qapi: fix example of dump-guest-memory
[qemu/armbru.git] / hw / sd / sd.c
blobcd67a7bac8e204b65593df6192dc0bfe6ae01693
1 /*
2 * SD Memory Card emulation as defined in the "SD Memory Card Physical
3 * layer specification, Version 2.00."
5 * Copyright (c) 2006 Andrzej Zaborowski <balrog@zabor.org>
6 * Copyright (c) 2007 CodeSourcery
7 * Copyright (c) 2018 Philippe Mathieu-Daudé <f4bug@amsat.org>
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
20 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS''
21 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
22 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
23 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR
24 * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
25 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
26 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
27 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
28 * OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
29 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
30 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
33 #include "qemu/osdep.h"
34 #include "qemu/units.h"
35 #include "qemu/cutils.h"
36 #include "hw/irq.h"
37 #include "hw/registerfields.h"
38 #include "sysemu/block-backend.h"
39 #include "hw/sd/sd.h"
40 #include "hw/sd/sdcard_legacy.h"
41 #include "migration/vmstate.h"
42 #include "qapi/error.h"
43 #include "qemu/bitmap.h"
44 #include "hw/qdev-properties.h"
45 #include "hw/qdev-properties-system.h"
46 #include "qemu/error-report.h"
47 #include "qemu/timer.h"
48 #include "qemu/log.h"
49 #include "qemu/module.h"
50 #include "qemu-common.h"
51 #include "sdmmc-internal.h"
52 #include "trace.h"
54 //#define DEBUG_SD 1
56 #define SDSC_MAX_CAPACITY (2 * GiB)
58 #define INVALID_ADDRESS UINT32_MAX
60 typedef enum {
61 sd_r0 = 0, /* no response */
62 sd_r1, /* normal response command */
63 sd_r2_i, /* CID register */
64 sd_r2_s, /* CSD register */
65 sd_r3, /* OCR register */
66 sd_r6 = 6, /* Published RCA response */
67 sd_r7, /* Operating voltage */
68 sd_r1b = -1,
69 sd_illegal = -2,
70 } sd_rsp_type_t;
72 enum SDCardModes {
73 sd_inactive,
74 sd_card_identification_mode,
75 sd_data_transfer_mode,
78 enum SDCardStates {
79 sd_inactive_state = -1,
80 sd_idle_state = 0,
81 sd_ready_state,
82 sd_identification_state,
83 sd_standby_state,
84 sd_transfer_state,
85 sd_sendingdata_state,
86 sd_receivingdata_state,
87 sd_programming_state,
88 sd_disconnect_state,
91 struct SDState {
92 DeviceState parent_obj;
94 /* If true, created by sd_init() for a non-qdevified caller */
95 /* TODO purge them with fire */
96 bool me_no_qdev_me_kill_mammoth_with_rocks;
98 /* SD Memory Card Registers */
99 uint32_t ocr;
100 uint8_t scr[8];
101 uint8_t cid[16];
102 uint8_t csd[16];
103 uint16_t rca;
104 uint32_t card_status;
105 uint8_t sd_status[64];
107 /* Static properties */
109 uint8_t spec_version;
110 BlockBackend *blk;
111 bool spi;
113 /* Runtime changeables */
115 uint32_t mode; /* current card mode, one of SDCardModes */
116 int32_t state; /* current card state, one of SDCardStates */
117 uint32_t vhs;
118 bool wp_switch;
119 unsigned long *wp_group_bmap;
120 int32_t wp_group_bits;
121 uint64_t size;
122 uint32_t blk_len;
123 uint32_t multi_blk_cnt;
124 uint32_t erase_start;
125 uint32_t erase_end;
126 uint8_t pwd[16];
127 uint32_t pwd_len;
128 uint8_t function_group[6];
129 uint8_t current_cmd;
130 /* True if we will handle the next command as an ACMD. Note that this does
131 * *not* track the APP_CMD status bit!
133 bool expecting_acmd;
134 uint32_t blk_written;
135 uint64_t data_start;
136 uint32_t data_offset;
137 uint8_t data[512];
138 qemu_irq readonly_cb;
139 qemu_irq inserted_cb;
140 QEMUTimer *ocr_power_timer;
141 const char *proto_name;
142 bool enable;
143 uint8_t dat_lines;
144 bool cmd_line;
147 static void sd_realize(DeviceState *dev, Error **errp);
149 static const char *sd_state_name(enum SDCardStates state)
151 static const char *state_name[] = {
152 [sd_idle_state] = "idle",
153 [sd_ready_state] = "ready",
154 [sd_identification_state] = "identification",
155 [sd_standby_state] = "standby",
156 [sd_transfer_state] = "transfer",
157 [sd_sendingdata_state] = "sendingdata",
158 [sd_receivingdata_state] = "receivingdata",
159 [sd_programming_state] = "programming",
160 [sd_disconnect_state] = "disconnect",
162 if (state == sd_inactive_state) {
163 return "inactive";
165 assert(state < ARRAY_SIZE(state_name));
166 return state_name[state];
169 static const char *sd_response_name(sd_rsp_type_t rsp)
171 static const char *response_name[] = {
172 [sd_r0] = "RESP#0 (no response)",
173 [sd_r1] = "RESP#1 (normal cmd)",
174 [sd_r2_i] = "RESP#2 (CID reg)",
175 [sd_r2_s] = "RESP#2 (CSD reg)",
176 [sd_r3] = "RESP#3 (OCR reg)",
177 [sd_r6] = "RESP#6 (RCA)",
178 [sd_r7] = "RESP#7 (operating voltage)",
180 if (rsp == sd_illegal) {
181 return "ILLEGAL RESP";
183 if (rsp == sd_r1b) {
184 rsp = sd_r1;
186 assert(rsp < ARRAY_SIZE(response_name));
187 return response_name[rsp];
190 static uint8_t sd_get_dat_lines(SDState *sd)
192 return sd->enable ? sd->dat_lines : 0;
195 static bool sd_get_cmd_line(SDState *sd)
197 return sd->enable ? sd->cmd_line : false;
200 static void sd_set_voltage(SDState *sd, uint16_t millivolts)
202 trace_sdcard_set_voltage(millivolts);
204 switch (millivolts) {
205 case 3001 ... 3600: /* SD_VOLTAGE_3_3V */
206 case 2001 ... 3000: /* SD_VOLTAGE_3_0V */
207 break;
208 default:
209 qemu_log_mask(LOG_GUEST_ERROR, "SD card voltage not supported: %.3fV",
210 millivolts / 1000.f);
214 static void sd_set_mode(SDState *sd)
216 switch (sd->state) {
217 case sd_inactive_state:
218 sd->mode = sd_inactive;
219 break;
221 case sd_idle_state:
222 case sd_ready_state:
223 case sd_identification_state:
224 sd->mode = sd_card_identification_mode;
225 break;
227 case sd_standby_state:
228 case sd_transfer_state:
229 case sd_sendingdata_state:
230 case sd_receivingdata_state:
231 case sd_programming_state:
232 case sd_disconnect_state:
233 sd->mode = sd_data_transfer_mode;
234 break;
238 static const sd_cmd_type_t sd_cmd_type[SDMMC_CMD_MAX] = {
239 sd_bc, sd_none, sd_bcr, sd_bcr, sd_none, sd_none, sd_none, sd_ac,
240 sd_bcr, sd_ac, sd_ac, sd_adtc, sd_ac, sd_ac, sd_none, sd_ac,
241 /* 16 */
242 sd_ac, sd_adtc, sd_adtc, sd_none, sd_none, sd_none, sd_none, sd_none,
243 sd_adtc, sd_adtc, sd_adtc, sd_adtc, sd_ac, sd_ac, sd_adtc, sd_none,
244 /* 32 */
245 sd_ac, sd_ac, sd_none, sd_none, sd_none, sd_none, sd_ac, sd_none,
246 sd_none, sd_none, sd_bc, sd_none, sd_none, sd_none, sd_none, sd_none,
247 /* 48 */
248 sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_ac,
249 sd_adtc, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none,
252 static const int sd_cmd_class[SDMMC_CMD_MAX] = {
253 0, 0, 0, 0, 0, 9, 10, 0, 0, 0, 0, 1, 0, 0, 0, 0,
254 2, 2, 2, 2, 3, 3, 3, 3, 4, 4, 4, 4, 6, 6, 6, 6,
255 5, 5, 10, 10, 10, 10, 5, 9, 9, 9, 7, 7, 7, 7, 7, 7,
256 7, 7, 10, 7, 9, 9, 9, 8, 8, 10, 8, 8, 8, 8, 8, 8,
259 static uint8_t sd_crc7(const void *message, size_t width)
261 int i, bit;
262 uint8_t shift_reg = 0x00;
263 const uint8_t *msg = (const uint8_t *)message;
265 for (i = 0; i < width; i ++, msg ++)
266 for (bit = 7; bit >= 0; bit --) {
267 shift_reg <<= 1;
268 if ((shift_reg >> 7) ^ ((*msg >> bit) & 1))
269 shift_reg ^= 0x89;
272 return shift_reg;
275 #define OCR_POWER_DELAY_NS 500000 /* 0.5ms */
277 FIELD(OCR, VDD_VOLTAGE_WINDOW, 0, 24)
278 FIELD(OCR, VDD_VOLTAGE_WIN_LO, 0, 8)
279 FIELD(OCR, DUAL_VOLTAGE_CARD, 7, 1)
280 FIELD(OCR, VDD_VOLTAGE_WIN_HI, 8, 16)
281 FIELD(OCR, ACCEPT_SWITCH_1V8, 24, 1) /* Only UHS-I */
282 FIELD(OCR, UHS_II_CARD, 29, 1) /* Only UHS-II */
283 FIELD(OCR, CARD_CAPACITY, 30, 1) /* 0:SDSC, 1:SDHC/SDXC */
284 FIELD(OCR, CARD_POWER_UP, 31, 1)
286 #define ACMD41_ENQUIRY_MASK 0x00ffffff
287 #define ACMD41_R3_MASK (R_OCR_VDD_VOLTAGE_WIN_HI_MASK \
288 | R_OCR_ACCEPT_SWITCH_1V8_MASK \
289 | R_OCR_UHS_II_CARD_MASK \
290 | R_OCR_CARD_CAPACITY_MASK \
291 | R_OCR_CARD_POWER_UP_MASK)
293 static void sd_ocr_powerup(void *opaque)
295 SDState *sd = opaque;
297 trace_sdcard_powerup();
298 assert(!FIELD_EX32(sd->ocr, OCR, CARD_POWER_UP));
300 /* card power-up OK */
301 sd->ocr = FIELD_DP32(sd->ocr, OCR, CARD_POWER_UP, 1);
303 if (sd->size > SDSC_MAX_CAPACITY) {
304 sd->ocr = FIELD_DP32(sd->ocr, OCR, CARD_CAPACITY, 1);
308 static void sd_set_ocr(SDState *sd)
310 /* All voltages OK */
311 sd->ocr = R_OCR_VDD_VOLTAGE_WIN_HI_MASK;
313 if (sd->spi) {
315 * We don't need to emulate power up sequence in SPI-mode.
