Google Git
Sign in
qemu / qemu / 615cf669b55a689f9e535ecf87075e50004b6e0a / . / hw / sd / sd.c
blob: 3e2a4511546a18fc96729a917444c121d9d559c5 [file] [log] [blame]
ths5fafdf22007-09-16 21:08:06 +0000[diff] [blame]1/*
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]2 * SD Memory Card emulation as defined in the "SD Memory Card Physical
3 * layer specification, Version 1.10."
4 *
5 * Copyright (c) 2006 Andrzej Zaborowski <balrog@zabor.org>
6 * Copyright (c) 2007 CodeSourcery
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in
16 * the documentation and/or other materials provided with the
17 * distribution.
18 *
19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS''
20 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
21 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
22 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR
23 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
24 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
25 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
26 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
27 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
28 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
29 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
30 */
31
Paolo Bonzini83c9f4c2013-02-04 15:40:22 +0100[diff] [blame]32#include "hw/hw.h"
Markus Armbruster4be74632014-10-07 13:59:18 +0200[diff] [blame]33#include "sysemu/block-backend.h"
Paolo Bonzini83c9f4c2013-02-04 15:40:22 +0100[diff] [blame]34#include "hw/sd.h"
Paolo Bonzini1de7afc2012-12-17 18:20:00 +0100[diff] [blame]35#include "qemu/bitmap.h"
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]36
37//#define DEBUG_SD 1
38
39#ifdef DEBUG_SD
Blue Swirl001faf32009-05-13 17:53:17 +0000[diff] [blame]40#define DPRINTF(fmt, ...) \
41do { fprintf(stderr, "SD: " fmt , ## __VA_ARGS__); } while (0)
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]42#else
Blue Swirl001faf32009-05-13 17:53:17 +0000[diff] [blame]43#define DPRINTF(fmt, ...) do {} while(0)
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]44#endif
45
Peter Crosthwaite37ab4a52013-06-03 17:17:45 +0100[diff] [blame]46#define ACMD41_ENQUIRY_MASK 0x00ffffff
47
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]48typedef enum {
49 sd_r0 = 0, /* no response */
50 sd_r1, /* normal response command */
51 sd_r2_i, /* CID register */
52 sd_r2_s, /* CSD register */
53 sd_r3, /* OCR register */
54 sd_r6 = 6, /* Published RCA response */
balrog1b088992007-12-24 14:41:39 +0000[diff] [blame]55 sd_r7, /* Operating voltage */
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]56 sd_r1b = -1,
Peter Maydell53bb8cc2011-12-18 21:37:55 +0100[diff] [blame]57 sd_illegal = -2,
Anthony Liguoric227f092009-10-01 16:12:16 -0500[diff] [blame]58} sd_rsp_type_t;
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]59
Igor Mitsyanko50a5be62012-10-30 07:45:12 +0000[diff] [blame]60enum SDCardModes {
61 sd_inactive,
62 sd_card_identification_mode,
63 sd_data_transfer_mode,
64};
65
66enum SDCardStates {
67 sd_inactive_state = -1,
68 sd_idle_state = 0,
69 sd_ready_state,
70 sd_identification_state,
71 sd_standby_state,
72 sd_transfer_state,
73 sd_sendingdata_state,
74 sd_receivingdata_state,
75 sd_programming_state,
76 sd_disconnect_state,
77};
78
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]79struct SDState {
Igor Mitsyanko50a5be62012-10-30 07:45:12 +0000[diff] [blame]80 uint32_t mode; /* current card mode, one of SDCardModes */
81 int32_t state; /* current card state, one of SDCardStates */
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]82 uint32_t ocr;
83 uint8_t scr[8];
84 uint8_t cid[16];
85 uint8_t csd[16];
86 uint16_t rca;
87 uint32_t card_status;
88 uint8_t sd_status[64];
balrog1b088992007-12-24 14:41:39 +0000[diff] [blame]89 uint32_t vhs;
Mitsyanko Igorbebd1272012-08-13 11:04:06 +0100[diff] [blame]90 bool wp_switch;
Mitsyanko Igora9c01832012-08-13 11:04:06 +0100[diff] [blame]91 unsigned long *wp_groups;
Igor Mitsyanko50a5be62012-10-30 07:45:12 +0000[diff] [blame]92 int32_t wpgrps_size;
Andrzej Zaborowski2d7adea2009-11-03 15:28:19 +0100[diff] [blame]93 uint64_t size;
Igor Mitsyanko50a5be62012-10-30 07:45:12 +0000[diff] [blame]94 uint32_t blk_len;
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]95 uint32_t erase_start;
96 uint32_t erase_end;
97 uint8_t pwd[16];
Igor Mitsyanko50a5be62012-10-30 07:45:12 +0000[diff] [blame]98 uint32_t pwd_len;
99 uint8_t function_group[6];
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]100
Mitsyanko Igorbebd1272012-08-13 11:04:06 +0100[diff] [blame]101 bool spi;
Igor Mitsyanko50a5be62012-10-30 07:45:12 +0000[diff] [blame]102 uint8_t current_cmd;
Peter Maydell1d06cb72011-12-18 21:37:59 +0100[diff] [blame]103 /* True if we will handle the next command as an ACMD. Note that this does
104 * *not* track the APP_CMD status bit!
105 */
Mitsyanko Igorbebd1272012-08-13 11:04:06 +0100[diff] [blame]106 bool expecting_acmd;
Igor Mitsyanko50a5be62012-10-30 07:45:12 +0000[diff] [blame]107 uint32_t blk_written;
Andrzej Zaborowski2d7adea2009-11-03 15:28:19 +0100[diff] [blame]108 uint64_t data_start;
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]109 uint32_t data_offset;
110 uint8_t data[512];
balrog02ce6002007-11-17 14:34:44 +0000[diff] [blame]111 qemu_irq readonly_cb;
112 qemu_irq inserted_cb;
Markus Armbruster4be74632014-10-07 13:59:18 +0200[diff] [blame]113 BlockBackend *blk;
balrog33f00272007-12-24 14:33:24 +0000[diff] [blame]114 uint8_t *buf;
balrog827df9f2008-04-14 21:05:22 +0000[diff] [blame]115
Mitsyanko Igorbebd1272012-08-13 11:04:06 +0100[diff] [blame]116 bool enable;
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]117};
118
Peter Maydell10a412d2011-12-18 21:37:58 +0100[diff] [blame]119static void sd_set_mode(SDState *sd)
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]120{
121 switch (sd->state) {
122 case sd_inactive_state:
123 sd->mode = sd_inactive;
124 break;
125
126 case sd_idle_state:
127 case sd_ready_state:
128 case sd_identification_state:
129 sd->mode = sd_card_identification_mode;
130 break;
131
132 case sd_standby_state:
133 case sd_transfer_state:
134 case sd_sendingdata_state:
135 case sd_receivingdata_state:
136 case sd_programming_state:
137 case sd_disconnect_state:
138 sd->mode = sd_data_transfer_mode;
139 break;
140 }
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]141}
142
Anthony Liguoric227f092009-10-01 16:12:16 -0500[diff] [blame]143static const sd_cmd_type_t sd_cmd_type[64] = {
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]144 sd_bc, sd_none, sd_bcr, sd_bcr, sd_none, sd_none, sd_none, sd_ac,
balrog1b088992007-12-24 14:41:39 +0000[diff] [blame]145 sd_bcr, sd_ac, sd_ac, sd_adtc, sd_ac, sd_ac, sd_none, sd_ac,
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]146 sd_ac, sd_adtc, sd_adtc, sd_none, sd_none, sd_none, sd_none, sd_none,
147 sd_adtc, sd_adtc, sd_adtc, sd_adtc, sd_ac, sd_ac, sd_adtc, sd_none,
148 sd_ac, sd_ac, sd_none, sd_none, sd_none, sd_none, sd_ac, sd_none,
149 sd_none, sd_none, sd_bc, sd_none, sd_none, sd_none, sd_none, sd_none,
150 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_ac,
151 sd_adtc, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
152};
153
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]154static const int sd_cmd_class[64] = {
155 0, 0, 0, 0, 0, 9, 10, 0, 0, 0, 0, 1, 0, 0, 0, 0,
156 2, 2, 2, 2, 3, 3, 3, 3, 4, 4, 4, 4, 6, 6, 6, 6,
157 5, 5, 10, 10, 10, 10, 5, 9, 9, 9, 7, 7, 7, 7, 7, 7,
158 7, 7, 10, 7, 9, 9, 9, 8, 8, 10, 8, 8, 8, 8, 8, 8,
159};
160
161static uint8_t sd_crc7(void *message, size_t width)
162{
163 int i, bit;
164 uint8_t shift_reg = 0x00;
165 uint8_t *msg = (uint8_t *) message;
166
167 for (i = 0; i < width; i ++, msg ++)
168 for (bit = 7; bit >= 0; bit --) {
169 shift_reg <<= 1;
170 if ((shift_reg >> 7) ^ ((*msg >> bit) & 1))
171 shift_reg ^= 0x89;
172 }
173
174 return shift_reg;
175}
176
177static uint16_t sd_crc16(void *message, size_t width)
178{
179 int i, bit;
180 uint16_t shift_reg = 0x0000;
181 uint16_t *msg = (uint16_t *) message;
182 width <<= 1;
183
184 for (i = 0; i < width; i ++, msg ++)
185 for (bit = 15; bit >= 0; bit --) {
186 shift_reg <<= 1;
187 if ((shift_reg >> 15) ^ ((*msg >> bit) & 1))
188 shift_reg ^= 0x1011;
189 }
190
191 return shift_reg;
192}
193
194static void sd_set_ocr(SDState *sd)
195{
balrog1b088992007-12-24 14:41:39 +0000[diff] [blame]196 /* All voltages OK, card power-up OK, Standard Capacity SD Memory Card */
aurel32829ef7b2009-03-07 22:10:40 +0000[diff] [blame]197 sd->ocr = 0x80ffff00;
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]198}
199
200static void sd_set_scr(SDState *sd)
201{
202 sd->scr[0] = 0x00; /* SCR Structure */
203 sd->scr[1] = 0x2f; /* SD Security Support */
204 sd->scr[2] = 0x00;
205 sd->scr[3] = 0x00;
206 sd->scr[4] = 0x00;
207 sd->scr[5] = 0x00;
208 sd->scr[6] = 0x00;
209 sd->scr[7] = 0x00;
210}
211
212#define MID 0xaa
213#define OID "XY"
214#define PNM "QEMU!"
