1 /* 2 * SD Memory Card emulation as defined in the "SD Memory Card Physical 3 * layer specification, Version 1.10." 4 * 5 * Copyright (c) 2006 Andrzej Zaborowski <balrog@zabor.org> 6 * Copyright (c) 2007 CodeSourcery 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 2. Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in 16 * the documentation and/or other materials provided with the 17 * distribution. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' 20 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, 21 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A 22 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR 23 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 24 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 25 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 26 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY 27 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 28 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 29 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 30 */ 31 32 #include "qemu/osdep.h" 33 #include "hw/qdev.h" 34 #include "hw/hw.h" 35 #include "hw/registerfields.h" 36 #include "sysemu/block-backend.h" 37 #include "hw/sd/sd.h" 38 #include "qapi/error.h" 39 #include "qemu/bitmap.h" 40 #include "qemu/cutils.h" 41 #include "hw/qdev-properties.h" 42 #include "qemu/error-report.h" 43 #include "qemu/timer.h" 44 #include "qemu/log.h" 45 #include "sdmmc-internal.h" 46 #include "trace.h" 47 48 //#define DEBUG_SD 1 49 50 typedef enum { 51 sd_r0 = 0, /* no response */ 52 sd_r1, /* normal response command */ 53 sd_r2_i, /* CID register */ 54 sd_r2_s, /* CSD register */ 55 sd_r3, /* OCR register */ 56 sd_r6 = 6, /* Published RCA response */ 57 sd_r7, /* Operating voltage */ 58 sd_r1b = -1, 59 sd_illegal = -2, 60 } sd_rsp_type_t; 61 62 enum SDCardModes { 63 sd_inactive, 64 sd_card_identification_mode, 65 sd_data_transfer_mode, 66 }; 67 68 enum SDCardStates { 69 sd_inactive_state = -1, 70 sd_idle_state = 0, 71 sd_ready_state, 72 sd_identification_state, 73 sd_standby_state, 74 sd_transfer_state, 75 sd_sendingdata_state, 76 sd_receivingdata_state, 77 sd_programming_state, 78 sd_disconnect_state, 79 }; 80 81 struct SDState { 82 DeviceState parent_obj; 83 84 /* SD Memory Card Registers */ 85 uint32_t ocr; 86 uint8_t scr[8]; 87 uint8_t cid[16]; 88 uint8_t csd[16]; 89 uint16_t rca; 90 uint32_t card_status; 91 uint8_t sd_status[64]; 92 93 /* Configurable properties */ 94 BlockBackend *blk; 95 bool spi; 96 97 uint32_t mode; /* current card mode, one of SDCardModes */ 98 int32_t state; /* current card state, one of SDCardStates */ 99 uint32_t vhs; 100 bool wp_switch; 101 unsigned long *wp_groups; 102 int32_t wpgrps_size; 103 uint64_t size; 104 uint32_t blk_len; 105 uint32_t multi_blk_cnt; 106 uint32_t erase_start; 107 uint32_t erase_end; 108 uint8_t pwd[16]; 109 uint32_t pwd_len; 110 uint8_t function_group[6]; 111 uint8_t current_cmd; 112 /* True if we will handle the next command as an ACMD. Note that this does 113 * *not* track the APP_CMD status bit! 114 */ 115 bool expecting_acmd; 116 uint32_t blk_written; 117 uint64_t data_start; 118 uint32_t data_offset; 119 uint8_t data[512]; 120 qemu_irq readonly_cb; 121 qemu_irq inserted_cb; 122 QEMUTimer *ocr_power_timer; 123 bool enable; 124 uint8_t dat_lines; 125 bool cmd_line; 126 }; 127 128 static const char *sd_state_name(enum SDCardStates state) 129 { 130 static const char *state_name[] = { 131 [sd_idle_state] = "idle", 132 [sd_ready_state] = "ready", 133 [sd_identification_state] = "identification", 134 [sd_standby_state] = "standby", 135 [sd_transfer_state] = "transfer", 136 [sd_sendingdata_state] = "sendingdata", 137 [sd_receivingdata_state] = "receivingdata", 138 [sd_programming_state] = "programming", 139 [sd_disconnect_state] = "disconnect", 140 }; 141 if (state == sd_inactive_state) { 142 return "inactive"; 143 } 144 assert(state <= ARRAY_SIZE(state_name)); 145 return state_name[state]; 146 } 147 148 static const char *sd_response_name(sd_rsp_type_t rsp) 149 { 150 static const char *response_name[] = { 151 [sd_r0] = "RESP#0 (no response)", 152 [sd_r1] = "RESP#1 (normal cmd)", 153 [sd_r2_i] = "RESP#2 (CID reg)", 154 [sd_r2_s] = "RESP#2 (CSD reg)", 155 [sd_r3] = "RESP#3 (OCR reg)", 156 [sd_r6] = "RESP#6 (RCA)", 157 [sd_r7] = "RESP#7 (operating voltage)", 158 }; 159 if (rsp == sd_illegal) { 160 return "ILLEGAL RESP"; 161 } 162 if (rsp == sd_r1b) { 163 rsp = sd_r1; 164 } 165 assert(rsp <= ARRAY_SIZE(response_name)); 166 return response_name[rsp]; 167 } 168 169 static uint8_t sd_get_dat_lines(SDState *sd) 170 { 171 return sd->enable ? sd->dat_lines : 0; 172 } 173 174 static bool sd_get_cmd_line(SDState *sd) 175 { 176 return sd->enable ? sd->cmd_line : false; 177 } 178 179 static void sd_set_voltage(SDState *sd, uint16_t millivolts) 180 { 181 trace_sdcard_set_voltage(millivolts); 182 183 switch (millivolts) { 184 case 3001 ... 3600: /* SD_VOLTAGE_3_3V */ 185 case 2001 ... 3000: /* SD_VOLTAGE_3_0V */ 186 break; 187 default: 188 qemu_log_mask(LOG_GUEST_ERROR, "SD card voltage not supported: %.3fV", 189 millivolts / 1000.f); 190 } 191 } 192 193 static void sd_set_mode(SDState *sd) 194 { 195 switch (sd->state) { 196 case sd_inactive_state: 197 sd->mode = sd_inactive; 198 break; 199 200 case sd_idle_state: 201 case sd_ready_state: 202 case sd_identification_state: 203 sd->mode = sd_card_identification_mode; 204 break; 205 206 case sd_standby_state: 207 case sd_transfer_state: 208 case sd_sendingdata_state: 209 case sd_receivingdata_state: 210 case sd_programming_state: 211 case sd_disconnect_state: 212 sd->mode = sd_data_transfer_mode; 213 break; 214 } 215 } 216 217 static const sd_cmd_type_t sd_cmd_type[SDMMC_CMD_MAX] = { 218 sd_bc, sd_none, sd_bcr, sd_bcr, sd_none, sd_none, sd_none, sd_ac, 219 sd_bcr, sd_ac, sd_ac, sd_adtc, sd_ac, sd_ac, sd_none, sd_ac, 220 /* 16 */ 221 sd_ac, sd_adtc, sd_adtc, sd_none, sd_none, sd_none, sd_none, sd_none, 222 sd_adtc, sd_adtc, sd_adtc, sd_adtc, sd_ac, sd_ac, sd_adtc, sd_none, 223 /* 32 */ 224 sd_ac, sd_ac, sd_none, sd_none, sd_none, sd_none, sd_ac, sd_none, 225 sd_none, sd_none, sd_bc, sd_none, sd_none, sd_none, sd_none, sd_none, 226 /* 48 */ 227 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_ac, 228 sd_adtc, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, 229 }; 230 231 static const int sd_cmd_class[SDMMC_CMD_MAX] = { 232 0, 0, 0, 0, 0, 9, 10, 0, 0, 0, 0, 1, 0, 0, 0, 0, 233 2, 2, 2, 2, 3, 3, 3, 3, 4, 4, 4, 4, 6, 6, 6, 6, 234 5, 5, 10, 10, 10, 10, 5, 9, 9, 9, 7, 7, 7, 7, 7, 7, 235 7, 7, 10, 7, 9, 9, 9, 8, 8, 10, 8, 8, 8, 8, 8, 8, 236 }; 237 238 static uint8_t sd_crc7(void *message, size_t width) 239 { 240 int i, bit; 241 uint8_t shift_reg = 0x00; 242 uint8_t *msg = (uint8_t *) message; 243 244 for (i = 0; i < width; i ++, msg ++) 245 for (bit = 7; bit >= 0; bit --) { 246 shift_reg <<= 1; 247 if ((shift_reg >> 