1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24#include <linux/device.h>
25#include <linux/kernel.h>
26#include <linux/module.h>
27#include <linux/slab.h>
28#include <linux/usb.h>
29#include <linux/nfc.h>
30#include <linux/netdevice.h>
31#include <net/nfc/nfc.h>
32
33#define VERSION "0.1"
34
35#define PN533_VENDOR_ID 0x4CC
36#define PN533_PRODUCT_ID 0x2533
37
38#define SCM_VENDOR_ID 0x4E6
39#define SCL3711_PRODUCT_ID 0x5591
40
41#define SONY_VENDOR_ID 0x054c
42#define PASORI_PRODUCT_ID 0x02e1
43
44#define PN533_QUIRKS_TYPE_A BIT(0)
45#define PN533_QUIRKS_TYPE_F BIT(1)
46#define PN533_QUIRKS_DEP BIT(2)
47#define PN533_QUIRKS_RAW_EXCHANGE BIT(3)
48
49#define PN533_DEVICE_STD 0x1
50#define PN533_DEVICE_PASORI 0x2
51
52#define PN533_ALL_PROTOCOLS (NFC_PROTO_JEWEL_MASK | NFC_PROTO_MIFARE_MASK |\
53 NFC_PROTO_FELICA_MASK | NFC_PROTO_ISO14443_MASK |\
54 NFC_PROTO_NFC_DEP_MASK |\
55 NFC_PROTO_ISO14443_B_MASK)
56
57#define PN533_NO_TYPE_B_PROTOCOLS (NFC_PROTO_JEWEL_MASK | \
58 NFC_PROTO_MIFARE_MASK | \
59 NFC_PROTO_FELICA_MASK | \
60 NFC_PROTO_ISO14443_MASK | \
61 NFC_PROTO_NFC_DEP_MASK)
62
63static const struct usb_device_id pn533_table[] = {
64 { .match_flags = USB_DEVICE_ID_MATCH_DEVICE,
65 .idVendor = PN533_VENDOR_ID,
66 .idProduct = PN533_PRODUCT_ID,
67 .driver_info = PN533_DEVICE_STD,
68 },
69 { .match_flags = USB_DEVICE_ID_MATCH_DEVICE,
70 .idVendor = SCM_VENDOR_ID,
71 .idProduct = SCL3711_PRODUCT_ID,
72 .driver_info = PN533_DEVICE_STD,
73 },
74 { .match_flags = USB_DEVICE_ID_MATCH_DEVICE,
75 .idVendor = SONY_VENDOR_ID,
76 .idProduct = PASORI_PRODUCT_ID,
77 .driver_info = PN533_DEVICE_PASORI,
78 },
79 { }
80};
81MODULE_DEVICE_TABLE(usb, pn533_table);
82
83
84#define PN533_LISTEN_TIME 2
85
86
87#define PN533_NORMAL_FRAME_MAX_LEN 262
88
89
90
91#define PN533_FRAME_TAIL_SIZE 2
92#define PN533_FRAME_SIZE(f) (sizeof(struct pn533_frame) + f->datalen + \
93 PN533_FRAME_TAIL_SIZE)
94#define PN533_FRAME_ACK_SIZE (sizeof(struct pn533_frame) + 1)
95#define PN533_FRAME_CHECKSUM(f) (f->data[f->datalen])
96#define PN533_FRAME_POSTAMBLE(f) (f->data[f->datalen + 1])
97
98
99#define PN533_SOF 0x00FF
100
101
102#define PN533_FRAME_IDENTIFIER(f) (f->data[0])
103#define PN533_DIR_OUT 0xD4
104#define PN533_DIR_IN 0xD5
105
106
107#define PN533_FRAME_CMD(f) (f->data[1])
108#define PN533_FRAME_CMD_PARAMS_PTR(f) (&f->data[2])
109#define PN533_FRAME_CMD_PARAMS_LEN(f) (f->datalen - 2)
110
111#define PN533_CMD_GET_FIRMWARE_VERSION 0x02
112#define PN533_CMD_RF_CONFIGURATION 0x32
113#define PN533_CMD_IN_DATA_EXCHANGE 0x40
114#define PN533_CMD_IN_COMM_THRU 0x42
115#define PN533_CMD_IN_LIST_PASSIVE_TARGET 0x4A
116#define PN533_CMD_IN_ATR 0x50
117#define PN533_CMD_IN_RELEASE 0x52
118#define PN533_CMD_IN_JUMP_FOR_DEP 0x56
119
120#define PN533_CMD_TG_INIT_AS_TARGET 0x8c
121#define PN533_CMD_TG_GET_DATA 0x86
122#define PN533_CMD_TG_SET_DATA 0x8e
123
124#define PN533_CMD_RESPONSE(cmd) (cmd + 1)
125
126
127#define PN533_CMD_RET_MASK 0x3F
128#define PN533_CMD_MI_MASK 0x40
129#define PN533_CMD_RET_SUCCESS 0x00
130
131
132#define PN533_STATUS_TARGET_RELEASED 0x29
133
134struct pn533;
135
136typedef int (*pn533_cmd_complete_t) (struct pn533 *dev, void *arg,
137 u8 *params, int params_len);
138
139
140
141
142struct pn533_fw_version {
143 u8 ic;
144 u8 ver;
145 u8 rev;
146 u8 support;
147};
148
149
150#define PN533_CFGITEM_TIMING 0x02
151#define PN533_CFGITEM_MAX_RETRIES 0x05
152#define PN533_CFGITEM_PASORI 0x82
153
154#define PN533_CONFIG_TIMING_102 0xb
155#define PN533_CONFIG_TIMING_204 0xc
156#define PN533_CONFIG_TIMING_409 0xd
157#define PN533_CONFIG_TIMING_819 0xe
158
159#define PN533_CONFIG_MAX_RETRIES_NO_RETRY 0x00
160#define PN533_CONFIG_MAX_RETRIES_ENDLESS 0xFF
161
162struct pn533_config_max_retries {
163 u8 mx_rty_atr;
164 u8 mx_rty_psl;
165 u8 mx_rty_passive_act;
166} __packed;
167
168struct pn533_config_timing {
169 u8 rfu;
170 u8 atr_res_timeout;
171 u8 dep_timeout;
172} __packed;
173
174
175
176
177#define PN533_FELICA_OPC_SENSF_REQ 0
178#define PN533_FELICA_OPC_SENSF_RES 1
179
180#define PN533_FELICA_SENSF_SC_ALL 0xFFFF
181#define PN533_FELICA_SENSF_RC_NO_SYSTEM_CODE 0
182#define PN533_FELICA_SENSF_RC_SYSTEM_CODE 1
183#define PN533_FELICA_SENSF_RC_ADVANCED_PROTOCOL 2
184
185
186#define PN533_TYPE_B_AFI_ALL_FAMILIES 0
187#define PN533_TYPE_B_POLL_METHOD_TIMESLOT 0
188#define PN533_TYPE_B_POLL_METHOD_PROBABILISTIC 1
189
190union pn533_cmd_poll_initdata {
191 struct {
192 u8 afi;
193 u8 polling_method;
194 } __packed type_b;
195 struct {
196 u8 opcode;
197 __be16 sc;
198 u8 rc;
199 u8 tsn;
200 } __packed felica;
201};
202
203
204enum {
205 PN533_POLL_MOD_106KBPS_A,
206 PN533_POLL_MOD_212KBPS_FELICA,
207 PN533_POLL_MOD_424KBPS_FELICA,
208 PN533_POLL_MOD_106KBPS_JEWEL,
209 PN533_POLL_MOD_847KBPS_B,
210 PN533_LISTEN_MOD,
211
212 __PN533_POLL_MOD_AFTER_LAST,
213};
214#define PN533_POLL_MOD_MAX (__PN533_POLL_MOD_AFTER_LAST - 1)
215
216struct pn533_poll_modulations {
217 struct {
218 u8 maxtg;
219 u8 brty;
220 union pn533_cmd_poll_initdata initiator_data;
221 } __packed data;
222 u8 len;
223};
224
225const struct pn533_poll_modulations poll_mod[] = {
226 [PN533_POLL_MOD_106KBPS_A] = {
227 .data = {
228 .maxtg = 1,
229 .brty = 0,
230 },
231 .len = 2,
232 },
233 [PN533_POLL_MOD_212KBPS_FELICA] = {
234 .data = {
235 .maxtg = 1,
236 .brty = 1,
237 .initiator_data.felica = {
238 .opcode = PN533_FELICA_OPC_SENSF_REQ,
239 .sc = PN533_FELICA_SENSF_SC_ALL,
240 .rc = PN533_FELICA_SENSF_RC_NO_SYSTEM_CODE,
241 .tsn = 0,
242 },
243 },
244 .len = 7,
245 },
246 [PN533_POLL_MOD_424KBPS_FELICA] = {
247 .data = {
248 .maxtg = 1,
249 .brty = 2,
250 .initiator_data.felica = {
251 .opcode = PN533_FELICA_OPC_SENSF_REQ,
252 .sc = PN533_FELICA_SENSF_SC_ALL,
253 .rc = PN533_FELICA_SENSF_RC_NO_SYSTEM_CODE,
254 .tsn = 0,
255 },
256 },
257 .len = 7,
258 },
259 [PN533_POLL_MOD_106KBPS_JEWEL] = {
260 .data = {
261 .maxtg = 1,
262 .brty = 4,
263 },
264 .len = 2,
265 },
266 [PN533_POLL_MOD_847KBPS_B] = {
267 .data = {
268 .maxtg = 1,
269 .brty = 8,
270 .initiator_data.type_b = {
271 .afi = PN533_TYPE_B_AFI_ALL_FAMILIES,
272 .polling_method =
273 PN533_TYPE_B_POLL_METHOD_TIMESLOT,
274 },
275 },
276 .len = 3,
277 },
278 [PN533_LISTEN_MOD] = {
279 .len = 0,
280 },
281};
282
283
284
285struct pn533_cmd_activate_param {
286 u8 tg;
287 u8 next;
288} __packed;
289
290struct pn533_cmd_activate_response {
291 u8 status;
292 u8 nfcid3t[10];
293 u8 didt;
294 u8 bst;
295 u8 brt;
296 u8 to;
297 u8 ppt;
298
299 u8 gt[];
300} __packed;
301
302
303struct pn533_cmd_jump_dep {
304 u8 active;
305 u8 baud;
306 u8 next;
307 u8 data[];
308} __packed;
309
310struct pn533_cmd_jump_dep_response {
311 u8 status;
312 u8 tg;
313 u8 nfcid3t[10];
314 u8 didt;
315 u8 bst;
316 u8 brt;
317 u8 to;
318 u8 ppt;
319
320 u8 gt[];
321} __packed;
322
323
324
325#define PN533_INIT_TARGET_PASSIVE 0x1
326#define PN533_INIT_TARGET_DEP 0x2
327
328#define PN533_INIT_TARGET_RESP_FRAME_MASK 0x3
329#define PN533_INIT_TARGET_RESP_ACTIVE 0x1
330#define PN533_INIT_TARGET_RESP_DEP 0x4
331
332struct pn533_cmd_init_target {
333 u8 mode;
334 u8 mifare[6];
335 u8 felica[18];
336 u8 nfcid3[10];
337 u8 gb_len;
338 u8 gb[];
339} __packed;
340
341struct pn533_cmd_init_target_response {
342 u8 mode;
343 u8 cmd[];
344} __packed;
345
346struct pn533 {
347 struct usb_device *udev;
348 struct usb_interface *interface;
349 struct nfc_dev *nfc_dev;
350
351 struct urb *out_urb;
352 int out_maxlen;
353 struct pn533_frame *out_frame;
354
355 struct urb *in_urb;
356 int in_maxlen;
357 struct pn533_frame *in_frame;
358
359 struct sk_buff_head resp_q;
360
361 struct workqueue_struct *wq;
362 struct work_struct cmd_work;
363 struct work_struct cmd_complete_work;
364 struct work_struct poll_work;
365 struct work_struct mi_work;
366 struct work_struct tg_work;
367 struct timer_list listen_timer;
368 struct pn533_frame *wq_in_frame;
369 int wq_in_error;
370 int cancel_listen;
371
372 pn533_cmd_complete_t cmd_complete;
373 void *cmd_complete_arg;
374 struct mutex cmd_lock;
375 u8 cmd;
376
377 struct pn533_poll_modulations *poll_mod_active[PN533_POLL_MOD_MAX + 1];
