1 /* 2 * SD Memory Card emulation as defined in the "SD Memory Card Physical 3 * layer specification, Version 2.00." 4 * 5 * eMMC emulation defined in "JEDEC Standard No. 84-A43" 6 * 7 * Copyright (c) 2006 Andrzej Zaborowski <balrog@zabor.org> 8 * Copyright (c) 2007 CodeSourcery 9 * Copyright (c) 2018 Philippe Mathieu-Daudé <f4bug@amsat.org> 10 * 11 * Redistribution and use in source and binary forms, with or without 12 * modification, are permitted provided that the following conditions 13 * are met: 14 * 15 * 1. Redistributions of source code must retain the above copyright 16 * notice, this list of conditions and the following disclaimer. 17 * 2. Redistributions in binary form must reproduce the above copyright 18 * notice, this list of conditions and the following disclaimer in 19 * the documentation and/or other materials provided with the 20 * distribution. 21 * 22 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' 23 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, 24 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A 25 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR 26 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 27 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 28 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 29 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY 30 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 31 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 32 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 33 */ 34 35 #include "qemu/osdep.h" 36 #include "qemu/units.h" 37 #include "qemu/cutils.h" 38 #include "hw/irq.h" 39 #include "hw/registerfields.h" 40 #include "system/block-backend.h" 41 #include "hw/sd/sd.h" 42 #include "migration/vmstate.h" 43 #include "qapi/error.h" 44 #include "qemu/bitmap.h" 45 #include "hw/qdev-properties.h" 46 #include "hw/qdev-properties-system.h" 47 #include "qemu/error-report.h" 48 #include "qemu/timer.h" 49 #include "qemu/log.h" 50 #include "qemu/guest-random.h" 51 #include "qemu/module.h" 52 #include "sdmmc-internal.h" 53 #include "trace.h" 54 55 //#define DEBUG_SD 1 56 57 #define SDSC_MAX_CAPACITY (2 * GiB) 58 59 #define INVALID_ADDRESS UINT32_MAX 60 61 typedef enum { 62 sd_r0 = 0, /* no response */ 63 sd_r1, /* normal response command */ 64 spi_r2, /* STATUS */ 65 sd_r2_i, /* CID register */ 66 sd_r2_s, /* CSD register */ 67 sd_r3, /* OCR register */ 68 sd_r6 = 6, /* Published RCA response */ 69 sd_r7, /* Operating voltage */ 70 sd_r1b = -1, 71 sd_illegal = -2, 72 } sd_rsp_type_t; 73 74 typedef enum { 75 sd_spi, 76 sd_bc, /* broadcast -- no response */ 77 sd_bcr, /* broadcast with response */ 78 sd_ac, /* addressed -- no data transfer */ 79 sd_adtc, /* addressed with data transfer */ 80 } sd_cmd_type_t; 81 82 enum SDCardModes { 83 sd_inactive, 84 sd_card_identification_mode, 85 sd_data_transfer_mode, 86 }; 87 88 enum SDCardStates { 89 sd_waitirq_state = -2, /* emmc */ 90 sd_inactive_state = -1, 91 92 sd_idle_state = 0, 93 sd_ready_state = 1, 94 sd_identification_state = 2, 95 sd_standby_state = 3, 96 sd_transfer_state = 4, 97 sd_sendingdata_state = 5, 98 sd_receivingdata_state = 6, 99 sd_programming_state = 7, 100 sd_disconnect_state = 8, 101 sd_bus_test_state = 9, /* emmc */ 102 sd_sleep_state = 10, /* emmc */ 103 sd_io_state = 15 /* sd */ 104 }; 105 106 #define SDMMC_CMD_MAX 64 107 108 typedef sd_rsp_type_t (*sd_cmd_handler)(SDState *sd, SDRequest req); 109 110 typedef struct SDProto { 111 const char *name; 112 struct { 113 const unsigned class; 114 const sd_cmd_type_t type; 115 const char *name; 116 sd_cmd_handler handler; 117 } cmd[SDMMC_CMD_MAX], acmd[SDMMC_CMD_MAX]; 118 } SDProto; 119 120 struct SDState { 121 DeviceState parent_obj; 122 123 /* SD Memory Card Registers */ 124 uint32_t ocr; 125 uint8_t scr[8]; 126 uint8_t cid[16]; 127 uint8_t csd[16]; 128 uint16_t rca; 129 uint32_t card_status; 130 uint8_t sd_status[64]; 131 union { 132 uint8_t ext_csd[512]; 133 struct { 134 uint8_t ext_csd_rw[192]; /* Modes segment */ 135 uint8_t ext_csd_ro[320]; /* Properties segment */ 136 }; 137 }; 138 139 /* Static properties */ 140 141 uint8_t spec_version; 142 uint64_t boot_part_size; 143 BlockBackend *blk; 144 uint8_t boot_config; 145 146 const SDProto *proto; 147 148 /* Runtime changeables */ 149 150 uint32_t mode; /* current card mode, one of SDCardModes */ 151 int32_t state; /* current card state, one of SDCardStates */ 152 uint32_t vhs; 153 bool wp_switch; 154 unsigned long *wp_group_bmap; 155 int32_t wp_group_bits; 156 uint64_t size; 157 uint32_t blk_len; 158 uint32_t multi_blk_cnt; 159 uint32_t erase_start; 160 uint32_t erase_end; 161 uint8_t pwd[16]; 162 uint32_t pwd_len; 163 uint8_t function_group[6]; 164 uint8_t current_cmd; 165 const char *last_cmd_name; 166 /* True if we will handle the next command as an ACMD. Note that this does 167 * *not* track the APP_CMD status bit! 168 */ 169 bool expecting_acmd; 170 uint32_t blk_written; 171 172 uint64_t data_start; 173 uint32_t data_offset; 174 size_t data_size; 175 uint8_t data[512]; 176 QEMUTimer *ocr_power_timer; 177 uint8_t dat_lines; 178 bool cmd_line; 179 }; 180 181 static void sd_realize(DeviceState *dev, Error **errp); 182 183 static const SDProto sd_proto_spi; 184 static const SDProto sd_proto_emmc; 185 186 static bool sd_is_spi(SDState *sd) 187 { 188 return sd->proto == &sd_proto_spi; 189 } 190 191 static bool sd_is_emmc(SDState *sd) 192 { 193 return sd->proto == &sd_proto_emmc; 194 } 195 196 static const char *sd_version_str(enum SDPhySpecificationVersion version) 197 { 198 static const char *sdphy_version[] = { 199 [SD_PHY_SPECv1_10_VERS] = "v1.10", 200 [SD_PHY_SPECv2_00_VERS] = "v2.00", 201 [SD_PHY_SPECv3_01_VERS] = "v3.01", 202 }; 203 if (version >= ARRAY_SIZE(sdphy_version)) { 204 return "unsupported version"; 205 } 206 return sdphy_version[version]; 207 } 208 209 static const char *sd_mode_name(enum SDCardModes mode) 210 { 211 static const char *mode_name[] = { 212 [sd_inactive] = "inactive", 213 [sd_card_identification_mode] = "identification", 214 [sd_data_transfer_mode] = "transfer", 215 }; 216 assert(mode < ARRAY_SIZE(mode_name)); 217 return mode_name[mode]; 218 } 219 220 static const char *sd_state_name(enum SDCardStates state) 221 { 222 static const char *state_name[] = { 223 [sd_idle_state] = "idle", 224 [sd_ready_state] = "ready", 225 [sd_identification_state] = "identification", 226 [sd_standby_state] = "standby", 227 [sd_transfer_state] = "transfer", 228 [sd_sendingdata_state] = "sendingdata", 229 [sd_bus_test_state] = "bus-test", 230 [sd_receivingdata_state] = "receivingdata", 231 [sd_programming_state] = "programming", 232 [sd_disconnect_state] = "disconnect", 233 [sd_sleep_state] = "sleep", 234 [sd_io_state] = "i/o" 235 }; 236 if (state == sd_inactive_state) { 237 return "inactive"; 238 } 239 if (state == sd_waitirq_state) { 240 return "wait-irq"; 241 } 242 assert(state < ARRAY_SIZE(state_name)); 243 return state_name[state]; 244 } 245 246 static const char *sd_response_name(sd_rsp_type_t rsp) 247 { 248 static const char *response_name[] = { 249 [sd_r0] = "RESP#0 (no response)", 250 [sd_r1] = "RESP#1 (normal cmd)", 251 [spi_r2] = "RESP#2 (STATUS reg)", 252 [sd_r2_i] = "RESP#2 (CID reg)", 253 [sd_r2_s] = "RESP#2 (CSD reg)", 254 [sd_r3] = "RESP#3 (OCR reg)", 255 [sd_r6] = "RESP#6 (RCA)", 256 [sd_r7] = "RESP#7 (operating voltage)", 257 }; 258 if (rsp == sd_illegal) { 259 return "ILLEGAL RESP"; 260 } 261 if (rsp == sd_r1b) { 262 rsp = sd_r1; 263 } 264 assert(rsp < ARRAY_SIZE(response_name)); 265 return response_name[rsp]; 266 } 267 268 static const char *sd_cmd_name(SDState *sd, uint8_t cmd) 269 { 270 static const char *cmd_abbrev[SDMMC_CMD_MAX] = { 271 [18] = "READ_MULTIPLE_BLOCK", 272 [25] = "WRITE_MULTIPLE_BLOCK", 273 }; 274 const SDProto *sdp = sd->proto; 275 276 if (sdp->cmd[cmd].handler) { 277 assert(!cmd_abbrev[cmd]); 278 return sdp->cmd[cmd].name; 279 } 280 return cmd_abbrev[cmd] ? cmd_abbrev[cmd] : "UNKNOWN_CMD"; 281 } 282 283 static const char *sd_acmd_name(SDState *sd, uint8_t cmd) 284 { 285 const SDProto *sdp = sd->proto; 286 287 if (sdp->acmd[cmd].handler) { 288 return sdp->acmd[cmd].name; 289 } 290 291 return "UNKNOWN_ACMD"; 292 } 293 294 static uint8_t sd_get_dat_lines(SDState *sd) 295 { 296 return sd->dat_lines; 297 } 298 299 static bool sd_get_cmd_line(SDState *sd) 300 { 301 return sd->cmd_line; 302 } 303 304 static void sd_set_voltage(SDState *sd, uint16_t millivolts) 305 { 306 trace_sdcard_set_voltage(millivolts); 307 308 switch (millivolts) { 309 case 3001 ... 3600: /* SD_VOLTAGE_3_3V */ 310 case 2001 ... 3000: /* SD_VOLTAGE_3_0V */ 311 break; 312 default: 313 qemu_log_mask(LOG_GUEST_ERROR, "SD card voltage not supported: %.3fV", 314 millivolts / 1000.f); 315 } 316 } 317 318 static void sd_set_mode(SDState *sd) 319 { 320 switch (sd->state) { 321 case sd_inactive_state: 322 sd->mode = sd_inactive; 323 break; 324 325 case sd_idle_state: 326 case sd_ready_state: 327 case sd_identification_state: 328 sd->mode = sd_card_identification_mode; 329 break; 330 331 case sd_standby_state: 332 case sd_transfer_state: 333 case sd_sendingdata_state: 334 case sd_receivingdata_state: 335 case sd_programming_state: 336 case sd_disconnect_state: 337 sd->mode = sd_data_transfer_mode; 338 break; 339 } 340 } 341 342 static uint8_t sd_crc7(const void *message, size_t width) 343 { 344 int i, bit; 345 uint8_t shift_reg = 0x00; 346 const uint8_t *msg = (const uint8_t *)message; 347 348 for (i = 0; i < width; i ++, msg ++) 349 for (bit = 7; bit >= 0; bit --) { 350 shift_reg <<= 1; 351 if ((shift_reg >> 7) ^ ((*msg >> bit) & 1)) 352 shift_reg ^= 0x89; 353 } 354 355 return shift_reg; 356 } 357 358 /* Operation Conditions register */ 359 360 #define OCR_POWER_DELAY_NS 500000 /* 0.5ms */ 361 362 FIELD(OCR, VDD_VOLTAGE_WINDOW, 0, 24) 363 FIELD(OCR, VDD_VOLTAGE_WIN_LO, 0, 8) 364 FIELD(OCR, DUAL_VOLTAGE_CARD, 7, 1) 365 FIELD(OCR, VDD_VOLTAGE_WIN_HI, 8, 16) 366 FIELD(OCR, ACCEPT_SWITCH_1V8, 24, 1) /* Only UHS-I */ 367 FIELD(OCR, UHS_II_CARD, 29, 1) /* Only UHS-II */ 368 FIELD(OCR, CARD_CAPACITY, 30, 1) /* 0:SDSC, 1:SDHC/SDXC */ 369 FIELD(OCR, CARD_POWER_UP, 31, 1) 370 371 #define ACMD41_ENQUIRY_MASK 0x00ffffff 372 #define ACMD41_R3_MASK (R_OCR_VDD_VOLTAGE_WIN_HI_MASK \ 373 | R_OCR_ACCEPT_SWITCH_1V8_MASK \ 374 | R_OCR_UHS_II_CARD_MASK \ 375 | R_OCR_CARD_CAPACITY_MASK \ 376 | R_OCR_CARD_POWER_UP_MASK) 377 378 static void sd_ocr_powerup(void *opaque) 379 { 380 SDState *sd = opaque; 381 382 trace_sdcard_powerup(); 383 assert(!FIELD_EX32(sd->ocr, OCR, CARD_POWER_UP)); 384 385 /* card power-up OK */ 386 sd->ocr = FIELD_DP32(sd->ocr, OCR, CARD_POWER_UP, 1); 387 388 if (sd->size > SDSC_MAX_CAPACITY) { 389 sd->ocr = FIELD_DP32(sd->ocr, OCR, CARD_CAPACITY, 1); 390 } 391 } 392 393 static void sd_set_ocr(SDState *sd) 394 { 395 /* All voltages OK */ 396 sd->ocr = R_OCR_VDD_VOLTAGE_WIN_HI_MASK; 397 398 if (sd_is_spi(sd)) { 399 /* 400 * We don't need to emulate power up sequence in SPI-mode. 401 * Thus, the card's power up status bit should be set to 1 when reset. 