Patchwork [RFC,V2,1/2] hw: introduce standard SD host controller

login
register
mail settings
Submitter Mitsyanko Igor
Date April 24, 2012, 6:33 p.m.
Message ID <1335292416-19292-2-git-send-email-i.mitsyanko@samsung.com>
Download mbox | patch
Permalink /patch/154738/
State New
Headers show

Comments

Mitsyanko Igor - April 24, 2012, 6:33 p.m.
Device model for standard SD Host Controller Interface (SDHCI) compliant with
version 2.00 of SD association specification.

Signed-off-by: Peter A. G. Crosthwaite <peter.crosthwaite@petalogix.com>
Signed-off-by: Igor Mitsyanko <i.mitsyanko@samsung.com>
---
 Makefile.objs                   |    1 +
 default-configs/arm-softmmu.mak |    1 +
 hw/sdhci.c                      | 1305 +++++++++++++++++++++++++++++++++++++++
 hw/sdhci.h                      |  310 ++++++++++
 4 files changed, 1617 insertions(+), 0 deletions(-)
 create mode 100644 hw/sdhci.c
 create mode 100644 hw/sdhci.h
Peter A. G. Crosthwaite - June 7, 2012, 4:38 a.m.
Hi Igor,

Sorry about the long delay. I have this fully working for me with only a
few typo error fixes indicated inline below.

I will remake the series on top of current master, include the Zynq
platform and resend

Regards,
Peter

On Wed, Apr 25, 2012 at 4:33 AM, Igor Mitsyanko <i.mitsyanko@samsung.com>wrote:

> Device model for standard SD Host Controller Interface (SDHCI) compliant
> with
> version 2.00 of SD association specification.
>
> Signed-off-by: Peter A. G. Crosthwaite <peter.crosthwaite@petalogix.com>
> Signed-off-by: Igor Mitsyanko <i.mitsyanko@samsung.com>
> ---
>  Makefile.objs                   |    1 +
>  default-configs/arm-softmmu.mak |    1 +
>  hw/sdhci.c                      | 1305
> +++++++++++++++++++++++++++++++++++++++
>  hw/sdhci.h                      |  310 ++++++++++
>  4 files changed, 1617 insertions(+), 0 deletions(-)
>  create mode 100644 hw/sdhci.c
>  create mode 100644 hw/sdhci.h
>
> diff --git a/Makefile.objs b/Makefile.objs
> index 6d6f24d..0f0eb0f 100644
> --- a/Makefile.objs
> +++ b/Makefile.objs
> @@ -250,6 +250,7 @@ hw-obj-$(CONFIG_SMARTCARD) +=
> usb/dev-smartcard-reader.o ccid-card-passthru.o
>  hw-obj-$(CONFIG_SMARTCARD_NSS) += ccid-card-emulated.o
>  hw-obj-$(CONFIG_USB_REDIR) += usb/redirect.o
>  hw-obj-$(CONFIG_I8259) += i8259_common.o i8259.o
> +hw-obj-$(CONFIG_SDHCI) += sdhci.o
>
>  # PPC devices
>  hw-obj-$(CONFIG_PREP_PCI) += prep_pci.o
> diff --git a/default-configs/arm-softmmu.mak
> b/default-configs/arm-softmmu.mak
> index e542b4f..314784b 100644
> --- a/default-configs/arm-softmmu.mak
> +++ b/default-configs/arm-softmmu.mak
> @@ -27,3 +27,4 @@ CONFIG_SMC91C111=y
>  CONFIG_DS1338=y
>  CONFIG_PFLASH_CFI01=y
>  CONFIG_PFLASH_CFI02=y
> +CONFIG_SDHCI=y
> diff --git a/hw/sdhci.c b/hw/sdhci.c
> new file mode 100644
> index 0000000..7ace8c9
> --- /dev/null
> +++ b/hw/sdhci.c
> @@ -0,0 +1,1305 @@
> +/*
> + * SD Association Host Standard Specification v2.0 controller emulation
> + *
> + * Copyright (c) 2011 Samsung Electronics Co., Ltd.
> + * Mitsyanko Igor <i.mitsyanko@samsung.com>
> + * Peter A.G. Crosthwaite <peter.crosthwaite@petalogix.com>
> + *
> + * Based on MMC controller for Samsung S5PC1xx-based board emulation
> + * by Alexey Merkulov and Vladimir Monakhov.
> + *
> + * This program is free software; you can redistribute it and/or modify it
> + * under the terms of the GNU General Public License as published by the
> + * Free Software Foundation; either version 2 of the License, or (at your
> + * option) any later version.
> + *
> + * This program is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
> + * See the GNU General Public License for more details.
> + *
> + * You should have received a copy of the GNU General Public License along
> + * with this program; if not, see <http://www.gnu.org/licenses/>.
> + */
> +
> +#include "hw.h"
> +#include "blockdev.h"
> +#include "qemu-timer.h"
> +#include "sdhci.h"
> +#include "block_int.h"
> +
> +/* host controller debug messages */
> +#define SDHC_DEBUG                        0
> +
> +#if SDHC_DEBUG == 0
> +    #define DPRINT_L1(fmt, args...)       do { } while (0)
> +    #define DPRINT_L2(fmt, args...)       do { } while (0)
> +    #define ERRPRINT(fmt, args...)        do { } while (0)
> +#elif SDHC_DEBUG == 1
> +    #define DPRINT_L1(fmt, args...)       \
> +        do {fprintf(stderr, "QEMU SDHC: "fmt, ## args); } while (0)
> +    #define DPRINT_L2(fmt, args...)       do { } while (0)
> +    #define ERRPRINT(fmt, args...)        \
> +        do {fprintf(stderr, "QEMU SDHC ERROR: "fmt, ## args); } while (0)
> +#else
> +    #define DPRINT_L1(fmt, args...)       \
> +        do {fprintf(stderr, "QEMU SDHC: "fmt, ## args); } while (0)
> +    #define DPRINT_L2(fmt, args...)       \
> +        do {fprintf(stderr, "QEMU SDHC: "fmt, ## args); } while (0)
> +    #define ERRPRINT(fmt, args...)        \
> +        do {fprintf(stderr, "QEMU SDHC ERROR: "fmt, ## args); } while (0)
> +#endif
> +
> +/* Default SD/MMC host controller features information, which will be
> + * presented in CAPABILITIES register of generic SD host controller at
> reset.
> + * If not stated otherwise:
> + * 0 - not supported, 1 - supported, other - prohibited.
> + */
> +#define SDHC_CAPAB_64BITBUS       0ul        /* 64-bit System Bus Support
> */
> +#define SDHC_CAPAB_18V            1ul        /* Voltage support 1.8v */
> +#define SDHC_CAPAB_30V            0ul        /* Voltage support 3.0v */
> +#define SDHC_CAPAB_33V            1ul        /* Voltage support 3.3v */
> +#define SDHC_CAPAB_SUSPRESUME     0ul        /* Suspend/resume support */
> +#define SDHC_CAPAB_SDMA           1ul        /* SDMA support */
> +#define SDHC_CAPAB_HIGHSPEED      1ul        /* High speed support */
> +#define SDHC_CAPAB_ADMA1          1ul        /* ADMA1 support */
> +#define SDHC_CAPAB_ADMA2          1ul        /* ADMA2 support */
> +/* Maximum host controller R/W buffers size
> + * Possible values: 512, 1024, 2048 bytes */
> +#define SDHC_CAPAB_MAXBLOCKLENGTH 512ul
> +/* Maximum clock frequency for SDclock in MHz
> + * value in range 10-63 MHz, 0 - not defined */
> +#define SDHC_CAPAB_BASECLKFREQ    0ul
> +#define SDHC_CAPAB_TOUNIT         1ul  /* Timeout clock unit 0 - kHz, 1 -
> MHz */
> +/* Timeout clock frequency 1-63, 0 - not defined */
> +#define SDHC_CAPAB_TOCLKFREQ      0ul
> +
> +/* Now check all parameters and calculate CAPABILITIES REGISTER value */
> +#if SDHC_CAPAB_64BITBUS > 1 || SDHC_CAPAB_18V > 1 || SDHC_CAPAB_30V > 1
> ||     \
> +    SDHC_CAPAB_33V > 1 || SDHC_CAPAB_SUSPRESUME > 1 || SDHC_CAPAB_SDMA >
> 1 ||  \
> +    SDHC_CAPAB_HIGHSPEED > 1 || SDHC_CAPAB_ADMA2 > 1 || SDHC_CAPAB_ADMA1
> > 1 ||\
> +    SDHC_CAPAB_TOUNIT > 1
> +#error Capabilities features can have value 0 or 1 only!
> +#endif
> +
> +#if SDHC_CAPAB_MAXBLOCKLENGTH == 512
> +#define MAX_BLOCK_LENGTH 0ul
> +#elif SDHC_CAPAB_MAXBLOCKLENGTH == 1024
> +#define MAX_BLOCK_LENGTH 1ul
> +#elif SDHC_CAPAB_MAXBLOCKLENGTH == 2048
> +#define MAX_BLOCK_LENGTH 2ul
> +#else
> +#error Max host controller block size can have value 512, 1024 or 2048
> only!
> +#endif
> +
> +#if (SDHC_CAPAB_BASECLKFREQ > 0 && SDHC_CAPAB_BASECLKFREQ < 10) || \
> +    SDHC_CAPAB_BASECLKFREQ > 63
> +#error SDclock frequency can have value in range 0, 10-63 only!
> +#endif
> +
> +#if SDHC_CAPAB_TOCLKFREQ > 63
> +#error Timeout clock frequency can have value in range 0-63 only!
> +#endif
> +
> +#define SDHC_CAPAB_REG_DEFAULT                                 \
> +   ((SDHC_CAPAB_64BITBUS << 28) | (SDHC_CAPAB_18V << 26) |     \
> +    (SDHC_CAPAB_30V << 25) | (SDHC_CAPAB_33V << 24) |          \
> +    (SDHC_CAPAB_SUSPRESUME << 23) | (SDHC_CAPAB_SDMA << 22) |  \
> +    (SDHC_CAPAB_HIGHSPEED << 21) | (SDHC_CAPAB_ADMA1 << 20) |  \
> +    (SDHC_CAPAB_ADMA2 << 19) | (MAX_BLOCK_LENGTH << 16) |      \
> +    (SDHC_CAPAB_BASECLKFREQ << 8) | (SDHC_CAPAB_TOUNIT << 7) | \
> +    (SDHC_CAPAB_TOCLKFREQ))
> +
> +#define MASKED_WRITE(reg, mask, val)  (reg = (reg & (mask)) | (val))
> +
> +static void sdhci_raise_insertion_irq(void *opaque)
> +{
> +    SDHCIState *s = (SDHCIState *)opaque;
> +    bool int_raised = false;
> +
> +    if (s->norintsts & SDHC_NIS_REMOVE) {
> +        qemu_mod_timer(s->insert_timer,
> +                       qemu_get_clock_ns(vm_clock) +
> SDHC_INSERTION_DELAY);
> +    } else {
> +        s->prnsts = 0x1ff0000;
> +        if (s->norintstsen & SDHC_NISEN_INSERT) {
> +            s->norintsts |= SDHC_NIS_INSERT;
> +            int_raised = (s->norintsigen & SDHC_NORINTSIG_INSERT) ||
> +                    (s->wakcon & SDHC_WKUP_ON_INS);
> +        }
> +
> +        if (int_raised) {
> +            s->slotint = 1;
> +        }
> +        qemu_set_irq(s->irq, int_raised);
> +    }
> +}
> +
> +static void sdhci_insert_eject_cb(void *opaque, int irq, int level)
> +{
> +    SDHCIState *s = (SDHCIState *)opaque;
> +    DPRINT_L1("Card state changed: %s!\n", level ? "insert" : "eject");
> +    bool int_raised = false;
> +
> +    if ((s->norintsts & SDHC_NIS_REMOVE) && level) {
> +        /* Give target some time to notice card ejection */
> +        qemu_mod_timer(s->insert_timer,
> +                       qemu_get_clock_ns(vm_clock) +
> SDHC_INSERTION_DELAY);
> +    } else {
> +        if (level) {
> +            s->prnsts = 0x1ff0000;
> +            if (s->norintstsen & SDHC_NISEN_INSERT) {
> +                s->norintsts |= SDHC_NIS_INSERT;
> +                int_raised = (s->norintsigen & SDHC_NORINTSIG_INSERT) ||
> +                        (s->wakcon & SDHC_WKUP_ON_INS);
> +            }
> +        } else {
> +            s->prnsts = 0x1fa0000;
> +            s->pwrcon &= ~SDHC_POWER_ON;
> +            s->clkcon &= ~SDHC_CLOCK_SDCLK_EN;
> +            if (s->norintstsen & SDHC_NISEN_REMOVE) {
> +                s->norintsts |= SDHC_NIS_REMOVE;
> +                int_raised = (s->norintsigen & SDHC_NORINTSIG_REMOVE) ||
> +                        (s->wakcon & SDHC_WKUP_ON_RMV);
> +            }
> +        }
> +
> +        if (int_raised) {
> +            s->slotint = 1;
> +        }
> +        qemu_set_irq(s->irq, int_raised);
> +    }
> +}
> +
> +static void sdhci_card_readonly_cb(void *opaque, int irq, int level)
> +{
> +    SDHCIState *s = (SDHCIState *)opaque;
> +
> +    if (level) {
> +        s->prnsts &= ~SDHC_WRITE_PROTECT;
> +    } else {
> +        /* Write enabled */
> +        s->prnsts |= SDHC_WRITE_PROTECT;
> +    }
> +}
> +
> +static void sdhci_reset(SDHCIState *s)
> +{
> +    /* Set all registers to 0. Capabilities registers are not cleared
> +     * and assumed to always preserve their value, given to them during
> +     * initialization */
> +    memset(&s->sdmasysad, 0, (uintptr_t)&s->capareg -
> (uintptr_t)&s->sdmasysad);
> +
> +    sd_set_cb(s->card, s->ro_cb, s->eject_cb);
> +    s->data_count = 0;
> +    s->stoped_state = sdhc_not_stoped;
> +}
> +
> +static void sdhci_send_command(SDHCIState *s)
> +{
> +    SDRequest request;
> +    uint8_t response[16];
> +    int rlen;
> +
> +    s->errintsts = 0;
> +    s->acmd12errsts = 0;
> +    request.cmd = s->cmdreg >> 8;
> +    request.arg = s->argument;
> +    DPRINT_L1("sending CMD%u ARG[0x%08x]\n", request.cmd, request.arg);
> +    rlen = sd_do_command(s->card, &request, response);
> +
> +    if (s->cmdreg & SDHC_CMD_RESPONSE) {
> +        if (rlen == 4) {
> +            s->rspreg[0] = (response[0] << 24) | (response[1] << 16) |
> +                           (response[2] << 8)  |  response[3];
> +            s->rspreg[1] = s->rspreg[2] = s->rspreg[3] = 0;
> +            DPRINT_L1("Response: RSPREG[31..0]=0x%08x\n", s->rspreg[0]);
> +        } else if (rlen == 16) {
> +            s->rspreg[0] = (response[11] << 24) | (response[12] << 16) |
> +                           (response[13] << 8) |  response[14];
> +            s->rspreg[1] = (response[7] << 24) | (response[8] << 16) |
> +                           (response[9] << 8)  |  response[10];
> +            s->rspreg[2] = (response[3] << 24) | (response[4] << 16) |
> +                           (response[5] << 8)  |  response[6];
> +            s->rspreg[3] = (response[0] << 16) | (response[1] << 8) |
> +                            response[2];
> +            DPRINT_L1("Response received:\n RSPREG[127..96]=0x%08x,
> RSPREG[95.."
> +                  "64]=0x%08x,\n RSPREG[63..32]=0x%08x,
> RSPREG[31..0]=0x%08x\n",
> +                  s->rspreg[3], s->rspreg[2], s->rspreg[1], s->rspreg[0]);
> +        } else {
> +            ERRPRINT("Timeout waiting for command response\n");
> +            if (s->errintstsen & SDHC_EISEN_CMDTIMEOUT) {
> +                s->errintsts |= SDHC_EIS_CMDTIMEOUT;
> +                s->norintsts |= SDHC_NIS_ERR;
> +            }
> +        }
> +
> +        if ((s->norintstsen & SDHC_NISEN_TRSCMP) &&
> +            (s->cmdreg & SDHC_CMD_RESPONSE) == SDHC_CMD_RSP_WITH_BUSY) {
> +            s->norintsts |= SDHC_NIS_TRSCMP;
> +        }
> +    } else if (rlen != 0 && (s->errintstsen & SDHC_EISEN_CMDIDX)) {
> +        s->errintsts |= SDHC_EIS_CMDIDX;
> +        s->norintsts |= SDHC_NIS_ERR;
