1 /* 2 * SD Memory Card emulation as defined in the "SD Memory Card Physical 3 * layer specification, Version 2.00." 4 * 5 * eMMC emulation defined in "JEDEC Standard No. 84-A43" 6 * 7 * Copyright (c) 2006 Andrzej Zaborowski <balrog@zabor.org> 8 * Copyright (c) 2007 CodeSourcery 9 * Copyright (c) 2018 Philippe Mathieu-Daudé <f4bug@amsat.org> 10 * 11 * Redistribution and use in source and binary forms, with or without 12 * modification, are permitted provided that the following conditions 13 * are met: 14 * 15 * 1. Redistributions of source code must retain the above copyright 16 * notice, this list of conditions and the following disclaimer. 17 * 2. Redistributions in binary form must reproduce the above copyright 18 * notice, this list of conditions and the following disclaimer in 19 * the documentation and/or other materials provided with the 20 * distribution. 21 * 22 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' 23 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, 24 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A 25 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR 26 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 27 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 28 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 29 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY 30 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 31 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 32 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 33 */ 34 35 #include "qemu/osdep.h" 36 #include "qemu/units.h" 37 #include "qemu/cutils.h" 38 #include "hw/irq.h" 39 #include "hw/registerfields.h" 40 #include "system/block-backend.h" 41 #include "hw/sd/sd.h" 42 #include "migration/vmstate.h" 43 #include "qapi/error.h" 44 #include "qemu/bitmap.h" 45 #include "hw/qdev-properties.h" 46 #include "hw/qdev-properties-system.h" 47 #include "qemu/error-report.h" 48 #include "qemu/timer.h" 49 #include "qemu/log.h" 50 #include "qemu/guest-random.h" 51 #include "qemu/module.h" 52 #include "sdmmc-internal.h" 53 #include "trace.h" 54 55 //#define DEBUG_SD 1 56 57 #define SDSC_MAX_CAPACITY (2 * GiB) 58 59 #define INVALID_ADDRESS UINT32_MAX 60 61 typedef enum { 62 sd_r0 = 0, /* no response */ 63 sd_r1, /* normal response command */ 64 spi_r2, /* STATUS */ 65 sd_r2_i, /* CID register */ 66 sd_r2_s, /* CSD register */ 67 sd_r3, /* OCR register */ 68 sd_r6 = 6, /* Published RCA response */ 69 sd_r7, /* Operating voltage */ 70 sd_r1b = -1, 71 sd_illegal = -2, 72 } sd_rsp_type_t; 73 74 typedef enum { 75 sd_spi, 76 sd_bc, /* broadcast -- no response */ 77 sd_bcr, /* broadcast with response */ 78 sd_ac, /* addressed -- no data transfer */ 79 sd_adtc, /* addressed with data transfer */ 80 } sd_cmd_type_t; 81 82 enum SDCardModes { 83 sd_inactive, 84 sd_card_identification_mode, 85 sd_data_transfer_mode, 86 }; 87 88 enum SDCardStates { 89 sd_waitirq_state = -2, /* emmc */ 90 sd_inactive_state = -1, 91 92 sd_idle_state = 0, 93 sd_ready_state = 1, 94 sd_identification_state = 2, 95 sd_standby_state = 3, 96 sd_transfer_state = 4, 97 sd_sendingdata_state = 5, 98 sd_receivingdata_state = 6, 99 sd_programming_state = 7, 100 sd_disconnect_state = 8, 101 sd_bus_test_state = 9, /* emmc */ 102 sd_sleep_state = 10, /* emmc */ 103 sd_io_state = 15 /* sd */ 104 }; 105 106 #define SDMMC_CMD_MAX 64 107 108 typedef sd_rsp_type_t (*sd_cmd_handler)(SDState *sd, SDRequest req); 109 110 typedef struct SDProto { 111 const char *name; 112 struct { 113 const unsigned class; 114 const sd_cmd_type_t type; 115 const char *name; 116 sd_cmd_handler handler; 117 } cmd[SDMMC_CMD_MAX], acmd[SDMMC_CMD_MAX]; 118 } SDProto; 119 120 struct SDState { 121 DeviceState parent_obj; 122 123 /* SD Memory Card Registers */ 124 uint32_t ocr; 125 uint8_t scr[8]; 126 uint8_t cid[16]; 127 uint8_t csd[16]; 128 uint16_t rca; 129 uint32_t card_status; 130 uint8_t sd_status[64]; 131 union { 132 uint8_t ext_csd[512]; 133 struct { 134 uint8_t ext_csd_rw[192]; /* Modes segment */ 135 uint8_t ext_csd_ro[320]; /* Properties segment */ 136 }; 137 }; 138 139 /* Static properties */ 140 141 uint8_t spec_version; 142 uint64_t boot_part_size; 143 BlockBackend *blk; 144 uint8_t boot_config; 145 146 const SDProto *proto; 147 148 /* Runtime changeables */ 149 150 uint32_t mode; /* current card mode, one of SDCardModes */ 151 int32_t state; /* current card state, one of SDCardStates */ 152 uint32_t vhs; 153 bool wp_switch; 154 unsigned long *wp_group_bmap; 155 int32_t wp_group_bits; 156 uint64_t size; 157 uint32_t blk_len; 158 uint32_t multi_blk_cnt; 159 uint32_t erase_start; 160 uint32_t erase_end; 161 uint8_t pwd[16]; 162 uint32_t pwd_len; 163 uint8_t function_group[6]; 164 uint8_t current_cmd; 165 const char *last_cmd_name; 166 /* True if we will handle the next command as an ACMD. Note that this does 167 * *not* track the APP_CMD status bit! 168 */ 169 bool expecting_acmd; 170 uint32_t blk_written; 171 172 uint64_t data_start; 173 uint32_t data_offset; 174 size_t data_size; 175 uint8_t data[512]; 176 QEMUTimer *ocr_power_timer; 177 uint8_t dat_lines; 178 bool cmd_line; 179 }; 180 181 static void sd_realize(DeviceState *dev, Error **errp); 182 183 static const SDProto sd_proto_spi; 184 static const SDProto sd_proto_emmc; 185 186 static bool sd_is_spi(SDState *sd) 187 { 188 return sd->proto == &sd_proto_spi; 189 } 190 191 static bool sd_is_emmc(SDState *sd) 192 { 193 return sd->proto == &sd_proto_emmc; 194 } 195 196 static const char *sd_version_str(enum SDPhySpecificationVersion version) 197 { 198 static const char *sdphy_version[] = { 199 [SD_PHY_SPECv1_10_VERS] = "v1.10", 200 [SD_PHY_SPECv2_00_VERS] = "v2.00", 201 [SD_PHY_SPECv3_01_VERS] = "v3.01", 202 }; 203 if (version >= ARRAY_SIZE(sdphy_version)) { 204 return "unsupported version"; 205 } 206 return sdphy_version[version]; 207 } 208 209 static const char *sd_mode_name(enum SDCardModes mode) 210 { 211 static const char *mode_name[] = { 212 [sd_inactive] = "inactive", 213 [sd_card_identification_mode] = "identification", 214 [sd_data_transfer_mode] = "transfer", 215 }; 216 assert(mode < ARRAY_SIZE(mode_name)); 217 return mode_name[mode]; 218 } 219 220 static const char *sd_state_name(enum SDCardStates state) 221 { 222 static const char *state_name[] = { 223 [sd_idle_state] = "idle", 224 [sd_ready_state] = "ready", 225 [sd_identification_state] = "identification", 226 [sd_standby_state] = "standby", 227 [sd_transfer_state] = "transfer", 228 [sd_sendingdata_state] = "sendingdata", 229 [sd_bus_test_state] = "bus-test", 230 [sd_receivingdata_state] = "receivingdata", 231 [sd_programming_state] = "programming", 232 [sd_disconnect_state] = "disconnect", 233 [sd_sleep_state] = "sleep", 234 [sd_io_state] = "i/o" 235 }; 236 if (state == sd_inactive_state) { 237 return "inactive"; 238 } 239 if (state == sd_waitirq_state) { 240 return "wait-irq"; 241 } 242 assert(state < ARRAY_SIZE(state_name)); 243 return state_name[state]; 244 } 245 246 static const char *sd_response_name(sd_rsp_type_t rsp) 247 { 248 static const char *response_name[] = { 249 [sd_r0] = "RESP#0 (no response)", 250 [sd_r1] = "RESP#1 (normal cmd)", 251 [spi_r2] = "RESP#2 (STATUS reg)", 252 [sd_r2_i] = "RESP#2 (CID reg)", 253 [sd_r2_s] = "RESP#2 (CSD reg)", 254 [sd_r3] = "RESP#3 (OCR reg)", 255 [sd_r6] = "RESP#6 (RCA)", 256 [sd_r7] = "RESP#7 (operating voltage)", 257 }; 258 if (rsp == sd_illegal) { 259 return "ILLEGAL RESP"; 260 } 261 if (rsp == sd_r1b) { 262 rsp = sd_r1; 263 } 264 assert(rsp < ARRAY_SIZE(response_name)); 265 return response_name[rsp]; 266 } 267 268 static const char *sd_cmd_name(SDState *sd, uint8_t cmd) 269 { 270 static const char *cmd_abbrev[SDMMC_CMD_MAX] = { 271 [18] = "READ_MULTIPLE_BLOCK", 272 [25] = "WRITE_MULTIPLE_BLOCK", 273 }; 274 const SDProto *sdp = sd->proto; 275 276 if (sdp->cmd[cmd].handler) { 277 assert(!cmd_abbrev[cmd]); 278 return sdp->cmd[cmd].name; 279 } 280 return cmd_abbrev[cmd] ? cmd_abbrev[cmd] : "UNKNOWN_CMD"; 281 } 282 283 static const char *sd_acmd_name(SDState *sd, uint8_t cmd) 284 { 285 const SDProto *sdp = sd->proto; 286 287 if (sdp->acmd[cmd].handler) { 288 return sdp->acmd[cmd].name; 289 } 290 291 return "UNKNOWN_ACMD"; 292 } 293 294 static uint8_t sd_get_dat_lines(SDState *sd) 295 { 296 return sd->dat_lines; 297 } 298 299 static bool sd_get_cmd_line(SDState *sd) 300 { 301 return sd->cmd_line; 302 } 303 304 static void sd_set_voltage(SDState *sd, uint16_t millivolts) 305 { 306 trace_sdcard_set_voltage(millivolts); 307 308 switch (millivolts) { 309 case 3001 ... 3600: /* SD_VOLTAGE_3_3V */ 310 case 2001 ... 3000: /* SD_VOLTAGE_3_0V */ 311 break; 312 default: 313 qemu_log_mask(LOG_GUEST_ERROR, "SD card voltage not supported: %.3fV", 314 millivolts / 1000.f); 315 } 316 } 317 318 static void sd_set_mode(SDState *sd) 319 { 320 switch (sd->state) { 321 case sd_inactive_state: 322 sd->mode = sd_inactive; 323 break; 324 325 case sd_idle_state: 326 case sd_ready_state: 327 case sd_identification_state: 328 sd->mode = sd_card_identification_mode; 329 break; 330 331 case sd_standby_state: 332 case sd_transfer_state: 333 case sd_sendingdata_state: 334 case sd_receivingdata_state: 335 case sd_programming_state: 336 case sd_disconnect_state: 337 sd->mode = sd_data_transfer_mode; 338 break; 339 } 340 } 341 342 static uint8_t sd_crc7(const void *message, size_t width) 343 { 344 int i, bit; 345 uint8_t shift_reg = 0x00; 346 const uint8_t *msg = (const uint8_t *)message; 347 348 for (i = 0; i < width; i ++, msg ++) 349 for (bit = 7; bit >= 0; bit --) { 350 shift_reg <<= 1; 351 if ((shift_reg >> 7) ^ ((*msg >> bit) & 1)) 352 shift_reg ^= 0x89; 353 } 354 355 return shift_reg; 356 } 357 358 /* Operation Conditions register */ 359 360 #define OCR_POWER_DELAY_NS 500000 /* 0.5ms */ 361 362 FIELD(OCR, VDD_VOLTAGE_WINDOW, 0, 24) 363 FIELD(OCR, VDD_VOLTAGE_WIN_LO, 0, 8) 364 FIELD(OCR, DUAL_VOLTAGE_CARD, 7, 1) 365 FIELD(OCR, VDD_VOLTAGE_WIN_HI, 8, 16) 366 FIELD(OCR, ACCEPT_SWITCH_1V8, 24, 1) /* Only UHS-I */ 367 FIELD(OCR, UHS_II_CARD, 29, 1) /* Only UHS-II */ 368 FIELD(OCR, CARD_CAPACITY, 30, 1) /* 0:SDSC, 1:SDHC/SDXC */ 369 FIELD(OCR, CARD_POWER_UP, 31, 1) 370 371 #define ACMD41_ENQUIRY_MASK 0x00ffffff 372 #define ACMD41_R3_MASK (R_OCR_VDD_VOLTAGE_WIN_HI_MASK \ 373 | R_OCR_ACCEPT_SWITCH_1V8_MASK \ 374 | R_OCR_UHS_II_CARD_MASK \ 375 | R_OCR_CARD_CAPACITY_MASK \ 376 | R_OCR_CARD_POWER_UP_MASK) 377 378 static void sd_ocr_powerup(void *opaque) 379 { 380 SDState *sd = opaque; 381 382 trace_sdcard_powerup(); 383 assert(!FIELD_EX32(sd->ocr, OCR, CARD_POWER_UP)); 384 385 /* card power-up OK */ 386 sd->ocr = FIELD_DP32(sd->ocr, OCR, CARD_POWER_UP, 1); 387 388 if (sd->size > SDSC_MAX_CAPACITY) { 389 sd->ocr = FIELD_DP32(sd->ocr, OCR, CARD_CAPACITY, 1); 390 } 391 } 392 393 static void sd_set_ocr(SDState *sd) 394 { 395 /* All voltages OK */ 396 sd->ocr = R_OCR_VDD_VOLTAGE_WIN_HI_MASK; 397 398 if (sd_is_spi(sd)) { 399 /* 400 * We don't need to emulate power up sequence in SPI-mode. 401 * Thus, the card's power up status bit should be set to 1 when reset. 