]> git.proxmox.com Git - mirror_ubuntu-zesty-kernel.git/blob - drivers/nfc/pn533.c
projects / mirror_ubuntu-zesty-kernel.git / blob
? search:


8e809e083c33e5e6ad40944da9128cd6fc916d0b
[mirror_ubuntu-zesty-kernel.git] / drivers / nfc / pn533.c
1 /*
2 * Copyright (C) 2011 Instituto Nokia de Tecnologia
3 *
4 * Authors:
5 * Lauro Ramos Venancio <lauro.venancio@openbossa.org>
6 * Aloisio Almeida Jr <aloisio.almeida@openbossa.org>
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the
20 * Free Software Foundation, Inc.,
21 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
22 */
23
24 #include <linux/device.h>
25 #include <linux/kernel.h>
26 #include <linux/module.h>
27 #include <linux/slab.h>
28 #include <linux/usb.h>
29 #include <linux/nfc.h>
30 #include <linux/netdevice.h>
31 #include <net/nfc/nfc.h>
32
33 #define VERSION "0.1"
34
35 #define PN533_VENDOR_ID 0x4CC
36 #define PN533_PRODUCT_ID 0x2533
37
38 #define SCM_VENDOR_ID 0x4E6
39 #define SCL3711_PRODUCT_ID 0x5591
40
41 #define SONY_VENDOR_ID 0x054c
42 #define PASORI_PRODUCT_ID 0x02e1
43
44 #define PN533_DEVICE_STD 0x1
45 #define PN533_DEVICE_PASORI 0x2
46
47 #define PN533_ALL_PROTOCOLS (NFC_PROTO_JEWEL_MASK | NFC_PROTO_MIFARE_MASK |\
48 NFC_PROTO_FELICA_MASK | NFC_PROTO_ISO14443_MASK |\
49 NFC_PROTO_NFC_DEP_MASK |\
50 NFC_PROTO_ISO14443_B_MASK)
51
52 #define PN533_NO_TYPE_B_PROTOCOLS (NFC_PROTO_JEWEL_MASK | \
53 NFC_PROTO_MIFARE_MASK | \
54 NFC_PROTO_FELICA_MASK | \
55 NFC_PROTO_ISO14443_MASK | \
56 NFC_PROTO_NFC_DEP_MASK)
57
58 static const struct usb_device_id pn533_table[] = {
59 { .match_flags = USB_DEVICE_ID_MATCH_DEVICE,
60 .idVendor = PN533_VENDOR_ID,
61 .idProduct = PN533_PRODUCT_ID,
62 .driver_info = PN533_DEVICE_STD,
63 },
64 { .match_flags = USB_DEVICE_ID_MATCH_DEVICE,
65 .idVendor = SCM_VENDOR_ID,
66 .idProduct = SCL3711_PRODUCT_ID,
67 .driver_info = PN533_DEVICE_STD,
68 },
69 { .match_flags = USB_DEVICE_ID_MATCH_DEVICE,
70 .idVendor = SONY_VENDOR_ID,
71 .idProduct = PASORI_PRODUCT_ID,
72 .driver_info = PN533_DEVICE_PASORI,
73 },
74 { }
75 };
76 MODULE_DEVICE_TABLE(usb, pn533_table);
77
78 /* How much time we spend listening for initiators */
79 #define PN533_LISTEN_TIME 2
80
81 /* Standard pn533 frame definitions */
82 #define PN533_STD_FRAME_HEADER_LEN (sizeof(struct pn533_std_frame) \
83 + 2) /* data[0] TFI, data[1] CC */
84 #define PN533_STD_FRAME_TAIL_LEN 2 /* data[len] DCS, data[len + 1] postamble*/
85
86 /*
87 * Max extended frame payload len, excluding TFI and CC
88 * which are already in PN533_FRAME_HEADER_LEN.
89 */
90 #define PN533_STD_FRAME_MAX_PAYLOAD_LEN 263
91
92 #define PN533_STD_FRAME_ACK_SIZE 6 /* Preamble (1), SoPC (2), ACK Code (2),
93 Postamble (1) */
94 #define PN533_STD_FRAME_CHECKSUM(f) (f->data[f->datalen])
95 #define PN533_STD_FRAME_POSTAMBLE(f) (f->data[f->datalen + 1])
96
97 /* start of frame */
98 #define PN533_STD_FRAME_SOF 0x00FF
99
100 /* standard frame identifier: in/out/error */
101 #define PN533_STD_FRAME_IDENTIFIER(f) (f->data[0]) /* TFI */
102 #define PN533_STD_FRAME_DIR_OUT 0xD4
103 #define PN533_STD_FRAME_DIR_IN 0xD5
104
105 /* PN533 Commands */
106 #define PN533_STD_FRAME_CMD(f) (f->data[1])
107
108 #define PN533_CMD_GET_FIRMWARE_VERSION 0x02
109 #define PN533_CMD_RF_CONFIGURATION 0x32
110 #define PN533_CMD_IN_DATA_EXCHANGE 0x40
111 #define PN533_CMD_IN_COMM_THRU 0x42
112 #define PN533_CMD_IN_LIST_PASSIVE_TARGET 0x4A
113 #define PN533_CMD_IN_ATR 0x50
114 #define PN533_CMD_IN_RELEASE 0x52
115 #define PN533_CMD_IN_JUMP_FOR_DEP 0x56
116
117 #define PN533_CMD_TG_INIT_AS_TARGET 0x8c
118 #define PN533_CMD_TG_GET_DATA 0x86
119 #define PN533_CMD_TG_SET_DATA 0x8e
120 #define PN533_CMD_UNDEF 0xff
121
122 #define PN533_CMD_RESPONSE(cmd) (cmd + 1)
123
124 /* PN533 Return codes */
125 #define PN533_CMD_RET_MASK 0x3F
126 #define PN533_CMD_MI_MASK 0x40
127 #define PN533_CMD_RET_SUCCESS 0x00
128
129 struct pn533;
130
131 typedef int (*pn533_cmd_complete_t) (struct pn533 *dev, void *arg, int status);
132
133 typedef int (*pn533_send_async_complete_t) (struct pn533 *dev, void *arg,
134 struct sk_buff *resp);
135
136 /* structs for pn533 commands */
137
138 /* PN533_CMD_GET_FIRMWARE_VERSION */
139 struct pn533_fw_version {
140 u8 ic;
141 u8 ver;
142 u8 rev;
143 u8 support;
144 };
145
146 /* PN533_CMD_RF_CONFIGURATION */
147 #define PN533_CFGITEM_TIMING 0x02
148 #define PN533_CFGITEM_MAX_RETRIES 0x05
149 #define PN533_CFGITEM_PASORI 0x82
150
151 #define PN533_CONFIG_TIMING_102 0xb
152 #define PN533_CONFIG_TIMING_204 0xc
153 #define PN533_CONFIG_TIMING_409 0xd
154 #define PN533_CONFIG_TIMING_819 0xe
155
156 #define PN533_CONFIG_MAX_RETRIES_NO_RETRY 0x00
157 #define PN533_CONFIG_MAX_RETRIES_ENDLESS 0xFF
158
159 struct pn533_config_max_retries {
160 u8 mx_rty_atr;
161 u8 mx_rty_psl;
162 u8 mx_rty_passive_act;
163 } __packed;
164
165 struct pn533_config_timing {
166 u8 rfu;
167 u8 atr_res_timeout;
168 u8 dep_timeout;
169 } __packed;
170
171 /* PN533_CMD_IN_LIST_PASSIVE_TARGET */
172
173 /* felica commands opcode */
174 #define PN533_FELICA_OPC_SENSF_REQ 0
175 #define PN533_FELICA_OPC_SENSF_RES 1
176 /* felica SENSF_REQ parameters */
177 #define PN533_FELICA_SENSF_SC_ALL 0xFFFF
178 #define PN533_FELICA_SENSF_RC_NO_SYSTEM_CODE 0
179 #define PN533_FELICA_SENSF_RC_SYSTEM_CODE 1
180 #define PN533_FELICA_SENSF_RC_ADVANCED_PROTOCOL 2
181
182 /* type B initiator_data values */
183 #define PN533_TYPE_B_AFI_ALL_FAMILIES 0
184 #define PN533_TYPE_B_POLL_METHOD_TIMESLOT 0
185 #define PN533_TYPE_B_POLL_METHOD_PROBABILISTIC 1
186
187 union pn533_cmd_poll_initdata {
188 struct {
189 u8 afi;
190 u8 polling_method;
191 } __packed type_b;
192 struct {
193 u8 opcode;
194 __be16 sc;
195 u8 rc;
196 u8 tsn;
197 } __packed felica;
198 };
199
200 /* Poll modulations */
201 enum {
202 PN533_POLL_MOD_106KBPS_A,
203 PN533_POLL_MOD_212KBPS_FELICA,
204 PN533_POLL_MOD_424KBPS_FELICA,
205 PN533_POLL_MOD_106KBPS_JEWEL,
206 PN533_POLL_MOD_847KBPS_B,
207 PN533_LISTEN_MOD,
208
209 __PN533_POLL_MOD_AFTER_LAST,
210 };
211 #define PN533_POLL_MOD_MAX (__PN533_POLL_MOD_AFTER_LAST - 1)
212
213 struct pn533_poll_modulations {
214 struct {
215 u8 maxtg;
216 u8 brty;
217 union pn533_cmd_poll_initdata initiator_data;
218 } __packed data;
219 u8 len;
220 };
221
222 static const struct pn533_poll_modulations poll_mod[] = {
223 [PN533_POLL_MOD_106KBPS_A] = {
224 .data = {
225 .maxtg = 1,
226 .brty = 0,
227 },
228 .len = 2,
229 },
230 [PN533_POLL_MOD_212KBPS_FELICA] = {
231 .data = {
232 .maxtg = 1,
233 .brty = 1,
234 .initiator_data.felica = {
235 .opcode = PN533_FELICA_OPC_SENSF_REQ,
236 .sc = PN533_FELICA_SENSF_SC_ALL,
237 .rc = PN533_FELICA_SENSF_RC_NO_SYSTEM_CODE,
238 .tsn = 0,
239 },
240 },
241 .len = 7,
242 },
243 [PN533_POLL_MOD_424KBPS_FELICA] = {
244 .data = {
245 .maxtg = 1,
246 .brty = 2,
247 .initiator_data.felica = {
248 .opcode = PN533_FELICA_OPC_SENSF_REQ,
249 .sc = PN533_FELICA_SENSF_SC_ALL,
250 .rc = PN533_FELICA_SENSF_RC_NO_SYSTEM_CODE,
251 .tsn = 0,
252 },
253 },
254 .len = 7,
255 },
256 [PN533_POLL_MOD_106KBPS_JEWEL] = {
257 .data = {
258 .maxtg = 1,
259 .brty = 4,
260 },
261 .len = 2,
262 },
263 [PN533_POLL_MOD_847KBPS_B] = {
264 .data = {
265 .maxtg = 1,
266 .brty = 8,
267 .initiator_data.type_b = {
268 .afi = PN533_TYPE_B_AFI_ALL_FAMILIES,
269 .polling_method =
270 PN533_TYPE_B_POLL_METHOD_TIMESLOT,
271 },
272 },
273 .len = 3,
274 },
275 [PN533_LISTEN_MOD] = {
276 .len = 0,
277 },
278 };
279
280 /* PN533_CMD_IN_ATR */
281
282 struct pn533_cmd_activate_response {
283 u8 status;
284 u8 nfcid3t[10];
285 u8 didt;
286 u8 bst;
287 u8 brt;
288 u8 to;
289 u8 ppt;
290 /* optional */
291 u8 gt[];
292 } __packed;
293
294 struct pn533_cmd_jump_dep_response {
295 u8 status;
296 u8 tg;
297 u8 nfcid3t[10];
298 u8 didt;
299 u8 bst;
300 u8 brt;
301 u8 to;
302 u8 ppt;
303 /* optional */
304 u8 gt[];
305 } __packed;
306
307
308 /* PN533_TG_INIT_AS_TARGET */
309 #define PN533_INIT_TARGET_PASSIVE 0x1
310 #define PN533_INIT_TARGET_DEP 0x2
311
312 #define PN533_INIT_TARGET_RESP_FRAME_MASK 0x3
313 #define PN533_INIT_TARGET_RESP_ACTIVE 0x1
314 #define PN533_INIT_TARGET_RESP_DEP 0x4
