xref: /openbmc/linux/drivers/nfc/pn544/pn544.c (revision 861e10be) 
1 /*
2  * HCI based Driver for NXP PN544 NFC Chip
3  *
4  * Copyright (C) 2012  Intel Corporation. All rights reserved.
5  *
6  * This program is free software; you can redistribute it and/or modify it
7  * under the terms and conditions of the GNU General Public License,
8  * version 2, as published by the Free Software Foundation.
9  *
10  * This program is distributed in the hope that it will be useful,
11  * but WITHOUT ANY WARRANTY; without even the implied warranty of
12  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13  * GNU General Public License for more details.
14  *
15  * You should have received a copy of the GNU General Public License
16  * along with this program; if not, write to the
17  * Free Software Foundation, Inc.,
18  * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
19  */
20 
21 #include <linux/delay.h>
22 #include <linux/slab.h>
23 
24 #include <linux/nfc.h>
25 #include <net/nfc/hci.h>
26 #include <net/nfc/llc.h>
27 
28 #include "pn544.h"
29 
30 /* Timing restrictions (ms) */
31 #define PN544_HCI_RESETVEN_TIME		30
32 
33 #define HCI_MODE 0
34 #define FW_MODE 1
35 
36 enum pn544_state {
37 	PN544_ST_COLD,
38 	PN544_ST_FW_READY,
39 	PN544_ST_READY,
40 };
41 
42 #define FULL_VERSION_LEN 11
43 
44 /* Proprietary commands */
45 #define PN544_WRITE		0x3f
46 
47 /* Proprietary gates, events, commands and registers */
48 
49 /* NFC_HCI_RF_READER_A_GATE additional registers and commands */
50 #define PN544_RF_READER_A_AUTO_ACTIVATION			0x10
51 #define PN544_RF_READER_A_CMD_CONTINUE_ACTIVATION		0x12
52 #define PN544_MIFARE_CMD					0x21
53 
54 /* Commands that apply to all RF readers */
55 #define PN544_RF_READER_CMD_PRESENCE_CHECK	0x30
56 #define PN544_RF_READER_CMD_ACTIVATE_NEXT	0x32
57 
58 /* NFC_HCI_ID_MGMT_GATE additional registers */
59 #define PN544_ID_MGMT_FULL_VERSION_SW		0x10
60 
61 #define PN544_RF_READER_ISO15693_GATE		0x12
62 
63 #define PN544_RF_READER_F_GATE			0x14
64 #define PN544_FELICA_ID				0x04
65 #define PN544_FELICA_RAW			0x20
66 
67 #define PN544_RF_READER_JEWEL_GATE		0x15
68 #define PN544_JEWEL_RAW_CMD			0x23
69 
70 #define PN544_RF_READER_NFCIP1_INITIATOR_GATE	0x30
71 #define PN544_RF_READER_NFCIP1_TARGET_GATE	0x31
72 
73 #define PN544_SYS_MGMT_GATE			0x90
74 #define PN544_SYS_MGMT_INFO_NOTIFICATION	0x02
75 
76 #define PN544_POLLING_LOOP_MGMT_GATE		0x94
77 #define PN544_DEP_MODE				0x01
78 #define PN544_DEP_ATR_REQ			0x02
79 #define PN544_DEP_ATR_RES			0x03
80 #define PN544_DEP_MERGE				0x0D
81 #define PN544_PL_RDPHASES			0x06
82 #define PN544_PL_EMULATION			0x07
83 #define PN544_PL_NFCT_DEACTIVATED		0x09
84 
85 #define PN544_SWP_MGMT_GATE			0xA0
86 
87 #define PN544_NFC_WI_MGMT_GATE			0xA1
88 
89 #define PN544_HCI_EVT_SND_DATA			0x01
90 #define PN544_HCI_EVT_ACTIVATED			0x02
91 #define PN544_HCI_EVT_DEACTIVATED		0x03
92 #define PN544_HCI_EVT_RCV_DATA			0x04
93 #define PN544_HCI_EVT_CONTINUE_MI		0x05