7) ^ ((*msg >> bit) & 1)) 248 shift_reg ^= 0x89; 249 } 250 251 return shift_reg; 252 } 253 254 static uint16_t sd_crc16(void *message, size_t width) 255 { 256 int i, bit; 257 uint16_t shift_reg = 0x0000; 258 uint16_t *msg = (uint16_t *) message; 259 width <<= 1; 260 261 for (i = 0; i < width; i ++, msg ++) 262 for (bit = 15; bit >= 0; bit --) { 263 shift_reg <<= 1; 264 if ((shift_reg >> 15) ^ ((*msg >> bit) & 1)) 265 shift_reg ^= 0x1011; 266 } 267 268 return shift_reg; 269 } 270 271 #define OCR_POWER_DELAY_NS 500000 /* 0.5ms */ 272 273 FIELD(OCR, VDD_VOLTAGE_WINDOW, 0, 24) 274 FIELD(OCR, VDD_VOLTAGE_WIN_LO, 0, 8) 275 FIELD(OCR, DUAL_VOLTAGE_CARD, 7, 1) 276 FIELD(OCR, VDD_VOLTAGE_WIN_HI, 8, 16) 277 FIELD(OCR, ACCEPT_SWITCH_1V8, 24, 1) /* Only UHS-I */ 278 FIELD(OCR, UHS_II_CARD, 29, 1) /* Only UHS-II */ 279 FIELD(OCR, CARD_CAPACITY, 30, 1) /* 0:SDSC, 1:SDHC/SDXC */ 280 FIELD(OCR, CARD_POWER_UP, 31, 1) 281 282 #define ACMD41_ENQUIRY_MASK 0x00ffffff 283 #define ACMD41_R3_MASK (R_OCR_VDD_VOLTAGE_WIN_HI_MASK \ 284 | R_OCR_ACCEPT_SWITCH_1V8_MASK \ 285 | R_OCR_UHS_II_CARD_MASK \ 286 | R_OCR_CARD_CAPACITY_MASK \ 287 | R_OCR_CARD_POWER_UP_MASK) 288 289 static void sd_set_ocr(SDState *sd) 290 { 291 /* All voltages OK */ 292 sd->ocr = R_OCR_VDD_VOLTAGE_WIN_HI_MASK; 293 } 294 295 static void sd_ocr_powerup(void *opaque) 296 { 297 SDState *sd = opaque; 298 299 trace_sdcard_powerup(); 300 assert(!FIELD_EX32(sd->ocr, OCR, CARD_POWER_UP)); 301 302 /* card power-up OK */ 303 sd->ocr = FIELD_DP32(sd->ocr, OCR, CARD_POWER_UP, 1); 304 305 if (sd->size > 1 * G_BYTE) { 306 sd->ocr = FIELD_DP32(sd->ocr, OCR, CARD_CAPACITY, 1); 307 } 308 } 309 310 static void sd_set_scr(SDState *sd) 311 { 312 sd->scr[0] = (0 << 4) /* SCR version 1.0 */ 313 | 0; /* Spec Versions 1.0 and 1.01 */ 314 sd->scr[1] = (2 << 4) /* SDSC Card (Security Version 1.01) */ 315 | 0b0101; /* 1-bit or 4-bit width bus modes */ 316 sd->scr[2] = 0x00; /* Extended Security is not supported. */ 317 sd->scr[3] = 0x00; 318 /* reserved for manufacturer usage */ 319 sd->scr[4] = 0x00; 320 sd->scr[5] = 0x00; 321 sd->scr[6] = 0x00; 322 sd->scr[7] = 0x00; 323 } 324 325 #define MID 0xaa 326 #define OID "XY" 327 #define PNM "QEMU!" 328 #define PRV 0x01 329 #define MDT_YR 2006 330 #define MDT_MON 2 331 332 static void sd_set_cid(SDState *sd) 333 { 334 sd->cid[0] = MID; /* Fake card manufacturer ID (MID) */ 335 sd->cid[1] = OID[0]; /* OEM/Application ID (OID) */ 336 sd->cid[2] = OID[1]; 337 sd->cid[3] = PNM[0]; /* Fake product name (PNM) */ 338 sd->cid[4] = PNM[1]; 339 sd->cid[5] = PNM[2]; 340 sd->cid[6] = PNM[3]; 341 sd->cid[7] = PNM[4]; 342 sd->cid[8] = PRV; /* Fake product revision (PRV) */ 343 sd->cid[9] = 0xde; /* Fake serial number (PSN) */ 344 sd->cid[10] = 0xad; 345 sd->cid[11] = 0xbe; 346 sd->cid[12] = 0xef; 347 sd->cid[13] = 0x00 | /* Manufacture date (MDT) */ 348 ((MDT_YR - 2000) / 10); 349 sd->cid[14] = ((MDT_YR % 10) << 4) | MDT_MON; 350 sd->cid[15] = (sd_crc7(sd->cid, 15) << 1) | 1; 351 } 352 353 #define HWBLOCK_SHIFT 9 /* 512 bytes */ 354 #define SECTOR_SHIFT 5 /* 16 kilobytes */ 355 #define WPGROUP_SHIFT 7 /* 2 megs */ 356 #define CMULT_SHIFT 9 /* 512 times HWBLOCK_SIZE */ 357 #define WPGROUP_SIZE (1 << (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT)) 358 359 static const uint8_t sd_csd_rw_mask[16] = { 360 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 361 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xfc, 0xfe, 362 }; 363 364 static void sd_set_csd(SDState *sd, uint64_t size) 365 { 366 uint32_t csize = (size >> (CMULT_SHIFT + HWBLOCK_SHIFT)) - 1; 367 uint32_t sectsize = (1 << (SECTOR_SHIFT + 1)) - 1; 368 uint32_t wpsize = (1 << (WPGROUP_SHIFT + 1)) - 1; 369 370 if (size <= 1 * G_BYTE) { /* Standard Capacity SD */ 371 sd->csd[0] = 0x00; /* CSD structure */ 372 sd->csd[1] = 0x26; /* Data read access-time-1 */ 373 sd->csd[2] = 0x00; /* Data read access-time-2 */ 374 sd->csd[3] = 0x32; /* Max. data transfer rate: 25 MHz */ 375 sd->csd[4] = 0x5f; /* Card Command Classes */ 376 sd->csd[5] = 0x50 | /* Max. read data block length */ 377 HWBLOCK_SHIFT; 378 sd->csd[6] = 0xe0 | /* Partial block for read allowed */ 379 ((csize >> 10) & 0x03); 380 sd->csd[7] = 0x00 | /* Device size */ 381 ((csize >> 2) & 0xff); 382 sd->csd[8] = 0x3f | /* Max. read current */ 383 ((csize << 6) & 0xc0); 384 sd->csd[9] = 0xfc | /* Max. write current */ 385 ((CMULT_SHIFT - 2) >> 1); 386 sd->csd[10] = 0x40 | /* Erase sector size */ 387 (((CMULT_SHIFT - 2) << 7) & 0x80) | (sectsize >> 1); 388 sd->csd[11] = 0x00 | /* Write protect group size */ 389 ((sectsize << 7) & 0x80) | wpsize; 390 sd->csd[12] = 0x90 | /* Write speed factor */ 391 (HWBLOCK_SHIFT >> 2); 392 sd->csd[13] = 0x20 | /* Max. write data block length */ 393 ((HWBLOCK_SHIFT << 6) & 0xc0); 394 sd->csd[14] = 0x00; /* File format group */ 395 } else { /* SDHC */ 396 size /= 512 * 1024; 397 size -= 1; 398 sd->csd[0] = 0x40; 399 sd->csd[1] = 0x0e; 400 sd->csd[2] = 0x00; 401 sd->csd[3] = 0x32; 402 sd->csd[4] = 0x5b; 403 sd->csd[5] = 0x59; 404 sd->csd[6] = 0x00; 405 sd->csd[7] = (size >> 16) & 0xff; 406 sd->csd[8] = (size >> 8) & 0xff; 407 sd->csd[9] = (size & 0xff); 408 sd->csd[10] = 0x7f; 409 sd->csd[11] = 0x80; 410 sd->csd[12] = 0x0a; 411 sd->csd[13] = 0x40; 412 sd->csd[14] = 0x00; 413 } 414 sd->csd[15] = (sd_crc7(sd->csd, 15) << 1) | 1; 415 } 416 417 static void sd_set_rca(SDState *sd) 418 { 419 sd->rca += 0x4567; 420 } 421 422 FIELD(CSR, AKE_SEQ_ERROR, 3, 1) 423 FIELD(CSR, APP_CMD, 5, 1) 424 FIELD(CSR, FX_EVENT, 6, 1) 425 FIELD(CSR, READY_FOR_DATA, 8, 1) 426 FIELD(CSR, CURRENT_STATE, 9, 4) 427 FIELD(CSR, ERASE_RESET, 13, 1) 428 FIELD(CSR, CARD_ECC_DISABLED, 14, 1) 429 FIELD(CSR, WP_ERASE_SKIP, 15, 1) 430 FIELD(CSR, CSD_OVERWRITE, 16, 1) 431 FIELD(CSR, DEFERRED_RESPONSE, 17, 1) 432 FIELD(CSR, ERROR, 19, 1) 433 FIELD(CSR, CC_ERROR, 20, 1) 434 FIELD(CSR, CARD_ECC_FAILED, 21, 1) 435 FIELD(CSR, ILLEGAL_COMMAND, 22, 1) 436 FIELD(CSR, COM_CRC_ERROR, 23, 1) 437 FIELD(CSR, LOCK_UNLOCK_FAILED, 24, 1) 438 FIELD(CSR, CARD_IS_LOCKED, 25, 1) 439 FIELD(CSR, WP_VIOLATION, 26, 1) 440 FIELD(CSR, ERASE_PARAM, 27, 1) 441 FIELD(CSR, ERASE_SEQ_ERROR, 28, 1) 442 FIELD(CSR, BLOCK_LEN_ERROR, 29, 1) 443 FIELD(CSR, ADDRESS_ERROR, 30, 1) 444 FIELD(CSR, OUT_OF_RANGE, 31, 1) 445 446 /* Card status bits, split by clear condition: 447 * A : According to the card current state 448 * B : Always related to the previous command 449 * C : Cleared by read 450 */ 451 #define CARD_STATUS_A (R_CSR_READY_FOR_DATA_MASK \ 452 | R_CSR_CARD_ECC_DISABLED_MASK \ 453 | R_CSR_CARD_IS_LOCKED_MASK) 454 #define CARD_STATUS_B (R_CSR_CURRENT_STATE_MASK \ 455 | R_CSR_ILLEGAL_COMMAND_MASK \ 456 | R_CSR_COM_CRC_ERROR_MASK) 457 #define CARD_STATUS_C (R_CSR_AKE_SEQ_ERROR_MASK \ 458 | R_CSR_APP_CMD_MASK \ 459 | R_CSR_ERASE_RESET_MASK \ 460 | R_CSR_WP_ERASE_SKIP_MASK \ 461 | R_CSR_CSD_OVERWRITE_MASK \ 462 | R_CSR_ERROR_MASK \ 463 | R_CSR_CC_ERROR_MASK \ 464 | R_CSR_CARD_ECC_FAILED_MASK \ 465 | R_CSR_LOCK_UNLOCK_FAILED_MASK \ 466 | R_CSR_WP_VIOLATION_MASK \ 467 | R_CSR_ERASE_PARAM_MASK \ 468 | R_CSR_ERASE_SEQ_ERROR_MASK \ 469 | R_CSR_BLOCK_LEN_ERROR_MASK \ 470 | R_CSR_ADDRESS_ERROR_MASK \ 471 | R_CSR_OUT_OF_RANGE_MASK) 472 473 static void sd_set_cardstatus(SDState *sd) 474 { 475 sd->card_status = 0x00000100; 476 } 477 478 static void sd_set_sdstatus(SDState *sd) 479 { 480 memset(sd->sd_status, 0, 64); 481 } 482 483 static int sd_req_crc_validate(SDRequest *req) 484 { 485 uint8_t buffer[5]; 486 buffer[0] = 0x40 | req->cmd; 487 stl_be_p(&buffer[1], req->arg); 488 return 0; 489 return sd_crc7(buffer, 5) != req->crc; /* TODO */ 490 } 491 492 static void sd_response_r1_make(SDState *sd, uint8_t *response) 493 { 494 stl_be_p(response, sd->card_status); 495 496 /* Clear the "clear on read" status bits */ 497 sd->card_status &= ~CARD_STATUS_C; 498 } 499 500 static void sd_response_r3_make(SDState *sd, uint8_t *response) 501 { 502 stl_be_p(response, sd->ocr & ACMD41_R3_MASK); 503 } 504 505 static void sd_response_r6_make(SDState *sd, uint8_t *response) 506 { 507 uint16_t status; 508 509 status = ((sd->card_status >> 8) & 0xc000) | 510 ((sd->card_status >> 6) & 0x2000) | 511 (sd->card_status & 0x1fff); 512 sd->card_status &= ~(CARD_STATUS_C & 0xc81fff); 513 stw_be_p(response + 0, sd->rca); 514 stw_be_p(response + 2, status); 515 } 516 517 static void sd_response_r7_make(SDState *sd, uint8_t *response) 518 { 519 stl_be_p(response, sd->vhs); 520 } 521 522 static inline uint64_t sd_addr_to_wpnum(uint64_t addr) 523 { 524 return addr >> (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT); 525 } 526 527 static void sd_reset(DeviceState *dev) 528 { 529 SDState *sd = SD_CARD(dev); 530 uint64_t size; 531 uint64_t sect; 532 533 trace_sdcard_reset(); 534 if (sd->blk) { 535 blk_get_geometry(sd->blk, §); 536 } else { 537 sect = 0; 538 } 539 size = sect << 9; 540 541 sect = sd_addr_to_wpnum(size) + 1; 542 543 sd->state = sd_idle_state; 544 sd->rca = 0x0000; 545 sd_set_ocr(sd); 546 sd_set_scr(sd); 547 sd_set_cid(sd); 548 sd_set_csd(sd, size); 549 sd_set_cardstatus(sd); 550 sd_set_sdstatus(sd); 551 552 g_free(sd->wp_groups); 553 sd->wp_switch = sd->blk ? blk_is_read_only(sd->blk) : false; 554 sd->wpgrps_size = sect; 555 sd->wp_groups = bitmap_new(sd->wpgrps_size); 556 memset(sd->function_group, 0, sizeof(sd->function_group)); 557 sd->erase_start = 0; 558 sd->erase_end = 0; 559 sd->size = size; 560 sd->blk_len = 0x200; 561 sd->pwd_len = 0; 562 sd->expecting_acmd = false; 563 sd->dat_lines = 0xf; 564 sd->cmd_line = true; 565 sd->multi_blk_cnt = 0; 566 } 567 568 static bool sd_get_inserted(SDState *sd) 569 { 570 return sd->blk && blk_is_inserted(sd->blk); 571 } 572 573 static bool sd_get_readonly(SDState *sd) 574 { 575 return sd->wp_switch; 576 } 577 578 static void sd_cardchange(void *opaque, bool load, Error **errp) 579 { 580 SDState *sd = opaque; 581 DeviceState *dev = DEVICE(sd); 582 SDBus *sdbus = SD_BUS(qdev_get_parent_bus(dev)); 583 bool inserted = sd_get_inserted(sd); 584 bool readonly = sd_get_readonly(sd); 585 586 if (inserted) { 587 trace_sdcard_inserted(readonly); 588 sd_reset(dev); 589 } else { 590 trace_sdcard_ejected(); 591 } 592 593 /* The IRQ notification is for legacy non-QOM SD controller devices; 594 * QOMified controllers use the SDBus APIs. 595 */ 596 if (sdbus) { 597 sdbus_set_inserted(sdbus, inserted); 598 if (inserted) { 599 sdbus_set_readonly(sdbus, readonly); 600 } 601 } else { 602 qemu_set_irq(sd->inserted_cb, inserted); 603 if (inserted) { 604 qemu_set_irq(sd->readonly_cb, readonly); 605 } 606 } 607 } 608 609 static const BlockDevOps sd_block_ops = { 610 .change_media_cb = sd_cardchange, 611 }; 612 613 static bool sd_ocr_vmstate_needed(void *opaque) 614 { 615 SDState *sd = opaque; 616 617 /* Include the OCR state (and timer) if it is not yet powered up */ 618 return !FIELD_EX32(sd->ocr, OCR, CARD_POWER_UP); 619 } 620 621 static const VMStateDescription sd_ocr_vmstate = { 622 .name = "sd-card/ocr-state", 623 .version_id = 1, 624 .minimum_version_id = 1, 625 .needed = sd_ocr_vmstate_needed, 626 .fields = (VMStateField[]) { 627 VMSTATE_UINT32(ocr, SDState), 628 VMSTATE_TIMER_PTR(ocr_power_timer, SDState), 629 VMSTATE_END_OF_LIST() 630 }, 631 }; 632 633 static int sd_vmstate_pre_load(void *opaque) 634 { 635 SDState *sd = opaque; 636 637 /* If the OCR state is not included (prior versions, or not 638 * needed), then the OCR must be set as powered up. If the OCR state 639 * is included, this will be replaced by the state restore. 640 */ 641 sd_ocr_powerup(sd); 642 643 return 0; 644 } 645 646 static const VMStateDescription sd_vmstate = { 647 .name = "sd-card", 648 .version_id = 1, 649 .minimum_version_id = 1, 650 .pre_load = sd_vmstate_pre_load, 651 .fields = (VMStateField[]) { 652 VMSTATE_UINT32(mode, SDState), 653 VMSTATE_INT32(state, SDState), 654 VMSTATE_UINT8_ARRAY(cid, SDState, 16), 655 VMSTATE_UINT8_ARRAY(csd, SDState, 16), 656 VMSTATE_UINT16(rca, SDState), 657 VMSTATE_UINT32(card_status, SDState), 658 VMSTATE_PARTIAL_BUFFER(sd_status, SDState, 1), 659 VMSTATE_UINT32(vhs, SDState), 660 VMSTATE_BITMAP(wp_groups, SDState, 0, wpgrps_size), 661 VMSTATE_UINT32(blk_len, SDState), 662 VMSTATE_UINT32(multi_blk_cnt, SDState), 663 VMSTATE_UINT32(erase_start, SDState), 664 VMSTATE_UINT32(erase_end, SDState), 665 VMSTATE_UINT8_ARRAY(pwd, SDState, 16), 666 VMSTATE_UINT32(pwd_len, SDState), 667 VMSTATE_UINT8_ARRAY(function_group, SDState, 6), 668 VMSTATE_UINT8(current_cmd, SDState), 669 VMSTATE_BOOL(expecting_acmd, SDState), 670 VMSTATE_UINT32(blk_written, SDState), 671 VMSTATE_UINT64(data_start, SDState), 672 VMSTATE_UINT32(data_offset, SDState), 673 VMSTATE_UINT8_ARRAY(data, SDState, 512), 674 VMSTATE_UNUSED_V(1, 512), 675 VMSTATE_BOOL(enable, SDState), 676 VMSTATE_END_OF_LIST() 677 }, 678 .subsections = (const VMStateDescription*[]) { 679 &sd_ocr_vmstate, 680 NULL 681 }, 682 }; 683 684 /* Legacy initialization function for use by non-qdevified callers */ 685 SDState *sd_init(BlockBackend *blk, bool is_spi) 686 { 687 Object *obj; 688 DeviceState *dev; 689 Error *err = NULL; 690 691 obj = object_new(TYPE_SD_CARD); 692 dev = DEVICE(obj); 693 qdev_prop_set_drive(dev, "drive", blk, &err); 694 if (err) { 695 error_report("sd_init failed: %s", error_get_pretty(err)); 696 return NULL; 697 } 698 qdev_prop_set_bit(dev, "spi", is_spi); 699 object_property_set_bool(obj, true, "realized", &err); 700 if (err) { 701 error_report("sd_init failed: %s", error_get_pretty(err)); 702 return NULL; 703 } 704 705 return SD_CARD(dev); 706 } 707 708 void sd_set_cb(SDState *sd, qemu_irq readonly, qemu_irq insert) 709 { 710 sd->readonly_cb = readonly; 711 sd->inserted_cb = insert; 712 qemu_set_irq(readonly, sd->blk ? blk_is_read_only(sd->blk) : 0); 713 qemu_set_irq(insert, sd->blk ? blk_is_inserted(sd->blk) : 0); 