trf7970a.c 62.5 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18
/*
 * TI TRF7970a RFID/NFC Transceiver Driver
 *
 * Copyright (C) 2013 Texas Instruments Incorporated - http://www.ti.com
 *
 * Author: Erick Macias <[email protected]>
 * Author: Felipe Balbi <[email protected]>
 * Author: Mark A. Greer <[email protected]>
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License version 2  of
 * the License as published by the Free Software Foundation.
 */

#include <linux/module.h>
#include <linux/device.h>
#include <linux/netdevice.h>
#include <linux/interrupt.h>
19
#include <linux/pm_runtime.h>
20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38
#include <linux/nfc.h>
#include <linux/skbuff.h>
#include <linux/delay.h>
#include <linux/gpio.h>
#include <linux/of.h>
#include <linux/of_gpio.h>
#include <linux/spi/spi.h>
#include <linux/regulator/consumer.h>

#include <net/nfc/nfc.h>
#include <net/nfc/digital.h>

/* There are 3 ways the host can communicate with the trf7970a:
 * parallel mode, SPI with Slave Select (SS) mode, and SPI without
 * SS mode.  The driver only supports the two SPI modes.
 *
 * The trf7970a is very timing sensitive and the VIN, EN2, and EN
 * pins must asserted in that order and with specific delays in between.
 * The delays used in the driver were provided by TI and have been
39 40 41 42 43 44 45
 * confirmed to work with this driver.  There is a bug with the current
 * version of the trf7970a that requires that EN2 remain low no matter
 * what.  If it goes high, it will generate an RF field even when in
 * passive target mode.  TI has indicated that the chip will work okay
 * when EN2 is left low.  The 'en2-rf-quirk' device tree property
 * indicates that trf7970a currently being used has the erratum and
 * that EN2 must be kept low.
46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64
 *
 * Timeouts are implemented using the delayed workqueue kernel facility.
 * Timeouts are required so things don't hang when there is no response
 * from the trf7970a (or tag).  Using this mechanism creates a race with
 * interrupts, however.  That is, an interrupt and a timeout could occur
 * closely enough together that one is blocked by the mutex while the other
 * executes.  When the timeout handler executes first and blocks the
 * interrupt handler, it will eventually set the state to IDLE so the
 * interrupt handler will check the state and exit with no harm done.
 * When the interrupt handler executes first and blocks the timeout handler,
 * the cancel_delayed_work() call will know that it didn't cancel the
 * work item (i.e., timeout) and will return zero.  That return code is
 * used by the timer handler to indicate that it should ignore the timeout
 * once its unblocked.
 *
 * Aborting an active command isn't as simple as it seems because the only
 * way to abort a command that's already been sent to the tag is so turn
 * off power to the tag.  If we do that, though, we'd have to go through
 * the entire anticollision procedure again but the digital layer doesn't
65
 * support that.  So, if an abort is received before trf7970a_send_cmd()
66 67 68 69 70 71 72 73 74 75 76
 * has sent the command to the tag, it simply returns -ECANCELED.  If the
 * command has already been sent to the tag, then the driver continues
 * normally and recieves the response data (or error) but just before
 * sending the data upstream, it frees the rx_skb and sends -ECANCELED
 * upstream instead.  If the command failed, that error will be sent
 * upstream.
 *
 * When recieving data from a tag and the interrupt status register has
 * only the SRX bit set, it means that all of the data has been received
 * (once what's in the fifo has been read).  However, depending on timing
 * an interrupt status with only the SRX bit set may not be recived.  In
77 78
 * those cases, the timeout mechanism is used to wait 20 ms in case more
 * data arrives.  After 20 ms, it is assumed that all of the data has been
79 80 81 82
 * received and the accumulated rx data is sent upstream.  The
 * 'TRF7970A_ST_WAIT_FOR_RX_DATA_CONT' state is used for this purpose
 * (i.e., it indicates that some data has been received but we're not sure
 * if there is more coming so a timeout in this state means all data has
83 84
 * been received and there isn't an error).  The delay is 20 ms since delays
 * of ~16 ms have been observed during testing.
85
 *
86 87 88 89 90 91 92
 * When transmitting a frame larger than the FIFO size (127 bytes), the
 * driver will wait 20 ms for the FIFO to drain past the low-watermark
 * and generate an interrupt.  The low-watermark set to 32 bytes so the
 * interrupt should fire after 127 - 32 = 95 bytes have been sent.  At
 * the lowest possible bit rate (6.62 kbps for 15693), it will take up
 * to ~14.35 ms so 20 ms is used for the timeout.
 *
93 94 95 96 97 98 99 100 101
 * Type 2 write and sector select commands respond with a 4-bit ACK or NACK.
 * Having only 4 bits in the FIFO won't normally generate an interrupt so
 * driver enables the '4_bit_RX' bit of the Special Functions register 1
 * to cause an interrupt in that case.  Leaving that bit for a read command
 * messes up the data returned so it is only enabled when the framing is
 * 'NFC_DIGITAL_FRAMING_NFCA_T2T' and the command is not a read command.
 * Unfortunately, that means that the driver has to peek into tx frames
 * when the framing is 'NFC_DIGITAL_FRAMING_NFCA_T2T'.  This is done by
 * the trf7970a_per_cmd_config() routine.
102 103 104 105 106 107 108 109 110 111 112 113 114
 *
 * ISO/IEC 15693 frames specify whether to use single or double sub-carrier
 * frequencies and whether to use low or high data rates in the flags byte
 * of the frame.  This means that the driver has to peek at all 15693 frames
 * to determine what speed to set the communication to.  In addition, write
 * and lock commands use the OPTION flag to indicate that an EOF must be
 * sent to the tag before it will send its response.  So the driver has to
 * examine all frames for that reason too.
 *
 * It is unclear how long to wait before sending the EOF.  According to the
 * Note under Table 1-1 in section 1.6 of
 * http://www.ti.com/lit/ug/scbu011/scbu011.pdf, that wait should be at least
 * 10 ms for TI Tag-it HF-I tags; however testing has shown that is not long
115 116 117
 * enough so 20 ms is used.  So the timer is set to 40 ms - 20 ms to drain
 * up to 127 bytes in the FIFO at the lowest bit rate plus another 20 ms to
 * ensure the wait is long enough before sending the EOF.  This seems to work
118
 * reliably.
119 120
 */

121
#define TRF7970A_SUPPORTED_PROTOCOLS \
122
		(NFC_PROTO_MIFARE_MASK | NFC_PROTO_ISO14443_MASK |	\
123
		 NFC_PROTO_ISO14443_B_MASK | NFC_PROTO_FELICA_MASK | \
124
		 NFC_PROTO_ISO15693_MASK | NFC_PROTO_NFC_DEP_MASK)
125

126
#define TRF7970A_AUTOSUSPEND_DELAY		30000 /* 30 seconds */
127 128 129
#define TRF7970A_13MHZ_CLOCK_FREQUENCY		13560000
#define TRF7970A_27MHZ_CLOCK_FREQUENCY		27120000

130

131 132
#define TRF7970A_RX_SKB_ALLOC_SIZE		256

133
#define TRF7970A_FIFO_SIZE			127
134 135 136 137

/* TX length is 3 nibbles long ==> 4KB - 1 bytes max */
#define TRF7970A_TX_MAX				(4096 - 1)

138
#define TRF7970A_WAIT_FOR_TX_IRQ		20
139
#define TRF7970A_WAIT_FOR_RX_DATA_TIMEOUT	20
140 141
#define TRF7970A_WAIT_FOR_FIFO_DRAIN_TIMEOUT	20
#define TRF7970A_WAIT_TO_ISSUE_ISO15693_EOF	40
142

143 144 145 146 147 148
/* Guard times for various RF technologies (in us) */
#define TRF7970A_GUARD_TIME_NFCA		5000
#define TRF7970A_GUARD_TIME_NFCB		5000
#define TRF7970A_GUARD_TIME_NFCF		20000
#define TRF7970A_GUARD_TIME_15693		1000

149 150 151 152
/* Quirks */
/* Erratum: When reading IRQ Status register on trf7970a, we must issue a
 * read continuous command for IRQ Status and Collision Position registers.
 */
153
#define TRF7970A_QUIRK_IRQ_STATUS_READ		BIT(0)
154
#define TRF7970A_QUIRK_EN2_MUST_STAY_LOW	BIT(1)
155
#define TRF7970A_QUIRK_T5T_RMB_EXTRA_BYTE	BIT(2)
156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171

/* Direct commands */
#define TRF7970A_CMD_IDLE			0x00
#define TRF7970A_CMD_SOFT_INIT			0x03
#define TRF7970A_CMD_RF_COLLISION		0x04
#define TRF7970A_CMD_RF_COLLISION_RESPONSE_N	0x05
#define TRF7970A_CMD_RF_COLLISION_RESPONSE_0	0x06
#define TRF7970A_CMD_FIFO_RESET			0x0f
#define TRF7970A_CMD_TRANSMIT_NO_CRC		0x10
#define TRF7970A_CMD_TRANSMIT			0x11
#define TRF7970A_CMD_DELAY_TRANSMIT_NO_CRC	0x12
#define TRF7970A_CMD_DELAY_TRANSMIT		0x13
#define TRF7970A_CMD_EOF			0x14
#define TRF7970A_CMD_CLOSE_SLOT			0x15
#define TRF7970A_CMD_BLOCK_RX			0x16
#define TRF7970A_CMD_ENABLE_RX			0x17
172 173
#define TRF7970A_CMD_TEST_INT_RF		0x18
#define TRF7970A_CMD_TEST_EXT_RF		0x19
174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246
#define TRF7970A_CMD_RX_GAIN_ADJUST		0x1a

/* Bits determining whether its a direct command or register R/W,
 * whether to use a continuous SPI transaction or not, and the actual
 * direct cmd opcode or regster address.
 */
#define TRF7970A_CMD_BIT_CTRL			BIT(7)
#define TRF7970A_CMD_BIT_RW			BIT(6)
#define TRF7970A_CMD_BIT_CONTINUOUS		BIT(5)
#define TRF7970A_CMD_BIT_OPCODE(opcode)		((opcode) & 0x1f)

