1 /*
2 * SD Memory Card emulation as defined in the "SD Memory Card Physical
3 * layer specification, Version 2.00."
4 *
5 * eMMC emulation defined in "JEDEC Standard No. 84-A43"
6 *
7 * Copyright (c) 2006 Andrzej Zaborowski <balrog@zabor.org>
8 * Copyright (c) 2007 CodeSourcery
9 * Copyright (c) 2018 Philippe Mathieu-Daudé <f4bug@amsat.org>
10 *
11 * Redistribution and use in source and binary forms, with or without
12 * modification, are permitted provided that the following conditions
13 * are met:
14 *
15 * 1. Redistributions of source code must retain the above copyright
16 * notice, this list of conditions and the following disclaimer.
17 * 2. Redistributions in binary form must reproduce the above copyright
18 * notice, this list of conditions and the following disclaimer in
19 * the documentation and/or other materials provided with the
20 * distribution.
21 *
22 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS''
23 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
24 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
25 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR
26 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
27 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
28 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
29 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
30 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
31 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
32 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
33 */
34
35 #include "qemu/osdep.h"
36 #include "qemu/units.h"
37 #include "qemu/cutils.h"
38 #include "hw/irq.h"
39 #include "hw/registerfields.h"
40 #include "sysemu/block-backend.h"
41 #include "hw/sd/sd.h"
42 #include "hw/sd/sdcard_legacy.h"
43 #include "migration/vmstate.h"
44 #include "qapi/error.h"
45 #include "qemu/bitmap.h"
46 #include "hw/qdev-properties.h"
47 #include "hw/qdev-properties-system.h"
48 #include "qemu/error-report.h"
49 #include "qemu/timer.h"
50 #include "qemu/log.h"
51 #include "qemu/guest-random.h"
52 #include "qemu/module.h"
53 #include "sdmmc-internal.h"
54 #include "trace.h"
55
56 //#define DEBUG_SD 1
57
58 #define SDSC_MAX_CAPACITY (2 * GiB)
59
60 #define INVALID_ADDRESS UINT32_MAX
61
62 typedef enum {
63 sd_r0 = 0, /* no response */
64 sd_r1, /* normal response command */
65 sd_r2_i, /* CID register */
66 sd_r2_s, /* CSD register */
67 sd_r3, /* OCR register */
68 sd_r6 = 6, /* Published RCA response */
69 sd_r7, /* Operating voltage */
70 sd_r1b = -1,
71 sd_illegal = -2,
72 } sd_rsp_type_t;
73
74 enum SDCardModes {
75 sd_inactive,
76 sd_card_identification_mode,
77 sd_data_transfer_mode,
78 };
79
80 enum SDCardStates {
81 sd_waitirq_state = -2, /* emmc */
82 sd_inactive_state = -1,
83
84 sd_idle_state = 0,
85 sd_ready_state = 1,
86 sd_identification_state = 2,
87 sd_standby_state = 3,
88 sd_transfer_state = 4,
89 sd_sendingdata_state = 5,
90 sd_receivingdata_state = 6,
91 sd_programming_state = 7,
92 sd_disconnect_state = 8,
93 sd_bus_test_state = 9, /* emmc */
94 sd_sleep_state = 10, /* emmc */
95 sd_io_state = 15 /* sd */
96 };
97
98 #define SDMMC_CMD_MAX 64
99
100 typedef sd_rsp_type_t (*sd_cmd_handler)(SDState *sd, SDRequest req);
101
102 typedef struct SDProto {
103 const char *name;
104 struct {
105 const unsigned class;
106 const sd_cmd_type_t type;
107 const char *name;
108 sd_cmd_handler handler;
109 } cmd[SDMMC_CMD_MAX], acmd[SDMMC_CMD_MAX];
110 } SDProto;
111
112 struct SDState {
113 DeviceState parent_obj;
114
115 /* If true, created by sd_init() for a non-qdevified caller */
116 /* TODO purge them with fire */
117 bool me_no_qdev_me_kill_mammoth_with_rocks;
118
119 /* SD Memory Card Registers */
120 uint32_t ocr;
121 uint8_t scr[8];
122 uint8_t cid[16];
123 uint8_t csd[16];
124 uint16_t rca;
125 uint32_t card_status;
126 uint8_t sd_status[64];
127 union {
128 uint8_t ext_csd[512];
129 struct {
130 uint8_t ext_csd_rw[192]; /* Modes segment */
131 uint8_t ext_csd_ro[320]; /* Properties segment */
132 };
133 };
134
135 /* Static properties */
136
137 uint8_t spec_version;
138 uint64_t boot_part_size;
139 BlockBackend *blk;
140 uint8_t boot_config;
141
142 const SDProto *proto;
143
144 /* Runtime changeables */
145
146 uint32_t mode; /* current card mode, one of SDCardModes */
147 int32_t state; /* current card state, one of SDCardStates */
148 uint32_t vhs;
149 bool wp_switch;
150 unsigned long *wp_group_bmap;
151 int32_t wp_group_bits;
152 uint64_t size;
153 uint32_t blk_len;
154 uint32_t multi_blk_cnt;
155 uint32_t erase_start;
156 uint32_t erase_end;
157 uint8_t pwd[16];
158 uint32_t pwd_len;
159 uint8_t function_group[6];
160 uint8_t current_cmd;
161 const char *last_cmd_name;
162 /* True if we will handle the next command as an ACMD. Note that this does
163 * *not* track the APP_CMD status bit!
164 */
165 bool expecting_acmd;
166 uint32_t blk_written;
167
168 uint64_t data_start;
169 uint32_t data_offset;
170 size_t data_size;
171 uint8_t data[512];
172 qemu_irq readonly_cb;
173 qemu_irq inserted_cb;
174 QEMUTimer *ocr_power_timer;
175 bool enable;
176 uint8_t dat_lines;
177 bool cmd_line;
178 };
179
180 static void sd_realize(DeviceState *dev, Error **errp);
181
182 static const SDProto sd_proto_spi;
183 static const SDProto sd_proto_emmc;
184
sd_is_spi(SDState * sd)185 static bool sd_is_spi(SDState *sd)
186 {
187 return sd->proto == &sd_proto_spi;
188 }
189
sd_is_emmc(SDState * sd)190 static bool sd_is_emmc(SDState *sd)
191 {
192 return sd->proto == &sd_proto_emmc;
193 }
194
sd_version_str(enum SDPhySpecificationVersion version)195 static const char *sd_version_str(enum SDPhySpecificationVersion version)
196 {
197 static const char *sdphy_version[] = {
198 [SD_PHY_SPECv1_10_VERS] = "v1.10",
199 [SD_PHY_SPECv2_00_VERS] = "v2.00",
200 [SD_PHY_SPECv3_01_VERS] = "v3.01",
201 };
202 if (version >= ARRAY_SIZE(sdphy_version)) {
203 return "unsupported version";
204 }
205 return sdphy_version[version];
206 }
207
sd_mode_name(enum SDCardModes mode)208 static const char *sd_mode_name(enum SDCardModes mode)
209 {
210 static const char *mode_name[] = {
211 [sd_inactive] = "inactive",
212 [sd_card_identification_mode] = "identification",
213 [sd_data_transfer_mode] = "transfer",
214 };
215 assert(mode < ARRAY_SIZE(mode_name));
216 return mode_name[mode];
217 }
218
sd_state_name(enum SDCardStates state)219 static const char *sd_state_name(enum SDCardStates state)
220 {
221 static const char *state_name[] = {
222 [sd_idle_state] = "idle",
223 [sd_ready_state] = "ready",
224 [sd_identification_state] = "identification",
225 [sd_standby_state] = "standby",
226 [sd_transfer_state] = "transfer",
227 [sd_sendingdata_state] = "sendingdata",
228 [sd_bus_test_state] = "bus-test",
229 [sd_receivingdata_state] = "receivingdata",
230 [sd_programming_state] = "programming",
231 [sd_disconnect_state] = "disconnect",
232 [sd_sleep_state] = "sleep",
233 [sd_io_state] = "i/o"
234 };
235 if (state == sd_inactive_state) {
236 return "inactive";
237 }
238 if (state == sd_waitirq_state) {
239 return "wait-irq";
240 }
241 assert(state < ARRAY_SIZE(state_name));
242 return state_name[state];
243 }
244
sd_response_name(sd_rsp_type_t rsp)245 static const char *sd_response_name(sd_rsp_type_t rsp)
246 {
247 static const char *response_name[] = {
248 [sd_r0] = "RESP#0 (no response)",
249 [sd_r1] = "RESP#1 (normal cmd)",
250 [sd_r2_i] = "RESP#2 (CID reg)",
251 [sd_r2_s] = "RESP#2 (CSD reg)",
252 [sd_r3] = "RESP#3 (OCR reg)",
253 [sd_r6] = "RESP#6 (RCA)",
254 [sd_r7] = "RESP#7 (operating voltage)",
255 };
256 if (rsp == sd_illegal) {
257 return "ILLEGAL RESP";
258 }
259 if (rsp == sd_r1b) {
260 rsp = sd_r1;
261 }
262 assert(rsp < ARRAY_SIZE(response_name));
263 return response_name[rsp];
264 }
265
sd_cmd_name(SDState * sd,uint8_t cmd)266 static const char *sd_cmd_name(SDState *sd, uint8_t cmd)
267 {
268 static const char *cmd_abbrev[SDMMC_CMD_MAX] = {
269 [18] = "READ_MULTIPLE_BLOCK",
270 [25] = "WRITE_MULTIPLE_BLOCK",
271 };
272 const SDProto *sdp = sd->proto;
273
274 if (sdp->cmd[cmd].handler) {
275 assert(!cmd_abbrev[cmd]);
276 return sdp->cmd[cmd].name;
277 }
278 return cmd_abbrev[cmd] ? cmd_abbrev[cmd] : "UNKNOWN_CMD";
279 }
280
sd_acmd_name(SDState * sd,uint8_t cmd)281 static const char *sd_acmd_name(SDState *sd, uint8_t cmd)
282 {
283 const SDProto *sdp = sd->proto;
284
285 if (sdp->acmd[cmd].handler) {
286 return sdp->acmd[cmd].name;
287 }
288
289 return "UNKNOWN_ACMD";
290 }
291
sd_get_dat_lines(SDState * sd)292 static uint8_t sd_get_dat_lines(SDState *sd)
293 {
294 return sd->enable ? sd->dat_lines : 0;
295 }
296
sd_get_cmd_line(SDState * sd)297 static bool sd_get_cmd_line(SDState *sd)
298 {
299 return sd->enable ? sd->cmd_line : false;
300 }
301
sd_set_voltage(SDState * sd,uint16_t millivolts)302 static void sd_set_voltage(SDState *sd, uint16_t millivolts)
303 {
304 trace_sdcard_set_voltage(millivolts);
305
306 switch (millivolts) {
307 case 3001 ... 3600: /* SD_VOLTAGE_3_3V */
308 case 2001 ... 3000: /* SD_VOLTAGE_3_0V */
309 break;
310 default:
311 qemu_log_mask(LOG_GUEST_ERROR, "SD card voltage not supported: %.3fV",
312 millivolts / 1000.f);
313 }
314 }
315
sd_set_mode(SDState * sd)316 static void sd_set_mode(SDState *sd)
317 {
318 switch (sd->state) {
319 case sd_inactive_state:
320 sd->mode = sd_inactive;
321 break;
322
323 case sd_idle_state:
324 case sd_ready_state:
325 case sd_identification_state:
326 sd->mode = sd_card_identification_mode;
327 break;
328
329 case sd_standby_state:
330 case sd_transfer_state:
331 case sd_sendingdata_state:
332 case sd_receivingdata_state:
333 case sd_programming_state:
334 case sd_disconnect_state:
335 sd->mode = sd_data_transfer_mode;
336 break;
337 }
338 }
339
sd_crc7(const void * message,size_t width)340 static uint8_t sd_crc7(const void *message, size_t width)
341 {
342 int i, bit;
343 uint8_t shift_reg = 0x00;
344 const uint8_t *msg = (const uint8_t *)message;
345
346 for (i = 0; i < width; i ++, msg ++)
347 for (bit = 7; bit >= 0; bit --) {
348 shift_reg <<= 1;
349 if ((shift_reg >> 7) ^ ((*msg >> bit) & 1))
350 shift_reg ^= 0x89;
351 }
352
353 return shift_reg;
354 }
355
356 /* Operation Conditions register */
357
358 #define OCR_POWER_DELAY_NS 500000 /* 0.5ms */
359
360 FIELD(OCR, VDD_VOLTAGE_WINDOW, 0, 24)
361 FIELD(OCR, VDD_VOLTAGE_WIN_LO, 0, 8)
362 FIELD(OCR, DUAL_VOLTAGE_CARD, 7, 1)
363 FIELD(OCR, VDD_VOLTAGE_WIN_HI, 8, 16)
364 FIELD(OCR, ACCEPT_SWITCH_1V8, 24, 1) /* Only UHS-I */
365 FIELD(OCR, UHS_II_CARD, 29, 1) /* Only UHS-II */
366 FIELD(OCR, CARD_CAPACITY, 30, 1) /* 0:SDSC, 1:SDHC/SDXC */
367 FIELD(OCR, CARD_POWER_UP, 31, 1)
368
369 #define ACMD41_ENQUIRY_MASK 0x00ffffff
370 #define ACMD41_R3_MASK (R_OCR_VDD_VOLTAGE_WIN_HI_MASK \
371 | R_OCR_ACCEPT_SWITCH_1V8_MASK \
372 | R_OCR_UHS_II_CARD_MASK \
373 | R_OCR_CARD_CAPACITY_MASK \
374 | R_OCR_CARD_POWER_UP_MASK)
375
sd_ocr_powerup(void * opaque)376 static void sd_ocr_powerup(void *opaque)
377 {
378 SDState *sd = opaque;
379
380 trace_sdcard_powerup();
381 assert(!FIELD_EX32(sd->ocr, OCR, CARD_POWER_UP));
382
383 /* card power-up OK */
384 sd->ocr = FIELD_DP32(sd->ocr, OCR, CARD_POWER_UP, 1);
385
386 if (sd->size > SDSC_MAX_CAPACITY) {
387 sd->ocr = FIELD_DP32(sd->ocr, OCR, CARD_CAPACITY, 1);
388 }
389 }
390
sd_set_ocr(SDState * sd)391 static void sd_set_ocr(SDState *sd)
392 {
393 /* All voltages OK */
394 sd->ocr = R_OCR_VDD_VOLTAGE_WIN_HI_MASK;
395
396 if (sd_is_spi(sd)) {
397 /*
398 * We don't need to emulate power up sequence in SPI-mode.
399 * Thus, the card's power up status bit should be set to 1 when reset.
400 * The card's capacity status bit should also be set if SD card size
401 * is larger than 2GB for SDHC support.
402 */
403 sd_ocr_powerup(sd);
404 }
405 }
406
407 /* SD Configuration register */
408
sd_set_scr(SDState * sd)409 static void sd_set_scr(SDState *sd)
410 {
411 sd->scr[0] = 0 << 4; /* SCR structure version 1.0 */
412 if (sd->spec_version == SD_PHY_SPECv1_10_VERS) {
413 sd->scr[0] |= 1; /* Spec Version 1.10 */
414 } else {
415 sd->scr[0] |= 2; /* Spec Version 2.00 or Version 3.0X */
416 }
417 sd->scr[1] = (2 << 4) /* SDSC Card (Security Version 1.01) */
418 | 0b0101; /* 1-bit or 4-bit width bus modes */
419 sd->scr[2] = 0x00; /* Extended Security is not supported. */
420 if (sd->spec_version >= SD_PHY_SPECv3_01_VERS) {
421 sd->scr[2] |= 1 << 7; /* Spec Version 3.0X */
422 }
423 sd->scr[3] = 0x00;
424 /* reserved for manufacturer usage */
425 sd->scr[4] = 0x00;
426 sd->scr[5] = 0x00;
427 sd->scr[6] = 0x00;
428 sd->scr[7] = 0x00;
429 }
430
431 /* Card IDentification register */
432
433 #define MID 0xaa
434 #define OID "XY"
435 #define PNM "QEMU!"
