1 /* 2 * SD Memory Card emulation as defined in the "SD Memory Card Physical 3 * layer specification, Version 2.00." 4 * 5 * eMMC emulation defined in "JEDEC Standard No. 84-A43" 6 * 7 * Copyright (c) 2006 Andrzej Zaborowski <balrog@zabor.org> 8 * Copyright (c) 2007 CodeSourcery 9 * Copyright (c) 2018 Philippe Mathieu-Daudé <f4bug@amsat.org> 10 * 11 * Redistribution and use in source and binary forms, with or without 12 * modification, are permitted provided that the following conditions 13 * are met: 14 * 15 * 1. Redistributions of source code must retain the above copyright 16 * notice, this list of conditions and the following disclaimer. 17 * 2. Redistributions in binary form must reproduce the above copyright 18 * notice, this list of conditions and the following disclaimer in 19 * the documentation and/or other materials provided with the 20 * distribution. 21 * 22 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' 23 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, 24 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A 25 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR 26 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 27 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 28 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 29 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY 30 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 31 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 32 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 33 */ 34 35 #include "qemu/osdep.h" 36 #include "qemu/units.h" 37 #include "qemu/cutils.h" 38 #include "hw/irq.h" 39 #include "hw/registerfields.h" 40 #include "system/block-backend.h" 41 #include "hw/sd/sd.h" 42 #include "migration/vmstate.h" 43 #include "qapi/error.h" 44 #include "qemu/bitmap.h" 45 #include "hw/qdev-properties.h" 46 #include "hw/qdev-properties-system.h" 47 #include "qemu/error-report.h" 48 #include "qemu/timer.h" 49 #include "qemu/log.h" 50 #include "qemu/guest-random.h" 51 #include "qemu/module.h" 52 #include "sdmmc-internal.h" 53 #include "trace.h" 54 55 //#define DEBUG_SD 1 56 57 #define SDSC_MAX_CAPACITY (2 * GiB) 58 59 #define INVALID_ADDRESS UINT32_MAX 60 61 typedef enum { 62 sd_r0 = 0, /* no response */ 63 sd_r1, /* normal response command */ 64 spi_r2, /* STATUS */ 65 sd_r2_i, /* CID register */ 66 sd_r2_s, /* CSD register */ 67 sd_r3, /* OCR register */ 68 sd_r6 = 6, /* Published RCA response */ 69 sd_r7, /* Operating voltage */ 70 sd_r1b = -1, 71 sd_illegal = -2, 72 } sd_rsp_type_t; 73 74 typedef enum { 75 sd_spi, 76 sd_bc, /* broadcast -- no response */ 77 sd_bcr, /* broadcast with response */ 78 sd_ac, /* addressed -- no data transfer */ 79 sd_adtc, /* addressed with data transfer */ 80 } sd_cmd_type_t; 81 82 enum SDCardModes { 83 sd_inactive, 84 sd_card_identification_mode, 85 sd_data_transfer_mode, 86 }; 87 88 enum SDCardStates { 89 sd_waitirq_state = -2, /* emmc */ 90 sd_inactive_state = -1, 91 92 sd_idle_state = 0, 93 sd_ready_state = 1, 94 sd_identification_state = 2, 95 sd_standby_state = 3, 96 sd_transfer_state = 4, 97 sd_sendingdata_state = 5, 98 sd_receivingdata_state = 6, 99 sd_programming_state = 7, 100 sd_disconnect_state = 8, 101 sd_bus_test_state = 9, /* emmc */ 102 sd_sleep_state = 10, /* emmc */ 103 sd_io_state = 15 /* sd */ 104 }; 105 106 #define SDMMC_CMD_MAX 64 107 108 typedef sd_rsp_type_t (*sd_cmd_handler)(SDState *sd, SDRequest req); 109 110 typedef struct SDProto { 111 const char *name; 112 struct { 113 const unsigned class; 114 const sd_cmd_type_t type; 115 const char *name; 116 sd_cmd_handler handler; 117 } cmd[SDMMC_CMD_MAX], acmd[SDMMC_CMD_MAX]; 118 } SDProto; 119 120 struct SDState { 121 DeviceState parent_obj; 122 123 /* SD Memory Card Registers */ 124 uint32_t ocr; 125 uint8_t scr[8]; 126 uint8_t cid[16]; 127 uint8_t csd[16]; 128 uint16_t rca; 129 uint32_t card_status; 130 uint8_t sd_status[64]; 131 union { 132 uint8_t ext_csd[512]; 133 struct { 134 uint8_t ext_csd_rw[192]; /* Modes segment */ 135 uint8_t ext_csd_ro[320]; /* Properties segment */ 136 }; 137 }; 138 139 /* Static properties */ 140 141 uint8_t spec_version; 142 uint64_t boot_part_size; 143 BlockBackend *blk; 144 uint8_t boot_config; 145 146 const SDProto *proto; 147 148 /* Runtime changeables */ 149 150 int32_t state; /* current card state, one of SDCardStates */ 151 uint32_t vhs; 152 bool wp_switch; 153 unsigned long *wp_group_bmap; 154 int32_t wp_group_bits; 155 uint64_t size; 156 uint32_t blk_len; 157 uint32_t multi_blk_cnt; 158 uint32_t erase_start; 159 uint32_t erase_end; 160 uint8_t pwd[16]; 161 uint32_t pwd_len; 162 uint8_t function_group[6]; 163 uint8_t current_cmd; 164 const char *last_cmd_name; 165 /* True if we will handle the next command as an ACMD. Note that this does 166 * *not* track the APP_CMD status bit! 167 */ 168 bool expecting_acmd; 169 uint32_t blk_written; 170 171 uint64_t data_start; 172 uint32_t data_offset; 173 size_t data_size; 174 uint8_t data[512]; 175 QEMUTimer *ocr_power_timer; 176 uint8_t dat_lines; 177 bool cmd_line; 178 }; 179 180 static void sd_realize(DeviceState *dev, Error **errp); 181 182 static const SDProto sd_proto_spi; 183 static const SDProto sd_proto_emmc; 184 185 static bool sd_is_spi(SDState *sd) 186 { 187 return sd->proto == &sd_proto_spi; 188 } 189 190 static bool sd_is_emmc(SDState *sd) 191 { 192 return sd->proto == &sd_proto_emmc; 193 } 194 195 static const char *sd_version_str(enum SDPhySpecificationVersion version) 196 { 197 static const char *sdphy_version[] = { 198 [SD_PHY_SPECv1_10_VERS] = "v1.10", 199 [SD_PHY_SPECv2_00_VERS] = "v2.00", 200 [SD_PHY_SPECv3_01_VERS] = "v3.01", 201 }; 202 if (version >= ARRAY_SIZE(sdphy_version)) { 203 return "unsupported version"; 204 } 205 return sdphy_version[version]; 206 } 207 208 static const char *sd_mode_name(enum SDCardModes mode) 209 { 210 static const char *mode_name[] = { 211 [sd_inactive] = "inactive", 212 [sd_card_identification_mode] = "identification", 213 [sd_data_transfer_mode] = "transfer", 214 }; 215 assert(mode < ARRAY_SIZE(mode_name)); 216 return mode_name[mode]; 217 } 218 219 static const char *sd_state_name(enum SDCardStates state) 220 { 221 static const char *state_name[] = { 222 [sd_idle_state] = "idle", 223 [sd_ready_state] = "ready", 224 [sd_identification_state] = "identification", 225 [sd_standby_state] = "standby", 226 [sd_transfer_state] = "transfer", 227 [sd_sendingdata_state] = "sendingdata", 228 [sd_bus_test_state] = "bus-test", 229 [sd_receivingdata_state] = "receivingdata", 230 [sd_programming_state] = "programming", 231 [sd_disconnect_state] = "disconnect", 232 [sd_sleep_state] = "sleep", 233 [sd_io_state] = "i/o" 234 }; 235 if (state == sd_inactive_state) { 236 return "inactive"; 237 } 238 if (state == sd_waitirq_state) { 239 return "wait-irq"; 240 } 241 assert(state < ARRAY_SIZE(state_name)); 242 return state_name[state]; 243 } 244 245 static const char *sd_response_name(sd_rsp_type_t rsp) 246 { 247 static const char *response_name[] = { 248 [sd_r0] = "RESP#0 (no response)", 249 [sd_r1] = "RESP#1 (normal cmd)", 250 [spi_r2] = "RESP#2 (STATUS reg)", 251 [sd_r2_i] = "RESP#2 (CID reg)", 252 [sd_r2_s] = "RESP#2 (CSD reg)", 253 [sd_r3] = "RESP#3 (OCR reg)", 254 [sd_r6] = "RESP#6 (RCA)", 255 [sd_r7] = "RESP#7 (operating voltage)", 256 }; 257 if (rsp == sd_illegal) { 258 return "ILLEGAL RESP"; 259 } 260 if (rsp == sd_r1b) { 261 rsp = sd_r1; 262 } 263 assert(rsp < ARRAY_SIZE(response_name)); 264 return response_name[rsp]; 265 } 266 267 static const char *sd_cmd_name(SDState *sd, uint8_t cmd) 268 { 269 static const char *cmd_abbrev[SDMMC_CMD_MAX] = { 270 [18] = "READ_MULTIPLE_BLOCK", 271 [25] = "WRITE_MULTIPLE_BLOCK", 272 }; 273 const SDProto *sdp = sd->proto; 274 275 if (sdp->cmd[cmd].handler) { 276 assert(!cmd_abbrev[cmd]); 277 return sdp->cmd[cmd].name; 278 } 279 return cmd_abbrev[cmd] ? cmd_abbrev[cmd] : "UNKNOWN_CMD"; 280 } 281 282 static const char *sd_acmd_name(SDState *sd, uint8_t cmd) 283 { 284 const SDProto *sdp = sd->proto; 285 286 if (sdp->acmd[cmd].handler) { 287 return sdp->acmd[cmd].name; 288 } 289 290 return "UNKNOWN_ACMD"; 291 } 292 293 static uint8_t sd_get_dat_lines(SDState *sd) 294 { 295 return sd->dat_lines; 296 } 297 298 static bool sd_get_cmd_line(SDState *sd) 299 { 300 return sd->cmd_line; 301 } 302 303 static void sd_set_voltage(SDState *sd, uint16_t millivolts) 304 { 305 trace_sdcard_set_voltage(millivolts); 306 307 switch (millivolts) { 308 case 3001 ... 3600: /* SD_VOLTAGE_3_3V */ 309 case 2001 ... 3000: /* SD_VOLTAGE_3_0V */ 310 break; 311 default: 312 qemu_log_mask(LOG_GUEST_ERROR, "SD card voltage not supported: %.3fV", 313 millivolts / 1000.f); 314 } 315 } 316 317 static enum SDCardModes sd_mode(SDState *sd) 318 { 319 switch (sd->state) { 320 case sd_inactive_state: 321 return sd_inactive; 322 case sd_idle_state: 323 case sd_ready_state: 324 case sd_identification_state: 325 return sd_card_identification_mode; 326 case sd_standby_state: 327 case sd_transfer_state: 328 case sd_sendingdata_state: 329 case sd_receivingdata_state: 330 case sd_programming_state: 331 case sd_disconnect_state: 332 return sd_data_transfer_mode; 333 default: 334 g_assert_not_reached(); 335 } 336 } 337 338 static uint8_t sd_crc7(const void *message, size_t width) 339 { 340 int i, bit; 341 uint8_t shift_reg = 0x00; 342 const uint8_t *msg = (const uint8_t *)message; 343 344 for (i = 0; i < width; i ++, msg ++) 345 for (bit = 7; bit >= 0; bit --) { 346 shift_reg <<= 1; 347 if ((shift_reg >> 7) ^ ((*msg >> bit) & 1)) 348 shift_reg ^= 0x89; 349 } 350 351 return shift_reg; 352 } 353 354 /* Operation Conditions register */ 355 356 #define OCR_POWER_DELAY_NS 500000 /* 0.5ms */ 357 358 FIELD(OCR, VDD_VOLTAGE_WINDOW, 0, 24) 359 FIELD(OCR, VDD_VOLTAGE_WIN_LO, 0, 8) 360 FIELD(OCR, DUAL_VOLTAGE_CARD, 7, 1) 361 FIELD(OCR, VDD_VOLTAGE_WIN_HI, 8, 16) 362 FIELD(OCR, ACCEPT_SWITCH_1V8, 24, 1) /* Only UHS-I */ 363 FIELD(OCR, UHS_II_CARD, 29, 1) /* Only UHS-II */ 364 FIELD(OCR, CARD_CAPACITY, 30, 1) /* 0:SDSC, 1:SDHC/SDXC */ 365 FIELD(OCR, CARD_POWER_UP, 31, 1) 366 367 #define ACMD41_ENQUIRY_MASK 0x00ffffff 368 #define ACMD41_R3_MASK (R_OCR_VDD_VOLTAGE_WIN_HI_MASK \ 369 | R_OCR_ACCEPT_SWITCH_1V8_MASK \ 370 | R_OCR_UHS_II_CARD_MASK \ 371 | R_OCR_CARD_CAPACITY_MASK \ 372 | R_OCR_CARD_POWER_UP_MASK) 373 374 static void sd_ocr_powerup(void *opaque) 375 { 376 SDState *sd = opaque; 377 378 trace_sdcard_powerup(); 379 assert(!FIELD_EX32(sd->ocr, OCR, CARD_POWER_UP)); 380 381 /* card power-up OK */ 382 sd->ocr = FIELD_DP32(sd->ocr, OCR, CARD_POWER_UP, 1); 383 384 if (sd->size > SDSC_MAX_CAPACITY) { 385 sd->ocr = FIELD_DP32(sd->ocr, OCR, CARD_CAPACITY, 1); 386 } 387 } 388 389 static void sd_set_ocr(SDState *sd) 390 { 391 /* All voltages OK */ 392 sd->ocr = R_OCR_VDD_VOLTAGE_WIN_HI_MASK; 393 394 if (sd_is_spi(sd)) { 395 /* 396 * We don't need to emulate power up sequence in SPI-mode. 397 * Thus, the card's power up status bit should be set to 1 when reset. 