2 * SD Memory Card emulation as defined in the "SD Memory Card Physical
3 * layer specification, Version 1.10."
5 * Copyright (c) 2006 Andrzej Zaborowski <balrog@zabor.org>
6 * Copyright (c) 2007 CodeSourcery
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in
16 * the documentation and/or other materials provided with the
19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS''
20 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
21 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
22 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR
23 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
24 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
25 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
26 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
27 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
28 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
29 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
32 #include "qemu/osdep.h"
35 #include "sysemu/block-backend.h"
37 #include "qapi/error.h"
38 #include "qemu/bitmap.h"
39 #include "hw/qdev-properties.h"
40 #include "qemu/error-report.h"
41 #include "qemu/timer.h"
46 #define DPRINTF(fmt, ...) \
47 do { fprintf(stderr, "SD: " fmt , ## __VA_ARGS__); } while (0)
49 #define DPRINTF(fmt, ...) do {} while(0)
52 #define ACMD41_ENQUIRY_MASK 0x00ffffff
53 #define OCR_POWER_UP 0x80000000
54 #define OCR_POWER_DELAY_NS 500000 /* 0.5ms */
57 sd_r0 = 0, /* no response */
58 sd_r1, /* normal response command */
59 sd_r2_i, /* CID register */
60 sd_r2_s, /* CSD register */
61 sd_r3, /* OCR register */
62 sd_r6 = 6, /* Published RCA response */
63 sd_r7, /* Operating voltage */
70 sd_card_identification_mode,
71 sd_data_transfer_mode,
75 sd_inactive_state = -1,
78 sd_identification_state,
82 sd_receivingdata_state,
88 DeviceState parent_obj;
90 uint32_t mode; /* current card mode, one of SDCardModes */
91 int32_t state; /* current card state, one of SDCardStates */
93 QEMUTimer *ocr_power_timer;
99 uint8_t sd_status[64];
102 unsigned long *wp_groups;
106 uint32_t multi_blk_cnt;
107 uint32_t erase_start;
111 uint8_t function_group[6];
115 /* True if we will handle the next command as an ACMD. Note that this does
116 * *not* track the APP_CMD status bit!
119 uint32_t blk_written;
121 uint32_t data_offset;
123 qemu_irq readonly_cb;
124 qemu_irq inserted_cb;
131 static void sd_set_mode(SDState *sd)
134 case sd_inactive_state:
135 sd->mode = sd_inactive;
140 case sd_identification_state:
141 sd->mode = sd_card_identification_mode;
144 case sd_standby_state:
145 case sd_transfer_state:
146 case sd_sendingdata_state:
147 case sd_receivingdata_state:
148 case sd_programming_state:
149 case sd_disconnect_state:
150 sd->mode = sd_data_transfer_mode;
155 static const sd_cmd_type_t sd_cmd_type[64] = {
156 sd_bc, sd_none, sd_bcr, sd_bcr, sd_none, sd_none, sd_none, sd_ac,
157 sd_bcr, sd_ac, sd_ac, sd_adtc, sd_ac, sd_ac, sd_none, sd_ac,
158 sd_ac, sd_adtc, sd_adtc, sd_none, sd_none, sd_none, sd_none, sd_none,
159 sd_adtc, sd_adtc, sd_adtc, sd_adtc, sd_ac, sd_ac, sd_adtc, sd_none,
160 sd_ac, sd_ac, sd_none, sd_none, sd_none, sd_none, sd_ac, sd_none,
161 sd_none, sd_none, sd_bc, sd_none, sd_none, sd_none, sd_none, sd_none,
162 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_ac,
163 sd_adtc, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
166 static const int sd_cmd_class[64] = {
167 0, 0, 0, 0, 0, 9, 10, 0, 0, 0, 0, 1, 0, 0, 0, 0,
168 2, 2, 2, 2, 3, 3, 3, 3, 4, 4, 4, 4, 6, 6, 6, 6,
169 5, 5, 10, 10, 10, 10, 5, 9, 9, 9, 7, 7, 7, 7, 7, 7,
170 7, 7, 10, 7, 9, 9, 9, 8, 8, 10, 8, 8, 8, 8, 8, 8,
173 static uint8_t sd_crc7(void *message, size_t width)
176 uint8_t shift_reg = 0x00;
177 uint8_t *msg = (uint8_t *) message;
179 for (i = 0; i < width; i ++, msg ++)
180 for (bit = 7; bit >= 0; bit --) {
182 if ((shift_reg >> 7) ^ ((*msg >> bit) & 1))
189 static uint16_t sd_crc16(void *message, size_t width)
192 uint16_t shift_reg = 0x0000;
193 uint16_t *msg = (uint16_t *) message;
196 for (i = 0; i < width; i ++, msg ++)
197 for (bit = 15; bit >= 0; bit --) {
199 if ((shift_reg >> 15) ^ ((*msg >> bit) & 1))
206 static void sd_set_ocr(SDState *sd)
208 /* All voltages OK, Standard Capacity SD Memory Card, not yet powered up */
209 sd->ocr = 0x00ffff00;
212 static void sd_ocr_powerup(void *opaque)
214 SDState *sd = opaque;
216 /* Set powered up bit in OCR */
217 assert(!(sd->ocr & OCR_POWER_UP));
218 sd->ocr |= OCR_POWER_UP;
221 static void sd_set_scr(SDState *sd)
223 sd->scr[0] = 0x00; /* SCR Structure */
224 sd->scr[1] = 0x2f; /* SD Security Support */
240 static void sd_set_cid(SDState *sd)
242 sd->cid[0] = MID; /* Fake card manufacturer ID (MID) */
243 sd->cid[1] = OID[0]; /* OEM/Application ID (OID) */
245 sd->cid[3] = PNM[0]; /* Fake product name (PNM) */
250 sd->cid[8] = PRV; /* Fake product revision (PRV) */
251 sd->cid[9] = 0xde; /* Fake serial number (PSN) */
255 sd->cid[13] = 0x00 | /* Manufacture date (MDT) */
256 ((MDT_YR - 2000) / 10);
257 sd->cid[14] = ((MDT_YR % 10) << 4) | MDT_MON;
258 sd->cid[15] = (sd_crc7(sd->cid, 15) << 1) | 1;
261 #define HWBLOCK_SHIFT 9 /* 512 bytes */
