Loading...
Note: File does not exist in v6.8.
1/*
2 * Copyright (C) 2011 Instituto Nokia de Tecnologia
3 * Copyright (C) 2012-2013 Tieto Poland
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License
16 * along with this program; if not, see <http://www.gnu.org/licenses/>.
17 */
18
19#include <linux/device.h>
20#include <linux/kernel.h>
21#include <linux/module.h>
22#include <linux/slab.h>
23#include <linux/usb.h>
24#include <linux/nfc.h>
25#include <linux/netdevice.h>
26#include <net/nfc/nfc.h>
27
28#define VERSION "0.2"
29
30#define PN533_VENDOR_ID 0x4CC
31#define PN533_PRODUCT_ID 0x2533
32
33#define SCM_VENDOR_ID 0x4E6
34#define SCL3711_PRODUCT_ID 0x5591
35
36#define SONY_VENDOR_ID 0x054c
37#define PASORI_PRODUCT_ID 0x02e1
38
39#define ACS_VENDOR_ID 0x072f
40#define ACR122U_PRODUCT_ID 0x2200
41
42#define PN533_DEVICE_STD 0x1
43#define PN533_DEVICE_PASORI 0x2
44#define PN533_DEVICE_ACR122U 0x3
45
46#define PN533_ALL_PROTOCOLS (NFC_PROTO_JEWEL_MASK | NFC_PROTO_MIFARE_MASK |\
47 NFC_PROTO_FELICA_MASK | NFC_PROTO_ISO14443_MASK |\
48 NFC_PROTO_NFC_DEP_MASK |\
49 NFC_PROTO_ISO14443_B_MASK)
50
51#define PN533_NO_TYPE_B_PROTOCOLS (NFC_PROTO_JEWEL_MASK | \
52 NFC_PROTO_MIFARE_MASK | \
53 NFC_PROTO_FELICA_MASK | \
54 NFC_PROTO_ISO14443_MASK | \
55 NFC_PROTO_NFC_DEP_MASK)
56
57static const struct usb_device_id pn533_table[] = {
58 { USB_DEVICE(PN533_VENDOR_ID, PN533_PRODUCT_ID),
59 .driver_info = PN533_DEVICE_STD },
60 { USB_DEVICE(SCM_VENDOR_ID, SCL3711_PRODUCT_ID),
61 .driver_info = PN533_DEVICE_STD },
62 { USB_DEVICE(SONY_VENDOR_ID, PASORI_PRODUCT_ID),
63 .driver_info = PN533_DEVICE_PASORI },
64 { USB_DEVICE(ACS_VENDOR_ID, ACR122U_PRODUCT_ID),
65 .driver_info = PN533_DEVICE_ACR122U },
66 { }
67};
68MODULE_DEVICE_TABLE(usb, pn533_table);
69
70/* How much time we spend listening for initiators */
71#define PN533_LISTEN_TIME 2
72/* Delay between each poll frame (ms) */
73#define PN533_POLL_INTERVAL 10
74
75/* Standard pn533 frame definitions (standard and extended)*/
76#define PN533_STD_FRAME_HEADER_LEN (sizeof(struct pn533_std_frame) \
77 + 2) /* data[0] TFI, data[1] CC */
78#define PN533_STD_FRAME_TAIL_LEN 2 /* data[len] DCS, data[len + 1] postamble*/
79
80#define PN533_EXT_FRAME_HEADER_LEN (sizeof(struct pn533_ext_frame) \
81 + 2) /* data[0] TFI, data[1] CC */
82
83#define PN533_CMD_DATAEXCH_DATA_MAXLEN 262
84#define PN533_CMD_DATAFRAME_MAXLEN 240 /* max data length (send) */
85
86/*
87 * Max extended frame payload len, excluding TFI and CC
88 * which are already in PN533_FRAME_HEADER_LEN.
89 */
90#define PN533_STD_FRAME_MAX_PAYLOAD_LEN 263
91
92#define PN533_STD_FRAME_ACK_SIZE 6 /* Preamble (1), SoPC (2), ACK Code (2),
93 Postamble (1) */
94#define PN533_STD_FRAME_CHECKSUM(f) (f->data[f->datalen])
95#define PN533_STD_FRAME_POSTAMBLE(f) (f->data[f->datalen + 1])
96/* Half start code (3), LEN (4) should be 0xffff for extended frame */
97#define PN533_STD_IS_EXTENDED(hdr) ((hdr)->datalen == 0xFF \
98 && (hdr)->datalen_checksum == 0xFF)
99#define PN533_EXT_FRAME_CHECKSUM(f) (f->data[be16_to_cpu(f->datalen)])
100
101/* start of frame */
102#define PN533_STD_FRAME_SOF 0x00FF
103
104/* standard frame identifier: in/out/error */
105#define PN533_STD_FRAME_IDENTIFIER(f) (f->data[0]) /* TFI */
106#define PN533_STD_FRAME_DIR_OUT 0xD4
107#define PN533_STD_FRAME_DIR_IN 0xD5
108
109/* ACS ACR122 pn533 frame definitions */
110#define PN533_ACR122_TX_FRAME_HEADER_LEN (sizeof(struct pn533_acr122_tx_frame) \
111 + 2)
112#define PN533_ACR122_TX_FRAME_TAIL_LEN 0
113#define PN533_ACR122_RX_FRAME_HEADER_LEN (sizeof(struct pn533_acr122_rx_frame) \
114 + 2)
115#define PN533_ACR122_RX_FRAME_TAIL_LEN 2
116#define PN533_ACR122_FRAME_MAX_PAYLOAD_LEN PN533_STD_FRAME_MAX_PAYLOAD_LEN
117
118/* CCID messages types */
119#define PN533_ACR122_PC_TO_RDR_ICCPOWERON 0x62
120#define PN533_ACR122_PC_TO_RDR_ESCAPE 0x6B
121
122#define PN533_ACR122_RDR_TO_PC_ESCAPE 0x83
123
124/* PN533 Commands */
125#define PN533_FRAME_CMD(f) (f->data[1])
126
127#define PN533_CMD_GET_FIRMWARE_VERSION 0x02
128#define PN533_CMD_RF_CONFIGURATION 0x32
129#define PN533_CMD_IN_DATA_EXCHANGE 0x40
130#define PN533_CMD_IN_COMM_THRU 0x42
131#define PN533_CMD_IN_LIST_PASSIVE_TARGET 0x4A
132#define PN533_CMD_IN_ATR 0x50
133#define PN533_CMD_IN_RELEASE 0x52
134#define PN533_CMD_IN_JUMP_FOR_DEP 0x56
135
136#define PN533_CMD_TG_INIT_AS_TARGET 0x8c
137#define PN533_CMD_TG_GET_DATA 0x86
138#define PN533_CMD_TG_SET_DATA 0x8e
139#define PN533_CMD_TG_SET_META_DATA 0x94
140#define PN533_CMD_UNDEF 0xff
141
142#define PN533_CMD_RESPONSE(cmd) (cmd + 1)
143
144/* PN533 Return codes */
145#define PN533_CMD_RET_MASK 0x3F
146#define PN533_CMD_MI_MASK 0x40
147#define PN533_CMD_RET_SUCCESS 0x00
148
149struct pn533;
150
151typedef int (*pn533_send_async_complete_t) (struct pn533 *dev, void *arg,
152 struct sk_buff *resp);
153
154/* structs for pn533 commands */
155
156/* PN533_CMD_GET_FIRMWARE_VERSION */
157struct pn533_fw_version {
158 u8 ic;
159 u8 ver;
160 u8 rev;
161 u8 support;
162};
163
164/* PN533_CMD_RF_CONFIGURATION */
165#define PN533_CFGITEM_RF_FIELD 0x01
166#define PN533_CFGITEM_TIMING 0x02
167#define PN533_CFGITEM_MAX_RETRIES 0x05
168#define PN533_CFGITEM_PASORI 0x82
169
170#define PN533_CFGITEM_RF_FIELD_AUTO_RFCA 0x2
171#define PN533_CFGITEM_RF_FIELD_ON 0x1
172#define PN533_CFGITEM_RF_FIELD_OFF 0x0
173
174#define PN533_CONFIG_TIMING_102 0xb
175#define PN533_CONFIG_TIMING_204 0xc
176#define PN533_CONFIG_TIMING_409 0xd
177#define PN533_CONFIG_TIMING_819 0xe
178
179#define PN533_CONFIG_MAX_RETRIES_NO_RETRY 0x00
180#define PN533_CONFIG_MAX_RETRIES_ENDLESS 0xFF
181
182struct pn533_config_max_retries {
183 u8 mx_rty_atr;
184 u8 mx_rty_psl;
185 u8 mx_rty_passive_act;
186} __packed;
187
188struct pn533_config_timing {
189 u8 rfu;
190 u8 atr_res_timeout;
191 u8 dep_timeout;
192} __packed;
193
194/* PN533_CMD_IN_LIST_PASSIVE_TARGET */
195
196/* felica commands opcode */
197#define PN533_FELICA_OPC_SENSF_REQ 0
198#define PN533_FELICA_OPC_SENSF_RES 1
199/* felica SENSF_REQ parameters */
200#define PN533_FELICA_SENSF_SC_ALL 0xFFFF
201#define PN533_FELICA_SENSF_RC_NO_SYSTEM_CODE 0
202#define PN533_FELICA_SENSF_RC_SYSTEM_CODE 1
203#define PN533_FELICA_SENSF_RC_ADVANCED_PROTOCOL 2
204
205/* type B initiator_data values */
206#define PN533_TYPE_B_AFI_ALL_FAMILIES 0
207#define PN533_TYPE_B_POLL_METHOD_TIMESLOT 0
208#define PN533_TYPE_B_POLL_METHOD_PROBABILISTIC 1
209
210union pn533_cmd_poll_initdata {
211 struct {
212 u8 afi;
213 u8 polling_method;
214 } __packed type_b;
215 struct {
216 u8 opcode;
217 __be16 sc;
218 u8 rc;
219 u8 tsn;
220 } __packed felica;
221};
222
223/* Poll modulations */
224enum {
225 PN533_POLL_MOD_106KBPS_A,
226 PN533_POLL_MOD_212KBPS_FELICA,
227 PN533_POLL_MOD_424KBPS_FELICA,
228 PN533_POLL_MOD_106KBPS_JEWEL,
229 PN533_POLL_MOD_847KBPS_B,
230 PN533_LISTEN_MOD,
231
232 __PN533_POLL_MOD_AFTER_LAST,
233};
234#define PN533_POLL_MOD_MAX (__PN533_POLL_MOD_AFTER_LAST - 1)
235
236struct pn533_poll_modulations {
237 struct {
238 u8 maxtg;
239 u8 brty;
240 union pn533_cmd_poll_initdata initiator_data;
241 } __packed data;
242 u8 len;
243};
244
245static const struct pn533_poll_modulations poll_mod[] = {
246 [PN533_POLL_MOD_106KBPS_A] = {
247 .data = {
248 .maxtg = 1,
249 .brty = 0,
250 },
251 .len = 2,
252 },
253 [PN533_POLL_MOD_212KBPS_FELICA] = {
254 .data = {
255 .maxtg = 1,
256 .brty = 1,
257 .initiator_data.felica = {
258 .opcode = PN533_FELICA_OPC_SENSF_REQ,
259 .sc = PN533_FELICA_SENSF_SC_ALL,
260 .rc = PN533_FELICA_SENSF_RC_SYSTEM_CODE,
261 .tsn = 0x03,
262 },
263 },
264 .len = 7,
265 },
266 [PN533_POLL_MOD_424KBPS_FELICA] = {
267 .data = {
268 .maxtg = 1,
269 .brty = 2,
270 .initiator_data.felica = {
271 .opcode = PN533_FELICA_OPC_SENSF_REQ,
272 .sc = PN533_FELICA_SENSF_SC_ALL,
273 .rc = PN533_FELICA_SENSF_RC_SYSTEM_CODE,
274 .tsn = 0x03,
275 },
276 },
277 .len = 7,
278 },
279 [PN533_POLL_MOD_106KBPS_JEWEL] = {
280 .data = {
281 .maxtg = 1,
282 .brty = 4,
283 },
284 .len = 2,
285 },
286 [PN533_POLL_MOD_847KBPS_B] = {
287 .data = {
288 .maxtg = 1,
289 .brty = 8,
290 .initiator_data.type_b = {
291 .afi = PN533_TYPE_B_AFI_ALL_FAMILIES,
292 .polling_method =
293 PN533_TYPE_B_POLL_METHOD_TIMESLOT,
294 },
295 },
296 .len = 3,
297 },
298 [PN533_LISTEN_MOD] = {
299 .len = 0,
300 },
301};
302
303/* PN533_CMD_IN_ATR */
304
305struct pn533_cmd_activate_response {
306 u8 status;
307 u8 nfcid3t[10];
308 u8 didt;
309 u8 bst;
310 u8 brt;
311 u8 to;
312 u8 ppt;
313 /* optional */
314 u8 gt[];
315} __packed;
316
317struct pn533_cmd_jump_dep_response {
318 u8 status;
319 u8 tg;
320 u8 nfcid3t[10];
321 u8 didt;
322 u8 bst;
323 u8 brt;
324 u8 to;
325 u8 ppt;
326 /* optional */
327 u8 gt[];
328} __packed;
329
330
331/* PN533_TG_INIT_AS_TARGET */
332#define PN533_INIT_TARGET_PASSIVE 0x1
333#define PN533_INIT_TARGET_DEP 0x2
334
335#define PN533_INIT_TARGET_RESP_FRAME_MASK 0x3
336#define PN533_INIT_TARGET_RESP_ACTIVE 0x1
337#define PN533_INIT_TARGET_RESP_DEP 0x4
338
339enum pn533_protocol_type {
340 PN533_PROTO_REQ_ACK_RESP = 0,
341 PN533_PROTO_REQ_RESP
342};
343
344struct pn533 {
345 struct usb_device *udev;
346 struct usb_interface *interface;
347 struct nfc_dev *nfc_dev;
348 u32 device_type;
349 enum pn533_protocol_type protocol_type;
350
351 struct urb *out_urb;
352 struct urb *in_urb;
353
354 struct sk_buff_head resp_q;
355 struct sk_buff_head fragment_skb;
356
357 struct workqueue_struct *wq;
358 struct work_struct cmd_work;
359 struct work_struct cmd_complete_work;
360 struct delayed_work poll_work;
361 struct work_struct mi_rx_work;
362 struct work_struct mi_tx_work;
363 struct work_struct mi_tm_rx_work;
364 struct work_struct mi_tm_tx_work;
365 struct work_struct tg_work;
366 struct work_struct rf_work;
367
368 struct list_head cmd_queue;
369 struct pn533_cmd *cmd;
370 u8 cmd_pending;
371 struct mutex cmd_lock; /* protects cmd queue */
372
373 void *cmd_complete_mi_arg;
374 void *cmd_complete_dep_arg;
375
376 struct pn533_poll_modulations *poll_mod_active[PN533_POLL_MOD_MAX + 1];
377 u8 poll_mod_count;
378 u8 poll_mod_curr;
379 u8 poll_dep;
380 u32 poll_protocols;
381 u32 listen_protocols;
382 struct timer_list listen_timer;
383 int cancel_listen;
384
385 u8 *gb;
386 size_t gb_len;
387
388 u8 tgt_available_prots;
389 u8 tgt_active_prot;
390 u8 tgt_mode;
391
392 struct pn533_frame_ops *ops;
393};
394