316 * Thus, the card's power up status bit should be set to 1 when reset.
317 * The card's capacity status bit should also be set if SD card size
318 * is larger than 2GB for SDHC support.
320 sd_ocr_powerup(sd);
324 static void sd_set_scr(SDState *sd)
326 sd->scr[0] = 0 << 4; /* SCR structure version 1.0 */
327 if (sd->spec_version == SD_PHY_SPECv1_10_VERS) {
328 sd->scr[0] |= 1; /* Spec Version 1.10 */
329 } else {
330 sd->scr[0] |= 2; /* Spec Version 2.00 or Version 3.0X */
332 sd->scr[1] = (2 << 4) /* SDSC Card (Security Version 1.01) */
333 | 0b0101; /* 1-bit or 4-bit width bus modes */
334 sd->scr[2] = 0x00; /* Extended Security is not supported. */
335 if (sd->spec_version >= SD_PHY_SPECv3_01_VERS) {
336 sd->scr[2] |= 1 << 7; /* Spec Version 3.0X */
338 sd->scr[3] = 0x00;
339 /* reserved for manufacturer usage */
340 sd->scr[4] = 0x00;
341 sd->scr[5] = 0x00;
342 sd->scr[6] = 0x00;
343 sd->scr[7] = 0x00;
346 #define MID 0xaa
347 #define OID "XY"
348 #define PNM "QEMU!"
349 #define PRV 0x01
350 #define MDT_YR 2006
351 #define MDT_MON 2
353 static void sd_set_cid(SDState *sd)
355 sd->cid[0] = MID; /* Fake card manufacturer ID (MID) */
356 sd->cid[1] = OID[0]; /* OEM/Application ID (OID) */
357 sd->cid[2] = OID[1];
358 sd->cid[3] = PNM[0]; /* Fake product name (PNM) */
359 sd->cid[4] = PNM[1];
360 sd->cid[5] = PNM[2];
361 sd->cid[6] = PNM[3];
362 sd->cid[7] = PNM[4];
363 sd->cid[8] = PRV; /* Fake product revision (PRV) */
364 sd->cid[9] = 0xde; /* Fake serial number (PSN) */
365 sd->cid[10] = 0xad;
366 sd->cid[11] = 0xbe;
367 sd->cid[12] = 0xef;
368 sd->cid[13] = 0x00 | /* Manufacture date (MDT) */
369 ((MDT_YR - 2000) / 10);
370 sd->cid[14] = ((MDT_YR % 10) << 4) | MDT_MON;
371 sd->cid[15] = (sd_crc7(sd->cid, 15) << 1) | 1;
374 #define HWBLOCK_SHIFT 9 /* 512 bytes */
375 #define SECTOR_SHIFT 5 /* 16 kilobytes */
376 #define WPGROUP_SHIFT 7 /* 2 megs */
377 #define CMULT_SHIFT 9 /* 512 times HWBLOCK_SIZE */
378 #define WPGROUP_SIZE (1 << (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT))
380 static const uint8_t sd_csd_rw_mask[16] = {
381 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
382 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xfc, 0xfe,
385 static void sd_set_csd(SDState *sd, uint64_t size)
387 int hwblock_shift = HWBLOCK_SHIFT;
388 uint32_t csize;
389 uint32_t sectsize = (1 << (SECTOR_SHIFT + 1)) - 1;
390 uint32_t wpsize = (1 << (WPGROUP_SHIFT + 1)) - 1;
392 /* To indicate 2 GiB card, BLOCK_LEN shall be 1024 bytes */
393 if (size == SDSC_MAX_CAPACITY) {
394 hwblock_shift += 1;
396 csize = (size >> (CMULT_SHIFT + hwblock_shift)) - 1;
398 if (size <= SDSC_MAX_CAPACITY) { /* Standard Capacity SD */
399 sd->csd[0] = 0x00; /* CSD structure */
400 sd->csd[1] = 0x26; /* Data read access-time-1 */
401 sd->csd[2] = 0x00; /* Data read access-time-2 */
402 sd->csd[3] = 0x32; /* Max. data transfer rate: 25 MHz */
403 sd->csd[4] = 0x5f; /* Card Command Classes */
404 sd->csd[5] = 0x50 | /* Max. read data block length */
405 hwblock_shift;
406 sd->csd[6] = 0xe0 | /* Partial block for read allowed */
407 ((csize >> 10) & 0x03);
408 sd->csd[7] = 0x00 | /* Device size */
409 ((csize >> 2) & 0xff);
410 sd->csd[8] = 0x3f | /* Max. read current */
411 ((csize << 6) & 0xc0);
412 sd->csd[9] = 0xfc | /* Max. write current */
413 ((CMULT_SHIFT - 2) >> 1);
414 sd->csd[10] = 0x40 | /* Erase sector size */
415 (((CMULT_SHIFT - 2) << 7) & 0x80) | (sectsize >> 1);
416 sd->csd[11] = 0x00 | /* Write protect group size */
417 ((sectsize << 7) & 0x80) | wpsize;
418 sd->csd[12] = 0x90 | /* Write speed factor */
419 (hwblock_shift >> 2);
420 sd->csd[13] = 0x20 | /* Max. write data block length */
421 ((hwblock_shift << 6) & 0xc0);
422 sd->csd[14] = 0x00; /* File format group */
423 } else { /* SDHC */
424 size /= 512 * KiB;
425 size -= 1;
426 sd->csd[0] = 0x40;
427 sd->csd[1] = 0x0e;
428 sd->csd[2] = 0x00;
429 sd->csd[3] = 0x32;
430 sd->csd[4] = 0x5b;
431 sd->csd[5] = 0x59;
432 sd->csd[6] = 0x00;
433 sd->csd[7] = (size >> 16) & 0xff;
434 sd->csd[8] = (size >> 8) & 0xff;
435 sd->csd[9] = (size & 0xff);
436 sd->csd[10] = 0x7f;
437 sd->csd[11] = 0x80;
438 sd->csd[12] = 0x0a;
439 sd->csd[13] = 0x40;
440 sd->csd[14] = 0x00;
442 sd->csd[15] = (sd_crc7(sd->csd, 15) << 1) | 1;
445 static void sd_set_rca(SDState *sd)
447 sd->rca += 0x4567;
450 FIELD(CSR, AKE_SEQ_ERROR, 3, 1)
451 FIELD(CSR, APP_CMD, 5, 1)
452 FIELD(CSR, FX_EVENT, 6, 1)
453 FIELD(CSR, READY_FOR_DATA, 8, 1)
454 FIELD(CSR, CURRENT_STATE, 9, 4)
455 FIELD(CSR, ERASE_RESET, 13, 1)
456 FIELD(CSR, CARD_ECC_DISABLED, 14, 1)
457 FIELD(CSR, WP_ERASE_SKIP, 15, 1)
458 FIELD(CSR, CSD_OVERWRITE, 16, 1)
459 FIELD(CSR, DEFERRED_RESPONSE, 17, 1)
460 FIELD(CSR, ERROR, 19, 1)
461 FIELD(CSR, CC_ERROR, 20, 1)
462 FIELD(CSR, CARD_ECC_FAILED, 21, 1)
463 FIELD(CSR, ILLEGAL_COMMAND, 22, 1)
464 FIELD(CSR, COM_CRC_ERROR, 23, 1)
465 FIELD(CSR, LOCK_UNLOCK_FAILED, 24, 1)
466 FIELD(CSR, CARD_IS_LOCKED, 25, 1)
467 FIELD(CSR, WP_VIOLATION, 26, 1)
468 FIELD(CSR, ERASE_PARAM, 27, 1)
469 FIELD(CSR, ERASE_SEQ_ERROR, 28, 1)
470 FIELD(CSR, BLOCK_LEN_ERROR, 29, 1)
471 FIELD(CSR, ADDRESS_ERROR, 30, 1)
472 FIELD(CSR, OUT_OF_RANGE, 31, 1)
474 /* Card status bits, split by clear condition:
475 * A : According to the card current state
476 * B : Always related to the previous command
477 * C : Cleared by read
479 #define CARD_STATUS_A (R_CSR_READY_FOR_DATA_MASK \
480 | R_CSR_CARD_ECC_DISABLED_MASK \
481 | R_CSR_CARD_IS_LOCKED_MASK)
482 #define CARD_STATUS_B (R_CSR_CURRENT_STATE_MASK \
483 | R_CSR_ILLEGAL_COMMAND_MASK \
484 | R_CSR_COM_CRC_ERROR_MASK)
485 #define CARD_STATUS_C (R_CSR_AKE_SEQ_ERROR_MASK \
486 | R_CSR_APP_CMD_MASK \
487 | R_CSR_ERASE_RESET_MASK \
488 | R_CSR_WP_ERASE_SKIP_MASK \
489 | R_CSR_CSD_OVERWRITE_MASK \
490 | R_CSR_ERROR_MASK \
491 | R_CSR_CC_ERROR_MASK \
492 | R_CSR_CARD_ECC_FAILED_MASK \
493 | R_CSR_LOCK_UNLOCK_FAILED_MASK \
494 | R_CSR_WP_VIOLATION_MASK \
495 | R_CSR_ERASE_PARAM_MASK \
496 | R_CSR_ERASE_SEQ_ERROR_MASK \
497 | R_CSR_BLOCK_LEN_ERROR_MASK \
