1 /* 2 * SD Memory Card emulation as defined in the "SD Memory Card Physical 3 * layer specification, Version 1.10." 4 * 5 * Copyright (c) 2006 Andrzej Zaborowski <balrog@zabor.org> 6 * Copyright (c) 2007 CodeSourcery 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 2. Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in 16 * the documentation and/or other materials provided with the 17 * distribution. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' 20 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, 21 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A 22 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR 23 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 24 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 25 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 26 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY 27 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 28 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 29 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 30 */ 31 32 #include "hw/hw.h" 33 #include "sysemu/block-backend.h" 34 #include "hw/sd/sd.h" 35 #include "qemu/bitmap.h" 36 37 //#define DEBUG_SD 1 38 39 #ifdef DEBUG_SD 40 #define DPRINTF(fmt, ...) \ 41 do { fprintf(stderr, "SD: " fmt , ## __VA_ARGS__); } while (0) 42 #else 43 #define DPRINTF(fmt, ...) do {} while(0) 44 #endif 45 46 #define ACMD41_ENQUIRY_MASK 0x00ffffff 47 48 typedef enum { 49 sd_r0 = 0, /* no response */ 50 sd_r1, /* normal response command */ 51 sd_r2_i, /* CID register */ 52 sd_r2_s, /* CSD register */ 53 sd_r3, /* OCR register */ 54 sd_r6 = 6, /* Published RCA response */ 55 sd_r7, /* Operating voltage */ 56 sd_r1b = -1, 57 sd_illegal = -2, 58 } sd_rsp_type_t; 59 60 enum SDCardModes { 61 sd_inactive, 62 sd_card_identification_mode, 63 sd_data_transfer_mode, 64 }; 65 66 enum SDCardStates { 67 sd_inactive_state = -1, 68 sd_idle_state = 0, 69 sd_ready_state, 70 sd_identification_state, 71 sd_standby_state, 72 sd_transfer_state, 73 sd_sendingdata_state, 74 sd_receivingdata_state, 75 sd_programming_state, 76 sd_disconnect_state, 77 }; 78 79 struct SDState { 80 uint32_t mode; /* current card mode, one of SDCardModes */ 81 int32_t state; /* current card state, one of SDCardStates */ 82 uint32_t ocr; 83 uint8_t scr[8]; 84 uint8_t cid[16]; 85 uint8_t csd[16]; 86 uint16_t rca; 87 uint32_t card_status; 88 uint8_t sd_status[64]; 89 uint32_t vhs; 90 bool wp_switch; 91 unsigned long *wp_groups; 92 int32_t wpgrps_size; 93 uint64_t size; 94 uint32_t blk_len; 95 uint32_t erase_start; 96 uint32_t erase_end; 97 uint8_t pwd[16]; 98 uint32_t pwd_len; 99 uint8_t function_group[6]; 100 101 bool spi; 102 uint8_t current_cmd; 103 /* True if we will handle the next command as an ACMD. Note that this does 104 * *not* track the APP_CMD status bit! 105 */ 106 bool expecting_acmd; 107 uint32_t blk_written; 108 uint64_t data_start; 109 uint32_t data_offset; 110 uint8_t data[512]; 111 qemu_irq readonly_cb; 112 qemu_irq inserted_cb; 113 BlockBackend *blk; 114 uint8_t *buf; 115 116 bool enable; 117 }; 118 119 static void sd_set_mode(SDState *sd) 120 { 121 switch (sd->state) { 122 case sd_inactive_state: 123 sd->mode = sd_inactive; 124 break; 125 126 case sd_idle_state: 127 case sd_ready_state: 128 case sd_identification_state: 129 sd->mode = sd_card_identification_mode; 130 break; 131 132 case sd_standby_state: 133 case sd_transfer_state: 134 case sd_sendingdata_state: 135 case sd_receivingdata_state: 136 case sd_programming_state: 137 case sd_disconnect_state: 138 sd->mode = sd_data_transfer_mode; 139 break; 140 } 141 } 142 143 static const sd_cmd_type_t sd_cmd_type[64] = { 144 sd_bc, sd_none, sd_bcr, sd_bcr, sd_none, sd_none, sd_none, sd_ac, 145 sd_bcr, sd_ac, sd_ac, sd_adtc, sd_ac, sd_ac, sd_none, sd_ac, 146 sd_ac, sd_adtc, sd_adtc, sd_none, sd_none, sd_none, sd_none, sd_none, 147 sd_adtc, sd_adtc, sd_adtc, sd_adtc, sd_ac, sd_ac, sd_adtc, sd_none, 148 sd_ac, sd_ac, sd_none, sd_none, sd_none, sd_none, sd_ac, sd_none, 149 sd_none, sd_none, sd_bc, sd_none, sd_none, sd_none, sd_none, sd_none, 150 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_ac, 151 sd_adtc, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, 152 }; 153 154 static const int sd_cmd_class[64] = { 155 0, 0, 0, 0, 0, 9, 10, 0, 0, 0, 0, 1, 0, 0, 0, 0, 156 2, 2, 2, 2, 3, 3, 3, 3, 4, 4, 4, 4, 6, 6, 6, 6, 157 5, 5, 10, 10, 10, 10, 5, 9, 9, 9, 7, 7, 7, 7, 7, 7, 158 7, 7, 10, 7, 9, 9, 9, 8, 8, 10, 8, 8, 8, 8, 8, 8, 159 }; 160 161 static uint8_t sd_crc7(void *message, size_t width) 162 { 163 int i, bit; 164 uint8_t shift_reg = 0x00; 165 uint8_t *msg = (uint8_t *) message; 166 167 for (i = 0; i < width; i ++, msg ++) 168 for (bit = 7; bit >= 0; bit --) { 169 shift_reg <<= 1; 170 if ((shift_reg >> 7) ^ ((*msg >> bit) & 1)) 171 shift_reg ^= 0x89; 172 } 173 174 return shift_reg; 175 } 176 177 static uint16_t sd_crc16(void *message, size_t width) 178 { 179 int i, bit; 180 uint16_t shift_reg = 0x0000; 181 uint16_t *msg = (uint16_t *) message; 182 width <<= 1; 183 184 for (i = 0; i < width; i ++, msg ++) 185 for (bit = 15; bit >= 0; bit --) { 186 shift_reg <<= 1; 187 if ((shift_reg >> 15) ^ ((*msg >> bit) & 1)) 188 shift_reg ^= 0x1011; 189 } 190 191 return shift_reg; 192 } 193 194 static void sd_set_ocr(SDState *sd) 195 { 196 /* All voltages OK, card power-up OK, Standard Capacity SD Memory Card */ 197 sd->ocr = 0x80ffff00; 198 } 199 200 static void sd_set_scr(SDState *sd) 201 { 202 sd->scr[0] = 0x00; /* SCR Structure */ 203 sd->scr[1] = 0x2f; /* SD Security Support */ 204 sd->scr[2] = 0x00; 205 sd->scr[3] = 0x00; 206 sd->scr[4] = 0x00; 207 sd->scr[5] = 0x00; 208 sd->scr[6] = 0x00; 209 sd->scr[7] = 0x00; 210 } 211 212 #define