395struct pn533_cmd {
396 struct list_head queue;
397 u8 code;
398 int status;
399 struct sk_buff *req;
400 struct sk_buff *resp;
401 int resp_len;
402 pn533_send_async_complete_t complete_cb;
403 void *complete_cb_context;
404};
405
406struct pn533_std_frame {
407 u8 preamble;
408 __be16 start_frame;
409 u8 datalen;
410 u8 datalen_checksum;
411 u8 data[];
412} __packed;
413
414struct pn533_ext_frame { /* Extended Information frame */
415 u8 preamble;
416 __be16 start_frame;
417 __be16 eif_flag; /* fixed to 0xFFFF */
418 __be16 datalen;
419 u8 datalen_checksum;
420 u8 data[];
421} __packed;
422
423struct pn533_frame_ops {
424 void (*tx_frame_init)(void *frame, u8 cmd_code);
425 void (*tx_frame_finish)(void *frame);
426 void (*tx_update_payload_len)(void *frame, int len);
427 int tx_header_len;
428 int tx_tail_len;
429
430 bool (*rx_is_frame_valid)(void *frame, struct pn533 *dev);
431 int (*rx_frame_size)(void *frame);
432 int rx_header_len;
433 int rx_tail_len;
434
435 int max_payload_len;
436 u8 (*get_cmd_code)(void *frame);
437};
438
439struct pn533_acr122_ccid_hdr {
440 u8 type;
441 u32 datalen;
442 u8 slot;
443 u8 seq;
444 u8 params[3]; /* 3 msg specific bytes or status, error and 1 specific
445 byte for reposnse msg */
446 u8 data[]; /* payload */
447} __packed;
448
449struct pn533_acr122_apdu_hdr {
450 u8 class;
451 u8 ins;
452 u8 p1;
453 u8 p2;
454} __packed;
455
456struct pn533_acr122_tx_frame {
457 struct pn533_acr122_ccid_hdr ccid;
458 struct pn533_acr122_apdu_hdr apdu;
459 u8 datalen;
460 u8 data[]; /* pn533 frame: TFI ... */
461} __packed;
462
463struct pn533_acr122_rx_frame {
464 struct pn533_acr122_ccid_hdr ccid;
465 u8 data[]; /* pn533 frame : TFI ... */
466} __packed;
467
468static void pn533_acr122_tx_frame_init(void *_frame, u8 cmd_code)
469{
470 struct pn533_acr122_tx_frame *frame = _frame;
471
472 frame->ccid.type = PN533_ACR122_PC_TO_RDR_ESCAPE;
473 frame->ccid.datalen = sizeof(frame->apdu) + 1; /* sizeof(apdu_hdr) +
474 sizeof(datalen) */
475 frame->ccid.slot = 0;
476 frame->ccid.seq = 0;
477 frame->ccid.params[0] = 0;
478 frame->ccid.params[1] = 0;
479 frame->ccid.params[2] = 0;
480
481 frame->data[0] = PN533_STD_FRAME_DIR_OUT;
482 frame->data[1] = cmd_code;
483 frame->datalen = 2; /* data[0] + data[1] */
484
485 frame->apdu.class = 0xFF;
486 frame->apdu.ins = 0;
487 frame->apdu.p1 = 0;
488 frame->apdu.p2 = 0;
489}
490
491static void pn533_acr122_tx_frame_finish(void *_frame)
492{
493 struct pn533_acr122_tx_frame *frame = _frame;
494
495 frame->ccid.datalen += frame->datalen;
496}
497
498static void pn533_acr122_tx_update_payload_len(void *_frame, int len)
499{
500 struct pn533_acr122_tx_frame *frame = _frame;
501
502 frame->datalen += len;
503}
504
505static bool pn533_acr122_is_rx_frame_valid(void *_frame, struct pn533 *dev)
506{
507 struct pn533_acr122_rx_frame *frame = _frame;
508
509 if (frame->ccid.type != 0x83)
510 return false;
511
512 if (!frame->ccid.datalen)
513 return false;
514
515 if (frame->data[frame->ccid.datalen - 2] == 0x63)
516 return false;
517
518 return true;
519}
520
521static int pn533_acr122_rx_frame_size(void *frame)
522{
523 struct pn533_acr122_rx_frame *f = frame;
524
525 /* f->ccid.datalen already includes tail length */
526 return sizeof(struct pn533_acr122_rx_frame) + f->ccid.datalen;
527}
528
529static u8 pn533_acr122_get_cmd_code(void *frame)
530{
531 struct pn533_acr122_rx_frame *f = frame;
532
533 return PN533_FRAME_CMD(f);
534}
535
536static struct pn533_frame_ops pn533_acr122_frame_ops = {
537 .tx_frame_init = pn533_acr122_tx_frame_init,
538 .tx_frame_finish = pn533_acr122_tx_frame_finish,
539 .tx_update_payload_len = pn533_acr122_tx_update_payload_len,
540 .tx_header_len = PN533_ACR122_TX_FRAME_HEADER_LEN,
541 .tx_tail_len = PN533_ACR122_TX_FRAME_TAIL_LEN,
542
543 .rx_is_frame_valid = pn533_acr122_is_rx_frame_valid,
544 .rx_header_len = PN533_ACR122_RX_FRAME_HEADER_LEN,
545 .rx_tail_len = PN533_ACR122_RX_FRAME_TAIL_LEN,
546 .rx_frame_size = pn533_acr122_rx_frame_size,
547
548 .max_payload_len = PN533_ACR122_FRAME_MAX_PAYLOAD_LEN,
549 .get_cmd_code = pn533_acr122_get_cmd_code,
550};
551
552/* The rule: value(high byte) + value(low byte) + checksum = 0 */
553static inline u8 pn533_ext_checksum(u16 value)
554{
555 return ~(u8)(((value & 0xFF00) >> 8) + (u8)(value & 0xFF)) + 1;
556}
557
558/* The rule: value + checksum = 0 */
559static inline u8 pn533_std_checksum(u8 value)
560{
561 return ~value + 1;
562}
563
564/* The rule: sum(data elements) + checksum = 0 */
565static u8 pn533_std_data_checksum(u8 *data, int datalen)
566{
567 u8 sum = 0;
568 int i;
569
570 for (i = 0; i < datalen; i++)
571 sum += data[i];
572
573 return pn533_std_checksum(sum);
574}
575
576static void pn533_std_tx_frame_init(void *_frame, u8 cmd_code)
577{
578 struct pn533_std_frame *frame = _frame;
579
580 frame->preamble = 0;
581 frame->start_frame = cpu_to_be16(PN533_STD_FRAME_SOF);
582 PN533_STD_FRAME_IDENTIFIER(frame) = PN533_STD_FRAME_DIR_OUT;
583 PN533_FRAME_CMD(frame) = cmd_code;
584 frame->datalen = 2;
585}
586
587static void pn533_std_tx_frame_finish(void *_frame)
588{
589 struct pn533_std_frame *frame = _frame;
590
591 frame->datalen_checksum = pn533_std_checksum(frame->datalen);
592
593 PN533_STD_FRAME_CHECKSUM(frame) =
594 pn533_std_data_checksum(frame->data, frame->datalen);
595
596 PN533_STD_FRAME_POSTAMBLE(frame) = 0;
597}
598
599static void pn533_std_tx_update_payload_len(void *_frame, int len)
600{
601 struct pn533_std_frame *frame = _frame;
602
603 frame->datalen += len;
604}
605
606static bool pn533_std_rx_frame_is_valid(void *_frame, struct pn533 *dev)
607{
608 u8 checksum;
609 struct pn533_std_frame *stdf = _frame;
610
611 if (stdf->start_frame != cpu_to_be16(PN533_STD_FRAME_SOF))
612 return false;
613
614 if (likely(!PN533_STD_IS_EXTENDED(stdf))) {
615 /* Standard frame code */
616 dev->ops->rx_header_len = PN533_STD_FRAME_HEADER_LEN;
617
618 checksum = pn533_std_checksum(stdf->datalen);
619 if (checksum != stdf->datalen_checksum)
620 return false;
621
622 checksum = pn533_std_data_checksum(stdf->data, stdf->datalen);
623 if (checksum != PN533_STD_FRAME_CHECKSUM(stdf))
624 return false;
625 } else {
626 /* Extended */
627 struct pn533_ext_frame *eif = _frame;
628
629 dev->ops->rx_header_len = PN533_EXT_FRAME_HEADER_LEN;
630
631 checksum = pn533_ext_checksum(be16_to_cpu(eif->datalen));
632 if (checksum != eif->datalen_checksum)
633 return false;
634
635 /* check data checksum */
636 checksum = pn533_std_data_checksum(eif->data,
637 be16_to_cpu(eif->datalen));
638 if (checksum != PN533_EXT_FRAME_CHECKSUM(eif))
639 return false;
640 }
641
642 return true;
643}
644
645static bool pn533_std_rx_frame_is_ack(struct pn533_std_frame *frame)
646{
647 if (frame->start_frame != cpu_to_be16(PN533_STD_FRAME_SOF))
648 return false;
649
650 if (frame->datalen != 0 || frame->datalen_checksum != 0xFF)
651 return false;
652
653 return true;
654}
655
656static inline int pn533_std_rx_frame_size(void *frame)
657{
658 struct pn533_std_frame *f = frame;
659
660 /* check for Extended Information frame */
661 if (PN533_STD_IS_EXTENDED(f)) {
662 struct pn533_ext_frame *eif = frame;
663
664 return sizeof(struct pn533_ext_frame)
665 + be16_to_cpu(eif->datalen) + PN533_STD_FRAME_TAIL_LEN;
666 }
667
668 return sizeof(struct pn533_std_frame) + f->datalen +
669 PN533_STD_FRAME_TAIL_LEN;
670}
671
672static u8 pn533_std_get_cmd_code(void *frame)
673{
674 struct pn533_std_frame *f = frame;
675 struct pn533_ext_frame *eif = frame;
676
677 if (PN533_STD_IS_EXTENDED(f))
678 return PN533_FRAME_CMD(eif);
679 else
680 return PN533_FRAME_CMD(f);
681}
682
683static struct pn533_frame_ops pn533_std_frame_ops = {
684 .tx_frame_init = pn533_std_tx_frame_init,
685 .tx_frame_finish = pn533_std_tx_frame_finish,
686 .tx_update_payload_len = pn533_std_tx_update_payload_len,
687 .tx_header_len = PN533_STD_FRAME_HEADER_LEN,
688 .tx_tail_len = PN533_STD_FRAME_TAIL_LEN,
689
690 .rx_is_frame_valid = pn533_std_rx_frame_is_valid,
691 .rx_frame_size = pn533_std_rx_frame_size,
692 .rx_header_len = PN533_STD_FRAME_HEADER_LEN,
693 .rx_tail_len = PN533_STD_FRAME_TAIL_LEN,
694
695 .max_payload_len = PN533_STD_FRAME_MAX_PAYLOAD_LEN,
696 .get_cmd_code = pn533_std_get_cmd_code,
697};
698
699static bool pn533_rx_frame_is_cmd_response(struct pn533 *dev, void *frame)
700{
701 return (dev->ops->get_cmd_code(frame) ==
702 PN533_CMD_RESPONSE(dev->cmd->code));
703}
704
705static void pn533_recv_response(struct urb *urb)
706{
707 struct pn533 *dev = urb->context;
708 struct pn533_cmd *cmd = dev->cmd;
709 u8 *in_frame;
710
711 cmd->status = urb->status;
712
713 switch (urb->status) {
714 case 0:
715 break; /* success */
716 case -ECONNRESET:
717 case -ENOENT:
718 dev_dbg(&dev->interface->dev,
719 "The urb has been canceled (status %d)\n",
720 urb->status);
721 goto sched_wq;
722 case -ESHUTDOWN:
723 default:
724 nfc_err(&dev->interface->dev,
725 "Urb failure (status %d)\n", urb->status);
726 goto sched_wq;
727 }
728
729 in_frame = dev->in_urb->transfer_buffer;
730
731 dev_dbg(&dev->interface->dev, "Received a frame\n");
732 print_hex_dump_debug("PN533 RX: ", DUMP_PREFIX_NONE, 16, 1, in_frame,
733 dev->ops->rx_frame_size(in_frame), false);
734
735 if (!dev->ops->rx_is_frame_valid(in_frame, dev)) {
736 nfc_err(&dev->interface->dev, "Received an invalid frame\n");
737 cmd->status = -EIO;
738 goto sched_wq;
739 }
740
741 if (!pn533_rx_frame_is_cmd_response(dev, in_frame)) {
742 nfc_err(&dev->interface->dev,
743 "It it not the response to the last command\n");
744 cmd->status = -EIO;
745 goto sched_wq;
746 }
747
748sched_wq:
749 queue_work(dev->wq, &dev->cmd_complete_work);
750}
751
752static int pn533_submit_urb_for_response(struct pn533 *dev, gfp_t flags)
753{
754 dev->in_urb->complete = pn533_recv_response;
755
756 return usb_submit_urb(dev->in_urb, flags);
757}
758
759static void pn533_recv_ack(struct urb *urb)
760{
761 struct pn533 *dev = urb->context;
762 struct pn533_cmd *cmd = dev->cmd;
763 struct pn533_std_frame *in_frame;
764 int rc;
765
766 cmd->status = urb->status;
767
768 switch (urb->status) {
769 case 0:
770 break; /* success */
771 case -ECONNRESET:
772 case -ENOENT:
773 dev_dbg(&dev->interface->dev,
774 "The urb has been stopped (status %d)\n",
775 urb->status);
776 goto sched_wq;
777 case -ESHUTDOWN:
778 default:
779 nfc_err(&dev->interface->dev,
780 "Urb failure (status %d)\n", urb->status);
781 goto sched_wq;
782 }
783
784 in_frame = dev->in_urb->transfer_buffer;
785
786 if (!pn533_std_rx_frame_is_ack(in_frame)) {
787 nfc_err(&dev->interface->dev, "Received an invalid ack\n");
788 cmd->status = -EIO;
789 goto sched_wq;
790 }
791
792 rc = pn533_submit_urb_for_response(dev, GFP_ATOMIC);
793 if (rc) {
794 nfc_err(&dev->interface->dev,
795 "usb_submit_urb failed with result %d\n", rc);
796 cmd->status = rc;
797 goto sched_wq;
798 }
799
800 return;
801
802sched_wq:
803 queue_work(dev->wq, &dev->cmd_complete_work);
804}
805
806static int pn533_submit_urb_for_ack(struct pn533 *dev, gfp_t flags)
807{
808 dev->in_urb->complete = pn533_recv_ack;
809
810 return usb_submit_urb(dev->in_urb, flags);
811}
812
813static int pn533_send_ack(struct pn533 *dev, gfp_t flags)
814{
815 u8 ack[PN533_STD_FRAME_ACK_SIZE] = {0x00, 0x00, 0xff, 0x00, 0xff, 0x00};
816 /* spec 7.1.1.3: Preamble, SoPC (2), ACK Code (2), Postamble */
817 int rc;
818
819 dev->out_urb->transfer_buffer = ack;
820 dev->out_urb->transfer_buffer_length = sizeof(ack);
821 rc = usb_submit_urb(dev->out_urb, flags);
822
823 return rc;
824}
825
826static int __pn533_send_frame_async(struct pn533 *dev,
827 struct sk_buff *out,
828 struct sk_buff *in,
829 int in_len)
830{
831 int rc;
832
833 dev->out_urb->transfer_buffer = out->data;
834 dev->out_urb->transfer_buffer_length = out->len;
835
836 dev->in_urb->transfer_buffer = in->data;
837 dev->in_urb->transfer_buffer_length = in_len;
838
839 print_hex_dump_debug("PN533 TX: ", DUMP_PREFIX_NONE, 16, 1,
840 out->data, out->len, false);
841
842 rc = usb_submit_urb(dev->out_urb, GFP_KERNEL);
843 if (rc)
844 return rc;
845
846 if (dev->protocol_type == PN533_PROTO_REQ_RESP) {
847 /* request for response for sent packet directly */
848 rc = pn533_submit_urb_for_response(dev, GFP_ATOMIC);
849 if (rc)
850 goto error;
851 } else if (dev->protocol_type == PN533_PROTO_REQ_ACK_RESP) {
852 /* request for ACK if that's the case */
853 rc = pn533_submit_urb_for_ack(dev, GFP_KERNEL);
854 if (rc)
855 goto error;
856 }
857
858 return 0;
859
860error:
861 usb_unlink_urb(dev->out_urb);
862 return rc;
863}
864
865static void pn533_build_cmd_frame(struct pn533 *dev, u8 cmd_code,
866 struct sk_buff *skb)
867{
868 /* payload is already there, just update datalen */
869 int payload_len = skb->len;
870 struct pn533_frame_ops *ops = dev->ops;
871
872
873 skb_push(skb, ops->tx_header_len);
874 skb_put(skb, ops->tx_tail_len);
875
876 ops->tx_frame_init(skb->data, cmd_code);
877 ops->tx_update_payload_len(skb->data, payload_len);
878 ops->tx_frame_finish(skb->data);
879}
880
881static int pn533_send_async_complete(struct pn533 *dev)
882{
883 struct pn533_cmd *cmd = dev->cmd;
884 int status = cmd->status;
885
886 struct sk_buff *req = cmd->req;
887 struct sk_buff *resp = cmd->resp;
888
889 int rc;
890
891 dev_kfree_skb(req);
892
893 if (status < 0) {
894 rc = cmd->complete_cb(dev, cmd->complete_cb_context,
895 ERR_PTR(status));
896 dev_kfree_skb(resp);
897 goto done;
898 }
899
900 skb_put(resp, dev->ops->rx_frame_size(resp->data));
901 skb_pull(resp, dev->ops->rx_header_len);
902 skb_trim(resp, resp->len - dev->ops->rx_tail_len);
903
904 rc = cmd->complete_cb(dev, cmd->complete_cb_context, resp);
905
906done:
907 kfree(cmd);
908 dev->cmd = NULL;
909 return rc;
910}
911
912static int __pn533_send_async(struct pn533 *dev, u8 cmd_code,
913 struct sk_buff *req, struct sk_buff *resp,
914 int resp_len,
915 pn533_send_async_complete_t complete_cb,
916 void *complete_cb_context)
917{
918 struct pn533_cmd *cmd;
919 int rc = 0;
920
921 dev_dbg(&dev->interface->dev, "Sending command 0x%x\n", cmd_code);
922
923 cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
924 if (!cmd)
925 return -ENOMEM;
926
927 cmd->code = cmd_code;
928 cmd->req = req;
929 cmd->resp = resp;
930 cmd->resp_len = resp_len;
931 cmd->complete_cb = complete_cb;
932 cmd->complete_cb_context = complete_cb_context;
933
934 pn533_build_cmd_frame(dev, cmd_code, req);
935
936 mutex_lock(&dev->cmd_lock);
937
938 if (!dev->cmd_pending) {
939 rc = __pn533_send_frame_async(dev, req, resp, resp_len);
940 if (rc)
941 goto error;
942
943 dev->cmd_pending = 1;
944 dev->cmd = cmd;
945 goto unlock;
946 }
947
948 dev_dbg(&dev->interface->dev, "%s Queueing command 0x%x\n",
949 __func__, cmd_code);
950
951 INIT_LIST_HEAD(&cmd->queue);
952 list_add_tail(&cmd->queue, &dev->cmd_queue);
953
954 goto unlock;
955
956error:
957 kfree(cmd);
958unlock:
959 mutex_unlock(&dev->cmd_lock);
960 return rc;
961}
962
963static int pn533_send_data_async(struct pn533 *dev, u8 cmd_code,
964 struct sk_buff *req,
965 pn533_send_async_complete_t complete_cb,
966 void *complete_cb_context)
967{
968 struct sk_buff *resp;
969 int rc;
970 int resp_len = dev->ops->rx_header_len +
971 dev->ops->max_payload_len +
972 dev->ops->rx_tail_len;
973
974 resp = nfc_alloc_recv_skb(resp_len, GFP_KERNEL);
975 if (!resp)
976 return -ENOMEM;
977
978 rc = __pn533_send_async(dev, cmd_code, req, resp, resp_len, complete_cb,
979 complete_cb_context);
980 if (rc)
981 dev_kfree_skb(resp);
982
983 return rc;
984}
985
986static int pn533_send_cmd_async(struct pn533 *dev, u8 cmd_code,
987 struct sk_buff *req,
988 pn533_send_async_complete_t complete_cb,
989 void *complete_cb_context)
990{
991 struct sk_buff *resp;
992 int rc;
993 int resp_len = dev->ops->rx_header_len +
994 dev->ops->max_payload_len +
995 dev->ops->rx_tail_len;
996
997 resp = alloc_skb(resp_len, GFP_KERNEL);
998 if (!resp)
999 return -ENOMEM;
1000
1001 rc = __pn533_send_async(dev, cmd_code, req, resp, resp_len, complete_cb,
1002 complete_cb_context);
1003 if (rc)
1004 dev_kfree_skb(resp);
1005
1006 return rc;
1007}
1008
1009/*
1010 * pn533_send_cmd_direct_async
1011 *
1012 * The function sends a piority cmd directly to the chip omiting the cmd
1013 * queue. It's intended to be used by chaining mechanism of received responses
1014 * where the host has to request every single chunk of data before scheduling
1015 * next cmd from the queue.
1016 */
1017static int pn533_send_cmd_direct_async(struct pn533 *dev, u8 cmd_code,
1018 struct sk_buff *req,
1019 pn533_send_async_complete_t complete_cb,
1020 void *complete_cb_context)
1021{
1022 struct sk_buff *resp;
1023 struct pn533_cmd *cmd;
1024 int rc;
1025 int resp_len = dev->ops->rx_header_len +
1026 dev->ops->max_payload_len +
1027 dev->ops->rx_tail_len;
1028
1029 resp = alloc_skb(resp_len, GFP_KERNEL);
1030 if (!resp)
1031 return -ENOMEM;
1032
1033 cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
1034 if (!cmd) {
1035 dev_kfree_skb(resp);
1036 return -ENOMEM;
1037 }
1038
1039 cmd->code = cmd_code;
1040 cmd->req = req;
1041 cmd->resp = resp;
1042 cmd->resp_len = resp_len;
1043 cmd->complete_cb = complete_cb;
1044 cmd->complete_cb_context = complete_cb_context;
1045
1046 pn533_build_cmd_frame(dev, cmd_code, req);
1047
1048 rc = __pn533_send_frame_async(dev, req, resp, resp_len);
1049 if (rc < 0) {
1050 dev_kfree_skb(resp);
1051 kfree(cmd);
1052 } else {
1053 dev->cmd = cmd;
1054 }
1055
1056 return rc;
1057}
1058
1059static void pn533_wq_cmd_complete(struct work_struct *work)
1060{
1061 struct pn533 *dev = container_of(work, struct pn533, cmd_complete_work);
1062 int rc;
1063
1064 rc = pn533_send_async_complete(dev);
1065 if (rc != -EINPROGRESS)
1066 queue_work(dev->wq, &dev->cmd_work);
1067}
1068
1069static void pn533_wq_cmd(struct work_struct *work)
1070{
1071 struct pn533 *dev = container_of(work, struct pn533, cmd_work);
1072 struct pn533_cmd *cmd;
1073 int rc;
1074
1075 mutex_lock(&dev->cmd_lock);
1076
1077 if (list_empty(&dev->cmd_queue)) {
1078 dev->cmd_pending = 0;
1079 mutex_unlock(&dev->cmd_lock);
1080 return;
1081 }
1082
1083 cmd = list_first_entry(&dev->cmd_queue, struct pn533_cmd, queue);
1084
1085 list_del(&cmd->queue);
1086
1087 mutex_unlock(&dev->cmd_lock);
1088
1089 rc = __pn533_send_frame_async(dev, cmd->req, cmd->resp, cmd->resp_len);
1090 if (rc < 0) {
1091 dev_kfree_skb(cmd->req);
1092 dev_kfree_skb(cmd->resp);
1093 kfree(cmd);
1094 return;
1095 }
1096
1097 dev->cmd = cmd;
1098}
1099
1100struct pn533_sync_cmd_response {
1101 struct sk_buff *resp;
1102 struct completion done;
1103};
1104
1105static int pn533_send_sync_complete(struct pn533 *dev, void *_arg,
1106 struct sk_buff *resp)
1107{
1108 struct pn533_sync_cmd_response *arg = _arg;
1109
1110 arg->resp = resp;
1111 complete(&arg->done);
1112
1113 return 0;
1114}
1115
1116/* pn533_send_cmd_sync
1117 *
1118 * Please note the req parameter is freed inside the function to
1119 * limit a number of return value interpretations by the caller.
1120 *
1121 * 1. negative in case of error during TX path -> req should be freed
1122 *
1123 * 2. negative in case of error during RX path -> req should not be freed
1124 * as it's been already freed at the begining of RX path by
1125 * async_complete_cb.
1126 *
1127 * 3. valid pointer in case of succesfult RX path
1128 *
1129 * A caller has to check a return value with IS_ERR macro. If the test pass,
1130 * the returned pointer is valid.
1131 *
1132 * */
1133static struct sk_buff *pn533_send_cmd_sync(struct pn533 *dev, u8 cmd_code,
1134 struct sk_buff *req)
1135{
1136 int rc;
1137 struct pn533_sync_cmd_response arg;
1138
1139 init_completion(&arg.done);
1140
1141 rc = pn533_send_cmd_async(dev, cmd_code, req,
1142 pn533_send_sync_complete, &arg);
1143 if (rc) {
1144 dev_kfree_skb(req);
1145 return ERR_PTR(rc);
1146 }
1147
1148 wait_for_completion(&arg.done);
1149
1150 return arg.resp;
1151}
1152
1153static void pn533_send_complete(struct urb *urb)
1154{
1155 struct pn533 *dev = urb->context;
1156
1157 switch (urb->status) {
1158 case 0:
1159 break; /* success */
1160 case -ECONNRESET:
1161 case -ENOENT:
1162 dev_dbg(&dev->interface->dev,
1163 "The urb has been stopped (status %d)\n",
1164 urb->status);
1165 break;
1166 case -ESHUTDOWN:
1167 default:
1168 nfc_err(&dev->interface->dev, "Urb failure (status %d)\n",
1169 urb->status);
1170 }
1171}
1172
1173static void pn533_abort_cmd(struct pn533 *dev, gfp_t flags)
1174{
1175 /* ACR122U does not support any command which aborts last
1176 * issued command i.e. as ACK for standard PN533. Additionally,
1177 * it behaves stange, sending broken or incorrect responses,
1178 * when we cancel urb before the chip will send response.
