1 /* 2 * SD Memory Card emulation as defined in the "SD Memory Card Physical 3 * layer specification, Version 1.10." 4 * 5 * Copyright (c) 2006 Andrzej Zaborowski <balrog@zabor.org> 6 * Copyright (c) 2007 CodeSourcery 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 2. Redistributions in binary form must reproduce the above copyright 15 * notice, this list of conditions and the following disclaimer in 16 * the documentation and/or other materials provided with the 17 * distribution. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' 20 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, 21 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A 22 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR 23 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, 24 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, 25 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 26 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY 27 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 28 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 29 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 30 */ 31 32 #include "hw/hw.h" 33 #include "block/block.h" 34 #include "hw/sd.h" 35 #include "qemu/bitmap.h" 36 37 //#define DEBUG_SD 1 38 39 #ifdef DEBUG_SD 40 #define DPRINTF(fmt, ...) \ 41 do { fprintf(stderr, "SD: " fmt , ## __VA_ARGS__); } while (0) 42 #else 43 #define DPRINTF(fmt, ...) do {} while(0) 44 #endif 45 46 #define ACMD41_ENQUIRY_MASK 0x00ffffff 47 48 typedef enum { 49 sd_r0 = 0, /* no response */ 50 sd_r1, /* normal response command */ 51 sd_r2_i, /* CID register */ 52 sd_r2_s, /* CSD register */ 53 sd_r3, /* OCR register */ 54 sd_r6 = 6, /* Published RCA response */ 55 sd_r7, /* Operating voltage */ 56 sd_r1b = -1, 57 sd_illegal = -2, 58 } sd_rsp_type_t; 59 60 enum SDCardModes { 61 sd_inactive, 62 sd_card_identification_mode, 63 sd_data_transfer_mode, 64 }; 65 66 enum SDCardStates { 67 sd_inactive_state = -1, 68 sd_idle_state = 0, 69 sd_ready_state, 70 sd_identification_state, 71 sd_standby_state, 72 sd_transfer_state, 73 sd_sendingdata_state, 74 sd_receivingdata_state, 75 sd_programming_state, 76 sd_disconnect_state, 77 }; 78 79 struct SDState { 80 uint32_t mode; /* current card mode, one of SDCardModes */ 81 int32_t state; /* current card state, one of SDCardStates */ 82 uint32_t ocr; 83 uint8_t scr[8]; 84 uint8_t cid[16]; 85 uint8_t csd[16]; 86 uint16_t rca; 87 uint32_t card_status; 88 uint8_t sd_status[64]; 89 uint32_t vhs; 90 bool wp_switch; 91 unsigned long *wp_groups; 92 int32_t wpgrps_size; 93 uint64_t size; 94 uint32_t blk_len; 95 uint32_t erase_start; 96 uint32_t erase_end; 97 uint8_t pwd[16]; 98 uint32_t pwd_len; 99 uint8_t function_group[6]; 100 101 bool spi; 102 uint8_t current_cmd; 103 /* True if we will handle the next command as an ACMD. Note that this does 104 * *not* track the APP_CMD status bit! 105 */ 106 bool expecting_acmd; 107 uint32_t blk_written; 108 uint64_t data_start; 109 uint32_t data_offset; 110 uint8_t data[512]; 111 qemu_irq readonly_cb; 112 qemu_irq inserted_cb; 113 BlockDriverState *bdrv; 114 uint8_t *buf; 115 116 bool enable; 117 }; 118 119 static void sd_set_mode(SDState *sd) 120 { 121 switch (sd->state) { 122 case sd_inactive_state: 123 sd->mode = sd_inactive; 124 break; 125 126 case sd_idle_state: 127 case sd_ready_state: 128 case sd_identification_state: 129 sd->mode = sd_card_identification_mode; 130 break; 131 132 case sd_standby_state: 133 case sd_transfer_state: 134 case sd_sendingdata_state: 135 case sd_receivingdata_state: 136 case sd_programming_state: 137 case sd_disconnect_state: 138 sd->mode = sd_data_transfer_mode; 139 break; 140 } 141 } 142 143 static const sd_cmd_type_t sd_cmd_type[64] = { 144 sd_bc, sd_none, sd_bcr, sd_bcr, sd_none, sd_none, sd_none, sd_ac, 145 sd_bcr, sd_ac, sd_ac, sd_adtc, sd_ac, sd_ac, sd_none, sd_ac, 146 sd_ac, sd_adtc, sd_adtc, sd_none, sd_none, sd_none, sd_none, sd_none, 147 sd_adtc, sd_adtc, sd_adtc, sd_adtc, sd_ac, sd_ac, sd_adtc, sd_none, 148 sd_ac, sd_ac, sd_none, sd_none, sd_none, sd_none, sd_ac, sd_none, 149 sd_none, sd_none, sd_bc, sd_none, sd_none, sd_none, sd_none, sd_none, 150 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_ac, 151 sd_adtc, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, 152 }; 153 154 static const sd_cmd_type_t sd_acmd_type[64] = { 155 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_ac, sd_none, 156 sd_none, sd_none, sd_none, sd_none, sd_none, sd_adtc, sd_none, sd_none, 157 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_adtc, sd_ac, 158 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, 159 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, 160 sd_none, sd_bcr, sd_ac, sd_none, sd_none, sd_none, sd_none, sd_none, 161 sd_none, sd_none, sd_none, sd_adtc, sd_none, sd_none, sd_none, sd_none, 162 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, 163 }; 164 165 static const int sd_cmd_class[64] = { 166 0, 0, 0, 0, 0, 9, 10, 0, 0, 0, 0, 1, 0, 0, 0, 0, 167 2, 2, 2, 2, 3, 3, 3, 3, 4, 4, 4, 4, 6, 6, 6, 6, 168 5, 5, 10, 10, 10, 10, 5, 9, 9, 9, 7, 7, 7, 7, 7, 7, 169 7, 7, 10, 7, 9, 9, 9, 8, 8, 10, 8, 8, 8, 8, 8, 8, 170 }; 171 172 static uint8_t sd_crc7(void *message, size_t width) 173 { 174 int i, bit; 175 uint8_t shift_reg = 0x00; 176 uint8_t *msg = (uint8_t *) message; 177 178 for (i = 0; i < width; i ++, msg ++) 179 for (bit = 7; bit >= 0; bit --) { 180 shift_reg <<= 1; 181 if ((shift_reg >> 7) ^ ((*msg >> bit) & 1)) 182 shift_reg ^= 0x89; 183 } 184 185 return shift_reg; 186 } 187 188 static uint16_t sd_crc16(void *message, size_t width) 189 { 190 int i, bit; 191 uint16_t shift_reg = 0x0000; 192 uint16_t *msg = (uint16_t *) message; 193 width <<= 1; 194 195 for (i = 0; i < width; i ++, msg ++) 196 for (bit = 15; bit >= 0; bit --) { 197 shift_reg <<= 1; 198 if ((shift_reg >> 15) ^ ((*msg >> bit) & 1)) 199 shift_reg ^= 0x1011; 200 } 201 202 return shift_reg; 203 } 204 205 static void sd_set_ocr(SDState *sd) 206 { 207 /* All voltages OK, card power-up OK, Standard Capacity SD Memory Card */ 208 sd->ocr = 0x80ffff00; 209 } 210 211 static void sd_set_scr(SDState *sd) 212 { 213 sd->scr[0] = 0x00; /* SCR Structure */ 214 sd->scr[1] = 0x2f; /* SD Security Support */ 215 sd->scr[2] = 0x00; 216 sd->scr[3] = 0x00; 217 sd->scr[4] = 0x00; 218 sd->scr[5] = 0x00; 219 sd->scr[6] = 0x00; 220 sd->scr[7] = 0x00; 221 } 222 223 #define MID 0xaa 224 #define OID "XY" 225 #define PNM "QEMU!" 226 #define PRV 0x01 227 #define MDT_YR 2006 228 #define MDT_MON 2 229 230 static void sd_set_cid(SDState *sd) 231 { 232 sd->cid[0] = MID; /* Fake card manufacturer ID (MID) */ 233 sd->cid[1] = OID[0]; /* OEM/Application ID (OID) */ 234 sd->cid[2] = OID[1]; 235 sd->cid[3] = PNM[0]; /* Fake product name (PNM) */ 236 sd->cid[4] = PNM[1]; 237 sd->cid[5] = PNM[2]; 238 sd->cid[6] = PNM[3]; 239 sd->cid[7] = PNM[4]; 240 sd->cid[8] = PRV; /* Fake product revision (PRV) */ 241 sd->cid[9] = 0xde; /* Fake serial number (PSN) */ 242 sd->cid[10] = 0xad; 243 sd->cid[11] = 0xbe; 244 sd->cid[12] = 0xef; 245 sd->cid[13] = 0x00 | /* Manufacture date (MDT) */ 246 ((MDT_YR - 2000) / 10); 247 sd->cid[14] = ((MDT_YR % 10) << 4) | MDT_MON; 248 sd->cid[15] = (sd_crc7(sd->cid, 15) << 1) | 1; 249 } 250 251 #define HWBLOCK_SHIFT 9 /* 512 bytes */ 252 #define SECTOR_SHIFT 5 /* 16 kilobytes */ 253 #define WPGROUP_SHIFT 7 /* 2 megs */ 254 #define CMULT_SHIFT 9 /* 512 times HWBLOCK_SIZE */ 255 #define WPGROUP_SIZE (1 << (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT)) 256 257 static const uint8_t sd_csd_rw_mask[16] = { 258 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 259 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xfc, 0xfe, 260 }; 261 262 static void sd_set_csd(SDState *sd, uint64_t size) 263 { 264 uint32_t csize = (size >> (CMULT_SHIFT + HWBLOCK_SHIFT)) - 1; 265 uint32_t sectsize = (1 << (SECTOR_SHIFT + 1)) - 1; 266 uint32_t wpsize = (1 << (WPGROUP_SHIFT + 1)) - 1; 267 268 if (size <= 0x40000000) { /* Standard Capacity SD */ 269 sd->csd[0] = 0x00; /* CSD structure */ 270 sd->csd[1] = 0x26; /* Data read access-time-1 */ 271 sd->csd[2] = 0x00; /* Data read access-time-2 */ 272 sd->csd[3] = 0x5a; /* Max. data transfer rate */ 273 sd->csd[4] = 0x5f; /* Card Command Classes */ 274 sd->csd[5] = 0x50 | /* Max. read data block length */ 275 HWBLOCK_SHIFT; 276 sd->csd[6] = 0xe0 | /* Partial block for read allowed */ 277 ((csize >> 10) & 0x03); 278 sd->csd[7] = 0x00 | /* Device size */ 279 ((csize >> 2) & 0xff); 280 sd->csd[8] = 0x3f | /* Max. read current */ 281 ((csize << 6) & 0xc0); 282 sd->csd[9] = 0xfc | /* Max. write current */ 283 ((CMULT_SHIFT - 2) >> 1); 284 sd->csd[10] = 0x40 | /* Erase sector size */ 285 (((CMULT_SHIFT - 2) << 7) & 0x80) | (sectsize >> 1); 286 sd->csd[11] = 0x00 | /* Write protect group size */ 287 ((sectsize << 7) & 0x80) | wpsize; 288 sd->csd[12] = 0x90 | /* Write speed factor */ 289 (HWBLOCK_SHIFT >> 2); 290 sd->csd[13] = 0x20 | /* Max. write data block length */ 291 ((HWBLOCK_SHIFT << 6) & 0xc0); 292 sd->csd[14] = 0x00; /* File format group */ 293 sd->csd[15] = (sd_crc7(sd->csd, 15) << 1) | 1; 294 } else { /* SDHC */ 295 size /= 512 * 1024; 296 size -= 1; 297 sd->csd[0] = 0x40; 298 sd->csd[1] = 0x0e; 299 sd->csd[2] = 0x00; 300 sd->csd[3] = 0x32; 301 sd->csd[4] = 0x5b; 302 sd->csd[5] = 0x59; 303 sd->csd[6] = 0x00; 304 sd->csd[7] = (size >> 16) & 0xff; 305 sd->csd[8] = (size >> 8) & 0xff; 306 sd->csd[9] = (size & 0xff); 307 sd->csd[10] = 0x7f; 308 sd->csd[11] = 0x80; 309 sd->csd[12] = 0x0a; 310 sd->csd[13] = 0x40; 311 sd->csd[14] = 0x00; 312 sd->csd[15] = 0x00; 313 sd->ocr |= 1 << 30; /* High Capacity SD Memory Card */ 314 } 315 } 316 317 static void sd_set_rca(SDState *sd) 318 { 319 sd->rca += 0x4567; 320 } 321 322 /* Card status bits, split by clear condition: 323 * A : According to the card current state 324 * B : Always related to the previous command 325 * C : Cleared by read 326 */ 327 #define CARD_STATUS_A 0x02004100 328 #define CARD_STATUS_B 0x00c01e00 329 #define CARD_STATUS_C 0xfd39a028 330 331 static void sd_set_cardstatus(SDState *sd) 332 { 333 sd->card_status = 0x00000100; 334 } 335 336 static void sd_set_sdstatus(SDState *sd) 337 { 338 memset(sd->sd_status, 0, 64); 339 } 340 341 static int sd_req_crc_validate(SDRequest *req) 342 { 343 uint8_t buffer[5]; 344 buffer[0] = 0x40 | req->cmd; 345 buffer[1] = (req->arg >> 24) & 0xff; 346 buffer[2] = (req->arg >> 16) & 0xff; 347 buffer[3] = (req->arg >> 8) & 0xff; 348 buffer[4] = (req->arg >> 0) & 0xff; 349 return 0; 350 return sd_crc7(buffer, 5) != req->crc; /* TODO */ 351 } 352 353 static void sd_response_r1_make(SDState *sd, uint8_t *response) 354 { 355 uint32_t status = sd->card_status; 356 /* Clear the "clear on read" status bits */ 357 sd->card_status &= ~CARD_STATUS_C; 358 359 response[0] = (status >> 24) & 0xff; 360 response[1] = (status >> 16) & 0xff; 361 response[2] = (status >> 8) & 0xff; 362 response[3] = (status >> 0) & 0xff; 363 } 364 365 static void sd_response_r3_make(SDState *sd, uint8_t *response) 366 { 367 response[0] = (sd->ocr >> 24) & 0xff; 368 response[1] = (sd->ocr >> 16) & 0xff; 369 response[2] = (sd->ocr >> 8) & 0xff; 370 response[3] = (sd->ocr >> 0) & 0xff; 371 } 372 373 static void sd_response_r6_make(SDState *sd, uint8_t *response) 374 { 375 uint16_t arg; 376 uint16_t status; 377 378 arg = sd->rca; 379 status = ((sd->card_status >> 8) & 0xc000) | 380 ((sd->card_status >> 6) & 0x2000) | 381 (sd->card_status & 0x1fff); 382 sd->card_status &= ~(CARD_STATUS_C & 0xc81fff); 383 384 