Patchwork [v7,1/3] hw: introduce standard SD host controller

login
register
mail settings
Submitter Peter Crosthwaite
Date Oct. 30, 2012, 5:03 a.m.
Message ID <90941ddaa3ea1d1314ccf4207df33e88ca4491a2.1351572887.git.peter.crosthwaite@xilinx.com>
Download mbox | patch
Permalink /patch/195286/
State New
Headers show

Comments

Peter Crosthwaite - Oct. 30, 2012, 5:03 a.m.
From: Igor Mitsyanko <i.mitsyanko@samsung.com>

Device model for standard SD Host Controller Interface (SDHCI) compliant with
version 2.00 of SD association specification.

Signed-off-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Signed-off-by: Igor Mitsyanko <i.mitsyanko@samsung.com>
---
changed from v6:
convert bitfield extractions to use bitops
s/cpu_physical_memory_foo/dma_memory_foo/
Added transfer timer. Transfers (including DMA) now happen after a short
(100ns) delay. Successive ADMA trasfers each wait the 100ns delay so QEMU will
not lockup if the guest makes and ADMA infinate loop. (PMM review)
s/start_transfer/do_transfer. This name was inaccurate especially for ADMA as
start_trasfer can now be called as a continuation of an ADMA list.
Dont define SDHC_DEBUG if its already defined
Added comment about ADMA descriptor endianness assumption
do le_to_cpu on ADMA bits to preserve le endianness assumption on be hosts
changed from v5 (Igor):
remove slotint register from SDHCI state;
calculate slotint register value dynamically;
changed from v4 (Igor):
s/sdhc_not_stoped/sdhc_not_stopped/
s/stoped_state/stopped_state/
s/stoped_adma/stopped_adma/
stop insert timer when host controller resets;
stop and free insert timer, free eject_cb and ro_cb in deinit function;
drop redundant "(s->trnmod & SDHC_TRNS_MULTI)" clause;
add comment to Property struct;
changed from v1:
Fixed include guard (Andreas review)
Rebased for new Makefile system
changed from v2:
Typographical fixes for adma implementation

 default-configs/arm-softmmu.mak |    2 +
 hw/Makefile.objs                |    1 +
 hw/sdhci.c                      | 1299 +++++++++++++++++++++++++++++++++++++++
 hw/sdhci.h                      |  311 ++++++++++
 4 files changed, 1613 insertions(+), 0 deletions(-)
 create mode 100644 hw/sdhci.c
 create mode 100644 hw/sdhci.h
Mitsyanko Igor - Nov. 1, 2012, 5:21 p.m.
Hi, Peter, I did some testing and noticed significant performance 
reduction compared to previous version without transfer_timer.

For read operation:

Testcase (count x blocksize)     previous version           new version
1000x1Mb                                         10.9 
Mb/s                7.23 Mb/s
16000x4kb 11.01 Mb/s              8.5 Mb/s
300000x512b                                    6.47 Mb/s                
6 Mb/s

For write operation:
1000x1Mb                                         11.72 Mb/s              
11.08 Mb/s
16000x4kb 2.9 Mb/s                  1.5 Mb/s
200000x512b                                    382 kb/s                  
197 kb/s

So, as you can see, degradation in performance is up to 100% for 512b 
blocks writes!

What I'm suggesting to regain performance is:

1. We shouldn't set transfer_timer in sdhci_send_command(), call 
SDHCI_GET_CLASS(s)->data_transfer(s) directly.

2. Set transfer_timer and return from unfinished ADMA transfer only if 
we've already did some specific number of ADMA loops (say, 5).
In reality I havn't seen Linux to compose ADMA descriptor tables with 
more then 5 descriptor lines, this way our QEMU-lockup concerns
will still go away while we regain performance.

I also ran tests after applying these two changes above, and got almost 
the same performance as in "previous version", but it was still lower
by 5-10% for ADMA and SDMA-read transfers, and it increased for SDMA 
write transfers by 20-40%. I can't explain it, dma_memory_*() seems to
do the same thing as cpu_physical_memory_rw().


On 10/30/2012 09:03 AM, Peter Crosthwaite wrote:

> +        dscr->attr = (uint8_t)extract32(adma1, 0, 7);
> +        dscr->incr = 4;
> +        if ((dscr->attr & SDHC_ADMA_ATTR_ACT_MASK) == SDHC_ADMA_ATTR_SET_LEN) {
> +            dscr->length = (uint16_t)extract32(adma1, 12, 16);
> +        } else {
> +            dscr->length = 4096;
> +        }
> +        break;
> +    case SDHC_CTRL_ADMA2_64:
> +        dma_memory_read(&dma_context_memory, entry_addr,
> +                        (uint8_t *)(&dscr->attr), 1);
> +        dma_memory_read(&dma_context_memory, entry_addr + 2,
> +                        (uint8_t *)(&dscr->length), 2);
> +        dscr->length = le16_to_cpu(dscr->length);
> +        dma_memory_read(&dma_context_memory, entry_addr + 4,
> +                        (uint8_t *)(&dscr->addr), 8);
> +        dscr->attr = le64_to_cpu(dscr->attr);
> +        dscr->attr &= 0xfffffff8;

These two lines should use dscr->addr instead of dscr->attr


> +        dscr->incr = 12;
> +        break;
> +    }
> +}
> +
> +/* Advanced DMA data transfer */
> +
> +static void sdhci_do_adma(SDHCIState *s)
> +{
> +    unsigned int n, begin, length;
> +    const uint16_t block_size = s->blksize & 0x0fff;
> +    ADMADescr dscr;
> +
> +    s->admaerr &= ~SDHC_ADMAERR_LENGTH_MISMATCH;
> +
> +    get_adma_description(s, &dscr);
> +    DPRINT_L2("ADMA loop: addr=" TARGET_FMT_plx ", len=%d, attr=%x\n",
> +            dscr.addr, dscr.length, dscr.attr);
> +
> +    if ((dscr.attr & SDHC_ADMA_ATTR_VALID) == 0) {
> +        /* Indicate that error occurred in ST_FDS state */
> +        s->admaerr &= ~SDHC_ADMAERR_STATE_MASK;
> +        s->admaerr |= SDHC_ADMAERR_STATE_ST_FDS;
> +
> +        /* Generate ADMA error interrupt */
> +        if (s->errintstsen & SDHC_EISEN_ADMAERR) {
> +            s->errintsts |= SDHC_EIS_ADMAERR;
> +            s->norintsts |= SDHC_NIS_ERR;
> +        }
> +
> +        sdhci_update_irq(s);
> +        return;
> +    }
> +
> +    length = dscr.length ? dscr.length : 65536;
> +
> +    switch (dscr.attr & SDHC_ADMA_ATTR_ACT_MASK) {
> +    case SDHC_ADMA_ATTR_ACT_TRAN:  /* data transfer */
> +
> +        if (s->trnmod & SDHC_TRNS_READ) {
> +            while (length) {
> +                if (s->data_count == 0) {
> +                    for (n = 0; n < block_size; n++) {
> +                        s->fifo_buffer[n] = sd_read_data(s->card);
> +                    }
> +                }
> +                begin = s->data_count;
> +                if ((length + begin) < block_size) {
> +                    s->data_count = length + begin;
> +                    length = 0;
> +                 } else {
> +                    s->data_count = block_size;
> +                    length -= block_size - begin;
> +                }
> +                dma_memory_write(&dma_context_memory, dscr.addr,
> +                                 &s->fifo_buffer[begin],
> +                                 s->data_count - begin);
> +                dscr.addr += s->data_count - begin;
> +                if (s->data_count == block_size) {
> +                    s->data_count = 0;
> +                    if (s->trnmod & SDHC_TRNS_BLK_CNT_EN) {
> +                        s->blkcnt--;
> +                        if (s->blkcnt == 0) {
> +                            break;
> +                        }
> +                    }
> +                }
> +            }
> +        } else {
> +            while (length) {
> +                begin = s->data_count;
> +                if ((length + begin) < block_size) {
> +                    s->data_count = length + begin;
> +                    length = 0;
> +                 } else {
> +                    s->data_count = block_size;
> +                    length -= block_size - begin;
> +                }
> +                dma_memory_read(&dma_context_memory, dscr.addr,
> +                                &s->fifo_buffer[begin], s->data_count);
> +                dscr.addr += s->data_count - begin;
> +                if (s->data_count == block_size) {
> +                    for (n = 0; n < block_size; n++) {
> +                        sd_write_data(s->card, s->fifo_buffer[n]);
> +                    }
> +                    s->data_count = 0;
> +                    if (s->trnmod & SDHC_TRNS_BLK_CNT_EN) {
> +                        s->blkcnt--;
> +                        if (s->blkcnt == 0) {
> +                            break;
> +                        }
> +                    }
> +                }
> +            }
> +        }
> +        s->admasysaddr += dscr.incr;
> +        break;
> +    case SDHC_ADMA_ATTR_ACT_LINK:   /* link to next descriptor table */
> +        s->admasysaddr = dscr.addr;
> +        DPRINT_L1("ADMA link: admasysaddr=0x%lx\n", s->admasysaddr);
> +        break;
> +    default:
> +        s->admasysaddr += dscr.incr;
> +        break;
> +    }
> +
> +    /* ADMA transfer terminates if blkcnt == 0 or by END attribute */
> +    if (((s->trnmod & SDHC_TRNS_BLK_CNT_EN) &&
> +                (s->blkcnt == 0)) || (dscr.attr & SDHC_ADMA_ATTR_END)) {
> +        DPRINT_L2("ADMA transfer completed\n");
> +        if (length || ((dscr.attr & SDHC_ADMA_ATTR_END) &&
> +            (s->trnmod & SDHC_TRNS_BLK_CNT_EN) &&
> +            s->blkcnt != 0) || ((s->trnmod & SDHC_TRNS_BLK_CNT_EN) &&
> +            s->blkcnt == 0 && (dscr.attr & SDHC_ADMA_ATTR_END) == 0)) {
> +            ERRPRINT("SD/MMC host ADMA length mismatch\n");
> +            s->admaerr |= SDHC_ADMAERR_LENGTH_MISMATCH |
> +                    SDHC_ADMAERR_STATE_ST_TFR;
> +            if (s->errintstsen & SDHC_EISEN_ADMAERR) {
> +                ERRPRINT("Set ADMA error flag\n");
> +                s->errintsts |= SDHC_EIS_ADMAERR;
> +                s->norintsts |= SDHC_NIS_ERR;
> +            }
> +
> +            sdhci_update_irq(s);
> +        }
> +        SDHCI_GET_CLASS(s)->end_data_transfer(s);
> +        return;
> +    }
> +
> +    if (dscr.attr & SDHC_ADMA_ATTR_INT) {
> +        DPRINT_L1("ADMA interrupt: admasysaddr=0x%lx\n", s->admasysaddr);
> +        if (s->norintstsen & SDHC_NISEN_DMA) {
> +            s->norintsts |= SDHC_NIS_DMA;
> +        }
> +
> +        sdhci_update_irq(s);
> +        return;
> +    }
> +
> +    /* we have unfinished bussiness - reschedule to continue ADMA */
> +    qemu_mod_timer(s->transfer_timer,
> +                   qemu_get_clock_ns(vm_clock) + SDHC_TRANSFER_DELAY);
> +}
> +
> +/* Perform data transfer according to controller configuration */
> +
> +static void sdhci_data_transfer(SDHCIState *s)
> +{
> +    SDHCIClass *k = SDHCI_GET_CLASS(s);
> +    s->data_count = 0;
> +
> +    if (s->trnmod & SDHC_TRNS_DMA) {
> +        switch (SDHC_DMA_TYPE(s->hostctl)) {
> +        case SDHC_CTRL_SDMA:
> +            if ((s->trnmod & SDHC_TRNS_MULTI) &&
> +                    (!(s->trnmod & SDHC_TRNS_BLK_CNT_EN) || s->blkcnt == 0)) {
> +                break;
> +            }
> +
> +            if ((s->blkcnt == 1) || !(s->trnmod & SDHC_TRNS_MULTI)) {
> +                k->do_sdma_single(s);
> +            } else {
> +                k->do_sdma_multi(s);
> +            }
> +
> +            break;
> +        case SDHC_CTRL_ADMA1_32:
> +            if (!(s->capareg & SDHC_CAN_DO_ADMA1)) {
> +                ERRPRINT("ADMA1 not supported\n");
> +                break;
> +            }
> +
> +            k->do_adma(s);
> +            break;
> +        case SDHC_CTRL_ADMA2_32:
> +            if (!(s->capareg & SDHC_CAN_DO_ADMA2)) {
> +                ERRPRINT("ADMA2 not supported\n");
> +                break;
> +            }
> +
> +            k->do_adma(s);
> +            break;
> +        case SDHC_CTRL_ADMA2_64:
> +            if (!(s->capareg & SDHC_CAN_DO_ADMA2) ||
> +                    !(s->capareg & SDHC_64_BIT_BUS_SUPPORT)) {
> +                ERRPRINT("64 bit ADMA not supported\n");
> +                break;
> +            }
> +
> +            k->do_adma(s);
> +            break;
> +        default:
> +            ERRPRINT("Unsupported DMA type\n");
> +            break;
> +        }
> +    } else {
> +        if ((s->trnmod & SDHC_TRNS_READ) && sd_data_ready(s->card)) {
> +            s->prnsts |= SDHC_DOING_READ | SDHC_DATA_INHIBIT |
> +                    SDHC_DAT_LINE_ACTIVE;
> +            SDHCI_GET_CLASS(s)->read_block_from_card(s);
> +        } else {
> +            s->prnsts |= SDHC_DOING_WRITE | SDHC_DAT_LINE_ACTIVE |
> +                    SDHC_SPACE_AVAILABLE | SDHC_DATA_INHIBIT;
> +            SDHCI_GET_CLASS(s)->write_block_to_card(s);
> +        }
> +    }
> +}
> +
> +static bool sdhci_can_issue_command(SDHCIState *s)
> +{
> +    if (!SDHC_CLOCK_IS_ON(s->clkcon) || !(s->pwrcon & SDHC_POWER_ON) ||
> +        (((s->prnsts & SDHC_DATA_INHIBIT) || s->stopped_state) &&
> +        ((s->cmdreg & SDHC_CMD_DATA_PRESENT) ||
> +        ((s->cmdreg & SDHC_CMD_RESPONSE) == SDHC_CMD_RSP_WITH_BUSY &&
> +        !(SDHC_COMMAND_TYPE(s->cmdreg) == SDHC_CMD_ABORT))))) {
> +        return false;
> +    }
> +
> +    return true;
> +}
> +
> +/* The Buffer Data Port register must be accessed in sequential and
> + * continuous manner */
> +static inline bool
> +sdhci_buff_access_is_sequential(SDHCIState *s, unsigned byte_num)
> +{
> +    if ((s->data_count & 0x3) != byte_num) {
> +        ERRPRINT("Non-sequential access to Buffer Data Port register"
> +                "is prohibited\n");
> +        return false;
> +    }
> +    return true;
> +}
> +
> +static uint32_t sdhci_read(SDHCIState *s, unsigned int offset, unsigned size)
> +{
> +    uint32_t ret = 0;
> +
> +    switch (offset & ~0x3) {
> +    case SDHC_SYSAD:
> +        ret = s->sdmasysad;
> +        break;
> +    case SDHC_BLKSIZE:
> +        ret = s->blksize | (s->blkcnt << 16);
> +        break;
> +    case SDHC_ARGUMENT:
> +        ret = s->argument;
> +        break;
> +    case SDHC_TRNMOD:
> +        ret = s->trnmod | (s->cmdreg << 16);
> +        break;
> +    case SDHC_RSPREG0 ... SDHC_RSPREG3:
> +        ret = s->rspreg[((offset & ~0x3) - SDHC_RSPREG0) >> 2];
> +        break;
> +    case  SDHC_BDATA:
> +        if (sdhci_buff_access_is_sequential(s, offset - SDHC_BDATA)) {
> +            ret = SDHCI_GET_CLASS(s)->bdata_read(s, size);
> +            DPRINT_L2("read %ub: addr[0x%04x] -> %u\n", size, offset, ret);
> +            return ret;
> +        }
> +        break;
> +    case SDHC_PRNSTS:
> +        ret = s->prnsts;
> +        break;
> +    case SDHC_HOSTCTL:
> +        ret = s->hostctl | (s->pwrcon << 8) | (s->blkgap << 16) |
> +              (s->wakcon << 24);
> +        break;
> +    case SDHC_CLKCON:
> +        ret = s->clkcon | (s->timeoutcon << 16);
> +        break;
> +    case SDHC_NORINTSTS:
> +        ret = s->norintsts | (s->errintsts << 16);
> +        break;
> +    case SDHC_NORINTSTSEN:
> +        ret = s->norintstsen | (s->errintstsen << 16);
> +        break;
> +    case SDHC_NORINTSIGEN:
> +        ret = s->norintsigen | (s->errintsigen << 16);
> +        break;
> +    case SDHC_ACMD12ERRSTS:
> +        ret = s->acmd12errsts;
> +        break;
> +    case SDHC_CAPAREG:
> +        ret = s->capareg;
> +        break;
> +    case SDHC_MAXCURR:
> +        ret = s->maxcurr;
> +        break;
> +    case SDHC_ADMAERR:
> +        ret =  s->admaerr;
> +        break;
> +    case SDHC_ADMASYSADDR:
> +        ret = (uint32_t)s->admasysaddr;
> +        break;
> +    case SDHC_ADMASYSADDR + 4:
> +        ret = (uint32_t)(s->admasysaddr >> 32);
> +        break;
> +    case SDHC_SLOT_INT_STATUS:
> +        ret = (SD_HOST_SPECv2_VERS << 16) | sdhci_slotint(s);
> +        break;
> +    default:
> +        ERRPRINT("bad %ub read: addr[0x%04x]\n", size, offset);
> +        break;
> +    }
> +
> +    ret >>= (offset & 0x3) * 8;
> +    ret &= (1ULL << (size * 8)) - 1;
> +    DPRINT_L2("read %ub: addr[0x%04x] -> %u(0x%x)\n", size, offset, ret, ret);
> +    return ret;
> +}
> +
> +static inline void sdhci_blkgap_write(SDHCIState *s, uint8_t value)
> +{
> +    if ((value & SDHC_STOP_AT_GAP_REQ) && (s->blkgap & SDHC_STOP_AT_GAP_REQ)) {
> +        return;
> +    }
> +    s->blkgap = value & SDHC_STOP_AT_GAP_REQ;
> +
> +    if ((value & SDHC_CONTINUE_REQ) && s->stopped_state &&
> +            (s->blkgap & SDHC_STOP_AT_GAP_REQ) == 0) {
> +        if (s->stopped_state == sdhc_gap_read) {
> +            s->prnsts |= SDHC_DAT_LINE_ACTIVE | SDHC_DOING_READ;
> +            SDHCI_GET_CLASS(s)->read_block_from_card(s);
> +        } else {
> +            s->prnsts |= SDHC_DAT_LINE_ACTIVE | SDHC_DOING_WRITE;
> +            SDHCI_GET_CLASS(s)->write_block_to_card(s);
> +        }
> +        s->stopped_state = sdhc_not_stopped;
> +    } else if (!s->stopped_state && (value & SDHC_STOP_AT_GAP_REQ)) {
> +        if (s->prnsts & SDHC_DOING_READ) {
> +            s->stopped_state = sdhc_gap_read;
> +        } else if (s->prnsts & SDHC_DOING_WRITE) {
> +            s->stopped_state = sdhc_gap_write;
> +        }
> +    }
> +}
> +
> +static inline void sdhci_reset_write(SDHCIState *s, uint8_t value)
> +{
> +    switch (value) {
> +    case SDHC_RESET_ALL:
> +        DEVICE_GET_CLASS(s)->reset(DEVICE(s));
> +        break;
> +    case SDHC_RESET_CMD:
> +        s->prnsts &= ~SDHC_CMD_INHIBIT;
> +        s->norintsts &= ~SDHC_NIS_CMDCMP;
> +        break;
> +    case SDHC_RESET_DATA:
> +        s->data_count = 0;
> +        s->prnsts &= ~(SDHC_SPACE_AVAILABLE | SDHC_DATA_AVAILABLE |
> +                SDHC_DOING_READ | SDHC_DOING_WRITE |
> +                SDHC_DATA_INHIBIT | SDHC_DAT_LINE_ACTIVE);
> +        s->blkgap &= ~(SDHC_STOP_AT_GAP_REQ | SDHC_CONTINUE_REQ);
> +        s->stopped_state = sdhc_not_stopped;
> +        s->norintsts &= ~(SDHC_NIS_WBUFRDY | SDHC_NIS_RBUFRDY |
> +                SDHC_NIS_DMA | SDHC_NIS_TRSCMP | SDHC_NIS_BLKGAP);
> +        break;
> +    }
> +}
> +
> +static void
> +sdhci_write(SDHCIState *s, unsigned int offset, uint32_t value, unsigned size)
> +{
> +    unsigned shift =  8 * (offset & 0x3);
> +    uint32_t mask = ~(((1ULL << (size * 8)) - 1) << shift);
> +    value <<= shift;
> +
> +    switch (offset & ~0x3) {
> +    case SDHC_SYSAD:
> +        s->sdmasysad = (s->sdmasysad & mask) | value;
> +        MASKED_WRITE(s->sdmasysad, mask, value);
> +        /* Writing to last byte of sdmasysad might trigger transfer */
> +        if (!(mask & 0xFF000000) && TRANSFERRING_DATA(s->prnsts) && s->blkcnt &&
> +                s->blksize && SDHC_DMA_TYPE(s->hostctl) == SDHC_CTRL_SDMA) {
> +            SDHCI_GET_CLASS(s)->do_sdma_multi(s);
> +        }
> +        break;
> +    case SDHC_BLKSIZE:
> +        if (!TRANSFERRING_DATA(s->prnsts)) {
> +            MASKED_WRITE(s->blksize, mask, value);
> +            MASKED_WRITE(s->blkcnt, mask >> 16, value >> 16);
> +        }
> +        break;
> +    case SDHC_ARGUMENT:
> +        MASKED_WRITE(s->argument, mask, value);
> +        break;
> +    case SDHC_TRNMOD:
> +        /* DMA can be enabled only if it is supported as indicated by
> +         * capabilities register */
> +        if (!(s->capareg & SDHC_CAN_DO_DMA)) {
> +            value &= ~SDHC_TRNS_DMA;
> +        }
> +        MASKED_WRITE(s->trnmod, mask, value);
> +        MASKED_WRITE(s->cmdreg, mask >> 16, value >> 16);
> +
> +        /* Writing to the upper byte of CMDREG triggers SD command generation */
> +        if ((mask & 0xFF000000) || !SDHCI_GET_CLASS(s)->can_issue_command(s)) {
> +            break;
> +        }
> +
> +        SDHCI_GET_CLASS(s)->send_command(s);
> +        break;
> +    case  SDHC_BDATA:
> +        if (sdhci_buff_access_is_sequential(s, offset - SDHC_BDATA)) {
> +            SDHCI_GET_CLASS(s)->bdata_write(s, value >> shift, size);
> +        }
> +        break;
> +    case SDHC_HOSTCTL:
> +        if (!(mask & 0xFF0000)) {
> +            sdhci_blkgap_write(s, value >> 16);
> +        }
> +        MASKED_WRITE(s->hostctl, mask, value);
> +        MASKED_WRITE(s->pwrcon, mask >> 8, value >> 8);
> +        MASKED_WRITE(s->wakcon, mask >> 24, value >> 24);
> +        if (!(s->prnsts & SDHC_CARD_PRESENT) || ((s->pwrcon >> 1) & 0x7) < 5 ||
> +                !(s->capareg & (1 << (31 - ((s->pwrcon >> 1) & 0x7))))) {
> +            s->pwrcon &= ~SDHC_POWER_ON;
> +        }
> +        break;
> +    case SDHC_CLKCON:
> +        if (!(mask & 0xFF000000)) {
> +            sdhci_reset_write(s, value >> 24);
> +        }
> +        MASKED_WRITE(s->clkcon, mask, value);
> +        MASKED_WRITE(s->timeoutcon, mask >> 16, value >> 16);
> +        if (s->clkcon & SDHC_CLOCK_INT_EN) {
> +            s->clkcon |= SDHC_CLOCK_INT_STABLE;
> +        } else {
> +            s->clkcon &= ~SDHC_CLOCK_INT_STABLE;
> +        }
> +        break;
> +    case SDHC_NORINTSTS:
> +        if (s->norintstsen & SDHC_NISEN_CARDINT) {
> +            value &= ~SDHC_NIS_CARDINT;
> +        }
> +        s->norintsts &= mask | ~value;
> +        s->errintsts &= (mask >> 16) | ~(value >> 16);
> +        if (s->errintsts) {
> +            s->norintsts |= SDHC_NIS_ERR;
> +        } else {
> +            s->norintsts &= ~SDHC_NIS_ERR;
> +        }
> +        sdhci_update_irq(s);
> +        break;
> +    case SDHC_NORINTSTSEN:
> +        MASKED_WRITE(s->norintstsen, mask, value);
> +        MASKED_WRITE(s->errintstsen, mask >> 16, value >> 16);
> +        s->norintsts &= s->norintstsen;
> +        s->errintsts &= s->errintstsen;
> +        if (s->errintsts) {
> +            s->norintsts |= SDHC_NIS_ERR;
> +        } else {
> +            s->norintsts &= ~SDHC_NIS_ERR;
> +        }
> +        sdhci_update_irq(s);
> +        break;
> +    case SDHC_NORINTSIGEN:
> +        MASKED_WRITE(s->norintsigen, mask, value);
> +        MASKED_WRITE(s->errintsigen, mask >> 16, value >> 16);
> +        sdhci_update_irq(s);
> +        break;
> +    case SDHC_ADMAERR:
> +        MASKED_WRITE(s->admaerr, mask, value);
> +        break;
> +    case SDHC_ADMASYSADDR:
> +        s->admasysaddr = (s->admasysaddr & (0xFFFFFFFF00000000ULL |
> +                (uint64_t)mask)) | (uint64_t)value;
> +        break;
> +    case SDHC_ADMASYSADDR + 4:
> +        s->admasysaddr = (s->admasysaddr & (0x00000000FFFFFFFFULL |
> +                ((uint64_t)mask << 32))) | ((uint64_t)value << 32);
> +        break;
> +    case SDHC_FEAER:
> +        s->acmd12errsts |= value;
> +        s->errintsts |= (value >> 16) & s->errintstsen;
> +        if (s->acmd12errsts) {
> +            s->errintsts |= SDHC_EIS_CMD12ERR;
> +        }
> +        if (s->errintsts) {
> +            s->norintsts |= SDHC_NIS_ERR;
> +        }
> +        sdhci_update_irq(s);
> +        break;
> +    default:
> +        ERRPRINT("bad %ub write offset: addr[0x%04x] <- %u(0x%x)\n",
> +                size, offset, value >> shift, value >> shift);
> +        break;
> +    }
> +    DPRINT_L2("write %ub: addr[0x%04x] <- %u(0x%x)\n",
> +            size, offset, value >> shift, value >> shift);
> +}
> +
> +static uint64_t
> +sdhci_readfn(void *opaque, hwaddr offset, unsigned size)
> +{
> +    SDHCIState *s = (SDHCIState *)opaque;
> +
> +    return SDHCI_GET_CLASS(s)->mem_read(s, offset, size);
> +}
> +
> +static void
> +sdhci_writefn(void *opaque, hwaddr off, uint64_t val, unsigned sz)
> +{
> +    SDHCIState *s = (SDHCIState *)opaque;
> +
> +    SDHCI_GET_CLASS(s)->mem_write(s, off, val, sz);
> +}
> +
> +static const MemoryRegionOps sdhci_mmio_ops = {
> +    .read = sdhci_readfn,
> +    .write = sdhci_writefn,
> +    .valid = {
> +        .min_access_size = 1,
> +        .max_access_size = 4,
> +        .unaligned = false
> +    },
> +    .endianness = DEVICE_LITTLE_ENDIAN,
> +};
> +
> +static inline unsigned int sdhci_get_fifolen(SDHCIState *s)
> +{
> +    switch (SDHC_CAPAB_BLOCKSIZE(s->capareg)) {
> +    case 0:
> +        return 512;
> +    case 1:
> +        return 1024;
> +    case 2:
> +        return 2048;
> +    default:
> +        hw_error("SDHC: unsupported value for maximum block size\n");
> +        return 0;
> +    }
> +}
> +
> +static void sdhci_initfn(Object *obj)
> +{
> +    SDHCIState *s = SDHCI(obj);
> +    DriveInfo *di;
> +
> +    di = drive_get_next(IF_SD);
> +    s->card = sd_init(di ? di->bdrv : NULL, 0);
> +    s->eject_cb = qemu_allocate_irqs(sdhci_insert_eject_cb, s, 1)[0];
> +    s->ro_cb = qemu_allocate_irqs(sdhci_card_readonly_cb, s, 1)[0];
> +    sd_set_cb(s->card, s->ro_cb, s->eject_cb);
> +
> +    s->insert_timer = qemu_new_timer_ns(vm_clock, sdhci_raise_insertion_irq, s);
> +    s->transfer_timer = qemu_new_timer_ns(vm_clock, sdhci_do_data_transfer, s);
> +}
> +
> +static void sdhci_uninitfn(Object *obj)
> +{
> +    SDHCIState *s = SDHCI(obj);
> +
> +    qemu_del_timer(s->insert_timer);
> +    qemu_free_timer(s->insert_timer);
> +    qemu_del_timer(s->transfer_timer);
> +    qemu_free_timer(s->transfer_timer);
> +    qemu_free_irqs(&s->eject_cb);
> +    qemu_free_irqs(&s->ro_cb);
> +
> +    if (s->fifo_buffer) {
> +        g_free(s->fifo_buffer);
> +        s->fifo_buffer = NULL;
> +    }
> +}
> +
> +const VMStateDescription sdhci_vmstate = {
> +    .name = "sdhci",
> +    .version_id = 1,
> +    .minimum_version_id = 1,
> +    .fields      = (VMStateField[]) {
> +        VMSTATE_UINT32(sdmasysad, SDHCIState),
> +        VMSTATE_UINT16(blksize, SDHCIState),
> +        VMSTATE_UINT16(blkcnt, SDHCIState),
> +        VMSTATE_UINT32(argument, SDHCIState),
> +        VMSTATE_UINT16(trnmod, SDHCIState),
> +        VMSTATE_UINT16(cmdreg, SDHCIState),
> +        VMSTATE_UINT32_ARRAY(rspreg, SDHCIState, 4),
> +        VMSTATE_UINT32(prnsts, SDHCIState),
> +        VMSTATE_UINT8(hostctl, SDHCIState),
> +        VMSTATE_UINT8(pwrcon, SDHCIState),
> +        VMSTATE_UINT8(blkgap, SDHCIState),
> +        VMSTATE_UINT8(wakcon, SDHCIState),
> +        VMSTATE_UINT16(clkcon, SDHCIState),
> +        VMSTATE_UINT8(timeoutcon, SDHCIState),
> +        VMSTATE_UINT8(admaerr, SDHCIState),
> +        VMSTATE_UINT16(norintsts, SDHCIState),
> +        VMSTATE_UINT16(errintsts, SDHCIState),
> +        VMSTATE_UINT16(norintstsen, SDHCIState),
> +        VMSTATE_UINT16(errintstsen, SDHCIState),
> +        VMSTATE_UINT16(norintsigen, SDHCIState),
> +        VMSTATE_UINT16(errintsigen, SDHCIState),
> +        VMSTATE_UINT16(acmd12errsts, SDHCIState),
> +        VMSTATE_UINT16(data_count, SDHCIState),
> +        VMSTATE_UINT64(admasysaddr, SDHCIState),
> +        VMSTATE_UINT8(stopped_state, SDHCIState),
> +        VMSTATE_VBUFFER_UINT32(fifo_buffer, SDHCIState, 1, NULL, 0, buf_maxsz),
> +        VMSTATE_TIMER(insert_timer, SDHCIState),
> +        VMSTATE_TIMER(transfer_timer, SDHCIState),
> +        VMSTATE_END_OF_LIST()
> +    }
> +};
> +
> +/* Capabilities registers provide information on supported features of this
> + * specific host controller implementation */
> +static Property sdhci_properties[] = {
> +    DEFINE_PROP_HEX32("capareg", SDHCIState, capareg,
> +            SDHC_CAPAB_REG_DEFAULT),
> +    DEFINE_PROP_HEX32("maxcurr", SDHCIState, maxcurr, 0),
> +    DEFINE_PROP_END_OF_LIST(),
> +};
> +
> +static int sdhci_realize(SysBusDevice *busdev)
> +{
> +    SDHCIState *s = SDHCI(busdev);
> +
> +    s->buf_maxsz = sdhci_get_fifolen(s);
> +    s->fifo_buffer = g_malloc0(s->buf_maxsz);
> +    sysbus_init_irq(busdev, &s->irq);
> +    memory_region_init_io(&s->iomem, &sdhci_mmio_ops, s, "sdhci",
> +            SDHC_REGISTERS_MAP_SIZE);
> +    sysbus_init_mmio(busdev, &s->iomem);
> +    return 0;
> +}
> +
> +static void sdhci_generic_reset(DeviceState *ds)
> +{
> +    SDHCIState *s = SDHCI(ds);
> +    SDHCI_GET_CLASS(s)->reset(s);
> +}
> +
> +static void sdhci_class_init(ObjectClass *klass, void *data)
> +{
> +    DeviceClass *dc = DEVICE_CLASS(klass);
> +    SysBusDeviceClass *sbdc = SYS_BUS_DEVICE_CLASS(klass);
> +    SDHCIClass *k = SDHCI_CLASS(klass);
> +
> +    dc->vmsd = &sdhci_vmstate;
> +    dc->props = sdhci_properties;
> +    dc->reset = sdhci_generic_reset;
> +    sbdc->init = sdhci_realize;
> +
> +    k->reset = sdhci_reset;
> +    k->mem_read = sdhci_read;
> +    k->mem_write = sdhci_write;
> +    k->send_command = sdhci_send_command;
> +    k->can_issue_command = sdhci_can_issue_command;
> +    k->data_transfer = sdhci_data_transfer;
> +    k->end_data_transfer = sdhci_end_transfer;
> +    k->do_sdma_single = sdhci_sdma_transfer_single_block;
> +    k->do_sdma_multi = sdhci_sdma_transfer_multi_blocks;
> +    k->do_adma = sdhci_do_adma;
> +    k->read_block_from_card = sdhci_read_block_from_card;
> +    k->write_block_to_card = sdhci_write_block_to_card;
> +    k->bdata_read = sdhci_read_dataport;
> +    k->bdata_write = sdhci_write_dataport;
> +}
> +
> +static const TypeInfo sdhci_type_info = {
> +    .name = TYPE_SDHCI,
> +    .parent = TYPE_SYS_BUS_DEVICE,
> +    .instance_size = sizeof(SDHCIState),
> +    .instance_init = sdhci_initfn,
> +    .instance_finalize = sdhci_uninitfn,
> +    .class_init = sdhci_class_init,
> +    .class_size = sizeof(SDHCIClass)
> +};
> +
> +static void sdhci_register_types(void)
> +{
> +    type_register_static(&sdhci_type_info);
> +}
> +
> +type_init(sdhci_register_types)
> diff --git a/hw/sdhci.h b/hw/sdhci.h
> new file mode 100644
> index 0000000..6b67873
> --- /dev/null
> +++ b/hw/sdhci.h
> @@ -0,0 +1,311 @@
> +/*
> + * SD Association Host Standard Specification v2.0 controller emulation
> + *
> + * Copyright (c) 2011 Samsung Electronics Co., Ltd.
> + * Mitsyanko Igor <i.mitsyanko@samsung.com>
> + * Peter A.G. Crosthwaite <peter.crosthwaite@petalogix.com>
> + *
> + * Based on MMC controller for Samsung S5PC1xx-based board emulation
> + * by Alexey Merkulov and Vladimir Monakhov.
> + *
> + * This program is free software; you can redistribute it and/or modify it
> + * under the terms of the GNU General Public License as published by the
> + * Free Software Foundation; either version 2 of the License, or (at your
> + * option) any later version.
> + *
> + * This program is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
> + * See the GNU General Public License for more details.
> + *
> + * You should have received a copy of the GNU General Public License along
> + * with this program; if not, see <http://www.gnu.org/licenses/>.
> + */
> +
> +#ifndef SDHCI_H
> +#define SDHCI_H
> +
> +#include "qemu-common.h"
> +#include "sysbus.h"
> +#include "sd.h"
> +
> +/* R/W SDMA System Address register 0x0 */
> +#define SDHC_SYSAD                     0x00
> +
> +/* R/W Host DMA Buffer Boundary and Transfer Block Size Register 0x0 */
> +#define SDHC_BLKSIZE                   0x04
> +
> +/* R/W Blocks count for current transfer 0x0 */
> +#define SDHC_BLKCNT                    0x06
> +
> +/* R/W Command Argument Register 0x0 */
> +#define SDHC_ARGUMENT                  0x08
> +
> +/* R/W Transfer Mode Setting Register 0x0 */
> +#define SDHC_TRNMOD                    0x0C
> +#define SDHC_TRNS_DMA                  0x0001
> +#define SDHC_TRNS_BLK_CNT_EN           0x0002
> +#define SDHC_TRNS_ACMD12               0x0004
> +#define SDHC_TRNS_READ                 0x0010
> +#define SDHC_TRNS_MULTI                0x0020
> +
> +/* R/W Command Register 0x0 */
> +#define SDHC_CMDREG                    0x0E
> +#define SDHC_CMD_RSP_WITH_BUSY         (3 << 0)
> +#define SDHC_CMD_DATA_PRESENT          (1 << 5)
> +#define SDHC_CMD_SUSPEND               (1 << 6)
> +#define SDHC_CMD_RESUME                (1 << 7)
> +#define SDHC_CMD_ABORT                 ((1 << 6)|(1 << 7))
> +#define SDHC_CMD_TYPE_MASK             ((1 << 6)|(1 << 7))
> +#define SDHC_COMMAND_TYPE(x)           ((x) & SDHC_CMD_TYPE_MASK)
> +
> +/* ROC Response Register 0 0x0 */
> +#define SDHC_RSPREG0                   0x10
> +/* ROC Response Register 1 0x0 */
> +#define SDHC_RSPREG1                   0x14
> +/* ROC Response Register 2 0x0 */
> +#define SDHC_RSPREG2                   0x18
> +/* ROC Response Register 3 0x0 */
> +#define SDHC_RSPREG3                   0x1C
> +
> +/* R/W Buffer Data Register 0x0 */
> +#define SDHC_BDATA                     0x20
> +
> +/* R/ROC Present State Register 0x000A0000 */
> +#define SDHC_PRNSTS                    0x24
> +#define SDHC_CMD_INHIBIT               0x00000001
> +#define SDHC_DATA_INHIBIT              0x00000002
> +#define SDHC_DAT_LINE_ACTIVE           0x00000004
> +#define SDHC_DOING_WRITE               0x00000100
> +#define SDHC_DOING_READ                0x00000200
> +#define SDHC_SPACE_AVAILABLE           0x00000400
> +#define SDHC_DATA_AVAILABLE            0x00000800
> +#define SDHC_CARD_PRESENT              0x00010000
> +#define SDHC_CARD_DETECT               0x00040000
> +#define SDHC_WRITE_PROTECT             0x00080000
> +#define TRANSFERRING_DATA(x)           \
> +    ((x) & (SDHC_DOING_READ | SDHC_DOING_WRITE))
> +
> +/* R/W Host control Register 0x0 */
> +#define SDHC_HOSTCTL                   0x28
> +#define SDHC_CTRL_DMA_CHECK_MASK       0x18
> +#define SDHC_CTRL_SDMA                 0x00
> +#define SDHC_CTRL_ADMA1_32             0x08
> +#define SDHC_CTRL_ADMA2_32             0x10
> +#define SDHC_CTRL_ADMA2_64             0x18
> +#define SDHC_DMA_TYPE(x)               ((x) & SDHC_CTRL_DMA_CHECK_MASK)
> +
> +/* R/W Power Control Register 0x0 */
> +#define SDHC_PWRCON                    0x29
> +#define SDHC_POWER_ON                  (1 << 0)
> +
> +/* R/W Block Gap Control Register 0x0 */
> +#define SDHC_BLKGAP                    0x2A
> +#define SDHC_STOP_AT_GAP_REQ           0x01
> +#define SDHC_CONTINUE_REQ              0x02
> +
> +/* R/W WakeUp Control Register 0x0 */
> +#define SDHC_WAKCON                    0x2B
> +#define SDHC_WKUP_ON_INS               (1 << 1)
> +#define SDHC_WKUP_ON_RMV               (1 << 2)
> +
> +/* CLKCON */
> +#define SDHC_CLKCON                    0x2C
> +#define SDHC_CLOCK_INT_STABLE          0x0002
> +#define SDHC_CLOCK_INT_EN              0x0001
> +#define SDHC_CLOCK_SDCLK_EN            (1 << 2)
> +#define SDHC_CLOCK_CHK_MASK            0x0007
> +#define SDHC_CLOCK_IS_ON(x)            \
> +    (((x) & SDHC_CLOCK_CHK_MASK) == SDHC_CLOCK_CHK_MASK)
> +
> +/* R/W Timeout Control Register 0x0 */
> +#define SDHC_TIMEOUTCON                0x2E
> +
> +/* R/W Software Reset Register 0x0 */
> +#define SDHC_SWRST                     0x2F
> +#define SDHC_RESET_ALL                 0x01
> +#define SDHC_RESET_CMD                 0x02
> +#define SDHC_RESET_DATA                0x04
> +
> +/* ROC/RW1C Normal Interrupt Status Register 0x0 */
> +#define SDHC_NORINTSTS                 0x30
> +#define SDHC_NIS_ERR                   0x8000
> +#define SDHC_NIS_CMDCMP                0x0001
> +#define SDHC_NIS_TRSCMP                0x0002
> +#define SDHC_NIS_BLKGAP                0x0004
> +#define SDHC_NIS_DMA                   0x0008
> +#define SDHC_NIS_WBUFRDY               0x0010
> +#define SDHC_NIS_RBUFRDY               0x0020
> +#define SDHC_NIS_INSERT                0x0040
> +#define SDHC_NIS_REMOVE                0x0080
> +#define SDHC_NIS_CARDINT               0x0100
> +
> +/* ROC/RW1C Error Interrupt Status Register 0x0 */
> +#define SDHC_ERRINTSTS                 0x32
> +#define SDHC_EIS_CMDTIMEOUT            0x0001
> +#define SDHC_EIS_BLKGAP                0x0004
> +#define SDHC_EIS_CMDIDX                0x0008
> +#define SDHC_EIS_CMD12ERR              0x0100
> +#define SDHC_EIS_ADMAERR               0x0200
> +
> +/* R/W Normal Interrupt Status Enable Register 0x0 */
> +#define SDHC_NORINTSTSEN               0x34
> +#define SDHC_NISEN_CMDCMP              0x0001
> +#define SDHC_NISEN_TRSCMP              0x0002
> +#define SDHC_NISEN_DMA                 0x0008
> +#define SDHC_NISEN_WBUFRDY             0x0010
> +#define SDHC_NISEN_RBUFRDY             0x0020
> +#define SDHC_NISEN_INSERT              0x0040
> +#define SDHC_NISEN_REMOVE              0x0080
> +#define SDHC_NISEN_CARDINT             0x0100
> +
> +/* R/W Error Interrupt Status Enable Register 0x0 */
> +#define SDHC_ERRINTSTSEN               0x36
> +#define SDHC_EISEN_CMDTIMEOUT          0x0001
> +#define SDHC_EISEN_BLKGAP              0x0004
> +#define SDHC_EISEN_CMDIDX              0x0008
> +#define SDHC_EISEN_ADMAERR             0x0200
> +
> +/* R/W Normal Interrupt Signal Enable Register 0x0 */
> +#define SDHC_NORINTSIGEN               0x38
> +#define SDHC_NORINTSIG_INSERT          (1 << 6)
> +#define SDHC_NORINTSIG_REMOVE          (1 << 7)
> +
> +/* R/W Error Interrupt Signal Enable Register 0x0 */
> +#define SDHC_ERRINTSIGEN               0x3A
> +
> +/* ROC Auto CMD12 error status register 0x0 */
> +#define SDHC_ACMD12ERRSTS              0x3C
> +
> +/* HWInit Capabilities Register 0x05E80080 */
> +#define SDHC_CAPAREG                   0x40
> +#define SDHC_CAN_DO_DMA                0x00400000
> +#define SDHC_CAN_DO_ADMA2              0x00080000
> +#define SDHC_CAN_DO_ADMA1              0x00100000
> +#define SDHC_64_BIT_BUS_SUPPORT        (1 << 28)
> +#define SDHC_CAPAB_BLOCKSIZE(x)        (((x) >> 16) & 0x3)
> +
> +/* HWInit Maximum Current Capabilities Register 0x0 */
> +#define SDHC_MAXCURR                   0x48
> +
> +/* W Force Event Auto CMD12 Error Interrupt Register 0x0000 */
> +#define SDHC_FEAER                     0x50
> +/* W Force Event Error Interrupt Register Error Interrupt 0x0000 */
> +#define SDHC_FEERR                     0x52
> +
> +/* R/W ADMA Error Status Register 0x00 */
> +#define SDHC_ADMAERR                   0x54
> +#define SDHC_ADMAERR_LENGTH_MISMATCH   (1 << 2)
> +#define SDHC_ADMAERR_STATE_ST_STOP     (0 << 0)
> +#define SDHC_ADMAERR_STATE_ST_FDS      (1 << 0)
> +#define SDHC_ADMAERR_STATE_ST_TFR      (3 << 0)
> +#define SDHC_ADMAERR_STATE_MASK        (3 << 0)
> +
> +/* R/W ADMA System Address Register 0x00 */
> +#define SDHC_ADMASYSADDR               0x58
> +#define SDHC_ADMA_ATTR_SET_LEN         (1 << 4)
> +#define SDHC_ADMA_ATTR_ACT_TRAN        (1 << 5)
> +#define SDHC_ADMA_ATTR_ACT_LINK        (3 << 4)
> +#define SDHC_ADMA_ATTR_INT             (1 << 2)
> +#define SDHC_ADMA_ATTR_END             (1 << 1)
> +#define SDHC_ADMA_ATTR_VALID           (1 << 0)
> +#define SDHC_ADMA_ATTR_ACT_MASK        ((1 << 4)|(1 << 5))
> +
> +/* Slot interrupt status */
> +#define SDHC_SLOT_INT_STATUS            0xFC
> +
> +/* HWInit Host Controller Version Register 0x0401 */
> +#define SDHC_HCVER                      0xFE
> +#define SD_HOST_SPECv2_VERS             0x2401
> +
> +#define SDHC_REGISTERS_MAP_SIZE         0x100
> +#define SDHC_INSERTION_DELAY            (get_ticks_per_sec())
> +#define SDHC_TRANSFER_DELAY             100
> +#define SDHC_CMD_RESPONSE               (3 << 0)
> +
> +enum {
> +    sdhc_not_stopped = 0, /* normal SDHC state */
> +    sdhc_gap_read   = 1,  /* SDHC stopped at block gap during read operation */
> +    sdhc_gap_write  = 2   /* SDHC stopped at block gap during write operation */
> +};
> +
> +/* SD/MMC host controller state */
> +typedef struct SDHCIState {
> +    SysBusDevice busdev;
> +    SDState *card;
> +    MemoryRegion iomem;
> +
> +    QEMUTimer *insert_timer;       /* timer for 'changing' sd card. */
> +    QEMUTimer *transfer_timer;
> +    qemu_irq eject_cb;
> +    qemu_irq ro_cb;
> +    qemu_irq irq;
> +
> +    uint32_t sdmasysad;    /* SDMA System Address register */
> +    uint16_t blksize;      /* Host DMA Buff Boundary and Transfer BlkSize Reg */
> +    uint16_t blkcnt;       /* Blocks count for current transfer */
> +    uint32_t argument;     /* Command Argument Register */
> +    uint16_t trnmod;       /* Transfer Mode Setting Register */
> +    uint16_t cmdreg;       /* Command Register */
> +    uint32_t rspreg[4];    /* Response Registers 0-3 */
> +    uint32_t prnsts;       /* Present State Register */
> +    uint8_t  hostctl;      /* Host Control Register */
> +    uint8_t  pwrcon;       /* Power control Register */
> +    uint8_t  blkgap;       /* Block Gap Control Register */
> +    uint8_t  wakcon;       /* WakeUp Control Register */
> +    uint16_t clkcon;       /* Clock control Register */
> +    uint8_t  timeoutcon;   /* Timeout Control Register */
> +    uint8_t  admaerr;      /* ADMA Error Status Register */
> +    uint16_t norintsts;    /* Normal Interrupt Status Register */
> +    uint16_t errintsts;    /* Error Interrupt Status Register */
> +    uint16_t norintstsen;  /* Normal Interrupt Status Enable Register */
> +    uint16_t errintstsen;  /* Error Interrupt Status Enable Register */
> +    uint16_t norintsigen;  /* Normal Interrupt Signal Enable Register */
> +    uint16_t errintsigen;  /* Error Interrupt Signal Enable Register */
> +    uint16_t acmd12errsts; /* Auto CMD12 error status register */
> +    uint64_t admasysaddr;  /* ADMA System Address Register */
> +
> +    uint32_t capareg;      /* Capabilities Register */
> +    uint32_t maxcurr;      /* Maximum Current Capabilities Register */
> +    uint8_t  *fifo_buffer; /* SD host i/o FIFO buffer */
> +    uint32_t buf_maxsz;
> +    uint16_t data_count;   /* current element in FIFO buffer */
> +    uint8_t  stopped_state;/* Current SDHC state */
> +    /* Buffer Data Port Register - virtual access point to R and W buffers */
> +    /* Software Reset Register - always reads as 0 */
> +    /* Force Event Auto CMD12 Error Interrupt Reg - write only */
> +    /* Force Event Error Interrupt Register- write only */
> +    /* RO Host Controller Version Register always reads as 0x2401 */
> +} SDHCIState;
> +
> +typedef struct SDHCIClass {
> +    SysBusDeviceClass busdev_class;
> +
> +    void (*reset)(SDHCIState *s);
> +    uint32_t (*mem_read)(SDHCIState *s, unsigned int offset, unsigned size);
> +    void (*mem_write)(SDHCIState *s, unsigned int offset, uint32_t value,
> +            unsigned size);
> +    void (*send_command)(SDHCIState *s);
> +    bool (*can_issue_command)(SDHCIState *s);
> +    void (*data_transfer)(SDHCIState *s);
> +    void (*end_data_transfer)(SDHCIState *s);
> +    void (*do_sdma_single)(SDHCIState *s);
> +    void (*do_sdma_multi)(SDHCIState *s);
> +    void (*do_adma)(SDHCIState *s);
> +    void (*read_block_from_card)(SDHCIState *s);
> +    void (*write_block_to_card)(SDHCIState *s);
> +    uint32_t (*bdata_read)(SDHCIState *s, unsigned size);
> +    void (*bdata_write)(SDHCIState *s, uint32_t value, unsigned size);
> +} SDHCIClass;
> +
> +extern const VMStateDescription sdhci_vmstate;
> +
> +#define TYPE_SDHCI            "sdhci"
> +#define SDHCI(obj)            \
> +     OBJECT_CHECK(SDHCIState, (obj), TYPE_SDHCI)
> +#define SDHCI_CLASS(klass)    \
> +     OBJECT_CLASS_CHECK(SDHCIClass, (klass), TYPE_SDHCI)
> +#define SDHCI_GET_CLASS(obj)  \
> +     OBJECT_GET_CLASS(SDHCIClass, (obj), TYPE_SDHCI)
> +
> +#endif /* SDHCI_H */
Peter Crosthwaite - Nov. 2, 2012, 2:21 a.m.
On Fri, Nov 2, 2012 at 3:21 AM, Igor Mitsyanko <i.mitsyanko@samsung.com> wrote:
> Hi, Peter, I did some testing and noticed significant performance reduction
> compared to previous version without transfer_timer.
>
> For read operation:
>
> Testcase (count x blocksize)     previous version           new version
> 1000x1Mb                                         10.9 Mb/s
> 7.23 Mb/s
> 16000x4kb 11.01 Mb/s              8.5 Mb/s
> 300000x512b                                    6.47 Mb/s                6
> Mb/s
>
> For write operation:
> 1000x1Mb                                         11.72 Mb/s
> 11.08 Mb/s
> 16000x4kb 2.9 Mb/s                  1.5 Mb/s
> 200000x512b                                    382 kb/s                  197
> kb/s
>
> So, as you can see, degradation in performance is up to 100% for 512b blocks
> writes!
>