1179 */
1180 if (dev->device_type == PN533_DEVICE_ACR122U)
1181 return;
1182
1183 /* An ack will cancel the last issued command */
1184 pn533_send_ack(dev, flags);
1185
1186 /* cancel the urb request */
1187 usb_kill_urb(dev->in_urb);
1188}
1189
1190static struct sk_buff *pn533_alloc_skb(struct pn533 *dev, unsigned int size)
1191{
1192 struct sk_buff *skb;
1193
1194 skb = alloc_skb(dev->ops->tx_header_len +
1195 size +
1196 dev->ops->tx_tail_len, GFP_KERNEL);
1197
1198 if (skb)
1199 skb_reserve(skb, dev->ops->tx_header_len);
1200
1201 return skb;
1202}
1203
1204struct pn533_target_type_a {
1205 __be16 sens_res;
1206 u8 sel_res;
1207 u8 nfcid_len;
1208 u8 nfcid_data[];
1209} __packed;
1210
1211
1212#define PN533_TYPE_A_SENS_RES_NFCID1(x) ((u8)((be16_to_cpu(x) & 0x00C0) >> 6))
1213#define PN533_TYPE_A_SENS_RES_SSD(x) ((u8)((be16_to_cpu(x) & 0x001F) >> 0))
1214#define PN533_TYPE_A_SENS_RES_PLATCONF(x) ((u8)((be16_to_cpu(x) & 0x0F00) >> 8))
1215
1216#define PN533_TYPE_A_SENS_RES_SSD_JEWEL 0x00
1217#define PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL 0x0C
1218
1219#define PN533_TYPE_A_SEL_PROT(x) (((x) & 0x60) >> 5)
1220#define PN533_TYPE_A_SEL_CASCADE(x) (((x) & 0x04) >> 2)
1221
1222#define PN533_TYPE_A_SEL_PROT_MIFARE 0
1223#define PN533_TYPE_A_SEL_PROT_ISO14443 1
1224#define PN533_TYPE_A_SEL_PROT_DEP 2
1225#define PN533_TYPE_A_SEL_PROT_ISO14443_DEP 3
1226
1227static bool pn533_target_type_a_is_valid(struct pn533_target_type_a *type_a,
1228 int target_data_len)
1229{
1230 u8 ssd;
1231 u8 platconf;
1232
1233 if (target_data_len < sizeof(struct pn533_target_type_a))
1234 return false;
1235
1236 /* The lenght check of nfcid[] and ats[] are not being performed because
1237 the values are not being used */
1238
1239 /* Requirement 4.6.3.3 from NFC Forum Digital Spec */
1240 ssd = PN533_TYPE_A_SENS_RES_SSD(type_a->sens_res);
1241 platconf = PN533_TYPE_A_SENS_RES_PLATCONF(type_a->sens_res);
1242
1243 if ((ssd == PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
1244 platconf != PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL) ||
1245 (ssd != PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
1246 platconf == PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL))
1247 return false;
1248
1249 /* Requirements 4.8.2.1, 4.8.2.3, 4.8.2.5 and 4.8.2.7 from NFC Forum */
1250 if (PN533_TYPE_A_SEL_CASCADE(type_a->sel_res) != 0)
1251 return false;
1252
1253 return true;
1254}
1255
1256static int pn533_target_found_type_a(struct nfc_target *nfc_tgt, u8 *tgt_data,
1257 int tgt_data_len)
1258{
1259 struct pn533_target_type_a *tgt_type_a;
1260
1261 tgt_type_a = (struct pn533_target_type_a *)tgt_data;
1262
1263 if (!pn533_target_type_a_is_valid(tgt_type_a, tgt_data_len))
1264 return -EPROTO;
1265
1266 switch (PN533_TYPE_A_SEL_PROT(tgt_type_a->sel_res)) {
1267 case PN533_TYPE_A_SEL_PROT_MIFARE:
1268 nfc_tgt->supported_protocols = NFC_PROTO_MIFARE_MASK;
1269 break;
1270 case PN533_TYPE_A_SEL_PROT_ISO14443:
1271 nfc_tgt->supported_protocols = NFC_PROTO_ISO14443_MASK;
1272 break;
1273 case PN533_TYPE_A_SEL_PROT_DEP:
1274 nfc_tgt->supported_protocols = NFC_PROTO_NFC_DEP_MASK;
1275 break;
1276 case PN533_TYPE_A_SEL_PROT_ISO14443_DEP:
1277 nfc_tgt->supported_protocols = NFC_PROTO_ISO14443_MASK |
1278 NFC_PROTO_NFC_DEP_MASK;
1279 break;
1280 }
1281
1282 nfc_tgt->sens_res = be16_to_cpu(tgt_type_a->sens_res);
1283 nfc_tgt->sel_res = tgt_type_a->sel_res;
1284 nfc_tgt->nfcid1_len = tgt_type_a->nfcid_len;
1285 memcpy(nfc_tgt->nfcid1, tgt_type_a->nfcid_data, nfc_tgt->nfcid1_len);
1286
1287 return 0;
1288}
1289
1290struct pn533_target_felica {
1291 u8 pol_res;
1292 u8 opcode;
1293 u8 nfcid2[NFC_NFCID2_MAXSIZE];
1294 u8 pad[8];
1295 /* optional */
1296 u8 syst_code[];
1297} __packed;
1298
1299#define PN533_FELICA_SENSF_NFCID2_DEP_B1 0x01
1300#define PN533_FELICA_SENSF_NFCID2_DEP_B2 0xFE
1301
1302static bool pn533_target_felica_is_valid(struct pn533_target_felica *felica,
1303 int target_data_len)
1304{
1305 if (target_data_len < sizeof(struct pn533_target_felica))
1306 return false;
1307
1308 if (felica->opcode != PN533_FELICA_OPC_SENSF_RES)
1309 return false;
1310
1311 return true;
1312}
1313
1314static int pn533_target_found_felica(struct nfc_target *nfc_tgt, u8 *tgt_data,
1315 int tgt_data_len)
1316{
1317 struct pn533_target_felica *tgt_felica;
1318
1319 tgt_felica = (struct pn533_target_felica *)tgt_data;
1320
1321 if (!pn533_target_felica_is_valid(tgt_felica, tgt_data_len))
1322 return -EPROTO;
1323
1324 if ((tgt_felica->nfcid2[0] == PN533_FELICA_SENSF_NFCID2_DEP_B1) &&
1325 (tgt_felica->nfcid2[1] == PN533_FELICA_SENSF_NFCID2_DEP_B2))
1326 nfc_tgt->supported_protocols = NFC_PROTO_NFC_DEP_MASK;
1327 else
1328 nfc_tgt->supported_protocols = NFC_PROTO_FELICA_MASK;
1329
1330 memcpy(nfc_tgt->sensf_res, &tgt_felica->opcode, 9);
1331 nfc_tgt->sensf_res_len = 9;
1332
1333 memcpy(nfc_tgt->nfcid2, tgt_felica->nfcid2, NFC_NFCID2_MAXSIZE);
1334 nfc_tgt->nfcid2_len = NFC_NFCID2_MAXSIZE;
1335
1336 return 0;
1337}
1338
1339struct pn533_target_jewel {
1340 __be16 sens_res;
1341 u8 jewelid[4];
1342} __packed;
1343
1344static bool pn533_target_jewel_is_valid(struct pn533_target_jewel *jewel,
1345 int target_data_len)
1346{
1347 u8 ssd;
1348 u8 platconf;
1349
1350 if (target_data_len < sizeof(struct pn533_target_jewel))
1351 return false;
1352
1353 /* Requirement 4.6.3.3 from NFC Forum Digital Spec */
1354 ssd = PN533_TYPE_A_SENS_RES_SSD(jewel->sens_res);
1355 platconf = PN533_TYPE_A_SENS_RES_PLATCONF(jewel->sens_res);
1356
1357 if ((ssd == PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
1358 platconf != PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL) ||
1359 (ssd != PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
1360 platconf == PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL))
1361 return false;
1362
1363 return true;
1364}
1365
1366static int pn533_target_found_jewel(struct nfc_target *nfc_tgt, u8 *tgt_data,
1367 int tgt_data_len)
1368{
1369 struct pn533_target_jewel *tgt_jewel;
1370
1371 tgt_jewel = (struct pn533_target_jewel *)tgt_data;
1372
1373 if (!pn533_target_jewel_is_valid(tgt_jewel, tgt_data_len))
1374 return -EPROTO;
1375
1376 nfc_tgt->supported_protocols = NFC_PROTO_JEWEL_MASK;
1377 nfc_tgt->sens_res = be16_to_cpu(tgt_jewel->sens_res);
1378 nfc_tgt->nfcid1_len = 4;
1379 memcpy(nfc_tgt->nfcid1, tgt_jewel->jewelid, nfc_tgt->nfcid1_len);
1380
1381 return 0;
1382}
1383
1384struct pn533_type_b_prot_info {
1385 u8 bitrate;
1386 u8 fsci_type;
1387 u8 fwi_adc_fo;
1388} __packed;
1389
1390#define PN533_TYPE_B_PROT_FCSI(x) (((x) & 0xF0) >> 4)
1391#define PN533_TYPE_B_PROT_TYPE(x) (((x) & 0x0F) >> 0)
1392#define PN533_TYPE_B_PROT_TYPE_RFU_MASK 0x8
1393
1394struct pn533_type_b_sens_res {
1395 u8 opcode;
1396 u8 nfcid[4];
1397 u8 appdata[4];
1398 struct pn533_type_b_prot_info prot_info;
1399} __packed;
1400
1401#define PN533_TYPE_B_OPC_SENSB_RES 0x50
1402
1403struct pn533_target_type_b {
1404 struct pn533_type_b_sens_res sensb_res;
1405 u8 attrib_res_len;
1406 u8 attrib_res[];
1407} __packed;
1408
1409static bool pn533_target_type_b_is_valid(struct pn533_target_type_b *type_b,
1410 int target_data_len)
1411{
1412 if (target_data_len < sizeof(struct pn533_target_type_b))
1413 return false;
1414
1415 if (type_b->sensb_res.opcode != PN533_TYPE_B_OPC_SENSB_RES)
1416 return false;
1417
1418 if (PN533_TYPE_B_PROT_TYPE(type_b->sensb_res.prot_info.fsci_type) &
1419 PN533_TYPE_B_PROT_TYPE_RFU_MASK)
1420 return false;
1421
1422 return true;
1423}
1424
1425static int pn533_target_found_type_b(struct nfc_target *nfc_tgt, u8 *tgt_data,
1426 int tgt_data_len)
1427{
1428 struct pn533_target_type_b *tgt_type_b;
1429
1430 tgt_type_b = (struct pn533_target_type_b *)tgt_data;
1431
1432 if (!pn533_target_type_b_is_valid(tgt_type_b, tgt_data_len))
1433 return -EPROTO;
1434
1435 nfc_tgt->supported_protocols = NFC_PROTO_ISO14443_B_MASK;
1436
1437 return 0;
1438}
1439
1440static int pn533_target_found(struct pn533 *dev, u8 tg, u8 *tgdata,
1441 int tgdata_len)
1442{
1443 struct nfc_target nfc_tgt;
1444 int rc;
1445
1446 dev_dbg(&dev->interface->dev, "%s: modulation=%d\n",
1447 __func__, dev->poll_mod_curr);
1448
1449 if (tg != 1)
1450 return -EPROTO;
1451
1452 memset(&nfc_tgt, 0, sizeof(struct nfc_target));
1453
1454 switch (dev->poll_mod_curr) {
1455 case PN533_POLL_MOD_106KBPS_A:
1456 rc = pn533_target_found_type_a(&nfc_tgt, tgdata, tgdata_len);
1457 break;
1458 case PN533_POLL_MOD_212KBPS_FELICA:
1459 case PN533_POLL_MOD_424KBPS_FELICA:
1460 rc = pn533_target_found_felica(&nfc_tgt, tgdata, tgdata_len);
1461 break;
1462 case PN533_POLL_MOD_106KBPS_JEWEL:
1463 rc = pn533_target_found_jewel(&nfc_tgt, tgdata, tgdata_len);
1464 break;
1465 case PN533_POLL_MOD_847KBPS_B:
1466 rc = pn533_target_found_type_b(&nfc_tgt, tgdata, tgdata_len);
1467 break;
1468 default:
1469 nfc_err(&dev->interface->dev,
1470 "Unknown current poll modulation\n");
1471 return -EPROTO;
1472 }
1473
1474 if (rc)
1475 return rc;
1476
1477 if (!(nfc_tgt.supported_protocols & dev->poll_protocols)) {
1478 dev_dbg(&dev->interface->dev,
1479 "The Tg found doesn't have the desired protocol\n");
1480 return -EAGAIN;
1481 }
1482
1483 dev_dbg(&dev->interface->dev,
1484 "Target found - supported protocols: 0x%x\n",
1485 nfc_tgt.supported_protocols);
1486
1487 dev->tgt_available_prots = nfc_tgt.supported_protocols;
1488
1489 nfc_targets_found(dev->nfc_dev, &nfc_tgt, 1);
1490
1491 return 0;
1492}
1493
1494static inline void pn533_poll_next_mod(struct pn533 *dev)
1495{
1496 dev->poll_mod_curr = (dev->poll_mod_curr + 1) % dev->poll_mod_count;
1497}
1498
1499static void pn533_poll_reset_mod_list(struct pn533 *dev)
1500{
1501 dev->poll_mod_count = 0;
1502}
1503
1504static void pn533_poll_add_mod(struct pn533 *dev, u8 mod_index)
1505{
1506 dev->poll_mod_active[dev->poll_mod_count] =
1507 (struct pn533_poll_modulations *)&poll_mod[mod_index];
1508 dev->poll_mod_count++;
1509}
1510
1511static void pn533_poll_create_mod_list(struct pn533 *dev,
1512 u32 im_protocols, u32 tm_protocols)
1513{
1514 pn533_poll_reset_mod_list(dev);
1515
1516 if ((im_protocols & NFC_PROTO_MIFARE_MASK) ||
1517 (im_protocols & NFC_PROTO_ISO14443_MASK) ||
1518 (im_protocols & NFC_PROTO_NFC_DEP_MASK))
1519 pn533_poll_add_mod(dev, PN533_POLL_MOD_106KBPS_A);
1520
1521 if (im_protocols & NFC_PROTO_FELICA_MASK ||
1522 im_protocols & NFC_PROTO_NFC_DEP_MASK) {
1523 pn533_poll_add_mod(dev, PN533_POLL_MOD_212KBPS_FELICA);
1524 pn533_poll_add_mod(dev, PN533_POLL_MOD_424KBPS_FELICA);
1525 }
1526
1527 if (im_protocols & NFC_PROTO_JEWEL_MASK)
1528 pn533_poll_add_mod(dev, PN533_POLL_MOD_106KBPS_JEWEL);
1529
1530 if (im_protocols & NFC_PROTO_ISO14443_B_MASK)
1531 pn533_poll_add_mod(dev, PN533_POLL_MOD_847KBPS_B);
1532
1533 if (tm_protocols)
1534 pn533_poll_add_mod(dev, PN533_LISTEN_MOD);
1535}
1536
1537static int pn533_start_poll_complete(struct pn533 *dev, struct sk_buff *resp)
1538{
1539 u8 nbtg, tg, *tgdata;
1540 int rc, tgdata_len;
1541
1542 /* Toggle the DEP polling */
1543 dev->poll_dep = 1;
1544
1545 nbtg = resp->data[0];
1546 tg = resp->data[1];
1547 tgdata = &resp->data[2];
1548 tgdata_len = resp->len - 2; /* nbtg + tg */
1549
1550 if (nbtg) {
1551 rc = pn533_target_found(dev, tg, tgdata, tgdata_len);
1552
1553 /* We must stop the poll after a valid target found */
1554 if (rc == 0) {
1555 pn533_poll_reset_mod_list(dev);
