Loading...
1/*
2 * Copyright (C) 2011 Instituto Nokia de Tecnologia
3 *
4 * Authors:
5 * Lauro Ramos Venancio <lauro.venancio@openbossa.org>
6 * Aloisio Almeida Jr <aloisio.almeida@openbossa.org>
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the
20 * Free Software Foundation, Inc.,
21 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
22 */
23
24#include <linux/device.h>
25#include <linux/kernel.h>
26#include <linux/module.h>
27#include <linux/slab.h>
28#include <linux/usb.h>
29#include <linux/nfc.h>
30#include <linux/netdevice.h>
31#include <net/nfc.h>
32
33#define VERSION "0.1"
34
35#define PN533_VENDOR_ID 0x4CC
36#define PN533_PRODUCT_ID 0x2533
37
38#define SCM_VENDOR_ID 0x4E6
39#define SCL3711_PRODUCT_ID 0x5591
40
41static const struct usb_device_id pn533_table[] = {
42 { USB_DEVICE(PN533_VENDOR_ID, PN533_PRODUCT_ID) },
43 { USB_DEVICE(SCM_VENDOR_ID, SCL3711_PRODUCT_ID) },
44 { }
45};
46MODULE_DEVICE_TABLE(usb, pn533_table);
47
48/* frame definitions */
49#define PN533_FRAME_TAIL_SIZE 2
50#define PN533_FRAME_SIZE(f) (sizeof(struct pn533_frame) + f->datalen + \
51 PN533_FRAME_TAIL_SIZE)
52#define PN533_FRAME_ACK_SIZE (sizeof(struct pn533_frame) + 1)
53#define PN533_FRAME_CHECKSUM(f) (f->data[f->datalen])
54#define PN533_FRAME_POSTAMBLE(f) (f->data[f->datalen + 1])
55
56/* start of frame */
57#define PN533_SOF 0x00FF
58
59/* frame identifier: in/out/error */
60#define PN533_FRAME_IDENTIFIER(f) (f->data[0])
61#define PN533_DIR_OUT 0xD4
62#define PN533_DIR_IN 0xD5
63
64/* PN533 Commands */
65#define PN533_FRAME_CMD(f) (f->data[1])
66#define PN533_FRAME_CMD_PARAMS_PTR(f) (&f->data[2])
67#define PN533_FRAME_CMD_PARAMS_LEN(f) (f->datalen - 2)
68
69#define PN533_CMD_GET_FIRMWARE_VERSION 0x02
70#define PN533_CMD_RF_CONFIGURATION 0x32
71#define PN533_CMD_IN_DATA_EXCHANGE 0x40
72#define PN533_CMD_IN_LIST_PASSIVE_TARGET 0x4A
73#define PN533_CMD_IN_ATR 0x50
74#define PN533_CMD_IN_RELEASE 0x52
75
76#define PN533_CMD_RESPONSE(cmd) (cmd + 1)
77
78/* PN533 Return codes */
79#define PN533_CMD_RET_MASK 0x3F
80#define PN533_CMD_MI_MASK 0x40
81#define PN533_CMD_RET_SUCCESS 0x00
82
83struct pn533;
84
85typedef int (*pn533_cmd_complete_t) (struct pn533 *dev, void *arg,
86 u8 *params, int params_len);
87
88/* structs for pn533 commands */
89
90/* PN533_CMD_GET_FIRMWARE_VERSION */
91struct pn533_fw_version {
92 u8 ic;
93 u8 ver;
94 u8 rev;
95 u8 support;
96};
97
98/* PN533_CMD_RF_CONFIGURATION */
99#define PN533_CFGITEM_MAX_RETRIES 0x05
100
101#define PN533_CONFIG_MAX_RETRIES_NO_RETRY 0x00
102#define PN533_CONFIG_MAX_RETRIES_ENDLESS 0xFF
103
104struct pn533_config_max_retries {
105 u8 mx_rty_atr;
106 u8 mx_rty_psl;
107 u8 mx_rty_passive_act;
108} __packed;
109
110/* PN533_CMD_IN_LIST_PASSIVE_TARGET */
111
112/* felica commands opcode */
113#define PN533_FELICA_OPC_SENSF_REQ 0
114#define PN533_FELICA_OPC_SENSF_RES 1
115/* felica SENSF_REQ parameters */
116#define PN533_FELICA_SENSF_SC_ALL 0xFFFF
117#define PN533_FELICA_SENSF_RC_NO_SYSTEM_CODE 0
118#define PN533_FELICA_SENSF_RC_SYSTEM_CODE 1
119#define PN533_FELICA_SENSF_RC_ADVANCED_PROTOCOL 2
120
121/* type B initiator_data values */
122#define PN533_TYPE_B_AFI_ALL_FAMILIES 0
123#define PN533_TYPE_B_POLL_METHOD_TIMESLOT 0
124#define PN533_TYPE_B_POLL_METHOD_PROBABILISTIC 1
125
126union pn533_cmd_poll_initdata {
127 struct {
128 u8 afi;
129 u8 polling_method;
130 } __packed type_b;
131 struct {
132 u8 opcode;
133 __be16 sc;
134 u8 rc;
135 u8 tsn;
136 } __packed felica;
137};
138
139/* Poll modulations */
140enum {
141 PN533_POLL_MOD_106KBPS_A,
142 PN533_POLL_MOD_212KBPS_FELICA,
143 PN533_POLL_MOD_424KBPS_FELICA,
144 PN533_POLL_MOD_106KBPS_JEWEL,
145 PN533_POLL_MOD_847KBPS_B,
146
147 __PN533_POLL_MOD_AFTER_LAST,
148};
149#define PN533_POLL_MOD_MAX (__PN533_POLL_MOD_AFTER_LAST - 1)
150
151struct pn533_poll_modulations {
152 struct {
153 u8 maxtg;
154 u8 brty;
155 union pn533_cmd_poll_initdata initiator_data;
156 } __packed data;
157 u8 len;
158};
159
160const struct pn533_poll_modulations poll_mod[] = {
161 [PN533_POLL_MOD_106KBPS_A] = {
162 .data = {
163 .maxtg = 1,
164 .brty = 0,
165 },
166 .len = 2,
167 },
168 [PN533_POLL_MOD_212KBPS_FELICA] = {
169 .data = {
170 .maxtg = 1,
171 .brty = 1,
172 .initiator_data.felica = {
173 .opcode = PN533_FELICA_OPC_SENSF_REQ,
174 .sc = PN533_FELICA_SENSF_SC_ALL,
175 .rc = PN533_FELICA_SENSF_RC_NO_SYSTEM_CODE,
176 .tsn = 0,
177 },
178 },
179 .len = 7,
180 },
181 [PN533_POLL_MOD_424KBPS_FELICA] = {
182 .data = {
183 .maxtg = 1,
184 .brty = 2,
185 .initiator_data.felica = {
186 .opcode = PN533_FELICA_OPC_SENSF_REQ,
187 .sc = PN533_FELICA_SENSF_SC_ALL,
188 .rc = PN533_FELICA_SENSF_RC_NO_SYSTEM_CODE,
189 .tsn = 0,
190 },
191 },
192 .len = 7,
193 },
194 [PN533_POLL_MOD_106KBPS_JEWEL] = {
195 .data = {
196 .maxtg = 1,
197 .brty = 4,
198 },
199 .len = 2,
200 },
201 [PN533_POLL_MOD_847KBPS_B] = {
202 .data = {
203 .maxtg = 1,
204 .brty = 8,
205 .initiator_data.type_b = {
206 .afi = PN533_TYPE_B_AFI_ALL_FAMILIES,
207 .polling_method =
208 PN533_TYPE_B_POLL_METHOD_TIMESLOT,
209 },
210 },
211 .len = 3,
212 },
213};
214
215/* PN533_CMD_IN_ATR */
216
217struct pn533_cmd_activate_param {
218 u8 tg;
219 u8 next;
220} __packed;
221
222struct pn533_cmd_activate_response {
223 u8 status;
224 u8 nfcid3t[10];
225 u8 didt;
226 u8 bst;
227 u8 brt;
228 u8 to;
229 u8 ppt;
230 /* optional */
231 u8 gt[];
232} __packed;
233
234
235struct pn533 {
236 struct usb_device *udev;
237 struct usb_interface *interface;
238 struct nfc_dev *nfc_dev;
239
240 struct urb *out_urb;
241 int out_maxlen;
242 struct pn533_frame *out_frame;
243
244 struct urb *in_urb;
245 int in_maxlen;
246 struct pn533_frame *in_frame;
247
248 struct tasklet_struct tasklet;
249 struct pn533_frame *tklt_in_frame;
250 int tklt_in_error;
251
252 pn533_cmd_complete_t cmd_complete;
253 void *cmd_complete_arg;
254 struct semaphore cmd_lock;
255 u8 cmd;
256
257 struct pn533_poll_modulations *poll_mod_active[PN533_POLL_MOD_MAX + 1];
258 u8 poll_mod_count;
259 u8 poll_mod_curr;
260 u32 poll_protocols;
261
262 u8 tgt_available_prots;
263 u8 tgt_active_prot;
264};
265
266struct pn533_frame {
267 u8 preamble;
268 __be16 start_frame;
269 u8 datalen;
270 u8 datalen_checksum;
271 u8 data[];
272} __packed;
273
274/* The rule: value + checksum = 0 */
275static inline u8 pn533_checksum(u8 value)
276{
277 return ~value + 1;
278}
279
280/* The rule: sum(data elements) + checksum = 0 */
281static u8 pn533_data_checksum(u8 *data, int datalen)
282{
283 u8 sum = 0;
284 int i;
285
286 for (i = 0; i < datalen; i++)
287 sum += data[i];
288
289 return pn533_checksum(sum);
290}
291
292/**
293 * pn533_tx_frame_ack - create a ack frame
294 * @frame: The frame to be set as ack
295 *
296 * Ack is different type of standard frame. As a standard frame, it has
297 * preamble and start_frame. However the checksum of this frame must fail,
298 * i.e. datalen + datalen_checksum must NOT be zero. When the checksum test
299 * fails and datalen = 0 and datalen_checksum = 0xFF, the frame is a ack.
300 * After datalen_checksum field, the postamble is placed.
301 */
302static void pn533_tx_frame_ack(struct pn533_frame *frame)
303{
304 frame->preamble = 0;
305 frame->start_frame = cpu_to_be16(PN533_SOF);
306 frame->datalen = 0;
307 frame->datalen_checksum = 0xFF;
308 /* data[0] is used as postamble */
309 frame->data[0] = 0;
310}
311
312static void pn533_tx_frame_init(struct pn533_frame *frame, u8 cmd)
313{
314 frame->preamble = 0;
315 frame->start_frame = cpu_to_be16(PN533_SOF);
316 PN533_FRAME_IDENTIFIER(frame) = PN533_DIR_OUT;
317 PN533_FRAME_CMD(frame) = cmd;
318 frame->datalen = 2;
319}
320
321static void pn533_tx_frame_finish(struct pn533_frame *frame)
322{
323 frame->datalen_checksum = pn533_checksum(frame->datalen);
324
325 PN533_FRAME_CHECKSUM(frame) =
326 pn533_data_checksum(frame->data, frame->datalen);
327
328 PN533_FRAME_POSTAMBLE(frame) = 0;
329}
330
331static bool pn533_rx_frame_is_valid(struct pn533_frame *frame)
332{
333 u8 checksum;
334
335 if (frame->start_frame != cpu_to_be16(PN533_SOF))
336 return false;
337
338 checksum = pn533_checksum(frame->datalen);
339 if (checksum != frame->datalen_checksum)
340 return false;
341
342 checksum = pn533_data_checksum(frame->data, frame->datalen);
343 if (checksum != PN533_FRAME_CHECKSUM(frame))
344 return false;
345
346 return true;
347}
348
349static bool pn533_rx_frame_is_ack(struct pn533_frame *frame)
350{
351 if (frame->start_frame != cpu_to_be16(PN533_SOF))
352 return false;
353
354 if (frame->datalen != 0 || frame->datalen_checksum != 0xFF)
355 return false;
356
357 return true;
358}
359
360static bool pn533_rx_frame_is_cmd_response(struct pn533_frame *frame, u8 cmd)
361{
362 return (PN533_FRAME_CMD(frame) == PN533_CMD_RESPONSE(cmd));
363}
364
365static void pn533_tasklet_cmd_complete(unsigned long arg)
366{
367 struct pn533 *dev = (struct pn533 *) arg;
368 struct pn533_frame *in_frame = dev->tklt_in_frame;
369 int rc;
370
371 if (dev->tklt_in_error)
372 rc = dev->cmd_complete(dev, dev->cmd_complete_arg, NULL,
373 dev->tklt_in_error);
374 else
375 rc = dev->cmd_complete(dev, dev->cmd_complete_arg,
376 PN533_FRAME_CMD_PARAMS_PTR(in_frame),
377 PN533_FRAME_CMD_PARAMS_LEN(in_frame));
378
379 if (rc != -EINPROGRESS)
380 up(&dev->cmd_lock);
381}
382
383static void pn533_recv_response(struct urb *urb)
384{
385 struct pn533 *dev = urb->context;
386 struct pn533_frame *in_frame;
387
388 dev->tklt_in_frame = NULL;
389
390 switch (urb->status) {
391 case 0:
392 /* success */
393 break;
394 case -ECONNRESET:
395 case -ENOENT:
396 case -ESHUTDOWN:
397 nfc_dev_dbg(&dev->interface->dev, "Urb shutting down with"
398 " status: %d", urb->status);
399 dev->tklt_in_error = urb->status;
400 goto sched_tasklet;
401 default:
402 nfc_dev_err(&dev->interface->dev, "Nonzero urb status received:"
403 " %d", urb->status);
404 dev->tklt_in_error = urb->status;
405 goto sched_tasklet;
406 }
407
408 in_frame = dev->in_urb->transfer_buffer;
409
410 if (!pn533_rx_frame_is_valid(in_frame)) {
411 nfc_dev_err(&dev->interface->dev, "Received an invalid frame");
412 dev->tklt_in_error = -EIO;
413 goto sched_tasklet;
414 }
415
416 if (!pn533_rx_frame_is_cmd_response(in_frame, dev->cmd)) {
417 nfc_dev_err(&dev->interface->dev, "The received frame is not "
418 "response to the last command");
419 dev->tklt_in_error = -EIO;
420 goto sched_tasklet;
421 }
422
423 nfc_dev_dbg(&dev->interface->dev, "Received a valid frame");
424 dev->tklt_in_error = 0;
425 dev->tklt_in_frame = in_frame;
426
427sched_tasklet:
428 tasklet_schedule(&dev->tasklet);
429}
430
431static int pn533_submit_urb_for_response(struct pn533 *dev, gfp_t flags)
432{
433 dev->in_urb->complete = pn533_recv_response;
434
435 return usb_submit_urb(dev->in_urb, flags);
436}
437
438static void pn533_recv_ack(struct urb *urb)
439{
440 struct pn533 *dev = urb->context;
441 struct pn533_frame *in_frame;
442 int rc;
443
444 switch (urb->status) {
445 case 0:
446 /* success */
447 break;
448 case -ECONNRESET:
449 case -ENOENT:
450 case -ESHUTDOWN:
451 nfc_dev_dbg(&dev->interface->dev, "Urb shutting down with"
452 " status: %d", urb->status);
453 dev->tklt_in_error = urb->status;
454 goto sched_tasklet;
455 default:
456 nfc_dev_err(&dev->interface->dev, "Nonzero urb status received:"
457 " %d", urb->status);
458 dev->tklt_in_error = urb->status;
459 goto sched_tasklet;
460 }
461
462 in_frame = dev->in_urb->transfer_buffer;
463
464 if (!pn533_rx_frame_is_ack(in_frame)) {
465 nfc_dev_err(&dev->interface->dev, "Received an invalid ack");
466 dev->tklt_in_error = -EIO;
467 goto sched_tasklet;
468 }
469
470 nfc_dev_dbg(&dev->interface->dev, "Received a valid ack");
471
472 rc = pn533_submit_urb_for_response(dev, GFP_ATOMIC);
473 if (rc) {
474 nfc_dev_err(&dev->interface->dev, "usb_submit_urb failed with"
475 " result %d", rc);
476 dev->tklt_in_error = rc;
477 goto sched_tasklet;
478 }
479
480 return;
481
482sched_tasklet:
483 dev->tklt_in_frame = NULL;
484 tasklet_schedule(&dev->tasklet);
485}
486
487static int pn533_submit_urb_for_ack(struct pn533 *dev, gfp_t flags)
488{
489 dev->in_urb->complete = pn533_recv_ack;
490
491 return usb_submit_urb(dev->in_urb, flags);
492}
493
494static int pn533_send_ack(struct pn533 *dev, gfp_t flags)
495{
496 int rc;
497
498 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
499
500 pn533_tx_frame_ack(dev->out_frame);
501
502 dev->out_urb->transfer_buffer = dev->out_frame;
503 dev->out_urb->transfer_buffer_length = PN533_FRAME_ACK_SIZE;
504 rc = usb_submit_urb(dev->out_urb, flags);
505
506 return rc;
507}
508
509static int __pn533_send_cmd_frame_async(struct pn533 *dev,
510 struct pn533_frame *out_frame,
511 struct pn533_frame *in_frame,
512 int in_frame_len,
513 pn533_cmd_complete_t cmd_complete,
514 void *arg, gfp_t flags)
515{
516 int rc;
517
518 nfc_dev_dbg(&dev->interface->dev, "Sending command 0x%x",
519 PN533_FRAME_CMD(out_frame));
520
521 dev->cmd = PN533_FRAME_CMD(out_frame);
522 dev->cmd_complete = cmd_complete;
523 dev->cmd_complete_arg = arg;
524
525 dev->out_urb->transfer_buffer = out_frame;
526 dev->out_urb->transfer_buffer_length =
527 PN533_FRAME_SIZE(out_frame);
528
529 dev->in_urb->transfer_buffer = in_frame;
530 dev->in_urb->transfer_buffer_length = in_frame_len;
531
532 rc = usb_submit_urb(dev->out_urb, flags);
533 if (rc)
534 return rc;
535
536 rc = pn533_submit_urb_for_ack(dev, flags);
537 if (rc)
538 goto error;
539
540 return 0;
541
542error:
543 usb_unlink_urb(dev->out_urb);
544 return rc;
545}
546
547static int pn533_send_cmd_frame_async(struct pn533 *dev,
548 struct pn533_frame *out_frame,
549 struct pn533_frame *in_frame,
550 int in_frame_len,
551 pn533_cmd_complete_t cmd_complete,
552 void *arg, gfp_t flags)
553{
554 int rc;
555
556 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
557
558 if (down_trylock(&dev->cmd_lock))
559 return -EBUSY;
560
561 rc = __pn533_send_cmd_frame_async(dev, out_frame, in_frame,
562 in_frame_len, cmd_complete, arg, flags);
563 if (rc)
564 goto error;
565
566 return 0;
567error:
568 up(&dev->cmd_lock);
569 return rc;
570}
571
572struct pn533_sync_cmd_response {
573 int rc;
574 struct completion done;
575};
576
577static int pn533_sync_cmd_complete(struct pn533 *dev, void *_arg,
578 u8 *params, int params_len)
579{
580 struct pn533_sync_cmd_response *arg = _arg;
581
582 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
583
584 arg->rc = 0;
585
586 if (params_len < 0) /* error */
587 arg->rc = params_len;
588
589 complete(&arg->done);
590
591 return 0;
592}
593
594static int pn533_send_cmd_frame_sync(struct pn533 *dev,
595 struct pn533_frame *out_frame,
596 struct pn533_frame *in_frame,
597 int in_frame_len)
598{
599 int rc;
600 struct pn533_sync_cmd_response arg;
601
602 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
603
604 init_completion(&arg.done);
605
606 rc = pn533_send_cmd_frame_async(dev, out_frame, in_frame, in_frame_len,
607 pn533_sync_cmd_complete, &arg, GFP_KERNEL);
608 if (rc)
609 return rc;
610
611 wait_for_completion(&arg.done);
612
613 return arg.rc;
614}
615
616static void pn533_send_complete(struct urb *urb)
617{
618 struct pn533 *dev = urb->context;
619
620 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
621
622 switch (urb->status) {
623 case 0:
624 /* success */
625 break;
626 case -ECONNRESET:
627 case -ENOENT:
628 case -ESHUTDOWN:
629 nfc_dev_dbg(&dev->interface->dev, "Urb shutting down with"
630 " status: %d", urb->status);
631 break;
632 default:
