1 /* 2 * SD Memory Card emulation as defined in the "SD Memory Card Physical 3 * layer specification, Version 2.00." 4 * 5 * eMMC emulation defined in "JEDEC Standard No. 84-A43" 6 * 7 * Copyright (c) 2006 Andrzej Zaborowski <balrog@zabor.org> 8 * Copyright (c) 2007 CodeSourcery 9 * Copyright (c) 2018 Philippe Mathieu-Daudé <f4bug@amsat.org> 10 * 11 * Redistribution and use in source and binary forms, with or without 12 * modification, are permitted provided that the following conditions 13 * are met: 14 * 15 * 1. Redistributions of source code must retain the above copyright 16 * notice, this list of conditions and the following disclaimer. 17 * 2. Redistributions in binary form must reproduce the above copyright 18 * notice, this list of conditions and the following disclaimer in 19 * the documentation and/or other materials provided with the 20 * distribution. 21 * 22 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' 23 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, 24 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A 25 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR 26 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 27 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 28 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 29 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY 30 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 31 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 32 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 33 */ 34 35 #include "qemu/osdep.h" 36 #include "qemu/units.h" 37 #include "qemu/cutils.h" 38 #include "hw/irq.h" 39 #include "hw/registerfields.h" 40 #include "system/block-backend.h" 41 #include "hw/sd/sd.h" 42 #include "migration/vmstate.h" 43 #include "qapi/error.h" 44 #include "qemu/bitmap.h" 45 #include "hw/qdev-properties.h" 46 #include "hw/qdev-properties-system.h" 47 #include "qemu/error-report.h" 48 #include "qemu/timer.h" 49 #include "qemu/log.h" 50 #include "qemu/guest-random.h" 51 #include "qemu/module.h" 52 #include "sdmmc-internal.h" 53 #include "trace.h" 54 55 //#define DEBUG_SD 1 56 57 #define SDSC_MAX_CAPACITY (2 * GiB) 58 59 #define INVALID_ADDRESS UINT32_MAX 60 61 typedef enum { 62 sd_r0 = 0, /* no response */ 63 sd_r1, /* normal response command */ 64 spi_r2, /* STATUS */ 65 sd_r2_i, /* CID register */ 66 sd_r2_s, /* CSD register */ 67 sd_r3, /* OCR register */ 68 sd_r6 = 6, /* Published RCA response */ 69 sd_r7, /* Operating voltage */ 70 sd_r1b = -1, 71 sd_illegal = -2, 72 } sd_rsp_type_t; 73 74 typedef enum { 75 sd_spi, 76 sd_bc, /* broadcast -- no response */ 77 sd_bcr, /* broadcast with response */ 78 sd_ac, /* addressed -- no data transfer */ 79 sd_adtc, /* addressed with data transfer */ 80 } sd_cmd_type_t; 81 82 enum SDCardModes { 83 sd_inactive, 84 sd_card_identification_mode, 85 sd_data_transfer_mode, 86 }; 87 88 enum SDCardStates { 89 sd_waitirq_state = -2, /* emmc */ 90 sd_inactive_state = -1, 91 92 sd_idle_state = 0, 93 sd_ready_state = 1, 94 sd_identification_state = 2, 95 sd_standby_state = 3, 96 sd_transfer_state = 4, 97 sd_sendingdata_state = 5, 98 sd_receivingdata_state = 6, 99 sd_programming_state = 7, 100 sd_disconnect_state = 8, 101 sd_bus_test_state = 9, /* emmc */ 102 sd_sleep_state = 10, /* emmc */ 103 sd_io_state = 15 /* sd */ 104 }; 105 106 #define SDMMC_CMD_MAX 64 107 108 typedef sd_rsp_type_t (*sd_cmd_handler)(SDState *sd, SDRequest req); 109 110 typedef struct SDProto { 111 const char *name; 112 struct { 113 const unsigned class; 114 const sd_cmd_type_t type; 115 const char *name; 116 sd_cmd_handler handler; 117 } cmd[SDMMC_CMD_MAX], acmd[SDMMC_CMD_MAX]; 118 } SDProto; 119 120 struct SDState { 121 DeviceState parent_obj; 122 123 /* SD Memory Card Registers */ 124 uint32_t ocr; 125 uint8_t scr[8]; 126 uint8_t cid[16]; 127 uint8_t csd[16]; 128 uint16_t rca; 129 uint32_t card_status; 130 uint8_t sd_status[64]; 131 union { 132 uint8_t ext_csd[512]; 133 struct { 134 uint8_t ext_csd_rw[192]; /* Modes segment */ 135 uint8_t ext_csd_ro[320]; /* Properties segment */ 136 }; 137 }; 138 139 /* Static properties */ 140 141 uint8_t spec_version; 142 uint64_t boot_part_size; 143 BlockBackend *blk; 144 uint8_t boot_config; 145 146 const SDProto *proto; 147 148 /* Runtime changeables */ 149 150 uint32_t mode; /* current card mode, one of SDCardModes */ 151 int32_t state; /* current card state, one of SDCardStates */ 152 uint32_t vhs; 153 bool wp_switch; 154 unsigned long *wp_group_bmap; 155 int32_t wp_group_bits; 156 uint64_t size; 157 uint32_t blk_len; 158 uint32_t multi_blk_cnt; 159 uint32_t erase_start; 160 uint32_t erase_end; 161 uint8_t pwd[16]; 162 uint32_t pwd_len; 163 uint8_t function_group[6]; 164 uint8_t current_cmd; 165 const char *last_cmd_name; 166 /* True if we will handle the next command as an ACMD. Note that this does 167 * *not* track the APP_CMD status bit! 168 */ 169 bool expecting_acmd; 170 uint32_t blk_written; 171 172 uint64_t data_start; 173 uint32_t data_offset; 174 size_t data_size; 175 uint8_t data[512]; 176 QEMUTimer *ocr_power_timer; 177 uint8_t dat_lines; 178 bool cmd_line; 179 }; 180 181 static void sd_realize(DeviceState *dev, Error **errp); 182 183 static const SDProto sd_proto_spi; 184 static const SDProto sd_proto_emmc; 185 186 static bool sd_is_spi(SDState *sd) 187 { 188 return sd->proto == &sd_proto_spi; 189 } 190 191 static bool sd_is_emmc(SDState *sd) 192 { 193 return sd->proto == &sd_proto_emmc; 194 } 195 196 static const char *sd_version_str(enum SDPhySpecificationVersion version) 197 { 198 static const char *sdphy_version[] = { 199 [SD_PHY_SPECv1_10_VERS] = "v1.10", 200 [SD_PHY_SPECv2_00_VERS] = "v2.00", 201 [SD_PHY_SPECv3_01_VERS] = "v3.01", 202 }; 203 if (version >= ARRAY_SIZE(sdphy_version)) { 204 return "unsupported version"; 205 } 206 return sdphy_version[version]; 207 } 208 209 static const char *sd_mode_name(enum SDCardModes mode) 210 { 211 static const char *mode_name[] = { 212 [sd_inactive] = "inactive", 213 [sd_card_identification_mode] = "identification", 214 [sd_data_transfer_mode] = "transfer", 215 }; 216 assert(mode < ARRAY_SIZE(mode_name)); 217 return mode_name[mode]; 218 } 219 220 static const char *sd_state_name(enum SDCardStates state) 221 { 222 static const char *state_name[] = { 223 [sd_idle_state] = "idle", 224 [sd_ready_state] = "ready", 225 [sd_identification_state] = "identification", 226 [sd_standby_state] = "standby", 227 [sd_transfer_state] = "transfer", 228 [sd_sendingdata_state] = "sendingdata", 229 [sd_bus_test_state] = "bus-test", 230 [sd_receivingdata_state] = "receivingdata", 231 [sd_programming_state] = "programming", 232 [sd_disconnect_state] = "disconnect", 233 [sd_sleep_state] = "sleep", 234 [sd_io_state] = "i/o" 235 }; 236 if (state == sd_inactive_state) { 237 return "inactive"; 238 } 239 if (state == sd_waitirq_state) { 240 return "wait-irq"; 241 } 242 assert(state < ARRAY_SIZE(state_name)); 243 return state_name[state]; 244 } 245 246 static const char *sd_response_name(sd_rsp_type_t rsp) 247 { 248 static const char *response_name[] = { 249 [sd_r0] = "RESP#0 (no response)", 250 [sd_r1] = "RESP#1 (normal cmd)", 251 [spi_r2] = "RESP#2 (STATUS reg)", 252 [sd_r2_i] = "RESP#2 (CID reg)", 253 [sd_r2_s] = "RESP#2 (CSD reg)", 254 [sd_r3] = "RESP#3 (OCR reg)", 255 [sd_r6] = "RESP#6 (RCA)", 256 [sd_r7] = "RESP#7 (operating voltage)", 257 }; 258 if (rsp == sd_illegal) { 259 return "ILLEGAL RESP"; 260 } 261 if (rsp == sd_r1b) { 262 rsp = sd_r1; 263 } 264 assert(rsp < ARRAY_SIZE(response_name)); 265 return response_name[rsp]; 266 } 267 268 static const char *sd_cmd_name(SDState *sd, uint8_t cmd) 269 { 270 static const char *cmd_abbrev[SDMMC_CMD_MAX] = { 271 [18] = "READ_MULTIPLE_BLOCK", 272 [25] = "WRITE_MULTIPLE_BLOCK", 273 }; 274 const SDProto *sdp = sd->proto; 275 276 if (sdp->cmd[cmd].handler) { 277 assert(!cmd_abbrev[cmd]); 278 return sdp->cmd[cmd].name; 279 } 280 return cmd_abbrev[cmd] ? cmd_abbrev[cmd] : "UNKNOWN_CMD"; 281 } 282 283 static const char *sd_acmd_name(SDState *sd, uint8_t cmd) 284 { 285 const SDProto *sdp = sd->proto; 286 287 if (sdp->acmd[cmd].handler) { 288 return sdp->acmd[cmd].name; 289 } 290 291 return "UNKNOWN_ACMD"; 292 } 293 294 static uint8_t sd_get_dat_lines(SDState *sd) 295 { 296 return sd->dat_lines; 297 } 298 299 static bool sd_get_cmd_line(SDState *sd) 300 { 301 return sd->cmd_line; 302 } 303 304 static void sd_set_voltage(SDState *sd, uint16_t millivolts) 305 { 306 trace_sdcard_set_voltage(millivolts); 307 308 switch (millivolts) { 309 case 3001 ... 3600: /* SD_VOLTAGE_3_3V */ 310 case 2001 ... 3000: /* SD_VOLTAGE_3_0V */ 311 break; 312 default: 313 qemu_log_mask(LOG_GUEST_ERROR, "SD card voltage not supported: %.3fV", 314 millivolts / 1000.f); 315 } 316 } 317 318 static void sd_set_mode(SDState *sd) 319 { 320 switch (sd->state) { 321 case sd_inactive_state: 322 sd->mode = sd_inactive; 323 break; 324 325 case sd_idle_state: 326 case sd_ready_state: 327 case sd_identification_state: 328 sd->mode = sd_card_identification_mode; 329 break; 330 331 case sd_standby_state: 332 case sd_transfer_state: 333 case sd_sendingdata_state: 334 case sd_receivingdata_state: 335 case sd_programming_state: 336 case sd_disconnect_state: 337 sd->mode = sd_data_transfer_mode; 338 break; 339 } 340 } 341 342 static uint8_t sd_crc7(const void *message, size_t width) 343 { 344 int i, bit; 345 uint8_t shift_reg = 0x00; 346 const uint8_t *msg = (const uint8_t *)message; 347 348 for (i = 0; i < width; i ++, msg ++) 349 for (bit = 7; bit >= 0; bit --) { 350 shift_reg <<= 1; 351 if ((shift_reg >> 7) ^ ((*msg >> bit) & 1)) 352 shift_reg ^= 0x89; 353 } 354 355 return shift_reg; 356 } 357 358 /* Operation Conditions register */ 359 360 #define OCR_POWER_DELAY_NS 500000 /* 0.5ms */ 361 362 FIELD(OCR, VDD_VOLTAGE_WINDOW, 0, 24) 363 FIELD(OCR, VDD_VOLTAGE_WIN_LO, 0, 8) 364 FIELD(OCR, DUAL_VOLTAGE_CARD, 7, 1) 365 FIELD(OCR, VDD_VOLTAGE_WIN_HI, 8, 16) 366 FIELD(OCR, ACCEPT_SWITCH_1V8, 24, 1) /* Only UHS-I */ 367 FIELD(OCR, UHS_II_CARD, 29, 1) /* Only UHS-II */ 368 FIELD(OCR, CARD_CAPACITY, 30, 1) /* 0:SDSC, 1:SDHC/SDXC */ 369 FIELD(OCR, CARD_POWER_UP, 31, 1) 370 371 #define ACMD41_ENQUIRY_MASK 0x00ffffff 372 #define ACMD41_R3_MASK (R_OCR_VDD_VOLTAGE_WIN_HI_MASK \ 373 | R_OCR_ACCEPT_SWITCH_1V8_MASK \ 374 | R_OCR_UHS_II_CARD_MASK \ 375 | R_OCR_CARD_CAPACITY_MASK \ 376 | R_OCR_CARD_POWER_UP_MASK) 377 378 static void sd_ocr_powerup(void *opaque) 379 { 380 SDState *sd = opaque; 381 382 trace_sdcard_powerup(); 383 assert(!FIELD_EX32(sd->ocr, OCR, CARD_POWER_UP)); 384 385 /* card power-up OK */ 386 sd->ocr = FIELD_DP32(sd->ocr, OCR, CARD_POWER_UP, 1); 387 388 if (sd->size > SDSC_MAX_CAPACITY) { 389 sd->ocr = FIELD_DP32(sd->ocr, OCR, CARD_CAPACITY, 1); 390 } 391 } 392 393 static void sd_set_ocr(SDState *sd) 394 { 395 /* All voltages OK */ 396 sd->ocr = R_OCR_VDD_VOLTAGE_WIN_HI_MASK; 397 398 if (sd_is_spi(sd)) { 399 /* 400 * We don't need to emulate power up sequence in SPI-mode. 401 * Thus, the card's power up status bit should be set to 1 when reset. 