]> git.ipfire.org Git - thirdparty/qemu.git/blame - hw/sd/sd.c
projects / thirdparty / qemu.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
hw/sd/sdhci: Do not update TRNMOD when Command Inhibit (DAT) is set
[thirdparty/qemu.git] / hw / sd / sd.c
CommitLineData
5fafdf24 1/*
a1bb27b1 2 * SD Memory Card emulation as defined in the "SD Memory Card Physical
2f0939c2 3 * layer specification, Version 2.00."
a1bb27b1
PB		 4 *
5 * Copyright (c) 2006 Andrzej Zaborowski <balrog@zabor.org>
6 * Copyright (c) 2007 CodeSourcery
2f0939c2 7 * Copyright (c) 2018 Philippe Mathieu-Daudé <f4bug@amsat.org>
a1bb27b1
PB		 8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS''
21 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
22 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
23 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR
24 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
25 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
26 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
27 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
28 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
29 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
30 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
31 */
32
0430891c 33#include "qemu/osdep.h"
4c8f9735 34#include "qemu/units.h"
a9bcedd1 35#include "qemu/cutils.h"
64552b6b 36#include "hw/irq.h"
6f296421 37#include "hw/registerfields.h"
4be74634 38#include "sysemu/block-backend.h"
e3382ef0 39#include "hw/sd/sd.h"
9006f1e7 40#include "hw/sd/sdcard_legacy.h"
d6454270 41#include "migration/vmstate.h"
da34e65c 42#include "qapi/error.h"
1de7afc9 43#include "qemu/bitmap.h"
260bc9d8 44#include "hw/qdev-properties.h"
ce35e229 45#include "hw/qdev-properties-system.h"
260bc9d8 46#include "qemu/error-report.h"
dd26eb43 47#include "qemu/timer.h"
03dd024f 48#include "qemu/log.h"
0b8fa32f 49#include "qemu/module.h"
f250015b 50#include "sdmmc-internal.h"
1b640aa9 51#include "trace.h"
a1bb27b1
PB		 52
53//#define DEBUG_SD 1
54
6d2d4069
BM		 55#define SDSC_MAX_CAPACITY (2 * GiB)
56
7dae0a1d 57#define INVALID_ADDRESS UINT32_MAX
872b8fde 58
a1bb27b1
PB		 59typedef enum {
60 sd_r0 = 0, /* no response */
61 sd_r1, /* normal response command */
62 sd_r2_i, /* CID register */
63 sd_r2_s, /* CSD register */
64 sd_r3, /* OCR register */
65 sd_r6 = 6, /* Published RCA response */
1b088995 66 sd_r7, /* Operating voltage */
a1bb27b1 67 sd_r1b = -1,
53bb8cc4 68 sd_illegal = -2,
c227f099 69} sd_rsp_type_t;
a1bb27b1 70
50a5be6c
IM		 71enum SDCardModes {
72 sd_inactive,
73 sd_card_identification_mode,
74 sd_data_transfer_mode,
75};
76
77enum SDCardStates {
78 sd_inactive_state = -1,
79 sd_idle_state = 0,
80 sd_ready_state,
81 sd_identification_state,
82 sd_standby_state,
83 sd_transfer_state,
84 sd_sendingdata_state,
85 sd_receivingdata_state,
86 sd_programming_state,
87 sd_disconnect_state,
88};
89
46859b60
PMD		 90typedef sd_rsp_type_t (*sd_cmd_handler)(SDState *sd, SDRequest req);
91
1b4a2342
PMD		 92typedef struct SDProto {
93 const char *name;
46859b60
PMD		 94 sd_cmd_handler cmd[SDMMC_CMD_MAX];
95 sd_cmd_handler acmd[SDMMC_CMD_MAX];
1b4a2342
PMD		 96} SDProto;
97
a1bb27b1 98struct SDState {
260bc9d8
PM		 99 DeviceState parent_obj;
100
007d1dbf
MA		 101 /* If true, created by sd_init() for a non-qdevified caller */
102 /* TODO purge them with fire */
103 bool me_no_qdev_me_kill_mammoth_with_rocks;
104
d49b1ce0 105 /* SD Memory Card Registers */
a1bb27b1
PB		 106 uint32_t ocr;
107 uint8_t scr[8];
108 uint8_t cid[16];
109 uint8_t csd[16];
110 uint16_t rca;
111 uint32_t card_status;
112 uint8_t sd_status[64];
d49b1ce0 113
9820502c
PMD		 114 /* Static properties */
115
2f0939c2 116 uint8_t spec_version;
d49b1ce0 117 BlockBackend *blk;
d49b1ce0 118
9820502c
PMD		 119 /* Runtime changeables */
120
d49b1ce0
PMD		 121 uint32_t mode; /* current card mode, one of SDCardModes */
122 int32_t state; /* current card state, one of SDCardStates */
1b088995 123 uint32_t vhs;
bebd1271 124 bool wp_switch;
6947feca
PMD		 125 unsigned long *wp_group_bmap;
126 int32_t wp_group_bits;
2d7adea4 127 uint64_t size;
50a5be6c 128 uint32_t blk_len;
4481bbc7 129 uint32_t multi_blk_cnt;
a1bb27b1
PB		 130 uint32_t erase_start;
131 uint32_t erase_end;
132 uint8_t pwd[16];
50a5be6c
IM		 133 uint32_t pwd_len;
134 uint8_t function_group[6];
50a5be6c 135 uint8_t current_cmd;
1d06cb7a
PM		 136 /* True if we will handle the next command as an ACMD. Note that this does
137 * *not* track the APP_CMD status bit!
138 */
bebd1271 139 bool expecting_acmd;
50a5be6c 140 uint32_t blk_written;
2d7adea4 141 uint64_t data_start;
a1bb27b1
PB		 142 uint32_t data_offset;
143 uint8_t data[512];
02ce600c
AZ		 144 qemu_irq readonly_cb;
145 qemu_irq inserted_cb;
d49b1ce0 146 QEMUTimer *ocr_power_timer;
bebd1271 147 bool enable;
da346922
PMD		 148 uint8_t dat_lines;
149 bool cmd_line;
a1bb27b1
PB		 150};
151
007d1dbf
MA		 152static void sd_realize(DeviceState *dev, Error **errp);
153
1b4a2342
PMD		 154static const struct SDProto *sd_proto(SDState *sd)
155{
156 SDCardClass *sc = SD_CARD_GET_CLASS(sd);
157
158 return sc->proto;
159}
160
c3287c0f
CLG		 161static const SDProto sd_proto_spi;
162
163static bool sd_is_spi(SDState *sd)
164{
165 return sd_proto(sd) == &sd_proto_spi;
166}
167
94ef3041
PMD		 168static const char *sd_version_str(enum SDPhySpecificationVersion version)
169{
170 static const char *sdphy_version[] = {
171 [SD_PHY_SPECv1_10_VERS] = "v1.10",
172 [SD_PHY_SPECv2_00_VERS] = "v2.00",
173 [SD_PHY_SPECv3_01_VERS] = "v3.01",
174 };
175 if (version >= ARRAY_SIZE(sdphy_version)) {
176 return "unsupported version";
177 }
178 return sdphy_version[version];
179}
180
1b640aa9
PMD		 181static const char *sd_state_name(enum SDCardStates state)
182{
183 static const char *state_name[] = {
184 [sd_idle_state] = "idle",
185 [sd_ready_state] = "ready",
186 [sd_identification_state] = "identification",
187 [sd_standby_state] = "standby",
188 [sd_transfer_state] = "transfer",
189 [sd_sendingdata_state] = "sendingdata",
190 [sd_receivingdata_state] = "receivingdata",
191 [sd_programming_state] = "programming",
192 [sd_disconnect_state] = "disconnect",
193 };
194 if (state == sd_inactive_state) {
195 return "inactive";
196 }
1c598ab2 197 assert(state < ARRAY_SIZE(state_name));
1b640aa9
PMD		 198 return state_name[state];
199}
200
55921932
PMD		 201static const char *sd_response_name(sd_rsp_type_t rsp)
202{
203 static const char *response_name[] = {
204 [sd_r0] = "RESP#0 (no response)",
205 [sd_r1] = "RESP#1 (normal cmd)",
206 [sd_r2_i] = "RESP#2 (CID reg)",
207 [sd_r2_s] = "RESP#2 (CSD reg)",
208 [sd_r3] = "RESP#3 (OCR reg)",
209 [sd_r6] = "RESP#6 (RCA)",
210 [sd_r7] = "RESP#7 (operating voltage)",
211 };
212 if (rsp == sd_illegal) {
213 return "ILLEGAL RESP";
214 }
215 if (rsp == sd_r1b) {
216 rsp = sd_r1;
217 }
1c598ab2 218 assert(rsp < ARRAY_SIZE(response_name));
55921932
PMD		 219 return response_name[rsp];
220}
221
da346922
PMD		 222static uint8_t sd_get_dat_lines(SDState *sd)
223{
224 return sd->enable ? sd->dat_lines : 0;
225}
226
227static bool sd_get_cmd_line(SDState *sd)
228{
229 return sd->enable ? sd->cmd_line : false;
230}
231
0034ebe6
PMD		 232static void sd_set_voltage(SDState *sd, uint16_t millivolts)
233{
814b2adc
PMD		 234 trace_sdcard_set_voltage(millivolts);
235
0034ebe6
PMD		 236 switch (millivolts) {
237 case 3001 ... 3600: /* SD_VOLTAGE_3_3V */
238 case 2001 ... 3000: /* SD_VOLTAGE_3_0V */
239 break;
240 default:
241 qemu_log_mask(LOG_GUEST_ERROR, "SD card voltage not supported: %.3fV",
242 millivolts / 1000.f);
243 }
244}
245
10a412da 246static void sd_set_mode(SDState *sd)
a1bb27b1
PB		 247{
248 switch (sd->state) {
249 case sd_inactive_state:
250 sd->mode = sd_inactive;
251 break;
252
253 case sd_idle_state:
254 case sd_ready_state:
255 case sd_identification_state:
256 sd->mode = sd_card_identification_mode;
257 break;
258
259 case sd_standby_state:
260 case sd_transfer_state:
261 case sd_sendingdata_state:
262 case sd_receivingdata_state:
263 case sd_programming_state:
264 case sd_disconnect_state:
265 sd->mode = sd_data_transfer_mode;
266 break;
267 }
a1bb27b1
PB		 268}
269
f250015b 270static const sd_cmd_type_t sd_cmd_type[SDMMC_CMD_MAX] = {
a1bb27b1 271 sd_bc, sd_none, sd_bcr, sd_bcr, sd_none, sd_none, sd_none, sd_ac,
1b088995 272 sd_bcr, sd_ac, sd_ac, sd_adtc, sd_ac, sd_ac, sd_none, sd_ac,
f250015b 273 /* 16 */
a1bb27b1
PB		 274 sd_ac, sd_adtc, sd_adtc, sd_none, sd_none, sd_none, sd_none, sd_none,
275 sd_adtc, sd_adtc, sd_adtc, sd_adtc, sd_ac, sd_ac, sd_adtc, sd_none,
f250015b 276 /* 32 */
a1bb27b1
PB		 277 sd_ac, sd_ac, sd_none, sd_none, sd_none, sd_none, sd_ac, sd_none,
278 sd_none, sd_none, sd_bc, sd_none, sd_none, sd_none, sd_none, sd_none,
f250015b 279 /* 48 */
a1bb27b1
PB		 280 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_ac,
281 sd_adtc, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
282};
283
f250015b 284static const int sd_cmd_class[SDMMC_CMD_MAX] = {
a1bb27b1
PB		 285 0, 0, 0, 0, 0, 9, 10, 0, 0, 0, 0, 1, 0, 0, 0, 0,
286 2, 2, 2, 2, 3, 3, 3, 3, 4, 4, 4, 4, 6, 6, 6, 6,
287 5, 5, 10, 10, 10, 10, 5, 9, 9, 9, 7, 7, 7, 7, 7, 7,
288 7, 7, 10, 7, 9, 9, 9, 8, 8, 10, 8, 8, 8, 8, 8, 8,
289};
290
aecaa059 291static uint8_t sd_crc7(const void *message, size_t width)
a1bb27b1
PB		 292{
293 int i, bit;
294 uint8_t shift_reg = 0x00;
aecaa059 295 const uint8_t *msg = (const uint8_t *)message;
a1bb27b1
PB		 296
297 for (i = 0; i < width; i ++, msg ++)
298 for (bit = 7; bit >= 0; bit --) {
299 shift_reg <<= 1;
300 if ((shift_reg >> 7) ^ ((*msg >> bit) & 1))
301 shift_reg ^= 0x89;
302 }
303
304 return shift_reg;
305}
306
6f296421
PMD		 307#define OCR_POWER_DELAY_NS 500000 /* 0.5ms */
308
3d42fb52
PMD		 309FIELD(OCR, VDD_VOLTAGE_WINDOW, 0, 24)
310FIELD(OCR, VDD_VOLTAGE_WIN_LO, 0, 8)
311FIELD(OCR, DUAL_VOLTAGE_CARD, 7, 1)
312FIELD(OCR, VDD_VOLTAGE_WIN_HI, 8, 16)
313FIELD(OCR, ACCEPT_SWITCH_1V8, 24, 1) /* Only UHS-I */
314FIELD(OCR, UHS_II_CARD, 29, 1) /* Only UHS-II */
6f296421
PMD		 315FIELD(OCR, CARD_CAPACITY, 30, 1) /* 0:SDSC, 1:SDHC/SDXC */
316FIELD(OCR, CARD_POWER_UP, 31, 1)
317
3d42fb52
PMD		 318#define ACMD41_ENQUIRY_MASK 0x00ffffff
319#define ACMD41_R3_MASK (R_OCR_VDD_VOLTAGE_WIN_HI_MASK \
320 | R_OCR_ACCEPT_SWITCH_1V8_MASK \
321 | R_OCR_UHS_II_CARD_MASK \
322 | R_OCR_CARD_CAPACITY_MASK \
323 | R_OCR_CARD_POWER_UP_MASK)
324
dd26eb43
AB		 325static void sd_ocr_powerup(void *opaque)
326{
327 SDState *sd = opaque;
328
814b2adc 329 trace_sdcard_powerup();
6f296421
PMD		 330 assert(!FIELD_EX32(sd->ocr, OCR, CARD_POWER_UP));
331
332 /* card power-up OK */
333 sd->ocr = FIELD_DP32(sd->ocr, OCR, CARD_POWER_UP, 1);
9273ea61 334
6d2d4069 335 if (sd->size > SDSC_MAX_CAPACITY) {
9273ea61
PMD		 336 sd->ocr = FIELD_DP32(sd->ocr, OCR, CARD_CAPACITY, 1);
337 }
a1bb27b1
PB		 338}
339
b66f73a0
FC		 340static void sd_set_ocr(SDState *sd)
341{
342 /* All voltages OK */
343 sd->ocr = R_OCR_VDD_VOLTAGE_WIN_HI_MASK;
344
c3287c0f 345 if (sd_is_spi(sd)) {
b66f73a0
FC		 346 /*
347 * We don't need to emulate power up sequence in SPI-mode.