633 nfc_dev_dbg(&dev->interface->dev, "Nonzero urb status received:"
634 " %d", urb->status);
635 }
636}
637
638struct pn533_target_type_a {
639 __be16 sens_res;
640 u8 sel_res;
641 u8 nfcid_len;
642 u8 nfcid_data[];
643} __packed;
644
645
646#define PN533_TYPE_A_SENS_RES_NFCID1(x) ((u8)((be16_to_cpu(x) & 0x00C0) >> 6))
647#define PN533_TYPE_A_SENS_RES_SSD(x) ((u8)((be16_to_cpu(x) & 0x001F) >> 0))
648#define PN533_TYPE_A_SENS_RES_PLATCONF(x) ((u8)((be16_to_cpu(x) & 0x0F00) >> 8))
649
650#define PN533_TYPE_A_SENS_RES_SSD_JEWEL 0x00
651#define PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL 0x0C
652
653#define PN533_TYPE_A_SEL_PROT(x) (((x) & 0x60) >> 5)
654#define PN533_TYPE_A_SEL_CASCADE(x) (((x) & 0x04) >> 2)
655
656#define PN533_TYPE_A_SEL_PROT_MIFARE 0
657#define PN533_TYPE_A_SEL_PROT_ISO14443 1
658#define PN533_TYPE_A_SEL_PROT_DEP 2
659#define PN533_TYPE_A_SEL_PROT_ISO14443_DEP 3
660
661static bool pn533_target_type_a_is_valid(struct pn533_target_type_a *type_a,
662 int target_data_len)
663{
664 u8 ssd;
665 u8 platconf;
666
667 if (target_data_len < sizeof(struct pn533_target_type_a))
668 return false;
669
670 /* The lenght check of nfcid[] and ats[] are not being performed because
671 the values are not being used */
672
673 /* Requirement 4.6.3.3 from NFC Forum Digital Spec */
674 ssd = PN533_TYPE_A_SENS_RES_SSD(type_a->sens_res);
675 platconf = PN533_TYPE_A_SENS_RES_PLATCONF(type_a->sens_res);
676
677 if ((ssd == PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
678 platconf != PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL) ||
679 (ssd != PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
680 platconf == PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL))
681 return false;
682
683 /* Requirements 4.8.2.1, 4.8.2.3, 4.8.2.5 and 4.8.2.7 from NFC Forum */
684 if (PN533_TYPE_A_SEL_CASCADE(type_a->sel_res) != 0)
685 return false;
686
687 return true;
688}
689
690static int pn533_target_found_type_a(struct nfc_target *nfc_tgt, u8 *tgt_data,
691 int tgt_data_len)
692{
693 struct pn533_target_type_a *tgt_type_a;
694
695 tgt_type_a = (struct pn533_target_type_a *) tgt_data;
696
697 if (!pn533_target_type_a_is_valid(tgt_type_a, tgt_data_len))
698 return -EPROTO;
699
700 switch (PN533_TYPE_A_SEL_PROT(tgt_type_a->sel_res)) {
701 case PN533_TYPE_A_SEL_PROT_MIFARE:
702 nfc_tgt->supported_protocols = NFC_PROTO_MIFARE_MASK;
703 break;
704 case PN533_TYPE_A_SEL_PROT_ISO14443:
705 nfc_tgt->supported_protocols = NFC_PROTO_ISO14443_MASK;
706 break;
707 case PN533_TYPE_A_SEL_PROT_DEP:
708 nfc_tgt->supported_protocols = NFC_PROTO_NFC_DEP_MASK;
709 break;
710 case PN533_TYPE_A_SEL_PROT_ISO14443_DEP:
711 nfc_tgt->supported_protocols = NFC_PROTO_ISO14443_MASK |
712 NFC_PROTO_NFC_DEP_MASK;
713 break;
714 }
715
716 nfc_tgt->sens_res = be16_to_cpu(tgt_type_a->sens_res);
717 nfc_tgt->sel_res = tgt_type_a->sel_res;
718
719 return 0;
720}
721
722struct pn533_target_felica {
723 u8 pol_res;
724 u8 opcode;
725 u8 nfcid2[8];
726 u8 pad[8];
727 /* optional */
728 u8 syst_code[];
729} __packed;
730
731#define PN533_FELICA_SENSF_NFCID2_DEP_B1 0x01
732#define PN533_FELICA_SENSF_NFCID2_DEP_B2 0xFE
733
734static bool pn533_target_felica_is_valid(struct pn533_target_felica *felica,
735 int target_data_len)
736{
737 if (target_data_len < sizeof(struct pn533_target_felica))
738 return false;
739
740 if (felica->opcode != PN533_FELICA_OPC_SENSF_RES)
741 return false;
742
743 return true;
744}
745
746static int pn533_target_found_felica(struct nfc_target *nfc_tgt, u8 *tgt_data,
747 int tgt_data_len)
748{
749 struct pn533_target_felica *tgt_felica;
750
751 tgt_felica = (struct pn533_target_felica *) tgt_data;
752
753 if (!pn533_target_felica_is_valid(tgt_felica, tgt_data_len))
754 return -EPROTO;
755
756 if (tgt_felica->nfcid2[0] == PN533_FELICA_SENSF_NFCID2_DEP_B1 &&
757 tgt_felica->nfcid2[1] ==
758 PN533_FELICA_SENSF_NFCID2_DEP_B2)
759 nfc_tgt->supported_protocols = NFC_PROTO_NFC_DEP_MASK;
760 else
761 nfc_tgt->supported_protocols = NFC_PROTO_FELICA_MASK;
762
763 return 0;
764}
765
766struct pn533_target_jewel {
767 __be16 sens_res;
768 u8 jewelid[4];
769} __packed;
770
771static bool pn533_target_jewel_is_valid(struct pn533_target_jewel *jewel,
772 int target_data_len)
773{
774 u8 ssd;
775 u8 platconf;
776
777 if (target_data_len < sizeof(struct pn533_target_jewel))
778 return false;
779
780 /* Requirement 4.6.3.3 from NFC Forum Digital Spec */
781 ssd = PN533_TYPE_A_SENS_RES_SSD(jewel->sens_res);
782 platconf = PN533_TYPE_A_SENS_RES_PLATCONF(jewel->sens_res);
783
784 if ((ssd == PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
785 platconf != PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL) ||
786 (ssd != PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
787 platconf == PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL))
788 return false;
789
790 return true;
791}
792
793static int pn533_target_found_jewel(struct nfc_target *nfc_tgt, u8 *tgt_data,
794 int tgt_data_len)
795{
796 struct pn533_target_jewel *tgt_jewel;
797
798 tgt_jewel = (struct pn533_target_jewel *) tgt_data;
799
800 if (!pn533_target_jewel_is_valid(tgt_jewel, tgt_data_len))
801 return -EPROTO;
802
803 nfc_tgt->supported_protocols = NFC_PROTO_JEWEL_MASK;
804 nfc_tgt->sens_res = be16_to_cpu(tgt_jewel->sens_res);
805
806 return 0;
807}
808
809struct pn533_type_b_prot_info {
810 u8 bitrate;
811 u8 fsci_type;
812 u8 fwi_adc_fo;
813} __packed;
814
815#define PN533_TYPE_B_PROT_FCSI(x) (((x) & 0xF0) >> 4)
816#define PN533_TYPE_B_PROT_TYPE(x) (((x) & 0x0F) >> 0)
817#define PN533_TYPE_B_PROT_TYPE_RFU_MASK 0x8
818
819struct pn533_type_b_sens_res {
820 u8 opcode;
821 u8 nfcid[4];
822 u8 appdata[4];
823 struct pn533_type_b_prot_info prot_info;
824} __packed;
825
826#define PN533_TYPE_B_OPC_SENSB_RES 0x50
827
828struct pn533_target_type_b {
829 struct pn533_type_b_sens_res sensb_res;
830 u8 attrib_res_len;
831 u8 attrib_res[];
832} __packed;
833
834static bool pn533_target_type_b_is_valid(struct pn533_target_type_b *type_b,
835 int target_data_len)
836{
837 if (target_data_len < sizeof(struct pn533_target_type_b))
838 return false;
839
840 if (type_b->sensb_res.opcode != PN533_TYPE_B_OPC_SENSB_RES)
841 return false;
842
843 if (PN533_TYPE_B_PROT_TYPE(type_b->sensb_res.prot_info.fsci_type) &
844 PN533_TYPE_B_PROT_TYPE_RFU_MASK)
845 return false;
846
847 return true;
848}
849
850static int pn533_target_found_type_b(struct nfc_target *nfc_tgt, u8 *tgt_data,
851 int tgt_data_len)
852{
853 struct pn533_target_type_b *tgt_type_b;
854
855 tgt_type_b = (struct pn533_target_type_b *) tgt_data;
856
857 if (!pn533_target_type_b_is_valid(tgt_type_b, tgt_data_len))
858 return -EPROTO;
859
860 nfc_tgt->supported_protocols = NFC_PROTO_ISO14443_MASK;
861
862 return 0;
863}
864
865struct pn533_poll_response {
866 u8 nbtg;
867 u8 tg;
868 u8 target_data[];
869} __packed;
870
871static int pn533_target_found(struct pn533 *dev,
872 struct pn533_poll_response *resp, int resp_len)
873{
874 int target_data_len;
875 struct nfc_target nfc_tgt;
876 int rc;
877
878 nfc_dev_dbg(&dev->interface->dev, "%s - modulation=%d", __func__,
879 dev->poll_mod_curr);
880
881 if (resp->tg != 1)
882 return -EPROTO;
883
884 target_data_len = resp_len - sizeof(struct pn533_poll_response);
885
886 switch (dev->poll_mod_curr) {
887 case PN533_POLL_MOD_106KBPS_A:
888 rc = pn533_target_found_type_a(&nfc_tgt, resp->target_data,
889 target_data_len);
890 break;
891 case PN533_POLL_MOD_212KBPS_FELICA:
892 case PN533_POLL_MOD_424KBPS_FELICA:
893 rc = pn533_target_found_felica(&nfc_tgt, resp->target_data,
894 target_data_len);
895 break;
896 case PN533_POLL_MOD_106KBPS_JEWEL:
897 rc = pn533_target_found_jewel(&nfc_tgt, resp->target_data,
898 target_data_len);
899 break;
900 case PN533_POLL_MOD_847KBPS_B:
901 rc = pn533_target_found_type_b(&nfc_tgt, resp->target_data,
902 target_data_len);
903 break;
904 default:
905 nfc_dev_err(&dev->interface->dev, "Unknown current poll"
906 " modulation");
907 return -EPROTO;
908 }
909
910 if (rc)
911 return rc;
912
913 if (!(nfc_tgt.supported_protocols & dev->poll_protocols)) {
914 nfc_dev_dbg(&dev->interface->dev, "The target found does not"
915 " have the desired protocol");
916 return -EAGAIN;
917 }
918
919 nfc_dev_dbg(&dev->interface->dev, "Target found - supported protocols: "
920 "0x%x", nfc_tgt.supported_protocols);
921
922 dev->tgt_available_prots = nfc_tgt.supported_protocols;
923
924 nfc_targets_found(dev->nfc_dev, &nfc_tgt, 1);
925
926 return 0;
927}
928
929static void pn533_poll_reset_mod_list(struct pn533 *dev)
930{
931 dev->poll_mod_count = 0;
932}
933
934static void pn533_poll_add_mod(struct pn533 *dev, u8 mod_index)
935{
936 dev->poll_mod_active[dev->poll_mod_count] =
937 (struct pn533_poll_modulations *) &poll_mod[mod_index];
938 dev->poll_mod_count++;
939}
940
941static void pn533_poll_create_mod_list(struct pn533 *dev, u32 protocols)
942{
943 pn533_poll_reset_mod_list(dev);
944
945 if (protocols & NFC_PROTO_MIFARE_MASK
946 || protocols & NFC_PROTO_ISO14443_MASK
947 || protocols & NFC_PROTO_NFC_DEP_MASK)
948 pn533_poll_add_mod(dev, PN533_POLL_MOD_106KBPS_A);
949
950 if (protocols & NFC_PROTO_FELICA_MASK
951 || protocols & NFC_PROTO_NFC_DEP_MASK) {
952 pn533_poll_add_mod(dev, PN533_POLL_MOD_212KBPS_FELICA);
953 pn533_poll_add_mod(dev, PN533_POLL_MOD_424KBPS_FELICA);
954 }
955
956 if (protocols & NFC_PROTO_JEWEL_MASK)
957 pn533_poll_add_mod(dev, PN533_POLL_MOD_106KBPS_JEWEL);
958
959 if (protocols & NFC_PROTO_ISO14443_MASK)
960 pn533_poll_add_mod(dev, PN533_POLL_MOD_847KBPS_B);
961}
962
963static void pn533_start_poll_frame(struct pn533_frame *frame,
964 struct pn533_poll_modulations *mod)
965{
966
967 pn533_tx_frame_init(frame, PN533_CMD_IN_LIST_PASSIVE_TARGET);
968
969 memcpy(PN533_FRAME_CMD_PARAMS_PTR(frame), &mod->data, mod->len);
970 frame->datalen += mod->len;
971
972 pn533_tx_frame_finish(frame);
973}
974
975static int pn533_start_poll_complete(struct pn533 *dev, void *arg,
976 u8 *params, int params_len)
977{
978 struct pn533_poll_response *resp;
979 struct pn533_poll_modulations *next_mod;
980 int rc;
981
982 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
983
984 if (params_len == -ENOENT) {
985 nfc_dev_dbg(&dev->interface->dev, "Polling operation has been"
986 " stopped");
987 goto stop_poll;
988 }
989
990 if (params_len < 0) {
991 nfc_dev_err(&dev->interface->dev, "Error %d when running poll",
992 params_len);
993 goto stop_poll;
994 }
995
996 resp = (struct pn533_poll_response *) params;
997 if (resp->nbtg) {
998 rc = pn533_target_found(dev, resp, params_len);
999
1000 /* We must stop the poll after a valid target found */
1001 if (rc == 0)
1002 goto stop_poll;
1003
1004 if (rc != -EAGAIN)
1005 nfc_dev_err(&dev->interface->dev, "The target found is"
1006 " not valid - continuing to poll");
1007 }
1008
1009 dev->poll_mod_curr = (dev->poll_mod_curr + 1) % dev->poll_mod_count;
1010
1011 next_mod = dev->poll_mod_active[dev->poll_mod_curr];
1012
1013 nfc_dev_dbg(&dev->interface->dev, "Polling next modulation (0x%x)",
1014 dev->poll_mod_curr);
1015
1016 pn533_start_poll_frame(dev->out_frame, next_mod);
1017
1018 /* Don't need to down the semaphore again */
1019 rc = __pn533_send_cmd_frame_async(dev, dev->out_frame, dev->in_frame,
1020 dev->in_maxlen, pn533_start_poll_complete,
1021 NULL, GFP_ATOMIC);
1022
1023 if (rc == -EPERM) {
1024 nfc_dev_dbg(&dev->interface->dev, "Cannot poll next modulation"
1025 " because poll has been stopped");
1026 goto stop_poll;
1027 }
1028
1029 if (rc) {
1030 nfc_dev_err(&dev->interface->dev, "Error %d when trying to poll"
1031 " next modulation", rc);
1032 goto stop_poll;
1033 }
1034
1035 /* Inform caller function to do not up the semaphore */
1036 return -EINPROGRESS;
1037
1038stop_poll:
1039 pn533_poll_reset_mod_list(dev);
1040 dev->poll_protocols = 0;
1041 return 0;
1042}
1043
1044static int pn533_start_poll(struct nfc_dev *nfc_dev, u32 protocols)
1045{
1046 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1047 struct pn533_poll_modulations *start_mod;
1048 int rc;
1049
1050 nfc_dev_dbg(&dev->interface->dev, "%s - protocols=0x%x", __func__,
1051 protocols);
1052
1053 if (dev->poll_mod_count) {
1054 nfc_dev_err(&dev->interface->dev, "Polling operation already"
1055 " active");
1056 return -EBUSY;
1057 }
1058
1059 if (dev->tgt_active_prot) {
1060 nfc_dev_err(&dev->interface->dev, "Cannot poll with a target"
1061 " already activated");
1062 return -EBUSY;
1063 }
1064
1065 pn533_poll_create_mod_list(dev, protocols);
1066
1067 if (!dev->poll_mod_count) {
1068 nfc_dev_err(&dev->interface->dev, "No valid protocols"
1069 " specified");
1070 rc = -EINVAL;
1071 goto error;
1072 }
1073
1074 nfc_dev_dbg(&dev->interface->dev, "It will poll %d modulations types",
1075 dev->poll_mod_count);
1076
1077 dev->poll_mod_curr = 0;
1078 start_mod = dev->poll_mod_active[dev->poll_mod_curr];
1079
1080 pn533_start_poll_frame(dev->out_frame, start_mod);
1081
1082 rc = pn533_send_cmd_frame_async(dev, dev->out_frame, dev->in_frame,
1083 dev->in_maxlen, pn533_start_poll_complete,
1084 NULL, GFP_KERNEL);
1085
1086 if (rc) {
1087 nfc_dev_err(&dev->interface->dev, "Error %d when trying to"
1088 " start poll", rc);
1089 goto error;
1090 }
1091
1092 dev->poll_protocols = protocols;
1093
1094 return 0;
1095
1096error:
1097 pn533_poll_reset_mod_list(dev);
1098 return rc;
1099}
1100
1101static void pn533_stop_poll(struct nfc_dev *nfc_dev)
1102{
1103 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1104
1105 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1106
1107 if (!dev->poll_mod_count) {
1108 nfc_dev_dbg(&dev->interface->dev, "Polling operation was not"
1109 " running");
1110 return;
1111 }
1112
1113 /* An ack will cancel the last issued command (poll) */
1114 pn533_send_ack(dev, GFP_KERNEL);
1115
1116 /* prevent pn533_start_poll_complete to issue a new poll meanwhile */
1117 usb_kill_urb(dev->in_urb);
1118}
1119
1120static int pn533_activate_target_nfcdep(struct pn533 *dev)
1121{
1122 struct pn533_cmd_activate_param param;
1123 struct pn533_cmd_activate_response *resp;
1124 int rc;
1125
1126 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1127
1128 pn533_tx_frame_init(dev->out_frame, PN533_CMD_IN_ATR);
1129
1130 param.tg = 1;
1131 param.next = 0;
1132 memcpy(PN533_FRAME_CMD_PARAMS_PTR(dev->out_frame), ¶m,
1133 sizeof(struct pn533_cmd_activate_param));
1134 dev->out_frame->datalen += sizeof(struct pn533_cmd_activate_param);
1135
1136 pn533_tx_frame_finish(dev->out_frame);
1137
1138 rc = pn533_send_cmd_frame_sync(dev, dev->out_frame, dev->in_frame,
1139 dev->in_maxlen);
1140 if (rc)
1141 return rc;
1142
1143 resp = (struct pn533_cmd_activate_response *)
1144 PN533_FRAME_CMD_PARAMS_PTR(dev->in_frame);
1145 rc = resp->status & PN533_CMD_RET_MASK;
1146 if (rc != PN533_CMD_RET_SUCCESS)
1147 return -EIO;
1148
1149 return 0;
1150}
1151
1152static int pn533_activate_target(struct nfc_dev *nfc_dev, u32 target_idx,
1153 u32 protocol)
1154{
1155 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1156 int rc;
1157
1158 nfc_dev_dbg(&dev->interface->dev, "%s - protocol=%u", __func__,
1159 protocol);
1160
1161 if (dev->poll_mod_count) {
1162 nfc_dev_err(&dev->interface->dev, "Cannot activate while"
1163 " polling");
1164 return -EBUSY;
1165 }
1166
1167 if (dev->tgt_active_prot) {
1168 nfc_dev_err(&dev->interface->dev, "There is already an active"
1169 " target");
1170 return -EBUSY;
1171 }
1172
1173 if (!dev->tgt_available_prots) {
1174 nfc_dev_err(&dev->interface->dev, "There is no available target"