714 } 715 716 static void sd_erase(SDState *sd) 717 { 718 int i; 719 uint64_t erase_start = sd->erase_start; 720 uint64_t erase_end = sd->erase_end; 721 722 trace_sdcard_erase(); 723 if (!sd->erase_start || !sd->erase_end) { 724 sd->card_status |= ERASE_SEQ_ERROR; 725 return; 726 } 727 728 if (FIELD_EX32(sd->ocr, OCR, CARD_CAPACITY)) { 729 /* High capacity memory card: erase units are 512 byte blocks */ 730 erase_start *= 512; 731 erase_end *= 512; 732 } 733 734 erase_start = sd_addr_to_wpnum(erase_start); 735 erase_end = sd_addr_to_wpnum(erase_end); 736 sd->erase_start = 0; 737 sd->erase_end = 0; 738 sd->csd[14] |= 0x40; 739 740 for (i = erase_start; i <= erase_end; i++) { 741 if (test_bit(i, sd->wp_groups)) { 742 sd->card_status |= WP_ERASE_SKIP; 743 } 744 } 745 } 746 747 static uint32_t sd_wpbits(SDState *sd, uint64_t addr) 748 { 749 uint32_t i, wpnum; 750 uint32_t ret = 0; 751 752 wpnum = sd_addr_to_wpnum(addr); 753 754 for (i = 0; i < 32; i++, wpnum++, addr += WPGROUP_SIZE) { 755 if (addr < sd->size && test_bit(wpnum, sd->wp_groups)) { 756 ret |= (1 << i); 757 } 758 } 759 760 return ret; 761 } 762 763 static void sd_function_switch(SDState *sd, uint32_t arg) 764 { 765 int i, mode, new_func; 766 mode = !!(arg & 0x80000000); 767 768 sd->data[0] = 0x00; /* Maximum current consumption */ 769 sd->data[1] = 0x01; 770 sd->data[2] = 0x80; /* Supported group 6 functions */ 771 sd->data[3] = 0x01; 772 sd->data[4] = 0x80; /* Supported group 5 functions */ 773 sd->data[5] = 0x01; 774 sd->data[6] = 0x80; /* Supported group 4 functions */ 775 sd->data[7] = 0x01; 776 sd->data[8] = 0x80; /* Supported group 3 functions */ 777 sd->data[9] = 0x01; 778 sd->data[10] = 0x80; /* Supported group 2 functions */ 779 sd->data[11] = 0x43; 780 sd->data[12] = 0x80; /* Supported group 1 functions */ 781 sd->data[13] = 0x03; 782 for (i = 0; i < 6; i ++) { 783 new_func = (arg >> (i * 4)) & 0x0f; 784 if (mode && new_func != 0x0f) 785 sd->function_group[i] = new_func; 786 sd->data[14 + (i >> 1)] = new_func << ((i * 4) & 4); 787 } 788 memset(&sd->data[17], 0, 47); 789 stw_be_p(sd->data + 65, sd_crc16(sd->data, 64)); 790 } 791 792 static inline bool sd_wp_addr(SDState *sd, uint64_t addr) 793 { 794 return test_bit(sd_addr_to_wpnum(addr), sd->wp_groups); 795 } 796 797 static void sd_lock_command(SDState *sd) 798 { 799 int erase, lock, clr_pwd, set_pwd, pwd_len; 800 erase = !!(sd->data[0] & 0x08); 801 lock = sd->data[0] & 0x04; 802 clr_pwd = sd->data[0] & 0x02; 803 set_pwd = sd->data[0] & 0x01; 804 805 if (sd->blk_len > 1) 806 pwd_len = sd->data[1]; 807 else 808 pwd_len = 0; 809 810 if (lock) { 811 trace_sdcard_lock(); 812 } else { 813 trace_sdcard_unlock(); 814 } 815 if (erase) { 816 if (!(sd->card_status & CARD_IS_LOCKED) || sd->blk_len > 1 || 817 set_pwd || clr_pwd || lock || sd->wp_switch || 818 (sd->csd[14] & 0x20)) { 819 sd->card_status |= LOCK_UNLOCK_FAILED; 820 return; 821 } 822 bitmap_zero(sd->wp_groups, sd->wpgrps_size); 823 sd->csd[14] &= ~0x10; 824 sd->card_status &= ~CARD_IS_LOCKED; 825 sd->pwd_len = 0; 826 /* Erasing the entire card here! */ 827 fprintf(stderr, "SD: Card force-erased by CMD42\n"); 828 return; 829 } 830 831 if (sd->blk_len < 2 + pwd_len || 832 pwd_len <= sd->pwd_len || 833 pwd_len > sd->pwd_len + 16) { 834 sd->card_status |= LOCK_UNLOCK_FAILED; 835 return; 836 } 837 838 if (sd->pwd_len && memcmp(sd->pwd, sd->data + 2, sd->pwd_len)) { 839 sd->card_status |= LOCK_UNLOCK_FAILED; 840 return; 841 } 842 843 pwd_len -= sd->pwd_len; 844 if ((pwd_len && !set_pwd) || 845 (clr_pwd && (set_pwd || lock)) || 846 (lock && !sd->pwd_len && !set_pwd) || 847 (!set_pwd && !clr_pwd && 848 (((sd->card_status & CARD_IS_LOCKED) && lock) || 849 (!(sd->card_status & CARD_IS_LOCKED) && !lock)))) { 850 sd->card_status |= LOCK_UNLOCK_FAILED; 851 return; 852 } 853 854 if (set_pwd) { 855 memcpy(sd->pwd, sd->data + 2 + sd->pwd_len, pwd_len); 856 sd->pwd_len = pwd_len; 857 } 858 859 if (clr_pwd) { 860 sd->pwd_len = 0; 861 } 862 863 if (lock) 864 sd->card_status |= CARD_IS_LOCKED; 865 else 866 sd->card_status &= ~CARD_IS_LOCKED; 867 } 868 869 static sd_rsp_type_t sd_normal_command(SDState *sd, 870 SDRequest req) 871 { 872 uint32_t rca = 0x0000; 873 uint64_t addr = (sd->ocr & (1 << 30)) ? (uint64_t) req.arg << 9 : req.arg; 874 875 trace_sdcard_normal_command(req.cmd, req.arg, sd_state_name(sd->state)); 876 877 /* Not interpreting this as an app command */ 878 sd->card_status &= ~APP_CMD; 879 880 if (sd_cmd_type[req.cmd] == sd_ac 881 || sd_cmd_type[req.cmd] == sd_adtc) { 882 rca = req.arg >> 16; 883 } 884 885 /* CMD23 (set block count) must be immediately followed by CMD18 or CMD25 886 * if not, its effects are cancelled */ 887 if (sd->multi_blk_cnt != 0 && !(req.cmd == 18 || req.cmd == 25)) { 888 sd->multi_blk_cnt = 0; 889 } 890 891 switch (req.cmd) { 892 /* Basic commands (Class 0 and Class 1) */ 893 case 0: /* CMD0: GO_IDLE_STATE */ 894 switch (sd->state) { 895 case sd_inactive_state: 896 return sd->spi ? sd_r1 : sd_r0; 897 898 default: 899 sd->state = sd_idle_state; 900 sd_reset(DEVICE(sd)); 901 return sd->spi ? sd_r1 : sd_r0; 902 } 903 break; 904 905 case 1: /* CMD1: SEND_OP_CMD */ 906 if (!sd->spi) 907 goto bad_cmd; 908 909 sd->state = sd_transfer_state; 910 return sd_r1; 911 912 case 2: /* CMD2: ALL_SEND_CID */ 913 if (sd->spi) 914 goto bad_cmd; 915 switch (sd->state) { 916 case sd_ready_state: 917 sd->state = sd_identification_state; 918 return sd_r2_i; 919 920 default: 921 break; 922 } 923 break; 924 925 case 3: /* CMD3: SEND_RELATIVE_ADDR */ 926 if (sd->spi) 927 goto bad_cmd; 928 switch (sd->state) { 929 case sd_identification_state: 930 case sd_standby_state: 931 sd->state = sd_standby_state; 932 sd_set_rca(sd); 933 return sd_r6; 934 935 default: 936 break; 937 } 938 break; 939 940 case 4: /* CMD4: SEND_DSR */ 941 if (sd->spi) 942 goto bad_cmd; 943 switch (sd->state) { 944 case sd_standby_state: 945 break; 946 947 default: 948 break; 949 } 950 break; 951 952 case 5: /* CMD5: reserved for SDIO cards */ 953 return sd_illegal; 954 955 case 6: /* CMD6: SWITCH_FUNCTION */ 956 if (sd->spi) 957 goto bad_cmd; 958 switch (sd->mode) { 959 case sd_data_transfer_mode: 960 sd_function_switch(sd, req.arg); 961 sd->state = sd_sendingdata_state; 962 sd->data_start = 0; 963 sd->data_offset = 0; 964 return sd_r1; 965 966 default: 967 break; 968 } 969 break; 970 971 case 7: /* CMD7: SELECT/DESELECT_CARD */ 972 if (sd->spi) 973 goto bad_cmd; 974 switch (sd->state) { 975 case sd_standby_state: 976 if (sd->rca != rca) 977 return sd_r0; 978 979 sd->state = sd_transfer_state; 980 return sd_r1b; 981 982 case sd_transfer_state: 983 case sd_sendingdata_state: 984 if (sd->rca == rca) 985 break; 986 987 sd->state = sd_standby_state; 988 return sd_r1b; 989 990 case sd_disconnect_state: 991 if (sd->rca != rca) 992 return sd_r0; 993 994 sd->state = sd_programming_state; 995 return sd_r1b; 996 997 case sd_programming_state: 998 if (sd->rca == rca) 999 break; 1000 1001 sd->state = sd_disconnect_state; 1002 return sd_r1b; 1003 1004 default: 1005 break; 1006 } 1007 break; 1008 1009 case 8: /* CMD8: SEND_IF_COND */ 1010 /* Physical Layer Specification Version 2.00 command */ 1011 if (sd->state != sd_idle_state) { 1012 break; 1013 } 1014 sd->vhs = 0; 1015 1016 /* No response if not exactly one VHS bit is set. */ 1017 if (!