498 | R_CSR_ADDRESS_ERROR_MASK \
499 | R_CSR_OUT_OF_RANGE_MASK)
501 static void sd_set_cardstatus(SDState *sd)
503 sd->card_status = 0x00000100;
506 static void sd_set_sdstatus(SDState *sd)
508 memset(sd->sd_status, 0, 64);
511 static int sd_req_crc_validate(SDRequest *req)
513 uint8_t buffer[5];
514 buffer[0] = 0x40 | req->cmd;
515 stl_be_p(&buffer[1], req->arg);
516 return 0;
517 return sd_crc7(buffer, 5) != req->crc; /* TODO */
520 static void sd_response_r1_make(SDState *sd, uint8_t *response)
522 stl_be_p(response, sd->card_status);
524 /* Clear the "clear on read" status bits */
525 sd->card_status &= ~CARD_STATUS_C;
528 static void sd_response_r3_make(SDState *sd, uint8_t *response)
530 stl_be_p(response, sd->ocr & ACMD41_R3_MASK);
533 static void sd_response_r6_make(SDState *sd, uint8_t *response)
535 uint16_t status;
537 status = ((sd->card_status >> 8) & 0xc000) |
538 ((sd->card_status >> 6) & 0x2000) |
539 (sd->card_status & 0x1fff);
540 sd->card_status &= ~(CARD_STATUS_C & 0xc81fff);
541 stw_be_p(response + 0, sd->rca);
542 stw_be_p(response + 2, status);
545 static void sd_response_r7_make(SDState *sd, uint8_t *response)
547 stl_be_p(response, sd->vhs);
550 static inline uint64_t sd_addr_to_wpnum(uint64_t addr)
552 return addr >> (HWBLOCK_SHIFT + SECTOR_SHIFT + WPGROUP_SHIFT);
555 static void sd_reset(DeviceState *dev)
557 SDState *sd = SD_CARD(dev);
558 uint64_t size;
559 uint64_t sect;
561 trace_sdcard_reset();
562 if (sd->blk) {
563 blk_get_geometry(sd->blk, &sect);
564 } else {
565 sect = 0;
567 size = sect << 9;
569 sect = sd_addr_to_wpnum(size) + 1;
571 sd->state = sd_idle_state;
572 sd->rca = 0x0000;
573 sd->size = size;
574 sd_set_ocr(sd);
575 sd_set_scr(sd);
576 sd_set_cid(sd);
577 sd_set_csd(sd, size);
578 sd_set_cardstatus(sd);
579 sd_set_sdstatus(sd);
581 g_free(sd->wp_group_bmap);
582 sd->wp_switch = sd->blk ? !blk_is_writable(sd->blk) : false;
583 sd->wp_group_bits = sect;
584 sd->wp_group_bmap = bitmap_new(sd->wp_group_bits);
585 memset(sd->function_group, 0, sizeof(sd->function_group));
586 sd->erase_start = INVALID_ADDRESS;
587 sd->erase_end = INVALID_ADDRESS;
588 sd->blk_len = 0x200;
589 sd->pwd_len = 0;
590 sd->expecting_acmd = false;
591 sd->dat_lines = 0xf;
592 sd->cmd_line = true;
593 sd->multi_blk_cnt = 0;
596 static bool sd_get_inserted(SDState *sd)
598 return sd->blk && blk_is_inserted(sd->blk);
601 static bool sd_get_readonly(SDState *sd)
603 return sd->wp_switch;
606 static void sd_cardchange(void *opaque, bool load, Error **errp)
608 SDState *sd = opaque;
609 DeviceState *dev = DEVICE(sd);
610 SDBus *sdbus;
611 bool inserted = sd_get_inserted(sd);
612 bool readonly = sd_get_readonly(sd);
614 if (inserted) {
615 trace_sdcard_inserted(readonly);
616 sd_reset(dev);
617 } else {
618 trace_sdcard_ejected();
621 if (sd->me_no_qdev_me_kill_mammoth_with_rocks) {
622 qemu_set_irq(sd->inserted_cb, inserted);
623 if (inserted) {
624 qemu_set_irq(sd->readonly_cb, readonly);
626 } else {
627 sdbus = SD_BUS(qdev_get_parent_bus(dev));
628 sdbus_set_inserted(sdbus, inserted);
629 if (inserted) {
630 sdbus_set_readonly(sdbus, readonly);
635 static const BlockDevOps sd_block_ops = {
636 .change_media_cb = sd_cardchange,
639 static bool sd_ocr_vmstate_needed(void *opaque)
641 SDState *sd = opaque;
643 /* Include the OCR state (and timer) if it is not yet powered up */
644 return !FIELD_EX32(sd->ocr, OCR, CARD_POWER_UP);
647 static const VMStateDescription sd_ocr_vmstate = {
648 .name = "sd-card/ocr-state",
649 .version_id = 1,
650 .minimum_version_id = 1,
651 .needed = sd_ocr_vmstate_needed,
652 .fields = (VMStateField[]) {
653 VMSTATE_UINT32(ocr, SDState),
654 VMSTATE_TIMER_PTR(ocr_power_timer, SDState),
655 VMSTATE_END_OF_LIST()
659 static int sd_vmstate_pre_load(void *opaque)
661 SDState *sd = opaque;
663 /* If the OCR state is not included (prior versions, or not
664 * needed), then the OCR must be set as powered up. If the OCR state
665 * is included, this will be replaced by the state restore.
667 sd_ocr_powerup(sd);
669 return 0;
672 static const VMStateDescription sd_vmstate = {
673 .name = "sd-card",
674 .version_id = 2,
675 .minimum_version_id = 2,
676 .pre_load = sd_vmstate_pre_load,
677 .fields = (VMStateField[]) {
678 VMSTATE_UINT32(mode, SDState),
679 VMSTATE_INT32(state, SDState),
680 VMSTATE_UINT8_ARRAY(cid, SDState, 16),
681 VMSTATE_UINT8_ARRAY(csd, SDState, 16),
682 VMSTATE_UINT16(rca, SDState),
683 VMSTATE_UINT32(card_status, SDState),
684 VMSTATE_PARTIAL_BUFFER(sd_status, SDState, 1),
685 VMSTATE_UINT32(vhs, SDState),
686 VMSTATE_BITMAP(wp_group_bmap, SDState, 0, wp_group_bits),
687 VMSTATE_UINT32(blk_len, SDState),
688 VMSTATE_UINT32(multi_blk_cnt, SDState),
689 VMSTATE_UINT32(erase_start, SDState),
690 VMSTATE_UINT32(erase_end, SDState),
691 VMSTATE_UINT8_ARRAY(pwd, SDState, 16),
692 VMSTATE_UINT32(pwd_len, SDState),
693 VMSTATE_UINT8_ARRAY(function_group, SDState, 6),
694 VMSTATE_UINT8(current_cmd, SDState),
695 VMSTATE_BOOL(expecting_acmd, SDState),
696 VMSTATE_UINT32(blk_written, SDState),
697 VMSTATE_UINT64(data_start, SDState),
698 VMSTATE_UINT32(data_offset, SDState),
699 VMSTATE_UINT8_ARRAY(data, SDState, 512),
700 VMSTATE_UNUSED_V(1, 512),
701 VMSTATE_BOOL(enable, SDState),
702 VMSTATE_END_OF_LIST()
704 .subsections = (const VMStateDescription*[]) {
705 &sd_ocr_vmstate,
706 NULL
710 /* Legacy initialization function for use by non-qdevified callers */
711 SDState *sd_init(BlockBackend *blk, bool is_spi)
713 Object *obj;
714 DeviceState *dev;
715 SDState *sd;
716 Error *err = NULL;
718 obj = object_new(TYPE_SD_CARD);
719 dev = DEVICE(obj);
720 if (!qdev_prop_set_drive_err(dev, "drive", blk, &err)) {
721 error_reportf_err(err, "sd_init failed: ");
722 return NULL;
724 qdev_prop_set_bit(dev, "spi", is_spi);
727 * Realizing the device properly would put it into the QOM
728 * composition tree even though it is not plugged into an
729 * appropriate bus. That's a no-no. Hide the device from
730 * QOM/qdev, and call its qdev realize callback directly.
