1 // SPDX-License-Identifier: GPL-2.0
2 /*
3  * Copyright (c) 2013, Intel Corporation.
4  *
5  * MEI Library for mei bus nfc device access
6  */
7 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
8 
9 #include <linux/module.h>
10 #include <linux/slab.h>
11 #include <linux/nfc.h>
12 
13 #include "mei_phy.h"
14 
15 struct mei_nfc_hdr {
16 	u8 cmd;
17 	u8 status;
18 	u16 req_id;
19 	u32 reserved;
20 	u16 data_size;
21 } __packed;
22 
23 struct mei_nfc_cmd {
24 	struct mei_nfc_hdr hdr;
25 	u8 sub_command;
26 	u8 data[];
27 } __packed;
28 
29 struct mei_nfc_reply {
30 	struct mei_nfc_hdr hdr;
31 	u8 sub_command;
32 	u8 reply_status;
33 	u8 data[];
34 } __packed;
35 
36 struct mei_nfc_if_version {
37 	u8 radio_version_sw[3];
38 	u8 reserved[3];
39 	u8 radio_version_hw[3];
40 	u8 i2c_addr;
41 	u8 fw_ivn;
42 	u8 vendor_id;
43 	u8 radio_type;
44 } __packed;
45 
46 struct mei_nfc_connect {
47 	u8 fw_ivn;
48 	u8 vendor_id;
49 } __packed;
50 
51 struct mei_nfc_connect_resp {
52 	u8 fw_ivn;
53 	u8 vendor_id;
54 	u16 me_major;
55 	u16 me_minor;
56 	u16 me_hotfix;
57 	u16 me_build;
58 } __packed;
59 
60 
61 #define MEI_NFC_CMD_MAINTENANCE 0x00
62 #define MEI_NFC_CMD_HCI_SEND 0x01
63 #define MEI_NFC_CMD_HCI_RECV 0x02
64 
65 #define MEI_NFC_SUBCMD_CONNECT    0x00
66 #define MEI_NFC_SUBCMD_IF_VERSION 0x01
67 
68 #define MEI_NFC_MAX_READ (MEI_NFC_HEADER_SIZE + MEI_NFC_MAX_HCI_PAYLOAD)
69 
70 #define MEI_DUMP_SKB_IN(info, skb)				\
71 do {								\
72 	pr_debug("%s:\n", info);				\
73 	print_hex_dump_debug("mei in : ", DUMP_PREFIX_OFFSET,	\
74 			16, 1, (skb)->data, (skb)->len, false);	\
75 } while (0)
76 
77 #define MEI_DUMP_SKB_OUT(info, skb)				\
78 do {								\
79 	pr_debug("%s:\n", info);				\
80 	print_hex_dump_debug("mei out: ", DUMP_PREFIX_OFFSET,	\
81 			16, 1, (skb)->data, (skb)->len, false);	\
82 } while (0)
83 
84 #define MEI_DUMP_NFC_HDR(info, _hdr)                                \
85 do {                                                                \
86 	pr_debug("%s:\n", info);                                    \
87 	pr_debug("cmd=%02d status=%d req_id=%d rsvd=%d size=%d\n",  \
88 		 (_hdr)->cmd, (_hdr)->status, (_hdr)->req_id,       \
89 		 (_hdr)->reserved, (_hdr)->data_size);              \
90 } while (0)
91 
mei_nfc_if_version(struct nfc_mei_phy * phy)92 static int mei_nfc_if_version(struct nfc_mei_phy *phy)
93 {
94 
95 	struct mei_nfc_cmd cmd;
96 	struct mei_nfc_reply *reply = NULL;
97 	struct mei_nfc_if_version *version;
98 	size_t if_version_length;
99 	int bytes_recv, r;
100 
101 	pr_info("%s\n", __func__);
102 
103 	memset(&cmd, 0, sizeof(struct mei_nfc_cmd));
104 	cmd.hdr.cmd = MEI_NFC_CMD_MAINTENANCE;