1175 " to activate");
1176 return -EINVAL;
1177 }
1178
1179 if (!(dev->tgt_available_prots & (1 << protocol))) {
1180 nfc_dev_err(&dev->interface->dev, "The target does not support"
1181 " the requested protocol %u", protocol);
1182 return -EINVAL;
1183 }
1184
1185 if (protocol == NFC_PROTO_NFC_DEP) {
1186 rc = pn533_activate_target_nfcdep(dev);
1187 if (rc) {
1188 nfc_dev_err(&dev->interface->dev, "Error %d when"
1189 " activating target with"
1190 " NFC_DEP protocol", rc);
1191 return rc;
1192 }
1193 }
1194
1195 dev->tgt_active_prot = protocol;
1196 dev->tgt_available_prots = 0;
1197
1198 return 0;
1199}
1200
1201static void pn533_deactivate_target(struct nfc_dev *nfc_dev, u32 target_idx)
1202{
1203 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1204 u8 tg;
1205 u8 status;
1206 int rc;
1207
1208 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1209
1210 if (!dev->tgt_active_prot) {
1211 nfc_dev_err(&dev->interface->dev, "There is no active target");
1212 return;
1213 }
1214
1215 dev->tgt_active_prot = 0;
1216
1217 pn533_tx_frame_init(dev->out_frame, PN533_CMD_IN_RELEASE);
1218
1219 tg = 1;
1220 memcpy(PN533_FRAME_CMD_PARAMS_PTR(dev->out_frame), &tg, sizeof(u8));
1221 dev->out_frame->datalen += sizeof(u8);
1222
1223 pn533_tx_frame_finish(dev->out_frame);
1224
1225 rc = pn533_send_cmd_frame_sync(dev, dev->out_frame, dev->in_frame,
1226 dev->in_maxlen);
1227 if (rc) {
1228 nfc_dev_err(&dev->interface->dev, "Error when sending release"
1229 " command to the controller");
1230 return;
1231 }
1232
1233 status = PN533_FRAME_CMD_PARAMS_PTR(dev->in_frame)[0];
1234 rc = status & PN533_CMD_RET_MASK;
1235 if (rc != PN533_CMD_RET_SUCCESS)
1236 nfc_dev_err(&dev->interface->dev, "Error 0x%x when releasing"
1237 " the target", rc);
1238
1239 return;
1240}
1241
1242#define PN533_CMD_DATAEXCH_HEAD_LEN (sizeof(struct pn533_frame) + 3)
1243#define PN533_CMD_DATAEXCH_DATA_MAXLEN 262
1244
1245static int pn533_data_exchange_tx_frame(struct pn533 *dev, struct sk_buff *skb)
1246{
1247 int payload_len = skb->len;
1248 struct pn533_frame *out_frame;
1249 struct sk_buff *discarded;
1250 u8 tg;
1251
1252 nfc_dev_dbg(&dev->interface->dev, "%s - Sending %d bytes", __func__,
1253 payload_len);
1254
1255 if (payload_len > PN533_CMD_DATAEXCH_DATA_MAXLEN) {
1256 /* TODO: Implement support to multi-part data exchange */
1257 nfc_dev_err(&dev->interface->dev, "Data length greater than the"
1258 " max allowed: %d",
1259 PN533_CMD_DATAEXCH_DATA_MAXLEN);
1260 return -ENOSYS;
1261 }
1262
1263 /* Reserving header space */
1264 if (skb_cow_head(skb, PN533_CMD_DATAEXCH_HEAD_LEN)) {
1265 nfc_dev_err(&dev->interface->dev, "Error to add header data");
1266 return -ENOMEM;
1267 }
1268
1269 /* Reserving tail space, see pn533_tx_frame_finish */
1270 if (skb_cow_data(skb, PN533_FRAME_TAIL_SIZE, &discarded) < 0) {
1271 nfc_dev_err(&dev->interface->dev, "Error to add tail data");
1272 return -ENOMEM;
1273 }
1274
1275 skb_push(skb, PN533_CMD_DATAEXCH_HEAD_LEN);
1276 out_frame = (struct pn533_frame *) skb->data;
1277
1278 pn533_tx_frame_init(out_frame, PN533_CMD_IN_DATA_EXCHANGE);
1279
1280 tg = 1;
1281 memcpy(PN533_FRAME_CMD_PARAMS_PTR(out_frame), &tg, sizeof(u8));
1282 out_frame->datalen += sizeof(u8);
1283
1284 /* The data is already in the out_frame, just update the datalen */
1285 out_frame->datalen += payload_len;
1286
1287 pn533_tx_frame_finish(out_frame);
1288 skb_put(skb, PN533_FRAME_TAIL_SIZE);
1289
1290 return 0;
1291}
1292
1293struct pn533_data_exchange_arg {
1294 struct sk_buff *skb_resp;
1295 struct sk_buff *skb_out;
1296 data_exchange_cb_t cb;
1297 void *cb_context;
1298};
1299
1300static int pn533_data_exchange_complete(struct pn533 *dev, void *_arg,
1301 u8 *params, int params_len)
1302{
1303 struct pn533_data_exchange_arg *arg = _arg;
1304 struct sk_buff *skb_resp = arg->skb_resp;
1305 struct pn533_frame *in_frame = (struct pn533_frame *) skb_resp->data;
1306 int err = 0;
1307 u8 status;
1308 u8 cmd_ret;
1309
1310 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1311
1312 dev_kfree_skb_irq(arg->skb_out);
1313
1314 if (params_len < 0) { /* error */
1315 err = params_len;
1316 goto error;
1317 }
1318
1319 skb_put(skb_resp, PN533_FRAME_SIZE(in_frame));
1320
1321 status = params[0];
1322
1323 cmd_ret = status & PN533_CMD_RET_MASK;
1324 if (cmd_ret != PN533_CMD_RET_SUCCESS) {
1325 nfc_dev_err(&dev->interface->dev, "PN533 reported error %d when"
1326 " exchanging data", cmd_ret);
1327 err = -EIO;
1328 goto error;
1329 }
1330
1331 if (status & PN533_CMD_MI_MASK) {
1332 /* TODO: Implement support to multi-part data exchange */
1333 nfc_dev_err(&dev->interface->dev, "Multi-part message not yet"
1334 " supported");
1335 /* Prevent the other messages from controller */
1336 pn533_send_ack(dev, GFP_ATOMIC);
1337 err = -ENOSYS;
1338 goto error;
1339 }
1340
1341 skb_pull(skb_resp, PN533_CMD_DATAEXCH_HEAD_LEN);
1342 skb_trim(skb_resp, skb_resp->len - PN533_FRAME_TAIL_SIZE);
1343
1344 arg->cb(arg->cb_context, skb_resp, 0);
1345 kfree(arg);
1346 return 0;
1347
1348error:
1349 dev_kfree_skb_irq(skb_resp);
1350 arg->cb(arg->cb_context, NULL, err);
1351 kfree(arg);
1352 return 0;
1353}
1354
1355int pn533_data_exchange(struct nfc_dev *nfc_dev, u32 target_idx,
1356 struct sk_buff *skb,
1357 data_exchange_cb_t cb,
1358 void *cb_context)
1359{
1360 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1361 struct pn533_frame *out_frame, *in_frame;
1362 struct pn533_data_exchange_arg *arg;
1363 struct sk_buff *skb_resp;
1364 int skb_resp_len;
1365 int rc;
1366
1367 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1368
1369 if (!dev->tgt_active_prot) {
1370 nfc_dev_err(&dev->interface->dev, "Cannot exchange data if"
1371 " there is no active target");
1372 rc = -EINVAL;
1373 goto error;
1374 }
1375
1376 rc = pn533_data_exchange_tx_frame(dev, skb);
1377 if (rc)
1378 goto error;
1379
1380 skb_resp_len = PN533_CMD_DATAEXCH_HEAD_LEN +
1381 PN533_CMD_DATAEXCH_DATA_MAXLEN +
1382 PN533_FRAME_TAIL_SIZE;
1383
1384 skb_resp = nfc_alloc_skb(skb_resp_len, GFP_KERNEL);
1385 if (!skb_resp) {
1386 rc = -ENOMEM;
1387 goto error;
1388 }
1389
1390 in_frame = (struct pn533_frame *) skb_resp->data;
1391 out_frame = (struct pn533_frame *) skb->data;
1392
1393 arg = kmalloc(sizeof(struct pn533_data_exchange_arg), GFP_KERNEL);
1394 if (!arg) {
1395 rc = -ENOMEM;
1396 goto free_skb_resp;
1397 }
1398
1399 arg->skb_resp = skb_resp;
1400 arg->skb_out = skb;
1401 arg->cb = cb;
1402 arg->cb_context = cb_context;
1403
1404 rc = pn533_send_cmd_frame_async(dev, out_frame, in_frame, skb_resp_len,
1405 pn533_data_exchange_complete, arg,
1406 GFP_KERNEL);
1407 if (rc) {
1408 nfc_dev_err(&dev->interface->dev, "Error %d when trying to"
1409 " perform data_exchange", rc);
1410 goto free_arg;
1411 }
1412
1413 return 0;
1414
1415free_arg:
1416 kfree(arg);
1417free_skb_resp:
1418 kfree_skb(skb_resp);
1419error:
1420 kfree_skb(skb);
1421 return rc;
1422}
1423
1424static int pn533_set_configuration(struct pn533 *dev, u8 cfgitem, u8 *cfgdata,
1425 u8 cfgdata_len)
1426{
1427 int rc;
1428 u8 *params;
1429
1430 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1431
1432 pn533_tx_frame_init(dev->out_frame, PN533_CMD_RF_CONFIGURATION);
1433
1434 params = PN533_FRAME_CMD_PARAMS_PTR(dev->out_frame);
1435 params[0] = cfgitem;
1436 memcpy(¶ms[1], cfgdata, cfgdata_len);
1437 dev->out_frame->datalen += (1 + cfgdata_len);
1438
1439 pn533_tx_frame_finish(dev->out_frame);
1440
1441 rc = pn533_send_cmd_frame_sync(dev, dev->out_frame, dev->in_frame,
1442 dev->in_maxlen);
1443
1444 return rc;
1445}
1446
1447struct nfc_ops pn533_nfc_ops = {
1448 .start_poll = pn533_start_poll,
1449 .stop_poll = pn533_stop_poll,
1450 .activate_target = pn533_activate_target,
1451 .deactivate_target = pn533_deactivate_target,
1452 .data_exchange = pn533_data_exchange,
1453};
1454
1455static int pn533_probe(struct usb_interface *interface,
1456 const struct usb_device_id *id)
1457{
1458 struct pn533_fw_version *fw_ver;
1459 struct pn533 *dev;
1460 struct usb_host_interface *iface_desc;
1461 struct usb_endpoint_descriptor *endpoint;
1462 struct pn533_config_max_retries max_retries;
1463 int in_endpoint = 0;
1464 int out_endpoint = 0;
1465 int rc = -ENOMEM;
1466 int i;
1467 u32 protocols;
1468
1469 dev = kzalloc(sizeof(*dev), GFP_KERNEL);
1470 if (!dev)
1471 return -ENOMEM;
1472
1473 dev->udev = usb_get_dev(interface_to_usbdev(interface));
1474 dev->interface = interface;
1475 sema_init(&dev->cmd_lock, 1);
1476
1477 iface_desc = interface->cur_altsetting;
1478 for (i = 0; i < iface_desc->desc.bNumEndpoints; ++i) {
1479 endpoint = &iface_desc->endpoint[i].desc;
1480
1481 if (!in_endpoint && usb_endpoint_is_bulk_in(endpoint)) {
1482 dev->in_maxlen = le16_to_cpu(endpoint->wMaxPacketSize);
1483 in_endpoint = endpoint->bEndpointAddress;
1484 }
1485
1486 if (!out_endpoint && usb_endpoint_is_bulk_out(endpoint)) {
1487 dev->out_maxlen =
1488 le16_to_cpu(endpoint->wMaxPacketSize);
1489 out_endpoint = endpoint->bEndpointAddress;
1490 }
1491 }
1492
1493 if (!in_endpoint || !out_endpoint) {
1494 nfc_dev_err(&interface->dev, "Could not find bulk-in or"
1495 " bulk-out endpoint");
1496 rc = -ENODEV;
1497 goto error;
1498 }
1499
1500 dev->in_frame = kmalloc(dev->in_maxlen, GFP_KERNEL);
1501 dev->in_urb = usb_alloc_urb(0, GFP_KERNEL);
1502 dev->out_frame = kmalloc(dev->out_maxlen, GFP_KERNEL);
1503 dev->out_urb = usb_alloc_urb(0, GFP_KERNEL);
1504
1505 if (!dev->in_frame || !dev->out_frame ||
1506 !dev->in_urb || !dev->out_urb)
1507 goto error;
1508
1509 usb_fill_bulk_urb(dev->in_urb, dev->udev,
1510 usb_rcvbulkpipe(dev->udev, in_endpoint),
1511 NULL, 0, NULL, dev);
1512 usb_fill_bulk_urb(dev->out_urb, dev->udev,
1513 usb_sndbulkpipe(dev->udev, out_endpoint),
1514 NULL, 0,
1515 pn533_send_complete, dev);
1516
1517 tasklet_init(&dev->tasklet, pn533_tasklet_cmd_complete, (ulong)dev);
1518
1519 usb_set_intfdata(interface, dev);
1520
1521 pn533_tx_frame_init(dev->out_frame, PN533_CMD_GET_FIRMWARE_VERSION);
1522 pn533_tx_frame_finish(dev->out_frame);
1523
1524 rc = pn533_send_cmd_frame_sync(dev, dev->out_frame, dev->in_frame,
1525 dev->in_maxlen);
1526 if (rc)
1527 goto kill_tasklet;
1528
1529 fw_ver = (struct pn533_fw_version *)
1530 PN533_FRAME_CMD_PARAMS_PTR(dev->in_frame);
1531 nfc_dev_info(&dev->interface->dev, "NXP PN533 firmware ver %d.%d now"
1532 " attached", fw_ver->ver, fw_ver->rev);
1533
1534 protocols = NFC_PROTO_JEWEL_MASK
1535 | NFC_PROTO_MIFARE_MASK | NFC_PROTO_FELICA_MASK
1536 | NFC_PROTO_ISO14443_MASK
1537 | NFC_PROTO_NFC_DEP_MASK;
1538
1539 dev->nfc_dev = nfc_allocate_device(&pn533_nfc_ops, protocols);
1540 if (!dev->nfc_dev)
1541 goto kill_tasklet;
1542
1543 nfc_set_parent_dev(dev->nfc_dev, &interface->dev);
1544 nfc_set_drvdata(dev->nfc_dev, dev);
1545
1546 rc = nfc_register_device(dev->nfc_dev);
1547 if (rc)
1548 goto free_nfc_dev;
1549
1550 max_retries.mx_rty_atr = PN533_CONFIG_MAX_RETRIES_ENDLESS;
1551 max_retries.mx_rty_psl = 2;
1552 max_retries.mx_rty_passive_act = PN533_CONFIG_MAX_RETRIES_NO_RETRY;
1553
1554 rc = pn533_set_configuration(dev, PN533_CFGITEM_MAX_RETRIES,
1555 (u8 *) &max_retries, sizeof(max_retries));
1556
1557 if (rc) {
1558 nfc_dev_err(&dev->interface->dev, "Error on setting MAX_RETRIES"
1559 " config");
1560 goto free_nfc_dev;
1561 }
1562
1563 return 0;
1564
1565free_nfc_dev:
1566 nfc_free_device(dev->nfc_dev);
1567kill_tasklet:
1568 tasklet_kill(&dev->tasklet);
1569error:
1570 kfree(dev->in_frame);
1571 usb_free_urb(dev->in_urb);
1572 kfree(dev->out_frame);
1573 usb_free_urb(dev->out_urb);
1574 kfree(dev);
1575 return rc;
1576}
1577
1578static void pn533_disconnect(struct usb_interface *interface)
1579{
1580 struct pn533 *dev;
1581
1582 dev = usb_get_intfdata(interface);
1583 usb_set_intfdata(interface, NULL);
1584
1585 nfc_unregister_device(dev->nfc_dev);
1586 nfc_free_device(dev->nfc_dev);
1587
1588 usb_kill_urb(dev->in_urb);
1589 usb_kill_urb(dev->out_urb);
1590
1591 tasklet_kill(&dev->tasklet);
1592
1593 kfree(dev->in_frame);
1594 usb_free_urb(dev->in_urb);
1595 kfree(dev->out_frame);
1596 usb_free_urb(dev->out_urb);
1597 kfree(dev);
1598
1599 nfc_dev_info(&interface->dev, "NXP PN533 NFC device disconnected");
1600}
1601
1602static struct usb_driver pn533_driver = {
1603 .name = "pn533",
1604 .probe = pn533_probe,
1605 .disconnect = pn533_disconnect,
1606 .id_table = pn533_table,
1607};
1608
1609static int __init pn533_init(void)
1610{
1611 int rc;
1612
1613 rc = usb_register(&pn533_driver);
1614 if (rc)
1615 err("usb_register failed. Error number %d", rc);
1616
1617 return rc;
1618}
1619
1620static void __exit pn533_exit(void)
1621{
1622 usb_deregister(&pn533_driver);
1623}
1624
1625module_init(pn533_init);
1626module_exit(pn533_exit);
1627
1628MODULE_AUTHOR("Lauro Ramos Venancio <lauro.venancio@openbossa.org>,"
1629 " Aloisio Almeida Jr <aloisio.almeida@openbossa.org>");
1630MODULE_DESCRIPTION("PN533 usb driver ver " VERSION);
1631MODULE_VERSION(VERSION);
1632MODULE_LICENSE("GPL");
1/*
2 * Copyright (C) 2011 Instituto Nokia de Tecnologia
3 * Copyright (C) 2012-2013 Tieto Poland
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License
16 * along with this program; if not, see <http://www.gnu.org/licenses/>.
17 */
18
19#include <linux/device.h>
20#include <linux/kernel.h>
21#include <linux/module.h>
22#include <linux/slab.h>
23#include <linux/usb.h>
24#include <linux/nfc.h>
25#include <linux/netdevice.h>
26#include <net/nfc/nfc.h>
27
28#define VERSION "0.2"
29
30#define PN533_VENDOR_ID 0x4CC
31#define PN533_PRODUCT_ID 0x2533
32
33#define SCM_VENDOR_ID 0x4E6
34#define SCL3711_PRODUCT_ID 0x5591
35
36#define SONY_VENDOR_ID 0x054c
37#define PASORI_PRODUCT_ID 0x02e1
38
39#define ACS_VENDOR_ID 0x072f
40#define ACR122U_PRODUCT_ID 0x2200
41
42#define PN533_DEVICE_STD 0x1
43#define PN533_DEVICE_PASORI 0x2
44#define PN533_DEVICE_ACR122U 0x3
45
46#define PN533_ALL_PROTOCOLS (NFC_PROTO_JEWEL_MASK | NFC_PROTO_MIFARE_MASK |\
47 NFC_PROTO_FELICA_MASK | NFC_PROTO_ISO14443_MASK |\
48 NFC_PROTO_NFC_DEP_MASK |\
49 NFC_PROTO_ISO14443_B_MASK)
50
51#define PN533_NO_TYPE_B_PROTOCOLS (NFC_PROTO_JEWEL_MASK | \
52 NFC_PROTO_MIFARE_MASK | \
53 NFC_PROTO_FELICA_MASK | \
54 NFC_PROTO_ISO14443_MASK | \
55 NFC_PROTO_NFC_DEP_MASK)
56
57static const struct usb_device_id pn533_table[] = {
58 { USB_DEVICE(PN533_VENDOR_ID, PN533_PRODUCT_ID),
59 .driver_info = PN533_DEVICE_STD },
60 { USB_DEVICE(SCM_VENDOR_ID, SCL3711_PRODUCT_ID),
61 .driver_info = PN533_DEVICE_STD },
62 { USB_DEVICE(SONY_VENDOR_ID, PASORI_PRODUCT_ID),
63 .driver_info = PN533_DEVICE_PASORI },
64 { USB_DEVICE(ACS_VENDOR_ID, ACR122U_PRODUCT_ID),
65 .driver_info = PN533_DEVICE_ACR122U },
66 { }
67};
68MODULE_DEVICE_TABLE(usb, pn533_table);
69
70/* How much time we spend listening for initiators */
71#define PN533_LISTEN_TIME 2
72/* Delay between each poll frame (ms) */
73#define PN533_POLL_INTERVAL 10
74
75/* Standard pn533 frame definitions (standard and extended)*/
76#define PN533_STD_FRAME_HEADER_LEN (sizeof(struct pn533_std_frame) \
77 + 2) /* data[0] TFI, data[1] CC */
78#define PN533_STD_FRAME_TAIL_LEN 2 /* data[len] DCS, data[len + 1] postamble*/
79
80#define PN533_EXT_FRAME_HEADER_LEN (sizeof(struct pn533_ext_frame) \
81 + 2) /* data[0] TFI, data[1] CC */
82
83#define PN533_CMD_DATAEXCH_DATA_MAXLEN 262
84#define PN533_CMD_DATAFRAME_MAXLEN 240 /* max data length (send) */
85
86/*
87 * Max extended frame payload len, excluding TFI and CC
88 * which are already in PN533_FRAME_HEADER_LEN.