732 object_ref(obj);
733 object_unparent(obj);
734 sd_realize(dev, &err);
735 if (err) {
736 error_reportf_err(err, "sd_init failed: ");
737 return NULL;
740 sd = SD_CARD(dev);
741 sd->me_no_qdev_me_kill_mammoth_with_rocks = true;
742 return sd;
745 void sd_set_cb(SDState *sd, qemu_irq readonly, qemu_irq insert)
747 sd->readonly_cb = readonly;
748 sd->inserted_cb = insert;
749 qemu_set_irq(readonly, sd->blk ? !blk_is_writable(sd->blk) : 0);
750 qemu_set_irq(insert, sd->blk ? blk_is_inserted(sd->blk) : 0);
753 static void sd_blk_read(SDState *sd, uint64_t addr, uint32_t len)
755 trace_sdcard_read_block(addr, len);
756 if (!sd->blk || blk_pread(sd->blk, addr, sd->data, len) < 0) {
757 fprintf(stderr, "sd_blk_read: read error on host side\n");
761 static void sd_blk_write(SDState *sd, uint64_t addr, uint32_t len)
763 trace_sdcard_write_block(addr, len);
764 if (!sd->blk || blk_pwrite(sd->blk, addr, sd->data, len, 0) < 0) {
765 fprintf(stderr, "sd_blk_write: write error on host side\n");
769 #define BLK_READ_BLOCK(a, len) sd_blk_read(sd, a, len)
770 #define BLK_WRITE_BLOCK(a, len) sd_blk_write(sd, a, len)
771 #define APP_READ_BLOCK(a, len) memset(sd->data, 0xec, len)
772 #define APP_WRITE_BLOCK(a, len)
774 static void sd_erase(SDState *sd)
776 uint64_t erase_start = sd->erase_start;
777 uint64_t erase_end = sd->erase_end;
778 bool sdsc = true;
779 uint64_t wpnum;
780 uint64_t erase_addr;
781 int erase_len = 1 << HWBLOCK_SHIFT;
783 trace_sdcard_erase(sd->erase_start, sd->erase_end);
784 if (sd->erase_start == INVALID_ADDRESS
785 || sd->erase_end == INVALID_ADDRESS) {
786 sd->card_status |= ERASE_SEQ_ERROR;
787 sd->erase_start = INVALID_ADDRESS;
788 sd->erase_end = INVALID_ADDRESS;
789 return;
792 if (FIELD_EX32(sd->ocr, OCR, CARD_CAPACITY)) {
793 /* High capacity memory card: erase units are 512 byte blocks */
794 erase_start *= 512;
795 erase_end *= 512;
796 sdsc = false;
799 if (erase_start > sd->size || erase_end > sd->size) {
800 sd->card_status |= OUT_OF_RANGE;
801 sd->erase_start = INVALID_ADDRESS;
802 sd->erase_end = INVALID_ADDRESS;
803 return;
806 sd->erase_start = INVALID_ADDRESS;
807 sd->erase_end = INVALID_ADDRESS;
808 sd->csd[14] |= 0x40;
810 memset(sd->data, 0xff, erase_len);
811 for (erase_addr = erase_start; erase_addr <= erase_end;
812 erase_addr += erase_len) {
813 if (sdsc) {
814 /* Only SDSC cards support write protect groups */
815 wpnum = sd_addr_to_wpnum(erase_addr);
816 assert(wpnum < sd->wp_group_bits);
817 if (test_bit(wpnum, sd->wp_group_bmap)) {
818 sd->card_status |= WP_ERASE_SKIP;
819 continue;
822 BLK_WRITE_BLOCK(erase_addr, erase_len);
826 static uint32_t sd_wpbits(SDState *sd, uint64_t addr)
828 uint32_t i, wpnum;
829 uint32_t ret = 0;
831 wpnum = sd_addr_to_wpnum(addr);
833 for (i = 0; i < 32; i++, wpnum++, addr += WPGROUP_SIZE) {
834 if (addr >= sd->size) {
836 * If the addresses of the last groups are outside the valid range,
837 * then the corresponding write protection bits shall be set to 0.
839 continue;
841 assert(wpnum < sd->wp_group_bits);
842 if (test_bit(wpnum, sd->wp_group_bmap)) {
843 ret |= (1 << i);
847 return ret;
850 static void sd_function_switch(SDState *sd, uint32_t arg)
852 int i, mode, new_func;
853 mode = !!(arg & 0x80000000);
855 sd->data[0] = 0x00; /* Maximum current consumption */
856 sd->data[1] = 0x01;
857 sd->data[2] = 0x80; /* Supported group 6 functions */
858 sd->data[3] = 0x01;
859 sd->data[4] = 0x80; /* Supported group 5 functions */
860 sd->data[5] = 0x01;
861 sd->data[6] = 0x80; /* Supported group 4 functions */
862 sd->data[7] = 0x01;
863 sd->data[8] = 0x80; /* Supported group 3 functions */
864 sd->data[9] = 0x01;
865 sd->data[10] = 0x80; /* Supported group 2 functions */
866 sd->data[11] = 0x43;
867 sd->data[12] = 0x80; /* Supported group 1 functions */
868 sd->data[13] = 0x03;
870 memset(&sd->data[14], 0, 3);
871 for (i = 0; i < 6; i ++) {
872 new_func = (arg >> (i * 4)) & 0x0f;
873 if (mode && new_func != 0x0f)
874 sd->function_group[i] = new_func;
875 sd->data[16 - (i >> 1)] |= new_func << ((i % 2) * 4);
877 memset(&sd->data[17], 0, 47);
880 static inline bool sd_wp_addr(SDState *sd, uint64_t addr)
882 return test_bit(sd_addr_to_wpnum(addr), sd->wp_group_bmap);
885 static void sd_lock_command(SDState *sd)
887 int erase, lock, clr_pwd, set_pwd, pwd_len;
888 erase = !!(sd->data[0] & 0x08);
889 lock = sd->data[0] & 0x04;
890 clr_pwd = sd->data[0] & 0x02;
891 set_pwd = sd->data[0] & 0x01;
893 if (sd->blk_len > 1)
894 pwd_len = sd->data[1];
895 else
896 pwd_len = 0;
898 if (lock) {
899 trace_sdcard_lock();
900 } else {
901 trace_sdcard_unlock();
903 if (erase) {
904 if (!(sd->card_status & CARD_IS_LOCKED) || sd->blk_len > 1 ||
905 set_pwd || clr_pwd || lock || sd->wp_switch ||
906 (sd->csd[14] & 0x20)) {
907 sd->card_status |= LOCK_UNLOCK_FAILED;
908 return;
910 bitmap_zero(sd->wp_group_bmap, sd->wp_group_bits);
911 sd->csd[14] &= ~0x10;
912 sd->card_status &= ~CARD_IS_LOCKED;
913 sd->pwd_len = 0;
914 /* Erasing the entire card here! */
915 fprintf(stderr, "SD: Card force-erased by CMD42\n");
916 return;
919 if (sd->blk_len < 2 + pwd_len ||
920 pwd_len <= sd->pwd_len ||
921 pwd_len > sd->pwd_len + 16) {
922 sd->card_status |= LOCK_UNLOCK_FAILED;
923 return;
926 if (sd->pwd_len && memcmp(sd->pwd, sd->data + 2, sd->pwd_len)) {
927 sd->card_status |= LOCK_UNLOCK_FAILED;
928 return;
931 pwd_len -= sd->pwd_len;
932 if ((pwd_len && !set_pwd) ||
933 (clr_pwd && (set_pwd || lock)) ||
934 (lock && !sd->pwd_len && !set_pwd) ||
935 (!set_pwd && !clr_pwd &&
936 (((sd->card_status & CARD_IS_LOCKED) && lock) ||
937 (!(sd->card_status & CARD_IS_LOCKED) && !lock)))) {
938 sd->card_status |= LOCK_UNLOCK_FAILED;
939 return;
942 if (set_pwd) {
943 memcpy(sd->pwd, sd->data + 2 + sd->pwd_len, pwd_len);
944 sd->pwd_len = pwd_len;
947 if (clr_pwd) {
948 sd->pwd_len = 0;
951 if (lock)
952 sd->card_status |= CARD_IS_LOCKED;
953 else
954 sd->card_status &= ~CARD_IS_LOCKED;
957 static bool address_in_range(SDState *sd, const char *desc,
958 uint64_t addr, uint32_t length)
960 if (addr + length > sd->size) {
961 qemu_log_mask(LOG_GUEST_ERROR,
962 "%s offset %"PRIu64" > card %"PRIu64" [%%%u]\n",
963 desc, addr, sd->size, length);
964 sd->card_status |= ADDRESS_ERROR;
965 return false;
967 return true;
970 static sd_rsp_type_t sd_normal_command(SDState *sd, SDRequest req)
972 uint32_t rca = 0x0000;
973 uint64_t addr = (sd->ocr & (1 << 30)) ? (uint64_t) req.arg << 9 : req.arg;
975 /* CMD55 precedes an ACMD, so we are not interested in tracing it.
976 * However there is no ACMD55, so we want to trace this particular case.
