search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge tag 'pm-for-3.6-rc3' of git://git.kernel.org/pub/scm/linux/kernel/git/rafael...
[linux/fpc-iii.git] / drivers / nfc / pn533.c
blobd606f52fec842d5a613cff3f63719a97827178b4
1 /*
2 * Copyright (C) 2011 Instituto Nokia de Tecnologia
3 *
4 * Authors:
5 * Lauro Ramos Venancio <lauro.venancio@openbossa.org>
6 * Aloisio Almeida Jr <aloisio.almeida@openbossa.org>
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the
20 * Free Software Foundation, Inc.,
21 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
22 */
23
24 #include <linux/device.h>
25 #include <linux/kernel.h>
26 #include <linux/module.h>
27 #include <linux/slab.h>
28 #include <linux/usb.h>
29 #include <linux/nfc.h>
30 #include <linux/netdevice.h>
31 #include <net/nfc/nfc.h>
32
33 #define VERSION "0.1"
34
35 #define PN533_VENDOR_ID 0x4CC
36 #define PN533_PRODUCT_ID 0x2533
37
38 #define SCM_VENDOR_ID 0x4E6
39 #define SCL3711_PRODUCT_ID 0x5591
40
41 #define SONY_VENDOR_ID 0x054c
42 #define PASORI_PRODUCT_ID 0x02e1
43
44 #define PN533_QUIRKS_TYPE_A BIT(0)
45 #define PN533_QUIRKS_TYPE_F BIT(1)
46 #define PN533_QUIRKS_DEP BIT(2)
47 #define PN533_QUIRKS_RAW_EXCHANGE BIT(3)
48
49 #define PN533_DEVICE_STD 0x1
50 #define PN533_DEVICE_PASORI 0x2
51
52 #define PN533_ALL_PROTOCOLS (NFC_PROTO_JEWEL_MASK | NFC_PROTO_MIFARE_MASK |\
53 NFC_PROTO_FELICA_MASK | NFC_PROTO_ISO14443_MASK |\
54 NFC_PROTO_NFC_DEP_MASK |\
55 NFC_PROTO_ISO14443_B_MASK)
56
57 #define PN533_NO_TYPE_B_PROTOCOLS (NFC_PROTO_JEWEL_MASK | \
58 NFC_PROTO_MIFARE_MASK | \
59 NFC_PROTO_FELICA_MASK | \
60 NFC_PROTO_ISO14443_MASK | \
61 NFC_PROTO_NFC_DEP_MASK)
62
63 static const struct usb_device_id pn533_table[] = {
64 { .match_flags = USB_DEVICE_ID_MATCH_DEVICE,
65 .idVendor = PN533_VENDOR_ID,
66 .idProduct = PN533_PRODUCT_ID,
67 .driver_info = PN533_DEVICE_STD,
68 },
69 { .match_flags = USB_DEVICE_ID_MATCH_DEVICE,
70 .idVendor = SCM_VENDOR_ID,
71 .idProduct = SCL3711_PRODUCT_ID,
72 .driver_info = PN533_DEVICE_STD,
73 },
74 { .match_flags = USB_DEVICE_ID_MATCH_DEVICE,
75 .idVendor = SONY_VENDOR_ID,
76 .idProduct = PASORI_PRODUCT_ID,
77 .driver_info = PN533_DEVICE_PASORI,
78 },
79 { }
80 };
81 MODULE_DEVICE_TABLE(usb, pn533_table);
82
83 /* How much time we spend listening for initiators */
84 #define PN533_LISTEN_TIME 2
85
86 /* frame definitions */
87 #define PN533_FRAME_TAIL_SIZE 2
88 #define PN533_FRAME_SIZE(f) (sizeof(struct pn533_frame) + f->datalen + \
89 PN533_FRAME_TAIL_SIZE)
90 #define PN533_FRAME_ACK_SIZE (sizeof(struct pn533_frame) + 1)
91 #define PN533_FRAME_CHECKSUM(f) (f->data[f->datalen])
92 #define PN533_FRAME_POSTAMBLE(f) (f->data[f->datalen + 1])
93
94 /* start of frame */
95 #define PN533_SOF 0x00FF
96
97 /* frame identifier: in/out/error */
98 #define PN533_FRAME_IDENTIFIER(f) (f->data[0])
99 #define PN533_DIR_OUT 0xD4
100 #define PN533_DIR_IN 0xD5
101
102 /* PN533 Commands */
103 #define PN533_FRAME_CMD(f) (f->data[1])
104 #define PN533_FRAME_CMD_PARAMS_PTR(f) (&f->data[2])
105 #define PN533_FRAME_CMD_PARAMS_LEN(f) (f->datalen - 2)
106
107 #define PN533_CMD_GET_FIRMWARE_VERSION 0x02
108 #define PN533_CMD_RF_CONFIGURATION 0x32
109 #define PN533_CMD_IN_DATA_EXCHANGE 0x40
110 #define PN533_CMD_IN_COMM_THRU 0x42
111 #define PN533_CMD_IN_LIST_PASSIVE_TARGET 0x4A
112 #define PN533_CMD_IN_ATR 0x50
113 #define PN533_CMD_IN_RELEASE 0x52
114 #define PN533_CMD_IN_JUMP_FOR_DEP 0x56
115
116 #define PN533_CMD_TG_INIT_AS_TARGET 0x8c
117 #define PN533_CMD_TG_GET_DATA 0x86
118 #define PN533_CMD_TG_SET_DATA 0x8e
119
120 #define PN533_CMD_RESPONSE(cmd) (cmd + 1)
121
122 /* PN533 Return codes */
123 #define PN533_CMD_RET_MASK 0x3F
124 #define PN533_CMD_MI_MASK 0x40
125 #define PN533_CMD_RET_SUCCESS 0x00
126
127 /* PN533 status codes */
128 #define PN533_STATUS_TARGET_RELEASED 0x29
129
130 struct pn533;
131
132 typedef int (*pn533_cmd_complete_t) (struct pn533 *dev, void *arg,
133 u8 *params, int params_len);
134
135 /* structs for pn533 commands */
136
137 /* PN533_CMD_GET_FIRMWARE_VERSION */
138 struct pn533_fw_version {
139 u8 ic;
140 u8 ver;
141 u8 rev;
142 u8 support;
143 };
144
145 /* PN533_CMD_RF_CONFIGURATION */
146 #define PN533_CFGITEM_TIMING 0x02
147 #define PN533_CFGITEM_MAX_RETRIES 0x05
148 #define PN533_CFGITEM_PASORI 0x82
149
150 #define PN533_CONFIG_TIMING_102 0xb
151 #define PN533_CONFIG_TIMING_204 0xc
152 #define PN533_CONFIG_TIMING_409 0xd
153 #define PN533_CONFIG_TIMING_819 0xe
154
155 #define PN533_CONFIG_MAX_RETRIES_NO_RETRY 0x00
156 #define PN533_CONFIG_MAX_RETRIES_ENDLESS 0xFF
157
158 struct pn533_config_max_retries {
159 u8 mx_rty_atr;
160 u8 mx_rty_psl;
161 u8 mx_rty_passive_act;
162 } __packed;
163
164 struct pn533_config_timing {
165 u8 rfu;
166 u8 atr_res_timeout;
167 u8 dep_timeout;
168 } __packed;
169
170 /* PN533_CMD_IN_LIST_PASSIVE_TARGET */
171
172 /* felica commands opcode */
173 #define PN533_FELICA_OPC_SENSF_REQ 0
174 #define PN533_FELICA_OPC_SENSF_RES 1
175 /* felica SENSF_REQ parameters */
176 #define PN533_FELICA_SENSF_SC_ALL 0xFFFF
177 #define PN533_FELICA_SENSF_RC_NO_SYSTEM_CODE 0
178 #define PN533_FELICA_SENSF_RC_SYSTEM_CODE 1
179 #define PN533_FELICA_SENSF_RC_ADVANCED_PROTOCOL 2
180
181 /* type B initiator_data values */
182 #define PN533_TYPE_B_AFI_ALL_FAMILIES 0
183 #define PN533_TYPE_B_POLL_METHOD_TIMESLOT 0
184 #define PN533_TYPE_B_POLL_METHOD_PROBABILISTIC 1
185
186 union pn533_cmd_poll_initdata {
187 struct {
188 u8 afi;
189 u8 polling_method;
190 } __packed type_b;
191 struct {
192 u8 opcode;
193 __be16 sc;
194 u8 rc;
195 u8 tsn;
196 } __packed felica;
197 };
198
199 /* Poll modulations */
200 enum {
201 PN533_POLL_MOD_106KBPS_A,
202 PN533_POLL_MOD_212KBPS_FELICA,
203 PN533_POLL_MOD_424KBPS_FELICA,
204 PN533_POLL_MOD_106KBPS_JEWEL,
205 PN533_POLL_MOD_847KBPS_B,
206 PN533_LISTEN_MOD,
207
208 __PN533_POLL_MOD_AFTER_LAST,
209 };
210 #define PN533_POLL_MOD_MAX (__PN533_POLL_MOD_AFTER_LAST - 1)
211
212 struct pn533_poll_modulations {
213 struct {
214 u8 maxtg;
215 u8 brty;
216 union pn533_cmd_poll_initdata initiator_data;
217 } __packed data;
218 u8 len;
219 };
220
221 const struct pn533_poll_modulations poll_mod[] = {
222 [PN533_POLL_MOD_106KBPS_A] = {
223 .data = {
224 .maxtg = 1,
225 .brty = 0,
226 },
227 .len = 2,
228 },
229 [PN533_POLL_MOD_212KBPS_FELICA] = {
230 .data = {
231 .maxtg = 1,
232 .brty = 1,
233 .initiator_data.felica = {
234 .opcode = PN533_FELICA_OPC_SENSF_REQ,
235 .sc = PN533_FELICA_SENSF_SC_ALL,
236 .rc = PN533_FELICA_SENSF_RC_NO_SYSTEM_CODE,
237 .tsn = 0,
238 },
239 },
240 .len = 7,
241 },
242 [PN533_POLL_MOD_424KBPS_FELICA] = {
243 .data = {
244 .maxtg = 1,
245 .brty = 2,
246 .initiator_data.felica = {
247 .opcode = PN533_FELICA_OPC_SENSF_REQ,
248 .sc = PN533_FELICA_SENSF_SC_ALL,
249 .rc = PN533_FELICA_SENSF_RC_NO_SYSTEM_CODE,
250 .tsn = 0,
251 },
252 },
253 .len = 7,
254 },
255 [PN533_POLL_MOD_106KBPS_JEWEL] = {
256 .data = {
257 .maxtg = 1,
258 .brty = 4,
259 },
260 .len = 2,
261 },
262 [PN533_POLL_MOD_847KBPS_B] = {
263 .data = {
264 .maxtg = 1,
265 .brty = 8,
266 .initiator_data.type_b = {
267 .afi = PN533_TYPE_B_AFI_ALL_FAMILIES,
268 .polling_method =
269 PN533_TYPE_B_POLL_METHOD_TIMESLOT,
270 },
271 },
272 .len = 3,
273 },
274 [PN533_LISTEN_MOD] = {
275 .len = 0,
276 },
277 };
278
279 /* PN533_CMD_IN_ATR */
280
281 struct pn533_cmd_activate_param {
282 u8 tg;
283 u8 next;
284 } __packed;
285
286 struct pn533_cmd_activate_response {
287 u8 status;
288 u8 nfcid3t[10];
289 u8 didt;
290 u8 bst;
291 u8 brt;
292 u8 to;
293 u8 ppt;
294 /* optional */
295 u8 gt[];
296 } __packed;
297
298 /* PN533_CMD_IN_JUMP_FOR_DEP */
299 struct pn533_cmd_jump_dep {
300 u8 active;
301 u8 baud;
302 u8 next;
303 u8 data[];
304 } __packed;
305
306 struct pn533_cmd_jump_dep_response {
307 u8 status;
308 u8 tg;
309 u8 nfcid3t[10];
310 u8 didt;
311 u8 bst;
312 u8 brt;
313 u8 to;
314 u8 ppt;
315 /* optional */
316 u8 gt[];
317 } __packed;
318
319
320 /* PN533_TG_INIT_AS_TARGET */
321 #define PN533_INIT_TARGET_PASSIVE 0x1
322 #define PN533_INIT_TARGET_DEP 0x2
323
324 #define PN533_INIT_TARGET_RESP_FRAME_MASK 0x3
325 #define PN533_INIT_TARGET_RESP_ACTIVE 0x1
326 #define PN533_INIT_TARGET_RESP_DEP 0x4
327
328 struct pn533_cmd_init_target {
329 u8 mode;
330 u8 mifare[6];
