1 /* 2 * SD Memory Card emulation as defined in the "SD Memory Card Physical 3 * layer specification, Version 2.00." 4 * 5 * eMMC emulation defined in "JEDEC Standard No. 84-A43" 6 * 7 * Copyright (c) 2006 Andrzej Zaborowski <balrog@zabor.org> 8 * Copyright (c) 2007 CodeSourcery 9 * Copyright (c) 2018 Philippe Mathieu-Daudé <f4bug@amsat.org> 10 * 11 * Redistribution and use in source and binary forms, with or without 12 * modification, are permitted provided that the following conditions 13 * are met: 14 * 15 * 1. Redistributions of source code must retain the above copyright 16 * notice, this list of conditions and the following disclaimer. 17 * 2. Redistributions in binary form must reproduce the above copyright 18 * notice, this list of conditions and the following disclaimer in 19 * the documentation and/or other materials provided with the 20 * distribution. 21 * 22 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' 23 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, 24 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A 25 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR 26 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 27 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 28 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 29 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY 30 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 31 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 32 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 33 */ 34 35 #include "qemu/osdep.h" 36 #include "qemu/units.h" 37 #include "qemu/cutils.h" 38 #include "hw/irq.h" 39 #include "hw/registerfields.h" 40 #include "system/block-backend.h" 41 #include "hw/sd/sd.h" 42 #include "migration/vmstate.h" 43 #include "qapi/error.h" 44 #include "qemu/bitmap.h" 45 #include "hw/qdev-properties.h" 46 #include "hw/qdev-properties-system.h" 47 #include "qemu/error-report.h" 48 #include "qemu/timer.h" 49 #include "qemu/log.h" 50 #include "qemu/guest-random.h" 51 #include "qemu/module.h" 52 #include "sdmmc-internal.h" 53 #include "trace.h" 54 55 //#define DEBUG_SD 1 56 57 #define SDSC_MAX_CAPACITY (2 * GiB) 58 59 #define INVALID_ADDRESS UINT32_MAX 60 61 typedef enum { 62 sd_r0 = 0, /* no response */ 63 sd_r1, /* normal response command */ 64 spi_r2, /* STATUS */ 65 sd_r2_i, /* CID register */ 66 sd_r2_s, /* CSD register */ 67 sd_r3, /* OCR register */ 68 sd_r6 = 6, /* Published RCA response */ 69 sd_r7, /* Operating voltage */ 70 sd_r1b = -1, 71 sd_illegal = -2, 72 } sd_rsp_type_t; 73 74 typedef enum { 75 sd_spi, 76 sd_bc, /* broadcast -- no response */ 77 sd_bcr, /* broadcast with response */ 78 sd_ac, /* addressed -- no data transfer */ 79 sd_adtc, /* addressed with data transfer */ 80 } sd_cmd_type_t; 81 82 enum SDCardModes { 83 sd_inactive, 84 sd_card_identification_mode, 85 sd_data_transfer_mode, 86 }; 87 88 enum SDCardStates { 89 sd_waitirq_state = -2, /* emmc */ 90 sd_inactive_state = -1, 91 92 sd_idle_state = 0, 93 sd_ready_state = 1, 94 sd_identification_state = 2, 95 sd_standby_state = 3, 96 sd_transfer_state = 4, 97 sd_sendingdata_state = 5, 98 sd_receivingdata_state = 6, 99 sd_programming_state = 7, 100 sd_disconnect_state = 8, 101 sd_bus_test_state = 9, /* emmc */ 102 sd_sleep_state = 10, /* emmc */ 103 sd_io_state = 15 /* sd */ 104 }; 105 106 #define SDMMC_CMD_MAX 64 107 108 typedef sd_rsp_type_t (*sd_cmd_handler)(SDState *sd, SDRequest req); 109 110 typedef struct SDProto { 111 const char *name; 112 struct { 113 const unsigned class; 114 const sd_cmd_type_t type; 115 const char *name; 116 sd_cmd_handler handler; 117 } cmd[SDMMC_CMD_MAX], acmd[SDMMC_CMD_MAX]; 118 } SDProto; 119 120 struct SDState { 121 DeviceState parent_obj; 122 123 /* SD Memory Card Registers */ 124 uint32_t ocr; 125 uint8_t scr[8]; 126 uint8_t cid[16]; 127 uint8_t csd[16]; 128 uint16_t rca; 129 uint32_t card_status; 130 uint8_t sd_status[64]; 131 union { 132 uint8_t ext_csd[512]; 133 struct { 134 uint8_t ext_csd_rw[192]; /* Modes segment */ 135 uint8_t ext_csd_ro[320]; /* Properties segment */ 136 }; 137 }; 138 139 /* Static properties */ 140 141 uint8_t spec_version; 142 uint64_t boot_part_size; 143 BlockBackend *blk; 144 uint8_t boot_config; 145 146 const SDProto *proto; 147 148 /* Runtime changeables */ 149 150 uint32_t mode; /* current card mode, one of SDCardModes */ 151 int32_t state; /* current card state, one of SDCardStates */ 152 uint32_t vhs; 153 bool wp_switch; 154 unsigned long *wp_group_bmap; 155 int32_t wp_group_bits; 156 uint64_t size; 157 uint32_t blk_len; 158 uint32_t multi_blk_cnt; 159 uint32_t erase_start; 160 uint32_t erase_end; 161 uint8_t pwd[16]; 162 uint32_t pwd_len; 163 uint8_t function_group[6]; 164 uint8_t current_cmd; 165 const char *last_cmd_name; 166 /* True if we will handle the next command as an ACMD. Note that this does 167 * *not* track the APP_CMD status bit! 168 */ 169 bool expecting_acmd; 170 uint32_t blk_written; 171 172 uint64_t data_start; 173 uint32_t data_offset; 174 size_t data_size; 175 uint8_t data[512]; 176 QEMUTimer *ocr_power_timer; 177 uint8_t dat_lines; 178 bool cmd_line; 179 }; 180 181 static void sd_realize(DeviceState *dev, Error **errp); 182 183 static const SDProto sd_proto_spi; 184 static const SDProto sd_proto_emmc; 185 186 static bool sd_is_spi(SDState *sd) 187 { 188 return sd->proto == &sd_proto_spi; 189 } 190 191 static bool sd_is_emmc(SDState *sd) 192 { 193 return sd->proto == &sd_proto_emmc; 194 } 195 196 static const char *sd_version_str(enum SDPhySpecificationVersion version) 197 { 198 static const char *sdphy_version[] = { 199 [SD_PHY_SPECv1_10_VERS] = "v1.10", 200 [SD_PHY_SPECv2_00_VERS] = "v2.00", 201 [SD_PHY_SPECv3_01_VERS] = "v3.01", 202 }; 203 if (version >= ARRAY_SIZE(sdphy_version)) { 204 return "unsupported version"; 205 } 206 return sdphy_version[version]; 207 } 208 209 static const char *sd_mode_name(enum SDCardModes mode) 210 { 211 static const char *mode_name[] = { 212 [sd_inactive] = "inactive", 213 [sd_card_identification_mode] = "identification", 214 [sd_data_transfer_mode] = "transfer", 215 }; 216 assert(mode < ARRAY_SIZE(mode_name)); 217 return mode_name[mode]; 218 } 219 220 static const char *sd_state_name(enum SDCardStates state) 221 { 222 static const char *state_name[] = { 223 [sd_idle_state] = "idle", 224 [sd_ready_state] = "ready", 225 [sd_identification_state] = "identification", 226 [sd_standby_state] = "standby", 227 [sd_transfer_state] = "transfer", 228 [sd_sendingdata_state] = "sendingdata", 229 [sd_bus_test_state] = "bus-test", 230 [sd_receivingdata_state] = "receivingdata", 231 [sd_programming_state] = "programming", 232 [sd_disconnect_state] = "disconnect", 233 [sd_sleep_state] = "sleep", 234 [sd_io_state] = "i/o" 235 }; 236 if (state == sd_inactive_state) { 237 return "inactive"; 238 } 239 if (state == sd_waitirq_state) { 240 return "wait-irq"; 241 } 242 assert(state < ARRAY_SIZE(state_name)); 243 return state_name[state]; 244 } 245 246 static const char *sd_response_name(sd_rsp_type_t rsp) 247 { 248 static const char *response_name[] = { 249 [sd_r0] = "RESP#0 (no response)", 250 [sd_r1] = "RESP#1 (normal cmd)", 251 [spi_r2] = "RESP#2 (STATUS reg)", 252 [sd_r2_i] = "RESP#2 (CID reg)", 253 [sd_r2_s] = "RESP#2 (CSD reg)", 254 [sd_r3] = "RESP#3 (OCR reg)", 255 [sd_r6] = "RESP#6 (RCA)", 256 [sd_r7] = "RESP#7 (operating voltage)", 257 }; 258 if (rsp == sd_illegal) { 259 return "ILLEGAL RESP"; 260 } 261 if (rsp == sd_r1b) { 262 rsp = sd_r1; 263 } 264 assert(rsp < ARRAY_SIZE(response_name)); 265 return response_name[rsp]; 266 } 267 268 static const char *sd_cmd_name(SDState *sd, uint8_t cmd) 269 { 270 static const char *cmd_abbrev[SDMMC_CMD_MAX] = { 271 [18] = "READ_MULTIPLE_BLOCK", 272 [25] = "WRITE_MULTIPLE_BLOCK", 273 }; 274 const SDProto *sdp = sd->proto; 275 276 if (sdp->cmd[cmd].handler) { 277 assert(!cmd_abbrev[cmd]); 278 return sdp->cmd[cmd].name; 279 } 280 return cmd_abbrev[cmd] ? cmd_abbrev[cmd] : "UNKNOWN_CMD"; 281 } 282 283 static const char *sd_acmd_name(SDState *sd, uint8_t cmd) 284 { 285 const SDProto *sdp = sd->proto; 286 287 if (sdp->acmd[cmd].handler) { 288 return sdp->acmd[cmd].name; 289 } 290 291 return "UNKNOWN_ACMD"; 292 } 293 294 static uint8_t sd_get_dat_lines(SDState *sd) 295 { 296 return sd->dat_lines; 297 } 298 299 static bool sd_get_cmd_line(SDState *sd) 300 { 301 return sd->cmd_line; 302 } 303 304 static void sd_set_voltage(SDState *sd, uint16_t millivolts) 305 { 306 trace_sdcard_set_voltage(millivolts); 307 308 switch (millivolts) { 309 case 3001 ... 3600: /* SD_VOLTAGE_3_3V */ 310 case 2001 ... 3000: /* SD_VOLTAGE_3_0V */ 311 break; 312 default: 313 qemu_log_mask(LOG_GUEST_ERROR, "SD card voltage not supported: %.3fV", 314 millivolts / 1000.f); 315 } 316 } 317 318 static void sd_set_mode(SDState *sd) 319 { 320 switch (sd->state) { 321 case sd_inactive_state: 322 sd->mode = sd_inactive; 323 break; 324 325 case sd_idle_state: 326 case sd_ready_state: 327 case sd_identification_state: 328 sd->mode = sd_card_identification_mode; 329 break; 330 331 case sd_standby_state: 332 case sd_transfer_state: 333 case sd_sendingdata_state: 334 case sd_receivingdata_state: 335 case sd_programming_state: 336 case sd_disconnect_state: 337 sd->mode = sd_data_transfer_mode; 338 break; 339 } 340 } 341 342 static uint8_t sd_crc7(const void *message, size_t width) 343 { 344 int i, bit; 345 uint8_t shift_reg = 0x00; 346 const uint8_t *msg = (const uint8_t *)message; 347 348 for (i = 0; i < width; i ++, msg ++) 349 for (bit = 7; bit >= 0; bit --) { 350 shift_reg <<= 1; 351 if ((shift_reg >> 7) ^ ((*msg >> bit) & 1)) 352 shift_reg ^= 0x89; 353 } 354 355 return shift_reg; 356 } 357 358 /* Operation Conditions register */ 359 360 #define OCR_POWER_DELAY_NS 500000 /* 0.5ms */ 361 362 FIELD(OCR, VDD_VOLTAGE_WINDOW, 0, 24) 363 FIELD(OCR, VDD_VOLTAGE_WIN_LO, 0, 8) 364 FIELD(OCR, DUAL_VOLTAGE_CARD, 7, 1) 365 FIELD(OCR, VDD_VOLTAGE_WIN_HI, 8, 16) 366 FIELD(OCR, ACCEPT_SWITCH_1V8, 24, 1) /* Only UHS-I */ 367 FIELD(OCR, UHS_II_CARD, 29, 1) /* Only UHS-II */ 368 FIELD(OCR, CARD_CAPACITY, 30, 1) /* 0:SDSC, 1:SDHC/SDXC */ 369 FIELD(OCR, CARD_POWER_UP, 31, 1) 370 371 #define ACMD41_ENQUIRY_MASK 0x00ffffff 372 #define ACMD41_R3_MASK (R_OCR_VDD_VOLTAGE_WIN_HI_MASK \ 373 | R_OCR_ACCEPT_SWITCH_1V8_MASK \ 374 | R_OCR_UHS_II_CARD_MASK \ 375 | R_OCR_CARD_CAPACITY_MASK \ 376 | R_OCR_CARD_POWER_UP_MASK) 377 378 static void sd_ocr_powerup(void *opaque) 379 { 380 SDState *sd = opaque; 381 382 trace_sdcard_powerup(); 383 assert(!FIELD_EX32(sd->ocr, OCR, CARD_POWER_UP)); 384 385 /* card power-up OK */ 386 sd->ocr = FIELD_DP32(sd->ocr, OCR, CARD_POWER_UP, 1); 387 388 if (sd->size > SDSC_MAX_CAPACITY) { 389 sd->ocr = FIELD_DP32(sd->ocr, OCR, CARD_CAPACITY, 1); 390 } 391 } 392 393 static void sd_set_ocr(SDState *sd) 394 { 395 /* All voltages OK */ 396 sd->ocr = R_OCR_VDD_VOLTAGE_WIN_HI_MASK; 397 398 if (sd_is_spi(sd)) { 399 /* 400 * We don't need to emulate power up sequence in SPI-mode. 401 * Thus, the card's power up status bit should be set to 1 when reset. 