89 */
90#define PN533_STD_FRAME_MAX_PAYLOAD_LEN 263
91
92#define PN533_STD_FRAME_ACK_SIZE 6 /* Preamble (1), SoPC (2), ACK Code (2),
93 Postamble (1) */
94#define PN533_STD_FRAME_CHECKSUM(f) (f->data[f->datalen])
95#define PN533_STD_FRAME_POSTAMBLE(f) (f->data[f->datalen + 1])
96/* Half start code (3), LEN (4) should be 0xffff for extended frame */
97#define PN533_STD_IS_EXTENDED(hdr) ((hdr)->datalen == 0xFF \
98 && (hdr)->datalen_checksum == 0xFF)
99#define PN533_EXT_FRAME_CHECKSUM(f) (f->data[be16_to_cpu(f->datalen)])
100
101/* start of frame */
102#define PN533_STD_FRAME_SOF 0x00FF
103
104/* standard frame identifier: in/out/error */
105#define PN533_STD_FRAME_IDENTIFIER(f) (f->data[0]) /* TFI */
106#define PN533_STD_FRAME_DIR_OUT 0xD4
107#define PN533_STD_FRAME_DIR_IN 0xD5
108
109/* ACS ACR122 pn533 frame definitions */
110#define PN533_ACR122_TX_FRAME_HEADER_LEN (sizeof(struct pn533_acr122_tx_frame) \
111 + 2)
112#define PN533_ACR122_TX_FRAME_TAIL_LEN 0
113#define PN533_ACR122_RX_FRAME_HEADER_LEN (sizeof(struct pn533_acr122_rx_frame) \
114 + 2)
115#define PN533_ACR122_RX_FRAME_TAIL_LEN 2
116#define PN533_ACR122_FRAME_MAX_PAYLOAD_LEN PN533_STD_FRAME_MAX_PAYLOAD_LEN
117
118/* CCID messages types */
119#define PN533_ACR122_PC_TO_RDR_ICCPOWERON 0x62
120#define PN533_ACR122_PC_TO_RDR_ESCAPE 0x6B
121
122#define PN533_ACR122_RDR_TO_PC_ESCAPE 0x83
123
124/* PN533 Commands */
125#define PN533_FRAME_CMD(f) (f->data[1])
126
127#define PN533_CMD_GET_FIRMWARE_VERSION 0x02
128#define PN533_CMD_RF_CONFIGURATION 0x32
129#define PN533_CMD_IN_DATA_EXCHANGE 0x40
130#define PN533_CMD_IN_COMM_THRU 0x42
131#define PN533_CMD_IN_LIST_PASSIVE_TARGET 0x4A
132#define PN533_CMD_IN_ATR 0x50
133#define PN533_CMD_IN_RELEASE 0x52
134#define PN533_CMD_IN_JUMP_FOR_DEP 0x56
135
136#define PN533_CMD_TG_INIT_AS_TARGET 0x8c
137#define PN533_CMD_TG_GET_DATA 0x86
138#define PN533_CMD_TG_SET_DATA 0x8e
139#define PN533_CMD_TG_SET_META_DATA 0x94
140#define PN533_CMD_UNDEF 0xff
141
142#define PN533_CMD_RESPONSE(cmd) (cmd + 1)
143
144/* PN533 Return codes */
145#define PN533_CMD_RET_MASK 0x3F
146#define PN533_CMD_MI_MASK 0x40
147#define PN533_CMD_RET_SUCCESS 0x00
148
149struct pn533;
150
151typedef int (*pn533_send_async_complete_t) (struct pn533 *dev, void *arg,
152 struct sk_buff *resp);
153
154/* structs for pn533 commands */
155
156/* PN533_CMD_GET_FIRMWARE_VERSION */
157struct pn533_fw_version {
158 u8 ic;
159 u8 ver;
160 u8 rev;
161 u8 support;
162};
163
164/* PN533_CMD_RF_CONFIGURATION */
165#define PN533_CFGITEM_RF_FIELD 0x01
166#define PN533_CFGITEM_TIMING 0x02
167#define PN533_CFGITEM_MAX_RETRIES 0x05
168#define PN533_CFGITEM_PASORI 0x82
169
170#define PN533_CFGITEM_RF_FIELD_AUTO_RFCA 0x2
171#define PN533_CFGITEM_RF_FIELD_ON 0x1
172#define PN533_CFGITEM_RF_FIELD_OFF 0x0
173
174#define PN533_CONFIG_TIMING_102 0xb
175#define PN533_CONFIG_TIMING_204 0xc
176#define PN533_CONFIG_TIMING_409 0xd
177#define PN533_CONFIG_TIMING_819 0xe
178
179#define PN533_CONFIG_MAX_RETRIES_NO_RETRY 0x00
180#define PN533_CONFIG_MAX_RETRIES_ENDLESS 0xFF
181
182struct pn533_config_max_retries {
183 u8 mx_rty_atr;
184 u8 mx_rty_psl;
185 u8 mx_rty_passive_act;
186} __packed;
187
188struct pn533_config_timing {
189 u8 rfu;
190 u8 atr_res_timeout;
191 u8 dep_timeout;
192} __packed;
193
194/* PN533_CMD_IN_LIST_PASSIVE_TARGET */
195
196/* felica commands opcode */
197#define PN533_FELICA_OPC_SENSF_REQ 0
198#define PN533_FELICA_OPC_SENSF_RES 1
199/* felica SENSF_REQ parameters */
200#define PN533_FELICA_SENSF_SC_ALL 0xFFFF
201#define PN533_FELICA_SENSF_RC_NO_SYSTEM_CODE 0
202#define PN533_FELICA_SENSF_RC_SYSTEM_CODE 1
203#define PN533_FELICA_SENSF_RC_ADVANCED_PROTOCOL 2
204
205/* type B initiator_data values */
206#define PN533_TYPE_B_AFI_ALL_FAMILIES 0
207#define PN533_TYPE_B_POLL_METHOD_TIMESLOT 0
208#define PN533_TYPE_B_POLL_METHOD_PROBABILISTIC 1
209
210union pn533_cmd_poll_initdata {
211 struct {
212 u8 afi;
213 u8 polling_method;
214 } __packed type_b;
215 struct {
216 u8 opcode;
217 __be16 sc;
218 u8 rc;
219 u8 tsn;
220 } __packed felica;
221};
222
223/* Poll modulations */
224enum {
225 PN533_POLL_MOD_106KBPS_A,
226 PN533_POLL_MOD_212KBPS_FELICA,
227 PN533_POLL_MOD_424KBPS_FELICA,
228 PN533_POLL_MOD_106KBPS_JEWEL,
229 PN533_POLL_MOD_847KBPS_B,
230 PN533_LISTEN_MOD,
231
232 __PN533_POLL_MOD_AFTER_LAST,
233};
234#define PN533_POLL_MOD_MAX (__PN533_POLL_MOD_AFTER_LAST - 1)
235
236struct pn533_poll_modulations {
237 struct {
238 u8 maxtg;
239 u8 brty;
240 union pn533_cmd_poll_initdata initiator_data;
241 } __packed data;
242 u8 len;
243};
244
245static const struct pn533_poll_modulations poll_mod[] = {
246 [PN533_POLL_MOD_106KBPS_A] = {
247 .data = {
248 .maxtg = 1,
249 .brty = 0,
250 },
251 .len = 2,
252 },
253 [PN533_POLL_MOD_212KBPS_FELICA] = {
254 .data = {
255 .maxtg = 1,
256 .brty = 1,
257 .initiator_data.felica = {
258 .opcode = PN533_FELICA_OPC_SENSF_REQ,
259 .sc = PN533_FELICA_SENSF_SC_ALL,
260 .rc = PN533_FELICA_SENSF_RC_SYSTEM_CODE,
261 .tsn = 0x03,
262 },
263 },
264 .len = 7,
265 },
266 [PN533_POLL_MOD_424KBPS_FELICA] = {
267 .data = {
268 .maxtg = 1,
269 .brty = 2,
270 .initiator_data.felica = {
271 .opcode = PN533_FELICA_OPC_SENSF_REQ,
272 .sc = PN533_FELICA_SENSF_SC_ALL,
273 .rc = PN533_FELICA_SENSF_RC_SYSTEM_CODE,
274 .tsn = 0x03,
275 },
276 },
277 .len = 7,
278 },
279 [PN533_POLL_MOD_106KBPS_JEWEL] = {
280 .data = {
281 .maxtg = 1,
282 .brty = 4,
283 },
284 .len = 2,
285 },
286 [PN533_POLL_MOD_847KBPS_B] = {
287 .data = {
288 .maxtg = 1,
289 .brty = 8,
290 .initiator_data.type_b = {
291 .afi = PN533_TYPE_B_AFI_ALL_FAMILIES,
292 .polling_method =
293 PN533_TYPE_B_POLL_METHOD_TIMESLOT,
294 },
295 },
296 .len = 3,
297 },
298 [PN533_LISTEN_MOD] = {
299 .len = 0,
300 },
301};
302
303/* PN533_CMD_IN_ATR */
304
305struct pn533_cmd_activate_response {
306 u8 status;
307 u8 nfcid3t[10];
308 u8 didt;
309 u8 bst;
310 u8 brt;
311 u8 to;
312 u8 ppt;
313 /* optional */
314 u8 gt[];
315} __packed;
316
317struct pn533_cmd_jump_dep_response {
318 u8 status;
319 u8 tg;
320 u8 nfcid3t[10];
321 u8 didt;
322 u8 bst;
323 u8 brt;
324 u8 to;
325 u8 ppt;
326 /* optional */
327 u8 gt[];
328} __packed;
329
330
331/* PN533_TG_INIT_AS_TARGET */
332#define PN533_INIT_TARGET_PASSIVE 0x1
333#define PN533_INIT_TARGET_DEP 0x2
334
335#define PN533_INIT_TARGET_RESP_FRAME_MASK 0x3
336#define PN533_INIT_TARGET_RESP_ACTIVE 0x1
337#define PN533_INIT_TARGET_RESP_DEP 0x4
338
339enum pn533_protocol_type {
340 PN533_PROTO_REQ_ACK_RESP = 0,
341 PN533_PROTO_REQ_RESP
342};
343
344struct pn533 {
345 struct usb_device *udev;
346 struct usb_interface *interface;
347 struct nfc_dev *nfc_dev;
348 u32 device_type;
349 enum pn533_protocol_type protocol_type;
350
351 struct urb *out_urb;
352 struct urb *in_urb;
353
354 struct sk_buff_head resp_q;
355 struct sk_buff_head fragment_skb;
356
357 struct workqueue_struct *wq;
358 struct work_struct cmd_work;
359 struct work_struct cmd_complete_work;
360 struct delayed_work poll_work;
361 struct work_struct mi_rx_work;
362 struct work_struct mi_tx_work;
363 struct work_struct mi_tm_rx_work;
364 struct work_struct mi_tm_tx_work;
365 struct work_struct tg_work;
366 struct work_struct rf_work;
367
368 struct list_head cmd_queue;
369 struct pn533_cmd *cmd;
370 u8 cmd_pending;
371 struct mutex cmd_lock; /* protects cmd queue */
372
373 void *cmd_complete_mi_arg;
374 void *cmd_complete_dep_arg;
375
376 struct pn533_poll_modulations *poll_mod_active[PN533_POLL_MOD_MAX + 1];
377 u8 poll_mod_count;
378 u8 poll_mod_curr;
379 u8 poll_dep;
380 u32 poll_protocols;
381 u32 listen_protocols;
382 struct timer_list listen_timer;
383 int cancel_listen;
384
385 u8 *gb;
386 size_t gb_len;
387
388 u8 tgt_available_prots;
389 u8 tgt_active_prot;
390 u8 tgt_mode;
391
392 struct pn533_frame_ops *ops;
393};
394
395struct pn533_cmd {
396 struct list_head queue;
397 u8 code;
398 int status;
399 struct sk_buff *req;
400 struct sk_buff *resp;
401 int resp_len;
402 pn533_send_async_complete_t complete_cb;
403 void *complete_cb_context;
404};
405
406struct pn533_std_frame {
407 u8 preamble;
408 __be16 start_frame;
409 u8 datalen;
410 u8 datalen_checksum;
411 u8 data[];
412} __packed;
413
414struct pn533_ext_frame { /* Extended Information frame */
415 u8 preamble;
416 __be16 start_frame;
417 __be16 eif_flag; /* fixed to 0xFFFF */
418 __be16 datalen;
419 u8 datalen_checksum;
420 u8 data[];
421} __packed;
422
423struct pn533_frame_ops {
424 void (*tx_frame_init)(void *frame, u8 cmd_code);
425 void (*tx_frame_finish)(void *frame);
426 void (*tx_update_payload_len)(void *frame, int len);
427 int tx_header_len;
428 int tx_tail_len;
429
430 bool (*rx_is_frame_valid)(void *frame, struct pn533 *dev);
431 int (*rx_frame_size)(void *frame);
432 int rx_header_len;
433 int rx_tail_len;
434
435 int max_payload_len;
436 u8 (*get_cmd_code)(void *frame);
437};
438
439struct pn533_acr122_ccid_hdr {
440 u8 type;
441 u32 datalen;
442 u8 slot;
443 u8 seq;
444 u8 params[3]; /* 3 msg specific bytes or status, error and 1 specific
445 byte for reposnse msg */
446 u8 data[]; /* payload */
447} __packed;
448
449struct pn533_acr122_apdu_hdr {
450 u8 class;
451 u8 ins;
452 u8 p1;
453 u8 p2;
454} __packed;
455
456struct pn533_acr122_tx_frame {
457 struct pn533_acr122_ccid_hdr ccid;
458 struct pn533_acr122_apdu_hdr apdu;
459 u8 datalen;
460 u8 data[]; /* pn533 frame: TFI ... */
461} __packed;
462
463struct pn533_acr122_rx_frame {
464 struct pn533_acr122_ccid_hdr ccid;
465 u8 data[]; /* pn533 frame : TFI ... */
466} __packed;
467
468static void pn533_acr122_tx_frame_init(void *_frame, u8 cmd_code)
469{
470 struct pn533_acr122_tx_frame *frame = _frame;
471
472 frame->ccid.type = PN533_ACR122_PC_TO_RDR_ESCAPE;
473 frame->ccid.datalen = sizeof(frame->apdu) + 1; /* sizeof(apdu_hdr) +
474 sizeof(datalen) */
475 frame->ccid.slot = 0;
476 frame->ccid.seq = 0;
477 frame->ccid.params[0] = 0;
478 frame->ccid.params[1] = 0;
479 frame->ccid.params[2] = 0;
480
481 frame->data[0] = PN533_STD_FRAME_DIR_OUT;
482 frame->data[1] = cmd_code;
483 frame->datalen = 2; /* data[0] + data[1] */
484
485 frame->apdu.class = 0xFF;
486 frame->apdu.ins = 0;
487 frame->apdu.p1 = 0;
488 frame->apdu.p2 = 0;
489}
490
491static void pn533_acr122_tx_frame_finish(void *_frame)
492{
493 struct pn533_acr122_tx_frame *frame = _frame;
494
495 frame->ccid.datalen += frame->datalen;
496}
497
498static void pn533_acr122_tx_update_payload_len(void *_frame, int len)
499{
500 struct pn533_acr122_tx_frame *frame = _frame;
501
502 frame->datalen += len;
503}
504
505static bool pn533_acr122_is_rx_frame_valid(void *_frame, struct pn533 *dev)
506{
507 struct pn533_acr122_rx_frame *frame = _frame;
508
509 if (frame->ccid.type != 0x83)
510 return false;
511
512 if (!frame->ccid.datalen)
513 return false;
514
515 if (frame->data[frame->ccid.datalen - 2] == 0x63)
516 return false;
517
518 return true;
519}
520
521static int pn533_acr122_rx_frame_size(void *frame)
522{
523 struct pn533_acr122_rx_frame *f = frame;
524
525 /* f->ccid.datalen already includes tail length */
526 return sizeof(struct pn533_acr122_rx_frame) + f->ccid.datalen;
527}
528
529static u8 pn533_acr122_get_cmd_code(void *frame)
530{
531 struct pn533_acr122_rx_frame *f = frame;
532
533 return PN533_FRAME_CMD(f);
534}
535
536static struct pn533_frame_ops pn533_acr122_frame_ops = {
537 .tx_frame_init = pn533_acr122_tx_frame_init,
538 .tx_frame_finish = pn533_acr122_tx_frame_finish,
539 .tx_update_payload_len = pn533_acr122_tx_update_payload_len,
540 .tx_header_len = PN533_ACR122_TX_FRAME_HEADER_LEN,
541 .tx_tail_len = PN533_ACR122_TX_FRAME_TAIL_LEN,
542
543 .rx_is_frame_valid = pn533_acr122_is_rx_frame_valid,
544 .rx_header_len = PN533_ACR122_RX_FRAME_HEADER_LEN,
545 .rx_tail_len = PN533_ACR122_RX_FRAME_TAIL_LEN,
546 .rx_frame_size = pn533_acr122_rx_frame_size,
547
548 .max_payload_len = PN533_ACR122_FRAME_MAX_PAYLOAD_LEN,
549 .get_cmd_code = pn533_acr122_get_cmd_code,
550};
551
552/* The rule: value(high byte) + value(low byte) + checksum = 0 */
553static inline u8 pn533_ext_checksum(u16 value)
554{
555 return ~(u8)(((value & 0xFF00) >> 8) + (u8)(value & 0xFF)) + 1;
556}
557
558/* The rule: value + checksum = 0 */
559static inline u8 pn533_std_checksum(u8 value)
560{
561 return ~value + 1;
562}
563
564/* The rule: sum(data elements) + checksum = 0 */
565static u8 pn533_std_data_checksum(u8 *data, int datalen)
566{
567 u8 sum = 0;
568 int i;
569
570 for (i = 0; i < datalen; i++)
571 sum += data[i];
572
573 return pn533_std_checksum(sum);
574}
575
576static void pn533_std_tx_frame_init(void *_frame, u8 cmd_code)
577{
578 struct pn533_std_frame *frame = _frame;
579
580 frame->preamble = 0;
581 frame->start_frame = cpu_to_be16(PN533_STD_FRAME_SOF);
582 PN533_STD_FRAME_IDENTIFIER(frame) = PN533_STD_FRAME_DIR_OUT;
583 PN533_FRAME_CMD(frame) = cmd_code;
584 frame->datalen = 2;
585}
586
587static void pn533_std_tx_frame_finish(void *_frame)
588{
589 struct pn533_std_frame *frame = _frame;
590
591 frame->datalen_checksum = pn533_std_checksum(frame->datalen);
592
593 PN533_STD_FRAME_CHECKSUM(frame) =
594 pn533_std_data_checksum(frame->data, frame->datalen);
595
596 PN533_STD_FRAME_POSTAMBLE(frame) = 0;
597}
598
599static void pn533_std_tx_update_payload_len(void *_frame, int len)
600{
601 struct pn533_std_frame *frame = _frame;
602
603 frame->datalen += len;
604}
605
606static bool pn533_std_rx_frame_is_valid(void *_frame, struct pn533 *dev)
607{
608 u8 checksum;
609 struct pn533_std_frame *stdf = _frame;
610
611 if (stdf->start_frame != cpu_to_be16(PN533_STD_FRAME_SOF))
612 return false;
613
614 if (likely(!PN533_STD_IS_EXTENDED(stdf))) {
615 /* Standard frame code */
616 dev->ops->rx_header_len = PN533_STD_FRAME_HEADER_LEN;
617
618 checksum = pn533_std_checksum(stdf->datalen);
619 if (checksum != stdf->datalen_checksum)
620 return false;
621
622 checksum = pn533_std_data_checksum(stdf->data, stdf->datalen);
623 if (checksum != PN533_STD_FRAME_CHECKSUM(stdf))
624 return false;
625 } else {
626 /* Extended */
627 struct pn533_ext_frame *eif = _frame;
628
629 dev->ops->rx_header_len = PN533_EXT_FRAME_HEADER_LEN;
630
631 checksum = pn533_ext_checksum(be16_to_cpu(eif->datalen));
632 if (checksum != eif->datalen_checksum)
633 return false;
634
635 /* check data checksum */
636 checksum = pn533_std_data_checksum(eif->data,
637 be16_to_cpu(eif->datalen));
638 if (checksum != PN533_EXT_FRAME_CHECKSUM(eif))
639 return false;
640 }
641
642 return true;
643}
644
645static bool pn533_std_rx_frame_is_ack(struct pn533_std_frame *frame)
646{
647 if (frame->start_frame != cpu_to_be16(PN533_STD_FRAME_SOF))
648 return false;
649
650 if (frame->datalen != 0 || frame->datalen_checksum != 0xFF)
651 return false;
652
653 return true;
654}
655
656static inline int pn533_std_rx_frame_size(void *frame)
657{
658 struct pn533_std_frame *f = frame;
659
660 /* check for Extended Information frame */
661 if (PN533_STD_IS_EXTENDED(f)) {
662 struct pn533_ext_frame *eif = frame;
663
664 return sizeof(struct pn533_ext_frame)
665 + be16_to_cpu(eif->datalen) + PN533_STD_FRAME_TAIL_LEN;
666 }
667
668 return sizeof(struct pn533_std_frame) + f->datalen +
669 PN533_STD_FRAME_TAIL_LEN;
670}
671
672static u8 pn533_std_get_cmd_code(void *frame)
673{
674 struct pn533_std_frame *f = frame;
675 struct pn533_ext_frame *eif = frame;
676
677 if (PN533_STD_IS_EXTENDED(f))
678 return PN533_FRAME_CMD(eif);
679 else
680 return PN533_FRAME_CMD(f);
681}
682
683static struct pn533_frame_ops pn533_std_frame_ops = {
684 .tx_frame_init = pn533_std_tx_frame_init,
685 .tx_frame_finish = pn533_std_tx_frame_finish,
686 .tx_update_payload_len = pn533_std_tx_update_payload_len,
687 .tx_header_len = PN533_STD_FRAME_HEADER_LEN,
688 .tx_tail_len = PN533_STD_FRAME_TAIL_LEN,
689
690 .rx_is_frame_valid = pn533_std_rx_frame_is_valid,
691 .rx_frame_size = pn533_std_rx_frame_size,
692 .rx_header_len = PN533_STD_FRAME_HEADER_LEN,
693 .rx_tail_len = PN533_STD_FRAME_TAIL_LEN,
694
695 .max_payload_len = PN533_STD_FRAME_MAX_PAYLOAD_LEN,
696 .get_cmd_code = pn533_std_get_cmd_code,
697};
698
699static bool pn533_rx_frame_is_cmd_response(struct pn533 *dev, void *frame)
700{
701 return (dev->ops->get_cmd_code(frame) ==
702 PN533_CMD_RESPONSE(dev->cmd->code));
703}
704
705static void pn533_recv_response(struct urb *urb)
706{
707 struct pn533 *dev = urb->context;
708 struct pn533_cmd *cmd = dev->cmd;
709 u8 *in_frame;
710
711 cmd->status = urb->status;
712
713 switch (urb->status) {
714 case 0:
715 break; /* success */
716 case -ECONNRESET:
717 case -ENOENT:
718 dev_dbg(&dev->interface->dev,
719 "The urb has been canceled (status %d)\n",
720 urb->status);
721 goto sched_wq;
722 case -ESHUTDOWN:
723 default:
724 nfc_err(&dev->interface->dev,
725 "Urb failure (status %d)\n", urb->status);
726 goto sched_wq;
727 }
728
729 in_frame = dev->in_urb->transfer_buffer;
730
731 dev_dbg(&dev->interface->dev, "Received a frame\n");
732 print_hex_dump_debug("PN533 RX: ", DUMP_PREFIX_NONE, 16, 1, in_frame,
733 dev->ops->rx_frame_size(in_frame), false);
734
735 if (!dev->ops->rx_is_frame_valid(in_frame, dev)) {
736 nfc_err(&dev->interface->dev, "Received an invalid frame\n");
737 cmd->status = -EIO;
738 goto sched_wq;
739 }
740
741 if (!pn533_rx_frame_is_cmd_response(dev, in_frame)) {
742 nfc_err(&dev->interface->dev,
743 "It it not the response to the last command\n");
744 cmd->status = -EIO;
745 goto sched_wq;
746 }
747
748sched_wq:
749 queue_work(dev->wq, &dev->cmd_complete_work);
750}
751
752static int pn533_submit_urb_for_response(struct pn533 *dev, gfp_t flags)
753{
754 dev->in_urb->complete = pn533_recv_response;
755
756 return usb_submit_urb(dev->in_urb, flags);
757}
758
759static void pn533_recv_ack(struct urb *urb)
760{
761 struct pn533 *dev = urb->context;
762 struct pn533_cmd *cmd = dev->cmd;
763 struct pn533_std_frame *in_frame;
764 int rc;
765
766 cmd->status = urb->status;
767
768 switch (urb->status) {
769 case 0:
770 break; /* success */
771 case -ECONNRESET:
772 case -ENOENT:
773 dev_dbg(&dev->interface->dev,
774 "The urb has been stopped (status %d)\n",
775 urb->status);
776 goto sched_wq;
777 case -ESHUTDOWN:
778 default:
779 nfc_err(&dev->interface->dev,
780 "Urb failure (status %d)\n", urb->status);
781 goto sched_wq;
782 }
783
784 in_frame = dev->in_urb->transfer_buffer;
785
786 if (!pn533_std_rx_frame_is_ack(in_frame)) {
787 nfc_err(&dev->interface->dev, "Received an invalid ack\n");
788 cmd->status = -EIO;
789 goto sched_wq;
790 }
791
792 rc = pn533_submit_urb_for_response(dev, GFP_ATOMIC);
793 if (rc) {
794 nfc_err(&dev->interface->dev,
795 "usb_submit_urb failed with result %d\n", rc);
796 cmd->status = rc;
797 goto sched_wq;
798 }
799
800 return;
801
802sched_wq:
803 queue_work(dev->wq, &dev->cmd_complete_work);
804}
805
806static int pn533_submit_urb_for_ack(struct pn533 *dev, gfp_t flags)
807{
808 dev->in_urb->complete = pn533_recv_ack;
809
810 return usb_submit_urb(dev->in_urb, flags);
811}
812
813static int pn533_send_ack(struct pn533 *dev, gfp_t flags)
814{
815 u8 ack[PN533_STD_FRAME_ACK_SIZE] = {0x00, 0x00, 0xff, 0x00, 0xff, 0x00};
816 /* spec 7.1.1.3: Preamble, SoPC (2), ACK Code (2), Postamble */
817 int rc;
818
819 dev->out_urb->transfer_buffer = ack;
820 dev->out_urb->transfer_buffer_length = sizeof(ack);
821 rc = usb_submit_urb(dev->out_urb, flags);
822
823 return rc;
824}
825
826static int __pn533_send_frame_async(struct pn533 *dev,
827 struct sk_buff *out,
828 struct sk_buff *in,
829 int in_len)
830{
831 int rc;
832
833 dev->out_urb->transfer_buffer = out->data;
834 dev->out_urb->transfer_buffer_length = out->len;
835
836 dev->in_urb->transfer_buffer = in->data;
837 dev->in_urb->transfer_buffer_length = in_len;
838
839 print_hex_dump_debug("PN533 TX: ", DUMP_PREFIX_NONE, 16, 1,
840 out->data, out->len, false);
841
842 rc = usb_submit_urb(dev->out_urb, GFP_KERNEL);
843 if (rc)
844 return rc;
845
846 if (dev->protocol_type == PN533_PROTO_REQ_RESP) {
847 /* request for response for sent packet directly */
848 rc = pn533_submit_urb_for_response(dev, GFP_ATOMIC);
849 if (rc)
850 goto error;
851 } else if (dev->protocol_type == PN533_PROTO_REQ_ACK_RESP) {
852 /* request for ACK if that's the case */
853 rc = pn533_submit_urb_for_ack(dev, GFP_KERNEL);
854 if (rc)
855 goto error;
856 }
857
858 return 0;
859
860error:
861 usb_unlink_urb(dev->out_urb);
862 return rc;
863}
864
865static void pn533_build_cmd_frame(struct pn533 *dev, u8 cmd_code,
866 struct sk_buff *skb)
867{
868 /* payload is already there, just update datalen */
869 int payload_len = skb->len;
870 struct pn533_frame_ops *ops = dev->ops;
871
872
873 skb_push(skb, ops->tx_header_len);
874 skb_put(skb, ops->tx_tail_len);
875
876 ops->tx_frame_init(skb->data, cmd_code);
877 ops->tx_update_payload_len(skb->data, payload_len);
878 ops->tx_frame_finish(skb->data);
879}
880
881static int pn533_send_async_complete(struct pn533 *dev)
882{
883 struct pn533_cmd *cmd = dev->cmd;
884 int status = cmd->status;
885
886 struct sk_buff *req = cmd->req;
887 struct sk_buff *resp = cmd->resp;
888
889 int rc;
890
891 dev_kfree_skb(req);
892
893 if (status < 0) {
894 rc = cmd->complete_cb(dev, cmd->complete_cb_context,
895 ERR_PTR(status));
896 dev_kfree_skb(resp);
897 goto done;
898 }
899
900 skb_put(resp, dev->ops->rx_frame_size(resp->data));
901 skb_pull(resp, dev->ops->rx_header_len);
902 skb_trim(resp, resp->len - dev->ops->rx_tail_len);
903
904 rc = cmd->complete_cb(dev, cmd->complete_cb_context, resp);
905
906done:
907 kfree(cmd);
908 dev->cmd = NULL;
909 return rc;
910}
911
912static int __pn533_send_async(struct pn533 *dev, u8 cmd_code,
913 struct sk_buff *req, struct sk_buff *resp,
914 int resp_len,
915 pn533_send_async_complete_t complete_cb,
916 void *complete_cb_context)
917{
918 struct pn533_cmd *cmd;
919 int rc = 0;
920
921 dev_dbg(&dev->interface->dev, "Sending command 0x%x\n", cmd_code);
922
923 cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
924 if (!cmd)
925 return -ENOMEM;
926
927 cmd->code = cmd_code;
928 cmd->req = req;
929 cmd->resp = resp;
930 cmd->resp_len = resp_len;
931 cmd->complete_cb = complete_cb;
932 cmd->complete_cb_context = complete_cb_context;
933
934 pn533_build_cmd_frame(dev, cmd_code, req);
935
936 mutex_lock(&dev->cmd_lock);
937
938 if (!dev->cmd_pending) {
939 rc = __pn533_send_frame_async(dev, req, resp, resp_len);
940 if (rc)
941 goto error;
942
943 dev->cmd_pending = 1;
944 dev->cmd = cmd;
945 goto unlock;
946 }
947
948 dev_dbg(&dev->interface->dev, "%s Queueing command 0x%x\n",
949 __func__, cmd_code);
950
951 INIT_LIST_HEAD(&cmd->queue);
952 list_add_tail(&cmd->queue, &dev->cmd_queue);
953
954 goto unlock;
955
956error:
957 kfree(cmd);
958unlock:
959 mutex_unlock(&dev->cmd_lock);
960 return rc;
961}
962
963static int pn533_send_data_async(struct pn533 *dev, u8 cmd_code,
964 struct sk_buff *req,
965 pn533_send_async_complete_t complete_cb,
966 void *complete_cb_context)
967{
968 struct sk_buff *resp;
969 int rc;
970 int resp_len = dev->ops->rx_header_len +
971 dev->ops->max_payload_len +
972 dev->ops->rx_tail_len;
973
974 resp = nfc_alloc_recv_skb(resp_len, GFP_KERNEL);
975 if (!resp)
976 return -ENOMEM;
977
978 rc = __pn533_send_async(dev, cmd_code, req, resp, resp_len, complete_cb,
979 complete_cb_context);
980 if (rc)
981 dev_kfree_skb(resp);
982
983 return rc;
984}
985
986static int pn533_send_cmd_async(struct pn533 *dev, u8 cmd_code,
987 struct sk_buff *req,
988 pn533_send_async_complete_t complete_cb,
989 void *complete_cb_context)
990{
991 struct sk_buff *resp;
992 int rc;
993 int resp_len = dev->ops->rx_header_len +
994 dev->ops->max_payload_len +
995 dev->ops->rx_tail_len;
996
997 resp = alloc_skb(resp_len, GFP_KERNEL);
998 if (!resp)
999 return -ENOMEM;
1000
1001 rc = __pn533_send_async(dev, cmd_code, req, resp, resp_len, complete_cb,
1002 complete_cb_context);
1003 if (rc)
1004 dev_kfree_skb(resp);
1005
1006 return rc;
1007}
1008
1009/*
1010 * pn533_send_cmd_direct_async
1011 *
1012 * The function sends a piority cmd directly to the chip omiting the cmd
1013 * queue. It's intended to be used by chaining mechanism of received responses
1014 * where the host has to request every single chunk of data before scheduling
1015 * next cmd from the queue.