402 * The card's capacity status bit should also be set if SD card size 403 * is larger than 2GB for SDHC support. 404 */ 405 sd_ocr_powerup(sd); 406 } 407 } 408 409 /* SD Configuration register */ 410 411 static void sd_set_scr(SDState *sd) 412 { 413 sd->scr[0] = 0 << 4; /* SCR structure version 1.0 */ 414 if (sd->spec_version == SD_PHY_SPECv1_10_VERS) { 415 sd->scr[0] |= 1; /* Spec Version 1.10 */ 416 } else { 417 sd->scr[0] |= 2; /* Spec Version 2.00 or Version 3.0X */ 418 } 419 sd->scr[1] = (2 << 4) /* SDSC Card (Security Version 1.01) */ 420 | 0b0101; /* 1-bit or 4-bit width bus modes */ 421 sd->scr[2] = 0x00; /* Extended Security is not supported. */ 422 if (sd->spec_version >= SD_PHY_SPECv3_01_VERS) { 423 sd->scr[2] |= 1 << 7; /* Spec Version 3.0X */ 424 } 425 sd->scr[3] = 0x00; 426 /* reserved for manufacturer usage */ 427 sd->scr[4] = 0x00; 428 sd->scr[5] = 0x00; 429 sd->scr[6] = 0x00; 430 sd->scr[7] = 0x00; 431 } 432 433 /* Card IDentification register */ 434 435 #define MID 0xaa 436 #define OID "XY" 437 #define PNM "QEMU!" 438 #define PRV 0x01 439 #define MDT_YR 2006 440 #define MDT_MON 2 441 442 static void sd_set_cid(SDState *sd) 443 { 444 sd->cid[0] = MID; /* Fake card manufacturer ID (MID) */ 445 sd->cid[1] = OID[0]; /* OEM/Application ID (OID) */ 446 sd->cid[2] = OID[1]; 447 sd->cid[3] = PNM[0]; /* Fake product name (PNM) */ 448 sd->cid[4] = PNM[1]; 449 sd->cid[5] = PNM[2]; 450 sd->cid[6] = PNM[3]; 451 sd->cid[7] = PNM[4]; 452 sd->cid[8] = PRV; /* Fake product revision (PRV) */ 453 stl_be_p(&sd->cid[9], 0xdeadbeef); /* Fake serial number (PSN) */ 454 sd->cid[13] = 0x00 | /* Manufacture date (MDT) */ 455 ((MDT_YR - 2000) / 10); 456 sd->cid[14] = ((MDT_YR % 10) << 4) | MDT_MON; 457 sd->cid[15] = (sd_crc7(sd->cid, 15) << 1) | 1; 458 } 459 460 static void emmc_set_cid(SDState *sd) 461 { 462 sd->cid[0] = MID; /* Fake card manufacturer ID (MID) */ 463 sd->cid[1] = 0b01; /* CBX: soldered BGA */ 464 sd->cid[2] = OID[0]; /* OEM/Application ID (OID) */ 465 sd->cid[3] = PNM[0]; /* Fake product name (PNM) */ 466 sd->cid[4] = PNM[1]; 467 sd->cid[5] = PNM[2]; 468 sd->cid[6] = PNM[3]; 469 sd->cid[7] = PNM[4]; 470 sd->cid[8] = PNM[4]; 471 sd->cid[9] = PRV; /* Fake product revision (PRV) */ 472 stl_be_p(&sd->cid[10], 0xdeadbeef); /* Fake serial number (PSN) */ 473 sd->cid[14] = (MDT_MON << 4) | (MDT_YR - 1997); /* Manufacture date (MDT) */ 474 sd->cid[15] = (sd_crc7(sd->cid, 15) << 1) | 1; 475 } 476 477 /* Card-Specific Data register */ 478 479 #define HWBLOCK_SHIFT 9 /* 512 bytes */ 480 #define SECTOR_SHIFT 5 /* 16 kilobytes */ 481 #define WPGROUP_SHIFT 7 /* 2 megs */ 482 #define CMULT_SHIFT 9 /* 512 times HWBLOCK_SIZE */ 483 #define WPGROUP_SIZE (1 << (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT)) 484 485 static const uint8_t sd_csd_rw_mask[16] = { 486 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 487 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xfc, 0xfe, 488 }; 489 490 static void emmc_set_ext_csd(SDState *sd, uint64_t size) 491 { 492 uint32_t sectcount = size >> HWBLOCK_SHIFT; 493 494 memset(sd->ext_csd, 0, sizeof(sd->ext_csd)); /* FIXME only RW at reset */ 495 496 /* Properties segment (RO) */ 497 sd->ext_csd[EXT_CSD_S_CMD_SET] = 0b1; /* supported command sets */ 498 sd->ext_csd[EXT_CSD_BOOT_INFO] = 0x0; /* Boot information */ 499 /* Boot partition size. 128KB unit */ 500 sd->ext_csd[EXT_CSD_BOOT_MULT] = sd->boot_part_size / (128 * KiB); 501 sd->ext_csd[EXT_CSD_ACC_SIZE] = 0x1; /* Access size */ 502 sd->ext_csd[EXT_CSD_HC_ERASE_GRP_SIZE] = 0x01; /* HC Erase unit size */ 503 sd->ext_csd[EXT_CSD_ERASE_TIMEOUT_MULT] = 0x01; /* HC erase timeout */ 504 sd->ext_csd[EXT_CSD_REL_WR_SEC_C] = 0x1; /* Reliable write sector count */ 505 sd->ext_csd[EXT_CSD_HC_WP_GRP_SIZE] = 0x01; /* HC write protect group size */ 506 sd->ext_csd[EXT_CSD_S_C_VCC] = 0x01; /* Sleep current VCC */ 507 sd->ext_csd[EXT_CSD_S_C_VCCQ] = 0x01; /* Sleep current VCCQ */ 508 sd->ext_csd[EXT_CSD_S_A_TIMEOUT] = 0x01; /* Sleep/Awake timeout */ 509 stl_le_p(&sd->ext_csd[EXT_CSD_SEC_CNT], sectcount); /* Sector count */ 510 sd->ext_csd[210] = 0x46; /* Min write perf for 8bit@52Mhz */ 511 sd->ext_csd[209] = 0x46; /* Min read perf for 8bit@52Mhz */ 512 sd->ext_csd[208] = 0x46; /* Min write perf for 4bit@52Mhz */ 513 sd->ext_csd[207] = 0x46; /* Min read perf for 4bit@52Mhz */ 514 sd->ext_csd[206] = 0x46; /* Min write perf for 4bit@26Mhz */ 515 sd->ext_csd[205] = 0x46; /* Min read perf for 4bit@26Mhz */ 516 sd->ext_csd[EXT_CSD_CARD_TYPE] = 0b11; 517 sd->ext_csd[EXT_CSD_STRUCTURE] = 2; 518 sd->ext_csd[EXT_CSD_REV] = 3; 519 520 /* Mode segment (RW) */ 521 sd->ext_csd[EXT_CSD_PART_CONFIG] = sd->boot_config; 522 } 523 524 static void emmc_set_csd(SDState *sd, uint64_t size) 525 { 526 int hwblock_shift = HWBLOCK_SHIFT; 527 uint32_t sectsize = (1 << (SECTOR_SHIFT + 1)) - 1; 528 uint32_t wpsize = (1 << (WPGROUP_SHIFT + 1)) - 1; 529 530 sd->csd[0] = (3 << 6) | (4 << 2); /* Spec v4.3 with EXT_CSD */ 531 sd->csd[1] = (1 << 3) | 6; /* Asynchronous data access time: 1ms */ 532 sd->csd[2] = 0x00; 533 sd->csd[3] = (1 << 3) | 3;; /* Maximum bus clock frequency: 100MHz */ 534 sd->csd[4] = 0x0f; 535 if (size <= 2 * GiB) { 536 /* use 1k blocks */ 537 uint32_t csize1k = (size >> (CMULT_SHIFT + 10)) - 1; 538 sd->csd[5] = 0x5a; 539 sd->csd[6] = 0x80 | ((csize1k >> 10) & 0xf); 540 sd->csd[7] = (csize1k >> 2) & 0xff; 541 } else { /* >= 2GB : size stored in ext CSD, block addressing */ 542 sd->csd[5] = 0x59; 543 sd->csd[6] = 0x8f; 544 sd->csd[7] = 0xff; 545 sd->ocr = FIELD_DP32(sd->ocr, OCR, CARD_CAPACITY, 1); 546 } 547 sd->csd[8] = 0xff; 548 sd->csd[9] = 0xfc | /* Max. write current */ 549 ((CMULT_SHIFT - 2) >> 1); 550 sd->csd[10] = 0x40 | /* Erase sector size */ 551 (((CMULT_SHIFT - 2) << 7) & 0x80) | (sectsize >> 1); 552 sd->csd[11] = 0x00 | /* Write protect group size */ 553 ((sectsize << 7) & 0x80) | wpsize; 554 sd->csd[12] = 0x90 | /* Write speed factor */ 555 (hwblock_shift >> 2); 556 sd->csd[13] = 0x20 | /* Max. write data block length */ 557 ((hwblock_shift << 6) & 0xc0); 558 sd->csd[14] = 0x00; 559 sd->csd[15] = (sd_crc7(sd->csd, 15) << 1) | 1; 560 emmc_set_ext_csd(sd, size); 561 } 562 563 static void sd_set_csd(SDState *sd, uint64_t size) 564 { 565 int hwblock_shift = HWBLOCK_SHIFT; 566 uint32_t csize; 567 uint32_t sectsize = (1 << (SECTOR_SHIFT + 1)) - 1; 568 uint32_t wpsize = (1 << (WPGROUP_SHIFT + 1)) - 1; 569 570 /* To indicate 2 GiB card, BLOCK_LEN shall be 1024 bytes */ 571 if (size == SDSC_MAX_CAPACITY) { 572 hwblock_shift += 1; 573 } 574 csize = (size >> (CMULT_SHIFT + hwblock_shift)) - 1; 575 576 if (size <= SDSC_MAX_CAPACITY) { /* Standard Capacity SD */ 577 sd->csd[0] = 0x00; /* CSD structure */ 578 sd->csd[1] = 0x26; /* Data read access-time-1 */ 579 sd->csd[2] = 0x00; /* Data read access-time-2 */ 580 sd->csd[3] = 0x32; /* Max. data transfer rate: 25 MHz */ 581 sd->csd[4] = 0x5f; /* Card Command Classes */ 582 sd->csd[5] = 0x50 | /* Max. read data block length */ 583 hwblock_shift; 584 sd->csd[6] = 0xe0 | /* Partial block for read allowed */ 585 ((csize >> 10) & 0x03); 586 sd->csd[7] = 0x00 | /* Device size */ 587 ((csize >> 2) & 0xff); 588 sd->csd[8] = 0x3f | /* Max. read current */ 589 ((csize << 6) & 0xc0); 590 sd->csd[9] = 0xfc | /* Max. write current */ 591 ((CMULT_SHIFT - 2) >> 1); 592 sd->csd[10] = 0x40 | /* Erase sector size */ 593 (((CMULT_SHIFT - 2) << 7) & 0x80) | (sectsize >> 1); 594 sd->csd[11] = 0x00 | /* Write protect group size */ 595 ((sectsize << 7) & 0x80) | wpsize; 596 sd->csd[12] = 0x90 | /* Write speed factor */ 597 (hwblock_shift >> 2); 598 sd->csd[13] = 0x20 | /* Max. write data block length */ 599 ((hwblock_shift << 6) & 0xc0); 600 sd->csd[14] = 0x00; /* File format group */ 601 } else { /* SDHC */ 602 size /= 512 * KiB; 603 size -= 1; 604 sd->csd[0] = 0x40; 605 sd->csd[1] = 0x0e; 606 sd->csd[2] = 0x00; 607 sd->csd[3] = 0x32; 608 sd->csd[4] = 0x5b; 609 sd->csd[5] = 0x59; 610 sd->csd[6] = 0x00; 611 st24_be_p(&sd->csd[7], size); 612 sd->csd[10] = 0x7f; 613 sd->csd[11] = 0x80; 614 sd->csd[12] = 0x0a; 615 sd->csd[13] = 0x40; 616 sd->csd[14] = 0x00; 617 } 618 sd->csd[15] = (sd_crc7(sd->csd, 15) << 1) | 1; 619 } 620 621 /* Relative Card Address register */ 622 623 static void sd_set_rca(SDState *sd, uint16_t value) 624 { 625 trace_sdcard_set_rca(value); 626 sd->rca = value; 627 } 628 629 static uint16_t sd_req_get_rca(SDState *s, SDRequest req) 630 { 631 switch (s->proto->cmd[req.cmd].type) { 632 case sd_ac: 633 case sd_adtc: 634 return req.arg >> 16; 635 case sd_spi: 636 default: 637 g_assert_not_reached(); 638 } 639 } 640 641 static bool sd_req_rca_same(SDState *s, SDRequest req) 642 { 643 return sd_req_get_rca(s, req) == s->rca; 644 } 645 646 /* Card Status register */ 647 648 FIELD(CSR, AKE_SEQ_ERROR, 3, 1) 649 FIELD(CSR, APP_CMD, 5, 1) 650 FIELD(CSR, FX_EVENT, 6, 1) 651 FIELD(CSR, SWITCH_ERROR, 7, 1) 652 FIELD(CSR, READY_FOR_DATA, 8, 1) 653 FIELD(CSR, CURRENT_STATE, 9, 4) 654 FIELD(CSR, ERASE_RESET, 13, 1) 655 FIELD(CSR, CARD_ECC_DISABLED, 14, 1) 656 FIELD(CSR, WP_ERASE_SKIP, 15, 1) 657 FIELD(CSR, CSD_OVERWRITE, 16, 1) 658 FIELD(CSR, DEFERRED_RESPONSE, 17, 1) 659 FIELD(CSR, ERROR, 19, 1) 660 FIELD(CSR, CC_ERROR, 20, 1) 661 FIELD(CSR, CARD_ECC_FAILED, 21, 1) 662 FIELD(CSR, ILLEGAL_COMMAND, 22, 1) 663 FIELD(CSR, COM_CRC_ERROR, 23, 1) 664 FIELD(CSR, LOCK_UNLOCK_FAILED, 24, 1) 665 FIELD(CSR, CARD_IS_LOCKED, 25, 1) 666 FIELD(CSR, WP_VIOLATION, 26, 1) 667 FIELD(CSR, ERASE_PARAM, 27, 1) 668 FIELD(CSR, ERASE_SEQ_ERROR, 28, 1) 669 FIELD(CSR, BLOCK_LEN_ERROR, 29, 1) 670 FIELD(CSR, ADDRESS_ERROR, 30, 1) 671 FIELD(CSR, OUT_OF_RANGE, 31, 1) 672 673 /* Card status bits, split by clear condition: 674 * A : According to the card current state 675 * B : Always related to the previous command 676 * C : Cleared by read 677 */ 678 #define CARD_STATUS_A (R_CSR_READY_FOR_DATA_MASK \ 679 | R_CSR_CARD_ECC_DISABLED_MASK \ 680 | R_CSR_CARD_IS_LOCKED_MASK) 681 #define CARD_STATUS_B (R_CSR_CURRENT_STATE_MASK \ 682 | R_CSR_ILLEGAL_COMMAND_MASK \ 683 | R_CSR_COM_CRC_ERROR_MASK) 684 #define CARD_STATUS_C (R_CSR_AKE_SEQ_ERROR_MASK \ 685 | R_CSR_APP_CMD_MASK \ 686 | R_CSR_ERASE_RESET_MASK \ 687 | R_CSR_WP_ERASE_SKIP_MASK \ 688 | R_CSR_CSD_OVERWRITE_MASK \ 689 | R_CSR_ERROR_MASK \ 690 | R_CSR_CC_ERROR_MASK \ 691 | R_CSR_CARD_ECC_FAILED_MASK \ 692 | R_CSR_LOCK_UNLOCK_FAILED_MASK \ 693 | R_CSR_WP_VIOLATION_MASK \ 694 | R_CSR_ERASE_PARAM_MASK \ 695 | R_CSR_ERASE_SEQ_ERROR_MASK \ 696 | R_CSR_BLOCK_LEN_ERROR_MASK \ 697 | R_CSR_ADDRESS_ERROR_MASK \ 698 | R_CSR_OUT_OF_RANGE_MASK) 699 700 static void sd_set_cardstatus(SDState *sd) 701 { 702 sd->card_status = READY_FOR_DATA; 703 } 704 705 static void sd_set_sdstatus(SDState *sd) 706 { 707 memset(sd->sd_status, 0, 64); 708 } 709 710 static const uint8_t sd_tuning_block_pattern4[64] = { 711 /* 712 * See: Physical Layer Simplified Specification Version 3.01, 713 * Table 4-2. 