response[0] = (arg >> 8) & 0xff; 385 response[1] = arg & 0xff; 386 response[2] = (status >> 8) & 0xff; 387 response[3] = status & 0xff; 388 } 389 390 static void sd_response_r7_make(SDState *sd, uint8_t *response) 391 { 392 response[0] = (sd->vhs >> 24) & 0xff; 393 response[1] = (sd->vhs >> 16) & 0xff; 394 response[2] = (sd->vhs >> 8) & 0xff; 395 response[3] = (sd->vhs >> 0) & 0xff; 396 } 397 398 static inline uint64_t sd_addr_to_wpnum(uint64_t addr) 399 { 400 return addr >> (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT); 401 } 402 403 static void sd_reset(SDState *sd, BlockDriverState *bdrv) 404 { 405 uint64_t size; 406 uint64_t sect; 407 408 if (bdrv) { 409 bdrv_get_geometry(bdrv, §); 410 } else { 411 sect = 0; 412 } 413 size = sect << 9; 414 415 sect = sd_addr_to_wpnum(size) + 1; 416 417 sd->state = sd_idle_state; 418 sd->rca = 0x0000; 419 sd_set_ocr(sd); 420 sd_set_scr(sd); 421 sd_set_cid(sd); 422 sd_set_csd(sd, size); 423 sd_set_cardstatus(sd); 424 sd_set_sdstatus(sd); 425 426 sd->bdrv = bdrv; 427 428 if (sd->wp_groups) 429 g_free(sd->wp_groups); 430 sd->wp_switch = bdrv ? bdrv_is_read_only(bdrv) : false; 431 sd->wpgrps_size = sect; 432 sd->wp_groups = bitmap_new(sd->wpgrps_size); 433 memset(sd->function_group, 0, sizeof(sd->function_group)); 434 sd->erase_start = 0; 435 sd->erase_end = 0; 436 sd->size = size; 437 sd->blk_len = 0x200; 438 sd->pwd_len = 0; 439 sd->expecting_acmd = false; 440 } 441 442 static void sd_cardchange(void *opaque, bool load) 443 { 444 SDState *sd = opaque; 445 446 qemu_set_irq(sd->inserted_cb, bdrv_is_inserted(sd->bdrv)); 447 if (bdrv_is_inserted(sd->bdrv)) { 448 sd_reset(sd, sd->bdrv); 449 qemu_set_irq(sd->readonly_cb, sd->wp_switch); 450 } 451 } 452 453 static const BlockDevOps sd_block_ops = { 454 .change_media_cb = sd_cardchange, 455 }; 456 457 static const VMStateDescription sd_vmstate = { 458 .name = "sd-card", 459 .version_id = 1, 460 .minimum_version_id = 1, 461 .fields = (VMStateField[]) { 462 VMSTATE_UINT32(mode, SDState), 463 VMSTATE_INT32(state, SDState), 464 VMSTATE_UINT8_ARRAY(cid, SDState, 16), 465 VMSTATE_UINT8_ARRAY(csd, SDState, 16), 466 VMSTATE_UINT16(rca, SDState), 467 VMSTATE_UINT32(card_status, SDState), 468 VMSTATE_PARTIAL_BUFFER(sd_status, SDState, 1), 469 VMSTATE_UINT32(vhs, SDState), 470 VMSTATE_BITMAP(wp_groups, SDState, 0, wpgrps_size), 471 VMSTATE_UINT32(blk_len, SDState), 472 VMSTATE_UINT32(erase_start, SDState), 473 VMSTATE_UINT32(erase_end, SDState), 474 VMSTATE_UINT8_ARRAY(pwd, SDState, 16), 475 VMSTATE_UINT32(pwd_len, SDState), 476 VMSTATE_UINT8_ARRAY(function_group, SDState, 6), 477 VMSTATE_UINT8(current_cmd, SDState), 478 VMSTATE_BOOL(expecting_acmd, SDState), 479 VMSTATE_UINT32(blk_written, SDState), 480 VMSTATE_UINT64(data_start, SDState), 481 VMSTATE_UINT32(data_offset, SDState), 482 VMSTATE_UINT8_ARRAY(data, SDState, 512), 483 VMSTATE_BUFFER_POINTER_UNSAFE(buf, SDState, 1, 512), 484 VMSTATE_BOOL(enable, SDState), 485 VMSTATE_END_OF_LIST() 486 } 487 }; 488 489 /* We do not model the chip select pin, so allow the board to select 490 whether card should be in SSI or MMC/SD mode. It is also up to the 491 board to ensure that ssi transfers only occur when the chip select 492 is asserted. */ 493 SDState *sd_init(BlockDriverState *bs, bool is_spi) 494 { 495 SDState *sd; 496 497 sd = (SDState *) g_malloc0(sizeof(SDState)); 498 sd->buf = qemu_blockalign(bs, 512); 499 sd->spi = is_spi; 500 sd->enable = true; 501 sd_reset(sd, bs); 502 if (sd->bdrv) { 503 bdrv_attach_dev_nofail(sd->bdrv, sd); 504 bdrv_set_dev_ops(sd->bdrv, &sd_block_ops, sd); 505 } 506 vmstate_register(NULL, -1, &sd_vmstate, sd); 507 return sd; 508 } 509 510 void sd_set_cb(SDState *sd, qemu_irq readonly, qemu_irq insert) 511 { 512 sd->readonly_cb = readonly; 513 sd->inserted_cb = insert; 514 qemu_set_irq(readonly, sd->bdrv ? bdrv_is_read_only(sd->bdrv) : 0); 515 qemu_set_irq(insert, sd->bdrv ? bdrv_is_inserted(sd->bdrv) : 0); 516 } 517 518 static void sd_erase(SDState *sd) 519 { 520 int i; 521 uint64_t erase_start = sd->erase_start; 522 uint64_t erase_end = sd->erase_end; 523 524 if (!sd->erase_start || !sd->erase_end) { 525 sd->card_status |= ERASE_SEQ_ERROR; 526 return; 527 } 528 529 if (extract32(sd->ocr, OCR_CCS_BITN, 1)) { 530 /* High capacity memory card: erase units are 512 byte blocks */ 531 erase_start *= 512; 532 erase_end *= 512; 533 } 534 535 erase_start = sd_addr_to_wpnum(erase_start); 536 erase_end = sd_addr_to_wpnum(erase_end); 537 sd->erase_start = 0; 538 sd->erase_end = 0; 539 sd->csd[14] |= 0x40; 540 541 for (i = erase_start; i <= erase_end; i++) { 542 if (test_bit(i, sd->wp_groups)) { 543 sd->card_status |= WP_ERASE_SKIP; 544 } 545 } 546 } 547 548 static uint32_t sd_wpbits(SDState *sd, uint64_t addr) 549 { 550 uint32_t i, wpnum; 551 uint32_t ret = 0; 552 553 wpnum = sd_addr_to_wpnum(addr); 554 555 for (i = 0; i < 32; i++, wpnum++, addr += WPGROUP_SIZE) { 556 if (addr < sd->size && test_bit(wpnum, sd->wp_groups)) { 557 ret |= (1 << i); 558 } 559 } 560 561 return ret; 562 } 563 564 static void sd_function_switch(SDState *sd, uint32_t arg) 565 { 566 int i, mode, new_func, crc; 567 mode = !!(arg & 0x80000000); 568 569 sd->data[0] = 0x00; /* Maximum current consumption */ 570 sd->data[1] = 0x01; 571 sd->data[2] = 0x80; /* Supported group 6 functions */ 572 sd->data[3] = 0x01; 573 sd->data[4] = 0x80; /* Supported group 5 functions */ 574 sd->data[5] = 0x01; 575 sd->data[6] = 0x80; /* Supported group 4 functions */ 576 sd->data[7] = 0x01; 577 sd->data[8] = 0x80; /* Supported group 3 functions */ 578 sd->data[9] = 0x01; 579 sd->data[10] = 0x80; /* Supported group 2 functions */ 580 sd->data[11] = 0x43; 581 sd->data[12] = 0x80; /* Supported group 1 functions */ 582 sd->data[13] = 0x03; 583 for (i = 0; i < 6; i ++) { 584 new_func = (arg >> (i * 4)) & 0x0f; 585 if (mode && new_func != 0x0f) 586 sd->function_group[i] = new_func; 587 sd->data[14 + (i >> 1)] = new_func << ((i * 4) & 4); 588 } 589 memset(&sd->data[17], 0, 47); 590 crc = sd_crc16(sd->data, 64); 591 sd->data[65] = crc >> 8; 592 sd->data[66] = crc & 0xff; 593 } 594 595 static inline bool sd_wp_addr(SDState *sd, uint64_t addr) 596 { 597 return test_bit(sd_addr_to_wpnum(addr), sd->wp_groups); 598 } 599 600 static void sd_lock_command(SDState *sd) 601 { 602 int erase, lock, clr_pwd, set_pwd, pwd_len; 603 erase = !!