215#define PRV 0x01
216#define MDT_YR 2006
217#define MDT_MON 2
218
219static void sd_set_cid(SDState *sd)
220{
221 sd->cid[0] = MID; /* Fake card manufacturer ID (MID) */
222 sd->cid[1] = OID[0]; /* OEM/Application ID (OID) */
223 sd->cid[2] = OID[1];
224 sd->cid[3] = PNM[0]; /* Fake product name (PNM) */
225 sd->cid[4] = PNM[1];
226 sd->cid[5] = PNM[2];
227 sd->cid[6] = PNM[3];
228 sd->cid[7] = PNM[4];
229 sd->cid[8] = PRV; /* Fake product revision (PRV) */
230 sd->cid[9] = 0xde; /* Fake serial number (PSN) */
231 sd->cid[10] = 0xad;
232 sd->cid[11] = 0xbe;
233 sd->cid[12] = 0xef;
234 sd->cid[13] = 0x00 | /* Manufacture date (MDT) */
235 ((MDT_YR - 2000) / 10);
236 sd->cid[14] = ((MDT_YR % 10) << 4) | MDT_MON;
237 sd->cid[15] = (sd_crc7(sd->cid, 15) << 1) | 1;
238}
239
240#define HWBLOCK_SHIFT 9 /* 512 bytes */
241#define SECTOR_SHIFT 5 /* 16 kilobytes */
242#define WPGROUP_SHIFT 7 /* 2 megs */
243#define CMULT_SHIFT 9 /* 512 times HWBLOCK_SIZE */
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]244#define WPGROUP_SIZE (1 << (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT))
245
246static const uint8_t sd_csd_rw_mask[16] = {
247 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
248 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xfc, 0xfe,
249};
250
Andrzej Zaborowski2d7adea2009-11-03 15:28:19 +0100[diff] [blame]251static void sd_set_csd(SDState *sd, uint64_t size)
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]252{
253 uint32_t csize = (size >> (CMULT_SHIFT + HWBLOCK_SHIFT)) - 1;
254 uint32_t sectsize = (1 << (SECTOR_SHIFT + 1)) - 1;
255 uint32_t wpsize = (1 << (WPGROUP_SHIFT + 1)) - 1;
256
Andrzej Zaborowski2d7adea2009-11-03 15:28:19 +0100[diff] [blame]257 if (size <= 0x40000000) { /* Standard Capacity SD */
258 sd->csd[0] = 0x00; /* CSD structure */
259 sd->csd[1] = 0x26; /* Data read access-time-1 */
260 sd->csd[2] = 0x00; /* Data read access-time-2 */
261 sd->csd[3] = 0x5a; /* Max. data transfer rate */
262 sd->csd[4] = 0x5f; /* Card Command Classes */
263 sd->csd[5] = 0x50 | /* Max. read data block length */
264 HWBLOCK_SHIFT;
265 sd->csd[6] = 0xe0 | /* Partial block for read allowed */
266 ((csize >> 10) & 0x03);
267 sd->csd[7] = 0x00 | /* Device size */
268 ((csize >> 2) & 0xff);
269 sd->csd[8] = 0x3f | /* Max. read current */
270 ((csize << 6) & 0xc0);
271 sd->csd[9] = 0xfc | /* Max. write current */
272 ((CMULT_SHIFT - 2) >> 1);
273 sd->csd[10] = 0x40 | /* Erase sector size */
274 (((CMULT_SHIFT - 2) << 7) & 0x80) | (sectsize >> 1);
275 sd->csd[11] = 0x00 | /* Write protect group size */
276 ((sectsize << 7) & 0x80) | wpsize;
277 sd->csd[12] = 0x90 | /* Write speed factor */
278 (HWBLOCK_SHIFT >> 2);
279 sd->csd[13] = 0x20 | /* Max. write data block length */
280 ((HWBLOCK_SHIFT << 6) & 0xc0);
281 sd->csd[14] = 0x00; /* File format group */
282 sd->csd[15] = (sd_crc7(sd->csd, 15) << 1) | 1;
283 } else { /* SDHC */
284 size /= 512 * 1024;
285 size -= 1;
286 sd->csd[0] = 0x40;
287 sd->csd[1] = 0x0e;
288 sd->csd[2] = 0x00;
289 sd->csd[3] = 0x32;
290 sd->csd[4] = 0x5b;
291 sd->csd[5] = 0x59;
292 sd->csd[6] = 0x00;
293 sd->csd[7] = (size >> 16) & 0xff;
294 sd->csd[8] = (size >> 8) & 0xff;
295 sd->csd[9] = (size & 0xff);
296 sd->csd[10] = 0x7f;
297 sd->csd[11] = 0x80;
298 sd->csd[12] = 0x0a;
299 sd->csd[13] = 0x40;
300 sd->csd[14] = 0x00;
301 sd->csd[15] = 0x00;
Peter Maydelle03ba132013-04-09 12:48:19 +0100[diff] [blame]302 sd->ocr |= 1 << 30; /* High Capacity SD Memory Card */
Andrzej Zaborowski2d7adea2009-11-03 15:28:19 +0100[diff] [blame]303 }
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]304}
305
306static void sd_set_rca(SDState *sd)
307{
308 sd->rca += 0x4567;
309}
310
Peter Maydellb8d334c2011-12-18 21:37:52 +0100[diff] [blame]311/* Card status bits, split by clear condition:
312 * A : According to the card current state
313 * B : Always related to the previous command
314 * C : Cleared by read
315 */
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]316#define CARD_STATUS_A 0x02004100
317#define CARD_STATUS_B 0x00c01e00
318#define CARD_STATUS_C 0xfd39a028
319
320static void sd_set_cardstatus(SDState *sd)
321{
322 sd->card_status = 0x00000100;
323}
324
325static void sd_set_sdstatus(SDState *sd)
326{
327 memset(sd->sd_status, 0, 64);
328}
329
Paul Brookbc24a222009-05-10 01:44:56 +0100[diff] [blame]330static int sd_req_crc_validate(SDRequest *req)
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]331{
332 uint8_t buffer[5];
333 buffer[0] = 0x40 | req->cmd;
334 buffer[1] = (req->arg >> 24) & 0xff;
335 buffer[2] = (req->arg >> 16) & 0xff;
336 buffer[3] = (req->arg >> 8) & 0xff;
337 buffer[4] = (req->arg >> 0) & 0xff;
338 return 0;
339 return sd_crc7(buffer, 5) != req->crc; /* TODO */
340}
341
Peter Maydell10a412d2011-12-18 21:37:58 +0100[diff] [blame]342static void sd_response_r1_make(SDState *sd, uint8_t *response)
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]343{
Peter Maydell10a412d2011-12-18 21:37:58 +0100[diff] [blame]344 uint32_t status = sd->card_status;
Peter Maydell1d06cb72011-12-18 21:37:59 +0100[diff] [blame]345 /* Clear the "clear on read" status bits */
346 sd->card_status &= ~CARD_STATUS_C;
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]347
348 response[0] = (status >> 24) & 0xff;
349 response[1] = (status >> 16) & 0xff;
350 response[2] = (status >> 8) & 0xff;
351 response[3] = (status >> 0) & 0xff;
352}
353
pbrook9596ebb2007-11-18 01:44:38 +0000[diff] [blame]354static void sd_response_r3_make(SDState *sd, uint8_t *response)
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]355{
356 response[0] = (sd->ocr >> 24) & 0xff;
357 response[1] = (sd->ocr >> 16) & 0xff;
358 response[2] = (sd->ocr >> 8) & 0xff;
359 response[3] = (sd->ocr >> 0) & 0xff;
360}
361
pbrook9596ebb2007-11-18 01:44:38 +0000[diff] [blame]362static void sd_response_r6_make(SDState *sd, uint8_t *response)
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]363{
364 uint16_t arg;
365 uint16_t status;
366
367 arg = sd->rca;
368 status = ((sd->card_status >> 8) & 0xc000) |
369 ((sd->card_status >> 6) & 0x2000) |
370 (sd->card_status & 0x1fff);
Peter Maydellfcfa9352011-12-18 21:38:00 +0100[diff] [blame]371 sd->card_status &= ~(CARD_STATUS_C & 0xc81fff);
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]372
373 response[0] = (arg >> 8) & 0xff;
374 response[1] = arg & 0xff;
375 response[2] = (status >> 8) & 0xff;
376 response[3] = status & 0xff;
377}
378
balrog1b088992007-12-24 14:41:39 +0000[diff] [blame]379static void sd_response_r7_make(SDState *sd, uint8_t *response)
380{
381 response[0] = (sd->vhs >> 24) & 0xff;
382 response[1] = (sd->vhs >> 16) & 0xff;
383 response[2] = (sd->vhs >> 8) & 0xff;
384 response[3] = (sd->vhs >> 0) & 0xff;
385}
386
Mitsyanko Igorb7202b82012-08-13 11:04:06 +0100[diff] [blame]387static inline uint64_t sd_addr_to_wpnum(uint64_t addr)
388{
389 return addr >> (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT);
390}
391
Peter Maydell16b781a2015-05-12 11:57:16 +0100[diff] [blame]392static void sd_reset(SDState *sd)
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]393{
Andrzej Zaborowski2d7adea2009-11-03 15:28:19 +0100[diff] [blame]394 uint64_t size;
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]395 uint64_t sect;
396
Peter Maydell16b781a2015-05-12 11:57:16 +0100[diff] [blame]397 if (sd->blk) {
398 blk_get_geometry(sd->blk, &sect);
Paul Brook03f311e2009-05-03 16:52:16 +0100[diff] [blame]399 } else {
400 sect = 0;
401 }
Vincent Palatin5e371412011-07-25 16:19:05 -0700[diff] [blame]402 size = sect << 9;
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]403
Mitsyanko Igorb7202b82012-08-13 11:04:06 +0100[diff] [blame]404 sect = sd_addr_to_wpnum(size) + 1;
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]405
406 sd->state = sd_idle_state;
407 sd->rca = 0x0000;
408 sd_set_ocr(sd);
409 sd_set_scr(sd);
410 sd_set_cid(sd);
411 sd_set_csd(sd, size);
412 sd_set_cardstatus(sd);
413 sd_set_sdstatus(sd);
414
Daniel P. Berrangeef1e1e02015-08-26 12:17:18 +0100[diff] [blame]415 g_free(sd->wp_groups);
Peter Maydell16b781a2015-05-12 11:57:16 +0100[diff] [blame]416 sd->wp_switch = sd->blk ? blk_is_read_only(sd->blk) : false;
Igor Mitsyanko50a5be62012-10-30 07:45:12 +0000[diff] [blame]417 sd->wpgrps_size = sect;
418 sd->wp_groups = bitmap_new(sd->wpgrps_size);
419 memset(sd->function_group, 0, sizeof(sd->function_group));
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]420 sd->erase_start = 0;
421 sd->erase_end = 0;
422 sd->size = size;
423 sd->blk_len = 0x200;
424 sd->pwd_len = 0;