331 u8 felica[18];
332 u8 nfcid3[10];
333 u8 gb_len;
334 u8 gb[];
335 } __packed;
336
337 struct pn533_cmd_init_target_response {
338 u8 mode;
339 u8 cmd[];
340 } __packed;
341
342 struct pn533 {
343 struct usb_device *udev;
344 struct usb_interface *interface;
345 struct nfc_dev *nfc_dev;
346
347 struct urb *out_urb;
348 int out_maxlen;
349 struct pn533_frame *out_frame;
350
351 struct urb *in_urb;
352 int in_maxlen;
353 struct pn533_frame *in_frame;
354
355 struct sk_buff_head resp_q;
356
357 struct workqueue_struct *wq;
358 struct work_struct cmd_work;
359 struct work_struct poll_work;
360 struct work_struct mi_work;
361 struct work_struct tg_work;
362 struct timer_list listen_timer;
363 struct pn533_frame *wq_in_frame;
364 int wq_in_error;
365 int cancel_listen;
366
367 pn533_cmd_complete_t cmd_complete;
368 void *cmd_complete_arg;
369 struct mutex cmd_lock;
370 u8 cmd;
371
372 struct pn533_poll_modulations *poll_mod_active[PN533_POLL_MOD_MAX + 1];
373 u8 poll_mod_count;
374 u8 poll_mod_curr;
375 u32 poll_protocols;
376 u32 listen_protocols;
377
378 u8 *gb;
379 size_t gb_len;
380
381 u8 tgt_available_prots;
382 u8 tgt_active_prot;
383 u8 tgt_mode;
384
385 u32 device_type;
386 };
387
388 struct pn533_frame {
389 u8 preamble;
390 __be16 start_frame;
391 u8 datalen;
392 u8 datalen_checksum;
393 u8 data[];
394 } __packed;
395
396 /* The rule: value + checksum = 0 */
397 static inline u8 pn533_checksum(u8 value)
398 {
399 return ~value + 1;
400 }
401
402 /* The rule: sum(data elements) + checksum = 0 */
403 static u8 pn533_data_checksum(u8 *data, int datalen)
404 {
405 u8 sum = 0;
406 int i;
407
408 for (i = 0; i < datalen; i++)
409 sum += data[i];
410
411 return pn533_checksum(sum);
412 }
413
414 /**
415 * pn533_tx_frame_ack - create a ack frame
416 * @frame: The frame to be set as ack
417 *
418 * Ack is different type of standard frame. As a standard frame, it has
419 * preamble and start_frame. However the checksum of this frame must fail,
420 * i.e. datalen + datalen_checksum must NOT be zero. When the checksum test
421 * fails and datalen = 0 and datalen_checksum = 0xFF, the frame is a ack.
422 * After datalen_checksum field, the postamble is placed.
423 */
424 static void pn533_tx_frame_ack(struct pn533_frame *frame)
425 {
426 frame->preamble = 0;
427 frame->start_frame = cpu_to_be16(PN533_SOF);
428 frame->datalen = 0;
429 frame->datalen_checksum = 0xFF;
430 /* data[0] is used as postamble */
431 frame->data[0] = 0;
432 }
433
434 static void pn533_tx_frame_init(struct pn533_frame *frame, u8 cmd)
435 {
436 frame->preamble = 0;
437 frame->start_frame = cpu_to_be16(PN533_SOF);
438 PN533_FRAME_IDENTIFIER(frame) = PN533_DIR_OUT;
439 PN533_FRAME_CMD(frame) = cmd;
440 frame->datalen = 2;
441 }
442
443 static void pn533_tx_frame_finish(struct pn533_frame *frame)
444 {
445 frame->datalen_checksum = pn533_checksum(frame->datalen);
446
447 PN533_FRAME_CHECKSUM(frame) =
448 pn533_data_checksum(frame->data, frame->datalen);
449
450 PN533_FRAME_POSTAMBLE(frame) = 0;
451 }
452
453 static bool pn533_rx_frame_is_valid(struct pn533_frame *frame)
454 {
455 u8 checksum;
456
457 if (frame->start_frame != cpu_to_be16(PN533_SOF))
458 return false;
459
460 checksum = pn533_checksum(frame->datalen);
461 if (checksum != frame->datalen_checksum)
462 return false;
463
464 checksum = pn533_data_checksum(frame->data, frame->datalen);
465 if (checksum != PN533_FRAME_CHECKSUM(frame))
466 return false;
467
468 return true;
469 }
470
471 static bool pn533_rx_frame_is_ack(struct pn533_frame *frame)
472 {
473 if (frame->start_frame != cpu_to_be16(PN533_SOF))
474 return false;
475
476 if (frame->datalen != 0 || frame->datalen_checksum != 0xFF)
477 return false;
478
479 return true;
480 }
481
482 static bool pn533_rx_frame_is_cmd_response(struct pn533_frame *frame, u8 cmd)
483 {
484 return (PN533_FRAME_CMD(frame) == PN533_CMD_RESPONSE(cmd));
485 }
486
487
488 static void pn533_wq_cmd_complete(struct work_struct *work)
489 {
490 struct pn533 *dev = container_of(work, struct pn533, cmd_work);
491 struct pn533_frame *in_frame;
492 int rc;
493
494 in_frame = dev->wq_in_frame;
495
496 if (dev->wq_in_error)
497 rc = dev->cmd_complete(dev, dev->cmd_complete_arg, NULL,
498 dev->wq_in_error);
499 else
500 rc = dev->cmd_complete(dev, dev->cmd_complete_arg,
501 PN533_FRAME_CMD_PARAMS_PTR(in_frame),
502 PN533_FRAME_CMD_PARAMS_LEN(in_frame));
503
504 if (rc != -EINPROGRESS)
505 mutex_unlock(&dev->cmd_lock);
506 }
507
508 static void pn533_recv_response(struct urb *urb)
509 {
510 struct pn533 *dev = urb->context;
511 struct pn533_frame *in_frame;
512
513 dev->wq_in_frame = NULL;
514
515 switch (urb->status) {
516 case 0:
517 /* success */
518 break;
519 case -ECONNRESET:
520 case -ENOENT:
521 case -ESHUTDOWN:
522 nfc_dev_dbg(&dev->interface->dev, "Urb shutting down with"
523 " status: %d", urb->status);
524 dev->wq_in_error = urb->status;
525 goto sched_wq;
526 default:
527 nfc_dev_err(&dev->interface->dev, "Nonzero urb status received:"
528 " %d", urb->status);
529 dev->wq_in_error = urb->status;
530 goto sched_wq;
531 }
532
533 in_frame = dev->in_urb->transfer_buffer;
534
535 if (!pn533_rx_frame_is_valid(in_frame)) {
536 nfc_dev_err(&dev->interface->dev, "Received an invalid frame");
537 dev->wq_in_error = -EIO;
538 goto sched_wq;
539 }
540
541 if (!pn533_rx_frame_is_cmd_response(in_frame, dev->cmd)) {
542 nfc_dev_err(&dev->interface->dev, "The received frame is not "
543 "response to the last command");
544 dev->wq_in_error = -EIO;
545 goto sched_wq;
546 }
547
548 nfc_dev_dbg(&dev->interface->dev, "Received a valid frame");
549 dev->wq_in_error = 0;
550 dev->wq_in_frame = in_frame;
551
552 sched_wq:
553 queue_work(dev->wq, &dev->cmd_work);
554 }
555
556 static int pn533_submit_urb_for_response(struct pn533 *dev, gfp_t flags)
557 {
558 dev->in_urb->complete = pn533_recv_response;
559
560 return usb_submit_urb(dev->in_urb, flags);
561 }
562
563 static void pn533_recv_ack(struct urb *urb)
564 {
565 struct pn533 *dev = urb->context;
566 struct pn533_frame *in_frame;
567 int rc;
568
569 switch (urb->status) {
570 case 0:
571 /* success */
572 break;
573 case -ECONNRESET:
574 case -ENOENT:
575 case -ESHUTDOWN:
576 nfc_dev_dbg(&dev->interface->dev, "Urb shutting down with"
577 " status: %d", urb->status);
578 dev->wq_in_error = urb->status;
579 goto sched_wq;
580 default:
581 nfc_dev_err(&dev->interface->dev, "Nonzero urb status received:"
582 " %d", urb->status);
583 dev->wq_in_error = urb->status;
584 goto sched_wq;
585 }
586
587 in_frame = dev->in_urb->transfer_buffer;
588
589 if (!pn533_rx_frame_is_ack(in_frame)) {
590 nfc_dev_err(&dev->interface->dev, "Received an invalid ack");
591 dev->wq_in_error = -EIO;
592 goto sched_wq;
593 }
594
595 nfc_dev_dbg(&dev->interface->dev, "Received a valid ack");
596
597 rc = pn533_submit_urb_for_response(dev, GFP_ATOMIC);
598 if (rc) {
599 nfc_dev_err(&dev->interface->dev, "usb_submit_urb failed with"
600 " result %d", rc);
601 dev->wq_in_error = rc;
602 goto sched_wq;
603 }
604
605 return;
606
607 sched_wq:
608 dev->wq_in_frame = NULL;
609 queue_work(dev->wq, &dev->cmd_work);
610 }
611
612 static int pn533_submit_urb_for_ack(struct pn533 *dev, gfp_t flags)
613 {
614 dev->in_urb->complete = pn533_recv_ack;
615
616 return usb_submit_urb(dev->in_urb, flags);
617 }
618
619 static int pn533_send_ack(struct pn533 *dev, gfp_t flags)
620 {
621 int rc;
622
623 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
624
625 pn533_tx_frame_ack(dev->out_frame);
626
627 dev->out_urb->transfer_buffer = dev->out_frame;
628 dev->out_urb->transfer_buffer_length = PN533_FRAME_ACK_SIZE;
629 rc = usb_submit_urb(dev->out_urb, flags);
630
631 return rc;
632 }
633
634 static int __pn533_send_cmd_frame_async(struct pn533 *dev,
635 struct pn533_frame *out_frame,
636 struct pn533_frame *in_frame,
637 int in_frame_len,
638 pn533_cmd_complete_t cmd_complete,
639 void *arg, gfp_t flags)
640 {
641 int rc;
642
643 nfc_dev_dbg(&dev->interface->dev, "Sending command 0x%x",
644 PN533_FRAME_CMD(out_frame));
645
646 dev->cmd = PN533_FRAME_CMD(out_frame);
647 dev->cmd_complete = cmd_complete;
648 dev->cmd_complete_arg = arg;
649
650 dev->out_urb->transfer_buffer = out_frame;
651 dev->out_urb->transfer_buffer_length =
652 PN533_FRAME_SIZE(out_frame);
