search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
mic: vop: Fix use-after-free on remove
[linux/fpc-iii.git] / drivers / nfc / pn544 / i2c.c
blobd0207f8e68b7c8760d3f93c8d54a5295ae65f432
1 /*
2 * I2C Link Layer for PN544 HCI based Driver
3 *
4 * Copyright (C) 2012 Intel Corporation. All rights reserved.
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms and conditions of the GNU General Public License,
8 * version 2, as published by the Free Software Foundation.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License
16 * along with this program; if not, see <http://www.gnu.org/licenses/>.
17 */
18
19 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
20
21 #include <linux/crc-ccitt.h>
22 #include <linux/module.h>
23 #include <linux/i2c.h>
24 #include <linux/acpi.h>
25 #include <linux/interrupt.h>
26 #include <linux/delay.h>
27 #include <linux/nfc.h>
28 #include <linux/firmware.h>
29 #include <linux/gpio/consumer.h>
30
31 #include <asm/unaligned.h>
32
33 #include <net/nfc/hci.h>
34 #include <net/nfc/llc.h>
35 #include <net/nfc/nfc.h>
36
37 #include "pn544.h"
38
39 #define PN544_I2C_FRAME_HEADROOM 1
40 #define PN544_I2C_FRAME_TAILROOM 2
41
42 /* GPIO names */
43 #define PN544_GPIO_NAME_IRQ "pn544_irq"
44 #define PN544_GPIO_NAME_FW "pn544_fw"
45 #define PN544_GPIO_NAME_EN "pn544_en"
46
47 /* framing in HCI mode */
48 #define PN544_HCI_I2C_LLC_LEN 1
49 #define PN544_HCI_I2C_LLC_CRC 2
50 #define PN544_HCI_I2C_LLC_LEN_CRC (PN544_HCI_I2C_LLC_LEN + \
51 PN544_HCI_I2C_LLC_CRC)
52 #define PN544_HCI_I2C_LLC_MIN_SIZE (1 + PN544_HCI_I2C_LLC_LEN_CRC)
53 #define PN544_HCI_I2C_LLC_MAX_PAYLOAD 29
54 #define PN544_HCI_I2C_LLC_MAX_SIZE (PN544_HCI_I2C_LLC_LEN_CRC + 1 + \
55 PN544_HCI_I2C_LLC_MAX_PAYLOAD)
56
57 static const struct i2c_device_id pn544_hci_i2c_id_table[] = {
58 {"pn544", 0},
59 {}
60 };
61
62 MODULE_DEVICE_TABLE(i2c, pn544_hci_i2c_id_table);
63
64 static const struct acpi_device_id pn544_hci_i2c_acpi_match[] = {
65 {"NXP5440", 0},
66 {}
67 };
68
69 MODULE_DEVICE_TABLE(acpi, pn544_hci_i2c_acpi_match);
70
71 #define PN544_HCI_I2C_DRIVER_NAME "pn544_hci_i2c"
72
73 /*
74 * Exposed through the 4 most significant bytes
75 * from the HCI SW_VERSION first byte, a.k.a.
76 * SW RomLib.
77 */
78 #define PN544_HW_VARIANT_C2 0xa
79 #define PN544_HW_VARIANT_C3 0xb
80
81 #define PN544_FW_CMD_RESET 0x01
82 #define PN544_FW_CMD_WRITE 0x08
83 #define PN544_FW_CMD_CHECK 0x06
84 #define PN544_FW_CMD_SECURE_WRITE 0x0C
85 #define PN544_FW_CMD_SECURE_CHUNK_WRITE 0x0D
86
87 struct pn544_i2c_fw_frame_write {
88 u8 cmd;
89 u16 be_length;
90 u8 be_dest_addr[3];
91 u16 be_datalen;
92 u8 data[];
93 } __packed;
94
95 struct pn544_i2c_fw_frame_check {
96 u8 cmd;
97 u16 be_length;