Mitsyanko Igorbebd1272012-08-13 11:04:06 +0100[diff] [blame]425 sd->expecting_acmd = false;
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]426}
427
Markus Armbruster7d4b4ba2011-09-06 18:58:59 +0200[diff] [blame]428static void sd_cardchange(void *opaque, bool load)
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]429{
430 SDState *sd = opaque;
Christoph Hellwigdb97ee62011-01-24 13:32:41 +0100[diff] [blame]431
Markus Armbruster4be74632014-10-07 13:59:18 +0200[diff] [blame]432 qemu_set_irq(sd->inserted_cb, blk_is_inserted(sd->blk));
433 if (blk_is_inserted(sd->blk)) {
Peter Maydell16b781a2015-05-12 11:57:16 +0100[diff] [blame]434 sd_reset(sd);
pbrook257514d2007-11-17 15:32:38 +0000[diff] [blame]435 qemu_set_irq(sd->readonly_cb, sd->wp_switch);
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]436 }
437}
438
Markus Armbruster0e49de52011-08-03 15:07:41 +0200[diff] [blame]439static const BlockDevOps sd_block_ops = {
Markus Armbruster145feb12011-08-03 15:07:42 +0200[diff] [blame]440 .change_media_cb = sd_cardchange,
Markus Armbruster0e49de52011-08-03 15:07:41 +0200[diff] [blame]441};
442
Igor Mitsyanko50a5be62012-10-30 07:45:12 +0000[diff] [blame]443static const VMStateDescription sd_vmstate = {
444 .name = "sd-card",
445 .version_id = 1,
446 .minimum_version_id = 1,
447 .fields = (VMStateField[]) {
448 VMSTATE_UINT32(mode, SDState),
449 VMSTATE_INT32(state, SDState),
450 VMSTATE_UINT8_ARRAY(cid, SDState, 16),
451 VMSTATE_UINT8_ARRAY(csd, SDState, 16),
452 VMSTATE_UINT16(rca, SDState),
453 VMSTATE_UINT32(card_status, SDState),
454 VMSTATE_PARTIAL_BUFFER(sd_status, SDState, 1),
455 VMSTATE_UINT32(vhs, SDState),
456 VMSTATE_BITMAP(wp_groups, SDState, 0, wpgrps_size),
457 VMSTATE_UINT32(blk_len, SDState),
458 VMSTATE_UINT32(erase_start, SDState),
459 VMSTATE_UINT32(erase_end, SDState),
460 VMSTATE_UINT8_ARRAY(pwd, SDState, 16),
461 VMSTATE_UINT32(pwd_len, SDState),
462 VMSTATE_UINT8_ARRAY(function_group, SDState, 6),
463 VMSTATE_UINT8(current_cmd, SDState),
464 VMSTATE_BOOL(expecting_acmd, SDState),
465 VMSTATE_UINT32(blk_written, SDState),
466 VMSTATE_UINT64(data_start, SDState),
467 VMSTATE_UINT32(data_offset, SDState),
468 VMSTATE_UINT8_ARRAY(data, SDState, 512),
Igor Mitsyanko5f006792013-04-05 16:17:59 +0100[diff] [blame]469 VMSTATE_BUFFER_POINTER_UNSAFE(buf, SDState, 1, 512),
Igor Mitsyanko50a5be62012-10-30 07:45:12 +0000[diff] [blame]470 VMSTATE_BOOL(enable, SDState),
471 VMSTATE_END_OF_LIST()
472 }
473};
474
pbrook775616c2007-11-24 23:35:08 +0000[diff] [blame]475/* We do not model the chip select pin, so allow the board to select
balrog8ef63672007-11-25 18:46:17 +0000[diff] [blame]476 whether card should be in SSI or MMC/SD mode. It is also up to the
pbrook775616c2007-11-24 23:35:08 +0000[diff] [blame]477 board to ensure that ssi transfers only occur when the chip select
478 is asserted. */
Markus Armbruster4be74632014-10-07 13:59:18 +0200[diff] [blame]479SDState *sd_init(BlockBackend *blk, bool is_spi)
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]480{
481 SDState *sd;
482
Markus Armbruster4be74632014-10-07 13:59:18 +0200[diff] [blame]483 if (blk && blk_is_read_only(blk)) {
Kevin Wolf4f8a0662013-09-13 15:51:47 +0200[diff] [blame]484 fprintf(stderr, "sd_init: Cannot use read-only drive\n");
485 return NULL;
486 }
487
Anthony Liguori7267c092011-08-20 22:09:37 -0500[diff] [blame]488 sd = (SDState *) g_malloc0(sizeof(SDState));
Markus Armbruster4be74632014-10-07 13:59:18 +0200[diff] [blame]489 sd->buf = blk_blockalign(blk, 512);
pbrook775616c2007-11-24 23:35:08 +0000[diff] [blame]490 sd->spi = is_spi;
Mitsyanko Igorbebd1272012-08-13 11:04:06 +0100[diff] [blame]491 sd->enable = true;
Peter Maydell16b781a2015-05-12 11:57:16 +0100[diff] [blame]492 sd->blk = blk;
493 sd_reset(sd);
Markus Armbruster4be74632014-10-07 13:59:18 +0200[diff] [blame]494 if (sd->blk) {
495 blk_attach_dev_nofail(sd->blk, sd);
496 blk_set_dev_ops(sd->blk, &sd_block_ops, sd);
Paul Brook03f311e2009-05-03 16:52:16 +0100[diff] [blame]497 }
Igor Mitsyanko50a5be62012-10-30 07:45:12 +0000[diff] [blame]498 vmstate_register(NULL, -1, &sd_vmstate, sd);
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]499 return sd;
500}
501
balrog02ce6002007-11-17 14:34:44 +0000[diff] [blame]502void sd_set_cb(SDState *sd, qemu_irq readonly, qemu_irq insert)
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]503{
balrog02ce6002007-11-17 14:34:44 +0000[diff] [blame]504 sd->readonly_cb = readonly;
505 sd->inserted_cb = insert;
Markus Armbruster4be74632014-10-07 13:59:18 +0200[diff] [blame]506 qemu_set_irq(readonly, sd->blk ? blk_is_read_only(sd->blk) : 0);
507 qemu_set_irq(insert, sd->blk ? blk_is_inserted(sd->blk) : 0);
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]508}
509
510static void sd_erase(SDState *sd)
511{
Igor Mitsyankof2d189d2012-10-30 07:45:12 +0000[diff] [blame]512 int i;
513 uint64_t erase_start = sd->erase_start;
514 uint64_t erase_end = sd->erase_end;
515
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]516 if (!sd->erase_start || !sd->erase_end) {
517 sd->card_status |= ERASE_SEQ_ERROR;
518 return;
519 }
520
Igor Mitsyankof2d189d2012-10-30 07:45:12 +0000[diff] [blame]521 if (extract32(sd->ocr, OCR_CCS_BITN, 1)) {
522 /* High capacity memory card: erase units are 512 byte blocks */
523 erase_start *= 512;
524 erase_end *= 512;
525 }
526
527 erase_start = sd_addr_to_wpnum(erase_start);
528 erase_end = sd_addr_to_wpnum(erase_end);
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]529 sd->erase_start = 0;
530 sd->erase_end = 0;
531 sd->csd[14] |= 0x40;
532
Igor Mitsyankof2d189d2012-10-30 07:45:12 +0000[diff] [blame]533 for (i = erase_start; i <= erase_end; i++) {
Mitsyanko Igora9c01832012-08-13 11:04:06 +0100[diff] [blame]534 if (test_bit(i, sd->wp_groups)) {
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]535 sd->card_status |= WP_ERASE_SKIP;
Mitsyanko Igora9c01832012-08-13 11:04:06 +0100[diff] [blame]536 }
537 }
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]538}
539
Andrzej Zaborowski2d7adea2009-11-03 15:28:19 +0100[diff] [blame]540static uint32_t sd_wpbits(SDState *sd, uint64_t addr)
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]541{
542 uint32_t i, wpnum;
543 uint32_t ret = 0;
544
Mitsyanko Igorb7202b82012-08-13 11:04:06 +0100[diff] [blame]545 wpnum = sd_addr_to_wpnum(addr);
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]546
Mitsyanko Igora9c01832012-08-13 11:04:06 +0100[diff] [blame]547 for (i = 0; i < 32; i++, wpnum++, addr += WPGROUP_SIZE) {
548 if (addr < sd->size && test_bit(wpnum, sd->wp_groups)) {
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]549 ret |= (1 << i);
Mitsyanko Igora9c01832012-08-13 11:04:06 +0100[diff] [blame]550 }
551 }
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]552
553 return ret;
554}
555
556static void sd_function_switch(SDState *sd, uint32_t arg)
557{
558 int i, mode, new_func, crc;
559 mode = !!(arg & 0x80000000);
560
561 sd->data[0] = 0x00; /* Maximum current consumption */
562 sd->data[1] = 0x01;
563 sd->data[2] = 0x80; /* Supported group 6 functions */
564 sd->data[3] = 0x01;
565 sd->data[4] = 0x80; /* Supported group 5 functions */
566 sd->data[5] = 0x01;
567 sd->data[6] = 0x80; /* Supported group 4 functions */
568 sd->data[7] = 0x01;
569 sd->data[8] = 0x80; /* Supported group 3 functions */
570 sd->data[9] = 0x01;
571 sd->data[10] = 0x80; /* Supported group 2 functions */
572 sd->data[11] = 0x43;
573 sd->data[12] = 0x80; /* Supported group 1 functions */
574 sd->data[13] = 0x03;
575 for (i = 0; i < 6; i ++) {
576 new_func = (arg >> (i * 4)) & 0x0f;
577 if (mode && new_func != 0x0f)
578 sd->function_group[i] = new_func;
579 sd->data[14 + (i >> 1)] = new_func << ((i * 4) & 4);
580 }
581 memset(&sd->data[17], 0, 47);
582 crc = sd_crc16(sd->data, 64);
583 sd->data[65] = crc >> 8;
584 sd->data[66] = crc & 0xff;
585}
586
Mitsyanko Igor4e8f1be2012-08-13 11:04:07 +0100[diff] [blame]587static inline bool sd_wp_addr(SDState *sd, uint64_t addr)
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]588{
Mitsyanko Igorb7202b82012-08-13 11:04:06 +0100[diff] [blame]589 return test_bit(sd_addr_to_wpnum(addr), sd->wp_groups);
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]590}
591
592static void sd_lock_command(SDState *sd)
593{
594 int erase, lock, clr_pwd, set_pwd, pwd_len;
595 erase = !!(sd->data[0] & 0x08);
596 lock = sd->data[0] & 0x04;
597 clr_pwd = sd->data[0] & 0x02;
598 set_pwd = sd->data[0] & 0x01;
599
600 if (sd->blk_len > 1)
601 pwd_len = sd->data[1];
602 else