> +    }
> +
> +    if (s->norintstsen & SDHC_NISEN_CMDCMP) {
> +        s->norintsts |= SDHC_NIS_CMDCMP;
> +    }
> +
> +    if ((s->norintsts & s->norintsigen) || (s->errintsts &
> s->errintsigen)) {
> +        s->slotint = 1;
> +    }
> +
> +    qemu_set_irq(s->irq, s->slotint);
> +
> +    if (s->blksize && (s->cmdreg & SDHC_CMD_DATA_PRESENT)) {
> +        SDHCI_GET_CLASS(s)->start_data_transfer(s);
> +    }
> +}
> +
> +static void sdhci_end_transfer(SDHCIState *s)
> +{
> +    /* Automatically send CMD12 to stop transfer if AutoCMD12 enabled */
> +    if ((s->trnmod & SDHC_TRNS_ACMD12) != 0) {
> +        SDRequest request;
> +        uint8_t response[16];
> +
> +        request.cmd = 0x0C;
> +        request.arg = 0;
> +        DPRINT_L1("Automatically issue CMD%d %08x\n", request.cmd,
> request.arg);
> +        sd_do_command(s->card, &request, response);
> +        /* Auto CMD12 response goes to the upper Response register */
> +        s->rspreg[3] = (response[0] << 24) | (response[1] << 16) |
> +                (response[2] << 8) | response[3];
> +    }
> +
> +    s->prnsts &= ~(SDHC_DOING_READ | SDHC_DOING_WRITE |
> +            SDHC_DAT_LINE_ACTIVE | SDHC_DATA_INHIBIT |
> +            SDHC_SPACE_AVAILABLE | SDHC_DATA_AVAILABLE);
> +
> +    if (s->norintstsen & SDHC_NISEN_TRSCMP) {
> +        s->norintsts |= SDHC_NIS_TRSCMP;
> +    }
> +
> +    if (s->norintsigen & s->norintsts) {
> +        s->slotint = 1;
> +    }
> +    qemu_set_irq(s->irq, s->norintsigen & s->norintsts);
> +}
> +
> +/*
> + * Programmed i/o data transfer
> + */
> +
> +/* Fill host controller's read buffer with BLKSIZE bytes of data from
> card */
> +static void sdhci_read_block_from_card(SDHCIState *s)
> +{
> +    int index = 0;
> +
> +    if ((s->trnmod & SDHC_TRNS_MULTI) &&
> +            (s->trnmod & SDHC_TRNS_BLK_CNT_EN) && (s->blkcnt == 0)) {
> +        return;
> +    }
> +
> +    for (index = 0; index < (s->blksize & 0x0fff); index++) {
> +        s->fifo_buffer[index] = sd_read_data(s->card);
> +    }
> +
> +    /* New data now available for READ through Buffer Port Register */
> +    s->prnsts |= SDHC_DATA_AVAILABLE;
> +    if (s->norintstsen & SDHC_NISEN_RBUFRDY) {
> +        s->norintsts |= SDHC_NIS_RBUFRDY;
> +    }
> +
> +    /* Clear DAT line active status if that was the last block */
> +    if ((s->trnmod & SDHC_TRNS_MULTI) == 0 ||
> +            ((s->trnmod & SDHC_TRNS_MULTI) && s->blkcnt == 1)) {
> +        s->prnsts &= ~SDHC_DAT_LINE_ACTIVE;
> +    }
> +
> +    /* If stop at block gap request was set and it's not the last block of
> +     * data - generate Block Event interrupt */
> +    if (s->stoped_state == sdhc_gap_read && (s->trnmod & SDHC_TRNS_MULTI)
> &&
> +            s->blkcnt != 1)    {
> +        s->prnsts &= ~SDHC_DAT_LINE_ACTIVE;
> +        if (s->norintstsen & SDHC_EISEN_BLKGAP) {
> +            s->norintsts |= SDHC_EIS_BLKGAP;
> +        }
> +    }
> +
> +    if (s->norintsts & s->norintsigen) {
> +        s->slotint = 1;
> +    }
> +    qemu_set_irq(s->irq, s->norintsts & s->norintsigen);
> +}
> +
> +/* Read @size byte of data from host controller @s BUFFER DATA PORT
> register */
> +static uint32_t sdhci_read_dataport(SDHCIState *s, unsigned size)
> +{
> +    uint32_t value = 0;
> +    int i;
> +
> +    /* first check that a valid data exists in host controller input
> buffer */
> +    if ((s->prnsts & SDHC_DATA_AVAILABLE) == 0) {
> +        ERRPRINT("Trying to read from empty buffer\n");
> +        return 0;
> +    }
> +
> +    for (i = 0; i < size; i++) {
> +        value |= s->fifo_buffer[s->data_count] << i * 8;
> +        s->data_count++;
> +        /* check if we've read all valid data (blksize bytes) from buffer
> */
> +        if ((s->data_count) >= (s->blksize & 0x0fff)) {
> +            DPRINT_L2("All %u bytes of data have been read from input
> buffer\n",
> +                    s->data_count);
> +            s->prnsts &= ~SDHC_DATA_AVAILABLE; /* no more data in a
> buffer */
> +            s->data_count = 0;  /* next buff read must start at position
> [0] */
> +
> +            if (s->trnmod & SDHC_TRNS_BLK_CNT_EN) {
> +                s->blkcnt--;
> +            }
> +
> +            /* if that was the last block of data */
> +            if ((s->trnmod & SDHC_TRNS_MULTI) == 0 ||
> +                ((s->trnmod & SDHC_TRNS_MULTI) &&
> +                 (s->trnmod & SDHC_TRNS_BLK_CNT_EN) && (s->blkcnt == 0))
> ||
> +                 /* stop at gap request */
> +                (s->stoped_state == sdhc_gap_read &&
> +                 !(s->prnsts & SDHC_DAT_LINE_ACTIVE))) {
> +                SDHCI_GET_CLASS(s)->end_data_transfer(s);
> +            } else { /* if there are more data, read next block from card
> */
> +                SDHCI_GET_CLASS(s)->read_block_from_card(s);
> +            }
> +            break;
> +        }
> +    }
> +
> +    return value;
> +}
> +
> +/* Write data from host controller FIFO to card */
> +static void sdhci_write_block_to_card(SDHCIState *s)
> +{
> +    int index = 0;
> +
> +    if (s->prnsts & SDHC_SPACE_AVAILABLE) {
> +        if (s->norintstsen & SDHC_NISEN_WBUFRDY) {
> +            s->norintsts |= SDHC_NIS_WBUFRDY;
> +        }
> +        if (s->norintsts & s->norintsigen) {
> +            s->slotint = 1;
> +        }
> +        qemu_set_irq(s->irq, s->norintsigen & s->norintsts);
> +        return;
> +    }
> +
> +    if (s->trnmod & SDHC_TRNS_BLK_CNT_EN) {
> +        if (s->blkcnt == 0) {
> +            return;
> +        } else {
> +            s->blkcnt--;
> +        }
> +    }
> +
> +    for (index = 0; index < (s->blksize & 0x0fff); index++) {
> +        sd_write_data(s->card, s->fifo_buffer[index]);
> +    }
> +
> +    /* Next data can be written through BUFFER DATORT register */
> +    s->prnsts |= SDHC_SPACE_AVAILABLE;
> +    if (s->norintstsen & SDHC_NISEN_WBUFRDY) {
> +        s->norintsts |= SDHC_NIS_WBUFRDY;
> +    }
> +
> +    /* Finish transfer if that was the last block of data */
> +    if ((s->trnmod & SDHC_TRNS_MULTI) == 0 ||
> +            ((s->trnmod & SDHC_TRNS_MULTI) &&
> +            (s->trnmod & SDHC_TRNS_BLK_CNT_EN) && (s->blkcnt == 0))) {
> +        SDHCI_GET_CLASS(s)->end_data_transfer(s);
> +    }
> +
> +    /* Generate Block Gap Event if requested and if not the last block */
> +    if (s->stoped_state == sdhc_gap_write && (s->trnmod &
> SDHC_TRNS_MULTI) &&
> +            s->blkcnt > 0) {
> +        s->prnsts &= ~SDHC_DOING_WRITE;
> +        if (s->norintstsen & SDHC_EISEN_BLKGAP) {
> +            s->norintsts |= SDHC_EIS_BLKGAP;
> +        }
> +        SDHCI_GET_CLASS(s)->end_data_transfer(s);
> +    }
> +
> +    if (s->norintsts & s->norintsigen) {
> +        s->slotint = 1;
> +    }
> +    qemu_set_irq(s->irq, s->norintsigen & s->norintsts);
> +}
> +
> +/* Write @size bytes of @value data to host controller @s Buffer Data Port
> + * register */
> +static void sdhci_write_dataport(SDHCIState *s, uint32_t value, unsigned
> size)
> +{
> +    unsigned i;
> +
> +    /* Check that there is free space left in a buffer */
> +    if (!(s->prnsts & SDHC_SPACE_AVAILABLE)) {
> +        ERRPRINT("Can't write to data buffer: buffer full\n");
> +        return;
> +    }
> +
> +    for (i = 0; i < size; i++) {
> +        s->fifo_buffer[s->data_count] = value & 0xFF;
> +        s->data_count++;
> +        value >>= 8;
> +        if (s->data_count >= (s->blksize & 0x0fff)) {
> +            DPRINT_L2("write buffer filled with %u bytes of data\n",
> +                    s->data_count);
> +            s->data_count = 0;
> +            s->prnsts &= ~SDHC_SPACE_AVAILABLE;
> +            if (s->prnsts & SDHC_DOING_WRITE) {
> +                SDHCI_GET_CLASS(s)->write_block_to_card(s);
> +            }
> +        }
> +    }
> +}
> +
> +/*
> + * Single DMA data transfer
> + */
> +
> +/* Multi block SDMA transfer */
> +static void sdhci_sdma_transfer_multi_blocks(SDHCIState *s)
> +{
> +    bool page_aligned = false;
> +    unsigned int n, begin;
> +    const uint16_t block_size = s->blksize & 0x0fff;
> +    uint32_t boundary_chk = 1 << (((s->blksize & 0xf000) >> 12) + 12);
> +    uint32_t boundary_count = boundary_chk - (s->sdmasysad %
> boundary_chk);
> +
> +    /* XXX: Some sd/mmc drivers (for example, u-boot-slp) do not account
> for
> +     * possible stop at page boundary if initial address is not page
> aligned,
> +     * allow them to work properly */
> +    if ((s->sdmasysad % boundary_chk) == 0) {
> +        page_aligned = true;
> +    }
> +
> +    if (s->trnmod & SDHC_TRNS_READ) {
> +        s->prnsts |= SDHC_DOING_READ | SDHC_DATA_INHIBIT |
> +                SDHC_DAT_LINE_ACTIVE;
> +        while (s->blkcnt) {
> +            if (s->data_count == 0) {
> +                for (n = 0; n < block_size; n++) {
> +                    s->fifo_buffer[n] = sd_read_data(s->card);
> +                }
> +            }
> +            begin = s->data_count;
> +            if (((boundary_count + begin) < block_size) && page_aligned) {
> +                s->data_count = boundary_count + begin;
> +                boundary_count = 0;
> +             } else {
> +                s->data_count = block_size;
> +                boundary_count -= block_size - begin;
> +                if (s->trnmod & SDHC_TRNS_BLK_CNT_EN) {
> +                    s->blkcnt--;
> +                }
> +            }
> +            cpu_physical_memory_write(s->sdmasysad,
> &s->fifo_buffer[begin],
> +                    s->data_count - begin);
> +            s->sdmasysad += s->data_count - begin;
> +            if (s->data_count == block_size) {
> +                s->data_count = 0;
> +            }
> +            if (page_aligned && boundary_count == 0) {
> +                break;
> +            }
> +        }
> +    } else {
> +        s->prnsts |= SDHC_DOING_WRITE | SDHC_DATA_INHIBIT |
> +                SDHC_DAT_LINE_ACTIVE;
> +        while (s->blkcnt) {
> +            begin = s->data_count;
> +            if (((boundary_count + begin) < block_size) && page_aligned) {
> +                s->data_count = boundary_count + begin;
> +                boundary_count = 0;
> +             } else {
> +                s->data_count = block_size;
> +                boundary_count -= block_size - begin;
> +            }
> +            cpu_physical_memory_read(s->sdmasysad,
> +                    &s->fifo_buffer[begin], s->data_count);
> +            s->sdmasysad += s->data_count - begin;
> +            if (s->data_count == block_size) {
> +                for (n = 0; n < block_size; n++) {
> +                    sd_write_data(s->card, s->fifo_buffer[n]);
> +                }
> +                s->data_count = 0;
> +                if (s->trnmod & SDHC_TRNS_BLK_CNT_EN) {
> +                    s->blkcnt--;
> +                }
> +            }
> +            if (page_aligned && boundary_count == 0) {
> +                break;
> +            }
> +        }
> +    }
> +
> +    if (s->blkcnt == 0) {
> +        SDHCI_GET_CLASS(s)->end_data_transfer(s);
> +    } else {
> +        if (s->norintstsen & SDHC_NISEN_DMA) {
> +            s->norintsts |= SDHC_NIS_DMA;
> +        }
> +
> +        if (s->norintsts & s->norintsigen) {
> +            s->slotint = 1;
> +        }
> +        qemu_set_irq(s->irq, s->norintsigen & s->norintsts);
> +    }
> +}
> +
> +/* single block SDMA transfer */
> +static void sdhci_sdma_transfer_single_block(SDHCIState *s)
> +{
> +    int n;
> +    uint32_t datacnt = s->blksize & 0x0fff;
> +
> +    if (s->trnmod & SDHC_TRNS_READ) {
> +        for (n = 0; n < datacnt; n++) {
> +            s->fifo_buffer[n] = sd_read_data(s->card);
> +        }
> +        cpu_physical_memory_write(s->sdmasysad, s->fifo_buffer, datacnt);
> +    } else {
> +        cpu_physical_memory_read(s->sdmasysad, s->fifo_buffer, datacnt);
> +        for (n = 0; n < datacnt; n++) {
> +            sd_write_data(s->card, s->fifo_buffer[n]);
> +        }
> +    }
> +
> +    if (s->trnmod & SDHC_TRNS_BLK_CNT_EN) {
> +        s->blkcnt--;
> +    }
> +
> +    SDHCI_GET_CLASS(s)->end_data_transfer(s);
> +}
> +
> +typedef struct ADMADescr {
> +    target_phys_addr_t addr;
> +    uint16_t length;
> +    uint8_t attr;
> +    uint8_t incr;
> +} ADMADescr;
> +
> +static void get_adma_description(SDHCIState *s, ADMADescr *dscr)
> +{
> +    uint32_t adma1 = 0;
> +    uint64_t adma2 = 0;
> +    target_phys_addr_t entry_addr = (target_phys_addr_t)s->admasysaddr;
> +
> +    switch (SDHC_DMA_TYPE(s->hostctl)) {
> +    case SDHC_CTRL_ADMA2_32:
> +        cpu_physical_memory_read(entry_addr, (uint8_t *)&adma2,
> sizeof(adma2));
> +        dscr->addr = (target_phys_addr_t)((adma2 >> 32) & 0xfffffffc);
> +        dscr->length = (uint16_t)((adma2 >> 16) & 0xFFFF);
> +        dscr->attr = (uint8_t)(adma2 & 0x3F);
> +        dscr->incr = 8;
> +        break;
> +    case SDHC_CTRL_ADMA1_32:
> +        cpu_physical_memory_read(entry_addr, (uint8_t *)&adma1,
> sizeof(adma1));
> +        dscr->addr = (target_phys_addr_t)(adma1 & 0xFFFFF000);
> +        dscr->attr = (uint8_t)(adma2 & 0x3F);
>