315
316 struct pn533 {
317 struct usb_device *udev;
318 struct usb_interface *interface;
319 struct nfc_dev *nfc_dev;
320
321 struct urb *out_urb;
322 struct urb *in_urb;
323
324 struct sk_buff_head resp_q;
325
326 struct workqueue_struct *wq;
327 struct work_struct cmd_work;
328 struct work_struct cmd_complete_work;
329 struct work_struct poll_work;
330 struct work_struct mi_work;
331 struct work_struct tg_work;
332 struct timer_list listen_timer;
333 int wq_in_error;
334 int cancel_listen;
335
336 pn533_cmd_complete_t cmd_complete;
337 void *cmd_complete_arg;
338 void *cmd_complete_mi_arg;
339 struct mutex cmd_lock;
340 u8 cmd;
341
342 struct pn533_poll_modulations *poll_mod_active[PN533_POLL_MOD_MAX + 1];
343 u8 poll_mod_count;
344 u8 poll_mod_curr;
345 u32 poll_protocols;
346 u32 listen_protocols;
347
348 u8 *gb;
349 size_t gb_len;
350
351 u8 tgt_available_prots;
352 u8 tgt_active_prot;
353 u8 tgt_mode;
354
355 u32 device_type;
356
357 struct list_head cmd_queue;
358 u8 cmd_pending;
359
360 struct pn533_frame_ops *ops;
361 };
362
363 struct pn533_cmd {
364 struct list_head queue;
365 u8 cmd_code;
366 struct sk_buff *req;
367 struct sk_buff *resp;
368 int resp_len;
369 void *arg;
370 };
371
372 struct pn533_std_frame {
373 u8 preamble;
374 __be16 start_frame;
375 u8 datalen;
376 u8 datalen_checksum;
377 u8 data[];
378 } __packed;
379
380 struct pn533_frame_ops {
381 void (*tx_frame_init)(void *frame, u8 cmd_code);
382 void (*tx_frame_finish)(void *frame);
383 void (*tx_update_payload_len)(void *frame, int len);
384 int tx_header_len;
385 int tx_tail_len;
386
387 bool (*rx_is_frame_valid)(void *frame);
388 int (*rx_frame_size)(void *frame);
389 int rx_header_len;
390 int rx_tail_len;
391
392 int max_payload_len;
393 u8 (*get_cmd_code)(void *frame);
394 };
395
396 /* The rule: value + checksum = 0 */
397 static inline u8 pn533_std_checksum(u8 value)
398 {
399 return ~value + 1;
400 }
401
402 /* The rule: sum(data elements) + checksum = 0 */
403 static u8 pn533_std_data_checksum(u8 *data, int datalen)
404 {
405 u8 sum = 0;
406 int i;
407
408 for (i = 0; i < datalen; i++)
409 sum += data[i];
410
411 return pn533_std_checksum(sum);
412 }
413
414 static void pn533_std_tx_frame_init(void *_frame, u8 cmd_code)
415 {
416 struct pn533_std_frame *frame = _frame;
417
418 frame->preamble = 0;
419 frame->start_frame = cpu_to_be16(PN533_STD_FRAME_SOF);
420 PN533_STD_FRAME_IDENTIFIER(frame) = PN533_STD_FRAME_DIR_OUT;
421 PN533_STD_FRAME_CMD(frame) = cmd_code;
422 frame->datalen = 2;
423 }
424
425 static void pn533_std_tx_frame_finish(void *_frame)
426 {
427 struct pn533_std_frame *frame = _frame;
428
429 frame->datalen_checksum = pn533_std_checksum(frame->datalen);
430
431 PN533_STD_FRAME_CHECKSUM(frame) =
432 pn533_std_data_checksum(frame->data, frame->datalen);
433
434 PN533_STD_FRAME_POSTAMBLE(frame) = 0;
435 }
436
437 static void pn533_std_tx_update_payload_len(void *_frame, int len)
438 {
439 struct pn533_std_frame *frame = _frame;
440
441 frame->datalen += len;
442 }
443
444 static bool pn533_std_rx_frame_is_valid(void *_frame)
445 {
446 u8 checksum;
447 struct pn533_std_frame *frame = _frame;
448
449 if (frame->start_frame != cpu_to_be16(PN533_STD_FRAME_SOF))
450 return false;
451
452 checksum = pn533_std_checksum(frame->datalen);
453 if (checksum != frame->datalen_checksum)
454 return false;
455
456 checksum = pn533_std_data_checksum(frame->data, frame->datalen);
457 if (checksum != PN533_STD_FRAME_CHECKSUM(frame))
458 return false;
459
460 return true;
461 }
462
463 static bool pn533_std_rx_frame_is_ack(struct pn533_std_frame *frame)
464 {
465 if (frame->start_frame != cpu_to_be16(PN533_STD_FRAME_SOF))
466 return false;
467
468 if (frame->datalen != 0 || frame->datalen_checksum != 0xFF)
469 return false;
470
471 return true;
472 }
473
474 static inline int pn533_std_rx_frame_size(void *frame)
475 {
476 struct pn533_std_frame *f = frame;
477
478 return sizeof(struct pn533_std_frame) + f->datalen +
479 PN533_STD_FRAME_TAIL_LEN;
480 }
481
482 static u8 pn533_std_get_cmd_code(void *frame)
483 {
484 struct pn533_std_frame *f = frame;
485
486 return PN533_STD_FRAME_CMD(f);
487 }
488
489 static struct pn533_frame_ops pn533_std_frame_ops = {
490 .tx_frame_init = pn533_std_tx_frame_init,
491 .tx_frame_finish = pn533_std_tx_frame_finish,
492 .tx_update_payload_len = pn533_std_tx_update_payload_len,
493 .tx_header_len = PN533_STD_FRAME_HEADER_LEN,
494 .tx_tail_len = PN533_STD_FRAME_TAIL_LEN,
495
496 .rx_is_frame_valid = pn533_std_rx_frame_is_valid,
497 .rx_frame_size = pn533_std_rx_frame_size,
498 .rx_header_len = PN533_STD_FRAME_HEADER_LEN,
499 .rx_tail_len = PN533_STD_FRAME_TAIL_LEN,
500
501 .max_payload_len = PN533_STD_FRAME_MAX_PAYLOAD_LEN,
502 .get_cmd_code = pn533_std_get_cmd_code,
503 };
504
505 static bool pn533_rx_frame_is_cmd_response(struct pn533 *dev, void *frame)
506 {
507 return (dev->ops->get_cmd_code(frame) == PN533_CMD_RESPONSE(dev->cmd));
508 }
509
510
511 static void pn533_wq_cmd_complete(struct work_struct *work)
512 {
513 struct pn533 *dev = container_of(work, struct pn533, cmd_complete_work);
514 int rc;
515
516 rc = dev->cmd_complete(dev, dev->cmd_complete_arg, dev->wq_in_error);
517 if (rc != -EINPROGRESS)
518 queue_work(dev->wq, &dev->cmd_work);
519 }
520
521 static void pn533_recv_response(struct urb *urb)
522 {
523 struct pn533 *dev = urb->context;
524 u8 *in_frame;
525
526 switch (urb->status) {
527 case 0:
528 break; /* success */
529 case -ECONNRESET:
530 case -ENOENT:
531 nfc_dev_dbg(&dev->interface->dev,
532 "The urb has been canceled (status %d)",
533 urb->status);
534 dev->wq_in_error = urb->status;
535 goto sched_wq;
536 case -ESHUTDOWN:
537 default:
538 nfc_dev_err(&dev->interface->dev,
539 "Urb failure (status %d)", urb->status);
540 dev->wq_in_error = urb->status;
541 goto sched_wq;
542 }
543
544 in_frame = dev->in_urb->transfer_buffer;
545
546 nfc_dev_dbg(&dev->interface->dev, "Received a frame.");
547 print_hex_dump_debug("PN533 RX: ", DUMP_PREFIX_NONE, 16, 1, in_frame,
548 dev->ops->rx_frame_size(in_frame), false);
549
550 if (!dev->ops->rx_is_frame_valid(in_frame)) {
551 nfc_dev_err(&dev->interface->dev, "Received an invalid frame");
552 dev->wq_in_error = -EIO;
553 goto sched_wq;
554 }
555
556 if (!pn533_rx_frame_is_cmd_response(dev, in_frame)) {
557 nfc_dev_err(&dev->interface->dev,
558 "It it not the response to the last command");
559 dev->wq_in_error = -EIO;
560 goto sched_wq;
561 }
562
563 dev->wq_in_error = 0;
564
565 sched_wq:
566 queue_work(dev->wq, &dev->cmd_complete_work);
567 }
568
569 static int pn533_submit_urb_for_response(struct pn533 *dev, gfp_t flags)
570 {
571 dev->in_urb->complete = pn533_recv_response;
572
573 return usb_submit_urb(dev->in_urb, flags);
574 }
575
576 static void pn533_recv_ack(struct urb *urb)
577 {
578 struct pn533 *dev = urb->context;
579 struct pn533_std_frame *in_frame;
580 int rc;
581
582 switch (urb->status) {
583 case 0:
584 break; /* success */
585 case -ECONNRESET:
586 case -ENOENT:
587 nfc_dev_dbg(&dev->interface->dev,
588 "The urb has been stopped (status %d)",
589 urb->status);
590 dev->wq_in_error = urb->status;
591 goto sched_wq;
592 case -ESHUTDOWN:
593 default:
594 nfc_dev_err(&dev->interface->dev,
595 "Urb failure (status %d)", urb->status);
596 dev->wq_in_error = urb->status;
597 goto sched_wq;
598 }
599
600 in_frame = dev->in_urb->transfer_buffer;
601
602 if (!pn533_std_rx_frame_is_ack(in_frame)) {
603 nfc_dev_err(&dev->interface->dev, "Received an invalid ack");
604 dev->wq_in_error = -EIO;
605 goto sched_wq;
606 }
607
608 rc = pn533_submit_urb_for_response(dev, GFP_ATOMIC);
609 if (rc) {
610 nfc_dev_err(&dev->interface->dev,
611 "usb_submit_urb failed with result %d", rc);
612 dev->wq_in_error = rc;
613 goto sched_wq;
614 }
615
616 return;
617
618 sched_wq:
619 queue_work(dev->wq, &dev->cmd_complete_work);
620 }
621
622 static int pn533_submit_urb_for_ack(struct pn533 *dev, gfp_t flags)
623 {
624 dev->in_urb->complete = pn533_recv_ack;
625
626 return usb_submit_urb(dev->in_urb, flags);
627 }
628
629 static int pn533_send_ack(struct pn533 *dev, gfp_t flags)
