1 /* 2 * SD Memory Card emulation as defined in the "SD Memory Card Physical 3 * layer specification, Version 2.00." 4 * 5 * eMMC emulation defined in "JEDEC Standard No. 84-A43" 6 * 7 * Copyright (c) 2006 Andrzej Zaborowski <balrog@zabor.org> 8 * Copyright (c) 2007 CodeSourcery 9 * Copyright (c) 2018 Philippe Mathieu-Daudé <f4bug@amsat.org> 10 * 11 * Redistribution and use in source and binary forms, with or without 12 * modification, are permitted provided that the following conditions 13 * are met: 14 * 15 * 1. Redistributions of source code must retain the above copyright 16 * notice, this list of conditions and the following disclaimer. 17 * 2. Redistributions in binary form must reproduce the above copyright 18 * notice, this list of conditions and the following disclaimer in 19 * the documentation and/or other materials provided with the 20 * distribution. 21 * 22 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' 23 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, 24 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A 25 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR 26 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 27 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 28 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 29 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY 30 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 31 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 32 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 33 */ 34 35 #include "qemu/osdep.h" 36 #include "qemu/units.h" 37 #include "qemu/cutils.h" 38 #include "hw/irq.h" 39 #include "hw/registerfields.h" 40 #include "system/block-backend.h" 41 #include "hw/sd/sd.h" 42 #include "migration/vmstate.h" 43 #include "qapi/error.h" 44 #include "qemu/bitmap.h" 45 #include "hw/qdev-properties.h" 46 #include "hw/qdev-properties-system.h" 47 #include "qemu/error-report.h" 48 #include "qemu/timer.h" 49 #include "qemu/log.h" 50 #include "qemu/guest-random.h" 51 #include "qemu/module.h" 52 #include "sdmmc-internal.h" 53 #include "trace.h" 54 55 //#define DEBUG_SD 1 56 57 #define SDSC_MAX_CAPACITY (2 * GiB) 58 59 #define INVALID_ADDRESS UINT32_MAX 60 61 typedef enum { 62 sd_r0 = 0, /* no response */ 63 sd_r1, /* normal response command */ 64 spi_r2, /* STATUS */ 65 sd_r2_i, /* CID register */ 66 sd_r2_s, /* CSD register */ 67 sd_r3, /* OCR register */ 68 sd_r6 = 6, /* Published RCA response */ 69 sd_r7, /* Operating voltage */ 70 sd_r1b = -1, 71 sd_illegal = -2, 72 } sd_rsp_type_t; 73 74 typedef enum { 75 sd_spi, 76 sd_bc, /* broadcast -- no response */ 77 sd_bcr, /* broadcast with response */ 78 sd_ac, /* addressed -- no data transfer */ 79 sd_adtc, /* addressed with data transfer */ 80 } sd_cmd_type_t; 81 82 enum SDCardModes { 83 sd_inactive, 84 sd_card_identification_mode, 85 sd_data_transfer_mode, 86 }; 87 88 enum SDCardStates { 89 sd_waitirq_state = -2, /* emmc */ 90 sd_inactive_state = -1, 91 92 sd_idle_state = 0, 93 sd_ready_state = 1, 94 sd_identification_state = 2, 95 sd_standby_state = 3, 96 sd_transfer_state = 4, 97 sd_sendingdata_state = 5, 98 sd_receivingdata_state = 6, 99 sd_programming_state = 7, 100 sd_disconnect_state = 8, 101 sd_bus_test_state = 9, /* emmc */ 102 sd_sleep_state = 10, /* emmc */ 103 sd_io_state = 15 /* sd */ 104 }; 105 106 #define SDMMC_CMD_MAX 64 107 108 typedef sd_rsp_type_t (*sd_cmd_handler)(SDState *sd, SDRequest req); 109 110 typedef struct SDProto { 111 const char *name; 112 struct { 113 const unsigned class; 114 const sd_cmd_type_t type; 115 const char *name; 116 sd_cmd_handler handler; 117 } cmd[SDMMC_CMD_MAX], acmd[SDMMC_CMD_MAX]; 118 } SDProto; 119 120 struct SDState { 121 DeviceState parent_obj; 122 123 /* SD Memory Card Registers */ 124 uint32_t ocr; 125 uint8_t scr[8]; 126 uint8_t cid[16]; 127 uint8_t csd[16]; 128 uint16_t rca; 129 uint32_t card_status; 130 uint8_t sd_status[64]; 131 union { 132 uint8_t ext_csd[512]; 133 struct { 134 uint8_t ext_csd_rw[192]; /* Modes segment */ 135 uint8_t ext_csd_ro[320]; /* Properties segment */ 136 }; 137 }; 138 139 /* Static properties */ 140 141 uint8_t spec_version; 142 uint64_t boot_part_size; 143 BlockBackend *blk; 144 uint8_t boot_config; 145 146 const SDProto *proto; 147 148 /* Runtime changeables */ 149 150 uint32_t mode; /* current card mode, one of SDCardModes */ 151 int32_t state; /* current card state, one of SDCardStates */ 152 uint32_t vhs; 153 bool wp_switch; 154 unsigned long *wp_group_bmap; 155 int32_t wp_group_bits; 156 uint64_t size; 157 uint32_t blk_len; 158 uint32_t multi_blk_cnt; 159 uint32_t erase_start; 160 uint32_t erase_end; 161 uint8_t pwd[16]; 162 uint32_t pwd_len; 163 uint8_t function_group[6]; 164 uint8_t current_cmd; 165 const char *last_cmd_name; 166 /* True if we will handle the next command as an ACMD. Note that this does 167 * *not* track the APP_CMD status bit! 168 */ 169 bool expecting_acmd; 170 uint32_t blk_written; 171 172 uint64_t data_start; 173 uint32_t data_offset; 174 size_t data_size; 175 uint8_t data[512]; 176 QEMUTimer *ocr_power_timer; 177 uint8_t dat_lines; 178 bool cmd_line; 179 }; 180 181 static void sd_realize(DeviceState *dev, Error **errp); 182 183 static const SDProto sd_proto_spi; 184 static const SDProto sd_proto_emmc; 185 186 static bool sd_is_spi(SDState *sd) 187 { 188 return sd->proto == &sd_proto_spi; 189 } 190 191 static bool sd_is_emmc(SDState *sd) 192 { 193 return sd->proto == &sd_proto_emmc; 194 } 195 196 static const char *sd_version_str(enum SDPhySpecificationVersion version) 197 { 198 static const char *sdphy_version[] = { 199 [SD_PHY_SPECv1_10_VERS] = "v1.10", 200 [SD_PHY_SPECv2_00_VERS] = "v2.00", 201 [SD_PHY_SPECv3_01_VERS] = "v3.01", 202 }; 203 if (version >= ARRAY_SIZE(sdphy_version)) { 204 return "unsupported version"; 205 } 206 return sdphy_version[version]; 207 } 208 209 static const char *sd_mode_name(enum SDCardModes mode) 210 { 211 static const char *mode_name[] = { 212 [sd_inactive] = "inactive", 213 [sd_card_identification_mode] = "identification", 214 [sd_data_transfer_mode] = "transfer", 215 }; 216 assert(mode < ARRAY_SIZE(mode_name)); 217 return mode_name[mode]; 218 } 219 220 static const char *sd_state_name(enum SDCardStates state) 221 { 222 static const char *state_name[] = { 223 [sd_idle_state] = "idle", 224 [sd_ready_state] = "ready", 225 [sd_identification_state] = "identification", 226 [sd_standby_state] = "standby", 227 [sd_transfer_state] = "transfer", 228 [sd_sendingdata_state] = "sendingdata", 229 [sd_bus_test_state] = "bus-test", 230 [sd_receivingdata_state] = "receivingdata", 231 [sd_programming_state] = "programming", 232 [sd_disconnect_state] = "disconnect", 233 [sd_sleep_state] = "sleep", 234 [sd_io_state] = "i/o" 235 }; 236 if (state == sd_inactive_state) { 237 return "inactive"; 238 } 239 if (state == sd_waitirq_state) { 240 return "wait-irq"; 241 } 242 assert(state < ARRAY_SIZE(state_name)); 243 return state_name[state]; 244 } 245 246 static const char *sd_response_name(sd_rsp_type_t rsp) 247 { 248 static const char *response_name[] = { 249 [sd_r0] = "RESP#0 (no response)", 250 [sd_r1] = "RESP#1 (normal cmd)", 251 [spi_r2] = "RESP#2 (STATUS reg)", 252 [sd_r2_i] = "RESP#2 (CID reg)", 253 [sd_r2_s] = "RESP#2 (CSD reg)", 254 [sd_r3] = "RESP#3 (OCR reg)", 255 [sd_r6] = "RESP#6 (RCA)", 256 [sd_r7] = "RESP#7 (operating voltage)", 257 }; 258 if (rsp == sd_illegal) { 259 return "ILLEGAL RESP"; 260 } 261 if (rsp == sd_r1b) { 262 rsp = sd_r1; 263 } 264 assert(rsp < ARRAY_SIZE(response_name)); 265 return response_name[rsp]; 266 } 267 268 static const char *sd_cmd_name(SDState *sd, uint8_t cmd) 269 { 270 static const char *cmd_abbrev[SDMMC_CMD_MAX] = { 271 [18] = "READ_MULTIPLE_BLOCK", 272 [25] = "WRITE_MULTIPLE_BLOCK", 273 }; 274 const SDProto *sdp = sd->proto; 275 276 if (sdp->cmd[cmd].handler) { 277 assert(!cmd_abbrev[cmd]); 278 return sdp->cmd[cmd].name; 279 } 280 return cmd_abbrev[cmd] ? cmd_abbrev[cmd] : "UNKNOWN_CMD"; 281 } 282 283 static const char *sd_acmd_name(SDState *sd, uint8_t cmd) 284 { 285 const SDProto *sdp = sd->proto; 286 287 if (sdp->acmd[cmd].handler) { 288 return sdp->acmd[cmd].name; 289 } 290 291 return "UNKNOWN_ACMD"; 292 } 293 294 static uint8_t sd_get_dat_lines(SDState *sd) 295 { 296 return sd->dat_lines; 297 } 298 299 static bool sd_get_cmd_line(SDState *sd) 300 { 301 return sd->cmd_line; 302 } 303 304 static void sd_set_voltage(SDState *sd, uint16_t millivolts) 305 { 306 trace_sdcard_set_voltage(millivolts); 307 308 switch (millivolts) { 309 case 3001 ... 3600: /* SD_VOLTAGE_3_3V */ 310 case 2001 ... 3000: /* SD_VOLTAGE_3_0V */ 311 break; 312 default: 313 qemu_log_mask(LOG_GUEST_ERROR, "SD card voltage not supported: %.3fV", 314 millivolts / 1000.f); 315 } 316 } 317 318 static void sd_set_mode(SDState *sd) 319 { 320 switch (sd->state) { 321 case sd_inactive_state: 322 sd->mode = sd_inactive; 323 break; 324 325 case sd_idle_state: 326 case sd_ready_state: 327 case sd_identification_state: 328 sd->mode = sd_card_identification_mode; 329 break; 330 331 case sd_standby_state: 332 case sd_transfer_state: 333 case sd_sendingdata_state: 334 case sd_receivingdata_state: 335 case sd_programming_state: 336 case sd_disconnect_state: 337 sd->mode = sd_data_transfer_mode; 338 break; 339 } 340 } 341 342 static uint8_t sd_crc7(const void *message, size_t width) 343 { 344 int i, bit; 345 uint8_t shift_reg = 0x00; 346 const uint8_t *msg = (const uint8_t *)message; 347 348 for (i = 0; i < width; i ++, msg ++) 349 for (bit = 7; bit >= 0; bit --) { 350 shift_reg <<= 1; 351 if ((shift_reg >> 7) ^ ((*msg >> bit) & 1)) 352 shift_reg ^= 0x89; 353 } 354 355 return shift_reg; 356 } 357 358 /* Operation Conditions register */ 359 360 #define OCR_POWER_DELAY_NS 500000 /* 0.5ms */ 361 362 FIELD(OCR, VDD_VOLTAGE_WINDOW, 0, 24) 363 FIELD(OCR, VDD_VOLTAGE_WIN_LO, 0, 8) 364 FIELD(OCR, DUAL_VOLTAGE_CARD, 7, 1) 365 FIELD(OCR, VDD_VOLTAGE_WIN_HI, 8, 16) 366 FIELD(OCR, ACCEPT_SWITCH_1V8, 24, 1) /* Only UHS-I */ 367 FIELD(OCR, UHS_II_CARD, 29, 1) /* Only UHS-II */ 368 FIELD(OCR, CARD_CAPACITY, 30, 1) /* 0:SDSC, 1:SDHC/SDXC */ 369 FIELD(OCR, CARD_POWER_UP, 31, 1) 370 371 #define ACMD41_ENQUIRY_MASK 0x00ffffff 372 #define ACMD41_R3_MASK (R_OCR_VDD_VOLTAGE_WIN_HI_MASK \ 373 | R_OCR_ACCEPT_SWITCH_1V8_MASK \ 374 | R_OCR_UHS_II_CARD_MASK \ 375 | R_OCR_CARD_CAPACITY_MASK \ 376 | R_OCR_CARD_POWER_UP_MASK) 377 378 static void sd_ocr_powerup(void *opaque) 379 { 380 SDState *sd = opaque; 381 382 trace_sdcard_powerup(); 383 assert(!FIELD_EX32(sd->ocr, OCR, CARD_POWER_UP)); 384 385 /* card power-up OK */ 386 sd->ocr = FIELD_DP32(sd->ocr, OCR, CARD_POWER_UP, 1); 387 388 if (sd->size > SDSC_MAX_CAPACITY) { 389 sd->ocr = FIELD_DP32(sd->ocr, OCR, CARD_CAPACITY, 1); 390 } 391 } 392 393 static void sd_set_ocr(SDState *sd) 394 { 395 /* All voltages OK */ 396 sd->ocr = R_OCR_VDD_VOLTAGE_WIN_HI_MASK; 397 398 if (sd_is_spi(sd)) { 399 /* 400 * We don't need to emulate power up sequence in SPI-mode. 401 * Thus, the card's power up status bit should be set to 1 when reset. 