378 u8 poll_mod_count;
379 u8 poll_mod_curr;
380 u32 poll_protocols;
381 u32 listen_protocols;
382
383 u8 *gb;
384 size_t gb_len;
385
386 u8 tgt_available_prots;
387 u8 tgt_active_prot;
388 u8 tgt_mode;
389
390 u32 device_type;
391
392 struct list_head cmd_queue;
393 u8 cmd_pending;
394};
395
396struct pn533_cmd {
397 struct list_head queue;
398 struct pn533_frame *out_frame;
399 struct pn533_frame *in_frame;
400 int in_frame_len;
401 pn533_cmd_complete_t cmd_complete;
402 void *arg;
403 gfp_t flags;
404};
405
406struct pn533_frame {
407 u8 preamble;
408 __be16 start_frame;
409 u8 datalen;
410 u8 datalen_checksum;
411 u8 data[];
412} __packed;
413
414
415static inline u8 pn533_checksum(u8 value)
416{
417 return ~value + 1;
418}
419
420
421static u8 pn533_data_checksum(u8 *data, int datalen)
422{
423 u8 sum = 0;
424 int i;
425
426 for (i = 0; i < datalen; i++)
427 sum += data[i];
428
429 return pn533_checksum(sum);
430}
431
432
433
434
435
436
437
438
439
440
441
442static void pn533_tx_frame_ack(struct pn533_frame *frame)
443{
444 frame->preamble = 0;
445 frame->start_frame = cpu_to_be16(PN533_SOF);
446 frame->datalen = 0;
447 frame->datalen_checksum = 0xFF;
448
449 frame->data[0] = 0;
450}
451
452static void pn533_tx_frame_init(struct pn533_frame *frame, u8 cmd)
453{
454 frame->preamble = 0;
455 frame->start_frame = cpu_to_be16(PN533_SOF);
456 PN533_FRAME_IDENTIFIER(frame) = PN533_DIR_OUT;
457 PN533_FRAME_CMD(frame) = cmd;
458 frame->datalen = 2;
459}
460
461static void pn533_tx_frame_finish(struct pn533_frame *frame)
462{
463 frame->datalen_checksum = pn533_checksum(frame->datalen);
464
465 PN533_FRAME_CHECKSUM(frame) =
466 pn533_data_checksum(frame->data, frame->datalen);
467
468 PN533_FRAME_POSTAMBLE(frame) = 0;
469}
470
471static bool pn533_rx_frame_is_valid(struct pn533_frame *frame)
472{
473 u8 checksum;
474
475 if (frame->start_frame != cpu_to_be16(PN533_SOF))
476 return false;
477
478 checksum = pn533_checksum(frame->datalen);
479 if (checksum != frame->datalen_checksum)
480 return false;
481
482 checksum = pn533_data_checksum(frame->data, frame->datalen);
483 if (checksum != PN533_FRAME_CHECKSUM(frame))
484 return false;
485
486 return true;
487}
488
489static bool pn533_rx_frame_is_ack(struct pn533_frame *frame)
490{
491 if (frame->start_frame != cpu_to_be16(PN533_SOF))
492 return false;
493
494 if (frame->datalen != 0 || frame->datalen_checksum != 0xFF)
495 return false;
496
497 return true;
498}
499
500static bool pn533_rx_frame_is_cmd_response(struct pn533_frame *frame, u8 cmd)
501{
502 return (PN533_FRAME_CMD(frame) == PN533_CMD_RESPONSE(cmd));
503}
504
505
506static void pn533_wq_cmd_complete(struct work_struct *work)
507{
508 struct pn533 *dev = container_of(work, struct pn533, cmd_complete_work);
509 struct pn533_frame *in_frame;
510 int rc;
511
512 in_frame = dev->wq_in_frame;
513
514 if (dev->wq_in_error)
515 rc = dev->cmd_complete(dev, dev->cmd_complete_arg, NULL,
516 dev->wq_in_error);
517 else
518 rc = dev->cmd_complete(dev, dev->cmd_complete_arg,
519 PN533_FRAME_CMD_PARAMS_PTR(in_frame),
520 PN533_FRAME_CMD_PARAMS_LEN(in_frame));
521
522 if (rc != -EINPROGRESS)
523 queue_work(dev->wq, &dev->cmd_work);
524}
525
526static void pn533_recv_response(struct urb *urb)
527{
528 struct pn533 *dev = urb->context;
529 struct pn533_frame *in_frame;
530
531 dev->wq_in_frame = NULL;
532
533 switch (urb->status) {
534 case 0:
535
536 break;
537 case -ECONNRESET:
538 case -ENOENT:
539 case -ESHUTDOWN:
540 nfc_dev_dbg(&dev->interface->dev, "Urb shutting down with"
541 " status: %d", urb->status);
542 dev->wq_in_error = urb->status;
543 goto sched_wq;
544 default:
545 nfc_dev_err(&dev->interface->dev, "Nonzero urb status received:"
546 " %d", urb->status);
547 dev->wq_in_error = urb->status;
548 goto sched_wq;
549 }
550
551 in_frame = dev->in_urb->transfer_buffer;
552
553 if (!pn533_rx_frame_is_valid(in_frame)) {
554 nfc_dev_err(&dev->interface->dev, "Received an invalid frame");
555 dev->wq_in_error = -EIO;
556 goto sched_wq;
557 }
558
559 if (!pn533_rx_frame_is_cmd_response(in_frame, dev->cmd)) {
560 nfc_dev_err(&dev->interface->dev, "The received frame is not "
561 "response to the last command");
562 dev->wq_in_error = -EIO;
563 goto sched_wq;
564 }
565
566 nfc_dev_dbg(&dev->interface->dev, "Received a valid frame");
567 dev->wq_in_error = 0;
568 dev->wq_in_frame = in_frame;
569
570sched_wq:
571 queue_work(dev->wq, &dev->cmd_complete_work);
572}
573
574static int pn533_submit_urb_for_response(struct pn533 *dev, gfp_t flags)
575{
576 dev->in_urb->complete = pn533_recv_response;
577
578 return usb_submit_urb(dev->in_urb, flags);
579}
580
581static void pn533_recv_ack(struct urb *urb)
582{
583 struct pn533 *dev = urb->context;
584 struct pn533_frame *in_frame;
585 int rc;
586
587 switch (urb->status) {
588 case 0:
589
590 break;
591 case -ECONNRESET:
592 case -ENOENT:
593 case -ESHUTDOWN:
594 nfc_dev_dbg(&dev->interface->dev, "Urb shutting down with"
595 " status: %d", urb->status);
596 dev->wq_in_error = urb->status;
597 goto sched_wq;
598 default:
599 nfc_dev_err(&dev->interface->dev, "Nonzero urb status received:"
600 " %d", urb->status);
601 dev->wq_in_error = urb->status;
602 goto sched_wq;
603 }
604
605 in_frame = dev->in_urb->transfer_buffer;
606
607 if (!pn533_rx_frame_is_ack(in_frame)) {
608 nfc_dev_err(&dev->interface->dev, "Received an invalid ack");
609 dev->wq_in_error = -EIO;
610 goto sched_wq;
611 }
612
613 nfc_dev_dbg(&dev->interface->dev, "Received a valid ack");
614
615 rc = pn533_submit_urb_for_response(dev, GFP_ATOMIC);
616 if (rc) {
617 nfc_dev_err(&dev->interface->dev, "usb_submit_urb failed with"
618 " result %d", rc);
619 dev->wq_in_error = rc;
620 goto sched_wq;
621 }
622
623 return;
624
625sched_wq:
626 dev->wq_in_frame = NULL;
627 queue_work(dev->wq, &dev->cmd_complete_work);
628}
629
630static int pn533_submit_urb_for_ack(struct pn533 *dev, gfp_t flags)
631{
632 dev->in_urb->complete = pn533_recv_ack;
633
634 return usb_submit_urb(dev->in_urb, flags);
635}
636
637static int pn533_send_ack(struct pn533 *dev, gfp_t flags)
638{
639 int rc;
640
641 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
642
643 pn533_tx_frame_ack(dev->out_frame);
644
645 dev->out_urb->transfer_buffer = dev->out_frame;
646 dev->out_urb->transfer_buffer_length = PN533_FRAME_ACK_SIZE;
647 rc = usb_submit_urb(dev->out_urb, flags);
648
649 return rc;
650}
651
652static int __pn533_send_cmd_frame_async(struct pn533 *dev,
653 struct pn533_frame *out_frame,
654 struct pn533_frame *in_frame,
655 int in_frame_len,
656 pn533_cmd_complete_t cmd_complete,
657 void *arg, gfp_t flags)
658{
659 int rc;
660
661 nfc_dev_dbg(&dev->interface->dev, "Sending command 0x%x",
662 PN533_FRAME_CMD(out_frame));
663
664 dev->cmd = PN533_FRAME_CMD(out_frame);
665 dev->cmd_complete = cmd_complete;
666 dev->cmd_complete_arg = arg;
667
668 dev->out_urb->transfer_buffer = out_frame;
669 dev->out_urb->transfer_buffer_length =
670 PN533_FRAME_SIZE(out_frame);
671
672 dev->in_urb->transfer_buffer = in_frame;
673 dev->in_urb->transfer_buffer_length = in_frame_len;
674
675 rc = usb_submit_urb(dev->out_urb, flags);
676 if (rc)
677 return rc;
678
679 rc = pn533_submit_urb_for_ack(dev, flags);
680 if (rc)
681 goto error;
682
683 return 0;
684
685error:
686 usb_unlink_urb(dev->out_urb);
687 return rc;
688}
689
690static void pn533_wq_cmd(struct work_struct *work)
691{
692 struct pn533 *dev = container_of(work, struct pn533, cmd_work);
693 struct pn533_cmd *cmd;
694
695 mutex_lock(&dev->cmd_lock);
696
697 if (list_empty(&dev->cmd_queue)) {
698 dev->cmd_pending = 0;
699 mutex_unlock(&dev->cmd_lock);
700 return;
701 }
702
703 cmd = list_first_entry(&dev->cmd_queue, struct pn533_cmd, queue);
704
705 list_del(&cmd->queue);
706
707 mutex_unlock(&dev->cmd_lock);
708
709 __pn533_send_cmd_frame_async(dev, cmd->out_frame, cmd->in_frame,
710 cmd->in_frame_len, cmd->cmd_complete,
711 cmd->arg, cmd->flags);
712
713 kfree(cmd);
714}
715
716static int pn533_send_cmd_frame_async(struct pn533 *dev,
717 struct pn533_frame *out_frame,
718 struct pn533_frame *in_frame,