/* Registers addresses */
#define TRF7970A_CHIP_STATUS_CTRL		0x00
#define TRF7970A_ISO_CTRL			0x01
#define TRF7970A_ISO14443B_TX_OPTIONS		0x02
#define TRF7970A_ISO14443A_HIGH_BITRATE_OPTIONS	0x03
#define TRF7970A_TX_TIMER_SETTING_H_BYTE	0x04
#define TRF7970A_TX_TIMER_SETTING_L_BYTE	0x05
#define TRF7970A_TX_PULSE_LENGTH_CTRL		0x06
#define TRF7970A_RX_NO_RESPONSE_WAIT		0x07
#define TRF7970A_RX_WAIT_TIME			0x08
#define TRF7970A_MODULATOR_SYS_CLK_CTRL		0x09
#define TRF7970A_RX_SPECIAL_SETTINGS		0x0a
#define TRF7970A_REG_IO_CTRL			0x0b
#define TRF7970A_IRQ_STATUS			0x0c
#define TRF7970A_COLLISION_IRQ_MASK		0x0d
#define TRF7970A_COLLISION_POSITION		0x0e
#define TRF7970A_RSSI_OSC_STATUS		0x0f
#define TRF7970A_SPECIAL_FCN_REG1		0x10
#define TRF7970A_SPECIAL_FCN_REG2		0x11
#define TRF7970A_RAM1				0x12
#define TRF7970A_RAM2				0x13
#define TRF7970A_ADJUTABLE_FIFO_IRQ_LEVELS	0x14
#define TRF7970A_NFC_LOW_FIELD_LEVEL		0x16
#define TRF7970A_NFCID1				0x17
#define TRF7970A_NFC_TARGET_LEVEL		0x18
#define TRF79070A_NFC_TARGET_PROTOCOL		0x19
#define TRF7970A_TEST_REGISTER1			0x1a
#define TRF7970A_TEST_REGISTER2			0x1b
#define TRF7970A_FIFO_STATUS			0x1c
#define TRF7970A_TX_LENGTH_BYTE1		0x1d
#define TRF7970A_TX_LENGTH_BYTE2		0x1e
#define TRF7970A_FIFO_IO_REGISTER		0x1f

/* Chip Status Control Register Bits */
#define TRF7970A_CHIP_STATUS_VRS5_3		BIT(0)
#define TRF7970A_CHIP_STATUS_REC_ON		BIT(1)
#define TRF7970A_CHIP_STATUS_AGC_ON		BIT(2)
#define TRF7970A_CHIP_STATUS_PM_ON		BIT(3)
#define TRF7970A_CHIP_STATUS_RF_PWR		BIT(4)
#define TRF7970A_CHIP_STATUS_RF_ON		BIT(5)
#define TRF7970A_CHIP_STATUS_DIRECT		BIT(6)
#define TRF7970A_CHIP_STATUS_STBY		BIT(7)

/* ISO Control Register Bits */
#define TRF7970A_ISO_CTRL_15693_SGL_1OF4_662	0x00
#define TRF7970A_ISO_CTRL_15693_SGL_1OF256_662	0x01
#define TRF7970A_ISO_CTRL_15693_SGL_1OF4_2648	0x02
#define TRF7970A_ISO_CTRL_15693_SGL_1OF256_2648	0x03
#define TRF7970A_ISO_CTRL_15693_DBL_1OF4_667a	0x04
#define TRF7970A_ISO_CTRL_15693_DBL_1OF256_667	0x05
#define TRF7970A_ISO_CTRL_15693_DBL_1OF4_2669	0x06
#define TRF7970A_ISO_CTRL_15693_DBL_1OF256_2669	0x07
#define TRF7970A_ISO_CTRL_14443A_106		0x08
#define TRF7970A_ISO_CTRL_14443A_212		0x09
#define TRF7970A_ISO_CTRL_14443A_424		0x0a
#define TRF7970A_ISO_CTRL_14443A_848		0x0b
#define TRF7970A_ISO_CTRL_14443B_106		0x0c
#define TRF7970A_ISO_CTRL_14443B_212		0x0d
#define TRF7970A_ISO_CTRL_14443B_424		0x0e
#define TRF7970A_ISO_CTRL_14443B_848		0x0f
#define TRF7970A_ISO_CTRL_FELICA_212		0x1a
#define TRF7970A_ISO_CTRL_FELICA_424		0x1b
247 248 249 250 251 252 253 254 255
#define TRF7970A_ISO_CTRL_NFC_NFCA_106		0x01
#define TRF7970A_ISO_CTRL_NFC_NFCF_212		0x02
#define TRF7970A_ISO_CTRL_NFC_NFCF_424		0x03
#define TRF7970A_ISO_CTRL_NFC_CE_14443A		0x00
#define TRF7970A_ISO_CTRL_NFC_CE_14443B		0x01
#define TRF7970A_ISO_CTRL_NFC_CE		BIT(2)
#define TRF7970A_ISO_CTRL_NFC_ACTIVE		BIT(3)
#define TRF7970A_ISO_CTRL_NFC_INITIATOR		BIT(4)
#define TRF7970A_ISO_CTRL_NFC_NFC_CE_MODE	BIT(5)
256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280
#define TRF7970A_ISO_CTRL_RFID			BIT(5)
#define TRF7970A_ISO_CTRL_DIR_MODE		BIT(6)
#define TRF7970A_ISO_CTRL_RX_CRC_N		BIT(7)	/* true == No CRC */

#define TRF7970A_ISO_CTRL_RFID_SPEED_MASK	0x1f

/* Modulator and SYS_CLK Control Register Bits */
#define TRF7970A_MODULATOR_DEPTH(n)		((n) & 0x7)
#define TRF7970A_MODULATOR_DEPTH_ASK10		(TRF7970A_MODULATOR_DEPTH(0))
#define TRF7970A_MODULATOR_DEPTH_OOK		(TRF7970A_MODULATOR_DEPTH(1))
#define TRF7970A_MODULATOR_DEPTH_ASK7		(TRF7970A_MODULATOR_DEPTH(2))
#define TRF7970A_MODULATOR_DEPTH_ASK8_5		(TRF7970A_MODULATOR_DEPTH(3))
#define TRF7970A_MODULATOR_DEPTH_ASK13		(TRF7970A_MODULATOR_DEPTH(4))
#define TRF7970A_MODULATOR_DEPTH_ASK16		(TRF7970A_MODULATOR_DEPTH(5))
#define TRF7970A_MODULATOR_DEPTH_ASK22		(TRF7970A_MODULATOR_DEPTH(6))
#define TRF7970A_MODULATOR_DEPTH_ASK30		(TRF7970A_MODULATOR_DEPTH(7))
#define TRF7970A_MODULATOR_EN_ANA		BIT(3)
#define TRF7970A_MODULATOR_CLK(n)		(((n) & 0x3) << 4)
#define TRF7970A_MODULATOR_CLK_DISABLED		(TRF7970A_MODULATOR_CLK(0))
#define TRF7970A_MODULATOR_CLK_3_6		(TRF7970A_MODULATOR_CLK(1))
#define TRF7970A_MODULATOR_CLK_6_13		(TRF7970A_MODULATOR_CLK(2))
#define TRF7970A_MODULATOR_CLK_13_27		(TRF7970A_MODULATOR_CLK(3))
#define TRF7970A_MODULATOR_EN_OOK		BIT(6)
#define TRF7970A_MODULATOR_27MHZ		BIT(7)

281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296
#define TRF7970A_RX_SPECIAL_SETTINGS_NO_LIM	BIT(0)
#define TRF7970A_RX_SPECIAL_SETTINGS_AGCR	BIT(1)
#define TRF7970A_RX_SPECIAL_SETTINGS_GD_0DB	(0x0 << 2)
#define TRF7970A_RX_SPECIAL_SETTINGS_GD_5DB	(0x1 << 2)
#define TRF7970A_RX_SPECIAL_SETTINGS_GD_10DB	(0x2 << 2)
#define TRF7970A_RX_SPECIAL_SETTINGS_GD_15DB	(0x3 << 2)
#define TRF7970A_RX_SPECIAL_SETTINGS_HBT	BIT(4)
#define TRF7970A_RX_SPECIAL_SETTINGS_M848	BIT(5)
#define TRF7970A_RX_SPECIAL_SETTINGS_C424	BIT(6)
#define TRF7970A_RX_SPECIAL_SETTINGS_C212	BIT(7)

#define TRF7970A_REG_IO_CTRL_VRS(v)		((v) & 0x07)
#define TRF7970A_REG_IO_CTRL_IO_LOW		BIT(5)
#define TRF7970A_REG_IO_CTRL_EN_EXT_PA		BIT(6)
#define TRF7970A_REG_IO_CTRL_AUTO_REG		BIT(7)

297 298
/* IRQ Status Register Bits */
#define TRF7970A_IRQ_STATUS_NORESP		BIT(0) /* ISO15693 only */
299
#define TRF7970A_IRQ_STATUS_NFC_COL_ERROR	BIT(0)
300 301
#define TRF7970A_IRQ_STATUS_COL			BIT(1)
#define TRF7970A_IRQ_STATUS_FRAMING_EOF_ERROR	BIT(2)
302
#define TRF7970A_IRQ_STATUS_NFC_RF		BIT(2)
303
#define TRF7970A_IRQ_STATUS_PARITY_ERROR	BIT(3)
304
#define TRF7970A_IRQ_STATUS_NFC_SDD		BIT(3)
305
#define TRF7970A_IRQ_STATUS_CRC_ERROR		BIT(4)
306
#define TRF7970A_IRQ_STATUS_NFC_PROTO_ERROR	BIT(4)
307 308 309 310 311 312 313 314 315 316
#define TRF7970A_IRQ_STATUS_FIFO		BIT(5)
#define TRF7970A_IRQ_STATUS_SRX			BIT(6)
#define TRF7970A_IRQ_STATUS_TX			BIT(7)

#define TRF7970A_IRQ_STATUS_ERROR				\
		(TRF7970A_IRQ_STATUS_COL |			\
		 TRF7970A_IRQ_STATUS_FRAMING_EOF_ERROR |	\
		 TRF7970A_IRQ_STATUS_PARITY_ERROR |		\
		 TRF7970A_IRQ_STATUS_CRC_ERROR)

317 318 319 320
#define TRF7970A_RSSI_OSC_STATUS_RSSI_MASK	(BIT(2) | BIT(1) | BIT(0))
#define TRF7970A_RSSI_OSC_STATUS_RSSI_X_MASK	(BIT(5) | BIT(4) | BIT(3))
#define TRF7970A_RSSI_OSC_STATUS_RSSI_OSC_OK	BIT(6)

