1 /* 2 * SD Memory Card emulation as defined in the "SD Memory Card Physical 3 * layer specification, Version 2.00." 4 * 5 * eMMC emulation defined in "JEDEC Standard No. 84-A43" 6 * 7 * Copyright (c) 2006 Andrzej Zaborowski <balrog@zabor.org> 8 * Copyright (c) 2007 CodeSourcery 9 * Copyright (c) 2018 Philippe Mathieu-Daudé <f4bug@amsat.org> 10 * 11 * Redistribution and use in source and binary forms, with or without 12 * modification, are permitted provided that the following conditions 13 * are met: 14 * 15 * 1. Redistributions of source code must retain the above copyright 16 * notice, this list of conditions and the following disclaimer. 17 * 2. Redistributions in binary form must reproduce the above copyright 18 * notice, this list of conditions and the following disclaimer in 19 * the documentation and/or other materials provided with the 20 * distribution. 21 * 22 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' 23 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, 24 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A 25 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR 26 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 27 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 28 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 29 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY 30 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 31 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 32 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 33 */ 34 35 #include "qemu/osdep.h" 36 #include "qemu/units.h" 37 #include "qemu/cutils.h" 38 #include "hw/irq.h" 39 #include "hw/registerfields.h" 40 #include "system/block-backend.h" 41 #include "hw/sd/sd.h" 42 #include "migration/vmstate.h" 43 #include "qapi/error.h" 44 #include "qemu/bitmap.h" 45 #include "hw/qdev-properties.h" 46 #include "hw/qdev-properties-system.h" 47 #include "qemu/error-report.h" 48 #include "qemu/timer.h" 49 #include "qemu/log.h" 50 #include "qemu/guest-random.h" 51 #include "qemu/module.h" 52 #include "sdmmc-internal.h" 53 #include "trace.h" 54 55 //#define DEBUG_SD 1 56 57 #define SDSC_MAX_CAPACITY (2 * GiB) 58 59 #define INVALID_ADDRESS UINT32_MAX 60 61 typedef enum { 62 sd_r0 = 0, /* no response */ 63 sd_r1, /* normal response command */ 64 sd_r2_i, /* CID register */ 65 sd_r2_s, /* CSD register */ 66 sd_r3, /* OCR register */ 67 sd_r6 = 6, /* Published RCA response */ 68 sd_r7, /* Operating voltage */ 69 sd_r1b = -1, 70 sd_illegal = -2, 71 } sd_rsp_type_t; 72 73 typedef enum { 74 sd_spi, 75 sd_bc, /* broadcast -- no response */ 76 sd_bcr, /* broadcast with response */ 77 sd_ac, /* addressed -- no data transfer */ 78 sd_adtc, /* addressed with data transfer */ 79 } sd_cmd_type_t; 80 81 enum SDCardModes { 82 sd_inactive, 83 sd_card_identification_mode, 84 sd_data_transfer_mode, 85 }; 86 87 enum SDCardStates { 88 sd_waitirq_state = -2, /* emmc */ 89 sd_inactive_state = -1, 90 91 sd_idle_state = 0, 92 sd_ready_state = 1, 93 sd_identification_state = 2, 94 sd_standby_state = 3, 95 sd_transfer_state = 4, 96 sd_sendingdata_state = 5, 97 sd_receivingdata_state = 6, 98 sd_programming_state = 7, 99 sd_disconnect_state = 8, 100 sd_bus_test_state = 9, /* emmc */ 101 sd_sleep_state = 10, /* emmc */ 102 sd_io_state = 15 /* sd */ 103 }; 104 105 #define SDMMC_CMD_MAX 64 106 107 typedef sd_rsp_type_t (*sd_cmd_handler)(SDState *sd, SDRequest req); 108 109 typedef struct SDProto { 110 const char *name; 111 struct { 112 const unsigned class; 113 const sd_cmd_type_t type; 114 const char *name; 115 sd_cmd_handler handler; 116 } cmd[SDMMC_CMD_MAX], acmd[SDMMC_CMD_MAX]; 117 } SDProto; 118 119 struct SDState { 120 DeviceState parent_obj; 121 122 /* SD Memory Card Registers */ 123 uint32_t ocr; 124 uint8_t scr[8]; 125 uint8_t cid[16]; 126 uint8_t csd[16]; 127 uint16_t rca; 128 uint32_t card_status; 129 uint8_t sd_status[64]; 130 union { 131 uint8_t ext_csd[512]; 132 struct { 133 uint8_t ext_csd_rw[192]; /* Modes segment */ 134 uint8_t ext_csd_ro[320]; /* Properties segment */ 135 }; 136 }; 137 138 /* Static properties */ 139 140 uint8_t spec_version; 141 uint64_t boot_part_size; 142 BlockBackend *blk; 143 uint8_t boot_config; 144 145 const SDProto *proto; 146 147 /* Runtime changeables */ 148 149 uint32_t mode; /* current card mode, one of SDCardModes */ 150 int32_t state; /* current card state, one of SDCardStates */ 151 uint32_t vhs; 152 bool wp_switch; 153 unsigned long *wp_group_bmap; 154 int32_t wp_group_bits; 155 uint64_t size; 156 uint32_t blk_len; 157 uint32_t multi_blk_cnt; 158 uint32_t erase_start; 159 uint32_t erase_end; 160 uint8_t pwd[16]; 161 uint32_t pwd_len; 162 uint8_t function_group[6]; 163 uint8_t current_cmd; 164 const char *last_cmd_name; 165 /* True if we will handle the next command as an ACMD. Note that this does 166 * *not* track the APP_CMD status bit! 167 */ 168 bool expecting_acmd; 169 uint32_t blk_written; 170 171 uint64_t data_start; 172 uint32_t data_offset; 173 size_t data_size; 174 uint8_t data[512]; 175 QEMUTimer *ocr_power_timer; 176 uint8_t dat_lines; 177 bool cmd_line; 178 }; 179 180 static void sd_realize(DeviceState *dev, Error **errp); 181 182 static const SDProto sd_proto_spi; 183 static const SDProto sd_proto_emmc; 184 185 static bool sd_is_spi(SDState *sd) 186 { 187 return sd->proto == &sd_proto_spi; 188 } 189 190 static bool sd_is_emmc(SDState *sd) 191 { 192 return sd->proto == &sd_proto_emmc; 193 } 194 195 static const char *sd_version_str(enum SDPhySpecificationVersion version) 196 { 197 static const char *sdphy_version[] = { 198 [SD_PHY_SPECv1_10_VERS] = "v1.10", 199 [SD_PHY_SPECv2_00_VERS] = "v2.00", 200 [SD_PHY_SPECv3_01_VERS] = "v3.01", 201 }; 202 if (version >= ARRAY_SIZE(sdphy_version)) { 203 return "unsupported version"; 204 } 205 return sdphy_version[version]; 206 } 207 208 static const char *sd_mode_name(enum SDCardModes mode) 209 { 210 static const char *mode_name[] = { 211 [sd_inactive] = "inactive", 212 [sd_card_identification_mode] = "identification", 213 [sd_data_transfer_mode] = "transfer", 214 }; 215 assert(mode < ARRAY_SIZE(mode_name)); 216 return mode_name[mode]; 217 } 218 219 static const char *sd_state_name(enum SDCardStates state) 220 { 221 static const char *state_name[] = { 222 [sd_idle_state] = "idle", 223 [sd_ready_state] = "ready", 224 [sd_identification_state] = "identification", 225 [sd_standby_state] = "standby", 226 [sd_transfer_state] = "transfer", 227 [sd_sendingdata_state] = "sendingdata", 228 [sd_bus_test_state] = "bus-test", 229 [sd_receivingdata_state] = "receivingdata", 230 [sd_programming_state] = "programming", 231 [sd_disconnect_state] = "disconnect", 232 [sd_sleep_state] = "sleep", 233 [sd_io_state] = "i/o" 234 }; 235 if (state == sd_inactive_state) { 236 return "inactive"; 237 } 238 if (state == sd_waitirq_state) { 239 return "wait-irq"; 240 } 241 assert(state < ARRAY_SIZE(state_name)); 242 return state_name[state]; 243 } 244 245 static const char *sd_response_name(sd_rsp_type_t rsp) 246 { 247 static const char *response_name[] = { 248 [sd_r0] = "RESP#0 (no response)", 249 [sd_r1] = "RESP#1 (normal cmd)", 250 [sd_r2_i] = "RESP#2 (CID reg)", 251 [sd_r2_s] = "RESP#2 (CSD reg)", 252 [sd_r3] = "RESP#3 (OCR reg)", 253 [sd_r6] = "RESP#6 (RCA)", 254 [sd_r7] = "RESP#7 (operating voltage)", 255 }; 256 if (rsp == sd_illegal) { 257 return "ILLEGAL RESP"; 258 } 259 if (rsp == sd_r1b) { 260 rsp = sd_r1; 261 } 262 assert(rsp < ARRAY_SIZE(response_name)); 263 return response_name[rsp]; 264 } 265 266 static const char *sd_cmd_name(SDState *sd, uint8_t cmd) 267 { 268 static const char *cmd_abbrev[SDMMC_CMD_MAX] = { 269 [18] = "READ_MULTIPLE_BLOCK", 270 [25] = "WRITE_MULTIPLE_BLOCK", 271 }; 272 const SDProto *sdp = sd->proto; 273 274 if (sdp->cmd[cmd].handler) { 275 assert(!cmd_abbrev[cmd]); 276 return sdp->cmd[cmd].name; 277 } 278 return cmd_abbrev[cmd] ? cmd_abbrev[cmd] : "UNKNOWN_CMD"; 279 } 280 281 static const char *sd_acmd_name(SDState *sd, uint8_t cmd) 282 { 283 const SDProto *sdp = sd->proto; 284 285 if (sdp->acmd[cmd].handler) { 286 return sdp->acmd[cmd].name; 287 } 288 289 return "UNKNOWN_ACMD"; 290 } 291 292 static uint8_t sd_get_dat_lines(SDState *sd) 293 { 294 return sd->dat_lines; 295 } 296 297 static bool sd_get_cmd_line(SDState *sd) 298 { 299 return sd->cmd_line; 300 } 301 302 static void sd_set_voltage(SDState *sd, uint16_t millivolts) 303 { 304 trace_sdcard_set_voltage(millivolts); 305 306 switch (millivolts) { 307 case 3001 ... 3600: /* SD_VOLTAGE_3_3V */ 308 case 2001 ... 3000: /* SD_VOLTAGE_3_0V */ 309 break; 310 default: 311 qemu_log_mask(LOG_GUEST_ERROR, "SD card voltage not supported: %.3fV", 312 millivolts / 1000.f); 313 } 314 } 315 316 static void sd_set_mode(SDState *sd) 317 { 318 switch (sd->state) { 319 case sd_inactive_state: 320 sd->mode = sd_inactive; 321 break; 322 323 case sd_idle_state: 324 case sd_ready_state: 325 case sd_identification_state: 326 sd->mode = sd_card_identification_mode; 327 break; 328 329 case sd_standby_state: 330 case sd_transfer_state: 331 case sd_sendingdata_state: 332 case sd_receivingdata_state: 333 case sd_programming_state: 334 case sd_disconnect_state: 335 sd->mode = sd_data_transfer_mode; 336 break; 337 } 338 } 339 340 static uint8_t sd_crc7(const void *message, size_t width) 341 { 342 int i, bit; 343 uint8_t shift_reg = 0x00; 344 const uint8_t *msg = (const uint8_t *)message; 345 346 for (i = 0; i < width; i ++, msg ++) 347 for (bit = 7; bit >= 0; bit --) { 348 shift_reg <<= 1; 349 if ((shift_reg >> 7) ^ ((*msg >> bit) & 1)) 350 shift_reg ^= 0x89; 351 } 352 353 return shift_reg; 354 } 355 356 /* Operation Conditions register */ 357 358 #define OCR_POWER_DELAY_NS 500000 /* 0.5ms */ 359 360 FIELD(OCR, VDD_VOLTAGE_WINDOW, 0, 24) 361 FIELD(OCR, VDD_VOLTAGE_WIN_LO, 0, 8) 362 FIELD(OCR, DUAL_VOLTAGE_CARD, 7, 1) 363 FIELD(OCR, VDD_VOLTAGE_WIN_HI, 8, 16) 364 FIELD(OCR, ACCEPT_SWITCH_1V8, 24, 1) /* Only UHS-I */ 365 FIELD(OCR, UHS_II_CARD, 29, 1) /* Only UHS-II */ 366 FIELD(OCR, CARD_CAPACITY, 30, 1) /* 0:SDSC, 1:SDHC/SDXC */ 367 FIELD(OCR, CARD_POWER_UP, 31, 1) 368 369 #define ACMD41_ENQUIRY_MASK 0x00ffffff 370 #define ACMD41_R3_MASK (R_OCR_VDD_VOLTAGE_WIN_HI_MASK \ 371 | R_OCR_ACCEPT_SWITCH_1V8_MASK \ 372 | R_OCR_UHS_II_CARD_MASK \ 373 | R_OCR_CARD_CAPACITY_MASK \ 374 | R_OCR_CARD_POWER_UP_MASK) 375 376 static void sd_ocr_powerup(void *opaque) 377 { 378 SDState *sd = opaque; 379 380 trace_sdcard_powerup(); 381 assert(!FIELD_EX32(sd->ocr, OCR, CARD_POWER_UP)); 382 383 /* card power-up OK */ 384 sd->ocr = FIELD_DP32(sd->ocr, OCR, CARD_POWER_UP, 1); 385 386 if (sd->size > SDSC_MAX_CAPACITY) { 387 sd->ocr = FIELD_DP32(sd->ocr, OCR, CARD_CAPACITY, 1); 388 } 389 } 390 391 static void sd_set_ocr(SDState *sd) 392 { 393 /* All voltages OK */ 394 sd->ocr = R_OCR_VDD_VOLTAGE_WIN_HI_MASK; 395 396 if (sd_is_spi(sd)) { 397 /* 398 * We don't need to emulate power up sequence in SPI-mode. 399 * Thus, the card's power up status bit should be set to 1 when reset. 