402 * The card's capacity status bit should also be set if SD card size 403 * is larger than 2GB for SDHC support. 404 */ 405 sd_ocr_powerup(sd); 406 } 407 } 408 409 /* SD Configuration register */ 410 411 static void sd_set_scr(SDState *sd) 412 { 413 sd->scr[0] = 0 << 4; /* SCR structure version 1.0 */ 414 if (sd->spec_version == SD_PHY_SPECv1_10_VERS) { 415 sd->scr[0] |= 1; /* Spec Version 1.10 */ 416 } else { 417 sd->scr[0] |= 2; /* Spec Version 2.00 or Version 3.0X */ 418 } 419 sd->scr[1] = (2 << 4) /* SDSC Card (Security Version 1.01) */ 420 | 0b0101; /* 1-bit or 4-bit width bus modes */ 421 sd->scr[2] = 0x00; /* Extended Security is not supported. */ 422 if (sd->spec_version >= SD_PHY_SPECv3_01_VERS) { 423 sd->scr[2] |= 1 << 7; /* Spec Version 3.0X */ 424 } 425 sd->scr[3] = 0x00; 426 /* reserved for manufacturer usage */ 427 sd->scr[4] = 0x00; 428 sd->scr[5] = 0x00; 429 sd->scr[6] = 0x00; 430 sd->scr[7] = 0x00; 431 } 432 433 /* Card IDentification register */ 434 435 #define MID 0xaa 436 #define OID "XY" 437 #define PNM "QEMU!" 438 #define PRV 0x01 439 #define MDT_YR 2006 440 #define MDT_MON 2 441 442 static void sd_set_cid(SDState *sd) 443 { 444 sd->cid[0] = MID; /* Fake card manufacturer ID (MID) */ 445 sd->cid[1] = OID[0]; /* OEM/Application ID (OID) */ 446 sd->cid[2] = OID[1]; 447 sd->cid[3] = PNM[0]; /* Fake product name (PNM) */ 448 sd->cid[4] = PNM[1]; 449 sd->cid[5] = PNM[2]; 450 sd->cid[6] = PNM[3]; 451 sd->cid[7] = PNM[4]; 452 sd->cid[8] = PRV; /* Fake product revision (PRV) */ 453 stl_be_p(&sd->cid[9], 0xdeadbeef); /* Fake serial number (PSN) */ 454 sd->cid[13] = 0x00 | /* Manufacture date (MDT) */ 455 ((MDT_YR - 2000) / 10); 456 sd->cid[14] = ((MDT_YR % 10) << 4) | MDT_MON; 457 sd->cid[15] = (sd_crc7(sd->cid, 15) << 1) | 1; 458 } 459 460 static void emmc_set_cid(SDState *sd) 461 { 462 sd->cid[0] = MID; /* Fake card manufacturer ID (MID) */ 463 sd->cid[1] = 0b01; /* CBX: soldered BGA */ 464 sd->cid[2] = OID[0]; /* OEM/Application ID (OID) */ 465 sd->cid[3] = PNM[0]; /* Fake product name (PNM) */ 466 sd->cid[4] = PNM[1]; 467 sd->cid[5] = PNM[2]; 468 sd->cid[6] = PNM[3]; 469 sd->cid[7] = PNM[4]; 470 sd->cid[8] = PNM[4]; 471 sd->cid[9] = PRV; /* Fake product revision (PRV) */ 472 stl_be_p(&sd->cid[10], 0xdeadbeef); /* Fake serial number (PSN) */ 473 sd->cid[14] = (MDT_MON << 4) | (MDT_YR - 1997); /* Manufacture date (MDT) */ 474 sd->cid[15] = (sd_crc7(sd->cid, 15) << 1) | 1; 475 } 476 477 /* Card-Specific Data register */ 478 479 #define HWBLOCK_SHIFT 9 /* 512 bytes */ 480 #define SECTOR_SHIFT 5 /* 16 kilobytes */ 481 #define WPGROUP_SHIFT 7 /* 2 megs */ 482 #define CMULT_SHIFT 9 /* 512 times HWBLOCK_SIZE */ 483 #define WPGROUP_SIZE (1 << (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT)) 484 485 static const uint8_t sd_csd_rw_mask[16] = { 486 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 487 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xfc, 0xfe, 488 }; 489 490 static void emmc_set_ext_csd(SDState *sd, uint64_t size) 491 { 492 uint32_t sectcount = size >> HWBLOCK_SHIFT; 493 494 memset(sd->ext_csd, 0, sizeof(sd->ext_csd)); /* FIXME only RW at reset */ 495 496 /* Properties segment (RO) */ 497 sd->ext_csd[EXT_CSD_S_CMD_SET] = 0b1; /* supported command sets */ 498 sd->ext_csd[EXT_CSD_BOOT_INFO] = 0x0; /* Boot information */ 499 /* Boot partition size. 128KB unit */ 500 sd->ext_csd[EXT_CSD_BOOT_MULT] = sd->boot_part_size / (128 * KiB); 501 sd->ext_csd[EXT_CSD_ACC_SIZE] = 0x1; /* Access size */ 502 sd->ext_csd[EXT_CSD_HC_ERASE_GRP_SIZE] = 0x01; /* HC Erase unit size */ 503 sd->ext_csd[EXT_CSD_ERASE_TIMEOUT_MULT] = 0x01; /* HC erase timeout */ 504 sd->ext_csd[EXT_CSD_REL_WR_SEC_C] = 0x1; /* Reliable write sector count */ 505 sd->ext_csd[EXT_CSD_HC_WP_GRP_SIZE] = 0x01; /* HC write protect group size */ 506 sd->ext_csd[EXT_CSD_S_C_VCC] = 0x01; /* Sleep current VCC */ 507 sd->ext_csd[EXT_CSD_S_C_VCCQ] = 0x01; /* Sleep current VCCQ */ 508 sd->ext_csd[EXT_CSD_S_A_TIMEOUT] = 0x01; /* Sleep/Awake timeout */ 509 stl_le_p(&sd->ext_csd[EXT_CSD_SEC_CNT], sectcount); /* Sector count */ 510 sd->ext_csd[210] = 0x46; /* Min write perf for 8bit@52Mhz */ 511 sd->ext_csd[209] = 0x46; /* Min read perf for 8bit@52Mhz */ 512 sd->ext_csd[208] = 0x46; /* Min write perf for 4bit@52Mhz */ 513 sd->ext_csd[207] = 0x46; /* Min read perf for 4bit@52Mhz */ 514 sd->ext_csd[206] = 0x46; /* Min write perf for 4bit@26Mhz */ 515 sd->ext_csd[205] = 0x46; /* Min read perf for 4bit@26Mhz */ 516 sd->ext_csd[EXT_CSD_CARD_TYPE] = 0b11; 517 sd->ext_csd[EXT_CSD_STRUCTURE] = 2; 518 sd->ext_csd[EXT_CSD_REV] = 3; 519 520 /* Mode segment (RW) */ 521 sd->ext_csd[EXT_CSD_PART_CONFIG] = sd->boot_config; 522 } 523 524 static void emmc_set_csd(SDState *sd, uint64_t size) 525 { 526 int hwblock_shift = HWBLOCK_SHIFT; 527 uint32_t sectsize = (1 << (SECTOR_SHIFT + 1)) - 1; 528 uint32_t wpsize = (1 << (WPGROUP_SHIFT + 1)) - 1; 529 530 sd->csd[0] = (3 << 6) | (4 << 2); /* Spec v4.3 with EXT_CSD */ 531 sd->csd[1] = (1 << 3) | 6; /* Asynchronous data access time: 1ms */ 532 sd->csd[2] = 0x00; 533 sd->csd[3] = (1 << 3) | 3;; /* Maximum bus clock frequency: 100MHz */ 534 sd->csd[4] = 0x0f; 535 if (size <= 2 * GiB) { 536 /* use 1k blocks */ 537 uint32_t csize1k = (size >> (CMULT_SHIFT + 10)) - 1; 538 sd->csd[5] = 0x5a; 539 sd->csd[6] = 0x80 | ((csize1k >> 10) & 0xf); 540 sd->csd[7] = (csize1k >> 2) & 0xff; 541 } else { /* >= 2GB : size stored in ext CSD, block addressing */ 542 sd->csd[5] = 0x59; 543 sd->csd[6] = 0x8f; 544 sd->csd[7] = 0xff; 545 sd->ocr = FIELD_DP32(sd->ocr, OCR, CARD_CAPACITY, 1); 546 } 547 sd->csd[8] = 0xff; 548 sd->csd[9] = 0xfc | /* Max. write current */ 549 ((CMULT_SHIFT - 2) >> 1); 550 sd->csd[10] = 0x40 | /* Erase sector size */ 551 (((CMULT_SHIFT - 2) << 7) & 0x80) | (sectsize >> 1); 552 sd->csd[11] = 0x00 | /* Write protect group size */ 553 ((sectsize << 7) & 0x80) | wpsize; 554 sd->csd[12] = 0x90 | /* Write speed factor */ 555 (hwblock_shift >> 2); 556 sd->csd[13] = 0x20 | /* Max. write data block length */ 557 ((hwblock_shift << 6) & 0xc0); 558 sd->csd[14] = 0x00; 559 sd->csd[15] = (sd_crc7(sd->csd, 15) << 1) | 1; 560 emmc_set_ext_csd(sd, size); 561 } 562 563 static void sd_set_csd(SDState *sd, uint64_t size) 564 { 565 int hwblock_shift = HWBLOCK_SHIFT; 566 uint32_t csize; 567 uint32_t sectsize = (1 << (SECTOR_SHIFT + 1)) - 1; 568 uint32_t wpsize = (1 << (WPGROUP_SHIFT + 1)) - 1; 569 570 /* To indicate 2 GiB card, BLOCK_LEN shall be 1024 bytes */ 571 if (size == SDSC_MAX_CAPACITY) { 572 hwblock_shift += 1; 573 } 574 csize = (size >> (CMULT_SHIFT + hwblock_shift)) - 1; 575 576 if (size <= SDSC_MAX_CAPACITY) { /* Standard Capacity SD */ 577 sd->csd[0] = 0x00; /* CSD structure */ 578 sd->csd[1] = 0x26; /* Data read access-time-1 */ 579 sd->csd[2] = 0x00; /* Data read access-time-2 */ 580 sd->csd[3] = 0x32; /* Max. data transfer rate: 25 MHz */ 581 sd->csd[4] = 0x5f; /* Card Command Classes */ 582 sd->csd[5] = 0x50 | /* Max. read data block length */ 583 hwblock_shift; 584 sd->csd[6] = 0xe0 | /* Partial block for read allowed */ 585 ((csize >> 10) & 0x03); 586 sd->csd[7] = 0x00 | /* Device size */ 587 ((csize >> 2) & 0xff); 588 sd->csd[8] = 0x3f | /* Max. read current */ 589 ((csize << 6) & 0xc0); 590 sd->csd[9] = 0xfc | /* Max. write current */ 591 ((CMULT_SHIFT - 2) >> 1); 592 sd->csd[10] = 0x40 | /* Erase sector size */ 593 (((CMULT_SHIFT - 2) << 7) & 0x80) | (sectsize >> 1); 594 sd->csd[11] = 0x00 | /* Write protect group size */ 595 ((sectsize << 7) & 0x80) | wpsize; 596 sd->csd[12] = 0x90 | /* Write speed factor */ 597 (hwblock_shift >> 2); 598 sd->csd[13] = 0x20 | /* Max. write data block length */ 599 ((hwblock_shift << 6) & 0xc0); 600 sd->csd[14] = 0x00; /* File format group */ 601 } else { /* SDHC */ 602 size /= 512 * KiB; 603 size -= 1; 604 sd->csd[0] = 0x40; 605 sd->csd[1] = 0x0e; 606 sd->csd[2] = 0x00; 607 sd->csd[3] = 0x32; 608 sd->csd[4] = 0x5b; 609 sd->csd[5] = 0x59; 610 sd->csd[6] = 0x00; 611 st24_be_p(&sd->csd[7], size); 612 sd->csd[10] = 0x7f; 613 sd->csd[11] = 0x80; 614 sd->csd[12] = 0x0a; 615 sd->csd[13] = 0x40; 616 sd->csd[14] = 0x00; 617 } 618 sd->csd[15] = (sd_crc7(sd->csd, 15) << 1) | 1; 619 } 620 621 /* Relative Card Address register */ 622 623 static void sd_set_rca(SDState *sd, uint16_t value) 624 { 625 trace_sdcard_set_rca(value); 626 sd->rca = value; 627 } 628 629 static uint16_t sd_req_get_rca(SDState *s, SDRequest req) 630 { 631 switch (s->proto->cmd[req.cmd].type) { 632 case sd_ac: 633 case sd_adtc: 634 return req.arg >> 16; 635 case sd_spi: 636 default: 637 g_assert_not_reached(); 638 } 639 } 640 641 static bool sd_req_rca_same(SDState *s, SDRequest req) 642 { 643 return sd_req_get_rca(s, req) == s->rca; 644 } 645 646 /* Card Status register */ 647 648 FIELD(CSR, AKE_SEQ_ERROR, 3, 1) 649 FIELD(CSR, APP_CMD, 5, 1) 650 FIELD(CSR, FX_EVENT, 6, 1) 651 FIELD(CSR, SWITCH_ERROR, 7, 1) 652 FIELD(CSR, READY_FOR_DATA, 8, 1) 653 FIELD(CSR, CURRENT_STATE, 9, 4) 654 FIELD(CSR, ERASE_RESET, 13, 1) 655 FIELD(CSR, CARD_ECC_DISABLED, 14, 1) 656 FIELD(CSR, WP_ERASE_SKIP, 15, 1) 657 FIELD(CSR, CSD_OVERWRITE, 16, 1) 658 FIELD(CSR, DEFERRED_RESPONSE, 17, 1) 659 FIELD(CSR, ERROR, 19, 1) 660 FIELD(CSR, CC_ERROR, 20, 1) 661 FIELD(CSR, CARD_ECC_FAILED, 21, 1) 662 FIELD(CSR, ILLEGAL_COMMAND, 22, 1) 663 FIELD(CSR, COM_CRC_ERROR, 23, 1) 664 FIELD(CSR, LOCK_UNLOCK_FAILED, 24, 1) 665 FIELD(CSR, CARD_IS_LOCKED, 25, 1) 666 FIELD(CSR, WP_VIOLATION, 26, 1) 667 FIELD(CSR, ERASE_PARAM, 27, 1) 668 FIELD(CSR, ERASE_SEQ_ERROR, 28, 1) 669 FIELD(CSR, BLOCK_LEN_ERROR, 29, 1) 670 FIELD(CSR, ADDRESS_ERROR, 30, 1) 671 FIELD(CSR, OUT_OF_RANGE, 31, 1) 672 673 /* Card status bits, split by clear condition: 674 * A : According to the card current state 675 * B : Always related to the previous command 676 * C : Cleared by read 677 */ 678 #define CARD_STATUS_A (R_CSR_READY_FOR_DATA_MASK \ 679 | R_CSR_CARD_ECC_DISABLED_MASK \ 680 | R_CSR_CARD_IS_LOCKED_MASK) 681 #define CARD_STATUS_B (R_CSR_CURRENT_STATE_MASK \ 682 | R_CSR_ILLEGAL_COMMAND_MASK \ 683 | R_CSR_COM_CRC_ERROR_MASK) 684 #define CARD_STATUS_C (R_CSR_AKE_SEQ_ERROR_MASK \ 685 | R_CSR_APP_CMD_MASK \ 686 | R_CSR_ERASE_RESET_MASK \ 687 | R_CSR_WP_ERASE_SKIP_MASK \ 688 | R_CSR_CSD_OVERWRITE_MASK \ 689 | R_CSR_ERROR_MASK \ 690 | R_CSR_CC_ERROR_MASK \ 691 | R_CSR_CARD_ECC_FAILED_MASK \ 692 | R_CSR_LOCK_UNLOCK_FAILED_MASK \ 693 | R_CSR_WP_VIOLATION_MASK \ 694 | R_CSR_ERASE_PARAM_MASK \ 695 | R_CSR_ERASE_SEQ_ERROR_MASK \ 696 | R_CSR_BLOCK_LEN_ERROR_MASK \ 697 | R_CSR_ADDRESS_ERROR_MASK \ 698 | R_CSR_OUT_OF_RANGE_MASK) 699 700 static void sd_set_cardstatus(SDState *sd) 701 { 702 sd->card_status = READY_FOR_DATA; 703 } 704 705 static void sd_set_sdstatus(SDState *sd) 706 { 707 memset(sd->sd_status, 0, 64); 708 } 709 710 static const uint8_t sd_tuning_block_pattern4[64] = { 711 /* 712 * See: Physical Layer Simplified Specification Version 3.01, 713 * Table 4-2. 