1 /* 2 * SSI to SD card adapter. 3 * 4 * Copyright (c) 2007-2009 CodeSourcery. 5 * Written by Paul Brook 6 * 7 * Copyright (c) 2021 Wind River Systems, Inc. 8 * Improved by Bin Meng <bin.meng@windriver.com> 9 * 10 * Validated with U-Boot v2021.01 and Linux v5.10 mmc_spi driver 11 * 12 * This code is licensed under the GNU GPL v2. 13 * 14 * Contributions after 2012-01-13 are licensed under the terms of the 15 * GNU GPL, version 2 or (at your option) any later version. 16 */ 17 18 #include "qemu/osdep.h" 19 #include "system/blockdev.h" 20 #include "hw/ssi/ssi.h" 21 #include "migration/vmstate.h" 22 #include "hw/qdev-properties.h" 23 #include "hw/sd/sd.h" 24 #include "qapi/error.h" 25 #include "qemu/crc-ccitt.h" 26 #include "qemu/module.h" 27 #include "qom/object.h" 28 29 //#define DEBUG_SSI_SD 1 30 31 #ifdef DEBUG_SSI_SD 32 #define DPRINTF(fmt, ...) \ 33 do { printf("ssi_sd: " fmt , ## __VA_ARGS__); } while (0) 34 #define BADF(fmt, ...) \ 35 do { fprintf(stderr, "ssi_sd: error: " fmt , ## __VA_ARGS__); exit(1);} while (0) 36 #else 37 #define DPRINTF(fmt, ...) do {} while(0) 38 #define BADF(fmt, ...) \ 39 do { fprintf(stderr, "ssi_sd: error: " fmt , ## __VA_ARGS__);} while (0) 40 #endif 41 42 typedef enum { 43 SSI_SD_CMD = 0, 44 SSI_SD_CMDARG, 45 SSI_SD_PREP_RESP, 46 SSI_SD_RESPONSE, 47 SSI_SD_PREP_DATA, 48 SSI_SD_DATA_START, 49 SSI_SD_DATA_READ, 50 SSI_SD_DATA_CRC16, 51 SSI_SD_DATA_WRITE, 52 SSI_SD_SKIP_CRC16, 53 } ssi_sd_mode; 54 55 struct ssi_sd_state { 56 SSIPeripheral ssidev; 57 uint32_t mode; 58 int cmd; 59 uint8_t cmdarg[4]; 60 uint8_t response[5]; 61 uint16_t crc16; 62 int32_t read_bytes; 63 int32_t write_bytes; 64 int32_t arglen; 65 int32_t response_pos; 66 int32_t stopping; 67 SDBus sdbus; 68 }; 69 70 #define TYPE_SSI_SD "ssi-sd" 71 OBJECT_DECLARE_SIMPLE_TYPE(ssi_sd_state, SSI_SD) 72 73 /* State word bits. */ 74 #define SSI_SDR_LOCKED 0x0001 75 #define SSI_SDR_WP_ERASE 0x0002 76 #define SSI_SDR_ERROR 0x0004 77 #define SSI_SDR_CC_ERROR 0x0008 78 #define SSI_SDR_ECC_FAILED 0x0010 79 #define SSI_SDR_WP_VIOLATION 0x0020 80 #define SSI_SDR_ERASE_PARAM 0x0040 81 #define SSI_SDR_OUT_OF_RANGE 0x0080 82 #define SSI_SDR_IDLE 0x0100 83 #define SSI_SDR_ERASE_RESET 0x0200 84 #define SSI_SDR_ILLEGAL_COMMAND 0x0400 85 #define SSI_SDR_COM_CRC_ERROR 0x0800 86 #define SSI_SDR_ERASE_SEQ_ERROR 0x1000 87 #define SSI_SDR_ADDRESS_ERROR 0x2000 88 #define SSI_SDR_PARAMETER_ERROR 0x4000 89 90 /* multiple block write */ 91 #define SSI_TOKEN_MULTI_WRITE 0xfc 92 /* terminate multiple block write */ 93 #define SSI_TOKEN_STOP_TRAN 0xfd 94 /* single block read/write, multiple block read */ 95 #define SSI_TOKEN_SINGLE 0xfe 96 97 /* dummy value - don't care */ 98 #define SSI_DUMMY 0xff 99 100 /* data accepted */ 101 #define DATA_RESPONSE_ACCEPTED 0x05 102 103 static uint32_t ssi_sd_transfer(SSIPeripheral *dev, uint32_t val) 104 { 105 ssi_sd_state *s = SSI_SD(dev); 106 SDRequest request; 107 uint8_t longresp[16]; 108 109 /* 110 * Special case: allow CMD12 (STOP TRANSMISSION) while reading data. 