719 int in_frame_len,
720 pn533_cmd_complete_t cmd_complete,
721 void *arg, gfp_t flags)
722{
723 struct pn533_cmd *cmd;
724 int rc = 0;
725
726 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
727
728 mutex_lock(&dev->cmd_lock);
729
730 if (!dev->cmd_pending) {
731 rc = __pn533_send_cmd_frame_async(dev, out_frame, in_frame,
732 in_frame_len, cmd_complete,
733 arg, flags);
734 if (!rc)
735 dev->cmd_pending = 1;
736
737 goto unlock;
738 }
739
740 nfc_dev_dbg(&dev->interface->dev, "%s Queueing command", __func__);
741
742 cmd = kzalloc(sizeof(struct pn533_cmd), flags);
743 if (!cmd) {
744 rc = -ENOMEM;
745 goto unlock;
746 }
747
748 INIT_LIST_HEAD(&cmd->queue);
749 cmd->out_frame = out_frame;
750 cmd->in_frame = in_frame;
751 cmd->in_frame_len = in_frame_len;
752 cmd->cmd_complete = cmd_complete;
753 cmd->arg = arg;
754 cmd->flags = flags;
755
756 list_add_tail(&cmd->queue, &dev->cmd_queue);
757
758unlock:
759 mutex_unlock(&dev->cmd_lock);
760
761 return rc;
762}
763
764struct pn533_sync_cmd_response {
765 int rc;
766 struct completion done;
767};
768
769static int pn533_sync_cmd_complete(struct pn533 *dev, void *_arg,
770 u8 *params, int params_len)
771{
772 struct pn533_sync_cmd_response *arg = _arg;
773
774 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
775
776 arg->rc = 0;
777
778 if (params_len < 0)
779 arg->rc = params_len;
780
781 complete(&arg->done);
782
783 return 0;
784}
785
786static int pn533_send_cmd_frame_sync(struct pn533 *dev,
787 struct pn533_frame *out_frame,
788 struct pn533_frame *in_frame,
789 int in_frame_len)
790{
791 int rc;
792 struct pn533_sync_cmd_response arg;
793
794 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
795
796 init_completion(&arg.done);
797
798 rc = pn533_send_cmd_frame_async(dev, out_frame, in_frame, in_frame_len,
799 pn533_sync_cmd_complete, &arg, GFP_KERNEL);
800 if (rc)
801 return rc;
802
803 wait_for_completion(&arg.done);
804
805 return arg.rc;
806}
807
808static void pn533_send_complete(struct urb *urb)
809{
810 struct pn533 *dev = urb->context;
811
812 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
813
814 switch (urb->status) {
815 case 0:
816
817 break;
818 case -ECONNRESET:
819 case -ENOENT:
820 case -ESHUTDOWN:
821 nfc_dev_dbg(&dev->interface->dev, "Urb shutting down with"
822 " status: %d", urb->status);
823 break;
824 default:
825 nfc_dev_dbg(&dev->interface->dev, "Nonzero urb status received:"
826 " %d", urb->status);
827 }
828}
829
830struct pn533_target_type_a {
831 __be16 sens_res;
832 u8 sel_res;
833 u8 nfcid_len;
834 u8 nfcid_data[];
835} __packed;
836
837
838#define PN533_TYPE_A_SENS_RES_NFCID1(x) ((u8)((be16_to_cpu(x) & 0x00C0) >> 6))
839#define PN533_TYPE_A_SENS_RES_SSD(x) ((u8)((be16_to_cpu(x) & 0x001F) >> 0))
840#define PN533_TYPE_A_SENS_RES_PLATCONF(x) ((u8)((be16_to_cpu(x) & 0x0F00) >> 8))
841
842#define PN533_TYPE_A_SENS_RES_SSD_JEWEL 0x00
843#define PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL 0x0C
844
845#define PN533_TYPE_A_SEL_PROT(x) (((x) & 0x60) >> 5)
846#define PN533_TYPE_A_SEL_CASCADE(x) (((x) & 0x04) >> 2)
847
848#define PN533_TYPE_A_SEL_PROT_MIFARE 0
849#define PN533_TYPE_A_SEL_PROT_ISO14443 1
850#define PN533_TYPE_A_SEL_PROT_DEP 2
851#define PN533_TYPE_A_SEL_PROT_ISO14443_DEP 3
852
853static bool pn533_target_type_a_is_valid(struct pn533_target_type_a *type_a,
854 int target_data_len)
855{
856 u8 ssd;
857 u8 platconf;
858
859 if (target_data_len < sizeof(struct pn533_target_type_a))
860 return false;
861
862
863
864
865
866 ssd = PN533_TYPE_A_SENS_RES_SSD(type_a->sens_res);
867 platconf = PN533_TYPE_A_SENS_RES_PLATCONF(type_a->sens_res);
868
869 if ((ssd == PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
870 platconf != PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL) ||
871 (ssd != PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
872 platconf == PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL))
873 return false;
874
875
876 if (PN533_TYPE_A_SEL_CASCADE(type_a->sel_res) != 0)
877 return false;
878
879 return true;
880}
881
882static int pn533_target_found_type_a(struct nfc_target *nfc_tgt, u8 *tgt_data,
883 int tgt_data_len)
884{
885 struct pn533_target_type_a *tgt_type_a;
886
887 tgt_type_a = (struct pn533_target_type_a *) tgt_data;
888
889 if (!pn533_target_type_a_is_valid(tgt_type_a, tgt_data_len))
890 return -EPROTO;
891
892 switch (PN533_TYPE_A_SEL_PROT(tgt_type_a->sel_res)) {
893 case PN533_TYPE_A_SEL_PROT_MIFARE:
894 nfc_tgt->supported_protocols = NFC_PROTO_MIFARE_MASK;
895 break;
896 case PN533_TYPE_A_SEL_PROT_ISO14443:
897 nfc_tgt->supported_protocols = NFC_PROTO_ISO14443_MASK;
898 break;
899 case PN533_TYPE_A_SEL_PROT_DEP:
900 nfc_tgt->supported_protocols = NFC_PROTO_NFC_DEP_MASK;
901 break;
902 case PN533_TYPE_A_SEL_PROT_ISO14443_DEP:
903 nfc_tgt->supported_protocols = NFC_PROTO_ISO14443_MASK |
904 NFC_PROTO_NFC_DEP_MASK;
905 break;
906 }
907
908 nfc_tgt->sens_res = be16_to_cpu(tgt_type_a->sens_res);
909 nfc_tgt->sel_res = tgt_type_a->sel_res;
910 nfc_tgt->nfcid1_len = tgt_type_a->nfcid_len;
911 memcpy(nfc_tgt->nfcid1, tgt_type_a->nfcid_data, nfc_tgt->nfcid1_len);
912
913 return 0;
914}
915
916struct pn533_target_felica {
917 u8 pol_res;
918 u8 opcode;
919 u8 nfcid2[8];
920 u8 pad[8];
921
922 u8 syst_code[];
923} __packed;
924
925#define PN533_FELICA_SENSF_NFCID2_DEP_B1 0x01
926#define PN533_FELICA_SENSF_NFCID2_DEP_B2 0xFE
927
928static bool pn533_target_felica_is_valid(struct pn533_target_felica *felica,
929 int target_data_len)
930{
931 if (target_data_len < sizeof(struct pn533_target_felica))
932 return false;
933
934 if (felica->opcode != PN533_FELICA_OPC_SENSF_RES)
935 return false;
936
937 return true;
938}
939
940static int pn533_target_found_felica(struct nfc_target *nfc_tgt, u8 *tgt_data,
941 int tgt_data_len)
942{
943 struct pn533_target_felica *tgt_felica;
944
945 tgt_felica = (struct pn533_target_felica *) tgt_data;
946
947 if (!pn533_target_felica_is_valid(tgt_felica, tgt_data_len))
948 return -EPROTO;
949
950 if (tgt_felica->nfcid2[0] == PN533_FELICA_SENSF_NFCID2_DEP_B1 &&
951 tgt_felica->nfcid2[1] ==
952 PN533_FELICA_SENSF_NFCID2_DEP_B2)
953 nfc_tgt->supported_protocols = NFC_PROTO_NFC_DEP_MASK;
954 else
955 nfc_tgt->supported_protocols = NFC_PROTO_FELICA_MASK;
956
957 memcpy(nfc_tgt->sensf_res, &tgt_felica->opcode, 9);
958 nfc_tgt->sensf_res_len = 9;
959
960 return 0;
961}
962
963struct pn533_target_jewel {
964 __be16 sens_res;
965 u8 jewelid[4];
966} __packed;
967
968static bool pn533_target_jewel_is_valid(struct pn533_target_jewel *jewel,
969 int target_data_len)
970{
971 u8 ssd;
972 u8 platconf;
973
974 if (target_data_len < sizeof(struct pn533_target_jewel))
975 return false;
976
977
978 ssd = PN533_TYPE_A_SENS_RES_SSD(jewel->sens_res);
979 platconf = PN533_TYPE_A_SENS_RES_PLATCONF(jewel->sens_res);
980
981 if ((ssd == PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
982 platconf != PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL) ||
983 (ssd != PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
984 platconf == PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL))
985 return false;
986
987 return true;
988}
989
990static int pn533_target_found_jewel(struct nfc_target *nfc_tgt, u8 *tgt_data,
991 int tgt_data_len)
992{
993 struct pn533_target_jewel *tgt_jewel;
994
995 tgt_jewel = (struct pn533_target_jewel *) tgt_data;
996
997 if (!pn533_target_jewel_is_valid(tgt_jewel, tgt_data_len))
998 return -EPROTO;
999
1000 nfc_tgt->supported_protocols = NFC_PROTO_JEWEL_MASK;
1001 nfc_tgt->sens_res = be16_to_cpu(tgt_jewel->sens_res);
1002 nfc_tgt->nfcid1_len = 4;
1003 memcpy(nfc_tgt->nfcid1, tgt_jewel->jewelid, nfc_tgt->nfcid1_len);
1004
1005 return 0;
1006}
1007
1008struct pn533_type_b_prot_info {
1009 u8 bitrate;
1010 u8 fsci_type;
1011 u8 fwi_adc_fo;
1012} __packed;
1013
1014#define PN533_TYPE_B_PROT_FCSI(x) (((x) & 0xF0) >> 4)
1015#define PN533_TYPE_B_PROT_TYPE(x) (((x) & 0x0F) >> 0)
1016#define PN533_TYPE_B_PROT_TYPE_RFU_MASK 0x8
1017
1018struct pn533_type_b_sens_res {
1019 u8 opcode;
1020 u8 nfcid[4];
1021 u8 appdata[4];