98 u8 be_start_addr[3];
99 u16 be_datalen;
100 u16 be_crc;
101 } __packed;
102
103 struct pn544_i2c_fw_frame_response {
104 u8 status;
105 u16 be_length;
106 } __packed;
107
108 struct pn544_i2c_fw_blob {
109 u32 be_size;
110 u32 be_destaddr;
111 u8 data[];
112 };
113
114 struct pn544_i2c_fw_secure_frame {
115 u8 cmd;
116 u16 be_datalen;
117 u8 data[];
118 } __packed;
119
120 struct pn544_i2c_fw_secure_blob {
121 u64 header;
122 u8 data[];
123 };
124
125 #define PN544_FW_CMD_RESULT_TIMEOUT 0x01
126 #define PN544_FW_CMD_RESULT_BAD_CRC 0x02
127 #define PN544_FW_CMD_RESULT_ACCESS_DENIED 0x08
128 #define PN544_FW_CMD_RESULT_PROTOCOL_ERROR 0x0B
129 #define PN544_FW_CMD_RESULT_INVALID_PARAMETER 0x11
130 #define PN544_FW_CMD_RESULT_UNSUPPORTED_COMMAND 0x13
131 #define PN544_FW_CMD_RESULT_INVALID_LENGTH 0x18
132 #define PN544_FW_CMD_RESULT_CRYPTOGRAPHIC_ERROR 0x19
133 #define PN544_FW_CMD_RESULT_VERSION_CONDITIONS_ERROR 0x1D
134 #define PN544_FW_CMD_RESULT_MEMORY_ERROR 0x20
135 #define PN544_FW_CMD_RESULT_CHUNK_OK 0x21
136 #define PN544_FW_CMD_RESULT_WRITE_FAILED 0x74
137 #define PN544_FW_CMD_RESULT_COMMAND_REJECTED 0xE0
138 #define PN544_FW_CMD_RESULT_CHUNK_ERROR 0xE6
139
140 #define MIN(X, Y) ((X) < (Y) ? (X) : (Y))
141
142 #define PN544_FW_WRITE_BUFFER_MAX_LEN 0x9f7
143 #define PN544_FW_I2C_MAX_PAYLOAD PN544_HCI_I2C_LLC_MAX_SIZE
144 #define PN544_FW_I2C_WRITE_FRAME_HEADER_LEN 8
145 #define PN544_FW_I2C_WRITE_DATA_MAX_LEN MIN((PN544_FW_I2C_MAX_PAYLOAD -\
146 PN544_FW_I2C_WRITE_FRAME_HEADER_LEN),\
147 PN544_FW_WRITE_BUFFER_MAX_LEN)
148 #define PN544_FW_SECURE_CHUNK_WRITE_HEADER_LEN 3
149 #define PN544_FW_SECURE_CHUNK_WRITE_DATA_MAX_LEN (PN544_FW_I2C_MAX_PAYLOAD -\
150 PN544_FW_SECURE_CHUNK_WRITE_HEADER_LEN)
151 #define PN544_FW_SECURE_FRAME_HEADER_LEN 3
152 #define PN544_FW_SECURE_BLOB_HEADER_LEN 8
153
154 #define FW_WORK_STATE_IDLE 1
155 #define FW_WORK_STATE_START 2
156 #define FW_WORK_STATE_WAIT_WRITE_ANSWER 3
157 #define FW_WORK_STATE_WAIT_CHECK_ANSWER 4
158 #define FW_WORK_STATE_WAIT_SECURE_WRITE_ANSWER 5
159
160 struct pn544_i2c_phy {
161 struct i2c_client *i2c_dev;
162 struct nfc_hci_dev *hdev;
163
164 struct gpio_desc *gpiod_en;
165 struct gpio_desc *gpiod_fw;
166
167 unsigned int en_polarity;
168
169 u8 hw_variant;
170
171 struct work_struct fw_work;
172 int fw_work_state;
173 char firmware_name[NFC_FIRMWARE_NAME_MAXSIZE + 1];
174 const struct firmware *fw;
175 u32 fw_blob_dest_addr;
176 size_t fw_blob_size;
177 const u8 *fw_blob_data;
178 size_t fw_written;
179 size_t fw_size;
180
181 int fw_cmd_result;
182
183 int powered;
184 int run_mode;
185
186 int hard_fault; /*
187 * < 0 if hardware error occured (e.g. i2c err)
188 * and prevents normal operation.