400 * The card's capacity status bit should also be set if SD card size 401 * is larger than 2GB for SDHC support. 402 */ 403 sd_ocr_powerup(sd); 404 } 405 } 406 407 /* SD Configuration register */ 408 409 static void sd_set_scr(SDState *sd) 410 { 411 sd->scr[0] = 0 << 4; /* SCR structure version 1.0 */ 412 if (sd->spec_version == SD_PHY_SPECv1_10_VERS) { 413 sd->scr[0] |= 1; /* Spec Version 1.10 */ 414 } else { 415 sd->scr[0] |= 2; /* Spec Version 2.00 or Version 3.0X */ 416 } 417 sd->scr[1] = (2 << 4) /* SDSC Card (Security Version 1.01) */ 418 | 0b0101; /* 1-bit or 4-bit width bus modes */ 419 sd->scr[2] = 0x00; /* Extended Security is not supported. */ 420 if (sd->spec_version >= SD_PHY_SPECv3_01_VERS) { 421 sd->scr[2] |= 1 << 7; /* Spec Version 3.0X */ 422 } 423 sd->scr[3] = 0x00; 424 /* reserved for manufacturer usage */ 425 sd->scr[4] = 0x00; 426 sd->scr[5] = 0x00; 427 sd->scr[6] = 0x00; 428 sd->scr[7] = 0x00; 429 } 430 431 /* Card IDentification register */ 432 433 #define MID 0xaa 434 #define OID "XY" 435 #define PNM "QEMU!" 436 #define PRV 0x01 437 #define MDT_YR 2006 438 #define MDT_MON 2 439 440 static void sd_set_cid(SDState *sd) 441 { 442 sd->cid[0] = MID; /* Fake card manufacturer ID (MID) */ 443 sd->cid[1] = OID[0]; /* OEM/Application ID (OID) */ 444 sd->cid[2] = OID[1]; 445 sd->cid[3] = PNM[0]; /* Fake product name (PNM) */ 446 sd->cid[4] = PNM[1]; 447 sd->cid[5] = PNM[2]; 448 sd->cid[6] = PNM[3]; 449 sd->cid[7] = PNM[4]; 450 sd->cid[8] = PRV; /* Fake product revision (PRV) */ 451 stl_be_p(&sd->cid[9], 0xdeadbeef); /* Fake serial number (PSN) */ 452 sd->cid[13] = 0x00 | /* Manufacture date (MDT) */ 453 ((MDT_YR - 2000) / 10); 454 sd->cid[14] = ((MDT_YR % 10) << 4) | MDT_MON; 455 sd->cid[15] = (sd_crc7(sd->cid, 15) << 1) | 1; 456 } 457 458 static void emmc_set_cid(SDState *sd) 459 { 460 sd->cid[0] = MID; /* Fake card manufacturer ID (MID) */ 461 sd->cid[1] = 0b01; /* CBX: soldered BGA */ 462 sd->cid[2] = OID[0]; /* OEM/Application ID (OID) */ 463 sd->cid[3] = PNM[0]; /* Fake product name (PNM) */ 464 sd->cid[4] = PNM[1]; 465 sd->cid[5] = PNM[2]; 466 sd->cid[6] = PNM[3]; 467 sd->cid[7] = PNM[4]; 468 sd->cid[8] = PNM[4]; 469 sd->cid[9] = PRV; /* Fake product revision (PRV) */ 470 stl_be_p(&sd->cid[10], 0xdeadbeef); /* Fake serial number (PSN) */ 471 sd->cid[14] = (MDT_MON << 4) | (MDT_YR - 1997); /* Manufacture date (MDT) */ 472 sd->cid[15] = (sd_crc7(sd->cid, 15) << 1) | 1; 473 } 474 475 /* Card-Specific Data register */ 476 477 #define HWBLOCK_SHIFT 9 /* 512 bytes */ 478 #define SECTOR_SHIFT 5 /* 16 kilobytes */ 479 #define WPGROUP_SHIFT 7 /* 2 megs */ 480 #define CMULT_SHIFT 9 /* 512 times HWBLOCK_SIZE */ 481 #define WPGROUP_SIZE (1 << (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT)) 482 483 static const uint8_t sd_csd_rw_mask[16] = { 484 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 485 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xfc, 0xfe, 486 }; 487 488 static void emmc_set_ext_csd(SDState *sd, uint64_t size) 489 { 490 uint32_t sectcount = size >> HWBLOCK_SHIFT; 491 492 memset(sd->ext_csd, 0, sizeof(sd->ext_csd)); /* FIXME only RW at reset */ 493 494 /* Properties segment (RO) */ 495 sd->ext_csd[EXT_CSD_S_CMD_SET] = 0b1; /* supported command sets */ 496 sd->ext_csd[EXT_CSD_BOOT_INFO] = 0x0; /* Boot information */ 497 /* Boot partition size. 128KB unit */ 498 sd->ext_csd[EXT_CSD_BOOT_MULT] = sd->boot_part_size / (128 * KiB); 499 sd->ext_csd[EXT_CSD_ACC_SIZE] = 0x1; /* Access size */ 500 sd->ext_csd[EXT_CSD_HC_ERASE_GRP_SIZE] = 0x01; /* HC Erase unit size */ 501 sd->ext_csd[EXT_CSD_ERASE_TIMEOUT_MULT] = 0x01; /* HC erase timeout */ 502 sd->ext_csd[EXT_CSD_REL_WR_SEC_C] = 0x1; /* Reliable write sector count */ 503 sd->ext_csd[EXT_CSD_HC_WP_GRP_SIZE] = 0x01; /* HC write protect group size */ 504 sd->ext_csd[EXT_CSD_S_C_VCC] = 0x01; /* Sleep current VCC */ 505 sd->ext_csd[EXT_CSD_S_C_VCCQ] = 0x01; /* Sleep current VCCQ */ 506 sd->ext_csd[EXT_CSD_S_A_TIMEOUT] = 0x01; /* Sleep/Awake timeout */ 507 stl_le_p(&sd->ext_csd[EXT_CSD_SEC_CNT], sectcount); /* Sector count */ 508 sd->ext_csd[210] = 0x46; /* Min write perf for 8bit@52Mhz */ 509 sd->ext_csd[209] = 0x46; /* Min read perf for 8bit@52Mhz */ 510 sd->ext_csd[208] = 0x46; /* Min write perf for 4bit@52Mhz */ 511 sd->ext_csd[207] = 0x46; /* Min read perf for 4bit@52Mhz */ 512 sd->ext_csd[206] = 0x46; /* Min write perf for 4bit@26Mhz */ 513 sd->ext_csd[205] = 0x46; /* Min read perf for 4bit@26Mhz */ 514 sd->ext_csd[EXT_CSD_CARD_TYPE] = 0b11; 515 sd->ext_csd[EXT_CSD_STRUCTURE] = 2; 516 sd->ext_csd[EXT_CSD_REV] = 3; 517 518 /* Mode segment (RW) */ 519 sd->ext_csd[EXT_CSD_PART_CONFIG] = sd->boot_config; 520 } 521 522 static void emmc_set_csd(SDState *sd, uint64_t size) 523 { 524 int hwblock_shift = HWBLOCK_SHIFT; 525 uint32_t sectsize = (1 << (SECTOR_SHIFT + 1)) - 1; 526 uint32_t wpsize = (1 << (WPGROUP_SHIFT + 1)) - 1; 527 528 sd->csd[0] = (3 << 6) | (4 << 2); /* Spec v4.3 with EXT_CSD */ 529 sd->csd[1] = (1 << 3) | 6; /* Asynchronous data access time: 1ms */ 530 sd->csd[2] = 0x00; 531 sd->csd[3] = (1 << 3) | 3;; /* Maximum bus clock frequency: 100MHz */ 532 sd->csd[4] = 0x0f; 533 if (size <= 2 * GiB) { 534 /* use 1k blocks */ 535 uint32_t csize1k = (size >> (CMULT_SHIFT + 10)) - 1; 536 sd->csd[5] = 0x5a; 537 sd->csd[6] = 0x80 | ((csize1k >> 10) & 0xf); 538 sd->csd[7] = (csize1k >> 2) & 0xff; 539 } else { /* >= 2GB : size stored in ext CSD, block addressing */ 540 sd->csd[5] = 0x59; 541 sd->csd[6] = 0x8f; 542 sd->csd[7] = 0xff; 543 sd->ocr = FIELD_DP32(sd->ocr, OCR, CARD_CAPACITY, 1); 544 } 545 sd->csd[8] = 0xff; 546 sd->csd[9] = 0xfc | /* Max. write current */ 547 ((CMULT_SHIFT - 2) >> 1); 548 sd->csd[10] = 0x40 | /* Erase sector size */ 549 (((CMULT_SHIFT - 2) << 7) & 0x80) | (sectsize >> 1); 550 sd->csd[11] = 0x00 | /* Write protect group size */ 551 ((sectsize << 7) & 0x80) | wpsize; 552 sd->csd[12] = 0x90 | /* Write speed factor */ 553 (hwblock_shift >> 2); 554 sd->csd[13] = 0x20 | /* Max. write data block length */ 555 ((hwblock_shift << 6) & 0xc0); 556 sd->csd[14] = 0x00; 557 sd->csd[15] = (sd_crc7(sd->csd, 15) << 1) | 1; 558 emmc_set_ext_csd(sd, size); 559 } 560 561 static void sd_set_csd(SDState *sd, uint64_t size) 562 { 563 int hwblock_shift = HWBLOCK_SHIFT; 564 uint32_t csize; 565 uint32_t sectsize = (1 << (SECTOR_SHIFT + 1)) - 1; 566 uint32_t wpsize = (1 << (WPGROUP_SHIFT + 1)) - 1; 567 568 /* To indicate 2 GiB card, BLOCK_LEN shall be 1024 bytes */ 569 if (size == SDSC_MAX_CAPACITY) { 570 hwblock_shift += 1; 571 } 572 csize = (size >> (CMULT_SHIFT + hwblock_shift)) - 1; 573 574 if (size <= SDSC_MAX_CAPACITY) { /* Standard Capacity SD */ 575 sd->csd[0] = 0x00; /* CSD structure */ 576 sd->csd[1] = 0x26; /* Data read access-time-1 */ 577 sd->csd[2] = 0x00; /* Data read access-time-2 */ 578 sd->csd[3] = 0x32; /* Max. data transfer rate: 25 MHz */ 579 sd->csd[4] = 0x5f; /* Card Command Classes */ 580 sd->csd[5] = 0x50 | /* Max. read data block length */ 581 hwblock_shift; 582 sd->csd[6] = 0xe0 | /* Partial block for read allowed */ 583 ((csize >> 10) & 0x03); 584 sd->csd[7] = 0x00 | /* Device size */ 585 ((csize >> 2) & 0xff); 586 sd->csd[8] = 0x3f | /* Max. read current */ 587 ((csize << 6) & 0xc0); 588 sd->csd[9] = 0xfc | /* Max. write current */ 589 ((CMULT_SHIFT - 2) >> 1); 590 sd->csd[10] = 0x40 | /* Erase sector size */ 591 (((CMULT_SHIFT - 2) << 7) & 0x80) | (sectsize >> 1); 592 sd->csd[11] = 0x00 | /* Write protect group size */ 593 ((sectsize << 7) & 0x80) | wpsize; 594 sd->csd[12] = 0x90 | /* Write speed factor */ 595 (hwblock_shift >> 2); 596 sd->csd[13] = 0x20 | /* Max. write data block length */ 597 ((hwblock_shift << 6) & 0xc0); 598 sd->csd[14] = 0x00; /* File format group */ 599 } else { /* SDHC */ 600 size /= 512 * KiB; 601 size -= 1; 602 sd->csd[0] = 0x40; 603 sd->csd[1] = 0x0e; 604 sd->csd[2] = 0x00; 605 sd->csd[3] = 0x32; 606 sd->csd[4] = 0x5b; 607 sd->csd[5] = 0x59; 608 sd->csd[6] = 0x00; 609 st24_be_p(&sd->csd[7], size); 610 sd->csd[10] = 0x7f; 611 sd->csd[11] = 0x80; 612 sd->csd[12] = 0x0a; 613 sd->csd[13] = 0x40; 614 sd->csd[14] = 0x00; 615 } 616 sd->csd[15] = (sd_crc7(sd->csd, 15) << 1) | 1; 617 } 618 619 /* Relative Card Address register */ 620 621 static void sd_set_rca(SDState *sd, uint16_t value) 622 { 623 trace_sdcard_set_rca(value); 624 sd->rca = value; 625 } 626 627 static uint16_t sd_req_get_rca(SDState *s, SDRequest req) 628 { 629 switch (s->proto->cmd[req.cmd].type) { 630 case sd_ac: 631 case sd_adtc: 632 return req.arg >> 16; 633 case sd_spi: 634 default: 635 g_assert_not_reached(); 636 } 637 } 638 639 static bool sd_req_rca_same(SDState *s, SDRequest req) 640 { 641 return sd_req_get_rca(s, req) == s->rca; 642 } 643 644 /* Card Status register */ 645 646 FIELD(CSR, AKE_SEQ_ERROR, 3, 1) 647 FIELD(CSR, APP_CMD, 5, 1) 648 FIELD(CSR, FX_EVENT, 6, 1) 649 FIELD(CSR, SWITCH_ERROR, 7, 1) 650 FIELD(CSR, READY_FOR_DATA, 8, 1) 651 FIELD(CSR, CURRENT_STATE, 9, 4) 652 FIELD(CSR, ERASE_RESET, 13, 1) 653 FIELD(CSR, CARD_ECC_DISABLED, 14, 1) 654 FIELD(CSR, WP_ERASE_SKIP, 15, 1) 655 FIELD(CSR, CSD_OVERWRITE, 16, 1) 656 FIELD(CSR, DEFERRED_RESPONSE, 17, 1) 657 FIELD(CSR, ERROR, 19, 1) 658 FIELD(CSR, CC_ERROR, 20, 1) 659 FIELD(CSR, CARD_ECC_FAILED, 21, 1) 660 FIELD(CSR, ILLEGAL_COMMAND, 22, 1) 661 FIELD(CSR, COM_CRC_ERROR, 23, 1) 662 FIELD(CSR, LOCK_UNLOCK_FAILED, 24, 1) 663 FIELD(CSR, CARD_IS_LOCKED, 25, 1) 664 FIELD(CSR, WP_VIOLATION, 26, 1) 665 FIELD(CSR, ERASE_PARAM, 27, 1) 666 FIELD(CSR, ERASE_SEQ_ERROR, 28, 1) 667 FIELD(CSR, BLOCK_LEN_ERROR, 29, 1) 668 FIELD(CSR, ADDRESS_ERROR, 30, 1) 669 FIELD(CSR, OUT_OF_RANGE, 31, 1) 670 671 /* Card status bits, split by clear condition: 672 * A : According to the card current state 673 * B : Always related to the previous command 674 * C : Cleared by read 675 */ 676 #define CARD_STATUS_A (R_CSR_READY_FOR_DATA_MASK \ 677 | R_CSR_CARD_ECC_DISABLED_MASK \ 678 | R_CSR_CARD_IS_LOCKED_MASK) 679 #define CARD_STATUS_B (R_CSR_CURRENT_STATE_MASK \ 680 | R_CSR_ILLEGAL_COMMAND_MASK \ 681 | R_CSR_COM_CRC_ERROR_MASK) 682 #define CARD_STATUS_C (R_CSR_AKE_SEQ_ERROR_MASK \ 683 | R_CSR_APP_CMD_MASK \ 684 | R_CSR_ERASE_RESET_MASK \ 685 | R_CSR_WP_ERASE_SKIP_MASK \ 686 | R_CSR_CSD_OVERWRITE_MASK \ 687 | R_CSR_ERROR_MASK \ 688 | R_CSR_CC_ERROR_MASK \ 689 | R_CSR_CARD_ECC_FAILED_MASK \ 690 | R_CSR_LOCK_UNLOCK_FAILED_MASK \ 691 | R_CSR_WP_VIOLATION_MASK \ 692 | R_CSR_ERASE_PARAM_MASK \ 693 | R_CSR_ERASE_SEQ_ERROR_MASK \ 694 | R_CSR_BLOCK_LEN_ERROR_MASK \ 695 | R_CSR_ADDRESS_ERROR_MASK \ 696 | R_CSR_OUT_OF_RANGE_MASK) 697 698 static void sd_set_cardstatus(SDState *sd) 699 { 700 sd->card_status = READY_FOR_DATA; 701 } 702 703 static void sd_set_sdstatus(SDState *sd) 704 { 705 memset(sd->sd_status, 0, 64); 706 } 707 708 static const uint8_t sd_tuning_block_pattern4[64] = { 709 /* 710 * See: Physical Layer Simplified Specification Version 3.01, 711 * Table 4-2. 