714 */ 715 0xff, 0x0f, 0xff, 0x00, 0x0f, 0xfc, 0xc3, 0xcc, 716 0xc3, 0x3c, 0xcc, 0xff, 0xfe, 0xff, 0xfe, 0xef, 717 0xff, 0xdf, 0xff, 0xdd, 0xff, 0xfb, 0xff, 0xfb, 718 0xbf, 0xff, 0x7f, 0xff, 0x77, 0xf7, 0xbd, 0xef, 719 0xff, 0xf0, 0xff, 0xf0, 0x0f, 0xfc, 0xcc, 0x3c, 720 0xcc, 0x33, 0xcc, 0xcf, 0xff, 0xef, 0xff, 0xee, 721 0xff, 0xfd, 0xff, 0xfd, 0xdf, 0xff, 0xbf, 0xff, 722 0xbb, 0xff, 0xf7, 0xff, 0xf7, 0x7f, 0x7b, 0xde 723 }; 724 725 static int sd_req_crc_validate(SDRequest *req) 726 { 727 uint8_t buffer[5]; 728 buffer[0] = 0x40 | req->cmd; 729 stl_be_p(&buffer[1], req->arg); 730 return 0; 731 return sd_crc7(buffer, 5) != req->crc; /* TODO */ 732 } 733 734 static size_t sd_response_size(SDState *sd, sd_rsp_type_t rtype) 735 { 736 switch (rtype) { 737 case sd_r1: 738 case sd_r1b: 739 return sd_is_spi(sd) ? 1 : 4; 740 741 case spi_r2: 742 assert(sd_is_spi(sd)); 743 return 2; 744 745 case sd_r2_i: 746 case sd_r2_s: 747 assert(!sd_is_spi(sd)); 748 return 16; 749 750 case sd_r3: 751 case sd_r7: 752 return sd_is_spi(sd) ? 5 : 4; 753 754 case sd_r6: 755 assert(!sd_is_spi(sd)); 756 return 4; 757 758 case sd_r0: 759 case sd_illegal: 760 return sd_is_spi(sd) ? 1 : 0; 761 762 default: 763 g_assert_not_reached(); 764 } 765 } 766 767 static void sd_response_r1_make(SDState *sd, uint8_t *response) 768 { 769 if (sd_is_spi(sd)) { 770 response[0] = sd->state == sd_idle_state 771 && !FIELD_EX32(sd->ocr, OCR, CARD_POWER_UP); 772 response[0] |= FIELD_EX32(sd->card_status, CSR, ERASE_RESET) << 1; 773 response[0] |= FIELD_EX32(sd->card_status, CSR, ILLEGAL_COMMAND) << 2; 774 response[0] |= FIELD_EX32(sd->card_status, CSR, COM_CRC_ERROR) << 3; 775 response[0] |= FIELD_EX32(sd->card_status, CSR, ERASE_SEQ_ERROR) << 4; 776 response[0] |= FIELD_EX32(sd->card_status, CSR, ADDRESS_ERROR) << 5; 777 response[0] |= FIELD_EX32(sd->card_status, CSR, BLOCK_LEN_ERROR) << 6; 778 response[0] |= 0 << 7; 779 } else { 780 stl_be_p(response, sd->card_status); 781 } 782 783 /* Clear the "clear on read" status bits */ 784 sd->card_status &= ~CARD_STATUS_C; 785 } 786 787 static void spi_response_r2_make(SDState *sd, uint8_t *resp) 788 { 789 /* Prepend R1 */ 790 sd_response_r1_make(sd, resp); 791 792 resp[1] = FIELD_EX32(sd->card_status, CSR, CARD_IS_LOCKED) << 0; 793 resp[1] |= (FIELD_EX32(sd->card_status, CSR, LOCK_UNLOCK_FAILED) 794 || FIELD_EX32(sd->card_status, CSR, WP_ERASE_SKIP)) << 1; 795 resp[1] |= FIELD_EX32(sd->card_status, CSR, ERROR) << 2; 796 resp[1] |= FIELD_EX32(sd->card_status, CSR, CC_ERROR) << 3; 797 resp[1] |= FIELD_EX32(sd->card_status, CSR, CARD_ECC_FAILED) << 4; 798 resp[1] |= FIELD_EX32(sd->card_status, CSR, WP_VIOLATION) << 5; 799 resp[1] |= FIELD_EX32(sd->card_status, CSR, ERASE_PARAM) << 6; 800 resp[1] |= FIELD_EX32(sd->card_status, CSR, OUT_OF_RANGE) << 7; 801 } 802 803 static void sd_response_r3_make(SDState *sd, uint8_t *response) 804 { 805 if (sd_is_spi(sd)) { 806 /* Prepend R1 */ 807 sd_response_r1_make(sd, response); 808 response++; 809 } 810 stl_be_p(response, sd->ocr & ACMD41_R3_MASK); 811 } 812 813 static void sd_response_r6_make(SDState *sd, uint8_t *response) 814 { 815 uint16_t status; 816 817 status = ((sd->card_status >> 8) & 0xc000) | 818 ((sd->card_status >> 6) & 0x2000) | 819 (sd->card_status & 0x1fff); 820 sd->card_status &= ~(CARD_STATUS_C & 0xc81fff); 821 stw_be_p(response + 0, sd->rca); 822 stw_be_p(response + 2, status); 823 } 824 825 static void sd_response_r7_make(SDState *sd, uint8_t *response) 826 { 827 if (sd_is_spi(sd)) { 828 /* Prepend R1 */ 829 sd_response_r1_make(sd, response); 830 response++; 831 } 832 stl_be_p(response, sd->vhs); 833 } 834 835 static uint32_t sd_blk_len(SDState *sd) 836 { 837 if (FIELD_EX32(sd->ocr, OCR, CARD_CAPACITY)) { 838 return 1 << HWBLOCK_SHIFT; 839 } 840 return sd->blk_len; 841 } 842 843 /* 844 * This requires a disk image that has two boot partitions inserted at the 845 * beginning of it. The size of the boot partitions is the "boot-size" 846 * property. 847 */ 848 static uint32_t sd_bootpart_offset(SDState *sd) 849 { 850 unsigned partition_access; 851 852 if (!sd->boot_part_size || !sd_is_emmc(sd)) { 853 return 0; 854 } 855 856 partition_access = sd->ext_csd[EXT_CSD_PART_CONFIG] 857 & EXT_CSD_PART_CONFIG_ACC_MASK; 858 switch (partition_access) { 859 case EXT_CSD_PART_CONFIG_ACC_DEFAULT: 860 return sd->boot_part_size * 2; 861 case EXT_CSD_PART_CONFIG_ACC_BOOT0: 862 return 0; 863 case EXT_CSD_PART_CONFIG_ACC_BOOT0 + 1: 864 return sd->boot_part_size * 1; 865 default: 866 g_assert_not_reached(); 867 } 868 } 869 870 static uint64_t sd_req_get_address(SDState *sd, SDRequest req) 871 { 872 uint64_t addr; 873 874 if (FIELD_EX32(sd->ocr, OCR, CARD_CAPACITY)) { 875 addr = (uint64_t) req.arg << HWBLOCK_SHIFT; 876 } else { 877 addr = req.arg; 878 } 879 trace_sdcard_req_addr(req.arg, addr); 880 return addr; 881 } 882 883 static inline uint64_t sd_addr_to_wpnum(uint64_t addr) 884 { 885 return addr >> (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT); 886 } 887 888 static void sd_reset(DeviceState *dev) 889 { 890 SDState *sd = SDMMC_COMMON(dev); 891 SDCardClass *sc = SDMMC_COMMON_GET_CLASS(sd); 892 uint64_t size; 893 uint64_t sect; 894 895 trace_sdcard_reset(); 896 if (sd->blk) { 897 blk_get_geometry(sd->blk, §); 898 } else { 899 sect = 0; 900 } 901 size = sect << HWBLOCK_SHIFT; 902 if (sd_is_emmc(sd)) { 903 size -= sd->boot_part_size * 2; 904 } 905 906 sect = sd_addr_to_wpnum(size) + 1; 907 908 sd->state = sd_idle_state; 909 910 /* card registers */ 911 sd->rca = sd_is_emmc(sd) ? 0x0001 : 0x0000; 912 sd->size = size; 913 sd_set_ocr(sd); 914 sd_set_scr(sd); 915 sc->set_cid(sd); 916 sc->set_csd(sd, size); 917 sd_set_cardstatus(sd); 918 sd_set_sdstatus(sd); 919 920 g_free(sd->wp_group_bmap); 921 sd->wp_switch = sd->blk ? !blk_is_writable(sd->blk) : false; 922 sd->wp_group_bits = sect; 923 sd->wp_group_bmap = bitmap_new(sd->wp_group_bits); 924 memset(sd->function_group, 0, sizeof(sd->function_group)); 925 sd->erase_start = INVALID_ADDRESS; 926 sd->erase_end = INVALID_ADDRESS; 927 sd->blk_len = 0x200; 928 sd->pwd_len = 0; 929 sd->expecting_acmd = false; 930 sd->dat_lines = 0xf; 931 sd->cmd_line = true; 932 sd->multi_blk_cnt = 0; 933 } 934 935 static bool sd_get_inserted(SDState *sd) 936 { 937 return sd->blk && blk_is_inserted(sd->blk); 938 } 939 940 static bool sd_get_readonly(SDState *sd) 941 { 942 return sd->wp_switch; 943 } 944 945 static void sd_cardchange(void *opaque, bool load, Error **errp) 946 { 947 SDState *sd = opaque; 948 DeviceState *dev = DEVICE(sd); 949 SDBus *sdbus; 950 bool inserted = sd_get_inserted(sd); 951 bool readonly = sd_get_readonly(sd); 952 953 if (inserted) { 954 trace_sdcard_inserted(readonly); 955 sd_reset(dev); 956 } else { 957 trace_sdcard_ejected(); 958 } 959 960 sdbus = SD_BUS(qdev_get_parent_bus(dev)); 961 sdbus_set_inserted(sdbus, inserted); 962 if (inserted) { 963 sdbus_set_readonly(sdbus, readonly); 964 } 965 } 966 967 static const BlockDevOps sd_block_ops = { 968 .change_media_cb = sd_cardchange, 969 }; 970 971 static bool sd_ocr_vmstate_needed(void *opaque) 972 { 973 SDState *sd = opaque; 974 975 /* Include the OCR state (and timer) if it is not yet powered up */ 976 return !FIELD_EX32(sd->ocr, OCR, CARD_POWER_UP); 977 } 978 979 static const VMStateDescription sd_ocr_vmstate = { 980 .name = "sd-card/ocr-state", 981 .version_id = 1, 982 .minimum_version_id = 1, 983 .needed = sd_ocr_vmstate_needed, 984 .fields = (const VMStateField[]) { 985 VMSTATE_UINT32(ocr, SDState), 986 VMSTATE_TIMER_PTR(ocr_power_timer, SDState), 987 VMSTATE_END_OF_LIST() 988 }, 989 }; 990 991 static bool vmstate_needed_for_emmc(void *opaque) 992 { 993 SDState *sd = opaque; 994 995 return sd_is_emmc(sd); 996 } 997 998 static const VMStateDescription emmc_extcsd_vmstate = { 999 .name = "sd-card/ext_csd_modes-state", 1000 .version_id = 1, 1001 .minimum_version_id = 1, 1002 .needed = vmstate_needed_for_emmc, 1003 .fields = (const VMStateField[]) { 1004 VMSTATE_UINT8_ARRAY(ext_csd_rw, SDState, 192), 1005 VMSTATE_END_OF_LIST() 1006 }, 1007 }; 1008 1009 static int sd_vmstate_pre_load(void *opaque) 1010 { 1011 SDState *sd = opaque; 1012 1013 /* If the OCR state is not included (prior versions, or not 1014 * needed), then the OCR must be set as powered up. If the OCR state 1015 * is included, this will be replaced by the state restore. 1016 */ 1017 sd_ocr_powerup(sd); 1018 1019 return 0; 1020 } 1021 1022 static const VMStateDescription sd_vmstate = { 1023 .name = "sd-card", 1024 .version_id = 2, 1025 .minimum_version_id = 2, 1026 .pre_load = sd_vmstate_pre_load, 1027 .fields = (const VMStateField[]) { 1028 VMSTATE_UINT32(mode, SDState), 1029 VMSTATE_INT32(state, SDState), 1030 VMSTATE_UINT8_ARRAY(cid, SDState, 16), 1031 VMSTATE_UINT8_ARRAY(csd, SDState, 16), 1032 VMSTATE_UINT16(rca, SDState), 1033 VMSTATE_UINT32(card_status, SDState), 1034 VMSTATE_PARTIAL_BUFFER(sd_status, SDState, 1), 1035 VMSTATE_UINT32(vhs, SDState), 1036 VMSTATE_BITMAP(wp_group_bmap, SDState, 0, wp_group_bits), 1037 VMSTATE_UINT32(blk_len, SDState), 1038 VMSTATE_UINT32(multi_blk_cnt, SDState), 1039 VMSTATE_UINT32(erase_start, SDState), 1040 VMSTATE_UINT32(erase_end, SDState), 1041 VMSTATE_UINT8_ARRAY(pwd, SDState, 16), 1042 VMSTATE_UINT32(pwd_len, SDState), 1043 VMSTATE_UINT8_ARRAY(function_group, SDState, 6), 1044 VMSTATE_UINT8(current_cmd, SDState), 1045 VMSTATE_BOOL(expecting_acmd, SDState), 1046 VMSTATE_UINT32(blk_written, SDState), 1047 VMSTATE_UINT64(data_start, SDState), 1048 VMSTATE_UINT32(data_offset, SDState), 1049 VMSTATE_UINT8_ARRAY(data, SDState, 512), 1050 VMSTATE_UNUSED_V(1, 512), 1051 VMSTATE_UNUSED(1), 1052 VMSTATE_END_OF_LIST() 1053 }, 1054 .subsections = (const VMStateDescription * const []) { 1055 &sd_ocr_vmstate, 1056 &emmc_extcsd_vmstate, 1057 NULL 1058 }, 1059 }; 1060 1061 static void sd_blk_read(SDState *sd, uint64_t addr, uint32_t len) 1062 { 1063 trace_sdcard_read_block(addr, len); 1064 addr += sd_bootpart_offset(sd); 1065 if (!sd->blk || blk_pread(sd->blk, addr, len, sd->data, 0) < 0) { 1066 fprintf(stderr, "sd_blk_read: read error on host side\n"); 1067 } 1068 } 1069 1070 static void sd_blk_write(SDState *sd, uint64_t addr, uint32_t len) 1071 { 1072 trace_sdcard_write_block(addr, len); 1073 addr += sd_bootpart_offset(sd); 1074 if (!sd->blk || blk_pwrite(sd->blk, addr, len, sd->data, 0) < 0) { 1075 fprintf(stderr, "sd_blk_write: write error on host side\n"); 1076 } 1077 } 1078 1079 static void sd_erase(SDState *sd) 1080 { 1081 uint64_t erase_start = sd->erase_start; 1082 uint64_t erase_end = sd->erase_end; 1083 bool sdsc = true; 1084 uint64_t wpnum; 1085 uint64_t erase_addr; 1086 int erase_len = 1 << HWBLOCK_SHIFT; 1087 1088 