1022 struct pn533_type_b_prot_info prot_info;
1023} __packed;
1024
1025#define PN533_TYPE_B_OPC_SENSB_RES 0x50
1026
1027struct pn533_target_type_b {
1028 struct pn533_type_b_sens_res sensb_res;
1029 u8 attrib_res_len;
1030 u8 attrib_res[];
1031} __packed;
1032
1033static bool pn533_target_type_b_is_valid(struct pn533_target_type_b *type_b,
1034 int target_data_len)
1035{
1036 if (target_data_len < sizeof(struct pn533_target_type_b))
1037 return false;
1038
1039 if (type_b->sensb_res.opcode != PN533_TYPE_B_OPC_SENSB_RES)
1040 return false;
1041
1042 if (PN533_TYPE_B_PROT_TYPE(type_b->sensb_res.prot_info.fsci_type) &
1043 PN533_TYPE_B_PROT_TYPE_RFU_MASK)
1044 return false;
1045
1046 return true;
1047}
1048
1049static int pn533_target_found_type_b(struct nfc_target *nfc_tgt, u8 *tgt_data,
1050 int tgt_data_len)
1051{
1052 struct pn533_target_type_b *tgt_type_b;
1053
1054 tgt_type_b = (struct pn533_target_type_b *) tgt_data;
1055
1056 if (!pn533_target_type_b_is_valid(tgt_type_b, tgt_data_len))
1057 return -EPROTO;
1058
1059 nfc_tgt->supported_protocols = NFC_PROTO_ISO14443_B_MASK;
1060
1061 return 0;
1062}
1063
1064struct pn533_poll_response {
1065 u8 nbtg;
1066 u8 tg;
1067 u8 target_data[];
1068} __packed;
1069
1070static int pn533_target_found(struct pn533 *dev,
1071 struct pn533_poll_response *resp, int resp_len)
1072{
1073 int target_data_len;
1074 struct nfc_target nfc_tgt;
1075 int rc;
1076
1077 nfc_dev_dbg(&dev->interface->dev, "%s - modulation=%d", __func__,
1078 dev->poll_mod_curr);
1079
1080 if (resp->tg != 1)
1081 return -EPROTO;
1082
1083 memset(&nfc_tgt, 0, sizeof(struct nfc_target));
1084
1085 target_data_len = resp_len - sizeof(struct pn533_poll_response);
1086
1087 switch (dev->poll_mod_curr) {
1088 case PN533_POLL_MOD_106KBPS_A:
1089 rc = pn533_target_found_type_a(&nfc_tgt, resp->target_data,
1090 target_data_len);
1091 break;
1092 case PN533_POLL_MOD_212KBPS_FELICA:
1093 case PN533_POLL_MOD_424KBPS_FELICA:
1094 rc = pn533_target_found_felica(&nfc_tgt, resp->target_data,
1095 target_data_len);
1096 break;
1097 case PN533_POLL_MOD_106KBPS_JEWEL:
1098 rc = pn533_target_found_jewel(&nfc_tgt, resp->target_data,
1099 target_data_len);
1100 break;
1101 case PN533_POLL_MOD_847KBPS_B:
1102 rc = pn533_target_found_type_b(&nfc_tgt, resp->target_data,
1103 target_data_len);
1104 break;
1105 default:
1106 nfc_dev_err(&dev->interface->dev, "Unknown current poll"
1107 " modulation");
1108 return -EPROTO;
1109 }
1110
1111 if (rc)
1112 return rc;
1113
1114 if (!(nfc_tgt.supported_protocols & dev->poll_protocols)) {
1115 nfc_dev_dbg(&dev->interface->dev, "The target found does not"
1116 " have the desired protocol");
1117 return -EAGAIN;
1118 }
1119
1120 nfc_dev_dbg(&dev->interface->dev, "Target found - supported protocols: "
1121 "0x%x", nfc_tgt.supported_protocols);
1122
1123 dev->tgt_available_prots = nfc_tgt.supported_protocols;
1124
1125 nfc_targets_found(dev->nfc_dev, &nfc_tgt, 1);
1126
1127 return 0;
1128}
1129
1130static inline void pn533_poll_next_mod(struct pn533 *dev)
1131{
1132 dev->poll_mod_curr = (dev->poll_mod_curr + 1) % dev->poll_mod_count;
1133}
1134
1135static void pn533_poll_reset_mod_list(struct pn533 *dev)
1136{
1137 dev->poll_mod_count = 0;
1138}
1139
1140static void pn533_poll_add_mod(struct pn533 *dev, u8 mod_index)
1141{
1142 dev->poll_mod_active[dev->poll_mod_count] =
1143 (struct pn533_poll_modulations *) &poll_mod[mod_index];
1144 dev->poll_mod_count++;
1145}
1146
1147static void pn533_poll_create_mod_list(struct pn533 *dev,
1148 u32 im_protocols, u32 tm_protocols)
1149{
1150 pn533_poll_reset_mod_list(dev);
1151
1152 if (im_protocols & NFC_PROTO_MIFARE_MASK
1153 || im_protocols & NFC_PROTO_ISO14443_MASK
1154 || im_protocols & NFC_PROTO_NFC_DEP_MASK)
1155 pn533_poll_add_mod(dev, PN533_POLL_MOD_106KBPS_A);
1156
1157 if (im_protocols & NFC_PROTO_FELICA_MASK
1158 || im_protocols & NFC_PROTO_NFC_DEP_MASK) {
1159 pn533_poll_add_mod(dev, PN533_POLL_MOD_212KBPS_FELICA);
1160 pn533_poll_add_mod(dev, PN533_POLL_MOD_424KBPS_FELICA);
1161 }
1162
1163 if (im_protocols & NFC_PROTO_JEWEL_MASK)
1164 pn533_poll_add_mod(dev, PN533_POLL_MOD_106KBPS_JEWEL);
1165
1166 if (im_protocols & NFC_PROTO_ISO14443_B_MASK)
1167 pn533_poll_add_mod(dev, PN533_POLL_MOD_847KBPS_B);
1168
1169 if (tm_protocols)
1170 pn533_poll_add_mod(dev, PN533_LISTEN_MOD);
1171}
1172
1173static int pn533_start_poll_complete(struct pn533 *dev, u8 *params, int params_len)
1174{
1175 struct pn533_poll_response *resp;
1176 int rc;
1177
1178 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1179
1180 resp = (struct pn533_poll_response *) params;
1181 if (resp->nbtg) {
1182 rc = pn533_target_found(dev, resp, params_len);
1183
1184
1185 if (rc == 0) {
1186 pn533_poll_reset_mod_list(dev);
1187 return 0;
1188 }
1189 }
1190
1191 return -EAGAIN;
1192}
1193
1194static int pn533_init_target_frame(struct pn533_frame *frame,
1195 u8 *gb, size_t gb_len)
1196{
1197 struct pn533_cmd_init_target *cmd;
1198 size_t cmd_len;
1199 u8 felica_params[18] = {0x1, 0xfe,
1200 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
1201 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
1202 0xff, 0xff};
1203 u8 mifare_params[6] = {0x1, 0x1,
1204 0x0, 0x0, 0x0,
1205 0x40};
1206
1207 cmd_len = sizeof(struct pn533_cmd_init_target) + gb_len + 1;
1208 cmd = kzalloc(cmd_len, GFP_KERNEL);
1209 if (cmd == NULL)
1210 return -ENOMEM;
1211
1212 pn533_tx_frame_init(frame, PN533_CMD_TG_INIT_AS_TARGET);
1213
1214
1215 cmd->mode |= PN533_INIT_TARGET_DEP;
1216
1217
1218 memcpy(cmd->felica, felica_params, 18);
1219 get_random_bytes(cmd->felica + 2, 6);
1220
1221
1222 memset(cmd->nfcid3, 0, 10);
1223 memcpy(cmd->nfcid3, cmd->felica, 8);
1224
1225
1226 memcpy(cmd->mifare, mifare_params, 6);
1227
1228
1229 cmd->gb_len = gb_len;
1230 memcpy(cmd->gb, gb, gb_len);
1231
1232
1233 cmd->gb[gb_len] = 0;
1234
1235 memcpy(PN533_FRAME_CMD_PARAMS_PTR(frame), cmd, cmd_len);
1236
1237 frame->datalen += cmd_len;
1238
1239 pn533_tx_frame_finish(frame);
1240
1241 kfree(cmd);
1242
1243 return 0;
1244}
1245
1246#define PN533_CMD_DATAEXCH_HEAD_LEN (sizeof(struct pn533_frame) + 3)
1247#define PN533_CMD_DATAEXCH_DATA_MAXLEN 262
1248static int pn533_tm_get_data_complete(struct pn533 *dev, void *arg,
1249 u8 *params, int params_len)
1250{
1251 struct sk_buff *skb_resp = arg;
1252 struct pn533_frame *in_frame = (struct pn533_frame *) skb_resp->data;
1253
1254 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1255
1256 if (params_len < 0) {
1257 nfc_dev_err(&dev->interface->dev,
1258 "Error %d when starting as a target",
1259 params_len);
1260
1261 return params_len;
1262 }
1263
1264 if (params_len > 0 && params[0] != 0) {
1265 nfc_tm_deactivated(dev->nfc_dev);
1266
1267 dev->tgt_mode = 0;
1268
1269 kfree_skb(skb_resp);
1270 return 0;
1271 }
1272
1273 skb_put(skb_resp, PN533_FRAME_SIZE(in_frame));
1274 skb_pull(skb_resp, PN533_CMD_DATAEXCH_HEAD_LEN);
1275 skb_trim(skb_resp, skb_resp->len - PN533_FRAME_TAIL_SIZE);
1276
1277 return nfc_tm_data_received(dev->nfc_dev, skb_resp);
1278}
1279
1280static void pn533_wq_tg_get_data(struct work_struct *work)
1281{
1282 struct pn533 *dev = container_of(work, struct pn533, tg_work);
1283 struct pn533_frame *in_frame;
1284 struct sk_buff *skb_resp;
1285 size_t skb_resp_len;
1286
1287 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1288
1289 skb_resp_len = PN533_CMD_DATAEXCH_HEAD_LEN +
1290 PN533_CMD_DATAEXCH_DATA_MAXLEN +
1291 PN533_FRAME_TAIL_SIZE;
1292
1293 skb_resp = nfc_alloc_recv_skb(skb_resp_len, GFP_KERNEL);
1294 if (!skb_resp)
1295 return;
1296
1297 in_frame = (struct pn533_frame *)skb_resp->data;
1298
1299 pn533_tx_frame_init(dev->out_frame, PN533_CMD_TG_GET_DATA);
1300 pn533_tx_frame_finish(dev->out_frame);
1301
1302 pn533_send_cmd_frame_async(dev, dev->out_frame, in_frame,
1303 skb_resp_len,
1304 pn533_tm_get_data_complete,
1305 skb_resp, GFP_KERNEL);
1306
1307 return;
1308}
1309
1310#define ATR_REQ_GB_OFFSET 17
1311static int pn533_init_target_complete(struct pn533 *dev, u8 *params, int params_len)
1312{
1313 struct pn533_cmd_init_target_response *resp;