402 * The card's capacity status bit should also be set if SD card size 403 * is larger than 2GB for SDHC support. 404 */ 405 sd_ocr_powerup(sd); 406 } 407 } 408 409 /* SD Configuration register */ 410 411 static void sd_set_scr(SDState *sd) 412 { 413 sd->scr[0] = 0 << 4; /* SCR structure version 1.0 */ 414 if (sd->spec_version == SD_PHY_SPECv1_10_VERS) { 415 sd->scr[0] |= 1; /* Spec Version 1.10 */ 416 } else { 417 sd->scr[0] |= 2; /* Spec Version 2.00 or Version 3.0X */ 418 } 419 sd->scr[1] = (2 << 4) /* SDSC Card (Security Version 1.01) */ 420 | 0b0101; /* 1-bit or 4-bit width bus modes */ 421 sd->scr[2] = 0x00; /* Extended Security is not supported. */ 422 if (sd->spec_version >= SD_PHY_SPECv3_01_VERS) { 423 sd->scr[2] |= 1 << 7; /* Spec Version 3.0X */ 424 } 425 sd->scr[3] = 0x00; 426 /* reserved for manufacturer usage */ 427 sd->scr[4] = 0x00; 428 sd->scr[5] = 0x00; 429 sd->scr[6] = 0x00; 430 sd->scr[7] = 0x00; 431 } 432 433 /* Card IDentification register */ 434 435 #define MID 0xaa 436 #define OID "XY" 437 #define PNM "QEMU!" 438 #define PRV 0x01 439 #define MDT_YR 2006 440 #define MDT_MON 2 441 442 static void sd_set_cid(SDState *sd) 443 { 444 sd->cid[0] = MID; /* Fake card manufacturer ID (MID) */ 445 sd->cid[1] = OID[0]; /* OEM/Application ID (OID) */ 446 sd->cid[2] = OID[1]; 447 sd->cid[3] = PNM[0]; /* Fake product name (PNM) */ 448 sd->cid[4] = PNM[1]; 449 sd->cid[5] = PNM[2]; 450 sd->cid[6] = PNM[3]; 451 sd->cid[7] = PNM[4]; 452 sd->cid[8] = PRV; /* Fake product revision (PRV) */ 453 stl_be_p(&sd->cid[9], 0xdeadbeef); /* Fake serial number (PSN) */ 454 sd->cid[13] = 0x00 | /* Manufacture date (MDT) */ 455 ((MDT_YR - 2000) / 10); 456 sd->cid[14] = ((MDT_YR % 10) << 4) | MDT_MON; 457 sd->cid[15] = (sd_crc7(sd->cid, 15) << 1) | 1; 458 } 459 460 static void emmc_set_cid(SDState *sd) 461 { 462 sd->cid[0] = MID; /* Fake card manufacturer ID (MID) */ 463 sd->cid[1] = 0b01; /* CBX: soldered BGA */ 464 sd->cid[2] = OID[0]; /* OEM/Application ID (OID) */ 465 sd->cid[3] = PNM[0]; /* Fake product name (PNM) */ 466 sd->cid[4] = PNM[1]; 467 sd->cid[5] = PNM[2]; 468 sd->cid[6] = PNM[3]; 469 sd->cid[7] = PNM[4]; 470 sd->cid[8] = PNM[4]; 471 sd->cid[9] = PRV; /* Fake product revision (PRV) */ 472 stl_be_p(&sd->cid[10], 0xdeadbeef); /* Fake serial number (PSN) */ 473 sd->cid[14] = (MDT_MON << 4) | (MDT_YR - 1997); /* Manufacture date (MDT) */ 474 sd->cid[15] = (sd_crc7(sd->cid, 15) << 1) | 1; 475 } 476 477 /* Card-Specific Data register */ 478 479 #define HWBLOCK_SHIFT 9 /* 512 bytes */ 480 #define SECTOR_SHIFT 5 /* 16 kilobytes */ 481 #define WPGROUP_SHIFT 7 /* 2 megs */ 482 #define CMULT_SHIFT 9 /* 512 times HWBLOCK_SIZE */ 483 #define WPGROUP_SIZE (1 << (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT)) 484 485 static const uint8_t sd_csd_rw_mask[16] = { 486 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 487 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xfc, 0xfe, 488 }; 489 490 static void emmc_set_ext_csd(SDState *sd, uint64_t size) 491 { 492 uint32_t sectcount = size >> HWBLOCK_SHIFT; 493 494 memset(sd->ext_csd, 0, sizeof(sd->ext_csd)); /* FIXME only RW at reset */ 495 496 /* Properties segment (RO) */ 497 sd->ext_csd[EXT_CSD_S_CMD_SET] = 0b1; /* supported command sets */ 498 sd->ext_csd[EXT_CSD_BOOT_INFO] = 0x0; /* Boot information */ 499 /* Boot partition size. 128KB unit */ 500 sd->ext_csd[EXT_CSD_BOOT_MULT] = sd->boot_part_size / (128 * KiB); 501 sd->ext_csd[EXT_CSD_ACC_SIZE] = 0x1; /* Access size */ 502 sd->ext_csd[EXT_CSD_HC_ERASE_GRP_SIZE] = 0x01; /* HC Erase unit size */ 503 sd->ext_csd[EXT_CSD_ERASE_TIMEOUT_MULT] = 0x01; /* HC erase timeout */ 504 sd->ext_csd[EXT_CSD_REL_WR_SEC_C] = 0x1; /* Reliable write sector count */ 505 sd->ext_csd[EXT_CSD_HC_WP_GRP_SIZE] = 0x01; /* HC write protect group size */ 506 sd->ext_csd[EXT_CSD_S_C_VCC] = 0x01; /* Sleep current VCC */ 507 sd->ext_csd[EXT_CSD_S_C_VCCQ] = 0x01; /* Sleep current VCCQ */ 508 sd->ext_csd[EXT_CSD_S_A_TIMEOUT] = 0x01; /* Sleep/Awake timeout */ 509 stl_le_p(&sd->ext_csd[EXT_CSD_SEC_CNT], sectcount); /* Sector count */ 510 sd->ext_csd[210] = 0x46; /* Min write perf for 8bit@52Mhz */ 511 sd->ext_csd[209] = 0x46; /* Min read perf for 8bit@52Mhz */ 512 sd->ext_csd[208] = 0x46; /* Min write perf for 4bit@52Mhz */ 513 sd->ext_csd[207] = 0x46; /* Min read perf for 4bit@52Mhz */ 514 sd->ext_csd[206] = 0x46; /* Min write perf for 4bit@26Mhz */ 515 sd->ext_csd[205] = 0x46; /* Min read perf for 4bit@26Mhz */ 516 sd->ext_csd[EXT_CSD_CARD_TYPE] = 0b11; 517 sd->ext_csd[EXT_CSD_STRUCTURE] = 2; 518 sd->ext_csd[EXT_CSD_REV] = 3; 519 520 /* Mode segment (RW) */ 521 sd->ext_csd[EXT_CSD_PART_CONFIG] = sd->boot_config; 522 } 523 524 static void emmc_set_csd(SDState *sd, uint64_t size) 525 { 526 int hwblock_shift = HWBLOCK_SHIFT; 527 uint32_t sectsize = (1 << (SECTOR_SHIFT + 1)) - 1; 528 uint32_t wpsize = (1 << (WPGROUP_SHIFT + 1)) - 1; 529 530 sd->csd[0] = (3 << 6) | (4 << 2); /* Spec v4.3 with EXT_CSD */ 531 sd->csd[1] = (1 << 3) | 6; /* Asynchronous data access time: 1ms */ 532 sd->csd[2] = 0x00; 533 sd->csd[3] = (1 << 3) | 3;; /* Maximum bus clock frequency: 100MHz */ 534 sd->csd[4] = 0x0f; 535 if (size <= 2 * GiB) { 536 /* use 1k blocks */ 537 uint32_t csize1k = (size >> (CMULT_SHIFT + 10)) - 1; 538 sd->csd[5] = 0x5a; 539 sd->csd[6] = 0x80 | ((csize1k >> 10) & 0xf); 540 sd->csd[7] = (csize1k >> 2) & 0xff; 541 } else { /* >= 2GB : size stored in ext CSD, block addressing */ 542 sd->csd[5] = 0x59; 543 sd->csd[6] = 0x8f; 544 sd->csd[7] = 0xff; 545 sd->ocr = FIELD_DP32(sd->ocr, OCR, CARD_CAPACITY, 1); 546 } 547 sd->csd[8] = 0xff; 548 sd->csd[9] = 0xfc | /* Max. write current */ 549 ((CMULT_SHIFT - 2) >> 1); 550 sd->csd[10] = 0x40 | /* Erase sector size */ 551 (((CMULT_SHIFT - 2) << 7) & 0x80) | (sectsize >> 1); 552 sd->csd[11] = 0x00 | /* Write protect group size */ 553 ((sectsize << 7) & 0x80) | wpsize; 554 sd->csd[12] = 0x90 | /* Write speed factor */ 555 (hwblock_shift >> 2); 556 sd->csd[13] = 0x20 | /* Max. write data block length */ 557 ((hwblock_shift << 6) & 0xc0); 558 sd->csd[14] = 0x00; 559 sd->csd[15] = (sd_crc7(sd->csd, 15) << 1) | 1; 560 emmc_set_ext_csd(sd, size); 561 } 562 563 static void sd_set_csd(SDState *sd, uint64_t size) 564 { 565 int hwblock_shift = HWBLOCK_SHIFT; 566 uint32_t csize; 567 uint32_t sectsize = (1 << (SECTOR_SHIFT + 1)) - 1; 568 uint32_t wpsize = (1 << (WPGROUP_SHIFT + 1)) - 1; 569 570 /* To indicate 2 GiB card, BLOCK_LEN shall be 1024 bytes */ 571 if (size == SDSC_MAX_CAPACITY) { 572 hwblock_shift += 1; 573 } 574 csize = (size >> (CMULT_SHIFT + hwblock_shift)) - 1; 575 576 if (size <= SDSC_MAX_CAPACITY) { /* Standard Capacity SD */ 577 sd->csd[0] = 0x00; /* CSD structure */ 578 sd->csd[1] = 0x26; /* Data read access-time-1 */ 579 sd->csd[2] = 0x00; /* Data read access-time-2 */ 580 sd->csd[3] = 0x32; /* Max. data transfer rate: 25 MHz */ 581 sd->csd[4] = 0x5f; /* Card Command Classes */ 582 sd->csd[5] = 0x50 | /* Max. read data block length */ 583 hwblock_shift; 584 sd->csd[6] = 0xe0 | /* Partial block for read allowed */ 585 ((csize >> 10) & 0x03); 586 sd->csd[7] = 0x00 | /* Device size */ 587 ((csize >> 2) & 0xff); 588 sd->csd[8] = 0x3f | /* Max. read current */ 589 ((csize << 6) & 0xc0); 590 sd->csd[9] = 0xfc | /* Max. write current */ 591 ((CMULT_SHIFT - 2) >> 1); 592 sd->csd[10] = 0x40 | /* Erase sector size */ 593 (((CMULT_SHIFT - 2) << 7) & 0x80) | (sectsize >> 1); 594 sd->csd[11] = 0x00 | /* Write protect group size */ 595 ((sectsize << 7) & 0x80) | wpsize; 596 sd->csd[12] = 0x90 | /* Write speed factor */ 597 (hwblock_shift >> 2); 598 sd->csd[13] = 0x20 | /* Max. write data block length */ 599 ((hwblock_shift << 6) & 0xc0); 600 sd->csd[14] = 0x00; /* File format group */ 601 } else { /* SDHC */ 602 size /= 512 * KiB; 603 size -= 1; 604 sd->csd[0] = 0x40; 605 sd->csd[1] = 0x0e; 606 sd->csd[2] = 0x00; 607 sd->csd[3] = 0x32; 608 sd->csd[4] = 0x5b; 609 sd->csd[5] = 0x59; 610 sd->csd[6] = 0x00; 611 st24_be_p(&sd->csd[7], size); 612 sd->csd[10] = 0x7f; 613 sd->csd[11] = 0x80; 614 sd->csd[12] = 0x0a; 615 sd->csd[13] = 0x40; 616 sd->csd[14] = 0x00; 617 } 618 sd->csd[15] = (sd_crc7(sd->csd, 15) << 1) | 1; 619 } 620 621 /* Relative Card Address register */ 622 623 static void sd_set_rca(SDState *sd, uint16_t value) 624 { 625 trace_sdcard_set_rca(value); 626 sd->rca = value; 627 } 628 629 static uint16_t sd_req_get_rca(SDState *s, SDRequest req) 630 { 631 switch (s->proto->cmd[req.cmd].type) { 632 case sd_ac: 633 case sd_adtc: 634 return req.arg >> 16; 635 case sd_spi: 636 default: 637 g_assert_not_reached(); 638 } 639 } 640 641 static bool sd_req_rca_same(SDState *s, SDRequest req) 642 { 643 return sd_req_get_rca(s, req) == s->rca; 644 } 645 646 /* Card Status register */ 647 648 FIELD(CSR, AKE_SEQ_ERROR, 3, 1) 649 FIELD(CSR, APP_CMD, 5, 1) 650 FIELD(CSR, FX_EVENT, 6, 1) 651 FIELD(CSR, SWITCH_ERROR, 7, 1) 652 FIELD(CSR, READY_FOR_DATA, 8, 1) 653 FIELD(CSR, CURRENT_STATE, 9, 4) 654 FIELD(CSR, ERASE_RESET, 13, 1) 655 FIELD(CSR, CARD_ECC_DISABLED, 14, 1) 656 FIELD(CSR, WP_ERASE_SKIP, 15, 1) 657 FIELD(CSR, CSD_OVERWRITE, 16, 1) 658 FIELD(CSR, DEFERRED_RESPONSE, 17, 1) 659 FIELD(CSR, ERROR, 19, 1) 660 FIELD(CSR, CC_ERROR, 20, 1) 661 FIELD(CSR, CARD_ECC_FAILED, 21, 1) 662 FIELD(CSR, ILLEGAL_COMMAND, 22, 1) 663 FIELD(CSR, COM_CRC_ERROR, 23, 1) 664 FIELD(CSR, LOCK_UNLOCK_FAILED, 24, 1) 665 FIELD(CSR, CARD_IS_LOCKED, 25, 1) 666 FIELD(CSR, WP_VIOLATION, 26, 1) 667 FIELD(CSR, ERASE_PARAM, 27, 1) 668 FIELD(CSR, ERASE_SEQ_ERROR, 28, 1) 669 FIELD(CSR, BLOCK_LEN_ERROR, 29, 1) 670 FIELD(CSR, ADDRESS_ERROR, 30, 1) 671 FIELD(CSR, OUT_OF_RANGE, 31, 1) 672 673 /* Card status bits, split by clear condition: 674 * A : According to the card current state 675 * B : Always related to the previous command 676 * C : Cleared by read 677 */ 678 #define CARD_STATUS_A (R_CSR_READY_FOR_DATA_MASK \ 679 | R_CSR_CARD_ECC_DISABLED_MASK \ 680 | R_CSR_CARD_IS_LOCKED_MASK) 681 #define CARD_STATUS_B (R_CSR_CURRENT_STATE_MASK \ 682 | R_CSR_ILLEGAL_COMMAND_MASK \ 683 | R_CSR_COM_CRC_ERROR_MASK) 684 #define CARD_STATUS_C (R_CSR_AKE_SEQ_ERROR_MASK \ 685 | R_CSR_APP_CMD_MASK \ 686 | R_CSR_ERASE_RESET_MASK \ 687 | R_CSR_WP_ERASE_SKIP_MASK \ 688 | R_CSR_CSD_OVERWRITE_MASK \ 689 | R_CSR_ERROR_MASK \ 690 | R_CSR_CC_ERROR_MASK \ 691 | R_CSR_CARD_ECC_FAILED_MASK \ 692 | R_CSR_LOCK_UNLOCK_FAILED_MASK \ 693 | R_CSR_WP_VIOLATION_MASK \ 694 | R_CSR_ERASE_PARAM_MASK \ 695 | R_CSR_ERASE_SEQ_ERROR_MASK \ 696 | R_CSR_BLOCK_LEN_ERROR_MASK \ 697 | R_CSR_ADDRESS_ERROR_MASK \ 698 | R_CSR_OUT_OF_RANGE_MASK) 699 700 static void sd_set_cardstatus(SDState *sd) 701 { 702 sd->card_status = READY_FOR_DATA; 703 } 704 705 static void sd_set_sdstatus(SDState *sd) 706 { 707 memset(sd->sd_status, 0, 64); 708 } 709 710 static const uint8_t sd_tuning_block_pattern4[64] = { 711 /* 712 * See: Physical Layer Simplified Specification Version 3.01, 713 * Table 4-2. 