714 */ 715 0xff, 0x0f, 0xff, 0x00, 0x0f, 0xfc, 0xc3, 0xcc, 716 0xc3, 0x3c, 0xcc, 0xff, 0xfe, 0xff, 0xfe, 0xef, 717 0xff, 0xdf, 0xff, 0xdd, 0xff, 0xfb, 0xff, 0xfb, 718 0xbf, 0xff, 0x7f, 0xff, 0x77, 0xf7, 0xbd, 0xef, 719 0xff, 0xf0, 0xff, 0xf0, 0x0f, 0xfc, 0xcc, 0x3c, 720 0xcc, 0x33, 0xcc, 0xcf, 0xff, 0xef, 0xff, 0xee, 721 0xff, 0xfd, 0xff, 0xfd, 0xdf, 0xff, 0xbf, 0xff, 722 0xbb, 0xff, 0xf7, 0xff, 0xf7, 0x7f, 0x7b, 0xde 723 }; 724 725 static int sd_req_crc_validate(SDRequest *req) 726 { 727 uint8_t buffer[5]; 728 buffer[0] = 0x40 | req->cmd; 729 stl_be_p(&buffer[1], req->arg); 730 return 0; 731 return sd_crc7(buffer, 5) != req->crc; /* TODO */ 732 } 733 734 static size_t sd_response_size(SDState *sd, sd_rsp_type_t rtype) 735 { 736 switch (rtype) { 737 case sd_r1: 738 case sd_r1b: 739 return sd_is_spi(sd) ? 1 : 4; 740 741 case spi_r2: 742 assert(sd_is_spi(sd)); 743 return 2; 744 745 case sd_r2_i: 746 case sd_r2_s: 747 assert(!sd_is_spi(sd)); 748 return 16; 749 750 case sd_r3: 751 case sd_r7: 752 return sd_is_spi(sd) ? 5 : 4; 753 754 case sd_r6: 755 assert(!sd_is_spi(sd)); 756 return 4; 757 758 case sd_r0: 759 case sd_illegal: 760 return sd_is_spi(sd) ? 1 : 0; 761 762 default: 763 g_assert_not_reached(); 764 } 765 } 766 767 static void sd_response_r1_make(SDState *sd, uint8_t *response) 768 { 769 if (sd_is_spi(sd)) { 770 response[0] = sd->state == sd_idle_state 771 && !FIELD_EX32(sd->ocr, OCR, CARD_POWER_UP); 772 response[0] |= FIELD_EX32(sd->card_status, CSR, ERASE_RESET) << 1; 773 response[0] |= FIELD_EX32(sd->card_status, CSR, ILLEGAL_COMMAND) << 2; 774 response[0] |= FIELD_EX32(sd->card_status, CSR, COM_CRC_ERROR) << 3; 775 response[0] |= FIELD_EX32(sd->card_status, CSR, ERASE_SEQ_ERROR) << 4; 776 response[0] |= FIELD_EX32(sd->card_status, CSR, ADDRESS_ERROR) << 5; 777 response[0] |= FIELD_EX32(sd->card_status, CSR, BLOCK_LEN_ERROR) << 6; 778 response[0] |= 0 << 7; 779 } else { 780 stl_be_p(response, sd->card_status); 781 } 782 783 /* Clear the "clear on read" status bits */ 784 sd->card_status &= ~CARD_STATUS_C; 785 } 786 787 static void spi_response_r2_make(SDState *sd, uint8_t *resp) 788 { 789 /* Prepend R1 */ 790 sd_response_r1_make(sd, resp); 791 792 resp[1] = FIELD_EX32(sd->card_status, CSR, CARD_IS_LOCKED) << 0; 793 resp[1] |= (FIELD_EX32(sd->card_status, CSR, LOCK_UNLOCK_FAILED) 794 || FIELD_EX32(sd->card_status, CSR, WP_ERASE_SKIP)) << 1; 795 resp[1] |= FIELD_EX32(sd->card_status, CSR, ERROR) << 2; 796 resp[1] |= FIELD_EX32(sd->card_status, CSR, CC_ERROR) << 3; 797 resp[1] |= FIELD_EX32(sd->card_status, CSR, CARD_ECC_FAILED) << 4; 798 resp[1] |= FIELD_EX32(sd->card_status, CSR, WP_VIOLATION) << 5; 799 resp[1] |= FIELD_EX32(sd->card_status, CSR, ERASE_PARAM) << 6; 800 resp[1] |= FIELD_EX32(sd->card_status, CSR, OUT_OF_RANGE) << 7; 801 } 802 803 static void sd_response_r3_make(SDState *sd, uint8_t *response) 804 { 805 if (sd_is_spi(sd)) { 806 /* Prepend R1 */ 807 sd_response_r1_make(sd, response); 808 response++; 809 } 810 stl_be_p(response, sd->ocr & ACMD41_R3_MASK); 811 } 812 813 static void sd_response_r6_make(SDState *sd, uint8_t *response) 814 { 815 uint16_t status; 816 817 status = ((sd->card_status >> 8) & 0xc000) | 818 ((sd->card_status >> 6) & 0x2000) | 819 (sd->card_status & 0x1fff); 820 sd->card_status &= ~(CARD_STATUS_C & 0xc81fff); 821 stw_be_p(response + 0, sd->rca); 822 stw_be_p(response + 2, status); 823 } 824 825 static void sd_response_r7_make(SDState *sd, uint8_t *response) 826 { 827 if (sd_is_spi(sd)) { 828 /* Prepend R1 */ 829 sd_response_r1_make(sd, response); 830 response++; 831 } 832 stl_be_p(response, sd->vhs); 833 } 834 835 static uint32_t sd_blk_len(SDState *sd) 836 { 837 if (FIELD_EX32(sd->ocr, OCR, CARD_CAPACITY)) { 838 return 1 << HWBLOCK_SHIFT; 839 } 840 return sd->blk_len; 841 } 842 843 /* 844 * This requires a disk image that has two boot partitions inserted at the 845 * beginning of it. The size of the boot partitions is the "boot-size" 846 * property. 847 */ 848 static uint32_t sd_bootpart_offset(SDState *sd) 849 { 850 unsigned partition_access; 851 852 if (!sd->boot_part_size || !sd_is_emmc(sd)) { 853 return 0; 854 } 855 856 partition_access = sd->ext_csd[EXT_CSD_PART_CONFIG] 857 & EXT_CSD_PART_CONFIG_ACC_MASK; 858 switch (partition_access) { 859 case EXT_CSD_PART_CONFIG_ACC_DEFAULT: 860 return sd->boot_part_size * 2; 861 case EXT_CSD_PART_CONFIG_ACC_BOOT0: 862 return 0; 863 case EXT_CSD_PART_CONFIG_ACC_BOOT0 + 1: 864 return sd->boot_part_size * 1; 865 default: 866 g_assert_not_reached(); 867 } 868 } 869 870 static uint64_t sd_req_get_address(SDState *sd, SDRequest req) 871 { 872 uint64_t addr; 873 874 if (FIELD_EX32(sd->ocr, OCR, CARD_CAPACITY)) { 875 addr = (uint64_t) req.arg << HWBLOCK_SHIFT; 876 } else { 877 addr = req.arg; 878 } 879 trace_sdcard_req_addr(req.arg, addr); 880 return addr; 881 } 882 883 static inline uint64_t sd_addr_to_wpnum(uint64_t addr) 884 { 885 return addr >> (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT); 886 } 887 888 static void sd_reset(DeviceState *dev) 889 { 890 SDState *sd = SDMMC_COMMON(dev); 891 SDCardClass *sc = SDMMC_COMMON_GET_CLASS(sd); 892 uint64_t size; 893 uint64_t sect; 894 895 trace_sdcard_reset(); 896 if (sd->blk) { 897 blk_get_geometry(sd->blk, §); 898 } else { 899 sect = 0; 900 } 901 size = sect << HWBLOCK_SHIFT; 902 if (sd_is_emmc(sd)) { 903 size -= sd->boot_part_size * 2; 904 } 905 906 sect = sd_addr_to_wpnum(size) + 1; 907 908 sd->state = sd_idle_state; 909 910 /* card registers */ 911 sd->rca = sd_is_emmc(sd) ? 0x0001 : 0x0000; 912 sd->size = size; 913 sd_set_ocr(sd); 914 sd_set_scr(sd); 915 sc->set_cid(sd); 916 sc->set_csd(sd, size); 917 sd_set_cardstatus(sd); 918 sd_set_sdstatus(sd); 919 920 g_free(sd->wp_group_bmap); 921 sd->wp_switch = sd->blk ? !blk_is_writable(sd->blk) : false; 922 sd->wp_group_bits = sect; 923 sd->wp_group_bmap = bitmap_new(sd->wp_group_bits); 924 memset(sd->function_group, 0, sizeof(sd->function_group)); 925 sd->erase_start = INVALID_ADDRESS; 926 sd->erase_end = INVALID_ADDRESS; 927 sd->blk_len = 0x200; 928 sd->pwd_len = 0; 929 sd->expecting_acmd = false; 930 sd->dat_lines = 0xf; 931 sd->cmd_line = true; 932 sd->multi_blk_cnt = 0; 933 } 934 935 static bool sd_get_inserted(SDState *sd) 936 { 937 return sd->blk && blk_is_inserted(sd->blk); 938 } 939 940 static bool sd_get_readonly(SDState *sd) 941 { 942 return sd->wp_switch; 943 } 944 945 static void sd_cardchange(void *opaque, bool load, Error **errp) 946 { 947 SDState *sd = opaque; 948 DeviceState *dev = DEVICE(sd); 949 SDBus *sdbus; 950 bool inserted = sd_get_inserted(sd); 951 bool readonly = sd_get_readonly(sd); 952 953 if (inserted) { 954 trace_sdcard_inserted(readonly); 955 sd_reset(dev); 956 } else { 957 trace_sdcard_ejected(); 958 } 959 960 sdbus = SD_BUS(qdev_get_parent_bus(dev)); 961 sdbus_set_inserted(sdbus, inserted); 962 if (inserted) { 963 sdbus_set_readonly(sdbus, readonly); 964 } 965 } 966 967 static const BlockDevOps sd_block_ops = { 968 .change_media_cb = sd_cardchange, 969 }; 970 971 static bool sd_ocr_vmstate_needed(void *opaque) 972 { 973 SDState *sd = opaque; 974 975 /* Include the OCR state (and timer) if it is not yet powered up */ 976 return !FIELD_EX32(sd->ocr, OCR, CARD_POWER_UP); 977 } 978 979 static const VMStateDescription sd_ocr_vmstate = { 980 .name = "sd-card/ocr-state", 981 .version_id = 1, 982 .minimum_version_id = 1, 983 .needed = sd_ocr_vmstate_needed, 984 .fields = (const VMStateField[]) { 985 VMSTATE_UINT32(ocr, SDState), 986 VMSTATE_TIMER_PTR(ocr_power_timer, SDState), 987 VMSTATE_END_OF_LIST() 988 }, 989 }; 990 991 static bool vmstate_needed_for_emmc(void *opaque) 992 { 993 SDState *sd = opaque; 994 995 return sd_is_emmc(sd); 996 } 997 998 static const VMStateDescription emmc_extcsd_vmstate = { 999 .name = "sd-card/ext_csd_modes-state", 1000 .version_id = 1, 1001 .minimum_version_id = 1, 1002 .needed = vmstate_needed_for_emmc, 1003 .fields = (const VMStateField[]) { 1004 VMSTATE_UINT8_ARRAY(ext_csd_rw, SDState, 192), 1005 VMSTATE_END_OF_LIST() 1006 }, 1007 }; 1008 1009 static int sd_vmstate_pre_load(void *opaque) 1010 { 1011 SDState *sd = opaque; 1012 1013 /* If the OCR state is not included (prior versions, or not 1014 * needed), then the OCR must be set as powered up. If the OCR state 1015 * is included, this will be replaced by the state restore. 1016 */ 1017 sd_ocr_powerup(sd); 1018 1019 return 0; 1020 } 1021 1022 static const VMStateDescription sd_vmstate = { 1023 .name = "sd-card", 1024 .version_id = 2, 1025 .minimum_version_id = 2, 1026 .pre_load = sd_vmstate_pre_load, 1027 .fields = (const VMStateField[]) { 1028 VMSTATE_UINT32(mode, SDState), 1029 VMSTATE_INT32(state, SDState), 1030 VMSTATE_UINT8_ARRAY(cid, SDState, 16), 1031 VMSTATE_UINT8_ARRAY(csd, SDState, 16), 1032 VMSTATE_UINT16(rca, SDState), 1033 VMSTATE_UINT32(card_status, SDState), 1034 VMSTATE_PARTIAL_BUFFER(sd_status, SDState, 1), 1035 VMSTATE_UINT32(vhs, SDState), 1036 VMSTATE_BITMAP(wp_group_bmap, SDState, 0, wp_group_bits), 1037 VMSTATE_UINT32(blk_len, SDState), 1038 VMSTATE_UINT32(multi_blk_cnt, SDState), 1039 VMSTATE_UINT32(erase_start, SDState), 1040 VMSTATE_UINT32(erase_end, SDState), 1041 VMSTATE_UINT8_ARRAY(pwd, SDState, 16), 1042 VMSTATE_UINT32(pwd_len, SDState), 1043 VMSTATE_UINT8_ARRAY(function_group, SDState, 6), 1044 VMSTATE_UINT8(current_cmd, SDState), 1045 VMSTATE_BOOL(expecting_acmd, SDState), 1046 VMSTATE_UINT32(blk_written, SDState), 1047 VMSTATE_UINT64(data_start, SDState), 1048 VMSTATE_UINT32(data_offset, SDState), 1049 VMSTATE_UINT8_ARRAY(data, SDState, 512), 1050 VMSTATE_UNUSED_V(1, 512), 1051 VMSTATE_UNUSED(1), 1052 VMSTATE_END_OF_LIST() 1053 }, 1054 .subsections = (const VMStateDescription * const []) { 1055 &sd_ocr_vmstate, 1056 &emmc_extcsd_vmstate, 1057 NULL 1058 }, 1059 }; 1060 1061 static void sd_blk_read(SDState *sd, uint64_t addr, uint32_t len) 1062 { 1063 trace_sdcard_read_block(addr, len); 1064 addr += sd_bootpart_offset(sd); 1065 if (!sd->blk || blk_pread(sd->blk, addr, len, sd->data, 0) < 0) { 1066 fprintf(stderr, "sd_blk_read: read error on host side\n"); 1067 } 1068 } 1069 1070 static void sd_blk_write(SDState *sd, uint64_t addr, uint32_t len) 1071 { 1072 trace_sdcard_write_block(addr, len); 1073 addr += sd_bootpart_offset(sd); 1074 if (!sd->blk || blk_pwrite(sd->blk, addr, len, sd->data, 0) < 0) { 1075 fprintf(stderr, "sd_blk_write: write error on host side\n"); 1076 } 1077 } 1078 1079 static void sd_erase(SDState *sd) 1080 { 1081 uint64_t erase_start = sd->erase_start; 1082 uint64_t erase_end = sd->erase_end; 1083 bool sdsc = true; 1084 uint64_t wpnum; 1085 uint64_t erase_addr; 1086 int erase_len = 1 << HWBLOCK_SHIFT; 1087 1088 trace_sdcard_erase(sd->erase_start, sd->erase_end); 1089 