189 */
190 };
191
192 #define I2C_DUMP_SKB(info, skb) \
193 do { \
194 pr_debug("%s:\n", info); \
195 print_hex_dump(KERN_DEBUG, "i2c: ", DUMP_PREFIX_OFFSET, \
196 16, 1, (skb)->data, (skb)->len, 0); \
197 } while (0)
198
199 static void pn544_hci_i2c_platform_init(struct pn544_i2c_phy *phy)
200 {
201 int polarity, retry, ret;
202 char rset_cmd[] = { 0x05, 0xF9, 0x04, 0x00, 0xC3, 0xE5 };
203 int count = sizeof(rset_cmd);
204
205 nfc_info(&phy->i2c_dev->dev, "Detecting nfc_en polarity\n");
206
207 /* Disable fw download */
208 gpiod_set_value_cansleep(phy->gpiod_fw, 0);
209
210 for (polarity = 0; polarity < 2; polarity++) {
211 phy->en_polarity = polarity;
212 retry = 3;
213 while (retry--) {
214 /* power off */
215 gpiod_set_value_cansleep(phy->gpiod_en, !phy->en_polarity);
216 usleep_range(10000, 15000);
217
218 /* power on */
219 gpiod_set_value_cansleep(phy->gpiod_en, phy->en_polarity);
220 usleep_range(10000, 15000);
221
222 /* send reset */
223 dev_dbg(&phy->i2c_dev->dev, "Sending reset cmd\n");
224 ret = i2c_master_send(phy->i2c_dev, rset_cmd, count);
225 if (ret == count) {
226 nfc_info(&phy->i2c_dev->dev,
227 "nfc_en polarity : active %s\n",
228 (polarity == 0 ? "low" : "high"));
229 goto out;
230 }
231 }
232 }
233
234 nfc_err(&phy->i2c_dev->dev,
235 "Could not detect nfc_en polarity, fallback to active high\n");
236
237 out:
238 gpiod_set_value_cansleep(phy->gpiod_en, !phy->en_polarity);
239 }
240
241 static void pn544_hci_i2c_enable_mode(struct pn544_i2c_phy *phy, int run_mode)
242 {
243 gpiod_set_value_cansleep(phy->gpiod_fw, run_mode == PN544_FW_MODE ? 1 : 0);
244 gpiod_set_value_cansleep(phy->gpiod_en, phy->en_polarity);
245 usleep_range(10000, 15000);
246
247 phy->run_mode = run_mode;
248 }
249
250 static int pn544_hci_i2c_enable(void *phy_id)
251 {
252 struct pn544_i2c_phy *phy = phy_id;
253
254 pr_info("%s\n", __func__);
255
256 pn544_hci_i2c_enable_mode(phy, PN544_HCI_MODE);
257
258 phy->powered = 1;
259
260 return 0;
261 }
262
263 static void pn544_hci_i2c_disable(void *phy_id)
264 {
265 struct pn544_i2c_phy *phy = phy_id;
266
267 gpiod_set_value_cansleep(phy->gpiod_fw, 0);
268 gpiod_set_value_cansleep(phy->gpiod_en, !phy->en_polarity);
269 usleep_range(10000, 15000);
270
271 gpiod_set_value_cansleep(phy->gpiod_en, phy->en_polarity);
272 usleep_range(10000, 15000);
273
274 gpiod_set_value_cansleep(phy->gpiod_en, !phy->en_polarity);
275 usleep_range(10000, 15000);
276
277 phy->powered = 0;
278 }
279
280 static void pn544_hci_i2c_add_len_crc(struct sk_buff *skb)
281 {
282 u16 crc;
283 int len;
284
285 len = skb->len + 2;
286 *(u8 *)skb_push(skb, 1) = len;
287
288 crc = crc_ccitt(0xffff, skb->data, skb->len);
289 crc = ~crc;
290 skb_put_u8(skb, crc & 0xff);
291 skb_put_u8(skb, crc >> 8);
292 }
293
294 static void pn544_hci_i2c_remove_len_crc(struct sk_buff *skb)
295 {
296 skb_pull(skb, PN544_I2C_FRAME_HEADROOM);
297 skb_trim(skb, PN544_I2C_FRAME_TAILROOM);
298 }
299
300 /*
301 * Writing a frame must not return the number of written bytes.
302 * It must return either zero for success, or <0 for error.
303 * In addition, it must not alter the skb
304 */
305 static int pn544_hci_i2c_write(void *phy_id, struct sk_buff *skb)
306 {
307 int r;
308 struct pn544_i2c_phy *phy = phy_id;
309 struct i2c_client *client = phy->i2c_dev;
310
311 if (phy->hard_fault != 0)
312 return phy->hard_fault;
313
314 usleep_range(3000, 6000);
315
316 pn544_hci_i2c_add_len_crc(skb);
317
318 I2C_DUMP_SKB("i2c frame written", skb);
319
320 r = i2c_master_send(client, skb->data, skb->len);
321
322 if (r == -EREMOTEIO) { /* Retry, chip was in standby */
323 usleep_range(6000, 10000);
324 r = i2c_master_send(client, skb->data, skb->len);
325 }
326
327 if (r >= 0) {
328 if (r != skb->len)
329 r = -EREMOTEIO;
330 else
331 r = 0;
332 }
333
334 pn544_hci_i2c_remove_len_crc(skb);
335
336 return r;
337 }
338
339 static int check_crc(u8 *buf, int buflen)
340 {
341 int len;
342 u16 crc;
343
344 len = buf[0] + 1;
345 crc = crc_ccitt(0xffff, buf, len - 2);
346 crc = ~crc;
347
348 if (buf[len - 2] != (crc & 0xff) || buf[len - 1] != (crc >> 8)) {
349 pr_err("CRC error 0x%x != 0x%x 0x%x\n",
350 crc, buf[len - 1], buf[len - 2]);
351 pr_info("%s: BAD CRC\n", __func__);
352 print_hex_dump(KERN_DEBUG, "crc: ", DUMP_PREFIX_NONE,
353 16, 2, buf, buflen, false);
354 return -EPERM;
355 }
356 return 0;
357 }
358
359 /*
360 * Reads an shdlc frame and returns it in a newly allocated sk_buff. Guarantees
361 * that i2c bus will be flushed and that next read will start on a new frame.