714 */ 715 0xff, 0x0f, 0xff, 0x00, 0x0f, 0xfc, 0xc3, 0xcc, 716 0xc3, 0x3c, 0xcc, 0xff, 0xfe, 0xff, 0xfe, 0xef, 717 0xff, 0xdf, 0xff, 0xdd, 0xff, 0xfb, 0xff, 0xfb, 718 0xbf, 0xff, 0x7f, 0xff, 0x77, 0xf7, 0xbd, 0xef, 719 0xff, 0xf0, 0xff, 0xf0, 0x0f, 0xfc, 0xcc, 0x3c, 720 0xcc, 0x33, 0xcc, 0xcf, 0xff, 0xef, 0xff, 0xee, 721 0xff, 0xfd, 0xff, 0xfd, 0xdf, 0xff, 0xbf, 0xff, 722 0xbb, 0xff, 0xf7, 0xff, 0xf7, 0x7f, 0x7b, 0xde 723 }; 724 725 static int sd_req_crc_validate(SDRequest *req) 726 { 727 uint8_t buffer[5]; 728 buffer[0] = 0x40 | req->cmd; 729 stl_be_p(&buffer[1], req->arg); 730 return 0; 731 return sd_crc7(buffer, 5) != req->crc; /* TODO */ 732 } 733 734 static size_t sd_response_size(SDState *sd, sd_rsp_type_t rtype) 735 { 736 switch (rtype) { 737 case sd_r1: 738 case sd_r1b: 739 return sd_is_spi(sd) ? 1 : 4; 740 741 case spi_r2: 742 assert(sd_is_spi(sd)); 743 return 2; 744 745 case sd_r2_i: 746 case sd_r2_s: 747 assert(!sd_is_spi(sd)); 748 return 16; 749 750 case sd_r3: 751 case sd_r7: 752 return sd_is_spi(sd) ? 5 : 4; 753 754 case sd_r6: 755 assert(!sd_is_spi(sd)); 756 return 4; 757 758 case sd_r0: 759 case sd_illegal: 760 return sd_is_spi(sd) ? 1 : 0; 761 762 default: 763 g_assert_not_reached(); 764 } 765 } 766 767 static void sd_response_r1_make(SDState *sd, uint8_t *response) 768 { 769 if (sd_is_spi(sd)) { 770 response[0] = sd->state == sd_idle_state 771 && !FIELD_EX32(sd->ocr, OCR, CARD_POWER_UP); 772 response[0] |= FIELD_EX32(sd->card_status, CSR, ERASE_RESET) << 1; 773 response[0] |= FIELD_EX32(sd->card_status, CSR, ILLEGAL_COMMAND) << 2; 774 response[0] |= FIELD_EX32(sd->card_status, CSR, COM_CRC_ERROR) << 3; 775 response[0] |= FIELD_EX32(sd->card_status, CSR, ERASE_SEQ_ERROR) << 4; 776 response[0] |= FIELD_EX32(sd->card_status, CSR, ADDRESS_ERROR) << 5; 777 response[0] |= FIELD_EX32(sd->card_status, CSR, BLOCK_LEN_ERROR) << 6; 778 response[0] |= 0 << 7; 779 } else { 780 stl_be_p(response, sd->card_status); 781 } 782 783 /* Clear the "clear on read" status bits */ 784 sd->card_status &= ~CARD_STATUS_C; 785 } 786 787 static void spi_response_r2_make(SDState *sd, uint8_t *resp) 788 { 789 /* Prepend R1 */ 790 sd_response_r1_make(sd, resp); 791 792 resp[1] = FIELD_EX32(sd->card_status, CSR, CARD_IS_LOCKED) << 0; 793 resp[1] |= (FIELD_EX32(sd->card_status, CSR, LOCK_UNLOCK_FAILED) 794 || FIELD_EX32(sd->card_status, CSR, WP_ERASE_SKIP)) << 1; 795 resp[1] |= FIELD_EX32(sd->card_status, CSR, ERROR) << 2; 796 resp[1] |= FIELD_EX32(sd->card_status, CSR, CC_ERROR) << 3; 797 resp[1] |= FIELD_EX32(sd->card_status, CSR, CARD_ECC_FAILED) << 4; 798 resp[1] |= FIELD_EX32(sd->card_status, CSR, WP_VIOLATION) << 5; 799 resp[1] |= FIELD_EX32(sd->card_status, CSR, ERASE_PARAM) << 6; 800 resp[1] |= FIELD_EX32(sd->card_status, CSR, OUT_OF_RANGE) << 7; 801 } 802 803 static void sd_response_r3_make(SDState *sd, uint8_t *response) 804 { 805 if (sd_is_spi(sd)) { 806 /* Prepend R1 */ 807 sd_response_r1_make(sd, response); 808 response++; 809 } 810 stl_be_p(response, sd->ocr & ACMD41_R3_MASK); 811 } 812 813 static void sd_response_r6_make(SDState *sd, uint8_t *response) 814 { 815 uint16_t status; 816 817 status = ((sd->card_status >> 8) & 0xc000) | 818 ((sd->card_status >> 6) & 0x2000) | 819 (sd->card_status & 0x1fff); 820 sd->card_status &= ~(CARD_STATUS_C & 0xc81fff); 821 stw_be_p(response + 0, sd->rca); 822 stw_be_p(response + 2, status); 823 } 824 825 static void sd_response_r7_make(SDState *sd, uint8_t *response) 826 { 827 if (sd_is_spi(sd)) { 828 /* Prepend R1 */ 829 sd_response_r1_make(sd, response); 830 response++; 831 } 832 stl_be_p(response, sd->vhs); 833 } 834 835 static uint32_t sd_blk_len(SDState *sd) 836 { 837 if (FIELD_EX32(sd->ocr, OCR, CARD_CAPACITY)) { 838 return 1 << HWBLOCK_SHIFT; 839 } 840 return sd->blk_len; 841 } 842 843 /* 844 * This requires a disk image that has two boot partitions inserted at the 845 * beginning of it. The size of the boot partitions is the "boot-size" 846 * property. 847 */ 848 static uint32_t sd_bootpart_offset(SDState *sd) 849 { 850 unsigned partition_access; 851 852 if (!sd->boot_part_size || !sd_is_emmc(sd)) { 853 return 0; 854 } 855 856 partition_access = sd->ext_csd[EXT_CSD_PART_CONFIG] 857 & EXT_CSD_PART_CONFIG_ACC_MASK; 858 switch (partition_access) { 859 case EXT_CSD_PART_CONFIG_ACC_DEFAULT: 860 return sd->boot_part_size * 2; 861 case EXT_CSD_PART_CONFIG_ACC_BOOT0: 862 return 0; 863 case EXT_CSD_PART_CONFIG_ACC_BOOT0 + 1: 864 return sd->boot_part_size * 1; 865 default: 866 g_assert_not_reached(); 867 } 868 } 869 870 static uint64_t sd_req_get_address(SDState *sd, SDRequest req) 871 { 872 uint64_t addr; 873 874 if (FIELD_EX32(sd->ocr, OCR, CARD_CAPACITY)) { 875 addr = (uint64_t) req.arg << HWBLOCK_SHIFT; 876 } else { 877 addr = req.arg; 878 } 879 trace_sdcard_req_addr(req.arg, addr); 880 return addr; 881 } 882 883 static inline uint64_t sd_addr_to_wpnum(uint64_t addr) 884 { 885 return addr >> (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT); 886 } 887 888 static void sd_reset(DeviceState *dev) 889 { 890 SDState *sd = SDMMC_COMMON(dev); 891 SDCardClass *sc = SDMMC_COMMON_GET_CLASS(sd); 892 uint64_t size; 893 uint64_t sect; 894 895 trace_sdcard_reset(); 896 if (sd->blk) { 897 blk_get_geometry(sd->blk, §); 898 } else { 899 sect = 0; 900 } 901 size = sect << HWBLOCK_SHIFT; 902 if (sd_is_emmc(sd)) { 903 size -= sd->boot_part_size * 2; 904 } 905 906 sect = sd_addr_to_wpnum(size) + 1; 907 908 sd->state = sd_idle_state; 909 910 /* card registers */ 911 sd->rca = sd_is_emmc(sd) ? 0x0001 : 0x0000; 912 sd->size = size; 913 sd_set_ocr(sd); 914 sd_set_scr(sd); 915 sc->set_cid(sd); 916 sc->set_csd(sd, size); 917 sd_set_cardstatus(sd); 918 sd_set_sdstatus(sd); 919 920 g_free(sd->wp_group_bmap); 921 sd->wp_switch = sd->blk ? !blk_is_writable(sd->blk) : false; 922 sd->wp_group_bits = sect; 923 sd->wp_group_bmap = bitmap_new(sd->wp_group_bits); 924 memset(sd->function_group, 0, sizeof(sd->function_group)); 925 sd->erase_start = INVALID_ADDRESS; 926 sd->erase_end = INVALID_ADDRESS; 927 sd->blk_len = 0x200; 928 sd->pwd_len = 0; 929 sd->expecting_acmd = false; 930 sd->dat_lines = 0xf; 931 sd->cmd_line = true; 932 sd->multi_blk_cnt = 0; 933 } 934 935 static bool sd_get_inserted(SDState *sd) 936 { 937 return sd->blk && blk_is_inserted(sd->blk); 938 } 939 940 static bool sd_get_readonly(SDState *sd) 941 { 942 return sd->wp_switch; 943 } 944 945 static void sd_cardchange(void *opaque, bool load, Error **errp) 946 { 947 SDState *sd = opaque; 948 DeviceState *dev = DEVICE(sd); 949 SDBus *sdbus; 950 bool inserted = sd_get_inserted(sd); 951 bool readonly = sd_get_readonly(sd); 952 953 if (inserted) { 954 trace_sdcard_inserted(readonly); 955 sd_reset(dev); 956 } else { 957 trace_sdcard_ejected(); 958 } 959 960 sdbus = SD_BUS(qdev_get_parent_bus(dev)); 961 sdbus_set_inserted(sdbus, inserted); 962 if (inserted) { 963 sdbus_set_readonly(sdbus, readonly); 964 } 965 } 966 967 static const BlockDevOps sd_block_ops = { 968 .change_media_cb = sd_cardchange, 969 }; 970 971 static bool sd_ocr_vmstate_needed(void *opaque) 972 { 973 SDState *sd = opaque; 974 975 /* Include the OCR state (and timer) if it is not yet powered up */ 976 return !FIELD_EX32(sd->ocr, OCR, CARD_POWER_UP); 977 } 978 979 static const VMStateDescription sd_ocr_vmstate = { 980 .name = "sd-card/ocr-state", 981 .version_id = 1, 982 .minimum_version_id = 1, 983 .needed = sd_ocr_vmstate_needed, 984 .fields = (const VMStateField[]) { 985 VMSTATE_UINT32(ocr, SDState), 986 VMSTATE_TIMER_PTR(ocr_power_timer, SDState), 987 VMSTATE_END_OF_LIST() 988 }, 989 }; 990 991 static bool vmstate_needed_for_emmc(void *opaque) 992 { 993 SDState *sd = opaque; 994 995 return sd_is_emmc(sd); 996 } 997 998 static const VMStateDescription emmc_extcsd_vmstate = { 999 .name = "sd-card/ext_csd_modes-state", 1000 .version_id = 1, 1001 .minimum_version_id = 1, 1002 .needed = vmstate_needed_for_emmc, 1003 .fields = (const VMStateField[]) { 1004 VMSTATE_UINT8_ARRAY(ext_csd_rw, SDState, 192), 1005 VMSTATE_END_OF_LIST() 1006 }, 1007 }; 1008 1009 static int sd_vmstate_pre_load(void *opaque) 1010 { 1011 SDState *sd = opaque; 1012 1013 /* If the OCR state is not included (prior versions, or not 1014 * needed), then the OCR must be set as powered up. If the OCR state 1015 * is included, this will be replaced by the state restore. 1016 */ 1017 sd_ocr_powerup(sd); 1018 1019 return 0; 1020 } 1021 1022 static const VMStateDescription sd_vmstate = { 1023 .name = "sd-card", 1024 .version_id = 2, 1025 .minimum_version_id = 2, 1026 .pre_load = sd_vmstate_pre_load, 1027 .fields = (const VMStateField[]) { 1028 VMSTATE_UINT32(mode, SDState), 1029 VMSTATE_INT32(state, SDState), 1030 VMSTATE_UINT8_ARRAY(cid, SDState, 16), 1031 VMSTATE_UINT8_ARRAY(csd, SDState, 16), 1032 VMSTATE_UINT16(rca, SDState), 1033 VMSTATE_UINT32(card_status, SDState), 1034 VMSTATE_PARTIAL_BUFFER(sd_status, SDState, 1), 1035 VMSTATE_UINT32(vhs, SDState), 1036 VMSTATE_BITMAP(wp_group_bmap, SDState, 0, wp_group_bits), 1037 VMSTATE_UINT32(blk_len, SDState), 1038 VMSTATE_UINT32(multi_blk_cnt, SDState), 1039 VMSTATE_UINT32(erase_start, SDState), 1040 VMSTATE_UINT32(erase_end, SDState), 1041 VMSTATE_UINT8_ARRAY(pwd, SDState, 16), 1042 VMSTATE_UINT32(pwd_len, SDState), 1043 VMSTATE_UINT8_ARRAY(function_group, SDState, 6), 1044 VMSTATE_UINT8(current_cmd, SDState), 1045 VMSTATE_BOOL(expecting_acmd, SDState), 1046 VMSTATE_UINT32(blk_written, SDState), 1047 VMSTATE_UINT64(data_start, SDState), 1048 VMSTATE_UINT32(data_offset, SDState), 1049 VMSTATE_UINT8_ARRAY(data, SDState, 512), 1050 VMSTATE_UNUSED_V(1, 512), 1051 VMSTATE_UNUSED(1), 1052 VMSTATE_END_OF_LIST() 1053 }, 1054 .subsections = (const VMStateDescription * const []) { 1055 &sd_ocr_vmstate, 1056 &emmc_extcsd_vmstate, 1057 NULL 1058 }, 1059 }; 1060 1061 static void sd_blk_read(SDState *sd, uint64_t addr, uint32_t len) 1062 { 1063 trace_sdcard_read_block(addr, len); 1064 addr += sd_bootpart_offset(sd); 1065 if (!sd->blk || blk_pread(sd->blk, addr, len, sd->data, 0) < 0) { 1066 fprintf(stderr, "sd_blk_read: read error on host side\n"); 1067 } 1068 } 1069 1070 static void sd_blk_write(SDState *sd, uint64_t addr, uint32_t len) 1071 { 1072 trace_sdcard_write_block(addr, len); 1073 addr += sd_bootpart_offset(sd); 1074 if (!sd->blk || blk_pwrite(sd->blk, addr, len, sd->data, 0) < 0) { 1075 fprintf(stderr, "sd_blk_write: write error on host side\n"); 1076 } 1077 } 1078 1079 static void sd_erase(SDState *sd) 1080 { 1081 uint64_t erase_start = sd->erase_start; 1082 uint64_t erase_end = sd->erase_end; 1083 bool sdsc = true; 1084 uint64_t wpnum; 1085 uint64_t erase_addr; 1086 int erase_len = 1 << HWBLOCK_SHIFT; 1087 1088 trace_sdcard_erase(sd->erase_start, sd->erase_end); 1089 if (sd->erase_start == INVALID_ADDRESS 1090 || sd->erase_end == INVALID_ADDRESS) { 1091 sd->card_status |= ERASE_SEQ_ERROR; 1092 sd->erase_start = INVALID_ADDRESS; 1093 sd->erase_end = INVALID_ADDRESS; 1094 return; 1095 } 1096 1097 if (FIELD_EX32(sd->ocr, OCR, CARD_CAPACITY)) { 1098 /* High capacity memory card: erase units are 512 byte blocks */ 1099 erase_start <<= HWBLOCK_SHIFT; 1100 erase_end <<= HWBLOCK_SHIFT; 1101 sdsc = false; 1102 } 1103 1104 if (erase_start > sd->size || erase_end > sd->size) { 1105 sd->card_status |= OUT_OF_RANGE; 1106 sd->erase_start = INVALID_ADDRESS; 1107 sd->erase_end = INVALID_ADDRESS; 1108 return; 1109 } 1110 1111 sd->erase_start = INVALID_ADDRESS; 1112 sd->erase_end = INVALID_ADDRESS; 1113 sd->csd[14] |= 0x40; 1114 1115 memset(sd->data, 0xff, erase_len); 1116 for (erase_addr = erase_start; erase_addr <= erase_end; 1117 erase_addr += erase_len) { 1118 if (sdsc) { 1119 /* Only SDSC cards support write protect groups */ 1120 wpnum = sd_addr_to_wpnum(erase_addr); 1121 assert(wpnum < sd->wp_group_bits); 1122 if (test_bit(wpnum, sd->wp_group_bmap)) { 1123 sd->card_status |= WP_ERASE_SKIP; 1124 continue; 1125 } 1126 } 1127 sd_blk_write(sd, erase_addr, erase_len); 1128 } 1129 } 1130 1131 static uint32_t sd_wpbits(SDState *sd, uint64_t addr) 1132 { 1133 uint32_t i, wpnum; 1134 uint32_t ret = 0; 1135 1136 wpnum = sd_addr_to_wpnum(addr); 1137 1138 for (i = 0; i < 32; i++, wpnum++, addr += WPGROUP_SIZE) { 1139 if (addr >= sd->size) { 1140 /* 1141 * If the addresses of the last groups are outside the valid range, 1142 * then the corresponding write protection bits shall be set to 0. 