if (sd->erase_start == INVALID_ADDRESS 1090 || sd->erase_end == INVALID_ADDRESS) { 1091 sd->card_status |= ERASE_SEQ_ERROR; 1092 sd->erase_start = INVALID_ADDRESS; 1093 sd->erase_end = INVALID_ADDRESS; 1094 return; 1095 } 1096 1097 if (FIELD_EX32(sd->ocr, OCR, CARD_CAPACITY)) { 1098 /* High capacity memory card: erase units are 512 byte blocks */ 1099 erase_start <<= HWBLOCK_SHIFT; 1100 erase_end <<= HWBLOCK_SHIFT; 1101 sdsc = false; 1102 } 1103 1104 if (erase_start > sd->size || erase_end > sd->size) { 1105 sd->card_status |= OUT_OF_RANGE; 1106 sd->erase_start = INVALID_ADDRESS; 1107 sd->erase_end = INVALID_ADDRESS; 1108 return; 1109 } 1110 1111 sd->erase_start = INVALID_ADDRESS; 1112 sd->erase_end = INVALID_ADDRESS; 1113 sd->csd[14] |= 0x40; 1114 1115 memset(sd->data, 0xff, erase_len); 1116 for (erase_addr = erase_start; erase_addr <= erase_end; 1117 erase_addr += erase_len) { 1118 if (sdsc) { 1119 /* Only SDSC cards support write protect groups */ 1120 wpnum = sd_addr_to_wpnum(erase_addr); 1121 assert(wpnum < sd->wp_group_bits); 1122 if (test_bit(wpnum, sd->wp_group_bmap)) { 1123 sd->card_status |= WP_ERASE_SKIP; 1124 continue; 1125 } 1126 } 1127 sd_blk_write(sd, erase_addr, erase_len); 1128 } 1129 } 1130 1131 static uint32_t sd_wpbits(SDState *sd, uint64_t addr) 1132 { 1133 uint32_t i, wpnum; 1134 uint32_t ret = 0; 1135 1136 wpnum = sd_addr_to_wpnum(addr); 1137 1138 for (i = 0; i < 32; i++, wpnum++, addr += WPGROUP_SIZE) { 1139 if (addr >= sd->size) { 1140 /* 1141 * If the addresses of the last groups are outside the valid range, 1142 * then the corresponding write protection bits shall be set to 0. 1143 */ 1144 continue; 1145 } 1146 assert(wpnum < sd->wp_group_bits); 1147 if (test_bit(wpnum, sd->wp_group_bmap)) { 1148 ret |= (1 << i); 1149 } 1150 } 1151 1152 return ret; 1153 } 1154 1155 enum ExtCsdAccessMode { 1156 EXT_CSD_ACCESS_MODE_COMMAND_SET = 0, 1157 EXT_CSD_ACCESS_MODE_SET_BITS = 1, 1158 EXT_CSD_ACCESS_MODE_CLEAR_BITS = 2, 1159 EXT_CSD_ACCESS_MODE_WRITE_BYTE = 3 1160 }; 1161 1162 static void emmc_function_switch(SDState *sd, uint32_t arg) 1163 { 1164 uint8_t access = extract32(arg, 24, 2); 1165 uint8_t index = extract32(arg, 16, 8); 1166 uint8_t value = extract32(arg, 8, 8); 1167 uint8_t b = sd->ext_csd[index]; 1168 1169 trace_sdcard_switch(access, index, value, extract32(arg, 0, 2)); 1170 1171 if (index >= 192) { 1172 qemu_log_mask(LOG_GUEST_ERROR, "MMC switching illegal offset\n"); 1173 sd->card_status |= R_CSR_SWITCH_ERROR_MASK; 1174 return; 1175 } 1176 1177 switch (access) { 1178 case EXT_CSD_ACCESS_MODE_COMMAND_SET: 1179 qemu_log_mask(LOG_UNIMP, "MMC Command set switching not supported\n"); 1180 return; 1181 case EXT_CSD_ACCESS_MODE_SET_BITS: 1182 b |= value; 1183 break; 1184 case EXT_CSD_ACCESS_MODE_CLEAR_BITS: 1185 b &= ~value; 1186 break; 1187 case EXT_CSD_ACCESS_MODE_WRITE_BYTE: 1188 b = value; 1189 break; 1190 } 1191 1192 trace_sdcard_ext_csd_update(index, sd->ext_csd[index], b); 1193 sd->ext_csd[index] = b; 1194 } 1195 1196 static void sd_function_switch(SDState *sd, uint32_t arg) 1197 { 1198 int i, mode, new_func; 1199 mode = !!(arg & 0x80000000); 1200 1201 sd->data[0] = 0x00; /* Maximum current consumption */ 1202 sd->data[1] = 0x01; 1203 sd->data[2] = 0x80; /* Supported group 6 functions */ 1204 sd->data[3] = 0x01; 1205 sd->data[4] = 0x80; /* Supported group 5 functions */ 1206 sd->data[5] = 0x01; 1207 sd->data[6] = 0x80; /* Supported group 4 functions */ 1208 sd->data[7] = 0x01; 1209 sd->data[8] = 0x80; /* Supported group 3 functions */ 1210 sd->data[9] = 0x01; 1211 sd->data[10] = 0x80; /* Supported group 2 functions */ 1212 sd->data[11] = 0x43; 1213 sd->data[12] = 0x80; /* Supported group 1 functions */ 1214 sd->data[13] = 0x03; 1215 1216 memset(&sd->data[14], 0, 3); 1217 for (i = 0; i < 6; i ++) { 1218 new_func = (arg >> (i * 4)) & 0x0f; 1219 if (mode && new_func != 0x0f) 1220 sd->function_group[i] = new_func; 1221 sd->data[16 - (i >> 1)] |= new_func << ((i % 2) * 4); 1222 } 1223 memset(&sd->data[17], 0, 47); 1224 } 1225 1226 static inline bool sd_wp_addr(SDState *sd, uint64_t addr) 1227 { 1228 return test_bit(sd_addr_to_wpnum(addr), sd->wp_group_bmap); 1229 } 1230 1231 static void sd_lock_command(SDState *sd) 1232 { 1233 int erase, lock, clr_pwd, set_pwd, pwd_len; 1234 erase = !!(sd->data[0] & 0x08); 1235 lock = sd->data[0] & 0x04; 1236 clr_pwd = sd->data[0] & 0x02; 1237 set_pwd = sd->data[0] & 0x01; 1238 1239 if (sd->blk_len > 1) 1240 pwd_len = sd->data[1]; 1241 else 1242 pwd_len = 0; 1243 1244 if (lock) { 1245 trace_sdcard_lock(); 1246 } else { 1247 trace_sdcard_unlock(); 1248 } 1249 if (erase) { 1250 if (!(sd->card_status & CARD_IS_LOCKED) || sd->blk_len > 1 || 1251 set_pwd || clr_pwd || lock || sd->wp_switch || 1252 (sd->csd[14] & 0x20)) { 1253 sd->card_status |= LOCK_UNLOCK_FAILED; 1254 return; 1255 } 1256 bitmap_zero(sd->wp_group_bmap, sd->wp_group_bits); 1257 sd->csd[14] &= ~0x10; 1258 sd->card_status &= ~CARD_IS_LOCKED; 1259 sd->pwd_len = 0; 1260 /* Erasing the entire card here! */ 1261 fprintf(stderr, "SD: Card force-erased by CMD42\n"); 1262 return; 1263 } 1264 1265 if (sd->blk_len < 2 + pwd_len || 1266 pwd_len <= sd->pwd_len || 1267 pwd_len > sd->pwd_len + 16) { 1268 sd->card_status |= LOCK_UNLOCK_FAILED; 1269 return; 1270 } 1271 1272 if (sd->pwd_len && memcmp(sd->pwd, sd->data + 2, sd->pwd_len)) { 1273 sd->card_status |= LOCK_UNLOCK_FAILED; 1274 return; 1275 } 1276 1277 pwd_len -= sd->pwd_len; 1278 if ((pwd_len && !set_pwd) || 1279 (clr_pwd && (set_pwd || lock)) || 1280 (lock && !sd->pwd_len && !set_pwd) || 1281 (!set_pwd && !clr_pwd && 1282 (((sd->card_status & CARD_IS_LOCKED) && lock) || 1283 (!(sd->card_status & CARD_IS_LOCKED) && !lock)))) { 1284 sd->card_status |= LOCK_UNLOCK_FAILED; 1285 return; 1286 } 1287 1288 if (set_pwd) { 1289 memcpy(sd->pwd, sd->data + 2 + sd->pwd_len, pwd_len); 1290 sd->pwd_len = pwd_len; 1291 } 1292 1293 if (clr_pwd) { 1294 sd->pwd_len = 0; 1295 } 1296 1297 if (lock) 1298 sd->card_status |= CARD_IS_LOCKED; 1299 else 1300 sd->card_status &= ~CARD_IS_LOCKED; 1301 } 1302 1303 static bool address_in_range(SDState *sd, const char *desc, 1304 uint64_t addr, uint32_t length) 1305 { 1306 if (addr + length > sd->size) { 1307 qemu_log_mask(LOG_GUEST_ERROR, 1308 "%s offset %"PRIu64" > card %"PRIu64" [%%%u]\n", 1309 desc, addr, sd->size, length); 1310 sd->card_status |= ADDRESS_ERROR; 1311 return false; 1312 } 1313 return true; 1314 } 1315 1316 static sd_rsp_type_t sd_invalid_state_for_cmd(SDState *sd, SDRequest req) 1317 { 1318 qemu_log_mask(LOG_GUEST_ERROR, "%s: CMD%i in a wrong state: %s (spec %s)\n", 1319 sd->proto->name, req.cmd, sd_state_name(sd->state), 1320 sd_version_str(sd->spec_version)); 1321 1322 return sd_illegal; 1323 } 1324 1325 static sd_rsp_type_t sd_invalid_mode_for_cmd(SDState *sd, SDRequest req) 1326 { 1327 qemu_log_mask(LOG_GUEST_ERROR, "%s: CMD%i in a wrong mode: %s (spec %s)\n", 1328 sd->proto->name, req.cmd, sd_mode_name(sd->mode), 1329 sd_version_str(sd->spec_version)); 1330 1331 return sd_illegal; 1332 } 1333 1334 static sd_rsp_type_t sd_cmd_illegal(SDState *sd, SDRequest req) 1335 { 1336 qemu_log_mask(LOG_GUEST_ERROR, "%s: Unknown CMD%i for spec %s\n", 1337 sd->proto->name, req.cmd, 1338 sd_version_str(sd->spec_version)); 1339 1340 return sd_illegal; 1341 } 1342 1343 /* Commands that are recognised but not yet implemented. */ 1344 static sd_rsp_type_t sd_cmd_unimplemented(SDState *sd, SDRequest req) 1345 { 1346 qemu_log_mask(LOG_UNIMP, "%s: CMD%i not implemented\n", 1347 sd->proto->name, req.cmd); 1348 1349 return sd_illegal; 1350 } 1351 1352 static sd_rsp_type_t sd_cmd_optional(SDState *sd, SDRequest req) 1353 { 1354 qemu_log_mask(LOG_UNIMP, "%s: Optional CMD%i not implemented\n", 1355 sd->proto->name, req.cmd); 1356 1357 return sd_illegal; 1358 } 1359 1360 /* Configure fields for following sd_generic_write_byte() calls */ 1361 static sd_rsp_type_t sd_cmd_to_receivingdata(SDState *sd, SDRequest req, 1362 uint64_t start, size_t size) 1363 { 1364 if (sd->state != sd_transfer_state) { 1365 return sd_invalid_state_for_cmd(sd, req); 1366 } 1367 sd->state = sd_receivingdata_state; 1368 sd->data_start = start; 1369 sd->data_offset = 0; 1370 /* sd->data[] used as receive buffer */ 1371 sd->data_size = size ?: sizeof(sd->data); 1372 return sd_r1; 1373 } 1374 1375 /* Configure fields for following sd_generic_read_byte() calls */ 1376 static sd_rsp_type_t sd_cmd_to_sendingdata(SDState *sd, SDRequest req, 1377 uint64_t start, 1378 const void *data, size_t size) 1379 { 1380 if (sd->state != sd_transfer_state) { 1381 return sd_invalid_state_for_cmd(sd, req); 1382 } 1383 1384 sd->state = sd_sendingdata_state; 1385 sd->data_start = start; 1386 sd->data_offset = 0; 1387 if (data) { 1388 assert(size > 0 && size <= sizeof(sd->data)); 1389 memcpy(sd->data, data, size); 1390 } 1391 if (size) { 1392 sd->data_size = size; 1393 } 1394 return sd_r1; 1395 } 1396 1397 /* CMD0 */ 1398 static sd_rsp_type_t sd_cmd_GO_IDLE_STATE(SDState *sd, SDRequest req) 1399 { 1400 if (sd->state == sd_sleep_state) { 1401 switch (req.arg) { 1402 case 0x00000000: 1403 case 0xf0f0f0f0: 1404 break; 1405 default: 1406 return sd_r0; 1407 } 1408 } 1409 if (sd->state != sd_inactive_state) { 1410 sd->state = sd_idle_state; 1411 sd_reset(DEVICE(sd)); 1412 } 1413 1414 return sd_is_spi(sd) ? sd_r1 : sd_r0; 1415 } 1416 1417 /* CMD2 */ 1418 static sd_rsp_type_t sd_cmd_ALL_SEND_CID(SDState *sd, SDRequest req) 1419 { 1420 switch (sd->state) { 1421 case sd_ready_state: 1422 sd->state = sd_identification_state; 1423 return sd_r2_i; 1424 default: 1425 return sd_invalid_state_for_cmd(sd, req); 1426 } 1427 } 1428 1429 /* CMD3 */ 1430 static sd_rsp_type_t sd_cmd_SEND_RELATIVE_ADDR(SDState *sd, SDRequest req) 1431 { 1432 uint16_t random_rca; 1433 1434 switch (sd->state) { 1435 case sd_identification_state: 1436 case sd_standby_state: 1437 sd->state = sd_standby_state; 1438 qemu_guest_getrandom_nofail(&random_rca, sizeof(random_rca)); 1439 sd_set_rca(sd, random_rca); 1440 return sd_r6; 1441 1442 default: 1443 return sd_invalid_state_for_cmd(sd, req); 1444 } 1445 } 1446 1447 static sd_rsp_type_t emmc_cmd_SET_RELATIVE_ADDR(SDState *sd, SDRequest req) 1448 { 1449 switch (sd->state) { 1450 case sd_identification_state: 1451 case sd_standby_state: 1452 sd->state = sd_standby_state; 1453 sd_set_rca(sd, req.arg >> 16); 1454 return sd_r1; 1455 1456 default: 1457 return sd_invalid_state_for_cmd(sd, req); 1458 } 1459 } 1460 1461 /* CMD5 */ 1462 static sd_rsp_type_t emmc_cmd_sleep_awake(SDState *sd, SDRequest req) 1463 { 1464 bool do_sleep = extract32(req.arg, 15, 1); 1465 1466 switch (sd->state) { 1467 case sd_sleep_state: 1468 if (!do_sleep) { 1469 /* Awake */ 1470 sd->state = sd_standby_state; 1471 } 1472 return sd_r1b; 1473 1474 case sd_standby_state: 1475 if (do_sleep) { 1476 sd->state = sd_sleep_state; 1477 } 1478 return sd_r1b; 1479 1480 default: 1481 