362 * returned skb contains only LLC header and payload.
363 * returns:
364 * -EREMOTEIO : i2c read error (fatal)
365 * -EBADMSG : frame was incorrect and discarded
366 * -ENOMEM : cannot allocate skb, frame dropped
367 */
368 static int pn544_hci_i2c_read(struct pn544_i2c_phy *phy, struct sk_buff **skb)
369 {
370 int r;
371 u8 len;
372 u8 tmp[PN544_HCI_I2C_LLC_MAX_SIZE - 1];
373 struct i2c_client *client = phy->i2c_dev;
374
375 r = i2c_master_recv(client, &len, 1);
376 if (r != 1) {
377 nfc_err(&client->dev, "cannot read len byte\n");
378 return -EREMOTEIO;
379 }
380
381 if ((len < (PN544_HCI_I2C_LLC_MIN_SIZE - 1)) ||
382 (len > (PN544_HCI_I2C_LLC_MAX_SIZE - 1))) {
383 nfc_err(&client->dev, "invalid len byte\n");
384 r = -EBADMSG;
385 goto flush;
386 }
387
388 *skb = alloc_skb(1 + len, GFP_KERNEL);
389 if (*skb == NULL) {
390 r = -ENOMEM;
391 goto flush;
392 }
393
394 skb_put_u8(*skb, len);
395
396 r = i2c_master_recv(client, skb_put(*skb, len), len);
397 if (r != len) {
398 kfree_skb(*skb);
399 return -EREMOTEIO;
400 }
401
402 I2C_DUMP_SKB("i2c frame read", *skb);
403
404 r = check_crc((*skb)->data, (*skb)->len);
405 if (r != 0) {
406 kfree_skb(*skb);
407 r = -EBADMSG;
408 goto flush;
409 }
410
411 skb_pull(*skb, 1);
412 skb_trim(*skb, (*skb)->len - 2);
413
414 usleep_range(3000, 6000);
415
416 return 0;
417
418 flush:
419 if (i2c_master_recv(client, tmp, sizeof(tmp)) < 0)
420 r = -EREMOTEIO;
421
422 usleep_range(3000, 6000);
423
424 return r;
425 }
426
427 static int pn544_hci_i2c_fw_read_status(struct pn544_i2c_phy *phy)
428 {
429 int r;
430 struct pn544_i2c_fw_frame_response response;
431 struct i2c_client *client = phy->i2c_dev;
432
433 r = i2c_master_recv(client, (char *) &response, sizeof(response));
434 if (r != sizeof(response)) {
435 nfc_err(&client->dev, "cannot read fw status\n");
436 return -EIO;
437 }
438
439 usleep_range(3000, 6000);
440
441 switch (response.status) {
442 case 0:
443 return 0;
444 case PN544_FW_CMD_RESULT_CHUNK_OK:
445 return response.status;
446 case PN544_FW_CMD_RESULT_TIMEOUT:
447 return -ETIMEDOUT;
448 case PN544_FW_CMD_RESULT_BAD_CRC:
449 return -ENODATA;
450 case PN544_FW_CMD_RESULT_ACCESS_DENIED:
451 return -EACCES;
452 case PN544_FW_CMD_RESULT_PROTOCOL_ERROR:
453 return -EPROTO;
454 case PN544_FW_CMD_RESULT_INVALID_PARAMETER:
455 return -EINVAL;
456 case PN544_FW_CMD_RESULT_UNSUPPORTED_COMMAND:
457 return -ENOTSUPP;
458 case PN544_FW_CMD_RESULT_INVALID_LENGTH:
459 return -EBADMSG;
460 case PN544_FW_CMD_RESULT_CRYPTOGRAPHIC_ERROR:
461 return -ENOKEY;
462 case PN544_FW_CMD_RESULT_VERSION_CONDITIONS_ERROR:
463 return -EINVAL;
464 case PN544_FW_CMD_RESULT_MEMORY_ERROR:
465 return -ENOMEM;
466 case PN544_FW_CMD_RESULT_COMMAND_REJECTED:
467 return -EACCES;
468 case PN544_FW_CMD_RESULT_WRITE_FAILED:
469 case PN544_FW_CMD_RESULT_CHUNK_ERROR:
470 return -EIO;
471 default:
472 return -EIO;
473 }
474 }
475
476 /*
477 * Reads an shdlc frame from the chip. This is not as straightforward as it
478 * seems. There are cases where we could loose the frame start synchronization.
479 * The frame format is len-data-crc, and corruption can occur anywhere while
480 * transiting on i2c bus, such that we could read an invalid len.
481 * In order to recover synchronization with the next frame, we must be sure
482 * to read the real amount of data without using the len byte. We do this by
483 * assuming the following:
484 * - the chip will always present only one single complete frame on the bus
485 * before triggering the interrupt
486 * - the chip will not present a new frame until we have completely read
487 * the previous one (or until we have handled the interrupt).