402 * The card's capacity status bit should also be set if SD card size 403 * is larger than 2GB for SDHC support. 404 */ 405 sd_ocr_powerup(sd); 406 } 407 } 408 409 /* SD Configuration register */ 410 411 static void sd_set_scr(SDState *sd) 412 { 413 sd->scr[0] = 0 << 4; /* SCR structure version 1.0 */ 414 if (sd->spec_version == SD_PHY_SPECv1_10_VERS) { 415 sd->scr[0] |= 1; /* Spec Version 1.10 */ 416 } else { 417 sd->scr[0] |= 2; /* Spec Version 2.00 or Version 3.0X */ 418 } 419 sd->scr[1] = (2 << 4) /* SDSC Card (Security Version 1.01) */ 420 | 0b0101; /* 1-bit or 4-bit width bus modes */ 421 sd->scr[2] = 0x00; /* Extended Security is not supported. */ 422 if (sd->spec_version >= SD_PHY_SPECv3_01_VERS) { 423 sd->scr[2] |= 1 << 7; /* Spec Version 3.0X */ 424 } 425 sd->scr[3] = 0x00; 426 /* reserved for manufacturer usage */ 427 sd->scr[4] = 0x00; 428 sd->scr[5] = 0x00; 429 sd->scr[6] = 0x00; 430 sd->scr[7] = 0x00; 431 } 432 433 /* Card IDentification register */ 434 435 #define MID 0xaa 436 #define OID "XY" 437 #define PNM "QEMU!" 438 #define PRV 0x01 439 #define MDT_YR 2006 440 #define MDT_MON 2 441 442 static void sd_set_cid(SDState *sd) 443 { 444 sd->cid[0] = MID; /* Fake card manufacturer ID (MID) */ 445 sd->cid[1] = OID[0]; /* OEM/Application ID (OID) */ 446 sd->cid[2] = OID[1]; 447 sd->cid[3] = PNM[0]; /* Fake product name (PNM) */ 448 sd->cid[4] = PNM[1]; 449 sd->cid[5] = PNM[2]; 450 sd->cid[6] = PNM[3]; 451 sd->cid[7] = PNM[4]; 452 sd->cid[8] = PRV; /* Fake product revision (PRV) */ 453 stl_be_p(&sd->cid[9], 0xdeadbeef); /* Fake serial number (PSN) */ 454 sd->cid[13] = 0x00 | /* Manufacture date (MDT) */ 455 ((MDT_YR - 2000) / 10); 456 sd->cid[14] = ((MDT_YR % 10) << 4) | MDT_MON; 457 sd->cid[15] = (sd_crc7(sd->cid, 15) << 1) | 1; 458 } 459 460 static void emmc_set_cid(SDState *sd) 461 { 462 sd->cid[0] = MID; /* Fake card manufacturer ID (MID) */ 463 sd->cid[1] = 0b01; /* CBX: soldered BGA */ 464 sd->cid[2] = OID[0]; /* OEM/Application ID (OID) */ 465 sd->cid[3] = PNM[0]; /* Fake product name (PNM) */ 466 sd->cid[4] = PNM[1]; 467 sd->cid[5] = PNM[2]; 468 sd->cid[6] = PNM[3]; 469 sd->cid[7] = PNM[4]; 470 sd->cid[8] = PNM[4]; 471 sd->cid[9] = PRV; /* Fake product revision (PRV) */ 472 stl_be_p(&sd->cid[10], 0xdeadbeef); /* Fake serial number (PSN) */ 473 sd->cid[14] = (MDT_MON << 4) | (MDT_YR - 1997); /* Manufacture date (MDT) */ 474 sd->cid[15] = (sd_crc7(sd->cid, 15) << 1) | 1; 475 } 476 477 /* Card-Specific Data register */ 478 479 #define HWBLOCK_SHIFT 9 /* 512 bytes */ 480 #define SECTOR_SHIFT 5 /* 16 kilobytes */ 481 #define WPGROUP_SHIFT 7 /* 2 megs */ 482 #define CMULT_SHIFT 9 /* 512 times HWBLOCK_SIZE */ 483 #define WPGROUP_SIZE (1 << (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT)) 484 485 static const uint8_t sd_csd_rw_mask[16] = { 486 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 487 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xfc, 0xfe, 488 }; 489 490 static void emmc_set_ext_csd(SDState *sd, uint64_t size) 491 { 492 uint32_t sectcount = size >> HWBLOCK_SHIFT; 493 494 memset(sd->ext_csd, 0, sizeof(sd->ext_csd)); /* FIXME only RW at reset */ 495 496 /* Properties segment (RO) */ 497 sd->ext_csd[EXT_CSD_S_CMD_SET] = 0b1; /* supported command sets */ 498 sd->ext_csd[EXT_CSD_BOOT_INFO] = 0x0; /* Boot information */ 499 /* Boot partition size. 128KB unit */ 500 sd->ext_csd[EXT_CSD_BOOT_MULT] = sd->boot_part_size / (128 * KiB); 501 sd->ext_csd[EXT_CSD_ACC_SIZE] = 0x1; /* Access size */ 502 sd->ext_csd[EXT_CSD_HC_ERASE_GRP_SIZE] = 0x01; /* HC Erase unit size */ 503 sd->ext_csd[EXT_CSD_ERASE_TIMEOUT_MULT] = 0x01; /* HC erase timeout */ 504 sd->ext_csd[EXT_CSD_REL_WR_SEC_C] = 0x1; /* Reliable write sector count */ 505 sd->ext_csd[EXT_CSD_HC_WP_GRP_SIZE] = 0x01; /* HC write protect group size */ 506 sd->ext_csd[EXT_CSD_S_C_VCC] = 0x01; /* Sleep current VCC */ 507 sd->ext_csd[EXT_CSD_S_C_VCCQ] = 0x01; /* Sleep current VCCQ */ 508 sd->ext_csd[EXT_CSD_S_A_TIMEOUT] = 0x01; /* Sleep/Awake timeout */ 509 stl_le_p(&sd->ext_csd[EXT_CSD_SEC_CNT], sectcount); /* Sector count */ 510 sd->ext_csd[210] = 0x46; /* Min write perf for 8bit@52Mhz */ 511 sd->ext_csd[209] = 0x46; /* Min read perf for 8bit@52Mhz */ 512 sd->ext_csd[208] = 0x46; /* Min write perf for 4bit@52Mhz */ 513 sd->ext_csd[207] = 0x46; /* Min read perf for 4bit@52Mhz */ 514 sd->ext_csd[206] = 0x46; /* Min write perf for 4bit@26Mhz */ 515 sd->ext_csd[205] = 0x46; /* Min read perf for 4bit@26Mhz */ 516 sd->ext_csd[EXT_CSD_CARD_TYPE] = 0b11; 517 sd->ext_csd[EXT_CSD_STRUCTURE] = 2; 518 sd->ext_csd[EXT_CSD_REV] = 3; 519 520 /* Mode segment (RW) */ 521 sd->ext_csd[EXT_CSD_PART_CONFIG] = sd->boot_config; 522 } 523 524 static void emmc_set_csd(SDState *sd, uint64_t size) 525 { 526 int hwblock_shift = HWBLOCK_SHIFT; 527 uint32_t sectsize = (1 << (SECTOR_SHIFT + 1)) - 1; 528 uint32_t wpsize = (1 << (WPGROUP_SHIFT + 1)) - 1; 529 530 sd->csd[0] = (3 << 6) | (4 << 2); /* Spec v4.3 with EXT_CSD */ 531 sd->csd[1] = (1 << 3) | 6; /* Asynchronous data access time: 1ms */ 532 sd->csd[2] = 0x00; 533 sd->csd[3] = (1 << 3) | 3;; /* Maximum bus clock frequency: 100MHz */ 534 sd->csd[4] = 0x0f; 535 if (size <= 2 * GiB) { 536 /* use 1k blocks */ 537 uint32_t csize1k = (size >> (CMULT_SHIFT + 10)) - 1; 538 sd->csd[5] = 0x5a; 539 sd->csd[6] = 0x80 | ((csize1k >> 10) & 0xf); 540 sd->csd[7] = (csize1k >> 2) & 0xff; 541 } else { /* >= 2GB : size stored in ext CSD, block addressing */ 542 sd->csd[5] = 0x59; 543 sd->csd[6] = 0x8f; 544 sd->csd[7] = 0xff; 545 sd->ocr = FIELD_DP32(sd->ocr, OCR, CARD_CAPACITY, 1); 546 } 547 sd->csd[8] = 0xff; 548 sd->csd[9] = 0xfc | /* Max. write current */ 549 ((CMULT_SHIFT - 2) >> 1); 550 sd->csd[10] = 0x40 | /* Erase sector size */ 551 (((CMULT_SHIFT - 2) << 7) & 0x80) | (sectsize >> 1); 552 sd->csd[11] = 0x00 | /* Write protect group size */ 553 ((sectsize << 7) & 0x80) | wpsize; 554 sd->csd[12] = 0x90 | /* Write speed factor */ 555 (hwblock_shift >> 2); 556 sd->csd[13] = 0x20 | /* Max. write data block length */ 557 ((hwblock_shift << 6) & 0xc0); 558 sd->csd[14] = 0x00; 559 sd->csd[15] = (sd_crc7(sd->csd, 15) << 1) | 1; 560 emmc_set_ext_csd(sd, size); 561 } 562 563 static void sd_set_csd(SDState *sd, uint64_t size) 564 { 565 int hwblock_shift = HWBLOCK_SHIFT; 566 uint32_t csize; 567 uint32_t sectsize = (1 << (SECTOR_SHIFT + 1)) - 1; 568 uint32_t wpsize = (1 << (WPGROUP_SHIFT + 1)) - 1; 569 570 /* To indicate 2 GiB card, BLOCK_LEN shall be 1024 bytes */ 571 if (size == SDSC_MAX_CAPACITY) { 572 hwblock_shift += 1; 573 } 574 csize = (size >> (CMULT_SHIFT + hwblock_shift)) - 1; 575 576 if (size <= SDSC_MAX_CAPACITY) { /* Standard Capacity SD */ 577 sd->csd[0] = 0x00; /* CSD structure */ 578 sd->csd[1] = 0x26; /* Data read access-time-1 */ 579 sd->csd[2] = 0x00; /* Data read access-time-2 */ 580 sd->csd[3] = 0x32; /* Max. data transfer rate: 25 MHz */ 581 sd->csd[4] = 0x5f; /* Card Command Classes */ 582 sd->csd[5] = 0x50 | /* Max. read data block length */ 583 hwblock_shift; 584 sd->csd[6] = 0xe0 | /* Partial block for read allowed */ 585 ((csize >> 10) & 0x03); 586 sd->csd[7] = 0x00 | /* Device size */ 587 ((csize >> 2) & 0xff); 588 sd->csd[8] = 0x3f | /* Max. read current */ 589 ((csize << 6) & 0xc0); 590 sd->csd[9] = 0xfc | /* Max. write current */ 591 ((CMULT_SHIFT - 2) >> 1); 592 sd->csd[10] = 0x40 | /* Erase sector size */ 593 (((CMULT_SHIFT - 2) << 7) & 0x80) | (sectsize >> 1); 594 sd->csd[11] = 0x00 | /* Write protect group size */ 595 ((sectsize << 7) & 0x80) | wpsize; 596 sd->csd[12] = 0x90 | /* Write speed factor */ 597 (hwblock_shift >> 2); 598 sd->csd[13] = 0x20 | /* Max. write data block length */ 599 ((hwblock_shift << 6) & 0xc0); 600 sd->csd[14] = 0x00; /* File format group */ 601 } else { /* SDHC */ 602 size /= 512 * KiB; 603 size -= 1; 604 sd->csd[0] = 0x40; 605 sd->csd[1] = 0x0e; 606 sd->csd[2] = 0x00; 607 sd->csd[3] = 0x32; 608 sd->csd[4] = 0x5b; 609 sd->csd[5] = 0x59; 610 sd->csd[6] = 0x00; 611 st24_be_p(&sd->csd[7], size); 612 sd->csd[10] = 0x7f; 613 sd->csd[11] = 0x80; 614 sd->csd[12] = 0x0a; 615 sd->csd[13] = 0x40; 616 sd->csd[14] = 0x00; 617 } 618 sd->csd[15] = (sd_crc7(sd->csd, 15) << 1) | 1; 619 } 620 621 /* Relative Card Address register */ 622 623 static void sd_set_rca(SDState *sd, uint16_t value) 624 { 625 trace_sdcard_set_rca(value); 626 sd->rca = value; 627 } 628 629 static uint16_t sd_req_get_rca(SDState *s, SDRequest req) 630 { 631 switch (s->proto->cmd[req.cmd].type) { 632 case sd_ac: 633 case sd_adtc: 634 return req.arg >> 16; 635 case sd_spi: 636 default: 637 g_assert_not_reached(); 638 } 639 } 640 641 static bool sd_req_rca_same(SDState *s, SDRequest req) 642 { 643 return sd_req_get_rca(s, req) == s->rca; 644 } 645 646 /* Card Status register */ 647 648 FIELD(CSR, AKE_SEQ_ERROR, 3, 1) 649 FIELD(CSR, APP_CMD, 5, 1) 650 FIELD(CSR, FX_EVENT, 6, 1) 651 FIELD(CSR, SWITCH_ERROR, 7, 1) 652 FIELD(CSR, READY_FOR_DATA, 8, 1) 653 FIELD(CSR, CURRENT_STATE, 9, 4) 654 FIELD(CSR, ERASE_RESET, 13, 1) 655 FIELD(CSR, CARD_ECC_DISABLED, 14, 1) 656 FIELD(CSR, WP_ERASE_SKIP, 15, 1) 657 FIELD(CSR, CSD_OVERWRITE, 16, 1) 658 FIELD(CSR, DEFERRED_RESPONSE, 17, 1) 659 FIELD(CSR, ERROR, 19, 1) 660 FIELD(CSR, CC_ERROR, 20, 1) 661 FIELD(CSR, CARD_ECC_FAILED, 21, 1) 662 FIELD(CSR, ILLEGAL_COMMAND, 22, 1) 663 FIELD(CSR, COM_CRC_ERROR, 23, 1) 664 FIELD(CSR, LOCK_UNLOCK_FAILED, 24, 1) 665 FIELD(CSR, CARD_IS_LOCKED, 25, 1) 666 FIELD(CSR, WP_VIOLATION, 26, 1) 667 FIELD(CSR, ERASE_PARAM, 27, 1) 668 FIELD(CSR, ERASE_SEQ_ERROR, 28, 1) 669 FIELD(CSR, BLOCK_LEN_ERROR, 29, 1) 670 FIELD(CSR, ADDRESS_ERROR, 30, 1) 671 FIELD(CSR, OUT_OF_RANGE, 31, 1) 672 673 /* Card status bits, split by clear condition: 674 * A : According to the card current state 675 * B : Always related to the previous command 676 * C : Cleared by read 677 */ 678 #define CARD_STATUS_A (R_CSR_READY_FOR_DATA_MASK \ 679 | R_CSR_CARD_ECC_DISABLED_MASK \ 680 | R_CSR_CARD_IS_LOCKED_MASK) 681 #define CARD_STATUS_B (R_CSR_CURRENT_STATE_MASK \ 682 | R_CSR_ILLEGAL_COMMAND_MASK \ 683 | R_CSR_COM_CRC_ERROR_MASK) 684 #define CARD_STATUS_C (R_CSR_AKE_SEQ_ERROR_MASK \ 685 | R_CSR_APP_CMD_MASK \ 686 | R_CSR_ERASE_RESET_MASK \ 687 | R_CSR_WP_ERASE_SKIP_MASK \ 688 | R_CSR_CSD_OVERWRITE_MASK \ 689 | R_CSR_ERROR_MASK \ 690 | R_CSR_CC_ERROR_MASK \ 691 | R_CSR_CARD_ECC_FAILED_MASK \ 692 | R_CSR_LOCK_UNLOCK_FAILED_MASK \ 693 | R_CSR_WP_VIOLATION_MASK \ 694 | R_CSR_ERASE_PARAM_MASK \ 695 | R_CSR_ERASE_SEQ_ERROR_MASK \ 696 | R_CSR_BLOCK_LEN_ERROR_MASK \ 697 | R_CSR_ADDRESS_ERROR_MASK \ 698 | R_CSR_OUT_OF_RANGE_MASK) 699 700 static void sd_set_cardstatus(SDState *sd) 701 { 702 sd->card_status = READY_FOR_DATA; 703 } 704 705 static void sd_set_sdstatus(SDState *sd) 706 { 707 memset(sd->sd_status, 0, 64); 708 } 709 710 static const uint8_t sd_tuning_block_pattern4[64] = { 711 /* 712 * See: Physical Layer Simplified Specification Version 3.01, 713 * Table 4-2. 