Hi Igor,

How does this compare to real hardware? Making it run as fast as
possible is a secondary goal to simulating the hardware accurately. If
we want the be fussy about performance then we should find out how
fast the real hardware runs and make it run at that speed by varying
the timer delays accordingly.

To be honest I just picked a random number (100ns) for the delay which
looking at your results, may be too conservative. Have you tried
reducing this to say 10ns? You might find your performance comes back.
The real solution is to set the delay timer based on how much data
there is to transfer.

> What I'm suggesting to regain performance is:
>
> 1. We shouldn't set transfer_timer in sdhci_send_command(), call
> SDHCI_GET_CLASS(s)->data_transfer(s) directly.
>

Prefer not, because then then different operational modes are
inconsistent with each other which will lead to weird performance
discrepancies between them. I dont see why ADMA should have delay
timers which SDMA doesn't. The delay at this stage is also realistic.

> 2. Set transfer_timer and return from unfinished ADMA transfer only if we've
> already did some specific number of ADMA loops (say, 5).

Sounds hacky, cant you just divide out the delay timer by 5 for the
same speedup but smoother operation?

> In reality I havn't seen Linux to compose ADMA descriptor tables with more
> then 5 descriptor lines, this way our QEMU-lockup concerns
> will still go away while we regain performance.
>
> I also ran tests after applying these two changes above, and got almost the
> same performance as in "previous version", but it was still lower
> by 5-10% for ADMA and SDMA-read transfers, and it increased for SDMA write
> transfers by 20-40%. I can't explain it, dma_memory_*() seems to
> do the same thing as cpu_physical_memory_rw().
>
>

Could be an upstream change??