return sd_invalid_state_for_cmd(sd, req); 1482 } 1483 } 1484 1485 /* CMD6 */ 1486 static sd_rsp_type_t sd_cmd_SWITCH_FUNCTION(SDState *sd, SDRequest req) 1487 { 1488 if (sd->mode != sd_data_transfer_mode) { 1489 return sd_invalid_mode_for_cmd(sd, req); 1490 } 1491 if (sd_is_spi(sd)) { 1492 if (sd->state == sd_idle_state) { 1493 return sd_invalid_state_for_cmd(sd, req); 1494 } 1495 } else { 1496 if (sd->state != sd_transfer_state) { 1497 return sd_invalid_state_for_cmd(sd, req); 1498 } 1499 } 1500 1501 sd_function_switch(sd, req.arg); 1502 return sd_cmd_to_sendingdata(sd, req, 0, NULL, 64); 1503 } 1504 1505 static sd_rsp_type_t emmc_cmd_SWITCH(SDState *sd, SDRequest req) 1506 { 1507 switch (sd->state) { 1508 case sd_transfer_state: 1509 sd->state = sd_programming_state; 1510 emmc_function_switch(sd, req.arg); 1511 sd->state = sd_transfer_state; 1512 return sd_r1b; 1513 default: 1514 return sd_invalid_state_for_cmd(sd, req); 1515 } 1516 } 1517 1518 /* CMD7 */ 1519 static sd_rsp_type_t sd_cmd_DE_SELECT_CARD(SDState *sd, SDRequest req) 1520 { 1521 bool same_rca = sd_req_rca_same(sd, req); 1522 1523 switch (sd->state) { 1524 case sd_standby_state: 1525 if (!same_rca) { 1526 return sd_r0; 1527 } 1528 sd->state = sd_transfer_state; 1529 return sd_r1b; 1530 1531 case sd_transfer_state: 1532 case sd_sendingdata_state: 1533 if (same_rca) { 1534 break; 1535 } 1536 sd->state = sd_standby_state; 1537 return sd_r1b; 1538 1539 case sd_disconnect_state: 1540 if (!same_rca) { 1541 return sd_r0; 1542 } 1543 sd->state = sd_programming_state; 1544 return sd_r1b; 1545 1546 case sd_programming_state: 1547 if (same_rca) { 1548 break; 1549 } 1550 sd->state = sd_disconnect_state; 1551 return sd_r1b; 1552 1553 default: 1554 break; 1555 } 1556 return sd_invalid_state_for_cmd(sd, req); 1557 } 1558 1559 /* CMD8 */ 1560 static sd_rsp_type_t sd_cmd_SEND_IF_COND(SDState *sd, SDRequest req) 1561 { 1562 if (sd->spec_version < SD_PHY_SPECv2_00_VERS) { 1563 return sd_cmd_illegal(sd, req); 1564 } 1565 if (sd->state != sd_idle_state) { 1566 return sd_invalid_state_for_cmd(sd, req); 1567 } 1568 sd->vhs = 0; 1569 1570 /* No response if not exactly one VHS bit is set. */ 1571 if (!(req.arg >> 8) || (req.arg >> (ctz32(req.arg & ~0xff) + 1))) { 1572 return sd_is_spi(sd) ? sd_r7 : sd_r0; 1573 } 1574 1575 /* Accept. */ 1576 sd->vhs = req.arg; 1577 return sd_r7; 1578 } 1579 1580 /* CMD8 */ 1581 static sd_rsp_type_t emmc_cmd_SEND_EXT_CSD(SDState *sd, SDRequest req) 1582 { 1583 if (sd->state != sd_transfer_state) { 1584 return sd_invalid_state_for_cmd(sd, req); 1585 } 1586 1587 return sd_cmd_to_sendingdata(sd, req, sd_req_get_address(sd, req), 1588 sd->ext_csd, sizeof(sd->ext_csd)); 1589 } 1590 1591 /* CMD9 */ 1592 static sd_rsp_type_t spi_cmd_SEND_CSD(SDState *sd, SDRequest req) 1593 { 1594 if (sd->state != sd_standby_state) { 1595 return sd_invalid_state_for_cmd(sd, req); 1596 } 1597 return sd_cmd_to_sendingdata(sd, req, sd_req_get_address(sd, req), 1598 sd->csd, 16); 1599 } 1600 1601 static sd_rsp_type_t sd_cmd_SEND_CSD(SDState *sd, SDRequest req) 1602 { 1603 if (sd->state != sd_standby_state) { 1604 return sd_invalid_state_for_cmd(sd, req); 1605 } 1606 1607 return sd_req_rca_same(sd, req) ? sd_r2_s : sd_r0; 1608 } 1609 1610 /* CMD10 */ 1611 static sd_rsp_type_t spi_cmd_SEND_CID(SDState *sd, SDRequest req) 1612 { 1613 if (sd->state != sd_standby_state) { 1614 return sd_invalid_state_for_cmd(sd, req); 1615 } 1616 return sd_cmd_to_sendingdata(sd, req, sd_req_get_address(sd, req), 1617 sd->cid, 16); 1618 } 1619 1620 static sd_rsp_type_t sd_cmd_SEND_CID(SDState *sd, SDRequest req) 1621 { 1622 if (sd->state != sd_standby_state) { 1623 return sd_invalid_state_for_cmd(sd, req); 1624 } 1625 1626 return sd_req_rca_same(sd, req) ? sd_r2_i : sd_r0; 1627 } 1628 1629 /* CMD12 */ 1630 static sd_rsp_type_t sd_cmd_STOP_TRANSMISSION(SDState *sd, SDRequest req) 1631 { 1632 switch (sd->state) { 1633 case sd_sendingdata_state: 1634 sd->state = sd_transfer_state; 1635 return sd_r1b; 1636 case sd_receivingdata_state: 1637 sd->state = sd_programming_state; 1638 /* Bzzzzzzztt .... Operation complete. */ 1639 sd->state = sd_transfer_state; 1640 return sd_r1; 1641 default: 1642 return sd_invalid_state_for_cmd(sd, req); 1643 } 1644 } 1645 1646 /* CMD13 */ 1647 static sd_rsp_type_t sd_cmd_SEND_STATUS(SDState *sd, SDRequest req) 1648 { 1649 if (sd->mode != sd_data_transfer_mode) { 1650 return sd_invalid_mode_for_cmd(sd, req); 1651 } 1652 1653 switch (sd->state) { 1654 case sd_standby_state: 1655 case sd_transfer_state: 1656 case sd_sendingdata_state: 1657 case sd_receivingdata_state: 1658 case sd_programming_state: 1659 case sd_disconnect_state: 1660 break; 1661 default: 1662 return sd_invalid_state_for_cmd(sd, req); 1663 } 1664 1665 if (sd_is_spi(sd)) { 1666 return spi_r2; 1667 } 1668 1669 return sd_req_rca_same(sd, req) ? sd_r1 : sd_r0; 1670 } 1671 1672 /* CMD15 */ 1673 static sd_rsp_type_t sd_cmd_GO_INACTIVE_STATE(SDState *sd, SDRequest req) 1674 { 1675 if (sd->mode != sd_data_transfer_mode) { 1676 return sd_invalid_mode_for_cmd(sd, req); 1677 } 1678 switch (sd->state) { 1679 case sd_standby_state: 1680 case sd_transfer_state: 1681 case sd_sendingdata_state: 1682 case sd_receivingdata_state: 1683 case sd_programming_state: 1684 case sd_disconnect_state: 1685 break; 1686 default: 1687 return sd_invalid_state_for_cmd(sd, req); 1688 } 1689 if (sd_req_rca_same(sd, req)) { 1690 sd->state = sd_inactive_state; 1691 } 1692 1693 return sd_r0; 1694 } 1695 1696 /* CMD16 */ 1697 static sd_rsp_type_t sd_cmd_SET_BLOCKLEN(SDState *sd, SDRequest req) 1698 { 1699 if (sd->state != sd_transfer_state) { 1700 return sd_invalid_state_for_cmd(sd, req); 1701 } 1702 if (req.arg > (1 << HWBLOCK_SHIFT)) { 1703 sd->card_status |= BLOCK_LEN_ERROR; 1704 } else { 1705 trace_sdcard_set_blocklen(req.arg); 1706 sd->blk_len = req.arg; 1707 } 1708 1709 return sd_r1; 1710 } 1711 1712 /* CMD17 */ 1713 static sd_rsp_type_t sd_cmd_READ_SINGLE_BLOCK(SDState *sd, SDRequest req) 1714 { 1715 uint64_t addr; 1716 1717 if (sd->state != sd_transfer_state) { 1718 return sd_invalid_state_for_cmd(sd, req); 1719 } 1720 1721 addr = sd_req_get_address(sd, req); 1722 if (!address_in_range(sd, "READ_SINGLE_BLOCK", addr, sd->blk_len)) { 1723 return sd_r1; 1724 } 1725 1726 sd_blk_read(sd, addr, sd->blk_len); 1727 return sd_cmd_to_sendingdata(sd, req, addr, NULL, sd->blk_len); 1728 } 1729 1730 /* CMD19 */ 1731 static sd_rsp_type_t sd_cmd_SEND_TUNING_BLOCK(SDState *sd, SDRequest req) 1732 { 1733 if (sd->spec_version < SD_PHY_SPECv3_01_VERS) { 1734 return sd_cmd_illegal(sd, req); 1735 } 1736 1737 return sd_cmd_to_sendingdata(sd, req, 0, 1738 sd_tuning_block_pattern4, 1739 sizeof(sd_tuning_block_pattern4)); 1740 } 1741 1742 /* CMD23 */ 1743 static sd_rsp_type_t sd_cmd_SET_BLOCK_COUNT(SDState *sd, SDRequest req) 1744 { 1745 if (sd->spec_version < SD_PHY_SPECv3_01_VERS) { 1746 return sd_cmd_illegal(sd, req); 1747 } 1748 1749 if (sd->state != sd_transfer_state) { 1750 return sd_invalid_state_for_cmd(sd, req); 1751 } 1752 1753 sd->multi_blk_cnt = req.arg; 1754 if (sd_is_emmc(sd)) { 1755 sd->multi_blk_cnt &= 0xffff; 1756 } 1757 trace_sdcard_set_block_count(sd->multi_blk_cnt); 1758 1759 return sd_r1; 1760 } 1761 1762 /* CMD24 */ 1763 static sd_rsp_type_t sd_cmd_WRITE_SINGLE_BLOCK(SDState *sd, SDRequest req) 1764 { 1765 uint64_t addr; 1766 1767 if (sd->state != sd_transfer_state) { 1768 return sd_invalid_state_for_cmd(sd, req); 1769 } 1770 1771 addr = sd_req_get_address(sd, req); 1772 if (!address_in_range(sd, "WRITE_SINGLE_BLOCK", addr, sd->blk_len)) { 1773 return sd_r1; 1774 } 1775 1776 if (sd->size <= SDSC_MAX_CAPACITY) { 1777 if (sd_wp_addr(sd, addr)) { 1778 sd->card_status |= WP_VIOLATION; 1779 } 1780 } 1781 if (sd->csd[14] & 0x30) { 1782 sd->card_status |= WP_VIOLATION; 1783 } 1784 1785 sd->blk_written = 0; 1786 return sd_cmd_to_receivingdata(sd, req, addr, sd->blk_len); 1787 } 1788 1789 /* CMD26 */ 1790 static sd_rsp_type_t emmc_cmd_PROGRAM_CID(SDState *sd, SDRequest req) 1791 { 1792 return sd_cmd_to_receivingdata(sd, req, 0, sizeof(sd->cid)); 1793 } 1794 1795 /* CMD27 */ 1796 static sd_rsp_type_t sd_cmd_PROGRAM_CSD(SDState *sd, SDRequest req) 1797 { 1798 return sd_cmd_to_receivingdata(sd, req, 0, sizeof(sd->csd)); 1799 } 1800 1801 static sd_rsp_type_t sd_cmd_SET_CLR_WRITE_PROT(SDState *sd, SDRequest req, 1802 bool is_write) 1803 { 1804 uint64_t addr; 1805 1806 if (sd->size > SDSC_MAX_CAPACITY) { 1807 return sd_illegal; 1808 } 1809 1810 if (sd->state != sd_transfer_state) { 1811 return sd_invalid_state_for_cmd(sd, req); 1812 } 1813 1814 addr = sd_req_get_address(sd, req); 1815 if (!address_in_range(sd, is_write ? "SET_WRITE_PROT" : "CLR_WRITE_PROT", 1816 addr, 1)) { 1817 return sd_r1b; 1818 } 1819 1820 sd->state = sd_programming_state; 1821 if (is_write) { 1822 set_bit(sd_addr_to_wpnum(addr), sd->wp_group_bmap); 1823 } else { 1824 clear_bit(sd_addr_to_wpnum(addr), sd->wp_group_bmap); 1825 } 1826 /* Bzzzzzzztt .... Operation complete. */ 1827 sd->state = sd_transfer_state; 1828 return sd_r1; 1829 } 1830 1831 /* CMD28 */ 1832 static sd_rsp_type_t sd_cmd_SET_WRITE_PROT(SDState *sd, SDRequest req) 1833 { 1834 return sd_cmd_SET_CLR_WRITE_PROT(sd, req, true); 1835 } 1836 1837 /* CMD29 */ 1838 static sd_rsp_type_t sd_cmd_CLR_WRITE_PROT(SDState *sd, SDRequest req) 1839 { 1840 return sd_cmd_SET_CLR_WRITE_PROT(sd, req, false); 1841 } 1842 1843 /* CMD30 */ 1844 static sd_rsp_type_t sd_cmd_SEND_WRITE_PROT(SDState *sd, SDRequest req) 1845 { 1846 uint64_t addr; 1847 uint32_t data; 1848 1849 if (sd->size > SDSC_MAX_CAPACITY) { 1850 return sd_illegal; 1851 } 1852 1853 if (sd->state != sd_transfer_state) { 1854 return sd_invalid_state_for_cmd(sd, req); 1855 } 1856 1857 addr = sd_req_get_address(sd, req); 1858 if (!address_in_range(sd, "SEND_WRITE_PROT", addr, sd->blk_len)) { 1859 return sd_r1; 1860 } 1861 1862 data = sd_wpbits(sd, req.arg); 1863 return sd_cmd_to_sendingdata(sd, req, addr, &data, sizeof(data)); 1864 } 1865 1866 /* CMD32 */ 1867 static sd_rsp_type_t sd_cmd_ERASE_WR_BLK_START(SDState *sd, SDRequest req) 1868 { 1869 if (sd->state != sd_transfer_state) { 1870 return sd_invalid_state_for_cmd(sd, req); 1871 } 1872 sd->erase_start = req.arg; 1873 return sd_r1; 1874 } 1875 1876 /* CMD33 */ 1877 static sd_rsp_type_t sd_cmd_ERASE_WR_BLK_END(SDState *sd, SDRequest req) 1878 { 1879 if (sd->state != sd_transfer_state) { 1880 return sd_invalid_state_for_cmd(sd, req); 1881 } 1882 sd->erase_end = req.arg; 1883 return sd_r1; 1884 } 1885 1886 /* CMD38 */ 1887 static sd_rsp_type_t sd_cmd_ERASE(SDState *sd, SDRequest req) 1888 { 1889 if (sd->state != sd_transfer_state) { 1890 return sd_invalid_state_for_cmd(sd, req); 1891 } 1892 if (sd->csd[14] & 0x30) { 1893 sd->card_status |= WP_VIOLATION; 1894 return sd_r1b; 1895 } 1896 1897 sd->state = sd_programming_state; 1898 sd_erase(sd); 1899 /* Bzzzzzzztt .... Operation complete. */ 