From 281c5c95b259a0d9809977c9f407d4654c3a79aa Mon Sep 17 00:00:00 2001 From: Bin Meng Date: Sat, 23 Jan 2021 18:39:54 +0800 Subject: [PATCH 1/9] hw/sd: ssi-sd: Fix incorrect card response sequence MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Per the "Physical Layer Specification Version 8.00" chapter 7.5.1, "Command/Response", there is a minimum 8 clock cycles (Ncr) before the card response shows up on the data out line. However current implementation jumps directly to the sending response state after all 6 bytes command is received, which is a spec violation. Add a new state PREP_RESP in the ssi-sd state machine to handle it. Fixes: 775616c3ae8c ("Partial SD card SPI mode support") Signed-off-by: Bin Meng Tested-by: Pragnesh Patel Reviewed-by: Pragnesh Patel Reviewed-by: Philippe Mathieu-Daudé Message-Id: <20210123104016.17485-4-bmeng.cn@gmail.com> [PMD: Change VMState version id 2 -> 3] Signed-off-by: Philippe Mathieu-Daudé --- hw/sd/ssi-sd.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/hw/sd/ssi-sd.c b/hw/sd/ssi-sd.c index 9a75e0095c..d97646795a 100644 --- a/hw/sd/ssi-sd.c +++ b/hw/sd/ssi-sd.c @@ -36,6 +36,7 @@ do { fprintf(stderr, "ssi_sd: error: " fmt , ## __VA_ARGS__);} while (0) typedef enum { SSI_SD_CMD = 0, SSI_SD_CMDARG, + SSI_SD_PREP_RESP, SSI_SD_RESPONSE, SSI_SD_DATA_START, SSI_SD_DATA_READ, @@ -163,12 +164,16 @@ static uint32_t ssi_sd_transfer(SSIPeripheral *dev, uint32_t val) s->response[1] = status; DPRINTF("Card status 0x%02x\n", status); } - s->mode = SSI_SD_RESPONSE; + s->mode = SSI_SD_PREP_RESP; s->response_pos = 0; } else { s->cmdarg[s->arglen++] = val; } return 0xff; + case SSI_SD_PREP_RESP: + DPRINTF("Prepare card response (Ncr)\n"); + s->mode = SSI_SD_RESPONSE; + return 0xff; case SSI_SD_RESPONSE: if (s->stopping) { s->stopping = 0; @@ -224,8 +229,8 @@ static int ssi_sd_post_load(void *opaque, int version_id) static const VMStateDescription vmstate_ssi_sd = { .name = "ssi_sd", - .version_id = 2, - .minimum_version_id = 2, + .version_id = 3, + .minimum_version_id = 3, .post_load = ssi_sd_post_load, .fields = (VMStateField []) { VMSTATE_UINT32(mode, ssi_sd_state), From dec6d33849f3589426c5a14dce264d5c6f86e85b Mon Sep 17 00:00:00 2001 From: Bin Meng Date: Sat, 23 Jan 2021 18:39:55 +0800 Subject: [PATCH 2/9] hw/sd: sd: Support CMD59 for SPI mode MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit After the card is put into SPI mode, CRC check for all commands including CMD0 will be done according to CMD59 setting. But this command is currently unimplemented. Simply allow the decoding of CMD59, but the CRC remains unchecked. Signed-off-by: Bin Meng Tested-by: Pragnesh Patel Reviewed-by: Pragnesh Patel Reviewed-by: Philippe Mathieu-Daudé Message-Id: <20210123104016.17485-5-bmeng.cn@gmail.com> Signed-off-by: Philippe Mathieu-Daudé --- hw/sd/sd.c | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/hw/sd/sd.c b/hw/sd/sd.c index 4375ed5b8b..bfea5547d5 100644 --- a/hw/sd/sd.c +++ b/hw/sd/sd.c @@ -1517,18 +1517,12 @@ static sd_rsp_type_t sd_normal_command(SDState *sd, SDRequest req) if (!sd->spi) { goto bad_cmd; } - goto unimplemented_spi_cmd; + return sd_r1; default: bad_cmd: qemu_log_mask(LOG_GUEST_ERROR, "SD: Unknown CMD%i\n", req.cmd); return