Here, this needs to be adma1


> +        dscr->incr = 4;
> +        if ((dscr->attr & SDHC_ADMA_ATTR_ACT_MASK) ==
> SDHC_ADMA_ATTR_SET_LEN) {
> +            dscr->length = (uint16_t)((adma1 >> 12) & 0xFFFF);
> +        } else {
> +            dscr->length = 4096;
> +        }
> +        break;
> +    case SDHC_CTRL_ADMA2_64:
> +        cpu_physical_memory_read(entry_addr, (uint8_t *)(&dscr->attr), 1);
> +        cpu_physical_memory_read(entry_addr + 2, (uint8_t
> *)(&dscr->length), 2);
> +        cpu_physical_memory_read(entry_addr + 4, (uint8_t
> *)(&dscr->addr), 8);
> +        dscr->attr &= 0xfffffff8;
> +        dscr->incr = 12;
> +        break;
> +    }
> +}
> +
> +/* Advanced DMA data transfer */
> +static void sdhci_start_adma(SDHCIState *s)
> +{
> +    unsigned int n, begin, length;
> +    const uint16_t block_size = s->blksize & 0x0fff;
> +    ADMADescr dscr;
> +    s->admaerr &= ~SDHC_ADMAERR_LENGTH_MISMATCH;
> +
> +    while (1) {
> +        get_adma_description(s, &dscr);
> +        DPRINT_L2("ADMA loop: addr=" TARGET_FMT_plx ", len=%d, attr=%x\n",
> +                dscr.addr, dscr.length, dscr.attr);
> +
> +        if ((dscr.attr & SDHC_ADMA_ATTR_VALID) == 0) {
> +            /* Indicate that error occurred in ST_FDS state */
> +            s->admaerr &= ~SDHC_ADMAERR_STATE_MASK;
> +            s->admaerr |= SDHC_ADMAERR_STATE_ST_FDS;
> +
> +            /* Generate ADMA error interrupt */
> +            if (s->errintstsen & SDHC_EISEN_ADMAERR) {
> +                s->errintsts |= SDHC_EIS_ADMAERR;
> +                s->norintsts |= SDHC_NIS_ERR;
> +            }
> +
> +            if (s->errintsigen & s->errintsts) {
> +                s->slotint = 1;
> +            }
> +            qemu_set_irq(s->irq, s->errintsigen & s->errintsts);
> +            break;
> +        }
> +
> +        length = dscr.length ? dscr.length : 65536;
> +
> +        switch (dscr.attr & SDHC_ADMA_ATTR_ACT_MASK) {
> +        case SDHC_ADMA_ATTR_ACT_TRAN:  /* data transfer */
> +            if (s->trnmod & SDHC_TRNS_READ) {
> +                while (length) {
> +                    if (s->data_count == 0) {
> +                        for (n = 0; n < block_size; n++) {
> +                            s->fifo_buffer[n] = sd_read_data(s->card);
> +                        }
> +                    }
> +                    begin = s->data_count;
> +                    if ((length + begin) < block_size) {
> +                        s->data_count = length + begin;
> +                        length = 0;
> +                     } else {
> +                        s->data_count = block_size;
> +                        length -= block_size - begin;
> +                    }
> +                    cpu_physical_memory_write(dscr.addr,
> &s->fifo_buffer[begin],
> +                            s->data_count - begin);
> +                    dscr.addr += s->data_count - begin;
> +                    if (s->data_count == block_size) {
> +                        s->data_count = 0;
> +                        if (s->trnmod & SDHC_TRNS_BLK_CNT_EN) {
> +                            s->blkcnt--;
> +                            if (s->blkcnt == 0) {
> +                                break;
> +                            }
> +                        }
> +                    }
> +                }
> +            } else {
> +                while (length) {
> +                    begin = s->data_count;
> +                    if ((length + begin) < block_size) {
> +                        s->data_count = length + begin;
> +                        length = 0;
> +                     } else {
> +                        s->data_count = block_size;
> +                        length -= block_size - begin;
> +                    }
> +                    cpu_physical_memory_read(dscr.addr,
> +                            &s->fifo_buffer[begin], s->data_count);
> +                    dscr.addr += s->data_count - begin;
> +                    if (s->data_count == block_size) {
> +                        for (n = 0; n < block_size; n++) {
> +                            sd_write_data(s->card, s->fifo_buffer[n]);
> +                        }
> +                        s->data_count = 0;
> +                        if (s->trnmod & SDHC_TRNS_BLK_CNT_EN) {
> +                            s->blkcnt--;
> +                            if (s->blkcnt == 0) {
> +                                break;
> +                            }
> +                        }
> +                    }
> +                }
> +            }
> +            s->admasysaddr += dscr.incr;
> +            break;
> +        case SDHC_ADMA_ATTR_ACT_LINK:   /* link to next descriptor table
> */
> +            s->admasysaddr = dscr.addr;
> +            DPRINT_L1("ADMA link: admasysaddr=0x%lx\n", s->admasysaddr);
> +            break;
> +        default:
> +            s->admasysaddr += dscr.incr;
> +            break;
> +        }
> +
> +        /* ADMA transfer terminates if blkcnt == 0 or by END attribute */
> +        if (((s->trnmod & SDHC_TRNS_BLK_CNT_EN) &&
> +                    (s->blkcnt == 0)) || (dscr.attr &
> SDHC_ADMA_ATTR_END)) {
> +            DPRINT_L2("ADMA transfer completed\n");
> +            if (length || ((dscr.attr & SDHC_ADMA_ATTR_END) &&
> +                (s->trnmod & SDHC_TRNS_BLK_CNT_EN) &&
> +                s->blkcnt != 0) || ((s->trnmod & SDHC_TRNS_BLK_CNT_EN) &&
> +                s->blkcnt == 0 && (dscr.attr & SDHC_ADMA_ATTR_END) == 0))
> {
> +                ERRPRINT("SD/MMC host ADMA length mismatch\n");
> +                s->admaerr |= SDHC_ADMAERR_LENGTH_MISMATCH |
> +                        SDHC_ADMAERR_STATE_ST_TFR;
> +                if (s->errintstsen & SDHC_EISEN_ADMAERR) {
> +                    ERRPRINT("Set ADMA error flag\n");
> +                    s->errintsts |= SDHC_EIS_ADMAERR;
> +                    s->norintsts |= SDHC_NIS_ERR;
> +                }
> +
> +                if (s->errintsigen & s->errintsts) {
> +                    s->slotint = 1;
> +                }
> +                qemu_set_irq(s->irq, s->errintsigen & s->errintsts);
> +            }
> +            SDHCI_GET_CLASS(s)->end_data_transfer(s);
> +            break;
> +        }
> +
> +        if (dscr.attr & SDHC_ADMA_ATTR_INT) {
> +            DPRINT_L1("ADMA interrupt: admasysaddr=0x%lx\n",
> s->admasysaddr);
> +            if (s->norintstsen & SDHC_NISEN_DMA) {
> +                s->norintsts |= SDHC_NIS_DMA;
> +            }
> +
> +            if (s->norintsts & s->norintsigen) {
> +                s->slotint = 1;
> +            }
> +            qemu_set_irq(s->irq, s->norintsigen & s->norintsts);
> +            break;
> +        }
> +    }
> +}
> +
> +/* Perform data transfer according to controller configuration */
> +static void sdhci_start_transfer(SDHCIState *s)
> +{
> +    SDHCIClass *k = SDHCI_GET_CLASS(s);
> +    s->data_count = 0;
> +
> +    if (s->trnmod & SDHC_TRNS_DMA) {
> +        switch (SDHC_DMA_TYPE(s->hostctl)) {
> +        case SDHC_CTRL_SDMA:
> +            if ((s->trnmod & SDHC_TRNS_MULTI) &&
> +                    (!(s->trnmod & SDHC_TRNS_BLK_CNT_EN) || s->blkcnt ==
> 0)) {
> +                break;
> +            }
> +
> +            if ((s->blkcnt == 1) || !(s->trnmod & SDHC_TRNS_MULTI)) {
> +                k->do_sdma_single(s);
> +            } else {
> +                k->do_sdma_multi(s);
> +            }
> +
> +            break;
> +        case SDHC_CTRL_ADMA1_32:
> +            if (!(s->capareg & SDHC_CAN_DO_ADMA1)) {
> +                ERRPRINT("ADMA1 not supported\n");
> +                break;
> +            }
> +
> +            k->do_adma(s);
> +            break;
> +        case SDHC_CTRL_ADMA2_32:
> +            if (!(s->capareg & SDHC_CAN_DO_ADMA2)) {
> +                ERRPRINT("ADMA2 not supported\n");
> +                break;
> +            }
> +
> +            k->do_adma(s);
> +            break;
> +        case SDHC_CTRL_ADMA2_64:
> +            if (!(s->capareg & SDHC_CAN_DO_ADMA2) ||
> +                    !(s->capareg & SDHC_64_BIT_BUS_SUPPORT)) {
> +                ERRPRINT("64 bit ADMA not supported\n");
> +                break;
> +            }
> +
> +            k->do_adma(s);
> +            break;
> +        default:
> +            ERRPRINT("Unsupported DMA type\n");
> +            break;
> +        }
> +    } else {
> +        if ((s->trnmod & SDHC_TRNS_READ) && sd_data_ready(s->card)) {
> +            s->prnsts |= SDHC_DOING_READ | SDHC_DATA_INHIBIT |
> +                    SDHC_DAT_LINE_ACTIVE;
> +            SDHCI_GET_CLASS(s)->read_block_from_card(s);
> +        } else {
> +            s->prnsts |= SDHC_DOING_WRITE | SDHC_DAT_LINE_ACTIVE |
> +                    SDHC_SPACE_AVAILABLE | SDHC_DATA_INHIBIT;
> +            SDHCI_GET_CLASS(s)->write_block_to_card(s);
> +        }
> +    }
> +}
> +
> +static bool sdhci_can_issue_command(SDHCIState *s)
> +{
> +    if (!SDHC_CLOCK_IS_ON(s->clkcon) || !(s->pwrcon & SDHC_POWER_ON) ||
> +        (((s->prnsts & SDHC_DATA_INHIBIT) || s->stoped_state) &&
> +        ((s->cmdreg & SDHC_CMD_DATA_PRESENT) ||
> +        ((s->cmdreg & SDHC_CMD_RESPONSE) == SDHC_CMD_RSP_WITH_BUSY &&
> +        !(SDHC_COMMAND_TYPE(s->cmdreg) == SDHC_CMD_ABORT))))) {
> +        return false;
> +    }
> +
> +    return true;
> +}
> +
> +/* The Buffer Data Port register must be accessed in sequential and
> + * continuous manner */
> +static inline bool
> +sdhci_buff_access_is_sequential(SDHCIState *s, unsigned byte_num)
> +{
> +    if ((s->data_count & 0x3) != byte_num) {
> +        ERRPRINT("Non-sequential access to Buffer Data Port register"
> +                "is prohibited\n");
> +        return false;
> +    }
> +    return true;
> +}
> +
> +static uint32_t sdhci_read(SDHCIState *s, unsigned int offset, unsigned
> size)
> +{
> +    uint32_t ret = 0;
> +
> +    switch (offset & ~0x3) {
> +    case SDHC_SYSAD:
> +        ret = s->sdmasysad;
> +        break;
> +    case SDHC_BLKSIZE:
> +        ret = s->blksize | (s->blkcnt << 16);
> +        break;
> +    case SDHC_ARGUMENT:
> +        ret = s->argument;
> +        break;
> +    case SDHC_TRNMOD:
> +        ret = s->trnmod | (s->cmdreg << 16);
> +        break;
> +    case SDHC_RSPREG0 ... SDHC_RSPREG3:
> +        ret = s->rspreg[((offset & ~0x3) - SDHC_RSPREG0) >> 2];
> +        break;
> +    case  SDHC_BDATA:
> +        if (sdhci_buff_access_is_sequential(s, offset - SDHC_BDATA)) {
> +            ret = SDHCI_GET_CLASS(s)->bdata_read(s, size);
> +            DPRINT_L2("read %ub: addr[0x%04x] -> %u\n", size, offset,
> ret);
> +            return ret;
> +        }
> +        break;
> +    case SDHC_PRNSTS:
> +        ret = s->prnsts;
> +        break;
> +    case SDHC_HOSTCTL:
> +        ret = s->hostctl | (s->pwrcon << 8) | (s->blkgap << 16) |
> +              (s->wakcon << 24);
> +        break;
> +    case SDHC_CLKCON:
> +        ret = s->clkcon | (s->timeoutcon << 16);
> +        break;
> +    case SDHC_NORINTSTS:
> +        ret = s->norintsts | (s->errintsts << 16);
> +        break;
> +    case SDHC_NORINTSTSEN:
> +        ret = s->norintstsen | (s->errintstsen << 16);
> +        break;
> +    case SDHC_NORINTSIGEN:
> +        ret = s->norintsigen | (s->errintsigen << 16);
> +        break;
> +    case SDHC_ACMD12ERRSTS:
> +        ret = s->acmd12errsts;
> +        break;
> +    case SDHC_CAPAREG:
> +        ret = s->capareg;
> +        break;
> +    case SDHC_MAXCURR:
> +        ret = s->maxcurr;
> +        break;
> +    case SDHC_ADMAERR:
> +        ret =  s->admaerr;
> +        break;
> +    case SDHC_ADMASYSADDR:
> +        ret = (uint32_t)s->admasysaddr;
> +        break;
> +    case SDHC_ADMASYSADDR + 4:
> +        ret = (uint32_t)(s->admasysaddr >> 32);
> +        break;
> +    case SDHC_SLOT_INT_STATUS:
> +        ret = s->slotint | (SD_HOST_SPECv2_VERS << 16);
> +        break;
> +    default:
> +        ERRPRINT("bad %ub read: addr[0x%04x]\n", size, offset);
> +        break;
> +    }
> +
> +    ret >>= (offset & 0x3) * 8;
> +    ret &= (1ULL << (size * 8)) - 1;
> +    DPRINT_L2("read %ub: addr[0x%04x] -> %u(0x%x)\n", size, offset, ret,
> ret);
> +    return ret;
> +}
> +
> +static void sdhci_update_slotint(SDHCIState *s)
> +{
> +    if ((s->norintsts & s->norintsigen) || (s->errintsts &
> s->errintsigen) ||
> +        ((s->norintsts & SDHC_NIS_INSERT) && (s->wakcon &
> SDHC_WKUP_ON_INS)) ||
> +        ((s->norintsts & SDHC_NIS_REMOVE) && (s->wakcon &
> SDHC_WKUP_ON_RMV))) {
> +        s->slotint = 1;
> +    } else {
> +        s->slotint = 0;
> +    }
> +}
> +
> +static inline void sdhci_blkgap_write(SDHCIState *s, uint8_t value)
> +{
> +    if ((value & SDHC_STOP_AT_GAP_REQ) && (s->blkgap &
> SDHC_STOP_AT_GAP_REQ)) {
> +        return;
> +    }
> +    s->blkgap = value & SDHC_STOP_AT_GAP_REQ;
> +
> +    if ((value & SDHC_CONTINUE_REQ) && s->stoped_state &&
> +            (s->blkgap & SDHC_STOP_AT_GAP_REQ) == 0) {
> +        if (s->stoped_state == sdhc_gap_read) {
> +            s->prnsts |= SDHC_DAT_LINE_ACTIVE | SDHC_DOING_READ;
> +            SDHCI_GET_CLASS(s)->read_block_from_card(s);
> +        } else {
> +            s->prnsts |= SDHC_DAT_LINE_ACTIVE | SDHC_DOING_WRITE;
> +            SDHCI_GET_CLASS(s)->write_block_to_card(s);
> +        }
> +        s->stoped_state = sdhc_not_stoped;
> +    } else if (!s->stoped_state && (value & SDHC_STOP_AT_GAP_REQ)) {
> +        if (s->prnsts & SDHC_DOING_READ) {
> +            s->stoped_state = sdhc_gap_read;
> +        } else if (s->prnsts & SDHC_DOING_WRITE) {
> +            s->stoped_state = sdhc_gap_write;
> +        }
> +    }
> +}
> +
> +static inline void sdhci_reset_write(SDHCIState *s, uint8_t value)
> +{
> +    switch (value) {
> +    case SDHC_RESET_ALL:
> +        DEVICE_GET_CLASS(s)->reset(DEVICE(s));
> +        break;
> +    case SDHC_RESET_CMD:
> +        s->prnsts &= ~SDHC_CMD_INHIBIT;
> +        s->norintsts &= ~SDHC_NIS_CMDCMP;
> +        break;
> +    case SDHC_RESET_DATA:
> +        s->data_count = 0;
> +        s->prnsts &= ~(SDHC_SPACE_AVAILABLE | SDHC_DATA_AVAILABLE |
> +                SDHC_DOING_READ | SDHC_DOING_WRITE |
> +                SDHC_DATA_INHIBIT | SDHC_DAT_LINE_ACTIVE);
> +        s->blkgap &= ~(SDHC_STOP_AT_GAP_REQ | SDHC_CONTINUE_REQ);
> +        s->stoped_state = sdhc_not_stoped;
> +        s->norintsts &= ~(SDHC_NIS_WBUFRDY | SDHC_NIS_RBUFRDY |
> +                SDHC_NIS_DMA | SDHC_NIS_TRSCMP | SDHC_NIS_BLKGAP);
> +        break;
> +    }
> +}
> +
> +static void
> +sdhci_write(SDHCIState *s, unsigned int offset, uint32_t value, unsigned
> size)
> +{
> +    unsigned shift =  8 * (offset & 0x3);
> +    uint32_t mask = ~(((1ULL << (size * 8)) - 1) << shift);
> +    value <<= shift;
> +
> +    switch (offset & ~0x3) {
> +    case SDHC_SYSAD:
> +        s->sdmasysad = (s->sdmasysad & mask) | value;
> +        MASKED_WRITE(s->sdmasysad, mask, value);
> +        /* Writing to last byte of sdmasysad might trigger transfer */
> +        if (!(mask & 0xFF000000) && TRANSFERRING_DATA(s->prnsts) &&
> s->blkcnt &&
> +                s->blksize && SDHC_DMA_TYPE(s->hostctl) ==
> SDHC_CTRL_SDMA) {
> +            SDHCI_GET_CLASS(s)->do_sdma_multi(s);
> +        }
> +        break;
> +    case SDHC_BLKSIZE:
> +        if (!TRANSFERRING_DATA(s->prnsts)) {
> +            MASKED_WRITE(s->blksize, mask, value);
> +            MASKED_WRITE(s->blkcnt, mask >> 16, value >> 16);
> +        }
> +        break;
> +    case SDHC_ARGUMENT:
> +        MASKED_WRITE(s->argument, mask, value);
> +        break;
> +    case SDHC_TRNMOD:
> +        /* DMA can be enabled only if it is supported as indicated by
> +         * capabilities register */
> +        if (!(s->capareg & SDHC_CAN_DO_DMA)) {
> +            value &= ~SDHC_TRNS_DMA;
> +        }
> +        MASKED_WRITE(s->trnmod, mask, value);
> +        MASKED_WRITE(s->cmdreg, mask >> 16, value >> 16);
> +
> +        /* Writing to the upper byte of CMDREG triggers SD command
> generation */
> +        if ((mask & 0xFF000000) ||
> !SDHCI_GET_CLASS(s)->can_issue_command(s)) {
> +            break;
> +        }
> +
> +        SDHCI_GET_CLASS(s)->send_command(s);
> +        break;
> +    case  SDHC_BDATA:
> +        if (sdhci_buff_access_is_sequential(s, offset - SDHC_BDATA)) {
> +            SDHCI_GET_CLASS(s)->bdata_write(s, value >> shift, size);
> +        }
> +        break;
> +    case SDHC_HOSTCTL:
> +        if (!(mask & 0xFF0000)) {
> +            sdhci_blkgap_write(s, value >> 16);
> +        }
> +        MASKED_WRITE(s->hostctl, mask, value);
> +        MASKED_WRITE(s->pwrcon, mask >> 8, value >> 8);
> +        MASKED_WRITE(s->wakcon, mask >> 24, value >> 24);
> +        if (!(s->prnsts & SDHC_CARD_PRESENT) || ((s->pwrcon >> 1) & 0x7)
> < 5 ||
> +                !(s->capareg & (1 << (31 - ((s->pwrcon >> 1) & 0x7))))) {
> +            s->pwrcon &= ~SDHC_POWER_ON;
> +        }
> +        break;
> +    case SDHC_CLKCON:
> +        if (!(mask & 0xFF000000)) {
> +            sdhci_reset_write(s, value >> 24);
> +        }
> +        MASKED_WRITE(s->clkcon, mask, value);
> +        MASKED_WRITE(s->timeoutcon, mask >> 16, value >> 16);
> +        if (s->clkcon & SDHC_CLOCK_INT_EN) {
> +            s->clkcon |= SDHC_CLOCK_INT_STABLE;
> +        } else {
> +            s->clkcon &= ~SDHC_CLOCK_INT_STABLE;
> +        }
> +        break;
> +    case SDHC_NORINTSTS:
> +        if (s->norintstsen & SDHC_NISEN_CARDINT) {
> +            value &= ~SDHC_NIS_CARDINT;
> +        }
> +        s->norintsts &= mask | ~value;
> +        s->errintsts &= (mask >> 16) | ~(value >> 16);
> +        if (s->errintsts) {
> +            s->norintsts |= SDHC_NIS_ERR;
> +        } else {
> +            s->norintsts &= ~SDHC_NIS_ERR;
> +        }
> +        sdhci_update_slotint(s);
> +        qemu_set_irq(s->irq, s->slotint);
> +        break;
> +    case SDHC_NORINTSTSEN:
> +        MASKED_WRITE(s->norintstsen, mask, value);
> +        MASKED_WRITE(s->errintstsen, mask >> 16, value >> 16);
> +        s->norintsts &= s->norintstsen;
> +        s->errintsts &= s->errintstsen;
> +        if (s->errintsts) {
> +            s->norintsts |= SDHC_NIS_ERR;
> +        } else {
> +            s->norintsts &= ~SDHC_NIS_ERR;
> +        }
> +        sdhci_update_slotint(s);
> +        qemu_set_irq(s->irq, s->slotint);
> +        break;
> +    case SDHC_NORINTSIGEN:
> +        MASKED_WRITE(s->norintsigen, mask, value);
> +        MASKED_WRITE(s->errintsigen, mask >> 16, value >> 16);
> +        sdhci_update_slotint(s);
> +        qemu_set_irq(s->irq, s->slotint);
> +        break;
> +    case SDHC_ADMAERR:
> +        MASKED_WRITE(s->admaerr, mask, value);
> +        break;
> +    case SDHC_ADMASYSADDR:
> +        s->admasysaddr = (s->admasysaddr & (0xFFFFFFFF00000000ULL |
> +                (uint64_t)mask)) | (uint64_t)value;
> +        break;
> +    case SDHC_ADMASYSADDR + 4:
> +        s->admasysaddr = (s->admasysaddr & (0x00000000FFFFFFFFULL |
> +                ((uint64_t)mask << 32))) | ((uint64_t)value << 32);
> +        break;
> +    case SDHC_FEAER:
> +        s->acmd12errsts |= value;
> +        s->errintsts |= (value >> 16) & s->errintstsen;
> +        if (s->acmd12errsts) {
> +            s->errintsts |= SDHC_EIS_CMD12ERR;
> +        }
> +        if (s->errintsts) {
> +            s->norintsts |= SDHC_NIS_ERR;
> +        }
> +        if (s->errintsigen & s->errintsts) {
> +            s->slotint = 1;
> +            qemu_irq_raise(s->irq);
> +        }
> +        break;
> +    default:
> +        ERRPRINT("bad %ub write offset: addr[0x%04x] <- %u(0x%x)\n",
> +                size, offset, value >> shift, value >> shift);
> +        break;
> +    }
> +    DPRINT_L2("write %ub: addr[0x%04x] <- %u(0x%x)\n",
> +            size, offset, value >> shift, value >> shift);
> +}
> +
> +static uint64_t
> +sdhci_readfn(void *opaque, target_phys_addr_t offset, unsigned size)
> +{
> +    SDHCIState *s = (SDHCIState *)opaque;
> +
> +    return SDHCI_GET_CLASS(s)->mem_read(s, offset, size);
> +}
> +
> +static void
> +sdhci_writefn(void *opaque, target_phys_addr_t off, uint64_t val,
> unsigned sz)
> +{
> +    SDHCIState *s = (SDHCIState *)opaque;
> +
> +    SDHCI_GET_CLASS(s)->mem_write(s, off, val, sz);
> +}
> +
> +static const MemoryRegionOps sdhci_mmio_ops = {
> +    .read = sdhci_readfn,
> +    .write = sdhci_writefn,
> +    .valid = {
> +        .min_access_size = 1,
> +        .max_access_size = 4,
> +        .unaligned = false
> +    },
> +    .endianness = DEVICE_LITTLE_ENDIAN,
> +};
> +
> +static inline unsigned int sdhci_get_fifolen(SDHCIState *s)
> +{
> +    switch (SDHC_CAPAB_BLOCKSIZE(s->capareg)) {
> +    case 0:
> +        return 512;
> +    case 1:
> +        return 1024;
> +    case 2:
> +        return 2048;
> +    default:
> +        hw_error("SDHC: unsupported value for maximum block size\n");
> +        return 0;
> +    }
> +}
> +
> +static void sdhci_initfn(Object *obj)
> +{
> +    SDHCIState *s = SDHCI(obj);
> +    DriveInfo *di;
> +
> +    di = drive_get_next(IF_SD);
>

multiple sd cards do not work (well not without a complicated command
line). Im pushing a patch in the next review to allow for repeated -sd
arguments so this can repeat.