(sd->data[0] & 0x08); 604 lock = sd->data[0] & 0x04; 605 clr_pwd = sd->data[0] & 0x02; 606 set_pwd = sd->data[0] & 0x01; 607 608 if (sd->blk_len > 1) 609 pwd_len = sd->data[1]; 610 else 611 pwd_len = 0; 612 613 if (erase) { 614 if (!(sd->card_status & CARD_IS_LOCKED) || sd->blk_len > 1 || 615 set_pwd || clr_pwd || lock || sd->wp_switch || 616 (sd->csd[14] & 0x20)) { 617 sd->card_status |= LOCK_UNLOCK_FAILED; 618 return; 619 } 620 bitmap_zero(sd->wp_groups, sd->wpgrps_size); 621 sd->csd[14] &= ~0x10; 622 sd->card_status &= ~CARD_IS_LOCKED; 623 sd->pwd_len = 0; 624 /* Erasing the entire card here! */ 625 fprintf(stderr, "SD: Card force-erased by CMD42\n"); 626 return; 627 } 628 629 if (sd->blk_len < 2 + pwd_len || 630 pwd_len <= sd->pwd_len || 631 pwd_len > sd->pwd_len + 16) { 632 sd->card_status |= LOCK_UNLOCK_FAILED; 633 return; 634 } 635 636 if (sd->pwd_len && memcmp(sd->pwd, sd->data + 2, sd->pwd_len)) { 637 sd->card_status |= LOCK_UNLOCK_FAILED; 638 return; 639 } 640 641 pwd_len -= sd->pwd_len; 642 if ((pwd_len && !set_pwd) || 643 (clr_pwd && (set_pwd || lock)) || 644 (lock && !sd->pwd_len && !set_pwd) || 645 (!set_pwd && !clr_pwd && 646 (((sd->card_status & CARD_IS_LOCKED) && lock) || 647 (!(sd->card_status & CARD_IS_LOCKED) && !lock)))) { 648 sd->card_status |= LOCK_UNLOCK_FAILED; 649 return; 650 } 651 652 if (set_pwd) { 653 memcpy(sd->pwd, sd->data + 2 + sd->pwd_len, pwd_len); 654 sd->pwd_len = pwd_len; 655 } 656 657 if (clr_pwd) { 658 sd->pwd_len = 0; 659 } 660 661 if (lock) 662 sd->card_status |= CARD_IS_LOCKED; 663 else 664 sd->card_status &= ~CARD_IS_LOCKED; 665 } 666 667 static sd_rsp_type_t sd_normal_command(SDState *sd, 668 SDRequest req) 669 { 670 uint32_t rca = 0x0000; 671 uint64_t addr = (sd->ocr & (1 << 30)) ? (uint64_t) req.arg << 9 : req.arg; 672 673 /* Not interpreting this as an app command */ 674 sd->card_status &= ~APP_CMD; 675 676 if (sd_cmd_type[req.cmd] == sd_ac || sd_cmd_type[req.cmd] == sd_adtc) 677 rca = req.arg >> 16; 678 679 DPRINTF("CMD%d 0x%08x state %d\n", req.cmd, req.arg, sd->state); 680 switch (req.cmd) { 681 /* Basic commands (Class 0 and Class 1) */ 682 case 0: /* CMD0: GO_IDLE_STATE */ 683 switch (sd->state) { 684 case sd_inactive_state: 685 return sd->spi ? sd_r1 : sd_r0; 686 687 default: 688 sd->state = sd_idle_state; 689 sd_reset(sd, sd->bdrv); 690 return sd->spi ? sd_r1 : sd_r0; 691 } 692 break; 693 694 case 1: /* CMD1: SEND_OP_CMD */ 695 if (!sd->spi) 696 goto bad_cmd; 697 698 sd->state = sd_transfer_state; 699 return sd_r1; 700 701 case 2: /* CMD2: ALL_SEND_CID */ 702 if (sd->spi) 703 goto bad_cmd; 704 switch (sd->state) { 705 case sd_ready_state: 706 sd->state = sd_identification_state; 707 return sd_r2_i; 708 709 default: 710 break; 711 } 712 break; 713 714 case 3: /* CMD3: SEND_RELATIVE_ADDR */ 715 if (sd->spi) 716 goto bad_cmd; 717 switch (sd->state) { 718 case sd_identification_state: 719 case sd_standby_state: 720 sd->state = sd_standby_state; 721 sd_set_rca(sd); 722 return sd_r6; 723 724 default: 725 break; 726 } 727 break; 728 729 case 4: /* CMD4: SEND_DSR */ 730 if (sd->spi) 731 goto bad_cmd; 732 switch (sd->state) { 733 case sd_standby_state: 734 break; 735 736 default: 737 break; 738 } 739 break; 740 741 case 5: /* CMD5: reserved for SDIO cards */ 742 return sd_illegal; 743 744 case 6: /* CMD6: SWITCH_FUNCTION */ 745 if (sd->spi) 746 goto bad_cmd; 747 switch (sd->mode) { 748 case sd_data_transfer_mode: 749 sd_function_switch(sd, req.arg); 750 sd->state = sd_sendingdata_state; 751 sd->data_start = 0; 752 sd->data_offset = 0; 753 return sd_r1; 754 755 default: 756 break; 757 } 758 break; 759 760 case 7: /* CMD7: SELECT/DESELECT_CARD */ 761 if (sd->spi) 762 goto bad_cmd; 763 switch (sd->state) { 764 case sd_standby_state: 765 if (sd->rca != rca) 766 return sd_r0; 767 768 sd->state = sd_transfer_state; 769 return sd_r1b; 770 771 case sd_transfer_state: 772 case sd_sendingdata_state: 773 if (sd->rca == rca) 774 break; 775 776 sd->state = sd_standby_state; 777 return sd_r1b; 778 779 case sd_disconnect_state: 780 if (sd->rca != rca) 781 return sd_r0; 782 783 sd->state = sd_programming_state; 784 return sd_r1b; 785 786 case sd_programming_state: 787 if (sd->rca == rca) 788 break; 789 790 sd->state = sd_disconnect_state; 791 return sd_r1b; 792 793 default: 794 break; 795 } 796 break; 797 798 case 8: /* CMD8: SEND_IF_COND */ 799 /* Physical Layer Specification Version 2.00 command */ 800 switch (sd->state) { 801 case sd_idle_state: 802 sd->vhs = 0; 803 804 /* No response if not exactly one VHS bit is set. */ 805 if (!