348 * Thus, the card's power up status bit should be set to 1 when reset.
349 * The card's capacity status bit should also be set if SD card size
350 * is larger than 2GB for SDHC support.
351 */
352 sd_ocr_powerup(sd);
353 }
354}
355
a1bb27b1
PB		 356static void sd_set_scr(SDState *sd)
357{
2f0939c2
PMD		 358 sd->scr[0] = 0 << 4; /* SCR structure version 1.0 */
359 if (sd->spec_version == SD_PHY_SPECv1_10_VERS) {
360 sd->scr[0] |= 1; /* Spec Version 1.10 */
361 } else {
2c511375 362 sd->scr[0] |= 2; /* Spec Version 2.00 or Version 3.0X */
2f0939c2 363 }
9b7ec55c
PMD		 364 sd->scr[1] = (2 << 4) /* SDSC Card (Security Version 1.01) */
365 | 0b0101; /* 1-bit or 4-bit width bus modes */
366 sd->scr[2] = 0x00; /* Extended Security is not supported. */
2c511375
PMD		 367 if (sd->spec_version >= SD_PHY_SPECv3_01_VERS) {
368 sd->scr[2] |= 1 << 7; /* Spec Version 3.0X */
369 }
a1bb27b1 370 sd->scr[3] = 0x00;
9b7ec55c 371 /* reserved for manufacturer usage */
a1bb27b1
PB		 372 sd->scr[4] = 0x00;
373 sd->scr[5] = 0x00;
374 sd->scr[6] = 0x00;
375 sd->scr[7] = 0x00;
376}
377
48805df9
YF		 378#define MID 0xaa
379#define OID "XY"
380#define PNM "QEMU!"
381#define PRV 0x01
382#define MDT_YR 2006
383#define MDT_MON 2
a1bb27b1
PB		 384
385static void sd_set_cid(SDState *sd)
386{
48805df9
YF		 387 sd->cid[0] = MID; /* Fake card manufacturer ID (MID) */
388 sd->cid[1] = OID[0]; /* OEM/Application ID (OID) */
a1bb27b1 389 sd->cid[2] = OID[1];
48805df9 390 sd->cid[3] = PNM[0]; /* Fake product name (PNM) */
a1bb27b1
PB		 391 sd->cid[4] = PNM[1];
392 sd->cid[5] = PNM[2];
393 sd->cid[6] = PNM[3];
394 sd->cid[7] = PNM[4];
48805df9
YF		 395 sd->cid[8] = PRV; /* Fake product revision (PRV) */
396 sd->cid[9] = 0xde; /* Fake serial number (PSN) */
a1bb27b1
PB		 397 sd->cid[10] = 0xad;
398 sd->cid[11] = 0xbe;
399 sd->cid[12] = 0xef;
48805df9 400 sd->cid[13] = 0x00 | /* Manufacture date (MDT) */
a1bb27b1
PB		 401 ((MDT_YR - 2000) / 10);
402 sd->cid[14] = ((MDT_YR % 10) << 4) | MDT_MON;
403 sd->cid[15] = (sd_crc7(sd->cid, 15) << 1) | 1;
404}
405
48805df9
YF		 406#define HWBLOCK_SHIFT 9 /* 512 bytes */
407#define SECTOR_SHIFT 5 /* 16 kilobytes */
408#define WPGROUP_SHIFT 7 /* 2 megs */
409#define CMULT_SHIFT 9 /* 512 times HWBLOCK_SIZE */
410#define WPGROUP_SIZE (1 << (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT))
a1bb27b1
PB		 411
412static const uint8_t sd_csd_rw_mask[16] = {
413 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
414 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xfc, 0xfe,
415};
416
2d7adea4 417static void sd_set_csd(SDState *sd, uint64_t size)
a1bb27b1 418{
575094b7
BM		 419 int hwblock_shift = HWBLOCK_SHIFT;
420 uint32_t csize;
a1bb27b1
PB		 421 uint32_t sectsize = (1 << (SECTOR_SHIFT + 1)) - 1;
422 uint32_t wpsize = (1 << (WPGROUP_SHIFT + 1)) - 1;
423
575094b7
BM		 424 /* To indicate 2 GiB card, BLOCK_LEN shall be 1024 bytes */
425 if (size == SDSC_MAX_CAPACITY) {
426 hwblock_shift += 1;
427 }
428 csize = (size >> (CMULT_SHIFT + hwblock_shift)) - 1;
429
6d2d4069 430 if (size <= SDSC_MAX_CAPACITY) { /* Standard Capacity SD */
48805df9
YF		 431 sd->csd[0] = 0x00; /* CSD structure */
432 sd->csd[1] = 0x26; /* Data read access-time-1 */
433 sd->csd[2] = 0x00; /* Data read access-time-2 */
d7ecb867 434 sd->csd[3] = 0x32; /* Max. data transfer rate: 25 MHz */
48805df9
YF		 435 sd->csd[4] = 0x5f; /* Card Command Classes */
436 sd->csd[5] = 0x50 | /* Max. read data block length */
575094b7 437 hwblock_shift;
48805df9 438 sd->csd[6] = 0xe0 | /* Partial block for read allowed */
2d7adea4 439 ((csize >> 10) & 0x03);
48805df9 440 sd->csd[7] = 0x00 | /* Device size */
2d7adea4 441 ((csize >> 2) & 0xff);
48805df9 442 sd->csd[8] = 0x3f | /* Max. read current */
2d7adea4 443 ((csize << 6) & 0xc0);
48805df9 444 sd->csd[9] = 0xfc | /* Max. write current */
2d7adea4 445 ((CMULT_SHIFT - 2) >> 1);
48805df9 446 sd->csd[10] = 0x40 | /* Erase sector size */
2d7adea4 447 (((CMULT_SHIFT - 2) << 7) & 0x80) | (sectsize >> 1);
48805df9 448 sd->csd[11] = 0x00 | /* Write protect group size */
2d7adea4 449 ((sectsize << 7) & 0x80) | wpsize;
48805df9 450 sd->csd[12] = 0x90 | /* Write speed factor */
575094b7 451 (hwblock_shift >> 2);
48805df9 452 sd->csd[13] = 0x20 | /* Max. write data block length */
575094b7 453 ((hwblock_shift << 6) & 0xc0);
48805df9
YF		 454 sd->csd[14] = 0x00; /* File format group */
455 } else { /* SDHC */
4c8f9735 456 size /= 512 * KiB;
2d7adea4
AZ		 457 size -= 1;
458 sd->csd[0] = 0x40;
459 sd->csd[1] = 0x0e;
460 sd->csd[2] = 0x00;
461 sd->csd[3] = 0x32;
462 sd->csd[4] = 0x5b;
463 sd->csd[5] = 0x59;
464 sd->csd[6] = 0x00;
465 sd->csd[7] = (size >> 16) & 0xff;
466 sd->csd[8] = (size >> 8) & 0xff;
467 sd->csd[9] = (size & 0xff);
468 sd->csd[10] = 0x7f;
469 sd->csd[11] = 0x80;
470 sd->csd[12] = 0x0a;
471 sd->csd[13] = 0x40;
472 sd->csd[14] = 0x00;
2d7adea4 473 }
e8feec80 474 sd->csd[15] = (sd_crc7(sd->csd, 15) << 1) | 1;
a1bb27b1
PB		 475}
476
477static void sd_set_rca(SDState *sd)
478{
479 sd->rca += 0x4567;
480}
481
da26e3f3
PMD		 482FIELD(CSR, AKE_SEQ_ERROR, 3, 1)
483FIELD(CSR, APP_CMD, 5, 1)
484FIELD(CSR, FX_EVENT, 6, 1)
485FIELD(CSR, READY_FOR_DATA, 8, 1)
486FIELD(CSR, CURRENT_STATE, 9, 4)
487FIELD(CSR, ERASE_RESET, 13, 1)
488FIELD(CSR, CARD_ECC_DISABLED, 14, 1)
489FIELD(CSR, WP_ERASE_SKIP, 15, 1)
490FIELD(CSR, CSD_OVERWRITE, 16, 1)
491FIELD(CSR, DEFERRED_RESPONSE, 17, 1)
492FIELD(CSR, ERROR, 19, 1)
493FIELD(CSR, CC_ERROR, 20, 1)
494FIELD(CSR, CARD_ECC_FAILED, 21, 1)
495FIELD(CSR, ILLEGAL_COMMAND, 22, 1)
496FIELD(CSR, COM_CRC_ERROR, 23, 1)
497FIELD(CSR, LOCK_UNLOCK_FAILED, 24, 1)
498FIELD(CSR, CARD_IS_LOCKED, 25, 1)
499FIELD(CSR, WP_VIOLATION, 26, 1)
500FIELD(CSR, ERASE_PARAM, 27, 1)
501FIELD(CSR, ERASE_SEQ_ERROR, 28, 1)
502FIELD(CSR, BLOCK_LEN_ERROR, 29, 1)
503FIELD(CSR, ADDRESS_ERROR, 30, 1)
504FIELD(CSR, OUT_OF_RANGE, 31, 1)
505
b8d334c8
PM		 506/* Card status bits, split by clear condition:
507 * A : According to the card current state
508 * B : Always related to the previous command
509 * C : Cleared by read
510 */
da26e3f3
PMD		 511#define CARD_STATUS_A (R_CSR_READY_FOR_DATA_MASK \
512 | R_CSR_CARD_ECC_DISABLED_MASK \
513 | R_CSR_CARD_IS_LOCKED_MASK)
514#define CARD_STATUS_B (R_CSR_CURRENT_STATE_MASK \
515 | R_CSR_ILLEGAL_COMMAND_MASK \
516 | R_CSR_COM_CRC_ERROR_MASK)
517#define CARD_STATUS_C (R_CSR_AKE_SEQ_ERROR_MASK \
518 | R_CSR_APP_CMD_MASK \
519 | R_CSR_ERASE_RESET_MASK \
520 | R_CSR_WP_ERASE_SKIP_MASK \
521 | R_CSR_CSD_OVERWRITE_MASK \
522 | R_CSR_ERROR_MASK \
523 | R_CSR_CC_ERROR_MASK \
524 | R_CSR_CARD_ECC_FAILED_MASK \
525 | R_CSR_LOCK_UNLOCK_FAILED_MASK \
526 | R_CSR_WP_VIOLATION_MASK \
527 | R_CSR_ERASE_PARAM_MASK \
528 | R_CSR_ERASE_SEQ_ERROR_MASK \
529 | R_CSR_BLOCK_LEN_ERROR_MASK \
530 | R_CSR_ADDRESS_ERROR_MASK \
531 | R_CSR_OUT_OF_RANGE_MASK)
a1bb27b1
PB		 532
533static void sd_set_cardstatus(SDState *sd)
534{
535 sd->card_status = 0x00000100;
536}
537
538static void sd_set_sdstatus(SDState *sd)
539{
540 memset(sd->sd_status, 0, 64);
541}
542
bc24a225 543static int sd_req_crc_validate(SDRequest *req)
a1bb27b1
PB		 544{
545 uint8_t buffer[5];
546 buffer[0] = 0x40 | req->cmd;
67bfddd6 547 stl_be_p(&buffer[1], req->arg);