603 pwd_len = 0;
604
605 if (erase) {
606 if (!(sd->card_status & CARD_IS_LOCKED) || sd->blk_len > 1 ||
607 set_pwd || clr_pwd || lock || sd->wp_switch ||
608 (sd->csd[14] & 0x20)) {
609 sd->card_status |= LOCK_UNLOCK_FAILED;
610 return;
611 }
Igor Mitsyanko50a5be62012-10-30 07:45:12 +0000[diff] [blame]612 bitmap_zero(sd->wp_groups, sd->wpgrps_size);
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]613 sd->csd[14] &= ~0x10;
614 sd->card_status &= ~CARD_IS_LOCKED;
615 sd->pwd_len = 0;
616 /* Erasing the entire card here! */
balrog827df9f2008-04-14 21:05:22 +0000[diff] [blame]617 fprintf(stderr, "SD: Card force-erased by CMD42\n");
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]618 return;
619 }
620
621 if (sd->blk_len < 2 + pwd_len ||
622 pwd_len <= sd->pwd_len ||
623 pwd_len > sd->pwd_len + 16) {
624 sd->card_status |= LOCK_UNLOCK_FAILED;
625 return;
626 }
627
628 if (sd->pwd_len && memcmp(sd->pwd, sd->data + 2, sd->pwd_len)) {
629 sd->card_status |= LOCK_UNLOCK_FAILED;
630 return;
631 }
632
633 pwd_len -= sd->pwd_len;
634 if ((pwd_len && !set_pwd) ||
635 (clr_pwd && (set_pwd || lock)) ||
636 (lock && !sd->pwd_len && !set_pwd) ||
637 (!set_pwd && !clr_pwd &&
638 (((sd->card_status & CARD_IS_LOCKED) && lock) ||
639 (!(sd->card_status & CARD_IS_LOCKED) && !lock)))) {
640 sd->card_status |= LOCK_UNLOCK_FAILED;
641 return;
642 }
643
644 if (set_pwd) {
645 memcpy(sd->pwd, sd->data + 2 + sd->pwd_len, pwd_len);
646 sd->pwd_len = pwd_len;
647 }
648
649 if (clr_pwd) {
650 sd->pwd_len = 0;
651 }
652
653 if (lock)
654 sd->card_status |= CARD_IS_LOCKED;
655 else
656 sd->card_status &= ~CARD_IS_LOCKED;
657}
658
Anthony Liguoric227f092009-10-01 16:12:16 -0500[diff] [blame]659static sd_rsp_type_t sd_normal_command(SDState *sd,
Paul Brookbc24a222009-05-10 01:44:56 +0100[diff] [blame]660 SDRequest req)
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]661{
662 uint32_t rca = 0x0000;
Andrzej Zaborowski2d7adea2009-11-03 15:28:19 +0100[diff] [blame]663 uint64_t addr = (sd->ocr & (1 << 30)) ? (uint64_t) req.arg << 9 : req.arg;
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]664
Peter Maydell1d06cb72011-12-18 21:37:59 +0100[diff] [blame]665 /* Not interpreting this as an app command */
666 sd->card_status &= ~APP_CMD;
667
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]668 if (sd_cmd_type[req.cmd] == sd_ac || sd_cmd_type[req.cmd] == sd_adtc)
669 rca = req.arg >> 16;
670
671 DPRINTF("CMD%d 0x%08x state %d\n", req.cmd, req.arg, sd->state);
672 switch (req.cmd) {
673 /* Basic commands (Class 0 and Class 1) */
674 case 0: /* CMD0: GO_IDLE_STATE */
675 switch (sd->state) {
676 case sd_inactive_state:
pbrook775616c2007-11-24 23:35:08 +0000[diff] [blame]677 return sd->spi ? sd_r1 : sd_r0;
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]678
679 default:
680 sd->state = sd_idle_state;
Peter Maydell16b781a2015-05-12 11:57:16 +0100[diff] [blame]681 sd_reset(sd);
pbrook775616c2007-11-24 23:35:08 +0000[diff] [blame]682 return sd->spi ? sd_r1 : sd_r0;
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]683 }
684 break;
685
pbrook775616c2007-11-24 23:35:08 +0000[diff] [blame]686 case 1: /* CMD1: SEND_OP_CMD */
687 if (!sd->spi)
688 goto bad_cmd;
689
690 sd->state = sd_transfer_state;
691 return sd_r1;
692
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]693 case 2: /* CMD2: ALL_SEND_CID */
pbrook775616c2007-11-24 23:35:08 +0000[diff] [blame]694 if (sd->spi)
695 goto bad_cmd;
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]696 switch (sd->state) {
697 case sd_ready_state:
698 sd->state = sd_identification_state;
699 return sd_r2_i;
700
701 default:
702 break;
703 }
704 break;
705
706 case 3: /* CMD3: SEND_RELATIVE_ADDR */
pbrook775616c2007-11-24 23:35:08 +0000[diff] [blame]707 if (sd->spi)
708 goto bad_cmd;
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]709 switch (sd->state) {
710 case sd_identification_state:
711 case sd_standby_state:
712 sd->state = sd_standby_state;
713 sd_set_rca(sd);
714 return sd_r6;
715
716 default:
717 break;
718 }
719 break;
720
721 case 4: /* CMD4: SEND_DSR */
pbrook775616c2007-11-24 23:35:08 +0000[diff] [blame]722 if (sd->spi)
723 goto bad_cmd;
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]724 switch (sd->state) {
725 case sd_standby_state:
726 break;
727
728 default:
729 break;
730 }
731 break;
732
Juha Riihimäki109ac322009-12-03 15:56:07 +0200[diff] [blame]733 case 5: /* CMD5: reserved for SDIO cards */
Peter Maydell53bb8cc2011-12-18 21:37:55 +0100[diff] [blame]734 return sd_illegal;
Juha Riihimäki109ac322009-12-03 15:56:07 +0200[diff] [blame]735
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]736 case 6: /* CMD6: SWITCH_FUNCTION */
pbrook775616c2007-11-24 23:35:08 +0000[diff] [blame]737 if (sd->spi)
738 goto bad_cmd;
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]739 switch (sd->mode) {
740 case sd_data_transfer_mode:
741 sd_function_switch(sd, req.arg);
742 sd->state = sd_sendingdata_state;
743 sd->data_start = 0;
744 sd->data_offset = 0;
745 return sd_r1;
746
747 default:
748 break;
749 }
750 break;
751
752 case 7: /* CMD7: SELECT/DESELECT_CARD */
pbrook775616c2007-11-24 23:35:08 +0000[diff] [blame]753 if (sd->spi)
754 goto bad_cmd;
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]755 switch (sd->state) {
756 case sd_standby_state:
757 if (sd->rca != rca)
758 return sd_r0;
759
760 sd->state = sd_transfer_state;
761 return sd_r1b;
762
763 case sd_transfer_state:
764 case sd_sendingdata_state:
765 if (sd->rca == rca)
766 break;
767
768 sd->state = sd_standby_state;
769 return sd_r1b;
770
771 case sd_disconnect_state:
772 if (sd->rca != rca)
773 return sd_r0;
774
775 sd->state = sd_programming_state;
776 return sd_r1b;
777
778 case sd_programming_state:
779 if (sd->rca == rca)
780 break;
781
782 sd->state = sd_disconnect_state;
783 return sd_r1b;
784
785 default:
786 break;
787 }
788 break;
789
balrog1b088992007-12-24 14:41:39 +0000[diff] [blame]790 case 8: /* CMD8: SEND_IF_COND */
791 /* Physical Layer Specification Version 2.00 command */
792 switch (sd->state) {
793 case sd_idle_state:
794 sd->vhs = 0;
795
796 /* No response if not exactly one VHS bit is set. */
Stefan Hajnoczic9d93312015-03-23 15:29:28 +0000[diff] [blame]797 if (!(req.arg >> 8) || (req.arg >> (ctz32(req.arg & ~0xff) + 1))) {
balrog1b088992007-12-24 14:41:39 +0000[diff] [blame]798 return sd->spi ? sd_r7 : sd_r0;
Stefan Hajnoczic9d93312015-03-23 15:29:28 +0000[diff] [blame]799 }
balrog1b088992007-12-24 14:41:39 +0000[diff] [blame]800
801 /* Accept. */
802 sd->vhs = req.arg;
803 return sd_r7;
804
805 default:
806 break;
807 }
808 break;
809
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]810 case 9: /* CMD9: SEND_CSD */
811 switch (sd->state) {
812 case sd_standby_state:
813 if (sd->rca != rca)
814 return sd_r0;
815
816 return sd_r2_s;
817
pbrook775616c2007-11-24 23:35:08 +0000[diff] [blame]818 case sd_transfer_state:
819 if (!sd->spi)
820 break;
821 sd->state = sd_sendingdata_state;
822 memcpy(sd->data, sd->csd, 16);
Andrzej Zaborowski2d7adea2009-11-03 15:28:19 +0100[diff] [blame]823 sd->data_start = addr;
pbrook775616c2007-11-24 23:35:08 +0000[diff] [blame]824 sd->data_offset = 0;
825 return sd_r1;
826
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]827 default:
828 break;
829 }
830 break;
831
832 case 10: /* CMD10: SEND_CID */
833 switch (sd->state) {
834 case sd_standby_state:
835 if (sd->rca != rca)
836 return sd_r0;
837
838 return sd_r2_i;
839
pbrook775616c2007-11-24 23:35:08 +0000[diff] [blame]840 case sd_transfer_state:
841 if (!sd->spi)
842 break;
843 sd->state = sd_sendingdata_state;
844 memcpy(sd->data, sd->cid, 16);
Andrzej Zaborowski2d7adea2009-11-03 15:28:19 +0100[diff] [blame]845 sd->data_start = addr;
pbrook775616c2007-11-24 23:35:08 +0000[diff] [blame]846 sd->data_offset = 0;
847 return sd_r1;
848
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]849 default:
850 break;
851 }
852 break;
853
854 case 11: /* CMD11: READ_DAT_UNTIL_STOP */
pbrook775616c2007-11-24 23:35:08 +0000[diff] [blame]855 if (sd->spi)
856 goto bad_cmd;
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]857 switch (sd->state) {
858 case sd_transfer_state:
859 sd->state = sd_sendingdata_state;
860 sd->data_start = req.arg;
861 sd->data_offset = 0;
862
863 if (sd->data_start + sd->blk_len > sd->size)
864 sd->card_status |= ADDRESS_ERROR;
865 return sd_r0;
866
867 default:
868 break;
869 }
870 break;
871
872 case 12: /* CMD12: STOP_TRANSMISSION */
873 switch (sd->state) {
874 case sd_sendingdata_state:
875 sd->state = sd_transfer_state;