436 #define PRV 0x01
437 #define MDT_YR 2006
438 #define MDT_MON 2
439
sd_set_cid(SDState * sd)440 static void sd_set_cid(SDState *sd)
441 {
442 sd->cid[0] = MID; /* Fake card manufacturer ID (MID) */
443 sd->cid[1] = OID[0]; /* OEM/Application ID (OID) */
444 sd->cid[2] = OID[1];
445 sd->cid[3] = PNM[0]; /* Fake product name (PNM) */
446 sd->cid[4] = PNM[1];
447 sd->cid[5] = PNM[2];
448 sd->cid[6] = PNM[3];
449 sd->cid[7] = PNM[4];
450 sd->cid[8] = PRV; /* Fake product revision (PRV) */
451 stl_be_p(&sd->cid[9], 0xdeadbeef); /* Fake serial number (PSN) */
452 sd->cid[13] = 0x00 | /* Manufacture date (MDT) */
453 ((MDT_YR - 2000) / 10);
454 sd->cid[14] = ((MDT_YR % 10) << 4) | MDT_MON;
455 sd->cid[15] = (sd_crc7(sd->cid, 15) << 1) | 1;
456 }
457
emmc_set_cid(SDState * sd)458 static void emmc_set_cid(SDState *sd)
459 {
460 sd->cid[0] = MID; /* Fake card manufacturer ID (MID) */
461 sd->cid[1] = 0b01; /* CBX: soldered BGA */
462 sd->cid[2] = OID[0]; /* OEM/Application ID (OID) */
463 sd->cid[3] = PNM[0]; /* Fake product name (PNM) */
464 sd->cid[4] = PNM[1];
465 sd->cid[5] = PNM[2];
466 sd->cid[6] = PNM[3];
467 sd->cid[7] = PNM[4];
468 sd->cid[8] = PNM[4];
469 sd->cid[9] = PRV; /* Fake product revision (PRV) */
470 stl_be_p(&sd->cid[10], 0xdeadbeef); /* Fake serial number (PSN) */
471 sd->cid[14] = (MDT_MON << 4) | (MDT_YR - 1997); /* Manufacture date (MDT) */
472 sd->cid[15] = (sd_crc7(sd->cid, 15) << 1) | 1;
473 }
474
475 /* Card-Specific Data register */
476
477 #define HWBLOCK_SHIFT 9 /* 512 bytes */
478 #define SECTOR_SHIFT 5 /* 16 kilobytes */
479 #define WPGROUP_SHIFT 7 /* 2 megs */
480 #define CMULT_SHIFT 9 /* 512 times HWBLOCK_SIZE */
481 #define WPGROUP_SIZE (1 << (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT))
482
483 static const uint8_t sd_csd_rw_mask[16] = {
484 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
485 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xfc, 0xfe,
486 };
487
emmc_set_ext_csd(SDState * sd,uint64_t size)488 static void emmc_set_ext_csd(SDState *sd, uint64_t size)
489 {
490 uint32_t sectcount = size >> HWBLOCK_SHIFT;
491
492 memset(sd->ext_csd, 0, sizeof(sd->ext_csd)); /* FIXME only RW at reset */
493
494 /* Properties segment (RO) */
495 sd->ext_csd[EXT_CSD_S_CMD_SET] = 0b1; /* supported command sets */
496 sd->ext_csd[EXT_CSD_BOOT_INFO] = 0x0; /* Boot information */
497 /* Boot partition size. 128KB unit */
498 sd->ext_csd[EXT_CSD_BOOT_MULT] = sd->boot_part_size / (128 * KiB);
499 sd->ext_csd[EXT_CSD_ACC_SIZE] = 0x1; /* Access size */
500 sd->ext_csd[EXT_CSD_HC_ERASE_GRP_SIZE] = 0x01; /* HC Erase unit size */
501 sd->ext_csd[EXT_CSD_ERASE_TIMEOUT_MULT] = 0x01; /* HC erase timeout */
502 sd->ext_csd[EXT_CSD_REL_WR_SEC_C] = 0x1; /* Reliable write sector count */
503 sd->ext_csd[EXT_CSD_HC_WP_GRP_SIZE] = 0x01; /* HC write protect group size */
504 sd->ext_csd[EXT_CSD_S_C_VCC] = 0x01; /* Sleep current VCC */
505 sd->ext_csd[EXT_CSD_S_C_VCCQ] = 0x01; /* Sleep current VCCQ */
506 sd->ext_csd[EXT_CSD_S_A_TIMEOUT] = 0x01; /* Sleep/Awake timeout */
507 stl_le_p(&sd->ext_csd[EXT_CSD_SEC_CNT], sectcount); /* Sector count */
508 sd->ext_csd[210] = 0x46; /* Min write perf for 8bit@52Mhz */
509 sd->ext_csd[209] = 0x46; /* Min read perf for 8bit@52Mhz */
510 sd->ext_csd[208] = 0x46; /* Min write perf for 4bit@52Mhz */
511 sd->ext_csd[207] = 0x46; /* Min read perf for 4bit@52Mhz */
512 sd->ext_csd[206] = 0x46; /* Min write perf for 4bit@26Mhz */
513 sd->ext_csd[205] = 0x46; /* Min read perf for 4bit@26Mhz */
514 sd->ext_csd[EXT_CSD_CARD_TYPE] = 0b11;
515 sd->ext_csd[EXT_CSD_STRUCTURE] = 2;
516 sd->ext_csd[EXT_CSD_REV] = 3;
517
518 /* Mode segment (RW) */
519 sd->ext_csd[EXT_CSD_PART_CONFIG] = sd->boot_config;
520 }
521
emmc_set_csd(SDState * sd,uint64_t size)522 static void emmc_set_csd(SDState *sd, uint64_t size)
523 {
524 int hwblock_shift = HWBLOCK_SHIFT;
525 uint32_t sectsize = (1 << (SECTOR_SHIFT + 1)) - 1;
526 uint32_t wpsize = (1 << (WPGROUP_SHIFT + 1)) - 1;
527
528 sd->csd[0] = (3 << 6) | (4 << 2); /* Spec v4.3 with EXT_CSD */
529 sd->csd[1] = (1 << 3) | 6; /* Asynchronous data access time: 1ms */
530 sd->csd[2] = 0x00;
531 sd->csd[3] = (1 << 3) | 3;; /* Maximum bus clock frequency: 100MHz */
532 sd->csd[4] = 0x0f;
533 if (size <= 2 * GiB) {
534 /* use 1k blocks */
535 uint32_t csize1k = (size >> (CMULT_SHIFT + 10)) - 1;
536 sd->csd[5] = 0x5a;
537 sd->csd[6] = 0x80 | ((csize1k >> 10) & 0xf);
538 sd->csd[7] = (csize1k >> 2) & 0xff;
539 } else { /* >= 2GB : size stored in ext CSD, block addressing */
540 sd->csd[5] = 0x59;
541 sd->csd[6] = 0x8f;
542 sd->csd[7] = 0xff;
543 sd->ocr = FIELD_DP32(sd->ocr, OCR, CARD_CAPACITY, 1);
544 }
545 sd->csd[8] = 0xff;
546 sd->csd[9] = 0xfc | /* Max. write current */
547 ((CMULT_SHIFT - 2) >> 1);
548 sd->csd[10] = 0x40 | /* Erase sector size */
549 (((CMULT_SHIFT - 2) << 7) & 0x80) | (sectsize >> 1);
550 sd->csd[11] = 0x00 | /* Write protect group size */
551 ((sectsize << 7) & 0x80) | wpsize;
552 sd->csd[12] = 0x90 | /* Write speed factor */
553 (hwblock_shift >> 2);
554 sd->csd[13] = 0x20 | /* Max. write data block length */
555 ((hwblock_shift << 6) & 0xc0);
556 sd->csd[14] = 0x00;
557 sd->csd[15] = (sd_crc7(sd->csd, 15) << 1) | 1;
558 emmc_set_ext_csd(sd, size);
559 }
560
sd_set_csd(SDState * sd,uint64_t size)561 static void sd_set_csd(SDState *sd, uint64_t size)
562 {
563 int hwblock_shift = HWBLOCK_SHIFT;
564 uint32_t csize;
565 uint32_t sectsize = (1 << (SECTOR_SHIFT + 1)) - 1;
566 uint32_t wpsize = (1 << (WPGROUP_SHIFT + 1)) - 1;
567
568 /* To indicate 2 GiB card, BLOCK_LEN shall be 1024 bytes */
569 if (size == SDSC_MAX_CAPACITY) {
570 hwblock_shift += 1;
571 }
572 csize = (size >> (CMULT_SHIFT + hwblock_shift)) - 1;
573
574 if (size <= SDSC_MAX_CAPACITY) { /* Standard Capacity SD */
575 sd->csd[0] = 0x00; /* CSD structure */
576 sd->csd[1] = 0x26; /* Data read access-time-1 */
577 sd->csd[2] = 0x00; /* Data read access-time-2 */
578 sd->csd[3] = 0x32; /* Max. data transfer rate: 25 MHz */
579 sd->csd[4] = 0x5f; /* Card Command Classes */
580 sd->csd[5] = 0x50 | /* Max. read data block length */
581 hwblock_shift;
582 sd->csd[6] = 0xe0 | /* Partial block for read allowed */
583 ((csize >> 10) & 0x03);
584 sd->csd[7] = 0x00 | /* Device size */
585 ((csize >> 2) & 0xff);
586 sd->csd[8] = 0x3f | /* Max. read current */
587 ((csize << 6) & 0xc0);
588 sd->csd[9] = 0xfc | /* Max. write current */
589 ((CMULT_SHIFT - 2) >> 1);
590 sd->csd[10] = 0x40 | /* Erase sector size */
591 (((CMULT_SHIFT - 2) << 7) & 0x80) | (sectsize >> 1);
592 sd->csd[11] = 0x00 | /* Write protect group size */
593 ((sectsize << 7) & 0x80) | wpsize;
594 sd->csd[12] = 0x90 | /* Write speed factor */
595 (hwblock_shift >> 2);
596 sd->csd[13] = 0x20 | /* Max. write data block length */
597 ((hwblock_shift << 6) & 0xc0);
598 sd->csd[14] = 0x00; /* File format group */
599 } else { /* SDHC */
600 size /= 512 * KiB;
601 size -= 1;
602 sd->csd[0] = 0x40;
603 sd->csd[1] = 0x0e;
604 sd->csd[2] = 0x00;
605 sd->csd[3] = 0x32;
606 sd->csd[4] = 0x5b;
607 sd->csd[5] = 0x59;
608 sd->csd[6] = 0x00;
609 st24_be_p(&sd->csd[7], size);
610 sd->csd[10] = 0x7f;
611 sd->csd[11] = 0x80;
612 sd->csd[12] = 0x0a;
613 sd->csd[13] = 0x40;
614 sd->csd[14] = 0x00;
615 }
616 sd->csd[15] = (sd_crc7(sd->csd, 15) << 1) | 1;
617 }
618
619 /* Relative Card Address register */
620
sd_set_rca(SDState * sd,uint16_t value)621 static void sd_set_rca(SDState *sd, uint16_t value)
622 {
623 trace_sdcard_set_rca(value);
624 sd->rca = value;
625 }
626
sd_req_get_rca(SDState * s,SDRequest req)627 static uint16_t sd_req_get_rca(SDState *s, SDRequest req)
628 {
629 switch (s->proto->cmd[req.cmd].type) {
630 case sd_ac:
631 case sd_adtc:
632 return req.arg >> 16;
633 case sd_spi:
634 default:
635 g_assert_not_reached();
636 }
637 }
638
sd_req_rca_same(SDState * s,SDRequest req)639 static bool sd_req_rca_same(SDState *s, SDRequest req)
640 {
641 return sd_req_get_rca(s, req) == s->rca;
642 }
643
644 /* Card Status register */
645
646 FIELD(CSR, AKE_SEQ_ERROR, 3, 1)
647 FIELD(CSR, APP_CMD, 5, 1)
648 FIELD(CSR, FX_EVENT, 6, 1)
649 FIELD(CSR, SWITCH_ERROR, 7, 1)
650 FIELD(CSR, READY_FOR_DATA, 8, 1)
651 FIELD(CSR, CURRENT_STATE, 9, 4)
652 FIELD(CSR, ERASE_RESET, 13, 1)
653 FIELD(CSR, CARD_ECC_DISABLED, 14, 1)
654 FIELD(CSR, WP_ERASE_SKIP, 15, 1)
655 FIELD(CSR, CSD_OVERWRITE, 16, 1)
656 FIELD(CSR, DEFERRED_RESPONSE, 17, 1)
657 FIELD(CSR, ERROR, 19, 1)
658 FIELD(CSR, CC_ERROR, 20, 1)
659 FIELD(CSR, CARD_ECC_FAILED, 21, 1)
660 FIELD(CSR, ILLEGAL_COMMAND, 22, 1)
661 FIELD(CSR, COM_CRC_ERROR, 23, 1)
662 FIELD(CSR, LOCK_UNLOCK_FAILED, 24, 1)
663 FIELD(CSR, CARD_IS_LOCKED, 25, 1)
664 FIELD(CSR, WP_VIOLATION, 26, 1)
665 FIELD(CSR, ERASE_PARAM, 27, 1)
666 FIELD(CSR, ERASE_SEQ_ERROR, 28, 1)
667 FIELD(CSR, BLOCK_LEN_ERROR, 29, 1)
668 FIELD(CSR, ADDRESS_ERROR, 30, 1)
669 FIELD(CSR, OUT_OF_RANGE, 31, 1)
670
671 /* Card status bits, split by clear condition:
672 * A : According to the card current state
673 * B : Always related to the previous command
674 * C : Cleared by read
675 */
676 #define CARD_STATUS_A (R_CSR_READY_FOR_DATA_MASK \
677 | R_CSR_CARD_ECC_DISABLED_MASK \
678 | R_CSR_CARD_IS_LOCKED_MASK)
679 #define CARD_STATUS_B (R_CSR_CURRENT_STATE_MASK \
680 | R_CSR_ILLEGAL_COMMAND_MASK \
681 | R_CSR_COM_CRC_ERROR_MASK)
682 #define CARD_STATUS_C (R_CSR_AKE_SEQ_ERROR_MASK \
683 | R_CSR_APP_CMD_MASK \
684 | R_CSR_ERASE_RESET_MASK \
685 | R_CSR_WP_ERASE_SKIP_MASK \
686 | R_CSR_CSD_OVERWRITE_MASK \
687 | R_CSR_ERROR_MASK \
688 | R_CSR_CC_ERROR_MASK \
689 | R_CSR_CARD_ECC_FAILED_MASK \
690 | R_CSR_LOCK_UNLOCK_FAILED_MASK \
691 | R_CSR_WP_VIOLATION_MASK \
692 | R_CSR_ERASE_PARAM_MASK \
693 | R_CSR_ERASE_SEQ_ERROR_MASK \
694 | R_CSR_BLOCK_LEN_ERROR_MASK \
695 | R_CSR_ADDRESS_ERROR_MASK \
696 | R_CSR_OUT_OF_RANGE_MASK)
697
sd_set_cardstatus(SDState * sd)698 static void sd_set_cardstatus(SDState *sd)
699 {
700 sd->card_status = READY_FOR_DATA;
701 }
702
sd_set_sdstatus(SDState * sd)703 static void sd_set_sdstatus(SDState *sd)
704 {
705 memset(sd->sd_status, 0, 64);
706 }
707
708 static const uint8_t sd_tuning_block_pattern4[64] = {
709 /*
710 * See: Physical Layer Simplified Specification Version 3.01,
711 * Table 4-2.
