xref: /linux/drivers/nfc/st21nfca/core.c (revision d4b996f9ef1fe83d9ce9ad5c1ca0bd8231638ce5)
1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3  * HCI based Driver for STMicroelectronics NFC Chip
4  *
5  * Copyright (C) 2014  STMicroelectronics SAS. All rights reserved.
6  */
7 
8 #include <linux/module.h>
9 #include <linux/nfc.h>
10 #include <net/nfc/hci.h>
11 #include <net/nfc/llc.h>
12 
13 #include "st21nfca.h"
14 
15 #define DRIVER_DESC "HCI NFC driver for ST21NFCA"
16 
17 #define FULL_VERSION_LEN 3
18 
19 /* Proprietary gates, events, commands and registers */
20 
21 /* Commands that apply to all RF readers */
22 #define ST21NFCA_RF_READER_CMD_PRESENCE_CHECK	0x30
23 
24 #define ST21NFCA_RF_READER_ISO15693_GATE	0x12
25 #define ST21NFCA_RF_READER_ISO15693_INVENTORY	0x01
26 
27 /*
28  * Reader gate for communication with contact-less cards using Type A
29  * protocol ISO14443-3 but not compliant with ISO14443-4
30  */
31 #define ST21NFCA_RF_READER_14443_3_A_GATE	0x15
32 #define ST21NFCA_RF_READER_14443_3_A_UID	0x02
33 #define ST21NFCA_RF_READER_14443_3_A_ATQA	0x03
34 #define ST21NFCA_RF_READER_14443_3_A_SAK	0x04
35 
36 #define ST21NFCA_RF_READER_F_DATARATE		0x01
37 #define ST21NFCA_RF_READER_F_DATARATE_106	0x01
38 #define ST21NFCA_RF_READER_F_DATARATE_212	0x02
39 #define ST21NFCA_RF_READER_F_DATARATE_424	0x04
40 #define ST21NFCA_RF_READER_F_POL_REQ		0x02
41 #define ST21NFCA_RF_READER_F_POL_REQ_DEFAULT	0xffff0000
42 #define ST21NFCA_RF_READER_F_NFCID2		0x03
43 #define ST21NFCA_RF_READER_F_NFCID1		0x04
44 
45 #define ST21NFCA_RF_CARD_F_MODE			0x01
46 #define ST21NFCA_RF_CARD_F_NFCID2_LIST		0x04
47 #define ST21NFCA_RF_CARD_F_NFCID1		0x05
48 #define ST21NFCA_RF_CARD_F_SENS_RES		0x06
49 #define ST21NFCA_RF_CARD_F_SEL_RES		0x07
50 #define ST21NFCA_RF_CARD_F_DATARATE		0x08
51 #define ST21NFCA_RF_CARD_F_DATARATE_212_424	0x01
52 
53 #define ST21NFCA_DEVICE_MGNT_PIPE		0x02
54 
55 #define ST21NFCA_DM_GETINFO			0x13
56 #define ST21NFCA_DM_GETINFO_PIPE_LIST		0x02
57 #define ST21NFCA_DM_GETINFO_PIPE_INFO		0x01
58 #define ST21NFCA_DM_PIPE_CREATED		0x02
59 #define ST21NFCA_DM_PIPE_OPEN			0x04
60 #define ST21NFCA_DM_RF_ACTIVE			0x80
61 #define ST21NFCA_DM_DISCONNECT			0x30
62 
63 #define ST21NFCA_DM_IS_PIPE_OPEN(p) \
64 	((p & 0x0f) == (ST21NFCA_DM_PIPE_CREATED | ST21NFCA_DM_PIPE_OPEN))
65 
66 #define ST21NFCA_NFC_MODE			0x03	/* NFC_MODE parameter*/
67 
68 #define ST21NFCA_EVT_HOT_PLUG			0x03
69 #define ST21NFCA_EVT_HOT_PLUG_IS_INHIBITED(x) (x->data[0] & 0x80)
70 
71 #define ST21NFCA_SE_TO_PIPES			2000
72 
73 static DECLARE_BITMAP(dev_mask, ST21NFCA_NUM_DEVICES);
74 
75 static const struct nfc_hci_gate st21nfca_gates[] = {
76 	{NFC_HCI_ADMIN_GATE, NFC_HCI_ADMIN_PIPE},
77 	{NFC_HCI_LINK_MGMT_GATE, NFC_HCI_LINK_MGMT_PIPE},
78 	{ST21NFCA_DEVICE_MGNT_GATE, ST21NFCA_DEVICE_MGNT_PIPE},
79 
80 	{NFC_HCI_LOOPBACK_GATE, NFC_HCI_INVALID_PIPE},
81 	{NFC_HCI_ID_MGMT_GATE, NFC_HCI_INVALID_PIPE},
82 	{NFC_HCI_RF_READER_B_GATE, NFC_HCI_INVALID_PIPE},
83 	{NFC_HCI_RF_READER_A_GATE, NFC_HCI_INVALID_PIPE},
84 	{ST21NFCA_RF_READER_F_GATE, NFC_HCI_INVALID_PIPE},
85 	{ST21NFCA_RF_READER_14443_3_A_GATE, NFC_HCI_INVALID_PIPE},
86 	{ST21NFCA_RF_READER_ISO15693_GATE, NFC_HCI_INVALID_PIPE},
87 	{ST21NFCA_RF_CARD_F_GATE, NFC_HCI_INVALID_PIPE},
88 
89 	/* Secure element pipes are created by secure element host */
90 	{ST21NFCA_CONNECTIVITY_GATE, NFC_HCI_DO_NOT_CREATE_PIPE},
91 	{ST21NFCA_APDU_READER_GATE, NFC_HCI_DO_NOT_CREATE_PIPE},
92 };
93 
94 struct st21nfca_pipe_info {
95 	u8 pipe_state;
96 	u8 src_host_id;
97 	u8 src_gate_id;
98 	u8 dst_host_id;
99 	u8 dst_gate_id;
100 } __packed;
101 
102 /* Largest headroom needed for outgoing custom commands */
103 #define ST21NFCA_CMDS_HEADROOM  7
104 
105 static int st21nfca_hci_load_session(struct nfc_hci_dev *hdev)
106 {
107 	int i, j, r;
108 	struct sk_buff *skb_pipe_list, *skb_pipe_info;
109 	struct st21nfca_pipe_info *info;
110 
111 	u8 pipe_list[] = { ST21NFCA_DM_GETINFO_PIPE_LIST,
112 		NFC_HCI_TERMINAL_HOST_ID
113 	};
114 	u8 pipe_info[] = { ST21NFCA_DM_GETINFO_PIPE_INFO,
115 		NFC_HCI_TERMINAL_HOST_ID, 0
116 	};
117 
118 	/* On ST21NFCA device pipes number are dynamics
119 	 * A maximum of 16 pipes can be created at the same time
120 	 * If pipes are already created, hci_dev_up will fail.