1900 sd->state = sd_transfer_state; 1901 return sd_r1b; 1902 } 1903 1904 /* CMD42 */ 1905 static sd_rsp_type_t sd_cmd_LOCK_UNLOCK(SDState *sd, SDRequest req) 1906 { 1907 return sd_cmd_to_receivingdata(sd, req, 0, 0); 1908 } 1909 1910 /* CMD55 */ 1911 static sd_rsp_type_t sd_cmd_APP_CMD(SDState *sd, SDRequest req) 1912 { 1913 switch (sd->state) { 1914 case sd_ready_state: 1915 case sd_identification_state: 1916 case sd_inactive_state: 1917 case sd_sleep_state: 1918 return sd_invalid_state_for_cmd(sd, req); 1919 case sd_idle_state: 1920 if (!sd_is_spi(sd) && sd_req_get_rca(sd, req) != 0x0000) { 1921 qemu_log_mask(LOG_GUEST_ERROR, 1922 "SD: illegal RCA 0x%04x for APP_CMD\n", req.cmd); 1923 } 1924 /* fall-through */ 1925 default: 1926 break; 1927 } 1928 if (!sd_is_spi(sd) && !sd_req_rca_same(sd, req)) { 1929 return sd_r0; 1930 } 1931 sd->expecting_acmd = true; 1932 sd->card_status |= APP_CMD; 1933 1934 return sd_r1; 1935 } 1936 1937 /* CMD56 */ 1938 static sd_rsp_type_t sd_cmd_GEN_CMD(SDState *sd, SDRequest req) 1939 { 1940 if (sd->state != sd_transfer_state) { 1941 return sd_invalid_state_for_cmd(sd, req); 1942 } 1943 1944 /* Vendor specific command: our model is RAZ/WI */ 1945 if (req.arg & 1) { 1946 memset(sd->data, 0, sizeof(sd->data)); 1947 return sd_cmd_to_sendingdata(sd, req, 0, NULL, 0); 1948 } else { 1949 return sd_cmd_to_receivingdata(sd, req, 0, 0); 1950 } 1951 } 1952 1953 /* CMD58 */ 1954 static sd_rsp_type_t spi_cmd_READ_OCR(SDState *sd, SDRequest req) 1955 { 1956 return sd_r3; 1957 } 1958 1959 /* CMD59 */ 1960 static sd_rsp_type_t spi_cmd_CRC_ON_OFF(SDState *sd, SDRequest req) 1961 { 1962 return sd_r1; 1963 } 1964 1965 /* ACMD6 */ 1966 static sd_rsp_type_t sd_acmd_SET_BUS_WIDTH(SDState *sd, SDRequest req) 1967 { 1968 if (sd->state != sd_transfer_state) { 1969 return sd_invalid_state_for_cmd(sd, req); 1970 } 1971 1972 sd->sd_status[0] &= 0x3f; 1973 sd->sd_status[0] |= (req.arg & 0x03) << 6; 1974 return sd_r1; 1975 } 1976 1977 /* ACMD13 */ 1978 static sd_rsp_type_t sd_acmd_SD_STATUS(SDState *sd, SDRequest req) 1979 { 1980 sd_rsp_type_t rsp; 1981 1982 rsp = sd_cmd_to_sendingdata(sd, req, 0, 1983 sd->sd_status, sizeof(sd->sd_status)); 1984 if (sd_is_spi(sd) && rsp != sd_illegal) { 1985 return spi_r2; 1986 } 1987 return rsp; 1988 } 1989 1990 /* ACMD22 */ 1991 static sd_rsp_type_t sd_acmd_SEND_NUM_WR_BLOCKS(SDState *sd, SDRequest req) 1992 { 1993 return sd_cmd_to_sendingdata(sd, req, 0, 1994 &sd->blk_written, sizeof(sd->blk_written)); 1995 } 1996 1997 /* ACMD23 */ 1998 static sd_rsp_type_t sd_acmd_SET_WR_BLK_ERASE_COUNT(SDState *sd, SDRequest req) 1999 { 2000 if (sd->state != sd_transfer_state) { 2001 return sd_invalid_state_for_cmd(sd, req); 2002 } 2003 return sd_r1; 2004 } 2005 2006 /* ACMD41 */ 2007 static sd_rsp_type_t sd_cmd_SEND_OP_COND(SDState *sd, SDRequest req) 2008 { 2009 if (sd->state != sd_idle_state) { 2010 return sd_invalid_state_for_cmd(sd, req); 2011 } 2012 2013 /* 2014 * If it's the first ACMD41 since reset, we need to decide 2015 * whether to power up. If this is not an enquiry ACMD41, 2016 * we immediately report power on and proceed below to the 2017 * ready state, but if it is, we set a timer to model a 2018 * delay for power up. This works around a bug in EDK2 2019 * UEFI, which sends an initial enquiry ACMD41, but 2020 * assumes that the card is in ready state as soon as it 2021 * sees the power up bit set. 2022 */ 2023 if (!FIELD_EX32(sd->ocr, OCR, CARD_POWER_UP)) { 2024 if ((req.arg & ACMD41_ENQUIRY_MASK) != 0) { 2025 timer_del(sd->ocr_power_timer); 2026 sd_ocr_powerup(sd); 2027 } else { 2028 trace_sdcard_inquiry_cmd41(); 2029 if (!timer_pending(sd->ocr_power_timer)) { 2030 timer_mod_ns(sd->ocr_power_timer, 2031 (qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) 2032 + OCR_POWER_DELAY_NS)); 2033 } 2034 } 2035 } 2036 2037 if (FIELD_EX32(sd->ocr & req.arg, OCR, VDD_VOLTAGE_WINDOW)) { 2038 /* 2039 * We accept any voltage. 10000 V is nothing. 2040 * 2041 * Once we're powered up, we advance straight to ready state 2042 * unless it's an enquiry ACMD41 (bits 23:0 == 0). 2043 */ 2044 sd->state = sd_ready_state; 2045 } 2046 2047 if (sd_is_spi(sd)) { 2048 return sd_r1; 2049 } 2050 return sd_r3; 2051 } 2052 2053 /* ACMD42 */ 2054 static sd_rsp_type_t sd_acmd_SET_CLR_CARD_DETECT(SDState *sd, SDRequest req) 2055 { 2056 if (sd->state != sd_transfer_state) { 2057 return sd_invalid_state_for_cmd(sd, req); 2058 } 2059 2060 /* Bringing in the 50KOhm pull-up resistor... Done. */ 2061 return sd_r1; 2062 } 2063 2064 /* ACMD51 */ 2065 static sd_rsp_type_t sd_acmd_SEND_SCR(SDState *sd, SDRequest req) 2066 { 2067 return sd_cmd_to_sendingdata(sd, req, 0, sd->scr, sizeof(sd->scr)); 2068 } 2069 2070 static sd_rsp_type_t sd_normal_command(SDState *sd, SDRequest req) 2071 { 2072 uint64_t addr; 2073 2074 sd->last_cmd_name = sd_cmd_name(sd, req.cmd); 2075 /* CMD55 precedes an ACMD, so we are not interested in tracing it. 2076 * However there is no ACMD55, so we want to trace this particular case. 2077 */ 2078 if (req.cmd != 55 || sd->expecting_acmd) { 2079 trace_sdcard_normal_command(sd->proto->name, 2080 sd->last_cmd_name, req.cmd, 2081 req.arg, sd_state_name(sd->state)); 2082 } 2083 2084 /* Not interpreting this as an app command */ 2085 sd->card_status &= ~APP_CMD; 2086 2087 /* CMD23 (set block count) must be immediately followed by CMD18 or CMD25 2088 * if not, its effects are cancelled */ 2089 if (sd->multi_blk_cnt != 0 && !(req.cmd == 18 || req.cmd == 25)) { 2090 sd->multi_blk_cnt = 0; 2091 } 2092 2093 if (sd->proto->cmd[req.cmd].class == 6 && FIELD_EX32(sd->ocr, OCR, 2094 CARD_CAPACITY)) { 2095 /* Only Standard Capacity cards support class 6 commands */ 2096 return sd_illegal; 2097 } 2098 2099 if (sd->proto->cmd[req.cmd].handler) { 2100 return sd->proto->cmd[req.cmd].handler(sd, req); 2101 } 2102 2103 switch (req.cmd) { 2104 /* Block read commands (Class 2) */ 2105 case 18: /* CMD18: READ_MULTIPLE_BLOCK */ 2106 addr = sd_req_get_address(sd, req); 2107 switch (sd->state) { 2108 case sd_transfer_state: 2109 2110 if (!address_in_range(sd, "READ_BLOCK", addr, sd->blk_len)) { 2111 return sd_r1; 2112 } 2113 2114 sd->state = sd_sendingdata_state; 2115 sd->data_start = addr; 2116 sd->data_offset = 0; 2117 return sd_r1; 2118 2119 default: 2120 break; 2121 } 2122 break; 2123 2124 /* Block write commands (Class 4) */ 2125 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */ 2126 addr = sd_req_get_address(sd, req); 2127 switch (sd->state) { 2128 case sd_transfer_state: 2129 2130 if (!address_in_range(sd, "WRITE_BLOCK", addr, sd->blk_len)) { 2131 return sd_r1; 2132 } 2133 2134 sd->state = sd_receivingdata_state; 2135 sd->data_start = addr; 2136 sd->data_offset = 0; 2137 sd->blk_written = 0; 2138 2139 if (sd->size <= SDSC_MAX_CAPACITY) { 2140 if (sd_wp_addr(sd, sd->data_start)) { 2141 sd->card_status |= WP_VIOLATION; 2142 } 2143 } 2144 if (sd->csd[14] & 0x30) { 2145 sd->card_status |= WP_VIOLATION; 2146 } 2147 return sd_r1; 2148 2149 default: 2150 break; 2151 } 2152 break; 2153 2154 default: 2155 qemu_log_mask(LOG_GUEST_ERROR, "SD: Unknown CMD%i\n", req.cmd); 2156 return sd_illegal; 2157 } 2158 2159 return sd_invalid_state_for_cmd(sd, req); 2160 } 2161 2162 static sd_rsp_type_t sd_app_command(SDState *sd, 2163 SDRequest req) 2164 { 2165 sd->last_cmd_name = sd_acmd_name(sd, req.cmd); 2166 trace_sdcard_app_command(sd->proto->name, sd->last_cmd_name, 2167 req.cmd, req.arg, sd_state_name(sd->state)); 2168 sd->card_status |= APP_CMD; 2169 2170 if (sd->proto->acmd[req.cmd].handler) { 2171 return sd->proto->acmd[req.cmd].handler(sd, req); 2172 } 2173 2174 switch (req.cmd) { 2175 case 18: /* Reserved for SD security applications */ 2176 case 25: 2177 case 26: 2178 case 38: 2179 case 43 ... 49: 2180 /* Refer to the "SD Specifications Part3 Security Specification" for 2181 * information about the SD Security Features. 2182 */ 2183 qemu_log_mask(LOG_UNIMP, "SD: CMD%i Security not implemented\n", 2184 req.cmd); 2185 return sd_illegal; 2186 2187 default: 2188 /* Fall back to standard commands. */ 2189 return sd_normal_command(sd, req); 2190 } 2191 2192 qemu_log_mask(LOG_GUEST_ERROR, "SD: ACMD%i in a wrong state\n", req.cmd); 2193 return sd_illegal; 2194 } 2195 2196 static bool cmd_valid_while_locked(SDState *sd, unsigned cmd) 2197 { 2198 unsigned cmd_class; 2199 2200 /* Valid commands in locked state: 2201 * basic class (0) 2202 * lock card class (7) 2203 * CMD16 2204 * implicitly, the ACMD prefix CMD55 2205 * ACMD41 and ACMD42 2206 * Anything else provokes an "illegal command" response. 2207 */ 2208 if (sd->expecting_acmd) { 2209 return cmd == 41 || cmd == 42; 2210 } 2211 if (cmd == 16 || cmd == 55) { 2212 return true; 2213 } 2214 if (!sd->proto->cmd[cmd].handler) { 2215 return false; 2216 } 2217 cmd_class = sd->proto->cmd[cmd].class; 2218 2219 return cmd_class == 0 || cmd_class == 7; 2220 } 2221 2222 static size_t sd_do_command(SDState *sd, SDRequest *req, 2223 uint8_t *response, size_t respsz) 2224 { 2225 int last_state; 2226 sd_rsp_type_t rtype; 2227 int rsplen; 2228 2229 if (!sd->blk || !blk_is_inserted(sd->blk)) { 2230 return 0; 2231 } 2232 2233 if (sd->state == sd_inactive_state) { 2234 rtype = sd_illegal; 2235 goto send_response; 2236 } 2237 2238 if (sd_req_crc_validate(req)) { 2239 sd->card_status |= COM_CRC_ERROR; 2240 rtype = sd_illegal; 2241 goto send_response; 2242 } 2243 2244 if (req->cmd >= SDMMC_CMD_MAX) { 2245 qemu_log_mask(LOG_GUEST_ERROR, "SD: incorrect command 0x%02x\n", 2246 req->cmd); 2247 req->cmd &= 0x3f; 2248 } 2249 2250 if (sd->state == sd_sleep_state && req->cmd) { 2251 qemu_log_mask(LOG_GUEST_ERROR, "SD: Card is sleeping\n"); 2252 rtype = sd_r0; 2253 goto send_response; 2254 } 2255 2256 if (sd->card_status & CARD_IS_LOCKED) { 2257 if (!cmd_valid_while_locked(sd, req->cmd)) { 2258 sd->card_status |= ILLEGAL_COMMAND; 2259 sd->expecting_acmd = false; 2260 qemu_log_mask(LOG_GUEST_ERROR, "SD: Card is locked\n"); 2261 rtype = sd_illegal; 2262 goto send_response; 2263 } 2264 } 2265 2266 last_state = sd->state; 2267 sd_set_mode(sd); 2268 2269 if (sd->expecting_acmd) { 2270 sd->expecting_acmd = false; 2271 rtype = sd_app_command(sd, *req); 2272 } else { 2273 rtype = sd_normal_command(sd, *req); 2274 } 2275 2276 if (rtype == sd_illegal) { 2277 sd->card_status |= ILLEGAL_COMMAND; 2278 } else { 2279 /* Valid command, we can update the 'state before command' bits. 2280 * (Do this now so they appear in r1 responses.) 2281 */ 2282 sd->card_status = FIELD_DP32(sd->card_status, CSR, 2283 CURRENT_STATE, last_state); 2284 } 2285 2286 send_response: 2287 rsplen = sd_response_size(sd, rtype); 2288 assert(rsplen <= respsz); 2289 2290 switch (rtype) { 2291 case sd_r1: 2292 case sd_r1b: 2293 sd_response_r1_make(sd, response); 2294 break; 2295 2296 case spi_r2: 2297 spi_response_r2_make(sd, response); 2298 break; 2299 2300 case sd_r2_i: 2301 memcpy(response, sd->cid, sizeof(sd->cid)); 2302 break; 2303 2304 case sd_r2_s: 2305 memcpy(response, sd->csd, sizeof(sd->csd)); 2306 break; 2307 2308 case sd_r3: 2309 sd_response_r3_make(sd, response); 2310 break; 2311 2312 case sd_r6: 2313 sd_response_r6_make(sd, response); 2314 break; 2315 2316 case sd_r7: 2317 sd_response_r7_make(sd, response); 2318 break; 2319 2320 case sd_r0: 2321 /* 2322 * Invalid state transition, reset implementation 2323 * fields to avoid OOB abuse. 