a1bb27b1 548 return 0;
48805df9 549 return sd_crc7(buffer, 5) != req->crc; /* TODO */
a1bb27b1
PB		 550}
551
10a412da 552static void sd_response_r1_make(SDState *sd, uint8_t *response)
a1bb27b1 553{
67bfddd6
PMD		 554 stl_be_p(response, sd->card_status);
555
1d06cb7a
PM		 556 /* Clear the "clear on read" status bits */
557 sd->card_status &= ~CARD_STATUS_C;
a1bb27b1
PB		 558}
559
9596ebb7 560static void sd_response_r3_make(SDState *sd, uint8_t *response)
a1bb27b1 561{
3d42fb52 562 stl_be_p(response, sd->ocr & ACMD41_R3_MASK);
a1bb27b1
PB		 563}
564
9596ebb7 565static void sd_response_r6_make(SDState *sd, uint8_t *response)
a1bb27b1 566{
a1bb27b1
PB		 567 uint16_t status;
568
a1bb27b1
PB		 569 status = ((sd->card_status >> 8) & 0xc000) |
570 ((sd->card_status >> 6) & 0x2000) |
571 (sd->card_status & 0x1fff);
fcfa9351 572 sd->card_status &= ~(CARD_STATUS_C & 0xc81fff);
67bfddd6
PMD		 573 stw_be_p(response + 0, sd->rca);
574 stw_be_p(response + 2, status);
a1bb27b1
PB		 575}
576
1b088995
AZ		 577static void sd_response_r7_make(SDState *sd, uint8_t *response)
578{
67bfddd6 579 stl_be_p(response, sd->vhs);
1b088995
AZ		 580}
581
b7202b88
MI		 582static inline uint64_t sd_addr_to_wpnum(uint64_t addr)
583{
584 return addr >> (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT);
585}
586
ba3ed0fa 587static void sd_reset(DeviceState *dev)
a1bb27b1 588{
ba3ed0fa 589 SDState *sd = SD_CARD(dev);
2d7adea4 590 uint64_t size;
a1bb27b1
PB		 591 uint64_t sect;
592
814b2adc 593 trace_sdcard_reset();
16b781aa
PM		 594 if (sd->blk) {
595 blk_get_geometry(sd->blk, &sect);
03f311ed
PB		 596 } else {
597 sect = 0;
598 }
5e37141b 599 size = sect << 9;
a1bb27b1 600
b7202b88 601 sect = sd_addr_to_wpnum(size) + 1;
a1bb27b1
PB		 602
603 sd->state = sd_idle_state;
604 sd->rca = 0x0000;
b66f73a0 605 sd->size = size;
a1bb27b1
PB		 606 sd_set_ocr(sd);
607 sd_set_scr(sd);
608 sd_set_cid(sd);
609 sd_set_csd(sd, size);
610 sd_set_cardstatus(sd);
611 sd_set_sdstatus(sd);
612
6947feca 613 g_free(sd->wp_group_bmap);
86b1cf32 614 sd->wp_switch = sd->blk ? !blk_is_writable(sd->blk) : false;
6947feca
PMD		 615 sd->wp_group_bits = sect;
616 sd->wp_group_bmap = bitmap_new(sd->wp_group_bits);
50a5be6c 617 memset(sd->function_group, 0, sizeof(sd->function_group));
872b8fde
PMD		 618 sd->erase_start = INVALID_ADDRESS;
619 sd->erase_end = INVALID_ADDRESS;
a1bb27b1
PB		 620 sd->blk_len = 0x200;
621 sd->pwd_len = 0;
bebd1271 622 sd->expecting_acmd = false;
da346922
PMD		 623 sd->dat_lines = 0xf;
624 sd->cmd_line = true;
4481bbc7 625 sd->multi_blk_cnt = 0;
a1bb27b1
PB		 626}
627
c759a790
PM		 628static bool sd_get_inserted(SDState *sd)
629{
0719e71e 630 return sd->blk && blk_is_inserted(sd->blk);
c759a790
PM		 631}
632
633static bool sd_get_readonly(SDState *sd)
634{
635 return sd->wp_switch;
636}
637
39829a01 638static void sd_cardchange(void *opaque, bool load, Error **errp)
a1bb27b1
PB		 639{
640 SDState *sd = opaque;
c759a790 641 DeviceState *dev = DEVICE(sd);
007d1dbf 642 SDBus *sdbus;
c759a790
PM		 643 bool inserted = sd_get_inserted(sd);
644 bool readonly = sd_get_readonly(sd);
db97ee6a 645
c759a790 646 if (inserted) {
814b2adc 647 trace_sdcard_inserted(readonly);
c759a790 648 sd_reset(dev);
814b2adc
PMD		 649 } else {
650 trace_sdcard_ejected();
c759a790
PM		 651 }
652
007d1dbf
MA		 653 if (sd->me_no_qdev_me_kill_mammoth_with_rocks) {
654 qemu_set_irq(sd->inserted_cb, inserted);
c759a790 655 if (inserted) {
007d1dbf 656 qemu_set_irq(sd->readonly_cb, readonly);
c759a790
PM		 657 }
658 } else {
007d1dbf
MA		 659 sdbus = SD_BUS(qdev_get_parent_bus(dev));
660 sdbus_set_inserted(sdbus, inserted);
c759a790 661 if (inserted) {
007d1dbf 662 sdbus_set_readonly(sdbus, readonly);
c759a790 663 }
a1bb27b1
PB		 664 }
665}
666
0e49de52 667static const BlockDevOps sd_block_ops = {
145feb17 668 .change_media_cb = sd_cardchange,
0e49de52
MA		 669};
670
dd26eb43
AB		 671static bool sd_ocr_vmstate_needed(void *opaque)
672{
673 SDState *sd = opaque;
674
675 /* Include the OCR state (and timer) if it is not yet powered up */
6f296421 676 return !FIELD_EX32(sd->ocr, OCR, CARD_POWER_UP);
dd26eb43
AB		 677}
678
679static const VMStateDescription sd_ocr_vmstate = {
680 .name = "sd-card/ocr-state",
681 .version_id = 1,
682 .minimum_version_id = 1,
683 .needed = sd_ocr_vmstate_needed,
307119ba 684 .fields = (const VMStateField[]) {
dd26eb43
AB		 685 VMSTATE_UINT32(ocr, SDState),
686 VMSTATE_TIMER_PTR(ocr_power_timer, SDState),
687 VMSTATE_END_OF_LIST()
688 },
689};
690
691static int sd_vmstate_pre_load(void *opaque)
692{
693 SDState *sd = opaque;
694
695 /* If the OCR state is not included (prior versions, or not
696 * needed), then the OCR must be set as powered up. If the OCR state
697 * is included, this will be replaced by the state restore.
698 */
699 sd_ocr_powerup(sd);
700
701 return 0;
702}
703
50a5be6c
IM		 704static const VMStateDescription sd_vmstate = {
705 .name = "sd-card",
7dae0a1d
PMD		 706 .version_id = 2,
707 .minimum_version_id = 2,
dd26eb43 708 .pre_load = sd_vmstate_pre_load,
307119ba 709 .fields = (const VMStateField[]) {
50a5be6c
IM		 710 VMSTATE_UINT32(mode, SDState),
711 VMSTATE_INT32(state, SDState),
712 VMSTATE_UINT8_ARRAY(cid, SDState, 16),
713 VMSTATE_UINT8_ARRAY(csd, SDState, 16),
714 VMSTATE_UINT16(rca, SDState),
715 VMSTATE_UINT32(card_status, SDState),
716 VMSTATE_PARTIAL_BUFFER(sd_status, SDState, 1),
717 VMSTATE_UINT32(vhs, SDState),
6947feca 718 VMSTATE_BITMAP(wp_group_bmap, SDState, 0, wp_group_bits),
50a5be6c 719 VMSTATE_UINT32(blk_len, SDState),
4481bbc7 720 VMSTATE_UINT32(multi_blk_cnt, SDState),
50a5be6c
IM		 721 VMSTATE_UINT32(erase_start, SDState),
722 VMSTATE_UINT32(erase_end, SDState),
723 VMSTATE_UINT8_ARRAY(pwd, SDState, 16),
724 VMSTATE_UINT32(pwd_len, SDState),
725 VMSTATE_UINT8_ARRAY(function_group, SDState, 6),
726 VMSTATE_UINT8(current_cmd, SDState),
727 VMSTATE_BOOL(expecting_acmd, SDState),
728 VMSTATE_UINT32(blk_written, SDState),
729 VMSTATE_UINT64(data_start, SDState),
730 VMSTATE_UINT32(data_offset, SDState),
731 VMSTATE_UINT8_ARRAY(data, SDState, 512),
12c125cb 732 VMSTATE_UNUSED_V(1, 512),
50a5be6c
IM		 733 VMSTATE_BOOL(enable, SDState),
734 VMSTATE_END_OF_LIST()
dd26eb43 735 },
307119ba 736 .subsections = (const VMStateDescription * const []) {
dd26eb43
AB		 737 &sd_ocr_vmstate,
738 NULL
739 },
50a5be6c
IM		 740};
741
260bc9d8 742/* Legacy initialization function for use by non-qdevified callers */
4be74634 743SDState *sd_init(BlockBackend *blk, bool is_spi)
a1bb27b1 744{
fec44a8c 745 Object *obj;
260bc9d8 746 DeviceState *dev;
007d1dbf 747 SDState *sd;
260bc9d8 748 Error *err = NULL;
a1bb27b1 749
c3287c0f 750 obj = object_new(is_spi ? TYPE_SD_CARD_SPI : TYPE_SD_CARD);
fec44a8c 751 dev = DEVICE(obj);
0c0e618d 752 if (!qdev_prop_set_drive_err(dev, "drive", blk, &err)) {
5217f188 753 error_reportf_err(err, "sd_init failed: ");
4f8a066b
KW		 754 return NULL;
755 }
007d1dbf
MA		 756
757 /*
758 * Realizing the device properly would put it into the QOM
759 * composition tree even though it is not plugged into an
760 * appropriate bus. That's a no-no. Hide the device from
761 * QOM/qdev, and call its qdev realize callback directly.