94 
95 #define PN544_HCI_CMD_ATTREQUEST		0x12
96 #define PN544_HCI_CMD_CONTINUE_ACTIVATION	0x13
97 
98 static struct nfc_hci_gate pn544_gates[] = {
99 	{NFC_HCI_ADMIN_GATE, NFC_HCI_INVALID_PIPE},
100 	{NFC_HCI_LOOPBACK_GATE, NFC_HCI_INVALID_PIPE},
101 	{NFC_HCI_ID_MGMT_GATE, NFC_HCI_INVALID_PIPE},
102 	{NFC_HCI_LINK_MGMT_GATE, NFC_HCI_INVALID_PIPE},
103 	{NFC_HCI_RF_READER_B_GATE, NFC_HCI_INVALID_PIPE},
104 	{NFC_HCI_RF_READER_A_GATE, NFC_HCI_INVALID_PIPE},
105 	{PN544_SYS_MGMT_GATE, NFC_HCI_INVALID_PIPE},
106 	{PN544_SWP_MGMT_GATE, NFC_HCI_INVALID_PIPE},
107 	{PN544_POLLING_LOOP_MGMT_GATE, NFC_HCI_INVALID_PIPE},
108 	{PN544_NFC_WI_MGMT_GATE, NFC_HCI_INVALID_PIPE},
109 	{PN544_RF_READER_F_GATE, NFC_HCI_INVALID_PIPE},
110 	{PN544_RF_READER_JEWEL_GATE, NFC_HCI_INVALID_PIPE},
111 	{PN544_RF_READER_ISO15693_GATE, NFC_HCI_INVALID_PIPE},
112 	{PN544_RF_READER_NFCIP1_INITIATOR_GATE, NFC_HCI_INVALID_PIPE},
113 	{PN544_RF_READER_NFCIP1_TARGET_GATE, NFC_HCI_INVALID_PIPE}
114 };
115 
116 /* Largest headroom needed for outgoing custom commands */
117 #define PN544_CMDS_HEADROOM	2
118 
119 struct pn544_hci_info {
120 	struct nfc_phy_ops *phy_ops;
121 	void *phy_id;
122 
123 	struct nfc_hci_dev *hdev;
124 
125 	enum pn544_state state;
126 
127 	struct mutex info_lock;
128 
129 	int async_cb_type;
130 	data_exchange_cb_t async_cb;
131 	void *async_cb_context;
132 };
133 
134 static int pn544_hci_open(struct nfc_hci_dev *hdev)
135 {
136 	struct pn544_hci_info *info = nfc_hci_get_clientdata(hdev);
137 	int r = 0;
138 
139 	mutex_lock(&info->info_lock);
140 
141 	if (info->state != PN544_ST_COLD) {
142 		r = -EBUSY;
143 		goto out;
144 	}
145 
146 	r = info->phy_ops->enable(info->phy_id);
147 
148 	if (r == 0)
149 		info->state = PN544_ST_READY;
150 
151 out:
152 	mutex_unlock(&info->info_lock);
153 	return r;
154 }
155 
156 static void pn544_hci_close(struct nfc_hci_dev *hdev)
157 {
158 	struct pn544_hci_info *info = nfc_hci_get_clientdata(hdev);
159 
160 	mutex_lock(&info->info_lock);
161 
162 	if (info->state == PN544_ST_COLD)
163 		goto out;
164 
165 	info->phy_ops->disable(info->phy_id);
166 
167 	info->state = PN544_ST_COLD;
168 
169 out:
170 	mutex_unlock(&info->info_lock);
171 }
172 
173 static int pn544_hci_ready(struct nfc_hci_dev *hdev)
174 {
175 	struct sk_buff *skb;
176 	static struct hw_config {
177 		u8 adr[2];
178 		u8 value;
179 	} hw_config[] = {
180 		{{0x9f, 0x9a}, 0x00},
181 
182 		{{0x98, 0x10}, 0xbc},
183 
184 		{{0x9e, 0x71}, 0x00},
185 
186 		{{0x98, 0x09}, 0x00},
187 
188 		{{0x9e, 0xb4}, 0x00},
189 
190 		{{0x9e, 0xd9}, 0xff},
191 		{{0x9e, 0xda}, 0xff},
192 		{{0x9e, 0xdb}, 0x23},
193 		{{0x9e, 0xdc}, 0x21},
194 		{{0x9e, 0xdd}, 0x22},
195 		{{0x9e, 0xde}, 0x24},
196 
197 		{{0x9c, 0x01}, 0x08},
198 
199 		{{0x9e, 0xaa}, 0x01},
200 
201 		{{0x9b, 0xd1}, 0x0d},
202 		{{0x9b, 0xd2}, 0x24},
203 		{{0x9b, 0xd3}, 0x0a},
204 		{{0x9b, 0xd4}, 0x22},
205 		{{0x9b, 0xd5}, 0x08},
206 		{{0x9b, 0xd6}, 0x1e},