488 * The tricky case is when we read a corrupted len that is less than the real
489 * len. We must detect this here in order to determine that we need to flush
490 * the bus. This is the reason why we check the crc here.
491 */
492 static irqreturn_t pn544_hci_i2c_irq_thread_fn(int irq, void *phy_id)
493 {
494 struct pn544_i2c_phy *phy = phy_id;
495 struct i2c_client *client;
496 struct sk_buff *skb = NULL;
497 int r;
498
499 if (!phy || irq != phy->i2c_dev->irq) {
500 WARN_ON_ONCE(1);
501 return IRQ_NONE;
502 }
503
504 client = phy->i2c_dev;
505 dev_dbg(&client->dev, "IRQ\n");
506
507 if (phy->hard_fault != 0)
508 return IRQ_HANDLED;
509
510 if (phy->run_mode == PN544_FW_MODE) {
511 phy->fw_cmd_result = pn544_hci_i2c_fw_read_status(phy);
512 schedule_work(&phy->fw_work);
513 } else {
514 r = pn544_hci_i2c_read(phy, &skb);
515 if (r == -EREMOTEIO) {
516 phy->hard_fault = r;
517
518 nfc_hci_recv_frame(phy->hdev, NULL);
519
520 return IRQ_HANDLED;
521 } else if ((r == -ENOMEM) || (r == -EBADMSG)) {
522 return IRQ_HANDLED;
523 }
524
525 nfc_hci_recv_frame(phy->hdev, skb);
526 }
527 return IRQ_HANDLED;
528 }
529
530 static struct nfc_phy_ops i2c_phy_ops = {
531 .write = pn544_hci_i2c_write,
532 .enable = pn544_hci_i2c_enable,
533 .disable = pn544_hci_i2c_disable,
534 };
535
536 static int pn544_hci_i2c_fw_download(void *phy_id, const char *firmware_name,
537 u8 hw_variant)
538 {
539 struct pn544_i2c_phy *phy = phy_id;
540
541 pr_info("Starting Firmware Download (%s)\n", firmware_name);
542
543 strcpy(phy->firmware_name, firmware_name);
544
545 phy->hw_variant = hw_variant;
546 phy->fw_work_state = FW_WORK_STATE_START;
547
548 schedule_work(&phy->fw_work);
549
550 return 0;
551 }
552
553 static void pn544_hci_i2c_fw_work_complete(struct pn544_i2c_phy *phy,
554 int result)
555 {
556 pr_info("Firmware Download Complete, result=%d\n", result);
557
558 pn544_hci_i2c_disable(phy);
559
560 phy->fw_work_state = FW_WORK_STATE_IDLE;
561
562 if (phy->fw) {
563 release_firmware(phy->fw);
564 phy->fw = NULL;
565 }
566
567 nfc_fw_download_done(phy->hdev->ndev, phy->firmware_name, (u32) -result);
568 }
569
570 static int pn544_hci_i2c_fw_write_cmd(struct i2c_client *client, u32 dest_addr,
571 const u8 *data, u16 datalen)
572 {
573 u8 frame[PN544_FW_I2C_MAX_PAYLOAD];
574 struct pn544_i2c_fw_frame_write *framep;
575 u16 params_len;
576 int framelen;
577 int r;
578
579 if (datalen > PN544_FW_I2C_WRITE_DATA_MAX_LEN)
580 datalen = PN544_FW_I2C_WRITE_DATA_MAX_LEN;
581
582 framep = (struct pn544_i2c_fw_frame_write *) frame;
583
584 params_len = sizeof(framep->be_dest_addr) +
585 sizeof(framep->be_datalen) + datalen;
586 framelen = params_len + sizeof(framep->cmd) +
587 sizeof(framep->be_length);
588
589 framep->cmd = PN544_FW_CMD_WRITE;
590
591 put_unaligned_be16(params_len, &framep->be_length);
592
593 framep->be_dest_addr[0] = (dest_addr & 0xff0000) >> 16;
594 framep->be_dest_addr[1] = (dest_addr & 0xff00) >> 8;
595 framep->be_dest_addr[2] = dest_addr & 0xff;
596
597 put_unaligned_be16(datalen, &framep->be_datalen);
598
599 memcpy(framep->data, data, datalen);
600
601 r = i2c_master_send(client, frame, framelen);
602
603 if (r == framelen)
604 return datalen;
605 else if (r < 0)
606 return r;
607 else
608 return -EIO;
609 }
610
611 static int pn544_hci_i2c_fw_check_cmd(struct i2c_client *client, u32 start_addr,
612 const u8 *data, u16 datalen)
613 {
614 struct pn544_i2c_fw_frame_check frame;
615 int r;
616 u16 crc;
617
618 /* calculate local crc for the data we want to check */
619 crc = crc_ccitt(0xffff, data, datalen);
620
621 frame.cmd = PN544_FW_CMD_CHECK;
622
623 put_unaligned_be16(sizeof(frame.be_start_addr) +
624 sizeof(frame.be_datalen) + sizeof(frame.be_crc),
625 &frame.be_length);
626
627 /* tell the chip the memory region to which our crc applies */
628 frame.be_start_addr[0] = (start_addr & 0xff0000) >> 16;
629 frame.be_start_addr[1] = (start_addr & 0xff00) >> 8;
630 frame.be_start_addr[2] = start_addr & 0xff;
631
632 put_unaligned_be16(datalen, &frame.be_datalen);
633
634 /*
635 * and give our local crc. Chip will calculate its own crc for the
636 * region and compare with ours.
