1
2
3
4
5
6
7
8
9
10
11
12
13#include "sysemu/block-backend.h"
14#include "sysemu/blockdev.h"
15#include "hw/ssi.h"
16#include "hw/sd.h"
17
18
19
20#ifdef DEBUG_SSI_SD
21#define DPRINTF(fmt, ...) \
22do { printf("ssi_sd: " fmt , ## __VA_ARGS__); } while (0)
23#define BADF(fmt, ...) \
24do { fprintf(stderr, "ssi_sd: error: " fmt , ## __VA_ARGS__); exit(1);} while (0)
25#else
26#define DPRINTF(fmt, ...) do {} while(0)
27#define BADF(fmt, ...) \
28do { fprintf(stderr, "ssi_sd: error: " fmt , ## __VA_ARGS__);} while (0)
29#endif
30
31typedef enum {
32 SSI_SD_CMD,
33 SSI_SD_CMDARG,
34 SSI_SD_RESPONSE,
35 SSI_SD_DATA_START,
36 SSI_SD_DATA_READ,
37} ssi_sd_mode;
38
39typedef struct {
40 SSISlave ssidev;
41 ssi_sd_mode mode;
42 int cmd;
43 uint8_t cmdarg[4];
44 uint8_t response[5];
45 int arglen;
46 int response_pos;
47 int stopping;
48 SDState *sd;
49} ssi_sd_state;
50
51
52#define SSI_SDR_LOCKED 0x0001
53#define SSI_SDR_WP_ERASE 0x0002
54#define SSI_SDR_ERROR 0x0004
55#define SSI_SDR_CC_ERROR 0x0008
56#define SSI_SDR_ECC_FAILED 0x0010
57#define SSI_SDR_WP_VIOLATION 0x0020
58#define SSI_SDR_ERASE_PARAM 0x0040
59#define SSI_SDR_OUT_OF_RANGE 0x0080
60#define SSI_SDR_IDLE 0x0100
61#define SSI_SDR_ERASE_RESET 0x0200
62#define SSI_SDR_ILLEGAL_COMMAND 0x0400
63#define SSI_SDR_COM_CRC_ERROR 0x0800
64#define SSI_SDR_ERASE_SEQ_ERROR 0x1000
65#define SSI_SDR_ADDRESS_ERROR 0x2000
66#define SSI_SDR_PARAMETER_ERROR 0x4000
67
68static uint32_t ssi_sd_transfer(SSISlave *dev, uint32_t val)
69{
70 ssi_sd_state *s = FROM_SSI_SLAVE(ssi_sd_state, dev);
71
72
73 if (s->mode == SSI_SD_DATA_READ && val == 0x4d) {
74 s->mode = SSI_SD_CMD;
75
76 s->stopping = 1;
77 }
78
79 switch (s->mode) {
80 case SSI_SD_CMD:
81 if (val == 0xff) {
82 DPRINTF("NULL command\n");
83 return 0xff;
84 }
85 s->cmd = val & 0x3f;
86 s->mode = SSI_SD_CMDARG;
87 s->arglen = 0;
88 return 0xff;
89 case SSI_SD_CMDARG:
90 if (s->arglen == 4) {
91 SDRequest request;
92 uint8_t longresp[16];
93
94 request.cmd = s->cmd;
95 request.arg = (s->cmdarg[0] << 24) | (s->cmdarg[1] << 16)
96 | (s->cmdarg[2] << 8) | s->cmdarg[3];
97 DPRINTF("CMD%d arg 0x%08x\n", s->cmd, request.arg);
98 s->arglen = sd_do_command(s->sd, &request, longresp);
99 if (s->arglen <= 0) {
100 s->arglen = 1;
101 s->response[0] = 4;
102 DPRINTF("SD command failed\n");
103 } else if (s->cmd == 58) {
104
105 DPRINTF("Returned OCR\n");
106 s->arglen = 5;
107 s->response[0] = 1;
108 memcpy(&s->response[1], longresp, 4);
109 } else if (s->arglen != 4) {
110 BADF("Unexpected response to cmd %d\n", s->cmd);
111
112 s->arglen = 1;
113 s->response[0] = 4;
114 } else {
115
116 uint32_t cardstatus;
117 uint16_t status;
118
119
120 s->arglen = (s->cmd == 13) ? 2 : 1;
121 cardstatus = (longresp[0] << 24) | (longresp[1] << 16)
122 | (longresp[2] << 8) | longresp[3];
123 status = 0;
124 if (((cardstatus >> 9) & 0xf) < 4)
125 status |= SSI_SDR_IDLE;
126 if (cardstatus & ERASE_RESET)
127 status |= SSI_SDR_ERASE_RESET;
128 if (cardstatus & ILLEGAL_COMMAND)
129 status |= SSI_SDR_ILLEGAL_COMMAND;
130 if (cardstatus & COM_CRC_ERROR)
131 status |= SSI_SDR_COM_CRC_ERROR;
132 if (cardstatus & ERASE_SEQ_ERROR)
133 status |= SSI_SDR_ERASE_SEQ_ERROR;
134 if (cardstatus & ADDRESS_ERROR)
135 status |= SSI_SDR_ADDRESS_ERROR;
136 if (cardstatus & CARD_IS_LOCKED)
137 status |= SSI_SDR_LOCKED;
138 if (cardstatus & (LOCK_UNLOCK_FAILED | WP_ERASE_SKIP))
139 status |= SSI_SDR_WP_ERASE;
140 if (cardstatus & SD_ERROR)
141 status |= SSI_SDR_ERROR;
142 if (cardstatus & CC_ERROR)
143 status |= SSI_SDR_CC_ERROR;
144 if (cardstatus & CARD_ECC_FAILED)
145 status |= SSI_SDR_ECC_FAILED;
146 if (cardstatus & WP_VIOLATION)