402 * The card's capacity status bit should also be set if SD card size 403 * is larger than 2GB for SDHC support. 404 */ 405 sd_ocr_powerup(sd); 406 } 407 } 408 409 /* SD Configuration register */ 410 411 static void sd_set_scr(SDState *sd) 412 { 413 sd->scr[0] = 0 << 4; /* SCR structure version 1.0 */ 414 if (sd->spec_version == SD_PHY_SPECv1_10_VERS) { 415 sd->scr[0] |= 1; /* Spec Version 1.10 */ 416 } else { 417 sd->scr[0] |= 2; /* Spec Version 2.00 or Version 3.0X */ 418 } 419 sd->scr[1] = (2 << 4) /* SDSC Card (Security Version 1.01) */ 420 | 0b0101; /* 1-bit or 4-bit width bus modes */ 421 sd->scr[2] = 0x00; /* Extended Security is not supported. */ 422 if (sd->spec_version >= SD_PHY_SPECv3_01_VERS) { 423 sd->scr[2] |= 1 << 7; /* Spec Version 3.0X */ 424 } 425 sd->scr[3] = 0x00; 426 /* reserved for manufacturer usage */ 427 sd->scr[4] = 0x00; 428 sd->scr[5] = 0x00; 429 sd->scr[6] = 0x00; 430 sd->scr[7] = 0x00; 431 } 432 433 /* Card IDentification register */ 434 435 #define MID 0xaa 436 #define OID "XY" 437 #define PNM "QEMU!" 438 #define PRV 0x01 439 #define MDT_YR 2006 440 #define MDT_MON 2 441 442 static void sd_set_cid(SDState *sd) 443 { 444 sd->cid[0] = MID; /* Fake card manufacturer ID (MID) */ 445 sd->cid[1] = OID[0]; /* OEM/Application ID (OID) */ 446 sd->cid[2] = OID[1]; 447 sd->cid[3] = PNM[0]; /* Fake product name (PNM) */ 448 sd->cid[4] = PNM[1]; 449 sd->cid[5] = PNM[2]; 450 sd->cid[6] = PNM[3]; 451 sd->cid[7] = PNM[4]; 452 sd->cid[8] = PRV; /* Fake product revision (PRV) */ 453 stl_be_p(&sd->cid[9], 0xdeadbeef); /* Fake serial number (PSN) */ 454 sd->cid[13] = 0x00 | /* Manufacture date (MDT) */ 455 ((MDT_YR - 2000) / 10); 456 sd->cid[14] = ((MDT_YR % 10) << 4) | MDT_MON; 457 sd->cid[15] = (sd_crc7(sd->cid, 15) << 1) | 1; 458 } 459 460 static void emmc_set_cid(SDState *sd) 461 { 462 sd->cid[0] = MID; /* Fake card manufacturer ID (MID) */ 463 sd->cid[1] = 0b01; /* CBX: soldered BGA */ 464 sd->cid[2] = OID[0]; /* OEM/Application ID (OID) */ 465 sd->cid[3] = PNM[0]; /* Fake product name (PNM) */ 466 sd->cid[4] = PNM[1]; 467 sd->cid[5] = PNM[2]; 468 sd->cid[6] = PNM[3]; 469 sd->cid[7] = PNM[4]; 470 sd->cid[8] = PNM[4]; 471 sd->cid[9] = PRV; /* Fake product revision (PRV) */ 472 stl_be_p(&sd->cid[10], 0xdeadbeef); /* Fake serial number (PSN) */ 473 sd->cid[14] = (MDT_MON << 4) | (MDT_YR - 1997); /* Manufacture date (MDT) */ 474 sd->cid[15] = (sd_crc7(sd->cid, 15) << 1) | 1; 475 } 476 477 /* Card-Specific Data register */ 478 479 #define HWBLOCK_SHIFT 9 /* 512 bytes */ 480 #define SECTOR_SHIFT 5 /* 16 kilobytes */ 481 #define WPGROUP_SHIFT 7 /* 2 megs */ 482 #define CMULT_SHIFT 9 /* 512 times HWBLOCK_SIZE */ 483 #define WPGROUP_SIZE (1 << (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT)) 484 485 static const uint8_t sd_csd_rw_mask[16] = { 486 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 487 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xfc, 0xfe, 488 }; 489 490 static void emmc_set_ext_csd(SDState *sd, uint64_t size) 491 { 492 uint32_t sectcount = size >> HWBLOCK_SHIFT; 493 494 memset(sd->ext_csd, 0, sizeof(sd->ext_csd)); /* FIXME only RW at reset */ 495 496 /* Properties segment (RO) */ 497 sd->ext_csd[EXT_CSD_S_CMD_SET] = 0b1; /* supported command sets */ 498 sd->ext_csd[EXT_CSD_BOOT_INFO] = 0x0; /* Boot information */ 499 /* Boot partition size. 128KB unit */ 500 sd->ext_csd[EXT_CSD_BOOT_MULT] = sd->boot_part_size / (128 * KiB); 501 sd->ext_csd[EXT_CSD_ACC_SIZE] = 0x1; /* Access size */ 502 sd->ext_csd[EXT_CSD_HC_ERASE_GRP_SIZE] = 0x01; /* HC Erase unit size */ 503 sd->ext_csd[EXT_CSD_ERASE_TIMEOUT_MULT] = 0x01; /* HC erase timeout */ 504 sd->ext_csd[EXT_CSD_REL_WR_SEC_C] = 0x1; /* Reliable write sector count */ 505 sd->ext_csd[EXT_CSD_HC_WP_GRP_SIZE] = 0x01; /* HC write protect group size */ 506 sd->ext_csd[EXT_CSD_S_C_VCC] = 0x01; /* Sleep current VCC */ 507 sd->ext_csd[EXT_CSD_S_C_VCCQ] = 0x01; /* Sleep current VCCQ */ 508 sd->ext_csd[EXT_CSD_S_A_TIMEOUT] = 0x01; /* Sleep/Awake timeout */ 509 stl_le_p(&sd->ext_csd[EXT_CSD_SEC_CNT], sectcount); /* Sector count */ 510 sd->ext_csd[210] = 0x46; /* Min write perf for 8bit@52Mhz */ 511 sd->ext_csd[209] = 0x46; /* Min read perf for 8bit@52Mhz */ 512 sd->ext_csd[208] = 0x46; /* Min write perf for 4bit@52Mhz */ 513 sd->ext_csd[207] = 0x46; /* Min read perf for 4bit@52Mhz */ 514 sd->ext_csd[206] = 0x46; /* Min write perf for 4bit@26Mhz */ 515 sd->ext_csd[205] = 0x46; /* Min read perf for 4bit@26Mhz */ 516 sd->ext_csd[EXT_CSD_CARD_TYPE] = 0b11; 517 sd->ext_csd[EXT_CSD_STRUCTURE] = 2; 518 sd->ext_csd[EXT_CSD_REV] = 3; 519 520 /* Mode segment (RW) */ 521 sd->ext_csd[EXT_CSD_PART_CONFIG] = sd->boot_config; 522 } 523 524 static void emmc_set_csd(SDState *sd, uint64_t size) 525 { 526 int hwblock_shift = HWBLOCK_SHIFT; 527 uint32_t sectsize = (1 << (SECTOR_SHIFT + 1)) - 1; 528 uint32_t wpsize = (1 << (WPGROUP_SHIFT + 1)) - 1; 529 530 sd->csd[0] = (3 << 6) | (4 << 2); /* Spec v4.3 with EXT_CSD */ 531 sd->csd[1] = (1 << 3) | 6; /* Asynchronous data access time: 1ms */ 532 sd->csd[2] = 0x00; 533 sd->csd[3] = (1 << 3) | 3;; /* Maximum bus clock frequency: 100MHz */ 534 sd->csd[4] = 0x0f; 535 if (size <= 2 * GiB) { 536 /* use 1k blocks */ 537 uint32_t csize1k = (size >> (CMULT_SHIFT + 10)) - 1; 538 sd->csd[5] = 0x5a; 539 sd->csd[6] = 0x80 | ((csize1k >> 10) & 0xf); 540 sd->csd[7] = (csize1k >> 2) & 0xff; 541 } else { /* >= 2GB : size stored in ext CSD, block addressing */ 542 sd->csd[5] = 0x59; 543 sd->csd[6] = 0x8f; 544 sd->csd[7] = 0xff; 545 sd->ocr = FIELD_DP32(sd->ocr, OCR, CARD_CAPACITY, 1); 546 } 547 sd->csd[8] = 0xff; 548 sd->csd[9] = 0xfc | /* Max. write current */ 549 ((CMULT_SHIFT - 2) >> 1); 550 sd->csd[10] = 0x40 | /* Erase sector size */ 551 (((CMULT_SHIFT - 2) << 7) & 0x80) | (sectsize >> 1); 552 sd->csd[11] = 0x00 | /* Write protect group size */ 553 ((sectsize << 7) & 0x80) | wpsize; 554 sd->csd[12] = 0x90 | /* Write speed factor */ 555 (hwblock_shift >> 2); 556 sd->csd[13] = 0x20 | /* Max. write data block length */ 557 ((hwblock_shift << 6) & 0xc0); 558 sd->csd[14] = 0x00; 559 sd->csd[15] = (sd_crc7(sd->csd, 15) << 1) | 1; 560 emmc_set_ext_csd(sd, size); 561 } 562 563 static void sd_set_csd(SDState *sd, uint64_t size) 564 { 565 int hwblock_shift = HWBLOCK_SHIFT; 566 uint32_t csize; 567 uint32_t sectsize = (1 << (SECTOR_SHIFT + 1)) - 1; 568 uint32_t wpsize = (1 << (WPGROUP_SHIFT + 1)) - 1; 569 570 /* To indicate 2 GiB card, BLOCK_LEN shall be 1024 bytes */ 571 if (size == SDSC_MAX_CAPACITY) { 572 hwblock_shift += 1; 573 } 574 csize = (size >> (CMULT_SHIFT + hwblock_shift)) - 1; 575 576 if (size <= SDSC_MAX_CAPACITY) { /* Standard Capacity SD */ 577 sd->csd[0] = 0x00; /* CSD structure */ 578 sd->csd[1] = 0x26; /* Data read access-time-1 */ 579 sd->csd[2] = 0x00; /* Data read access-time-2 */ 580 sd->csd[3] = 0x32; /* Max. data transfer rate: 25 MHz */ 581 sd->csd[4] = 0x5f; /* Card Command Classes */ 582 sd->csd[5] = 0x50 | /* Max. read data block length */ 583 hwblock_shift; 584 sd->csd[6] = 0xe0 | /* Partial block for read allowed */ 585 ((csize >> 10) & 0x03); 586 sd->csd[7] = 0x00 | /* Device size */ 587 ((csize >> 2) & 0xff); 588 sd->csd[8] = 0x3f | /* Max. read current */ 589 ((csize << 6) & 0xc0); 590 sd->csd[9] = 0xfc | /* Max. write current */ 591 ((CMULT_SHIFT - 2) >> 1); 592 sd->csd[10] = 0x40 | /* Erase sector size */ 593 (((CMULT_SHIFT - 2) << 7) & 0x80) | (sectsize >> 1); 594 sd->csd[11] = 0x00 | /* Write protect group size */ 595 ((sectsize << 7) & 0x80) | wpsize; 596 sd->csd[12] = 0x90 | /* Write speed factor */ 597 (hwblock_shift >> 2); 598 sd->csd[13] = 0x20 | /* Max. write data block length */ 599 ((hwblock_shift << 6) & 0xc0); 600 sd->csd[14] = 0x00; /* File format group */ 601 } else { /* SDHC */ 602 size /= 512 * KiB; 603 size -= 1; 604 sd->csd[0] = 0x40; 605 sd->csd[1] = 0x0e; 606 sd->csd[2] = 0x00; 607 sd->csd[3] = 0x32; 608 sd->csd[4] = 0x5b; 609 sd->csd[5] = 0x59; 610 sd->csd[6] = 0x00; 611 st24_be_p(&sd->csd[7], size); 612 sd->csd[10] = 0x7f; 613 sd->csd[11] = 0x80; 614 sd->csd[12] = 0x0a; 615 sd->csd[13] = 0x40; 616 sd->csd[14] = 0x00; 617 } 618 sd->csd[15] = (sd_crc7(sd->csd, 15) << 1) | 1; 619 } 620 621 /* Relative Card Address register */ 622 623 static void sd_set_rca(SDState *sd, uint16_t value) 624 { 625 trace_sdcard_set_rca(value); 626 sd->rca = value; 627 } 628 629 static uint16_t sd_req_get_rca(SDState *s, SDRequest req) 630 { 631 switch (s->proto->cmd[req.cmd].type) { 632 case sd_ac: 633 case sd_adtc: 634 return req.arg >> 16; 635 case sd_spi: 636 default: 637 g_assert_not_reached(); 638 } 639 } 640 641 static bool sd_req_rca_same(SDState *s, SDRequest req) 642 { 643 return sd_req_get_rca(s, req) == s->rca; 644 } 645 646 /* Card Status register */ 647 648 FIELD(CSR, AKE_SEQ_ERROR, 3, 1) 649 FIELD(CSR, APP_CMD, 5, 1) 650 FIELD(CSR, FX_EVENT, 6, 1) 651 FIELD(CSR, SWITCH_ERROR, 7, 1) 652 FIELD(CSR, READY_FOR_DATA, 8, 1) 653 FIELD(CSR, CURRENT_STATE, 9, 4) 654 FIELD(CSR, ERASE_RESET, 13, 1) 655 FIELD(CSR, CARD_ECC_DISABLED, 14, 1) 656 FIELD(CSR, WP_ERASE_SKIP, 15, 1) 657 FIELD(CSR, CSD_OVERWRITE, 16, 1) 658 FIELD(CSR, DEFERRED_RESPONSE, 17, 1) 659 FIELD(CSR, ERROR, 19, 1) 660 FIELD(CSR, CC_ERROR, 20, 1) 661 FIELD(CSR, CARD_ECC_FAILED, 21, 1) 662 FIELD(CSR, ILLEGAL_COMMAND, 22, 1) 663 FIELD(CSR, COM_CRC_ERROR, 23, 1) 664 FIELD(CSR, LOCK_UNLOCK_FAILED, 24, 1) 665 FIELD(CSR, CARD_IS_LOCKED, 25, 1) 666 FIELD(CSR, WP_VIOLATION, 26, 1) 667 FIELD(CSR, ERASE_PARAM, 27, 1) 668 FIELD(CSR, ERASE_SEQ_ERROR, 28, 1) 669 FIELD(CSR, BLOCK_LEN_ERROR, 29, 1) 670 FIELD(CSR, ADDRESS_ERROR, 30, 1) 671 FIELD(CSR, OUT_OF_RANGE, 31, 1) 672 673 /* Card status bits, split by clear condition: 674 * A : According to the card current state 675 * B : Always related to the previous command 676 * C : Cleared by read 677 */ 678 #define CARD_STATUS_A (R_CSR_READY_FOR_DATA_MASK \ 679 | R_CSR_CARD_ECC_DISABLED_MASK \ 680 | R_CSR_CARD_IS_LOCKED_MASK) 681 #define CARD_STATUS_B (R_CSR_CURRENT_STATE_MASK \ 682 | R_CSR_ILLEGAL_COMMAND_MASK \ 683 | R_CSR_COM_CRC_ERROR_MASK) 684 #define CARD_STATUS_C (R_CSR_AKE_SEQ_ERROR_MASK \ 685 | R_CSR_APP_CMD_MASK \ 686 | R_CSR_ERASE_RESET_MASK \ 687 | R_CSR_WP_ERASE_SKIP_MASK \ 688 | R_CSR_CSD_OVERWRITE_MASK \ 689 | R_CSR_ERROR_MASK \ 690 | R_CSR_CC_ERROR_MASK \ 691 | R_CSR_CARD_ECC_FAILED_MASK \ 692 | R_CSR_LOCK_UNLOCK_FAILED_MASK \ 693 | R_CSR_WP_VIOLATION_MASK \ 694 | R_CSR_ERASE_PARAM_MASK \ 695 | R_CSR_ERASE_SEQ_ERROR_MASK \ 696 | R_CSR_BLOCK_LEN_ERROR_MASK \ 697 | R_CSR_ADDRESS_ERROR_MASK \ 698 | R_CSR_OUT_OF_RANGE_MASK) 699 700 static void sd_set_cardstatus(SDState *sd) 701 { 702 sd->card_status = READY_FOR_DATA; 703 } 704 705 static void sd_set_sdstatus(SDState *sd) 706 { 707 memset(sd->sd_status, 0, 64); 708 } 709 710 static const uint8_t sd_tuning_block_pattern4[64] = { 711 /* 712 * See: Physical Layer Simplified Specification Version 3.01, 713 * Table 4-2. 