653
654 dev->in_urb->transfer_buffer = in_frame;
655 dev->in_urb->transfer_buffer_length = in_frame_len;
656
657 rc = usb_submit_urb(dev->out_urb, flags);
658 if (rc)
659 return rc;
660
661 rc = pn533_submit_urb_for_ack(dev, flags);
662 if (rc)
663 goto error;
664
665 return 0;
666
667 error:
668 usb_unlink_urb(dev->out_urb);
669 return rc;
670 }
671
672 static int pn533_send_cmd_frame_async(struct pn533 *dev,
673 struct pn533_frame *out_frame,
674 struct pn533_frame *in_frame,
675 int in_frame_len,
676 pn533_cmd_complete_t cmd_complete,
677 void *arg, gfp_t flags)
678 {
679 int rc;
680
681 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
682
683 if (!mutex_trylock(&dev->cmd_lock))
684 return -EBUSY;
685
686 rc = __pn533_send_cmd_frame_async(dev, out_frame, in_frame,
687 in_frame_len, cmd_complete, arg, flags);
688 if (rc)
689 goto error;
690
691 return 0;
692 error:
693 mutex_unlock(&dev->cmd_lock);
694 return rc;
695 }
696
697 struct pn533_sync_cmd_response {
698 int rc;
699 struct completion done;
700 };
701
702 static int pn533_sync_cmd_complete(struct pn533 *dev, void *_arg,
703 u8 *params, int params_len)
704 {
705 struct pn533_sync_cmd_response *arg = _arg;
706
707 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
708
709 arg->rc = 0;
710
711 if (params_len < 0) /* error */
712 arg->rc = params_len;
713
714 complete(&arg->done);
715
716 return 0;
717 }
718
719 static int pn533_send_cmd_frame_sync(struct pn533 *dev,
720 struct pn533_frame *out_frame,
721 struct pn533_frame *in_frame,
722 int in_frame_len)
723 {
724 int rc;
725 struct pn533_sync_cmd_response arg;
726
727 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
728
729 init_completion(&arg.done);
730
731 rc = pn533_send_cmd_frame_async(dev, out_frame, in_frame, in_frame_len,
732 pn533_sync_cmd_complete, &arg, GFP_KERNEL);
733 if (rc)
734 return rc;
735
736 wait_for_completion(&arg.done);
737
738 return arg.rc;
739 }
740
741 static void pn533_send_complete(struct urb *urb)
742 {
743 struct pn533 *dev = urb->context;
744
745 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
746
747 switch (urb->status) {
748 case 0:
749 /* success */
750 break;
751 case -ECONNRESET:
752 case -ENOENT:
753 case -ESHUTDOWN:
754 nfc_dev_dbg(&dev->interface->dev, "Urb shutting down with"
755 " status: %d", urb->status);
756 break;
757 default:
758 nfc_dev_dbg(&dev->interface->dev, "Nonzero urb status received:"
759 " %d", urb->status);
760 }
761 }
762
763 struct pn533_target_type_a {
764 __be16 sens_res;
765 u8 sel_res;
766 u8 nfcid_len;
767 u8 nfcid_data[];
768 } __packed;
769
770
771 #define PN533_TYPE_A_SENS_RES_NFCID1(x) ((u8)((be16_to_cpu(x) & 0x00C0) >> 6))
772 #define PN533_TYPE_A_SENS_RES_SSD(x) ((u8)((be16_to_cpu(x) & 0x001F) >> 0))
773 #define PN533_TYPE_A_SENS_RES_PLATCONF(x) ((u8)((be16_to_cpu(x) & 0x0F00) >> 8))
774
775 #define PN533_TYPE_A_SENS_RES_SSD_JEWEL 0x00
776 #define PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL 0x0C
777
778 #define PN533_TYPE_A_SEL_PROT(x) (((x) & 0x60) >> 5)
779 #define PN533_TYPE_A_SEL_CASCADE(x) (((x) & 0x04) >> 2)
780
781 #define PN533_TYPE_A_SEL_PROT_MIFARE 0
782 #define PN533_TYPE_A_SEL_PROT_ISO14443 1
783 #define PN533_TYPE_A_SEL_PROT_DEP 2
784 #define PN533_TYPE_A_SEL_PROT_ISO14443_DEP 3
785
786 static bool pn533_target_type_a_is_valid(struct pn533_target_type_a *type_a,
787 int target_data_len)
788 {
789 u8 ssd;
790 u8 platconf;
791
792 if (target_data_len < sizeof(struct pn533_target_type_a))
793 return false;
794
795 /* The lenght check of nfcid[] and ats[] are not being performed because
796 the values are not being used */
797
798 /* Requirement 4.6.3.3 from NFC Forum Digital Spec */
799 ssd = PN533_TYPE_A_SENS_RES_SSD(type_a->sens_res);
800 platconf = PN533_TYPE_A_SENS_RES_PLATCONF(type_a->sens_res);
801
802 if ((ssd == PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
803 platconf != PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL) ||
804 (ssd != PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
805 platconf == PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL))
806 return false;
807
808 /* Requirements 4.8.2.1, 4.8.2.3, 4.8.2.5 and 4.8.2.7 from NFC Forum */
809 if (PN533_TYPE_A_SEL_CASCADE(type_a->sel_res) != 0)
810 return false;
811
812 return true;
813 }
814
815 static int pn533_target_found_type_a(struct nfc_target *nfc_tgt, u8 *tgt_data,
816 int tgt_data_len)
817 {
818 struct pn533_target_type_a *tgt_type_a;
819
820 tgt_type_a = (struct pn533_target_type_a *) tgt_data;
821
822 if (!pn533_target_type_a_is_valid(tgt_type_a, tgt_data_len))
823 return -EPROTO;
824
825 switch (PN533_TYPE_A_SEL_PROT(tgt_type_a->sel_res)) {
826 case PN533_TYPE_A_SEL_PROT_MIFARE:
827 nfc_tgt->supported_protocols = NFC_PROTO_MIFARE_MASK;
828 break;
829 case PN533_TYPE_A_SEL_PROT_ISO14443:
830 nfc_tgt->supported_protocols = NFC_PROTO_ISO14443_MASK;
831 break;
832 case PN533_TYPE_A_SEL_PROT_DEP:
833 nfc_tgt->supported_protocols = NFC_PROTO_NFC_DEP_MASK;
834 break;
835 case PN533_TYPE_A_SEL_PROT_ISO14443_DEP:
836 nfc_tgt->supported_protocols = NFC_PROTO_ISO14443_MASK |
837 NFC_PROTO_NFC_DEP_MASK;
838 break;
839 }
840
841 nfc_tgt->sens_res = be16_to_cpu(tgt_type_a->sens_res);
842 nfc_tgt->sel_res = tgt_type_a->sel_res;
843 nfc_tgt->nfcid1_len = tgt_type_a->nfcid_len;
844 memcpy(nfc_tgt->nfcid1, tgt_type_a->nfcid_data, nfc_tgt->nfcid1_len);
845
846 return 0;
847 }
848
849 struct pn533_target_felica {
850 u8 pol_res;
851 u8 opcode;
852 u8 nfcid2[8];
853 u8 pad[8];
854 /* optional */
855 u8 syst_code[];
856 } __packed;
857
858 #define PN533_FELICA_SENSF_NFCID2_DEP_B1 0x01
859 #define PN533_FELICA_SENSF_NFCID2_DEP_B2 0xFE
860
861 static bool pn533_target_felica_is_valid(struct pn533_target_felica *felica,
862 int target_data_len)
863 {
864 if (target_data_len < sizeof(struct pn533_target_felica))
865 return false;
866
867 if (felica->opcode != PN533_FELICA_OPC_SENSF_RES)
868 return false;
869
870 return true;
871 }
872
873 static int pn533_target_found_felica(struct nfc_target *nfc_tgt, u8 *tgt_data,
874 int tgt_data_len)
875 {
876 struct pn533_target_felica *tgt_felica;
877
878 tgt_felica = (struct pn533_target_felica *) tgt_data;
879
880 if (!pn533_target_felica_is_valid(tgt_felica, tgt_data_len))
881 return -EPROTO;
882
883 if (tgt_felica->nfcid2[0] == PN533_FELICA_SENSF_NFCID2_DEP_B1 &&
884 tgt_felica->nfcid2[1] ==
885 PN533_FELICA_SENSF_NFCID2_DEP_B2)
886 nfc_tgt->supported_protocols = NFC_PROTO_NFC_DEP_MASK;
887 else
888 nfc_tgt->supported_protocols = NFC_PROTO_FELICA_MASK;
889
890 memcpy(nfc_tgt->sensf_res, &tgt_felica->opcode, 9);
891 nfc_tgt->sensf_res_len = 9;
892
893 return 0;
894 }
895
896 struct pn533_target_jewel {
897 __be16 sens_res;
898 u8 jewelid[4];
899 } __packed;
900
901 static bool pn533_target_jewel_is_valid(struct pn533_target_jewel *jewel,
902 int target_data_len)
903 {
904 u8 ssd;
905 u8 platconf;
906
907 if (target_data_len < sizeof(struct pn533_target_jewel))
908 return false;
909
910 /* Requirement 4.6.3.3 from NFC Forum Digital Spec */
911 ssd = PN533_TYPE_A_SENS_RES_SSD(jewel->sens_res);
912 platconf = PN533_TYPE_A_SENS_RES_PLATCONF(jewel->sens_res);
913
914 if ((ssd == PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
915 platconf != PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL) ||
916 (ssd != PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
917 platconf == PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL))
918 return false;
919
920 return true;
921 }
922
923 static int pn533_target_found_jewel(struct nfc_target *nfc_tgt, u8 *tgt_data,
924 int tgt_data_len)
925 {
926 struct pn533_target_jewel *tgt_jewel;
927
928 tgt_jewel = (struct pn533_target_jewel *) tgt_data;
929
930 if (!pn533_target_jewel_is_valid(tgt_jewel, tgt_data_len))
931 return -EPROTO;
932
933 nfc_tgt->supported_protocols = NFC_PROTO_JEWEL_MASK;
934 nfc_tgt->sens_res = be16_to_cpu(tgt_jewel->sens_res);
935 nfc_tgt->nfcid1_len = 4;
936 memcpy(nfc_tgt->nfcid1, tgt_jewel->jewelid, nfc_tgt->nfcid1_len);
937
938 return 0;
939 }
940
941 struct pn533_type_b_prot_info {
942 u8 bitrate;
943 u8 fsci_type;
944 u8 fwi_adc_fo;
945 } __packed;
946
947 #define PN533_TYPE_B_PROT_FCSI(x) (((x) & 0xF0) >> 4)
948 #define PN533_TYPE_B_PROT_TYPE(x) (((x) & 0x0F) >> 0)