398 * The card's capacity status bit should also be set if SD card size 399 * is larger than 2GB for SDHC support. 400 */ 401 sd_ocr_powerup(sd); 402 } 403 } 404 405 /* SD Configuration register */ 406 407 static void sd_set_scr(SDState *sd) 408 { 409 sd->scr[0] = 0 << 4; /* SCR structure version 1.0 */ 410 if (sd->spec_version == SD_PHY_SPECv1_10_VERS) { 411 sd->scr[0] |= 1; /* Spec Version 1.10 */ 412 } else { 413 sd->scr[0] |= 2; /* Spec Version 2.00 or Version 3.0X */ 414 } 415 sd->scr[1] = (2 << 4) /* SDSC Card (Security Version 1.01) */ 416 | 0b0101; /* 1-bit or 4-bit width bus modes */ 417 sd->scr[2] = 0x00; /* Extended Security is not supported. */ 418 if (sd->spec_version >= SD_PHY_SPECv3_01_VERS) { 419 sd->scr[2] |= 1 << 7; /* Spec Version 3.0X */ 420 } 421 sd->scr[3] = 0x00; 422 /* reserved for manufacturer usage */ 423 sd->scr[4] = 0x00; 424 sd->scr[5] = 0x00; 425 sd->scr[6] = 0x00; 426 sd->scr[7] = 0x00; 427 } 428 429 /* Card IDentification register */ 430 431 #define MID 0xaa 432 #define OID "XY" 433 #define PNM "QEMU!" 434 #define PRV 0x01 435 #define MDT_YR 2006 436 #define MDT_MON 2 437 438 static void sd_set_cid(SDState *sd) 439 { 440 sd->cid[0] = MID; /* Fake card manufacturer ID (MID) */ 441 sd->cid[1] = OID[0]; /* OEM/Application ID (OID) */ 442 sd->cid[2] = OID[1]; 443 sd->cid[3] = PNM[0]; /* Fake product name (PNM) */ 444 sd->cid[4] = PNM[1]; 445 sd->cid[5] = PNM[2]; 446 sd->cid[6] = PNM[3]; 447 sd->cid[7] = PNM[4]; 448 sd->cid[8] = PRV; /* Fake product revision (PRV) */ 449 stl_be_p(&sd->cid[9], 0xdeadbeef); /* Fake serial number (PSN) */ 450 sd->cid[13] = 0x00 | /* Manufacture date (MDT) */ 451 ((MDT_YR - 2000) / 10); 452 sd->cid[14] = ((MDT_YR % 10) << 4) | MDT_MON; 453 sd->cid[15] = (sd_crc7(sd->cid, 15) << 1) | 1; 454 } 455 456 static void emmc_set_cid(SDState *sd) 457 { 458 sd->cid[0] = MID; /* Fake card manufacturer ID (MID) */ 459 sd->cid[1] = 0b01; /* CBX: soldered BGA */ 460 sd->cid[2] = OID[0]; /* OEM/Application ID (OID) */ 461 sd->cid[3] = PNM[0]; /* Fake product name (PNM) */ 462 sd->cid[4] = PNM[1]; 463 sd->cid[5] = PNM[2]; 464 sd->cid[6] = PNM[3]; 465 sd->cid[7] = PNM[4]; 466 sd->cid[8] = PNM[4]; 467 sd->cid[9] = PRV; /* Fake product revision (PRV) */ 468 stl_be_p(&sd->cid[10], 0xdeadbeef); /* Fake serial number (PSN) */ 469 sd->cid[14] = (MDT_MON << 4) | (MDT_YR - 1997); /* Manufacture date (MDT) */ 470 sd->cid[15] = (sd_crc7(sd->cid, 15) << 1) | 1; 471 } 472 473 /* Card-Specific Data register */ 474 475 #define HWBLOCK_SHIFT 9 /* 512 bytes */ 476 #define SECTOR_SHIFT 5 /* 16 kilobytes */ 477 #define WPGROUP_SHIFT 7 /* 2 megs */ 478 #define CMULT_SHIFT 9 /* 512 times HWBLOCK_SIZE */ 479 #define WPGROUP_SIZE (1 << (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT)) 480 481 static const uint8_t sd_csd_rw_mask[16] = { 482 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 483 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xfc, 0xfe, 484 }; 485 486 static void emmc_set_ext_csd(SDState *sd, uint64_t size) 487 { 488 uint32_t sectcount = size >> HWBLOCK_SHIFT; 489 490 memset(sd->ext_csd, 0, sizeof(sd->ext_csd)); /* FIXME only RW at reset */ 491 492 /* Properties segment (RO) */ 493 sd->ext_csd[EXT_CSD_S_CMD_SET] = 0b1; /* supported command sets */ 494 sd->ext_csd[EXT_CSD_BOOT_INFO] = 0x0; /* Boot information */ 495 /* Boot partition size. 128KB unit */ 496 sd->ext_csd[EXT_CSD_BOOT_MULT] = sd->boot_part_size / (128 * KiB); 497 sd->ext_csd[EXT_CSD_ACC_SIZE] = 0x1; /* Access size */ 498 sd->ext_csd[EXT_CSD_HC_ERASE_GRP_SIZE] = 0x01; /* HC Erase unit size */ 499 sd->ext_csd[EXT_CSD_ERASE_TIMEOUT_MULT] = 0x01; /* HC erase timeout */ 500 sd->ext_csd[EXT_CSD_REL_WR_SEC_C] = 0x1; /* Reliable write sector count */ 501 sd->ext_csd[EXT_CSD_HC_WP_GRP_SIZE] = 0x01; /* HC write protect group size */ 502 sd->ext_csd[EXT_CSD_S_C_VCC] = 0x01; /* Sleep current VCC */ 503 sd->ext_csd[EXT_CSD_S_C_VCCQ] = 0x01; /* Sleep current VCCQ */ 504 sd->ext_csd[EXT_CSD_S_A_TIMEOUT] = 0x01; /* Sleep/Awake timeout */ 505 stl_le_p(&sd->ext_csd[EXT_CSD_SEC_CNT], sectcount); /* Sector count */ 506 sd->ext_csd[210] = 0x46; /* Min write perf for 8bit@52Mhz */ 507 sd->ext_csd[209] = 0x46; /* Min read perf for 8bit@52Mhz */ 508 sd->ext_csd[208] = 0x46; /* Min write perf for 4bit@52Mhz */ 509 sd->ext_csd[207] = 0x46; /* Min read perf for 4bit@52Mhz */ 510 sd->ext_csd[206] = 0x46; /* Min write perf for 4bit@26Mhz */ 511 sd->ext_csd[205] = 0x46; /* Min read perf for 4bit@26Mhz */ 512 sd->ext_csd[EXT_CSD_CARD_TYPE] = 0b11; 513 sd->ext_csd[EXT_CSD_STRUCTURE] = 2; 514 sd->ext_csd[EXT_CSD_REV] = 3; 515 516 /* Mode segment (RW) */ 517 sd->ext_csd[EXT_CSD_PART_CONFIG] = sd->boot_config; 518 } 519 520 static void emmc_set_csd(SDState *sd, uint64_t size) 521 { 522 int hwblock_shift = HWBLOCK_SHIFT; 523 uint32_t sectsize = (1 << (SECTOR_SHIFT + 1)) - 1; 524 uint32_t wpsize = (1 << (WPGROUP_SHIFT + 1)) - 1; 525 526 sd->csd[0] = (3 << 6) | (4 << 2); /* Spec v4.3 with EXT_CSD */ 527 sd->csd[1] = (1 << 3) | 6; /* Asynchronous data access time: 1ms */ 528 sd->csd[2] = 0x00; 529 sd->csd[3] = (1 << 3) | 3;; /* Maximum bus clock frequency: 100MHz */ 530 sd->csd[4] = 0x0f; 531 if (size <= 2 * GiB) { 532 /* use 1k blocks */ 533 uint32_t csize1k = (size >> (CMULT_SHIFT + 10)) - 1; 534 sd->csd[5] = 0x5a; 535 sd->csd[6] = 0x80 | ((csize1k >> 10) & 0xf); 536 sd->csd[7] = (csize1k >> 2) & 0xff; 537 } else { /* >= 2GB : size stored in ext CSD, block addressing */ 538 sd->csd[5] = 0x59; 539 sd->csd[6] = 0x8f; 540 sd->csd[7] = 0xff; 541 sd->ocr = FIELD_DP32(sd->ocr, OCR, CARD_CAPACITY, 1); 542 } 543 sd->csd[8] = 0xff; 544 sd->csd[9] = 0xfc | /* Max. write current */ 545 ((CMULT_SHIFT - 2) >> 1); 546 sd->csd[10] = 0x40 | /* Erase sector size */ 547 (((CMULT_SHIFT - 2) << 7) & 0x80) | (sectsize >> 1); 548 sd->csd[11] = 0x00 | /* Write protect group size */ 549 ((sectsize << 7) & 0x80) | wpsize; 550 sd->csd[12] = 0x90 | /* Write speed factor */ 551 (hwblock_shift >> 2); 552 sd->csd[13] = 0x20 | /* Max. write data block length */ 553 ((hwblock_shift << 6) & 0xc0); 554 sd->csd[14] = 0x00; 555 sd->csd[15] = (sd_crc7(sd->csd, 15) << 1) | 1; 556 emmc_set_ext_csd(sd, size); 557 } 558 559 static void sd_set_csd(SDState *sd, uint64_t size) 560 { 561 int hwblock_shift = HWBLOCK_SHIFT; 562 uint32_t csize; 563 uint32_t sectsize = (1 << (SECTOR_SHIFT + 1)) - 1; 564 uint32_t wpsize = (1 << (WPGROUP_SHIFT + 1)) - 1; 565 566 /* To indicate 2 GiB card, BLOCK_LEN shall be 1024 bytes */ 567 if (size == SDSC_MAX_CAPACITY) { 568 hwblock_shift += 1; 569 } 570 csize = (size >> (CMULT_SHIFT + hwblock_shift)) - 1; 571 572 if (size <= SDSC_MAX_CAPACITY) { /* Standard Capacity SD */ 573 sd->csd[0] = 0x00; /* CSD structure */ 574 sd->csd[1] = 0x26; /* Data read access-time-1 */ 575 sd->csd[2] = 0x00; /* Data read access-time-2 */ 576 sd->csd[3] = 0x32; /* Max. data transfer rate: 25 MHz */ 577 sd->csd[4] = 0x5f; /* Card Command Classes */ 578 sd->csd[5] = 0x50 | /* Max. read data block length */ 579 hwblock_shift; 580 sd->csd[6] = 0xe0 | /* Partial block for read allowed */ 581 ((csize >> 10) & 0x03); 582 sd->csd[7] = 0x00 | /* Device size */ 583 ((csize >> 2) & 0xff); 584 sd->csd[8] = 0x3f | /* Max. read current */ 585 ((csize << 6) & 0xc0); 586 sd->csd[9] = 0xfc | /* Max. write current */ 587 ((CMULT_SHIFT - 2) >> 1); 588 sd->csd[10] = 0x40 | /* Erase sector size */ 589 (((CMULT_SHIFT - 2) << 7) & 0x80) | (sectsize >> 1); 590 sd->csd[11] = 0x00 | /* Write protect group size */ 591 ((sectsize << 7) & 0x80) | wpsize; 592 sd->csd[12] = 0x90 | /* Write speed factor */ 593 (hwblock_shift >> 2); 594 sd->csd[13] = 0x20 | /* Max. write data block length */ 595 ((hwblock_shift << 6) & 0xc0); 596 sd->csd[14] = 0x00; /* File format group */ 597 } else { /* SDHC */ 598 size /= 512 * KiB; 599 size -= 1; 600 sd->csd[0] = 0x40; 601 sd->csd[1] = 0x0e; 602 sd->csd[2] = 0x00; 603 sd->csd[3] = 0x32; 604 sd->csd[4] = 0x5b; 605 sd->csd[5] = 0x59; 606 sd->csd[6] = 0x00; 607 st24_be_p(&sd->csd[7], size); 608 sd->csd[10] = 0x7f; 609 sd->csd[11] = 0x80; 610 sd->csd[12] = 0x0a; 611 sd->csd[13] = 0x40; 612 sd->csd[14] = 0x00; 613 } 614 sd->csd[15] = (sd_crc7(sd->csd, 15) << 1) | 1; 615 } 616 617 /* Relative Card Address register */ 618 619 static void sd_set_rca(SDState *sd, uint16_t value) 620 { 621 trace_sdcard_set_rca(value); 622 sd->rca = value; 623 } 624 625 static uint16_t sd_req_get_rca(SDState *s, SDRequest req) 626 { 627 switch (s->proto->cmd[req.cmd].type) { 628 case sd_ac: 629 case sd_adtc: 630 return req.arg >> 16; 631 case sd_spi: 632 default: 633 g_assert_not_reached(); 634 } 635 } 636 637 static bool sd_req_rca_same(SDState *s, SDRequest req) 638 { 639 return sd_req_get_rca(s, req) == s->rca; 640 } 641 642 /* Card Status register */ 643 644 FIELD(CSR, AKE_SEQ_ERROR, 3, 1) 645 FIELD(CSR, APP_CMD, 5, 1) 646 FIELD(CSR, FX_EVENT, 6, 1) 647 FIELD(CSR, SWITCH_ERROR, 7, 1) 648 FIELD(CSR, READY_FOR_DATA, 8, 1) 649 FIELD(CSR, CURRENT_STATE, 9, 4) 650 FIELD(CSR, ERASE_RESET, 13, 1) 651 FIELD(CSR, CARD_ECC_DISABLED, 14, 1) 652 FIELD(CSR, WP_ERASE_SKIP, 15, 1) 653 FIELD(CSR, CSD_OVERWRITE, 16, 1) 654 FIELD(CSR, DEFERRED_RESPONSE, 17, 1) 655 FIELD(CSR, ERROR, 19, 1) 656 FIELD(CSR, CC_ERROR, 20, 1) 657 FIELD(CSR, CARD_ECC_FAILED, 21, 1) 658 FIELD(CSR, ILLEGAL_COMMAND, 22, 1) 659 FIELD(CSR, COM_CRC_ERROR, 23, 1) 660 FIELD(CSR, LOCK_UNLOCK_FAILED, 24, 1) 661 FIELD(CSR, CARD_IS_LOCKED, 25, 1) 662 FIELD(CSR, WP_VIOLATION, 26, 1) 663 FIELD(CSR, ERASE_PARAM, 27, 1) 664 FIELD(CSR, ERASE_SEQ_ERROR, 28, 1) 665 FIELD(CSR, BLOCK_LEN_ERROR, 29, 1) 666 FIELD(CSR, ADDRESS_ERROR, 30, 1) 667 FIELD(CSR, OUT_OF_RANGE, 31, 1) 668 669 /* Card status bits, split by clear condition: 670 * A : According to the card current state 671 * B : Always related to the previous command 672 * C : Cleared by read 673 */ 674 #define CARD_STATUS_A (R_CSR_READY_FOR_DATA_MASK \ 675 | R_CSR_CARD_ECC_DISABLED_MASK \ 676 | R_CSR_CARD_IS_LOCKED_MASK) 677 #define CARD_STATUS_B (R_CSR_CURRENT_STATE_MASK \ 678 | R_CSR_ILLEGAL_COMMAND_MASK \ 679 | R_CSR_COM_CRC_ERROR_MASK) 680 #define CARD_STATUS_C (R_CSR_AKE_SEQ_ERROR_MASK \ 681 | R_CSR_APP_CMD_MASK \ 682 | R_CSR_ERASE_RESET_MASK \ 683 | R_CSR_WP_ERASE_SKIP_MASK \ 684 | R_CSR_CSD_OVERWRITE_MASK \ 685 | R_CSR_ERROR_MASK \ 686 | R_CSR_CC_ERROR_MASK \ 687 | R_CSR_CARD_ECC_FAILED_MASK \ 688 | R_CSR_LOCK_UNLOCK_FAILED_MASK \ 689 | R_CSR_WP_VIOLATION_MASK \ 690 | R_CSR_ERASE_PARAM_MASK \ 691 | R_CSR_ERASE_SEQ_ERROR_MASK \ 692 | R_CSR_BLOCK_LEN_ERROR_MASK \ 693 | R_CSR_ADDRESS_ERROR_MASK \ 694 | R_CSR_OUT_OF_RANGE_MASK) 695 696 static void sd_set_cardstatus(SDState *sd) 697 { 698 sd->card_status = READY_FOR_DATA; 699 } 700 701 static void sd_set_sdstatus(SDState *sd) 702 { 703 memset(sd->sd_status, 0, 64); 704 } 705 706 static const uint8_t sd_tuning_block_pattern4[64] = { 707 /* 708 * See: Physical Layer Simplified Specification Version 3.01, 709 * Table 4-2. 