712 */ 713 0xff, 0x0f, 0xff, 0x00, 0x0f, 0xfc, 0xc3, 0xcc, 714 0xc3, 0x3c, 0xcc, 0xff, 0xfe, 0xff, 0xfe, 0xef, 715 0xff, 0xdf, 0xff, 0xdd, 0xff, 0xfb, 0xff, 0xfb, 716 0xbf, 0xff, 0x7f, 0xff, 0x77, 0xf7, 0xbd, 0xef, 717 0xff, 0xf0, 0xff, 0xf0, 0x0f, 0xfc, 0xcc, 0x3c, 718 0xcc, 0x33, 0xcc, 0xcf, 0xff, 0xef, 0xff, 0xee, 719 0xff, 0xfd, 0xff, 0xfd, 0xdf, 0xff, 0xbf, 0xff, 720 0xbb, 0xff, 0xf7, 0xff, 0xf7, 0x7f, 0x7b, 0xde 721 }; 722 723 static int sd_req_crc_validate(SDRequest *req) 724 { 725 uint8_t buffer[5]; 726 buffer[0] = 0x40 | req->cmd; 727 stl_be_p(&buffer[1], req->arg); 728 return 0; 729 return sd_crc7(buffer, 5) != req->crc; /* TODO */ 730 } 731 732 static size_t sd_response_size(SDState *sd, sd_rsp_type_t rtype) 733 { 734 switch (rtype) { 735 case sd_r1: 736 case sd_r1b: 737 return sd_is_spi(sd) ? 1 : 4; 738 739 case sd_r2_i: 740 case sd_r2_s: 741 assert(!sd_is_spi(sd)); 742 return 16; 743 744 case sd_r3: 745 case sd_r7: 746 return sd_is_spi(sd) ? 5 : 4; 747 748 case sd_r6: 749 assert(!sd_is_spi(sd)); 750 return 4; 751 752 case sd_r0: 753 case sd_illegal: 754 return sd_is_spi(sd) ? 1 : 0; 755 756 default: 757 g_assert_not_reached(); 758 } 759 } 760 761 static void sd_response_r1_make(SDState *sd, uint8_t *response) 762 { 763 if (sd_is_spi(sd)) { 764 response[0] = sd->state == sd_idle_state 765 && !FIELD_EX32(sd->ocr, OCR, CARD_POWER_UP); 766 response[0] |= FIELD_EX32(sd->card_status, CSR, ERASE_RESET) << 1; 767 response[0] |= FIELD_EX32(sd->card_status, CSR, ILLEGAL_COMMAND) << 2; 768 response[0] |= FIELD_EX32(sd->card_status, CSR, COM_CRC_ERROR) << 3; 769 response[0] |= FIELD_EX32(sd->card_status, CSR, ERASE_SEQ_ERROR) << 4; 770 response[0] |= FIELD_EX32(sd->card_status, CSR, ADDRESS_ERROR) << 5; 771 response[0] |= FIELD_EX32(sd->card_status, CSR, BLOCK_LEN_ERROR) << 6; 772 response[0] |= 0 << 7; 773 } else { 774 stl_be_p(response, sd->card_status); 775 } 776 777 /* Clear the "clear on read" status bits */ 778 sd->card_status &= ~CARD_STATUS_C; 779 } 780 781 static void sd_response_r3_make(SDState *sd, uint8_t *response) 782 { 783 if (sd_is_spi(sd)) { 784 /* Prepend R1 */ 785 sd_response_r1_make(sd, response); 786 response++; 787 } 788 stl_be_p(response, sd->ocr & ACMD41_R3_MASK); 789 } 790 791 static void sd_response_r6_make(SDState *sd, uint8_t *response) 792 { 793 uint16_t status; 794 795 status = ((sd->card_status >> 8) & 0xc000) | 796 ((sd->card_status >> 6) & 0x2000) | 797 (sd->card_status & 0x1fff); 798 sd->card_status &= ~(CARD_STATUS_C & 0xc81fff); 799 stw_be_p(response + 0, sd->rca); 800 stw_be_p(response + 2, status); 801 } 802 803 static void sd_response_r7_make(SDState *sd, uint8_t *response) 804 { 805 if (sd_is_spi(sd)) { 806 /* Prepend R1 */ 807 sd_response_r1_make(sd, response); 808 response++; 809 } 810 stl_be_p(response, sd->vhs); 811 } 812 813 static uint32_t sd_blk_len(SDState *sd) 814 { 815 if (FIELD_EX32(sd->ocr, OCR, CARD_CAPACITY)) { 816 return 1 << HWBLOCK_SHIFT; 817 } 818 return sd->blk_len; 819 } 820 821 /* 822 * This requires a disk image that has two boot partitions inserted at the 823 * beginning of it. The size of the boot partitions is the "boot-size" 824 * property. 825 */ 826 static uint32_t sd_bootpart_offset(SDState *sd) 827 { 828 unsigned partition_access; 829 830 if (!sd->boot_part_size || !sd_is_emmc(sd)) { 831 return 0; 832 } 833 834 partition_access = sd->ext_csd[EXT_CSD_PART_CONFIG] 835 & EXT_CSD_PART_CONFIG_ACC_MASK; 836 switch (partition_access) { 837 case EXT_CSD_PART_CONFIG_ACC_DEFAULT: 838 return sd->boot_part_size * 2; 839 case EXT_CSD_PART_CONFIG_ACC_BOOT0: 840 return 0; 841 case EXT_CSD_PART_CONFIG_ACC_BOOT0 + 1: 842 return sd->boot_part_size * 1; 843 default: 844 g_assert_not_reached(); 845 } 846 } 847 848 static uint64_t sd_req_get_address(SDState *sd, SDRequest req) 849 { 850 uint64_t addr; 851 852 if (FIELD_EX32(sd->ocr, OCR, CARD_CAPACITY)) { 853 addr = (uint64_t) req.arg << HWBLOCK_SHIFT; 854 } else { 855 addr = req.arg; 856 } 857 trace_sdcard_req_addr(req.arg, addr); 858 return addr; 859 } 860 861 static inline uint64_t sd_addr_to_wpnum(uint64_t addr) 862 { 863 return addr >> (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT); 864 } 865 866 static void sd_reset(DeviceState *dev) 867 { 868 SDState *sd = SDMMC_COMMON(dev); 869 SDCardClass *sc = SDMMC_COMMON_GET_CLASS(sd); 870 uint64_t size; 871 uint64_t sect; 872 873 trace_sdcard_reset(); 874 if (sd->blk) { 875 blk_get_geometry(sd->blk, §); 876 } else { 877 sect = 0; 878 } 879 size = sect << HWBLOCK_SHIFT; 880 if (sd_is_emmc(sd)) { 881 size -= sd->boot_part_size * 2; 882 } 883 884 sect = sd_addr_to_wpnum(size) + 1; 885 886 sd->state = sd_idle_state; 887 888 /* card registers */ 889 sd->rca = sd_is_emmc(sd) ? 0x0001 : 0x0000; 890 sd->size = size; 891 sd_set_ocr(sd); 892 sd_set_scr(sd); 893 sc->set_cid(sd); 894 sc->set_csd(sd, size); 895 sd_set_cardstatus(sd); 896 sd_set_sdstatus(sd); 897 898 g_free(sd->wp_group_bmap); 899 sd->wp_switch = sd->blk ? !blk_is_writable(sd->blk) : false; 900 sd->wp_group_bits = sect; 901 sd->wp_group_bmap = bitmap_new(sd->wp_group_bits); 902 memset(sd->function_group, 0, sizeof(sd->function_group)); 903 sd->erase_start = INVALID_ADDRESS; 904 sd->erase_end = INVALID_ADDRESS; 905 sd->blk_len = 0x200; 906 sd->pwd_len = 0; 907 sd->expecting_acmd = false; 908 sd->dat_lines = 0xf; 909 sd->cmd_line = true; 910 sd->multi_blk_cnt = 0; 911 } 912 913 static bool sd_get_inserted(SDState *sd) 914 { 915 return sd->blk && blk_is_inserted(sd->blk); 916 } 917 918 static bool sd_get_readonly(SDState *sd) 919 { 920 return sd->wp_switch; 921 } 922 923 static void sd_cardchange(void *opaque, bool load, Error **errp) 924 { 925 SDState *sd = opaque; 926 DeviceState *dev = DEVICE(sd); 927 SDBus *sdbus; 928 bool inserted = sd_get_inserted(sd); 929 bool readonly = sd_get_readonly(sd); 930 931 if (inserted) { 932 trace_sdcard_inserted(readonly); 933 sd_reset(dev); 934 } else { 935 trace_sdcard_ejected(); 936 } 937 938 sdbus = SD_BUS(qdev_get_parent_bus(dev)); 939 sdbus_set_inserted(sdbus, inserted); 940 if (inserted) { 941 sdbus_set_readonly(sdbus, readonly); 942 } 943 } 944 945 static const BlockDevOps sd_block_ops = { 946 .change_media_cb = sd_cardchange, 947 }; 948 949 static bool sd_ocr_vmstate_needed(void *opaque) 950 { 951 SDState *sd = opaque; 952 953 /* Include the OCR state (and timer) if it is not yet powered up */ 954 return !FIELD_EX32(sd->ocr, OCR, CARD_POWER_UP); 955 } 956 957 static const VMStateDescription sd_ocr_vmstate = { 958 .name = "sd-card/ocr-state", 959 .version_id = 1, 960 .minimum_version_id = 1, 961 .needed = sd_ocr_vmstate_needed, 962 .fields = (const VMStateField[]) { 963 VMSTATE_UINT32(ocr, SDState), 964 VMSTATE_TIMER_PTR(ocr_power_timer, SDState), 965 VMSTATE_END_OF_LIST() 966 }, 967 }; 968 969 static bool vmstate_needed_for_emmc(void *opaque) 970 { 971 SDState *sd = opaque; 972 973 return sd_is_emmc(sd); 974 } 975 976 static const VMStateDescription emmc_extcsd_vmstate = { 977 .name = "sd-card/ext_csd_modes-state", 978 .version_id = 1, 979 .minimum_version_id = 1, 980 .needed = vmstate_needed_for_emmc, 981 .fields = (const VMStateField[]) { 982 VMSTATE_UINT8_ARRAY(ext_csd_rw, SDState, 192), 983 VMSTATE_END_OF_LIST() 984 }, 985 }; 986 987 static int sd_vmstate_pre_load(void *opaque) 988 { 989 SDState *sd = opaque; 990 991 /* If the OCR state is not included (prior versions, or not 992 * needed), then the OCR must be set as powered up. If the OCR state 993 * is included, this will be replaced by the state restore. 994 */ 995 sd_ocr_powerup(sd); 996 997 return 0; 998 } 999 1000 static const VMStateDescription sd_vmstate = { 1001 .name = "sd-card", 1002 .version_id = 2, 1003 .minimum_version_id = 2, 1004 .pre_load = sd_vmstate_pre_load, 1005 .fields = (const VMStateField[]) { 1006 VMSTATE_UINT32(mode, SDState), 1007 VMSTATE_INT32(state, SDState), 1008 VMSTATE_UINT8_ARRAY(cid, SDState, 16), 1009 VMSTATE_UINT8_ARRAY(csd, SDState, 16), 1010 VMSTATE_UINT16(rca, SDState), 1011 VMSTATE_UINT32(card_status, SDState), 1012 VMSTATE_PARTIAL_BUFFER(sd_status, SDState, 1), 1013 VMSTATE_UINT32(vhs, SDState), 1014 VMSTATE_BITMAP(wp_group_bmap, SDState, 0, wp_group_bits), 1015 VMSTATE_UINT32(blk_len, SDState), 1016 VMSTATE_UINT32(multi_blk_cnt, SDState), 1017 VMSTATE_UINT32(erase_start, SDState), 1018 VMSTATE_UINT32(erase_end, SDState), 1019 VMSTATE_UINT8_ARRAY(pwd, SDState, 16), 1020 VMSTATE_UINT32(pwd_len, SDState), 1021 VMSTATE_UINT8_ARRAY(function_group, SDState, 6), 1022 VMSTATE_UINT8(current_cmd, SDState), 1023 VMSTATE_BOOL(expecting_acmd, SDState), 1024 VMSTATE_UINT32(blk_written, SDState), 1025 VMSTATE_UINT64(data_start, SDState), 1026 VMSTATE_UINT32(data_offset, SDState), 1027 VMSTATE_UINT8_ARRAY(data, SDState, 512), 1028 VMSTATE_UNUSED_V(1, 512), 1029 VMSTATE_UNUSED(1), 1030 VMSTATE_END_OF_LIST() 1031 }, 1032 .subsections = (const VMStateDescription * const []) { 1033 &sd_ocr_vmstate, 1034 &emmc_extcsd_vmstate, 1035 NULL 1036 }, 1037 }; 1038 1039 static void sd_blk_read(SDState *sd, uint64_t addr, uint32_t len) 1040 { 1041 trace_sdcard_read_block(addr, len); 1042 addr += sd_bootpart_offset(sd); 1043 if (!sd->blk || blk_pread(sd->blk, addr, len, sd->data, 0) < 0) { 1044 fprintf(stderr, "sd_blk_read: read error on host side\n"); 1045 } 1046 } 1047 1048 static void sd_blk_write(SDState *sd, uint64_t addr, uint32_t len) 1049 { 1050 trace_sdcard_write_block(addr, len); 1051 addr += sd_bootpart_offset(sd); 1052 if (!sd->blk || blk_pwrite(sd->blk, addr, len, sd->data, 0) < 0) { 1053 fprintf(stderr, "sd_blk_write: write error on host side\n"); 1054 } 1055 } 1056 1057 static void sd_erase(SDState *sd) 1058 { 1059 uint64_t erase_start = sd->erase_start; 1060 uint64_t erase_end = sd->erase_end; 1061 bool sdsc = true; 1062 uint64_t wpnum; 1063 uint64_t erase_addr; 1064 int erase_len = 1 << HWBLOCK_SHIFT; 1065 1066 trace_sdcard_erase(sd->erase_start, sd->erase_end); 1067 if (sd->erase_start == INVALID_ADDRESS 1068 || sd->erase_end == INVALID_ADDRESS) { 1069 sd->card_status |= ERASE_SEQ_ERROR; 1070 sd->erase_start = INVALID_ADDRESS; 1071 sd->erase_end = INVALID_ADDRESS; 1072 return; 1073 } 1074 1075 if (FIELD_EX32(sd->ocr, OCR, CARD_CAPACITY)) { 1076 /* High capacity memory card: erase units are 512 byte blocks */ 1077 erase_start <<= HWBLOCK_SHIFT; 1078 erase_end <<= HWBLOCK_SHIFT; 1079 sdsc = false; 1080 } 1081 1082 if (erase_start > sd->size || erase_end > sd->size) { 1083 sd->card_status |= OUT_OF_RANGE; 1084 sd->erase_start = INVALID_ADDRESS; 1085 sd->erase_end = INVALID_ADDRESS; 1086 return; 1087 } 1088 1089 sd->erase_start = INVALID_ADDRESS; 1090 sd->erase_end = INVALID_ADDRESS; 1091 sd->csd[14] |= 0x40; 1092 1093 memset(sd->data, 0xff, erase_len); 1094 for (erase_addr = erase_start; erase_addr <= erase_end; 1095 erase_addr += erase_len) { 1096 if (sdsc) { 1097 /* Only SDSC cards support write protect groups */ 1098 wpnum = sd_addr_to_wpnum(erase_addr); 1099 assert(wpnum < sd->wp_group_bits); 1100 if (test_bit(wpnum, sd->wp_group_bmap)) { 1101 sd->card_status |= WP_ERASE_SKIP; 1102 continue; 1103 } 1104 } 1105 sd_blk_write(sd, erase_addr, erase_len); 1106 } 1107 } 1108 1109 static uint32_t sd_wpbits(SDState *sd, uint64_t addr) 1110 { 1111 uint32_t i, wpnum; 1112 uint32_t ret = 0; 1113 1114 wpnum = sd_addr_to_wpnum(addr); 1115 1116 for (i = 0; i < 32; i++, wpnum++, addr += WPGROUP_SIZE) { 1117 if (addr >= sd->size) { 1118 /* 1119 * If the addresses of the last groups are outside the valid range, 1120 * then the corresponding write protection bits shall be set to 0. 