207 		{{0x9b, 0xdd}, 0x1c},
208 
209 		{{0x9b, 0x84}, 0x13},
210 		{{0x99, 0x81}, 0x7f},
211 		{{0x99, 0x31}, 0x70},
212 
213 		{{0x98, 0x00}, 0x3f},
214 
215 		{{0x9f, 0x09}, 0x00},
216 
217 		{{0x9f, 0x0a}, 0x05},
218 
219 		{{0x9e, 0xd1}, 0xa1},
220 		{{0x99, 0x23}, 0x00},
221 
222 		{{0x9e, 0x74}, 0x80},
223 
224 		{{0x9f, 0x28}, 0x10},
225 
226 		{{0x9f, 0x35}, 0x14},
227 
228 		{{0x9f, 0x36}, 0x60},
229 
230 		{{0x9c, 0x31}, 0x00},
231 
232 		{{0x9c, 0x32}, 0xc8},
233 
234 		{{0x9c, 0x19}, 0x40},
235 
236 		{{0x9c, 0x1a}, 0x40},
237 
238 		{{0x9c, 0x0c}, 0x00},
239 
240 		{{0x9c, 0x0d}, 0x00},
241 
242 		{{0x9c, 0x12}, 0x00},
243 
244 		{{0x9c, 0x13}, 0x00},
245 
246 		{{0x98, 0xa2}, 0x0e},
247 
248 		{{0x98, 0x93}, 0x40},
249 
250 		{{0x98, 0x7d}, 0x02},
251 		{{0x98, 0x7e}, 0x00},
252 		{{0x9f, 0xc8}, 0x01},
253 	};
254 	struct hw_config *p = hw_config;
255 	int count = ARRAY_SIZE(hw_config);
256 	struct sk_buff *res_skb;
257 	u8 param[4];
258 	int r;
259 
260 	param[0] = 0;
261 	while (count--) {
262 		param[1] = p->adr[0];
263 		param[2] = p->adr[1];
264 		param[3] = p->value;
265 
266 		r = nfc_hci_send_cmd(hdev, PN544_SYS_MGMT_GATE, PN544_WRITE,
267 				     param, 4, &res_skb);
268 		if (r < 0)
269 			return r;
270 
271 		if (res_skb->len != 1) {
272 			kfree_skb(res_skb);
273 			return -EPROTO;
274 		}
275 
276 		if (res_skb->data[0] != p->value) {
277 			kfree_skb(res_skb);
278 			return -EIO;
279 		}
280 
281 		kfree_skb(res_skb);
282 
283 		p++;
284 	}
285 
286 	param[0] = NFC_HCI_UICC_HOST_ID;
287 	r = nfc_hci_set_param(hdev, NFC_HCI_ADMIN_GATE,
288 			      NFC_HCI_ADMIN_WHITELIST, param, 1);
289 	if (r < 0)
290 		return r;
291 
292 	param[0] = 0x3d;
293 	r = nfc_hci_set_param(hdev, PN544_SYS_MGMT_GATE,
294 			      PN544_SYS_MGMT_INFO_NOTIFICATION, param, 1);
295 	if (r < 0)
296 		return r;
297 
298 	param[0] = 0x0;
299 	r = nfc_hci_set_param(hdev, NFC_HCI_RF_READER_A_GATE,
300 			      PN544_RF_READER_A_AUTO_ACTIVATION, param, 1);
301 	if (r < 0)
302 		return r;
303 
304 	r = nfc_hci_send_event(hdev, NFC_HCI_RF_READER_A_GATE,
305 			       NFC_HCI_EVT_END_OPERATION, NULL, 0);
306 	if (r < 0)
307 		return r;
308 
309 	param[0] = 0x1;
310 	r = nfc_hci_set_param(hdev, PN544_POLLING_LOOP_MGMT_GATE,
311 			      PN544_PL_NFCT_DEACTIVATED, param, 1);
312 	if (r < 0)
313 		return r;
314 
315 	param[0] = 0x0;
316 	r = nfc_hci_set_param(hdev, PN544_POLLING_LOOP_MGMT_GATE,
317 			      PN544_PL_RDPHASES, param, 1);
318 	if (r < 0)
319 		return r;
320 
321 	r = nfc_hci_get_param(hdev, NFC_HCI_ID_MGMT_GATE,
322 			      PN544_ID_MGMT_FULL_VERSION_SW, &skb);
323 	if (r < 0)
324 		return r;
325 
326 	if (skb->len != FULL_VERSION_LEN) {
327 		kfree_skb(skb);
328 		return -EINVAL;
329 	}
330 
331 	print_hex_dump(KERN_DEBUG, "FULL VERSION SOFTWARE INFO: ",
332 		       DUMP_PREFIX_NONE, 16, 1,
333 		       skb->data, FULL_VERSION_LEN, false);
334 
335 	kfree_skb(skb);
336 
337 	return 0;
338 }
339 