1556 return 0;
1557 }
1558 }
1559
1560 return -EAGAIN;
1561}
1562
1563static struct sk_buff *pn533_alloc_poll_tg_frame(struct pn533 *dev)
1564{
1565 struct sk_buff *skb;
1566 u8 *felica, *nfcid3, *gb;
1567
1568 u8 *gbytes = dev->gb;
1569 size_t gbytes_len = dev->gb_len;
1570
1571 u8 felica_params[18] = {0x1, 0xfe, /* DEP */
1572 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, /* random */
1573 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
1574 0xff, 0xff}; /* System code */
1575
1576 u8 mifare_params[6] = {0x1, 0x1, /* SENS_RES */
1577 0x0, 0x0, 0x0,
1578 0x40}; /* SEL_RES for DEP */
1579
1580 unsigned int skb_len = 36 + /* mode (1), mifare (6),
1581 felica (18), nfcid3 (10), gb_len (1) */
1582 gbytes_len +
1583 1; /* len Tk*/
1584
1585 skb = pn533_alloc_skb(dev, skb_len);
1586 if (!skb)
1587 return NULL;
1588
1589 /* DEP support only */
1590 *skb_put(skb, 1) = PN533_INIT_TARGET_DEP;
1591
1592 /* MIFARE params */
1593 memcpy(skb_put(skb, 6), mifare_params, 6);
1594
1595 /* Felica params */
1596 felica = skb_put(skb, 18);
1597 memcpy(felica, felica_params, 18);
1598 get_random_bytes(felica + 2, 6);
1599
1600 /* NFCID3 */
1601 nfcid3 = skb_put(skb, 10);
1602 memset(nfcid3, 0, 10);
1603 memcpy(nfcid3, felica, 8);
1604
1605 /* General bytes */
1606 *skb_put(skb, 1) = gbytes_len;
1607
1608 gb = skb_put(skb, gbytes_len);
1609 memcpy(gb, gbytes, gbytes_len);
1610
1611 /* Len Tk */
1612 *skb_put(skb, 1) = 0;
1613
1614 return skb;
1615}
1616
1617#define PN533_CMD_DATAEXCH_HEAD_LEN 1
1618#define PN533_CMD_DATAEXCH_DATA_MAXLEN 262
1619static void pn533_wq_tm_mi_recv(struct work_struct *work);
1620static struct sk_buff *pn533_build_response(struct pn533 *dev);
1621
1622static int pn533_tm_get_data_complete(struct pn533 *dev, void *arg,
1623 struct sk_buff *resp)
1624{
1625 struct sk_buff *skb;
1626 u8 status, ret, mi;
1627 int rc;
1628
1629 dev_dbg(&dev->interface->dev, "%s\n", __func__);
1630
1631 if (IS_ERR(resp)) {
1632 skb_queue_purge(&dev->resp_q);
1633 return PTR_ERR(resp);
1634 }
1635
1636 status = resp->data[0];
1637
1638 ret = status & PN533_CMD_RET_MASK;
1639 mi = status & PN533_CMD_MI_MASK;
1640
1641 skb_pull(resp, sizeof(status));
1642
1643 if (ret != PN533_CMD_RET_SUCCESS) {
1644 rc = -EIO;
1645 goto error;
1646 }
1647
1648 skb_queue_tail(&dev->resp_q, resp);
1649
1650 if (mi) {
1651 queue_work(dev->wq, &dev->mi_tm_rx_work);
1652 return -EINPROGRESS;
1653 }
1654
1655 skb = pn533_build_response(dev);
1656 if (!skb) {
1657 rc = -EIO;
1658 goto error;
1659 }
1660
1661 return nfc_tm_data_received(dev->nfc_dev, skb);
1662
1663error:
1664 nfc_tm_deactivated(dev->nfc_dev);
1665 dev->tgt_mode = 0;
1666 skb_queue_purge(&dev->resp_q);
1667 dev_kfree_skb(resp);
1668
1669 return rc;
1670}
1671
1672static void pn533_wq_tm_mi_recv(struct work_struct *work)
1673{
1674 struct pn533 *dev = container_of(work, struct pn533, mi_tm_rx_work);
1675 struct sk_buff *skb;
1676 int rc;
1677
1678 dev_dbg(&dev->interface->dev, "%s\n", __func__);
1679
1680 skb = pn533_alloc_skb(dev, 0);
1681 if (!skb)
1682 return;
1683
1684 rc = pn533_send_cmd_direct_async(dev,
1685 PN533_CMD_TG_GET_DATA,
1686 skb,
1687 pn533_tm_get_data_complete,
1688 NULL);
1689
1690 if (rc < 0)
1691 dev_kfree_skb(skb);
1692
1693 return;
1694}
1695
1696static int pn533_tm_send_complete(struct pn533 *dev, void *arg,
1697 struct sk_buff *resp);
1698static void pn533_wq_tm_mi_send(struct work_struct *work)
1699{
1700 struct pn533 *dev = container_of(work, struct pn533, mi_tm_tx_work);
1701 struct sk_buff *skb;
1702 int rc;
1703
1704 dev_dbg(&dev->interface->dev, "%s\n", __func__);
1705
1706 /* Grab the first skb in the queue */
1707 skb = skb_dequeue(&dev->fragment_skb);
1708 if (skb == NULL) { /* No more data */
1709 /* Reset the queue for future use */
1710 skb_queue_head_init(&dev->fragment_skb);
1711 goto error;
1712 }
1713
1714 /* last entry - remove MI bit */
1715 if (skb_queue_len(&dev->fragment_skb) == 0) {
1716 rc = pn533_send_cmd_direct_async(dev, PN533_CMD_TG_SET_DATA,
1717 skb, pn533_tm_send_complete, NULL);
1718 } else
1719 rc = pn533_send_cmd_direct_async(dev,
1720 PN533_CMD_TG_SET_META_DATA,
1721 skb, pn533_tm_send_complete, NULL);
1722
1723 if (rc == 0) /* success */
1724 return;
1725
1726 dev_err(&dev->interface->dev,
1727 "Error %d when trying to perform set meta data_exchange", rc);
1728
1729 dev_kfree_skb(skb);
1730
1731error:
1732 pn533_send_ack(dev, GFP_KERNEL);
1733 queue_work(dev->wq, &dev->cmd_work);
1734}
1735
1736static void pn533_wq_tg_get_data(struct work_struct *work)
1737{
1738 struct pn533 *dev = container_of(work, struct pn533, tg_work);
1739 struct sk_buff *skb;
1740 int rc;
1741
1742 dev_dbg(&dev->interface->dev, "%s\n", __func__);
1743
1744 skb = pn533_alloc_skb(dev, 0);
1745 if (!skb)
1746 return;
1747
1748 rc = pn533_send_data_async(dev, PN533_CMD_TG_GET_DATA, skb,
1749 pn533_tm_get_data_complete, NULL);
1750
1751 if (rc < 0)
1752 dev_kfree_skb(skb);
1753
1754 return;
1755}
1756
1757#define ATR_REQ_GB_OFFSET 17
1758static int pn533_init_target_complete(struct pn533 *dev, struct sk_buff *resp)
1759{
1760 u8 mode, *cmd, comm_mode = NFC_COMM_PASSIVE, *gb;
1761 size_t gb_len;
1762 int rc;
1763
1764 dev_dbg(&dev->interface->dev, "%s\n", __func__);
1765
1766 if (resp->len < ATR_REQ_GB_OFFSET + 1)
1767 return -EINVAL;
1768
1769 mode = resp->data[0];
1770 cmd = &resp->data[1];
1771
1772 dev_dbg(&dev->interface->dev, "Target mode 0x%x len %d\n",
1773 mode, resp->len);
1774
1775 if ((mode & PN533_INIT_TARGET_RESP_FRAME_MASK) ==
1776 PN533_INIT_TARGET_RESP_ACTIVE)
1777 comm_mode = NFC_COMM_ACTIVE;
1778
1779 if ((mode & PN533_INIT_TARGET_RESP_DEP) == 0) /* Only DEP supported */
1780 return -EOPNOTSUPP;
1781
1782 gb = cmd + ATR_REQ_GB_OFFSET;
1783 gb_len = resp->len - (ATR_REQ_GB_OFFSET + 1);
1784
1785 rc = nfc_tm_activated(dev->nfc_dev, NFC_PROTO_NFC_DEP_MASK,
1786 comm_mode, gb, gb_len);
1787 if (rc < 0) {
1788 nfc_err(&dev->interface->dev,
1789 "Error when signaling target activation\n");
1790 return rc;
1791 }
1792
1793 dev->tgt_mode = 1;
1794 queue_work(dev->wq, &dev->tg_work);
1795
1796 return 0;
1797}
1798
1799static void pn533_listen_mode_timer(unsigned long data)
1800{
1801 struct pn533 *dev = (struct pn533 *)data;
1802
1803 dev_dbg(&dev->interface->dev, "Listen mode timeout\n");
1804
1805 dev->cancel_listen = 1;
1806
1807 pn533_poll_next_mod(dev);
1808
1809 queue_delayed_work(dev->wq, &dev->poll_work,
1810 msecs_to_jiffies(PN533_POLL_INTERVAL));
1811}
1812
1813static int pn533_rf_complete(struct pn533 *dev, void *arg,
1814 struct sk_buff *resp)
1815{
1816 int rc = 0;
1817
1818 dev_dbg(&dev->interface->dev, "%s\n", __func__);
1819
1820 if (IS_ERR(resp)) {
1821 rc = PTR_ERR(resp);
1822
1823 nfc_err(&dev->interface->dev, "RF setting error %d\n", rc);
1824
1825 return rc;
1826 }
1827
1828 queue_delayed_work(dev->wq, &dev->poll_work,
1829 msecs_to_jiffies(PN533_POLL_INTERVAL));
1830
1831 dev_kfree_skb(resp);
1832 return rc;
1833}
1834
1835static void pn533_wq_rf(struct work_struct *work)
1836{
1837 struct pn533 *dev = container_of(work, struct pn533, rf_work);
1838 struct sk_buff *skb;
1839 int rc;
1840
1841 dev_dbg(&dev->interface->dev, "%s\n", __func__);
1842
1843 skb = pn533_alloc_skb(dev, 2);
1844 if (!skb)
1845 return;
1846
1847 *skb_put(skb, 1) = PN533_CFGITEM_RF_FIELD;
1848 *skb_put(skb, 1) = PN533_CFGITEM_RF_FIELD_AUTO_RFCA;
1849
1850 rc = pn533_send_cmd_async(dev, PN533_CMD_RF_CONFIGURATION, skb,
1851 pn533_rf_complete, NULL);
1852 if (rc < 0) {
1853 dev_kfree_skb(skb);
1854 nfc_err(&dev->interface->dev, "RF setting error %d\n", rc);
1855 }
1856
1857 return;
1858}
1859
1860static int pn533_poll_dep_complete(struct pn533 *dev, void *arg,
1861 struct sk_buff *resp)
1862{
1863 struct pn533_cmd_jump_dep_response *rsp;
1864 struct nfc_target nfc_target;
1865 u8 target_gt_len;
1866 int rc;
1867
1868 if (IS_ERR(resp))
1869 return PTR_ERR(resp);
1870
1871 rsp = (struct pn533_cmd_jump_dep_response *)resp->data;
1872
1873 rc = rsp->status & PN533_CMD_RET_MASK;
1874 if (rc != PN533_CMD_RET_SUCCESS) {
1875 /* Not target found, turn radio off */
1876 queue_work(dev->wq, &dev->rf_work);
1877
1878 dev_kfree_skb(resp);
1879 return 0;
1880 }
1881
1882 dev_dbg(&dev->interface->dev, "Creating new target");
1883
1884 nfc_target.supported_protocols = NFC_PROTO_NFC_DEP_MASK;
1885 nfc_target.nfcid1_len = 10;
1886 memcpy(nfc_target.nfcid1, rsp->nfcid3t, nfc_target.nfcid1_len);
1887 rc = nfc_targets_found(dev->nfc_dev, &nfc_target, 1);
1888 if (rc)
1889 goto error;
1890
1891 dev->tgt_available_prots = 0;
1892 dev->tgt_active_prot = NFC_PROTO_NFC_DEP;
1893
1894 /* ATR_RES general bytes are located at offset 17 */
1895 target_gt_len = resp->len - 17;
1896 rc = nfc_set_remote_general_bytes(dev->nfc_dev,
1897 rsp->gt, target_gt_len);
1898 if (!rc) {
1899 rc = nfc_dep_link_is_up(dev->nfc_dev,
1900 dev->nfc_dev->targets[0].idx,
1901 0, NFC_RF_INITIATOR);
1902
1903 if (!rc)
1904 pn533_poll_reset_mod_list(dev);
1905 }
1906error:
1907 dev_kfree_skb(resp);
1908 return rc;
1909}
1910
1911#define PASSIVE_DATA_LEN 5
1912static int pn533_poll_dep(struct nfc_dev *nfc_dev)
1913{
1914 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1915 struct sk_buff *skb;
1916 int rc, skb_len;
1917 u8 *next, nfcid3[NFC_NFCID3_MAXSIZE];
1918 u8 passive_data[PASSIVE_DATA_LEN] = {0x00, 0xff, 0xff, 0x00, 0x3};
1919
1920 dev_dbg(&dev->interface->dev, "%s", __func__);
1921
1922 if (!dev->gb) {
1923 dev->gb = nfc_get_local_general_bytes(nfc_dev, &dev->gb_len);
1924
1925 if (!dev->gb || !dev->gb_len) {
1926 dev->poll_dep = 0;
1927 queue_work(dev->wq, &dev->rf_work);
1928 }
1929 }
1930
1931 skb_len = 3 + dev->gb_len; /* ActPass + BR + Next */
1932 skb_len += PASSIVE_DATA_LEN;
1933
1934 /* NFCID3 */
1935 skb_len += NFC_NFCID3_MAXSIZE;
1936 nfcid3[0] = 0x1;
1937 nfcid3[1] = 0xfe;
1938 get_random_bytes(nfcid3 + 2, 6);
1939
1940 skb = pn533_alloc_skb(dev, skb_len);
1941 if (!skb)
1942 return -ENOMEM;
1943
1944 *skb_put(skb, 1) = 0x01; /* Active */
1945 *skb_put(skb, 1) = 0x02; /* 424 kbps */
1946
1947 next = skb_put(skb, 1); /* Next */
1948 *next = 0;
1949
1950 /* Copy passive data */
1951 memcpy(skb_put(skb, PASSIVE_DATA_LEN), passive_data, PASSIVE_DATA_LEN);
1952 *next |= 1;
1953
1954 /* Copy NFCID3 (which is NFCID2 from SENSF_RES) */
1955 memcpy(skb_put(skb, NFC_NFCID3_MAXSIZE), nfcid3,
1956 NFC_NFCID3_MAXSIZE);
1957 *next |= 2;
1958
1959 memcpy(skb_put(skb, dev->gb_len), dev->gb, dev->gb_len);
1960 *next |= 4; /* We have some Gi */
1961
1962 rc = pn533_send_cmd_async(dev, PN533_CMD_IN_JUMP_FOR_DEP, skb,
1963 pn533_poll_dep_complete, NULL);
1964
1965 if (rc < 0)
1966 dev_kfree_skb(skb);
1967
1968 return rc;
1969}
1970
1971static int pn533_poll_complete(struct pn533 *dev, void *arg,
1972 struct sk_buff *resp)
1973{
1974 struct pn533_poll_modulations *cur_mod;
1975 int rc;
1976
1977 dev_dbg(&dev->interface->dev, "%s\n", __func__);
1978
1979 if (IS_ERR(resp)) {
1980 rc = PTR_ERR(resp);
1981
1982 nfc_err(&dev->interface->dev, "%s Poll complete error %d\n",
1983 __func__, rc);
1984
1985 if (rc == -ENOENT) {
1986 if (dev->poll_mod_count != 0)
1987 return rc;
1988 else
1989 goto stop_poll;
1990 } else if (rc < 0) {
1991 nfc_err(&dev->interface->dev,
1992 "Error %d when running poll\n", rc);
1993 goto stop_poll;
1994 }
1995 }
1996
1997 cur_mod = dev->poll_mod_active[dev->poll_mod_curr];
1998