1314 u8 frame, comm_mode = NFC_COMM_PASSIVE, *gb;
1315 size_t gb_len;
1316 int rc;
1317
1318 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1319
1320 if (params_len < 0) {
1321 nfc_dev_err(&dev->interface->dev,
1322 "Error %d when starting as a target",
1323 params_len);
1324
1325 return params_len;
1326 }
1327
1328 if (params_len < ATR_REQ_GB_OFFSET + 1)
1329 return -EINVAL;
1330
1331 resp = (struct pn533_cmd_init_target_response *) params;
1332
1333 nfc_dev_dbg(&dev->interface->dev, "Target mode 0x%x param len %d\n",
1334 resp->mode, params_len);
1335
1336 frame = resp->mode & PN533_INIT_TARGET_RESP_FRAME_MASK;
1337 if (frame == PN533_INIT_TARGET_RESP_ACTIVE)
1338 comm_mode = NFC_COMM_ACTIVE;
1339
1340
1341 if ((resp->mode & PN533_INIT_TARGET_RESP_DEP) == 0)
1342 return -EOPNOTSUPP;
1343
1344 gb = resp->cmd + ATR_REQ_GB_OFFSET;
1345 gb_len = params_len - (ATR_REQ_GB_OFFSET + 1);
1346
1347 rc = nfc_tm_activated(dev->nfc_dev, NFC_PROTO_NFC_DEP_MASK,
1348 comm_mode, gb, gb_len);
1349 if (rc < 0) {
1350 nfc_dev_err(&dev->interface->dev,
1351 "Error when signaling target activation");
1352 return rc;
1353 }
1354
1355 dev->tgt_mode = 1;
1356
1357 queue_work(dev->wq, &dev->tg_work);
1358
1359 return 0;
1360}
1361
1362static void pn533_listen_mode_timer(unsigned long data)
1363{
1364 struct pn533 *dev = (struct pn533 *) data;
1365
1366 nfc_dev_dbg(&dev->interface->dev, "Listen mode timeout");
1367
1368
1369 pn533_send_ack(dev, GFP_ATOMIC);
1370
1371 dev->cancel_listen = 1;
1372
1373 pn533_poll_next_mod(dev);
1374
1375 queue_work(dev->wq, &dev->poll_work);
1376}
1377
1378static int pn533_poll_complete(struct pn533 *dev, void *arg,
1379 u8 *params, int params_len)
1380{
1381 struct pn533_poll_modulations *cur_mod;
1382 int rc;
1383
1384 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1385
1386 if (params_len == -ENOENT) {
1387 if (dev->poll_mod_count != 0)
1388 return 0;
1389
1390 nfc_dev_err(&dev->interface->dev,
1391 "Polling operation has been stopped");
1392
1393 goto stop_poll;
1394 }
1395
1396 if (params_len < 0) {
1397 nfc_dev_err(&dev->interface->dev,
1398 "Error %d when running poll", params_len);
1399
1400 goto stop_poll;
1401 }
1402
1403 cur_mod = dev->poll_mod_active[dev->poll_mod_curr];
1404
1405 if (cur_mod->len == 0) {
1406 del_timer(&dev->listen_timer);
1407
1408 return pn533_init_target_complete(dev, params, params_len);
1409 } else {
1410 rc = pn533_start_poll_complete(dev, params, params_len);
1411 if (!rc)
1412 return rc;
1413 }
1414
1415 pn533_poll_next_mod(dev);
1416
1417 queue_work(dev->wq, &dev->poll_work);
1418
1419 return 0;
1420
1421stop_poll:
1422 pn533_poll_reset_mod_list(dev);
1423 dev->poll_protocols = 0;
1424 return 0;
1425}
1426
1427static void pn533_build_poll_frame(struct pn533 *dev,
1428 struct pn533_frame *frame,
1429 struct pn533_poll_modulations *mod)
1430{
1431 nfc_dev_dbg(&dev->interface->dev, "mod len %d\n", mod->len);
1432
1433 if (mod->len == 0) {
1434
1435 pn533_init_target_frame(frame, dev->gb, dev->gb_len);
1436 } else {
1437
1438 pn533_tx_frame_init(frame, PN533_CMD_IN_LIST_PASSIVE_TARGET);
1439
1440 memcpy(PN533_FRAME_CMD_PARAMS_PTR(frame), &mod->data, mod->len);
1441 frame->datalen += mod->len;
1442
1443 pn533_tx_frame_finish(frame);
1444 }
1445}
1446
1447static int pn533_send_poll_frame(struct pn533 *dev)
1448{
1449 struct pn533_poll_modulations *cur_mod;
1450 int rc;
1451
1452 cur_mod = dev->poll_mod_active[dev->poll_mod_curr];
1453
1454 pn533_build_poll_frame(dev, dev->out_frame, cur_mod);
1455
1456 rc = pn533_send_cmd_frame_async(dev, dev->out_frame, dev->in_frame,
1457 dev->in_maxlen, pn533_poll_complete,
1458 NULL, GFP_KERNEL);
1459 if (rc)
1460 nfc_dev_err(&dev->interface->dev, "Polling loop error %d", rc);
1461
1462 return rc;
1463}
1464
1465static void pn533_wq_poll(struct work_struct *work)
1466{
1467 struct pn533 *dev = container_of(work, struct pn533, poll_work);
1468 struct pn533_poll_modulations *cur_mod;
1469 int rc;
1470
1471 cur_mod = dev->poll_mod_active[dev->poll_mod_curr];
1472
1473 nfc_dev_dbg(&dev->interface->dev,
1474 "%s cancel_listen %d modulation len %d",
1475 __func__, dev->cancel_listen, cur_mod->len);
1476
1477 if (dev->cancel_listen == 1) {
1478 dev->cancel_listen = 0;
1479 usb_kill_urb(dev->in_urb);
1480 }
1481
1482 rc = pn533_send_poll_frame(dev);
1483 if (rc)
1484 return;
1485
1486 if (cur_mod->len == 0 && dev->poll_mod_count > 1)
1487 mod_timer(&dev->listen_timer, jiffies + PN533_LISTEN_TIME * HZ);
1488
1489 return;
1490}
1491
1492static int pn533_start_poll(struct nfc_dev *nfc_dev,
1493 u32 im_protocols, u32 tm_protocols)
1494{
1495 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1496
1497 nfc_dev_dbg(&dev->interface->dev,
1498 "%s: im protocols 0x%x tm protocols 0x%x",
1499 __func__, im_protocols, tm_protocols);
1500
1501 if (dev->tgt_active_prot) {
1502 nfc_dev_err(&dev->interface->dev,
1503 "Cannot poll with a target already activated");
1504 return -EBUSY;
1505 }
1506
1507 if (dev->tgt_mode) {
1508 nfc_dev_err(&dev->interface->dev,
1509 "Cannot poll while already being activated");
1510 return -EBUSY;
1511 }
1512
1513 if (tm_protocols) {
1514 dev->gb = nfc_get_local_general_bytes(nfc_dev, &dev->gb_len);
1515 if (dev->gb == NULL)
1516 tm_protocols = 0;
1517 }
1518
1519 dev->poll_mod_curr = 0;
1520 pn533_poll_create_mod_list(dev, im_protocols, tm_protocols);
1521 dev->poll_protocols = im_protocols;
1522 dev->listen_protocols = tm_protocols;
1523
1524 return pn533_send_poll_frame(dev);
1525}
1526
1527static void pn533_stop_poll(struct nfc_dev *nfc_dev)
1528{
1529 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1530
1531 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1532
1533 del_timer(&dev->listen_timer);
1534
1535 if (!dev->poll_mod_count) {
1536 nfc_dev_dbg(&dev->interface->dev, "Polling operation was not"
1537 " running");
1538 return;
1539 }
1540
1541
1542 pn533_send_ack(dev, GFP_KERNEL);
1543
1544
1545 usb_kill_urb(dev->in_urb);
1546
1547 pn533_poll_reset_mod_list(dev);
1548}
1549
1550static int pn533_activate_target_nfcdep(struct pn533 *dev)
1551{
1552 struct pn533_cmd_activate_param param;
1553 struct pn533_cmd_activate_response *resp;
1554 u16 gt_len;
1555 int rc;
1556
1557 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1558
1559 pn533_tx_frame_init(dev->out_frame, PN533_CMD_IN_ATR);
1560
1561 param.tg = 1;
1562 param.next = 0;
1563 memcpy(PN533_FRAME_CMD_PARAMS_PTR(dev->out_frame), ¶m,
1564 sizeof(struct pn533_cmd_activate_param));
1565 dev->out_frame->datalen += sizeof(struct pn533_cmd_activate_param);
1566
1567 pn533_tx_frame_finish(dev->out_frame);
1568
1569 rc = pn533_send_cmd_frame_sync(dev, dev->out_frame, dev->in_frame,
1570 dev->in_maxlen);
1571 if (rc)
1572 return rc;
1573
1574 resp = (struct pn533_cmd_activate_response *)
1575 PN533_FRAME_CMD_PARAMS_PTR(dev->in_frame);
1576 rc = resp->status & PN533_CMD_RET_MASK;
1577 if (rc != PN533_CMD_RET_SUCCESS)
1578 return -EIO;
1579
1580
1581 gt_len = PN533_FRAME_CMD_PARAMS_LEN(dev->in_frame) - 16;
1582 rc = nfc_set_remote_general_bytes(dev->nfc_dev, resp->gt, gt_len);
1583
1584 return rc;
1585}
1586
1587static int pn533_activate_target(struct nfc_dev *nfc_dev,
1588 struct nfc_target *target, u32 protocol)
1589{
1590 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1591 int rc;
1592
1593 nfc_dev_dbg(&dev->interface->dev, "%s - protocol=%u", __func__,
1594 protocol);
1595
1596 if (dev->poll_mod_count) {
1597 nfc_dev_err(&dev->interface->dev, "Cannot activate while"
1598 " polling");
1599 return -EBUSY;
1600 }
1601
1602 if (dev->tgt_active_prot) {
1603 nfc_dev_err(&dev->interface->dev, "There is already an active"
1604 " target");
1605 return -EBUSY;
1606 }
1607
1608 if (!dev->tgt_available_prots) {
1609 nfc_dev_err(&dev->interface->dev, "There is no available target"
1610 " to activate");
1611 return -EINVAL;
1612 }
1613
1614 if (!(dev->tgt_available_prots & (1 << protocol))) {
1615 nfc_dev_err(&dev->interface->dev, "The target does not support"
1616 " the requested protocol %u", protocol);
1617 return -EINVAL;
1618 }
1619
1620 if (protocol == NFC_PROTO_NFC_DEP) {