710 */ 711 0xff, 0x0f, 0xff, 0x00, 0x0f, 0xfc, 0xc3, 0xcc, 712 0xc3, 0x3c, 0xcc, 0xff, 0xfe, 0xff, 0xfe, 0xef, 713 0xff, 0xdf, 0xff, 0xdd, 0xff, 0xfb, 0xff, 0xfb, 714 0xbf, 0xff, 0x7f, 0xff, 0x77, 0xf7, 0xbd, 0xef, 715 0xff, 0xf0, 0xff, 0xf0, 0x0f, 0xfc, 0xcc, 0x3c, 716 0xcc, 0x33, 0xcc, 0xcf, 0xff, 0xef, 0xff, 0xee, 717 0xff, 0xfd, 0xff, 0xfd, 0xdf, 0xff, 0xbf, 0xff, 718 0xbb, 0xff, 0xf7, 0xff, 0xf7, 0x7f, 0x7b, 0xde 719 }; 720 721 static int sd_req_crc_validate(SDRequest *req) 722 { 723 uint8_t buffer[5]; 724 buffer[0] = 0x40 | req->cmd; 725 stl_be_p(&buffer[1], req->arg); 726 return 0; 727 return sd_crc7(buffer, 5) != req->crc; /* TODO */ 728 } 729 730 static size_t sd_response_size(SDState *sd, sd_rsp_type_t rtype) 731 { 732 switch (rtype) { 733 case sd_r1: 734 case sd_r1b: 735 return sd_is_spi(sd) ? 1 : 4; 736 737 case spi_r2: 738 assert(sd_is_spi(sd)); 739 return 2; 740 741 case sd_r2_i: 742 case sd_r2_s: 743 assert(!sd_is_spi(sd)); 744 return 16; 745 746 case sd_r3: 747 case sd_r7: 748 return sd_is_spi(sd) ? 5 : 4; 749 750 case sd_r6: 751 assert(!sd_is_spi(sd)); 752 return 4; 753 754 case sd_r0: 755 case sd_illegal: 756 return sd_is_spi(sd) ? 1 : 0; 757 758 default: 759 g_assert_not_reached(); 760 } 761 } 762 763 static void sd_response_r1_make(SDState *sd, uint8_t *response) 764 { 765 if (sd_is_spi(sd)) { 766 response[0] = sd->state == sd_idle_state 767 && !FIELD_EX32(sd->ocr, OCR, CARD_POWER_UP); 768 response[0] |= FIELD_EX32(sd->card_status, CSR, ERASE_RESET) << 1; 769 response[0] |= FIELD_EX32(sd->card_status, CSR, ILLEGAL_COMMAND) << 2; 770 response[0] |= FIELD_EX32(sd->card_status, CSR, COM_CRC_ERROR) << 3; 771 response[0] |= FIELD_EX32(sd->card_status, CSR, ERASE_SEQ_ERROR) << 4; 772 response[0] |= FIELD_EX32(sd->card_status, CSR, ADDRESS_ERROR) << 5; 773 response[0] |= FIELD_EX32(sd->card_status, CSR, BLOCK_LEN_ERROR) << 6; 774 response[0] |= 0 << 7; 775 } else { 776 stl_be_p(response, sd->card_status); 777 } 778 779 /* Clear the "clear on read" status bits */ 780 sd->card_status &= ~CARD_STATUS_C; 781 } 782 783 static void spi_response_r2_make(SDState *sd, uint8_t *resp) 784 { 785 /* Prepend R1 */ 786 sd_response_r1_make(sd, resp); 787 788 resp[1] = FIELD_EX32(sd->card_status, CSR, CARD_IS_LOCKED) << 0; 789 resp[1] |= (FIELD_EX32(sd->card_status, CSR, LOCK_UNLOCK_FAILED) 790 || FIELD_EX32(sd->card_status, CSR, WP_ERASE_SKIP)) << 1; 791 resp[1] |= FIELD_EX32(sd->card_status, CSR, ERROR) << 2; 792 resp[1] |= FIELD_EX32(sd->card_status, CSR, CC_ERROR) << 3; 793 resp[1] |= FIELD_EX32(sd->card_status, CSR, CARD_ECC_FAILED) << 4; 794 resp[1] |= FIELD_EX32(sd->card_status, CSR, WP_VIOLATION) << 5; 795 resp[1] |= FIELD_EX32(sd->card_status, CSR, ERASE_PARAM) << 6; 796 resp[1] |= FIELD_EX32(sd->card_status, CSR, OUT_OF_RANGE) << 7; 797 } 798 799 static void sd_response_r3_make(SDState *sd, uint8_t *response) 800 { 801 if (sd_is_spi(sd)) { 802 /* Prepend R1 */ 803 sd_response_r1_make(sd, response); 804 response++; 805 } 806 stl_be_p(response, sd->ocr & ACMD41_R3_MASK); 807 } 808 809 static void sd_response_r6_make(SDState *sd, uint8_t *response) 810 { 811 uint16_t status; 812 813 status = ((sd->card_status >> 8) & 0xc000) | 814 ((sd->card_status >> 6) & 0x2000) | 815 (sd->card_status & 0x1fff); 816 sd->card_status &= ~(CARD_STATUS_C & 0xc81fff); 817 stw_be_p(response + 0, sd->rca); 818 stw_be_p(response + 2, status); 819 } 820 821 static void sd_response_r7_make(SDState *sd, uint8_t *response) 822 { 823 if (sd_is_spi(sd)) { 824 /* Prepend R1 */ 825 sd_response_r1_make(sd, response); 826 response++; 827 } 828 stl_be_p(response, sd->vhs); 829 } 830 831 static uint32_t sd_blk_len(SDState *sd) 832 { 833 if (FIELD_EX32(sd->ocr, OCR, CARD_CAPACITY)) { 834 return 1 << HWBLOCK_SHIFT; 835 } 836 return sd->blk_len; 837 } 838 839 /* 840 * This requires a disk image that has two boot partitions inserted at the 841 * beginning of it. The size of the boot partitions is the "boot-size" 842 * property. 843 */ 844 static uint32_t sd_bootpart_offset(SDState *sd) 845 { 846 unsigned partition_access; 847 848 if (!sd->boot_part_size || !sd_is_emmc(sd)) { 849 return 0; 850 } 851 852 partition_access = sd->ext_csd[EXT_CSD_PART_CONFIG] 853 & EXT_CSD_PART_CONFIG_ACC_MASK; 854 switch (partition_access) { 855 case EXT_CSD_PART_CONFIG_ACC_DEFAULT: 856 return sd->boot_part_size * 2; 857 case EXT_CSD_PART_CONFIG_ACC_BOOT0: 858 return 0; 859 case EXT_CSD_PART_CONFIG_ACC_BOOT0 + 1: 860 return sd->boot_part_size * 1; 861 default: 862 g_assert_not_reached(); 863 } 864 } 865 866 static uint64_t sd_req_get_address(SDState *sd, SDRequest req) 867 { 868 uint64_t addr; 869 870 if (FIELD_EX32(sd->ocr, OCR, CARD_CAPACITY)) { 871 addr = (uint64_t) req.arg << HWBLOCK_SHIFT; 872 } else { 873 addr = req.arg; 874 } 875 trace_sdcard_req_addr(req.arg, addr); 876 return addr; 877 } 878 879 static inline uint64_t sd_addr_to_wpnum(uint64_t addr) 880 { 881 return addr >> (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT); 882 } 883 884 static void sd_reset(DeviceState *dev) 885 { 886 SDState *sd = SDMMC_COMMON(dev); 887 SDCardClass *sc = SDMMC_COMMON_GET_CLASS(sd); 888 uint64_t size; 889 uint64_t sect; 890 891 trace_sdcard_reset(); 892 if (sd->blk) { 893 blk_get_geometry(sd->blk, §); 894 } else { 895 sect = 0; 896 } 897 size = sect << HWBLOCK_SHIFT; 898 if (sd_is_emmc(sd)) { 899 size -= sd->boot_part_size * 2; 900 } 901 902 sect = sd_addr_to_wpnum(size) + 1; 903 904 sd->state = sd_idle_state; 905 906 /* card registers */ 907 sd->rca = sd_is_emmc(sd) ? 0x0001 : 0x0000; 908 sd->size = size; 909 sd_set_ocr(sd); 910 sd_set_scr(sd); 911 sc->set_cid(sd); 912 sc->set_csd(sd, size); 913 sd_set_cardstatus(sd); 914 sd_set_sdstatus(sd); 915 916 g_free(sd->wp_group_bmap); 917 sd->wp_switch = sd->blk ? !blk_is_writable(sd->blk) : false; 918 sd->wp_group_bits = sect; 919 sd->wp_group_bmap = bitmap_new(sd->wp_group_bits); 920 memset(sd->function_group, 0, sizeof(sd->function_group)); 921 sd->erase_start = INVALID_ADDRESS; 922 sd->erase_end = INVALID_ADDRESS; 923 sd->blk_len = 0x200; 924 sd->pwd_len = 0; 925 sd->expecting_acmd = false; 926 sd->dat_lines = 0xf; 927 sd->cmd_line = true; 928 sd->multi_blk_cnt = 0; 929 } 930 931 static bool sd_get_inserted(SDState *sd) 932 { 933 return sd->blk && blk_is_inserted(sd->blk); 934 } 935 936 static bool sd_get_readonly(SDState *sd) 937 { 938 return sd->wp_switch; 939 } 940 941 static void sd_cardchange(void *opaque, bool load, Error **errp) 942 { 943 SDState *sd = opaque; 944 DeviceState *dev = DEVICE(sd); 945 SDBus *sdbus; 946 bool inserted = sd_get_inserted(sd); 947 bool readonly = sd_get_readonly(sd); 948 949 if (inserted) { 950 trace_sdcard_inserted(readonly); 951 sd_reset(dev); 952 } else { 953 trace_sdcard_ejected(); 954 } 955 956 sdbus = SD_BUS(qdev_get_parent_bus(dev)); 957 sdbus_set_inserted(sdbus, inserted); 958 if (inserted) { 959 sdbus_set_readonly(sdbus, readonly); 960 } 961 } 962 963 static const BlockDevOps sd_block_ops = { 964 .change_media_cb = sd_cardchange, 965 }; 966 967 static bool sd_ocr_vmstate_needed(void *opaque) 968 { 969 SDState *sd = opaque; 970 971 /* Include the OCR state (and timer) if it is not yet powered up */ 972 return !FIELD_EX32(sd->ocr, OCR, CARD_POWER_UP); 973 } 974 975 static const VMStateDescription sd_ocr_vmstate = { 976 .name = "sd-card/ocr-state", 977 .version_id = 1, 978 .minimum_version_id = 1, 979 .needed = sd_ocr_vmstate_needed, 980 .fields = (const VMStateField[]) { 981 VMSTATE_UINT32(ocr, SDState), 982 VMSTATE_TIMER_PTR(ocr_power_timer, SDState), 983 VMSTATE_END_OF_LIST() 984 }, 985 }; 986 987 static bool vmstate_needed_for_emmc(void *opaque) 988 { 989 SDState *sd = opaque; 990 991 return sd_is_emmc(sd); 992 } 993 994 static const VMStateDescription emmc_extcsd_vmstate = { 995 .name = "sd-card/ext_csd_modes-state", 996 .version_id = 1, 997 .minimum_version_id = 1, 998 .needed = vmstate_needed_for_emmc, 999 .fields = (const VMStateField[]) { 1000 VMSTATE_UINT8_ARRAY(ext_csd_rw, SDState, 192), 1001 VMSTATE_END_OF_LIST() 1002 }, 1003 }; 1004 1005 static int sd_vmstate_pre_load(void *opaque) 1006 { 1007 SDState *sd = opaque; 1008 1009 /* If the OCR state is not included (prior versions, or not 1010 * needed), then the OCR must be set as powered up. If the OCR state 1011 * is included, this will be replaced by the state restore. 1012 */ 1013 sd_ocr_powerup(sd); 1014 1015 return 0; 1016 } 1017 1018 static const VMStateDescription sd_vmstate = { 1019 .name = "sd-card", 1020 .version_id = 2, 1021 .minimum_version_id = 2, 1022 .pre_load = sd_vmstate_pre_load, 1023 .fields = (const VMStateField[]) { 1024 VMSTATE_UNUSED(4), 1025 VMSTATE_INT32(state, SDState), 1026 VMSTATE_UINT8_ARRAY(cid, SDState, 16), 1027 VMSTATE_UINT8_ARRAY(csd, SDState, 16), 1028 VMSTATE_UINT16(rca, SDState), 1029 VMSTATE_UINT32(card_status, SDState), 1030 VMSTATE_PARTIAL_BUFFER(sd_status, SDState, 1), 1031 VMSTATE_UINT32(vhs, SDState), 1032 VMSTATE_BITMAP(wp_group_bmap, SDState, 0, wp_group_bits), 1033 VMSTATE_UINT32(blk_len, SDState), 1034 VMSTATE_UINT32(multi_blk_cnt, SDState), 1035 VMSTATE_UINT32(erase_start, SDState), 1036 VMSTATE_UINT32(erase_end, SDState), 1037 VMSTATE_UINT8_ARRAY(pwd, SDState, 16), 1038 VMSTATE_UINT32(pwd_len, SDState), 1039 VMSTATE_UINT8_ARRAY(function_group, SDState, 6), 1040 VMSTATE_UINT8(current_cmd, SDState), 1041 VMSTATE_BOOL(expecting_acmd, SDState), 1042 VMSTATE_UINT32(blk_written, SDState), 1043 VMSTATE_UINT64(data_start, SDState), 1044 VMSTATE_UINT32(data_offset, SDState), 1045 VMSTATE_UINT8_ARRAY(data, SDState, 512), 1046 VMSTATE_UNUSED_V(1, 512), 1047 VMSTATE_UNUSED(1), 1048 VMSTATE_END_OF_LIST() 1049 }, 1050 .subsections = (const VMStateDescription * const []) { 1051 &sd_ocr_vmstate, 1052 &emmc_extcsd_vmstate, 1053 NULL 1054 }, 1055 }; 1056 1057 static void sd_blk_read(SDState *sd, uint64_t addr, uint32_t len) 1058 { 1059 trace_sdcard_read_block(addr, len); 1060 addr += sd_bootpart_offset(sd); 1061 if (!sd->blk || blk_pread(sd->blk, addr, len, sd->data, 0) < 0) { 1062 fprintf(stderr, "sd_blk_read: read error on host side\n"); 1063 } 1064 } 1065 1066 static void sd_blk_write(SDState *sd, uint64_t addr, uint32_t len) 1067 { 1068 trace_sdcard_write_block(addr, len); 1069 addr += sd_bootpart_offset(sd); 1070 if (!sd->blk || blk_pwrite(sd->blk, addr, len, sd->data, 0) < 0) { 1071 fprintf(stderr, "sd_blk_write: write error on host side\n"); 1072 } 1073 } 1074 1075 static void sd_erase(SDState *sd) 1076 { 1077 uint64_t erase_start = sd->erase_start; 1078 uint64_t erase_end = sd->erase_end; 1079 bool sdsc = true; 1080 uint64_t wpnum; 1081 uint64_t erase_addr; 1082 int erase_len = 1 << HWBLOCK_SHIFT; 1083 1084 trace_sdcard_erase(sd->erase_start, sd->erase_end); 1085 if (sd->erase_start == INVALID_ADDRESS 1086 || sd->erase_end == INVALID_ADDRESS) { 1087 sd->card_status |= ERASE_SEQ_ERROR; 1088 sd->erase_start = INVALID_ADDRESS; 1089 sd->erase_end = INVALID_ADDRESS; 1090 return; 1091 } 1092 1093 if (FIELD_EX32(sd->ocr, OCR, CARD_CAPACITY)) { 1094 /* High capacity memory card: erase units are 512 byte blocks */ 1095 erase_start <<= HWBLOCK_SHIFT; 1096 erase_end <<= HWBLOCK_SHIFT; 1097 sdsc = false; 1098 } 1099 1100 if (erase_start > sd->size || erase_end > sd->size) { 1101 sd->card_status |= OUT_OF_RANGE; 1102 sd->erase_start = INVALID_ADDRESS; 1103 sd->erase_end = INVALID_ADDRESS; 1104 return; 1105 } 1106 1107 sd->erase_start = INVALID_ADDRESS; 1108 sd->erase_end = INVALID_ADDRESS; 1109 sd->csd[14] |= 0x40; 1110 1111 memset(sd->data, 0xff, erase_len); 1112 for (erase_addr = erase_start; erase_addr <= erase_end; 1113 erase_addr += erase_len) { 1114 if (sdsc) { 1115 /* Only SDSC cards support write protect groups */ 1116 wpnum = sd_addr_to_wpnum(erase_addr); 1117 assert(wpnum < sd->wp_group_bits); 1118 if (test_bit(wpnum, sd->wp_group_bmap)) { 1119 sd->card_status |= WP_ERASE_SKIP; 1120 continue; 1121 } 1122 } 1123 sd_blk_write(sd, erase_addr, erase_len); 1124 } 1125 } 1126 1127 static uint32_t sd_wpbits(SDState *sd, uint64_t addr) 1128 { 1129 uint32_t i, wpnum; 1130 uint32_t ret = 0; 1131 1132 wpnum = sd_addr_to_wpnum(addr); 1133 1134 for (i = 0; i < 32; i++, wpnum++, addr += WPGROUP_SIZE) { 1135 if (addr >= sd->size) { 1136 /* 1137 * If the addresses of the last groups are outside the valid range, 1138 * then the corresponding write protection bits shall be set to 0. 