MID 0xaa 213 #define OID "XY" 214 #define PNM "QEMU!" 215 #define PRV 0x01 216 #define MDT_YR 2006 217 #define MDT_MON 2 218 219 static void sd_set_cid(SDState *sd) 220 { 221 sd->cid[0] = MID; /* Fake card manufacturer ID (MID) */ 222 sd->cid[1] = OID[0]; /* OEM/Application ID (OID) */ 223 sd->cid[2] = OID[1]; 224 sd->cid[3] = PNM[0]; /* Fake product name (PNM) */ 225 sd->cid[4] = PNM[1]; 226 sd->cid[5] = PNM[2]; 227 sd->cid[6] = PNM[3]; 228 sd->cid[7] = PNM[4]; 229 sd->cid[8] = PRV; /* Fake product revision (PRV) */ 230 sd->cid[9] = 0xde; /* Fake serial number (PSN) */ 231 sd->cid[10] = 0xad; 232 sd->cid[11] = 0xbe; 233 sd->cid[12] = 0xef; 234 sd->cid[13] = 0x00 | /* Manufacture date (MDT) */ 235 ((MDT_YR - 2000) / 10); 236 sd->cid[14] = ((MDT_YR % 10) << 4) | MDT_MON; 237 sd->cid[15] = (sd_crc7(sd->cid, 15) << 1) | 1; 238 } 239 240 #define HWBLOCK_SHIFT 9 /* 512 bytes */ 241 #define SECTOR_SHIFT 5 /* 16 kilobytes */ 242 #define WPGROUP_SHIFT 7 /* 2 megs */ 243 #define CMULT_SHIFT 9 /* 512 times HWBLOCK_SIZE */ 244 #define WPGROUP_SIZE (1 << (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT)) 245 246 static const uint8_t sd_csd_rw_mask[16] = { 247 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 248 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xfc, 0xfe, 249 }; 250 251 static void sd_set_csd(SDState *sd, uint64_t size) 252 { 253 uint32_t csize = (size >> (CMULT_SHIFT + HWBLOCK_SHIFT)) - 1; 254 uint32_t sectsize = (1 << (SECTOR_SHIFT + 1)) - 1; 255 uint32_t wpsize = (1 << (WPGROUP_SHIFT + 1)) - 1; 256 257 if (size <= 0x40000000) { /* Standard Capacity SD */ 258 sd->csd[0] = 0x00; /* CSD structure */ 259 sd->csd[1] = 0x26; /* Data read access-time-1 */ 260 sd->csd[2] = 0x00; /* Data read access-time-2 */ 261 sd->csd[3] = 0x5a; /* Max. data transfer rate */ 262 sd->csd[4] = 0x5f; /* Card Command Classes */ 263 sd->csd[5] = 0x50 | /* Max. read data block length */ 264 HWBLOCK_SHIFT; 265 sd->csd[6] = 0xe0 | /* Partial block for read allowed */ 266 ((csize >> 10) & 0x03); 267 sd->csd[7] = 0x00 | /* Device size */ 268 ((csize >> 2) & 0xff); 269 sd->csd[8] = 0x3f | /* Max. read current */ 270 ((csize << 6) & 0xc0); 271 sd->csd[9] = 0xfc | /* Max. write current */ 272 ((CMULT_SHIFT - 2) >> 1); 273 sd->csd[10] = 0x40 | /* Erase sector size */ 274 (((CMULT_SHIFT - 2) << 7) & 0x80) | (sectsize >> 1); 275 sd->csd[11] = 0x00 | /* Write protect group size */ 276 ((sectsize << 7) & 0x80) | wpsize; 277 sd->csd[12] = 0x90 | /* Write speed factor */ 278 (HWBLOCK_SHIFT >> 2); 279 sd->csd[13] = 0x20 | /* Max. write data block length */ 280 ((HWBLOCK_SHIFT << 6) & 0xc0); 281 sd->csd[14] = 0x00; /* File format group */ 282 sd->csd[15] = (sd_crc7(sd->csd, 15) << 1) | 1; 283 } else { /* SDHC */ 284 size /= 512 * 1024; 285 size -= 1; 286 sd->csd[0] = 0x40; 287 sd->csd[1] = 0x0e; 288 sd->csd[2] = 0x00; 289 sd->csd[3] = 0x32; 290 sd->csd[4] = 0x5b; 291 sd->csd[5] = 0x59; 292 sd->csd[6] = 0x00; 293 sd->csd[7] = (size >> 16) & 0xff; 294 sd->csd[8] = (size >> 8) & 0xff; 295 sd->csd[9] = (size & 0xff); 296 sd->csd[10] = 0x7f; 297 sd->csd[11] = 0x80; 298 sd->csd[12] = 0x0a; 299 sd->csd[13] = 0x40; 300 sd->csd[14] = 0x00; 301 sd->csd[15] = 0x00; 302 sd->ocr |= 1 << 30; /* High Capacity SD Memory Card */ 303 } 304 } 305 306 static void sd_set_rca(SDState *sd) 307 { 308 sd->rca += 0x4567; 309 } 310 311 /* Card status bits, split by clear condition: 312 * A : According to the card current state 313 * B : Always related to the previous command 314 * C : Cleared by read 315 */ 316 #define CARD_STATUS_A 0x02004100 317 #define CARD_STATUS_B 0x00c01e00 318 #define CARD_STATUS_C 0xfd39a028 319 320 static void sd_set_cardstatus(SDState *sd) 321 { 322 sd->card_status = 0x00000100; 323 } 324 325 static void sd_set_sdstatus(SDState *sd) 326 { 327 memset(sd->sd_status, 0, 64); 328 } 329 330 static int sd_req_crc_validate(SDRequest *req) 331 { 332 uint8_t buffer[5]; 333 buffer[0] = 0x40 | req->cmd; 334 buffer[1] = (req->arg >> 24) & 0xff; 335 buffer[2] = (req->arg >> 16) & 0xff; 336 buffer[3] = (req->arg >> 8) & 0xff; 337 buffer[4] = (req->arg >> 0) & 0xff; 338 return 0; 339 return sd_crc7(buffer, 5) != req->crc; /* TODO */ 340 } 341 342 static void sd_response_r1_make(SDState *sd, uint8_t *response) 343 { 344 uint32_t status = sd->card_status; 345 /* Clear the "clear on read" status bits */ 346 sd->card_status &= ~CARD_STATUS_C; 347 348 response[0] = (status >> 24) & 0xff; 349 response[1] = (status >> 16) & 0xff; 350 response[2] = (status >> 8) & 0xff; 351 response[3] = (status >> 0) & 0xff; 352 } 353 354 static void sd_response_r3_make(SDState *sd, uint8_t *response) 355 { 356 response[0] = (sd->ocr >> 24) & 0xff; 357 response[1] = (sd->ocr >> 16) & 0xff; 358 response[2] = (sd->ocr >> 8) & 0xff; 359 response[3] = (sd->ocr >> 0) & 0xff; 360 } 361 362 static void sd_response_r6_make(SDState *sd, uint8_t *response) 363 { 364 uint16_t arg; 365 uint16_t status; 366 367 arg = sd->rca; 368 status = ((sd->card_status >> 8) & 0xc000) | 369 ((sd->card_status >> 6) & 0x2000) | 370 (sd->card_status & 0x1fff); 371 sd->card_status &= ~(CARD_STATUS_C & 0xc81fff); 372 373 response[0] = (arg >> 8) & 0xff; 374 response[1] = arg & 0xff; 375 response[2] = (status >> 8) & 0xff; 376 response[3] = status & 0xff; 377 } 378 379 static void sd_response_r7_make(SDState *sd, uint8_t *response) 380 { 381 response[0] = (sd->vhs >> 24) & 0xff; 382 response[1] = (sd->vhs >> 16) & 0xff; 383 response[2] = (sd->vhs >> 8) & 0xff; 384 response[3] = (sd->vhs >> 0) & 0xff; 385 } 386 387 static inline uint64_t sd_addr_to_wpnum(uint64_t addr) 388 { 389 return addr >> (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT); 390 } 391 392 static void