111 * 112 * See "Physical Layer Specification Version 8.00" chapter 7.5.2.2, 113 * to avoid conflict between CMD12 response and next data block, 114 * timing of CMD12 should be controlled as follows: 115 * 116 * - CMD12 issued at the timing that end bit of CMD12 and end bit of 117 * data block is overlapped 118 * - CMD12 issued after one clock cycle after host receives a token 119 * (either Start Block token or Data Error token) 120 * 121 * We need to catch CMD12 in all of the data read states. 122 */ 123 if (s->mode >= SSI_SD_PREP_DATA && s->mode <= SSI_SD_DATA_CRC16) { 124 if (val == 0x4c) { 125 s->mode = SSI_SD_CMD; 126 /* There must be at least one byte delay before the card responds */ 127 s->stopping = 1; 128 } 129 } 130 131 switch (s->mode) { 132 case SSI_SD_CMD: 133 switch (val) { 134 case SSI_DUMMY: 135 DPRINTF("NULL command\n"); 136 return SSI_DUMMY; 137 break; 138 case SSI_TOKEN_SINGLE: 139 case SSI_TOKEN_MULTI_WRITE: 140 DPRINTF("Start write block\n"); 141 s->mode = SSI_SD_DATA_WRITE; 142 return SSI_DUMMY; 143 case SSI_TOKEN_STOP_TRAN: 144 DPRINTF("Stop multiple write\n"); 145 146 /* manually issue cmd12 to stop the transfer */ 147 request.cmd = 12; 148 request.arg = 0; 149 s->arglen = sdbus_do_command(&s->sdbus, &request, 150 longresp, sizeof(longresp)); 151 if (s->arglen == 0) { 152 s->arglen = 1; 153 /* a zero value indicates the card is busy */ 154 s->response[0] = 0; 155 DPRINTF("SD card busy\n"); 156 } else { 157 s->arglen = 1; 158 /* a non-zero value indicates the card is ready */ 159 s->response[0] = SSI_DUMMY; 160 } 161 162 return SSI_DUMMY; 163 } 164 165 s->cmd = val & 0x3f; 166 s->mode = SSI_SD_CMDARG; 167 s->arglen = 0; 168 return SSI_DUMMY; 169 case SSI_SD_CMDARG: 170 if (s->arglen == 4) { 171 /* FIXME: Check CRC. */ 172 request.cmd = s->cmd; 173 request.arg = ldl_be_p(s->cmdarg); 174 DPRINTF("CMD%d arg 0x%08x\n", s->cmd, request.arg); 175 s->arglen = sdbus_do_command(&s->sdbus, &request, 176 longresp, sizeof(longresp)); 177 if (s->arglen == 0) { 178 s->arglen = 1; 179 s->response[0] = 4; 180 DPRINTF("SD command failed\n"); 181 } else if (s->cmd == 8 || s->cmd == 58) { 182 /* CMD8/CMD58 returns R3/R7 response */ 183 DPRINTF("Returned R3/R7\n"); 184 s->arglen = 5; 185 s->response[0] = 1; 186 memcpy(&s->response[1], longresp, 4); 187 } else if (s->arglen != 4) { 188 BADF("Unexpected response to cmd %d\n", s->cmd); 189 /* Illegal command is about as near as we can get. */ 190 s->arglen = 1; 191 s->response[0] = 4; 192 } else { 193 /* All other commands return status. */ 194 uint32_t cardstatus; 195 uint16_t status; 196 /* CMD13 returns a 2-byte statuse work. Other commands 197 only return the first byte. */ 198 s->arglen = (s->cmd == 13) ? 