340 static int pn544_hci_xmit(struct nfc_hci_dev *hdev, struct sk_buff *skb)
341 {
342 	struct pn544_hci_info *info = nfc_hci_get_clientdata(hdev);
343 
344 	return info->phy_ops->write(info->phy_id, skb);
345 }
346 
347 static int pn544_hci_start_poll(struct nfc_hci_dev *hdev,
348 				u32 im_protocols, u32 tm_protocols)
349 {
350 	u8 phases = 0;
351 	int r;
352 	u8 duration[2];
353 	u8 activated;
354 	u8 i_mode = 0x3f; /* Enable all supported modes */
355 	u8 t_mode = 0x0f;
356 	u8 t_merge = 0x01; /* Enable merge by default */
357 
358 	pr_info(DRIVER_DESC ": %s protocols 0x%x 0x%x\n",
359 		__func__, im_protocols, tm_protocols);
360 
361 	r = nfc_hci_send_event(hdev, NFC_HCI_RF_READER_A_GATE,
362 			       NFC_HCI_EVT_END_OPERATION, NULL, 0);
363 	if (r < 0)
364 		return r;
365 
366 	duration[0] = 0x18;
367 	duration[1] = 0x6a;
368 	r = nfc_hci_set_param(hdev, PN544_POLLING_LOOP_MGMT_GATE,
369 			      PN544_PL_EMULATION, duration, 2);
370 	if (r < 0)
371 		return r;
372 
373 	activated = 0;
374 	r = nfc_hci_set_param(hdev, PN544_POLLING_LOOP_MGMT_GATE,
375 			      PN544_PL_NFCT_DEACTIVATED, &activated, 1);
376 	if (r < 0)
377 		return r;
378 
379 	if (im_protocols & (NFC_PROTO_ISO14443_MASK | NFC_PROTO_MIFARE_MASK |
380 			 NFC_PROTO_JEWEL_MASK))
381 		phases |= 1;		/* Type A */
382 	if (im_protocols & NFC_PROTO_FELICA_MASK) {
383 		phases |= (1 << 2);	/* Type F 212 */
384 		phases |= (1 << 3);	/* Type F 424 */
385 	}
386 
387 	phases |= (1 << 5);		/* NFC active */
388 
389 	r = nfc_hci_set_param(hdev, PN544_POLLING_LOOP_MGMT_GATE,
390 			      PN544_PL_RDPHASES, &phases, 1);
391 	if (r < 0)
392 		return r;
393 
394 	if ((im_protocols | tm_protocols) & NFC_PROTO_NFC_DEP_MASK) {
395 		hdev->gb = nfc_get_local_general_bytes(hdev->ndev,
396 							&hdev->gb_len);
397 		pr_debug("generate local bytes %p", hdev->gb);
398 		if (hdev->gb == NULL || hdev->gb_len == 0) {
399 			im_protocols &= ~NFC_PROTO_NFC_DEP_MASK;
400 			tm_protocols &= ~NFC_PROTO_NFC_DEP_MASK;
401 		}
402 	}
403 
404 	if (im_protocols & NFC_PROTO_NFC_DEP_MASK) {
405 		r = nfc_hci_send_event(hdev,
406 				PN544_RF_READER_NFCIP1_INITIATOR_GATE,
407 				NFC_HCI_EVT_END_OPERATION, NULL, 0);
408 		if (r < 0)
409 			return r;
410 
411 		r = nfc_hci_set_param(hdev,
412 				PN544_RF_READER_NFCIP1_INITIATOR_GATE,
413 				PN544_DEP_MODE, &i_mode, 1);
414 		if (r < 0)
415 			return r;
416 
417 		r = nfc_hci_set_param(hdev,
418 				PN544_RF_READER_NFCIP1_INITIATOR_GATE,
419 				PN544_DEP_ATR_REQ, hdev->gb, hdev->gb_len);
420 		if (r < 0)
421 			return r;
422 
423 		r = nfc_hci_send_event(hdev,
424 				PN544_RF_READER_NFCIP1_INITIATOR_GATE,
425 				NFC_HCI_EVT_READER_REQUESTED, NULL, 0);
426 		if (r < 0)
427 			nfc_hci_send_event(hdev,
428 					PN544_RF_READER_NFCIP1_INITIATOR_GATE,
429 					NFC_HCI_EVT_END_OPERATION, NULL, 0);
430 	}
431 
432 	if (tm_protocols & NFC_PROTO_NFC_DEP_MASK) {
433 		r = nfc_hci_set_param(hdev, PN544_RF_READER_NFCIP1_TARGET_GATE,