714 */ 715 0xff, 0x0f, 0xff, 0x00, 0x0f, 0xfc, 0xc3, 0xcc, 716 0xc3, 0x3c, 0xcc, 0xff, 0xfe, 0xff, 0xfe, 0xef, 717 0xff, 0xdf, 0xff, 0xdd, 0xff, 0xfb, 0xff, 0xfb, 718 0xbf, 0xff, 0x7f, 0xff, 0x77, 0xf7, 0xbd, 0xef, 719 0xff, 0xf0, 0xff, 0xf0, 0x0f, 0xfc, 0xcc, 0x3c, 720 0xcc, 0x33, 0xcc, 0xcf, 0xff, 0xef, 0xff, 0xee, 721 0xff, 0xfd, 0xff, 0xfd, 0xdf, 0xff, 0xbf, 0xff, 722 0xbb, 0xff, 0xf7, 0xff, 0xf7, 0x7f, 0x7b, 0xde 723 }; 724 725 static int sd_req_crc_validate(SDRequest *req) 726 { 727 uint8_t buffer[5]; 728 buffer[0] = 0x40 | req->cmd; 729 stl_be_p(&buffer[1], req->arg); 730 return 0; 731 return sd_crc7(buffer, 5) != req->crc; /* TODO */ 732 } 733 734 static size_t sd_response_size(SDState *sd, sd_rsp_type_t rtype) 735 { 736 switch (rtype) { 737 case sd_r1: 738 case sd_r1b: 739 return sd_is_spi(sd) ? 1 : 4; 740 741 case spi_r2: 742 assert(sd_is_spi(sd)); 743 return 2; 744 745 case sd_r2_i: 746 case sd_r2_s: 747 assert(!sd_is_spi(sd)); 748 return 16; 749 750 case sd_r3: 751 case sd_r7: 752 return sd_is_spi(sd) ? 5 : 4; 753 754 case sd_r6: 755 assert(!sd_is_spi(sd)); 756 return 4; 757 758 case sd_r0: 759 case sd_illegal: 760 return sd_is_spi(sd) ? 1 : 0; 761 762 default: 763 g_assert_not_reached(); 764 } 765 } 766 767 static void sd_response_r1_make(SDState *sd, uint8_t *response) 768 { 769 if (sd_is_spi(sd)) { 770 response[0] = sd->state == sd_idle_state 771 && !FIELD_EX32(sd->ocr, OCR, CARD_POWER_UP); 772 response[0] |= FIELD_EX32(sd->card_status, CSR, ERASE_RESET) << 1; 773 response[0] |= FIELD_EX32(sd->card_status, CSR, ILLEGAL_COMMAND) << 2; 774 response[0] |= FIELD_EX32(sd->card_status, CSR, COM_CRC_ERROR) << 3; 775 response[0] |= FIELD_EX32(sd->card_status, CSR, ERASE_SEQ_ERROR) << 4; 776 response[0] |= FIELD_EX32(sd->card_status, CSR, ADDRESS_ERROR) << 5; 777 response[0] |= FIELD_EX32(sd->card_status, CSR, BLOCK_LEN_ERROR) << 6; 778 response[0] |= 0 << 7; 779 } else { 780 stl_be_p(response, sd->card_status); 781 } 782 783 /* Clear the "clear on read" status bits */ 784 sd->card_status &= ~CARD_STATUS_C; 785 } 786 787 static void spi_response_r2_make(SDState *sd, uint8_t *resp) 788 { 789 /* Prepend R1 */ 790 sd_response_r1_make(sd, resp); 791 792 resp[1] = FIELD_EX32(sd->card_status, CSR, CARD_IS_LOCKED) << 0; 793 resp[1] |= (FIELD_EX32(sd->card_status, CSR, LOCK_UNLOCK_FAILED) 794 || FIELD_EX32(sd->card_status, CSR, WP_ERASE_SKIP)) << 1; 795 resp[1] |= FIELD_EX32(sd->card_status, CSR, ERROR) << 2; 796 resp[1] |= FIELD_EX32(sd->card_status, CSR, CC_ERROR) << 3; 797 resp[1] |= FIELD_EX32(sd->card_status, CSR, CARD_ECC_FAILED) << 4; 798 resp[1] |= FIELD_EX32(sd->card_status, CSR, WP_VIOLATION) << 5; 799 resp[1] |= FIELD_EX32(sd->card_status, CSR, ERASE_PARAM) << 6; 800 resp[1] |= FIELD_EX32(sd->card_status, CSR, OUT_OF_RANGE) << 7; 801 } 802 803 static void sd_response_r3_make(SDState *sd, uint8_t *response) 804 { 805 if (sd_is_spi(sd)) { 806 /* Prepend R1 */ 807 sd_response_r1_make(sd, response); 808 response++; 809 } 810 stl_be_p(response, sd->ocr & ACMD41_R3_MASK); 811 } 812 813 static void sd_response_r6_make(SDState *sd, uint8_t *response) 814 { 815 uint16_t status; 816 817 status = ((sd->card_status >> 8) & 0xc000) | 818 ((sd->card_status >> 6) & 0x2000) | 819 (sd->card_status & 0x1fff); 820 sd->card_status &= ~(CARD_STATUS_C & 0xc81fff); 821 stw_be_p(response + 0, sd->rca); 822 stw_be_p(response + 2, status); 823 } 824 825 static void sd_response_r7_make(SDState *sd, uint8_t *response) 826 { 827 if (sd_is_spi(sd)) { 828 /* Prepend R1 */ 829 sd_response_r1_make(sd, response); 830 response++; 831 } 832 stl_be_p(response, sd->vhs); 833 } 834 835 static uint32_t sd_blk_len(SDState *sd) 836 { 837 if (FIELD_EX32(sd->ocr, OCR, CARD_CAPACITY)) { 838 return 1 << HWBLOCK_SHIFT; 839 } 840 return sd->blk_len; 841 } 842 843 /* 844 * This requires a disk image that has two boot partitions inserted at the 845 * beginning of it. The size of the boot partitions is the "boot-size" 846 * property. 847 */ 848 static uint32_t sd_bootpart_offset(SDState *sd) 849 { 850 unsigned partition_access; 851 852 if (!sd->boot_part_size || !sd_is_emmc(sd)) { 853 return 0; 854 } 855 856 partition_access = sd->ext_csd[EXT_CSD_PART_CONFIG] 857 & EXT_CSD_PART_CONFIG_ACC_MASK; 858 switch (partition_access) { 859 case EXT_CSD_PART_CONFIG_ACC_DEFAULT: 860 return sd->boot_part_size * 2; 861 case EXT_CSD_PART_CONFIG_ACC_BOOT0: 862 return 0; 863 case EXT_CSD_PART_CONFIG_ACC_BOOT0 + 1: 864 return sd->boot_part_size * 1; 865 default: 866 g_assert_not_reached(); 867 } 868 } 869 870 static uint64_t sd_req_get_address(SDState *sd, SDRequest req) 871 { 872 uint64_t addr; 873 874 if (FIELD_EX32(sd->ocr, OCR, CARD_CAPACITY)) { 875 addr = (uint64_t) req.arg << HWBLOCK_SHIFT; 876 } else { 877 addr = req.arg; 878 } 879 trace_sdcard_req_addr(req.arg, addr); 880 return addr; 881 } 882 883 static inline uint64_t sd_addr_to_wpnum(uint64_t addr) 884 { 885 return addr >> (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT); 886 } 887 888 static void sd_reset(DeviceState *dev) 889 { 890 SDState *sd = SDMMC_COMMON(dev); 891 SDCardClass *sc = SDMMC_COMMON_GET_CLASS(sd); 892 uint64_t size; 893 uint64_t sect; 894 895 trace_sdcard_reset(); 896 if (sd->blk) { 897 blk_get_geometry(sd->blk, §); 898 } else { 899 sect = 0; 900 } 901 size = sect << HWBLOCK_SHIFT; 902 if (sd_is_emmc(sd)) { 903 size -= sd->boot_part_size * 2; 904 } 905 906 sect = sd_addr_to_wpnum(size) + 1; 907 908 sd->state = sd_idle_state; 909 910 /* card registers */ 911 sd->rca = sd_is_emmc(sd) ? 0x0001 : 0x0000; 912 sd->size = size; 913 sd_set_ocr(sd); 914 sd_set_scr(sd); 915 sc->set_cid(sd); 916 sc->set_csd(sd, size); 917 sd_set_cardstatus(sd); 918 sd_set_sdstatus(sd); 919 920 g_free(sd->wp_group_bmap); 921 sd->wp_switch = sd->blk ? !blk_is_writable(sd->blk) : false; 922 sd->wp_group_bits = sect; 923 sd->wp_group_bmap = bitmap_new(sd->wp_group_bits); 924 memset(sd->function_group, 0, sizeof(sd->function_group)); 925 sd->erase_start = INVALID_ADDRESS; 926 sd->erase_end = INVALID_ADDRESS; 927 sd->blk_len = 0x200; 928 sd->pwd_len = 0; 929 sd->expecting_acmd = false; 930 sd->dat_lines = 0xf; 931 sd->cmd_line = true; 932 sd->multi_blk_cnt = 0; 933 } 934 935 static bool sd_get_inserted(SDState *sd) 936 { 937 return sd->blk && blk_is_inserted(sd->blk); 938 } 939 940 static bool sd_get_readonly(SDState *sd) 941 { 942 return sd->wp_switch; 943 } 944 945 static void sd_cardchange(void *opaque, bool load, Error **errp) 946 { 947 SDState *sd = opaque; 948 DeviceState *dev = DEVICE(sd); 949 SDBus *sdbus; 950 bool inserted = sd_get_inserted(sd); 951 bool readonly = sd_get_readonly(sd); 952 953 if (inserted) { 954 trace_sdcard_inserted(readonly); 955 sd_reset(dev); 956 } else { 957 trace_sdcard_ejected(); 958 } 959 960 sdbus = SD_BUS(qdev_get_parent_bus(dev)); 961 sdbus_set_inserted(sdbus, inserted); 962 if (inserted) { 963 sdbus_set_readonly(sdbus, readonly); 964 } 965 } 966 967 static const BlockDevOps sd_block_ops = { 968 .change_media_cb = sd_cardchange, 969 }; 970 971 static bool sd_ocr_vmstate_needed(void *opaque) 972 { 973 SDState *sd = opaque; 974 975 /* Include the OCR state (and timer) if it is not yet powered up */ 976 return !FIELD_EX32(sd->ocr, OCR, CARD_POWER_UP); 977 } 978 979 static const VMStateDescription sd_ocr_vmstate = { 980 .name = "sd-card/ocr-state", 981 .version_id = 1, 982 .minimum_version_id = 1, 983 .needed = sd_ocr_vmstate_needed, 984 .fields = (const VMStateField[]) { 985 VMSTATE_UINT32(ocr, SDState), 986 VMSTATE_TIMER_PTR(ocr_power_timer, SDState), 987 VMSTATE_END_OF_LIST() 988 }, 989 }; 990 991 static bool vmstate_needed_for_emmc(void *opaque) 992 { 993 SDState *sd = opaque; 994 995 return sd_is_emmc(sd); 996 } 997 998 static const VMStateDescription emmc_extcsd_vmstate = { 999 .name = "sd-card/ext_csd_modes-state", 1000 .version_id = 1, 1001 .minimum_version_id = 1, 1002 .needed = vmstate_needed_for_emmc, 1003 .fields = (const VMStateField[]) { 1004 VMSTATE_UINT8_ARRAY(ext_csd_rw, SDState, 192), 1005 VMSTATE_END_OF_LIST() 1006 }, 1007 }; 1008 1009 static int sd_vmstate_pre_load(void *opaque) 1010 { 1011 SDState *sd = opaque; 1012 1013 /* If the OCR state is not included (prior versions, or not 1014 * needed), then the OCR must be set as powered up. If the OCR state 1015 * is included, this will be replaced by the state restore. 1016 */ 1017 sd_ocr_powerup(sd); 1018 1019 return 0; 1020 } 1021 1022 static const VMStateDescription sd_vmstate = { 1023 .name = "sd-card", 1024 .version_id = 2, 1025 .minimum_version_id = 2, 1026 .pre_load = sd_vmstate_pre_load, 1027 .fields = (const VMStateField[]) { 1028 VMSTATE_UINT32(mode, SDState), 1029 VMSTATE_INT32(state, SDState), 1030 VMSTATE_UINT8_ARRAY(cid, SDState, 16), 1031 VMSTATE_UINT8_ARRAY(csd, SDState, 16), 1032 VMSTATE_UINT16(rca, SDState), 1033 VMSTATE_UINT32(card_status, SDState), 1034 VMSTATE_PARTIAL_BUFFER(sd_status, SDState, 1), 1035 VMSTATE_UINT32(vhs, SDState), 1036 VMSTATE_BITMAP(wp_group_bmap, SDState, 0, wp_group_bits), 1037 VMSTATE_UINT32(blk_len, SDState), 1038 VMSTATE_UINT32(multi_blk_cnt, SDState), 1039 VMSTATE_UINT32(erase_start, SDState), 1040 VMSTATE_UINT32(erase_end, SDState), 1041 VMSTATE_UINT8_ARRAY(pwd, SDState, 16), 1042 VMSTATE_UINT32(pwd_len, SDState), 1043 VMSTATE_UINT8_ARRAY(function_group, SDState, 6), 1044 VMSTATE_UINT8(current_cmd, SDState), 1045 VMSTATE_BOOL(expecting_acmd, SDState), 1046 VMSTATE_UINT32(blk_written, SDState), 1047 VMSTATE_UINT64(data_start, SDState), 1048 VMSTATE_UINT32(data_offset, SDState), 1049 VMSTATE_UINT8_ARRAY(data, SDState, 512), 1050 VMSTATE_UNUSED_V(1, 512), 1051 VMSTATE_UNUSED(1), 1052 VMSTATE_END_OF_LIST() 1053 }, 1054 .subsections = (const VMStateDescription * const []) { 1055 &sd_ocr_vmstate, 1056 &emmc_extcsd_vmstate, 1057 NULL 1058 }, 1059 }; 1060 1061 static void sd_blk_read(SDState *sd, uint64_t addr, uint32_t len) 1062 { 1063 trace_sdcard_read_block(addr, len); 1064 addr += sd_bootpart_offset(sd); 1065 if (!sd->blk || blk_pread(sd->blk, addr, len, sd->data, 0) < 0) { 1066 fprintf(stderr, "sd_blk_read: read error on host side\n"); 1067 } 1068 } 1069 1070 static void sd_blk_write(SDState *sd, uint64_t addr, uint32_t len) 1071 { 1072 trace_sdcard_write_block(addr, len); 1073 addr += sd_bootpart_offset(sd); 1074 if (!sd->blk || blk_pwrite(sd->blk, addr, len, sd->data, 0) < 0) { 1075 fprintf(stderr, "sd_blk_write: write error on host side\n"); 1076 } 1077 } 1078 1079 static void sd_erase(SDState *sd) 1080 { 1081 uint64_t erase_start = sd->erase_start; 1082 uint64_t erase_end = sd->erase_end; 1083 bool sdsc = true; 1084 uint64_t wpnum; 1085 uint64_t erase_addr; 1086 int erase_len = 1 << HWBLOCK_SHIFT; 1087 1088 trace_sdcard_erase(sd->erase_start, sd->erase_end); 