6b | 36 | #include "hw/irq.h" |
6f296421 | 37 | #include "hw/registerfields.h" |
4be74634 | 38 | #include "sysemu/block-backend.h" |
e3382ef0 | 39 | #include "hw/sd/sd.h" |
9006f1e7 | 40 | #include "hw/sd/sdcard_legacy.h" |
d6454270 | 41 | #include "migration/vmstate.h" |
da34e65c | 42 | #include "qapi/error.h" |
1de7afc9 | 43 | #include "qemu/bitmap.h" |
260bc9d8 | 44 | #include "hw/qdev-properties.h" |
ce35e229 | 45 | #include "hw/qdev-properties-system.h" |
260bc9d8 | 46 | #include "qemu/error-report.h" |
dd26eb43 | 47 | #include "qemu/timer.h" |
03dd024f | 48 | #include "qemu/log.h" |
0b8fa32f | 49 | #include "qemu/module.h" |
f250015b | 50 | #include "sdmmc-internal.h" |
1b640aa9 | 51 | #include "trace.h" |
a1bb27b1 PB |
52 | |
53 | //#define DEBUG_SD 1 | |
54 | ||
6d2d4069 BM |
55 | #define SDSC_MAX_CAPACITY (2 * GiB) |
56 | ||
7dae0a1d | 57 | #define INVALID_ADDRESS UINT32_MAX |
872b8fde | 58 | |
a1bb27b1 PB |
59 | typedef enum { |
60 | sd_r0 = 0, /* no response */ | |
61 | sd_r1, /* normal response command */ | |
62 | sd_r2_i, /* CID register */ | |
63 | sd_r2_s, /* CSD register */ | |
64 | sd_r3, /* OCR register */ | |
65 | sd_r6 = 6, /* Published RCA response */ | |
1b088995 | 66 | sd_r7, /* Operating voltage */ |
a1bb27b1 | 67 | sd_r1b = -1, |
53bb8cc4 | 68 | sd_illegal = -2, |
c227f099 | 69 | } sd_rsp_type_t; |
a1bb27b1 | 70 | |
50a5be6c IM |
71 | enum SDCardModes { |
72 | sd_inactive, | |
73 | sd_card_identification_mode, | |
74 | sd_data_transfer_mode, | |
75 | }; | |
76 | ||
77 | enum SDCardStates { | |
78 | sd_inactive_state = -1, | |
79 | sd_idle_state = 0, | |
80 | sd_ready_state, | |
81 | sd_identification_state, | |
82 | sd_standby_state, | |
83 | sd_transfer_state, | |
84 | sd_sendingdata_state, | |
85 | sd_receivingdata_state, | |
86 | sd_programming_state, | |
87 | sd_disconnect_state, | |
88 | }; | |
89 | ||
46859b60 PMD |
90 | typedef sd_rsp_type_t (*sd_cmd_handler)(SDState *sd, SDRequest req); |
91 | ||
1b4a2342 PMD |
92 | typedef struct SDProto { |
93 | const char *name; | |
46859b60 PMD |
94 | sd_cmd_handler cmd[SDMMC_CMD_MAX]; |
95 | sd_cmd_handler acmd[SDMMC_CMD_MAX]; | |
1b4a2342 PMD |
96 | } SDProto; |
97 | ||
a1bb27b1 | 98 | struct SDState { |
260bc9d8 PM |
99 | DeviceState parent_obj; |
100 | ||
007d1dbf MA |
101 | /* If true, created by sd_init() for a non-qdevified caller */ |
102 | /* TODO purge them with fire */ | |
103 | bool me_no_qdev_me_kill_mammoth_with_rocks; | |
104 | ||
d49b1ce0 | 105 | /* SD Memory Card Registers */ |
a1bb27b1 PB |
106 | uint32_t ocr; |
107 | uint8_t scr[8]; | |
108 | uint8_t cid[16]; | |
109 | uint8_t csd[16]; | |
110 | uint16_t rca; | |
111 | uint32_t card_status; | |
112 | uint8_t sd_status[64]; | |
d49b1ce0 | 113 | |
9820502c PMD |
114 | /* Static properties */ |
115 | ||
2f0939c2 | 116 | uint8_t spec_version; |
d49b1ce0 | 117 | BlockBackend *blk; |
d49b1ce0 | 118 | |
9820502c PMD |
119 | /* Runtime changeables */ |
120 | ||
d49b1ce0 PMD |
121 | uint32_t mode; /* current card mode, one of SDCardModes */ |
122 | int32_t state; /* current card state, one of SDCardStates */ | |
1b088995 | 123 | uint32_t vhs; |
bebd1271 | 124 | bool wp_switch; |
6947feca PMD |
125 | unsigned long *wp_group_bmap; |
126 | int32_t wp_group_bits; | |
2d7adea4 | 127 | uint64_t size; |
50a5be6c | 128 | uint32_t blk_len; |
4481bbc7 | 129 | uint32_t multi_blk_cnt; |
a1bb27b1 PB |
130 | uint32_t erase_start; |
131 | uint32_t erase_end; | |
132 | uint8_t pwd[16]; | |
50a5be6c IM |
133 | uint32_t pwd_len; |
134 | uint8_t function_group[6]; | |
50a5be6c | 135 | uint8_t current_cmd; |
1d06cb7a PM |
136 | /* True if we will handle the next command as an ACMD. Note that this does |
137 | * *not* track the APP_CMD status bit! | |
138 | */ | |
bebd1271 | 139 | bool expecting_acmd; |
50a5be6c | 140 | uint32_t blk_written; |
2d7adea4 | 141 | uint64_t data_start; |
a1bb27b1 PB |
142 | uint32_t data_offset; |
143 | uint8_t data[512]; | |
02ce600c AZ |
144 | qemu_irq readonly_cb; |
145 | qemu_irq inserted_cb; | |
d49b1ce0 | 146 | QEMUTimer *ocr_power_timer; |
bebd1271 | 147 | bool enable; |
da346922 PMD |
148 | uint8_t dat_lines; |
149 | bool cmd_line; | |
a1bb27b1 PB |
150 | }; |
151 | ||
007d1dbf MA |
152 | static void sd_realize(DeviceState *dev, Error **errp); |
153 | ||
1b4a2342 PMD |
154 | static const struct SDProto *sd_proto(SDState *sd) |
155 | { | |
156 | SDCardClass *sc = SD_CARD_GET_CLASS(sd); | |
157 | ||
158 | return sc->proto; | |
159 | } | |
160 | ||
c3287c0f CLG |
161 | static const SDProto sd_proto_spi; |
162 | ||
163 | static bool sd_is_spi(SDState *sd) | |
164 | { | |
165 | return sd_proto(sd) == &sd_proto_spi; | |
166 | } | |
167 | ||
94ef3041 PMD |
168 | static const char *sd_version_str(enum SDPhySpecificationVersion version) |
169 | { | |
170 | static const char *sdphy_version[] = { | |
171 | [SD_PHY_SPECv1_10_VERS] = "v1.10", | |
172 | [SD_PHY_SPECv2_00_VERS] = "v2.00", | |
173 | [SD_PHY_SPECv3_01_VERS] = "v3.01", | |
174 | }; | |
175 | if (version >= ARRAY_SIZE(sdphy_version)) { | |
176 | return "unsupported version"; | |
177 | } | |
178 | return sdphy_version[version]; | |
179 | } | |
180 | ||
1b640aa9 PMD |
181 | static const char *sd_state_name(enum SDCardStates state) |
182 | { | |
183 | static const char *state_name[] = { | |
184 | [sd_idle_state] = "idle", | |
185 | [sd_ready_state] = "ready", | |
186 | [sd_identification_state] = "identification", | |
187 | [sd_standby_state] = "standby", | |
188 | [sd_transfer_state] = "transfer", | |
189 | [sd_sendingdata_state] = "sendingdata", | |
190 | [sd_receivingdata_state] = "receivingdata", | |
191 | [sd_programming_state] = "programming", | |
192 | [sd_disconnect_state] = "disconnect", | |
193 | }; | |
194 | if (state == sd_inactive_state) { | |
195 | return "inactive"; | |
196 | } | |
1c598ab2 | 197 | assert(state < ARRAY_SIZE(state_name)); |
1b640aa9 PMD |
198 | return state_name[state]; |
199 | } | |
200 | ||
55921932 PMD |
201 | static const char *sd_response_name(sd_rsp_type_t rsp) |
202 | { | |
203 | static const char *response_name[] = { | |
204 | [sd_r0] = "RESP#0 (no response)", | |
205 | [sd_r1] = "RESP#1 (normal cmd)", | |
206 | [sd_r2_i] = "RESP#2 (CID reg)", | |
207 | [sd_r2_s] = "RESP#2 (CSD reg)", | |
208 | [sd_r3] = "RESP#3 (OCR reg)", | |
209 | [sd_r6] = "RESP#6 (RCA)", | |
210 | [sd_r7] = "RESP#7 (operating voltage)", | |
211 | }; | |
212 | if (rsp == sd_illegal) { | |
213 | return "ILLEGAL RESP"; | |
214 | } | |
215 | if (rsp == sd_r1b) { | |
216 | rsp = sd_r1; | |
217 | } | |
1c598ab2 | 218 | assert(rsp < ARRAY_SIZE(response_name)); |
55921932 PMD |
219 | return response_name[rsp]; |
220 | } | |
221 | ||
da346922 PMD |
222 | static uint8_t sd_get_dat_lines(SDState *sd) |
223 | { | |
224 | return sd->enable ? sd->dat_lines : 0; | |
225 | } | |
226 | ||
227 | static bool sd_get_cmd_line(SDState *sd) | |
228 | { | |
229 | return sd->enable ? sd->cmd_line : false; | |
230 | } | |
231 | ||
0034ebe6 PMD |
232 | static void sd_set_voltage(SDState *sd, uint16_t millivolts) |
233 | { | |
814b2adc PMD |
234 | trace_sdcard_set_voltage(millivolts); |
235 | ||
0034ebe6 PMD |
236 | switch (millivolts) { |
237 | case 3001 ... 3600: /* SD_VOLTAGE_3_3V */ | |
238 | case 2001 ... 3000: /* SD_VOLTAGE_3_0V */ | |
239 | break; | |
240 | default: | |
241 | qemu_log_mask(LOG_GUEST_ERROR, "SD card voltage not supported: %.3fV", | |
242 | millivolts / 1000.f); | |
243 | } | |
244 | } | |
245 | ||
10a412da | 246 | static void sd_set_mode(SDState *sd) |
a1bb27b1 PB |
247 | { |
248 | switch (sd->state) { | |
249 | case sd_inactive_state: | |
250 | sd->mode = sd_inactive; | |
251 | break; | |
252 | ||
253 | case sd_idle_state: | |
254 | case sd_ready_state: | |
255 | case sd_identification_state: | |
256 | sd->mode = sd_card_identification_mode; | |
257 | break; | |
258 | ||
259 | case sd_standby_state: | |
260 | case sd_transfer_state: | |
261 | case sd_sendingdata_state: | |
262 | case sd_receivingdata_state: | |
263 | case sd_programming_state: | |
264 | case sd_disconnect_state: | |
265 | sd->mode = sd_data_transfer_mode; | |
266 | break; | |
267 | } | |
a1bb27b1 PB |
268 | } |
269 | ||
f250015b | 270 | static const sd_cmd_type_t sd_cmd_type[SDMMC_CMD_MAX] = { |
a1bb27b1 | 271 | sd_bc, sd_none, sd_bcr, sd_bcr, sd_none, sd_none, sd_none, sd_ac, |
1b088995 | 272 | sd_bcr, sd_ac, sd_ac, sd_adtc, sd_ac, sd_ac, sd_none, sd_ac, |
f250015b | 273 | /* 16 */ |
a1bb27b1 PB |
274 | sd_ac, sd_adtc, sd_adtc, sd_none, sd_none, sd_none, sd_none, sd_none, |
275 | sd_adtc, sd_adtc, sd_adtc, sd_adtc, sd_ac, sd_ac, sd_adtc, sd_none, | |
f250015b | 276 | /* 32 */ |
a1bb27b1 PB |
277 | sd_ac, sd_ac, sd_none, sd_none, sd_none, sd_none, sd_ac, sd_none, |
278 | sd_none, sd_none, sd_bc, sd_none, sd_none, sd_none, sd_none, sd_none, | |
f250015b | 279 | /* 48 */ |
a1bb27b1 PB |
280 | sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_ac, |
281 | sd_adtc, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, | |
282 | }; | |
283 | ||
f250015b | 284 | static const int sd_cmd_class[SDMMC_CMD_MAX] = { |
a1bb27b1 PB |
285 | 0, 0, 0, 0, 0, 9, 10, 0, 0, 0, 0, 1, 0, 0, 0, 0, |
286 | 2, 2, 2, 2, 3, 3, 3, 3, 4, 4, 4, 4, 6, 6, 6, 6, | |
287 | 5, 5, 10, 10, 10, 10, 5, 9, 9, 9, 7, 7, 7, 7, 7, 7, | |
288 | 7, 7, 10, 7, 9, 9, 9, 8, 8, 10, 8, 8, 8, 8, 8, 8, | |
289 | }; | |
290 | ||
aecaa059 | 291 | static uint8_t sd_crc7(const void *message, size_t width) |
a1bb27b1 PB |
292 | { |
293 | int i, bit; | |
294 | uint8_t shift_reg = 0x00; | |
aecaa059 | 295 | const uint8_t *msg = (const uint8_t *)message; |
a1bb27b1 PB |
296 | |
297 | for (i = 0; i < width; i ++, msg ++) | |
298 | for (bit = 7; bit >= 0; bit --) { | |
299 | shift_reg <<= 1; | |
300 | if ((shift_reg >> 7) ^ ((*msg >> bit) & 1)) | |
301 | shift_reg ^= 0x89; | |
302 | } | |
303 | ||
304 | return shift_reg; | |
305 | } | |
306 | ||
6f296421 PMD |
307 | #define OCR_POWER_DELAY_NS 500000 /* 0.5ms */ |
308 | ||
3d42fb52 PMD |
309 | FIELD(OCR, VDD_VOLTAGE_WINDOW, 0, 24) |
310 | FIELD(OCR, VDD_VOLTAGE_WIN_LO, 0, 8) | |
311 | FIELD(OCR, DUAL_VOLTAGE_CARD, 7, 1) | |
312 | FIELD(OCR, VDD_VOLTAGE_WIN_HI, 8, 16) | |
313 | FIELD(OCR, ACCEPT_SWITCH_1V8, 24, 1) /* Only UHS-I */ | |
314 | FIELD(OCR, UHS_II_CARD, 29, 1) /* Only UHS-II */ | |
6f296421 PMD |
315 | FIELD(OCR, CARD_CAPACITY, 30, 1) /* 0:SDSC, 1:SDHC/SDXC */ |