Regards,
Peter

>
> On 10/30/2012 09:03 AM, Peter Crosthwaite wrote:
>
>> +        dscr->attr = (uint8_t)extract32(adma1, 0, 7);
>> +        dscr->incr = 4;
>> +        if ((dscr->attr & SDHC_ADMA_ATTR_ACT_MASK) ==
>> SDHC_ADMA_ATTR_SET_LEN) {
>> +            dscr->length = (uint16_t)extract32(adma1, 12, 16);
>> +        } else {
>> +            dscr->length = 4096;
>> +        }
>> +        break;
>> +    case SDHC_CTRL_ADMA2_64:
>> +        dma_memory_read(&dma_context_memory, entry_addr,
>> +                        (uint8_t *)(&dscr->attr), 1);
>> +        dma_memory_read(&dma_context_memory, entry_addr + 2,
>> +                        (uint8_t *)(&dscr->length), 2);
>> +        dscr->length = le16_to_cpu(dscr->length);
>> +        dma_memory_read(&dma_context_memory, entry_addr + 4,
>> +                        (uint8_t *)(&dscr->addr), 8);
>> +        dscr->attr = le64_to_cpu(dscr->attr);
>> +        dscr->attr &= 0xfffffff8;
>
>
> These two lines should use dscr->addr instead of dscr->attr
>
>
>
>> +        dscr->incr = 12;
>> +        break;
>> +    }
>> +}
>> +
>> +/* Advanced DMA data transfer */
>> +
>> +static void sdhci_do_adma(SDHCIState *s)
>> +{
>> +    unsigned int n, begin, length;
>> +    const uint16_t block_size = s->blksize & 0x0fff;
>> +    ADMADescr dscr;
>> +
>> +    s->admaerr &= ~SDHC_ADMAERR_LENGTH_MISMATCH;
>> +
>> +    get_adma_description(s, &dscr);
>> +    DPRINT_L2("ADMA loop: addr=" TARGET_FMT_plx ", len=%d, attr=%x\n",
>> +            dscr.addr, dscr.length, dscr.attr);
>> +
>> +    if ((dscr.attr & SDHC_ADMA_ATTR_VALID) == 0) {
>> +        /* Indicate that error occurred in ST_FDS state */
>> +        s->admaerr &= ~SDHC_ADMAERR_STATE_MASK;
>> +        s->admaerr |= SDHC_ADMAERR_STATE_ST_FDS;
>> +
>> +        /* Generate ADMA error interrupt */
>> +        if (s->errintstsen & SDHC_EISEN_ADMAERR) {
>> +            s->errintsts |= SDHC_EIS_ADMAERR;
>> +            s->norintsts |= SDHC_NIS_ERR;
>> +        }
>> +
>> +        sdhci_update_irq(s);
>> +        return;
>> +    }
>> +
>> +    length = dscr.length ? dscr.length : 65536;
>> +
>> +    switch (dscr.attr & SDHC_ADMA_ATTR_ACT_MASK) {
>> +    case SDHC_ADMA_ATTR_ACT_TRAN:  /* data transfer */
>> +
>> +        if (s->trnmod & SDHC_TRNS_READ) {
>> +            while (length) {
>> +                if (s->data_count == 0) {
>> +                    for (n = 0; n < block_size; n++) {
>> +                        s->fifo_buffer[n] = sd_read_data(s->card);
>> +                    }
>> +                }
>> +                begin = s->data_count;
>> +                if ((length + begin) < block_size) {
>> +                    s->data_count = length + begin;
>> +                    length = 0;
>> +                 } else {
>> +                    s->data_count = block_size;
>> +                    length -= block_size - begin;
>> +                }
>> +                dma_memory_write(&dma_context_memory, dscr.addr,
>> +                                 &s->fifo_buffer[begin],
>> +                                 s->data_count - begin);
>> +                dscr.addr += s->data_count - begin;
>> +                if (s->data_count == block_size) {
>> +                    s->data_count = 0;
>> +                    if (s->trnmod & SDHC_TRNS_BLK_CNT_EN) {
>> +                        s->blkcnt--;
>> +                        if (s->blkcnt == 0) {
>> +                            break;
>> +                        }
>> +                    }
>> +                }
>> +            }
>> +        } else {
>> +            while (length) {
>> +                begin = s->data_count;
>> +                if ((length + begin) < block_size) {
>> +                    s->data_count = length + begin;
>> +                    length = 0;
>> +                 } else {
>> +                    s->data_count = block_size;
>> +                    length -= block_size - begin;
>> +                }
>> +                dma_memory_read(&dma_context_memory, dscr.addr,
>> +                                &s->fifo_buffer[begin], s->data_count);
>> +                dscr.addr += s->data_count - begin;
>> +                if (s->data_count == block_size) {
>> +                    for (n = 0; n < block_size; n++) {
>> +                        sd_write_data(s->card, s->fifo_buffer[n]);
>> +                    }
>> +                    s->data_count = 0;
>> +                    if (s->trnmod & SDHC_TRNS_BLK_CNT_EN) {
>> +                        s->blkcnt--;
>> +                        if (s->blkcnt == 0) {
>> +                            break;
>> +                        }
>> +                    }
>> +                }
>> +            }
>> +        }
>> +        s->admasysaddr += dscr.incr;
>> +        break;
>> +    case SDHC_ADMA_ATTR_ACT_LINK:   /* link to next descriptor table */
>> +        s->admasysaddr = dscr.addr;
>> +        DPRINT_L1("ADMA link: admasysaddr=0x%lx\n", s->admasysaddr);
>> +        break;
>> +    default:
>> +        s->admasysaddr += dscr.incr;
>> +        break;
>> +    }
>> +
>> +    /* ADMA transfer terminates if blkcnt == 0 or by END attribute */
>> +    if (((s->trnmod & SDHC_TRNS_BLK_CNT_EN) &&
>> +                (s->blkcnt == 0)) || (dscr.attr & SDHC_ADMA_ATTR_END)) {
>> +        DPRINT_L2("ADMA transfer completed\n");
>> +        if (length || ((dscr.attr & SDHC_ADMA_ATTR_END) &&
>> +            (s->trnmod & SDHC_TRNS_BLK_CNT_EN) &&
>> +            s->blkcnt != 0) || ((s->trnmod & SDHC_TRNS_BLK_CNT_EN) &&
>> +            s->blkcnt == 0 && (dscr.attr & SDHC_ADMA_ATTR_END) == 0)) {
>> +            ERRPRINT("SD/MMC host ADMA length mismatch\n");
>> +            s->admaerr |= SDHC_ADMAERR_LENGTH_MISMATCH |
>> +                    SDHC_ADMAERR_STATE_ST_TFR;
>> +            if (s->errintstsen & SDHC_EISEN_ADMAERR) {
>> +                ERRPRINT("Set ADMA error flag\n");
>> +                s->errintsts |= SDHC_EIS_ADMAERR;
>> +                s->norintsts |= SDHC_NIS_ERR;
>> +            }
>> +
>> +            sdhci_update_irq(s);
>> +        }
>> +        SDHCI_GET_CLASS(s)->end_data_transfer(s);
>> +        return;
>> +    }
>> +
>> +    if (dscr.attr & SDHC_ADMA_ATTR_INT) {
>> +        DPRINT_L1("ADMA interrupt: admasysaddr=0x%lx\n", s->admasysaddr);
>> +        if (s->norintstsen & SDHC_NISEN_DMA) {
>> +            s->norintsts |= SDHC_NIS_DMA;
>> +        }
>> +
>> +        sdhci_update_irq(s);
>> +        return;
>> +    }
>> +
>> +    /* we have unfinished bussiness - reschedule to continue ADMA */
>> +    qemu_mod_timer(s->transfer_timer,
>> +                   qemu_get_clock_ns(vm_clock) + SDHC_TRANSFER_DELAY);
>> +}
>> +
>> +/* Perform data transfer according to controller configuration */
>> +
>> +static void sdhci_data_transfer(SDHCIState *s)
>> +{
>> +    SDHCIClass *k = SDHCI_GET_CLASS(s);
>> +    s->data_count = 0;
>> +
>> +    if (s->trnmod & SDHC_TRNS_DMA) {
>> +        switch (SDHC_DMA_TYPE(s->hostctl)) {
>> +        case SDHC_CTRL_SDMA:
>> +            if ((s->trnmod & SDHC_TRNS_MULTI) &&
>> +                    (!(s->trnmod & SDHC_TRNS_BLK_CNT_EN) || s->blkcnt ==
>> 0)) {
>> +                break;
>> +            }
>> +
>> +            if ((s->blkcnt == 1) || !(s->trnmod & SDHC_TRNS_MULTI)) {
>> +                k->do_sdma_single(s);
>> +            } else {
>> +                k->do_sdma_multi(s);
>> +            }
>> +
>> +            break;
>> +        case SDHC_CTRL_ADMA1_32:
>> +            if (!(s->capareg & SDHC_CAN_DO_ADMA1)) {
>> +                ERRPRINT("ADMA1 not supported\n");
>> +                break;
>> +            }
>> +
>> +            k->do_adma(s);
>> +            break;
>> +        case SDHC_CTRL_ADMA2_32:
>> +            if (!(s->capareg & SDHC_CAN_DO_ADMA2)) {
>> +                ERRPRINT("ADMA2 not supported\n");
>> +                break;
>> +            }
>> +
>> +            k->do_adma(s);
>> +            break;
>> +        case SDHC_CTRL_ADMA2_64:
>> +            if (!(s->capareg & SDHC_CAN_DO_ADMA2) ||
>> +                    !(s->capareg & SDHC_64_BIT_BUS_SUPPORT)) {
>> +                ERRPRINT("64 bit ADMA not supported\n");
>> +                break;
>> +            }
>> +
>> +            k->do_adma(s);
>> +            break;
>> +        default:
>> +            ERRPRINT("Unsupported DMA type\n");
>> +            break;
>> +        }
>> +    } else {
>> +        if ((s->trnmod & SDHC_TRNS_READ) && sd_data_ready(s->card)) {
>> +            s->prnsts |= SDHC_DOING_READ | SDHC_DATA_INHIBIT |
>> +                    SDHC_DAT_LINE_ACTIVE;
>> +            SDHCI_GET_CLASS(s)->read_block_from_card(s);
>> +        } else {
>> +            s->prnsts |= SDHC_DOING_WRITE | SDHC_DAT_LINE_ACTIVE |
>> +                    SDHC_SPACE_AVAILABLE | SDHC_DATA_INHIBIT;
>> +            SDHCI_GET_CLASS(s)->write_block_to_card(s);
>> +        }
>> +    }
>> +}
>> +
>> +static bool sdhci_can_issue_command(SDHCIState *s)
>> +{
>> +    if (!SDHC_CLOCK_IS_ON(s->clkcon) || !(s->pwrcon & SDHC_POWER_ON) ||
>> +        (((s->prnsts & SDHC_DATA_INHIBIT) || s->stopped_state) &&
>> +        ((s->cmdreg & SDHC_CMD_DATA_PRESENT) ||
>> +        ((s->cmdreg & SDHC_CMD_RESPONSE) == SDHC_CMD_RSP_WITH_BUSY &&
>> +        !(SDHC_COMMAND_TYPE(s->cmdreg) == SDHC_CMD_ABORT))))) {
>> +        return false;
>> +    }
>> +
>> +    return true;
>> +}
>> +
>> +/* The Buffer Data Port register must be accessed in sequential and
>> + * continuous manner */
>> +static inline bool
>> +sdhci_buff_access_is_sequential(SDHCIState *s, unsigned byte_num)
>> +{
>> +    if ((s->data_count & 0x3) != byte_num) {
>> +        ERRPRINT("Non-sequential access to Buffer Data Port register"
>> +                "is prohibited\n");
>> +        return false;
>> +    }
>> +    return true;
>> +}
>> +
>> +static uint32_t sdhci_read(SDHCIState *s, unsigned int offset, unsigned
>> size)
>> +{
>> +    uint32_t ret = 0;
>> +
>> +    switch (offset & ~0x3) {
>> +    case SDHC_SYSAD:
>> +        ret = s->sdmasysad;
>> +        break;
>> +    case SDHC_BLKSIZE:
>> +        ret = s->blksize | (s->blkcnt << 16);
>> +        break;
>> +    case SDHC_ARGUMENT:
>> +        ret = s->argument;
>> +        break;
>> +    case SDHC_TRNMOD:
>> +        ret = s->trnmod | (s->cmdreg << 16);
>> +        break;
>> +    case SDHC_RSPREG0 ... SDHC_RSPREG3:
>> +        ret = s->rspreg[((offset & ~0x3) - SDHC_RSPREG0) >> 2];
>> +        break;
>> +    case  SDHC_BDATA:
>> +        if (sdhci_buff_access_is_sequential(s, offset - SDHC_BDATA)) {
>> +            ret = SDHCI_GET_CLASS(s)->bdata_read(s, size);
>> +            DPRINT_L2("read %ub: addr[0x%04x] -> %u\n", size, offset,
>> ret);
>> +            return ret;
>> +        }
>> +        break;
>> +    case SDHC_PRNSTS:
>> +        ret = s->prnsts;
>> +        break;
>> +    case SDHC_HOSTCTL:
>> +        ret = s->hostctl | (s->pwrcon << 8) | (s->blkgap << 16) |
>> +              (s->wakcon << 24);
>> +        break;
>> +    case SDHC_CLKCON:
>> +        ret = s->clkcon | (s->timeoutcon << 16);
>> +        break;
>> +    case SDHC_NORINTSTS:
>> +        ret = s->norintsts | (s->errintsts << 16);
>> +        break;
>> +    case SDHC_NORINTSTSEN:
>> +        ret = s->norintstsen | (s->errintstsen << 16);
>> +        break;
>> +    case SDHC_NORINTSIGEN:
>> +        ret = s->norintsigen | (s->errintsigen << 16);
>> +        break;
>> +    case SDHC_ACMD12ERRSTS:
>> +        ret = s->acmd12errsts;
>> +        break;
>> +    case SDHC_CAPAREG:
>> +        ret = s->capareg;
>> +        break;
>> +    case SDHC_MAXCURR:
>> +        ret = s->maxcurr;
>> +        break;
>> +    case SDHC_ADMAERR:
>> +        ret =  s->admaerr;
>> +        break;
>> +    case SDHC_ADMASYSADDR:
>> +        ret = (uint32_t)s->admasysaddr;
>> +        break;
>> +    case SDHC_ADMASYSADDR + 4:
>> +        ret = (uint32_t)(s->admasysaddr >> 32);
>> +        break;
>> +    case SDHC_SLOT_INT_STATUS:
>> +        ret = (SD_HOST_SPECv2_VERS << 16) | sdhci_slotint(s);
>> +        break;
>> +    default:
>> +        ERRPRINT("bad %ub read: addr[0x%04x]\n", size, offset);
>> +        break;
>> +    }
>> +
>> +    ret >>= (offset & 0x3) * 8;
>> +    ret &= (1ULL << (size * 8)) - 1;
>> +    DPRINT_L2("read %ub: addr[0x%04x] -> %u(0x%x)\n", size, offset, ret,
>> ret);
>> +    return ret;
>> +}
>> +
>> +static inline void sdhci_blkgap_write(SDHCIState *s, uint8_t value)
>> +{
>> +    if ((value & SDHC_STOP_AT_GAP_REQ) && (s->blkgap &
>> SDHC_STOP_AT_GAP_REQ)) {
>> +        return;
>> +    }
>> +    s->blkgap = value & SDHC_STOP_AT_GAP_REQ;
>> +
>> +    if ((value & SDHC_CONTINUE_REQ) && s->stopped_state &&
>> +            (s->blkgap & SDHC_STOP_AT_GAP_REQ) == 0) {
>> +        if (s->stopped_state == sdhc_gap_read) {
>> +            s->prnsts |= SDHC_DAT_LINE_ACTIVE | SDHC_DOING_READ;
>> +            SDHCI_GET_CLASS(s)->read_block_from_card(s);
>> +        } else {
>> +            s->prnsts |= SDHC_DAT_LINE_ACTIVE | SDHC_DOING_WRITE;
>> +            SDHCI_GET_CLASS(s)->write_block_to_card(s);
>> +        }
>> +        s->stopped_state = sdhc_not_stopped;
>> +    } else if (!s->stopped_state && (value & SDHC_STOP_AT_GAP_REQ)) {
>> +        if (s->prnsts & SDHC_DOING_READ) {
>> +            s->stopped_state = sdhc_gap_read;
>> +        } else if (s->prnsts & SDHC_DOING_WRITE) {
>> +            s->stopped_state = sdhc_gap_write;
>> +        }
>> +    }
>> +}
>> +
>> +static inline void sdhci_reset_write(SDHCIState *s, uint8_t value)
>> +{
>> +    switch (value) {
>> +    case SDHC_RESET_ALL:
>> +        DEVICE_GET_CLASS(s)->reset(DEVICE(s));
>> +        break;
>> +    case SDHC_RESET_CMD:
>> +        s->prnsts &= ~SDHC_CMD_INHIBIT;
>> +        s->norintsts &= ~SDHC_NIS_CMDCMP;
>> +        break;
>> +    case SDHC_RESET_DATA:
>> +        s->data_count = 0;
>> +        s->prnsts &= ~(SDHC_SPACE_AVAILABLE | SDHC_DATA_AVAILABLE |
>> +                SDHC_DOING_READ | SDHC_DOING_WRITE |
>> +                SDHC_DATA_INHIBIT | SDHC_DAT_LINE_ACTIVE);
>> +        s->blkgap &= ~(SDHC_STOP_AT_GAP_REQ | SDHC_CONTINUE_REQ);
>> +        s->stopped_state = sdhc_not_stopped;
>> +        s->norintsts &= ~(SDHC_NIS_WBUFRDY | SDHC_NIS_RBUFRDY |
>> +                SDHC_NIS_DMA | SDHC_NIS_TRSCMP | SDHC_NIS_BLKGAP);
>> +        break;
>> +    }
>> +}
>> +
>> +static void
>> +sdhci_write(SDHCIState *s, unsigned int offset, uint32_t value, unsigned
>> size)
>> +{
>> +    unsigned shift =  8 * (offset & 0x3);
>> +    uint32_t mask = ~(((1ULL << (size * 8)) - 1) << shift);
>> +    value <<= shift;
>> +
>> +    switch (offset & ~0x3) {
>> +    case SDHC_SYSAD:
>> +        s->sdmasysad = (s->sdmasysad & mask) | value;
>> +        MASKED_WRITE(s->sdmasysad, mask, value);
>> +        /* Writing to last byte of sdmasysad might trigger transfer */
>> +        if (!(mask & 0xFF000000) && TRANSFERRING_DATA(s->prnsts) &&
>> s->blkcnt &&
>> +                s->blksize && SDHC_DMA_TYPE(s->hostctl) ==
>> SDHC_CTRL_SDMA) {
>> +            SDHCI_GET_CLASS(s)->do_sdma_multi(s);
>> +        }
>> +        break;
>> +    case SDHC_BLKSIZE:
>> +        if (!TRANSFERRING_DATA(s->prnsts)) {
>> +            MASKED_WRITE(s->blksize, mask, value);
>> +            MASKED_WRITE(s->blkcnt, mask >> 16, value >> 16);
>> +        }
>> +        break;
>> +    case SDHC_ARGUMENT:
>> +        MASKED_WRITE(s->argument, mask, value);
>> +        break;
>> +    case SDHC_TRNMOD:
>> +        /* DMA can be enabled only if it is supported as indicated by
>> +         * capabilities register */
>> +        if (!(s->capareg & SDHC_CAN_DO_DMA)) {
>> +            value &= ~SDHC_TRNS_DMA;
>> +        }
>> +        MASKED_WRITE(s->trnmod, mask, value);
>> +        MASKED_WRITE(s->cmdreg, mask >> 16, value >> 16);
>> +
>> +        /* Writing to the upper byte of CMDREG triggers SD command
>> generation */
>> +        if ((mask & 0xFF000000) ||
>> !SDHCI_GET_CLASS(s)->can_issue_command(s)) {
>> +            break;
>> +        }
>> +
>> +        SDHCI_GET_CLASS(s)->send_command(s);
>> +        break;
>> +    case  SDHC_BDATA:
>> +        if (sdhci_buff_access_is_sequential(s, offset - SDHC_BDATA)) {
>> +            SDHCI_GET_CLASS(s)->bdata_write(s, value >> shift, size);
>> +        }
>> +        break;
>> +    case SDHC_HOSTCTL:
>> +        if (!(mask & 0xFF0000)) {
>> +            sdhci_blkgap_write(s, value >> 16);
>> +        }
>> +        MASKED_WRITE(s->hostctl, mask, value);
>> +        MASKED_WRITE(s->pwrcon, mask >> 8, value >> 8);
>> +        MASKED_WRITE(s->wakcon, mask >> 24, value >> 24);
>> +        if (!(s->prnsts & SDHC_CARD_PRESENT) || ((s->pwrcon >> 1) & 0x7)
>> < 5 ||
>> +                !(s->capareg & (1 << (31 - ((s->pwrcon >> 1) & 0x7))))) {
>> +            s->pwrcon &= ~SDHC_POWER_ON;
>> +        }
>> +        break;
>> +    case SDHC_CLKCON:
>> +        if (!(mask & 0xFF000000)) {
>> +            sdhci_reset_write(s, value >> 24);
>> +        }
>> +        MASKED_WRITE(s->clkcon, mask, value);
>> +        MASKED_WRITE(s->timeoutcon, mask >> 16, value >> 16);
>> +        if (s->clkcon & SDHC_CLOCK_INT_EN) {
>> +            s->clkcon |= SDHC_CLOCK_INT_STABLE;
>> +        } else {
>> +            s->clkcon &= ~SDHC_CLOCK_INT_STABLE;
>> +        }
>> +        break;
>> +    case SDHC_NORINTSTS:
>> +        if (s->norintstsen & SDHC_NISEN_CARDINT) {
>> +            value &= ~SDHC_NIS_CARDINT;
>> +        }
>> +        s->norintsts &= mask | ~value;
>> +        s->errintsts &= (mask >> 16) | ~(value >> 16);
>> +        if (s->errintsts) {
>> +            s->norintsts |= SDHC_NIS_ERR;
>> +        } else {
>> +            s->norintsts &= ~SDHC_NIS_ERR;
>> +        }
>> +        sdhci_update_irq(s);
>> +        break;
>> +    case SDHC_NORINTSTSEN:
>> +        MASKED_WRITE(s->norintstsen, mask, value);
>> +        MASKED_WRITE(s->errintstsen, mask >> 16, value >> 16);
>> +        s->norintsts &= s->norintstsen;
>> +        s->errintsts &= s->errintstsen;
>> +        if (s->errintsts) {
>> +            s->norintsts |= SDHC_NIS_ERR;
>> +        } else {
>> +            s->norintsts &= ~SDHC_NIS_ERR;
>> +        }
>> +        sdhci_update_irq(s);
>> +        break;
>> +    case SDHC_NORINTSIGEN:
>> +        MASKED_WRITE(s->norintsigen, mask, value);
>> +        MASKED_WRITE(s->errintsigen, mask >> 16, value >> 16);
>> +        sdhci_update_irq(s);
>> +        break;
>> +    case SDHC_ADMAERR:
>> +        MASKED_WRITE(s->admaerr, mask, value);
>> +        break;
>> +    case SDHC_ADMASYSADDR:
>> +        s->admasysaddr = (s->admasysaddr & (0xFFFFFFFF00000000ULL |
>> +                (uint64_t)mask)) | (uint64_t)value;
>> +        break;
>> +    case SDHC_ADMASYSADDR + 4:
>> +        s->admasysaddr = (s->admasysaddr & (0x00000000FFFFFFFFULL |
>> +                ((uint64_t)mask << 32))) | ((uint64_t)value << 32);
>> +        break;
>> +    case SDHC_FEAER:
>> +        s->acmd12errsts |= value;
>> +        s->errintsts |= (value >> 16) & s->errintstsen;
>> +        if (s->acmd12errsts) {
>> +            s->errintsts |= SDHC_EIS_CMD12ERR;
>> +        }
>> +        if (s->errintsts) {
>> +            s->norintsts |= SDHC_NIS_ERR;
>> +        }
>> +        sdhci_update_irq(s);
>> +        break;
>> +    default:
>> +        ERRPRINT("bad %ub write offset: addr[0x%04x] <- %u(0x%x)\n",
>> +                size, offset, value >> shift, value >> shift);
>> +        break;
>> +    }
>> +    DPRINT_L2("write %ub: addr[0x%04x] <- %u(0x%x)\n",
>> +            size, offset, value >> shift, value >> shift);
>> +}
>> +
>> +static uint64_t
>> +sdhci_readfn(void *opaque, hwaddr offset, unsigned size)
>> +{
>> +    SDHCIState *s = (SDHCIState *)opaque;
>> +
>> +    return SDHCI_GET_CLASS(s)->mem_read(s, offset, size);
>> +}
>> +
>> +static void
>> +sdhci_writefn(void *opaque, hwaddr off, uint64_t val, unsigned sz)
>> +{
>> +    SDHCIState *s = (SDHCIState *)opaque;
>> +
>> +    SDHCI_GET_CLASS(s)->mem_write(s, off, val, sz);
>> +}
>> +
>> +static const MemoryRegionOps sdhci_mmio_ops = {
>> +    .read = sdhci_readfn,
>> +    .write = sdhci_writefn,
>> +    .valid = {
>> +        .min_access_size = 1,
>> +        .max_access_size = 4,
>> +        .unaligned = false
>> +    },
>> +    .endianness = DEVICE_LITTLE_ENDIAN,
>> +};
>> +
>> +static inline unsigned int sdhci_get_fifolen(SDHCIState *s)
>> +{
>> +    switch (SDHC_CAPAB_BLOCKSIZE(s->capareg)) {
>> +    case 0:
>> +        return 512;
>> +    case 1:
>> +        return 1024;
>> +    case 2:
>> +        return 2048;
>> +    default:
>> +        hw_error("SDHC: unsupported value for maximum block size\n");
>> +        return 0;
>> +    }
>> +}
>> +
>> +static void sdhci_initfn(Object *obj)
>> +{
>> +    SDHCIState *s = SDHCI(obj);
>> +    DriveInfo *di;
>> +
>> +    di = drive_get_next(IF_SD);
>> +    s->card = sd_init(di ? di->bdrv : NULL, 0);
>> +    s->eject_cb = qemu_allocate_irqs(sdhci_insert_eject_cb, s, 1)[0];
>> +    s->ro_cb = qemu_allocate_irqs(sdhci_card_readonly_cb, s, 1)[0];
>> +    sd_set_cb(s->card, s->ro_cb, s->eject_cb);
>> +
>> +    s->insert_timer = qemu_new_timer_ns(vm_clock,
>> sdhci_raise_insertion_irq, s);
>> +    s->transfer_timer = qemu_new_timer_ns(vm_clock,
>> sdhci_do_data_transfer, s);
>> +}
>> +
>> +static void sdhci_uninitfn(Object *obj)
>> +{
>> +    SDHCIState *s = SDHCI(obj);
>> +
>> +    qemu_del_timer(s->insert_timer);
>> +    qemu_free_timer(s->insert_timer);
>> +    qemu_del_timer(s->transfer_timer);
>> +    qemu_free_timer(s->transfer_timer);
>> +    qemu_free_irqs(&s->eject_cb);
>> +    qemu_free_irqs(&s->ro_cb);
>> +
>> +    if (s->fifo_buffer) {
>> +        g_free(s->fifo_buffer);
>> +        s->fifo_buffer = NULL;
>> +    }
>> +}
>> +
>> +const VMStateDescription sdhci_vmstate = {
>> +    .name = "sdhci",
>> +    .version_id = 1,
>> +    .minimum_version_id = 1,
>> +    .fields      = (VMStateField[]) {
>> +        VMSTATE_UINT32(sdmasysad, SDHCIState),
>> +        VMSTATE_UINT16(blksize, SDHCIState),
>> +        VMSTATE_UINT16(blkcnt, SDHCIState),
>> +        VMSTATE_UINT32(argument, SDHCIState),
>> +        VMSTATE_UINT16(trnmod, SDHCIState),
>> +        VMSTATE_UINT16(cmdreg, SDHCIState),
>> +        VMSTATE_UINT32_ARRAY(rspreg, SDHCIState, 4),
>> +        VMSTATE_UINT32(prnsts, SDHCIState),
>> +        VMSTATE_UINT8(hostctl, SDHCIState),
>> +        VMSTATE_UINT8(pwrcon, SDHCIState),
>> +        VMSTATE_UINT8(blkgap, SDHCIState),
>> +        VMSTATE_UINT8(wakcon, SDHCIState),
>> +        VMSTATE_UINT16(clkcon, SDHCIState),
>> +        VMSTATE_UINT8(timeoutcon, SDHCIState),
>> +        VMSTATE_UINT8(admaerr, SDHCIState),
>> +        VMSTATE_UINT16(norintsts, SDHCIState),
>> +        VMSTATE_UINT16(errintsts, SDHCIState),
>> +        VMSTATE_UINT16(norintstsen, SDHCIState),
>> +        VMSTATE_UINT16(errintstsen, SDHCIState),
>> +        VMSTATE_UINT16(norintsigen, SDHCIState),
>> +        VMSTATE_UINT16(errintsigen, SDHCIState),
>> +        VMSTATE_UINT16(acmd12errsts, SDHCIState),
>> +        VMSTATE_UINT16(data_count, SDHCIState),
>> +        VMSTATE_UINT64(admasysaddr, SDHCIState),
>> +        VMSTATE_UINT8(stopped_state, SDHCIState),
>> +        VMSTATE_VBUFFER_UINT32(fifo_buffer, SDHCIState, 1, NULL, 0,
>> buf_maxsz),
>> +        VMSTATE_TIMER(insert_timer, SDHCIState),
>> +        VMSTATE_TIMER(transfer_timer, SDHCIState),
>> +        VMSTATE_END_OF_LIST()
>> +    }
>> +};
>> +
>> +/* Capabilities registers provide information on supported features of
>> this
>> + * specific host controller implementation */
>> +static Property sdhci_properties[] = {
>> +    DEFINE_PROP_HEX32("capareg", SDHCIState, capareg,
>> +            SDHC_CAPAB_REG_DEFAULT),
>> +    DEFINE_PROP_HEX32("maxcurr", SDHCIState, maxcurr, 0),
>> +    DEFINE_PROP_END_OF_LIST(),
>> +};
>> +
>> +static int sdhci_realize(SysBusDevice *busdev)
>> +{
>> +    SDHCIState *s = SDHCI(busdev);
>> +
>> +    s->buf_maxsz = sdhci_get_fifolen(s);
>> +    s->fifo_buffer = g_malloc0(s->buf_maxsz);
>> +    sysbus_init_irq(busdev, &s->irq);
>> +    memory_region_init_io(&s->iomem, &sdhci_mmio_ops, s, "sdhci",
>> +            SDHC_REGISTERS_MAP_SIZE);
>> +    sysbus_init_mmio(busdev, &s->iomem);
>> +    return 0;
>> +}
>> +
>> +static void sdhci_generic_reset(DeviceState *ds)
>> +{
>> +    SDHCIState *s = SDHCI(ds);
>> +    SDHCI_GET_CLASS(s)->reset(s);
>> +}
>> +
>> +static void sdhci_class_init(ObjectClass *klass, void *data)
>> +{
>> +    DeviceClass *dc = DEVICE_CLASS(klass);
>> +    SysBusDeviceClass *sbdc = SYS_BUS_DEVICE_CLASS(klass);
>> +    SDHCIClass *k = SDHCI_CLASS(klass);
>> +
>> +    dc->vmsd = &sdhci_vmstate;
>> +    dc->props = sdhci_properties;
>> +    dc->reset = sdhci_generic_reset;
>> +    sbdc->init = sdhci_realize;
>> +
>> +    k->reset = sdhci_reset;
>> +    k->mem_read = sdhci_read;
>> +    k->mem_write = sdhci_write;
>> +    k->send_command = sdhci_send_command;
>> +    k->can_issue_command = sdhci_can_issue_command;
>> +    k->data_transfer = sdhci_data_transfer;
>> +    k->end_data_transfer = sdhci_end_transfer;
>> +    k->do_sdma_single = sdhci_sdma_transfer_single_block;
>> +    k->do_sdma_multi = sdhci_sdma_transfer_multi_blocks;
>> +    k->do_adma = sdhci_do_adma;
>> +    k->read_block_from_card = sdhci_read_block_from_card;
>> +    k->write_block_to_card = sdhci_write_block_to_card;
>> +    k->bdata_read = sdhci_read_dataport;
>> +    k->bdata_write = sdhci_write_dataport;
>> +}
>> +
>> +static const TypeInfo sdhci_type_info = {
>> +    .name = TYPE_SDHCI,
>> +    .parent = TYPE_SYS_BUS_DEVICE,
>> +    .instance_size = sizeof(SDHCIState),
>> +    .instance_init = sdhci_initfn,
>> +    .instance_finalize = sdhci_uninitfn,
>> +    .class_init = sdhci_class_init,
>> +    .class_size = sizeof(SDHCIClass)
>> +};
>> +
>> +static void sdhci_register_types(void)
>> +{
>> +    type_register_static(&sdhci_type_info);
>> +}
>> +
>> +type_init(sdhci_register_types)
>> diff --git a/hw/sdhci.h b/hw/sdhci.h
>> new file mode 100644
>> index 0000000..6b67873
>> --- /dev/null
>> +++ b/hw/sdhci.h
>> @@ -0,0 +1,311 @@
>> +/*
>> + * SD Association Host Standard Specification v2.0 controller emulation
>> + *
>> + * Copyright (c) 2011 Samsung Electronics Co., Ltd.
>> + * Mitsyanko Igor <i.mitsyanko@samsung.com>
>> + * Peter A.G. Crosthwaite <peter.crosthwaite@petalogix.com>
>> + *
>> + * Based on MMC controller for Samsung S5PC1xx-based board emulation
>> + * by Alexey Merkulov and Vladimir Monakhov.
>> + *
>> + * This program is free software; you can redistribute it and/or modify
>> it
>> + * under the terms of the GNU General Public License as published by the
>> + * Free Software Foundation; either version 2 of the License, or (at your
>> + * option) any later version.
>> + *
>> + * This program is distributed in the hope that it will be useful,
>> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
>> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
>> + * See the GNU General Public License for more details.
>> + *
>> + * You should have received a copy of the GNU General Public License
>> along
>> + * with this program; if not, see <http://www.gnu.org/licenses/>.
>> + */
>> +
>> +#ifndef SDHCI_H
>> +#define SDHCI_H
>> +
>> +#include "qemu-common.h"
>> +#include "sysbus.h"
>> +#include "sd.h"
>> +
>> +/* R/W SDMA System Address register 0x0 */
>> +#define SDHC_SYSAD                     0x00
>> +
>> +/* R/W Host DMA Buffer Boundary and Transfer Block Size Register 0x0 */
>> +#define SDHC_BLKSIZE                   0x04
>> +
>> +/* R/W Blocks count for current transfer 0x0 */
>> +#define SDHC_BLKCNT                    0x06
>> +
>> +/* R/W Command Argument Register 0x0 */
>> +#define SDHC_ARGUMENT                  0x08
>> +
>> +/* R/W Transfer Mode Setting Register 0x0 */
>> +#define SDHC_TRNMOD                    0x0C
>> +#define SDHC_TRNS_DMA                  0x0001
>> +#define SDHC_TRNS_BLK_CNT_EN           0x0002
>> +#define SDHC_TRNS_ACMD12               0x0004
>> +#define SDHC_TRNS_READ                 0x0010
>> +#define SDHC_TRNS_MULTI                0x0020
>> +
>> +/* R/W Command Register 0x0 */
>> +#define SDHC_CMDREG                    0x0E
>> +#define SDHC_CMD_RSP_WITH_BUSY         (3 << 0)
>> +#define SDHC_CMD_DATA_PRESENT          (1 << 5)
>> +#define SDHC_CMD_SUSPEND               (1 << 6)
>> +#define SDHC_CMD_RESUME                (1 << 7)
>> +#define SDHC_CMD_ABORT                 ((1 << 6)|(1 << 7))
>> +#define SDHC_CMD_TYPE_MASK             ((1 << 6)|(1 << 7))
>> +#define SDHC_COMMAND_TYPE(x)           ((x) & SDHC_CMD_TYPE_MASK)
>> +
>> +/* ROC Response Register 0 0x0 */
>> +#define SDHC_RSPREG0                   0x10
>> +/* ROC Response Register 1 0x0 */
>> +#define SDHC_RSPREG1                   0x14
>> +/* ROC Response Register 2 0x0 */
>> +#define SDHC_RSPREG2                   0x18
>> +/* ROC Response Register 3 0x0 */
>> +#define SDHC_RSPREG3                   0x1C
>> +
>> +/* R/W Buffer Data Register 0x0 */
>> +#define SDHC_BDATA                     0x20
>> +
>> +/* R/ROC Present State Register 0x000A0000 */
>> +#define SDHC_PRNSTS                    0x24
>> +#define SDHC_CMD_INHIBIT               0x00000001
>> +#define SDHC_DATA_INHIBIT              0x00000002
>> +#define SDHC_DAT_LINE_ACTIVE           0x00000004
>> +#define SDHC_DOING_WRITE               0x00000100
>> +#define SDHC_DOING_READ                0x00000200
>> +#define SDHC_SPACE_AVAILABLE           0x00000400
>> +#define SDHC_DATA_AVAILABLE            0x00000800
>> +#define SDHC_CARD_PRESENT              0x00010000
>> +#define SDHC_CARD_DETECT               0x00040000
>> +#define SDHC_WRITE_PROTECT             0x00080000
>> +#define TRANSFERRING_DATA(x)           \
>> +    ((x) & (SDHC_DOING_READ | SDHC_DOING_WRITE))
>> +
>> +/* R/W Host control Register 0x0 */
>> +#define SDHC_HOSTCTL                   0x28
>> +#define SDHC_CTRL_DMA_CHECK_MASK       0x18
>> +#define SDHC_CTRL_SDMA                 0x00
>> +#define SDHC_CTRL_ADMA1_32             0x08
>> +#define SDHC_CTRL_ADMA2_32             0x10
>> +#define SDHC_CTRL_ADMA2_64             0x18
>> +#define SDHC_DMA_TYPE(x)               ((x) & SDHC_CTRL_DMA_CHECK_MASK)
>> +
>> +/* R/W Power Control Register 0x0 */
>> +#define SDHC_PWRCON                    0x29
>> +#define SDHC_POWER_ON                  (1 << 0)
>> +
>> +/* R/W Block Gap Control Register 0x0 */
>> +#define SDHC_BLKGAP                    0x2A
>> +#define SDHC_STOP_AT_GAP_REQ           0x01
>> +#define SDHC_CONTINUE_REQ              0x02
>> +
>> +/* R/W WakeUp Control Register 0x0 */
>> +#define SDHC_WAKCON                    0x2B
>> +#define SDHC_WKUP_ON_INS               (1 << 1)
>> +#define SDHC_WKUP_ON_RMV               (1 << 2)
>> +
>> +/* CLKCON */
>> +#define SDHC_CLKCON                    0x2C
>> +#define SDHC_CLOCK_INT_STABLE          0x0002
>> +#define SDHC_CLOCK_INT_EN              0x0001
>> +#define SDHC_CLOCK_SDCLK_EN            (1 << 2)
>> +#define SDHC_CLOCK_CHK_MASK            0x0007
>> +#define SDHC_CLOCK_IS_ON(x)            \
>> +    (((x) & SDHC_CLOCK_CHK_MASK) == SDHC_CLOCK_CHK_MASK)
>> +
>> +/* R/W Timeout Control Register 0x0 */
>> +#define SDHC_TIMEOUTCON                0x2E
>> +
>> +/* R/W Software Reset Register 0x0 */
>> +#define SDHC_SWRST                     0x2F
>> +#define SDHC_RESET_ALL                 0x01
>> +#define SDHC_RESET_CMD                 0x02
>> +#define SDHC_RESET_DATA                0x04
>> +
>> +/* ROC/RW1C Normal Interrupt Status Register 0x0 */
>> +#define SDHC_NORINTSTS                 0x30
>> +#define SDHC_NIS_ERR                   0x8000
>> +#define SDHC_NIS_CMDCMP                0x0001
>> +#define SDHC_NIS_TRSCMP                0x0002
>> +#define SDHC_NIS_BLKGAP                0x0004
>> +#define SDHC_NIS_DMA                   0x0008
>> +#define SDHC_NIS_WBUFRDY               0x0010
>> +#define SDHC_NIS_RBUFRDY               0x0020
>> +#define SDHC_NIS_INSERT                0x0040
>> +#define SDHC_NIS_REMOVE                0x0080
>> +#define SDHC_NIS_CARDINT               0x0100
>> +
>> +/* ROC/RW1C Error Interrupt Status Register 0x0 */
>> +#define SDHC_ERRINTSTS                 0x32
>> +#define SDHC_EIS_CMDTIMEOUT            0x0001
>> +#define SDHC_EIS_BLKGAP                0x0004
>> +#define SDHC_EIS_CMDIDX                0x0008
>> +#define SDHC_EIS_CMD12ERR              0x0100
>> +#define SDHC_EIS_ADMAERR               0x0200
>> +
>> +/* R/W Normal Interrupt Status Enable Register 0x0 */
>> +#define SDHC_NORINTSTSEN               0x34
>> +#define SDHC_NISEN_CMDCMP              0x0001
>> +#define SDHC_NISEN_TRSCMP              0x0002
>> +#define SDHC_NISEN_DMA                 0x0008
>> +#define SDHC_NISEN_WBUFRDY             0x0010
>> +#define SDHC_NISEN_RBUFRDY             0x0020
>> +#define SDHC_NISEN_INSERT              0x0040
>> +#define SDHC_NISEN_REMOVE              0x0080
>> +#define SDHC_NISEN_CARDINT             0x0100
>> +
>> +/* R/W Error Interrupt Status Enable Register 0x0 */
>> +#define SDHC_ERRINTSTSEN               0x36
>> +#define SDHC_EISEN_CMDTIMEOUT          0x0001
>> +#define SDHC_EISEN_BLKGAP              0x0004
>> +#define SDHC_EISEN_CMDIDX              0x0008
>> +#define SDHC_EISEN_ADMAERR             0x0200
>> +
>> +/* R/W Normal Interrupt Signal Enable Register 0x0 */
>> +#define SDHC_NORINTSIGEN               0x38
>> +#define SDHC_NORINTSIG_INSERT          (1 << 6)
>> +#define SDHC_NORINTSIG_REMOVE          (1 << 7)
>> +
>> +/* R/W Error Interrupt Signal Enable Register 0x0 */
>> +#define SDHC_ERRINTSIGEN               0x3A
>> +
>> +/* ROC Auto CMD12 error status register 0x0 */
>> +#define SDHC_ACMD12ERRSTS              0x3C
>> +
>> +/* HWInit Capabilities Register 0x05E80080 */
>> +#define SDHC_CAPAREG                   0x40
>> +#define SDHC_CAN_DO_DMA                0x00400000
>> +#define SDHC_CAN_DO_ADMA2              0x00080000
>> +#define SDHC_CAN_DO_ADMA1              0x00100000
>> +#define SDHC_64_BIT_BUS_SUPPORT        (1 << 28)
>> +#define SDHC_CAPAB_BLOCKSIZE(x)        (((x) >> 16) & 0x3)
>> +
>> +/* HWInit Maximum Current Capabilities Register 0x0 */
>> +#define SDHC_MAXCURR                   0x48
>> +
>> +/* W Force Event Auto CMD12 Error Interrupt Register 0x0000 */
>> +#define SDHC_FEAER                     0x50
>> +/* W Force Event Error Interrupt Register Error Interrupt 0x0000 */
>> +#define SDHC_FEERR                     0x52
>> +
>> +/* R/W ADMA Error Status Register 0x00 */
>> +#define SDHC_ADMAERR                   0x54
>> +#define SDHC_ADMAERR_LENGTH_MISMATCH   (1 << 2)
>> +#define SDHC_ADMAERR_STATE_ST_STOP     (0 << 0)
>> +#define SDHC_ADMAERR_STATE_ST_FDS      (1 << 0)
>> +#define SDHC_ADMAERR_STATE_ST_TFR      (3 << 0)
>> +#define SDHC_ADMAERR_STATE_MASK        (3 << 0)
>> +
>> +/* R/W ADMA System Address Register 0x00 */
>> +#define SDHC_ADMASYSADDR               0x58
>> +#define SDHC_ADMA_ATTR_SET_LEN         (1 << 4)
>> +#define SDHC_ADMA_ATTR_ACT_TRAN        (1 << 5)
>> +#define SDHC_ADMA_ATTR_ACT_LINK        (3 << 4)
>> +#define SDHC_ADMA_ATTR_INT             (1 << 2)
>> +#define SDHC_ADMA_ATTR_END             (1 << 1)
>> +#define SDHC_ADMA_ATTR_VALID           (1 << 0)
>> +#define SDHC_ADMA_ATTR_ACT_MASK        ((1 << 4)|(1 << 5))
>> +
>> +/* Slot interrupt status */
>> +#define SDHC_SLOT_INT_STATUS            0xFC
>> +
>> +/* HWInit Host Controller Version Register 0x0401 */
>> +#define SDHC_HCVER                      0xFE
>> +#define SD_HOST_SPECv2_VERS             0x2401
>> +
>> +#define SDHC_REGISTERS_MAP_SIZE         0x100
>> +#define SDHC_INSERTION_DELAY            (get_ticks_per_sec())
>> +#define SDHC_TRANSFER_DELAY             100
>> +#define SDHC_CMD_RESPONSE               (3 << 0)
>> +
>> +enum {
>> +    sdhc_not_stopped = 0, /* normal SDHC state */
>> +    sdhc_gap_read   = 1,  /* SDHC stopped at block gap during read
>> operation */
>> +    sdhc_gap_write  = 2   /* SDHC stopped at block gap during write
>> operation */
>> +};
>> +
>> +/* SD/MMC host controller state */
>> +typedef struct SDHCIState {
>> +    SysBusDevice busdev;
>> +    SDState *card;
>> +    MemoryRegion iomem;
>> +
>> +    QEMUTimer *insert_timer;       /* timer for 'changing' sd card. */
>> +    QEMUTimer *transfer_timer;
>> +    qemu_irq eject_cb;
>> +    qemu_irq ro_cb;
>> +    qemu_irq irq;
>> +
>> +    uint32_t sdmasysad;    /* SDMA System Address register */
>> +    uint16_t blksize;      /* Host DMA Buff Boundary and Transfer BlkSize
>> Reg */
>> +    uint16_t blkcnt;       /* Blocks count for current transfer */
>> +    uint32_t argument;     /* Command Argument Register */
>> +    uint16_t trnmod;       /* Transfer Mode Setting Register */
>> +    uint16_t cmdreg;       /* Command Register */
>> +    uint32_t rspreg[4];    /* Response Registers 0-3 */
>> +    uint32_t prnsts;       /* Present State Register */
>> +    uint8_t  hostctl;      /* Host Control Register */
>> +    uint8_t  pwrcon;       /* Power control Register */
>> +    uint8_t  blkgap;       /* Block Gap Control Register */
>> +    uint8_t  wakcon;       /* WakeUp Control Register */
>> +    uint16_t clkcon;       /* Clock control Register */
>> +    uint8_t  timeoutcon;   /* Timeout Control Register */
>> +    uint8_t  admaerr;      /* ADMA Error Status Register */
>> +    uint16_t norintsts;    /* Normal Interrupt Status Register */
>> +    uint16_t errintsts;    /* Error Interrupt Status Register */
>> +    uint16_t norintstsen;  /* Normal Interrupt Status Enable Register */
>> +    uint16_t errintstsen;  /* Error Interrupt Status Enable Register */
>> +    uint16_t norintsigen;  /* Normal Interrupt Signal Enable Register */
>> +    uint16_t errintsigen;  /* Error Interrupt Signal Enable Register */
>> +    uint16_t acmd12errsts; /* Auto CMD12 error status register */
>> +    uint64_t admasysaddr;  /* ADMA System Address Register */
>> +
>> +    uint32_t capareg;      /* Capabilities Register */
>> +    uint32_t maxcurr;      /* Maximum Current Capabilities Register */
>> +    uint8_t  *fifo_buffer; /* SD host i/o FIFO buffer */
>> +    uint32_t buf_maxsz;
>> +    uint16_t data_count;   /* current element in FIFO buffer */
>> +    uint8_t  stopped_state;/* Current SDHC state */
>> +    /* Buffer Data Port Register - virtual access point to R and W
>> buffers */
>> +    /* Software Reset Register - always reads as 0 */
>> +    /* Force Event Auto CMD12 Error Interrupt Reg - write only */
>> +    /* Force Event Error Interrupt Register- write only */
>> +    /* RO Host Controller Version Register always reads as 0x2401 */
>> +} SDHCIState;
>> +
>> +typedef struct SDHCIClass {
>> +    SysBusDeviceClass busdev_class;
>> +
>> +    void (*reset)(SDHCIState *s);
>> +    uint32_t (*mem_read)(SDHCIState *s, unsigned int offset, unsigned
>> size);
>> +    void (*mem_write)(SDHCIState *s, unsigned int offset, uint32_t value,
>> +            unsigned size);
>> +    void (*send_command)(SDHCIState *s);
>> +    bool (*can_issue_command)(SDHCIState *s);
>> +    void (*data_transfer)(SDHCIState *s);
>> +    void (*end_data_transfer)(SDHCIState *s);
>> +    void (*do_sdma_single)(SDHCIState *s);
>> +    void (*do_sdma_multi)(SDHCIState *s);
>> +    void (*do_adma)(SDHCIState *s);
>> +    void (*read_block_from_card)(SDHCIState *s);
>> +    void (*write_block_to_card)(SDHCIState *s);
>> +    uint32_t (*bdata_read)(SDHCIState *s, unsigned size);
>> +    void (*bdata_write)(SDHCIState *s, uint32_t value, unsigned size);
>> +} SDHCIClass;
>> +
>> +extern const VMStateDescription sdhci_vmstate;
>> +
>> +#define TYPE_SDHCI            "sdhci"
>> +#define SDHCI(obj)            \
>> +     OBJECT_CHECK(SDHCIState, (obj), TYPE_SDHCI)
>> +#define SDHCI_CLASS(klass)    \
>> +     OBJECT_CLASS_CHECK(SDHCIClass, (klass), TYPE_SDHCI)
>> +#define SDHCI_GET_CLASS(obj)  \
>> +     OBJECT_GET_CLASS(SDHCIClass, (obj), TYPE_SDHCI)
>> +
>> +#endif /* SDHCI_H */
>
>
> --
> Mitsyanko Igor
> ASWG, Moscow R&D center, Samsung Electronics
> email: i.mitsyanko@samsung.com
>
>
Mitsyanko Igor - Nov. 2, 2012, 11:49 a.m.
On 11/02/2012 06:21 AM, Peter Crosthwaite wrote:
> On Fri, Nov 2, 2012 at 3:21 AM, Igor Mitsyanko <i.mitsyanko@samsung.com> wrote:
>> Hi, Peter, I did some testing and noticed significant performance reduction
>> compared to previous version without transfer_timer.
>>
>> For read operation:
>>
>> Testcase (count x blocksize)     previous version           new version
>> 1000x1Mb                                         10.9 Mb/s
>> 7.23 Mb/s
>> 16000x4kb 11.01 Mb/s              8.5 Mb/s
>> 300000x512b                                    6.47 Mb/s                6
>> Mb/s
>>
>> For write operation:
>> 1000x1Mb                                         11.72 Mb/s
>> 11.08 Mb/s
>> 16000x4kb 2.9 Mb/s                  1.5 Mb/s
>> 200000x512b                                    382 kb/s                  197
>> kb/s
>>
>> So, as you can see, degradation in performance is up to 100% for 512b blocks
>> writes!
>>
> Hi Igor,
>
> How does this compare to real hardware? Making it run as fast as
> possible is a secondary goal to simulating the hardware accurately. If
> we want the be fussy about performance then we should find out how
> fast the real hardware runs and make it run at that speed by varying
> the timer delays accordingly.