1016 */
1017static int pn533_send_cmd_direct_async(struct pn533 *dev, u8 cmd_code,
1018 struct sk_buff *req,
1019 pn533_send_async_complete_t complete_cb,
1020 void *complete_cb_context)
1021{
1022 struct sk_buff *resp;
1023 struct pn533_cmd *cmd;
1024 int rc;
1025 int resp_len = dev->ops->rx_header_len +
1026 dev->ops->max_payload_len +
1027 dev->ops->rx_tail_len;
1028
1029 resp = alloc_skb(resp_len, GFP_KERNEL);
1030 if (!resp)
1031 return -ENOMEM;
1032
1033 cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
1034 if (!cmd) {
1035 dev_kfree_skb(resp);
1036 return -ENOMEM;
1037 }
1038
1039 cmd->code = cmd_code;
1040 cmd->req = req;
1041 cmd->resp = resp;
1042 cmd->resp_len = resp_len;
1043 cmd->complete_cb = complete_cb;
1044 cmd->complete_cb_context = complete_cb_context;
1045
1046 pn533_build_cmd_frame(dev, cmd_code, req);
1047
1048 rc = __pn533_send_frame_async(dev, req, resp, resp_len);
1049 if (rc < 0) {
1050 dev_kfree_skb(resp);
1051 kfree(cmd);
1052 } else {
1053 dev->cmd = cmd;
1054 }
1055
1056 return rc;
1057}
1058
1059static void pn533_wq_cmd_complete(struct work_struct *work)
1060{
1061 struct pn533 *dev = container_of(work, struct pn533, cmd_complete_work);
1062 int rc;
1063
1064 rc = pn533_send_async_complete(dev);
1065 if (rc != -EINPROGRESS)
1066 queue_work(dev->wq, &dev->cmd_work);
1067}
1068
1069static void pn533_wq_cmd(struct work_struct *work)
1070{
1071 struct pn533 *dev = container_of(work, struct pn533, cmd_work);
1072 struct pn533_cmd *cmd;
1073 int rc;
1074
1075 mutex_lock(&dev->cmd_lock);
1076
1077 if (list_empty(&dev->cmd_queue)) {
1078 dev->cmd_pending = 0;
1079 mutex_unlock(&dev->cmd_lock);
1080 return;
1081 }
1082
1083 cmd = list_first_entry(&dev->cmd_queue, struct pn533_cmd, queue);
1084
1085 list_del(&cmd->queue);
1086
1087 mutex_unlock(&dev->cmd_lock);
1088
1089 rc = __pn533_send_frame_async(dev, cmd->req, cmd->resp, cmd->resp_len);
1090 if (rc < 0) {
1091 dev_kfree_skb(cmd->req);
1092 dev_kfree_skb(cmd->resp);
1093 kfree(cmd);
1094 return;
1095 }
1096
1097 dev->cmd = cmd;
1098}
1099
1100struct pn533_sync_cmd_response {
1101 struct sk_buff *resp;
1102 struct completion done;
1103};
1104
1105static int pn533_send_sync_complete(struct pn533 *dev, void *_arg,
1106 struct sk_buff *resp)
1107{
1108 struct pn533_sync_cmd_response *arg = _arg;
1109
1110 arg->resp = resp;
1111 complete(&arg->done);
1112
1113 return 0;
1114}
1115
1116/* pn533_send_cmd_sync
1117 *
1118 * Please note the req parameter is freed inside the function to
1119 * limit a number of return value interpretations by the caller.
1120 *
1121 * 1. negative in case of error during TX path -> req should be freed
1122 *
1123 * 2. negative in case of error during RX path -> req should not be freed
1124 * as it's been already freed at the begining of RX path by
1125 * async_complete_cb.
1126 *
1127 * 3. valid pointer in case of succesfult RX path
1128 *
1129 * A caller has to check a return value with IS_ERR macro. If the test pass,
1130 * the returned pointer is valid.
1131 *
1132 * */
1133static struct sk_buff *pn533_send_cmd_sync(struct pn533 *dev, u8 cmd_code,
1134 struct sk_buff *req)
1135{
1136 int rc;
1137 struct pn533_sync_cmd_response arg;
1138
1139 init_completion(&arg.done);
1140
1141 rc = pn533_send_cmd_async(dev, cmd_code, req,
1142 pn533_send_sync_complete, &arg);
1143 if (rc) {
1144 dev_kfree_skb(req);
1145 return ERR_PTR(rc);
1146 }
1147
1148 wait_for_completion(&arg.done);
1149
1150 return arg.resp;
1151}
1152
1153static void pn533_send_complete(struct urb *urb)
1154{
1155 struct pn533 *dev = urb->context;
1156
1157 switch (urb->status) {
1158 case 0:
1159 break; /* success */
1160 case -ECONNRESET:
1161 case -ENOENT:
1162 dev_dbg(&dev->interface->dev,
1163 "The urb has been stopped (status %d)\n",
1164 urb->status);
1165 break;
1166 case -ESHUTDOWN:
1167 default:
1168 nfc_err(&dev->interface->dev, "Urb failure (status %d)\n",
1169 urb->status);
1170 }
1171}
1172
1173static void pn533_abort_cmd(struct pn533 *dev, gfp_t flags)
1174{
1175 /* ACR122U does not support any command which aborts last
1176 * issued command i.e. as ACK for standard PN533. Additionally,
1177 * it behaves stange, sending broken or incorrect responses,
1178 * when we cancel urb before the chip will send response.
1179 */
1180 if (dev->device_type == PN533_DEVICE_ACR122U)
1181 return;
1182
1183 /* An ack will cancel the last issued command */
1184 pn533_send_ack(dev, flags);
1185
1186 /* cancel the urb request */
1187 usb_kill_urb(dev->in_urb);
1188}
1189
1190static struct sk_buff *pn533_alloc_skb(struct pn533 *dev, unsigned int size)
1191{
1192 struct sk_buff *skb;
1193
1194 skb = alloc_skb(dev->ops->tx_header_len +
1195 size +
1196 dev->ops->tx_tail_len, GFP_KERNEL);
1197
1198 if (skb)
1199 skb_reserve(skb, dev->ops->tx_header_len);
1200
1201 return skb;
1202}
1203
1204struct pn533_target_type_a {
1205 __be16 sens_res;
1206 u8 sel_res;
1207 u8 nfcid_len;
1208 u8 nfcid_data[];
1209} __packed;
1210
1211
1212#define PN533_TYPE_A_SENS_RES_NFCID1(x) ((u8)((be16_to_cpu(x) & 0x00C0) >> 6))
1213#define PN533_TYPE_A_SENS_RES_SSD(x) ((u8)((be16_to_cpu(x) & 0x001F) >> 0))
1214#define PN533_TYPE_A_SENS_RES_PLATCONF(x) ((u8)((be16_to_cpu(x) & 0x0F00) >> 8))
1215
1216#define PN533_TYPE_A_SENS_RES_SSD_JEWEL 0x00
1217#define PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL 0x0C
1218
1219#define PN533_TYPE_A_SEL_PROT(x) (((x) & 0x60) >> 5)
1220#define PN533_TYPE_A_SEL_CASCADE(x) (((x) & 0x04) >> 2)
1221
1222#define PN533_TYPE_A_SEL_PROT_MIFARE 0
1223#define PN533_TYPE_A_SEL_PROT_ISO14443 1
1224#define PN533_TYPE_A_SEL_PROT_DEP 2
1225#define PN533_TYPE_A_SEL_PROT_ISO14443_DEP 3
1226
1227static bool pn533_target_type_a_is_valid(struct pn533_target_type_a *type_a,
1228 int target_data_len)
1229{
1230 u8 ssd;
1231 u8 platconf;
1232
1233 if (target_data_len < sizeof(struct pn533_target_type_a))
1234 return false;
1235
1236 /* The lenght check of nfcid[] and ats[] are not being performed because
1237 the values are not being used */
1238
1239 /* Requirement 4.6.3.3 from NFC Forum Digital Spec */
1240 ssd = PN533_TYPE_A_SENS_RES_SSD(type_a->sens_res);
1241 platconf = PN533_TYPE_A_SENS_RES_PLATCONF(type_a->sens_res);
1242
1243 if ((ssd == PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
1244 platconf != PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL) ||
1245 (ssd != PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
1246 platconf == PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL))
1247 return false;
1248
1249 /* Requirements 4.8.2.1, 4.8.2.3, 4.8.2.5 and 4.8.2.7 from NFC Forum */
1250 if (PN533_TYPE_A_SEL_CASCADE(type_a->sel_res) != 0)
1251 return false;
1252
1253 return true;
1254}
1255
1256static int pn533_target_found_type_a(struct nfc_target *nfc_tgt, u8 *tgt_data,
1257 int tgt_data_len)
1258{
1259 struct pn533_target_type_a *tgt_type_a;
1260
1261 tgt_type_a = (struct pn533_target_type_a *)tgt_data;
1262
1263 if (!pn533_target_type_a_is_valid(tgt_type_a, tgt_data_len))
1264 return -EPROTO;
1265
1266 switch (PN533_TYPE_A_SEL_PROT(tgt_type_a->sel_res)) {
1267 case PN533_TYPE_A_SEL_PROT_MIFARE:
1268 nfc_tgt->supported_protocols = NFC_PROTO_MIFARE_MASK;
1269 break;
1270 case PN533_TYPE_A_SEL_PROT_ISO14443:
1271 nfc_tgt->supported_protocols = NFC_PROTO_ISO14443_MASK;
1272 break;
1273 case PN533_TYPE_A_SEL_PROT_DEP:
1274 nfc_tgt->supported_protocols = NFC_PROTO_NFC_DEP_MASK;
1275 break;
1276 case PN533_TYPE_A_SEL_PROT_ISO14443_DEP:
1277 nfc_tgt->supported_protocols = NFC_PROTO_ISO14443_MASK |
1278 NFC_PROTO_NFC_DEP_MASK;
1279 break;
1280 }
1281
1282 nfc_tgt->sens_res = be16_to_cpu(tgt_type_a->sens_res);
1283 nfc_tgt->sel_res = tgt_type_a->sel_res;
1284 nfc_tgt->nfcid1_len = tgt_type_a->nfcid_len;
1285 memcpy(nfc_tgt->nfcid1, tgt_type_a->nfcid_data, nfc_tgt->nfcid1_len);
1286
1287 return 0;
1288}
1289
1290struct pn533_target_felica {
1291 u8 pol_res;
1292 u8 opcode;
1293 u8 nfcid2[NFC_NFCID2_MAXSIZE];
1294 u8 pad[8];
1295 /* optional */
1296 u8 syst_code[];
1297} __packed;
1298
1299#define PN533_FELICA_SENSF_NFCID2_DEP_B1 0x01
1300#define PN533_FELICA_SENSF_NFCID2_DEP_B2 0xFE
1301
1302static bool pn533_target_felica_is_valid(struct pn533_target_felica *felica,
1303 int target_data_len)
1304{
1305 if (target_data_len < sizeof(struct pn533_target_felica))
1306 return false;
1307
1308 if (felica->opcode != PN533_FELICA_OPC_SENSF_RES)
1309 return false;
1310
1311 return true;
1312}
1313
1314static int pn533_target_found_felica(struct nfc_target *nfc_tgt, u8 *tgt_data,
1315 int tgt_data_len)
1316{
1317 struct pn533_target_felica *tgt_felica;
1318
1319 tgt_felica = (struct pn533_target_felica *)tgt_data;
1320
1321 if (!pn533_target_felica_is_valid(tgt_felica, tgt_data_len))
1322 return -EPROTO;
1323
1324 if ((tgt_felica->nfcid2[0] == PN533_FELICA_SENSF_NFCID2_DEP_B1) &&
1325 (tgt_felica->nfcid2[1] == PN533_FELICA_SENSF_NFCID2_DEP_B2))
1326 nfc_tgt->supported_protocols = NFC_PROTO_NFC_DEP_MASK;
1327 else
1328 nfc_tgt->supported_protocols = NFC_PROTO_FELICA_MASK;
1329
1330 memcpy(nfc_tgt->sensf_res, &tgt_felica->opcode, 9);
1331 nfc_tgt->sensf_res_len = 9;
1332
1333 memcpy(nfc_tgt->nfcid2, tgt_felica->nfcid2, NFC_NFCID2_MAXSIZE);
1334 nfc_tgt->nfcid2_len = NFC_NFCID2_MAXSIZE;
1335
1336 return 0;
1337}
1338
1339struct pn533_target_jewel {
1340 __be16 sens_res;
1341 u8 jewelid[4];
1342} __packed;
1343
1344static bool pn533_target_jewel_is_valid(struct pn533_target_jewel *jewel,
1345 int target_data_len)
1346{
1347 u8 ssd;
1348 u8 platconf;
1349
1350 if (target_data_len < sizeof(struct pn533_target_jewel))
1351 return false;
1352
1353 /* Requirement 4.6.3.3 from NFC Forum Digital Spec */
1354 ssd = PN533_TYPE_A_SENS_RES_SSD(jewel->sens_res);
1355 platconf = PN533_TYPE_A_SENS_RES_PLATCONF(jewel->sens_res);
1356
1357 if ((ssd == PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
1358 platconf != PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL) ||
1359 (ssd != PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
1360 platconf == PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL))
1361 return false;
1362
1363 return true;
1364}
1365
1366static int pn533_target_found_jewel(struct nfc_target *nfc_tgt, u8 *tgt_data,
1367 int tgt_data_len)
1368{
1369 struct pn533_target_jewel *tgt_jewel;
1370
1371 tgt_jewel = (struct pn533_target_jewel *)tgt_data;
1372
1373 if (!pn533_target_jewel_is_valid(tgt_jewel, tgt_data_len))
1374 return -EPROTO;
1375
1376 nfc_tgt->supported_protocols = NFC_PROTO_JEWEL_MASK;
1377 nfc_tgt->sens_res = be16_to_cpu(tgt_jewel->sens_res);
1378 nfc_tgt->nfcid1_len = 4;
1379 memcpy(nfc_tgt->nfcid1, tgt_jewel->jewelid, nfc_tgt->nfcid1_len);
1380
1381 return 0;
1382}
1383
1384struct pn533_type_b_prot_info {
1385 u8 bitrate;
1386 u8 fsci_type;
1387 u8 fwi_adc_fo;
1388} __packed;
1389
1390#define PN533_TYPE_B_PROT_FCSI(x) (((x) & 0xF0) >> 4)
1391#define PN533_TYPE_B_PROT_TYPE(x) (((x) & 0x0F) >> 0)
1392#define PN533_TYPE_B_PROT_TYPE_RFU_MASK 0x8
1393
1394struct pn533_type_b_sens_res {
1395 u8 opcode;
1396 u8 nfcid[4];
1397 u8 appdata[4];
1398 struct pn533_type_b_prot_info prot_info;
1399} __packed;
1400
1401#define PN533_TYPE_B_OPC_SENSB_RES 0x50
1402
1403struct pn533_target_type_b {
1404 struct pn533_type_b_sens_res sensb_res;
1405 u8 attrib_res_len;
1406 u8 attrib_res[];
1407} __packed;
1408
1409static bool pn533_target_type_b_is_valid(struct pn533_target_type_b *type_b,
1410 int target_data_len)
1411{
1412 if (target_data_len < sizeof(struct pn533_target_type_b))
1413 return false;
1414
1415 if (type_b->sensb_res.opcode != PN533_TYPE_B_OPC_SENSB_RES)
1416 return false;
1417
1418 if (PN533_TYPE_B_PROT_TYPE(type_b->sensb_res.prot_info.fsci_type) &
1419 PN533_TYPE_B_PROT_TYPE_RFU_MASK)
1420 return false;
1421
1422 return true;
1423}
1424
1425static int pn533_target_found_type_b(struct nfc_target *nfc_tgt, u8 *tgt_data,
1426 int tgt_data_len)
1427{
1428 struct pn533_target_type_b *tgt_type_b;
1429
1430 tgt_type_b = (struct pn533_target_type_b *)tgt_data;
1431
1432 if (!pn533_target_type_b_is_valid(tgt_type_b, tgt_data_len))
1433 return -EPROTO;
1434
1435 nfc_tgt->supported_protocols = NFC_PROTO_ISO14443_B_MASK;
1436
1437 return 0;
1438}
1439
1440static int pn533_target_found(struct pn533 *dev, u8 tg, u8 *tgdata,
1441 int tgdata_len)
1442{
1443 struct nfc_target nfc_tgt;
1444 int rc;
1445
1446 dev_dbg(&dev->interface->dev, "%s: modulation=%d\n",
1447 __func__, dev->poll_mod_curr);
1448
1449 if (tg != 1)
1450 return -EPROTO;
1451
1452 memset(&nfc_tgt, 0, sizeof(struct nfc_target));
1453
1454 switch (dev->poll_mod_curr) {
1455 case PN533_POLL_MOD_106KBPS_A:
1456 rc = pn533_target_found_type_a(&nfc_tgt, tgdata, tgdata_len);
1457 break;
1458 case PN533_POLL_MOD_212KBPS_FELICA:
1459 case PN533_POLL_MOD_424KBPS_FELICA:
1460 rc = pn533_target_found_felica(&nfc_tgt, tgdata, tgdata_len);
1461 break;
1462 case PN533_POLL_MOD_106KBPS_JEWEL:
1463 rc = pn533_target_found_jewel(&nfc_tgt, tgdata, tgdata_len);
1464 break;
1465 case PN533_POLL_MOD_847KBPS_B:
1466 rc = pn533_target_found_type_b(&nfc_tgt, tgdata, tgdata_len);
1467 break;
1468 default:
1469 nfc_err(&dev->interface->dev,
1470 "Unknown current poll modulation\n");
1471 return -EPROTO;
1472 }
1473
1474 if (rc)
1475 return rc;
1476
1477 if (!(nfc_tgt.supported_protocols & dev->poll_protocols)) {
1478 dev_dbg(&dev->interface->dev,
1479 "The Tg found doesn't have the desired protocol\n");
1480 return -EAGAIN;
1481 }
1482
1483 dev_dbg(&dev->interface->dev,
1484 "Target found - supported protocols: 0x%x\n",
1485 nfc_tgt.supported_protocols);
1486
1487 dev->tgt_available_prots = nfc_tgt.supported_protocols;
1488
1489 nfc_targets_found(dev->nfc_dev, &nfc_tgt, 1);
1490
1491 return 0;
1492}
1493
1494static inline void pn533_poll_next_mod(struct pn533 *dev)
1495{
1496 dev->poll_mod_curr = (dev->poll_mod_curr + 1) % dev->poll_mod_count;
1497}
1498
1499static void pn533_poll_reset_mod_list(struct pn533 *dev)
1500{
1501 dev->poll_mod_count = 0;
1502}
1503
1504static void pn533_poll_add_mod(struct pn533 *dev, u8 mod_index)
1505{
1506 dev->poll_mod_active[dev->poll_mod_count] =
1507 (struct pn533_poll_modulations *)&poll_mod[mod_index];
1508 dev->poll_mod_count++;
1509}
1510
1511static void pn533_poll_create_mod_list(struct pn533 *dev,
1512 u32 im_protocols, u32 tm_protocols)
1513{
1514 pn533_poll_reset_mod_list(dev);
1515
1516 if ((im_protocols & NFC_PROTO_MIFARE_MASK) ||
1517 (im_protocols & NFC_PROTO_ISO14443_MASK) ||
1518 (im_protocols & NFC_PROTO_NFC_DEP_MASK))
1519 pn533_poll_add_mod(dev, PN533_POLL_MOD_106KBPS_A);
1520
1521 if (im_protocols & NFC_PROTO_FELICA_MASK ||
1522 im_protocols & NFC_PROTO_NFC_DEP_MASK) {
1523 pn533_poll_add_mod(dev, PN533_POLL_MOD_212KBPS_FELICA);
1524 pn533_poll_add_mod(dev, PN533_POLL_MOD_424KBPS_FELICA);
1525 }
1526
1527 if (im_protocols & NFC_PROTO_JEWEL_MASK)
1528 pn533_poll_add_mod(dev, PN533_POLL_MOD_106KBPS_JEWEL);
1529
1530 if (im_protocols & NFC_PROTO_ISO14443_B_MASK)
1531 pn533_poll_add_mod(dev, PN533_POLL_MOD_847KBPS_B);
1532
1533 if (tm_protocols)
1534 pn533_poll_add_mod(dev, PN533_LISTEN_MOD);
1535}
1536
1537static int pn533_start_poll_complete(struct pn533 *dev, struct sk_buff *resp)
1538{
1539 u8 nbtg, tg, *tgdata;
1540 int rc, tgdata_len;
1541
1542 /* Toggle the DEP polling */