sd_reset(SDState *sd) 393 { 394 uint64_t size; 395 uint64_t sect; 396 397 if (sd->blk) { 398 blk_get_geometry(sd->blk, §); 399 } else { 400 sect = 0; 401 } 402 size = sect << 9; 403 404 sect = sd_addr_to_wpnum(size) + 1; 405 406 sd->state = sd_idle_state; 407 sd->rca = 0x0000; 408 sd_set_ocr(sd); 409 sd_set_scr(sd); 410 sd_set_cid(sd); 411 sd_set_csd(sd, size); 412 sd_set_cardstatus(sd); 413 sd_set_sdstatus(sd); 414 415 g_free(sd->wp_groups); 416 sd->wp_switch = sd->blk ? blk_is_read_only(sd->blk) : false; 417 sd->wpgrps_size = sect; 418 sd->wp_groups = bitmap_new(sd->wpgrps_size); 419 memset(sd->function_group, 0, sizeof(sd->function_group)); 420 sd->erase_start = 0; 421 sd->erase_end = 0; 422 sd->size = size; 423 sd->blk_len = 0x200; 424 sd->pwd_len = 0; 425 sd->expecting_acmd = false; 426 } 427 428 static void sd_cardchange(void *opaque, bool load) 429 { 430 SDState *sd = opaque; 431 432 qemu_set_irq(sd->inserted_cb, blk_is_inserted(sd->blk)); 433 if (blk_is_inserted(sd->blk)) { 434 sd_reset(sd); 435 qemu_set_irq(sd->readonly_cb, sd->wp_switch); 436 } 437 } 438 439 static const BlockDevOps sd_block_ops = { 440 .change_media_cb = sd_cardchange, 441 }; 442 443 static const VMStateDescription sd_vmstate = { 444 .name = "sd-card", 445 .version_id = 1, 446 .minimum_version_id = 1, 447 .fields = (VMStateField[]) { 448 VMSTATE_UINT32(mode, SDState), 449 VMSTATE_INT32(state, SDState), 450 VMSTATE_UINT8_ARRAY(cid, SDState, 16), 451 VMSTATE_UINT8_ARRAY(csd, SDState, 16), 452 VMSTATE_UINT16(rca, SDState), 453 VMSTATE_UINT32(card_status, SDState), 454 VMSTATE_PARTIAL_BUFFER(sd_status, SDState, 1), 455 VMSTATE_UINT32(vhs, SDState), 456 VMSTATE_BITMAP(wp_groups, SDState, 0, wpgrps_size), 457 VMSTATE_UINT32(blk_len, SDState), 458 VMSTATE_UINT32(erase_start, SDState), 459 VMSTATE_UINT32(erase_end, SDState), 460 VMSTATE_UINT8_ARRAY(pwd, SDState, 16), 461 VMSTATE_UINT32(pwd_len, SDState), 462 VMSTATE_UINT8_ARRAY(function_group, SDState, 6), 463 VMSTATE_UINT8(current_cmd, SDState), 464 VMSTATE_BOOL(expecting_acmd, SDState), 465 VMSTATE_UINT32(blk_written, SDState), 466 VMSTATE_UINT64(data_start, SDState), 467 VMSTATE_UINT32(data_offset, SDState), 468 VMSTATE_UINT8_ARRAY(data, SDState, 512), 469 VMSTATE_BUFFER_POINTER_UNSAFE(buf, SDState, 1, 512), 470 VMSTATE_BOOL(enable, SDState), 471 VMSTATE_END_OF_LIST() 472 } 473 }; 474 475 /* We do not model the chip select pin, so allow the board to select 476 whether card should be in SSI or MMC/SD mode. It is also up to the 477 board to ensure that ssi transfers only occur when the chip select 478 is asserted. */ 479 SDState *sd_init(BlockBackend *blk, bool is_spi) 480 { 481 SDState *sd; 482 483 if (blk && blk_is_read_only(blk)) { 484 fprintf(stderr, "sd_init: Cannot use read-only drive\n"); 485 return NULL; 486 } 487 488 sd = (SDState *) g_malloc0(sizeof(SDState)); 489 sd->buf = blk_blockalign(blk, 512); 490 sd->spi = is_spi; 491 sd->enable = true; 492 sd->blk = blk; 493 sd_reset(sd); 494 if (sd->blk) { 495 /* Attach dev if not already attached. (This call ignores an 496 * error return code if sd->blk is already attached.) */ 497 /* FIXME ignoring blk_attach_dev() failure is dangerously brittle */ 498 blk_attach_dev(sd->blk, sd); 499 blk_set_dev_ops(sd->blk, &sd_block_ops, sd); 500 } 501 vmstate_register(NULL, -1, &sd_vmstate, sd); 502 return sd; 503 } 504 505 void sd_set_cb(SDState *sd, qemu_irq readonly, qemu_irq insert) 506 { 507 sd->readonly_cb = readonly; 508 sd->inserted_cb = insert; 509 qemu_set_irq(readonly, sd->blk ? blk_is_read_only(sd->blk) : 0); 510 qemu_set_irq(insert, sd->blk ? blk_is_inserted(sd->blk) : 0); 511 } 512 513 static void sd_erase(SDState *sd) 514 { 515 int i; 516 uint64_t erase_start = sd->erase_start; 517 uint64_t erase_end = sd->erase_end; 518 519 if (!sd->erase_start || !sd->erase_end) { 520 sd->card_status |= ERASE_SEQ_ERROR; 521 return; 522 } 523 524 if (extract32(sd->ocr, OCR_CCS_BITN, 1)) { 525 /* High capacity memory card: erase units are 512 byte blocks */ 526 erase_start *= 512; 527 erase_end *= 512; 528 } 529 530 erase_start = sd_addr_to_wpnum(erase_start); 531 erase_end = sd_addr_to_wpnum(erase_end); 532 sd->erase_start = 0; 533 sd->erase_end = 0; 534 sd->csd[14] |= 0x40; 535 536 for (i = erase_start; i <= erase_end; i++) { 537 if (test_bit(i, sd->wp_groups)) { 538 sd->card_status |= WP_ERASE_SKIP; 539 } 540 } 541 } 542 543 static uint32_t sd_wpbits(SDState *sd, uint64_t addr) 544 { 545 uint32_t i, wpnum; 546 uint32_t ret = 0; 547 548 wpnum = sd_addr_to_wpnum(addr); 549 550 for (i = 0; i < 32; i++, wpnum++, addr += WPGROUP_SIZE) { 551 if (addr < sd->size && test_bit(wpnum, sd->wp_groups)) { 552 ret |= (1 << i); 553 } 554 } 555 556 return ret; 557 } 558 559 static void sd_function_switch(SDState *sd, uint32_t arg) 560 { 561 int i, mode, new_func, crc; 562 mode = !!(arg & 0x80000000); 563 564 sd->data[0] = 0x00; /* Maximum current consumption */ 565 sd->data[1] = 0x01; 566 sd->data[2] = 0x80; /* Supported group 6 functions */ 567 sd->data[3] = 0x01; 568 sd->data[4] = 0x80; /* Supported group 5 functions */ 569 sd->data[5] = 0x01; 570 sd->data[6] = 0x80; /* Supported group 4 functions */ 571 sd->data[7] = 0x01; 572 sd->data[8] = 0x80; /* Supported group 3 functions */ 573 sd->data[9] = 0x01; 574 sd->data[10] = 0x80; /* Supported group 2 functions */ 575 sd->data[11] = 0x43; 576 sd->data[12] = 0x80; /* Supported group 1 functions */ 577 sd->data[13] = 0x03; 578 for (i = 0; i < 6; i ++) { 579 new_func = (arg >> (i * 4)) & 0x0f; 580 if (mode && new_func != 0x0f) 581 sd->function_group[i] = new_func; 582 sd->data[14 + (i >> 1)] = new_func << ((i * 4) & 4); 583 } 584 memset(&sd->data[17], 0, 47); 585 crc = sd_crc16(sd->data, 64); 586 sd->data[65] = crc >> 8; 587 sd->data[66] = crc & 0xff; 588 } 589 590 static inline bool sd_wp_addr(SDState *sd, uint64_t addr) 591 { 592 return test_bit(sd_addr_to_wpnum(addr), sd->wp_groups); 593 } 594 595 static void sd_lock_command(SDState *sd) 596 { 597 int erase, lock, clr_pwd, set_pwd, pwd_len; 598 erase = !!