2 * SD Memory Card emulation as defined in the "SD Memory Card Physical
3 * layer specification, Version 1.10."
5 * Copyright (c) 2006 Andrzej Zaborowski <balrog@zabor.org>
6 * Copyright (c) 2007 CodeSourcery
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in
16 * the documentation and/or other materials provided with the
19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS''
20 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
21 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
22 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR
23 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
24 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
25 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
26 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
27 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
28 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
29 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
33 #include "sysemu/block-backend.h"
35 #include "qemu/bitmap.h"
40 #define DPRINTF(fmt, ...) \
41 do { fprintf(stderr, "SD: " fmt , ## __VA_ARGS__); } while (0)
43 #define DPRINTF(fmt, ...) do {} while(0)
46 #define ACMD41_ENQUIRY_MASK 0x00ffffff
49 sd_r0 = 0, /* no response */
50 sd_r1, /* normal response command */
51 sd_r2_i, /* CID register */
52 sd_r2_s, /* CSD register */
53 sd_r3, /* OCR register */
54 sd_r6 = 6, /* Published RCA response */
55 sd_r7, /* Operating voltage */
62 sd_card_identification_mode,
63 sd_data_transfer_mode,
67 sd_inactive_state = -1,
70 sd_identification_state,
74 sd_receivingdata_state,
80 uint32_t mode; /* current card mode, one of SDCardModes */
81 int32_t state; /* current card state, one of SDCardStates */
88 uint8_t sd_status[64];
91 unsigned long *wp_groups;
99 uint8_t function_group[6];
103 /* True if we will handle the next command as an ACMD. Note that this does
104 * *not* track the APP_CMD status bit!
107 uint32_t blk_written;
109 uint32_t data_offset;
111 qemu_irq readonly_cb;
112 qemu_irq inserted_cb;
119 static void sd_set_mode(SDState *sd)
122 case sd_inactive_state:
123 sd->mode = sd_inactive;
128 case sd_identification_state:
129 sd->mode = sd_card_identification_mode;
132 case sd_standby_state:
133 case sd_transfer_state:
134 case sd_sendingdata_state:
135 case sd_receivingdata_state:
136 case sd_programming_state:
137 case sd_disconnect_state:
138 sd->mode = sd_data_transfer_mode;
143 static const sd_cmd_type_t sd_cmd_type[64] = {
144 sd_bc, sd_none, sd_bcr, sd_bcr, sd_none, sd_none, sd_none, sd_ac,
145 sd_bcr, sd_ac, sd_ac, sd_adtc, sd_ac, sd_ac, sd_none, sd_ac,
146 sd_ac, sd_adtc, sd_adtc, sd_none, sd_none, sd_none, sd_none, sd_none,
147 sd_adtc, sd_adtc, sd_adtc, sd_adtc, sd_ac, sd_ac, sd_adtc, sd_none,
148 sd_ac, sd_ac, sd_none, sd_none, sd_none, sd_none, sd_ac, sd_none,
149 sd_none, sd_none, sd_bc, sd_none, sd_none, sd_none, sd_none, sd_none,
150 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_ac,
151 sd_adtc, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
154 static const int sd_cmd_class[64] = {
155 0, 0, 0, 0, 0, 9, 10, 0, 0, 0, 0, 1, 0, 0, 0, 0,
156 2, 2, 2, 2, 3, 3, 3, 3, 4, 4, 4, 4, 6, 6, 6, 6,
157 5, 5, 10, 10, 10, 10, 5, 9, 9, 9, 7, 7, 7, 7, 7, 7,
158 7, 7, 10, 7, 9, 9, 9, 8, 8, 10, 8, 8, 8, 8, 8, 8,
161 static uint8_t sd_crc7(void *message, size_t width)
164 uint8_t shift_reg = 0x00;
165 uint8_t *msg = (uint8_t *) message;
167 for (i = 0; i < width; i ++, msg ++)
168 for (bit = 7; bit >= 0; bit --) {
170 if ((shift_reg >> 7) ^ ((*msg >> bit) & 1))
177 static uint16_t sd_crc16(void *message, size_t width)
180 uint16_t shift_reg = 0x0000;
181 uint16_t *msg = (uint16_t *) message;
184 for (i = 0; i < width; i ++, msg ++)
185 for (bit = 15; bit >= 0; bit --) {
187 if ((shift_reg >> 15) ^ ((*msg >> bit) & 1))
194 static void sd_set_ocr(SDState *sd)
196 /* All voltages OK, card power-up OK, Standard Capacity SD Memory Card */
197 sd->ocr = 0x80ffff00;
200 static void sd_set_scr(SDState *sd)
202 sd->scr[0] = 0x00; /* SCR Structure */
203 sd->scr[1] = 0x2f; /* SD Security Support */
219 static void sd_set_cid(SDState *sd)
221 sd->cid[0] = MID; /* Fake card manufacturer ID (MID) */
222 sd->cid[1] = OID[0]; /* OEM/Application ID (OID) */
224 sd->cid[3] = PNM[0]; /* Fake product name (PNM) */