(req.arg >> 8) || (req.arg >> ffs(req.arg & ~0xff))) 806 return sd->spi ? sd_r7 : sd_r0; 807 808 /* Accept. */ 809 sd->vhs = req.arg; 810 return sd_r7; 811 812 default: 813 break; 814 } 815 break; 816 817 case 9: /* CMD9: SEND_CSD */ 818 switch (sd->state) { 819 case sd_standby_state: 820 if (sd->rca != rca) 821 return sd_r0; 822 823 return sd_r2_s; 824 825 case sd_transfer_state: 826 if (!sd->spi) 827 break; 828 sd->state = sd_sendingdata_state; 829 memcpy(sd->data, sd->csd, 16); 830 sd->data_start = addr; 831 sd->data_offset = 0; 832 return sd_r1; 833 834 default: 835 break; 836 } 837 break; 838 839 case 10: /* CMD10: SEND_CID */ 840 switch (sd->state) { 841 case sd_standby_state: 842 if (sd->rca != rca) 843 return sd_r0; 844 845 return sd_r2_i; 846 847 case sd_transfer_state: 848 if (!sd->spi) 849 break; 850 sd->state = sd_sendingdata_state; 851 memcpy(sd->data, sd->cid, 16); 852 sd->data_start = addr; 853 sd->data_offset = 0; 854 return sd_r1; 855 856 default: 857 break; 858 } 859 break; 860 861 case 11: /* CMD11: READ_DAT_UNTIL_STOP */ 862 if (sd->spi) 863 goto bad_cmd; 864 switch (sd->state) { 865 case sd_transfer_state: 866 sd->state = sd_sendingdata_state; 867 sd->data_start = req.arg; 868 sd->data_offset = 0; 869 870 if (sd->data_start + sd->blk_len > sd->size) 871 sd->card_status |= ADDRESS_ERROR; 872 return sd_r0; 873 874 default: 875 break; 876 } 877 break; 878 879 case 12: /* CMD12: STOP_TRANSMISSION */ 880 switch (sd->state) { 881 case sd_sendingdata_state: 882 sd->state = sd_transfer_state; 883 return sd_r1b; 884 885 case sd_receivingdata_state: 886 sd->state = sd_programming_state; 887 /* Bzzzzzzztt .... Operation complete. */ 888 sd->state = sd_transfer_state; 889 return sd_r1b; 890 891 default: 892 break; 893 } 894 break; 895 896 case 13: /* CMD13: SEND_STATUS */ 897 switch (sd->mode) { 898 case sd_data_transfer_mode: 899 if (sd->rca != rca) 900 return sd_r0; 901 902 return sd_r1; 903 904 default: 905 break; 906 } 907 break; 908 909 case 15: /* CMD15: GO_INACTIVE_STATE */ 910 if (sd->spi) 911 goto bad_cmd; 912 switch (sd->mode) { 913 case sd_data_transfer_mode: 914 if (sd->rca != rca) 915 return sd_r0; 916 917 sd->state = sd_inactive_state; 918 return sd_r0; 919 920 default: 921 break; 922 } 923 break; 924 925 /* Block read commands (Classs 2) */ 926 case 16: /* CMD16: SET_BLOCKLEN */ 927 switch (sd->state) { 928 case sd_transfer_state: 929 if (req.arg > (1 << HWBLOCK_SHIFT)) 930 sd->card_status |= BLOCK_LEN_ERROR; 931 else 932 sd->blk_len = req.arg; 933 934 return sd_r1; 935 936 default: 937 break; 938 } 939 break; 940 941 case 17: /* CMD17: READ_SINGLE_BLOCK */ 942 switch (sd->state) { 943 case sd_transfer_state: 944 sd->state = sd_sendingdata_state; 945 sd->data_start = addr; 946 sd->data_offset = 0; 947 948 if (sd->data_start + sd->blk_len > sd->size) 949 sd->card_status |= ADDRESS_ERROR; 950 return sd_r1; 951 952 default: 953 break; 954 } 955 break; 956 957 case 18: /* CMD18: READ_MULTIPLE_BLOCK */ 958 switch (sd->state) { 959 case sd_transfer_state: 960 sd->state = sd_sendingdata_state; 961 sd->data_start = addr; 962 sd->data_offset = 0; 963 964 if (sd->data_start + sd->blk_len > sd->size) 965 sd->card_status |= ADDRESS_ERROR; 966 return sd_r1; 967 968 default: 969 break; 970 } 971 break; 972 973 /* Block write commands (Class 4) */ 974 case 24: /* CMD24: WRITE_SINGLE_BLOCK */ 975 if (sd->spi) 976 goto unimplemented_cmd; 977 switch (sd->state) { 978 case sd_transfer_state: 979 /* Writing in SPI mode not implemented. */ 980 if (sd->spi) 981 break; 982 sd->state = sd_receivingdata_state; 983 sd->data_start = addr; 984 sd->data_offset = 0; 985 sd->blk_written = 0; 986 987 if (sd->data_start + sd->blk_len > sd->size) 988 sd->card_status |= ADDRESS_ERROR; 989 if (sd_wp_addr(sd, sd->data_start)) 990 sd->card_status |= WP_VIOLATION; 991 if (sd->csd[14] & 0x30) 992 sd->card_status |= WP_VIOLATION; 993 return sd_r1; 994 995 default: 996 break; 997 } 998 break; 999 1000 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */ 1001 if (sd->spi) 1002 goto unimplemented_cmd; 1003 switch (sd->state) { 1004 case sd_transfer_state: 1005 /* Writing in SPI mode not implemented. */ 1006 if (sd->spi) 1007 break; 1008 sd->state = sd_receivingdata_state; 1009 sd->data_start = addr; 1010 sd->data_offset = 0; 1011 sd->blk_written = 0; 1012 1013 if (sd->data_start + sd->blk_len > sd->size) 1014 sd->card_status |= ADDRESS_ERROR; 1015 if (sd_wp_addr(sd, sd->data_start)) 1016 sd->card_status |= WP_VIOLATION; 1017 if (sd->csd[14] & 0x30) 1018 sd->card_status |= WP_VIOLATION; 1019 return sd_r1; 1020 1021 default: 1022 break; 1023 } 1024 break; 1025 1026 case 26: /* CMD26: PROGRAM_CID */ 1027 if (sd->spi) 1028 goto bad_cmd; 1029 switch (sd->state) { 1030 case sd_transfer_state: 1031 sd->state = sd_receivingdata_state; 1032 sd->data_start = 0; 1033 sd->data_offset = 0; 1034 return sd_r1; 1035 1036 default: 1037 break; 1038 } 1039 break; 1040 1041 case 27: /* CMD27: PROGRAM_CSD */ 1042 if (sd->spi) 1043 goto unimplemented_cmd; 1044 switch (sd->state) { 1045 case sd_transfer_state: 1046 sd->state = sd_receivingdata_state; 1047 sd->data_start = 0; 1048 sd->data_offset = 0; 1049 return sd_r1; 1050 1051 default: 1052 break; 1053 } 1054 break; 1055 1056 /* Write protection (Class 6) */ 1057 case 28: /* CMD28: SET_WRITE_PROT */ 1058 switch (sd->state) { 1059 case sd_transfer_state: 1060 if (addr >= sd->size) { 1061 sd->card_status |= ADDRESS_ERROR; 1062 return sd_r1b; 1063 } 1064 1065 sd->state = sd_programming_state; 1066 set_bit(sd_addr_to_wpnum(addr), sd->wp_groups); 1067 /* Bzzzzzzztt .... Operation complete. */ 1068 sd->state = sd_transfer_state; 1069 return sd_r1b; 1070 1071 default: 1072 break; 1073 } 1074 break; 1075 1076 case 29: /* CMD29: CLR_WRITE_PROT */ 1077 switch (sd->state) { 1078 case sd_transfer_state: 1079 if (addr >= sd->size) { 1080 sd->card_status |= ADDRESS_ERROR; 1081 return sd_r1b; 1082 } 1083 1084 sd->state = sd_programming_state; 1085 clear_bit(sd_addr_to_wpnum(addr), sd->wp_groups); 1086 /* Bzzzzzzztt .... Operation complete. */ 1087 sd->state = sd_transfer_state; 1088 return sd_r1b; 1089 1090 default: 1091 break; 1092 } 1093 break; 1094 1095 case 30: /* CMD30: SEND_WRITE_PROT */ 1096 switch (sd->state) { 1097 case sd_transfer_state: 1098 sd->state = sd_sendingdata_state; 1099 *(uint32_t *) sd->data = sd_wpbits(sd, req.arg); 1100 sd->data_start = addr; 1101 