949 #define PN533_TYPE_B_PROT_TYPE_RFU_MASK 0x8
950
951 struct pn533_type_b_sens_res {
952 u8 opcode;
953 u8 nfcid[4];
954 u8 appdata[4];
955 struct pn533_type_b_prot_info prot_info;
956 } __packed;
957
958 #define PN533_TYPE_B_OPC_SENSB_RES 0x50
959
960 struct pn533_target_type_b {
961 struct pn533_type_b_sens_res sensb_res;
962 u8 attrib_res_len;
963 u8 attrib_res[];
964 } __packed;
965
966 static bool pn533_target_type_b_is_valid(struct pn533_target_type_b *type_b,
967 int target_data_len)
968 {
969 if (target_data_len < sizeof(struct pn533_target_type_b))
970 return false;
971
972 if (type_b->sensb_res.opcode != PN533_TYPE_B_OPC_SENSB_RES)
973 return false;
974
975 if (PN533_TYPE_B_PROT_TYPE(type_b->sensb_res.prot_info.fsci_type) &
976 PN533_TYPE_B_PROT_TYPE_RFU_MASK)
977 return false;
978
979 return true;
980 }
981
982 static int pn533_target_found_type_b(struct nfc_target *nfc_tgt, u8 *tgt_data,
983 int tgt_data_len)
984 {
985 struct pn533_target_type_b *tgt_type_b;
986
987 tgt_type_b = (struct pn533_target_type_b *) tgt_data;
988
989 if (!pn533_target_type_b_is_valid(tgt_type_b, tgt_data_len))
990 return -EPROTO;
991
992 nfc_tgt->supported_protocols = NFC_PROTO_ISO14443_B_MASK;
993
994 return 0;
995 }
996
997 struct pn533_poll_response {
998 u8 nbtg;
999 u8 tg;
1000 u8 target_data[];
1001 } __packed;
1002
1003 static int pn533_target_found(struct pn533 *dev,
1004 struct pn533_poll_response *resp, int resp_len)
1005 {
1006 int target_data_len;
1007 struct nfc_target nfc_tgt;
1008 int rc;
1009
1010 nfc_dev_dbg(&dev->interface->dev, "%s - modulation=%d", __func__,
1011 dev->poll_mod_curr);
1012
1013 if (resp->tg != 1)
1014 return -EPROTO;
1015
1016 memset(&nfc_tgt, 0, sizeof(struct nfc_target));
1017
1018 target_data_len = resp_len - sizeof(struct pn533_poll_response);
1019
1020 switch (dev->poll_mod_curr) {
1021 case PN533_POLL_MOD_106KBPS_A:
1022 rc = pn533_target_found_type_a(&nfc_tgt, resp->target_data,
1023 target_data_len);
1024 break;
1025 case PN533_POLL_MOD_212KBPS_FELICA:
1026 case PN533_POLL_MOD_424KBPS_FELICA:
1027 rc = pn533_target_found_felica(&nfc_tgt, resp->target_data,
1028 target_data_len);
1029 break;
1030 case PN533_POLL_MOD_106KBPS_JEWEL:
1031 rc = pn533_target_found_jewel(&nfc_tgt, resp->target_data,
1032 target_data_len);
1033 break;
1034 case PN533_POLL_MOD_847KBPS_B:
1035 rc = pn533_target_found_type_b(&nfc_tgt, resp->target_data,
1036 target_data_len);
1037 break;
1038 default:
1039 nfc_dev_err(&dev->interface->dev, "Unknown current poll"
1040 " modulation");
1041 return -EPROTO;
1042 }
1043
1044 if (rc)
1045 return rc;
1046
1047 if (!(nfc_tgt.supported_protocols & dev->poll_protocols)) {
1048 nfc_dev_dbg(&dev->interface->dev, "The target found does not"
1049 " have the desired protocol");
1050 return -EAGAIN;
1051 }
1052
1053 nfc_dev_dbg(&dev->interface->dev, "Target found - supported protocols: "
1054 "0x%x", nfc_tgt.supported_protocols);
1055
1056 dev->tgt_available_prots = nfc_tgt.supported_protocols;
1057
1058 nfc_targets_found(dev->nfc_dev, &nfc_tgt, 1);
1059
1060 return 0;
1061 }
1062
1063 static inline void pn533_poll_next_mod(struct pn533 *dev)
1064 {
1065 dev->poll_mod_curr = (dev->poll_mod_curr + 1) % dev->poll_mod_count;
1066 }
1067
1068 static void pn533_poll_reset_mod_list(struct pn533 *dev)
1069 {
1070 dev->poll_mod_count = 0;
1071 }
1072
1073 static void pn533_poll_add_mod(struct pn533 *dev, u8 mod_index)
1074 {
1075 dev->poll_mod_active[dev->poll_mod_count] =
1076 (struct pn533_poll_modulations *) &poll_mod[mod_index];
1077 dev->poll_mod_count++;
1078 }
1079
1080 static void pn533_poll_create_mod_list(struct pn533 *dev,
1081 u32 im_protocols, u32 tm_protocols)
1082 {
1083 pn533_poll_reset_mod_list(dev);
1084
1085 if (im_protocols & NFC_PROTO_MIFARE_MASK
1086 || im_protocols & NFC_PROTO_ISO14443_MASK
1087 || im_protocols & NFC_PROTO_NFC_DEP_MASK)
1088 pn533_poll_add_mod(dev, PN533_POLL_MOD_106KBPS_A);
1089
1090 if (im_protocols & NFC_PROTO_FELICA_MASK
1091 || im_protocols & NFC_PROTO_NFC_DEP_MASK) {
1092 pn533_poll_add_mod(dev, PN533_POLL_MOD_212KBPS_FELICA);
1093 pn533_poll_add_mod(dev, PN533_POLL_MOD_424KBPS_FELICA);
1094 }
1095
1096 if (im_protocols & NFC_PROTO_JEWEL_MASK)
1097 pn533_poll_add_mod(dev, PN533_POLL_MOD_106KBPS_JEWEL);
1098
1099 if (im_protocols & NFC_PROTO_ISO14443_B_MASK)
1100 pn533_poll_add_mod(dev, PN533_POLL_MOD_847KBPS_B);
1101
1102 if (tm_protocols)
1103 pn533_poll_add_mod(dev, PN533_LISTEN_MOD);
1104 }
1105
1106 static int pn533_start_poll_complete(struct pn533 *dev, void *arg,
1107 u8 *params, int params_len)
1108 {
1109 struct pn533_poll_response *resp;
1110 int rc;
1111
1112 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1113
1114 resp = (struct pn533_poll_response *) params;
1115 if (resp->nbtg) {
1116 rc = pn533_target_found(dev, resp, params_len);
1117
1118 /* We must stop the poll after a valid target found */
1119 if (rc == 0) {
1120 pn533_poll_reset_mod_list(dev);
1121 return 0;
1122 }
1123 }
1124
1125 return -EAGAIN;
1126 }
1127
1128 static int pn533_init_target_frame(struct pn533_frame *frame,
1129 u8 *gb, size_t gb_len)
1130 {
1131 struct pn533_cmd_init_target *cmd;
1132 size_t cmd_len;
1133 u8 felica_params[18] = {0x1, 0xfe, /* DEP */
1134 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, /* random */
1135 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
1136 0xff, 0xff}; /* System code */
1137 u8 mifare_params[6] = {0x1, 0x1, /* SENS_RES */
1138 0x0, 0x0, 0x0,
1139 0x40}; /* SEL_RES for DEP */
1140
1141 cmd_len = sizeof(struct pn533_cmd_init_target) + gb_len + 1;
1142 cmd = kzalloc(cmd_len, GFP_KERNEL);
1143 if (cmd == NULL)
1144 return -ENOMEM;
1145
1146 pn533_tx_frame_init(frame, PN533_CMD_TG_INIT_AS_TARGET);
1147
1148 /* DEP support only */
1149 cmd->mode |= PN533_INIT_TARGET_DEP;
1150
1151 /* Felica params */
1152 memcpy(cmd->felica, felica_params, 18);
1153 get_random_bytes(cmd->felica + 2, 6);
1154
1155 /* NFCID3 */
1156 memset(cmd->nfcid3, 0, 10);
1157 memcpy(cmd->nfcid3, cmd->felica, 8);
1158
1159 /* MIFARE params */
1160 memcpy(cmd->mifare, mifare_params, 6);
1161
1162 /* General bytes */
1163 cmd->gb_len = gb_len;
1164 memcpy(cmd->gb, gb, gb_len);
1165
1166 /* Len Tk */
1167 cmd->gb[gb_len] = 0;
1168
1169 memcpy(PN533_FRAME_CMD_PARAMS_PTR(frame), cmd, cmd_len);
1170
1171 frame->datalen += cmd_len;
1172
1173 pn533_tx_frame_finish(frame);
1174
1175 kfree(cmd);
1176
1177 return 0;
1178 }
1179
1180 #define PN533_CMD_DATAEXCH_HEAD_LEN (sizeof(struct pn533_frame) + 3)
1181 #define PN533_CMD_DATAEXCH_DATA_MAXLEN 262
1182 static int pn533_tm_get_data_complete(struct pn533 *dev, void *arg,
1183 u8 *params, int params_len)
1184 {
1185 struct sk_buff *skb_resp = arg;
1186 struct pn533_frame *in_frame = (struct pn533_frame *) skb_resp->data;
1187
1188 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1189
1190 if (params_len < 0) {
1191 nfc_dev_err(&dev->interface->dev,
1192 "Error %d when starting as a target",
1193 params_len);
1194
1195 return params_len;
1196 }
1197
1198 if (params_len > 0 && params[0] != 0) {
1199 nfc_tm_deactivated(dev->nfc_dev);
1200
1201 dev->tgt_mode = 0;
1202
1203 kfree_skb(skb_resp);
1204 return 0;
1205 }
1206
1207 skb_put(skb_resp, PN533_FRAME_SIZE(in_frame));
1208 skb_pull(skb_resp, PN533_CMD_DATAEXCH_HEAD_LEN);
1209 skb_trim(skb_resp, skb_resp->len - PN533_FRAME_TAIL_SIZE);
1210
1211 return nfc_tm_data_received(dev->nfc_dev, skb_resp);
1212 }
1213
1214 static void pn533_wq_tg_get_data(struct work_struct *work)
1215 {
1216 struct pn533 *dev = container_of(work, struct pn533, tg_work);
1217 struct pn533_frame *in_frame;
1218 struct sk_buff *skb_resp;
1219 size_t skb_resp_len;
1220
1221 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1222
1223 skb_resp_len = PN533_CMD_DATAEXCH_HEAD_LEN +
1224 PN533_CMD_DATAEXCH_DATA_MAXLEN +
1225 PN533_FRAME_TAIL_SIZE;
1226
1227 skb_resp = nfc_alloc_recv_skb(skb_resp_len, GFP_KERNEL);
1228 if (!skb_resp)
1229 return;
1230
1231 in_frame = (struct pn533_frame *)skb_resp->data;
1232
1233 pn533_tx_frame_init(dev->out_frame, PN533_CMD_TG_GET_DATA);
1234 pn533_tx_frame_finish(dev->out_frame);
1235
1236 pn533_send_cmd_frame_async(dev, dev->out_frame, in_frame,
1237 skb_resp_len,
1238 pn533_tm_get_data_complete,