1121 */ 1122 continue; 1123 } 1124 assert(wpnum < sd->wp_group_bits); 1125 if (test_bit(wpnum, sd->wp_group_bmap)) { 1126 ret |= (1 << i); 1127 } 1128 } 1129 1130 return ret; 1131 } 1132 1133 enum ExtCsdAccessMode { 1134 EXT_CSD_ACCESS_MODE_COMMAND_SET = 0, 1135 EXT_CSD_ACCESS_MODE_SET_BITS = 1, 1136 EXT_CSD_ACCESS_MODE_CLEAR_BITS = 2, 1137 EXT_CSD_ACCESS_MODE_WRITE_BYTE = 3 1138 }; 1139 1140 static void emmc_function_switch(SDState *sd, uint32_t arg) 1141 { 1142 uint8_t access = extract32(arg, 24, 2); 1143 uint8_t index = extract32(arg, 16, 8); 1144 uint8_t value = extract32(arg, 8, 8); 1145 uint8_t b = sd->ext_csd[index]; 1146 1147 trace_sdcard_switch(access, index, value, extract32(arg, 0, 2)); 1148 1149 if (index >= 192) { 1150 qemu_log_mask(LOG_GUEST_ERROR, "MMC switching illegal offset\n"); 1151 sd->card_status |= R_CSR_SWITCH_ERROR_MASK; 1152 return; 1153 } 1154 1155 switch (access) { 1156 case EXT_CSD_ACCESS_MODE_COMMAND_SET: 1157 qemu_log_mask(LOG_UNIMP, "MMC Command set switching not supported\n"); 1158 return; 1159 case EXT_CSD_ACCESS_MODE_SET_BITS: 1160 b |= value; 1161 break; 1162 case EXT_CSD_ACCESS_MODE_CLEAR_BITS: 1163 b &= ~value; 1164 break; 1165 case EXT_CSD_ACCESS_MODE_WRITE_BYTE: 1166 b = value; 1167 break; 1168 } 1169 1170 trace_sdcard_ext_csd_update(index, sd->ext_csd[index], b); 1171 sd->ext_csd[index] = b; 1172 } 1173 1174 static void sd_function_switch(SDState *sd, uint32_t arg) 1175 { 1176 int i, mode, new_func; 1177 mode = !!(arg & 0x80000000); 1178 1179 sd->data[0] = 0x00; /* Maximum current consumption */ 1180 sd->data[1] = 0x01; 1181 sd->data[2] = 0x80; /* Supported group 6 functions */ 1182 sd->data[3] = 0x01; 1183 sd->data[4] = 0x80; /* Supported group 5 functions */ 1184 sd->data[5] = 0x01; 1185 sd->data[6] = 0x80; /* Supported group 4 functions */ 1186 sd->data[7] = 0x01; 1187 sd->data[8] = 0x80; /* Supported group 3 functions */ 1188 sd->data[9] = 0x01; 1189 sd->data[10] = 0x80; /* Supported group 2 functions */ 1190 sd->data[11] = 0x43; 1191 sd->data[12] = 0x80; /* Supported group 1 functions */ 1192 sd->data[13] = 0x03; 1193 1194 memset(&sd->data[14], 0, 3); 1195 for (i = 0; i < 6; i ++) { 1196 new_func = (arg >> (i * 4)) & 0x0f; 1197 if (mode && new_func != 0x0f) 1198 sd->function_group[i] = new_func; 1199 sd->data[16 - (i >> 1)] |= new_func << ((i % 2) * 4); 1200 } 1201 memset(&sd->data[17], 0, 47); 1202 } 1203 1204 static inline bool sd_wp_addr(SDState *sd, uint64_t addr) 1205 { 1206 return test_bit(sd_addr_to_wpnum(addr), sd->wp_group_bmap); 1207 } 1208 1209 static void sd_lock_command(SDState *sd) 1210 { 1211 int erase, lock, clr_pwd, set_pwd, pwd_len; 1212 erase = !!(sd->data[0] & 0x08); 1213 lock = sd->data[0] & 0x04; 1214 clr_pwd = sd->data[0] & 0x02; 1215 set_pwd = sd->data[0] & 0x01; 1216 1217 if (sd->blk_len > 1) 1218 pwd_len = sd->data[1]; 1219 else 1220 pwd_len = 0; 1221 1222 if (lock) { 1223 trace_sdcard_lock(); 1224 } else { 1225 trace_sdcard_unlock(); 1226 } 1227 if (erase) { 1228 if (!(sd->card_status & CARD_IS_LOCKED) || sd->blk_len > 1 || 1229 set_pwd || clr_pwd || lock || sd->wp_switch || 1230 (sd->csd[14] & 0x20)) { 1231 sd->card_status |= LOCK_UNLOCK_FAILED; 1232 return; 1233 } 1234 bitmap_zero(sd->wp_group_bmap, sd->wp_group_bits); 1235 sd->csd[14] &= ~0x10; 1236 sd->card_status &= ~CARD_IS_LOCKED; 1237 sd->pwd_len = 0; 1238 /* Erasing the entire card here! */ 1239 fprintf(stderr, "SD: Card force-erased by CMD42\n"); 1240 return; 1241 } 1242 1243 if (sd->blk_len < 2 + pwd_len || 1244 pwd_len <= sd->pwd_len || 1245 pwd_len > sd->pwd_len + 16) { 1246 sd->card_status |= LOCK_UNLOCK_FAILED; 1247 return; 1248 } 1249 1250 if (sd->pwd_len && memcmp(sd->pwd, sd->data + 2, sd->pwd_len)) { 1251 sd->card_status |= LOCK_UNLOCK_FAILED; 1252 return; 1253 } 1254 1255 pwd_len -= sd->pwd_len; 1256 if ((pwd_len && !set_pwd) || 1257 (clr_pwd && (set_pwd || lock)) || 1258 (lock && !sd->pwd_len && !set_pwd) || 1259 (!set_pwd && !clr_pwd && 1260 (((sd->card_status & CARD_IS_LOCKED) && lock) || 1261 (!(sd->card_status & CARD_IS_LOCKED) && !lock)))) { 1262 sd->card_status |= LOCK_UNLOCK_FAILED; 1263 return; 1264 } 1265 1266 if (set_pwd) { 1267 memcpy(sd->pwd, sd->data + 2 + sd->pwd_len, pwd_len); 1268 sd->pwd_len = pwd_len; 1269 } 1270 1271 if (clr_pwd) { 1272 sd->pwd_len = 0; 1273 } 1274 1275 if (lock) 1276 sd->card_status |= CARD_IS_LOCKED; 1277 else 1278 sd->card_status &= ~CARD_IS_LOCKED; 1279 } 1280 1281 static bool address_in_range(SDState *sd, const char *desc, 1282 uint64_t addr, uint32_t length) 1283 { 1284 if (addr + length > sd->size) { 1285 qemu_log_mask(LOG_GUEST_ERROR, 1286 "%s offset %"PRIu64" > card %"PRIu64" [%%%u]\n", 1287 desc, addr, sd->size, length); 1288 sd->card_status |= ADDRESS_ERROR; 1289 return false; 1290 } 1291 return true; 1292 } 1293 1294 static sd_rsp_type_t sd_invalid_state_for_cmd(SDState *sd, SDRequest req) 1295 { 1296 qemu_log_mask(LOG_GUEST_ERROR, "%s: CMD%i in a wrong state: %s (spec %s)\n", 1297 sd->proto->name, req.cmd, sd_state_name(sd->state), 1298 sd_version_str(sd->spec_version)); 1299 1300 return sd_illegal; 1301 } 1302 1303 static sd_rsp_type_t sd_invalid_mode_for_cmd(SDState *sd, SDRequest req) 1304 { 1305 qemu_log_mask(LOG_GUEST_ERROR, "%s: CMD%i in a wrong mode: %s (spec %s)\n", 1306 sd->proto->name, req.cmd, sd_mode_name(sd->mode), 1307 sd_version_str(sd->spec_version)); 1308 1309 return sd_illegal; 1310 } 1311 1312 static sd_rsp_type_t sd_cmd_illegal(SDState *sd, SDRequest req) 1313 { 1314 qemu_log_mask(LOG_GUEST_ERROR, "%s: Unknown CMD%i for spec %s\n", 1315 sd->proto->name, req.cmd, 1316 sd_version_str(sd->spec_version)); 1317 1318 return sd_illegal; 1319 } 1320 1321 /* Commands that are recognised but not yet implemented. */ 1322 static sd_rsp_type_t sd_cmd_unimplemented(SDState *sd, SDRequest req) 1323 { 1324 qemu_log_mask(LOG_UNIMP, "%s: CMD%i not implemented\n", 1325 sd->proto->name, req.cmd); 1326 1327 return sd_illegal; 1328 } 1329 1330 static sd_rsp_type_t sd_cmd_optional(SDState *sd, SDRequest req) 1331 { 1332 qemu_log_mask(LOG_UNIMP, "%s: Optional CMD%i not implemented\n", 1333 sd->proto->name, req.cmd); 1334 1335 return sd_illegal; 1336 } 1337 1338 /* Configure fields for following sd_generic_write_byte() calls */ 1339 static sd_rsp_type_t sd_cmd_to_receivingdata(SDState *sd, SDRequest req, 1340 uint64_t start, size_t size) 1341 { 1342 if (sd->state != sd_transfer_state) { 1343 return sd_invalid_state_for_cmd(sd, req); 1344 } 1345 sd->state = sd_receivingdata_state; 1346 sd->data_start = start; 1347 sd->data_offset = 0; 1348 /* sd->data[] used as receive buffer */ 1349 sd->data_size = size ?: sizeof(sd->data); 1350 return sd_r1; 1351 } 1352 1353 /* Configure fields for following sd_generic_read_byte() calls */ 1354 static sd_rsp_type_t sd_cmd_to_sendingdata(SDState *sd, SDRequest req, 1355 uint64_t start, 1356 const void *data, size_t size) 1357 { 1358 if (sd->state != sd_transfer_state) { 1359 return sd_invalid_state_for_cmd(sd, req); 1360 } 1361 1362 sd->state = sd_sendingdata_state; 1363 sd->data_start = start; 1364 sd->data_offset = 0; 1365 if (data) { 1366 assert(size > 0 && size <= sizeof(sd->data)); 1367 memcpy(sd->data, data, size); 1368 } 1369 if (size) { 1370 sd->data_size = size; 1371 } 1372 return sd_r1; 1373 } 1374 1375 /* CMD0 */ 1376 static sd_rsp_type_t sd_cmd_GO_IDLE_STATE(SDState *sd, SDRequest req) 1377 { 1378 if (sd->state == sd_sleep_state) { 1379 switch (req.arg) { 1380 case 0x00000000: 1381 case 0xf0f0f0f0: 1382 break; 1383 default: 1384 return sd_r0; 1385 } 1386 } 1387 if (sd->state != sd_inactive_state) { 1388 sd->state = sd_idle_state; 1389 sd_reset(DEVICE(sd)); 1390 } 1391 1392 return sd_is_spi(sd) ? sd_r1 : sd_r0; 1393 } 1394 1395 /* CMD1 */ 1396 static sd_rsp_type_t spi_cmd_SEND_OP_COND(SDState *sd, SDRequest req) 1397 { 1398 sd->state = sd_transfer_state; 1399 1400 return sd_r1; 1401 } 1402 1403 /* CMD2 */ 1404 static sd_rsp_type_t sd_cmd_ALL_SEND_CID(SDState *sd, SDRequest req) 1405 { 1406 switch (sd->state) { 1407 case sd_ready_state: 1408 sd->state = sd_identification_state; 1409 return sd_r2_i; 1410 default: 1411 return sd_invalid_state_for_cmd(sd, req); 1412 } 1413 } 1414 1415 /* CMD3 */ 1416 static sd_rsp_type_t sd_cmd_SEND_RELATIVE_ADDR(SDState *sd, SDRequest req) 1417 { 1418 uint16_t random_rca; 1419 1420 switch (sd->state) { 1421 case sd_identification_state: 1422 case sd_standby_state: 1423 sd->state = sd_standby_state; 1424 qemu_guest_getrandom_nofail(&random_rca, sizeof(random_rca)); 1425 sd_set_rca(sd, random_rca); 1426 return sd_r6; 1427 1428 default: 1429 return sd_invalid_state_for_cmd(sd, req); 1430 } 1431 } 1432 1433 static sd_rsp_type_t emmc_cmd_SET_RELATIVE_ADDR(SDState *sd, SDRequest req) 1434 { 1435 switch (sd->state) { 1436 case sd_identification_state: 1437 case sd_standby_state: 1438 sd->state = sd_standby_state; 1439 sd_set_rca(sd, req.arg >> 16); 1440 return sd_r1; 1441 1442 default: 1443 return sd_invalid_state_for_cmd(sd, req); 1444 } 1445 } 1446 1447 /* CMD5 */ 1448 static sd_rsp_type_t emmc_cmd_sleep_awake(SDState *sd, SDRequest req) 1449 { 1450 bool do_sleep = extract32(req.arg, 15, 1); 1451 1452 switch (sd->state) { 1453 case sd_sleep_state: 1454 if (!do_sleep) { 1455 /* Awake */ 1456 sd->state = sd_standby_state; 1457 } 1458 return sd_r1b; 1459 1460 case sd_standby_state: 1461 if (do_sleep) { 1462 sd->state = sd_sleep_state; 1463 } 1464 return sd_r1b; 1465 1466 default: 1467 return sd_invalid_state_for_cmd(sd, req); 1468 } 1469 } 1470 1471 /* CMD6 */ 1472 static sd_rsp_type_t sd_cmd_SWITCH_FUNCTION(SDState *sd, SDRequest req) 1473 { 1474 