876 return sd_r1b;
877
878 case sd_receivingdata_state:
879 sd->state = sd_programming_state;
880 /* Bzzzzzzztt .... Operation complete. */
881 sd->state = sd_transfer_state;
882 return sd_r1b;
883
884 default:
885 break;
886 }
887 break;
888
889 case 13: /* CMD13: SEND_STATUS */
890 switch (sd->mode) {
891 case sd_data_transfer_mode:
892 if (sd->rca != rca)
893 return sd_r0;
894
895 return sd_r1;
896
897 default:
898 break;
899 }
900 break;
901
902 case 15: /* CMD15: GO_INACTIVE_STATE */
pbrook775616c2007-11-24 23:35:08 +0000[diff] [blame]903 if (sd->spi)
904 goto bad_cmd;
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]905 switch (sd->mode) {
906 case sd_data_transfer_mode:
907 if (sd->rca != rca)
908 return sd_r0;
909
910 sd->state = sd_inactive_state;
911 return sd_r0;
912
913 default:
914 break;
915 }
916 break;
917
918 /* Block read commands (Classs 2) */
919 case 16: /* CMD16: SET_BLOCKLEN */
920 switch (sd->state) {
921 case sd_transfer_state:
922 if (req.arg > (1 << HWBLOCK_SHIFT))
923 sd->card_status |= BLOCK_LEN_ERROR;
924 else
925 sd->blk_len = req.arg;
926
927 return sd_r1;
928
929 default:
930 break;
931 }
932 break;
933
934 case 17: /* CMD17: READ_SINGLE_BLOCK */
935 switch (sd->state) {
936 case sd_transfer_state:
937 sd->state = sd_sendingdata_state;
Andrzej Zaborowski2d7adea2009-11-03 15:28:19 +0100[diff] [blame]938 sd->data_start = addr;
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]939 sd->data_offset = 0;
940
941 if (sd->data_start + sd->blk_len > sd->size)
942 sd->card_status |= ADDRESS_ERROR;
943 return sd_r1;
944
945 default:
946 break;
947 }
948 break;
949
950 case 18: /* CMD18: READ_MULTIPLE_BLOCK */
951 switch (sd->state) {
952 case sd_transfer_state:
953 sd->state = sd_sendingdata_state;
Andrzej Zaborowski2d7adea2009-11-03 15:28:19 +0100[diff] [blame]954 sd->data_start = addr;
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]955 sd->data_offset = 0;
956
957 if (sd->data_start + sd->blk_len > sd->size)
958 sd->card_status |= ADDRESS_ERROR;
959 return sd_r1;
960
961 default:
962 break;
963 }
964 break;
965
966 /* Block write commands (Class 4) */
967 case 24: /* CMD24: WRITE_SINGLE_BLOCK */
pbrook775616c2007-11-24 23:35:08 +0000[diff] [blame]968 if (sd->spi)
969 goto unimplemented_cmd;
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]970 switch (sd->state) {
971 case sd_transfer_state:
pbrook775616c2007-11-24 23:35:08 +0000[diff] [blame]972 /* Writing in SPI mode not implemented. */
973 if (sd->spi)
974 break;
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]975 sd->state = sd_receivingdata_state;
Andrzej Zaborowski2d7adea2009-11-03 15:28:19 +0100[diff] [blame]976 sd->data_start = addr;
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]977 sd->data_offset = 0;
978 sd->blk_written = 0;
979
980 if (sd->data_start + sd->blk_len > sd->size)
981 sd->card_status |= ADDRESS_ERROR;
982 if (sd_wp_addr(sd, sd->data_start))
983 sd->card_status |= WP_VIOLATION;
984 if (sd->csd[14] & 0x30)
985 sd->card_status |= WP_VIOLATION;
986 return sd_r1;
987
988 default:
989 break;
990 }
991 break;
992
993 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
pbrook775616c2007-11-24 23:35:08 +0000[diff] [blame]994 if (sd->spi)
995 goto unimplemented_cmd;
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]996 switch (sd->state) {
997 case sd_transfer_state:
pbrook775616c2007-11-24 23:35:08 +0000[diff] [blame]998 /* Writing in SPI mode not implemented. */
999 if (sd->spi)
1000 break;
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]1001 sd->state = sd_receivingdata_state;
Andrzej Zaborowski2d7adea2009-11-03 15:28:19 +0100[diff] [blame]1002 sd->data_start = addr;
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]1003 sd->data_offset = 0;
1004 sd->blk_written = 0;
1005
1006 if (sd->data_start + sd->blk_len > sd->size)
1007 sd->card_status |= ADDRESS_ERROR;
1008 if (sd_wp_addr(sd, sd->data_start))
1009 sd->card_status |= WP_VIOLATION;
1010 if (sd->csd[14] & 0x30)
1011 sd->card_status |= WP_VIOLATION;
1012 return sd_r1;
1013
1014 default:
1015 break;
1016 }
1017 break;
1018
1019 case 26: /* CMD26: PROGRAM_CID */
pbrook775616c2007-11-24 23:35:08 +0000[diff] [blame]1020 if (sd->spi)
1021 goto bad_cmd;
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]1022 switch (sd->state) {
1023 case sd_transfer_state:
1024 sd->state = sd_receivingdata_state;
1025 sd->data_start = 0;
1026 sd->data_offset = 0;
1027 return sd_r1;
1028
1029 default:
1030 break;
1031 }
1032 break;
1033
1034 case 27: /* CMD27: PROGRAM_CSD */
pbrook775616c2007-11-24 23:35:08 +0000[diff] [blame]1035 if (sd->spi)
1036 goto unimplemented_cmd;
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]1037 switch (sd->state) {
1038 case sd_transfer_state:
1039 sd->state = sd_receivingdata_state;
1040 sd->data_start = 0;
1041 sd->data_offset = 0;
1042 return sd_r1;
1043
1044 default:
1045 break;
1046 }
1047 break;
1048
1049 /* Write protection (Class 6) */
1050 case 28: /* CMD28: SET_WRITE_PROT */
1051 switch (sd->state) {
1052 case sd_transfer_state:
Andrzej Zaborowski2d7adea2009-11-03 15:28:19 +0100[diff] [blame]1053 if (addr >= sd->size) {
Peter Maydelle30d5932011-12-18 21:37:54 +0100[diff] [blame]1054 sd->card_status |= ADDRESS_ERROR;
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]1055 return sd_r1b;
1056 }
1057
1058 sd->state = sd_programming_state;
Mitsyanko Igorb7202b82012-08-13 11:04:06 +0100[diff] [blame]1059 set_bit(sd_addr_to_wpnum(addr), sd->wp_groups);
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]1060 /* Bzzzzzzztt .... Operation complete. */
1061 sd->state = sd_transfer_state;
1062 return sd_r1b;
1063
1064 default:
1065 break;
1066 }
1067 break;
1068
1069 case 29: /* CMD29: CLR_WRITE_PROT */
1070 switch (sd->state) {
1071 case sd_transfer_state:
Andrzej Zaborowski2d7adea2009-11-03 15:28:19 +0100[diff] [blame]1072 if (addr >= sd->size) {
Peter Maydelle30d5932011-12-18 21:37:54 +0100[diff] [blame]1073 sd->card_status |= ADDRESS_ERROR;
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]1074 return sd_r1b;
1075 }
1076
1077 sd->state = sd_programming_state;
Mitsyanko Igorb7202b82012-08-13 11:04:06 +0100[diff] [blame]1078 clear_bit(sd_addr_to_wpnum(addr), sd->wp_groups);
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]1079 /* Bzzzzzzztt .... Operation complete. */
1080 sd->state = sd_transfer_state;
1081 return sd_r1b;
1082
1083 default:
1084 break;
1085 }
1086 break;
1087
1088 case 30: /* CMD30: SEND_WRITE_PROT */
1089 switch (sd->state) {
1090 case sd_transfer_state:
1091 sd->state = sd_sendingdata_state;
1092 *(uint32_t *) sd->data = sd_wpbits(sd, req.arg);
Andrzej Zaborowski2d7adea2009-11-03 15:28:19 +0100[diff] [blame]1093 sd->data_start = addr;
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]1094 sd->data_offset = 0;
1095 return sd_r1b;
1096
1097 default:
1098 break;
1099 }
1100 break;
1101
1102 /* Erase commands (Class 5) */
1103 case 32: /* CMD32: ERASE_WR_BLK_START */
1104 switch (sd->state) {
1105 case sd_transfer_state:
1106 sd->erase_start = req.arg;
1107 return sd_r1;
1108
1109 default:
1110 break;
1111 }
1112 break;
1113
1114 case 33: /* CMD33: ERASE_WR_BLK_END */
1115 switch (sd->state) {
1116 case sd_transfer_state:
1117 sd->erase_end = req.arg;
1118 return sd_r1;
1119
1120 default:
1121 break;
1122 }
1123 break;
1124
1125 case 38: /* CMD38: ERASE */
1126 switch (sd->state) {
1127 case sd_transfer_state:
1128 if (sd->csd[14] & 0x30) {
1129 sd->card_status |= WP_VIOLATION;
1130 return sd_r1b;
1131 }
1132
1133 sd->state = sd_programming_state;
1134 sd_erase(sd);
1135 /* Bzzzzzzztt .... Operation complete. */
1136 sd->state = sd_transfer_state;
1137 return sd_r1b;
1138
1139 default:
1140 break;
1141 }
1142 break;
1143
1144 /* Lock card commands (Class 7) */
1145 case 42: /* CMD42: LOCK_UNLOCK */
pbrook775616c2007-11-24 23:35:08 +0000[diff] [blame]1146 if (sd->spi)
1147 goto unimplemented_cmd;
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]1148 switch (sd->state) {
1149 case sd_transfer_state:
1150 sd->state = sd_receivingdata_state;
1151 sd->data_start = 0;
1152 sd->data_offset = 0;
1153 return sd_r1;
1154
1155 default:
1156 break;
1157 }
1158 break;
1159
Peter Maydell39e594d2011-05-20 10:11:53 +0100[diff] [blame]1160 case 52:
1161 case 53:
1162 /* CMD52, CMD53: reserved for SDIO cards
1163 * (see the SDIO Simplified Specification V2.0)
1164 * Handle as illegal command but do not complain
1165 * on stderr, as some OSes may use these in their
1166 * probing for presence of an SDIO card.