1239 skb_resp, GFP_KERNEL);
1240
1241 return;
1242 }
1243
1244 #define ATR_REQ_GB_OFFSET 17
1245 static int pn533_init_target_complete(struct pn533 *dev, void *arg,
1246 u8 *params, int params_len)
1247 {
1248 struct pn533_cmd_init_target_response *resp;
1249 u8 frame, comm_mode = NFC_COMM_PASSIVE, *gb;
1250 size_t gb_len;
1251 int rc;
1252
1253 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1254
1255 if (params_len < 0) {
1256 nfc_dev_err(&dev->interface->dev,
1257 "Error %d when starting as a target",
1258 params_len);
1259
1260 return params_len;
1261 }
1262
1263 if (params_len < ATR_REQ_GB_OFFSET + 1)
1264 return -EINVAL;
1265
1266 resp = (struct pn533_cmd_init_target_response *) params;
1267
1268 nfc_dev_dbg(&dev->interface->dev, "Target mode 0x%x param len %d\n",
1269 resp->mode, params_len);
1270
1271 frame = resp->mode & PN533_INIT_TARGET_RESP_FRAME_MASK;
1272 if (frame == PN533_INIT_TARGET_RESP_ACTIVE)
1273 comm_mode = NFC_COMM_ACTIVE;
1274
1275 /* Again, only DEP */
1276 if ((resp->mode & PN533_INIT_TARGET_RESP_DEP) == 0)
1277 return -EOPNOTSUPP;
1278
1279 gb = resp->cmd + ATR_REQ_GB_OFFSET;
1280 gb_len = params_len - (ATR_REQ_GB_OFFSET + 1);
1281
1282 rc = nfc_tm_activated(dev->nfc_dev, NFC_PROTO_NFC_DEP_MASK,
1283 comm_mode, gb, gb_len);
1284 if (rc < 0) {
1285 nfc_dev_err(&dev->interface->dev,
1286 "Error when signaling target activation");
1287 return rc;
1288 }
1289
1290 dev->tgt_mode = 1;
1291
1292 queue_work(dev->wq, &dev->tg_work);
1293
1294 return 0;
1295 }
1296
1297 static void pn533_listen_mode_timer(unsigned long data)
1298 {
1299 struct pn533 *dev = (struct pn533 *) data;
1300
1301 nfc_dev_dbg(&dev->interface->dev, "Listen mode timeout");
1302
1303 /* An ack will cancel the last issued command (poll) */
1304 pn533_send_ack(dev, GFP_ATOMIC);
1305
1306 dev->cancel_listen = 1;
1307
1308 mutex_unlock(&dev->cmd_lock);
1309
1310 pn533_poll_next_mod(dev);
1311
1312 queue_work(dev->wq, &dev->poll_work);
1313 }
1314
1315 static int pn533_poll_complete(struct pn533 *dev, void *arg,
1316 u8 *params, int params_len)
1317 {
1318 struct pn533_poll_modulations *cur_mod;
1319 int rc;
1320
1321 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1322
1323 if (params_len == -ENOENT) {
1324 if (dev->poll_mod_count != 0)
1325 return 0;
1326
1327 nfc_dev_err(&dev->interface->dev,
1328 "Polling operation has been stopped");
1329
1330 goto stop_poll;
1331 }
1332
1333 if (params_len < 0) {
1334 nfc_dev_err(&dev->interface->dev,
1335 "Error %d when running poll", params_len);
1336
1337 goto stop_poll;
1338 }
1339
1340 cur_mod = dev->poll_mod_active[dev->poll_mod_curr];
1341
1342 if (cur_mod->len == 0) {
1343 del_timer(&dev->listen_timer);
1344
1345 return pn533_init_target_complete(dev, arg, params, params_len);
1346 } else {
1347 rc = pn533_start_poll_complete(dev, arg, params, params_len);
1348 if (!rc)
1349 return rc;
1350 }
1351
1352 pn533_poll_next_mod(dev);
1353
1354 queue_work(dev->wq, &dev->poll_work);
1355
1356 return 0;
1357
1358 stop_poll:
1359 pn533_poll_reset_mod_list(dev);
1360 dev->poll_protocols = 0;
1361 return 0;
1362 }
1363
1364 static void pn533_build_poll_frame(struct pn533 *dev,
1365 struct pn533_frame *frame,
1366 struct pn533_poll_modulations *mod)
1367 {
1368 nfc_dev_dbg(&dev->interface->dev, "mod len %d\n", mod->len);
1369
1370 if (mod->len == 0) {
1371 /* Listen mode */
1372 pn533_init_target_frame(frame, dev->gb, dev->gb_len);
1373 } else {
1374 /* Polling mode */
1375 pn533_tx_frame_init(frame, PN533_CMD_IN_LIST_PASSIVE_TARGET);
1376
1377 memcpy(PN533_FRAME_CMD_PARAMS_PTR(frame), &mod->data, mod->len);
1378 frame->datalen += mod->len;
1379
1380 pn533_tx_frame_finish(frame);
1381 }
1382 }
1383
1384 static int pn533_send_poll_frame(struct pn533 *dev)
1385 {
1386 struct pn533_poll_modulations *cur_mod;
1387 int rc;
1388
1389 cur_mod = dev->poll_mod_active[dev->poll_mod_curr];
1390
1391 pn533_build_poll_frame(dev, dev->out_frame, cur_mod);
1392
1393 rc = pn533_send_cmd_frame_async(dev, dev->out_frame, dev->in_frame,
1394 dev->in_maxlen, pn533_poll_complete,
1395 NULL, GFP_KERNEL);
1396 if (rc)
1397 nfc_dev_err(&dev->interface->dev, "Polling loop error %d", rc);
1398
1399 return rc;
1400 }
1401
1402 static void pn533_wq_poll(struct work_struct *work)
1403 {
1404 struct pn533 *dev = container_of(work, struct pn533, poll_work);
1405 struct pn533_poll_modulations *cur_mod;
1406 int rc;
1407
1408 cur_mod = dev->poll_mod_active[dev->poll_mod_curr];
1409
1410 nfc_dev_dbg(&dev->interface->dev,
1411 "%s cancel_listen %d modulation len %d",
1412 __func__, dev->cancel_listen, cur_mod->len);
1413
1414 if (dev->cancel_listen == 1) {
1415 dev->cancel_listen = 0;
1416 usb_kill_urb(dev->in_urb);
1417 }
1418
1419 rc = pn533_send_poll_frame(dev);
1420 if (rc)
1421 return;
1422
1423 if (cur_mod->len == 0 && dev->poll_mod_count > 1)
1424 mod_timer(&dev->listen_timer, jiffies + PN533_LISTEN_TIME * HZ);
1425
1426 return;
1427 }
1428
1429 static int pn533_start_poll(struct nfc_dev *nfc_dev,
1430 u32 im_protocols, u32 tm_protocols)
1431 {
1432 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1433
1434 nfc_dev_dbg(&dev->interface->dev,
1435 "%s: im protocols 0x%x tm protocols 0x%x",
1436 __func__, im_protocols, tm_protocols);
1437
1438 if (dev->tgt_active_prot) {
1439 nfc_dev_err(&dev->interface->dev,
1440 "Cannot poll with a target already activated");
1441 return -EBUSY;
1442 }
1443
1444 if (dev->tgt_mode) {
1445 nfc_dev_err(&dev->interface->dev,
1446 "Cannot poll while already being activated");
1447 return -EBUSY;
1448 }
1449
1450 if (tm_protocols) {
1451 dev->gb = nfc_get_local_general_bytes(nfc_dev, &dev->gb_len);
1452 if (dev->gb == NULL)
1453 tm_protocols = 0;
1454 }
1455
1456 dev->poll_mod_curr = 0;
1457 pn533_poll_create_mod_list(dev, im_protocols, tm_protocols);
1458 dev->poll_protocols = im_protocols;
1459 dev->listen_protocols = tm_protocols;
1460
1461 return pn533_send_poll_frame(dev);
1462 }
1463
1464 static void pn533_stop_poll(struct nfc_dev *nfc_dev)
1465 {
1466 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1467
1468 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1469
1470 del_timer(&dev->listen_timer);
1471
1472 if (!dev->poll_mod_count) {
1473 nfc_dev_dbg(&dev->interface->dev, "Polling operation was not"
1474 " running");
1475 return;
1476 }
1477
1478 /* An ack will cancel the last issued command (poll) */
1479 pn533_send_ack(dev, GFP_KERNEL);
1480
1481 /* prevent pn533_start_poll_complete to issue a new poll meanwhile */
1482 usb_kill_urb(dev->in_urb);
1483
1484 pn533_poll_reset_mod_list(dev);
1485 }
1486
1487 static int pn533_activate_target_nfcdep(struct pn533 *dev)
1488 {
1489 struct pn533_cmd_activate_param param;
1490 struct pn533_cmd_activate_response *resp;
1491 u16 gt_len;
1492 int rc;
1493
1494 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1495
1496 pn533_tx_frame_init(dev->out_frame, PN533_CMD_IN_ATR);
1497
1498 param.tg = 1;
1499 param.next = 0;
1500 memcpy(PN533_FRAME_CMD_PARAMS_PTR(dev->out_frame), &param,
1501 sizeof(struct pn533_cmd_activate_param));
1502 dev->out_frame->datalen += sizeof(struct pn533_cmd_activate_param);
1503
1504 pn533_tx_frame_finish(dev->out_frame);
1505
1506 rc = pn533_send_cmd_frame_sync(dev, dev->out_frame, dev->in_frame,
1507 dev->in_maxlen);
1508 if (rc)
1509 return rc;
1510
1511 resp = (struct pn533_cmd_activate_response *)
1512 PN533_FRAME_CMD_PARAMS_PTR(dev->in_frame);
1513 rc = resp->status & PN533_CMD_RET_MASK;
1514 if (rc != PN533_CMD_RET_SUCCESS)
1515 return -EIO;
1516
1517 /* ATR_RES general bytes are located at offset 16 */
1518 gt_len = PN533_FRAME_CMD_PARAMS_LEN(dev->in_frame) - 16;
1519 rc = nfc_set_remote_general_bytes(dev->nfc_dev, resp->gt, gt_len);
1520
1521 return rc;
1522 }
1523
1524 static int pn533_activate_target(struct nfc_dev *nfc_dev,
1525 struct nfc_target *target, u32 protocol)
1526 {
1527 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1528 int rc;
1529
1530 nfc_dev_dbg(&dev->interface->dev, "%s - protocol=%u", __func__,
1531 protocol);
1532
1533 if (dev->poll_mod_count) {
1534 nfc_dev_err(&dev->interface->dev, "Cannot activate while"
1535 " polling");
1536 return -EBUSY;
1537 }
1538
1539 if (dev->tgt_active_prot) {
1540 nfc_dev_err(&dev->interface->dev, "There is already an active"