978 if (req.cmd != 55 || sd->expecting_acmd) {
979 trace_sdcard_normal_command(sd->proto_name,
980 sd_cmd_name(req.cmd), req.cmd,
981 req.arg, sd_state_name(sd->state));
984 /* Not interpreting this as an app command */
985 sd->card_status &= ~APP_CMD;
987 if (sd_cmd_type[req.cmd] == sd_ac
988 || sd_cmd_type[req.cmd] == sd_adtc) {
989 rca = req.arg >> 16;
992 /* CMD23 (set block count) must be immediately followed by CMD18 or CMD25
993 * if not, its effects are cancelled */
994 if (sd->multi_blk_cnt != 0 && !(req.cmd == 18 || req.cmd == 25)) {
995 sd->multi_blk_cnt = 0;
998 if (sd_cmd_class[req.cmd] == 6 && FIELD_EX32(sd->ocr, OCR, CARD_CAPACITY)) {
999 /* Only Standard Capacity cards support class 6 commands */
1000 return sd_illegal;
1003 switch (req.cmd) {
1004 /* Basic commands (Class 0 and Class 1) */
1005 case 0: /* CMD0: GO_IDLE_STATE */
1006 switch (sd->state) {
1007 case sd_inactive_state:
1008 return sd->spi ? sd_r1 : sd_r0;
1010 default:
1011 sd->state = sd_idle_state;
1012 sd_reset(DEVICE(sd));
1013 return sd->spi ? sd_r1 : sd_r0;
1015 break;
1017 case 1: /* CMD1: SEND_OP_CMD */
1018 if (!sd->spi)
1019 goto bad_cmd;
1021 sd->state = sd_transfer_state;
1022 return sd_r1;
1024 case 2: /* CMD2: ALL_SEND_CID */
1025 if (sd->spi)
1026 goto bad_cmd;
1027 switch (sd->state) {
1028 case sd_ready_state:
1029 sd->state = sd_identification_state;
1030 return sd_r2_i;
1032 default:
1033 break;
1035 break;
1037 case 3: /* CMD3: SEND_RELATIVE_ADDR */
1038 if (sd->spi)
1039 goto bad_cmd;
1040 switch (sd->state) {
1041 case sd_identification_state:
1042 case sd_standby_state:
1043 sd->state = sd_standby_state;
1044 sd_set_rca(sd);
1045 return sd_r6;
1047 default:
1048 break;
1050 break;
1052 case 4: /* CMD4: SEND_DSR */
1053 if (sd->spi)
1054 goto bad_cmd;
1055 switch (sd->state) {
1056 case sd_standby_state:
1057 break;
1059 default:
1060 break;
1062 break;
1064 case 5: /* CMD5: reserved for SDIO cards */
1065 return sd_illegal;
1067 case 6: /* CMD6: SWITCH_FUNCTION */
1068 switch (sd->mode) {
1069 case sd_data_transfer_mode:
1070 sd_function_switch(sd, req.arg);
1071 sd->state = sd_sendingdata_state;
1072 sd->data_start = 0;
1073 sd->data_offset = 0;
1074 return sd_r1;
1076 default:
1077 break;
1079 break;
1081 case 7: /* CMD7: SELECT/DESELECT_CARD */
1082 if (sd->spi)
1083 goto bad_cmd;
1084 switch (sd->state) {
1085 case sd_standby_state:
1086 if (sd->rca != rca)
1087 return sd_r0;
1089 sd->state = sd_transfer_state;
1090 return sd_r1b;
1092 case sd_transfer_state:
1093 case sd_sendingdata_state:
1094 if (sd->rca == rca)
1095 break;
1097 sd->state = sd_standby_state;
1098 return sd_r1b;
1100 case sd_disconnect_state:
1101 if (sd->rca != rca)
1102 return sd_r0;
1104 sd->state = sd_programming_state;
1105 return sd_r1b;
1107 case sd_programming_state:
1108 if (sd->rca == rca)
1109 break;
1111 sd->state = sd_disconnect_state;
1112 return sd_r1b;
1114 default:
1115 break;
1117 break;
1119 case 8: /* CMD8: SEND_IF_COND */
1120 if (sd->spec_version < SD_PHY_SPECv2_00_VERS) {
1121 break;
1123 if (sd->state != sd_idle_state) {
1124 break;
1126 sd->vhs = 0;
1128 /* No response if not exactly one VHS bit is set. */
1129 if (!(req.arg >> 8) || (req.arg >> (ctz32(req.arg & ~0xff) + 1))) {
1130 return sd->spi ? sd_r7 : sd_r0;
1133 /* Accept. */
1134 sd->vhs = req.arg;
1135 return sd_r7;
1137 case 9: /* CMD9: SEND_CSD */
1138 switch (sd->state) {
1139 case sd_standby_state:
1140 if (sd->rca != rca)
1141 return sd_r0;
1143 return sd_r2_s;
1145 case sd_transfer_state:
1146 if (!sd->spi)
1147 break;
1148 sd->state = sd_sendingdata_state;
1149 memcpy(sd->data, sd->csd, 16);
1150 sd->data_start = addr;
1151 sd->data_offset = 0;
1152 return sd_r1;
1154 default:
1155 break;
1157 break;
1159 case 10: /* CMD10: SEND_CID */
1160 switch (sd->state) {
1161 case sd_standby_state:
1162 if (sd->rca != rca)
1163 return sd_r0;
1165 return sd_r2_i;
1167 case sd_transfer_state:
1168 if (!sd->spi)
1169 break;
1170 sd->state = sd_sendingdata_state;
1171 memcpy(sd->data, sd->cid, 16);
1172 sd->data_start = addr;
1173 sd->data_offset = 0;
1174 return sd_r1;
1176 default:
1177 break;
1179 break;
1181 case 12: /* CMD12: STOP_TRANSMISSION */
1182 switch (sd->state) {
1183 case sd_sendingdata_state:
1184 sd->state = sd_transfer_state;
1185 return sd_r1b;
1187 case sd_receivingdata_state:
1188 sd->state = sd_programming_state;
1189 /* Bzzzzzzztt .... Operation complete. */
1190 sd->state = sd_transfer_state;
1191 return sd_r1b;
1193 default:
1194 break;
1196 break;
1198 case 13: /* CMD13: SEND_STATUS */
1199 switch (sd->mode) {
1200 case sd_data_transfer_mode:
1201 if (!sd->spi && sd->rca != rca) {
1202 return sd_r0;
1205 return sd_r1;
1207 default:
1208 break;
1210 break;
1212 case 15: /* CMD15: GO_INACTIVE_STATE */
1213 if (sd->spi)
1214 goto bad_cmd;
1215 switch (sd->mode) {
1216 case sd_data_transfer_mode:
1217 if (sd->rca != rca)
1218 return sd_r0;
1220 sd->state = sd_inactive_state;
1221 return sd_r0;
1223 default:
1224 break;
1226 break;
1228 /* Block read commands (Classs 2) */
1229 case 16: /* CMD16: SET_BLOCKLEN */
1230 switch (sd->state) {
1231 case sd_transfer_state:
1232 if (req.arg > (1 << HWBLOCK_SHIFT)) {
1233 sd->card_status |= BLOCK_LEN_ERROR;
1234 } else {
1235 trace_sdcard_set_blocklen(req.arg);
1236 sd->blk_len = req.arg;
1239 return sd_r1;
1241 default:
1242 break;
1244 break;
1246 case 17: /* CMD17: READ_SINGLE_BLOCK */
1247 case 18: /* CMD18: READ_MULTIPLE_BLOCK */
1248 switch (sd->state) {
1249 case sd_transfer_state:
1251 if (!address_in_range(sd, "READ_BLOCK", addr, sd->blk_len)) {
1252 return sd_r1;
1255 sd->state = sd_sendingdata_state;
1256 sd->data_start = addr;
1257 sd->data_offset = 0;
1258 return sd_r1;
1260 default:
1261 break;
1263 break;
1265 case 19: /* CMD19: SEND_TUNING_BLOCK (SD) */
1266 if (sd->spec_version < SD_PHY_SPECv3_01_VERS) {
1267 break;
1269 if (sd->state == sd_transfer_state) {
1270 sd->state = sd_sendingdata_state;
1271 sd->data_offset = 0;
1272 return sd_r1;
1274 break;
1276 case 23: /* CMD23: SET_BLOCK_COUNT */
1277 if (sd->spec_version < SD_PHY_SPECv3_01_VERS) {
1278 break;
1280 switch (sd->state) {
1281 case sd_transfer_state:
1282 sd->multi_blk_cnt = req.arg;
1283 return sd_r1;
1285 default:
1286 break;
1288 break;
1290 /* Block write commands (Class 4) */
1291 case 24: /* CMD24: WRITE_SINGLE_BLOCK */
1292 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
1293 switch (sd->state) {
1294 case sd_transfer_state:
1296 if (!address_in_range(sd, "WRITE_BLOCK", addr, sd->blk_len)) {
1297 return sd_r1;
1300 sd->state = sd_receivingdata_state;
1301 sd->data_start = addr;
1302 sd->data_offset = 0;
1303 sd->blk_written = 0;
1305 if (sd->size <= SDSC_MAX_CAPACITY) {
1306 if (sd_wp_addr(sd, sd->data_start)) {
1307 sd->card_status |= WP_VIOLATION;
1310 if (sd->csd[14] & 0x30) {
1311 sd->card_status |= WP_VIOLATION;
1313 return sd_r1;
1315 default:
1316 break;
1318 break;
1320 case 26: /* CMD26: PROGRAM_CID */
1321 if (sd->spi)
1322 goto bad_cmd;
1323 switch (sd->state) {
1324 case sd_transfer_state:
1325 sd->state = sd_receivingdata_state;
1326 sd->data_start = 0;
1327 sd->data_offset = 0;
1328 return sd_r1;
1330 default:
1331 break;
1333 break;
1335 case 27: /* CMD27: PROGRAM_CSD */
1336 switch (sd->state) {
1337 case sd_transfer_state:
1338 sd->state = sd_receivingdata_state;
1339 sd->data_start = 0;
1340 sd->data_offset = 0;
1341 return sd_r1;
1343 default:
1344 break;
1346 break;
1348 /* Write protection (Class 6) */
1349 case 28: /* CMD28: SET_WRITE_PROT */
1350 if (sd->size > SDSC_MAX_CAPACITY) {
1351 return sd_illegal;
1354 switch (sd->state) {
1355 case sd_transfer_state:
1356 if (!address_in_range(sd, "SET_WRITE_PROT", addr, 1)) {
1357 return sd_r1b;
1360 sd->state = sd_programming_state;
1361 set_bit(sd_addr_to_wpnum(addr), sd->wp_group_bmap);
1362 /* Bzzzzzzztt .... Operation complete. */