1621 rc = pn533_activate_target_nfcdep(dev);
1622 if (rc) {
1623 nfc_dev_err(&dev->interface->dev, "Error %d when"
1624 " activating target with"
1625 " NFC_DEP protocol", rc);
1626 return rc;
1627 }
1628 }
1629
1630 dev->tgt_active_prot = protocol;
1631 dev->tgt_available_prots = 0;
1632
1633 return 0;
1634}
1635
1636static void pn533_deactivate_target(struct nfc_dev *nfc_dev,
1637 struct nfc_target *target)
1638{
1639 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1640 u8 tg;
1641 u8 status;
1642 int rc;
1643
1644 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1645
1646 if (!dev->tgt_active_prot) {
1647 nfc_dev_err(&dev->interface->dev, "There is no active target");
1648 return;
1649 }
1650
1651 dev->tgt_active_prot = 0;
1652
1653 skb_queue_purge(&dev->resp_q);
1654
1655 pn533_tx_frame_init(dev->out_frame, PN533_CMD_IN_RELEASE);
1656
1657 tg = 1;
1658 memcpy(PN533_FRAME_CMD_PARAMS_PTR(dev->out_frame), &tg, sizeof(u8));
1659 dev->out_frame->datalen += sizeof(u8);
1660
1661 pn533_tx_frame_finish(dev->out_frame);
1662
1663 rc = pn533_send_cmd_frame_sync(dev, dev->out_frame, dev->in_frame,
1664 dev->in_maxlen);
1665 if (rc) {
1666 nfc_dev_err(&dev->interface->dev, "Error when sending release"
1667 " command to the controller");
1668 return;
1669 }
1670
1671 status = PN533_FRAME_CMD_PARAMS_PTR(dev->in_frame)[0];
1672 rc = status & PN533_CMD_RET_MASK;
1673 if (rc != PN533_CMD_RET_SUCCESS)
1674 nfc_dev_err(&dev->interface->dev, "Error 0x%x when releasing"
1675 " the target", rc);
1676
1677 return;
1678}
1679
1680
1681static int pn533_in_dep_link_up_complete(struct pn533 *dev, void *arg,
1682 u8 *params, int params_len)
1683{
1684 struct pn533_cmd_jump_dep_response *resp;
1685 struct nfc_target nfc_target;
1686 u8 target_gt_len;
1687 int rc;
1688 struct pn533_cmd_jump_dep *cmd = (struct pn533_cmd_jump_dep *)arg;
1689 u8 active = cmd->active;
1690
1691 kfree(arg);
1692
1693 if (params_len == -ENOENT) {
1694 nfc_dev_dbg(&dev->interface->dev, "");
1695 return 0;
1696 }
1697
1698 if (params_len < 0) {
1699 nfc_dev_err(&dev->interface->dev,
1700 "Error %d when bringing DEP link up",
1701 params_len);
1702 return 0;
1703 }
1704
1705 if (dev->tgt_available_prots &&
1706 !(dev->tgt_available_prots & (1 << NFC_PROTO_NFC_DEP))) {
1707 nfc_dev_err(&dev->interface->dev,
1708 "The target does not support DEP");
1709 return -EINVAL;
1710 }
1711
1712 resp = (struct pn533_cmd_jump_dep_response *) params;
1713 rc = resp->status & PN533_CMD_RET_MASK;
1714 if (rc != PN533_CMD_RET_SUCCESS) {
1715 nfc_dev_err(&dev->interface->dev,
1716 "Bringing DEP link up failed %d", rc);
1717 return 0;
1718 }
1719
1720 if (!dev->tgt_available_prots) {
1721 nfc_dev_dbg(&dev->interface->dev, "Creating new target");
1722
1723 nfc_target.supported_protocols = NFC_PROTO_NFC_DEP_MASK;
1724 nfc_target.nfcid1_len = 10;
1725 memcpy(nfc_target.nfcid1, resp->nfcid3t, nfc_target.nfcid1_len);
1726 rc = nfc_targets_found(dev->nfc_dev, &nfc_target, 1);
1727 if (rc)
1728 return 0;
1729
1730 dev->tgt_available_prots = 0;
1731 }
1732
1733 dev->tgt_active_prot = NFC_PROTO_NFC_DEP;
1734
1735
1736 target_gt_len = PN533_FRAME_CMD_PARAMS_LEN(dev->in_frame) - 17;
1737 rc = nfc_set_remote_general_bytes(dev->nfc_dev,
1738 resp->gt, target_gt_len);
1739 if (rc == 0)
1740 rc = nfc_dep_link_is_up(dev->nfc_dev,
1741 dev->nfc_dev->targets[0].idx,
1742 !active, NFC_RF_INITIATOR);
1743
1744 return 0;
1745}
1746
1747static int pn533_mod_to_baud(struct pn533 *dev)
1748{
1749 switch (dev->poll_mod_curr) {
1750 case PN533_POLL_MOD_106KBPS_A:
1751 return 0;
1752 case PN533_POLL_MOD_212KBPS_FELICA:
1753 return 1;
1754 case PN533_POLL_MOD_424KBPS_FELICA:
1755 return 2;
1756 default:
1757 return -EINVAL;
1758 }
1759}
1760
1761#define PASSIVE_DATA_LEN 5
1762static int pn533_dep_link_up(struct nfc_dev *nfc_dev, struct nfc_target *target,
1763 u8 comm_mode, u8* gb, size_t gb_len)
1764{
1765 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1766 struct pn533_cmd_jump_dep *cmd;
1767 u8 cmd_len, *data_ptr;
1768 u8 passive_data[PASSIVE_DATA_LEN] = {0x00, 0xff, 0xff, 0x00, 0x3};
1769 int rc, baud;
1770
1771 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1772
1773 if (dev->poll_mod_count) {
1774 nfc_dev_err(&dev->interface->dev,
1775 "Cannot bring the DEP link up while polling");
1776 return -EBUSY;
1777 }
1778
1779 if (dev->tgt_active_prot) {
1780 nfc_dev_err(&dev->interface->dev,
1781 "There is already an active target");
1782 return -EBUSY;
1783 }
1784
1785 baud = pn533_mod_to_baud(dev);
1786 if (baud < 0) {
1787 nfc_dev_err(&dev->interface->dev,
1788 "Invalid curr modulation %d", dev->poll_mod_curr);
1789 return baud;
1790 }
1791
1792 cmd_len = sizeof(struct pn533_cmd_jump_dep) + gb_len;
1793 if (comm_mode == NFC_COMM_PASSIVE)
1794 cmd_len += PASSIVE_DATA_LEN;
1795
1796 cmd = kzalloc(cmd_len, GFP_KERNEL);
1797 if (cmd == NULL)
1798 return -ENOMEM;
1799
1800 pn533_tx_frame_init(dev->out_frame, PN533_CMD_IN_JUMP_FOR_DEP);
1801
1802 cmd->active = !comm_mode;
1803 cmd->next = 0;
1804 cmd->baud = baud;
1805 data_ptr = cmd->data;
1806 if (comm_mode == NFC_COMM_PASSIVE && cmd->baud > 0) {
1807 memcpy(data_ptr, passive_data, PASSIVE_DATA_LEN);
1808 cmd->next |= 1;
1809 data_ptr += PASSIVE_DATA_LEN;
1810 }
1811
1812 if (gb != NULL && gb_len > 0) {
1813 cmd->next |= 4;
1814 memcpy(data_ptr, gb, gb_len);
1815 } else {
1816 cmd->next = 0;
1817 }
1818
1819 memcpy(PN533_FRAME_CMD_PARAMS_PTR(dev->out_frame), cmd, cmd_len);
1820 dev->out_frame->datalen += cmd_len;
1821
1822 pn533_tx_frame_finish(dev->out_frame);
1823
1824 rc = pn533_send_cmd_frame_async(dev, dev->out_frame, dev->in_frame,
1825 dev->in_maxlen, pn533_in_dep_link_up_complete,
1826 cmd, GFP_KERNEL);
1827 if (rc < 0)
1828 kfree(cmd);
1829
1830 return rc;
1831}
1832
1833static int pn533_dep_link_down(struct nfc_dev *nfc_dev)
1834{
1835 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1836
1837 pn533_poll_reset_mod_list(dev);
1838
1839 if (dev->tgt_mode || dev->tgt_active_prot) {
1840 pn533_send_ack(dev, GFP_KERNEL);
1841 usb_kill_urb(dev->in_urb);
1842 }
1843
1844 dev->tgt_active_prot = 0;
1845 dev->tgt_mode = 0;
1846
1847 skb_queue_purge(&dev->resp_q);
1848
1849 return 0;
1850}
1851
1852static int pn533_build_tx_frame(struct pn533 *dev, struct sk_buff *skb,
1853 bool target)
1854{
1855 int payload_len = skb->len;
1856 struct pn533_frame *out_frame;
1857 u8 tg;
1858
1859 nfc_dev_dbg(&dev->interface->dev, "%s - Sending %d bytes", __func__,
1860 payload_len);
1861
1862 if (payload_len > PN533_CMD_DATAEXCH_DATA_MAXLEN) {
1863
1864 nfc_dev_err(&dev->interface->dev, "Data length greater than the"
1865 " max allowed: %d",
1866 PN533_CMD_DATAEXCH_DATA_MAXLEN);
1867 return -ENOSYS;
1868 }
1869
1870 if (target == true) {
1871 switch (dev->device_type) {
1872 case PN533_DEVICE_PASORI:
1873 if (dev->tgt_active_prot == NFC_PROTO_FELICA) {
1874 skb_push(skb, PN533_CMD_DATAEXCH_HEAD_LEN - 1);
1875 out_frame = (struct pn533_frame *) skb->data;
1876 pn533_tx_frame_init(out_frame,
1877 PN533_CMD_IN_COMM_THRU);
1878
1879 break;
1880 }
1881
1882 default:
1883 skb_push(skb, PN533_CMD_DATAEXCH_HEAD_LEN);
1884 out_frame = (struct pn533_frame *) skb->data;
1885 pn533_tx_frame_init(out_frame,
1886 PN533_CMD_IN_DATA_EXCHANGE);
1887 tg = 1;
1888 memcpy(PN533_FRAME_CMD_PARAMS_PTR(out_frame),
1889 &tg, sizeof(u8));
1890 out_frame->datalen += sizeof(u8);
1891
1892 break;
1893 }
1894
1895 } else {
1896 skb_push(skb, PN533_CMD_DATAEXCH_HEAD_LEN - 1);
1897 out_frame = (struct pn533_frame *) skb->data;
1898 pn533_tx_frame_init(out_frame, PN533_CMD_TG_SET_DATA);
1899 }
1900
1901
1902
1903 out_frame->datalen += payload_len;
1904
1905 pn533_tx_frame_finish(out_frame);
1906 skb_put(skb, PN533_FRAME_TAIL_SIZE);
1907
1908 return 0;
1909}
1910
1911struct pn533_data_exchange_arg {
1912 struct sk_buff *skb_resp;
1913 struct sk_buff *skb_out;
1914 data_exchange_cb_t cb;
1915 void *cb_context;
1916};
1917
1918static struct sk_buff *pn533_build_response(struct pn533 *dev)
1919{
1920 struct sk_buff *skb, *tmp, *t;
1921 unsigned int skb_len = 0, tmp_len = 0;