1143 */ 1144 continue; 1145 } 1146 assert(wpnum < sd->wp_group_bits); 1147 if (test_bit(wpnum, sd->wp_group_bmap)) { 1148 ret |= (1 << i); 1149 } 1150 } 1151 1152 return ret; 1153 } 1154 1155 enum ExtCsdAccessMode { 1156 EXT_CSD_ACCESS_MODE_COMMAND_SET = 0, 1157 EXT_CSD_ACCESS_MODE_SET_BITS = 1, 1158 EXT_CSD_ACCESS_MODE_CLEAR_BITS = 2, 1159 EXT_CSD_ACCESS_MODE_WRITE_BYTE = 3 1160 }; 1161 1162 static void emmc_function_switch(SDState *sd, uint32_t arg) 1163 { 1164 uint8_t access = extract32(arg, 24, 2); 1165 uint8_t index = extract32(arg, 16, 8); 1166 uint8_t value = extract32(arg, 8, 8); 1167 uint8_t b = sd->ext_csd[index]; 1168 1169 trace_sdcard_switch(access, index, value, extract32(arg, 0, 2)); 1170 1171 if (index >= 192) { 1172 qemu_log_mask(LOG_GUEST_ERROR, "MMC switching illegal offset\n"); 1173 sd->card_status |= R_CSR_SWITCH_ERROR_MASK; 1174 return; 1175 } 1176 1177 switch (access) { 1178 case EXT_CSD_ACCESS_MODE_COMMAND_SET: 1179 qemu_log_mask(LOG_UNIMP, "MMC Command set switching not supported\n"); 1180 return; 1181 case EXT_CSD_ACCESS_MODE_SET_BITS: 1182 b |= value; 1183 break; 1184 case EXT_CSD_ACCESS_MODE_CLEAR_BITS: 1185 b &= ~value; 1186 break; 1187 case EXT_CSD_ACCESS_MODE_WRITE_BYTE: 1188 b = value; 1189 break; 1190 } 1191 1192 trace_sdcard_ext_csd_update(index, sd->ext_csd[index], b); 1193 sd->ext_csd[index] = b; 1194 } 1195 1196 static void sd_function_switch(SDState *sd, uint32_t arg) 1197 { 1198 int i, mode, new_func; 1199 mode = !!(arg & 0x80000000); 1200 1201 sd->data[0] = 0x00; /* Maximum current consumption */ 1202 sd->data[1] = 0x01; 1203 sd->data[2] = 0x80; /* Supported group 6 functions */ 1204 sd->data[3] = 0x01; 1205 sd->data[4] = 0x80; /* Supported group 5 functions */ 1206 sd->data[5] = 0x01; 1207 sd->data[6] = 0x80; /* Supported group 4 functions */ 1208 sd->data[7] = 0x01; 1209 sd->data[8] = 0x80; /* Supported group 3 functions */ 1210 sd->data[9] = 0x01; 1211 sd->data[10] = 0x80; /* Supported group 2 functions */ 1212 sd->data[11] = 0x43; 1213 sd->data[12] = 0x80; /* Supported group 1 functions */ 1214 sd->data[13] = 0x03; 1215 1216 memset(&sd->data[14], 0, 3); 1217 for (i = 0; i < 6; i ++) { 1218 new_func = (arg >> (i * 4)) & 0x0f; 1219 if (mode && new_func != 0x0f) 1220 sd->function_group[i] = new_func; 1221 sd->data[16 - (i >> 1)] |= new_func << ((i % 2) * 4); 1222 } 1223 memset(&sd->data[17], 0, 47); 1224 } 1225 1226 static inline bool sd_wp_addr(SDState *sd, uint64_t addr) 1227 { 1228 return test_bit(sd_addr_to_wpnum(addr), sd->wp_group_bmap); 1229 } 1230 1231 static void sd_lock_command(SDState *sd) 1232 { 1233 int erase, lock, clr_pwd, set_pwd, pwd_len; 1234 erase = !!(sd->data[0] & 0x08); 1235 lock = sd->data[0] & 0x04; 1236 clr_pwd = sd->data[0] & 0x02; 1237 set_pwd = sd->data[0] & 0x01; 1238 1239 if (sd->blk_len > 1) 1240 pwd_len = sd->data[1]; 1241 else 1242 pwd_len = 0; 1243 1244 if (lock) { 1245 trace_sdcard_lock(); 1246 } else { 1247 trace_sdcard_unlock(); 1248 } 1249 if (erase) { 1250 if (!(sd->card_status & CARD_IS_LOCKED) || sd->blk_len > 1 || 1251 set_pwd || clr_pwd || lock || sd->wp_switch || 1252 (sd->csd[14] & 0x20)) { 1253 sd->card_status |= LOCK_UNLOCK_FAILED; 1254 return; 1255 } 1256 bitmap_zero(sd->wp_group_bmap, sd->wp_group_bits); 1257 sd->csd[14] &= ~0x10; 1258 sd->card_status &= ~CARD_IS_LOCKED; 1259 sd->pwd_len = 0; 1260 /* Erasing the entire card here! */ 1261 fprintf(stderr, "SD: Card force-erased by CMD42\n"); 1262 return; 1263 } 1264 1265 if (sd->blk_len < 2 + pwd_len || 1266 pwd_len <= sd->pwd_len || 1267 pwd_len > sd->pwd_len + 16) { 1268 sd->card_status |= LOCK_UNLOCK_FAILED; 1269 return; 1270 } 1271 1272 if (sd->pwd_len && memcmp(sd->pwd, sd->data + 2, sd->pwd_len)) { 1273 sd->card_status |= LOCK_UNLOCK_FAILED; 1274 return; 1275 } 1276 1277 pwd_len -= sd->pwd_len; 1278 if ((pwd_len && !set_pwd) || 1279 (clr_pwd && (set_pwd || lock)) || 1280 (lock && !sd->pwd_len && !set_pwd) || 1281 (!set_pwd && !clr_pwd && 1282 (((sd->card_status & CARD_IS_LOCKED) && lock) || 1283 (!(sd->card_status & CARD_IS_LOCKED) && !lock)))) { 1284 sd->card_status |= LOCK_UNLOCK_FAILED; 1285 return; 1286 } 1287 1288 if (set_pwd) { 1289 memcpy(sd->pwd, sd->data + 2 + sd->pwd_len, pwd_len); 1290 sd->pwd_len = pwd_len; 1291 } 1292 1293 if (clr_pwd) { 1294 sd->pwd_len = 0; 1295 } 1296 1297 if (lock) 1298 sd->card_status |= CARD_IS_LOCKED; 1299 else 1300 sd->card_status &= ~CARD_IS_LOCKED; 1301 } 1302 1303 static bool address_in_range(SDState *sd, const char *desc, 1304 uint64_t addr, uint32_t length) 1305 { 1306 if (addr + length > sd->size) { 1307 qemu_log_mask(LOG_GUEST_ERROR, 1308 "%s offset %"PRIu64" > card %"PRIu64" [%%%u]\n", 1309 desc, addr, sd->size, length); 1310 sd->card_status |= ADDRESS_ERROR; 1311 return false; 1312 } 1313 return true; 1314 } 1315 1316 static sd_rsp_type_t sd_invalid_state_for_cmd(SDState *sd, SDRequest req) 1317 { 1318 qemu_log_mask(LOG_GUEST_ERROR, "%s: CMD%i in a wrong state: %s (spec %s)\n", 1319 sd->proto->name, req.cmd, sd_state_name(sd->state), 1320 sd_version_str(sd->spec_version)); 1321 1322 return sd_illegal; 1323 } 1324 1325 static sd_rsp_type_t sd_invalid_mode_for_cmd(SDState *sd, SDRequest req) 1326 { 1327 qemu_log_mask(LOG_GUEST_ERROR, "%s: CMD%i in a wrong mode: %s (spec %s)\n", 1328 sd->proto->name, req.cmd, sd_mode_name(sd->mode), 1329 sd_version_str(sd->spec_version)); 1330 1331 return sd_illegal; 1332 } 1333 1334 static sd_rsp_type_t sd_cmd_illegal(SDState *sd, SDRequest req) 1335 { 1336 qemu_log_mask(LOG_GUEST_ERROR, "%s: Unknown CMD%i for spec %s\n", 1337 sd->proto->name, req.cmd, 1338 sd_version_str(sd->spec_version)); 1339 1340 return sd_illegal; 1341 } 1342 1343 /* Commands that are recognised but not yet implemented. */ 1344 static sd_rsp_type_t sd_cmd_unimplemented(SDState *sd, SDRequest req) 1345 { 1346 qemu_log_mask(LOG_UNIMP, "%s: CMD%i not implemented\n", 1347 sd->proto->name, req.cmd); 1348 1349 return sd_illegal; 1350 } 1351 1352 static sd_rsp_type_t sd_cmd_optional(SDState *sd, SDRequest req) 1353 { 1354 qemu_log_mask(LOG_UNIMP, "%s: Optional CMD%i not implemented\n", 1355 sd->proto->name, req.cmd); 1356 1357 return sd_illegal; 1358 } 1359 1360 /* Configure fields for following sd_generic_write_byte() calls */ 1361 static sd_rsp_type_t sd_cmd_to_receivingdata(SDState *sd, SDRequest req, 1362 uint64_t start, size_t size) 1363 { 1364 if (sd->state != sd_transfer_state) { 1365 return sd_invalid_state_for_cmd(sd, req); 1366 } 1367 sd->state = sd_receivingdata_state; 1368 sd->data_start = start; 1369 sd->data_offset = 0; 1370 /* sd->data[] used as receive buffer */ 1371 sd->data_size = size ?: sizeof(sd->data); 1372 return sd_r1; 1373 } 1374 1375 /* Configure fields for following sd_generic_read_byte() calls */ 1376 static sd_rsp_type_t sd_cmd_to_sendingdata(SDState *sd, SDRequest req, 1377 uint64_t start, 1378 const void *data, size_t size) 1379 { 1380 if (sd->state != sd_transfer_state) { 1381 return sd_invalid_state_for_cmd(sd, req); 1382 } 1383 1384 sd->state = sd_sendingdata_state; 1385 sd->data_start = start; 1386 sd->data_offset = 0; 1387 if (data) { 1388 assert(size > 0 && size <= sizeof(sd->data)); 1389 memcpy(sd->data, data, size); 1390 } 1391 if (size) { 1392 sd->data_size = size; 1393 } 1394 return sd_r1; 1395 } 1396 1397 /* CMD0 */ 1398 static sd_rsp_type_t sd_cmd_GO_IDLE_STATE(SDState *sd, SDRequest req) 1399 { 1400 if (sd->state == sd_sleep_state) { 1401 switch (req.arg) { 1402 case 0x00000000: 1403 case 0xf0f0f0f0: 1404 break; 1405 default: 1406 return sd_r0; 1407 } 1408 } 1409 if (sd->state != sd_inactive_state) { 1410 sd->state = sd_idle_state; 1411 sd_reset(DEVICE(sd)); 1412 } 1413 1414 return sd_is_spi(sd) ? sd_r1 : sd_r0; 1415 } 1416 1417 /* CMD2 */ 1418 static sd_rsp_type_t sd_cmd_ALL_SEND_CID(SDState *sd, SDRequest req) 1419 { 1420 switch (sd->state) { 1421 case sd_ready_state: 1422 sd->state = sd_identification_state; 1423 return sd_r2_i; 1424 default: 1425 return sd_invalid_state_for_cmd(sd, req); 1426 } 1427 } 1428 1429 /* CMD3 */ 1430 static sd_rsp_type_t sd_cmd_SEND_RELATIVE_ADDR(SDState *sd, SDRequest req) 1431 { 1432 uint16_t random_rca; 1433 1434 switch (sd->state) { 1435 case sd_identification_state: 1436 case sd_standby_state: 1437 sd->state = sd_standby_state; 1438 qemu_guest_getrandom_nofail(&random_rca, sizeof(random_rca)); 1439 sd_set_rca(sd, random_rca); 1440 return sd_r6; 1441 1442 default: 1443 return sd_invalid_state_for_cmd(sd, req); 1444 } 1445 } 1446 1447 static sd_rsp_type_t emmc_cmd_SET_RELATIVE_ADDR(SDState *sd, SDRequest req) 1448 { 1449 switch (sd->state) { 1450 case sd_identification_state: 1451 case sd_standby_state: 1452 sd->state = sd_standby_state; 1453 sd_set_rca(sd, req.arg >> 16); 1454 return sd_r1; 1455 1456 default: 1457 return sd_invalid_state_for_cmd(sd, req); 1458 } 1459 } 1460 1461 /* CMD5 */ 1462 static sd_rsp_type_t emmc_cmd_sleep_awake(SDState *sd, SDRequest req) 1463 { 1464 bool do_sleep = extract32(req.arg, 15, 1); 1465 1466 switch (sd->state) { 1467 case sd_sleep_state: 1468 if (!do_sleep) { 1469 /* Awake */ 1470 sd->state = sd_standby_state; 1471 } 1472 return sd_r1b; 1473 1474 case sd_standby_state: 1475 if (do_sleep) { 1476 sd->state = sd_sleep_state; 1477 } 1478 return sd_r1b; 1479 1480 default: 1481 return sd_invalid_state_for_cmd(sd, req); 1482 } 1483 } 1484 1485 /* CMD6 */ 1486 static sd_rsp_type_t sd_cmd_SWITCH_FUNCTION(SDState *sd, SDRequest