1363 sd->state = sd_transfer_state;
1364 return sd_r1b;
1366 default:
1367 break;
1369 break;
1371 case 29: /* CMD29: CLR_WRITE_PROT */
1372 if (sd->size > SDSC_MAX_CAPACITY) {
1373 return sd_illegal;
1376 switch (sd->state) {
1377 case sd_transfer_state:
1378 if (!address_in_range(sd, "CLR_WRITE_PROT", addr, 1)) {
1379 return sd_r1b;
1382 sd->state = sd_programming_state;
1383 clear_bit(sd_addr_to_wpnum(addr), sd->wp_group_bmap);
1384 /* Bzzzzzzztt .... Operation complete. */
1385 sd->state = sd_transfer_state;
1386 return sd_r1b;
1388 default:
1389 break;
1391 break;
1393 case 30: /* CMD30: SEND_WRITE_PROT */
1394 if (sd->size > SDSC_MAX_CAPACITY) {
1395 return sd_illegal;
1398 switch (sd->state) {
1399 case sd_transfer_state:
1400 if (!address_in_range(sd, "SEND_WRITE_PROT",
1401 req.arg, sd->blk_len)) {
1402 return sd_r1;
1405 sd->state = sd_sendingdata_state;
1406 *(uint32_t *) sd->data = sd_wpbits(sd, req.arg);
1407 sd->data_start = addr;
1408 sd->data_offset = 0;
1409 return sd_r1;
1411 default:
1412 break;
1414 break;
1416 /* Erase commands (Class 5) */
1417 case 32: /* CMD32: ERASE_WR_BLK_START */
1418 switch (sd->state) {
1419 case sd_transfer_state:
1420 sd->erase_start = req.arg;
1421 return sd_r1;
1423 default:
1424 break;
1426 break;
1428 case 33: /* CMD33: ERASE_WR_BLK_END */
1429 switch (sd->state) {
1430 case sd_transfer_state:
1431 sd->erase_end = req.arg;
1432 return sd_r1;
1434 default:
1435 break;
1437 break;
1439 case 38: /* CMD38: ERASE */
1440 switch (sd->state) {
1441 case sd_transfer_state:
1442 if (sd->csd[14] & 0x30) {
1443 sd->card_status |= WP_VIOLATION;
1444 return sd_r1b;
1447 sd->state = sd_programming_state;
1448 sd_erase(sd);
1449 /* Bzzzzzzztt .... Operation complete. */
1450 sd->state = sd_transfer_state;
1451 return sd_r1b;
1453 default:
1454 break;
1456 break;
1458 /* Lock card commands (Class 7) */
1459 case 42: /* CMD42: LOCK_UNLOCK */
1460 switch (sd->state) {
1461 case sd_transfer_state:
1462 sd->state = sd_receivingdata_state;
1463 sd->data_start = 0;
1464 sd->data_offset = 0;
1465 return sd_r1;
1467 default:
1468 break;
1470 break;
1472 case 52 ... 54:
1473 /* CMD52, CMD53, CMD54: reserved for SDIO cards
1474 * (see the SDIO Simplified Specification V2.0)
1475 * Handle as illegal command but do not complain
1476 * on stderr, as some OSes may use these in their
1477 * probing for presence of an SDIO card.
1479 return sd_illegal;
1481 /* Application specific commands (Class 8) */
1482 case 55: /* CMD55: APP_CMD */
1483 switch (sd->state) {
1484 case sd_ready_state:
1485 case sd_identification_state:
1486 case sd_inactive_state:
1487 return sd_illegal;
1488 case sd_idle_state:
1489 if (rca) {
1490 qemu_log_mask(LOG_GUEST_ERROR,
1491 "SD: illegal RCA 0x%04x for APP_CMD\n", req.cmd);
1493 default:
1494 break;
1496 if (!sd->spi) {
1497 if (sd->rca != rca) {
1498 return sd_r0;
1501 sd->expecting_acmd = true;
1502 sd->card_status |= APP_CMD;
1503 return sd_r1;
1505 case 56: /* CMD56: GEN_CMD */
1506 switch (sd->state) {
1507 case sd_transfer_state:
1508 sd->data_offset = 0;
1509 if (req.arg & 1)
1510 sd->state = sd_sendingdata_state;
1511 else
1512 sd->state = sd_receivingdata_state;
1513 return sd_r1;
1515 default:
1516 break;
1518 break;
1520 case 58: /* CMD58: READ_OCR (SPI) */
1521 if (!sd->spi) {
1522 goto bad_cmd;
1524 return sd_r3;
1526 case 59: /* CMD59: CRC_ON_OFF (SPI) */
1527 if (!sd->spi) {
1528 goto bad_cmd;
1530 return sd_r1;
1532 default:
1533 bad_cmd:
1534 qemu_log_mask(LOG_GUEST_ERROR, "SD: Unknown CMD%i\n", req.cmd);
1535 return sd_illegal;
1538 qemu_log_mask(LOG_GUEST_ERROR, "SD: CMD%i in a wrong state: %s\n",
1539 req.cmd, sd_state_name(sd->state));
1540 return sd_illegal;
1543 static sd_rsp_type_t sd_app_command(SDState *sd,
1544 SDRequest req)
1546 trace_sdcard_app_command(sd->proto_name, sd_acmd_name(req.cmd),
1547 req.cmd, req.arg, sd_state_name(sd->state));
1548 sd->card_status |= APP_CMD;
1549 switch (req.cmd) {
1550 case 6: /* ACMD6: SET_BUS_WIDTH */
1551 if (sd->spi) {
1552 goto unimplemented_spi_cmd;
1554 switch (sd->state) {
1555 case sd_transfer_state:
1556 sd->sd_status[0] &= 0x3f;
1557 sd->sd_status[0] |= (req.arg & 0x03) << 6;
1558 return sd_r1;
1560 default:
1561 break;
1563 break;
1565 case 13: /* ACMD13: SD_STATUS */
1566 switch (sd->state) {
1567 case sd_transfer_state:
1568 sd->state = sd_sendingdata_state;
1569 sd->data_start = 0;
1570 sd->data_offset = 0;
1571 return sd_r1;
1573 default:
1574 break;
1576 break;
1578 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
1579 switch (sd->state) {
1580 case sd_transfer_state:
1581 *(uint32_t *) sd->data = sd->blk_written;
1583 sd->state = sd_sendingdata_state;
1584 sd->data_start = 0;
1585 sd->data_offset = 0;
1586 return sd_r1;
1588 default:
1589 break;
1591 break;
1593 case 23: /* ACMD23: SET_WR_BLK_ERASE_COUNT */
1594 switch (sd->state) {
1595 case sd_transfer_state:
1596 return sd_r1;
1598 default:
1599 break;
1601 break;
1603 case 41: /* ACMD41: SD_APP_OP_COND */
1604 if (sd->spi) {
1605 /* SEND_OP_CMD */
1606 sd->state = sd_transfer_state;
1607 return sd_r1;
1609 if (sd->state != sd_idle_state) {
1610 break;
1612 /* If it's the first ACMD41 since reset, we need to decide
1613 * whether to power up. If this is not an enquiry ACMD41,
1614 * we immediately report power on and proceed below to the
1615 * ready state, but if it is, we set a timer to model a
1616 * delay for power up. This works around a bug in EDK2
1617 * UEFI, which sends an initial enquiry ACMD41, but
1618 * assumes that the card is in ready state as soon as it
1619 * sees the power up bit set. */
1620 if (!FIELD_EX32(sd->ocr, OCR, CARD_POWER_UP)) {
1621 if ((req.arg & ACMD41_ENQUIRY_MASK) != 0) {
1622 timer_del(sd->ocr_power_timer);
1623 sd_ocr_powerup(sd);
1624 } else {
1625 trace_sdcard_inquiry_cmd41();
1626 if (!timer_pending(sd->ocr_power_timer)) {
1627 timer_mod_ns(sd->ocr_power_timer,
1628 (qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL)
1629 + OCR_POWER_DELAY_NS));
1634 if (FIELD_EX32(sd->ocr & req.arg, OCR, VDD_VOLTAGE_WINDOW)) {
1635 /* We accept any voltage. 10000 V is nothing.
1637 * Once we're powered up, we advance straight to ready state
1638 * unless it's an enquiry ACMD41 (bits 23:0 == 0).
1640 sd->state = sd_ready_state;
1643 return sd_r3;
1645 case 42: /* ACMD42: SET_CLR_CARD_DETECT */
1646 switch (sd->state) {
1647 case sd_transfer_state:
1648 /* Bringing in the 50KOhm pull-up resistor... Done. */
1649 return sd_r1;
1651 default:
1652 break;
1654 break;
1656 case 51: /* ACMD51: SEND_SCR */
1657 switch (sd->state) {
1658 case sd_transfer_state:
1659 sd->state = sd_sendingdata_state;
1660 sd->data_start = 0;
1661 sd->data_offset = 0;
1662 return sd_r1;
1664 default:
1665 break;
1667 break;
1669 case 18: /* Reserved for SD security applications */
1670 case 25:
1671 case 26:
1672 case 38:
1673 case 43 ... 49:
1674 /* Refer to the "SD Specifications Part3 Security Specification" for
1675 * information about the SD Security Features.
1677 qemu_log_mask(LOG_UNIMP, "SD: CMD%i Security not implemented\n",
1678 req.cmd);
1679 return sd_illegal;
1681 default:
1682 /* Fall back to standard commands. */
1683 return sd_normal_command(sd, req);
1685 unimplemented_spi_cmd:
1686 /* Commands that are recognised but not yet implemented in SPI mode. */
1687 qemu_log_mask(LOG_UNIMP, "SD: CMD%i not implemented in SPI mode\n",
1688 req.cmd);
1689 return sd_illegal;
1692 qemu_log_mask(LOG_GUEST_ERROR, "SD: ACMD%i in a wrong state\n", req.cmd);
1693 return sd_illegal;
1696 static int cmd_valid_while_locked(SDState *sd, const uint8_t cmd)
1698 /* Valid commands in locked state:
1699 * basic class (0)
1700 * lock card class (7)
1701 * CMD16
1702 * implicitly, the ACMD prefix CMD55
1703 * ACMD41 and ACMD42
1704 * Anything else provokes an "illegal command" response.