I think we're not in a situation when we can artificially limit 
performance yet) I don't even think that we should ever do that
on purpose in the future. Maybe using transfer delay exchanges 
performance for system responsiveness (how can we tell?),
then we could temporary leave it while someone implements asynchronous 
interface to SD card model.
As far as I can tell, real-world SD cards performance may vary a lot, 
there are cards on the market with declared speed up
to 90MB/s . Good thing to do would be to work according to 
specification, our card model states that it supports default and
high-speed modes of operation. This means that its maximum speed 
according to specificationis 4bits x 50 Mhz = 25 MB/s
(not accounting for any service information). Usual speed for real 
modern SD cards is probably around ~20 MB/s for reads,
~10 MB/s for writes.

>
> To be honest I just picked a random number (100ns) for the delay which
> looking at your results, may be too conservative. Have you tried
> reducing this to say 10ns? You might find your performance comes back.
> The real solution is to set the delay timer based on how much data
> there is to transfer.

Setting it to 10 ns hadn't helped much.

>
>> What I'm suggesting to regain performance is:
>>
>> 1. We shouldn't set transfer_timer in sdhci_send_command(), call
>> SDHCI_GET_CLASS(s)->data_transfer(s) directly.
>>
> Prefer not, because then then different operational modes are
> inconsistent with each other which will lead to weird performance
> discrepancies between them. I dont see why ADMA should have delay
> timers which SDMA doesn't. The delay at this stage is also realistic.

Yeah, I also think this delay is present in hardware, but we don't have 
to have it if we can avoid it. SDMA transfer should
stop and exit back to guest at every page boundary anyway, lockup is not 
an issue for it.

>
>> 2. Set transfer_timer and return from unfinished ADMA transfer only if we've
>> already did some specific number of ADMA loops (say, 5).
> Sounds hacky, cant you just divide out the delay timer by 5 for the
> same speedup but smoother operation?

It doesn't help, looks like delay value is not an issue here, but the 
timer itself is.