630 {
631 u8 ack[PN533_STD_FRAME_ACK_SIZE] = {0x00, 0x00, 0xff, 0x00, 0xff, 0x00};
632 /* spec 7.1.1.3: Preamble, SoPC (2), ACK Code (2), Postamble */
633 int rc;
634
635 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
636
637 dev->out_urb->transfer_buffer = ack;
638 dev->out_urb->transfer_buffer_length = sizeof(ack);
639 rc = usb_submit_urb(dev->out_urb, flags);
640
641 return rc;
642 }
643
644 static int __pn533_send_frame_async(struct pn533 *dev,
645 struct sk_buff *out,
646 struct sk_buff *in,
647 int in_len,
648 pn533_cmd_complete_t cmd_complete,
649 void *arg)
650 {
651 int rc;
652
653 dev->cmd = dev->ops->get_cmd_code(out->data);
654 dev->cmd_complete = cmd_complete;
655 dev->cmd_complete_arg = arg;
656
657 dev->out_urb->transfer_buffer = out->data;
658 dev->out_urb->transfer_buffer_length = out->len;
659
660 dev->in_urb->transfer_buffer = in->data;
661 dev->in_urb->transfer_buffer_length = in_len;
662
663 print_hex_dump_debug("PN533 TX: ", DUMP_PREFIX_NONE, 16, 1,
664 out->data, out->len, false);
665
666 rc = usb_submit_urb(dev->out_urb, GFP_KERNEL);
667 if (rc)
668 return rc;
669
670 rc = pn533_submit_urb_for_ack(dev, GFP_KERNEL);
671 if (rc)
672 goto error;
673
674 return 0;
675
676 error:
677 usb_unlink_urb(dev->out_urb);
678 return rc;
679 }
680
681 static void pn533_build_cmd_frame(struct pn533 *dev, u8 cmd_code,
682 struct sk_buff *skb)
683 {
684 /* payload is already there, just update datalen */
685 int payload_len = skb->len;
686 struct pn533_frame_ops *ops = dev->ops;
687
688
689 skb_push(skb, ops->tx_header_len);
690 skb_put(skb, ops->tx_tail_len);
691
692 ops->tx_frame_init(skb->data, cmd_code);
693 ops->tx_update_payload_len(skb->data, payload_len);
694 ops->tx_frame_finish(skb->data);
695 }
696
697 struct pn533_send_async_complete_arg {
698 pn533_send_async_complete_t complete_cb;
699 void *complete_cb_context;
700 struct sk_buff *resp;
701 struct sk_buff *req;
702 };
703
704 static int pn533_send_async_complete(struct pn533 *dev, void *_arg, int status)
705 {
706 struct pn533_send_async_complete_arg *arg = _arg;
707
708 struct sk_buff *req = arg->req;
709 struct sk_buff *resp = arg->resp;
710
711 int rc;
712
713 dev_kfree_skb(req);
714
715 if (status < 0) {
716 arg->complete_cb(dev, arg->complete_cb_context,
717 ERR_PTR(status));
718 dev_kfree_skb(resp);
719 kfree(arg);
720 return status;
721 }
722
723 skb_put(resp, dev->ops->rx_frame_size(resp->data));
724 skb_pull(resp, dev->ops->rx_header_len);
725 skb_trim(resp, resp->len - dev->ops->rx_tail_len);
726
727 rc = arg->complete_cb(dev, arg->complete_cb_context, resp);
728
729 kfree(arg);
730 return rc;
731 }
732
733 static int __pn533_send_async(struct pn533 *dev, u8 cmd_code,
734 struct sk_buff *req, struct sk_buff *resp,
735 int resp_len,
736 pn533_send_async_complete_t complete_cb,
737 void *complete_cb_context)
738 {
739 struct pn533_cmd *cmd;
740 struct pn533_send_async_complete_arg *arg;
741 int rc = 0;
742
743 nfc_dev_dbg(&dev->interface->dev, "Sending command 0x%x", cmd_code);
744
745 arg = kzalloc(sizeof(*arg), GFP_KERNEL);
746 if (!arg)
747 return -ENOMEM;
748
749 arg->complete_cb = complete_cb;
750 arg->complete_cb_context = complete_cb_context;
751 arg->resp = resp;
752 arg->req = req;
753
754 pn533_build_cmd_frame(dev, cmd_code, req);
755
756 mutex_lock(&dev->cmd_lock);
757
758 if (!dev->cmd_pending) {
759 rc = __pn533_send_frame_async(dev, req, resp, resp_len,
760 pn533_send_async_complete, arg);
761 if (rc)
762 goto error;
763
764 dev->cmd_pending = 1;
765 goto unlock;
766 }
767
768 nfc_dev_dbg(&dev->interface->dev, "%s Queueing command 0x%x", __func__,
769 cmd_code);
770
771 cmd = kzalloc(sizeof(struct pn533_cmd), GFP_KERNEL);
772 if (!cmd) {
773 rc = -ENOMEM;
774 goto error;
775 }
776
777 INIT_LIST_HEAD(&cmd->queue);
778 cmd->cmd_code = cmd_code;
779 cmd->req = req;
780 cmd->resp = resp;
781 cmd->resp_len = resp_len;
782 cmd->arg = arg;
783
784 list_add_tail(&cmd->queue, &dev->cmd_queue);
785
786 goto unlock;
787
788 error:
789 kfree(arg);
790 unlock:
791 mutex_unlock(&dev->cmd_lock);
792 return rc;
793 }
794
795 static int pn533_send_data_async(struct pn533 *dev, u8 cmd_code,
796 struct sk_buff *req,
797 pn533_send_async_complete_t complete_cb,
798 void *complete_cb_context)
799 {
800 struct sk_buff *resp;
801 int rc;
802 int resp_len = dev->ops->rx_header_len +
803 dev->ops->max_payload_len +
804 dev->ops->rx_tail_len;
805
806 resp = nfc_alloc_recv_skb(resp_len, GFP_KERNEL);
807 if (!resp)
808 return -ENOMEM;
809
810 rc = __pn533_send_async(dev, cmd_code, req, resp, resp_len, complete_cb,
811 complete_cb_context);
812 if (rc)
813 dev_kfree_skb(resp);
814
815 return rc;
816 }
817
818 static int pn533_send_cmd_async(struct pn533 *dev, u8 cmd_code,
819 struct sk_buff *req,
820 pn533_send_async_complete_t complete_cb,
821 void *complete_cb_context)
822 {
823 struct sk_buff *resp;
824 int rc;
825 int resp_len = dev->ops->rx_header_len +
826 dev->ops->max_payload_len +
827 dev->ops->rx_tail_len;
828
829 resp = alloc_skb(resp_len, GFP_KERNEL);
830 if (!resp)
831 return -ENOMEM;
832
833 rc = __pn533_send_async(dev, cmd_code, req, resp, resp_len, complete_cb,
834 complete_cb_context);
835 if (rc)
836 dev_kfree_skb(resp);
837
838 return rc;
839 }
840
841 /*
842 * pn533_send_cmd_direct_async
843 *
844 * The function sends a piority cmd directly to the chip omiting the cmd
845 * queue. It's intended to be used by chaining mechanism of received responses
846 * where the host has to request every single chunk of data before scheduling
847 * next cmd from the queue.
848 */
849 static int pn533_send_cmd_direct_async(struct pn533 *dev, u8 cmd_code,
850 struct sk_buff *req,
851 pn533_send_async_complete_t complete_cb,
852 void *complete_cb_context)
853 {
854 struct pn533_send_async_complete_arg *arg;
855 struct sk_buff *resp;
856 int rc;
857 int resp_len = dev->ops->rx_header_len +
858 dev->ops->max_payload_len +
859 dev->ops->rx_tail_len;
860
861 resp = alloc_skb(resp_len, GFP_KERNEL);
862 if (!resp)
863 return -ENOMEM;
864
865 arg = kzalloc(sizeof(*arg), GFP_KERNEL);
866 if (!arg) {
867 dev_kfree_skb(resp);
868 return -ENOMEM;
869 }
870
871 arg->complete_cb = complete_cb;
872 arg->complete_cb_context = complete_cb_context;
873 arg->resp = resp;
874 arg->req = req;
875
876 pn533_build_cmd_frame(dev, cmd_code, req);
877
878 rc = __pn533_send_frame_async(dev, req, resp, resp_len,
879 pn533_send_async_complete, arg);
880 if (rc < 0) {
881 dev_kfree_skb(resp);
882 kfree(arg);
883 }
884
885 return rc;
886 }
887
888 static void pn533_wq_cmd(struct work_struct *work)
889 {
890 struct pn533 *dev = container_of(work, struct pn533, cmd_work);
891 struct pn533_cmd *cmd;
892
893 mutex_lock(&dev->cmd_lock);
894
895 if (list_empty(&dev->cmd_queue)) {
896 dev->cmd_pending = 0;
897 mutex_unlock(&dev->cmd_lock);
898 return;
899 }
900
901 cmd = list_first_entry(&dev->cmd_queue, struct pn533_cmd, queue);
902
903 list_del(&cmd->queue);
904
905 mutex_unlock(&dev->cmd_lock);
906
907 __pn533_send_frame_async(dev, cmd->req, cmd->resp, cmd->resp_len,
908 pn533_send_async_complete, cmd->arg);
909
910 kfree(cmd);
911 }
912
913 struct pn533_sync_cmd_response {
914 struct sk_buff *resp;
915 struct completion done;
916 };
917
918 static int pn533_send_sync_complete(struct pn533 *dev, void *_arg,
919 struct sk_buff *resp)
920 {
921 struct pn533_sync_cmd_response *arg = _arg;
922
923 arg->resp = resp;
924 complete(&arg->done);
925
926 return 0;
927 }
928
929 /* pn533_send_cmd_sync
930 *
931 * Please note the req parameter is freed inside the function to
932 * limit a number of return value interpretations by the caller.
933 *
934 * 1. negative in case of error during TX path -> req should be freed
935 *
936 * 2. negative in case of error during RX path -> req should not be freed
937 * as it's been already freed at the begining of RX path by
938 * async_complete_cb.
939 *
940 * 3. valid pointer in case of succesfult RX path
941 *
942 * A caller has to check a return value with IS_ERR macro. If the test pass,
943 * the returned pointer is valid.