105 	cmd.hdr.data_size = 1;
106 	cmd.sub_command = MEI_NFC_SUBCMD_IF_VERSION;
107 
108 	MEI_DUMP_NFC_HDR("version", &cmd.hdr);
109 	r = mei_cldev_send(phy->cldev, (u8 *)&cmd, sizeof(struct mei_nfc_cmd));
110 	if (r < 0) {
111 		pr_err("Could not send IF version cmd\n");
112 		return r;
113 	}
114 
115 	/* to be sure on the stack we alloc memory */
116 	if_version_length = sizeof(struct mei_nfc_reply) +
117 		sizeof(struct mei_nfc_if_version);
118 
119 	reply = kzalloc(if_version_length, GFP_KERNEL);
120 	if (!reply)
121 		return -ENOMEM;
122 
123 	bytes_recv = mei_cldev_recv(phy->cldev, (u8 *)reply, if_version_length);
124 	if (bytes_recv < 0 || bytes_recv < if_version_length) {
125 		pr_err("Could not read IF version\n");
126 		r = -EIO;
127 		goto err;
128 	}
129 
130 	version = (struct mei_nfc_if_version *)reply->data;
131 
132 	phy->fw_ivn = version->fw_ivn;
133 	phy->vendor_id = version->vendor_id;
134 	phy->radio_type = version->radio_type;
135 
136 err:
137 	kfree(reply);
138 	return r;
139 }
140 
mei_nfc_connect(struct nfc_mei_phy * phy)141 static int mei_nfc_connect(struct nfc_mei_phy *phy)
142 {
143 	struct mei_nfc_cmd *cmd, *reply;
144 	struct mei_nfc_connect *connect;
145 	struct mei_nfc_connect_resp *connect_resp;
146 	size_t connect_length, connect_resp_length;
147 	int bytes_recv, r;
148 
149 	pr_info("%s\n", __func__);
150 
151 	connect_length = sizeof(struct mei_nfc_cmd) +
152 			sizeof(struct mei_nfc_connect);
153 
154 	connect_resp_length = sizeof(struct mei_nfc_cmd) +
155 			sizeof(struct mei_nfc_connect_resp);
156 
157 	cmd = kzalloc(connect_length, GFP_KERNEL);
158 	if (!cmd)
159 		return -ENOMEM;
160 	connect = (struct mei_nfc_connect *)cmd->data;
161 
162 	reply = kzalloc(connect_resp_length, GFP_KERNEL);
163 	if (!reply) {
164 		kfree(cmd);
165 		return -ENOMEM;
166 	}
167 
168 	connect_resp = (struct mei_nfc_connect_resp *)reply->data;
169 
170 	cmd->hdr.cmd = MEI_NFC_CMD_MAINTENANCE;
171 	cmd->hdr.data_size = 3;
172 	cmd->sub_command = MEI_NFC_SUBCMD_CONNECT;
173 	connect->fw_ivn = phy->fw_ivn;
174 	connect->vendor_id = phy->vendor_id;
175 
176 	MEI_DUMP_NFC_HDR("connect request", &cmd->hdr);
177 	r = mei_cldev_send(phy->cldev, (u8 *)cmd, connect_length);
178 	if (r < 0) {
179 		pr_err("Could not send connect cmd %d\n", r);
180 		goto err;
181 	}
182 
183 	bytes_recv = mei_cldev_recv(phy->cldev, (u8 *)reply,
184 				    connect_resp_length);
185 	if (bytes_recv < 0) {
186 		r = bytes_recv;
187 		pr_err("Could not read connect response %d\n", r);
188 		goto err;
189 	}
190 
191 	MEI_DUMP_NFC_HDR("connect reply", &reply->hdr);
192 
193 	pr_info("IVN 0x%x Vendor ID 0x%x\n",