1089 if (sd->erase_start == INVALID_ADDRESS 1090 || sd->erase_end == INVALID_ADDRESS) { 1091 sd->card_status |= ERASE_SEQ_ERROR; 1092 sd->erase_start = INVALID_ADDRESS; 1093 sd->erase_end = INVALID_ADDRESS; 1094 return; 1095 } 1096 1097 if (FIELD_EX32(sd->ocr, OCR, CARD_CAPACITY)) { 1098 /* High capacity memory card: erase units are 512 byte blocks */ 1099 erase_start <<= HWBLOCK_SHIFT; 1100 erase_end <<= HWBLOCK_SHIFT; 1101 sdsc = false; 1102 } 1103 1104 if (erase_start > sd->size || erase_end > sd->size) { 1105 sd->card_status |= OUT_OF_RANGE; 1106 sd->erase_start = INVALID_ADDRESS; 1107 sd->erase_end = INVALID_ADDRESS; 1108 return; 1109 } 1110 1111 sd->erase_start = INVALID_ADDRESS; 1112 sd->erase_end = INVALID_ADDRESS; 1113 sd->csd[14] |= 0x40; 1114 1115 memset(sd->data, 0xff, erase_len); 1116 for (erase_addr = erase_start; erase_addr <= erase_end; 1117 erase_addr += erase_len) { 1118 if (sdsc) { 1119 /* Only SDSC cards support write protect groups */ 1120 wpnum = sd_addr_to_wpnum(erase_addr); 1121 assert(wpnum < sd->wp_group_bits); 1122 if (test_bit(wpnum, sd->wp_group_bmap)) { 1123 sd->card_status |= WP_ERASE_SKIP; 1124 continue; 1125 } 1126 } 1127 sd_blk_write(sd, erase_addr, erase_len); 1128 } 1129 } 1130 1131 static uint32_t sd_wpbits(SDState *sd, uint64_t addr) 1132 { 1133 uint32_t i, wpnum; 1134 uint32_t ret = 0; 1135 1136 wpnum = sd_addr_to_wpnum(addr); 1137 1138 for (i = 0; i < 32; i++, wpnum++, addr += WPGROUP_SIZE) { 1139 if (addr >= sd->size) { 1140 /* 1141 * If the addresses of the last groups are outside the valid range, 1142 * then the corresponding write protection bits shall be set to 0. 1143 */ 1144 continue; 1145 } 1146 assert(wpnum < sd->wp_group_bits); 1147 if (test_bit(wpnum, sd->wp_group_bmap)) { 1148 ret |= (1 << i); 1149 } 1150 } 1151 1152 return ret; 1153 } 1154 1155 enum ExtCsdAccessMode { 1156 EXT_CSD_ACCESS_MODE_COMMAND_SET = 0, 1157 EXT_CSD_ACCESS_MODE_SET_BITS = 1, 1158 EXT_CSD_ACCESS_MODE_CLEAR_BITS = 2, 1159 EXT_CSD_ACCESS_MODE_WRITE_BYTE = 3 1160 }; 1161 1162 static void emmc_function_switch(SDState *sd, uint32_t arg) 1163 { 1164 uint8_t access = extract32(arg, 24, 2); 1165 uint8_t index = extract32(arg, 16, 8); 1166 uint8_t value = extract32(arg, 8, 8); 1167 uint8_t b = sd->ext_csd[index]; 1168 1169 trace_sdcard_switch(access, index, value, extract32(arg, 0, 2)); 1170 1171 if (index >= 192) { 1172 qemu_log_mask(LOG_GUEST_ERROR, "MMC switching illegal offset\n"); 1173 sd->card_status |= R_CSR_SWITCH_ERROR_MASK; 1174 return; 1175 } 1176 1177 switch (access) { 1178 case EXT_CSD_ACCESS_MODE_COMMAND_SET: 1179 qemu_log_mask(LOG_UNIMP, "MMC Command set switching not supported\n"); 1180 return; 1181 case EXT_CSD_ACCESS_MODE_SET_BITS: 1182 b |= value; 1183 break; 1184 case EXT_CSD_ACCESS_MODE_CLEAR_BITS: 1185 b &= ~value; 1186 break; 1187 case EXT_CSD_ACCESS_MODE_WRITE_BYTE: 1188 b = value; 1189 break; 1190 } 1191 1192 trace_sdcard_ext_csd_update(index, sd->ext_csd[index], b); 1193 sd->ext_csd[index] = b; 1194 } 1195 1196 static void sd_function_switch(SDState *sd, uint32_t arg) 1197 { 1198 int i, mode, new_func; 1199 mode = !!(arg & 0x80000000); 1200 1201 sd->data[0] = 0x00; /* Maximum current consumption */ 1202 sd->data[1] = 0x01; 1203 sd->data[2] = 0x80; /* Supported group 6 functions */ 1204 sd->data[3] = 0x01; 1205 sd->data[4] = 0x80; /* Supported group 5 functions */ 1206 sd->data[5] = 0x01; 1207 sd->data[6] = 0x80; /* Supported group 4 functions */ 1208 sd->data[7] = 0x01; 1209 sd->data[8] = 0x80; /* Supported group 3 functions */ 1210 sd->data[9] = 0x01; 1211 sd->data[10] = 0x80; /* Supported group 2 functions */ 1212 sd->data[11] = 0x43; 1213 sd->data[12] = 0x80; /* Supported group 1 functions */ 1214 sd->data[13] = 0x03; 1215 1216 memset(&sd->data[14], 0, 3); 1217 for (i = 0; i < 6; i ++) { 1218 new_func = (arg >> (i * 4)) & 0x0f; 1219 if (mode && new_func != 0x0f) 1220 sd->function_group[i] = new_func; 1221 sd->data[16 - (i >> 1)] |= new_func << ((i % 2) * 4); 1222 } 1223 memset(&sd->data[17], 0, 47); 1224 } 1225 1226 static inline bool sd_wp_addr(SDState *sd, uint64_t addr) 1227 { 1228 return test_bit(sd_addr_to_wpnum(addr), sd->wp_group_bmap); 1229 } 1230 1231 static void sd_lock_command(SDState *sd) 1232 { 1233 int erase, lock, clr_pwd, set_pwd, pwd_len; 1234 erase = !!(sd->data[0] & 0x08); 1235 lock = sd->data[0] & 0x04; 1236 clr_pwd = sd->data[0] & 0x02; 1237 set_pwd = sd->data[0] & 0x01; 1238 1239 if (sd->blk_len > 1) 1240 pwd_len = sd->data[1]; 1241 else 1242 pwd_len = 0; 1243 1244 if (lock) { 1245 trace_sdcard_lock(); 1246 } else { 1247 trace_sdcard_unlock(); 1248 } 1249 if (erase) { 1250 if (!(sd->card_status & CARD_IS_LOCKED) || sd->blk_len > 1 || 1251 set_pwd || clr_pwd || lock || sd->wp_switch || 1252 (sd->csd[14] & 0x20)) { 1253 sd->card_status |= LOCK_UNLOCK_FAILED; 1254 return; 1255 } 1256 bitmap_zero(sd->wp_group_bmap, sd->wp_group_bits); 1257 sd->csd[14] &= ~0x10; 1258 sd->card_status &= ~CARD_IS_LOCKED; 1259 sd->pwd_len = 0; 1260 /* Erasing the entire card here! */ 1261 fprintf(stderr, "SD: Card force-erased by CMD42\n"); 1262 return; 1263 } 1264 1265 if (sd->blk_len < 2 + pwd_len || 1266 pwd_len <= sd->pwd_len || 1267 pwd_len > sd->pwd_len + 16) { 1268 sd->card_status |= LOCK_UNLOCK_FAILED; 1269 return; 1270 } 1271 1272 if (sd->pwd_len && memcmp(sd->pwd, sd->data + 2, sd->pwd_len)) { 1273 sd->card_status |= LOCK_UNLOCK_FAILED; 1274 return; 1275 } 1276 1277 pwd_len -= sd->pwd_len; 1278 if ((pwd_len && !set_pwd) || 1279 (clr_pwd && (set_pwd || lock)) || 1280 (lock && !sd->pwd_len && !set_pwd) || 1281 (!set_pwd && !clr_pwd && 1282 (((sd->card_status & CARD_IS_LOCKED) && lock) || 1283 (!(sd->card_status & CARD_IS_LOCKED) && !lock)))) { 1284 sd->card_status |= LOCK_UNLOCK_FAILED; 1285 return; 1286 } 1287 1288 if (set_pwd) { 1289 memcpy(sd->pwd, sd->data + 2 + sd->pwd_len, pwd_len); 1290 sd->pwd_len = pwd_len; 1291 } 1292 1293 if (clr_pwd) { 1294 sd->pwd_len = 0; 1295 } 1296 1297 if (lock) 1298 sd->card_status |= CARD_IS_LOCKED; 1299 else 1300 sd->card_status &= ~CARD_IS_LOCKED; 1301 } 1302 1303 static bool address_in_range(SDState *sd, const char *desc, 1304 uint64_t addr, uint32_t length) 1305 { 1306 if (addr + length > sd->size) { 1307 qemu_log_mask(LOG_GUEST_ERROR, 1308 "%s offset %"PRIu64" > card %"PRIu64" [%%%u]\n", 1309 desc, addr, sd->size, length); 1310 sd->card_status |= ADDRESS_ERROR; 1311 return false; 1312 } 1313 return true; 1314 } 1315 1316 static sd_rsp_type_t sd_invalid_state_for_cmd(SDState *sd, SDRequest req) 1317 { 1318 qemu_log_mask(LOG_GUEST_ERROR, "%s: CMD%i in a wrong state: %s (spec %s)\n", 1319 sd->proto->name, req.cmd, sd_state_name(sd->state), 1320 sd_version_str(sd->spec_version)); 1321 1322 return sd_illegal; 1323 } 1324 1325 static sd_rsp_type_t sd_invalid_mode_for_cmd(SDState *sd, SDRequest req) 1326 { 1327 qemu_log_mask(LOG_GUEST_ERROR, "%s: CMD%i in a wrong mode: %s (spec %s)\n", 1328 sd->proto->name, req.cmd, sd_mode_name(sd->mode), 1329 sd_version_str(sd->spec_version)); 1330 1331 return sd_illegal; 1332 } 1333 1334 static sd_rsp_type_t sd_cmd_illegal(SDState *sd, SDRequest req) 1335 { 1336 qemu_log_mask(LOG_GUEST_ERROR, "%s: Unknown CMD%i for spec %s\n", 1337 sd->proto->name, req.cmd, 1338 sd_version_str(sd->spec_version)); 1339 1340 return sd_illegal; 1341 } 1342 1343 /* Commands that are recognised but not yet implemented. */ 1344 static sd_rsp_type_t sd_cmd_unimplemented(SDState *sd, SDRequest req) 1345 { 1346 qemu_log_mask(LOG_UNIMP, "%s: CMD%i not implemented\n", 1347 sd->proto->name, req.cmd); 1348 1349 return sd_illegal; 1350 } 1351 1352 static sd_rsp_type_t sd_cmd_optional(SDState *sd, SDRequest req) 1353 { 1354 qemu_log_mask(LOG_UNIMP, "%s: Optional CMD%i not implemented\n", 1355 sd->proto->name, req.cmd); 1356 1357 return sd_illegal; 1358 } 1359 1360 /* Configure fields for following sd_generic_write_byte() calls */ 1361 static sd_rsp_type_t sd_cmd_to_receivingdata(SDState *sd, SDRequest req, 1362 uint64_t start, size_t size) 1363 { 1364 if (sd->state != sd_transfer_state) { 1365 return sd_invalid_state_for_cmd(sd, req); 1366 } 1367 sd->state = sd_receivingdata_state; 1368 sd->data_start = start; 1369 sd->data_offset = 0; 1370 /* sd->data[] used as receive buffer */ 1371 sd->data_size = size ?: sizeof(sd->data); 1372 return sd_r1; 1373 } 1374 1375 /* Configure fields for following sd_generic_read_byte() calls */ 1376 static sd_rsp_type_t sd_cmd_to_sendingdata(SDState *sd, SDRequest req, 1377 uint64_t start, 1378 const void *data, size_t size) 1379 { 1380 if (sd->state != sd_transfer_state) { 1381 return sd_invalid_state_for_cmd(sd, req); 1382 } 1383 1384 sd->state = sd_sendingdata_state; 1385 sd->data_start = start; 1386 sd->data_offset = 0; 1387 if (data) { 1388 assert(size > 0 && size <= sizeof(sd->data)); 1389 memcpy(sd->data, data, size); 1390 } 1391 if (size) { 1392 sd->data_size = size; 1393 } 1394 return sd_r1; 1395 } 1396 1397 /* CMD0 */ 1398 static sd_rsp_type_t sd_cmd_GO_IDLE_STATE(SDState *sd, SDRequest req) 1399 { 1400 if (sd->state == sd_sleep_state) { 1401 switch (req.arg) { 1402 case 0x00000000: 1403 case 0xf0f0f0f0: 1404 break; 1405 default: 1406 return sd_r0; 1407 } 1408 } 1409 if (sd->state != sd_inactive_state) { 1410 sd->state = sd_idle_state; 1411 sd_reset(DEVICE(sd)); 1412 } 1413 1414 return sd_is_spi(sd) ? sd_r1 : sd_r0; 1415 } 1416 1417 /* CMD1 */ 1418 static sd_rsp_type_t spi_cmd_SEND_OP_COND(SDState *sd, SDRequest req) 1419 { 1420 sd->state = sd_transfer_state; 1421 1422 return sd_r1; 1423 } 1424 1425 /* CMD2 */ 1426 static sd_rsp_type_t sd_cmd_ALL_SEND_CID(SDState *sd, SDRequest req) 1427 { 1428 switch (sd->state) { 1429 case sd_ready_state: 1430 sd->state = sd_identification_state; 1431 return sd_r2_i; 1432 default: 1433 return sd_invalid_state_for_cmd(sd, req); 1434 } 1435 } 1436 1437 /* CMD3 */ 1438 static sd_rsp_type_t sd_cmd_SEND_RELATIVE_ADDR(SDState *sd, SDRequest req) 1439 { 1440 uint16_t random_rca; 1441 1442 switch (sd->state) { 1443 case sd_identification_state: 1444 case sd_standby_state: 1445 sd->state = sd_standby_state; 1446 qemu_guest_getrandom_nofail(&random_rca, sizeof(random_rca)); 1447 sd_set_rca(sd, random_rca); 1448 return sd_r6; 1449 1450 default: 1451 return sd_invalid_state_for_cmd(sd, req); 1452 } 1453 } 1454 1455 static sd_rsp_type_t emmc_cmd_SET_RELATIVE_ADDR(SDState *sd, SDRequest req) 1456 { 1457 switch (sd->state) { 1458 case sd_identification_state: 1459 case sd_standby_state: 1460 sd->state = sd_standby_state; 1461 sd_set_rca(sd, req.arg >> 16); 1462 return sd_r1; 1463 1464 default: 1465 return sd_invalid_state_for_cmd(sd, req); 1466 } 1467 } 1468 1469 /* CMD5 */ 1470 static sd_rsp_type_t emmc_cmd_sleep_awake(SDState *sd, SDRequest req) 1471 { 1472 bool do_sleep = extract32(req.arg, 15, 1); 1473 1474 switch (sd->state) { 1475 case sd_sleep_state: 1476 if (!do_sleep) { 1477 /* Awake */ 1478 sd->state = sd_standby_state; 1479 } 1480 return sd_r1b; 1481 1482 case sd_standby_state: 1483 if (do_sleep) { 1484 sd->state = sd_sleep_state; 1485 } 1486 return sd_r1b; 1487 1488 default: 1489 return sd_invalid_state_for_cmd(sd, req); 1490 } 1491 } 1492 1493 /* CMD6 */ 1494 static sd_rsp_type_t sd_cmd_SWITCH_FUNCTION(SDState *sd, SDRequest req) 1495 { 1496 if (sd->mode != sd_data_transfer_mode) { 1497 return sd_invalid_mode_for_cmd(sd, req); 1498 } 1499 if (sd->state != sd_transfer_state) { 1500 return sd_invalid_state_for_cmd(sd, req); 1501 } 1502 1503 sd_function_switch(sd, req.arg); 1504 return sd_cmd_to_sendingdata(sd, req, 0, NULL, 64); 1505 } 1506 1507 static sd_rsp_type_t emmc_cmd_SWITCH(SDState *sd, SDRequest req) 1508 { 1509 switch (sd->state) { 1510 case sd_transfer_state: 1511 sd->state = sd_programming_state; 1512 emmc_function_switch(sd, req.arg); 1513 sd->state = sd_transfer_state; 1514 return sd_r1b; 1515 default: 1516 return sd_invalid_state_for_cmd(sd, req); 1517 } 1518 } 1519 1520 /* CMD7 */ 1521 static sd_rsp_type_t sd_cmd_DE_SELECT_CARD(SDState *sd, SDRequest req) 1522 { 1523 bool same_rca = sd_req_rca_same(sd, req); 1524 1525 switch (sd->state) { 1526 case sd_standby_state: 1527 if (!same_rca) { 1528 return sd_r0; 1529 } 1530 sd->state = sd_transfer_state; 1531 return sd_r1b; 1532 1533 case sd_transfer_state: 1534 case sd_sendingdata_state: 1535 if (same_rca) { 1536 break; 1537 } 1538 sd->state = sd_standby_state; 1539 return sd_r1b; 1540 1541 case sd_disconnect_state: 1542 if (!same_rca) { 1543 return sd_r0; 1544 } 1545 sd->state = sd_programming_state; 1546 return sd_r1b; 1547 1548 case sd_programming_state: 1549 if (same_rca) { 1550 break; 1551 } 1552 sd->state = sd_disconnect_state; 1553 return sd_r1b; 1554 1555 default: 1556 break; 1557 } 1558 return sd_invalid_state_for_cmd(sd, req); 1559 } 1560 1561 /* CMD8 */ 1562 static sd_rsp_type_t sd_cmd_SEND_IF_COND(SDState *sd, SDRequest req) 1563 { 1564 if (sd->spec_version < SD_PHY_SPECv2_00_VERS) { 1565 return sd_cmd_illegal(sd, req); 1566 } 1567 if (sd->state != sd_idle_state) { 1568 return sd_invalid_state_for_cmd(sd, req); 1569 } 1570 sd->vhs = 0; 1571 1572 /* No response if not exactly one VHS bit is set. */ 1573 if (!(req.arg >> 8) || (req.arg >> (ctz32(req.arg & ~0xff) + 1))) { 1574 return sd_is_spi(sd) ? sd_r7 : sd_r0; 1575 } 1576 1577 /* Accept. */ 1578 sd->vhs = req.arg; 1579 return sd_r7; 1580 } 1581 1582 /* CMD8 */ 1583 static sd_rsp_type_t emmc_cmd_SEND_EXT_CSD(SDState *sd, SDRequest req) 1584 { 1585 if (sd->state != sd_transfer_state) { 1586 return sd_invalid_state_for_cmd(sd, req); 1587 } 1588 1589 return sd_cmd_to_sendingdata(sd, req, sd_req_get_address(sd, req), 1590 sd->ext_csd, sizeof(sd->ext_csd)); 1591 } 1592 1593 /* CMD9 */ 1594 static sd_rsp_type_t spi_cmd_SEND_CSD(SDState *sd, SDRequest req) 1595 { 1596 if (sd->state != sd_standby_state) { 1597 return sd_invalid_state_for_cmd(sd, req); 1598 } 1599 return sd_cmd_to_sendingdata(sd, req, sd_req_get_address(sd, req), 1600 sd->csd, 16); 1601 } 1602 1603 static sd_rsp_type_t sd_cmd_SEND_CSD(SDState *sd, SDRequest req) 1604 { 1605 if (sd->state != sd_standby_state) { 1606 return sd_invalid_state_for_cmd(sd, req); 1607 } 1608 1609 return sd_req_rca_same(sd, req) ? sd_r2_s : sd_r0; 1610 } 1611 1612 /* CMD10 */ 1613 static sd_rsp_type_t spi_cmd_SEND_CID(SDState *sd, SDRequest req) 1614 { 1615 if (sd->state != sd_standby_state) { 1616 return sd_invalid_state_for_cmd(sd, req); 1617 } 1618 return sd_cmd_to_sendingdata(sd, req, sd_req_get_address(sd, req), 1619 sd->cid, 16); 1620 } 1621 1622 static sd_rsp_type_t sd_cmd_SEND_CID(SDState *sd, SDRequest req) 1623 { 1624 if (sd->state != sd_standby_state) { 1625 return sd_invalid_state_for_cmd(sd, req); 1626 } 1627 1628 return sd_req_rca_same(sd, req) ? sd_r2_i : sd_r0; 1629 } 1630 1631 /* CMD12 */ 1632 static sd_rsp_type_t sd_cmd_STOP_TRANSMISSION(SDState *sd, SDRequest req) 1633 { 1634 switch (sd->state) { 1635 case sd_sendingdata_state: 1636 sd->state = sd_transfer_state; 1637 return sd_r1b; 1638 case sd_receivingdata_state: 1639 sd->state = sd_programming_state; 1640 /* Bzzzzzzztt .... Operation complete. */ 1641 sd->state = sd_transfer_state; 1642 return sd_r1; 1643 default: 1644 return sd_invalid_state_for_cmd(sd, req); 1645 } 1646 } 1647 1648 /* CMD13 */ 1649 static sd_rsp_type_t sd_cmd_SEND_STATUS(SDState *sd, SDRequest req) 1650 { 1651 if (sd->mode != sd_data_transfer_mode) { 1652 return sd_invalid_mode_for_cmd(sd, req); 1653 } 1654 1655 switch (sd->state) { 1656 case sd_standby_state: 1657 case sd_transfer_state: 1658 case sd_sendingdata_state: 1659 case sd_receivingdata_state: 1660 case sd_programming_state: 1661 case sd_disconnect_state: 1662 break; 1663 default: 1664 return sd_invalid_state_for_cmd(sd, req); 1665 } 1666 1667 if (sd_is_spi(sd)) { 1668 return spi_r2; 1669 } 1670 1671 return sd_req_rca_same(sd, req) ? sd_r1 : sd_r0; 1672 } 1673 1674 /* CMD15 */ 1675 static sd_rsp_type_t sd_cmd_GO_INACTIVE_STATE(SDState *sd, SDRequest req) 1676 { 1677 if (sd->mode != sd_data_transfer_mode) { 1678 return sd_invalid_mode_for_cmd(sd, req); 1679 } 1680 switch (sd->state) { 1681 case sd_standby_state: 1682 case sd_transfer_state: 1683 case sd_sendingdata_state: 1684 case sd_receivingdata_state: 1685 case sd_programming_state: 1686 case sd_disconnect_state: 1687 break; 1688 default: 1689 return sd_invalid_state_for_cmd(sd, req); 1690 } 1691 if (sd_req_rca_same(sd, req)) { 1692 sd->state = sd_inactive_state; 1693 } 1694 1695 return sd_r0; 1696 } 1697 1698 /* CMD16 */ 1699 static sd_rsp_type_t sd_cmd_SET_BLOCKLEN(SDState *sd, SDRequest req) 1700 { 1701 if (sd->state != sd_transfer_state) { 1702 return sd_invalid_state_for_cmd(sd, req); 1703 } 1704 if (req.arg > (1 << HWBLOCK_SHIFT)) { 1705 sd->card_status |= BLOCK_LEN_ERROR; 1706 } else { 1707 trace_sdcard_set_blocklen(req.arg); 1708 sd->blk_len = req.arg; 1709 } 1710 1711 return sd_r1; 1712 } 1713 1714 /* CMD17 */ 1715 static sd_rsp_type_t sd_cmd_READ_SINGLE_BLOCK(SDState *sd, SDRequest req) 1716 { 1717 uint64_t addr; 1718 1719 if (sd->state != sd_transfer_state) { 1720 return sd_invalid_state_for_cmd(sd, req); 1721 } 1722 1723 addr = sd_req_get_address(sd, req); 1724 if (!address_in_range(sd, "READ_SINGLE_BLOCK", addr, sd->blk_len)) { 1725 return sd_r1; 1726 } 1727 1728 sd_blk_read(sd, addr, sd->blk_len); 1729 return sd_cmd_to_sendingdata(sd, req, addr, NULL, sd->blk_len); 1730 } 1731 1732 /* CMD19 */ 1733 static sd_rsp_type_t sd_cmd_SEND_TUNING_BLOCK(SDState *sd, SDRequest req) 1734 { 1735 if (sd->spec_version < SD_PHY_SPECv3_01_VERS) { 1736 return sd_cmd_illegal(sd, req); 1737 } 1738 1739 return sd_cmd_to_sendingdata(sd, req, 0, 1740 sd_tuning_block_pattern4, 1741 sizeof(sd_tuning_block_pattern4)); 1742 } 1743 1744 /* CMD23 */ 1745 static sd_rsp_type_t sd_cmd_SET_BLOCK_COUNT(SDState *sd, SDRequest req) 1746 { 1747 if (sd->spec_version < SD_PHY_SPECv3_01_VERS) { 1748 return sd_cmd_illegal(sd, req); 1749 } 1750 1751 if (sd->state != sd_transfer_state) { 1752 return sd_invalid_state_for_cmd(sd, req); 1753 } 1754 1755 sd->multi_blk_cnt = req.arg; 1756 if (sd_is_emmc(sd)) { 1757 sd->multi_blk_cnt &= 0xffff; 1758 } 1759 trace_sdcard_set_block_count(sd->multi_blk_cnt); 1760 1761 return sd_r1; 1762 } 1763 1764 /* CMD24 */ 1765 static sd_rsp_type_t sd_cmd_WRITE_SINGLE_BLOCK(SDState *sd, SDRequest req) 1766 { 1767 uint64_t addr; 1768 1769 if (sd->state != sd_transfer_state) { 1770 return sd_invalid_state_for_cmd(sd, req); 1771 } 1772 1773 addr = sd_req_get_address(sd, req); 1774 if (!address_in_range(sd, "WRITE_SINGLE_BLOCK", addr, sd->blk_len)) { 1775 return sd_r1; 1776 } 1777 1778 if (sd->size <= SDSC_MAX_CAPACITY) { 1779 if (sd_wp_addr(sd, addr)) { 1780 sd->card_status |= WP_VIOLATION; 1781 } 1782 } 1783 if (sd->csd[14] & 0x30) { 1784 sd->card_status |= WP_VIOLATION; 1785 } 1786 1787 sd->blk_written = 0; 1788 return sd_cmd_to_receivingdata(sd, req, addr, sd->blk_len); 1789 } 1790 1791 /* CMD26 */ 1792 static sd_rsp_type_t emmc_cmd_PROGRAM_CID(SDState *sd, SDRequest req) 1793 { 1794 return sd_cmd_to_receivingdata(sd, req, 0, sizeof(sd->cid)); 1795 } 1796 1797 /* CMD27 */ 1798 static sd_rsp_type_t sd_cmd_PROGRAM_CSD(SDState *sd, SDRequest req) 1799 { 1800 return sd_cmd_to_receivingdata(sd, req, 0, sizeof(sd->csd)); 1801 } 1802 1803 static sd_rsp_type_t sd_cmd_SET_CLR_WRITE_PROT(SDState *sd, SDRequest req, 1804 bool is_write) 1805 { 1806 uint64_t addr; 1807 1808 if (sd->size > SDSC_MAX_CAPACITY) { 1809 return sd_illegal; 1810 } 1811 1812 if (sd->state != sd_transfer_state) { 1813 return sd_invalid_state_for_cmd(sd, req); 1814 } 1815 1816 addr = sd_req_get_address(sd, req); 1817 if (!address_in_range(sd, is_write ? "SET_WRITE_PROT" : "CLR_WRITE_PROT", 1818 addr, 1)) { 1819 return sd_r1b; 1820 } 1821 1822 sd->state = sd_programming_state; 1823 if (is_write) { 1824 set_bit(sd_addr_to_wpnum(addr), sd->wp_group_bmap); 1825 } else { 1826 clear_bit(sd_addr_to_wpnum(addr), sd->wp_group_bmap); 1827 } 1828 /* Bzzzzzzztt .... Operation complete. */ 1829 sd->state = sd_transfer_state; 1830 return sd_r1; 1831 } 1832 1833 /* CMD28 */ 1834 static sd_rsp_type_t sd_cmd_SET_WRITE_PROT(SDState *sd, SDRequest req) 1835 { 1836 return sd_cmd_SET_CLR_WRITE_PROT(sd, req, true); 1837 } 1838 1839 /* CMD29 */ 1840 static sd_rsp_type_t sd_cmd_CLR_WRITE_PROT(SDState *sd, SDRequest req) 1841 { 1842 return sd_cmd_SET_CLR_WRITE_PROT(sd, req, false); 1843 } 1844 1845 /* CMD30 */ 1846 static sd_rsp_type_t sd_cmd_SEND_WRITE_PROT(SDState *sd, SDRequest req) 1847 { 1848 uint64_t addr; 1849 uint32_t data; 1850 1851 if (sd->size > SDSC_MAX_CAPACITY) { 1852 return sd_illegal; 1853 } 1854 1855 if (sd->state != sd_transfer_state) { 1856 return sd_invalid_state_for_cmd(sd, req); 1857 } 1858 1859 addr = sd_req_get_address(sd, req); 1860 if (!address_in_range(sd, "SEND_WRITE_PROT", addr, sd->blk_len)) { 1861 return sd_r1; 1862 } 1863 1864 data = sd_wpbits(sd, req.arg); 1865 return sd_cmd_to_sendingdata(sd, req, addr, &data, sizeof(data)); 1866 } 1867 1868 /* CMD32 */ 1869 static sd_rsp_type_t sd_cmd_ERASE_WR_BLK_START(SDState *sd, SDRequest req) 1870 { 1871 if (sd->state != sd_transfer_state) { 1872 return sd_invalid_state_for_cmd(sd, req); 1873 } 1874 sd->erase_start = req.arg; 1875 return sd_r1; 1876 } 1877 1878 /* CMD33 */ 1879 static sd_rsp_type_t sd_cmd_ERASE_WR_BLK_END(SDState *sd, SDRequest req) 1880 { 1881 if (sd->state != sd_transfer_state) { 1882 return sd_invalid_state_for_cmd(sd, req); 1883 } 1884 sd->erase_end = req.arg; 1885 return sd_r1; 1886 } 1887 1888 /* CMD38 */ 1889 static sd_rsp_type_t sd_cmd_ERASE(SDState *sd, SDRequest req) 1890 { 1891 if (sd->state != sd_transfer_state) { 1892 return sd_invalid_state_for_cmd(sd, req); 1893 } 1894 if (sd->csd[14] & 0x30) { 1895 sd->card_status |= WP_VIOLATION; 1896 return sd_r1b; 1897 } 1898 1899 sd->state = sd_programming_state; 1900 sd_erase(sd); 