(req.arg >> 8) || (req.arg >> (ctz32(req.arg & ~0xff) + 1))) { 1018 return sd->spi ? sd_r7 : sd_r0; 1019 } 1020 1021 /* Accept. */ 1022 sd->vhs = req.arg; 1023 return sd_r7; 1024 1025 case 9: /* CMD9: SEND_CSD */ 1026 switch (sd->state) { 1027 case sd_standby_state: 1028 if (sd->rca != rca) 1029 return sd_r0; 1030 1031 return sd_r2_s; 1032 1033 case sd_transfer_state: 1034 if (!sd->spi) 1035 break; 1036 sd->state = sd_sendingdata_state; 1037 memcpy(sd->data, sd->csd, 16); 1038 sd->data_start = addr; 1039 sd->data_offset = 0; 1040 return sd_r1; 1041 1042 default: 1043 break; 1044 } 1045 break; 1046 1047 case 10: /* CMD10: SEND_CID */ 1048 switch (sd->state) { 1049 case sd_standby_state: 1050 if (sd->rca != rca) 1051 return sd_r0; 1052 1053 return sd_r2_i; 1054 1055 case sd_transfer_state: 1056 if (!sd->spi) 1057 break; 1058 sd->state = sd_sendingdata_state; 1059 memcpy(sd->data, sd->cid, 16); 1060 sd->data_start = addr; 1061 sd->data_offset = 0; 1062 return sd_r1; 1063 1064 default: 1065 break; 1066 } 1067 break; 1068 1069 case 12: /* CMD12: STOP_TRANSMISSION */ 1070 switch (sd->state) { 1071 case sd_sendingdata_state: 1072 sd->state = sd_transfer_state; 1073 return sd_r1b; 1074 1075 case sd_receivingdata_state: 1076 sd->state = sd_programming_state; 1077 /* Bzzzzzzztt .... Operation complete. */ 1078 sd->state = sd_transfer_state; 1079 return sd_r1b; 1080 1081 default: 1082 break; 1083 } 1084 break; 1085 1086 case 13: /* CMD13: SEND_STATUS */ 1087 switch (sd->mode) { 1088 case sd_data_transfer_mode: 1089 if (sd->rca != rca) 1090 return sd_r0; 1091 1092 return sd_r1; 1093 1094 default: 1095 break; 1096 } 1097 break; 1098 1099 case 15: /* CMD15: GO_INACTIVE_STATE */ 1100 if (sd->spi) 1101 goto bad_cmd; 1102 switch (sd->mode) { 1103 case sd_data_transfer_mode: 1104 if (sd->rca != rca) 1105 return sd_r0; 1106 1107 sd->state = sd_inactive_state; 1108 return sd_r0; 1109 1110 default: 1111 break; 1112 } 1113 break; 1114 1115 /* Block read commands (Classs 2) */ 1116 case 16: /* CMD16: SET_BLOCKLEN */ 1117 switch (sd->state) { 1118 case sd_transfer_state: 1119 if (req.arg > (1 << HWBLOCK_SHIFT)) { 1120 sd->card_status |= BLOCK_LEN_ERROR; 1121 } else { 1122 trace_sdcard_set_blocklen(req.arg); 1123 sd->blk_len = req.arg; 1124 } 1125 1126 return sd_r1; 1127 1128 default: 1129 break; 1130 } 1131 break; 1132 1133 case 17: /* CMD17: READ_SINGLE_BLOCK */ 1134 switch (sd->state) { 1135 case sd_transfer_state: 1136 sd->state = sd_sendingdata_state; 1137 sd->data_start = addr; 1138 sd->data_offset = 0; 1139 1140 if (sd->data_start + sd->blk_len > sd->size) 1141 sd->card_status |= ADDRESS_ERROR; 1142 return sd_r1; 1143 1144 default: 1145 break; 1146 } 1147 break; 1148 1149 case 18: /* CMD18: READ_MULTIPLE_BLOCK */ 1150 switch (sd->state) { 1151 case sd_transfer_state: 1152 sd->state = sd_sendingdata_state; 1153 sd->data_start = addr; 1154 sd->data_offset = 0; 1155 1156 if (sd->data_start + sd->blk_len > sd->size) 1157 sd->card_status |= ADDRESS_ERROR; 1158 return sd_r1; 1159 1160 default: 1161 break; 1162 } 1163 break; 1164 1165 case 23: /* CMD23: SET_BLOCK_COUNT */ 1166 switch (sd->state) { 1167 case sd_transfer_state: 1168 sd->multi_blk_cnt = req.arg; 1169 return sd_r1; 1170 1171 default: 1172 break; 1173 } 1174 break; 1175 1176 /* Block write commands (Class 4) */ 1177 case 24: /* CMD24: WRITE_SINGLE_BLOCK */ 1178 if (sd->spi) { 1179 goto unimplemented_spi_cmd; 1180 } 1181 switch (sd->state) { 1182 case sd_transfer_state: 1183 /* Writing in SPI mode not implemented. */ 1184 if (sd->spi) 1185 break; 1186 sd->state = sd_receivingdata_state; 1187 sd->data_start = addr; 1188 sd->data_offset = 0; 1189 sd->blk_written = 0; 1190 1191 if (sd->data_start + sd->blk_len > sd->size) 1192 sd->card_status |= ADDRESS_ERROR; 1193 if (sd_wp_addr(sd, sd->data_start)) 1194 sd->card_status |= WP_VIOLATION; 1195 if (sd->csd[14] & 0x30) 1196 sd->card_status |= WP_VIOLATION; 1197 return sd_r1; 1198 1199 default: 1200 break; 1201 } 1202 break; 1203 1204 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */ 1205 if (sd->spi) { 1206 goto unimplemented_spi_cmd; 1207 } 1208 switch (sd->state) { 1209 case sd_transfer_state: 1210 /* Writing in SPI mode not implemented. */ 1211 if (sd->spi) 1212 break; 1213 sd->state = sd_receivingdata_state; 1214 sd->data_start = addr; 1215 sd->data_offset = 0; 1216 sd->blk_written = 0; 1217 1218 if (sd->data_start + sd->blk_len > sd->size) 1219 sd->card_status |= ADDRESS_ERROR; 1220 if (sd_wp_addr(sd, sd->data_start)) 1221 sd->card_status |= WP_VIOLATION; 1222 if (sd->csd[14] & 0x30) 1223 sd->card_status |= WP_VIOLATION; 1224 return sd_r1; 1225 1226 default: 1227 break; 1228 } 1229 break; 1230 1231 case 26: /* CMD26: PROGRAM_CID */ 1232 if (sd->spi) 1233 goto bad_cmd; 1234 switch (sd->state) { 1235 case sd_transfer_state: 1236 sd->state = sd_receivingdata_state; 1237 sd->data_start = 0; 1238 sd->data_offset = 0; 1239 return sd_r1; 1240 1241 default: 1242 break; 1243 } 1244 break; 1245 1246 case 27: /* CMD27: PROGRAM_CSD */ 1247 if (sd->spi) { 1248 goto unimplemented_spi_cmd; 1249 } 1250 switch (sd->state) { 1251 case sd_transfer_state: 1252 sd->state = sd_receivingdata_state; 1253 sd->data_start = 0; 1254 sd->data_offset = 0; 1255 return sd_r1; 1256 1257 default: 1258 break; 1259 } 1260 break; 1261 1262 /* Write protection (Class 6) */ 1263 case 28: /* CMD28: SET_WRITE_PROT */ 1264 switch (sd->state) { 1265 case sd_transfer_state: 1266 if (addr >= sd->size) { 1267 sd->card_status |= ADDRESS_ERROR; 1268 return sd_r1b; 1269 } 1270 1271 sd->state = sd_programming_state; 1272 set_bit(sd_addr_to_wpnum(addr), sd->wp_groups); 1273 /* Bzzzzzzztt .... Operation complete. */ 1274 sd->state = sd_transfer_state; 1275 return sd_r1b; 1276 1277 default: 1278 break; 1279 } 1280 break; 1281 1282 case 29: /* CMD29: CLR_WRITE_PROT */ 1283 switch (sd->state) { 1284 case sd_transfer_state: 1285 if (addr >= sd->size) { 1286 sd->card_status |= ADDRESS_ERROR; 1287 return sd_r1b; 1288 } 1289 1290 sd->state = sd_programming_state; 1291 clear_bit(sd_addr_to_wpnum(addr), sd->wp_groups); 1292 /* Bzzzzzzztt .... Operation complete. */ 1293 sd->state = sd_transfer_state; 1294 return sd_r1b; 1295 1296 default: 1297 break; 1298 } 1299 break; 1300 1301 case 30: /* CMD30: SEND_WRITE_PROT */ 1302 switch (sd->state) { 1303 case sd_transfer_state: 1304 sd->state = sd_sendingdata_state; 1305 *(uint32_t *) sd->data = sd_wpbits(sd, req.arg); 1306 sd->data_start = addr; 1307 sd->data_offset = 0; 1308 