trace_sdcard_erase(sd->erase_start, sd->erase_end); 1089 if (sd->erase_start == INVALID_ADDRESS 1090 || sd->erase_end == INVALID_ADDRESS) { 1091 sd->card_status |= ERASE_SEQ_ERROR; 1092 sd->erase_start = INVALID_ADDRESS; 1093 sd->erase_end = INVALID_ADDRESS; 1094 return; 1095 } 1096 1097 if (FIELD_EX32(sd->ocr, OCR, CARD_CAPACITY)) { 1098 /* High capacity memory card: erase units are 512 byte blocks */ 1099 erase_start <<= HWBLOCK_SHIFT; 1100 erase_end <<= HWBLOCK_SHIFT; 1101 sdsc = false; 1102 } 1103 1104 if (erase_start > sd->size || erase_end > sd->size) { 1105 sd->card_status |= OUT_OF_RANGE; 1106 sd->erase_start = INVALID_ADDRESS; 1107 sd->erase_end = INVALID_ADDRESS; 1108 return; 1109 } 1110 1111 sd->erase_start = INVALID_ADDRESS; 1112 sd->erase_end = INVALID_ADDRESS; 1113 sd->csd[14] |= 0x40; 1114 1115 memset(sd->data, 0xff, erase_len); 1116 for (erase_addr = erase_start; erase_addr <= erase_end; 1117 erase_addr += erase_len) { 1118 if (sdsc) { 1119 /* Only SDSC cards support write protect groups */ 1120 wpnum = sd_addr_to_wpnum(erase_addr); 1121 assert(wpnum < sd->wp_group_bits); 1122 if (test_bit(wpnum, sd->wp_group_bmap)) { 1123 sd->card_status |= WP_ERASE_SKIP; 1124 continue; 1125 } 1126 } 1127 sd_blk_write(sd, erase_addr, erase_len); 1128 } 1129 } 1130 1131 static uint32_t sd_wpbits(SDState *sd, uint64_t addr) 1132 { 1133 uint32_t i, wpnum; 1134 uint32_t ret = 0; 1135 1136 wpnum = sd_addr_to_wpnum(addr); 1137 1138 for (i = 0; i < 32; i++, wpnum++, addr += WPGROUP_SIZE) { 1139 if (addr >= sd->size) { 1140 /* 1141 * If the addresses of the last groups are outside the valid range, 1142 * then the corresponding write protection bits shall be set to 0. 1143 */ 1144 continue; 1145 } 1146 assert(wpnum < sd->wp_group_bits); 1147 if (test_bit(wpnum, sd->wp_group_bmap)) { 1148 ret |= (1 << i); 1149 } 1150 } 1151 1152 return ret; 1153 } 1154 1155 enum ExtCsdAccessMode { 1156 EXT_CSD_ACCESS_MODE_COMMAND_SET = 0, 1157 EXT_CSD_ACCESS_MODE_SET_BITS = 1, 1158 EXT_CSD_ACCESS_MODE_CLEAR_BITS = 2, 1159 EXT_CSD_ACCESS_MODE_WRITE_BYTE = 3 1160 }; 1161 1162 static void emmc_function_switch(SDState *sd, uint32_t arg) 1163 { 1164 uint8_t access = extract32(arg, 24, 2); 1165 uint8_t index = extract32(arg, 16, 8); 1166 uint8_t value = extract32(arg, 8, 8); 1167 uint8_t b = sd->ext_csd[index]; 1168 1169 trace_sdcard_switch(access, index, value, extract32(arg, 0, 2)); 1170 1171 if (index >= 192) { 1172 qemu_log_mask(LOG_GUEST_ERROR, "MMC switching illegal offset\n"); 1173 sd->card_status |= R_CSR_SWITCH_ERROR_MASK; 1174 return; 1175 } 1176 1177 switch (access) { 1178 case EXT_CSD_ACCESS_MODE_COMMAND_SET: 1179 qemu_log_mask(LOG_UNIMP, "MMC Command set switching not supported\n"); 1180 return; 1181 case EXT_CSD_ACCESS_MODE_SET_BITS: 1182 b |= value; 1183 break; 1184 case EXT_CSD_ACCESS_MODE_CLEAR_BITS: 1185 b &= ~value; 1186 break; 1187 case EXT_CSD_ACCESS_MODE_WRITE_BYTE: 1188 b = value; 1189 break; 1190 } 1191 1192 trace_sdcard_ext_csd_update(index, sd->ext_csd[index], b); 1193 sd->ext_csd[index] = b; 1194 } 1195 1196 static void sd_function_switch(SDState *sd, uint32_t arg) 1197 { 1198 int i, mode, new_func; 1199 mode = !!(arg & 0x80000000); 1200 1201 sd->data[0] = 0x00; /* Maximum current consumption */ 1202 sd->data[1] = 0x01; 1203 sd->data[2] = 0x80; /* Supported group 6 functions */ 1204 sd->data[3] = 0x01; 1205 sd->data[4] = 0x80; /* Supported group 5 functions */ 1206 sd->data[5] = 0x01; 1207 sd->data[6] = 0x80; /* Supported group 4 functions */ 1208 sd->data[7] = 0x01; 1209 sd->data[8] = 0x80; /* Supported group 3 functions */ 1210 sd->data[9] = 0x01; 1211 sd->data[10] = 0x80; /* Supported group 2 functions */ 1212 sd->data[11] = 0x43; 1213 sd->data[12] = 0x80; /* Supported group 1 functions */ 1214 sd->data[13] = 0x03; 1215 1216 memset(&sd->data[14], 0, 3); 1217 for (i = 0; i < 6; i ++) { 1218 new_func = (arg >> (i * 4)) & 0x0f; 1219 if (mode && new_func != 0x0f) 1220 sd->function_group[i] = new_func; 1221 sd->data[16 - (i >> 1)] |= new_func << ((i % 2) * 4); 1222 } 1223 memset(&sd->data[17], 0, 47); 1224 } 1225 1226 static inline bool sd_wp_addr(SDState *sd, uint64_t addr) 1227 { 1228 return test_bit(sd_addr_to_wpnum(addr), sd->wp_group_bmap); 1229 } 1230 1231 static void sd_lock_command(SDState *sd) 1232 { 1233 int erase, lock, clr_pwd, set_pwd, pwd_len; 1234 erase = !!(sd->data[0] & 0x08); 1235 lock = sd->data[0] & 0x04; 1236 clr_pwd = sd->data[0] & 0x02; 1237 set_pwd = sd->data[0] & 0x01; 1238 1239 if (sd->blk_len > 1) 1240 pwd_len = sd->data[1]; 1241 else 1242 pwd_len = 0; 1243 1244 if (lock) { 1245 trace_sdcard_lock(); 1246 } else { 1247 trace_sdcard_unlock(); 1248 } 1249 if (erase) { 1250 if (!(sd->card_status & CARD_IS_LOCKED) || sd->blk_len > 1 || 1251 set_pwd || clr_pwd || lock || sd->wp_switch || 1252 (sd->csd[14] & 0x20)) { 1253 sd->card_status |= LOCK_UNLOCK_FAILED; 1254 return; 1255 } 1256 bitmap_zero(sd->wp_group_bmap, sd->wp_group_bits); 1257 sd->csd[14] &= ~0x10; 1258 sd->card_status &= ~CARD_IS_LOCKED; 1259 sd->pwd_len = 0; 1260 /* Erasing the entire card here! */ 1261 fprintf(stderr, "SD: Card force-erased by CMD42\n"); 1262 return; 1263 } 1264 1265 if (sd->blk_len < 2 + pwd_len || 1266 pwd_len <= sd->pwd_len || 1267 pwd_len > sd->pwd_len + 16) { 1268 sd->card_status |= LOCK_UNLOCK_FAILED; 1269 return; 1270 } 1271 1272 if (sd->pwd_len && memcmp(sd->pwd, sd->data + 2, sd->pwd_len)) { 1273 sd->card_status |= LOCK_UNLOCK_FAILED; 1274 return; 1275 } 1276 1277 pwd_len -= sd->pwd_len; 1278 if ((pwd_len && !set_pwd) || 1279 (clr_pwd && (set_pwd || lock)) || 1280 (lock && !sd->pwd_len && !set_pwd) || 1281 (!set_pwd && !clr_pwd && 1282 (((sd->card_status & CARD_IS_LOCKED) && lock) || 1283 (!(sd->card_status & CARD_IS_LOCKED) && !lock)))) { 1284 sd->card_status |= LOCK_UNLOCK_FAILED; 1285 return; 1286 } 1287 1288 if (set_pwd) { 1289 memcpy(sd->pwd, sd->data + 2 + sd->pwd_len, pwd_len); 1290 sd->pwd_len = pwd_len; 1291 } 1292 1293 if (clr_pwd) { 1294 sd->pwd_len = 0; 1295 } 1296 1297 if (lock) 1298 sd->card_status |= CARD_IS_LOCKED; 1299 else 1300 sd->card_status &= ~CARD_IS_LOCKED; 1301 } 1302 1303 static bool address_in_range(SDState *sd, const char *desc, 1304 uint64_t addr, uint32_t length) 1305 { 1306 if (addr + length > sd->size) { 1307 qemu_log_mask(LOG_GUEST_ERROR, 1308 "%s offset %"PRIu64" > card %"PRIu64" [%%%u]\n", 1309 desc, addr, sd->size, length); 1310 sd->card_status |= ADDRESS_ERROR; 1311 return false; 1312 } 1313 return true; 1314 } 1315 1316 static sd_rsp_type_t sd_invalid_state_for_cmd(SDState *sd, SDRequest req) 1317 { 1318 qemu_log_mask(LOG_GUEST_ERROR, "%s: CMD%i in a wrong state: %s (spec %s)\n", 1319 sd->proto->name, req.cmd, sd_state_name(sd->state), 1320 sd_version_str(sd->spec_version)); 1321 1322 return sd_illegal; 1323 } 1324 1325 static sd_rsp_type_t sd_invalid_mode_for_cmd(SDState *sd, SDRequest req) 1326 { 1327 qemu_log_mask(LOG_GUEST_ERROR, "%s: CMD%i in a wrong mode: %s (spec %s)\n", 1328 sd->proto->name, req.cmd, sd_mode_name(sd->mode), 1329 sd_version_str(sd->spec_version)); 1330 1331 return sd_illegal; 1332 } 1333 1334 static sd_rsp_type_t sd_cmd_illegal(SDState *sd, SDRequest req) 1335 { 1336 qemu_log_mask(LOG_GUEST_ERROR, "%s: Unknown CMD%i for spec %s\n", 1337 sd->proto->name, req.cmd, 1338 sd_version_str(sd->spec_version)); 1339 1340 return sd_illegal; 1341 } 1342 1343 /* Commands that are recognised but not yet implemented. */ 1344 static sd_rsp_type_t sd_cmd_unimplemented(SDState *sd, SDRequest req) 1345 { 1346 qemu_log_mask(LOG_UNIMP, "%s: CMD%i not implemented\n", 1347 sd->proto->name, req.cmd); 1348 1349 return sd_illegal; 1350 } 1351 1352 static sd_rsp_type_t sd_cmd_optional(SDState *sd, SDRequest req) 1353 { 1354 qemu_log_mask(LOG_UNIMP, "%s: Optional CMD%i not implemented\n", 1355 sd->proto->name, req.cmd); 1356 1357 return sd_illegal; 1358 } 1359 1360 /* Configure fields for following sd_generic_write_byte() calls */ 1361 static sd_rsp_type_t sd_cmd_to_receivingdata(SDState *sd, SDRequest req, 1362 uint64_t start, size_t size) 1363 { 1364 if (sd->state != sd_transfer_state) { 1365 return sd_invalid_state_for_cmd(sd, req); 1366 } 1367 sd->state = sd_receivingdata_state; 1368 sd->data_start = start; 1369 sd->data_offset = 0; 1370 /* sd->data[] used as receive buffer */ 1371 sd->data_size = size ?: sizeof(sd->data); 1372 return sd_r1; 1373 } 1374 1375 /* Configure fields for following sd_generic_read_byte() calls */ 1376 static sd_rsp_type_t sd_cmd_to_sendingdata(SDState *sd, SDRequest req, 1377 uint64_t start, 1378 const void *data, size_t size) 1379 { 1380 if (sd->state != sd_transfer_state) { 1381 return sd_invalid_state_for_cmd(sd, req); 1382 } 1383 1384 sd->state = sd_sendingdata_state; 1385 sd->data_start = start; 1386 sd->data_offset = 0; 1387 if (data) { 1388 assert(size > 0 && size <= sizeof(sd->data)); 1389 memcpy(sd->data, data, size); 1390 } 1391 if (size) { 1392 sd->data_size = size; 1393 } 1394 return sd_r1; 1395 } 1396 1397 /* CMD0 */ 1398 static sd_rsp_type_t sd_cmd_GO_IDLE_STATE(SDState *sd, SDRequest req) 1399 { 1400 if (sd->state == sd_sleep_state) { 1401 switch (req.arg) { 1402 case 0x00000000: 1403 case 0xf0f0f0f0: 1404 break; 1405 default: 1406 return sd_r0; 1407 } 1408 } 1409 if (sd->state != sd_inactive_state) { 1410 sd->state = sd_idle_state; 1411 sd_reset(DEVICE(sd)); 1412 } 1413 1414 return sd_is_spi(sd) ? sd_r1 : sd_r0; 1415 } 1416 1417 /* CMD2 */ 1418 static sd_rsp_type_t sd_cmd_ALL_SEND_CID(SDState *sd, SDRequest req) 1419 { 1420 switch (sd->state) { 1421 case sd_ready_state: 1422 sd->state = sd_identification_state; 1423 return sd_r2_i; 1424 default: 1425 return sd_invalid_state_for_cmd(sd, req); 1426 } 1427 } 1428 1429 /* CMD3 */ 1430 static sd_rsp_type_t sd_cmd_SEND_RELATIVE_ADDR(SDState *sd, SDRequest req) 1431 { 1432 uint16_t random_rca; 1433 1434 switch (sd->state) { 1435 case sd_identification_state: 1436 case sd_standby_state: 1437 sd->state = sd_standby_state; 1438 qemu_guest_getrandom_nofail(&random_rca, sizeof(random_rca)); 1439 sd_set_rca(sd, random_rca); 1440 return sd_r6; 1441 1442 default: 1443 return sd_invalid_state_for_cmd(sd, req); 1444 } 1445 } 1446 1447 static sd_rsp_type_t emmc_cmd_SET_RELATIVE_ADDR(SDState *sd, SDRequest req) 1448 { 1449 switch (sd->state) { 1450 case sd_identification_state: 1451 case sd_standby_state: 1452 sd->state = sd_standby_state; 1453 sd_set_rca(sd, req.arg >> 16); 1454 return sd_r1; 1455 1456 default: 1457 return sd_invalid_state_for_cmd(sd, req); 1458 } 1459 } 1460 1461 /* CMD5 */ 1462 static sd_rsp_type_t emmc_cmd_sleep_awake(SDState *sd, SDRequest req) 1463 { 1464 bool do_sleep = extract32(req.arg, 15, 1); 1465 1466 switch (sd->state) { 1467 case sd_sleep_state: 1468 if (!do_sleep) { 1469 /* Awake */ 1470 sd->state = sd_standby_state; 1471 } 1472 return sd_r1b; 1473 1474 case sd_standby_state: 1475 if (do_sleep) { 1476 sd->state = sd_sleep_state; 1477 } 1478 return sd_r1b; 1479 1480 default: 1481 return sd_invalid_state_for_cmd(sd, req); 1482 } 1483 } 1484 1485 /* CMD6 */ 1486 static sd_rsp_type_t sd_cmd_SWITCH_FUNCTION(SDState *sd, SDRequest req) 1487 { 1488 if (sd->mode != sd_data_transfer_mode) { 1489 return sd_invalid_mode_for_cmd(sd, req); 1490 } 1491 if (sd->state != sd_transfer_state) { 1492 return sd_invalid_state_for_cmd(sd, req); 1493 } 1494 1495 sd_function_switch(sd, req.arg); 1496 return sd_cmd_to_sendingdata(sd, req, 0, NULL, 64); 1497 } 1498 1499 static sd_rsp_type_t emmc_cmd_SWITCH(SDState *sd, SDRequest req) 1500 { 1501 switch (sd->state) { 1502 case sd_transfer_state: 1503 sd->state = sd_programming_state; 1504 emmc_function_switch(sd, req.arg); 1505 sd->state = sd_transfer_state; 1506 return sd_r1b; 1507 default: 1508 return sd_invalid_state_for_cmd(sd, req); 1509 } 1510 } 1511 1512 /* CMD7 */ 1513 static sd_rsp_type_t sd_cmd_DE_SELECT_CARD(SDState *sd, SDRequest req) 1514 { 1515 bool same_rca = sd_req_rca_same(sd, req); 1516 1517 switch (sd->state) { 1518 case sd_standby_state: 1519 if (!same_rca) { 1520 return sd_r0; 1521 } 1522 sd->state = sd_transfer_state; 1523 return sd_r1b; 1524 1525 case sd_transfer_state: 1526 case sd_sendingdata_state: 1527 if (same_rca) { 1528 break; 1529 } 1530 sd->state = sd_standby_state; 1531 return sd_r1b; 1532 1533 case sd_disconnect_state: 1534 if (!same_rca) { 1535 return sd_r0; 1536 } 1537 sd->state = sd_programming_state; 1538 return sd_r1b; 1539 1540 case sd_programming_state: 1541 if (same_rca) { 1542 break; 1543 } 1544 sd->state = sd_disconnect_state; 1545 return sd_r1b; 1546 1547 default: 1548 break; 1549 } 1550 return sd_invalid_state_for_cmd(sd, req); 1551 } 1552 1553 /* CMD8 */ 1554 static sd_rsp_type_t sd_cmd_SEND_IF_COND(SDState *sd, SDRequest req) 1555 { 1556 if (sd->spec_version < SD_PHY_SPECv2_00_VERS) { 1557 return sd_cmd_illegal(sd, req); 1558 } 1559 if (sd->state != sd_idle_state) { 1560 return sd_invalid_state_for_cmd(sd, req); 1561 } 1562 sd->vhs = 0; 1563 1564 /* No response if not exactly one VHS bit is set. */ 1565 if (!(req.arg >> 8) || (req.arg >> (ctz32(req.arg & ~0xff) + 1))) { 1566 return sd_is_spi(sd) ? sd_r7 : sd_r0; 1567 } 1568 1569 /* Accept. */ 1570 sd->vhs = req.arg; 1571 return sd_r7; 1572 } 1573 1574 /* CMD8 */ 1575 static sd_rsp_type_t emmc_cmd_SEND_EXT_CSD(SDState *sd, SDRequest req) 1576 { 1577 if (sd->state != sd_transfer_state) { 1578 return sd_invalid_state_for_cmd(sd, req); 1579 } 1580 1581 return sd_cmd_to_sendingdata(sd, req, sd_req_get_address(sd, req), 1582 sd->ext_csd, sizeof(sd->ext_csd)); 1583 } 1584 1585 /* CMD9 */ 1586 static sd_rsp_type_t spi_cmd_SEND_CSD(SDState *sd, SDRequest req) 1587 { 1588 if (sd->state != sd_standby_state) { 1589 return sd_invalid_state_for_cmd(sd, req); 1590 } 1591 return sd_cmd_to_sendingdata(sd, req, sd_req_get_address(sd, req), 1592 sd->csd, 16); 1593 } 1594 1595 static sd_rsp_type_t sd_cmd_SEND_CSD(SDState *sd, SDRequest req) 1596 { 1597 if (sd->state != sd_standby_state) { 1598 return sd_invalid_state_for_cmd(sd, req); 1599 } 1600 1601 return sd_req_rca_same(sd, req) ? sd_r2_s : sd_r0; 1602 } 1603 1604 /* CMD10 */ 1605 static sd_rsp_type_t spi_cmd_SEND_CID(SDState *sd, SDRequest req) 1606 { 1607 if (sd->state != sd_standby_state) { 1608 return sd_invalid_state_for_cmd(sd, req); 1609 } 1610 return sd_cmd_to_sendingdata(sd, req, sd_req_get_address(sd, req), 1611 sd->cid, 16); 1612 } 1613 1614 static sd_rsp_type_t sd_cmd_SEND_CID(SDState *sd, SDRequest req) 1615 { 1616 if (sd->state != sd_standby_state) { 1617 return sd_invalid_state_for_cmd(sd, req); 1618 } 1619 1620 return sd_req_rca_same(sd, req) ? sd_r2_i : sd_r0; 1621 } 1622 1623 /* CMD12 */ 1624 static sd_rsp_type_t sd_cmd_STOP_TRANSMISSION(SDState *sd, SDRequest req) 1625 { 1626 switch (sd->state) { 1627 case sd_sendingdata_state: 1628 sd->state = sd_transfer_state; 1629 return sd_r1b; 1630 case sd_receivingdata_state: 1631 sd->state = sd_programming_state; 1632 /* Bzzzzzzztt .... Operation complete. */ 1633 sd->state = sd_transfer_state; 1634 return sd_r1; 1635 default: 1636 return sd_invalid_state_for_cmd(sd, req); 1637 } 1638 } 1639 1640 /* CMD13 */ 1641 static sd_rsp_type_t sd_cmd_SEND_STATUS(SDState *sd, SDRequest req) 1642 { 1643 if (sd->mode != sd_data_transfer_mode) { 1644 return sd_invalid_mode_for_cmd(sd, req); 1645 } 1646 1647 switch (sd->state) { 1648 case sd_standby_state: 1649 case sd_transfer_state: 1650 case sd_sendingdata_state: 1651 case sd_receivingdata_state: 1652 case sd_programming_state: 1653 case sd_disconnect_state: 1654 break; 1655 default: 1656 return sd_invalid_state_for_cmd(sd, req); 1657 } 1658 1659 if (sd_is_spi(sd)) { 1660 return spi_r2; 1661 } 1662 1663 return sd_req_rca_same(sd, req) ? sd_r1 : sd_r0; 1664 } 1665 1666 /* CMD15 */ 1667 static sd_rsp_type_t sd_cmd_GO_INACTIVE_STATE(SDState *sd, SDRequest req) 1668 { 1669 if (sd->mode != sd_data_transfer_mode) { 1670 return sd_invalid_mode_for_cmd(sd, req); 1671 } 1672 switch (sd->state) { 1673 case sd_standby_state: 1674 case sd_transfer_state: 1675 case sd_sendingdata_state: 1676 case sd_receivingdata_state: 1677 case sd_programming_state: 1678 case sd_disconnect_state: 1679 break; 1680 default: 1681 return sd_invalid_state_for_cmd(sd, req); 1682 } 1683 if (sd_req_rca_same(sd, req)) { 1684 sd->state = sd_inactive_state; 1685 } 1686 1687 return sd_r0; 1688 } 1689 1690 /* CMD16 */ 1691 static sd_rsp_type_t sd_cmd_SET_BLOCKLEN(SDState *sd, SDRequest req) 1692 { 1693 if (sd->state != sd_transfer_state) { 1694 return sd_invalid_state_for_cmd(sd, req); 1695 } 1696 if (req.arg > (1 << HWBLOCK_SHIFT)) { 1697 sd->card_status |= BLOCK_LEN_ERROR; 1698 } else { 1699 trace_sdcard_set_blocklen(req.arg); 1700 sd->blk_len = req.arg; 1701 } 1702 1703 return sd_r1; 1704 } 1705 1706 /* CMD17 */ 1707 static sd_rsp_type_t sd_cmd_READ_SINGLE_BLOCK(SDState *sd, SDRequest req) 1708 { 1709 uint64_t addr; 1710 1711 if (sd->state != sd_transfer_state) { 1712 return sd_invalid_state_for_cmd(sd, req); 1713 } 1714 1715 addr = sd_req_get_address(sd, req); 1716 if (!address_in_range(sd, "READ_SINGLE_BLOCK", addr, sd->blk_len)) { 1717 return sd_r1; 1718 } 1719 1720 sd_blk_read(sd, addr, sd->blk_len); 1721 return sd_cmd_to_sendingdata(sd, req, addr, NULL, sd->blk_len); 1722 } 1723 1724 /* CMD19 */ 1725 static sd_rsp_type_t sd_cmd_SEND_TUNING_BLOCK(SDState *sd, SDRequest req) 1726 { 1727 if (sd->spec_version < SD_PHY_SPECv3_01_VERS) { 1728 return sd_cmd_illegal(sd, req); 1729 } 1730 1731 return sd_cmd_to_sendingdata(sd, req, 0, 1732 sd_tuning_block_pattern4, 1733 sizeof(sd_tuning_block_pattern4)); 1734 } 1735 1736 /* CMD23 */ 1737 static sd_rsp_type_t sd_cmd_SET_BLOCK_COUNT(SDState *sd, SDRequest req) 1738 { 1739 if (sd->spec_version < SD_PHY_SPECv3_01_VERS) { 1740 return sd_cmd_illegal(sd, req); 1741 } 1742 1743 if (sd->state != sd_transfer_state) { 1744 return sd_invalid_state_for_cmd(sd, req); 1745 } 1746 1747 sd->multi_blk_cnt = req.arg; 1748 if (sd_is_emmc(sd)) { 1749 sd->multi_blk_cnt &= 0xffff; 1750 } 1751 trace_sdcard_set_block_count(sd->multi_blk_cnt); 1752 1753 return sd_r1; 1754 } 1755 1756 /* CMD24 */ 1757 static sd_rsp_type_t sd_cmd_WRITE_SINGLE_BLOCK(SDState *sd, SDRequest req) 1758 { 1759 uint64_t addr; 1760 1761 if (sd->state != sd_transfer_state) { 1762 return sd_invalid_state_for_cmd(sd, req); 1763 } 1764 1765 addr = sd_req_get_address(sd, req); 1766 if (!address_in_range(sd, "WRITE_SINGLE_BLOCK", addr, sd->blk_len)) { 1767 return sd_r1; 1768 } 1769 1770 if (sd->size <= SDSC_MAX_CAPACITY) { 1771 if (sd_wp_addr(sd, addr)) { 1772 sd->card_status |= WP_VIOLATION; 1773 } 1774 } 1775 if (sd->csd[14] & 0x30) { 1776 sd->card_status |= WP_VIOLATION; 1777 } 1778 1779 sd->blk_written = 0; 1780 return sd_cmd_to_receivingdata(sd, req, addr, sd->blk_len); 1781 } 1782 1783 /* CMD26 */ 1784 static sd_rsp_type_t emmc_cmd_PROGRAM_CID(SDState *sd, SDRequest req) 1785 { 1786 return sd_cmd_to_receivingdata(sd, req, 0, sizeof(sd->cid)); 1787 } 1788 1789 /* CMD27 */ 1790 static sd_rsp_type_t sd_cmd_PROGRAM_CSD(SDState *sd, SDRequest req) 1791 { 1792 return sd_cmd_to_receivingdata(sd, req, 0, sizeof(sd->csd)); 1793 } 1794 1795 static sd_rsp_type_t sd_cmd_SET_CLR_WRITE_PROT(SDState *sd, SDRequest req, 1796 bool is_write) 1797 { 1798 uint64_t addr; 1799 1800 if (sd->size > SDSC_MAX_CAPACITY) { 1801 return sd_illegal; 1802 } 1803 1804 if (sd->state != sd_transfer_state) { 1805 return sd_invalid_state_for_cmd(sd, req); 1806 } 1807 1808 addr = sd_req_get_address(sd, req); 1809 if (!address_in_range(sd, is_write ? "SET_WRITE_PROT" : "CLR_WRITE_PROT", 1810 addr, 1)) { 1811 return sd_r1b; 1812 } 1813 1814 sd->state = sd_programming_state; 1815 if (is_write) { 1816 set_bit(sd_addr_to_wpnum(addr), sd->wp_group_bmap); 1817 } else { 1818 clear_bit(sd_addr_to_wpnum(addr), sd->wp_group_bmap); 1819 } 1820 /* Bzzzzzzztt .... Operation complete. */ 1821 sd->state = sd_transfer_state; 1822 return sd_r1; 1823 } 1824 1825 /* CMD28 */ 1826 static sd_rsp_type_t sd_cmd_SET_WRITE_PROT(SDState *sd, SDRequest req) 1827 { 1828 return sd_cmd_SET_CLR_WRITE_PROT(sd, req, true); 1829 } 1830 1831 /* CMD29 */ 1832 static sd_rsp_type_t sd_cmd_CLR_WRITE_PROT(SDState *sd, SDRequest req) 1833 { 1834 return sd_cmd_SET_CLR_WRITE_PROT(sd, req, false); 1835 } 1836 1837 /* CMD30 */ 1838 static sd_rsp_type_t sd_cmd_SEND_WRITE_PROT(SDState *sd, SDRequest req) 1839 { 1840 uint64_t addr; 1841 uint32_t data; 1842 1843 if (sd->size > SDSC_MAX_CAPACITY) { 1844 return sd_illegal; 1845 } 1846 1847 if (sd->state != sd_transfer_state) { 1848 return sd_invalid_state_for_cmd(sd, req); 1849 } 1850 1851 addr = sd_req_get_address(sd, req); 1852 if (!address_in_range(sd, "SEND_WRITE_PROT", addr, sd->blk_len)) { 1853 return sd_r1; 1854 } 1855 1856 data = sd_wpbits(sd, req.arg); 1857 return sd_cmd_to_sendingdata(sd, req, addr, &data, sizeof(data)); 1858 } 1859 1860 /* CMD32 */ 1861 static sd_rsp_type_t sd_cmd_ERASE_WR_BLK_START(SDState *sd, SDRequest req) 1862 { 1863 if (sd->state != sd_transfer_state) { 1864 return sd_invalid_state_for_cmd(sd, req); 1865 } 1866 sd->erase_start = req.arg; 1867 return sd_r1; 1868 } 1869 1870 /* CMD33 */ 1871 static sd_rsp_type_t sd_cmd_ERASE_WR_BLK_END(SDState *sd, SDRequest req) 1872 { 1873 if (sd->state != sd_transfer_state) { 1874 return sd_invalid_state_for_cmd(sd, req); 1875 } 1876 sd->erase_end = req.arg; 1877 return sd_r1; 1878 } 1879 1880 /* CMD38 */ 1881 static sd_rsp_type_t sd_cmd_ERASE(SDState *sd, SDRequest req) 1882 { 1883 if (sd->state != sd_transfer_state) { 1884 return sd_invalid_state_for_cmd(sd, req); 1885 } 1886 if (sd->csd[14] & 0x30) { 1887 sd->card_status |= WP_VIOLATION; 1888 return sd_r1b; 1889 } 1890 1891 sd->state = sd_programming_state; 1892 sd_erase(sd); 1893 /* Bzzzzzzztt .... Operation complete. */ 1894 sd->state = sd_transfer_state; 1895 return