sd_illegal; - - unimplemented_spi_cmd: - /* Commands that are recognised but not yet implemented in SPI mode. */ - qemu_log_mask(LOG_UNIMP, "SD: CMD%i not implemented in SPI mode\n", - req.cmd); - return sd_illegal; } qemu_log_mask(LOG_GUEST_ERROR, "SD: CMD%i in a wrong state\n", req.cmd); From e9d28020d267fc76aa261537c0114d4402d678da Mon Sep 17 00:00:00 2001 From: Bin Meng Date: Sat, 23 Jan 2021 18:39:56 +0800 Subject: [PATCH 3/9] hw/sd: sd: Drop sd_crc16() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit commit f6fb1f9b319f ("sdcard: Correct CRC16 offset in sd_function_switch()") changed the 16-bit CRC to be stored at offset 64. In fact, this CRC calculation is completely wrong. From the original codes, it wants to calculate the CRC16 of the first 64 bytes of sd->data[], however passing 64 as the `width` to sd_crc16() actually counts 256 bytes starting from the `message` for the CRC16 calculation, which is not what we want. Besides that, it seems existing sd_crc16() algorithm does not match the SD spec, which says CRC16 is the CCITT one but the calculation does not produce expected result. It turns out the CRC16 was never transferred outside the sd core, as in sd_read_byte() we see: if (sd->data_offset >= 64) sd->state = sd_transfer_state; Given above reasons, let's drop it. Signed-off-by: Bin Meng Tested-by: Pragnesh Patel Reviewed-by: Pragnesh Patel Reviewed-by: Philippe Mathieu-Daudé Message-Id: <20210123104016.17485-6-bmeng.cn@gmail.com> Signed-off-by: Philippe Mathieu-Daudé --- hw/sd/sd.c | 18 ------------------ 1 file changed, 18 deletions(-) diff --git a/hw/sd/sd.c b/hw/sd/sd.c index bfea5547d5..b3952514fe 100644 --- a/hw/sd/sd.c +++ b/hw/sd/sd.c @@ -271,23 +271,6 @@ static uint8_t sd_crc7(const void *message, size_t width) return shift_reg; } -static uint16_t sd_crc16(const void *message, size_t width) -{ - int i, bit; - uint16_t shift_reg = 0x0000; - const uint16_t *msg = (const uint16_t *)message; - width <<= 1; - - for (i = 0; i < width; i ++, msg ++) - for (bit = 15; bit >= 0; bit --) { - shift_reg <<= 1; - if ((shift_reg >> 15) ^ ((*msg >> bit) & 1)) - shift_reg ^= 0x1011; - } - - return shift_reg; -} - #define OCR_POWER_DELAY_NS 500000 /* 0.5ms */ FIELD(OCR, VDD_VOLTAGE_WINDOW, 0, 24) @@ -843,7 +826,6 @@ static void sd_function_switch(SDState *sd, uint32_t arg) sd->data[16 - (i >> 1)] |= new_func << ((i % 2) * 4); } memset(&sd->data[17], 0, 47); - stw_be_p(sd->data + 64, sd_crc16(sd->data, 64)); } static inline bool sd_wp_addr(SDState *sd, uint64_t addr) From 0b73ce30604c4fc9a004338cac6a28bc3f3e2fab Mon Sep 17 00:00:00 2001 From: Bin Meng Date: Sat, 23 Jan 2021 18:39:57 +0800 Subject: [PATCH 4/9] util: Add CRC16 (CCITT) calculation routines MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Import CRC16 calculation routines from Linux kernel v5.10: include/linux/crc-ccitt.h lib/crc-ccitt.c to QEMU: include/qemu/crc-ccitt.h util/crc-ccitt.c Signed-off-by: Bin Meng Acked-by: Alistair Francis Message-Id: <20210123104016.17485-7-bmeng.cn@gmail.com> Reviewed-by: Philippe Mathieu-Daudé [PMD: Restrict compilation to system emulation] Signed-off-by: Philippe Mathieu-Daudé --- include/qemu/crc-ccitt.h | 33 ++++++++++ util/crc-ccitt.c | 127 +++++++++++++++++++++++++++++++++++++++ util/meson.build | 1 + 3 files changed, 161 insertions(+) create mode 100644 include/qemu/crc-ccitt.h create mode 100644 util/crc-ccitt.c diff --git a/include/qemu/crc-ccitt.h b/include/qemu/crc-ccitt.h new file mode 100644 index 0000000000..06ee55b159 --- /dev/null +++ b/include/qemu/crc-ccitt.h @@ -0,0 +1,33 @@ +/* + * CRC16 (CCITT) Checksum Algorithm + * + * Copyright (c) 2021 Wind River Systems, Inc. + * + * Author: + * Bin Meng + * + * From Linux kernel v5.10 include/linux/crc-ccitt.h + * + * SPDX-License-Identifier: GPL-2.0 + */ + +#ifndef _CRC_CCITT_H +#define _CRC_CCITT_H + +extern uint16_t const crc_ccitt_table[256]; +extern uint16_t const crc_ccitt_false_table[256]; + +extern uint16_t crc_ccitt(uint16_t crc, const uint8_t *buffer, size_t len); +extern uint16_t crc_ccitt_false(uint16_t crc, const uint8_t *buffer, size_t len); + +static inline uint16_t crc_ccitt_byte(uint16_t crc, const uint8_t c) +{ + return (crc >> 8) ^ crc_ccitt_table[(crc ^ c) & 0xff]; +} + +static inline uint16_t crc_ccitt_false_byte(uint16_t crc, const uint8_t c) +{ + return (crc << 8) ^ crc_ccitt_false_table[(crc >> 8) ^ c]; +} + +#endif /* _CRC_CCITT_H */ diff --git a/util/crc-ccitt.c b/util/crc-ccitt.c new file mode 100644 index 0000000000..b981d8ac55 --- /dev/null +++ b/util/crc-ccitt.c @@ -0,0 +1,127 @@ +/* + * CRC16 (CCITT) Checksum Algorithm + * + * Copyright (c) 2021 Wind River Systems, Inc. + * + * Author: + * Bin Meng + * + * From Linux kernel v5.10 lib/crc-ccitt.c + * + * SPDX-License-Identifier: GPL-2.0-only + */ + +#include "qemu/osdep.h" +#include "qemu/crc-ccitt.h" + +/* + * This mysterious table is just the CRC of each possible byte. It can be + * computed using the standard bit-at-a-time methods. The polynomial can + * be seen in entry 128, 0x8408. This corresponds to x^0 + x^5 + x^12. + * Add the implicit x^16, and you have the standard CRC-CCITT. + */ +uint16_t const crc_ccitt_table[256] = { + 0x0000, 0x1189, 0x2312, 0x329b, 0x4624, 0x57ad, 0x6536, 0x74bf, + 0x8c48, 0x9dc1, 0xaf5a, 0xbed3, 0xca6c, 0xdbe5, 0xe97e, 0xf8f7, + 0x1081, 0x0108, 0x3393, 0x221a, 0x56a5, 0x472c, 0x75b7, 0x643e, + 0x9cc9, 0x8d40, 0xbfdb, 0xae52, 0xdaed, 0xcb64, 0xf9ff, 0xe876, + 0x2102, 0x308b, 0x0210, 0x1399, 0x6726, 0x76af, 0x4434, 0x55bd, + 0xad4a, 0xbcc3, 0x8e58, 0x9fd1, 0xeb6e, 0xfae7, 0xc87c, 0xd9f5, + 0x3183, 0x200a, 0x1291, 0x0318, 0x77a7, 0x662e, 0x54b5, 0x453c, + 0xbdcb, 0xac42, 0x9ed9, 0x8f50, 0xfbef, 0xea66, 0xd8fd, 0xc974, + 0x4204, 0x538d, 0x6116, 0x709f, 0x0420, 0x15a9, 0x2732, 0x36bb, + 0xce4c, 0xdfc5, 0xed5e, 0xfcd7, 0x8868, 0x99e1, 0xab7a, 0xbaf3, + 0x5285, 0x430c, 0x7197, 0x601e, 0x14a1, 0x0528, 0x37b3, 0x263a, + 0xdecd, 0xcf44, 0xfddf, 0xec56, 0x98e9, 0x8960, 0xbbfb, 0xaa72, + 0x6306, 0x728f, 0x4014, 0x519d, 0x2522, 0x34ab, 0x0630, 0x17b9, + 0xef4e, 0xfec7, 0xcc5c, 0xddd5, 0xa96a, 0xb8e3, 0x8a78, 0x9bf1, + 0x7387, 0x620e, 0x5095, 0x411c, 0x35a3, 0x242a, 0x16b1, 0x0738, + 0xffcf, 0xee46, 0xdcdd, 0xcd54, 0xb9eb, 0xa862, 0x9af9, 0x8b70, + 0x8408, 0x9581, 0xa71a, 0xb693, 0xc22c, 0xd3a5, 0xe13e, 0xf0b7, + 0x0840, 0x19c9, 0x2b52, 0x3adb, 0x4e64, 0x5fed, 0x6d76, 0x7cff, + 0x9489, 0x8500, 0xb79b, 0xa612, 0xd2ad, 0xc324, 0xf1bf, 0xe036, + 0x18c1, 0x0948, 0x3bd3, 0x2a5a, 0x5ee5, 0x4f6c, 0x7df7, 0x6c7e, + 0xa50a, 