712 */
713 0xff, 0x0f, 0xff, 0x00, 0x0f, 0xfc, 0xc3, 0xcc,
714 0xc3, 0x3c, 0xcc, 0xff, 0xfe, 0xff, 0xfe, 0xef,
715 0xff, 0xdf, 0xff, 0xdd, 0xff, 0xfb, 0xff, 0xfb,
716 0xbf, 0xff, 0x7f, 0xff, 0x77, 0xf7, 0xbd, 0xef,
717 0xff, 0xf0, 0xff, 0xf0, 0x0f, 0xfc, 0xcc, 0x3c,
718 0xcc, 0x33, 0xcc, 0xcf, 0xff, 0xef, 0xff, 0xee,
719 0xff, 0xfd, 0xff, 0xfd, 0xdf, 0xff, 0xbf, 0xff,
720 0xbb, 0xff, 0xf7, 0xff, 0xf7, 0x7f, 0x7b, 0xde
721 };
722
sd_req_crc_validate(SDRequest * req)723 static int sd_req_crc_validate(SDRequest *req)
724 {
725 uint8_t buffer[5];
726 buffer[0] = 0x40 | req->cmd;
727 stl_be_p(&buffer[1], req->arg);
728 return 0;
729 return sd_crc7(buffer, 5) != req->crc; /* TODO */
730 }
731
sd_response_r1_make(SDState * sd,uint8_t * response)732 static void sd_response_r1_make(SDState *sd, uint8_t *response)
733 {
734 stl_be_p(response, sd->card_status);
735
736 /* Clear the "clear on read" status bits */
737 sd->card_status &= ~CARD_STATUS_C;
738 }
739
sd_response_r3_make(SDState * sd,uint8_t * response)740 static void sd_response_r3_make(SDState *sd, uint8_t *response)
741 {
742 stl_be_p(response, sd->ocr & ACMD41_R3_MASK);
743 }
744
sd_response_r6_make(SDState * sd,uint8_t * response)745 static void sd_response_r6_make(SDState *sd, uint8_t *response)
746 {
747 uint16_t status;
748
749 status = ((sd->card_status >> 8) & 0xc000) |
750 ((sd->card_status >> 6) & 0x2000) |
751 (sd->card_status & 0x1fff);
752 sd->card_status &= ~(CARD_STATUS_C & 0xc81fff);
753 stw_be_p(response + 0, sd->rca);
754 stw_be_p(response + 2, status);
755 }
756
sd_response_r7_make(SDState * sd,uint8_t * response)757 static void sd_response_r7_make(SDState *sd, uint8_t *response)
758 {
759 stl_be_p(response, sd->vhs);
760 }
761
sd_blk_len(SDState * sd)762 static uint32_t sd_blk_len(SDState *sd)
763 {
764 if (FIELD_EX32(sd->ocr, OCR, CARD_CAPACITY)) {
765 return 1 << HWBLOCK_SHIFT;
766 }
767 return sd->blk_len;
768 }
769
770 /*
771 * This requires a disk image that has two boot partitions inserted at the
772 * beginning of it. The size of the boot partitions is the "boot-size"
773 * property.
774 */
sd_bootpart_offset(SDState * sd)775 static uint32_t sd_bootpart_offset(SDState *sd)
776 {
777 bool partitions_enabled;
778 unsigned partition_access;
779
780 if (!sd->boot_part_size || !sd_is_emmc(sd)) {
781 return 0;
782 }
783
784 partitions_enabled = sd->ext_csd[EXT_CSD_PART_CONFIG]
785 & EXT_CSD_PART_CONFIG_EN_MASK;
786 if (!partitions_enabled) {
787 return 0;
788 }
789
790 partition_access = sd->ext_csd[EXT_CSD_PART_CONFIG]
791 & EXT_CSD_PART_CONFIG_ACC_MASK;
792 switch (partition_access) {
793 case EXT_CSD_PART_CONFIG_ACC_DEFAULT:
794 return sd->boot_part_size * 2;
795 case EXT_CSD_PART_CONFIG_ACC_BOOT0:
796 return 0;
797 case EXT_CSD_PART_CONFIG_ACC_BOOT0 + 1:
798 return sd->boot_part_size * 1;
799 default:
800 g_assert_not_reached();
801 }
802 }
803
sd_req_get_address(SDState * sd,SDRequest req)804 static uint64_t sd_req_get_address(SDState *sd, SDRequest req)
805 {
806 uint64_t addr;
807
808 if (FIELD_EX32(sd->ocr, OCR, CARD_CAPACITY)) {
809 addr = (uint64_t) req.arg << HWBLOCK_SHIFT;
810 } else {
811 addr = req.arg;
812 }
813 trace_sdcard_req_addr(req.arg, addr);
814 return addr;
815 }
816
sd_addr_to_wpnum(uint64_t addr)817 static inline uint64_t sd_addr_to_wpnum(uint64_t addr)
818 {
819 return addr >> (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT);
820 }
821
sd_reset(DeviceState * dev)822 static void sd_reset(DeviceState *dev)
823 {
824 SDState *sd = SDMMC_COMMON(dev);
825 SDCardClass *sc = SDMMC_COMMON_GET_CLASS(sd);
826 uint64_t size;
827 uint64_t sect;
828
829 trace_sdcard_reset();
830 if (sd->blk) {
831 blk_get_geometry(sd->blk, §);
832 } else {
833 sect = 0;
834 }
835 size = sect << HWBLOCK_SHIFT;
836 size -= sd_bootpart_offset(sd);
837
838 sect = sd_addr_to_wpnum(size) + 1;
839
840 sd->state = sd_idle_state;
841
842 /* card registers */
843 sd->rca = sd_is_emmc(sd) ? 0x0001 : 0x0000;
844 sd->size = size;
845 sd_set_ocr(sd);
846 sd_set_scr(sd);
847 sc->set_cid(sd);
848 sc->set_csd(sd, size);
849 sd_set_cardstatus(sd);
850 sd_set_sdstatus(sd);
851
852 g_free(sd->wp_group_bmap);
853 sd->wp_switch = sd->blk ? !blk_is_writable(sd->blk) : false;
854 sd->wp_group_bits = sect;
855 sd->wp_group_bmap = bitmap_new(sd->wp_group_bits);
856 memset(sd->function_group, 0, sizeof(sd->function_group));
857 sd->erase_start = INVALID_ADDRESS;
858 sd->erase_end = INVALID_ADDRESS;
859 sd->blk_len = 0x200;
860 sd->pwd_len = 0;
861 sd->expecting_acmd = false;
862 sd->dat_lines = 0xf;
863 sd->cmd_line = true;
864 sd->multi_blk_cnt = 0;
865 }
866
sd_get_inserted(SDState * sd)867 static bool sd_get_inserted(SDState *sd)
868 {
869 return sd->blk && blk_is_inserted(sd->blk);
870 }
871
sd_get_readonly(SDState * sd)872 static bool sd_get_readonly(SDState *sd)
873 {
874 return sd->wp_switch;
875 }
876
sd_cardchange(void * opaque,bool load,Error ** errp)877 static void sd_cardchange(void *opaque, bool load, Error **errp)
878 {
879 SDState *sd = opaque;
880 DeviceState *dev = DEVICE(sd);
881 SDBus *sdbus;
882 bool inserted = sd_get_inserted(sd);
883 bool readonly = sd_get_readonly(sd);
884
885 if (inserted) {
886 trace_sdcard_inserted(readonly);
887 sd_reset(dev);
888 } else {
889 trace_sdcard_ejected();
890 }
891
892 if (sd->me_no_qdev_me_kill_mammoth_with_rocks) {
893 qemu_set_irq(sd->inserted_cb, inserted);
894 if (inserted) {
895 qemu_set_irq(sd->readonly_cb, readonly);
896 }
897 } else {
898 sdbus = SD_BUS(qdev_get_parent_bus(dev));
899 sdbus_set_inserted(sdbus, inserted);
900 if (inserted) {
901 sdbus_set_readonly(sdbus, readonly);
902 }
903 }
904 }
905
906 static const BlockDevOps sd_block_ops = {
907 .change_media_cb = sd_cardchange,
908 };
909
sd_ocr_vmstate_needed(void * opaque)910 static bool sd_ocr_vmstate_needed(void *opaque)
911 {
912 SDState *sd = opaque;
913
914 /* Include the OCR state (and timer) if it is not yet powered up */
915 return !FIELD_EX32(sd->ocr, OCR, CARD_POWER_UP);
916 }
917
918 static const VMStateDescription sd_ocr_vmstate = {
919 .name = "sd-card/ocr-state",
920 .version_id = 1,
921 .minimum_version_id = 1,
922 .needed = sd_ocr_vmstate_needed,
923 .fields = (const VMStateField[]) {
924 VMSTATE_UINT32(ocr, SDState),
925 VMSTATE_TIMER_PTR(ocr_power_timer, SDState),
926 VMSTATE_END_OF_LIST()
927 },
928 };
929
vmstate_needed_for_emmc(void * opaque)930 static bool vmstate_needed_for_emmc(void *opaque)
931 {
932 SDState *sd = opaque;
933
934 return sd_is_emmc(sd);
935 }
936
937 static const VMStateDescription emmc_extcsd_vmstate = {
938 .name = "sd-card/ext_csd_modes-state",
939 .version_id = 1,
940 .minimum_version_id = 1,
941 .needed = vmstate_needed_for_emmc,
942 .fields = (const VMStateField[]) {
943 VMSTATE_UINT8_ARRAY(ext_csd_rw, SDState, 192),
944 VMSTATE_END_OF_LIST()
945 },
946 };
947
sd_vmstate_pre_load(void * opaque)948 static int sd_vmstate_pre_load(void *opaque)
949 {
950 SDState *sd = opaque;
951
952 /* If the OCR state is not included (prior versions, or not
953 * needed), then the OCR must be set as powered up. If the OCR state
954 * is included, this will be replaced by the state restore.
955 */
956 sd_ocr_powerup(sd);
957
958 return 0;
959 }
960
961 static const VMStateDescription sd_vmstate = {
962 .name = "sd-card",
963 .version_id = 2,
964 .minimum_version_id = 2,
965 .pre_load = sd_vmstate_pre_load,
966 .fields = (const VMStateField[]) {
967 VMSTATE_UINT32(mode, SDState),
968 VMSTATE_INT32(state, SDState),
969 VMSTATE_UINT8_ARRAY(cid, SDState, 16),
970 VMSTATE_UINT8_ARRAY(csd, SDState, 16),
971 VMSTATE_UINT16(rca, SDState),
972 VMSTATE_UINT32(card_status, SDState),
973 VMSTATE_PARTIAL_BUFFER(sd_status, SDState, 1),
974 VMSTATE_UINT32(vhs, SDState),
975 VMSTATE_BITMAP(wp_group_bmap, SDState, 0, wp_group_bits),
976 VMSTATE_UINT32(blk_len, SDState),
977 VMSTATE_UINT32(multi_blk_cnt, SDState),
978 VMSTATE_UINT32(erase_start, SDState),
979 VMSTATE_UINT32(erase_end, SDState),
980 VMSTATE_UINT8_ARRAY(pwd, SDState, 16),
981 VMSTATE_UINT32(pwd_len, SDState),
982 VMSTATE_UINT8_ARRAY(function_group, SDState, 6),
983 VMSTATE_UINT8(current_cmd, SDState),
984 VMSTATE_BOOL(expecting_acmd, SDState),
985 VMSTATE_UINT32(blk_written, SDState),
986 VMSTATE_UINT64(data_start, SDState),
987 VMSTATE_UINT32(data_offset, SDState),
988 VMSTATE_UINT8_ARRAY(data, SDState, 512),
989 VMSTATE_UNUSED_V(1, 512),
990 VMSTATE_BOOL(enable, SDState),
991 VMSTATE_END_OF_LIST()
992 },
993 .subsections = (const VMStateDescription * const []) {
994 &sd_ocr_vmstate,
995 &emmc_extcsd_vmstate,
996 NULL
997 },
998 };
999
1000 /* Legacy initialization function for use by non-qdevified callers */
sd_init(BlockBackend * blk,bool is_spi)1001 SDState *sd_init(BlockBackend *blk, bool is_spi)
1002 {
1003 Object *obj;
1004 DeviceState *dev;
1005 SDState *sd;
1006 Error *err = NULL;
1007
1008 obj = object_new(is_spi ? TYPE_SD_CARD_SPI : TYPE_SD_CARD);
1009 dev = DEVICE(obj);
1010 if (!qdev_prop_set_drive_err(dev, "drive", blk, &err)) {
1011 error_reportf_err(err, "sd_init failed: ");
1012 return NULL;
1013 }
1014
1015 /*
1016 * Realizing the device properly would put it into the QOM
1017 * composition tree even though it is not plugged into an
1018 * appropriate bus. That's a no-no. Hide the device from
1019 * QOM/qdev, and call its qdev realize callback directly.
1020 */
1021 object_ref(obj);
1022 object_unparent(obj);
1023 sd_realize(dev, &err);
1024 if (err) {
1025 error_reportf_err(err, "sd_init failed: ");
1026 return NULL;
1027 }
1028
1029 sd = SD_CARD(dev);
1030 sd->me_no_qdev_me_kill_mammoth_with_rocks = true;
1031 return sd;
1032 }
1033
sd_set_cb(SDState * sd,qemu_irq readonly,qemu_irq insert)1034 void sd_set_cb(SDState *sd, qemu_irq readonly, qemu_irq insert)
1035 {
1036 sd->readonly_cb = readonly;
1037 sd->inserted_cb = insert;
1038 qemu_set_irq(readonly, sd->blk ? !blk_is_writable(sd->blk) : 0);
1039 qemu_set_irq(insert, sd->blk ? blk_is_inserted(sd->blk) : 0);
1040 }
1041
sd_blk_read(SDState * sd,uint64_t addr,uint32_t len)1042 static void sd_blk_read(SDState *sd, uint64_t addr, uint32_t len)
1043 {
1044 trace_sdcard_read_block(addr, len);
1045 addr += sd_bootpart_offset(sd);
1046 if (!sd->blk || blk_pread(sd->blk, addr, len, sd->data, 0) < 0) {
1047 fprintf(stderr, "sd_blk_read: read error on host side\n");
1048 }
1049 }
1050
sd_blk_write(SDState * sd,uint64_t addr,uint32_t len)1051 static void sd_blk_write(SDState *sd, uint64_t addr, uint32_t len)
1052 {
1053 trace_sdcard_write_block(addr, len);
1054 addr += sd_bootpart_offset(sd);
1055 if (!sd->blk || blk_pwrite(sd->blk, addr, len, sd->data, 0) < 0) {
1056 fprintf(stderr, "sd_blk_write: write error on host side\n");
1057 }
1058 }
1059
sd_erase(SDState * sd)1060 static void sd_erase(SDState *sd)
1061 {
1062 uint64_t erase_start = sd->erase_start;
1063 uint64_t erase_end = sd->erase_end;
1064 bool sdsc = true;
1065 uint64_t wpnum;
1066 uint64_t erase_addr;
1067 int erase_len = 1 << HWBLOCK_SHIFT;
1068
1069 trace_sdcard_erase(sd->erase_start, sd->erase_end);
1070 if (sd->erase_start == INVALID_ADDRESS
1071 || sd->erase_end == INVALID_ADDRESS) {
1072 sd->card_status |= ERASE_SEQ_ERROR;
1073 sd->erase_start = INVALID_ADDRESS;
1074 sd->erase_end = INVALID_ADDRESS;
1075 return;
1076 }
1077
1078 if (FIELD_EX32(sd->ocr, OCR, CARD_CAPACITY)) {
1079 /* High capacity memory card: erase units are 512 byte blocks */
1080 erase_start <<= HWBLOCK_SHIFT;
1081 erase_end <<= HWBLOCK_SHIFT;
1082 sdsc = false;
1083 }
1084
1085 if (erase_start > sd->size || erase_end > sd->size) {
1086 sd->card_status |= OUT_OF_RANGE;
1087 sd->erase_start = INVALID_ADDRESS;
1088 sd->erase_end = INVALID_ADDRESS;
1089 return;
1090 }
1091
1092 sd->erase_start = INVALID_ADDRESS;
1093 sd->erase_end = INVALID_ADDRESS;
1094 sd->csd[14] |= 0x40;
1095
1096 memset(sd->data, 0xff, erase_len);
1097 for (erase_addr = erase_start; erase_addr <= erase_end;
1098 erase_addr += erase_len) {
1099 if (sdsc) {
1100 /* Only SDSC cards support write protect groups */
1101 wpnum = sd_addr_to_wpnum(erase_addr);
1102 assert(wpnum < sd->wp_group_bits);
1103 if (test_bit(wpnum, sd->wp_group_bmap)) {
1104 sd->card_status |= WP_ERASE_SKIP;
1105 continue;
1106 }
1107 }
1108 sd_blk_write(sd, erase_addr, erase_len);
1109 }
1110 }
1111
sd_wpbits(SDState * sd,uint64_t addr)1112 static uint32_t sd_wpbits(SDState *sd, uint64_t addr)
1113 {
1114 uint32_t i, wpnum;
1115 uint32_t ret = 0;
1116
1117 wpnum = sd_addr_to_wpnum(addr);
1118
1119 for (i = 0; i < 32; i++, wpnum++, addr += WPGROUP_SIZE) {
1120 if (addr >= sd->size) {
1121 /*
1122 * If the addresses of the last groups are outside the valid range,
1123 * then the corresponding write protection bits shall be set to 0.