121 	 * Doing a clear all pipe is a bad idea because:
122 	 * - It does useless EEPROM cycling
123 	 * - It might cause issue for secure elements support
124 	 * (such as removing connectivity or APDU reader pipe)
125 	 * A better approach on ST21NFCA is to:
126 	 * - get a pipe list for each host.
127 	 * (eg: NFC_HCI_HOST_CONTROLLER_ID for now).
128 	 * (TODO Later on UICC HOST and eSE HOST)
129 	 * - get pipe information
130 	 * - match retrieved pipe list in st21nfca_gates
131 	 * ST21NFCA_DEVICE_MGNT_GATE is a proprietary gate
132 	 * with ST21NFCA_DEVICE_MGNT_PIPE.
133 	 * Pipe can be closed and need to be open.
134 	 */
135 	r = nfc_hci_connect_gate(hdev, NFC_HCI_HOST_CONTROLLER_ID,
136 				ST21NFCA_DEVICE_MGNT_GATE,
137 				ST21NFCA_DEVICE_MGNT_PIPE);
138 	if (r < 0)
139 		return r;
140 
141 	/* Get pipe list */
142 	r = nfc_hci_send_cmd(hdev, ST21NFCA_DEVICE_MGNT_GATE,
143 			ST21NFCA_DM_GETINFO, pipe_list, sizeof(pipe_list),
144 			&skb_pipe_list);
145 	if (r < 0)
146 		return r;
147 
148 	/* Complete the existing gate_pipe table */
149 	for (i = 0; i < skb_pipe_list->len; i++) {
150 		pipe_info[2] = skb_pipe_list->data[i];
151 		r = nfc_hci_send_cmd(hdev, ST21NFCA_DEVICE_MGNT_GATE,
152 					ST21NFCA_DM_GETINFO, pipe_info,
153 					sizeof(pipe_info), &skb_pipe_info);
154 		if (r)
155 			continue;
156 
157 		/*
158 		 * Match pipe ID and gate ID
159 		 * Output format from ST21NFC_DM_GETINFO is:
160 		 * - pipe state (1byte)
161 		 * - source hid (1byte)
162 		 * - source gid (1byte)
163 		 * - destination hid (1byte)
164 		 * - destination gid (1byte)
165 		 */
166 		info = (struct st21nfca_pipe_info *) skb_pipe_info->data;
167 		if (info->dst_gate_id == ST21NFCA_APDU_READER_GATE &&
168 			info->src_host_id == NFC_HCI_UICC_HOST_ID) {
169 			pr_err("Unexpected apdu_reader pipe on host %x\n",
170 				info->src_host_id);
171 			kfree_skb(skb_pipe_info);
172 			continue;
173 		}
174 
175 		for (j = 3; (j < ARRAY_SIZE(st21nfca_gates)) &&
176 			(st21nfca_gates[j].gate != info->dst_gate_id) ; j++)
177 			;
178 
179 		if (j < ARRAY_SIZE(st21nfca_gates) &&
180 			st21nfca_gates[j].gate == info->dst_gate_id &&
181 			ST21NFCA_DM_IS_PIPE_OPEN(info->pipe_state)) {
182 			hdev->init_data.gates[j].pipe = pipe_info[2];
183 
184 			hdev->gate2pipe[st21nfca_gates[j].gate] =
185 						pipe_info[2];
186 			hdev->pipes[pipe_info[2]].gate =
187 						st21nfca_gates[j].gate;
188 			hdev->pipes[pipe_info[2]].dest_host =
189 						info->src_host_id;
190 		}
191 		kfree_skb(skb_pipe_info);
192 	}
193 
194 	/*
195 	 * 3 gates have a well known pipe ID. Only NFC_HCI_LINK_MGMT_GATE
196 	 * is not yet open at this stage.