> +    s->card = sd_init(di ? di->bdrv : NULL, 0);
> +    s->eject_cb = qemu_allocate_irqs(sdhci_insert_eject_cb, s, 1)[0];
> +    s->ro_cb = qemu_allocate_irqs(sdhci_card_readonly_cb, s, 1)[0];
> +    sd_set_cb(s->card, s->ro_cb, s->eject_cb);
> +
> +    s->insert_timer = qemu_new_timer_ns(vm_clock,
> sdhci_raise_insertion_irq, s);
> +}
> +
> +static void sdhci_uninitfn(Object *obj)
> +{
> +    SDHCIState *s = SDHCI(obj);
> +
> +    if (s->fifo_buffer) {
> +        g_free(s->fifo_buffer);
> +        s->fifo_buffer = NULL;
> +    }
> +}
> +
> +const VMStateDescription sdhci_vmstate = {
> +    .name = "sdhci",
> +    .version_id = 1,
> +    .minimum_version_id = 1,
> +    .fields      = (VMStateField[]) {
> +        VMSTATE_UINT32(sdmasysad, SDHCIState),
> +        VMSTATE_UINT16(blksize, SDHCIState),
> +        VMSTATE_UINT16(blkcnt, SDHCIState),
> +        VMSTATE_UINT32(argument, SDHCIState),
> +        VMSTATE_UINT16(trnmod, SDHCIState),
> +        VMSTATE_UINT16(cmdreg, SDHCIState),
> +        VMSTATE_UINT32_ARRAY(rspreg, SDHCIState, 4),
> +        VMSTATE_UINT32(prnsts, SDHCIState),
> +        VMSTATE_UINT8(hostctl, SDHCIState),
> +        VMSTATE_UINT8(pwrcon, SDHCIState),
> +        VMSTATE_UINT8(blkgap, SDHCIState),
> +        VMSTATE_UINT8(wakcon, SDHCIState),
> +        VMSTATE_UINT16(clkcon, SDHCIState),
> +        VMSTATE_UINT8(timeoutcon, SDHCIState),
> +        VMSTATE_UINT8(admaerr, SDHCIState),
> +        VMSTATE_UINT16(norintsts, SDHCIState),
> +        VMSTATE_UINT16(errintsts, SDHCIState),
> +        VMSTATE_UINT16(norintstsen, SDHCIState),
> +        VMSTATE_UINT16(errintstsen, SDHCIState),
> +        VMSTATE_UINT16(norintsigen, SDHCIState),
> +        VMSTATE_UINT16(errintsigen, SDHCIState),
> +        VMSTATE_UINT16(acmd12errsts, SDHCIState),
> +        VMSTATE_UINT16(data_count, SDHCIState),
> +        VMSTATE_UINT16(slotint, SDHCIState),
> +        VMSTATE_UINT64(admasysaddr, SDHCIState),
> +        VMSTATE_UINT8(stoped_state, SDHCIState),
> +        VMSTATE_VBUFFER_UINT32(fifo_buffer, SDHCIState, 1, NULL, 0,
> buf_maxsz),
> +        VMSTATE_TIMER(insert_timer, SDHCIState),
> +        VMSTATE_END_OF_LIST()
> +    }
> +};
> +
> +static Property sdhci_properties[] = {
> +    DEFINE_PROP_HEX32("capareg", SDHCIState, capareg,
> +            SDHC_CAPAB_REG_DEFAULT),
> +    DEFINE_PROP_HEX32("maxcurr", SDHCIState, maxcurr, 0),
> +    DEFINE_PROP_END_OF_LIST(),
> +};
> +
> +static int sdhci_realize(SysBusDevice *busdev)
> +{
> +    SDHCIState *s = SDHCI(busdev);
> +
> +    s->buf_maxsz = sdhci_get_fifolen(s);
> +    s->fifo_buffer = g_malloc0(s->buf_maxsz);
> +    sysbus_init_irq(busdev, &s->irq);
> +    memory_region_init_io(&s->iomem, &sdhci_mmio_ops, s, "sdhci",
> +            SDHC_REGISTERS_MAP_SIZE);
> +    sysbus_init_mmio(busdev, &s->iomem);
> +    return 0;
> +}
> +
> +static void sdhci_generic_reset(DeviceState *ds)
> +{
> +    SDHCIState *s = SDHCI(ds);
> +    SDHCI_GET_CLASS(s)->reset(s);
> +}
> +
> +static void sdhci_class_init(ObjectClass *klass, void *data)
> +{
> +    DeviceClass *dc = DEVICE_CLASS(klass);
> +    SysBusDeviceClass *sbdc = SYS_BUS_DEVICE_CLASS(klass);
> +    SDHCIClass *k = SDHCI_CLASS(klass);
> +
> +    dc->vmsd = &sdhci_vmstate;
> +    dc->props = sdhci_properties;
> +    dc->reset = sdhci_generic_reset;
> +    sbdc->init = sdhci_realize;
> +
> +    k->reset = sdhci_reset;
> +    k->mem_read = sdhci_read;
> +    k->mem_write = sdhci_write;
> +    k->send_command = sdhci_send_command;
> +    k->can_issue_command = sdhci_can_issue_command;
> +    k->start_data_transfer = sdhci_start_transfer;
> +    k->end_data_transfer = sdhci_end_transfer;
> +    k->do_sdma_single = sdhci_sdma_transfer_single_block;
> +    k->do_sdma_multi = sdhci_sdma_transfer_multi_blocks;
> +    k->do_adma = sdhci_start_adma;
> +    k->read_block_from_card = sdhci_read_block_from_card;
> +    k->write_block_to_card = sdhci_write_block_to_card;
> +    k->bdata_read = sdhci_read_dataport;
> +    k->bdata_write = sdhci_write_dataport;
> +}
> +
> +static const TypeInfo sdhci_type_info = {
> +    .name = TYPE_SDHCI,
> +    .parent = TYPE_SYS_BUS_DEVICE,
> +    .instance_size = sizeof(SDHCIState),
> +    .instance_init = sdhci_initfn,
> +    .instance_finalize = sdhci_uninitfn,
> +    .class_init = sdhci_class_init,
> +    .class_size = sizeof(SDHCIClass)
> +};
> +
> +static void sdhci_register_types(void)
> +{
> +    type_register_static(&sdhci_type_info);
> +}
> +
> +type_init(sdhci_register_types)
> diff --git a/hw/sdhci.h b/hw/sdhci.h
> new file mode 100644
> index 0000000..d8bff36
> --- /dev/null
> +++ b/hw/sdhci.h
> @@ -0,0 +1,310 @@
> +/*
> + * SD Association Host Standard Specification v2.0 controller emulation
> + *
> + * Copyright (c) 2011 Samsung Electronics Co., Ltd.
> + * Mitsyanko Igor <i.mitsyanko@samsung.com>
> + * Peter A.G. Crosthwaite <peter.crosthwaite@petalogix.com>
> + *
> + * Based on MMC controller for Samsung S5PC1xx-based board emulation
> + * by Alexey Merkulov and Vladimir Monakhov.
> + *
> + * This program is free software; you can redistribute it and/or modify it
> + * under the terms of the GNU General Public License as published by the
> + * Free Software Foundation; either version 2 of the License, or (at your
> + * option) any later version.
> + *
> + * This program is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
> + * See the GNU General Public License for more details.
> + *
> + * You should have received a copy of the GNU General Public License along
> + * with this program; if not, see <http://www.gnu.org/licenses/>.
> + */
> +
> +#ifndef _SDHC_H_
> +#define _SDHC_H_
> +
> +#include "qemu-common.h"
> +#include "sysbus.h"
> +#include "sd.h"
> +
> +/* R/W SDMA System Address register 0x0 */
> +#define SDHC_SYSAD                     0x00
> +
> +/* R/W Host DMA Buffer Boundary and Transfer Block Size Register 0x0 */
> +#define SDHC_BLKSIZE                   0x04
> +
> +/* R/W Blocks count for current transfer 0x0 */
> +#define SDHC_BLKCNT                    0x06
> +
> +/* R/W Command Argument Register 0x0 */
> +#define SDHC_ARGUMENT                  0x08
> +
> +/* R/W Transfer Mode Setting Register 0x0 */
> +#define SDHC_TRNMOD                    0x0C
> +#define SDHC_TRNS_DMA                  0x0001
> +#define SDHC_TRNS_BLK_CNT_EN           0x0002
> +#define SDHC_TRNS_ACMD12               0x0004
> +#define SDHC_TRNS_READ                 0x0010
> +#define SDHC_TRNS_MULTI                0x0020
> +
> +/* R/W Command Register 0x0 */
> +#define SDHC_CMDREG                    0x0E
> +#define SDHC_CMD_RSP_WITH_BUSY         (3 << 0)
> +#define SDHC_CMD_DATA_PRESENT          (1 << 5)
> +#define SDHC_CMD_SUSPEND               (1 << 6)
> +#define SDHC_CMD_RESUME                (1 << 7)
> +#define SDHC_CMD_ABORT                 ((1 << 6)|(1 << 7))
> +#define SDHC_CMD_TYPE_MASK             ((1 << 6)|(1 << 7))
> +#define SDHC_COMMAND_TYPE(x)           ((x) & SDHC_CMD_TYPE_MASK)
> +
> +/* ROC Response Register 0 0x0 */
> +#define SDHC_RSPREG0                   0x10
> +/* ROC Response Register 1 0x0 */
> +#define SDHC_RSPREG1                   0x14
> +/* ROC Response Register 2 0x0 */
> +#define SDHC_RSPREG2                   0x18
> +/* ROC Response Register 3 0x0 */
> +#define SDHC_RSPREG3                   0x1C
> +
> +/* R/W Buffer Data Register 0x0 */
> +#define SDHC_BDATA                     0x20
> +
> +/* R/ROC Present State Register 0x000A0000 */
> +#define SDHC_PRNSTS                    0x24
> +#define SDHC_CMD_INHIBIT               0x00000001
> +#define SDHC_DATA_INHIBIT              0x00000002
> +#define SDHC_DAT_LINE_ACTIVE           0x00000004
> +#define SDHC_DOING_WRITE               0x00000100
> +#define SDHC_DOING_READ                0x00000200
> +#define SDHC_SPACE_AVAILABLE           0x00000400
> +#define SDHC_DATA_AVAILABLE            0x00000800
> +#define SDHC_CARD_PRESENT              0x00010000
> +#define SDHC_CARD_DETECT               0x00040000
> +#define SDHC_WRITE_PROTECT             0x00080000
> +#define TRANSFERRING_DATA(x)           \
> +    ((x) & (SDHC_DOING_READ | SDHC_DOING_WRITE))
> +
> +/* R/W Host control Register 0x0 */
> +#define SDHC_HOSTCTL                   0x28
> +#define SDHC_CTRL_DMA_CHECK_MASK       0x18
> +#define SDHC_CTRL_SDMA                 0x00
> +#define SDHC_CTRL_ADMA1_32             0x01
>

here, this needs to be 0x08


> +#define SDHC_CTRL_ADMA2_32             0x10
> +#define SDHC_CTRL_ADMA2_64             0x18
> +#define SDHC_DMA_TYPE(x)               ((x) & SDHC_CTRL_DMA_CHECK_MASK)
> +
> +/* R/W Power Control Register 0x0 */
> +#define SDHC_PWRCON                    0x29
> +#define SDHC_POWER_ON                  (1 << 0)
> +
> +/* R/W Block Gap Control Register 0x0 */
> +#define SDHC_BLKGAP                    0x2A
> +#define SDHC_STOP_AT_GAP_REQ           0x01
> +#define SDHC_CONTINUE_REQ              0x02
> +
> +/* R/W WakeUp Control Register 0x0 */
> +#define SDHC_WAKCON                    0x2B
> +#define SDHC_WKUP_ON_INS               (1 << 1)
> +#define SDHC_WKUP_ON_RMV               (1 << 2)
> +
> +/* CLKCON */
> +#define SDHC_CLKCON                    0x2C
> +#define SDHC_CLOCK_INT_STABLE          0x0002
> +#define SDHC_CLOCK_INT_EN              0x0001
> +#define SDHC_CLOCK_SDCLK_EN            (1 << 2)
> +#define SDHC_CLOCK_CHK_MASK            0x0007
> +#define SDHC_CLOCK_IS_ON(x)            \
> +    (((x) & SDHC_CLOCK_CHK_MASK) == SDHC_CLOCK_CHK_MASK)
> +
> +/* R/W Timeout Control Register 0x0 */
> +#define SDHC_TIMEOUTCON                0x2E
> +
> +/* R/W Software Reset Register 0x0 */
> +#define SDHC_SWRST                     0x2F
> +#define SDHC_RESET_ALL                 0x01
> +#define SDHC_RESET_CMD                 0x02
> +#define SDHC_RESET_DATA                0x04
> +
> +/* ROC/RW1C Normal Interrupt Status Register 0x0 */
> +#define SDHC_NORINTSTS                 0x30
> +#define SDHC_NIS_ERR                   0x8000
> +#define SDHC_NIS_CMDCMP                0x0001
> +#define SDHC_NIS_TRSCMP                0x0002
> +#define SDHC_NIS_BLKGAP                0x0004
> +#define SDHC_NIS_DMA                   0x0008
> +#define SDHC_NIS_WBUFRDY               0x0010
> +#define SDHC_NIS_RBUFRDY               0x0020
> +#define SDHC_NIS_INSERT                0x0040
> +#define SDHC_NIS_REMOVE                0x0080
> +#define SDHC_NIS_CARDINT               0x0100
> +
> +/* ROC/RW1C Error Interrupt Status Register 0x0 */
> +#define SDHC_ERRINTSTS                 0x32
> +#define SDHC_EIS_CMDTIMEOUT            0x0001
> +#define SDHC_EIS_BLKGAP                0x0004
> +#define SDHC_EIS_CMDIDX                0x0008
> +#define SDHC_EIS_CMD12ERR              0x0100
> +#define SDHC_EIS_ADMAERR               0x0200
> +
> +/* R/W Normal Interrupt Status Enable Register 0x0 */
> +#define SDHC_NORINTSTSEN               0x34
> +#define SDHC_NISEN_CMDCMP              0x0001
> +#define SDHC_NISEN_TRSCMP              0x0002
> +#define SDHC_NISEN_DMA                 0x0008
> +#define SDHC_NISEN_WBUFRDY             0x0010
> +#define SDHC_NISEN_RBUFRDY             0x0020
> +#define SDHC_NISEN_INSERT              0x0040
> +#define SDHC_NISEN_REMOVE              0x0080
> +#define SDHC_NISEN_CARDINT             0x0100
> +
> +/* R/W Error Interrupt Status Enable Register 0x0 */
> +#define SDHC_ERRINTSTSEN               0x36
> +#define SDHC_EISEN_CMDTIMEOUT          0x0001
> +#define SDHC_EISEN_BLKGAP              0x0004
> +#define SDHC_EISEN_CMDIDX              0x0008
> +#define SDHC_EISEN_ADMAERR             0x0200
> +
> +/* R/W Normal Interrupt Signal Enable Register 0x0 */
> +#define SDHC_NORINTSIGEN               0x38
> +#define SDHC_NORINTSIG_INSERT          (1 << 6)
> +#define SDHC_NORINTSIG_REMOVE          (1 << 7)
> +
> +/* R/W Error Interrupt Signal Enable Register 0x0 */
> +#define SDHC_ERRINTSIGEN               0x3A
> +
> +/* ROC Auto CMD12 error status register 0x0 */
> +#define SDHC_ACMD12ERRSTS              0x3C
> +
> +/* HWInit Capabilities Register 0x05E80080 */
> +#define SDHC_CAPAREG                   0x40
> +#define SDHC_CAN_DO_DMA                0x00400000
> +#define SDHC_CAN_DO_ADMA2              0x00080000
> +#define SDHC_CAN_DO_ADMA1              0x00100000
> +#define SDHC_64_BIT_BUS_SUPPORT        (1 << 28)
> +#define SDHC_CAPAB_BLOCKSIZE(x)        (((x) >> 16) & 0x3)
> +
> +/* HWInit Maximum Current Capabilities Register 0x0 */
> +#define SDHC_MAXCURR                   0x48
> +
> +/* W Force Event Auto CMD12 Error Interrupt Register 0x0000 */
> +#define SDHC_FEAER                     0x50
> +/* W Force Event Error Interrupt Register Error Interrupt 0x0000 */
> +#define SDHC_FEERR                     0x52
> +
> +/* R/W ADMA Error Status Register 0x00 */
> +#define SDHC_ADMAERR                   0x54
> +#define SDHC_ADMAERR_LENGTH_MISMATCH   (1 << 2)
> +#define SDHC_ADMAERR_STATE_ST_STOP     (0 << 0)
> +#define SDHC_ADMAERR_STATE_ST_FDS      (1 << 0)
> +#define SDHC_ADMAERR_STATE_ST_TFR      (3 << 0)
> +#define SDHC_ADMAERR_STATE_MASK        (3 << 0)
> +
> +/* R/W ADMA System Address Register 0x00 */
> +#define SDHC_ADMASYSADDR               0x58
> +#define SDHC_ADMA_ATTR_SET_LEN         (1 << 4)
> +#define SDHC_ADMA_ATTR_ACT_TRAN        (1 << 5)
> +#define SDHC_ADMA_ATTR_ACT_LINK        (3 << 4)
> +#define SDHC_ADMA_ATTR_INT             (1 << 2)
> +#define SDHC_ADMA_ATTR_END             (1 << 1)
> +#define SDHC_ADMA_ATTR_VALID           (1 << 0)
> +#define SDHC_ADMA_ATTR_ACT_MASK        ((1 << 4)|(1 << 5))
> +
> +/* Slot interrupt status */
> +#define SDHC_SLOT_INT_STATUS            0xFC
> +
> +/* HWInit Host Controller Version Register 0x0401 */
> +#define SDHC_HCVER                      0xFE
> +#define SD_HOST_SPECv2_VERS             0x2401
> +
> +#define SDHC_REGISTERS_MAP_SIZE         0x100
> +#define SDHC_INSERTION_DELAY            (get_ticks_per_sec())
> +#define SDHC_CMD_RESPONSE               (3 << 0)
> +
> +enum {
> +    sdhc_not_stoped = 0,  /* normal SDHC state */
> +    sdhc_gap_read   = 1,  /* SDHC stopped at block gap during read
> operation */
> +    sdhc_gap_write  = 2   /* SDHC stopped at block gap during write
> operation */
> +};
> +
> +/* SD/MMC host controller state */
> +typedef struct SDHCIState {
> +    SysBusDevice busdev;
> +    SDState *card;
> +    MemoryRegion iomem;
> +
> +    QEMUTimer *insert_timer;       /* timer for 'changing' sd card. */
> +    qemu_irq eject_cb;
> +    qemu_irq ro_cb;
> +    qemu_irq irq;
> +
> +    uint32_t sdmasysad;    /* SDMA System Address register */
> +    uint16_t blksize;      /* Host DMA Buff Boundary and Transfer BlkSize
> Reg */
> +    uint16_t blkcnt;       /* Blocks count for current transfer */
> +    uint32_t argument;     /* Command Argument Register */
> +    uint16_t trnmod;       /* Transfer Mode Setting Register */
> +    uint16_t cmdreg;       /* Command Register */
> +    uint32_t rspreg[4];    /* Response Registers 0-3 */
> +    uint32_t prnsts;       /* Present State Register */
> +    uint8_t  hostctl;      /* Host Control Register */
> +    uint8_t  pwrcon;       /* Power control Register */
> +    uint8_t  blkgap;       /* Block Gap Control Register */
> +    uint8_t  wakcon;       /* WakeUp Control Register */
> +    uint16_t clkcon;       /* Clock control Register */
> +    uint8_t  timeoutcon;   /* Timeout Control Register */
> +    uint8_t  admaerr;      /* ADMA Error Status Register */
> +    uint16_t norintsts;    /* Normal Interrupt Status Register */
> +    uint16_t errintsts;    /* Error Interrupt Status Register */
> +    uint16_t norintstsen;  /* Normal Interrupt Status Enable Register */
> +    uint16_t errintstsen;  /* Error Interrupt Status Enable Register */
> +    uint16_t norintsigen;  /* Normal Interrupt Signal Enable Register */
> +    uint16_t errintsigen;  /* Error Interrupt Signal Enable Register */
> +    uint16_t acmd12errsts; /* Auto CMD12 error status register */
> +    uint16_t slotint;      /* Slot interrupt status register */
> +    uint64_t admasysaddr;  /* ADMA System Address Register */
> +
> +    uint32_t capareg;      /* Capabilities Register */
> +    uint32_t maxcurr;      /* Maximum Current Capabilities Register */
> +    uint8_t  *fifo_buffer; /* SD host i/o FIFO buffer */
> +    uint32_t buf_maxsz;
> +    uint16_t data_count;   /* current element in FIFO buffer */
> +    uint8_t  stoped_state; /* Current SDHC state */
> +    /* Buffer Data Port Register - virtual access point to R and W
> buffers */
> +    /* Software Reset Register - always reads as 0 */
> +    /* Force Event Auto CMD12 Error Interrupt Reg - write only */
> +    /* Force Event Error Interrupt Register- write only */
> +    /* RO Host Controller Version Register always reads as 0x2401 */
> +} SDHCIState;
> +
> +typedef struct SDHCIClass {
> +    SysBusDeviceClass busdev_class;
> +
> +    void (*reset)(SDHCIState *s);
> +    uint32_t (*mem_read)(SDHCIState *s, unsigned int offset, unsigned
> size);
> +    void (*mem_write)(SDHCIState *s, unsigned int offset, uint32_t value,
> +            unsigned size);
> +    void (*send_command)(SDHCIState *s);
> +    bool (*can_issue_command)(SDHCIState *s);
> +    void (*start_data_transfer)(SDHCIState *s);
> +    void (*end_data_transfer)(SDHCIState *s);
> +    void (*do_sdma_single)(SDHCIState *s);
> +    void (*do_sdma_multi)(SDHCIState *s);
> +    void (*do_adma)(SDHCIState *s);
> +    void (*read_block_from_card)(SDHCIState *s);
> +    void (*write_block_to_card)(SDHCIState *s);
> +    uint32_t (*bdata_read)(SDHCIState *s, unsigned size);
> +    void (*bdata_write)(SDHCIState *s, uint32_t value, unsigned size);
> +} SDHCIClass;
> +
> +extern const VMStateDescription sdhci_vmstate;
> +
> +#define TYPE_SDHCI            "sdhci"
> +#define SDHCI(obj)            \
> +     OBJECT_CHECK(SDHCIState, (obj), TYPE_SDHCI)
> +#define SDHCI_CLASS(klass)    \
> +     OBJECT_CLASS_CHECK(SDHCIClass, (klass), TYPE_SDHCI)
> +#define SDHCI_GET_CLASS(obj)  \
> +     OBJECT_GET_CLASS(SDHCIClass, (obj), TYPE_SDHCI)
> +
> +#endif /* _SDHC_H_ */
> --
> 1.7.4.1
>
>