229 sd->cid[8] = PRV; /* Fake product revision (PRV) */
230 sd->cid[9] = 0xde; /* Fake serial number (PSN) */
234 sd->cid[13] = 0x00 | /* Manufacture date (MDT) */
235 ((MDT_YR - 2000) / 10);
236 sd->cid[14] = ((MDT_YR % 10) << 4) | MDT_MON;
237 sd->cid[15] = (sd_crc7(sd->cid, 15) << 1) | 1;
240 #define HWBLOCK_SHIFT 9 /* 512 bytes */
241 #define SECTOR_SHIFT 5 /* 16 kilobytes */
242 #define WPGROUP_SHIFT 7 /* 2 megs */
243 #define CMULT_SHIFT 9 /* 512 times HWBLOCK_SIZE */
244 #define WPGROUP_SIZE (1 << (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT))
246 static const uint8_t sd_csd_rw_mask[16] = {
247 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
248 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xfc, 0xfe,
251 static void sd_set_csd(SDState *sd, uint64_t size)
253 uint32_t csize = (size >> (CMULT_SHIFT + HWBLOCK_SHIFT)) - 1;
254 uint32_t sectsize = (1 << (SECTOR_SHIFT + 1)) - 1;
255 uint32_t wpsize = (1 << (WPGROUP_SHIFT + 1)) - 1;
257 if (size <= 0x40000000) { /* Standard Capacity SD */
258 sd->csd[0] = 0x00; /* CSD structure */
259 sd->csd[1] = 0x26; /* Data read access-time-1 */
260 sd->csd[2] = 0x00; /* Data read access-time-2 */
261 sd->csd[3] = 0x5a; /* Max. data transfer rate */
262 sd->csd[4] = 0x5f; /* Card Command Classes */
263 sd->csd[5] = 0x50 | /* Max. read data block length */
265 sd->csd[6] = 0xe0 | /* Partial block for read allowed */
266 ((csize >> 10) & 0x03);
267 sd->csd[7] = 0x00 | /* Device size */
268 ((csize >> 2) & 0xff);
269 sd->csd[8] = 0x3f | /* Max. read current */
270 ((csize << 6) & 0xc0);
271 sd->csd[9] = 0xfc | /* Max. write current */
272 ((CMULT_SHIFT - 2) >> 1);
273 sd->csd[10] = 0x40 | /* Erase sector size */
274 (((CMULT_SHIFT - 2) << 7) & 0x80) | (sectsize >> 1);
275 sd->csd[11] = 0x00 | /* Write protect group size */
276 ((sectsize << 7) & 0x80) | wpsize;
277 sd->csd[12] = 0x90 | /* Write speed factor */
278 (HWBLOCK_SHIFT >> 2);
279 sd->csd[13] = 0x20 | /* Max. write data block length */
280 ((HWBLOCK_SHIFT << 6) & 0xc0);
281 sd->csd[14] = 0x00; /* File format group */
282 sd->csd[15] = (sd_crc7(sd->csd, 15) << 1) | 1;
293 sd->csd[7] = (size >> 16) & 0xff;
294 sd->csd[8] = (size >> 8) & 0xff;
295 sd->csd[9] = (size & 0xff);
302 sd->ocr |= 1 << 30; /* High Capacity SD Memory Card */
306 static void sd_set_rca(SDState *sd)
311 /* Card status bits, split by clear condition:
312 * A : According to the card current state
313 * B : Always related to the previous command
314 * C : Cleared by read
316 #define CARD_STATUS_A 0x02004100
317 #define CARD_STATUS_B 0x00c01e00
318 #define CARD_STATUS_C 0xfd39a028
320 static void sd_set_cardstatus(SDState *sd)
322 sd->card_status = 0x00000100;
325 static void sd_set_sdstatus(SDState *sd)
327 memset(sd->sd_status, 0, 64);
330 static int sd_req_crc_validate(SDRequest *req)
333 buffer[0] = 0x40 | req->cmd;
334 buffer[1] = (req->arg >> 24) & 0xff;
335 buffer[2] = (req->arg >> 16) & 0xff;
336 buffer[3] = (req->arg >> 8) & 0xff;
337 buffer[4] = (req->arg >> 0) & 0xff;
339 return sd_crc7(buffer, 5) != req->crc; /* TODO */
342 static void sd_response_r1_make(SDState *sd, uint8_t *response)
344 uint32_t status = sd->card_status;
345 /* Clear the "clear on read" status bits */
346 sd->card_status &= ~CARD_STATUS_C;
348 response[0] = (status >> 24) & 0xff;
349 response[1] = (status >> 16) & 0xff;
350 response[2] = (status >> 8) & 0xff;
351 response[3] = (status >> 0) & 0xff;
354 static void sd_response_r3_make(SDState *sd, uint8_t *response)
356 response[0] = (sd->ocr >> 24) & 0xff;
357 response[1] = (sd->ocr >> 16) & 0xff;
358 response[2] = (sd->ocr >> 8) & 0xff;
359 response[3] = (sd->ocr >> 0) & 0xff;
362 static void sd_response_r6_make(SDState *sd, uint8_t *response)
368 status = ((sd->card_status >> 8) & 0xc000) |
369 ((sd->card_status >> 6) & 0x2000) |
370 (sd->card_status & 0x1fff);
371 sd->card_status &= ~(CARD_STATUS_C & 0xc81fff);
373 response[0] = (arg >> 8) & 0xff;
374 response[1] = arg & 0xff;
375 response[2] = (status >> 8) & 0xff;
376 response[3] = status & 0xff;
379 static void sd_response_r7_make(SDState *sd, uint8_t *response)
381 response[0] = (sd->vhs >> 24) & 0xff;
382 response[1] = (sd->vhs >> 16) & 0xff;
383 response[2] = (sd->vhs >> 8) & 0xff;
384 response[3] = (sd->vhs >> 0) & 0xff;