1901 /* Bzzzzzzztt .... Operation complete. */ 1902 sd->state = sd_transfer_state; 1903 return sd_r1b; 1904 } 1905 1906 /* CMD42 */ 1907 static sd_rsp_type_t sd_cmd_LOCK_UNLOCK(SDState *sd, SDRequest req) 1908 { 1909 return sd_cmd_to_receivingdata(sd, req, 0, 0); 1910 } 1911 1912 /* CMD55 */ 1913 static sd_rsp_type_t sd_cmd_APP_CMD(SDState *sd, SDRequest req) 1914 { 1915 switch (sd->state) { 1916 case sd_ready_state: 1917 case sd_identification_state: 1918 case sd_inactive_state: 1919 case sd_sleep_state: 1920 return sd_invalid_state_for_cmd(sd, req); 1921 case sd_idle_state: 1922 if (!sd_is_spi(sd) && sd_req_get_rca(sd, req) != 0x0000) { 1923 qemu_log_mask(LOG_GUEST_ERROR, 1924 "SD: illegal RCA 0x%04x for APP_CMD\n", req.cmd); 1925 } 1926 /* fall-through */ 1927 default: 1928 break; 1929 } 1930 if (!sd_is_spi(sd) && !sd_req_rca_same(sd, req)) { 1931 return sd_r0; 1932 } 1933 sd->expecting_acmd = true; 1934 sd->card_status |= APP_CMD; 1935 1936 return sd_r1; 1937 } 1938 1939 /* CMD56 */ 1940 static sd_rsp_type_t sd_cmd_GEN_CMD(SDState *sd, SDRequest req) 1941 { 1942 if (sd->state != sd_transfer_state) { 1943 return sd_invalid_state_for_cmd(sd, req); 1944 } 1945 1946 /* Vendor specific command: our model is RAZ/WI */ 1947 if (req.arg & 1) { 1948 memset(sd->data, 0, sizeof(sd->data)); 1949 return sd_cmd_to_sendingdata(sd, req, 0, NULL, 0); 1950 } else { 1951 return sd_cmd_to_receivingdata(sd, req, 0, 0); 1952 } 1953 } 1954 1955 /* CMD58 */ 1956 static sd_rsp_type_t spi_cmd_READ_OCR(SDState *sd, SDRequest req) 1957 { 1958 return sd_r3; 1959 } 1960 1961 /* CMD59 */ 1962 static sd_rsp_type_t spi_cmd_CRC_ON_OFF(SDState *sd, SDRequest req) 1963 { 1964 return sd_r1; 1965 } 1966 1967 /* ACMD6 */ 1968 static sd_rsp_type_t sd_acmd_SET_BUS_WIDTH(SDState *sd, SDRequest req) 1969 { 1970 if (sd->state != sd_transfer_state) { 1971 return sd_invalid_state_for_cmd(sd, req); 1972 } 1973 1974 sd->sd_status[0] &= 0x3f; 1975 sd->sd_status[0] |= (req.arg & 0x03) << 6; 1976 return sd_r1; 1977 } 1978 1979 /* ACMD13 */ 1980 static sd_rsp_type_t sd_acmd_SD_STATUS(SDState *sd, SDRequest req) 1981 { 1982 sd_rsp_type_t rsp; 1983 1984 rsp = sd_cmd_to_sendingdata(sd, req, 0, 1985 sd->sd_status, sizeof(sd->sd_status)); 1986 if (sd_is_spi(sd) && rsp != sd_illegal) { 1987 return spi_r2; 1988 } 1989 return rsp; 1990 } 1991 1992 /* ACMD22 */ 1993 static sd_rsp_type_t sd_acmd_SEND_NUM_WR_BLOCKS(SDState *sd, SDRequest req) 1994 { 1995 return sd_cmd_to_sendingdata(sd, req, 0, 1996 &sd->blk_written, sizeof(sd->blk_written)); 1997 } 1998 1999 /* ACMD23 */ 2000 static sd_rsp_type_t sd_acmd_SET_WR_BLK_ERASE_COUNT(SDState *sd, SDRequest req) 2001 { 2002 if (sd->state != sd_transfer_state) { 2003 return sd_invalid_state_for_cmd(sd, req); 2004 } 2005 return sd_r1; 2006 } 2007 2008 /* ACMD41 */ 2009 static sd_rsp_type_t sd_cmd_SEND_OP_COND(SDState *sd, SDRequest req) 2010 { 2011 if (sd->state != sd_idle_state) { 2012 return sd_invalid_state_for_cmd(sd, req); 2013 } 2014 2015 /* 2016 * If it's the first ACMD41 since reset, we need to decide 2017 * whether to power up. If this is not an enquiry ACMD41, 2018 * we immediately report power on and proceed below to the 2019 * ready state, but if it is, we set a timer to model a 2020 * delay for power up. This works around a bug in EDK2 2021 * UEFI, which sends an initial enquiry ACMD41, but 2022 * assumes that the card is in ready state as soon as it 2023 * sees the power up bit set. 2024 */ 2025 if (!FIELD_EX32(sd->ocr, OCR, CARD_POWER_UP)) { 2026 if ((req.arg & ACMD41_ENQUIRY_MASK) != 0) { 2027 timer_del(sd->ocr_power_timer); 2028 sd_ocr_powerup(sd); 2029 } else { 2030 trace_sdcard_inquiry_cmd41(); 2031 if (!timer_pending(sd->ocr_power_timer)) { 2032 timer_mod_ns(sd->ocr_power_timer, 2033 (qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) 2034 + OCR_POWER_DELAY_NS)); 2035 } 2036 } 2037 } 2038 2039 if (FIELD_EX32(sd->ocr & req.arg, OCR, VDD_VOLTAGE_WINDOW)) { 2040 /* 2041 * We accept any voltage. 10000 V is nothing. 2042 * 2043 * Once we're powered up, we advance straight to ready state 2044 * unless it's an enquiry ACMD41 (bits 23:0 == 0). 2045 */ 2046 sd->state = sd_ready_state; 2047 } 2048 2049 return sd_r3; 2050 } 2051 2052 /* ACMD42 */ 2053 static sd_rsp_type_t sd_acmd_SET_CLR_CARD_DETECT(SDState *sd, SDRequest req) 2054 { 2055 if (sd->state != sd_transfer_state) { 2056 return sd_invalid_state_for_cmd(sd, req); 2057 } 2058 2059 /* Bringing in the 50KOhm pull-up resistor... Done. */ 2060 return sd_r1; 2061 } 2062 2063 /* ACMD51 */ 2064 static sd_rsp_type_t sd_acmd_SEND_SCR(SDState *sd, SDRequest req) 2065 { 2066 return sd_cmd_to_sendingdata(sd, req, 0, sd->scr, sizeof(sd->scr)); 2067 } 2068 2069 static sd_rsp_type_t sd_normal_command(SDState *sd, SDRequest req) 2070 { 2071 uint64_t addr; 2072 2073 sd->last_cmd_name = sd_cmd_name(sd, req.cmd); 2074 /* CMD55 precedes an ACMD, so we are not interested in tracing it. 2075 * However there is no ACMD55, so we want to trace this particular case. 2076 */ 2077 if (req.cmd != 55 || sd->expecting_acmd) { 2078 trace_sdcard_normal_command(sd->proto->name, 2079 sd->last_cmd_name, req.cmd, 2080 req.arg, sd_state_name(sd->state)); 2081 } 2082 2083 /* Not interpreting this as an app command */ 2084 sd->card_status &= ~APP_CMD; 2085 2086 /* CMD23 (set block count) must be immediately followed by CMD18 or CMD25 2087 * if not, its effects are cancelled */ 2088 if (sd->multi_blk_cnt != 0 && !(req.cmd == 18 || req.cmd == 25)) { 2089 sd->multi_blk_cnt = 0; 2090 } 2091 2092 if (sd->proto->cmd[req.cmd].class == 6 && FIELD_EX32(sd->ocr, OCR, 2093 CARD_CAPACITY)) { 2094 /* Only Standard Capacity cards support class 6 commands */ 2095 return sd_illegal; 2096 } 2097 2098 if (sd->proto->cmd[req.cmd].handler) { 2099 return sd->proto->cmd[req.cmd].handler(sd, req); 2100 } 2101 2102 switch (req.cmd) { 2103 /* Block read commands (Class 2) */ 2104 case 18: /* CMD18: READ_MULTIPLE_BLOCK */ 2105 addr = sd_req_get_address(sd, req); 2106 switch (sd->state) { 2107 case sd_transfer_state: 2108 2109 if (!address_in_range(sd, "READ_BLOCK", addr, sd->blk_len)) { 2110 return sd_r1; 2111 } 2112 2113 sd->state = sd_sendingdata_state; 2114 sd->data_start = addr; 2115 sd->data_offset = 0; 2116 return sd_r1; 2117 2118 default: 2119 break; 2120 } 2121 break; 2122 2123 /* Block write commands (Class 4) */ 2124 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */ 2125 addr = sd_req_get_address(sd, req); 2126 switch (sd->state) { 2127 case sd_transfer_state: 2128 2129 if (!address_in_range(sd, "WRITE_BLOCK", addr, sd->blk_len)) { 2130 return sd_r1; 2131 } 2132 2133 sd->state = sd_receivingdata_state; 2134 sd->data_start = addr; 2135 sd->data_offset = 0; 2136 sd->blk_written = 0; 2137 2138 if (sd->size <= SDSC_MAX_CAPACITY) { 2139 if (sd_wp_addr(sd, sd->data_start)) { 2140 sd->card_status |= WP_VIOLATION; 2141 } 2142 } 2143 if (sd->csd[14] & 0x30) { 2144 sd->card_status |= WP_VIOLATION; 2145 } 2146 return sd_r1; 2147 2148 default: 2149 break; 2150 } 2151 break; 2152 2153 default: 2154 qemu_log_mask(LOG_GUEST_ERROR, "SD: Unknown CMD%i\n", req.cmd); 2155 return sd_illegal; 2156 } 2157 2158 return sd_invalid_state_for_cmd(sd, req); 2159 } 2160 2161 static sd_rsp_type_t sd_app_command(SDState *sd, 2162 SDRequest req) 2163 { 2164 sd->last_cmd_name = sd_acmd_name(sd, req.cmd); 2165 trace_sdcard_app_command(sd->proto->name, sd->last_cmd_name, 2166 req.cmd, req.arg, sd_state_name(sd->state)); 2167 sd->card_status |= APP_CMD; 2168 2169 if (sd->proto->acmd[req.cmd].handler) { 2170 return sd->proto->acmd[req.cmd].handler(sd, req); 2171 } 2172 2173 switch (req.cmd) { 2174 case 18: /* Reserved for SD security applications */ 2175 case 25: 2176 case 26: 2177 case 38: 2178 case 43 ... 49: 2179 /* Refer to the "SD Specifications Part3 Security Specification" for 2180 * information about the SD Security Features. 2181 */ 2182 qemu_log_mask(LOG_UNIMP, "SD: CMD%i Security not implemented\n", 2183 req.cmd); 2184 return sd_illegal; 2185 2186 default: 2187 /* Fall back to standard commands. */ 2188 return sd_normal_command(sd, req); 2189 } 2190 2191 qemu_log_mask(LOG_GUEST_ERROR, "SD: ACMD%i in a wrong state\n", req.cmd); 2192 return sd_illegal; 2193 } 2194 2195 static bool cmd_valid_while_locked(SDState *sd, unsigned cmd) 2196 { 2197 unsigned cmd_class; 2198 2199 /* Valid commands in locked state: 2200 * basic class (0) 2201 * lock card class (7) 2202 * CMD16 2203 * implicitly, the ACMD prefix CMD55 2204 * ACMD41 and ACMD42 2205 * Anything else provokes an "illegal command" response. 2206 */ 2207 if (sd->expecting_acmd) { 2208 return cmd == 41 || cmd == 42; 2209 } 2210 if (cmd == 16 || cmd == 55) { 2211 return true; 2212 } 2213 if (!sd->proto->cmd[cmd].handler) { 2214 return false; 2215 } 2216 cmd_class = sd->proto->cmd[cmd].class; 2217 2218 return cmd_class == 0 || cmd_class == 7; 2219 } 2220 2221 static size_t sd_do_command(SDState *sd, SDRequest *req, 2222 uint8_t *response, size_t respsz) 2223 { 2224 int last_state; 2225 sd_rsp_type_t rtype; 2226 int rsplen; 2227 2228 if (!sd->blk || !blk_is_inserted(sd->blk)) { 2229 return 0; 2230 } 2231 2232 if (sd->state == sd_inactive_state) { 2233 rtype = sd_illegal; 2234 goto send_response; 2235 } 2236 2237 if (sd_req_crc_validate(req)) { 2238 sd->card_status |= COM_CRC_ERROR; 2239 rtype = sd_illegal; 2240 goto send_response; 2241 } 2242 2243 if (req->cmd >= SDMMC_CMD_MAX) { 2244 qemu_log_mask(LOG_GUEST_ERROR, "SD: incorrect command 0x%02x\n", 2245 req->cmd); 2246 req->cmd &= 0x3f; 2247 } 2248 2249 if (sd->state == sd_sleep_state && req->cmd) { 2250 qemu_log_mask(LOG_GUEST_ERROR, "SD: Card is sleeping\n"); 2251 rtype = sd_r0; 2252 goto send_response; 2253 } 2254 2255 if (sd->card_status & CARD_IS_LOCKED) { 2256 if (!cmd_valid_while_locked(sd, req->cmd)) { 2257 sd->card_status |= ILLEGAL_COMMAND; 2258 sd->expecting_acmd = false; 2259 qemu_log_mask(LOG_GUEST_ERROR, "SD: Card is locked\n"); 2260 rtype = sd_illegal; 2261 goto send_response; 2262 } 2263 } 2264 2265 last_state = sd->state; 2266 sd_set_mode(sd); 2267 2268 if (sd->expecting_acmd) { 2269 sd->expecting_acmd = false; 2270 rtype = sd_app_command(sd, *req); 2271 } else { 2272 rtype = sd_normal_command(sd, *req); 2273 } 2274 2275 if (rtype == sd_illegal) { 2276 sd->card_status |= ILLEGAL_COMMAND; 2277 } else { 2278 /* Valid command, we can update the 'state before command' bits. 2279 * (Do this now so they appear in r1 responses.) 2280 */ 2281 sd->card_status = FIELD_DP32(sd->card_status, CSR, 2282 CURRENT_STATE, last_state); 2283 } 2284 2285 send_response: 2286 rsplen = sd_response_size(sd, rtype); 2287 assert(rsplen <= respsz); 2288 2289 switch (rtype) { 2290 case sd_r1: 2291 case sd_r1b: 2292 sd_response_r1_make(sd, response); 2293 break; 2294 2295 case spi_r2: 2296 spi_response_r2_make(sd, response); 2297 break; 2298 2299 case sd_r2_i: 2300 memcpy(response, sd->cid, sizeof(sd->cid)); 2301 break; 2302 2303 case sd_r2_s: 2304 memcpy(response, sd->csd, sizeof(sd->csd)); 2305 break; 2306 2307 case sd_r3: 2308 sd_response_r3_make(sd, response); 2309 break; 2310 2311 case sd_r6: 2312 sd_response_r6_make(sd, response); 2313 break; 2314 2315 case sd_r7: 2316 sd_response_r7_make(sd, response); 2317 break; 2318 2319 case sd_r0: 2320 /* 2321 * Invalid state transition, reset implementation 2322 * fields to avoid OOB abuse. 