1541 " target");
1542 return -EBUSY;
1543 }
1544
1545 if (!dev->tgt_available_prots) {
1546 nfc_dev_err(&dev->interface->dev, "There is no available target"
1547 " to activate");
1548 return -EINVAL;
1549 }
1550
1551 if (!(dev->tgt_available_prots & (1 << protocol))) {
1552 nfc_dev_err(&dev->interface->dev, "The target does not support"
1553 " the requested protocol %u", protocol);
1554 return -EINVAL;
1555 }
1556
1557 if (protocol == NFC_PROTO_NFC_DEP) {
1558 rc = pn533_activate_target_nfcdep(dev);
1559 if (rc) {
1560 nfc_dev_err(&dev->interface->dev, "Error %d when"
1561 " activating target with"
1562 " NFC_DEP protocol", rc);
1563 return rc;
1564 }
1565 }
1566
1567 dev->tgt_active_prot = protocol;
1568 dev->tgt_available_prots = 0;
1569
1570 return 0;
1571 }
1572
1573 static void pn533_deactivate_target(struct nfc_dev *nfc_dev,
1574 struct nfc_target *target)
1575 {
1576 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1577 u8 tg;
1578 u8 status;
1579 int rc;
1580
1581 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1582
1583 if (!dev->tgt_active_prot) {
1584 nfc_dev_err(&dev->interface->dev, "There is no active target");
1585 return;
1586 }
1587
1588 dev->tgt_active_prot = 0;
1589
1590 skb_queue_purge(&dev->resp_q);
1591
1592 pn533_tx_frame_init(dev->out_frame, PN533_CMD_IN_RELEASE);
1593
1594 tg = 1;
1595 memcpy(PN533_FRAME_CMD_PARAMS_PTR(dev->out_frame), &tg, sizeof(u8));
1596 dev->out_frame->datalen += sizeof(u8);
1597
1598 pn533_tx_frame_finish(dev->out_frame);
1599
1600 rc = pn533_send_cmd_frame_sync(dev, dev->out_frame, dev->in_frame,
1601 dev->in_maxlen);
1602 if (rc) {
1603 nfc_dev_err(&dev->interface->dev, "Error when sending release"
1604 " command to the controller");
1605 return;
1606 }
1607
1608 status = PN533_FRAME_CMD_PARAMS_PTR(dev->in_frame)[0];
1609 rc = status & PN533_CMD_RET_MASK;
1610 if (rc != PN533_CMD_RET_SUCCESS)
1611 nfc_dev_err(&dev->interface->dev, "Error 0x%x when releasing"
1612 " the target", rc);
1613
1614 return;
1615 }
1616
1617
1618 static int pn533_in_dep_link_up_complete(struct pn533 *dev, void *arg,
1619 u8 *params, int params_len)
1620 {
1621 struct pn533_cmd_jump_dep *cmd;
1622 struct pn533_cmd_jump_dep_response *resp;
1623 struct nfc_target nfc_target;
1624 u8 target_gt_len;
1625 int rc;
1626
1627 if (params_len == -ENOENT) {
1628 nfc_dev_dbg(&dev->interface->dev, "");
1629 return 0;
1630 }
1631
1632 if (params_len < 0) {
1633 nfc_dev_err(&dev->interface->dev,
1634 "Error %d when bringing DEP link up",
1635 params_len);
1636 return 0;
1637 }
1638
1639 if (dev->tgt_available_prots &&
1640 !(dev->tgt_available_prots & (1 << NFC_PROTO_NFC_DEP))) {
1641 nfc_dev_err(&dev->interface->dev,
1642 "The target does not support DEP");
1643 return -EINVAL;
1644 }
1645
1646 resp = (struct pn533_cmd_jump_dep_response *) params;
1647 cmd = (struct pn533_cmd_jump_dep *) arg;
1648 rc = resp->status & PN533_CMD_RET_MASK;
1649 if (rc != PN533_CMD_RET_SUCCESS) {
1650 nfc_dev_err(&dev->interface->dev,
1651 "Bringing DEP link up failed %d", rc);
1652 return 0;
1653 }
1654
1655 if (!dev->tgt_available_prots) {
1656 nfc_dev_dbg(&dev->interface->dev, "Creating new target");
1657
1658 nfc_target.supported_protocols = NFC_PROTO_NFC_DEP_MASK;
1659 nfc_target.nfcid1_len = 10;
1660 memcpy(nfc_target.nfcid1, resp->nfcid3t, nfc_target.nfcid1_len);
1661 rc = nfc_targets_found(dev->nfc_dev, &nfc_target, 1);
1662 if (rc)
1663 return 0;
1664
1665 dev->tgt_available_prots = 0;
1666 }
1667
1668 dev->tgt_active_prot = NFC_PROTO_NFC_DEP;
1669
1670 /* ATR_RES general bytes are located at offset 17 */
1671 target_gt_len = PN533_FRAME_CMD_PARAMS_LEN(dev->in_frame) - 17;
1672 rc = nfc_set_remote_general_bytes(dev->nfc_dev,
1673 resp->gt, target_gt_len);
1674 if (rc == 0)
1675 rc = nfc_dep_link_is_up(dev->nfc_dev,
1676 dev->nfc_dev->targets[0].idx,
1677 !cmd->active, NFC_RF_INITIATOR);
1678
1679 return 0;
1680 }
1681
1682 static int pn533_mod_to_baud(struct pn533 *dev)
1683 {
1684 switch (dev->poll_mod_curr) {
1685 case PN533_POLL_MOD_106KBPS_A:
1686 return 0;
1687 case PN533_POLL_MOD_212KBPS_FELICA:
1688 return 1;
1689 case PN533_POLL_MOD_424KBPS_FELICA:
1690 return 2;
1691 default:
1692 return -EINVAL;
1693 }
1694 }
1695
1696 #define PASSIVE_DATA_LEN 5
1697 static int pn533_dep_link_up(struct nfc_dev *nfc_dev, struct nfc_target *target,
1698 u8 comm_mode, u8* gb, size_t gb_len)
1699 {
1700 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1701 struct pn533_cmd_jump_dep *cmd;
1702 u8 cmd_len, *data_ptr;
1703 u8 passive_data[PASSIVE_DATA_LEN] = {0x00, 0xff, 0xff, 0x00, 0x3};
1704 int rc, baud;
1705
1706 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1707
1708 if (dev->poll_mod_count) {
1709 nfc_dev_err(&dev->interface->dev,
1710 "Cannot bring the DEP link up while polling");
1711 return -EBUSY;
1712 }
1713
1714 if (dev->tgt_active_prot) {
1715 nfc_dev_err(&dev->interface->dev,
1716 "There is already an active target");
1717 return -EBUSY;
1718 }
1719
1720 baud = pn533_mod_to_baud(dev);
1721 if (baud < 0) {
1722 nfc_dev_err(&dev->interface->dev,
1723 "Invalid curr modulation %d", dev->poll_mod_curr);
1724 return baud;
1725 }
1726
1727 cmd_len = sizeof(struct pn533_cmd_jump_dep) + gb_len;
1728 if (comm_mode == NFC_COMM_PASSIVE)
1729 cmd_len += PASSIVE_DATA_LEN;
1730
1731 cmd = kzalloc(cmd_len, GFP_KERNEL);
1732 if (cmd == NULL)
1733 return -ENOMEM;
1734
1735 pn533_tx_frame_init(dev->out_frame, PN533_CMD_IN_JUMP_FOR_DEP);
1736
1737 cmd->active = !comm_mode;
1738 cmd->next = 0;
1739 cmd->baud = baud;
1740 data_ptr = cmd->data;
1741 if (comm_mode == NFC_COMM_PASSIVE && cmd->baud > 0) {
1742 memcpy(data_ptr, passive_data, PASSIVE_DATA_LEN);
1743 cmd->next |= 1;
1744 data_ptr += PASSIVE_DATA_LEN;
1745 }
1746
1747 if (gb != NULL && gb_len > 0) {
1748 cmd->next |= 4; /* We have some Gi */
1749 memcpy(data_ptr, gb, gb_len);
1750 } else {
1751 cmd->next = 0;
1752 }
1753
1754 memcpy(PN533_FRAME_CMD_PARAMS_PTR(dev->out_frame), cmd, cmd_len);
1755 dev->out_frame->datalen += cmd_len;
1756
1757 pn533_tx_frame_finish(dev->out_frame);
1758
1759 rc = pn533_send_cmd_frame_async(dev, dev->out_frame, dev->in_frame,
1760 dev->in_maxlen, pn533_in_dep_link_up_complete,
1761 cmd, GFP_KERNEL);
1762 if (rc)
1763 goto out;
1764
1765
1766 out:
1767 kfree(cmd);
1768
1769 return rc;
1770 }
1771
1772 static int pn533_dep_link_down(struct nfc_dev *nfc_dev)
1773 {
1774 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1775
1776 pn533_poll_reset_mod_list(dev);
1777
1778 if (dev->tgt_mode || dev->tgt_active_prot) {
1779 pn533_send_ack(dev, GFP_KERNEL);
1780 usb_kill_urb(dev->in_urb);
1781 }
1782
1783 dev->tgt_active_prot = 0;
1784 dev->tgt_mode = 0;
1785
1786 skb_queue_purge(&dev->resp_q);
1787
1788 return 0;
1789 }
1790
1791 static int pn533_build_tx_frame(struct pn533 *dev, struct sk_buff *skb,
1792 bool target)
1793 {
1794 int payload_len = skb->len;
1795 struct pn533_frame *out_frame;
1796 u8 tg;
1797
1798 nfc_dev_dbg(&dev->interface->dev, "%s - Sending %d bytes", __func__,
1799 payload_len);
1800
1801 if (payload_len > PN533_CMD_DATAEXCH_DATA_MAXLEN) {
1802 /* TODO: Implement support to multi-part data exchange */
1803 nfc_dev_err(&dev->interface->dev, "Data length greater than the"
1804 " max allowed: %d",
1805 PN533_CMD_DATAEXCH_DATA_MAXLEN);
1806 return -ENOSYS;
1807 }
1808
1809 if (target == true) {
1810 switch (dev->device_type) {
1811 case PN533_DEVICE_PASORI:
1812 if (dev->tgt_active_prot == NFC_PROTO_FELICA) {
1813 skb_push(skb, PN533_CMD_DATAEXCH_HEAD_LEN - 1);
1814 out_frame = (struct pn533_frame *) skb->data;
1815 pn533_tx_frame_init(out_frame,
1816 PN533_CMD_IN_COMM_THRU);
1817
1818 break;
1819 }
1820
1821 default:
1822 skb_push(skb, PN533_CMD_DATAEXCH_HEAD_LEN);
1823 out_frame = (struct pn533_frame *) skb->data;
1824 pn533_tx_frame_init(out_frame,
1825 PN533_CMD_IN_DATA_EXCHANGE);
1826 tg = 1;
1827 memcpy(PN533_FRAME_CMD_PARAMS_PTR(out_frame),
1828 &tg, sizeof(u8));
1829 out_frame->datalen += sizeof(u8);
1830
1831 break;
1832 }
1833
1834 } else {
1835 skb_push(skb, PN533_CMD_DATAEXCH_HEAD_LEN - 1);
1836 out_frame = (struct pn533_frame *) skb->data;
1837 pn533_tx_frame_init(out_frame, PN533_CMD_TG_SET_DATA);
1838 }
1839
1840