1922
1923 nfc_dev_dbg(&dev->interface->dev, "%s\n", __func__);
1924
1925 if (skb_queue_empty(&dev->resp_q))
1926 return NULL;
1927
1928 if (skb_queue_len(&dev->resp_q) == 1) {
1929 skb = skb_dequeue(&dev->resp_q);
1930 goto out;
1931 }
1932
1933 skb_queue_walk_safe(&dev->resp_q, tmp, t)
1934 skb_len += tmp->len;
1935
1936 nfc_dev_dbg(&dev->interface->dev, "%s total length %d\n",
1937 __func__, skb_len);
1938
1939 skb = alloc_skb(skb_len, GFP_KERNEL);
1940 if (skb == NULL)
1941 goto out;
1942
1943 skb_put(skb, skb_len);
1944
1945 skb_queue_walk_safe(&dev->resp_q, tmp, t) {
1946 memcpy(skb->data + tmp_len, tmp->data, tmp->len);
1947 tmp_len += tmp->len;
1948 }
1949
1950out:
1951 skb_queue_purge(&dev->resp_q);
1952
1953 return skb;
1954}
1955
1956static int pn533_data_exchange_complete(struct pn533 *dev, void *_arg,
1957 u8 *params, int params_len)
1958{
1959 struct pn533_data_exchange_arg *arg = _arg;
1960 struct sk_buff *skb = NULL, *skb_resp = arg->skb_resp;
1961 struct pn533_frame *in_frame = (struct pn533_frame *) skb_resp->data;
1962 int err = 0;
1963 u8 status;
1964 u8 cmd_ret;
1965
1966 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1967
1968 dev_kfree_skb(arg->skb_out);
1969
1970 if (params_len < 0) {
1971 err = params_len;
1972 goto error;
1973 }
1974
1975 status = params[0];
1976
1977 cmd_ret = status & PN533_CMD_RET_MASK;
1978 if (cmd_ret != PN533_CMD_RET_SUCCESS) {
1979 nfc_dev_err(&dev->interface->dev, "PN533 reported error %d when"
1980 " exchanging data", cmd_ret);
1981 err = -EIO;
1982 goto error;
1983 }
1984
1985 skb_put(skb_resp, PN533_FRAME_SIZE(in_frame));
1986 skb_pull(skb_resp, PN533_CMD_DATAEXCH_HEAD_LEN);
1987 skb_trim(skb_resp, skb_resp->len - PN533_FRAME_TAIL_SIZE);
1988 skb_queue_tail(&dev->resp_q, skb_resp);
1989
1990 if (status & PN533_CMD_MI_MASK) {
1991 queue_work(dev->wq, &dev->mi_work);
1992 return -EINPROGRESS;
1993 }
1994
1995 skb = pn533_build_response(dev);
1996 if (skb == NULL)
1997 goto error;
1998
1999 arg->cb(arg->cb_context, skb, 0);
2000 kfree(arg);
2001 return 0;
2002
2003error:
2004 skb_queue_purge(&dev->resp_q);
2005 dev_kfree_skb(skb_resp);
2006 arg->cb(arg->cb_context, NULL, err);
2007 kfree(arg);
2008 return 0;
2009}
2010
2011static int pn533_transceive(struct nfc_dev *nfc_dev,
2012 struct nfc_target *target, struct sk_buff *skb,
2013 data_exchange_cb_t cb, void *cb_context)
2014{
2015 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
2016 struct pn533_frame *out_frame, *in_frame;
2017 struct pn533_data_exchange_arg *arg;
2018 struct sk_buff *skb_resp;
2019 int skb_resp_len;
2020 int rc;
2021
2022 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2023
2024 if (!dev->tgt_active_prot) {
2025 nfc_dev_err(&dev->interface->dev, "Cannot exchange data if"
2026 " there is no active target");
2027 rc = -EINVAL;
2028 goto error;
2029 }
2030
2031 rc = pn533_build_tx_frame(dev, skb, true);
2032 if (rc)
2033 goto error;
2034
2035 skb_resp_len = PN533_CMD_DATAEXCH_HEAD_LEN +
2036 PN533_CMD_DATAEXCH_DATA_MAXLEN +
2037 PN533_FRAME_TAIL_SIZE;
2038
2039 skb_resp = nfc_alloc_recv_skb(skb_resp_len, GFP_KERNEL);
2040 if (!skb_resp) {
2041 rc = -ENOMEM;
2042 goto error;
2043 }
2044
2045 in_frame = (struct pn533_frame *) skb_resp->data;
2046 out_frame = (struct pn533_frame *) skb->data;
2047
2048 arg = kmalloc(sizeof(struct pn533_data_exchange_arg), GFP_KERNEL);
2049 if (!arg) {
2050 rc = -ENOMEM;
2051 goto free_skb_resp;
2052 }
2053
2054 arg->skb_resp = skb_resp;
2055 arg->skb_out = skb;
2056 arg->cb = cb;
2057 arg->cb_context = cb_context;
2058
2059 rc = pn533_send_cmd_frame_async(dev, out_frame, in_frame, skb_resp_len,
2060 pn533_data_exchange_complete, arg,
2061 GFP_KERNEL);
2062 if (rc) {
2063 nfc_dev_err(&dev->interface->dev, "Error %d when trying to"
2064 " perform data_exchange", rc);
2065 goto free_arg;
2066 }
2067
2068 return 0;
2069
2070free_arg:
2071 kfree(arg);
2072free_skb_resp:
2073 kfree_skb(skb_resp);
2074error:
2075 kfree_skb(skb);
2076 return rc;
2077}
2078
2079static int pn533_tm_send_complete(struct pn533 *dev, void *arg,
2080 u8 *params, int params_len)
2081{
2082 struct sk_buff *skb_out = arg;
2083
2084 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2085
2086 dev_kfree_skb(skb_out);
2087
2088 if (params_len < 0) {
2089 nfc_dev_err(&dev->interface->dev,
2090 "Error %d when sending data",
2091 params_len);
2092
2093 return params_len;
2094 }
2095
2096 if (params_len > 0 && params[0] != 0) {
2097 nfc_tm_deactivated(dev->nfc_dev);
2098
2099 dev->tgt_mode = 0;
2100
2101 return 0;
2102 }
2103
2104 queue_work(dev->wq, &dev->tg_work);
2105
2106 return 0;
2107}
2108
2109static int pn533_tm_send(struct nfc_dev *nfc_dev, struct sk_buff *skb)
2110{
2111 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
2112 struct pn533_frame *out_frame;
2113 int rc;
2114
2115 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2116
2117 rc = pn533_build_tx_frame(dev, skb, false);
2118 if (rc)
2119 goto error;
2120
2121 out_frame = (struct pn533_frame *) skb->data;
2122
2123 rc = pn533_send_cmd_frame_async(dev, out_frame, dev->in_frame,
2124 dev->in_maxlen, pn533_tm_send_complete,
2125 skb, GFP_KERNEL);
2126 if (rc) {
2127 nfc_dev_err(&dev->interface->dev,
2128 "Error %d when trying to send data", rc);
2129 goto error;
2130 }
2131
2132 return 0;
2133
2134error:
2135 kfree_skb(skb);
2136
2137 return rc;
2138}
2139
2140static void pn533_wq_mi_recv(struct work_struct *work)
2141{
2142 struct pn533 *dev = container_of(work, struct pn533, mi_work);
2143 struct sk_buff *skb_cmd;
2144 struct pn533_data_exchange_arg *arg = dev->cmd_complete_arg;
2145 struct pn533_frame *out_frame, *in_frame;
2146 struct sk_buff *skb_resp;
2147 int skb_resp_len;
2148 int rc;
2149
2150 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2151
2152
2153 skb_cmd = alloc_skb(PN533_CMD_DATAEXCH_HEAD_LEN + PN533_FRAME_TAIL_SIZE,
2154 GFP_KERNEL);
2155 if (skb_cmd == NULL)
2156 goto error_cmd;
2157
2158 skb_reserve(skb_cmd, PN533_CMD_DATAEXCH_HEAD_LEN);
2159
2160 rc = pn533_build_tx_frame(dev, skb_cmd, true);
2161 if (rc)
2162 goto error_frame;
2163
2164 skb_resp_len = PN533_CMD_DATAEXCH_HEAD_LEN +
2165 PN533_CMD_DATAEXCH_DATA_MAXLEN +
2166 PN533_FRAME_TAIL_SIZE;
2167 skb_resp = alloc_skb(skb_resp_len, GFP_KERNEL);
2168 if (!skb_resp) {
2169 rc = -ENOMEM;
2170 goto error_frame;
2171 }
2172
2173 in_frame = (struct pn533_frame *) skb_resp->data;
2174 out_frame = (struct pn533_frame *) skb_cmd->data;
2175
2176 arg->skb_resp = skb_resp;
2177 arg->skb_out = skb_cmd;
2178
2179 rc = __pn533_send_cmd_frame_async(dev, out_frame, in_frame,
2180 skb_resp_len,
2181 pn533_data_exchange_complete,
2182 dev->cmd_complete_arg, GFP_KERNEL);
2183 if (!rc)
2184 return;
2185
2186 nfc_dev_err(&dev->interface->dev, "Error %d when trying to"
2187 " perform data_exchange", rc);
2188
2189 kfree_skb(skb_resp);
2190
2191error_frame:
2192 kfree_skb(skb_cmd);
2193
2194error_cmd:
2195 pn533_send_ack(dev, GFP_KERNEL);
2196
2197 kfree(arg);
2198
2199 queue_work(dev->wq, &dev->cmd_work);
2200}
2201
2202static int pn533_set_configuration(struct pn533 *dev, u8 cfgitem, u8 *cfgdata,
2203 u8 cfgdata_len)
2204{
2205 int rc;
2206 u8 *params;
2207
2208 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2209
2210 pn533_tx_frame_init(dev->out_frame, PN533_CMD_RF_CONFIGURATION);
2211
2212 params = PN533_FRAME_CMD_PARAMS_PTR(dev->out_frame);
2213 params[0] = cfgitem;
2214 memcpy(¶ms[1], cfgdata, cfgdata_len);
2215 dev->out_frame->datalen += (1 + cfgdata_len);
2216
2217 pn533_tx_frame_finish(dev->out_frame);
2218
2219 rc = pn533_send_cmd_frame_sync(dev, dev->out_frame, dev->in_frame,
2220 dev->in_maxlen);
2221
2222 return rc;
2223}
2224
2225static int pn533_fw_reset(struct pn533 *dev)
2226{
2227 int rc;
2228 u8 *params;
2229
2230 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2231
2232 pn533_tx_frame_init(dev->out_frame, 0x18);
2233
2234 params = PN533_FRAME_CMD_PARAMS_PTR(dev->out_frame);
2235 params[0] = 0x1;
2236 dev->out_frame->datalen += 1;
2237
2238 pn533_tx_frame_finish(dev->out_frame);
2239
2240 rc = pn533_send_cmd_frame_sync(dev, dev->out_frame, dev->in_frame,