387 static inline uint64_t sd_addr_to_wpnum(uint64_t addr)
389 return addr >> (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT);
392 static void sd_reset(SDState *sd)
398 blk_get_geometry(sd->blk, §);
404 sect = sd_addr_to_wpnum(size) + 1;
406 sd->state = sd_idle_state;
411 sd_set_csd(sd, size);
412 sd_set_cardstatus(sd);
416 g_free(sd->wp_groups);
417 sd->wp_switch = sd->blk ? blk_is_read_only(sd->blk) : false;
418 sd->wpgrps_size = sect;
419 sd->wp_groups = bitmap_new(sd->wpgrps_size);
420 memset(sd->function_group, 0, sizeof(sd->function_group));
426 sd->expecting_acmd = false;
429 static void sd_cardchange(void *opaque, bool load)
431 SDState *sd = opaque;
433 qemu_set_irq(sd->inserted_cb, blk_is_inserted(sd->blk));
434 if (blk_is_inserted(sd->blk)) {
436 qemu_set_irq(sd->readonly_cb, sd->wp_switch);
440 static const BlockDevOps sd_block_ops = {
441 .change_media_cb = sd_cardchange,
444 static const VMStateDescription sd_vmstate = {
447 .minimum_version_id = 1,
448 .fields = (VMStateField[]) {
449 VMSTATE_UINT32(mode, SDState),
450 VMSTATE_INT32(state, SDState),
451 VMSTATE_UINT8_ARRAY(cid, SDState, 16),
452 VMSTATE_UINT8_ARRAY(csd, SDState, 16),
453 VMSTATE_UINT16(rca, SDState),
454 VMSTATE_UINT32(card_status, SDState),
455 VMSTATE_PARTIAL_BUFFER(sd_status, SDState, 1),
456 VMSTATE_UINT32(vhs, SDState),
457 VMSTATE_BITMAP(wp_groups, SDState, 0, wpgrps_size),
458 VMSTATE_UINT32(blk_len, SDState),
459 VMSTATE_UINT32(erase_start, SDState),
460 VMSTATE_UINT32(erase_end, SDState),
461 VMSTATE_UINT8_ARRAY(pwd, SDState, 16),
462 VMSTATE_UINT32(pwd_len, SDState),
463 VMSTATE_UINT8_ARRAY(function_group, SDState, 6),
464 VMSTATE_UINT8(current_cmd, SDState),
465 VMSTATE_BOOL(expecting_acmd, SDState),
466 VMSTATE_UINT32(blk_written, SDState),
467 VMSTATE_UINT64(data_start, SDState),
468 VMSTATE_UINT32(data_offset, SDState),
469 VMSTATE_UINT8_ARRAY(data, SDState, 512),
470 VMSTATE_BUFFER_POINTER_UNSAFE(buf, SDState, 1, 512),
471 VMSTATE_BOOL(enable, SDState),
472 VMSTATE_END_OF_LIST()
476 /* We do not model the chip select pin, so allow the board to select
477 whether card should be in SSI or MMC/SD mode. It is also up to the
478 board to ensure that ssi transfers only occur when the chip select
480 SDState *sd_init(BlockBackend *blk, bool is_spi)
484 if (blk && blk_is_read_only(blk)) {
485 fprintf(stderr, "sd_init: Cannot use read-only drive\n");
489 sd = (SDState *) g_malloc0(sizeof(SDState));
490 sd->buf = blk_blockalign(blk, 512);
496 blk_attach_dev_nofail(sd->blk, sd);
497 blk_set_dev_ops(sd->blk, &sd_block_ops, sd);
499 vmstate_register(NULL, -1, &sd_vmstate, sd);
503 void sd_set_cb(SDState *sd, qemu_irq readonly, qemu_irq insert)
505 sd->readonly_cb = readonly;
506 sd->inserted_cb = insert;
507 qemu_set_irq(readonly, sd->blk ? blk_is_read_only(sd->blk) : 0);
508 qemu_set_irq(insert, sd->blk ? blk_is_inserted(sd->blk) : 0);
511 static void sd_erase(SDState *sd)
514 uint64_t erase_start = sd->erase_start;
515 uint64_t erase_end = sd->erase_end;
517 if (!sd->erase_start || !sd->erase_end) {
518 sd->card_status |= ERASE_SEQ_ERROR;
522 if (extract32(sd->ocr, OCR_CCS_BITN, 1)) {
523 /* High capacity memory card: erase units are 512 byte blocks */
528 erase_start = sd_addr_to_wpnum(erase_start);
529 erase_end = sd_addr_to_wpnum(erase_end);
534 for (i = erase_start; i <= erase_end; i++) {
535 if (test_bit(i, sd->wp_groups)) {
536 sd->card_status |= WP_ERASE_SKIP;
541 static uint32_t sd_wpbits(SDState *sd, uint64_t addr)
546 wpnum = sd_addr_to_wpnum(addr);
548 for (i = 0; i < 32; i++, wpnum++, addr += WPGROUP_SIZE) {
549 if (addr < sd->size && test_bit(wpnum, sd->wp_groups)) {
557 static void sd_function_switch(SDState *sd, uint32_t arg)
559 int i, mode, new_func, crc;
560 mode = !!(arg & 0x80000000);
562 sd->data[0] = 0x00; /* Maximum current consumption */
564 sd->data[2] = 0x80; /* Supported group 6 functions */
566 sd->data[4] = 0x80; /* Supported group 5 functions */
568 sd->data[6] = 0x80; /* Supported group 4 functions */
570 sd->data[8] = 0x80; /* Supported group 3 functions */
572 sd->data[10] = 0x80; /* Supported group 2 functions */
574 sd->data[12] = 0x80; /* Supported group 1 functions */
576 for (i = 0; i < 6; i ++) {
577 new_func = (arg >> (i * 4)) & 0x0f;
578 if (mode && new_func != 0x0f)