944 *
945 * */
946 static struct sk_buff *pn533_send_cmd_sync(struct pn533 *dev, u8 cmd_code,
947 struct sk_buff *req)
948 {
949 int rc;
950 struct pn533_sync_cmd_response arg;
951
952 init_completion(&arg.done);
953
954 rc = pn533_send_cmd_async(dev, cmd_code, req,
955 pn533_send_sync_complete, &arg);
956 if (rc) {
957 dev_kfree_skb(req);
958 return ERR_PTR(rc);
959 }
960
961 wait_for_completion(&arg.done);
962
963 return arg.resp;
964 }
965
966 static void pn533_send_complete(struct urb *urb)
967 {
968 struct pn533 *dev = urb->context;
969
970 switch (urb->status) {
971 case 0:
972 break; /* success */
973 case -ECONNRESET:
974 case -ENOENT:
975 nfc_dev_dbg(&dev->interface->dev,
976 "The urb has been stopped (status %d)",
977 urb->status);
978 break;
979 case -ESHUTDOWN:
980 default:
981 nfc_dev_err(&dev->interface->dev,
982 "Urb failure (status %d)", urb->status);
983 }
984 }
985
986 static struct sk_buff *pn533_alloc_skb(struct pn533 *dev, unsigned int size)
987 {
988 struct sk_buff *skb;
989
990 skb = alloc_skb(dev->ops->tx_header_len +
991 size +
992 dev->ops->tx_tail_len, GFP_KERNEL);
993
994 if (skb)
995 skb_reserve(skb, dev->ops->tx_header_len);
996
997 return skb;
998 }
999
1000 struct pn533_target_type_a {
1001 __be16 sens_res;
1002 u8 sel_res;
1003 u8 nfcid_len;
1004 u8 nfcid_data[];
1005 } __packed;
1006
1007
1008 #define PN533_TYPE_A_SENS_RES_NFCID1(x) ((u8)((be16_to_cpu(x) & 0x00C0) >> 6))
1009 #define PN533_TYPE_A_SENS_RES_SSD(x) ((u8)((be16_to_cpu(x) & 0x001F) >> 0))
1010 #define PN533_TYPE_A_SENS_RES_PLATCONF(x) ((u8)((be16_to_cpu(x) & 0x0F00) >> 8))
1011
1012 #define PN533_TYPE_A_SENS_RES_SSD_JEWEL 0x00
1013 #define PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL 0x0C
1014
1015 #define PN533_TYPE_A_SEL_PROT(x) (((x) & 0x60) >> 5)
1016 #define PN533_TYPE_A_SEL_CASCADE(x) (((x) & 0x04) >> 2)
1017
1018 #define PN533_TYPE_A_SEL_PROT_MIFARE 0
1019 #define PN533_TYPE_A_SEL_PROT_ISO14443 1
1020 #define PN533_TYPE_A_SEL_PROT_DEP 2
1021 #define PN533_TYPE_A_SEL_PROT_ISO14443_DEP 3
1022
1023 static bool pn533_target_type_a_is_valid(struct pn533_target_type_a *type_a,
1024 int target_data_len)
1025 {
1026 u8 ssd;
1027 u8 platconf;
1028
1029 if (target_data_len < sizeof(struct pn533_target_type_a))
1030 return false;
1031
1032 /* The lenght check of nfcid[] and ats[] are not being performed because
1033 the values are not being used */
1034
1035 /* Requirement 4.6.3.3 from NFC Forum Digital Spec */
1036 ssd = PN533_TYPE_A_SENS_RES_SSD(type_a->sens_res);
1037 platconf = PN533_TYPE_A_SENS_RES_PLATCONF(type_a->sens_res);
1038
1039 if ((ssd == PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
1040 platconf != PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL) ||
1041 (ssd != PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
1042 platconf == PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL))
1043 return false;
1044
1045 /* Requirements 4.8.2.1, 4.8.2.3, 4.8.2.5 and 4.8.2.7 from NFC Forum */
1046 if (PN533_TYPE_A_SEL_CASCADE(type_a->sel_res) != 0)
1047 return false;
1048
1049 return true;
1050 }
1051
1052 static int pn533_target_found_type_a(struct nfc_target *nfc_tgt, u8 *tgt_data,
1053 int tgt_data_len)
1054 {
1055 struct pn533_target_type_a *tgt_type_a;
1056
1057 tgt_type_a = (struct pn533_target_type_a *)tgt_data;
1058
1059 if (!pn533_target_type_a_is_valid(tgt_type_a, tgt_data_len))
1060 return -EPROTO;
1061
1062 switch (PN533_TYPE_A_SEL_PROT(tgt_type_a->sel_res)) {
1063 case PN533_TYPE_A_SEL_PROT_MIFARE:
1064 nfc_tgt->supported_protocols = NFC_PROTO_MIFARE_MASK;
1065 break;
1066 case PN533_TYPE_A_SEL_PROT_ISO14443:
1067 nfc_tgt->supported_protocols = NFC_PROTO_ISO14443_MASK;
1068 break;
1069 case PN533_TYPE_A_SEL_PROT_DEP:
1070 nfc_tgt->supported_protocols = NFC_PROTO_NFC_DEP_MASK;
1071 break;
1072 case PN533_TYPE_A_SEL_PROT_ISO14443_DEP:
1073 nfc_tgt->supported_protocols = NFC_PROTO_ISO14443_MASK |
1074 NFC_PROTO_NFC_DEP_MASK;
1075 break;
1076 }
1077
1078 nfc_tgt->sens_res = be16_to_cpu(tgt_type_a->sens_res);
1079 nfc_tgt->sel_res = tgt_type_a->sel_res;
1080 nfc_tgt->nfcid1_len = tgt_type_a->nfcid_len;
1081 memcpy(nfc_tgt->nfcid1, tgt_type_a->nfcid_data, nfc_tgt->nfcid1_len);
1082
1083 return 0;
1084 }
1085
1086 struct pn533_target_felica {
1087 u8 pol_res;
1088 u8 opcode;
1089 u8 nfcid2[8];
1090 u8 pad[8];
1091 /* optional */
1092 u8 syst_code[];
1093 } __packed;
1094
1095 #define PN533_FELICA_SENSF_NFCID2_DEP_B1 0x01
1096 #define PN533_FELICA_SENSF_NFCID2_DEP_B2 0xFE
1097
1098 static bool pn533_target_felica_is_valid(struct pn533_target_felica *felica,
1099 int target_data_len)
1100 {
1101 if (target_data_len < sizeof(struct pn533_target_felica))
1102 return false;
1103
1104 if (felica->opcode != PN533_FELICA_OPC_SENSF_RES)
1105 return false;
1106
1107 return true;
1108 }
1109
1110 static int pn533_target_found_felica(struct nfc_target *nfc_tgt, u8 *tgt_data,
1111 int tgt_data_len)
1112 {
1113 struct pn533_target_felica *tgt_felica;
1114
1115 tgt_felica = (struct pn533_target_felica *)tgt_data;
1116
1117 if (!pn533_target_felica_is_valid(tgt_felica, tgt_data_len))
1118 return -EPROTO;
1119
1120 if ((tgt_felica->nfcid2[0] == PN533_FELICA_SENSF_NFCID2_DEP_B1) &&
1121 (tgt_felica->nfcid2[1] == PN533_FELICA_SENSF_NFCID2_DEP_B2))
1122 nfc_tgt->supported_protocols = NFC_PROTO_NFC_DEP_MASK;
1123 else
1124 nfc_tgt->supported_protocols = NFC_PROTO_FELICA_MASK;
1125
1126 memcpy(nfc_tgt->sensf_res, &tgt_felica->opcode, 9);
1127 nfc_tgt->sensf_res_len = 9;
1128
1129 return 0;
1130 }
1131
1132 struct pn533_target_jewel {
1133 __be16 sens_res;
1134 u8 jewelid[4];
1135 } __packed;
1136
1137 static bool pn533_target_jewel_is_valid(struct pn533_target_jewel *jewel,
1138 int target_data_len)
1139 {
1140 u8 ssd;
1141 u8 platconf;
1142
1143 if (target_data_len < sizeof(struct pn533_target_jewel))
1144 return false;
1145
1146 /* Requirement 4.6.3.3 from NFC Forum Digital Spec */
1147 ssd = PN533_TYPE_A_SENS_RES_SSD(jewel->sens_res);
1148 platconf = PN533_TYPE_A_SENS_RES_PLATCONF(jewel->sens_res);
1149
1150 if ((ssd == PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
1151 platconf != PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL) ||
1152 (ssd != PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
1153 platconf == PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL))
1154 return false;
1155
1156 return true;
1157 }
1158
1159 static int pn533_target_found_jewel(struct nfc_target *nfc_tgt, u8 *tgt_data,
1160 int tgt_data_len)
1161 {
1162 struct pn533_target_jewel *tgt_jewel;
1163
1164 tgt_jewel = (struct pn533_target_jewel *)tgt_data;
1165
1166 if (!pn533_target_jewel_is_valid(tgt_jewel, tgt_data_len))
1167 return -EPROTO;
1168
1169 nfc_tgt->supported_protocols = NFC_PROTO_JEWEL_MASK;
1170 nfc_tgt->sens_res = be16_to_cpu(tgt_jewel->sens_res);
1171 nfc_tgt->nfcid1_len = 4;
1172 memcpy(nfc_tgt->nfcid1, tgt_jewel->jewelid, nfc_tgt->nfcid1_len);
1173
1174 return 0;
1175 }
1176
1177 struct pn533_type_b_prot_info {
1178 u8 bitrate;
1179 u8 fsci_type;
1180 u8 fwi_adc_fo;
1181 } __packed;
1182
1183 #define PN533_TYPE_B_PROT_FCSI(x) (((x) & 0xF0) >> 4)
1184 #define PN533_TYPE_B_PROT_TYPE(x) (((x) & 0x0F) >> 0)
1185 #define PN533_TYPE_B_PROT_TYPE_RFU_MASK 0x8
1186
1187 struct pn533_type_b_sens_res {
1188 u8 opcode;
1189 u8 nfcid[4];
1190 u8 appdata[4];
1191 struct pn533_type_b_prot_info prot_info;
1192 } __packed;
1193
1194 #define PN533_TYPE_B_OPC_SENSB_RES 0x50
1195
1196 struct pn533_target_type_b {
1197 struct pn533_type_b_sens_res sensb_res;
1198 u8 attrib_res_len;
1199 u8 attrib_res[];
1200 } __packed;
1201
1202 static bool pn533_target_type_b_is_valid(struct pn533_target_type_b *type_b,
1203 int target_data_len)
1204 {
1205 if (target_data_len < sizeof(struct pn533_target_type_b))
1206 return false;
1207
1208 if (type_b->sensb_res.opcode != PN533_TYPE_B_OPC_SENSB_RES)
1209 return false;
1210
1211 if (PN533_TYPE_B_PROT_TYPE(type_b->sensb_res.prot_info.fsci_type) &
1212 PN533_TYPE_B_PROT_TYPE_RFU_MASK)
1213 return false;
1214
1215 return true;
1216 }
1217
1218 static int pn533_target_found_type_b(struct nfc_target *nfc_tgt, u8 *tgt_data,
1219 int tgt_data_len)
1220 {
1221 struct pn533_target_type_b *tgt_type_b;
1222
1223 tgt_type_b = (struct pn533_target_type_b *)tgt_data;
1224
1225 if (!pn533_target_type_b_is_valid(tgt_type_b, tgt_data_len))
1226 return -EPROTO;
1227
1228 nfc_tgt->supported_protocols = NFC_PROTO_ISO14443_B_MASK;
1229
1230 return 0;
1231 }
1232
1233 static int pn533_target_found(struct pn533 *dev, u8 tg, u8 *tgdata,
1234 int tgdata_len)
1235 {
1236 struct nfc_target nfc_tgt;
1237 int rc;
1238
1239 nfc_dev_dbg(&dev->interface->dev, "%s - modulation=%d", __func__,
1240 dev->poll_mod_curr);
1241
1242 if (tg != 1)
1243 return -EPROTO;
1244
1245 memset(&nfc_tgt, 0, sizeof(struct nfc_target));
1246