1841 /* The data is already in the out_frame, just update the datalen */
1842 out_frame->datalen += payload_len;
1843
1844 pn533_tx_frame_finish(out_frame);
1845 skb_put(skb, PN533_FRAME_TAIL_SIZE);
1846
1847 return 0;
1848 }
1849
1850 struct pn533_data_exchange_arg {
1851 struct sk_buff *skb_resp;
1852 struct sk_buff *skb_out;
1853 data_exchange_cb_t cb;
1854 void *cb_context;
1855 };
1856
1857 static struct sk_buff *pn533_build_response(struct pn533 *dev)
1858 {
1859 struct sk_buff *skb, *tmp, *t;
1860 unsigned int skb_len = 0, tmp_len = 0;
1861
1862 nfc_dev_dbg(&dev->interface->dev, "%s\n", __func__);
1863
1864 if (skb_queue_empty(&dev->resp_q))
1865 return NULL;
1866
1867 if (skb_queue_len(&dev->resp_q) == 1) {
1868 skb = skb_dequeue(&dev->resp_q);
1869 goto out;
1870 }
1871
1872 skb_queue_walk_safe(&dev->resp_q, tmp, t)
1873 skb_len += tmp->len;
1874
1875 nfc_dev_dbg(&dev->interface->dev, "%s total length %d\n",
1876 __func__, skb_len);
1877
1878 skb = alloc_skb(skb_len, GFP_KERNEL);
1879 if (skb == NULL)
1880 goto out;
1881
1882 skb_put(skb, skb_len);
1883
1884 skb_queue_walk_safe(&dev->resp_q, tmp, t) {
1885 memcpy(skb->data + tmp_len, tmp->data, tmp->len);
1886 tmp_len += tmp->len;
1887 }
1888
1889 out:
1890 skb_queue_purge(&dev->resp_q);
1891
1892 return skb;
1893 }
1894
1895 static int pn533_data_exchange_complete(struct pn533 *dev, void *_arg,
1896 u8 *params, int params_len)
1897 {
1898 struct pn533_data_exchange_arg *arg = _arg;
1899 struct sk_buff *skb = NULL, *skb_resp = arg->skb_resp;
1900 struct pn533_frame *in_frame = (struct pn533_frame *) skb_resp->data;
1901 int err = 0;
1902 u8 status;
1903 u8 cmd_ret;
1904
1905 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1906
1907 dev_kfree_skb(arg->skb_out);
1908
1909 if (params_len < 0) { /* error */
1910 err = params_len;
1911 goto error;
1912 }
1913
1914 status = params[0];
1915
1916 cmd_ret = status & PN533_CMD_RET_MASK;
1917 if (cmd_ret != PN533_CMD_RET_SUCCESS) {
1918 nfc_dev_err(&dev->interface->dev, "PN533 reported error %d when"
1919 " exchanging data", cmd_ret);
1920 err = -EIO;
1921 goto error;
1922 }
1923
1924 skb_put(skb_resp, PN533_FRAME_SIZE(in_frame));
1925 skb_pull(skb_resp, PN533_CMD_DATAEXCH_HEAD_LEN);
1926 skb_trim(skb_resp, skb_resp->len - PN533_FRAME_TAIL_SIZE);
1927 skb_queue_tail(&dev->resp_q, skb_resp);
1928
1929 if (status & PN533_CMD_MI_MASK) {
1930 queue_work(dev->wq, &dev->mi_work);
1931 return -EINPROGRESS;
1932 }
1933
1934 skb = pn533_build_response(dev);
1935 if (skb == NULL)
1936 goto error;
1937
1938 arg->cb(arg->cb_context, skb, 0);
1939 kfree(arg);
1940 return 0;
1941
1942 error:
1943 skb_queue_purge(&dev->resp_q);
1944 dev_kfree_skb(skb_resp);
1945 arg->cb(arg->cb_context, NULL, err);
1946 kfree(arg);
1947 return 0;
1948 }
1949
1950 static int pn533_transceive(struct nfc_dev *nfc_dev,
1951 struct nfc_target *target, struct sk_buff *skb,
1952 data_exchange_cb_t cb, void *cb_context)
1953 {
1954 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1955 struct pn533_frame *out_frame, *in_frame;
1956 struct pn533_data_exchange_arg *arg;
1957 struct sk_buff *skb_resp;
1958 int skb_resp_len;
1959 int rc;
1960
1961 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1962
1963 if (!dev->tgt_active_prot) {
1964 nfc_dev_err(&dev->interface->dev, "Cannot exchange data if"
1965 " there is no active target");
1966 rc = -EINVAL;
1967 goto error;
1968 }
1969
1970 rc = pn533_build_tx_frame(dev, skb, true);
1971 if (rc)
1972 goto error;
1973
1974 skb_resp_len = PN533_CMD_DATAEXCH_HEAD_LEN +
1975 PN533_CMD_DATAEXCH_DATA_MAXLEN +
1976 PN533_FRAME_TAIL_SIZE;
1977
1978 skb_resp = nfc_alloc_recv_skb(skb_resp_len, GFP_KERNEL);
1979 if (!skb_resp) {
1980 rc = -ENOMEM;
1981 goto error;
1982 }
1983
1984 in_frame = (struct pn533_frame *) skb_resp->data;
1985 out_frame = (struct pn533_frame *) skb->data;
1986
1987 arg = kmalloc(sizeof(struct pn533_data_exchange_arg), GFP_KERNEL);
1988 if (!arg) {
1989 rc = -ENOMEM;
1990 goto free_skb_resp;
1991 }
1992
1993 arg->skb_resp = skb_resp;
1994 arg->skb_out = skb;
1995 arg->cb = cb;
1996 arg->cb_context = cb_context;
1997
1998 rc = pn533_send_cmd_frame_async(dev, out_frame, in_frame, skb_resp_len,
1999 pn533_data_exchange_complete, arg,
2000 GFP_KERNEL);
2001 if (rc) {
2002 nfc_dev_err(&dev->interface->dev, "Error %d when trying to"
2003 " perform data_exchange", rc);
2004 goto free_arg;
2005 }
2006
2007 return 0;
2008
2009 free_arg:
2010 kfree(arg);
2011 free_skb_resp:
2012 kfree_skb(skb_resp);
2013 error:
2014 kfree_skb(skb);
2015 return rc;
2016 }
2017
2018 static int pn533_tm_send_complete(struct pn533 *dev, void *arg,
2019 u8 *params, int params_len)
2020 {
2021 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2022
2023 if (params_len < 0) {
2024 nfc_dev_err(&dev->interface->dev,
2025 "Error %d when sending data",
2026 params_len);
2027
2028 return params_len;
2029 }
2030
2031 if (params_len > 0 && params[0] != 0) {
2032 nfc_tm_deactivated(dev->nfc_dev);
2033
2034 dev->tgt_mode = 0;
2035
2036 return 0;
2037 }
2038
2039 queue_work(dev->wq, &dev->tg_work);
2040
2041 return 0;
2042 }
2043
2044 static int pn533_tm_send(struct nfc_dev *nfc_dev, struct sk_buff *skb)
2045 {
2046 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
2047 struct pn533_frame *out_frame;
2048 int rc;
2049
2050 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2051
2052 rc = pn533_build_tx_frame(dev, skb, false);
2053 if (rc)
2054 goto error;
2055
2056 out_frame = (struct pn533_frame *) skb->data;
2057
2058 rc = pn533_send_cmd_frame_async(dev, out_frame, dev->in_frame,
2059 dev->in_maxlen, pn533_tm_send_complete,
2060 NULL, GFP_KERNEL);
2061 if (rc) {
2062 nfc_dev_err(&dev->interface->dev,
2063 "Error %d when trying to send data", rc);
2064 goto error;
2065 }
2066
2067 return 0;
2068
2069 error:
2070 kfree_skb(skb);
2071
2072 return rc;
2073 }
2074
2075 static void pn533_wq_mi_recv(struct work_struct *work)
2076 {
2077 struct pn533 *dev = container_of(work, struct pn533, mi_work);
2078 struct sk_buff *skb_cmd;
2079 struct pn533_data_exchange_arg *arg = dev->cmd_complete_arg;
2080 struct pn533_frame *out_frame, *in_frame;
2081 struct sk_buff *skb_resp;
2082 int skb_resp_len;
2083 int rc;
2084
2085 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2086
2087 /* This is a zero payload size skb */
2088 skb_cmd = alloc_skb(PN533_CMD_DATAEXCH_HEAD_LEN + PN533_FRAME_TAIL_SIZE,
2089 GFP_KERNEL);
2090 if (skb_cmd == NULL)
2091 goto error_cmd;
2092
2093 skb_reserve(skb_cmd, PN533_CMD_DATAEXCH_HEAD_LEN);
2094
2095 rc = pn533_build_tx_frame(dev, skb_cmd, true);
2096 if (rc)
2097 goto error_frame;
2098
2099 skb_resp_len = PN533_CMD_DATAEXCH_HEAD_LEN +
2100 PN533_CMD_DATAEXCH_DATA_MAXLEN +
2101 PN533_FRAME_TAIL_SIZE;
2102 skb_resp = alloc_skb(skb_resp_len, GFP_KERNEL);
2103 if (!skb_resp) {
2104 rc = -ENOMEM;
2105 goto error_frame;
2106 }
2107
2108 in_frame = (struct pn533_frame *) skb_resp->data;
2109 out_frame = (struct pn533_frame *) skb_cmd->data;
2110
2111 arg->skb_resp = skb_resp;
2112 arg->skb_out = skb_cmd;
2113
2114 rc = __pn533_send_cmd_frame_async(dev, out_frame, in_frame,
2115 skb_resp_len,
2116 pn533_data_exchange_complete,
2117 dev->cmd_complete_arg, GFP_KERNEL);
2118 if (!rc)
2119 return;
2120
2121 nfc_dev_err(&dev->interface->dev, "Error %d when trying to"
2122 " perform data_exchange", rc);
2123
2124 kfree_skb(skb_resp);
2125
2126 error_frame:
2127 kfree_skb(skb_cmd);
2128
2129 error_cmd:
2130 pn533_send_ack(dev, GFP_KERNEL);
2131
2132 kfree(arg);
2133
2134 mutex_unlock(&dev->cmd_lock);
2135 }
2136
2137 static int pn533_set_configuration(struct pn533 *dev, u8 cfgitem, u8 *cfgdata,
2138 u8 cfgdata_len)
2139 {
2140 int rc;
2141 u8 *params;
2142
2143 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2144
2145 pn533_tx_frame_init(dev->out_frame, PN533_CMD_RF_CONFIGURATION);
2146
2147 params = PN533_FRAME_CMD_PARAMS_PTR(dev->out_frame);
2148 params[0] = cfgitem;
2149 memcpy(&params[1], cfgdata, cfgdata_len);
2150 dev->out_frame->datalen += (1 + cfgdata_len);
2151
2152 pn533_tx_frame_finish(dev->out_frame);
2153
2154 rc = pn533_send_cmd_frame_sync(dev, dev->out_frame, dev->in_frame,
2155 dev->in_maxlen);
2156
2157 return rc;
2158 }
2159
2160 static int pn533_fw_reset(struct pn533 *dev)
2161 {
2162 int rc;
2163 u8 *params;