1999 if (cur_mod->len == 0) { /* Target mode */
2000 del_timer(&dev->listen_timer);
2001 rc = pn533_init_target_complete(dev, resp);
2002 goto done;
2003 }
2004
2005 /* Initiator mode */
2006 rc = pn533_start_poll_complete(dev, resp);
2007 if (!rc)
2008 goto done;
2009
2010 if (!dev->poll_mod_count) {
2011 dev_dbg(&dev->interface->dev, "Polling has been stopped\n");
2012 goto done;
2013 }
2014
2015 pn533_poll_next_mod(dev);
2016 /* Not target found, turn radio off */
2017 queue_work(dev->wq, &dev->rf_work);
2018
2019done:
2020 dev_kfree_skb(resp);
2021 return rc;
2022
2023stop_poll:
2024 nfc_err(&dev->interface->dev, "Polling operation has been stopped\n");
2025
2026 pn533_poll_reset_mod_list(dev);
2027 dev->poll_protocols = 0;
2028 return rc;
2029}
2030
2031static struct sk_buff *pn533_alloc_poll_in_frame(struct pn533 *dev,
2032 struct pn533_poll_modulations *mod)
2033{
2034 struct sk_buff *skb;
2035
2036 skb = pn533_alloc_skb(dev, mod->len);
2037 if (!skb)
2038 return NULL;
2039
2040 memcpy(skb_put(skb, mod->len), &mod->data, mod->len);
2041
2042 return skb;
2043}
2044
2045static int pn533_send_poll_frame(struct pn533 *dev)
2046{
2047 struct pn533_poll_modulations *mod;
2048 struct sk_buff *skb;
2049 int rc;
2050 u8 cmd_code;
2051
2052 mod = dev->poll_mod_active[dev->poll_mod_curr];
2053
2054 dev_dbg(&dev->interface->dev, "%s mod len %d\n",
2055 __func__, mod->len);
2056
2057 if (dev->poll_dep) {
2058 dev->poll_dep = 0;
2059 return pn533_poll_dep(dev->nfc_dev);
2060 }
2061
2062 if (mod->len == 0) { /* Listen mode */
2063 cmd_code = PN533_CMD_TG_INIT_AS_TARGET;
2064 skb = pn533_alloc_poll_tg_frame(dev);
2065 } else { /* Polling mode */
2066 cmd_code = PN533_CMD_IN_LIST_PASSIVE_TARGET;
2067 skb = pn533_alloc_poll_in_frame(dev, mod);
2068 }
2069
2070 if (!skb) {
2071 nfc_err(&dev->interface->dev, "Failed to allocate skb\n");
2072 return -ENOMEM;
2073 }
2074
2075 rc = pn533_send_cmd_async(dev, cmd_code, skb, pn533_poll_complete,
2076 NULL);
2077 if (rc < 0) {
2078 dev_kfree_skb(skb);
2079 nfc_err(&dev->interface->dev, "Polling loop error %d\n", rc);
2080 }
2081
2082 return rc;
2083}
2084
2085static void pn533_wq_poll(struct work_struct *work)
2086{
2087 struct pn533 *dev = container_of(work, struct pn533, poll_work.work);
2088 struct pn533_poll_modulations *cur_mod;
2089 int rc;
2090
2091 cur_mod = dev->poll_mod_active[dev->poll_mod_curr];
2092
2093 dev_dbg(&dev->interface->dev,
2094 "%s cancel_listen %d modulation len %d\n",
2095 __func__, dev->cancel_listen, cur_mod->len);
2096
2097 if (dev->cancel_listen == 1) {
2098 dev->cancel_listen = 0;
2099 pn533_abort_cmd(dev, GFP_ATOMIC);
2100 }
2101
2102 rc = pn533_send_poll_frame(dev);
2103 if (rc)
2104 return;
2105
2106 if (cur_mod->len == 0 && dev->poll_mod_count > 1)
2107 mod_timer(&dev->listen_timer, jiffies + PN533_LISTEN_TIME * HZ);
2108
2109 return;
2110}
2111
2112static int pn533_start_poll(struct nfc_dev *nfc_dev,
2113 u32 im_protocols, u32 tm_protocols)
2114{
2115 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
2116 struct pn533_poll_modulations *cur_mod;
2117 u8 rand_mod;
2118 int rc;
2119
2120 dev_dbg(&dev->interface->dev,
2121 "%s: im protocols 0x%x tm protocols 0x%x\n",
2122 __func__, im_protocols, tm_protocols);
2123
2124 if (dev->tgt_active_prot) {
2125 nfc_err(&dev->interface->dev,
2126 "Cannot poll with a target already activated\n");
2127 return -EBUSY;
2128 }
2129
2130 if (dev->tgt_mode) {
2131 nfc_err(&dev->interface->dev,
2132 "Cannot poll while already being activated\n");
2133 return -EBUSY;
2134 }
2135
2136 if (tm_protocols) {
2137 dev->gb = nfc_get_local_general_bytes(nfc_dev, &dev->gb_len);
2138 if (dev->gb == NULL)
2139 tm_protocols = 0;
2140 }
2141
2142 pn533_poll_create_mod_list(dev, im_protocols, tm_protocols);
2143 dev->poll_protocols = im_protocols;
2144 dev->listen_protocols = tm_protocols;
2145
2146 /* Do not always start polling from the same modulation */
2147 get_random_bytes(&rand_mod, sizeof(rand_mod));
2148 rand_mod %= dev->poll_mod_count;
2149 dev->poll_mod_curr = rand_mod;
2150
2151 cur_mod = dev->poll_mod_active[dev->poll_mod_curr];
2152
2153 rc = pn533_send_poll_frame(dev);
2154
2155 /* Start listen timer */
2156 if (!rc && cur_mod->len == 0 && dev->poll_mod_count > 1)
2157 mod_timer(&dev->listen_timer, jiffies + PN533_LISTEN_TIME * HZ);
2158
2159 return rc;
2160}
2161
2162static void pn533_stop_poll(struct nfc_dev *nfc_dev)
2163{
2164 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
2165
2166 del_timer(&dev->listen_timer);
2167
2168 if (!dev->poll_mod_count) {
2169 dev_dbg(&dev->interface->dev,
2170 "Polling operation was not running\n");
2171 return;
2172 }
2173
2174 pn533_abort_cmd(dev, GFP_KERNEL);
2175 flush_delayed_work(&dev->poll_work);
2176 pn533_poll_reset_mod_list(dev);
2177}
2178
2179static int pn533_activate_target_nfcdep(struct pn533 *dev)
2180{
2181 struct pn533_cmd_activate_response *rsp;
2182 u16 gt_len;
2183 int rc;
2184 struct sk_buff *skb;
2185 struct sk_buff *resp;
2186
2187 dev_dbg(&dev->interface->dev, "%s\n", __func__);
2188
2189 skb = pn533_alloc_skb(dev, sizeof(u8) * 2); /*TG + Next*/
2190 if (!skb)
2191 return -ENOMEM;
2192
2193 *skb_put(skb, sizeof(u8)) = 1; /* TG */
2194 *skb_put(skb, sizeof(u8)) = 0; /* Next */
2195
2196 resp = pn533_send_cmd_sync(dev, PN533_CMD_IN_ATR, skb);
2197 if (IS_ERR(resp))
2198 return PTR_ERR(resp);
2199
2200 rsp = (struct pn533_cmd_activate_response *)resp->data;
2201 rc = rsp->status & PN533_CMD_RET_MASK;
2202 if (rc != PN533_CMD_RET_SUCCESS) {
2203 nfc_err(&dev->interface->dev,
2204 "Target activation failed (error 0x%x)\n", rc);
2205 dev_kfree_skb(resp);
2206 return -EIO;
2207 }
2208
2209 /* ATR_RES general bytes are located at offset 16 */
2210 gt_len = resp->len - 16;
2211 rc = nfc_set_remote_general_bytes(dev->nfc_dev, rsp->gt, gt_len);
2212
2213 dev_kfree_skb(resp);
2214 return rc;
2215}
2216
2217static int pn533_activate_target(struct nfc_dev *nfc_dev,
2218 struct nfc_target *target, u32 protocol)
2219{
2220 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
2221 int rc;
2222
2223 dev_dbg(&dev->interface->dev, "%s: protocol=%u\n", __func__, protocol);
2224
2225 if (dev->poll_mod_count) {
2226 nfc_err(&dev->interface->dev,
2227 "Cannot activate while polling\n");
2228 return -EBUSY;
2229 }
2230
2231 if (dev->tgt_active_prot) {
2232 nfc_err(&dev->interface->dev,
2233 "There is already an active target\n");
2234 return -EBUSY;
2235 }
2236
2237 if (!dev->tgt_available_prots) {
2238 nfc_err(&dev->interface->dev,
2239 "There is no available target to activate\n");
2240 return -EINVAL;
2241 }
2242
2243 if (!(dev->tgt_available_prots & (1 << protocol))) {
2244 nfc_err(&dev->interface->dev,
2245 "Target doesn't support requested proto %u\n",
2246 protocol);
2247 return -EINVAL;
2248 }
2249
2250 if (protocol == NFC_PROTO_NFC_DEP) {
2251 rc = pn533_activate_target_nfcdep(dev);
2252 if (rc) {
2253 nfc_err(&dev->interface->dev,
2254 "Activating target with DEP failed %d\n", rc);
2255 return rc;
2256 }
2257 }
2258
2259 dev->tgt_active_prot = protocol;
2260 dev->tgt_available_prots = 0;
2261
2262 return 0;
2263}
2264
2265static void pn533_deactivate_target(struct nfc_dev *nfc_dev,
2266 struct nfc_target *target, u8 mode)
2267{
2268 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
2269 struct sk_buff *skb;
2270 struct sk_buff *resp;
2271 int rc;
2272
2273 dev_dbg(&dev->interface->dev, "%s\n", __func__);
2274
2275 if (!dev->tgt_active_prot) {
2276 nfc_err(&dev->interface->dev, "There is no active target\n");
2277 return;
2278 }
2279
2280 dev->tgt_active_prot = 0;
2281 skb_queue_purge(&dev->resp_q);
2282
2283 skb = pn533_alloc_skb(dev, sizeof(u8));
2284 if (!skb)
2285 return;
2286
2287 *skb_put(skb, 1) = 1; /* TG*/
2288
2289 resp = pn533_send_cmd_sync(dev, PN533_CMD_IN_RELEASE, skb);
2290 if (IS_ERR(resp))
2291 return;
2292
2293 rc = resp->data[0] & PN533_CMD_RET_MASK;
2294 if (rc != PN533_CMD_RET_SUCCESS)
2295 nfc_err(&dev->interface->dev,
2296 "Error 0x%x when releasing the target\n", rc);
2297
2298 dev_kfree_skb(resp);
2299 return;
2300}
2301
2302
2303static int pn533_in_dep_link_up_complete(struct pn533 *dev, void *arg,
2304 struct sk_buff *resp)
2305{
2306 struct pn533_cmd_jump_dep_response *rsp;
2307 u8 target_gt_len;
2308 int rc;
2309 u8 active = *(u8 *)arg;
2310
2311 kfree(arg);
2312
2313 if (IS_ERR(resp))
2314 return PTR_ERR(resp);
2315
2316 if (dev->tgt_available_prots &&
2317 !(dev->tgt_available_prots & (1 << NFC_PROTO_NFC_DEP))) {
2318 nfc_err(&dev->interface->dev,
2319 "The target does not support DEP\n");
2320 rc = -EINVAL;
2321 goto error;
2322 }
2323
2324 rsp = (struct pn533_cmd_jump_dep_response *)resp->data;
2325
2326 rc = rsp->status & PN533_CMD_RET_MASK;
2327 if (rc != PN533_CMD_RET_SUCCESS) {
2328 nfc_err(&dev->interface->dev,
2329 "Bringing DEP link up failed (error 0x%x)\n", rc);
2330 goto error;
2331 }
2332
2333 if (!dev->tgt_available_prots) {
2334 struct nfc_target nfc_target;
2335
2336 dev_dbg(&dev->interface->dev, "Creating new target\n");
2337
2338 nfc_target.supported_protocols = NFC_PROTO_NFC_DEP_MASK;
2339 nfc_target.nfcid1_len = 10;
2340 memcpy(nfc_target.nfcid1, rsp->nfcid3t, nfc_target.nfcid1_len);
2341 rc = nfc_targets_found(dev->nfc_dev, &nfc_target, 1);
2342 if (rc)
2343 goto error;
2344
2345 dev->tgt_available_prots = 0;
2346 }
2347
2348 dev->tgt_active_prot = NFC_PROTO_NFC_DEP;
2349
2350 /* ATR_RES general bytes are located at offset 17 */
2351 target_gt_len = resp->len - 17;
2352 rc = nfc_set_remote_general_bytes(dev->nfc_dev,
2353 rsp->gt, target_gt_len);
2354 if (rc == 0)
2355 rc = nfc_dep_link_is_up(dev->nfc_dev,
2356 dev->nfc_dev->targets[0].idx,
2357 !active, NFC_RF_INITIATOR);
2358
2359error:
2360 dev_kfree_skb(resp);
2361 return rc;
2362}
2363
2364static int pn533_rf_field(struct nfc_dev *nfc_dev, u8 rf);
2365static int pn533_dep_link_up(struct nfc_dev *nfc_dev, struct nfc_target *target,
2366 u8 comm_mode, u8 *gb, size_t gb_len)
2367{
2368 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
2369 struct sk_buff *skb;
2370 int rc, skb_len;
2371 u8 *next, *arg, nfcid3[NFC_NFCID3_MAXSIZE];
2372 u8 passive_data[PASSIVE_DATA_LEN] = {0x00, 0xff, 0xff, 0x00, 0x3};
2373
2374 dev_dbg(&dev->interface->dev, "%s\n", __func__);
2375
2376 if (dev->poll_mod_count) {
2377 nfc_err(&dev->interface->dev,
2378 "Cannot bring the DEP link up while polling\n");
2379 return -EBUSY;
2380 }
2381
2382 if (dev->tgt_active_prot) {
2383 nfc_err(&dev->interface->dev,
2384 "There is already an active target\n");
2385 return -EBUSY;
2386 }
2387
2388 skb_len = 3 + gb_len; /* ActPass + BR + Next */
2389 skb_len += PASSIVE_DATA_LEN;
2390
2391 /* NFCID3 */
2392 skb_len += NFC_NFCID3_MAXSIZE;
2393 if (target && !target->nfcid2_len) {
2394 nfcid3[0] = 0x1;
2395 nfcid3[1] = 0xfe;
2396 get_random_bytes(nfcid3 + 2, 6);
2397 }
2398
2399 skb = pn533_alloc_skb(dev, skb_len);
2400 if (!skb)
2401 return -ENOMEM;
2402
2403 *skb_put(skb, 1) = !comm_mode; /* ActPass */
2404 *skb_put(skb, 1) = 0x02; /* 424 kbps */
2405
2406 next = skb_put(skb, 1); /* Next */
2407 *next = 0;
2408
2409 /* Copy passive data */
2410 memcpy(skb_put(skb, PASSIVE_DATA_LEN), passive_data, PASSIVE_DATA_LEN);
2411 *next |= 1;
2412
2413 /* Copy NFCID3 (which is NFCID2 from SENSF_RES) */
2414 if (target && target->nfcid2_len)
2415 memcpy(skb_put(skb, NFC_NFCID3_MAXSIZE), target->nfcid2,
2416 target->nfcid2_len);
2417 else