762 */
763 object_ref(obj);
764 object_unparent(obj);
765 sd_realize(dev, &err);
260bc9d8 766 if (err) {
5217f188 767 error_reportf_err(err, "sd_init failed: ");
260bc9d8 768 return NULL;
03f311ed 769 }
260bc9d8 770
007d1dbf
MA		 771 sd = SD_CARD(dev);
772 sd->me_no_qdev_me_kill_mammoth_with_rocks = true;
773 return sd;
a1bb27b1
PB		 774}
775
02ce600c 776void sd_set_cb(SDState *sd, qemu_irq readonly, qemu_irq insert)
a1bb27b1 777{
02ce600c
AZ		 778 sd->readonly_cb = readonly;
779 sd->inserted_cb = insert;
86b1cf32 780 qemu_set_irq(readonly, sd->blk ? !blk_is_writable(sd->blk) : 0);
4be74634 781 qemu_set_irq(insert, sd->blk ? blk_is_inserted(sd->blk) : 0);
a1bb27b1
PB		 782}
783
ce6ea2ef
BM		 784static void sd_blk_read(SDState *sd, uint64_t addr, uint32_t len)
785{
786 trace_sdcard_read_block(addr, len);
a9262f55 787 if (!sd->blk || blk_pread(sd->blk, addr, len, sd->data, 0) < 0) {
ce6ea2ef
BM		 788 fprintf(stderr, "sd_blk_read: read error on host side\n");
789 }
790}
791
792static void sd_blk_write(SDState *sd, uint64_t addr, uint32_t len)
793{
794 trace_sdcard_write_block(addr, len);
a9262f55 795 if (!sd->blk || blk_pwrite(sd->blk, addr, len, sd->data, 0) < 0) {
ce6ea2ef
BM		 796 fprintf(stderr, "sd_blk_write: write error on host side\n");
797 }
798}
799
800#define BLK_READ_BLOCK(a, len) sd_blk_read(sd, a, len)
801#define BLK_WRITE_BLOCK(a, len) sd_blk_write(sd, a, len)
802#define APP_READ_BLOCK(a, len) memset(sd->data, 0xec, len)
803#define APP_WRITE_BLOCK(a, len)
804
a1bb27b1
PB		 805static void sd_erase(SDState *sd)
806{
f2d189d3
IM		 807 uint64_t erase_start = sd->erase_start;
808 uint64_t erase_end = sd->erase_end;
2473dc40 809 bool sdsc = true;
818a5cdc
BM		 810 uint64_t wpnum;
811 uint64_t erase_addr;
812 int erase_len = 1 << HWBLOCK_SHIFT;
f2d189d3 813
aafe6c58 814 trace_sdcard_erase(sd->erase_start, sd->erase_end);
872b8fde
PMD		 815 if (sd->erase_start == INVALID_ADDRESS
816 || sd->erase_end == INVALID_ADDRESS) {
a1bb27b1 817 sd->card_status |= ERASE_SEQ_ERROR;
c8c8b3f1
PMD		 818 sd->erase_start = INVALID_ADDRESS;
819 sd->erase_end = INVALID_ADDRESS;
a1bb27b1
PB		 820 return;
821 }
822
6f296421 823 if (FIELD_EX32(sd->ocr, OCR, CARD_CAPACITY)) {
f2d189d3
IM		 824 /* High capacity memory card: erase units are 512 byte blocks */
825 erase_start *= 512;
826 erase_end *= 512;
2473dc40 827 sdsc = false;
f2d189d3
IM		 828 }
829
64ea2d9f 830 if (erase_start > sd->size || erase_end > sd->size) {
1bd6fd8e
PMD		 831 sd->card_status |= OUT_OF_RANGE;
832 sd->erase_start = INVALID_ADDRESS;
833 sd->erase_end = INVALID_ADDRESS;
834 return;
835 }
836
872b8fde
PMD		 837 sd->erase_start = INVALID_ADDRESS;
838 sd->erase_end = INVALID_ADDRESS;
a1bb27b1
PB		 839 sd->csd[14] |= 0x40;
840
818a5cdc
BM		 841 memset(sd->data, 0xff, erase_len);
842 for (erase_addr = erase_start; erase_addr <= erase_end;
843 erase_addr += erase_len) {
844 if (sdsc) {
845 /* Only SDSC cards support write protect groups */
846 wpnum = sd_addr_to_wpnum(erase_addr);
6947feca
PMD		 847 assert(wpnum < sd->wp_group_bits);
848 if (test_bit(wpnum, sd->wp_group_bmap)) {
2473dc40 849 sd->card_status |= WP_ERASE_SKIP;
818a5cdc 850 continue;
2473dc40 851 }
a9c01830 852 }
818a5cdc 853 BLK_WRITE_BLOCK(erase_addr, erase_len);
a9c01830 854 }
a1bb27b1
PB		 855}
856
2d7adea4 857static uint32_t sd_wpbits(SDState *sd, uint64_t addr)
a1bb27b1
PB		 858{
859 uint32_t i, wpnum;
860 uint32_t ret = 0;
861
b7202b88 862 wpnum = sd_addr_to_wpnum(addr);
a1bb27b1 863
a9c01830 864 for (i = 0; i < 32; i++, wpnum++, addr += WPGROUP_SIZE) {
2a039628
PMD		 865 if (addr >= sd->size) {
866 /*
867 * If the addresses of the last groups are outside the valid range,
868 * then the corresponding write protection bits shall be set to 0.
869 */
870 continue;
871 }
6947feca
PMD		 872 assert(wpnum < sd->wp_group_bits);
873 if (test_bit(wpnum, sd->wp_group_bmap)) {
a1bb27b1 874 ret |= (1 << i);
a9c01830
MI		 875 }
876 }
a1bb27b1
PB		 877
878 return ret;
879}
880
881static void sd_function_switch(SDState *sd, uint32_t arg)
882{
67bfddd6 883 int i, mode, new_func;
a1bb27b1
PB		 884 mode = !!(arg & 0x80000000);
885
48805df9 886 sd->data[0] = 0x00; /* Maximum current consumption */
a1bb27b1 887 sd->data[1] = 0x01;
48805df9 888 sd->data[2] = 0x80; /* Supported group 6 functions */
a1bb27b1 889 sd->data[3] = 0x01;
48805df9 890 sd->data[4] = 0x80; /* Supported group 5 functions */
a1bb27b1 891 sd->data[5] = 0x01;
48805df9 892 sd->data[6] = 0x80; /* Supported group 4 functions */
a1bb27b1 893 sd->data[7] = 0x01;
48805df9 894 sd->data[8] = 0x80; /* Supported group 3 functions */
a1bb27b1 895 sd->data[9] = 0x01;
48805df9 896 sd->data[10] = 0x80; /* Supported group 2 functions */
a1bb27b1 897 sd->data[11] = 0x43;
48805df9 898 sd->data[12] = 0x80; /* Supported group 1 functions */
a1bb27b1 899 sd->data[13] = 0x03;
b638627c 900
89c6700f 901 memset(&sd->data[14], 0, 3);
a1bb27b1
PB		 902 for (i = 0; i < 6; i ++) {
903 new_func = (arg >> (i * 4)) & 0x0f;
904 if (mode && new_func != 0x0f)
905 sd->function_group[i] = new_func;
b638627c 906 sd->data[16 - (i >> 1)] |= new_func << ((i % 2) * 4);
a1bb27b1
PB		 907 }
908 memset(&sd->data[17], 0, 47);
a1bb27b1
PB		 909}
910
4e8f1be2 911static inline bool sd_wp_addr(SDState *sd, uint64_t addr)
a1bb27b1 912{
6947feca 913 return test_bit(sd_addr_to_wpnum(addr), sd->wp_group_bmap);
a1bb27b1
PB		 914}
915
916static void sd_lock_command(SDState *sd)
917{
918 int erase, lock, clr_pwd, set_pwd, pwd_len;
919 erase = !!(sd->data[0] & 0x08);
920 lock = sd->data[0] & 0x04;
921 clr_pwd = sd->data[0] & 0x02;
922 set_pwd = sd->data[0] & 0x01;
923
924 if (sd->blk_len > 1)
925 pwd_len = sd->data[1];
926 else
927 pwd_len = 0;
928
814b2adc
PMD		 929 if (lock) {
930 trace_sdcard_lock();
931 } else {
932 trace_sdcard_unlock();
933 }
a1bb27b1
PB		 934 if (erase) {
935 if (!(sd->card_status & CARD_IS_LOCKED) || sd->blk_len > 1 ||
936 set_pwd || clr_pwd || lock || sd->wp_switch ||
937 (sd->csd[14] & 0x20)) {
938 sd->card_status |= LOCK_UNLOCK_FAILED;
939 return;
940 }
6947feca 941 bitmap_zero(sd->wp_group_bmap, sd->wp_group_bits);
a1bb27b1
PB		 942 sd->csd[14] &= ~0x10;
943 sd->card_status &= ~CARD_IS_LOCKED;
944 sd->pwd_len = 0;
945 /* Erasing the entire card here! */
827df9f3 946 fprintf(stderr, "SD: Card force-erased by CMD42\n");
a1bb27b1
PB		 947 return;
948 }
949
950 if (sd->blk_len < 2 + pwd_len ||
951 pwd_len <= sd->pwd_len ||
952 pwd_len > sd->pwd_len + 16) {
953 sd->card_status |= LOCK_UNLOCK_FAILED;
954 return;
955 }
956
957 if (sd->pwd_len && memcmp(sd->pwd, sd->data + 2, sd->pwd_len)) {
958 sd->card_status |= LOCK_UNLOCK_FAILED;
959 return;
960 }
961
962 pwd_len -= sd->pwd_len;
963 if ((pwd_len && !set_pwd) ||
964 (clr_pwd && (set_pwd || lock)) ||
965 (lock && !sd->pwd_len && !set_pwd) ||
966 (!set_pwd && !clr_pwd &&
967 (((sd->card_status & CARD_IS_LOCKED) && lock) ||
968 (!(sd->card_status & CARD_IS_LOCKED) && !lock)))) {
969 sd->card_status |= LOCK_UNLOCK_FAILED;
970 return;
971 }
972
973 if (set_pwd) {
974 memcpy(sd->pwd, sd->data + 2 + sd->pwd_len, pwd_len);
975 sd->pwd_len = pwd_len;
976 }
977
978 if (clr_pwd) {
979 sd->pwd_len = 0;
980 }
981
982 if (lock)
983 sd->card_status |= CARD_IS_LOCKED;
984 else
985 sd->card_status &= ~CARD_IS_LOCKED;
986}
987
66c152d7
PMD		 988static bool address_in_range(SDState *sd, const char *desc,
989 uint64_t addr, uint32_t length)
990{
991 if (addr + length > sd->size) {
992 qemu_log_mask(LOG_GUEST_ERROR,
993 "%s offset %"PRIu64" > card %"PRIu64" [%%%u]\n",
994 desc, addr, sd->size, length);
995 sd->card_status |= ADDRESS_ERROR;
996 return false;
997 }
998 return true;
999}
1000
13201139
PMD		 1001static sd_rsp_type_t sd_invalid_state_for_cmd(SDState *sd, SDRequest req)
1002{
1b4a2342
PMD		 1003 qemu_log_mask(LOG_GUEST_ERROR, "%s: CMD%i in a wrong state: %s (spec %s)\n",
1004 sd_proto(sd)->name, req.cmd, sd_state_name(sd->state),
94ef3041 1005 sd_version_str(sd->spec_version));
13201139
PMD		 1006
1007 return sd_illegal;
1008}
1009
583204d8
PMD		 1010static sd_rsp_type_t sd_cmd_illegal(SDState *sd, SDRequest req)
1011{
1012 qemu_log_mask(LOG_GUEST_ERROR, "%s: Unknown CMD%i for spec %s\n",
1013 sd_proto(sd)->name, req.cmd,
1014 sd_version_str(sd->spec_version));
1015
1016 return sd_illegal;
1017}
1018
7ffcbf3e
PMD		 1019/* Commands that are recognised but not yet implemented. */
1020static sd_rsp_type_t sd_cmd_unimplemented(SDState *sd, SDRequest req)
1021{
1022 qemu_log_mask(LOG_UNIMP, "%s: CMD%i not implemented\n",
1023 sd_proto(sd)->name, req.cmd);
1024
1025 return sd_illegal;
1026}
1027
a6e0f67e
PMD		 1028static sd_rsp_type_t sd_cmd_GO_IDLE_STATE(SDState *sd, SDRequest req)
1029{
1030 if (sd->state != sd_inactive_state) {
1031 sd->state = sd_idle_state;
1032 sd_reset(DEVICE(sd));
1033 }
1034
c3287c0f 1035 return sd_is_spi(sd) ? sd_r1 : sd_r0;
a6e0f67e
PMD		 1036}
1037
5c44e820
PMD		 1038static sd_rsp_type_t sd_cmd_SEND_OP_CMD(SDState *sd, SDRequest req)
1039{
1040 sd->state = sd_transfer_state;
1041
1042 return sd_r1;
1043}
1044
c4f2d9e1
PMD		 1045static sd_rsp_type_t sd_cmd_ALL_SEND_CID(SDState *sd, SDRequest req)
1046{
1047 if (sd->state != sd_ready_state) {
1048 return sd_invalid_state_for_cmd(sd, req);
1049 }
1050
1051 sd->state = sd_identification_state;
1052
1053 return sd_r2_i;
1054}
1055
41a0349d
PMD		 1056static sd_rsp_type_t sd_cmd_SEND_RELATIVE_ADDR(SDState *sd, SDRequest req)
1057{
1058 switch (sd->state) {
1059 case sd_identification_state:
1060 case sd_standby_state:
1061 sd->state = sd_standby_state;
1062 sd_set_rca(sd);
1063 return sd_r6;
1064
1065 default:
1066 return sd_invalid_state_for_cmd(sd, req);
1067 }
1068}
1069
793d04f4
JS		 1070static sd_rsp_type_t sd_cmd_SEND_TUNING_BLOCK(SDState *sd, SDRequest req)
1071{
1072 if (sd->spec_version < SD_PHY_SPECv3_01_VERS) {
1073 return sd_cmd_illegal(sd, req);
1074 }
1075
1076 if (sd->state != sd_transfer_state) {
1077 return sd_invalid_state_for_cmd(sd, req);
1078 }
1079
1080 sd->state = sd_sendingdata_state;
1081 sd->data_offset = 0;
1082
1083 return sd_r1;
1084}
1085
6380cd20
PMD		 1086static sd_rsp_type_t sd_cmd_SET_BLOCK_COUNT(SDState *sd, SDRequest req)
1087{
1088 if (sd->spec_version < SD_PHY_SPECv3_01_VERS) {
1089 return sd_cmd_illegal(sd, req);
1090 }
1091
1092 if (sd->state != sd_transfer_state) {
1093 return sd_invalid_state_for_cmd(sd, req);
1094 }
1095
1096 sd->multi_blk_cnt = req.arg;
1097
1098 return sd_r1;
1099}
1100
586634b9 1101static sd_rsp_type_t sd_normal_command(SDState *sd, SDRequest req)
a1bb27b1
PB		 1102{
1103 uint32_t rca = 0x0000;
2d7adea4 1104 uint64_t addr = (sd->ocr & (1 << 30)) ? (uint64_t) req.arg << 9 : req.arg;
a1bb27b1 1105
586634b9
PMD		 1106 /* CMD55 precedes an ACMD, so we are not interested in tracing it.