sd->data_offset = 0; 1102 return sd_r1b; 1103 1104 default: 1105 break; 1106 } 1107 break; 1108 1109 /* Erase commands (Class 5) */ 1110 case 32: /* CMD32: ERASE_WR_BLK_START */ 1111 switch (sd->state) { 1112 case sd_transfer_state: 1113 sd->erase_start = req.arg; 1114 return sd_r1; 1115 1116 default: 1117 break; 1118 } 1119 break; 1120 1121 case 33: /* CMD33: ERASE_WR_BLK_END */ 1122 switch (sd->state) { 1123 case sd_transfer_state: 1124 sd->erase_end = req.arg; 1125 return sd_r1; 1126 1127 default: 1128 break; 1129 } 1130 break; 1131 1132 case 38: /* CMD38: ERASE */ 1133 switch (sd->state) { 1134 case sd_transfer_state: 1135 if (sd->csd[14] & 0x30) { 1136 sd->card_status |= WP_VIOLATION; 1137 return sd_r1b; 1138 } 1139 1140 sd->state = sd_programming_state; 1141 sd_erase(sd); 1142 /* Bzzzzzzztt .... Operation complete. */ 1143 sd->state = sd_transfer_state; 1144 return sd_r1b; 1145 1146 default: 1147 break; 1148 } 1149 break; 1150 1151 /* Lock card commands (Class 7) */ 1152 case 42: /* CMD42: LOCK_UNLOCK */ 1153 if (sd->spi) 1154 goto unimplemented_cmd; 1155 switch (sd->state) { 1156 case sd_transfer_state: 1157 sd->state = sd_receivingdata_state; 1158 sd->data_start = 0; 1159 sd->data_offset = 0; 1160 return sd_r1; 1161 1162 default: 1163 break; 1164 } 1165 break; 1166 1167 case 52: 1168 case 53: 1169 /* CMD52, CMD53: reserved for SDIO cards 1170 * (see the SDIO Simplified Specification V2.0) 1171 * Handle as illegal command but do not complain 1172 * on stderr, as some OSes may use these in their 1173 * probing for presence of an SDIO card. 1174 */ 1175 return sd_illegal; 1176 1177 /* Application specific commands (Class 8) */ 1178 case 55: /* CMD55: APP_CMD */ 1179 if (sd->rca != rca) 1180 return sd_r0; 1181 1182 sd->expecting_acmd = true; 1183 sd->card_status |= APP_CMD; 1184 return sd_r1; 1185 1186 case 56: /* CMD56: GEN_CMD */ 1187 fprintf(stderr, "SD: GEN_CMD 0x%08x\n", req.arg); 1188 1189 switch (sd->state) { 1190 case sd_transfer_state: 1191 sd->data_offset = 0; 1192 if (req.arg & 1) 1193 sd->state = sd_sendingdata_state; 1194 else 1195 sd->state = sd_receivingdata_state; 1196 return sd_r1; 1197 1198 default: 1199 break; 1200 } 1201 break; 1202 1203 default: 1204 bad_cmd: 1205 fprintf(stderr, "SD: Unknown CMD%i\n", req.cmd); 1206 return sd_illegal; 1207 1208 unimplemented_cmd: 1209 /* Commands that are recognised but not yet implemented in SPI mode. */ 1210 fprintf(stderr, "SD: CMD%i not implemented in SPI mode\n", req.cmd); 1211 return sd_illegal; 1212 } 1213 1214 fprintf(stderr, "SD: CMD%i in a wrong state\n", req.cmd); 1215 return sd_illegal; 1216 } 1217 1218 static sd_rsp_type_t sd_app_command(SDState *sd, 1219 SDRequest req) 1220 { 1221 DPRINTF("ACMD%d 0x%08x\n", req.cmd, req.arg); 1222 sd->card_status |= APP_CMD; 1223 switch (req.cmd) { 1224 case 6: /* ACMD6: SET_BUS_WIDTH */ 1225 switch (sd->state) { 1226 case sd_transfer_state: 1227 sd->sd_status[0] &= 0x3f; 1228 sd->sd_status[0] |= (req.arg & 0x03) << 6; 1229 return sd_r1; 1230 1231 default: 1232 break; 1233 } 1234 break; 1235 1236 case 13: /* ACMD13: SD_STATUS */ 1237 switch (sd->state) { 1238 case sd_transfer_state: 1239 sd->state = sd_sendingdata_state; 1240 sd->data_start = 0; 1241 sd->data_offset = 0; 1242 return sd_r1; 1243 1244 default: 1245 break; 1246 } 1247 break; 1248 1249 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */ 1250 switch (sd->state) { 1251 case sd_transfer_state: 1252 *(uint32_t *) sd->data = sd->blk_written; 1253 1254 sd->state = sd_sendingdata_state; 1255 sd->data_start = 0; 1256 sd->data_offset = 0; 1257 return sd_r1; 1258 1259 default: 1260 break; 1261 } 1262 break; 1263 1264 case 23: /* ACMD23: SET_WR_BLK_ERASE_COUNT */ 1265 switch (sd->state) { 1266 case sd_transfer_state: 1267 return sd_r1; 1268 1269 default: 1270 break; 1271 } 1272 break; 1273 1274 case 41: /* ACMD41: SD_APP_OP_COND */ 1275 if (sd->spi) { 1276 /* SEND_OP_CMD */ 1277 sd->state = sd_transfer_state; 1278 return sd_r1; 1279 } 1280 switch (sd->state) { 1281 case sd_idle_state: 1282 /* We accept any voltage. 10000 V is nothing. 1283 * 1284 * We don't model init delay so just advance straight to ready state 1285 * unless it's an enquiry ACMD41 (bits 23:0 == 0). 1286 */ 1287 if (req.arg & ACMD41_ENQUIRY_MASK) { 1288 sd->state = sd_ready_state; 1289 } 1290 1291 return sd_r3; 1292 1293 default: 1294 break; 1295 } 1296 break; 1297 1298 case 42: /* ACMD42: SET_CLR_CARD_DETECT */ 1299 switch (sd->state) { 1300 case sd_transfer_state: 1301 /* Bringing in the 50KOhm pull-up resistor... Done. */ 1302 return sd_r1; 1303 1304 default: 1305 break; 1306 } 1307 break; 1308 1309 case 51: /* ACMD51: SEND_SCR */ 1310 switch (sd->state) { 1311 case sd_transfer_state: 1312 sd->state = sd_sendingdata_state; 1313 sd->data_start = 0; 1314 sd->data_offset = 0; 1315 return sd_r1; 1316 1317 default: 1318 break; 1319 } 1320 break; 1321 1322 default: 1323 /* Fall back to standard commands. */ 1324 return sd_normal_command(sd, req); 1325 } 1326 1327 fprintf(stderr, "SD: ACMD%i in a wrong state\n", req.cmd); 1328 return sd_illegal; 1329 } 1330 1331 static int cmd_valid_while_locked(SDState *sd, SDRequest *req) 1332 { 1333 /* Valid commands in locked state: 1334 * basic class (0) 1335 * lock card class (7) 1336 * CMD16 1337 * implicitly, the ACMD prefix CMD55 1338 * ACMD41 and ACMD42 1339 * Anything else provokes an "illegal command" response. 