req) 1487 { 1488 if (sd->mode != sd_data_transfer_mode) { 1489 return sd_invalid_mode_for_cmd(sd, req); 1490 } 1491 if (sd_is_spi(sd)) { 1492 if (sd->state == sd_idle_state) { 1493 return sd_invalid_state_for_cmd(sd, req); 1494 } 1495 } else { 1496 if (sd->state != sd_transfer_state) { 1497 return sd_invalid_state_for_cmd(sd, req); 1498 } 1499 } 1500 1501 sd_function_switch(sd, req.arg); 1502 return sd_cmd_to_sendingdata(sd, req, 0, NULL, 64); 1503 } 1504 1505 static sd_rsp_type_t emmc_cmd_SWITCH(SDState *sd, SDRequest req) 1506 { 1507 switch (sd->state) { 1508 case sd_transfer_state: 1509 sd->state = sd_programming_state; 1510 emmc_function_switch(sd, req.arg); 1511 sd->state = sd_transfer_state; 1512 return sd_r1b; 1513 default: 1514 return sd_invalid_state_for_cmd(sd, req); 1515 } 1516 } 1517 1518 /* CMD7 */ 1519 static sd_rsp_type_t sd_cmd_DE_SELECT_CARD(SDState *sd, SDRequest req) 1520 { 1521 bool same_rca = sd_req_rca_same(sd, req); 1522 1523 switch (sd->state) { 1524 case sd_standby_state: 1525 if (!same_rca) { 1526 return sd_r0; 1527 } 1528 sd->state = sd_transfer_state; 1529 return sd_r1b; 1530 1531 case sd_transfer_state: 1532 case sd_sendingdata_state: 1533 if (same_rca) { 1534 break; 1535 } 1536 sd->state = sd_standby_state; 1537 return sd_r1b; 1538 1539 case sd_disconnect_state: 1540 if (!same_rca) { 1541 return sd_r0; 1542 } 1543 sd->state = sd_programming_state; 1544 return sd_r1b; 1545 1546 case sd_programming_state: 1547 if (same_rca) { 1548 break; 1549 } 1550 sd->state = sd_disconnect_state; 1551 return sd_r1b; 1552 1553 default: 1554 break; 1555 } 1556 return sd_invalid_state_for_cmd(sd, req); 1557 } 1558 1559 /* CMD8 */ 1560 static sd_rsp_type_t sd_cmd_SEND_IF_COND(SDState *sd, SDRequest req) 1561 { 1562 if (sd->spec_version < SD_PHY_SPECv2_00_VERS) { 1563 return sd_cmd_illegal(sd, req); 1564 } 1565 if (sd->state != sd_idle_state) { 1566 return sd_invalid_state_for_cmd(sd, req); 1567 } 1568 sd->vhs = 0; 1569 1570 /* No response if not exactly one VHS bit is set. */ 1571 if (!(req.arg >> 8) || (req.arg >> (ctz32(req.arg & ~0xff) + 1))) { 1572 return sd_is_spi(sd) ? sd_r7 : sd_r0; 1573 } 1574 1575 /* Accept. */ 1576 sd->vhs = req.arg; 1577 return sd_r7; 1578 } 1579 1580 /* CMD8 */ 1581 static sd_rsp_type_t emmc_cmd_SEND_EXT_CSD(SDState *sd, SDRequest req) 1582 { 1583 if (sd->state != sd_transfer_state) { 1584 return sd_invalid_state_for_cmd(sd, req); 1585 } 1586 1587 return sd_cmd_to_sendingdata(sd, req, sd_req_get_address(sd, req), 1588 sd->ext_csd, sizeof(sd->ext_csd)); 1589 } 1590 1591 static sd_rsp_type_t spi_cmd_SEND_CxD(SDState *sd, SDRequest req, 1592 const void *data, size_t size) 1593 { 1594 /* 1595 * XXX as of v10.1.0-rc1 command is reached in sd_idle_state, 1596 * so disable this check. 1597 if (sd->state != sd_standby_state) { 1598 return sd_invalid_state_for_cmd(sd, req); 1599 } 1600 */ 1601 1602 /* 1603 * Since SPI returns CSD and CID on the DAT lines, 1604 * switch to sd_transfer_state. 1605 */ 1606 sd->state = sd_transfer_state; 1607 1608 return sd_cmd_to_sendingdata(sd, req, 0, data, size); 1609 } 1610 1611 /* CMD9 */ 1612 static sd_rsp_type_t spi_cmd_SEND_CSD(SDState *sd, SDRequest req) 1613 { 1614 return spi_cmd_SEND_CxD(sd, req, sd->csd, sizeof(sd->csd)); 1615 } 1616 1617 static sd_rsp_type_t sd_cmd_SEND_CSD(SDState *sd, SDRequest req) 1618 { 1619 if (sd->state != sd_standby_state) { 1620 return sd_invalid_state_for_cmd(sd, req); 1621 } 1622 1623 return sd_req_rca_same(sd, req) ? sd_r2_s : sd_r0; 1624 } 1625 1626 /* CMD10 */ 1627 static sd_rsp_type_t spi_cmd_SEND_CID(SDState *sd, SDRequest req) 1628 { 1629 return spi_cmd_SEND_CxD(sd, req, sd->cid, sizeof(sd->cid)); 1630 } 1631 1632 static sd_rsp_type_t sd_cmd_SEND_CID(SDState *sd, SDRequest req) 1633 { 1634 if (sd->state != sd_standby_state) { 1635 return sd_invalid_state_for_cmd(sd, req); 1636 } 1637 1638 return sd_req_rca_same(sd, req) ? sd_r2_i : sd_r0; 1639 } 1640 1641 /* CMD12 */ 1642 static sd_rsp_type_t sd_cmd_STOP_TRANSMISSION(SDState *sd, SDRequest req) 1643 { 1644 switch (sd->state) { 1645 case sd_sendingdata_state: 1646 sd->state = sd_transfer_state; 1647 return sd_r1b; 1648 case sd_receivingdata_state: 1649 sd->state = sd_programming_state; 1650 /* Bzzzzzzztt .... Operation complete. */ 1651 sd->state = sd_transfer_state; 1652 return sd_r1; 1653 default: 1654 return sd_invalid_state_for_cmd(sd, req); 1655 } 1656 } 1657 1658 /* CMD13 */ 1659 static sd_rsp_type_t sd_cmd_SEND_STATUS(SDState *sd, SDRequest req) 1660 { 1661 if (sd->mode != sd_data_transfer_mode) { 1662 return sd_invalid_mode_for_cmd(sd, req); 1663 } 1664 1665 switch (sd->state) { 1666 case sd_standby_state: 1667 case sd_transfer_state: 1668 case sd_sendingdata_state: 1669 case sd_receivingdata_state: 1670 case sd_programming_state: 1671 case sd_disconnect_state: 1672 break; 1673 default: 1674 return sd_invalid_state_for_cmd(sd, req); 1675 } 1676 1677 if (sd_is_spi(sd)) { 1678 return spi_r2; 1679 } 1680 1681 return sd_req_rca_same(sd, req) ? sd_r1 : sd_r0; 1682 } 1683 1684 /* CMD15 */ 1685 static sd_rsp_type_t sd_cmd_GO_INACTIVE_STATE(SDState *sd, SDRequest req) 1686 { 1687 if (sd->mode != sd_data_transfer_mode) { 1688 return sd_invalid_mode_for_cmd(sd, req); 1689 } 1690 switch (sd->state) { 1691 case sd_standby_state: 1692 case sd_transfer_state: 1693 case sd_sendingdata_state: 1694 case sd_receivingdata_state: 1695 case sd_programming_state: 1696 case sd_disconnect_state: 1697 break; 1698 default: 1699 return sd_invalid_state_for_cmd(sd, req); 1700 } 1701 if (sd_req_rca_same(sd, req)) { 1702 sd->state = sd_inactive_state; 1703 } 1704 1705 return sd_r0; 1706 } 1707 1708 /* CMD16 */ 1709 static sd_rsp_type_t sd_cmd_SET_BLOCKLEN(SDState *sd, SDRequest req) 1710 { 1711 if (sd->state != sd_transfer_state) { 1712 return sd_invalid_state_for_cmd(sd, req); 1713 } 1714 if (req.arg > (1 << HWBLOCK_SHIFT)) { 1715 sd->card_status |= BLOCK_LEN_ERROR; 1716 } else { 1717 trace_sdcard_set_blocklen(req.arg); 1718 sd->blk_len = req.arg; 1719 } 1720 1721 return sd_r1; 1722 } 1723 1724 /* CMD17 */ 1725 static sd_rsp_type_t sd_cmd_READ_SINGLE_BLOCK(SDState *sd, SDRequest req) 1726 { 1727 uint64_t addr; 1728 1729 if (sd->state != sd_transfer_state) { 1730 return sd_invalid_state_for_cmd(sd, req); 1731 } 1732 1733 addr = sd_req_get_address(sd, req); 1734 if (!address_in_range(sd, "READ_SINGLE_BLOCK", addr, sd->blk_len)) { 1735 return sd_r1; 1736 } 1737 1738 sd_blk_read(sd, addr, sd->blk_len); 1739 return sd_cmd_to_sendingdata(sd, req, addr, NULL, sd->blk_len); 1740 } 1741 1742 /* CMD19 */ 1743 static sd_rsp_type_t sd_cmd_SEND_TUNING_BLOCK(SDState *sd, SDRequest req) 1744 { 1745 if (sd->spec_version < SD_PHY_SPECv3_01_VERS) { 1746 return sd_cmd_illegal(sd, req); 1747 } 1748 1749 return sd_cmd_to_sendingdata(sd, req, 0, 1750 sd_tuning_block_pattern4, 1751 sizeof(sd_tuning_block_pattern4)); 1752 } 1753 1754 /* CMD23 */ 1755 static sd_rsp_type_t sd_cmd_SET_BLOCK_COUNT(SDState *sd, SDRequest req) 1756 { 1757 if (sd->spec_version < SD_PHY_SPECv3_01_VERS) { 1758 return sd_cmd_illegal(sd, req); 1759 } 1760 1761 if (sd->state != sd_transfer_state) { 1762 return sd_invalid_state_for_cmd(sd, req); 1763 } 1764 1765 sd->multi_blk_cnt = req.arg; 1766 if (sd_is_emmc(sd)) { 1767 sd->multi_blk_cnt &= 0xffff; 1768 } 1769 trace_sdcard_set_block_count(sd->multi_blk_cnt); 1770 1771 return sd_r1; 1772 } 1773 1774 /* CMD24 */ 1775 static sd_rsp_type_t sd_cmd_WRITE_SINGLE_BLOCK(SDState *sd, SDRequest req) 1776 { 1777 uint64_t addr; 1778 1779 if (sd->state != sd_transfer_state) { 1780 return sd_invalid_state_for_cmd(sd, req); 1781 } 1782 1783 addr = sd_req_get_address(sd, req); 1784 if (!address_in_range(sd, "WRITE_SINGLE_BLOCK", addr, sd->blk_len)) { 1785 return sd_r1; 1786 } 1787 1788 if (sd->size <= SDSC_MAX_CAPACITY) { 1789 if (sd_wp_addr(sd, addr)) { 1790 sd->card_status |= WP_VIOLATION; 1791 } 1792 } 1793 if (sd->csd[14] & 0x30) { 1794 sd->card_status |= WP_VIOLATION; 1795 } 1796 1797 sd->blk_written = 0; 1798 return sd_cmd_to_receivingdata(sd, req, addr, sd->blk_len); 1799 } 1800 1801 /* CMD26 */ 1802 static sd_rsp_type_t emmc_cmd_PROGRAM_CID(SDState *sd, SDRequest req) 1803 { 1804 return sd_cmd_to_receivingdata(sd, req, 0, sizeof(sd->cid)); 1805 } 1806 1807 /* CMD27 */ 1808 static sd_rsp_type_t sd_cmd_PROGRAM_CSD(SDState *sd, SDRequest req) 1809 { 1810 return sd_cmd_to_receivingdata(sd, req, 0, sizeof(sd->csd)); 1811 } 1812 1813 static sd_rsp_type_t sd_cmd_SET_CLR_WRITE_PROT(SDState *sd, SDRequest req, 1814 bool is_write) 1815 { 1816 uint64_t addr; 1817 1818 if (sd->size > SDSC_MAX_CAPACITY) { 1819 return sd_illegal; 1820 } 1821 1822 if (sd->state != sd_transfer_state) { 1823 return sd_invalid_state_for_cmd(sd, req); 1824 } 1825 1826 addr = sd_req_get_address(sd, req); 1827 if (!address_in_range(sd, is_write ? "SET_WRITE_PROT" : "CLR_WRITE_PROT", 1828 addr, 1)) { 1829 return sd_r1b; 1830 } 1831 1832 sd->state = sd_programming_state; 1833 if (is_write) { 1834 set_bit(sd_addr_to_wpnum(addr), sd->wp_group_bmap); 1835 } else { 1836 clear_bit(sd_addr_to_wpnum(addr), sd->wp_group_bmap); 1837 } 1838 /* Bzzzzzzztt .... Operation complete. */ 1839 sd->state = sd_transfer_state; 1840 return sd_r1; 1841 } 1842 1843 /* CMD28 */ 1844 static sd_rsp_type_t sd_cmd_SET_WRITE_PROT(SDState *sd, SDRequest req) 1845 { 1846 return sd_cmd_SET_CLR_WRITE_PROT(sd, req, true); 1847 } 1848 1849 /* CMD29 */ 1850 static sd_rsp_type_t sd_cmd_CLR_WRITE_PROT(SDState *sd, SDRequest req) 1851 { 1852 return sd_cmd_SET_CLR_WRITE_PROT(sd, req, false); 1853 } 1854 1855 /* CMD30 */ 1856 static sd_rsp_type_t sd_cmd_SEND_WRITE_PROT(SDState *sd, SDRequest req) 1857 { 1858 uint64_t addr; 1859 uint32_t data; 1860 1861 if (sd->size > SDSC_MAX_CAPACITY) { 1862 return sd_illegal; 1863 } 1864 1865 if (sd->state != sd_transfer_state) { 1866 return sd_invalid_state_for_cmd(sd, req); 1867 } 1868 1869 addr = sd_req_get_address(sd, req); 1870 if (!address_in_range(sd, "SEND_WRITE_PROT", addr, sd->blk_len)) { 1871 return sd_r1; 1872 } 1873 1874 data = sd_wpbits(sd, req.arg); 1875 return sd_cmd_to_sendingdata(sd, req, addr, &data, sizeof(data)); 1876 } 1877 1878 /* CMD32 */ 1879 static sd_rsp_type_t sd_cmd_ERASE_WR_BLK_START(SDState *sd, SDRequest req) 1880 { 1881 if (sd->state != sd_transfer_state) { 1882 return sd_invalid_state_for_cmd(sd, req); 1883 } 1884 sd->erase_start = req.arg; 1885 return sd_r1; 1886 } 1887 1888 /* CMD33 */ 1889 static sd_rsp_type_t sd_cmd_ERASE_WR_BLK_END(SDState *sd, SDRequest req) 1890 { 1891 if (sd->state != sd_transfer_state) { 1892 return sd_invalid_state_for_cmd(sd, req); 1893 } 1894 sd->erase_end = req.arg; 1895 return sd_r1; 1896 } 1897 1898 /* CMD38 */ 1899 static sd_rsp_type_t sd_cmd_ERASE(SDState *sd, SDRequest req) 1900 { 1901 if (sd->state != sd_transfer_state) { 1902 return sd_invalid_state_for_cmd(sd, req); 1903 } 1904 if (sd->csd[14] & 0x30) { 1905 sd->card_status |= WP_VIOLATION; 1906 return sd_r1b; 