1543 dev->poll_dep = 1;
1544
1545 nbtg = resp->data[0];
1546 tg = resp->data[1];
1547 tgdata = &resp->data[2];
1548 tgdata_len = resp->len - 2; /* nbtg + tg */
1549
1550 if (nbtg) {
1551 rc = pn533_target_found(dev, tg, tgdata, tgdata_len);
1552
1553 /* We must stop the poll after a valid target found */
1554 if (rc == 0) {
1555 pn533_poll_reset_mod_list(dev);
1556 return 0;
1557 }
1558 }
1559
1560 return -EAGAIN;
1561}
1562
1563static struct sk_buff *pn533_alloc_poll_tg_frame(struct pn533 *dev)
1564{
1565 struct sk_buff *skb;
1566 u8 *felica, *nfcid3, *gb;
1567
1568 u8 *gbytes = dev->gb;
1569 size_t gbytes_len = dev->gb_len;
1570
1571 u8 felica_params[18] = {0x1, 0xfe, /* DEP */
1572 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, /* random */
1573 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
1574 0xff, 0xff}; /* System code */
1575
1576 u8 mifare_params[6] = {0x1, 0x1, /* SENS_RES */
1577 0x0, 0x0, 0x0,
1578 0x40}; /* SEL_RES for DEP */
1579
1580 unsigned int skb_len = 36 + /* mode (1), mifare (6),
1581 felica (18), nfcid3 (10), gb_len (1) */
1582 gbytes_len +
1583 1; /* len Tk*/
1584
1585 skb = pn533_alloc_skb(dev, skb_len);
1586 if (!skb)
1587 return NULL;
1588
1589 /* DEP support only */
1590 *skb_put(skb, 1) = PN533_INIT_TARGET_DEP;
1591
1592 /* MIFARE params */
1593 memcpy(skb_put(skb, 6), mifare_params, 6);
1594
1595 /* Felica params */
1596 felica = skb_put(skb, 18);
1597 memcpy(felica, felica_params, 18);
1598 get_random_bytes(felica + 2, 6);
1599
1600 /* NFCID3 */
1601 nfcid3 = skb_put(skb, 10);
1602 memset(nfcid3, 0, 10);
1603 memcpy(nfcid3, felica, 8);
1604
1605 /* General bytes */
1606 *skb_put(skb, 1) = gbytes_len;
1607
1608 gb = skb_put(skb, gbytes_len);
1609 memcpy(gb, gbytes, gbytes_len);
1610
1611 /* Len Tk */
1612 *skb_put(skb, 1) = 0;
1613
1614 return skb;
1615}
1616
1617#define PN533_CMD_DATAEXCH_HEAD_LEN 1
1618#define PN533_CMD_DATAEXCH_DATA_MAXLEN 262
1619static void pn533_wq_tm_mi_recv(struct work_struct *work);
1620static struct sk_buff *pn533_build_response(struct pn533 *dev);
1621
1622static int pn533_tm_get_data_complete(struct pn533 *dev, void *arg,
1623 struct sk_buff *resp)
1624{
1625 struct sk_buff *skb;
1626 u8 status, ret, mi;
1627 int rc;
1628
1629 dev_dbg(&dev->interface->dev, "%s\n", __func__);
1630
1631 if (IS_ERR(resp)) {
1632 skb_queue_purge(&dev->resp_q);
1633 return PTR_ERR(resp);
1634 }
1635
1636 status = resp->data[0];
1637
1638 ret = status & PN533_CMD_RET_MASK;
1639 mi = status & PN533_CMD_MI_MASK;
1640
1641 skb_pull(resp, sizeof(status));
1642
1643 if (ret != PN533_CMD_RET_SUCCESS) {
1644 rc = -EIO;
1645 goto error;
1646 }
1647
1648 skb_queue_tail(&dev->resp_q, resp);
1649
1650 if (mi) {
1651 queue_work(dev->wq, &dev->mi_tm_rx_work);
1652 return -EINPROGRESS;
1653 }
1654
1655 skb = pn533_build_response(dev);
1656 if (!skb) {
1657 rc = -EIO;
1658 goto error;
1659 }
1660
1661 return nfc_tm_data_received(dev->nfc_dev, skb);
1662
1663error:
1664 nfc_tm_deactivated(dev->nfc_dev);
1665 dev->tgt_mode = 0;
1666 skb_queue_purge(&dev->resp_q);
1667 dev_kfree_skb(resp);
1668
1669 return rc;
1670}
1671
1672static void pn533_wq_tm_mi_recv(struct work_struct *work)
1673{
1674 struct pn533 *dev = container_of(work, struct pn533, mi_tm_rx_work);
1675 struct sk_buff *skb;
1676 int rc;
1677
1678 dev_dbg(&dev->interface->dev, "%s\n", __func__);
1679
1680 skb = pn533_alloc_skb(dev, 0);
1681 if (!skb)
1682 return;
1683
1684 rc = pn533_send_cmd_direct_async(dev,
1685 PN533_CMD_TG_GET_DATA,
1686 skb,
1687 pn533_tm_get_data_complete,
1688 NULL);
1689
1690 if (rc < 0)
1691 dev_kfree_skb(skb);
1692
1693 return;
1694}
1695
1696static int pn533_tm_send_complete(struct pn533 *dev, void *arg,
1697 struct sk_buff *resp);
1698static void pn533_wq_tm_mi_send(struct work_struct *work)
1699{
1700 struct pn533 *dev = container_of(work, struct pn533, mi_tm_tx_work);
1701 struct sk_buff *skb;
1702 int rc;
1703
1704 dev_dbg(&dev->interface->dev, "%s\n", __func__);
1705
1706 /* Grab the first skb in the queue */
1707 skb = skb_dequeue(&dev->fragment_skb);
1708 if (skb == NULL) { /* No more data */
1709 /* Reset the queue for future use */
1710 skb_queue_head_init(&dev->fragment_skb);
1711 goto error;
1712 }
1713
1714 /* last entry - remove MI bit */
1715 if (skb_queue_len(&dev->fragment_skb) == 0) {
1716 rc = pn533_send_cmd_direct_async(dev, PN533_CMD_TG_SET_DATA,
1717 skb, pn533_tm_send_complete, NULL);
1718 } else
1719 rc = pn533_send_cmd_direct_async(dev,
1720 PN533_CMD_TG_SET_META_DATA,
1721 skb, pn533_tm_send_complete, NULL);
1722
1723 if (rc == 0) /* success */
1724 return;
1725
1726 dev_err(&dev->interface->dev,
1727 "Error %d when trying to perform set meta data_exchange", rc);
1728
1729 dev_kfree_skb(skb);
1730
1731error:
1732 pn533_send_ack(dev, GFP_KERNEL);
1733 queue_work(dev->wq, &dev->cmd_work);
1734}
1735
1736static void pn533_wq_tg_get_data(struct work_struct *work)
1737{
1738 struct pn533 *dev = container_of(work, struct pn533, tg_work);
1739 struct sk_buff *skb;
1740 int rc;
1741
1742 dev_dbg(&dev->interface->dev, "%s\n", __func__);
1743
1744 skb = pn533_alloc_skb(dev, 0);
1745 if (!skb)
1746 return;
1747
1748 rc = pn533_send_data_async(dev, PN533_CMD_TG_GET_DATA, skb,
1749 pn533_tm_get_data_complete, NULL);
1750
1751 if (rc < 0)
1752 dev_kfree_skb(skb);
1753
1754 return;
1755}
1756
1757#define ATR_REQ_GB_OFFSET 17
1758static int pn533_init_target_complete(struct pn533 *dev, struct sk_buff *resp)
1759{
1760 u8 mode, *cmd, comm_mode = NFC_COMM_PASSIVE, *gb;
1761 size_t gb_len;
1762 int rc;
1763
1764 dev_dbg(&dev->interface->dev, "%s\n", __func__);
1765
1766 if (resp->len < ATR_REQ_GB_OFFSET + 1)
1767 return -EINVAL;
1768
1769 mode = resp->data[0];
1770 cmd = &resp->data[1];
1771
1772 dev_dbg(&dev->interface->dev, "Target mode 0x%x len %d\n",
1773 mode, resp->len);
1774
1775 if ((mode & PN533_INIT_TARGET_RESP_FRAME_MASK) ==
1776 PN533_INIT_TARGET_RESP_ACTIVE)
1777 comm_mode = NFC_COMM_ACTIVE;
1778
1779 if ((mode & PN533_INIT_TARGET_RESP_DEP) == 0) /* Only DEP supported */
1780 return -EOPNOTSUPP;
1781
1782 gb = cmd + ATR_REQ_GB_OFFSET;
1783 gb_len = resp->len - (ATR_REQ_GB_OFFSET + 1);
1784
1785 rc = nfc_tm_activated(dev->nfc_dev, NFC_PROTO_NFC_DEP_MASK,
1786 comm_mode, gb, gb_len);
1787 if (rc < 0) {
1788 nfc_err(&dev->interface->dev,
1789 "Error when signaling target activation\n");
1790 return rc;
1791 }
1792
1793 dev->tgt_mode = 1;
1794 queue_work(dev->wq, &dev->tg_work);
1795
1796 return 0;
1797}
1798
1799static void pn533_listen_mode_timer(unsigned long data)
1800{
1801 struct pn533 *dev = (struct pn533 *)data;
1802
1803 dev_dbg(&dev->interface->dev, "Listen mode timeout\n");
1804
1805 dev->cancel_listen = 1;
1806
1807 pn533_poll_next_mod(dev);
1808
1809 queue_delayed_work(dev->wq, &dev->poll_work,
1810 msecs_to_jiffies(PN533_POLL_INTERVAL));
1811}
1812
1813static int pn533_rf_complete(struct pn533 *dev, void *arg,
1814 struct sk_buff *resp)
1815{
1816 int rc = 0;
1817
1818 dev_dbg(&dev->interface->dev, "%s\n", __func__);
1819
1820 if (IS_ERR(resp)) {
1821 rc = PTR_ERR(resp);
1822
1823 nfc_err(&dev->interface->dev, "RF setting error %d", rc);
1824
1825 return rc;
1826 }
1827
1828 queue_delayed_work(dev->wq, &dev->poll_work,
1829 msecs_to_jiffies(PN533_POLL_INTERVAL));
1830
1831 dev_kfree_skb(resp);
1832 return rc;
1833}
1834
1835static void pn533_wq_rf(struct work_struct *work)
1836{
1837 struct pn533 *dev = container_of(work, struct pn533, rf_work);
1838 struct sk_buff *skb;
1839 int rc;
1840
1841 dev_dbg(&dev->interface->dev, "%s\n", __func__);
1842
1843 skb = pn533_alloc_skb(dev, 2);
1844 if (!skb)
1845 return;
1846
1847 *skb_put(skb, 1) = PN533_CFGITEM_RF_FIELD;
1848 *skb_put(skb, 1) = PN533_CFGITEM_RF_FIELD_AUTO_RFCA;
1849
1850 rc = pn533_send_cmd_async(dev, PN533_CMD_RF_CONFIGURATION, skb,
1851 pn533_rf_complete, NULL);
1852 if (rc < 0) {
1853 dev_kfree_skb(skb);
1854 nfc_err(&dev->interface->dev, "RF setting error %d\n", rc);
1855 }
1856
1857 return;
1858}
1859
1860static int pn533_poll_dep_complete(struct pn533 *dev, void *arg,
1861 struct sk_buff *resp)
1862{
1863 struct pn533_cmd_jump_dep_response *rsp;
1864 struct nfc_target nfc_target;
1865 u8 target_gt_len;
1866 int rc;
1867
1868 if (IS_ERR(resp))
1869 return PTR_ERR(resp);
1870
1871 rsp = (struct pn533_cmd_jump_dep_response *)resp->data;
1872
1873 rc = rsp->status & PN533_CMD_RET_MASK;
1874 if (rc != PN533_CMD_RET_SUCCESS) {
1875 /* Not target found, turn radio off */
1876 queue_work(dev->wq, &dev->rf_work);
1877
1878 dev_kfree_skb(resp);
1879 return 0;
1880 }
1881
1882 dev_dbg(&dev->interface->dev, "Creating new target");
1883
1884 nfc_target.supported_protocols = NFC_PROTO_NFC_DEP_MASK;
1885 nfc_target.nfcid1_len = 10;
1886 memcpy(nfc_target.nfcid1, rsp->nfcid3t, nfc_target.nfcid1_len);
1887 rc = nfc_targets_found(dev->nfc_dev, &nfc_target, 1);
1888 if (rc)
1889 goto error;
1890
1891 dev->tgt_available_prots = 0;
1892 dev->tgt_active_prot = NFC_PROTO_NFC_DEP;
1893
1894 /* ATR_RES general bytes are located at offset 17 */
1895 target_gt_len = resp->len - 17;
1896 rc = nfc_set_remote_general_bytes(dev->nfc_dev,
1897 rsp->gt, target_gt_len);
1898 if (!rc) {
1899 rc = nfc_dep_link_is_up(dev->nfc_dev,
1900 dev->nfc_dev->targets[0].idx,
1901 0, NFC_RF_INITIATOR);
1902
1903 if (!rc)
1904 pn533_poll_reset_mod_list(dev);
1905 }
1906error:
1907 dev_kfree_skb(resp);
1908 return rc;
1909}
1910
1911#define PASSIVE_DATA_LEN 5
1912static int pn533_poll_dep(struct nfc_dev *nfc_dev)
1913{
1914 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1915 struct sk_buff *skb;
1916 int rc, skb_len;
1917 u8 *next, nfcid3[NFC_NFCID3_MAXSIZE];
1918 u8 passive_data[PASSIVE_DATA_LEN] = {0x00, 0xff, 0xff, 0x00, 0x3};
1919
1920 dev_dbg(&dev->interface->dev, "%s", __func__);
1921
1922 if (!dev->gb) {
1923 dev->gb = nfc_get_local_general_bytes(nfc_dev, &dev->gb_len);
1924
1925 if (!dev->gb || !dev->gb_len) {
1926 dev->poll_dep = 0;
1927 queue_work(dev->wq, &dev->rf_work);
1928 }
1929 }
1930
1931 skb_len = 3 + dev->gb_len; /* ActPass + BR + Next */
1932 skb_len += PASSIVE_DATA_LEN;
1933
1934 /* NFCID3 */
1935 skb_len += NFC_NFCID3_MAXSIZE;
1936 nfcid3[0] = 0x1;
1937 nfcid3[1] = 0xfe;
1938 get_random_bytes(nfcid3 + 2, 6);
1939
1940 skb = pn533_alloc_skb(dev, skb_len);
1941 if (!skb)
1942 return -ENOMEM;
1943
1944 *skb_put(skb, 1) = 0x01; /* Active */
1945 *skb_put(skb, 1) = 0x02; /* 424 kbps */
1946
1947 next = skb_put(skb, 1); /* Next */
1948 *next = 0;
1949
1950 /* Copy passive data */
1951 memcpy(skb_put(skb, PASSIVE_DATA_LEN), passive_data, PASSIVE_DATA_LEN);
1952 *next |= 1;
1953
1954 /* Copy NFCID3 (which is NFCID2 from SENSF_RES) */
1955 memcpy(skb_put(skb, NFC_NFCID3_MAXSIZE), nfcid3,
1956 NFC_NFCID3_MAXSIZE);
1957 *next |= 2;
1958
1959 memcpy(skb_put(skb, dev->gb_len), dev->gb, dev->gb_len);
1960 *next |= 4; /* We have some Gi */
1961
1962 rc = pn533_send_cmd_async(dev, PN533_CMD_IN_JUMP_FOR_DEP, skb,
1963 pn533_poll_dep_complete, NULL);
1964
1965 if (rc < 0)
1966 dev_kfree_skb(skb);
1967
1968 return rc;
1969}
1970
1971static int pn533_poll_complete(struct pn533 *dev, void *arg,
1972 struct sk_buff *resp)
1973{
1974 struct pn533_poll_modulations *cur_mod;
1975 int rc;
1976
1977 dev_dbg(&dev->interface->dev, "%s\n", __func__);
1978
1979 if (IS_ERR(resp)) {
1980 rc = PTR_ERR(resp);
1981
1982 nfc_err(&dev->interface->dev, "%s Poll complete error %d\n",
1983 __func__, rc);
1984
1985 if (rc == -ENOENT) {
1986 if (dev->poll_mod_count != 0)
1987 return rc;
1988 else
1989 goto stop_poll;
1990 } else if (rc < 0) {
1991 nfc_err(&dev->interface->dev,
1992 "Error %d when running poll\n", rc);
1993 goto stop_poll;
1994 }
1995 }
1996
1997 cur_mod = dev->poll_mod_active[dev->poll_mod_curr];
1998
1999 if (cur_mod->len == 0) { /* Target mode */
2000 del_timer(&dev->listen_timer);
2001 rc = pn533_init_target_complete(dev, resp);
2002 goto done;
2003 }
2004
2005 /* Initiator mode */
2006 rc = pn533_start_poll_complete(dev, resp);
2007 if (!rc)
2008 goto done;
2009
2010 if (!dev->poll_mod_count) {
2011 dev_dbg(&dev->interface->dev, "Polling has been stopped\n");
2012 goto done;
2013 }
2014
2015 pn533_poll_next_mod(dev);
2016 /* Not target found, turn radio off */
2017 queue_work(dev->wq, &dev->rf_work);
2018
2019done:
2020 dev_kfree_skb(resp);
2021 return rc;
2022
2023stop_poll:
2024 nfc_err(&dev->interface->dev, "Polling operation has been stopped\n");
2025
2026 pn533_poll_reset_mod_list(dev);
2027 dev->poll_protocols = 0;
2028 return rc;
2029}
2030
2031static struct sk_buff *pn533_alloc_poll_in_frame(struct pn533 *dev,
2032 struct pn533_poll_modulations *mod)
2033{
2034 struct sk_buff *skb;
2035
2036 skb = pn533_alloc_skb(dev, mod->len);
2037 if (!skb)
2038 return NULL;
2039
2040 memcpy(skb_put(skb, mod->len), &mod->data, mod->len);
2041
2042 return skb;
2043}
2044
2045static int pn533_send_poll_frame(struct pn533 *dev)
2046{
2047 struct pn533_poll_modulations *mod;
2048 struct sk_buff *skb;
2049 int rc;
2050 u8 cmd_code;
2051
2052 mod = dev->poll_mod_active[dev->poll_mod_curr];
2053
2054 dev_dbg(&dev->interface->dev, "%s mod len %d\n",
2055 __func__, mod->len);
2056
2057 if (dev->poll_dep) {
2058 dev->poll_dep = 0;
2059 return pn533_poll_dep(dev->nfc_dev);
2060 }
2061
2062 if (mod->len == 0) { /* Listen mode */
2063 cmd_code = PN533_CMD_TG_INIT_AS_TARGET;
2064 skb = pn533_alloc_poll_tg_frame(dev);
2065 } else { /* Polling mode */
2066 cmd_code = PN533_CMD_IN_LIST_PASSIVE_TARGET;
2067 skb = pn533_alloc_poll_in_frame(dev, mod);
2068 }
2069
2070 if (!skb) {
2071 nfc_err(&dev->interface->dev, "Failed to allocate skb\n");
2072 return -ENOMEM;
2073 }
2074
2075 rc = pn533_send_cmd_async(dev, cmd_code, skb, pn533_poll_complete,
2076 NULL);
2077 if (rc < 0) {
2078 dev_kfree_skb(skb);
2079 nfc_err(&dev->interface->dev, "Polling loop error %d\n", rc);
2080 }
2081
2082 return rc;
2083}
2084
2085static void pn533_wq_poll(struct work_struct *work)
2086{
2087 struct pn533 *dev = container_of(work, struct pn533, poll_work.work);
2088 struct pn533_poll_modulations *cur_mod;
2089 int rc;
2090
2091 cur_mod = dev->poll_mod_active[dev->poll_mod_curr];
2092
2093 dev_dbg(&dev->interface->dev,
2094 "%s cancel_listen %d modulation len %d\n",
2095 __func__, dev->cancel_listen, cur_mod->len);
2096
2097 if (dev->cancel_listen == 1) {
2098 dev->cancel_listen = 0;
2099 pn533_abort_cmd(dev, GFP_ATOMIC);
2100 }
2101
2102 rc = pn533_send_poll_frame(dev);
2103 if (rc)
2104 return;
2105
2106 if (cur_mod->len == 0 && dev->poll_mod_count > 1)
2107 mod_timer(&dev->listen_timer, jiffies + PN533_LISTEN_TIME * HZ);
2108
2109 return;
2110}
2111
2112static int pn533_start_poll(struct nfc_dev *nfc_dev,
2113 u32 im_protocols, u32 tm_protocols)
2114{
2115 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
2116 struct pn533_poll_modulations *cur_mod;
2117 u8 rand_mod;
2118 int rc;
2119
2120 dev_dbg(&dev->interface->dev,
2121 "%s: im protocols 0x%x tm protocols 0x%x\n",
2122 __func__, im_protocols, tm_protocols);
2123
2124 if (dev->tgt_active_prot) {
2125 nfc_err(&dev->interface->dev,
2126 "Cannot poll with a target already activated\n");
2127 return -EBUSY;
2128 }
2129
2130 if (dev->tgt_mode) {
2131 nfc_err(&dev->interface->dev,
2132 "Cannot poll while already being activated\n");
2133 return -EBUSY;
2134 }
2135