1340 */ 1341 if (sd->expecting_acmd) { 1342 return req->cmd == 41 || req->cmd == 42; 1343 } 1344 if (req->cmd == 16 || req->cmd == 55) { 1345 return 1; 1346 } 1347 return sd_cmd_class[req->cmd] == 0 || sd_cmd_class[req->cmd] == 7; 1348 } 1349 1350 int sd_do_command(SDState *sd, SDRequest *req, 1351 uint8_t *response) { 1352 int last_state; 1353 sd_rsp_type_t rtype; 1354 int rsplen; 1355 1356 if (!sd->bdrv || !bdrv_is_inserted(sd->bdrv) || !sd->enable) { 1357 return 0; 1358 } 1359 1360 if (sd_req_crc_validate(req)) { 1361 sd->card_status |= COM_CRC_ERROR; 1362 rtype = sd_illegal; 1363 goto send_response; 1364 } 1365 1366 if (sd->card_status & CARD_IS_LOCKED) { 1367 if (!cmd_valid_while_locked(sd, req)) { 1368 sd->card_status |= ILLEGAL_COMMAND; 1369 sd->expecting_acmd = false; 1370 fprintf(stderr, "SD: Card is locked\n"); 1371 rtype = sd_illegal; 1372 goto send_response; 1373 } 1374 } 1375 1376 last_state = sd->state; 1377 sd_set_mode(sd); 1378 1379 if (sd->expecting_acmd) { 1380 sd->expecting_acmd = false; 1381 rtype = sd_app_command(sd, *req); 1382 } else { 1383 rtype = sd_normal_command(sd, *req); 1384 } 1385 1386 if (rtype == sd_illegal) { 1387 sd->card_status |= ILLEGAL_COMMAND; 1388 } else { 1389 /* Valid command, we can update the 'state before command' bits. 1390 * (Do this now so they appear in r1 responses.) 1391 */ 1392 sd->current_cmd = req->cmd; 1393 sd->card_status &= ~CURRENT_STATE; 1394 sd->card_status |= (last_state << 9); 1395 } 1396 1397 send_response: 1398 switch (rtype) { 1399 case sd_r1: 1400 case sd_r1b: 1401 sd_response_r1_make(sd, response); 1402 rsplen = 4; 1403 break; 1404 1405 case sd_r2_i: 1406 memcpy(response, sd->cid, sizeof(sd->cid)); 1407 rsplen = 16; 1408 break; 1409 1410 case sd_r2_s: 1411 memcpy(response, sd->csd, sizeof(sd->csd)); 1412 rsplen = 16; 1413 break; 1414 1415 case sd_r3: 1416 sd_response_r3_make(sd, response); 1417 rsplen = 4; 1418 break; 1419 1420 case sd_r6: 1421 sd_response_r6_make(sd, response); 1422 rsplen = 4; 1423 break; 1424 1425 case sd_r7: 1426 sd_response_r7_make(sd, response); 1427 rsplen = 4; 1428 break; 1429 1430 case sd_r0: 1431 case sd_illegal: 1432 default: 1433 rsplen = 0; 1434 break; 1435 } 1436 1437 if (rtype != sd_illegal) { 1438 /* Clear the "clear on valid command" status bits now we've 1439 * sent any response 1440 */ 1441 sd->card_status &= ~CARD_STATUS_B; 1442 } 1443 1444 #ifdef DEBUG_SD 1445 if (rsplen) { 1446 int i; 1447 DPRINTF("Response:"); 1448 for (i = 0; i < rsplen; i++) 1449 fprintf(stderr, " %02x", response[i]); 1450 fprintf(stderr, " state %d\n", sd->state); 1451 } else { 1452 DPRINTF("No response %d\n", sd->state); 1453 } 1454 #endif 1455 1456 return rsplen; 1457 } 1458 1459 static void sd_blk_read(SDState *sd, uint64_t addr, uint32_t len) 1460 { 1461 uint64_t end = addr + len; 1462 1463 DPRINTF("sd_blk_read: addr = 0x%08llx, len = %d\n", 1464 (unsigned long long) addr, len); 1465 if (!sd->bdrv || bdrv_read(sd->bdrv, addr >> 9, sd->buf, 1) < 0) { 1466 fprintf(stderr, "sd_blk_read: read error on host side\n"); 1467 return; 1468 } 1469 1470 if (end > (addr & ~511) + 512) { 1471 memcpy(sd->data, sd->buf + (addr & 511), 512 - (addr & 511)); 1472 1473 if (bdrv_read(sd->bdrv, end >> 9, sd->buf, 1) < 0) { 1474 fprintf(stderr, "sd_blk_read: read error on host side\n"); 1475 return; 1476 } 1477 memcpy(sd->data + 512 - (addr & 511), sd->buf, end & 511); 1478 } else 1479 memcpy(sd->data, sd->buf + (addr & 511), len); 1480 } 1481 1482 static void sd_blk_write(SDState *sd, uint64_t addr, uint32_t len) 1483 { 1484 uint64_t end = addr + len; 1485 1486 if ((addr & 511) || len < 512) 1487 if (!sd->bdrv || bdrv_read(sd->bdrv, addr >> 9, sd->buf, 1) < 0) { 1488 fprintf(stderr, "sd_blk_write: read error on host side\n"); 1489 return; 1490 } 1491 1492 if (end > (addr & ~511) + 512) { 1493 memcpy(sd->buf + (addr & 511), sd->data, 512 - (addr & 511)); 1494 if (bdrv_write(sd->bdrv, addr >> 9, sd->buf, 1) < 0) { 1495 fprintf(stderr, "sd_blk_write: write error on host side\n"); 1496 return; 1497 } 1498 1499 if (bdrv_read(sd->bdrv, end >> 9, sd->buf, 1) < 0) { 1500 fprintf(stderr, "sd_blk_write: read error on host side\n"); 1501 return; 1502 } 1503 memcpy(sd->buf, sd->data + 512 - (addr & 511), end & 511); 1504 if (bdrv_write(sd->bdrv, end >> 9, sd->buf, 1) < 0) { 1505 fprintf(stderr, "sd_blk_write: write error on host side\n"); 1506 } 1507 } else { 1508 memcpy(sd->buf + (addr & 511), sd->data, len); 1509 if (!sd->bdrv || bdrv_write(sd->bdrv, addr >> 9, sd->buf, 1) < 0) { 1510 fprintf(stderr, "sd_blk_write: write error on host side\n"); 1511 } 1512 } 1513 } 1514 1515 #define BLK_READ_BLOCK(a, len) sd_blk_read(sd, a, len) 1516 #define BLK_WRITE_BLOCK(a, len) sd_blk_write(sd, a, len) 1517 #define APP_READ_BLOCK(a, len) memset(sd->data, 0xec, len) 1518 #define APP_WRITE_BLOCK(a, len) 1519 1520 void sd_write_data(SDState *sd, uint8_t value) 1521 { 1522 int i; 1523 1524 if (!sd->bdrv || !bdrv_is_inserted(sd->bdrv) || !sd->enable) 1525 return; 1526 1527 if (sd->state != sd_receivingdata_state) { 1528 fprintf(stderr, "sd_write_data: not in Receiving-Data state\n"); 1529 return; 1530 } 1531 1532 if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION)) 1533 return; 1534 1535 switch (sd->current_cmd) { 1536 case 24: /* CMD24: WRITE_SINGLE_BLOCK */ 1537 sd->data[sd->data_offset ++] = value; 1538 if (sd->data_offset >= sd->blk_len) { 1539 /* TODO: Check CRC before committing */ 1540 sd->state = sd_programming_state; 1541 BLK_WRITE_BLOCK(sd->data_start, sd->data_offset); 1542 sd->blk_written ++; 1543 sd->csd[14] |= 0x40; 1544 /* Bzzzzzzztt .... Operation complete. */ 1545 sd->state = sd_transfer_state; 1546 } 1547 break; 1548 1549 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */ 1550 if (sd->data_offset == 0) { 1551 /* Start of the block - let's check the address is valid */ 1552 if (sd->data_start + sd->blk_len > sd->size) { 1553 sd->card_status |= ADDRESS_ERROR; 1554 break; 1555 } 1556 if (sd_wp_addr(sd, sd->data_start)) { 1557 sd->card_status |= WP_VIOLATION; 1558 break; 1559 } 1560 } 1561 sd->data[sd->data_offset++] = value; 1562 if (sd->data_offset >= sd->blk_len) { 1563 /* TODO: Check CRC before committing */ 1564 sd->state = sd_programming_state; 1565 BLK_WRITE_BLOCK(sd->data_start, sd->data_offset); 1566 sd->blk_written++; 1567 sd->data_start += sd->blk_len; 1568 sd->data_offset = 0; 1569 sd->csd[14] |= 0x40; 1570 1571 /* Bzzzzzzztt .... Operation complete. */ 1572 sd->state = sd_receivingdata_state; 1573 } 1574 break; 1575 1576 case 26: /* CMD26: PROGRAM_CID */ 1577 sd->data[sd->data_offset ++] = value; 1578 if (sd->data_offset >= sizeof(sd->cid)) { 1579 /* TODO: Check CRC before committing */ 1580 sd->state = sd_programming_state; 1581 for (i = 0; i < sizeof(sd->cid); i ++) 1582 if ((sd->cid[i] | 0x00) != sd->data[i]) 1583 sd->card_status |= CID_CSD_OVERWRITE; 1584 1585 if (!