1139 */ 1140 continue; 1141 } 1142 assert(wpnum < sd->wp_group_bits); 1143 if (test_bit(wpnum, sd->wp_group_bmap)) { 1144 ret |= (1 << i); 1145 } 1146 } 1147 1148 return ret; 1149 } 1150 1151 enum ExtCsdAccessMode { 1152 EXT_CSD_ACCESS_MODE_COMMAND_SET = 0, 1153 EXT_CSD_ACCESS_MODE_SET_BITS = 1, 1154 EXT_CSD_ACCESS_MODE_CLEAR_BITS = 2, 1155 EXT_CSD_ACCESS_MODE_WRITE_BYTE = 3 1156 }; 1157 1158 static void emmc_function_switch(SDState *sd, uint32_t arg) 1159 { 1160 uint8_t access = extract32(arg, 24, 2); 1161 uint8_t index = extract32(arg, 16, 8); 1162 uint8_t value = extract32(arg, 8, 8); 1163 uint8_t b = sd->ext_csd[index]; 1164 1165 trace_sdcard_switch(access, index, value, extract32(arg, 0, 2)); 1166 1167 if (index >= 192) { 1168 qemu_log_mask(LOG_GUEST_ERROR, "MMC switching illegal offset\n"); 1169 sd->card_status |= R_CSR_SWITCH_ERROR_MASK; 1170 return; 1171 } 1172 1173 switch (access) { 1174 case EXT_CSD_ACCESS_MODE_COMMAND_SET: 1175 qemu_log_mask(LOG_UNIMP, "MMC Command set switching not supported\n"); 1176 return; 1177 case EXT_CSD_ACCESS_MODE_SET_BITS: 1178 b |= value; 1179 break; 1180 case EXT_CSD_ACCESS_MODE_CLEAR_BITS: 1181 b &= ~value; 1182 break; 1183 case EXT_CSD_ACCESS_MODE_WRITE_BYTE: 1184 b = value; 1185 break; 1186 } 1187 1188 trace_sdcard_ext_csd_update(index, sd->ext_csd[index], b); 1189 sd->ext_csd[index] = b; 1190 } 1191 1192 static void sd_function_switch(SDState *sd, uint32_t arg) 1193 { 1194 int i, mode, new_func; 1195 mode = !!(arg & 0x80000000); 1196 1197 sd->data[0] = 0x00; /* Maximum current consumption */ 1198 sd->data[1] = 0x01; 1199 sd->data[2] = 0x80; /* Supported group 6 functions */ 1200 sd->data[3] = 0x01; 1201 sd->data[4] = 0x80; /* Supported group 5 functions */ 1202 sd->data[5] = 0x01; 1203 sd->data[6] = 0x80; /* Supported group 4 functions */ 1204 sd->data[7] = 0x01; 1205 sd->data[8] = 0x80; /* Supported group 3 functions */ 1206 sd->data[9] = 0x01; 1207 sd->data[10] = 0x80; /* Supported group 2 functions */ 1208 sd->data[11] = 0x43; 1209 sd->data[12] = 0x80; /* Supported group 1 functions */ 1210 sd->data[13] = 0x03; 1211 1212 memset(&sd->data[14], 0, 3); 1213 for (i = 0; i < 6; i ++) { 1214 new_func = (arg >> (i * 4)) & 0x0f; 1215 if (mode && new_func != 0x0f) 1216 sd->function_group[i] = new_func; 1217 sd->data[16 - (i >> 1)] |= new_func << ((i % 2) * 4); 1218 } 1219 memset(&sd->data[17], 0, 47); 1220 } 1221 1222 static inline bool sd_wp_addr(SDState *sd, uint64_t addr) 1223 { 1224 return test_bit(sd_addr_to_wpnum(addr), sd->wp_group_bmap); 1225 } 1226 1227 static void sd_lock_command(SDState *sd) 1228 { 1229 int erase, lock, clr_pwd, set_pwd, pwd_len; 1230 erase = !!(sd->data[0] & 0x08); 1231 lock = sd->data[0] & 0x04; 1232 clr_pwd = sd->data[0] & 0x02; 1233 set_pwd = sd->data[0] & 0x01; 1234 1235 if (sd->blk_len > 1) 1236 pwd_len = sd->data[1]; 1237 else 1238 pwd_len = 0; 1239 1240 if (lock) { 1241 trace_sdcard_lock(); 1242 } else { 1243 trace_sdcard_unlock(); 1244 } 1245 if (erase) { 1246 if (!(sd->card_status & CARD_IS_LOCKED) || sd->blk_len > 1 || 1247 set_pwd || clr_pwd || lock || sd->wp_switch || 1248 (sd->csd[14] & 0x20)) { 1249 sd->card_status |= LOCK_UNLOCK_FAILED; 1250 return; 1251 } 1252 bitmap_zero(sd->wp_group_bmap, sd->wp_group_bits); 1253 sd->csd[14] &= ~0x10; 1254 sd->card_status &= ~CARD_IS_LOCKED; 1255 sd->pwd_len = 0; 1256 /* Erasing the entire card here! */ 1257 fprintf(stderr, "SD: Card force-erased by CMD42\n"); 1258 return; 1259 } 1260 1261 if (sd->blk_len < 2 + pwd_len || 1262 pwd_len <= sd->pwd_len || 1263 pwd_len > sd->pwd_len + 16) { 1264 sd->card_status |= LOCK_UNLOCK_FAILED; 1265 return; 1266 } 1267 1268 if (sd->pwd_len && memcmp(sd->pwd, sd->data + 2, sd->pwd_len)) { 1269 sd->card_status |= LOCK_UNLOCK_FAILED; 1270 return; 1271 } 1272 1273 pwd_len -= sd->pwd_len; 1274 if ((pwd_len && !set_pwd) || 1275 (clr_pwd && (set_pwd || lock)) || 1276 (lock && !sd->pwd_len && !set_pwd) || 1277 (!set_pwd && !clr_pwd && 1278 (((sd->card_status & CARD_IS_LOCKED) && lock) || 1279 (!(sd->card_status & CARD_IS_LOCKED) && !lock)))) { 1280 sd->card_status |= LOCK_UNLOCK_FAILED; 1281 return; 1282 } 1283 1284 if (set_pwd) { 1285 memcpy(sd->pwd, sd->data + 2 + sd->pwd_len, pwd_len); 1286 sd->pwd_len = pwd_len; 1287 } 1288 1289 if (clr_pwd) { 1290 sd->pwd_len = 0; 1291 } 1292 1293 if (lock) 1294 sd->card_status |= CARD_IS_LOCKED; 1295 else 1296 sd->card_status &= ~CARD_IS_LOCKED; 1297 } 1298 1299 static bool address_in_range(SDState *sd, const char *desc, 1300 uint64_t addr, uint32_t length) 1301 { 1302 if (addr + length > sd->size) { 1303 qemu_log_mask(LOG_GUEST_ERROR, 1304 "%s offset %"PRIu64" > card %"PRIu64" [%%%u]\n", 1305 desc, addr, sd->size, length); 1306 sd->card_status |= ADDRESS_ERROR; 1307 return false; 1308 } 1309 return true; 1310 } 1311 1312 static sd_rsp_type_t sd_invalid_state_for_cmd(SDState *sd, SDRequest req) 1313 { 1314 qemu_log_mask(LOG_GUEST_ERROR, "%s: CMD%i in a wrong state: %s (spec %s)\n", 1315 sd->proto->name, req.cmd, sd_state_name(sd->state), 1316 sd_version_str(sd->spec_version)); 1317 1318 return sd_illegal; 1319 } 1320 1321 static sd_rsp_type_t sd_invalid_mode_for_cmd(SDState *sd, SDRequest req) 1322 { 1323 qemu_log_mask(LOG_GUEST_ERROR, "%s: CMD%i in a wrong mode: %s (spec %s)\n", 1324 sd->proto->name, req.cmd, sd_mode_name(sd_mode(sd)), 1325 sd_version_str(sd->spec_version)); 1326 1327 return sd_illegal; 1328 } 1329 1330 static sd_rsp_type_t sd_cmd_illegal(SDState *sd, SDRequest req) 1331 { 1332 qemu_log_mask(LOG_GUEST_ERROR, "%s: Unknown CMD%i for spec %s\n", 1333 sd->proto->name, req.cmd, 1334 sd_version_str(sd->spec_version)); 1335 1336 return sd_illegal; 1337 } 1338 1339 /* Commands that are recognised but not yet implemented. */ 1340 static sd_rsp_type_t sd_cmd_unimplemented(SDState *sd, SDRequest req) 1341 { 1342 qemu_log_mask(LOG_UNIMP, "%s: CMD%i not implemented\n", 1343 sd->proto->name, req.cmd); 1344 1345 return sd_illegal; 1346 } 1347 1348 static sd_rsp_type_t sd_cmd_optional(SDState *sd, SDRequest req) 1349 { 1350 qemu_log_mask(LOG_UNIMP, "%s: Optional CMD%i not implemented\n", 1351 sd->proto->name, req.cmd); 1352 1353 return sd_illegal; 1354 } 1355 1356 /* Configure fields for following sd_generic_write_byte() calls */ 1357 static sd_rsp_type_t sd_cmd_to_receivingdata(SDState *sd, SDRequest req, 1358 uint64_t start, size_t size) 1359 { 1360 if (sd->state != sd_transfer_state) { 1361 return sd_invalid_state_for_cmd(sd, req); 1362 } 1363 sd->state = sd_receivingdata_state; 1364 sd->data_start = start; 1365 sd->data_offset = 0; 1366 /* sd->data[] used as receive buffer */ 1367 sd->data_size = size ?: sizeof(sd->data); 1368 return sd_r1; 1369 } 1370 1371 /* Configure fields for following sd_generic_read_byte() calls */ 1372 static sd_rsp_type_t sd_cmd_to_sendingdata(SDState *sd, SDRequest req, 1373 uint64_t start, 1374 const void *data, size_t size) 1375 { 1376 if (sd->state != sd_transfer_state) { 1377 return sd_invalid_state_for_cmd(sd, req); 1378 } 1379 1380 sd->state = sd_sendingdata_state; 1381 sd->data_start = start; 1382 sd->data_offset = 0; 1383 if (data) { 1384 assert(size > 0 && size <= sizeof(sd->data)); 1385 memcpy(sd->data, data, size); 1386 } 1387 if (size) { 1388 sd->data_size = size; 1389 } 1390 return sd_r1; 1391 } 1392 1393 /* CMD0 */ 1394 static sd_rsp_type_t sd_cmd_GO_IDLE_STATE(SDState *sd, SDRequest req) 1395 { 1396 if (sd->state == sd_sleep_state) { 1397 switch (req.arg) { 1398 case 0x00000000: 1399 case 0xf0f0f0f0: 1400 break; 1401 default: 1402 return sd_r0; 1403 } 1404 } 1405 if (sd->state != sd_inactive_state) { 1406 sd->state = sd_idle_state; 1407 sd_reset(DEVICE(sd)); 1408 } 1409 1410 return sd_is_spi(sd) ? sd_r1 : sd_r0; 1411 } 1412 1413 /* CMD2 */ 1414 static sd_rsp_type_t sd_cmd_ALL_SEND_CID(SDState *sd, SDRequest req) 1415 { 1416 switch (sd->state) { 1417 case sd_ready_state: 1418 sd->state = sd_identification_state; 1419 return sd_r2_i; 1420 default: 1421 return sd_invalid_state_for_cmd(sd, req); 1422 } 1423 } 1424 1425 /* CMD3 */ 1426 static sd_rsp_type_t sd_cmd_SEND_RELATIVE_ADDR(SDState *sd, SDRequest req) 1427 { 1428 uint16_t random_rca; 1429 1430 switch (sd->state) { 1431 case sd_identification_state: 1432 case sd_standby_state: 1433 sd->state = sd_standby_state; 1434 qemu_guest_getrandom_nofail(&random_rca, sizeof(random_rca)); 1435 sd_set_rca(sd, random_rca); 1436 return sd_r6; 1437 1438 default: 1439 return sd_invalid_state_for_cmd(sd, req); 1440 } 1441 } 1442 1443 static sd_rsp_type_t emmc_cmd_SET_RELATIVE_ADDR(SDState *sd, SDRequest req) 1444 { 1445 switch (sd->state) { 1446 case sd_identification_state: 1447 case sd_standby_state: 1448 sd->state = sd_standby_state; 1449 sd_set_rca(sd, req.arg >> 16); 1450 return sd_r1; 1451 1452 default: 1453 return sd_invalid_state_for_cmd(sd, req); 1454 } 1455 } 1456 1457 /* CMD5 */ 1458 static sd_rsp_type_t emmc_cmd_sleep_awake(SDState *sd, SDRequest req) 1459 { 1460 bool do_sleep = extract32(req.arg, 15, 1); 1461 1462 switch (sd->state) { 1463 case sd_sleep_state: 1464 if (!do_sleep) { 1465 /* Awake */ 1466 sd->state = sd_standby_state; 1467 } 1468 return sd_r1b; 1469 1470 case sd_standby_state: 1471 if (do_sleep) { 1472 sd->state = sd_sleep_state; 1473 } 1474 return sd_r1b; 1475 1476 default: 1477 return sd_invalid_state_for_cmd(sd, req); 1478 } 1479 } 1480 1481 /* CMD6 */ 1482 static sd_rsp_type_t sd_cmd_SWITCH_FUNCTION(SDState *sd, SDRequest req) 1483 { 1484 if (sd_mode(sd) != sd_data_transfer_mode) { 1485 return