return sd_r1b; 1309 1310 default: 1311 break; 1312 } 1313 break; 1314 1315 /* Erase commands (Class 5) */ 1316 case 32: /* CMD32: ERASE_WR_BLK_START */ 1317 switch (sd->state) { 1318 case sd_transfer_state: 1319 sd->erase_start = req.arg; 1320 return sd_r1; 1321 1322 default: 1323 break; 1324 } 1325 break; 1326 1327 case 33: /* CMD33: ERASE_WR_BLK_END */ 1328 switch (sd->state) { 1329 case sd_transfer_state: 1330 sd->erase_end = req.arg; 1331 return sd_r1; 1332 1333 default: 1334 break; 1335 } 1336 break; 1337 1338 case 38: /* CMD38: ERASE */ 1339 switch (sd->state) { 1340 case sd_transfer_state: 1341 if (sd->csd[14] & 0x30) { 1342 sd->card_status |= WP_VIOLATION; 1343 return sd_r1b; 1344 } 1345 1346 sd->state = sd_programming_state; 1347 sd_erase(sd); 1348 /* Bzzzzzzztt .... Operation complete. */ 1349 sd->state = sd_transfer_state; 1350 return sd_r1b; 1351 1352 default: 1353 break; 1354 } 1355 break; 1356 1357 /* Lock card commands (Class 7) */ 1358 case 42: /* CMD42: LOCK_UNLOCK */ 1359 if (sd->spi) { 1360 goto unimplemented_spi_cmd; 1361 } 1362 switch (sd->state) { 1363 case sd_transfer_state: 1364 sd->state = sd_receivingdata_state; 1365 sd->data_start = 0; 1366 sd->data_offset = 0; 1367 return sd_r1; 1368 1369 default: 1370 break; 1371 } 1372 break; 1373 1374 case 52 ... 54: 1375 /* CMD52, CMD53, CMD54: reserved for SDIO cards 1376 * (see the SDIO Simplified Specification V2.0) 1377 * Handle as illegal command but do not complain 1378 * on stderr, as some OSes may use these in their 1379 * probing for presence of an SDIO card. 1380 */ 1381 return sd_illegal; 1382 1383 /* Application specific commands (Class 8) */ 1384 case 55: /* CMD55: APP_CMD */ 1385 switch (sd->state) { 1386 case sd_ready_state: 1387 case sd_identification_state: 1388 case sd_inactive_state: 1389 return sd_illegal; 1390 case sd_idle_state: 1391 if (rca) { 1392 qemu_log_mask(LOG_GUEST_ERROR, 1393 "SD: illegal RCA 0x%04x for APP_CMD\n", req.cmd); 1394 } 1395 default: 1396 break; 1397 } 1398 if (!sd->spi) { 1399 if (sd->rca != rca) { 1400 return sd_r0; 1401 } 1402 } 1403 sd->expecting_acmd = true; 1404 sd->card_status |= APP_CMD; 1405 return sd_r1; 1406 1407 case 56: /* CMD56: GEN_CMD */ 1408 switch (sd->state) { 1409 case sd_transfer_state: 1410 sd->data_offset = 0; 1411 if (req.arg & 1) 1412 sd->state = sd_sendingdata_state; 1413 else 1414 sd->state = sd_receivingdata_state; 1415 return sd_r1; 1416 1417 default: 1418 break; 1419 } 1420 break; 1421 1422 case 58: /* CMD58: READ_OCR (SPI) */ 1423 if (!sd->spi) { 1424 goto bad_cmd; 1425 } 1426 return sd_r3; 1427 1428 case 59: /* CMD59: CRC_ON_OFF (SPI) */ 1429 if (!sd->spi) { 1430 goto bad_cmd; 1431 } 1432 goto unimplemented_spi_cmd; 1433 1434 default: 1435 bad_cmd: 1436 qemu_log_mask(LOG_GUEST_ERROR, "SD: Unknown CMD%i\n", req.cmd); 1437 return sd_illegal; 1438 1439 unimplemented_spi_cmd: 1440 /* Commands that are recognised but not yet implemented in SPI mode. */ 1441 qemu_log_mask(LOG_UNIMP, "SD: CMD%i not implemented in SPI mode\n", 1442 req.cmd); 1443 return sd_illegal; 1444 } 1445 1446 qemu_log_mask(LOG_GUEST_ERROR, "SD: CMD%i in a wrong state\n", req.cmd); 1447 return sd_illegal; 1448 } 1449 1450 static sd_rsp_type_t sd_app_command(SDState *sd, 1451 SDRequest req) 1452 { 1453 trace_sdcard_app_command(req.cmd, req.arg); 1454 sd->card_status |= APP_CMD; 1455 switch (req.cmd) { 1456 case 6: /* ACMD6: SET_BUS_WIDTH */ 1457 if (sd->spi) { 1458 goto unimplemented_spi_cmd; 1459 } 1460 switch (sd->state) { 1461 case sd_transfer_state: 1462 sd->sd_status[0] &= 0x3f; 1463 sd->sd_status[0] |= (req.arg & 0x03) << 6; 1464 return sd_r1; 1465 1466 default: 1467 break; 1468 } 1469 break; 1470 1471 case 13: /* ACMD13: SD_STATUS */ 1472 switch (sd->state) { 1473 case sd_transfer_state: 1474 sd->state = sd_sendingdata_state; 1475 sd->data_start = 0; 1476 sd->data_offset = 0; 1477 return sd_r1; 1478 1479 default: 1480 break; 1481 } 1482 break; 1483 1484 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */ 1485 switch (sd->state) { 1486 case sd_transfer_state: 1487 *(uint32_t *) sd->data = sd->blk_written; 1488 1489 sd->state = sd_sendingdata_state; 1490 sd->data_start = 0; 1491 sd->data_offset = 0; 1492 return sd_r1; 1493 1494 default: 1495 break; 1496 } 1497 break; 1498 1499 case 23: /* ACMD23: SET_WR_BLK_ERASE_COUNT */ 1500 switch (sd->state) { 1501 case sd_transfer_state: 1502 return sd_r1; 1503 1504 default: 1505 break; 1506 } 1507 break; 1508 1509 case 41: /* ACMD41: SD_APP_OP_COND */ 1510 if (sd->spi) { 1511 /* SEND_OP_CMD */ 1512 sd->state = sd_transfer_state; 1513 return sd_r1; 1514 } 1515 if (sd->state != sd_idle_state) { 1516 break; 1517 } 1518 /* If it's the first ACMD41 since reset, we need to decide 1519 * whether to power up. If this is not an enquiry ACMD41, 1520 * we immediately report power on and proceed below to the 1521 * ready state, but if it is, we set a timer to model a 1522 * delay for power up. This works around a bug in EDK2 1523 * UEFI, which sends an initial enquiry ACMD41, but 1524 * assumes that the card is in ready state as soon as it 1525 * sees the power up bit set. */ 1526 if (!FIELD_EX32(sd->ocr, OCR, CARD_POWER_UP)) { 1527 if ((req.arg & ACMD41_ENQUIRY_MASK) != 0) { 1528 timer_del(sd->ocr_power_timer); 1529 sd_ocr_powerup(sd); 1530 } else { 1531 trace_sdcard_inquiry_cmd41(); 1532 if (!timer_pending(sd->ocr_power_timer)) { 1533 timer_mod_ns(sd->ocr_power_timer, 1534 (qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) 1535 + OCR_POWER_DELAY_NS)); 1536 } 1537 } 1538 } 1539 1540 if (FIELD_EX32(sd->ocr & req.arg, OCR, VDD_VOLTAGE_WINDOW)) { 1541 /* We accept any voltage. 10000 V is nothing. 1542 * 1543 * Once we're powered up, we advance straight to ready state 1544 * unless it's an enquiry ACMD41 (bits 23:0 == 0). 1545 */ 1546 sd->state = sd_ready_state; 1547 } 1548 1549 return sd_r3; 1550 1551 case 42: /* ACMD42: SET_CLR_CARD_DETECT */ 1552 switch (sd->state) { 1553 case sd_transfer_state: 1554 /* Bringing in the 50KOhm pull-up resistor... Done. */ 1555 return sd_r1; 1556 1557 default: 1558 break; 1559 } 1560 break; 1561 1562 case 51: /* ACMD51: SEND_SCR */ 1563 switch (sd->state) { 1564 case sd_transfer_state: 1565 sd->state = sd_sendingdata_state; 1566 sd->data_start = 0; 1567 sd->data_offset = 0; 1568 return sd_r1; 1569 1570 default: 1571 break; 1572 } 1573 break; 1574 1575 case 18: /* Reserved for SD security applications */ 1576 case 25: 1577 case 26: 1578 case 38: 1579 case 43 ... 49: 1580 /* Refer to the "SD Specifications Part3 Security Specification" for 1581 * information about the SD Security Features. 