321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336
#define TRF7970A_SPECIAL_FCN_REG1_COL_7_6		BIT(0)
#define TRF7970A_SPECIAL_FCN_REG1_14_ANTICOLL		BIT(1)
#define TRF7970A_SPECIAL_FCN_REG1_4_BIT_RX		BIT(2)
#define TRF7970A_SPECIAL_FCN_REG1_SP_DIR_MODE		BIT(3)
#define TRF7970A_SPECIAL_FCN_REG1_NEXT_SLOT_37US	BIT(4)
#define TRF7970A_SPECIAL_FCN_REG1_PAR43			BIT(5)

#define TRF7970A_ADJUTABLE_FIFO_IRQ_LEVELS_WLH_124	(0x0 << 2)
#define TRF7970A_ADJUTABLE_FIFO_IRQ_LEVELS_WLH_120	(0x1 << 2)
#define TRF7970A_ADJUTABLE_FIFO_IRQ_LEVELS_WLH_112	(0x2 << 2)
#define TRF7970A_ADJUTABLE_FIFO_IRQ_LEVELS_WLH_96	(0x3 << 2)
#define TRF7970A_ADJUTABLE_FIFO_IRQ_LEVELS_WLL_4	0x0
#define TRF7970A_ADJUTABLE_FIFO_IRQ_LEVELS_WLL_8	0x1
#define TRF7970A_ADJUTABLE_FIFO_IRQ_LEVELS_WLL_16	0x2
#define TRF7970A_ADJUTABLE_FIFO_IRQ_LEVELS_WLL_32	0x3

337 338 339 340 341
#define TRF7970A_NFC_LOW_FIELD_LEVEL_RFDET(v)	((v) & 0x07)
#define TRF7970A_NFC_LOW_FIELD_LEVEL_CLEX_DIS	BIT(7)

#define TRF7970A_NFC_TARGET_LEVEL_RFDET(v)	((v) & 0x07)
#define TRF7970A_NFC_TARGET_LEVEL_HI_RF		BIT(3)
342
#define TRF7970A_NFC_TARGET_LEVEL_SDD_EN	BIT(5)
343 344 345 346
#define TRF7970A_NFC_TARGET_LEVEL_LD_S_4BYTES	(0x0 << 6)
#define TRF7970A_NFC_TARGET_LEVEL_LD_S_7BYTES	(0x1 << 6)
#define TRF7970A_NFC_TARGET_LEVEL_LD_S_10BYTES	(0x2 << 6)

347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379
#define TRF79070A_NFC_TARGET_PROTOCOL_NFCBR_106		BIT(0)
#define TRF79070A_NFC_TARGET_PROTOCOL_NFCBR_212		BIT(1)
#define TRF79070A_NFC_TARGET_PROTOCOL_NFCBR_424		(BIT(0) | BIT(1))
#define TRF79070A_NFC_TARGET_PROTOCOL_PAS_14443B	BIT(2)
#define TRF79070A_NFC_TARGET_PROTOCOL_PAS_106		BIT(3)
#define TRF79070A_NFC_TARGET_PROTOCOL_FELICA		BIT(4)
#define TRF79070A_NFC_TARGET_PROTOCOL_RF_L		BIT(6)
#define TRF79070A_NFC_TARGET_PROTOCOL_RF_H		BIT(7)

#define TRF79070A_NFC_TARGET_PROTOCOL_106A		\
	 (TRF79070A_NFC_TARGET_PROTOCOL_RF_H |		\
	  TRF79070A_NFC_TARGET_PROTOCOL_RF_L |		\
	  TRF79070A_NFC_TARGET_PROTOCOL_PAS_106 |	\
	  TRF79070A_NFC_TARGET_PROTOCOL_NFCBR_106)

#define TRF79070A_NFC_TARGET_PROTOCOL_106B		\
	 (TRF79070A_NFC_TARGET_PROTOCOL_RF_H |		\
	  TRF79070A_NFC_TARGET_PROTOCOL_RF_L |		\
	  TRF79070A_NFC_TARGET_PROTOCOL_PAS_14443B |	\
	  TRF79070A_NFC_TARGET_PROTOCOL_NFCBR_106)

#define TRF79070A_NFC_TARGET_PROTOCOL_212F		\
	 (TRF79070A_NFC_TARGET_PROTOCOL_RF_H |		\
	  TRF79070A_NFC_TARGET_PROTOCOL_RF_L |		\
	  TRF79070A_NFC_TARGET_PROTOCOL_FELICA |	\
	  TRF79070A_NFC_TARGET_PROTOCOL_NFCBR_212)

#define TRF79070A_NFC_TARGET_PROTOCOL_424F		\
	 (TRF79070A_NFC_TARGET_PROTOCOL_RF_H |		\
	  TRF79070A_NFC_TARGET_PROTOCOL_RF_L |		\
	  TRF79070A_NFC_TARGET_PROTOCOL_FELICA |	\
	  TRF79070A_NFC_TARGET_PROTOCOL_NFCBR_424)

380 381 382 383 384
#define TRF7970A_FIFO_STATUS_OVERFLOW		BIT(7)

/* NFC (ISO/IEC 14443A) Type 2 Tag commands */
#define NFC_T2T_CMD_READ			0x30

385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414
/* ISO 15693 commands codes */
#define ISO15693_CMD_INVENTORY			0x01
#define ISO15693_CMD_READ_SINGLE_BLOCK		0x20
#define ISO15693_CMD_WRITE_SINGLE_BLOCK		0x21
#define ISO15693_CMD_LOCK_BLOCK			0x22
#define ISO15693_CMD_READ_MULTIPLE_BLOCK	0x23
#define ISO15693_CMD_WRITE_MULTIPLE_BLOCK	0x24
#define ISO15693_CMD_SELECT			0x25
#define ISO15693_CMD_RESET_TO_READY		0x26
#define ISO15693_CMD_WRITE_AFI			0x27
#define ISO15693_CMD_LOCK_AFI			0x28
#define ISO15693_CMD_WRITE_DSFID		0x29
#define ISO15693_CMD_LOCK_DSFID			0x2a
#define ISO15693_CMD_GET_SYSTEM_INFO		0x2b
#define ISO15693_CMD_GET_MULTIPLE_BLOCK_SECURITY_STATUS	0x2c

/* ISO 15693 request and response flags */
#define ISO15693_REQ_FLAG_SUB_CARRIER		BIT(0)
#define ISO15693_REQ_FLAG_DATA_RATE		BIT(1)
#define ISO15693_REQ_FLAG_INVENTORY		BIT(2)
#define ISO15693_REQ_FLAG_PROTOCOL_EXT		BIT(3)
#define ISO15693_REQ_FLAG_SELECT		BIT(4)
#define ISO15693_REQ_FLAG_AFI			BIT(4)
#define ISO15693_REQ_FLAG_ADDRESS		BIT(5)
#define ISO15693_REQ_FLAG_NB_SLOTS		BIT(5)
#define ISO15693_REQ_FLAG_OPTION		BIT(6)

#define ISO15693_REQ_FLAG_SPEED_MASK \
		(ISO15693_REQ_FLAG_SUB_CARRIER | ISO15693_REQ_FLAG_DATA_RATE)

415
enum trf7970a_state {
416
	TRF7970A_ST_PWR_OFF,
417
	TRF7970A_ST_RF_OFF,
418 419 420 421 422
	TRF7970A_ST_IDLE,
	TRF7970A_ST_IDLE_RX_BLOCKED,
	TRF7970A_ST_WAIT_FOR_TX_FIFO,
	TRF7970A_ST_WAIT_FOR_RX_DATA,
	TRF7970A_ST_WAIT_FOR_RX_DATA_CONT,
423
	TRF7970A_ST_WAIT_TO_ISSUE_EOF,
424
	TRF7970A_ST_LISTENING,
425
	TRF7970A_ST_LISTENING_MD,
426 427 428 429 430 431 432 433 434 435
	TRF7970A_ST_MAX
};

struct trf7970a {
	enum trf7970a_state		state;
	struct device			*dev;
	struct spi_device		*spi;
	struct regulator		*regulator;
	struct nfc_digital_dev		*ddev;
	u32				quirks;
436
	bool				is_initiator;
437 438 439 440 441
	bool				aborting;
	struct sk_buff			*tx_skb;
	struct sk_buff			*rx_skb;
	nfc_digital_cmd_complete_t	cb;
	void				*cb_arg;
442
	u8				chip_status_ctrl;
443
	u8				iso_ctrl;
444
	u8				iso_ctrl_tech;
445
	u8				modulator_sys_clk_ctrl;
446
	u8				special_fcn_reg1;
447
	u8				io_ctrl;
448
	unsigned int			guard_time;
449 450
	int				technology;
	int				framing;
451
	u8				md_rf_tech;
452
	u8				tx_cmd;
453
	bool				issue_eof;
454
	bool				adjust_resp_len;
455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492
	int				en2_gpio;
	int				en_gpio;
	struct mutex			lock;
	unsigned int			timeout;
	bool				ignore_timeout;
	struct delayed_work		timeout_work;
};


static int trf7970a_cmd(struct trf7970a *trf, u8 opcode)
{
	u8 cmd = TRF7970A_CMD_BIT_CTRL | TRF7970A_CMD_BIT_OPCODE(opcode);
	int ret;

	dev_dbg(trf->dev, "cmd: 0x%x\n", cmd);

	ret = spi_write(trf->spi, &cmd, 1);
	if (ret)
		dev_err(trf->dev, "%s - cmd: 0x%x, ret: %d\n", __func__, cmd,
				ret);
	return ret;
}

static int trf7970a_read(struct trf7970a *trf, u8 reg, u8 *val)
{
	u8 addr = TRF7970A_CMD_BIT_RW | reg;
	int ret;

	ret = spi_write_then_read(trf->spi, &addr, 1, val, 1);
	if (ret)
		dev_err(trf->dev, "%s - addr: 0x%x, ret: %d\n", __func__, addr,
				ret);

	dev_dbg(trf->dev, "read(0x%x): 0x%x\n", addr, *val);

	return ret;
}

493
static int trf7970a_read_cont(struct trf7970a *trf, u8 reg, u8 *buf, size_t len)
494 495
{
	u8 addr = reg | TRF7970A_CMD_BIT_RW | TRF7970A_CMD_BIT_CONTINUOUS;
496 497
	struct spi_transfer t[2];
	struct spi_message m;
498 499 500 501
	int ret;

	dev_dbg(trf->dev, "read_cont(0x%x, %zd)\n", addr, len);

