]> git.proxmox.com Git - mirror_ubuntu-zesty-kernel.git/blob - drivers/nfc/pn533.c
projects / mirror_ubuntu-zesty-kernel.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
NFC: pn533: Don't use out_frame in pn533_send_ack
[mirror_ubuntu-zesty-kernel.git] / drivers / nfc / pn533.c
1 /*
2 * Copyright (C) 2011 Instituto Nokia de Tecnologia
3 *
4 * Authors:
5 * Lauro Ramos Venancio <lauro.venancio@openbossa.org>
6 * Aloisio Almeida Jr <aloisio.almeida@openbossa.org>
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the
20 * Free Software Foundation, Inc.,
21 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
22 */
23
24 #include <linux/device.h>
25 #include <linux/kernel.h>
26 #include <linux/module.h>
27 #include <linux/slab.h>
28 #include <linux/usb.h>
29 #include <linux/nfc.h>
30 #include <linux/netdevice.h>
31 #include <net/nfc/nfc.h>
32
33 #define VERSION "0.1"
34
35 #define PN533_VENDOR_ID 0x4CC
36 #define PN533_PRODUCT_ID 0x2533
37
38 #define SCM_VENDOR_ID 0x4E6
39 #define SCL3711_PRODUCT_ID 0x5591
40
41 #define SONY_VENDOR_ID 0x054c
42 #define PASORI_PRODUCT_ID 0x02e1
43
44 #define PN533_DEVICE_STD 0x1
45 #define PN533_DEVICE_PASORI 0x2
46
47 #define PN533_ALL_PROTOCOLS (NFC_PROTO_JEWEL_MASK | NFC_PROTO_MIFARE_MASK |\
48 NFC_PROTO_FELICA_MASK | NFC_PROTO_ISO14443_MASK |\
49 NFC_PROTO_NFC_DEP_MASK |\
50 NFC_PROTO_ISO14443_B_MASK)
51
52 #define PN533_NO_TYPE_B_PROTOCOLS (NFC_PROTO_JEWEL_MASK | \
53 NFC_PROTO_MIFARE_MASK | \
54 NFC_PROTO_FELICA_MASK | \
55 NFC_PROTO_ISO14443_MASK | \
56 NFC_PROTO_NFC_DEP_MASK)
57
58 static const struct usb_device_id pn533_table[] = {
59 { .match_flags = USB_DEVICE_ID_MATCH_DEVICE,
60 .idVendor = PN533_VENDOR_ID,
61 .idProduct = PN533_PRODUCT_ID,
62 .driver_info = PN533_DEVICE_STD,
63 },
64 { .match_flags = USB_DEVICE_ID_MATCH_DEVICE,
65 .idVendor = SCM_VENDOR_ID,
66 .idProduct = SCL3711_PRODUCT_ID,
67 .driver_info = PN533_DEVICE_STD,
68 },
69 { .match_flags = USB_DEVICE_ID_MATCH_DEVICE,
70 .idVendor = SONY_VENDOR_ID,
71 .idProduct = PASORI_PRODUCT_ID,
72 .driver_info = PN533_DEVICE_PASORI,
73 },
74 { }
75 };
76 MODULE_DEVICE_TABLE(usb, pn533_table);
77
78 /* How much time we spend listening for initiators */
79 #define PN533_LISTEN_TIME 2
80
81 /* frame definitions */
82 #define PN533_NORMAL_FRAME_MAX_LEN 262 /* 6 (PREAMBLE, SOF, LEN, LCS, TFI)
83 254 (DATA)
84 2 (DCS, postamble) */
85 #define PN533_FRAME_HEADER_LEN (sizeof(struct pn533_frame) \
86 + 2) /* data[0] TFI, data[1] CC */
87 #define PN533_FRAME_TAIL_LEN 2 /* data[len] DCS, data[len + 1] postamble*/
88
89 /*
90 * Max extended frame payload len, excluding TFI and CC
91 * which are already in PN533_FRAME_HEADER_LEN.
92 */
93 #define PN533_FRAME_MAX_PAYLOAD_LEN 263
94
95 #define PN533_FRAME_SIZE(f) (sizeof(struct pn533_frame) + f->datalen + \
96 PN533_FRAME_TAIL_LEN)
97 #define PN533_FRAME_ACK_SIZE 6 /* Preamble (1), SoPC (2), ACK Code (2),
98 Postamble (1) */
99 #define PN533_FRAME_CHECKSUM(f) (f->data[f->datalen])
100 #define PN533_FRAME_POSTAMBLE(f) (f->data[f->datalen + 1])
101
102 /* start of frame */
103 #define PN533_SOF 0x00FF
104
105 /* frame identifier: in/out/error */
106 #define PN533_FRAME_IDENTIFIER(f) (f->data[0])
107 #define PN533_DIR_OUT 0xD4
108 #define PN533_DIR_IN 0xD5
109
110 /* PN533 Commands */
111 #define PN533_FRAME_CMD(f) (f->data[1])
112 #define PN533_FRAME_CMD_PARAMS_PTR(f) (&f->data[2])
113 #define PN533_FRAME_CMD_PARAMS_LEN(f) (f->datalen - 2)
114
115 #define PN533_CMD_GET_FIRMWARE_VERSION 0x02
116 #define PN533_CMD_RF_CONFIGURATION 0x32
117 #define PN533_CMD_IN_DATA_EXCHANGE 0x40
118 #define PN533_CMD_IN_COMM_THRU 0x42
119 #define PN533_CMD_IN_LIST_PASSIVE_TARGET 0x4A
120 #define PN533_CMD_IN_ATR 0x50
121 #define PN533_CMD_IN_RELEASE 0x52
122 #define PN533_CMD_IN_JUMP_FOR_DEP 0x56
123
124 #define PN533_CMD_TG_INIT_AS_TARGET 0x8c
125 #define PN533_CMD_TG_GET_DATA 0x86
126 #define PN533_CMD_TG_SET_DATA 0x8e
127 #define PN533_CMD_UNDEF 0xff
128
129 #define PN533_CMD_RESPONSE(cmd) (cmd + 1)
130
131 /* PN533 Return codes */
132 #define PN533_CMD_RET_MASK 0x3F
133 #define PN533_CMD_MI_MASK 0x40
134 #define PN533_CMD_RET_SUCCESS 0x00
135
136 struct pn533;
137
138 typedef int (*pn533_cmd_complete_t) (struct pn533 *dev, void *arg,
139 u8 *params, int params_len);
140
141 typedef int (*pn533_send_async_complete_t) (struct pn533 *dev, void *arg,
142 struct sk_buff *resp);
143
144 /* structs for pn533 commands */
145
146 /* PN533_CMD_GET_FIRMWARE_VERSION */
147 struct pn533_fw_version {
148 u8 ic;
149 u8 ver;
150 u8 rev;
151 u8 support;
152 };
153
154 /* PN533_CMD_RF_CONFIGURATION */
155 #define PN533_CFGITEM_TIMING 0x02
156 #define PN533_CFGITEM_MAX_RETRIES 0x05
157 #define PN533_CFGITEM_PASORI 0x82
158
159 #define PN533_CONFIG_TIMING_102 0xb
160 #define PN533_CONFIG_TIMING_204 0xc
161 #define PN533_CONFIG_TIMING_409 0xd
162 #define PN533_CONFIG_TIMING_819 0xe
163
164 #define PN533_CONFIG_MAX_RETRIES_NO_RETRY 0x00
165 #define PN533_CONFIG_MAX_RETRIES_ENDLESS 0xFF
166
167 struct pn533_config_max_retries {
168 u8 mx_rty_atr;
169 u8 mx_rty_psl;
170 u8 mx_rty_passive_act;
171 } __packed;
172
173 struct pn533_config_timing {
174 u8 rfu;
175 u8 atr_res_timeout;
176 u8 dep_timeout;
177 } __packed;
178
179 /* PN533_CMD_IN_LIST_PASSIVE_TARGET */
180
181 /* felica commands opcode */
182 #define PN533_FELICA_OPC_SENSF_REQ 0
183 #define PN533_FELICA_OPC_SENSF_RES 1
184 /* felica SENSF_REQ parameters */
185 #define PN533_FELICA_SENSF_SC_ALL 0xFFFF
186 #define PN533_FELICA_SENSF_RC_NO_SYSTEM_CODE 0
187 #define PN533_FELICA_SENSF_RC_SYSTEM_CODE 1
188 #define PN533_FELICA_SENSF_RC_ADVANCED_PROTOCOL 2
189
190 /* type B initiator_data values */
191 #define PN533_TYPE_B_AFI_ALL_FAMILIES 0
192 #define PN533_TYPE_B_POLL_METHOD_TIMESLOT 0
193 #define PN533_TYPE_B_POLL_METHOD_PROBABILISTIC 1
194
195 union pn533_cmd_poll_initdata {
196 struct {
197 u8 afi;
198 u8 polling_method;
199 } __packed type_b;
200 struct {
201 u8 opcode;
202 __be16 sc;
203 u8 rc;
204 u8 tsn;
205 } __packed felica;
206 };
207
208 /* Poll modulations */
209 enum {
210 PN533_POLL_MOD_106KBPS_A,
211 PN533_POLL_MOD_212KBPS_FELICA,
212 PN533_POLL_MOD_424KBPS_FELICA,
213 PN533_POLL_MOD_106KBPS_JEWEL,
214 PN533_POLL_MOD_847KBPS_B,
215 PN533_LISTEN_MOD,
216
217 __PN533_POLL_MOD_AFTER_LAST,
218 };
219 #define PN533_POLL_MOD_MAX (__PN533_POLL_MOD_AFTER_LAST - 1)
220
221 struct pn533_poll_modulations {
222 struct {
223 u8 maxtg;
224 u8 brty;
225 union pn533_cmd_poll_initdata initiator_data;
226 } __packed data;
227 u8 len;
228 };
229
230 const struct pn533_poll_modulations poll_mod[] = {
231 [PN533_POLL_MOD_106KBPS_A] = {
232 .data = {
233 .maxtg = 1,
234 .brty = 0,
235 },
236 .len = 2,
237 },
238 [PN533_POLL_MOD_212KBPS_FELICA] = {
239 .data = {
240 .maxtg = 1,
241 .brty = 1,
242 .initiator_data.felica = {
243 .opcode = PN533_FELICA_OPC_SENSF_REQ,
244 .sc = PN533_FELICA_SENSF_SC_ALL,
245 .rc = PN533_FELICA_SENSF_RC_NO_SYSTEM_CODE,
246 .tsn = 0,
247 },
248 },
249 .len = 7,
250 },
251 [PN533_POLL_MOD_424KBPS_FELICA] = {
252 .data = {
253 .maxtg = 1,
254 .brty = 2,
255 .initiator_data.felica = {
256 .opcode = PN533_FELICA_OPC_SENSF_REQ,
257 .sc = PN533_FELICA_SENSF_SC_ALL,
258 .rc = PN533_FELICA_SENSF_RC_NO_SYSTEM_CODE,
259 .tsn = 0,
260 },
261 },
262 .len = 7,
263 },
264 [PN533_POLL_MOD_106KBPS_JEWEL] = {
265 .data = {
266 .maxtg = 1,
267 .brty = 4,
268 },
269 .len = 2,
270 },
271 [PN533_POLL_MOD_847KBPS_B] = {
272 .data = {
273 .maxtg = 1,
274 .brty = 8,
275 .initiator_data.type_b = {
276 .afi = PN533_TYPE_B_AFI_ALL_FAMILIES,
277 .polling_method =
278 PN533_TYPE_B_POLL_METHOD_TIMESLOT,
279 },
280 },
281 .len = 3,
282 },
283 [PN533_LISTEN_MOD] = {
284 .len = 0,
285 },
286 };
287
288 /* PN533_CMD_IN_ATR */
289
290 struct pn533_cmd_activate_response {
291 u8 status;
292 u8 nfcid3t[10];