0xb483, 0x8618, 0x9791, 0xe32e, 0xf2a7, 0xc03c, 0xd1b5, + 0x2942, 0x38cb, 0x0a50, 0x1bd9, 0x6f66, 0x7eef, 0x4c74, 0x5dfd, + 0xb58b, 0xa402, 0x9699, 0x8710, 0xf3af, 0xe226, 0xd0bd, 0xc134, + 0x39c3, 0x284a, 0x1ad1, 0x0b58, 0x7fe7, 0x6e6e, 0x5cf5, 0x4d7c, + 0xc60c, 0xd785, 0xe51e, 0xf497, 0x8028, 0x91a1, 0xa33a, 0xb2b3, + 0x4a44, 0x5bcd, 0x6956, 0x78df, 0x0c60, 0x1de9, 0x2f72, 0x3efb, + 0xd68d, 0xc704, 0xf59f, 0xe416, 0x90a9, 0x8120, 0xb3bb, 0xa232, + 0x5ac5, 0x4b4c, 0x79d7, 0x685e, 0x1ce1, 0x0d68, 0x3ff3, 0x2e7a, + 0xe70e, 0xf687, 0xc41c, 0xd595, 0xa12a, 0xb0a3, 0x8238, 0x93b1, + 0x6b46, 0x7acf, 0x4854, 0x59dd, 0x2d62, 0x3ceb, 0x0e70, 0x1ff9, + 0xf78f, 0xe606, 0xd49d, 0xc514, 0xb1ab, 0xa022, 0x92b9, 0x8330, + 0x7bc7, 0x6a4e, 0x58d5, 0x495c, 0x3de3, 0x2c6a, 0x1ef1, 0x0f78 +}; + +/* + * Similar table to calculate CRC16 variant known as CRC-CCITT-FALSE + * Reflected bits order, does not augment final value. + */ +uint16_t const crc_ccitt_false_table[256] = { + 0x0000, 0x1021, 0x2042, 0x3063, 0x4084, 0x50A5, 0x60C6, 0x70E7, + 0x8108, 0x9129, 0xA14A, 0xB16B, 0xC18C, 0xD1AD, 0xE1CE, 0xF1EF, + 0x1231, 0x0210, 0x3273, 0x2252, 0x52B5, 0x4294, 0x72F7, 0x62D6, + 0x9339, 0x8318, 0xB37B, 0xA35A, 0xD3BD, 0xC39C, 0xF3FF, 0xE3DE, + 0x2462, 0x3443, 0x0420, 0x1401, 0x64E6, 0x74C7, 0x44A4, 0x5485, + 0xA56A, 0xB54B, 0x8528, 0x9509, 0xE5EE, 0xF5CF, 0xC5AC, 0xD58D, + 0x3653, 0x2672, 0x1611, 0x0630, 0x76D7, 0x66F6, 0x5695, 0x46B4, + 0xB75B, 0xA77A, 0x9719, 0x8738, 0xF7DF, 0xE7FE, 0xD79D, 0xC7BC, + 0x48C4, 0x58E5, 0x6886, 0x78A7, 0x0840, 0x1861, 0x2802, 0x3823, + 0xC9CC, 0xD9ED, 0xE98E, 0xF9AF, 0x8948, 0x9969, 0xA90A, 0xB92B, + 0x5AF5, 0x4AD4, 0x7AB7, 0x6A96, 0x1A71, 0x0A50, 0x3A33, 0x2A12, + 0xDBFD, 0xCBDC, 0xFBBF, 0xEB9E, 0x9B79, 0x8B58, 0xBB3B, 0xAB1A, + 0x6CA6, 0x7C87, 0x4CE4, 0x5CC5, 0x2C22, 0x3C03, 0x0C60, 0x1C41, + 0xEDAE, 0xFD8F, 0xCDEC, 0xDDCD, 0xAD2A, 0xBD0B, 0x8D68, 0x9D49, + 0x7E97, 0x6EB6, 0x5ED5, 0x4EF4, 0x3E13, 0x2E32, 0x1E51, 0x0E70, + 0xFF9F, 0xEFBE, 0xDFDD, 0xCFFC, 0xBF1B, 0xAF3A, 0x9F59, 0x8F78, + 0x9188, 0x81A9, 0xB1CA, 0xA1EB, 0xD10C, 0xC12D, 0xF14E, 0xE16F, + 0x1080, 0x00A1, 0x30C2, 0x20E3, 0x5004, 0x4025, 0x7046, 0x6067, + 0x83B9, 0x9398, 0xA3FB, 0xB3DA, 0xC33D, 0xD31C, 0xE37F, 0xF35E, + 0x02B1, 0x1290, 0x22F3, 0x32D2, 0x4235, 0x5214, 0x6277, 0x7256, + 0xB5EA, 0xA5CB, 0x95A8, 0x8589, 0xF56E, 0xE54F, 0xD52C, 0xC50D, + 0x34E2, 0x24C3, 0x14A0, 0x0481, 0x7466, 0x6447, 0x5424, 0x4405, + 0xA7DB, 0xB7FA, 0x8799, 0x97B8, 0xE75F, 0xF77E, 0xC71D, 0xD73C, + 0x26D3, 0x36F2, 0x0691, 0x16B0, 0x6657, 0x7676, 0x4615, 0x5634, + 0xD94C, 0xC96D, 0xF90E, 0xE92F, 0x99C8, 0x89E9, 0xB98A, 0xA9AB, + 0x5844, 0x4865, 0x7806, 0x6827, 0x18C0, 0x08E1, 0x3882, 0x28A3, + 0xCB7D, 0xDB5C, 0xEB3F, 0xFB1E, 0x8BF9, 0x9BD8, 0xABBB, 0xBB9A, + 0x4A75, 0x5A54, 0x6A37, 0x7A16, 0x0AF1, 0x1AD0, 0x2AB3, 0x3A92, + 0xFD2E, 0xED0F, 0xDD6C, 0xCD4D, 0xBDAA, 0xAD8B, 0x9DE8, 0x8DC9, + 0x7C26, 0x6C07, 0x5C64, 0x4C45, 0x3CA2, 0x2C83, 0x1CE0, 0x0CC1, + 0xEF1F, 0xFF3E, 0xCF5D, 0xDF7C, 0xAF9B, 0xBFBA, 0x8FD9, 0x9FF8, + 0x6E17, 0x7E36, 0x4E55, 0x5E74, 0x2E93, 0x3EB2, 0x0ED1, 0x1EF0 +}; + +/** + * crc_ccitt - recompute the CRC (CRC-CCITT variant) + * for the data buffer + * + * @crc: previous CRC value + * @buffer: data pointer + * @len: number