502 503 504 505 506 507 508 509 510 511 512 513 514
	spi_message_init(&m);

	memset(&t, 0, sizeof(t));

	t[0].tx_buf = &addr;
	t[0].len = sizeof(addr);
	spi_message_add_tail(&t[0], &m);

	t[1].rx_buf = buf;
	t[1].len = len;
	spi_message_add_tail(&t[1], &m);

	ret = spi_sync(trf->spi, &m);
515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543
	if (ret)
		dev_err(trf->dev, "%s - addr: 0x%x, ret: %d\n", __func__, addr,
				ret);
	return ret;
}

static int trf7970a_write(struct trf7970a *trf, u8 reg, u8 val)
{
	u8 buf[2] = { reg, val };
	int ret;

	dev_dbg(trf->dev, "write(0x%x): 0x%x\n", reg, val);

	ret = spi_write(trf->spi, buf, 2);
	if (ret)
		dev_err(trf->dev, "%s - write: 0x%x 0x%x, ret: %d\n", __func__,
				buf[0], buf[1], ret);

	return ret;
}

static int trf7970a_read_irqstatus(struct trf7970a *trf, u8 *status)
{
	int ret;
	u8 buf[2];
	u8 addr;

	addr = TRF7970A_IRQ_STATUS | TRF7970A_CMD_BIT_RW;

544
	if (trf->quirks & TRF7970A_QUIRK_IRQ_STATUS_READ) {
545 546 547 548 549 550 551 552 553 554 555 556 557 558 559
		addr |= TRF7970A_CMD_BIT_CONTINUOUS;
		ret = spi_write_then_read(trf->spi, &addr, 1, buf, 2);
	} else {
		ret = spi_write_then_read(trf->spi, &addr, 1, buf, 1);
	}

	if (ret)
		dev_err(trf->dev, "%s - irqstatus: Status read failed: %d\n",
				__func__, ret);
	else
		*status = buf[0];

	return ret;
}

560 561 562 563 564 565 566 567 568 569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597 598 599 600 601 602 603 604 605 606 607 608 609 610 611
static int trf7970a_read_target_proto(struct trf7970a *trf, u8 *target_proto)
{
	int ret;
	u8 buf[2];
	u8 addr;

	addr = TRF79070A_NFC_TARGET_PROTOCOL | TRF7970A_CMD_BIT_RW |
		TRF7970A_CMD_BIT_CONTINUOUS;

	ret = spi_write_then_read(trf->spi, &addr, 1, buf, 2);
	if (ret)
		dev_err(trf->dev, "%s - target_proto: Read failed: %d\n",
				__func__, ret);
	else
		*target_proto = buf[0];

	return ret;
}

static int trf7970a_mode_detect(struct trf7970a *trf, u8 *rf_tech)
{
	int ret;
	u8 target_proto, tech;

	ret = trf7970a_read_target_proto(trf, &target_proto);
	if (ret)
		return ret;

	switch (target_proto) {
	case TRF79070A_NFC_TARGET_PROTOCOL_106A:
		tech = NFC_DIGITAL_RF_TECH_106A;
		break;
	case TRF79070A_NFC_TARGET_PROTOCOL_106B:
		tech = NFC_DIGITAL_RF_TECH_106B;
		break;
	case TRF79070A_NFC_TARGET_PROTOCOL_212F:
		tech = NFC_DIGITAL_RF_TECH_212F;
		break;
	case TRF79070A_NFC_TARGET_PROTOCOL_424F:
		tech = NFC_DIGITAL_RF_TECH_424F;
		break;
	default:
		dev_dbg(trf->dev, "%s - mode_detect: target_proto: 0x%x\n",
				__func__, target_proto);
		return -EIO;
	}

	*rf_tech = tech;

	return ret;
}

612 613 614 615 616 617 618 619 620 621 622 623 624 625 626 627 628 629 630 631 632 633 634
static void trf7970a_send_upstream(struct trf7970a *trf)
{
	dev_kfree_skb_any(trf->tx_skb);
	trf->tx_skb = NULL;

	if (trf->rx_skb && !IS_ERR(trf->rx_skb) && !trf->aborting)
		print_hex_dump_debug("trf7970a rx data: ", DUMP_PREFIX_NONE,
				16, 1, trf->rx_skb->data, trf->rx_skb->len,
				false);

	trf->state = TRF7970A_ST_IDLE;

	if (trf->aborting) {
		dev_dbg(trf->dev, "Abort process complete\n");

		if (!IS_ERR(trf->rx_skb)) {
			kfree_skb(trf->rx_skb);
			trf->rx_skb = ERR_PTR(-ECANCELED);
		}

		trf->aborting = false;
	}

635
	if (trf->adjust_resp_len) {
636 637 638
		if (trf->rx_skb)
			skb_trim(trf->rx_skb, trf->rx_skb->len - 1);

639 640 641
		trf->adjust_resp_len = false;
	}

642 643 644 645 646 647 648 649 650
	trf->cb(trf->ddev, trf->cb_arg, trf->rx_skb);

	trf->rx_skb = NULL;
}

static void trf7970a_send_err_upstream(struct trf7970a *trf, int errno)
{
	dev_dbg(trf->dev, "Error - state: %d, errno: %d\n", trf->state, errno);

651 652
	cancel_delayed_work(&trf->timeout_work);

653 654 655 656 657 658 659
	kfree_skb(trf->rx_skb);
	trf->rx_skb = ERR_PTR(errno);

	trf7970a_send_upstream(trf);
}

static int trf7970a_transmit(struct trf7970a *trf, struct sk_buff *skb,
660
		unsigned int len, u8 *prefix, unsigned int prefix_len)
661
{
662 663
	struct spi_transfer t[2];
	struct spi_message m;
664 665 666 667 668 669
	unsigned int timeout;
	int ret;

	print_hex_dump_debug("trf7970a tx data: ", DUMP_PREFIX_NONE,
			16, 1, skb->data, len, false);

670 671 672 673 674 675 676 677 678 679 680 681 682
	spi_message_init(&m);

	memset(&t, 0, sizeof(t));

	t[0].tx_buf = prefix;
	t[0].len = prefix_len;
	spi_message_add_tail(&t[0], &m);

	t[1].tx_buf = skb->data;
	t[1].len = len;
	spi_message_add_tail(&t[1], &m);

	ret = spi_sync(trf->spi, &m);
683 684 685 686 687 688 689 690 691 692 693 694
	if (ret) {
		dev_err(trf->dev, "%s - Can't send tx data: %d\n", __func__,
				ret);
		return ret;
	}

	skb_pull(skb, len);

	if (skb->len > 0) {
		trf->state = TRF7970A_ST_WAIT_FOR_TX_FIFO;
		timeout = TRF7970A_WAIT_FOR_FIFO_DRAIN_TIMEOUT;
	} else {
695 696 697 698 699
		if (trf->issue_eof) {
			trf->state = TRF7970A_ST_WAIT_TO_ISSUE_EOF;
			timeout = TRF7970A_WAIT_TO_ISSUE_ISO15693_EOF;
		} else {
			trf->state = TRF7970A_ST_WAIT_FOR_RX_DATA;
700 701 702 703 704

			if (!trf->timeout)
				timeout = TRF7970A_WAIT_FOR_TX_IRQ;
			else
				timeout = trf->timeout;
705
		}
706 707 708 709 710 711 712 713 714 715 716 717 718 719 720 721
	}

	dev_dbg(trf->dev, "Setting timeout for %d ms, state: %d\n", timeout,
			trf->state);

	schedule_delayed_work(&trf->timeout_work, msecs_to_jiffies(timeout));

	return 0;
}

static void trf7970a_fill_fifo(struct trf7970a *trf)
{
	struct sk_buff *skb = trf->tx_skb;
	unsigned int len;
	int ret;
	u8 fifo_bytes;
722
	u8 prefix;
723 724 725 726 727 728 729 730 731

	ret = trf7970a_read(trf, TRF7970A_FIFO_STATUS, &fifo_bytes);
	if (ret) {
		trf7970a_send_err_upstream(trf, ret);
		return;
	}

	dev_dbg(trf->dev, "Filling FIFO - fifo_bytes: 0x%x\n", fifo_bytes);

732
	fifo_bytes &= ~TRF7970A_FIFO_STATUS_OVERFLOW;
733 734 735

	/* Calculate how much more data can be written to the fifo */
	len = TRF7970A_FIFO_SIZE - fifo_bytes;
736 737 738 739 740 741
	if (!len) {
		schedule_delayed_work(&trf->timeout_work,
			msecs_to_jiffies(TRF7970A_WAIT_FOR_FIFO_DRAIN_TIMEOUT));
		return;
	}

742 743
	len = min(skb->len, len);

744 745 746
	prefix = TRF7970A_CMD_BIT_CONTINUOUS | TRF7970A_FIFO_IO_REGISTER;

	ret = trf7970a_transmit(trf, skb, len, &prefix, sizeof(prefix));
747 748 749 750 751 752 753 754 755 756 757 758 759 760 761 762 763 764 765 766 767 768 769
	if (ret)
		trf7970a_send_err_upstream(trf, ret);
}

static void trf7970a_drain_fifo(struct trf7970a *trf, u8 status)
{
	struct sk_buff *skb = trf->rx_skb;
	int ret;
	u8 fifo_bytes;

	if (status & TRF7970A_IRQ_STATUS_ERROR) {
		trf7970a_send_err_upstream(trf, -EIO);
		return;
	}

	ret = trf7970a_read(trf, TRF7970A_FIFO_STATUS, &fifo_bytes);
	if (ret) {
		trf7970a_send_err_upstream(trf, ret);
		return;
	}

	dev_dbg(trf->dev, "Draining FIFO - fifo_bytes: 0x%x\n", fifo_bytes);

770 771
	fifo_bytes &= ~TRF7970A_FIFO_STATUS_OVERFLOW;

772 773 774 775 776 777 778 779 780 781 782 783 784 785 786 787 788 789 790 791 792 793 794 795 796 797 798 799 800 801 802 803
	if (!fifo_bytes)
		goto no_rx_data;

	if (fifo_bytes > skb_tailroom(skb)) {
		skb = skb_copy_expand(skb, skb_headroom(skb),
				max_t(int, fifo_bytes,
					TRF7970A_RX_SKB_ALLOC_SIZE),
				GFP_KERNEL);
		if (!skb) {
			trf7970a_send_err_upstream(trf, -ENOMEM);
			return;
		}

		kfree_skb(trf->rx_skb);
		trf->rx_skb = skb;
	}

	ret = trf7970a_read_cont(trf, TRF7970A_FIFO_IO_REGISTER,
			skb_put(skb, fifo_bytes), fifo_bytes);
	if (ret) {
		trf7970a_send_err_upstream(trf, ret);
		return;
	}