579 sd->function_group[i] = new_func;
580 sd->data[14 + (i >> 1)] = new_func << ((i * 4) & 4);
582 memset(&sd->data[17], 0, 47);
583 crc = sd_crc16(sd->data, 64);
584 sd->data[65] = crc >> 8;
585 sd->data[66] = crc & 0xff;
588 static inline bool sd_wp_addr(SDState *sd, uint64_t addr)
590 return test_bit(sd_addr_to_wpnum(addr), sd->wp_groups);
593 static void sd_lock_command(SDState *sd)
595 int erase, lock, clr_pwd, set_pwd, pwd_len;
596 erase = !!(sd->data[0] & 0x08);
597 lock = sd->data[0] & 0x04;
598 clr_pwd = sd->data[0] & 0x02;
599 set_pwd = sd->data[0] & 0x01;
602 pwd_len = sd->data[1];
607 if (!(sd->card_status & CARD_IS_LOCKED) || sd->blk_len > 1 ||
608 set_pwd || clr_pwd || lock || sd->wp_switch ||
609 (sd->csd[14] & 0x20)) {
610 sd->card_status |= LOCK_UNLOCK_FAILED;
613 bitmap_zero(sd->wp_groups, sd->wpgrps_size);
614 sd->csd[14] &= ~0x10;
615 sd->card_status &= ~CARD_IS_LOCKED;
617 /* Erasing the entire card here! */
618 fprintf(stderr, "SD: Card force-erased by CMD42\n");
622 if (sd->blk_len < 2 + pwd_len ||
623 pwd_len <= sd->pwd_len ||
624 pwd_len > sd->pwd_len + 16) {
625 sd->card_status |= LOCK_UNLOCK_FAILED;
629 if (sd->pwd_len && memcmp(sd->pwd, sd->data + 2, sd->pwd_len)) {
630 sd->card_status |= LOCK_UNLOCK_FAILED;
634 pwd_len -= sd->pwd_len;
635 if ((pwd_len && !set_pwd) ||
636 (clr_pwd && (set_pwd || lock)) ||
637 (lock && !sd->pwd_len && !set_pwd) ||
638 (!set_pwd && !clr_pwd &&
639 (((sd->card_status & CARD_IS_LOCKED) && lock) ||
640 (!(sd->card_status & CARD_IS_LOCKED) && !lock)))) {
641 sd->card_status |= LOCK_UNLOCK_FAILED;
646 memcpy(sd->pwd, sd->data + 2 + sd->pwd_len, pwd_len);
647 sd->pwd_len = pwd_len;
655 sd->card_status |= CARD_IS_LOCKED;
657 sd->card_status &= ~CARD_IS_LOCKED;
660 static sd_rsp_type_t sd_normal_command(SDState *sd,
663 uint32_t rca = 0x0000;
664 uint64_t addr = (sd->ocr & (1 << 30)) ? (uint64_t) req.arg << 9 : req.arg;
666 /* Not interpreting this as an app command */
667 sd->card_status &= ~APP_CMD;
669 if (sd_cmd_type[req.cmd] == sd_ac || sd_cmd_type[req.cmd] == sd_adtc)
672 DPRINTF("CMD%d 0x%08x state %d\n", req.cmd, req.arg, sd->state);
674 /* Basic commands (Class 0 and Class 1) */
675 case 0: /* CMD0: GO_IDLE_STATE */
677 case sd_inactive_state:
678 return sd->spi ? sd_r1 : sd_r0;
681 sd->state = sd_idle_state;
683 return sd->spi ? sd_r1 : sd_r0;
687 case 1: /* CMD1: SEND_OP_CMD */
691 sd->state = sd_transfer_state;
694 case 2: /* CMD2: ALL_SEND_CID */
699 sd->state = sd_identification_state;
707 case 3: /* CMD3: SEND_RELATIVE_ADDR */
711 case sd_identification_state:
712 case sd_standby_state:
713 sd->state = sd_standby_state;
722 case 4: /* CMD4: SEND_DSR */
726 case sd_standby_state:
734 case 5: /* CMD5: reserved for SDIO cards */
737 case 6: /* CMD6: SWITCH_FUNCTION */
741 case sd_data_transfer_mode:
742 sd_function_switch(sd, req.arg);
743 sd->state = sd_sendingdata_state;
753 case 7: /* CMD7: SELECT/DESELECT_CARD */
757 case sd_standby_state:
761 sd->state = sd_transfer_state;
764 case sd_transfer_state:
765 case sd_sendingdata_state:
769 sd->state = sd_standby_state;
772 case sd_disconnect_state:
776 sd->state = sd_programming_state;
779 case sd_programming_state:
783 sd->state = sd_disconnect_state;
791 case 8: /* CMD8: SEND_IF_COND */
792 /* Physical Layer Specification Version 2.00 command */
797 /* No response if not exactly one VHS bit is set. */
798 if (!(req.arg >> 8) || (req.arg >> (ctz32(req.arg & ~0xff) + 1))) {
799 return sd->spi ? sd_r7 : sd_r0;
811 case 9: /* CMD9: SEND_CSD */
813 case sd_standby_state:
819 case sd_transfer_state:
822 sd->state = sd_sendingdata_state;
823 memcpy(sd->data, sd->csd, 16);
824 sd->data_start = addr;
833 case 10: /* CMD10: SEND_CID */
835 case sd_standby_state:
841 case sd_transfer_state:
844 sd->state = sd_sendingdata_state;
845 memcpy(sd->data, sd->cid, 16);
846 sd->data_start = addr;
855 case 11: /* CMD11: READ_DAT_UNTIL_STOP */
859 case sd_transfer_state:
860 sd->state = sd_sendingdata_state;
861 sd->data_start = req.arg;
864 if (sd->data_start + sd->blk_len > sd->size)
865 sd->card_status |= ADDRESS_ERROR;
873 case 12: /* CMD12: STOP_TRANSMISSION */
875 case sd_sendingdata_state:
876 sd->state = sd_transfer_state;
879 case sd_receivingdata_state:
880 sd->state = sd_programming_state;