316 | FIELD(OCR, CARD_POWER_UP, 31, 1) | |
317 | ||
3d42fb52 PMD |
318 | #define ACMD41_ENQUIRY_MASK 0x00ffffff |
319 | #define ACMD41_R3_MASK (R_OCR_VDD_VOLTAGE_WIN_HI_MASK \ | |
320 | | R_OCR_ACCEPT_SWITCH_1V8_MASK \ | |
321 | | R_OCR_UHS_II_CARD_MASK \ | |
322 | | R_OCR_CARD_CAPACITY_MASK \ | |
323 | | R_OCR_CARD_POWER_UP_MASK) | |
324 | ||
dd26eb43 AB |
325 | static void sd_ocr_powerup(void *opaque) |
326 | { | |
327 | SDState *sd = opaque; | |
328 | ||
814b2adc | 329 | trace_sdcard_powerup(); |
6f296421 PMD |
330 | assert(!FIELD_EX32(sd->ocr, OCR, CARD_POWER_UP)); |
331 | ||
332 | /* card power-up OK */ | |
333 | sd->ocr = FIELD_DP32(sd->ocr, OCR, CARD_POWER_UP, 1); | |
9273ea61 | 334 | |
6d2d4069 | 335 | if (sd->size > SDSC_MAX_CAPACITY) { |
9273ea61 PMD |
336 | sd->ocr = FIELD_DP32(sd->ocr, OCR, CARD_CAPACITY, 1); |
337 | } | |
a1bb27b1 PB |
338 | } |
339 | ||
b66f73a0 FC |
340 | static void sd_set_ocr(SDState *sd) |
341 | { | |
342 | /* All voltages OK */ | |
343 | sd->ocr = R_OCR_VDD_VOLTAGE_WIN_HI_MASK; | |
344 | ||
c3287c0f | 345 | if (sd_is_spi(sd)) { |
b66f73a0 FC |
346 | /* |
347 | * We don't need to emulate power up sequence in SPI-mode. | |
348 | * Thus, the card's power up status bit should be set to 1 when reset. | |
349 | * The card's capacity status bit should also be set if SD card size | |
350 | * is larger than 2GB for SDHC support. | |
351 | */ | |
352 | sd_ocr_powerup(sd); | |
353 | } | |
354 | } | |
355 | ||
a1bb27b1 PB |
356 | static void sd_set_scr(SDState *sd) |
357 | { | |
2f0939c2 PMD |
358 | sd->scr[0] = 0 << 4; /* SCR structure version 1.0 */ |
359 | if (sd->spec_version == SD_PHY_SPECv1_10_VERS) { | |
360 | sd->scr[0] |= 1; /* Spec Version 1.10 */ | |
361 | } else { | |
2c511375 | 362 | sd->scr[0] |= 2; /* Spec Version 2.00 or Version 3.0X */ |
2f0939c2 | 363 | } |
9b7ec55c PMD |
364 | sd->scr[1] = (2 << 4) /* SDSC Card (Security Version 1.01) */ |
365 | | 0b0101; /* 1-bit or 4-bit width bus modes */ | |
366 | sd->scr[2] = 0x00; /* Extended Security is not supported. */ | |
2c511375 PMD |
367 | if (sd->spec_version >= SD_PHY_SPECv3_01_VERS) { |
368 | sd->scr[2] |= 1 << 7; /* Spec Version 3.0X */ | |
369 | } | |
a1bb27b1 | 370 | sd->scr[3] = 0x00; |
9b7ec55c | 371 | /* reserved for manufacturer usage */ |
a1bb27b1 PB |
372 | sd->scr[4] = 0x00; |
373 | sd->scr[5] = 0x00; | |
374 | sd->scr[6] = 0x00; | |
375 | sd->scr[7] = 0x00; | |
376 | } | |
377 | ||
48805df9 YF |
378 | #define MID 0xaa |
379 | #define OID "XY" | |
380 | #define PNM "QEMU!" | |
381 | #define PRV 0x01 | |
382 | #define MDT_YR 2006 | |
383 | #define MDT_MON 2 | |
a1bb27b1 PB |
384 | |
385 | static void sd_set_cid(SDState *sd) | |
386 | { | |
48805df9 YF |
387 | sd->cid[0] = MID; /* Fake card manufacturer ID (MID) */ |
388 | sd->cid[1] = OID[0]; /* OEM/Application ID (OID) */ | |
a1bb27b1 | 389 | sd->cid[2] = OID[1]; |
48805df9 | 390 | sd->cid[3] = PNM[0]; /* Fake product name (PNM) */ |
a1bb27b1 PB |
391 | sd->cid[4] = PNM[1]; |
392 | sd->cid[5] = PNM[2]; | |
393 | sd->cid[6] = PNM[3]; | |
394 | sd->cid[7] = PNM[4]; | |
48805df9 YF |
395 | sd->cid[8] = PRV; /* Fake product revision (PRV) */ |
396 | sd->cid[9] = 0xde; /* Fake serial number (PSN) */ | |
a1bb27b1 PB |
397 | sd->cid[10] = 0xad; |
398 | sd->cid[11] = 0xbe; | |
399 | sd->cid[12] = 0xef; | |
48805df9 | 400 | sd->cid[13] = 0x00 | /* Manufacture date (MDT) */ |
a1bb27b1 PB |
401 | ((MDT_YR - 2000) / 10); |
402 | sd->cid[14] = ((MDT_YR % 10) << 4) | MDT_MON; | |
403 | sd->cid[15] = (sd_crc7(sd->cid, 15) << 1) | 1; | |
404 | } | |
405 | ||
48805df9 YF |
406 | #define HWBLOCK_SHIFT 9 /* 512 bytes */ |
407 | #define SECTOR_SHIFT 5 /* 16 kilobytes */ | |
408 | #define WPGROUP_SHIFT 7 /* 2 megs */ | |
409 | #define CMULT_SHIFT 9 /* 512 times HWBLOCK_SIZE */ | |
410 | #define WPGROUP_SIZE (1 << (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT)) | |
a1bb27b1 PB |
411 | |
412 | static const uint8_t sd_csd_rw_mask[16] = { | |
413 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, | |
414 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xfc, 0xfe, | |
415 | }; | |
416 | ||
2d7adea4 | 417 | static void sd_set_csd(SDState *sd, uint64_t size) |
a1bb27b1 | 418 | { |
575094b7 BM |
419 | int hwblock_shift = HWBLOCK_SHIFT; |
420 | uint32_t csize; | |
a1bb27b1 PB |
421 | uint32_t sectsize = (1 << (SECTOR_SHIFT + 1)) - 1; |
422 | uint32_t wpsize = (1 << (WPGROUP_SHIFT + 1)) - 1; | |
423 | ||
575094b7 BM |
424 | /* To indicate 2 GiB card, BLOCK_LEN shall be 1024 bytes */ |
425 | if (size == SDSC_MAX_CAPACITY) { | |
426 | hwblock_shift += 1; | |
427 | } | |
428 | csize = (size >> (CMULT_SHIFT + hwblock_shift)) - 1; | |
429 | ||
6d2d4069 | 430 | if (size <= SDSC_MAX_CAPACITY) { /* Standard Capacity SD */ |
48805df9 YF |
431 | sd->csd[0] = 0x00; /* CSD structure */ |
432 | sd->csd[1] = 0x26; /* Data read access-time-1 */ | |
433 | sd->csd[2] = 0x00; /* Data read access-time-2 */ | |
d7ecb867 | 434 | sd->csd[3] = 0x32; /* Max. data transfer rate: 25 MHz */ |
48805df9 YF |
435 | sd->csd[4] = 0x5f; /* Card Command Classes */ |
436 | sd->csd[5] = 0x50 | /* Max. read data block length */ | |
575094b7 | 437 | hwblock_shift; |
48805df9 | 438 | sd->csd[6] = 0xe0 | /* Partial block for read allowed */ |
2d7adea4 | 439 | ((csize >> 10) & 0x03); |
48805df9 | 440 | sd->csd[7] = 0x00 | /* Device size */ |
2d7adea4 | 441 | ((csize >> 2) & 0xff); |
48805df9 | 442 | sd->csd[8] = 0x3f | /* Max. read current */ |
2d7adea4 | 443 | ((csize << 6) & 0xc0); |
48805df9 | 444 | sd->csd[9] = 0xfc | /* Max. write current */ |
2d7adea4 | 445 | ((CMULT_SHIFT - 2) >> 1); |
48805df9 | 446 | sd->csd[10] = 0x40 | /* Erase sector size */ |
2d7adea4 | 447 | (((CMULT_SHIFT - 2) << 7) & 0x80) | (sectsize >> 1); |
48805df9 | 448 | sd->csd[11] = 0x00 | /* Write protect group size */ |
2d7adea4 | 449 | ((sectsize << 7) & 0x80) | wpsize; |
48805df9 | 450 | sd->csd[12] = 0x90 | /* Write speed factor */ |
575094b7 | 451 | (hwblock_shift >> 2); |
48805df9 | 452 | sd->csd[13] = 0x20 | /* Max. write data block length */ |
575094b7 | 453 | ((hwblock_shift << 6) & 0xc0); |
48805df9 YF |
454 | sd->csd[14] = 0x00; /* File format group */ |
455 | } else { /* SDHC */ | |
4c8f9735 | 456 | size /= 512 * KiB; |
2d7adea4 AZ |
457 | size -= 1; |
458 | sd->csd[0] = 0x40; | |
459 | sd->csd[1] = 0x0e; | |
460 | sd->csd[2] = 0x00; | |
461 | sd->csd[3] = 0x32; | |
462 | sd->csd[4] = 0x5b; | |
463 | sd->csd[5] = 0x59; | |
464 | sd->csd[6] = 0x00; | |
465 | sd->csd[7] = (size >> 16) & 0xff; | |
466 | sd->csd[8] = (size >> 8) & 0xff; | |
467 | sd->csd[9] = (size & 0xff); | |
468 | sd->csd[10] = 0x7f; | |
469 | sd->csd[11] = 0x80; | |
470 | sd->csd[12] = 0x0a; | |
471 | sd->csd[13] = 0x40; | |
472 | sd->csd[14] = 0x00; | |
2d7adea4 | 473 | } |
e8feec80 | 474 | sd->csd[15] = (sd_crc7(sd->csd, 15) << 1) | 1; |
a1bb27b1 PB |
475 | } |
476 | ||
477 | static void sd_set_rca(SDState *sd) | |
478 | { | |
479 | sd->rca += 0x4567; | |
480 | } | |
481 | ||
da26e3f3 PMD |
482 | FIELD(CSR, AKE_SEQ_ERROR, 3, 1) |
483 | FIELD(CSR, APP_CMD, 5, 1) | |
484 | FIELD(CSR, FX_EVENT, 6, 1) | |
485 | FIELD(CSR, READY_FOR_DATA, 8, 1) | |
486 | FIELD(CSR, CURRENT_STATE, 9, 4) | |
487 | FIELD(CSR, ERASE_RESET, 13, 1) | |
488 | FIELD(CSR, CARD_ECC_DISABLED, 14, 1) | |
489 | FIELD(CSR, WP_ERASE_SKIP, 15, 1) | |
490 | FIELD(CSR, CSD_OVERWRITE, 16, 1) | |
491 | FIELD(CSR, DEFERRED_RESPONSE, 17, 1) | |
492 | FIELD(CSR, ERROR, 19, 1) | |
493 | FIELD(CSR, CC_ERROR, 20, 1) | |
494 | FIELD(CSR, CARD_ECC_FAILED, 21, 1) | |
495 | FIELD(CSR, ILLEGAL_COMMAND, 22, 1) | |
496 | FIELD(CSR, COM_CRC_ERROR, 23, 1) | |
497 | FIELD(CSR, LOCK_UNLOCK_FAILED, 24, 1) | |
498 | FIELD(CSR, CARD_IS_LOCKED, 25, 1) | |
499 | FIELD(CSR, WP_VIOLATION, 26, 1) | |
500 | FIELD(CSR, ERASE_PARAM, 27, 1) | |
501 | FIELD(CSR, ERASE_SEQ_ERROR, 28, 1) | |
502 | FIELD(CSR, BLOCK_LEN_ERROR, 29, 1) | |
503 | FIELD(CSR, ADDRESS_ERROR, 30, 1) | |
504 | FIELD(CSR, OUT_OF_RANGE, 31, 1) | |
505 | ||
b8d334c8 PM |
506 | /* Card status bits, split by clear condition: |
507 | * A : According to the card current state | |
508 | * B : Always related to the previous command | |
509 | * C : Cleared by read | |
510 | */ | |
da26e3f3 PMD |
511 | #define CARD_STATUS_A (R_CSR_READY_FOR_DATA_MASK \ |
512 | | R_CSR_CARD_ECC_DISABLED_MASK \ | |
513 | | R_CSR_CARD_IS_LOCKED_MASK) | |
514 | #define CARD_STATUS_B (R_CSR_CURRENT_STATE_MASK \ | |
515 | | R_CSR_ILLEGAL_COMMAND_MASK \ | |
516 | | R_CSR_COM_CRC_ERROR_MASK) | |
517 | #define CARD_STATUS_C (R_CSR_AKE_SEQ_ERROR_MASK \ | |
518 | | R_CSR_APP_CMD_MASK \ | |
519 | | R_CSR_ERASE_RESET_MASK \ | |
520 | | R_CSR_WP_ERASE_SKIP_MASK \ | |
521 | | R_CSR_CSD_OVERWRITE_MASK \ | |
522 | | R_CSR_ERROR_MASK \ | |
523 | | R_CSR_CC_ERROR_MASK \ | |
524 | | R_CSR_CARD_ECC_FAILED_MASK \ | |
525 | | R_CSR_LOCK_UNLOCK_FAILED_MASK \ | |
526 | | R_CSR_WP_VIOLATION_MASK \ | |
527 | | R_CSR_ERASE_PARAM_MASK \ | |
528 | | R_CSR_ERASE_SEQ_ERROR_MASK \ | |
529 | | R_CSR_BLOCK_LEN_ERROR_MASK \ | |
530 | | R_CSR_ADDRESS_ERROR_MASK \ | |
531 | | R_CSR_OUT_OF_RANGE_MASK) | |
a1bb27b1 PB |
532 | |
533 | static void sd_set_cardstatus(SDState *sd) | |
534 | { | |
535 | sd->card_status = 0x00000100; | |
536 | } | |
537 | ||
538 | static void sd_set_sdstatus(SDState *sd) | |
539 | { | |
540 | memset(sd->sd_status, 0, 64); | |
541 | } | |
542 | ||
bc24a225 | 543 | static int sd_req_crc_validate(SDRequest *req) |
a1bb27b1 PB |
544 | { |
545 | uint8_t buffer[5]; | |
546 | buffer[0] = 0x40 | req->cmd; | |
67bfddd6 | 547 | stl_be_p(&buffer[1], req->arg); |
a1bb27b1 | 548 | return 0; |
48805df9 | 549 | return sd_crc7(buffer, 5) != req->crc; /* TODO */ |
a1bb27b1 PB |
550 | } |
551 | ||
10a412da | 552 | static void sd_response_r1_make(SDState *sd, uint8_t *response) |
a1bb27b1 | 553 | { |
67bfddd6 PMD |
554 | stl_be_p(response, sd->card_status); |
555 | ||
1d06cb7a PM |
556 | /* Clear the "clear on read" status bits */ |
557 | sd->card_status &= ~CARD_STATUS_C; | |
a1bb27b1 PB |
558 | } |
559 | ||
9596ebb7 | 560 | static void sd_response_r3_make(SDState *sd, uint8_t *response) |
a1bb27b1 | 561 | { |
3d42fb52 | 562 | stl_be_p(response, sd->ocr & ACMD41_R3_MASK); |
a1bb27b1 PB |
563 | } |
564 | ||
9596ebb7 | 565 | static void sd_response_r6_make(SDState *sd, uint8_t *response) |
a1bb27b1 | 566 | { |
a1bb27b1 PB |
567 | uint16_t status; |