714 */ 715 0xff, 0x0f, 0xff, 0x00, 0x0f, 0xfc, 0xc3, 0xcc, 716 0xc3, 0x3c, 0xcc, 0xff, 0xfe, 0xff, 0xfe, 0xef, 717 0xff, 0xdf, 0xff, 0xdd, 0xff, 0xfb, 0xff, 0xfb, 718 0xbf, 0xff, 0x7f, 0xff, 0x77, 0xf7, 0xbd, 0xef, 719 0xff, 0xf0, 0xff, 0xf0, 0x0f, 0xfc, 0xcc, 0x3c, 720 0xcc, 0x33, 0xcc, 0xcf, 0xff, 0xef, 0xff, 0xee, 721 0xff, 0xfd, 0xff, 0xfd, 0xdf, 0xff, 0xbf, 0xff, 722 0xbb, 0xff, 0xf7, 0xff, 0xf7, 0x7f, 0x7b, 0xde 723 }; 724 725 static int sd_req_crc_validate(SDRequest *req) 726 { 727 uint8_t buffer[5]; 728 buffer[0] = 0x40 | req->cmd; 729 stl_be_p(&buffer[1], req->arg); 730 return 0; 731 return sd_crc7(buffer, 5) != req->crc; /* TODO */ 732 } 733 734 static size_t sd_response_size(SDState *sd, sd_rsp_type_t rtype) 735 { 736 switch (rtype) { 737 case sd_r1: 738 case sd_r1b: 739 return sd_is_spi(sd) ? 1 : 4; 740 741 case spi_r2: 742 assert(sd_is_spi(sd)); 743 return 2; 744 745 case sd_r2_i: 746 case sd_r2_s: 747 assert(!sd_is_spi(sd)); 748 return 16; 749 750 case sd_r3: 751 case sd_r7: 752 return sd_is_spi(sd) ? 5 : 4; 753 754 case sd_r6: 755 assert(!sd_is_spi(sd)); 756 return 4; 757 758 case sd_r0: 759 case sd_illegal: 760 return sd_is_spi(sd) ? 1 : 0; 761 762 default: 763 g_assert_not_reached(); 764 } 765 } 766 767 static void sd_response_r1_make(SDState *sd, uint8_t *response) 768 { 769 if (sd_is_spi(sd)) { 770 response[0] = sd->state == sd_idle_state 771 && !FIELD_EX32(sd->ocr, OCR, CARD_POWER_UP); 772 response[0] |= FIELD_EX32(sd->card_status, CSR, ERASE_RESET) << 1; 773 response[0] |= FIELD_EX32(sd->card_status, CSR, ILLEGAL_COMMAND) << 2; 774 response[0] |= FIELD_EX32(sd->card_status, CSR, COM_CRC_ERROR) << 3; 775 response[0] |= FIELD_EX32(sd->card_status, CSR, ERASE_SEQ_ERROR) << 4; 776 response[0] |= FIELD_EX32(sd->card_status, CSR, ADDRESS_ERROR) << 5; 777 response[0] |= FIELD_EX32(sd->card_status, CSR, BLOCK_LEN_ERROR) << 6; 778 response[0] |= 0 << 7; 779 } else { 780 stl_be_p(response, sd->card_status); 781 } 782 783 /* Clear the "clear on read" status bits */ 784 sd->card_status &= ~CARD_STATUS_C; 785 } 786 787 static void spi_response_r2_make(SDState *sd, uint8_t *resp) 788 { 789 /* Prepend R1 */ 790 sd_response_r1_make(sd, resp); 791 792 resp[1] = FIELD_EX32(sd->card_status, CSR, CARD_IS_LOCKED) << 0; 793 resp[1] |= (FIELD_EX32(sd->card_status, CSR, LOCK_UNLOCK_FAILED) 794 || FIELD_EX32(sd->card_status, CSR, WP_ERASE_SKIP)) << 1; 795 resp[1] |= FIELD_EX32(sd->card_status, CSR, ERROR) << 2; 796 resp[1] |= FIELD_EX32(sd->card_status, CSR, CC_ERROR) << 3; 797 resp[1] |= FIELD_EX32(sd->card_status, CSR, CARD_ECC_FAILED) << 4; 798 resp[1] |= FIELD_EX32(sd->card_status, CSR, WP_VIOLATION) << 5; 799 resp[1] |= FIELD_EX32(sd->card_status, CSR, ERASE_PARAM) << 6; 800 resp[1] |= FIELD_EX32(sd->card_status, CSR, OUT_OF_RANGE) << 7; 801 } 802 803 static void sd_response_r3_make(SDState *sd, uint8_t *response) 804 { 805 if (sd_is_spi(sd)) { 806 /* Prepend R1 */ 807 sd_response_r1_make(sd, response); 808 response++; 809 } 810 stl_be_p(response, sd->ocr & ACMD41_R3_MASK); 811 } 812 813 static void sd_response_r6_make(SDState *sd, uint8_t *response) 814 { 815 uint16_t status; 816 817 status = ((sd->card_status >> 8) & 0xc000) | 818 ((sd->card_status >> 6) & 0x2000) | 819 (sd->card_status & 0x1fff); 820 sd->card_status &= ~(CARD_STATUS_C & 0xc81fff); 821 stw_be_p(response + 0, sd->rca); 822 stw_be_p(response + 2, status); 823 } 824 825 static void sd_response_r7_make(SDState *sd, uint8_t *response) 826 { 827 if (sd_is_spi(sd)) { 828 /* Prepend R1 */ 829 sd_response_r1_make(sd, response); 830 response++; 831 } 832 stl_be_p(response, sd->vhs); 833 } 834 835 static uint32_t sd_blk_len(SDState *sd) 836 { 837 if (FIELD_EX32(sd->ocr, OCR, CARD_CAPACITY)) { 838 return 1 << HWBLOCK_SHIFT; 839 } 840 return sd->blk_len; 841 } 842 843 /* 844 * This requires a disk image that has two boot partitions inserted at the 845 * beginning of it. The size of the boot partitions is the "boot-size" 846 * property. 847 */ 848 static uint32_t sd_bootpart_offset(SDState *sd) 849 { 850 unsigned partition_access; 851 852 if (!sd->boot_part_size || !sd_is_emmc(sd)) { 853 return 0; 854 } 855 856 partition_access = sd->ext_csd[EXT_CSD_PART_CONFIG] 857 & EXT_CSD_PART_CONFIG_ACC_MASK; 858 switch (partition_access) { 859 case EXT_CSD_PART_CONFIG_ACC_DEFAULT: 860 return sd->boot_part_size * 2; 861 case EXT_CSD_PART_CONFIG_ACC_BOOT0: 862 return 0; 863 case EXT_CSD_PART_CONFIG_ACC_BOOT0 + 1: 864 return sd->boot_part_size * 1; 865 default: 866 g_assert_not_reached(); 867 } 868 } 869 870 static uint64_t sd_req_get_address(SDState *sd, SDRequest req) 871 { 872 uint64_t addr; 873 874 if (FIELD_EX32(sd->ocr, OCR, CARD_CAPACITY)) { 875 addr = (uint64_t) req.arg << HWBLOCK_SHIFT; 876 } else { 877 addr = req.arg; 878 } 879 trace_sdcard_req_addr(req.arg, addr); 880 return addr; 881 } 882 883 static inline uint64_t sd_addr_to_wpnum(uint64_t addr) 884 { 885 return addr >> (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT); 886 } 887 888 static void sd_reset(DeviceState *dev) 889 { 890 SDState *sd = SDMMC_COMMON(dev); 891 SDCardClass *sc = SDMMC_COMMON_GET_CLASS(sd); 892 uint64_t size; 893 uint64_t sect; 894 895 trace_sdcard_reset(); 896 if (sd->blk) { 897 blk_get_geometry(sd->blk, §); 898 } else { 899 sect = 0; 900 } 901 size = sect << HWBLOCK_SHIFT; 902 if (sd_is_emmc(sd)) { 903 size -= sd->boot_part_size * 2; 904 } 905 906 sect = sd_addr_to_wpnum(size) + 1; 907 908 sd->state = sd_idle_state; 909 910 /* card registers */ 911 sd->rca = sd_is_emmc(sd) ? 0x0001 : 0x0000; 912 sd->size = size; 913 sd_set_ocr(sd); 914 sd_set_scr(sd); 915 sc->set_cid(sd); 916 sc->set_csd(sd, size); 917 sd_set_cardstatus(sd); 918 sd_set_sdstatus(sd); 919 920 g_free(sd->wp_group_bmap); 921 sd->wp_switch = sd->blk ? !blk_is_writable(sd->blk) : false; 922 sd->wp_group_bits = sect; 923 sd->wp_group_bmap = bitmap_new(sd->wp_group_bits); 924 memset(sd->function_group, 0, sizeof(sd->function_group)); 925 sd->erase_start = INVALID_ADDRESS; 926 sd->erase_end = INVALID_ADDRESS; 927 sd->blk_len = 0x200; 928 sd->pwd_len = 0; 929 sd->expecting_acmd = false; 930 sd->dat_lines = 0xf; 931 sd->cmd_line = true; 932 sd->multi_blk_cnt = 0; 933 } 934 935 static bool sd_get_inserted(SDState *sd) 936 { 937 return sd->blk && blk_is_inserted(sd->blk); 938 } 939 940 static bool sd_get_readonly(SDState *sd) 941 { 942 return sd->wp_switch; 943 } 944 945 static void sd_cardchange(void *opaque, bool load, Error **errp) 946 { 947 SDState *sd = opaque; 948 DeviceState *dev = DEVICE(sd); 949 SDBus *sdbus; 950 bool inserted = sd_get_inserted(sd); 951 bool readonly = sd_get_readonly(sd); 952 953 if (inserted) { 954 trace_sdcard_inserted(readonly); 955 sd_reset(dev); 956 } else { 957 trace_sdcard_ejected(); 958 } 959 960 sdbus = SD_BUS(qdev_get_parent_bus(dev)); 961 sdbus_set_inserted(sdbus, inserted); 962 if (inserted) { 963 sdbus_set_readonly(sdbus, readonly); 964 } 965 } 966 967 static const BlockDevOps sd_block_ops = { 968 .change_media_cb = sd_cardchange, 969 }; 970 971 static bool sd_ocr_vmstate_needed(void *opaque) 972 { 973 SDState *sd = opaque; 974 975 /* Include the OCR state (and timer) if it is not yet powered up */ 976 return !FIELD_EX32(sd->ocr, OCR, CARD_POWER_UP); 977 } 978 979 static const VMStateDescription sd_ocr_vmstate = { 980 .name = "sd-card/ocr-state", 981 .version_id = 1, 982 .minimum_version_id = 1, 983 .needed = sd_ocr_vmstate_needed, 984 .fields = (const VMStateField[]) { 985 VMSTATE_UINT32(ocr, SDState), 986 VMSTATE_TIMER_PTR(ocr_power_timer, SDState), 987 VMSTATE_END_OF_LIST() 988 }, 989 }; 990 991 static bool vmstate_needed_for_emmc(void *opaque) 992 { 993 SDState *sd = opaque; 994 995 return sd_is_emmc(sd); 996 } 997 998 static const VMStateDescription emmc_extcsd_vmstate = { 999 .name = "sd-card/ext_csd_modes-state", 1000 .version_id = 1, 1001 .minimum_version_id = 1, 1002 .needed = vmstate_needed_for_emmc, 1003 .fields = (const VMStateField[]) { 1004 VMSTATE_UINT8_ARRAY(ext_csd_rw, SDState, 192), 1005 VMSTATE_END_OF_LIST() 1006 }, 1007 }; 1008 1009 static int sd_vmstate_pre_load(void *opaque) 1010 { 1011 SDState *sd = opaque; 1012 1013 /* If the OCR state is not included (prior versions, or not 1014 * needed), then the OCR must be set as powered up. If the OCR state 1015 * is included, this will be replaced by the state restore. 1016 */ 1017 sd_ocr_powerup(sd); 1018 1019 return 0; 1020 } 1021 1022 static const VMStateDescription sd_vmstate = { 1023 .name = "sd-card", 1024 .version_id = 2, 1025 .minimum_version_id = 2, 1026 .pre_load = sd_vmstate_pre_load, 1027 .fields = (const VMStateField[]) { 1028 VMSTATE_UINT32(mode, SDState), 1029 VMSTATE_INT32(state, SDState), 1030 VMSTATE_UINT8_ARRAY(cid, SDState, 16), 1031 VMSTATE_UINT8_ARRAY(csd, SDState, 16), 1032 VMSTATE_UINT16(rca, SDState), 1033 VMSTATE_UINT32(card_status, SDState), 1034 VMSTATE_PARTIAL_BUFFER(sd_status, SDState, 1), 1035 VMSTATE_UINT32(vhs, SDState), 1036 VMSTATE_BITMAP(wp_group_bmap, SDState, 0, wp_group_bits), 1037 VMSTATE_UINT32(blk_len, SDState), 1038 VMSTATE_UINT32(multi_blk_cnt, SDState), 1039 VMSTATE_UINT32(erase_start, SDState), 1040 VMSTATE_UINT32(erase_end, SDState), 1041 VMSTATE_UINT8_ARRAY(pwd, SDState, 16), 1042 VMSTATE_UINT32(pwd_len, SDState), 1043 VMSTATE_UINT8_ARRAY(function_group, SDState, 6), 1044 VMSTATE_UINT8(current_cmd, SDState), 1045 VMSTATE_BOOL(expecting_acmd, SDState), 1046 VMSTATE_UINT32(blk_written, SDState), 1047 VMSTATE_UINT64(data_start, SDState), 1048 VMSTATE_UINT32(data_offset, SDState), 1049 VMSTATE_UINT8_ARRAY(data, SDState, 512), 1050 VMSTATE_UNUSED_V(1, 512), 1051 VMSTATE_UNUSED(1), 1052 VMSTATE_END_OF_LIST() 1053 }, 1054 .subsections = (const VMStateDescription * const []) { 1055 &sd_ocr_vmstate, 1056 &emmc_extcsd_vmstate, 1057 NULL 1058 }, 1059 }; 1060 1061 static void sd_blk_read(SDState *sd, uint64_t addr, uint32_t len) 1062 { 1063 trace_sdcard_read_block(addr, len); 1064 addr += sd_bootpart_offset(sd); 1065 if (!sd->blk || blk_pread(sd->blk, addr, len, sd->data, 0) < 0) { 1066 fprintf(stderr, "sd_blk_read: read error on host side\n"); 1067 } 1068 } 1069 1070 static void sd_blk_write(SDState *sd, uint64_t addr, uint32_t len) 1071 { 1072 trace_sdcard_write_block(addr, len); 1073 addr += sd_bootpart_offset(sd); 1074 if (!sd->blk || blk_pwrite(sd->blk, addr, len, sd->data, 0) < 0) { 1075 fprintf(stderr, "sd_blk_write: write error on host side\n"); 1076 } 1077 } 1078 1079 static void sd_erase(SDState *sd) 1080 { 1081 uint64_t erase_start = sd->erase_start; 1082 uint64_t erase_end = sd->erase_end; 1083 bool sdsc = true; 1084 uint64_t wpnum; 1085 uint64_t erase_addr; 1086 int erase_len = 1 << HWBLOCK_SHIFT; 1087 1088 trace_sdcard_erase(sd->erase_start, sd->erase_end); 1089 if (sd->erase_start == INVALID_ADDRESS 1090 || sd->erase_end == INVALID_ADDRESS) { 1091 sd->card_status |= ERASE_SEQ_ERROR; 1092 sd->erase_start = INVALID_ADDRESS; 1093 sd->erase_end = INVALID_ADDRESS; 1094 return; 1095 } 1096 1097 if (FIELD_EX32(sd->ocr, OCR, CARD_CAPACITY)) { 1098 /* High capacity memory card: erase units are 512 byte blocks */ 1099 erase_start <<= HWBLOCK_SHIFT; 1100 erase_end <<= HWBLOCK_SHIFT; 1101 sdsc = false; 1102 } 1103 1104 if (erase_start > sd->size || erase_end > sd->size) { 1105 sd->card_status |= OUT_OF_RANGE; 1106 sd->erase_start = INVALID_ADDRESS; 1107 sd->erase_end = INVALID_ADDRESS; 1108 return; 1109 } 1110 1111 sd->erase_start = INVALID_ADDRESS; 1112 sd->erase_end = INVALID_ADDRESS; 1113 sd->csd[14] |= 0x40; 1114 1115 memset(sd->data, 0xff, erase_len); 1116 for (erase_addr = erase_start; erase_addr <= erase_end; 1117 erase_addr += erase_len) { 1118 if (sdsc) { 1119 /* Only SDSC cards support write protect groups */ 1120 wpnum = sd_addr_to_wpnum(erase_addr); 1121 assert(wpnum < sd->wp_group_bits); 1122 if (test_bit(wpnum, sd->wp_group_bmap)) { 1123 sd->card_status |= WP_ERASE_SKIP; 1124 continue; 1125 } 1126 } 1127 sd_blk_write(sd, erase_addr, erase_len); 1128 } 1129 } 1130 1131 static uint32_t sd_wpbits(SDState *sd, uint64_t addr) 1132 { 1133 uint32_t i, wpnum; 1134 uint32_t ret = 0; 1135 1136 wpnum = sd_addr_to_wpnum(addr); 1137 1138 for (i = 0; i < 32; i++, wpnum++, addr += WPGROUP_SIZE) { 1139 if (addr >= sd->size) { 1140 /* 1141 * If the addresses of the last groups are outside the valid range, 1142 * then the corresponding write protection bits shall be set to 0. 