sd_r1b; 1896 } 1897 1898 /* CMD42 */ 1899 static sd_rsp_type_t sd_cmd_LOCK_UNLOCK(SDState *sd, SDRequest req) 1900 { 1901 return sd_cmd_to_receivingdata(sd, req, 0, 0); 1902 } 1903 1904 /* CMD55 */ 1905 static sd_rsp_type_t sd_cmd_APP_CMD(SDState *sd, SDRequest req) 1906 { 1907 switch (sd->state) { 1908 case sd_ready_state: 1909 case sd_identification_state: 1910 case sd_inactive_state: 1911 case sd_sleep_state: 1912 return sd_invalid_state_for_cmd(sd, req); 1913 case sd_idle_state: 1914 if (!sd_is_spi(sd) && sd_req_get_rca(sd, req) != 0x0000) { 1915 qemu_log_mask(LOG_GUEST_ERROR, 1916 "SD: illegal RCA 0x%04x for APP_CMD\n", req.cmd); 1917 } 1918 /* fall-through */ 1919 default: 1920 break; 1921 } 1922 if (!sd_is_spi(sd) && !sd_req_rca_same(sd, req)) { 1923 return sd_r0; 1924 } 1925 sd->expecting_acmd = true; 1926 sd->card_status |= APP_CMD; 1927 1928 return sd_r1; 1929 } 1930 1931 /* CMD56 */ 1932 static sd_rsp_type_t sd_cmd_GEN_CMD(SDState *sd, SDRequest req) 1933 { 1934 if (sd->state != sd_transfer_state) { 1935 return sd_invalid_state_for_cmd(sd, req); 1936 } 1937 1938 /* Vendor specific command: our model is RAZ/WI */ 1939 if (req.arg & 1) { 1940 memset(sd->data, 0, sizeof(sd->data)); 1941 return sd_cmd_to_sendingdata(sd, req, 0, NULL, 0); 1942 } else { 1943 return sd_cmd_to_receivingdata(sd, req, 0, 0); 1944 } 1945 } 1946 1947 /* CMD58 */ 1948 static sd_rsp_type_t spi_cmd_READ_OCR(SDState *sd, SDRequest req) 1949 { 1950 return sd_r3; 1951 } 1952 1953 /* CMD59 */ 1954 static sd_rsp_type_t spi_cmd_CRC_ON_OFF(SDState *sd, SDRequest req) 1955 { 1956 return sd_r1; 1957 } 1958 1959 /* ACMD6 */ 1960 static sd_rsp_type_t sd_acmd_SET_BUS_WIDTH(SDState *sd, SDRequest req) 1961 { 1962 if (sd->state != sd_transfer_state) { 1963 return sd_invalid_state_for_cmd(sd, req); 1964 } 1965 1966 sd->sd_status[0] &= 0x3f; 1967 sd->sd_status[0] |= (req.arg & 0x03) << 6; 1968 return sd_r1; 1969 } 1970 1971 /* ACMD13 */ 1972 static sd_rsp_type_t sd_acmd_SD_STATUS(SDState *sd, SDRequest req) 1973 { 1974 sd_rsp_type_t rsp; 1975 1976 rsp = sd_cmd_to_sendingdata(sd, req, 0, 1977 sd->sd_status, sizeof(sd->sd_status)); 1978 if (sd_is_spi(sd) && rsp != sd_illegal) { 1979 return spi_r2; 1980 } 1981 return rsp; 1982 } 1983 1984 /* ACMD22 */ 1985 static sd_rsp_type_t sd_acmd_SEND_NUM_WR_BLOCKS(SDState *sd, SDRequest req) 1986 { 1987 return sd_cmd_to_sendingdata(sd, req, 0, 1988 &sd->blk_written, sizeof(sd->blk_written)); 1989 } 1990 1991 /* ACMD23 */ 1992 static sd_rsp_type_t sd_acmd_SET_WR_BLK_ERASE_COUNT(SDState *sd, SDRequest req) 1993 { 1994 if (sd->state != sd_transfer_state) { 1995 return sd_invalid_state_for_cmd(sd, req); 1996 } 1997 return sd_r1; 1998 } 1999 2000 /* ACMD41 */ 2001 static sd_rsp_type_t sd_cmd_SEND_OP_COND(SDState *sd, SDRequest req) 2002 { 2003 if (sd->state != sd_idle_state) { 2004 return sd_invalid_state_for_cmd(sd, req); 2005 } 2006 2007 /* 2008 * If it's the first ACMD41 since reset, we need to decide 2009 * whether to power up. If this is not an enquiry ACMD41, 2010 * we immediately report power on and proceed below to the 2011 * ready state, but if it is, we set a timer to model a 2012 * delay for power up. This works around a bug in EDK2 2013 * UEFI, which sends an initial enquiry ACMD41, but 2014 * assumes that the card is in ready state as soon as it 2015 * sees the power up bit set. 2016 */ 2017 if (!FIELD_EX32(sd->ocr, OCR, CARD_POWER_UP)) { 2018 if ((req.arg & ACMD41_ENQUIRY_MASK) != 0) { 2019 timer_del(sd->ocr_power_timer); 2020 sd_ocr_powerup(sd); 2021 } else { 2022 trace_sdcard_inquiry_cmd41(); 2023 if (!timer_pending(sd->ocr_power_timer)) { 2024 timer_mod_ns(sd->ocr_power_timer, 2025 (qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) 2026 + OCR_POWER_DELAY_NS)); 2027 } 2028 } 2029 } 2030 2031 if (FIELD_EX32(sd->ocr & req.arg, OCR, VDD_VOLTAGE_WINDOW)) { 2032 /* 2033 * We accept any voltage. 10000 V is nothing. 2034 * 2035 * Once we're powered up, we advance straight to ready state 2036 * unless it's an enquiry ACMD41 (bits 23:0 == 0). 2037 */ 2038 sd->state = sd_ready_state; 2039 } 2040 2041 if (sd_is_spi(sd)) { 2042 return sd_r1; 2043 } 2044 return sd_r3; 2045 } 2046 2047 /* ACMD42 */ 2048 static sd_rsp_type_t sd_acmd_SET_CLR_CARD_DETECT(SDState *sd, SDRequest req) 2049 { 2050 if (sd->state != sd_transfer_state) { 2051 return sd_invalid_state_for_cmd(sd, req); 2052 } 2053 2054 /* Bringing in the 50KOhm pull-up resistor... Done. */ 2055 return sd_r1; 2056 } 2057 2058 /* ACMD51 */ 2059 static sd_rsp_type_t sd_acmd_SEND_SCR(SDState *sd, SDRequest req) 2060 { 2061 return sd_cmd_to_sendingdata(sd, req, 0, sd->scr, sizeof(sd->scr)); 2062 } 2063 2064 static sd_rsp_type_t sd_normal_command(SDState *sd, SDRequest req) 2065 { 2066 uint64_t addr; 2067 2068 sd->last_cmd_name = sd_cmd_name(sd, req.cmd); 2069 /* CMD55 precedes an ACMD, so we are not interested in tracing it. 2070 * However there is no ACMD55, so we want to trace this particular case. 2071 */ 2072 if (req.cmd != 55 || sd->expecting_acmd) { 2073 trace_sdcard_normal_command(sd->proto->name, 2074 sd->last_cmd_name, req.cmd, 2075 req.arg, sd_state_name(sd->state)); 2076 } 2077 2078 /* Not interpreting this as an app command */ 2079 sd->card_status &= ~APP_CMD; 2080 2081 /* CMD23 (set block count) must be immediately followed by CMD18 or CMD25 2082 * if not, its effects are cancelled */ 2083 if (sd->multi_blk_cnt != 0 && !(req.cmd == 18 || req.cmd == 25)) { 2084 sd->multi_blk_cnt = 0; 2085 } 2086 2087 if (sd->proto->cmd[req.cmd].class == 6 && FIELD_EX32(sd->ocr, OCR, 2088 CARD_CAPACITY)) { 2089 /* Only Standard Capacity cards support class 6 commands */ 2090 return sd_illegal; 2091 } 2092 2093 if (sd->proto->cmd[req.cmd].handler) { 2094 return sd->proto->cmd[req.cmd].handler(sd, req); 2095 } 2096 2097 switch (req.cmd) { 2098 /* Block read commands (Class 2) */ 2099 case 18: /* CMD18: READ_MULTIPLE_BLOCK */ 2100 addr = sd_req_get_address(sd, req); 2101 switch (sd->state) { 2102 case sd_transfer_state: 2103 2104 if (!address_in_range(sd, "READ_BLOCK", addr, sd->blk_len)) { 2105 return sd_r1; 2106 } 2107 2108 sd->state = sd_sendingdata_state; 2109 sd->data_start = addr; 2110 sd->data_offset = 0; 2111 return sd_r1; 2112 2113 default: 2114 break; 2115 } 2116 break; 2117 2118 /* Block write commands (Class 4) */ 2119 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */ 2120 addr = sd_req_get_address(sd, req); 2121 switch (sd->state) { 2122 case sd_transfer_state: 2123 2124 if (!address_in_range(sd, "WRITE_BLOCK", addr, sd->blk_len)) { 2125 return sd_r1; 2126 } 2127 2128 sd->state = sd_receivingdata_state; 2129 sd->data_start = addr; 2130 sd->data_offset = 0; 2131 sd->blk_written = 0; 2132 2133 if (sd->size <= SDSC_MAX_CAPACITY) { 2134 if (sd_wp_addr(sd, sd->data_start)) { 2135 sd->card_status |= WP_VIOLATION; 2136 } 2137 } 2138 if (sd->csd[14] & 0x30) { 2139 sd->card_status |= WP_VIOLATION; 2140 } 2141 return sd_r1; 2142 2143 default: 2144 break; 2145 } 2146 break; 2147 2148 default: 2149 qemu_log_mask(LOG_GUEST_ERROR, "SD: Unknown CMD%i\n", req.cmd); 2150 return sd_illegal; 2151 } 2152 2153 return sd_invalid_state_for_cmd(sd, req); 2154 } 2155 2156 static sd_rsp_type_t sd_app_command(SDState *sd, 2157 SDRequest req) 2158 { 2159 sd->last_cmd_name = sd_acmd_name(sd, req.cmd); 2160 trace_sdcard_app_command(sd->proto->name, sd->last_cmd_name, 2161 req.cmd, req.arg, sd_state_name(sd->state)); 2162 sd->card_status |= APP_CMD; 2163 2164 if (sd->proto->acmd[req.cmd].handler) { 2165 return sd->proto->acmd[req.cmd].handler(sd, req); 2166 } 2167 2168 switch (req.cmd) { 2169 case 18: /* Reserved for SD security applications */ 2170 case 25: 2171 case 26: 2172 case 38: 2173 case 43 ... 49: 2174 /* Refer to the "SD Specifications Part3 Security Specification" for 2175 * information about the SD Security Features. 2176 */ 2177 qemu_log_mask(LOG_UNIMP, "SD: CMD%i Security not implemented\n", 2178 req.cmd); 2179 return sd_illegal; 2180 2181 default: 2182 /* Fall back to standard commands. */ 2183 return sd_normal_command(sd, req); 2184 } 2185 2186 qemu_log_mask(LOG_GUEST_ERROR, "SD: ACMD%i in a wrong state\n", req.cmd); 2187 return sd_illegal; 2188 } 2189 2190 static bool cmd_valid_while_locked(SDState *sd, unsigned cmd) 2191 { 2192 unsigned cmd_class; 2193 2194 /* Valid commands in locked state: 2195 * basic class (0) 2196 * lock card class (7) 2197 * CMD16 2198 * implicitly, the ACMD prefix CMD55 2199 * ACMD41 and ACMD42 2200 * Anything else provokes an "illegal command" response. 2201 */ 2202 if (sd->expecting_acmd) { 2203 return cmd == 41 || cmd == 42; 2204 } 2205 if (cmd == 16 || cmd == 55) { 2206 return true; 2207 } 2208 if (!sd->proto->cmd[cmd].handler) { 2209 return false; 2210 } 2211 cmd_class = sd->proto->cmd[cmd].class; 2212 2213 return cmd_class == 0 || cmd_class == 7; 2214 } 2215 2216 static size_t sd_do_command(SDState *sd, SDRequest *req, 2217 uint8_t *response, size_t respsz) 2218 { 2219 int last_state; 2220 sd_rsp_type_t rtype; 2221 int rsplen; 2222 2223 if (!sd->blk || !blk_is_inserted(sd->blk)) { 2224 return 0; 2225 } 2226 2227 if (sd->state == sd_inactive_state) { 2228 rtype = sd_illegal; 2229 goto send_response; 2230 } 2231 2232 if (sd_req_crc_validate(req)) { 2233 sd->card_status |= COM_CRC_ERROR; 2234 rtype = sd_illegal; 2235 goto send_response; 2236 } 2237 2238 if (req->cmd >= SDMMC_CMD_MAX) { 2239 qemu_log_mask(LOG_GUEST_ERROR, "SD: incorrect command 0x%02x\n", 2240 req->cmd); 2241 req->cmd &= 0x3f; 2242 } 2243 2244 if (sd->state == sd_sleep_state && req->cmd) { 2245 qemu_log_mask(LOG_GUEST_ERROR, "SD: Card is sleeping\n"); 2246 rtype = sd_r0; 2247 goto send_response; 2248 } 2249 2250 if (sd->card_status & CARD_IS_LOCKED) { 2251 if (!cmd_valid_while_locked(sd, req->cmd)) { 2252 sd->card_status |= ILLEGAL_COMMAND; 2253 sd->expecting_acmd = false; 2254 qemu_log_mask(LOG_GUEST_ERROR, "SD: Card is locked\n"); 2255 rtype = sd_illegal; 2256 goto send_response; 2257 } 2258 } 2259 2260 last_state = sd->state; 2261 sd_set_mode(sd); 2262 2263 if (sd->expecting_acmd) { 2264 sd->expecting_acmd = false; 2265 rtype = sd_app_command(sd, *req); 2266 } else { 2267 rtype = sd_normal_command(sd, *req); 2268 } 2269 2270 if (rtype == sd_illegal) { 2271 sd->card_status |= ILLEGAL_COMMAND; 2272 } else { 2273 /* Valid command, we can update the 'state before command' bits. 2274 * (Do this now so they appear in r1 responses.) 2275 */ 2276 sd->card_status = FIELD_DP32(sd->card_status, CSR, 2277 CURRENT_STATE, last_state); 2278 } 2279 2280 send_response: 2281 rsplen = sd_response_size(sd, rtype); 2282 assert(rsplen <= respsz); 2283 2284 switch (rtype) { 2285 case sd_r1: 2286 case sd_r1b: 2287 sd_response_r1_make(sd, response); 2288 break; 2289 2290 case spi_r2: 2291 spi_response_r2_make(sd, response); 2292 break; 2293 2294 case sd_r2_i: 2295 memcpy(response, sd->cid, sizeof(sd->cid)); 2296 break; 2297 2298 case sd_r2_s: 2299 memcpy(response, sd->csd, sizeof(sd->csd)); 2300 break; 2301 2302 case sd_r3: 2303 sd_response_r3_make(sd, response); 2304 break; 2305 2306 case sd_r6: 2307 sd_response_r6_make(sd, response); 2308 break; 2309 2310 case sd_r7: 2311 sd_response_r7_make(sd, response); 2312 break; 2313 2314 case sd_r0: 2315 /* 2316 * Invalid state transition, reset implementation 2317 * fields to avoid OOB abuse. 