1247 switch (dev->poll_mod_curr) {
1248 case PN533_POLL_MOD_106KBPS_A:
1249 rc = pn533_target_found_type_a(&nfc_tgt, tgdata, tgdata_len);
1250 break;
1251 case PN533_POLL_MOD_212KBPS_FELICA:
1252 case PN533_POLL_MOD_424KBPS_FELICA:
1253 rc = pn533_target_found_felica(&nfc_tgt, tgdata, tgdata_len);
1254 break;
1255 case PN533_POLL_MOD_106KBPS_JEWEL:
1256 rc = pn533_target_found_jewel(&nfc_tgt, tgdata, tgdata_len);
1257 break;
1258 case PN533_POLL_MOD_847KBPS_B:
1259 rc = pn533_target_found_type_b(&nfc_tgt, tgdata, tgdata_len);
1260 break;
1261 default:
1262 nfc_dev_err(&dev->interface->dev,
1263 "Unknown current poll modulation");
1264 return -EPROTO;
1265 }
1266
1267 if (rc)
1268 return rc;
1269
1270 if (!(nfc_tgt.supported_protocols & dev->poll_protocols)) {
1271 nfc_dev_dbg(&dev->interface->dev,
1272 "The Tg found doesn't have the desired protocol");
1273 return -EAGAIN;
1274 }
1275
1276 nfc_dev_dbg(&dev->interface->dev,
1277 "Target found - supported protocols: 0x%x",
1278 nfc_tgt.supported_protocols);
1279
1280 dev->tgt_available_prots = nfc_tgt.supported_protocols;
1281
1282 nfc_targets_found(dev->nfc_dev, &nfc_tgt, 1);
1283
1284 return 0;
1285 }
1286
1287 static inline void pn533_poll_next_mod(struct pn533 *dev)
1288 {
1289 dev->poll_mod_curr = (dev->poll_mod_curr + 1) % dev->poll_mod_count;
1290 }
1291
1292 static void pn533_poll_reset_mod_list(struct pn533 *dev)
1293 {
1294 dev->poll_mod_count = 0;
1295 }
1296
1297 static void pn533_poll_add_mod(struct pn533 *dev, u8 mod_index)
1298 {
1299 dev->poll_mod_active[dev->poll_mod_count] =
1300 (struct pn533_poll_modulations *)&poll_mod[mod_index];
1301 dev->poll_mod_count++;
1302 }
1303
1304 static void pn533_poll_create_mod_list(struct pn533 *dev,
1305 u32 im_protocols, u32 tm_protocols)
1306 {
1307 pn533_poll_reset_mod_list(dev);
1308
1309 if ((im_protocols & NFC_PROTO_MIFARE_MASK) ||
1310 (im_protocols & NFC_PROTO_ISO14443_MASK) ||
1311 (im_protocols & NFC_PROTO_NFC_DEP_MASK))
1312 pn533_poll_add_mod(dev, PN533_POLL_MOD_106KBPS_A);
1313
1314 if (im_protocols & NFC_PROTO_FELICA_MASK ||
1315 im_protocols & NFC_PROTO_NFC_DEP_MASK) {
1316 pn533_poll_add_mod(dev, PN533_POLL_MOD_212KBPS_FELICA);
1317 pn533_poll_add_mod(dev, PN533_POLL_MOD_424KBPS_FELICA);
1318 }
1319
1320 if (im_protocols & NFC_PROTO_JEWEL_MASK)
1321 pn533_poll_add_mod(dev, PN533_POLL_MOD_106KBPS_JEWEL);
1322
1323 if (im_protocols & NFC_PROTO_ISO14443_B_MASK)
1324 pn533_poll_add_mod(dev, PN533_POLL_MOD_847KBPS_B);
1325
1326 if (tm_protocols)
1327 pn533_poll_add_mod(dev, PN533_LISTEN_MOD);
1328 }
1329
1330 static int pn533_start_poll_complete(struct pn533 *dev, struct sk_buff *resp)
1331 {
1332 u8 nbtg, tg, *tgdata;
1333 int rc, tgdata_len;
1334
1335 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1336
1337 nbtg = resp->data[0];
1338 tg = resp->data[1];
1339 tgdata = &resp->data[2];
1340 tgdata_len = resp->len - 2; /* nbtg + tg */
1341
1342 if (nbtg) {
1343 rc = pn533_target_found(dev, tg, tgdata, tgdata_len);
1344
1345 /* We must stop the poll after a valid target found */
1346 if (rc == 0) {
1347 pn533_poll_reset_mod_list(dev);
1348 return 0;
1349 }
1350 }
1351
1352 return -EAGAIN;
1353 }
1354
1355 static struct sk_buff *pn533_alloc_poll_tg_frame(struct pn533 *dev)
1356 {
1357 struct sk_buff *skb;
1358 u8 *felica, *nfcid3, *gb;
1359
1360 u8 *gbytes = dev->gb;
1361 size_t gbytes_len = dev->gb_len;
1362
1363 u8 felica_params[18] = {0x1, 0xfe, /* DEP */
1364 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, /* random */
1365 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
1366 0xff, 0xff}; /* System code */
1367
1368 u8 mifare_params[6] = {0x1, 0x1, /* SENS_RES */
1369 0x0, 0x0, 0x0,
1370 0x40}; /* SEL_RES for DEP */
1371
1372 unsigned int skb_len = 36 + /* mode (1), mifare (6),
1373 felica (18), nfcid3 (10), gb_len (1) */
1374 gbytes_len +
1375 1; /* len Tk*/
1376
1377 skb = pn533_alloc_skb(dev, skb_len);
1378 if (!skb)
1379 return NULL;
1380
1381 /* DEP support only */
1382 *skb_put(skb, 1) = PN533_INIT_TARGET_DEP;
1383
1384 /* MIFARE params */
1385 memcpy(skb_put(skb, 6), mifare_params, 6);
1386
1387 /* Felica params */
1388 felica = skb_put(skb, 18);
1389 memcpy(felica, felica_params, 18);
1390 get_random_bytes(felica + 2, 6);
1391
1392 /* NFCID3 */
1393 nfcid3 = skb_put(skb, 10);
1394 memset(nfcid3, 0, 10);
1395 memcpy(nfcid3, felica, 8);
1396
1397 /* General bytes */
1398 *skb_put(skb, 1) = gbytes_len;
1399
1400 gb = skb_put(skb, gbytes_len);
1401 memcpy(gb, gbytes, gbytes_len);
1402
1403 /* Len Tk */
1404 *skb_put(skb, 1) = 0;
1405
1406 return skb;
1407 }
1408
1409 #define PN533_CMD_DATAEXCH_HEAD_LEN 1
1410 #define PN533_CMD_DATAEXCH_DATA_MAXLEN 262
1411 static int pn533_tm_get_data_complete(struct pn533 *dev, void *arg,
1412 struct sk_buff *resp)
1413 {
1414 u8 status;
1415
1416 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1417
1418 if (IS_ERR(resp))
1419 return PTR_ERR(resp);
1420
1421 status = resp->data[0];
1422 skb_pull(resp, sizeof(status));
1423
1424 if (status != 0) {
1425 nfc_tm_deactivated(dev->nfc_dev);
1426 dev->tgt_mode = 0;
1427 dev_kfree_skb(resp);
1428 return 0;
1429 }
1430
1431 return nfc_tm_data_received(dev->nfc_dev, resp);
1432 }
1433
1434 static void pn533_wq_tg_get_data(struct work_struct *work)
1435 {
1436 struct pn533 *dev = container_of(work, struct pn533, tg_work);
1437
1438 struct sk_buff *skb;
1439 int rc;
1440
1441 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1442
1443 skb = pn533_alloc_skb(dev, 0);
1444 if (!skb)
1445 return;
1446
1447 rc = pn533_send_data_async(dev, PN533_CMD_TG_GET_DATA, skb,
1448 pn533_tm_get_data_complete, NULL);
1449
1450 if (rc < 0)
1451 dev_kfree_skb(skb);
1452
1453 return;
1454 }
1455
1456 #define ATR_REQ_GB_OFFSET 17
1457 static int pn533_init_target_complete(struct pn533 *dev, struct sk_buff *resp)
1458 {
1459 u8 mode, *cmd, comm_mode = NFC_COMM_PASSIVE, *gb;
1460 size_t gb_len;
1461 int rc;
1462
1463 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1464
1465 if (resp->len < ATR_REQ_GB_OFFSET + 1)
1466 return -EINVAL;
1467
1468 mode = resp->data[0];
1469 cmd = &resp->data[1];
1470
1471 nfc_dev_dbg(&dev->interface->dev, "Target mode 0x%x len %d\n",
1472 mode, resp->len);
1473
1474 if ((mode & PN533_INIT_TARGET_RESP_FRAME_MASK) ==
1475 PN533_INIT_TARGET_RESP_ACTIVE)
1476 comm_mode = NFC_COMM_ACTIVE;
1477
1478 if ((mode & PN533_INIT_TARGET_RESP_DEP) == 0) /* Only DEP supported */
1479 return -EOPNOTSUPP;
1480
1481 gb = cmd + ATR_REQ_GB_OFFSET;
1482 gb_len = resp->len - (ATR_REQ_GB_OFFSET + 1);
1483
1484 rc = nfc_tm_activated(dev->nfc_dev, NFC_PROTO_NFC_DEP_MASK,
1485 comm_mode, gb, gb_len);
1486 if (rc < 0) {
1487 nfc_dev_err(&dev->interface->dev,
1488 "Error when signaling target activation");
1489 return rc;
1490 }
1491
1492 dev->tgt_mode = 1;
1493 queue_work(dev->wq, &dev->tg_work);
1494
1495 return 0;
1496 }
1497
1498 static void pn533_listen_mode_timer(unsigned long data)
1499 {
1500 struct pn533 *dev = (struct pn533 *)data;
1501
1502 nfc_dev_dbg(&dev->interface->dev, "Listen mode timeout");
1503
1504 /* An ack will cancel the last issued command (poll) */
1505 pn533_send_ack(dev, GFP_ATOMIC);
1506
1507 dev->cancel_listen = 1;
1508
1509 pn533_poll_next_mod(dev);
1510
1511 queue_work(dev->wq, &dev->poll_work);
1512 }
1513
1514 static int pn533_poll_complete(struct pn533 *dev, void *arg,
1515 struct sk_buff *resp)
1516 {
1517 struct pn533_poll_modulations *cur_mod;
1518 int rc;
1519
1520 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1521
1522 if (IS_ERR(resp)) {
1523 rc = PTR_ERR(resp);
1524
1525 nfc_dev_err(&dev->interface->dev, "%s Poll complete error %d",
1526 __func__, rc);
1527
1528 if (rc == -ENOENT) {
1529 if (dev->poll_mod_count != 0)
1530 return rc;
1531 else
1532 goto stop_poll;
1533 } else if (rc < 0) {
1534 nfc_dev_err(&dev->interface->dev,
1535 "Error %d when running poll", rc);
1536 goto stop_poll;
1537 }
1538 }
1539
1540 cur_mod = dev->poll_mod_active[dev->poll_mod_curr];
1541
1542 if (cur_mod->len == 0) { /* Target mode */
1543 del_timer(&dev->listen_timer);
1544 rc = pn533_init_target_complete(dev, resp);
1545 goto done;
1546 }
1547
1548 /* Initiator mode */
1549 rc = pn533_start_poll_complete(dev, resp);
1550 if (!rc)
1551 goto done;
1552
1553 pn533_poll_next_mod(dev);
1554 queue_work(dev->wq, &dev->poll_work);
1555
1556 done:
1557 dev_kfree_skb(resp);
1558 return rc;
1559
1560 stop_poll:
1561 nfc_dev_err(&dev->interface->dev, "Polling operation has been stopped");
1562
1563 pn533_poll_reset_mod_list(dev);
1564 dev->poll_protocols = 0;
1565 return rc;
1566 }
1567
1568 static struct sk_buff *pn533_alloc_poll_in_frame(struct pn533 *dev,
1569 struct pn533_poll_modulations *mod)
1570 {
1571 struct sk_buff *skb;
1572
1573 skb = pn533_alloc_skb(dev, mod->len);
1574 if (!skb)
1575 return NULL;
1576
1577 memcpy(skb_put(skb, mod->len), &mod->data, mod->len);