1143 */ 1144 continue; 1145 } 1146 assert(wpnum < sd->wp_group_bits); 1147 if (test_bit(wpnum, sd->wp_group_bmap)) { 1148 ret |= (1 << i); 1149 } 1150 } 1151 1152 return ret; 1153 } 1154 1155 enum ExtCsdAccessMode { 1156 EXT_CSD_ACCESS_MODE_COMMAND_SET = 0, 1157 EXT_CSD_ACCESS_MODE_SET_BITS = 1, 1158 EXT_CSD_ACCESS_MODE_CLEAR_BITS = 2, 1159 EXT_CSD_ACCESS_MODE_WRITE_BYTE = 3 1160 }; 1161 1162 static void emmc_function_switch(SDState *sd, uint32_t arg) 1163 { 1164 uint8_t access = extract32(arg, 24, 2); 1165 uint8_t index = extract32(arg, 16, 8); 1166 uint8_t value = extract32(arg, 8, 8); 1167 uint8_t b = sd->ext_csd[index]; 1168 1169 trace_sdcard_switch(access, index, value, extract32(arg, 0, 2)); 1170 1171 if (index >= 192) { 1172 qemu_log_mask(LOG_GUEST_ERROR, "MMC switching illegal offset\n"); 1173 sd->card_status |= R_CSR_SWITCH_ERROR_MASK; 1174 return; 1175 } 1176 1177 switch (access) { 1178 case EXT_CSD_ACCESS_MODE_COMMAND_SET: 1179 qemu_log_mask(LOG_UNIMP, "MMC Command set switching not supported\n"); 1180 return; 1181 case EXT_CSD_ACCESS_MODE_SET_BITS: 1182 b |= value; 1183 break; 1184 case EXT_CSD_ACCESS_MODE_CLEAR_BITS: 1185 b &= ~value; 1186 break; 1187 case EXT_CSD_ACCESS_MODE_WRITE_BYTE: 1188 b = value; 1189 break; 1190 } 1191 1192 trace_sdcard_ext_csd_update(index, sd->ext_csd[index], b); 1193 sd->ext_csd[index] = b; 1194 } 1195 1196 static void sd_function_switch(SDState *sd, uint32_t arg) 1197 { 1198 int i, mode, new_func; 1199 mode = !!(arg & 0x80000000); 1200 1201 sd->data[0] = 0x00; /* Maximum current consumption */ 1202 sd->data[1] = 0x01; 1203 sd->data[2] = 0x80; /* Supported group 6 functions */ 1204 sd->data[3] = 0x01; 1205 sd->data[4] = 0x80; /* Supported group 5 functions */ 1206 sd->data[5] = 0x01; 1207 sd->data[6] = 0x80; /* Supported group 4 functions */ 1208 sd->data[7] = 0x01; 1209 sd->data[8] = 0x80; /* Supported group 3 functions */ 1210 sd->data[9] = 0x01; 1211 sd->data[10] = 0x80; /* Supported group 2 functions */ 1212 sd->data[11] = 0x43; 1213 sd->data[12] = 0x80; /* Supported group 1 functions */ 1214 sd->data[13] = 0x03; 1215 1216 memset(&sd->data[14], 0, 3); 1217 for (i = 0; i < 6; i ++) { 1218 new_func = (arg >> (i * 4)) & 0x0f; 1219 if (mode && new_func != 0x0f) 1220 sd->function_group[i] = new_func; 1221 sd->data[16 - (i >> 1)] |= new_func << ((i % 2) * 4); 1222 } 1223 memset(&sd->data[17], 0, 47); 1224 } 1225 1226 static inline bool sd_wp_addr(SDState *sd, uint64_t addr) 1227 { 1228 return test_bit(sd_addr_to_wpnum(addr), sd->wp_group_bmap); 1229 } 1230 1231 static void sd_lock_command(SDState *sd) 1232 { 1233 int erase, lock, clr_pwd, set_pwd, pwd_len; 1234 erase = !!(sd->data[0] & 0x08); 1235 lock = sd->data[0] & 0x04; 1236 clr_pwd = sd->data[0] & 0x02; 1237 set_pwd = sd->data[0] & 0x01; 1238 1239 if (sd->blk_len > 1) 1240 pwd_len = sd->data[1]; 1241 else 1242 pwd_len = 0; 1243 1244 if (lock) { 1245 trace_sdcard_lock(); 1246 } else { 1247 trace_sdcard_unlock(); 1248 } 1249 if (erase) { 1250 if (!(sd->card_status & CARD_IS_LOCKED) || sd->blk_len > 1 || 1251 set_pwd || clr_pwd || lock || sd->wp_switch || 1252 (sd->csd[14] & 0x20)) { 1253 sd->card_status |= LOCK_UNLOCK_FAILED; 1254 return; 1255 } 1256 bitmap_zero(sd->wp_group_bmap, sd->wp_group_bits); 1257 sd->csd[14] &= ~0x10; 1258 sd->card_status &= ~CARD_IS_LOCKED; 1259 sd->pwd_len = 0; 1260 /* Erasing the entire card here! */ 1261 fprintf(stderr, "SD: Card force-erased by CMD42\n"); 1262 return; 1263 } 1264 1265 if (sd->blk_len < 2 + pwd_len || 1266 pwd_len <= sd->pwd_len || 1267 pwd_len > sd->pwd_len + 16) { 1268 sd->card_status |= LOCK_UNLOCK_FAILED; 1269 return; 1270 } 1271 1272 if (sd->pwd_len && memcmp(sd->pwd, sd->data + 2, sd->pwd_len)) { 1273 sd->card_status |= LOCK_UNLOCK_FAILED; 1274 return; 1275 } 1276 1277 pwd_len -= sd->pwd_len; 1278 if ((pwd_len && !set_pwd) || 1279 (clr_pwd && (set_pwd || lock)) || 1280 (lock && !sd->pwd_len && !set_pwd) || 1281 (!set_pwd && !clr_pwd && 1282 (((sd->card_status & CARD_IS_LOCKED) && lock) || 1283 (!(sd->card_status & CARD_IS_LOCKED) && !lock)))) { 1284 sd->card_status |= LOCK_UNLOCK_FAILED; 1285 return; 1286 } 1287 1288 if (set_pwd) { 1289 memcpy(sd->pwd, sd->data + 2 + sd->pwd_len, pwd_len); 1290 sd->pwd_len = pwd_len; 1291 } 1292 1293 if (clr_pwd) { 1294 sd->pwd_len = 0; 1295 } 1296 1297 if (lock) 1298 sd->card_status |= CARD_IS_LOCKED; 1299 else 1300 sd->card_status &= ~CARD_IS_LOCKED; 1301 } 1302 1303 static bool address_in_range(SDState *sd, const char *desc, 1304 uint64_t addr, uint32_t length) 1305 { 1306 if (addr + length > sd->size) { 1307 qemu_log_mask(LOG_GUEST_ERROR, 1308 "%s offset %"PRIu64" > card %"PRIu64" [%%%u]\n", 1309 desc, addr, sd->size, length); 1310 sd->card_status |= ADDRESS_ERROR; 1311 return false; 1312 } 1313 return true; 1314 } 1315 1316 static sd_rsp_type_t sd_invalid_state_for_cmd(SDState *sd, SDRequest req) 1317 { 1318 qemu_log_mask(LOG_GUEST_ERROR, "%s: CMD%i in a wrong state: %s (spec %s)\n", 1319 sd->proto->name, req.cmd, sd_state_name(sd->state), 1320 sd_version_str(sd->spec_version)); 1321 1322 return sd_illegal; 1323 } 1324 1325 static sd_rsp_type_t sd_invalid_mode_for_cmd(SDState *sd, SDRequest req) 1326 { 1327 qemu_log_mask(LOG_GUEST_ERROR, "%s: CMD%i in a wrong mode: %s (spec %s)\n", 1328 sd->proto->name, req.cmd, sd_mode_name(sd->mode), 1329 sd_version_str(sd->spec_version)); 1330 1331 return sd_illegal; 1332 } 1333 1334 static sd_rsp_type_t sd_cmd_illegal(SDState *sd, SDRequest req) 1335 { 1336 qemu_log_mask(LOG_GUEST_ERROR, "%s: Unknown CMD%i for spec %s\n", 1337 sd->proto->name, req.cmd, 1338 sd_version_str(sd->spec_version)); 1339 1340 return sd_illegal; 1341 } 1342 1343 /* Commands that are recognised but not yet implemented. */ 1344 static sd_rsp_type_t sd_cmd_unimplemented(SDState *sd, SDRequest req) 1345 { 1346 qemu_log_mask(LOG_UNIMP, "%s: CMD%i not implemented\n", 1347 sd->proto->name, req.cmd); 1348 1349 return sd_illegal; 1350 } 1351 1352 static sd_rsp_type_t sd_cmd_optional(SDState *sd, SDRequest req) 1353 { 1354 qemu_log_mask(LOG_UNIMP, "%s: Optional CMD%i not implemented\n", 1355 sd->proto->name, req.cmd); 1356 1357 return sd_illegal; 1358 } 1359 1360 /* Configure fields for following sd_generic_write_byte() calls */ 1361 static sd_rsp_type_t sd_cmd_to_receivingdata(SDState *sd, SDRequest req, 1362 uint64_t start, size_t size) 1363 { 1364 if (sd->state != sd_transfer_state) { 1365 return sd_invalid_state_for_cmd(sd, req); 1366 } 1367 sd->state = sd_receivingdata_state; 1368 sd->data_start = start; 1369 sd->data_offset = 0; 1370 /* sd->data[] used as receive buffer */ 1371 sd->data_size = size ?: sizeof(sd->data); 1372 return sd_r1; 1373 } 1374 1375 /* Configure fields for following sd_generic_read_byte() calls */ 1376 static sd_rsp_type_t sd_cmd_to_sendingdata(SDState *sd, SDRequest req, 1377 uint64_t start, 1378 const void *data, size_t size) 1379 { 1380 if (sd->state != sd_transfer_state) { 1381 return sd_invalid_state_for_cmd(sd, req); 1382 } 1383 1384 sd->state = sd_sendingdata_state; 1385 sd->data_start = start; 1386 sd->data_offset = 0; 1387 if (data) { 1388 assert(size > 0 && size <= sizeof(sd->data)); 1389 memcpy(sd->data, data, size); 1390 } 1391 if (size) { 1392 sd->data_size = size; 1393 } 1394 return sd_r1; 1395 } 1396 1397 /* CMD0 */ 1398 static sd_rsp_type_t sd_cmd_GO_IDLE_STATE(SDState *sd, SDRequest req) 1399 { 1400 if (sd->state == sd_sleep_state) { 1401 switch (req.arg) { 1402 case 0x00000000: 1403 case 0xf0f0f0f0: 1404 break; 1405 default: 1406 return sd_r0; 1407 } 1408 } 1409 if (sd->state != sd_inactive_state) { 1410 sd->state = sd_idle_state; 1411 sd_reset(DEVICE(sd)); 1412 } 1413 1414 return sd_is_spi(sd) ? sd_r1 : sd_r0; 1415 } 1416 1417 /* CMD2 */ 1418 static sd_rsp_type_t sd_cmd_ALL_SEND_CID(SDState *sd, SDRequest req) 1419 { 1420 switch (sd->state) { 1421 case sd_ready_state: 1422 sd->state = sd_identification_state; 1423 return sd_r2_i; 1424 default: 1425 return sd_invalid_state_for_cmd(sd, req); 1426 } 1427 } 1428 1429 /* CMD3 */ 1430 static sd_rsp_type_t sd_cmd_SEND_RELATIVE_ADDR(SDState *sd, SDRequest req) 1431 { 1432 uint16_t random_rca; 1433 1434 switch (sd->state) { 1435 case sd_identification_state: 1436 case sd_standby_state: 1437 sd->state = sd_standby_state; 1438 qemu_guest_getrandom_nofail(&random_rca, sizeof(random_rca)); 1439 sd_set_rca(sd, random_rca); 1440 return sd_r6; 1441 1442 default: 1443 return sd_invalid_state_for_cmd(sd, req); 1444 } 1445 } 1446 1447 static sd_rsp_type_t emmc_cmd_SET_RELATIVE_ADDR(SDState *sd, SDRequest req) 1448 { 1449 switch (sd->state) { 1450 case sd_identification_state: 1451 case sd_standby_state: 1452 sd->state = sd_standby_state; 1453 sd_set_rca(sd, req.arg >> 16); 1454 return sd_r1; 1455 1456 default: 1457 return sd_invalid_state_for_cmd(sd, req); 1458 } 1459 } 1460 1461 /* CMD5 */ 1462 static sd_rsp_type_t emmc_cmd_sleep_awake(SDState *sd, SDRequest req) 1463 { 1464 bool do_sleep = extract32(req.arg, 15, 1); 1465 1466 switch (sd->state) { 1467 case sd_sleep_state: 1468 if (!do_sleep) { 1469 /* Awake */ 1470 sd->state = sd_standby_state; 1471 } 1472 return sd_r1b; 1473 1474 case sd_standby_state: 1475 if (do_sleep) { 1476 sd->state = sd_sleep_state; 1477 } 1478 return sd_r1b; 1479 1480 default: 1481 return