568 | ||
a1bb27b1 PB |
569 | status = ((sd->card_status >> 8) & 0xc000) | |
570 | ((sd->card_status >> 6) & 0x2000) | | |
571 | (sd->card_status & 0x1fff); | |
fcfa9351 | 572 | sd->card_status &= ~(CARD_STATUS_C & 0xc81fff); |
67bfddd6 PMD |
573 | stw_be_p(response + 0, sd->rca); |
574 | stw_be_p(response + 2, status); | |
a1bb27b1 PB |
575 | } |
576 | ||
1b088995 AZ |
577 | static void sd_response_r7_make(SDState *sd, uint8_t *response) |
578 | { | |
67bfddd6 | 579 | stl_be_p(response, sd->vhs); |
1b088995 AZ |
580 | } |
581 | ||
b7202b88 MI |
582 | static inline uint64_t sd_addr_to_wpnum(uint64_t addr) |
583 | { | |
584 | return addr >> (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT); | |
585 | } | |
586 | ||
ba3ed0fa | 587 | static void sd_reset(DeviceState *dev) |
a1bb27b1 | 588 | { |
ba3ed0fa | 589 | SDState *sd = SD_CARD(dev); |
2d7adea4 | 590 | uint64_t size; |
a1bb27b1 PB |
591 | uint64_t sect; |
592 | ||
814b2adc | 593 | trace_sdcard_reset(); |
16b781aa PM |
594 | if (sd->blk) { |
595 | blk_get_geometry(sd->blk, §); | |
03f311ed PB |
596 | } else { |
597 | sect = 0; | |
598 | } | |
5e37141b | 599 | size = sect << 9; |
a1bb27b1 | 600 | |
b7202b88 | 601 | sect = sd_addr_to_wpnum(size) + 1; |
a1bb27b1 PB |
602 | |
603 | sd->state = sd_idle_state; | |
604 | sd->rca = 0x0000; | |
b66f73a0 | 605 | sd->size = size; |
a1bb27b1 PB |
606 | sd_set_ocr(sd); |
607 | sd_set_scr(sd); | |
608 | sd_set_cid(sd); | |
609 | sd_set_csd(sd, size); | |
610 | sd_set_cardstatus(sd); | |
611 | sd_set_sdstatus(sd); | |
612 | ||
6947feca | 613 | g_free(sd->wp_group_bmap); |
86b1cf32 | 614 | sd->wp_switch = sd->blk ? !blk_is_writable(sd->blk) : false; |
6947feca PMD |
615 | sd->wp_group_bits = sect; |
616 | sd->wp_group_bmap = bitmap_new(sd->wp_group_bits); | |
50a5be6c | 617 | memset(sd->function_group, 0, sizeof(sd->function_group)); |
872b8fde PMD |
618 | sd->erase_start = INVALID_ADDRESS; |
619 | sd->erase_end = INVALID_ADDRESS; | |
a1bb27b1 PB |
620 | sd->blk_len = 0x200; |
621 | sd->pwd_len = 0; | |
bebd1271 | 622 | sd->expecting_acmd = false; |
da346922 PMD |
623 | sd->dat_lines = 0xf; |
624 | sd->cmd_line = true; | |
4481bbc7 | 625 | sd->multi_blk_cnt = 0; |
a1bb27b1 PB |
626 | } |
627 | ||
c759a790 PM |
628 | static bool sd_get_inserted(SDState *sd) |
629 | { | |
0719e71e | 630 | return sd->blk && blk_is_inserted(sd->blk); |
c759a790 PM |
631 | } |
632 | ||
633 | static bool sd_get_readonly(SDState *sd) | |
634 | { | |
635 | return sd->wp_switch; | |
636 | } | |
637 | ||
39829a01 | 638 | static void sd_cardchange(void *opaque, bool load, Error **errp) |
a1bb27b1 PB |
639 | { |
640 | SDState *sd = opaque; | |
c759a790 | 641 | DeviceState *dev = DEVICE(sd); |
007d1dbf | 642 | SDBus *sdbus; |
c759a790 PM |
643 | bool inserted = sd_get_inserted(sd); |
644 | bool readonly = sd_get_readonly(sd); | |
db97ee6a | 645 | |
c759a790 | 646 | if (inserted) { |
814b2adc | 647 | trace_sdcard_inserted(readonly); |
c759a790 | 648 | sd_reset(dev); |
814b2adc PMD |
649 | } else { |
650 | trace_sdcard_ejected(); | |
c759a790 PM |
651 | } |
652 | ||
007d1dbf MA |
653 | if (sd->me_no_qdev_me_kill_mammoth_with_rocks) { |
654 | qemu_set_irq(sd->inserted_cb, inserted); | |
c759a790 | 655 | if (inserted) { |
007d1dbf | 656 | qemu_set_irq(sd->readonly_cb, readonly); |
c759a790 PM |
657 | } |
658 | } else { | |
007d1dbf MA |
659 | sdbus = SD_BUS(qdev_get_parent_bus(dev)); |
660 | sdbus_set_inserted(sdbus, inserted); | |
c759a790 | 661 | if (inserted) { |
007d1dbf | 662 | sdbus_set_readonly(sdbus, readonly); |
c759a790 | 663 | } |
a1bb27b1 PB |
664 | } |
665 | } | |
666 | ||
0e49de52 | 667 | static const BlockDevOps sd_block_ops = { |
145feb17 | 668 | .change_media_cb = sd_cardchange, |
0e49de52 MA |
669 | }; |
670 | ||
dd26eb43 AB |
671 | static bool sd_ocr_vmstate_needed(void *opaque) |
672 | { | |
673 | SDState *sd = opaque; | |
674 | ||
675 | /* Include the OCR state (and timer) if it is not yet powered up */ | |
6f296421 | 676 | return !FIELD_EX32(sd->ocr, OCR, CARD_POWER_UP); |
dd26eb43 AB |
677 | } |
678 | ||
679 | static const VMStateDescription sd_ocr_vmstate = { | |
680 | .name = "sd-card/ocr-state", | |
681 | .version_id = 1, | |
682 | .minimum_version_id = 1, | |
683 | .needed = sd_ocr_vmstate_needed, | |
307119ba | 684 | .fields = (const VMStateField[]) { |
dd26eb43 AB |
685 | VMSTATE_UINT32(ocr, SDState), |
686 | VMSTATE_TIMER_PTR(ocr_power_timer, SDState), | |
687 | VMSTATE_END_OF_LIST() | |
688 | }, | |
689 | }; | |
690 | ||
691 | static int sd_vmstate_pre_load(void *opaque) | |
692 | { | |
693 | SDState *sd = opaque; | |
694 | ||
695 | /* If the OCR state is not included (prior versions, or not | |
696 | * needed), then the OCR must be set as powered up. If the OCR state | |
697 | * is included, this will be replaced by the state restore. | |
698 | */ | |
699 | sd_ocr_powerup(sd); | |
700 | ||
701 | return 0; | |
702 | } | |
703 | ||
50a5be6c IM |
704 | static const VMStateDescription sd_vmstate = { |
705 | .name = "sd-card", | |
7dae0a1d PMD |
706 | .version_id = 2, |
707 | .minimum_version_id = 2, | |
dd26eb43 | 708 | .pre_load = sd_vmstate_pre_load, |
307119ba | 709 | .fields = (const VMStateField[]) { |
50a5be6c IM |
710 | VMSTATE_UINT32(mode, SDState), |
711 | VMSTATE_INT32(state, SDState), | |
712 | VMSTATE_UINT8_ARRAY(cid, SDState, 16), | |
713 | VMSTATE_UINT8_ARRAY(csd, SDState, 16), | |
714 | VMSTATE_UINT16(rca, SDState), | |
715 | VMSTATE_UINT32(card_status, SDState), | |
716 | VMSTATE_PARTIAL_BUFFER(sd_status, SDState, 1), | |
717 | VMSTATE_UINT32(vhs, SDState), | |
6947feca | 718 | VMSTATE_BITMAP(wp_group_bmap, SDState, 0, wp_group_bits), |
50a5be6c | 719 | VMSTATE_UINT32(blk_len, SDState), |
4481bbc7 | 720 | VMSTATE_UINT32(multi_blk_cnt, SDState), |
50a5be6c IM |
721 | VMSTATE_UINT32(erase_start, SDState), |
722 | VMSTATE_UINT32(erase_end, SDState), | |
723 | VMSTATE_UINT8_ARRAY(pwd, SDState, 16), | |
724 | VMSTATE_UINT32(pwd_len, SDState), | |
725 | VMSTATE_UINT8_ARRAY(function_group, SDState, 6), | |
726 | VMSTATE_UINT8(current_cmd, SDState), | |
727 | VMSTATE_BOOL(expecting_acmd, SDState), | |
728 | VMSTATE_UINT32(blk_written, SDState), | |
729 | VMSTATE_UINT64(data_start, SDState), | |
730 | VMSTATE_UINT32(data_offset, SDState), | |
731 | VMSTATE_UINT8_ARRAY(data, SDState, 512), | |
12c125cb | 732 | VMSTATE_UNUSED_V(1, 512), |
50a5be6c IM |
733 | VMSTATE_BOOL(enable, SDState), |
734 | VMSTATE_END_OF_LIST() | |
dd26eb43 | 735 | }, |
307119ba | 736 | .subsections = (const VMStateDescription * const []) { |
dd26eb43 AB |
737 | &sd_ocr_vmstate, |
738 | NULL | |
739 | }, | |
50a5be6c IM |
740 | }; |
741 | ||
260bc9d8 | 742 | /* Legacy initialization function for use by non-qdevified callers */ |
4be74634 | 743 | SDState *sd_init(BlockBackend *blk, bool is_spi) |
a1bb27b1 | 744 | { |
fec44a8c | 745 | Object *obj; |
260bc9d8 | 746 | DeviceState *dev; |
007d1dbf | 747 | SDState *sd; |
260bc9d8 | 748 | Error *err = NULL; |
a1bb27b1 | 749 | |
c3287c0f | 750 | obj = object_new(is_spi ? TYPE_SD_CARD_SPI : TYPE_SD_CARD); |
fec44a8c | 751 | dev = DEVICE(obj); |
0c0e618d | 752 | if (!qdev_prop_set_drive_err(dev, "drive", blk, &err)) { |
5217f188 | 753 | error_reportf_err(err, "sd_init failed: "); |
4f8a066b KW |
754 | return NULL; |
755 | } | |
007d1dbf MA |
756 | |
757 | /* | |
758 | * Realizing the device properly would put it into the QOM | |
759 | * composition tree even though it is not plugged into an | |
760 | * appropriate bus. That's a no-no. Hide the device from | |
761 | * QOM/qdev, and call its qdev realize callback directly. | |
762 | */ | |
763 | object_ref(obj); | |
764 | object_unparent(obj); | |
765 | sd_realize(dev, &err); | |
260bc9d8 | 766 | if (err) { |
5217f188 | 767 | error_reportf_err(err, "sd_init failed: "); |
260bc9d8 | 768 | return NULL; |
03f311ed | 769 | } |
260bc9d8 | 770 | |
007d1dbf MA |
771 | sd = SD_CARD(dev); |
772 | sd->me_no_qdev_me_kill_mammoth_with_rocks = true; | |
773 | return sd; | |
a1bb27b1 PB |
774 | } |
775 | ||
02ce600c | 776 | void sd_set_cb(SDState *sd, qemu_irq readonly, qemu_irq insert) |
a1bb27b1 | 777 | { |
02ce600c AZ |
778 | sd->readonly_cb = readonly; |
779 | sd->inserted_cb = insert; | |
86b1cf32 | 780 | qemu_set_irq(readonly, sd->blk ? !blk_is_writable(sd->blk) : 0); |
4be74634 | 781 | qemu_set_irq(insert, sd->blk ? blk_is_inserted(sd->blk) : 0); |
a1bb27b1 PB |
782 | } |
783 | ||
ce6ea2ef BM |
784 | static void sd_blk_read(SDState *sd, uint64_t addr, uint32_t len) |
785 | { | |
786 | trace_sdcard_read_block(addr, len); | |
a9262f55 | 787 | if (!sd->blk || blk_pread(sd->blk, addr, len, sd->data, 0) < 0) { |
ce6ea2ef BM |
788 | fprintf(stderr, "sd_blk_read: read error on host side\n"); |
789 | } | |
790 | } | |
791 | ||
792 | static void sd_blk_write(SDState *sd, uint64_t addr, uint32_t len) | |
793 | { | |
794 | trace_sdcard_write_block(addr, len); | |
a9262f55 | 795 | if (!sd->blk || blk_pwrite(sd->blk, addr, len, sd->data, 0) < 0) { |
ce6ea2ef BM |
796 | fprintf(stderr, "sd_blk_write: write error on host side\n"); |
797 | } | |
798 | } | |
799 | ||
800 | #define BLK_READ_BLOCK(a, len) sd_blk_read(sd, a, len) | |
801 | #define BLK_WRITE_BLOCK(a, len) sd_blk_write(sd, a, len) | |
802 | #define APP_READ_BLOCK(a, len) memset(sd->data, 0xec, len) | |
803 | #define APP_WRITE_BLOCK(a, len) | |
804 | ||
a1bb27b1 PB |
805 | static void sd_erase(SDState *sd) |
806 | { | |
f2d189d3 IM |
807 | uint64_t erase_start = sd->erase_start; |
808 | uint64_t erase_end = sd->erase_end; | |
2473dc40 | 809 | bool sdsc = true; |
818a5cdc BM |
810 | uint64_t wpnum; |
811 | uint64_t erase_addr; | |
812 | int erase_len = 1 << HWBLOCK_SHIFT; | |
f2d189d3 | 813 | |
aafe6c58 | 814 | trace_sdcard_erase(sd->erase_start, sd->erase_end); |
872b8fde PMD |
815 | if (sd->erase_start == INVALID_ADDRESS |
816 | || sd->erase_end == INVALID_ADDRESS) { | |
a1bb27b1 | 817 | sd->card_status |= ERASE_SEQ_ERROR; |
c8c8b3f1 PMD |
818 | sd->erase_start = INVALID_ADDRESS; |
819 | sd->erase_end = INVALID_ADDRESS; | |
a1bb27b1 PB |
820 | return; |
821 | } | |
822 | ||
6f296421 | 823 | if (FIELD_EX32(sd->ocr, OCR, CARD_CAPACITY)) { |
f2d189d3 IM |
824 | /* High capacity memory card: erase units are 512 byte blocks */ |
825 | erase_start *= 512; | |
826 | erase_end *= 512; | |
2473dc40 | 827 | sdsc = false; |
f2d189d3 IM |
828 | } |
829 | ||
