On Wed, Jan 3, 2018 at 1:24 PM, Philippe Mathieu-Daudé <f4...@amsat.org> wrote: > Signed-off-by: Philippe Mathieu-Daudé <f4...@amsat.org>
Reviewed-by: Alistair Francis <alistair.fran...@xilinx.com> Alistair > --- > hw/sd/sd.c | 23 +++++++++++++++++------ > 1 file changed, 17 insertions(+), 6 deletions(-) > > diff --git a/hw/sd/sd.c b/hw/sd/sd.c > index f0eaac4d42..489d13681d 100644 > --- a/hw/sd/sd.c > +++ b/hw/sd/sd.c > @@ -56,6 +56,8 @@ do { fprintf(stderr, "SD: " fmt , ## __VA_ARGS__); } while > (0) > #define OCR_POWER_UP 0x80000000 > #define OCR_POWER_DELAY_NS 500000 /* 0.5ms */ > > +#define SDCARD_CMD_MAX 64 > + > typedef enum { > sd_r0 = 0, /* no response */ > sd_r1, /* normal response command */ > @@ -176,18 +178,21 @@ static void sd_set_mode(SDState *sd) > } > } > > -static const sd_cmd_type_t sd_cmd_type[64] = { > +static const sd_cmd_type_t sd_cmd_type[SDCARD_CMD_MAX] = { > sd_bc, sd_none, sd_bcr, sd_bcr, sd_none, sd_none, sd_none, sd_ac, > sd_bcr, sd_ac, sd_ac, sd_adtc, sd_ac, sd_ac, sd_none, sd_ac, > + /* 16 */ > sd_ac, sd_adtc, sd_adtc, sd_none, sd_none, sd_none, sd_none, sd_none, > sd_adtc, sd_adtc, sd_adtc, sd_adtc, sd_ac, sd_ac, sd_adtc, sd_none, > + /* 32 */ > sd_ac, sd_ac, sd_none, sd_none, sd_none, sd_none, sd_ac, sd_none, > sd_none, sd_none, sd_bc, sd_none, sd_none, sd_none, sd_none, sd_none, > + /* 48 */ > sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_ac, > sd_adtc, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, sd_none, > }; > > -static const int sd_cmd_class[64] = { > +static const int sd_cmd_class[SDCARD_CMD_MAX] = { > 0, 0, 0, 0, 0, 9, 10, 0, 0, 0, 0, 1, 0, 0, 0, 0, > 2, 2, 2, 2, 3, 3, 3, 3, 4, 4, 4, 4, 6, 6, 6, 6, > 5, 5, 10, 10, 10, 10, 5, 9, 9, 9, 7, 7, 7, 7, 7, 7, > @@ -787,8 +792,8 @@ static sd_rsp_type_t sd_normal_command(SDState *sd, > /* Not interpreting this as an app command */ > sd->card_status &= ~APP_CMD; > > - if (sd_cmd_type[req.cmd & 0x3F] == sd_ac > - || sd_cmd_type[req.cmd & 0x3F] == sd_adtc) { > + if (sd_cmd_type[req.cmd] == sd_ac > + || sd_cmd_type[req.cmd] == sd_adtc) { > rca = req.arg >> 16; > } > > @@ -1495,8 +1500,8 @@ static int cmd_valid_while_locked(SDState *sd, > SDRequest *req) > if (req->cmd == 16 || req->cmd == 55) { > return 1; > } > - return sd_cmd_class[req->cmd & 0x3F] == 0 > - || sd_cmd_class[req->cmd & 0x3F] == 7; > + return sd_cmd_class[req->cmd] == 0 > + || sd_cmd_class[req->cmd] == 7; > } > > int sd_do_command(SDState *sd, SDRequest *req, > @@ -1515,6 +1520,12 @@ int sd_do_command(SDState *sd, SDRequest *req, > goto send_response; > } > > + if (req->cmd >= SDCARD_CMD_MAX) { > + qemu_log_mask(LOG_GUEST_ERROR, "SD: incorrect command 0x%02x\n", > + req->cmd); > + req->cmd &= 0x3f; > + } > + > if (sd->card_status & CARD_IS_LOCKED) { > if (!cmd_valid_while_locked(sd, req)) { > sd->card_status |= ILLEGAL_COMMAND; > -- > 2.15.1 > >