434 				PN544_DEP_MODE, &t_mode, 1);
435 		if (r < 0)
436 			return r;
437 
438 		r = nfc_hci_set_param(hdev, PN544_RF_READER_NFCIP1_TARGET_GATE,
439 				PN544_DEP_ATR_RES, hdev->gb, hdev->gb_len);
440 		if (r < 0)
441 			return r;
442 
443 		r = nfc_hci_set_param(hdev, PN544_RF_READER_NFCIP1_TARGET_GATE,
444 				PN544_DEP_MERGE, &t_merge, 1);
445 		if (r < 0)
446 			return r;
447 	}
448 
449 	r = nfc_hci_send_event(hdev, NFC_HCI_RF_READER_A_GATE,
450 			       NFC_HCI_EVT_READER_REQUESTED, NULL, 0);
451 	if (r < 0)
452 		nfc_hci_send_event(hdev, NFC_HCI_RF_READER_A_GATE,
453 				   NFC_HCI_EVT_END_OPERATION, NULL, 0);
454 
455 	return r;
456 }
457 
458 static int pn544_hci_dep_link_up(struct nfc_hci_dev *hdev,
459 				struct nfc_target *target, u8 comm_mode,
460 				u8 *gb, size_t gb_len)
461 {
462 	struct sk_buff *rgb_skb = NULL;
463 	int r;
464 
465 	r = nfc_hci_get_param(hdev, target->hci_reader_gate,
466 				PN544_DEP_ATR_RES, &rgb_skb);
467 	if (r < 0)
468 		return r;
469 
470 	if (rgb_skb->len == 0 || rgb_skb->len > NFC_GB_MAXSIZE) {
471 		r = -EPROTO;
472 		goto exit;
473 	}
474 	print_hex_dump(KERN_DEBUG, "remote gb: ", DUMP_PREFIX_OFFSET,
475 			16, 1, rgb_skb->data, rgb_skb->len, true);
476 
477 	r = nfc_set_remote_general_bytes(hdev->ndev, rgb_skb->data,
478 						rgb_skb->len);
479 
480 	if (r == 0)
481 		r = nfc_dep_link_is_up(hdev->ndev, target->idx, comm_mode,
482 					NFC_RF_INITIATOR);
483 exit:
484 	kfree_skb(rgb_skb);
485 	return r;
486 }
487 
488 static int pn544_hci_dep_link_down(struct nfc_hci_dev *hdev)
489 {
490 
491 	return nfc_hci_send_event(hdev, PN544_RF_READER_NFCIP1_INITIATOR_GATE,
492 					NFC_HCI_EVT_END_OPERATION, NULL, 0);
493 }
494 
495 static int pn544_hci_target_from_gate(struct nfc_hci_dev *hdev, u8 gate,
496 				      struct nfc_target *target)
497 {
498 	switch (gate) {
499 	case PN544_RF_READER_F_GATE:
500 		target->supported_protocols = NFC_PROTO_FELICA_MASK;
501 		break;
502 	case PN544_RF_READER_JEWEL_GATE:
503 		target->supported_protocols = NFC_PROTO_JEWEL_MASK;
504 		target->sens_res = 0x0c00;
505 		break;
506 	case PN544_RF_READER_NFCIP1_INITIATOR_GATE:
507 		target->supported_protocols = NFC_PROTO_NFC_DEP_MASK;
508 		break;
509 	default:
510 		return -EPROTO;
511 	}
512 
513 	return 0;
514 }
515 
516 static int pn544_hci_complete_target_discovered(struct nfc_hci_dev *hdev,
517 						u8 gate,
518 						struct nfc_target *target)
519 {
520 	struct sk_buff *uid_skb;
521 	int r = 0;
522 
523 	if (gate == PN544_RF_READER_NFCIP1_INITIATOR_GATE)
524 		return r;
525 
526 	if (target->supported_protocols & NFC_PROTO_NFC_DEP_MASK) {
527 		r = nfc_hci_send_cmd(hdev,
528 			PN544_RF_READER_NFCIP1_INITIATOR_GATE,
529 			PN544_HCI_CMD_CONTINUE_ACTIVATION, NULL, 0, NULL);
530 		if (r < 0)
531 			return r;
532 
533 		target->hci_reader_gate = PN544_RF_READER_NFCIP1_INITIATOR_GATE;
534 	} else if (target->supported_protocols & NFC_PROTO_MIFARE_MASK) {
535 		if (target->nfcid1_len != 4 && target->nfcid1_len != 7 &&