1578
1579 return skb;
1580 }
1581
1582 static int pn533_send_poll_frame(struct pn533 *dev)
1583 {
1584 struct pn533_poll_modulations *mod;
1585 struct sk_buff *skb;
1586 int rc;
1587 u8 cmd_code;
1588
1589 mod = dev->poll_mod_active[dev->poll_mod_curr];
1590
1591 nfc_dev_dbg(&dev->interface->dev, "%s mod len %d\n",
1592 __func__, mod->len);
1593
1594 if (mod->len == 0) { /* Listen mode */
1595 cmd_code = PN533_CMD_TG_INIT_AS_TARGET;
1596 skb = pn533_alloc_poll_tg_frame(dev);
1597 } else { /* Polling mode */
1598 cmd_code = PN533_CMD_IN_LIST_PASSIVE_TARGET;
1599 skb = pn533_alloc_poll_in_frame(dev, mod);
1600 }
1601
1602 if (!skb) {
1603 nfc_dev_err(&dev->interface->dev, "Failed to allocate skb.");
1604 return -ENOMEM;
1605 }
1606
1607 rc = pn533_send_cmd_async(dev, cmd_code, skb, pn533_poll_complete,
1608 NULL);
1609 if (rc < 0) {
1610 dev_kfree_skb(skb);
1611 nfc_dev_err(&dev->interface->dev, "Polling loop error %d", rc);
1612 }
1613
1614 return rc;
1615 }
1616
1617 static void pn533_wq_poll(struct work_struct *work)
1618 {
1619 struct pn533 *dev = container_of(work, struct pn533, poll_work);
1620 struct pn533_poll_modulations *cur_mod;
1621 int rc;
1622
1623 cur_mod = dev->poll_mod_active[dev->poll_mod_curr];
1624
1625 nfc_dev_dbg(&dev->interface->dev,
1626 "%s cancel_listen %d modulation len %d",
1627 __func__, dev->cancel_listen, cur_mod->len);
1628
1629 if (dev->cancel_listen == 1) {
1630 dev->cancel_listen = 0;
1631 usb_kill_urb(dev->in_urb);
1632 }
1633
1634 rc = pn533_send_poll_frame(dev);
1635 if (rc)
1636 return;
1637
1638 if (cur_mod->len == 0 && dev->poll_mod_count > 1)
1639 mod_timer(&dev->listen_timer, jiffies + PN533_LISTEN_TIME * HZ);
1640
1641 return;
1642 }
1643
1644 static int pn533_start_poll(struct nfc_dev *nfc_dev,
1645 u32 im_protocols, u32 tm_protocols)
1646 {
1647 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1648
1649 nfc_dev_dbg(&dev->interface->dev,
1650 "%s: im protocols 0x%x tm protocols 0x%x",
1651 __func__, im_protocols, tm_protocols);
1652
1653 if (dev->tgt_active_prot) {
1654 nfc_dev_err(&dev->interface->dev,
1655 "Cannot poll with a target already activated");
1656 return -EBUSY;
1657 }
1658
1659 if (dev->tgt_mode) {
1660 nfc_dev_err(&dev->interface->dev,
1661 "Cannot poll while already being activated");
1662 return -EBUSY;
1663 }
1664
1665 if (tm_protocols) {
1666 dev->gb = nfc_get_local_general_bytes(nfc_dev, &dev->gb_len);
1667 if (dev->gb == NULL)
1668 tm_protocols = 0;
1669 }
1670
1671 dev->poll_mod_curr = 0;
1672 pn533_poll_create_mod_list(dev, im_protocols, tm_protocols);
1673 dev->poll_protocols = im_protocols;
1674 dev->listen_protocols = tm_protocols;
1675
1676 return pn533_send_poll_frame(dev);
1677 }
1678
1679 static void pn533_stop_poll(struct nfc_dev *nfc_dev)
1680 {
1681 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1682
1683 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1684
1685 del_timer(&dev->listen_timer);
1686
1687 if (!dev->poll_mod_count) {
1688 nfc_dev_dbg(&dev->interface->dev,
1689 "Polling operation was not running");
1690 return;
1691 }
1692
1693 /* An ack will cancel the last issued command (poll) */
1694 pn533_send_ack(dev, GFP_KERNEL);
1695
1696 /* prevent pn533_start_poll_complete to issue a new poll meanwhile */
1697 usb_kill_urb(dev->in_urb);
1698
1699 pn533_poll_reset_mod_list(dev);
1700 }
1701
1702 static int pn533_activate_target_nfcdep(struct pn533 *dev)
1703 {
1704 struct pn533_cmd_activate_response *rsp;
1705 u16 gt_len;
1706 int rc;
1707
1708 struct sk_buff *skb;
1709 struct sk_buff *resp;
1710
1711 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1712
1713 skb = pn533_alloc_skb(dev, sizeof(u8) * 2); /*TG + Next*/
1714 if (!skb)
1715 return -ENOMEM;
1716
1717 *skb_put(skb, sizeof(u8)) = 1; /* TG */
1718 *skb_put(skb, sizeof(u8)) = 0; /* Next */
1719
1720 resp = pn533_send_cmd_sync(dev, PN533_CMD_IN_ATR, skb);
1721 if (IS_ERR(resp))
1722 return PTR_ERR(resp);
1723
1724 rsp = (struct pn533_cmd_activate_response *)resp->data;
1725 rc = rsp->status & PN533_CMD_RET_MASK;
1726 if (rc != PN533_CMD_RET_SUCCESS) {
1727 dev_kfree_skb(resp);
1728 return -EIO;
1729 }
1730
1731 /* ATR_RES general bytes are located at offset 16 */
1732 gt_len = resp->len - 16;
1733 rc = nfc_set_remote_general_bytes(dev->nfc_dev, rsp->gt, gt_len);
1734
1735 dev_kfree_skb(resp);
1736 return rc;
1737 }
1738
1739 static int pn533_activate_target(struct nfc_dev *nfc_dev,
1740 struct nfc_target *target, u32 protocol)
1741 {
1742 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1743 int rc;
1744
1745 nfc_dev_dbg(&dev->interface->dev, "%s - protocol=%u", __func__,
1746 protocol);
1747
1748 if (dev->poll_mod_count) {
1749 nfc_dev_err(&dev->interface->dev,
1750 "Cannot activate while polling");
1751 return -EBUSY;
1752 }
1753
1754 if (dev->tgt_active_prot) {
1755 nfc_dev_err(&dev->interface->dev,
1756 "There is already an active target");
1757 return -EBUSY;
1758 }
1759
1760 if (!dev->tgt_available_prots) {
1761 nfc_dev_err(&dev->interface->dev,
1762 "There is no available target to activate");
1763 return -EINVAL;
1764 }
1765
1766 if (!(dev->tgt_available_prots & (1 << protocol))) {
1767 nfc_dev_err(&dev->interface->dev,
1768 "Target doesn't support requested proto %u",
1769 protocol);
1770 return -EINVAL;
1771 }
1772
1773 if (protocol == NFC_PROTO_NFC_DEP) {
1774 rc = pn533_activate_target_nfcdep(dev);
1775 if (rc) {
1776 nfc_dev_err(&dev->interface->dev,
1777 "Activating target with DEP failed %d", rc);
1778 return rc;
1779 }
1780 }
1781
1782 dev->tgt_active_prot = protocol;
1783 dev->tgt_available_prots = 0;
1784
1785 return 0;
1786 }
1787
1788 static void pn533_deactivate_target(struct nfc_dev *nfc_dev,
1789 struct nfc_target *target)
1790 {
1791 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1792
1793 struct sk_buff *skb;
1794 struct sk_buff *resp;
1795
1796 int rc;
1797
1798 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1799
1800 if (!dev->tgt_active_prot) {
1801 nfc_dev_err(&dev->interface->dev, "There is no active target");
1802 return;
1803 }
1804
1805 dev->tgt_active_prot = 0;
1806 skb_queue_purge(&dev->resp_q);
1807
1808 skb = pn533_alloc_skb(dev, sizeof(u8));
1809 if (!skb)
1810 return;
1811
1812 *skb_put(skb, 1) = 1; /* TG*/
1813
1814 resp = pn533_send_cmd_sync(dev, PN533_CMD_IN_RELEASE, skb);
1815 if (IS_ERR(resp))
1816 return;
1817
1818 rc = resp->data[0] & PN533_CMD_RET_MASK;
1819 if (rc != PN533_CMD_RET_SUCCESS)
1820 nfc_dev_err(&dev->interface->dev,
1821 "Error 0x%x when releasing the target", rc);
1822
1823 dev_kfree_skb(resp);
1824 return;
1825 }
1826
1827
1828 static int pn533_in_dep_link_up_complete(struct pn533 *dev, void *arg,
1829 struct sk_buff *resp)
1830 {
1831 struct pn533_cmd_jump_dep_response *rsp;
1832 u8 target_gt_len;
1833 int rc;
1834 u8 active = *(u8 *)arg;
1835
1836 kfree(arg);
1837
1838 if (IS_ERR(resp))
1839 return PTR_ERR(resp);
1840
1841 if (dev->tgt_available_prots &&
1842 !(dev->tgt_available_prots & (1 << NFC_PROTO_NFC_DEP))) {
1843 nfc_dev_err(&dev->interface->dev,
1844 "The target does not support DEP");
1845 rc = -EINVAL;
1846 goto error;
1847 }
1848
1849 rsp = (struct pn533_cmd_jump_dep_response *)resp->data;
1850
1851 rc = rsp->status & PN533_CMD_RET_MASK;
1852 if (rc != PN533_CMD_RET_SUCCESS) {
1853 nfc_dev_err(&dev->interface->dev,
1854 "Bringing DEP link up failed %d", rc);
1855 goto error;
1856 }
1857
1858 if (!dev->tgt_available_prots) {
1859 struct nfc_target nfc_target;
1860
1861 nfc_dev_dbg(&dev->interface->dev, "Creating new target");
1862
1863 nfc_target.supported_protocols = NFC_PROTO_NFC_DEP_MASK;
1864 nfc_target.nfcid1_len = 10;
1865 memcpy(nfc_target.nfcid1, rsp->nfcid3t, nfc_target.nfcid1_len);
1866 rc = nfc_targets_found(dev->nfc_dev, &nfc_target, 1);
1867 if (rc)
1868 goto error;
1869
1870 dev->tgt_available_prots = 0;
1871 }
1872
1873 dev->tgt_active_prot = NFC_PROTO_NFC_DEP;
1874
1875 /* ATR_RES general bytes are located at offset 17 */
1876 target_gt_len = resp->len - 17;
1877 rc = nfc_set_remote_general_bytes(dev->nfc_dev,
1878 rsp->gt, target_gt_len);
1879 if (rc == 0)
1880 rc = nfc_dep_link_is_up(dev->nfc_dev,
1881 dev->nfc_dev->targets[0].idx,
1882 !active, NFC_RF_INITIATOR);
1883
1884 error:
1885 dev_kfree_skb(resp);
1886 return rc;
1887 }
1888
1889 static int pn533_mod_to_baud(struct pn533 *dev)
1890 {
1891 switch (dev->poll_mod_curr) {
1892 case PN533_POLL_MOD_106KBPS_A:
1893 return 0;
1894 case PN533_POLL_MOD_212KBPS_FELICA:
1895 return 1;
1896 case PN533_POLL_MOD_424KBPS_FELICA:
1897 return 2;
1898 default:
1899 return -EINVAL;
1900 }
1901 }
1902
1903 #define PASSIVE_DATA_LEN 5
1904 static int pn533_dep_link_up(struct nfc_dev *nfc_dev, struct nfc_target *target,
1905 u8 comm_mode, u8 *gb, size_t gb_len)
1906 {
1907 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1908 struct sk_buff *skb;