	/* If received Type 2 ACK/NACK, shift right 4 bits and pass up */
	if ((trf->framing == NFC_DIGITAL_FRAMING_NFCA_T2T) && (skb->len == 1) &&
			(trf->special_fcn_reg1 ==
				 TRF7970A_SPECIAL_FCN_REG1_4_BIT_RX)) {
		skb->data[0] >>= 4;
		status = TRF7970A_IRQ_STATUS_SRX;
	} else {
		trf->state = TRF7970A_ST_WAIT_FOR_RX_DATA_CONT;
804 805 806 807 808 809 810 811 812 813 814 815 816 817 818

		ret = trf7970a_read(trf, TRF7970A_FIFO_STATUS, &fifo_bytes);
		if (ret) {
			trf7970a_send_err_upstream(trf, ret);
			return;
		}

		fifo_bytes &= ~TRF7970A_FIFO_STATUS_OVERFLOW;

		/* If there are bytes in the FIFO, set status to '0' so
		 * the if stmt below doesn't fire and the driver will wait
		 * for the trf7970a to generate another RX interrupt.
		 */
		if (fifo_bytes)
			status = 0;
819 820 821 822 823 824 825 826 827 828 829 830 831 832 833 834 835 836 837
	}

no_rx_data:
	if (status == TRF7970A_IRQ_STATUS_SRX) { /* Receive complete */
		trf7970a_send_upstream(trf);
		return;
	}

	dev_dbg(trf->dev, "Setting timeout for %d ms\n",
			TRF7970A_WAIT_FOR_RX_DATA_TIMEOUT);

	schedule_delayed_work(&trf->timeout_work,
			msecs_to_jiffies(TRF7970A_WAIT_FOR_RX_DATA_TIMEOUT));
}

static irqreturn_t trf7970a_irq(int irq, void *dev_id)
{
	struct trf7970a *trf = dev_id;
	int ret;
838
	u8 status, fifo_bytes, iso_ctrl;
839 840 841

	mutex_lock(&trf->lock);

842
	if (trf->state == TRF7970A_ST_RF_OFF) {
843 844 845 846 847 848 849 850 851 852 853 854 855 856 857 858 859 860 861 862 863
		mutex_unlock(&trf->lock);
		return IRQ_NONE;
	}

	ret = trf7970a_read_irqstatus(trf, &status);
	if (ret) {
		mutex_unlock(&trf->lock);
		return IRQ_NONE;
	}

	dev_dbg(trf->dev, "IRQ - state: %d, status: 0x%x\n", trf->state,
			status);

	if (!status) {
		mutex_unlock(&trf->lock);
		return IRQ_NONE;
	}

	switch (trf->state) {
	case TRF7970A_ST_IDLE:
	case TRF7970A_ST_IDLE_RX_BLOCKED:
864 865 866 867
		/* If initiator and getting interrupts caused by RF noise,
		 * turn off the receiver to avoid unnecessary interrupts.
		 * It will be turned back on in trf7970a_send_cmd() when
		 * the next command is issued.
868
		 */
869
		if (trf->is_initiator && (status & TRF7970A_IRQ_STATUS_ERROR)) {
870 871 872 873 874 875 876 877 878 879 880 881 882 883 884 885 886 887 888 889 890
			trf7970a_cmd(trf, TRF7970A_CMD_BLOCK_RX);
			trf->state = TRF7970A_ST_IDLE_RX_BLOCKED;
		}

		trf7970a_cmd(trf, TRF7970A_CMD_FIFO_RESET);
		break;
	case TRF7970A_ST_WAIT_FOR_TX_FIFO:
		if (status & TRF7970A_IRQ_STATUS_TX) {
			trf->ignore_timeout =
				!cancel_delayed_work(&trf->timeout_work);
			trf7970a_fill_fifo(trf);
		} else {
			trf7970a_send_err_upstream(trf, -EIO);
		}
		break;
	case TRF7970A_ST_WAIT_FOR_RX_DATA:
	case TRF7970A_ST_WAIT_FOR_RX_DATA_CONT:
		if (status & TRF7970A_IRQ_STATUS_SRX) {
			trf->ignore_timeout =
				!cancel_delayed_work(&trf->timeout_work);
			trf7970a_drain_fifo(trf, status);
891 892 893 894 895 896 897 898 899 900
		} else if (status & TRF7970A_IRQ_STATUS_FIFO) {
			ret = trf7970a_read(trf, TRF7970A_FIFO_STATUS,
					&fifo_bytes);

			fifo_bytes &= ~TRF7970A_FIFO_STATUS_OVERFLOW;

			if (ret)
				trf7970a_send_err_upstream(trf, ret);
			else if (!fifo_bytes)
				trf7970a_cmd(trf, TRF7970A_CMD_FIFO_RESET);
901 902 903 904
		} else if ((status == TRF7970A_IRQ_STATUS_TX) ||
				(!trf->is_initiator &&
				 (status == (TRF7970A_IRQ_STATUS_TX |
					     TRF7970A_IRQ_STATUS_NFC_RF)))) {
905
			trf7970a_cmd(trf, TRF7970A_CMD_FIFO_RESET);
906 907 908 909 910 911 912 913

			if (!trf->timeout) {
				trf->ignore_timeout = !cancel_delayed_work(
						&trf->timeout_work);
				trf->rx_skb = ERR_PTR(0);
				trf7970a_send_upstream(trf);
				break;
			}
914 915 916 917 918 919 920 921 922 923 924 925 926 927 928 929 930 931 932 933 934 935

			if (trf->is_initiator)
				break;

			iso_ctrl = trf->iso_ctrl;

			switch (trf->framing) {
			case NFC_DIGITAL_FRAMING_NFCA_STANDARD:
				trf->tx_cmd = TRF7970A_CMD_TRANSMIT_NO_CRC;
				iso_ctrl |= TRF7970A_ISO_CTRL_RX_CRC_N;
				trf->iso_ctrl = 0xff; /* Force ISO_CTRL write */
				break;
			case NFC_DIGITAL_FRAMING_NFCA_STANDARD_WITH_CRC_A:
				trf->tx_cmd = TRF7970A_CMD_TRANSMIT;
				iso_ctrl &= ~TRF7970A_ISO_CTRL_RX_CRC_N;
				trf->iso_ctrl = 0xff; /* Force ISO_CTRL write */
				break;
			case NFC_DIGITAL_FRAMING_NFCA_ANTICOL_COMPLETE:
				ret = trf7970a_write(trf,
					TRF7970A_SPECIAL_FCN_REG1,
					TRF7970A_SPECIAL_FCN_REG1_14_ANTICOLL);
				if (ret)
936
					goto err_unlock_exit;
937 938 939 940 941 942 943 944 945 946 947 948

				trf->special_fcn_reg1 =
					TRF7970A_SPECIAL_FCN_REG1_14_ANTICOLL;
				break;
			default:
				break;
			}

			if (iso_ctrl != trf->iso_ctrl) {
				ret = trf7970a_write(trf, TRF7970A_ISO_CTRL,
						iso_ctrl);
				if (ret)
949
					goto err_unlock_exit;
950 951 952

				trf->iso_ctrl = iso_ctrl;
			}
953
		} else {
954 955 956
			trf7970a_send_err_upstream(trf, -EIO);
		}
		break;
957 958 959 960
	case TRF7970A_ST_WAIT_TO_ISSUE_EOF:
		if (status != TRF7970A_IRQ_STATUS_TX)
			trf7970a_send_err_upstream(trf, -EIO);
		break;
961 962 963 964 965 966 967 968 969
	case TRF7970A_ST_LISTENING:
		if (status & TRF7970A_IRQ_STATUS_SRX) {
			trf->ignore_timeout =
				!cancel_delayed_work(&trf->timeout_work);
			trf7970a_drain_fifo(trf, status);
		} else if (!(status & TRF7970A_IRQ_STATUS_NFC_RF)) {
			trf7970a_send_err_upstream(trf, -EIO);
		}
		break;
970 971 972 973 974 975 976 977 978 979 980 981 982 983 984 985
	case TRF7970A_ST_LISTENING_MD:
		if (status & TRF7970A_IRQ_STATUS_SRX) {
			trf->ignore_timeout =
				!cancel_delayed_work(&trf->timeout_work);

			ret = trf7970a_mode_detect(trf, &trf->md_rf_tech);
			if (ret) {
				trf7970a_send_err_upstream(trf, ret);
			} else {
				trf->state = TRF7970A_ST_LISTENING;
				trf7970a_drain_fifo(trf, status);
			}
		} else if (!(status & TRF7970A_IRQ_STATUS_NFC_RF)) {
			trf7970a_send_err_upstream(trf, -EIO);
		}
		break;
986 987 988 989 990
	default:
		dev_err(trf->dev, "%s - Driver in invalid state: %d\n",
				__func__, trf->state);
	}

991
err_unlock_exit:
992 993 994 995
	mutex_unlock(&trf->lock);
	return IRQ_HANDLED;
}

996 997 998 999 1000 1001 1002 1003 1004 1005 1006 1007 1008 1009 1010 1011 1012 1013 1014 1015 1016 1017 1018
static void trf7970a_issue_eof(struct trf7970a *trf)
{
	int ret;

	dev_dbg(trf->dev, "Issuing EOF\n");

	ret = trf7970a_cmd(trf, TRF7970A_CMD_FIFO_RESET);
	if (ret)
		trf7970a_send_err_upstream(trf, ret);

	ret = trf7970a_cmd(trf, TRF7970A_CMD_EOF);
	if (ret)
		trf7970a_send_err_upstream(trf, ret);

	trf->state = TRF7970A_ST_WAIT_FOR_RX_DATA;

	dev_dbg(trf->dev, "Setting timeout for %d ms, state: %d\n",
			trf->timeout, trf->state);

	schedule_delayed_work(&trf->timeout_work,
			msecs_to_jiffies(trf->timeout));
}

1019 1020 1021 1022 1023 1024 1025 1026 1027 1028 1029 1030 1031
static void trf7970a_timeout_work_handler(struct work_struct *work)
{
	struct trf7970a *trf = container_of(work, struct trf7970a,
			timeout_work.work);

	dev_dbg(trf->dev, "Timeout - state: %d, ignore_timeout: %d\n",
			trf->state, trf->ignore_timeout);

	mutex_lock(&trf->lock);

	if (trf->ignore_timeout)
		trf->ignore_timeout = false;
	else if (trf->state == TRF7970A_ST_WAIT_FOR_RX_DATA_CONT)
1032
		trf7970a_drain_fifo(trf, TRF7970A_IRQ_STATUS_SRX);
1033 1034
	else if (trf->state == TRF7970A_ST_WAIT_TO_ISSUE_EOF)
		trf7970a_issue_eof(trf);
1035 1036 1037 1038 1039 1040 1041 1042 1043 1044 1045 1046 1047 1048 1049 1050 1051 1052 1053 1054
	else
		trf7970a_send_err_upstream(trf, -ETIMEDOUT);

	mutex_unlock(&trf->lock);
}

static int trf7970a_init(struct trf7970a *trf)
{
	int ret;

	dev_dbg(trf->dev, "Initializing device - state: %d\n", trf->state);

	ret = trf7970a_cmd(trf, TRF7970A_CMD_SOFT_INIT);
	if (ret)
		goto err_out;

	ret = trf7970a_cmd(trf, TRF7970A_CMD_IDLE);
	if (ret)
		goto err_out;