293 u8 didt;
294 u8 bst;
295 u8 brt;
296 u8 to;
297 u8 ppt;
298 /* optional */
299 u8 gt[];
300 } __packed;
301
302 struct pn533_cmd_jump_dep_response {
303 u8 status;
304 u8 tg;
305 u8 nfcid3t[10];
306 u8 didt;
307 u8 bst;
308 u8 brt;
309 u8 to;
310 u8 ppt;
311 /* optional */
312 u8 gt[];
313 } __packed;
314
315
316 /* PN533_TG_INIT_AS_TARGET */
317 #define PN533_INIT_TARGET_PASSIVE 0x1
318 #define PN533_INIT_TARGET_DEP 0x2
319
320 #define PN533_INIT_TARGET_RESP_FRAME_MASK 0x3
321 #define PN533_INIT_TARGET_RESP_ACTIVE 0x1
322 #define PN533_INIT_TARGET_RESP_DEP 0x4
323
324 struct pn533 {
325 struct usb_device *udev;
326 struct usb_interface *interface;
327 struct nfc_dev *nfc_dev;
328
329 struct urb *out_urb;
330 struct pn533_frame *out_frame;
331
332 struct urb *in_urb;
333
334 struct sk_buff_head resp_q;
335
336 struct workqueue_struct *wq;
337 struct work_struct cmd_work;
338 struct work_struct cmd_complete_work;
339 struct work_struct poll_work;
340 struct work_struct mi_work;
341 struct work_struct tg_work;
342 struct timer_list listen_timer;
343 struct pn533_frame *wq_in_frame;
344 int wq_in_error;
345 int cancel_listen;
346
347 pn533_cmd_complete_t cmd_complete;
348 void *cmd_complete_arg;
349 void *cmd_complete_mi_arg;
350 struct mutex cmd_lock;
351 u8 cmd;
352
353 struct pn533_poll_modulations *poll_mod_active[PN533_POLL_MOD_MAX + 1];
354 u8 poll_mod_count;
355 u8 poll_mod_curr;
356 u32 poll_protocols;
357 u32 listen_protocols;
358
359 u8 *gb;
360 size_t gb_len;
361
362 u8 tgt_available_prots;
363 u8 tgt_active_prot;
364 u8 tgt_mode;
365
366 u32 device_type;
367
368 struct list_head cmd_queue;
369 u8 cmd_pending;
370 };
371
372 struct pn533_cmd {
373 struct list_head queue;
374 u8 cmd_code;
375 struct sk_buff *req;
376 struct sk_buff *resp;
377 void *arg;
378 };
379
380 struct pn533_frame {
381 u8 preamble;
382 __be16 start_frame;
383 u8 datalen;
384 u8 datalen_checksum;
385 u8 data[];
386 } __packed;
387
388 /* The rule: value + checksum = 0 */
389 static inline u8 pn533_checksum(u8 value)
390 {
391 return ~value + 1;
392 }
393
394 /* The rule: sum(data elements) + checksum = 0 */
395 static u8 pn533_data_checksum(u8 *data, int datalen)
396 {
397 u8 sum = 0;
398 int i;
399
400 for (i = 0; i < datalen; i++)
401 sum += data[i];
402
403 return pn533_checksum(sum);
404 }
405
406 static void pn533_tx_frame_init(struct pn533_frame *frame, u8 cmd)
407 {
408 frame->preamble = 0;
409 frame->start_frame = cpu_to_be16(PN533_SOF);
410 PN533_FRAME_IDENTIFIER(frame) = PN533_DIR_OUT;
411 PN533_FRAME_CMD(frame) = cmd;
412 frame->datalen = 2;
413 }
414
415 static void pn533_tx_frame_finish(struct pn533_frame *frame)
416 {
417 frame->datalen_checksum = pn533_checksum(frame->datalen);
418
419 PN533_FRAME_CHECKSUM(frame) =
420 pn533_data_checksum(frame->data, frame->datalen);
421
422 PN533_FRAME_POSTAMBLE(frame) = 0;
423 }
424
425 static bool pn533_rx_frame_is_valid(struct pn533_frame *frame)
426 {
427 u8 checksum;
428
429 if (frame->start_frame != cpu_to_be16(PN533_SOF))
430 return false;
431
432 checksum = pn533_checksum(frame->datalen);
433 if (checksum != frame->datalen_checksum)
434 return false;
435
436 checksum = pn533_data_checksum(frame->data, frame->datalen);
437 if (checksum != PN533_FRAME_CHECKSUM(frame))
438 return false;
439
440 return true;
441 }
442
443 static bool pn533_rx_frame_is_ack(struct pn533_frame *frame)
444 {
445 if (frame->start_frame != cpu_to_be16(PN533_SOF))
446 return false;
447
448 if (frame->datalen != 0 || frame->datalen_checksum != 0xFF)
449 return false;
450
451 return true;
452 }
453
454 static bool pn533_rx_frame_is_cmd_response(struct pn533_frame *frame, u8 cmd)
455 {
456 return (PN533_FRAME_CMD(frame) == PN533_CMD_RESPONSE(cmd));
457 }
458
459
460 static void pn533_wq_cmd_complete(struct work_struct *work)
461 {
462 struct pn533 *dev = container_of(work, struct pn533, cmd_complete_work);
463 struct pn533_frame *in_frame;
464 int rc;
465
466 in_frame = dev->wq_in_frame;
467
468 if (dev->wq_in_error)
469 rc = dev->cmd_complete(dev, dev->cmd_complete_arg, NULL,
470 dev->wq_in_error);
471 else
472 rc = dev->cmd_complete(dev, dev->cmd_complete_arg,
473 PN533_FRAME_CMD_PARAMS_PTR(in_frame),
474 PN533_FRAME_CMD_PARAMS_LEN(in_frame));
475
476 if (rc != -EINPROGRESS)
477 queue_work(dev->wq, &dev->cmd_work);
478 }
479
480 static void pn533_recv_response(struct urb *urb)
481 {
482 struct pn533 *dev = urb->context;
483 struct pn533_frame *in_frame;
484
485 dev->wq_in_frame = NULL;
486
487 switch (urb->status) {
488 case 0:
489 break; /* success */
490 case -ECONNRESET:
491 case -ENOENT:
492 nfc_dev_dbg(&dev->interface->dev,
493 "The urb has been canceled (status %d)",
494 urb->status);
495 dev->wq_in_error = urb->status;
496 goto sched_wq;
497 break;
498 case -ESHUTDOWN:
499 default:
500 nfc_dev_err(&dev->interface->dev,
501 "Urb failure (status %d)", urb->status);
502 dev->wq_in_error = urb->status;
503 goto sched_wq;
504 }
505
506 in_frame = dev->in_urb->transfer_buffer;
507
508 nfc_dev_dbg(&dev->interface->dev, "Received a frame.");
509 print_hex_dump(KERN_DEBUG, "PN533 RX: ", DUMP_PREFIX_NONE, 16, 1,
510 in_frame, PN533_FRAME_SIZE(in_frame), false);
511
512 if (!pn533_rx_frame_is_valid(in_frame)) {
513 nfc_dev_err(&dev->interface->dev, "Received an invalid frame");
514 dev->wq_in_error = -EIO;
515 goto sched_wq;
516 }
517
518 if (!pn533_rx_frame_is_cmd_response(in_frame, dev->cmd)) {
519 nfc_dev_err(&dev->interface->dev,
520 "It it not the response to the last command");
521 dev->wq_in_error = -EIO;
522 goto sched_wq;
523 }
524
525 dev->wq_in_error = 0;
526 dev->wq_in_frame = in_frame;
527
528 sched_wq:
529 queue_work(dev->wq, &dev->cmd_complete_work);
530 }
531
532 static int pn533_submit_urb_for_response(struct pn533 *dev, gfp_t flags)
533 {
534 dev->in_urb->complete = pn533_recv_response;
535
536 return usb_submit_urb(dev->in_urb, flags);
537 }
538
539 static void pn533_recv_ack(struct urb *urb)
540 {
541 struct pn533 *dev = urb->context;
542 struct pn533_frame *in_frame;
543 int rc;
544
545 switch (urb->status) {
546 case 0:
547 break; /* success */
548 case -ECONNRESET:
549 case -ENOENT:
550 nfc_dev_dbg(&dev->interface->dev,
551 "The urb has been stopped (status %d)",
552 urb->status);
553 dev->wq_in_error = urb->status;
554 goto sched_wq;
555 break;
556 case -ESHUTDOWN:
557 default:
558 nfc_dev_err(&dev->interface->dev,
559 "Urb failure (status %d)", urb->status);
560 dev->wq_in_error = urb->status;
561 goto sched_wq;
562 }
563
564 in_frame = dev->in_urb->transfer_buffer;
565
566 if (!pn533_rx_frame_is_ack(in_frame)) {
567 nfc_dev_err(&dev->interface->dev, "Received an invalid ack");
568 dev->wq_in_error = -EIO;
569 goto sched_wq;
570 }
571
572 rc = pn533_submit_urb_for_response(dev, GFP_ATOMIC);
573 if (rc) {
574 nfc_dev_err(&dev->interface->dev,
575 "usb_submit_urb failed with result %d", rc);
576 dev->wq_in_error = rc;
577 goto sched_wq;
578 }
579
580 return;
581
582 sched_wq:
583 dev->wq_in_frame = NULL;
584 queue_work(dev->wq, &dev->cmd_complete_work);
585 }
586
587 static int pn533_submit_urb_for_ack(struct pn533 *dev, gfp_t flags)
588 {
589 dev->in_urb->complete = pn533_recv_ack;
590
591 return usb_submit_urb(dev->in_urb, flags);
592 }
593
594 static int pn533_send_ack(struct pn533 *dev, gfp_t flags)
595 {
596 u8 ack[PN533_FRAME_ACK_SIZE] = {0x00, 0x00, 0xff, 0x00, 0xff, 0x00};
597 /* spec 7.1.1.3: Preamble, SoPC (2), ACK Code (2), Postamble */
598 int rc;
599
600 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
601
602 dev->out_urb->transfer_buffer = ack;
603 dev->out_urb->transfer_buffer_length = sizeof(ack);
604 rc = usb_submit_urb(dev->out_urb, flags);
605
606 return rc;
607 }
608
609 static int __pn533_send_cmd_frame_async(struct pn533 *dev,
610 struct pn533_frame *out_frame,
611 struct pn533_frame *in_frame,