1909 int rc, baud, skb_len;
1910 u8 *next, *arg;
1911
1912 u8 passive_data[PASSIVE_DATA_LEN] = {0x00, 0xff, 0xff, 0x00, 0x3};
1913
1914 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1915
1916 if (dev->poll_mod_count) {
1917 nfc_dev_err(&dev->interface->dev,
1918 "Cannot bring the DEP link up while polling");
1919 return -EBUSY;
1920 }
1921
1922 if (dev->tgt_active_prot) {
1923 nfc_dev_err(&dev->interface->dev,
1924 "There is already an active target");
1925 return -EBUSY;
1926 }
1927
1928 baud = pn533_mod_to_baud(dev);
1929 if (baud < 0) {
1930 nfc_dev_err(&dev->interface->dev,
1931 "Invalid curr modulation %d", dev->poll_mod_curr);
1932 return baud;
1933 }
1934
1935 skb_len = 3 + gb_len; /* ActPass + BR + Next */
1936 if (comm_mode == NFC_COMM_PASSIVE)
1937 skb_len += PASSIVE_DATA_LEN;
1938
1939 skb = pn533_alloc_skb(dev, skb_len);
1940 if (!skb)
1941 return -ENOMEM;
1942
1943 *skb_put(skb, 1) = !comm_mode; /* ActPass */
1944 *skb_put(skb, 1) = baud; /* Baud rate */
1945
1946 next = skb_put(skb, 1); /* Next */
1947 *next = 0;
1948
1949 if (comm_mode == NFC_COMM_PASSIVE && baud > 0) {
1950 memcpy(skb_put(skb, PASSIVE_DATA_LEN), passive_data,
1951 PASSIVE_DATA_LEN);
1952 *next |= 1;
1953 }
1954
1955 if (gb != NULL && gb_len > 0) {
1956 memcpy(skb_put(skb, gb_len), gb, gb_len);
1957 *next |= 4; /* We have some Gi */
1958 } else {
1959 *next = 0;
1960 }
1961
1962 arg = kmalloc(sizeof(*arg), GFP_KERNEL);
1963 if (!arg) {
1964 dev_kfree_skb(skb);
1965 return -ENOMEM;
1966 }
1967
1968 *arg = !comm_mode;
1969
1970 rc = pn533_send_cmd_async(dev, PN533_CMD_IN_JUMP_FOR_DEP, skb,
1971 pn533_in_dep_link_up_complete, arg);
1972
1973 if (rc < 0) {
1974 dev_kfree_skb(skb);
1975 kfree(arg);
1976 }
1977
1978 return rc;
1979 }
1980
1981 static int pn533_dep_link_down(struct nfc_dev *nfc_dev)
1982 {
1983 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1984
1985 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1986
1987 pn533_poll_reset_mod_list(dev);
1988
1989 if (dev->tgt_mode || dev->tgt_active_prot) {
1990 pn533_send_ack(dev, GFP_KERNEL);
1991 usb_kill_urb(dev->in_urb);
1992 }
1993
1994 dev->tgt_active_prot = 0;
1995 dev->tgt_mode = 0;
1996
1997 skb_queue_purge(&dev->resp_q);
1998
1999 return 0;
2000 }
2001
2002 struct pn533_data_exchange_arg {
2003 data_exchange_cb_t cb;
2004 void *cb_context;
2005 };
2006
2007 static struct sk_buff *pn533_build_response(struct pn533 *dev)
2008 {
2009 struct sk_buff *skb, *tmp, *t;
2010 unsigned int skb_len = 0, tmp_len = 0;
2011
2012 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2013
2014 if (skb_queue_empty(&dev->resp_q))
2015 return NULL;
2016
2017 if (skb_queue_len(&dev->resp_q) == 1) {
2018 skb = skb_dequeue(&dev->resp_q);
2019 goto out;
2020 }
2021
2022 skb_queue_walk_safe(&dev->resp_q, tmp, t)
2023 skb_len += tmp->len;
2024
2025 nfc_dev_dbg(&dev->interface->dev, "%s total length %d\n",
2026 __func__, skb_len);
2027
2028 skb = alloc_skb(skb_len, GFP_KERNEL);
2029 if (skb == NULL)
2030 goto out;
2031
2032 skb_put(skb, skb_len);
2033
2034 skb_queue_walk_safe(&dev->resp_q, tmp, t) {
2035 memcpy(skb->data + tmp_len, tmp->data, tmp->len);
2036 tmp_len += tmp->len;
2037 }
2038
2039 out:
2040 skb_queue_purge(&dev->resp_q);
2041
2042 return skb;
2043 }
2044
2045 static int pn533_data_exchange_complete(struct pn533 *dev, void *_arg,
2046 struct sk_buff *resp)
2047 {
2048 struct pn533_data_exchange_arg *arg = _arg;
2049 struct sk_buff *skb;
2050 int rc = 0;
2051 u8 status, ret, mi;
2052
2053 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2054
2055 if (IS_ERR(resp)) {
2056 rc = PTR_ERR(resp);
2057 goto _error;
2058 }
2059
2060 status = resp->data[0];
2061 ret = status & PN533_CMD_RET_MASK;
2062 mi = status & PN533_CMD_MI_MASK;
2063
2064 skb_pull(resp, sizeof(status));
2065
2066 if (ret != PN533_CMD_RET_SUCCESS) {
2067 nfc_dev_err(&dev->interface->dev,
2068 "PN533 reported error %d when exchanging data",
2069 ret);
2070 rc = -EIO;
2071 goto error;
2072 }
2073
2074 skb_queue_tail(&dev->resp_q, resp);
2075
2076 if (mi) {
2077 dev->cmd_complete_mi_arg = arg;
2078 queue_work(dev->wq, &dev->mi_work);
2079 return -EINPROGRESS;
2080 }
2081
2082 skb = pn533_build_response(dev);
2083 if (!skb)
2084 goto error;
2085
2086 arg->cb(arg->cb_context, skb, 0);
2087 kfree(arg);
2088 return 0;
2089
2090 error:
2091 dev_kfree_skb(resp);
2092 _error:
2093 skb_queue_purge(&dev->resp_q);
2094 arg->cb(arg->cb_context, NULL, rc);
2095 kfree(arg);
2096 return rc;
2097 }
2098
2099 static int pn533_transceive(struct nfc_dev *nfc_dev,
2100 struct nfc_target *target, struct sk_buff *skb,
2101 data_exchange_cb_t cb, void *cb_context)
2102 {
2103 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
2104 struct pn533_data_exchange_arg *arg = NULL;
2105 int rc;
2106
2107 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2108
2109 if (skb->len > PN533_CMD_DATAEXCH_DATA_MAXLEN) {
2110 /* TODO: Implement support to multi-part data exchange */
2111 nfc_dev_err(&dev->interface->dev,
2112 "Data length greater than the max allowed: %d",
2113 PN533_CMD_DATAEXCH_DATA_MAXLEN);
2114 rc = -ENOSYS;
2115 goto error;
2116 }
2117
2118 if (!dev->tgt_active_prot) {
2119 nfc_dev_err(&dev->interface->dev,
2120 "Can't exchange data if there is no active target");
2121 rc = -EINVAL;
2122 goto error;
2123 }
2124
2125 arg = kmalloc(sizeof(*arg), GFP_KERNEL);
2126 if (!arg) {
2127 rc = -ENOMEM;
2128 goto error;
2129 }
2130
2131 arg->cb = cb;
2132 arg->cb_context = cb_context;
2133
2134 switch (dev->device_type) {
2135 case PN533_DEVICE_PASORI:
2136 if (dev->tgt_active_prot == NFC_PROTO_FELICA) {
2137 rc = pn533_send_data_async(dev, PN533_CMD_IN_COMM_THRU,
2138 skb,
2139 pn533_data_exchange_complete,
2140 arg);
2141
2142 break;
2143 }
2144 default:
2145 *skb_push(skb, sizeof(u8)) = 1; /*TG*/
2146
2147 rc = pn533_send_data_async(dev, PN533_CMD_IN_DATA_EXCHANGE,
2148 skb, pn533_data_exchange_complete,
2149 arg);
2150
2151 break;
2152 }
2153
2154 if (rc < 0) /* rc from send_async */
2155 goto error;
2156
2157 return 0;
2158
2159 error:
2160 kfree(arg);
2161 dev_kfree_skb(skb);
2162 return rc;
2163 }
2164
2165 static int pn533_tm_send_complete(struct pn533 *dev, void *arg,
2166 struct sk_buff *resp)
2167 {
2168 u8 status;
2169
2170 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2171
2172 if (IS_ERR(resp))
2173 return PTR_ERR(resp);
2174
2175 status = resp->data[0];
2176
2177 dev_kfree_skb(resp);
2178
2179 if (status != 0) {
2180 nfc_tm_deactivated(dev->nfc_dev);
2181
2182 dev->tgt_mode = 0;
2183
2184 return 0;
2185 }
2186
2187 queue_work(dev->wq, &dev->tg_work);
2188
2189 return 0;
2190 }
2191
2192 static int pn533_tm_send(struct nfc_dev *nfc_dev, struct sk_buff *skb)
2193 {
2194 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
2195 int rc;
2196
2197 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2198
2199 if (skb->len > PN533_CMD_DATAEXCH_DATA_MAXLEN) {
2200 nfc_dev_err(&dev->interface->dev,
2201 "Data length greater than the max allowed: %d",
2202 PN533_CMD_DATAEXCH_DATA_MAXLEN);
2203 return -ENOSYS;
2204 }
2205
2206 rc = pn533_send_data_async(dev, PN533_CMD_TG_SET_DATA, skb,
2207 pn533_tm_send_complete, NULL);
2208 if (rc < 0)
2209 dev_kfree_skb(skb);
2210
2211 return rc;
2212 }
2213
2214 static void pn533_wq_mi_recv(struct work_struct *work)
2215 {
2216 struct pn533 *dev = container_of(work, struct pn533, mi_work);
2217
2218 struct sk_buff *skb;
2219 int rc;
2220
2221 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2222
2223 skb = pn533_alloc_skb(dev, PN533_CMD_DATAEXCH_HEAD_LEN);
2224 if (!skb)
2225 goto error;
2226
2227 switch (dev->device_type) {
2228 case PN533_DEVICE_PASORI:
2229 if (dev->tgt_active_prot == NFC_PROTO_FELICA) {
2230 rc = pn533_send_cmd_direct_async(dev,
2231 PN533_CMD_IN_COMM_THRU,
2232 skb,
2233 pn533_data_exchange_complete,
2234 dev->cmd_complete_mi_arg);
2235
2236 break;
2237 }
2238 default:
2239 *skb_put(skb, sizeof(u8)) = 1; /*TG*/
2240
2241 rc = pn533_send_cmd_direct_async(dev,
2242 PN533_CMD_IN_DATA_EXCHANGE,
2243 skb,
2244 pn533_data_exchange_complete,
2245 dev->cmd_complete_mi_arg);
2246
2247 break;
2248 }
2249
2250 if (rc == 0) /* success */
2251 return;
2252
2253 nfc_dev_err(&dev->interface->dev,
2254 "Error %d when trying to perform data_exchange", rc);
2255
2256 dev_kfree_skb(skb);
2257 kfree(dev->cmd_complete_arg);
2258
2259 error:
2260 pn533_send_ack(dev, GFP_KERNEL);
2261 queue_work(dev->wq, &dev->cmd_work);
2262 }
2263
2264 static int pn533_set_configuration(struct pn533 *dev, u8 cfgitem, u8 *cfgdata,
2265 u8 cfgdata_len)
2266 {
2267 struct sk_buff *skb;
2268 struct sk_buff *resp;
2269
2270 int skb_len;
2271
2272 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2273
2274 skb_len = sizeof(cfgitem) + cfgdata_len; /* cfgitem + cfgdata */
2275
2276 skb = pn533_alloc_skb(dev, skb_len);