1055 1056 1057 1058 1059
	ret = trf7970a_write(trf, TRF7970A_REG_IO_CTRL,
			trf->io_ctrl | TRF7970A_REG_IO_CTRL_VRS(0x1));
	if (ret)
		goto err_out;

1060 1061 1062 1063
	ret = trf7970a_write(trf, TRF7970A_NFC_TARGET_LEVEL, 0);
	if (ret)
		goto err_out;

1064 1065
	usleep_range(1000, 2000);

1066 1067
	trf->chip_status_ctrl &= ~TRF7970A_CHIP_STATUS_RF_ON;

1068 1069
	ret = trf7970a_write(trf, TRF7970A_MODULATOR_SYS_CLK_CTRL,
			trf->modulator_sys_clk_ctrl);
1070 1071 1072
	if (ret)
		goto err_out;

1073 1074 1075 1076 1077 1078 1079 1080 1081 1082 1083 1084
	ret = trf7970a_write(trf, TRF7970A_ADJUTABLE_FIFO_IRQ_LEVELS,
			TRF7970A_ADJUTABLE_FIFO_IRQ_LEVELS_WLH_96 |
			TRF7970A_ADJUTABLE_FIFO_IRQ_LEVELS_WLL_32);
	if (ret)
		goto err_out;

	ret = trf7970a_write(trf, TRF7970A_SPECIAL_FCN_REG1, 0);
	if (ret)
		goto err_out;

	trf->special_fcn_reg1 = 0;

1085
	trf->iso_ctrl = 0xff;
1086 1087 1088 1089 1090 1091 1092 1093 1094
	return 0;

err_out:
	dev_dbg(trf->dev, "Couldn't init device: %d\n", ret);
	return ret;
}

static void trf7970a_switch_rf_off(struct trf7970a *trf)
{
1095 1096 1097 1098
	if ((trf->state == TRF7970A_ST_PWR_OFF) ||
			(trf->state == TRF7970A_ST_RF_OFF))
		return;

1099 1100
	dev_dbg(trf->dev, "Switching rf off\n");

1101 1102 1103 1104
	trf->chip_status_ctrl &= ~TRF7970A_CHIP_STATUS_RF_ON;

	trf7970a_write(trf, TRF7970A_CHIP_STATUS_CTRL, trf->chip_status_ctrl);

1105
	trf->aborting = false;
1106
	trf->state = TRF7970A_ST_RF_OFF;
1107 1108 1109

	pm_runtime_mark_last_busy(trf->dev);
	pm_runtime_put_autosuspend(trf->dev);
1110 1111
}

1112
static int trf7970a_switch_rf_on(struct trf7970a *trf)
1113
{
1114 1115
	int ret;

1116 1117
	dev_dbg(trf->dev, "Switching rf on\n");

1118
	pm_runtime_get_sync(trf->dev);
1119

1120 1121 1122 1123 1124 1125
	if (trf->state != TRF7970A_ST_RF_OFF) { /* Power on, RF off */
		dev_err(trf->dev, "%s - Incorrect state: %d\n", __func__,
				trf->state);
		return -EINVAL;
	}

1126 1127 1128
	ret = trf7970a_init(trf);
	if (ret) {
		dev_err(trf->dev, "%s - Can't initialize: %d\n", __func__, ret);
1129
		return ret;
1130 1131
	}

1132
	trf->state = TRF7970A_ST_IDLE;
1133 1134

	return 0;
1135 1136 1137 1138 1139
}

static int trf7970a_switch_rf(struct nfc_digital_dev *ddev, bool on)
{
	struct trf7970a *trf = nfc_digital_get_drvdata(ddev);
1140
	int ret = 0;
1141 1142 1143 1144 1145 1146 1147

	dev_dbg(trf->dev, "Switching RF - state: %d, on: %d\n", trf->state, on);

	mutex_lock(&trf->lock);

	if (on) {
		switch (trf->state) {
1148
		case TRF7970A_ST_PWR_OFF:
1149
		case TRF7970A_ST_RF_OFF:
1150
			ret = trf7970a_switch_rf_on(trf);
1151 1152 1153 1154 1155 1156 1157 1158
			break;
		case TRF7970A_ST_IDLE:
		case TRF7970A_ST_IDLE_RX_BLOCKED:
			break;
		default:
			dev_err(trf->dev, "%s - Invalid request: %d %d\n",
					__func__, trf->state, on);
			trf7970a_switch_rf_off(trf);
1159
			ret = -EINVAL;
1160 1161 1162
		}
	} else {
		switch (trf->state) {
1163
		case TRF7970A_ST_PWR_OFF:
1164
		case TRF7970A_ST_RF_OFF:
1165 1166 1167 1168
			break;
		default:
			dev_err(trf->dev, "%s - Invalid request: %d %d\n",
					__func__, trf->state, on);
1169
			ret = -EINVAL;
1170 1171 1172
			/* FALLTHROUGH */
		case TRF7970A_ST_IDLE:
		case TRF7970A_ST_IDLE_RX_BLOCKED:
1173 1174
		case TRF7970A_ST_WAIT_FOR_RX_DATA:
		case TRF7970A_ST_WAIT_FOR_RX_DATA_CONT:
1175 1176 1177 1178 1179
			trf7970a_switch_rf_off(trf);
		}
	}

	mutex_unlock(&trf->lock);
1180
	return ret;
1181 1182
}

1183
static int trf7970a_in_config_rf_tech(struct trf7970a *trf, int tech)
1184 1185 1186 1187 1188 1189 1190
{
	int ret = 0;

	dev_dbg(trf->dev, "rf technology: %d\n", tech);

	switch (tech) {
	case NFC_DIGITAL_RF_TECH_106A:
1191
		trf->iso_ctrl_tech = TRF7970A_ISO_CTRL_14443A_106;
1192 1193 1194
		trf->modulator_sys_clk_ctrl =
			(trf->modulator_sys_clk_ctrl & 0xf8) |
			TRF7970A_MODULATOR_DEPTH_OOK;
1195
		trf->guard_time = TRF7970A_GUARD_TIME_NFCA;
1196
		break;
1197 1198
	case NFC_DIGITAL_RF_TECH_106B:
		trf->iso_ctrl_tech = TRF7970A_ISO_CTRL_14443B_106;
1199 1200 1201
		trf->modulator_sys_clk_ctrl =
			(trf->modulator_sys_clk_ctrl & 0xf8) |
			TRF7970A_MODULATOR_DEPTH_ASK10;
1202
		trf->guard_time = TRF7970A_GUARD_TIME_NFCB;
1203
		break;
1204 1205
	case NFC_DIGITAL_RF_TECH_212F:
		trf->iso_ctrl_tech = TRF7970A_ISO_CTRL_FELICA_212;
1206 1207 1208
		trf->modulator_sys_clk_ctrl =
			(trf->modulator_sys_clk_ctrl & 0xf8) |
			TRF7970A_MODULATOR_DEPTH_ASK10;
1209
		trf->guard_time = TRF7970A_GUARD_TIME_NFCF;
1210 1211 1212
		break;
	case NFC_DIGITAL_RF_TECH_424F:
		trf->iso_ctrl_tech = TRF7970A_ISO_CTRL_FELICA_424;
1213 1214 1215
		trf->modulator_sys_clk_ctrl =
			(trf->modulator_sys_clk_ctrl & 0xf8) |
			TRF7970A_MODULATOR_DEPTH_ASK10;
1216
		trf->guard_time = TRF7970A_GUARD_TIME_NFCF;
1217
		break;
1218
	case NFC_DIGITAL_RF_TECH_ISO15693:
1219
		trf->iso_ctrl_tech = TRF7970A_ISO_CTRL_15693_SGL_1OF4_2648;
1220 1221 1222
		trf->modulator_sys_clk_ctrl =
			(trf->modulator_sys_clk_ctrl & 0xf8) |
			TRF7970A_MODULATOR_DEPTH_OOK;
1223
		trf->guard_time = TRF7970A_GUARD_TIME_15693;
1224
		break;
1225 1226 1227 1228 1229 1230 1231
	default:
		dev_dbg(trf->dev, "Unsupported rf technology: %d\n", tech);
		return -EINVAL;
	}

	trf->technology = tech;

1232 1233 1234 1235 1236 1237 1238 1239
	/* If in initiator mode and not changing the RF tech due to a
	 * PSL sequence (indicated by 'trf->iso_ctrl == 0xff' from
	 * trf7970a_init()), clear the NFC Target Detection Level register
	 * due to erratum.
	 */
	if (trf->iso_ctrl == 0xff)
		ret = trf7970a_write(trf, TRF7970A_NFC_TARGET_LEVEL, 0);

1240 1241 1242
	return ret;
}

1243 1244 1245 1246 1247 1248 1249 1250 1251 1252 1253 1254 1255 1256 1257 1258 1259 1260 1261 1262 1263 1264 1265 1266 1267 1268 1269 1270 1271 1272 1273 1274 1275
static int trf7970a_is_rf_field(struct trf7970a *trf, bool *is_rf_field)
{
	int ret;
	u8 rssi;

	ret = trf7970a_write(trf, TRF7970A_CHIP_STATUS_CTRL,
			trf->chip_status_ctrl | TRF7970A_CHIP_STATUS_REC_ON);
	if (ret)
		return ret;

	ret = trf7970a_cmd(trf, TRF7970A_CMD_TEST_EXT_RF);
	if (ret)
		return ret;

	usleep_range(50, 60);

	ret = trf7970a_read(trf, TRF7970A_RSSI_OSC_STATUS, &rssi);
	if (ret)
		return ret;

	ret = trf7970a_write(trf, TRF7970A_CHIP_STATUS_CTRL,
			trf->chip_status_ctrl);
	if (ret)
		return ret;

	if (rssi & TRF7970A_RSSI_OSC_STATUS_RSSI_MASK)
		*is_rf_field = true;
	else
		*is_rf_field = false;

	return 0;
}

1276
static int trf7970a_in_config_framing(struct trf7970a *trf, int framing)
1277
{
1278
	u8 iso_ctrl = trf->iso_ctrl_tech;
1279
	bool is_rf_field = false;
1280 1281
	int ret;