612 int in_frame_len,
613 pn533_cmd_complete_t cmd_complete,
614 void *arg)
615 {
616 int rc;
617
618 dev->cmd = PN533_FRAME_CMD(out_frame);
619 dev->cmd_complete = cmd_complete;
620 dev->cmd_complete_arg = arg;
621
622 dev->out_urb->transfer_buffer = out_frame;
623 dev->out_urb->transfer_buffer_length =
624 PN533_FRAME_SIZE(out_frame);
625
626 dev->in_urb->transfer_buffer = in_frame;
627 dev->in_urb->transfer_buffer_length = in_frame_len;
628
629 print_hex_dump(KERN_DEBUG, "PN533 TX: ", DUMP_PREFIX_NONE, 16, 1,
630 out_frame, PN533_FRAME_SIZE(out_frame), false);
631
632 rc = usb_submit_urb(dev->out_urb, GFP_KERNEL);
633 if (rc)
634 return rc;
635
636 rc = pn533_submit_urb_for_ack(dev, GFP_KERNEL);
637 if (rc)
638 goto error;
639
640 return 0;
641
642 error:
643 usb_unlink_urb(dev->out_urb);
644 return rc;
645 }
646
647 static void pn533_build_cmd_frame(u8 cmd_code, struct sk_buff *skb)
648 {
649 struct pn533_frame *frame;
650 /* payload is already there, just update datalen */
651 int payload_len = skb->len;
652
653 skb_push(skb, PN533_FRAME_HEADER_LEN);
654 skb_put(skb, PN533_FRAME_TAIL_LEN);
655
656 frame = (struct pn533_frame *)skb->data;
657
658 pn533_tx_frame_init(frame, cmd_code);
659 frame->datalen += payload_len;
660 pn533_tx_frame_finish(frame);
661 }
662
663 struct pn533_send_async_complete_arg {
664 pn533_send_async_complete_t complete_cb;
665 void *complete_cb_context;
666 struct sk_buff *resp;
667 struct sk_buff *req;
668 };
669
670 static int pn533_send_async_complete(struct pn533 *dev, void *_arg, u8 *params,
671 int params_len)
672 {
673 struct pn533_send_async_complete_arg *arg = _arg;
674
675 struct sk_buff *req = arg->req;
676 struct sk_buff *resp = arg->resp;
677
678 struct pn533_frame *frame = (struct pn533_frame *)resp->data;
679 int rc;
680
681 dev_kfree_skb(req);
682
683 if (params_len < 0) {
684 arg->complete_cb(dev, arg->complete_cb_context,
685 ERR_PTR(params_len));
686 rc = params_len;
687 dev_kfree_skb(resp);
688 goto out;
689 }
690
691 skb_put(resp, PN533_FRAME_SIZE(frame));
692 skb_pull(resp, PN533_FRAME_HEADER_LEN);
693 skb_trim(resp, resp->len - PN533_FRAME_TAIL_LEN);
694
695 rc = arg->complete_cb(dev, arg->complete_cb_context, resp);
696
697 out:
698 kfree(arg);
699 return rc;
700 }
701
702 static int __pn533_send_async(struct pn533 *dev, u8 cmd_code,
703 struct sk_buff *req, struct sk_buff *resp,
704 int resp_len,
705 pn533_send_async_complete_t complete_cb,
706 void *complete_cb_context)
707 {
708 struct pn533_cmd *cmd;
709 struct pn533_send_async_complete_arg *arg;
710 int rc = 0;
711
712 nfc_dev_dbg(&dev->interface->dev, "Sending command 0x%x", cmd_code);
713
714 arg = kzalloc(sizeof(arg), GFP_KERNEL);
715 if (!arg)
716 return -ENOMEM;
717
718 arg->complete_cb = complete_cb;
719 arg->complete_cb_context = complete_cb_context;
720 arg->resp = resp;
721 arg->req = req;
722
723 pn533_build_cmd_frame(cmd_code, req);
724
725 mutex_lock(&dev->cmd_lock);
726
727 if (!dev->cmd_pending) {
728 rc = __pn533_send_cmd_frame_async(dev,
729 (struct pn533_frame *)req->data,
730 (struct pn533_frame *)resp->data,
731 resp_len, pn533_send_async_complete,
732 arg);
733 if (rc)
734 goto error;
735
736 dev->cmd_pending = 1;
737 goto unlock;
738 }
739
740 nfc_dev_dbg(&dev->interface->dev, "%s Queueing command 0x%x", __func__,
741 cmd_code);
742
743 cmd = kzalloc(sizeof(struct pn533_cmd), GFP_KERNEL);
744 if (!cmd) {
745 rc = -ENOMEM;
746 goto error;
747 }
748
749 INIT_LIST_HEAD(&cmd->queue);
750 cmd->cmd_code = cmd_code;
751 cmd->req = req;
752 cmd->resp = resp;
753 cmd->arg = arg;
754
755 list_add_tail(&cmd->queue, &dev->cmd_queue);
756
757 goto unlock;
758
759 error:
760 kfree(arg);
761 unlock:
762 mutex_unlock(&dev->cmd_lock);
763 return rc;
764 }
765
766 static int pn533_send_data_async(struct pn533 *dev, u8 cmd_code,
767 struct sk_buff *req,
768 pn533_send_async_complete_t complete_cb,
769 void *complete_cb_context)
770 {
771 struct sk_buff *resp;
772 int rc;
773 int resp_len = PN533_FRAME_HEADER_LEN +
774 PN533_FRAME_MAX_PAYLOAD_LEN +
775 PN533_FRAME_TAIL_LEN;
776
777 resp = nfc_alloc_recv_skb(resp_len, GFP_KERNEL);
778 if (!resp)
779 return -ENOMEM;
780
781 rc = __pn533_send_async(dev, cmd_code, req, resp, resp_len, complete_cb,
782 complete_cb_context);
783 if (rc)
784 dev_kfree_skb(resp);
785
786 return rc;
787 }
788
789 static int pn533_send_cmd_async(struct pn533 *dev, u8 cmd_code,
790 struct sk_buff *req,
791 pn533_send_async_complete_t complete_cb,
792 void *complete_cb_context)
793 {
794 struct sk_buff *resp;
795 int rc;
796
797 resp = alloc_skb(PN533_NORMAL_FRAME_MAX_LEN, GFP_KERNEL);
798 if (!resp)
799 return -ENOMEM;
800
801 rc = __pn533_send_async(dev, cmd_code, req, resp,
802 PN533_NORMAL_FRAME_MAX_LEN,
803 complete_cb, complete_cb_context);
804 if (rc)
805 dev_kfree_skb(resp);
806
807 return rc;
808 }
809
810 /*
811 * pn533_send_cmd_direct_async
812 *
813 * The function sends a piority cmd directly to the chip omiting the cmd
814 * queue. It's intended to be used by chaining mechanism of received responses
815 * where the host has to request every single chunk of data before scheduling
816 * next cmd from the queue.
817 */
818 static int pn533_send_cmd_direct_async(struct pn533 *dev, u8 cmd_code,
819 struct sk_buff *req,
820 pn533_send_async_complete_t complete_cb,
821 void *complete_cb_context)
822 {
823 struct pn533_send_async_complete_arg *arg;
824 struct sk_buff *resp;
825 int rc;
826 int resp_len = PN533_FRAME_HEADER_LEN +
827 PN533_FRAME_MAX_PAYLOAD_LEN +
828 PN533_FRAME_TAIL_LEN;
829
830 resp = alloc_skb(resp_len, GFP_KERNEL);
831 if (!resp)
832 return -ENOMEM;
833
834 arg = kzalloc(sizeof(arg), GFP_KERNEL);
835 if (!arg) {
836 dev_kfree_skb(resp);
837 return -ENOMEM;
838 }
839
840 arg->complete_cb = complete_cb;
841 arg->complete_cb_context = complete_cb_context;
842 arg->resp = resp;
843 arg->req = req;
844
845 pn533_build_cmd_frame(cmd_code, req);
846
847 rc = __pn533_send_cmd_frame_async(dev, (struct pn533_frame *)req->data,
848 (struct pn533_frame *)resp->data,
849 resp_len, pn533_send_async_complete,
850 arg);
851 if (rc < 0) {
852 dev_kfree_skb(resp);
853 kfree(arg);
854 }
855
856 return rc;
857 }
858
859 static void pn533_wq_cmd(struct work_struct *work)
860 {
861 struct pn533 *dev = container_of(work, struct pn533, cmd_work);
862 struct pn533_cmd *cmd;
863
864 mutex_lock(&dev->cmd_lock);
865
866 if (list_empty(&dev->cmd_queue)) {
867 dev->cmd_pending = 0;
868 mutex_unlock(&dev->cmd_lock);
869 return;
870 }
871
872 cmd = list_first_entry(&dev->cmd_queue, struct pn533_cmd, queue);
873
874 list_del(&cmd->queue);
875
876 mutex_unlock(&dev->cmd_lock);
877
878 __pn533_send_cmd_frame_async(dev,
879 (struct pn533_frame *)cmd->req->data,
880 (struct pn533_frame *)cmd->resp->data,
881 PN533_NORMAL_FRAME_MAX_LEN,
882 pn533_send_async_complete,
883 cmd->arg);
884
885 kfree(cmd);
886 }
887
888 struct pn533_sync_cmd_response {
889 struct sk_buff *resp;
890 struct completion done;
891 };
892
893 static int pn533_send_sync_complete(struct pn533 *dev, void *_arg,
894 struct sk_buff *resp)
895 {
896 struct pn533_sync_cmd_response *arg = _arg;
897
898 arg->resp = resp;
899 complete(&arg->done);
900
901 return 0;
902 }
903
904 /* pn533_send_cmd_sync
905 *
906 * Please note the req parameter is freed inside the function to
907 * limit a number of return value interpretations by the caller.
908 *
909 * 1. negative in case of error during TX path -> req should be freed
910 *
911 * 2. negative in case of error during RX path -> req should not be freed
912 * as it's been already freed at the begining of RX path by
913 * async_complete_cb.
914 *
915 * 3. valid pointer in case of succesfult RX path
916 *
917 * A caller has to check a return value with IS_ERR macro. If the test pass,
918 * the returned pointer is valid.