197 	 */
198 	r = nfc_hci_connect_gate(hdev, NFC_HCI_HOST_CONTROLLER_ID,
199 				 NFC_HCI_LINK_MGMT_GATE,
200 				 NFC_HCI_LINK_MGMT_PIPE);
201 
202 	kfree_skb(skb_pipe_list);
203 	return r;
204 }
205 
206 static int st21nfca_hci_open(struct nfc_hci_dev *hdev)
207 {
208 	struct st21nfca_hci_info *info = nfc_hci_get_clientdata(hdev);
209 	int r;
210 
211 	mutex_lock(&info->info_lock);
212 
213 	if (info->state != ST21NFCA_ST_COLD) {
214 		r = -EBUSY;
215 		goto out;
216 	}
217 
218 	r = info->phy_ops->enable(info->phy_id);
219 
220 	if (r == 0)
221 		info->state = ST21NFCA_ST_READY;
222 
223 out:
224 	mutex_unlock(&info->info_lock);
225 	return r;
226 }
227 
228 static void st21nfca_hci_close(struct nfc_hci_dev *hdev)
229 {
230 	struct st21nfca_hci_info *info = nfc_hci_get_clientdata(hdev);
231 
232 	mutex_lock(&info->info_lock);
233 
234 	if (info->state == ST21NFCA_ST_COLD)
235 		goto out;
236 
237 	info->phy_ops->disable(info->phy_id);
238 	info->state = ST21NFCA_ST_COLD;
239 
240 out:
241 	mutex_unlock(&info->info_lock);
242 }
243 
244 static int st21nfca_hci_ready(struct nfc_hci_dev *hdev)
245 {
246 	struct st21nfca_hci_info *info = nfc_hci_get_clientdata(hdev);
247 	struct sk_buff *skb;
248 
249 	u8 param;
250 	u8 white_list[2];
251 	int wl_size = 0;
252 	int r;
253 
254 	if (info->se_status->is_uicc_present)
255 		white_list[wl_size++] = NFC_HCI_UICC_HOST_ID;
256 	if (info->se_status->is_ese_present)
257 		white_list[wl_size++] = ST21NFCA_ESE_HOST_ID;
258 
259 	if (wl_size) {
260 		r = nfc_hci_set_param(hdev, NFC_HCI_ADMIN_GATE,
261 					NFC_HCI_ADMIN_WHITELIST,
262 					(u8 *) &white_list, wl_size);
263 		if (r < 0)
264 			return r;
265 	}
266 
267 	/* Set NFC_MODE in device management gate to enable */
268 	r = nfc_hci_get_param(hdev, ST21NFCA_DEVICE_MGNT_GATE,
269 			      ST21NFCA_NFC_MODE, &skb);
270 	if (r < 0)
271 		return r;
272 
273 	param = skb->data[0];
274 	kfree_skb(skb);
275 	if (param == 0) {
276 		param = 1;
277 
278 		r = nfc_hci_set_param(hdev, ST21NFCA_DEVICE_MGNT_GATE,
279 					ST21NFCA_NFC_MODE, &param, 1);
280 		if (r < 0)
281 			return r;
282 	}
283 
284 	r = nfc_hci_send_event(hdev, NFC_HCI_RF_READER_A_GATE,
285 			       NFC_HCI_EVT_END_OPERATION, NULL, 0);
286 	if (r < 0)
287 		return r;
288 
289 	r = nfc_hci_get_param(hdev, NFC_HCI_ID_MGMT_GATE,
290 			      NFC_HCI_ID_MGMT_VERSION_SW, &skb);
291 	if (r < 0)
292 		return r;
293 
294 	if (skb->len != FULL_VERSION_LEN) {
295 		kfree_skb(skb);
296 		return -EINVAL;
297 	}
298 
299 	print_hex_dump(KERN_DEBUG, "FULL VERSION SOFTWARE INFO: ",
300 		       DUMP_PREFIX_NONE, 16, 1,
301 		       skb->data, FULL_VERSION_LEN, false);
302 
303 	kfree_skb(skb);
304 
305 	return 0;
306 }
307 
308 static int st21nfca_hci_xmit(struct nfc_hci_dev *hdev, struct sk_buff *skb)
309 {
310 	struct st21nfca_hci_info *info = nfc_hci_get_clientdata(hdev);
311 
312 	return info->phy_ops->write(info->phy_id, skb);
313 }
314 
315 static int st21nfca_hci_start_poll(struct nfc_hci_dev *hdev,
316 				   u32 im_protocols, u32 tm_protocols)
317 {
318 	int r;
319 	u32 pol_req;
320 	u8 param[19];
321 	struct sk_buff *datarate_skb;
322 
323 	pr_info(DRIVER_DESC ": %s protocols 0x%x 0x%x\n",
324 		__func__, im_protocols, tm_protocols);
325 
326 	r = nfc_hci_send_event(hdev, NFC_HCI_RF_READER_A_GATE,
327 			       NFC_HCI_EVT_END_OPERATION, NULL, 0);
328 	if (r < 0)
329 		return r;
330 	if (im_protocols) {
331 		/*
332 		 * enable polling according to im_protocols & tm_protocols
333 		 * - CLOSE pipe according to im_protocols & tm_protocols
334 		 */
335 		if ((NFC_HCI_RF_READER_B_GATE & im_protocols) == 0) {
336 			r = nfc_hci_disconnect_gate(hdev,
337 					NFC_HCI_RF_READER_B_GATE);
338 			if (r < 0)
339 				return r;
340 		}
341 
342 		if ((NFC_HCI_RF_READER_A_GATE & im_protocols) == 0) {
343 			r = nfc_hci_disconnect_gate(hdev,
344 					NFC_HCI_RF_READER_A_GATE);
345 			if (r < 0)
346 				return r;
347 		}
348 
349 		if ((ST21NFCA_RF_READER_F_GATE & im_protocols) == 0) {
350 			r = nfc_hci_disconnect_gate(hdev,
351 					ST21NFCA_RF_READER_F_GATE);
352 			if (r < 0)