262 #define SECTOR_SHIFT 5 /* 16 kilobytes */
263 #define WPGROUP_SHIFT 7 /* 2 megs */
264 #define CMULT_SHIFT 9 /* 512 times HWBLOCK_SIZE */
265 #define WPGROUP_SIZE (1 << (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT))
267 static const uint8_t sd_csd_rw_mask[16] = {
268 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
269 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xfc, 0xfe,
272 static void sd_set_csd(SDState *sd, uint64_t size)
274 uint32_t csize = (size >> (CMULT_SHIFT + HWBLOCK_SHIFT)) - 1;
275 uint32_t sectsize = (1 << (SECTOR_SHIFT + 1)) - 1;
276 uint32_t wpsize = (1 << (WPGROUP_SHIFT + 1)) - 1;
278 if (size <= 0x40000000) { /* Standard Capacity SD */
279 sd->csd[0] = 0x00; /* CSD structure */
280 sd->csd[1] = 0x26; /* Data read access-time-1 */
281 sd->csd[2] = 0x00; /* Data read access-time-2 */
282 sd->csd[3] = 0x5a; /* Max. data transfer rate */
283 sd->csd[4] = 0x5f; /* Card Command Classes */
284 sd->csd[5] = 0x50 | /* Max. read data block length */
286 sd->csd[6] = 0xe0 | /* Partial block for read allowed */
287 ((csize >> 10) & 0x03);
288 sd->csd[7] = 0x00 | /* Device size */
289 ((csize >> 2) & 0xff);
290 sd->csd[8] = 0x3f | /* Max. read current */
291 ((csize << 6) & 0xc0);
292 sd->csd[9] = 0xfc | /* Max. write current */
293 ((CMULT_SHIFT - 2) >> 1);
294 sd->csd[10] = 0x40 | /* Erase sector size */
295 (((CMULT_SHIFT - 2) << 7) & 0x80) | (sectsize >> 1);
296 sd->csd[11] = 0x00 | /* Write protect group size */
297 ((sectsize << 7) & 0x80) | wpsize;
298 sd->csd[12] = 0x90 | /* Write speed factor */
299 (HWBLOCK_SHIFT >> 2);
300 sd->csd[13] = 0x20 | /* Max. write data block length */
301 ((HWBLOCK_SHIFT << 6) & 0xc0);
302 sd->csd[14] = 0x00; /* File format group */
303 sd->csd[15] = (sd_crc7(sd->csd, 15) << 1) | 1;
314 sd->csd[7] = (size >> 16) & 0xff;
315 sd->csd[8] = (size >> 8) & 0xff;
316 sd->csd[9] = (size & 0xff);
323 sd->ocr |= 1 << 30; /* High Capacity SD Memory Card */
327 static void sd_set_rca(SDState *sd)
332 /* Card status bits, split by clear condition:
333 * A : According to the card current state
334 * B : Always related to the previous command
335 * C : Cleared by read
337 #define CARD_STATUS_A 0x02004100
338 #define CARD_STATUS_B 0x00c01e00
339 #define CARD_STATUS_C 0xfd39a028
341 static void sd_set_cardstatus(SDState *sd)
343 sd->card_status = 0x00000100;
346 static void sd_set_sdstatus(SDState *sd)
348 memset(sd->sd_status, 0, 64);
351 static int sd_req_crc_validate(SDRequest *req)
354 buffer[0] = 0x40 | req->cmd;
355 buffer[1] = (req->arg >> 24) & 0xff;
356 buffer[2] = (req->arg >> 16) & 0xff;
357 buffer[3] = (req->arg >> 8) & 0xff;
358 buffer[4] = (req->arg >> 0) & 0xff;
360 return sd_crc7(buffer, 5) != req->crc; /* TODO */
363 static void sd_response_r1_make(SDState *sd, uint8_t *response)
365 uint32_t status = sd->card_status;
366 /* Clear the "clear on read" status bits */
367 sd->card_status &= ~CARD_STATUS_C;
369 response[0] = (status >> 24) & 0xff;
370 response[1] = (status >> 16) & 0xff;
371 response[2] = (status >> 8) & 0xff;
372 response[3] = (status >> 0) & 0xff;
375 static void sd_response_r3_make(SDState *sd, uint8_t *response)
377 response[0] = (sd->ocr >> 24) & 0xff;
378 response[1] = (sd->ocr >> 16) & 0xff;
379 response[2] = (sd->ocr >> 8) & 0xff;
380 response[3] = (sd->ocr >> 0) & 0xff;
383 static void sd_response_r6_make(SDState *sd, uint8_t *response)
389 status = ((sd->card_status >> 8) & 0xc000) |
390 ((sd->card_status >> 6) & 0x2000) |
391 (sd->card_status & 0x1fff);
392 sd->card_status &= ~(CARD_STATUS_C & 0xc81fff);
394 response[0] = (arg >> 8) & 0xff;
395 response[1] = arg & 0xff;
396 response[2] = (status >> 8) & 0xff;
397 response[3] = status & 0xff;
400 static void sd_response_r7_make(SDState *sd, uint8_t *response)
402 response[0] = (sd->vhs >> 24) & 0xff;
403 response[1] = (sd->vhs >> 16) & 0xff;
404 response[2] = (sd->vhs >> 8) & 0xff;
405 response[3] = (sd->vhs >> 0) & 0xff;
408 static inline uint64_t sd_addr_to_wpnum(uint64_t addr)
410 return addr >> (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT);
413 static void sd_reset(DeviceState *dev)
415 SDState *sd = SD_CARD(dev);
420 blk_get_geometry(sd->blk, §);
426 sect = sd_addr_to_wpnum(size) + 1;
428 sd->state = sd_idle_state;
433 sd_set_csd(sd, size);
434 sd_set_cardstatus(sd);
437 g_free(sd->wp_groups);
438 sd->wp_switch = sd->blk ? blk_is_read_only(sd->blk) : false;
439 sd->wpgrps_size = sect;
440 sd->wp_groups = bitmap_new(sd->wpgrps_size);
441 memset(sd->function_group, 0, sizeof(sd->function_group));
447 sd->expecting_acmd = false;
448 sd->multi_blk_cnt = 0;
451 static bool sd_get_inserted(SDState *sd)
453 return sd->blk && blk_is_inserted(sd->blk);
456 static bool sd_get_readonly(SDState *sd)
458 return sd->wp_switch;
461 static void sd_cardchange(void *opaque, bool load)
463 SDState *sd = opaque;
464 DeviceState *dev = DEVICE(sd);
465 SDBus *sdbus = SD_BUS(qdev_get_parent_bus(dev));
466 bool inserted = sd_get_inserted(sd);
467 bool readonly = sd_get_readonly(sd);
473 /* The IRQ notification is for legacy non-QOM SD controller devices;
474 * QOMified controllers use the SDBus APIs.