1124 */
1125 continue;
1126 }
1127 assert(wpnum < sd->wp_group_bits);
1128 if (test_bit(wpnum, sd->wp_group_bmap)) {
1129 ret |= (1 << i);
1130 }
1131 }
1132
1133 return ret;
1134 }
1135
1136 enum ExtCsdAccessMode {
1137 EXT_CSD_ACCESS_MODE_COMMAND_SET = 0,
1138 EXT_CSD_ACCESS_MODE_SET_BITS = 1,
1139 EXT_CSD_ACCESS_MODE_CLEAR_BITS = 2,
1140 EXT_CSD_ACCESS_MODE_WRITE_BYTE = 3
1141 };
1142
emmc_function_switch(SDState * sd,uint32_t arg)1143 static void emmc_function_switch(SDState *sd, uint32_t arg)
1144 {
1145 uint8_t access = extract32(arg, 24, 2);
1146 uint8_t index = extract32(arg, 16, 8);
1147 uint8_t value = extract32(arg, 8, 8);
1148 uint8_t b = sd->ext_csd[index];
1149
1150 trace_sdcard_switch(access, index, value, extract32(arg, 0, 2));
1151
1152 if (index >= 192) {
1153 qemu_log_mask(LOG_GUEST_ERROR, "MMC switching illegal offset\n");
1154 sd->card_status |= R_CSR_SWITCH_ERROR_MASK;
1155 return;
1156 }
1157
1158 switch (access) {
1159 case EXT_CSD_ACCESS_MODE_COMMAND_SET:
1160 qemu_log_mask(LOG_UNIMP, "MMC Command set switching not supported\n");
1161 return;
1162 case EXT_CSD_ACCESS_MODE_SET_BITS:
1163 b |= value;
1164 break;
1165 case EXT_CSD_ACCESS_MODE_CLEAR_BITS:
1166 b &= ~value;
1167 break;
1168 case EXT_CSD_ACCESS_MODE_WRITE_BYTE:
1169 b = value;
1170 break;
1171 }
1172
1173 trace_sdcard_ext_csd_update(index, sd->ext_csd[index], b);
1174 sd->ext_csd[index] = b;
1175 }
1176
sd_function_switch(SDState * sd,uint32_t arg)1177 static void sd_function_switch(SDState *sd, uint32_t arg)
1178 {
1179 int i, mode, new_func;
1180 mode = !!(arg & 0x80000000);
1181
1182 sd->data[0] = 0x00; /* Maximum current consumption */
1183 sd->data[1] = 0x01;
1184 sd->data[2] = 0x80; /* Supported group 6 functions */
1185 sd->data[3] = 0x01;
1186 sd->data[4] = 0x80; /* Supported group 5 functions */
1187 sd->data[5] = 0x01;
1188 sd->data[6] = 0x80; /* Supported group 4 functions */
1189 sd->data[7] = 0x01;
1190 sd->data[8] = 0x80; /* Supported group 3 functions */
1191 sd->data[9] = 0x01;
1192 sd->data[10] = 0x80; /* Supported group 2 functions */
1193 sd->data[11] = 0x43;
1194 sd->data[12] = 0x80; /* Supported group 1 functions */
1195 sd->data[13] = 0x03;
1196
1197 memset(&sd->data[14], 0, 3);
1198 for (i = 0; i < 6; i ++) {
1199 new_func = (arg >> (i * 4)) & 0x0f;
1200 if (mode && new_func != 0x0f)
1201 sd->function_group[i] = new_func;
1202 sd->data[16 - (i >> 1)] |= new_func << ((i % 2) * 4);
1203 }
1204 memset(&sd->data[17], 0, 47);
1205 }
1206
sd_wp_addr(SDState * sd,uint64_t addr)1207 static inline bool sd_wp_addr(SDState *sd, uint64_t addr)
1208 {
1209 return test_bit(sd_addr_to_wpnum(addr), sd->wp_group_bmap);
1210 }
1211
sd_lock_command(SDState * sd)1212 static void sd_lock_command(SDState *sd)
1213 {
1214 int erase, lock, clr_pwd, set_pwd, pwd_len;
1215 erase = !!(sd->data[0] & 0x08);
1216 lock = sd->data[0] & 0x04;
1217 clr_pwd = sd->data[0] & 0x02;
1218 set_pwd = sd->data[0] & 0x01;
1219
1220 if (sd->blk_len > 1)
1221 pwd_len = sd->data[1];
1222 else
1223 pwd_len = 0;
1224
1225 if (lock) {
1226 trace_sdcard_lock();
1227 } else {
1228 trace_sdcard_unlock();
1229 }
1230 if (erase) {
1231 if (!(sd->card_status & CARD_IS_LOCKED) || sd->blk_len > 1 ||
1232 set_pwd || clr_pwd || lock || sd->wp_switch ||
1233 (sd->csd[14] & 0x20)) {
1234 sd->card_status |= LOCK_UNLOCK_FAILED;
1235 return;
1236 }
1237 bitmap_zero(sd->wp_group_bmap, sd->wp_group_bits);
1238 sd->csd[14] &= ~0x10;
1239 sd->card_status &= ~CARD_IS_LOCKED;
1240 sd->pwd_len = 0;
1241 /* Erasing the entire card here! */
1242 fprintf(stderr, "SD: Card force-erased by CMD42\n");
1243 return;
1244 }
1245
1246 if (sd->blk_len < 2 + pwd_len ||
1247 pwd_len <= sd->pwd_len ||
1248 pwd_len > sd->pwd_len + 16) {
1249 sd->card_status |= LOCK_UNLOCK_FAILED;
1250 return;
1251 }
1252
1253 if (sd->pwd_len && memcmp(sd->pwd, sd->data + 2, sd->pwd_len)) {
1254 sd->card_status |= LOCK_UNLOCK_FAILED;
1255 return;
1256 }
1257
1258 pwd_len -= sd->pwd_len;
1259 if ((pwd_len && !set_pwd) ||
1260 (clr_pwd && (set_pwd || lock)) ||
1261 (lock && !sd->pwd_len && !set_pwd) ||
1262 (!set_pwd && !clr_pwd &&
1263 (((sd->card_status & CARD_IS_LOCKED) && lock) ||
1264 (!(sd->card_status & CARD_IS_LOCKED) && !lock)))) {
1265 sd->card_status |= LOCK_UNLOCK_FAILED;
1266 return;
1267 }
1268
1269 if (set_pwd) {
1270 memcpy(sd->pwd, sd->data + 2 + sd->pwd_len, pwd_len);
1271 sd->pwd_len = pwd_len;
1272 }
1273
1274 if (clr_pwd) {
1275 sd->pwd_len = 0;
1276 }
1277
1278 if (lock)
1279 sd->card_status |= CARD_IS_LOCKED;
1280 else
1281 sd->card_status &= ~CARD_IS_LOCKED;
1282 }
1283
address_in_range(SDState * sd,const char * desc,uint64_t addr,uint32_t length)1284 static bool address_in_range(SDState *sd, const char *desc,
1285 uint64_t addr, uint32_t length)
1286 {
1287 if (addr + length > sd->size) {
1288 qemu_log_mask(LOG_GUEST_ERROR,
1289 "%s offset %"PRIu64" > card %"PRIu64" [%%%u]\n",
1290 desc, addr, sd->size, length);
1291 sd->card_status |= ADDRESS_ERROR;
1292 return false;
1293 }
1294 return true;
1295 }
1296
sd_invalid_state_for_cmd(SDState * sd,SDRequest req)1297 static sd_rsp_type_t sd_invalid_state_for_cmd(SDState *sd, SDRequest req)
1298 {
1299 qemu_log_mask(LOG_GUEST_ERROR, "%s: CMD%i in a wrong state: %s (spec %s)\n",
1300 sd->proto->name, req.cmd, sd_state_name(sd->state),
1301 sd_version_str(sd->spec_version));
1302
1303 return sd_illegal;
1304 }
1305
sd_invalid_mode_for_cmd(SDState * sd,SDRequest req)1306 static sd_rsp_type_t sd_invalid_mode_for_cmd(SDState *sd, SDRequest req)
1307 {
1308 qemu_log_mask(LOG_GUEST_ERROR, "%s: CMD%i in a wrong mode: %s (spec %s)\n",
1309 sd->proto->name, req.cmd, sd_mode_name(sd->mode),
1310 sd_version_str(sd->spec_version));
1311
1312 return sd_illegal;
1313 }
1314
sd_cmd_illegal(SDState * sd,SDRequest req)1315 static sd_rsp_type_t sd_cmd_illegal(SDState *sd, SDRequest req)
1316 {
1317 qemu_log_mask(LOG_GUEST_ERROR, "%s: Unknown CMD%i for spec %s\n",
1318 sd->proto->name, req.cmd,
1319 sd_version_str(sd->spec_version));
1320
1321 return sd_illegal;
1322 }
1323
1324 /* Commands that are recognised but not yet implemented. */
sd_cmd_unimplemented(SDState * sd,SDRequest req)1325 static sd_rsp_type_t sd_cmd_unimplemented(SDState *sd, SDRequest req)
1326 {
1327 qemu_log_mask(LOG_UNIMP, "%s: CMD%i not implemented\n",
1328 sd->proto->name, req.cmd);
1329
1330 return sd_illegal;
1331 }
1332
sd_cmd_optional(SDState * sd,SDRequest req)1333 static sd_rsp_type_t sd_cmd_optional(SDState *sd, SDRequest req)
1334 {
1335 qemu_log_mask(LOG_UNIMP, "%s: Optional CMD%i not implemented\n",
1336 sd->proto->name, req.cmd);
1337
1338 return sd_illegal;
1339 }
1340
1341 /* Configure fields for following sd_generic_write_byte() calls */
sd_cmd_to_receivingdata(SDState * sd,SDRequest req,uint64_t start,size_t size)1342 static sd_rsp_type_t sd_cmd_to_receivingdata(SDState *sd, SDRequest req,
1343 uint64_t start, size_t size)
1344 {
1345 if (sd->state != sd_transfer_state) {
1346 return sd_invalid_state_for_cmd(sd, req);
1347 }
1348 sd->state = sd_receivingdata_state;
1349 sd->data_start = start;
1350 sd->data_offset = 0;
1351 /* sd->data[] used as receive buffer */
1352 sd->data_size = size ?: sizeof(sd->data);
1353 return sd_r1;
1354 }
1355
1356 /* Configure fields for following sd_generic_read_byte() calls */
sd_cmd_to_sendingdata(SDState * sd,SDRequest req,uint64_t start,const void * data,size_t size)1357 static sd_rsp_type_t sd_cmd_to_sendingdata(SDState *sd, SDRequest req,
1358 uint64_t start,
1359 const void *data, size_t size)
1360 {
1361 if (sd->state != sd_transfer_state) {
1362 sd_invalid_state_for_cmd(sd, req);
1363 }
1364
1365 sd->state = sd_sendingdata_state;
1366 sd->data_start = start;
1367 sd->data_offset = 0;
1368 if (data) {
1369 assert(size > 0 && size <= sizeof(sd->data));
1370 memcpy(sd->data, data, size);
1371 }
1372 if (size) {
1373 sd->data_size = size;
1374 }
1375 return sd_r1;
1376 }
1377
1378 /* CMD0 */
sd_cmd_GO_IDLE_STATE(SDState * sd,SDRequest req)1379 static sd_rsp_type_t sd_cmd_GO_IDLE_STATE(SDState *sd, SDRequest req)
1380 {
1381 if (sd->state == sd_sleep_state) {
1382 switch (req.arg) {
1383 case 0x00000000:
1384 case 0xf0f0f0f0:
1385 break;
1386 default:
1387 return sd_r0;
1388 }
1389 }
1390 if (sd->state != sd_inactive_state) {
1391 sd->state = sd_idle_state;
1392 sd_reset(DEVICE(sd));
1393 }
1394
1395 return sd_is_spi(sd) ? sd_r1 : sd_r0;
1396 }
1397
1398 /* CMD1 */
spi_cmd_SEND_OP_COND(SDState * sd,SDRequest req)1399 static sd_rsp_type_t spi_cmd_SEND_OP_COND(SDState *sd, SDRequest req)
1400 {
1401 sd->state = sd_transfer_state;
1402
1403 return sd_r1;
1404 }
1405
1406 /* CMD2 */
sd_cmd_ALL_SEND_CID(SDState * sd,SDRequest req)1407 static sd_rsp_type_t sd_cmd_ALL_SEND_CID(SDState *sd, SDRequest req)
1408 {
1409 switch (sd->state) {
1410 case sd_ready_state:
1411 sd->state = sd_identification_state;
1412 return sd_r2_i;
1413 default:
1414 return sd_invalid_state_for_cmd(sd, req);
1415 }
1416 }
1417
1418 /* CMD3 */
sd_cmd_SEND_RELATIVE_ADDR(SDState * sd,SDRequest req)1419 static sd_rsp_type_t sd_cmd_SEND_RELATIVE_ADDR(SDState *sd, SDRequest req)
1420 {
1421 uint16_t random_rca;
1422
1423 switch (sd->state) {
1424 case sd_identification_state:
1425 case sd_standby_state:
1426 sd->state = sd_standby_state;
1427 qemu_guest_getrandom_nofail(&random_rca, sizeof(random_rca));
1428 sd_set_rca(sd, random_rca);
1429 return sd_r6;
1430
1431 default:
1432 return sd_invalid_state_for_cmd(sd, req);
1433 }
1434 }
1435
emmc_cmd_SET_RELATIVE_ADDR(SDState * sd,SDRequest req)1436 static sd_rsp_type_t emmc_cmd_SET_RELATIVE_ADDR(SDState *sd, SDRequest req)
1437 {
1438 switch (sd->state) {
1439 case sd_identification_state:
1440 case sd_standby_state:
1441 sd->state = sd_standby_state;
1442 sd_set_rca(sd, req.arg >> 16);
1443 return sd_r1;
1444
1445 default:
1446 return sd_invalid_state_for_cmd(sd, req);
1447 }
1448 }
1449
1450 /* CMD5 */
emmc_cmd_sleep_awake(SDState * sd,SDRequest req)1451 static sd_rsp_type_t emmc_cmd_sleep_awake(SDState *sd, SDRequest req)
1452 {
1453 bool do_sleep = extract32(req.arg, 15, 1);
1454
1455 switch (sd->state) {
1456 case sd_sleep_state:
1457 if (!do_sleep) {
1458 /* Awake */
1459 sd->state = sd_standby_state;
1460 }
1461 return sd_r1b;
1462
1463 case sd_standby_state:
1464 if (do_sleep) {
1465 sd->state = sd_sleep_state;
1466 }
1467 return sd_r1b;
1468
1469 default:
1470 return sd_invalid_state_for_cmd(sd, req);
1471 }
1472 }
1473
1474 /* CMD6 */
sd_cmd_SWITCH_FUNCTION(SDState * sd,SDRequest req)1475 static sd_rsp_type_t sd_cmd_SWITCH_FUNCTION(SDState *sd, SDRequest req)
1476 {
1477 if (sd->mode != sd_data_transfer_mode) {
1478 return sd_invalid_mode_for_cmd(sd, req);
1479 }
1480 if (sd->state != sd_transfer_state) {
1481 return sd_invalid_state_for_cmd(sd, req);
1482 }
1483
1484 sd_function_switch(sd, req.arg);
1485 return sd_cmd_to_sendingdata(sd, req, 0, NULL, 64);
1486 }
1487
emmc_cmd_SWITCH(SDState * sd,SDRequest req)1488 static sd_rsp_type_t emmc_cmd_SWITCH(SDState *sd, SDRequest req)
1489 {
1490 switch (sd->state) {
1491 case sd_transfer_state:
1492 sd->state = sd_programming_state;
1493 emmc_function_switch(sd, req.arg);
1494 sd->state = sd_transfer_state;
1495 return sd_r1b;
1496 default:
1497 return sd_invalid_state_for_cmd(sd, req);
1498 }
1499 }
1500
1501 /* CMD7 */
sd_cmd_DE_SELECT_CARD(SDState * sd,SDRequest req)1502 static sd_rsp_type_t sd_cmd_DE_SELECT_CARD(SDState *sd, SDRequest req)
1503 {
1504 bool same_rca = sd_req_rca_same(sd, req);
1505
1506 switch (sd->state) {
1507 case sd_standby_state:
1508 if (!same_rca) {
1509 return sd_r0;
1510 }
1511 sd->state = sd_transfer_state;
1512 return sd_r1b;
1513
1514 case sd_transfer_state:
1515 case sd_sendingdata_state:
1516 if (same_rca) {
1517 break;
1518 }
1519 sd->state = sd_standby_state;
1520 return sd_r1b;
1521
1522 case sd_disconnect_state:
1523 if (!same_rca) {
1524 return sd_r0;
1525 }
1526 sd->state = sd_programming_state;
1527 return sd_r1b;
1528
1529 case sd_programming_state:
1530 if (same_rca) {
1531 break;
1532 }
1533 sd->state = sd_disconnect_state;
1534 return sd_r1b;
1535
1536 default:
1537 break;
1538 }
1539 return sd_invalid_state_for_cmd(sd, req);
1540 }
1541
1542 /* CMD8 */
sd_cmd_SEND_IF_COND(SDState * sd,SDRequest req)1543 static sd_rsp_type_t sd_cmd_SEND_IF_COND(SDState *sd, SDRequest req)
1544 {
1545 if (sd->spec_version < SD_PHY_SPECv2_00_VERS) {
1546 return sd_cmd_illegal(sd, req);
1547 }
1548 if (sd->state != sd_idle_state) {
1549 return sd_invalid_state_for_cmd(sd, req);
1550 }
1551 sd->vhs = 0;
1552
1553 /* No response if not exactly one VHS bit is set. */
1554 if (!(req.arg >> 8) || (req.arg >> (ctz32(req.arg & ~0xff) + 1))) {
1555 return sd_is_spi(sd) ? sd_r7 : sd_r0;
1556 }
1557
1558 /* Accept. */
1559 sd->vhs = req.arg;
1560 return sd_r7;
1561 }
1562
1563 /* CMD8 */
emmc_cmd_SEND_EXT_CSD(SDState * sd,SDRequest req)1564 static sd_rsp_type_t emmc_cmd_SEND_EXT_CSD(SDState *sd, SDRequest req)
1565 {
1566 if (sd->state != sd_transfer_state) {
1567 return sd_invalid_state_for_cmd(sd, req);
1568 }
1569