1107 * However there is no ACMD55, so we want to trace this particular case.
1108 */
1109 if (req.cmd != 55 || sd->expecting_acmd) {
1b4a2342 1110 trace_sdcard_normal_command(sd_proto(sd)->name,
75a96f5e 1111 sd_cmd_name(req.cmd), req.cmd,
2ed61fb5 1112 req.arg, sd_state_name(sd->state));
586634b9 1113 }
1b640aa9 1114
1d06cb7a
PM		 1115 /* Not interpreting this as an app command */
1116 sd->card_status &= ~APP_CMD;
1117
f250015b
PMD		 1118 if (sd_cmd_type[req.cmd] == sd_ac
1119 || sd_cmd_type[req.cmd] == sd_adtc) {
a1bb27b1 1120 rca = req.arg >> 16;
97f4ed3b 1121 }
a1bb27b1 1122
4481bbc7
AB		 1123 /* CMD23 (set block count) must be immediately followed by CMD18 or CMD25
1124 * if not, its effects are cancelled */
1125 if (sd->multi_blk_cnt != 0 && !(req.cmd == 18 || req.cmd == 25)) {
1126 sd->multi_blk_cnt = 0;
1127 }
1128
9157dd59
PMD		 1129 if (sd_cmd_class[req.cmd] == 6 && FIELD_EX32(sd->ocr, OCR, CARD_CAPACITY)) {
1130 /* Only Standard Capacity cards support class 6 commands */
1131 return sd_illegal;
1132 }
1133
46859b60
PMD		 1134 if (sd_proto(sd)->cmd[req.cmd]) {
1135 return sd_proto(sd)->cmd[req.cmd](sd, req);
1136 }
1137
a1bb27b1
PB		 1138 switch (req.cmd) {
1139 /* Basic commands (Class 0 and Class 1) */
48805df9 1140 case 4: /* CMD4: SEND_DSR */
a1bb27b1
PB		 1141 switch (sd->state) {
1142 case sd_standby_state:
1143 break;
1144
1145 default:
1146 break;
1147 }
1148 break;
1149
48805df9 1150 case 6: /* CMD6: SWITCH_FUNCTION */
a1bb27b1
PB		 1151 switch (sd->mode) {
1152 case sd_data_transfer_mode:
1153 sd_function_switch(sd, req.arg);
1154 sd->state = sd_sendingdata_state;
1155 sd->data_start = 0;
1156 sd->data_offset = 0;
1157 return sd_r1;
1158
1159 default:
1160 break;
1161 }
1162 break;
1163
48805df9 1164 case 7: /* CMD7: SELECT/DESELECT_CARD */
a1bb27b1
PB		 1165 switch (sd->state) {
1166 case sd_standby_state:
1167 if (sd->rca != rca)
1168 return sd_r0;
1169
1170 sd->state = sd_transfer_state;
1171 return sd_r1b;
1172
1173 case sd_transfer_state:
1174 case sd_sendingdata_state:
1175 if (sd->rca == rca)
1176 break;
1177
1178 sd->state = sd_standby_state;
1179 return sd_r1b;
1180
1181 case sd_disconnect_state:
1182 if (sd->rca != rca)
1183 return sd_r0;
1184
1185 sd->state = sd_programming_state;
1186 return sd_r1b;
1187
1188 case sd_programming_state:
1189 if (sd->rca == rca)
1190 break;
1191
1192 sd->state = sd_disconnect_state;
1193 return sd_r1b;
1194
1195 default:
1196 break;
1197 }
1198 break;
1199
48805df9 1200 case 8: /* CMD8: SEND_IF_COND */
d1b32218
PMD		 1201 if (sd->spec_version < SD_PHY_SPECv2_00_VERS) {
1202 break;
1203 }
ad0ade55 1204 if (sd->state != sd_idle_state) {
1b088995
AZ		 1205 break;
1206 }
ad0ade55
PMD		 1207 sd->vhs = 0;
1208
1209 /* No response if not exactly one VHS bit is set. */
1210 if (!(req.arg >> 8) || (req.arg >> (ctz32(req.arg & ~0xff) + 1))) {
c3287c0f 1211 return sd_is_spi(sd) ? sd_r7 : sd_r0;
ad0ade55
PMD		 1212 }
1213
1214 /* Accept. */
1215 sd->vhs = req.arg;
1216 return sd_r7;
1b088995 1217
48805df9 1218 case 9: /* CMD9: SEND_CSD */
a1bb27b1
PB		 1219 switch (sd->state) {
1220 case sd_standby_state:
1221 if (sd->rca != rca)
1222 return sd_r0;
1223
1224 return sd_r2_s;
1225
775616c3 1226 case sd_transfer_state:
c3287c0f 1227 if (!sd_is_spi(sd)) {
775616c3 1228 break;
c3287c0f 1229 }
775616c3
PB		 1230 sd->state = sd_sendingdata_state;
1231 memcpy(sd->data, sd->csd, 16);
2d7adea4 1232 sd->data_start = addr;
775616c3
PB		 1233 sd->data_offset = 0;
1234 return sd_r1;
1235
a1bb27b1
PB		 1236 default:
1237 break;
1238 }
1239 break;
1240
48805df9 1241 case 10: /* CMD10: SEND_CID */
a1bb27b1
PB		 1242 switch (sd->state) {
1243 case sd_standby_state:
1244 if (sd->rca != rca)
1245 return sd_r0;
1246
1247 return sd_r2_i;
1248
775616c3 1249 case sd_transfer_state:
c3287c0f 1250 if (!sd_is_spi(sd)) {
775616c3 1251 break;
c3287c0f 1252 }
775616c3
PB		 1253 sd->state = sd_sendingdata_state;
1254 memcpy(sd->data, sd->cid, 16);
2d7adea4 1255 sd->data_start = addr;
775616c3
PB		 1256 sd->data_offset = 0;
1257 return sd_r1;
1258
a1bb27b1
PB		 1259 default:
1260 break;
1261 }
1262 break;
1263
48805df9 1264 case 12: /* CMD12: STOP_TRANSMISSION */
a1bb27b1
PB		 1265 switch (sd->state) {
1266 case sd_sendingdata_state:
1267 sd->state = sd_transfer_state;
1268 return sd_r1b;
1269
1270 case sd_receivingdata_state:
1271 sd->state = sd_programming_state;
1272 /* Bzzzzzzztt .... Operation complete. */
1273 sd->state = sd_transfer_state;
1274 return sd_r1b;
1275
1276 default:
1277 break;
1278 }
1279 break;
1280
48805df9 1281 case 13: /* CMD13: SEND_STATUS */
a1bb27b1
PB		 1282 switch (sd->mode) {
1283 case sd_data_transfer_mode:
c3287c0f 1284 if (!sd_is_spi(sd) && sd->rca != rca) {
a1bb27b1 1285 return sd_r0;
c557e08d 1286 }
a1bb27b1
PB		 1287
1288 return sd_r1;
1289
1290 default:
1291 break;
1292 }
1293 break;
1294
48805df9 1295 case 15: /* CMD15: GO_INACTIVE_STATE */
a1bb27b1
PB		 1296 switch (sd->mode) {
1297 case sd_data_transfer_mode:
1298 if (sd->rca != rca)
1299 return sd_r0;
1300
1301 sd->state = sd_inactive_state;
1302 return sd_r0;
1303
1304 default:
1305 break;
1306 }
1307 break;
1308
b8d09982 1309 /* Block read commands (Class 2) */
48805df9 1310 case 16: /* CMD16: SET_BLOCKLEN */
a1bb27b1
PB		 1311 switch (sd->state) {
1312 case sd_transfer_state:
814b2adc 1313 if (req.arg > (1 << HWBLOCK_SHIFT)) {
a1bb27b1 1314 sd->card_status |= BLOCK_LEN_ERROR;
814b2adc
PMD		 1315 } else {
1316 trace_sdcard_set_blocklen(req.arg);
a1bb27b1 1317 sd->blk_len = req.arg;
814b2adc 1318 }
a1bb27b1
PB		 1319
1320 return sd_r1;
1321
1322 default:
1323 break;
1324 }
1325 break;
1326
48805df9
YF		 1327 case 17: /* CMD17: READ_SINGLE_BLOCK */
1328 case 18: /* CMD18: READ_MULTIPLE_BLOCK */
a1bb27b1
PB		 1329 switch (sd->state) {
1330 case sd_transfer_state:
a1bb27b1 1331
66c152d7 1332 if (!address_in_range(sd, "READ_BLOCK", addr, sd->blk_len)) {
790762e5 1333 return sd_r1;
794d68de 1334 }
790762e5
PMD		 1335
1336 sd->state = sd_sendingdata_state;
1337 sd->data_start = addr;
1338 sd->data_offset = 0;
a1bb27b1
PB		 1339 return sd_r1;
1340
1341 default:
1342 break;
1343 }
1344 break;
1345
1346 /* Block write commands (Class 4) */
48805df9
YF		 1347 case 24: /* CMD24: WRITE_SINGLE_BLOCK */
1348 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
a1bb27b1
PB		 1349 switch (sd->state) {
1350 case sd_transfer_state:
790762e5 1351
66c152d7 1352 if (!address_in_range(sd, "WRITE_BLOCK", addr, sd->blk_len)) {
790762e5
PMD		 1353 return sd_r1;
1354 }
1355
a1bb27b1 1356 sd->state = sd_receivingdata_state;
2d7adea4 1357 sd->data_start = addr;
a1bb27b1
PB		 1358 sd->data_offset = 0;
1359 sd->blk_written = 0;
1360
19fa6c9e
BM		 1361 if (sd->size <= SDSC_MAX_CAPACITY) {
1362 if (sd_wp_addr(sd, sd->data_start)) {
1363 sd->card_status |= WP_VIOLATION;
1364 }
794d68de
PMD		 1365 }
1366 if (sd->csd[14] & 0x30) {
a1bb27b1 1367 sd->card_status |= WP_VIOLATION;
794d68de 1368 }
a1bb27b1
PB		 1369 return sd_r1;
1370
1371 default:
1372 break;
1373 }
1374 break;
1375
48805df9 1376 case 26: /* CMD26: PROGRAM_CID */
a1bb27b1
PB		 1377 switch (sd->state) {
1378 case sd_transfer_state:
1379 sd->state = sd_receivingdata_state;
1380 sd->data_start = 0;
1381 sd->data_offset = 0;
1382 return sd_r1;
1383
1384 default:
1385 break;
1386 }
1387 break;
1388
48805df9 1389 case 27: /* CMD27: PROGRAM_CSD */
a1bb27b1
PB		 1390 switch (sd->state) {
1391 case sd_transfer_state:
1392 sd->state = sd_receivingdata_state;
1393 sd->data_start = 0;
1394 sd->data_offset = 0;
1395 return sd_r1;
1396
1397 default:
1398 break;
1399 }
1400 break;
1401
1402 /* Write protection (Class 6) */
48805df9 1403 case 28: /* CMD28: SET_WRITE_PROT */
245c0513
BM		 1404 if (sd->size > SDSC_MAX_CAPACITY) {
1405 return sd_illegal;
1406 }
1407
a1bb27b1
PB		 1408 switch (sd->state) {
1409 case sd_transfer_state:
66c152d7 1410 if (!address_in_range(sd, "SET_WRITE_PROT", addr, 1)) {
a1bb27b1
PB		 1411 return sd_r1b;
1412 }
1413
1414 sd->state = sd_programming_state;
6947feca 1415 set_bit(sd_addr_to_wpnum(addr), sd->wp_group_bmap);
a1bb27b1
PB		 1416 /* Bzzzzzzztt .... Operation complete. */
1417 sd->state = sd_transfer_state;
1418 return sd_r1b;
1419
1420 default:
1421 break;
1422 }
1423 break;
1424
48805df9 1425 case 29: /* CMD29: CLR_WRITE_PROT */
245c0513
BM		 1426 if (sd->size > SDSC_MAX_CAPACITY) {
1427 return sd_illegal;