353 				return r;
354 		} else {
355 			hdev->gb = nfc_get_local_general_bytes(hdev->ndev,
356 							       &hdev->gb_len);
357 
358 			if (hdev->gb == NULL || hdev->gb_len == 0) {
359 				im_protocols &= ~NFC_PROTO_NFC_DEP_MASK;
360 				tm_protocols &= ~NFC_PROTO_NFC_DEP_MASK;
361 			}
362 
363 			param[0] = ST21NFCA_RF_READER_F_DATARATE_106 |
364 			    ST21NFCA_RF_READER_F_DATARATE_212 |
365 			    ST21NFCA_RF_READER_F_DATARATE_424;
366 			r = nfc_hci_set_param(hdev, ST21NFCA_RF_READER_F_GATE,
367 					      ST21NFCA_RF_READER_F_DATARATE,
368 					      param, 1);
369 			if (r < 0)
370 				return r;
371 
372 			pol_req = be32_to_cpu((__force __be32)
373 					ST21NFCA_RF_READER_F_POL_REQ_DEFAULT);
374 			r = nfc_hci_set_param(hdev, ST21NFCA_RF_READER_F_GATE,
375 					      ST21NFCA_RF_READER_F_POL_REQ,
376 					      (u8 *) &pol_req, 4);
377 			if (r < 0)
378 				return r;
379 		}
380 
381 		if ((ST21NFCA_RF_READER_14443_3_A_GATE & im_protocols) == 0) {
382 			r = nfc_hci_disconnect_gate(hdev,
383 					ST21NFCA_RF_READER_14443_3_A_GATE);
384 			if (r < 0)
385 				return r;
386 		}
387 
388 		if ((ST21NFCA_RF_READER_ISO15693_GATE & im_protocols) == 0) {
389 			r = nfc_hci_disconnect_gate(hdev,
390 					ST21NFCA_RF_READER_ISO15693_GATE);
391 			if (r < 0)
392 				return r;
393 		}
394 
395 		r = nfc_hci_send_event(hdev, NFC_HCI_RF_READER_A_GATE,
396 				       NFC_HCI_EVT_READER_REQUESTED, NULL, 0);
397 		if (r < 0)
398 			nfc_hci_send_event(hdev, NFC_HCI_RF_READER_A_GATE,
399 					   NFC_HCI_EVT_END_OPERATION, NULL, 0);
400 	}
401 
402 	if (tm_protocols & NFC_PROTO_NFC_DEP_MASK) {
403 		r = nfc_hci_get_param(hdev, ST21NFCA_RF_CARD_F_GATE,
404 				      ST21NFCA_RF_CARD_F_DATARATE,
405 				      &datarate_skb);
406 		if (r < 0)
407 			return r;
408 
409 		/* Configure the maximum supported datarate to 424Kbps */
410 		if (datarate_skb->len > 0 &&
411 		    datarate_skb->data[0] !=
412 		    ST21NFCA_RF_CARD_F_DATARATE_212_424) {
413 			param[0] = ST21NFCA_RF_CARD_F_DATARATE_212_424;
414 			r = nfc_hci_set_param(hdev, ST21NFCA_RF_CARD_F_GATE,
415 					      ST21NFCA_RF_CARD_F_DATARATE,
416 					      param, 1);
417 			if (r < 0) {
418 				kfree_skb(datarate_skb);
419 				return r;
420 			}
421 		}
422 		kfree_skb(datarate_skb);
423 
424 		/*
425 		 * Configure sens_res
426 		 *
427 		 * NFC Forum Digital Spec Table 7:
428 		 * NFCID1 size: triple (10 bytes)
429 		 */
430 		param[0] = 0x00;
431 		param[1] = 0x08;
432 		r = nfc_hci_set_param(hdev, ST21NFCA_RF_CARD_F_GATE,
433 				      ST21NFCA_RF_CARD_F_SENS_RES, param, 2);
434 		if (r < 0)
435 			return r;
436 
437 		/*
438 		 * Configure sel_res
439 		 *
440 		 * NFC Forum Digistal Spec Table 17:
441 		 * b3 set to 0b (value b7-b6):
442 		 * - 10b: Configured for NFC-DEP Protocol
443 		 */
444 		param[0] = 0x40;
445 		r = nfc_hci_set_param(hdev, ST21NFCA_RF_CARD_F_GATE,
446 				      ST21NFCA_RF_CARD_F_SEL_RES, param, 1);
447 		if (r < 0)
448 			return r;
449 
450 		/* Configure NFCID1 Random uid */
451 		r = nfc_hci_set_param(hdev, ST21NFCA_RF_CARD_F_GATE,
452 				      ST21NFCA_RF_CARD_F_NFCID1, NULL, 0);
453 		if (r < 0)
454 			return r;
455 
456 		/* Configure NFCID2_LIST */
457 		/* System Code */
458 		param[0] = 0x00;
459 		param[1] = 0x00;
460 		/* NFCID2 */
461 		param[2] = 0x01;
462 		param[3] = 0xfe;
463 		param[4] = 'S';
464 		param[5] = 'T';
465 		param[6] = 'M';
466 		param[7] = 'i';
467 		param[8] = 'c';
468 		param[9] = 'r';
469 		/* 8 byte Pad bytes used for polling respone frame */
470 
471 		/*
472 		 * Configuration byte:
473 		 * - bit 0: define the default NFCID2 entry used when the
474 		 * system code is equal to 'FFFF'
475 		 * - bit 1: use a random value for lowest 6 bytes of
476 		 * NFCID2 value
477 		 * - bit 2: ignore polling request frame if request code
478 		 * is equal to '01'
479 		 * - Other bits are RFU
480 		 */
481 		param[18] = 0x01;
482 		r = nfc_hci_set_param(hdev, ST21NFCA_RF_CARD_F_GATE,
483 				      ST21NFCA_RF_CARD_F_NFCID2_LIST, param,
484 				      19);
485 		if (r < 0)
486 			return r;
487 
488 		param[0] = 0x02;