1282 1283 1284 1285 1286 1287
	dev_dbg(trf->dev, "framing: %d\n", framing);

	switch (framing) {
	case NFC_DIGITAL_FRAMING_NFCA_SHORT:
	case NFC_DIGITAL_FRAMING_NFCA_STANDARD:
		trf->tx_cmd = TRF7970A_CMD_TRANSMIT_NO_CRC;
1288
		iso_ctrl |= TRF7970A_ISO_CTRL_RX_CRC_N;
1289 1290
		break;
	case NFC_DIGITAL_FRAMING_NFCA_STANDARD_WITH_CRC_A:
1291
	case NFC_DIGITAL_FRAMING_NFCA_T4T:
1292 1293
	case NFC_DIGITAL_FRAMING_NFCB:
	case NFC_DIGITAL_FRAMING_NFCB_T4T:
1294 1295
	case NFC_DIGITAL_FRAMING_NFCF:
	case NFC_DIGITAL_FRAMING_NFCF_T3T:
1296 1297
	case NFC_DIGITAL_FRAMING_ISO15693_INVENTORY:
	case NFC_DIGITAL_FRAMING_ISO15693_T5T:
1298 1299
	case NFC_DIGITAL_FRAMING_NFCA_NFC_DEP:
	case NFC_DIGITAL_FRAMING_NFCF_NFC_DEP:
1300
		trf->tx_cmd = TRF7970A_CMD_TRANSMIT;
1301
		iso_ctrl &= ~TRF7970A_ISO_CTRL_RX_CRC_N;
1302 1303 1304
		break;
	case NFC_DIGITAL_FRAMING_NFCA_T2T:
		trf->tx_cmd = TRF7970A_CMD_TRANSMIT;
1305
		iso_ctrl |= TRF7970A_ISO_CTRL_RX_CRC_N;
1306 1307 1308 1309 1310 1311 1312 1313
		break;
	default:
		dev_dbg(trf->dev, "Unsupported Framing: %d\n", framing);
		return -EINVAL;
	}

	trf->framing = framing;

1314 1315 1316 1317 1318 1319 1320 1321 1322
	if (!(trf->chip_status_ctrl & TRF7970A_CHIP_STATUS_RF_ON)) {
		ret = trf7970a_is_rf_field(trf, &is_rf_field);
		if (ret)
			return ret;

		if (is_rf_field)
			return -EBUSY;
	}

1323 1324 1325 1326 1327 1328
	if (iso_ctrl != trf->iso_ctrl) {
		ret = trf7970a_write(trf, TRF7970A_ISO_CTRL, iso_ctrl);
		if (ret)
			return ret;

		trf->iso_ctrl = iso_ctrl;
1329 1330

		ret = trf7970a_write(trf, TRF7970A_MODULATOR_SYS_CLK_CTRL,
1331
				trf->modulator_sys_clk_ctrl);
1332 1333
		if (ret)
			return ret;
1334 1335
	}

1336 1337 1338 1339 1340 1341 1342 1343 1344
	if (!(trf->chip_status_ctrl & TRF7970A_CHIP_STATUS_RF_ON)) {
		ret = trf7970a_write(trf, TRF7970A_CHIP_STATUS_CTRL,
				trf->chip_status_ctrl |
					TRF7970A_CHIP_STATUS_RF_ON);
		if (ret)
			return ret;

		trf->chip_status_ctrl |= TRF7970A_CHIP_STATUS_RF_ON;

1345
		usleep_range(trf->guard_time, trf->guard_time + 1000);
1346 1347
	}

1348
	return 0;
1349 1350 1351 1352 1353 1354
}

static int trf7970a_in_configure_hw(struct nfc_digital_dev *ddev, int type,
		int param)
{
	struct trf7970a *trf = nfc_digital_get_drvdata(ddev);
1355
	int ret;
1356 1357 1358 1359 1360

	dev_dbg(trf->dev, "Configure hw - type: %d, param: %d\n", type, param);

	mutex_lock(&trf->lock);

1361 1362
	trf->is_initiator = true;

1363 1364
	if ((trf->state == TRF7970A_ST_PWR_OFF) ||
			(trf->state == TRF7970A_ST_RF_OFF)) {
1365 1366 1367 1368
		ret = trf7970a_switch_rf_on(trf);
		if (ret)
			goto err_unlock;
	}
1369 1370 1371

	switch (type) {
	case NFC_DIGITAL_CONFIG_RF_TECH:
1372
		ret = trf7970a_in_config_rf_tech(trf, param);
1373 1374
		break;
	case NFC_DIGITAL_CONFIG_FRAMING:
1375
		ret = trf7970a_in_config_framing(trf, param);
1376 1377 1378 1379 1380 1381
		break;
	default:
		dev_dbg(trf->dev, "Unknown type: %d\n", type);
		ret = -EINVAL;
	}

1382
err_unlock:
1383 1384 1385 1386
	mutex_unlock(&trf->lock);
	return ret;
}

1387 1388 1389 1390 1391 1392 1393 1394 1395 1396 1397 1398 1399 1400 1401 1402 1403
static int trf7970a_is_iso15693_write_or_lock(u8 cmd)
{
	switch (cmd) {
	case ISO15693_CMD_WRITE_SINGLE_BLOCK:
	case ISO15693_CMD_LOCK_BLOCK:
	case ISO15693_CMD_WRITE_MULTIPLE_BLOCK:
	case ISO15693_CMD_WRITE_AFI:
	case ISO15693_CMD_LOCK_AFI:
	case ISO15693_CMD_WRITE_DSFID:
	case ISO15693_CMD_LOCK_DSFID:
		return 1;
		break;
	default:
		return 0;
	}
}

1404 1405 1406
static int trf7970a_per_cmd_config(struct trf7970a *trf, struct sk_buff *skb)
{
	u8 *req = skb->data;
1407
	u8 special_fcn_reg1, iso_ctrl;
1408 1409
	int ret;

1410 1411
	trf->issue_eof = false;

1412 1413 1414
	/* When issuing Type 2 read command, make sure the '4_bit_RX' bit in
	 * special functions register 1 is cleared; otherwise, its a write or
	 * sector select command and '4_bit_RX' must be set.
1415 1416 1417 1418 1419
	 *
	 * When issuing an ISO 15693 command, inspect the flags byte to see
	 * what speed to use.  Also, remember if the OPTION flag is set on
	 * a Type 5 write or lock command so the driver will know that it
	 * has to send an EOF in order to get a response.
1420 1421 1422 1423 1424 1425 1426 1427 1428 1429 1430 1431 1432 1433 1434 1435
	 */
	if ((trf->technology == NFC_DIGITAL_RF_TECH_106A) &&
			(trf->framing == NFC_DIGITAL_FRAMING_NFCA_T2T)) {
		if (req[0] == NFC_T2T_CMD_READ)
			special_fcn_reg1 = 0;
		else
			special_fcn_reg1 = TRF7970A_SPECIAL_FCN_REG1_4_BIT_RX;

		if (special_fcn_reg1 != trf->special_fcn_reg1) {
			ret = trf7970a_write(trf, TRF7970A_SPECIAL_FCN_REG1,
					special_fcn_reg1);
			if (ret)
				return ret;

			trf->special_fcn_reg1 = special_fcn_reg1;
		}
1436 1437 1438 1439 1440 1441 1442 1443 1444 1445 1446 1447 1448 1449 1450 1451 1452 1453 1454 1455 1456 1457 1458 1459 1460 1461 1462
	} else if (trf->technology == NFC_DIGITAL_RF_TECH_ISO15693) {
		iso_ctrl = trf->iso_ctrl & ~TRF7970A_ISO_CTRL_RFID_SPEED_MASK;

		switch (req[0] & ISO15693_REQ_FLAG_SPEED_MASK) {
		case 0x00:
			iso_ctrl |= TRF7970A_ISO_CTRL_15693_SGL_1OF4_662;
			break;
		case ISO15693_REQ_FLAG_SUB_CARRIER:
			iso_ctrl |= TRF7970A_ISO_CTRL_15693_DBL_1OF4_667a;
			break;
		case ISO15693_REQ_FLAG_DATA_RATE:
			iso_ctrl |= TRF7970A_ISO_CTRL_15693_SGL_1OF4_2648;
			break;
		case (ISO15693_REQ_FLAG_SUB_CARRIER |
				ISO15693_REQ_FLAG_DATA_RATE):
			iso_ctrl |= TRF7970A_ISO_CTRL_15693_DBL_1OF4_2669;
			break;
		}

		if (iso_ctrl != trf->iso_ctrl) {
			ret = trf7970a_write(trf, TRF7970A_ISO_CTRL, iso_ctrl);
			if (ret)
				return ret;

			trf->iso_ctrl = iso_ctrl;
		}

1463 1464 1465 1466 1467 1468 1469 1470 1471
		if (trf->framing == NFC_DIGITAL_FRAMING_ISO15693_T5T) {
			if (trf7970a_is_iso15693_write_or_lock(req[1]) &&
					(req[0] & ISO15693_REQ_FLAG_OPTION))
				trf->issue_eof = true;
			else if ((trf->quirks &
					TRF7970A_QUIRK_T5T_RMB_EXTRA_BYTE) &&
				 (req[1] == ISO15693_CMD_READ_MULTIPLE_BLOCK))
				trf->adjust_resp_len = true;
		}
1472 1473 1474 1475 1476
	}

	return 0;
}

1477
static int trf7970a_send_cmd(struct nfc_digital_dev *ddev,
1478 1479 1480 1481
		struct sk_buff *skb, u16 timeout,
		nfc_digital_cmd_complete_t cb, void *arg)
{
	struct trf7970a *trf = nfc_digital_get_drvdata(ddev);
1482
	u8 prefix[5];
1483 1484
	unsigned int len;
	int ret;
1485
	u8 status;
1486 1487 1488 1489 1490 1491 1492 1493 1494 1495 1496 1497 1498 1499 1500 1501 1502 1503 1504 1505 1506 1507 1508 1509

	dev_dbg(trf->dev, "New request - state: %d, timeout: %d ms, len: %d\n",
			trf->state, timeout, skb->len);

	if (skb->len > TRF7970A_TX_MAX)
		return -EINVAL;

	mutex_lock(&trf->lock);

	if ((trf->state != TRF7970A_ST_IDLE) &&
			(trf->state != TRF7970A_ST_IDLE_RX_BLOCKED)) {
		dev_err(trf->dev, "%s - Bogus state: %d\n", __func__,
				trf->state);
		ret = -EIO;
		goto out_err;
	}

	if (trf->aborting) {
		dev_dbg(trf->dev, "Abort process complete\n");
		trf->aborting = false;
		ret = -ECANCELED;
		goto out_err;
	}