2164
2165 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2166
2167 pn533_tx_frame_init(dev->out_frame, 0x18);
2168
2169 params = PN533_FRAME_CMD_PARAMS_PTR(dev->out_frame);
2170 params[0] = 0x1;
2171 dev->out_frame->datalen += 1;
2172
2173 pn533_tx_frame_finish(dev->out_frame);
2174
2175 rc = pn533_send_cmd_frame_sync(dev, dev->out_frame, dev->in_frame,
2176 dev->in_maxlen);
2177
2178 return rc;
2179 }
2180
2181 static struct nfc_ops pn533_nfc_ops = {
2182 .dev_up = NULL,
2183 .dev_down = NULL,
2184 .dep_link_up = pn533_dep_link_up,
2185 .dep_link_down = pn533_dep_link_down,
2186 .start_poll = pn533_start_poll,
2187 .stop_poll = pn533_stop_poll,
2188 .activate_target = pn533_activate_target,
2189 .deactivate_target = pn533_deactivate_target,
2190 .im_transceive = pn533_transceive,
2191 .tm_send = pn533_tm_send,
2192 };
2193
2194 static int pn533_setup(struct pn533 *dev)
2195 {
2196 struct pn533_config_max_retries max_retries;
2197 struct pn533_config_timing timing;
2198 u8 pasori_cfg[3] = {0x08, 0x01, 0x08};
2199 int rc;
2200
2201 switch (dev->device_type) {
2202 case PN533_DEVICE_STD:
2203 max_retries.mx_rty_atr = PN533_CONFIG_MAX_RETRIES_ENDLESS;
2204 max_retries.mx_rty_psl = 2;
2205 max_retries.mx_rty_passive_act =
2206 PN533_CONFIG_MAX_RETRIES_NO_RETRY;
2207
2208 timing.rfu = PN533_CONFIG_TIMING_102;
2209 timing.atr_res_timeout = PN533_CONFIG_TIMING_204;
2210 timing.dep_timeout = PN533_CONFIG_TIMING_409;
2211
2212 break;
2213
2214 case PN533_DEVICE_PASORI:
2215 max_retries.mx_rty_atr = 0x2;
2216 max_retries.mx_rty_psl = 0x1;
2217 max_retries.mx_rty_passive_act =
2218 PN533_CONFIG_MAX_RETRIES_NO_RETRY;
2219
2220 timing.rfu = PN533_CONFIG_TIMING_102;
2221 timing.atr_res_timeout = PN533_CONFIG_TIMING_102;
2222 timing.dep_timeout = PN533_CONFIG_TIMING_204;
2223
2224 break;
2225
2226 default:
2227 nfc_dev_err(&dev->interface->dev, "Unknown device type %d\n",
2228 dev->device_type);
2229 return -EINVAL;
2230 }
2231
2232 rc = pn533_set_configuration(dev, PN533_CFGITEM_MAX_RETRIES,
2233 (u8 *)&max_retries, sizeof(max_retries));
2234 if (rc) {
2235 nfc_dev_err(&dev->interface->dev,
2236 "Error on setting MAX_RETRIES config");
2237 return rc;
2238 }
2239
2240
2241 rc = pn533_set_configuration(dev, PN533_CFGITEM_TIMING,
2242 (u8 *)&timing, sizeof(timing));
2243 if (rc) {
2244 nfc_dev_err(&dev->interface->dev,
2245 "Error on setting RF timings");
2246 return rc;
2247 }
2248
2249 switch (dev->device_type) {
2250 case PN533_DEVICE_STD:
2251 break;
2252
2253 case PN533_DEVICE_PASORI:
2254 pn533_fw_reset(dev);
2255
2256 rc = pn533_set_configuration(dev, PN533_CFGITEM_PASORI,
2257 pasori_cfg, 3);
2258 if (rc) {
2259 nfc_dev_err(&dev->interface->dev,
2260 "Error while settings PASORI config");
2261 return rc;
2262 }
2263
2264 pn533_fw_reset(dev);
2265
2266 break;
2267 }
2268
2269 return 0;
2270 }
2271
2272 static int pn533_probe(struct usb_interface *interface,
2273 const struct usb_device_id *id)
2274 {
2275 struct pn533_fw_version *fw_ver;
2276 struct pn533 *dev;
2277 struct usb_host_interface *iface_desc;
2278 struct usb_endpoint_descriptor *endpoint;
2279 int in_endpoint = 0;
2280 int out_endpoint = 0;
2281 int rc = -ENOMEM;
2282 int i;
2283 u32 protocols;
2284
2285 dev = kzalloc(sizeof(*dev), GFP_KERNEL);
2286 if (!dev)
2287 return -ENOMEM;
2288
2289 dev->udev = usb_get_dev(interface_to_usbdev(interface));
2290 dev->interface = interface;
2291 mutex_init(&dev->cmd_lock);
2292
2293 iface_desc = interface->cur_altsetting;
2294 for (i = 0; i < iface_desc->desc.bNumEndpoints; ++i) {
2295 endpoint = &iface_desc->endpoint[i].desc;
2296
2297 if (!in_endpoint && usb_endpoint_is_bulk_in(endpoint)) {
2298 dev->in_maxlen = le16_to_cpu(endpoint->wMaxPacketSize);
2299 in_endpoint = endpoint->bEndpointAddress;
2300 }
2301
2302 if (!out_endpoint && usb_endpoint_is_bulk_out(endpoint)) {
2303 dev->out_maxlen =
2304 le16_to_cpu(endpoint->wMaxPacketSize);
2305 out_endpoint = endpoint->bEndpointAddress;
2306 }
2307 }
2308
2309 if (!in_endpoint || !out_endpoint) {
2310 nfc_dev_err(&interface->dev, "Could not find bulk-in or"
2311 " bulk-out endpoint");
2312 rc = -ENODEV;
2313 goto error;
2314 }
2315
2316 dev->in_frame = kmalloc(dev->in_maxlen, GFP_KERNEL);
2317 dev->in_urb = usb_alloc_urb(0, GFP_KERNEL);
2318 dev->out_frame = kmalloc(dev->out_maxlen, GFP_KERNEL);
2319 dev->out_urb = usb_alloc_urb(0, GFP_KERNEL);
2320
2321 if (!dev->in_frame || !dev->out_frame ||
2322 !dev->in_urb || !dev->out_urb)
2323 goto error;
2324
2325 usb_fill_bulk_urb(dev->in_urb, dev->udev,
2326 usb_rcvbulkpipe(dev->udev, in_endpoint),
2327 NULL, 0, NULL, dev);
2328 usb_fill_bulk_urb(dev->out_urb, dev->udev,
2329 usb_sndbulkpipe(dev->udev, out_endpoint),
2330 NULL, 0,
2331 pn533_send_complete, dev);
2332
2333 INIT_WORK(&dev->cmd_work, pn533_wq_cmd_complete);
2334 INIT_WORK(&dev->mi_work, pn533_wq_mi_recv);
2335 INIT_WORK(&dev->tg_work, pn533_wq_tg_get_data);
2336 INIT_WORK(&dev->poll_work, pn533_wq_poll);
2337 dev->wq = alloc_workqueue("pn533",
2338 WQ_NON_REENTRANT | WQ_UNBOUND | WQ_MEM_RECLAIM,
2339 1);
2340 if (dev->wq == NULL)
2341 goto error;
2342
2343 init_timer(&dev->listen_timer);
2344 dev->listen_timer.data = (unsigned long) dev;
2345 dev->listen_timer.function = pn533_listen_mode_timer;
2346
2347 skb_queue_head_init(&dev->resp_q);
2348
2349 usb_set_intfdata(interface, dev);
2350
2351 pn533_tx_frame_init(dev->out_frame, PN533_CMD_GET_FIRMWARE_VERSION);
2352 pn533_tx_frame_finish(dev->out_frame);
2353
2354 rc = pn533_send_cmd_frame_sync(dev, dev->out_frame, dev->in_frame,
2355 dev->in_maxlen);
2356 if (rc)
2357 goto destroy_wq;
2358
2359 fw_ver = (struct pn533_fw_version *)
2360 PN533_FRAME_CMD_PARAMS_PTR(dev->in_frame);
2361 nfc_dev_info(&dev->interface->dev, "NXP PN533 firmware ver %d.%d now"
2362 " attached", fw_ver->ver, fw_ver->rev);
2363
2364 dev->device_type = id->driver_info;
2365 switch (dev->device_type) {
2366 case PN533_DEVICE_STD:
2367 protocols = PN533_ALL_PROTOCOLS;
2368 break;
2369
2370 case PN533_DEVICE_PASORI:
2371 protocols = PN533_NO_TYPE_B_PROTOCOLS;
2372 break;
2373
2374 default:
2375 nfc_dev_err(&dev->interface->dev, "Unknown device type %d\n",
2376 dev->device_type);
2377 rc = -EINVAL;
2378 goto destroy_wq;
2379 }
2380
2381 dev->nfc_dev = nfc_allocate_device(&pn533_nfc_ops, protocols,
2382 PN533_CMD_DATAEXCH_HEAD_LEN,
2383 PN533_FRAME_TAIL_SIZE);
2384 if (!dev->nfc_dev)
2385 goto destroy_wq;
2386
2387 nfc_set_parent_dev(dev->nfc_dev, &interface->dev);
2388 nfc_set_drvdata(dev->nfc_dev, dev);
2389
2390 rc = nfc_register_device(dev->nfc_dev);
2391 if (rc)
2392 goto free_nfc_dev;
2393
2394 rc = pn533_setup(dev);
2395 if (rc)
2396 goto unregister_nfc_dev;
2397
2398 return 0;
2399
2400 unregister_nfc_dev:
2401 nfc_unregister_device(dev->nfc_dev);
2402
2403 free_nfc_dev:
2404 nfc_free_device(dev->nfc_dev);
2405
2406 destroy_wq:
2407 destroy_workqueue(dev->wq);
2408 error:
2409 kfree(dev->in_frame);
2410 usb_free_urb(dev->in_urb);
2411 kfree(dev->out_frame);
2412 usb_free_urb(dev->out_urb);
2413 kfree(dev);
2414 return rc;
2415 }
2416
2417 static void pn533_disconnect(struct usb_interface *interface)
2418 {
2419 struct pn533 *dev;
2420
2421 dev = usb_get_intfdata(interface);
2422 usb_set_intfdata(interface, NULL);
2423
2424 nfc_unregister_device(dev->nfc_dev);
2425 nfc_free_device(dev->nfc_dev);
2426
2427 usb_kill_urb(dev->in_urb);
2428 usb_kill_urb(dev->out_urb);
2429
2430 destroy_workqueue(dev->wq);
2431
2432 skb_queue_purge(&dev->resp_q);
2433
2434 del_timer(&dev->listen_timer);
2435
2436 kfree(dev->in_frame);
2437 usb_free_urb(dev->in_urb);
2438 kfree(dev->out_frame);
2439 usb_free_urb(dev->out_urb);
2440 kfree(dev);
2441
2442 nfc_dev_info(&interface->dev, "NXP PN533 NFC device disconnected");
2443 }
2444
2445 static struct usb_driver pn533_driver = {
2446 .name = "pn533",
2447 .probe = pn533_probe,
2448 .disconnect = pn533_disconnect,
2449 .id_table = pn533_table,
2450 };
2451
2452 module_usb_driver(pn533_driver);
2453
2454 MODULE_AUTHOR("Lauro Ramos Venancio <lauro.venancio@openbossa.org>,"
2455 " Aloisio Almeida Jr <aloisio.almeida@openbossa.org>");
2456 MODULE_DESCRIPTION("PN533 usb driver ver " VERSION);
2457 MODULE_VERSION(VERSION);
2458 MODULE_LICENSE("GPL");
Linux with added FPC-III support