881 /* Bzzzzzzztt .... Operation complete. */
882 sd->state = sd_transfer_state;
890 case 13: /* CMD13: SEND_STATUS */
892 case sd_data_transfer_mode:
903 case 15: /* CMD15: GO_INACTIVE_STATE */
907 case sd_data_transfer_mode:
911 sd->state = sd_inactive_state;
919 /* Block read commands (Classs 2) */
920 case 16: /* CMD16: SET_BLOCKLEN */
922 case sd_transfer_state:
923 if (req.arg > (1 << HWBLOCK_SHIFT))
924 sd->card_status |= BLOCK_LEN_ERROR;
926 sd->blk_len = req.arg;
935 case 17: /* CMD17: READ_SINGLE_BLOCK */
937 case sd_transfer_state:
938 sd->state = sd_sendingdata_state;
939 sd->data_start = addr;
942 if (sd->data_start + sd->blk_len > sd->size)
943 sd->card_status |= ADDRESS_ERROR;
951 case 18: /* CMD18: READ_MULTIPLE_BLOCK */
953 case sd_transfer_state:
954 sd->state = sd_sendingdata_state;
955 sd->data_start = addr;
958 if (sd->data_start + sd->blk_len > sd->size)
959 sd->card_status |= ADDRESS_ERROR;
967 /* Block write commands (Class 4) */
968 case 24: /* CMD24: WRITE_SINGLE_BLOCK */
970 goto unimplemented_cmd;
972 case sd_transfer_state:
973 /* Writing in SPI mode not implemented. */
976 sd->state = sd_receivingdata_state;
977 sd->data_start = addr;
981 if (sd->data_start + sd->blk_len > sd->size)
982 sd->card_status |= ADDRESS_ERROR;
983 if (sd_wp_addr(sd, sd->data_start))
984 sd->card_status |= WP_VIOLATION;
985 if (sd->csd[14] & 0x30)
986 sd->card_status |= WP_VIOLATION;
994 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
996 goto unimplemented_cmd;
998 case sd_transfer_state:
999 /* Writing in SPI mode not implemented. */
1002 sd->state = sd_receivingdata_state;
1003 sd->data_start = addr;
1004 sd->data_offset = 0;
1005 sd->blk_written = 0;
1007 if (sd->data_start + sd->blk_len > sd->size)
1008 sd->card_status |= ADDRESS_ERROR;
1009 if (sd_wp_addr(sd, sd->data_start))
1010 sd->card_status |= WP_VIOLATION;
1011 if (sd->csd[14] & 0x30)
1012 sd->card_status |= WP_VIOLATION;
1020 case 26: /* CMD26: PROGRAM_CID */
1023 switch (sd->state) {
1024 case sd_transfer_state:
1025 sd->state = sd_receivingdata_state;
1027 sd->data_offset = 0;
1035 case 27: /* CMD27: PROGRAM_CSD */
1037 goto unimplemented_cmd;
1038 switch (sd->state) {
1039 case sd_transfer_state:
1040 sd->state = sd_receivingdata_state;
1042 sd->data_offset = 0;
1050 /* Write protection (Class 6) */
1051 case 28: /* CMD28: SET_WRITE_PROT */
1052 switch (sd->state) {
1053 case sd_transfer_state:
1054 if (addr >= sd->size) {
1055 sd->card_status |= ADDRESS_ERROR;
1059 sd->state = sd_programming_state;
1060 set_bit(sd_addr_to_wpnum(addr), sd->wp_groups);
1061 /* Bzzzzzzztt .... Operation complete. */
1062 sd->state = sd_transfer_state;
1070 case 29: /* CMD29: CLR_WRITE_PROT */
1071 switch (sd->state) {
1072 case sd_transfer_state:
1073 if (addr >= sd->size) {
1074 sd->card_status |= ADDRESS_ERROR;
1078 sd->state = sd_programming_state;
1079 clear_bit(sd_addr_to_wpnum(addr), sd->wp_groups);
1080 /* Bzzzzzzztt .... Operation complete. */
1081 sd->state = sd_transfer_state;
1089 case 30: /* CMD30: SEND_WRITE_PROT */
1090 switch (sd->state) {
1091 case sd_transfer_state:
1092 sd->state = sd_sendingdata_state;
1093 *(uint32_t *) sd->data = sd_wpbits(sd, req.arg);
1094 sd->data_start = addr;
1095 sd->data_offset = 0;
1103 /* Erase commands (Class 5) */
1104 case 32: /* CMD32: ERASE_WR_BLK_START */
1105 switch (sd->state) {
1106 case sd_transfer_state:
1107 sd->erase_start = req.arg;
1115 case 33: /* CMD33: ERASE_WR_BLK_END */
1116 switch (sd->state) {
1117 case sd_transfer_state:
1118 sd->erase_end = req.arg;
1126 case 38: /* CMD38: ERASE */
1127 switch (sd->state) {
1128 case sd_transfer_state:
1129 if (sd->csd[14] & 0x30) {
1130 sd->card_status |= WP_VIOLATION;
1134 sd->state = sd_programming_state;
1136 /* Bzzzzzzztt .... Operation complete. */
1137 sd->state = sd_transfer_state;
1145 /* Lock card commands (Class 7) */
1146 case 42: /* CMD42: LOCK_UNLOCK */
1148 goto unimplemented_cmd;
1149 switch (sd->state) {
1150 case sd_transfer_state:
1151 sd->state = sd_receivingdata_state;
1153 sd->data_offset = 0;
1163 /* CMD52, CMD53: reserved for SDIO cards
1164 * (see the SDIO Simplified Specification V2.0)
1165 * Handle as illegal command but do not complain
1166 * on stderr, as some OSes may use these in their
1167 * probing for presence of an SDIO card.