Patch

diff --git a/Makefile.objs b/Makefile.objs
index 6d6f24d..0f0eb0f 100644
--- a/Makefile.objs
+++ b/Makefile.objs
@@ -250,6 +250,7 @@  hw-obj-$(CONFIG_SMARTCARD) += usb/dev-smartcard-reader.o ccid-card-passthru.o
 hw-obj-$(CONFIG_SMARTCARD_NSS) += ccid-card-emulated.o
 hw-obj-$(CONFIG_USB_REDIR) += usb/redirect.o
 hw-obj-$(CONFIG_I8259) += i8259_common.o i8259.o
+hw-obj-$(CONFIG_SDHCI) += sdhci.o
 
 # PPC devices
 hw-obj-$(CONFIG_PREP_PCI) += prep_pci.o
diff --git a/default-configs/arm-softmmu.mak b/default-configs/arm-softmmu.mak
index e542b4f..314784b 100644
--- a/default-configs/arm-softmmu.mak
+++ b/default-configs/arm-softmmu.mak
@@ -27,3 +27,4 @@  CONFIG_SMC91C111=y
 CONFIG_DS1338=y
 CONFIG_PFLASH_CFI01=y
 CONFIG_PFLASH_CFI02=y
+CONFIG_SDHCI=y
diff --git a/hw/sdhci.c b/hw/sdhci.c
new file mode 100644
index 0000000..7ace8c9
--- /dev/null
+++ b/hw/sdhci.c
@@ -0,0 +1,1305 @@ 
+/*
+ * SD Association Host Standard Specification v2.0 controller emulation
+ *
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd.
+ * Mitsyanko Igor <i.mitsyanko@samsung.com>
+ * Peter A.G. Crosthwaite <peter.crosthwaite@petalogix.com>
+ *
+ * Based on MMC controller for Samsung S5PC1xx-based board emulation
+ * by Alexey Merkulov and Vladimir Monakhov.
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ * See the GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "hw.h"
+#include "blockdev.h"
+#include "qemu-timer.h"
+#include "sdhci.h"
+#include "block_int.h"
+
+/* host controller debug messages */
+#define SDHC_DEBUG                        0
+
+#if SDHC_DEBUG == 0
+    #define DPRINT_L1(fmt, args...)       do { } while (0)
+    #define DPRINT_L2(fmt, args...)       do { } while (0)
+    #define ERRPRINT(fmt, args...)        do { } while (0)
+#elif SDHC_DEBUG == 1
+    #define DPRINT_L1(fmt, args...)       \
+        do {fprintf(stderr, "QEMU SDHC: "fmt, ## args); } while (0)
+    #define DPRINT_L2(fmt, args...)       do { } while (0)
+    #define ERRPRINT(fmt, args...)        \
+        do {fprintf(stderr, "QEMU SDHC ERROR: "fmt, ## args); } while (0)
+#else
+    #define DPRINT_L1(fmt, args...)       \
+        do {fprintf(stderr, "QEMU SDHC: "fmt, ## args); } while (0)
+    #define DPRINT_L2(fmt, args...)       \
+        do {fprintf(stderr, "QEMU SDHC: "fmt, ## args); } while (0)
+    #define ERRPRINT(fmt, args...)        \
+        do {fprintf(stderr, "QEMU SDHC ERROR: "fmt, ## args); } while (0)
+#endif
+
+/* Default SD/MMC host controller features information, which will be
+ * presented in CAPABILITIES register of generic SD host controller at reset.
+ * If not stated otherwise:
+ * 0 - not supported, 1 - supported, other - prohibited.
+ */
+#define SDHC_CAPAB_64BITBUS       0ul        /* 64-bit System Bus Support */
+#define SDHC_CAPAB_18V            1ul        /* Voltage support 1.8v */
+#define SDHC_CAPAB_30V            0ul        /* Voltage support 3.0v */
+#define SDHC_CAPAB_33V            1ul        /* Voltage support 3.3v */
+#define SDHC_CAPAB_SUSPRESUME     0ul        /* Suspend/resume support */
+#define SDHC_CAPAB_SDMA           1ul        /* SDMA support */
+#define SDHC_CAPAB_HIGHSPEED      1ul        /* High speed support */
+#define SDHC_CAPAB_ADMA1          1ul        /* ADMA1 support */
+#define SDHC_CAPAB_ADMA2          1ul        /* ADMA2 support */
+/* Maximum host controller R/W buffers size
+ * Possible values: 512, 1024, 2048 bytes */
+#define SDHC_CAPAB_MAXBLOCKLENGTH 512ul
+/* Maximum clock frequency for SDclock in MHz
+ * value in range 10-63 MHz, 0 - not defined */
+#define SDHC_CAPAB_BASECLKFREQ    0ul
+#define SDHC_CAPAB_TOUNIT         1ul  /* Timeout clock unit 0 - kHz, 1 - MHz */
+/* Timeout clock frequency 1-63, 0 - not defined */
+#define SDHC_CAPAB_TOCLKFREQ      0ul
+
+/* Now check all parameters and calculate CAPABILITIES REGISTER value */
+#if SDHC_CAPAB_64BITBUS > 1 || SDHC_CAPAB_18V > 1 || SDHC_CAPAB_30V > 1 ||     \
+    SDHC_CAPAB_33V > 1 || SDHC_CAPAB_SUSPRESUME > 1 || SDHC_CAPAB_SDMA > 1 ||  \
+    SDHC_CAPAB_HIGHSPEED > 1 || SDHC_CAPAB_ADMA2 > 1 || SDHC_CAPAB_ADMA1 > 1 ||\
+    SDHC_CAPAB_TOUNIT > 1
+#error Capabilities features can have value 0 or 1 only!
+#endif
+
+#if SDHC_CAPAB_MAXBLOCKLENGTH == 512
+#define MAX_BLOCK_LENGTH 0ul
+#elif SDHC_CAPAB_MAXBLOCKLENGTH == 1024
+#define MAX_BLOCK_LENGTH 1ul
+#elif SDHC_CAPAB_MAXBLOCKLENGTH == 2048
+#define MAX_BLOCK_LENGTH 2ul
+#else
+#error Max host controller block size can have value 512, 1024 or 2048 only!
+#endif
+
+#if (SDHC_CAPAB_BASECLKFREQ > 0 && SDHC_CAPAB_BASECLKFREQ < 10) || \
+    SDHC_CAPAB_BASECLKFREQ > 63
+#error SDclock frequency can have value in range 0, 10-63 only!
+#endif
+
+#if SDHC_CAPAB_TOCLKFREQ > 63
+#error Timeout clock frequency can have value in range 0-63 only!
+#endif
+
+#define SDHC_CAPAB_REG_DEFAULT                                 \
+   ((SDHC_CAPAB_64BITBUS << 28) | (SDHC_CAPAB_18V << 26) |     \
+    (SDHC_CAPAB_30V << 25) | (SDHC_CAPAB_33V << 24) |          \
+    (SDHC_CAPAB_SUSPRESUME << 23) | (SDHC_CAPAB_SDMA << 22) |  \
+    (SDHC_CAPAB_HIGHSPEED << 21) | (SDHC_CAPAB_ADMA1 << 20) |  \
+    (SDHC_CAPAB_ADMA2 << 19) | (MAX_BLOCK_LENGTH << 16) |      \
+    (SDHC_CAPAB_BASECLKFREQ << 8) | (SDHC_CAPAB_TOUNIT << 7) | \
+    (SDHC_CAPAB_TOCLKFREQ))
+
+#define MASKED_WRITE(reg, mask, val)  (reg = (reg & (mask)) | (val))
+
+static void sdhci_raise_insertion_irq(void *opaque)
+{
+    SDHCIState *s = (SDHCIState *)opaque;
+    bool int_raised = false;
+
+    if (s->norintsts & SDHC_NIS_REMOVE) {
+        qemu_mod_timer(s->insert_timer,
+                       qemu_get_clock_ns(vm_clock) + SDHC_INSERTION_DELAY);
+    } else {
+        s->prnsts = 0x1ff0000;
+        if (s->norintstsen & SDHC_NISEN_INSERT) {
+            s->norintsts |= SDHC_NIS_INSERT;
+            int_raised = (s->norintsigen & SDHC_NORINTSIG_INSERT) ||
+                    (s->wakcon & SDHC_WKUP_ON_INS);
+        }
+
+        if (int_raised) {
+            s->slotint = 1;
+        }
+        qemu_set_irq(s->irq, int_raised);
+    }
+}
+
+static void sdhci_insert_eject_cb(void *opaque, int irq, int level)
+{
+    SDHCIState *s = (SDHCIState *)opaque;
+    DPRINT_L1("Card state changed: %s!\n", level ? "insert" : "eject");
+    bool int_raised = false;
+
+    if ((s->norintsts & SDHC_NIS_REMOVE) && level) {
+        /* Give target some time to notice card ejection */
+        qemu_mod_timer(s->insert_timer,
+                       qemu_get_clock_ns(vm_clock) + SDHC_INSERTION_DELAY);
+    } else {
+        if (level) {
+            s->prnsts = 0x1ff0000;
+            if (s->norintstsen & SDHC_NISEN_INSERT) {
+                s->norintsts |= SDHC_NIS_INSERT;
+                int_raised = (s->norintsigen & SDHC_NORINTSIG_INSERT) ||
+                        (s->wakcon & SDHC_WKUP_ON_INS);
+            }
+        } else {
+            s->prnsts = 0x1fa0000;
+            s->pwrcon &= ~SDHC_POWER_ON;
+            s->clkcon &= ~SDHC_CLOCK_SDCLK_EN;
+            if (s->norintstsen & SDHC_NISEN_REMOVE) {
+                s->norintsts |= SDHC_NIS_REMOVE;
+                int_raised = (s->norintsigen & SDHC_NORINTSIG_REMOVE) ||
+                        (s->wakcon & SDHC_WKUP_ON_RMV);
+            }
+        }
+
+        if (int_raised) {
+            s->slotint = 1;
+        }
+        qemu_set_irq(s->irq, int_raised);
+    }
+}
+
+static void sdhci_card_readonly_cb(void *opaque, int irq, int level)
+{
+    SDHCIState *s = (SDHCIState *)opaque;
+
+    if (level) {
+        s->prnsts &= ~SDHC_WRITE_PROTECT;
+    } else {
+        /* Write enabled */
+        s->prnsts |= SDHC_WRITE_PROTECT;
+    }
+}
+
+static void sdhci_reset(SDHCIState *s)
+{
+    /* Set all registers to 0. Capabilities registers are not cleared
+     * and assumed to always preserve their value, given to them during
+     * initialization */
+    memset(&s->sdmasysad, 0, (uintptr_t)&s->capareg - (uintptr_t)&s->sdmasysad);
+
+    sd_set_cb(s->card, s->ro_cb, s->eject_cb);
+    s->data_count = 0;
+    s->stoped_state = sdhc_not_stoped;
+}
+
+static void sdhci_send_command(SDHCIState *s)
+{
+    SDRequest request;
+    uint8_t response[16];
+    int rlen;
+
+    s->errintsts = 0;
+    s->acmd12errsts = 0;
+    request.cmd = s->cmdreg >> 8;
+    request.arg = s->argument;
+    DPRINT_L1("sending CMD%u ARG[0x%08x]\n", request.cmd, request.arg);
+    rlen = sd_do_command(s->card, &request, response);
+
+    if (s->cmdreg & SDHC_CMD_RESPONSE) {
+        if (rlen == 4) {
+            s->rspreg[0] = (response[0] << 24) | (response[1] << 16) |
+                           (response[2] << 8)  |  response[3];
+            s->rspreg[1] = s->rspreg[2] = s->rspreg[3] = 0;
+            DPRINT_L1("Response: RSPREG[31..0]=0x%08x\n", s->rspreg[0]);
+        } else if (rlen == 16) {
+            s->rspreg[0] = (response[11] << 24) | (response[12] << 16) |
+                           (response[13] << 8) |  response[14];
+            s->rspreg[1] = (response[7] << 24) | (response[8] << 16) |
+                           (response[9] << 8)  |  response[10];
+            s->rspreg[2] = (response[3] << 24) | (response[4] << 16) |
+                           (response[5] << 8)  |  response[6];
+            s->rspreg[3] = (response[0] << 16) | (response[1] << 8) |
+                            response[2];
+            DPRINT_L1("Response received:\n RSPREG[127..96]=0x%08x, RSPREG[95.."
+                  "64]=0x%08x,\n RSPREG[63..32]=0x%08x, RSPREG[31..0]=0x%08x\n",
+                  s->rspreg[3], s->rspreg[2], s->rspreg[1], s->rspreg[0]);
+        } else {
+            ERRPRINT("Timeout waiting for command response\n");
+            if (s->errintstsen & SDHC_EISEN_CMDTIMEOUT) {
+                s->errintsts |= SDHC_EIS_CMDTIMEOUT;
+                s->norintsts |= SDHC_NIS_ERR;
+            }
+        }
+
+        if ((s->norintstsen & SDHC_NISEN_TRSCMP) &&
+            (s->cmdreg & SDHC_CMD_RESPONSE) == SDHC_CMD_RSP_WITH_BUSY) {
+            s->norintsts |= SDHC_NIS_TRSCMP;
+        }
+    } else if (rlen != 0 && (s->errintstsen & SDHC_EISEN_CMDIDX)) {
+        s->errintsts |= SDHC_EIS_CMDIDX;
+        s->norintsts |= SDHC_NIS_ERR;
+    }
+
+    if (s->norintstsen & SDHC_NISEN_CMDCMP) {
+        s->norintsts |= SDHC_NIS_CMDCMP;
+    }
+
+    if ((s->norintsts & s->norintsigen) || (s->errintsts & s->errintsigen)) {
+        s->slotint = 1;
+    }
+
+    qemu_set_irq(s->irq, s->slotint);
+
+    if (s->blksize && (s->cmdreg & SDHC_CMD_DATA_PRESENT)) {
+        SDHCI_GET_CLASS(s)->start_data_transfer(s);
+    }
+}
+
+static void sdhci_end_transfer(SDHCIState *s)
+{
+    /* Automatically send CMD12 to stop transfer if AutoCMD12 enabled */
+    if ((s->trnmod & SDHC_TRNS_ACMD12) != 0) {
+        SDRequest request;
+        uint8_t response[16];
+
+        request.cmd = 0x0C;
+        request.arg = 0;
+        DPRINT_L1("Automatically issue CMD%d %08x\n", request.cmd, request.arg);
+        sd_do_command(s->card, &request, response);
+        /* Auto CMD12 response goes to the upper Response register */
+        s->rspreg[3] = (response[0] << 24) | (response[1] << 16) |
+                (response[2] << 8) | response[3];
+    }
+
+    s->prnsts &= ~(SDHC_DOING_READ | SDHC_DOING_WRITE |
+            SDHC_DAT_LINE_ACTIVE | SDHC_DATA_INHIBIT |
+            SDHC_SPACE_AVAILABLE | SDHC_DATA_AVAILABLE);
+
+    if (s->norintstsen & SDHC_NISEN_TRSCMP) {
+        s->norintsts |= SDHC_NIS_TRSCMP;
+    }
+
+    if (s->norintsigen & s->norintsts) {
+        s->slotint = 1;
+    }
+    qemu_set_irq(s->irq, s->norintsigen & s->norintsts);
+}
+
+/*
+ * Programmed i/o data transfer
+ */
+
+/* Fill host controller's read buffer with BLKSIZE bytes of data from card */
+static void sdhci_read_block_from_card(SDHCIState *s)
+{
+    int index = 0;
+
+    if ((s->trnmod & SDHC_TRNS_MULTI) &&
+            (s->trnmod & SDHC_TRNS_BLK_CNT_EN) && (s->blkcnt == 0)) {
+        return;
+    }
+
+    for (index = 0; index < (s->blksize & 0x0fff); index++) {
+        s->fifo_buffer[index] = sd_read_data(s->card);
+    }
+
+    /* New data now available for READ through Buffer Port Register */
+    s->prnsts |= SDHC_DATA_AVAILABLE;
+    if (s->norintstsen & SDHC_NISEN_RBUFRDY) {
+        s->norintsts |= SDHC_NIS_RBUFRDY;
+    }
+
+    /* Clear DAT line active status if that was the last block */
+    if ((s->trnmod & SDHC_TRNS_MULTI) == 0 ||
+            ((s->trnmod & SDHC_TRNS_MULTI) && s->blkcnt == 1)) {
+        s->prnsts &= ~SDHC_DAT_LINE_ACTIVE;
+    }
+
+    /* If stop at block gap request was set and it's not the last block of
+     * data - generate Block Event interrupt */
+    if (s->stoped_state == sdhc_gap_read && (s->trnmod & SDHC_TRNS_MULTI) &&
+            s->blkcnt != 1)    {
+        s->prnsts &= ~SDHC_DAT_LINE_ACTIVE;
+        if (s->norintstsen & SDHC_EISEN_BLKGAP) {
+            s->norintsts |= SDHC_EIS_BLKGAP;
+        }
+    }
+
+    if (s->norintsts & s->norintsigen) {
+        s->slotint = 1;
+    }
+    qemu_set_irq(s->irq, s->norintsts & s->norintsigen);
+}
+
+/* Read @size byte of data from host controller @s BUFFER DATA PORT register */
+static uint32_t sdhci_read_dataport(SDHCIState *s, unsigned size)
+{
+    uint32_t value = 0;
+    int i;
+
+    /* first check that a valid data exists in host controller input buffer */
+    if ((s->prnsts & SDHC_DATA_AVAILABLE) == 0) {
+        ERRPRINT("Trying to read from empty buffer\n");
+        return 0;
+    }
+
+    for (i = 0; i < size; i++) {
+        value |= s->fifo_buffer[s->data_count] << i * 8;
+        s->data_count++;
+        /* check if we've read all valid data (blksize bytes) from buffer */
+        if ((s->data_count) >= (s->blksize & 0x0fff)) {
+            DPRINT_L2("All %u bytes of data have been read from input buffer\n",
+                    s->data_count);
+            s->prnsts &= ~SDHC_DATA_AVAILABLE; /* no more data in a buffer */
+            s->data_count = 0;  /* next buff read must start at position [0] */
+
+            if (s->trnmod & SDHC_TRNS_BLK_CNT_EN) {
+                s->blkcnt--;
+            }
+
+            /* if that was the last block of data */
+            if ((s->trnmod & SDHC_TRNS_MULTI) == 0 ||
+                ((s->trnmod & SDHC_TRNS_MULTI) &&
+                 (s->trnmod & SDHC_TRNS_BLK_CNT_EN) && (s->blkcnt == 0)) ||
+                 /* stop at gap request */
+                (s->stoped_state == sdhc_gap_read &&
+                 !(s->prnsts & SDHC_DAT_LINE_ACTIVE))) {
+                SDHCI_GET_CLASS(s)->end_data_transfer(s);
+            } else { /* if there are more data, read next block from card */
+                SDHCI_GET_CLASS(s)->read_block_from_card(s);
+            }
+            break;
+        }
+    }
+