1907 } 1908 1909 sd->state = sd_programming_state; 1910 sd_erase(sd); 1911 /* Bzzzzzzztt .... Operation complete. */ 1912 sd->state = sd_transfer_state; 1913 return sd_r1b; 1914 } 1915 1916 /* CMD42 */ 1917 static sd_rsp_type_t sd_cmd_LOCK_UNLOCK(SDState *sd, SDRequest req) 1918 { 1919 return sd_cmd_to_receivingdata(sd, req, 0, 0); 1920 } 1921 1922 /* CMD55 */ 1923 static sd_rsp_type_t sd_cmd_APP_CMD(SDState *sd, SDRequest req) 1924 { 1925 switch (sd->state) { 1926 case sd_ready_state: 1927 case sd_identification_state: 1928 case sd_inactive_state: 1929 case sd_sleep_state: 1930 return sd_invalid_state_for_cmd(sd, req); 1931 case sd_idle_state: 1932 if (!sd_is_spi(sd) && sd_req_get_rca(sd, req) != 0x0000) { 1933 qemu_log_mask(LOG_GUEST_ERROR, 1934 "SD: illegal RCA 0x%04x for APP_CMD\n", req.cmd); 1935 } 1936 /* fall-through */ 1937 default: 1938 break; 1939 } 1940 if (!sd_is_spi(sd) && !sd_req_rca_same(sd, req)) { 1941 return sd_r0; 1942 } 1943 sd->expecting_acmd = true; 1944 sd->card_status |= APP_CMD; 1945 1946 return sd_r1; 1947 } 1948 1949 /* CMD56 */ 1950 static sd_rsp_type_t sd_cmd_GEN_CMD(SDState *sd, SDRequest req) 1951 { 1952 if (sd->state != sd_transfer_state) { 1953 return sd_invalid_state_for_cmd(sd, req); 1954 } 1955 1956 /* Vendor specific command: our model is RAZ/WI */ 1957 if (req.arg & 1) { 1958 memset(sd->data, 0, sizeof(sd->data)); 1959 return sd_cmd_to_sendingdata(sd, req, 0, NULL, 0); 1960 } else { 1961 return sd_cmd_to_receivingdata(sd, req, 0, 0); 1962 } 1963 } 1964 1965 /* CMD58 */ 1966 static sd_rsp_type_t spi_cmd_READ_OCR(SDState *sd, SDRequest req) 1967 { 1968 return sd_r3; 1969 } 1970 1971 /* CMD59 */ 1972 static sd_rsp_type_t spi_cmd_CRC_ON_OFF(SDState *sd, SDRequest req) 1973 { 1974 return sd_r1; 1975 } 1976 1977 /* ACMD6 */ 1978 static sd_rsp_type_t sd_acmd_SET_BUS_WIDTH(SDState *sd, SDRequest req) 1979 { 1980 if (sd->state != sd_transfer_state) { 1981 return sd_invalid_state_for_cmd(sd, req); 1982 } 1983 1984 sd->sd_status[0] &= 0x3f; 1985 sd->sd_status[0] |= (req.arg & 0x03) << 6; 1986 return sd_r1; 1987 } 1988 1989 /* ACMD13 */ 1990 static sd_rsp_type_t sd_acmd_SD_STATUS(SDState *sd, SDRequest req) 1991 { 1992 sd_rsp_type_t rsp; 1993 1994 rsp = sd_cmd_to_sendingdata(sd, req, 0, 1995 sd->sd_status, sizeof(sd->sd_status)); 1996 if (sd_is_spi(sd) && rsp != sd_illegal) { 1997 return spi_r2; 1998 } 1999 return rsp; 2000 } 2001 2002 /* ACMD22 */ 2003 static sd_rsp_type_t sd_acmd_SEND_NUM_WR_BLOCKS(SDState *sd, SDRequest req) 2004 { 2005 return sd_cmd_to_sendingdata(sd, req, 0, 2006 &sd->blk_written, sizeof(sd->blk_written)); 2007 } 2008 2009 /* ACMD23 */ 2010 static sd_rsp_type_t sd_acmd_SET_WR_BLK_ERASE_COUNT(SDState *sd, SDRequest req) 2011 { 2012 if (sd->state != sd_transfer_state) { 2013 return sd_invalid_state_for_cmd(sd, req); 2014 } 2015 return sd_r1; 2016 } 2017 2018 /* ACMD41 */ 2019 static sd_rsp_type_t sd_cmd_SEND_OP_COND(SDState *sd, SDRequest req) 2020 { 2021 if (sd->state != sd_idle_state) { 2022 return sd_invalid_state_for_cmd(sd, req); 2023 } 2024 2025 /* 2026 * If it's the first ACMD41 since reset, we need to decide 2027 * whether to power up. If this is not an enquiry ACMD41, 2028 * we immediately report power on and proceed below to the 2029 * ready state, but if it is, we set a timer to model a 2030 * delay for power up. This works around a bug in EDK2 2031 * UEFI, which sends an initial enquiry ACMD41, but 2032 * assumes that the card is in ready state as soon as it 2033 * sees the power up bit set. 2034 */ 2035 if (!FIELD_EX32(sd->ocr, OCR, CARD_POWER_UP)) { 2036 if ((req.arg & ACMD41_ENQUIRY_MASK) != 0) { 2037 timer_del(sd->ocr_power_timer); 2038 sd_ocr_powerup(sd); 2039 } else { 2040 trace_sdcard_inquiry_cmd41(); 2041 if (!timer_pending(sd->ocr_power_timer)) { 2042 timer_mod_ns(sd->ocr_power_timer, 2043 (qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) 2044 + OCR_POWER_DELAY_NS)); 2045 } 2046 } 2047 } 2048 2049 if (FIELD_EX32(sd->ocr & req.arg, OCR, VDD_VOLTAGE_WINDOW)) { 2050 /* 2051 * We accept any voltage. 10000 V is nothing. 2052 * 2053 * Once we're powered up, we advance straight to ready state 2054 * unless it's an enquiry ACMD41 (bits 23:0 == 0). 2055 */ 2056 sd->state = sd_ready_state; 2057 } 2058 2059 if (sd_is_spi(sd)) { 2060 return sd_r1; 2061 } 2062 return sd_r3; 2063 } 2064 2065 /* ACMD42 */ 2066 static sd_rsp_type_t sd_acmd_SET_CLR_CARD_DETECT(SDState *sd, SDRequest req) 2067 { 2068 if (sd->state != sd_transfer_state) { 2069 return sd_invalid_state_for_cmd(sd, req); 2070 } 2071 2072 /* Bringing in the 50KOhm pull-up resistor... Done. */ 2073 return sd_r1; 2074 } 2075 2076 /* ACMD51 */ 2077 static sd_rsp_type_t sd_acmd_SEND_SCR(SDState *sd, SDRequest req) 2078 { 2079 return sd_cmd_to_sendingdata(sd, req, 0, sd->scr, sizeof(sd->scr)); 2080 } 2081 2082 static sd_rsp_type_t sd_normal_command(SDState *sd, SDRequest req) 2083 { 2084 uint64_t addr; 2085 2086 sd->last_cmd_name = sd_cmd_name(sd, req.cmd); 2087 /* CMD55 precedes an ACMD, so we are not interested in tracing it. 2088 * However there is no ACMD55, so we want to trace this particular case. 2089 */ 2090 if (req.cmd != 55 || sd->expecting_acmd) { 2091 trace_sdcard_normal_command(sd->proto->name, 2092 sd->last_cmd_name, req.cmd, 2093 req.arg, sd_state_name(sd->state)); 2094 } 2095 2096 /* Not interpreting this as an app command */ 2097 sd->card_status &= ~APP_CMD; 2098 2099 /* CMD23 (set block count) must be immediately followed by CMD18 or CMD25 2100 * if not, its effects are cancelled */ 2101 if (sd->multi_blk_cnt != 0 && !(req.cmd == 18 || req.cmd == 25)) { 2102 sd->multi_blk_cnt = 0; 2103 } 2104 2105 if (sd->proto->cmd[req.cmd].class == 6 && FIELD_EX32(sd->ocr, OCR, 2106 CARD_CAPACITY)) { 2107 /* Only Standard Capacity cards support class 6 commands */ 2108 return sd_illegal; 2109 } 2110 2111 if (sd->proto->cmd[req.cmd].handler) { 2112 return sd->proto->cmd[req.cmd].handler(sd, req); 2113 } 2114 2115 switch (req.cmd) { 2116 /* Block read commands (Class 2) */ 2117 case 18: /* CMD18: READ_MULTIPLE_BLOCK */ 2118 addr = sd_req_get_address(sd, req); 2119 switch (sd->state) { 2120 case sd_transfer_state: 2121 2122 if (!address_in_range(sd, "READ_BLOCK", addr, sd->blk_len)) { 2123 return sd_r1; 2124 } 2125 2126 sd->state = sd_sendingdata_state; 2127 sd->data_start = addr; 2128 sd->data_offset = 0; 2129 return sd_r1; 2130 2131 default: 2132 break; 2133 } 2134 break; 2135 2136 /* Block write commands (Class 4) */ 2137 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */ 2138 addr = sd_req_get_address(sd, req); 2139 switch (sd->state) { 2140 case sd_transfer_state: 2141 2142 if (!address_in_range(sd, "WRITE_BLOCK", addr, sd->blk_len)) { 2143 return sd_r1; 2144 } 2145 2146 sd->state = sd_receivingdata_state; 2147 sd->data_start = addr; 2148 sd->data_offset = 0; 2149 sd->blk_written = 0; 2150 2151 if (sd->size <= SDSC_MAX_CAPACITY) { 2152 if (sd_wp_addr(sd, sd->data_start)) { 2153 sd->card_status |= WP_VIOLATION; 2154 } 2155 } 2156 if (sd->csd[14] & 0x30) { 2157 sd->card_status |= WP_VIOLATION; 2158 } 2159 return sd_r1; 2160 2161 default: 2162 break; 2163 } 2164 break; 2165 2166 default: 2167 qemu_log_mask(LOG_GUEST_ERROR, "SD: Unknown CMD%i\n", req.cmd); 2168 return sd_illegal; 2169 } 2170 2171 return sd_invalid_state_for_cmd(sd, req); 2172 } 2173 2174 static sd_rsp_type_t sd_app_command(SDState *sd, 2175 SDRequest req) 2176 { 2177 sd->last_cmd_name = sd_acmd_name(sd, req.cmd); 2178 trace_sdcard_app_command(sd->proto->name, sd->last_cmd_name, 2179 req.cmd, req.arg, sd_state_name(sd->state)); 2180 sd->card_status |= APP_CMD; 2181 2182 if (sd->proto->acmd[req.cmd].handler) { 2183 return sd->proto->acmd[req.cmd].handler(sd, req); 2184 } 2185 2186 switch (req.cmd) { 2187 case 18: /* Reserved for SD security applications */ 2188 case 25: 2189 case 26: 2190 case 38: 2191 case 43 ... 49: 2192 /* Refer to the "SD Specifications Part3 Security Specification" for 2193 * information about the SD Security Features. 2194 */ 2195 qemu_log_mask(LOG_UNIMP, "SD: CMD%i Security not implemented\n", 2196 req.cmd); 2197 return sd_illegal; 2198 2199 default: 2200 /* Fall back to standard commands. */ 2201 return sd_normal_command(sd, req); 2202 } 2203 2204 qemu_log_mask(LOG_GUEST_ERROR, "SD: ACMD%i in a wrong state\n", req.cmd); 2205 return sd_illegal; 2206 } 2207 2208 static bool cmd_valid_while_locked(SDState *sd, unsigned cmd) 2209 { 2210 unsigned cmd_class; 2211 2212 /* Valid commands in locked state: 2213 * basic class (0) 2214 * lock card class (7) 2215 * CMD16 2216 * implicitly, the ACMD prefix CMD55 2217 * ACMD41 and ACMD42 2218 * Anything else provokes an "illegal command" response. 2219 */ 2220 if (sd->expecting_acmd) { 2221 return cmd == 41 || cmd == 42; 2222 } 2223 if (cmd == 16 || cmd == 55) { 2224 return true; 2225 } 2226 if (!sd->proto->cmd[cmd].handler) { 2227 return false; 2228 } 2229 cmd_class = sd->proto->cmd[cmd].class; 2230 2231 return cmd_class == 0 || cmd_class == 7; 2232 } 2233 2234 static size_t sd_do_command(SDState *sd, SDRequest *req, 2235 uint8_t *response, size_t respsz) 2236 { 2237 int last_state; 2238 sd_rsp_type_t rtype; 2239 int rsplen; 2240 2241 if (!sd->blk || !blk_is_inserted(sd->blk)) { 2242 return 0; 2243 } 2244 2245 if (sd->state == sd_inactive_state) { 2246 rtype = sd_illegal; 2247 goto send_response; 2248 } 2249 2250 if (sd_req_crc_validate(req)) { 2251 sd->card_status |= COM_CRC_ERROR; 2252 rtype = sd_illegal; 2253 goto send_response; 2254 } 2255 2256 if (req->cmd >= SDMMC_CMD_MAX) { 2257 qemu_log_mask(LOG_GUEST_ERROR, "SD: incorrect command 0x%02x\n", 2258 req->cmd); 2259 req->cmd &= 0x3f; 2260 } 2261 2262 if (sd->state == sd_sleep_state && req->cmd) { 2263 qemu_log_mask(LOG_GUEST_ERROR, "SD: Card is sleeping\n"); 2264 rtype = sd_r0; 2265 goto send_response; 2266 } 2267 2268 if (sd->card_status & CARD_IS_LOCKED) { 2269 if (!cmd_valid_while_locked(sd, req->cmd)) { 2270 sd->card_status |= ILLEGAL_COMMAND; 2271 sd->expecting_acmd = false; 2272 qemu_log_mask(LOG_GUEST_ERROR, "SD: Card is locked\n"); 2273 rtype = sd_illegal; 2274 goto send_response; 2275 } 2276 } 2277 2278 last_state = sd->state; 2279 sd_set_mode(sd); 2280 2281 if (sd->expecting_acmd) { 2282 sd->expecting_acmd = false; 2283 rtype = sd_app_command(sd, *req); 2284 } else { 2285 rtype = sd_normal_command(sd, *req); 2286 } 2287 2288 if (rtype == sd_illegal) { 2289 sd->card_status |= ILLEGAL_COMMAND; 2290 } else { 2291 /* Valid command, we can update the 'state before command' bits. 2292 * (Do this now so they appear in r1 responses.) 