1171 /* Application specific commands (Class 8) */
1172 case 55: /* CMD55: APP_CMD */
1176 sd->expecting_acmd = true;
1177 sd->card_status |= APP_CMD;
1180 case 56: /* CMD56: GEN_CMD */
1181 fprintf(stderr, "SD: GEN_CMD 0x%08x\n", req.arg);
1183 switch (sd->state) {
1184 case sd_transfer_state:
1185 sd->data_offset = 0;
1187 sd->state = sd_sendingdata_state;
1189 sd->state = sd_receivingdata_state;
1199 fprintf(stderr, "SD: Unknown CMD%i\n", req.cmd);
1203 /* Commands that are recognised but not yet implemented in SPI mode. */
1204 fprintf(stderr, "SD: CMD%i not implemented in SPI mode\n", req.cmd);
1208 fprintf(stderr, "SD: CMD%i in a wrong state\n", req.cmd);
1212 static sd_rsp_type_t sd_app_command(SDState *sd,
1215 DPRINTF("ACMD%d 0x%08x\n", req.cmd, req.arg);
1216 sd->card_status |= APP_CMD;
1218 case 6: /* ACMD6: SET_BUS_WIDTH */
1219 switch (sd->state) {
1220 case sd_transfer_state:
1221 sd->sd_status[0] &= 0x3f;
1222 sd->sd_status[0] |= (req.arg & 0x03) << 6;
1230 case 13: /* ACMD13: SD_STATUS */
1231 switch (sd->state) {
1232 case sd_transfer_state:
1233 sd->state = sd_sendingdata_state;
1235 sd->data_offset = 0;
1243 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
1244 switch (sd->state) {
1245 case sd_transfer_state:
1246 *(uint32_t *) sd->data = sd->blk_written;
1248 sd->state = sd_sendingdata_state;
1250 sd->data_offset = 0;
1258 case 23: /* ACMD23: SET_WR_BLK_ERASE_COUNT */
1259 switch (sd->state) {
1260 case sd_transfer_state:
1268 case 41: /* ACMD41: SD_APP_OP_COND */
1271 sd->state = sd_transfer_state;
1274 switch (sd->state) {
1276 /* We accept any voltage. 10000 V is nothing.
1278 * We don't model init delay so just advance straight to ready state
1279 * unless it's an enquiry ACMD41 (bits 23:0 == 0).
1281 if (req.arg & ACMD41_ENQUIRY_MASK) {
1282 sd->state = sd_ready_state;
1292 case 42: /* ACMD42: SET_CLR_CARD_DETECT */
1293 switch (sd->state) {
1294 case sd_transfer_state:
1295 /* Bringing in the 50KOhm pull-up resistor... Done. */
1303 case 51: /* ACMD51: SEND_SCR */
1304 switch (sd->state) {
1305 case sd_transfer_state:
1306 sd->state = sd_sendingdata_state;
1308 sd->data_offset = 0;
1317 /* Fall back to standard commands. */
1318 return sd_normal_command(sd, req);
1321 fprintf(stderr, "SD: ACMD%i in a wrong state\n", req.cmd);
1325 static int cmd_valid_while_locked(SDState *sd, SDRequest *req)
1327 /* Valid commands in locked state:
1329 * lock card class (7)
1331 * implicitly, the ACMD prefix CMD55
1333 * Anything else provokes an "illegal command" response.
1335 if (sd->expecting_acmd) {
1336 return req->cmd == 41 || req->cmd == 42;
1338 if (req->cmd == 16 || req->cmd == 55) {
1341 return sd_cmd_class[req->cmd] == 0 || sd_cmd_class[req->cmd] == 7;
1344 int sd_do_command(SDState *sd, SDRequest *req,
1345 uint8_t *response) {
1347 sd_rsp_type_t rtype;
1350 if (!sd->blk || !blk_is_inserted(sd->blk) || !sd->enable) {
1354 if (sd_req_crc_validate(req)) {
1355 sd->card_status |= COM_CRC_ERROR;
1360 if (sd->card_status & CARD_IS_LOCKED) {
1361 if (!cmd_valid_while_locked(sd, req)) {
1362 sd->card_status |= ILLEGAL_COMMAND;
1363 sd->expecting_acmd = false;
1364 fprintf(stderr, "SD: Card is locked\n");
1370 last_state = sd->state;
1373 if (sd->expecting_acmd) {
1374 sd->expecting_acmd = false;
1375 rtype = sd_app_command(sd, *req);
1377 rtype = sd_normal_command(sd, *req);
1380 if (rtype == sd_illegal) {
1381 sd->card_status |= ILLEGAL_COMMAND;
1383 /* Valid command, we can update the 'state before command' bits.
1384 * (Do this now so they appear in r1 responses.)