1167 */
Peter Maydell53bb8cc2011-12-18 21:37:55 +0100[diff] [blame]1168 return sd_illegal;
Peter Maydell39e594d2011-05-20 10:11:53 +0100[diff] [blame]1169
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]1170 /* Application specific commands (Class 8) */
1171 case 55: /* CMD55: APP_CMD */
1172 if (sd->rca != rca)
1173 return sd_r0;
1174
Mitsyanko Igorbebd1272012-08-13 11:04:06 +0100[diff] [blame]1175 sd->expecting_acmd = true;
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]1176 sd->card_status |= APP_CMD;
1177 return sd_r1;
1178
1179 case 56: /* CMD56: GEN_CMD */
balrog827df9f2008-04-14 21:05:22 +0000[diff] [blame]1180 fprintf(stderr, "SD: GEN_CMD 0x%08x\n", req.arg);
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]1181
1182 switch (sd->state) {
1183 case sd_transfer_state:
1184 sd->data_offset = 0;
1185 if (req.arg & 1)
1186 sd->state = sd_sendingdata_state;
1187 else
1188 sd->state = sd_receivingdata_state;
1189 return sd_r1;
1190
1191 default:
1192 break;
1193 }
1194 break;
1195
1196 default:
pbrook775616c2007-11-24 23:35:08 +0000[diff] [blame]1197 bad_cmd:
balrog827df9f2008-04-14 21:05:22 +0000[diff] [blame]1198 fprintf(stderr, "SD: Unknown CMD%i\n", req.cmd);
Peter Maydell53bb8cc2011-12-18 21:37:55 +0100[diff] [blame]1199 return sd_illegal;
pbrook775616c2007-11-24 23:35:08 +0000[diff] [blame]1200
1201 unimplemented_cmd:
1202 /* Commands that are recognised but not yet implemented in SPI mode. */
balrog827df9f2008-04-14 21:05:22 +0000[diff] [blame]1203 fprintf(stderr, "SD: CMD%i not implemented in SPI mode\n", req.cmd);
Peter Maydell53bb8cc2011-12-18 21:37:55 +0100[diff] [blame]1204 return sd_illegal;
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]1205 }
1206
balrog827df9f2008-04-14 21:05:22 +0000[diff] [blame]1207 fprintf(stderr, "SD: CMD%i in a wrong state\n", req.cmd);
Peter Maydell53bb8cc2011-12-18 21:37:55 +0100[diff] [blame]1208 return sd_illegal;
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]1209}
1210
Anthony Liguoric227f092009-10-01 16:12:16 -0500[diff] [blame]1211static sd_rsp_type_t sd_app_command(SDState *sd,
Blue Swirl22ed1d342010-04-25 19:31:06 +0000[diff] [blame]1212 SDRequest req)
1213{
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]1214 DPRINTF("ACMD%d 0x%08x\n", req.cmd, req.arg);
Peter Maydell1d06cb72011-12-18 21:37:59 +0100[diff] [blame]1215 sd->card_status |= APP_CMD;
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]1216 switch (req.cmd) {
1217 case 6: /* ACMD6: SET_BUS_WIDTH */
1218 switch (sd->state) {
1219 case sd_transfer_state:
1220 sd->sd_status[0] &= 0x3f;
1221 sd->sd_status[0] |= (req.arg & 0x03) << 6;
1222 return sd_r1;
1223
1224 default:
1225 break;
1226 }
1227 break;
1228
1229 case 13: /* ACMD13: SD_STATUS */
1230 switch (sd->state) {
1231 case sd_transfer_state:
Peter Maydellfb1ba032011-02-18 13:39:00 +0000[diff] [blame]1232 sd->state = sd_sendingdata_state;
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]1233 sd->data_start = 0;
1234 sd->data_offset = 0;
1235 return sd_r1;
1236
1237 default:
1238 break;
1239 }
1240 break;
1241
1242 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
1243 switch (sd->state) {
1244 case sd_transfer_state:
1245 *(uint32_t *) sd->data = sd->blk_written;
1246
Peter Maydellfb1ba032011-02-18 13:39:00 +0000[diff] [blame]1247 sd->state = sd_sendingdata_state;
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]1248 sd->data_start = 0;
1249 sd->data_offset = 0;
1250 return sd_r1;
1251
1252 default:
1253 break;
1254 }
1255 break;
1256
1257 case 23: /* ACMD23: SET_WR_BLK_ERASE_COUNT */
1258 switch (sd->state) {
1259 case sd_transfer_state:
1260 return sd_r1;
1261
1262 default:
1263 break;
1264 }
1265 break;
1266
1267 case 41: /* ACMD41: SD_APP_OP_COND */
pbrook775616c2007-11-24 23:35:08 +0000[diff] [blame]1268 if (sd->spi) {
1269 /* SEND_OP_CMD */
1270 sd->state = sd_transfer_state;
1271 return sd_r1;
1272 }
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]1273 switch (sd->state) {
1274 case sd_idle_state:
Peter Crosthwaite37ab4a52013-06-03 17:17:45 +0100[diff] [blame]1275 /* We accept any voltage. 10000 V is nothing.
1276 *
1277 * We don't model init delay so just advance straight to ready state
1278 * unless it's an enquiry ACMD41 (bits 23:0 == 0).
1279 */
1280 if (req.arg & ACMD41_ENQUIRY_MASK) {
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]1281 sd->state = sd_ready_state;
Peter Crosthwaite37ab4a52013-06-03 17:17:45 +0100[diff] [blame]1282 }
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]1283
1284 return sd_r3;
1285
1286 default:
1287 break;
1288 }
1289 break;
1290
1291 case 42: /* ACMD42: SET_CLR_CARD_DETECT */
1292 switch (sd->state) {
1293 case sd_transfer_state:
1294 /* Bringing in the 50KOhm pull-up resistor... Done. */
1295 return sd_r1;
1296
1297 default:
1298 break;
1299 }
1300 break;
1301
1302 case 51: /* ACMD51: SEND_SCR */
1303 switch (sd->state) {
1304 case sd_transfer_state:
1305 sd->state = sd_sendingdata_state;
1306 sd->data_start = 0;
1307 sd->data_offset = 0;
1308 return sd_r1;
1309
1310 default:
1311 break;
1312 }
1313 break;
1314
1315 default:
1316 /* Fall back to standard commands. */
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]1317 return sd_normal_command(sd, req);
1318 }
1319
balrog827df9f2008-04-14 21:05:22 +0000[diff] [blame]1320 fprintf(stderr, "SD: ACMD%i in a wrong state\n", req.cmd);
Peter Maydell5b08bfe2011-12-18 21:37:57 +0100[diff] [blame]1321 return sd_illegal;
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]1322}
1323
Peter Maydell25881d32011-12-18 21:37:51 +0100[diff] [blame]1324static int cmd_valid_while_locked(SDState *sd, SDRequest *req)
1325{
1326 /* Valid commands in locked state:
1327 * basic class (0)
1328 * lock card class (7)
1329 * CMD16
1330 * implicitly, the ACMD prefix CMD55
1331 * ACMD41 and ACMD42
1332 * Anything else provokes an "illegal command" response.
1333 */
Peter Maydell1d06cb72011-12-18 21:37:59 +0100[diff] [blame]1334 if (sd->expecting_acmd) {
Peter Maydell25881d32011-12-18 21:37:51 +0100[diff] [blame]1335 return req->cmd == 41 || req->cmd == 42;
1336 }
1337 if (req->cmd == 16 || req->cmd == 55) {
1338 return 1;
1339 }
1340 return sd_cmd_class[req->cmd] == 0 || sd_cmd_class[req->cmd] == 7;
1341}
1342
Paul Brookbc24a222009-05-10 01:44:56 +0100[diff] [blame]1343int sd_do_command(SDState *sd, SDRequest *req,
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]1344 uint8_t *response) {
Peter Maydell10a412d2011-12-18 21:37:58 +0100[diff] [blame]1345 int last_state;
Anthony Liguoric227f092009-10-01 16:12:16 -0500[diff] [blame]1346 sd_rsp_type_t rtype;
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]1347 int rsplen;
1348
Markus Armbruster4be74632014-10-07 13:59:18 +0200[diff] [blame]1349 if (!sd->blk || !blk_is_inserted(sd->blk) || !sd->enable) {
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]1350 return 0;
1351 }
1352
1353 if (sd_req_crc_validate(req)) {
Peter Maydellabda1f32011-12-18 21:37:53 +0100[diff] [blame]1354 sd->card_status |= COM_CRC_ERROR;
Peter Maydellb1f517e2011-12-18 21:37:56 +0100[diff] [blame]1355 rtype = sd_illegal;
1356 goto send_response;
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]1357 }
1358
Peter Maydell10a412d2011-12-18 21:37:58 +0100[diff] [blame]1359 if (sd->card_status & CARD_IS_LOCKED) {
Peter Maydell25881d32011-12-18 21:37:51 +0100[diff] [blame]1360 if (!cmd_valid_while_locked(sd, req)) {
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]1361 sd->card_status |= ILLEGAL_COMMAND;
Mitsyanko Igorbebd1272012-08-13 11:04:06 +0100[diff] [blame]1362 sd->expecting_acmd = false;
balrog827df9f2008-04-14 21:05:22 +0000[diff] [blame]1363 fprintf(stderr, "SD: Card is locked\n");
Peter Maydellb1f517e2011-12-18 21:37:56 +0100[diff] [blame]1364 rtype = sd_illegal;
1365 goto send_response;
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]1366 }
Peter Maydell25881d32011-12-18 21:37:51 +0100[diff] [blame]1367 }
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]1368
Peter Maydell10a412d2011-12-18 21:37:58 +0100[diff] [blame]1369 last_state = sd->state;
1370 sd_set_mode(sd);
1371
Peter Maydell1d06cb72011-12-18 21:37:59 +0100[diff] [blame]1372 if (sd->expecting_acmd) {
Mitsyanko Igorbebd1272012-08-13 11:04:06 +0100[diff] [blame]1373 sd->expecting_acmd = false;
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]1374 rtype = sd_app_command(sd, *req);
Peter Maydell1d06cb72011-12-18 21:37:59 +0100[diff] [blame]1375 } else {
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]1376 rtype = sd_normal_command(sd, *req);
Peter Maydell1d06cb72011-12-18 21:37:59 +0100[diff] [blame]1377 }
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]1378
Peter Maydell53bb8cc2011-12-18 21:37:55 +0100[diff] [blame]1379 if (rtype == sd_illegal) {
1380 sd->card_status |= ILLEGAL_COMMAND;
Peter Maydell10a412d2011-12-18 21:37:58 +0100[diff] [blame]1381 } else {
1382 /* Valid command, we can update the 'state before command' bits.