64ea2d9f | 830 | if (erase_start > sd->size || erase_end > sd->size) { |
1bd6fd8e PMD |
831 | sd->card_status |= OUT_OF_RANGE; |
832 | sd->erase_start = INVALID_ADDRESS; | |
833 | sd->erase_end = INVALID_ADDRESS; | |
834 | return; | |
835 | } | |
836 | ||
872b8fde PMD |
837 | sd->erase_start = INVALID_ADDRESS; |
838 | sd->erase_end = INVALID_ADDRESS; | |
a1bb27b1 PB |
839 | sd->csd[14] |= 0x40; |
840 | ||
818a5cdc BM |
841 | memset(sd->data, 0xff, erase_len); |
842 | for (erase_addr = erase_start; erase_addr <= erase_end; | |
843 | erase_addr += erase_len) { | |
844 | if (sdsc) { | |
845 | /* Only SDSC cards support write protect groups */ | |
846 | wpnum = sd_addr_to_wpnum(erase_addr); | |
6947feca PMD |
847 | assert(wpnum < sd->wp_group_bits); |
848 | if (test_bit(wpnum, sd->wp_group_bmap)) { | |
2473dc40 | 849 | sd->card_status |= WP_ERASE_SKIP; |
818a5cdc | 850 | continue; |
2473dc40 | 851 | } |
a9c01830 | 852 | } |
818a5cdc | 853 | BLK_WRITE_BLOCK(erase_addr, erase_len); |
a9c01830 | 854 | } |
a1bb27b1 PB |
855 | } |
856 | ||
2d7adea4 | 857 | static uint32_t sd_wpbits(SDState *sd, uint64_t addr) |
a1bb27b1 PB |
858 | { |
859 | uint32_t i, wpnum; | |
860 | uint32_t ret = 0; | |
861 | ||
b7202b88 | 862 | wpnum = sd_addr_to_wpnum(addr); |
a1bb27b1 | 863 | |
a9c01830 | 864 | for (i = 0; i < 32; i++, wpnum++, addr += WPGROUP_SIZE) { |
2a039628 PMD |
865 | if (addr >= sd->size) { |
866 | /* | |
867 | * If the addresses of the last groups are outside the valid range, | |
868 | * then the corresponding write protection bits shall be set to 0. | |
869 | */ | |
870 | continue; | |
871 | } | |
6947feca PMD |
872 | assert(wpnum < sd->wp_group_bits); |
873 | if (test_bit(wpnum, sd->wp_group_bmap)) { | |
a1bb27b1 | 874 | ret |= (1 << i); |
a9c01830 MI |
875 | } |
876 | } | |
a1bb27b1 PB |
877 | |
878 | return ret; | |
879 | } | |
880 | ||
881 | static void sd_function_switch(SDState *sd, uint32_t arg) | |
882 | { | |
67bfddd6 | 883 | int i, mode, new_func; |
a1bb27b1 PB |
884 | mode = !!(arg & 0x80000000); |
885 | ||
48805df9 | 886 | sd->data[0] = 0x00; /* Maximum current consumption */ |
a1bb27b1 | 887 | sd->data[1] = 0x01; |
48805df9 | 888 | sd->data[2] = 0x80; /* Supported group 6 functions */ |
a1bb27b1 | 889 | sd->data[3] = 0x01; |
48805df9 | 890 | sd->data[4] = 0x80; /* Supported group 5 functions */ |
a1bb27b1 | 891 | sd->data[5] = 0x01; |
48805df9 | 892 | sd->data[6] = 0x80; /* Supported group 4 functions */ |
a1bb27b1 | 893 | sd->data[7] = 0x01; |
48805df9 | 894 | sd->data[8] = 0x80; /* Supported group 3 functions */ |
a1bb27b1 | 895 | sd->data[9] = 0x01; |
48805df9 | 896 | sd->data[10] = 0x80; /* Supported group 2 functions */ |
a1bb27b1 | 897 | sd->data[11] = 0x43; |
48805df9 | 898 | sd->data[12] = 0x80; /* Supported group 1 functions */ |
a1bb27b1 | 899 | sd->data[13] = 0x03; |
b638627c | 900 | |
89c6700f | 901 | memset(&sd->data[14], 0, 3); |
a1bb27b1 PB |
902 | for (i = 0; i < 6; i ++) { |
903 | new_func = (arg >> (i * 4)) & 0x0f; | |
904 | if (mode && new_func != 0x0f) | |
905 | sd->function_group[i] = new_func; | |
b638627c | 906 | sd->data[16 - (i >> 1)] |= new_func << ((i % 2) * 4); |
a1bb27b1 PB |
907 | } |
908 | memset(&sd->data[17], 0, 47); | |
a1bb27b1 PB |
909 | } |
910 | ||
4e8f1be2 | 911 | static inline bool sd_wp_addr(SDState *sd, uint64_t addr) |
a1bb27b1 | 912 | { |
6947feca | 913 | return test_bit(sd_addr_to_wpnum(addr), sd->wp_group_bmap); |
a1bb27b1 PB |
914 | } |
915 | ||
916 | static void sd_lock_command(SDState *sd) | |
917 | { | |
918 | int erase, lock, clr_pwd, set_pwd, pwd_len; | |
919 | erase = !!(sd->data[0] & 0x08); | |
920 | lock = sd->data[0] & 0x04; | |
921 | clr_pwd = sd->data[0] & 0x02; | |
922 | set_pwd = sd->data[0] & 0x01; | |
923 | ||
924 | if (sd->blk_len > 1) | |
925 | pwd_len = sd->data[1]; | |
926 | else | |
927 | pwd_len = 0; | |
928 | ||
814b2adc PMD |
929 | if (lock) { |
930 | trace_sdcard_lock(); | |
931 | } else { | |
932 | trace_sdcard_unlock(); | |
933 | } | |
a1bb27b1 PB |
934 | if (erase) { |
935 | if (!(sd->card_status & CARD_IS_LOCKED) || sd->blk_len > 1 || | |
936 | set_pwd || clr_pwd || lock || sd->wp_switch || | |
937 | (sd->csd[14] & 0x20)) { | |
938 | sd->card_status |= LOCK_UNLOCK_FAILED; | |
939 | return; | |
940 | } | |
6947feca | 941 | bitmap_zero(sd->wp_group_bmap, sd->wp_group_bits); |
a1bb27b1 PB |
942 | sd->csd[14] &= ~0x10; |
943 | sd->card_status &= ~CARD_IS_LOCKED; | |
944 | sd->pwd_len = 0; | |
945 | /* Erasing the entire card here! */ | |
827df9f3 | 946 | fprintf(stderr, "SD: Card force-erased by CMD42\n"); |
a1bb27b1 PB |
947 | return; |
948 | } | |
949 | ||
950 | if (sd->blk_len < 2 + pwd_len || | |
951 | pwd_len <= sd->pwd_len || | |
952 | pwd_len > sd->pwd_len + 16) { | |
953 | sd->card_status |= LOCK_UNLOCK_FAILED; | |
954 | return; | |
955 | } | |
956 | ||
957 | if (sd->pwd_len && memcmp(sd->pwd, sd->data + 2, sd->pwd_len)) { | |
958 | sd->card_status |= LOCK_UNLOCK_FAILED; | |
959 | return; | |
960 | } | |
961 | ||
962 | pwd_len -= sd->pwd_len; | |
963 | if ((pwd_len && !set_pwd) || | |
964 | (clr_pwd && (set_pwd || lock)) || | |
965 | (lock && !sd->pwd_len && !set_pwd) || | |
966 | (!set_pwd && !clr_pwd && | |
967 | (((sd->card_status & CARD_IS_LOCKED) && lock) || | |
968 | (!(sd->card_status & CARD_IS_LOCKED) && !lock)))) { | |
969 | sd->card_status |= LOCK_UNLOCK_FAILED; | |
970 | return; | |
971 | } | |
972 | ||
973 | if (set_pwd) { | |
974 | memcpy(sd->pwd, sd->data + 2 + sd->pwd_len, pwd_len); | |
975 | sd->pwd_len = pwd_len; | |
976 | } | |
977 | ||
978 | if (clr_pwd) { | |
979 | sd->pwd_len = 0; | |
980 | } | |
981 | ||
982 | if (lock) | |
983 | sd->card_status |= CARD_IS_LOCKED; | |
984 | else | |
985 | sd->card_status &= ~CARD_IS_LOCKED; | |
986 | } | |
987 | ||
66c152d7 PMD |
988 | static bool address_in_range(SDState *sd, const char *desc, |
989 | uint64_t addr, uint32_t length) | |
990 | { | |
991 | if (addr + length > sd->size) { | |
992 | qemu_log_mask(LOG_GUEST_ERROR, | |
993 | "%s offset %"PRIu64" > card %"PRIu64" [%%%u]\n", | |
994 | desc, addr, sd->size, length); | |
995 | sd->card_status |= ADDRESS_ERROR; | |
996 | return false; | |
997 | } | |
998 | return true; | |
999 | } | |
1000 | ||
13201139 PMD |
1001 | static sd_rsp_type_t sd_invalid_state_for_cmd(SDState *sd, SDRequest req) |
1002 | { | |
1b4a2342 PMD |
1003 | qemu_log_mask(LOG_GUEST_ERROR, "%s: CMD%i in a wrong state: %s (spec %s)\n", |
1004 | sd_proto(sd)->name, req.cmd, sd_state_name(sd->state), | |
94ef3041 | 1005 | sd_version_str(sd->spec_version)); |
13201139 PMD |
1006 | |
1007 | return sd_illegal; | |
1008 | } | |
1009 | ||
583204d8 PMD |
1010 | static sd_rsp_type_t sd_cmd_illegal(SDState *sd, SDRequest req) |
1011 | { | |
1012 | qemu_log_mask(LOG_GUEST_ERROR, "%s: Unknown CMD%i for spec %s\n", | |
1013 | sd_proto(sd)->name, req.cmd, | |
1014 | sd_version_str(sd->spec_version)); | |
1015 | ||
1016 | return sd_illegal; | |
1017 | } | |
1018 | ||
7ffcbf3e PMD |
1019 | /* Commands that are recognised but not yet implemented. */ |
1020 | static sd_rsp_type_t sd_cmd_unimplemented(SDState *sd, SDRequest req) | |
1021 | { | |
1022 | qemu_log_mask(LOG_UNIMP, "%s: CMD%i not implemented\n", | |
1023 | sd_proto(sd)->name, req.cmd); | |
1024 | ||
1025 | return sd_illegal; | |
1026 | } | |
1027 | ||
a6e0f67e PMD |
1028 | static sd_rsp_type_t sd_cmd_GO_IDLE_STATE(SDState *sd, SDRequest req) |
1029 | { | |
1030 | if (sd->state != sd_inactive_state) { | |
1031 | sd->state = sd_idle_state; | |
1032 | sd_reset(DEVICE(sd)); | |
1033 | } | |
1034 | ||
c3287c0f | 1035 | return sd_is_spi(sd) ? sd_r1 : sd_r0; |
a6e0f67e PMD |
1036 | } |
1037 | ||
5c44e820 PMD |
1038 | static sd_rsp_type_t sd_cmd_SEND_OP_CMD(SDState *sd, SDRequest req) |
1039 | { | |
1040 | sd->state = sd_transfer_state; | |
1041 | ||
1042 | return sd_r1; | |
1043 | } | |
1044 | ||
c4f2d9e1 PMD |
1045 | static sd_rsp_type_t sd_cmd_ALL_SEND_CID(SDState *sd, SDRequest req) |
1046 | { | |
1047 | if (sd->state != sd_ready_state) { | |
1048 | return sd_invalid_state_for_cmd(sd, req); | |
1049 | } | |
1050 | ||
1051 | sd->state = sd_identification_state; | |
1052 | ||
1053 | return sd_r2_i; | |
1054 | } | |
1055 | ||
41a0349d PMD |
1056 | static sd_rsp_type_t sd_cmd_SEND_RELATIVE_ADDR(SDState *sd, SDRequest req) |
1057 | { | |
1058 | switch (sd->state) { | |
1059 | case sd_identification_state: | |
1060 | case sd_standby_state: | |
1061 | sd->state = sd_standby_state; | |
1062 | sd_set_rca(sd); | |
1063 | return sd_r6; | |
1064 | ||
1065 | default: | |
1066 | return sd_invalid_state_for_cmd(sd, req); | |
1067 | } | |
1068 | } | |
1069 | ||
793d04f4 JS |
1070 | static sd_rsp_type_t sd_cmd_SEND_TUNING_BLOCK(SDState *sd, SDRequest req) |
1071 | { | |
1072 | if (sd->spec_version < SD_PHY_SPECv3_01_VERS) { | |
1073 | return sd_cmd_illegal(sd, req); | |
1074 | } | |
1075 | ||
1076 | if (sd->state != sd_transfer_state) { | |
1077 | return sd_invalid_state_for_cmd(sd, req); | |
1078 | } | |
1079 | ||
1080 | sd->state = sd_sendingdata_state; | |
1081 | sd->data_offset = 0; | |
1082 | ||
1083 | return sd_r1; | |
1084 | } | |
1085 | ||
6380cd20 PMD |
1086 | static sd_rsp_type_t sd_cmd_SET_BLOCK_COUNT(SDState *sd, SDRequest req) |
1087 | { | |
1088 | if (sd->spec_version < SD_PHY_SPECv3_01_VERS) { | |
1089 | return sd_cmd_illegal(sd, req); | |
1090 | } | |
1091 | ||
1092 | if (sd->state != sd_transfer_state) { | |
1093 | return sd_invalid_state_for_cmd(sd, req); | |
1094 | } | |
1095 | ||
1096 | sd->multi_blk_cnt = req.arg; | |
1097 | ||
1098 | return sd_r1; | |
1099 | } | |
1100 | ||
586634b9 | 1101 | static sd_rsp_type_t sd_normal_command(SDState *sd, SDRequest req) |
a1bb27b1 PB |
1102 | { |
1103 | uint32_t rca = 0x0000; | |
2d7adea4 | 1104 | uint64_t addr = (sd->ocr & (1 << 30)) ? (uint64_t) req.arg << 9 : req.arg; |
a1bb27b1 | 1105 | |
586634b9 PMD |
1106 | /* CMD55 precedes an ACMD, so we are not interested in tracing it. |
1107 | * However there is no ACMD55, so we want to trace this particular case. | |
1108 | */ | |
1109 | if (req.cmd != 55 || sd->expecting_acmd) { | |
1b4a2342 | 1110 | trace_sdcard_normal_command(sd_proto(sd)->name, |
75a96f5e | 1111 | sd_cmd_name(req.cmd), req.cmd, |
2ed61fb5 | 1112 | req.arg, sd_state_name(sd->state)); |
586634b9 | 1113 | } |
1b640aa9 | 1114 | |
1d06cb7a PM |
1115 | /* Not interpreting this as an app command */ |