sd_invalid_mode_for_cmd(sd, req); 1486 } 1487 if (sd_is_spi(sd)) { 1488 if (sd->state == sd_idle_state) { 1489 return sd_invalid_state_for_cmd(sd, req); 1490 } 1491 } else { 1492 if (sd->state != sd_transfer_state) { 1493 return sd_invalid_state_for_cmd(sd, req); 1494 } 1495 } 1496 1497 sd_function_switch(sd, req.arg); 1498 return sd_cmd_to_sendingdata(sd, req, 0, NULL, 64); 1499 } 1500 1501 static sd_rsp_type_t emmc_cmd_SWITCH(SDState *sd, SDRequest req) 1502 { 1503 switch (sd->state) { 1504 case sd_transfer_state: 1505 sd->state = sd_programming_state; 1506 emmc_function_switch(sd, req.arg); 1507 sd->state = sd_transfer_state; 1508 return sd_r1b; 1509 default: 1510 return sd_invalid_state_for_cmd(sd, req); 1511 } 1512 } 1513 1514 /* CMD7 */ 1515 static sd_rsp_type_t sd_cmd_DE_SELECT_CARD(SDState *sd, SDRequest req) 1516 { 1517 bool same_rca = sd_req_rca_same(sd, req); 1518 1519 switch (sd->state) { 1520 case sd_standby_state: 1521 if (!same_rca) { 1522 return sd_r0; 1523 } 1524 sd->state = sd_transfer_state; 1525 return sd_r1b; 1526 1527 case sd_transfer_state: 1528 case sd_sendingdata_state: 1529 if (same_rca) { 1530 break; 1531 } 1532 sd->state = sd_standby_state; 1533 return sd_r1b; 1534 1535 case sd_disconnect_state: 1536 if (!same_rca) { 1537 return sd_r0; 1538 } 1539 sd->state = sd_programming_state; 1540 return sd_r1b; 1541 1542 case sd_programming_state: 1543 if (same_rca) { 1544 break; 1545 } 1546 sd->state = sd_disconnect_state; 1547 return sd_r1b; 1548 1549 default: 1550 break; 1551 } 1552 return sd_invalid_state_for_cmd(sd, req); 1553 } 1554 1555 /* CMD8 */ 1556 static sd_rsp_type_t sd_cmd_SEND_IF_COND(SDState *sd, SDRequest req) 1557 { 1558 if (sd->spec_version < SD_PHY_SPECv2_00_VERS) { 1559 return sd_cmd_illegal(sd, req); 1560 } 1561 if (sd->state != sd_idle_state) { 1562 return sd_invalid_state_for_cmd(sd, req); 1563 } 1564 sd->vhs = 0; 1565 1566 /* No response if not exactly one VHS bit is set. */ 1567 if (!(req.arg >> 8) || (req.arg >> (ctz32(req.arg & ~0xff) + 1))) { 1568 return sd_is_spi(sd) ? sd_r7 : sd_r0; 1569 } 1570 1571 /* Accept. */ 1572 sd->vhs = req.arg; 1573 return sd_r7; 1574 } 1575 1576 /* CMD8 */ 1577 static sd_rsp_type_t emmc_cmd_SEND_EXT_CSD(SDState *sd, SDRequest req) 1578 { 1579 if (sd->state != sd_transfer_state) { 1580 return sd_invalid_state_for_cmd(sd, req); 1581 } 1582 1583 return sd_cmd_to_sendingdata(sd, req, sd_req_get_address(sd, req), 1584 sd->ext_csd, sizeof(sd->ext_csd)); 1585 } 1586 1587 static sd_rsp_type_t spi_cmd_SEND_CxD(SDState *sd, SDRequest req, 1588 const void *data, size_t size) 1589 { 1590 /* 1591 * XXX as of v10.1.0-rc1 command is reached in sd_idle_state, 1592 * so disable this check. 1593 if (sd->state != sd_standby_state) { 1594 return sd_invalid_state_for_cmd(sd, req); 1595 } 1596 */ 1597 1598 /* 1599 * Since SPI returns CSD and CID on the DAT lines, 1600 * switch to sd_transfer_state. 1601 */ 1602 sd->state = sd_transfer_state; 1603 1604 return sd_cmd_to_sendingdata(sd, req, 0, data, size); 1605 } 1606 1607 /* CMD9 */ 1608 static sd_rsp_type_t spi_cmd_SEND_CSD(SDState *sd, SDRequest req) 1609 { 1610 return spi_cmd_SEND_CxD(sd, req, sd->csd, sizeof(sd->csd)); 1611 } 1612 1613 static sd_rsp_type_t sd_cmd_SEND_CSD(SDState *sd, SDRequest req) 1614 { 1615 if (sd->state != sd_standby_state) { 1616 return sd_invalid_state_for_cmd(sd, req); 1617 } 1618 1619 return sd_req_rca_same(sd, req) ? sd_r2_s : sd_r0; 1620 } 1621 1622 /* CMD10 */ 1623 static sd_rsp_type_t spi_cmd_SEND_CID(SDState *sd, SDRequest req) 1624 { 1625 return spi_cmd_SEND_CxD(sd, req, sd->cid, sizeof(sd->cid)); 1626 } 1627 1628 static sd_rsp_type_t sd_cmd_SEND_CID(SDState *sd, SDRequest req) 1629 { 1630 if (sd->state != sd_standby_state) { 1631 return sd_invalid_state_for_cmd(sd, req); 1632 } 1633 1634 return sd_req_rca_same(sd, req) ? sd_r2_i : sd_r0; 1635 } 1636 1637 /* CMD12 */ 1638 static sd_rsp_type_t sd_cmd_STOP_TRANSMISSION(SDState *sd, SDRequest req) 1639 { 1640 switch (sd->state) { 1641 case sd_sendingdata_state: 1642 sd->state = sd_transfer_state; 1643 return sd_r1b; 1644 case sd_receivingdata_state: 1645 sd->state = sd_programming_state; 1646 /* Bzzzzzzztt .... Operation complete. */ 1647 sd->state = sd_transfer_state; 1648 return sd_r1; 1649 default: 1650 return sd_invalid_state_for_cmd(sd, req); 1651 } 1652 } 1653 1654 /* CMD13 */ 1655 static sd_rsp_type_t sd_cmd_SEND_STATUS(SDState *sd, SDRequest req) 1656 { 1657 if (sd_mode(sd) != sd_data_transfer_mode) { 1658 return sd_invalid_mode_for_cmd(sd, req); 1659 } 1660 1661 switch (sd->state) { 1662 case sd_standby_state: 1663 case sd_transfer_state: 1664 case sd_sendingdata_state: 1665 case sd_receivingdata_state: 1666 case sd_programming_state: 1667 case sd_disconnect_state: 1668 break; 1669 default: 1670 return sd_invalid_state_for_cmd(sd, req); 1671 } 1672 1673 if (sd_is_spi(sd)) { 1674 return spi_r2; 1675 } 1676 1677 return sd_req_rca_same(sd, req) ? sd_r1 : sd_r0; 1678 } 1679 1680 /* CMD15 */ 1681 static sd_rsp_type_t sd_cmd_GO_INACTIVE_STATE(SDState *sd, SDRequest req) 1682 { 1683 if (sd_mode(sd) != sd_data_transfer_mode) { 1684 return sd_invalid_mode_for_cmd(sd, req); 1685 } 1686 switch (sd->state) { 1687 case sd_standby_state: 1688 case sd_transfer_state: 1689 case sd_sendingdata_state: 1690 case sd_receivingdata_state: 1691 case sd_programming_state: 1692 case sd_disconnect_state: 1693 break; 1694 default: 1695 return sd_invalid_state_for_cmd(sd, req); 1696 } 1697 if (sd_req_rca_same(sd, req)) { 1698 sd->state = sd_inactive_state; 1699 } 1700 1701 return sd_r0; 1702 } 1703 1704 /* CMD16 */ 1705 static sd_rsp_type_t sd_cmd_SET_BLOCKLEN(SDState *sd, SDRequest req) 1706 { 1707 if (sd->state != sd_transfer_state) { 1708 return sd_invalid_state_for_cmd(sd, req); 1709 } 1710 if (req.arg > (1 << HWBLOCK_SHIFT)) { 1711 sd->card_status |= BLOCK_LEN_ERROR; 1712 } else { 1713 trace_sdcard_set_blocklen(req.arg); 1714 sd->blk_len = req.arg; 1715 } 1716 1717 return sd_r1; 1718 } 1719 1720 /* CMD17 */ 1721 static sd_rsp_type_t sd_cmd_READ_SINGLE_BLOCK(SDState *sd, SDRequest req) 1722 { 1723 uint64_t addr; 1724 1725 if (sd->state != sd_transfer_state) { 1726 return sd_invalid_state_for_cmd(sd, req); 1727 } 1728 1729 addr = sd_req_get_address(sd, req); 1730 if (!address_in_range(sd, "READ_SINGLE_BLOCK", addr, sd->blk_len)) { 1731 return sd_r1; 1732 } 1733 1734 sd_blk_read(sd, addr, sd->blk_len); 1735 return sd_cmd_to_sendingdata(sd, req, addr, NULL, sd->blk_len); 1736 } 1737 1738 /* CMD19 */ 1739 static sd_rsp_type_t sd_cmd_SEND_TUNING_BLOCK(SDState *sd, SDRequest req) 1740 { 1741 if (sd->spec_version < SD_PHY_SPECv3_01_VERS) { 1742 return sd_cmd_illegal(sd, req); 1743 } 1744 1745 return sd_cmd_to_sendingdata(sd, req, 0, 1746 sd_tuning_block_pattern4, 1747 sizeof(sd_tuning_block_pattern4)); 1748 } 1749 1750 /* CMD23 */ 1751 static sd_rsp_type_t sd_cmd_SET_BLOCK_COUNT(SDState *sd, SDRequest req) 1752 { 1753 if (sd->spec_version < SD_PHY_SPECv3_01_VERS) { 1754 return sd_cmd_illegal(sd, req); 1755 } 1756 1757 if (sd->state != sd_transfer_state) { 1758 return sd_invalid_state_for_cmd(sd, req); 1759 } 1760 1761 sd->multi_blk_cnt = req.arg; 1762 if (sd_is_emmc(sd)) { 1763 sd->multi_blk_cnt &= 0xffff; 1764 } 1765 trace_sdcard_set_block_count(sd->multi_blk_cnt); 1766 1767 return sd_r1; 1768 } 1769 1770 /* CMD24 */ 1771 static sd_rsp_type_t sd_cmd_WRITE_SINGLE_BLOCK(SDState *sd, SDRequest req) 1772 { 1773 uint64_t addr; 1774 1775 if (sd->state != sd_transfer_state) { 1776 return sd_invalid_state_for_cmd(sd, req); 1777 } 1778 1779 addr = sd_req_get_address(sd, req); 1780 if (!address_in_range(sd, "WRITE_SINGLE_BLOCK", addr, sd->blk_len)) { 1781 return sd_r1; 1782 } 1783 1784 if (sd->size <= SDSC_MAX_CAPACITY) { 1785 if (sd_wp_addr(sd, addr)) { 1786 sd->card_status |= WP_VIOLATION; 1787 } 1788 } 1789 if (sd->csd[14] & 0x30) { 1790 sd->card_status |= WP_VIOLATION; 1791 } 1792 1793 sd->blk_written = 0; 1794 return sd_cmd_to_receivingdata(sd, req, addr, sd->blk_len); 1795 } 1796 1797 /* CMD26 */ 1798 static sd_rsp_type_t emmc_cmd_PROGRAM_CID(SDState *sd, SDRequest req) 1799 { 1800 return sd_cmd_to_receivingdata(sd, req, 0, sizeof(sd->cid)); 1801 } 1802 1803 /* CMD27 */ 1804 static sd_rsp_type_t sd_cmd_PROGRAM_CSD(SDState *sd, SDRequest req) 1805 { 1806 return sd_cmd_to_receivingdata(sd, req, 0, sizeof(sd->csd)); 1807 } 1808 1809 static sd_rsp_type_t sd_cmd_SET_CLR_WRITE_PROT(SDState *sd, SDRequest req, 1810 bool is_write) 1811 { 1812 uint64_t addr; 1813 1814 if (sd->size > SDSC_MAX_CAPACITY) { 1815 return sd_illegal; 1816 } 1817 1818 if (sd->state != sd_transfer_state) { 1819 return sd_invalid_state_for_cmd(sd, req); 1820 } 1821 1822 addr = sd_req_get_address(sd, req); 1823 if (!address_in_range(sd, is_write ? "SET_WRITE_PROT" : "CLR_WRITE_PROT", 1824 addr, 1)) { 1825 return sd_r1b; 1826 } 1827 1828 sd->state = sd_programming_state; 1829 if (is_write) { 1830 set_bit(sd_addr_to_wpnum(addr), sd->wp_group_bmap); 1831 } else { 1832 clear_bit(sd_addr_to_wpnum(addr), sd->wp_group_bmap); 1833 } 1834 /* Bzzzzzzztt .... Operation complete. */ 1835 sd->state = sd_transfer_state; 1836 return sd_r1; 1837 } 1838 1839 /* CMD28 */ 1840 static sd_rsp_type_t sd_cmd_SET_WRITE_PROT(SDState *sd, SDRequest req) 1841 { 1842 return sd_cmd_SET_CLR_WRITE_PROT(sd, req, true); 1843 } 1844 1845 /* CMD29 */ 1846 static sd_rsp_type_t sd_cmd_CLR_WRITE_PROT(SDState *sd, SDRequest req) 1847 { 1848 return sd_cmd_SET_CLR_WRITE_PROT(sd, req, false); 1849 } 1850 1851 /* CMD30 */ 1852 static sd_rsp_type_t sd_cmd_SEND_WRITE_PROT(SDState *sd, SDRequest req) 1853 { 1854 uint64_t addr; 1855 uint32_t data; 1856 1857 if (sd->size > SDSC_MAX_CAPACITY) { 1858 return sd_illegal; 1859 } 1860 1861 if (sd->state != sd_transfer_state) { 1862 return sd_invalid_state_for_cmd(sd, req); 1863 } 1864 1865 addr = sd_req_get_address(sd, req); 1866 if (!address_in_range(sd, "SEND_WRITE_PROT", addr, sd->blk_len)) { 1867 return sd_r1; 1868 } 1869 1870 data = sd_wpbits(sd, req.arg); 1871 return sd_cmd_to_sendingdata(sd, req, addr, &data, sizeof(data)); 1872 } 1873 1874 /* CMD32 */ 1875 static sd_rsp_type_t sd_cmd_ERASE_WR_BLK_START(SDState *sd, SDRequest req) 1876 { 1877 if (sd->state != sd_transfer_state) { 1878 return sd_invalid_state_for_cmd(sd, req); 1879 } 1880 sd->erase_start = req.arg; 1881 return sd_r1; 1882 } 1883 1884 /* CMD33 */ 1885 static sd_rsp_type_t sd_cmd_ERASE_WR_BLK_END(SDState *sd, SDRequest req) 1886 { 1887 if (sd->state != sd_transfer_state) { 1888 return sd_invalid_state_for_cmd(sd, req); 1889 } 1890 sd->erase_end = req.arg; 1891 return sd_r1; 1892 } 1893 1894 /* CMD38 */ 1895 static sd_rsp_type_t sd_cmd_ERASE(SDState *sd, SDRequest req) 1896 { 1897 if (sd->state != sd_transfer_state) { 1898 return sd_invalid_state_for_cmd(sd, req); 1899 } 1900 if (sd->csd[14] & 0x30) { 1901 sd->card_status |= WP_VIOLATION; 1902 return sd_r1b; 1903 } 1904 1905 sd->state = sd_programming_state; 1906 