1383 * (Do this now so they appear in r1 responses.)
1384 */
1385 sd->current_cmd = req->cmd;
1386 sd->card_status &= ~CURRENT_STATE;
1387 sd->card_status |= (last_state << 9);
Peter Maydell53bb8cc2011-12-18 21:37:55 +0100[diff] [blame]1388 }
1389
Peter Maydellb1f517e2011-12-18 21:37:56 +0100[diff] [blame]1390send_response:
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]1391 switch (rtype) {
1392 case sd_r1:
1393 case sd_r1b:
Peter Maydell10a412d2011-12-18 21:37:58 +0100[diff] [blame]1394 sd_response_r1_make(sd, response);
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]1395 rsplen = 4;
1396 break;
1397
1398 case sd_r2_i:
1399 memcpy(response, sd->cid, sizeof(sd->cid));
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]1400 rsplen = 16;
1401 break;
1402
1403 case sd_r2_s:
1404 memcpy(response, sd->csd, sizeof(sd->csd));
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]1405 rsplen = 16;
1406 break;
1407
1408 case sd_r3:
1409 sd_response_r3_make(sd, response);
1410 rsplen = 4;
1411 break;
1412
1413 case sd_r6:
1414 sd_response_r6_make(sd, response);
1415 rsplen = 4;
1416 break;
1417
balrog1b088992007-12-24 14:41:39 +0000[diff] [blame]1418 case sd_r7:
1419 sd_response_r7_make(sd, response);
1420 rsplen = 4;
1421 break;
1422
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]1423 case sd_r0:
Peter Maydell53bb8cc2011-12-18 21:37:55 +0100[diff] [blame]1424 case sd_illegal:
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]1425 default:
1426 rsplen = 0;
1427 break;
1428 }
1429
Peter Maydell10a412d2011-12-18 21:37:58 +0100[diff] [blame]1430 if (rtype != sd_illegal) {
1431 /* Clear the "clear on valid command" status bits now we've
1432 * sent any response
1433 */
1434 sd->card_status &= ~CARD_STATUS_B;
1435 }
1436
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]1437#ifdef DEBUG_SD
1438 if (rsplen) {
1439 int i;
1440 DPRINTF("Response:");
1441 for (i = 0; i < rsplen; i++)
Peter Crosthwaite038d3d42012-11-15 16:32:53 +1000[diff] [blame]1442 fprintf(stderr, " %02x", response[i]);
1443 fprintf(stderr, " state %d\n", sd->state);
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]1444 } else {
1445 DPRINTF("No response %d\n", sd->state);
1446 }
1447#endif
1448
1449 return rsplen;
1450}
1451
Andrzej Zaborowski2d7adea2009-11-03 15:28:19 +0100[diff] [blame]1452static void sd_blk_read(SDState *sd, uint64_t addr, uint32_t len)
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]1453{
Andrzej Zaborowski2d7adea2009-11-03 15:28:19 +0100[diff] [blame]1454 uint64_t end = addr + len;
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]1455
Andrzej Zaborowski2d7adea2009-11-03 15:28:19 +0100[diff] [blame]1456 DPRINTF("sd_blk_read: addr = 0x%08llx, len = %d\n",
1457 (unsigned long long) addr, len);
Markus Armbruster4be74632014-10-07 13:59:18 +0200[diff] [blame]1458 if (!sd->blk || blk_read(sd->blk, addr >> 9, sd->buf, 1) < 0) {
balrog827df9f2008-04-14 21:05:22 +0000[diff] [blame]1459 fprintf(stderr, "sd_blk_read: read error on host side\n");
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]1460 return;
1461 }
1462
1463 if (end > (addr & ~511) + 512) {
balrog33f00272007-12-24 14:33:24 +0000[diff] [blame]1464 memcpy(sd->data, sd->buf + (addr & 511), 512 - (addr & 511));
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]1465
Markus Armbruster4be74632014-10-07 13:59:18 +0200[diff] [blame]1466 if (blk_read(sd->blk, end >> 9, sd->buf, 1) < 0) {
balrog827df9f2008-04-14 21:05:22 +0000[diff] [blame]1467 fprintf(stderr, "sd_blk_read: read error on host side\n");
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]1468 return;
1469 }
balrog33f00272007-12-24 14:33:24 +0000[diff] [blame]1470 memcpy(sd->data + 512 - (addr & 511), sd->buf, end & 511);
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]1471 } else
balrog33f00272007-12-24 14:33:24 +0000[diff] [blame]1472 memcpy(sd->data, sd->buf + (addr & 511), len);
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]1473}
1474
Andrzej Zaborowski2d7adea2009-11-03 15:28:19 +0100[diff] [blame]1475static void sd_blk_write(SDState *sd, uint64_t addr, uint32_t len)
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]1476{
Andrzej Zaborowski2d7adea2009-11-03 15:28:19 +0100[diff] [blame]1477 uint64_t end = addr + len;
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]1478
1479 if ((addr & 511) || len < 512)
Markus Armbruster4be74632014-10-07 13:59:18 +0200[diff] [blame]1480 if (!sd->blk || blk_read(sd->blk, addr >> 9, sd->buf, 1) < 0) {
balrog827df9f2008-04-14 21:05:22 +0000[diff] [blame]1481 fprintf(stderr, "sd_blk_write: read error on host side\n");
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]1482 return;
1483 }
1484
1485 if (end > (addr & ~511) + 512) {
balrog33f00272007-12-24 14:33:24 +0000[diff] [blame]1486 memcpy(sd->buf + (addr & 511), sd->data, 512 - (addr & 511));
Markus Armbruster4be74632014-10-07 13:59:18 +0200[diff] [blame]1487 if (blk_write(sd->blk, addr >> 9, sd->buf, 1) < 0) {
balrog827df9f2008-04-14 21:05:22 +0000[diff] [blame]1488 fprintf(stderr, "sd_blk_write: write error on host side\n");
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]1489 return;
1490 }
1491
Markus Armbruster4be74632014-10-07 13:59:18 +0200[diff] [blame]1492 if (blk_read(sd->blk, end >> 9, sd->buf, 1) < 0) {
balrog827df9f2008-04-14 21:05:22 +0000[diff] [blame]1493 fprintf(stderr, "sd_blk_write: read error on host side\n");
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]1494 return;
1495 }
balrog33f00272007-12-24 14:33:24 +0000[diff] [blame]1496 memcpy(sd->buf, sd->data + 512 - (addr & 511), end & 511);
Markus Armbruster4be74632014-10-07 13:59:18 +0200[diff] [blame]1497 if (blk_write(sd->blk, end >> 9, sd->buf, 1) < 0) {
balrog827df9f2008-04-14 21:05:22 +0000[diff] [blame]1498 fprintf(stderr, "sd_blk_write: write error on host side\n");
Stefan Weil7a608f52012-09-23 08:51:01 +0200[diff] [blame]1499 }
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]1500 } else {
balrog33f00272007-12-24 14:33:24 +0000[diff] [blame]1501 memcpy(sd->buf + (addr & 511), sd->data, len);
Markus Armbruster4be74632014-10-07 13:59:18 +0200[diff] [blame]1502 if (!sd->blk || blk_write(sd->blk, addr >> 9, sd->buf, 1) < 0) {
balrog827df9f2008-04-14 21:05:22 +0000[diff] [blame]1503 fprintf(stderr, "sd_blk_write: write error on host side\n");
Stefan Weil7a608f52012-09-23 08:51:01 +0200[diff] [blame]1504 }
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]1505 }
1506}
1507
balrog33f00272007-12-24 14:33:24 +0000[diff] [blame]1508#define BLK_READ_BLOCK(a, len) sd_blk_read(sd, a, len)
1509#define BLK_WRITE_BLOCK(a, len) sd_blk_write(sd, a, len)
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]1510#define APP_READ_BLOCK(a, len) memset(sd->data, 0xec, len)
1511#define APP_WRITE_BLOCK(a, len)
1512
1513void sd_write_data(SDState *sd, uint8_t value)
1514{
1515 int i;
1516
Markus Armbruster4be74632014-10-07 13:59:18 +0200[diff] [blame]1517 if (!sd->blk || !blk_is_inserted(sd->blk) || !sd->enable)
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]1518 return;
1519
1520 if (sd->state != sd_receivingdata_state) {
balrog827df9f2008-04-14 21:05:22 +0000[diff] [blame]1521 fprintf(stderr, "sd_write_data: not in Receiving-Data state\n");
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]1522 return;
1523 }
1524
1525 if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION))
1526 return;
1527
1528 switch (sd->current_cmd) {
1529 case 24: /* CMD24: WRITE_SINGLE_BLOCK */
1530 sd->data[sd->data_offset ++] = value;
1531 if (sd->data_offset >= sd->blk_len) {
1532 /* TODO: Check CRC before committing */
1533 sd->state = sd_programming_state;
1534 BLK_WRITE_BLOCK(sd->data_start, sd->data_offset);
1535 sd->blk_written ++;
1536 sd->csd[14] |= 0x40;
1537 /* Bzzzzzzztt .... Operation complete. */
1538 sd->state = sd_transfer_state;
1539 }
1540 break;
1541
1542 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
Dr. David Alan Gilbert33fa8232011-07-25 13:21:30 +0100[diff] [blame]1543 if (sd->data_offset == 0) {
Peter Maydelle03ba132013-04-09 12:48:19 +0100[diff] [blame]1544 /* Start of the block - let's check the address is valid */