1582 */ 1583 qemu_log_mask(LOG_UNIMP, "SD: CMD%i Security not implemented\n", 1584 req.cmd); 1585 return sd_illegal; 1586 1587 default: 1588 /* Fall back to standard commands. */ 1589 return sd_normal_command(sd, req); 1590 1591 unimplemented_spi_cmd: 1592 /* Commands that are recognised but not yet implemented in SPI mode. */ 1593 qemu_log_mask(LOG_UNIMP, "SD: CMD%i not implemented in SPI mode\n", 1594 req.cmd); 1595 return sd_illegal; 1596 } 1597 1598 qemu_log_mask(LOG_GUEST_ERROR, "SD: ACMD%i in a wrong state\n", req.cmd); 1599 return sd_illegal; 1600 } 1601 1602 static int cmd_valid_while_locked(SDState *sd, SDRequest *req) 1603 { 1604 /* Valid commands in locked state: 1605 * basic class (0) 1606 * lock card class (7) 1607 * CMD16 1608 * implicitly, the ACMD prefix CMD55 1609 * ACMD41 and ACMD42 1610 * Anything else provokes an "illegal command" response. 1611 */ 1612 if (sd->expecting_acmd) { 1613 return req->cmd == 41 || req->cmd == 42; 1614 } 1615 if (req->cmd == 16 || req->cmd == 55) { 1616 return 1; 1617 } 1618 return sd_cmd_class[req->cmd] == 0 1619 || sd_cmd_class[req->cmd] == 7; 1620 } 1621 1622 int sd_do_command(SDState *sd, SDRequest *req, 1623 uint8_t *response) { 1624 int last_state; 1625 sd_rsp_type_t rtype; 1626 int rsplen; 1627 1628 if (!sd->blk || !blk_is_inserted(sd->blk) || !sd->enable) { 1629 return 0; 1630 } 1631 1632 if (sd_req_crc_validate(req)) { 1633 sd->card_status |= COM_CRC_ERROR; 1634 rtype = sd_illegal; 1635 goto send_response; 1636 } 1637 1638 if (req->cmd >= SDMMC_CMD_MAX) { 1639 qemu_log_mask(LOG_GUEST_ERROR, "SD: incorrect command 0x%02x\n", 1640 req->cmd); 1641 req->cmd &= 0x3f; 1642 } 1643 1644 if (sd->card_status & CARD_IS_LOCKED) { 1645 if (!cmd_valid_while_locked(sd, req)) { 1646 sd->card_status |= ILLEGAL_COMMAND; 1647 sd->expecting_acmd = false; 1648 qemu_log_mask(LOG_GUEST_ERROR, "SD: Card is locked\n"); 1649 rtype = sd_illegal; 1650 goto send_response; 1651 } 1652 } 1653 1654 last_state = sd->state; 1655 sd_set_mode(sd); 1656 1657 if (sd->expecting_acmd) { 1658 sd->expecting_acmd = false; 1659 rtype = sd_app_command(sd, *req); 1660 } else { 1661 rtype = sd_normal_command(sd, *req); 1662 } 1663 1664 if (rtype == sd_illegal) { 1665 sd->card_status |= ILLEGAL_COMMAND; 1666 } else { 1667 /* Valid command, we can update the 'state before command' bits. 1668 * (Do this now so they appear in r1 responses.) 1669 */ 1670 sd->current_cmd = req->cmd; 1671 sd->card_status &= ~CURRENT_STATE; 1672 sd->card_status |= (last_state << 9); 1673 } 1674 1675 send_response: 1676 switch (rtype) { 1677 case sd_r1: 1678 case sd_r1b: 1679 sd_response_r1_make(sd, response); 1680 rsplen = 4; 1681 break; 1682 1683 case sd_r2_i: 1684 memcpy(response, sd->cid, sizeof(sd->cid)); 1685 rsplen = 16; 1686 break; 1687 1688 case sd_r2_s: 1689 memcpy(response, sd->csd, sizeof(sd->csd)); 1690 rsplen = 16; 1691 break; 1692 1693 case sd_r3: 1694 sd_response_r3_make(sd, response); 1695 rsplen = 4; 1696 break; 1697 1698 case sd_r6: 1699 sd_response_r6_make(sd, response); 1700 rsplen = 4; 1701 break; 1702 1703 case sd_r7: 1704 sd_response_r7_make(sd, response); 1705 rsplen = 4; 1706 break; 1707 1708 case sd_r0: 1709 case sd_illegal: 1710 rsplen = 0; 1711 break; 1712 default: 1713 g_assert_not_reached(); 1714 } 1715 trace_sdcard_response(sd_response_name(rtype), rsplen); 1716 1717 if (rtype != sd_illegal) { 1718 /* Clear the "clear on valid command" status bits now we've 1719 * sent any response 1720 */ 1721 sd->card_status &= ~CARD_STATUS_B; 1722 } 1723 1724 #ifdef DEBUG_SD 1725 qemu_hexdump((const char *)response, stderr, "Response", rsplen); 1726 #endif 1727 1728 return rsplen; 1729 } 1730 1731 static void sd_blk_read(SDState *sd, uint64_t addr, uint32_t len) 1732 { 1733 trace_sdcard_read_block(addr, len); 1734 if (!sd->blk || blk_pread(sd->blk, addr, sd->data, len) < 0) { 1735 fprintf(stderr, "sd_blk_read: read error on host side\n"); 1736 } 1737 } 1738 1739 static void sd_blk_write(SDState *sd, uint64_t addr, uint32_t len) 1740 { 1741 trace_sdcard_write_block(addr, len); 1742 if (!sd->blk || blk_pwrite(sd->blk, addr, sd->data, len, 0) < 0) { 1743 fprintf(stderr, "sd_blk_write: write error on host side\n"); 1744 } 1745 } 1746 1747 #define BLK_READ_BLOCK(a, len) sd_blk_read(sd, a, len) 1748 #define BLK_WRITE_BLOCK(a, len) sd_blk_write(sd, a, len) 1749 #define APP_READ_BLOCK(a, len) memset(sd->data, 0xec, len) 1750 #define APP_WRITE_BLOCK(a, len) 1751 1752 void sd_write_data(SDState *sd, uint8_t value) 1753 { 1754 int i; 1755 1756 if (!sd->blk || !blk_is_inserted(sd->blk) || !sd->enable) 1757 return; 1758 1759 if (sd->state != sd_receivingdata_state) { 1760 qemu_log_mask(LOG_GUEST_ERROR, 1761 "sd_write_data: not in Receiving-Data state\n"); 1762 return; 1763 } 1764 1765 if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION)) 1766 return; 1767 1768 trace_sdcard_write_data(sd->current_cmd, value); 1769 switch (sd->current_cmd) { 1770 case 24: /* CMD24: WRITE_SINGLE_BLOCK */ 1771 sd->data[sd->data_offset ++] = value; 1772 if (sd->data_offset >= sd->blk_len) { 1773 /* TODO: Check CRC before committing */ 1774 sd->state = sd_programming_state; 1775 BLK_WRITE_BLOCK(sd->data_start, sd->data_offset); 1776 sd->blk_written ++; 1777 sd->csd[14] |= 0x40; 1778 /* Bzzzzzzztt .... Operation complete. */ 1779 sd->state = sd_transfer_state; 1780 } 1781 break; 1782 1783 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */ 1784 if (sd->data_offset == 0) { 1785 /* Start of the block - let's check the address is valid */ 1786 if (sd->data_start + sd->blk_len > sd->size) { 1787 sd->card_status |= ADDRESS_ERROR; 1788 break; 1789 } 1790 if (sd_wp_addr(sd, sd->data_start)) { 1791 sd->card_status |= WP_VIOLATION; 1792 break; 1793 } 1794 } 1795 sd->data[sd->data_offset++] = value; 1796 if (sd->data_offset >= sd->blk_len) { 1797 /* TODO: Check CRC before committing */ 1798 sd->state = sd_programming_state; 1799 BLK_WRITE_BLOCK(sd->data_start, sd->data_offset); 1800 sd->blk_written++; 1801 sd->data_start += sd->blk_len; 1802 sd->data_offset = 0; 1803 sd->csd[14] |= 0x40; 1804 1805 /* Bzzzzzzztt .... Operation complete. */ 1806 if (sd->multi_blk_cnt != 0) { 1807 if (--sd->multi_blk_cnt == 0) { 1808 /* Stop! */ 1809 sd->state = sd_transfer_state; 1810 break; 1811 } 1812 } 1813 1814 sd->state = sd_receivingdata_state; 1815 } 1816 break; 1817 1818 case 26: /* CMD26: PROGRAM_CID */ 1819 sd->data[sd->data_offset ++] = value; 1820 if (sd->data_offset >= sizeof(sd->cid)) { 1821 /* TODO: Check CRC before committing */ 1822 sd->state = sd_programming_state; 1823 for (i = 0; i < sizeof(sd->cid); i ++) 1824 if ((sd->cid[i] | 0x00) != sd->data[i]) 1825 sd->card_status |= CID_CSD_OVERWRITE; 1826 1827 if (!(sd->card_status & CID_CSD_OVERWRITE)) 1828 for (i = 0; i < sizeof(sd->cid); i ++) { 1829 sd->cid[i] |= 0x00; 1830 sd->cid[i] &= sd->data[i]; 1831 } 1832 /* Bzzzzzzztt .... Operation complete. */ 1833 sd->state = sd_transfer_state; 1834 } 1835 break; 1836 1837 case 27: /* CMD27: PROGRAM_CSD */ 1838 sd->data[sd->data_offset ++] = value; 1839 if (sd->data_offset >= sizeof(sd->csd)) { 1840 /* TODO: Check CRC before committing */ 1841 sd->state = sd_programming_state; 1842 for (i = 0; i < sizeof(sd->csd); i ++) 1843 if ((sd->csd[i] | sd_csd_rw_mask[i]) != 1844 (sd->data[i] | sd_csd_rw_mask[i])) 1845 sd->card_status |= CID_CSD_OVERWRITE; 1846 1847 /* Copy flag (OTP) & Permanent write protect */ 1848 if (sd->csd[14] & ~sd->data[14] & 0x60) 1849 sd->card_status |= CID_CSD_OVERWRITE; 1850 1851 if (!