637 */
638 put_unaligned_be16(crc, &frame.be_crc);
639
640 r = i2c_master_send(client, (const char *) &frame, sizeof(frame));
641
642 if (r == sizeof(frame))
643 return 0;
644 else if (r < 0)
645 return r;
646 else
647 return -EIO;
648 }
649
650 static int pn544_hci_i2c_fw_write_chunk(struct pn544_i2c_phy *phy)
651 {
652 int r;
653
654 r = pn544_hci_i2c_fw_write_cmd(phy->i2c_dev,
655 phy->fw_blob_dest_addr + phy->fw_written,
656 phy->fw_blob_data + phy->fw_written,
657 phy->fw_blob_size - phy->fw_written);
658 if (r < 0)
659 return r;
660
661 phy->fw_written += r;
662 phy->fw_work_state = FW_WORK_STATE_WAIT_WRITE_ANSWER;
663
664 return 0;
665 }
666
667 static int pn544_hci_i2c_fw_secure_write_frame_cmd(struct pn544_i2c_phy *phy,
668 const u8 *data, u16 datalen)
669 {
670 u8 buf[PN544_FW_I2C_MAX_PAYLOAD];
671 struct pn544_i2c_fw_secure_frame *chunk;
672 int chunklen;
673 int r;
674
675 if (datalen > PN544_FW_SECURE_CHUNK_WRITE_DATA_MAX_LEN)
676 datalen = PN544_FW_SECURE_CHUNK_WRITE_DATA_MAX_LEN;
677
678 chunk = (struct pn544_i2c_fw_secure_frame *) buf;
679
680 chunk->cmd = PN544_FW_CMD_SECURE_CHUNK_WRITE;
681
682 put_unaligned_be16(datalen, &chunk->be_datalen);
683
684 memcpy(chunk->data, data, datalen);
685
686 chunklen = sizeof(chunk->cmd) + sizeof(chunk->be_datalen) + datalen;
687
688 r = i2c_master_send(phy->i2c_dev, buf, chunklen);
689
690 if (r == chunklen)
691 return datalen;
692 else if (r < 0)
693 return r;
694 else
695 return -EIO;
696
697 }
698
699 static int pn544_hci_i2c_fw_secure_write_frame(struct pn544_i2c_phy *phy)
700 {
701 struct pn544_i2c_fw_secure_frame *framep;
702 int r;
703
704 framep = (struct pn544_i2c_fw_secure_frame *) phy->fw_blob_data;
705 if (phy->fw_written == 0)
706 phy->fw_blob_size = get_unaligned_be16(&framep->be_datalen)
707 + PN544_FW_SECURE_FRAME_HEADER_LEN;
708
709 /* Only secure write command can be chunked*/
710 if (phy->fw_blob_size > PN544_FW_I2C_MAX_PAYLOAD &&
711 framep->cmd != PN544_FW_CMD_SECURE_WRITE)
712 return -EINVAL;
713
714 /* The firmware also have other commands, we just send them directly */
715 if (phy->fw_blob_size < PN544_FW_I2C_MAX_PAYLOAD) {
716 r = i2c_master_send(phy->i2c_dev,
717 (const char *) phy->fw_blob_data, phy->fw_blob_size);
718
719 if (r == phy->fw_blob_size)
720 goto exit;
721 else if (r < 0)
722 return r;
723 else
724 return -EIO;
725 }
726
727 r = pn544_hci_i2c_fw_secure_write_frame_cmd(phy,
728 phy->fw_blob_data + phy->fw_written,
729 phy->fw_blob_size - phy->fw_written);
730 if (r < 0)
731 return r;
732
733 exit:
734 phy->fw_written += r;
735 phy->fw_work_state = FW_WORK_STATE_WAIT_SECURE_WRITE_ANSWER;
736
737 /* SW reset command will not trig any response from PN544 */
738 if (framep->cmd == PN544_FW_CMD_RESET) {
739 pn544_hci_i2c_enable_mode(phy, PN544_FW_MODE);
740 phy->fw_cmd_result = 0;
741 schedule_work(&phy->fw_work);
742 }
743
744 return 0;
745 }
746
747 static void pn544_hci_i2c_fw_work(struct work_struct *work)
748 {
749 struct pn544_i2c_phy *phy = container_of(work, struct pn544_i2c_phy,
750 fw_work);
751 int r;
752 struct pn544_i2c_fw_blob *blob;
753 struct pn544_i2c_fw_secure_blob *secure_blob;
754
755 switch (phy->fw_work_state) {
756 case FW_WORK_STATE_START:
757 pn544_hci_i2c_enable_mode(phy, PN544_FW_MODE);
758
759 r = request_firmware(&phy->fw, phy->firmware_name,
760 &phy->i2c_dev->dev);
761 if (r < 0)
762 goto exit_state_start;
763
764 phy->fw_written = 0;
765
766 switch (phy->hw_variant) {
767 case PN544_HW_VARIANT_C2:
768 blob = (struct pn544_i2c_fw_blob *) phy->fw->data;
769 phy->fw_blob_size = get_unaligned_be32(&blob->be_size);
770 phy->fw_blob_dest_addr = get_unaligned_be32(
771 &blob->be_destaddr);
772 phy->fw_blob_data = blob->data;
773
774 r = pn544_hci_i2c_fw_write_chunk(phy);
775 break;
776 case PN544_HW_VARIANT_C3:
777 secure_blob = (struct pn544_i2c_fw_secure_blob *)
778 phy->fw->data;
779 phy->fw_blob_data = secure_blob->data;
780 phy->fw_size = phy->fw->size;
781 r = pn544_hci_i2c_fw_secure_write_frame(phy);
782 break;
783 default:
784 r = -ENOTSUPP;
785 break;
786 }
787
788 exit_state_start:
789 if (r < 0)
790 pn544_hci_i2c_fw_work_complete(phy, r);
791 break;
792
793 case FW_WORK_STATE_WAIT_WRITE_ANSWER:
794 r = phy->fw_cmd_result;
795 if (r < 0)
796 goto exit_state_wait_write_answer;
797
798 if (phy->fw_written == phy->fw_blob_size) {
799 r = pn544_hci_i2c_fw_check_cmd(phy->i2c_dev,
800 phy->fw_blob_dest_addr,
801 phy->fw_blob_data,
802 phy->fw_blob_size);
803 if (r < 0)
804 goto exit_state_wait_write_answer;
805 phy->fw_work_state = FW_WORK_STATE_WAIT_CHECK_ANSWER;
806 break;
807 }
808
809 r = pn544_hci_i2c_fw_write_chunk(phy);
810
811 exit_state_wait_write_answer:
812 if (r < 0)
813 pn544_hci_i2c_fw_work_complete(phy, r);
814 break;
815
816 case FW_WORK_STATE_WAIT_CHECK_ANSWER:
817 r = phy->fw_cmd_result;
818 if (r < 0)
819 goto exit_state_wait_check_answer;
820
821 blob = (struct pn544_i2c_fw_blob *) (phy->fw_blob_data +
822 phy->fw_blob_size);
823 phy->fw_blob_size = get_unaligned_be32(&blob->be_size);
824 if (phy->fw_blob_size != 0) {
825 phy->fw_blob_dest_addr =
826 get_unaligned_be32(&blob->be_destaddr);
827 phy->fw_blob_data = blob->data;
828
829 phy->fw_written = 0;
830 r = pn544_hci_i2c_fw_write_chunk(phy);
831 }
832
833 exit_state_wait_check_answer:
834 if (r < 0 || phy->fw_blob_size == 0)
835 pn544_hci_i2c_fw_work_complete(phy, r);
836 break;
837
838 case FW_WORK_STATE_WAIT_SECURE_WRITE_ANSWER:
839 r = phy->fw_cmd_result;
840 if (r < 0)
841 goto exit_state_wait_secure_write_answer;
842
843 if (r == PN544_FW_CMD_RESULT_CHUNK_OK) {
844 r = pn544_hci_i2c_fw_secure_write_frame(phy);
845 goto exit_state_wait_secure_write_answer;
846 }
847
848 if (phy->fw_written == phy->fw_blob_size) {
849 secure_blob = (struct pn544_i2c_fw_secure_blob *)
850 (phy->fw_blob_data + phy->fw_blob_size);
851 phy->fw_size -= phy->fw_blob_size +
852 PN544_FW_SECURE_BLOB_HEADER_LEN;
853 if (phy->fw_size >= PN544_FW_SECURE_BLOB_HEADER_LEN
854 + PN544_FW_SECURE_FRAME_HEADER_LEN) {
855 phy->fw_blob_data = secure_blob->data;
856
857 phy->fw_written = 0;
858 r = pn544_hci_i2c_fw_secure_write_frame(phy);
859 }
860 }
861
862 exit_state_wait_secure_write_answer:
863 if (r < 0 || phy->fw_size == 0)
864 pn544_hci_i2c_fw_work_complete(phy, r);
865 break;
866
867 default:
868 break;
869 }
870 }
871
872 static const struct acpi_gpio_params enable_gpios = { 1, 0, false };