1428 }
1429
a1bb27b1
PB		 1430 switch (sd->state) {
1431 case sd_transfer_state:
66c152d7 1432 if (!address_in_range(sd, "CLR_WRITE_PROT", addr, 1)) {
a1bb27b1
PB		 1433 return sd_r1b;
1434 }
1435
1436 sd->state = sd_programming_state;
6947feca 1437 clear_bit(sd_addr_to_wpnum(addr), sd->wp_group_bmap);
a1bb27b1
PB		 1438 /* Bzzzzzzztt .... Operation complete. */
1439 sd->state = sd_transfer_state;
1440 return sd_r1b;
1441
1442 default:
1443 break;
1444 }
1445 break;
1446
48805df9 1447 case 30: /* CMD30: SEND_WRITE_PROT */
245c0513
BM		 1448 if (sd->size > SDSC_MAX_CAPACITY) {
1449 return sd_illegal;
1450 }
1451
a1bb27b1
PB		 1452 switch (sd->state) {
1453 case sd_transfer_state:
59b63d78
PMD		 1454 if (!address_in_range(sd, "SEND_WRITE_PROT",
1455 req.arg, sd->blk_len)) {
1456 return sd_r1;
1457 }
1458
a1bb27b1
PB		 1459 sd->state = sd_sendingdata_state;
1460 *(uint32_t *) sd->data = sd_wpbits(sd, req.arg);
2d7adea4 1461 sd->data_start = addr;
a1bb27b1 1462 sd->data_offset = 0;
69694973 1463 return sd_r1;
a1bb27b1
PB		 1464
1465 default:
1466 break;
1467 }
1468 break;
1469
1470 /* Erase commands (Class 5) */
48805df9 1471 case 32: /* CMD32: ERASE_WR_BLK_START */
a1bb27b1
PB		 1472 switch (sd->state) {
1473 case sd_transfer_state:
1474 sd->erase_start = req.arg;
1475 return sd_r1;
1476
1477 default:
1478 break;
1479 }
1480 break;
1481
48805df9 1482 case 33: /* CMD33: ERASE_WR_BLK_END */
a1bb27b1
PB		 1483 switch (sd->state) {
1484 case sd_transfer_state:
1485 sd->erase_end = req.arg;
1486 return sd_r1;
1487
1488 default:
1489 break;
1490 }
1491 break;
1492
48805df9 1493 case 38: /* CMD38: ERASE */
a1bb27b1
PB		 1494 switch (sd->state) {
1495 case sd_transfer_state:
1496 if (sd->csd[14] & 0x30) {
1497 sd->card_status |= WP_VIOLATION;
1498 return sd_r1b;
1499 }
1500
1501 sd->state = sd_programming_state;
1502 sd_erase(sd);
1503 /* Bzzzzzzztt .... Operation complete. */
1504 sd->state = sd_transfer_state;
1505 return sd_r1b;
1506
1507 default:
1508 break;
1509 }
1510 break;
1511
1512 /* Lock card commands (Class 7) */
48805df9 1513 case 42: /* CMD42: LOCK_UNLOCK */
a1bb27b1
PB		 1514 switch (sd->state) {
1515 case sd_transfer_state:
1516 sd->state = sd_receivingdata_state;
1517 sd->data_start = 0;
1518 sd->data_offset = 0;
1519 return sd_r1;
1520
1521 default:
1522 break;
1523 }
1524 break;
1525
1526 /* Application specific commands (Class 8) */
48805df9 1527 case 55: /* CMD55: APP_CMD */
d6911486
PMD		 1528 switch (sd->state) {
1529 case sd_ready_state:
1530 case sd_identification_state:
1531 case sd_inactive_state:
1532 return sd_illegal;
31162800
PMD		 1533 case sd_idle_state:
1534 if (rca) {
1535 qemu_log_mask(LOG_GUEST_ERROR,
1536 "SD: illegal RCA 0x%04x for APP_CMD\n", req.cmd);
1537 }
d6911486
PMD		 1538 default:
1539 break;
1540 }
c3287c0f 1541 if (!sd_is_spi(sd)) {
946897ce
PMD		 1542 if (sd->rca != rca) {
1543 return sd_r0;
1544 }
1545 }
bebd1271 1546 sd->expecting_acmd = true;
a1bb27b1
PB		 1547 sd->card_status |= APP_CMD;
1548 return sd_r1;
1549
48805df9 1550 case 56: /* CMD56: GEN_CMD */
a1bb27b1
PB		 1551 switch (sd->state) {
1552 case sd_transfer_state:
1553 sd->data_offset = 0;
1554 if (req.arg & 1)
1555 sd->state = sd_sendingdata_state;
1556 else
1557 sd->state = sd_receivingdata_state;
1558 return sd_r1;
1559
1560 default:
1561 break;
1562 }
1563 break;
1564
946897ce 1565 case 58: /* CMD58: READ_OCR (SPI) */
946897ce
PMD		 1566 return sd_r3;
1567
1568 case 59: /* CMD59: CRC_ON_OFF (SPI) */
dec6d338 1569 return sd_r1;
946897ce 1570
a1bb27b1 1571 default:
9800ad88 1572 qemu_log_mask(LOG_GUEST_ERROR, "SD: Unknown CMD%i\n", req.cmd);
53bb8cc4 1573 return sd_illegal;
a1bb27b1
PB		 1574 }
1575
13201139 1576 return sd_invalid_state_for_cmd(sd, req);
a1bb27b1
PB		 1577}
1578
c227f099 1579static sd_rsp_type_t sd_app_command(SDState *sd,
22ed1d34
BS		 1580 SDRequest req)
1581{
1b4a2342 1582 trace_sdcard_app_command(sd_proto(sd)->name, sd_acmd_name(req.cmd),
2ed61fb5 1583 req.cmd, req.arg, sd_state_name(sd->state));
1d06cb7a 1584 sd->card_status |= APP_CMD;
46859b60
PMD		 1585
1586 if (sd_proto(sd)->acmd[req.cmd]) {
1587 return sd_proto(sd)->acmd[req.cmd](sd, req);
1588 }
1589
a1bb27b1 1590 switch (req.cmd) {
48805df9 1591 case 6: /* ACMD6: SET_BUS_WIDTH */
a1bb27b1
PB		 1592 switch (sd->state) {
1593 case sd_transfer_state:
1594 sd->sd_status[0] &= 0x3f;
1595 sd->sd_status[0] |= (req.arg & 0x03) << 6;
1596 return sd_r1;
1597
1598 default:
1599 break;
1600 }
1601 break;
1602
48805df9 1603 case 13: /* ACMD13: SD_STATUS */
a1bb27b1
PB		 1604 switch (sd->state) {
1605 case sd_transfer_state:
fb1ba03a 1606 sd->state = sd_sendingdata_state;
a1bb27b1
PB		 1607 sd->data_start = 0;
1608 sd->data_offset = 0;
1609 return sd_r1;
1610
1611 default:
1612 break;
1613 }
1614 break;
1615
48805df9 1616 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
a1bb27b1
PB		 1617 switch (sd->state) {
1618 case sd_transfer_state:
1619 *(uint32_t *) sd->data = sd->blk_written;
1620
fb1ba03a 1621 sd->state = sd_sendingdata_state;
a1bb27b1
PB		 1622 sd->data_start = 0;
1623 sd->data_offset = 0;
1624 return sd_r1;
1625
1626 default:
1627 break;
1628 }
1629 break;
1630
48805df9 1631 case 23: /* ACMD23: SET_WR_BLK_ERASE_COUNT */
a1bb27b1
PB		 1632 switch (sd->state) {
1633 case sd_transfer_state:
1634 return sd_r1;
1635
1636 default:
1637 break;
1638 }
1639 break;
1640
48805df9 1641 case 41: /* ACMD41: SD_APP_OP_COND */
4e5cc675
PMD		 1642 if (sd->state != sd_idle_state) {
1643 break;
1644 }
1645 /* If it's the first ACMD41 since reset, we need to decide
1646 * whether to power up. If this is not an enquiry ACMD41,
1647 * we immediately report power on and proceed below to the
1648 * ready state, but if it is, we set a timer to model a
1649 * delay for power up. This works around a bug in EDK2
1650 * UEFI, which sends an initial enquiry ACMD41, but
1651 * assumes that the card is in ready state as soon as it
1652 * sees the power up bit set. */
1653 if (!FIELD_EX32(sd->ocr, OCR, CARD_POWER_UP)) {
1654 if ((req.arg & ACMD41_ENQUIRY_MASK) != 0) {
1655 timer_del(sd->ocr_power_timer);
1656 sd_ocr_powerup(sd);
1657 } else {
1658 trace_sdcard_inquiry_cmd41();
1659 if (!timer_pending(sd->ocr_power_timer)) {
1660 timer_mod_ns(sd->ocr_power_timer,
1661 (qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL)
1662 + OCR_POWER_DELAY_NS));
dd26eb43
AB		 1663 }
1664 }
4e5cc675 1665 }
dd26eb43 1666
4e5cc675 1667 if (FIELD_EX32(sd->ocr & req.arg, OCR, VDD_VOLTAGE_WINDOW)) {
37ab4a56
PC		 1668 /* We accept any voltage. 10000 V is nothing.
1669 *
dd26eb43 1670 * Once we're powered up, we advance straight to ready state
37ab4a56
PC		 1671 * unless it's an enquiry ACMD41 (bits 23:0 == 0).
1672 */
4e5cc675 1673 sd->state = sd_ready_state;
a1bb27b1 1674 }
4e5cc675
PMD		 1675
1676 return sd_r3;
a1bb27b1 1677
48805df9 1678 case 42: /* ACMD42: SET_CLR_CARD_DETECT */
a1bb27b1
PB		 1679 switch (sd->state) {
1680 case sd_transfer_state:
1681 /* Bringing in the 50KOhm pull-up resistor... Done. */
1682 return sd_r1;
1683
1684 default:
1685 break;
1686 }
1687 break;
1688
48805df9 1689 case 51: /* ACMD51: SEND_SCR */
a1bb27b1
PB		 1690 switch (sd->state) {
1691 case sd_transfer_state:
1692 sd->state = sd_sendingdata_state;
1693 sd->data_start = 0;
1694 sd->data_offset = 0;
1695 return sd_r1;
1696
1697 default:
1698 break;
1699 }
1700 break;
1701
688491c7
PMD		 1702 case 18: /* Reserved for SD security applications */
1703 case 25:
1704 case 26:
1705 case 38:
1706 case 43 ... 49:
1707 /* Refer to the "SD Specifications Part3 Security Specification" for
1708 * information about the SD Security Features.
1709 */
1710 qemu_log_mask(LOG_UNIMP, "SD: CMD%i Security not implemented\n",
1711 req.cmd);
1712 return sd_illegal;
1713
a1bb27b1
PB		 1714 default:
1715 /* Fall back to standard commands. */
a1bb27b1
PB		 1716 return sd_normal_command(sd, req);
1717 }
1718
9800ad88 1719 qemu_log_mask(LOG_GUEST_ERROR, "SD: ACMD%i in a wrong state\n", req.cmd);
5b08bfe2 1720 return sd_illegal;
a1bb27b1
PB		 1721}
1722
ef6dd5f5 1723static int cmd_valid_while_locked(SDState *sd, const uint8_t cmd)
25881d33
PM		 1724{
1725 /* Valid commands in locked state:
1726 * basic class (0)
1727 * lock card class (7)
1728 * CMD16
1729 * implicitly, the ACMD prefix CMD55
1730 * ACMD41 and ACMD42
1731 * Anything else provokes an "illegal command" response.