sd_erase(sd); 1907 /* Bzzzzzzztt .... Operation complete. */ 1908 sd->state = sd_transfer_state; 1909 return sd_r1b; 1910 } 1911 1912 /* CMD42 */ 1913 static sd_rsp_type_t sd_cmd_LOCK_UNLOCK(SDState *sd, SDRequest req) 1914 { 1915 return sd_cmd_to_receivingdata(sd, req, 0, 0); 1916 } 1917 1918 /* CMD55 */ 1919 static sd_rsp_type_t sd_cmd_APP_CMD(SDState *sd, SDRequest req) 1920 { 1921 switch (sd->state) { 1922 case sd_ready_state: 1923 case sd_identification_state: 1924 case sd_inactive_state: 1925 case sd_sleep_state: 1926 return sd_invalid_state_for_cmd(sd, req); 1927 case sd_idle_state: 1928 if (!sd_is_spi(sd) && sd_req_get_rca(sd, req) != 0x0000) { 1929 qemu_log_mask(LOG_GUEST_ERROR, 1930 "SD: illegal RCA 0x%04x for APP_CMD\n", req.cmd); 1931 } 1932 /* fall-through */ 1933 default: 1934 break; 1935 } 1936 if (!sd_is_spi(sd) && !sd_req_rca_same(sd, req)) { 1937 return sd_r0; 1938 } 1939 sd->expecting_acmd = true; 1940 sd->card_status |= APP_CMD; 1941 1942 return sd_r1; 1943 } 1944 1945 /* CMD56 */ 1946 static sd_rsp_type_t sd_cmd_GEN_CMD(SDState *sd, SDRequest req) 1947 { 1948 if (sd->state != sd_transfer_state) { 1949 return sd_invalid_state_for_cmd(sd, req); 1950 } 1951 1952 /* Vendor specific command: our model is RAZ/WI */ 1953 if (req.arg & 1) { 1954 memset(sd->data, 0, sizeof(sd->data)); 1955 return sd_cmd_to_sendingdata(sd, req, 0, NULL, 0); 1956 } else { 1957 return sd_cmd_to_receivingdata(sd, req, 0, 0); 1958 } 1959 } 1960 1961 /* CMD58 */ 1962 static sd_rsp_type_t spi_cmd_READ_OCR(SDState *sd, SDRequest req) 1963 { 1964 return sd_r3; 1965 } 1966 1967 /* CMD59 */ 1968 static sd_rsp_type_t spi_cmd_CRC_ON_OFF(SDState *sd, SDRequest req) 1969 { 1970 return sd_r1; 1971 } 1972 1973 /* ACMD6 */ 1974 static sd_rsp_type_t sd_acmd_SET_BUS_WIDTH(SDState *sd, SDRequest req) 1975 { 1976 if (sd->state != sd_transfer_state) { 1977 return sd_invalid_state_for_cmd(sd, req); 1978 } 1979 1980 sd->sd_status[0] &= 0x3f; 1981 sd->sd_status[0] |= (req.arg & 0x03) << 6; 1982 return sd_r1; 1983 } 1984 1985 /* ACMD13 */ 1986 static sd_rsp_type_t sd_acmd_SD_STATUS(SDState *sd, SDRequest req) 1987 { 1988 sd_rsp_type_t rsp; 1989 1990 rsp = sd_cmd_to_sendingdata(sd, req, 0, 1991 sd->sd_status, sizeof(sd->sd_status)); 1992 if (sd_is_spi(sd) && rsp != sd_illegal) { 1993 return spi_r2; 1994 } 1995 return rsp; 1996 } 1997 1998 /* ACMD22 */ 1999 static sd_rsp_type_t sd_acmd_SEND_NUM_WR_BLOCKS(SDState *sd, SDRequest req) 2000 { 2001 return sd_cmd_to_sendingdata(sd, req, 0, 2002 &sd->blk_written, sizeof(sd->blk_written)); 2003 } 2004 2005 /* ACMD23 */ 2006 static sd_rsp_type_t sd_acmd_SET_WR_BLK_ERASE_COUNT(SDState *sd, SDRequest req) 2007 { 2008 if (sd->state != sd_transfer_state) { 2009 return sd_invalid_state_for_cmd(sd, req); 2010 } 2011 return sd_r1; 2012 } 2013 2014 /* ACMD41 */ 2015 static sd_rsp_type_t sd_cmd_SEND_OP_COND(SDState *sd, SDRequest req) 2016 { 2017 if (sd->state != sd_idle_state) { 2018 return sd_invalid_state_for_cmd(sd, req); 2019 } 2020 2021 /* 2022 * If it's the first ACMD41 since reset, we need to decide 2023 * whether to power up. If this is not an enquiry ACMD41, 2024 * we immediately report power on and proceed below to the 2025 * ready state, but if it is, we set a timer to model a 2026 * delay for power up. This works around a bug in EDK2 2027 * UEFI, which sends an initial enquiry ACMD41, but 2028 * assumes that the card is in ready state as soon as it 2029 * sees the power up bit set. 2030 */ 2031 if (!FIELD_EX32(sd->ocr, OCR, CARD_POWER_UP)) { 2032 if ((req.arg & ACMD41_ENQUIRY_MASK) != 0) { 2033 timer_del(sd->ocr_power_timer); 2034 sd_ocr_powerup(sd); 2035 } else { 2036 trace_sdcard_inquiry_cmd41(); 2037 if (!timer_pending(sd->ocr_power_timer)) { 2038 timer_mod_ns(sd->ocr_power_timer, 2039 (qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) 2040 + OCR_POWER_DELAY_NS)); 2041 } 2042 } 2043 } 2044 2045 if (FIELD_EX32(sd->ocr & req.arg, OCR, VDD_VOLTAGE_WINDOW)) { 2046 /* 2047 * We accept any voltage. 10000 V is nothing. 2048 * 2049 * Once we're powered up, we advance straight to ready state 2050 * unless it's an enquiry ACMD41 (bits 23:0 == 0). 2051 */ 2052 sd->state = sd_ready_state; 2053 } 2054 2055 if (sd_is_spi(sd)) { 2056 return sd_r1; 2057 } 2058 return sd_r3; 2059 } 2060 2061 /* ACMD42 */ 2062 static sd_rsp_type_t sd_acmd_SET_CLR_CARD_DETECT(SDState *sd, SDRequest req) 2063 { 2064 if (sd->state != sd_transfer_state) { 2065 return sd_invalid_state_for_cmd(sd, req); 2066 } 2067 2068 /* Bringing in the 50KOhm pull-up resistor... Done. */ 2069 return sd_r1; 2070 } 2071 2072 /* ACMD51 */ 2073 static sd_rsp_type_t sd_acmd_SEND_SCR(SDState *sd, SDRequest req) 2074 { 2075 return sd_cmd_to_sendingdata(sd, req, 0, sd->scr, sizeof(sd->scr)); 2076 } 2077 2078 static sd_rsp_type_t sd_normal_command(SDState *sd, SDRequest req) 2079 { 2080 uint64_t addr; 2081 2082 sd->last_cmd_name = sd_cmd_name(sd, req.cmd); 2083 /* CMD55 precedes an ACMD, so we are not interested in tracing it. 2084 * However there is no ACMD55, so we want to trace this particular case. 2085 */ 2086 if (req.cmd != 55 || sd->expecting_acmd) { 2087 trace_sdcard_normal_command(sd->proto->name, 2088 sd->last_cmd_name, req.cmd, 2089 req.arg, 2090 sd_mode_name(sd_mode(sd)), 2091 sd_state_name(sd->state)); 2092 } 2093 2094 /* Not interpreting this as an app command */ 2095 sd->card_status &= ~APP_CMD; 2096 2097 /* CMD23 (set block count) must be immediately followed by CMD18 or CMD25 2098 * if not, its effects are cancelled */ 2099 if (sd->multi_blk_cnt != 0 && !(req.cmd == 18 || req.cmd == 25)) { 2100 sd->multi_blk_cnt = 0; 2101 } 2102 2103 if (sd->proto->cmd[req.cmd].class == 6 && FIELD_EX32(sd->ocr, OCR, 2104 CARD_CAPACITY)) { 2105 /* Only Standard Capacity cards support class 6 commands */ 2106 return sd_illegal; 2107 } 2108 2109 if (sd->proto->cmd[req.cmd].handler) { 2110 return sd->proto->cmd[req.cmd].handler(sd, req); 2111 } 2112 2113 switch (req.cmd) { 2114 /* Block read commands (Class 2) */ 2115 case 18: /* CMD18: READ_MULTIPLE_BLOCK */ 2116 addr = sd_req_get_address(sd, req); 2117 switch (sd->state) { 2118 case sd_transfer_state: 2119 2120 if (!address_in_range(sd, "READ_BLOCK", addr, sd->blk_len)) { 2121 return sd_r1; 2122 } 2123 2124 sd->state = sd_sendingdata_state; 2125 sd->data_start = addr; 2126 sd->data_offset = 0; 2127 return sd_r1; 2128 2129 default: 2130 break; 2131 } 2132 break; 2133 2134 /* Block write commands (Class 4) */ 2135 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */ 2136 addr = sd_req_get_address(sd, req); 2137 switch (sd->state) { 2138 case sd_transfer_state: 2139 2140 if (!address_in_range(sd, "WRITE_BLOCK", addr, sd->blk_len)) { 2141 return sd_r1; 2142 } 2143 2144 sd->state = sd_receivingdata_state; 2145 sd->data_start = addr; 2146 sd->data_offset = 0; 2147 sd->blk_written = 0; 2148 2149 if (sd->size <= SDSC_MAX_CAPACITY) { 2150 if (sd_wp_addr(sd, sd->data_start)) { 2151 sd->card_status |= WP_VIOLATION; 2152 } 2153 } 2154 if (sd->csd[14] & 0x30) { 2155 sd->card_status |= WP_VIOLATION; 2156 } 2157 return sd_r1; 2158 2159 default: 2160 break; 2161 } 2162 break; 2163 2164 default: 2165 qemu_log_mask(LOG_GUEST_ERROR, "SD: Unknown CMD%i\n", req.cmd); 2166 return sd_illegal; 2167 } 2168 2169 return sd_invalid_state_for_cmd(sd, req); 2170 } 2171 2172 static sd_rsp_type_t sd_app_command(SDState *sd, 2173 SDRequest req) 2174 { 2175 sd->last_cmd_name = sd_acmd_name(sd, req.cmd); 2176 trace_sdcard_app_command(sd->proto->name, sd->last_cmd_name, 2177 req.cmd, req.arg, 2178 sd_mode_name(sd_mode(sd)), 2179 sd_state_name(sd->state)); 2180 sd->card_status |= APP_CMD; 2181 2182 if (sd->proto->acmd[req.cmd].handler) { 2183 return sd->proto->acmd[req.cmd].handler(sd, req); 2184 } 2185 2186 switch (req.cmd) { 2187 case 18: /* Reserved for SD security applications */ 2188 case 25: 2189 case 26: 2190 case 38: 2191 case 43 ... 49: 2192 /* Refer to the "SD Specifications Part3 Security Specification" for 2193 * information about the SD Security Features. 2194 */ 2195 qemu_log_mask(LOG_UNIMP, "SD: CMD%i Security not implemented\n", 2196 req.cmd); 2197 return sd_illegal; 2198 2199 default: 2200 /* Fall back to standard commands. */ 2201 return sd_normal_command(sd, req); 2202 } 2203 2204 qemu_log_mask(LOG_GUEST_ERROR, "SD: ACMD%i in a wrong state\n", req.cmd); 2205 return sd_illegal; 2206 } 2207 2208 static bool cmd_valid_while_locked(SDState *sd, unsigned cmd) 2209 { 2210 unsigned cmd_class; 2211 2212 /* Valid commands in locked state: 2213 * basic class (0) 2214 * lock card class (7) 2215 * CMD16 2216 * implicitly, the ACMD prefix CMD55 2217 * ACMD41 and ACMD42 2218 * Anything else provokes an "illegal command" response. 2219 */ 2220 if (sd->expecting_acmd) { 2221 return cmd == 41 || cmd == 42; 2222 } 2223 if (cmd == 16 || cmd == 55) { 2224 return true; 2225 } 2226 if (!sd->proto->cmd[cmd].handler) { 2227 return false; 2228 } 2229 cmd_class = sd->proto->cmd[cmd].class; 2230 2231 return cmd_class == 0 || cmd_class == 7; 2232 } 2233 2234 static size_t sd_do_command(SDState *sd, SDRequest *req, 2235 uint8_t *response, size_t respsz) 2236 { 2237 int last_state; 2238 sd_rsp_type_t rtype; 2239 int rsplen; 2240 2241 if (!sd->blk || !blk_is_inserted(sd->blk)) { 2242 return 0; 2243 } 2244 2245 if (sd->state == sd_inactive_state) { 2246 rtype = sd_illegal; 2247 goto send_response; 2248 } 2249 2250 if (sd_req_crc_validate(req)) { 2251 sd->card_status |= COM_CRC_ERROR; 2252 rtype = sd_illegal; 2253 goto send_response; 2254 } 2255 2256 if (req->cmd >= SDMMC_CMD_MAX) { 2257 qemu_log_mask(LOG_GUEST_ERROR, "SD: incorrect command 0x%02x\n", 2258 req->cmd); 2259 req->cmd &= 0x3f; 2260 } 2261 2262 if (sd->state == sd_sleep_state && req->cmd) { 2263 qemu_log_mask(LOG_GUEST_ERROR, "SD: Card is sleeping\n"); 2264 rtype = sd_r0; 2265 goto send_response; 2266 } 2267 2268 if (sd->card_status & CARD_IS_LOCKED) { 2269 if (!cmd_valid_while_locked(sd, req->cmd)) { 2270 sd->card_status |= ILLEGAL_COMMAND; 2271 sd->expecting_acmd = false; 2272 qemu_log_mask(LOG_GUEST_ERROR, "SD: Card is locked\n"); 2273 rtype = sd_illegal; 2274 goto send_response; 2275 } 2276 } 2277 2278 last_state = sd->state; 2279 2280 if (sd->expecting_acmd) { 2281 sd->expecting_acmd = false; 2282 rtype = sd_app_command(sd, *req); 2283 } else { 2284 rtype = sd_normal_command(sd, *req); 2285 } 2286 2287 if (rtype == sd_illegal) { 2288 sd->card_status |= ILLEGAL_COMMAND; 2289 } else { 2290 /* Valid command, we can update the 'state before command' bits. 2291 * (Do this now so they appear in r1 responses.) 