sd_invalid_state_for_cmd(sd, req); 1482 } 1483 } 1484 1485 /* CMD6 */ 1486 static sd_rsp_type_t sd_cmd_SWITCH_FUNCTION(SDState *sd, SDRequest req) 1487 { 1488 if (sd->mode != sd_data_transfer_mode) { 1489 return sd_invalid_mode_for_cmd(sd, req); 1490 } 1491 if (sd_is_spi(sd)) { 1492 if (sd->state == sd_idle_state) { 1493 return sd_invalid_state_for_cmd(sd, req); 1494 } 1495 } else { 1496 if (sd->state != sd_transfer_state) { 1497 return sd_invalid_state_for_cmd(sd, req); 1498 } 1499 } 1500 1501 sd_function_switch(sd, req.arg); 1502 return sd_cmd_to_sendingdata(sd, req, 0, NULL, 64); 1503 } 1504 1505 static sd_rsp_type_t emmc_cmd_SWITCH(SDState *sd, SDRequest req) 1506 { 1507 switch (sd->state) { 1508 case sd_transfer_state: 1509 sd->state = sd_programming_state; 1510 emmc_function_switch(sd, req.arg); 1511 sd->state = sd_transfer_state; 1512 return sd_r1b; 1513 default: 1514 return sd_invalid_state_for_cmd(sd, req); 1515 } 1516 } 1517 1518 /* CMD7 */ 1519 static sd_rsp_type_t sd_cmd_DE_SELECT_CARD(SDState *sd, SDRequest req) 1520 { 1521 bool same_rca = sd_req_rca_same(sd, req); 1522 1523 switch (sd->state) { 1524 case sd_standby_state: 1525 if (!same_rca) { 1526 return sd_r0; 1527 } 1528 sd->state = sd_transfer_state; 1529 return sd_r1b; 1530 1531 case sd_transfer_state: 1532 case sd_sendingdata_state: 1533 if (same_rca) { 1534 break; 1535 } 1536 sd->state = sd_standby_state; 1537 return sd_r1b; 1538 1539 case sd_disconnect_state: 1540 if (!same_rca) { 1541 return sd_r0; 1542 } 1543 sd->state = sd_programming_state; 1544 return sd_r1b; 1545 1546 case sd_programming_state: 1547 if (same_rca) { 1548 break; 1549 } 1550 sd->state = sd_disconnect_state; 1551 return sd_r1b; 1552 1553 default: 1554 break; 1555 } 1556 return sd_invalid_state_for_cmd(sd, req); 1557 } 1558 1559 /* CMD8 */ 1560 static sd_rsp_type_t sd_cmd_SEND_IF_COND(SDState *sd, SDRequest req) 1561 { 1562 if (sd->spec_version < SD_PHY_SPECv2_00_VERS) { 1563 return sd_cmd_illegal(sd, req); 1564 } 1565 if (sd->state != sd_idle_state) { 1566 return sd_invalid_state_for_cmd(sd, req); 1567 } 1568 sd->vhs = 0; 1569 1570 /* No response if not exactly one VHS bit is set. */ 1571 if (!(req.arg >> 8) || (req.arg >> (ctz32(req.arg & ~0xff) + 1))) { 1572 return sd_is_spi(sd) ? sd_r7 : sd_r0; 1573 } 1574 1575 /* Accept. */ 1576 sd->vhs = req.arg; 1577 return sd_r7; 1578 } 1579 1580 /* CMD8 */ 1581 static sd_rsp_type_t emmc_cmd_SEND_EXT_CSD(SDState *sd, SDRequest req) 1582 { 1583 if (sd->state != sd_transfer_state) { 1584 return sd_invalid_state_for_cmd(sd, req); 1585 } 1586 1587 return sd_cmd_to_sendingdata(sd, req, sd_req_get_address(sd, req), 1588 sd->ext_csd, sizeof(sd->ext_csd)); 1589 } 1590 1591 static sd_rsp_type_t spi_cmd_SEND_CxD(SDState *sd, SDRequest req, 1592 const void *data, size_t size) 1593 { 1594 if (sd->state != sd_standby_state) { 1595 return sd_invalid_state_for_cmd(sd, req); 1596 } 1597 return sd_cmd_to_sendingdata(sd, req, 0, data, size); 1598 } 1599 1600 /* CMD9 */ 1601 static sd_rsp_type_t spi_cmd_SEND_CSD(SDState *sd, SDRequest req) 1602 { 1603 return spi_cmd_SEND_CxD(sd, req, sd->csd, sizeof(sd->csd)); 1604 } 1605 1606 static sd_rsp_type_t sd_cmd_SEND_CSD(SDState *sd, SDRequest req) 1607 { 1608 if (sd->state != sd_standby_state) { 1609 return sd_invalid_state_for_cmd(sd, req); 1610 } 1611 1612 return sd_req_rca_same(sd, req) ? sd_r2_s : sd_r0; 1613 } 1614 1615 /* CMD10 */ 1616 static sd_rsp_type_t spi_cmd_SEND_CID(SDState *sd, SDRequest req) 1617 { 1618 return spi_cmd_SEND_CxD(sd, req, sd->cid, sizeof(sd->cid)); 1619 } 1620 1621 static sd_rsp_type_t sd_cmd_SEND_CID(SDState *sd, SDRequest req) 1622 { 1623 if (sd->state != sd_standby_state) { 1624 return sd_invalid_state_for_cmd(sd, req); 1625 } 1626 1627 return sd_req_rca_same(sd, req) ? sd_r2_i : sd_r0; 1628 } 1629 1630 /* CMD12 */ 1631 static sd_rsp_type_t sd_cmd_STOP_TRANSMISSION(SDState *sd, SDRequest req) 1632 { 1633 switch (sd->state) { 1634 case sd_sendingdata_state: 1635 sd->state = sd_transfer_state; 1636 return sd_r1b; 1637 case sd_receivingdata_state: 1638 sd->state = sd_programming_state; 1639 /* Bzzzzzzztt .... Operation complete. */ 1640 sd->state = sd_transfer_state; 1641 return sd_r1; 1642 default: 1643 return sd_invalid_state_for_cmd(sd, req); 1644 } 1645 } 1646 1647 /* CMD13 */ 1648 static sd_rsp_type_t sd_cmd_SEND_STATUS(SDState *sd, SDRequest req) 1649 { 1650 if (sd->mode != sd_data_transfer_mode) { 1651 return sd_invalid_mode_for_cmd(sd, req); 1652 } 1653 1654 switch (sd->state) { 1655 case sd_standby_state: 1656 case sd_transfer_state: 1657 case sd_sendingdata_state: 1658 case sd_receivingdata_state: 1659 case sd_programming_state: 1660 case sd_disconnect_state: 1661 break; 1662 default: 1663 return sd_invalid_state_for_cmd(sd, req); 1664 } 1665 1666 if (sd_is_spi(sd)) { 1667 return spi_r2; 1668 } 1669 1670 return sd_req_rca_same(sd, req) ? sd_r1 : sd_r0; 1671 } 1672 1673 /* CMD15 */ 1674 static sd_rsp_type_t sd_cmd_GO_INACTIVE_STATE(SDState *sd, SDRequest req) 1675 { 1676 if (sd->mode != sd_data_transfer_mode) { 1677 return sd_invalid_mode_for_cmd(sd, req); 1678 } 1679 switch (sd->state) { 1680 case sd_standby_state: 1681 case sd_transfer_state: 1682 case sd_sendingdata_state: 1683 case sd_receivingdata_state: 1684 case sd_programming_state: 1685 case sd_disconnect_state: 1686 break; 1687 default: 1688 return sd_invalid_state_for_cmd(sd, req); 1689 } 1690 if (sd_req_rca_same(sd, req)) { 1691 sd->state = sd_inactive_state; 1692 } 1693 1694 return sd_r0; 1695 } 1696 1697 /* CMD16 */ 1698 static sd_rsp_type_t sd_cmd_SET_BLOCKLEN(SDState *sd, SDRequest req) 1699 { 1700 if (sd->state != sd_transfer_state) { 1701 return sd_invalid_state_for_cmd(sd, req); 1702 } 1703 if (req.arg > (1 << HWBLOCK_SHIFT)) { 1704 sd->card_status |= BLOCK_LEN_ERROR; 1705 } else { 1706 trace_sdcard_set_blocklen(req.arg); 1707 sd->blk_len = req.arg; 1708 } 1709 1710 return sd_r1; 1711 } 1712 1713 /* CMD17 */ 1714 static sd_rsp_type_t sd_cmd_READ_SINGLE_BLOCK(SDState *sd, SDRequest req) 1715 { 1716 uint64_t addr; 1717 1718 if (sd->state != sd_transfer_state) { 1719 return sd_invalid_state_for_cmd(sd, req); 1720 } 1721 1722 addr = sd_req_get_address(sd, req); 1723 if (!address_in_range(sd, "READ_SINGLE_BLOCK", addr, sd->blk_len)) { 1724 return sd_r1; 1725 } 1726 1727 sd_blk_read(sd, addr, sd->blk_len); 1728 return sd_cmd_to_sendingdata(sd, req, addr, NULL, sd->blk_len); 1729 } 1730 1731 /* CMD19 */ 1732 static sd_rsp_type_t sd_cmd_SEND_TUNING_BLOCK(SDState *sd, SDRequest req) 1733 { 1734 if (sd->spec_version < SD_PHY_SPECv3_01_VERS) { 1735 return sd_cmd_illegal(sd, req); 1736 } 1737 1738 return sd_cmd_to_sendingdata(sd, req, 0, 1739 sd_tuning_block_pattern4, 1740 sizeof(sd_tuning_block_pattern4)); 1741 } 1742 1743 /* CMD23 */ 1744 static sd_rsp_type_t sd_cmd_SET_BLOCK_COUNT(SDState *sd, SDRequest req) 1745 { 1746 if (sd->spec_version < SD_PHY_SPECv3_01_VERS) { 1747 return sd_cmd_illegal(sd, req); 1748 } 1749 1750 if (sd->state != sd_transfer_state) { 1751 return sd_invalid_state_for_cmd(sd, req); 1752 } 1753 1754 sd->multi_blk_cnt = req.arg; 1755 if (sd_is_emmc(sd)) { 1756 sd->multi_blk_cnt &= 0xffff; 1757 } 1758 trace_sdcard_set_block_count(sd->multi_blk_cnt); 1759 1760 return sd_r1; 1761 } 1762 1763 /* CMD24 */ 1764 static sd_rsp_type_t sd_cmd_WRITE_SINGLE_BLOCK(SDState *sd, SDRequest req) 1765 { 1766 uint64_t addr; 1767 1768 if (sd->state != sd_transfer_state) { 1769 return sd_invalid_state_for_cmd(sd, req); 1770 } 1771 1772 addr = sd_req_get_address(sd, req); 1773 if (!address_in_range(sd, "WRITE_SINGLE_BLOCK", addr, sd->blk_len)) { 1774 return sd_r1; 1775 } 1776 1777 if (sd->size <= SDSC_MAX_CAPACITY) { 1778 if (sd_wp_addr(sd, addr)) { 1779 sd->card_status |= WP_VIOLATION; 1780 } 1781 } 1782 if (sd->csd[14] & 0x30) { 1783 sd->card_status |= WP_VIOLATION; 1784 } 1785 1786 sd->blk_written = 0; 1787 return sd_cmd_to_receivingdata(sd, req, addr, sd->blk_len); 1788 } 1789 1790 /* CMD26 */ 1791 static sd_rsp_type_t emmc_cmd_PROGRAM_CID(SDState *sd, SDRequest req) 1792 { 1793 return sd_cmd_to_receivingdata(sd, req, 0, sizeof(sd->cid)); 1794 } 1795 1796 /* CMD27 */ 1797 static sd_rsp_type_t sd_cmd_PROGRAM_CSD(SDState *sd, SDRequest req) 1798 { 1799 return sd_cmd_to_receivingdata(sd, req, 0, sizeof(sd->csd)); 1800 } 1801 1802 static sd_rsp_type_t sd_cmd_SET_CLR_WRITE_PROT(SDState *sd, SDRequest req, 1803 bool is_write) 1804 { 1805 uint64_t addr; 1806 1807 if (sd->size > SDSC_MAX_CAPACITY) { 1808 return sd_illegal; 1809 } 1810 1811 if (sd->state != sd_transfer_state) { 1812 return sd_invalid_state_for_cmd(sd, req); 1813 } 1814 1815 addr = sd_req_get_address(sd, req); 1816 if (!address_in_range(sd, is_write ? "SET_WRITE_PROT" : "CLR_WRITE_PROT", 1817 addr, 1)) { 1818 return sd_r1b; 1819 } 1820 1821 sd->state = sd_programming_state; 1822 if (is_write) { 1823 set_bit(sd_addr_to_wpnum(addr), sd->wp_group_bmap); 1824 } else { 1825 clear_bit(sd_addr_to_wpnum(addr), sd->wp_group_bmap); 1826 } 1827 /* Bzzzzzzztt .... Operation complete. */ 1828 sd->state = sd_transfer_state; 1829 return sd_r1; 1830 } 1831 1832 /* CMD28 */ 1833 static sd_rsp_type_t sd_cmd_SET_WRITE_PROT(SDState *sd, SDRequest req) 1834 { 1835 return sd_cmd_SET_CLR_WRITE_PROT(sd, req, true); 1836 } 1837 1838 /* CMD29 */ 1839 static sd_rsp_type_t sd_cmd_CLR_WRITE_PROT(SDState *sd, SDRequest req) 1840 { 1841 return sd_cmd_SET_CLR_WRITE_PROT(sd, req, false); 1842 } 1843 1844 /* CMD30 */ 1845 static sd_rsp_type_t sd_cmd_SEND_WRITE_PROT(SDState *sd, SDRequest req) 1846 { 1847 uint64_t addr; 1848 uint32_t data; 1849 1850 if (sd->size > SDSC_MAX_CAPACITY) { 1851 return sd_illegal; 1852 } 1853 1854 if (sd->state != sd_transfer_state) { 1855 return sd_invalid_state_for_cmd(sd, req); 1856 } 1857 1858 addr = sd_req_get_address(sd, req); 1859 if (!address_in_range(sd, "SEND_WRITE_PROT", addr, sd->blk_len)) { 1860 return sd_r1; 1861 } 1862 1863 data = sd_wpbits(sd, req.arg); 1864 return sd_cmd_to_sendingdata(sd, req, addr, &data, sizeof(data)); 1865 } 1866 1867 /* CMD32 */ 1868 static sd_rsp_type_t sd_cmd_ERASE_WR_BLK_START(SDState *sd, SDRequest req) 1869 { 1870 if (sd->state != sd_transfer_state) { 1871 return sd_invalid_state_for_cmd(sd, req); 1872 } 1873 sd->erase_start = req.arg; 1874 return sd_r1; 1875 } 1876 1877 /* CMD33 */ 1878 static sd_rsp_type_t sd_cmd_ERASE_WR_BLK_END(SDState *sd, SDRequest req) 1879 { 1880 if (sd->state != sd_transfer_state) { 1881 return sd_invalid_state_for_cmd(sd, req); 1882 } 1883 sd->erase_end = req.arg; 1884 return sd_r1; 1885 } 1886 1887 /* CMD38 */ 1888 static sd_rsp_type_t sd_cmd_ERASE(SDState *sd, SDRequest req) 1889 { 1890 if (sd->state != sd_transfer_state) { 1891 return sd_invalid_state_for_cmd(sd, req); 1892 } 1893 if (sd->csd[14] & 0x30) { 1894 sd->card_status |= WP_VIOLATION; 1895 return sd_r1b; 1896 } 1897 1898 sd->state = sd_programming_state; 1899 sd_erase(sd); 1900 /* Bzzzzzzztt .... Operation