1386 sd->current_cmd = req->cmd;
1387 sd->card_status &= ~CURRENT_STATE;
1388 sd->card_status |= (last_state << 9);
1395 sd_response_r1_make(sd, response);
1400 memcpy(response, sd->cid, sizeof(sd->cid));
1405 memcpy(response, sd->csd, sizeof(sd->csd));
1410 sd_response_r3_make(sd, response);
1415 sd_response_r6_make(sd, response);
1420 sd_response_r7_make(sd, response);
1431 if (rtype != sd_illegal) {
1432 /* Clear the "clear on valid command" status bits now we've
1435 sd->card_status &= ~CARD_STATUS_B;
1441 DPRINTF("Response:");
1442 for (i = 0; i < rsplen; i++)
1443 fprintf(stderr, " %02x", response[i]);
1444 fprintf(stderr, " state %d\n", sd->state);
1446 DPRINTF("No response %d\n", sd->state);
1453 static void sd_blk_read(SDState *sd, uint64_t addr, uint32_t len)
1455 uint64_t end = addr + len;
1457 DPRINTF("sd_blk_read: addr = 0x%08llx, len = %d\n",
1458 (unsigned long long) addr, len);
1459 if (!sd->blk || blk_read(sd->blk, addr >> 9, sd->buf, 1) < 0) {
1460 fprintf(stderr, "sd_blk_read: read error on host side\n");
1464 if (end > (addr & ~511) + 512) {
1465 memcpy(sd->data, sd->buf + (addr & 511), 512 - (addr & 511));
1467 if (blk_read(sd->blk, end >> 9, sd->buf, 1) < 0) {
1468 fprintf(stderr, "sd_blk_read: read error on host side\n");
1471 memcpy(sd->data + 512 - (addr & 511), sd->buf, end & 511);
1473 memcpy(sd->data, sd->buf + (addr & 511), len);
1476 static void sd_blk_write(SDState *sd, uint64_t addr, uint32_t len)
1478 uint64_t end = addr + len;
1480 if ((addr & 511) || len < 512)
1481 if (!sd->blk || blk_read(sd->blk, addr >> 9, sd->buf, 1) < 0) {
1482 fprintf(stderr, "sd_blk_write: read error on host side\n");
1486 if (end > (addr & ~511) + 512) {
1487 memcpy(sd->buf + (addr & 511), sd->data, 512 - (addr & 511));
1488 if (blk_write(sd->blk, addr >> 9, sd->buf, 1) < 0) {
1489 fprintf(stderr, "sd_blk_write: write error on host side\n");
1493 if (blk_read(sd->blk, end >> 9, sd->buf, 1) < 0) {
1494 fprintf(stderr, "sd_blk_write: read error on host side\n");
1497 memcpy(sd->buf, sd->data + 512 - (addr & 511), end & 511);
1498 if (blk_write(sd->blk, end >> 9, sd->buf, 1) < 0) {
1499 fprintf(stderr, "sd_blk_write: write error on host side\n");
1502 memcpy(sd->buf + (addr & 511), sd->data, len);
1503 if (!sd->blk || blk_write(sd->blk, addr >> 9, sd->buf, 1) < 0) {
1504 fprintf(stderr, "sd_blk_write: write error on host side\n");
1509 #define BLK_READ_BLOCK(a, len) sd_blk_read(sd, a, len)
1510 #define BLK_WRITE_BLOCK(a, len) sd_blk_write(sd, a, len)
1511 #define APP_READ_BLOCK(a, len) memset(sd->data, 0xec, len)
1512 #define APP_WRITE_BLOCK(a, len)
1514 void sd_write_data(SDState *sd, uint8_t value)
1518 if (!sd->blk || !blk_is_inserted(sd->blk) || !sd->enable)
1521 if (sd->state != sd_receivingdata_state) {
1522 fprintf(stderr, "sd_write_data: not in Receiving-Data state\n");
1526 if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION))
1529 switch (sd->current_cmd) {
1530 case 24: /* CMD24: WRITE_SINGLE_BLOCK */
1531 sd->data[sd->data_offset ++] = value;
1532 if (sd->data_offset >= sd->blk_len) {
1533 /* TODO: Check CRC before committing */
1534 sd->state = sd_programming_state;
1535 BLK_WRITE_BLOCK(sd->data_start, sd->data_offset);
1537 sd->csd[14] |= 0x40;
1538 /* Bzzzzzzztt .... Operation complete. */
1539 sd->state = sd_transfer_state;
1543 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
1544 if (sd->data_offset == 0) {
1545 /* Start of the block - let's check the address is valid */
1546 if (sd->data_start + sd->blk_len > sd->size) {
1547 sd->card_status |= ADDRESS_ERROR;
1550 if (sd_wp_addr(sd, sd->data_start)) {
1551 sd->card_status |= WP_VIOLATION;
1555 sd->data[sd->data_offset++] = value;
1556 if (sd->data_offset >= sd->blk_len) {
1557 /* TODO: Check CRC before committing */
1558 sd->state = sd_programming_state;
1559 BLK_WRITE_BLOCK(sd->data_start, sd->data_offset);
1561 sd->data_start += sd->blk_len;
1562 sd->data_offset = 0;
1563 sd->csd[14] |= 0x40;
1565 /* Bzzzzzzztt .... Operation complete. */
1566 sd->state = sd_receivingdata_state;
1570 case 26: /* CMD26: PROGRAM_CID */
1571 sd->data[sd->data_offset ++] = value;
1572 if (sd->data_offset >= sizeof(sd->cid)) {
1573 /* TODO: Check CRC before committing */
1574 sd->state = sd_programming_state;
1575 for (i = 0; i < sizeof(sd->cid); i ++)
1576 if ((sd->cid[i] | 0x00) != sd->data[i])
1577 sd->card_status |= CID_CSD_OVERWRITE;