536 		    target->nfcid1_len != 10)
537 			return -EPROTO;
538 
539 		r = nfc_hci_send_cmd(hdev, NFC_HCI_RF_READER_A_GATE,
540 				     PN544_RF_READER_CMD_ACTIVATE_NEXT,
541 				     target->nfcid1, target->nfcid1_len, NULL);
542 	} else if (target->supported_protocols & NFC_PROTO_FELICA_MASK) {
543 		r = nfc_hci_get_param(hdev, PN544_RF_READER_F_GATE,
544 				      PN544_FELICA_ID, &uid_skb);
545 		if (r < 0)
546 			return r;
547 
548 		if (uid_skb->len != 8) {
549 			kfree_skb(uid_skb);
550 			return -EPROTO;
551 		}
552 
553 		r = nfc_hci_send_cmd(hdev, PN544_RF_READER_F_GATE,
554 				     PN544_RF_READER_CMD_ACTIVATE_NEXT,
555 				     uid_skb->data, uid_skb->len, NULL);
556 		kfree_skb(uid_skb);
557 
558 		r = nfc_hci_send_cmd(hdev,
559 					PN544_RF_READER_NFCIP1_INITIATOR_GATE,
560 					PN544_HCI_CMD_CONTINUE_ACTIVATION,
561 					NULL, 0, NULL);
562 		if (r < 0)
563 			return r;
564 
565 		target->hci_reader_gate = PN544_RF_READER_NFCIP1_INITIATOR_GATE;
566 		target->supported_protocols = NFC_PROTO_NFC_DEP_MASK;
567 	} else if (target->supported_protocols & NFC_PROTO_ISO14443_MASK) {
568 		/*
569 		 * TODO: maybe other ISO 14443 require some kind of continue
570 		 * activation, but for now we've seen only this one below.
571 		 */
572 		if (target->sens_res == 0x4403)	/* Type 4 Mifare DESFire */
573 			r = nfc_hci_send_cmd(hdev, NFC_HCI_RF_READER_A_GATE,
574 			      PN544_RF_READER_A_CMD_CONTINUE_ACTIVATION,
575 			      NULL, 0, NULL);
576 	}
577 
578 	return r;
579 }
580 
581 #define PN544_CB_TYPE_READER_F 1
582 
583 static void pn544_hci_data_exchange_cb(void *context, struct sk_buff *skb,
584 				       int err)
585 {
586 	struct pn544_hci_info *info = context;
587 
588 	switch (info->async_cb_type) {
589 	case PN544_CB_TYPE_READER_F:
590 		if (err == 0)
591 			skb_pull(skb, 1);
592 		info->async_cb(info->async_cb_context, skb, err);
593 		break;
594 	default:
595 		if (err == 0)
596 			kfree_skb(skb);
597 		break;
598 	}
599 }
600 
601 #define MIFARE_CMD_AUTH_KEY_A	0x60
602 #define MIFARE_CMD_AUTH_KEY_B	0x61
603 #define MIFARE_CMD_HEADER	2
604 #define MIFARE_UID_LEN		4
605 #define MIFARE_KEY_LEN		6
606 #define MIFARE_CMD_LEN		12
607 /*
608  * Returns:
609  * <= 0: driver handled the data exchange
610  *    1: driver doesn't especially handle, please do standard processing
611  */
612 static int pn544_hci_im_transceive(struct nfc_hci_dev *hdev,
613 				   struct nfc_target *target,
614 				   struct sk_buff *skb, data_exchange_cb_t cb,
615 				   void *cb_context)
616 {
617 	struct pn544_hci_info *info = nfc_hci_get_clientdata(hdev);
618 
619 	pr_info(DRIVER_DESC ": %s for gate=%d\n", __func__,
620 		target->hci_reader_gate);
621 
622 	switch (target->hci_reader_gate) {
623 	case NFC_HCI_RF_READER_A_GATE:
624 		if (target->supported_protocols & NFC_PROTO_MIFARE_MASK) {
625 			/*
626 			 * It seems that pn544 is inverting key and UID for
627 			 * MIFARE authentication commands.