complete. */ 1901 sd->state = sd_transfer_state; 1902 return sd_r1b; 1903 } 1904 1905 /* CMD42 */ 1906 static sd_rsp_type_t sd_cmd_LOCK_UNLOCK(SDState *sd, SDRequest req) 1907 { 1908 return sd_cmd_to_receivingdata(sd, req, 0, 0); 1909 } 1910 1911 /* CMD55 */ 1912 static sd_rsp_type_t sd_cmd_APP_CMD(SDState *sd, SDRequest req) 1913 { 1914 switch (sd->state) { 1915 case sd_ready_state: 1916 case sd_identification_state: 1917 case sd_inactive_state: 1918 case sd_sleep_state: 1919 return sd_invalid_state_for_cmd(sd, req); 1920 case sd_idle_state: 1921 if (!sd_is_spi(sd) && sd_req_get_rca(sd, req) != 0x0000) { 1922 qemu_log_mask(LOG_GUEST_ERROR, 1923 "SD: illegal RCA 0x%04x for APP_CMD\n", req.cmd); 1924 } 1925 /* fall-through */ 1926 default: 1927 break; 1928 } 1929 if (!sd_is_spi(sd) && !sd_req_rca_same(sd, req)) { 1930 return sd_r0; 1931 } 1932 sd->expecting_acmd = true; 1933 sd->card_status |= APP_CMD; 1934 1935 return sd_r1; 1936 } 1937 1938 /* CMD56 */ 1939 static sd_rsp_type_t sd_cmd_GEN_CMD(SDState *sd, SDRequest req) 1940 { 1941 if (sd->state != sd_transfer_state) { 1942 return sd_invalid_state_for_cmd(sd, req); 1943 } 1944 1945 /* Vendor specific command: our model is RAZ/WI */ 1946 if (req.arg & 1) { 1947 memset(sd->data, 0, sizeof(sd->data)); 1948 return sd_cmd_to_sendingdata(sd, req, 0, NULL, 0); 1949 } else { 1950 return sd_cmd_to_receivingdata(sd, req, 0, 0); 1951 } 1952 } 1953 1954 /* CMD58 */ 1955 static sd_rsp_type_t spi_cmd_READ_OCR(SDState *sd, SDRequest req) 1956 { 1957 return sd_r3; 1958 } 1959 1960 /* CMD59 */ 1961 static sd_rsp_type_t spi_cmd_CRC_ON_OFF(SDState *sd, SDRequest req) 1962 { 1963 return sd_r1; 1964 } 1965 1966 /* ACMD6 */ 1967 static sd_rsp_type_t sd_acmd_SET_BUS_WIDTH(SDState *sd, SDRequest req) 1968 { 1969 if (sd->state != sd_transfer_state) { 1970 return sd_invalid_state_for_cmd(sd, req); 1971 } 1972 1973 sd->sd_status[0] &= 0x3f; 1974 sd->sd_status[0] |= (req.arg & 0x03) << 6; 1975 return sd_r1; 1976 } 1977 1978 /* ACMD13 */ 1979 static sd_rsp_type_t sd_acmd_SD_STATUS(SDState *sd, SDRequest req) 1980 { 1981 sd_rsp_type_t rsp; 1982 1983 rsp = sd_cmd_to_sendingdata(sd, req, 0, 1984 sd->sd_status, sizeof(sd->sd_status)); 1985 if (sd_is_spi(sd) && rsp != sd_illegal) { 1986 return spi_r2; 1987 } 1988 return rsp; 1989 } 1990 1991 /* ACMD22 */ 1992 static sd_rsp_type_t sd_acmd_SEND_NUM_WR_BLOCKS(SDState *sd, SDRequest req) 1993 { 1994 return sd_cmd_to_sendingdata(sd, req, 0, 1995 &sd->blk_written, sizeof(sd->blk_written)); 1996 } 1997 1998 /* ACMD23 */ 1999 static sd_rsp_type_t sd_acmd_SET_WR_BLK_ERASE_COUNT(SDState *sd, SDRequest req) 2000 { 2001 if (sd->state != sd_transfer_state) { 2002 return sd_invalid_state_for_cmd(sd, req); 2003 } 2004 return sd_r1; 2005 } 2006 2007 /* ACMD41 */ 2008 static sd_rsp_type_t sd_cmd_SEND_OP_COND(SDState *sd, SDRequest req) 2009 { 2010 if (sd->state != sd_idle_state) { 2011 return sd_invalid_state_for_cmd(sd, req); 2012 } 2013 2014 /* 2015 * If it's the first ACMD41 since reset, we need to decide 2016 * whether to power up. If this is not an enquiry ACMD41, 2017 * we immediately report power on and proceed below to the 2018 * ready state, but if it is, we set a timer to model a 2019 * delay for power up. This works around a bug in EDK2 2020 * UEFI, which sends an initial enquiry ACMD41, but 2021 * assumes that the card is in ready state as soon as it 2022 * sees the power up bit set. 2023 */ 2024 if (!FIELD_EX32(sd->ocr, OCR, CARD_POWER_UP)) { 2025 if ((req.arg & ACMD41_ENQUIRY_MASK) != 0) { 2026 timer_del(sd->ocr_power_timer); 2027 sd_ocr_powerup(sd); 2028 } else { 2029 trace_sdcard_inquiry_cmd41(); 2030 if (!timer_pending(sd->ocr_power_timer)) { 2031 timer_mod_ns(sd->ocr_power_timer, 2032 (qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) 2033 + OCR_POWER_DELAY_NS)); 2034 } 2035 } 2036 } 2037 2038 if (FIELD_EX32(sd->ocr & req.arg, OCR, VDD_VOLTAGE_WINDOW)) { 2039 /* 2040 * We accept any voltage. 10000 V is nothing. 2041 * 2042 * Once we're powered up, we advance straight to ready state 2043 * unless it's an enquiry ACMD41 (bits 23:0 == 0). 2044 */ 2045 sd->state = sd_ready_state; 2046 } 2047 2048 if (sd_is_spi(sd)) { 2049 return sd_r1; 2050 } 2051 return sd_r3; 2052 } 2053 2054 /* ACMD42 */ 2055 static sd_rsp_type_t sd_acmd_SET_CLR_CARD_DETECT(SDState *sd, SDRequest req) 2056 { 2057 if (sd->state != sd_transfer_state) { 2058 return sd_invalid_state_for_cmd(sd, req); 2059 } 2060 2061 /* Bringing in the 50KOhm pull-up resistor... Done. */ 2062 return sd_r1; 2063 } 2064 2065 /* ACMD51 */ 2066 static sd_rsp_type_t sd_acmd_SEND_SCR(SDState *sd, SDRequest req) 2067 { 2068 return sd_cmd_to_sendingdata(sd, req, 0, sd->scr, sizeof(sd->scr)); 2069 } 2070 2071 static sd_rsp_type_t sd_normal_command(SDState *sd, SDRequest req) 2072 { 2073 uint64_t addr; 2074 2075 sd->last_cmd_name = sd_cmd_name(sd, req.cmd); 2076 /* CMD55 precedes an ACMD, so we are not interested in tracing it. 2077 * However there is no ACMD55, so we want to trace this particular case. 2078 */ 2079 if (req.cmd != 55 || sd->expecting_acmd) { 2080 trace_sdcard_normal_command(sd->proto->name, 2081 sd->last_cmd_name, req.cmd, 2082 req.arg, sd_state_name(sd->state)); 2083 } 2084 2085 /* Not interpreting this as an app command */ 2086 sd->card_status &= ~APP_CMD; 2087 2088 /* CMD23 (set block count) must be immediately followed by CMD18 or CMD25 2089 * if not, its effects are cancelled */ 2090 if (sd->multi_blk_cnt != 0 && !(req.cmd == 18 || req.cmd == 25)) { 2091 sd->multi_blk_cnt = 0; 2092 } 2093 2094 if (sd->proto->cmd[req.cmd].class == 6 && FIELD_EX32(sd->ocr, OCR, 2095 CARD_CAPACITY)) { 2096 /* Only Standard Capacity cards support class 6 commands */ 2097 return sd_illegal; 2098 } 2099 2100 if (sd->proto->cmd[req.cmd].handler) { 2101 return sd->proto->cmd[req.cmd].handler(sd, req); 2102 } 2103 2104 switch (req.cmd) { 2105 /* Block read commands (Class 2) */ 2106 case 18: /* CMD18: READ_MULTIPLE_BLOCK */ 2107 addr = sd_req_get_address(sd, req); 2108 switch (sd->state) { 2109 case sd_transfer_state: 2110 2111 if (!address_in_range(sd, "READ_BLOCK", addr, sd->blk_len)) { 2112 return sd_r1; 2113 } 2114 2115 sd->state = sd_sendingdata_state; 2116 sd->data_start = addr; 2117 sd->data_offset = 0; 2118 return sd_r1; 2119 2120 default: 2121 break; 2122 } 2123 break; 2124 2125 /* Block write commands (Class 4) */ 2126 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */ 2127 addr = sd_req_get_address(sd, req); 2128 switch (sd->state) { 2129 case sd_transfer_state: 2130 2131 if (!address_in_range(sd, "WRITE_BLOCK", addr, sd->blk_len)) { 2132 return sd_r1; 2133 } 2134 2135 sd->state = sd_receivingdata_state; 2136 sd->data_start = addr; 2137 sd->data_offset = 0; 2138 sd->blk_written = 0; 2139 2140 if (sd->size <= SDSC_MAX_CAPACITY) { 2141 if (sd_wp_addr(sd, sd->data_start)) { 2142 sd->card_status |= WP_VIOLATION; 2143 } 2144 } 2145 if (sd->csd[14] & 0x30) { 2146 sd->card_status |= WP_VIOLATION; 2147 } 2148 return sd_r1; 2149 2150 default: 2151 break; 2152 } 2153 break; 2154 2155 default: 2156 qemu_log_mask(LOG_GUEST_ERROR, "SD: Unknown CMD%i\n", req.cmd); 2157 return sd_illegal; 2158 } 2159 2160 return sd_invalid_state_for_cmd(sd, req); 2161 } 2162 2163 static sd_rsp_type_t sd_app_command(SDState *sd, 2164 SDRequest req) 2165 { 2166 sd->last_cmd_name = sd_acmd_name(sd, req.cmd); 2167 trace_sdcard_app_command(sd->proto->name, sd->last_cmd_name, 2168 req.cmd, req.arg, sd_state_name(sd->state)); 2169 sd->card_status |= APP_CMD; 2170 2171 if (sd->proto->acmd[req.cmd].handler) { 2172 return sd->proto->acmd[req.cmd].handler(sd, req); 2173 } 2174 2175 switch (req.cmd) { 2176 case 18: /* Reserved for SD security applications */ 2177 case 25: 2178 case 26: 2179 case 38: 2180 case 43 ... 49: 2181 /* Refer to the "SD Specifications Part3 Security Specification" for 2182 * information about the SD Security Features. 2183 */ 2184 qemu_log_mask(LOG_UNIMP, "SD: CMD%i Security not implemented\n", 2185 req.cmd); 2186 return sd_illegal; 2187 2188 default: 2189 /* Fall back to standard commands. */ 2190 return sd_normal_command(sd, req); 2191 } 2192 2193 qemu_log_mask(LOG_GUEST_ERROR, "SD: ACMD%i in a wrong state\n", req.cmd); 2194 return sd_illegal; 2195 } 2196 2197 static bool cmd_valid_while_locked(SDState *sd, unsigned cmd) 2198 { 2199 unsigned cmd_class; 2200 2201 /* Valid commands in locked state: 2202 * basic class (0) 2203 * lock card class (7) 2204 * CMD16 2205 * implicitly, the ACMD prefix CMD55 2206 * ACMD41 and ACMD42 2207 * Anything else provokes an "illegal command" response. 2208 */ 2209 if (sd->expecting_acmd) { 2210 return cmd == 41 || cmd == 42; 2211 } 2212 if (cmd == 16 || cmd == 55) { 2213 return true; 2214 } 2215 if (!sd->proto->cmd[cmd].handler) { 2216 return false; 2217 } 2218 cmd_class = sd->proto->cmd[cmd].class; 2219 2220 return cmd_class == 0 || cmd_class == 7; 2221 } 2222 2223 static size_t sd_do_command(SDState *sd, SDRequest *req, 2224 uint8_t *response, size_t respsz) 2225 { 2226 int last_state; 2227 sd_rsp_type_t rtype; 2228 int rsplen; 2229 2230 if (!sd->blk || !blk_is_inserted(sd->blk)) { 2231 return 0; 2232 } 2233 2234 if (sd->state == sd_inactive_state) { 2235 rtype = sd_illegal; 2236 goto send_response; 2237 } 2238 2239 if (sd_req_crc_validate(req)) { 2240 sd->card_status |= COM_CRC_ERROR; 2241 rtype = sd_illegal; 2242 goto send_response; 2243 } 2244 2245 if (req->cmd >= SDMMC_CMD_MAX) { 2246 qemu_log_mask(LOG_GUEST_ERROR, "SD: incorrect command 0x%02x\n", 2247 req->cmd); 2248 req->cmd &= 0x3f; 2249 } 2250 2251 if (sd->state == sd_sleep_state && req->cmd) { 2252 qemu_log_mask(LOG_GUEST_ERROR, "SD: Card is sleeping\n"); 2253 rtype = sd_r0; 2254 goto send_response; 2255 } 2256 2257 if (sd->card_status & CARD_IS_LOCKED) { 2258 if (!cmd_valid_while_locked(sd, req->cmd)) { 2259 sd->card_status |= ILLEGAL_COMMAND; 2260 sd->expecting_acmd = false; 2261 qemu_log_mask(LOG_GUEST_ERROR, "SD: Card is locked\n"); 2262 rtype = sd_illegal; 2263 goto send_response; 2264 } 2265 } 2266 2267 last_state = sd->state; 2268 sd_set_mode(sd); 2269 2270 if (sd->expecting_acmd) { 2271 sd->expecting_acmd = false; 2272 rtype = sd_app_command(sd, *req); 2273 } else { 2274 rtype = sd_normal_command(sd, *req); 2275 } 2276 2277 if (rtype == sd_illegal) { 2278 sd->card_status |= ILLEGAL_COMMAND; 2279 } else { 2280 /* Valid command, we can update the 'state before command' bits. 2281 * (Do this now so they appear in r1 responses.) 