919 *
920 * */
921 static struct sk_buff *pn533_send_cmd_sync(struct pn533 *dev, u8 cmd_code,
922 struct sk_buff *req)
923 {
924 int rc;
925 struct pn533_sync_cmd_response arg;
926
927 init_completion(&arg.done);
928
929 rc = pn533_send_cmd_async(dev, cmd_code, req,
930 pn533_send_sync_complete, &arg);
931 if (rc) {
932 dev_kfree_skb(req);
933 return ERR_PTR(rc);
934 }
935
936 wait_for_completion(&arg.done);
937
938 return arg.resp;
939 }
940
941 static void pn533_send_complete(struct urb *urb)
942 {
943 struct pn533 *dev = urb->context;
944
945 switch (urb->status) {
946 case 0:
947 break; /* success */
948 case -ECONNRESET:
949 case -ENOENT:
950 nfc_dev_dbg(&dev->interface->dev,
951 "The urb has been stopped (status %d)",
952 urb->status);
953 break;
954 case -ESHUTDOWN:
955 default:
956 nfc_dev_err(&dev->interface->dev,
957 "Urb failure (status %d)", urb->status);
958 }
959 }
960
961 static struct sk_buff *pn533_alloc_skb(unsigned int size)
962 {
963 struct sk_buff *skb;
964
965 skb = alloc_skb(PN533_FRAME_HEADER_LEN +
966 size +
967 PN533_FRAME_TAIL_LEN, GFP_KERNEL);
968
969 if (skb)
970 skb_reserve(skb, PN533_FRAME_HEADER_LEN);
971
972 return skb;
973 }
974
975 struct pn533_target_type_a {
976 __be16 sens_res;
977 u8 sel_res;
978 u8 nfcid_len;
979 u8 nfcid_data[];
980 } __packed;
981
982
983 #define PN533_TYPE_A_SENS_RES_NFCID1(x) ((u8)((be16_to_cpu(x) & 0x00C0) >> 6))
984 #define PN533_TYPE_A_SENS_RES_SSD(x) ((u8)((be16_to_cpu(x) & 0x001F) >> 0))
985 #define PN533_TYPE_A_SENS_RES_PLATCONF(x) ((u8)((be16_to_cpu(x) & 0x0F00) >> 8))
986
987 #define PN533_TYPE_A_SENS_RES_SSD_JEWEL 0x00
988 #define PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL 0x0C
989
990 #define PN533_TYPE_A_SEL_PROT(x) (((x) & 0x60) >> 5)
991 #define PN533_TYPE_A_SEL_CASCADE(x) (((x) & 0x04) >> 2)
992
993 #define PN533_TYPE_A_SEL_PROT_MIFARE 0
994 #define PN533_TYPE_A_SEL_PROT_ISO14443 1
995 #define PN533_TYPE_A_SEL_PROT_DEP 2
996 #define PN533_TYPE_A_SEL_PROT_ISO14443_DEP 3
997
998 static bool pn533_target_type_a_is_valid(struct pn533_target_type_a *type_a,
999 int target_data_len)
1000 {
1001 u8 ssd;
1002 u8 platconf;
1003
1004 if (target_data_len < sizeof(struct pn533_target_type_a))
1005 return false;
1006
1007 /* The lenght check of nfcid[] and ats[] are not being performed because
1008 the values are not being used */
1009
1010 /* Requirement 4.6.3.3 from NFC Forum Digital Spec */
1011 ssd = PN533_TYPE_A_SENS_RES_SSD(type_a->sens_res);
1012 platconf = PN533_TYPE_A_SENS_RES_PLATCONF(type_a->sens_res);
1013
1014 if ((ssd == PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
1015 platconf != PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL) ||
1016 (ssd != PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
1017 platconf == PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL))
1018 return false;
1019
1020 /* Requirements 4.8.2.1, 4.8.2.3, 4.8.2.5 and 4.8.2.7 from NFC Forum */
1021 if (PN533_TYPE_A_SEL_CASCADE(type_a->sel_res) != 0)
1022 return false;
1023
1024 return true;
1025 }
1026
1027 static int pn533_target_found_type_a(struct nfc_target *nfc_tgt, u8 *tgt_data,
1028 int tgt_data_len)
1029 {
1030 struct pn533_target_type_a *tgt_type_a;
1031
1032 tgt_type_a = (struct pn533_target_type_a *)tgt_data;
1033
1034 if (!pn533_target_type_a_is_valid(tgt_type_a, tgt_data_len))
1035 return -EPROTO;
1036
1037 switch (PN533_TYPE_A_SEL_PROT(tgt_type_a->sel_res)) {
1038 case PN533_TYPE_A_SEL_PROT_MIFARE:
1039 nfc_tgt->supported_protocols = NFC_PROTO_MIFARE_MASK;
1040 break;
1041 case PN533_TYPE_A_SEL_PROT_ISO14443:
1042 nfc_tgt->supported_protocols = NFC_PROTO_ISO14443_MASK;
1043 break;
1044 case PN533_TYPE_A_SEL_PROT_DEP:
1045 nfc_tgt->supported_protocols = NFC_PROTO_NFC_DEP_MASK;
1046 break;
1047 case PN533_TYPE_A_SEL_PROT_ISO14443_DEP:
1048 nfc_tgt->supported_protocols = NFC_PROTO_ISO14443_MASK |
1049 NFC_PROTO_NFC_DEP_MASK;
1050 break;
1051 }
1052
1053 nfc_tgt->sens_res = be16_to_cpu(tgt_type_a->sens_res);
1054 nfc_tgt->sel_res = tgt_type_a->sel_res;
1055 nfc_tgt->nfcid1_len = tgt_type_a->nfcid_len;
1056 memcpy(nfc_tgt->nfcid1, tgt_type_a->nfcid_data, nfc_tgt->nfcid1_len);
1057
1058 return 0;
1059 }
1060
1061 struct pn533_target_felica {
1062 u8 pol_res;
1063 u8 opcode;
1064 u8 nfcid2[8];
1065 u8 pad[8];
1066 /* optional */
1067 u8 syst_code[];
1068 } __packed;
1069
1070 #define PN533_FELICA_SENSF_NFCID2_DEP_B1 0x01
1071 #define PN533_FELICA_SENSF_NFCID2_DEP_B2 0xFE
1072
1073 static bool pn533_target_felica_is_valid(struct pn533_target_felica *felica,
1074 int target_data_len)
1075 {
1076 if (target_data_len < sizeof(struct pn533_target_felica))
1077 return false;
1078
1079 if (felica->opcode != PN533_FELICA_OPC_SENSF_RES)
1080 return false;
1081
1082 return true;
1083 }
1084
1085 static int pn533_target_found_felica(struct nfc_target *nfc_tgt, u8 *tgt_data,
1086 int tgt_data_len)
1087 {
1088 struct pn533_target_felica *tgt_felica;
1089
1090 tgt_felica = (struct pn533_target_felica *)tgt_data;
1091
1092 if (!pn533_target_felica_is_valid(tgt_felica, tgt_data_len))
1093 return -EPROTO;
1094
1095 if ((tgt_felica->nfcid2[0] == PN533_FELICA_SENSF_NFCID2_DEP_B1) &&
1096 (tgt_felica->nfcid2[1] == PN533_FELICA_SENSF_NFCID2_DEP_B2))
1097 nfc_tgt->supported_protocols = NFC_PROTO_NFC_DEP_MASK;
1098 else
1099 nfc_tgt->supported_protocols = NFC_PROTO_FELICA_MASK;
1100
1101 memcpy(nfc_tgt->sensf_res, &tgt_felica->opcode, 9);
1102 nfc_tgt->sensf_res_len = 9;
1103
1104 return 0;
1105 }
1106
1107 struct pn533_target_jewel {
1108 __be16 sens_res;
1109 u8 jewelid[4];
1110 } __packed;
1111
1112 static bool pn533_target_jewel_is_valid(struct pn533_target_jewel *jewel,
1113 int target_data_len)
1114 {
1115 u8 ssd;
1116 u8 platconf;
1117
1118 if (target_data_len < sizeof(struct pn533_target_jewel))
1119 return false;
1120
1121 /* Requirement 4.6.3.3 from NFC Forum Digital Spec */
1122 ssd = PN533_TYPE_A_SENS_RES_SSD(jewel->sens_res);
1123 platconf = PN533_TYPE_A_SENS_RES_PLATCONF(jewel->sens_res);
1124
1125 if ((ssd == PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
1126 platconf != PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL) ||
1127 (ssd != PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
1128 platconf == PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL))
1129 return false;
1130
1131 return true;
1132 }
1133
1134 static int pn533_target_found_jewel(struct nfc_target *nfc_tgt, u8 *tgt_data,
1135 int tgt_data_len)
1136 {
1137 struct pn533_target_jewel *tgt_jewel;
1138
1139 tgt_jewel = (struct pn533_target_jewel *)tgt_data;
1140
1141 if (!pn533_target_jewel_is_valid(tgt_jewel, tgt_data_len))
1142 return -EPROTO;
1143
1144 nfc_tgt->supported_protocols = NFC_PROTO_JEWEL_MASK;
1145 nfc_tgt->sens_res = be16_to_cpu(tgt_jewel->sens_res);
1146 nfc_tgt->nfcid1_len = 4;
1147 memcpy(nfc_tgt->nfcid1, tgt_jewel->jewelid, nfc_tgt->nfcid1_len);
1148
1149 return 0;
1150 }
1151
1152 struct pn533_type_b_prot_info {
1153 u8 bitrate;
1154 u8 fsci_type;
1155 u8 fwi_adc_fo;
1156 } __packed;
1157
1158 #define PN533_TYPE_B_PROT_FCSI(x) (((x) & 0xF0) >> 4)
1159 #define PN533_TYPE_B_PROT_TYPE(x) (((x) & 0x0F) >> 0)
1160 #define PN533_TYPE_B_PROT_TYPE_RFU_MASK 0x8
1161
1162 struct pn533_type_b_sens_res {
1163 u8 opcode;
1164 u8 nfcid[4];
1165 u8 appdata[4];
1166 struct pn533_type_b_prot_info prot_info;
1167 } __packed;
1168
1169 #define PN533_TYPE_B_OPC_SENSB_RES 0x50
1170
1171 struct pn533_target_type_b {
1172 struct pn533_type_b_sens_res sensb_res;
1173 u8 attrib_res_len;
1174 u8 attrib_res[];
1175 } __packed;
1176
1177 static bool pn533_target_type_b_is_valid(struct pn533_target_type_b *type_b,
1178 int target_data_len)
1179 {
1180 if (target_data_len < sizeof(struct pn533_target_type_b))
1181 return false;
1182
1183 if (type_b->sensb_res.opcode != PN533_TYPE_B_OPC_SENSB_RES)
1184 return false;
1185
1186 if (PN533_TYPE_B_PROT_TYPE(type_b->sensb_res.prot_info.fsci_type) &
1187 PN533_TYPE_B_PROT_TYPE_RFU_MASK)
1188 return false;
1189
1190 return true;
1191 }
1192
1193 static int pn533_target_found_type_b(struct nfc_target *nfc_tgt, u8 *tgt_data,
1194 int tgt_data_len)
1195 {
1196 struct pn533_target_type_b *tgt_type_b;
1197
1198 tgt_type_b = (struct pn533_target_type_b *)tgt_data;
1199
1200 if (!pn533_target_type_b_is_valid(tgt_type_b, tgt_data_len))
1201 return -EPROTO;
1202
1203 nfc_tgt->supported_protocols = NFC_PROTO_ISO14443_B_MASK;
1204
1205 return 0;
1206 }
1207
1208 static int pn533_target_found(struct pn533 *dev, u8 tg, u8 *tgdata,
1209 int tgdata_len)
1210 {
1211 struct nfc_target nfc_tgt;
1212 int rc;
1213
1214 nfc_dev_dbg(&dev->interface->dev, "%s - modulation=%d", __func__,
1215 dev->poll_mod_curr);
1216
1217 if (tg != 1)
1218 return -EPROTO;
1219
1220 memset(&nfc_tgt, 0, sizeof(struct nfc_target));
1221
1222 switch (dev->poll_mod_curr) {