489 		r = nfc_hci_set_param(hdev, ST21NFCA_RF_CARD_F_GATE,
490 				      ST21NFCA_RF_CARD_F_MODE, param, 1);
491 	}
492 
493 	return r;
494 }
495 
496 static void st21nfca_hci_stop_poll(struct nfc_hci_dev *hdev)
497 {
498 	nfc_hci_send_cmd(hdev, ST21NFCA_DEVICE_MGNT_GATE,
499 			ST21NFCA_DM_DISCONNECT, NULL, 0, NULL);
500 }
501 
502 static int st21nfca_get_iso14443_3_atqa(struct nfc_hci_dev *hdev, u16 *atqa)
503 {
504 	int r;
505 	struct sk_buff *atqa_skb = NULL;
506 
507 	r = nfc_hci_get_param(hdev, ST21NFCA_RF_READER_14443_3_A_GATE,
508 			      ST21NFCA_RF_READER_14443_3_A_ATQA, &atqa_skb);
509 	if (r < 0)
510 		goto exit;
511 
512 	if (atqa_skb->len != 2) {
513 		r = -EPROTO;
514 		goto exit;
515 	}
516 
517 	*atqa = be16_to_cpu(*(__be16 *) atqa_skb->data);
518 
519 exit:
520 	kfree_skb(atqa_skb);
521 	return r;
522 }
523 
524 static int st21nfca_get_iso14443_3_sak(struct nfc_hci_dev *hdev, u8 *sak)
525 {
526 	int r;
527 	struct sk_buff *sak_skb = NULL;
528 
529 	r = nfc_hci_get_param(hdev, ST21NFCA_RF_READER_14443_3_A_GATE,
530 			      ST21NFCA_RF_READER_14443_3_A_SAK, &sak_skb);
531 	if (r < 0)
532 		goto exit;
533 
534 	if (sak_skb->len != 1) {
535 		r = -EPROTO;
536 		goto exit;
537 	}
538 
539 	*sak = sak_skb->data[0];
540 
541 exit:
542 	kfree_skb(sak_skb);
543 	return r;
544 }
545 
546 static int st21nfca_get_iso14443_3_uid(struct nfc_hci_dev *hdev, u8 *uid,
547 				       int *len)
548 {
549 	int r;
550 	struct sk_buff *uid_skb = NULL;
551 
552 	r = nfc_hci_get_param(hdev, ST21NFCA_RF_READER_14443_3_A_GATE,
553 			      ST21NFCA_RF_READER_14443_3_A_UID, &uid_skb);
554 	if (r < 0)
555 		goto exit;
556 
557 	if (uid_skb->len == 0 || uid_skb->len > NFC_NFCID1_MAXSIZE) {
558 		r = -EPROTO;
559 		goto exit;
560 	}
561 
562 	memcpy(uid, uid_skb->data, uid_skb->len);
563 	*len = uid_skb->len;
564 exit:
565 	kfree_skb(uid_skb);
566 	return r;
567 }
568 
569 static int st21nfca_get_iso15693_inventory(struct nfc_hci_dev *hdev,
570 					   struct nfc_target *target)
571 {
572 	int r;
573 	struct sk_buff *inventory_skb = NULL;
574 
575 	r = nfc_hci_get_param(hdev, ST21NFCA_RF_READER_ISO15693_GATE,
576 			      ST21NFCA_RF_READER_ISO15693_INVENTORY,
577 			      &inventory_skb);
578 	if (r < 0)
579 		goto exit;
580 
581 	skb_pull(inventory_skb, 2);
582 
583 	if (inventory_skb->len == 0 ||
584 	    inventory_skb->len > NFC_ISO15693_UID_MAXSIZE) {
585 		r = -EPROTO;
586 		goto exit;
587 	}
588 
589 	memcpy(target->iso15693_uid, inventory_skb->data, inventory_skb->len);
590 	target->iso15693_dsfid	= inventory_skb->data[1];
591 	target->is_iso15693 = 1;
592 exit:
593 	kfree_skb(inventory_skb);
594 	return r;
595 }
596 
597 static int st21nfca_hci_dep_link_up(struct nfc_hci_dev *hdev,
598 				    struct nfc_target *target, u8 comm_mode,
599 				    u8 *gb, size_t gb_len)
600 {
601 	struct st21nfca_hci_info *info = nfc_hci_get_clientdata(hdev);
602 
603 	info->dep_info.idx = target->idx;
604 	return st21nfca_im_send_atr_req(hdev, gb, gb_len);
605 }
606 
607 static int st21nfca_hci_dep_link_down(struct nfc_hci_dev *hdev)
608 {
609 	struct st21nfca_hci_info *info = nfc_hci_get_clientdata(hdev);
610 
611 	info->state = ST21NFCA_ST_READY;
612 
613 	return nfc_hci_send_cmd(hdev, ST21NFCA_DEVICE_MGNT_GATE,
614 				ST21NFCA_DM_DISCONNECT, NULL, 0, NULL);
615 }
616 
617 static int st21nfca_hci_target_from_gate(struct nfc_hci_dev *hdev, u8 gate,
618 					 struct nfc_target *target)
619 {
620 	int r, len;
621 	u16 atqa;
622 	u8 sak;
623 	u8 uid[NFC_NFCID1_MAXSIZE];
624 
625 	switch (gate) {
626 	case ST21NFCA_RF_READER_F_GATE:
627 		target->supported_protocols = NFC_PROTO_FELICA_MASK;
628 		break;
629 	case ST21NFCA_RF_READER_14443_3_A_GATE:
630 		/* ISO14443-3 type 1 or 2 tags */
631 		r = st21nfca_get_iso14443_3_atqa(hdev, &atqa);
632 		if (r < 0)
633 			return r;
634 		if (atqa == 0x000c) {
635 			target->supported_protocols = NFC_PROTO_JEWEL_MASK;
636 			target->sens_res = 0x0c00;
637 		} else {
638 			r = st21nfca_get_iso14443_3_sak(hdev, &sak);
639 			if (r < 0)
640 				return r;
641 
642 			r = st21nfca_get_iso14443_3_uid(hdev, uid, &len);