2323 */ 2324 sd->data_start = 0; 2325 sd->data_offset = 0; 2326 /* fall-through */ 2327 case sd_illegal: 2328 break; 2329 default: 2330 g_assert_not_reached(); 2331 } 2332 trace_sdcard_response(sd_response_name(rtype), rsplen); 2333 2334 if (rtype != sd_illegal) { 2335 /* Clear the "clear on valid command" status bits now we've 2336 * sent any response 2337 */ 2338 sd->card_status &= ~CARD_STATUS_B; 2339 } 2340 2341 #ifdef DEBUG_SD 2342 qemu_hexdump(stderr, "Response", response, rsplen); 2343 #endif 2344 2345 sd->current_cmd = rtype == sd_illegal ? 0 : req->cmd; 2346 2347 return rsplen; 2348 } 2349 2350 /* Return true if buffer is consumed. Configured by sd_cmd_to_receivingdata() */ 2351 static bool sd_generic_write_byte(SDState *sd, uint8_t value) 2352 { 2353 sd->data[sd->data_offset] = value; 2354 2355 if (++sd->data_offset >= sd->data_size) { 2356 sd->state = sd_transfer_state; 2357 return true; 2358 } 2359 return false; 2360 } 2361 2362 /* Return true when buffer is consumed. Configured by sd_cmd_to_sendingdata() */ 2363 static bool sd_generic_read_byte(SDState *sd, uint8_t *value) 2364 { 2365 *value = sd->data[sd->data_offset]; 2366 2367 if (++sd->data_offset >= sd->data_size) { 2368 sd->state = sd_transfer_state; 2369 return true; 2370 } 2371 2372 return false; 2373 } 2374 2375 static void sd_write_byte(SDState *sd, uint8_t value) 2376 { 2377 int i; 2378 2379 if (!sd->blk || !blk_is_inserted(sd->blk)) { 2380 return; 2381 } 2382 2383 if (sd->state != sd_receivingdata_state) { 2384 qemu_log_mask(LOG_GUEST_ERROR, 2385 "%s: not in Receiving-Data state\n", __func__); 2386 return; 2387 } 2388 2389 if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION)) 2390 return; 2391 2392 trace_sdcard_write_data(sd->proto->name, 2393 sd->last_cmd_name, 2394 sd->current_cmd, sd->data_offset, value); 2395 switch (sd->current_cmd) { 2396 case 24: /* CMD24: WRITE_SINGLE_BLOCK */ 2397 if (sd_generic_write_byte(sd, value)) { 2398 /* TODO: Check CRC before committing */ 2399 sd->state = sd_programming_state; 2400 sd_blk_write(sd, sd->data_start, sd->data_offset); 2401 sd->blk_written ++; 2402 sd->csd[14] |= 0x40; 2403 /* Bzzzzzzztt .... Operation complete. */ 2404 sd->state = sd_transfer_state; 2405 } 2406 break; 2407 2408 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */ 2409 if (sd->data_offset == 0) { 2410 /* Start of the block - let's check the address is valid */ 2411 if (!address_in_range(sd, "WRITE_MULTIPLE_BLOCK", 2412 sd->data_start, sd->blk_len)) { 2413 break; 2414 } 2415 if (sd->size <= SDSC_MAX_CAPACITY) { 2416 if (sd_wp_addr(sd, sd->data_start)) { 2417 sd->card_status |= WP_VIOLATION; 2418 break; 2419 } 2420 } 2421 } 2422 sd->data[sd->data_offset++] = value; 2423 if (sd->data_offset >= sd->blk_len) { 2424 /* TODO: Check CRC before committing */ 2425 sd->state = sd_programming_state; 2426 sd_blk_write(sd, sd->data_start, sd->data_offset); 2427 sd->blk_written++; 2428 sd->data_start += sd->blk_len; 2429 sd->data_offset = 0; 2430 sd->csd[14] |= 0x40; 2431 2432 /* Bzzzzzzztt .... Operation complete. */ 2433 if (sd->multi_blk_cnt != 0) { 2434 if (--sd->multi_blk_cnt == 0) { 2435 /* Stop! */ 2436 sd->state = sd_transfer_state; 2437 break; 2438 } 2439 } 2440 2441 sd->state = sd_receivingdata_state; 2442 } 2443 break; 2444 2445 case 26: /* CMD26: PROGRAM_CID */ 2446 if (sd_generic_write_byte(sd, value)) { 2447 /* TODO: Check CRC before committing */ 2448 sd->state = sd_programming_state; 2449 for (i = 0; i < sizeof(sd->cid); i ++) 2450 if ((sd->cid[i] | 0x00) != sd->data[i]) 2451 sd->card_status |= CID_CSD_OVERWRITE; 2452 2453 if (!(sd->card_status & CID_CSD_OVERWRITE)) 2454 for (i = 0; i < sizeof(sd->cid); i ++) { 2455 sd->cid[i] |= 0x00; 2456 sd->cid[i] &= sd->data[i]; 2457 } 2458 /* Bzzzzzzztt .... Operation complete. */ 2459 sd->state = sd_transfer_state; 2460 } 2461 break; 2462 2463 case 27: /* CMD27: PROGRAM_CSD */ 2464 if (sd_generic_write_byte(sd, value)) { 2465 /* TODO: Check CRC before committing */ 2466 sd->state = sd_programming_state; 2467 for (i = 0; i < sizeof(sd->csd); i ++) 2468 if ((sd->csd[i] | sd_csd_rw_mask[i]) != 2469 (sd->data[i] | sd_csd_rw_mask[i])) 2470 sd->card_status |= CID_CSD_OVERWRITE; 2471 2472 /* Copy flag (OTP) & Permanent write protect */ 2473 if (sd->csd[14] & ~sd->data[14] & 0x60) 2474 sd->card_status |= CID_CSD_OVERWRITE; 2475 2476 if (!(sd->card_status & CID_CSD_OVERWRITE)) 2477 for (i = 0; i < sizeof(sd->csd); i ++) { 2478 sd->csd[i] |= sd_csd_rw_mask[i]; 2479 sd->csd[i] &= sd->data[i]; 2480 } 2481 /* Bzzzzzzztt .... Operation complete. */ 2482 sd->state = sd_transfer_state; 2483 } 2484 break; 2485 2486 case 42: /* CMD42: LOCK_UNLOCK */ 2487 if (sd_generic_write_byte(sd, value)) { 2488 /* TODO: Check CRC before committing */ 2489 sd->state = sd_programming_state; 2490 sd_lock_command(sd); 2491 /* Bzzzzzzztt .... Operation complete. */ 2492 sd->state = sd_transfer_state; 2493 } 2494 break; 2495 2496 case 56: /* CMD56: GEN_CMD */ 2497 sd_generic_write_byte(sd, value); 2498 break; 2499 2500 default: 2501 g_assert_not_reached(); 2502 } 2503 } 2504 2505 static uint8_t sd_read_byte(SDState *sd) 2506 { 2507 /* TODO: Append CRCs */ 2508 const uint8_t dummy_byte = 0x00; 2509 uint8_t ret; 2510 uint32_t io_len; 2511 2512 if (!sd->blk || !blk_is_inserted(sd->blk)) { 2513 return dummy_byte; 2514 } 2515 2516 if (sd->state != sd_sendingdata_state) { 2517 qemu_log_mask(LOG_GUEST_ERROR, 2518 "%s: not in Sending-Data state\n", __func__); 2519 return dummy_byte; 2520 } 2521 2522 if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION)) { 2523 return dummy_byte; 2524 } 2525 2526 io_len = sd_blk_len(sd); 2527 2528 trace_sdcard_read_data(sd->proto->name, 2529 sd->last_cmd_name, sd->current_cmd, 2530 sd->data_offset, sd->data_size, io_len); 2531 switch (sd->current_cmd) { 2532 case 6: /* CMD6: SWITCH_FUNCTION */ 2533 case 8: /* CMD8: SEND_EXT_CSD */ 2534 case 9: /* CMD9: SEND_CSD */ 2535 case 10: /* CMD10: SEND_CID */ 2536 case 13: /* ACMD13: SD_STATUS */ 2537 case 17: /* CMD17: READ_SINGLE_BLOCK */ 2538 case 19: /* CMD19: SEND_TUNING_BLOCK (SD) */ 2539 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */ 2540 case 30: /* CMD30: SEND_WRITE_PROT */ 2541 case 51: /* ACMD51: SEND_SCR */ 2542 case 56: /* CMD56: GEN_CMD */ 2543 sd_generic_read_byte(sd, &ret); 2544 break; 2545 2546 case 18: /* CMD18: READ_MULTIPLE_BLOCK */ 2547 if (sd->data_offset == 0) { 2548 if (!address_in_range(sd, "READ_MULTIPLE_BLOCK", 2549 sd->data_start, io_len)) { 2550 return dummy_byte; 2551 } 2552 sd_blk_read(sd, sd->data_start, io_len); 2553 } 2554 ret = sd->data[sd->data_offset ++]; 2555 2556 if (sd->data_offset >= io_len) { 2557 sd->data_start += io_len; 2558 sd->data_offset = 0; 2559 2560 if (sd->multi_blk_cnt != 0) { 2561 if (--sd->multi_blk_cnt == 0) { 2562 /* Stop! */ 2563 sd->state = sd_transfer_state; 2564 break; 2565 } 2566 } 2567 } 2568 break; 2569 2570 default: 2571 qemu_log_mask(LOG_GUEST_ERROR, "%s: DAT read illegal for command %s\n", 2572 __func__, sd->last_cmd_name); 2573 return dummy_byte; 2574 } 2575 2576 return ret; 2577 } 2578 2579 static bool sd_receive_ready(SDState *sd) 2580 { 2581 return sd->state == sd_receivingdata_state; 2582 } 2583 2584 static bool sd_data_ready(SDState *sd) 2585 { 2586 return sd->state == sd_sendingdata_state; 2587 } 2588 2589 static const SDProto sd_proto_spi = { 2590 .name = "SPI", 2591 .cmd = { 2592 [0] = {0, sd_spi, "GO_IDLE_STATE", sd_cmd_GO_IDLE_STATE}, 2593 [1] = {0, sd_spi, "SEND_OP_COND", spi_cmd_SEND_OP_COND}, 2594 [5] = {9, sd_spi, "IO_SEND_OP_COND", sd_cmd_optional}, 2595 [6] = {10, sd_spi, "SWITCH_FUNCTION", sd_cmd_SWITCH_FUNCTION}, 2596 [8] = {0, sd_spi, "SEND_IF_COND", sd_cmd_SEND_IF_COND}, 2597 [9] = {0, sd_spi, "SEND_CSD", spi_cmd_SEND_CSD}, 2598 [10] = {0, sd_spi, "SEND_CID", spi_cmd_SEND_CID}, 2599 [12] = {0, sd_spi, "STOP_TRANSMISSION", sd_cmd_STOP_TRANSMISSION}, 2600 [13] = {0, sd_spi, "SEND_STATUS", sd_cmd_SEND_STATUS}, 2601 [16] = {2, sd_spi, "SET_BLOCKLEN", sd_cmd_SET_BLOCKLEN}, 2602 [17] = {2, sd_spi, "READ_SINGLE_BLOCK", sd_cmd_READ_SINGLE_BLOCK}, 2603 [24] = {4, sd_spi, "WRITE_SINGLE_BLOCK", sd_cmd_WRITE_SINGLE_BLOCK}, 2604 [27] = {4, sd_spi, "PROGRAM_CSD", sd_cmd_PROGRAM_CSD}, 2605 [28] = {6, sd_spi, "SET_WRITE_PROT", sd_cmd_SET_WRITE_PROT}, 2606 [29] = {6, sd_spi, "CLR_WRITE_PROT", sd_cmd_CLR_WRITE_PROT}, 2607 [30] = {6, sd_spi, "SEND_WRITE_PROT", sd_cmd_SEND_WRITE_PROT}, 2608 [32] = {5, sd_spi, "ERASE_WR_BLK_START", sd_cmd_ERASE_WR_BLK_START}, 2609 [33] = {5, sd_spi, "ERASE_WR_BLK_END", sd_cmd_ERASE_WR_BLK_END}, 2610 [34] = {10, sd_spi, "READ_SEC_CMD", sd_cmd_optional}, 2611 [35] = {10, sd_spi, "WRITE_SEC_CMD", sd_cmd_optional}, 2612 [36] = {10, sd_spi, "SEND_PSI", sd_cmd_optional}, 2613 [37] = {10, sd_spi, "CONTROL_ASSD_SYSTEM", sd_cmd_optional}, 2614 [38] = {5, sd_spi, "ERASE", sd_cmd_ERASE}, 2615 [42] = {7, sd_spi, "LOCK_UNLOCK", sd_cmd_LOCK_UNLOCK}, 2616 [50] = {10, sd_spi, "DIRECT_SECURE_READ", sd_cmd_optional}, 2617 [52] = {9, sd_spi, "IO_RW_DIRECT", sd_cmd_optional}, 2618 [53] = {9, sd_spi, "IO_RW_EXTENDED", sd_cmd_optional}, 2619 [55] = {8, sd_spi, "APP_CMD", sd_cmd_APP_CMD}, 2620 [56] = {8, sd_spi, "GEN_CMD", sd_cmd_GEN_CMD}, 2621 [57] = {10, sd_spi, "DIRECT_SECURE_WRITE", sd_cmd_optional}, 2622 [58] = {0, sd_spi, "READ_OCR", spi_cmd_READ_OCR}, 2623 [59] = {0, sd_spi, "CRC_ON_OFF", spi_cmd_CRC_ON_OFF}, 2624 }, 2625 .acmd = { 2626 [13] = {8, sd_spi, "SD_STATUS", sd_acmd_SD_STATUS}, 2627 [22] = {8, sd_spi, "SEND_NUM_WR_BLOCKS", sd_acmd_SEND_NUM_WR_BLOCKS}, 2628 [23] = {8, sd_spi, "SET_WR_BLK_ERASE_COUNT", sd_acmd_SET_WR_BLK_ERASE_COUNT}, 2629 [41] = {8, sd_spi, "SEND_OP_COND", spi_cmd_SEND_OP_COND}, 2630 [42] = {8, sd_spi, "SET_CLR_CARD_DETECT", sd_acmd_SET_CLR_CARD_DETECT}, 2631 [51] = {8, sd_spi, "SEND_SCR", sd_acmd_SEND_SCR}, 2632 }, 2633 }; 2634 2635 static const SDProto sd_proto_sd = { 2636 .name = "SD", 2637 .cmd = { 2638 [0] = {0, sd_bc, "GO_IDLE_STATE", sd_cmd_GO_IDLE_STATE}, 2639 [2] = {0, sd_bcr, "ALL_SEND_CID", sd_cmd_ALL_SEND_CID}, 2640 [3] = {0, sd_bcr, "SEND_RELATIVE_ADDR", sd_cmd_SEND_RELATIVE_ADDR}, 2641 [4] = {0, sd_bc, "SEND_DSR", sd_cmd_unimplemented}, 2642 [5] = {9, sd_bc, "IO_SEND_OP_COND", sd_cmd_optional}, 2643 [6] = {10, sd_adtc, "SWITCH_FUNCTION", sd_cmd_SWITCH_FUNCTION}, 2644 [7] = {0, sd_ac, "(DE)SELECT_CARD", sd_cmd_DE_SELECT_CARD}, 2645 [8] = {0, sd_bcr, "SEND_IF_COND", sd_cmd_SEND_IF_COND}, 2646 [9] = {0, sd_ac, "SEND_CSD", sd_cmd_SEND_CSD}, 