477 sdbus_set_inserted(sdbus, inserted);
479 sdbus_set_readonly(sdbus, readonly);
482 qemu_set_irq(sd->inserted_cb, inserted);
484 qemu_set_irq(sd->readonly_cb, readonly);
489 static const BlockDevOps sd_block_ops = {
490 .change_media_cb = sd_cardchange,
493 static bool sd_ocr_vmstate_needed(void *opaque)
495 SDState *sd = opaque;
497 /* Include the OCR state (and timer) if it is not yet powered up */
498 return !(sd->ocr & OCR_POWER_UP);
501 static const VMStateDescription sd_ocr_vmstate = {
502 .name = "sd-card/ocr-state",
504 .minimum_version_id = 1,
505 .needed = sd_ocr_vmstate_needed,
506 .fields = (VMStateField[]) {
507 VMSTATE_UINT32(ocr, SDState),
508 VMSTATE_TIMER_PTR(ocr_power_timer, SDState),
509 VMSTATE_END_OF_LIST()
513 static int sd_vmstate_pre_load(void *opaque)
515 SDState *sd = opaque;
517 /* If the OCR state is not included (prior versions, or not
518 * needed), then the OCR must be set as powered up. If the OCR state
519 * is included, this will be replaced by the state restore.
526 static const VMStateDescription sd_vmstate = {
529 .minimum_version_id = 1,
530 .pre_load = sd_vmstate_pre_load,
531 .fields = (VMStateField[]) {
532 VMSTATE_UINT32(mode, SDState),
533 VMSTATE_INT32(state, SDState),
534 VMSTATE_UINT8_ARRAY(cid, SDState, 16),
535 VMSTATE_UINT8_ARRAY(csd, SDState, 16),
536 VMSTATE_UINT16(rca, SDState),
537 VMSTATE_UINT32(card_status, SDState),
538 VMSTATE_PARTIAL_BUFFER(sd_status, SDState, 1),
539 VMSTATE_UINT32(vhs, SDState),
540 VMSTATE_BITMAP(wp_groups, SDState, 0, wpgrps_size),
541 VMSTATE_UINT32(blk_len, SDState),
542 VMSTATE_UINT32(multi_blk_cnt, SDState),
543 VMSTATE_UINT32(erase_start, SDState),
544 VMSTATE_UINT32(erase_end, SDState),
545 VMSTATE_UINT8_ARRAY(pwd, SDState, 16),
546 VMSTATE_UINT32(pwd_len, SDState),
547 VMSTATE_UINT8_ARRAY(function_group, SDState, 6),
548 VMSTATE_UINT8(current_cmd, SDState),
549 VMSTATE_BOOL(expecting_acmd, SDState),
550 VMSTATE_UINT32(blk_written, SDState),
551 VMSTATE_UINT64(data_start, SDState),
552 VMSTATE_UINT32(data_offset, SDState),
553 VMSTATE_UINT8_ARRAY(data, SDState, 512),
554 VMSTATE_BUFFER_POINTER_UNSAFE(buf, SDState, 1, 512),
555 VMSTATE_BOOL(enable, SDState),
556 VMSTATE_END_OF_LIST()
558 .subsections = (const VMStateDescription*[]) {
564 /* Legacy initialization function for use by non-qdevified callers */
565 SDState *sd_init(BlockBackend *blk, bool is_spi)
571 obj = object_new(TYPE_SD_CARD);
573 qdev_prop_set_drive(dev, "drive", blk, &err);
575 error_report("sd_init failed: %s", error_get_pretty(err));
578 qdev_prop_set_bit(dev, "spi", is_spi);
579 object_property_set_bool(obj, true, "realized", &err);
581 error_report("sd_init failed: %s", error_get_pretty(err));
588 void sd_set_cb(SDState *sd, qemu_irq readonly, qemu_irq insert)
590 sd->readonly_cb = readonly;
591 sd->inserted_cb = insert;
592 qemu_set_irq(readonly, sd->blk ? blk_is_read_only(sd->blk) : 0);
593 qemu_set_irq(insert, sd->blk ? blk_is_inserted(sd->blk) : 0);
596 static void sd_erase(SDState *sd)
599 uint64_t erase_start = sd->erase_start;
600 uint64_t erase_end = sd->erase_end;
602 if (!sd->erase_start || !sd->erase_end) {
603 sd->card_status |= ERASE_SEQ_ERROR;
607 if (extract32(sd->ocr, OCR_CCS_BITN, 1)) {
608 /* High capacity memory card: erase units are 512 byte blocks */
613 erase_start = sd_addr_to_wpnum(erase_start);
614 erase_end = sd_addr_to_wpnum(erase_end);
619 for (i = erase_start; i <= erase_end; i++) {
620 if (test_bit(i, sd->wp_groups)) {
621 sd->card_status |= WP_ERASE_SKIP;
626 static uint32_t sd_wpbits(SDState *sd, uint64_t addr)
631 wpnum = sd_addr_to_wpnum(addr);
633 for (i = 0; i < 32; i++, wpnum++, addr += WPGROUP_SIZE) {
634 if (addr < sd->size && test_bit(wpnum, sd->wp_groups)) {
642 static void sd_function_switch(SDState *sd, uint32_t arg)
644 int i, mode, new_func, crc;
645 mode = !!(arg & 0x80000000);
647 sd->data[0] = 0x00; /* Maximum current consumption */
649 sd->data[2] = 0x80; /* Supported group 6 functions */
651 sd->data[4] = 0x80; /* Supported group 5 functions */
653 sd->data[6] = 0x80; /* Supported group 4 functions */
655 sd->data[8] = 0x80; /* Supported group 3 functions */
657 sd->data[10] = 0x80; /* Supported group 2 functions */
659 sd->data[12] = 0x80; /* Supported group 1 functions */
661 for (i = 0; i < 6; i ++) {
662 new_func = (arg >> (i * 4)) & 0x0f;
663 if (mode && new_func != 0x0f)
664 sd->function_group[i] = new_func;
665 sd->data[14 + (i >> 1)] = new_func << ((i * 4) & 4);
667 memset(&sd->data[17], 0, 47);
668 crc = sd_crc16(sd->data, 64);