+    return value;
+}
+
+/* Write data from host controller FIFO to card */
+static void sdhci_write_block_to_card(SDHCIState *s)
+{
+    int index = 0;
+
+    if (s->prnsts & SDHC_SPACE_AVAILABLE) {
+        if (s->norintstsen & SDHC_NISEN_WBUFRDY) {
+            s->norintsts |= SDHC_NIS_WBUFRDY;
+        }
+        if (s->norintsts & s->norintsigen) {
+            s->slotint = 1;
+        }
+        qemu_set_irq(s->irq, s->norintsigen & s->norintsts);
+        return;
+    }
+
+    if (s->trnmod & SDHC_TRNS_BLK_CNT_EN) {
+        if (s->blkcnt == 0) {
+            return;
+        } else {
+            s->blkcnt--;
+        }
+    }
+
+    for (index = 0; index < (s->blksize & 0x0fff); index++) {
+        sd_write_data(s->card, s->fifo_buffer[index]);
+    }
+
+    /* Next data can be written through BUFFER DATORT register */
+    s->prnsts |= SDHC_SPACE_AVAILABLE;
+    if (s->norintstsen & SDHC_NISEN_WBUFRDY) {
+        s->norintsts |= SDHC_NIS_WBUFRDY;
+    }
+
+    /* Finish transfer if that was the last block of data */
+    if ((s->trnmod & SDHC_TRNS_MULTI) == 0 ||
+            ((s->trnmod & SDHC_TRNS_MULTI) &&
+            (s->trnmod & SDHC_TRNS_BLK_CNT_EN) && (s->blkcnt == 0))) {
+        SDHCI_GET_CLASS(s)->end_data_transfer(s);
+    }
+
+    /* Generate Block Gap Event if requested and if not the last block */
+    if (s->stoped_state == sdhc_gap_write && (s->trnmod & SDHC_TRNS_MULTI) &&
+            s->blkcnt > 0) {
+        s->prnsts &= ~SDHC_DOING_WRITE;
+        if (s->norintstsen & SDHC_EISEN_BLKGAP) {
+            s->norintsts |= SDHC_EIS_BLKGAP;
+        }
+        SDHCI_GET_CLASS(s)->end_data_transfer(s);
+    }
+
+    if (s->norintsts & s->norintsigen) {
+        s->slotint = 1;
+    }
+    qemu_set_irq(s->irq, s->norintsigen & s->norintsts);
+}
+
+/* Write @size bytes of @value data to host controller @s Buffer Data Port
+ * register */
+static void sdhci_write_dataport(SDHCIState *s, uint32_t value, unsigned size)
+{
+    unsigned i;
+
+    /* Check that there is free space left in a buffer */
+    if (!(s->prnsts & SDHC_SPACE_AVAILABLE)) {
+        ERRPRINT("Can't write to data buffer: buffer full\n");
+        return;
+    }
+
+    for (i = 0; i < size; i++) {
+        s->fifo_buffer[s->data_count] = value & 0xFF;
+        s->data_count++;
+        value >>= 8;
+        if (s->data_count >= (s->blksize & 0x0fff)) {
+            DPRINT_L2("write buffer filled with %u bytes of data\n",
+                    s->data_count);
+            s->data_count = 0;
+            s->prnsts &= ~SDHC_SPACE_AVAILABLE;
+            if (s->prnsts & SDHC_DOING_WRITE) {
+                SDHCI_GET_CLASS(s)->write_block_to_card(s);
+            }
+        }
+    }
+}
+
+/*
+ * Single DMA data transfer
+ */
+
+/* Multi block SDMA transfer */
+static void sdhci_sdma_transfer_multi_blocks(SDHCIState *s)
+{
+    bool page_aligned = false;
+    unsigned int n, begin;
+    const uint16_t block_size = s->blksize & 0x0fff;
+    uint32_t boundary_chk = 1 << (((s->blksize & 0xf000) >> 12) + 12);
+    uint32_t boundary_count = boundary_chk - (s->sdmasysad % boundary_chk);
+
+    /* XXX: Some sd/mmc drivers (for example, u-boot-slp) do not account for
+     * possible stop at page boundary if initial address is not page aligned,
+     * allow them to work properly */
+    if ((s->sdmasysad % boundary_chk) == 0) {
+        page_aligned = true;
+    }
+
+    if (s->trnmod & SDHC_TRNS_READ) {
+        s->prnsts |= SDHC_DOING_READ | SDHC_DATA_INHIBIT |
+                SDHC_DAT_LINE_ACTIVE;
+        while (s->blkcnt) {
+            if (s->data_count == 0) {
+                for (n = 0; n < block_size; n++) {
+                    s->fifo_buffer[n] = sd_read_data(s->card);
+                }
+            }
+            begin = s->data_count;
+            if (((boundary_count + begin) < block_size) && page_aligned) {
+                s->data_count = boundary_count + begin;
+                boundary_count = 0;
+             } else {
+                s->data_count = block_size;
+                boundary_count -= block_size - begin;
+                if (s->trnmod & SDHC_TRNS_BLK_CNT_EN) {
+                    s->blkcnt--;
+                }
+            }
+            cpu_physical_memory_write(s->sdmasysad, &s->fifo_buffer[begin],
+                    s->data_count - begin);
+            s->sdmasysad += s->data_count - begin;
+            if (s->data_count == block_size) {
+                s->data_count = 0;
+            }
+            if (page_aligned && boundary_count == 0) {
+                break;
+            }
+        }
+    } else {
+        s->prnsts |= SDHC_DOING_WRITE | SDHC_DATA_INHIBIT |
+                SDHC_DAT_LINE_ACTIVE;
+        while (s->blkcnt) {
+            begin = s->data_count;
+            if (((boundary_count + begin) < block_size) && page_aligned) {
+                s->data_count = boundary_count + begin;
+                boundary_count = 0;
+             } else {
+                s->data_count = block_size;
+                boundary_count -= block_size - begin;
+            }
+            cpu_physical_memory_read(s->sdmasysad,
+                    &s->fifo_buffer[begin], s->data_count);
+            s->sdmasysad += s->data_count - begin;
+            if (s->data_count == block_size) {
+                for (n = 0; n < block_size; n++) {
+                    sd_write_data(s->card, s->fifo_buffer[n]);
+                }
+                s->data_count = 0;
+                if (s->trnmod & SDHC_TRNS_BLK_CNT_EN) {
+                    s->blkcnt--;
+                }
+            }
+            if (page_aligned && boundary_count == 0) {
+                break;
+            }
+        }
+    }
+
+    if (s->blkcnt == 0) {
+        SDHCI_GET_CLASS(s)->end_data_transfer(s);
+    } else {
+        if (s->norintstsen & SDHC_NISEN_DMA) {
+            s->norintsts |= SDHC_NIS_DMA;
+        }
+
+        if (s->norintsts & s->norintsigen) {
+            s->slotint = 1;
+        }
+        qemu_set_irq(s->irq, s->norintsigen & s->norintsts);
+    }
+}
+
+/* single block SDMA transfer */
+static void sdhci_sdma_transfer_single_block(SDHCIState *s)
+{
+    int n;
+    uint32_t datacnt = s->blksize & 0x0fff;
+
+    if (s->trnmod & SDHC_TRNS_READ) {
+        for (n = 0; n < datacnt; n++) {
+            s->fifo_buffer[n] = sd_read_data(s->card);
+        }
+        cpu_physical_memory_write(s->sdmasysad, s->fifo_buffer, datacnt);
+    } else {
+        cpu_physical_memory_read(s->sdmasysad, s->fifo_buffer, datacnt);
+        for (n = 0; n < datacnt; n++) {
+            sd_write_data(s->card, s->fifo_buffer[n]);
+        }
+    }
+
+    if (s->trnmod & SDHC_TRNS_BLK_CNT_EN) {
+        s->blkcnt--;
+    }
+
+    SDHCI_GET_CLASS(s)->end_data_transfer(s);
+}
+
+typedef struct ADMADescr {
+    target_phys_addr_t addr;
+    uint16_t length;
+    uint8_t attr;
+    uint8_t incr;
+} ADMADescr;
+
+static void get_adma_description(SDHCIState *s, ADMADescr *dscr)
+{
+    uint32_t adma1 = 0;
+    uint64_t adma2 = 0;
+    target_phys_addr_t entry_addr = (target_phys_addr_t)s->admasysaddr;
+
+    switch (SDHC_DMA_TYPE(s->hostctl)) {
+    case SDHC_CTRL_ADMA2_32:
+        cpu_physical_memory_read(entry_addr, (uint8_t *)&adma2, sizeof(adma2));
+        dscr->addr = (target_phys_addr_t)((adma2 >> 32) & 0xfffffffc);
+        dscr->length = (uint16_t)((adma2 >> 16) & 0xFFFF);
+        dscr->attr = (uint8_t)(adma2 & 0x3F);
+        dscr->incr = 8;
+        break;
+    case SDHC_CTRL_ADMA1_32:
+        cpu_physical_memory_read(entry_addr, (uint8_t *)&adma1, sizeof(adma1));
+        dscr->addr = (target_phys_addr_t)(adma1 & 0xFFFFF000);
+        dscr->attr = (uint8_t)(adma2 & 0x3F);
+        dscr->incr = 4;
+        if ((dscr->attr & SDHC_ADMA_ATTR_ACT_MASK) == SDHC_ADMA_ATTR_SET_LEN) {
+            dscr->length = (uint16_t)((adma1 >> 12) & 0xFFFF);
+        } else {
+            dscr->length = 4096;
+        }
+        break;
+    case SDHC_CTRL_ADMA2_64:
+        cpu_physical_memory_read(entry_addr, (uint8_t *)(&dscr->attr), 1);
+        cpu_physical_memory_read(entry_addr + 2, (uint8_t *)(&dscr->length), 2);
+        cpu_physical_memory_read(entry_addr + 4, (uint8_t *)(&dscr->addr), 8);
+        dscr->attr &= 0xfffffff8;
+        dscr->incr = 12;
+        break;
+    }
+}
+
+/* Advanced DMA data transfer */
+static void sdhci_start_adma(SDHCIState *s)
+{
+    unsigned int n, begin, length;
+    const uint16_t block_size = s->blksize & 0x0fff;
+    ADMADescr dscr;
+    s->admaerr &= ~SDHC_ADMAERR_LENGTH_MISMATCH;
+
+    while (1) {
+        get_adma_description(s, &dscr);
+        DPRINT_L2("ADMA loop: addr=" TARGET_FMT_plx ", len=%d, attr=%x\n",
+                dscr.addr, dscr.length, dscr.attr);
+
+        if ((dscr.attr & SDHC_ADMA_ATTR_VALID) == 0) {
+            /* Indicate that error occurred in ST_FDS state */
+            s->admaerr &= ~SDHC_ADMAERR_STATE_MASK;
+            s->admaerr |= SDHC_ADMAERR_STATE_ST_FDS;
+
+            /* Generate ADMA error interrupt */
+            if (s->errintstsen & SDHC_EISEN_ADMAERR) {
+                s->errintsts |= SDHC_EIS_ADMAERR;
+                s->norintsts |= SDHC_NIS_ERR;
+            }
+
+            if (s->errintsigen & s->errintsts) {
+                s->slotint = 1;
+            }
+            qemu_set_irq(s->irq, s->errintsigen & s->errintsts);
+            break;
+        }
+
+        length = dscr.length ? dscr.length : 65536;
+
+        switch (dscr.attr & SDHC_ADMA_ATTR_ACT_MASK) {
+        case SDHC_ADMA_ATTR_ACT_TRAN:  /* data transfer */
+            if (s->trnmod & SDHC_TRNS_READ) {
+                while (length) {
+                    if (s->data_count == 0) {
+                        for (n = 0; n < block_size; n++) {
+                            s->fifo_buffer[n] = sd_read_data(s->card);
+                        }
+                    }
+                    begin = s->data_count;
+                    if ((length + begin) < block_size) {
+                        s->data_count = length + begin;
+                        length = 0;
+                     } else {
+                        s->data_count = block_size;
+                        length -= block_size - begin;
+                    }
+                    cpu_physical_memory_write(dscr.addr, &s->fifo_buffer[begin],
+                            s->data_count - begin);
+                    dscr.addr += s->data_count - begin;
+                    if (s->data_count == block_size) {
+                        s->data_count = 0;
+                        if (s->trnmod & SDHC_TRNS_BLK_CNT_EN) {
+                            s->blkcnt--;
+                            if (s->blkcnt == 0) {
+                                break;
+                            }
+                        }
+                    }
+                }
+            } else {
+                while (length) {
+                    begin = s->data_count;
+                    if ((length + begin) < block_size) {
+                        s->data_count = length + begin;
+                        length = 0;
+                     } else {
+                        s->data_count = block_size;
+                        length -= block_size - begin;
+                    }
+                    cpu_physical_memory_read(dscr.addr,
+                            &s->fifo_buffer[begin], s->data_count);
+                    dscr.addr += s->data_count - begin;
+                    if (s->data_count == block_size) {
+                        for (n = 0; n < block_size; n++) {
+                            sd_write_data(s->card, s->fifo_buffer[n]);
+                        }
+                        s->data_count = 0;
+                        if (s->trnmod & SDHC_TRNS_BLK_CNT_EN) {
+                            s->blkcnt--;
+                            if (s->blkcnt == 0) {
+                                break;
+                            }
+                        }
+                    }
+                }
+            }
+            s->admasysaddr += dscr.incr;
+            break;
+        case SDHC_ADMA_ATTR_ACT_LINK:   /* link to next descriptor table */
+            s->admasysaddr = dscr.addr;
+            DPRINT_L1("ADMA link: admasysaddr=0x%lx\n", s->admasysaddr);
+            break;
+        default:
+            s->admasysaddr += dscr.incr;
+            break;
+        }
+
+        /* ADMA transfer terminates if blkcnt == 0 or by END attribute */
+        if (((s->trnmod & SDHC_TRNS_BLK_CNT_EN) &&
+                    (s->blkcnt == 0)) || (dscr.attr & SDHC_ADMA_ATTR_END)) {
+            DPRINT_L2("ADMA transfer completed\n");
+            if (length || ((dscr.attr & SDHC_ADMA_ATTR_END) &&
+                (s->trnmod & SDHC_TRNS_BLK_CNT_EN) &&
+                s->blkcnt != 0) || ((s->trnmod & SDHC_TRNS_BLK_CNT_EN) &&
+                s->blkcnt == 0 && (dscr.attr & SDHC_ADMA_ATTR_END) == 0)) {
+                ERRPRINT("SD/MMC host ADMA length mismatch\n");
+                s->admaerr |= SDHC_ADMAERR_LENGTH_MISMATCH |
+                        SDHC_ADMAERR_STATE_ST_TFR;
+                if (s->errintstsen & SDHC_EISEN_ADMAERR) {
+                    ERRPRINT("Set ADMA error flag\n");
+                    s->errintsts |= SDHC_EIS_ADMAERR;
+                    s->norintsts |= SDHC_NIS_ERR;
+                }
+
+                if (s->errintsigen & s->errintsts) {
+                    s->slotint = 1;
+                }
+                qemu_set_irq(s->irq, s->errintsigen & s->errintsts);
+            }
+            SDHCI_GET_CLASS(s)->end_data_transfer(s);
+            break;
+        }
+
+        if (dscr.attr & SDHC_ADMA_ATTR_INT) {
+            DPRINT_L1("ADMA interrupt: admasysaddr=0x%lx\n", s->admasysaddr);
+            if (s->norintstsen & SDHC_NISEN_DMA) {
+                s->norintsts |= SDHC_NIS_DMA;
+            }
+
+            if (s->norintsts & s->norintsigen) {
+                s->slotint = 1;
+            }
+            qemu_set_irq(s->irq, s->norintsigen & s->norintsts);
+            break;
+        }
+    }
+}
+
+/* Perform data transfer according to controller configuration */
+static void sdhci_start_transfer(SDHCIState *s)
+{
+    SDHCIClass *k = SDHCI_GET_CLASS(s);
+    s->data_count = 0;
+
+    if (s->trnmod & SDHC_TRNS_DMA) {
+        switch (SDHC_DMA_TYPE(s->hostctl)) {
+        case SDHC_CTRL_SDMA:
+            if ((s->trnmod & SDHC_TRNS_MULTI) &&
+                    (!(s->trnmod & SDHC_TRNS_BLK_CNT_EN) || s->blkcnt == 0)) {
+                break;
+            }
+
+            if ((s->blkcnt == 1) || !(s->trnmod & SDHC_TRNS_MULTI)) {
+                k->do_sdma_single(s);
+            } else {
+                k->do_sdma_multi(s);
+            }
+
+            break;