1116 | sd->card_status &= ~APP_CMD; | |
1117 | ||
f250015b PMD |
1118 | if (sd_cmd_type[req.cmd] == sd_ac |
1119 | || sd_cmd_type[req.cmd] == sd_adtc) { | |
a1bb27b1 | 1120 | rca = req.arg >> 16; |
97f4ed3b | 1121 | } |
a1bb27b1 | 1122 | |
4481bbc7 AB |
1123 | /* CMD23 (set block count) must be immediately followed by CMD18 or CMD25 |
1124 | * if not, its effects are cancelled */ | |
1125 | if (sd->multi_blk_cnt != 0 && !(req.cmd == 18 || req.cmd == 25)) { | |
1126 | sd->multi_blk_cnt = 0; | |
1127 | } | |
1128 | ||
9157dd59 PMD |
1129 | if (sd_cmd_class[req.cmd] == 6 && FIELD_EX32(sd->ocr, OCR, CARD_CAPACITY)) { |
1130 | /* Only Standard Capacity cards support class 6 commands */ | |
1131 | return sd_illegal; | |
1132 | } | |
1133 | ||
46859b60 PMD |
1134 | if (sd_proto(sd)->cmd[req.cmd]) { |
1135 | return sd_proto(sd)->cmd[req.cmd](sd, req); | |
1136 | } | |
1137 | ||
a1bb27b1 PB |
1138 | switch (req.cmd) { |
1139 | /* Basic commands (Class 0 and Class 1) */ | |
48805df9 | 1140 | case 4: /* CMD4: SEND_DSR */ |
a1bb27b1 PB |
1141 | switch (sd->state) { |
1142 | case sd_standby_state: | |
1143 | break; | |
1144 | ||
1145 | default: | |
1146 | break; | |
1147 | } | |
1148 | break; | |
1149 | ||
48805df9 | 1150 | case 6: /* CMD6: SWITCH_FUNCTION */ |
a1bb27b1 PB |
1151 | switch (sd->mode) { |
1152 | case sd_data_transfer_mode: | |
1153 | sd_function_switch(sd, req.arg); | |
1154 | sd->state = sd_sendingdata_state; | |
1155 | sd->data_start = 0; | |
1156 | sd->data_offset = 0; | |
1157 | return sd_r1; | |
1158 | ||
1159 | default: | |
1160 | break; | |
1161 | } | |
1162 | break; | |
1163 | ||
48805df9 | 1164 | case 7: /* CMD7: SELECT/DESELECT_CARD */ |
a1bb27b1 PB |
1165 | switch (sd->state) { |
1166 | case sd_standby_state: | |
1167 | if (sd->rca != rca) | |
1168 | return sd_r0; | |
1169 | ||
1170 | sd->state = sd_transfer_state; | |
1171 | return sd_r1b; | |
1172 | ||
1173 | case sd_transfer_state: | |
1174 | case sd_sendingdata_state: | |
1175 | if (sd->rca == rca) | |
1176 | break; | |
1177 | ||
1178 | sd->state = sd_standby_state; | |
1179 | return sd_r1b; | |
1180 | ||
1181 | case sd_disconnect_state: | |
1182 | if (sd->rca != rca) | |
1183 | return sd_r0; | |
1184 | ||
1185 | sd->state = sd_programming_state; | |
1186 | return sd_r1b; | |
1187 | ||
1188 | case sd_programming_state: | |
1189 | if (sd->rca == rca) | |
1190 | break; | |
1191 | ||
1192 | sd->state = sd_disconnect_state; | |
1193 | return sd_r1b; | |
1194 | ||
1195 | default: | |
1196 | break; | |
1197 | } | |
1198 | break; | |
1199 | ||
48805df9 | 1200 | case 8: /* CMD8: SEND_IF_COND */ |
d1b32218 PMD |
1201 | if (sd->spec_version < SD_PHY_SPECv2_00_VERS) { |
1202 | break; | |
1203 | } | |
ad0ade55 | 1204 | if (sd->state != sd_idle_state) { |
1b088995 AZ |
1205 | break; |
1206 | } | |
ad0ade55 PMD |
1207 | sd->vhs = 0; |
1208 | ||
1209 | /* No response if not exactly one VHS bit is set. */ | |
1210 | if (!(req.arg >> 8) || (req.arg >> (ctz32(req.arg & ~0xff) + 1))) { | |
c3287c0f | 1211 | return sd_is_spi(sd) ? sd_r7 : sd_r0; |
ad0ade55 PMD |
1212 | } |
1213 | ||
1214 | /* Accept. */ | |
1215 | sd->vhs = req.arg; | |
1216 | return sd_r7; | |
1b088995 | 1217 | |
48805df9 | 1218 | case 9: /* CMD9: SEND_CSD */ |
a1bb27b1 PB |
1219 | switch (sd->state) { |
1220 | case sd_standby_state: | |
1221 | if (sd->rca != rca) | |
1222 | return sd_r0; | |
1223 | ||
1224 | return sd_r2_s; | |
1225 | ||
775616c3 | 1226 | case sd_transfer_state: |
c3287c0f | 1227 | if (!sd_is_spi(sd)) { |
775616c3 | 1228 | break; |
c3287c0f | 1229 | } |
775616c3 PB |
1230 | sd->state = sd_sendingdata_state; |
1231 | memcpy(sd->data, sd->csd, 16); | |
2d7adea4 | 1232 | sd->data_start = addr; |
775616c3 PB |
1233 | sd->data_offset = 0; |
1234 | return sd_r1; | |
1235 | ||
a1bb27b1 PB |
1236 | default: |
1237 | break; | |
1238 | } | |
1239 | break; | |
1240 | ||
48805df9 | 1241 | case 10: /* CMD10: SEND_CID */ |
a1bb27b1 PB |
1242 | switch (sd->state) { |
1243 | case sd_standby_state: | |
1244 | if (sd->rca != rca) | |
1245 | return sd_r0; | |
1246 | ||
1247 | return sd_r2_i; | |
1248 | ||
775616c3 | 1249 | case sd_transfer_state: |
c3287c0f | 1250 | if (!sd_is_spi(sd)) { |
775616c3 | 1251 | break; |
c3287c0f | 1252 | } |
775616c3 PB |
1253 | sd->state = sd_sendingdata_state; |
1254 | memcpy(sd->data, sd->cid, 16); | |
2d7adea4 | 1255 | sd->data_start = addr; |
775616c3 PB |
1256 | sd->data_offset = 0; |
1257 | return sd_r1; | |
1258 | ||
a1bb27b1 PB |
1259 | default: |
1260 | break; | |
1261 | } | |
1262 | break; | |
1263 | ||
48805df9 | 1264 | case 12: /* CMD12: STOP_TRANSMISSION */ |
a1bb27b1 PB |
1265 | switch (sd->state) { |
1266 | case sd_sendingdata_state: | |
1267 | sd->state = sd_transfer_state; | |
1268 | return sd_r1b; | |
1269 | ||
1270 | case sd_receivingdata_state: | |
1271 | sd->state = sd_programming_state; | |
1272 | /* Bzzzzzzztt .... Operation complete. */ | |
1273 | sd->state = sd_transfer_state; | |
1274 | return sd_r1b; | |
1275 | ||
1276 | default: | |
1277 | break; | |
1278 | } | |
1279 | break; | |
1280 | ||
48805df9 | 1281 | case 13: /* CMD13: SEND_STATUS */ |
a1bb27b1 PB |
1282 | switch (sd->mode) { |
1283 | case sd_data_transfer_mode: | |
c3287c0f | 1284 | if (!sd_is_spi(sd) && sd->rca != rca) { |
a1bb27b1 | 1285 | return sd_r0; |
c557e08d | 1286 | } |
a1bb27b1 PB |
1287 | |
1288 | return sd_r1; | |
1289 | ||
1290 | default: | |
1291 | break; | |
1292 | } | |
1293 | break; | |
1294 | ||
48805df9 | 1295 | case 15: /* CMD15: GO_INACTIVE_STATE */ |
a1bb27b1 PB |
1296 | switch (sd->mode) { |
1297 | case sd_data_transfer_mode: | |
1298 | if (sd->rca != rca) | |
1299 | return sd_r0; | |
1300 | ||
1301 | sd->state = sd_inactive_state; | |
1302 | return sd_r0; | |
1303 | ||
1304 | default: | |
1305 | break; | |
1306 | } | |
1307 | break; | |
1308 | ||
b8d09982 | 1309 | /* Block read commands (Class 2) */ |
48805df9 | 1310 | case 16: /* CMD16: SET_BLOCKLEN */ |
a1bb27b1 PB |
1311 | switch (sd->state) { |
1312 | case sd_transfer_state: | |
814b2adc | 1313 | if (req.arg > (1 << HWBLOCK_SHIFT)) { |
a1bb27b1 | 1314 | sd->card_status |= BLOCK_LEN_ERROR; |
814b2adc PMD |
1315 | } else { |
1316 | trace_sdcard_set_blocklen(req.arg); | |
a1bb27b1 | 1317 | sd->blk_len = req.arg; |
814b2adc | 1318 | } |
a1bb27b1 PB |
1319 | |
1320 | return sd_r1; | |
1321 | ||
1322 | default: | |
1323 | break; | |
1324 | } | |
1325 | break; | |
1326 | ||
48805df9 YF |
1327 | case 17: /* CMD17: READ_SINGLE_BLOCK */ |
1328 | case 18: /* CMD18: READ_MULTIPLE_BLOCK */ | |
a1bb27b1 PB |
1329 | switch (sd->state) { |
1330 | case sd_transfer_state: | |
a1bb27b1 | 1331 | |
66c152d7 | 1332 | if (!address_in_range(sd, "READ_BLOCK", addr, sd->blk_len)) { |
790762e5 | 1333 | return sd_r1; |
794d68de | 1334 | } |
790762e5 PMD |
1335 | |
1336 | sd->state = sd_sendingdata_state; | |
1337 | sd->data_start = addr; | |
1338 | sd->data_offset = 0; | |
a1bb27b1 PB |
1339 | return sd_r1; |
1340 | ||
1341 | default: | |
1342 | break; | |
1343 | } | |
1344 | break; | |
1345 | ||
1346 | /* Block write commands (Class 4) */ | |
48805df9 YF |
1347 | case 24: /* CMD24: WRITE_SINGLE_BLOCK */ |
1348 | case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */ | |
a1bb27b1 PB |
1349 | switch (sd->state) { |
1350 | case sd_transfer_state: | |
790762e5 | 1351 | |
66c152d7 | 1352 | if (!address_in_range(sd, "WRITE_BLOCK", addr, sd->blk_len)) { |
790762e5 PMD |
1353 | return sd_r1; |
1354 | } | |
1355 | ||
a1bb27b1 | 1356 | sd->state = sd_receivingdata_state; |
2d7adea4 | 1357 | sd->data_start = addr; |
a1bb27b1 PB |
1358 | sd->data_offset = 0; |
1359 | sd->blk_written = 0; | |
1360 | ||
19fa6c9e BM |
1361 | if (sd->size <= SDSC_MAX_CAPACITY) { |
1362 | if (sd_wp_addr(sd, sd->data_start)) { | |
1363 | sd->card_status |= WP_VIOLATION; | |
1364 | } | |
794d68de PMD |
1365 | } |
1366 | if (sd->csd[14] & 0x30) { | |
a1bb27b1 | 1367 | sd->card_status |= WP_VIOLATION; |
794d68de | 1368 | } |
a1bb27b1 PB |
1369 | return sd_r1; |
1370 | ||
1371 | default: | |
1372 | break; | |
1373 | } | |
1374 | break; | |
1375 | ||
48805df9 | 1376 | case 26: /* CMD26: PROGRAM_CID */ |
a1bb27b1 PB |
1377 | switch (sd->state) { |
1378 | case sd_transfer_state: | |
1379 | sd->state = sd_receivingdata_state; | |
1380 | sd->data_start = 0; | |
1381 | sd->data_offset = 0; | |
1382 | return sd_r1; | |
1383 | ||
1384 | default: | |
1385 | break; | |
1386 | } | |
1387 | break; | |
1388 | ||
48805df9 | 1389 | case 27: /* CMD27: PROGRAM_CSD */ |
a1bb27b1 PB |
1390 | switch (sd->state) { |
1391 | case sd_transfer_state: | |
1392 | sd->state = sd_receivingdata_state; | |
1393 | sd->data_start = 0; | |
1394 | sd->data_offset = 0; | |
1395 | return sd_r1; | |
1396 | ||
1397 | default: | |
1398 | break; | |
1399 | } | |
1400 | break; | |
1401 | ||
1402 | /* Write protection (Class 6) */ | |
48805df9 | 1403 | case 28: /* CMD28: SET_WRITE_PROT */ |
245c0513 BM |
1404 | if (sd->size > SDSC_MAX_CAPACITY) { |
1405 | return sd_illegal; | |
1406 | } | |
1407 | ||
a1bb27b1 PB |
1408 | switch (sd->state) { |
1409 | case sd_transfer_state: | |
66c152d7 | 1410 | if (!address_in_range(sd, "SET_WRITE_PROT", addr, 1)) { |
a1bb27b1 PB |
1411 | return sd_r1b; |
1412 | } | |
1413 | ||
1414 | sd->state = sd_programming_state; | |
6947feca | 1415 | set_bit(sd_addr_to_wpnum(addr), sd->wp_group_bmap); |
a1bb27b1 PB |
1416 | /* Bzzzzzzztt .... Operation complete. */ |
1417 | sd->state = sd_transfer_state; | |
1418 | return sd_r1b; | |
1419 | ||
1420 | default: | |
1421 | break; | |
1422 | } | |
1423 | break; | |
1424 | ||
48805df9 | 1425 | case 29: /* CMD29: CLR_WRITE_PROT */ |
245c0513 BM |
1426 | if (sd->size > SDSC_MAX_CAPACITY) { |
1427 | return sd_illegal; | |
1428 | } | |
1429 | ||
a1bb27b1 PB |
1430 | switch (sd->state) { |
1431 | case sd_transfer_state: | |
66c152d7 | 1432 | if (!address_in_range(sd, "CLR_WRITE_PROT", addr, 1)) { |
a1bb27b1 PB |
1433 | return sd_r1b; |
1434 | } | |
1435 | ||
1436 | sd->state = sd_programming_state; | |
6947feca | 1437 | clear_bit(sd_addr_to_wpnum(addr), sd->wp_group_bmap); |
a1bb27b1 PB |
1438 | /* Bzzzzzzztt .... Operation complete. */ |
1439 | sd->state = sd_transfer_state; | |
1440 | return sd_r1b; | |
1441 | ||
1442 | default: | |
1443 | break; | |
1444 | } | |
1445 | break; | |
1446 | ||
48805df9 | 1447 | case 30: /* CMD30: SEND_WRITE_PROT */ |