1570 return sd_cmd_to_sendingdata(sd, req, sd_req_get_address(sd, req),
1571 sd->ext_csd, sizeof(sd->ext_csd));
1572 }
1573
1574 /* CMD9 */
spi_cmd_SEND_CSD(SDState * sd,SDRequest req)1575 static sd_rsp_type_t spi_cmd_SEND_CSD(SDState *sd, SDRequest req)
1576 {
1577 if (sd->state != sd_standby_state) {
1578 return sd_invalid_state_for_cmd(sd, req);
1579 }
1580 return sd_cmd_to_sendingdata(sd, req, sd_req_get_address(sd, req),
1581 sd->csd, 16);
1582 }
1583
sd_cmd_SEND_CSD(SDState * sd,SDRequest req)1584 static sd_rsp_type_t sd_cmd_SEND_CSD(SDState *sd, SDRequest req)
1585 {
1586 if (sd->state != sd_standby_state) {
1587 return sd_invalid_state_for_cmd(sd, req);
1588 }
1589
1590 return sd_req_rca_same(sd, req) ? sd_r2_s : sd_r0;
1591 }
1592
1593 /* CMD10 */
spi_cmd_SEND_CID(SDState * sd,SDRequest req)1594 static sd_rsp_type_t spi_cmd_SEND_CID(SDState *sd, SDRequest req)
1595 {
1596 if (sd->state != sd_standby_state) {
1597 return sd_invalid_state_for_cmd(sd, req);
1598 }
1599 return sd_cmd_to_sendingdata(sd, req, sd_req_get_address(sd, req),
1600 sd->cid, 16);
1601 }
1602
sd_cmd_SEND_CID(SDState * sd,SDRequest req)1603 static sd_rsp_type_t sd_cmd_SEND_CID(SDState *sd, SDRequest req)
1604 {
1605 if (sd->state != sd_standby_state) {
1606 return sd_invalid_state_for_cmd(sd, req);
1607 }
1608
1609 return sd_req_rca_same(sd, req) ? sd_r2_i : sd_r0;
1610 }
1611
1612 /* CMD12 */
sd_cmd_STOP_TRANSMISSION(SDState * sd,SDRequest req)1613 static sd_rsp_type_t sd_cmd_STOP_TRANSMISSION(SDState *sd, SDRequest req)
1614 {
1615 switch (sd->state) {
1616 case sd_sendingdata_state:
1617 sd->state = sd_transfer_state;
1618 return sd_r1b;
1619 case sd_receivingdata_state:
1620 sd->state = sd_programming_state;
1621 /* Bzzzzzzztt .... Operation complete. */
1622 sd->state = sd_transfer_state;
1623 return sd_r1;
1624 default:
1625 return sd_invalid_state_for_cmd(sd, req);
1626 }
1627 }
1628
1629 /* CMD13 */
sd_cmd_SEND_STATUS(SDState * sd,SDRequest req)1630 static sd_rsp_type_t sd_cmd_SEND_STATUS(SDState *sd, SDRequest req)
1631 {
1632 if (sd->mode != sd_data_transfer_mode) {
1633 return sd_invalid_mode_for_cmd(sd, req);
1634 }
1635
1636 switch (sd->state) {
1637 case sd_standby_state:
1638 case sd_transfer_state:
1639 case sd_sendingdata_state:
1640 case sd_receivingdata_state:
1641 case sd_programming_state:
1642 case sd_disconnect_state:
1643 break;
1644 default:
1645 return sd_invalid_state_for_cmd(sd, req);
1646 }
1647
1648 if (sd_is_spi(sd)) {
1649 return sd_r2_s;
1650 }
1651
1652 return sd_req_rca_same(sd, req) ? sd_r1 : sd_r0;
1653 }
1654
1655 /* CMD15 */
sd_cmd_GO_INACTIVE_STATE(SDState * sd,SDRequest req)1656 static sd_rsp_type_t sd_cmd_GO_INACTIVE_STATE(SDState *sd, SDRequest req)
1657 {
1658 if (sd->mode != sd_data_transfer_mode) {
1659 return sd_invalid_mode_for_cmd(sd, req);
1660 }
1661 switch (sd->state) {
1662 case sd_standby_state:
1663 case sd_transfer_state:
1664 case sd_sendingdata_state:
1665 case sd_receivingdata_state:
1666 case sd_programming_state:
1667 case sd_disconnect_state:
1668 break;
1669 default:
1670 return sd_invalid_state_for_cmd(sd, req);
1671 }
1672 if (sd_req_rca_same(sd, req)) {
1673 sd->state = sd_inactive_state;
1674 }
1675
1676 return sd_r0;
1677 }
1678
1679 /* CMD16 */
sd_cmd_SET_BLOCKLEN(SDState * sd,SDRequest req)1680 static sd_rsp_type_t sd_cmd_SET_BLOCKLEN(SDState *sd, SDRequest req)
1681 {
1682 if (sd->state != sd_transfer_state) {
1683 return sd_invalid_state_for_cmd(sd, req);
1684 }
1685 if (req.arg > (1 << HWBLOCK_SHIFT)) {
1686 sd->card_status |= BLOCK_LEN_ERROR;
1687 } else {
1688 trace_sdcard_set_blocklen(req.arg);
1689 sd->blk_len = req.arg;
1690 }
1691
1692 return sd_r1;
1693 }
1694
1695 /* CMD17 */
sd_cmd_READ_SINGLE_BLOCK(SDState * sd,SDRequest req)1696 static sd_rsp_type_t sd_cmd_READ_SINGLE_BLOCK(SDState *sd, SDRequest req)
1697 {
1698 uint64_t addr;
1699
1700 if (sd->state != sd_transfer_state) {
1701 return sd_invalid_state_for_cmd(sd, req);
1702 }
1703
1704 addr = sd_req_get_address(sd, req);
1705 if (!address_in_range(sd, "READ_SINGLE_BLOCK", addr, sd->blk_len)) {
1706 return sd_r1;
1707 }
1708
1709 sd_blk_read(sd, addr, sd->blk_len);
1710 return sd_cmd_to_sendingdata(sd, req, addr, NULL, sd->blk_len);
1711 }
1712
1713 /* CMD19 */
sd_cmd_SEND_TUNING_BLOCK(SDState * sd,SDRequest req)1714 static sd_rsp_type_t sd_cmd_SEND_TUNING_BLOCK(SDState *sd, SDRequest req)
1715 {
1716 if (sd->spec_version < SD_PHY_SPECv3_01_VERS) {
1717 return sd_cmd_illegal(sd, req);
1718 }
1719
1720 return sd_cmd_to_sendingdata(sd, req, 0,
1721 sd_tuning_block_pattern4,
1722 sizeof(sd_tuning_block_pattern4));
1723 }
1724
1725 /* CMD23 */
sd_cmd_SET_BLOCK_COUNT(SDState * sd,SDRequest req)1726 static sd_rsp_type_t sd_cmd_SET_BLOCK_COUNT(SDState *sd, SDRequest req)
1727 {
1728 if (sd->spec_version < SD_PHY_SPECv3_01_VERS) {
1729 return sd_cmd_illegal(sd, req);
1730 }
1731
1732 if (sd->state != sd_transfer_state) {
1733 return sd_invalid_state_for_cmd(sd, req);
1734 }
1735
1736 sd->multi_blk_cnt = req.arg;
1737 if (sd_is_emmc(sd)) {
1738 sd->multi_blk_cnt &= 0xffff;
1739 }
1740 trace_sdcard_set_block_count(sd->multi_blk_cnt);
1741
1742 return sd_r1;
1743 }
1744
1745 /* CMD24 */
sd_cmd_WRITE_SINGLE_BLOCK(SDState * sd,SDRequest req)1746 static sd_rsp_type_t sd_cmd_WRITE_SINGLE_BLOCK(SDState *sd, SDRequest req)
1747 {
1748 uint64_t addr;
1749
1750 if (sd->state != sd_transfer_state) {
1751 return sd_invalid_state_for_cmd(sd, req);
1752 }
1753
1754 addr = sd_req_get_address(sd, req);
1755 if (!address_in_range(sd, "WRITE_SINGLE_BLOCK", addr, sd->blk_len)) {
1756 return sd_r1;
1757 }
1758
1759 if (sd->size <= SDSC_MAX_CAPACITY) {
1760 if (sd_wp_addr(sd, addr)) {
1761 sd->card_status |= WP_VIOLATION;
1762 }
1763 }
1764 if (sd->csd[14] & 0x30) {
1765 sd->card_status |= WP_VIOLATION;
1766 }
1767
1768 sd->blk_written = 0;
1769 return sd_cmd_to_receivingdata(sd, req, addr, sd->blk_len);
1770 }
1771
1772 /* CMD26 */
emmc_cmd_PROGRAM_CID(SDState * sd,SDRequest req)1773 static sd_rsp_type_t emmc_cmd_PROGRAM_CID(SDState *sd, SDRequest req)
1774 {
1775 return sd_cmd_to_receivingdata(sd, req, 0, sizeof(sd->cid));
1776 }
1777
1778 /* CMD27 */
sd_cmd_PROGRAM_CSD(SDState * sd,SDRequest req)1779 static sd_rsp_type_t sd_cmd_PROGRAM_CSD(SDState *sd, SDRequest req)
1780 {
1781 return sd_cmd_to_receivingdata(sd, req, 0, sizeof(sd->csd));
1782 }
1783
sd_cmd_SET_CLR_WRITE_PROT(SDState * sd,SDRequest req,bool is_write)1784 static sd_rsp_type_t sd_cmd_SET_CLR_WRITE_PROT(SDState *sd, SDRequest req,
1785 bool is_write)
1786 {
1787 uint64_t addr;
1788
1789 if (sd->size > SDSC_MAX_CAPACITY) {
1790 return sd_illegal;
1791 }
1792
1793 if (sd->state != sd_transfer_state) {
1794 return sd_invalid_state_for_cmd(sd, req);
1795 }
1796
1797 addr = sd_req_get_address(sd, req);
1798 if (!address_in_range(sd, is_write ? "SET_WRITE_PROT" : "CLR_WRITE_PROT",
1799 addr, 1)) {
1800 return sd_r1b;
1801 }
1802
1803 sd->state = sd_programming_state;
1804 if (is_write) {
1805 set_bit(sd_addr_to_wpnum(addr), sd->wp_group_bmap);
1806 } else {
1807 clear_bit(sd_addr_to_wpnum(addr), sd->wp_group_bmap);
1808 }
1809 /* Bzzzzzzztt .... Operation complete. */
1810 sd->state = sd_transfer_state;
1811 return sd_r1;
1812 }
1813
1814 /* CMD28 */
sd_cmd_SET_WRITE_PROT(SDState * sd,SDRequest req)1815 static sd_rsp_type_t sd_cmd_SET_WRITE_PROT(SDState *sd, SDRequest req)
1816 {
1817 return sd_cmd_SET_CLR_WRITE_PROT(sd, req, true);
1818 }
1819
1820 /* CMD29 */
sd_cmd_CLR_WRITE_PROT(SDState * sd,SDRequest req)1821 static sd_rsp_type_t sd_cmd_CLR_WRITE_PROT(SDState *sd, SDRequest req)
1822 {
1823 return sd_cmd_SET_CLR_WRITE_PROT(sd, req, false);
1824 }
1825
1826 /* CMD30 */
sd_cmd_SEND_WRITE_PROT(SDState * sd,SDRequest req)1827 static sd_rsp_type_t sd_cmd_SEND_WRITE_PROT(SDState *sd, SDRequest req)
1828 {
1829 uint64_t addr;
1830 uint32_t data;
1831
1832 if (sd->size > SDSC_MAX_CAPACITY) {
1833 return sd_illegal;
1834 }
1835
1836 if (sd->state != sd_transfer_state) {
1837 return sd_invalid_state_for_cmd(sd, req);
1838 }
1839
1840 addr = sd_req_get_address(sd, req);
1841 if (!address_in_range(sd, "SEND_WRITE_PROT", addr, sd->blk_len)) {
1842 return sd_r1;
1843 }
1844
1845 data = sd_wpbits(sd, req.arg);
1846 return sd_cmd_to_sendingdata(sd, req, addr, &data, sizeof(data));
1847 }
1848
1849 /* CMD32 */
sd_cmd_ERASE_WR_BLK_START(SDState * sd,SDRequest req)1850 static sd_rsp_type_t sd_cmd_ERASE_WR_BLK_START(SDState *sd, SDRequest req)
1851 {
1852 if (sd->state != sd_transfer_state) {
1853 return sd_invalid_state_for_cmd(sd, req);
1854 }
1855 sd->erase_start = req.arg;
1856 return sd_r1;
1857 }
1858
1859 /* CMD33 */
sd_cmd_ERASE_WR_BLK_END(SDState * sd,SDRequest req)1860 static sd_rsp_type_t sd_cmd_ERASE_WR_BLK_END(SDState *sd, SDRequest req)
1861 {
1862 if (sd->state != sd_transfer_state) {
1863 return sd_invalid_state_for_cmd(sd, req);
1864 }
1865 sd->erase_end = req.arg;
1866 return sd_r1;
1867 }
1868
1869 /* CMD38 */
sd_cmd_ERASE(SDState * sd,SDRequest req)1870 static sd_rsp_type_t sd_cmd_ERASE(SDState *sd, SDRequest req)
1871 {
1872 if (sd->state != sd_transfer_state) {
1873 return sd_invalid_state_for_cmd(sd, req);
1874 }
1875 if (sd->csd[14] & 0x30) {
1876 sd->card_status |= WP_VIOLATION;
1877 return sd_r1b;
1878 }
1879
1880 sd->state = sd_programming_state;
1881 sd_erase(sd);
1882 /* Bzzzzzzztt .... Operation complete. */
1883 sd->state = sd_transfer_state;
1884 return sd_r1b;
1885 }
1886
1887 /* CMD42 */
sd_cmd_LOCK_UNLOCK(SDState * sd,SDRequest req)1888 static sd_rsp_type_t sd_cmd_LOCK_UNLOCK(SDState *sd, SDRequest req)
1889 {
1890 return sd_cmd_to_receivingdata(sd, req, 0, 0);
1891 }
1892
1893 /* CMD55 */
sd_cmd_APP_CMD(SDState * sd,SDRequest req)1894 static sd_rsp_type_t sd_cmd_APP_CMD(SDState *sd, SDRequest req)
1895 {
1896 switch (sd->state) {
1897 case sd_ready_state:
1898 case sd_identification_state:
1899 case sd_inactive_state:
1900 case sd_sleep_state:
1901 return sd_invalid_state_for_cmd(sd, req);
1902 case sd_idle_state:
1903 if (!sd_is_spi(sd) && sd_req_get_rca(sd, req) != 0x0000) {
1904 qemu_log_mask(LOG_GUEST_ERROR,
1905 "SD: illegal RCA 0x%04x for APP_CMD\n", req.cmd);
1906 }
1907 /* fall-through */
1908 default:
1909 break;
1910 }
1911 if (!sd_is_spi(sd) && !sd_req_rca_same(sd, req)) {
1912 return sd_r0;
1913 }
1914 sd->expecting_acmd = true;
1915 sd->card_status |= APP_CMD;
1916
1917 return sd_r1;
1918 }
1919
1920 /* CMD56 */
sd_cmd_GEN_CMD(SDState * sd,SDRequest req)1921 static sd_rsp_type_t sd_cmd_GEN_CMD(SDState *sd, SDRequest req)
1922 {
1923 if (sd->state != sd_transfer_state) {
1924 return sd_invalid_state_for_cmd(sd, req);
1925 }
1926
1927 /* Vendor specific command: our model is RAZ/WI */
1928 if (req.arg & 1) {
1929 memset(sd->data, 0, sizeof(sd->data));
1930 return sd_cmd_to_sendingdata(sd, req, 0, NULL, 0);
1931 } else {
1932 return sd_cmd_to_receivingdata(sd, req, 0, 0);
1933 }
1934 }
1935
1936 /* CMD58 */
spi_cmd_READ_OCR(SDState * sd,SDRequest req)1937 static sd_rsp_type_t spi_cmd_READ_OCR(SDState *sd, SDRequest req)
1938 {
1939 return sd_r3;
1940 }
1941
1942 /* CMD59 */
spi_cmd_CRC_ON_OFF(SDState * sd,SDRequest req)1943 static sd_rsp_type_t spi_cmd_CRC_ON_OFF(SDState *sd, SDRequest req)
1944 {
1945 return sd_r1;
1946 }
1947
1948 /* ACMD6 */
sd_acmd_SET_BUS_WIDTH(SDState * sd,SDRequest req)1949 static sd_rsp_type_t sd_acmd_SET_BUS_WIDTH(SDState *sd, SDRequest req)
1950 {
1951 if (sd->state != sd_transfer_state) {
1952 return sd_invalid_state_for_cmd(sd, req);
1953 }
1954
1955 sd->sd_status[0] &= 0x3f;
1956 sd->sd_status[0] |= (req.arg & 0x03) << 6;
1957 return sd_r1;
1958 }
1959
1960 /* ACMD13 */
sd_acmd_SD_STATUS(SDState * sd,SDRequest req)1961 static sd_rsp_type_t sd_acmd_SD_STATUS(SDState *sd, SDRequest req)
1962 {
1963 return sd_cmd_to_sendingdata(sd, req, 0,
1964 sd->sd_status, sizeof(sd->sd_status));
1965 }
1966
1967 /* ACMD22 */
sd_acmd_SEND_NUM_WR_BLOCKS(SDState * sd,SDRequest req)1968 static sd_rsp_type_t sd_acmd_SEND_NUM_WR_BLOCKS(SDState *sd, SDRequest req)
1969 {
1970 return sd_cmd_to_sendingdata(sd, req, 0,
1971 &sd->blk_written, sizeof(sd->blk_written));
1972 }
1973
1974 /* ACMD23 */
sd_acmd_SET_WR_BLK_ERASE_COUNT(SDState * sd,SDRequest req)1975 static sd_rsp_type_t sd_acmd_SET_WR_BLK_ERASE_COUNT(SDState *sd, SDRequest req)
1976 {
1977 if (sd->state != sd_transfer_state) {
1978 return sd_invalid_state_for_cmd(sd, req);
1979 }
1980 return sd_r1;
1981 }
1982
1983 /* ACMD41 */
sd_cmd_SEND_OP_COND(SDState * sd,SDRequest req)1984 static sd_rsp_type_t sd_cmd_SEND_OP_COND(SDState *sd, SDRequest req)
1985 {
1986 if (sd->state != sd_idle_state) {
1987 return sd_invalid_state_for_cmd(sd, req);
1988 }
1989
1990 /*
1991 * If it's the first ACMD41 since reset, we need to decide
1992 * whether to power up. If this is not an enquiry ACMD41,
1993 * we immediately report power on and proceed below to the
1994 * ready state, but if it is, we set a timer to model a
1995 * delay for power up. This works around a bug in EDK2
1996 * UEFI, which sends an initial enquiry ACMD41, but
1997 * assumes that the card is in ready state as soon as it
1998 * sees the power up bit set.