(sd->card_status & CID_CSD_OVERWRITE)) 1852 for (i = 0; i < sizeof(sd->csd); i ++) { 1853 sd->csd[i] |= sd_csd_rw_mask[i]; 1854 sd->csd[i] &= sd->data[i]; 1855 } 1856 /* Bzzzzzzztt .... Operation complete. */ 1857 sd->state = sd_transfer_state; 1858 } 1859 break; 1860 1861 case 42: /* CMD42: LOCK_UNLOCK */ 1862 sd->data[sd->data_offset ++] = value; 1863 if (sd->data_offset >= sd->blk_len) { 1864 /* TODO: Check CRC before committing */ 1865 sd->state = sd_programming_state; 1866 sd_lock_command(sd); 1867 /* Bzzzzzzztt .... Operation complete. */ 1868 sd->state = sd_transfer_state; 1869 } 1870 break; 1871 1872 case 56: /* CMD56: GEN_CMD */ 1873 sd->data[sd->data_offset ++] = value; 1874 if (sd->data_offset >= sd->blk_len) { 1875 APP_WRITE_BLOCK(sd->data_start, sd->data_offset); 1876 sd->state = sd_transfer_state; 1877 } 1878 break; 1879 1880 default: 1881 qemu_log_mask(LOG_GUEST_ERROR, "sd_write_data: unknown command\n"); 1882 break; 1883 } 1884 } 1885 1886 uint8_t sd_read_data(SDState *sd) 1887 { 1888 /* TODO: Append CRCs */ 1889 uint8_t ret; 1890 int io_len; 1891 1892 if (!sd->blk || !blk_is_inserted(sd->blk) || !sd->enable) 1893 return 0x00; 1894 1895 if (sd->state != sd_sendingdata_state) { 1896 qemu_log_mask(LOG_GUEST_ERROR, 1897 "sd_read_data: not in Sending-Data state\n"); 1898 return 0x00; 1899 } 1900 1901 if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION)) 1902 return 0x00; 1903 1904 io_len = (sd->ocr & (1 << 30)) ? 512 : sd->blk_len; 1905 1906 trace_sdcard_read_data(sd->current_cmd, io_len); 1907 switch (sd->current_cmd) { 1908 case 6: /* CMD6: SWITCH_FUNCTION */ 1909 ret = sd->data[sd->data_offset ++]; 1910 1911 if (sd->data_offset >= 64) 1912 sd->state = sd_transfer_state; 1913 break; 1914 1915 case 9: /* CMD9: SEND_CSD */ 1916 case 10: /* CMD10: SEND_CID */ 1917 ret = sd->data[sd->data_offset ++]; 1918 1919 if (sd->data_offset >= 16) 1920 sd->state = sd_transfer_state; 1921 break; 1922 1923 case 13: /* ACMD13: SD_STATUS */ 1924 ret = sd->sd_status[sd->data_offset ++]; 1925 1926 if (sd->data_offset >= sizeof(sd->sd_status)) 1927 sd->state = sd_transfer_state; 1928 break; 1929 1930 case 17: /* CMD17: READ_SINGLE_BLOCK */ 1931 if (sd->data_offset == 0) 1932 BLK_READ_BLOCK(sd->data_start, io_len); 1933 ret = sd->data[sd->data_offset ++]; 1934 1935 if (sd->data_offset >= io_len) 1936 sd->state = sd_transfer_state; 1937 break; 1938 1939 case 18: /* CMD18: READ_MULTIPLE_BLOCK */ 1940 if (sd->data_offset == 0) { 1941 if (sd->data_start + io_len > sd->size) { 1942 sd->card_status |= ADDRESS_ERROR; 1943 return 0x00; 1944 } 1945 BLK_READ_BLOCK(sd->data_start, io_len); 1946 } 1947 ret = sd->data[sd->data_offset ++]; 1948 1949 if (sd->data_offset >= io_len) { 1950 sd->data_start += io_len; 1951 sd->data_offset = 0; 1952 1953 if (sd->multi_blk_cnt != 0) { 1954 if (--sd->multi_blk_cnt == 0) { 1955 /* Stop! */ 1956 sd->state = sd_transfer_state; 1957 break; 1958 } 1959 } 1960 } 1961 break; 1962 1963 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */ 1964 ret = sd->data[sd->data_offset ++]; 1965 1966 if (sd->data_offset >= 4) 1967 sd->state = sd_transfer_state; 1968 break; 1969 1970 case 30: /* CMD30: SEND_WRITE_PROT */ 1971 ret = sd->data[sd->data_offset ++]; 1972 1973 if (sd->data_offset >= 4) 1974 sd->state = sd_transfer_state; 1975 break; 1976 1977 case 51: /* ACMD51: SEND_SCR */ 1978 ret = sd->scr[sd->data_offset ++]; 1979 1980 if (sd->data_offset >= sizeof(sd->scr)) 1981 sd->state = sd_transfer_state; 1982 break; 1983 1984 case 56: /* CMD56: GEN_CMD */ 1985 if (sd->data_offset == 0) 1986 APP_READ_BLOCK(sd->data_start, sd->blk_len); 1987 ret = sd->data[sd->data_offset ++]; 1988 1989 if (sd->data_offset >= sd->blk_len) 1990 sd->state = sd_transfer_state; 1991 break; 1992 1993 default: 1994 qemu_log_mask(LOG_GUEST_ERROR, "sd_read_data: unknown command\n"); 1995 return 0x00; 1996 } 1997 1998 return ret; 1999 } 2000 2001 bool sd_data_ready(SDState *sd) 2002 { 2003 return sd->state == sd_sendingdata_state; 2004 } 2005 2006 void sd_enable(SDState *sd, bool enable) 2007 { 2008 sd->enable = enable; 2009 } 2010 2011 static void sd_instance_init(Object *obj) 2012 { 2013 SDState *sd = SD_CARD(obj); 2014 2015 sd->enable = true; 2016 sd->ocr_power_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, sd_ocr_powerup, sd); 2017 } 2018 2019 static void sd_instance_finalize(Object *obj) 2020 { 2021 SDState *sd = SD_CARD(obj); 2022 2023 timer_del(sd->ocr_power_timer); 2024 timer_free(sd->ocr_power_timer); 2025 } 2026 2027 static void sd_realize(DeviceState *dev, Error **errp) 2028 { 2029 SDState *sd = SD_CARD(dev); 2030 int ret; 2031 2032 if (sd->blk && blk_is_read_only(sd->blk)) { 2033 error_setg(errp, "Cannot use read-only drive as SD card"); 2034 return; 2035 } 2036 2037 if (sd->blk) { 2038 ret = blk_set_perm(sd->blk, BLK_PERM_CONSISTENT_READ | BLK_PERM_WRITE, 2039 BLK_PERM_ALL, errp); 2040 if (ret < 0) { 2041 return; 2042 } 2043 blk_set_dev_ops(sd->blk, &sd_block_ops, sd); 2044 } 2045 } 2046 2047 static Property sd_properties[] = { 2048 DEFINE_PROP_DRIVE("drive", SDState, blk), 2049 /* We do not model the chip select pin, so allow the board to select 2050 * whether card should be in SSI or MMC/SD mode. It is also up to the 2051 * board to ensure that ssi transfers only occur when the chip select 2052 * is asserted. */ 2053 DEFINE_PROP_BOOL("spi", SDState, spi, false), 2054 DEFINE_PROP_END_OF_LIST() 2055 }; 2056 2057 static void sd_class_init(ObjectClass *klass, void *data) 2058 { 2059 DeviceClass *dc = DEVICE_CLASS(klass); 2060 SDCardClass *sc = SD_CARD_CLASS(klass); 2061 2062 dc->realize = sd_realize; 2063 dc->props = sd_properties; 2064 dc->vmsd = &sd_vmstate; 2065 dc->reset = sd_reset; 2066 dc->bus_type = TYPE_SD_BUS; 2067 2068 sc->set_voltage = sd_set_voltage; 2069 sc->get_dat_lines = sd_get_dat_lines; 2070 sc->get_cmd_line = sd_get_cmd_line; 2071 sc->do_command = sd_do_command; 2072 sc->write_data = sd_write_data; 2073 sc->read_data = sd_read_data; 2074 sc->data_ready = sd_data_ready; 2075 sc->enable = sd_enable; 2076 sc->get_inserted = sd_get_inserted; 2077 sc->get_readonly = sd_get_readonly; 2078 } 2079 2080 static const TypeInfo sd_info = { 2081 .name = TYPE_SD_CARD, 2082 .parent = TYPE_DEVICE, 2083 .instance_size = sizeof(SDState), 2084 .class_size = sizeof(SDCardClass), 2085 .class_init = sd_class_init, 2086 .instance_init = sd_instance_init, 2087 .instance_finalize = sd_instance_finalize, 2088 }; 2089 2090 static void sd_register_types(void) 2091 { 2092 type_register_static(&sd_info); 2093 } 2094 2095 type_init(sd_register_types) 2096