147 status |= SSI_SDR_WP_VIOLATION;
148 if (cardstatus & ERASE_PARAM)
149 status |= SSI_SDR_ERASE_PARAM;
150 if (cardstatus & (OUT_OF_RANGE | CID_CSD_OVERWRITE))
151 status |= SSI_SDR_OUT_OF_RANGE;
152
153
154 if (status & 0xff)
155 status |= SSI_SDR_PARAMETER_ERROR;
156 s->response[0] = status >> 8;
157 s->response[1] = status;
158 DPRINTF("Card status 0x%02x\n", status);
159 }
160 s->mode = SSI_SD_RESPONSE;
161 s->response_pos = 0;
162 } else {
163 s->cmdarg[s->arglen++] = val;
164 }
165 return 0xff;
166 case SSI_SD_RESPONSE:
167 if (s->stopping) {
168 s->stopping = 0;
169 return 0xff;
170 }
171 if (s->response_pos < s->arglen) {
172 DPRINTF("Response 0x%02x\n", s->response[s->response_pos]);
173 return s->response[s->response_pos++];
174 }
175 if (sd_data_ready(s->sd)) {
176 DPRINTF("Data read\n");
177 s->mode = SSI_SD_DATA_START;
178 } else {
179 DPRINTF("End of command\n");
180 s->mode = SSI_SD_CMD;
181 }
182 return 0xff;
183 case SSI_SD_DATA_START:
184 DPRINTF("Start read block\n");
185 s->mode = SSI_SD_DATA_READ;
186 return 0xfe;
187 case SSI_SD_DATA_READ:
188 val = sd_read_data(s->sd);
189 if (!sd_data_ready(s->sd)) {
190 DPRINTF("Data read end\n");
191 s->mode = SSI_SD_CMD;
192 }
193 return val;
194 }
195
196 return 0xff;
197}
198
199static void ssi_sd_save(QEMUFile *f, void *opaque)
200{
201 SSISlave *ss = SSI_SLAVE(opaque);
202 ssi_sd_state *s = (ssi_sd_state *)opaque;
203 int i;
204
205 qemu_put_be32(f, s->mode);
206 qemu_put_be32(f, s->cmd);
207 for (i = 0; i < 4; i++)
208 qemu_put_be32(f, s->cmdarg[i]);
209 for (i = 0; i < 5; i++)
210 qemu_put_be32(f, s->response[i]);
211 qemu_put_be32(f, s->arglen);
212 qemu_put_be32(f, s->response_pos);
213 qemu_put_be32(f, s->stopping);
214
215 qemu_put_be32(f, ss->cs);
216}
217
218static int ssi_sd_load(QEMUFile *f, void *opaque, int version_id)
219{
220 SSISlave *ss = SSI_SLAVE(opaque);
221 ssi_sd_state *s = (ssi_sd_state *)opaque;
222 int i;
223
224 if (version_id != 1)
225 return -EINVAL;
226
227 s->mode = qemu_get_be32(f);
228 s->cmd = qemu_get_be32(f);
229 for (i = 0; i < 4; i++)
230 s->cmdarg[i] = qemu_get_be32(f);
231 for (i = 0; i < 5; i++)
232 s->response[i] = qemu_get_be32(f);
233 s->arglen = qemu_get_be32(f);
234 if (s->mode == SSI_SD_CMDARG &&
235 (s->arglen < 0 || s->arglen >= ARRAY_SIZE(s->cmdarg))) {
236 return -EINVAL;
237 }
238 s->response_pos = qemu_get_be32(f);
239 s->stopping = qemu_get_be32(f);
240 if (s->mode == SSI_SD_RESPONSE &&
241 (s->response_pos < 0 || s->response_pos >= ARRAY_SIZE(s->response) ||
242 (!s->stopping && s->arglen > ARRAY_SIZE(s->response)))) {
243 return -EINVAL;
244 }
245
246 ss->cs = qemu_get_be32(f);
247
248 return 0;
249}
250
251static int ssi_sd_init(SSISlave *d)
252{
253 DeviceState *dev = DEVICE(d);
254 ssi_sd_state *s = FROM_SSI_SLAVE(ssi_sd_state, d);
255 DriveInfo *dinfo;
256
257 s->mode = SSI_SD_CMD;
258 dinfo = drive_get_next(IF_SD);
259 s->sd = sd_init(dinfo ? blk_by_legacy_dinfo(dinfo) : NULL, true);
260 if (s->sd == NULL) {
261 return -1;
262 }
263 register_savevm(dev, "ssi_sd", -1, 1, ssi_sd_save, ssi_sd_load, s);
264 return 0;
265}
266
267static void ssi_sd_class_init(ObjectClass *klass, void *data)
268{
269 SSISlaveClass *k = SSI_SLAVE_CLASS(klass);
270
271 k->init = ssi_sd_init;
272 k->transfer = ssi_sd_transfer;
273 k->cs_polarity = SSI_CS_LOW;
274}
275
276static const TypeInfo ssi_sd_info = {
277 .name = "ssi-sd",
278 .parent = TYPE_SSI_SLAVE,
279 .instance_size = sizeof(ssi_sd_state),
280 .class_init = ssi_sd_class_init,
281};
282
283static void ssi_sd_register_types(void)
284{
285 type_register_static(&ssi_sd_info);
286}
287
288type_init(ssi_sd_register_types)
289