2292 */ 2293 sd->card_status = FIELD_DP32(sd->card_status, CSR, 2294 CURRENT_STATE, last_state); 2295 } 2296 2297 send_response: 2298 rsplen = sd_response_size(sd, rtype); 2299 assert(rsplen <= respsz); 2300 2301 switch (rtype) { 2302 case sd_r1: 2303 case sd_r1b: 2304 sd_response_r1_make(sd, response); 2305 break; 2306 2307 case spi_r2: 2308 spi_response_r2_make(sd, response); 2309 break; 2310 2311 case sd_r2_i: 2312 memcpy(response, sd->cid, sizeof(sd->cid)); 2313 break; 2314 2315 case sd_r2_s: 2316 memcpy(response, sd->csd, sizeof(sd->csd)); 2317 break; 2318 2319 case sd_r3: 2320 sd_response_r3_make(sd, response); 2321 break; 2322 2323 case sd_r6: 2324 sd_response_r6_make(sd, response); 2325 break; 2326 2327 case sd_r7: 2328 sd_response_r7_make(sd, response); 2329 break; 2330 2331 case sd_r0: 2332 /* 2333 * Invalid state transition, reset implementation 2334 * fields to avoid OOB abuse. 2335 */ 2336 sd->data_start = 0; 2337 sd->data_offset = 0; 2338 /* fall-through */ 2339 case sd_illegal: 2340 break; 2341 default: 2342 g_assert_not_reached(); 2343 } 2344 trace_sdcard_response(sd_response_name(rtype), rsplen); 2345 2346 if (rtype != sd_illegal) { 2347 /* Clear the "clear on valid command" status bits now we've 2348 * sent any response 2349 */ 2350 sd->card_status &= ~CARD_STATUS_B; 2351 } 2352 2353 #ifdef DEBUG_SD 2354 qemu_hexdump(stderr, "Response", response, rsplen); 2355 #endif 2356 2357 sd->current_cmd = rtype == sd_illegal ? 0 : req->cmd; 2358 2359 return rsplen; 2360 } 2361 2362 /* Return true if buffer is consumed. Configured by sd_cmd_to_receivingdata() */ 2363 static bool sd_generic_write_byte(SDState *sd, uint8_t value) 2364 { 2365 sd->data[sd->data_offset] = value; 2366 2367 if (++sd->data_offset >= sd->data_size) { 2368 sd->state = sd_transfer_state; 2369 return true; 2370 } 2371 return false; 2372 } 2373 2374 /* Return true when buffer is consumed. Configured by sd_cmd_to_sendingdata() */ 2375 static bool sd_generic_read_byte(SDState *sd, uint8_t *value) 2376 { 2377 *value = sd->data[sd->data_offset]; 2378 2379 if (++sd->data_offset >= sd->data_size) { 2380 sd->state = sd_transfer_state; 2381 return true; 2382 } 2383 2384 return false; 2385 } 2386 2387 static void sd_write_byte(SDState *sd, uint8_t value) 2388 { 2389 int i; 2390 2391 if (!sd->blk || !blk_is_inserted(sd->blk)) { 2392 return; 2393 } 2394 2395 if (sd->state != sd_receivingdata_state) { 2396 qemu_log_mask(LOG_GUEST_ERROR, 2397 "%s: not in Receiving-Data state\n", __func__); 2398 return; 2399 } 2400 2401 if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION)) 2402 return; 2403 2404 trace_sdcard_write_data(sd->proto->name, 2405 sd->last_cmd_name, 2406 sd->current_cmd, sd->data_offset, value); 2407 switch (sd->current_cmd) { 2408 case 24: /* CMD24: WRITE_SINGLE_BLOCK */ 2409 if (sd_generic_write_byte(sd, value)) { 2410 /* TODO: Check CRC before committing */ 2411 sd->state = sd_programming_state; 2412 sd_blk_write(sd, sd->data_start, sd->data_offset); 2413 sd->blk_written ++; 2414 sd->csd[14] |= 0x40; 2415 /* Bzzzzzzztt .... Operation complete. */ 2416 sd->state = sd_transfer_state; 2417 } 2418 break; 2419 2420 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */ 2421 if (sd->data_offset == 0) { 2422 /* Start of the block - let's check the address is valid */ 2423 if (!address_in_range(sd, "WRITE_MULTIPLE_BLOCK", 2424 sd->data_start, sd->blk_len)) { 2425 break; 2426 } 2427 if (sd->size <= SDSC_MAX_CAPACITY) { 2428 if (sd_wp_addr(sd, sd->data_start)) { 2429 sd->card_status |= WP_VIOLATION; 2430 break; 2431 } 2432 } 2433 } 2434 sd->data[sd->data_offset++] = value; 2435 if (sd->data_offset >= sd->blk_len) { 2436 /* TODO: Check CRC before committing */ 2437 sd->state = sd_programming_state; 2438 sd_blk_write(sd, sd->data_start, sd->data_offset); 2439 sd->blk_written++; 2440 sd->data_start += sd->blk_len; 2441 sd->data_offset = 0; 2442 sd->csd[14] |= 0x40; 2443 2444 /* Bzzzzzzztt .... Operation complete. */ 2445 if (sd->multi_blk_cnt != 0) { 2446 if (--sd->multi_blk_cnt == 0) { 2447 /* Stop! */ 2448 sd->state = sd_transfer_state; 2449 break; 2450 } 2451 } 2452 2453 sd->state = sd_receivingdata_state; 2454 } 2455 break; 2456 2457 case 26: /* CMD26: PROGRAM_CID */ 2458 if (sd_generic_write_byte(sd, value)) { 2459 /* TODO: Check CRC before committing */ 2460 sd->state = sd_programming_state; 2461 for (i = 0; i < sizeof(sd->cid); i ++) 2462 if ((sd->cid[i] | 0x00) != sd->data[i]) 2463 sd->card_status |= CID_CSD_OVERWRITE; 2464 2465 if (!(sd->card_status & CID_CSD_OVERWRITE)) 2466 for (i = 0; i < sizeof(sd->cid); i ++) { 2467 sd->cid[i] |= 0x00; 2468 sd->cid[i] &= sd->data[i]; 2469 } 2470 /* Bzzzzzzztt .... Operation complete. */ 2471 sd->state = sd_transfer_state; 2472 } 2473 break; 2474 2475 case 27: /* CMD27: PROGRAM_CSD */ 2476 if (sd_generic_write_byte(sd, value)) { 2477 /* TODO: Check CRC before committing */ 2478 sd->state = sd_programming_state; 2479 for (i = 0; i < sizeof(sd->csd); i ++) 2480 if ((sd->csd[i] | sd_csd_rw_mask[i]) != 2481 (sd->data[i] | sd_csd_rw_mask[i])) 2482 sd->card_status |= CID_CSD_OVERWRITE; 2483 2484 /* Copy flag (OTP) & Permanent write protect */ 2485 if (sd->csd[14] & ~sd->data[14] & 0x60) 2486 sd->card_status |= CID_CSD_OVERWRITE; 2487 2488 if (!(sd->card_status & CID_CSD_OVERWRITE)) 2489 for (i = 0; i < sizeof(sd->csd); i ++) { 2490 sd->csd[i] |= sd_csd_rw_mask[i]; 2491 sd->csd[i] &= sd->data[i]; 2492 } 2493 /* Bzzzzzzztt .... Operation complete. */ 2494 sd->state = sd_transfer_state; 2495 } 2496 break; 2497 2498 case 42: /* CMD42: LOCK_UNLOCK */ 2499 if (sd_generic_write_byte(sd, value)) { 2500 /* TODO: Check CRC before committing */ 2501 sd->state = sd_programming_state; 2502 sd_lock_command(sd); 2503 /* Bzzzzzzztt .... Operation complete. */ 2504 sd->state = sd_transfer_state; 2505 } 2506 break; 2507 2508 case 56: /* CMD56: GEN_CMD */ 2509 sd_generic_write_byte(sd, value); 2510 break; 2511 2512 default: 2513 g_assert_not_reached(); 2514 } 2515 } 2516 2517 static uint8_t sd_read_byte(SDState *sd) 2518 { 2519 /* TODO: Append CRCs */ 2520 const uint8_t dummy_byte = 0x00; 2521 uint8_t ret; 2522 uint32_t io_len; 2523 2524 if (!sd->blk || !blk_is_inserted(sd->blk)) { 2525 return dummy_byte; 2526 } 2527 2528 if (sd->state != sd_sendingdata_state) { 2529 qemu_log_mask(LOG_GUEST_ERROR, 2530 "%s: not in Sending-Data state\n", __func__); 2531 return dummy_byte; 2532 } 2533 2534 if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION)) { 2535 return dummy_byte; 2536 } 2537 2538 io_len = sd_blk_len(sd); 2539 2540 trace_sdcard_read_data(sd->proto->name, 2541 sd->last_cmd_name, sd->current_cmd, 2542 sd->data_offset, sd->data_size, io_len); 2543 switch (sd->current_cmd) { 2544 case 6: /* CMD6: SWITCH_FUNCTION */ 2545 case 8: /* CMD8: SEND_EXT_CSD */ 2546 case 9: /* CMD9: SEND_CSD */ 2547 case 10: /* CMD10: SEND_CID */ 2548 case 13: /* ACMD13: SD_STATUS */ 2549 case 17: /* CMD17: READ_SINGLE_BLOCK */ 2550 case 19: /* CMD19: SEND_TUNING_BLOCK (SD) */ 2551 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */ 2552 case 30: /* CMD30: SEND_WRITE_PROT */ 2553 case 51: /* ACMD51: SEND_SCR */ 2554 case 56: /* CMD56: GEN_CMD */ 2555 sd_generic_read_byte(sd, &ret); 2556 break; 2557 2558 case 18: /* CMD18: READ_MULTIPLE_BLOCK */ 2559 if (sd->data_offset == 0) { 2560 if (!address_in_range(sd, "READ_MULTIPLE_BLOCK", 2561 sd->data_start, io_len)) { 2562 return dummy_byte; 2563 } 2564 sd_blk_read(sd, sd->data_start, io_len); 2565 } 2566 ret = sd->data[sd->data_offset ++]; 2567 2568 if (sd->data_offset >= io_len) { 2569 sd->data_start += io_len; 2570 sd->data_offset = 0; 2571 2572 if (sd->multi_blk_cnt != 0) { 2573 if (--sd->multi_blk_cnt == 0) { 2574 /* Stop! */ 2575 sd->state = sd_transfer_state; 2576 break; 2577 } 2578 } 2579 } 2580 break; 2581 2582 default: 2583 qemu_log_mask(LOG_GUEST_ERROR, "%s: DAT read illegal for command %s\n", 2584 __func__, sd->last_cmd_name); 2585 return dummy_byte; 2586 } 2587 2588 return ret; 2589 } 2590 2591 static bool sd_receive_ready(SDState *sd) 2592 { 2593 return sd->state == sd_receivingdata_state; 2594 } 2595 2596 static bool sd_data_ready(SDState *sd) 2597 { 2598 return sd->state == sd_sendingdata_state; 2599 } 2600 2601 static const SDProto sd_proto_spi = { 2602 .name = "SPI", 2603 .cmd = { 2604 [0] = {0, sd_spi, "GO_IDLE_STATE", sd_cmd_GO_IDLE_STATE}, 2605 [1] = {0, sd_spi, "SEND_OP_COND", sd_cmd_SEND_OP_COND}, 2606 [5] = {9, sd_spi, "IO_SEND_OP_COND", sd_cmd_optional}, 2607 [6] = {10, sd_spi, "SWITCH_FUNCTION", sd_cmd_SWITCH_FUNCTION}, 2608 [8] = {0, sd_spi, "SEND_IF_COND", sd_cmd_SEND_IF_COND}, 2609 [9] = {0, sd_spi, "SEND_CSD", spi_cmd_SEND_CSD}, 2610 [10] = {0, sd_spi, "SEND_CID", spi_cmd_SEND_CID}, 2611 [12] = {0, sd_spi, "STOP_TRANSMISSION", sd_cmd_STOP_TRANSMISSION}, 2612 [13] = {0, sd_spi, "SEND_STATUS", sd_cmd_SEND_STATUS}, 2613 [16] = {2, sd_spi, "SET_BLOCKLEN", sd_cmd_SET_BLOCKLEN}, 2614 [17] = {2, sd_spi, "READ_SINGLE_BLOCK", sd_cmd_READ_SINGLE_BLOCK}, 2615 [24] = {4, sd_spi, "WRITE_SINGLE_BLOCK", sd_cmd_WRITE_SINGLE_BLOCK}, 2616 [27] = {4, sd_spi, "PROGRAM_CSD", sd_cmd_PROGRAM_CSD}, 2617 [28] = {6, sd_spi, "SET_WRITE_PROT", sd_cmd_SET_WRITE_PROT}, 2618 [29] = {6, sd_spi, "CLR_WRITE_PROT", sd_cmd_CLR_WRITE_PROT}, 2619 [30] = {6, sd_spi, "SEND_WRITE_PROT", sd_cmd_SEND_WRITE_PROT}, 2620 [32] = {5, sd_spi, "ERASE_WR_BLK_START", sd_cmd_ERASE_WR_BLK_START}, 2621 [33] = {5, sd_spi, "ERASE_WR_BLK_END", sd_cmd_ERASE_WR_BLK_END}, 2622 [34] = {10, sd_spi, "READ_SEC_CMD", sd_cmd_optional}, 2623 [35] = {10, sd_spi, "WRITE_SEC_CMD", sd_cmd_optional}, 2624 [36] = {10, sd_spi, "SEND_PSI", sd_cmd_optional}, 2625 [37] = {10, sd_spi, "CONTROL_ASSD_SYSTEM", sd_cmd_optional}, 2626 [38] = {5, sd_spi, "ERASE", sd_cmd_ERASE}, 2627 [42] = {7, sd_spi, "LOCK_UNLOCK", sd_cmd_LOCK_UNLOCK}, 2628 [50] = {10, sd_spi, "DIRECT_SECURE_READ", sd_cmd_optional}, 2629 [52] = {9, sd_spi, "IO_RW_DIRECT", sd_cmd_optional}, 2630 [53] = {9, sd_spi, "IO_RW_EXTENDED", sd_cmd_optional}, 2631 [55] = {8, sd_spi, "APP_CMD", sd_cmd_APP_CMD}, 2632 [56] = {8, sd_spi, "GEN_CMD", sd_cmd_GEN_CMD}, 2633 [57] = {10, sd_spi, "DIRECT_SECURE_WRITE", sd_cmd_optional}, 2634 [58] = {0, sd_spi, "READ_OCR", spi_cmd_READ_OCR}, 2635 [59] = {0, sd_spi, "CRC_ON_OFF", spi_cmd_CRC_ON_OFF}, 2636 }, 2637 .acmd = { 2638 [13] = {8, sd_spi, "SD_STATUS", sd_acmd_SD_STATUS}, 2639 [22] = {8, sd_spi, "SEND_NUM_WR_BLOCKS", sd_acmd_SEND_NUM_WR_BLOCKS}, 2640 [23] = {8, sd_spi, "SET_WR_BLK_ERASE_COUNT", sd_acmd_SET_WR_BLK_ERASE_COUNT}, 2641 [41] = {8, sd_spi, "SEND_OP_COND", sd_cmd_SEND_OP_COND}, 2642 [42] = {8, sd_spi, "SET_CLR_CARD_DETECT", sd_acmd_SET_CLR_CARD_DETECT}, 2643 [51] = {8, sd_spi, "SEND_SCR", sd_acmd_SEND_SCR}, 2644 }, 2645 }; 2646 2647 static const SDProto sd_proto_sd = { 2648 .name = "SD", 2649 .cmd = { 2650 [0] = {0, sd_bc, "GO_IDLE_STATE", sd_cmd_GO_IDLE_STATE}, 2651 [2] = {0, sd_bcr, "ALL_SEND_CID", sd_cmd_ALL_SEND_CID}, 2652 [3] = {0, sd_bcr, "SEND_RELATIVE_ADDR", sd_cmd_SEND_RELATIVE_ADDR}, 2653 [4] = {0, sd_bc, "SEND_DSR", sd_cmd_unimplemented}, 2654 [5] = {9, sd_bc, "IO_SEND_OP_COND", sd_cmd_optional}, 2655 [6] = {10, sd_adtc, "SWITCH_FUNCTION", sd_cmd_SWITCH_FUNCTION}, 2656 [7] = {0, sd_ac, "(DE)SELECT_CARD", sd_cmd_DE_SELECT_CARD}, 2657 [8] = {0, sd_bcr, "SEND_IF_COND", sd_cmd_SEND_IF_COND}, 2658 [9] = {0, sd_ac, "SEND_CSD", sd_cmd_SEND_CSD}, 2659 [10] = {0, sd_ac, "SEND_CID", sd_cmd_SEND_CID}, 2660 [11] = {0, sd_ac, "VOLTAGE_SWITCH", sd_cmd_optional}, 2661 [12] = {0, sd_ac, "STOP_TRANSMISSION", sd_cmd_STOP_TRANSMISSION}, 2662 [13] = {0, sd_ac, "SEND_STATUS", sd_cmd_SEND_STATUS}, 2663 [15] = {0, sd_ac, "GO_INACTIVE_STATE", sd_cmd_GO_INACTIVE_STATE}, 2664 [16] = {2, sd_ac, "SET_BLOCKLEN", sd_cmd_SET_BLOCKLEN}, 2665 [17] = {2, sd_adtc, "READ_SINGLE_BLOCK", sd_cmd_READ_SINGLE_BLOCK}, 2666 [19] = {2, sd_adtc, "SEND_TUNING_BLOCK", sd_cmd_SEND_TUNING_BLOCK}, 2667 [20] = {2, sd_ac, "SPEED_CLASS_CONTROL", sd_cmd_optional}, 2668 [23] = {2, sd_ac, "SET_BLOCK_COUNT", sd_cmd_SET_BLOCK_COUNT}, 2669 [24] = {4, sd_adtc, "WRITE_SINGLE_BLOCK", sd_cmd_WRITE_SINGLE_BLOCK}, 2670 [27] = {4, sd_adtc, "PROGRAM_CSD", sd_cmd_PROGRAM_CSD}, 2671 [28] = {6, sd_ac, "SET_WRITE_PROT", sd_cmd_SET_WRITE_PROT}, 2672 [29] = {6, sd_ac, "CLR_WRITE_PROT", sd_cmd_CLR_WRITE_PROT}, 2673 [30] = {6, sd_adtc, "SEND_WRITE_PROT", sd_cmd_SEND_WRITE_PROT}, 2674 [32] = {5, sd_ac, "ERASE_WR_BLK_START", sd_cmd_ERASE_WR_BLK_START}, 2675 [33] = {5, sd_ac, "ERASE_WR_BLK_END", sd_cmd_ERASE_WR_BLK_END}, 2676 [34] = {10, sd_adtc, "READ_SEC_CMD", sd_cmd_optional}, 2677 [35] = {10, sd_adtc, "WRITE_SEC_CMD", sd_cmd_optional}, 2678 [36] = {10, sd_adtc, "SEND_PSI", sd_cmd_optional}, 2679 [37] = {10, sd_ac, "CONTROL_ASSD_SYSTEM", sd_cmd_optional}, 2680 [38] = {5, sd_ac, "ERASE", sd_cmd_ERASE}, 2681 [42] = {7, sd_adtc, "LOCK_UNLOCK", sd_cmd_LOCK_UNLOCK}, 2682 [43] = {1, sd_ac, "Q_MANAGEMENT", sd_cmd_optional}, 2683 [44] = {1, sd_ac, "Q_TASK_INFO_A", sd_cmd_optional}, 2684 [45] = {1, sd_ac, "Q_TASK_INFO_B", sd_cmd_optional}, 2685 [46] = {1, sd_adtc, "Q_RD_TASK", sd_cmd_optional}, 2686 [47] = {1, sd_adtc, "Q_WR_TASK", sd_cmd_optional}, 2687 [48] = {1, sd_adtc, "READ_EXTR_SINGLE", sd_cmd_optional}, 2688 [49] = {1, sd_adtc, "WRITE_EXTR_SINGLE", sd_cmd_optional}, 2689 [50] = {10, sd_adtc, "DIRECT_SECURE_READ", sd_cmd_optional}, 2690 [52] = {9, sd_bc, "IO_RW_DIRECT", sd_cmd_optional}, 2691 [53] = {9, sd_bc, "IO_RW_EXTENDED", sd_cmd_optional}, 2692 [55] = {8, sd_ac, "APP_CMD", sd_cmd_APP_CMD}, 2693 [56] = {8, sd_adtc, "GEN_CMD", sd_cmd_GEN_CMD}, 2694 [57] = {10, sd_adtc, "DIRECT_SECURE_WRITE", sd_cmd_optional}, 2695 [58] = {11, sd_adtc, "READ_EXTR_MULTI", sd_cmd_optional}, 2696 [59] = {11, sd_adtc, "WRITE_EXTR_MULTI", sd_cmd_optional}, 2697 }, 2698 .acmd = { 2699 [6] = {8, sd_ac, "SET_BUS_WIDTH", sd_acmd_SET_BUS_WIDTH}, 2700 [13] = {8, sd_adtc, "SD_STATUS", sd_acmd_SD_STATUS}, 2701 [22] = {8, sd_adtc, "SEND_NUM_WR_BLOCKS", sd_acmd_SEND_NUM_WR_BLOCKS}, 2702 [23] = {8, sd_ac, "SET_WR_BLK_ERASE_COUNT", sd_acmd_SET_WR_BLK_ERASE_COUNT}, 2703 [41] = {8, sd_bcr, "SEND_OP_COND", sd_cmd_SEND_OP_COND}, 2704 [42] = {8, sd_ac, "SET_CLR_CARD_DETECT", sd_acmd_SET_CLR_CARD_DETECT}, 2705 [51] = {8, sd_adtc, "SEND_SCR", sd_acmd_SEND_SCR}, 2706 }, 2707 }; 2708 2709 static const SDProto sd_proto_emmc = { 2710 /* Only v4.3 is supported */ 2711 .name = "eMMC", 2712 .cmd = { 2713 [0] = {0, sd_bc, "GO_IDLE_STATE", sd_cmd_GO_IDLE_STATE}, 2714 [1] = {0, sd_bcr, "SEND_OP_COND", sd_cmd_SEND_OP_COND}, 2715 [2] = {0, sd_bcr, "ALL_SEND_CID", sd_cmd_ALL_SEND_CID}, 2716 [3] = {0, sd_ac, "SET_RELATIVE_ADDR", emmc_cmd_SET_RELATIVE_ADDR}, 2717 [4] = {0, sd_bc, "SEND_DSR", sd_cmd_unimplemented}, 2718 [5] = {0, sd_ac, "SLEEP/AWAKE", emmc_cmd_sleep_awake}, 2719 [6] = {10, sd_adtc, "SWITCH", emmc_cmd_SWITCH}, 2720 [7] = {0, sd_ac, "(DE)SELECT_CARD", sd_cmd_DE_SELECT_CARD}, 2721 [8] = {0, sd_adtc, "SEND_EXT_CSD", emmc_cmd_SEND_EXT_CSD}, 2722 [9] = {0, sd_ac, "SEND_CSD", sd_cmd_SEND_CSD}, 2723 [10] = {0, sd_ac, "SEND_CID", sd_cmd_SEND_CID}, 2724 [11] = {1, sd_adtc, "READ_DAT_UNTIL_STOP", sd_cmd_unimplemented}, 2725 [12] = {0, sd_ac, "STOP_TRANSMISSION", sd_cmd_STOP_TRANSMISSION}, 2726 [13] = {0, sd_ac, "SEND_STATUS", sd_cmd_SEND_STATUS}, 2727 [14] = {0, sd_adtc, "BUSTEST_R", sd_cmd_unimplemented}, 2728 [15] = {0, sd_ac, "GO_INACTIVE_STATE", sd_cmd_GO_INACTIVE_STATE}, 2729 [16] = {2, sd_ac, "SET_BLOCKLEN", sd_cmd_SET_BLOCKLEN}, 2730 [17] = {2, sd_adtc, "READ_SINGLE_BLOCK", sd_cmd_READ_SINGLE_BLOCK}, 2731 [19] = {0, sd_adtc, "BUSTEST_W", sd_cmd_unimplemented}, 2732 [20] = {3, sd_adtc, "WRITE_DAT_UNTIL_STOP", sd_cmd_unimplemented}, 2733 [23] = {2, sd_ac, "SET_BLOCK_COUNT", sd_cmd_SET_BLOCK_COUNT}, 2734 [24] = {4, sd_adtc, "WRITE_SINGLE_BLOCK", sd_cmd_WRITE_SINGLE_BLOCK}, 2735 [26] = {4, sd_adtc, "PROGRAM_CID", emmc_cmd_PROGRAM_CID}, 2736 [27] = {4, sd_adtc, "PROGRAM_CSD", sd_cmd_PROGRAM_CSD}, 2737 [28] = {6, sd_ac, "SET_WRITE_PROT", sd_cmd_SET_WRITE_PROT}, 2738 [29] = {6, sd_ac, "CLR_WRITE_PROT", sd_cmd_CLR_WRITE_PROT}, 2739 [30] = {6, sd_adtc, "SEND_WRITE_PROT", sd_cmd_SEND_WRITE_PROT}, 2740 [31] = {6, sd_adtc, "SEND_WRITE_PROT_TYPE", sd_cmd_unimplemented}, 2741 [35] = {5, sd_ac, "ERASE_WR_BLK_START", sd_cmd_ERASE_WR_BLK_START}, 2742 [36] = {5, sd_ac, "ERASE_WR_BLK_END", sd_cmd_ERASE_WR_BLK_END}, 2743 [38] = {5, sd_ac, "ERASE", sd_cmd_ERASE}, 2744 [39] = {9, sd_ac, "FAST_IO", sd_cmd_unimplemented}, 2745 [40] = {9, sd_bcr, "GO_IRQ_STATE", sd_cmd_unimplemented}, 2746 [42] = {7, sd_adtc, "LOCK_UNLOCK", sd_cmd_LOCK_UNLOCK}, 2747 [49] = {0, sd_adtc, "SET_TIME", sd_cmd_unimplemented}, 2748 [55] = {8, sd_ac, "APP_CMD", sd_cmd_APP_CMD}, 2749 [56] = {8, sd_adtc, "GEN_CMD", sd_cmd_GEN_CMD}, 2750 }, 2751 }; 2752 2753 static void sd_instance_init(Object *obj) 2754 { 2755 SDState *sd = SDMMC_COMMON(obj); 2756 SDCardClass *sc = SDMMC_COMMON_GET_CLASS(sd); 2757 2758 sd->proto = sc->proto; 2759 sd->last_cmd_name = "UNSET"; 2760 sd->ocr_power_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, sd_ocr_powerup, sd); 2761 } 2762 2763 static void sd_instance_finalize(Object *obj) 2764 { 2765 SDState *sd = SDMMC_COMMON(obj); 2766 2767 timer_free(sd->ocr_power_timer); 2768 } 2769 2770 static void sd_realize(DeviceState *dev, Error **errp) 2771 { 2772 SDState *sd = SDMMC_COMMON(dev); 2773 int ret; 2774 2775 switch (sd->spec_version) { 2776 case SD_PHY_SPECv1_10_VERS 2777 ... SD_PHY_SPECv3_01_VERS: 2778 break; 2779 default: 2780 error_setg(errp, "Invalid SD card Spec version: %u", sd->spec_version); 2781 return; 2782 } 2783 2784 if (sd->blk) { 2785 int64_t blk_size; 2786 2787 if (!blk_supports_write_perm(sd->blk)) { 2788 error_setg(errp, "Cannot use read-only drive as SD card"); 2789 return; 2790 } 2791 2792 blk_size = blk_getlength(sd->blk); 2793 if (blk_size > 0 && !is_power_of_2(blk_size)) { 2794 int64_t blk_size_aligned = pow2ceil(blk_size); 2795 char *blk_size_str; 2796 2797 blk_size_str = size_to_str(blk_size); 2798 error_setg(errp, "Invalid SD card size: %s", blk_size_str); 2799 g_free(blk_size_str); 2800 2801 blk_size_str = size_to_str(blk_size_aligned); 2802 error_append_hint(errp, 2803 "SD card size has to be a power of 2, e.g. %s.\n" 2804 "You can resize disk images with" 2805 " 'qemu-img resize <imagefile> <new-size>'\n" 2806 "(note that this will lose data if you make the" 2807 " image smaller than it currently is).\n", 2808 blk_size_str); 2809 g_free(blk_size_str); 2810 2811 return; 2812 } 2813 2814 ret = blk_set_perm(sd->blk, BLK_PERM_CONSISTENT_READ | BLK_PERM_WRITE, 2815 BLK_PERM_ALL, errp); 2816 if (ret < 0) { 2817 return; 2818 } 2819 blk_set_dev_ops(sd->blk, &sd_block_ops, sd); 2820 } 2821 } 2822 2823 static void emmc_realize(DeviceState *dev, Error **errp) 2824 { 2825 SDState *sd = SDMMC_COMMON(dev); 2826 2827 sd->spec_version = SD_PHY_SPECv3_01_VERS; /* Actually v4.3 */ 2828 2829 sd_realize(dev, errp); 2830 } 2831 2832 static const Property sdmmc_common_properties[] = { 2833 DEFINE_PROP_DRIVE("drive", SDState, blk), 2834 }; 2835 2836 static const Property sd_properties[] = { 2837 DEFINE_PROP_UINT8("spec_version", SDState, 2838 spec_version, SD_PHY_SPECv3_01_VERS), 2839 }; 2840 2841 static const Property emmc_properties[] = { 2842 DEFINE_PROP_UINT64("boot-partition-size", SDState, boot_part_size, 0), 2843 DEFINE_PROP_UINT8("boot-config", SDState, boot_config, 0x0), 2844 }; 2845 2846 static void sdmmc_common_class_init(ObjectClass *klass, const void *data) 2847 { 2848 DeviceClass *dc = DEVICE_CLASS(klass); 2849 SDCardClass *sc = SDMMC_COMMON_CLASS(klass); 2850 2851 device_class_set_props(dc, sdmmc_common_properties); 2852 dc->vmsd = &sd_vmstate; 2853 device_class_set_legacy_reset(dc, sd_reset); 2854 dc->bus_type = TYPE_SD_BUS; 2855 set_bit(DEVICE_CATEGORY_STORAGE, dc->categories); 2856 2857 sc->set_voltage = sd_set_voltage; 2858 sc->get_dat_lines = sd_get_dat_lines; 2859 sc->get_cmd_line = sd_get_cmd_line; 2860 sc->do_command = sd_do_command; 2861 sc->write_byte = sd_write_byte; 2862 sc->read_byte = sd_read_byte; 2863 sc->receive_ready = sd_receive_ready; 2864 sc->data_ready = sd_data_ready; 2865 sc->get_inserted = sd_get_inserted; 2866 sc->get_readonly = sd_get_readonly; 2867 } 2868 2869 static void sd_class_init(ObjectClass *klass, const void *data) 2870 { 2871 DeviceClass *dc = DEVICE_CLASS(klass); 2872 SDCardClass *sc = SDMMC_COMMON_CLASS(klass); 2873 2874 dc->realize = sd_realize; 2875 device_class_set_props(dc, sd_properties); 2876 2877 sc->set_cid = sd_set_cid; 2878 sc->set_csd = sd_set_csd; 2879 sc->proto = &sd_proto_sd; 2880 } 2881 2882 /* 2883 * We do not model the chip select pin, so allow the board to select 2884 * whether card should be in SSI or MMC/SD mode. It is also up to the 2885 * board to ensure that ssi transfers only occur when the chip select 2886 * is asserted. 2887 */ 2888 static void sd_spi_class_init(ObjectClass *klass, const void *data) 2889 { 2890 DeviceClass *dc = DEVICE_CLASS(klass); 2891 SDCardClass *sc = SDMMC_COMMON_CLASS(klass); 2892 2893 dc->desc = "SD SPI"; 2894 sc->proto = &sd_proto_spi; 2895 } 2896 2897 static void emmc_class_init(ObjectClass *klass, const void *data) 2898 { 2899 DeviceClass *dc = DEVICE_CLASS(klass); 2900 SDCardClass *sc = SDMMC_COMMON_CLASS(klass); 2901 2902 dc->desc = "eMMC"; 2903 dc->realize = emmc_realize; 2904 device_class_set_props(dc, emmc_properties); 2905 /* Reason: Soldered on board */ 2906 dc->user_creatable = false; 2907 2908 sc->proto = &sd_proto_emmc; 2909 2910 sc->set_cid = emmc_set_cid; 2911 sc->set_csd = emmc_set_csd; 2912 } 2913 2914 static const TypeInfo sd_types[] = { 2915 { 2916 .name = TYPE_SDMMC_COMMON, 2917 .parent = TYPE_DEVICE, 2918 .abstract = true, 2919 .instance_size = sizeof(SDState), 2920 .class_size = sizeof(SDCardClass), 2921 .class_init = sdmmc_common_class_init, 2922 .instance_init = sd_instance_init, 2923 .instance_finalize = sd_instance_finalize, 2924 }, 2925 { 2926 .name = TYPE_SD_CARD, 2927 .parent = TYPE_SDMMC_COMMON, 2928 .class_init = sd_class_init, 2929 }, 2930 { 2931 .name = TYPE_SD_CARD_SPI, 2932 .parent = TYPE_SD_CARD, 2933 .class_init = sd_spi_class_init, 2934 }, 2935 { 2936 .name = TYPE_EMMC, 2937 .parent = TYPE_SDMMC_COMMON, 2938 .class_init = emmc_class_init, 2939 }, 2940 }; 2941 2942 DEFINE_TYPES(sd_types) 2943