2324 */ 2325 sd->data_start = 0; 2326 sd->data_offset = 0; 2327 /* fall-through */ 2328 case sd_illegal: 2329 break; 2330 default: 2331 g_assert_not_reached(); 2332 } 2333 trace_sdcard_response(sd_response_name(rtype), rsplen); 2334 2335 if (rtype != sd_illegal) { 2336 /* Clear the "clear on valid command" status bits now we've 2337 * sent any response 2338 */ 2339 sd->card_status &= ~CARD_STATUS_B; 2340 } 2341 2342 #ifdef DEBUG_SD 2343 qemu_hexdump(stderr, "Response", response, rsplen); 2344 #endif 2345 2346 sd->current_cmd = rtype == sd_illegal ? 0 : req->cmd; 2347 2348 return rsplen; 2349 } 2350 2351 /* Return true if buffer is consumed. Configured by sd_cmd_to_receivingdata() */ 2352 static bool sd_generic_write_byte(SDState *sd, uint8_t value) 2353 { 2354 sd->data[sd->data_offset] = value; 2355 2356 if (++sd->data_offset >= sd->data_size) { 2357 sd->state = sd_transfer_state; 2358 return true; 2359 } 2360 return false; 2361 } 2362 2363 /* Return true when buffer is consumed. Configured by sd_cmd_to_sendingdata() */ 2364 static bool sd_generic_read_byte(SDState *sd, uint8_t *value) 2365 { 2366 *value = sd->data[sd->data_offset]; 2367 2368 if (++sd->data_offset >= sd->data_size) { 2369 sd->state = sd_transfer_state; 2370 return true; 2371 } 2372 2373 return false; 2374 } 2375 2376 static void sd_write_byte(SDState *sd, uint8_t value) 2377 { 2378 int i; 2379 2380 if (!sd->blk || !blk_is_inserted(sd->blk)) { 2381 return; 2382 } 2383 2384 if (sd->state != sd_receivingdata_state) { 2385 qemu_log_mask(LOG_GUEST_ERROR, 2386 "%s: not in Receiving-Data state\n", __func__); 2387 return; 2388 } 2389 2390 if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION)) 2391 return; 2392 2393 trace_sdcard_write_data(sd->proto->name, 2394 sd->last_cmd_name, 2395 sd->current_cmd, sd->data_offset, value); 2396 switch (sd->current_cmd) { 2397 case 24: /* CMD24: WRITE_SINGLE_BLOCK */ 2398 if (sd_generic_write_byte(sd, value)) { 2399 /* TODO: Check CRC before committing */ 2400 sd->state = sd_programming_state; 2401 sd_blk_write(sd, sd->data_start, sd->data_offset); 2402 sd->blk_written ++; 2403 sd->csd[14] |= 0x40; 2404 /* Bzzzzzzztt .... Operation complete. */ 2405 sd->state = sd_transfer_state; 2406 } 2407 break; 2408 2409 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */ 2410 if (sd->data_offset == 0) { 2411 /* Start of the block - let's check the address is valid */ 2412 if (!address_in_range(sd, "WRITE_MULTIPLE_BLOCK", 2413 sd->data_start, sd->blk_len)) { 2414 break; 2415 } 2416 if (sd->size <= SDSC_MAX_CAPACITY) { 2417 if (sd_wp_addr(sd, sd->data_start)) { 2418 sd->card_status |= WP_VIOLATION; 2419 break; 2420 } 2421 } 2422 } 2423 sd->data[sd->data_offset++] = value; 2424 if (sd->data_offset >= sd->blk_len) { 2425 /* TODO: Check CRC before committing */ 2426 sd->state = sd_programming_state; 2427 sd_blk_write(sd, sd->data_start, sd->data_offset); 2428 sd->blk_written++; 2429 sd->data_start += sd->blk_len; 2430 sd->data_offset = 0; 2431 sd->csd[14] |= 0x40; 2432 2433 /* Bzzzzzzztt .... Operation complete. */ 2434 if (sd->multi_blk_cnt != 0) { 2435 if (--sd->multi_blk_cnt == 0) { 2436 /* Stop! */ 2437 sd->state = sd_transfer_state; 2438 break; 2439 } 2440 } 2441 2442 sd->state = sd_receivingdata_state; 2443 } 2444 break; 2445 2446 case 26: /* CMD26: PROGRAM_CID */ 2447 if (sd_generic_write_byte(sd, value)) { 2448 /* TODO: Check CRC before committing */ 2449 sd->state = sd_programming_state; 2450 for (i = 0; i < sizeof(sd->cid); i ++) 2451 if ((sd->cid[i] | 0x00) != sd->data[i]) 2452 sd->card_status |= CID_CSD_OVERWRITE; 2453 2454 if (!(sd->card_status & CID_CSD_OVERWRITE)) 2455 for (i = 0; i < sizeof(sd->cid); i ++) { 2456 sd->cid[i] |= 0x00; 2457 sd->cid[i] &= sd->data[i]; 2458 } 2459 /* Bzzzzzzztt .... Operation complete. */ 2460 sd->state = sd_transfer_state; 2461 } 2462 break; 2463 2464 case 27: /* CMD27: PROGRAM_CSD */ 2465 if (sd_generic_write_byte(sd, value)) { 2466 /* TODO: Check CRC before committing */ 2467 sd->state = sd_programming_state; 2468 for (i = 0; i < sizeof(sd->csd); i ++) 2469 if ((sd->csd[i] | sd_csd_rw_mask[i]) != 2470 (sd->data[i] | sd_csd_rw_mask[i])) 2471 sd->card_status |= CID_CSD_OVERWRITE; 2472 2473 /* Copy flag (OTP) & Permanent write protect */ 2474 if (sd->csd[14] & ~sd->data[14] & 0x60) 2475 sd->card_status |= CID_CSD_OVERWRITE; 2476 2477 if (!(sd->card_status & CID_CSD_OVERWRITE)) 2478 for (i = 0; i < sizeof(sd->csd); i ++) { 2479 sd->csd[i] |= sd_csd_rw_mask[i]; 2480 sd->csd[i] &= sd->data[i]; 2481 } 2482 /* Bzzzzzzztt .... Operation complete. */ 2483 sd->state = sd_transfer_state; 2484 } 2485 break; 2486 2487 case 42: /* CMD42: LOCK_UNLOCK */ 2488 if (sd_generic_write_byte(sd, value)) { 2489 /* TODO: Check CRC before committing */ 2490 sd->state = sd_programming_state; 2491 sd_lock_command(sd); 2492 /* Bzzzzzzztt .... Operation complete. */ 2493 sd->state = sd_transfer_state; 2494 } 2495 break; 2496 2497 case 56: /* CMD56: GEN_CMD */ 2498 sd_generic_write_byte(sd, value); 2499 break; 2500 2501 default: 2502 g_assert_not_reached(); 2503 } 2504 } 2505 2506 static uint8_t sd_read_byte(SDState *sd) 2507 { 2508 /* TODO: Append CRCs */ 2509 const uint8_t dummy_byte = 0x00; 2510 uint8_t ret; 2511 uint32_t io_len; 2512 2513 if (!sd->blk || !blk_is_inserted(sd->blk)) { 2514 return dummy_byte; 2515 } 2516 2517 if (sd->state != sd_sendingdata_state) { 2518 qemu_log_mask(LOG_GUEST_ERROR, 2519 "%s: not in Sending-Data state\n", __func__); 2520 return dummy_byte; 2521 } 2522 2523 if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION)) { 2524 return dummy_byte; 2525 } 2526 2527 io_len = sd_blk_len(sd); 2528 2529 trace_sdcard_read_data(sd->proto->name, 2530 sd->last_cmd_name, sd->current_cmd, 2531 sd->data_offset, sd->data_size, io_len); 2532 switch (sd->current_cmd) { 2533 case 6: /* CMD6: SWITCH_FUNCTION */ 2534 case 8: /* CMD8: SEND_EXT_CSD */ 2535 case 9: /* CMD9: SEND_CSD */ 2536 case 10: /* CMD10: SEND_CID */ 2537 case 13: /* ACMD13: SD_STATUS */ 2538 case 17: /* CMD17: READ_SINGLE_BLOCK */ 2539 case 19: /* CMD19: SEND_TUNING_BLOCK (SD) */ 2540 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */ 2541 case 30: /* CMD30: SEND_WRITE_PROT */ 2542 case 51: /* ACMD51: SEND_SCR */ 2543 case 56: /* CMD56: GEN_CMD */ 2544 sd_generic_read_byte(sd, &ret); 2545 break; 2546 2547 case 18: /* CMD18: READ_MULTIPLE_BLOCK */ 2548 if (sd->data_offset == 0) { 2549 if (!address_in_range(sd, "READ_MULTIPLE_BLOCK", 2550 sd->data_start, io_len)) { 2551 return dummy_byte; 2552 } 2553 sd_blk_read(sd, sd->data_start, io_len); 2554 } 2555 ret = sd->data[sd->data_offset ++]; 2556 2557 if (sd->data_offset >= io_len) { 2558 sd->data_start += io_len; 2559 sd->data_offset = 0; 2560 2561 if (sd->multi_blk_cnt != 0) { 2562 if (--sd->multi_blk_cnt == 0) { 2563 /* Stop! */ 2564 sd->state = sd_transfer_state; 2565 break; 2566 } 2567 } 2568 } 2569 break; 2570 2571 default: 2572 qemu_log_mask(LOG_GUEST_ERROR, "%s: DAT read illegal for command %s\n", 2573 __func__, sd->last_cmd_name); 2574 return dummy_byte; 2575 } 2576 2577 return ret; 2578 } 2579 2580 static bool sd_receive_ready(SDState *sd) 2581 { 2582 return sd->state == sd_receivingdata_state; 2583 } 2584 2585 static bool sd_data_ready(SDState *sd) 2586 { 2587 return sd->state == sd_sendingdata_state; 2588 } 2589 2590 static const SDProto sd_proto_spi = { 2591 .name = "SPI", 2592 .cmd = { 2593 [0] = {0, sd_spi, "GO_IDLE_STATE", sd_cmd_GO_IDLE_STATE}, 2594 [1] = {0, sd_spi, "SEND_OP_COND", sd_cmd_SEND_OP_COND}, 2595 [5] = {9, sd_spi, "IO_SEND_OP_COND", sd_cmd_optional}, 2596 [6] = {10, sd_spi, "SWITCH_FUNCTION", sd_cmd_SWITCH_FUNCTION}, 2597 [8] = {0, sd_spi, "SEND_IF_COND", sd_cmd_SEND_IF_COND}, 2598 [9] = {0, sd_spi, "SEND_CSD", spi_cmd_SEND_CSD}, 2599 [10] = {0, sd_spi, "SEND_CID", spi_cmd_SEND_CID}, 2600 [12] = {0, sd_spi, "STOP_TRANSMISSION", sd_cmd_STOP_TRANSMISSION}, 2601 [13] = {0, sd_spi, "SEND_STATUS", sd_cmd_SEND_STATUS}, 2602 [16] = {2, sd_spi, "SET_BLOCKLEN", sd_cmd_SET_BLOCKLEN}, 2603 [17] = {2, sd_spi, "READ_SINGLE_BLOCK", sd_cmd_READ_SINGLE_BLOCK}, 2604 [24] = {4, sd_spi, "WRITE_SINGLE_BLOCK", sd_cmd_WRITE_SINGLE_BLOCK}, 2605 [27] = {4, sd_spi, "PROGRAM_CSD", sd_cmd_PROGRAM_CSD}, 2606 [28] = {6, sd_spi, "SET_WRITE_PROT", sd_cmd_SET_WRITE_PROT}, 2607 [29] = {6, sd_spi, "CLR_WRITE_PROT", sd_cmd_CLR_WRITE_PROT}, 2608 [30] = {6, sd_spi, "SEND_WRITE_PROT", sd_cmd_SEND_WRITE_PROT}, 2609 [32] = {5, sd_spi, "ERASE_WR_BLK_START", sd_cmd_ERASE_WR_BLK_START}, 2610 [33] = {5, sd_spi, "ERASE_WR_BLK_END", sd_cmd_ERASE_WR_BLK_END}, 2611 [34] = {10, sd_spi, "READ_SEC_CMD", sd_cmd_optional}, 2612 [35] = {10, sd_spi, "WRITE_SEC_CMD", sd_cmd_optional}, 2613 [36] = {10, sd_spi, "SEND_PSI", sd_cmd_optional}, 2614 [37] = {10, sd_spi, "CONTROL_ASSD_SYSTEM", sd_cmd_optional}, 2615 [38] = {5, sd_spi, "ERASE", sd_cmd_ERASE}, 2616 [42] = {7, sd_spi, "LOCK_UNLOCK", sd_cmd_LOCK_UNLOCK}, 2617 [50] = {10, sd_spi, "DIRECT_SECURE_READ", sd_cmd_optional}, 2618 [52] = {9, sd_spi, "IO_RW_DIRECT", sd_cmd_optional}, 2619 [53] = {9, sd_spi, "IO_RW_EXTENDED", sd_cmd_optional}, 2620 [55] = {8, sd_spi, "APP_CMD", sd_cmd_APP_CMD}, 2621 [56] = {8, sd_spi, "GEN_CMD", sd_cmd_GEN_CMD}, 2622 [57] = {10, sd_spi, "DIRECT_SECURE_WRITE", sd_cmd_optional}, 2623 [58] = {0, sd_spi, "READ_OCR", spi_cmd_READ_OCR}, 2624 [59] = {0, sd_spi, "CRC_ON_OFF", spi_cmd_CRC_ON_OFF}, 2625 }, 2626 .acmd = { 2627 [13] = {8, sd_spi, "SD_STATUS", sd_acmd_SD_STATUS}, 2628 [22] = {8, sd_spi, "SEND_NUM_WR_BLOCKS", sd_acmd_SEND_NUM_WR_BLOCKS}, 2629 [23] = {8, sd_spi, "SET_WR_BLK_ERASE_COUNT", sd_acmd_SET_WR_BLK_ERASE_COUNT}, 2630 [41] = {8, sd_spi, "SEND_OP_COND", sd_cmd_SEND_OP_COND}, 2631 [42] = {8, sd_spi, "SET_CLR_CARD_DETECT", sd_acmd_SET_CLR_CARD_DETECT}, 2632 [51] = {8, sd_spi, "SEND_SCR", sd_acmd_SEND_SCR}, 2633 }, 2634 }; 2635 2636 static const SDProto sd_proto_sd = { 2637 .name = "SD", 2638 .cmd = { 2639 [0] = {0, sd_bc, "GO_IDLE_STATE", sd_cmd_GO_IDLE_STATE}, 2640 [2] = {0, sd_bcr, "ALL_SEND_CID", sd_cmd_ALL_SEND_CID}, 2641 [3] = {0, sd_bcr, "SEND_RELATIVE_ADDR", sd_cmd_SEND_RELATIVE_ADDR}, 2642 [4] = {0, sd_bc, "SEND_DSR", sd_cmd_unimplemented}, 2643 [5] = {9, sd_bc, "IO_SEND_OP_COND", sd_cmd_optional}, 2644 [6] = {10, sd_adtc, "SWITCH_FUNCTION", sd_cmd_SWITCH_FUNCTION}, 2645 [7] = {0, sd_ac, "(DE)SELECT_CARD", sd_cmd_DE_SELECT_CARD}, 2646 [8] = {0, sd_bcr, "SEND_IF_COND", sd_cmd_SEND_IF_COND}, 2647 [9] = {0, sd_ac, "SEND_CSD", sd_cmd_SEND_CSD}, 