194 		 connect_resp->fw_ivn, connect_resp->vendor_id);
195 
196 	pr_info("ME FW %d.%d.%d.%d\n",
197 		connect_resp->me_major, connect_resp->me_minor,
198 		connect_resp->me_hotfix, connect_resp->me_build);
199 
200 	r = 0;
201 
202 err:
203 	kfree(reply);
204 	kfree(cmd);
205 
206 	return r;
207 }
208 
mei_nfc_send(struct nfc_mei_phy * phy,u8 * buf,size_t length)209 static int mei_nfc_send(struct nfc_mei_phy *phy, u8 *buf, size_t length)
210 {
211 	struct mei_nfc_hdr *hdr;
212 	u8 *mei_buf;
213 	int err;
214 
215 	err = -ENOMEM;
216 	mei_buf = kzalloc(length + MEI_NFC_HEADER_SIZE, GFP_KERNEL);
217 	if (!mei_buf)
218 		goto out;
219 
220 	hdr = (struct mei_nfc_hdr *)mei_buf;
221 	hdr->cmd = MEI_NFC_CMD_HCI_SEND;
222 	hdr->status = 0;
223 	hdr->req_id = phy->req_id;
224 	hdr->reserved = 0;
225 	hdr->data_size = length;
226 
227 	MEI_DUMP_NFC_HDR("send", hdr);
228 
229 	memcpy(mei_buf + MEI_NFC_HEADER_SIZE, buf, length);
230 	err = mei_cldev_send(phy->cldev, mei_buf, length + MEI_NFC_HEADER_SIZE);
231 	if (err < 0)
232 		goto out;
233 
234 	if (!wait_event_interruptible_timeout(phy->send_wq,
235 				phy->recv_req_id == phy->req_id, HZ)) {
236 		pr_err("NFC MEI command timeout\n");
237 		err = -ETIME;
238 	} else {
239 		phy->req_id++;
240 	}
241 out:
242 	kfree(mei_buf);
243 	return err;
244 }
245 
246 /*
247  * Writing a frame must not return the number of written bytes.
248  * It must return either zero for success, or <0 for error.
249  * In addition, it must not alter the skb
250  */
nfc_mei_phy_write(void * phy_id,struct sk_buff * skb)251 static int nfc_mei_phy_write(void *phy_id, struct sk_buff *skb)
252 {
253 	struct nfc_mei_phy *phy = phy_id;
254 	int r;
255 
256 	MEI_DUMP_SKB_OUT("mei frame sent", skb);
257 
258 	r = mei_nfc_send(phy, skb->data, skb->len);
259 	if (r > 0)
260 		r = 0;
261 
262 	return r;
263 }
264 
mei_nfc_recv(struct nfc_mei_phy * phy,u8 * buf,size_t length)265 static int mei_nfc_recv(struct nfc_mei_phy *phy, u8 *buf, size_t length)
266 {
267 	struct mei_nfc_hdr *hdr;
268 	int received_length;
269 
270 	received_length = mei_cldev_recv(phy->cldev, buf, length);
271 	if (received_length < 0)
272 		return received_length;
273 
274 	hdr = (struct mei_nfc_hdr *) buf;
275 
276 	MEI_DUMP_NFC_HDR("receive", hdr);
277 	if (hdr->cmd == MEI_NFC_CMD_HCI_SEND) {
278 		phy->recv_req_id = hdr->req_id;
279 		wake_up(&phy->send_wq);
280 
281 		return 0;
282 	}
283 
284 	return received_length;
285 }
286 
287 
nfc_mei_rx_cb(struct mei_cl_device * cldev)288 static void nfc_mei_rx_cb(struct mei_cl_device *cldev)
289 {
290 	struct nfc_mei_phy *phy = mei_cldev_get_drvdata(cldev);