1223 case PN533_POLL_MOD_106KBPS_A:
1224 rc = pn533_target_found_type_a(&nfc_tgt, tgdata, tgdata_len);
1225 break;
1226 case PN533_POLL_MOD_212KBPS_FELICA:
1227 case PN533_POLL_MOD_424KBPS_FELICA:
1228 rc = pn533_target_found_felica(&nfc_tgt, tgdata, tgdata_len);
1229 break;
1230 case PN533_POLL_MOD_106KBPS_JEWEL:
1231 rc = pn533_target_found_jewel(&nfc_tgt, tgdata, tgdata_len);
1232 break;
1233 case PN533_POLL_MOD_847KBPS_B:
1234 rc = pn533_target_found_type_b(&nfc_tgt, tgdata, tgdata_len);
1235 break;
1236 default:
1237 nfc_dev_err(&dev->interface->dev,
1238 "Unknown current poll modulation");
1239 return -EPROTO;
1240 }
1241
1242 if (rc)
1243 return rc;
1244
1245 if (!(nfc_tgt.supported_protocols & dev->poll_protocols)) {
1246 nfc_dev_dbg(&dev->interface->dev,
1247 "The Tg found doesn't have the desired protocol");
1248 return -EAGAIN;
1249 }
1250
1251 nfc_dev_dbg(&dev->interface->dev,
1252 "Target found - supported protocols: 0x%x",
1253 nfc_tgt.supported_protocols);
1254
1255 dev->tgt_available_prots = nfc_tgt.supported_protocols;
1256
1257 nfc_targets_found(dev->nfc_dev, &nfc_tgt, 1);
1258
1259 return 0;
1260 }
1261
1262 static inline void pn533_poll_next_mod(struct pn533 *dev)
1263 {
1264 dev->poll_mod_curr = (dev->poll_mod_curr + 1) % dev->poll_mod_count;
1265 }
1266
1267 static void pn533_poll_reset_mod_list(struct pn533 *dev)
1268 {
1269 dev->poll_mod_count = 0;
1270 }
1271
1272 static void pn533_poll_add_mod(struct pn533 *dev, u8 mod_index)
1273 {
1274 dev->poll_mod_active[dev->poll_mod_count] =
1275 (struct pn533_poll_modulations *)&poll_mod[mod_index];
1276 dev->poll_mod_count++;
1277 }
1278
1279 static void pn533_poll_create_mod_list(struct pn533 *dev,
1280 u32 im_protocols, u32 tm_protocols)
1281 {
1282 pn533_poll_reset_mod_list(dev);
1283
1284 if ((im_protocols & NFC_PROTO_MIFARE_MASK) ||
1285 (im_protocols & NFC_PROTO_ISO14443_MASK) ||
1286 (im_protocols & NFC_PROTO_NFC_DEP_MASK))
1287 pn533_poll_add_mod(dev, PN533_POLL_MOD_106KBPS_A);
1288
1289 if (im_protocols & NFC_PROTO_FELICA_MASK ||
1290 im_protocols & NFC_PROTO_NFC_DEP_MASK) {
1291 pn533_poll_add_mod(dev, PN533_POLL_MOD_212KBPS_FELICA);
1292 pn533_poll_add_mod(dev, PN533_POLL_MOD_424KBPS_FELICA);
1293 }
1294
1295 if (im_protocols & NFC_PROTO_JEWEL_MASK)
1296 pn533_poll_add_mod(dev, PN533_POLL_MOD_106KBPS_JEWEL);
1297
1298 if (im_protocols & NFC_PROTO_ISO14443_B_MASK)
1299 pn533_poll_add_mod(dev, PN533_POLL_MOD_847KBPS_B);
1300
1301 if (tm_protocols)
1302 pn533_poll_add_mod(dev, PN533_LISTEN_MOD);
1303 }
1304
1305 static int pn533_start_poll_complete(struct pn533 *dev, struct sk_buff *resp)
1306 {
1307 u8 nbtg, tg, *tgdata;
1308 int rc, tgdata_len;
1309
1310 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1311
1312 nbtg = resp->data[0];
1313 tg = resp->data[1];
1314 tgdata = &resp->data[2];
1315 tgdata_len = resp->len - 2; /* nbtg + tg */
1316
1317 if (nbtg) {
1318 rc = pn533_target_found(dev, tg, tgdata, tgdata_len);
1319
1320 /* We must stop the poll after a valid target found */
1321 if (rc == 0) {
1322 pn533_poll_reset_mod_list(dev);
1323 return 0;
1324 }
1325 }
1326
1327 return -EAGAIN;
1328 }
1329
1330 static struct sk_buff *pn533_alloc_poll_tg_frame(u8 *gbytes, size_t gbytes_len)
1331 {
1332 struct sk_buff *skb;
1333 u8 *felica, *nfcid3, *gb;
1334
1335 u8 felica_params[18] = {0x1, 0xfe, /* DEP */
1336 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, /* random */
1337 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
1338 0xff, 0xff}; /* System code */
1339
1340 u8 mifare_params[6] = {0x1, 0x1, /* SENS_RES */
1341 0x0, 0x0, 0x0,
1342 0x40}; /* SEL_RES for DEP */
1343
1344 unsigned int skb_len = 36 + /* mode (1), mifare (6),
1345 felica (18), nfcid3 (10), gb_len (1) */
1346 gbytes_len +
1347 1; /* len Tk*/
1348
1349 skb = pn533_alloc_skb(skb_len);
1350 if (!skb)
1351 return NULL;
1352
1353 /* DEP support only */
1354 *skb_put(skb, 1) |= PN533_INIT_TARGET_DEP;
1355
1356 /* MIFARE params */
1357 memcpy(skb_put(skb, 6), mifare_params, 6);
1358
1359 /* Felica params */
1360 felica = skb_put(skb, 18);
1361 memcpy(felica, felica_params, 18);
1362 get_random_bytes(felica + 2, 6);
1363
1364 /* NFCID3 */
1365 nfcid3 = skb_put(skb, 10);
1366 memset(nfcid3, 0, 10);
1367 memcpy(nfcid3, felica, 8);
1368
1369 /* General bytes */
1370 *skb_put(skb, 1) = gbytes_len;
1371
1372 gb = skb_put(skb, gbytes_len);
1373 memcpy(gb, gbytes, gbytes_len);
1374
1375 /* Len Tk */
1376 *skb_put(skb, 1) = 0;
1377
1378 return skb;
1379 }
1380
1381 #define PN533_CMD_DATAEXCH_HEAD_LEN 1
1382 #define PN533_CMD_DATAEXCH_DATA_MAXLEN 262
1383 static int pn533_tm_get_data_complete(struct pn533 *dev, void *arg,
1384 struct sk_buff *resp)
1385 {
1386 u8 status;
1387
1388 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1389
1390 if (IS_ERR(resp))
1391 return PTR_ERR(resp);
1392
1393 status = resp->data[0];
1394 skb_pull(resp, sizeof(status));
1395
1396 if (status != 0) {
1397 nfc_tm_deactivated(dev->nfc_dev);
1398 dev->tgt_mode = 0;
1399 dev_kfree_skb(resp);
1400 return 0;
1401 }
1402
1403 return nfc_tm_data_received(dev->nfc_dev, resp);
1404 }
1405
1406 static void pn533_wq_tg_get_data(struct work_struct *work)
1407 {
1408 struct pn533 *dev = container_of(work, struct pn533, tg_work);
1409
1410 struct sk_buff *skb;
1411 int rc;
1412
1413 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1414
1415 skb = pn533_alloc_skb(0);
1416 if (!skb)
1417 return;
1418
1419 rc = pn533_send_data_async(dev, PN533_CMD_TG_GET_DATA, skb,
1420 pn533_tm_get_data_complete, NULL);
1421
1422 if (rc < 0)
1423 dev_kfree_skb(skb);
1424
1425 return;
1426 }
1427
1428 #define ATR_REQ_GB_OFFSET 17
1429 static int pn533_init_target_complete(struct pn533 *dev, struct sk_buff *resp)
1430 {
1431 u8 mode, *cmd, comm_mode = NFC_COMM_PASSIVE, *gb;
1432 size_t gb_len;
1433 int rc;
1434
1435 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1436
1437 if (resp->len < ATR_REQ_GB_OFFSET + 1)
1438 return -EINVAL;
1439
1440 mode = resp->data[0];
1441 cmd = &resp->data[1];
1442
1443 nfc_dev_dbg(&dev->interface->dev, "Target mode 0x%x len %d\n",
1444 mode, resp->len);
1445
1446 if ((mode & PN533_INIT_TARGET_RESP_FRAME_MASK) ==
1447 PN533_INIT_TARGET_RESP_ACTIVE)
1448 comm_mode = NFC_COMM_ACTIVE;
1449
1450 if ((mode & PN533_INIT_TARGET_RESP_DEP) == 0) /* Only DEP supported */
1451 return -EOPNOTSUPP;
1452
1453 gb = cmd + ATR_REQ_GB_OFFSET;
1454 gb_len = resp->len - (ATR_REQ_GB_OFFSET + 1);
1455
1456 rc = nfc_tm_activated(dev->nfc_dev, NFC_PROTO_NFC_DEP_MASK,
1457 comm_mode, gb, gb_len);
1458 if (rc < 0) {
1459 nfc_dev_err(&dev->interface->dev,
1460 "Error when signaling target activation");
1461 return rc;
1462 }
1463
1464 dev->tgt_mode = 1;
1465 queue_work(dev->wq, &dev->tg_work);
1466
1467 return 0;
1468 }
1469
1470 static void pn533_listen_mode_timer(unsigned long data)
1471 {
1472 struct pn533 *dev = (struct pn533 *)data;
1473
1474 nfc_dev_dbg(&dev->interface->dev, "Listen mode timeout");
1475
1476 /* An ack will cancel the last issued command (poll) */
1477 pn533_send_ack(dev, GFP_ATOMIC);
1478
1479 dev->cancel_listen = 1;
1480
1481 pn533_poll_next_mod(dev);
1482
1483 queue_work(dev->wq, &dev->poll_work);
1484 }
1485
1486 static int pn533_poll_complete(struct pn533 *dev, void *arg,
1487 struct sk_buff *resp)
1488 {
1489 struct pn533_poll_modulations *cur_mod;
1490 int rc;
1491
1492 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1493
1494 if (IS_ERR(resp)) {
1495 rc = PTR_ERR(resp);
1496
1497 nfc_dev_err(&dev->interface->dev, "%s Poll complete error %d",
1498 __func__, rc);
1499
1500 if (rc == -ENOENT) {
1501 if (dev->poll_mod_count != 0)
1502 return rc;
1503 else
1504 goto stop_poll;
1505 } else if (rc < 0) {
1506 nfc_dev_err(&dev->interface->dev,
1507 "Error %d when running poll", rc);
1508 goto stop_poll;
1509 }
1510 }
1511
1512 cur_mod = dev->poll_mod_active[dev->poll_mod_curr];
1513
1514 if (cur_mod->len == 0) { /* Target mode */
1515 del_timer(&dev->listen_timer);
1516 rc = pn533_init_target_complete(dev, resp);
1517 goto done;
1518 }
1519
1520 /* Initiator mode */
1521 rc = pn533_start_poll_complete(dev, resp);
1522 if (!rc)
1523 goto done;
1524
1525 pn533_poll_next_mod(dev);
1526 queue_work(dev->wq, &dev->poll_work);
1527
1528 done:
1529 dev_kfree_skb(resp);
1530 return rc;
1531
1532 stop_poll:
1533 nfc_dev_err(&dev->interface->dev, "Polling operation has been stopped");
1534
1535 pn533_poll_reset_mod_list(dev);
1536 dev->poll_protocols = 0;
1537 return rc;
1538 }
1539
1540 static struct sk_buff *pn533_alloc_poll_in_frame(struct pn533_poll_modulations
1541 *mod)
1542 {
1543 struct sk_buff *skb;
1544
1545 skb = pn533_alloc_skb(mod->len);
1546 if (!skb)
1547 return NULL;
1548
1549 memcpy(skb_put(skb, mod->len), &mod->data, mod->len);
1550
1551 return skb;
1552 }
1553
1554 static int pn533_send_poll_frame(struct pn533 *dev)