1732 */
1d06cb7a 1733 if (sd->expecting_acmd) {
ef6dd5f5 1734 return cmd == 41 || cmd == 42;
25881d33 1735 }
ef6dd5f5 1736 if (cmd == 16 || cmd == 55) {
25881d33
PM		 1737 return 1;
1738 }
ef6dd5f5 1739 return sd_cmd_class[cmd] == 0 || sd_cmd_class[cmd] == 7;
25881d33
PM		 1740}
1741
bc24a225 1742int sd_do_command(SDState *sd, SDRequest *req,
a1bb27b1 1743 uint8_t *response) {
10a412da 1744 int last_state;
c227f099 1745 sd_rsp_type_t rtype;
a1bb27b1
PB		 1746 int rsplen;
1747
4be74634 1748 if (!sd->blk || !blk_is_inserted(sd->blk) || !sd->enable) {
a1bb27b1
PB		 1749 return 0;
1750 }
1751
1752 if (sd_req_crc_validate(req)) {
abda1f37 1753 sd->card_status |= COM_CRC_ERROR;
b1f517ed
PM		 1754 rtype = sd_illegal;
1755 goto send_response;
a1bb27b1
PB		 1756 }
1757
f250015b
PMD		 1758 if (req->cmd >= SDMMC_CMD_MAX) {
1759 qemu_log_mask(LOG_GUEST_ERROR, "SD: incorrect command 0x%02x\n",
1760 req->cmd);
1761 req->cmd &= 0x3f;
1762 }
1763
10a412da 1764 if (sd->card_status & CARD_IS_LOCKED) {
ef6dd5f5 1765 if (!cmd_valid_while_locked(sd, req->cmd)) {
a1bb27b1 1766 sd->card_status |= ILLEGAL_COMMAND;
bebd1271 1767 sd->expecting_acmd = false;
9800ad88 1768 qemu_log_mask(LOG_GUEST_ERROR, "SD: Card is locked\n");
b1f517ed
PM		 1769 rtype = sd_illegal;
1770 goto send_response;
a1bb27b1 1771 }
25881d33 1772 }
a1bb27b1 1773
10a412da
PM		 1774 last_state = sd->state;
1775 sd_set_mode(sd);
1776
1d06cb7a 1777 if (sd->expecting_acmd) {
bebd1271 1778 sd->expecting_acmd = false;
a1bb27b1 1779 rtype = sd_app_command(sd, *req);
1d06cb7a 1780 } else {
a1bb27b1 1781 rtype = sd_normal_command(sd, *req);
1d06cb7a 1782 }
a1bb27b1 1783
53bb8cc4
PM		 1784 if (rtype == sd_illegal) {
1785 sd->card_status |= ILLEGAL_COMMAND;
10a412da
PM		 1786 } else {
1787 /* Valid command, we can update the 'state before command' bits.
1788 * (Do this now so they appear in r1 responses.)
1789 */
1790 sd->current_cmd = req->cmd;
1791 sd->card_status &= ~CURRENT_STATE;
1792 sd->card_status |= (last_state << 9);
53bb8cc4
PM		 1793 }
1794
b1f517ed 1795send_response:
a1bb27b1
PB		 1796 switch (rtype) {
1797 case sd_r1:
1798 case sd_r1b:
10a412da 1799 sd_response_r1_make(sd, response);
a1bb27b1
PB		 1800 rsplen = 4;
1801 break;
1802
1803 case sd_r2_i:
1804 memcpy(response, sd->cid, sizeof(sd->cid));
a1bb27b1
PB		 1805 rsplen = 16;
1806 break;
1807
1808 case sd_r2_s:
1809 memcpy(response, sd->csd, sizeof(sd->csd));
a1bb27b1
PB		 1810 rsplen = 16;
1811 break;
1812
1813 case sd_r3:
1814 sd_response_r3_make(sd, response);
1815 rsplen = 4;
1816 break;
1817
1818 case sd_r6:
1819 sd_response_r6_make(sd, response);
1820 rsplen = 4;
1821 break;
1822
1b088995
AZ		 1823 case sd_r7:
1824 sd_response_r7_make(sd, response);
1825 rsplen = 4;
1826 break;
1827
a1bb27b1 1828 case sd_r0:
53bb8cc4 1829 case sd_illegal:
a1bb27b1
PB		 1830 rsplen = 0;
1831 break;
55921932
PMD		 1832 default:
1833 g_assert_not_reached();
a1bb27b1 1834 }
55921932 1835 trace_sdcard_response(sd_response_name(rtype), rsplen);
a1bb27b1 1836
10a412da
PM		 1837 if (rtype != sd_illegal) {
1838 /* Clear the "clear on valid command" status bits now we've
1839 * sent any response
1840 */
1841 sd->card_status &= ~CARD_STATUS_B;
1842 }
1843
a1bb27b1 1844#ifdef DEBUG_SD
b42581f5 1845 qemu_hexdump(stderr, "Response", response, rsplen);
a1bb27b1
PB		 1846#endif
1847
1848 return rsplen;
1849}
1850
c769a88d 1851void sd_write_byte(SDState *sd, uint8_t value)
a1bb27b1
PB		 1852{
1853 int i;
1854
4be74634 1855 if (!sd->blk || !blk_is_inserted(sd->blk) || !sd->enable)
a1bb27b1
PB		 1856 return;
1857
1858 if (sd->state != sd_receivingdata_state) {
9800ad88 1859 qemu_log_mask(LOG_GUEST_ERROR,
c769a88d 1860 "%s: not in Receiving-Data state\n", __func__);
a1bb27b1
PB		 1861 return;
1862 }
1863
1864 if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION))
1865 return;
1866
1b4a2342 1867 trace_sdcard_write_data(sd_proto(sd)->name,
75a96f5e 1868 sd_acmd_name(sd->current_cmd),
2ed61fb5 1869 sd->current_cmd, value);
a1bb27b1 1870 switch (sd->current_cmd) {
48805df9 1871 case 24: /* CMD24: WRITE_SINGLE_BLOCK */
a1bb27b1
PB		 1872 sd->data[sd->data_offset ++] = value;
1873 if (sd->data_offset >= sd->blk_len) {
1874 /* TODO: Check CRC before committing */
1875 sd->state = sd_programming_state;
1876 BLK_WRITE_BLOCK(sd->data_start, sd->data_offset);
1877 sd->blk_written ++;
1878 sd->csd[14] |= 0x40;
1879 /* Bzzzzzzztt .... Operation complete. */
1880 sd->state = sd_transfer_state;
1881 }
1882 break;
1883
48805df9 1884 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
33fa8234 1885 if (sd->data_offset == 0) {
e03ba136 1886 /* Start of the block - let's check the address is valid */
66c152d7
PMD		 1887 if (!address_in_range(sd, "WRITE_MULTIPLE_BLOCK",
1888 sd->data_start, sd->blk_len)) {
a1bb27b1
PB		 1889 break;
1890 }
19fa6c9e
BM		 1891 if (sd->size <= SDSC_MAX_CAPACITY) {
1892 if (sd_wp_addr(sd, sd->data_start)) {
1893 sd->card_status |= WP_VIOLATION;
1894 break;
1895 }
a1bb27b1 1896 }
33fa8234
DDAG		 1897 }
1898 sd->data[sd->data_offset++] = value;
1899 if (sd->data_offset >= sd->blk_len) {
1900 /* TODO: Check CRC before committing */
1901 sd->state = sd_programming_state;
1902 BLK_WRITE_BLOCK(sd->data_start, sd->data_offset);
1903 sd->blk_written++;
1904 sd->data_start += sd->blk_len;
1905 sd->data_offset = 0;
a1bb27b1
PB		 1906 sd->csd[14] |= 0x40;
1907
1908 /* Bzzzzzzztt .... Operation complete. */
4481bbc7
AB		 1909 if (sd->multi_blk_cnt != 0) {
1910 if (--sd->multi_blk_cnt == 0) {
1911 /* Stop! */
1912 sd->state = sd_transfer_state;
1913 break;
1914 }
1915 }
1916
a1bb27b1
PB		 1917 sd->state = sd_receivingdata_state;
1918 }
1919 break;
1920
48805df9 1921 case 26: /* CMD26: PROGRAM_CID */
a1bb27b1
PB		 1922 sd->data[sd->data_offset ++] = value;
1923 if (sd->data_offset >= sizeof(sd->cid)) {
1924 /* TODO: Check CRC before committing */
1925 sd->state = sd_programming_state;
1926 for (i = 0; i < sizeof(sd->cid); i ++)
1927 if ((sd->cid[i] | 0x00) != sd->data[i])
1928 sd->card_status |= CID_CSD_OVERWRITE;
1929
1930 if (!(sd->card_status & CID_CSD_OVERWRITE))
1931 for (i = 0; i < sizeof(sd->cid); i ++) {
1932 sd->cid[i] |= 0x00;
1933 sd->cid[i] &= sd->data[i];
1934 }
1935 /* Bzzzzzzztt .... Operation complete. */
1936 sd->state = sd_transfer_state;
1937 }
1938 break;
1939
48805df9 1940 case 27: /* CMD27: PROGRAM_CSD */
a1bb27b1
PB		 1941 sd->data[sd->data_offset ++] = value;
1942 if (sd->data_offset >= sizeof(sd->csd)) {
1943 /* TODO: Check CRC before committing */
1944 sd->state = sd_programming_state;
1945 for (i = 0; i < sizeof(sd->csd); i ++)
1946 if ((sd->csd[i] | sd_csd_rw_mask[i]) !=
1947 (sd->data[i] | sd_csd_rw_mask[i]))
1948 sd->card_status |= CID_CSD_OVERWRITE;
1949
1950 /* Copy flag (OTP) & Permanent write protect */
1951 if (sd->csd[14] & ~sd->data[14] & 0x60)
1952 sd->card_status |= CID_CSD_OVERWRITE;
1953
1954 if (!(sd->card_status & CID_CSD_OVERWRITE))
1955 for (i = 0; i < sizeof(sd->csd); i ++) {
1956 sd->csd[i] |= sd_csd_rw_mask[i];
1957 sd->csd[i] &= sd->data[i];
1958 }
1959 /* Bzzzzzzztt .... Operation complete. */
1960 sd->state = sd_transfer_state;
1961 }
1962 break;
1963
48805df9 1964 case 42: /* CMD42: LOCK_UNLOCK */
a1bb27b1
PB		 1965 sd->data[sd->data_offset ++] = value;
1966 if (sd->data_offset >= sd->blk_len) {
1967 /* TODO: Check CRC before committing */
1968 sd->state = sd_programming_state;
1969 sd_lock_command(sd);
1970 /* Bzzzzzzztt .... Operation complete. */
1971 sd->state = sd_transfer_state;
1972 }
1973 break;
1974
48805df9 1975 case 56: /* CMD56: GEN_CMD */
a1bb27b1
PB		 1976 sd->data[sd->data_offset ++] = value;
1977 if (sd->data_offset >= sd->blk_len) {
1978 APP_WRITE_BLOCK(sd->data_start, sd->data_offset);
1979 sd->state = sd_transfer_state;
1980 }
1981 break;
1982
1983 default:
c769a88d 1984 qemu_log_mask(LOG_GUEST_ERROR, "%s: unknown command\n", __func__);
a1bb27b1
PB		 1985 break;
1986 }
1987}
1988
0c3fb03f
PMD		 1989#define SD_TUNING_BLOCK_SIZE 64
1990
1991static const uint8_t sd_tuning_block_pattern[SD_TUNING_BLOCK_SIZE] = {
1992 /* See: Physical Layer Simplified Specification Version 3.01, Table 4-2 */
1993 0xff, 0x0f, 0xff, 0x00, 0x0f, 0xfc, 0xc3, 0xcc,
1994 0xc3, 0x3c, 0xcc, 0xff, 0xfe, 0xff, 0xfe, 0xef,
1995 0xff, 0xdf, 0xff, 0xdd, 0xff, 0xfb, 0xff, 0xfb,
1996 0xbf, 0xff, 0x7f, 0xff, 0x77, 0xf7, 0xbd, 0xef,
1997 0xff, 0xf0, 0xff, 0xf0, 0x0f, 0xfc, 0xcc, 0x3c,
1998 0xcc, 0x33, 0xcc, 0xcf, 0xff, 0xef, 0xff, 0xee,
1999 0xff, 0xfd, 0xff, 0xfd, 0xdf, 0xff, 0xbf, 0xff,
2000 0xbb, 0xff, 0xf7, 0xff, 0xf7, 0x7f, 0x7b, 0xde,
2001};
2002
c769a88d 2003uint8_t sd_read_byte(SDState *sd)
a1bb27b1
PB		 2004{
2005 /* TODO: Append CRCs */
2006 uint8_t ret;
692fb0ef 2007 uint32_t io_len;
a1bb27b1 2008
4be74634 2009 if (!sd->blk || !blk_is_inserted(sd->blk) || !sd->enable)
a1bb27b1
PB		 2010 return 0x00;
2011
2012 if (sd->state != sd_sendingdata_state) {
9800ad88 2013 qemu_log_mask(LOG_GUEST_ERROR,
c769a88d 2014 "%s: not in Sending-Data state\n", __func__);
a1bb27b1
PB		 2015 return 0x00;
2016 }
2017
2018 if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION))
2019 return 0x00;
2020
2d7adea4
AZ		 2021 io_len = (sd->ocr & (1 << 30)) ? 512 : sd->blk_len;
2022
1b4a2342 2023 trace_sdcard_read_data(sd_proto(sd)->name,