669 sd->data[65] = crc >> 8;
670 sd->data[66] = crc & 0xff;
673 static inline bool sd_wp_addr(SDState *sd, uint64_t addr)
675 return test_bit(sd_addr_to_wpnum(addr), sd->wp_groups);
678 static void sd_lock_command(SDState *sd)
680 int erase, lock, clr_pwd, set_pwd, pwd_len;
681 erase = !!(sd->data[0] & 0x08);
682 lock = sd->data[0] & 0x04;
683 clr_pwd = sd->data[0] & 0x02;
684 set_pwd = sd->data[0] & 0x01;
687 pwd_len = sd->data[1];
692 if (!(sd->card_status & CARD_IS_LOCKED) || sd->blk_len > 1 ||
693 set_pwd || clr_pwd || lock || sd->wp_switch ||
694 (sd->csd[14] & 0x20)) {
695 sd->card_status |= LOCK_UNLOCK_FAILED;
698 bitmap_zero(sd->wp_groups, sd->wpgrps_size);
699 sd->csd[14] &= ~0x10;
700 sd->card_status &= ~CARD_IS_LOCKED;
702 /* Erasing the entire card here! */
703 fprintf(stderr, "SD: Card force-erased by CMD42\n");
707 if (sd->blk_len < 2 + pwd_len ||
708 pwd_len <= sd->pwd_len ||
709 pwd_len > sd->pwd_len + 16) {
710 sd->card_status |= LOCK_UNLOCK_FAILED;
714 if (sd->pwd_len && memcmp(sd->pwd, sd->data + 2, sd->pwd_len)) {
715 sd->card_status |= LOCK_UNLOCK_FAILED;
719 pwd_len -= sd->pwd_len;
720 if ((pwd_len && !set_pwd) ||
721 (clr_pwd && (set_pwd || lock)) ||
722 (lock && !sd->pwd_len && !set_pwd) ||
723 (!set_pwd && !clr_pwd &&
724 (((sd->card_status & CARD_IS_LOCKED) && lock) ||
725 (!(sd->card_status & CARD_IS_LOCKED) && !lock)))) {
726 sd->card_status |= LOCK_UNLOCK_FAILED;
731 memcpy(sd->pwd, sd->data + 2 + sd->pwd_len, pwd_len);
732 sd->pwd_len = pwd_len;
740 sd->card_status |= CARD_IS_LOCKED;
742 sd->card_status &= ~CARD_IS_LOCKED;
745 static sd_rsp_type_t sd_normal_command(SDState *sd,
748 uint32_t rca = 0x0000;
749 uint64_t addr = (sd->ocr & (1 << 30)) ? (uint64_t) req.arg << 9 : req.arg;
751 /* Not interpreting this as an app command */
752 sd->card_status &= ~APP_CMD;
754 if (sd_cmd_type[req.cmd & 0x3F] == sd_ac
755 || sd_cmd_type[req.cmd & 0x3F] == sd_adtc) {
759 /* CMD23 (set block count) must be immediately followed by CMD18 or CMD25
760 * if not, its effects are cancelled */
761 if (sd->multi_blk_cnt != 0 && !(req.cmd == 18 || req.cmd == 25)) {
762 sd->multi_blk_cnt = 0;
765 DPRINTF("CMD%d 0x%08x state %d\n", req.cmd, req.arg, sd->state);
767 /* Basic commands (Class 0 and Class 1) */
768 case 0: /* CMD0: GO_IDLE_STATE */
770 case sd_inactive_state:
771 return sd->spi ? sd_r1 : sd_r0;
774 sd->state = sd_idle_state;
775 sd_reset(DEVICE(sd));
776 return sd->spi ? sd_r1 : sd_r0;
780 case 1: /* CMD1: SEND_OP_CMD */
784 sd->state = sd_transfer_state;
787 case 2: /* CMD2: ALL_SEND_CID */
792 sd->state = sd_identification_state;
800 case 3: /* CMD3: SEND_RELATIVE_ADDR */
804 case sd_identification_state:
805 case sd_standby_state:
806 sd->state = sd_standby_state;
815 case 4: /* CMD4: SEND_DSR */
819 case sd_standby_state:
827 case 5: /* CMD5: reserved for SDIO cards */
830 case 6: /* CMD6: SWITCH_FUNCTION */
834 case sd_data_transfer_mode:
835 sd_function_switch(sd, req.arg);
836 sd->state = sd_sendingdata_state;
846 case 7: /* CMD7: SELECT/DESELECT_CARD */
850 case sd_standby_state:
854 sd->state = sd_transfer_state;
857 case sd_transfer_state:
858 case sd_sendingdata_state:
862 sd->state = sd_standby_state;
865 case sd_disconnect_state:
869 sd->state = sd_programming_state;
872 case sd_programming_state:
876 sd->state = sd_disconnect_state;
884 case 8: /* CMD8: SEND_IF_COND */
885 /* Physical Layer Specification Version 2.00 command */
890 /* No response if not exactly one VHS bit is set. */
891 if (!(req.arg >> 8) || (req.arg >> (ctz32(req.arg & ~0xff) + 1))) {
892 return sd->spi ? sd_r7 : sd_r0;
904 case 9: /* CMD9: SEND_CSD */
906 case sd_standby_state:
912 case sd_transfer_state:
915 sd->state = sd_sendingdata_state;
916 memcpy(sd->data, sd->csd, 16);
917 sd->data_start = addr;
926 case 10: /* CMD10: SEND_CID */
928 case sd_standby_state:
934 case sd_transfer_state:
937 sd->state = sd_sendingdata_state;
938 memcpy(sd->data, sd->cid, 16);
939 sd->data_start = addr;
948 case 11: /* CMD11: READ_DAT_UNTIL_STOP */
952 case sd_transfer_state:
953 sd->state = sd_sendingdata_state;
954 sd->data_start = req.arg;
957 if (sd->data_start + sd->blk_len > sd->size)
958 sd->card_status |= ADDRESS_ERROR;
966 case 12: /* CMD12: STOP_TRANSMISSION */
968 case sd_sendingdata_state:
969 sd->state = sd_transfer_state;
972 case sd_receivingdata_state:
973 sd->state = sd_programming_state;
974 /* Bzzzzzzztt .... Operation complete. */
975 sd->state = sd_transfer_state;
983 case 13: /* CMD13: SEND_STATUS */
985 case sd_data_transfer_mode:
996 case 15: /* CMD15: GO_INACTIVE_STATE */
1000 case sd_data_transfer_mode:
1004 sd->state = sd_inactive_state;
1012 /* Block read commands (Classs 2) */
1013 case 16: /* CMD16: SET_BLOCKLEN */
1014 switch (sd->state) {
1015 case sd_transfer_state:
1016 if (req.arg > (1 << HWBLOCK_SHIFT))
1017 sd->card_status |= BLOCK_LEN_ERROR;
1019 sd->blk_len = req.arg;
1028 case 17: /* CMD17: READ_SINGLE_BLOCK */
1029 switch (sd->state) {
1030 case sd_transfer_state:
1031 sd->state = sd_sendingdata_state;
1032 sd->data_start = addr;
1033 sd->data_offset = 0;
1035 if (sd->data_start + sd->blk_len > sd->size)
1036 sd->card_status |= ADDRESS_ERROR;
1044 case 18: /* CMD18: READ_MULTIPLE_BLOCK */
1045 switch (sd->state) {
1046 case sd_transfer_state:
1047 sd->state = sd_sendingdata_state;
1048 sd->data_start = addr;
1049 sd->data_offset = 0;
1051 if (sd->data_start + sd->blk_len > sd->size)
1052 sd->card_status |= ADDRESS_ERROR;
1060 case 23: /* CMD23: SET_BLOCK_COUNT */
1061 switch (sd->state) {
1062 case sd_transfer_state:
1063 sd->multi_blk_cnt = req.arg;
1071 /* Block write commands (Class 4) */
1072 case 24: /* CMD24: WRITE_SINGLE_BLOCK */
1074 goto unimplemented_cmd;
1075 switch (sd->state) {
1076 case sd_transfer_state:
1077 /* Writing in SPI mode not implemented. */
1080 sd->state = sd_receivingdata_state;
1081 sd->data_start = addr;
1082 sd->data_offset = 0;
1083 sd->blk_written = 0;
1085 if (sd->data_start + sd->blk_len > sd->size)
1086 sd->card_status |= ADDRESS_ERROR;
1087 if (sd_wp_addr(sd, sd->data_start))
1088 sd->card_status |= WP_VIOLATION;
1089 if (sd->csd[14] & 0x30)
1090 sd->card_status |= WP_VIOLATION;
1098 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
1100 goto unimplemented_cmd;
1101 switch (sd->state) {
1102 case sd_transfer_state:
1103 /* Writing in SPI mode not implemented. */
1106 sd->state = sd_receivingdata_state;
1107 sd->data_start = addr;
1108 sd->data_offset = 0;
1109 sd->blk_written = 0;
1111 if (sd->data_start + sd->blk_len > sd->size)
1112 sd->card_status |= ADDRESS_ERROR;
1113 if (sd_wp_addr(sd, sd->data_start))
1114 sd->card_status |= WP_VIOLATION;
1115 if (sd->csd[14] & 0x30)
1116 sd->card_status |= WP_VIOLATION;
1124 case 26: /* CMD26: PROGRAM_CID */
1127 switch (sd->state) {
1128 case sd_transfer_state:
1129 sd->state = sd_receivingdata_state;
1131 sd->data_offset = 0;
1139 case 27: /* CMD27: PROGRAM_CSD */
1141 goto unimplemented_cmd;
1142 switch (sd->state) {
1143 case sd_transfer_state:
1144 sd->state = sd_receivingdata_state;
1146 sd->data_offset = 0;
1154 /* Write protection (Class 6) */
1155 case 28: /* CMD28: SET_WRITE_PROT */
1156 switch (sd->state) {
1157 case sd_transfer_state:
1158 if (addr >= sd->size) {
1159 sd->card_status |= ADDRESS_ERROR;
1163 sd->state = sd_programming_state;
1164 set_bit(sd_addr_to_wpnum(addr), sd->wp_groups);
1165 /* Bzzzzzzztt .... Operation complete. */
1166 sd->state = sd_transfer_state;
1174 case 29: /* CMD29: CLR_WRITE_PROT */
1175 switch (sd->state) {
1176 case sd_transfer_state:
1177 if (addr >= sd->size) {
1178 sd->card_status |= ADDRESS_ERROR;
1182 sd->state = sd_programming_state;
1183 clear_bit(sd_addr_to_wpnum(addr), sd->wp_groups);
1184 /* Bzzzzzzztt .... Operation complete. */
1185 sd->state = sd_transfer_state;
1193 case 30: /* CMD30: SEND_WRITE_PROT */
1194 switch (sd->state) {
1195 case sd_transfer_state:
1196 sd->state = sd_sendingdata_state;
1197 *(uint32_t *) sd->data = sd_wpbits(sd, req.arg);
1198 sd->data_start = addr;
1199 sd->data_offset = 0;
1207 /* Erase commands (Class 5) */
1208 case 32: /* CMD32: ERASE_WR_BLK_START */
1209 switch (sd->state) {
1210 case sd_transfer_state:
1211 sd->erase_start = req.arg;
1219 case 33: /* CMD33: ERASE_WR_BLK_END */
1220 switch (sd->state) {
1221 case sd_transfer_state:
1222 sd->erase_end = req.arg;
1230 case 38: /* CMD38: ERASE */
1231 switch (sd->state) {
1232 case sd_transfer_state:
1233 if (sd->csd[14] & 0x30) {
1234 sd->card_status |= WP_VIOLATION;
1238 sd->state = sd_programming_state;
1240 /* Bzzzzzzztt .... Operation complete. */
1241 sd->state = sd_transfer_state;
1249 /* Lock card commands (Class 7) */
1250 case 42: /* CMD42: LOCK_UNLOCK */
1252 goto unimplemented_cmd;
1253 switch (sd->state) {
1254 case sd_transfer_state:
1255 sd->state = sd_receivingdata_state;
1257 sd->data_offset = 0;
1267 /* CMD52, CMD53: reserved for SDIO cards
1268 * (see the SDIO Simplified Specification V2.0)
1269 * Handle as illegal command but do not complain
1270 * on stderr, as some OSes may use these in their
1271 * probing for presence of an SDIO card.