2277 if (!skb)
2278 return -ENOMEM;
2279
2280 *skb_put(skb, sizeof(cfgitem)) = cfgitem;
2281 memcpy(skb_put(skb, cfgdata_len), cfgdata, cfgdata_len);
2282
2283 resp = pn533_send_cmd_sync(dev, PN533_CMD_RF_CONFIGURATION, skb);
2284 if (IS_ERR(resp))
2285 return PTR_ERR(resp);
2286
2287 dev_kfree_skb(resp);
2288 return 0;
2289 }
2290
2291 static int pn533_get_firmware_version(struct pn533 *dev,
2292 struct pn533_fw_version *fv)
2293 {
2294 struct sk_buff *skb;
2295 struct sk_buff *resp;
2296
2297 skb = pn533_alloc_skb(dev, 0);
2298 if (!skb)
2299 return -ENOMEM;
2300
2301 resp = pn533_send_cmd_sync(dev, PN533_CMD_GET_FIRMWARE_VERSION, skb);
2302 if (IS_ERR(resp))
2303 return PTR_ERR(resp);
2304
2305 fv->ic = resp->data[0];
2306 fv->ver = resp->data[1];
2307 fv->rev = resp->data[2];
2308 fv->support = resp->data[3];
2309
2310 dev_kfree_skb(resp);
2311 return 0;
2312 }
2313
2314 static int pn533_fw_reset(struct pn533 *dev)
2315 {
2316 struct sk_buff *skb;
2317 struct sk_buff *resp;
2318
2319 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2320
2321 skb = pn533_alloc_skb(dev, sizeof(u8));
2322 if (!skb)
2323 return -ENOMEM;
2324
2325 *skb_put(skb, sizeof(u8)) = 0x1;
2326
2327 resp = pn533_send_cmd_sync(dev, 0x18, skb);
2328 if (IS_ERR(resp))
2329 return PTR_ERR(resp);
2330
2331 dev_kfree_skb(resp);
2332
2333 return 0;
2334 }
2335
2336 static struct nfc_ops pn533_nfc_ops = {
2337 .dev_up = NULL,
2338 .dev_down = NULL,
2339 .dep_link_up = pn533_dep_link_up,
2340 .dep_link_down = pn533_dep_link_down,
2341 .start_poll = pn533_start_poll,
2342 .stop_poll = pn533_stop_poll,
2343 .activate_target = pn533_activate_target,
2344 .deactivate_target = pn533_deactivate_target,
2345 .im_transceive = pn533_transceive,
2346 .tm_send = pn533_tm_send,
2347 };
2348
2349 static int pn533_setup(struct pn533 *dev)
2350 {
2351 struct pn533_config_max_retries max_retries;
2352 struct pn533_config_timing timing;
2353 u8 pasori_cfg[3] = {0x08, 0x01, 0x08};
2354 int rc;
2355
2356 switch (dev->device_type) {
2357 case PN533_DEVICE_STD:
2358 max_retries.mx_rty_atr = PN533_CONFIG_MAX_RETRIES_ENDLESS;
2359 max_retries.mx_rty_psl = 2;
2360 max_retries.mx_rty_passive_act =
2361 PN533_CONFIG_MAX_RETRIES_NO_RETRY;
2362
2363 timing.rfu = PN533_CONFIG_TIMING_102;
2364 timing.atr_res_timeout = PN533_CONFIG_TIMING_204;
2365 timing.dep_timeout = PN533_CONFIG_TIMING_409;
2366
2367 break;
2368
2369 case PN533_DEVICE_PASORI:
2370 max_retries.mx_rty_atr = 0x2;
2371 max_retries.mx_rty_psl = 0x1;
2372 max_retries.mx_rty_passive_act =
2373 PN533_CONFIG_MAX_RETRIES_NO_RETRY;
2374
2375 timing.rfu = PN533_CONFIG_TIMING_102;
2376 timing.atr_res_timeout = PN533_CONFIG_TIMING_102;
2377 timing.dep_timeout = PN533_CONFIG_TIMING_204;
2378
2379 break;
2380
2381 default:
2382 nfc_dev_err(&dev->interface->dev, "Unknown device type %d\n",
2383 dev->device_type);
2384 return -EINVAL;
2385 }
2386
2387 rc = pn533_set_configuration(dev, PN533_CFGITEM_MAX_RETRIES,
2388 (u8 *)&max_retries, sizeof(max_retries));
2389 if (rc) {
2390 nfc_dev_err(&dev->interface->dev,
2391 "Error on setting MAX_RETRIES config");
2392 return rc;
2393 }
2394
2395
2396 rc = pn533_set_configuration(dev, PN533_CFGITEM_TIMING,
2397 (u8 *)&timing, sizeof(timing));
2398 if (rc) {
2399 nfc_dev_err(&dev->interface->dev,
2400 "Error on setting RF timings");
2401 return rc;
2402 }
2403
2404 switch (dev->device_type) {
2405 case PN533_DEVICE_STD:
2406 break;
2407
2408 case PN533_DEVICE_PASORI:
2409 pn533_fw_reset(dev);
2410
2411 rc = pn533_set_configuration(dev, PN533_CFGITEM_PASORI,
2412 pasori_cfg, 3);
2413 if (rc) {
2414 nfc_dev_err(&dev->interface->dev,
2415 "Error while settings PASORI config");
2416 return rc;
2417 }
2418
2419 pn533_fw_reset(dev);
2420
2421 break;
2422 }
2423
2424 return 0;
2425 }
2426
2427 static int pn533_probe(struct usb_interface *interface,
2428 const struct usb_device_id *id)
2429 {
2430 struct pn533_fw_version fw_ver;
2431 struct pn533 *dev;
2432 struct usb_host_interface *iface_desc;
2433 struct usb_endpoint_descriptor *endpoint;
2434 int in_endpoint = 0;
2435 int out_endpoint = 0;
2436 int rc = -ENOMEM;
2437 int i;
2438 u32 protocols;
2439
2440 dev = kzalloc(sizeof(*dev), GFP_KERNEL);
2441 if (!dev)
2442 return -ENOMEM;
2443
2444 dev->udev = usb_get_dev(interface_to_usbdev(interface));
2445 dev->interface = interface;
2446 mutex_init(&dev->cmd_lock);
2447
2448 iface_desc = interface->cur_altsetting;
2449 for (i = 0; i < iface_desc->desc.bNumEndpoints; ++i) {
2450 endpoint = &iface_desc->endpoint[i].desc;
2451
2452 if (!in_endpoint && usb_endpoint_is_bulk_in(endpoint))
2453 in_endpoint = endpoint->bEndpointAddress;
2454
2455 if (!out_endpoint && usb_endpoint_is_bulk_out(endpoint))
2456 out_endpoint = endpoint->bEndpointAddress;
2457 }
2458
2459 if (!in_endpoint || !out_endpoint) {
2460 nfc_dev_err(&interface->dev,
2461 "Could not find bulk-in or bulk-out endpoint");
2462 rc = -ENODEV;
2463 goto error;
2464 }
2465
2466 dev->in_urb = usb_alloc_urb(0, GFP_KERNEL);
2467 dev->out_urb = usb_alloc_urb(0, GFP_KERNEL);
2468
2469 if (!dev->in_urb || !dev->out_urb)
2470 goto error;
2471
2472 usb_fill_bulk_urb(dev->in_urb, dev->udev,
2473 usb_rcvbulkpipe(dev->udev, in_endpoint),
2474 NULL, 0, NULL, dev);
2475 usb_fill_bulk_urb(dev->out_urb, dev->udev,
2476 usb_sndbulkpipe(dev->udev, out_endpoint),
2477 NULL, 0, pn533_send_complete, dev);
2478
2479 INIT_WORK(&dev->cmd_work, pn533_wq_cmd);
2480 INIT_WORK(&dev->cmd_complete_work, pn533_wq_cmd_complete);
2481 INIT_WORK(&dev->mi_work, pn533_wq_mi_recv);
2482 INIT_WORK(&dev->tg_work, pn533_wq_tg_get_data);
2483 INIT_WORK(&dev->poll_work, pn533_wq_poll);
2484 dev->wq = alloc_ordered_workqueue("pn533", 0);
2485 if (dev->wq == NULL)
2486 goto error;
2487
2488 init_timer(&dev->listen_timer);
2489 dev->listen_timer.data = (unsigned long) dev;
2490 dev->listen_timer.function = pn533_listen_mode_timer;
2491
2492 skb_queue_head_init(&dev->resp_q);
2493
2494 INIT_LIST_HEAD(&dev->cmd_queue);
2495
2496 usb_set_intfdata(interface, dev);
2497
2498 dev->ops = &pn533_std_frame_ops;
2499
2500 dev->device_type = id->driver_info;
2501 switch (dev->device_type) {
2502 case PN533_DEVICE_STD:
2503 protocols = PN533_ALL_PROTOCOLS;
2504 break;
2505
2506 case PN533_DEVICE_PASORI:
2507 protocols = PN533_NO_TYPE_B_PROTOCOLS;
2508 break;
2509
2510 default:
2511 nfc_dev_err(&dev->interface->dev, "Unknown device type %d\n",
2512 dev->device_type);
2513 rc = -EINVAL;
2514 goto destroy_wq;
2515 }
2516
2517 memset(&fw_ver, 0, sizeof(fw_ver));
2518 rc = pn533_get_firmware_version(dev, &fw_ver);
2519 if (rc < 0)
2520 goto destroy_wq;
2521
2522 nfc_dev_info(&dev->interface->dev,
2523 "NXP PN533 firmware ver %d.%d now attached",
2524 fw_ver.ver, fw_ver.rev);
2525
2526
2527 dev->nfc_dev = nfc_allocate_device(&pn533_nfc_ops, protocols,
2528 NFC_SE_NONE,
2529 dev->ops->tx_header_len +
2530 PN533_CMD_DATAEXCH_HEAD_LEN,
2531 dev->ops->tx_tail_len);
2532 if (!dev->nfc_dev)
2533 goto destroy_wq;
2534
2535 nfc_set_parent_dev(dev->nfc_dev, &interface->dev);
2536 nfc_set_drvdata(dev->nfc_dev, dev);
2537
2538 rc = nfc_register_device(dev->nfc_dev);
2539 if (rc)
2540 goto free_nfc_dev;
2541
2542 rc = pn533_setup(dev);
2543 if (rc)
2544 goto unregister_nfc_dev;
2545
2546 return 0;
2547
2548 unregister_nfc_dev:
2549 nfc_unregister_device(dev->nfc_dev);
2550
2551 free_nfc_dev:
2552 nfc_free_device(dev->nfc_dev);
2553
2554 destroy_wq:
2555 destroy_workqueue(dev->wq);
2556 error:
2557 usb_free_urb(dev->in_urb);
2558 usb_free_urb(dev->out_urb);
2559 kfree(dev);
2560 return rc;
2561 }
2562
2563 static void pn533_disconnect(struct usb_interface *interface)
2564 {
2565 struct pn533 *dev;
2566 struct pn533_cmd *cmd, *n;
2567
2568 dev = usb_get_intfdata(interface);
2569 usb_set_intfdata(interface, NULL);
2570
2571 nfc_unregister_device(dev->nfc_dev);
2572 nfc_free_device(dev->nfc_dev);
2573
2574 usb_kill_urb(dev->in_urb);
2575 usb_kill_urb(dev->out_urb);
2576
2577 destroy_workqueue(dev->wq);
2578
2579 skb_queue_purge(&dev->resp_q);
2580
2581 del_timer(&dev->listen_timer);
2582
2583 list_for_each_entry_safe(cmd, n, &dev->cmd_queue, queue) {
2584 list_del(&cmd->queue);
2585 kfree(cmd);
2586 }
2587
2588 usb_free_urb(dev->in_urb);
2589 usb_free_urb(dev->out_urb);
2590 kfree(dev);
2591
2592 nfc_dev_info(&interface->dev, "NXP PN533 NFC device disconnected");
2593 }
2594
2595 static struct usb_driver pn533_driver = {
2596 .name = "pn533",
2597 .probe = pn533_probe,
2598 .disconnect = pn533_disconnect,
2599 .id_table = pn533_table,
2600 };
2601
2602 module_usb_driver(pn533_driver);
2603
2604 MODULE_AUTHOR("Lauro Ramos Venancio <lauro.venancio@openbossa.org>,"
2605 " Aloisio Almeida Jr <aloisio.almeida@openbossa.org>");
2606 MODULE_DESCRIPTION("PN533 usb driver ver " VERSION);
2607 MODULE_VERSION(VERSION);
2608 MODULE_LICENSE("GPL");
ubuntu-zesty-kernel mirror