of bytes in the buffer + */ +uint16_t crc_ccitt(uint16_t crc, uint8_t const *buffer, size_t len) +{ + while (len--) { + crc = crc_ccitt_byte(crc, *buffer++); + } + return crc; +} + +/** + * crc_ccitt_false - recompute the CRC (CRC-CCITT-FALSE variant) + * for the data buffer + * + * @crc: previous CRC value + * @buffer: data pointer + * @len: number of bytes in the buffer + */ +uint16_t crc_ccitt_false(uint16_t crc, uint8_t const *buffer, size_t len) +{ + while (len--) { + crc = crc_ccitt_false_byte(crc, *buffer++); + } + return crc; +} diff --git a/util/meson.build b/util/meson.build index 540a605b78..3eccdbe596 100644 --- a/util/meson.build +++ b/util/meson.build @@ -49,6 +49,7 @@ if have_user endif if have_system + util_ss.add(files('crc-ccitt.c')) util_ss.add(when: 'CONFIG_GIO', if_true: [files('dbus.c'), gio]) util_ss.add(files('yank.c')) endif From 2d174cc38bf1e86ff0cf534510c0d097e3b23680 Mon Sep 17 00:00:00 2001 From: Bin Meng Date: Sat, 23 Jan 2021 18:39:58 +0800 Subject: [PATCH 5/9] hw/sd: ssi-sd: Suffix a data block with CRC16 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Per the SD spec, a valid data block is suffixed with a 16-bit CRC generated by the standard CCITT polynomial x16+x12+x5+1. This part is currently missing in the ssi-sd state machine. Without it, all data block transfer fails in guest software because the expected CRC16 is missing on the data out line. Fixes: 775616c3ae8c ("Partial SD card SPI mode support") Signed-off-by: Bin Meng Acked-by: Alistair Francis Reviewed-by: Philippe Mathieu-Daudé Message-Id: <20210123104016.17485-8-bmeng.cn@gmail.com> [PMD: Change VMState version id 3 -> 4, check s->mode validity in post_load()] Signed-off-by: Philippe Mathieu-Daudé --- hw/sd/ssi-sd.c | 23 ++++++++++++++++++++--- 1 file changed, 20 insertions(+), 3 deletions(-) diff --git a/hw/sd/ssi-sd.c b/hw/sd/ssi-sd.c index d97646795a..08852dc8d4 100644 --- a/hw/sd/ssi-sd.c +++ b/hw/sd/ssi-sd.c @@ -17,6 +17,7 @@ #include "hw/qdev-properties.h" #include "hw/sd/sd.h" #include "qapi/error.h" +#include "qemu/crc-ccitt.h" #include "qemu/module.h" #include "qom/object.h" @@ -40,6 +41,7 @@ typedef enum { SSI_SD_RESPONSE, SSI_SD_DATA_START, SSI_SD_DATA_READ, + SSI_SD_DATA_CRC16, } ssi_sd_mode; struct ssi_sd_state { @@ -48,6 +50,7 @@ struct ssi_sd_state { int cmd; uint8_t cmdarg[4]; uint8_t response[5]; + uint16_t crc16; int32_t arglen; int32_t response_pos; int32_t stopping; @@ -194,12 +197,24 @@ static uint32_t ssi_sd_transfer(SSIPeripheral *dev, uint32_t val) case SSI_SD_DATA_START: DPRINTF("Start read block\n"); s->mode = SSI_SD_DATA_READ; + s->response_pos = 0; return 0xfe; case SSI_SD_DATA_READ: val = sdbus_read_byte(&s->sdbus); + s->crc16 = crc_ccitt_false(s->crc16, (uint8_t *)&val, 1); if (!sdbus_data_ready(&s->sdbus)) { DPRINTF("Data read end\n"); + s->mode = SSI_SD_DATA_CRC16; + } + return val; + case SSI_SD_DATA_CRC16: + val = (s->crc16 & 0xff00) >> 8; + s->crc16 <<= 8; + s->response_pos++; + if (s->response_pos == 2) { + DPRINTF("CRC16 read end\n"); s->mode = SSI_SD_CMD; + s->response_pos = 0; } return val; } @@ -211,7 +226,7 @@ static int ssi_sd_post_load(void *opaque, int version_id) { ssi_sd_state *s = (ssi_sd_state *)opaque; - if (s->mode > SSI_SD_DATA_READ) { + if (s->mode > SSI_SD_DATA_CRC16) { return -EINVAL; } if (s->mode == SSI_SD_CMDARG && @@ -229,14 +244,15 @@ static int ssi_sd_post_load(void *opaque, int version_id) static const VMStateDescription vmstate_ssi_sd = { .name = "ssi_sd", - .version_id = 3, - .minimum_version_id = 3, + .version_id = 4, + .minimum_version_id = 4, .post_load = ssi_sd_post_load, .fields = (VMStateField []) { VMSTATE_UINT32(mode, ssi_sd_state), VMSTATE_INT32(cmd, ssi_sd_state), VMSTATE_UINT8_ARRAY(cmdarg, ssi_sd_state, 4), VMSTATE_UINT8_ARRAY(response, ssi_sd_state, 5), + VMSTATE_UINT16(crc16, ssi_sd_state), VMSTATE_INT32(arglen, ssi_sd_state), VMSTATE_INT32(response_pos, ssi_sd_state), VMSTATE_INT32(stopping, ssi_sd_state), @@ -288,6 +304,7 @@ static void ssi_sd_reset(DeviceState *dev) s->cmd = 0; memset(s->cmdarg, 0, sizeof(s->cmdarg)); memset(s->response, 0, sizeof(s->response)); + s->crc16 = 0; s->arglen = 0; s->response_pos = 0; s->stopping = 0; From 3a67cbe619179c390908bf415159290acbe96ccd Mon Sep 17 00:00:00 2001 From: Bin Meng Date: Sat, 23 Jan 2021 18:39:59 +0800 Subject: [PATCH 6/9] hw/sd: ssi-sd: Add a state representing Nac MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Per the "Physical Layer Specification Version 8.00" chapter 7.5.2, "Data Read", there is a minimum 8 clock cycles (Nac) after the card response and before data block shows up on the data out line. This applies to both single and multiple block read operations. Current implementation of single block read already satisfies the timing requirement as in the RESPONSE state after all responses are transferred the state remains unchanged. In the next 8 clock cycles it jumps to DATA_START state if data is ready. However we need an explicit state when expanding our support to multiple block read in the future. Let's add a new state PREP_DATA explicitly in the ssi-sd state machine to represent Nac. Note we don't change the single block read state machine to let it jump from RESPONSE state to DATA_START state as that effectively generates a 16 clock cycles Nac, which might not be safe. As the spec says the maximum Nac shall be calculated from several fields encoded in the CSD register, we don't want to bother updating CSD to ensure our Nac is within range to complicate things. Signed-off-by: Bin Meng Reviewed-by: Philippe Mathieu-Daudé Message-Id: <20210123104016.17485-9-bmeng.cn@gmail.com> [PMD: Change VMState version id 4 -> 5] Signed-off-by: Philippe Mathieu-Daudé --- hw/sd/ssi-sd.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/hw/sd/ssi-sd.c b/hw/sd/ssi-sd.c index 08852dc8d4..1cdaf73c29 100644 --- a/hw/sd/ssi-sd.c +++ b/hw/sd/ssi-sd.c @@ -39,6 +39,7 @@ typedef enum { SSI_SD_CMDARG, SSI_SD_PREP_RESP, SSI_SD_RESPONSE, + SSI_SD_PREP_DATA, SSI_SD_DATA_START, SSI_SD_DATA_READ, SSI_SD_DATA_CRC16, @@ -194,6 +195,10 @@ static uint32_t ssi_sd_transfer(SSIPeripheral *dev, uint32_t val) s->mode = SSI_SD_CMD; } return 0xff; + case SSI_SD_PREP_DATA: + DPRINTF("Prepare data block (Nac)\n"); + s->mode = SSI_SD_DATA_START; + return 0xff; case SSI_SD_DATA_START: DPRINTF("Start read block\n"); s->mode = SSI_SD_DATA_READ; @@ -244,8 +249,8 @@ static int ssi_sd_post_load(void *opaque, int version_id) static const VMStateDescription vmstate_ssi_sd = { .name = "ssi_sd", - .version_id = 4, - .minimum_version_id = 4, + .version_id = 5, + .minimum_version_id = 5, .post_load = ssi_sd_post_load, .fields = (VMStateField []) { VMSTATE_UINT32(mode, ssi_sd_state), From 1fb85c42ca47e48dd0cfe153db85bdfc1213aedb Mon Sep 17 00:00:00 2001 From: Bin Meng Date: Sat, 23 Jan 2021 18:40:00 +0800 Subject: [PATCH 7/9] hw/sd: ssi-sd: Fix the wrong command index for STOP_TRANSMISSION MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This fixes the wrong command index for STOP_TRANSMISSION, the required command to interrupt the multiple block read command, in the old codes. It should be CMD12 (0x4c), not CMD13 (0x4d). Fixes: 775616c3ae8c ("Partial SD card SPI mode support") Signed-off-by: Bin Meng Reviewed-by: Philippe Mathieu-Daudé Message-Id: <20210123104016.17485-10-bmeng.cn@gmail.com> Signed-off-by: Philippe Mathieu-Daudé --- hw/sd/ssi-sd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/sd/ssi-sd.c b/hw/sd/ssi-sd.c index 1cdaf73c29..12dffb6f55 100644 --- a/hw/sd/ssi-sd.c +++ b/hw/sd/ssi-sd.c @@ -83,7 +83,7 @@ static uint32_t ssi_sd_transfer(SSIPeripheral *dev, uint32_t val) ssi_sd_state *s = SSI_SD(dev); /* Special case: allow CMD12 (STOP TRANSMISSION) while reading data. */ - if (s->mode == SSI_SD_DATA_READ && val == 0x4d) { + if (s->mode == SSI_SD_DATA_READ && val == 0x4c) { s->mode = SSI_SD_CMD; /* There must be at least one byte delay before the card responds. */ s->stopping = 1; From bc1edaf2041f28d99c8ab102e14b948613080e17 Mon Sep 17 00:00:00 2001 From: Bin Meng Date: Sat, 23 Jan 2021 18:40:02 +0800 Subject: [PATCH 8/9] hw/sd: ssi-sd: Use macros for the dummy value and tokens in the transfer MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit At present the codes use hardcoded numbers (0xff/0xfe) for the dummy value and block start token. Replace them with macros. Signed-off-by: Bin Meng Reviewed-by: Alistair Francis Reviewed-by: Philippe Mathieu-Daudé Message-Id: <20210123104016.17485-12-bmeng.cn@gmail.com> Signed-off-by: Philippe Mathieu-Daudé --- hw/sd/ssi-sd.c | 26 ++++++++++++++++---------- 1 file changed, 16 insertions(+), 10 deletions(-) diff --git a/hw/sd/ssi-sd.c b/hw/sd/ssi-sd.c index 12dffb6f55..be1bb10164 100644 --- a/hw/sd/ssi-sd.c +++ b/hw/sd/ssi-sd.c @@ -78,6 +78,12 @@ OBJECT_DECLARE_SIMPLE_TYPE(ssi_sd_state, SSI_SD) #define SSI_SDR_ADDRESS_ERROR 0x2000 #define SSI_SDR_PARAMETER_ERROR 0x4000 +/* single block read/write, multiple block read */ +#define SSI_TOKEN_SINGLE 0xfe + +/* dummy value - don't care */ +#define SSI_DUMMY 0xff + static uint32_t ssi_sd_transfer(SSIPeripheral *dev, uint32_t val) { ssi_sd_state *s = SSI_SD(dev); @@ -91,14 +97,14 @@ static uint32_t ssi_sd_transfer(SSIPeripheral *dev, uint32_t val) switch (s->mode) { case SSI_SD_CMD: - if (val == 0xff) { + if (val == SSI_DUMMY) { DPRINTF("NULL command\n"); - return 0xff; + return SSI_DUMMY; } s->cmd = val & 0x3f; s->mode = SSI_SD_CMDARG; s->arglen = 0; - return 0xff; + return SSI_DUMMY; case SSI_SD_CMDARG: if (s->arglen == 4) { SDRequest request; @@ -173,15 +179,15 @@ static uint32_t ssi_sd_transfer(SSIPeripheral *dev, uint32_t val) } else { s->cmdarg[s->arglen++] = val; } - return 0xff; + return SSI_DUMMY; case SSI_SD_PREP_RESP: DPRINTF("Prepare card response (Ncr)\n"); s->mode = SSI_SD_RESPONSE; - return 0xff; + return SSI_DUMMY; case SSI_SD_RESPONSE: if (s->stopping) { s->stopping = 0; - return 0xff; + return SSI_DUMMY; } if (s->response_pos < s->arglen) { DPRINTF("Response 0x%02x\n", s->response[s->response_pos]); @@ -194,16 +200,16 @@ static uint32_t ssi_sd_transfer(SSIPeripheral *dev, uint32_t val) DPRINTF("End of command\n"); s->mode = SSI_SD_CMD; } - return 0xff; + return SSI_DUMMY; case SSI_SD_PREP_DATA: DPRINTF("Prepare data block (Nac)\n"); s->mode = SSI_SD_DATA_START; - return 0xff; + return SSI_DUMMY; case SSI_SD_DATA_START: DPRINTF("Start read block\n"); s->mode = SSI_SD_DATA_READ; s->response_pos = 0; - return 0xfe; + return SSI_TOKEN_SINGLE; case SSI_SD_DATA_READ: val = sdbus_read_byte(&s->sdbus); s->crc16 = crc_ccitt_false(s->crc16, (uint8_t *)&val, 1); @@ -224,7 +230,7 @@ static uint32_t ssi_sd_transfer(SSIPeripheral *dev, uint32_t val) return val; } /* Should never happen. */ - return 0xff; + return SSI_DUMMY; } static int ssi_sd_post_load(void *opaque, int version_id) From 3f20ccd359913013723f64e2443dd513786039f6 Mon Sep 17 00:00:00 2001 From: Bin Meng Date: Sat, 23 Jan 2021 18:40:05 +0800 Subject: [PATCH 9/9] hw/sd: sd.h: Cosmetic change of using spaces MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit QEMU coding convention prefers spaces over tabs. Signed-off-by: Bin Meng Reviewed-by: Alistair Francis Reviewed-by: Philippe Mathieu-Daudé Message-Id: <20210123104016.17485-15-bmeng.cn@gmail.com> Signed-off-by: Philippe Mathieu-Daudé --- include/hw/sd/sd.h | 42 +++++++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/include/hw/sd/sd.h b/include/hw/sd/sd.h index 59d108d453..05ef9b73e5 100644 --- a/include/hw/sd/sd.h +++ b/include/hw/sd/sd.h @@ -33,27 +33,27 @@ #include "hw/qdev-core.h" #include "qom/object.h" -#define OUT_OF_RANGE (1 << 31) -#define ADDRESS_ERROR (1 << 30) -#define BLOCK_LEN_ERROR (1 << 29) -#define ERASE_SEQ_ERROR (1 << 28) -#define ERASE_PARAM (1 << 27) -#define WP_VIOLATION (1 << 26) -#define CARD_IS_LOCKED (1 << 25) -#define LOCK_UNLOCK_FAILED (1 << 24) -#define COM_CRC_ERROR (1 << 23) -#define ILLEGAL_COMMAND (1 << 22) -#define CARD_ECC_FAILED (1 << 21) -#define CC_ERROR (1 << 20) -#define SD_ERROR (1 << 19) -#define CID_CSD_OVERWRITE (1 << 16) -#define WP_ERASE_SKIP (1 << 15) -#define CARD_ECC_DISABLED (1 << 14) -#define ERASE_RESET (1 << 13) -#define CURRENT_STATE (7 << 9) -#define READY_FOR_DATA (1 << 8) -#define APP_CMD (1 << 5) -#define AKE_SEQ_ERROR (1 << 3) +#define OUT_OF_RANGE (1 << 31) +#define ADDRESS_ERROR (1 << 30) +#define BLOCK_LEN_ERROR (1 << 29) +#define ERASE_SEQ_ERROR (1 << 28) +#define ERASE_PARAM (1 << 27) +#define WP_VIOLATION (1 << 26) +#define CARD_IS_LOCKED (1 << 25) +#define LOCK_UNLOCK_FAILED (1 << 24) +#define COM_CRC_ERROR (1 << 23) +#define ILLEGAL_COMMAND (1 << 22) +#define CARD_ECC_FAILED (1 << 21) +#define CC_ERROR (1 << 20) +#define SD_ERROR (1 << 19) +#define CID_CSD_OVERWRITE (1 << 16) +#define WP_ERASE_SKIP (1 << 15) +#define CARD_ECC_DISABLED (1 << 14) +#define ERASE_RESET (1 << 13) +#define CURRENT_STATE (7 << 9) +#define READY_FOR_DATA (1 << 8) +#define APP_CMD (1 << 5) +#define AKE_SEQ_ERROR (1 << 3) enum SDPhySpecificationVersion { SD_PHY_SPECv1_10_VERS = 1,