643 			if (r < 0)
644 				return r;
645 
646 			target->supported_protocols =
647 			    nfc_hci_sak_to_protocol(sak);
648 			if (target->supported_protocols == 0xffffffff)
649 				return -EPROTO;
650 
651 			target->sens_res = atqa;
652 			target->sel_res = sak;
653 			memcpy(target->nfcid1, uid, len);
654 			target->nfcid1_len = len;
655 		}
656 
657 		break;
658 	case ST21NFCA_RF_READER_ISO15693_GATE:
659 		target->supported_protocols = NFC_PROTO_ISO15693_MASK;
660 		r = st21nfca_get_iso15693_inventory(hdev, target);
661 		if (r < 0)
662 			return r;
663 		break;
664 	default:
665 		return -EPROTO;
666 	}
667 
668 	return 0;
669 }
670 
671 static int st21nfca_hci_complete_target_discovered(struct nfc_hci_dev *hdev,
672 						u8 gate,
673 						struct nfc_target *target)
674 {
675 	int r;
676 	struct sk_buff *nfcid_skb = NULL;
677 
678 	if (gate == ST21NFCA_RF_READER_F_GATE) {
679 		r = nfc_hci_get_param(hdev, ST21NFCA_RF_READER_F_GATE,
680 				ST21NFCA_RF_READER_F_NFCID2, &nfcid_skb);
681 		if (r < 0)
682 			goto exit;
683 
684 		if (nfcid_skb->len > NFC_SENSF_RES_MAXSIZE) {
685 			r = -EPROTO;
686 			goto exit;
687 		}
688 
689 		/*
690 		 * - After the recepton of polling response for type F frame
691 		 * at 212 or 424 Kbit/s, NFCID2 registry parameters will be
692 		 * updated.
693 		 * - After the reception of SEL_RES with NFCIP-1 compliant bit
694 		 * set for type A frame NFCID1 will be updated
695 		 */
696 		if (nfcid_skb->len > 0) {
697 			/* P2P in type F */
698 			memcpy(target->sensf_res, nfcid_skb->data,
699 				nfcid_skb->len);
700 			target->sensf_res_len = nfcid_skb->len;
701 			/* NFC Forum Digital Protocol Table 44 */
702 			if (target->sensf_res[0] == 0x01 &&
703 			    target->sensf_res[1] == 0xfe)
704 				target->supported_protocols =
705 							NFC_PROTO_NFC_DEP_MASK;
706 			else
707 				target->supported_protocols =
708 							NFC_PROTO_FELICA_MASK;
709 		} else {
710 			kfree_skb(nfcid_skb);
711 			nfcid_skb = NULL;
712 			/* P2P in type A */
713 			r = nfc_hci_get_param(hdev, ST21NFCA_RF_READER_F_GATE,
714 					ST21NFCA_RF_READER_F_NFCID1,
715 					&nfcid_skb);
716 			if (r < 0)
717 				goto exit;
718 
719 			if (nfcid_skb->len > NFC_NFCID1_MAXSIZE) {
720 				r = -EPROTO;
721 				goto exit;
722 			}
723 			memcpy(target->sensf_res, nfcid_skb->data,
724 				nfcid_skb->len);
725 			target->sensf_res_len = nfcid_skb->len;
726 			target->supported_protocols = NFC_PROTO_NFC_DEP_MASK;
727 		}
728 		target->hci_reader_gate = ST21NFCA_RF_READER_F_GATE;
729 	}
730 	r = 1;
731 exit:
732 	kfree_skb(nfcid_skb);
733 	return r;
734 }
735 
736 #define ST21NFCA_CB_TYPE_READER_ISO15693 1
737 static void st21nfca_hci_data_exchange_cb(void *context, struct sk_buff *skb,
738 					  int err)
739 {
740 	struct st21nfca_hci_info *info = context;
741 
742 	switch (info->async_cb_type) {
743 	case ST21NFCA_CB_TYPE_READER_ISO15693:
744 		if (err == 0)
745 			skb_trim(skb, skb->len - 1);
746 		info->async_cb(info->async_cb_context, skb, err);
747 		break;
748 	default:
749 		if (err == 0)
750 			kfree_skb(skb);
751 		break;
752 	}
753 }
754 
755 /*
756  * Returns:
757  * <= 0: driver handled the data exchange
758  *    1: driver doesn't especially handle, please do standard processing
759  */
760 static int st21nfca_hci_im_transceive(struct nfc_hci_dev *hdev,
761 				      struct nfc_target *target,
762 				      struct sk_buff *skb,
763 				      data_exchange_cb_t cb, void *cb_context)
764 {
765 	struct st21nfca_hci_info *info = nfc_hci_get_clientdata(hdev);
766 
767 	pr_info(DRIVER_DESC ": %s for gate=%d len=%d\n", __func__,
768 		target->hci_reader_gate, skb->len);
769 
770 	switch (target->hci_reader_gate) {
771 	case ST21NFCA_RF_READER_F_GATE:
772 		if (target->supported_protocols == NFC_PROTO_NFC_DEP_MASK)
773 			return st21nfca_im_send_dep_req(hdev, skb);
774 
775 		*(u8 *)skb_push(skb, 1) = 0x1a;
776 		return nfc_hci_send_cmd_async(hdev, target->hci_reader_gate,
777 					      ST21NFCA_WR_XCHG_DATA, skb->data,
778 					      skb->len, cb, cb_context);
779 	case ST21NFCA_RF_READER_14443_3_A_GATE:
780 		*(u8 *)skb_push(skb, 1) = 0x1a;	/* CTR, see spec:10.2.2.1 */
781 
782 		return nfc_hci_send_cmd_async(hdev, target->hci_reader_gate,
783 					      ST21NFCA_WR_XCHG_DATA, skb->data,
784 					      skb->len, cb, cb_context);
785 	case ST21NFCA_RF_READER_ISO15693_GATE:
786 		info->async_cb_type = ST21NFCA_CB_TYPE_READER_ISO15693;
787 		info->async_cb = cb;
788 		info->async_cb_context = cb_context;
789 
790 		*(u8 *)skb_push(skb, 1) = 0x17;
791 
792 		return nfc_hci_send_cmd_async(hdev, target->hci_reader_gate,
793 					      ST21NFCA_WR_XCHG_DATA, skb->data,
794 					      skb->len,
795 					      st21nfca_hci_data_exchange_cb,
796 					      info);
797 	default:
798 		return 1;
799 	}
800 }
801 
802 static int st21nfca_hci_tm_send(struct nfc_hci_dev *hdev, struct sk_buff *skb)
803 {
804 	return st21nfca_tm_send_dep_res(hdev, skb);
805 }
806 
807 static int st21nfca_hci_check_presence(struct nfc_hci_dev *hdev,
808 				       struct nfc_target *target)
809 {
810 	u8 fwi = 0x11;
811 
812 	switch (target->hci_reader_gate) {
813 	case NFC_HCI_RF_READER_A_GATE:
814 	case NFC_HCI_RF_READER_B_GATE:
815 		/*
816 		 * PRESENCE_CHECK on those gates is available
817 		 * However, the answer to this command is taking 3 * fwi
818 		 * if the card is no present.
819 		 * Instead, we send an empty I-Frame with a very short
820 		 * configurable fwi ~604µs.
821 		 */
822 		return nfc_hci_send_cmd(hdev, target->hci_reader_gate,
823 					ST21NFCA_WR_XCHG_DATA, &fwi, 1, NULL);
824 	case ST21NFCA_RF_READER_14443_3_A_GATE:
825 		return nfc_hci_send_cmd(hdev, target->hci_reader_gate,
826 					ST21NFCA_RF_READER_CMD_PRESENCE_CHECK,
827 					NULL, 0, NULL);
828 	default:
829 		return -EOPNOTSUPP;
830 	}
831 }
832 
833 static void st21nfca_hci_cmd_received(struct nfc_hci_dev *hdev, u8 pipe, u8 cmd,
834 				struct sk_buff *skb)
835 {
836 	struct st21nfca_hci_info *info = nfc_hci_get_clientdata(hdev);
837 	u8 gate = hdev->pipes[pipe].gate;
838 
839 	pr_debug("cmd: %x\n", cmd);
840 
841 	switch (cmd) {
842 	case NFC_HCI_ANY_OPEN_PIPE:
843 		if (gate != ST21NFCA_APDU_READER_GATE &&
844 			hdev->pipes[pipe].dest_host != NFC_HCI_UICC_HOST_ID)
845 			info->se_info.count_pipes++;
846 
847 		if (info->se_info.count_pipes == info->se_info.expected_pipes) {
848 			del_timer_sync(&info->se_info.se_active_timer);
849 			info->se_info.se_active = false;
850 			info->se_info.count_pipes = 0;
851 			complete(&info->se_info.req_completion);
852 		}
853 	break;
854 	}
855 }
856 
857 static int st21nfca_admin_event_received(struct nfc_hci_dev *hdev, u8 event,
858 					struct sk_buff *skb)
859 {
860 	struct st21nfca_hci_info *info = nfc_hci_get_clientdata(hdev);
861 
862 	pr_debug("admin event: %x\n", event);
863 
864 	switch (event) {
865 	case ST21NFCA_EVT_HOT_PLUG:
866 		if (info->se_info.se_active) {
867 			if (!ST21NFCA_EVT_HOT_PLUG_IS_INHIBITED(skb)) {
868 				del_timer_sync(&info->se_info.se_active_timer);
869 				info->se_info.se_active = false;
870 				complete(&info->se_info.req_completion);
871 			} else {
872 				mod_timer(&info->se_info.se_active_timer,
873 					jiffies +
874 					msecs_to_jiffies(ST21NFCA_SE_TO_PIPES));
875 			}
876 		}
877 	break;
878 	default:
879 		nfc_err(&hdev->ndev->dev, "Unexpected event on admin gate\n");
880 	}
881 	kfree_skb(skb);
882 	return 0;
883 }
884 
885 /*
886  * Returns:
887  * <= 0: driver handled the event, skb consumed
888  *    1: driver does not handle the event, please do standard processing
889  */
890 static int st21nfca_hci_event_received(struct nfc_hci_dev *hdev, u8 pipe,
891 				       u8 event, struct sk_buff *skb)
892 {
893 	u8 gate = hdev->pipes[pipe].gate;
894 	u8 host = hdev->pipes[pipe].dest_host;
895 
896 	pr_debug("hci event: %d gate: %x\n", event, gate);
897 
898 	switch (gate) {
899 	case NFC_HCI_ADMIN_GATE:
900 		return st21nfca_admin_event_received(hdev, event, skb);
901 	case ST21NFCA_RF_CARD_F_GATE:
902 		return st21nfca_dep_event_received(hdev, event, skb);
903 	case ST21NFCA_CONNECTIVITY_GATE:
904 		return st21nfca_connectivity_event_received(hdev, host,
905 							event, skb);