(sd->data[0] & 0x08); 599 lock = sd->data[0] & 0x04; 600 clr_pwd = sd->data[0] & 0x02; 601 set_pwd = sd->data[0] & 0x01; 602 603 if (sd->blk_len > 1) 604 pwd_len = sd->data[1]; 605 else 606 pwd_len = 0; 607 608 if (erase) { 609 if (!(sd->card_status & CARD_IS_LOCKED) || sd->blk_len > 1 || 610 set_pwd || clr_pwd || lock || sd->wp_switch || 611 (sd->csd[14] & 0x20)) { 612 sd->card_status |= LOCK_UNLOCK_FAILED; 613 return; 614 } 615 bitmap_zero(sd->wp_groups, sd->wpgrps_size); 616 sd->csd[14] &= ~0x10; 617 sd->card_status &= ~CARD_IS_LOCKED; 618 sd->pwd_len = 0; 619 /* Erasing the entire card here! */ 620 fprintf(stderr, "SD: Card force-erased by CMD42\n"); 621 return; 622 } 623 624 if (sd->blk_len < 2 + pwd_len || 625 pwd_len <= sd->pwd_len || 626 pwd_len > sd->pwd_len + 16) { 627 sd->card_status |= LOCK_UNLOCK_FAILED; 628 return; 629 } 630 631 if (sd->pwd_len && memcmp(sd->pwd, sd->data + 2, sd->pwd_len)) { 632 sd->card_status |= LOCK_UNLOCK_FAILED; 633 return; 634 } 635 636 pwd_len -= sd->pwd_len; 637 if ((pwd_len && !set_pwd) || 638 (clr_pwd && (set_pwd || lock)) || 639 (lock && !sd->pwd_len && !set_pwd) || 640 (!set_pwd && !clr_pwd && 641 (((sd->card_status & CARD_IS_LOCKED) && lock) || 642 (!(sd->card_status & CARD_IS_LOCKED) && !lock)))) { 643 sd->card_status |= LOCK_UNLOCK_FAILED; 644 return; 645 } 646 647 if (set_pwd) { 648 memcpy(sd->pwd, sd->data + 2 + sd->pwd_len, pwd_len); 649 sd->pwd_len = pwd_len; 650 } 651 652 if (clr_pwd) { 653 sd->pwd_len = 0; 654 } 655 656 if (lock) 657 sd->card_status |= CARD_IS_LOCKED; 658 else 659 sd->card_status &= ~CARD_IS_LOCKED; 660 } 661 662 static sd_rsp_type_t sd_normal_command(SDState *sd, 663 SDRequest req) 664 { 665 uint32_t rca = 0x0000; 666 uint64_t addr = (sd->ocr & (1 << 30)) ? (uint64_t) req.arg << 9 : req.arg; 667 668 /* Not interpreting this as an app command */ 669 sd->card_status &= ~APP_CMD; 670 671 if (sd_cmd_type[req.cmd] == sd_ac || sd_cmd_type[req.cmd] == sd_adtc) 672 rca = req.arg >> 16; 673 674 DPRINTF("CMD%d 0x%08x state %d\n", req.cmd, req.arg, sd->state); 675 switch (req.cmd) { 676 /* Basic commands (Class 0 and Class 1) */ 677 case 0: /* CMD0: GO_IDLE_STATE */ 678 switch (sd->state) { 679 case sd_inactive_state: 680 return sd->spi ? sd_r1 : sd_r0; 681 682 default: 683 sd->state = sd_idle_state; 684 sd_reset(sd); 685 return sd->spi ? sd_r1 : sd_r0; 686 } 687 break; 688 689 case 1: /* CMD1: SEND_OP_CMD */ 690 if (!sd->spi) 691 goto bad_cmd; 692 693 sd->state = sd_transfer_state; 694 return sd_r1; 695 696 case 2: /* CMD2: ALL_SEND_CID */ 697 if (sd->spi) 698 goto bad_cmd; 699 switch (sd->state) { 700 case sd_ready_state: 701 sd->state = sd_identification_state; 702 return sd_r2_i; 703 704 default: 705 break; 706 } 707 break; 708 709 case 3: /* CMD3: SEND_RELATIVE_ADDR */ 710 if (sd->spi) 711 goto bad_cmd; 712 switch (sd->state) { 713 case sd_identification_state: 714 case sd_standby_state: 715 sd->state = sd_standby_state; 716 sd_set_rca(sd); 717 return sd_r6; 718 719 default: 720 break; 721 } 722 break; 723 724 case 4: /* CMD4: SEND_DSR */ 725 if (sd->spi) 726 goto bad_cmd; 727 switch (sd->state) { 728 case sd_standby_state: 729 break; 730 731 default: 732 break; 733 } 734 break; 735 736 case 5: /* CMD5: reserved for SDIO cards */ 737 return sd_illegal; 738 739 case 6: /* CMD6: SWITCH_FUNCTION */ 740 if (sd->spi) 741 goto bad_cmd; 742 switch (sd->mode) { 743 case sd_data_transfer_mode: 744 sd_function_switch(sd, req.arg); 745 sd->state = sd_sendingdata_state; 746 sd->data_start = 0; 747 sd->data_offset = 0; 748 return sd_r1; 749 750 default: 751 break; 752 } 753 break; 754 755 case 7: /* CMD7: SELECT/DESELECT_CARD */ 756 if (sd->spi) 757 goto bad_cmd; 758 switch (sd->state) { 759 case sd_standby_state: 760 if (sd->rca != rca) 761 return sd_r0; 762 763 sd->state = sd_transfer_state; 764 return sd_r1b; 765 766 case sd_transfer_state: 767 case sd_sendingdata_state: 768 if (sd->rca == rca) 769 break; 770 771 sd->state = sd_standby_state; 772 return sd_r1b; 773 774 case sd_disconnect_state: 775 if (sd->rca != rca) 776 return sd_r0; 777 778 sd->state = sd_programming_state; 779 return sd_r1b; 780 781 case sd_programming_state: 782 if (sd->rca == rca) 783 break; 784 785 sd->state = sd_disconnect_state; 786 return sd_r1b; 787 788 default: 789 break; 790 } 791 break; 792 793 case 8: /* CMD8: SEND_IF_COND */ 794 /* Physical Layer Specification Version 2.00 command */ 795 switch (sd->state) { 796 case sd_idle_state: 797 sd->vhs = 0; 798 799 /* No response if not exactly one VHS bit is set. */ 800 if (!