1555 {
1556 struct pn533_poll_modulations *mod;
1557 struct sk_buff *skb;
1558 int rc;
1559 u8 cmd_code;
1560
1561 mod = dev->poll_mod_active[dev->poll_mod_curr];
1562
1563 nfc_dev_dbg(&dev->interface->dev, "%s mod len %d\n",
1564 __func__, mod->len);
1565
1566 if (mod->len == 0) { /* Listen mode */
1567 cmd_code = PN533_CMD_TG_INIT_AS_TARGET;
1568 skb = pn533_alloc_poll_tg_frame(dev->gb, dev->gb_len);
1569 } else { /* Polling mode */
1570 cmd_code = PN533_CMD_IN_LIST_PASSIVE_TARGET;
1571 skb = pn533_alloc_poll_in_frame(mod);
1572 }
1573
1574 if (!skb) {
1575 nfc_dev_err(&dev->interface->dev, "Failed to allocate skb.");
1576 return -ENOMEM;
1577 }
1578
1579 rc = pn533_send_cmd_async(dev, cmd_code, skb, pn533_poll_complete,
1580 NULL);
1581 if (rc < 0) {
1582 dev_kfree_skb(skb);
1583 nfc_dev_err(&dev->interface->dev, "Polling loop error %d", rc);
1584 }
1585
1586 return rc;
1587 }
1588
1589 static void pn533_wq_poll(struct work_struct *work)
1590 {
1591 struct pn533 *dev = container_of(work, struct pn533, poll_work);
1592 struct pn533_poll_modulations *cur_mod;
1593 int rc;
1594
1595 cur_mod = dev->poll_mod_active[dev->poll_mod_curr];
1596
1597 nfc_dev_dbg(&dev->interface->dev,
1598 "%s cancel_listen %d modulation len %d",
1599 __func__, dev->cancel_listen, cur_mod->len);
1600
1601 if (dev->cancel_listen == 1) {
1602 dev->cancel_listen = 0;
1603 usb_kill_urb(dev->in_urb);
1604 }
1605
1606 rc = pn533_send_poll_frame(dev);
1607 if (rc)
1608 return;
1609
1610 if (cur_mod->len == 0 && dev->poll_mod_count > 1)
1611 mod_timer(&dev->listen_timer, jiffies + PN533_LISTEN_TIME * HZ);
1612
1613 return;
1614 }
1615
1616 static int pn533_start_poll(struct nfc_dev *nfc_dev,
1617 u32 im_protocols, u32 tm_protocols)
1618 {
1619 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1620
1621 nfc_dev_dbg(&dev->interface->dev,
1622 "%s: im protocols 0x%x tm protocols 0x%x",
1623 __func__, im_protocols, tm_protocols);
1624
1625 if (dev->tgt_active_prot) {
1626 nfc_dev_err(&dev->interface->dev,
1627 "Cannot poll with a target already activated");
1628 return -EBUSY;
1629 }
1630
1631 if (dev->tgt_mode) {
1632 nfc_dev_err(&dev->interface->dev,
1633 "Cannot poll while already being activated");
1634 return -EBUSY;
1635 }
1636
1637 if (tm_protocols) {
1638 dev->gb = nfc_get_local_general_bytes(nfc_dev, &dev->gb_len);
1639 if (dev->gb == NULL)
1640 tm_protocols = 0;
1641 }
1642
1643 dev->poll_mod_curr = 0;
1644 pn533_poll_create_mod_list(dev, im_protocols, tm_protocols);
1645 dev->poll_protocols = im_protocols;
1646 dev->listen_protocols = tm_protocols;
1647
1648 return pn533_send_poll_frame(dev);
1649 }
1650
1651 static void pn533_stop_poll(struct nfc_dev *nfc_dev)
1652 {
1653 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1654
1655 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1656
1657 del_timer(&dev->listen_timer);
1658
1659 if (!dev->poll_mod_count) {
1660 nfc_dev_dbg(&dev->interface->dev,
1661 "Polling operation was not running");
1662 return;
1663 }
1664
1665 /* An ack will cancel the last issued command (poll) */
1666 pn533_send_ack(dev, GFP_KERNEL);
1667
1668 /* prevent pn533_start_poll_complete to issue a new poll meanwhile */
1669 usb_kill_urb(dev->in_urb);
1670
1671 pn533_poll_reset_mod_list(dev);
1672 }
1673
1674 static int pn533_activate_target_nfcdep(struct pn533 *dev)
1675 {
1676 struct pn533_cmd_activate_response *rsp;
1677 u16 gt_len;
1678 int rc;
1679
1680 struct sk_buff *skb;
1681 struct sk_buff *resp;
1682
1683 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1684
1685 skb = pn533_alloc_skb(sizeof(u8) * 2); /*TG + Next*/
1686 if (!skb)
1687 return -ENOMEM;
1688
1689 *skb_put(skb, sizeof(u8)) = 1; /* TG */
1690 *skb_put(skb, sizeof(u8)) = 0; /* Next */
1691
1692 resp = pn533_send_cmd_sync(dev, PN533_CMD_IN_ATR, skb);
1693 if (IS_ERR(resp))
1694 return PTR_ERR(resp);
1695
1696 rsp = (struct pn533_cmd_activate_response *)resp->data;
1697 rc = rsp->status & PN533_CMD_RET_MASK;
1698 if (rc != PN533_CMD_RET_SUCCESS)
1699 dev_kfree_skb(resp);
1700 return -EIO;
1701
1702 /* ATR_RES general bytes are located at offset 16 */
1703 gt_len = resp->len - 16;
1704 rc = nfc_set_remote_general_bytes(dev->nfc_dev, rsp->gt, gt_len);
1705
1706 dev_kfree_skb(resp);
1707 return rc;
1708 }
1709
1710 static int pn533_activate_target(struct nfc_dev *nfc_dev,
1711 struct nfc_target *target, u32 protocol)
1712 {
1713 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1714 int rc;
1715
1716 nfc_dev_dbg(&dev->interface->dev, "%s - protocol=%u", __func__,
1717 protocol);
1718
1719 if (dev->poll_mod_count) {
1720 nfc_dev_err(&dev->interface->dev,
1721 "Cannot activate while polling");
1722 return -EBUSY;
1723 }
1724
1725 if (dev->tgt_active_prot) {
1726 nfc_dev_err(&dev->interface->dev,
1727 "There is already an active target");
1728 return -EBUSY;
1729 }
1730
1731 if (!dev->tgt_available_prots) {
1732 nfc_dev_err(&dev->interface->dev,
1733 "There is no available target to activate");
1734 return -EINVAL;
1735 }
1736
1737 if (!(dev->tgt_available_prots & (1 << protocol))) {
1738 nfc_dev_err(&dev->interface->dev,
1739 "Target doesn't support requested proto %u",
1740 protocol);
1741 return -EINVAL;
1742 }
1743
1744 if (protocol == NFC_PROTO_NFC_DEP) {
1745 rc = pn533_activate_target_nfcdep(dev);
1746 if (rc) {
1747 nfc_dev_err(&dev->interface->dev,
1748 "Activating target with DEP failed %d", rc);
1749 return rc;
1750 }
1751 }
1752
1753 dev->tgt_active_prot = protocol;
1754 dev->tgt_available_prots = 0;
1755
1756 return 0;
1757 }
1758
1759 static void pn533_deactivate_target(struct nfc_dev *nfc_dev,
1760 struct nfc_target *target)
1761 {
1762 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1763
1764 struct sk_buff *skb;
1765 struct sk_buff *resp;
1766
1767 int rc;
1768
1769 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1770
1771 if (!dev->tgt_active_prot) {
1772 nfc_dev_err(&dev->interface->dev, "There is no active target");
1773 return;
1774 }
1775
1776 dev->tgt_active_prot = 0;
1777 skb_queue_purge(&dev->resp_q);
1778
1779 skb = pn533_alloc_skb(sizeof(u8));
1780 if (!skb)
1781 return;
1782
1783 *skb_put(skb, 1) = 1; /* TG*/
1784
1785 resp = pn533_send_cmd_sync(dev, PN533_CMD_IN_RELEASE, skb);
1786 if (IS_ERR(resp))
1787 return;
1788
1789 rc = resp->data[0] & PN533_CMD_RET_MASK;
1790 if (rc != PN533_CMD_RET_SUCCESS)
1791 nfc_dev_err(&dev->interface->dev,
1792 "Error 0x%x when releasing the target", rc);
1793
1794 dev_kfree_skb(resp);
1795 return;
1796 }
1797
1798
1799 static int pn533_in_dep_link_up_complete(struct pn533 *dev, void *arg,
1800 struct sk_buff *resp)
1801 {
1802 struct pn533_cmd_jump_dep_response *rsp;
1803 u8 target_gt_len;
1804 int rc;
1805 u8 active = *(u8 *)arg;
1806
1807 kfree(arg);
1808
1809 if (IS_ERR(resp))
1810 return PTR_ERR(resp);
1811
1812 if (dev->tgt_available_prots &&
1813 !(dev->tgt_available_prots & (1 << NFC_PROTO_NFC_DEP))) {
1814 nfc_dev_err(&dev->interface->dev,
1815 "The target does not support DEP");
1816 rc = -EINVAL;
1817 goto error;
1818 }
1819
1820 rsp = (struct pn533_cmd_jump_dep_response *)resp->data;
1821
1822 rc = rsp->status & PN533_CMD_RET_MASK;
1823 if (rc != PN533_CMD_RET_SUCCESS) {
1824 nfc_dev_err(&dev->interface->dev,
1825 "Bringing DEP link up failed %d", rc);
1826 goto error;
1827 }
1828
1829 if (!dev->tgt_available_prots) {
1830 struct nfc_target nfc_target;
1831
1832 nfc_dev_dbg(&dev->interface->dev, "Creating new target");
1833
1834 nfc_target.supported_protocols = NFC_PROTO_NFC_DEP_MASK;
1835 nfc_target.nfcid1_len = 10;
1836 memcpy(nfc_target.nfcid1, rsp->nfcid3t, nfc_target.nfcid1_len);
1837 rc = nfc_targets_found(dev->nfc_dev, &nfc_target, 1);
1838 if (rc)
1839 goto error;
1840
1841 dev->tgt_available_prots = 0;
1842 }
1843
1844 dev->tgt_active_prot = NFC_PROTO_NFC_DEP;
1845
1846 /* ATR_RES general bytes are located at offset 17 */
1847 target_gt_len = resp->len - 17;
1848 rc = nfc_set_remote_general_bytes(dev->nfc_dev,
1849 rsp->gt, target_gt_len);
1850 if (rc == 0)
1851 rc = nfc_dep_link_is_up(dev->nfc_dev,
1852 dev->nfc_dev->targets[0].idx,
1853 !active, NFC_RF_INITIATOR);
1854
1855 error:
1856 dev_kfree_skb(resp);
1857 return rc;
1858 }
1859
1860 static int pn533_mod_to_baud(struct pn533 *dev)
1861 {
1862 switch (dev->poll_mod_curr) {
1863 case PN533_POLL_MOD_106KBPS_A:
1864 return 0;
1865 case PN533_POLL_MOD_212KBPS_FELICA:
1866 return 1;
1867 case PN533_POLL_MOD_424KBPS_FELICA:
1868 return 2;
1869 default:
1870 return -EINVAL;
1871 }
1872 }
1873
1874 #define PASSIVE_DATA_LEN 5
1875 static int pn533_dep_link_up(struct nfc_dev *nfc_dev, struct nfc_target *target,
1876 u8 comm_mode, u8 *gb, size_t gb_len)
1877 {
1878 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1879 struct sk_buff *skb;
1880 int rc, baud, skb_len;
1881 u8 *next, *arg;
1882