245c0513 BM |
1448 | if (sd->size > SDSC_MAX_CAPACITY) { |
1449 | return sd_illegal; | |
1450 | } | |
1451 | ||
a1bb27b1 PB |
1452 | switch (sd->state) { |
1453 | case sd_transfer_state: | |
59b63d78 PMD |
1454 | if (!address_in_range(sd, "SEND_WRITE_PROT", |
1455 | req.arg, sd->blk_len)) { | |
1456 | return sd_r1; | |
1457 | } | |
1458 | ||
a1bb27b1 PB |
1459 | sd->state = sd_sendingdata_state; |
1460 | *(uint32_t *) sd->data = sd_wpbits(sd, req.arg); | |
2d7adea4 | 1461 | sd->data_start = addr; |
a1bb27b1 | 1462 | sd->data_offset = 0; |
69694973 | 1463 | return sd_r1; |
a1bb27b1 PB |
1464 | |
1465 | default: | |
1466 | break; | |
1467 | } | |
1468 | break; | |
1469 | ||
1470 | /* Erase commands (Class 5) */ | |
48805df9 | 1471 | case 32: /* CMD32: ERASE_WR_BLK_START */ |
a1bb27b1 PB |
1472 | switch (sd->state) { |
1473 | case sd_transfer_state: | |
1474 | sd->erase_start = req.arg; | |
1475 | return sd_r1; | |
1476 | ||
1477 | default: | |
1478 | break; | |
1479 | } | |
1480 | break; | |
1481 | ||
48805df9 | 1482 | case 33: /* CMD33: ERASE_WR_BLK_END */ |
a1bb27b1 PB |
1483 | switch (sd->state) { |
1484 | case sd_transfer_state: | |
1485 | sd->erase_end = req.arg; | |
1486 | return sd_r1; | |
1487 | ||
1488 | default: | |
1489 | break; | |
1490 | } | |
1491 | break; | |
1492 | ||
48805df9 | 1493 | case 38: /* CMD38: ERASE */ |
a1bb27b1 PB |
1494 | switch (sd->state) { |
1495 | case sd_transfer_state: | |
1496 | if (sd->csd[14] & 0x30) { | |
1497 | sd->card_status |= WP_VIOLATION; | |
1498 | return sd_r1b; | |
1499 | } | |
1500 | ||
1501 | sd->state = sd_programming_state; | |
1502 | sd_erase(sd); | |
1503 | /* Bzzzzzzztt .... Operation complete. */ | |
1504 | sd->state = sd_transfer_state; | |
1505 | return sd_r1b; | |
1506 | ||
1507 | default: | |
1508 | break; | |
1509 | } | |
1510 | break; | |
1511 | ||
1512 | /* Lock card commands (Class 7) */ | |
48805df9 | 1513 | case 42: /* CMD42: LOCK_UNLOCK */ |
a1bb27b1 PB |
1514 | switch (sd->state) { |
1515 | case sd_transfer_state: | |
1516 | sd->state = sd_receivingdata_state; | |
1517 | sd->data_start = 0; | |
1518 | sd->data_offset = 0; | |
1519 | return sd_r1; | |
1520 | ||
1521 | default: | |
1522 | break; | |
1523 | } | |
1524 | break; | |
1525 | ||
1526 | /* Application specific commands (Class 8) */ | |
48805df9 | 1527 | case 55: /* CMD55: APP_CMD */ |
d6911486 PMD |
1528 | switch (sd->state) { |
1529 | case sd_ready_state: | |
1530 | case sd_identification_state: | |
1531 | case sd_inactive_state: | |
1532 | return sd_illegal; | |
31162800 PMD |
1533 | case sd_idle_state: |
1534 | if (rca) { | |
1535 | qemu_log_mask(LOG_GUEST_ERROR, | |
1536 | "SD: illegal RCA 0x%04x for APP_CMD\n", req.cmd); | |
1537 | } | |
d6911486 PMD |
1538 | default: |
1539 | break; | |
1540 | } | |
c3287c0f | 1541 | if (!sd_is_spi(sd)) { |
946897ce PMD |
1542 | if (sd->rca != rca) { |
1543 | return sd_r0; | |
1544 | } | |
1545 | } | |
bebd1271 | 1546 | sd->expecting_acmd = true; |
a1bb27b1 PB |
1547 | sd->card_status |= APP_CMD; |
1548 | return sd_r1; | |
1549 | ||
48805df9 | 1550 | case 56: /* CMD56: GEN_CMD */ |
a1bb27b1 PB |
1551 | switch (sd->state) { |
1552 | case sd_transfer_state: | |
1553 | sd->data_offset = 0; | |
1554 | if (req.arg & 1) | |
1555 | sd->state = sd_sendingdata_state; | |
1556 | else | |
1557 | sd->state = sd_receivingdata_state; | |
1558 | return sd_r1; | |
1559 | ||
1560 | default: | |
1561 | break; | |
1562 | } | |
1563 | break; | |
1564 | ||
946897ce | 1565 | case 58: /* CMD58: READ_OCR (SPI) */ |
946897ce PMD |
1566 | return sd_r3; |
1567 | ||
1568 | case 59: /* CMD59: CRC_ON_OFF (SPI) */ | |
dec6d338 | 1569 | return sd_r1; |
946897ce | 1570 | |
a1bb27b1 | 1571 | default: |
9800ad88 | 1572 | qemu_log_mask(LOG_GUEST_ERROR, "SD: Unknown CMD%i\n", req.cmd); |
53bb8cc4 | 1573 | return sd_illegal; |
a1bb27b1 PB |
1574 | } |
1575 | ||
13201139 | 1576 | return sd_invalid_state_for_cmd(sd, req); |
a1bb27b1 PB |
1577 | } |
1578 | ||
c227f099 | 1579 | static sd_rsp_type_t sd_app_command(SDState *sd, |
22ed1d34 BS |
1580 | SDRequest req) |
1581 | { | |
1b4a2342 | 1582 | trace_sdcard_app_command(sd_proto(sd)->name, sd_acmd_name(req.cmd), |
2ed61fb5 | 1583 | req.cmd, req.arg, sd_state_name(sd->state)); |
1d06cb7a | 1584 | sd->card_status |= APP_CMD; |
46859b60 PMD |
1585 | |
1586 | if (sd_proto(sd)->acmd[req.cmd]) { | |
1587 | return sd_proto(sd)->acmd[req.cmd](sd, req); | |
1588 | } | |
1589 | ||
a1bb27b1 | 1590 | switch (req.cmd) { |
48805df9 | 1591 | case 6: /* ACMD6: SET_BUS_WIDTH */ |
a1bb27b1 PB |
1592 | switch (sd->state) { |
1593 | case sd_transfer_state: | |
1594 | sd->sd_status[0] &= 0x3f; | |
1595 | sd->sd_status[0] |= (req.arg & 0x03) << 6; | |
1596 | return sd_r1; | |
1597 | ||
1598 | default: | |
1599 | break; | |
1600 | } | |
1601 | break; | |
1602 | ||
48805df9 | 1603 | case 13: /* ACMD13: SD_STATUS */ |
a1bb27b1 PB |
1604 | switch (sd->state) { |
1605 | case sd_transfer_state: | |
fb1ba03a | 1606 | sd->state = sd_sendingdata_state; |
a1bb27b1 PB |
1607 | sd->data_start = 0; |
1608 | sd->data_offset = 0; | |
1609 | return sd_r1; | |
1610 | ||
1611 | default: | |
1612 | break; | |
1613 | } | |
1614 | break; | |
1615 | ||
48805df9 | 1616 | case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */ |
a1bb27b1 PB |
1617 | switch (sd->state) { |
1618 | case sd_transfer_state: | |
1619 | *(uint32_t *) sd->data = sd->blk_written; | |
1620 | ||
fb1ba03a | 1621 | sd->state = sd_sendingdata_state; |
a1bb27b1 PB |
1622 | sd->data_start = 0; |
1623 | sd->data_offset = 0; | |
1624 | return sd_r1; | |
1625 | ||
1626 | default: | |
1627 | break; | |
1628 | } | |
1629 | break; | |
1630 | ||
48805df9 | 1631 | case 23: /* ACMD23: SET_WR_BLK_ERASE_COUNT */ |
a1bb27b1 PB |
1632 | switch (sd->state) { |
1633 | case sd_transfer_state: | |
1634 | return sd_r1; | |
1635 | ||
1636 | default: | |
1637 | break; | |
1638 | } | |
1639 | break; | |
1640 | ||
48805df9 | 1641 | case 41: /* ACMD41: SD_APP_OP_COND */ |
4e5cc675 PMD |
1642 | if (sd->state != sd_idle_state) { |
1643 | break; | |
1644 | } | |
1645 | /* If it's the first ACMD41 since reset, we need to decide | |
1646 | * whether to power up. If this is not an enquiry ACMD41, | |
1647 | * we immediately report power on and proceed below to the | |
1648 | * ready state, but if it is, we set a timer to model a | |
1649 | * delay for power up. This works around a bug in EDK2 | |
1650 | * UEFI, which sends an initial enquiry ACMD41, but | |
1651 | * assumes that the card is in ready state as soon as it | |
1652 | * sees the power up bit set. */ | |
1653 | if (!FIELD_EX32(sd->ocr, OCR, CARD_POWER_UP)) { | |
1654 | if ((req.arg & ACMD41_ENQUIRY_MASK) != 0) { | |
1655 | timer_del(sd->ocr_power_timer); | |
1656 | sd_ocr_powerup(sd); | |
1657 | } else { | |
1658 | trace_sdcard_inquiry_cmd41(); | |
1659 | if (!timer_pending(sd->ocr_power_timer)) { | |
1660 | timer_mod_ns(sd->ocr_power_timer, | |
1661 | (qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) | |
1662 | + OCR_POWER_DELAY_NS)); | |
dd26eb43 AB |
1663 | } |
1664 | } | |
4e5cc675 | 1665 | } |
dd26eb43 | 1666 | |
4e5cc675 | 1667 | if (FIELD_EX32(sd->ocr & req.arg, OCR, VDD_VOLTAGE_WINDOW)) { |
37ab4a56 PC |
1668 | /* We accept any voltage. 10000 V is nothing. |
1669 | * | |
dd26eb43 | 1670 | * Once we're powered up, we advance straight to ready state |
37ab4a56 PC |
1671 | * unless it's an enquiry ACMD41 (bits 23:0 == 0). |
1672 | */ | |
4e5cc675 | 1673 | sd->state = sd_ready_state; |
a1bb27b1 | 1674 | } |
4e5cc675 PMD |
1675 | |
1676 | return sd_r3; | |
a1bb27b1 | 1677 | |
48805df9 | 1678 | case 42: /* ACMD42: SET_CLR_CARD_DETECT */ |
a1bb27b1 PB |
1679 | switch (sd->state) { |
1680 | case sd_transfer_state: | |
1681 | /* Bringing in the 50KOhm pull-up resistor... Done. */ | |
1682 | return sd_r1; | |
1683 | ||
1684 | default: | |
1685 | break; | |
1686 | } | |
1687 | break; | |
1688 | ||
48805df9 | 1689 | case 51: /* ACMD51: SEND_SCR */ |
a1bb27b1 PB |
1690 | switch (sd->state) { |
1691 | case sd_transfer_state: | |
1692 | sd->state = sd_sendingdata_state; | |
1693 | sd->data_start = 0; | |
1694 | sd->data_offset = 0; | |
1695 | return sd_r1; | |
1696 | ||
1697 | default: | |
1698 | break; | |
1699 | } | |
1700 | break; | |
1701 | ||
688491c7 PMD |
1702 | case 18: /* Reserved for SD security applications */ |
1703 | case 25: | |
1704 | case 26: | |
1705 | case 38: | |
1706 | case 43 ... 49: | |
1707 | /* Refer to the "SD Specifications Part3 Security Specification" for | |
1708 | * information about the SD Security Features. | |
1709 | */ | |
1710 | qemu_log_mask(LOG_UNIMP, "SD: CMD%i Security not implemented\n", | |
1711 | req.cmd); | |
1712 | return sd_illegal; | |
1713 | ||
a1bb27b1 PB |
1714 | default: |
1715 | /* Fall back to standard commands. */ | |
a1bb27b1 PB |
1716 | return sd_normal_command(sd, req); |
1717 | } | |
1718 | ||
9800ad88 | 1719 | qemu_log_mask(LOG_GUEST_ERROR, "SD: ACMD%i in a wrong state\n", req.cmd); |
5b08bfe2 | 1720 | return sd_illegal; |
a1bb27b1 PB |
1721 | } |
1722 | ||
ef6dd5f5 | 1723 | static int cmd_valid_while_locked(SDState *sd, const uint8_t cmd) |
25881d33 PM |
1724 | { |
1725 | /* Valid commands in locked state: | |
1726 | * basic class (0) | |
1727 | * lock card class (7) | |
1728 | * CMD16 | |
1729 | * implicitly, the ACMD prefix CMD55 | |
1730 | * ACMD41 and ACMD42 | |
1731 | * Anything else provokes an "illegal command" response. | |
1732 | */ | |
1d06cb7a | 1733 | if (sd->expecting_acmd) { |
ef6dd5f5 | 1734 | return cmd == 41 || cmd == 42; |
25881d33 | 1735 | } |
ef6dd5f5 | 1736 | if (cmd == 16 || cmd == 55) { |
25881d33 PM |
1737 | return 1; |
1738 | } | |
ef6dd5f5 | 1739 | return sd_cmd_class[cmd] == 0 || sd_cmd_class[cmd] == 7; |
25881d33 PM |
1740 | } |
1741 | ||
bc24a225 | 1742 | int sd_do_command(SDState *sd, SDRequest *req, |
a1bb27b1 | 1743 | uint8_t *response) { |
10a412da | 1744 | int last_state; |
c227f099 | 1745 | sd_rsp_type_t rtype; |
a1bb27b1 PB |
1746 | int rsplen; |
1747 | ||
4be74634 | 1748 | if (!sd->blk || !blk_is_inserted(sd->blk) || !sd->enable) { |
a1bb27b1 PB |
1749 | return 0; |
1750 | } | |
1751 | ||
1752 | if (sd_req_crc_validate(req)) { | |
abda1f37 | 1753 | sd->card_status |= COM_CRC_ERROR; |
b1f517ed PM |
1754 | rtype = sd_illegal; |
1755 | goto send_response; | |
a1bb27b1 PB |
1756 | } |
1757 | ||
f250015b PMD |