+        case SDHC_CTRL_ADMA1_32:
+            if (!(s->capareg & SDHC_CAN_DO_ADMA1)) {
+                ERRPRINT("ADMA1 not supported\n");
+                break;
+            }
+
+            k->do_adma(s);
+            break;
+        case SDHC_CTRL_ADMA2_32:
+            if (!(s->capareg & SDHC_CAN_DO_ADMA2)) {
+                ERRPRINT("ADMA2 not supported\n");
+                break;
+            }
+
+            k->do_adma(s);
+            break;
+        case SDHC_CTRL_ADMA2_64:
+            if (!(s->capareg & SDHC_CAN_DO_ADMA2) ||
+                    !(s->capareg & SDHC_64_BIT_BUS_SUPPORT)) {
+                ERRPRINT("64 bit ADMA not supported\n");
+                break;
+            }
+
+            k->do_adma(s);
+            break;
+        default:
+            ERRPRINT("Unsupported DMA type\n");
+            break;
+        }
+    } else {
+        if ((s->trnmod & SDHC_TRNS_READ) && sd_data_ready(s->card)) {
+            s->prnsts |= SDHC_DOING_READ | SDHC_DATA_INHIBIT |
+                    SDHC_DAT_LINE_ACTIVE;
+            SDHCI_GET_CLASS(s)->read_block_from_card(s);
+        } else {
+            s->prnsts |= SDHC_DOING_WRITE | SDHC_DAT_LINE_ACTIVE |
+                    SDHC_SPACE_AVAILABLE | SDHC_DATA_INHIBIT;
+            SDHCI_GET_CLASS(s)->write_block_to_card(s);
+        }
+    }
+}
+
+static bool sdhci_can_issue_command(SDHCIState *s)
+{
+    if (!SDHC_CLOCK_IS_ON(s->clkcon) || !(s->pwrcon & SDHC_POWER_ON) ||
+        (((s->prnsts & SDHC_DATA_INHIBIT) || s->stoped_state) &&
+        ((s->cmdreg & SDHC_CMD_DATA_PRESENT) ||
+        ((s->cmdreg & SDHC_CMD_RESPONSE) == SDHC_CMD_RSP_WITH_BUSY &&
+        !(SDHC_COMMAND_TYPE(s->cmdreg) == SDHC_CMD_ABORT))))) {
+        return false;
+    }
+
+    return true;
+}
+
+/* The Buffer Data Port register must be accessed in sequential and
+ * continuous manner */
+static inline bool
+sdhci_buff_access_is_sequential(SDHCIState *s, unsigned byte_num)
+{
+    if ((s->data_count & 0x3) != byte_num) {
+        ERRPRINT("Non-sequential access to Buffer Data Port register"
+                "is prohibited\n");
+        return false;
+    }
+    return true;
+}
+
+static uint32_t sdhci_read(SDHCIState *s, unsigned int offset, unsigned size)
+{
+    uint32_t ret = 0;
+
+    switch (offset & ~0x3) {
+    case SDHC_SYSAD:
+        ret = s->sdmasysad;
+        break;
+    case SDHC_BLKSIZE:
+        ret = s->blksize | (s->blkcnt << 16);
+        break;
+    case SDHC_ARGUMENT:
+        ret = s->argument;
+        break;
+    case SDHC_TRNMOD:
+        ret = s->trnmod | (s->cmdreg << 16);
+        break;
+    case SDHC_RSPREG0 ... SDHC_RSPREG3:
+        ret = s->rspreg[((offset & ~0x3) - SDHC_RSPREG0) >> 2];
+        break;
+    case  SDHC_BDATA:
+        if (sdhci_buff_access_is_sequential(s, offset - SDHC_BDATA)) {
+            ret = SDHCI_GET_CLASS(s)->bdata_read(s, size);
+            DPRINT_L2("read %ub: addr[0x%04x] -> %u\n", size, offset, ret);
+            return ret;
+        }
+        break;
+    case SDHC_PRNSTS:
+        ret = s->prnsts;
+        break;
+    case SDHC_HOSTCTL:
+        ret = s->hostctl | (s->pwrcon << 8) | (s->blkgap << 16) |
+              (s->wakcon << 24);
+        break;
+    case SDHC_CLKCON:
+        ret = s->clkcon | (s->timeoutcon << 16);
+        break;
+    case SDHC_NORINTSTS:
+        ret = s->norintsts | (s->errintsts << 16);
+        break;
+    case SDHC_NORINTSTSEN:
+        ret = s->norintstsen | (s->errintstsen << 16);
+        break;
+    case SDHC_NORINTSIGEN:
+        ret = s->norintsigen | (s->errintsigen << 16);
+        break;
+    case SDHC_ACMD12ERRSTS:
+        ret = s->acmd12errsts;
+        break;
+    case SDHC_CAPAREG:
+        ret = s->capareg;
+        break;
+    case SDHC_MAXCURR:
+        ret = s->maxcurr;
+        break;
+    case SDHC_ADMAERR:
+        ret =  s->admaerr;
+        break;
+    case SDHC_ADMASYSADDR:
+        ret = (uint32_t)s->admasysaddr;
+        break;
+    case SDHC_ADMASYSADDR + 4:
+        ret = (uint32_t)(s->admasysaddr >> 32);
+        break;
+    case SDHC_SLOT_INT_STATUS:
+        ret = s->slotint | (SD_HOST_SPECv2_VERS << 16);
+        break;
+    default:
+        ERRPRINT("bad %ub read: addr[0x%04x]\n", size, offset);
+        break;
+    }
+
+    ret >>= (offset & 0x3) * 8;
+    ret &= (1ULL << (size * 8)) - 1;
+    DPRINT_L2("read %ub: addr[0x%04x] -> %u(0x%x)\n", size, offset, ret, ret);
+    return ret;
+}
+
+static void sdhci_update_slotint(SDHCIState *s)
+{
+    if ((s->norintsts & s->norintsigen) || (s->errintsts & s->errintsigen) ||
+        ((s->norintsts & SDHC_NIS_INSERT) && (s->wakcon & SDHC_WKUP_ON_INS)) ||
+        ((s->norintsts & SDHC_NIS_REMOVE) && (s->wakcon & SDHC_WKUP_ON_RMV))) {
+        s->slotint = 1;
+    } else {
+        s->slotint = 0;
+    }
+}
+
+static inline void sdhci_blkgap_write(SDHCIState *s, uint8_t value)
+{
+    if ((value & SDHC_STOP_AT_GAP_REQ) && (s->blkgap & SDHC_STOP_AT_GAP_REQ)) {
+        return;
+    }
+    s->blkgap = value & SDHC_STOP_AT_GAP_REQ;
+
+    if ((value & SDHC_CONTINUE_REQ) && s->stoped_state &&
+            (s->blkgap & SDHC_STOP_AT_GAP_REQ) == 0) {
+        if (s->stoped_state == sdhc_gap_read) {
+            s->prnsts |= SDHC_DAT_LINE_ACTIVE | SDHC_DOING_READ;
+            SDHCI_GET_CLASS(s)->read_block_from_card(s);
+        } else {
+            s->prnsts |= SDHC_DAT_LINE_ACTIVE | SDHC_DOING_WRITE;
+            SDHCI_GET_CLASS(s)->write_block_to_card(s);
+        }
+        s->stoped_state = sdhc_not_stoped;
+    } else if (!s->stoped_state && (value & SDHC_STOP_AT_GAP_REQ)) {
+        if (s->prnsts & SDHC_DOING_READ) {
+            s->stoped_state = sdhc_gap_read;
+        } else if (s->prnsts & SDHC_DOING_WRITE) {
+            s->stoped_state = sdhc_gap_write;
+        }
+    }
+}
+
+static inline void sdhci_reset_write(SDHCIState *s, uint8_t value)
+{
+    switch (value) {
+    case SDHC_RESET_ALL:
+        DEVICE_GET_CLASS(s)->reset(DEVICE(s));
+        break;
+    case SDHC_RESET_CMD:
+        s->prnsts &= ~SDHC_CMD_INHIBIT;
+        s->norintsts &= ~SDHC_NIS_CMDCMP;
+        break;
+    case SDHC_RESET_DATA:
+        s->data_count = 0;
+        s->prnsts &= ~(SDHC_SPACE_AVAILABLE | SDHC_DATA_AVAILABLE |
+                SDHC_DOING_READ | SDHC_DOING_WRITE |
+                SDHC_DATA_INHIBIT | SDHC_DAT_LINE_ACTIVE);
+        s->blkgap &= ~(SDHC_STOP_AT_GAP_REQ | SDHC_CONTINUE_REQ);
+        s->stoped_state = sdhc_not_stoped;
+        s->norintsts &= ~(SDHC_NIS_WBUFRDY | SDHC_NIS_RBUFRDY |
+                SDHC_NIS_DMA | SDHC_NIS_TRSCMP | SDHC_NIS_BLKGAP);
+        break;
+    }
+}
+
+static void
+sdhci_write(SDHCIState *s, unsigned int offset, uint32_t value, unsigned size)
+{
+    unsigned shift =  8 * (offset & 0x3);
+    uint32_t mask = ~(((1ULL << (size * 8)) - 1) << shift);
+    value <<= shift;
+
+    switch (offset & ~0x3) {
+    case SDHC_SYSAD:
+        s->sdmasysad = (s->sdmasysad & mask) | value;
+        MASKED_WRITE(s->sdmasysad, mask, value);
+        /* Writing to last byte of sdmasysad might trigger transfer */
+        if (!(mask & 0xFF000000) && TRANSFERRING_DATA(s->prnsts) && s->blkcnt &&
+                s->blksize && SDHC_DMA_TYPE(s->hostctl) == SDHC_CTRL_SDMA) {
+            SDHCI_GET_CLASS(s)->do_sdma_multi(s);
+        }
+        break;
+    case SDHC_BLKSIZE:
+        if (!TRANSFERRING_DATA(s->prnsts)) {
+            MASKED_WRITE(s->blksize, mask, value);
+            MASKED_WRITE(s->blkcnt, mask >> 16, value >> 16);
+        }
+        break;
+    case SDHC_ARGUMENT:
+        MASKED_WRITE(s->argument, mask, value);
+        break;
+    case SDHC_TRNMOD:
+        /* DMA can be enabled only if it is supported as indicated by
+         * capabilities register */
+        if (!(s->capareg & SDHC_CAN_DO_DMA)) {
+            value &= ~SDHC_TRNS_DMA;
+        }
+        MASKED_WRITE(s->trnmod, mask, value);
+        MASKED_WRITE(s->cmdreg, mask >> 16, value >> 16);
+
+        /* Writing to the upper byte of CMDREG triggers SD command generation */
+        if ((mask & 0xFF000000) || !SDHCI_GET_CLASS(s)->can_issue_command(s)) {
+            break;
+        }
+
+        SDHCI_GET_CLASS(s)->send_command(s);
+        break;
+    case  SDHC_BDATA:
+        if (sdhci_buff_access_is_sequential(s, offset - SDHC_BDATA)) {
+            SDHCI_GET_CLASS(s)->bdata_write(s, value >> shift, size);
+        }
+        break;
+    case SDHC_HOSTCTL:
+        if (!(mask & 0xFF0000)) {
+            sdhci_blkgap_write(s, value >> 16);
+        }
+        MASKED_WRITE(s->hostctl, mask, value);
+        MASKED_WRITE(s->pwrcon, mask >> 8, value >> 8);
+        MASKED_WRITE(s->wakcon, mask >> 24, value >> 24);
+        if (!(s->prnsts & SDHC_CARD_PRESENT) || ((s->pwrcon >> 1) & 0x7) < 5 ||
+                !(s->capareg & (1 << (31 - ((s->pwrcon >> 1) & 0x7))))) {
+            s->pwrcon &= ~SDHC_POWER_ON;
+        }
+        break;
+    case SDHC_CLKCON:
+        if (!(mask & 0xFF000000)) {
+            sdhci_reset_write(s, value >> 24);
+        }
+        MASKED_WRITE(s->clkcon, mask, value);
+        MASKED_WRITE(s->timeoutcon, mask >> 16, value >> 16);
+        if (s->clkcon & SDHC_CLOCK_INT_EN) {
+            s->clkcon |= SDHC_CLOCK_INT_STABLE;
+        } else {
+            s->clkcon &= ~SDHC_CLOCK_INT_STABLE;
+        }
+        break;
+    case SDHC_NORINTSTS:
+        if (s->norintstsen & SDHC_NISEN_CARDINT) {
+            value &= ~SDHC_NIS_CARDINT;
+        }
+        s->norintsts &= mask | ~value;
+        s->errintsts &= (mask >> 16) | ~(value >> 16);
+        if (s->errintsts) {
+            s->norintsts |= SDHC_NIS_ERR;
+        } else {
+            s->norintsts &= ~SDHC_NIS_ERR;
+        }
+        sdhci_update_slotint(s);
+        qemu_set_irq(s->irq, s->slotint);
+        break;
+    case SDHC_NORINTSTSEN:
+        MASKED_WRITE(s->norintstsen, mask, value);
+        MASKED_WRITE(s->errintstsen, mask >> 16, value >> 16);
+        s->norintsts &= s->norintstsen;
+        s->errintsts &= s->errintstsen;
+        if (s->errintsts) {
+            s->norintsts |= SDHC_NIS_ERR;
+        } else {
+            s->norintsts &= ~SDHC_NIS_ERR;
+        }
+        sdhci_update_slotint(s);
+        qemu_set_irq(s->irq, s->slotint);
+        break;
+    case SDHC_NORINTSIGEN:
+        MASKED_WRITE(s->norintsigen, mask, value);
+        MASKED_WRITE(s->errintsigen, mask >> 16, value >> 16);
+        sdhci_update_slotint(s);
+        qemu_set_irq(s->irq, s->slotint);
+        break;
+    case SDHC_ADMAERR:
+        MASKED_WRITE(s->admaerr, mask, value);
+        break;
+    case SDHC_ADMASYSADDR:
+        s->admasysaddr = (s->admasysaddr & (0xFFFFFFFF00000000ULL |
+                (uint64_t)mask)) | (uint64_t)value;
+        break;
+    case SDHC_ADMASYSADDR + 4:
+        s->admasysaddr = (s->admasysaddr & (0x00000000FFFFFFFFULL |
+                ((uint64_t)mask << 32))) | ((uint64_t)value << 32);
+        break;
+    case SDHC_FEAER:
+        s->acmd12errsts |= value;
+        s->errintsts |= (value >> 16) & s->errintstsen;
+        if (s->acmd12errsts) {
+            s->errintsts |= SDHC_EIS_CMD12ERR;
+        }
+        if (s->errintsts) {
+            s->norintsts |= SDHC_NIS_ERR;
+        }
+        if (s->errintsigen & s->errintsts) {
+            s->slotint = 1;
+            qemu_irq_raise(s->irq);
+        }
+        break;
+    default:
+        ERRPRINT("bad %ub write offset: addr[0x%04x] <- %u(0x%x)\n",
+                size, offset, value >> shift, value >> shift);
+        break;
+    }
+    DPRINT_L2("write %ub: addr[0x%04x] <- %u(0x%x)\n",
+            size, offset, value >> shift, value >> shift);
+}
+
+static uint64_t
+sdhci_readfn(void *opaque, target_phys_addr_t offset, unsigned size)
+{
+    SDHCIState *s = (SDHCIState *)opaque;
+
+    return SDHCI_GET_CLASS(s)->mem_read(s, offset, size);
+}
+
+static void
+sdhci_writefn(void *opaque, target_phys_addr_t off, uint64_t val, unsigned sz)
+{
+    SDHCIState *s = (SDHCIState *)opaque;
+
+    SDHCI_GET_CLASS(s)->mem_write(s, off, val, sz);
+}
+
+static const MemoryRegionOps sdhci_mmio_ops = {
+    .read = sdhci_readfn,
+    .write = sdhci_writefn,
+    .valid = {
+        .min_access_size = 1,
+        .max_access_size = 4,
+        .unaligned = false
+    },
+    .endianness = DEVICE_LITTLE_ENDIAN,
+};
+
+static inline unsigned int sdhci_get_fifolen(SDHCIState *s)
+{
+    switch (SDHC_CAPAB_BLOCKSIZE(s->capareg)) {
+    case 0:
+        return 512;
+    case 1:
+        return 1024;
+    case 2:
+        return 2048;
+    default:
+        hw_error("SDHC: unsupported value for maximum block size\n");
+        return 0;
+    }
+}
+
+static void sdhci_initfn(Object *obj)
+{
+    SDHCIState *s = SDHCI(obj);
+    DriveInfo *di;
+
+    di = drive_get_next(IF_SD);
+    s->card = sd_init(di ? di->bdrv : NULL, 0);
+    s->eject_cb = qemu_allocate_irqs(sdhci_insert_eject_cb, s, 1)[0];
+    s->ro_cb = qemu_allocate_irqs(sdhci_card_readonly_cb, s, 1)[0];
+    sd_set_cb(s->card, s->ro_cb, s->eject_cb);
+
+    s->insert_timer = qemu_new_timer_ns(vm_clock, sdhci_raise_insertion_irq, s);
+}
+
+static void sdhci_uninitfn(Object *obj)
+{
+    SDHCIState *s = SDHCI(obj);
+
+    if (s->fifo_buffer) {
+        g_free(s->fifo_buffer);
+        s->fifo_buffer = NULL;
+    }
+}
+
+const VMStateDescription sdhci_vmstate = {
+    .name = "sdhci",
+    .version_id = 1,
+    .minimum_version_id = 1,
+    .fields      = (VMStateField[]) {
+        VMSTATE_UINT32(sdmasysad, SDHCIState),
+        VMSTATE_UINT16(blksize, SDHCIState),
+        VMSTATE_UINT16(blkcnt, SDHCIState),
+        VMSTATE_UINT32(argument, SDHCIState),
+        VMSTATE_UINT16(trnmod, SDHCIState),
+        VMSTATE_UINT16(cmdreg, SDHCIState),
+        VMSTATE_UINT32_ARRAY(rspreg, SDHCIState, 4),
+        VMSTATE_UINT32(prnsts, SDHCIState),
+        VMSTATE_UINT8(hostctl, SDHCIState),
+        VMSTATE_UINT8(pwrcon, SDHCIState),
+        VMSTATE_UINT8(blkgap, SDHCIState),
+        VMSTATE_UINT8(wakcon, SDHCIState),
+        VMSTATE_UINT16(clkcon, SDHCIState),
+        VMSTATE_UINT8(timeoutcon, SDHCIState),
+        VMSTATE_UINT8(admaerr, SDHCIState),
+        VMSTATE_UINT16(norintsts, SDHCIState),
+        VMSTATE_UINT16(errintsts, SDHCIState),
+        VMSTATE_UINT16(norintstsen, SDHCIState),
+        VMSTATE_UINT16(errintstsen, SDHCIState),
+        VMSTATE_UINT16(norintsigen, SDHCIState),
+        VMSTATE_UINT16(errintsigen, SDHCIState),
+        VMSTATE_UINT16(acmd12errsts, SDHCIState),
+        VMSTATE_UINT16(data_count, SDHCIState),
+        VMSTATE_UINT16(slotint, SDHCIState),
+        VMSTATE_UINT64(admasysaddr, SDHCIState),
+        VMSTATE_UINT8(stoped_state, SDHCIState),