>
>> In reality I havn't seen Linux to compose ADMA descriptor tables with more
>> then 5 descriptor lines, this way our QEMU-lockup concerns
>> will still go away while we regain performance.
>>
>> I also ran tests after applying these two changes above, and got almost the
>> same performance as in "previous version", but it was still lower
>> by 5-10% for ADMA and SDMA-read transfers, and it increased for SDMA write
>> transfers by 20-40%. I can't explain it, dma_memory_*() seems to
>> do the same thing as cpu_physical_memory_rw().
>>
>>
> Could be an upstream change??
>
> Regards,
> Peter
>
>> On 10/30/2012 09:03 AM, Peter Crosthwaite wrote:
>>
>>> +        dscr->attr = (uint8_t)extract32(adma1, 0, 7);
>>> +        dscr->incr = 4;
>>> +        if ((dscr->attr & SDHC_ADMA_ATTR_ACT_MASK) ==
>>> SDHC_ADMA_ATTR_SET_LEN) {
>>> +            dscr->length = (uint16_t)extract32(adma1, 12, 16);
>>> +        } else {
>>> +            dscr->length = 4096;
>>> +        }
>>> +        break;
>>> +    case SDHC_CTRL_ADMA2_64:
>>> +        dma_memory_read(&dma_context_memory, entry_addr,
>>> +                        (uint8_t *)(&dscr->attr), 1);
>>> +        dma_memory_read(&dma_context_memory, entry_addr + 2,
>>> +                        (uint8_t *)(&dscr->length), 2);
>>> +        dscr->length = le16_to_cpu(dscr->length);
>>> +        dma_memory_read(&dma_context_memory, entry_addr + 4,
>>> +                        (uint8_t *)(&dscr->addr), 8);
>>> +        dscr->attr = le64_to_cpu(dscr->attr);
>>> +        dscr->attr &= 0xfffffff8;
>>
>> These two lines should use dscr->addr instead of dscr->attr
>>
>>
>>
>>> +        dscr->incr = 12;
>>> +        break;
>>> +    }
>>> +}
>>> +
>>> +/* Advanced DMA data transfer */
>>> +
>>> +static void sdhci_do_adma(SDHCIState *s)
>>> +{
>>> +    unsigned int n, begin, length;
>>> +    const uint16_t block_size = s->blksize & 0x0fff;
>>> +    ADMADescr dscr;
>>> +
>>> +    s->admaerr &= ~SDHC_ADMAERR_LENGTH_MISMATCH;
>>> +
>>> +    get_adma_description(s, &dscr);
>>> +    DPRINT_L2("ADMA loop: addr=" TARGET_FMT_plx ", len=%d, attr=%x\n",
>>> +            dscr.addr, dscr.length, dscr.attr);
>>> +
>>> +    if ((dscr.attr & SDHC_ADMA_ATTR_VALID) == 0) {
>>> +        /* Indicate that error occurred in ST_FDS state */
>>> +        s->admaerr &= ~SDHC_ADMAERR_STATE_MASK;
>>> +        s->admaerr |= SDHC_ADMAERR_STATE_ST_FDS;
>>> +
>>> +        /* Generate ADMA error interrupt */
>>> +        if (s->errintstsen & SDHC_EISEN_ADMAERR) {
>>> +            s->errintsts |= SDHC_EIS_ADMAERR;
>>> +            s->norintsts |= SDHC_NIS_ERR;
>>> +        }
>>> +
>>> +        sdhci_update_irq(s);
>>> +        return;
>>> +    }
>>> +
>>> +    length = dscr.length ? dscr.length : 65536;
>>> +
>>> +    switch (dscr.attr & SDHC_ADMA_ATTR_ACT_MASK) {
>>> +    case SDHC_ADMA_ATTR_ACT_TRAN:  /* data transfer */
>>> +
>>> +        if (s->trnmod & SDHC_TRNS_READ) {
>>> +            while (length) {
>>> +                if (s->data_count == 0) {
>>> +                    for (n = 0; n < block_size; n++) {
>>> +                        s->fifo_buffer[n] = sd_read_data(s->card);
>>> +                    }
>>> +                }
>>> +                begin = s->data_count;
>>> +                if ((length + begin) < block_size) {
>>> +                    s->data_count = length + begin;
>>> +                    length = 0;
>>> +                 } else {
>>> +                    s->data_count = block_size;
>>> +                    length -= block_size - begin;
>>> +                }
>>> +                dma_memory_write(&dma_context_memory, dscr.addr,
>>> +                                 &s->fifo_buffer[begin],
>>> +                                 s->data_count - begin);
>>> +                dscr.addr += s->data_count - begin;
>>> +                if (s->data_count == block_size) {
>>> +                    s->data_count = 0;
>>> +                    if (s->trnmod & SDHC_TRNS_BLK_CNT_EN) {
>>> +                        s->blkcnt--;
>>> +                        if (s->blkcnt == 0) {
>>> +                            break;
>>> +                        }
>>> +                    }
>>> +                }
>>> +            }
>>> +        } else {
>>> +            while (length) {
>>> +                begin = s->data_count;
>>> +                if ((length + begin) < block_size) {
>>> +                    s->data_count = length + begin;
>>> +                    length = 0;
>>> +                 } else {
>>> +                    s->data_count = block_size;
>>> +                    length -= block_size - begin;
>>> +                }
>>> +                dma_memory_read(&dma_context_memory, dscr.addr,
>>> +                                &s->fifo_buffer[begin], s->data_count);
>>> +                dscr.addr += s->data_count - begin;
>>> +                if (s->data_count == block_size) {
>>> +                    for (n = 0; n < block_size; n++) {
>>> +                        sd_write_data(s->card, s->fifo_buffer[n]);
>>> +                    }
>>> +                    s->data_count = 0;
>>> +                    if (s->trnmod & SDHC_TRNS_BLK_CNT_EN) {
>>> +                        s->blkcnt--;
>>> +                        if (s->blkcnt == 0) {
>>> +                            break;
>>> +                        }
>>> +                    }
>>> +                }
>>> +            }
>>> +        }
>>> +        s->admasysaddr += dscr.incr;
>>> +        break;
>>> +    case SDHC_ADMA_ATTR_ACT_LINK:   /* link to next descriptor table */
>>> +        s->admasysaddr = dscr.addr;
>>> +        DPRINT_L1("ADMA link: admasysaddr=0x%lx\n", s->admasysaddr);
>>> +        break;
>>> +    default:
>>> +        s->admasysaddr += dscr.incr;
>>> +        break;
>>> +    }
>>> +
>>> +    /* ADMA transfer terminates if blkcnt == 0 or by END attribute */
>>> +    if (((s->trnmod & SDHC_TRNS_BLK_CNT_EN) &&
>>> +                (s->blkcnt == 0)) || (dscr.attr & SDHC_ADMA_ATTR_END)) {
>>> +        DPRINT_L2("ADMA transfer completed\n");
>>> +        if (length || ((dscr.attr & SDHC_ADMA_ATTR_END) &&
>>> +            (s->trnmod & SDHC_TRNS_BLK_CNT_EN) &&
>>> +            s->blkcnt != 0) || ((s->trnmod & SDHC_TRNS_BLK_CNT_EN) &&
>>> +            s->blkcnt == 0 && (dscr.attr & SDHC_ADMA_ATTR_END) == 0)) {
>>> +            ERRPRINT("SD/MMC host ADMA length mismatch\n");
>>> +            s->admaerr |= SDHC_ADMAERR_LENGTH_MISMATCH |
>>> +                    SDHC_ADMAERR_STATE_ST_TFR;
>>> +            if (s->errintstsen & SDHC_EISEN_ADMAERR) {
>>> +                ERRPRINT("Set ADMA error flag\n");
>>> +                s->errintsts |= SDHC_EIS_ADMAERR;
>>> +                s->norintsts |= SDHC_NIS_ERR;
>>> +            }
>>> +
>>> +            sdhci_update_irq(s);
>>> +        }
>>> +        SDHCI_GET_CLASS(s)->end_data_transfer(s);
>>> +        return;
>>> +    }
>>> +
>>> +    if (dscr.attr & SDHC_ADMA_ATTR_INT) {
>>> +        DPRINT_L1("ADMA interrupt: admasysaddr=0x%lx\n", s->admasysaddr);
>>> +        if (s->norintstsen & SDHC_NISEN_DMA) {
>>> +            s->norintsts |= SDHC_NIS_DMA;
>>> +        }
>>> +
>>> +        sdhci_update_irq(s);
>>> +        return;
>>> +    }
>>> +
>>> +    /* we have unfinished bussiness - reschedule to continue ADMA */
>>> +    qemu_mod_timer(s->transfer_timer,
>>> +                   qemu_get_clock_ns(vm_clock) + SDHC_TRANSFER_DELAY);
>>> +}
>>> +
>>> +/* Perform data transfer according to controller configuration */
>>> +
>>> +static void sdhci_data_transfer(SDHCIState *s)
>>> +{
>>> +    SDHCIClass *k = SDHCI_GET_CLASS(s);
>>> +    s->data_count = 0;
>>> +
>>> +    if (s->trnmod & SDHC_TRNS_DMA) {
>>> +        switch (SDHC_DMA_TYPE(s->hostctl)) {
>>> +        case SDHC_CTRL_SDMA:
>>> +            if ((s->trnmod & SDHC_TRNS_MULTI) &&
>>> +                    (!(s->trnmod & SDHC_TRNS_BLK_CNT_EN) || s->blkcnt ==
>>> 0)) {
>>> +                break;
>>> +            }
>>> +
>>> +            if ((s->blkcnt == 1) || !(s->trnmod & SDHC_TRNS_MULTI)) {
>>> +                k->do_sdma_single(s);
>>> +            } else {
>>> +                k->do_sdma_multi(s);
>>> +            }
>>> +
>>> +            break;
>>> +        case SDHC_CTRL_ADMA1_32:
>>> +            if (!(s->capareg & SDHC_CAN_DO_ADMA1)) {
>>> +                ERRPRINT("ADMA1 not supported\n");
>>> +                break;
>>> +            }
>>> +
>>> +            k->do_adma(s);
>>> +            break;
>>> +        case SDHC_CTRL_ADMA2_32:
>>> +            if (!(s->capareg & SDHC_CAN_DO_ADMA2)) {
>>> +                ERRPRINT("ADMA2 not supported\n");
>>> +                break;
>>> +            }
>>> +
>>> +            k->do_adma(s);
>>> +            break;
>>> +        case SDHC_CTRL_ADMA2_64:
>>> +            if (!(s->capareg & SDHC_CAN_DO_ADMA2) ||
>>> +                    !(s->capareg & SDHC_64_BIT_BUS_SUPPORT)) {
>>> +                ERRPRINT("64 bit ADMA not supported\n");
>>> +                break;
>>> +            }
>>> +
>>> +            k->do_adma(s);
>>> +            break;
>>> +        default:
>>> +            ERRPRINT("Unsupported DMA type\n");
>>> +            break;
>>> +        }
>>> +    } else {
>>> +        if ((s->trnmod & SDHC_TRNS_READ) && sd_data_ready(s->card)) {
>>> +            s->prnsts |= SDHC_DOING_READ | SDHC_DATA_INHIBIT |
>>> +                    SDHC_DAT_LINE_ACTIVE;
>>> +            SDHCI_GET_CLASS(s)->read_block_from_card(s);
>>> +        } else {
>>> +            s->prnsts |= SDHC_DOING_WRITE | SDHC_DAT_LINE_ACTIVE |
>>> +                    SDHC_SPACE_AVAILABLE | SDHC_DATA_INHIBIT;
>>> +            SDHCI_GET_CLASS(s)->write_block_to_card(s);
>>> +        }
>>> +    }
>>> +}
>>> +
>>> +static bool sdhci_can_issue_command(SDHCIState *s)
>>> +{
>>> +    if (!SDHC_CLOCK_IS_ON(s->clkcon) || !(s->pwrcon & SDHC_POWER_ON) ||
>>> +        (((s->prnsts & SDHC_DATA_INHIBIT) || s->stopped_state) &&
>>> +        ((s->cmdreg & SDHC_CMD_DATA_PRESENT) ||
>>> +        ((s->cmdreg & SDHC_CMD_RESPONSE) == SDHC_CMD_RSP_WITH_BUSY &&
>>> +        !(SDHC_COMMAND_TYPE(s->cmdreg) == SDHC_CMD_ABORT))))) {
>>> +        return false;
>>> +    }
>>> +
>>> +    return true;
>>> +}
>>> +
>>> +/* The Buffer Data Port register must be accessed in sequential and
>>> + * continuous manner */
>>> +static inline bool
>>> +sdhci_buff_access_is_sequential(SDHCIState *s, unsigned byte_num)
>>> +{
>>> +    if ((s->data_count & 0x3) != byte_num) {
>>> +        ERRPRINT("Non-sequential access to Buffer Data Port register"
>>> +                "is prohibited\n");
>>> +        return false;
>>> +    }
>>> +    return true;
>>> +}
>>> +
>>> +static uint32_t sdhci_read(SDHCIState *s, unsigned int offset, unsigned
>>> size)
>>> +{
>>> +    uint32_t ret = 0;
>>> +
>>> +    switch (offset & ~0x3) {
>>> +    case SDHC_SYSAD:
>>> +        ret = s->sdmasysad;
>>> +        break;
>>> +    case SDHC_BLKSIZE:
>>> +        ret = s->blksize | (s->blkcnt << 16);
>>> +        break;
>>> +    case SDHC_ARGUMENT:
>>> +        ret = s->argument;
>>> +        break;
>>> +    case SDHC_TRNMOD:
>>> +        ret = s->trnmod | (s->cmdreg << 16);
>>> +        break;
>>> +    case SDHC_RSPREG0 ... SDHC_RSPREG3:
>>> +        ret = s->rspreg[((offset & ~0x3) - SDHC_RSPREG0) >> 2];
>>> +        break;
>>> +    case  SDHC_BDATA:
>>> +        if (sdhci_buff_access_is_sequential(s, offset - SDHC_BDATA)) {
>>> +            ret = SDHCI_GET_CLASS(s)->bdata_read(s, size);
>>> +            DPRINT_L2("read %ub: addr[0x%04x] -> %u\n", size, offset,
>>> ret);
>>> +            return ret;
>>> +        }
>>> +        break;
>>> +    case SDHC_PRNSTS:
>>> +        ret = s->prnsts;
>>> +        break;
>>> +    case SDHC_HOSTCTL:
>>> +        ret = s->hostctl | (s->pwrcon << 8) | (s->blkgap << 16) |
>>> +              (s->wakcon << 24);
>>> +        break;
>>> +    case SDHC_CLKCON:
>>> +        ret = s->clkcon | (s->timeoutcon << 16);
>>> +        break;
>>> +    case SDHC_NORINTSTS:
>>> +        ret = s->norintsts | (s->errintsts << 16);
>>> +        break;
>>> +    case SDHC_NORINTSTSEN:
>>> +        ret = s->norintstsen | (s->errintstsen << 16);
>>> +        break;
>>> +    case SDHC_NORINTSIGEN:
>>> +        ret = s->norintsigen | (s->errintsigen << 16);
>>> +        break;
>>> +    case SDHC_ACMD12ERRSTS:
>>> +        ret = s->acmd12errsts;
>>> +        break;
>>> +    case SDHC_CAPAREG:
>>> +        ret = s->capareg;
>>> +        break;
>>> +    case SDHC_MAXCURR:
>>> +        ret = s->maxcurr;
>>> +        break;
>>> +    case SDHC_ADMAERR:
>>> +        ret =  s->admaerr;
>>> +        break;
>>> +    case SDHC_ADMASYSADDR:
>>> +        ret = (uint32_t)s->admasysaddr;
>>> +        break;
>>> +    case SDHC_ADMASYSADDR + 4:
>>> +        ret = (uint32_t)(s->admasysaddr >> 32);
>>> +        break;
>>> +    case SDHC_SLOT_INT_STATUS:
>>> +        ret = (SD_HOST_SPECv2_VERS << 16) | sdhci_slotint(s);
>>> +        break;
>>> +    default:
>>> +        ERRPRINT("bad %ub read: addr[0x%04x]\n", size, offset);
>>> +        break;
>>> +    }
>>> +
>>> +    ret >>= (offset & 0x3) * 8;
>>> +    ret &= (1ULL << (size * 8)) - 1;
>>> +    DPRINT_L2("read %ub: addr[0x%04x] -> %u(0x%x)\n", size, offset, ret,
>>> ret);
>>> +    return ret;
>>> +}
>>> +
>>> +static inline void sdhci_blkgap_write(SDHCIState *s, uint8_t value)
>>> +{
>>> +    if ((value & SDHC_STOP_AT_GAP_REQ) && (s->blkgap &
>>> SDHC_STOP_AT_GAP_REQ)) {
>>> +        return;
>>> +    }
>>> +    s->blkgap = value & SDHC_STOP_AT_GAP_REQ;
>>> +
>>> +    if ((value & SDHC_CONTINUE_REQ) && s->stopped_state &&
>>> +            (s->blkgap & SDHC_STOP_AT_GAP_REQ) == 0) {
>>> +        if (s->stopped_state == sdhc_gap_read) {
>>> +            s->prnsts |= SDHC_DAT_LINE_ACTIVE | SDHC_DOING_READ;
>>> +            SDHCI_GET_CLASS(s)->read_block_from_card(s);
>>> +        } else {
>>> +            s->prnsts |= SDHC_DAT_LINE_ACTIVE | SDHC_DOING_WRITE;
>>> +            SDHCI_GET_CLASS(s)->write_block_to_card(s);
>>> +        }
>>> +        s->stopped_state = sdhc_not_stopped;
>>> +    } else if (!s->stopped_state && (value & SDHC_STOP_AT_GAP_REQ)) {
>>> +        if (s->prnsts & SDHC_DOING_READ) {
>>> +            s->stopped_state = sdhc_gap_read;
>>> +        } else if (s->prnsts & SDHC_DOING_WRITE) {
>>> +            s->stopped_state = sdhc_gap_write;
>>> +        }
>>> +    }
>>> +}
>>> +
>>> +static inline void sdhci_reset_write(SDHCIState *s, uint8_t value)
>>> +{
>>> +    switch (value) {
>>> +    case SDHC_RESET_ALL:
>>> +        DEVICE_GET_CLASS(s)->reset(DEVICE(s));
>>> +        break;
>>> +    case SDHC_RESET_CMD:
>>> +        s->prnsts &= ~SDHC_CMD_INHIBIT;
>>> +        s->norintsts &= ~SDHC_NIS_CMDCMP;
>>> +        break;
>>> +    case SDHC_RESET_DATA:
>>> +        s->data_count = 0;
>>> +        s->prnsts &= ~(SDHC_SPACE_AVAILABLE | SDHC_DATA_AVAILABLE |
>>> +                SDHC_DOING_READ | SDHC_DOING_WRITE |
>>> +                SDHC_DATA_INHIBIT | SDHC_DAT_LINE_ACTIVE);
>>> +        s->blkgap &= ~(SDHC_STOP_AT_GAP_REQ | SDHC_CONTINUE_REQ);
>>> +        s->stopped_state = sdhc_not_stopped;
>>> +        s->norintsts &= ~(SDHC_NIS_WBUFRDY | SDHC_NIS_RBUFRDY |
>>> +                SDHC_NIS_DMA | SDHC_NIS_TRSCMP | SDHC_NIS_BLKGAP);
>>> +        break;
>>> +    }
>>> +}
>>> +
>>> +static void
>>> +sdhci_write(SDHCIState *s, unsigned int offset, uint32_t value, unsigned
>>> size)
>>> +{
>>> +    unsigned shift =  8 * (offset & 0x3);
>>> +    uint32_t mask = ~(((1ULL << (size * 8)) - 1) << shift);
>>> +    value <<= shift;
>>> +
>>> +    switch (offset & ~0x3) {
>>> +    case SDHC_SYSAD:
>>> +        s->sdmasysad = (s->sdmasysad & mask) | value;
>>> +        MASKED_WRITE(s->sdmasysad, mask, value);
>>> +        /* Writing to last byte of sdmasysad might trigger transfer */
>>> +        if (!(mask & 0xFF000000) && TRANSFERRING_DATA(s->prnsts) &&
>>> s->blkcnt &&
>>> +                s->blksize && SDHC_DMA_TYPE(s->hostctl) ==
>>> SDHC_CTRL_SDMA) {
>>> +            SDHCI_GET_CLASS(s)->do_sdma_multi(s);
>>> +        }
>>> +        break;
>>> +    case SDHC_BLKSIZE:
>>> +        if (!TRANSFERRING_DATA(s->prnsts)) {
>>> +            MASKED_WRITE(s->blksize, mask, value);
>>> +            MASKED_WRITE(s->blkcnt, mask >> 16, value >> 16);
>>> +        }
>>> +        break;
>>> +    case SDHC_ARGUMENT:
>>> +        MASKED_WRITE(s->argument, mask, value);
>>> +        break;
>>> +    case SDHC_TRNMOD:
>>> +        /* DMA can be enabled only if it is supported as indicated by
>>> +         * capabilities register */
>>> +        if (!(s->capareg & SDHC_CAN_DO_DMA)) {
>>> +            value &= ~SDHC_TRNS_DMA;
>>> +        }
>>> +        MASKED_WRITE(s->trnmod, mask, value);
>>> +        MASKED_WRITE(s->cmdreg, mask >> 16, value >> 16);
>>> +
>>> +        /* Writing to the upper byte of CMDREG triggers SD command
>>> generation */
>>> +        if ((mask & 0xFF000000) ||
>>> !SDHCI_GET_CLASS(s)->can_issue_command(s)) {
>>> +            break;
>>> +        }
>>> +
>>> +        SDHCI_GET_CLASS(s)->send_command(s);
>>> +        break;
>>> +    case  SDHC_BDATA:
>>> +        if (sdhci_buff_access_is_sequential(s, offset - SDHC_BDATA)) {
>>> +            SDHCI_GET_CLASS(s)->bdata_write(s, value >> shift, size);
>>> +        }
>>> +        break;
>>> +    case SDHC_HOSTCTL:
>>> +        if (!(mask & 0xFF0000)) {
>>> +            sdhci_blkgap_write(s, value >> 16);
>>> +        }
>>> +        MASKED_WRITE(s->hostctl, mask, value);
>>> +        MASKED_WRITE(s->pwrcon, mask >> 8, value >> 8);
>>> +        MASKED_WRITE(s->wakcon, mask >> 24, value >> 24);
>>> +        if (!(s->prnsts & SDHC_CARD_PRESENT) || ((s->pwrcon >> 1) & 0x7)
>>> < 5 ||
>>> +                !(s->capareg & (1 << (31 - ((s->pwrcon >> 1) & 0x7))))) {
>>> +            s->pwrcon &= ~SDHC_POWER_ON;
>>> +        }
>>> +        break;
>>> +    case SDHC_CLKCON:
>>> +        if (!(mask & 0xFF000000)) {
>>> +            sdhci_reset_write(s, value >> 24);
>>> +        }
>>> +        MASKED_WRITE(s->clkcon, mask, value);
>>> +        MASKED_WRITE(s->timeoutcon, mask >> 16, value >> 16);
>>> +        if (s->clkcon & SDHC_CLOCK_INT_EN) {
>>> +            s->clkcon |= SDHC_CLOCK_INT_STABLE;
>>> +        } else {
>>> +            s->clkcon &= ~SDHC_CLOCK_INT_STABLE;
>>> +        }
>>> +        break;
>>> +    case SDHC_NORINTSTS:
>>> +        if (s->norintstsen & SDHC_NISEN_CARDINT) {
>>> +            value &= ~SDHC_NIS_CARDINT;
>>> +        }
>>> +        s->norintsts &= mask | ~value;
>>> +        s->errintsts &= (mask >> 16) | ~(value >> 16);
>>> +        if (s->errintsts) {
>>> +            s->norintsts |= SDHC_NIS_ERR;
>>> +        } else {
>>> +            s->norintsts &= ~SDHC_NIS_ERR;
>>> +        }
>>> +        sdhci_update_irq(s);
>>> +        break;
>>> +    case SDHC_NORINTSTSEN:
>>> +        MASKED_WRITE(s->norintstsen, mask, value);
>>> +        MASKED_WRITE(s->errintstsen, mask >> 16, value >> 16);
>>> +        s->norintsts &= s->norintstsen;
>>> +        s->errintsts &= s->errintstsen;
>>> +        if (s->errintsts) {
>>> +            s->norintsts |= SDHC_NIS_ERR;
>>> +        } else {
>>> +            s->norintsts &= ~SDHC_NIS_ERR;
>>> +        }
>>> +        sdhci_update_irq(s);
>>> +        break;
>>> +    case SDHC_NORINTSIGEN:
>>> +        MASKED_WRITE(s->norintsigen, mask, value);
>>> +        MASKED_WRITE(s->errintsigen, mask >> 16, value >> 16);
>>> +        sdhci_update_irq(s);
>>> +        break;
>>> +    case SDHC_ADMAERR:
>>> +        MASKED_WRITE(s->admaerr, mask, value);
>>> +        break;
>>> +    case SDHC_ADMASYSADDR:
>>> +        s->admasysaddr = (s->admasysaddr & (0xFFFFFFFF00000000ULL |
>>> +                (uint64_t)mask)) | (uint64_t)value;
>>> +        break;
>>> +    case SDHC_ADMASYSADDR + 4:
>>> +        s->admasysaddr = (s->admasysaddr & (0x00000000FFFFFFFFULL |
>>> +                ((uint64_t)mask << 32))) | ((uint64_t)value << 32);
>>> +        break;
>>> +    case SDHC_FEAER:
>>> +        s->acmd12errsts |= value;
>>> +        s->errintsts |= (value >> 16) & s->errintstsen;
>>> +        if (s->acmd12errsts) {
>>> +            s->errintsts |= SDHC_EIS_CMD12ERR;
>>> +        }
>>> +        if (s->errintsts) {
>>> +            s->norintsts |= SDHC_NIS_ERR;
>>> +        }
>>> +        sdhci_update_irq(s);
>>> +        break;
>>> +    default:
>>> +        ERRPRINT("bad %ub write offset: addr[0x%04x] <- %u(0x%x)\n",
>>> +                size, offset, value >> shift, value >> shift);
>>> +        break;
>>> +    }
>>> +    DPRINT_L2("write %ub: addr[0x%04x] <- %u(0x%x)\n",
>>> +            size, offset, value >> shift, value >> shift);
>>> +}
>>> +
>>> +static uint64_t
>>> +sdhci_readfn(void *opaque, hwaddr offset, unsigned size)
>>> +{
>>> +    SDHCIState *s = (SDHCIState *)opaque;
>>> +