if (sd->mode != sd_data_transfer_mode) { 1475 return sd_invalid_mode_for_cmd(sd, req); 1476 } 1477 if (sd->state != sd_transfer_state) { 1478 return sd_invalid_state_for_cmd(sd, req); 1479 } 1480 1481 sd_function_switch(sd, req.arg); 1482 return sd_cmd_to_sendingdata(sd, req, 0, NULL, 64); 1483 } 1484 1485 static sd_rsp_type_t emmc_cmd_SWITCH(SDState *sd, SDRequest req) 1486 { 1487 switch (sd->state) { 1488 case sd_transfer_state: 1489 sd->state = sd_programming_state; 1490 emmc_function_switch(sd, req.arg); 1491 sd->state = sd_transfer_state; 1492 return sd_r1b; 1493 default: 1494 return sd_invalid_state_for_cmd(sd, req); 1495 } 1496 } 1497 1498 /* CMD7 */ 1499 static sd_rsp_type_t sd_cmd_DE_SELECT_CARD(SDState *sd, SDRequest req) 1500 { 1501 bool same_rca = sd_req_rca_same(sd, req); 1502 1503 switch (sd->state) { 1504 case sd_standby_state: 1505 if (!same_rca) { 1506 return sd_r0; 1507 } 1508 sd->state = sd_transfer_state; 1509 return sd_r1b; 1510 1511 case sd_transfer_state: 1512 case sd_sendingdata_state: 1513 if (same_rca) { 1514 break; 1515 } 1516 sd->state = sd_standby_state; 1517 return sd_r1b; 1518 1519 case sd_disconnect_state: 1520 if (!same_rca) { 1521 return sd_r0; 1522 } 1523 sd->state = sd_programming_state; 1524 return sd_r1b; 1525 1526 case sd_programming_state: 1527 if (same_rca) { 1528 break; 1529 } 1530 sd->state = sd_disconnect_state; 1531 return sd_r1b; 1532 1533 default: 1534 break; 1535 } 1536 return sd_invalid_state_for_cmd(sd, req); 1537 } 1538 1539 /* CMD8 */ 1540 static sd_rsp_type_t sd_cmd_SEND_IF_COND(SDState *sd, SDRequest req) 1541 { 1542 if (sd->spec_version < SD_PHY_SPECv2_00_VERS) { 1543 return sd_cmd_illegal(sd, req); 1544 } 1545 if (sd->state != sd_idle_state) { 1546 return sd_invalid_state_for_cmd(sd, req); 1547 } 1548 sd->vhs = 0; 1549 1550 /* No response if not exactly one VHS bit is set. */ 1551 if (!(req.arg >> 8) || (req.arg >> (ctz32(req.arg & ~0xff) + 1))) { 1552 return sd_is_spi(sd) ? sd_r7 : sd_r0; 1553 } 1554 1555 /* Accept. */ 1556 sd->vhs = req.arg; 1557 return sd_r7; 1558 } 1559 1560 /* CMD8 */ 1561 static sd_rsp_type_t emmc_cmd_SEND_EXT_CSD(SDState *sd, SDRequest req) 1562 { 1563 if (sd->state != sd_transfer_state) { 1564 return sd_invalid_state_for_cmd(sd, req); 1565 } 1566 1567 return sd_cmd_to_sendingdata(sd, req, sd_req_get_address(sd, req), 1568 sd->ext_csd, sizeof(sd->ext_csd)); 1569 } 1570 1571 /* CMD9 */ 1572 static sd_rsp_type_t spi_cmd_SEND_CSD(SDState *sd, SDRequest req) 1573 { 1574 if (sd->state != sd_standby_state) { 1575 return sd_invalid_state_for_cmd(sd, req); 1576 } 1577 return sd_cmd_to_sendingdata(sd, req, sd_req_get_address(sd, req), 1578 sd->csd, 16); 1579 } 1580 1581 static sd_rsp_type_t sd_cmd_SEND_CSD(SDState *sd, SDRequest req) 1582 { 1583 if (sd->state != sd_standby_state) { 1584 return sd_invalid_state_for_cmd(sd, req); 1585 } 1586 1587 return sd_req_rca_same(sd, req) ? sd_r2_s : sd_r0; 1588 } 1589 1590 /* CMD10 */ 1591 static sd_rsp_type_t spi_cmd_SEND_CID(SDState *sd, SDRequest req) 1592 { 1593 if (sd->state != sd_standby_state) { 1594 return sd_invalid_state_for_cmd(sd, req); 1595 } 1596 return sd_cmd_to_sendingdata(sd, req, sd_req_get_address(sd, req), 1597 sd->cid, 16); 1598 } 1599 1600 static sd_rsp_type_t sd_cmd_SEND_CID(SDState *sd, SDRequest req) 1601 { 1602 if (sd->state != sd_standby_state) { 1603 return sd_invalid_state_for_cmd(sd, req); 1604 } 1605 1606 return sd_req_rca_same(sd, req) ? sd_r2_i : sd_r0; 1607 } 1608 1609 /* CMD12 */ 1610 static sd_rsp_type_t sd_cmd_STOP_TRANSMISSION(SDState *sd, SDRequest req) 1611 { 1612 switch (sd->state) { 1613 case sd_sendingdata_state: 1614 sd->state = sd_transfer_state; 1615 return sd_r1b; 1616 case sd_receivingdata_state: 1617 sd->state = sd_programming_state; 1618 /* Bzzzzzzztt .... Operation complete. */ 1619 sd->state = sd_transfer_state; 1620 return sd_r1; 1621 default: 1622 return sd_invalid_state_for_cmd(sd, req); 1623 } 1624 } 1625 1626 /* CMD13 */ 1627 static sd_rsp_type_t sd_cmd_SEND_STATUS(SDState *sd, SDRequest req) 1628 { 1629 if (sd->mode != sd_data_transfer_mode) { 1630 return sd_invalid_mode_for_cmd(sd, req); 1631 } 1632 1633 switch (sd->state) { 1634 case sd_standby_state: 1635 case sd_transfer_state: 1636 case sd_sendingdata_state: 1637 case sd_receivingdata_state: 1638 case sd_programming_state: 1639 case sd_disconnect_state: 1640 break; 1641 default: 1642 return sd_invalid_state_for_cmd(sd, req); 1643 } 1644 1645 if (sd_is_spi(sd)) { 1646 return sd_r2_s; 1647 } 1648 1649 return sd_req_rca_same(sd, req) ? sd_r1 : sd_r0; 1650 } 1651 1652 /* CMD15 */ 1653 static sd_rsp_type_t sd_cmd_GO_INACTIVE_STATE(SDState *sd, SDRequest req) 1654 { 1655 if (sd->mode != sd_data_transfer_mode) { 1656 return sd_invalid_mode_for_cmd(sd, req); 1657 } 1658 switch (sd->state) { 1659 case sd_standby_state: 1660 case sd_transfer_state: 1661 case sd_sendingdata_state: 1662 case sd_receivingdata_state: 1663 case sd_programming_state: 1664 case sd_disconnect_state: 1665 break; 1666 default: 1667 return sd_invalid_state_for_cmd(sd, req); 1668 } 1669 if (sd_req_rca_same(sd, req)) { 1670 sd->state = sd_inactive_state; 1671 } 1672 1673 return sd_r0; 1674 } 1675 1676 /* CMD16 */ 1677 static sd_rsp_type_t sd_cmd_SET_BLOCKLEN(SDState *sd, SDRequest req) 1678 { 1679 if (sd->state != sd_transfer_state) { 1680 return sd_invalid_state_for_cmd(sd, req); 1681 } 1682 if (req.arg > (1 << HWBLOCK_SHIFT)) { 1683 sd->card_status |= BLOCK_LEN_ERROR; 1684 } else { 1685 trace_sdcard_set_blocklen(req.arg); 1686 sd->blk_len = req.arg; 1687 } 1688 1689 return sd_r1; 1690 } 1691 1692 /* CMD17 */ 1693 static sd_rsp_type_t sd_cmd_READ_SINGLE_BLOCK(SDState *sd, SDRequest req) 1694 { 1695 uint64_t addr; 1696 1697 if (sd->state != sd_transfer_state) { 1698 return sd_invalid_state_for_cmd(sd, req); 1699 } 1700 1701 addr = sd_req_get_address(sd, req); 1702 if (!address_in_range(sd, "READ_SINGLE_BLOCK", addr, sd->blk_len)) { 1703 return sd_r1; 1704 } 1705 1706 sd_blk_read(sd, addr, sd->blk_len); 1707 return sd_cmd_to_sendingdata(sd, req, addr, NULL, sd->blk_len); 1708 } 1709 1710 /* CMD19 */ 1711 static sd_rsp_type_t sd_cmd_SEND_TUNING_BLOCK(SDState *sd, SDRequest req) 1712 { 1713 if (sd->spec_version < SD_PHY_SPECv3_01_VERS) { 1714 return sd_cmd_illegal(sd, req); 1715 } 1716 1717 return sd_cmd_to_sendingdata(sd, req, 0, 1718 sd_tuning_block_pattern4, 1719 sizeof(sd_tuning_block_pattern4)); 1720 } 1721 1722 /* CMD23 */ 1723 static sd_rsp_type_t sd_cmd_SET_BLOCK_COUNT(SDState *sd, SDRequest req) 1724 { 1725 if (sd->spec_version < SD_PHY_SPECv3_01_VERS) { 1726 return sd_cmd_illegal(sd, req); 1727 } 1728 1729 if (sd->state != sd_transfer_state) { 1730 return sd_invalid_state_for_cmd(sd, req); 1731 } 1732 1733 sd->multi_blk_cnt = req.arg; 1734 if (sd_is_emmc(sd)) { 1735 sd->multi_blk_cnt &= 0xffff; 1736 } 1737 trace_sdcard_set_block_count(sd->multi_blk_cnt); 1738 1739 return sd_r1; 1740 } 1741 1742 /* CMD24 */ 1743 static sd_rsp_type_t sd_cmd_WRITE_SINGLE_BLOCK(SDState *sd, SDRequest req) 1744 { 1745 uint64_t addr; 1746 1747 if (sd->state != sd_transfer_state) { 1748 return sd_invalid_state_for_cmd(sd, req); 1749 } 1750 1751 addr = sd_req_get_address(sd, req); 1752 if (!address_in_range(sd, "WRITE_SINGLE_BLOCK", addr, sd->blk_len)) { 1753 return sd_r1; 1754 } 1755 1756 if (sd->size <= SDSC_MAX_CAPACITY) { 1757 if (sd_wp_addr(sd, addr)) { 1758 sd->card_status |= WP_VIOLATION; 1759 } 1760 } 1761 if (sd->csd[14] & 0x30) { 1762 sd->card_status |= WP_VIOLATION; 1763 } 1764 1765 sd->blk_written = 0; 1766 return sd_cmd_to_receivingdata(sd, req, addr, sd->blk_len); 1767 } 1768 1769 /* CMD26 */ 1770 static sd_rsp_type_t emmc_cmd_PROGRAM_CID(SDState *sd, SDRequest req) 1771 { 1772 return sd_cmd_to_receivingdata(sd, req, 0, sizeof(sd->cid)); 1773 } 1774 1775 /* CMD27 */ 1776 static sd_rsp_type_t sd_cmd_PROGRAM_CSD(SDState *sd, SDRequest req) 1777 { 1778 return sd_cmd_to_receivingdata(sd, req, 0, sizeof(sd->csd)); 1779 } 1780 1781 static sd_rsp_type_t sd_cmd_SET_CLR_WRITE_PROT(SDState *sd, SDRequest req, 1782 bool is_write) 1783 { 1784 uint64_t addr; 1785 1786 if (sd->size > SDSC_MAX_CAPACITY) { 1787 return sd_illegal; 1788 } 1789 1790 if (sd->state != sd_transfer_state) { 1791 return sd_invalid_state_for_cmd(sd, req); 1792 } 1793 1794 addr = sd_req_get_address(sd, req); 1795 if (!address_in_range(sd, is_write ? "SET_WRITE_PROT" : "CLR_WRITE_PROT", 1796 addr, 1)) { 1797 return sd_r1b; 1798 } 1799 1800 sd->state = sd_programming_state; 1801 if (is_write) { 1802 set_bit(sd_addr_to_wpnum(addr), sd->wp_group_bmap); 1803 } else { 1804 clear_bit(sd_addr_to_wpnum(addr), sd->wp_group_bmap); 1805 } 1806 /* Bzzzzzzztt .... Operation complete. */ 1807 sd->state = sd_transfer_state; 1808 return sd_r1; 1809 } 1810 1811 /* CMD28 */ 1812 static sd_rsp_type_t sd_cmd_SET_WRITE_PROT(SDState *sd, SDRequest req) 1813 { 1814 return sd_cmd_SET_CLR_WRITE_PROT(sd, req, true); 1815 } 1816 1817 /* CMD29 */ 1818 static sd_rsp_type_t sd_cmd_CLR_WRITE_PROT(SDState *sd, SDRequest req) 1819 { 1820 return sd_cmd_SET_CLR_WRITE_PROT(sd, req, false); 1821 } 1822 1823 /* CMD30 */ 1824 static sd_rsp_type_t sd_cmd_SEND_WRITE_PROT(SDState *sd, SDRequest req) 1825 { 1826 uint64_t addr; 1827 uint32_t data; 1828 1829 if (sd->size > SDSC_MAX_CAPACITY) { 1830 return sd_illegal; 1831 } 1832 1833 if (sd->state != sd_transfer_state) { 1834 return sd_invalid_state_for_cmd(sd, req); 1835 } 1836 1837 addr = sd_req_get_address(sd, req); 1838 if (!address_in_range(sd, "SEND_WRITE_PROT", addr, sd->blk_len)) { 1839 return sd_r1; 1840 } 1841 1842 data = sd_wpbits(sd, req.arg); 1843 return sd_cmd_to_sendingdata(sd, req, addr, &data, sizeof(data)); 1844 } 1845 1846 /* CMD32 */ 1847 static sd_rsp_type_t sd_cmd_ERASE_WR_BLK_START(SDState *sd, SDRequest req) 1848 { 1849 if (sd->state != sd_transfer_state) { 1850 return sd_invalid_state_for_cmd(sd, req); 1851 } 1852 sd->erase_start = req.arg; 1853 return sd_r1; 1854 } 1855 1856 /* CMD33 */ 1857 static sd_rsp_type_t sd_cmd_ERASE_WR_BLK_END(SDState *sd, SDRequest req) 1858 { 1859 if (sd->state != sd_transfer_state) { 1860 return sd_invalid_state_for_cmd(sd, req); 1861 } 1862 sd->erase_end = req.arg; 1863 return sd_r1; 1864 } 1865 1866 /* CMD38 */ 1867 static sd_rsp_type_t sd_cmd_ERASE(SDState *sd, SDRequest req) 1868 { 1869 if (sd->state != sd_transfer_state) { 1870 return sd_invalid_state_for_cmd(sd, req); 1871 } 1872 if (sd->csd[14] & 0x30) { 1873 sd->card_status |= WP_VIOLATION; 1874 return sd_r1b; 1875 } 1876 1877 sd->state = sd_programming_state; 1878 sd_erase(sd); 1879 /* Bzzzzzzztt .... Operation complete. */ 1880 sd->state = sd_transfer_state; 1881 return sd_r1b; 1882 } 1883 1884 /* CMD42 */ 1885 static sd_rsp_type_t sd_cmd_LOCK_UNLOCK(SDState *sd, SDRequest req) 1886 { 1887 return sd_cmd_to_receivingdata(sd, req, 0, 0); 1888 } 1889 1890 /* CMD55 */ 1891 static sd_rsp_type_t sd_cmd_APP_CMD(SDState *sd, SDRequest req) 1892 { 1893 switch (sd->state) { 1894 case sd_ready_state: 1895 case sd_identification_state: 1896 case sd_inactive_state: 1897 case sd_sleep_state: 1898 return sd_invalid_state_for_cmd(sd, req); 1899 case sd_idle_state: 1900 if (!sd_is_spi(sd) && sd_req_get_rca(sd, req) != 0x0000) { 1901 qemu_log_mask(LOG_GUEST_ERROR, 1902 "SD: illegal RCA 0x%04x for APP_CMD\n", req.cmd); 1903 } 1904 /* fall-through */ 1905 default: 1906 break; 1907 } 1908 if (!sd_is_spi(sd) && !sd_req_rca_same(sd, req)) { 1909 return sd_r0; 1910 } 1911 sd->expecting_acmd = true; 1912 sd->card_status |= APP_CMD; 1913 1914 return sd_r1; 1915 } 1916 1917 /* CMD56 */ 1918 static sd_rsp_type_t sd_cmd_GEN_CMD(SDState *sd, SDRequest req) 1919 { 1920 if (sd->state != sd_transfer_state) { 1921 return sd_invalid_state_for_cmd(sd, req); 1922 } 1923 1924 /* Vendor specific command: our model is RAZ/WI */ 1925 if (req.arg & 1) { 1926 memset(sd->data, 0, sizeof(sd->data)); 1927 return sd_cmd_to_sendingdata(sd, req, 0, NULL, 0); 1928 } else { 1929 return sd_cmd_to_receivingdata(sd, req, 0, 0); 1930 } 1931 } 1932 1933 /* CMD58 */ 1934 static sd_rsp_type_t spi_cmd_READ_OCR(SDState *sd, SDRequest req) 1935 { 1936 return sd_r3; 1937 } 1938 1939 /* CMD59 */ 1940 static sd_rsp_type_t spi_cmd_CRC_ON_OFF(SDState *sd, SDRequest req) 1941 { 1942 return sd_r1; 1943 } 1944 1945 /* ACMD6 */ 1946 static sd_rsp_type_t sd_acmd_SET_BUS_WIDTH(SDState *sd, SDRequest req) 1947 { 1948 if (sd->state != sd_transfer_state) { 1949 return sd_invalid_state_for_cmd(sd, req); 1950 } 1951 1952 sd->sd_status[0] &= 0x3f; 1953 sd->sd_status[0] |= (req.arg & 0x03) << 6; 1954 return sd_r1; 1955 } 1956 1957 /* ACMD13 */ 1958 static sd_rsp_type_t sd_acmd_SD_STATUS(SDState *sd, SDRequest req) 1959 { 1960 return sd_cmd_to_sendingdata(sd, req, 0, 1961 sd->sd_status, sizeof(sd->sd_status)); 1962 } 1963 1964 /* ACMD22 */ 1965 static sd_rsp_type_t sd_acmd_SEND_NUM_WR_BLOCKS(SDState *sd, SDRequest req) 1966 { 1967 return sd_cmd_to_sendingdata(sd, req, 0, 1968 &sd->blk_written, sizeof(sd->blk_written)); 1969 } 1970 1971 /* ACMD23 */ 1972 static sd_rsp_type_t sd_acmd_SET_WR_BLK_ERASE_COUNT(SDState *sd, SDRequest req) 1973 { 1974 if (sd->state != sd_transfer_state) { 1975 return sd_invalid_state_for_cmd(sd, req); 1976 } 1977 return sd_r1; 1978 } 1979 1980 /* ACMD41 */ 1981 static sd_rsp_type_t sd_cmd_SEND_OP_COND(SDState *sd, SDRequest req) 1982 { 1983 if (sd->state != sd_idle_state) { 1984 return sd_invalid_state_for_cmd(sd, req); 1985 } 1986 1987 /* 1988 * If it's the first ACMD41 since reset, we need to decide 1989 * whether to power up. If this is not an enquiry ACMD41, 1990 * we immediately report power on and proceed below to the 1991 * ready state, but if it is, we set a timer to model a 1992 * delay for power up. This works around a bug in EDK2 1993 * UEFI, which sends an initial enquiry ACMD41, but 1994 * assumes that the card is in ready state as soon as it 1995 * sees the power up bit set. 1996 */ 1997 if (!FIELD_EX32(sd->ocr, OCR, CARD_POWER_UP)) { 1998 if ((req.arg & ACMD41_ENQUIRY_MASK) != 0) { 1999 timer_del(sd->ocr_power_timer); 2000 sd_ocr_powerup(sd); 2001 } else { 2002 trace_sdcard_inquiry_cmd41(); 2003 if (!timer_pending(sd->ocr_power_timer)) { 2004 timer_mod_ns(sd->ocr_power_timer, 2005 (qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) 2006 + OCR_POWER_DELAY_NS)); 2007 } 2008 } 2009 } 2010 2011 if (FIELD_EX32(sd->ocr & req.arg, OCR, VDD_VOLTAGE_WINDOW)) { 2012 /* 2013 * We accept any voltage. 10000 V is nothing. 2014 * 2015 * Once we're powered up, we advance straight to ready state 2016 * unless it's an enquiry ACMD41 (bits 23:0 == 0). 2017 */ 2018 sd->state = sd_ready_state; 2019 } 2020 2021 return sd_r3; 2022 } 2023 2024 /* ACMD42 */ 2025 static sd_rsp_type_t sd_acmd_SET_CLR_CARD_DETECT(SDState *sd, SDRequest req) 2026 { 2027 if (sd->state != sd_transfer_state) { 2028 return sd_invalid_state_for_cmd(sd, req); 2029 } 2030 2031 /* Bringing in the 50KOhm pull-up resistor... Done. */ 2032 return sd_r1; 2033 } 2034 2035 /* ACMD51 */ 2036 static sd_rsp_type_t sd_acmd_SEND_SCR(SDState *sd, SDRequest req) 2037 { 2038 return sd_cmd_to_sendingdata(sd, req, 0, sd->scr, sizeof(sd->scr)); 2039 } 2040 2041 static sd_rsp_type_t sd_normal_command(SDState *sd, SDRequest req) 2042 { 2043 uint64_t addr; 2044 2045 sd->last_cmd_name = sd_cmd_name(sd, req.cmd); 2046 /* CMD55 precedes an ACMD, so we are not interested in tracing it. 2047 * However there is no ACMD55, so we want to trace this particular case. 2048 */ 2049 if (req.cmd != 55 || sd->expecting_acmd) { 2050 trace_sdcard_normal_command(sd->proto->name, 2051 sd->last_cmd_name, req.cmd, 2052 req.arg, sd_state_name(sd->state)); 2053 } 2054 2055 /* Not interpreting this as an app command */ 2056 sd->card_status &= ~APP_CMD; 2057 2058 /* CMD23 (set block count) must be immediately followed by CMD18 or CMD25 2059 * if not, its effects are cancelled */ 2060 if (sd->multi_blk_cnt != 0 && !(req.cmd == 18 || req.cmd == 25)) { 2061 sd->multi_blk_cnt = 0; 2062 } 2063 2064 if (sd->proto->cmd[req.cmd].class == 6 && FIELD_EX32(sd->ocr, OCR, 2065 CARD_CAPACITY)) { 2066 /* Only Standard Capacity cards support class 6 commands */ 2067 return sd_illegal; 2068 } 2069 2070 if (sd->proto->cmd[req.cmd].handler) { 2071 return sd->proto->cmd[req.cmd].handler(sd, req); 2072 } 2073 2074 switch (req.cmd) { 2075 /* Block read commands (Class 2) */ 2076 case 18: /* CMD18: READ_MULTIPLE_BLOCK */ 2077 addr = sd_req_get_address(sd, req); 2078 switch (sd->state) { 2079 case sd_transfer_state: 2080 2081 if (!address_in_range(sd, "READ_BLOCK", addr, sd->blk_len)) { 2082 return sd_r1; 2083 } 2084 2085 sd->state = sd_sendingdata_state; 2086 sd->data_start = addr; 2087 sd->data_offset = 0; 2088 return sd_r1; 2089 2090 default: 2091 break; 2092 } 2093 break; 2094 2095 /* Block write commands (Class 4) */ 2096 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */ 2097 addr = sd_req_get_address(sd, req); 2098 switch (sd->state) { 2099 case sd_transfer_state: 2100 2101 if (!address_in_range(sd, "WRITE_BLOCK", addr, sd->blk_len)) { 2102 return sd_r1; 2103 } 2104 2105 sd->state = sd_receivingdata_state; 2106 sd->data_start = addr; 2107 sd->data_offset = 0; 2108 sd->blk_written = 0; 2109 2110 if (sd->size <= SDSC_MAX_CAPACITY) { 2111 if (sd_wp_addr(sd, sd->data_start)) { 2112 sd->card_status |= WP_VIOLATION; 2113 } 2114 } 2115 if (sd->csd[14] & 0x30) { 2116 sd->card_status |= WP_VIOLATION; 2117 } 2118 return sd_r1; 2119 2120 default: 2121 break; 2122 } 2123 break; 2124 2125 default: 2126 qemu_log_mask(LOG_GUEST_ERROR, "SD: Unknown CMD%i\n", req.cmd); 2127 return sd_illegal; 2128 } 2129 2130 return sd_invalid_state_for_cmd(sd, req); 2131 } 2132 2133 static sd_rsp_type_t sd_app_command(SDState *sd, 2134 SDRequest req) 2135 { 2136 sd->last_cmd_name = sd_acmd_name(sd, req.cmd); 2137 trace_sdcard_app_command(sd->proto->name, sd->last_cmd_name, 2138 req.cmd, req.arg, sd_state_name(sd->state)); 2139 sd->card_status |= APP_CMD; 2140 2141 if (sd->proto->acmd[req.cmd].handler) { 2142 return sd->proto->acmd[req.cmd].handler(sd, req); 2143 } 2144 2145 switch (req.cmd) { 2146 case 18: /* Reserved for SD security applications */ 2147 case 25: 2148 case 26: 2149 case 38: 2150 case 43 ... 49: 2151 /* Refer to the "SD Specifications Part3 Security Specification" for 2152 * information about the SD Security Features. 2153 */ 2154 qemu_log_mask(LOG_UNIMP, "SD: CMD%i Security not implemented\n", 2155 req.cmd); 2156 return sd_illegal; 2157 2158 default: 2159 /* Fall back to standard commands. */ 2160 return sd_normal_command(sd, req); 2161 } 2162 2163 qemu_log_mask(LOG_GUEST_ERROR, "SD: ACMD%i in a wrong state\n", req.cmd); 2164 return sd_illegal; 2165 } 2166 2167 static bool cmd_valid_while_locked(SDState *sd, unsigned cmd) 2168 { 2169 unsigned cmd_class; 2170 2171 /* Valid commands in locked state: 2172 * basic class (0) 2173 * lock card class (7) 2174 * CMD16 2175 * implicitly, the ACMD prefix CMD55 2176 * ACMD41 and ACMD42 2177 * Anything else provokes an "illegal command" response. 2178 */ 2179 if (sd->expecting_acmd) { 2180 return cmd == 41 || cmd == 42; 2181 } 2182 if (cmd == 16 || cmd == 55) { 2183 return true; 2184 } 2185 if (!sd->proto->cmd[cmd].handler) { 2186 return false; 2187 } 2188 cmd_class = sd->proto->cmd[cmd].class; 2189 2190 return cmd_class == 0 || cmd_class == 7; 2191 } 2192 2193 static size_t sd_do_command(SDState *sd, SDRequest *req, 2194 uint8_t *response, size_t respsz) 2195 { 2196 int last_state; 2197 sd_rsp_type_t rtype; 2198 int rsplen; 2199 2200 if (!sd->blk || !blk_is_inserted(sd->blk)) { 2201 return 0; 2202 } 2203 2204 if (sd->state == sd_inactive_state) { 2205 rtype = sd_illegal; 2206 goto send_response; 2207 } 2208 2209 if (sd_req_crc_validate(req)) { 2210 sd->card_status |= COM_CRC_ERROR; 2211 rtype = sd_illegal; 2212 goto send_response; 2213 } 2214 2215 if (req->cmd >= SDMMC_CMD_MAX) { 2216 qemu_log_mask(LOG_GUEST_ERROR, "SD: incorrect command 0x%02x\n", 2217 req->cmd); 2218 req->cmd &= 0x3f; 2219 } 2220 2221 if (sd->state == sd_sleep_state && req->cmd) { 2222 qemu_log_mask(LOG_GUEST_ERROR, "SD: Card is sleeping\n"); 2223 rtype = sd_r0; 2224 goto send_response; 2225 } 2226 2227 if (sd->card_status & CARD_IS_LOCKED) { 2228 if (!cmd_valid_while_locked(sd, req->cmd)) { 2229 sd->card_status |= ILLEGAL_COMMAND; 2230 sd->expecting_acmd = false; 2231 qemu_log_mask(LOG_GUEST_ERROR, "SD: Card is locked\n"); 2232 rtype = sd_illegal; 2233 goto send_response; 2234 } 2235 } 2236 2237 last_state = sd->state; 2238 sd_set_mode(sd); 2239 2240 if (sd->expecting_acmd) { 2241 sd->expecting_acmd = false; 2242 rtype = sd_app_command(sd, *req); 2243 } else { 2244 rtype = sd_normal_command(sd, *req); 2245 } 2246 2247 if (rtype == sd_illegal) { 2248 sd->card_status |= ILLEGAL_COMMAND; 2249 } else { 2250 /* Valid command, we can update the 'state before command' bits. 2251 * (Do this now so they appear in r1 responses.) 2252 */ 2253 sd->card_status = FIELD_DP32(sd->card_status, CSR, 2254 CURRENT_STATE, last_state); 2255 } 2256 2257 send_response: 2258 rsplen = sd_response_size(sd, rtype); 2259 assert(rsplen <= respsz); 2260 2261 switch (rtype) { 2262 case sd_r1: 2263 case sd_r1b: 2264 sd_response_r1_make(sd, response); 2265 break; 2266 2267 case sd_r2_i: 2268 memcpy(response, sd->cid, sizeof(sd->cid)); 2269 break; 2270 2271 case sd_r2_s: 2272 memcpy(response, sd->csd, sizeof(sd->csd)); 2273 break; 2274 2275 case sd_r3: 2276 sd_response_r3_make(sd, response); 2277 break; 2278 2279 case sd_r6: 2280 sd_response_r6_make(sd, response); 2281 break; 2282 2283 case sd_r7: 2284 sd_response_r7_make(sd, response); 2285 break; 2286 2287 case sd_r0: 2288 /* 2289 * Invalid state transition, reset implementation 2290 * fields to avoid OOB abuse. 