291 	struct sk_buff *skb;
292 	int reply_size;
293 
294 	if (!phy)
295 		return;
296 
297 	if (phy->hard_fault != 0)
298 		return;
299 
300 	skb = alloc_skb(MEI_NFC_MAX_READ, GFP_KERNEL);
301 	if (!skb)
302 		return;
303 
304 	reply_size = mei_nfc_recv(phy, skb->data, MEI_NFC_MAX_READ);
305 	if (reply_size < MEI_NFC_HEADER_SIZE) {
306 		kfree_skb(skb);
307 		return;
308 	}
309 
310 	skb_put(skb, reply_size);
311 	skb_pull(skb, MEI_NFC_HEADER_SIZE);
312 
313 	MEI_DUMP_SKB_IN("mei frame read", skb);
314 
315 	nfc_hci_recv_frame(phy->hdev, skb);
316 }
317 
nfc_mei_phy_enable(void * phy_id)318 static int nfc_mei_phy_enable(void *phy_id)
319 {
320 	int r;
321 	struct nfc_mei_phy *phy = phy_id;
322 
323 	pr_info("%s\n", __func__);
324 
325 	if (phy->powered == 1)
326 		return 0;
327 
328 	r = mei_cldev_enable(phy->cldev);
329 	if (r < 0) {
330 		pr_err("Could not enable device %d\n", r);
331 		return r;
332 	}
333 
334 	r = mei_nfc_if_version(phy);
335 	if (r < 0) {
336 		pr_err("Could not enable device %d\n", r);
337 		goto err;
338 	}
339 
340 	r = mei_nfc_connect(phy);
341 	if (r < 0) {
342 		pr_err("Could not connect to device %d\n", r);
343 		goto err;
344 	}
345 
346 	r = mei_cldev_register_rx_cb(phy->cldev, nfc_mei_rx_cb);
347 	if (r) {
348 		pr_err("Event cb registration failed %d\n", r);
349 		goto err;
350 	}
351 
352 	phy->powered = 1;
353 
354 	return 0;
355 
356 err:
357 	phy->powered = 0;
358 	mei_cldev_disable(phy->cldev);
359 	return r;
360 }
361 
nfc_mei_phy_disable(void * phy_id)362 static void nfc_mei_phy_disable(void *phy_id)
363 {
364 	struct nfc_mei_phy *phy = phy_id;
365 
366 	pr_info("%s\n", __func__);
367 
368 	mei_cldev_disable(phy->cldev);
369 
370 	phy->powered = 0;
371 }
372 
373 struct nfc_phy_ops mei_phy_ops = {
374 	.write = nfc_mei_phy_write,
375 	.enable = nfc_mei_phy_enable,
376 	.disable = nfc_mei_phy_disable,
377 };
378 EXPORT_SYMBOL_GPL(mei_phy_ops);
379 
nfc_mei_phy_alloc(struct mei_cl_device * cldev)380 struct nfc_mei_phy *nfc_mei_phy_alloc(struct mei_cl_device *cldev)
381 {
382 	struct nfc_mei_phy *phy;
383 
384 	phy = kzalloc(sizeof(struct nfc_mei_phy), GFP_KERNEL);
385 	if (!phy)
386 		return NULL;
387 
388 	phy->cldev = cldev;
389 	init_waitqueue_head(&phy->send_wq);
390 	mei_cldev_set_drvdata(cldev, phy);
391 
392 	return phy;
393 }
394 EXPORT_SYMBOL_GPL(nfc_mei_phy_alloc);
395 
nfc_mei_phy_free(struct nfc_mei_phy * phy)396 void nfc_mei_phy_free(struct nfc_mei_phy *phy)
397 {
398 	mei_cldev_disable(phy->cldev);
399 	kfree(phy);
400 }
401 EXPORT_SYMBOL_GPL(nfc_mei_phy_free);
402 
403 MODULE_LICENSE("GPL");
404 MODULE_DESCRIPTION("mei bus NFC device interface");
405