2647 [10] = {0, sd_ac, "SEND_CID", sd_cmd_SEND_CID}, 2648 [11] = {0, sd_ac, "VOLTAGE_SWITCH", sd_cmd_optional}, 2649 [12] = {0, sd_ac, "STOP_TRANSMISSION", sd_cmd_STOP_TRANSMISSION}, 2650 [13] = {0, sd_ac, "SEND_STATUS", sd_cmd_SEND_STATUS}, 2651 [15] = {0, sd_ac, "GO_INACTIVE_STATE", sd_cmd_GO_INACTIVE_STATE}, 2652 [16] = {2, sd_ac, "SET_BLOCKLEN", sd_cmd_SET_BLOCKLEN}, 2653 [17] = {2, sd_adtc, "READ_SINGLE_BLOCK", sd_cmd_READ_SINGLE_BLOCK}, 2654 [19] = {2, sd_adtc, "SEND_TUNING_BLOCK", sd_cmd_SEND_TUNING_BLOCK}, 2655 [20] = {2, sd_ac, "SPEED_CLASS_CONTROL", sd_cmd_optional}, 2656 [23] = {2, sd_ac, "SET_BLOCK_COUNT", sd_cmd_SET_BLOCK_COUNT}, 2657 [24] = {4, sd_adtc, "WRITE_SINGLE_BLOCK", sd_cmd_WRITE_SINGLE_BLOCK}, 2658 [27] = {4, sd_adtc, "PROGRAM_CSD", sd_cmd_PROGRAM_CSD}, 2659 [28] = {6, sd_ac, "SET_WRITE_PROT", sd_cmd_SET_WRITE_PROT}, 2660 [29] = {6, sd_ac, "CLR_WRITE_PROT", sd_cmd_CLR_WRITE_PROT}, 2661 [30] = {6, sd_adtc, "SEND_WRITE_PROT", sd_cmd_SEND_WRITE_PROT}, 2662 [32] = {5, sd_ac, "ERASE_WR_BLK_START", sd_cmd_ERASE_WR_BLK_START}, 2663 [33] = {5, sd_ac, "ERASE_WR_BLK_END", sd_cmd_ERASE_WR_BLK_END}, 2664 [34] = {10, sd_adtc, "READ_SEC_CMD", sd_cmd_optional}, 2665 [35] = {10, sd_adtc, "WRITE_SEC_CMD", sd_cmd_optional}, 2666 [36] = {10, sd_adtc, "SEND_PSI", sd_cmd_optional}, 2667 [37] = {10, sd_ac, "CONTROL_ASSD_SYSTEM", sd_cmd_optional}, 2668 [38] = {5, sd_ac, "ERASE", sd_cmd_ERASE}, 2669 [42] = {7, sd_adtc, "LOCK_UNLOCK", sd_cmd_LOCK_UNLOCK}, 2670 [43] = {1, sd_ac, "Q_MANAGEMENT", sd_cmd_optional}, 2671 [44] = {1, sd_ac, "Q_TASK_INFO_A", sd_cmd_optional}, 2672 [45] = {1, sd_ac, "Q_TASK_INFO_B", sd_cmd_optional}, 2673 [46] = {1, sd_adtc, "Q_RD_TASK", sd_cmd_optional}, 2674 [47] = {1, sd_adtc, "Q_WR_TASK", sd_cmd_optional}, 2675 [48] = {1, sd_adtc, "READ_EXTR_SINGLE", sd_cmd_optional}, 2676 [49] = {1, sd_adtc, "WRITE_EXTR_SINGLE", sd_cmd_optional}, 2677 [50] = {10, sd_adtc, "DIRECT_SECURE_READ", sd_cmd_optional}, 2678 [52] = {9, sd_bc, "IO_RW_DIRECT", sd_cmd_optional}, 2679 [53] = {9, sd_bc, "IO_RW_EXTENDED", sd_cmd_optional}, 2680 [55] = {8, sd_ac, "APP_CMD", sd_cmd_APP_CMD}, 2681 [56] = {8, sd_adtc, "GEN_CMD", sd_cmd_GEN_CMD}, 2682 [57] = {10, sd_adtc, "DIRECT_SECURE_WRITE", sd_cmd_optional}, 2683 [58] = {11, sd_adtc, "READ_EXTR_MULTI", sd_cmd_optional}, 2684 [59] = {11, sd_adtc, "WRITE_EXTR_MULTI", sd_cmd_optional}, 2685 }, 2686 .acmd = { 2687 [6] = {8, sd_ac, "SET_BUS_WIDTH", sd_acmd_SET_BUS_WIDTH}, 2688 [13] = {8, sd_adtc, "SD_STATUS", sd_acmd_SD_STATUS}, 2689 [22] = {8, sd_adtc, "SEND_NUM_WR_BLOCKS", sd_acmd_SEND_NUM_WR_BLOCKS}, 2690 [23] = {8, sd_ac, "SET_WR_BLK_ERASE_COUNT", sd_acmd_SET_WR_BLK_ERASE_COUNT}, 2691 [41] = {8, sd_bcr, "SEND_OP_COND", sd_cmd_SEND_OP_COND}, 2692 [42] = {8, sd_ac, "SET_CLR_CARD_DETECT", sd_acmd_SET_CLR_CARD_DETECT}, 2693 [51] = {8, sd_adtc, "SEND_SCR", sd_acmd_SEND_SCR}, 2694 }, 2695 }; 2696 2697 static const SDProto sd_proto_emmc = { 2698 /* Only v4.3 is supported */ 2699 .name = "eMMC", 2700 .cmd = { 2701 [0] = {0, sd_bc, "GO_IDLE_STATE", sd_cmd_GO_IDLE_STATE}, 2702 [1] = {0, sd_bcr, "SEND_OP_COND", sd_cmd_SEND_OP_COND}, 2703 [2] = {0, sd_bcr, "ALL_SEND_CID", sd_cmd_ALL_SEND_CID}, 2704 [3] = {0, sd_ac, "SET_RELATIVE_ADDR", emmc_cmd_SET_RELATIVE_ADDR}, 2705 [4] = {0, sd_bc, "SEND_DSR", sd_cmd_unimplemented}, 2706 [5] = {0, sd_ac, "SLEEP/AWAKE", emmc_cmd_sleep_awake}, 2707 [6] = {10, sd_adtc, "SWITCH", emmc_cmd_SWITCH}, 2708 [7] = {0, sd_ac, "(DE)SELECT_CARD", sd_cmd_DE_SELECT_CARD}, 2709 [8] = {0, sd_adtc, "SEND_EXT_CSD", emmc_cmd_SEND_EXT_CSD}, 2710 [9] = {0, sd_ac, "SEND_CSD", sd_cmd_SEND_CSD}, 2711 [10] = {0, sd_ac, "SEND_CID", sd_cmd_SEND_CID}, 2712 [11] = {1, sd_adtc, "READ_DAT_UNTIL_STOP", sd_cmd_unimplemented}, 2713 [12] = {0, sd_ac, "STOP_TRANSMISSION", sd_cmd_STOP_TRANSMISSION}, 2714 [13] = {0, sd_ac, "SEND_STATUS", sd_cmd_SEND_STATUS}, 2715 [14] = {0, sd_adtc, "BUSTEST_R", sd_cmd_unimplemented}, 2716 [15] = {0, sd_ac, "GO_INACTIVE_STATE", sd_cmd_GO_INACTIVE_STATE}, 2717 [16] = {2, sd_ac, "SET_BLOCKLEN", sd_cmd_SET_BLOCKLEN}, 2718 [17] = {2, sd_adtc, "READ_SINGLE_BLOCK", sd_cmd_READ_SINGLE_BLOCK}, 2719 [19] = {0, sd_adtc, "BUSTEST_W", sd_cmd_unimplemented}, 2720 [20] = {3, sd_adtc, "WRITE_DAT_UNTIL_STOP", sd_cmd_unimplemented}, 2721 [23] = {2, sd_ac, "SET_BLOCK_COUNT", sd_cmd_SET_BLOCK_COUNT}, 2722 [24] = {4, sd_adtc, "WRITE_SINGLE_BLOCK", sd_cmd_WRITE_SINGLE_BLOCK}, 2723 [26] = {4, sd_adtc, "PROGRAM_CID", emmc_cmd_PROGRAM_CID}, 2724 [27] = {4, sd_adtc, "PROGRAM_CSD", sd_cmd_PROGRAM_CSD}, 2725 [28] = {6, sd_ac, "SET_WRITE_PROT", sd_cmd_SET_WRITE_PROT}, 2726 [29] = {6, sd_ac, "CLR_WRITE_PROT", sd_cmd_CLR_WRITE_PROT}, 2727 [30] = {6, sd_adtc, "SEND_WRITE_PROT", sd_cmd_SEND_WRITE_PROT}, 2728 [31] = {6, sd_adtc, "SEND_WRITE_PROT_TYPE", sd_cmd_unimplemented}, 2729 [35] = {5, sd_ac, "ERASE_WR_BLK_START", sd_cmd_ERASE_WR_BLK_START}, 2730 [36] = {5, sd_ac, "ERASE_WR_BLK_END", sd_cmd_ERASE_WR_BLK_END}, 2731 [38] = {5, sd_ac, "ERASE", sd_cmd_ERASE}, 2732 [39] = {9, sd_ac, "FAST_IO", sd_cmd_unimplemented}, 2733 [40] = {9, sd_bcr, "GO_IRQ_STATE", sd_cmd_unimplemented}, 2734 [42] = {7, sd_adtc, "LOCK_UNLOCK", sd_cmd_LOCK_UNLOCK}, 2735 [49] = {0, sd_adtc, "SET_TIME", sd_cmd_unimplemented}, 2736 [55] = {8, sd_ac, "APP_CMD", sd_cmd_APP_CMD}, 2737 [56] = {8, sd_adtc, "GEN_CMD", sd_cmd_GEN_CMD}, 2738 }, 2739 }; 2740 2741 static void sd_instance_init(Object *obj) 2742 { 2743 SDState *sd = SDMMC_COMMON(obj); 2744 SDCardClass *sc = SDMMC_COMMON_GET_CLASS(sd); 2745 2746 sd->proto = sc->proto; 2747 sd->last_cmd_name = "UNSET"; 2748 sd->ocr_power_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, sd_ocr_powerup, sd); 2749 } 2750 2751 static void sd_instance_finalize(Object *obj) 2752 { 2753 SDState *sd = SDMMC_COMMON(obj); 2754 2755 timer_free(sd->ocr_power_timer); 2756 } 2757 2758 static void sd_realize(DeviceState *dev, Error **errp) 2759 { 2760 SDState *sd = SDMMC_COMMON(dev); 2761 int ret; 2762 2763 switch (sd->spec_version) { 2764 case SD_PHY_SPECv1_10_VERS 2765 ... SD_PHY_SPECv3_01_VERS: 2766 break; 2767 default: 2768 error_setg(errp, "Invalid SD card Spec version: %u", sd->spec_version); 2769 return; 2770 } 2771 2772 if (sd->blk) { 2773 int64_t blk_size; 2774 2775 if (!blk_supports_write_perm(sd->blk)) { 2776 error_setg(errp, "Cannot use read-only drive as SD card"); 2777 return; 2778 } 2779 2780 blk_size = blk_getlength(sd->blk); 2781 if (blk_size > 0 && !is_power_of_2(blk_size)) { 2782 int64_t blk_size_aligned = pow2ceil(blk_size); 2783 char *blk_size_str; 2784 2785 blk_size_str = size_to_str(blk_size); 2786 error_setg(errp, "Invalid SD card size: %s", blk_size_str); 2787 g_free(blk_size_str); 2788 2789 blk_size_str = size_to_str(blk_size_aligned); 2790 error_append_hint(errp, 2791 "SD card size has to be a power of 2, e.g. %s.\n" 2792 "You can resize disk images with" 2793 " 'qemu-img resize <imagefile> <new-size>'\n" 2794 "(note that this will lose data if you make the" 2795 " image smaller than it currently is).\n", 2796 blk_size_str); 2797 g_free(blk_size_str); 2798 2799 return; 2800 } 2801 2802 ret = blk_set_perm(sd->blk, BLK_PERM_CONSISTENT_READ | BLK_PERM_WRITE, 2803 BLK_PERM_ALL, errp); 2804 if (ret < 0) { 2805 return; 2806 } 2807 blk_set_dev_ops(sd->blk, &sd_block_ops, sd); 2808 } 2809 } 2810 2811 static void emmc_realize(DeviceState *dev, Error **errp) 2812 { 2813 SDState *sd = SDMMC_COMMON(dev); 2814 2815 sd->spec_version = SD_PHY_SPECv3_01_VERS; /* Actually v4.3 */ 2816 2817 sd_realize(dev, errp); 2818 } 2819 2820 static const Property sdmmc_common_properties[] = { 2821 DEFINE_PROP_DRIVE("drive", SDState, blk), 2822 }; 2823 2824 static const Property sd_properties[] = { 2825 DEFINE_PROP_UINT8("spec_version", SDState, 2826 spec_version, SD_PHY_SPECv3_01_VERS), 2827 }; 2828 2829 static const Property emmc_properties[] = { 2830 DEFINE_PROP_UINT64("boot-partition-size", SDState, boot_part_size, 0), 2831 DEFINE_PROP_UINT8("boot-config", SDState, boot_config, 0x0), 2832 }; 2833 2834 static void sdmmc_common_class_init(ObjectClass *klass, const void *data) 2835 { 2836 DeviceClass *dc = DEVICE_CLASS(klass); 2837 SDCardClass *sc = SDMMC_COMMON_CLASS(klass); 2838 2839 device_class_set_props(dc, sdmmc_common_properties); 2840 dc->vmsd = &sd_vmstate; 2841 device_class_set_legacy_reset(dc, sd_reset); 2842 dc->bus_type = TYPE_SD_BUS; 2843 set_bit(DEVICE_CATEGORY_STORAGE, dc->categories); 2844 2845 sc->set_voltage = sd_set_voltage; 2846 sc->get_dat_lines = sd_get_dat_lines; 2847 sc->get_cmd_line = sd_get_cmd_line; 2848 sc->do_command = sd_do_command; 2849 sc->write_byte = sd_write_byte; 2850 sc->read_byte = sd_read_byte; 2851 sc->receive_ready = sd_receive_ready; 2852 sc->data_ready = sd_data_ready; 2853 sc->get_inserted = sd_get_inserted; 2854 sc->get_readonly = sd_get_readonly; 2855 } 2856 2857 static void sd_class_init(ObjectClass *klass, const void *data) 2858 { 2859 DeviceClass *dc = DEVICE_CLASS(klass); 2860 SDCardClass *sc = SDMMC_COMMON_CLASS(klass); 2861 2862 dc->realize = sd_realize; 2863 device_class_set_props(dc, sd_properties); 2864 2865 sc->set_cid = sd_set_cid; 2866 sc->set_csd = sd_set_csd; 2867 sc->proto = &sd_proto_sd; 2868 } 2869 2870 /* 2871 * We do not model the chip select pin, so allow the board to select 2872 * whether card should be in SSI or MMC/SD mode. It is also up to the 2873 * board to ensure that ssi transfers only occur when the chip select 2874 * is asserted. 2875 */ 2876 static void sd_spi_class_init(ObjectClass *klass, const void *data) 2877 { 2878 DeviceClass *dc = DEVICE_CLASS(klass); 2879 SDCardClass *sc = SDMMC_COMMON_CLASS(klass); 2880 2881 dc->desc = "SD SPI"; 2882 sc->proto = &sd_proto_spi; 2883 } 2884 2885 static void emmc_class_init(ObjectClass *klass, const void *data) 2886 { 2887 DeviceClass *dc = DEVICE_CLASS(klass); 2888 SDCardClass *sc = SDMMC_COMMON_CLASS(klass); 2889 2890 dc->desc = "eMMC"; 2891 dc->realize = emmc_realize; 2892 device_class_set_props(dc, emmc_properties); 2893 /* Reason: Soldered on board */ 2894 dc->user_creatable = false; 2895 2896 sc->proto = &sd_proto_emmc; 2897 2898 sc->set_cid = emmc_set_cid; 2899 sc->set_csd = emmc_set_csd; 2900 } 2901 2902 static const TypeInfo sd_types[] = { 2903 { 2904 .name = TYPE_SDMMC_COMMON, 2905 .parent = TYPE_DEVICE, 2906 .abstract = true, 2907 .instance_size = sizeof(SDState), 2908 .class_size = sizeof(SDCardClass), 2909 .class_init = sdmmc_common_class_init, 2910 .instance_init = sd_instance_init, 2911 .instance_finalize = sd_instance_finalize, 2912 }, 2913 { 2914 .name = TYPE_SD_CARD, 2915 .parent = TYPE_SDMMC_COMMON, 2916 .class_init = sd_class_init, 2917 }, 2918 { 2919 .name = TYPE_SD_CARD_SPI, 2920 .parent = TYPE_SD_CARD, 2921 .class_init = sd_spi_class_init, 2922 }, 2923 { 2924 .name = TYPE_EMMC, 2925 .parent = TYPE_SDMMC_COMMON, 2926 .class_init = emmc_class_init, 2927 }, 2928 }; 2929 2930 DEFINE_TYPES(sd_types) 2931