>>> +    return SDHCI_GET_CLASS(s)->mem_read(s, offset, size);
>>> +}
>>> +
>>> +static void
>>> +sdhci_writefn(void *opaque, hwaddr off, uint64_t val, unsigned sz)
>>> +{
>>> +    SDHCIState *s = (SDHCIState *)opaque;
>>> +
>>> +    SDHCI_GET_CLASS(s)->mem_write(s, off, val, sz);
>>> +}
>>> +
>>> +static const MemoryRegionOps sdhci_mmio_ops = {
>>> +    .read = sdhci_readfn,
>>> +    .write = sdhci_writefn,
>>> +    .valid = {
>>> +        .min_access_size = 1,
>>> +        .max_access_size = 4,
>>> +        .unaligned = false
>>> +    },
>>> +    .endianness = DEVICE_LITTLE_ENDIAN,
>>> +};
>>> +
>>> +static inline unsigned int sdhci_get_fifolen(SDHCIState *s)
>>> +{
>>> +    switch (SDHC_CAPAB_BLOCKSIZE(s->capareg)) {
>>> +    case 0:
>>> +        return 512;
>>> +    case 1:
>>> +        return 1024;
>>> +    case 2:
>>> +        return 2048;
>>> +    default:
>>> +        hw_error("SDHC: unsupported value for maximum block size\n");
>>> +        return 0;
>>> +    }
>>> +}
>>> +
>>> +static void sdhci_initfn(Object *obj)
>>> +{
>>> +    SDHCIState *s = SDHCI(obj);
>>> +    DriveInfo *di;
>>> +
>>> +    di = drive_get_next(IF_SD);
>>> +    s->card = sd_init(di ? di->bdrv : NULL, 0);
>>> +    s->eject_cb = qemu_allocate_irqs(sdhci_insert_eject_cb, s, 1)[0];
>>> +    s->ro_cb = qemu_allocate_irqs(sdhci_card_readonly_cb, s, 1)[0];
>>> +    sd_set_cb(s->card, s->ro_cb, s->eject_cb);
>>> +
>>> +    s->insert_timer = qemu_new_timer_ns(vm_clock,
>>> sdhci_raise_insertion_irq, s);
>>> +    s->transfer_timer = qemu_new_timer_ns(vm_clock,
>>> sdhci_do_data_transfer, s);
>>> +}
>>> +
>>> +static void sdhci_uninitfn(Object *obj)
>>> +{
>>> +    SDHCIState *s = SDHCI(obj);
>>> +
>>> +    qemu_del_timer(s->insert_timer);
>>> +    qemu_free_timer(s->insert_timer);
>>> +    qemu_del_timer(s->transfer_timer);
>>> +    qemu_free_timer(s->transfer_timer);
>>> +    qemu_free_irqs(&s->eject_cb);
>>> +    qemu_free_irqs(&s->ro_cb);
>>> +
>>> +    if (s->fifo_buffer) {
>>> +        g_free(s->fifo_buffer);
>>> +        s->fifo_buffer = NULL;
>>> +    }
>>> +}
>>> +
>>> +const VMStateDescription sdhci_vmstate = {
>>> +    .name = "sdhci",
>>> +    .version_id = 1,
>>> +    .minimum_version_id = 1,
>>> +    .fields      = (VMStateField[]) {
>>> +        VMSTATE_UINT32(sdmasysad, SDHCIState),
>>> +        VMSTATE_UINT16(blksize, SDHCIState),
>>> +        VMSTATE_UINT16(blkcnt, SDHCIState),
>>> +        VMSTATE_UINT32(argument, SDHCIState),
>>> +        VMSTATE_UINT16(trnmod, SDHCIState),
>>> +        VMSTATE_UINT16(cmdreg, SDHCIState),
>>> +        VMSTATE_UINT32_ARRAY(rspreg, SDHCIState, 4),
>>> +        VMSTATE_UINT32(prnsts, SDHCIState),
>>> +        VMSTATE_UINT8(hostctl, SDHCIState),
>>> +        VMSTATE_UINT8(pwrcon, SDHCIState),
>>> +        VMSTATE_UINT8(blkgap, SDHCIState),
>>> +        VMSTATE_UINT8(wakcon, SDHCIState),
>>> +        VMSTATE_UINT16(clkcon, SDHCIState),
>>> +        VMSTATE_UINT8(timeoutcon, SDHCIState),
>>> +        VMSTATE_UINT8(admaerr, SDHCIState),
>>> +        VMSTATE_UINT16(norintsts, SDHCIState),
>>> +        VMSTATE_UINT16(errintsts, SDHCIState),
>>> +        VMSTATE_UINT16(norintstsen, SDHCIState),
>>> +        VMSTATE_UINT16(errintstsen, SDHCIState),
>>> +        VMSTATE_UINT16(norintsigen, SDHCIState),
>>> +        VMSTATE_UINT16(errintsigen, SDHCIState),
>>> +        VMSTATE_UINT16(acmd12errsts, SDHCIState),
>>> +        VMSTATE_UINT16(data_count, SDHCIState),
>>> +        VMSTATE_UINT64(admasysaddr, SDHCIState),
>>> +        VMSTATE_UINT8(stopped_state, SDHCIState),
>>> +        VMSTATE_VBUFFER_UINT32(fifo_buffer, SDHCIState, 1, NULL, 0,
>>> buf_maxsz),
>>> +        VMSTATE_TIMER(insert_timer, SDHCIState),
>>> +        VMSTATE_TIMER(transfer_timer, SDHCIState),
>>> +        VMSTATE_END_OF_LIST()
>>> +    }
>>> +};
>>> +
>>> +/* Capabilities registers provide information on supported features of
>>> this
>>> + * specific host controller implementation */
>>> +static Property sdhci_properties[] = {
>>> +    DEFINE_PROP_HEX32("capareg", SDHCIState, capareg,
>>> +            SDHC_CAPAB_REG_DEFAULT),
>>> +    DEFINE_PROP_HEX32("maxcurr", SDHCIState, maxcurr, 0),
>>> +    DEFINE_PROP_END_OF_LIST(),
>>> +};
>>> +
>>> +static int sdhci_realize(SysBusDevice *busdev)
>>> +{
>>> +    SDHCIState *s = SDHCI(busdev);
>>> +
>>> +    s->buf_maxsz = sdhci_get_fifolen(s);
>>> +    s->fifo_buffer = g_malloc0(s->buf_maxsz);
>>> +    sysbus_init_irq(busdev, &s->irq);
>>> +    memory_region_init_io(&s->iomem, &sdhci_mmio_ops, s, "sdhci",
>>> +            SDHC_REGISTERS_MAP_SIZE);
>>> +    sysbus_init_mmio(busdev, &s->iomem);
>>> +    return 0;
>>> +}
>>> +
>>> +static void sdhci_generic_reset(DeviceState *ds)
>>> +{
>>> +    SDHCIState *s = SDHCI(ds);
>>> +    SDHCI_GET_CLASS(s)->reset(s);
>>> +}
>>> +
>>> +static void sdhci_class_init(ObjectClass *klass, void *data)
>>> +{
>>> +    DeviceClass *dc = DEVICE_CLASS(klass);
>>> +    SysBusDeviceClass *sbdc = SYS_BUS_DEVICE_CLASS(klass);
>>> +    SDHCIClass *k = SDHCI_CLASS(klass);
>>> +
>>> +    dc->vmsd = &sdhci_vmstate;
>>> +    dc->props = sdhci_properties;
>>> +    dc->reset = sdhci_generic_reset;
>>> +    sbdc->init = sdhci_realize;
>>> +
>>> +    k->reset = sdhci_reset;
>>> +    k->mem_read = sdhci_read;
>>> +    k->mem_write = sdhci_write;
>>> +    k->send_command = sdhci_send_command;
>>> +    k->can_issue_command = sdhci_can_issue_command;
>>> +    k->data_transfer = sdhci_data_transfer;
>>> +    k->end_data_transfer = sdhci_end_transfer;
>>> +    k->do_sdma_single = sdhci_sdma_transfer_single_block;
>>> +    k->do_sdma_multi = sdhci_sdma_transfer_multi_blocks;
>>> +    k->do_adma = sdhci_do_adma;
>>> +    k->read_block_from_card = sdhci_read_block_from_card;
>>> +    k->write_block_to_card = sdhci_write_block_to_card;
>>> +    k->bdata_read = sdhci_read_dataport;
>>> +    k->bdata_write = sdhci_write_dataport;
>>> +}
>>> +
>>> +static const TypeInfo sdhci_type_info = {
>>> +    .name = TYPE_SDHCI,
>>> +    .parent = TYPE_SYS_BUS_DEVICE,
>>> +    .instance_size = sizeof(SDHCIState),
>>> +    .instance_init = sdhci_initfn,
>>> +    .instance_finalize = sdhci_uninitfn,
>>> +    .class_init = sdhci_class_init,
>>> +    .class_size = sizeof(SDHCIClass)
>>> +};
>>> +
>>> +static void sdhci_register_types(void)
>>> +{
>>> +    type_register_static(&sdhci_type_info);
>>> +}
>>> +
>>> +type_init(sdhci_register_types)
>>> diff --git a/hw/sdhci.h b/hw/sdhci.h
>>> new file mode 100644
>>> index 0000000..6b67873
>>> --- /dev/null
>>> +++ b/hw/sdhci.h
>>> @@ -0,0 +1,311 @@
>>> +/*
>>> + * SD Association Host Standard Specification v2.0 controller emulation
>>> + *
>>> + * Copyright (c) 2011 Samsung Electronics Co., Ltd.
>>> + * Mitsyanko Igor <i.mitsyanko@samsung.com>
>>> + * Peter A.G. Crosthwaite <peter.crosthwaite@petalogix.com>
>>> + *
>>> + * Based on MMC controller for Samsung S5PC1xx-based board emulation
>>> + * by Alexey Merkulov and Vladimir Monakhov.
>>> + *
>>> + * This program is free software; you can redistribute it and/or modify
>>> it
>>> + * under the terms of the GNU General Public License as published by the
>>> + * Free Software Foundation; either version 2 of the License, or (at your
>>> + * option) any later version.
>>> + *
>>> + * This program is distributed in the hope that it will be useful,
>>> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
>>> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
>>> + * See the GNU General Public License for more details.
>>> + *
>>> + * You should have received a copy of the GNU General Public License
>>> along
>>> + * with this program; if not, see <http://www.gnu.org/licenses/>.
>>> + */
>>> +
>>> +#ifndef SDHCI_H
>>> +#define SDHCI_H
>>> +
>>> +#include "qemu-common.h"
>>> +#include "sysbus.h"
>>> +#include "sd.h"
>>> +
>>> +/* R/W SDMA System Address register 0x0 */
>>> +#define SDHC_SYSAD                     0x00
>>> +
>>> +/* R/W Host DMA Buffer Boundary and Transfer Block Size Register 0x0 */
>>> +#define SDHC_BLKSIZE                   0x04
>>> +
>>> +/* R/W Blocks count for current transfer 0x0 */
>>> +#define SDHC_BLKCNT                    0x06
>>> +
>>> +/* R/W Command Argument Register 0x0 */
>>> +#define SDHC_ARGUMENT                  0x08
>>> +
>>> +/* R/W Transfer Mode Setting Register 0x0 */
>>> +#define SDHC_TRNMOD                    0x0C
>>> +#define SDHC_TRNS_DMA                  0x0001
>>> +#define SDHC_TRNS_BLK_CNT_EN           0x0002
>>> +#define SDHC_TRNS_ACMD12               0x0004
>>> +#define SDHC_TRNS_READ                 0x0010
>>> +#define SDHC_TRNS_MULTI                0x0020
>>> +
>>> +/* R/W Command Register 0x0 */
>>> +#define SDHC_CMDREG                    0x0E
>>> +#define SDHC_CMD_RSP_WITH_BUSY         (3 << 0)
>>> +#define SDHC_CMD_DATA_PRESENT          (1 << 5)
>>> +#define SDHC_CMD_SUSPEND               (1 << 6)
>>> +#define SDHC_CMD_RESUME                (1 << 7)
>>> +#define SDHC_CMD_ABORT                 ((1 << 6)|(1 << 7))
>>> +#define SDHC_CMD_TYPE_MASK             ((1 << 6)|(1 << 7))
>>> +#define SDHC_COMMAND_TYPE(x)           ((x) & SDHC_CMD_TYPE_MASK)
>>> +
>>> +/* ROC Response Register 0 0x0 */
>>> +#define SDHC_RSPREG0                   0x10
>>> +/* ROC Response Register 1 0x0 */
>>> +#define SDHC_RSPREG1                   0x14
>>> +/* ROC Response Register 2 0x0 */
>>> +#define SDHC_RSPREG2                   0x18
>>> +/* ROC Response Register 3 0x0 */
>>> +#define SDHC_RSPREG3                   0x1C
>>> +
>>> +/* R/W Buffer Data Register 0x0 */
>>> +#define SDHC_BDATA                     0x20
>>> +
>>> +/* R/ROC Present State Register 0x000A0000 */
>>> +#define SDHC_PRNSTS                    0x24
>>> +#define SDHC_CMD_INHIBIT               0x00000001
>>> +#define SDHC_DATA_INHIBIT              0x00000002
>>> +#define SDHC_DAT_LINE_ACTIVE           0x00000004
>>> +#define SDHC_DOING_WRITE               0x00000100
>>> +#define SDHC_DOING_READ                0x00000200
>>> +#define SDHC_SPACE_AVAILABLE           0x00000400
>>> +#define SDHC_DATA_AVAILABLE            0x00000800
>>> +#define SDHC_CARD_PRESENT              0x00010000
>>> +#define SDHC_CARD_DETECT               0x00040000
>>> +#define SDHC_WRITE_PROTECT             0x00080000
>>> +#define TRANSFERRING_DATA(x)           \
>>> +    ((x) & (SDHC_DOING_READ | SDHC_DOING_WRITE))
>>> +
>>> +/* R/W Host control Register 0x0 */
>>> +#define SDHC_HOSTCTL                   0x28
>>> +#define SDHC_CTRL_DMA_CHECK_MASK       0x18
>>> +#define SDHC_CTRL_SDMA                 0x00
>>> +#define SDHC_CTRL_ADMA1_32             0x08
>>> +#define SDHC_CTRL_ADMA2_32             0x10
>>> +#define SDHC_CTRL_ADMA2_64             0x18
>>> +#define SDHC_DMA_TYPE(x)               ((x) & SDHC_CTRL_DMA_CHECK_MASK)
>>> +
>>> +/* R/W Power Control Register 0x0 */
>>> +#define SDHC_PWRCON                    0x29
>>> +#define SDHC_POWER_ON                  (1 << 0)
>>> +
>>> +/* R/W Block Gap Control Register 0x0 */
>>> +#define SDHC_BLKGAP                    0x2A
>>> +#define SDHC_STOP_AT_GAP_REQ           0x01
>>> +#define SDHC_CONTINUE_REQ              0x02
>>> +
>>> +/* R/W WakeUp Control Register 0x0 */
>>> +#define SDHC_WAKCON                    0x2B
>>> +#define SDHC_WKUP_ON_INS               (1 << 1)
>>> +#define SDHC_WKUP_ON_RMV               (1 << 2)
>>> +
>>> +/* CLKCON */
>>> +#define SDHC_CLKCON                    0x2C
>>> +#define SDHC_CLOCK_INT_STABLE          0x0002
>>> +#define SDHC_CLOCK_INT_EN              0x0001
>>> +#define SDHC_CLOCK_SDCLK_EN            (1 << 2)
>>> +#define SDHC_CLOCK_CHK_MASK            0x0007
>>> +#define SDHC_CLOCK_IS_ON(x)            \
>>> +    (((x) & SDHC_CLOCK_CHK_MASK) == SDHC_CLOCK_CHK_MASK)
>>> +
>>> +/* R/W Timeout Control Register 0x0 */
>>> +#define SDHC_TIMEOUTCON                0x2E
>>> +
>>> +/* R/W Software Reset Register 0x0 */
>>> +#define SDHC_SWRST                     0x2F
>>> +#define SDHC_RESET_ALL                 0x01
>>> +#define SDHC_RESET_CMD                 0x02
>>> +#define SDHC_RESET_DATA                0x04
>>> +
>>> +/* ROC/RW1C Normal Interrupt Status Register 0x0 */
>>> +#define SDHC_NORINTSTS                 0x30
>>> +#define SDHC_NIS_ERR                   0x8000
>>> +#define SDHC_NIS_CMDCMP                0x0001
>>> +#define SDHC_NIS_TRSCMP                0x0002
>>> +#define SDHC_NIS_BLKGAP                0x0004
>>> +#define SDHC_NIS_DMA                   0x0008
>>> +#define SDHC_NIS_WBUFRDY               0x0010
>>> +#define SDHC_NIS_RBUFRDY               0x0020
>>> +#define SDHC_NIS_INSERT                0x0040
>>> +#define SDHC_NIS_REMOVE                0x0080
>>> +#define SDHC_NIS_CARDINT               0x0100
>>> +
>>> +/* ROC/RW1C Error Interrupt Status Register 0x0 */
>>> +#define SDHC_ERRINTSTS                 0x32
>>> +#define SDHC_EIS_CMDTIMEOUT            0x0001
>>> +#define SDHC_EIS_BLKGAP                0x0004
>>> +#define SDHC_EIS_CMDIDX                0x0008
>>> +#define SDHC_EIS_CMD12ERR              0x0100
>>> +#define SDHC_EIS_ADMAERR               0x0200
>>> +
>>> +/* R/W Normal Interrupt Status Enable Register 0x0 */
>>> +#define SDHC_NORINTSTSEN               0x34
>>> +#define SDHC_NISEN_CMDCMP              0x0001
>>> +#define SDHC_NISEN_TRSCMP              0x0002
>>> +#define SDHC_NISEN_DMA                 0x0008
>>> +#define SDHC_NISEN_WBUFRDY             0x0010
>>> +#define SDHC_NISEN_RBUFRDY             0x0020
>>> +#define SDHC_NISEN_INSERT              0x0040
>>> +#define SDHC_NISEN_REMOVE              0x0080
>>> +#define SDHC_NISEN_CARDINT             0x0100
>>> +
>>> +/* R/W Error Interrupt Status Enable Register 0x0 */
>>> +#define SDHC_ERRINTSTSEN               0x36
>>> +#define SDHC_EISEN_CMDTIMEOUT          0x0001
>>> +#define SDHC_EISEN_BLKGAP              0x0004
>>> +#define SDHC_EISEN_CMDIDX              0x0008
>>> +#define SDHC_EISEN_ADMAERR             0x0200
>>> +
>>> +/* R/W Normal Interrupt Signal Enable Register 0x0 */
>>> +#define SDHC_NORINTSIGEN               0x38
>>> +#define SDHC_NORINTSIG_INSERT          (1 << 6)
>>> +#define SDHC_NORINTSIG_REMOVE          (1 << 7)
>>> +
>>> +/* R/W Error Interrupt Signal Enable Register 0x0 */
>>> +#define SDHC_ERRINTSIGEN               0x3A
>>> +
>>> +/* ROC Auto CMD12 error status register 0x0 */
>>> +#define SDHC_ACMD12ERRSTS              0x3C
>>> +
>>> +/* HWInit Capabilities Register 0x05E80080 */
>>> +#define SDHC_CAPAREG                   0x40
>>> +#define SDHC_CAN_DO_DMA                0x00400000
>>> +#define SDHC_CAN_DO_ADMA2              0x00080000
>>> +#define SDHC_CAN_DO_ADMA1              0x00100000
>>> +#define SDHC_64_BIT_BUS_SUPPORT        (1 << 28)
>>> +#define SDHC_CAPAB_BLOCKSIZE(x)        (((x) >> 16) & 0x3)
>>> +
>>> +/* HWInit Maximum Current Capabilities Register 0x0 */
>>> +#define SDHC_MAXCURR                   0x48
>>> +
>>> +/* W Force Event Auto CMD12 Error Interrupt Register 0x0000 */
>>> +#define SDHC_FEAER                     0x50
>>> +/* W Force Event Error Interrupt Register Error Interrupt 0x0000 */
>>> +#define SDHC_FEERR                     0x52
>>> +
>>> +/* R/W ADMA Error Status Register 0x00 */
>>> +#define SDHC_ADMAERR                   0x54
>>> +#define SDHC_ADMAERR_LENGTH_MISMATCH   (1 << 2)
>>> +#define SDHC_ADMAERR_STATE_ST_STOP     (0 << 0)
>>> +#define SDHC_ADMAERR_STATE_ST_FDS      (1 << 0)
>>> +#define SDHC_ADMAERR_STATE_ST_TFR      (3 << 0)
>>> +#define SDHC_ADMAERR_STATE_MASK        (3 << 0)
>>> +
>>> +/* R/W ADMA System Address Register 0x00 */
>>> +#define SDHC_ADMASYSADDR               0x58
>>> +#define SDHC_ADMA_ATTR_SET_LEN         (1 << 4)
>>> +#define SDHC_ADMA_ATTR_ACT_TRAN        (1 << 5)
>>> +#define SDHC_ADMA_ATTR_ACT_LINK        (3 << 4)
>>> +#define SDHC_ADMA_ATTR_INT             (1 << 2)
>>> +#define SDHC_ADMA_ATTR_END             (1 << 1)
>>> +#define SDHC_ADMA_ATTR_VALID           (1 << 0)
>>> +#define SDHC_ADMA_ATTR_ACT_MASK        ((1 << 4)|(1 << 5))
>>> +
>>> +/* Slot interrupt status */
>>> +#define SDHC_SLOT_INT_STATUS            0xFC
>>> +
>>> +/* HWInit Host Controller Version Register 0x0401 */
>>> +#define SDHC_HCVER                      0xFE
>>> +#define SD_HOST_SPECv2_VERS             0x2401
>>> +
>>> +#define SDHC_REGISTERS_MAP_SIZE         0x100
>>> +#define SDHC_INSERTION_DELAY            (get_ticks_per_sec())
>>> +#define SDHC_TRANSFER_DELAY             100
>>> +#define SDHC_CMD_RESPONSE               (3 << 0)
>>> +
>>> +enum {
>>> +    sdhc_not_stopped = 0, /* normal SDHC state */
>>> +    sdhc_gap_read   = 1,  /* SDHC stopped at block gap during read
>>> operation */
>>> +    sdhc_gap_write  = 2   /* SDHC stopped at block gap during write
>>> operation */
>>> +};
>>> +
>>> +/* SD/MMC host controller state */
>>> +typedef struct SDHCIState {
>>> +    SysBusDevice busdev;
>>> +    SDState *card;
>>> +    MemoryRegion iomem;
>>> +
>>> +    QEMUTimer *insert_timer;       /* timer for 'changing' sd card. */
>>> +    QEMUTimer *transfer_timer;
>>> +    qemu_irq eject_cb;
>>> +    qemu_irq ro_cb;
>>> +    qemu_irq irq;
>>> +
>>> +    uint32_t sdmasysad;    /* SDMA System Address register */
>>> +    uint16_t blksize;      /* Host DMA Buff Boundary and Transfer BlkSize
>>> Reg */
>>> +    uint16_t blkcnt;       /* Blocks count for current transfer */
>>> +    uint32_t argument;     /* Command Argument Register */
>>> +    uint16_t trnmod;       /* Transfer Mode Setting Register */
>>> +    uint16_t cmdreg;       /* Command Register */
>>> +    uint32_t rspreg[4];    /* Response Registers 0-3 */
>>> +    uint32_t prnsts;       /* Present State Register */
>>> +    uint8_t  hostctl;      /* Host Control Register */
>>> +    uint8_t  pwrcon;       /* Power control Register */
>>> +    uint8_t  blkgap;       /* Block Gap Control Register */
>>> +    uint8_t  wakcon;       /* WakeUp Control Register */
>>> +    uint16_t clkcon;       /* Clock control Register */
>>> +    uint8_t  timeoutcon;   /* Timeout Control Register */
>>> +    uint8_t  admaerr;      /* ADMA Error Status Register */
>>> +    uint16_t norintsts;    /* Normal Interrupt Status Register */
>>> +    uint16_t errintsts;    /* Error Interrupt Status Register */
>>> +    uint16_t norintstsen;  /* Normal Interrupt Status Enable Register */
>>> +    uint16_t errintstsen;  /* Error Interrupt Status Enable Register */
>>> +    uint16_t norintsigen;  /* Normal Interrupt Signal Enable Register */
>>> +    uint16_t errintsigen;  /* Error Interrupt Signal Enable Register */
>>> +    uint16_t acmd12errsts; /* Auto CMD12 error status register */
>>> +    uint64_t admasysaddr;  /* ADMA System Address Register */
>>> +
>>> +    uint32_t capareg;      /* Capabilities Register */
>>> +    uint32_t maxcurr;      /* Maximum Current Capabilities Register */
>>> +    uint8_t  *fifo_buffer; /* SD host i/o FIFO buffer */
>>> +    uint32_t buf_maxsz;
>>> +    uint16_t data_count;   /* current element in FIFO buffer */
>>> +    uint8_t  stopped_state;/* Current SDHC state */
>>> +    /* Buffer Data Port Register - virtual access point to R and W
>>> buffers */
>>> +    /* Software Reset Register - always reads as 0 */
>>> +    /* Force Event Auto CMD12 Error Interrupt Reg - write only */
>>> +    /* Force Event Error Interrupt Register- write only */
>>> +    /* RO Host Controller Version Register always reads as 0x2401 */
>>> +} SDHCIState;
>>> +
>>> +typedef struct SDHCIClass {
>>> +    SysBusDeviceClass busdev_class;
>>> +
>>> +    void (*reset)(SDHCIState *s);
>>> +    uint32_t (*mem_read)(SDHCIState *s, unsigned int offset, unsigned
>>> size);
>>> +    void (*mem_write)(SDHCIState *s, unsigned int offset, uint32_t value,
>>> +            unsigned size);
>>> +    void (*send_command)(SDHCIState *s);
>>> +    bool (*can_issue_command)(SDHCIState *s);
>>> +    void (*data_transfer)(SDHCIState *s);
>>> +    void (*end_data_transfer)(SDHCIState *s);
>>> +    void (*do_sdma_single)(SDHCIState *s);
>>> +    void (*do_sdma_multi)(SDHCIState *s);
>>> +    void (*do_adma)(SDHCIState *s);
>>> +    void (*read_block_from_card)(SDHCIState *s);
>>> +    void (*write_block_to_card)(SDHCIState *s);
>>> +    uint32_t (*bdata_read)(SDHCIState *s, unsigned size);
>>> +    void (*bdata_write)(SDHCIState *s, uint32_t value, unsigned size);
>>> +} SDHCIClass;
>>> +
>>> +extern const VMStateDescription sdhci_vmstate;
>>> +
>>> +#define TYPE_SDHCI            "sdhci"
>>> +#define SDHCI(obj)            \
>>> +     OBJECT_CHECK(SDHCIState, (obj), TYPE_SDHCI)
>>> +#define SDHCI_CLASS(klass)    \
>>> +     OBJECT_CLASS_CHECK(SDHCIClass, (klass), TYPE_SDHCI)
>>> +#define SDHCI_GET_CLASS(obj)  \
>>> +     OBJECT_GET_CLASS(SDHCIClass, (obj), TYPE_SDHCI)
>>> +
>>> +#endif /* SDHCI_H */
>>
>> --
>> Mitsyanko Igor
>> ASWG, Moscow R&D center, Samsung Electronics
>> email: i.mitsyanko@samsung.com
>>
>>

