2 * Copyright (C) 2011 Instituto Nokia de Tecnologia
5 * Lauro Ramos Venancio <lauro.venancio@openbossa.org>
6 * Aloisio Almeida Jr <aloisio.almeida@openbossa.org>
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the
20 * Free Software Foundation, Inc.,
21 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
24 #include <linux/device.h>
25 #include <linux/kernel.h>
26 #include <linux/module.h>
27 #include <linux/slab.h>
28 #include <linux/usb.h>
29 #include <linux/nfc.h>
30 #include <linux/netdevice.h>
31 #include <net/nfc/nfc.h>
35 #define PN533_VENDOR_ID 0x4CC
36 #define PN533_PRODUCT_ID 0x2533
38 #define SCM_VENDOR_ID 0x4E6
39 #define SCL3711_PRODUCT_ID 0x5591
41 #define SONY_VENDOR_ID 0x054c
42 #define PASORI_PRODUCT_ID 0x02e1
44 #define PN533_DEVICE_STD 0x1
45 #define PN533_DEVICE_PASORI 0x2
47 #define PN533_ALL_PROTOCOLS (NFC_PROTO_JEWEL_MASK | NFC_PROTO_MIFARE_MASK |\
48 NFC_PROTO_FELICA_MASK | NFC_PROTO_ISO14443_MASK |\
49 NFC_PROTO_NFC_DEP_MASK |\
50 NFC_PROTO_ISO14443_B_MASK)
52 #define PN533_NO_TYPE_B_PROTOCOLS (NFC_PROTO_JEWEL_MASK | \
53 NFC_PROTO_MIFARE_MASK | \
54 NFC_PROTO_FELICA_MASK | \
55 NFC_PROTO_ISO14443_MASK | \
56 NFC_PROTO_NFC_DEP_MASK)
58 static const struct usb_device_id pn533_table[] = {
59 { .match_flags = USB_DEVICE_ID_MATCH_DEVICE,
60 .idVendor = PN533_VENDOR_ID,
61 .idProduct = PN533_PRODUCT_ID,
62 .driver_info = PN533_DEVICE_STD,
64 { .match_flags = USB_DEVICE_ID_MATCH_DEVICE,
65 .idVendor = SCM_VENDOR_ID,
66 .idProduct = SCL3711_PRODUCT_ID,
67 .driver_info = PN533_DEVICE_STD,
69 { .match_flags = USB_DEVICE_ID_MATCH_DEVICE,
70 .idVendor = SONY_VENDOR_ID,
71 .idProduct = PASORI_PRODUCT_ID,
72 .driver_info = PN533_DEVICE_PASORI,
76 MODULE_DEVICE_TABLE(usb, pn533_table);
78 /* How much time we spend listening for initiators */
79 #define PN533_LISTEN_TIME 2
81 /* frame definitions */
82 #define PN533_FRAME_HEADER_LEN (sizeof(struct pn533_frame) \
83 + 2) /* data[0] TFI, data[1] CC */
84 #define PN533_FRAME_TAIL_LEN 2 /* data[len] DCS, data[len + 1] postamble*/
87 * Max extended frame payload len, excluding TFI and CC
88 * which are already in PN533_FRAME_HEADER_LEN.
90 #define PN533_FRAME_MAX_PAYLOAD_LEN 263
92 #define PN533_FRAME_ACK_SIZE 6 /* Preamble (1), SoPC (2), ACK Code (2),
94 #define PN533_FRAME_CHECKSUM(f) (f->data[f->datalen])
95 #define PN533_FRAME_POSTAMBLE(f) (f->data[f->datalen + 1])
98 #define PN533_SOF 0x00FF
100 /* frame identifier: in/out/error */
101 #define PN533_FRAME_IDENTIFIER(f) (f->data[0])
102 #define PN533_DIR_OUT 0xD4
103 #define PN533_DIR_IN 0xD5
106 #define PN533_FRAME_CMD(f) (f->data[1])
108 #define PN533_CMD_GET_FIRMWARE_VERSION 0x02
109 #define PN533_CMD_RF_CONFIGURATION 0x32
110 #define PN533_CMD_IN_DATA_EXCHANGE 0x40
111 #define PN533_CMD_IN_COMM_THRU 0x42
112 #define PN533_CMD_IN_LIST_PASSIVE_TARGET 0x4A
113 #define PN533_CMD_IN_ATR 0x50
114 #define PN533_CMD_IN_RELEASE 0x52
115 #define PN533_CMD_IN_JUMP_FOR_DEP 0x56
117 #define PN533_CMD_TG_INIT_AS_TARGET 0x8c
118 #define PN533_CMD_TG_GET_DATA 0x86
119 #define PN533_CMD_TG_SET_DATA 0x8e
120 #define PN533_CMD_UNDEF 0xff
122 #define PN533_CMD_RESPONSE(cmd) (cmd + 1)
124 /* PN533 Return codes */
125 #define PN533_CMD_RET_MASK 0x3F
126 #define PN533_CMD_MI_MASK 0x40
127 #define PN533_CMD_RET_SUCCESS 0x00
131 typedef int (*pn533_cmd_complete_t) (struct pn533 *dev, void *arg, int status);