2648 [10] = {0, sd_ac, "SEND_CID", sd_cmd_SEND_CID}, 2649 [11] = {0, sd_ac, "VOLTAGE_SWITCH", sd_cmd_optional}, 2650 [12] = {0, sd_ac, "STOP_TRANSMISSION", sd_cmd_STOP_TRANSMISSION}, 2651 [13] = {0, sd_ac, "SEND_STATUS", sd_cmd_SEND_STATUS}, 2652 [15] = {0, sd_ac, "GO_INACTIVE_STATE", sd_cmd_GO_INACTIVE_STATE}, 2653 [16] = {2, sd_ac, "SET_BLOCKLEN", sd_cmd_SET_BLOCKLEN}, 2654 [17] = {2, sd_adtc, "READ_SINGLE_BLOCK", sd_cmd_READ_SINGLE_BLOCK}, 2655 [19] = {2, sd_adtc, "SEND_TUNING_BLOCK", sd_cmd_SEND_TUNING_BLOCK}, 2656 [20] = {2, sd_ac, "SPEED_CLASS_CONTROL", sd_cmd_optional}, 2657 [23] = {2, sd_ac, "SET_BLOCK_COUNT", sd_cmd_SET_BLOCK_COUNT}, 2658 [24] = {4, sd_adtc, "WRITE_SINGLE_BLOCK", sd_cmd_WRITE_SINGLE_BLOCK}, 2659 [27] = {4, sd_adtc, "PROGRAM_CSD", sd_cmd_PROGRAM_CSD}, 2660 [28] = {6, sd_ac, "SET_WRITE_PROT", sd_cmd_SET_WRITE_PROT}, 2661 [29] = {6, sd_ac, "CLR_WRITE_PROT", sd_cmd_CLR_WRITE_PROT}, 2662 [30] = {6, sd_adtc, "SEND_WRITE_PROT", sd_cmd_SEND_WRITE_PROT}, 2663 [32] = {5, sd_ac, "ERASE_WR_BLK_START", sd_cmd_ERASE_WR_BLK_START}, 2664 [33] = {5, sd_ac, "ERASE_WR_BLK_END", sd_cmd_ERASE_WR_BLK_END}, 2665 [34] = {10, sd_adtc, "READ_SEC_CMD", sd_cmd_optional}, 2666 [35] = {10, sd_adtc, "WRITE_SEC_CMD", sd_cmd_optional}, 2667 [36] = {10, sd_adtc, "SEND_PSI", sd_cmd_optional}, 2668 [37] = {10, sd_ac, "CONTROL_ASSD_SYSTEM", sd_cmd_optional}, 2669 [38] = {5, sd_ac, "ERASE", sd_cmd_ERASE}, 2670 [42] = {7, sd_adtc, "LOCK_UNLOCK", sd_cmd_LOCK_UNLOCK}, 2671 [43] = {1, sd_ac, "Q_MANAGEMENT", sd_cmd_optional}, 2672 [44] = {1, sd_ac, "Q_TASK_INFO_A", sd_cmd_optional}, 2673 [45] = {1, sd_ac, "Q_TASK_INFO_B", sd_cmd_optional}, 2674 [46] = {1, sd_adtc, "Q_RD_TASK", sd_cmd_optional}, 2675 [47] = {1, sd_adtc, "Q_WR_TASK", sd_cmd_optional}, 2676 [48] = {1, sd_adtc, "READ_EXTR_SINGLE", sd_cmd_optional}, 2677 [49] = {1, sd_adtc, "WRITE_EXTR_SINGLE", sd_cmd_optional}, 2678 [50] = {10, sd_adtc, "DIRECT_SECURE_READ", sd_cmd_optional}, 2679 [52] = {9, sd_bc, "IO_RW_DIRECT", sd_cmd_optional}, 2680 [53] = {9, sd_bc, "IO_RW_EXTENDED", sd_cmd_optional}, 2681 [55] = {8, sd_ac, "APP_CMD", sd_cmd_APP_CMD}, 2682 [56] = {8, sd_adtc, "GEN_CMD", sd_cmd_GEN_CMD}, 2683 [57] = {10, sd_adtc, "DIRECT_SECURE_WRITE", sd_cmd_optional}, 2684 [58] = {11, sd_adtc, "READ_EXTR_MULTI", sd_cmd_optional}, 2685 [59] = {11, sd_adtc, "WRITE_EXTR_MULTI", sd_cmd_optional}, 2686 }, 2687 .acmd = { 2688 [6] = {8, sd_ac, "SET_BUS_WIDTH", sd_acmd_SET_BUS_WIDTH}, 2689 [13] = {8, sd_adtc, "SD_STATUS", sd_acmd_SD_STATUS}, 2690 [22] = {8, sd_adtc, "SEND_NUM_WR_BLOCKS", sd_acmd_SEND_NUM_WR_BLOCKS}, 2691 [23] = {8, sd_ac, "SET_WR_BLK_ERASE_COUNT", sd_acmd_SET_WR_BLK_ERASE_COUNT}, 2692 [41] = {8, sd_bcr, "SEND_OP_COND", sd_cmd_SEND_OP_COND}, 2693 [42] = {8, sd_ac, "SET_CLR_CARD_DETECT", sd_acmd_SET_CLR_CARD_DETECT}, 2694 [51] = {8, sd_adtc, "SEND_SCR", sd_acmd_SEND_SCR}, 2695 }, 2696 }; 2697 2698 static const SDProto sd_proto_emmc = { 2699 /* Only v4.3 is supported */ 2700 .name = "eMMC", 2701 .cmd = { 2702 [0] = {0, sd_bc, "GO_IDLE_STATE", sd_cmd_GO_IDLE_STATE}, 2703 [1] = {0, sd_bcr, "SEND_OP_COND", sd_cmd_SEND_OP_COND}, 2704 [2] = {0, sd_bcr, "ALL_SEND_CID", sd_cmd_ALL_SEND_CID}, 2705 [3] = {0, sd_ac, "SET_RELATIVE_ADDR", emmc_cmd_SET_RELATIVE_ADDR}, 2706 [4] = {0, sd_bc, "SEND_DSR", sd_cmd_unimplemented}, 2707 [5] = {0, sd_ac, "SLEEP/AWAKE", emmc_cmd_sleep_awake}, 2708 [6] = {10, sd_adtc, "SWITCH", emmc_cmd_SWITCH}, 2709 [7] = {0, sd_ac, "(DE)SELECT_CARD", sd_cmd_DE_SELECT_CARD}, 2710 [8] = {0, sd_adtc, "SEND_EXT_CSD", emmc_cmd_SEND_EXT_CSD}, 2711 [9] = {0, sd_ac, "SEND_CSD", sd_cmd_SEND_CSD}, 2712 [10] = {0, sd_ac, "SEND_CID", sd_cmd_SEND_CID}, 2713 [11] = {1, sd_adtc, "READ_DAT_UNTIL_STOP", sd_cmd_unimplemented}, 2714 [12] = {0, sd_ac, "STOP_TRANSMISSION", sd_cmd_STOP_TRANSMISSION}, 2715 [13] = {0, sd_ac, "SEND_STATUS", sd_cmd_SEND_STATUS}, 2716 [14] = {0, sd_adtc, "BUSTEST_R", sd_cmd_unimplemented}, 2717 [15] = {0, sd_ac, "GO_INACTIVE_STATE", sd_cmd_GO_INACTIVE_STATE}, 2718 [16] = {2, sd_ac, "SET_BLOCKLEN", sd_cmd_SET_BLOCKLEN}, 2719 [17] = {2, sd_adtc, "READ_SINGLE_BLOCK", sd_cmd_READ_SINGLE_BLOCK}, 2720 [19] = {0, sd_adtc, "BUSTEST_W", sd_cmd_unimplemented}, 2721 [20] = {3, sd_adtc, "WRITE_DAT_UNTIL_STOP", sd_cmd_unimplemented}, 2722 [23] = {2, sd_ac, "SET_BLOCK_COUNT", sd_cmd_SET_BLOCK_COUNT}, 2723 [24] = {4, sd_adtc, "WRITE_SINGLE_BLOCK", sd_cmd_WRITE_SINGLE_BLOCK}, 2724 [26] = {4, sd_adtc, "PROGRAM_CID", emmc_cmd_PROGRAM_CID}, 2725 [27] = {4, sd_adtc, "PROGRAM_CSD", sd_cmd_PROGRAM_CSD}, 2726 [28] = {6, sd_ac, "SET_WRITE_PROT", sd_cmd_SET_WRITE_PROT}, 2727 [29] = {6, sd_ac, "CLR_WRITE_PROT", sd_cmd_CLR_WRITE_PROT}, 2728 [30] = {6, sd_adtc, "SEND_WRITE_PROT", sd_cmd_SEND_WRITE_PROT}, 2729 [31] = {6, sd_adtc, "SEND_WRITE_PROT_TYPE", sd_cmd_unimplemented}, 2730 [35] = {5, sd_ac, "ERASE_WR_BLK_START", sd_cmd_ERASE_WR_BLK_START}, 2731 [36] = {5, sd_ac, "ERASE_WR_BLK_END", sd_cmd_ERASE_WR_BLK_END}, 2732 [38] = {5, sd_ac, "ERASE", sd_cmd_ERASE}, 2733 [39] = {9, sd_ac, "FAST_IO", sd_cmd_unimplemented}, 2734 [40] = {9, sd_bcr, "GO_IRQ_STATE", sd_cmd_unimplemented}, 2735 [42] = {7, sd_adtc, "LOCK_UNLOCK", sd_cmd_LOCK_UNLOCK}, 2736 [49] = {0, sd_adtc, "SET_TIME", sd_cmd_unimplemented}, 2737 [55] = {8, sd_ac, "APP_CMD", sd_cmd_APP_CMD}, 2738 [56] = {8, sd_adtc, "GEN_CMD", sd_cmd_GEN_CMD}, 2739 }, 2740 }; 2741 2742 static void sd_instance_init(Object *obj) 2743 { 2744 SDState *sd = SDMMC_COMMON(obj); 2745 SDCardClass *sc = SDMMC_COMMON_GET_CLASS(sd); 2746 2747 sd->proto = sc->proto; 2748 sd->last_cmd_name = "UNSET"; 2749 sd->ocr_power_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, sd_ocr_powerup, sd); 2750 } 2751 2752 static void sd_instance_finalize(Object *obj) 2753 { 2754 SDState *sd = SDMMC_COMMON(obj); 2755 2756 timer_free(sd->ocr_power_timer); 2757 } 2758 2759 static void sd_realize(DeviceState *dev, Error **errp) 2760 { 2761 SDState *sd = SDMMC_COMMON(dev); 2762 int ret; 2763 2764 switch (sd->spec_version) { 2765 case SD_PHY_SPECv1_10_VERS 2766 ... SD_PHY_SPECv3_01_VERS: 2767 break; 2768 default: 2769 error_setg(errp, "Invalid SD card Spec version: %u", sd->spec_version); 2770 return; 2771 } 2772 2773 if (sd->blk) { 2774 int64_t blk_size; 2775 2776 if (!blk_supports_write_perm(sd->blk)) { 2777 error_setg(errp, "Cannot use read-only drive as SD card"); 2778 return; 2779 } 2780 2781 blk_size = blk_getlength(sd->blk); 2782 if (blk_size > 0 && !is_power_of_2(blk_size)) { 2783 int64_t blk_size_aligned = pow2ceil(blk_size); 2784 char *blk_size_str; 2785 2786 blk_size_str = size_to_str(blk_size); 2787 error_setg(errp, "Invalid SD card size: %s", blk_size_str); 2788 g_free(blk_size_str); 2789 2790 blk_size_str = size_to_str(blk_size_aligned); 2791 error_append_hint(errp, 2792 "SD card size has to be a power of 2, e.g. %s.\n" 2793 "You can resize disk images with" 2794 " 'qemu-img resize <imagefile> <new-size>'\n" 2795 "(note that this will lose data if you make the" 2796 " image smaller than it currently is).\n", 2797 blk_size_str); 2798 g_free(blk_size_str); 2799 2800 return; 2801 } 2802 2803 ret = blk_set_perm(sd->blk, BLK_PERM_CONSISTENT_READ | BLK_PERM_WRITE, 2804 BLK_PERM_ALL, errp); 2805 if (ret < 0) { 2806 return; 2807 } 2808 blk_set_dev_ops(sd->blk, &sd_block_ops, sd); 2809 } 2810 } 2811 2812 static void emmc_realize(DeviceState *dev, Error **errp) 2813 { 2814 SDState *sd = SDMMC_COMMON(dev); 2815 2816 sd->spec_version = SD_PHY_SPECv3_01_VERS; /* Actually v4.3 */ 2817 2818 sd_realize(dev, errp); 2819 } 2820 2821 static const Property sdmmc_common_properties[] = { 2822 DEFINE_PROP_DRIVE("drive", SDState, blk), 2823 }; 2824 2825 static const Property sd_properties[] = { 2826 DEFINE_PROP_UINT8("spec_version", SDState, 2827 spec_version, SD_PHY_SPECv3_01_VERS), 2828 }; 2829 2830 static const Property emmc_properties[] = { 2831 DEFINE_PROP_UINT64("boot-partition-size", SDState, boot_part_size, 0), 2832 DEFINE_PROP_UINT8("boot-config", SDState, boot_config, 0x0), 2833 }; 2834 2835 static void sdmmc_common_class_init(ObjectClass *klass, const void *data) 2836 { 2837 DeviceClass *dc = DEVICE_CLASS(klass); 2838 SDCardClass *sc = SDMMC_COMMON_CLASS(klass); 2839 2840 device_class_set_props(dc, sdmmc_common_properties); 2841 dc->vmsd = &sd_vmstate; 2842 device_class_set_legacy_reset(dc, sd_reset); 2843 dc->bus_type = TYPE_SD_BUS; 2844 set_bit(DEVICE_CATEGORY_STORAGE, dc->categories); 2845 2846 sc->set_voltage = sd_set_voltage; 2847 sc->get_dat_lines = sd_get_dat_lines; 2848 sc->get_cmd_line = sd_get_cmd_line; 2849 sc->do_command = sd_do_command; 2850 sc->write_byte = sd_write_byte; 2851 sc->read_byte = sd_read_byte; 2852 sc->receive_ready = sd_receive_ready; 2853 sc->data_ready = sd_data_ready; 2854 sc->get_inserted = sd_get_inserted; 2855 sc->get_readonly = sd_get_readonly; 2856 } 2857 2858 static void sd_class_init(ObjectClass *klass, const void *data) 2859 { 2860 DeviceClass *dc = DEVICE_CLASS(klass); 2861 SDCardClass *sc = SDMMC_COMMON_CLASS(klass); 2862 2863 dc->realize = sd_realize; 2864 device_class_set_props(dc, sd_properties); 2865 2866 sc->set_cid = sd_set_cid; 2867 sc->set_csd = sd_set_csd; 2868 sc->proto = &sd_proto_sd; 2869 } 2870 2871 /* 2872 * We do not model the chip select pin, so allow the board to select 2873 * whether card should be in SSI or MMC/SD mode. It is also up to the 2874 * board to ensure that ssi transfers only occur when the chip select 2875 * is asserted. 2876 */ 2877 static void sd_spi_class_init(ObjectClass *klass, const void *data) 2878 { 2879 DeviceClass *dc = DEVICE_CLASS(klass); 2880 SDCardClass *sc = SDMMC_COMMON_CLASS(klass); 2881 2882 dc->desc = "SD SPI"; 2883 sc->proto = &sd_proto_spi; 2884 } 2885 2886 static void emmc_class_init(ObjectClass *klass, const void *data) 2887 { 2888 DeviceClass *dc = DEVICE_CLASS(klass); 2889 SDCardClass *sc = SDMMC_COMMON_CLASS(klass); 2890 2891 dc->desc = "eMMC"; 2892 dc->realize = emmc_realize; 2893 device_class_set_props(dc, emmc_properties); 2894 /* Reason: Soldered on board */ 2895 dc->user_creatable = false; 2896 2897 sc->proto = &sd_proto_emmc; 2898 2899 sc->set_cid = emmc_set_cid; 2900 sc->set_csd = emmc_set_csd; 2901 } 2902 2903 static const TypeInfo sd_types[] = { 2904 { 2905 .name = TYPE_SDMMC_COMMON, 2906 .parent = TYPE_DEVICE, 2907 .abstract = true, 2908 .instance_size = sizeof(SDState), 2909 .class_size = sizeof(SDCardClass), 2910 .class_init = sdmmc_common_class_init, 2911 .instance_init = sd_instance_init, 2912 .instance_finalize = sd_instance_finalize, 2913 }, 2914 { 2915 .name = TYPE_SD_CARD, 2916 .parent = TYPE_SDMMC_COMMON, 2917 .class_init = sd_class_init, 2918 }, 2919 { 2920 .name = TYPE_SD_CARD_SPI, 2921 .parent = TYPE_SD_CARD, 2922 .class_init = sd_spi_class_init, 2923 }, 2924 { 2925 .name = TYPE_EMMC, 2926 .parent = TYPE_SDMMC_COMMON, 2927 .class_init = emmc_class_init, 2928 }, 2929 }; 2930 2931 DEFINE_TYPES(sd_types) 2932