Patch

diff --git a/default-configs/arm-softmmu.mak b/default-configs/arm-softmmu.mak
index 2f1a5c9..5bed407 100644
--- a/default-configs/arm-softmmu.mak
+++ b/default-configs/arm-softmmu.mak
@@ -46,3 +46,5 @@  CONFIG_XGMAC=y
 
 CONFIG_VERSATILE_PCI=y
 CONFIG_VERSATILE_I2C=y
+
+CONFIG_SDHCI=y
diff --git a/hw/Makefile.objs b/hw/Makefile.objs
index af4ab0c..0a9ef17 100644
--- a/hw/Makefile.objs
+++ b/hw/Makefile.objs
@@ -37,6 +37,7 @@  common-obj-$(CONFIG_SMARTCARD) += ccid-card-passthru.o
 common-obj-$(CONFIG_SMARTCARD_NSS) += ccid-card-emulated.o
 common-obj-$(CONFIG_I8259) += i8259_common.o i8259.o
 common-obj-y += fifo.o
+common-obj-$(CONFIG_SDHCI) += sdhci.o
 
 # PPC devices
 common-obj-$(CONFIG_PREP_PCI) += prep_pci.o
diff --git a/hw/sdhci.c b/hw/sdhci.c
new file mode 100644
index 0000000..55a26af
--- /dev/null
+++ b/hw/sdhci.c
@@ -0,0 +1,1299 @@ 
+/*
+ * SD Association Host Standard Specification v2.0 controller emulation
+ *
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd.
+ * Mitsyanko Igor <i.mitsyanko@samsung.com>
+ * Peter A.G. Crosthwaite <peter.crosthwaite@petalogix.com>
+ *
+ * Based on MMC controller for Samsung S5PC1xx-based board emulation
+ * by Alexey Merkulov and Vladimir Monakhov.
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ * See the GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "hw.h"
+#include "blockdev.h"
+#include "qemu-timer.h"
+#include "sdhci.h"
+#include "block_int.h"
+#include "dma.h"
+#include "bitops.h"
+
+/* host controller debug messages */
+#ifndef SDHC_DEBUG
+#define SDHC_DEBUG                        0
+#endif
+
+#if SDHC_DEBUG == 0
+    #define DPRINT_L1(fmt, args...)       do { } while (0)
+    #define DPRINT_L2(fmt, args...)       do { } while (0)
+    #define ERRPRINT(fmt, args...)        do { } while (0)
+#elif SDHC_DEBUG == 1
+    #define DPRINT_L1(fmt, args...)       \
+        do {fprintf(stderr, "QEMU SDHC: "fmt, ## args); } while (0)
+    #define DPRINT_L2(fmt, args...)       do { } while (0)
+    #define ERRPRINT(fmt, args...)        \
+        do {fprintf(stderr, "QEMU SDHC ERROR: "fmt, ## args); } while (0)
+#else
+    #define DPRINT_L1(fmt, args...)       \
+        do {fprintf(stderr, "QEMU SDHC: "fmt, ## args); } while (0)
+    #define DPRINT_L2(fmt, args...)       \
+        do {fprintf(stderr, "QEMU SDHC: "fmt, ## args); } while (0)
+    #define ERRPRINT(fmt, args...)        \
+        do {fprintf(stderr, "QEMU SDHC ERROR: "fmt, ## args); } while (0)
+#endif
+
+/* Default SD/MMC host controller features information, which will be
+ * presented in CAPABILITIES register of generic SD host controller at reset.
+ * If not stated otherwise:
+ * 0 - not supported, 1 - supported, other - prohibited.
+ */
+#define SDHC_CAPAB_64BITBUS       0ul        /* 64-bit System Bus Support */
+#define SDHC_CAPAB_18V            1ul        /* Voltage support 1.8v */
+#define SDHC_CAPAB_30V            0ul        /* Voltage support 3.0v */
+#define SDHC_CAPAB_33V            1ul        /* Voltage support 3.3v */
+#define SDHC_CAPAB_SUSPRESUME     0ul        /* Suspend/resume support */
+#define SDHC_CAPAB_SDMA           1ul        /* SDMA support */
+#define SDHC_CAPAB_HIGHSPEED      1ul        /* High speed support */
+#define SDHC_CAPAB_ADMA1          1ul        /* ADMA1 support */
+#define SDHC_CAPAB_ADMA2          1ul        /* ADMA2 support */
+/* Maximum host controller R/W buffers size
+ * Possible values: 512, 1024, 2048 bytes */
+#define SDHC_CAPAB_MAXBLOCKLENGTH 512ul
+/* Maximum clock frequency for SDclock in MHz
+ * value in range 10-63 MHz, 0 - not defined */
+#define SDHC_CAPAB_BASECLKFREQ    0ul
+#define SDHC_CAPAB_TOUNIT         1ul  /* Timeout clock unit 0 - kHz, 1 - MHz */
+/* Timeout clock frequency 1-63, 0 - not defined */
+#define SDHC_CAPAB_TOCLKFREQ      0ul
+
+/* Now check all parameters and calculate CAPABILITIES REGISTER value */
+#if SDHC_CAPAB_64BITBUS > 1 || SDHC_CAPAB_18V > 1 || SDHC_CAPAB_30V > 1 ||     \
+    SDHC_CAPAB_33V > 1 || SDHC_CAPAB_SUSPRESUME > 1 || SDHC_CAPAB_SDMA > 1 ||  \
+    SDHC_CAPAB_HIGHSPEED > 1 || SDHC_CAPAB_ADMA2 > 1 || SDHC_CAPAB_ADMA1 > 1 ||\
+    SDHC_CAPAB_TOUNIT > 1
+#error Capabilities features can have value 0 or 1 only!
+#endif
+
+#if SDHC_CAPAB_MAXBLOCKLENGTH == 512
+#define MAX_BLOCK_LENGTH 0ul
+#elif SDHC_CAPAB_MAXBLOCKLENGTH == 1024
+#define MAX_BLOCK_LENGTH 1ul
+#elif SDHC_CAPAB_MAXBLOCKLENGTH == 2048
+#define MAX_BLOCK_LENGTH 2ul
+#else
+#error Max host controller block size can have value 512, 1024 or 2048 only!
+#endif
+
+#if (SDHC_CAPAB_BASECLKFREQ > 0 && SDHC_CAPAB_BASECLKFREQ < 10) || \
+    SDHC_CAPAB_BASECLKFREQ > 63
+#error SDclock frequency can have value in range 0, 10-63 only!
+#endif
+
+#if SDHC_CAPAB_TOCLKFREQ > 63
+#error Timeout clock frequency can have value in range 0-63 only!
+#endif
+
+#define SDHC_CAPAB_REG_DEFAULT                                 \
+   ((SDHC_CAPAB_64BITBUS << 28) | (SDHC_CAPAB_18V << 26) |     \
+    (SDHC_CAPAB_30V << 25) | (SDHC_CAPAB_33V << 24) |          \
+    (SDHC_CAPAB_SUSPRESUME << 23) | (SDHC_CAPAB_SDMA << 22) |  \
+    (SDHC_CAPAB_HIGHSPEED << 21) | (SDHC_CAPAB_ADMA1 << 20) |  \
+    (SDHC_CAPAB_ADMA2 << 19) | (MAX_BLOCK_LENGTH << 16) |      \
+    (SDHC_CAPAB_BASECLKFREQ << 8) | (SDHC_CAPAB_TOUNIT << 7) | \
+    (SDHC_CAPAB_TOCLKFREQ))
+
+#define MASKED_WRITE(reg, mask, val)  (reg = (reg & (mask)) | (val))
+
+static uint8_t sdhci_slotint(SDHCIState *s)
+{
+    return (s->norintsts & s->norintsigen) || (s->errintsts & s->errintsigen) ||
+         ((s->norintsts & SDHC_NIS_INSERT) && (s->wakcon & SDHC_WKUP_ON_INS)) ||
+         ((s->norintsts & SDHC_NIS_REMOVE) && (s->wakcon & SDHC_WKUP_ON_RMV));
+}
+
+static inline void sdhci_update_irq(SDHCIState *s)
+{
+    qemu_set_irq(s->irq, sdhci_slotint(s));
+}
+
+static void sdhci_raise_insertion_irq(void *opaque)
+{
+    SDHCIState *s = (SDHCIState *)opaque;
+
+    if (s->norintsts & SDHC_NIS_REMOVE) {
+        qemu_mod_timer(s->insert_timer,
+                       qemu_get_clock_ns(vm_clock) + SDHC_INSERTION_DELAY);
+    } else {
+        s->prnsts = 0x1ff0000;
+        if (s->norintstsen & SDHC_NISEN_INSERT) {
+            s->norintsts |= SDHC_NIS_INSERT;
+        }
+        sdhci_update_irq(s);
+    }
+}
+
+static void sdhci_insert_eject_cb(void *opaque, int irq, int level)
+{
+    SDHCIState *s = (SDHCIState *)opaque;
+    DPRINT_L1("Card state changed: %s!\n", level ? "insert" : "eject");
+
+    if ((s->norintsts & SDHC_NIS_REMOVE) && level) {
+        /* Give target some time to notice card ejection */
+        qemu_mod_timer(s->insert_timer,
+                       qemu_get_clock_ns(vm_clock) + SDHC_INSERTION_DELAY);
+    } else {
+        if (level) {
+            s->prnsts = 0x1ff0000;
+            if (s->norintstsen & SDHC_NISEN_INSERT) {
+                s->norintsts |= SDHC_NIS_INSERT;
+            }
+        } else {
+            s->prnsts = 0x1fa0000;
+            s->pwrcon &= ~SDHC_POWER_ON;
+            s->clkcon &= ~SDHC_CLOCK_SDCLK_EN;
+            if (s->norintstsen & SDHC_NISEN_REMOVE) {
+                s->norintsts |= SDHC_NIS_REMOVE;
+            }
+        }
+        sdhci_update_irq(s);
+    }
+}
+
+static void sdhci_card_readonly_cb(void *opaque, int irq, int level)
+{
+    SDHCIState *s = (SDHCIState *)opaque;
+
+    if (level) {
+        s->prnsts &= ~SDHC_WRITE_PROTECT;
+    } else {
+        /* Write enabled */
+        s->prnsts |= SDHC_WRITE_PROTECT;
+    }
+}
+
+static void sdhci_reset(SDHCIState *s)
+{
+    qemu_del_timer(s->insert_timer);
+    qemu_del_timer(s->transfer_timer);
+    /* Set all registers to 0. Capabilities registers are not cleared
+     * and assumed to always preserve their value, given to them during
+     * initialization */
+    memset(&s->sdmasysad, 0, (uintptr_t)&s->capareg - (uintptr_t)&s->sdmasysad);
+
+    sd_set_cb(s->card, s->ro_cb, s->eject_cb);
+    s->data_count = 0;
+    s->stopped_state = sdhc_not_stopped;
+}
+
+static void sdhci_do_data_transfer(void *opaque)
+{
+    SDHCIState *s = (SDHCIState *)opaque;
+
+    SDHCI_GET_CLASS(s)->data_transfer(s);
+}
+
+static void sdhci_send_command(SDHCIState *s)
+{
+    SDRequest request;
+    uint8_t response[16];
+    int rlen;
+
+    s->errintsts = 0;
+    s->acmd12errsts = 0;
+    request.cmd = s->cmdreg >> 8;
+    request.arg = s->argument;
+    DPRINT_L1("sending CMD%u ARG[0x%08x]\n", request.cmd, request.arg);
+    rlen = sd_do_command(s->card, &request, response);
+
+    if (s->cmdreg & SDHC_CMD_RESPONSE) {
+        if (rlen == 4) {
+            s->rspreg[0] = (response[0] << 24) | (response[1] << 16) |
+                           (response[2] << 8)  |  response[3];
+            s->rspreg[1] = s->rspreg[2] = s->rspreg[3] = 0;
+            DPRINT_L1("Response: RSPREG[31..0]=0x%08x\n", s->rspreg[0]);
+        } else if (rlen == 16) {
+            s->rspreg[0] = (response[11] << 24) | (response[12] << 16) |
+                           (response[13] << 8) |  response[14];
+            s->rspreg[1] = (response[7] << 24) | (response[8] << 16) |
+                           (response[9] << 8)  |  response[10];
+            s->rspreg[2] = (response[3] << 24) | (response[4] << 16) |
+                           (response[5] << 8)  |  response[6];
+            s->rspreg[3] = (response[0] << 16) | (response[1] << 8) |
+                            response[2];
+            DPRINT_L1("Response received:\n RSPREG[127..96]=0x%08x, RSPREG[95.."
+                  "64]=0x%08x,\n RSPREG[63..32]=0x%08x, RSPREG[31..0]=0x%08x\n",
+                  s->rspreg[3], s->rspreg[2], s->rspreg[1], s->rspreg[0]);
+        } else {
+            ERRPRINT("Timeout waiting for command response\n");
+            if (s->errintstsen & SDHC_EISEN_CMDTIMEOUT) {
+                s->errintsts |= SDHC_EIS_CMDTIMEOUT;
+                s->norintsts |= SDHC_NIS_ERR;
+            }
+        }
+
+        if ((s->norintstsen & SDHC_NISEN_TRSCMP) &&
+            (s->cmdreg & SDHC_CMD_RESPONSE) == SDHC_CMD_RSP_WITH_BUSY) {
+            s->norintsts |= SDHC_NIS_TRSCMP;
+        }
+    } else if (rlen != 0 && (s->errintstsen & SDHC_EISEN_CMDIDX)) {
+        s->errintsts |= SDHC_EIS_CMDIDX;
+        s->norintsts |= SDHC_NIS_ERR;
+    }
+
+    if (s->norintstsen & SDHC_NISEN_CMDCMP) {
+        s->norintsts |= SDHC_NIS_CMDCMP;
+    }
+
+    sdhci_update_irq(s);
+
+    if (s->blksize && (s->cmdreg & SDHC_CMD_DATA_PRESENT)) {
+        qemu_mod_timer(s->transfer_timer,
+                       qemu_get_clock_ns(vm_clock) + SDHC_TRANSFER_DELAY);
+    }
+}
+
+static void sdhci_end_transfer(SDHCIState *s)
+{
+    /* Automatically send CMD12 to stop transfer if AutoCMD12 enabled */
+    if ((s->trnmod & SDHC_TRNS_ACMD12) != 0) {
+        SDRequest request;
+        uint8_t response[16];
+
+        request.cmd = 0x0C;
+        request.arg = 0;
+        DPRINT_L1("Automatically issue CMD%d %08x\n", request.cmd, request.arg);
+        sd_do_command(s->card, &request, response);
+        /* Auto CMD12 response goes to the upper Response register */
+        s->rspreg[3] = (response[0] << 24) | (response[1] << 16) |
+                (response[2] << 8) | response[3];
+    }
+
+    s->prnsts &= ~(SDHC_DOING_READ | SDHC_DOING_WRITE |
+            SDHC_DAT_LINE_ACTIVE | SDHC_DATA_INHIBIT |
+            SDHC_SPACE_AVAILABLE | SDHC_DATA_AVAILABLE);
+
+    if (s->norintstsen & SDHC_NISEN_TRSCMP) {
+        s->norintsts |= SDHC_NIS_TRSCMP;
+    }
+
+    sdhci_update_irq(s);
+}
+
+/*
+ * Programmed i/o data transfer
+ */
+
+/* Fill host controller's read buffer with BLKSIZE bytes of data from card */
+static void sdhci_read_block_from_card(SDHCIState *s)
+{
+    int index = 0;
+
+    if ((s->trnmod & SDHC_TRNS_MULTI) &&
+            (s->trnmod & SDHC_TRNS_BLK_CNT_EN) && (s->blkcnt == 0)) {
+        return;
+    }
+
+    for (index = 0; index < (s->blksize & 0x0fff); index++) {
+        s->fifo_buffer[index] = sd_read_data(s->card);
+    }
+
+    /* New data now available for READ through Buffer Port Register */
+    s->prnsts |= SDHC_DATA_AVAILABLE;
+    if (s->norintstsen & SDHC_NISEN_RBUFRDY) {
+        s->norintsts |= SDHC_NIS_RBUFRDY;
+    }
+
+    /* Clear DAT line active status if that was the last block */
+    if ((s->trnmod & SDHC_TRNS_MULTI) == 0 ||
+            ((s->trnmod & SDHC_TRNS_MULTI) && s->blkcnt == 1)) {
+        s->prnsts &= ~SDHC_DAT_LINE_ACTIVE;
+    }
+
+    /* If stop at block gap request was set and it's not the last block of
+     * data - generate Block Event interrupt */
+    if (s->stopped_state == sdhc_gap_read && (s->trnmod & SDHC_TRNS_MULTI) &&
+            s->blkcnt != 1)    {
+        s->prnsts &= ~SDHC_DAT_LINE_ACTIVE;
+        if (s->norintstsen & SDHC_EISEN_BLKGAP) {
+            s->norintsts |= SDHC_EIS_BLKGAP;
+        }
+    }
+
+    sdhci_update_irq(s);
+}
+
+/* Read @size byte of data from host controller @s BUFFER DATA PORT register */
+static uint32_t sdhci_read_dataport(SDHCIState *s, unsigned size)
+{
+    uint32_t value = 0;
+    int i;
+
+    /* first check that a valid data exists in host controller input buffer */
+    if ((s->prnsts & SDHC_DATA_AVAILABLE) == 0) {
+        ERRPRINT("Trying to read from empty buffer\n");
+        return 0;
+    }
+
+    for (i = 0; i < size; i++) {
+        value |= s->fifo_buffer[s->data_count] << i * 8;
+        s->data_count++;
+        /* check if we've read all valid data (blksize bytes) from buffer */
+        if ((s->data_count) >= (s->blksize & 0x0fff)) {
+            DPRINT_L2("All %u bytes of data have been read from input buffer\n",
+                    s->data_count);
+            s->prnsts &= ~SDHC_DATA_AVAILABLE; /* no more data in a buffer */
+            s->data_count = 0;  /* next buff read must start at position [0] */
+
+            if (s->trnmod & SDHC_TRNS_BLK_CNT_EN) {
+                s->blkcnt--;
+            }
+
+            /* if that was the last block of data */
+            if ((s->trnmod & SDHC_TRNS_MULTI) == 0 ||
+                ((s->trnmod & SDHC_TRNS_BLK_CNT_EN) && (s->blkcnt == 0)) ||
+                 /* stop at gap request */
+                (s->stopped_state == sdhc_gap_read &&
+                 !(s->prnsts & SDHC_DAT_LINE_ACTIVE))) {
+                SDHCI_GET_CLASS(s)->end_data_transfer(s);
+            } else { /* if there are more data, read next block from card */
+                SDHCI_GET_CLASS(s)->read_block_from_card(s);
+            }
+            break;
+        }
+    }
+
+    return value;
+}
+
+/* Write data from host controller FIFO to card */
+static void sdhci_write_block_to_card(SDHCIState *s)
+{
+    int index = 0;
+
+    if (s->prnsts & SDHC_SPACE_AVAILABLE) {
+        if (s->norintstsen & SDHC_NISEN_WBUFRDY) {
+            s->norintsts |= SDHC_NIS_WBUFRDY;
+        }
+        sdhci_update_irq(s);
+        return;
+    }
+
+    if (s->trnmod & SDHC_TRNS_BLK_CNT_EN) {
+        if (s->blkcnt == 0) {
+            return;
+        } else {
+            s->blkcnt--;
+        }
+    }
+
+    for (index = 0; index < (s->blksize & 0x0fff); index++) {
+        sd_write_data(s->card, s->fifo_buffer[index]);
+    }
+
+    /* Next data can be written through BUFFER DATORT register */
+    s->prnsts |= SDHC_SPACE_AVAILABLE;
+    if (s->norintstsen & SDHC_NISEN_WBUFRDY) {
+        s->norintsts |= SDHC_NIS_WBUFRDY;
+    }
+
+    /* Finish transfer if that was the last block of data */
+    if ((s->trnmod & SDHC_TRNS_MULTI) == 0 ||
+            ((s->trnmod & SDHC_TRNS_MULTI) &&
+            (s->trnmod & SDHC_TRNS_BLK_CNT_EN) && (s->blkcnt == 0))) {
+        SDHCI_GET_CLASS(s)->end_data_transfer(s);
+    }
+
+    /* Generate Block Gap Event if requested and if not the last block */
+    if (s->stopped_state == sdhc_gap_write && (s->trnmod & SDHC_TRNS_MULTI) &&
+            s->blkcnt > 0) {
+        s->prnsts &= ~SDHC_DOING_WRITE;
+        if (s->norintstsen & SDHC_EISEN_BLKGAP) {
+            s->norintsts |= SDHC_EIS_BLKGAP;
+        }
+        SDHCI_GET_CLASS(s)->end_data_transfer(s);
+    }
+
+    sdhci_update_irq(s);
+}
+
+/* Write @size bytes of @value data to host controller @s Buffer Data Port
+ * register */
+static void sdhci_write_dataport(SDHCIState *s, uint32_t value, unsigned size)
+{
+    unsigned i;
+
+    /* Check that there is free space left in a buffer */
+    if (!(s->prnsts & SDHC_SPACE_AVAILABLE)) {
+        ERRPRINT("Can't write to data buffer: buffer full\n");
+        return;
+    }
+
+    for (i = 0; i < size; i++) {
+        s->fifo_buffer[s->data_count] = value & 0xFF;
+        s->data_count++;
+        value >>= 8;
+        if (s->data_count >= (s->blksize & 0x0fff)) {
+            DPRINT_L2("write buffer filled with %u bytes of data\n",
+                    s->data_count);
+            s->data_count = 0;
+            s->prnsts &= ~SDHC_SPACE_AVAILABLE;
+            if (s->prnsts & SDHC_DOING_WRITE) {
+                SDHCI_GET_CLASS(s)->write_block_to_card(s);
+            }
+        }
+    }
+}
+
+/*
+ * Single DMA data transfer
+ */
+
+/* Multi block SDMA transfer */
+static void sdhci_sdma_transfer_multi_blocks(SDHCIState *s)
+{
+    bool page_aligned = false;
+    unsigned int n, begin;
+    const uint16_t block_size = s->blksize & 0x0fff;
+    uint32_t boundary_chk = 1 << (((s->blksize & 0xf000) >> 12) + 12);
+    uint32_t boundary_count = boundary_chk - (s->sdmasysad % boundary_chk);
+
+    /* XXX: Some sd/mmc drivers (for example, u-boot-slp) do not account for
+     * possible stop at page boundary if initial address is not page aligned,
+     * allow them to work properly */
+    if ((s->sdmasysad % boundary_chk) == 0) {
+        page_aligned = true;
+    }
+
+    if (s->trnmod & SDHC_TRNS_READ) {
+        s->prnsts |= SDHC_DOING_READ | SDHC_DATA_INHIBIT |
+                SDHC_DAT_LINE_ACTIVE;
+        while (s->blkcnt) {
+            if (s->data_count == 0) {
+                for (n = 0; n < block_size; n++) {
+                    s->fifo_buffer[n] = sd_read_data(s->card);
+                }
+            }
+            begin = s->data_count;
+            if (((boundary_count + begin) < block_size) && page_aligned) {
+                s->data_count = boundary_count + begin;
+                boundary_count = 0;
+             } else {
+                s->data_count = block_size;
+                boundary_count -= block_size - begin;
+                if (s->trnmod & SDHC_TRNS_BLK_CNT_EN) {
+                    s->blkcnt--;
+                }
+            }
+            dma_memory_write(&dma_context_memory, s->sdmasysad,
+                             &s->fifo_buffer[begin], s->data_count - begin);
+            s->sdmasysad += s->data_count - begin;
+            if (s->data_count == block_size) {
+                s->data_count = 0;
+            }
+            if (page_aligned && boundary_count == 0) {
+                break;
+            }
+        }
+    } else {
+        s->prnsts |= SDHC_DOING_WRITE | SDHC_DATA_INHIBIT |
+                SDHC_DAT_LINE_ACTIVE;
+        while (s->blkcnt) {
+            begin = s->data_count;
+            if (((boundary_count + begin) < block_size) && page_aligned) {
+                s->data_count = boundary_count + begin;
+                boundary_count = 0;
+             } else {
+                s->data_count = block_size;
+                boundary_count -= block_size - begin;
+            }
+            dma_memory_read(&dma_context_memory, s->sdmasysad,
+                            &s->fifo_buffer[begin], s->data_count);
+            s->sdmasysad += s->data_count - begin;
+            if (s->data_count == block_size) {
+                for (n = 0; n < block_size; n++) {
+                    sd_write_data(s->card, s->fifo_buffer[n]);
+                }
+                s->data_count = 0;
+                if (s->trnmod & SDHC_TRNS_BLK_CNT_EN) {
+                    s->blkcnt--;
+                }
+            }
+            if (page_aligned && boundary_count == 0) {
+                break;
+            }
+        }
+    }
+
+    if (s->blkcnt == 0) {
+        SDHCI_GET_CLASS(s)->end_data_transfer(s);
+    } else {
+        if (s->norintstsen & SDHC_NISEN_DMA) {
+            s->norintsts |= SDHC_NIS_DMA;
+        }
+        sdhci_update_irq(s);
+    }
+}
+
+/* single block SDMA transfer */
+
+static void sdhci_sdma_transfer_single_block(SDHCIState *s)
+{
+    int n;
+    uint32_t datacnt = s->blksize & 0x0fff;
+
+    if (s->trnmod & SDHC_TRNS_READ) {
+        for (n = 0; n < datacnt; n++) {
+            s->fifo_buffer[n] = sd_read_data(s->card);
+        }
+        dma_memory_write(&dma_context_memory, s->sdmasysad, s->fifo_buffer,
+                         datacnt);
+    } else {
+        dma_memory_read(&dma_context_memory, s->sdmasysad, s->fifo_buffer,
+                        datacnt);
+        for (n = 0; n < datacnt; n++) {
+            sd_write_data(s->card, s->fifo_buffer[n]);
+        }
+    }
+
+    if (s->trnmod & SDHC_TRNS_BLK_CNT_EN) {
+        s->blkcnt--;
+    }
+
+    SDHCI_GET_CLASS(s)->end_data_transfer(s);
+}
+
+typedef struct ADMADescr {
+    hwaddr addr;
+    uint16_t length;
+    uint8_t attr;
+    uint8_t incr;
+} ADMADescr;
+
+static void get_adma_description(SDHCIState *s, ADMADescr *dscr)
+{
+    uint32_t adma1 = 0;
+    uint64_t adma2 = 0;
+    hwaddr entry_addr = (hwaddr)s->admasysaddr;
+    switch (SDHC_DMA_TYPE(s->hostctl)) {
+    case SDHC_CTRL_ADMA2_32:
+        dma_memory_read(&dma_context_memory, entry_addr, (uint8_t *)&adma2,
+                        sizeof(adma2));
+        adma2 = le64_to_cpu(adma2);
+        /* The spec does not specify endianness of descriptor table.
+         * We currently assume that it is LE.
+         */
+        dscr->addr = (hwaddr)extract64(adma2, 32, 32) & ~0x3ull;
+        dscr->length = (uint16_t)extract64(adma2, 16, 16);
+        dscr->attr = (uint8_t)extract64(adma2, 0, 7);
+        dscr->incr = 8;
+        break;
+    case SDHC_CTRL_ADMA1_32:
+        dma_memory_read(&dma_context_memory, entry_addr, (uint8_t *)&adma1,
+                        sizeof(adma1));
+        adma1 = le32_to_cpu(adma1);
+        dscr->addr = (hwaddr)(adma1 & 0xFFFFF000);
+        dscr->attr = (uint8_t)extract32(adma1, 0, 7);
+        dscr->incr = 4;
+        if ((dscr->attr & SDHC_ADMA_ATTR_ACT_MASK) == SDHC_ADMA_ATTR_SET_LEN) {
+            dscr->length = (uint16_t)extract32(adma1, 12, 16);
+        } else {
+            dscr->length = 4096;
+        }
+        break;
+    case SDHC_CTRL_ADMA2_64:
+        dma_memory_read(&dma_context_memory, entry_addr,
+                        (uint8_t *)(&dscr->attr), 1);
+        dma_memory_read(&dma_context_memory, entry_addr + 2,
+                        (uint8_t *)(&dscr->length), 2);
+        dscr->length = le16_to_cpu(dscr->length);
+        dma_memory_read(&dma_context_memory, entry_addr + 4,
+                        (uint8_t *)(&dscr->addr), 8);
+        dscr->attr = le64_to_cpu(dscr->attr);
+        dscr->attr &= 0xfffffff8;
+        dscr->incr = 12;
+        break;
+    }
+}
+
+/* Advanced DMA data transfer */
+
+static void sdhci_do_adma(SDHCIState *s)
+{
+    unsigned int n, begin, length;
+    const uint16_t block_size = s->blksize & 0x0fff;
+    ADMADescr dscr;
+
+    s->admaerr &= ~SDHC_ADMAERR_LENGTH_MISMATCH;
+
+    get_adma_description(s, &dscr);
+    DPRINT_L2("ADMA loop: addr=" TARGET_FMT_plx ", len=%d, attr=%x\n",
+            dscr.addr, dscr.length, dscr.attr);
+
+    if ((dscr.attr & SDHC_ADMA_ATTR_VALID) == 0) {
+        /* Indicate that error occurred in ST_FDS state */
+        s->admaerr &= ~SDHC_ADMAERR_STATE_MASK;
+        s->admaerr |= SDHC_ADMAERR_STATE_ST_FDS;
+
+        /* Generate ADMA error interrupt */
+        if (s->errintstsen & SDHC_EISEN_ADMAERR) {
+            s->errintsts |= SDHC_EIS_ADMAERR;
+            s->norintsts |= SDHC_NIS_ERR;
+        }
+
+        sdhci_update_irq(s);
+        return;
+    }
+
+    length = dscr.length ? dscr.length : 65536;
+
+    switch (dscr.attr & SDHC_ADMA_ATTR_ACT_MASK) {
+    case SDHC_ADMA_ATTR_ACT_TRAN:  /* data transfer */
+
+        if (s->trnmod & SDHC_TRNS_READ) {
+            while (length) {
+                if (s->data_count == 0) {
+                    for (n = 0; n < block_size; n++) {
+                        s->fifo_buffer[n] = sd_read_data(s->card);
+                    }
+                }
+                begin = s->data_count;
+                if ((length + begin) < block_size) {
+                    s->data_count = length + begin;
+                    length = 0;
+                 } else {
+                    s->data_count = block_size;
+                    length -= block_size - begin;
+                }
+                dma_memory_write(&dma_context_memory, dscr.addr,
+                                 &s->fifo_buffer[begin],
+                                 s->data_count - begin);
+                dscr.addr += s->data_count - begin;
+                if (s->data_count == block_size) {
+                    s->data_count = 0;
+                    if (s->trnmod & SDHC_TRNS_BLK_CNT_EN) {
+                        s->blkcnt--;
+                        if (s->blkcnt == 0) {
+                            break;
+                        }
+                    }
+                }
+            }
+        } else {
+            while (length) {
+                begin = s->data_count;
+                if ((length + begin) < block_size) {
+                    s->data_count = length + begin;
+                    length = 0;
+                 } else {
+                    s->data_count = block_size;
+                    length -= block_size - begin;
+                }
+                dma_memory_read(&dma_context_memory, dscr.addr,
+                                &s->fifo_buffer[begin], s->data_count);
+                dscr.addr += s->data_count - begin;
+                if (s->data_count == block_size) {
+                    for (n = 0; n < block_size; n++) {
+                        sd_write_data(s->card, s->fifo_buffer[n]);
+                    }
+                    s->data_count = 0;
+                    if (s->trnmod & SDHC_TRNS_BLK_CNT_EN) {
+                        s->blkcnt--;
+                        if (s->blkcnt == 0) {
+                            break;
+                        }
+                    }
+                }
+            }
+        }
+        s->admasysaddr += dscr.incr;
+        break;
+    case SDHC_ADMA_ATTR_ACT_LINK:   /* link to next descriptor table */
+        s->admasysaddr = dscr.addr;
+        DPRINT_L1("ADMA link: admasysaddr=0x%lx\n", s->admasysaddr);
+        break;
+    default:
+        s->admasysaddr += dscr.incr;
+        break;
+    }
+
+    /* ADMA transfer terminates if blkcnt == 0 or by END attribute */
+    if (((s->trnmod & SDHC_TRNS_BLK_CNT_EN) &&
+                (s->blkcnt == 0)) || (dscr.attr & SDHC_ADMA_ATTR_END)) {
+        DPRINT_L2("ADMA transfer completed\n");
+        if (length || ((dscr.attr & SDHC_ADMA_ATTR_END) &&
+            (s->trnmod & SDHC_TRNS_BLK_CNT_EN) &&
+            s->blkcnt != 0) || ((s->trnmod & SDHC_TRNS_BLK_CNT_EN) &&
+            s->blkcnt == 0 && (dscr.attr & SDHC_ADMA_ATTR_END) == 0)) {
+            ERRPRINT("SD/MMC host ADMA length mismatch\n");
+            s->admaerr |= SDHC_ADMAERR_LENGTH_MISMATCH |
+                    SDHC_ADMAERR_STATE_ST_TFR;
+            if (s->errintstsen & SDHC_EISEN_ADMAERR) {
+                ERRPRINT("Set ADMA error flag\n");
+                s->errintsts |= SDHC_EIS_ADMAERR;
+                s->norintsts |= SDHC_NIS_ERR;
+            }
+
+            sdhci_update_irq(s);
+        }
+        SDHCI_GET_CLASS(s)->end_data_transfer(s);
+        return;
+    }
+
+    if (dscr.attr & SDHC_ADMA_ATTR_INT) {
+        DPRINT_L1("ADMA interrupt: admasysaddr=0x%lx\n", s->admasysaddr);
+        if (s->norintstsen & SDHC_NISEN_DMA) {
+            s->norintsts |= SDHC_NIS_DMA;
+        }
+
+        sdhci_update_irq(s);
+        return;
+    }
+
+    /* we have unfinished bussiness - reschedule to continue ADMA */
+    qemu_mod_timer(s->transfer_timer,
+                   qemu_get_clock_ns(vm_clock) + SDHC_TRANSFER_DELAY);
+}
+
+/* Perform data transfer according to controller configuration */
+
+static void sdhci_data_transfer(SDHCIState *s)
+{
+    SDHCIClass *k = SDHCI_GET_CLASS(s);
+    s->data_count = 0;
+
+    if (s->trnmod & SDHC_TRNS_DMA) {
+        switch (SDHC_DMA_TYPE(s->hostctl)) {
+        case SDHC_CTRL_SDMA:
+            if ((s->trnmod & SDHC_TRNS_MULTI) &&
+                    (!(s->trnmod & SDHC_TRNS_BLK_CNT_EN) || s->blkcnt == 0)) {
+                break;
+            }
+
+            if ((s->blkcnt == 1) || !(s->trnmod & SDHC_TRNS_MULTI)) {
+                k->do_sdma_single(s);
+            } else {
+                k->do_sdma_multi(s);
+            }
+
+            break;
+        case SDHC_CTRL_ADMA1_32:
+            if (!(s->capareg & SDHC_CAN_DO_ADMA1)) {
+                ERRPRINT("ADMA1 not supported\n");
+                break;
+            }
+
+            k->do_adma(s);
+            break;