628 			 */
629 			if (skb->len == MIFARE_CMD_LEN &&
630 			    (skb->data[0] == MIFARE_CMD_AUTH_KEY_A ||
631 			     skb->data[0] == MIFARE_CMD_AUTH_KEY_B)) {
632 				u8 uid[MIFARE_UID_LEN];
633 				u8 *data = skb->data + MIFARE_CMD_HEADER;
634 
635 				memcpy(uid, data + MIFARE_KEY_LEN,
636 				       MIFARE_UID_LEN);
637 				memmove(data + MIFARE_UID_LEN, data,
638 					MIFARE_KEY_LEN);
639 				memcpy(data, uid, MIFARE_UID_LEN);
640 			}
641 
642 			return nfc_hci_send_cmd_async(hdev,
643 						      target->hci_reader_gate,
644 						      PN544_MIFARE_CMD,
645 						      skb->data, skb->len,
646 						      cb, cb_context);
647 		} else
648 			return 1;
649 	case PN544_RF_READER_F_GATE:
650 		*skb_push(skb, 1) = 0;
651 		*skb_push(skb, 1) = 0;
652 
653 		info->async_cb_type = PN544_CB_TYPE_READER_F;
654 		info->async_cb = cb;
655 		info->async_cb_context = cb_context;
656 
657 		return nfc_hci_send_cmd_async(hdev, target->hci_reader_gate,
658 					      PN544_FELICA_RAW, skb->data,
659 					      skb->len,
660 					      pn544_hci_data_exchange_cb, info);
661 	case PN544_RF_READER_JEWEL_GATE:
662 		return nfc_hci_send_cmd_async(hdev, target->hci_reader_gate,
663 					      PN544_JEWEL_RAW_CMD, skb->data,
664 					      skb->len, cb, cb_context);
665 	case PN544_RF_READER_NFCIP1_INITIATOR_GATE:
666 		*skb_push(skb, 1) = 0;
667 
668 		return nfc_hci_send_event(hdev, target->hci_reader_gate,
669 					PN544_HCI_EVT_SND_DATA, skb->data,
670 					skb->len);
671 	default:
672 		return 1;
673 	}
674 }
675 
676 static int pn544_hci_tm_send(struct nfc_hci_dev *hdev, struct sk_buff *skb)
677 {
678 	/* Set default false for multiple information chaining */
679 	*skb_push(skb, 1) = 0;
680 
681 	return nfc_hci_send_event(hdev, PN544_RF_READER_NFCIP1_TARGET_GATE,
682 				PN544_HCI_EVT_SND_DATA, skb->data, skb->len);
683 }
684 
685 static int pn544_hci_check_presence(struct nfc_hci_dev *hdev,
686 				   struct nfc_target *target)
687 {
688 	pr_debug("supported protocol %d", target->supported_protocols);
689 	if (target->supported_protocols & (NFC_PROTO_ISO14443_MASK |
690 					NFC_PROTO_ISO14443_B_MASK)) {
691 		return nfc_hci_send_cmd(hdev, target->hci_reader_gate,
692 					PN544_RF_READER_CMD_PRESENCE_CHECK,
693 					NULL, 0, NULL);
694 	} else if (target->supported_protocols & NFC_PROTO_MIFARE_MASK) {
695 		if (target->nfcid1_len != 4 && target->nfcid1_len != 7 &&
696 		    target->nfcid1_len != 10)
697 			return -EOPNOTSUPP;
698 
699 		 return nfc_hci_send_cmd(hdev, NFC_HCI_RF_READER_A_GATE,
700 				     PN544_RF_READER_CMD_ACTIVATE_NEXT,
701 				     target->nfcid1, target->nfcid1_len, NULL);
702 	} else if (target->supported_protocols & NFC_PROTO_JEWEL_MASK) {
703 		return nfc_hci_send_cmd(hdev, target->hci_reader_gate,
704 					PN544_JEWEL_RAW_CMD, NULL, 0, NULL);
705 	} else if (target->supported_protocols & NFC_PROTO_FELICA_MASK) {
706 		return nfc_hci_send_cmd(hdev, PN544_RF_READER_F_GATE,
707 					PN544_FELICA_RAW, NULL, 0, NULL);
708 	} else if (target->supported_protocols & NFC_PROTO_NFC_DEP_MASK) {
709 		return nfc_hci_send_cmd(hdev, target->hci_reader_gate,
710 					PN544_HCI_CMD_ATTREQUEST,
711 					NULL, 0, NULL);
712 	}
713 
714 	return 0;
715 }
716 
717 static void pn544_hci_event_received(struct nfc_hci_dev *hdev, u8 gate,
718 					u8 event, struct sk_buff *skb)
719 {
720 	struct sk_buff *rgb_skb = NULL;
721 	int r = 0;
722 
723 	pr_debug("hci event %d", event);
724 	switch (event) {
725 	case PN544_HCI_EVT_ACTIVATED:
726 		if (gate == PN544_RF_READER_NFCIP1_INITIATOR_GATE)
727 			nfc_hci_target_discovered(hdev, gate);