2241 dev->in_maxlen);
2242
2243 return rc;
2244}
2245
2246static struct nfc_ops pn533_nfc_ops = {
2247 .dev_up = NULL,
2248 .dev_down = NULL,
2249 .dep_link_up = pn533_dep_link_up,
2250 .dep_link_down = pn533_dep_link_down,
2251 .start_poll = pn533_start_poll,
2252 .stop_poll = pn533_stop_poll,
2253 .activate_target = pn533_activate_target,
2254 .deactivate_target = pn533_deactivate_target,
2255 .im_transceive = pn533_transceive,
2256 .tm_send = pn533_tm_send,
2257};
2258
2259static int pn533_setup(struct pn533 *dev)
2260{
2261 struct pn533_config_max_retries max_retries;
2262 struct pn533_config_timing timing;
2263 u8 pasori_cfg[3] = {0x08, 0x01, 0x08};
2264 int rc;
2265
2266 switch (dev->device_type) {
2267 case PN533_DEVICE_STD:
2268 max_retries.mx_rty_atr = PN533_CONFIG_MAX_RETRIES_ENDLESS;
2269 max_retries.mx_rty_psl = 2;
2270 max_retries.mx_rty_passive_act =
2271 PN533_CONFIG_MAX_RETRIES_NO_RETRY;
2272
2273 timing.rfu = PN533_CONFIG_TIMING_102;
2274 timing.atr_res_timeout = PN533_CONFIG_TIMING_204;
2275 timing.dep_timeout = PN533_CONFIG_TIMING_409;
2276
2277 break;
2278
2279 case PN533_DEVICE_PASORI:
2280 max_retries.mx_rty_atr = 0x2;
2281 max_retries.mx_rty_psl = 0x1;
2282 max_retries.mx_rty_passive_act =
2283 PN533_CONFIG_MAX_RETRIES_NO_RETRY;
2284
2285 timing.rfu = PN533_CONFIG_TIMING_102;
2286 timing.atr_res_timeout = PN533_CONFIG_TIMING_102;
2287 timing.dep_timeout = PN533_CONFIG_TIMING_204;
2288
2289 break;
2290
2291 default:
2292 nfc_dev_err(&dev->interface->dev, "Unknown device type %d\n",
2293 dev->device_type);
2294 return -EINVAL;
2295 }
2296
2297 rc = pn533_set_configuration(dev, PN533_CFGITEM_MAX_RETRIES,
2298 (u8 *)&max_retries, sizeof(max_retries));
2299 if (rc) {
2300 nfc_dev_err(&dev->interface->dev,
2301 "Error on setting MAX_RETRIES config");
2302 return rc;
2303 }
2304
2305
2306 rc = pn533_set_configuration(dev, PN533_CFGITEM_TIMING,
2307 (u8 *)&timing, sizeof(timing));
2308 if (rc) {
2309 nfc_dev_err(&dev->interface->dev,
2310 "Error on setting RF timings");
2311 return rc;
2312 }
2313
2314 switch (dev->device_type) {
2315 case PN533_DEVICE_STD:
2316 break;
2317
2318 case PN533_DEVICE_PASORI:
2319 pn533_fw_reset(dev);
2320
2321 rc = pn533_set_configuration(dev, PN533_CFGITEM_PASORI,
2322 pasori_cfg, 3);
2323 if (rc) {
2324 nfc_dev_err(&dev->interface->dev,
2325 "Error while settings PASORI config");
2326 return rc;
2327 }
2328
2329 pn533_fw_reset(dev);
2330
2331 break;
2332 }
2333
2334 return 0;
2335}
2336
2337static int pn533_probe(struct usb_interface *interface,
2338 const struct usb_device_id *id)
2339{
2340 struct pn533_fw_version *fw_ver;
2341 struct pn533 *dev;
2342 struct usb_host_interface *iface_desc;
2343 struct usb_endpoint_descriptor *endpoint;
2344 int in_endpoint = 0;
2345 int out_endpoint = 0;
2346 int rc = -ENOMEM;
2347 int i;
2348 u32 protocols;
2349
2350 dev = kzalloc(sizeof(*dev), GFP_KERNEL);
2351 if (!dev)
2352 return -ENOMEM;
2353
2354 dev->udev = usb_get_dev(interface_to_usbdev(interface));
2355 dev->interface = interface;
2356 mutex_init(&dev->cmd_lock);
2357
2358 iface_desc = interface->cur_altsetting;
2359 for (i = 0; i < iface_desc->desc.bNumEndpoints; ++i) {
2360 endpoint = &iface_desc->endpoint[i].desc;
2361
2362 if (!in_endpoint && usb_endpoint_is_bulk_in(endpoint)) {
2363 dev->in_maxlen = le16_to_cpu(endpoint->wMaxPacketSize);
2364 in_endpoint = endpoint->bEndpointAddress;
2365 }
2366
2367 if (!out_endpoint && usb_endpoint_is_bulk_out(endpoint)) {
2368 dev->out_maxlen =
2369 le16_to_cpu(endpoint->wMaxPacketSize);
2370 out_endpoint = endpoint->bEndpointAddress;
2371 }
2372 }
2373
2374 if (!in_endpoint || !out_endpoint) {
2375 nfc_dev_err(&interface->dev, "Could not find bulk-in or"
2376 " bulk-out endpoint");
2377 rc = -ENODEV;
2378 goto error;
2379 }
2380
2381 dev->in_frame = kmalloc(PN533_NORMAL_FRAME_MAX_LEN, GFP_KERNEL);
2382 dev->in_urb = usb_alloc_urb(0, GFP_KERNEL);
2383 dev->out_frame = kmalloc(PN533_NORMAL_FRAME_MAX_LEN, GFP_KERNEL);
2384 dev->out_urb = usb_alloc_urb(0, GFP_KERNEL);
2385
2386 if (!dev->in_frame || !dev->out_frame ||
2387 !dev->in_urb || !dev->out_urb)
2388 goto error;
2389
2390 usb_fill_bulk_urb(dev->in_urb, dev->udev,
2391 usb_rcvbulkpipe(dev->udev, in_endpoint),
2392 NULL, 0, NULL, dev);
2393 usb_fill_bulk_urb(dev->out_urb, dev->udev,
2394 usb_sndbulkpipe(dev->udev, out_endpoint),
2395 NULL, 0,
2396 pn533_send_complete, dev);
2397
2398 INIT_WORK(&dev->cmd_work, pn533_wq_cmd);
2399 INIT_WORK(&dev->cmd_complete_work, pn533_wq_cmd_complete);
2400 INIT_WORK(&dev->mi_work, pn533_wq_mi_recv);
2401 INIT_WORK(&dev->tg_work, pn533_wq_tg_get_data);
2402 INIT_WORK(&dev->poll_work, pn533_wq_poll);
2403 dev->wq = alloc_ordered_workqueue("pn533", 0);
2404 if (dev->wq == NULL)
2405 goto error;
2406
2407 init_timer(&dev->listen_timer);
2408 dev->listen_timer.data = (unsigned long) dev;
2409 dev->listen_timer.function = pn533_listen_mode_timer;
2410
2411 skb_queue_head_init(&dev->resp_q);
2412
2413 INIT_LIST_HEAD(&dev->cmd_queue);
2414
2415 usb_set_intfdata(interface, dev);
2416
2417 pn533_tx_frame_init(dev->out_frame, PN533_CMD_GET_FIRMWARE_VERSION);
2418 pn533_tx_frame_finish(dev->out_frame);
2419
2420 rc = pn533_send_cmd_frame_sync(dev, dev->out_frame, dev->in_frame,
2421 dev->in_maxlen);
2422 if (rc)
2423 goto destroy_wq;
2424
2425 fw_ver = (struct pn533_fw_version *)
2426 PN533_FRAME_CMD_PARAMS_PTR(dev->in_frame);
2427 nfc_dev_info(&dev->interface->dev, "NXP PN533 firmware ver %d.%d now"
2428 " attached", fw_ver->ver, fw_ver->rev);
2429
2430 dev->device_type = id->driver_info;
2431 switch (dev->device_type) {
2432 case PN533_DEVICE_STD:
2433 protocols = PN533_ALL_PROTOCOLS;
2434 break;
2435
2436 case PN533_DEVICE_PASORI:
2437 protocols = PN533_NO_TYPE_B_PROTOCOLS;
2438 break;
2439
2440 default:
2441 nfc_dev_err(&dev->interface->dev, "Unknown device type %d\n",
2442 dev->device_type);
2443 rc = -EINVAL;
2444 goto destroy_wq;
2445 }
2446
2447 dev->nfc_dev = nfc_allocate_device(&pn533_nfc_ops, protocols,
2448 PN533_CMD_DATAEXCH_HEAD_LEN,
2449 PN533_FRAME_TAIL_SIZE);
2450 if (!dev->nfc_dev)
2451 goto destroy_wq;
2452
2453 nfc_set_parent_dev(dev->nfc_dev, &interface->dev);
2454 nfc_set_drvdata(dev->nfc_dev, dev);
2455
2456 rc = nfc_register_device(dev->nfc_dev);
2457 if (rc)
2458 goto free_nfc_dev;
2459
2460 rc = pn533_setup(dev);
2461 if (rc)
2462 goto unregister_nfc_dev;
2463
2464 return 0;
2465
2466unregister_nfc_dev:
2467 nfc_unregister_device(dev->nfc_dev);
2468
2469free_nfc_dev:
2470 nfc_free_device(dev->nfc_dev);
2471
2472destroy_wq:
2473 destroy_workqueue(dev->wq);
2474error:
2475 kfree(dev->in_frame);
2476 usb_free_urb(dev->in_urb);
2477 kfree(dev->out_frame);
2478 usb_free_urb(dev->out_urb);
2479 kfree(dev);
2480 return rc;
2481}
2482
2483static void pn533_disconnect(struct usb_interface *interface)
2484{
2485 struct pn533 *dev;
2486 struct pn533_cmd *cmd, *n;
2487
2488 dev = usb_get_intfdata(interface);
2489 usb_set_intfdata(interface, NULL);
2490
2491 nfc_unregister_device(dev->nfc_dev);
2492 nfc_free_device(dev->nfc_dev);
2493
2494 usb_kill_urb(dev->in_urb);
2495 usb_kill_urb(dev->out_urb);
2496
2497 destroy_workqueue(dev->wq);
2498
2499 skb_queue_purge(&dev->resp_q);
2500
2501 del_timer(&dev->listen_timer);
2502
2503 list_for_each_entry_safe(cmd, n, &dev->cmd_queue, queue) {
2504 list_del(&cmd->queue);
2505 kfree(cmd);
2506 }
2507
2508 kfree(dev->in_frame);
2509 usb_free_urb(dev->in_urb);
2510 kfree(dev->out_frame);
2511 usb_free_urb(dev->out_urb);
2512 kfree(dev);
2513
2514 nfc_dev_info(&interface->dev, "NXP PN533 NFC device disconnected");
2515}
2516
2517static struct usb_driver pn533_driver = {
2518 .name = "pn533",
2519 .probe = pn533_probe,
2520 .disconnect = pn533_disconnect,
2521 .id_table = pn533_table,
2522};
2523
2524module_usb_driver(pn533_driver);
2525
2526MODULE_AUTHOR("Lauro Ramos Venancio <lauro.venancio@openbossa.org>,"
2527 " Aloisio Almeida Jr <aloisio.almeida@openbossa.org>");
2528MODULE_DESCRIPTION("PN533 usb driver ver " VERSION);
2529MODULE_VERSION(VERSION);
2530MODULE_LICENSE("GPL");
2531