2291 */ 2292 sd->data_start = 0; 2293 sd->data_offset = 0; 2294 /* fall-through */ 2295 case sd_illegal: 2296 break; 2297 default: 2298 g_assert_not_reached(); 2299 } 2300 trace_sdcard_response(sd_response_name(rtype), rsplen); 2301 2302 if (rtype != sd_illegal) { 2303 /* Clear the "clear on valid command" status bits now we've 2304 * sent any response 2305 */ 2306 sd->card_status &= ~CARD_STATUS_B; 2307 } 2308 2309 #ifdef DEBUG_SD 2310 qemu_hexdump(stderr, "Response", response, rsplen); 2311 #endif 2312 2313 sd->current_cmd = rtype == sd_illegal ? 0 : req->cmd; 2314 2315 return rsplen; 2316 } 2317 2318 /* Return true if buffer is consumed. Configured by sd_cmd_to_receivingdata() */ 2319 static bool sd_generic_write_byte(SDState *sd, uint8_t value) 2320 { 2321 sd->data[sd->data_offset] = value; 2322 2323 if (++sd->data_offset >= sd->data_size) { 2324 sd->state = sd_transfer_state; 2325 return true; 2326 } 2327 return false; 2328 } 2329 2330 /* Return true when buffer is consumed. Configured by sd_cmd_to_sendingdata() */ 2331 static bool sd_generic_read_byte(SDState *sd, uint8_t *value) 2332 { 2333 *value = sd->data[sd->data_offset]; 2334 2335 if (++sd->data_offset >= sd->data_size) { 2336 sd->state = sd_transfer_state; 2337 return true; 2338 } 2339 2340 return false; 2341 } 2342 2343 static void sd_write_byte(SDState *sd, uint8_t value) 2344 { 2345 int i; 2346 2347 if (!sd->blk || !blk_is_inserted(sd->blk)) { 2348 return; 2349 } 2350 2351 if (sd->state != sd_receivingdata_state) { 2352 qemu_log_mask(LOG_GUEST_ERROR, 2353 "%s: not in Receiving-Data state\n", __func__); 2354 return; 2355 } 2356 2357 if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION)) 2358 return; 2359 2360 trace_sdcard_write_data(sd->proto->name, 2361 sd->last_cmd_name, 2362 sd->current_cmd, sd->data_offset, value); 2363 switch (sd->current_cmd) { 2364 case 24: /* CMD24: WRITE_SINGLE_BLOCK */ 2365 if (sd_generic_write_byte(sd, value)) { 2366 /* TODO: Check CRC before committing */ 2367 sd->state = sd_programming_state; 2368 sd_blk_write(sd, sd->data_start, sd->data_offset); 2369 sd->blk_written ++; 2370 sd->csd[14] |= 0x40; 2371 /* Bzzzzzzztt .... Operation complete. */ 2372 sd->state = sd_transfer_state; 2373 } 2374 break; 2375 2376 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */ 2377 if (sd->data_offset == 0) { 2378 /* Start of the block - let's check the address is valid */ 2379 if (!address_in_range(sd, "WRITE_MULTIPLE_BLOCK", 2380 sd->data_start, sd->blk_len)) { 2381 break; 2382 } 2383 if (sd->size <= SDSC_MAX_CAPACITY) { 2384 if (sd_wp_addr(sd, sd->data_start)) { 2385 sd->card_status |= WP_VIOLATION; 2386 break; 2387 } 2388 } 2389 } 2390 sd->data[sd->data_offset++] = value; 2391 if (sd->data_offset >= sd->blk_len) { 2392 /* TODO: Check CRC before committing */ 2393 sd->state = sd_programming_state; 2394 sd_blk_write(sd, sd->data_start, sd->data_offset); 2395 sd->blk_written++; 2396 sd->data_start += sd->blk_len; 2397 sd->data_offset = 0; 2398 sd->csd[14] |= 0x40; 2399 2400 /* Bzzzzzzztt .... Operation complete. */ 2401 if (sd->multi_blk_cnt != 0) { 2402 if (--sd->multi_blk_cnt == 0) { 2403 /* Stop! */ 2404 sd->state = sd_transfer_state; 2405 break; 2406 } 2407 } 2408 2409 sd->state = sd_receivingdata_state; 2410 } 2411 break; 2412 2413 case 26: /* CMD26: PROGRAM_CID */ 2414 if (sd_generic_write_byte(sd, value)) { 2415 /* TODO: Check CRC before committing */ 2416 sd->state = sd_programming_state; 2417 for (i = 0; i < sizeof(sd->cid); i ++) 2418 if ((sd->cid[i] | 0x00) != sd->data[i]) 2419 sd->card_status |= CID_CSD_OVERWRITE; 2420 2421 if (!(sd->card_status & CID_CSD_OVERWRITE)) 2422 for (i = 0; i < sizeof(sd->cid); i ++) { 2423 sd->cid[i] |= 0x00; 2424 sd->cid[i] &= sd->data[i]; 2425 } 2426 /* Bzzzzzzztt .... Operation complete. */ 2427 sd->state = sd_transfer_state; 2428 } 2429 break; 2430 2431 case 27: /* CMD27: PROGRAM_CSD */ 2432 if (sd_generic_write_byte(sd, value)) { 2433 /* TODO: Check CRC before committing */ 2434 sd->state = sd_programming_state; 2435 for (i = 0; i < sizeof(sd->csd); i ++) 2436 if ((sd->csd[i] | sd_csd_rw_mask[i]) != 2437 (sd->data[i] | sd_csd_rw_mask[i])) 2438 sd->card_status |= CID_CSD_OVERWRITE; 2439 2440 /* Copy flag (OTP) & Permanent write protect */ 2441 if (sd->csd[14] & ~sd->data[14] & 0x60) 2442 sd->card_status |= CID_CSD_OVERWRITE; 2443 2444 if (!(sd->card_status & CID_CSD_OVERWRITE)) 2445 for (i = 0; i < sizeof(sd->csd); i ++) { 2446 sd->csd[i] |= sd_csd_rw_mask[i]; 2447 sd->csd[i] &= sd->data[i]; 2448 } 2449 /* Bzzzzzzztt .... Operation complete. */ 2450 sd->state = sd_transfer_state; 2451 } 2452 break; 2453 2454 case 42: /* CMD42: LOCK_UNLOCK */ 2455 if (sd_generic_write_byte(sd, value)) { 2456 /* TODO: Check CRC before committing */ 2457 sd->state = sd_programming_state; 2458 sd_lock_command(sd); 2459 /* Bzzzzzzztt .... Operation complete. */ 2460 sd->state = sd_transfer_state; 2461 } 2462 break; 2463 2464 case 56: /* CMD56: GEN_CMD */ 2465 sd_generic_write_byte(sd, value); 2466 break; 2467 2468 default: 2469 g_assert_not_reached(); 2470 } 2471 } 2472 2473 static uint8_t sd_read_byte(SDState *sd) 2474 { 2475 /* TODO: Append CRCs */ 2476 const uint8_t dummy_byte = 0x00; 2477 uint8_t ret; 2478 uint32_t io_len; 2479 2480 if (!sd->blk || !blk_is_inserted(sd->blk)) { 2481 return dummy_byte; 2482 } 2483 2484 if (sd->state != sd_sendingdata_state) { 2485 qemu_log_mask(LOG_GUEST_ERROR, 2486 "%s: not in Sending-Data state\n", __func__); 2487 return dummy_byte; 2488 } 2489 2490 if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION)) { 2491 return dummy_byte; 2492 } 2493 2494 io_len = sd_blk_len(sd); 2495 2496 trace_sdcard_read_data(sd->proto->name, 2497 sd->last_cmd_name, sd->current_cmd, 2498 sd->data_offset, sd->data_size, io_len); 2499 switch (sd->current_cmd) { 2500 case 6: /* CMD6: SWITCH_FUNCTION */ 2501 case 8: /* CMD8: SEND_EXT_CSD */ 2502 case 9: /* CMD9: SEND_CSD */ 2503 case 10: /* CMD10: SEND_CID */ 2504 case 13: /* ACMD13: SD_STATUS */ 2505 case 17: /* CMD17: READ_SINGLE_BLOCK */ 2506 case 19: /* CMD19: SEND_TUNING_BLOCK (SD) */ 2507 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */ 2508 case 30: /* CMD30: SEND_WRITE_PROT */ 2509 case 51: /* ACMD51: SEND_SCR */ 2510 case 56: /* CMD56: GEN_CMD */ 2511 sd_generic_read_byte(sd, &ret); 2512 break; 2513 2514 case 18: /* CMD18: READ_MULTIPLE_BLOCK */ 2515 if (sd->data_offset == 0) { 2516 if (!address_in_range(sd, "READ_MULTIPLE_BLOCK", 2517 sd->data_start, io_len)) { 2518 return dummy_byte; 2519 } 2520 sd_blk_read(sd, sd->data_start, io_len); 2521 } 2522 ret = sd->data[sd->data_offset ++]; 2523 2524 if (sd->data_offset >= io_len) { 2525 sd->data_start += io_len; 2526 sd->data_offset = 0; 2527 2528 if (sd->multi_blk_cnt != 0) { 2529 if (--sd->multi_blk_cnt == 0) { 2530 /* Stop! */ 2531 sd->state = sd_transfer_state; 2532 break; 2533 } 2534 } 2535 } 2536 break; 2537 2538 default: 2539 qemu_log_mask(LOG_GUEST_ERROR, "%s: DAT read illegal for command %s\n", 2540 __func__, sd->last_cmd_name); 2541 return dummy_byte; 2542 } 2543 2544 return ret; 2545 } 2546 2547 static bool sd_receive_ready(SDState *sd) 2548 { 2549 return sd->state == sd_receivingdata_state; 2550 } 2551 2552 static bool sd_data_ready(SDState *sd) 2553 { 2554 return sd->state == sd_sendingdata_state; 2555 } 2556 2557 static const SDProto sd_proto_spi = { 2558 .name = "SPI", 2559 .cmd = { 2560 [0] = {0, sd_spi, "GO_IDLE_STATE", sd_cmd_GO_IDLE_STATE}, 2561 [1] = {0, sd_spi, "SEND_OP_COND", spi_cmd_SEND_OP_COND}, 2562 [5] = {9, sd_spi, "IO_SEND_OP_COND", sd_cmd_optional}, 2563 [6] = {10, sd_spi, "SWITCH_FUNCTION", sd_cmd_SWITCH_FUNCTION}, 2564 [8] = {0, sd_spi, "SEND_IF_COND", sd_cmd_SEND_IF_COND}, 2565 [9] = {0, sd_spi, "SEND_CSD", spi_cmd_SEND_CSD}, 2566 [10] = {0, sd_spi, "SEND_CID", spi_cmd_SEND_CID}, 2567 [12] = {0, sd_spi, "STOP_TRANSMISSION", sd_cmd_STOP_TRANSMISSION}, 2568 [13] = {0, sd_spi, "SEND_STATUS", sd_cmd_SEND_STATUS}, 2569 [16] = {2, sd_spi, "SET_BLOCKLEN", sd_cmd_SET_BLOCKLEN}, 2570 [17] = {2, sd_spi, "READ_SINGLE_BLOCK", sd_cmd_READ_SINGLE_BLOCK}, 2571 [24] = {4, sd_spi, "WRITE_SINGLE_BLOCK", sd_cmd_WRITE_SINGLE_BLOCK}, 2572 [27] = {4, sd_spi, "PROGRAM_CSD", sd_cmd_PROGRAM_CSD}, 2573 [28] = {6, sd_spi, "SET_WRITE_PROT", sd_cmd_SET_WRITE_PROT}, 2574 [29] = {6, sd_spi, "CLR_WRITE_PROT", sd_cmd_CLR_WRITE_PROT}, 2575 [30] = {6, sd_spi, "SEND_WRITE_PROT", sd_cmd_SEND_WRITE_PROT}, 2576 [32] = {5, sd_spi, "ERASE_WR_BLK_START", sd_cmd_ERASE_WR_BLK_START}, 2577 [33] = {5, sd_spi, "ERASE_WR_BLK_END", sd_cmd_ERASE_WR_BLK_END}, 2578 [34] = {10, sd_spi, "READ_SEC_CMD", sd_cmd_optional}, 2579 [35] = {10, sd_spi, "WRITE_SEC_CMD", sd_cmd_optional}, 2580 [36] = {10, sd_spi, "SEND_PSI", sd_cmd_optional}, 2581 [37] = {10, sd_spi, "CONTROL_ASSD_SYSTEM", sd_cmd_optional}, 2582 [38] = {5, sd_spi, "ERASE", sd_cmd_ERASE}, 2583 [42] = {7, sd_spi, "LOCK_UNLOCK", sd_cmd_LOCK_UNLOCK}, 2584 [50] = {10, sd_spi, "DIRECT_SECURE_READ", sd_cmd_optional}, 2585 [52] = {9, sd_spi, "IO_RW_DIRECT", sd_cmd_optional}, 2586 [53] = {9, sd_spi, "IO_RW_EXTENDED", sd_cmd_optional}, 2587 [55] = {8, sd_spi, "APP_CMD", sd_cmd_APP_CMD}, 2588 [56] = {8, sd_spi, "GEN_CMD", sd_cmd_GEN_CMD}, 2589 [57] = {10, sd_spi, "DIRECT_SECURE_WRITE", sd_cmd_optional}, 2590 [58] = {0, sd_spi, "READ_OCR", spi_cmd_READ_OCR}, 2591 [59] = {0, sd_spi, "CRC_ON_OFF", spi_cmd_CRC_ON_OFF}, 2592 }, 2593 .acmd = { 2594 [13] = {8, sd_spi, "SD_STATUS", sd_acmd_SD_STATUS}, 2595 [22] = {8, sd_spi, "SEND_NUM_WR_BLOCKS", sd_acmd_SEND_NUM_WR_BLOCKS}, 2596 [23] = {8, sd_spi, "SET_WR_BLK_ERASE_COUNT", sd_acmd_SET_WR_BLK_ERASE_COUNT}, 2597 [41] = {8, sd_spi, "SEND_OP_COND", spi_cmd_SEND_OP_COND}, 2598 [42] = {8, sd_spi, "SET_CLR_CARD_DETECT", sd_acmd_SET_CLR_CARD_DETECT}, 2599 [51] = {8, sd_spi, "SEND_SCR", sd_acmd_SEND_SCR}, 2600 }, 2601 }; 2602 2603 static const SDProto sd_proto_sd = { 2604 .name = "SD", 2605 .cmd = { 2606 [0] = {0, sd_bc, "GO_IDLE_STATE", sd_cmd_GO_IDLE_STATE}, 2607 [2] = {0, sd_bcr, "ALL_SEND_CID", sd_cmd_ALL_SEND_CID}, 2608 [3] = {0, sd_bcr, "SEND_RELATIVE_ADDR", sd_cmd_SEND_RELATIVE_ADDR}, 2609 [4] = {0, sd_bc, "SEND_DSR", sd_cmd_unimplemented}, 2610 [5] = {9, sd_bc, "IO_SEND_OP_COND", sd_cmd_optional}, 2611 [6] = {10, sd_adtc, "SWITCH_FUNCTION", sd_cmd_SWITCH_FUNCTION}, 2612 [7] = {0, sd_ac, "(DE)SELECT_CARD", sd_cmd_DE_SELECT_CARD}, 2613 [8] = {0, sd_bcr, "SEND_IF_COND", sd_cmd_SEND_IF_COND}, 2614 [9] = {0, sd_ac, "SEND_CSD", sd_cmd_SEND_CSD}, 2615 [10] = {0, sd_ac, "SEND_CID", sd_cmd_SEND_CID}, 2616 [11] = {0, sd_ac, "VOLTAGE_SWITCH", sd_cmd_optional}, 2617 [12] = {0, sd_ac, "STOP_TRANSMISSION", sd_cmd_STOP_TRANSMISSION}, 2618 [13] = {0, sd_ac, "SEND_STATUS", sd_cmd_SEND_STATUS}, 2619 [15] = {0, sd_ac, "GO_INACTIVE_STATE", sd_cmd_GO_INACTIVE_STATE}, 2620 [16] = {2, sd_ac, "SET_BLOCKLEN", sd_cmd_SET_BLOCKLEN}, 2621 [17] = {2, sd_adtc, "READ_SINGLE_BLOCK", sd_cmd_READ_SINGLE_BLOCK}, 2622 [19] = {2, sd_adtc, "SEND_TUNING_BLOCK", sd_cmd_SEND_TUNING_BLOCK}, 2623 [20] = {2, sd_ac, "SPEED_CLASS_CONTROL", sd_cmd_optional}, 2624 [23] = {2, sd_ac, "SET_BLOCK_COUNT", sd_cmd_SET_BLOCK_COUNT}, 2625 [24] = {4, sd_adtc, "WRITE_SINGLE_BLOCK", sd_cmd_WRITE_SINGLE_BLOCK}, 2626 [27] = {4, sd_adtc, "PROGRAM_CSD", sd_cmd_PROGRAM_CSD}, 2627 [28] = {6, sd_ac, "SET_WRITE_PROT", sd_cmd_SET_WRITE_PROT}, 2628 [29] = {6, sd_ac, "CLR_WRITE_PROT", sd_cmd_CLR_WRITE_PROT}, 2629 [30] = {6, sd_adtc, "SEND_WRITE_PROT", sd_cmd_SEND_WRITE_PROT}, 2630 [32] = {5, sd_ac, "ERASE_WR_BLK_START", sd_cmd_ERASE_WR_BLK_START}, 2631 [33] = {5, sd_ac, "ERASE_WR_BLK_END", sd_cmd_ERASE_WR_BLK_END}, 2632 [34] = {10, sd_adtc, "READ_SEC_CMD", sd_cmd_optional}, 2633 [35] = {10, sd_adtc, "WRITE_SEC_CMD", sd_cmd_optional}, 2634 [36] = {10, sd_adtc, "SEND_PSI", sd_cmd_optional}, 2635 [37] = {10, sd_ac, "CONTROL_ASSD_SYSTEM", sd_cmd_optional}, 2636 [38] = {5, sd_ac, "ERASE", sd_cmd_ERASE}, 2637 [42] = {7, sd_adtc, "LOCK_UNLOCK", sd_cmd_LOCK_UNLOCK}, 2638 [43] = {1, sd_ac, "Q_MANAGEMENT", sd_cmd_optional}, 2639 [44] = {1, sd_ac, "Q_TASK_INFO_A", sd_cmd_optional}, 2640 [45] = {1, sd_ac, "Q_TASK_INFO_B", sd_cmd_optional}, 2641 [46] = {1, sd_adtc, "Q_RD_TASK", sd_cmd_optional}, 2642 [47] = {1, sd_adtc, "Q_WR_TASK", sd_cmd_optional}, 2643 [48] = {1, sd_adtc, "READ_EXTR_SINGLE", sd_cmd_optional}, 2644 [49] = {1, sd_adtc, "WRITE_EXTR_SINGLE", sd_cmd_optional}, 2645 [50] = {10, sd_adtc, "DIRECT_SECURE_READ", sd_cmd_optional}, 2646 [52] = {9, sd_bc, "IO_RW_DIRECT", sd_cmd_optional}, 2647 [53] = {9, sd_bc, "IO_RW_EXTENDED", sd_cmd_optional}, 2648 [55] = {8, sd_ac, "APP_CMD", sd_cmd_APP_CMD}, 2649 [56] = {8, sd_adtc, "GEN_CMD", sd_cmd_GEN_CMD}, 2650 [57] = {10, sd_adtc, "DIRECT_SECURE_WRITE", sd_cmd_optional}, 2651 [58] = {11, sd_adtc, "READ_EXTR_MULTI", sd_cmd_optional}, 2652 [59] = {11, sd_adtc, "WRITE_EXTR_MULTI", sd_cmd_optional}, 2653 }, 2654 .acmd = { 2655 [6] = {8, sd_ac, "SET_BUS_WIDTH", sd_acmd_SET_BUS_WIDTH}, 2656 [13] = {8, sd_adtc, "SD_STATUS", sd_acmd_SD_STATUS}, 2657 [22] = {8, sd_adtc, "SEND_NUM_WR_BLOCKS", sd_acmd_SEND_NUM_WR_BLOCKS}, 2658 [23] = {8, sd_ac, "SET_WR_BLK_ERASE_COUNT", sd_acmd_SET_WR_BLK_ERASE_COUNT}, 2659 [41] = {8, sd_bcr, "SEND_OP_COND", sd_cmd_SEND_OP_COND}, 2660 [42] = {8, sd_ac, "SET_CLR_CARD_DETECT", sd_acmd_SET_CLR_CARD_DETECT}, 2661 [51] = {8, sd_adtc, "SEND_SCR", sd_acmd_SEND_SCR}, 2662 }, 2663 }; 2664 2665 static const SDProto sd_proto_emmc = { 2666 /* Only v4.3 is supported */ 2667 .name = "eMMC", 2668 .cmd = { 2669 [0] = {0, sd_bc, "GO_IDLE_STATE", sd_cmd_GO_IDLE_STATE}, 2670 [1] = {0, sd_bcr, "SEND_OP_COND", sd_cmd_SEND_OP_COND}, 2671 [2] = {0, sd_bcr, "ALL_SEND_CID", sd_cmd_ALL_SEND_CID}, 2672 [3] = {0, sd_ac, "SET_RELATIVE_ADDR", emmc_cmd_SET_RELATIVE_ADDR}, 2673 [4] = {0, sd_bc, "SEND_DSR", sd_cmd_unimplemented}, 2674 [5] = {0, sd_ac, "SLEEP/AWAKE", emmc_cmd_sleep_awake}, 2675 [6] = {10, sd_adtc, "SWITCH", emmc_cmd_SWITCH}, 2676 [7] = {0, sd_ac, "(DE)SELECT_CARD", sd_cmd_DE_SELECT_CARD}, 2677 [8] = {0, sd_adtc, "SEND_EXT_CSD", emmc_cmd_SEND_EXT_CSD}, 2678 [9] = {0, sd_ac, "SEND_CSD", sd_cmd_SEND_CSD}, 2679 [10] = {0, sd_ac, "SEND_CID", sd_cmd_SEND_CID}, 2680 [11] = {1, sd_adtc, "READ_DAT_UNTIL_STOP", sd_cmd_unimplemented}, 2681 [12] = {0, sd_ac, "STOP_TRANSMISSION", sd_cmd_STOP_TRANSMISSION}, 2682 [13] = {0, sd_ac, "SEND_STATUS", sd_cmd_SEND_STATUS}, 2683 [14] = {0, sd_adtc, "BUSTEST_R", sd_cmd_unimplemented}, 2684 [15] = {0, sd_ac, "GO_INACTIVE_STATE", sd_cmd_GO_INACTIVE_STATE}, 2685 [16] = {2, sd_ac, "SET_BLOCKLEN", sd_cmd_SET_BLOCKLEN}, 2686 [17] = {2, sd_adtc, "READ_SINGLE_BLOCK", sd_cmd_READ_SINGLE_BLOCK}, 2687 [19] = {0, sd_adtc, "BUSTEST_W", sd_cmd_unimplemented}, 2688 [20] = {3, sd_adtc, "WRITE_DAT_UNTIL_STOP", sd_cmd_unimplemented}, 2689 [23] = {2, sd_ac, "SET_BLOCK_COUNT", sd_cmd_SET_BLOCK_COUNT}, 2690 [24] = {4, sd_adtc, "WRITE_SINGLE_BLOCK", sd_cmd_WRITE_SINGLE_BLOCK}, 2691 [26] = {4, sd_adtc, "PROGRAM_CID", emmc_cmd_PROGRAM_CID}, 2692 [27] = {4, sd_adtc, "PROGRAM_CSD", sd_cmd_PROGRAM_CSD}, 2693 [28] = {6, sd_ac, "SET_WRITE_PROT", sd_cmd_SET_WRITE_PROT}, 2694 [29] = {6, sd_ac, "CLR_WRITE_PROT", sd_cmd_CLR_WRITE_PROT}, 2695 [30] = {6, sd_adtc, "SEND_WRITE_PROT", sd_cmd_SEND_WRITE_PROT}, 2696 [31] = {6, sd_adtc, "SEND_WRITE_PROT_TYPE", sd_cmd_unimplemented}, 2697 [35] = {5, sd_ac, "ERASE_WR_BLK_START", sd_cmd_ERASE_WR_BLK_START}, 2698 [36] = {5, sd_ac, "ERASE_WR_BLK_END", sd_cmd_ERASE_WR_BLK_END}, 2699 [38] = {5, sd_ac, "ERASE", sd_cmd_ERASE}, 2700 [39] = {9, sd_ac, "FAST_IO", sd_cmd_unimplemented}, 2701 [40] = {9, sd_bcr, "GO_IRQ_STATE", sd_cmd_unimplemented}, 2702 [42] = {7, sd_adtc, "LOCK_UNLOCK", sd_cmd_LOCK_UNLOCK}, 2703 [49] = {0, sd_adtc, "SET_TIME", sd_cmd_unimplemented}, 2704 [55] = {8, sd_ac, "APP_CMD", sd_cmd_APP_CMD}, 2705 [56] = {8, sd_adtc, "GEN_CMD", sd_cmd_GEN_CMD}, 2706 }, 2707 }; 2708 2709 static void sd_instance_init(Object *obj) 2710 { 2711 SDState *sd = SDMMC_COMMON(obj); 2712 SDCardClass *sc = SDMMC_COMMON_GET_CLASS(sd); 2713 2714 sd->proto = sc->proto; 2715 sd->last_cmd_name = "UNSET"; 2716 sd->ocr_power_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, sd_ocr_powerup, sd); 2717 } 2718 2719 static void sd_instance_finalize(Object *obj) 2720 { 2721 SDState *sd = SDMMC_COMMON(obj); 2722 2723 timer_free(sd->ocr_power_timer); 2724 } 2725 2726 static void sd_realize(DeviceState *dev, Error **errp) 2727 { 2728 SDState *sd = SDMMC_COMMON(dev); 2729 int ret; 2730 2731 switch (sd->spec_version) { 2732 case SD_PHY_SPECv1_10_VERS 2733 ... SD_PHY_SPECv3_01_VERS: 2734 break; 2735 default: 2736 error_setg(errp, "Invalid SD card Spec version: %u", sd->spec_version); 2737 return; 2738 } 2739 2740 if (sd->blk) { 2741 int64_t blk_size; 2742 2743 if (!blk_supports_write_perm(sd->blk)) { 2744 error_setg(errp, "Cannot use read-only drive as SD card"); 2745 return; 2746 } 2747 2748 blk_size = blk_getlength(sd->blk); 2749 if (blk_size > 0 && !is_power_of_2(blk_size)) { 2750 int64_t blk_size_aligned = pow2ceil(blk_size); 2751 char *blk_size_str; 2752 2753 blk_size_str = size_to_str(blk_size); 2754 error_setg(errp, "Invalid SD card size: %s", blk_size_str); 2755 g_free(blk_size_str); 2756 2757 blk_size_str = size_to_str(blk_size_aligned); 2758 error_append_hint(errp, 2759 "SD card size has to be a power of 2, e.g. %s.\n" 2760 "You can resize disk images with" 2761 " 'qemu-img resize <imagefile> <new-size>'\n" 2762 "(note that this will lose data if you make the" 2763 " image smaller than it currently is).\n", 2764 blk_size_str); 2765 g_free(blk_size_str); 2766 2767 return; 2768 } 2769 2770 ret = blk_set_perm(sd->blk, BLK_PERM_CONSISTENT_READ | BLK_PERM_WRITE, 2771 BLK_PERM_ALL, errp); 2772 if (ret < 0) { 2773 return; 2774 } 2775 blk_set_dev_ops(sd->blk, &sd_block_ops, sd); 2776 } 2777 } 2778 2779 static void emmc_realize(DeviceState *dev, Error **errp) 2780 { 2781 SDState *sd = SDMMC_COMMON(dev); 2782 2783 sd->spec_version = SD_PHY_SPECv3_01_VERS; /* Actually v4.3 */ 2784 2785 sd_realize(dev, errp); 2786 } 2787 2788 static const Property sdmmc_common_properties[] = { 2789 DEFINE_PROP_DRIVE("drive", SDState, blk), 2790 }; 2791 2792 static const Property sd_properties[] = { 2793 DEFINE_PROP_UINT8("spec_version", SDState, 2794 spec_version, SD_PHY_SPECv3_01_VERS), 2795 }; 2796 2797 static const Property emmc_properties[] = { 2798 DEFINE_PROP_UINT64("boot-partition-size", SDState, boot_part_size, 0), 2799 DEFINE_PROP_UINT8("boot-config", SDState, boot_config, 0x0), 2800 }; 2801 2802 static void sdmmc_common_class_init(ObjectClass *klass, const void *data) 2803 { 2804 DeviceClass *dc = DEVICE_CLASS(klass); 2805 SDCardClass *sc = SDMMC_COMMON_CLASS(klass); 2806 2807 device_class_set_props(dc, sdmmc_common_properties); 2808 dc->vmsd = &sd_vmstate; 2809 device_class_set_legacy_reset(dc, sd_reset); 2810 dc->bus_type = TYPE_SD_BUS; 2811 set_bit(DEVICE_CATEGORY_STORAGE, dc->categories); 2812 2813 sc->set_voltage = sd_set_voltage; 2814 sc->get_dat_lines = sd_get_dat_lines; 2815 sc->get_cmd_line = sd_get_cmd_line; 2816 sc->do_command = sd_do_command; 2817 sc->write_byte = sd_write_byte; 2818 sc->read_byte = sd_read_byte; 2819 sc->receive_ready = sd_receive_ready; 2820 sc->data_ready = sd_data_ready; 2821 sc->get_inserted = sd_get_inserted; 2822 sc->get_readonly = sd_get_readonly; 2823 } 2824 2825 static void sd_class_init(ObjectClass *klass, const void *data) 2826 { 2827 DeviceClass *dc = DEVICE_CLASS(klass); 2828 SDCardClass *sc = SDMMC_COMMON_CLASS(klass); 2829 2830 dc->realize = sd_realize; 2831 device_class_set_props(dc, sd_properties); 2832 2833 sc->set_cid = sd_set_cid; 2834 sc->set_csd = sd_set_csd; 2835 sc->proto = &sd_proto_sd; 2836 } 2837 2838 /* 2839 * We do not model the chip select pin, so allow the board to select 2840 * whether card should be in SSI or MMC/SD mode. It is also up to the 2841 * board to ensure that ssi transfers only occur when the chip select 2842 * is asserted. 2843 */ 2844 static void sd_spi_class_init(ObjectClass *klass, const void *data) 2845 { 2846 DeviceClass *dc = DEVICE_CLASS(klass); 2847 SDCardClass *sc = SDMMC_COMMON_CLASS(klass); 2848 2849 dc->desc = "SD SPI"; 2850 sc->proto = &sd_proto_spi; 2851 } 2852 2853 static void emmc_class_init(ObjectClass *klass, const void *data) 2854 { 2855 DeviceClass *dc = DEVICE_CLASS(klass); 2856 SDCardClass *sc = SDMMC_COMMON_CLASS(klass); 2857 2858 dc->desc = "eMMC"; 2859 dc->realize = emmc_realize; 2860 device_class_set_props(dc, emmc_properties); 2861 /* Reason: Soldered on board */ 2862 dc->user_creatable = false; 2863 2864 sc->proto = &sd_proto_emmc; 2865 2866 sc->set_cid = emmc_set_cid; 2867 sc->set_csd = emmc_set_csd; 2868 } 2869 2870 static const TypeInfo sd_types[] = { 2871 { 2872 .name = TYPE_SDMMC_COMMON, 2873 .parent = TYPE_DEVICE, 2874 .abstract = true, 2875 .instance_size = sizeof(SDState), 2876 .class_size = sizeof(SDCardClass), 2877 .class_init = sdmmc_common_class_init, 2878 .instance_init = sd_instance_init, 2879 .instance_finalize = sd_instance_finalize, 2880 }, 2881 { 2882 .name = TYPE_SD_CARD, 2883 .parent = TYPE_SDMMC_COMMON, 2884 .class_init = sd_class_init, 2885 }, 2886 { 2887 .name = TYPE_SD_CARD_SPI, 2888 .parent = TYPE_SD_CARD, 2889 .class_init = sd_spi_class_init, 2890 }, 2891 { 2892 .name = TYPE_EMMC, 2893 .parent = TYPE_SDMMC_COMMON, 2894 .class_init = emmc_class_init, 2895 }, 2896 }; 2897 2898 DEFINE_TYPES(sd_types) 2899