1883 u8 passive_data[PASSIVE_DATA_LEN] = {0x00, 0xff, 0xff, 0x00, 0x3};
1884
1885 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1886
1887 if (dev->poll_mod_count) {
1888 nfc_dev_err(&dev->interface->dev,
1889 "Cannot bring the DEP link up while polling");
1890 return -EBUSY;
1891 }
1892
1893 if (dev->tgt_active_prot) {
1894 nfc_dev_err(&dev->interface->dev,
1895 "There is already an active target");
1896 return -EBUSY;
1897 }
1898
1899 baud = pn533_mod_to_baud(dev);
1900 if (baud < 0) {
1901 nfc_dev_err(&dev->interface->dev,
1902 "Invalid curr modulation %d", dev->poll_mod_curr);
1903 return baud;
1904 }
1905
1906 skb_len = 3 + gb_len; /* ActPass + BR + Next */
1907 if (comm_mode == NFC_COMM_PASSIVE)
1908 skb_len += PASSIVE_DATA_LEN;
1909
1910 skb = pn533_alloc_skb(skb_len);
1911 if (!skb)
1912 return -ENOMEM;
1913
1914 *skb_put(skb, 1) = !comm_mode; /* ActPass */
1915 *skb_put(skb, 1) = baud; /* Baud rate */
1916
1917 next = skb_put(skb, 1); /* Next */
1918 *next = 0;
1919
1920 if (comm_mode == NFC_COMM_PASSIVE && baud > 0) {
1921 memcpy(skb_put(skb, PASSIVE_DATA_LEN), passive_data,
1922 PASSIVE_DATA_LEN);
1923 *next |= 1;
1924 }
1925
1926 if (gb != NULL && gb_len > 0) {
1927 memcpy(skb_put(skb, gb_len), gb, gb_len);
1928 *next |= 4; /* We have some Gi */
1929 } else {
1930 *next = 0;
1931 }
1932
1933 arg = kmalloc(sizeof(*arg), GFP_KERNEL);
1934 if (!arg) {
1935 dev_kfree_skb(skb);
1936 return -ENOMEM;
1937 }
1938
1939 *arg = !comm_mode;
1940
1941 rc = pn533_send_cmd_async(dev, PN533_CMD_IN_JUMP_FOR_DEP, skb,
1942 pn533_in_dep_link_up_complete, arg);
1943
1944 if (rc < 0) {
1945 dev_kfree_skb(skb);
1946 kfree(arg);
1947 }
1948
1949 return rc;
1950 }
1951
1952 static int pn533_dep_link_down(struct nfc_dev *nfc_dev)
1953 {
1954 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1955
1956 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1957
1958 pn533_poll_reset_mod_list(dev);
1959
1960 if (dev->tgt_mode || dev->tgt_active_prot) {
1961 pn533_send_ack(dev, GFP_KERNEL);
1962 usb_kill_urb(dev->in_urb);
1963 }
1964
1965 dev->tgt_active_prot = 0;
1966 dev->tgt_mode = 0;
1967
1968 skb_queue_purge(&dev->resp_q);
1969
1970 return 0;
1971 }
1972
1973 struct pn533_data_exchange_arg {
1974 data_exchange_cb_t cb;
1975 void *cb_context;
1976 };
1977
1978 static struct sk_buff *pn533_build_response(struct pn533 *dev)
1979 {
1980 struct sk_buff *skb, *tmp, *t;
1981 unsigned int skb_len = 0, tmp_len = 0;
1982
1983 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1984
1985 if (skb_queue_empty(&dev->resp_q))
1986 return NULL;
1987
1988 if (skb_queue_len(&dev->resp_q) == 1) {
1989 skb = skb_dequeue(&dev->resp_q);
1990 goto out;
1991 }
1992
1993 skb_queue_walk_safe(&dev->resp_q, tmp, t)
1994 skb_len += tmp->len;
1995
1996 nfc_dev_dbg(&dev->interface->dev, "%s total length %d\n",
1997 __func__, skb_len);
1998
1999 skb = alloc_skb(skb_len, GFP_KERNEL);
2000 if (skb == NULL)
2001 goto out;
2002
2003 skb_put(skb, skb_len);
2004
2005 skb_queue_walk_safe(&dev->resp_q, tmp, t) {
2006 memcpy(skb->data + tmp_len, tmp->data, tmp->len);
2007 tmp_len += tmp->len;
2008 }
2009
2010 out:
2011 skb_queue_purge(&dev->resp_q);
2012
2013 return skb;
2014 }
2015
2016 static int pn533_data_exchange_complete(struct pn533 *dev, void *_arg,
2017 struct sk_buff *resp)
2018 {
2019 struct pn533_data_exchange_arg *arg = _arg;
2020 struct sk_buff *skb;
2021 int rc = 0;
2022 u8 status, ret, mi;
2023
2024 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2025
2026 if (IS_ERR(resp)) {
2027 rc = PTR_ERR(resp);
2028 goto _error;
2029 }
2030
2031 status = resp->data[0];
2032 ret = status & PN533_CMD_RET_MASK;
2033 mi = status & PN533_CMD_MI_MASK;
2034
2035 skb_pull(resp, sizeof(status));
2036
2037 if (ret != PN533_CMD_RET_SUCCESS) {
2038 nfc_dev_err(&dev->interface->dev,
2039 "PN533 reported error %d when exchanging data",
2040 ret);
2041 rc = -EIO;
2042 goto error;
2043 }
2044
2045 skb_queue_tail(&dev->resp_q, resp);
2046
2047 if (mi) {
2048 dev->cmd_complete_mi_arg = arg;
2049 queue_work(dev->wq, &dev->mi_work);
2050 return -EINPROGRESS;
2051 }
2052
2053 skb = pn533_build_response(dev);
2054 if (!skb)
2055 goto error;
2056
2057 arg->cb(arg->cb_context, skb, 0);
2058 kfree(arg);
2059 return 0;
2060
2061 error:
2062 dev_kfree_skb(resp);
2063 _error:
2064 skb_queue_purge(&dev->resp_q);
2065 arg->cb(arg->cb_context, NULL, rc);
2066 kfree(arg);
2067 return rc;
2068 }
2069
2070 static int pn533_transceive(struct nfc_dev *nfc_dev,
2071 struct nfc_target *target, struct sk_buff *skb,
2072 data_exchange_cb_t cb, void *cb_context)
2073 {
2074 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
2075 struct pn533_data_exchange_arg *arg = NULL;
2076 int rc;
2077
2078 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2079
2080 if (skb->len > PN533_CMD_DATAEXCH_DATA_MAXLEN) {
2081 /* TODO: Implement support to multi-part data exchange */
2082 nfc_dev_err(&dev->interface->dev,
2083 "Data length greater than the max allowed: %d",
2084 PN533_CMD_DATAEXCH_DATA_MAXLEN);
2085 rc = -ENOSYS;
2086 goto error;
2087 }
2088
2089 if (!dev->tgt_active_prot) {
2090 nfc_dev_err(&dev->interface->dev,
2091 "Can't exchange data if there is no active target");
2092 rc = -EINVAL;
2093 goto error;
2094 }
2095
2096 arg = kmalloc(sizeof(*arg), GFP_KERNEL);
2097 if (!arg) {
2098 rc = -ENOMEM;
2099 goto error;
2100 }
2101
2102 arg->cb = cb;
2103 arg->cb_context = cb_context;
2104
2105 switch (dev->device_type) {
2106 case PN533_DEVICE_PASORI:
2107 if (dev->tgt_active_prot == NFC_PROTO_FELICA) {
2108 rc = pn533_send_data_async(dev, PN533_CMD_IN_COMM_THRU,
2109 skb,
2110 pn533_data_exchange_complete,
2111 arg);
2112
2113 break;
2114 }
2115 default:
2116 *skb_push(skb, sizeof(u8)) = 1; /*TG*/
2117
2118 rc = pn533_send_data_async(dev, PN533_CMD_IN_DATA_EXCHANGE,
2119 skb, pn533_data_exchange_complete,
2120 arg);
2121
2122 break;
2123 }
2124
2125 if (rc < 0) /* rc from send_async */
2126 goto error;
2127
2128 return 0;
2129
2130 error:
2131 kfree(arg);
2132 dev_kfree_skb(skb);
2133 return rc;
2134 }
2135
2136 static int pn533_tm_send_complete(struct pn533 *dev, void *arg,
2137 struct sk_buff *resp)
2138 {
2139 u8 status;
2140
2141 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2142
2143 if (IS_ERR(resp))
2144 return PTR_ERR(resp);
2145
2146 status = resp->data[0];
2147
2148 dev_kfree_skb(resp);
2149
2150 if (status != 0) {
2151 nfc_tm_deactivated(dev->nfc_dev);
2152
2153 dev->tgt_mode = 0;
2154
2155 return 0;
2156 }
2157
2158 queue_work(dev->wq, &dev->tg_work);
2159
2160 return 0;
2161 }
2162
2163 static int pn533_tm_send(struct nfc_dev *nfc_dev, struct sk_buff *skb)
2164 {
2165 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
2166 int rc;
2167
2168 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2169
2170 if (skb->len > PN533_CMD_DATAEXCH_DATA_MAXLEN) {
2171 nfc_dev_err(&dev->interface->dev,
2172 "Data length greater than the max allowed: %d",
2173 PN533_CMD_DATAEXCH_DATA_MAXLEN);
2174 return -ENOSYS;
2175 }
2176
2177 rc = pn533_send_data_async(dev, PN533_CMD_TG_SET_DATA, skb,
2178 pn533_tm_send_complete, NULL);
2179 if (rc < 0)
2180 dev_kfree_skb(skb);
2181
2182 return rc;
2183 }
2184
2185 static void pn533_wq_mi_recv(struct work_struct *work)
2186 {
2187 struct pn533 *dev = container_of(work, struct pn533, mi_work);
2188
2189 struct sk_buff *skb;
2190 int rc;
2191
2192 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2193
2194 skb = pn533_alloc_skb(PN533_CMD_DATAEXCH_HEAD_LEN);
2195 if (!skb)
2196 goto error;
2197
2198 switch (dev->device_type) {
2199 case PN533_DEVICE_PASORI:
2200 if (dev->tgt_active_prot == NFC_PROTO_FELICA) {
2201 rc = pn533_send_cmd_direct_async(dev,
2202 PN533_CMD_IN_COMM_THRU,
2203 skb,
2204 pn533_data_exchange_complete,
2205 dev->cmd_complete_mi_arg);
2206
2207 break;
2208 }
2209 default:
2210 *skb_put(skb, sizeof(u8)) = 1; /*TG*/
2211
2212 rc = pn533_send_cmd_direct_async(dev,
2213 PN533_CMD_IN_DATA_EXCHANGE,
2214 skb,
2215 pn533_data_exchange_complete,
2216 dev->cmd_complete_mi_arg);
2217
2218 break;
2219 }
2220
2221 if (rc == 0) /* success */
2222 return;
2223
2224 nfc_dev_err(&dev->interface->dev,
2225 "Error %d when trying to perform data_exchange", rc);
2226
2227 dev_kfree_skb(skb);
2228 kfree(dev->cmd_complete_arg);
2229
2230 error:
2231 pn533_send_ack(dev, GFP_KERNEL);
2232 queue_work(dev->wq, &dev->cmd_work);
2233 }
2234
2235 static int pn533_set_configuration(struct pn533 *dev, u8 cfgitem, u8 *cfgdata,
2236 u8 cfgdata_len)
2237 {
2238 struct sk_buff *skb;
2239 struct sk_buff *resp;
2240
2241 int skb_len;
2242
2243 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2244
2245 skb_len = sizeof(cfgitem) + cfgdata_len; /* cfgitem + cfgdata */
2246
2247 skb = pn533_alloc_skb(skb_len);
2248 if (!skb)
2249 return -ENOMEM;
2250
2251 *skb_put(skb, sizeof(cfgitem)) = cfgitem;