2293 */ 2294 sd->card_status = FIELD_DP32(sd->card_status, CSR, 2295 CURRENT_STATE, last_state); 2296 } 2297 2298 send_response: 2299 rsplen = sd_response_size(sd, rtype); 2300 assert(rsplen <= respsz); 2301 2302 switch (rtype) { 2303 case sd_r1: 2304 case sd_r1b: 2305 sd_response_r1_make(sd, response); 2306 break; 2307 2308 case spi_r2: 2309 spi_response_r2_make(sd, response); 2310 break; 2311 2312 case sd_r2_i: 2313 memcpy(response, sd->cid, sizeof(sd->cid)); 2314 break; 2315 2316 case sd_r2_s: 2317 memcpy(response, sd->csd, sizeof(sd->csd)); 2318 break; 2319 2320 case sd_r3: 2321 sd_response_r3_make(sd, response); 2322 break; 2323 2324 case sd_r6: 2325 sd_response_r6_make(sd, response); 2326 break; 2327 2328 case sd_r7: 2329 sd_response_r7_make(sd, response); 2330 break; 2331 2332 case sd_r0: 2333 /* 2334 * Invalid state transition, reset implementation 2335 * fields to avoid OOB abuse. 2336 */ 2337 sd->data_start = 0; 2338 sd->data_offset = 0; 2339 /* fall-through */ 2340 case sd_illegal: 2341 break; 2342 default: 2343 g_assert_not_reached(); 2344 } 2345 trace_sdcard_response(sd_response_name(rtype), rsplen); 2346 2347 if (rtype != sd_illegal) { 2348 /* Clear the "clear on valid command" status bits now we've 2349 * sent any response 2350 */ 2351 sd->card_status &= ~CARD_STATUS_B; 2352 } 2353 2354 #ifdef DEBUG_SD 2355 qemu_hexdump(stderr, "Response", response, rsplen); 2356 #endif 2357 2358 sd->current_cmd = rtype == sd_illegal ? 0 : req->cmd; 2359 2360 return rsplen; 2361 } 2362 2363 /* Return true if buffer is consumed. Configured by sd_cmd_to_receivingdata() */ 2364 static bool sd_generic_write_byte(SDState *sd, uint8_t value) 2365 { 2366 sd->data[sd->data_offset] = value; 2367 2368 if (++sd->data_offset >= sd->data_size) { 2369 sd->state = sd_transfer_state; 2370 return true; 2371 } 2372 return false; 2373 } 2374 2375 /* Return true when buffer is consumed. Configured by sd_cmd_to_sendingdata() */ 2376 static bool sd_generic_read_byte(SDState *sd, uint8_t *value) 2377 { 2378 *value = sd->data[sd->data_offset]; 2379 2380 if (++sd->data_offset >= sd->data_size) { 2381 sd->state = sd_transfer_state; 2382 return true; 2383 } 2384 2385 return false; 2386 } 2387 2388 static void sd_write_byte(SDState *sd, uint8_t value) 2389 { 2390 int i; 2391 2392 if (!sd->blk || !blk_is_inserted(sd->blk)) { 2393 return; 2394 } 2395 2396 if (sd->state != sd_receivingdata_state) { 2397 qemu_log_mask(LOG_GUEST_ERROR, 2398 "%s: not in Receiving-Data state\n", __func__); 2399 return; 2400 } 2401 2402 if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION)) 2403 return; 2404 2405 trace_sdcard_write_data(sd->proto->name, 2406 sd->last_cmd_name, 2407 sd->current_cmd, sd->data_offset, value); 2408 switch (sd->current_cmd) { 2409 case 24: /* CMD24: WRITE_SINGLE_BLOCK */ 2410 if (sd_generic_write_byte(sd, value)) { 2411 /* TODO: Check CRC before committing */ 2412 sd->state = sd_programming_state; 2413 sd_blk_write(sd, sd->data_start, sd->data_offset); 2414 sd->blk_written ++; 2415 sd->csd[14] |= 0x40; 2416 /* Bzzzzzzztt .... Operation complete. */ 2417 sd->state = sd_transfer_state; 2418 } 2419 break; 2420 2421 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */ 2422 if (sd->data_offset == 0) { 2423 /* Start of the block - let's check the address is valid */ 2424 if (!address_in_range(sd, "WRITE_MULTIPLE_BLOCK", 2425 sd->data_start, sd->blk_len)) { 2426 break; 2427 } 2428 if (sd->size <= SDSC_MAX_CAPACITY) { 2429 if (sd_wp_addr(sd, sd->data_start)) { 2430 sd->card_status |= WP_VIOLATION; 2431 break; 2432 } 2433 } 2434 } 2435 sd->data[sd->data_offset++] = value; 2436 if (sd->data_offset >= sd->blk_len) { 2437 /* TODO: Check CRC before committing */ 2438 sd->state = sd_programming_state; 2439 sd_blk_write(sd, sd->data_start, sd->data_offset); 2440 sd->blk_written++; 2441 sd->data_start += sd->blk_len; 2442 sd->data_offset = 0; 2443 sd->csd[14] |= 0x40; 2444 2445 /* Bzzzzzzztt .... Operation complete. */ 2446 if (sd->multi_blk_cnt != 0) { 2447 if (--sd->multi_blk_cnt == 0) { 2448 /* Stop! */ 2449 sd->state = sd_transfer_state; 2450 break; 2451 } 2452 } 2453 2454 sd->state = sd_receivingdata_state; 2455 } 2456 break; 2457 2458 case 26: /* CMD26: PROGRAM_CID */ 2459 if (sd_generic_write_byte(sd, value)) { 2460 /* TODO: Check CRC before committing */ 2461 sd->state = sd_programming_state; 2462 for (i = 0; i < sizeof(sd->cid); i ++) 2463 if ((sd->cid[i] | 0x00) != sd->data[i]) 2464 sd->card_status |= CID_CSD_OVERWRITE; 2465 2466 if (!(sd->card_status & CID_CSD_OVERWRITE)) 2467 for (i = 0; i < sizeof(sd->cid); i ++) { 2468 sd->cid[i] |= 0x00; 2469 sd->cid[i] &= sd->data[i]; 2470 } 2471 /* Bzzzzzzztt .... Operation complete. */ 2472 sd->state = sd_transfer_state; 2473 } 2474 break; 2475 2476 case 27: /* CMD27: PROGRAM_CSD */ 2477 if (sd_generic_write_byte(sd, value)) { 2478 /* TODO: Check CRC before committing */ 2479 sd->state = sd_programming_state; 2480 for (i = 0; i < sizeof(sd->csd); i ++) 2481 if ((sd->csd[i] | sd_csd_rw_mask[i]) != 2482 (sd->data[i] | sd_csd_rw_mask[i])) 2483 sd->card_status |= CID_CSD_OVERWRITE; 2484 2485 /* Copy flag (OTP) & Permanent write protect */ 2486 if (sd->csd[14] & ~sd->data[14] & 0x60) 2487 sd->card_status |= CID_CSD_OVERWRITE; 2488 2489 if (!(sd->card_status & CID_CSD_OVERWRITE)) 2490 for (i = 0; i < sizeof(sd->csd); i ++) { 2491 sd->csd[i] |= sd_csd_rw_mask[i]; 2492 sd->csd[i] &= sd->data[i]; 2493 } 2494 /* Bzzzzzzztt .... Operation complete. */ 2495 sd->state = sd_transfer_state; 2496 } 2497 break; 2498 2499 case 42: /* CMD42: LOCK_UNLOCK */ 2500 if (sd_generic_write_byte(sd, value)) { 2501 /* TODO: Check CRC before committing */ 2502 sd->state = sd_programming_state; 2503 sd_lock_command(sd); 2504 /* Bzzzzzzztt .... Operation complete. */ 2505 sd->state = sd_transfer_state; 2506 } 2507 break; 2508 2509 case 56: /* CMD56: GEN_CMD */ 2510 sd_generic_write_byte(sd, value); 2511 break; 2512 2513 default: 2514 g_assert_not_reached(); 2515 } 2516 } 2517 2518 static uint8_t sd_read_byte(SDState *sd) 2519 { 2520 /* TODO: Append CRCs */ 2521 const uint8_t dummy_byte = 0x00; 2522 uint8_t ret; 2523 uint32_t io_len; 2524 2525 if (!sd->blk || !blk_is_inserted(sd->blk)) { 2526 return dummy_byte; 2527 } 2528 2529 if (sd->state != sd_sendingdata_state) { 2530 qemu_log_mask(LOG_GUEST_ERROR, 2531 "%s: not in Sending-Data state\n", __func__); 2532 return dummy_byte; 2533 } 2534 2535 if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION)) { 2536 return dummy_byte; 2537 } 2538 2539 io_len = sd_blk_len(sd); 2540 2541 trace_sdcard_read_data(sd->proto->name, 2542 sd->last_cmd_name, sd->current_cmd, 2543 sd->data_offset, sd->data_size, io_len); 2544 switch (sd->current_cmd) { 2545 case 6: /* CMD6: SWITCH_FUNCTION */ 2546 case 8: /* CMD8: SEND_EXT_CSD */ 2547 case 9: /* CMD9: SEND_CSD */ 2548 case 10: /* CMD10: SEND_CID */ 2549 case 13: /* ACMD13: SD_STATUS */ 2550 case 17: /* CMD17: READ_SINGLE_BLOCK */ 2551 case 19: /* CMD19: SEND_TUNING_BLOCK (SD) */ 2552 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */ 2553 case 30: /* CMD30: SEND_WRITE_PROT */ 2554 case 51: /* ACMD51: SEND_SCR */ 2555 case 56: /* CMD56: GEN_CMD */ 2556 sd_generic_read_byte(sd, &ret); 2557 break; 2558 2559 case 18: /* CMD18: READ_MULTIPLE_BLOCK */ 2560 if (sd->data_offset == 0) { 2561 if (!address_in_range(sd, "READ_MULTIPLE_BLOCK", 2562 sd->data_start, io_len)) { 2563 return dummy_byte; 2564 } 2565 sd_blk_read(sd, sd->data_start, io_len); 2566 } 2567 ret = sd->data[sd->data_offset ++]; 2568 2569 if (sd->data_offset >= io_len) { 2570 sd->data_start += io_len; 2571 sd->data_offset = 0; 2572 2573 if (sd->multi_blk_cnt != 0) { 2574 if (--sd->multi_blk_cnt == 0) { 2575 /* Stop! */ 2576 sd->state = sd_transfer_state; 2577 break; 2578 } 2579 } 2580 } 2581 break; 2582 2583 default: 2584 qemu_log_mask(LOG_GUEST_ERROR, "%s: DAT read illegal for command %s\n", 2585 __func__, sd->last_cmd_name); 2586 return dummy_byte; 2587 } 2588 2589 return ret; 2590 } 2591 2592 static bool sd_receive_ready(SDState *sd) 2593 { 2594 return sd->state == sd_receivingdata_state; 2595 } 2596 2597 static bool sd_data_ready(SDState *sd) 2598 { 2599 return sd->state == sd_sendingdata_state; 2600 } 2601 2602 static const SDProto sd_proto_spi = { 2603 .name = "SPI", 2604 .cmd = { 2605 [0] = {0, sd_spi, "GO_IDLE_STATE", sd_cmd_GO_IDLE_STATE}, 2606 [1] = {0, sd_spi, "SEND_OP_COND", sd_cmd_SEND_OP_COND}, 2607 [5] = {9, sd_spi, "IO_SEND_OP_COND", sd_cmd_optional}, 2608 [6] = {10, sd_spi, "SWITCH_FUNCTION", sd_cmd_SWITCH_FUNCTION}, 2609 [8] = {0, sd_spi, "SEND_IF_COND", sd_cmd_SEND_IF_COND}, 2610 [9] = {0, sd_spi, "SEND_CSD", spi_cmd_SEND_CSD}, 2611 [10] = {0, sd_spi, "SEND_CID", spi_cmd_SEND_CID}, 2612 [12] = {0, sd_spi, "STOP_TRANSMISSION", sd_cmd_STOP_TRANSMISSION}, 2613 [13] = {0, sd_spi, "SEND_STATUS", sd_cmd_SEND_STATUS}, 2614 [16] = {2, sd_spi, "SET_BLOCKLEN", sd_cmd_SET_BLOCKLEN}, 2615 [17] = {2, sd_spi, "READ_SINGLE_BLOCK", sd_cmd_READ_SINGLE_BLOCK}, 2616 [24] = {4, sd_spi, "WRITE_SINGLE_BLOCK", sd_cmd_WRITE_SINGLE_BLOCK}, 2617 [27] = {4, sd_spi, "PROGRAM_CSD", sd_cmd_PROGRAM_CSD}, 2618 [28] = {6, sd_spi, "SET_WRITE_PROT", sd_cmd_SET_WRITE_PROT}, 2619 [29] = {6, sd_spi, "CLR_WRITE_PROT", sd_cmd_CLR_WRITE_PROT}, 2620 [30] = {6, sd_spi, "SEND_WRITE_PROT", sd_cmd_SEND_WRITE_PROT}, 2621 [32] = {5, sd_spi, "ERASE_WR_BLK_START", sd_cmd_ERASE_WR_BLK_START}, 2622 [33] = {5, sd_spi, "ERASE_WR_BLK_END", sd_cmd_ERASE_WR_BLK_END}, 2623 [34] = {10, sd_spi, "READ_SEC_CMD", sd_cmd_optional}, 2624 [35] = {10, sd_spi, "WRITE_SEC_CMD", sd_cmd_optional}, 2625 [36] = {10, sd_spi, "SEND_PSI", sd_cmd_optional}, 2626 [37] = {10, sd_spi, "CONTROL_ASSD_SYSTEM", sd_cmd_optional}, 2627 [38] = {5, sd_spi, "ERASE", sd_cmd_ERASE}, 2628 [42] = {7, sd_spi, "LOCK_UNLOCK", sd_cmd_LOCK_UNLOCK}, 2629 [50] = {10, sd_spi, "DIRECT_SECURE_READ", sd_cmd_optional}, 2630 [52] = {9, sd_spi, "IO_RW_DIRECT", sd_cmd_optional}, 2631 [53] = {9, sd_spi, "IO_RW_EXTENDED", sd_cmd_optional}, 2632 [55] = {8, sd_spi, "APP_CMD", sd_cmd_APP_CMD}, 2633 [56] = {8, sd_spi, "GEN_CMD", sd_cmd_GEN_CMD}, 2634 [57] = {10, sd_spi, "DIRECT_SECURE_WRITE", sd_cmd_optional}, 2635 [58] = {0, sd_spi, "READ_OCR", spi_cmd_READ_OCR}, 2636 [59] = {0, sd_spi, "CRC_ON_OFF", spi_cmd_CRC_ON_OFF}, 2637 }, 2638 .acmd = { 2639 [13] = {8, sd_spi, "SD_STATUS", sd_acmd_SD_STATUS}, 2640 [22] = {8, sd_spi, "SEND_NUM_WR_BLOCKS", sd_acmd_SEND_NUM_WR_BLOCKS}, 2641 [23] = {8, sd_spi, "SET_WR_BLK_ERASE_COUNT", sd_acmd_SET_WR_BLK_ERASE_COUNT}, 2642 [41] = {8, sd_spi, "SEND_OP_COND", sd_cmd_SEND_OP_COND}, 2643 [42] = {8, sd_spi, "SET_CLR_CARD_DETECT", sd_acmd_SET_CLR_CARD_DETECT}, 2644 [51] = {8, sd_spi, "SEND_SCR", sd_acmd_SEND_SCR}, 2645 }, 2646 }; 2647 2648 static const SDProto sd_proto_sd = { 2649 .name = "SD", 2650 .cmd = { 2651 [0] = {0, sd_bc, "GO_IDLE_STATE", sd_cmd_GO_IDLE_STATE}, 2652 [2] = {0, sd_bcr, "ALL_SEND_CID", sd_cmd_ALL_SEND_CID}, 2653 [3] = {0, sd_bcr, "SEND_RELATIVE_ADDR", sd_cmd_SEND_RELATIVE_ADDR}, 2654 [4] = {0, sd_bc, "SEND_DSR", sd_cmd_unimplemented}, 2655 [5] = {9, sd_bc, "IO_SEND_OP_COND", sd_cmd_optional}, 2656 [6] = {10, sd_adtc, "SWITCH_FUNCTION", sd_cmd_SWITCH_FUNCTION}, 2657 [7] = {0, sd_ac, "(DE)SELECT_CARD", sd_cmd_DE_SELECT_CARD}, 2658 [8] = {0, sd_bcr, "SEND_IF_COND", sd_cmd_SEND_IF_COND}, 2659 [9] = {0, sd_ac, "SEND_CSD", sd_cmd_SEND_CSD}, 2660 [10] = {0, sd_ac, "SEND_CID", sd_cmd_SEND_CID}, 2661 [11] = {0, sd_ac, "VOLTAGE_SWITCH", sd_cmd_optional}, 2662 [12] = {0, sd_ac, "STOP_TRANSMISSION", sd_cmd_STOP_TRANSMISSION}, 2663 [13] = {0, sd_ac, "SEND_STATUS", sd_cmd_SEND_STATUS}, 2664 [15] = {0, sd_ac, "GO_INACTIVE_STATE", sd_cmd_GO_INACTIVE_STATE}, 2665 [16] = {2, sd_ac, "SET_BLOCKLEN", sd_cmd_SET_BLOCKLEN}, 2666 [17] = {2, sd_adtc, "READ_SINGLE_BLOCK", sd_cmd_READ_SINGLE_BLOCK}, 2667 [19] = {2, sd_adtc, "SEND_TUNING_BLOCK", sd_cmd_SEND_TUNING_BLOCK}, 2668 [20] = {2, sd_ac, "SPEED_CLASS_CONTROL", sd_cmd_optional}, 2669 [23] = {2, sd_ac, "SET_BLOCK_COUNT", sd_cmd_SET_BLOCK_COUNT}, 2670 [24] = {4, sd_adtc, "WRITE_SINGLE_BLOCK", sd_cmd_WRITE_SINGLE_BLOCK}, 2671 [27] = {4, sd_adtc, "PROGRAM_CSD", sd_cmd_PROGRAM_CSD}, 2672 [28] = {6, sd_ac, "SET_WRITE_PROT", sd_cmd_SET_WRITE_PROT}, 2673 [29] = {6, sd_ac, "CLR_WRITE_PROT", sd_cmd_CLR_WRITE_PROT}, 2674 [30] = {6, sd_adtc, "SEND_WRITE_PROT", sd_cmd_SEND_WRITE_PROT}, 2675 [32] = {5, sd_ac, "ERASE_WR_BLK_START", sd_cmd_ERASE_WR_BLK_START}, 2676 [33] = {5, sd_ac, "ERASE_WR_BLK_END", sd_cmd_ERASE_WR_BLK_END}, 2677 [34] = {10, sd_adtc, "READ_SEC_CMD", sd_cmd_optional}, 2678 [35] = {10, sd_adtc, "WRITE_SEC_CMD", sd_cmd_optional}, 2679 [36] = {10, sd_adtc, "SEND_PSI", sd_cmd_optional}, 2680 [37] = {10, sd_ac, "CONTROL_ASSD_SYSTEM", sd_cmd_optional}, 2681 [38] = {5, sd_ac, "ERASE", sd_cmd_ERASE}, 2682 [42] = {7, sd_adtc, "LOCK_UNLOCK", sd_cmd_LOCK_UNLOCK}, 2683 [43] = {1, sd_ac, "Q_MANAGEMENT", sd_cmd_optional}, 2684 [44] = {1, sd_ac, "Q_TASK_INFO_A", sd_cmd_optional}, 2685 [45] = {1, sd_ac, "Q_TASK_INFO_B", sd_cmd_optional}, 2686 [46] = {1, sd_adtc, "Q_RD_TASK", sd_cmd_optional}, 2687 [47] = {1, sd_adtc, "Q_WR_TASK", sd_cmd_optional}, 2688 [48] = {1, sd_adtc, "READ_EXTR_SINGLE", sd_cmd_optional}, 2689 [49] = {1, sd_adtc, "WRITE_EXTR_SINGLE", sd_cmd_optional}, 2690 [50] = {10, sd_adtc, "DIRECT_SECURE_READ", sd_cmd_optional}, 2691 [52] = {9, sd_bc, "IO_RW_DIRECT", sd_cmd_optional}, 2692 [53] = {9, sd_bc, "IO_RW_EXTENDED", sd_cmd_optional}, 2693 [55] = {8, sd_ac, "APP_CMD", sd_cmd_APP_CMD}, 2694 [56] = {8, sd_adtc, "GEN_CMD", sd_cmd_GEN_CMD}, 2695 [57] = {10, sd_adtc, "DIRECT_SECURE_WRITE", sd_cmd_optional}, 2696 [58] = {11, sd_adtc, "READ_EXTR_MULTI", sd_cmd_optional}, 2697 [59] = {11, sd_adtc, "WRITE_EXTR_MULTI", sd_cmd_optional}, 2698 }, 2699 .acmd = { 2700 [6] = {8, sd_ac, "SET_BUS_WIDTH", sd_acmd_SET_BUS_WIDTH}, 2701 [13] = {8, sd_adtc, "SD_STATUS", sd_acmd_SD_STATUS}, 2702 [22] = {8, sd_adtc, "SEND_NUM_WR_BLOCKS", sd_acmd_SEND_NUM_WR_BLOCKS}, 2703 [23] = {8, sd_ac, "SET_WR_BLK_ERASE_COUNT", sd_acmd_SET_WR_BLK_ERASE_COUNT}, 2704 [41] = {8, sd_bcr, "SEND_OP_COND", sd_cmd_SEND_OP_COND}, 2705 [42] = {8, sd_ac, "SET_CLR_CARD_DETECT", sd_acmd_SET_CLR_CARD_DETECT}, 2706 [51] = {8, sd_adtc, "SEND_SCR", sd_acmd_SEND_SCR}, 2707 }, 2708 }; 2709 2710 static const SDProto sd_proto_emmc = { 2711 /* Only v4.3 is supported */ 2712 .name = "eMMC", 2713 .cmd = { 2714 [0] = {0, sd_bc, "GO_IDLE_STATE", sd_cmd_GO_IDLE_STATE}, 2715 [1] = {0, sd_bcr, "SEND_OP_COND", sd_cmd_SEND_OP_COND}, 2716 [2] = {0, sd_bcr, "ALL_SEND_CID", sd_cmd_ALL_SEND_CID}, 2717 [3] = {0, sd_ac, "SET_RELATIVE_ADDR", emmc_cmd_SET_RELATIVE_ADDR}, 2718 [4] = {0, sd_bc, "SEND_DSR", sd_cmd_unimplemented}, 2719 [5] = {0, sd_ac, "SLEEP/AWAKE", emmc_cmd_sleep_awake}, 2720 [6] = {10, sd_adtc, "SWITCH", emmc_cmd_SWITCH}, 2721 [7] = {0, sd_ac, "(DE)SELECT_CARD", sd_cmd_DE_SELECT_CARD}, 2722 [8] = {0, sd_adtc, "SEND_EXT_CSD", emmc_cmd_SEND_EXT_CSD}, 2723 [9] = {0, sd_ac, "SEND_CSD", sd_cmd_SEND_CSD}, 2724 [10] = {0, sd_ac, "SEND_CID", sd_cmd_SEND_CID}, 2725 [11] = {1, sd_adtc, "READ_DAT_UNTIL_STOP", sd_cmd_unimplemented}, 2726 [12] = {0, sd_ac, "STOP_TRANSMISSION", sd_cmd_STOP_TRANSMISSION}, 2727 [13] = {0, sd_ac, "SEND_STATUS", sd_cmd_SEND_STATUS}, 2728 [14] = {0, sd_adtc, "BUSTEST_R", sd_cmd_unimplemented}, 2729 [15] = {0, sd_ac, "GO_INACTIVE_STATE", sd_cmd_GO_INACTIVE_STATE}, 2730 [16] = {2, sd_ac, "SET_BLOCKLEN", sd_cmd_SET_BLOCKLEN}, 2731 [17] = {2, sd_adtc, "READ_SINGLE_BLOCK", sd_cmd_READ_SINGLE_BLOCK}, 2732 [19] = {0, sd_adtc, "BUSTEST_W", sd_cmd_unimplemented}, 2733 [20] = {3, sd_adtc, "WRITE_DAT_UNTIL_STOP", sd_cmd_unimplemented}, 2734 [23] = {2, sd_ac, "SET_BLOCK_COUNT", sd_cmd_SET_BLOCK_COUNT}, 2735 [24] = {4, sd_adtc, "WRITE_SINGLE_BLOCK", sd_cmd_WRITE_SINGLE_BLOCK}, 2736 [26] = {4, sd_adtc, "PROGRAM_CID", emmc_cmd_PROGRAM_CID}, 2737 [27] = {4, sd_adtc, "PROGRAM_CSD", sd_cmd_PROGRAM_CSD}, 2738 [28] = {6, sd_ac, "SET_WRITE_PROT", sd_cmd_SET_WRITE_PROT}, 2739 [29] = {6, sd_ac, "CLR_WRITE_PROT", sd_cmd_CLR_WRITE_PROT}, 2740 [30] = {6, sd_adtc, "SEND_WRITE_PROT", sd_cmd_SEND_WRITE_PROT}, 2741 [31] = {6, sd_adtc, "SEND_WRITE_PROT_TYPE", sd_cmd_unimplemented}, 2742 [35] = {5, sd_ac, "ERASE_WR_BLK_START", sd_cmd_ERASE_WR_BLK_START}, 2743 [36] = {5, sd_ac, "ERASE_WR_BLK_END", sd_cmd_ERASE_WR_BLK_END}, 2744 [38] = {5, sd_ac, "ERASE", sd_cmd_ERASE}, 2745 [39] = {9, sd_ac, "FAST_IO", sd_cmd_unimplemented}, 2746 [40] = {9, sd_bcr, "GO_IRQ_STATE", sd_cmd_unimplemented}, 2747 [42] = {7, sd_adtc, "LOCK_UNLOCK", sd_cmd_LOCK_UNLOCK}, 2748 [49] = {0, sd_adtc, "SET_TIME", sd_cmd_unimplemented}, 2749 [55] = {8, sd_ac, "APP_CMD", sd_cmd_APP_CMD}, 2750 [56] = {8, sd_adtc, "GEN_CMD", sd_cmd_GEN_CMD}, 2751 }, 2752 }; 2753 2754 static void sd_instance_init(Object *obj) 2755 { 2756 SDState *sd = SDMMC_COMMON(obj); 2757 SDCardClass *sc = SDMMC_COMMON_GET_CLASS(sd); 2758 2759 sd->proto = sc->proto; 2760 sd->last_cmd_name = "UNSET"; 2761 sd->ocr_power_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, sd_ocr_powerup, sd); 2762 } 2763 2764 static void sd_instance_finalize(Object *obj) 2765 { 2766 SDState *sd = SDMMC_COMMON(obj); 2767 2768 timer_free(sd->ocr_power_timer); 2769 } 2770 2771 static void sd_realize(DeviceState *dev, Error **errp) 2772 { 2773 SDState *sd = SDMMC_COMMON(dev); 2774 int ret; 2775 2776 switch (sd->spec_version) { 2777 case SD_PHY_SPECv1_10_VERS 2778 ... SD_PHY_SPECv3_01_VERS: 2779 break; 2780 default: 2781 error_setg(errp, "Invalid SD card Spec version: %u", sd->spec_version); 2782 return; 2783 } 2784 2785 if (sd->blk) { 2786 int64_t blk_size; 2787 2788 if (!blk_supports_write_perm(sd->blk)) { 2789 error_setg(errp, "Cannot use read-only drive as SD card"); 2790 return; 2791 } 2792 2793 blk_size = blk_getlength(sd->blk); 2794 if (blk_size > 0 && !is_power_of_2(blk_size)) { 2795 int64_t blk_size_aligned = pow2ceil(blk_size); 2796 char *blk_size_str; 2797 2798 blk_size_str = size_to_str(blk_size); 2799 error_setg(errp, "Invalid SD card size: %s", blk_size_str); 2800 g_free(blk_size_str); 2801 2802 blk_size_str = size_to_str(blk_size_aligned); 2803 error_append_hint(errp, 2804 "SD card size has to be a power of 2, e.g. %s.\n" 2805 "You can resize disk images with" 2806 " 'qemu-img resize <imagefile> <new-size>'\n" 2807 "(note that this will lose data if you make the" 2808 " image smaller than it currently is).\n", 2809 blk_size_str); 2810 g_free(blk_size_str); 2811 2812 return; 2813 } 2814 2815 ret = blk_set_perm(sd->blk, BLK_PERM_CONSISTENT_READ | BLK_PERM_WRITE, 2816 BLK_PERM_ALL, errp); 2817 if (ret < 0) { 2818 return; 2819 } 2820 blk_set_dev_ops(sd->blk, &sd_block_ops, sd); 2821 } 2822 } 2823 2824 static void emmc_realize(DeviceState *dev, Error **errp) 2825 { 2826 SDState *sd = SDMMC_COMMON(dev); 2827 2828 sd->spec_version = SD_PHY_SPECv3_01_VERS; /* Actually v4.3 */ 2829 2830 sd_realize(dev, errp); 2831 } 2832 2833 static const Property sdmmc_common_properties[] = { 2834 DEFINE_PROP_DRIVE("drive", SDState, blk), 2835 }; 2836 2837 static const Property sd_properties[] = { 2838 DEFINE_PROP_UINT8("spec_version", SDState, 2839 spec_version, SD_PHY_SPECv3_01_VERS), 2840 }; 2841 2842 static const Property emmc_properties[] = { 2843 DEFINE_PROP_UINT64("boot-partition-size", SDState, boot_part_size, 0), 2844 DEFINE_PROP_UINT8("boot-config", SDState, boot_config, 0x0), 2845 }; 2846 2847 static void sdmmc_common_class_init(ObjectClass *klass, const void *data) 2848 { 2849 DeviceClass *dc = DEVICE_CLASS(klass); 2850 SDCardClass *sc = SDMMC_COMMON_CLASS(klass); 2851 2852 device_class_set_props(dc, sdmmc_common_properties); 2853 dc->vmsd = &sd_vmstate; 2854 device_class_set_legacy_reset(dc, sd_reset); 2855 dc->bus_type = TYPE_SD_BUS; 2856 set_bit(DEVICE_CATEGORY_STORAGE, dc->categories); 2857 2858 sc->set_voltage = sd_set_voltage; 2859 sc->get_dat_lines = sd_get_dat_lines; 2860 sc->get_cmd_line = sd_get_cmd_line; 2861 sc->do_command = sd_do_command; 2862 sc->write_byte = sd_write_byte; 2863 sc->read_byte = sd_read_byte; 2864 sc->receive_ready = sd_receive_ready; 2865 sc->data_ready = sd_data_ready; 2866 sc->get_inserted = sd_get_inserted; 2867 sc->get_readonly = sd_get_readonly; 2868 } 2869 2870 static void sd_class_init(ObjectClass *klass, const void *data) 2871 { 2872 DeviceClass *dc = DEVICE_CLASS(klass); 2873 SDCardClass *sc = SDMMC_COMMON_CLASS(klass); 2874 2875 dc->realize = sd_realize; 2876 device_class_set_props(dc, sd_properties); 2877 2878 sc->set_cid = sd_set_cid; 2879 sc->set_csd = sd_set_csd; 2880 sc->proto = &sd_proto_sd; 2881 } 2882 2883 /* 2884 * We do not model the chip select pin, so allow the board to select 2885 * whether card should be in SSI or MMC/SD mode. It is also up to the 2886 * board to ensure that ssi transfers only occur when the chip select 2887 * is asserted. 2888 */ 2889 static void sd_spi_class_init(ObjectClass *klass, const void *data) 2890 { 2891 DeviceClass *dc = DEVICE_CLASS(klass); 2892 SDCardClass *sc = SDMMC_COMMON_CLASS(klass); 2893 2894 dc->desc = "SD SPI"; 2895 sc->proto = &sd_proto_spi; 2896 } 2897 2898 static void emmc_class_init(ObjectClass *klass, const void *data) 2899 { 2900 DeviceClass *dc = DEVICE_CLASS(klass); 2901 SDCardClass *sc = SDMMC_COMMON_CLASS(klass); 2902 2903 dc->desc = "eMMC"; 2904 dc->realize = emmc_realize; 2905 device_class_set_props(dc, emmc_properties); 2906 /* Reason: Soldered on board */ 2907 dc->user_creatable = false; 2908 2909 sc->proto = &sd_proto_emmc; 2910 2911 sc->set_cid = emmc_set_cid; 2912 sc->set_csd = emmc_set_csd; 2913 } 2914 2915 static const TypeInfo sd_types[] = { 2916 { 2917 .name = TYPE_SDMMC_COMMON, 2918 .parent = TYPE_DEVICE, 2919 .abstract = true, 2920 .instance_size = sizeof(SDState), 2921 .class_size = sizeof(SDCardClass), 2922 .class_init = sdmmc_common_class_init, 2923 .instance_init = sd_instance_init, 2924 .instance_finalize = sd_instance_finalize, 2925 }, 2926 { 2927 .name = TYPE_SD_CARD, 2928 .parent = TYPE_SDMMC_COMMON, 2929 .class_init = sd_class_init, 2930 }, 2931 { 2932 .name = TYPE_SD_CARD_SPI, 2933 .parent = TYPE_SD_CARD, 2934 .class_init = sd_spi_class_init, 2935 }, 2936 { 2937 .name = TYPE_EMMC, 2938 .parent = TYPE_SDMMC_COMMON, 2939 .class_init = emmc_class_init, 2940 }, 2941 }; 2942 2943 DEFINE_TYPES(sd_types) 2944