1999 */
2000 if (!FIELD_EX32(sd->ocr, OCR, CARD_POWER_UP)) {
2001 if ((req.arg & ACMD41_ENQUIRY_MASK) != 0) {
2002 timer_del(sd->ocr_power_timer);
2003 sd_ocr_powerup(sd);
2004 } else {
2005 trace_sdcard_inquiry_cmd41();
2006 if (!timer_pending(sd->ocr_power_timer)) {
2007 timer_mod_ns(sd->ocr_power_timer,
2008 (qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL)
2009 + OCR_POWER_DELAY_NS));
2010 }
2011 }
2012 }
2013
2014 if (FIELD_EX32(sd->ocr & req.arg, OCR, VDD_VOLTAGE_WINDOW)) {
2015 /*
2016 * We accept any voltage. 10000 V is nothing.
2017 *
2018 * Once we're powered up, we advance straight to ready state
2019 * unless it's an enquiry ACMD41 (bits 23:0 == 0).
2020 */
2021 sd->state = sd_ready_state;
2022 }
2023
2024 return sd_r3;
2025 }
2026
2027 /* ACMD42 */
sd_acmd_SET_CLR_CARD_DETECT(SDState * sd,SDRequest req)2028 static sd_rsp_type_t sd_acmd_SET_CLR_CARD_DETECT(SDState *sd, SDRequest req)
2029 {
2030 if (sd->state != sd_transfer_state) {
2031 return sd_invalid_state_for_cmd(sd, req);
2032 }
2033
2034 /* Bringing in the 50KOhm pull-up resistor... Done. */
2035 return sd_r1;
2036 }
2037
2038 /* ACMD51 */
sd_acmd_SEND_SCR(SDState * sd,SDRequest req)2039 static sd_rsp_type_t sd_acmd_SEND_SCR(SDState *sd, SDRequest req)
2040 {
2041 return sd_cmd_to_sendingdata(sd, req, 0, sd->scr, sizeof(sd->scr));
2042 }
2043
sd_normal_command(SDState * sd,SDRequest req)2044 static sd_rsp_type_t sd_normal_command(SDState *sd, SDRequest req)
2045 {
2046 uint64_t addr;
2047
2048 sd->last_cmd_name = sd_cmd_name(sd, req.cmd);
2049 /* CMD55 precedes an ACMD, so we are not interested in tracing it.
2050 * However there is no ACMD55, so we want to trace this particular case.
2051 */
2052 if (req.cmd != 55 || sd->expecting_acmd) {
2053 trace_sdcard_normal_command(sd->proto->name,
2054 sd->last_cmd_name, req.cmd,
2055 req.arg, sd_state_name(sd->state));
2056 }
2057
2058 /* Not interpreting this as an app command */
2059 sd->card_status &= ~APP_CMD;
2060
2061 /* CMD23 (set block count) must be immediately followed by CMD18 or CMD25
2062 * if not, its effects are cancelled */
2063 if (sd->multi_blk_cnt != 0 && !(req.cmd == 18 || req.cmd == 25)) {
2064 sd->multi_blk_cnt = 0;
2065 }
2066
2067 if (sd->proto->cmd[req.cmd].class == 6 && FIELD_EX32(sd->ocr, OCR,
2068 CARD_CAPACITY)) {
2069 /* Only Standard Capacity cards support class 6 commands */
2070 return sd_illegal;
2071 }
2072
2073 if (sd->proto->cmd[req.cmd].handler) {
2074 return sd->proto->cmd[req.cmd].handler(sd, req);
2075 }
2076
2077 switch (req.cmd) {
2078 /* Block read commands (Class 2) */
2079 case 18: /* CMD18: READ_MULTIPLE_BLOCK */
2080 addr = sd_req_get_address(sd, req);
2081 switch (sd->state) {
2082 case sd_transfer_state:
2083
2084 if (!address_in_range(sd, "READ_BLOCK", addr, sd->blk_len)) {
2085 return sd_r1;
2086 }
2087
2088 sd->state = sd_sendingdata_state;
2089 sd->data_start = addr;
2090 sd->data_offset = 0;
2091 return sd_r1;
2092
2093 default:
2094 break;
2095 }
2096 break;
2097
2098 /* Block write commands (Class 4) */
2099 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
2100 addr = sd_req_get_address(sd, req);
2101 switch (sd->state) {
2102 case sd_transfer_state:
2103
2104 if (!address_in_range(sd, "WRITE_BLOCK", addr, sd->blk_len)) {
2105 return sd_r1;
2106 }
2107
2108 sd->state = sd_receivingdata_state;
2109 sd->data_start = addr;
2110 sd->data_offset = 0;
2111 sd->blk_written = 0;
2112
2113 if (sd->size <= SDSC_MAX_CAPACITY) {
2114 if (sd_wp_addr(sd, sd->data_start)) {
2115 sd->card_status |= WP_VIOLATION;
2116 }
2117 }
2118 if (sd->csd[14] & 0x30) {
2119 sd->card_status |= WP_VIOLATION;
2120 }
2121 return sd_r1;
2122
2123 default:
2124 break;
2125 }
2126 break;
2127
2128 default:
2129 qemu_log_mask(LOG_GUEST_ERROR, "SD: Unknown CMD%i\n", req.cmd);
2130 return sd_illegal;
2131 }
2132
2133 return sd_invalid_state_for_cmd(sd, req);
2134 }
2135
sd_app_command(SDState * sd,SDRequest req)2136 static sd_rsp_type_t sd_app_command(SDState *sd,
2137 SDRequest req)
2138 {
2139 sd->last_cmd_name = sd_acmd_name(sd, req.cmd);
2140 trace_sdcard_app_command(sd->proto->name, sd->last_cmd_name,
2141 req.cmd, req.arg, sd_state_name(sd->state));
2142 sd->card_status |= APP_CMD;
2143
2144 if (sd->proto->acmd[req.cmd].handler) {
2145 return sd->proto->acmd[req.cmd].handler(sd, req);
2146 }
2147
2148 switch (req.cmd) {
2149 case 18: /* Reserved for SD security applications */
2150 case 25:
2151 case 26:
2152 case 38:
2153 case 43 ... 49:
2154 /* Refer to the "SD Specifications Part3 Security Specification" for
2155 * information about the SD Security Features.
2156 */
2157 qemu_log_mask(LOG_UNIMP, "SD: CMD%i Security not implemented\n",
2158 req.cmd);
2159 return sd_illegal;
2160
2161 default:
2162 /* Fall back to standard commands. */
2163 return sd_normal_command(sd, req);
2164 }
2165
2166 qemu_log_mask(LOG_GUEST_ERROR, "SD: ACMD%i in a wrong state\n", req.cmd);
2167 return sd_illegal;
2168 }
2169
cmd_valid_while_locked(SDState * sd,unsigned cmd)2170 static bool cmd_valid_while_locked(SDState *sd, unsigned cmd)
2171 {
2172 unsigned cmd_class;
2173
2174 /* Valid commands in locked state:
2175 * basic class (0)
2176 * lock card class (7)
2177 * CMD16
2178 * implicitly, the ACMD prefix CMD55
2179 * ACMD41 and ACMD42
2180 * Anything else provokes an "illegal command" response.
2181 */
2182 if (sd->expecting_acmd) {
2183 return cmd == 41 || cmd == 42;
2184 }
2185 if (cmd == 16 || cmd == 55) {
2186 return true;
2187 }
2188 if (!sd->proto->cmd[cmd].handler) {
2189 return false;
2190 }
2191 cmd_class = sd->proto->cmd[cmd].class;
2192
2193 return cmd_class == 0 || cmd_class == 7;
2194 }
2195
sd_do_command(SDState * sd,SDRequest * req,uint8_t * response)2196 int sd_do_command(SDState *sd, SDRequest *req,
2197 uint8_t *response) {
2198 int last_state;
2199 sd_rsp_type_t rtype;
2200 int rsplen;
2201
2202 if (!sd->blk || !blk_is_inserted(sd->blk) || !sd->enable) {
2203 return 0;
2204 }
2205
2206 if (sd->state == sd_inactive_state) {
2207 rtype = sd_illegal;
2208 goto send_response;
2209 }
2210
2211 if (sd_req_crc_validate(req)) {
2212 sd->card_status |= COM_CRC_ERROR;
2213 rtype = sd_illegal;
2214 goto send_response;
2215 }
2216
2217 if (req->cmd >= SDMMC_CMD_MAX) {
2218 qemu_log_mask(LOG_GUEST_ERROR, "SD: incorrect command 0x%02x\n",
2219 req->cmd);
2220 req->cmd &= 0x3f;
2221 }
2222
2223 if (sd->state == sd_sleep_state && req->cmd) {
2224 qemu_log_mask(LOG_GUEST_ERROR, "SD: Card is sleeping\n");
2225 rtype = sd_r0;
2226 goto send_response;
2227 }
2228
2229 if (sd->card_status & CARD_IS_LOCKED) {
2230 if (!cmd_valid_while_locked(sd, req->cmd)) {
2231 sd->card_status |= ILLEGAL_COMMAND;
2232 sd->expecting_acmd = false;
2233 qemu_log_mask(LOG_GUEST_ERROR, "SD: Card is locked\n");
2234 rtype = sd_illegal;
2235 goto send_response;
2236 }
2237 }
2238
2239 last_state = sd->state;
2240 sd_set_mode(sd);
2241
2242 if (sd->expecting_acmd) {
2243 sd->expecting_acmd = false;
2244 rtype = sd_app_command(sd, *req);
2245 } else {
2246 rtype = sd_normal_command(sd, *req);
2247 }
2248
2249 if (rtype == sd_illegal) {
2250 sd->card_status |= ILLEGAL_COMMAND;
2251 } else {
2252 /* Valid command, we can update the 'state before command' bits.
2253 * (Do this now so they appear in r1 responses.)
2254 */
2255 sd->card_status = FIELD_DP32(sd->card_status, CSR,
2256 CURRENT_STATE, last_state);
2257 }
2258
2259 send_response:
2260 switch (rtype) {
2261 case sd_r1:
2262 case sd_r1b:
2263 sd_response_r1_make(sd, response);
2264 rsplen = 4;
2265 break;
2266
2267 case sd_r2_i:
2268 memcpy(response, sd->cid, sizeof(sd->cid));
2269 rsplen = 16;
2270 break;
2271
2272 case sd_r2_s:
2273 memcpy(response, sd->csd, sizeof(sd->csd));
2274 rsplen = 16;
2275 break;
2276
2277 case sd_r3:
2278 sd_response_r3_make(sd, response);
2279 rsplen = 4;
2280 break;
2281
2282 case sd_r6:
2283 sd_response_r6_make(sd, response);
2284 rsplen = 4;
2285 break;
2286
2287 case sd_r7:
2288 sd_response_r7_make(sd, response);
2289 rsplen = 4;
2290 break;
2291
2292 case sd_r0:
2293 /*
2294 * Invalid state transition, reset implementation
2295 * fields to avoid OOB abuse.