(req.arg >> 8) || (req.arg >> (ctz32(req.arg & ~0xff) + 1))) { 801 return sd->spi ? sd_r7 : sd_r0; 802 } 803 804 /* Accept. */ 805 sd->vhs = req.arg; 806 return sd_r7; 807 808 default: 809 break; 810 } 811 break; 812 813 case 9: /* CMD9: SEND_CSD */ 814 switch (sd->state) { 815 case sd_standby_state: 816 if (sd->rca != rca) 817 return sd_r0; 818 819 return sd_r2_s; 820 821 case sd_transfer_state: 822 if (!sd->spi) 823 break; 824 sd->state = sd_sendingdata_state; 825 memcpy(sd->data, sd->csd, 16); 826 sd->data_start = addr; 827 sd->data_offset = 0; 828 return sd_r1; 829 830 default: 831 break; 832 } 833 break; 834 835 case 10: /* CMD10: SEND_CID */ 836 switch (sd->state) { 837 case sd_standby_state: 838 if (sd->rca != rca) 839 return sd_r0; 840 841 return sd_r2_i; 842 843 case sd_transfer_state: 844 if (!sd->spi) 845 break; 846 sd->state = sd_sendingdata_state; 847 memcpy(sd->data, sd->cid, 16); 848 sd->data_start = addr; 849 sd->data_offset = 0; 850 return sd_r1; 851 852 default: 853 break; 854 } 855 break; 856 857 case 11: /* CMD11: READ_DAT_UNTIL_STOP */ 858 if (sd->spi) 859 goto bad_cmd; 860 switch (sd->state) { 861 case sd_transfer_state: 862 sd->state = sd_sendingdata_state; 863 sd->data_start = req.arg; 864 sd->data_offset = 0; 865 866 if (sd->data_start + sd->blk_len > sd->size) 867 sd->card_status |= ADDRESS_ERROR; 868 return sd_r0; 869 870 default: 871 break; 872 } 873 break; 874 875 case 12: /* CMD12: STOP_TRANSMISSION */ 876 switch (sd->state) { 877 case sd_sendingdata_state: 878 sd->state = sd_transfer_state; 879 return sd_r1b; 880 881 case sd_receivingdata_state: 882 sd->state = sd_programming_state; 883 /* Bzzzzzzztt .... Operation complete. */ 884 sd->state = sd_transfer_state; 885 return sd_r1b; 886 887 default: 888 break; 889 } 890 break; 891 892 case 13: /* CMD13: SEND_STATUS */ 893 switch (sd->mode) { 894 case sd_data_transfer_mode: 895 if (sd->rca != rca) 896 return sd_r0; 897 898 return sd_r1; 899 900 default: 901 break; 902 } 903 break; 904 905 case 15: /* CMD15: GO_INACTIVE_STATE */ 906 if (sd->spi) 907 goto bad_cmd; 908 switch (sd->mode) { 909 case sd_data_transfer_mode: 910 if (sd->rca != rca) 911 return sd_r0; 912 913 sd->state = sd_inactive_state; 914 return sd_r0; 915 916 default: 917 break; 918 } 919 break; 920 921 /* Block read commands (Classs 2) */ 922 case 16: /* CMD16: SET_BLOCKLEN */ 923 switch (sd->state) { 924 case sd_transfer_state: 925 if (req.arg > (1 << HWBLOCK_SHIFT)) 926 sd->card_status |= BLOCK_LEN_ERROR; 927 else 928 sd->blk_len = req.arg; 929 930 return sd_r1; 931 932 default: 933 break; 934 } 935 break; 936 937 case 17: /* CMD17: READ_SINGLE_BLOCK */ 938 switch (sd->state) { 939 case sd_transfer_state: 940 sd->state = sd_sendingdata_state; 941 sd->data_start = addr; 942 sd->data_offset = 0; 943 944 if (sd->data_start + sd->blk_len > sd->size) 945 sd->card_status |= ADDRESS_ERROR; 946 return sd_r1; 947 948 default: 949 break; 950 } 951 break; 952 953 case 18: /* CMD18: READ_MULTIPLE_BLOCK */ 954 switch (sd->state) { 955 case sd_transfer_state: 956 sd->state = sd_sendingdata_state; 957 sd->data_start = addr; 958 sd->data_offset = 0; 959 960 if (sd->data_start + sd->blk_len > sd->size) 961 sd->card_status |= ADDRESS_ERROR; 962 return sd_r1; 963 964 default: 965 break; 966 } 967 break; 968 969 /* Block write commands (Class 4) */ 970 case 24: /* CMD24: WRITE_SINGLE_BLOCK */ 971 if (sd->spi) 972 goto unimplemented_cmd; 973 switch (sd->state) { 974 case sd_transfer_state: 975 /* Writing in SPI mode not implemented. */ 976 if (sd->spi) 977 break; 978 sd->state = sd_receivingdata_state; 979 sd->data_start = addr; 980 sd->data_offset = 0; 981 sd->blk_written = 0; 982 983 if (sd->data_start + sd->blk_len > sd->size) 984 sd->card_status |= ADDRESS_ERROR; 985 if (sd_wp_addr(sd, sd->data_start)) 986 sd->card_status |= WP_VIOLATION; 987 if (sd->csd[14] & 0x30) 988 sd->card_status |= WP_VIOLATION; 989 return sd_r1; 990 991 default: 992 break; 993 } 994 break; 995 996 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */ 997 if (sd->spi) 998 goto unimplemented_cmd; 999 switch (sd->state) { 1000 case sd_transfer_state: 1001 /* Writing in SPI mode not implemented. */ 1002 if (sd->spi) 1003 break; 1004 sd->state = sd_receivingdata_state; 1005 sd->data_start = addr; 1006 sd->data_offset = 0; 1007 sd->blk_written = 0; 1008 1009 if (sd->data_start + sd->blk_len > sd->size) 1010 sd->card_status |= ADDRESS_ERROR; 1011 if (sd_wp_addr(sd, sd->data_start)) 1012 sd->card_status |= WP_VIOLATION; 1013 if (sd->csd[14] & 0x30) 1014 sd->card_status |= WP_VIOLATION; 1015 return sd_r1; 1016 1017 default: 1018 break; 1019 } 1020 break; 1021 1022 case 26: /* CMD26: PROGRAM_CID */ 1023 if (sd->spi) 1024 goto bad_cmd; 1025 switch (sd->state) { 1026 case sd_transfer_state: 1027 sd->state = sd_receivingdata_state; 1028 sd->data_start = 0; 1029 sd->data_offset = 0; 1030 return sd_r1; 1031 1032 default: 1033 break; 1034 } 1035 break; 1036 1037 case 27: /* CMD27: PROGRAM_CSD */ 1038 if (sd->spi) 1039 goto unimplemented_cmd; 1040 switch (sd->state) { 1041 case sd_transfer_state: 1042 sd->state = sd_receivingdata_state; 1043 sd->data_start = 0; 1044 sd->data_offset = 0; 1045 return sd_r1; 1046 1047 default: 1048 break; 1049 } 1050 break; 1051 1052 /* Write protection (Class 6) */ 1053 case 28: /* CMD28: SET_WRITE_PROT */ 1054 switch (sd->state) { 1055 case sd_transfer_state: 1056 if (addr >= sd->size) { 1057 sd->card_status |= ADDRESS_ERROR; 1058 return sd_r1b; 1059 } 1060 1061 sd->state = sd_programming_state; 1062 set_bit(sd_addr_to_wpnum(addr), sd->wp_groups); 1063 /* Bzzzzzzztt .... Operation complete. */ 1064 sd->state = sd_transfer_state; 1065 return sd_r1b; 1066 1067 default: 1068 break; 1069 } 1070 break; 1071 1072 case 29: /* CMD29: CLR_WRITE_PROT */ 1073 switch (sd->state) { 1074 case sd_transfer_state: 1075 if (addr >= sd->size) { 1076 sd->card_status |= ADDRESS_ERROR; 1077 return sd_r1b; 1078 } 1079 1080 sd->state = sd_programming_state; 1081 clear_bit(sd_addr_to_wpnum(addr), sd->wp_groups); 1082 /* Bzzzzzzztt .... Operation complete. */ 1083 sd->state = sd_transfer_state; 1084 return sd_r1b; 1085 1086 default: 1087 break; 1088 } 1089 break; 1090 1091 case 30: /* CMD30: SEND_WRITE_PROT */ 1092 switch (sd->state) { 1093 case sd_transfer_state: 1094 sd->state = sd_sendingdata_state; 1095 *(uint32_t *) sd->data = sd_wpbits(sd, req.arg); 1096 sd->data_start = addr; 1097 sd->data_offset = 0; 1098 return sd_r1b; 1099 1100 default: 1101 break; 1102 } 1103 break; 1104 1105 /* Erase commands (Class 5) */ 1106 case 32: /* CMD32: ERASE_WR_BLK_START */ 1107 switch (sd->state) { 1108 case sd_transfer_state: 1109 sd->erase_start = req.arg; 1110 return sd_r1; 1111 1112 default: 1113 break; 1114 } 1115 break; 1116 1117 case 33: /* CMD33: ERASE_WR_BLK_END */ 1118 switch (sd->state) { 1119 case sd_transfer_state: 1120 sd->erase_end = req.arg; 1121 return sd_r1; 1122 1123 default: 1124 break; 1125 } 1126 break; 1127 1128 case 38: /* CMD38: ERASE */ 1129 switch (sd->state) { 1130 case sd_transfer_state: 1131 if (sd->csd[14] & 0x30) { 1132 sd->card_status |= WP_VIOLATION; 1133 return sd_r1b; 1134 } 1135 1136 sd->state = sd_programming_state; 1137 sd_erase(sd); 1138 /* Bzzzzzzztt .... Operation complete. */ 1139 sd->state = sd_transfer_state; 1140 return sd_r1b; 1141 1142 default: 1143 break; 1144 } 1145 break; 1146 1147 /* Lock card commands (Class 7) */ 1148 case 42: /* CMD42: LOCK_UNLOCK */ 1149 if (sd->spi) 1150 goto unimplemented_cmd; 1151 switch (sd->state) { 1152 case sd_transfer_state: 1153 sd->state = sd_receivingdata_state; 1154 sd->data_start = 0; 1155 sd->data_offset = 0; 1156 return sd_r1; 1157 1158 default: 1159 break; 1160 } 1161 break; 1162 1163 case 52: 1164 case 53: 1165 /* CMD52, CMD53: reserved for SDIO cards 1166 * (see the SDIO Simplified Specification V2.0) 1167 * Handle as illegal command but do not complain 1168 * on stderr, as some OSes may use these in their 1169 * probing for presence of an SDIO card. 1170 */ 1171 return sd_illegal; 1172 1173 /* Application specific commands (Class 8) */ 1174 case 55: /* CMD55: APP_CMD */ 1175 if (sd->rca != rca) 1176 return sd_r0; 1177 1178 sd->expecting_acmd = true; 1179 sd->card_status |= APP_CMD; 1180 return sd_r1; 1181 1182 case 56: /* CMD56: GEN_CMD */ 1183 fprintf(stderr, "SD: GEN_CMD 0x%08x\n", req.arg); 1184 1185 switch (sd->state) { 1186 case sd_transfer_state: 1187 sd->data_offset = 0; 1188 if (req.arg & 1) 1189 sd->state = sd_sendingdata_state; 1190 else 1191 sd->state = sd_receivingdata_state; 1192 return sd_r1; 1193 1194 default: 1195 break; 1196 } 1197 break; 1198 1199 default: 1200 bad_cmd: 1201 fprintf(stderr, "SD: Unknown CMD%i\n", req.cmd); 1202 return sd_illegal; 1203 1204 unimplemented_cmd: 1205 /* Commands that are recognised but not yet implemented in SPI mode. */ 1206 fprintf(stderr, "SD: CMD%i not implemented in SPI mode\n", req.cmd); 1207 return sd_illegal; 1208 } 1209 1210 fprintf(stderr, "SD: CMD%i in a wrong state\n", req.cmd); 1211 return sd_illegal; 1212 } 1213 1214 static sd_rsp_type_t sd_app_command(SDState *sd, 1215 SDRequest req) 1216 { 1217 DPRINTF("ACMD%d 0x%08x\n", req.cmd, req.arg); 1218 sd->card_status |= APP_CMD; 1219 switch (req.cmd) { 1220 case 6: /* ACMD6: SET_BUS_WIDTH */ 1221 switch (sd->state) { 1222 case sd_transfer_state: 1223 sd->sd_status[0] &= 0x3f; 1224 sd->sd_status[0] |= (req.arg & 0x03) << 6; 1225 return sd_r1; 1226 1227 default: 1228 break; 1229 } 1230 break; 1231 1232 case 13: /* ACMD13: SD_STATUS */ 1233 switch (sd->state) { 1234 case sd_transfer_state: 1235 sd->state = sd_sendingdata_state; 1236 sd->data_start = 0; 1237 sd->data_offset = 0; 1238 return sd_r1; 1239 1240 default: 1241 break; 1242 } 1243 break; 1244 1245 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */ 1246 switch (sd->state) { 1247 case sd_transfer_state: 1248 *(uint32_t *) sd->data = sd->blk_written; 1249 1250 sd->state = sd_sendingdata_state; 1251 sd->data_start = 0; 1252 sd->data_offset = 0; 1253 return sd_r1; 1254 1255 default: 1256 break; 1257 } 1258 break; 1259 1260 case 23: /* ACMD23: SET_WR_BLK_ERASE_COUNT */ 1261 switch (sd->state) { 1262 case sd_transfer_state: 1263 return sd_r1; 1264 1265 default: 1266 break; 1267 } 1268 break; 1269 1270 case 41: /* ACMD41: SD_APP_OP_COND */ 1271 if (sd->spi) { 1272 /* SEND_OP_CMD */ 1273 sd->state = sd_transfer_state; 1274 return sd_r1; 1275 } 1276 switch (sd->state) { 1277 case sd_idle_state: 1278 /* We accept any voltage. 10000 V is nothing. 1279 * 1280 * We don't model init delay so just advance straight to ready state 1281 * unless it's an enquiry ACMD41 (bits 23:0 == 0). 1282 */ 1283 if (req.arg & ACMD41_ENQUIRY_MASK) { 1284 sd->state = sd_ready_state; 1285 } 1286 1287 return sd_r3; 1288 1289 default: 1290 break; 1291 } 1292 break; 1293 1294 case 42: /* ACMD42: SET_CLR_CARD_DETECT */ 1295 switch (sd->state) { 1296 case sd_transfer_state: 1297 /* Bringing in the 50KOhm pull-up resistor... Done. */ 1298 return sd_r1; 1299 1300 default: 1301 break; 1302 } 1303 break; 1304 1305 case 51: /* ACMD51: SEND_SCR */ 1306 switch (sd->state) { 1307 case sd_transfer_state: 1308 sd->state = sd_sendingdata_state; 1309 sd->data_start = 0; 1310 sd->data_offset = 0; 1311 return sd_r1; 1312 1313 default: 1314 break; 1315 } 1316 break; 1317 1318 default: 1319 /* Fall back to standard commands. */ 1320 return sd_normal_command(sd, req); 1321 } 1322 1323 fprintf(stderr, "SD: ACMD%i in a wrong state\n", req.cmd); 1324 return sd_illegal; 1325 } 1326 1327 static int cmd_valid_while_locked(SDState *sd, SDRequest *req) 1328 { 1329 /* Valid commands in locked state: 1330 * basic class (0) 1331 * lock card class (7) 1332 * CMD16 1333 * implicitly, the ACMD prefix CMD55 1334 * ACMD41 and ACMD42 1335 * Anything else provokes an "illegal command" response. 