2282 */ 2283 sd->card_status = FIELD_DP32(sd->card_status, CSR, 2284 CURRENT_STATE, last_state); 2285 } 2286 2287 send_response: 2288 rsplen = sd_response_size(sd, rtype); 2289 assert(rsplen <= respsz); 2290 2291 switch (rtype) { 2292 case sd_r1: 2293 case sd_r1b: 2294 sd_response_r1_make(sd, response); 2295 break; 2296 2297 case spi_r2: 2298 spi_response_r2_make(sd, response); 2299 break; 2300 2301 case sd_r2_i: 2302 memcpy(response, sd->cid, sizeof(sd->cid)); 2303 break; 2304 2305 case sd_r2_s: 2306 memcpy(response, sd->csd, sizeof(sd->csd)); 2307 break; 2308 2309 case sd_r3: 2310 sd_response_r3_make(sd, response); 2311 break; 2312 2313 case sd_r6: 2314 sd_response_r6_make(sd, response); 2315 break; 2316 2317 case sd_r7: 2318 sd_response_r7_make(sd, response); 2319 break; 2320 2321 case sd_r0: 2322 /* 2323 * Invalid state transition, reset implementation 2324 * fields to avoid OOB abuse. 2325 */ 2326 sd->data_start = 0; 2327 sd->data_offset = 0; 2328 /* fall-through */ 2329 case sd_illegal: 2330 break; 2331 default: 2332 g_assert_not_reached(); 2333 } 2334 trace_sdcard_response(sd_response_name(rtype), rsplen); 2335 2336 if (rtype != sd_illegal) { 2337 /* Clear the "clear on valid command" status bits now we've 2338 * sent any response 2339 */ 2340 sd->card_status &= ~CARD_STATUS_B; 2341 } 2342 2343 #ifdef DEBUG_SD 2344 qemu_hexdump(stderr, "Response", response, rsplen); 2345 #endif 2346 2347 sd->current_cmd = rtype == sd_illegal ? 0 : req->cmd; 2348 2349 return rsplen; 2350 } 2351 2352 /* Return true if buffer is consumed. Configured by sd_cmd_to_receivingdata() */ 2353 static bool sd_generic_write_byte(SDState *sd, uint8_t value) 2354 { 2355 sd->data[sd->data_offset] = value; 2356 2357 if (++sd->data_offset >= sd->data_size) { 2358 sd->state = sd_transfer_state; 2359 return true; 2360 } 2361 return false; 2362 } 2363 2364 /* Return true when buffer is consumed. Configured by sd_cmd_to_sendingdata() */ 2365 static bool sd_generic_read_byte(SDState *sd, uint8_t *value) 2366 { 2367 *value = sd->data[sd->data_offset]; 2368 2369 if (++sd->data_offset >= sd->data_size) { 2370 sd->state = sd_transfer_state; 2371 return true; 2372 } 2373 2374 return false; 2375 } 2376 2377 static void sd_write_byte(SDState *sd, uint8_t value) 2378 { 2379 int i; 2380 2381 if (!sd->blk || !blk_is_inserted(sd->blk)) { 2382 return; 2383 } 2384 2385 if (sd->state != sd_receivingdata_state) { 2386 qemu_log_mask(LOG_GUEST_ERROR, 2387 "%s: not in Receiving-Data state\n", __func__); 2388 return; 2389 } 2390 2391 if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION)) 2392 return; 2393 2394 trace_sdcard_write_data(sd->proto->name, 2395 sd->last_cmd_name, 2396 sd->current_cmd, sd->data_offset, value); 2397 switch (sd->current_cmd) { 2398 case 24: /* CMD24: WRITE_SINGLE_BLOCK */ 2399 if (sd_generic_write_byte(sd, value)) { 2400 /* TODO: Check CRC before committing */ 2401 sd->state = sd_programming_state; 2402 sd_blk_write(sd, sd->data_start, sd->data_offset); 2403 sd->blk_written ++; 2404 sd->csd[14] |= 0x40; 2405 /* Bzzzzzzztt .... Operation complete. */ 2406 sd->state = sd_transfer_state; 2407 } 2408 break; 2409 2410 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */ 2411 if (sd->data_offset == 0) { 2412 /* Start of the block - let's check the address is valid */ 2413 if (!address_in_range(sd, "WRITE_MULTIPLE_BLOCK", 2414 sd->data_start, sd->blk_len)) { 2415 break; 2416 } 2417 if (sd->size <= SDSC_MAX_CAPACITY) { 2418 if (sd_wp_addr(sd, sd->data_start)) { 2419 sd->card_status |= WP_VIOLATION; 2420 break; 2421 } 2422 } 2423 } 2424 sd->data[sd->data_offset++] = value; 2425 if (sd->data_offset >= sd->blk_len) { 2426 /* TODO: Check CRC before committing */ 2427 sd->state = sd_programming_state; 2428 sd_blk_write(sd, sd->data_start, sd->data_offset); 2429 sd->blk_written++; 2430 sd->data_start += sd->blk_len; 2431 sd->data_offset = 0; 2432 sd->csd[14] |= 0x40; 2433 2434 /* Bzzzzzzztt .... Operation complete. */ 2435 if (sd->multi_blk_cnt != 0) { 2436 if (--sd->multi_blk_cnt == 0) { 2437 /* Stop! */ 2438 sd->state = sd_transfer_state; 2439 break; 2440 } 2441 } 2442 2443 sd->state = sd_receivingdata_state; 2444 } 2445 break; 2446 2447 case 26: /* CMD26: PROGRAM_CID */ 2448 if (sd_generic_write_byte(sd, value)) { 2449 /* TODO: Check CRC before committing */ 2450 sd->state = sd_programming_state; 2451 for (i = 0; i < sizeof(sd->cid); i ++) 2452 if ((sd->cid[i] | 0x00) != sd->data[i]) 2453 sd->card_status |= CID_CSD_OVERWRITE; 2454 2455 if (!(sd->card_status & CID_CSD_OVERWRITE)) 2456 for (i = 0; i < sizeof(sd->cid); i ++) { 2457 sd->cid[i] |= 0x00; 2458 sd->cid[i] &= sd->data[i]; 2459 } 2460 /* Bzzzzzzztt .... Operation complete. */ 2461 sd->state = sd_transfer_state; 2462 } 2463 break; 2464 2465 case 27: /* CMD27: PROGRAM_CSD */ 2466 if (sd_generic_write_byte(sd, value)) { 2467 /* TODO: Check CRC before committing */ 2468 sd->state = sd_programming_state; 2469 for (i = 0; i < sizeof(sd->csd); i ++) 2470 if ((sd->csd[i] | sd_csd_rw_mask[i]) != 2471 (sd->data[i] | sd_csd_rw_mask[i])) 2472 sd->card_status |= CID_CSD_OVERWRITE; 2473 2474 /* Copy flag (OTP) & Permanent write protect */ 2475 if (sd->csd[14] & ~sd->data[14] & 0x60) 2476 sd->card_status |= CID_CSD_OVERWRITE; 2477 2478 if (!(sd->card_status & CID_CSD_OVERWRITE)) 2479 for (i = 0; i < sizeof(sd->csd); i ++) { 2480 sd->csd[i] |= sd_csd_rw_mask[i]; 2481 sd->csd[i] &= sd->data[i]; 2482 } 2483 /* Bzzzzzzztt .... Operation complete. */ 2484 sd->state = sd_transfer_state; 2485 } 2486 break; 2487 2488 case 42: /* CMD42: LOCK_UNLOCK */ 2489 if (sd_generic_write_byte(sd, value)) { 2490 /* TODO: Check CRC before committing */ 2491 sd->state = sd_programming_state; 2492 sd_lock_command(sd); 2493 /* Bzzzzzzztt .... Operation complete. */ 2494 sd->state = sd_transfer_state; 2495 } 2496 break; 2497 2498 case 56: /* CMD56: GEN_CMD */ 2499 sd_generic_write_byte(sd, value); 2500 break; 2501 2502 default: 2503 g_assert_not_reached(); 2504 } 2505 } 2506 2507 static uint8_t sd_read_byte(SDState *sd) 2508 { 2509 /* TODO: Append CRCs */ 2510 const uint8_t dummy_byte = 0x00; 2511 uint8_t ret; 2512 uint32_t io_len; 2513 2514 if (!sd->blk || !blk_is_inserted(sd->blk)) { 2515 return dummy_byte; 2516 } 2517 2518 if (sd->state != sd_sendingdata_state) { 2519 qemu_log_mask(LOG_GUEST_ERROR, 2520 "%s: not in Sending-Data state\n", __func__); 2521 return dummy_byte; 2522 } 2523 2524 if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION)) { 2525 return dummy_byte; 2526 } 2527 2528 io_len = sd_blk_len(sd); 2529 2530 trace_sdcard_read_data(sd->proto->name, 2531 sd->last_cmd_name, sd->current_cmd, 2532 sd->data_offset, sd->data_size, io_len); 2533 switch (sd->current_cmd) { 2534 case 6: /* CMD6: SWITCH_FUNCTION */ 2535 case 8: /* CMD8: SEND_EXT_CSD */ 2536 case 9: /* CMD9: SEND_CSD */ 2537 case 10: /* CMD10: SEND_CID */ 2538 case 13: /* ACMD13: SD_STATUS */ 2539 case 17: /* CMD17: READ_SINGLE_BLOCK */ 2540 case 19: /* CMD19: SEND_TUNING_BLOCK (SD) */ 2541 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */ 2542 case 30: /* CMD30: SEND_WRITE_PROT */ 2543 case 51: /* ACMD51: SEND_SCR */ 2544 case 56: /* CMD56: GEN_CMD */ 2545 sd_generic_read_byte(sd, &ret); 2546 break; 2547 2548 case 18: /* CMD18: READ_MULTIPLE_BLOCK */ 2549 if (sd->data_offset == 0) { 2550 if (!address_in_range(sd, "READ_MULTIPLE_BLOCK", 2551 sd->data_start, io_len)) { 2552 return dummy_byte; 2553 } 2554 sd_blk_read(sd, sd->data_start, io_len); 2555 } 2556 ret = sd->data[sd->data_offset ++]; 2557 2558 if (sd->data_offset >= io_len) { 2559 sd->data_start += io_len; 2560 sd->data_offset = 0; 2561 2562 if (sd->multi_blk_cnt != 0) { 2563 if (--sd->multi_blk_cnt == 0) { 2564 /* Stop! */ 2565 sd->state = sd_transfer_state; 2566 break; 2567 } 2568 } 2569 } 2570 break; 2571 2572 default: 2573 qemu_log_mask(LOG_GUEST_ERROR, "%s: DAT read illegal for command %s\n", 2574 __func__, sd->last_cmd_name); 2575 return dummy_byte; 2576 } 2577 2578 return ret; 2579 } 2580 2581 static bool sd_receive_ready(SDState *sd) 2582 { 2583 return sd->state == sd_receivingdata_state; 2584 } 2585 2586 static bool sd_data_ready(SDState *sd) 2587 { 2588 return sd->state == sd_sendingdata_state; 2589 } 2590 2591 static const SDProto sd_proto_spi = { 2592 .name = "SPI", 2593 .cmd = { 2594 [0] = {0, sd_spi, "GO_IDLE_STATE", sd_cmd_GO_IDLE_STATE}, 2595 [1] = {0, sd_spi, "SEND_OP_COND", sd_cmd_SEND_OP_COND}, 2596 [5] = {9, sd_spi, "IO_SEND_OP_COND", sd_cmd_optional}, 2597 [6] = {10, sd_spi, "SWITCH_FUNCTION", sd_cmd_SWITCH_FUNCTION}, 2598 [8] = {0, sd_spi, "SEND_IF_COND", sd_cmd_SEND_IF_COND}, 2599 [9] = {0, sd_spi, "SEND_CSD", spi_cmd_SEND_CSD}, 2600 [10] = {0, sd_spi, "SEND_CID", spi_cmd_SEND_CID}, 2601 [12] = {0, sd_spi, "STOP_TRANSMISSION", sd_cmd_STOP_TRANSMISSION}, 2602 [13] = {0, sd_spi, "SEND_STATUS", sd_cmd_SEND_STATUS}, 2603 [16] = {2, sd_spi, "SET_BLOCKLEN", sd_cmd_SET_BLOCKLEN}, 2604 [17] = {2, sd_spi, "READ_SINGLE_BLOCK", sd_cmd_READ_SINGLE_BLOCK}, 2605 [24] = {4, sd_spi, "WRITE_SINGLE_BLOCK", sd_cmd_WRITE_SINGLE_BLOCK}, 2606 [27] = {4, sd_spi, "PROGRAM_CSD", sd_cmd_PROGRAM_CSD}, 2607 [28] = {6, sd_spi, "SET_WRITE_PROT", sd_cmd_SET_WRITE_PROT}, 2608 [29] = {6, sd_spi, "CLR_WRITE_PROT", sd_cmd_CLR_WRITE_PROT}, 2609 [30] = {6, sd_spi, "SEND_WRITE_PROT", sd_cmd_SEND_WRITE_PROT}, 2610 [32] = {5, sd_spi, "ERASE_WR_BLK_START", sd_cmd_ERASE_WR_BLK_START}, 2611 [33] = {5, sd_spi, "ERASE_WR_BLK_END", sd_cmd_ERASE_WR_BLK_END}, 2612 [34] = {10, sd_spi, "READ_SEC_CMD", sd_cmd_optional}, 2613 [35] = {10, sd_spi, "WRITE_SEC_CMD", sd_cmd_optional}, 2614 [36] = {10, sd_spi, "SEND_PSI", sd_cmd_optional}, 2615 [37] = {10, sd_spi, "CONTROL_ASSD_SYSTEM", sd_cmd_optional}, 2616 [38] = {5, sd_spi, "ERASE", sd_cmd_ERASE}, 2617 [42] = {7, sd_spi, "LOCK_UNLOCK", sd_cmd_LOCK_UNLOCK}, 2618 [50] = {10, sd_spi, "DIRECT_SECURE_READ", sd_cmd_optional}, 2619 [52] = {9, sd_spi, "IO_RW_DIRECT", sd_cmd_optional}, 2620 [53] = {9, sd_spi, "IO_RW_EXTENDED", sd_cmd_optional}, 2621 [55] = {8, sd_spi, "APP_CMD", sd_cmd_APP_CMD}, 2622 [56] = {8, sd_spi, "GEN_CMD", sd_cmd_GEN_CMD}, 2623 [57] = {10, sd_spi, "DIRECT_SECURE_WRITE", sd_cmd_optional}, 2624 [58] = {0, sd_spi, "READ_OCR", spi_cmd_READ_OCR}, 2625 [59] = {0, sd_spi, "CRC_ON_OFF", spi_cmd_CRC_ON_OFF}, 2626 }, 2627 .acmd = { 2628 [13] = {8, sd_spi, "SD_STATUS", sd_acmd_SD_STATUS}, 2629 [22] = {8, sd_spi, "SEND_NUM_WR_BLOCKS", sd_acmd_SEND_NUM_WR_BLOCKS}, 2630 [23] = {8, sd_spi, "SET_WR_BLK_ERASE_COUNT", sd_acmd_SET_WR_BLK_ERASE_COUNT}, 2631 [41] = {8, sd_spi, "SEND_OP_COND", sd_cmd_SEND_OP_COND}, 2632 [42] = {8, sd_spi, "SET_CLR_CARD_DETECT", sd_acmd_SET_CLR_CARD_DETECT}, 2633 [51] = {8, sd_spi, "SEND_SCR", sd_acmd_SEND_SCR}, 2634 }, 2635 }; 2636 2637 static const SDProto sd_proto_sd = { 2638 .name = "SD", 2639 .cmd = { 2640 [0] = {0, sd_bc, "GO_IDLE_STATE", sd_cmd_GO_IDLE_STATE}, 2641 [2] = {0, sd_bcr, "ALL_SEND_CID", sd_cmd_ALL_SEND_CID}, 2642 [3] = {0, sd_bcr, "SEND_RELATIVE_ADDR", sd_cmd_SEND_RELATIVE_ADDR}, 2643 [4] = {0, sd_bc, "SEND_DSR", sd_cmd_unimplemented}, 2644 [5] = {9, sd_bc, "IO_SEND_OP_COND", sd_cmd_optional}, 2645 [6] = {10, sd_adtc, "SWITCH_FUNCTION", sd_cmd_SWITCH_FUNCTION}, 2646 [7] = {0, sd_ac, "(DE)SELECT_CARD", sd_cmd_DE_SELECT_CARD}, 2647 [8] = {0, sd_bcr, "SEND_IF_COND", sd_cmd_SEND_IF_COND}, 2648 [9] = {0, sd_ac, "SEND_CSD", sd_cmd_SEND_CSD}, 