1579 if (!(sd->card_status & CID_CSD_OVERWRITE))
1580 for (i = 0; i < sizeof(sd->cid); i ++) {
1582 sd->cid[i] &= sd->data[i];
1584 /* Bzzzzzzztt .... Operation complete. */
1585 sd->state = sd_transfer_state;
1589 case 27: /* CMD27: PROGRAM_CSD */
1590 sd->data[sd->data_offset ++] = value;
1591 if (sd->data_offset >= sizeof(sd->csd)) {
1592 /* TODO: Check CRC before committing */
1593 sd->state = sd_programming_state;
1594 for (i = 0; i < sizeof(sd->csd); i ++)
1595 if ((sd->csd[i] | sd_csd_rw_mask[i]) !=
1596 (sd->data[i] | sd_csd_rw_mask[i]))
1597 sd->card_status |= CID_CSD_OVERWRITE;
1599 /* Copy flag (OTP) & Permanent write protect */
1600 if (sd->csd[14] & ~sd->data[14] & 0x60)
1601 sd->card_status |= CID_CSD_OVERWRITE;
1603 if (!(sd->card_status & CID_CSD_OVERWRITE))
1604 for (i = 0; i < sizeof(sd->csd); i ++) {
1605 sd->csd[i] |= sd_csd_rw_mask[i];
1606 sd->csd[i] &= sd->data[i];
1608 /* Bzzzzzzztt .... Operation complete. */
1609 sd->state = sd_transfer_state;
1613 case 42: /* CMD42: LOCK_UNLOCK */
1614 sd->data[sd->data_offset ++] = value;
1615 if (sd->data_offset >= sd->blk_len) {
1616 /* TODO: Check CRC before committing */
1617 sd->state = sd_programming_state;
1618 sd_lock_command(sd);
1619 /* Bzzzzzzztt .... Operation complete. */
1620 sd->state = sd_transfer_state;
1624 case 56: /* CMD56: GEN_CMD */
1625 sd->data[sd->data_offset ++] = value;
1626 if (sd->data_offset >= sd->blk_len) {
1627 APP_WRITE_BLOCK(sd->data_start, sd->data_offset);
1628 sd->state = sd_transfer_state;
1633 fprintf(stderr, "sd_write_data: unknown command\n");
1638 uint8_t sd_read_data(SDState *sd)
1640 /* TODO: Append CRCs */
1644 if (!sd->blk || !blk_is_inserted(sd->blk) || !sd->enable)
1647 if (sd->state != sd_sendingdata_state) {
1648 fprintf(stderr, "sd_read_data: not in Sending-Data state\n");
1652 if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION))
1655 io_len = (sd->ocr & (1 << 30)) ? 512 : sd->blk_len;
1657 switch (sd->current_cmd) {
1658 case 6: /* CMD6: SWITCH_FUNCTION */
1659 ret = sd->data[sd->data_offset ++];
1661 if (sd->data_offset >= 64)
1662 sd->state = sd_transfer_state;
1665 case 9: /* CMD9: SEND_CSD */
1666 case 10: /* CMD10: SEND_CID */
1667 ret = sd->data[sd->data_offset ++];
1669 if (sd->data_offset >= 16)
1670 sd->state = sd_transfer_state;
1673 case 11: /* CMD11: READ_DAT_UNTIL_STOP */
1674 if (sd->data_offset == 0)
1675 BLK_READ_BLOCK(sd->data_start, io_len);
1676 ret = sd->data[sd->data_offset ++];
1678 if (sd->data_offset >= io_len) {
1679 sd->data_start += io_len;
1680 sd->data_offset = 0;
1681 if (sd->data_start + io_len > sd->size) {
1682 sd->card_status |= ADDRESS_ERROR;
1688 case 13: /* ACMD13: SD_STATUS */
1689 ret = sd->sd_status[sd->data_offset ++];
1691 if (sd->data_offset >= sizeof(sd->sd_status))
1692 sd->state = sd_transfer_state;
1695 case 17: /* CMD17: READ_SINGLE_BLOCK */
1696 if (sd->data_offset == 0)
1697 BLK_READ_BLOCK(sd->data_start, io_len);
1698 ret = sd->data[sd->data_offset ++];
1700 if (sd->data_offset >= io_len)
1701 sd->state = sd_transfer_state;
1704 case 18: /* CMD18: READ_MULTIPLE_BLOCK */
1705 if (sd->data_offset == 0)
1706 BLK_READ_BLOCK(sd->data_start, io_len);
1707 ret = sd->data[sd->data_offset ++];
1709 if (sd->data_offset >= io_len) {
1710 sd->data_start += io_len;
1711 sd->data_offset = 0;
1712 if (sd->data_start + io_len > sd->size) {
1713 sd->card_status |= ADDRESS_ERROR;
1719 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
1720 ret = sd->data[sd->data_offset ++];
1722 if (sd->data_offset >= 4)
1723 sd->state = sd_transfer_state;
1726 case 30: /* CMD30: SEND_WRITE_PROT */
1727 ret = sd->data[sd->data_offset ++];
1729 if (sd->data_offset >= 4)
1730 sd->state = sd_transfer_state;
1733 case 51: /* ACMD51: SEND_SCR */
1734 ret = sd->scr[sd->data_offset ++];
1736 if (sd->data_offset >= sizeof(sd->scr))
1737 sd->state = sd_transfer_state;
1740 case 56: /* CMD56: GEN_CMD */
1741 if (sd->data_offset == 0)
1742 APP_READ_BLOCK(sd->data_start, sd->blk_len);
1743 ret = sd->data[sd->data_offset ++];
1745 if (sd->data_offset >= sd->blk_len)
1746 sd->state = sd_transfer_state;
1750 fprintf(stderr, "sd_read_data: unknown command\n");
1757 bool sd_data_ready(SDState *sd)
1759 return sd->state == sd_sendingdata_state;
1762 void sd_enable(SDState *sd, bool enable)
1764 sd->enable = enable;
Code Review / kvmfornfv.git / blob