2136 if (tm_protocols) {
2137 dev->gb = nfc_get_local_general_bytes(nfc_dev, &dev->gb_len);
2138 if (dev->gb == NULL)
2139 tm_protocols = 0;
2140 }
2141
2142 pn533_poll_create_mod_list(dev, im_protocols, tm_protocols);
2143 dev->poll_protocols = im_protocols;
2144 dev->listen_protocols = tm_protocols;
2145
2146 /* Do not always start polling from the same modulation */
2147 get_random_bytes(&rand_mod, sizeof(rand_mod));
2148 rand_mod %= dev->poll_mod_count;
2149 dev->poll_mod_curr = rand_mod;
2150
2151 cur_mod = dev->poll_mod_active[dev->poll_mod_curr];
2152
2153 rc = pn533_send_poll_frame(dev);
2154
2155 /* Start listen timer */
2156 if (!rc && cur_mod->len == 0 && dev->poll_mod_count > 1)
2157 mod_timer(&dev->listen_timer, jiffies + PN533_LISTEN_TIME * HZ);
2158
2159 return rc;
2160}
2161
2162static void pn533_stop_poll(struct nfc_dev *nfc_dev)
2163{
2164 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
2165
2166 del_timer(&dev->listen_timer);
2167
2168 if (!dev->poll_mod_count) {
2169 dev_dbg(&dev->interface->dev,
2170 "Polling operation was not running\n");
2171 return;
2172 }
2173
2174 pn533_abort_cmd(dev, GFP_KERNEL);
2175 flush_delayed_work(&dev->poll_work);
2176 pn533_poll_reset_mod_list(dev);
2177}
2178
2179static int pn533_activate_target_nfcdep(struct pn533 *dev)
2180{
2181 struct pn533_cmd_activate_response *rsp;
2182 u16 gt_len;
2183 int rc;
2184 struct sk_buff *skb;
2185 struct sk_buff *resp;
2186
2187 dev_dbg(&dev->interface->dev, "%s\n", __func__);
2188
2189 skb = pn533_alloc_skb(dev, sizeof(u8) * 2); /*TG + Next*/
2190 if (!skb)
2191 return -ENOMEM;
2192
2193 *skb_put(skb, sizeof(u8)) = 1; /* TG */
2194 *skb_put(skb, sizeof(u8)) = 0; /* Next */
2195
2196 resp = pn533_send_cmd_sync(dev, PN533_CMD_IN_ATR, skb);
2197 if (IS_ERR(resp))
2198 return PTR_ERR(resp);
2199
2200 rsp = (struct pn533_cmd_activate_response *)resp->data;
2201 rc = rsp->status & PN533_CMD_RET_MASK;
2202 if (rc != PN533_CMD_RET_SUCCESS) {
2203 nfc_err(&dev->interface->dev,
2204 "Target activation failed (error 0x%x)\n", rc);
2205 dev_kfree_skb(resp);
2206 return -EIO;
2207 }
2208
2209 /* ATR_RES general bytes are located at offset 16 */
2210 gt_len = resp->len - 16;
2211 rc = nfc_set_remote_general_bytes(dev->nfc_dev, rsp->gt, gt_len);
2212
2213 dev_kfree_skb(resp);
2214 return rc;
2215}
2216
2217static int pn533_activate_target(struct nfc_dev *nfc_dev,
2218 struct nfc_target *target, u32 protocol)
2219{
2220 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
2221 int rc;
2222
2223 dev_dbg(&dev->interface->dev, "%s: protocol=%u\n", __func__, protocol);
2224
2225 if (dev->poll_mod_count) {
2226 nfc_err(&dev->interface->dev,
2227 "Cannot activate while polling\n");
2228 return -EBUSY;
2229 }
2230
2231 if (dev->tgt_active_prot) {
2232 nfc_err(&dev->interface->dev,
2233 "There is already an active target\n");
2234 return -EBUSY;
2235 }
2236
2237 if (!dev->tgt_available_prots) {
2238 nfc_err(&dev->interface->dev,
2239 "There is no available target to activate\n");
2240 return -EINVAL;
2241 }
2242
2243 if (!(dev->tgt_available_prots & (1 << protocol))) {
2244 nfc_err(&dev->interface->dev,
2245 "Target doesn't support requested proto %u\n",
2246 protocol);
2247 return -EINVAL;
2248 }
2249
2250 if (protocol == NFC_PROTO_NFC_DEP) {
2251 rc = pn533_activate_target_nfcdep(dev);
2252 if (rc) {
2253 nfc_err(&dev->interface->dev,
2254 "Activating target with DEP failed %d\n", rc);
2255 return rc;
2256 }
2257 }
2258
2259 dev->tgt_active_prot = protocol;
2260 dev->tgt_available_prots = 0;
2261
2262 return 0;
2263}
2264
2265static void pn533_deactivate_target(struct nfc_dev *nfc_dev,
2266 struct nfc_target *target)
2267{
2268 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
2269 struct sk_buff *skb;
2270 struct sk_buff *resp;
2271 int rc;
2272
2273 dev_dbg(&dev->interface->dev, "%s\n", __func__);
2274
2275 if (!dev->tgt_active_prot) {
2276 nfc_err(&dev->interface->dev, "There is no active target\n");
2277 return;
2278 }
2279
2280 dev->tgt_active_prot = 0;
2281 skb_queue_purge(&dev->resp_q);
2282
2283 skb = pn533_alloc_skb(dev, sizeof(u8));
2284 if (!skb)
2285 return;
2286
2287 *skb_put(skb, 1) = 1; /* TG*/
2288
2289 resp = pn533_send_cmd_sync(dev, PN533_CMD_IN_RELEASE, skb);
2290 if (IS_ERR(resp))
2291 return;
2292
2293 rc = resp->data[0] & PN533_CMD_RET_MASK;
2294 if (rc != PN533_CMD_RET_SUCCESS)
2295 nfc_err(&dev->interface->dev,
2296 "Error 0x%x when releasing the target\n", rc);
2297
2298 dev_kfree_skb(resp);
2299 return;
2300}
2301
2302
2303static int pn533_in_dep_link_up_complete(struct pn533 *dev, void *arg,
2304 struct sk_buff *resp)
2305{
2306 struct pn533_cmd_jump_dep_response *rsp;
2307 u8 target_gt_len;
2308 int rc;
2309 u8 active = *(u8 *)arg;
2310
2311 kfree(arg);
2312
2313 if (IS_ERR(resp))
2314 return PTR_ERR(resp);
2315
2316 if (dev->tgt_available_prots &&
2317 !(dev->tgt_available_prots & (1 << NFC_PROTO_NFC_DEP))) {
2318 nfc_err(&dev->interface->dev,
2319 "The target does not support DEP\n");
2320 rc = -EINVAL;
2321 goto error;
2322 }
2323
2324 rsp = (struct pn533_cmd_jump_dep_response *)resp->data;
2325
2326 rc = rsp->status & PN533_CMD_RET_MASK;
2327 if (rc != PN533_CMD_RET_SUCCESS) {
2328 nfc_err(&dev->interface->dev,
2329 "Bringing DEP link up failed (error 0x%x)\n", rc);
2330 goto error;
2331 }
2332
2333 if (!dev->tgt_available_prots) {
2334 struct nfc_target nfc_target;
2335
2336 dev_dbg(&dev->interface->dev, "Creating new target\n");
2337
2338 nfc_target.supported_protocols = NFC_PROTO_NFC_DEP_MASK;
2339 nfc_target.nfcid1_len = 10;
2340 memcpy(nfc_target.nfcid1, rsp->nfcid3t, nfc_target.nfcid1_len);
2341 rc = nfc_targets_found(dev->nfc_dev, &nfc_target, 1);
2342 if (rc)
2343 goto error;
2344
2345 dev->tgt_available_prots = 0;
2346 }
2347
2348 dev->tgt_active_prot = NFC_PROTO_NFC_DEP;
2349
2350 /* ATR_RES general bytes are located at offset 17 */
2351 target_gt_len = resp->len - 17;
2352 rc = nfc_set_remote_general_bytes(dev->nfc_dev,
2353 rsp->gt, target_gt_len);
2354 if (rc == 0)
2355 rc = nfc_dep_link_is_up(dev->nfc_dev,
2356 dev->nfc_dev->targets[0].idx,
2357 !active, NFC_RF_INITIATOR);
2358
2359error:
2360 dev_kfree_skb(resp);
2361 return rc;
2362}
2363
2364static int pn533_rf_field(struct nfc_dev *nfc_dev, u8 rf);
2365static int pn533_dep_link_up(struct nfc_dev *nfc_dev, struct nfc_target *target,
2366 u8 comm_mode, u8 *gb, size_t gb_len)
2367{
2368 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
2369 struct sk_buff *skb;
2370 int rc, skb_len;
2371 u8 *next, *arg, nfcid3[NFC_NFCID3_MAXSIZE];
2372 u8 passive_data[PASSIVE_DATA_LEN] = {0x00, 0xff, 0xff, 0x00, 0x3};
2373
2374 dev_dbg(&dev->interface->dev, "%s\n", __func__);
2375
2376 if (dev->poll_mod_count) {
2377 nfc_err(&dev->interface->dev,
2378 "Cannot bring the DEP link up while polling\n");
2379 return -EBUSY;
2380 }
2381
2382 if (dev->tgt_active_prot) {
2383 nfc_err(&dev->interface->dev,
2384 "There is already an active target\n");
2385 return -EBUSY;
2386 }
2387
2388 skb_len = 3 + gb_len; /* ActPass + BR + Next */
2389 skb_len += PASSIVE_DATA_LEN;
2390
2391 /* NFCID3 */
2392 skb_len += NFC_NFCID3_MAXSIZE;
2393 if (target && !target->nfcid2_len) {
2394 nfcid3[0] = 0x1;
2395 nfcid3[1] = 0xfe;
2396 get_random_bytes(nfcid3 + 2, 6);
2397 }
2398
2399 skb = pn533_alloc_skb(dev, skb_len);
2400 if (!skb)
2401 return -ENOMEM;
2402
2403 *skb_put(skb, 1) = !comm_mode; /* ActPass */
2404 *skb_put(skb, 1) = 0x02; /* 424 kbps */
2405
2406 next = skb_put(skb, 1); /* Next */
2407 *next = 0;
2408
2409 /* Copy passive data */
2410 memcpy(skb_put(skb, PASSIVE_DATA_LEN), passive_data, PASSIVE_DATA_LEN);
2411 *next |= 1;
2412
2413 /* Copy NFCID3 (which is NFCID2 from SENSF_RES) */
2414 if (target && target->nfcid2_len)
2415 memcpy(skb_put(skb, NFC_NFCID3_MAXSIZE), target->nfcid2,
2416 target->nfcid2_len);
2417 else
2418 memcpy(skb_put(skb, NFC_NFCID3_MAXSIZE), nfcid3,
2419 NFC_NFCID3_MAXSIZE);
2420 *next |= 2;
2421
2422 if (gb != NULL && gb_len > 0) {
2423 memcpy(skb_put(skb, gb_len), gb, gb_len);
2424 *next |= 4; /* We have some Gi */
2425 } else {
2426 *next = 0;
2427 }
2428
2429 arg = kmalloc(sizeof(*arg), GFP_KERNEL);
2430 if (!arg) {
2431 dev_kfree_skb(skb);
2432 return -ENOMEM;
2433 }
2434
2435 *arg = !comm_mode;
2436
2437 pn533_rf_field(dev->nfc_dev, 0);
2438
2439 rc = pn533_send_cmd_async(dev, PN533_CMD_IN_JUMP_FOR_DEP, skb,
2440 pn533_in_dep_link_up_complete, arg);
2441
2442 if (rc < 0) {
2443 dev_kfree_skb(skb);
2444 kfree(arg);
2445 }
2446
2447 return rc;
2448}
2449
2450static int pn533_dep_link_down(struct nfc_dev *nfc_dev)
2451{
2452 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
2453
2454 dev_dbg(&dev->interface->dev, "%s\n", __func__);
2455
2456 pn533_poll_reset_mod_list(dev);
2457
2458 if (dev->tgt_mode || dev->tgt_active_prot)
2459 pn533_abort_cmd(dev, GFP_KERNEL);
2460
2461 dev->tgt_active_prot = 0;
2462 dev->tgt_mode = 0;
2463
2464 skb_queue_purge(&dev->resp_q);
2465
2466 return 0;
2467}
2468
2469struct pn533_data_exchange_arg {
2470 data_exchange_cb_t cb;
2471 void *cb_context;
2472};
2473
2474static struct sk_buff *pn533_build_response(struct pn533 *dev)
2475{
2476 struct sk_buff *skb, *tmp, *t;
2477 unsigned int skb_len = 0, tmp_len = 0;
2478
2479 dev_dbg(&dev->interface->dev, "%s\n", __func__);
2480
2481 if (skb_queue_empty(&dev->resp_q))
2482 return NULL;
2483
2484 if (skb_queue_len(&dev->resp_q) == 1) {
2485 skb = skb_dequeue(&dev->resp_q);
2486 goto out;
2487 }
2488
2489 skb_queue_walk_safe(&dev->resp_q, tmp, t)
2490 skb_len += tmp->len;
2491
2492 dev_dbg(&dev->interface->dev, "%s total length %d\n",
2493 __func__, skb_len);
2494
2495 skb = alloc_skb(skb_len, GFP_KERNEL);
2496 if (skb == NULL)
2497 goto out;
2498
2499 skb_put(skb, skb_len);
2500
2501 skb_queue_walk_safe(&dev->resp_q, tmp, t) {
2502 memcpy(skb->data + tmp_len, tmp->data, tmp->len);
2503 tmp_len += tmp->len;
2504 }
2505
2506out:
2507 skb_queue_purge(&dev->resp_q);
2508
2509 return skb;
2510}
2511
2512static int pn533_data_exchange_complete(struct pn533 *dev, void *_arg,
2513 struct sk_buff *resp)
2514{
2515 struct pn533_data_exchange_arg *arg = _arg;
2516 struct sk_buff *skb;
2517 int rc = 0;
2518 u8 status, ret, mi;
2519
2520 dev_dbg(&dev->interface->dev, "%s\n", __func__);
2521
2522 if (IS_ERR(resp)) {
2523 rc = PTR_ERR(resp);
2524 goto _error;
2525 }
2526
2527 status = resp->data[0];
2528 ret = status & PN533_CMD_RET_MASK;
2529 mi = status & PN533_CMD_MI_MASK;
2530
2531 skb_pull(resp, sizeof(status));
2532
2533 if (ret != PN533_CMD_RET_SUCCESS) {
2534 nfc_err(&dev->interface->dev,
2535 "Exchanging data failed (error 0x%x)\n", ret);
2536 rc = -EIO;
2537 goto error;
2538 }
2539
2540 skb_queue_tail(&dev->resp_q, resp);
2541
2542 if (mi) {
2543 dev->cmd_complete_mi_arg = arg;
2544 queue_work(dev->wq, &dev->mi_rx_work);
2545 return -EINPROGRESS;
2546 }
2547
2548 /* Prepare for the next round */
2549 if (skb_queue_len(&dev->fragment_skb) > 0) {
2550 dev->cmd_complete_dep_arg = arg;
2551 queue_work(dev->wq, &dev->mi_tx_work);
2552
2553 return -EINPROGRESS;
2554 }
2555
2556 skb = pn533_build_response(dev);
2557 if (!skb)
2558 goto error;
2559
2560 arg->cb(arg->cb_context, skb, 0);
2561 kfree(arg);
2562 return 0;
2563
2564error:
2565 dev_kfree_skb(resp);
2566_error:
2567 skb_queue_purge(&dev->resp_q);
2568 arg->cb(arg->cb_context, NULL, rc);
2569 kfree(arg);
2570 return rc;
2571}
2572
2573/* Split the Tx skb into small chunks */
2574static int pn533_fill_fragment_skbs(struct pn533 *dev, struct sk_buff *skb)
2575{
2576 struct sk_buff *frag;
2577 int frag_size;
2578
2579 do {
2580 /* Remaining size */
2581 if (skb->len > PN533_CMD_DATAFRAME_MAXLEN)
2582 frag_size = PN533_CMD_DATAFRAME_MAXLEN;
2583 else
2584 frag_size = skb->len;
2585
2586 /* Allocate and reserve */
2587 frag = pn533_alloc_skb(dev, frag_size);
2588 if (!frag) {
2589 skb_queue_purge(&dev->fragment_skb);
2590 break;
2591 }
2592
2593 if (!dev->tgt_mode) {
2594 /* Reserve the TG/MI byte */
2595 skb_reserve(frag, 1);
2596
2597 /* MI + TG */
2598 if (frag_size == PN533_CMD_DATAFRAME_MAXLEN)
2599 *skb_push(frag, sizeof(u8)) =
2600 (PN533_CMD_MI_MASK | 1);
2601 else
2602 *skb_push(frag, sizeof(u8)) = 1; /* TG */
2603 }
2604
2605 memcpy(skb_put(frag, frag_size), skb->data, frag_size);
2606
2607 /* Reduce the size of incoming buffer */
2608 skb_pull(skb, frag_size);
2609
2610 /* Add this to skb_queue */
2611 skb_queue_tail(&dev->fragment_skb, frag);
2612
2613 } while (skb->len > 0);
2614
2615 dev_kfree_skb(skb);
2616
2617 return skb_queue_len(&dev->fragment_skb);
2618}
2619
2620static int pn533_transceive(struct nfc_dev *nfc_dev,
2621 struct nfc_target *target, struct sk_buff *skb,
2622 data_exchange_cb_t cb, void *cb_context)
2623{
2624 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
2625 struct pn533_data_exchange_arg *arg = NULL;
2626 int rc;
2627
2628 dev_dbg(&dev->interface->dev, "%s\n", __func__);
2629
2630 if (!dev->tgt_active_prot) {
2631 nfc_err(&dev->interface->dev,
2632 "Can't exchange data if there is no active target\n");
2633 rc = -EINVAL;
2634 goto error;
2635 }
2636
2637 arg = kmalloc(sizeof(*arg), GFP_KERNEL);
2638 if (!arg) {
2639 rc = -ENOMEM;
2640 goto error;
2641 }
2642
2643 arg->cb = cb;
2644 arg->cb_context = cb_context;
2645
2646 switch (dev->device_type) {
2647 case PN533_DEVICE_PASORI:
2648 if (dev->tgt_active_prot == NFC_PROTO_FELICA) {
2649 rc = pn533_send_data_async(dev, PN533_CMD_IN_COMM_THRU,
2650 skb,
2651 pn533_data_exchange_complete,
2652 arg);
2653
2654 break;
2655 }
2656 default:
2657 /* jumbo frame ? */
2658 if (skb->len > PN533_CMD_DATAEXCH_DATA_MAXLEN) {
2659 rc = pn533_fill_fragment_skbs(dev, skb);
2660 if (rc <= 0)
2661 goto error;
2662
2663 skb = skb_dequeue(&dev->fragment_skb);
2664 if (!skb) {
2665 rc = -EIO;
2666 goto error;
2667 }
2668 } else {
2669 *skb_push(skb, sizeof(u8)) = 1; /* TG */
2670 }
2671
2672 rc = pn533_send_data_async(dev, PN533_CMD_IN_DATA_EXCHANGE,
2673 skb, pn533_data_exchange_complete,
2674 arg);
2675
2676 break;
2677 }
2678
2679 if (rc < 0) /* rc from send_async */
2680 goto error;
2681
2682 return 0;
2683
2684error:
2685 kfree(arg);
2686 dev_kfree_skb(skb);
2687 return rc;
2688}
2689
2690static int pn533_tm_send_complete(struct pn533 *dev, void *arg,
2691 struct sk_buff *resp)
2692{
2693 u8 status;
2694
2695 dev_dbg(&dev->interface->dev, "%s\n", __func__);
2696
2697 if (IS_ERR(resp))
2698 return PTR_ERR(resp);
2699
2700 status = resp->data[0];
2701
2702 /* Prepare for the next round */
2703 if (skb_queue_len(&dev->fragment_skb) > 0) {
2704 queue_work(dev->wq, &dev->mi_tm_tx_work);
2705 return -EINPROGRESS;
2706 }
2707 dev_kfree_skb(resp);
2708
2709 if (status != 0) {
2710 nfc_tm_deactivated(dev->nfc_dev);
2711
2712 dev->tgt_mode = 0;
2713
2714 return 0;
2715 }
2716
2717 queue_work(dev->wq, &dev->tg_work);
2718
2719 return 0;
2720}
2721
2722static int pn533_tm_send(struct nfc_dev *nfc_dev, struct sk_buff *skb)
2723{
2724 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
2725 int rc;
2726
2727 dev_dbg(&dev->interface->dev, "%s\n", __func__);
2728
2729 /* let's split in multiple chunks if size's too big */
2730 if (skb->len > PN533_CMD_DATAEXCH_DATA_MAXLEN) {
2731 rc = pn533_fill_fragment_skbs(dev, skb);
2732 if (rc <= 0)
2733 goto error;
2734
2735 /* get the first skb */