2649 [10] = {0, sd_ac, "SEND_CID", sd_cmd_SEND_CID}, 2650 [11] = {0, sd_ac, "VOLTAGE_SWITCH", sd_cmd_optional}, 2651 [12] = {0, sd_ac, "STOP_TRANSMISSION", sd_cmd_STOP_TRANSMISSION}, 2652 [13] = {0, sd_ac, "SEND_STATUS", sd_cmd_SEND_STATUS}, 2653 [15] = {0, sd_ac, "GO_INACTIVE_STATE", sd_cmd_GO_INACTIVE_STATE}, 2654 [16] = {2, sd_ac, "SET_BLOCKLEN", sd_cmd_SET_BLOCKLEN}, 2655 [17] = {2, sd_adtc, "READ_SINGLE_BLOCK", sd_cmd_READ_SINGLE_BLOCK}, 2656 [19] = {2, sd_adtc, "SEND_TUNING_BLOCK", sd_cmd_SEND_TUNING_BLOCK}, 2657 [20] = {2, sd_ac, "SPEED_CLASS_CONTROL", sd_cmd_optional}, 2658 [23] = {2, sd_ac, "SET_BLOCK_COUNT", sd_cmd_SET_BLOCK_COUNT}, 2659 [24] = {4, sd_adtc, "WRITE_SINGLE_BLOCK", sd_cmd_WRITE_SINGLE_BLOCK}, 2660 [27] = {4, sd_adtc, "PROGRAM_CSD", sd_cmd_PROGRAM_CSD}, 2661 [28] = {6, sd_ac, "SET_WRITE_PROT", sd_cmd_SET_WRITE_PROT}, 2662 [29] = {6, sd_ac, "CLR_WRITE_PROT", sd_cmd_CLR_WRITE_PROT}, 2663 [30] = {6, sd_adtc, "SEND_WRITE_PROT", sd_cmd_SEND_WRITE_PROT}, 2664 [32] = {5, sd_ac, "ERASE_WR_BLK_START", sd_cmd_ERASE_WR_BLK_START}, 2665 [33] = {5, sd_ac, "ERASE_WR_BLK_END", sd_cmd_ERASE_WR_BLK_END}, 2666 [34] = {10, sd_adtc, "READ_SEC_CMD", sd_cmd_optional}, 2667 [35] = {10, sd_adtc, "WRITE_SEC_CMD", sd_cmd_optional}, 2668 [36] = {10, sd_adtc, "SEND_PSI", sd_cmd_optional}, 2669 [37] = {10, sd_ac, "CONTROL_ASSD_SYSTEM", sd_cmd_optional}, 2670 [38] = {5, sd_ac, "ERASE", sd_cmd_ERASE}, 2671 [42] = {7, sd_adtc, "LOCK_UNLOCK", sd_cmd_LOCK_UNLOCK}, 2672 [43] = {1, sd_ac, "Q_MANAGEMENT", sd_cmd_optional}, 2673 [44] = {1, sd_ac, "Q_TASK_INFO_A", sd_cmd_optional}, 2674 [45] = {1, sd_ac, "Q_TASK_INFO_B", sd_cmd_optional}, 2675 [46] = {1, sd_adtc, "Q_RD_TASK", sd_cmd_optional}, 2676 [47] = {1, sd_adtc, "Q_WR_TASK", sd_cmd_optional}, 2677 [48] = {1, sd_adtc, "READ_EXTR_SINGLE", sd_cmd_optional}, 2678 [49] = {1, sd_adtc, "WRITE_EXTR_SINGLE", sd_cmd_optional}, 2679 [50] = {10, sd_adtc, "DIRECT_SECURE_READ", sd_cmd_optional}, 2680 [52] = {9, sd_bc, "IO_RW_DIRECT", sd_cmd_optional}, 2681 [53] = {9, sd_bc, "IO_RW_EXTENDED", sd_cmd_optional}, 2682 [55] = {8, sd_ac, "APP_CMD", sd_cmd_APP_CMD}, 2683 [56] = {8, sd_adtc, "GEN_CMD", sd_cmd_GEN_CMD}, 2684 [57] = {10, sd_adtc, "DIRECT_SECURE_WRITE", sd_cmd_optional}, 2685 [58] = {11, sd_adtc, "READ_EXTR_MULTI", sd_cmd_optional}, 2686 [59] = {11, sd_adtc, "WRITE_EXTR_MULTI", sd_cmd_optional}, 2687 }, 2688 .acmd = { 2689 [6] = {8, sd_ac, "SET_BUS_WIDTH", sd_acmd_SET_BUS_WIDTH}, 2690 [13] = {8, sd_adtc, "SD_STATUS", sd_acmd_SD_STATUS}, 2691 [22] = {8, sd_adtc, "SEND_NUM_WR_BLOCKS", sd_acmd_SEND_NUM_WR_BLOCKS}, 2692 [23] = {8, sd_ac, "SET_WR_BLK_ERASE_COUNT", sd_acmd_SET_WR_BLK_ERASE_COUNT}, 2693 [41] = {8, sd_bcr, "SEND_OP_COND", sd_cmd_SEND_OP_COND}, 2694 [42] = {8, sd_ac, "SET_CLR_CARD_DETECT", sd_acmd_SET_CLR_CARD_DETECT}, 2695 [51] = {8, sd_adtc, "SEND_SCR", sd_acmd_SEND_SCR}, 2696 }, 2697 }; 2698 2699 static const SDProto sd_proto_emmc = { 2700 /* Only v4.3 is supported */ 2701 .name = "eMMC", 2702 .cmd = { 2703 [0] = {0, sd_bc, "GO_IDLE_STATE", sd_cmd_GO_IDLE_STATE}, 2704 [1] = {0, sd_bcr, "SEND_OP_COND", sd_cmd_SEND_OP_COND}, 2705 [2] = {0, sd_bcr, "ALL_SEND_CID", sd_cmd_ALL_SEND_CID}, 2706 [3] = {0, sd_ac, "SET_RELATIVE_ADDR", emmc_cmd_SET_RELATIVE_ADDR}, 2707 [4] = {0, sd_bc, "SEND_DSR", sd_cmd_unimplemented}, 2708 [5] = {0, sd_ac, "SLEEP/AWAKE", emmc_cmd_sleep_awake}, 2709 [6] = {10, sd_adtc, "SWITCH", emmc_cmd_SWITCH}, 2710 [7] = {0, sd_ac, "(DE)SELECT_CARD", sd_cmd_DE_SELECT_CARD}, 2711 [8] = {0, sd_adtc, "SEND_EXT_CSD", emmc_cmd_SEND_EXT_CSD}, 2712 [9] = {0, sd_ac, "SEND_CSD", sd_cmd_SEND_CSD}, 2713 [10] = {0, sd_ac, "SEND_CID", sd_cmd_SEND_CID}, 2714 [11] = {1, sd_adtc, "READ_DAT_UNTIL_STOP", sd_cmd_unimplemented}, 2715 [12] = {0, sd_ac, "STOP_TRANSMISSION", sd_cmd_STOP_TRANSMISSION}, 2716 [13] = {0, sd_ac, "SEND_STATUS", sd_cmd_SEND_STATUS}, 2717 [14] = {0, sd_adtc, "BUSTEST_R", sd_cmd_unimplemented}, 2718 [15] = {0, sd_ac, "GO_INACTIVE_STATE", sd_cmd_GO_INACTIVE_STATE}, 2719 [16] = {2, sd_ac, "SET_BLOCKLEN", sd_cmd_SET_BLOCKLEN}, 2720 [17] = {2, sd_adtc, "READ_SINGLE_BLOCK", sd_cmd_READ_SINGLE_BLOCK}, 2721 [19] = {0, sd_adtc, "BUSTEST_W", sd_cmd_unimplemented}, 2722 [20] = {3, sd_adtc, "WRITE_DAT_UNTIL_STOP", sd_cmd_unimplemented}, 2723 [23] = {2, sd_ac, "SET_BLOCK_COUNT", sd_cmd_SET_BLOCK_COUNT}, 2724 [24] = {4, sd_adtc, "WRITE_SINGLE_BLOCK", sd_cmd_WRITE_SINGLE_BLOCK}, 2725 [26] = {4, sd_adtc, "PROGRAM_CID", emmc_cmd_PROGRAM_CID}, 2726 [27] = {4, sd_adtc, "PROGRAM_CSD", sd_cmd_PROGRAM_CSD}, 2727 [28] = {6, sd_ac, "SET_WRITE_PROT", sd_cmd_SET_WRITE_PROT}, 2728 [29] = {6, sd_ac, "CLR_WRITE_PROT", sd_cmd_CLR_WRITE_PROT}, 2729 [30] = {6, sd_adtc, "SEND_WRITE_PROT", sd_cmd_SEND_WRITE_PROT}, 2730 [31] = {6, sd_adtc, "SEND_WRITE_PROT_TYPE", sd_cmd_unimplemented}, 2731 [35] = {5, sd_ac, "ERASE_WR_BLK_START", sd_cmd_ERASE_WR_BLK_START}, 2732 [36] = {5, sd_ac, "ERASE_WR_BLK_END", sd_cmd_ERASE_WR_BLK_END}, 2733 [38] = {5, sd_ac, "ERASE", sd_cmd_ERASE}, 2734 [39] = {9, sd_ac, "FAST_IO", sd_cmd_unimplemented}, 2735 [40] = {9, sd_bcr, "GO_IRQ_STATE", sd_cmd_unimplemented}, 2736 [42] = {7, sd_adtc, "LOCK_UNLOCK", sd_cmd_LOCK_UNLOCK}, 2737 [49] = {0, sd_adtc, "SET_TIME", sd_cmd_unimplemented}, 2738 [55] = {8, sd_ac, "APP_CMD", sd_cmd_APP_CMD}, 2739 [56] = {8, sd_adtc, "GEN_CMD", sd_cmd_GEN_CMD}, 2740 }, 2741 }; 2742 2743 static void sd_instance_init(Object *obj) 2744 { 2745 SDState *sd = SDMMC_COMMON(obj); 2746 SDCardClass *sc = SDMMC_COMMON_GET_CLASS(sd); 2747 2748 sd->proto = sc->proto; 2749 sd->last_cmd_name = "UNSET"; 2750 sd->ocr_power_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, sd_ocr_powerup, sd); 2751 } 2752 2753 static void sd_instance_finalize(Object *obj) 2754 { 2755 SDState *sd = SDMMC_COMMON(obj); 2756 2757 timer_free(sd->ocr_power_timer); 2758 } 2759 2760 static void sd_realize(DeviceState *dev, Error **errp) 2761 { 2762 SDState *sd = SDMMC_COMMON(dev); 2763 int ret; 2764 2765 switch (sd->spec_version) { 2766 case SD_PHY_SPECv1_10_VERS 2767 ... SD_PHY_SPECv3_01_VERS: 2768 break; 2769 default: 2770 error_setg(errp, "Invalid SD card Spec version: %u", sd->spec_version); 2771 return; 2772 } 2773 2774 if (sd->blk) { 2775 int64_t blk_size; 2776 2777 if (!blk_supports_write_perm(sd->blk)) { 2778 error_setg(errp, "Cannot use read-only drive as SD card"); 2779 return; 2780 } 2781 2782 blk_size = blk_getlength(sd->blk); 2783 if (blk_size > 0 && !is_power_of_2(blk_size)) { 2784 int64_t blk_size_aligned = pow2ceil(blk_size); 2785 char *blk_size_str; 2786 2787 blk_size_str = size_to_str(blk_size); 2788 error_setg(errp, "Invalid SD card size: %s", blk_size_str); 2789 g_free(blk_size_str); 2790 2791 blk_size_str = size_to_str(blk_size_aligned); 2792 error_append_hint(errp, 2793 "SD card size has to be a power of 2, e.g. %s.\n" 2794 "You can resize disk images with" 2795 " 'qemu-img resize <imagefile> <new-size>'\n" 2796 "(note that this will lose data if you make the" 2797 " image smaller than it currently is).\n", 2798 blk_size_str); 2799 g_free(blk_size_str); 2800 2801 return; 2802 } 2803 2804 ret = blk_set_perm(sd->blk, BLK_PERM_CONSISTENT_READ | BLK_PERM_WRITE, 2805 BLK_PERM_ALL, errp); 2806 if (ret < 0) { 2807 return; 2808 } 2809 blk_set_dev_ops(sd->blk, &sd_block_ops, sd); 2810 } 2811 } 2812 2813 static void emmc_realize(DeviceState *dev, Error **errp) 2814 { 2815 SDState *sd = SDMMC_COMMON(dev); 2816 2817 sd->spec_version = SD_PHY_SPECv3_01_VERS; /* Actually v4.3 */ 2818 2819 sd_realize(dev, errp); 2820 } 2821 2822 static const Property sdmmc_common_properties[] = { 2823 DEFINE_PROP_DRIVE("drive", SDState, blk), 2824 }; 2825 2826 static const Property sd_properties[] = { 2827 DEFINE_PROP_UINT8("spec_version", SDState, 2828 spec_version, SD_PHY_SPECv3_01_VERS), 2829 }; 2830 2831 static const Property emmc_properties[] = { 2832 DEFINE_PROP_UINT64("boot-partition-size", SDState, boot_part_size, 0), 2833 DEFINE_PROP_UINT8("boot-config", SDState, boot_config, 0x0), 2834 }; 2835 2836 static void sdmmc_common_class_init(ObjectClass *klass, const void *data) 2837 { 2838 DeviceClass *dc = DEVICE_CLASS(klass); 2839 SDCardClass *sc = SDMMC_COMMON_CLASS(klass); 2840 2841 device_class_set_props(dc, sdmmc_common_properties); 2842 dc->vmsd = &sd_vmstate; 2843 device_class_set_legacy_reset(dc, sd_reset); 2844 dc->bus_type = TYPE_SD_BUS; 2845 set_bit(DEVICE_CATEGORY_STORAGE, dc->categories); 2846 2847 sc->set_voltage = sd_set_voltage; 2848 sc->get_dat_lines = sd_get_dat_lines; 2849 sc->get_cmd_line = sd_get_cmd_line; 2850 sc->do_command = sd_do_command; 2851 sc->write_byte = sd_write_byte; 2852 sc->read_byte = sd_read_byte; 2853 sc->receive_ready = sd_receive_ready; 2854 sc->data_ready = sd_data_ready; 2855 sc->get_inserted = sd_get_inserted; 2856 sc->get_readonly = sd_get_readonly; 2857 } 2858 2859 static void sd_class_init(ObjectClass *klass, const void *data) 2860 { 2861 DeviceClass *dc = DEVICE_CLASS(klass); 2862 SDCardClass *sc = SDMMC_COMMON_CLASS(klass); 2863 2864 dc->realize = sd_realize; 2865 device_class_set_props(dc, sd_properties); 2866 2867 sc->set_cid = sd_set_cid; 2868 sc->set_csd = sd_set_csd; 2869 sc->proto = &sd_proto_sd; 2870 } 2871 2872 /* 2873 * We do not model the chip select pin, so allow the board to select 2874 * whether card should be in SSI or MMC/SD mode. It is also up to the 2875 * board to ensure that ssi transfers only occur when the chip select 2876 * is asserted. 2877 */ 2878 static void sd_spi_class_init(ObjectClass *klass, const void *data) 2879 { 2880 DeviceClass *dc = DEVICE_CLASS(klass); 2881 SDCardClass *sc = SDMMC_COMMON_CLASS(klass); 2882 2883 dc->desc = "SD SPI"; 2884 sc->proto = &sd_proto_spi; 2885 } 2886 2887 static void emmc_class_init(ObjectClass *klass, const void *data) 2888 { 2889 DeviceClass *dc = DEVICE_CLASS(klass); 2890 SDCardClass *sc = SDMMC_COMMON_CLASS(klass); 2891 2892 dc->desc = "eMMC"; 2893 dc->realize = emmc_realize; 2894 device_class_set_props(dc, emmc_properties); 2895 /* Reason: Soldered on board */ 2896 dc->user_creatable = false; 2897 2898 sc->proto = &sd_proto_emmc; 2899 2900 sc->set_cid = emmc_set_cid; 2901 sc->set_csd = emmc_set_csd; 2902 } 2903 2904 static const TypeInfo sd_types[] = { 2905 { 2906 .name = TYPE_SDMMC_COMMON, 2907 .parent = TYPE_DEVICE, 2908 .abstract = true, 2909 .instance_size = sizeof(SDState), 2910 .class_size = sizeof(SDCardClass), 2911 .class_init = sdmmc_common_class_init, 2912 .instance_init = sd_instance_init, 2913 .instance_finalize = sd_instance_finalize, 2914 }, 2915 { 2916 .name = TYPE_SD_CARD, 2917 .parent = TYPE_SDMMC_COMMON, 2918 .class_init = sd_class_init, 2919 }, 2920 { 2921 .name = TYPE_SD_CARD_SPI, 2922 .parent = TYPE_SD_CARD, 2923 .class_init = sd_spi_class_init, 2924 }, 2925 { 2926 .name = TYPE_EMMC, 2927 .parent = TYPE_SDMMC_COMMON, 2928 .class_init = emmc_class_init, 2929 }, 2930 }; 2931 2932 DEFINE_TYPES(sd_types) 2933