1510 1511 1512 1513 1514 1515 1516 1517
	if (timeout) {
		trf->rx_skb = nfc_alloc_recv_skb(TRF7970A_RX_SKB_ALLOC_SIZE,
				GFP_KERNEL);
		if (!trf->rx_skb) {
			dev_dbg(trf->dev, "Can't alloc rx_skb\n");
			ret = -ENOMEM;
			goto out_err;
		}
1518 1519 1520 1521 1522 1523 1524 1525 1526 1527
	}

	if (trf->state == TRF7970A_ST_IDLE_RX_BLOCKED) {
		ret = trf7970a_cmd(trf, TRF7970A_CMD_ENABLE_RX);
		if (ret)
			goto out_err;

		trf->state = TRF7970A_ST_IDLE;
	}

1528 1529 1530 1531 1532
	if (trf->is_initiator) {
		ret = trf7970a_per_cmd_config(trf, skb);
		if (ret)
			goto out_err;
	}
1533 1534 1535 1536 1537 1538 1539 1540 1541 1542 1543 1544 1545

	trf->ddev = ddev;
	trf->tx_skb = skb;
	trf->cb = cb;
	trf->cb_arg = arg;
	trf->timeout = timeout;
	trf->ignore_timeout = false;

	len = skb->len;

	/* TX data must be prefixed with a FIFO reset cmd, a cmd that depends
	 * on what the current framing is, the address of the TX length byte 1
	 * register (0x1d), and the 2 byte length of the data to be transmitted.
1546
	 * That totals 5 bytes.
1547 1548 1549 1550 1551 1552 1553 1554 1555 1556 1557 1558 1559 1560 1561 1562 1563 1564
	 */
	prefix[0] = TRF7970A_CMD_BIT_CTRL |
			TRF7970A_CMD_BIT_OPCODE(TRF7970A_CMD_FIFO_RESET);
	prefix[1] = TRF7970A_CMD_BIT_CTRL |
			TRF7970A_CMD_BIT_OPCODE(trf->tx_cmd);
	prefix[2] = TRF7970A_CMD_BIT_CONTINUOUS | TRF7970A_TX_LENGTH_BYTE1;

	if (trf->framing == NFC_DIGITAL_FRAMING_NFCA_SHORT) {
		prefix[3] = 0x00;
		prefix[4] = 0x0f; /* 7 bits */
	} else {
		prefix[3] = (len & 0xf00) >> 4;
		prefix[3] |= ((len & 0xf0) >> 4);
		prefix[4] = ((len & 0x0f) << 4);
	}

	len = min_t(int, skb->len, TRF7970A_FIFO_SIZE);

1565 1566 1567 1568 1569
	/* Clear possible spurious interrupt */
	ret = trf7970a_read_irqstatus(trf, &status);
	if (ret)
		goto out_err;

1570
	ret = trf7970a_transmit(trf, skb, len, prefix, sizeof(prefix));
1571 1572 1573 1574 1575 1576 1577 1578 1579 1580
	if (ret) {
		kfree_skb(trf->rx_skb);
		trf->rx_skb = NULL;
	}

out_err:
	mutex_unlock(&trf->lock);
	return ret;
}

1581
static int trf7970a_tg_config_rf_tech(struct trf7970a *trf, int tech)
1582
{
1583 1584 1585 1586 1587 1588 1589 1590 1591
	int ret = 0;

	dev_dbg(trf->dev, "rf technology: %d\n", tech);

	switch (tech) {
	case NFC_DIGITAL_RF_TECH_106A:
		trf->iso_ctrl_tech = TRF7970A_ISO_CTRL_NFC_NFC_CE_MODE |
			TRF7970A_ISO_CTRL_NFC_CE |
			TRF7970A_ISO_CTRL_NFC_CE_14443A;
1592 1593 1594
		trf->modulator_sys_clk_ctrl =
			(trf->modulator_sys_clk_ctrl & 0xf8) |
			TRF7970A_MODULATOR_DEPTH_OOK;
1595 1596 1597 1598
		break;
	case NFC_DIGITAL_RF_TECH_212F:
		trf->iso_ctrl_tech = TRF7970A_ISO_CTRL_NFC_NFC_CE_MODE |
			TRF7970A_ISO_CTRL_NFC_NFCF_212;
1599 1600 1601
		trf->modulator_sys_clk_ctrl =
			(trf->modulator_sys_clk_ctrl & 0xf8) |
			TRF7970A_MODULATOR_DEPTH_ASK10;
1602 1603 1604 1605
		break;
	case NFC_DIGITAL_RF_TECH_424F:
		trf->iso_ctrl_tech = TRF7970A_ISO_CTRL_NFC_NFC_CE_MODE |
			TRF7970A_ISO_CTRL_NFC_NFCF_424;
1606 1607 1608
		trf->modulator_sys_clk_ctrl =
			(trf->modulator_sys_clk_ctrl & 0xf8) |
			TRF7970A_MODULATOR_DEPTH_ASK10;
1609 1610 1611 1612 1613 1614 1615
		break;
	default:
		dev_dbg(trf->dev, "Unsupported rf technology: %d\n", tech);
		return -EINVAL;
	}

	trf->technology = tech;
1616

1617 1618 1619 1620 1621 1622 1623 1624 1625 1626 1627 1628 1629 1630
	/* Normally we write the ISO_CTRL register in
	 * trf7970a_tg_config_framing() because the framing can change
	 * the value written.  However, when sending a PSL RES,
	 * digital_tg_send_psl_res_complete() doesn't call
	 * trf7970a_tg_config_framing() so we must write the register
	 * here.
	 */
	if ((trf->framing == NFC_DIGITAL_FRAMING_NFC_DEP_ACTIVATED) &&
			(trf->iso_ctrl_tech != trf->iso_ctrl)) {
		ret = trf7970a_write(trf, TRF7970A_ISO_CTRL,
				trf->iso_ctrl_tech);

		trf->iso_ctrl = trf->iso_ctrl_tech;
	}
1631

1632
	return ret;
1633 1634
}

1635 1636 1637 1638 1639 1640 1641 1642 1643 1644 1645 1646 1647 1648 1649 1650 1651 1652 1653 1654 1655 1656 1657 1658 1659 1660 1661 1662 1663 1664 1665 1666 1667 1668 1669 1670 1671 1672 1673 1674 1675 1676 1677 1678 1679 1680 1681 1682 1683 1684 1685 1686 1687 1688 1689 1690 1691 1692 1693 1694 1695 1696 1697 1698 1699 1700 1701
/* Since this is a target routine, several of the framing calls are
 * made between receiving the request and sending the response so they
 * should take effect until after the response is sent.  This is accomplished
 * by skipping the ISO_CTRL register write here and doing it in the interrupt
 * handler.
 */
static int trf7970a_tg_config_framing(struct trf7970a *trf, int framing)
{
	u8 iso_ctrl = trf->iso_ctrl_tech;
	int ret;

	dev_dbg(trf->dev, "framing: %d\n", framing);

	switch (framing) {
	case NFC_DIGITAL_FRAMING_NFCA_NFC_DEP:
		trf->tx_cmd = TRF7970A_CMD_TRANSMIT_NO_CRC;
		iso_ctrl |= TRF7970A_ISO_CTRL_RX_CRC_N;
		break;
	case NFC_DIGITAL_FRAMING_NFCA_STANDARD:
	case NFC_DIGITAL_FRAMING_NFCA_STANDARD_WITH_CRC_A:
	case NFC_DIGITAL_FRAMING_NFCA_ANTICOL_COMPLETE:
		/* These ones are applied in the interrupt handler */
		iso_ctrl = trf->iso_ctrl; /* Don't write to ISO_CTRL yet */
		break;
	case NFC_DIGITAL_FRAMING_NFCF_NFC_DEP:
		trf->tx_cmd = TRF7970A_CMD_TRANSMIT;
		iso_ctrl &= ~TRF7970A_ISO_CTRL_RX_CRC_N;
		break;
	case NFC_DIGITAL_FRAMING_NFC_DEP_ACTIVATED:
		trf->tx_cmd = TRF7970A_CMD_TRANSMIT;
		iso_ctrl &= ~TRF7970A_ISO_CTRL_RX_CRC_N;
		break;
	default:
		dev_dbg(trf->dev, "Unsupported Framing: %d\n", framing);
		return -EINVAL;
	}

	trf->framing = framing;

	if (iso_ctrl != trf->iso_ctrl) {
		ret = trf7970a_write(trf, TRF7970A_ISO_CTRL, iso_ctrl);
		if (ret)
			return ret;

		trf->iso_ctrl = iso_ctrl;

		ret = trf7970a_write(trf, TRF7970A_MODULATOR_SYS_CLK_CTRL,
				trf->modulator_sys_clk_ctrl);
		if (ret)
			return ret;
	}

	if (!(trf->chip_status_ctrl & TRF7970A_CHIP_STATUS_RF_ON)) {
		ret = trf7970a_write(trf, TRF7970A_CHIP_STATUS_CTRL,
				trf->chip_status_ctrl |
					TRF7970A_CHIP_STATUS_RF_ON);
		if (ret)
			return ret;

		trf->chip_status_ctrl |= TRF7970A_CHIP_STATUS_RF_ON;
	}

	return 0;
}

static int trf7970a_tg_configure_hw(struct nfc_digital_dev *ddev, int type,
		int param)
1702 1703
{
	struct trf7970a *trf = nfc_digital_get_drvdata(ddev);
1704 1705 1706 1707 1708 1709 1710
	int ret;

	dev_dbg(trf->dev, "Configure hw - type: %d, param: %d\n", type, param);

	mutex_lock(&trf->lock);

	trf->is_initiator = false;
1711