1758 | if (req->cmd >= SDMMC_CMD_MAX) { |
1759 | qemu_log_mask(LOG_GUEST_ERROR, "SD: incorrect command 0x%02x\n", | |
1760 | req->cmd); | |
1761 | req->cmd &= 0x3f; | |
1762 | } | |
1763 | ||
10a412da | 1764 | if (sd->card_status & CARD_IS_LOCKED) { |
ef6dd5f5 | 1765 | if (!cmd_valid_while_locked(sd, req->cmd)) { |
a1bb27b1 | 1766 | sd->card_status |= ILLEGAL_COMMAND; |
bebd1271 | 1767 | sd->expecting_acmd = false; |
9800ad88 | 1768 | qemu_log_mask(LOG_GUEST_ERROR, "SD: Card is locked\n"); |
b1f517ed PM |
1769 | rtype = sd_illegal; |
1770 | goto send_response; | |
a1bb27b1 | 1771 | } |
25881d33 | 1772 | } |
a1bb27b1 | 1773 | |
10a412da PM |
1774 | last_state = sd->state; |
1775 | sd_set_mode(sd); | |
1776 | ||
1d06cb7a | 1777 | if (sd->expecting_acmd) { |
bebd1271 | 1778 | sd->expecting_acmd = false; |
a1bb27b1 | 1779 | rtype = sd_app_command(sd, *req); |
1d06cb7a | 1780 | } else { |
a1bb27b1 | 1781 | rtype = sd_normal_command(sd, *req); |
1d06cb7a | 1782 | } |
a1bb27b1 | 1783 | |
53bb8cc4 PM |
1784 | if (rtype == sd_illegal) { |
1785 | sd->card_status |= ILLEGAL_COMMAND; | |
10a412da PM |
1786 | } else { |
1787 | /* Valid command, we can update the 'state before command' bits. | |
1788 | * (Do this now so they appear in r1 responses.) | |
1789 | */ | |
1790 | sd->current_cmd = req->cmd; | |
1791 | sd->card_status &= ~CURRENT_STATE; | |
1792 | sd->card_status |= (last_state << 9); | |
53bb8cc4 PM |
1793 | } |
1794 | ||
b1f517ed | 1795 | send_response: |
a1bb27b1 PB |
1796 | switch (rtype) { |
1797 | case sd_r1: | |
1798 | case sd_r1b: | |
10a412da | 1799 | sd_response_r1_make(sd, response); |
a1bb27b1 PB |
1800 | rsplen = 4; |
1801 | break; | |
1802 | ||
1803 | case sd_r2_i: | |
1804 | memcpy(response, sd->cid, sizeof(sd->cid)); | |
a1bb27b1 PB |
1805 | rsplen = 16; |
1806 | break; | |
1807 | ||
1808 | case sd_r2_s: | |
1809 | memcpy(response, sd->csd, sizeof(sd->csd)); | |
a1bb27b1 PB |
1810 | rsplen = 16; |
1811 | break; | |
1812 | ||
1813 | case sd_r3: | |
1814 | sd_response_r3_make(sd, response); | |
1815 | rsplen = 4; | |
1816 | break; | |
1817 | ||
1818 | case sd_r6: | |
1819 | sd_response_r6_make(sd, response); | |
1820 | rsplen = 4; | |
1821 | break; | |
1822 | ||
1b088995 AZ |
1823 | case sd_r7: |
1824 | sd_response_r7_make(sd, response); | |
1825 | rsplen = 4; | |
1826 | break; | |
1827 | ||
a1bb27b1 | 1828 | case sd_r0: |
53bb8cc4 | 1829 | case sd_illegal: |
a1bb27b1 PB |
1830 | rsplen = 0; |
1831 | break; | |
55921932 PMD |
1832 | default: |
1833 | g_assert_not_reached(); | |
a1bb27b1 | 1834 | } |
55921932 | 1835 | trace_sdcard_response(sd_response_name(rtype), rsplen); |
a1bb27b1 | 1836 | |
10a412da PM |
1837 | if (rtype != sd_illegal) { |
1838 | /* Clear the "clear on valid command" status bits now we've | |
1839 | * sent any response | |
1840 | */ | |
1841 | sd->card_status &= ~CARD_STATUS_B; | |
1842 | } | |
1843 | ||
a1bb27b1 | 1844 | #ifdef DEBUG_SD |
b42581f5 | 1845 | qemu_hexdump(stderr, "Response", response, rsplen); |
a1bb27b1 PB |
1846 | #endif |
1847 | ||
1848 | return rsplen; | |
1849 | } | |
1850 | ||
c769a88d | 1851 | void sd_write_byte(SDState *sd, uint8_t value) |
a1bb27b1 PB |
1852 | { |
1853 | int i; | |
1854 | ||
4be74634 | 1855 | if (!sd->blk || !blk_is_inserted(sd->blk) || !sd->enable) |
a1bb27b1 PB |
1856 | return; |
1857 | ||
1858 | if (sd->state != sd_receivingdata_state) { | |
9800ad88 | 1859 | qemu_log_mask(LOG_GUEST_ERROR, |
c769a88d | 1860 | "%s: not in Receiving-Data state\n", __func__); |
a1bb27b1 PB |
1861 | return; |
1862 | } | |
1863 | ||
1864 | if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION)) | |
1865 | return; | |
1866 | ||
1b4a2342 | 1867 | trace_sdcard_write_data(sd_proto(sd)->name, |
75a96f5e | 1868 | sd_acmd_name(sd->current_cmd), |
2ed61fb5 | 1869 | sd->current_cmd, value); |
a1bb27b1 | 1870 | switch (sd->current_cmd) { |
48805df9 | 1871 | case 24: /* CMD24: WRITE_SINGLE_BLOCK */ |
a1bb27b1 PB |
1872 | sd->data[sd->data_offset ++] = value; |
1873 | if (sd->data_offset >= sd->blk_len) { | |
1874 | /* TODO: Check CRC before committing */ | |
1875 | sd->state = sd_programming_state; | |
1876 | BLK_WRITE_BLOCK(sd->data_start, sd->data_offset); | |
1877 | sd->blk_written ++; | |
1878 | sd->csd[14] |= 0x40; | |
1879 | /* Bzzzzzzztt .... Operation complete. */ | |
1880 | sd->state = sd_transfer_state; | |
1881 | } | |
1882 | break; | |
1883 | ||
48805df9 | 1884 | case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */ |
33fa8234 | 1885 | if (sd->data_offset == 0) { |
e03ba136 | 1886 | /* Start of the block - let's check the address is valid */ |
66c152d7 PMD |
1887 | if (!address_in_range(sd, "WRITE_MULTIPLE_BLOCK", |
1888 | sd->data_start, sd->blk_len)) { | |
a1bb27b1 PB |
1889 | break; |
1890 | } | |
19fa6c9e BM |
1891 | if (sd->size <= SDSC_MAX_CAPACITY) { |
1892 | if (sd_wp_addr(sd, sd->data_start)) { | |
1893 | sd->card_status |= WP_VIOLATION; | |
1894 | break; | |
1895 | } | |
a1bb27b1 | 1896 | } |
33fa8234 DDAG |
1897 | } |
1898 | sd->data[sd->data_offset++] = value; | |
1899 | if (sd->data_offset >= sd->blk_len) { | |
1900 | /* TODO: Check CRC before committing */ | |
1901 | sd->state = sd_programming_state; | |
1902 | BLK_WRITE_BLOCK(sd->data_start, sd->data_offset); | |
1903 | sd->blk_written++; | |
1904 | sd->data_start += sd->blk_len; | |
1905 | sd->data_offset = 0; | |
a1bb27b1 PB |
1906 | sd->csd[14] |= 0x40; |
1907 | ||
1908 | /* Bzzzzzzztt .... Operation complete. */ | |
4481bbc7 AB |
1909 | if (sd->multi_blk_cnt != 0) { |
1910 | if (--sd->multi_blk_cnt == 0) { | |
1911 | /* Stop! */ | |
1912 | sd->state = sd_transfer_state; | |
1913 | break; | |
1914 | } | |
1915 | } | |
1916 | ||
a1bb27b1 PB |
1917 | sd->state = sd_receivingdata_state; |
1918 | } | |
1919 | break; | |
1920 | ||
48805df9 | 1921 | case 26: /* CMD26: PROGRAM_CID */ |
a1bb27b1 PB |
1922 | sd->data[sd->data_offset ++] = value; |
1923 | if (sd->data_offset >= sizeof(sd->cid)) { | |
1924 | /* TODO: Check CRC before committing */ | |
1925 | sd->state = sd_programming_state; | |
1926 | for (i = 0; i < sizeof(sd->cid); i ++) | |
1927 | if ((sd->cid[i] | 0x00) != sd->data[i]) | |
1928 | sd->card_status |= CID_CSD_OVERWRITE; | |
1929 | ||
1930 | if (!(sd->card_status & CID_CSD_OVERWRITE)) | |
1931 | for (i = 0; i < sizeof(sd->cid); i ++) { | |
1932 | sd->cid[i] |= 0x00; | |
1933 | sd->cid[i] &= sd->data[i]; | |
1934 | } | |
1935 | /* Bzzzzzzztt .... Operation complete. */ | |
1936 | sd->state = sd_transfer_state; | |
1937 | } | |
1938 | break; | |
1939 | ||
48805df9 | 1940 | case 27: /* CMD27: PROGRAM_CSD */ |
a1bb27b1 PB |
1941 | sd->data[sd->data_offset ++] = value; |
1942 | if (sd->data_offset >= sizeof(sd->csd)) { | |
1943 | /* TODO: Check CRC before committing */ | |
1944 | sd->state = sd_programming_state; | |
1945 | for (i = 0; i < sizeof(sd->csd); i ++) | |
1946 | if ((sd->csd[i] | sd_csd_rw_mask[i]) != | |
1947 | (sd->data[i] | sd_csd_rw_mask[i])) | |
1948 | sd->card_status |= CID_CSD_OVERWRITE; | |
1949 | ||
1950 | /* Copy flag (OTP) & Permanent write protect */ | |
1951 | if (sd->csd[14] & ~sd->data[14] & 0x60) | |
1952 | sd->card_status |= CID_CSD_OVERWRITE; | |
1953 | ||
1954 | if (!(sd->card_status & CID_CSD_OVERWRITE)) | |
1955 | for (i = 0; i < sizeof(sd->csd); i ++) { | |
1956 | sd->csd[i] |= sd_csd_rw_mask[i]; | |
1957 | sd->csd[i] &= sd->data[i]; | |
1958 | } | |
1959 | /* Bzzzzzzztt .... Operation complete. */ | |
1960 | sd->state = sd_transfer_state; | |
1961 | } | |
1962 | break; | |
1963 | ||
48805df9 | 1964 | case 42: /* CMD42: LOCK_UNLOCK */ |
a1bb27b1 PB |
1965 | sd->data[sd->data_offset ++] = value; |
1966 | if (sd->data_offset >= sd->blk_len) { | |
1967 | /* TODO: Check CRC before committing */ | |
1968 | sd->state = sd_programming_state; | |
1969 | sd_lock_command(sd); | |
1970 | /* Bzzzzzzztt .... Operation complete. */ | |
1971 | sd->state = sd_transfer_state; | |
1972 | } | |
1973 | break; | |
1974 | ||
48805df9 | 1975 | case 56: /* CMD56: GEN_CMD */ |
a1bb27b1 PB |
1976 | sd->data[sd->data_offset ++] = value; |
1977 | if (sd->data_offset >= sd->blk_len) { | |
1978 | APP_WRITE_BLOCK(sd->data_start, sd->data_offset); | |
1979 | sd->state = sd_transfer_state; | |
1980 | } | |
1981 | break; | |
1982 | ||
1983 | default: | |
c769a88d | 1984 | qemu_log_mask(LOG_GUEST_ERROR, "%s: unknown command\n", __func__); |
a1bb27b1 PB |
1985 | break; |
1986 | } | |
1987 | } | |
1988 | ||
0c3fb03f PMD |
1989 | #define SD_TUNING_BLOCK_SIZE 64 |
1990 | ||
1991 | static const uint8_t sd_tuning_block_pattern[SD_TUNING_BLOCK_SIZE] = { | |
1992 | /* See: Physical Layer Simplified Specification Version 3.01, Table 4-2 */ | |
1993 | 0xff, 0x0f, 0xff, 0x00, 0x0f, 0xfc, 0xc3, 0xcc, | |
1994 | 0xc3, 0x3c, 0xcc, 0xff, 0xfe, 0xff, 0xfe, 0xef, | |
1995 | 0xff, 0xdf, 0xff, 0xdd, 0xff, 0xfb, 0xff, 0xfb, | |
1996 | 0xbf, 0xff, 0x7f, 0xff, 0x77, 0xf7, 0xbd, 0xef, | |
1997 | 0xff, 0xf0, 0xff, 0xf0, 0x0f, 0xfc, 0xcc, 0x3c, | |
1998 | 0xcc, 0x33, 0xcc, 0xcf, 0xff, 0xef, 0xff, 0xee, | |
1999 | 0xff, 0xfd, 0xff, 0xfd, 0xdf, 0xff, 0xbf, 0xff, | |
2000 | 0xbb, 0xff, 0xf7, 0xff, 0xf7, 0x7f, 0x7b, 0xde, | |
2001 | }; | |
2002 | ||
c769a88d | 2003 | uint8_t sd_read_byte(SDState *sd) |
a1bb27b1 PB |
2004 | { |
2005 | /* TODO: Append CRCs */ | |
2006 | uint8_t ret; | |
692fb0ef | 2007 | uint32_t io_len; |
a1bb27b1 | 2008 | |
4be74634 | 2009 | if (!sd->blk || !blk_is_inserted(sd->blk) || !sd->enable) |
a1bb27b1 PB |
2010 | return 0x00; |
2011 | ||
2012 | if (sd->state != sd_sendingdata_state) { | |
9800ad88 | 2013 | qemu_log_mask(LOG_GUEST_ERROR, |
c769a88d | 2014 | "%s: not in Sending-Data state\n", __func__); |
a1bb27b1 PB |
2015 | return 0x00; |
2016 | } | |
2017 | ||
2018 | if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION)) | |
2019 | return 0x00; | |
2020 | ||
2d7adea4 AZ |
2021 | io_len = (sd->ocr & (1 << 30)) ? 512 : sd->blk_len; |
2022 | ||
1b4a2342 | 2023 | trace_sdcard_read_data(sd_proto(sd)->name, |
75a96f5e | 2024 | sd_acmd_name(sd->current_cmd), |
2ed61fb5 | 2025 | sd->current_cmd, io_len); |
a1bb27b1 | 2026 | switch (sd->current_cmd) { |
48805df9 | 2027 | case 6: /* CMD6: SWITCH_FUNCTION */ |
a1bb27b1 PB |
2028 | ret = sd->data[sd->data_offset ++]; |
2029 | ||
2030 | if (sd->data_offset >= 64) | |
2031 | sd->state = sd_transfer_state; | |
2032 | break; | |
2033 | ||
48805df9 YF |
2034 | case 9: /* CMD9: SEND_CSD */ |