1336 */ 1337 if (sd->expecting_acmd) { 1338 return req->cmd == 41 || req->cmd == 42; 1339 } 1340 if (req->cmd == 16 || req->cmd == 55) { 1341 return 1; 1342 } 1343 return sd_cmd_class[req->cmd] == 0 || sd_cmd_class[req->cmd] == 7; 1344 } 1345 1346 int sd_do_command(SDState *sd, SDRequest *req, 1347 uint8_t *response) { 1348 int last_state; 1349 sd_rsp_type_t rtype; 1350 int rsplen; 1351 1352 if (!sd->blk || !blk_is_inserted(sd->blk) || !sd->enable) { 1353 return 0; 1354 } 1355 1356 if (sd_req_crc_validate(req)) { 1357 sd->card_status |= COM_CRC_ERROR; 1358 rtype = sd_illegal; 1359 goto send_response; 1360 } 1361 1362 if (sd->card_status & CARD_IS_LOCKED) { 1363 if (!cmd_valid_while_locked(sd, req)) { 1364 sd->card_status |= ILLEGAL_COMMAND; 1365 sd->expecting_acmd = false; 1366 fprintf(stderr, "SD: Card is locked\n"); 1367 rtype = sd_illegal; 1368 goto send_response; 1369 } 1370 } 1371 1372 last_state = sd->state; 1373 sd_set_mode(sd); 1374 1375 if (sd->expecting_acmd) { 1376 sd->expecting_acmd = false; 1377 rtype = sd_app_command(sd, *req); 1378 } else { 1379 rtype = sd_normal_command(sd, *req); 1380 } 1381 1382 if (rtype == sd_illegal) { 1383 sd->card_status |= ILLEGAL_COMMAND; 1384 } else { 1385 /* Valid command, we can update the 'state before command' bits. 1386 * (Do this now so they appear in r1 responses.) 1387 */ 1388 sd->current_cmd = req->cmd; 1389 sd->card_status &= ~CURRENT_STATE; 1390 sd->card_status |= (last_state << 9); 1391 } 1392 1393 send_response: 1394 switch (rtype) { 1395 case sd_r1: 1396 case sd_r1b: 1397 sd_response_r1_make(sd, response); 1398 rsplen = 4; 1399 break; 1400 1401 case sd_r2_i: 1402 memcpy(response, sd->cid, sizeof(sd->cid)); 1403 rsplen = 16; 1404 break; 1405 1406 case sd_r2_s: 1407 memcpy(response, sd->csd, sizeof(sd->csd)); 1408 rsplen = 16; 1409 break; 1410 1411 case sd_r3: 1412 sd_response_r3_make(sd, response); 1413 rsplen = 4; 1414 break; 1415 1416 case sd_r6: 1417 sd_response_r6_make(sd, response); 1418 rsplen = 4; 1419 break; 1420 1421 case sd_r7: 1422 sd_response_r7_make(sd, response); 1423 rsplen = 4; 1424 break; 1425 1426 case sd_r0: 1427 case sd_illegal: 1428 default: 1429 rsplen = 0; 1430 break; 1431 } 1432 1433 if (rtype != sd_illegal) { 1434 /* Clear the "clear on valid command" status bits now we've 1435 * sent any response 1436 */ 1437 sd->card_status &= ~CARD_STATUS_B; 1438 } 1439 1440 #ifdef DEBUG_SD 1441 if (rsplen) { 1442 int i; 1443 DPRINTF("Response:"); 1444 for (i = 0; i < rsplen; i++) 1445 fprintf(stderr, " %02x", response[i]); 1446 fprintf(stderr, " state %d\n", sd->state); 1447 } else { 1448 DPRINTF("No response %d\n", sd->state); 1449 } 1450 #endif 1451 1452 return rsplen; 1453 } 1454 1455 static void sd_blk_read(SDState *sd, uint64_t addr, uint32_t len) 1456 { 1457 uint64_t end = addr + len; 1458 1459 DPRINTF("sd_blk_read: addr = 0x%08llx, len = %d\n", 1460 (unsigned long long) addr, len); 1461 if (!sd->blk || blk_read(sd->blk, addr >> 9, sd->buf, 1) < 0) { 1462 fprintf(stderr, "sd_blk_read: read error on host side\n"); 1463 return; 1464 } 1465 1466 if (end > (addr & ~511) + 512) { 1467 memcpy(sd->data, sd->buf + (addr & 511), 512 - (addr & 511)); 1468 1469 if (blk_read(sd->blk, end >> 9, sd->buf, 1) < 0) { 1470 fprintf(stderr, "sd_blk_read: read error on host side\n"); 1471 return; 1472 } 1473 memcpy(sd->data + 512 - (addr & 511), sd->buf, end & 511); 1474 } else 1475 memcpy(sd->data, sd->buf + (addr & 511), len); 1476 } 1477 1478 static void sd_blk_write(SDState *sd, uint64_t addr, uint32_t len) 1479 { 1480 uint64_t end = addr + len; 1481 1482 if ((addr & 511) || len < 512) 1483 if (!sd->blk || blk_read(sd->blk, addr >> 9, sd->buf, 1) < 0) { 1484 fprintf(stderr, "sd_blk_write: read error on host side\n"); 1485 return; 1486 } 1487 1488 if (end > (addr & ~511) + 512) { 1489 memcpy(sd->buf + (addr & 511), sd->data, 512 - (addr & 511)); 1490 if (blk_write(sd->blk, addr >> 9, sd->buf, 1) < 0) { 1491 fprintf(stderr, "sd_blk_write: write error on host side\n"); 1492 return; 1493 } 1494 1495 if (blk_read(sd->blk, end >> 9, sd->buf, 1) < 0) { 1496 fprintf(stderr, "sd_blk_write: read error on host side\n"); 1497 return; 1498 } 1499 memcpy(sd->buf, sd->data + 512 - (addr & 511), end & 511); 1500 if (blk_write(sd->blk, end >> 9, sd->buf, 1) < 0) { 1501 fprintf(stderr, "sd_blk_write: write error on host side\n"); 1502 } 1503 } else { 1504 memcpy(sd->buf + (addr & 511), sd->data, len); 1505 if (!sd->blk || blk_write(sd->blk, addr >> 9, sd->buf, 1) < 0) { 1506 fprintf(stderr, "sd_blk_write: write error on host side\n"); 1507 } 1508 } 1509 } 1510 1511 #define BLK_READ_BLOCK(a, len) sd_blk_read(sd, a, len) 1512 #define BLK_WRITE_BLOCK(a, len) sd_blk_write(sd, a, len) 1513 #define APP_READ_BLOCK(a, len) memset(sd->data, 0xec, len) 1514 #define APP_WRITE_BLOCK(a, len) 1515 1516 void sd_write_data(SDState *sd, uint8_t value) 1517 { 1518 int i; 1519 1520 if (!sd->blk || !blk_is_inserted(sd->blk) || !sd->enable) 1521 return; 1522 1523 if (sd->state != sd_receivingdata_state) { 1524 fprintf(stderr, "sd_write_data: not in Receiving-Data state\n"); 1525 return; 1526 } 1527 1528 if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION)) 1529 return; 1530 1531 switch (sd->current_cmd) { 1532 case 24: /* CMD24: WRITE_SINGLE_BLOCK */ 1533 sd->data[sd->data_offset ++] = value; 1534 if (sd->data_offset >= sd->blk_len) { 1535 /* TODO: Check CRC before committing */ 1536 sd->state = sd_programming_state; 1537 BLK_WRITE_BLOCK(sd->data_start, sd->data_offset); 1538 sd->blk_written ++; 1539 sd->csd[14] |= 0x40; 1540 /* Bzzzzzzztt .... Operation complete. */ 1541 sd->state = sd_transfer_state; 1542 } 1543 break; 1544 1545 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */ 1546 if (sd->data_offset == 0) { 1547 /* Start of the block - let's check the address is valid */ 1548 if (sd->data_start + sd->blk_len > sd->size) { 1549 sd->card_status |= ADDRESS_ERROR; 1550 break; 1551 } 1552 if (sd_wp_addr(sd, sd->data_start)) { 1553 sd->card_status |= WP_VIOLATION; 1554 break; 1555 } 1556 } 1557 sd->data[sd->data_offset++] = value; 1558 if (sd->data_offset >= sd->blk_len) { 1559 /* TODO: Check CRC before committing */ 1560 sd->state = sd_programming_state; 1561 BLK_WRITE_BLOCK(sd->data_start, sd->data_offset); 1562 sd->blk_written++; 1563 sd->data_start += sd->blk_len; 1564 sd->data_offset = 0; 1565 sd->csd[14] |= 0x40; 1566 1567 /* Bzzzzzzztt .... Operation complete. */ 1568 sd->state = sd_receivingdata_state; 1569 } 1570 break; 1571 1572 case 26: /* CMD26: PROGRAM_CID */ 1573 sd->data[sd->data_offset ++] = value; 1574 if (sd->data_offset >= sizeof(sd->cid)) { 1575 /* TODO: Check CRC before committing */ 1576 sd->state = sd_programming_state; 1577 for (i = 0; i < sizeof(sd->cid); i ++) 1578 if ((sd->cid[i] | 0x00) != sd->data[i]) 1579 sd->card_status |= CID_CSD_OVERWRITE; 1580 1581 if (!