1275 /* Application specific commands (Class 8) */
1276 case 55: /* CMD55: APP_CMD */
1280 sd->expecting_acmd = true;
1281 sd->card_status |= APP_CMD;
1284 case 56: /* CMD56: GEN_CMD */
1285 fprintf(stderr, "SD: GEN_CMD 0x%08x\n", req.arg);
1287 switch (sd->state) {
1288 case sd_transfer_state:
1289 sd->data_offset = 0;
1291 sd->state = sd_sendingdata_state;
1293 sd->state = sd_receivingdata_state;
1303 qemu_log_mask(LOG_GUEST_ERROR, "SD: Unknown CMD%i\n", req.cmd);
1307 /* Commands that are recognised but not yet implemented in SPI mode. */
1308 qemu_log_mask(LOG_UNIMP, "SD: CMD%i not implemented in SPI mode\n",
1313 qemu_log_mask(LOG_GUEST_ERROR, "SD: CMD%i in a wrong state\n", req.cmd);
1317 static sd_rsp_type_t sd_app_command(SDState *sd,
1320 DPRINTF("ACMD%d 0x%08x\n", req.cmd, req.arg);
1321 sd->card_status |= APP_CMD;
1323 case 6: /* ACMD6: SET_BUS_WIDTH */
1324 switch (sd->state) {
1325 case sd_transfer_state:
1326 sd->sd_status[0] &= 0x3f;
1327 sd->sd_status[0] |= (req.arg & 0x03) << 6;
1335 case 13: /* ACMD13: SD_STATUS */
1336 switch (sd->state) {
1337 case sd_transfer_state:
1338 sd->state = sd_sendingdata_state;
1340 sd->data_offset = 0;
1348 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
1349 switch (sd->state) {
1350 case sd_transfer_state:
1351 *(uint32_t *) sd->data = sd->blk_written;
1353 sd->state = sd_sendingdata_state;
1355 sd->data_offset = 0;
1363 case 23: /* ACMD23: SET_WR_BLK_ERASE_COUNT */
1364 switch (sd->state) {
1365 case sd_transfer_state:
1373 case 41: /* ACMD41: SD_APP_OP_COND */
1376 sd->state = sd_transfer_state;
1379 switch (sd->state) {
1381 /* If it's the first ACMD41 since reset, we need to decide
1382 * whether to power up. If this is not an enquiry ACMD41,
1383 * we immediately report power on and proceed below to the
1384 * ready state, but if it is, we set a timer to model a
1385 * delay for power up. This works around a bug in EDK2
1386 * UEFI, which sends an initial enquiry ACMD41, but
1387 * assumes that the card is in ready state as soon as it
1388 * sees the power up bit set. */
1389 if (!(sd->ocr & OCR_POWER_UP)) {
1390 if ((req.arg & ACMD41_ENQUIRY_MASK) != 0) {
1391 timer_del(sd->ocr_power_timer);
1393 } else if (!timer_pending(sd->ocr_power_timer)) {
1394 timer_mod_ns(sd->ocr_power_timer,
1395 (qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL)
1396 + OCR_POWER_DELAY_NS));
1400 /* We accept any voltage. 10000 V is nothing.
1402 * Once we're powered up, we advance straight to ready state
1403 * unless it's an enquiry ACMD41 (bits 23:0 == 0).
1405 if (req.arg & ACMD41_ENQUIRY_MASK) {
1406 sd->state = sd_ready_state;
1416 case 42: /* ACMD42: SET_CLR_CARD_DETECT */
1417 switch (sd->state) {
1418 case sd_transfer_state:
1419 /* Bringing in the 50KOhm pull-up resistor... Done. */
1427 case 51: /* ACMD51: SEND_SCR */
1428 switch (sd->state) {
1429 case sd_transfer_state:
1430 sd->state = sd_sendingdata_state;
1432 sd->data_offset = 0;
1441 /* Fall back to standard commands. */
1442 return sd_normal_command(sd, req);
1445 qemu_log_mask(LOG_GUEST_ERROR, "SD: ACMD%i in a wrong state\n", req.cmd);
1449 static int cmd_valid_while_locked(SDState *sd, SDRequest *req)
1451 /* Valid commands in locked state:
1453 * lock card class (7)
1455 * implicitly, the ACMD prefix CMD55
1457 * Anything else provokes an "illegal command" response.
1459 if (sd->expecting_acmd) {
1460 return req->cmd == 41 || req->cmd == 42;
1462 if (req->cmd == 16 || req->cmd == 55) {
1465 return sd_cmd_class[req->cmd & 0x3F] == 0
1466 || sd_cmd_class[req->cmd & 0x3F] == 7;
1469 int sd_do_command(SDState *sd, SDRequest *req,
1470 uint8_t *response) {
1472 sd_rsp_type_t rtype;
1475 if (!sd->blk || !blk_is_inserted(sd->blk) || !sd->enable) {
1479 if (sd_req_crc_validate(req)) {
1480 sd->card_status |= COM_CRC_ERROR;
1485 if (sd->card_status & CARD_IS_LOCKED) {
1486 if (!cmd_valid_while_locked(sd, req)) {
1487 sd->card_status |= ILLEGAL_COMMAND;
1488 sd->expecting_acmd = false;
1489 qemu_log_mask(LOG_GUEST_ERROR, "SD: Card is locked\n");
1495 last_state = sd->state;
1498 if (sd->expecting_acmd) {
1499 sd->expecting_acmd = false;
1500 rtype = sd_app_command(sd, *req);
1502 rtype = sd_normal_command(sd, *req);
1505 if (rtype == sd_illegal) {
1506 sd->card_status |= ILLEGAL_COMMAND;
1508 /* Valid command, we can update the 'state before command' bits.
1509 * (Do this now so they appear in r1 responses.)