2296 */
2297 sd->data_start = 0;
2298 sd->data_offset = 0;
2299 /* fall-through */
2300 case sd_illegal:
2301 rsplen = 0;
2302 break;
2303 default:
2304 g_assert_not_reached();
2305 }
2306 trace_sdcard_response(sd_response_name(rtype), rsplen);
2307
2308 if (rtype != sd_illegal) {
2309 /* Clear the "clear on valid command" status bits now we've
2310 * sent any response
2311 */
2312 sd->card_status &= ~CARD_STATUS_B;
2313 }
2314
2315 #ifdef DEBUG_SD
2316 qemu_hexdump(stderr, "Response", response, rsplen);
2317 #endif
2318
2319 sd->current_cmd = rtype == sd_illegal ? 0 : req->cmd;
2320
2321 return rsplen;
2322 }
2323
2324 /* Return true if buffer is consumed. Configured by sd_cmd_to_receivingdata() */
sd_generic_write_byte(SDState * sd,uint8_t value)2325 static bool sd_generic_write_byte(SDState *sd, uint8_t value)
2326 {
2327 sd->data[sd->data_offset] = value;
2328
2329 if (++sd->data_offset >= sd->data_size) {
2330 sd->state = sd_transfer_state;
2331 return true;
2332 }
2333 return false;
2334 }
2335
2336 /* Return true when buffer is consumed. Configured by sd_cmd_to_sendingdata() */
sd_generic_read_byte(SDState * sd,uint8_t * value)2337 static bool sd_generic_read_byte(SDState *sd, uint8_t *value)
2338 {
2339 *value = sd->data[sd->data_offset];
2340
2341 if (++sd->data_offset >= sd->data_size) {
2342 sd->state = sd_transfer_state;
2343 return true;
2344 }
2345
2346 return false;
2347 }
2348
sd_write_byte(SDState * sd,uint8_t value)2349 void sd_write_byte(SDState *sd, uint8_t value)
2350 {
2351 int i;
2352
2353 if (!sd->blk || !blk_is_inserted(sd->blk) || !sd->enable)
2354 return;
2355
2356 if (sd->state != sd_receivingdata_state) {
2357 qemu_log_mask(LOG_GUEST_ERROR,
2358 "%s: not in Receiving-Data state\n", __func__);
2359 return;
2360 }
2361
2362 if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION))
2363 return;
2364
2365 trace_sdcard_write_data(sd->proto->name,
2366 sd->last_cmd_name,
2367 sd->current_cmd, sd->data_offset, value);
2368 switch (sd->current_cmd) {
2369 case 24: /* CMD24: WRITE_SINGLE_BLOCK */
2370 if (sd_generic_write_byte(sd, value)) {
2371 /* TODO: Check CRC before committing */
2372 sd->state = sd_programming_state;
2373 sd_blk_write(sd, sd->data_start, sd->data_offset);
2374 sd->blk_written ++;
2375 sd->csd[14] |= 0x40;
2376 /* Bzzzzzzztt .... Operation complete. */
2377 sd->state = sd_transfer_state;
2378 }
2379 break;
2380
2381 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
2382 if (sd->data_offset == 0) {
2383 /* Start of the block - let's check the address is valid */
2384 if (!address_in_range(sd, "WRITE_MULTIPLE_BLOCK",
2385 sd->data_start, sd->blk_len)) {
2386 break;
2387 }
2388 if (sd->size <= SDSC_MAX_CAPACITY) {
2389 if (sd_wp_addr(sd, sd->data_start)) {
2390 sd->card_status |= WP_VIOLATION;
2391 break;
2392 }
2393 }
2394 }
2395 sd->data[sd->data_offset++] = value;
2396 if (sd->data_offset >= sd->blk_len) {
2397 /* TODO: Check CRC before committing */
2398 sd->state = sd_programming_state;
2399 sd_blk_write(sd, sd->data_start, sd->data_offset);
2400 sd->blk_written++;
2401 sd->data_start += sd->blk_len;
2402 sd->data_offset = 0;
2403 sd->csd[14] |= 0x40;
2404
2405 /* Bzzzzzzztt .... Operation complete. */
2406 if (sd->multi_blk_cnt != 0) {
2407 if (--sd->multi_blk_cnt == 0) {
2408 /* Stop! */
2409 sd->state = sd_transfer_state;
2410 break;
2411 }
2412 }
2413
2414 sd->state = sd_receivingdata_state;
2415 }
2416 break;
2417
2418 case 26: /* CMD26: PROGRAM_CID */
2419 if (sd_generic_write_byte(sd, value)) {
2420 /* TODO: Check CRC before committing */
2421 sd->state = sd_programming_state;
2422 for (i = 0; i < sizeof(sd->cid); i ++)
2423 if ((sd->cid[i] | 0x00) != sd->data[i])
2424 sd->card_status |= CID_CSD_OVERWRITE;
2425
2426 if (!(sd->card_status & CID_CSD_OVERWRITE))
2427 for (i = 0; i < sizeof(sd->cid); i ++) {
2428 sd->cid[i] |= 0x00;
2429 sd->cid[i] &= sd->data[i];
2430 }
2431 /* Bzzzzzzztt .... Operation complete. */
2432 sd->state = sd_transfer_state;
2433 }
2434 break;
2435
2436 case 27: /* CMD27: PROGRAM_CSD */
2437 if (sd_generic_write_byte(sd, value)) {
2438 /* TODO: Check CRC before committing */
2439 sd->state = sd_programming_state;
2440 for (i = 0; i < sizeof(sd->csd); i ++)
2441 if ((sd->csd[i] | sd_csd_rw_mask[i]) !=
2442 (sd->data[i] | sd_csd_rw_mask[i]))
2443 sd->card_status |= CID_CSD_OVERWRITE;
2444
2445 /* Copy flag (OTP) & Permanent write protect */
2446 if (sd->csd[14] & ~sd->data[14] & 0x60)
2447 sd->card_status |= CID_CSD_OVERWRITE;
2448
2449 if (!(sd->card_status & CID_CSD_OVERWRITE))
2450 for (i = 0; i < sizeof(sd->csd); i ++) {
2451 sd->csd[i] |= sd_csd_rw_mask[i];
2452 sd->csd[i] &= sd->data[i];
2453 }
2454 /* Bzzzzzzztt .... Operation complete. */
2455 sd->state = sd_transfer_state;
2456 }
2457 break;
2458
2459 case 42: /* CMD42: LOCK_UNLOCK */
2460 if (sd_generic_write_byte(sd, value)) {
2461 /* TODO: Check CRC before committing */
2462 sd->state = sd_programming_state;
2463 sd_lock_command(sd);
2464 /* Bzzzzzzztt .... Operation complete. */
2465 sd->state = sd_transfer_state;
2466 }
2467 break;
2468
2469 case 56: /* CMD56: GEN_CMD */
2470 sd_generic_write_byte(sd, value);
2471 break;
2472
2473 default:
2474 g_assert_not_reached();
2475 }
2476 }
2477
sd_read_byte(SDState * sd)2478 uint8_t sd_read_byte(SDState *sd)
2479 {
2480 /* TODO: Append CRCs */
2481 const uint8_t dummy_byte = 0x00;
2482 uint8_t ret;
2483 uint32_t io_len;
2484
2485 if (!sd->blk || !blk_is_inserted(sd->blk) || !sd->enable)
2486 return dummy_byte;
2487
2488 if (sd->state != sd_sendingdata_state) {
2489 qemu_log_mask(LOG_GUEST_ERROR,
2490 "%s: not in Sending-Data state\n", __func__);
2491 return dummy_byte;
2492 }
2493
2494 if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION)) {
2495 return dummy_byte;
2496 }
2497
2498 io_len = sd_blk_len(sd);
2499
2500 trace_sdcard_read_data(sd->proto->name,
2501 sd->last_cmd_name, sd->current_cmd,
2502 sd->data_offset, sd->data_size, io_len);
2503 switch (sd->current_cmd) {
2504 case 6: /* CMD6: SWITCH_FUNCTION */
2505 case 8: /* CMD8: SEND_EXT_CSD */
2506 case 9: /* CMD9: SEND_CSD */
2507 case 10: /* CMD10: SEND_CID */
2508 case 13: /* ACMD13: SD_STATUS */
2509 case 17: /* CMD17: READ_SINGLE_BLOCK */
2510 case 19: /* CMD19: SEND_TUNING_BLOCK (SD) */
2511 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
2512 case 30: /* CMD30: SEND_WRITE_PROT */
2513 case 51: /* ACMD51: SEND_SCR */
2514 case 56: /* CMD56: GEN_CMD */
2515 sd_generic_read_byte(sd, &ret);
2516 break;
2517
2518 case 18: /* CMD18: READ_MULTIPLE_BLOCK */
2519 if (sd->data_offset == 0) {
2520 if (!address_in_range(sd, "READ_MULTIPLE_BLOCK",
2521 sd->data_start, io_len)) {
2522 return dummy_byte;
2523 }
2524 sd_blk_read(sd, sd->data_start, io_len);
2525 }
2526 ret = sd->data[sd->data_offset ++];
2527
2528 if (sd->data_offset >= io_len) {
2529 sd->data_start += io_len;
2530 sd->data_offset = 0;
2531
2532 if (sd->multi_blk_cnt != 0) {
2533 if (--sd->multi_blk_cnt == 0) {
2534 /* Stop! */
2535 sd->state = sd_transfer_state;
2536 break;
2537 }
2538 }
2539 }
2540 break;
2541
2542 default:
2543 qemu_log_mask(LOG_GUEST_ERROR, "%s: DAT read illegal for command %s\n",
2544 __func__, sd->last_cmd_name);
2545 return dummy_byte;
2546 }
2547
2548 return ret;
2549 }
2550
sd_receive_ready(SDState * sd)2551 static bool sd_receive_ready(SDState *sd)
2552 {
2553 return sd->state == sd_receivingdata_state;
2554 }
2555
sd_data_ready(SDState * sd)2556 static bool sd_data_ready(SDState *sd)
2557 {
2558 return sd->state == sd_sendingdata_state;
2559 }
2560
sd_enable(SDState * sd,bool enable)2561 void sd_enable(SDState *sd, bool enable)
2562 {
2563 sd->enable = enable;
2564 }
2565
2566 static const SDProto sd_proto_spi = {
2567 .name = "SPI",
2568 .cmd = {
2569 [0] = {0, sd_spi, "GO_IDLE_STATE", sd_cmd_GO_IDLE_STATE},
2570 [1] = {0, sd_spi, "SEND_OP_COND", spi_cmd_SEND_OP_COND},
2571 [5] = {9, sd_spi, "IO_SEND_OP_COND", sd_cmd_optional},
2572 [6] = {10, sd_spi, "SWITCH_FUNCTION", sd_cmd_SWITCH_FUNCTION},
2573 [8] = {0, sd_spi, "SEND_IF_COND", sd_cmd_SEND_IF_COND},
2574 [9] = {0, sd_spi, "SEND_CSD", spi_cmd_SEND_CSD},
2575 [10] = {0, sd_spi, "SEND_CID", spi_cmd_SEND_CID},
2576 [12] = {0, sd_spi, "STOP_TRANSMISSION", sd_cmd_STOP_TRANSMISSION},
2577 [13] = {0, sd_spi, "SEND_STATUS", sd_cmd_SEND_STATUS},
2578 [16] = {2, sd_spi, "SET_BLOCKLEN", sd_cmd_SET_BLOCKLEN},
2579 [17] = {2, sd_spi, "READ_SINGLE_BLOCK", sd_cmd_READ_SINGLE_BLOCK},
2580 [24] = {4, sd_spi, "WRITE_SINGLE_BLOCK", sd_cmd_WRITE_SINGLE_BLOCK},
2581 [27] = {4, sd_spi, "PROGRAM_CSD", sd_cmd_PROGRAM_CSD},
2582 [28] = {6, sd_spi, "SET_WRITE_PROT", sd_cmd_SET_WRITE_PROT},
2583 [29] = {6, sd_spi, "CLR_WRITE_PROT", sd_cmd_CLR_WRITE_PROT},
2584 [30] = {6, sd_spi, "SEND_WRITE_PROT", sd_cmd_SEND_WRITE_PROT},
2585 [32] = {5, sd_spi, "ERASE_WR_BLK_START", sd_cmd_ERASE_WR_BLK_START},
2586 [33] = {5, sd_spi, "ERASE_WR_BLK_END", sd_cmd_ERASE_WR_BLK_END},
2587 [34] = {10, sd_spi, "READ_SEC_CMD", sd_cmd_optional},
2588 [35] = {10, sd_spi, "WRITE_SEC_CMD", sd_cmd_optional},
2589 [36] = {10, sd_spi, "SEND_PSI", sd_cmd_optional},
2590 [37] = {10, sd_spi, "CONTROL_ASSD_SYSTEM", sd_cmd_optional},
2591 [38] = {5, sd_spi, "ERASE", sd_cmd_ERASE},
2592 [42] = {7, sd_spi, "LOCK_UNLOCK", sd_cmd_LOCK_UNLOCK},
2593 [50] = {10, sd_spi, "DIRECT_SECURE_READ", sd_cmd_optional},
2594 [52] = {9, sd_spi, "IO_RW_DIRECT", sd_cmd_optional},
2595 [53] = {9, sd_spi, "IO_RW_EXTENDED", sd_cmd_optional},
2596 [55] = {8, sd_spi, "APP_CMD", sd_cmd_APP_CMD},
2597 [56] = {8, sd_spi, "GEN_CMD", sd_cmd_GEN_CMD},
2598 [57] = {10, sd_spi, "DIRECT_SECURE_WRITE", sd_cmd_optional},
2599 [58] = {0, sd_spi, "READ_OCR", spi_cmd_READ_OCR},
2600 [59] = {0, sd_spi, "CRC_ON_OFF", spi_cmd_CRC_ON_OFF},
2601 },
2602 .acmd = {
2603 [13] = {8, sd_spi, "SD_STATUS", sd_acmd_SD_STATUS},
2604 [22] = {8, sd_spi, "SEND_NUM_WR_BLOCKS", sd_acmd_SEND_NUM_WR_BLOCKS},
2605 [23] = {8, sd_spi, "SET_WR_BLK_ERASE_COUNT", sd_acmd_SET_WR_BLK_ERASE_COUNT},
2606 [41] = {8, sd_spi, "SEND_OP_COND", spi_cmd_SEND_OP_COND},
2607 [42] = {8, sd_spi, "SET_CLR_CARD_DETECT", sd_acmd_SET_CLR_CARD_DETECT},
2608 [51] = {8, sd_spi, "SEND_SCR", sd_acmd_SEND_SCR},
2609 },
2610 };
2611
2612 static const SDProto sd_proto_sd = {
2613 .name = "SD",
2614 .cmd = {
2615 [0] = {0, sd_bc, "GO_IDLE_STATE", sd_cmd_GO_IDLE_STATE},
2616 [2] = {0, sd_bcr, "ALL_SEND_CID", sd_cmd_ALL_SEND_CID},
2617 [3] = {0, sd_bcr, "SEND_RELATIVE_ADDR", sd_cmd_SEND_RELATIVE_ADDR},
2618 [4] = {0, sd_bc, "SEND_DSR", sd_cmd_unimplemented},
2619 [5] = {9, sd_bc, "IO_SEND_OP_COND", sd_cmd_optional},
2620 [6] = {10, sd_adtc, "SWITCH_FUNCTION", sd_cmd_SWITCH_FUNCTION},
2621 [7] = {0, sd_ac, "(DE)SELECT_CARD", sd_cmd_DE_SELECT_CARD},
2622 [8] = {0, sd_bcr, "SEND_IF_COND", sd_cmd_SEND_IF_COND},
2623 [9] = {0, sd_ac, "SEND_CSD", sd_cmd_SEND_CSD},
2624 [10] = {0, sd_ac, "SEND_CID", sd_cmd_SEND_CID},
2625 [11] = {0, sd_ac, "VOLTAGE_SWITCH", sd_cmd_optional},
2626 [12] = {0, sd_ac, "STOP_TRANSMISSION", sd_cmd_STOP_TRANSMISSION},
2627 [13] = {0, sd_ac, "SEND_STATUS", sd_cmd_SEND_STATUS},