75a96f5e 2024 sd_acmd_name(sd->current_cmd),
2ed61fb5 2025 sd->current_cmd, io_len);
a1bb27b1 2026 switch (sd->current_cmd) {
48805df9 2027 case 6: /* CMD6: SWITCH_FUNCTION */
a1bb27b1
PB		 2028 ret = sd->data[sd->data_offset ++];
2029
2030 if (sd->data_offset >= 64)
2031 sd->state = sd_transfer_state;
2032 break;
2033
48805df9
YF		 2034 case 9: /* CMD9: SEND_CSD */
2035 case 10: /* CMD10: SEND_CID */
775616c3
PB		 2036 ret = sd->data[sd->data_offset ++];
2037
2038 if (sd->data_offset >= 16)
2039 sd->state = sd_transfer_state;
2040 break;
2041
48805df9 2042 case 13: /* ACMD13: SD_STATUS */
a1bb27b1
PB		 2043 ret = sd->sd_status[sd->data_offset ++];
2044
2045 if (sd->data_offset >= sizeof(sd->sd_status))
2046 sd->state = sd_transfer_state;
2047 break;
2048
48805df9 2049 case 17: /* CMD17: READ_SINGLE_BLOCK */
a1bb27b1 2050 if (sd->data_offset == 0)
2d7adea4 2051 BLK_READ_BLOCK(sd->data_start, io_len);
a1bb27b1
PB		 2052 ret = sd->data[sd->data_offset ++];
2053
2d7adea4 2054 if (sd->data_offset >= io_len)
a1bb27b1
PB		 2055 sd->state = sd_transfer_state;
2056 break;
2057
48805df9 2058 case 18: /* CMD18: READ_MULTIPLE_BLOCK */
8573378e 2059 if (sd->data_offset == 0) {
66c152d7
PMD		 2060 if (!address_in_range(sd, "READ_MULTIPLE_BLOCK",
2061 sd->data_start, io_len)) {
8573378e
MO		 2062 return 0x00;
2063 }
2d7adea4 2064 BLK_READ_BLOCK(sd->data_start, io_len);
8573378e 2065 }
a1bb27b1
PB		 2066 ret = sd->data[sd->data_offset ++];
2067
2d7adea4
AZ		 2068 if (sd->data_offset >= io_len) {
2069 sd->data_start += io_len;
a1bb27b1 2070 sd->data_offset = 0;
4481bbc7
AB		 2071
2072 if (sd->multi_blk_cnt != 0) {
2073 if (--sd->multi_blk_cnt == 0) {
2074 /* Stop! */
2075 sd->state = sd_transfer_state;
2076 break;
2077 }
2078 }
a1bb27b1
PB		 2079 }
2080 break;
2081
0c3fb03f
PMD		 2082 case 19: /* CMD19: SEND_TUNING_BLOCK (SD) */
2083 if (sd->data_offset >= SD_TUNING_BLOCK_SIZE - 1) {
2084 sd->state = sd_transfer_state;
2085 }
2086 ret = sd_tuning_block_pattern[sd->data_offset++];
2087 break;
2088
48805df9 2089 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
a1bb27b1
PB		 2090 ret = sd->data[sd->data_offset ++];
2091
2092 if (sd->data_offset >= 4)
2093 sd->state = sd_transfer_state;
2094 break;
2095
48805df9 2096 case 30: /* CMD30: SEND_WRITE_PROT */
a1bb27b1
PB		 2097 ret = sd->data[sd->data_offset ++];
2098
2099 if (sd->data_offset >= 4)
2100 sd->state = sd_transfer_state;
2101 break;
2102
48805df9 2103 case 51: /* ACMD51: SEND_SCR */
a1bb27b1
PB		 2104 ret = sd->scr[sd->data_offset ++];
2105
2106 if (sd->data_offset >= sizeof(sd->scr))
2107 sd->state = sd_transfer_state;
2108 break;
2109
48805df9 2110 case 56: /* CMD56: GEN_CMD */
a1bb27b1
PB		 2111 if (sd->data_offset == 0)
2112 APP_READ_BLOCK(sd->data_start, sd->blk_len);
2113 ret = sd->data[sd->data_offset ++];
2114
2115 if (sd->data_offset >= sd->blk_len)
2116 sd->state = sd_transfer_state;
2117 break;
2118
2119 default:
c769a88d 2120 qemu_log_mask(LOG_GUEST_ERROR, "%s: unknown command\n", __func__);
a1bb27b1
PB		 2121 return 0x00;
2122 }
2123
2124 return ret;
2125}
2126
995731d3
BM		 2127static bool sd_receive_ready(SDState *sd)
2128{
2129 return sd->state == sd_receivingdata_state;
2130}
2131
38626a33 2132static bool sd_data_ready(SDState *sd)
a1bb27b1
PB		 2133{
2134 return sd->state == sd_sendingdata_state;
2135}
827df9f3 2136
bebd1271 2137void sd_enable(SDState *sd, bool enable)
827df9f3
AZ		 2138{
2139 sd->enable = enable;
2140}
260bc9d8 2141
1b4a2342
PMD		 2142static const SDProto sd_proto_spi = {
2143 .name = "SPI",
583204d8 2144 .cmd = {
a6e0f67e 2145 [0] = sd_cmd_GO_IDLE_STATE,
5c44e820 2146 [1] = sd_cmd_SEND_OP_CMD,
583204d8
PMD		 2147 [2 ... 4] = sd_cmd_illegal,
2148 [5] = sd_cmd_illegal,
2149 [7] = sd_cmd_illegal,
2150 [15] = sd_cmd_illegal,
2151 [26] = sd_cmd_illegal,
2152 [52 ... 54] = sd_cmd_illegal,
2153 },
7ffcbf3e
PMD		 2154 .acmd = {
2155 [6] = sd_cmd_unimplemented,
5c44e820 2156 [41] = sd_cmd_SEND_OP_CMD,
7ffcbf3e 2157 },
1b4a2342
PMD		 2158};
2159
2160static const SDProto sd_proto_sd = {
2161 .name = "SD",
583204d8 2162 .cmd = {
a6e0f67e 2163 [0] = sd_cmd_GO_IDLE_STATE,
583204d8 2164 [1] = sd_cmd_illegal,
c4f2d9e1 2165 [2] = sd_cmd_ALL_SEND_CID,
41a0349d 2166 [3] = sd_cmd_SEND_RELATIVE_ADDR,
583204d8 2167 [5] = sd_cmd_illegal,
793d04f4 2168 [19] = sd_cmd_SEND_TUNING_BLOCK,
6380cd20 2169 [23] = sd_cmd_SET_BLOCK_COUNT,
583204d8
PMD		 2170 [52 ... 54] = sd_cmd_illegal,
2171 [58] = sd_cmd_illegal,
2172 [59] = sd_cmd_illegal,
2173 },
1b4a2342
PMD		 2174};
2175
260bc9d8
PM		 2176static void sd_instance_init(Object *obj)
2177{
2178 SDState *sd = SD_CARD(obj);
2179
2180 sd->enable = true;
dd26eb43 2181 sd->ocr_power_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, sd_ocr_powerup, sd);
260bc9d8
PM		 2182}
2183
5ba34401
MAL		 2184static void sd_instance_finalize(Object *obj)
2185{
2186 SDState *sd = SD_CARD(obj);
2187
5ba34401
MAL		 2188 timer_free(sd->ocr_power_timer);
2189}
2190
260bc9d8
PM		 2191static void sd_realize(DeviceState *dev, Error **errp)
2192{
2193 SDState *sd = SD_CARD(dev);
a17c17a2 2194 int ret;
260bc9d8 2195
2f0939c2
PMD		 2196 switch (sd->spec_version) {
2197 case SD_PHY_SPECv1_10_VERS
2c511375 2198 ... SD_PHY_SPECv3_01_VERS:
2f0939c2
PMD		 2199 break;
2200 default:
2201 error_setg(errp, "Invalid SD card Spec version: %u", sd->spec_version);
2202 return;
2203 }
2204
260bc9d8 2205 if (sd->blk) {
a9bcedd1
PMD		 2206 int64_t blk_size;
2207
86b1cf32 2208 if (!blk_supports_write_perm(sd->blk)) {
6dd3a164
PMD		 2209 error_setg(errp, "Cannot use read-only drive as SD card");
2210 return;
2211 }
2212
a9bcedd1
PMD		 2213 blk_size = blk_getlength(sd->blk);
2214 if (blk_size > 0 && !is_power_of_2(blk_size)) {
2215 int64_t blk_size_aligned = pow2ceil(blk_size);
2216 char *blk_size_str;
2217
2218 blk_size_str = size_to_str(blk_size);
2219 error_setg(errp, "Invalid SD card size: %s", blk_size_str);
2220 g_free(blk_size_str);
2221
2222 blk_size_str = size_to_str(blk_size_aligned);
2223 error_append_hint(errp,
2224 "SD card size has to be a power of 2, e.g. %s.\n"
2225 "You can resize disk images with"
2226 " 'qemu-img resize <imagefile> <new-size>'\n"
2227 "(note that this will lose data if you make the"
2228 " image smaller than it currently is).\n",
2229 blk_size_str);
2230 g_free(blk_size_str);
2231
2232 return;
2233 }
2234
a17c17a2
KW		 2235 ret = blk_set_perm(sd->blk, BLK_PERM_CONSISTENT_READ | BLK_PERM_WRITE,
2236 BLK_PERM_ALL, errp);
2237 if (ret < 0) {
2238 return;
2239 }
260bc9d8
PM		 2240 blk_set_dev_ops(sd->blk, &sd_block_ops, sd);
2241 }
260bc9d8
PM		 2242}
2243
2244static Property sd_properties[] = {
2f0939c2
PMD		 2245 DEFINE_PROP_UINT8("spec_version", SDState,
2246 spec_version, SD_PHY_SPECv2_00_VERS),
260bc9d8
PM		 2247 DEFINE_PROP_DRIVE("drive", SDState, blk),
2248 /* We do not model the chip select pin, so allow the board to select
2249 * whether card should be in SSI or MMC/SD mode. It is also up to the
2250 * board to ensure that ssi transfers only occur when the chip select
2251 * is asserted. */
260bc9d8
PM		 2252 DEFINE_PROP_END_OF_LIST()
2253};
2254
2255static void sd_class_init(ObjectClass *klass, void *data)
2256{
2257 DeviceClass *dc = DEVICE_CLASS(klass);
c759a790 2258 SDCardClass *sc = SD_CARD_CLASS(klass);
260bc9d8
PM		 2259
2260 dc->realize = sd_realize;
4f67d30b 2261 device_class_set_props(dc, sd_properties);
260bc9d8 2262 dc->vmsd = &sd_vmstate;
ba3ed0fa 2263 dc->reset = sd_reset;
c759a790 2264 dc->bus_type = TYPE_SD_BUS;
2bbf3a91 2265 set_bit(DEVICE_CATEGORY_STORAGE, dc->categories);
c759a790 2266
0034ebe6 2267 sc->set_voltage = sd_set_voltage;
da346922
PMD		 2268 sc->get_dat_lines = sd_get_dat_lines;
2269 sc->get_cmd_line = sd_get_cmd_line;
c759a790 2270 sc->do_command = sd_do_command;
c769a88d
PMD		 2271 sc->write_byte = sd_write_byte;
2272 sc->read_byte = sd_read_byte;
995731d3 2273 sc->receive_ready = sd_receive_ready;
c759a790
PM		 2274 sc->data_ready = sd_data_ready;
2275 sc->enable = sd_enable;
2276 sc->get_inserted = sd_get_inserted;
2277 sc->get_readonly = sd_get_readonly;
c3287c0f 2278 sc->proto = &sd_proto_sd;
260bc9d8
PM		 2279}
2280
c3287c0f
CLG		 2281/*
2282 * We do not model the chip select pin, so allow the board to select
2283 * whether card should be in SSI or MMC/SD mode. It is also up to the
2284 * board to ensure that ssi transfers only occur when the chip select
2285 * is asserted.
2286 */
2287static void sd_spi_class_init(ObjectClass *klass, void *data)
2288{
2289 DeviceClass *dc = DEVICE_CLASS(klass);
2290 SDCardClass *sc = SD_CARD_CLASS(klass);
2291
2292 dc->desc = "SD SPI";
2293 sc->proto = &sd_proto_spi;
2294}
2295
88d2198c
PMD		 2296static const TypeInfo sd_types[] = {
2297 {
2298 .name = TYPE_SD_CARD,
2299 .parent = TYPE_DEVICE,
2300 .instance_size = sizeof(SDState),
2301 .class_size = sizeof(SDCardClass),
2302 .class_init = sd_class_init,
2303 .instance_init = sd_instance_init,
2304 .instance_finalize = sd_instance_finalize,
2305 },
2306 {
2307 .name = TYPE_SD_CARD_SPI,
2308 .parent = TYPE_SD_CARD,
2309 .class_init = sd_spi_class_init,
2310 },
c3287c0f
CLG		 2311};
2312
88d2198c 2313DEFINE_TYPES(sd_types)
Mirror of https://git.qemu.org/git/qemu.git