+        VMSTATE_VBUFFER_UINT32(fifo_buffer, SDHCIState, 1, NULL, 0, buf_maxsz),
+        VMSTATE_TIMER(insert_timer, SDHCIState),
+        VMSTATE_END_OF_LIST()
+    }
+};
+
+static Property sdhci_properties[] = {
+    DEFINE_PROP_HEX32("capareg", SDHCIState, capareg,
+            SDHC_CAPAB_REG_DEFAULT),
+    DEFINE_PROP_HEX32("maxcurr", SDHCIState, maxcurr, 0),
+    DEFINE_PROP_END_OF_LIST(),
+};
+
+static int sdhci_realize(SysBusDevice *busdev)
+{
+    SDHCIState *s = SDHCI(busdev);
+
+    s->buf_maxsz = sdhci_get_fifolen(s);
+    s->fifo_buffer = g_malloc0(s->buf_maxsz);
+    sysbus_init_irq(busdev, &s->irq);
+    memory_region_init_io(&s->iomem, &sdhci_mmio_ops, s, "sdhci",
+            SDHC_REGISTERS_MAP_SIZE);
+    sysbus_init_mmio(busdev, &s->iomem);
+    return 0;
+}
+
+static void sdhci_generic_reset(DeviceState *ds)
+{
+    SDHCIState *s = SDHCI(ds);
+    SDHCI_GET_CLASS(s)->reset(s);
+}
+
+static void sdhci_class_init(ObjectClass *klass, void *data)
+{
+    DeviceClass *dc = DEVICE_CLASS(klass);
+    SysBusDeviceClass *sbdc = SYS_BUS_DEVICE_CLASS(klass);
+    SDHCIClass *k = SDHCI_CLASS(klass);
+
+    dc->vmsd = &sdhci_vmstate;
+    dc->props = sdhci_properties;
+    dc->reset = sdhci_generic_reset;
+    sbdc->init = sdhci_realize;
+
+    k->reset = sdhci_reset;
+    k->mem_read = sdhci_read;
+    k->mem_write = sdhci_write;
+    k->send_command = sdhci_send_command;
+    k->can_issue_command = sdhci_can_issue_command;
+    k->start_data_transfer = sdhci_start_transfer;
+    k->end_data_transfer = sdhci_end_transfer;
+    k->do_sdma_single = sdhci_sdma_transfer_single_block;
+    k->do_sdma_multi = sdhci_sdma_transfer_multi_blocks;
+    k->do_adma = sdhci_start_adma;
+    k->read_block_from_card = sdhci_read_block_from_card;
+    k->write_block_to_card = sdhci_write_block_to_card;
+    k->bdata_read = sdhci_read_dataport;
+    k->bdata_write = sdhci_write_dataport;
+}
+
+static const TypeInfo sdhci_type_info = {
+    .name = TYPE_SDHCI,
+    .parent = TYPE_SYS_BUS_DEVICE,
+    .instance_size = sizeof(SDHCIState),
+    .instance_init = sdhci_initfn,
+    .instance_finalize = sdhci_uninitfn,
+    .class_init = sdhci_class_init,
+    .class_size = sizeof(SDHCIClass)
+};
+
+static void sdhci_register_types(void)
+{
+    type_register_static(&sdhci_type_info);
+}
+
+type_init(sdhci_register_types)
diff --git a/hw/sdhci.h b/hw/sdhci.h
new file mode 100644
index 0000000..d8bff36
--- /dev/null
+++ b/hw/sdhci.h
@@ -0,0 +1,310 @@ 
+/*
+ * SD Association Host Standard Specification v2.0 controller emulation
+ *
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd.
+ * Mitsyanko Igor <i.mitsyanko@samsung.com>
+ * Peter A.G. Crosthwaite <peter.crosthwaite@petalogix.com>
+ *
+ * Based on MMC controller for Samsung S5PC1xx-based board emulation
+ * by Alexey Merkulov and Vladimir Monakhov.
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ * See the GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef _SDHC_H_
+#define _SDHC_H_
+
+#include "qemu-common.h"
+#include "sysbus.h"
+#include "sd.h"
+
+/* R/W SDMA System Address register 0x0 */
+#define SDHC_SYSAD                     0x00
+
+/* R/W Host DMA Buffer Boundary and Transfer Block Size Register 0x0 */
+#define SDHC_BLKSIZE                   0x04
+
+/* R/W Blocks count for current transfer 0x0 */
+#define SDHC_BLKCNT                    0x06
+
+/* R/W Command Argument Register 0x0 */
+#define SDHC_ARGUMENT                  0x08
+
+/* R/W Transfer Mode Setting Register 0x0 */
+#define SDHC_TRNMOD                    0x0C
+#define SDHC_TRNS_DMA                  0x0001
+#define SDHC_TRNS_BLK_CNT_EN           0x0002
+#define SDHC_TRNS_ACMD12               0x0004
+#define SDHC_TRNS_READ                 0x0010
+#define SDHC_TRNS_MULTI                0x0020
+
+/* R/W Command Register 0x0 */
+#define SDHC_CMDREG                    0x0E
+#define SDHC_CMD_RSP_WITH_BUSY         (3 << 0)
+#define SDHC_CMD_DATA_PRESENT          (1 << 5)
+#define SDHC_CMD_SUSPEND               (1 << 6)
+#define SDHC_CMD_RESUME                (1 << 7)
+#define SDHC_CMD_ABORT                 ((1 << 6)|(1 << 7))
+#define SDHC_CMD_TYPE_MASK             ((1 << 6)|(1 << 7))
+#define SDHC_COMMAND_TYPE(x)           ((x) & SDHC_CMD_TYPE_MASK)
+
+/* ROC Response Register 0 0x0 */
+#define SDHC_RSPREG0                   0x10
+/* ROC Response Register 1 0x0 */
+#define SDHC_RSPREG1                   0x14
+/* ROC Response Register 2 0x0 */
+#define SDHC_RSPREG2                   0x18
+/* ROC Response Register 3 0x0 */
+#define SDHC_RSPREG3                   0x1C
+
+/* R/W Buffer Data Register 0x0 */
+#define SDHC_BDATA                     0x20
+
+/* R/ROC Present State Register 0x000A0000 */
+#define SDHC_PRNSTS                    0x24
+#define SDHC_CMD_INHIBIT               0x00000001
+#define SDHC_DATA_INHIBIT              0x00000002
+#define SDHC_DAT_LINE_ACTIVE           0x00000004
+#define SDHC_DOING_WRITE               0x00000100
+#define SDHC_DOING_READ                0x00000200
+#define SDHC_SPACE_AVAILABLE           0x00000400
+#define SDHC_DATA_AVAILABLE            0x00000800
+#define SDHC_CARD_PRESENT              0x00010000
+#define SDHC_CARD_DETECT               0x00040000
+#define SDHC_WRITE_PROTECT             0x00080000
+#define TRANSFERRING_DATA(x)           \
+    ((x) & (SDHC_DOING_READ | SDHC_DOING_WRITE))
+
+/* R/W Host control Register 0x0 */
+#define SDHC_HOSTCTL                   0x28
+#define SDHC_CTRL_DMA_CHECK_MASK       0x18
+#define SDHC_CTRL_SDMA                 0x00
+#define SDHC_CTRL_ADMA1_32             0x01
+#define SDHC_CTRL_ADMA2_32             0x10
+#define SDHC_CTRL_ADMA2_64             0x18
+#define SDHC_DMA_TYPE(x)               ((x) & SDHC_CTRL_DMA_CHECK_MASK)
+
+/* R/W Power Control Register 0x0 */
+#define SDHC_PWRCON                    0x29
+#define SDHC_POWER_ON                  (1 << 0)
+
+/* R/W Block Gap Control Register 0x0 */
+#define SDHC_BLKGAP                    0x2A
+#define SDHC_STOP_AT_GAP_REQ           0x01
+#define SDHC_CONTINUE_REQ              0x02
+
+/* R/W WakeUp Control Register 0x0 */
+#define SDHC_WAKCON                    0x2B
+#define SDHC_WKUP_ON_INS               (1 << 1)
+#define SDHC_WKUP_ON_RMV               (1 << 2)
+
+/* CLKCON */
+#define SDHC_CLKCON                    0x2C
+#define SDHC_CLOCK_INT_STABLE          0x0002
+#define SDHC_CLOCK_INT_EN              0x0001
+#define SDHC_CLOCK_SDCLK_EN            (1 << 2)
+#define SDHC_CLOCK_CHK_MASK            0x0007
+#define SDHC_CLOCK_IS_ON(x)            \
+    (((x) & SDHC_CLOCK_CHK_MASK) == SDHC_CLOCK_CHK_MASK)
+
+/* R/W Timeout Control Register 0x0 */
+#define SDHC_TIMEOUTCON                0x2E
+
+/* R/W Software Reset Register 0x0 */
+#define SDHC_SWRST                     0x2F
+#define SDHC_RESET_ALL                 0x01
+#define SDHC_RESET_CMD                 0x02
+#define SDHC_RESET_DATA                0x04
+
+/* ROC/RW1C Normal Interrupt Status Register 0x0 */
+#define SDHC_NORINTSTS                 0x30
+#define SDHC_NIS_ERR                   0x8000
+#define SDHC_NIS_CMDCMP                0x0001
+#define SDHC_NIS_TRSCMP                0x0002
+#define SDHC_NIS_BLKGAP                0x0004
+#define SDHC_NIS_DMA                   0x0008
+#define SDHC_NIS_WBUFRDY               0x0010
+#define SDHC_NIS_RBUFRDY               0x0020
+#define SDHC_NIS_INSERT                0x0040
+#define SDHC_NIS_REMOVE                0x0080
+#define SDHC_NIS_CARDINT               0x0100
+
+/* ROC/RW1C Error Interrupt Status Register 0x0 */
+#define SDHC_ERRINTSTS                 0x32
+#define SDHC_EIS_CMDTIMEOUT            0x0001
+#define SDHC_EIS_BLKGAP                0x0004
+#define SDHC_EIS_CMDIDX                0x0008
+#define SDHC_EIS_CMD12ERR              0x0100
+#define SDHC_EIS_ADMAERR               0x0200
+
+/* R/W Normal Interrupt Status Enable Register 0x0 */
+#define SDHC_NORINTSTSEN               0x34
+#define SDHC_NISEN_CMDCMP              0x0001
+#define SDHC_NISEN_TRSCMP              0x0002
+#define SDHC_NISEN_DMA                 0x0008
+#define SDHC_NISEN_WBUFRDY             0x0010
+#define SDHC_NISEN_RBUFRDY             0x0020
+#define SDHC_NISEN_INSERT              0x0040
+#define SDHC_NISEN_REMOVE              0x0080
+#define SDHC_NISEN_CARDINT             0x0100
+
+/* R/W Error Interrupt Status Enable Register 0x0 */
+#define SDHC_ERRINTSTSEN               0x36
+#define SDHC_EISEN_CMDTIMEOUT          0x0001
+#define SDHC_EISEN_BLKGAP              0x0004
+#define SDHC_EISEN_CMDIDX              0x0008
+#define SDHC_EISEN_ADMAERR             0x0200
+
+/* R/W Normal Interrupt Signal Enable Register 0x0 */
+#define SDHC_NORINTSIGEN               0x38
+#define SDHC_NORINTSIG_INSERT          (1 << 6)
+#define SDHC_NORINTSIG_REMOVE          (1 << 7)
+
+/* R/W Error Interrupt Signal Enable Register 0x0 */
+#define SDHC_ERRINTSIGEN               0x3A
+
+/* ROC Auto CMD12 error status register 0x0 */
+#define SDHC_ACMD12ERRSTS              0x3C
+
+/* HWInit Capabilities Register 0x05E80080 */
+#define SDHC_CAPAREG                   0x40
+#define SDHC_CAN_DO_DMA                0x00400000
+#define SDHC_CAN_DO_ADMA2              0x00080000
+#define SDHC_CAN_DO_ADMA1              0x00100000
+#define SDHC_64_BIT_BUS_SUPPORT        (1 << 28)
+#define SDHC_CAPAB_BLOCKSIZE(x)        (((x) >> 16) & 0x3)
+
+/* HWInit Maximum Current Capabilities Register 0x0 */
+#define SDHC_MAXCURR                   0x48
+
+/* W Force Event Auto CMD12 Error Interrupt Register 0x0000 */
+#define SDHC_FEAER                     0x50
+/* W Force Event Error Interrupt Register Error Interrupt 0x0000 */
+#define SDHC_FEERR                     0x52
+
+/* R/W ADMA Error Status Register 0x00 */
+#define SDHC_ADMAERR                   0x54
+#define SDHC_ADMAERR_LENGTH_MISMATCH   (1 << 2)
+#define SDHC_ADMAERR_STATE_ST_STOP     (0 << 0)
+#define SDHC_ADMAERR_STATE_ST_FDS      (1 << 0)
+#define SDHC_ADMAERR_STATE_ST_TFR      (3 << 0)
+#define SDHC_ADMAERR_STATE_MASK        (3 << 0)
+
+/* R/W ADMA System Address Register 0x00 */
+#define SDHC_ADMASYSADDR               0x58
+#define SDHC_ADMA_ATTR_SET_LEN         (1 << 4)
+#define SDHC_ADMA_ATTR_ACT_TRAN        (1 << 5)
+#define SDHC_ADMA_ATTR_ACT_LINK        (3 << 4)
+#define SDHC_ADMA_ATTR_INT             (1 << 2)
+#define SDHC_ADMA_ATTR_END             (1 << 1)
+#define SDHC_ADMA_ATTR_VALID           (1 << 0)
+#define SDHC_ADMA_ATTR_ACT_MASK        ((1 << 4)|(1 << 5))
+
+/* Slot interrupt status */
+#define SDHC_SLOT_INT_STATUS            0xFC
+
+/* HWInit Host Controller Version Register 0x0401 */
+#define SDHC_HCVER                      0xFE
+#define SD_HOST_SPECv2_VERS             0x2401
+
+#define SDHC_REGISTERS_MAP_SIZE         0x100
+#define SDHC_INSERTION_DELAY            (get_ticks_per_sec())
+#define SDHC_CMD_RESPONSE               (3 << 0)
+
+enum {
+    sdhc_not_stoped = 0,  /* normal SDHC state */
+    sdhc_gap_read   = 1,  /* SDHC stopped at block gap during read operation */
+    sdhc_gap_write  = 2   /* SDHC stopped at block gap during write operation */
+};
+
+/* SD/MMC host controller state */
+typedef struct SDHCIState {
+    SysBusDevice busdev;
+    SDState *card;
+    MemoryRegion iomem;
+
+    QEMUTimer *insert_timer;       /* timer for 'changing' sd card. */
+    qemu_irq eject_cb;
+    qemu_irq ro_cb;
+    qemu_irq irq;
+
+    uint32_t sdmasysad;    /* SDMA System Address register */
+    uint16_t blksize;      /* Host DMA Buff Boundary and Transfer BlkSize Reg */
+    uint16_t blkcnt;       /* Blocks count for current transfer */
+    uint32_t argument;     /* Command Argument Register */
+    uint16_t trnmod;       /* Transfer Mode Setting Register */
+    uint16_t cmdreg;       /* Command Register */
+    uint32_t rspreg[4];    /* Response Registers 0-3 */
+    uint32_t prnsts;       /* Present State Register */
+    uint8_t  hostctl;      /* Host Control Register */
+    uint8_t  pwrcon;       /* Power control Register */
+    uint8_t  blkgap;       /* Block Gap Control Register */
+    uint8_t  wakcon;       /* WakeUp Control Register */
+    uint16_t clkcon;       /* Clock control Register */
+    uint8_t  timeoutcon;   /* Timeout Control Register */
+    uint8_t  admaerr;      /* ADMA Error Status Register */
+    uint16_t norintsts;    /* Normal Interrupt Status Register */
+    uint16_t errintsts;    /* Error Interrupt Status Register */
+    uint16_t norintstsen;  /* Normal Interrupt Status Enable Register */
+    uint16_t errintstsen;  /* Error Interrupt Status Enable Register */
+    uint16_t norintsigen;  /* Normal Interrupt Signal Enable Register */
+    uint16_t errintsigen;  /* Error Interrupt Signal Enable Register */
+    uint16_t acmd12errsts; /* Auto CMD12 error status register */
+    uint16_t slotint;      /* Slot interrupt status register */
+    uint64_t admasysaddr;  /* ADMA System Address Register */
+
+    uint32_t capareg;      /* Capabilities Register */
+    uint32_t maxcurr;      /* Maximum Current Capabilities Register */
+    uint8_t  *fifo_buffer; /* SD host i/o FIFO buffer */
+    uint32_t buf_maxsz;
+    uint16_t data_count;   /* current element in FIFO buffer */
+    uint8_t  stoped_state; /* Current SDHC state */
+    /* Buffer Data Port Register - virtual access point to R and W buffers */
+    /* Software Reset Register - always reads as 0 */
+    /* Force Event Auto CMD12 Error Interrupt Reg - write only */
+    /* Force Event Error Interrupt Register- write only */
+    /* RO Host Controller Version Register always reads as 0x2401 */
+} SDHCIState;
+
+typedef struct SDHCIClass {
+    SysBusDeviceClass busdev_class;
+
+    void (*reset)(SDHCIState *s);
+    uint32_t (*mem_read)(SDHCIState *s, unsigned int offset, unsigned size);
+    void (*mem_write)(SDHCIState *s, unsigned int offset, uint32_t value,
+            unsigned size);
+    void (*send_command)(SDHCIState *s);
+    bool (*can_issue_command)(SDHCIState *s);
+    void (*start_data_transfer)(SDHCIState *s);
+    void (*end_data_transfer)(SDHCIState *s);
+    void (*do_sdma_single)(SDHCIState *s);
+    void (*do_sdma_multi)(SDHCIState *s);
+    void (*do_adma)(SDHCIState *s);
+    void (*read_block_from_card)(SDHCIState *s);
+    void (*write_block_to_card)(SDHCIState *s);
+    uint32_t (*bdata_read)(SDHCIState *s, unsigned size);
+    void (*bdata_write)(SDHCIState *s, uint32_t value, unsigned size);
+} SDHCIClass;
+
+extern const VMStateDescription sdhci_vmstate;
+
+#define TYPE_SDHCI            "sdhci"
+#define SDHCI(obj)            \
+     OBJECT_CHECK(SDHCIState, (obj), TYPE_SDHCI)
+#define SDHCI_CLASS(klass)    \
+     OBJECT_CLASS_CHECK(SDHCIClass, (klass), TYPE_SDHCI)
+#define SDHCI_GET_CLASS(obj)  \
+     OBJECT_GET_CLASS(SDHCIClass, (obj), TYPE_SDHCI)
+
+#endif /* _SDHC_H_ */