1511 sd->current_cmd = req->cmd;
1512 sd->card_status &= ~CURRENT_STATE;
1513 sd->card_status |= (last_state << 9);
1520 sd_response_r1_make(sd, response);
1525 memcpy(response, sd->cid, sizeof(sd->cid));
1530 memcpy(response, sd->csd, sizeof(sd->csd));
1535 sd_response_r3_make(sd, response);
1540 sd_response_r6_make(sd, response);
1545 sd_response_r7_make(sd, response);
1556 if (rtype != sd_illegal) {
1557 /* Clear the "clear on valid command" status bits now we've
1560 sd->card_status &= ~CARD_STATUS_B;
1566 DPRINTF("Response:");
1567 for (i = 0; i < rsplen; i++)
1568 fprintf(stderr, " %02x", response[i]);
1569 fprintf(stderr, " state %d\n", sd->state);
1571 DPRINTF("No response %d\n", sd->state);
1578 static void sd_blk_read(SDState *sd, uint64_t addr, uint32_t len)
1580 uint64_t end = addr + len;
1582 DPRINTF("sd_blk_read: addr = 0x%08llx, len = %d\n",
1583 (unsigned long long) addr, len);
1584 if (!sd->blk || blk_read(sd->blk, addr >> 9, sd->buf, 1) < 0) {
1585 fprintf(stderr, "sd_blk_read: read error on host side\n");
1589 if (end > (addr & ~511) + 512) {
1590 memcpy(sd->data, sd->buf + (addr & 511), 512 - (addr & 511));
1592 if (blk_read(sd->blk, end >> 9, sd->buf, 1) < 0) {
1593 fprintf(stderr, "sd_blk_read: read error on host side\n");
1596 memcpy(sd->data + 512 - (addr & 511), sd->buf, end & 511);
1598 memcpy(sd->data, sd->buf + (addr & 511), len);
1601 static void sd_blk_write(SDState *sd, uint64_t addr, uint32_t len)
1603 uint64_t end = addr + len;
1605 if ((addr & 511) || len < 512)
1606 if (!sd->blk || blk_read(sd->blk, addr >> 9, sd->buf, 1) < 0) {
1607 fprintf(stderr, "sd_blk_write: read error on host side\n");
1611 if (end > (addr & ~511) + 512) {
1612 memcpy(sd->buf + (addr & 511), sd->data, 512 - (addr & 511));
1613 if (blk_write(sd->blk, addr >> 9, sd->buf, 1) < 0) {
1614 fprintf(stderr, "sd_blk_write: write error on host side\n");
1618 if (blk_read(sd->blk, end >> 9, sd->buf, 1) < 0) {
1619 fprintf(stderr, "sd_blk_write: read error on host side\n");
1622 memcpy(sd->buf, sd->data + 512 - (addr & 511), end & 511);
1623 if (blk_write(sd->blk, end >> 9, sd->buf, 1) < 0) {
1624 fprintf(stderr, "sd_blk_write: write error on host side\n");
1627 memcpy(sd->buf + (addr & 511), sd->data, len);
1628 if (!sd->blk || blk_write(sd->blk, addr >> 9, sd->buf, 1) < 0) {
1629 fprintf(stderr, "sd_blk_write: write error on host side\n");
1634 #define BLK_READ_BLOCK(a, len) sd_blk_read(sd, a, len)
1635 #define BLK_WRITE_BLOCK(a, len) sd_blk_write(sd, a, len)
1636 #define APP_READ_BLOCK(a, len) memset(sd->data, 0xec, len)
1637 #define APP_WRITE_BLOCK(a, len)
1639 void sd_write_data(SDState *sd, uint8_t value)
1643 if (!sd->blk || !blk_is_inserted(sd->blk) || !sd->enable)
1646 if (sd->state != sd_receivingdata_state) {
1647 qemu_log_mask(LOG_GUEST_ERROR,
1648 "sd_write_data: not in Receiving-Data state\n");
1652 if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION))
1655 switch (sd->current_cmd) {
1656 case 24: /* CMD24: WRITE_SINGLE_BLOCK */
1657 sd->data[sd->data_offset ++] = value;
1658 if (sd->data_offset >= sd->blk_len) {
1659 /* TODO: Check CRC before committing */
1660 sd->state = sd_programming_state;
1661 BLK_WRITE_BLOCK(sd->data_start, sd->data_offset);
1663 sd->csd[14] |= 0x40;
1664 /* Bzzzzzzztt .... Operation complete. */
1665 sd->state = sd_transfer_state;
1669 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
1670 if (sd->data_offset == 0) {
1671 /* Start of the block - let's check the address is valid */
1672 if (sd->data_start + sd->blk_len > sd->size) {
1673 sd->card_status |= ADDRESS_ERROR;
1676 if (sd_wp_addr(sd, sd->data_start)) {
1677 sd->card_status |= WP_VIOLATION;
1681 sd->data[sd->data_offset++] = value;
1682 if (sd->data_offset >= sd->blk_len) {
1683 /* TODO: Check CRC before committing */
1684 sd->state = sd_programming_state;
1685 BLK_WRITE_BLOCK(sd->data_start, sd->data_offset);
1687 sd->data_start += sd->blk_len;
1688 sd->data_offset = 0;
1689 sd->csd[14] |= 0x40;
1691 /* Bzzzzzzztt .... Operation complete. */
1692 if (sd->multi_blk_cnt != 0) {
1693 if (--sd->multi_blk_cnt == 0) {
1695 sd->state = sd_transfer_state;
1700 sd->state = sd_receivingdata_state;
1704 case 26: /* CMD26: PROGRAM_CID */
1705 sd->data[sd->data_offset ++] = value;
1706 if (sd->data_offset >= sizeof(sd->cid)) {
1707 /* TODO: Check CRC before committing */
1708 sd->state = sd_programming_state;
1709 for (i = 0; i < sizeof(sd->cid); i ++)
1710 if ((sd->cid[i] | 0x00) != sd->data[i])
1711 sd->card_status |= CID_CSD_OVERWRITE;
1713 if (!(sd->card_status & CID_CSD_OVERWRITE))
1714 for (i = 0; i < sizeof(sd->cid); i ++) {
1716 sd->cid[i] &= sd->data[i];
1718 /* Bzzzzzzztt .... Operation complete. */
1719 sd->state = sd_transfer_state;
1723 case 27: /* CMD27: PROGRAM_CSD */
1724 sd->data[sd->data_offset ++] = value;
1725 if (sd->data_offset >= sizeof(sd->csd)) {
1726 /* TODO: Check CRC before committing */
1727 sd->state = sd_programming_state;
1728 for (i = 0; i < sizeof(sd->csd); i ++)
1729 if ((sd->csd[i] | sd_csd_rw_mask[i]) !=
1730 (sd->data[i] | sd_csd_rw_mask[i]))
1731 sd->card_status |= CID_CSD_OVERWRITE;
1733 /* Copy flag (OTP) & Permanent write protect */
1734 if (sd->csd[14] & ~sd->data[14] & 0x60)
1735 sd->card_status |= CID_CSD_OVERWRITE;
1737 if (!(sd->card_status & CID_CSD_OVERWRITE))
1738 for (i = 0; i < sizeof(sd->csd); i ++) {
1739 sd->csd[i] |= sd_csd_rw_mask[i];
1740 sd->csd[i] &= sd->data[i];