2252 memcpy(skb_put(skb, cfgdata_len), cfgdata, cfgdata_len);
2253
2254 resp = pn533_send_cmd_sync(dev, PN533_CMD_RF_CONFIGURATION, skb);
2255 if (IS_ERR(resp))
2256 return PTR_ERR(resp);
2257
2258 dev_kfree_skb(resp);
2259 return 0;
2260 }
2261
2262 static int pn533_get_firmware_version(struct pn533 *dev,
2263 struct pn533_fw_version *fv)
2264 {
2265 struct sk_buff *skb;
2266 struct sk_buff *resp;
2267
2268 skb = pn533_alloc_skb(0);
2269 if (!skb)
2270 return -ENOMEM;
2271
2272 resp = pn533_send_cmd_sync(dev, PN533_CMD_GET_FIRMWARE_VERSION, skb);
2273 if (IS_ERR(resp))
2274 return PTR_ERR(resp);
2275
2276 fv->ic = resp->data[0];
2277 fv->ver = resp->data[1];
2278 fv->rev = resp->data[2];
2279 fv->support = resp->data[3];
2280
2281 dev_kfree_skb(resp);
2282 return 0;
2283 }
2284
2285 static int pn533_fw_reset(struct pn533 *dev)
2286 {
2287 struct sk_buff *skb;
2288 struct sk_buff *resp;
2289
2290 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2291
2292 skb = pn533_alloc_skb(sizeof(u8));
2293 if (!skb)
2294 return -ENOMEM;
2295
2296 *skb_put(skb, sizeof(u8)) = 0x1;
2297
2298 resp = pn533_send_cmd_sync(dev, 0x18, skb);
2299 if (IS_ERR(resp))
2300 return PTR_ERR(resp);
2301
2302 dev_kfree_skb(resp);
2303
2304 return 0;
2305 }
2306
2307 static struct nfc_ops pn533_nfc_ops = {
2308 .dev_up = NULL,
2309 .dev_down = NULL,
2310 .dep_link_up = pn533_dep_link_up,
2311 .dep_link_down = pn533_dep_link_down,
2312 .start_poll = pn533_start_poll,
2313 .stop_poll = pn533_stop_poll,
2314 .activate_target = pn533_activate_target,
2315 .deactivate_target = pn533_deactivate_target,
2316 .im_transceive = pn533_transceive,
2317 .tm_send = pn533_tm_send,
2318 };
2319
2320 static int pn533_setup(struct pn533 *dev)
2321 {
2322 struct pn533_config_max_retries max_retries;
2323 struct pn533_config_timing timing;
2324 u8 pasori_cfg[3] = {0x08, 0x01, 0x08};
2325 int rc;
2326
2327 switch (dev->device_type) {
2328 case PN533_DEVICE_STD:
2329 max_retries.mx_rty_atr = PN533_CONFIG_MAX_RETRIES_ENDLESS;
2330 max_retries.mx_rty_psl = 2;
2331 max_retries.mx_rty_passive_act =
2332 PN533_CONFIG_MAX_RETRIES_NO_RETRY;
2333
2334 timing.rfu = PN533_CONFIG_TIMING_102;
2335 timing.atr_res_timeout = PN533_CONFIG_TIMING_204;
2336 timing.dep_timeout = PN533_CONFIG_TIMING_409;
2337
2338 break;
2339
2340 case PN533_DEVICE_PASORI:
2341 max_retries.mx_rty_atr = 0x2;
2342 max_retries.mx_rty_psl = 0x1;
2343 max_retries.mx_rty_passive_act =
2344 PN533_CONFIG_MAX_RETRIES_NO_RETRY;
2345
2346 timing.rfu = PN533_CONFIG_TIMING_102;
2347 timing.atr_res_timeout = PN533_CONFIG_TIMING_102;
2348 timing.dep_timeout = PN533_CONFIG_TIMING_204;
2349
2350 break;
2351
2352 default:
2353 nfc_dev_err(&dev->interface->dev, "Unknown device type %d\n",
2354 dev->device_type);
2355 return -EINVAL;
2356 }
2357
2358 rc = pn533_set_configuration(dev, PN533_CFGITEM_MAX_RETRIES,
2359 (u8 *)&max_retries, sizeof(max_retries));
2360 if (rc) {
2361 nfc_dev_err(&dev->interface->dev,
2362 "Error on setting MAX_RETRIES config");
2363 return rc;
2364 }
2365
2366
2367 rc = pn533_set_configuration(dev, PN533_CFGITEM_TIMING,
2368 (u8 *)&timing, sizeof(timing));
2369 if (rc) {
2370 nfc_dev_err(&dev->interface->dev,
2371 "Error on setting RF timings");
2372 return rc;
2373 }
2374
2375 switch (dev->device_type) {
2376 case PN533_DEVICE_STD:
2377 break;
2378
2379 case PN533_DEVICE_PASORI:
2380 pn533_fw_reset(dev);
2381
2382 rc = pn533_set_configuration(dev, PN533_CFGITEM_PASORI,
2383 pasori_cfg, 3);
2384 if (rc) {
2385 nfc_dev_err(&dev->interface->dev,
2386 "Error while settings PASORI config");
2387 return rc;
2388 }
2389
2390 pn533_fw_reset(dev);
2391
2392 break;
2393 }
2394
2395 return 0;
2396 }
2397
2398 static int pn533_probe(struct usb_interface *interface,
2399 const struct usb_device_id *id)
2400 {
2401 struct pn533_fw_version fw_ver;
2402 struct pn533 *dev;
2403 struct usb_host_interface *iface_desc;
2404 struct usb_endpoint_descriptor *endpoint;
2405 int in_endpoint = 0;
2406 int out_endpoint = 0;
2407 int rc = -ENOMEM;
2408 int i;
2409 u32 protocols;
2410
2411 dev = kzalloc(sizeof(*dev), GFP_KERNEL);
2412 if (!dev)
2413 return -ENOMEM;
2414
2415 dev->udev = usb_get_dev(interface_to_usbdev(interface));
2416 dev->interface = interface;
2417 mutex_init(&dev->cmd_lock);
2418
2419 iface_desc = interface->cur_altsetting;
2420 for (i = 0; i < iface_desc->desc.bNumEndpoints; ++i) {
2421 endpoint = &iface_desc->endpoint[i].desc;
2422
2423 if (!in_endpoint && usb_endpoint_is_bulk_in(endpoint))
2424 in_endpoint = endpoint->bEndpointAddress;
2425
2426 if (!out_endpoint && usb_endpoint_is_bulk_out(endpoint))
2427 out_endpoint = endpoint->bEndpointAddress;
2428 }
2429
2430 if (!in_endpoint || !out_endpoint) {
2431 nfc_dev_err(&interface->dev,
2432 "Could not find bulk-in or bulk-out endpoint");
2433 rc = -ENODEV;
2434 goto error;
2435 }
2436
2437 dev->in_urb = usb_alloc_urb(0, GFP_KERNEL);
2438 dev->out_frame = kmalloc(PN533_NORMAL_FRAME_MAX_LEN, GFP_KERNEL);
2439 dev->out_urb = usb_alloc_urb(0, GFP_KERNEL);
2440
2441 if (!dev->out_frame || !dev->in_urb || !dev->out_urb)
2442 goto error;
2443
2444 usb_fill_bulk_urb(dev->in_urb, dev->udev,
2445 usb_rcvbulkpipe(dev->udev, in_endpoint),
2446 NULL, 0, NULL, dev);
2447 usb_fill_bulk_urb(dev->out_urb, dev->udev,
2448 usb_sndbulkpipe(dev->udev, out_endpoint),
2449 NULL, 0, pn533_send_complete, dev);
2450
2451 INIT_WORK(&dev->cmd_work, pn533_wq_cmd);
2452 INIT_WORK(&dev->cmd_complete_work, pn533_wq_cmd_complete);
2453 INIT_WORK(&dev->mi_work, pn533_wq_mi_recv);
2454 INIT_WORK(&dev->tg_work, pn533_wq_tg_get_data);
2455 INIT_WORK(&dev->poll_work, pn533_wq_poll);
2456 dev->wq = alloc_ordered_workqueue("pn533", 0);
2457 if (dev->wq == NULL)
2458 goto error;
2459
2460 init_timer(&dev->listen_timer);
2461 dev->listen_timer.data = (unsigned long) dev;
2462 dev->listen_timer.function = pn533_listen_mode_timer;
2463
2464 skb_queue_head_init(&dev->resp_q);
2465
2466 INIT_LIST_HEAD(&dev->cmd_queue);
2467
2468 usb_set_intfdata(interface, dev);
2469
2470 memset(&fw_ver, 0, sizeof(fw_ver));
2471 rc = pn533_get_firmware_version(dev, &fw_ver);
2472 if (rc < 0)
2473 goto destroy_wq;
2474
2475 nfc_dev_info(&dev->interface->dev,
2476 "NXP PN533 firmware ver %d.%d now attached",
2477 fw_ver.ver, fw_ver.rev);
2478
2479 dev->device_type = id->driver_info;
2480 switch (dev->device_type) {
2481 case PN533_DEVICE_STD:
2482 protocols = PN533_ALL_PROTOCOLS;
2483 break;
2484
2485 case PN533_DEVICE_PASORI:
2486 protocols = PN533_NO_TYPE_B_PROTOCOLS;
2487 break;
2488
2489 default:
2490 nfc_dev_err(&dev->interface->dev, "Unknown device type %d\n",
2491 dev->device_type);
2492 rc = -EINVAL;
2493 goto destroy_wq;
2494 }
2495
2496 dev->nfc_dev = nfc_allocate_device(&pn533_nfc_ops, protocols,
2497 PN533_FRAME_HEADER_LEN +
2498 PN533_CMD_DATAEXCH_HEAD_LEN,
2499 PN533_FRAME_TAIL_LEN);
2500 if (!dev->nfc_dev)
2501 goto destroy_wq;
2502
2503 nfc_set_parent_dev(dev->nfc_dev, &interface->dev);
2504 nfc_set_drvdata(dev->nfc_dev, dev);
2505
2506 rc = nfc_register_device(dev->nfc_dev);
2507 if (rc)
2508 goto free_nfc_dev;
2509
2510 rc = pn533_setup(dev);
2511 if (rc)
2512 goto unregister_nfc_dev;
2513
2514 return 0;
2515
2516 unregister_nfc_dev:
2517 nfc_unregister_device(dev->nfc_dev);
2518
2519 free_nfc_dev:
2520 nfc_free_device(dev->nfc_dev);
2521
2522 destroy_wq:
2523 destroy_workqueue(dev->wq);
2524 error:
2525 usb_free_urb(dev->in_urb);
2526 kfree(dev->out_frame);
2527 usb_free_urb(dev->out_urb);
2528 kfree(dev);
2529 return rc;
2530 }
2531
2532 static void pn533_disconnect(struct usb_interface *interface)
2533 {
2534 struct pn533 *dev;
2535 struct pn533_cmd *cmd, *n;
2536
2537 dev = usb_get_intfdata(interface);
2538 usb_set_intfdata(interface, NULL);
2539
2540 nfc_unregister_device(dev->nfc_dev);
2541 nfc_free_device(dev->nfc_dev);
2542
2543 usb_kill_urb(dev->in_urb);
2544 usb_kill_urb(dev->out_urb);
2545
2546 destroy_workqueue(dev->wq);
2547
2548 skb_queue_purge(&dev->resp_q);
2549
2550 del_timer(&dev->listen_timer);
2551
2552 list_for_each_entry_safe(cmd, n, &dev->cmd_queue, queue) {
2553 list_del(&cmd->queue);
2554 kfree(cmd);
2555 }
2556
2557 usb_free_urb(dev->in_urb);
2558 kfree(dev->out_frame);
2559 usb_free_urb(dev->out_urb);
2560 kfree(dev);
2561
2562 nfc_dev_info(&interface->dev, "NXP PN533 NFC device disconnected");
2563 }
2564
2565 static struct usb_driver pn533_driver = {
2566 .name = "pn533",
2567 .probe = pn533_probe,
2568 .disconnect = pn533_disconnect,
2569 .id_table = pn533_table,
2570 };
2571
2572 module_usb_driver(pn533_driver);
2573
2574 MODULE_AUTHOR("Lauro Ramos Venancio <lauro.venancio@openbossa.org>,"
2575 " Aloisio Almeida Jr <aloisio.almeida@openbossa.org>");
2576 MODULE_DESCRIPTION("PN533 usb driver ver " VERSION);
2577 MODULE_VERSION(VERSION);
2578 MODULE_LICENSE("GPL");
ubuntu-zesty-kernel mirror