728 		else if (gate == PN544_RF_READER_NFCIP1_TARGET_GATE) {
729 			r = nfc_hci_get_param(hdev, gate, PN544_DEP_ATR_REQ,
730 						&rgb_skb);
731 
732 			if (r < 0)
733 				goto exit;
734 
735 			nfc_tm_activated(hdev->ndev, NFC_PROTO_NFC_DEP_MASK,
736 					NFC_COMM_PASSIVE, rgb_skb->data,
737 					rgb_skb->len);
738 
739 			kfree_skb(rgb_skb);
740 		}
741 
742 		break;
743 	case PN544_HCI_EVT_DEACTIVATED:
744 		nfc_hci_send_event(hdev, gate,
745 			NFC_HCI_EVT_END_OPERATION, NULL, 0);
746 		break;
747 	case PN544_HCI_EVT_RCV_DATA:
748 		if (skb->len < 2) {
749 			r = -EPROTO;
750 			goto exit;
751 		}
752 
753 		if (skb->data[0] != 0) {
754 			pr_debug("data0 %d", skb->data[0]);
755 			r = -EPROTO;
756 			goto exit;
757 		}
758 
759 		skb_pull(skb, 2);
760 		nfc_tm_data_received(hdev->ndev, skb);
761 
762 		return;
763 	default:
764 		break;
765 	}
766 
767 exit:
768 	kfree_skb(skb);
769 }
770 
771 static struct nfc_hci_ops pn544_hci_ops = {
772 	.open = pn544_hci_open,
773 	.close = pn544_hci_close,
774 	.hci_ready = pn544_hci_ready,
775 	.xmit = pn544_hci_xmit,
776 	.start_poll = pn544_hci_start_poll,
777 	.dep_link_up = pn544_hci_dep_link_up,
778 	.dep_link_down = pn544_hci_dep_link_down,
779 	.target_from_gate = pn544_hci_target_from_gate,
780 	.complete_target_discovered = pn544_hci_complete_target_discovered,
781 	.im_transceive = pn544_hci_im_transceive,
782 	.tm_send = pn544_hci_tm_send,
783 	.check_presence = pn544_hci_check_presence,
784 	.event_received = pn544_hci_event_received,
785 };
786 
787 int pn544_hci_probe(void *phy_id, struct nfc_phy_ops *phy_ops, char *llc_name,
788 		    int phy_headroom, int phy_tailroom, int phy_payload,
789 		    struct nfc_hci_dev **hdev)
790 {
791 	struct pn544_hci_info *info;
792 	u32 protocols;
793 	struct nfc_hci_init_data init_data;
794 	int r;
795 
796 	info = kzalloc(sizeof(struct pn544_hci_info), GFP_KERNEL);
797 	if (!info) {
798 		pr_err("Cannot allocate memory for pn544_hci_info.\n");
799 		r = -ENOMEM;
800 		goto err_info_alloc;
801 	}
802 
803 	info->phy_ops = phy_ops;
804 	info->phy_id = phy_id;
805 	info->state = PN544_ST_COLD;
806 	mutex_init(&info->info_lock);
807 
808 	init_data.gate_count = ARRAY_SIZE(pn544_gates);
809 
810 	memcpy(init_data.gates, pn544_gates, sizeof(pn544_gates));
811 
812 	/*
813 	 * TODO: Session id must include the driver name + some bus addr
814 	 * persistent info to discriminate 2 identical chips
815 	 */
816 	strcpy(init_data.session_id, "ID544HCI");
817 
818 	protocols = NFC_PROTO_JEWEL_MASK |
819 		    NFC_PROTO_MIFARE_MASK |
820 		    NFC_PROTO_FELICA_MASK |
821 		    NFC_PROTO_ISO14443_MASK |
822 		    NFC_PROTO_ISO14443_B_MASK |
823 		    NFC_PROTO_NFC_DEP_MASK;
824 
825 	info->hdev = nfc_hci_allocate_device(&pn544_hci_ops, &init_data,
826 					     protocols, llc_name,
827 					     phy_headroom + PN544_CMDS_HEADROOM,
828 					     phy_tailroom, phy_payload);
829 	if (!info->hdev) {
830 		pr_err("Cannot allocate nfc hdev.\n");
831 		r = -ENOMEM;
832 		goto err_alloc_hdev;
833 	}
834 
835 	nfc_hci_set_clientdata(info->hdev, info);
836 
837 	r = nfc_hci_register_device(info->hdev);
838 	if (r)
839 		goto err_regdev;
840 
841 	*hdev = info->hdev;
842 
843 	return 0;
844 
845 err_regdev:
846 	nfc_hci_free_device(info->hdev);
847 
848 err_alloc_hdev:
849 	kfree(info);
850 
851 err_info_alloc:
852 	return r;
853 }
854 
855 void pn544_hci_remove(struct nfc_hci_dev *hdev)
856 {
857 	struct pn544_hci_info *info = nfc_hci_get_clientdata(hdev);
858 
859 	nfc_hci_unregister_device(hdev);
860 	nfc_hci_free_device(hdev);
861 	kfree(info);
862 }
863