2418 memcpy(skb_put(skb, NFC_NFCID3_MAXSIZE), nfcid3,
2419 NFC_NFCID3_MAXSIZE);
2420 *next |= 2;
2421
2422 if (gb != NULL && gb_len > 0) {
2423 memcpy(skb_put(skb, gb_len), gb, gb_len);
2424 *next |= 4; /* We have some Gi */
2425 } else {
2426 *next = 0;
2427 }
2428
2429 arg = kmalloc(sizeof(*arg), GFP_KERNEL);
2430 if (!arg) {
2431 dev_kfree_skb(skb);
2432 return -ENOMEM;
2433 }
2434
2435 *arg = !comm_mode;
2436
2437 pn533_rf_field(dev->nfc_dev, 0);
2438
2439 rc = pn533_send_cmd_async(dev, PN533_CMD_IN_JUMP_FOR_DEP, skb,
2440 pn533_in_dep_link_up_complete, arg);
2441
2442 if (rc < 0) {
2443 dev_kfree_skb(skb);
2444 kfree(arg);
2445 }
2446
2447 return rc;
2448}
2449
2450static int pn533_dep_link_down(struct nfc_dev *nfc_dev)
2451{
2452 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
2453
2454 dev_dbg(&dev->interface->dev, "%s\n", __func__);
2455
2456 pn533_poll_reset_mod_list(dev);
2457
2458 if (dev->tgt_mode || dev->tgt_active_prot)
2459 pn533_abort_cmd(dev, GFP_KERNEL);
2460
2461 dev->tgt_active_prot = 0;
2462 dev->tgt_mode = 0;
2463
2464 skb_queue_purge(&dev->resp_q);
2465
2466 return 0;
2467}
2468
2469struct pn533_data_exchange_arg {
2470 data_exchange_cb_t cb;
2471 void *cb_context;
2472};
2473
2474static struct sk_buff *pn533_build_response(struct pn533 *dev)
2475{
2476 struct sk_buff *skb, *tmp, *t;
2477 unsigned int skb_len = 0, tmp_len = 0;
2478
2479 dev_dbg(&dev->interface->dev, "%s\n", __func__);
2480
2481 if (skb_queue_empty(&dev->resp_q))
2482 return NULL;
2483
2484 if (skb_queue_len(&dev->resp_q) == 1) {
2485 skb = skb_dequeue(&dev->resp_q);
2486 goto out;
2487 }
2488
2489 skb_queue_walk_safe(&dev->resp_q, tmp, t)
2490 skb_len += tmp->len;
2491
2492 dev_dbg(&dev->interface->dev, "%s total length %d\n",
2493 __func__, skb_len);
2494
2495 skb = alloc_skb(skb_len, GFP_KERNEL);
2496 if (skb == NULL)
2497 goto out;
2498
2499 skb_put(skb, skb_len);
2500
2501 skb_queue_walk_safe(&dev->resp_q, tmp, t) {
2502 memcpy(skb->data + tmp_len, tmp->data, tmp->len);
2503 tmp_len += tmp->len;
2504 }
2505
2506out:
2507 skb_queue_purge(&dev->resp_q);
2508
2509 return skb;
2510}
2511
2512static int pn533_data_exchange_complete(struct pn533 *dev, void *_arg,
2513 struct sk_buff *resp)
2514{
2515 struct pn533_data_exchange_arg *arg = _arg;
2516 struct sk_buff *skb;
2517 int rc = 0;
2518 u8 status, ret, mi;
2519
2520 dev_dbg(&dev->interface->dev, "%s\n", __func__);
2521
2522 if (IS_ERR(resp)) {
2523 rc = PTR_ERR(resp);
2524 goto _error;
2525 }
2526
2527 status = resp->data[0];
2528 ret = status & PN533_CMD_RET_MASK;
2529 mi = status & PN533_CMD_MI_MASK;
2530
2531 skb_pull(resp, sizeof(status));
2532
2533 if (ret != PN533_CMD_RET_SUCCESS) {
2534 nfc_err(&dev->interface->dev,
2535 "Exchanging data failed (error 0x%x)\n", ret);
2536 rc = -EIO;
2537 goto error;
2538 }
2539
2540 skb_queue_tail(&dev->resp_q, resp);
2541
2542 if (mi) {
2543 dev->cmd_complete_mi_arg = arg;
2544 queue_work(dev->wq, &dev->mi_rx_work);
2545 return -EINPROGRESS;
2546 }
2547
2548 /* Prepare for the next round */
2549 if (skb_queue_len(&dev->fragment_skb) > 0) {
2550 dev->cmd_complete_dep_arg = arg;
2551 queue_work(dev->wq, &dev->mi_tx_work);
2552
2553 return -EINPROGRESS;
2554 }
2555
2556 skb = pn533_build_response(dev);
2557 if (!skb) {
2558 rc = -ENOMEM;
2559 goto error;
2560 }
2561
2562 arg->cb(arg->cb_context, skb, 0);
2563 kfree(arg);
2564 return 0;
2565
2566error:
2567 dev_kfree_skb(resp);
2568_error:
2569 skb_queue_purge(&dev->resp_q);
2570 arg->cb(arg->cb_context, NULL, rc);
2571 kfree(arg);
2572 return rc;
2573}
2574
2575/* Split the Tx skb into small chunks */
2576static int pn533_fill_fragment_skbs(struct pn533 *dev, struct sk_buff *skb)
2577{
2578 struct sk_buff *frag;
2579 int frag_size;
2580
2581 do {
2582 /* Remaining size */
2583 if (skb->len > PN533_CMD_DATAFRAME_MAXLEN)
2584 frag_size = PN533_CMD_DATAFRAME_MAXLEN;
2585 else
2586 frag_size = skb->len;
2587
2588 /* Allocate and reserve */
2589 frag = pn533_alloc_skb(dev, frag_size);
2590 if (!frag) {
2591 skb_queue_purge(&dev->fragment_skb);
2592 break;
2593 }
2594
2595 if (!dev->tgt_mode) {
2596 /* Reserve the TG/MI byte */
2597 skb_reserve(frag, 1);
2598
2599 /* MI + TG */
2600 if (frag_size == PN533_CMD_DATAFRAME_MAXLEN)
2601 *skb_push(frag, sizeof(u8)) =
2602 (PN533_CMD_MI_MASK | 1);
2603 else
2604 *skb_push(frag, sizeof(u8)) = 1; /* TG */
2605 }
2606
2607 memcpy(skb_put(frag, frag_size), skb->data, frag_size);
2608
2609 /* Reduce the size of incoming buffer */
2610 skb_pull(skb, frag_size);
2611
2612 /* Add this to skb_queue */
2613 skb_queue_tail(&dev->fragment_skb, frag);
2614
2615 } while (skb->len > 0);
2616
2617 dev_kfree_skb(skb);
2618
2619 return skb_queue_len(&dev->fragment_skb);
2620}
2621
2622static int pn533_transceive(struct nfc_dev *nfc_dev,
2623 struct nfc_target *target, struct sk_buff *skb,
2624 data_exchange_cb_t cb, void *cb_context)
2625{
2626 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
2627 struct pn533_data_exchange_arg *arg = NULL;
2628 int rc;
2629
2630 dev_dbg(&dev->interface->dev, "%s\n", __func__);
2631
2632 if (!dev->tgt_active_prot) {
2633 nfc_err(&dev->interface->dev,
2634 "Can't exchange data if there is no active target\n");
2635 rc = -EINVAL;
2636 goto error;
2637 }
2638
2639 arg = kmalloc(sizeof(*arg), GFP_KERNEL);
2640 if (!arg) {
2641 rc = -ENOMEM;
2642 goto error;
2643 }
2644
2645 arg->cb = cb;
2646 arg->cb_context = cb_context;
2647
2648 switch (dev->device_type) {
2649 case PN533_DEVICE_PASORI:
2650 if (dev->tgt_active_prot == NFC_PROTO_FELICA) {
2651 rc = pn533_send_data_async(dev, PN533_CMD_IN_COMM_THRU,
2652 skb,
2653 pn533_data_exchange_complete,
2654 arg);
2655
2656 break;
2657 }
2658 default:
2659 /* jumbo frame ? */
2660 if (skb->len > PN533_CMD_DATAEXCH_DATA_MAXLEN) {
2661 rc = pn533_fill_fragment_skbs(dev, skb);
2662 if (rc <= 0)
2663 goto error;
2664
2665 skb = skb_dequeue(&dev->fragment_skb);
2666 if (!skb) {
2667 rc = -EIO;
2668 goto error;
2669 }
2670 } else {
2671 *skb_push(skb, sizeof(u8)) = 1; /* TG */
2672 }
2673
2674 rc = pn533_send_data_async(dev, PN533_CMD_IN_DATA_EXCHANGE,
2675 skb, pn533_data_exchange_complete,
2676 arg);
2677
2678 break;
2679 }
2680
2681 if (rc < 0) /* rc from send_async */
2682 goto error;
2683
2684 return 0;
2685
2686error:
2687 kfree(arg);
2688 dev_kfree_skb(skb);
2689 return rc;
2690}
2691
2692static int pn533_tm_send_complete(struct pn533 *dev, void *arg,
2693 struct sk_buff *resp)
2694{
2695 u8 status;
2696
2697 dev_dbg(&dev->interface->dev, "%s\n", __func__);
2698
2699 if (IS_ERR(resp))
2700 return PTR_ERR(resp);
2701
2702 status = resp->data[0];
2703
2704 /* Prepare for the next round */
2705 if (skb_queue_len(&dev->fragment_skb) > 0) {
2706 queue_work(dev->wq, &dev->mi_tm_tx_work);
2707 return -EINPROGRESS;
2708 }
2709 dev_kfree_skb(resp);
2710
2711 if (status != 0) {
2712 nfc_tm_deactivated(dev->nfc_dev);
2713
2714 dev->tgt_mode = 0;
2715
2716 return 0;
2717 }
2718
2719 queue_work(dev->wq, &dev->tg_work);
2720
2721 return 0;
2722}
2723
2724static int pn533_tm_send(struct nfc_dev *nfc_dev, struct sk_buff *skb)
2725{
2726 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
2727 int rc;
2728
2729 dev_dbg(&dev->interface->dev, "%s\n", __func__);
2730
2731 /* let's split in multiple chunks if size's too big */
2732 if (skb->len > PN533_CMD_DATAEXCH_DATA_MAXLEN) {
2733 rc = pn533_fill_fragment_skbs(dev, skb);
2734 if (rc <= 0)
2735 goto error;
2736
2737 /* get the first skb */
2738 skb = skb_dequeue(&dev->fragment_skb);
2739 if (!skb) {
2740 rc = -EIO;
2741 goto error;
2742 }
2743
2744 rc = pn533_send_data_async(dev, PN533_CMD_TG_SET_META_DATA, skb,
2745 pn533_tm_send_complete, NULL);
2746 } else {
2747 /* Send th skb */
2748 rc = pn533_send_data_async(dev, PN533_CMD_TG_SET_DATA, skb,
2749 pn533_tm_send_complete, NULL);
2750 }
2751
2752error:
2753 if (rc < 0) {
2754 dev_kfree_skb(skb);
2755 skb_queue_purge(&dev->fragment_skb);
2756 }
2757
2758 return rc;
2759}
2760
2761static void pn533_wq_mi_recv(struct work_struct *work)
2762{
2763 struct pn533 *dev = container_of(work, struct pn533, mi_rx_work);
2764 struct sk_buff *skb;
2765 int rc;
2766
2767 dev_dbg(&dev->interface->dev, "%s\n", __func__);
2768
2769 skb = pn533_alloc_skb(dev, PN533_CMD_DATAEXCH_HEAD_LEN);
2770 if (!skb)
2771 goto error;
2772
2773 switch (dev->device_type) {
2774 case PN533_DEVICE_PASORI:
2775 if (dev->tgt_active_prot == NFC_PROTO_FELICA) {
2776 rc = pn533_send_cmd_direct_async(dev,
2777 PN533_CMD_IN_COMM_THRU,
2778 skb,
2779 pn533_data_exchange_complete,
2780 dev->cmd_complete_mi_arg);
2781
2782 break;
2783 }
2784 default:
2785 *skb_put(skb, sizeof(u8)) = 1; /*TG*/
2786
2787 rc = pn533_send_cmd_direct_async(dev,
2788 PN533_CMD_IN_DATA_EXCHANGE,
2789 skb,
2790 pn533_data_exchange_complete,
2791 dev->cmd_complete_mi_arg);
2792
2793 break;
2794 }
2795
2796 if (rc == 0) /* success */
2797 return;
2798
2799 nfc_err(&dev->interface->dev,
2800 "Error %d when trying to perform data_exchange\n", rc);
2801
2802 dev_kfree_skb(skb);
2803 kfree(dev->cmd_complete_mi_arg);
2804
2805error:
2806 pn533_send_ack(dev, GFP_KERNEL);
2807 queue_work(dev->wq, &dev->cmd_work);
2808}
2809
2810static void pn533_wq_mi_send(struct work_struct *work)
2811{
2812 struct pn533 *dev = container_of(work, struct pn533, mi_tx_work);
2813 struct sk_buff *skb;
2814 int rc;
2815
2816 dev_dbg(&dev->interface->dev, "%s\n", __func__);
2817
2818 /* Grab the first skb in the queue */
2819 skb = skb_dequeue(&dev->fragment_skb);
2820
2821 if (skb == NULL) { /* No more data */
2822 /* Reset the queue for future use */
2823 skb_queue_head_init(&dev->fragment_skb);
2824 goto error;
2825 }
2826
2827 switch (dev->device_type) {
2828 case PN533_DEVICE_PASORI:
2829 if (dev->tgt_active_prot != NFC_PROTO_FELICA) {
2830 rc = -EIO;
2831 break;
2832 }
2833
2834 rc = pn533_send_cmd_direct_async(dev, PN533_CMD_IN_COMM_THRU,
2835 skb,
2836 pn533_data_exchange_complete,
2837 dev->cmd_complete_dep_arg);
2838
2839 break;
2840
2841 default:
2842 /* Still some fragments? */
2843 rc = pn533_send_cmd_direct_async(dev,PN533_CMD_IN_DATA_EXCHANGE,
2844 skb,
2845 pn533_data_exchange_complete,
2846 dev->cmd_complete_dep_arg);
2847
2848 break;
2849 }
2850
2851 if (rc == 0) /* success */
2852 return;
2853
2854 nfc_err(&dev->interface->dev,
2855 "Error %d when trying to perform data_exchange\n", rc);
2856
2857 dev_kfree_skb(skb);
2858 kfree(dev->cmd_complete_dep_arg);
2859
2860error:
2861 pn533_send_ack(dev, GFP_KERNEL);
2862 queue_work(dev->wq, &dev->cmd_work);
2863}
2864
2865static int pn533_set_configuration(struct pn533 *dev, u8 cfgitem, u8 *cfgdata,
2866 u8 cfgdata_len)
2867{
2868 struct sk_buff *skb;
2869 struct sk_buff *resp;
2870 int skb_len;
2871
2872 dev_dbg(&dev->interface->dev, "%s\n", __func__);
2873
2874 skb_len = sizeof(cfgitem) + cfgdata_len; /* cfgitem + cfgdata */
2875
2876 skb = pn533_alloc_skb(dev, skb_len);
2877 if (!skb)
2878 return -ENOMEM;
2879
2880 *skb_put(skb, sizeof(cfgitem)) = cfgitem;
2881 memcpy(skb_put(skb, cfgdata_len), cfgdata, cfgdata_len);
2882
2883 resp = pn533_send_cmd_sync(dev, PN533_CMD_RF_CONFIGURATION, skb);
2884 if (IS_ERR(resp))
2885 return PTR_ERR(resp);
2886
2887 dev_kfree_skb(resp);
2888 return 0;
2889}
2890
2891static int pn533_get_firmware_version(struct pn533 *dev,
2892 struct pn533_fw_version *fv)
2893{
2894 struct sk_buff *skb;
2895 struct sk_buff *resp;