(sd->card_status & CID_CSD_OVERWRITE)) 1582 for (i = 0; i < sizeof(sd->cid); i ++) { 1583 sd->cid[i] |= 0x00; 1584 sd->cid[i] &= sd->data[i]; 1585 } 1586 /* Bzzzzzzztt .... Operation complete. */ 1587 sd->state = sd_transfer_state; 1588 } 1589 break; 1590 1591 case 27: /* CMD27: PROGRAM_CSD */ 1592 sd->data[sd->data_offset ++] = value; 1593 if (sd->data_offset >= sizeof(sd->csd)) { 1594 /* TODO: Check CRC before committing */ 1595 sd->state = sd_programming_state; 1596 for (i = 0; i < sizeof(sd->csd); i ++) 1597 if ((sd->csd[i] | sd_csd_rw_mask[i]) != 1598 (sd->data[i] | sd_csd_rw_mask[i])) 1599 sd->card_status |= CID_CSD_OVERWRITE; 1600 1601 /* Copy flag (OTP) & Permanent write protect */ 1602 if (sd->csd[14] & ~sd->data[14] & 0x60) 1603 sd->card_status |= CID_CSD_OVERWRITE; 1604 1605 if (!(sd->card_status & CID_CSD_OVERWRITE)) 1606 for (i = 0; i < sizeof(sd->csd); i ++) { 1607 sd->csd[i] |= sd_csd_rw_mask[i]; 1608 sd->csd[i] &= sd->data[i]; 1609 } 1610 /* Bzzzzzzztt .... Operation complete. */ 1611 sd->state = sd_transfer_state; 1612 } 1613 break; 1614 1615 case 42: /* CMD42: LOCK_UNLOCK */ 1616 sd->data[sd->data_offset ++] = value; 1617 if (sd->data_offset >= sd->blk_len) { 1618 /* TODO: Check CRC before committing */ 1619 sd->state = sd_programming_state; 1620 sd_lock_command(sd); 1621 /* Bzzzzzzztt .... Operation complete. */ 1622 sd->state = sd_transfer_state; 1623 } 1624 break; 1625 1626 case 56: /* CMD56: GEN_CMD */ 1627 sd->data[sd->data_offset ++] = value; 1628 if (sd->data_offset >= sd->blk_len) { 1629 APP_WRITE_BLOCK(sd->data_start, sd->data_offset); 1630 sd->state = sd_transfer_state; 1631 } 1632 break; 1633 1634 default: 1635 fprintf(stderr, "sd_write_data: unknown command\n"); 1636 break; 1637 } 1638 } 1639 1640 uint8_t sd_read_data(SDState *sd) 1641 { 1642 /* TODO: Append CRCs */ 1643 uint8_t ret; 1644 int io_len; 1645 1646 if (!sd->blk || !blk_is_inserted(sd->blk) || !sd->enable) 1647 return 0x00; 1648 1649 if (sd->state != sd_sendingdata_state) { 1650 fprintf(stderr, "sd_read_data: not in Sending-Data state\n"); 1651 return 0x00; 1652 } 1653 1654 if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION)) 1655 return 0x00; 1656 1657 io_len = (sd->ocr & (1 << 30)) ? 512 : sd->blk_len; 1658 1659 switch (sd->current_cmd) { 1660 case 6: /* CMD6: SWITCH_FUNCTION */ 1661 ret = sd->data[sd->data_offset ++]; 1662 1663 if (sd->data_offset >= 64) 1664 sd->state = sd_transfer_state; 1665 break; 1666 1667 case 9: /* CMD9: SEND_CSD */ 1668 case 10: /* CMD10: SEND_CID */ 1669 ret = sd->data[sd->data_offset ++]; 1670 1671 if (sd->data_offset >= 16) 1672 sd->state = sd_transfer_state; 1673 break; 1674 1675 case 11: /* CMD11: READ_DAT_UNTIL_STOP */ 1676 if (sd->data_offset == 0) 1677 BLK_READ_BLOCK(sd->data_start, io_len); 1678 ret = sd->data[sd->data_offset ++]; 1679 1680 if (sd->data_offset >= io_len) { 1681 sd->data_start += io_len; 1682 sd->data_offset = 0; 1683 if (sd->data_start + io_len > sd->size) { 1684 sd->card_status |= ADDRESS_ERROR; 1685 break; 1686 } 1687 } 1688 break; 1689 1690 case 13: /* ACMD13: SD_STATUS */ 1691 ret = sd->sd_status[sd->data_offset ++]; 1692 1693 if (sd->data_offset >= sizeof(sd->sd_status)) 1694 sd->state = sd_transfer_state; 1695 break; 1696 1697 case 17: /* CMD17: READ_SINGLE_BLOCK */ 1698 if (sd->data_offset == 0) 1699 BLK_READ_BLOCK(sd->data_start, io_len); 1700 ret = sd->data[sd->data_offset ++]; 1701 1702 if (sd->data_offset >= io_len) 1703 sd->state = sd_transfer_state; 1704 break; 1705 1706 case 18: /* CMD18: READ_MULTIPLE_BLOCK */ 1707 if (sd->data_offset == 0) 1708 BLK_READ_BLOCK(sd->data_start, io_len); 1709 ret = sd->data[sd->data_offset ++]; 1710 1711 if (sd->data_offset >= io_len) { 1712 sd->data_start += io_len; 1713 sd->data_offset = 0; 1714 if (sd->data_start + io_len > sd->size) { 1715 sd->card_status |= ADDRESS_ERROR; 1716 break; 1717 } 1718 } 1719 break; 1720 1721 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */ 1722 ret = sd->data[sd->data_offset ++]; 1723 1724 if (sd->data_offset >= 4) 1725 sd->state = sd_transfer_state; 1726 break; 1727 1728 case 30: /* CMD30: SEND_WRITE_PROT */ 1729 ret = sd->data[sd->data_offset ++]; 1730 1731 if (sd->data_offset >= 4) 1732 sd->state = sd_transfer_state; 1733 break; 1734 1735 case 51: /* ACMD51: SEND_SCR */ 1736 ret = sd->scr[sd->data_offset ++]; 1737 1738 if (sd->data_offset >= sizeof(sd->scr)) 1739 sd->state = sd_transfer_state; 1740 break; 1741 1742 case 56: /* CMD56: GEN_CMD */ 1743 if (sd->data_offset == 0) 1744 APP_READ_BLOCK(sd->data_start, sd->blk_len); 1745 ret = sd->data[sd->data_offset ++]; 1746 1747 if (sd->data_offset >= sd->blk_len) 1748 sd->state = sd_transfer_state; 1749 break; 1750 1751 default: 1752 fprintf(stderr, "sd_read_data: unknown command\n"); 1753 return 0x00; 1754 } 1755 1756 return ret; 1757 } 1758 1759 bool sd_data_ready(SDState *sd) 1760 { 1761 return sd->state == sd_sendingdata_state; 1762 } 1763 1764 void sd_enable(SDState *sd, bool enable) 1765 { 1766 sd->enable = enable; 1767 } 1768