2318 */ 2319 sd->data_start = 0; 2320 sd->data_offset = 0; 2321 /* fall-through */ 2322 case sd_illegal: 2323 break; 2324 default: 2325 g_assert_not_reached(); 2326 } 2327 trace_sdcard_response(sd_response_name(rtype), rsplen); 2328 2329 if (rtype != sd_illegal) { 2330 /* Clear the "clear on valid command" status bits now we've 2331 * sent any response 2332 */ 2333 sd->card_status &= ~CARD_STATUS_B; 2334 } 2335 2336 #ifdef DEBUG_SD 2337 qemu_hexdump(stderr, "Response", response, rsplen); 2338 #endif 2339 2340 sd->current_cmd = rtype == sd_illegal ? 0 : req->cmd; 2341 2342 return rsplen; 2343 } 2344 2345 /* Return true if buffer is consumed. Configured by sd_cmd_to_receivingdata() */ 2346 static bool sd_generic_write_byte(SDState *sd, uint8_t value) 2347 { 2348 sd->data[sd->data_offset] = value; 2349 2350 if (++sd->data_offset >= sd->data_size) { 2351 sd->state = sd_transfer_state; 2352 return true; 2353 } 2354 return false; 2355 } 2356 2357 /* Return true when buffer is consumed. Configured by sd_cmd_to_sendingdata() */ 2358 static bool sd_generic_read_byte(SDState *sd, uint8_t *value) 2359 { 2360 *value = sd->data[sd->data_offset]; 2361 2362 if (++sd->data_offset >= sd->data_size) { 2363 sd->state = sd_transfer_state; 2364 return true; 2365 } 2366 2367 return false; 2368 } 2369 2370 static void sd_write_byte(SDState *sd, uint8_t value) 2371 { 2372 int i; 2373 2374 if (!sd->blk || !blk_is_inserted(sd->blk)) { 2375 return; 2376 } 2377 2378 if (sd->state != sd_receivingdata_state) { 2379 qemu_log_mask(LOG_GUEST_ERROR, 2380 "%s: not in Receiving-Data state\n", __func__); 2381 return; 2382 } 2383 2384 if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION)) 2385 return; 2386 2387 trace_sdcard_write_data(sd->proto->name, 2388 sd->last_cmd_name, 2389 sd->current_cmd, sd->data_offset, value); 2390 switch (sd->current_cmd) { 2391 case 24: /* CMD24: WRITE_SINGLE_BLOCK */ 2392 if (sd_generic_write_byte(sd, value)) { 2393 /* TODO: Check CRC before committing */ 2394 sd->state = sd_programming_state; 2395 sd_blk_write(sd, sd->data_start, sd->data_offset); 2396 sd->blk_written ++; 2397 sd->csd[14] |= 0x40; 2398 /* Bzzzzzzztt .... Operation complete. */ 2399 sd->state = sd_transfer_state; 2400 } 2401 break; 2402 2403 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */ 2404 if (sd->data_offset == 0) { 2405 /* Start of the block - let's check the address is valid */ 2406 if (!address_in_range(sd, "WRITE_MULTIPLE_BLOCK", 2407 sd->data_start, sd->blk_len)) { 2408 break; 2409 } 2410 if (sd->size <= SDSC_MAX_CAPACITY) { 2411 if (sd_wp_addr(sd, sd->data_start)) { 2412 sd->card_status |= WP_VIOLATION; 2413 break; 2414 } 2415 } 2416 } 2417 sd->data[sd->data_offset++] = value; 2418 if (sd->data_offset >= sd->blk_len) { 2419 /* TODO: Check CRC before committing */ 2420 sd->state = sd_programming_state; 2421 sd_blk_write(sd, sd->data_start, sd->data_offset); 2422 sd->blk_written++; 2423 sd->data_start += sd->blk_len; 2424 sd->data_offset = 0; 2425 sd->csd[14] |= 0x40; 2426 2427 /* Bzzzzzzztt .... Operation complete. */ 2428 if (sd->multi_blk_cnt != 0) { 2429 if (--sd->multi_blk_cnt == 0) { 2430 /* Stop! */ 2431 sd->state = sd_transfer_state; 2432 break; 2433 } 2434 } 2435 2436 sd->state = sd_receivingdata_state; 2437 } 2438 break; 2439 2440 case 26: /* CMD26: PROGRAM_CID */ 2441 if (sd_generic_write_byte(sd, value)) { 2442 /* TODO: Check CRC before committing */ 2443 sd->state = sd_programming_state; 2444 for (i = 0; i < sizeof(sd->cid); i ++) 2445 if ((sd->cid[i] | 0x00) != sd->data[i]) 2446 sd->card_status |= CID_CSD_OVERWRITE; 2447 2448 if (!(sd->card_status & CID_CSD_OVERWRITE)) 2449 for (i = 0; i < sizeof(sd->cid); i ++) { 2450 sd->cid[i] |= 0x00; 2451 sd->cid[i] &= sd->data[i]; 2452 } 2453 /* Bzzzzzzztt .... Operation complete. */ 2454 sd->state = sd_transfer_state; 2455 } 2456 break; 2457 2458 case 27: /* CMD27: PROGRAM_CSD */ 2459 if (sd_generic_write_byte(sd, value)) { 2460 /* TODO: Check CRC before committing */ 2461 sd->state = sd_programming_state; 2462 for (i = 0; i < sizeof(sd->csd); i ++) 2463 if ((sd->csd[i] | sd_csd_rw_mask[i]) != 2464 (sd->data[i] | sd_csd_rw_mask[i])) 2465 sd->card_status |= CID_CSD_OVERWRITE; 2466 2467 /* Copy flag (OTP) & Permanent write protect */ 2468 if (sd->csd[14] & ~sd->data[14] & 0x60) 2469 sd->card_status |= CID_CSD_OVERWRITE; 2470 2471 if (!(sd->card_status & CID_CSD_OVERWRITE)) 2472 for (i = 0; i < sizeof(sd->csd); i ++) { 2473 sd->csd[i] |= sd_csd_rw_mask[i]; 2474 sd->csd[i] &= sd->data[i]; 2475 } 2476 /* Bzzzzzzztt .... Operation complete. */ 2477 sd->state = sd_transfer_state; 2478 } 2479 break; 2480 2481 case 42: /* CMD42: LOCK_UNLOCK */ 2482 if (sd_generic_write_byte(sd, value)) { 2483 /* TODO: Check CRC before committing */ 2484 sd->state = sd_programming_state; 2485 sd_lock_command(sd); 2486 /* Bzzzzzzztt .... Operation complete. */ 2487 sd->state = sd_transfer_state; 2488 } 2489 break; 2490 2491 case 56: /* CMD56: GEN_CMD */ 2492 sd_generic_write_byte(sd, value); 2493 break; 2494 2495 default: 2496 g_assert_not_reached(); 2497 } 2498 } 2499 2500 static uint8_t sd_read_byte(SDState *sd) 2501 { 2502 /* TODO: Append CRCs */ 2503 const uint8_t dummy_byte = 0x00; 2504 uint8_t ret; 2505 uint32_t io_len; 2506 2507 if (!sd->blk || !blk_is_inserted(sd->blk)) { 2508 return dummy_byte; 2509 } 2510 2511 if (sd->state != sd_sendingdata_state) { 2512 qemu_log_mask(LOG_GUEST_ERROR, 2513 "%s: not in Sending-Data state\n", __func__); 2514 return dummy_byte; 2515 } 2516 2517 if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION)) { 2518 return dummy_byte; 2519 } 2520 2521 io_len = sd_blk_len(sd); 2522 2523 trace_sdcard_read_data(sd->proto->name, 2524 sd->last_cmd_name, sd->current_cmd, 2525 sd->data_offset, sd->data_size, io_len); 2526 switch (sd->current_cmd) { 2527 case 6: /* CMD6: SWITCH_FUNCTION */ 2528 case 8: /* CMD8: SEND_EXT_CSD */ 2529 case 9: /* CMD9: SEND_CSD */ 2530 case 10: /* CMD10: SEND_CID */ 2531 case 13: /* ACMD13: SD_STATUS */ 2532 case 17: /* CMD17: READ_SINGLE_BLOCK */ 2533 case 19: /* CMD19: SEND_TUNING_BLOCK (SD) */ 2534 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */ 2535 case 30: /* CMD30: SEND_WRITE_PROT */ 2536 case 51: /* ACMD51: SEND_SCR */ 2537 case 56: /* CMD56: GEN_CMD */ 2538 sd_generic_read_byte(sd, &ret); 2539 break; 2540 2541 case 18: /* CMD18: READ_MULTIPLE_BLOCK */ 2542 if (sd->data_offset == 0) { 2543 if (!address_in_range(sd, "READ_MULTIPLE_BLOCK", 2544 sd->data_start, io_len)) { 2545 return dummy_byte; 2546 } 2547 sd_blk_read(sd, sd->data_start, io_len); 2548 } 2549 ret = sd->data[sd->data_offset ++]; 2550 2551 if (sd->data_offset >= io_len) { 2552 sd->data_start += io_len; 2553 sd->data_offset = 0; 2554 2555 if (sd->multi_blk_cnt != 0) { 2556 if (--sd->multi_blk_cnt == 0) { 2557 /* Stop! */ 2558 sd->state = sd_transfer_state; 2559 break; 2560 } 2561 } 2562 } 2563 break; 2564 2565 default: 2566 qemu_log_mask(LOG_GUEST_ERROR, "%s: DAT read illegal for command %s\n", 2567 __func__, sd->last_cmd_name); 2568 return dummy_byte; 2569 } 2570 2571 return ret; 2572 } 2573 2574 static bool sd_receive_ready(SDState *sd) 2575 { 2576 return sd->state == sd_receivingdata_state; 2577 } 2578 2579 static bool sd_data_ready(SDState *sd) 2580 { 2581 return sd->state == sd_sendingdata_state; 2582 } 2583 2584 static const SDProto sd_proto_spi = { 2585 .name = "SPI", 2586 .cmd = { 2587 [0] = {0, sd_spi, "GO_IDLE_STATE", sd_cmd_GO_IDLE_STATE}, 2588 [1] = {0, sd_spi, "SEND_OP_COND", sd_cmd_SEND_OP_COND}, 2589 [5] = {9, sd_spi, "IO_SEND_OP_COND", sd_cmd_optional}, 2590 [6] = {10, sd_spi, "SWITCH_FUNCTION", sd_cmd_SWITCH_FUNCTION}, 2591 [8] = {0, sd_spi, "SEND_IF_COND", sd_cmd_SEND_IF_COND}, 2592 [9] = {0, sd_spi, "SEND_CSD", spi_cmd_SEND_CSD}, 2593 [10] = {0, sd_spi, "SEND_CID", spi_cmd_SEND_CID}, 2594 [12] = {0, sd_spi, "STOP_TRANSMISSION", sd_cmd_STOP_TRANSMISSION}, 2595 [13] = {0, sd_spi, "SEND_STATUS", sd_cmd_SEND_STATUS}, 2596 [16] = {2, sd_spi, "SET_BLOCKLEN", sd_cmd_SET_BLOCKLEN}, 2597 [17] = {2, sd_spi, "READ_SINGLE_BLOCK", sd_cmd_READ_SINGLE_BLOCK}, 2598 [24] = {4, sd_spi, "WRITE_SINGLE_BLOCK", sd_cmd_WRITE_SINGLE_BLOCK}, 2599 [27] = {4, sd_spi, "PROGRAM_CSD", sd_cmd_PROGRAM_CSD}, 2600 [28] = {6, sd_spi, "SET_WRITE_PROT", sd_cmd_SET_WRITE_PROT}, 2601 [29] = {6, sd_spi, "CLR_WRITE_PROT", sd_cmd_CLR_WRITE_PROT}, 2602 [30] = {6, sd_spi, "SEND_WRITE_PROT", sd_cmd_SEND_WRITE_PROT}, 2603 [32] = {5, sd_spi, "ERASE_WR_BLK_START", sd_cmd_ERASE_WR_BLK_START}, 2604 [33] = {5, sd_spi, "ERASE_WR_BLK_END", sd_cmd_ERASE_WR_BLK_END}, 2605 [34] = {10, sd_spi, "READ_SEC_CMD", sd_cmd_optional}, 2606 [35] = {10, sd_spi, "WRITE_SEC_CMD", sd_cmd_optional}, 2607 [36] = {10, sd_spi, "SEND_PSI", sd_cmd_optional}, 2608 [37] = {10, sd_spi, "CONTROL_ASSD_SYSTEM", sd_cmd_optional}, 2609 [38] = {5, sd_spi, "ERASE", sd_cmd_ERASE}, 2610 [42] = {7, sd_spi, "LOCK_UNLOCK", sd_cmd_LOCK_UNLOCK}, 2611 [50] = {10, sd_spi, "DIRECT_SECURE_READ", sd_cmd_optional}, 2612 [52] = {9, sd_spi, "IO_RW_DIRECT", sd_cmd_optional}, 2613 [53] = {9, sd_spi, "IO_RW_EXTENDED", sd_cmd_optional}, 2614 [55] = {8, sd_spi, "APP_CMD", sd_cmd_APP_CMD}, 2615 [56] = {8, sd_spi, "GEN_CMD", sd_cmd_GEN_CMD}, 2616 [57] = {10, sd_spi, "DIRECT_SECURE_WRITE", sd_cmd_optional}, 2617 [58] = {0, sd_spi, "READ_OCR", spi_cmd_READ_OCR}, 2618 [59] = {0, sd_spi, "CRC_ON_OFF", spi_cmd_CRC_ON_OFF}, 2619 }, 2620 .acmd = { 2621 [13] = {8, sd_spi, "SD_STATUS", sd_acmd_SD_STATUS}, 2622 [22] = {8, sd_spi, "SEND_NUM_WR_BLOCKS", sd_acmd_SEND_NUM_WR_BLOCKS}, 2623 [23] = {8, sd_spi, "SET_WR_BLK_ERASE_COUNT", sd_acmd_SET_WR_BLK_ERASE_COUNT}, 2624 [41] = {8, sd_spi, "SEND_OP_COND", sd_cmd_SEND_OP_COND}, 2625 [42] = {8, sd_spi, "SET_CLR_CARD_DETECT", sd_acmd_SET_CLR_CARD_DETECT}, 2626 [51] = {8, sd_spi, "SEND_SCR", sd_acmd_SEND_SCR}, 2627 }, 2628 }; 2629 2630 static const SDProto sd_proto_sd = { 2631 .name = "SD", 2632 .cmd = { 2633 [0] = {0, sd_bc, "GO_IDLE_STATE", sd_cmd_GO_IDLE_STATE}, 2634 [2] = {0, sd_bcr, "ALL_SEND_CID", sd_cmd_ALL_SEND_CID}, 2635 [3] = {0, sd_bcr, "SEND_RELATIVE_ADDR", sd_cmd_SEND_RELATIVE_ADDR}, 2636 [4] = {0, sd_bc, "SEND_DSR", sd_cmd_unimplemented}, 2637 [5] = {9, sd_bc, "IO_SEND_OP_COND", sd_cmd_optional}, 2638 [6] = {10, sd_adtc, "SWITCH_FUNCTION", sd_cmd_SWITCH_FUNCTION}, 2639 [7] = {0, sd_ac, "(DE)SELECT_CARD", sd_cmd_DE_SELECT_CARD}, 2640 [8] = {0, sd_bcr, "SEND_IF_COND", sd_cmd_SEND_IF_COND}, 2641 [9] = {0, sd_ac, "SEND_CSD", sd_cmd_SEND_CSD}, 2642 [10] = {0, sd_ac, "SEND_CID", sd_cmd_SEND_CID}, 2643 [11] = {0, sd_ac, "VOLTAGE_SWITCH", sd_cmd_optional}, 2644 [12] = {0, sd_ac, "STOP_TRANSMISSION", sd_cmd_STOP_TRANSMISSION}, 2645 [13] = {0, sd_ac, "SEND_STATUS", sd_cmd_SEND_STATUS}, 2646 [15] = {0, sd_ac, "GO_INACTIVE_STATE", sd_cmd_GO_INACTIVE_STATE}, 2647 [16] = {2, sd_ac, "SET_BLOCKLEN", sd_cmd_SET_BLOCKLEN}, 2648 [17] = {2, sd_adtc, "READ_SINGLE_BLOCK", sd_cmd_READ_SINGLE_BLOCK}, 2649 [19] = {2, sd_adtc, "SEND_TUNING_BLOCK", sd_cmd_SEND_TUNING_BLOCK}, 2650 [20] = {2, sd_ac, "SPEED_CLASS_CONTROL", sd_cmd_optional}, 2651 [23] = {2, sd_ac, "SET_BLOCK_COUNT", sd_cmd_SET_BLOCK_COUNT}, 2652 [24] = {4, sd_adtc, "WRITE_SINGLE_BLOCK", sd_cmd_WRITE_SINGLE_BLOCK}, 2653 [27] = {4, sd_adtc, "PROGRAM_CSD", sd_cmd_PROGRAM_CSD}, 2654 [28] = {6, sd_ac, "SET_WRITE_PROT", sd_cmd_SET_WRITE_PROT}, 2655 [29] = {6, sd_ac, "CLR_WRITE_PROT", sd_cmd_CLR_WRITE_PROT}, 2656 [30] = {6, sd_adtc, "SEND_WRITE_PROT", sd_cmd_SEND_WRITE_PROT}, 2657 [32] = {5, sd_ac, "ERASE_WR_BLK_START", sd_cmd_ERASE_WR_BLK_START}, 2658 [33] = {5, sd_ac, "ERASE_WR_BLK_END", sd_cmd_ERASE_WR_BLK_END}, 2659 [34] = {10, sd_adtc, "READ_SEC_CMD", sd_cmd_optional}, 2660 [35] = {10, sd_adtc, "WRITE_SEC_CMD", sd_cmd_optional}, 2661 [36] = {10, sd_adtc, "SEND_PSI", sd_cmd_optional}, 2662 [37] = {10, sd_ac, "CONTROL_ASSD_SYSTEM", sd_cmd_optional}, 2663 [38] = {5, sd_ac, "ERASE", sd_cmd_ERASE}, 2664 [42] = {7, sd_adtc, "LOCK_UNLOCK", sd_cmd_LOCK_UNLOCK}, 2665 [43] = {1, sd_ac, "Q_MANAGEMENT", sd_cmd_optional}, 2666 [44] = {1, sd_ac, "Q_TASK_INFO_A", sd_cmd_optional}, 2667 [45] = {1, sd_ac, "Q_TASK_INFO_B", sd_cmd_optional}, 2668 [46] = {1, sd_adtc, "Q_RD_TASK", sd_cmd_optional}, 2669 [47] = {1, sd_adtc, "Q_WR_TASK", sd_cmd_optional}, 2670 [48] = {1, sd_adtc, "READ_EXTR_SINGLE", sd_cmd_optional}, 2671 [49] = {1, sd_adtc, "WRITE_EXTR_SINGLE", sd_cmd_optional}, 2672 [50] = {10, sd_adtc, "DIRECT_SECURE_READ", sd_cmd_optional}, 2673 [52] = {9, sd_bc, "IO_RW_DIRECT", sd_cmd_optional}, 2674 [53] = {9, sd_bc, "IO_RW_EXTENDED", sd_cmd_optional}, 2675 [55] = {8, sd_ac, "APP_CMD", sd_cmd_APP_CMD}, 2676 [56] = {8, sd_adtc, "GEN_CMD", sd_cmd_GEN_CMD}, 2677 [57] = {10, sd_adtc, "DIRECT_SECURE_WRITE", sd_cmd_optional}, 2678 [58] = {11, sd_adtc, "READ_EXTR_MULTI", sd_cmd_optional}, 2679 [59] = {11, sd_adtc, "WRITE_EXTR_MULTI", sd_cmd_optional}, 2680 }, 2681 .acmd = { 2682 [6] = {8, sd_ac, "SET_BUS_WIDTH", sd_acmd_SET_BUS_WIDTH}, 2683 [13] = {8, sd_adtc, "SD_STATUS", sd_acmd_SD_STATUS}, 2684 [22] = {8, sd_adtc, "SEND_NUM_WR_BLOCKS", sd_acmd_SEND_NUM_WR_BLOCKS}, 2685 [23] = {8, sd_ac, "SET_WR_BLK_ERASE_COUNT", sd_acmd_SET_WR_BLK_ERASE_COUNT}, 2686 [41] = {8, sd_bcr, "SEND_OP_COND", sd_cmd_SEND_OP_COND}, 2687 [42] = {8, sd_ac, "SET_CLR_CARD_DETECT", sd_acmd_SET_CLR_CARD_DETECT}, 2688 [51] = {8, sd_adtc, "SEND_SCR", sd_acmd_SEND_SCR}, 2689 }, 2690 }; 2691 2692 static const SDProto sd_proto_emmc = { 2693 /* Only v4.3 is supported */ 2694 .name = "eMMC", 2695 .cmd = { 2696 [0] = {0, sd_bc, "GO_IDLE_STATE", sd_cmd_GO_IDLE_STATE}, 2697 [1] = {0, sd_bcr, "SEND_OP_COND", sd_cmd_SEND_OP_COND}, 2698 [2] = {0, sd_bcr, "ALL_SEND_CID", sd_cmd_ALL_SEND_CID}, 2699 [3] = {0, sd_ac, "SET_RELATIVE_ADDR", emmc_cmd_SET_RELATIVE_ADDR}, 2700 [4] = {0, sd_bc, "SEND_DSR", sd_cmd_unimplemented}, 2701 [5] = {0, sd_ac, "SLEEP/AWAKE", emmc_cmd_sleep_awake}, 2702 [6] = {10, sd_adtc, "SWITCH", emmc_cmd_SWITCH}, 2703 [7] = {0, sd_ac, "(DE)SELECT_CARD", sd_cmd_DE_SELECT_CARD}, 2704 [8] = {0, sd_adtc, "SEND_EXT_CSD", emmc_cmd_SEND_EXT_CSD}, 2705 [9] = {0, sd_ac, "SEND_CSD", sd_cmd_SEND_CSD}, 2706 [10] = {0, sd_ac, "SEND_CID", sd_cmd_SEND_CID}, 2707 [11] = {1, sd_adtc, "READ_DAT_UNTIL_STOP", sd_cmd_unimplemented}, 2708 [12] = {0, sd_ac, "STOP_TRANSMISSION", sd_cmd_STOP_TRANSMISSION}, 2709 [13] = {0, sd_ac, "SEND_STATUS", sd_cmd_SEND_STATUS}, 2710 [14] = {0, sd_adtc, "BUSTEST_R", sd_cmd_unimplemented}, 2711 [15] = {0, sd_ac, "GO_INACTIVE_STATE", sd_cmd_GO_INACTIVE_STATE}, 2712 [16] = {2, sd_ac, "SET_BLOCKLEN", sd_cmd_SET_BLOCKLEN}, 2713 [17] = {2, sd_adtc, "READ_SINGLE_BLOCK", sd_cmd_READ_SINGLE_BLOCK}, 2714 [19] = {0, sd_adtc, "BUSTEST_W", sd_cmd_unimplemented}, 2715 [20] = {3, sd_adtc, "WRITE_DAT_UNTIL_STOP", sd_cmd_unimplemented}, 2716 [23] = {2, sd_ac, "SET_BLOCK_COUNT", sd_cmd_SET_BLOCK_COUNT}, 2717 [24] = {4, sd_adtc, "WRITE_SINGLE_BLOCK", sd_cmd_WRITE_SINGLE_BLOCK}, 2718 [26] = {4, sd_adtc, "PROGRAM_CID", emmc_cmd_PROGRAM_CID}, 2719 [27] = {4, sd_adtc, "PROGRAM_CSD", sd_cmd_PROGRAM_CSD}, 2720 [28] = {6, sd_ac, "SET_WRITE_PROT", sd_cmd_SET_WRITE_PROT}, 2721 [29] = {6, sd_ac, "CLR_WRITE_PROT", sd_cmd_CLR_WRITE_PROT}, 2722 [30] = {6, sd_adtc, "SEND_WRITE_PROT", sd_cmd_SEND_WRITE_PROT}, 2723 [31] = {6, sd_adtc, "SEND_WRITE_PROT_TYPE", sd_cmd_unimplemented}, 2724 [35] = {5, sd_ac, "ERASE_WR_BLK_START", sd_cmd_ERASE_WR_BLK_START}, 2725 [36] = {5, sd_ac, "ERASE_WR_BLK_END", sd_cmd_ERASE_WR_BLK_END}, 2726 [38] = {5, sd_ac, "ERASE", sd_cmd_ERASE}, 2727 [39] = {9, sd_ac, "FAST_IO", sd_cmd_unimplemented}, 2728 [40] = {9, sd_bcr, "GO_IRQ_STATE", sd_cmd_unimplemented}, 2729 [42] = {7, sd_adtc, "LOCK_UNLOCK", sd_cmd_LOCK_UNLOCK}, 2730 [49] = {0, sd_adtc, "SET_TIME", sd_cmd_unimplemented}, 2731 [55] = {8, sd_ac, "APP_CMD", sd_cmd_APP_CMD}, 2732 [56] = {8, sd_adtc, "GEN_CMD", sd_cmd_GEN_CMD}, 2733 }, 2734 }; 2735 2736 static void sd_instance_init(Object *obj) 2737 { 2738 SDState *sd = SDMMC_COMMON(obj); 2739 SDCardClass *sc = SDMMC_COMMON_GET_CLASS(sd); 2740 2741 sd->proto = sc->proto; 2742 sd->last_cmd_name = "UNSET"; 2743 sd->ocr_power_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, sd_ocr_powerup, sd); 2744 } 2745 2746 static void sd_instance_finalize(Object *obj) 2747 { 2748 SDState *sd = SDMMC_COMMON(obj); 2749 2750 timer_free(sd->ocr_power_timer); 2751 } 2752 2753 static void sd_realize(DeviceState *dev, Error **errp) 2754 { 2755 SDState *sd = SDMMC_COMMON(dev); 2756 int ret; 2757 2758 switch (sd->spec_version) { 2759 case SD_PHY_SPECv1_10_VERS 2760 ... SD_PHY_SPECv3_01_VERS: 2761 break; 2762 default: 2763 error_setg(errp, "Invalid SD card Spec version: %u", sd->spec_version); 2764 return; 2765 } 2766 2767 if (sd->blk) { 2768 int64_t blk_size; 2769 2770 if (!blk_supports_write_perm(sd->blk)) { 2771 error_setg(errp, "Cannot use read-only drive as SD card"); 2772 return; 2773 } 2774 2775 blk_size = blk_getlength(sd->blk); 2776 if (blk_size > 0 && !is_power_of_2(blk_size)) { 2777 int64_t blk_size_aligned = pow2ceil(blk_size); 2778 char *blk_size_str; 2779 2780 blk_size_str = size_to_str(blk_size); 2781 error_setg(errp, "Invalid SD card size: %s", blk_size_str); 2782 g_free(blk_size_str); 2783 2784 blk_size_str = size_to_str(blk_size_aligned); 2785 error_append_hint(errp, 2786 "SD card size has to be a power of 2, e.g. %s.\n" 2787 "You can resize disk images with" 2788 " 'qemu-img resize <imagefile> <new-size>'\n" 2789 "(note that this will lose data if you make the" 2790 " image smaller than it currently is).\n", 2791 blk_size_str); 2792 g_free(blk_size_str); 2793 2794 return; 2795 } 2796 2797 ret = blk_set_perm(sd->blk, BLK_PERM_CONSISTENT_READ | BLK_PERM_WRITE, 2798 BLK_PERM_ALL, errp); 2799 if (ret < 0) { 2800 return; 2801 } 2802 blk_set_dev_ops(sd->blk, &sd_block_ops, sd); 2803 } 2804 } 2805 2806 static void emmc_realize(DeviceState *dev, Error **errp) 2807 { 2808 SDState *sd = SDMMC_COMMON(dev); 2809 2810 sd->spec_version = SD_PHY_SPECv3_01_VERS; /* Actually v4.3 */ 2811 2812 sd_realize(dev, errp); 2813 } 2814 2815 static const Property sdmmc_common_properties[] = { 2816 DEFINE_PROP_DRIVE("drive", SDState, blk), 2817 }; 2818 2819 static const Property sd_properties[] = { 2820 DEFINE_PROP_UINT8("spec_version", SDState, 2821 spec_version, SD_PHY_SPECv3_01_VERS), 2822 }; 2823 2824 static const Property emmc_properties[] = { 2825 DEFINE_PROP_UINT64("boot-partition-size", SDState, boot_part_size, 0), 2826 DEFINE_PROP_UINT8("boot-config", SDState, boot_config, 0x0), 2827 }; 2828 2829 static void sdmmc_common_class_init(ObjectClass *klass, const void *data) 2830 { 2831 DeviceClass *dc = DEVICE_CLASS(klass); 2832 SDCardClass *sc = SDMMC_COMMON_CLASS(klass); 2833 2834 device_class_set_props(dc, sdmmc_common_properties); 2835 dc->vmsd = &sd_vmstate; 2836 device_class_set_legacy_reset(dc, sd_reset); 2837 dc->bus_type = TYPE_SD_BUS; 2838 set_bit(DEVICE_CATEGORY_STORAGE, dc->categories); 2839 2840 sc->set_voltage = sd_set_voltage; 2841 sc->get_dat_lines = sd_get_dat_lines; 2842 sc->get_cmd_line = sd_get_cmd_line; 2843 sc->do_command = sd_do_command; 2844 sc->write_byte = sd_write_byte; 2845 sc->read_byte = sd_read_byte; 2846 sc->receive_ready = sd_receive_ready; 2847 sc->data_ready = sd_data_ready; 2848 sc->get_inserted = sd_get_inserted; 2849 sc->get_readonly = sd_get_readonly; 2850 } 2851 2852 static void sd_class_init(ObjectClass *klass, const void *data) 2853 { 2854 DeviceClass *dc = DEVICE_CLASS(klass); 2855 SDCardClass *sc = SDMMC_COMMON_CLASS(klass); 2856 2857 dc->realize = sd_realize; 2858 device_class_set_props(dc, sd_properties); 2859 2860 sc->set_cid = sd_set_cid; 2861 sc->set_csd = sd_set_csd; 2862 sc->proto = &sd_proto_sd; 2863 } 2864 2865 /* 2866 * We do not model the chip select pin, so allow the board to select 2867 * whether card should be in SSI or MMC/SD mode. It is also up to the 2868 * board to ensure that ssi transfers only occur when the chip select 2869 * is asserted. 2870 */ 2871 static void sd_spi_class_init(ObjectClass *klass, const void *data) 2872 { 2873 DeviceClass *dc = DEVICE_CLASS(klass); 2874 SDCardClass *sc = SDMMC_COMMON_CLASS(klass); 2875 2876 dc->desc = "SD SPI"; 2877 sc->proto = &sd_proto_spi; 2878 } 2879 2880 static void emmc_class_init(ObjectClass *klass, const void *data) 2881 { 2882 DeviceClass *dc = DEVICE_CLASS(klass); 2883 SDCardClass *sc = SDMMC_COMMON_CLASS(klass); 2884 2885 dc->desc = "eMMC"; 2886 dc->realize = emmc_realize; 2887 device_class_set_props(dc, emmc_properties); 2888 /* Reason: Soldered on board */ 2889 dc->user_creatable = false; 2890 2891 sc->proto = &sd_proto_emmc; 2892 2893 sc->set_cid = emmc_set_cid; 2894 sc->set_csd = emmc_set_csd; 2895 } 2896 2897 static const TypeInfo sd_types[] = { 2898 { 2899 .name = TYPE_SDMMC_COMMON, 2900 .parent = TYPE_DEVICE, 2901 .abstract = true, 2902 .instance_size = sizeof(SDState), 2903 .class_size = sizeof(SDCardClass), 2904 .class_init = sdmmc_common_class_init, 2905 .instance_init = sd_instance_init, 2906 .instance_finalize = sd_instance_finalize, 2907 }, 2908 { 2909 .name = TYPE_SD_CARD, 2910 .parent = TYPE_SDMMC_COMMON, 2911 .class_init = sd_class_init, 2912 }, 2913 { 2914 .name = TYPE_SD_CARD_SPI, 2915 .parent = TYPE_SD_CARD, 2916 .class_init = sd_spi_class_init, 2917 }, 2918 { 2919 .name = TYPE_EMMC, 2920 .parent = TYPE_SDMMC_COMMON, 2921 .class_init = emmc_class_init, 2922 }, 2923 }; 2924 2925 DEFINE_TYPES(sd_types) 2926