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]1545 if (sd->data_start + sd->blk_len > sd->size) {
1546 sd->card_status |= ADDRESS_ERROR;
1547 break;
1548 }
1549 if (sd_wp_addr(sd, sd->data_start)) {
1550 sd->card_status |= WP_VIOLATION;
1551 break;
1552 }
Dr. David Alan Gilbert33fa8232011-07-25 13:21:30 +0100[diff] [blame]1553 }
1554 sd->data[sd->data_offset++] = value;
1555 if (sd->data_offset >= sd->blk_len) {
1556 /* TODO: Check CRC before committing */
1557 sd->state = sd_programming_state;
1558 BLK_WRITE_BLOCK(sd->data_start, sd->data_offset);
1559 sd->blk_written++;
1560 sd->data_start += sd->blk_len;
1561 sd->data_offset = 0;
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]1562 sd->csd[14] |= 0x40;
1563
1564 /* Bzzzzzzztt .... Operation complete. */
1565 sd->state = sd_receivingdata_state;
1566 }
1567 break;
1568
1569 case 26: /* CMD26: PROGRAM_CID */
1570 sd->data[sd->data_offset ++] = value;
1571 if (sd->data_offset >= sizeof(sd->cid)) {
1572 /* TODO: Check CRC before committing */
1573 sd->state = sd_programming_state;
1574 for (i = 0; i < sizeof(sd->cid); i ++)
1575 if ((sd->cid[i] | 0x00) != sd->data[i])
1576 sd->card_status |= CID_CSD_OVERWRITE;
1577
1578 if (!(sd->card_status & CID_CSD_OVERWRITE))
1579 for (i = 0; i < sizeof(sd->cid); i ++) {
1580 sd->cid[i] |= 0x00;
1581 sd->cid[i] &= sd->data[i];
1582 }
1583 /* Bzzzzzzztt .... Operation complete. */
1584 sd->state = sd_transfer_state;
1585 }
1586 break;
1587
1588 case 27: /* CMD27: PROGRAM_CSD */
1589 sd->data[sd->data_offset ++] = value;
1590 if (sd->data_offset >= sizeof(sd->csd)) {
1591 /* TODO: Check CRC before committing */
1592 sd->state = sd_programming_state;
1593 for (i = 0; i < sizeof(sd->csd); i ++)
1594 if ((sd->csd[i] | sd_csd_rw_mask[i]) !=
1595 (sd->data[i] | sd_csd_rw_mask[i]))
1596 sd->card_status |= CID_CSD_OVERWRITE;
1597
1598 /* Copy flag (OTP) & Permanent write protect */
1599 if (sd->csd[14] & ~sd->data[14] & 0x60)
1600 sd->card_status |= CID_CSD_OVERWRITE;
1601
1602 if (!(sd->card_status & CID_CSD_OVERWRITE))
1603 for (i = 0; i < sizeof(sd->csd); i ++) {
1604 sd->csd[i] |= sd_csd_rw_mask[i];
1605 sd->csd[i] &= sd->data[i];
1606 }
1607 /* Bzzzzzzztt .... Operation complete. */
1608 sd->state = sd_transfer_state;
1609 }
1610 break;
1611
1612 case 42: /* CMD42: LOCK_UNLOCK */
1613 sd->data[sd->data_offset ++] = value;
1614 if (sd->data_offset >= sd->blk_len) {
1615 /* TODO: Check CRC before committing */
1616 sd->state = sd_programming_state;
1617 sd_lock_command(sd);
1618 /* Bzzzzzzztt .... Operation complete. */
1619 sd->state = sd_transfer_state;
1620 }
1621 break;
1622
1623 case 56: /* CMD56: GEN_CMD */
1624 sd->data[sd->data_offset ++] = value;
1625 if (sd->data_offset >= sd->blk_len) {
1626 APP_WRITE_BLOCK(sd->data_start, sd->data_offset);
1627 sd->state = sd_transfer_state;
1628 }
1629 break;
1630
1631 default:
balrog827df9f2008-04-14 21:05:22 +0000[diff] [blame]1632 fprintf(stderr, "sd_write_data: unknown command\n");
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]1633 break;
1634 }
1635}
1636
1637uint8_t sd_read_data(SDState *sd)
1638{
1639 /* TODO: Append CRCs */
1640 uint8_t ret;
Andrzej Zaborowski2d7adea2009-11-03 15:28:19 +0100[diff] [blame]1641 int io_len;
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]1642
Markus Armbruster4be74632014-10-07 13:59:18 +0200[diff] [blame]1643 if (!sd->blk || !blk_is_inserted(sd->blk) || !sd->enable)
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]1644 return 0x00;
1645
1646 if (sd->state != sd_sendingdata_state) {
balrog827df9f2008-04-14 21:05:22 +0000[diff] [blame]1647 fprintf(stderr, "sd_read_data: not in Sending-Data state\n");
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]1648 return 0x00;
1649 }
1650
1651 if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION))
1652 return 0x00;
1653
Andrzej Zaborowski2d7adea2009-11-03 15:28:19 +0100[diff] [blame]1654 io_len = (sd->ocr & (1 << 30)) ? 512 : sd->blk_len;
1655
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]1656 switch (sd->current_cmd) {
1657 case 6: /* CMD6: SWITCH_FUNCTION */
1658 ret = sd->data[sd->data_offset ++];
1659
1660 if (sd->data_offset >= 64)
1661 sd->state = sd_transfer_state;
1662 break;
1663
pbrook775616c2007-11-24 23:35:08 +0000[diff] [blame]1664 case 9: /* CMD9: SEND_CSD */
1665 case 10: /* CMD10: SEND_CID */
1666 ret = sd->data[sd->data_offset ++];
1667
1668 if (sd->data_offset >= 16)
1669 sd->state = sd_transfer_state;
1670 break;
1671
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]1672 case 11: /* CMD11: READ_DAT_UNTIL_STOP */
1673 if (sd->data_offset == 0)
Andrzej Zaborowski2d7adea2009-11-03 15:28:19 +0100[diff] [blame]1674 BLK_READ_BLOCK(sd->data_start, io_len);
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]1675 ret = sd->data[sd->data_offset ++];
1676
Andrzej Zaborowski2d7adea2009-11-03 15:28:19 +0100[diff] [blame]1677 if (sd->data_offset >= io_len) {
1678 sd->data_start += io_len;
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]1679 sd->data_offset = 0;
Andrzej Zaborowski2d7adea2009-11-03 15:28:19 +0100[diff] [blame]1680 if (sd->data_start + io_len > sd->size) {
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]1681 sd->card_status |= ADDRESS_ERROR;
1682 break;
1683 }
1684 }
1685 break;
1686
1687 case 13: /* ACMD13: SD_STATUS */
1688 ret = sd->sd_status[sd->data_offset ++];
1689
1690 if (sd->data_offset >= sizeof(sd->sd_status))
1691 sd->state = sd_transfer_state;
1692 break;
1693
1694 case 17: /* CMD17: READ_SINGLE_BLOCK */
1695 if (sd->data_offset == 0)
Andrzej Zaborowski2d7adea2009-11-03 15:28:19 +0100[diff] [blame]1696 BLK_READ_BLOCK(sd->data_start, io_len);
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]1697 ret = sd->data[sd->data_offset ++];
1698
Andrzej Zaborowski2d7adea2009-11-03 15:28:19 +0100[diff] [blame]1699 if (sd->data_offset >= io_len)
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]1700 sd->state = sd_transfer_state;
1701 break;
1702
1703 case 18: /* CMD18: READ_MULTIPLE_BLOCK */
1704 if (sd->data_offset == 0)
Andrzej Zaborowski2d7adea2009-11-03 15:28:19 +0100[diff] [blame]1705 BLK_READ_BLOCK(sd->data_start, io_len);
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]1706 ret = sd->data[sd->data_offset ++];
1707
Andrzej Zaborowski2d7adea2009-11-03 15:28:19 +0100[diff] [blame]1708 if (sd->data_offset >= io_len) {
1709 sd->data_start += io_len;
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]1710 sd->data_offset = 0;
Andrzej Zaborowski2d7adea2009-11-03 15:28:19 +0100[diff] [blame]1711 if (sd->data_start + io_len > sd->size) {
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]1712 sd->card_status |= ADDRESS_ERROR;
1713 break;
1714 }
1715 }
1716 break;
1717
1718 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
1719 ret = sd->data[sd->data_offset ++];
1720
1721 if (sd->data_offset >= 4)
1722 sd->state = sd_transfer_state;
1723 break;
1724
1725 case 30: /* CMD30: SEND_WRITE_PROT */
1726 ret = sd->data[sd->data_offset ++];
1727
1728 if (sd->data_offset >= 4)
1729 sd->state = sd_transfer_state;
1730 break;
1731
1732 case 51: /* ACMD51: SEND_SCR */
1733 ret = sd->scr[sd->data_offset ++];
1734
1735 if (sd->data_offset >= sizeof(sd->scr))
1736 sd->state = sd_transfer_state;
1737 break;
1738
1739 case 56: /* CMD56: GEN_CMD */
1740 if (sd->data_offset == 0)
1741 APP_READ_BLOCK(sd->data_start, sd->blk_len);
1742 ret = sd->data[sd->data_offset ++];
1743
1744 if (sd->data_offset >= sd->blk_len)
1745 sd->state = sd_transfer_state;
1746 break;
1747
1748 default:
balrog827df9f2008-04-14 21:05:22 +0000[diff] [blame]1749 fprintf(stderr, "sd_read_data: unknown command\n");
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]1750 return 0x00;
1751 }
1752
1753 return ret;
1754}
1755
Mitsyanko Igor879bf4a2012-08-13 11:04:07 +0100[diff] [blame]1756bool sd_data_ready(SDState *sd)
pbrooka1bb27b2007-04-06 16:49:48 +0000[diff] [blame]1757{
1758 return sd->state == sd_sendingdata_state;
1759}
balrog827df9f2008-04-14 21:05:22 +0000[diff] [blame]1760
Mitsyanko Igorbebd1272012-08-13 11:04:06 +0100[diff] [blame]1761void sd_enable(SDState *sd, bool enable)
balrog827df9f2008-04-14 21:05:22 +0000[diff] [blame]1762{
1763 sd->enable = enable;
1764}