2628 [15] = {0, sd_ac, "GO_INACTIVE_STATE", sd_cmd_GO_INACTIVE_STATE},
2629 [16] = {2, sd_ac, "SET_BLOCKLEN", sd_cmd_SET_BLOCKLEN},
2630 [17] = {2, sd_adtc, "READ_SINGLE_BLOCK", sd_cmd_READ_SINGLE_BLOCK},
2631 [19] = {2, sd_adtc, "SEND_TUNING_BLOCK", sd_cmd_SEND_TUNING_BLOCK},
2632 [20] = {2, sd_ac, "SPEED_CLASS_CONTROL", sd_cmd_optional},
2633 [23] = {2, sd_ac, "SET_BLOCK_COUNT", sd_cmd_SET_BLOCK_COUNT},
2634 [24] = {4, sd_adtc, "WRITE_SINGLE_BLOCK", sd_cmd_WRITE_SINGLE_BLOCK},
2635 [27] = {4, sd_adtc, "PROGRAM_CSD", sd_cmd_PROGRAM_CSD},
2636 [28] = {6, sd_ac, "SET_WRITE_PROT", sd_cmd_SET_WRITE_PROT},
2637 [29] = {6, sd_ac, "CLR_WRITE_PROT", sd_cmd_CLR_WRITE_PROT},
2638 [30] = {6, sd_adtc, "SEND_WRITE_PROT", sd_cmd_SEND_WRITE_PROT},
2639 [32] = {5, sd_ac, "ERASE_WR_BLK_START", sd_cmd_ERASE_WR_BLK_START},
2640 [33] = {5, sd_ac, "ERASE_WR_BLK_END", sd_cmd_ERASE_WR_BLK_END},
2641 [34] = {10, sd_adtc, "READ_SEC_CMD", sd_cmd_optional},
2642 [35] = {10, sd_adtc, "WRITE_SEC_CMD", sd_cmd_optional},
2643 [36] = {10, sd_adtc, "SEND_PSI", sd_cmd_optional},
2644 [37] = {10, sd_ac, "CONTROL_ASSD_SYSTEM", sd_cmd_optional},
2645 [38] = {5, sd_ac, "ERASE", sd_cmd_ERASE},
2646 [42] = {7, sd_adtc, "LOCK_UNLOCK", sd_cmd_LOCK_UNLOCK},
2647 [43] = {1, sd_ac, "Q_MANAGEMENT", sd_cmd_optional},
2648 [44] = {1, sd_ac, "Q_TASK_INFO_A", sd_cmd_optional},
2649 [45] = {1, sd_ac, "Q_TASK_INFO_B", sd_cmd_optional},
2650 [46] = {1, sd_adtc, "Q_RD_TASK", sd_cmd_optional},
2651 [47] = {1, sd_adtc, "Q_WR_TASK", sd_cmd_optional},
2652 [48] = {1, sd_adtc, "READ_EXTR_SINGLE", sd_cmd_optional},
2653 [49] = {1, sd_adtc, "WRITE_EXTR_SINGLE", sd_cmd_optional},
2654 [50] = {10, sd_adtc, "DIRECT_SECURE_READ", sd_cmd_optional},
2655 [52] = {9, sd_bc, "IO_RW_DIRECT", sd_cmd_optional},
2656 [53] = {9, sd_bc, "IO_RW_EXTENDED", sd_cmd_optional},
2657 [55] = {8, sd_ac, "APP_CMD", sd_cmd_APP_CMD},
2658 [56] = {8, sd_adtc, "GEN_CMD", sd_cmd_GEN_CMD},
2659 [57] = {10, sd_adtc, "DIRECT_SECURE_WRITE", sd_cmd_optional},
2660 [58] = {11, sd_adtc, "READ_EXTR_MULTI", sd_cmd_optional},
2661 [59] = {11, sd_adtc, "WRITE_EXTR_MULTI", sd_cmd_optional},
2662 },
2663 .acmd = {
2664 [6] = {8, sd_ac, "SET_BUS_WIDTH", sd_acmd_SET_BUS_WIDTH},
2665 [13] = {8, sd_adtc, "SD_STATUS", sd_acmd_SD_STATUS},
2666 [22] = {8, sd_adtc, "SEND_NUM_WR_BLOCKS", sd_acmd_SEND_NUM_WR_BLOCKS},
2667 [23] = {8, sd_ac, "SET_WR_BLK_ERASE_COUNT", sd_acmd_SET_WR_BLK_ERASE_COUNT},
2668 [41] = {8, sd_bcr, "SEND_OP_COND", sd_cmd_SEND_OP_COND},
2669 [42] = {8, sd_ac, "SET_CLR_CARD_DETECT", sd_acmd_SET_CLR_CARD_DETECT},
2670 [51] = {8, sd_adtc, "SEND_SCR", sd_acmd_SEND_SCR},
2671 },
2672 };
2673
2674 static const SDProto sd_proto_emmc = {
2675 /* Only v4.3 is supported */
2676 .name = "eMMC",
2677 .cmd = {
2678 [0] = {0, sd_bc, "GO_IDLE_STATE", sd_cmd_GO_IDLE_STATE},
2679 [1] = {0, sd_bcr, "SEND_OP_COND", sd_cmd_SEND_OP_COND},
2680 [2] = {0, sd_bcr, "ALL_SEND_CID", sd_cmd_ALL_SEND_CID},
2681 [3] = {0, sd_ac, "SET_RELATIVE_ADDR", emmc_cmd_SET_RELATIVE_ADDR},
2682 [4] = {0, sd_bc, "SEND_DSR", sd_cmd_unimplemented},
2683 [5] = {0, sd_ac, "SLEEP/AWAKE", emmc_cmd_sleep_awake},
2684 [6] = {10, sd_adtc, "SWITCH", emmc_cmd_SWITCH},
2685 [7] = {0, sd_ac, "(DE)SELECT_CARD", sd_cmd_DE_SELECT_CARD},
2686 [8] = {0, sd_adtc, "SEND_EXT_CSD", emmc_cmd_SEND_EXT_CSD},
2687 [9] = {0, sd_ac, "SEND_CSD", sd_cmd_SEND_CSD},
2688 [10] = {0, sd_ac, "SEND_CID", sd_cmd_SEND_CID},
2689 [11] = {1, sd_adtc, "READ_DAT_UNTIL_STOP", sd_cmd_unimplemented},
2690 [12] = {0, sd_ac, "STOP_TRANSMISSION", sd_cmd_STOP_TRANSMISSION},
2691 [13] = {0, sd_ac, "SEND_STATUS", sd_cmd_SEND_STATUS},
2692 [14] = {0, sd_adtc, "BUSTEST_R", sd_cmd_unimplemented},
2693 [15] = {0, sd_ac, "GO_INACTIVE_STATE", sd_cmd_GO_INACTIVE_STATE},
2694 [16] = {2, sd_ac, "SET_BLOCKLEN", sd_cmd_SET_BLOCKLEN},
2695 [17] = {2, sd_adtc, "READ_SINGLE_BLOCK", sd_cmd_READ_SINGLE_BLOCK},
2696 [19] = {0, sd_adtc, "BUSTEST_W", sd_cmd_unimplemented},
2697 [20] = {3, sd_adtc, "WRITE_DAT_UNTIL_STOP", sd_cmd_unimplemented},
2698 [23] = {2, sd_ac, "SET_BLOCK_COUNT", sd_cmd_SET_BLOCK_COUNT},
2699 [24] = {4, sd_adtc, "WRITE_SINGLE_BLOCK", sd_cmd_WRITE_SINGLE_BLOCK},
2700 [26] = {4, sd_adtc, "PROGRAM_CID", emmc_cmd_PROGRAM_CID},
2701 [27] = {4, sd_adtc, "PROGRAM_CSD", sd_cmd_PROGRAM_CSD},
2702 [28] = {6, sd_ac, "SET_WRITE_PROT", sd_cmd_SET_WRITE_PROT},
2703 [29] = {6, sd_ac, "CLR_WRITE_PROT", sd_cmd_CLR_WRITE_PROT},
2704 [30] = {6, sd_adtc, "SEND_WRITE_PROT", sd_cmd_SEND_WRITE_PROT},
2705 [31] = {6, sd_adtc, "SEND_WRITE_PROT_TYPE", sd_cmd_unimplemented},
2706 [35] = {5, sd_ac, "ERASE_WR_BLK_START", sd_cmd_ERASE_WR_BLK_START},
2707 [36] = {5, sd_ac, "ERASE_WR_BLK_END", sd_cmd_ERASE_WR_BLK_END},
2708 [38] = {5, sd_ac, "ERASE", sd_cmd_ERASE},
2709 [39] = {9, sd_ac, "FAST_IO", sd_cmd_unimplemented},
2710 [40] = {9, sd_bcr, "GO_IRQ_STATE", sd_cmd_unimplemented},
2711 [42] = {7, sd_adtc, "LOCK_UNLOCK", sd_cmd_LOCK_UNLOCK},
2712 [49] = {0, sd_adtc, "SET_TIME", sd_cmd_unimplemented},
2713 [55] = {8, sd_ac, "APP_CMD", sd_cmd_APP_CMD},
2714 [56] = {8, sd_adtc, "GEN_CMD", sd_cmd_GEN_CMD},
2715 },
2716 };
2717
sd_instance_init(Object * obj)2718 static void sd_instance_init(Object *obj)
2719 {
2720 SDState *sd = SDMMC_COMMON(obj);
2721 SDCardClass *sc = SDMMC_COMMON_GET_CLASS(sd);
2722
2723 sd->proto = sc->proto;
2724 sd->last_cmd_name = "UNSET";
2725 sd->enable = true;
2726 sd->ocr_power_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, sd_ocr_powerup, sd);
2727 }
2728
sd_instance_finalize(Object * obj)2729 static void sd_instance_finalize(Object *obj)
2730 {
2731 SDState *sd = SDMMC_COMMON(obj);
2732
2733 timer_free(sd->ocr_power_timer);
2734 }
2735
sd_realize(DeviceState * dev,Error ** errp)2736 static void sd_realize(DeviceState *dev, Error **errp)
2737 {
2738 SDState *sd = SDMMC_COMMON(dev);
2739 int ret;
2740
2741 switch (sd->spec_version) {
2742 case SD_PHY_SPECv1_10_VERS
2743 ... SD_PHY_SPECv3_01_VERS:
2744 break;
2745 default:
2746 error_setg(errp, "Invalid SD card Spec version: %u", sd->spec_version);
2747 return;
2748 }
2749
2750 if (sd->blk) {
2751 int64_t blk_size;
2752
2753 if (!blk_supports_write_perm(sd->blk)) {
2754 error_setg(errp, "Cannot use read-only drive as SD card");
2755 return;
2756 }
2757
2758 blk_size = blk_getlength(sd->blk);
2759 if (blk_size > 0 && !is_power_of_2(blk_size)) {
2760 int64_t blk_size_aligned = pow2ceil(blk_size);
2761 char *blk_size_str;
2762
2763 blk_size_str = size_to_str(blk_size);
2764 error_setg(errp, "Invalid SD card size: %s", blk_size_str);
2765 g_free(blk_size_str);
2766
2767 blk_size_str = size_to_str(blk_size_aligned);
2768 error_append_hint(errp,
2769 "SD card size has to be a power of 2, e.g. %s.\n"
2770 "You can resize disk images with"
2771 " 'qemu-img resize <imagefile> <new-size>'\n"
2772 "(note that this will lose data if you make the"
2773 " image smaller than it currently is).\n",
2774 blk_size_str);
2775 g_free(blk_size_str);
2776
2777 return;
2778 }
2779
2780 ret = blk_set_perm(sd->blk, BLK_PERM_CONSISTENT_READ | BLK_PERM_WRITE,
2781 BLK_PERM_ALL, errp);
2782 if (ret < 0) {
2783 return;
2784 }
2785 blk_set_dev_ops(sd->blk, &sd_block_ops, sd);
2786 }
2787 }
2788
emmc_realize(DeviceState * dev,Error ** errp)2789 static void emmc_realize(DeviceState *dev, Error **errp)
2790 {
2791 SDState *sd = SDMMC_COMMON(dev);
2792
2793 sd->spec_version = SD_PHY_SPECv3_01_VERS; /* Actually v4.3 */
2794
2795 sd_realize(dev, errp);
2796 }
2797
2798 static Property sdmmc_common_properties[] = {
2799 DEFINE_PROP_DRIVE("drive", SDState, blk),
2800 DEFINE_PROP_END_OF_LIST()
2801 };
2802
2803 static Property sd_properties[] = {
2804 DEFINE_PROP_UINT8("spec_version", SDState,
2805 spec_version, SD_PHY_SPECv3_01_VERS),
2806 DEFINE_PROP_END_OF_LIST()
2807 };
2808
2809 static Property emmc_properties[] = {
2810 DEFINE_PROP_UINT64("boot-partition-size", SDState, boot_part_size, 0),
2811 DEFINE_PROP_UINT8("boot-config", SDState, boot_config, 0x0),
2812 DEFINE_PROP_END_OF_LIST()
2813 };
2814
sdmmc_common_class_init(ObjectClass * klass,void * data)2815 static void sdmmc_common_class_init(ObjectClass *klass, void *data)
2816 {
2817 DeviceClass *dc = DEVICE_CLASS(klass);
2818 SDCardClass *sc = SDMMC_COMMON_CLASS(klass);
2819
2820 device_class_set_props(dc, sdmmc_common_properties);
2821 dc->vmsd = &sd_vmstate;
2822 dc->reset = sd_reset;
2823 dc->bus_type = TYPE_SD_BUS;
2824 set_bit(DEVICE_CATEGORY_STORAGE, dc->categories);
2825
2826 sc->set_voltage = sd_set_voltage;
2827 sc->get_dat_lines = sd_get_dat_lines;
2828 sc->get_cmd_line = sd_get_cmd_line;
2829 sc->do_command = sd_do_command;
2830 sc->write_byte = sd_write_byte;
2831 sc->read_byte = sd_read_byte;
2832 sc->receive_ready = sd_receive_ready;
2833 sc->data_ready = sd_data_ready;
2834 sc->enable = sd_enable;
2835 sc->get_inserted = sd_get_inserted;
2836 sc->get_readonly = sd_get_readonly;
2837 }
2838
sd_class_init(ObjectClass * klass,void * data)2839 static void sd_class_init(ObjectClass *klass, void *data)
2840 {
2841 DeviceClass *dc = DEVICE_CLASS(klass);
2842 SDCardClass *sc = SDMMC_COMMON_CLASS(klass);
2843
2844 dc->realize = sd_realize;
2845 device_class_set_props(dc, sd_properties);
2846
2847 sc->set_cid = sd_set_cid;
2848 sc->set_csd = sd_set_csd;
2849 sc->proto = &sd_proto_sd;
2850 }
2851
2852 /*
2853 * We do not model the chip select pin, so allow the board to select
2854 * whether card should be in SSI or MMC/SD mode. It is also up to the
2855 * board to ensure that ssi transfers only occur when the chip select
2856 * is asserted.
2857 */
sd_spi_class_init(ObjectClass * klass,void * data)2858 static void sd_spi_class_init(ObjectClass *klass, void *data)
2859 {
2860 DeviceClass *dc = DEVICE_CLASS(klass);
2861 SDCardClass *sc = SDMMC_COMMON_CLASS(klass);
2862
2863 dc->desc = "SD SPI";
2864 sc->proto = &sd_proto_spi;
2865 }
2866
emmc_class_init(ObjectClass * klass,void * data)2867 static void emmc_class_init(ObjectClass *klass, void *data)
2868 {
2869 DeviceClass *dc = DEVICE_CLASS(klass);
2870 SDCardClass *sc = SDMMC_COMMON_CLASS(klass);
2871
2872 dc->desc = "eMMC";
2873 dc->realize = emmc_realize;
2874 device_class_set_props(dc, emmc_properties);
2875 /* Reason: Soldered on board */
2876 dc->user_creatable = false;
2877
2878 sc->proto = &sd_proto_emmc;
2879
2880 sc->set_cid = emmc_set_cid;
2881 sc->set_csd = emmc_set_csd;
2882 }
2883
2884 static const TypeInfo sd_types[] = {
2885 {
2886 .name = TYPE_SDMMC_COMMON,
2887 .parent = TYPE_DEVICE,
2888 .abstract = true,
2889 .instance_size = sizeof(SDState),
2890 .class_size = sizeof(SDCardClass),
2891 .class_init = sdmmc_common_class_init,
2892 .instance_init = sd_instance_init,
2893 .instance_finalize = sd_instance_finalize,
2894 },
2895 {
2896 .name = TYPE_SD_CARD,
2897 .parent = TYPE_SDMMC_COMMON,
2898 .class_init = sd_class_init,
2899 },
2900 {
2901 .name = TYPE_SD_CARD_SPI,
2902 .parent = TYPE_SD_CARD,
2903 .class_init = sd_spi_class_init,
2904 },
2905 {
2906 .name = TYPE_EMMC,
2907 .parent = TYPE_SDMMC_COMMON,
2908 .class_init = emmc_class_init,
2909 },
2910 };
2911
2912 DEFINE_TYPES(sd_types)
2913