2 : 1; 199 200 /* handle R1b */ 201 if (s->cmd == 28 || s->cmd == 29 || s->cmd == 38) { 202 s->stopping = 1; 203 } 204 205 cardstatus = ldl_be_p(longresp); 206 status = 0; 207 if (((cardstatus >> 9) & 0xf) < 4) 208 status |= SSI_SDR_IDLE; 209 if (cardstatus & ERASE_RESET) 210 status |= SSI_SDR_ERASE_RESET; 211 if (cardstatus & ILLEGAL_COMMAND) 212 status |= SSI_SDR_ILLEGAL_COMMAND; 213 if (cardstatus & COM_CRC_ERROR) 214 status |= SSI_SDR_COM_CRC_ERROR; 215 if (cardstatus & ERASE_SEQ_ERROR) 216 status |= SSI_SDR_ERASE_SEQ_ERROR; 217 if (cardstatus & ADDRESS_ERROR) 218 status |= SSI_SDR_ADDRESS_ERROR; 219 if (cardstatus & CARD_IS_LOCKED) 220 status |= SSI_SDR_LOCKED; 221 if (cardstatus & (LOCK_UNLOCK_FAILED | WP_ERASE_SKIP)) 222 status |= SSI_SDR_WP_ERASE; 223 if (cardstatus & SD_ERROR) 224 status |= SSI_SDR_ERROR; 225 if (cardstatus & CC_ERROR) 226 status |= SSI_SDR_CC_ERROR; 227 if (cardstatus & CARD_ECC_FAILED) 228 status |= SSI_SDR_ECC_FAILED; 229 if (cardstatus & WP_VIOLATION) 230 status |= SSI_SDR_WP_VIOLATION; 231 if (cardstatus & ERASE_PARAM) 232 status |= SSI_SDR_ERASE_PARAM; 233 if (cardstatus & (OUT_OF_RANGE | CID_CSD_OVERWRITE)) 234 status |= SSI_SDR_OUT_OF_RANGE; 235 /* ??? Don't know what Parameter Error really means, so 236 assume it's set if the second byte is nonzero. */ 237 if (status & 0xff) 238 status |= SSI_SDR_PARAMETER_ERROR; 239 s->response[0] = status >> 8; 240 s->response[1] = status; 241 DPRINTF("Card status 0x%02x\n", status); 242 } 243 s->mode = SSI_SD_PREP_RESP; 244 s->response_pos = 0; 245 } else { 246 s->cmdarg[s->arglen++] = val; 247 } 248 return SSI_DUMMY; 249 case SSI_SD_PREP_RESP: 250 DPRINTF("Prepare card response (Ncr)\n"); 251 s->mode = SSI_SD_RESPONSE; 252 return SSI_DUMMY; 253 case SSI_SD_RESPONSE: 254 if (s->response_pos < s->arglen) { 255 DPRINTF("Response 0x%02x\n", s->response[s->response_pos]); 256 return s->response[s->response_pos++]; 257 } 258 if (s->stopping) { 259 s->stopping = 0; 260 s->mode = SSI_SD_CMD; 261 return SSI_DUMMY; 262 } 263 if (sdbus_data_ready(&s->sdbus)) { 264 DPRINTF("Data read\n"); 265 s->mode = SSI_SD_DATA_START; 266 } else { 267 DPRINTF("End of command\n"); 268 s->mode = SSI_SD_CMD; 269 } 270 return SSI_DUMMY; 271 case SSI_SD_PREP_DATA: 272 DPRINTF("Prepare data block (Nac)\n"); 273 s->mode = SSI_SD_DATA_START; 274 return SSI_DUMMY; 275 case SSI_SD_DATA_START: 276 DPRINTF("Start read block\n"); 277 s->mode = SSI_SD_DATA_READ; 278 s->response_pos = 0; 279 return SSI_TOKEN_SINGLE; 280 case SSI_SD_DATA_READ: 281 val = sdbus_read_byte(&s->sdbus); 282 s->read_bytes++; 283 s->crc16 = crc_ccitt_false(s->crc16, (uint8_t *)&val, 1); 284 if (!sdbus_data_ready(&s->sdbus) || s->read_bytes == 512) { 285 DPRINTF("Data read end\n"); 286 s->mode = SSI_SD_DATA_CRC16; 287 } 288 return val; 289 case SSI_SD_DATA_CRC16: 290 val = (s->crc16 & 0xff00) >> 8; 291 s->crc16 <<= 8; 292 s->response_pos++; 293 if (s->response_pos == 2) { 294 DPRINTF("CRC16 read end\n"); 295 if (s->read_bytes == 512 && s->cmd != 17) { 296 s->mode = SSI_SD_PREP_DATA; 297 } else { 298 s->mode = SSI_SD_CMD; 299 } 300 s->read_bytes = 0; 301 s->response_pos = 0; 302 } 303 return val; 304 case SSI_SD_DATA_WRITE: 305 sdbus_write_byte(&s->sdbus, val); 306 s->write_bytes++; 307 if (!sdbus_receive_ready(&s->sdbus) || s->write_bytes == 512) { 308 DPRINTF("Data