2736 skb = skb_dequeue(&dev->fragment_skb);
2737 if (!skb) {
2738 rc = -EIO;
2739 goto error;
2740 }
2741
2742 rc = pn533_send_data_async(dev, PN533_CMD_TG_SET_META_DATA, skb,
2743 pn533_tm_send_complete, NULL);
2744 } else {
2745 /* Send th skb */
2746 rc = pn533_send_data_async(dev, PN533_CMD_TG_SET_DATA, skb,
2747 pn533_tm_send_complete, NULL);
2748 }
2749
2750error:
2751 if (rc < 0) {
2752 dev_kfree_skb(skb);
2753 skb_queue_purge(&dev->fragment_skb);
2754 }
2755
2756 return rc;
2757}
2758
2759static void pn533_wq_mi_recv(struct work_struct *work)
2760{
2761 struct pn533 *dev = container_of(work, struct pn533, mi_rx_work);
2762 struct sk_buff *skb;
2763 int rc;
2764
2765 dev_dbg(&dev->interface->dev, "%s\n", __func__);
2766
2767 skb = pn533_alloc_skb(dev, PN533_CMD_DATAEXCH_HEAD_LEN);
2768 if (!skb)
2769 goto error;
2770
2771 switch (dev->device_type) {
2772 case PN533_DEVICE_PASORI:
2773 if (dev->tgt_active_prot == NFC_PROTO_FELICA) {
2774 rc = pn533_send_cmd_direct_async(dev,
2775 PN533_CMD_IN_COMM_THRU,
2776 skb,
2777 pn533_data_exchange_complete,
2778 dev->cmd_complete_mi_arg);
2779
2780 break;
2781 }
2782 default:
2783 *skb_put(skb, sizeof(u8)) = 1; /*TG*/
2784
2785 rc = pn533_send_cmd_direct_async(dev,
2786 PN533_CMD_IN_DATA_EXCHANGE,
2787 skb,
2788 pn533_data_exchange_complete,
2789 dev->cmd_complete_mi_arg);
2790
2791 break;
2792 }
2793
2794 if (rc == 0) /* success */
2795 return;
2796
2797 nfc_err(&dev->interface->dev,
2798 "Error %d when trying to perform data_exchange\n", rc);
2799
2800 dev_kfree_skb(skb);
2801 kfree(dev->cmd_complete_mi_arg);
2802
2803error:
2804 pn533_send_ack(dev, GFP_KERNEL);
2805 queue_work(dev->wq, &dev->cmd_work);
2806}
2807
2808static void pn533_wq_mi_send(struct work_struct *work)
2809{
2810 struct pn533 *dev = container_of(work, struct pn533, mi_tx_work);
2811 struct sk_buff *skb;
2812 int rc;
2813
2814 dev_dbg(&dev->interface->dev, "%s\n", __func__);
2815
2816 /* Grab the first skb in the queue */
2817 skb = skb_dequeue(&dev->fragment_skb);
2818
2819 if (skb == NULL) { /* No more data */
2820 /* Reset the queue for future use */
2821 skb_queue_head_init(&dev->fragment_skb);
2822 goto error;
2823 }
2824
2825 switch (dev->device_type) {
2826 case PN533_DEVICE_PASORI:
2827 if (dev->tgt_active_prot != NFC_PROTO_FELICA) {
2828 rc = -EIO;
2829 break;
2830 }
2831
2832 rc = pn533_send_cmd_direct_async(dev, PN533_CMD_IN_COMM_THRU,
2833 skb,
2834 pn533_data_exchange_complete,
2835 dev->cmd_complete_dep_arg);
2836
2837 break;
2838
2839 default:
2840 /* Still some fragments? */
2841 rc = pn533_send_cmd_direct_async(dev,PN533_CMD_IN_DATA_EXCHANGE,
2842 skb,
2843 pn533_data_exchange_complete,
2844 dev->cmd_complete_dep_arg);
2845
2846 break;
2847 }
2848
2849 if (rc == 0) /* success */
2850 return;
2851
2852 nfc_err(&dev->interface->dev,
2853 "Error %d when trying to perform data_exchange\n", rc);
2854
2855 dev_kfree_skb(skb);
2856 kfree(dev->cmd_complete_dep_arg);
2857
2858error:
2859 pn533_send_ack(dev, GFP_KERNEL);
2860 queue_work(dev->wq, &dev->cmd_work);
2861}
2862
2863static int pn533_set_configuration(struct pn533 *dev, u8 cfgitem, u8 *cfgdata,
2864 u8 cfgdata_len)
2865{
2866 struct sk_buff *skb;
2867 struct sk_buff *resp;
2868 int skb_len;
2869
2870 dev_dbg(&dev->interface->dev, "%s\n", __func__);
2871
2872 skb_len = sizeof(cfgitem) + cfgdata_len; /* cfgitem + cfgdata */
2873
2874 skb = pn533_alloc_skb(dev, skb_len);
2875 if (!skb)
2876 return -ENOMEM;
2877
2878 *skb_put(skb, sizeof(cfgitem)) = cfgitem;
2879 memcpy(skb_put(skb, cfgdata_len), cfgdata, cfgdata_len);
2880
2881 resp = pn533_send_cmd_sync(dev, PN533_CMD_RF_CONFIGURATION, skb);
2882 if (IS_ERR(resp))
2883 return PTR_ERR(resp);
2884
2885 dev_kfree_skb(resp);
2886 return 0;
2887}
2888
2889static int pn533_get_firmware_version(struct pn533 *dev,
2890 struct pn533_fw_version *fv)
2891{
2892 struct sk_buff *skb;
2893 struct sk_buff *resp;
2894
2895 skb = pn533_alloc_skb(dev, 0);
2896 if (!skb)
2897 return -ENOMEM;
2898
2899 resp = pn533_send_cmd_sync(dev, PN533_CMD_GET_FIRMWARE_VERSION, skb);
2900 if (IS_ERR(resp))
2901 return PTR_ERR(resp);
2902
2903 fv->ic = resp->data[0];
2904 fv->ver = resp->data[1];
2905 fv->rev = resp->data[2];
2906 fv->support = resp->data[3];
2907
2908 dev_kfree_skb(resp);
2909 return 0;
2910}
2911
2912static int pn533_pasori_fw_reset(struct pn533 *dev)
2913{
2914 struct sk_buff *skb;
2915 struct sk_buff *resp;
2916
2917 dev_dbg(&dev->interface->dev, "%s\n", __func__);
2918
2919 skb = pn533_alloc_skb(dev, sizeof(u8));
2920 if (!skb)
2921 return -ENOMEM;
2922
2923 *skb_put(skb, sizeof(u8)) = 0x1;
2924
2925 resp = pn533_send_cmd_sync(dev, 0x18, skb);
2926 if (IS_ERR(resp))
2927 return PTR_ERR(resp);
2928
2929 dev_kfree_skb(resp);
2930
2931 return 0;
2932}
2933
2934struct pn533_acr122_poweron_rdr_arg {
2935 int rc;
2936 struct completion done;
2937};
2938
2939static void pn533_acr122_poweron_rdr_resp(struct urb *urb)
2940{
2941 struct pn533_acr122_poweron_rdr_arg *arg = urb->context;
2942
2943 dev_dbg(&urb->dev->dev, "%s\n", __func__);
2944
2945 print_hex_dump_debug("ACR122 RX: ", DUMP_PREFIX_NONE, 16, 1,
2946 urb->transfer_buffer, urb->transfer_buffer_length,
2947 false);
2948
2949 arg->rc = urb->status;
2950 complete(&arg->done);
2951}
2952
2953static int pn533_acr122_poweron_rdr(struct pn533 *dev)
2954{
2955 /* Power on th reader (CCID cmd) */
2956 u8 cmd[10] = {PN533_ACR122_PC_TO_RDR_ICCPOWERON,
2957 0, 0, 0, 0, 0, 0, 3, 0, 0};
2958 u8 buf[255];
2959 int rc;
2960 void *cntx;
2961 struct pn533_acr122_poweron_rdr_arg arg;
2962
2963 dev_dbg(&dev->interface->dev, "%s\n", __func__);
2964
2965 init_completion(&arg.done);
2966 cntx = dev->in_urb->context; /* backup context */
2967
2968 dev->in_urb->transfer_buffer = buf;
2969 dev->in_urb->transfer_buffer_length = 255;
2970 dev->in_urb->complete = pn533_acr122_poweron_rdr_resp;
2971 dev->in_urb->context = &arg;
2972
2973 dev->out_urb->transfer_buffer = cmd;
2974 dev->out_urb->transfer_buffer_length = sizeof(cmd);
2975
2976 print_hex_dump_debug("ACR122 TX: ", DUMP_PREFIX_NONE, 16, 1,
2977 cmd, sizeof(cmd), false);
2978
2979 rc = usb_submit_urb(dev->out_urb, GFP_KERNEL);
2980 if (rc) {
2981 nfc_err(&dev->interface->dev,
2982 "Reader power on cmd error %d\n", rc);
2983 return rc;
2984 }
2985
2986 rc = usb_submit_urb(dev->in_urb, GFP_KERNEL);
2987 if (rc) {
2988 nfc_err(&dev->interface->dev,
2989 "Can't submit reader poweron cmd response %d\n", rc);
2990 return rc;
2991 }
2992
2993 wait_for_completion(&arg.done);
2994 dev->in_urb->context = cntx; /* restore context */
2995
2996 return arg.rc;
2997}
2998
2999static int pn533_rf_field(struct nfc_dev *nfc_dev, u8 rf)
3000{
3001 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
3002 u8 rf_field = !!rf;
3003 int rc;
3004
3005 rf_field |= PN533_CFGITEM_RF_FIELD_AUTO_RFCA;
3006
3007 rc = pn533_set_configuration(dev, PN533_CFGITEM_RF_FIELD,
3008 (u8 *)&rf_field, 1);
3009 if (rc) {
3010 nfc_err(&dev->interface->dev, "Error on setting RF field\n");
3011 return rc;
3012 }
3013
3014 return rc;
3015}
3016
3017static int pn533_dev_up(struct nfc_dev *nfc_dev)
3018{
3019 return pn533_rf_field(nfc_dev, 1);
3020}
3021
3022static int pn533_dev_down(struct nfc_dev *nfc_dev)
3023{
3024 return pn533_rf_field(nfc_dev, 0);
3025}
3026
3027static struct nfc_ops pn533_nfc_ops = {
3028 .dev_up = pn533_dev_up,
3029 .dev_down = pn533_dev_down,
3030 .dep_link_up = pn533_dep_link_up,
3031 .dep_link_down = pn533_dep_link_down,
3032 .start_poll = pn533_start_poll,
3033 .stop_poll = pn533_stop_poll,
3034 .activate_target = pn533_activate_target,
3035 .deactivate_target = pn533_deactivate_target,
3036 .im_transceive = pn533_transceive,
3037 .tm_send = pn533_tm_send,
3038};
3039
3040static int pn533_setup(struct pn533 *dev)
3041{
3042 struct pn533_config_max_retries max_retries;
3043 struct pn533_config_timing timing;
3044 u8 pasori_cfg[3] = {0x08, 0x01, 0x08};
3045 int rc;
3046
3047 switch (dev->device_type) {
3048 case PN533_DEVICE_STD:
3049 case PN533_DEVICE_PASORI:
3050 case PN533_DEVICE_ACR122U:
3051 max_retries.mx_rty_atr = 0x2;
3052 max_retries.mx_rty_psl = 0x1;
3053 max_retries.mx_rty_passive_act =
3054 PN533_CONFIG_MAX_RETRIES_NO_RETRY;
3055
3056 timing.rfu = PN533_CONFIG_TIMING_102;
3057 timing.atr_res_timeout = PN533_CONFIG_TIMING_102;
3058 timing.dep_timeout = PN533_CONFIG_TIMING_204;
3059
3060 break;
3061
3062 default:
3063 nfc_err(&dev->interface->dev, "Unknown device type %d\n",
3064 dev->device_type);
3065 return -EINVAL;
3066 }
3067
3068 rc = pn533_set_configuration(dev, PN533_CFGITEM_MAX_RETRIES,
3069 (u8 *)&max_retries, sizeof(max_retries));
3070 if (rc) {
3071 nfc_err(&dev->interface->dev,
3072 "Error on setting MAX_RETRIES config\n");
3073 return rc;
3074 }
3075
3076
3077 rc = pn533_set_configuration(dev, PN533_CFGITEM_TIMING,
3078 (u8 *)&timing, sizeof(timing));
3079 if (rc) {
3080 nfc_err(&dev->interface->dev, "Error on setting RF timings\n");
3081 return rc;
3082 }
3083
3084 switch (dev->device_type) {
3085 case PN533_DEVICE_STD:
3086 break;
3087
3088 case PN533_DEVICE_PASORI:
3089 pn533_pasori_fw_reset(dev);
3090
3091 rc = pn533_set_configuration(dev, PN533_CFGITEM_PASORI,
3092 pasori_cfg, 3);
3093 if (rc) {
3094 nfc_err(&dev->interface->dev,
3095 "Error while settings PASORI config\n");
3096 return rc;
3097 }
3098
3099 pn533_pasori_fw_reset(dev);
3100
3101 break;
3102 }
3103
3104 return 0;
3105}
3106
3107static int pn533_probe(struct usb_interface *interface,
3108 const struct usb_device_id *id)
3109{
3110 struct pn533_fw_version fw_ver;
3111 struct pn533 *dev;
3112 struct usb_host_interface *iface_desc;
3113 struct usb_endpoint_descriptor *endpoint;
3114 int in_endpoint = 0;
3115 int out_endpoint = 0;
3116 int rc = -ENOMEM;
3117 int i;
3118 u32 protocols;
3119
3120 dev = kzalloc(sizeof(*dev), GFP_KERNEL);
3121 if (!dev)
3122 return -ENOMEM;
3123
3124 dev->udev = usb_get_dev(interface_to_usbdev(interface));
3125 dev->interface = interface;
3126 mutex_init(&dev->cmd_lock);
3127
3128 iface_desc = interface->cur_altsetting;
3129 for (i = 0; i < iface_desc->desc.bNumEndpoints; ++i) {
3130 endpoint = &iface_desc->endpoint[i].desc;
3131
3132 if (!in_endpoint && usb_endpoint_is_bulk_in(endpoint))
3133 in_endpoint = endpoint->bEndpointAddress;
3134
3135 if (!out_endpoint && usb_endpoint_is_bulk_out(endpoint))
3136 out_endpoint = endpoint->bEndpointAddress;
3137 }
3138
3139 if (!in_endpoint || !out_endpoint) {
3140 nfc_err(&interface->dev,
3141 "Could not find bulk-in or bulk-out endpoint\n");
3142 rc = -ENODEV;
3143 goto error;
3144 }
3145
3146 dev->in_urb = usb_alloc_urb(0, GFP_KERNEL);
3147 dev->out_urb = usb_alloc_urb(0, GFP_KERNEL);
3148
3149 if (!dev->in_urb || !dev->out_urb)
3150 goto error;
3151
3152 usb_fill_bulk_urb(dev->in_urb, dev->udev,
3153 usb_rcvbulkpipe(dev->udev, in_endpoint),
3154 NULL, 0, NULL, dev);
3155 usb_fill_bulk_urb(dev->out_urb, dev->udev,
3156 usb_sndbulkpipe(dev->udev, out_endpoint),
3157 NULL, 0, pn533_send_complete, dev);
3158
3159 INIT_WORK(&dev->cmd_work, pn533_wq_cmd);
3160 INIT_WORK(&dev->cmd_complete_work, pn533_wq_cmd_complete);
3161 INIT_WORK(&dev->mi_rx_work, pn533_wq_mi_recv);
3162 INIT_WORK(&dev->mi_tx_work, pn533_wq_mi_send);
3163 INIT_WORK(&dev->tg_work, pn533_wq_tg_get_data);
3164 INIT_WORK(&dev->mi_tm_rx_work, pn533_wq_tm_mi_recv);
3165 INIT_WORK(&dev->mi_tm_tx_work, pn533_wq_tm_mi_send);
3166 INIT_DELAYED_WORK(&dev->poll_work, pn533_wq_poll);
3167 INIT_WORK(&dev->rf_work, pn533_wq_rf);
3168 dev->wq = alloc_ordered_workqueue("pn533", 0);
3169 if (dev->wq == NULL)
3170 goto error;
3171
3172 init_timer(&dev->listen_timer);
3173 dev->listen_timer.data = (unsigned long) dev;
3174 dev->listen_timer.function = pn533_listen_mode_timer;
3175
3176 skb_queue_head_init(&dev->resp_q);
3177 skb_queue_head_init(&dev->fragment_skb);
3178
3179 INIT_LIST_HEAD(&dev->cmd_queue);
3180
3181 usb_set_intfdata(interface, dev);
3182
3183 dev->ops = &pn533_std_frame_ops;
3184
3185 dev->protocol_type = PN533_PROTO_REQ_ACK_RESP;
3186 dev->device_type = id->driver_info;
3187 switch (dev->device_type) {
3188 case PN533_DEVICE_STD:
3189 protocols = PN533_ALL_PROTOCOLS;
3190 break;
3191
3192 case PN533_DEVICE_PASORI:
3193 protocols = PN533_NO_TYPE_B_PROTOCOLS;
3194 break;
3195
3196 case PN533_DEVICE_ACR122U:
3197 protocols = PN533_NO_TYPE_B_PROTOCOLS;
3198 dev->ops = &pn533_acr122_frame_ops;
3199 dev->protocol_type = PN533_PROTO_REQ_RESP,
3200
3201 rc = pn533_acr122_poweron_rdr(dev);
3202 if (rc < 0) {
3203 nfc_err(&dev->interface->dev,
3204 "Couldn't poweron the reader (error %d)\n", rc);
3205 goto destroy_wq;
3206 }
3207 break;
3208
3209 default:
3210 nfc_err(&dev->interface->dev, "Unknown device type %d\n",
3211 dev->device_type);
3212 rc = -EINVAL;
3213 goto destroy_wq;
3214 }
3215
3216 memset(&fw_ver, 0, sizeof(fw_ver));
3217 rc = pn533_get_firmware_version(dev, &fw_ver);
3218 if (rc < 0)
3219 goto destroy_wq;
3220
3221 nfc_info(&dev->interface->dev,
3222 "NXP PN5%02X firmware ver %d.%d now attached\n",
3223 fw_ver.ic, fw_ver.ver, fw_ver.rev);
3224
3225
3226 dev->nfc_dev = nfc_allocate_device(&pn533_nfc_ops, protocols,
3227 dev->ops->tx_header_len +
3228 PN533_CMD_DATAEXCH_HEAD_LEN,
3229 dev->ops->tx_tail_len);
3230 if (!dev->nfc_dev) {
3231 rc = -ENOMEM;
3232 goto destroy_wq;
3233 }
3234
3235 nfc_set_parent_dev(dev->nfc_dev, &interface->dev);
3236 nfc_set_drvdata(dev->nfc_dev, dev);
3237
3238 rc = nfc_register_device(dev->nfc_dev);
3239 if (rc)
3240 goto free_nfc_dev;
3241
3242 rc = pn533_setup(dev);
3243 if (rc)
3244 goto unregister_nfc_dev;
3245
3246 return 0;
3247
3248unregister_nfc_dev:
3249 nfc_unregister_device(dev->nfc_dev);
3250
3251free_nfc_dev:
3252 nfc_free_device(dev->nfc_dev);
3253
3254destroy_wq:
3255 destroy_workqueue(dev->wq);
3256error:
3257 usb_free_urb(dev->in_urb);
3258 usb_free_urb(dev->out_urb);
3259 usb_put_dev(dev->udev);
3260 kfree(dev);
3261 return rc;
3262}
3263
3264static void pn533_disconnect(struct usb_interface *interface)
3265{
3266 struct pn533 *dev;
3267 struct pn533_cmd *cmd, *n;
3268
3269 dev = usb_get_intfdata(interface);
3270 usb_set_intfdata(interface, NULL);
3271
3272 nfc_unregister_device(dev->nfc_dev);
3273 nfc_free_device(dev->nfc_dev);
3274
3275 usb_kill_urb(dev->in_urb);
3276 usb_kill_urb(dev->out_urb);
3277
3278 flush_delayed_work(&dev->poll_work);
3279 destroy_workqueue(dev->wq);
3280
3281 skb_queue_purge(&dev->resp_q);
3282
3283 del_timer(&dev->listen_timer);
3284
3285 list_for_each_entry_safe(cmd, n, &dev->cmd_queue, queue) {
3286 list_del(&cmd->queue);
3287 kfree(cmd);
3288 }
3289
3290 usb_free_urb(dev->in_urb);
3291 usb_free_urb(dev->out_urb);
3292 kfree(dev);
3293
3294 nfc_info(&interface->dev, "NXP PN533 NFC device disconnected\n");
3295}
3296
3297static struct usb_driver pn533_driver = {
3298 .name = "pn533",
3299 .probe = pn533_probe,
3300 .disconnect = pn533_disconnect,
3301 .id_table = pn533_table,
3302};
3303
3304module_usb_driver(pn533_driver);
3305
3306MODULE_AUTHOR("Lauro Ramos Venancio <lauro.venancio@openbossa.org>");
3307MODULE_AUTHOR("Aloisio Almeida Jr <aloisio.almeida@openbossa.org>");
3308MODULE_AUTHOR("Waldemar Rymarkiewicz <waldemar.rymarkiewicz@tieto.com>");
3309MODULE_DESCRIPTION("PN533 usb driver ver " VERSION);
3310MODULE_VERSION(VERSION);
3311MODULE_LICENSE("GPL");