+        case SDHC_CTRL_ADMA2_32:
+            if (!(s->capareg & SDHC_CAN_DO_ADMA2)) {
+                ERRPRINT("ADMA2 not supported\n");
+                break;
+            }
+
+            k->do_adma(s);
+            break;
+        case SDHC_CTRL_ADMA2_64:
+            if (!(s->capareg & SDHC_CAN_DO_ADMA2) ||
+                    !(s->capareg & SDHC_64_BIT_BUS_SUPPORT)) {
+                ERRPRINT("64 bit ADMA not supported\n");
+                break;
+            }
+
+            k->do_adma(s);
+            break;
+        default:
+            ERRPRINT("Unsupported DMA type\n");
+            break;
+        }
+    } else {
+        if ((s->trnmod & SDHC_TRNS_READ) && sd_data_ready(s->card)) {
+            s->prnsts |= SDHC_DOING_READ | SDHC_DATA_INHIBIT |
+                    SDHC_DAT_LINE_ACTIVE;
+            SDHCI_GET_CLASS(s)->read_block_from_card(s);
+        } else {
+            s->prnsts |= SDHC_DOING_WRITE | SDHC_DAT_LINE_ACTIVE |
+                    SDHC_SPACE_AVAILABLE | SDHC_DATA_INHIBIT;
+            SDHCI_GET_CLASS(s)->write_block_to_card(s);
+        }
+    }
+}
+
+static bool sdhci_can_issue_command(SDHCIState *s)
+{
+    if (!SDHC_CLOCK_IS_ON(s->clkcon) || !(s->pwrcon & SDHC_POWER_ON) ||
+        (((s->prnsts & SDHC_DATA_INHIBIT) || s->stopped_state) &&
+        ((s->cmdreg & SDHC_CMD_DATA_PRESENT) ||
+        ((s->cmdreg & SDHC_CMD_RESPONSE) == SDHC_CMD_RSP_WITH_BUSY &&
+        !(SDHC_COMMAND_TYPE(s->cmdreg) == SDHC_CMD_ABORT))))) {
+        return false;
+    }
+
+    return true;
+}
+
+/* The Buffer Data Port register must be accessed in sequential and
+ * continuous manner */
+static inline bool
+sdhci_buff_access_is_sequential(SDHCIState *s, unsigned byte_num)
+{
+    if ((s->data_count & 0x3) != byte_num) {
+        ERRPRINT("Non-sequential access to Buffer Data Port register"
+                "is prohibited\n");
+        return false;
+    }
+    return true;
+}
+
+static uint32_t sdhci_read(SDHCIState *s, unsigned int offset, unsigned size)
+{
+    uint32_t ret = 0;
+
+    switch (offset & ~0x3) {
+    case SDHC_SYSAD:
+        ret = s->sdmasysad;
+        break;
+    case SDHC_BLKSIZE:
+        ret = s->blksize | (s->blkcnt << 16);
+        break;
+    case SDHC_ARGUMENT:
+        ret = s->argument;
+        break;
+    case SDHC_TRNMOD:
+        ret = s->trnmod | (s->cmdreg << 16);
+        break;
+    case SDHC_RSPREG0 ... SDHC_RSPREG3:
+        ret = s->rspreg[((offset & ~0x3) - SDHC_RSPREG0) >> 2];
+        break;
+    case  SDHC_BDATA:
+        if (sdhci_buff_access_is_sequential(s, offset - SDHC_BDATA)) {
+            ret = SDHCI_GET_CLASS(s)->bdata_read(s, size);
+            DPRINT_L2("read %ub: addr[0x%04x] -> %u\n", size, offset, ret);
+            return ret;
+        }
+        break;
+    case SDHC_PRNSTS:
+        ret = s->prnsts;
+        break;
+    case SDHC_HOSTCTL:
+        ret = s->hostctl | (s->pwrcon << 8) | (s->blkgap << 16) |
+              (s->wakcon << 24);
+        break;
+    case SDHC_CLKCON:
+        ret = s->clkcon | (s->timeoutcon << 16);
+        break;
+    case SDHC_NORINTSTS:
+        ret = s->norintsts | (s->errintsts << 16);
+        break;
+    case SDHC_NORINTSTSEN:
+        ret = s->norintstsen | (s->errintstsen << 16);
+        break;
+    case SDHC_NORINTSIGEN:
+        ret = s->norintsigen | (s->errintsigen << 16);
+        break;
+    case SDHC_ACMD12ERRSTS:
+        ret = s->acmd12errsts;
+        break;
+    case SDHC_CAPAREG:
+        ret = s->capareg;
+        break;
+    case SDHC_MAXCURR:
+        ret = s->maxcurr;
+        break;
+    case SDHC_ADMAERR:
+        ret =  s->admaerr;
+        break;
+    case SDHC_ADMASYSADDR:
+        ret = (uint32_t)s->admasysaddr;
+        break;
+    case SDHC_ADMASYSADDR + 4:
+        ret = (uint32_t)(s->admasysaddr >> 32);
+        break;
+    case SDHC_SLOT_INT_STATUS:
+        ret = (SD_HOST_SPECv2_VERS << 16) | sdhci_slotint(s);
+        break;
+    default:
+        ERRPRINT("bad %ub read: addr[0x%04x]\n", size, offset);
+        break;
+    }
+
+    ret >>= (offset & 0x3) * 8;
+    ret &= (1ULL << (size * 8)) - 1;
+    DPRINT_L2("read %ub: addr[0x%04x] -> %u(0x%x)\n", size, offset, ret, ret);
+    return ret;
+}
+
+static inline void sdhci_blkgap_write(SDHCIState *s, uint8_t value)
+{
+    if ((value & SDHC_STOP_AT_GAP_REQ) && (s->blkgap & SDHC_STOP_AT_GAP_REQ)) {
+        return;
+    }
+    s->blkgap = value & SDHC_STOP_AT_GAP_REQ;
+
+    if ((value & SDHC_CONTINUE_REQ) && s->stopped_state &&
+            (s->blkgap & SDHC_STOP_AT_GAP_REQ) == 0) {
+        if (s->stopped_state == sdhc_gap_read) {
+            s->prnsts |= SDHC_DAT_LINE_ACTIVE | SDHC_DOING_READ;
+            SDHCI_GET_CLASS(s)->read_block_from_card(s);
+        } else {
+            s->prnsts |= SDHC_DAT_LINE_ACTIVE | SDHC_DOING_WRITE;
+            SDHCI_GET_CLASS(s)->write_block_to_card(s);
+        }
+        s->stopped_state = sdhc_not_stopped;
+    } else if (!s->stopped_state && (value & SDHC_STOP_AT_GAP_REQ)) {
+        if (s->prnsts & SDHC_DOING_READ) {
+            s->stopped_state = sdhc_gap_read;
+        } else if (s->prnsts & SDHC_DOING_WRITE) {
+            s->stopped_state = sdhc_gap_write;
+        }
+    }
+}
+
+static inline void sdhci_reset_write(SDHCIState *s, uint8_t value)
+{
+    switch (value) {
+    case SDHC_RESET_ALL:
+        DEVICE_GET_CLASS(s)->reset(DEVICE(s));
+        break;
+    case SDHC_RESET_CMD:
+        s->prnsts &= ~SDHC_CMD_INHIBIT;
+        s->norintsts &= ~SDHC_NIS_CMDCMP;
+        break;
+    case SDHC_RESET_DATA:
+        s->data_count = 0;
+        s->prnsts &= ~(SDHC_SPACE_AVAILABLE | SDHC_DATA_AVAILABLE |
+                SDHC_DOING_READ | SDHC_DOING_WRITE |
+                SDHC_DATA_INHIBIT | SDHC_DAT_LINE_ACTIVE);
+        s->blkgap &= ~(SDHC_STOP_AT_GAP_REQ | SDHC_CONTINUE_REQ);
+        s->stopped_state = sdhc_not_stopped;
+        s->norintsts &= ~(SDHC_NIS_WBUFRDY | SDHC_NIS_RBUFRDY |
+                SDHC_NIS_DMA | SDHC_NIS_TRSCMP | SDHC_NIS_BLKGAP);
+        break;
+    }
+}
+
+static void
+sdhci_write(SDHCIState *s, unsigned int offset, uint32_t value, unsigned size)
+{
+    unsigned shift =  8 * (offset & 0x3);
+    uint32_t mask = ~(((1ULL << (size * 8)) - 1) << shift);
+    value <<= shift;
+
+    switch (offset & ~0x3) {
+    case SDHC_SYSAD:
+        s->sdmasysad = (s->sdmasysad & mask) | value;
+        MASKED_WRITE(s->sdmasysad, mask, value);
+        /* Writing to last byte of sdmasysad might trigger transfer */
+        if (!(mask & 0xFF000000) && TRANSFERRING_DATA(s->prnsts) && s->blkcnt &&
+                s->blksize && SDHC_DMA_TYPE(s->hostctl) == SDHC_CTRL_SDMA) {
+            SDHCI_GET_CLASS(s)->do_sdma_multi(s);
+        }
+        break;
+    case SDHC_BLKSIZE:
+        if (!TRANSFERRING_DATA(s->prnsts)) {
+            MASKED_WRITE(s->blksize, mask, value);
+            MASKED_WRITE(s->blkcnt, mask >> 16, value >> 16);
+        }
+        break;
+    case SDHC_ARGUMENT:
+        MASKED_WRITE(s->argument, mask, value);
+        break;
+    case SDHC_TRNMOD:
+        /* DMA can be enabled only if it is supported as indicated by
+         * capabilities register */
+        if (!(s->capareg & SDHC_CAN_DO_DMA)) {
+            value &= ~SDHC_TRNS_DMA;
+        }
+        MASKED_WRITE(s->trnmod, mask, value);
+        MASKED_WRITE(s->cmdreg, mask >> 16, value >> 16);
+
+        /* Writing to the upper byte of CMDREG triggers SD command generation */
+        if ((mask & 0xFF000000) || !SDHCI_GET_CLASS(s)->can_issue_command(s)) {
+            break;
+        }
+
+        SDHCI_GET_CLASS(s)->send_command(s);
+        break;
+    case  SDHC_BDATA:
+        if (sdhci_buff_access_is_sequential(s, offset - SDHC_BDATA)) {
+            SDHCI_GET_CLASS(s)->bdata_write(s, value >> shift, size);
+        }
+        break;
+    case SDHC_HOSTCTL:
+        if (!(mask & 0xFF0000)) {
+            sdhci_blkgap_write(s, value >> 16);
+        }
+        MASKED_WRITE(s->hostctl, mask, value);
+        MASKED_WRITE(s->pwrcon, mask >> 8, value >> 8);
+        MASKED_WRITE(s->wakcon, mask >> 24, value >> 24);
+        if (!(s->prnsts & SDHC_CARD_PRESENT) || ((s->pwrcon >> 1) & 0x7) < 5 ||
+                !(s->capareg & (1 << (31 - ((s->pwrcon >> 1) & 0x7))))) {
+            s->pwrcon &= ~SDHC_POWER_ON;
+        }
+        break;
+    case SDHC_CLKCON:
+        if (!(mask & 0xFF000000)) {
+            sdhci_reset_write(s, value >> 24);
+        }
+        MASKED_WRITE(s->clkcon, mask, value);
+        MASKED_WRITE(s->timeoutcon, mask >> 16, value >> 16);
+        if (s->clkcon & SDHC_CLOCK_INT_EN) {
+            s->clkcon |= SDHC_CLOCK_INT_STABLE;
+        } else {
+            s->clkcon &= ~SDHC_CLOCK_INT_STABLE;
+        }
+        break;
+    case SDHC_NORINTSTS:
+        if (s->norintstsen & SDHC_NISEN_CARDINT) {
+            value &= ~SDHC_NIS_CARDINT;
+        }
+        s->norintsts &= mask | ~value;
+        s->errintsts &= (mask >> 16) | ~(value >> 16);
+        if (s->errintsts) {
+            s->norintsts |= SDHC_NIS_ERR;
+        } else {
+            s->norintsts &= ~SDHC_NIS_ERR;
+        }
+        sdhci_update_irq(s);
+        break;
+    case SDHC_NORINTSTSEN:
+        MASKED_WRITE(s->norintstsen, mask, value);
+        MASKED_WRITE(s->errintstsen, mask >> 16, value >> 16);
+        s->norintsts &= s->norintstsen;
+        s->errintsts &= s->errintstsen;
+        if (s->errintsts) {
+            s->norintsts |= SDHC_NIS_ERR;
+        } else {
+            s->norintsts &= ~SDHC_NIS_ERR;
+        }
+        sdhci_update_irq(s);
+        break;
+    case SDHC_NORINTSIGEN:
+        MASKED_WRITE(s->norintsigen, mask, value);
+        MASKED_WRITE(s->errintsigen, mask >> 16, value >> 16);
+        sdhci_update_irq(s);
+        break;
+    case SDHC_ADMAERR:
+        MASKED_WRITE(s->admaerr, mask, value);
+        break;
+    case SDHC_ADMASYSADDR:
+        s->admasysaddr = (s->admasysaddr & (0xFFFFFFFF00000000ULL |
+                (uint64_t)mask)) | (uint64_t)value;
+        break;
+    case SDHC_ADMASYSADDR + 4:
+        s->admasysaddr = (s->admasysaddr & (0x00000000FFFFFFFFULL |
+                ((uint64_t)mask << 32))) | ((uint64_t)value << 32);
+        break;
+    case SDHC_FEAER:
+        s->acmd12errsts |= value;
+        s->errintsts |= (value >> 16) & s->errintstsen;
+        if (s->acmd12errsts) {
+            s->errintsts |= SDHC_EIS_CMD12ERR;
+        }
+        if (s->errintsts) {
+            s->norintsts |= SDHC_NIS_ERR;
+        }
+        sdhci_update_irq(s);
+        break;
+    default:
+        ERRPRINT("bad %ub write offset: addr[0x%04x] <- %u(0x%x)\n",
+                size, offset, value >> shift, value >> shift);
+        break;
+    }
+    DPRINT_L2("write %ub: addr[0x%04x] <- %u(0x%x)\n",
+            size, offset, value >> shift, value >> shift);
+}
+
+static uint64_t
+sdhci_readfn(void *opaque, hwaddr offset, unsigned size)
+{
+    SDHCIState *s = (SDHCIState *)opaque;
+
+    return SDHCI_GET_CLASS(s)->mem_read(s, offset, size);
+}
+
+static void
+sdhci_writefn(void *opaque, hwaddr off, uint64_t val, unsigned sz)
+{
+    SDHCIState *s = (SDHCIState *)opaque;
+
+    SDHCI_GET_CLASS(s)->mem_write(s, off, val, sz);
+}
+
+static const MemoryRegionOps sdhci_mmio_ops = {
+    .read = sdhci_readfn,
+    .write = sdhci_writefn,
+    .valid = {
+        .min_access_size = 1,
+        .max_access_size = 4,
+        .unaligned = false
+    },
+    .endianness = DEVICE_LITTLE_ENDIAN,
+};
+
+static inline unsigned int sdhci_get_fifolen(SDHCIState *s)
+{
+    switch (SDHC_CAPAB_BLOCKSIZE(s->capareg)) {
+    case 0:
+        return 512;
+    case 1:
+        return 1024;
+    case 2:
+        return 2048;
+    default:
+        hw_error("SDHC: unsupported value for maximum block size\n");
+        return 0;
+    }
+}
+
+static void sdhci_initfn(Object *obj)
+{
+    SDHCIState *s = SDHCI(obj);
+    DriveInfo *di;
+
+    di = drive_get_next(IF_SD);
+    s->card = sd_init(di ? di->bdrv : NULL, 0);
+    s->eject_cb = qemu_allocate_irqs(sdhci_insert_eject_cb, s, 1)[0];
+    s->ro_cb = qemu_allocate_irqs(sdhci_card_readonly_cb, s, 1)[0];
+    sd_set_cb(s->card, s->ro_cb, s->eject_cb);
+
+    s->insert_timer = qemu_new_timer_ns(vm_clock, sdhci_raise_insertion_irq, s);
+    s->transfer_timer = qemu_new_timer_ns(vm_clock, sdhci_do_data_transfer, s);
+}
+
+static void sdhci_uninitfn(Object *obj)
+{
+    SDHCIState *s = SDHCI(obj);
+
+    qemu_del_timer(s->insert_timer);
+    qemu_free_timer(s->insert_timer);
+    qemu_del_timer(s->transfer_timer);
+    qemu_free_timer(s->transfer_timer);
+    qemu_free_irqs(&s->eject_cb);
+    qemu_free_irqs(&s->ro_cb);
+
+    if (s->fifo_buffer) {
+        g_free(s->fifo_buffer);
+        s->fifo_buffer = NULL;
+    }
+}
+
+const VMStateDescription sdhci_vmstate = {
+    .name = "sdhci",
+    .version_id = 1,
+    .minimum_version_id = 1,
+    .fields      = (VMStateField[]) {
+        VMSTATE_UINT32(sdmasysad, SDHCIState),
+        VMSTATE_UINT16(blksize, SDHCIState),
+        VMSTATE_UINT16(blkcnt, SDHCIState),
+        VMSTATE_UINT32(argument, SDHCIState),
+        VMSTATE_UINT16(trnmod, SDHCIState),
+        VMSTATE_UINT16(cmdreg, SDHCIState),
+        VMSTATE_UINT32_ARRAY(rspreg, SDHCIState, 4),
+        VMSTATE_UINT32(prnsts, SDHCIState),
+        VMSTATE_UINT8(hostctl, SDHCIState),
+        VMSTATE_UINT8(pwrcon, SDHCIState),
+        VMSTATE_UINT8(blkgap, SDHCIState),
+        VMSTATE_UINT8(wakcon, SDHCIState),
+        VMSTATE_UINT16(clkcon, SDHCIState),
+        VMSTATE_UINT8(timeoutcon, SDHCIState),
+        VMSTATE_UINT8(admaerr, SDHCIState),
+        VMSTATE_UINT16(norintsts, SDHCIState),
+        VMSTATE_UINT16(errintsts, SDHCIState),
+        VMSTATE_UINT16(norintstsen, SDHCIState),
+        VMSTATE_UINT16(errintstsen, SDHCIState),
+        VMSTATE_UINT16(norintsigen, SDHCIState),
+        VMSTATE_UINT16(errintsigen, SDHCIState),
+        VMSTATE_UINT16(acmd12errsts, SDHCIState),
+        VMSTATE_UINT16(data_count, SDHCIState),
+        VMSTATE_UINT64(admasysaddr, SDHCIState),
+        VMSTATE_UINT8(stopped_state, SDHCIState),
+        VMSTATE_VBUFFER_UINT32(fifo_buffer, SDHCIState, 1, NULL, 0, buf_maxsz),
+        VMSTATE_TIMER(insert_timer, SDHCIState),
+        VMSTATE_TIMER(transfer_timer, SDHCIState),
+        VMSTATE_END_OF_LIST()
+    }
+};
+
+/* Capabilities registers provide information on supported features of this
+ * specific host controller implementation */
+static Property sdhci_properties[] = {
+    DEFINE_PROP_HEX32("capareg", SDHCIState, capareg,
+            SDHC_CAPAB_REG_DEFAULT),
+    DEFINE_PROP_HEX32("maxcurr", SDHCIState, maxcurr, 0),
+    DEFINE_PROP_END_OF_LIST(),
+};
+
+static int sdhci_realize(SysBusDevice *busdev)
+{
+    SDHCIState *s = SDHCI(busdev);
+
+    s->buf_maxsz = sdhci_get_fifolen(s);
+    s->fifo_buffer = g_malloc0(s->buf_maxsz);
+    sysbus_init_irq(busdev, &s->irq);
+    memory_region_init_io(&s->iomem, &sdhci_mmio_ops, s, "sdhci",
+            SDHC_REGISTERS_MAP_SIZE);
+    sysbus_init_mmio(busdev, &s->iomem);
+    return 0;
+}
+
+static void sdhci_generic_reset(DeviceState *ds)
+{
+    SDHCIState *s = SDHCI(ds);
+    SDHCI_GET_CLASS(s)->reset(s);
+}
+
+static void sdhci_class_init(ObjectClass *klass, void *data)
+{
+    DeviceClass *dc = DEVICE_CLASS(klass);
+    SysBusDeviceClass *sbdc = SYS_BUS_DEVICE_CLASS(klass);
+    SDHCIClass *k = SDHCI_CLASS(klass);
+
+    dc->vmsd = &sdhci_vmstate;
+    dc->props = sdhci_properties;
+    dc->reset = sdhci_generic_reset;
+    sbdc->init = sdhci_realize;
+
+    k->reset = sdhci_reset;
+    k->mem_read = sdhci_read;
+    k->mem_write = sdhci_write;
+    k->send_command = sdhci_send_command;
+    k->can_issue_command = sdhci_can_issue_command;
+    k->data_transfer = sdhci_data_transfer;
+    k->end_data_transfer = sdhci_end_transfer;
+    k->do_sdma_single = sdhci_sdma_transfer_single_block;
+    k->do_sdma_multi = sdhci_sdma_transfer_multi_blocks;
+    k->do_adma = sdhci_do_adma;
+    k->read_block_from_card = sdhci_read_block_from_card;
+    k->write_block_to_card = sdhci_write_block_to_card;
+    k->bdata_read = sdhci_read_dataport;
+    k->bdata_write = sdhci_write_dataport;
+}
+
+static const TypeInfo sdhci_type_info = {
+    .name = TYPE_SDHCI,
+    .parent = TYPE_SYS_BUS_DEVICE,
+    .instance_size = sizeof(SDHCIState),
+    .instance_init = sdhci_initfn,
+    .instance_finalize = sdhci_uninitfn,
+    .class_init = sdhci_class_init,
+    .class_size = sizeof(SDHCIClass)
+};
+
+static void sdhci_register_types(void)
+{
+    type_register_static(&sdhci_type_info);
+}
+
+type_init(sdhci_register_types)
diff --git a/hw/sdhci.h b/hw/sdhci.h
new file mode 100644
index 0000000..6b67873
--- /dev/null
+++ b/hw/sdhci.h
@@ -0,0 +1,311 @@ 
+/*
+ * SD Association Host Standard Specification v2.0 controller emulation
+ *
+ * Copyright (c) 2011 Samsung Electronics Co., Ltd.
+ * Mitsyanko Igor <i.mitsyanko@samsung.com>
+ * Peter A.G. Crosthwaite <peter.crosthwaite@petalogix.com>
+ *
+ * Based on MMC controller for Samsung S5PC1xx-based board emulation
+ * by Alexey Merkulov and Vladimir Monakhov.
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ * See the GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef SDHCI_H
+#define SDHCI_H
+
+#include "qemu-common.h"
+#include "sysbus.h"
+#include "sd.h"
+
+/* R/W SDMA System Address register 0x0 */
+#define SDHC_SYSAD                     0x00
+
+/* R/W Host DMA Buffer Boundary and Transfer Block Size Register 0x0 */
+#define SDHC_BLKSIZE                   0x04
+
+/* R/W Blocks count for current transfer 0x0 */
+#define SDHC_BLKCNT                    0x06
+
+/* R/W Command Argument Register 0x0 */
+#define SDHC_ARGUMENT                  0x08
+
+/* R/W Transfer Mode Setting Register 0x0 */
+#define SDHC_TRNMOD                    0x0C
+#define SDHC_TRNS_DMA                  0x0001
+#define SDHC_TRNS_BLK_CNT_EN           0x0002
+#define SDHC_TRNS_ACMD12               0x0004
+#define SDHC_TRNS_READ                 0x0010
+#define SDHC_TRNS_MULTI                0x0020
+
+/* R/W Command Register 0x0 */
+#define SDHC_CMDREG                    0x0E
+#define SDHC_CMD_RSP_WITH_BUSY         (3 << 0)
+#define SDHC_CMD_DATA_PRESENT          (1 << 5)
+#define SDHC_CMD_SUSPEND               (1 << 6)
+#define SDHC_CMD_RESUME                (1 << 7)
+#define SDHC_CMD_ABORT                 ((1 << 6)|(1 << 7))
+#define SDHC_CMD_TYPE_MASK             ((1 << 6)|(1 << 7))
+#define SDHC_COMMAND_TYPE(x)           ((x) & SDHC_CMD_TYPE_MASK)
+
+/* ROC Response Register 0 0x0 */
+#define SDHC_RSPREG0                   0x10
+/* ROC Response Register 1 0x0 */
+#define SDHC_RSPREG1                   0x14
+/* ROC Response Register 2 0x0 */
+#define SDHC_RSPREG2                   0x18
+/* ROC Response Register 3 0x0 */
+#define SDHC_RSPREG3                   0x1C
+
+/* R/W Buffer Data Register 0x0 */
+#define SDHC_BDATA                     0x20
+
+/* R/ROC Present State Register 0x000A0000 */
+#define SDHC_PRNSTS                    0x24
+#define SDHC_CMD_INHIBIT               0x00000001
+#define SDHC_DATA_INHIBIT              0x00000002
+#define SDHC_DAT_LINE_ACTIVE           0x00000004
+#define SDHC_DOING_WRITE               0x00000100
+#define SDHC_DOING_READ                0x00000200
+#define SDHC_SPACE_AVAILABLE           0x00000400
+#define SDHC_DATA_AVAILABLE            0x00000800
+#define SDHC_CARD_PRESENT              0x00010000
+#define SDHC_CARD_DETECT               0x00040000
+#define SDHC_WRITE_PROTECT             0x00080000
+#define TRANSFERRING_DATA(x)           \
+    ((x) & (SDHC_DOING_READ | SDHC_DOING_WRITE))
+
+/* R/W Host control Register 0x0 */
+#define SDHC_HOSTCTL                   0x28
+#define SDHC_CTRL_DMA_CHECK_MASK       0x18
+#define SDHC_CTRL_SDMA                 0x00
+#define SDHC_CTRL_ADMA1_32             0x08
+#define SDHC_CTRL_ADMA2_32             0x10
+#define SDHC_CTRL_ADMA2_64             0x18
+#define SDHC_DMA_TYPE(x)               ((x) & SDHC_CTRL_DMA_CHECK_MASK)
+
+/* R/W Power Control Register 0x0 */
+#define SDHC_PWRCON                    0x29
+#define SDHC_POWER_ON                  (1 << 0)
+
+/* R/W Block Gap Control Register 0x0 */
+#define SDHC_BLKGAP                    0x2A
+#define SDHC_STOP_AT_GAP_REQ           0x01
+#define SDHC_CONTINUE_REQ              0x02
+
+/* R/W WakeUp Control Register 0x0 */
+#define SDHC_WAKCON                    0x2B
+#define SDHC_WKUP_ON_INS               (1 << 1)
+#define SDHC_WKUP_ON_RMV               (1 << 2)
+
+/* CLKCON */
+#define SDHC_CLKCON                    0x2C
+#define SDHC_CLOCK_INT_STABLE          0x0002
+#define SDHC_CLOCK_INT_EN              0x0001
+#define SDHC_CLOCK_SDCLK_EN            (1 << 2)
+#define SDHC_CLOCK_CHK_MASK            0x0007
+#define SDHC_CLOCK_IS_ON(x)            \
+    (((x) & SDHC_CLOCK_CHK_MASK) == SDHC_CLOCK_CHK_MASK)
+
+/* R/W Timeout Control Register 0x0 */
+#define SDHC_TIMEOUTCON                0x2E
+
+/* R/W Software Reset Register 0x0 */
+#define SDHC_SWRST                     0x2F
+#define SDHC_RESET_ALL                 0x01
+#define SDHC_RESET_CMD                 0x02
+#define SDHC_RESET_DATA                0x04
+
+/* ROC/RW1C Normal Interrupt Status Register 0x0 */
+#define SDHC_NORINTSTS                 0x30
+#define SDHC_NIS_ERR                   0x8000
+#define SDHC_NIS_CMDCMP                0x0001
+#define SDHC_NIS_TRSCMP                0x0002
+#define SDHC_NIS_BLKGAP                0x0004
+#define SDHC_NIS_DMA                   0x0008
+#define SDHC_NIS_WBUFRDY               0x0010
+#define SDHC_NIS_RBUFRDY               0x0020
+#define SDHC_NIS_INSERT                0x0040
+#define SDHC_NIS_REMOVE                0x0080
+#define SDHC_NIS_CARDINT               0x0100
+
+/* ROC/RW1C Error Interrupt Status Register 0x0 */
+#define SDHC_ERRINTSTS                 0x32
+#define SDHC_EIS_CMDTIMEOUT            0x0001
+#define SDHC_EIS_BLKGAP                0x0004
+#define SDHC_EIS_CMDIDX                0x0008
+#define SDHC_EIS_CMD12ERR              0x0100
+#define SDHC_EIS_ADMAERR               0x0200
+
+/* R/W Normal Interrupt Status Enable Register 0x0 */
+#define SDHC_NORINTSTSEN               0x34
+#define SDHC_NISEN_CMDCMP              0x0001
+#define SDHC_NISEN_TRSCMP              0x0002
+#define SDHC_NISEN_DMA                 0x0008
+#define SDHC_NISEN_WBUFRDY             0x0010
+#define SDHC_NISEN_RBUFRDY             0x0020
+#define SDHC_NISEN_INSERT              0x0040
+#define SDHC_NISEN_REMOVE              0x0080
+#define SDHC_NISEN_CARDINT             0x0100
+
+/* R/W Error Interrupt Status Enable Register 0x0 */
+#define SDHC_ERRINTSTSEN               0x36
+#define SDHC_EISEN_CMDTIMEOUT          0x0001
+#define SDHC_EISEN_BLKGAP              0x0004
+#define SDHC_EISEN_CMDIDX              0x0008
+#define SDHC_EISEN_ADMAERR             0x0200
+
+/* R/W Normal Interrupt Signal Enable Register 0x0 */
+#define SDHC_NORINTSIGEN               0x38
+#define SDHC_NORINTSIG_INSERT          (1 << 6)
+#define SDHC_NORINTSIG_REMOVE          (1 << 7)
+
+/* R/W Error Interrupt Signal Enable Register 0x0 */
+#define SDHC_ERRINTSIGEN               0x3A
+
+/* ROC Auto CMD12 error status register 0x0 */
+#define SDHC_ACMD12ERRSTS              0x3C
+
+/* HWInit Capabilities Register 0x05E80080 */
+#define SDHC_CAPAREG                   0x40
+#define SDHC_CAN_DO_DMA                0x00400000
+#define SDHC_CAN_DO_ADMA2              0x00080000
+#define SDHC_CAN_DO_ADMA1              0x00100000
+#define SDHC_64_BIT_BUS_SUPPORT        (1 << 28)
+#define SDHC_CAPAB_BLOCKSIZE(x)        (((x) >> 16) & 0x3)
+
+/* HWInit Maximum Current Capabilities Register 0x0 */
+#define SDHC_MAXCURR                   0x48
+
+/* W Force Event Auto CMD12 Error Interrupt Register 0x0000 */
+#define SDHC_FEAER                     0x50
+/* W Force Event Error Interrupt Register Error Interrupt 0x0000 */
+#define SDHC_FEERR                     0x52
+
+/* R/W ADMA Error Status Register 0x00 */
+#define SDHC_ADMAERR                   0x54
+#define SDHC_ADMAERR_LENGTH_MISMATCH   (1 << 2)
+#define SDHC_ADMAERR_STATE_ST_STOP     (0 << 0)
+#define SDHC_ADMAERR_STATE_ST_FDS      (1 << 0)
+#define SDHC_ADMAERR_STATE_ST_TFR      (3 << 0)
+#define SDHC_ADMAERR_STATE_MASK        (3 << 0)
+
+/* R/W ADMA System Address Register 0x00 */
+#define SDHC_ADMASYSADDR               0x58
+#define SDHC_ADMA_ATTR_SET_LEN         (1 << 4)
+#define SDHC_ADMA_ATTR_ACT_TRAN        (1 << 5)
+#define SDHC_ADMA_ATTR_ACT_LINK        (3 << 4)
+#define SDHC_ADMA_ATTR_INT             (1 << 2)
+#define SDHC_ADMA_ATTR_END             (1 << 1)
+#define SDHC_ADMA_ATTR_VALID           (1 << 0)
+#define SDHC_ADMA_ATTR_ACT_MASK        ((1 << 4)|(1 << 5))
+
+/* Slot interrupt status */
+#define SDHC_SLOT_INT_STATUS            0xFC
+
+/* HWInit Host Controller Version Register 0x0401 */
+#define SDHC_HCVER                      0xFE
+#define SD_HOST_SPECv2_VERS             0x2401
+
+#define SDHC_REGISTERS_MAP_SIZE         0x100
+#define SDHC_INSERTION_DELAY            (get_ticks_per_sec())
+#define SDHC_TRANSFER_DELAY             100
+#define SDHC_CMD_RESPONSE               (3 << 0)
+
+enum {
+    sdhc_not_stopped = 0, /* normal SDHC state */
+    sdhc_gap_read   = 1,  /* SDHC stopped at block gap during read operation */
+    sdhc_gap_write  = 2   /* SDHC stopped at block gap during write operation */
+};
+
+/* SD/MMC host controller state */
+typedef struct SDHCIState {
+    SysBusDevice busdev;
+    SDState *card;
+    MemoryRegion iomem;
+
+    QEMUTimer *insert_timer;       /* timer for 'changing' sd card. */
+    QEMUTimer *transfer_timer;
+    qemu_irq eject_cb;
+    qemu_irq ro_cb;
+    qemu_irq irq;
+
+    uint32_t sdmasysad;    /* SDMA System Address register */
+    uint16_t blksize;      /* Host DMA Buff Boundary and Transfer BlkSize Reg */
+    uint16_t blkcnt;       /* Blocks count for current transfer */
+    uint32_t argument;     /* Command Argument Register */
+    uint16_t trnmod;       /* Transfer Mode Setting Register */
+    uint16_t cmdreg;       /* Command Register */
+    uint32_t rspreg[4];    /* Response Registers 0-3 */
+    uint32_t prnsts;       /* Present State Register */
+    uint8_t  hostctl;      /* Host Control Register */
+    uint8_t  pwrcon;       /* Power control Register */
+    uint8_t  blkgap;       /* Block Gap Control Register */
+    uint8_t  wakcon;       /* WakeUp Control Register */
+    uint16_t clkcon;       /* Clock control Register */
+    uint8_t  timeoutcon;   /* Timeout Control Register */
+    uint8_t  admaerr;      /* ADMA Error Status Register */
+    uint16_t norintsts;    /* Normal Interrupt Status Register */
+    uint16_t errintsts;    /* Error Interrupt Status Register */
+    uint16_t norintstsen;  /* Normal Interrupt Status Enable Register */
+    uint16_t errintstsen;  /* Error Interrupt Status Enable Register */
+    uint16_t norintsigen;  /* Normal Interrupt Signal Enable Register */
+    uint16_t errintsigen;  /* Error Interrupt Signal Enable Register */
+    uint16_t acmd12errsts; /* Auto CMD12 error status register */
+    uint64_t admasysaddr;  /* ADMA System Address Register */
+
+    uint32_t capareg;      /* Capabilities Register */
+    uint32_t maxcurr;      /* Maximum Current Capabilities Register */
+    uint8_t  *fifo_buffer; /* SD host i/o FIFO buffer */
+    uint32_t buf_maxsz;
+    uint16_t data_count;   /* current element in FIFO buffer */
+    uint8_t  stopped_state;/* Current SDHC state */
+    /* Buffer Data Port Register - virtual access point to R and W buffers */
+    /* Software Reset Register - always reads as 0 */
+    /* Force Event Auto CMD12 Error Interrupt Reg - write only */
+    /* Force Event Error Interrupt Register- write only */
+    /* RO Host Controller Version Register always reads as 0x2401 */
+} SDHCIState;
+
+typedef struct SDHCIClass {
+    SysBusDeviceClass busdev_class;
+
+    void (*reset)(SDHCIState *s);
+    uint32_t (*mem_read)(SDHCIState *s, unsigned int offset, unsigned size);
+    void (*mem_write)(SDHCIState *s, unsigned int offset, uint32_t value,
+            unsigned size);
+    void (*send_command)(SDHCIState *s);
+    bool (*can_issue_command)(SDHCIState *s);
+    void (*data_transfer)(SDHCIState *s);
+    void (*end_data_transfer)(SDHCIState *s);
+    void (*do_sdma_single)(SDHCIState *s);
+    void (*do_sdma_multi)(SDHCIState *s);
+    void (*do_adma)(SDHCIState *s);
+    void (*read_block_from_card)(SDHCIState *s);
+    void (*write_block_to_card)(SDHCIState *s);
+    uint32_t (*bdata_read)(SDHCIState *s, unsigned size);
+    void (*bdata_write)(SDHCIState *s, uint32_t value, unsigned size);
+} SDHCIClass;
+
+extern const VMStateDescription sdhci_vmstate;
+
+#define TYPE_SDHCI            "sdhci"
+#define SDHCI(obj)            \
+     OBJECT_CHECK(SDHCIState, (obj), TYPE_SDHCI)
+#define SDHCI_CLASS(klass)    \
+     OBJECT_CLASS_CHECK(SDHCIClass, (klass), TYPE_SDHCI)
+#define SDHCI_GET_CLASS(obj)  \
+     OBJECT_GET_CLASS(SDHCIClass, (obj), TYPE_SDHCI)
+
+#endif /* SDHCI_H */