write end\n"); 309 s->mode = SSI_SD_SKIP_CRC16; 310 s->response_pos = 0; 311 } 312 return val; 313 case SSI_SD_SKIP_CRC16: 314 /* we don't verify the crc16 */ 315 s->response_pos++; 316 if (s->response_pos == 2) { 317 DPRINTF("CRC16 receive end\n"); 318 s->mode = SSI_SD_RESPONSE; 319 s->write_bytes = 0; 320 s->arglen = 1; 321 s->response[0] = DATA_RESPONSE_ACCEPTED; 322 s->response_pos = 0; 323 } 324 return SSI_DUMMY; 325 } 326 /* Should never happen. */ 327 return SSI_DUMMY; 328 } 329 330 static int ssi_sd_post_load(void *opaque, int version_id) 331 { 332 ssi_sd_state *s = (ssi_sd_state *)opaque; 333 334 if (s->mode > SSI_SD_SKIP_CRC16) { 335 return -EINVAL; 336 } 337 if (s->mode == SSI_SD_CMDARG && 338 (s->arglen >= ARRAY_SIZE(s->cmdarg))) { 339 return -EINVAL; 340 } 341 if (s->mode == SSI_SD_RESPONSE && 342 (s->response_pos < 0 || s->response_pos >= ARRAY_SIZE(s->response) || 343 (!s->stopping && s->arglen > ARRAY_SIZE(s->response)))) { 344 return -EINVAL; 345 } 346 347 return 0; 348 } 349 350 static const VMStateDescription vmstate_ssi_sd = { 351 .name = "ssi_sd", 352 .version_id = 7, 353 .minimum_version_id = 7, 354 .post_load = ssi_sd_post_load, 355 .fields = (const VMStateField []) { 356 VMSTATE_UINT32(mode, ssi_sd_state), 357 VMSTATE_INT32(cmd, ssi_sd_state), 358 VMSTATE_UINT8_ARRAY(cmdarg, ssi_sd_state, 4), 359 VMSTATE_UINT8_ARRAY(response, ssi_sd_state, 5), 360 VMSTATE_UINT16(crc16, ssi_sd_state), 361 VMSTATE_INT32(read_bytes, ssi_sd_state), 362 VMSTATE_INT32(write_bytes, ssi_sd_state), 363 VMSTATE_INT32(arglen, ssi_sd_state), 364 VMSTATE_INT32(response_pos, ssi_sd_state), 365 VMSTATE_INT32(stopping, ssi_sd_state), 366 VMSTATE_SSI_PERIPHERAL(ssidev, ssi_sd_state), 367 VMSTATE_END_OF_LIST() 368 } 369 }; 370 371 static void ssi_sd_realize(SSIPeripheral *d, Error **errp) 372 { 373 ssi_sd_state *s = SSI_SD(d); 374 375 qbus_init(&s->sdbus, sizeof(s->sdbus), TYPE_SD_BUS, DEVICE(d), "sd-bus"); 376 } 377 378 static void ssi_sd_reset(DeviceState *dev) 379 { 380 ssi_sd_state *s = SSI_SD(dev); 381 382 s->mode = SSI_SD_CMD; 383 s->cmd = 0; 384 memset(s->cmdarg, 0, sizeof(s->cmdarg)); 385 memset(s->response, 0, sizeof(s->response)); 386 s->crc16 = 0; 387 s->read_bytes = 0; 388 s->write_bytes = 0; 389 s->arglen = 0; 390 s->response_pos = 0; 391 s->stopping = 0; 392 } 393 394 static void ssi_sd_class_init(ObjectClass *klass, const void *data) 395 { 396 DeviceClass *dc = DEVICE_CLASS(klass); 397 SSIPeripheralClass *k = SSI_PERIPHERAL_CLASS(klass); 398 399 k->realize = ssi_sd_realize; 400 k->transfer = ssi_sd_transfer; 401 k->cs_polarity = SSI_CS_LOW; 402 dc->vmsd = &vmstate_ssi_sd; 403 device_class_set_legacy_reset(dc, ssi_sd_reset); 404 /* Reason: GPIO chip-select line should be wired up */ 405 dc->user_creatable = false; 406 } 407 408 static const TypeInfo ssi_sd_types[] = { 409 { 410 .name = TYPE_SSI_SD, 411 .parent = TYPE_SSI_PERIPHERAL, 412 .instance_size = sizeof(ssi_sd_state), 413 .class_init = ssi_sd_class_init, 414 }, 415 }; 416 417 DEFINE_TYPES(ssi_sd_types) 418