2035 | case 10: /* CMD10: SEND_CID */ | |
775616c3 PB |
2036 | ret = sd->data[sd->data_offset ++]; |
2037 | ||
2038 | if (sd->data_offset >= 16) | |
2039 | sd->state = sd_transfer_state; | |
2040 | break; | |
2041 | ||
48805df9 | 2042 | case 13: /* ACMD13: SD_STATUS */ |
a1bb27b1 PB |
2043 | ret = sd->sd_status[sd->data_offset ++]; |
2044 | ||
2045 | if (sd->data_offset >= sizeof(sd->sd_status)) | |
2046 | sd->state = sd_transfer_state; | |
2047 | break; | |
2048 | ||
48805df9 | 2049 | case 17: /* CMD17: READ_SINGLE_BLOCK */ |
a1bb27b1 | 2050 | if (sd->data_offset == 0) |
2d7adea4 | 2051 | BLK_READ_BLOCK(sd->data_start, io_len); |
a1bb27b1 PB |
2052 | ret = sd->data[sd->data_offset ++]; |
2053 | ||
2d7adea4 | 2054 | if (sd->data_offset >= io_len) |
a1bb27b1 PB |
2055 | sd->state = sd_transfer_state; |
2056 | break; | |
2057 | ||
48805df9 | 2058 | case 18: /* CMD18: READ_MULTIPLE_BLOCK */ |
8573378e | 2059 | if (sd->data_offset == 0) { |
66c152d7 PMD |
2060 | if (!address_in_range(sd, "READ_MULTIPLE_BLOCK", |
2061 | sd->data_start, io_len)) { | |
8573378e MO |
2062 | return 0x00; |
2063 | } | |
2d7adea4 | 2064 | BLK_READ_BLOCK(sd->data_start, io_len); |
8573378e | 2065 | } |
a1bb27b1 PB |
2066 | ret = sd->data[sd->data_offset ++]; |
2067 | ||
2d7adea4 AZ |
2068 | if (sd->data_offset >= io_len) { |
2069 | sd->data_start += io_len; | |
a1bb27b1 | 2070 | sd->data_offset = 0; |
4481bbc7 AB |
2071 | |
2072 | if (sd->multi_blk_cnt != 0) { | |
2073 | if (--sd->multi_blk_cnt == 0) { | |
2074 | /* Stop! */ | |
2075 | sd->state = sd_transfer_state; | |
2076 | break; | |
2077 | } | |
2078 | } | |
a1bb27b1 PB |
2079 | } |
2080 | break; | |
2081 | ||
0c3fb03f PMD |
2082 | case 19: /* CMD19: SEND_TUNING_BLOCK (SD) */ |
2083 | if (sd->data_offset >= SD_TUNING_BLOCK_SIZE - 1) { | |
2084 | sd->state = sd_transfer_state; | |
2085 | } | |
2086 | ret = sd_tuning_block_pattern[sd->data_offset++]; | |
2087 | break; | |
2088 | ||
48805df9 | 2089 | case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */ |
a1bb27b1 PB |
2090 | ret = sd->data[sd->data_offset ++]; |
2091 | ||
2092 | if (sd->data_offset >= 4) | |
2093 | sd->state = sd_transfer_state; | |
2094 | break; | |
2095 | ||
48805df9 | 2096 | case 30: /* CMD30: SEND_WRITE_PROT */ |
a1bb27b1 PB |
2097 | ret = sd->data[sd->data_offset ++]; |
2098 | ||
2099 | if (sd->data_offset >= 4) | |
2100 | sd->state = sd_transfer_state; | |
2101 | break; | |
2102 | ||
48805df9 | 2103 | case 51: /* ACMD51: SEND_SCR */ |
a1bb27b1 PB |
2104 | ret = sd->scr[sd->data_offset ++]; |
2105 | ||
2106 | if (sd->data_offset >= sizeof(sd->scr)) | |
2107 | sd->state = sd_transfer_state; | |
2108 | break; | |
2109 | ||
48805df9 | 2110 | case 56: /* CMD56: GEN_CMD */ |
a1bb27b1 PB |
2111 | if (sd->data_offset == 0) |
2112 | APP_READ_BLOCK(sd->data_start, sd->blk_len); | |
2113 | ret = sd->data[sd->data_offset ++]; | |
2114 | ||
2115 | if (sd->data_offset >= sd->blk_len) | |
2116 | sd->state = sd_transfer_state; | |
2117 | break; | |
2118 | ||
2119 | default: | |
c769a88d | 2120 | qemu_log_mask(LOG_GUEST_ERROR, "%s: unknown command\n", __func__); |
a1bb27b1 PB |
2121 | return 0x00; |
2122 | } | |
2123 | ||
2124 | return ret; | |
2125 | } | |
2126 | ||
995731d3 BM |
2127 | static bool sd_receive_ready(SDState *sd) |
2128 | { | |
2129 | return sd->state == sd_receivingdata_state; | |
2130 | } | |
2131 | ||
38626a33 | 2132 | static bool sd_data_ready(SDState *sd) |
a1bb27b1 PB |
2133 | { |
2134 | return sd->state == sd_sendingdata_state; | |
2135 | } | |
827df9f3 | 2136 | |
bebd1271 | 2137 | void sd_enable(SDState *sd, bool enable) |
827df9f3 AZ |
2138 | { |
2139 | sd->enable = enable; | |
2140 | } | |
260bc9d8 | 2141 | |
1b4a2342 PMD |
2142 | static const SDProto sd_proto_spi = { |
2143 | .name = "SPI", | |
583204d8 | 2144 | .cmd = { |
a6e0f67e | 2145 | [0] = sd_cmd_GO_IDLE_STATE, |
5c44e820 | 2146 | [1] = sd_cmd_SEND_OP_CMD, |
583204d8 PMD |
2147 | [2 ... 4] = sd_cmd_illegal, |
2148 | [5] = sd_cmd_illegal, | |
2149 | [7] = sd_cmd_illegal, | |
2150 | [15] = sd_cmd_illegal, | |
2151 | [26] = sd_cmd_illegal, | |
2152 | [52 ... 54] = sd_cmd_illegal, | |
2153 | }, | |
7ffcbf3e PMD |
2154 | .acmd = { |
2155 | [6] = sd_cmd_unimplemented, | |
5c44e820 | 2156 | [41] = sd_cmd_SEND_OP_CMD, |
7ffcbf3e | 2157 | }, |
1b4a2342 PMD |
2158 | }; |
2159 | ||
2160 | static const SDProto sd_proto_sd = { | |
2161 | .name = "SD", | |
583204d8 | 2162 | .cmd = { |
a6e0f67e | 2163 | [0] = sd_cmd_GO_IDLE_STATE, |
583204d8 | 2164 | [1] = sd_cmd_illegal, |
c4f2d9e1 | 2165 | [2] = sd_cmd_ALL_SEND_CID, |
41a0349d | 2166 | [3] = sd_cmd_SEND_RELATIVE_ADDR, |
583204d8 | 2167 | [5] = sd_cmd_illegal, |
793d04f4 | 2168 | [19] = sd_cmd_SEND_TUNING_BLOCK, |
6380cd20 | 2169 | [23] = sd_cmd_SET_BLOCK_COUNT, |
583204d8 PMD |
2170 | [52 ... 54] = sd_cmd_illegal, |
2171 | [58] = sd_cmd_illegal, | |
2172 | [59] = sd_cmd_illegal, | |
2173 | }, | |
1b4a2342 PMD |
2174 | }; |
2175 | ||
260bc9d8 PM |
2176 | static void sd_instance_init(Object *obj) |
2177 | { | |
2178 | SDState *sd = SD_CARD(obj); | |
2179 | ||
2180 | sd->enable = true; | |
dd26eb43 | 2181 | sd->ocr_power_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, sd_ocr_powerup, sd); |
260bc9d8 PM |
2182 | } |
2183 | ||
5ba34401 MAL |
2184 | static void sd_instance_finalize(Object *obj) |
2185 | { | |
2186 | SDState *sd = SD_CARD(obj); | |
2187 | ||
5ba34401 MAL |
2188 | timer_free(sd->ocr_power_timer); |
2189 | } | |
2190 | ||
260bc9d8 PM |
2191 | static void sd_realize(DeviceState *dev, Error **errp) |
2192 | { | |
2193 | SDState *sd = SD_CARD(dev); | |
a17c17a2 | 2194 | int ret; |
260bc9d8 | 2195 | |
2f0939c2 PMD |
2196 | switch (sd->spec_version) { |
2197 | case SD_PHY_SPECv1_10_VERS | |
2c511375 | 2198 | ... SD_PHY_SPECv3_01_VERS: |
2f0939c2 PMD |
2199 | break; |
2200 | default: | |
2201 | error_setg(errp, "Invalid SD card Spec version: %u", sd->spec_version); | |
2202 | return; | |
2203 | } | |
2204 | ||
260bc9d8 | 2205 | if (sd->blk) { |
a9bcedd1 PMD |
2206 | int64_t blk_size; |
2207 | ||
86b1cf32 | 2208 | if (!blk_supports_write_perm(sd->blk)) { |
6dd3a164 PMD |
2209 | error_setg(errp, "Cannot use read-only drive as SD card"); |
2210 | return; | |
2211 | } | |
2212 | ||
a9bcedd1 PMD |
2213 | blk_size = blk_getlength(sd->blk); |
2214 | if (blk_size > 0 && !is_power_of_2(blk_size)) { | |
2215 | int64_t blk_size_aligned = pow2ceil(blk_size); | |
2216 | char *blk_size_str; | |
2217 | ||
2218 | blk_size_str = size_to_str(blk_size); | |
2219 | error_setg(errp, "Invalid SD card size: %s", blk_size_str); | |
2220 | g_free(blk_size_str); | |
2221 | ||
2222 | blk_size_str = size_to_str(blk_size_aligned); | |
2223 | error_append_hint(errp, | |
2224 | "SD card size has to be a power of 2, e.g. %s.\n" | |
2225 | "You can resize disk images with" | |
2226 | " 'qemu-img resize <imagefile> <new-size>'\n" | |
2227 | "(note that this will lose data if you make the" | |
2228 | " image smaller than it currently is).\n", | |
2229 | blk_size_str); | |
2230 | g_free(blk_size_str); | |
2231 | ||
2232 | return; | |
2233 | } | |
2234 | ||
a17c17a2 KW |
2235 | ret = blk_set_perm(sd->blk, BLK_PERM_CONSISTENT_READ | BLK_PERM_WRITE, |
2236 | BLK_PERM_ALL, errp); | |
2237 | if (ret < 0) { | |
2238 | return; | |
2239 | } | |
260bc9d8 PM |
2240 | blk_set_dev_ops(sd->blk, &sd_block_ops, sd); |
2241 | } | |
260bc9d8 PM |
2242 | } |
2243 | ||
2244 | static Property sd_properties[] = { | |
2f0939c2 PMD |
2245 | DEFINE_PROP_UINT8("spec_version", SDState, |
2246 | spec_version, SD_PHY_SPECv2_00_VERS), | |
260bc9d8 PM |
2247 | DEFINE_PROP_DRIVE("drive", SDState, blk), |
2248 | /* We do not model the chip select pin, so allow the board to select | |
2249 | * whether card should be in SSI or MMC/SD mode. It is also up to the | |
2250 | * board to ensure that ssi transfers only occur when the chip select | |
2251 | * is asserted. */ | |
260bc9d8 PM |
2252 | DEFINE_PROP_END_OF_LIST() |
2253 | }; | |
2254 | ||
2255 | static void sd_class_init(ObjectClass *klass, void *data) | |
2256 | { | |
2257 | DeviceClass *dc = DEVICE_CLASS(klass); | |
c759a790 | 2258 | SDCardClass *sc = SD_CARD_CLASS(klass); |
260bc9d8 PM |
2259 | |
2260 | dc->realize = sd_realize; | |
4f67d30b | 2261 | device_class_set_props(dc, sd_properties); |
260bc9d8 | 2262 | dc->vmsd = &sd_vmstate; |
ba3ed0fa | 2263 | dc->reset = sd_reset; |
c759a790 | 2264 | dc->bus_type = TYPE_SD_BUS; |
2bbf3a91 | 2265 | set_bit(DEVICE_CATEGORY_STORAGE, dc->categories); |
c759a790 | 2266 | |
0034ebe6 | 2267 | sc->set_voltage = sd_set_voltage; |
da346922 PMD |
2268 | sc->get_dat_lines = sd_get_dat_lines; |
2269 | sc->get_cmd_line = sd_get_cmd_line; | |
c759a790 | 2270 | sc->do_command = sd_do_command; |
c769a88d PMD |
2271 | sc->write_byte = sd_write_byte; |
2272 | sc->read_byte = sd_read_byte; | |
995731d3 | 2273 | sc->receive_ready = sd_receive_ready; |
c759a790 PM |
2274 | sc->data_ready = sd_data_ready; |
2275 | sc->enable = sd_enable; | |
2276 | sc->get_inserted = sd_get_inserted; | |
2277 | sc->get_readonly = sd_get_readonly; | |
c3287c0f | 2278 | sc->proto = &sd_proto_sd; |
260bc9d8 PM |
2279 | } |
2280 | ||
c3287c0f CLG |
2281 | /* |
2282 | * We do not model the chip select pin, so allow the board to select | |
2283 | * whether card should be in SSI or MMC/SD mode. It is also up to the | |
2284 | * board to ensure that ssi transfers only occur when the chip select | |
2285 | * is asserted. | |
2286 | */ | |
2287 | static void sd_spi_class_init(ObjectClass *klass, void *data) | |
2288 | { | |
2289 | DeviceClass *dc = DEVICE_CLASS(klass); | |
2290 | SDCardClass *sc = SD_CARD_CLASS(klass); | |
2291 | ||
2292 | dc->desc = "SD SPI"; | |
2293 | sc->proto = &sd_proto_spi; | |
2294 | } | |
2295 | ||
88d2198c PMD |
2296 | static const TypeInfo sd_types[] = { |
2297 | { | |
2298 | .name = TYPE_SD_CARD, | |
2299 | .parent = TYPE_DEVICE, | |
2300 | .instance_size = sizeof(SDState), | |
2301 | .class_size = sizeof(SDCardClass), | |
2302 | .class_init = sd_class_init, | |
2303 | .instance_init = sd_instance_init, | |
2304 | .instance_finalize = sd_instance_finalize, | |
2305 | }, | |
2306 | { | |
2307 | .name = TYPE_SD_CARD_SPI, | |
2308 | .parent = TYPE_SD_CARD, | |
2309 | .class_init = sd_spi_class_init, | |
2310 | }, | |
c3287c0f CLG |
2311 | }; |
2312 | ||
88d2198c | 2313 | DEFINE_TYPES(sd_types) |