906 	case ST21NFCA_APDU_READER_GATE:
907 		return st21nfca_apdu_reader_event_received(hdev, event, skb);
908 	case NFC_HCI_LOOPBACK_GATE:
909 		return st21nfca_hci_loopback_event_received(hdev, event, skb);
910 	default:
911 		return 1;
912 	}
913 }
914 
915 static const struct nfc_hci_ops st21nfca_hci_ops = {
916 	.open = st21nfca_hci_open,
917 	.close = st21nfca_hci_close,
918 	.load_session = st21nfca_hci_load_session,
919 	.hci_ready = st21nfca_hci_ready,
920 	.xmit = st21nfca_hci_xmit,
921 	.start_poll = st21nfca_hci_start_poll,
922 	.stop_poll = st21nfca_hci_stop_poll,
923 	.dep_link_up = st21nfca_hci_dep_link_up,
924 	.dep_link_down = st21nfca_hci_dep_link_down,
925 	.target_from_gate = st21nfca_hci_target_from_gate,
926 	.complete_target_discovered = st21nfca_hci_complete_target_discovered,
927 	.im_transceive = st21nfca_hci_im_transceive,
928 	.tm_send = st21nfca_hci_tm_send,
929 	.check_presence = st21nfca_hci_check_presence,
930 	.event_received = st21nfca_hci_event_received,
931 	.cmd_received = st21nfca_hci_cmd_received,
932 	.discover_se = st21nfca_hci_discover_se,
933 	.enable_se = st21nfca_hci_enable_se,
934 	.disable_se = st21nfca_hci_disable_se,
935 	.se_io = st21nfca_hci_se_io,
936 };
937 
938 int st21nfca_hci_probe(void *phy_id, const struct nfc_phy_ops *phy_ops,
939 		       char *llc_name, int phy_headroom, int phy_tailroom,
940 		       int phy_payload, struct nfc_hci_dev **hdev,
941 			   struct st21nfca_se_status *se_status)
942 {
943 	struct st21nfca_hci_info *info;
944 	int r = 0;
945 	int dev_num;
946 	u32 protocols;
947 	struct nfc_hci_init_data init_data;
948 	unsigned long quirks = 0;
949 
950 	info = kzalloc(sizeof(struct st21nfca_hci_info), GFP_KERNEL);
951 	if (!info)
952 		return -ENOMEM;
953 
954 	info->phy_ops = phy_ops;
955 	info->phy_id = phy_id;
956 	info->state = ST21NFCA_ST_COLD;
957 	mutex_init(&info->info_lock);
958 
959 	init_data.gate_count = ARRAY_SIZE(st21nfca_gates);
960 
961 	memcpy(init_data.gates, st21nfca_gates, sizeof(st21nfca_gates));
962 
963 	/*
964 	 * Session id must include the driver name + i2c bus addr
965 	 * persistent info to discriminate 2 identical chips
966 	 */
967 	dev_num = find_first_zero_bit(dev_mask, ST21NFCA_NUM_DEVICES);
968 	if (dev_num >= ST21NFCA_NUM_DEVICES) {
969 		r = -ENODEV;
970 		goto err_alloc_hdev;
971 	}
972 
973 	set_bit(dev_num, dev_mask);
974 
975 	scnprintf(init_data.session_id, sizeof(init_data.session_id), "%s%2x",
976 		  "ST21AH", dev_num);
977 
978 	protocols = NFC_PROTO_JEWEL_MASK |
979 	    NFC_PROTO_MIFARE_MASK |
980 	    NFC_PROTO_FELICA_MASK |
981 	    NFC_PROTO_ISO14443_MASK |
982 	    NFC_PROTO_ISO14443_B_MASK |
983 	    NFC_PROTO_ISO15693_MASK |
984 	    NFC_PROTO_NFC_DEP_MASK;
985 
986 	set_bit(NFC_HCI_QUIRK_SHORT_CLEAR, &quirks);
987 
988 	info->hdev =
989 	    nfc_hci_allocate_device(&st21nfca_hci_ops, &init_data, quirks,
990 				    protocols, llc_name,
991 				    phy_headroom + ST21NFCA_CMDS_HEADROOM,
992 				    phy_tailroom, phy_payload);
993 
994 	if (!info->hdev) {
995 		pr_err("Cannot allocate nfc hdev.\n");
996 		r = -ENOMEM;
997 		goto err_alloc_hdev;
998 	}
999 
1000 	info->se_status = se_status;
1001 
1002 	nfc_hci_set_clientdata(info->hdev, info);
1003 
1004 	r = nfc_hci_register_device(info->hdev);
1005 	if (r)
1006 		goto err_regdev;
1007 
1008 	*hdev = info->hdev;
1009 	st21nfca_dep_init(info->hdev);
1010 	st21nfca_se_init(info->hdev);
1011 	st21nfca_vendor_cmds_init(info->hdev);
1012 
1013 	return 0;
1014 
1015 err_regdev:
1016 	nfc_hci_free_device(info->hdev);
1017 
1018 err_alloc_hdev:
1019 	kfree(info);
1020 
1021 	return r;
1022 }
1023 EXPORT_SYMBOL(st21nfca_hci_probe);
1024 
1025 void st21nfca_hci_remove(struct nfc_hci_dev *hdev)
1026 {
1027 	struct st21nfca_hci_info *info = nfc_hci_get_clientdata(hdev);
1028 
1029 	st21nfca_dep_deinit(hdev);
1030 	st21nfca_se_deinit(hdev);
1031 	nfc_hci_unregister_device(hdev);
1032 	nfc_hci_free_device(hdev);
1033 	kfree(info);
1034 }
1035 EXPORT_SYMBOL(st21nfca_hci_remove);
1036 
1037 MODULE_LICENSE("GPL");
1038 MODULE_DESCRIPTION(DRIVER_DESC);
1039