1742 /* Bzzzzzzztt .... Operation complete. */
1743 sd->state = sd_transfer_state;
1747 case 42: /* CMD42: LOCK_UNLOCK */
1748 sd->data[sd->data_offset ++] = value;
1749 if (sd->data_offset >= sd->blk_len) {
1750 /* TODO: Check CRC before committing */
1751 sd->state = sd_programming_state;
1752 sd_lock_command(sd);
1753 /* Bzzzzzzztt .... Operation complete. */
1754 sd->state = sd_transfer_state;
1758 case 56: /* CMD56: GEN_CMD */
1759 sd->data[sd->data_offset ++] = value;
1760 if (sd->data_offset >= sd->blk_len) {
1761 APP_WRITE_BLOCK(sd->data_start, sd->data_offset);
1762 sd->state = sd_transfer_state;
1767 qemu_log_mask(LOG_GUEST_ERROR, "sd_write_data: unknown command\n");
1772 uint8_t sd_read_data(SDState *sd)
1774 /* TODO: Append CRCs */
1778 if (!sd->blk || !blk_is_inserted(sd->blk) || !sd->enable)
1781 if (sd->state != sd_sendingdata_state) {
1782 qemu_log_mask(LOG_GUEST_ERROR,
1783 "sd_read_data: not in Sending-Data state\n");
1787 if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION))
1790 io_len = (sd->ocr & (1 << 30)) ? 512 : sd->blk_len;
1792 switch (sd->current_cmd) {
1793 case 6: /* CMD6: SWITCH_FUNCTION */
1794 ret = sd->data[sd->data_offset ++];
1796 if (sd->data_offset >= 64)
1797 sd->state = sd_transfer_state;
1800 case 9: /* CMD9: SEND_CSD */
1801 case 10: /* CMD10: SEND_CID */
1802 ret = sd->data[sd->data_offset ++];
1804 if (sd->data_offset >= 16)
1805 sd->state = sd_transfer_state;
1808 case 11: /* CMD11: READ_DAT_UNTIL_STOP */
1809 if (sd->data_offset == 0)
1810 BLK_READ_BLOCK(sd->data_start, io_len);
1811 ret = sd->data[sd->data_offset ++];
1813 if (sd->data_offset >= io_len) {
1814 sd->data_start += io_len;
1815 sd->data_offset = 0;
1816 if (sd->data_start + io_len > sd->size) {
1817 sd->card_status |= ADDRESS_ERROR;
1823 case 13: /* ACMD13: SD_STATUS */
1824 ret = sd->sd_status[sd->data_offset ++];
1826 if (sd->data_offset >= sizeof(sd->sd_status))
1827 sd->state = sd_transfer_state;
1830 case 17: /* CMD17: READ_SINGLE_BLOCK */
1831 if (sd->data_offset == 0)
1832 BLK_READ_BLOCK(sd->data_start, io_len);
1833 ret = sd->data[sd->data_offset ++];
1835 if (sd->data_offset >= io_len)
1836 sd->state = sd_transfer_state;
1839 case 18: /* CMD18: READ_MULTIPLE_BLOCK */
1840 if (sd->data_offset == 0)
1841 BLK_READ_BLOCK(sd->data_start, io_len);
1842 ret = sd->data[sd->data_offset ++];
1844 if (sd->data_offset >= io_len) {
1845 sd->data_start += io_len;
1846 sd->data_offset = 0;
1848 if (sd->multi_blk_cnt != 0) {
1849 if (--sd->multi_blk_cnt == 0) {
1851 sd->state = sd_transfer_state;
1856 if (sd->data_start + io_len > sd->size) {
1857 sd->card_status |= ADDRESS_ERROR;
1863 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
1864 ret = sd->data[sd->data_offset ++];
1866 if (sd->data_offset >= 4)
1867 sd->state = sd_transfer_state;
1870 case 30: /* CMD30: SEND_WRITE_PROT */
1871 ret = sd->data[sd->data_offset ++];
1873 if (sd->data_offset >= 4)
1874 sd->state = sd_transfer_state;
1877 case 51: /* ACMD51: SEND_SCR */
1878 ret = sd->scr[sd->data_offset ++];
1880 if (sd->data_offset >= sizeof(sd->scr))
1881 sd->state = sd_transfer_state;
1884 case 56: /* CMD56: GEN_CMD */
1885 if (sd->data_offset == 0)
1886 APP_READ_BLOCK(sd->data_start, sd->blk_len);
1887 ret = sd->data[sd->data_offset ++];
1889 if (sd->data_offset >= sd->blk_len)
1890 sd->state = sd_transfer_state;
1894 qemu_log_mask(LOG_GUEST_ERROR, "sd_read_data: unknown command\n");
1901 bool sd_data_ready(SDState *sd)
1903 return sd->state == sd_sendingdata_state;
1906 void sd_enable(SDState *sd, bool enable)
1908 sd->enable = enable;
1911 static void sd_instance_init(Object *obj)
1913 SDState *sd = SD_CARD(obj);
1916 sd->ocr_power_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, sd_ocr_powerup, sd);
1919 static void sd_realize(DeviceState *dev, Error **errp)
1921 SDState *sd = SD_CARD(dev);
1923 if (sd->blk && blk_is_read_only(sd->blk)) {
1924 error_setg(errp, "Cannot use read-only drive as SD card");
1928 sd->buf = blk_blockalign(sd->blk, 512);
1931 blk_set_dev_ops(sd->blk, &sd_block_ops, sd);
1935 static Property sd_properties[] = {
1936 DEFINE_PROP_DRIVE("drive", SDState, blk),
1937 /* We do not model the chip select pin, so allow the board to select
1938 * whether card should be in SSI or MMC/SD mode. It is also up to the
1939 * board to ensure that ssi transfers only occur when the chip select
1941 DEFINE_PROP_BOOL("spi", SDState, spi, false),
1942 DEFINE_PROP_END_OF_LIST()
1945 static void sd_class_init(ObjectClass *klass, void *data)
1947 DeviceClass *dc = DEVICE_CLASS(klass);
1948 SDCardClass *sc = SD_CARD_CLASS(klass);
1950 dc->realize = sd_realize;
1951 dc->props = sd_properties;
1952 dc->vmsd = &sd_vmstate;
1953 dc->reset = sd_reset;
1954 dc->bus_type = TYPE_SD_BUS;
1956 sc->do_command = sd_do_command;
1957 sc->write_data = sd_write_data;
1958 sc->read_data = sd_read_data;
1959 sc->data_ready = sd_data_ready;
1960 sc->enable = sd_enable;
1961 sc->get_inserted = sd_get_inserted;
1962 sc->get_readonly = sd_get_readonly;
1965 static const TypeInfo sd_info = {
1966 .name = TYPE_SD_CARD,
1967 .parent = TYPE_DEVICE,
1968 .instance_size = sizeof(SDState),
1969 .class_size = sizeof(SDCardClass),
1970 .class_init = sd_class_init,
1971 .instance_init = sd_instance_init,
1974 static void sd_register_types(void)
1976 type_register_static(&sd_info);
1979 type_init(sd_register_types)
Code Review / kvmfornfv.git / blob