(sd->card_status & CID_CSD_OVERWRITE)) 1586 for (i = 0; i < sizeof(sd->cid); i ++) { 1587 sd->cid[i] |= 0x00; 1588 sd->cid[i] &= sd->data[i]; 1589 } 1590 /* Bzzzzzzztt .... Operation complete. */ 1591 sd->state = sd_transfer_state; 1592 } 1593 break; 1594 1595 case 27: /* CMD27: PROGRAM_CSD */ 1596 sd->data[sd->data_offset ++] = value; 1597 if (sd->data_offset >= sizeof(sd->csd)) { 1598 /* TODO: Check CRC before committing */ 1599 sd->state = sd_programming_state; 1600 for (i = 0; i < sizeof(sd->csd); i ++) 1601 if ((sd->csd[i] | sd_csd_rw_mask[i]) != 1602 (sd->data[i] | sd_csd_rw_mask[i])) 1603 sd->card_status |= CID_CSD_OVERWRITE; 1604 1605 /* Copy flag (OTP) & Permanent write protect */ 1606 if (sd->csd[14] & ~sd->data[14] & 0x60) 1607 sd->card_status |= CID_CSD_OVERWRITE; 1608 1609 if (!(sd->card_status & CID_CSD_OVERWRITE)) 1610 for (i = 0; i < sizeof(sd->csd); i ++) { 1611 sd->csd[i] |= sd_csd_rw_mask[i]; 1612 sd->csd[i] &= sd->data[i]; 1613 } 1614 /* Bzzzzzzztt .... Operation complete. */ 1615 sd->state = sd_transfer_state; 1616 } 1617 break; 1618 1619 case 42: /* CMD42: LOCK_UNLOCK */ 1620 sd->data[sd->data_offset ++] = value; 1621 if (sd->data_offset >= sd->blk_len) { 1622 /* TODO: Check CRC before committing */ 1623 sd->state = sd_programming_state; 1624 sd_lock_command(sd); 1625 /* Bzzzzzzztt .... Operation complete. */ 1626 sd->state = sd_transfer_state; 1627 } 1628 break; 1629 1630 case 56: /* CMD56: GEN_CMD */ 1631 sd->data[sd->data_offset ++] = value; 1632 if (sd->data_offset >= sd->blk_len) { 1633 APP_WRITE_BLOCK(sd->data_start, sd->data_offset); 1634 sd->state = sd_transfer_state; 1635 } 1636 break; 1637 1638 default: 1639 fprintf(stderr, "sd_write_data: unknown command\n"); 1640 break; 1641 } 1642 } 1643 1644 uint8_t sd_read_data(SDState *sd) 1645 { 1646 /* TODO: Append CRCs */ 1647 uint8_t ret; 1648 int io_len; 1649 1650 if (!sd->bdrv || !bdrv_is_inserted(sd->bdrv) || !sd->enable) 1651 return 0x00; 1652 1653 if (sd->state != sd_sendingdata_state) { 1654 fprintf(stderr, "sd_read_data: not in Sending-Data state\n"); 1655 return 0x00; 1656 } 1657 1658 if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION)) 1659 return 0x00; 1660 1661 io_len = (sd->ocr & (1 << 30)) ? 512 : sd->blk_len; 1662 1663 switch (sd->current_cmd) { 1664 case 6: /* CMD6: SWITCH_FUNCTION */ 1665 ret = sd->data[sd->data_offset ++]; 1666 1667 if (sd->data_offset >= 64) 1668 sd->state = sd_transfer_state; 1669 break; 1670 1671 case 9: /* CMD9: SEND_CSD */ 1672 case 10: /* CMD10: SEND_CID */ 1673 ret = sd->data[sd->data_offset ++]; 1674 1675 if (sd->data_offset >= 16) 1676 sd->state = sd_transfer_state; 1677 break; 1678 1679 case 11: /* CMD11: READ_DAT_UNTIL_STOP */ 1680 if (sd->data_offset == 0) 1681 BLK_READ_BLOCK(sd->data_start, io_len); 1682 ret = sd->data[sd->data_offset ++]; 1683 1684 if (sd->data_offset >= io_len) { 1685 sd->data_start += io_len; 1686 sd->data_offset = 0; 1687 if (sd->data_start + io_len > sd->size) { 1688 sd->card_status |= ADDRESS_ERROR; 1689 break; 1690 } 1691 } 1692 break; 1693 1694 case 13: /* ACMD13: SD_STATUS */ 1695 ret = sd->sd_status[sd->data_offset ++]; 1696 1697 if (sd->data_offset >= sizeof(sd->sd_status)) 1698 sd->state = sd_transfer_state; 1699 break; 1700 1701 case 17: /* CMD17: READ_SINGLE_BLOCK */ 1702 if (sd->data_offset == 0) 1703 BLK_READ_BLOCK(sd->data_start, io_len); 1704 ret = sd->data[sd->data_offset ++]; 1705 1706 if (sd->data_offset >= io_len) 1707 sd->state = sd_transfer_state; 1708 break; 1709 1710 case 18: /* CMD18: READ_MULTIPLE_BLOCK */ 1711 if (sd->data_offset == 0) 1712 BLK_READ_BLOCK(sd->data_start, io_len); 1713 ret = sd->data[sd->data_offset ++]; 1714 1715 if (sd->data_offset >= io_len) { 1716 sd->data_start += io_len; 1717 sd->data_offset = 0; 1718 if (sd->data_start + io_len > sd->size) { 1719 sd->card_status |= ADDRESS_ERROR; 1720 break; 1721 } 1722 } 1723 break; 1724 1725 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */ 1726 ret = sd->data[sd->data_offset ++]; 1727 1728 if (sd->data_offset >= 4) 1729 sd->state = sd_transfer_state; 1730 break; 1731 1732 case 30: /* CMD30: SEND_WRITE_PROT */ 1733 ret = sd->data[sd->data_offset ++]; 1734 1735 if (sd->data_offset >= 4) 1736 sd->state = sd_transfer_state; 1737 break; 1738 1739 case 51: /* ACMD51: SEND_SCR */ 1740 ret = sd->scr[sd->data_offset ++]; 1741 1742 if (sd->data_offset >= sizeof(sd->scr)) 1743 sd->state = sd_transfer_state; 1744 break; 1745 1746 case 56: /* CMD56: GEN_CMD */ 1747 if (sd->data_offset == 0) 1748 APP_READ_BLOCK(sd->data_start, sd->blk_len); 1749 ret = sd->data[sd->data_offset ++]; 1750 1751 if (sd->data_offset >= sd->blk_len) 1752 sd->state = sd_transfer_state; 1753 break; 1754 1755 default: 1756 fprintf(stderr, "sd_read_data: unknown command\n"); 1757 return 0x00; 1758 } 1759 1760 return ret; 1761 } 1762 1763 bool sd_data_ready(SDState *sd) 1764 { 1765 return sd->state == sd_sendingdata_state; 1766 } 1767 1768 void sd_enable(SDState *sd, bool enable) 1769 { 1770 sd->enable = enable; 1771 } 1772