873 static const struct acpi_gpio_params firmware_gpios = { 2, 0, false };
874
875 static const struct acpi_gpio_mapping acpi_pn544_gpios[] = {
876 { "enable-gpios", &enable_gpios, 1 },
877 { "firmware-gpios", &firmware_gpios, 1 },
878 { },
879 };
880
881 static int pn544_hci_i2c_probe(struct i2c_client *client,
882 const struct i2c_device_id *id)
883 {
884 struct device *dev = &client->dev;
885 struct pn544_i2c_phy *phy;
886 int r = 0;
887
888 dev_dbg(&client->dev, "%s\n", __func__);
889 dev_dbg(&client->dev, "IRQ: %d\n", client->irq);
890
891 if (!i2c_check_functionality(client->adapter, I2C_FUNC_I2C)) {
892 nfc_err(&client->dev, "Need I2C_FUNC_I2C\n");
893 return -ENODEV;
894 }
895
896 phy = devm_kzalloc(&client->dev, sizeof(struct pn544_i2c_phy),
897 GFP_KERNEL);
898 if (!phy)
899 return -ENOMEM;
900
901 INIT_WORK(&phy->fw_work, pn544_hci_i2c_fw_work);
902 phy->fw_work_state = FW_WORK_STATE_IDLE;
903
904 phy->i2c_dev = client;
905 i2c_set_clientdata(client, phy);
906
907 r = devm_acpi_dev_add_driver_gpios(dev, acpi_pn544_gpios);
908 if (r)
909 dev_dbg(dev, "Unable to add GPIO mapping table\n");
910
911 /* Get EN GPIO */
912 phy->gpiod_en = devm_gpiod_get(dev, "enable", GPIOD_OUT_LOW);
913 if (IS_ERR(phy->gpiod_en)) {
914 nfc_err(dev, "Unable to get EN GPIO\n");
915 return PTR_ERR(phy->gpiod_en);
916 }
917
918 /* Get FW GPIO */
919 phy->gpiod_fw = devm_gpiod_get(dev, "firmware", GPIOD_OUT_LOW);
920 if (IS_ERR(phy->gpiod_fw)) {
921 nfc_err(dev, "Unable to get FW GPIO\n");
922 return PTR_ERR(phy->gpiod_fw);
923 }
924
925 pn544_hci_i2c_platform_init(phy);
926
927 r = devm_request_threaded_irq(&client->dev, client->irq, NULL,
928 pn544_hci_i2c_irq_thread_fn,
929 IRQF_TRIGGER_RISING | IRQF_ONESHOT,
930 PN544_HCI_I2C_DRIVER_NAME, phy);
931 if (r < 0) {
932 nfc_err(&client->dev, "Unable to register IRQ handler\n");
933 return r;
934 }
935
936 r = pn544_hci_probe(phy, &i2c_phy_ops, LLC_SHDLC_NAME,
937 PN544_I2C_FRAME_HEADROOM, PN544_I2C_FRAME_TAILROOM,
938 PN544_HCI_I2C_LLC_MAX_PAYLOAD,
939 pn544_hci_i2c_fw_download, &phy->hdev);
940 if (r < 0)
941 return r;
942
943 return 0;
944 }
945
946 static int pn544_hci_i2c_remove(struct i2c_client *client)
947 {
948 struct pn544_i2c_phy *phy = i2c_get_clientdata(client);
949
950 dev_dbg(&client->dev, "%s\n", __func__);
951
952 cancel_work_sync(&phy->fw_work);
953 if (phy->fw_work_state != FW_WORK_STATE_IDLE)
954 pn544_hci_i2c_fw_work_complete(phy, -ENODEV);
955
956 pn544_hci_remove(phy->hdev);
957
958 if (phy->powered)
959 pn544_hci_i2c_disable(phy);
960
961 return 0;
962 }
963
964 static const struct of_device_id of_pn544_i2c_match[] = {
965 { .compatible = "nxp,pn544-i2c", },
966 {},
967 };
968 MODULE_DEVICE_TABLE(of, of_pn544_i2c_match);
969
970 static struct i2c_driver pn544_hci_i2c_driver = {
971 .driver = {
972 .name = PN544_HCI_I2C_DRIVER_NAME,
973 .of_match_table = of_match_ptr(of_pn544_i2c_match),
974 .acpi_match_table = ACPI_PTR(pn544_hci_i2c_acpi_match),
975 },
976 .probe = pn544_hci_i2c_probe,
977 .id_table = pn544_hci_i2c_id_table,
978 .remove = pn544_hci_i2c_remove,
979 };
980
981 module_i2c_driver(pn544_hci_i2c_driver);
982
983 MODULE_LICENSE("GPL");
984 MODULE_DESCRIPTION(DRIVER_DESC);
Linux with added FPC-III support