1706 if (sd->expecting_acmd) {
1707 return cmd == 41 || cmd == 42;
1709 if (cmd == 16 || cmd == 55) {
1710 return 1;
1712 return sd_cmd_class[cmd] == 0 || sd_cmd_class[cmd] == 7;
1715 int sd_do_command(SDState *sd, SDRequest *req,
1716 uint8_t *response) {
1717 int last_state;
1718 sd_rsp_type_t rtype;
1719 int rsplen;
1721 if (!sd->blk || !blk_is_inserted(sd->blk) || !sd->enable) {
1722 return 0;
1725 if (sd_req_crc_validate(req)) {
1726 sd->card_status |= COM_CRC_ERROR;
1727 rtype = sd_illegal;
1728 goto send_response;
1731 if (req->cmd >= SDMMC_CMD_MAX) {
1732 qemu_log_mask(LOG_GUEST_ERROR, "SD: incorrect command 0x%02x\n",
1733 req->cmd);
1734 req->cmd &= 0x3f;
1737 if (sd->card_status & CARD_IS_LOCKED) {
1738 if (!cmd_valid_while_locked(sd, req->cmd)) {
1739 sd->card_status |= ILLEGAL_COMMAND;
1740 sd->expecting_acmd = false;
1741 qemu_log_mask(LOG_GUEST_ERROR, "SD: Card is locked\n");
1742 rtype = sd_illegal;
1743 goto send_response;
1747 last_state = sd->state;
1748 sd_set_mode(sd);
1750 if (sd->expecting_acmd) {
1751 sd->expecting_acmd = false;
1752 rtype = sd_app_command(sd, *req);
1753 } else {
1754 rtype = sd_normal_command(sd, *req);
1757 if (rtype == sd_illegal) {
1758 sd->card_status |= ILLEGAL_COMMAND;
1759 } else {
1760 /* Valid command, we can update the 'state before command' bits.
1761 * (Do this now so they appear in r1 responses.)
1763 sd->current_cmd = req->cmd;
1764 sd->card_status &= ~CURRENT_STATE;
1765 sd->card_status |= (last_state << 9);
1768 send_response:
1769 switch (rtype) {
1770 case sd_r1:
1771 case sd_r1b:
1772 sd_response_r1_make(sd, response);
1773 rsplen = 4;
1774 break;
1776 case sd_r2_i:
1777 memcpy(response, sd->cid, sizeof(sd->cid));
1778 rsplen = 16;
1779 break;
1781 case sd_r2_s:
1782 memcpy(response, sd->csd, sizeof(sd->csd));
1783 rsplen = 16;
1784 break;
1786 case sd_r3:
1787 sd_response_r3_make(sd, response);
1788 rsplen = 4;
1789 break;
1791 case sd_r6:
1792 sd_response_r6_make(sd, response);
1793 rsplen = 4;
1794 break;
1796 case sd_r7:
1797 sd_response_r7_make(sd, response);
1798 rsplen = 4;
1799 break;
1801 case sd_r0:
1802 case sd_illegal:
1803 rsplen = 0;
1804 break;
1805 default:
1806 g_assert_not_reached();
1808 trace_sdcard_response(sd_response_name(rtype), rsplen);
1810 if (rtype != sd_illegal) {
1811 /* Clear the "clear on valid command" status bits now we've
1812 * sent any response
1814 sd->card_status &= ~CARD_STATUS_B;
1817 #ifdef DEBUG_SD
1818 qemu_hexdump(stderr, "Response", response, rsplen);
1819 #endif
1821 return rsplen;
1824 void sd_write_byte(SDState *sd, uint8_t value)
1826 int i;
1828 if (!sd->blk || !blk_is_inserted(sd->blk) || !sd->enable)
1829 return;
1831 if (sd->state != sd_receivingdata_state) {
1832 qemu_log_mask(LOG_GUEST_ERROR,
1833 "%s: not in Receiving-Data state\n", __func__);
1834 return;
1837 if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION))
1838 return;
1840 trace_sdcard_write_data(sd->proto_name,
1841 sd_acmd_name(sd->current_cmd),
1842 sd->current_cmd, value);
1843 switch (sd->current_cmd) {
1844 case 24: /* CMD24: WRITE_SINGLE_BLOCK */
1845 sd->data[sd->data_offset ++] = value;
1846 if (sd->data_offset >= sd->blk_len) {
1847 /* TODO: Check CRC before committing */
1848 sd->state = sd_programming_state;
1849 BLK_WRITE_BLOCK(sd->data_start, sd->data_offset);
1850 sd->blk_written ++;
1851 sd->csd[14] |= 0x40;
1852 /* Bzzzzzzztt .... Operation complete. */
1853 sd->state = sd_transfer_state;
1855 break;
1857 case 25: /* CMD25: WRITE_MULTIPLE_BLOCK */
1858 if (sd->data_offset == 0) {
1859 /* Start of the block - let's check the address is valid */
1860 if (!address_in_range(sd, "WRITE_MULTIPLE_BLOCK",
1861 sd->data_start, sd->blk_len)) {
1862 break;
1864 if (sd->size <= SDSC_MAX_CAPACITY) {
1865 if (sd_wp_addr(sd, sd->data_start)) {
1866 sd->card_status |= WP_VIOLATION;
1867 break;
1871 sd->data[sd->data_offset++] = value;
1872 if (sd->data_offset >= sd->blk_len) {
1873 /* TODO: Check CRC before committing */
1874 sd->state = sd_programming_state;
1875 BLK_WRITE_BLOCK(sd->data_start, sd->data_offset);
1876 sd->blk_written++;
1877 sd->data_start += sd->blk_len;
1878 sd->data_offset = 0;
1879 sd->csd[14] |= 0x40;
1881 /* Bzzzzzzztt .... Operation complete. */
1882 if (sd->multi_blk_cnt != 0) {
1883 if (--sd->multi_blk_cnt == 0) {
1884 /* Stop! */
1885 sd->state = sd_transfer_state;
1886 break;
1890 sd->state = sd_receivingdata_state;
1892 break;
1894 case 26: /* CMD26: PROGRAM_CID */
1895 sd->data[sd->data_offset ++] = value;
1896 if (sd->data_offset >= sizeof(sd->cid)) {
1897 /* TODO: Check CRC before committing */
1898 sd->state = sd_programming_state;
1899 for (i = 0; i < sizeof(sd->cid); i ++)
1900 if ((sd->cid[i] | 0x00) != sd->data[i])
1901 sd->card_status |= CID_CSD_OVERWRITE;
1903 if (!(sd->card_status & CID_CSD_OVERWRITE))
1904 for (i = 0; i < sizeof(sd->cid); i ++) {
1905 sd->cid[i] |= 0x00;
1906 sd->cid[i] &= sd->data[i];
1908 /* Bzzzzzzztt .... Operation complete. */
1909 sd->state = sd_transfer_state;
1911 break;
1913 case 27: /* CMD27: PROGRAM_CSD */
1914 sd->data[sd->data_offset ++] = value;
1915 if (sd->data_offset >= sizeof(sd->csd)) {
1916 /* TODO: Check CRC before committing */
1917 sd->state = sd_programming_state;
1918 for (i = 0; i < sizeof(sd->csd); i ++)
1919 if ((sd->csd[i] | sd_csd_rw_mask[i]) !=
1920 (sd->data[i] | sd_csd_rw_mask[i]))
1921 sd->card_status |= CID_CSD_OVERWRITE;
1923 /* Copy flag (OTP) & Permanent write protect */
1924 if (sd->csd[14] & ~sd->data[14] & 0x60)
1925 sd->card_status |= CID_CSD_OVERWRITE;
1927 if (!(sd->card_status & CID_CSD_OVERWRITE))
1928 for (i = 0; i < sizeof(sd->csd); i ++) {
1929 sd->csd[i] |= sd_csd_rw_mask[i];
1930 sd->csd[i] &= sd->data[i];
1932 /* Bzzzzzzztt .... Operation complete. */
1933 sd->state = sd_transfer_state;
1935 break;
1937 case 42: /* CMD42: LOCK_UNLOCK */
1938 sd->data[sd->data_offset ++] = value;
1939 if (sd->data_offset >= sd->blk_len) {
1940 /* TODO: Check CRC before committing */
1941 sd->state = sd_programming_state;
1942 sd_lock_command(sd);
1943 /* Bzzzzzzztt .... Operation complete. */
1944 sd->state = sd_transfer_state;
1946 break;
1948 case 56: /* CMD56: GEN_CMD */
1949 sd->data[sd->data_offset ++] = value;
1950 if (sd->data_offset >= sd->blk_len) {
1951 APP_WRITE_BLOCK(sd->data_start, sd->data_offset);
1952 sd->state = sd_transfer_state;
1954 break;
1956 default:
1957 qemu_log_mask(LOG_GUEST_ERROR, "%s: unknown command\n", __func__);
1958 break;
1962 #define SD_TUNING_BLOCK_SIZE 64
1964 static const uint8_t sd_tuning_block_pattern[SD_TUNING_BLOCK_SIZE] = {
1965 /* See: Physical Layer Simplified Specification Version 3.01, Table 4-2 */
1966 0xff, 0x0f, 0xff, 0x00, 0x0f, 0xfc, 0xc3, 0xcc,
1967 0xc3, 0x3c, 0xcc, 0xff, 0xfe, 0xff, 0xfe, 0xef,
1968 0xff, 0xdf, 0xff, 0xdd, 0xff, 0xfb, 0xff, 0xfb,
1969 0xbf, 0xff, 0x7f, 0xff, 0x77, 0xf7, 0xbd, 0xef,