2896
2897 skb = pn533_alloc_skb(dev, 0);
2898 if (!skb)
2899 return -ENOMEM;
2900
2901 resp = pn533_send_cmd_sync(dev, PN533_CMD_GET_FIRMWARE_VERSION, skb);
2902 if (IS_ERR(resp))
2903 return PTR_ERR(resp);
2904
2905 fv->ic = resp->data[0];
2906 fv->ver = resp->data[1];
2907 fv->rev = resp->data[2];
2908 fv->support = resp->data[3];
2909
2910 dev_kfree_skb(resp);
2911 return 0;
2912}
2913
2914static int pn533_pasori_fw_reset(struct pn533 *dev)
2915{
2916 struct sk_buff *skb;
2917 struct sk_buff *resp;
2918
2919 dev_dbg(&dev->interface->dev, "%s\n", __func__);
2920
2921 skb = pn533_alloc_skb(dev, sizeof(u8));
2922 if (!skb)
2923 return -ENOMEM;
2924
2925 *skb_put(skb, sizeof(u8)) = 0x1;
2926
2927 resp = pn533_send_cmd_sync(dev, 0x18, skb);
2928 if (IS_ERR(resp))
2929 return PTR_ERR(resp);
2930
2931 dev_kfree_skb(resp);
2932
2933 return 0;
2934}
2935
2936struct pn533_acr122_poweron_rdr_arg {
2937 int rc;
2938 struct completion done;
2939};
2940
2941static void pn533_acr122_poweron_rdr_resp(struct urb *urb)
2942{
2943 struct pn533_acr122_poweron_rdr_arg *arg = urb->context;
2944
2945 dev_dbg(&urb->dev->dev, "%s\n", __func__);
2946
2947 print_hex_dump_debug("ACR122 RX: ", DUMP_PREFIX_NONE, 16, 1,
2948 urb->transfer_buffer, urb->transfer_buffer_length,
2949 false);
2950
2951 arg->rc = urb->status;
2952 complete(&arg->done);
2953}
2954
2955static int pn533_acr122_poweron_rdr(struct pn533 *dev)
2956{
2957 /* Power on th reader (CCID cmd) */
2958 u8 cmd[10] = {PN533_ACR122_PC_TO_RDR_ICCPOWERON,
2959 0, 0, 0, 0, 0, 0, 3, 0, 0};
2960 u8 buf[255];
2961 int rc;
2962 void *cntx;
2963 struct pn533_acr122_poweron_rdr_arg arg;
2964
2965 dev_dbg(&dev->interface->dev, "%s\n", __func__);
2966
2967 init_completion(&arg.done);
2968 cntx = dev->in_urb->context; /* backup context */
2969
2970 dev->in_urb->transfer_buffer = buf;
2971 dev->in_urb->transfer_buffer_length = 255;
2972 dev->in_urb->complete = pn533_acr122_poweron_rdr_resp;
2973 dev->in_urb->context = &arg;
2974
2975 dev->out_urb->transfer_buffer = cmd;
2976 dev->out_urb->transfer_buffer_length = sizeof(cmd);
2977
2978 print_hex_dump_debug("ACR122 TX: ", DUMP_PREFIX_NONE, 16, 1,
2979 cmd, sizeof(cmd), false);
2980
2981 rc = usb_submit_urb(dev->out_urb, GFP_KERNEL);
2982 if (rc) {
2983 nfc_err(&dev->interface->dev,
2984 "Reader power on cmd error %d\n", rc);
2985 return rc;
2986 }
2987
2988 rc = usb_submit_urb(dev->in_urb, GFP_KERNEL);
2989 if (rc) {
2990 nfc_err(&dev->interface->dev,
2991 "Can't submit reader poweron cmd response %d\n", rc);
2992 return rc;
2993 }
2994
2995 wait_for_completion(&arg.done);
2996 dev->in_urb->context = cntx; /* restore context */
2997
2998 return arg.rc;
2999}
3000
3001static int pn533_rf_field(struct nfc_dev *nfc_dev, u8 rf)
3002{
3003 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
3004 u8 rf_field = !!rf;
3005 int rc;
3006
3007 rf_field |= PN533_CFGITEM_RF_FIELD_AUTO_RFCA;
3008
3009 rc = pn533_set_configuration(dev, PN533_CFGITEM_RF_FIELD,
3010 (u8 *)&rf_field, 1);
3011 if (rc) {
3012 nfc_err(&dev->interface->dev, "Error on setting RF field\n");
3013 return rc;
3014 }
3015
3016 return rc;
3017}
3018
3019static int pn533_dev_up(struct nfc_dev *nfc_dev)
3020{
3021 return pn533_rf_field(nfc_dev, 1);
3022}
3023
3024static int pn533_dev_down(struct nfc_dev *nfc_dev)
3025{
3026 return pn533_rf_field(nfc_dev, 0);
3027}
3028
3029static struct nfc_ops pn533_nfc_ops = {
3030 .dev_up = pn533_dev_up,
3031 .dev_down = pn533_dev_down,
3032 .dep_link_up = pn533_dep_link_up,
3033 .dep_link_down = pn533_dep_link_down,
3034 .start_poll = pn533_start_poll,
3035 .stop_poll = pn533_stop_poll,
3036 .activate_target = pn533_activate_target,
3037 .deactivate_target = pn533_deactivate_target,
3038 .im_transceive = pn533_transceive,
3039 .tm_send = pn533_tm_send,
3040};
3041
3042static int pn533_setup(struct pn533 *dev)
3043{
3044 struct pn533_config_max_retries max_retries;
3045 struct pn533_config_timing timing;
3046 u8 pasori_cfg[3] = {0x08, 0x01, 0x08};
3047 int rc;
3048
3049 switch (dev->device_type) {
3050 case PN533_DEVICE_STD:
3051 case PN533_DEVICE_PASORI:
3052 case PN533_DEVICE_ACR122U:
3053 max_retries.mx_rty_atr = 0x2;
3054 max_retries.mx_rty_psl = 0x1;
3055 max_retries.mx_rty_passive_act =
3056 PN533_CONFIG_MAX_RETRIES_NO_RETRY;
3057
3058 timing.rfu = PN533_CONFIG_TIMING_102;
3059 timing.atr_res_timeout = PN533_CONFIG_TIMING_102;
3060 timing.dep_timeout = PN533_CONFIG_TIMING_204;
3061
3062 break;
3063
3064 default:
3065 nfc_err(&dev->interface->dev, "Unknown device type %d\n",
3066 dev->device_type);
3067 return -EINVAL;
3068 }
3069
3070 rc = pn533_set_configuration(dev, PN533_CFGITEM_MAX_RETRIES,
3071 (u8 *)&max_retries, sizeof(max_retries));
3072 if (rc) {
3073 nfc_err(&dev->interface->dev,
3074 "Error on setting MAX_RETRIES config\n");
3075 return rc;
3076 }
3077
3078
3079 rc = pn533_set_configuration(dev, PN533_CFGITEM_TIMING,
3080 (u8 *)&timing, sizeof(timing));
3081 if (rc) {
3082 nfc_err(&dev->interface->dev, "Error on setting RF timings\n");
3083 return rc;
3084 }
3085
3086 switch (dev->device_type) {
3087 case PN533_DEVICE_STD:
3088 break;
3089
3090 case PN533_DEVICE_PASORI:
3091 pn533_pasori_fw_reset(dev);
3092
3093 rc = pn533_set_configuration(dev, PN533_CFGITEM_PASORI,
3094 pasori_cfg, 3);
3095 if (rc) {
3096 nfc_err(&dev->interface->dev,
3097 "Error while settings PASORI config\n");
3098 return rc;
3099 }
3100
3101 pn533_pasori_fw_reset(dev);
3102
3103 break;
3104 }
3105
3106 return 0;
3107}
3108
3109static int pn533_probe(struct usb_interface *interface,
3110 const struct usb_device_id *id)
3111{
3112 struct pn533_fw_version fw_ver;
3113 struct pn533 *dev;
3114 struct usb_host_interface *iface_desc;
3115 struct usb_endpoint_descriptor *endpoint;
3116 int in_endpoint = 0;
3117 int out_endpoint = 0;
3118 int rc = -ENOMEM;
3119 int i;
3120 u32 protocols;
3121
3122 dev = kzalloc(sizeof(*dev), GFP_KERNEL);
3123 if (!dev)
3124 return -ENOMEM;
3125
3126 dev->udev = usb_get_dev(interface_to_usbdev(interface));
3127 dev->interface = interface;
3128 mutex_init(&dev->cmd_lock);
3129
3130 iface_desc = interface->cur_altsetting;
3131 for (i = 0; i < iface_desc->desc.bNumEndpoints; ++i) {
3132 endpoint = &iface_desc->endpoint[i].desc;
3133
3134 if (!in_endpoint && usb_endpoint_is_bulk_in(endpoint))
3135 in_endpoint = endpoint->bEndpointAddress;
3136
3137 if (!out_endpoint && usb_endpoint_is_bulk_out(endpoint))
3138 out_endpoint = endpoint->bEndpointAddress;
3139 }
3140
3141 if (!in_endpoint || !out_endpoint) {
3142 nfc_err(&interface->dev,
3143 "Could not find bulk-in or bulk-out endpoint\n");
3144 rc = -ENODEV;
3145 goto error;
3146 }
3147
3148 dev->in_urb = usb_alloc_urb(0, GFP_KERNEL);
3149 dev->out_urb = usb_alloc_urb(0, GFP_KERNEL);
3150
3151 if (!dev->in_urb || !dev->out_urb)
3152 goto error;
3153
3154 usb_fill_bulk_urb(dev->in_urb, dev->udev,
3155 usb_rcvbulkpipe(dev->udev, in_endpoint),
3156 NULL, 0, NULL, dev);
3157 usb_fill_bulk_urb(dev->out_urb, dev->udev,
3158 usb_sndbulkpipe(dev->udev, out_endpoint),
3159 NULL, 0, pn533_send_complete, dev);
3160
3161 INIT_WORK(&dev->cmd_work, pn533_wq_cmd);
3162 INIT_WORK(&dev->cmd_complete_work, pn533_wq_cmd_complete);
3163 INIT_WORK(&dev->mi_rx_work, pn533_wq_mi_recv);
3164 INIT_WORK(&dev->mi_tx_work, pn533_wq_mi_send);
3165 INIT_WORK(&dev->tg_work, pn533_wq_tg_get_data);
3166 INIT_WORK(&dev->mi_tm_rx_work, pn533_wq_tm_mi_recv);
3167 INIT_WORK(&dev->mi_tm_tx_work, pn533_wq_tm_mi_send);
3168 INIT_DELAYED_WORK(&dev->poll_work, pn533_wq_poll);
3169 INIT_WORK(&dev->rf_work, pn533_wq_rf);
3170 dev->wq = alloc_ordered_workqueue("pn533", 0);
3171 if (dev->wq == NULL)
3172 goto error;
3173
3174 init_timer(&dev->listen_timer);
3175 dev->listen_timer.data = (unsigned long) dev;
3176 dev->listen_timer.function = pn533_listen_mode_timer;
3177
3178 skb_queue_head_init(&dev->resp_q);
3179 skb_queue_head_init(&dev->fragment_skb);
3180
3181 INIT_LIST_HEAD(&dev->cmd_queue);
3182
3183 usb_set_intfdata(interface, dev);
3184
3185 dev->ops = &pn533_std_frame_ops;
3186
3187 dev->protocol_type = PN533_PROTO_REQ_ACK_RESP;
3188 dev->device_type = id->driver_info;
3189 switch (dev->device_type) {
3190 case PN533_DEVICE_STD:
3191 protocols = PN533_ALL_PROTOCOLS;
3192 break;
3193
3194 case PN533_DEVICE_PASORI:
3195 protocols = PN533_NO_TYPE_B_PROTOCOLS;
3196 break;
3197
3198 case PN533_DEVICE_ACR122U:
3199 protocols = PN533_NO_TYPE_B_PROTOCOLS;
3200 dev->ops = &pn533_acr122_frame_ops;
3201 dev->protocol_type = PN533_PROTO_REQ_RESP,
3202
3203 rc = pn533_acr122_poweron_rdr(dev);
3204 if (rc < 0) {
3205 nfc_err(&dev->interface->dev,
3206 "Couldn't poweron the reader (error %d)\n", rc);
3207 goto destroy_wq;
3208 }
3209 break;
3210
3211 default:
3212 nfc_err(&dev->interface->dev, "Unknown device type %d\n",
3213 dev->device_type);
3214 rc = -EINVAL;
3215 goto destroy_wq;
3216 }
3217
3218 memset(&fw_ver, 0, sizeof(fw_ver));
3219 rc = pn533_get_firmware_version(dev, &fw_ver);
3220 if (rc < 0)
3221 goto destroy_wq;
3222
3223 nfc_info(&dev->interface->dev,
3224 "NXP PN5%02X firmware ver %d.%d now attached\n",
3225 fw_ver.ic, fw_ver.ver, fw_ver.rev);
3226
3227
3228 dev->nfc_dev = nfc_allocate_device(&pn533_nfc_ops, protocols,
3229 dev->ops->tx_header_len +
3230 PN533_CMD_DATAEXCH_HEAD_LEN,
3231 dev->ops->tx_tail_len);
3232 if (!dev->nfc_dev) {
3233 rc = -ENOMEM;
3234 goto destroy_wq;
3235 }
3236
3237 nfc_set_parent_dev(dev->nfc_dev, &interface->dev);
3238 nfc_set_drvdata(dev->nfc_dev, dev);
3239
3240 rc = nfc_register_device(dev->nfc_dev);
3241 if (rc)
3242 goto free_nfc_dev;
3243
3244 rc = pn533_setup(dev);
3245 if (rc)
3246 goto unregister_nfc_dev;
3247
3248 return 0;
3249
3250unregister_nfc_dev:
3251 nfc_unregister_device(dev->nfc_dev);
3252
3253free_nfc_dev:
3254 nfc_free_device(dev->nfc_dev);
3255
3256destroy_wq:
3257 destroy_workqueue(dev->wq);
3258error:
3259 usb_free_urb(dev->in_urb);
3260 usb_free_urb(dev->out_urb);
3261 usb_put_dev(dev->udev);
3262 kfree(dev);
3263 return rc;
3264}
3265
3266static void pn533_disconnect(struct usb_interface *interface)
3267{
3268 struct pn533 *dev;
3269 struct pn533_cmd *cmd, *n;
3270
3271 dev = usb_get_intfdata(interface);
3272 usb_set_intfdata(interface, NULL);
3273
3274 nfc_unregister_device(dev->nfc_dev);
3275 nfc_free_device(dev->nfc_dev);
3276
3277 usb_kill_urb(dev->in_urb);
3278 usb_kill_urb(dev->out_urb);
3279
3280 flush_delayed_work(&dev->poll_work);
3281 destroy_workqueue(dev->wq);
3282
3283 skb_queue_purge(&dev->resp_q);
3284
3285 del_timer(&dev->listen_timer);
3286
3287 list_for_each_entry_safe(cmd, n, &dev->cmd_queue, queue) {
3288 list_del(&cmd->queue);
3289 kfree(cmd);
3290 }
3291
3292 usb_free_urb(dev->in_urb);
3293 usb_free_urb(dev->out_urb);
3294 kfree(dev);
3295
3296 nfc_info(&interface->dev, "NXP PN533 NFC device disconnected\n");
3297}
3298
3299static struct usb_driver pn533_driver = {
3300 .name = "pn533",
3301 .probe = pn533_probe,
3302 .disconnect = pn533_disconnect,
3303 .id_table = pn533_table,
3304};
3305
3306module_usb_driver(pn533_driver);
3307
3308MODULE_AUTHOR("Lauro Ramos Venancio <lauro.venancio@openbossa.org>");
3309MODULE_AUTHOR("Aloisio Almeida Jr <aloisio.almeida@openbossa.org>");
3310MODULE_AUTHOR("Waldemar Rymarkiewicz <waldemar.rymarkiewicz@tieto.com>");
3311MODULE_DESCRIPTION("PN533 usb driver ver " VERSION);
3312MODULE_VERSION(VERSION);
3313MODULE_LICENSE("GPL");