1970 0xff, 0xf0, 0xff, 0xf0, 0x0f, 0xfc, 0xcc, 0x3c,
1971 0xcc, 0x33, 0xcc, 0xcf, 0xff, 0xef, 0xff, 0xee,
1972 0xff, 0xfd, 0xff, 0xfd, 0xdf, 0xff, 0xbf, 0xff,
1973 0xbb, 0xff, 0xf7, 0xff, 0xf7, 0x7f, 0x7b, 0xde,
1976 uint8_t sd_read_byte(SDState *sd)
1978 /* TODO: Append CRCs */
1979 uint8_t ret;
1980 uint32_t io_len;
1982 if (!sd->blk || !blk_is_inserted(sd->blk) || !sd->enable)
1983 return 0x00;
1985 if (sd->state != sd_sendingdata_state) {
1986 qemu_log_mask(LOG_GUEST_ERROR,
1987 "%s: not in Sending-Data state\n", __func__);
1988 return 0x00;
1991 if (sd->card_status & (ADDRESS_ERROR | WP_VIOLATION))
1992 return 0x00;
1994 io_len = (sd->ocr & (1 << 30)) ? 512 : sd->blk_len;
1996 trace_sdcard_read_data(sd->proto_name,
1997 sd_acmd_name(sd->current_cmd),
1998 sd->current_cmd, io_len);
1999 switch (sd->current_cmd) {
2000 case 6: /* CMD6: SWITCH_FUNCTION */
2001 ret = sd->data[sd->data_offset ++];
2003 if (sd->data_offset >= 64)
2004 sd->state = sd_transfer_state;
2005 break;
2007 case 9: /* CMD9: SEND_CSD */
2008 case 10: /* CMD10: SEND_CID */
2009 ret = sd->data[sd->data_offset ++];
2011 if (sd->data_offset >= 16)
2012 sd->state = sd_transfer_state;
2013 break;
2015 case 13: /* ACMD13: SD_STATUS */
2016 ret = sd->sd_status[sd->data_offset ++];
2018 if (sd->data_offset >= sizeof(sd->sd_status))
2019 sd->state = sd_transfer_state;
2020 break;
2022 case 17: /* CMD17: READ_SINGLE_BLOCK */
2023 if (sd->data_offset == 0)
2024 BLK_READ_BLOCK(sd->data_start, io_len);
2025 ret = sd->data[sd->data_offset ++];
2027 if (sd->data_offset >= io_len)
2028 sd->state = sd_transfer_state;
2029 break;
2031 case 18: /* CMD18: READ_MULTIPLE_BLOCK */
2032 if (sd->data_offset == 0) {
2033 if (!address_in_range(sd, "READ_MULTIPLE_BLOCK",
2034 sd->data_start, io_len)) {
2035 return 0x00;
2037 BLK_READ_BLOCK(sd->data_start, io_len);
2039 ret = sd->data[sd->data_offset ++];
2041 if (sd->data_offset >= io_len) {
2042 sd->data_start += io_len;
2043 sd->data_offset = 0;
2045 if (sd->multi_blk_cnt != 0) {
2046 if (--sd->multi_blk_cnt == 0) {
2047 /* Stop! */
2048 sd->state = sd_transfer_state;
2049 break;
2053 break;
2055 case 19: /* CMD19: SEND_TUNING_BLOCK (SD) */
2056 if (sd->data_offset >= SD_TUNING_BLOCK_SIZE - 1) {
2057 sd->state = sd_transfer_state;
2059 ret = sd_tuning_block_pattern[sd->data_offset++];
2060 break;
2062 case 22: /* ACMD22: SEND_NUM_WR_BLOCKS */
2063 ret = sd->data[sd->data_offset ++];
2065 if (sd->data_offset >= 4)
2066 sd->state = sd_transfer_state;
2067 break;
2069 case 30: /* CMD30: SEND_WRITE_PROT */
2070 ret = sd->data[sd->data_offset ++];
2072 if (sd->data_offset >= 4)
2073 sd->state = sd_transfer_state;
2074 break;
2076 case 51: /* ACMD51: SEND_SCR */
2077 ret = sd->scr[sd->data_offset ++];
2079 if (sd->data_offset >= sizeof(sd->scr))
2080 sd->state = sd_transfer_state;
2081 break;
2083 case 56: /* CMD56: GEN_CMD */
2084 if (sd->data_offset == 0)
2085 APP_READ_BLOCK(sd->data_start, sd->blk_len);
2086 ret = sd->data[sd->data_offset ++];
2088 if (sd->data_offset >= sd->blk_len)
2089 sd->state = sd_transfer_state;
2090 break;
2092 default:
2093 qemu_log_mask(LOG_GUEST_ERROR, "%s: unknown command\n", __func__);
2094 return 0x00;
2097 return ret;
2100 static bool sd_receive_ready(SDState *sd)
2102 return sd->state == sd_receivingdata_state;
2105 static bool sd_data_ready(SDState *sd)
2107 return sd->state == sd_sendingdata_state;
2110 void sd_enable(SDState *sd, bool enable)
2112 sd->enable = enable;
2115 static void sd_instance_init(Object *obj)
2117 SDState *sd = SD_CARD(obj);
2119 sd->enable = true;
2120 sd->ocr_power_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, sd_ocr_powerup, sd);
2123 static void sd_instance_finalize(Object *obj)
2125 SDState *sd = SD_CARD(obj);
2127 timer_free(sd->ocr_power_timer);
2130 static void sd_realize(DeviceState *dev, Error **errp)
2132 SDState *sd = SD_CARD(dev);
2133 int ret;
2135 sd->proto_name = sd->spi ? "SPI" : "SD";
2137 switch (sd->spec_version) {
2138 case SD_PHY_SPECv1_10_VERS
2139 ... SD_PHY_SPECv3_01_VERS:
2140 break;
2141 default:
2142 error_setg(errp, "Invalid SD card Spec version: %u", sd->spec_version);
2143 return;
2146 if (sd->blk) {
2147 int64_t blk_size;
2149 if (!blk_supports_write_perm(sd->blk)) {
2150 error_setg(errp, "Cannot use read-only drive as SD card");
2151 return;
2154 blk_size = blk_getlength(sd->blk);
2155 if (blk_size > 0 && !is_power_of_2(blk_size)) {
2156 int64_t blk_size_aligned = pow2ceil(blk_size);
2157 char *blk_size_str;
2159 blk_size_str = size_to_str(blk_size);
2160 error_setg(errp, "Invalid SD card size: %s", blk_size_str);
2161 g_free(blk_size_str);
2163 blk_size_str = size_to_str(blk_size_aligned);
2164 error_append_hint(errp,
2165 "SD card size has to be a power of 2, e.g. %s.\n"
2166 "You can resize disk images with"
2167 " 'qemu-img resize <imagefile> <new-size>'\n"
2168 "(note that this will lose data if you make the"
2169 " image smaller than it currently is).\n",
2170 blk_size_str);
2171 g_free(blk_size_str);
2173 return;
2176 ret = blk_set_perm(sd->blk, BLK_PERM_CONSISTENT_READ | BLK_PERM_WRITE,
2177 BLK_PERM_ALL, errp);
2178 if (ret < 0) {
2179 return;
2181 blk_set_dev_ops(sd->blk, &sd_block_ops, sd);
2185 static Property sd_properties[] = {
2186 DEFINE_PROP_UINT8("spec_version", SDState,
2187 spec_version, SD_PHY_SPECv2_00_VERS),
2188 DEFINE_PROP_DRIVE("drive", SDState, blk),
2189 /* We do not model the chip select pin, so allow the board to select
2190 * whether card should be in SSI or MMC/SD mode. It is also up to the
2191 * board to ensure that ssi transfers only occur when the chip select
2192 * is asserted. */
2193 DEFINE_PROP_BOOL("spi", SDState, spi, false),
2194 DEFINE_PROP_END_OF_LIST()
2197 static void sd_class_init(ObjectClass *klass, void *data)
2199 DeviceClass *dc = DEVICE_CLASS(klass);
2200 SDCardClass *sc = SD_CARD_CLASS(klass);
2202 dc->realize = sd_realize;
2203 device_class_set_props(dc, sd_properties);
2204 dc->vmsd = &sd_vmstate;
2205 dc->reset = sd_reset;
2206 dc->bus_type = TYPE_SD_BUS;
2207 set_bit(DEVICE_CATEGORY_STORAGE, dc->categories);
2209 sc->set_voltage = sd_set_voltage;
2210 sc->get_dat_lines = sd_get_dat_lines;
2211 sc->get_cmd_line = sd_get_cmd_line;
2212 sc->do_command = sd_do_command;
2213 sc->write_byte = sd_write_byte;
2214 sc->read_byte = sd_read_byte;
2215 sc->receive_ready = sd_receive_ready;
2216 sc->data_ready = sd_data_ready;
2217 sc->enable = sd_enable;
2218 sc->get_inserted = sd_get_inserted;
2219 sc->get_readonly = sd_get_readonly;
2222 static const TypeInfo sd_info = {
2223 .name = TYPE_SD_CARD,
2224 .parent = TYPE_DEVICE,
2225 .instance_size = sizeof(SDState),
2226 .class_size = sizeof(SDCardClass),
2227 .class_init = sd_class_init,
2228 .instance_init = sd_instance_init,
2229 .instance_finalize = sd_instance_finalize,
2232 static void sd_register_types(void)
2234 type_register_static(&sd_info);
2237 type_init(sd_register_types)