133 typedef int (*pn533_send_async_complete_t) (struct pn533 *dev, void *arg,
134 struct sk_buff *resp);
136 /* structs for pn533 commands */
138 /* PN533_CMD_GET_FIRMWARE_VERSION */
139 struct pn533_fw_version {
146 /* PN533_CMD_RF_CONFIGURATION */
147 #define PN533_CFGITEM_TIMING 0x02
148 #define PN533_CFGITEM_MAX_RETRIES 0x05
149 #define PN533_CFGITEM_PASORI 0x82
151 #define PN533_CONFIG_TIMING_102 0xb
152 #define PN533_CONFIG_TIMING_204 0xc
153 #define PN533_CONFIG_TIMING_409 0xd
154 #define PN533_CONFIG_TIMING_819 0xe
156 #define PN533_CONFIG_MAX_RETRIES_NO_RETRY 0x00
157 #define PN533_CONFIG_MAX_RETRIES_ENDLESS 0xFF
159 struct pn533_config_max_retries {
162 u8 mx_rty_passive_act;
165 struct pn533_config_timing {
171 /* PN533_CMD_IN_LIST_PASSIVE_TARGET */
173 /* felica commands opcode */
174 #define PN533_FELICA_OPC_SENSF_REQ 0
175 #define PN533_FELICA_OPC_SENSF_RES 1
176 /* felica SENSF_REQ parameters */
177 #define PN533_FELICA_SENSF_SC_ALL 0xFFFF
178 #define PN533_FELICA_SENSF_RC_NO_SYSTEM_CODE 0
179 #define PN533_FELICA_SENSF_RC_SYSTEM_CODE 1
180 #define PN533_FELICA_SENSF_RC_ADVANCED_PROTOCOL 2
182 /* type B initiator_data values */
183 #define PN533_TYPE_B_AFI_ALL_FAMILIES 0
184 #define PN533_TYPE_B_POLL_METHOD_TIMESLOT 0
185 #define PN533_TYPE_B_POLL_METHOD_PROBABILISTIC 1
187 union pn533_cmd_poll_initdata {
200 /* Poll modulations */
202 PN533_POLL_MOD_106KBPS_A,
203 PN533_POLL_MOD_212KBPS_FELICA,
204 PN533_POLL_MOD_424KBPS_FELICA,
205 PN533_POLL_MOD_106KBPS_JEWEL,
206 PN533_POLL_MOD_847KBPS_B,
209 __PN533_POLL_MOD_AFTER_LAST,
211 #define PN533_POLL_MOD_MAX (__PN533_POLL_MOD_AFTER_LAST - 1)
213 struct pn533_poll_modulations {
217 union pn533_cmd_poll_initdata initiator_data;
222 const struct pn533_poll_modulations poll_mod[] = {
223 [PN533_POLL_MOD_106KBPS_A] = {
230 [PN533_POLL_MOD_212KBPS_FELICA] = {
234 .initiator_data.felica = {
235 .opcode = PN533_FELICA_OPC_SENSF_REQ,
236 .sc = PN533_FELICA_SENSF_SC_ALL,
237 .rc = PN533_FELICA_SENSF_RC_NO_SYSTEM_CODE,
243 [PN533_POLL_MOD_424KBPS_FELICA] = {
247 .initiator_data.felica = {
248 .opcode = PN533_FELICA_OPC_SENSF_REQ,
249 .sc = PN533_FELICA_SENSF_SC_ALL,
250 .rc = PN533_FELICA_SENSF_RC_NO_SYSTEM_CODE,
256 [PN533_POLL_MOD_106KBPS_JEWEL] = {
263 [PN533_POLL_MOD_847KBPS_B] = {
267 .initiator_data.type_b = {
268 .afi = PN533_TYPE_B_AFI_ALL_FAMILIES,
270 PN533_TYPE_B_POLL_METHOD_TIMESLOT,
275 [PN533_LISTEN_MOD] = {
280 /* PN533_CMD_IN_ATR */
282 struct pn533_cmd_activate_response {
294 struct pn533_cmd_jump_dep_response {
308 /* PN533_TG_INIT_AS_TARGET */
309 #define PN533_INIT_TARGET_PASSIVE 0x1
310 #define PN533_INIT_TARGET_DEP 0x2
312 #define PN533_INIT_TARGET_RESP_FRAME_MASK 0x3
313 #define PN533_INIT_TARGET_RESP_ACTIVE 0x1
314 #define PN533_INIT_TARGET_RESP_DEP 0x4
317 struct usb_device *udev;
318 struct usb_interface *interface;
319 struct nfc_dev *nfc_dev;
324 struct sk_buff_head resp_q;
326 struct workqueue_struct *wq;
327 struct work_struct cmd_work;
328 struct work_struct cmd_complete_work;
329 struct work_struct poll_work;
330 struct work_struct mi_work;
331 struct work_struct tg_work;
332 struct timer_list listen_timer;
336 pn533_cmd_complete_t cmd_complete;
337 void *cmd_complete_arg;
338 void *cmd_complete_mi_arg;
339 struct mutex cmd_lock;
342 struct pn533_poll_modulations *poll_mod_active[PN533_POLL_MOD_MAX + 1];
346 u32 listen_protocols;
351 u8 tgt_available_prots;
357 struct list_head cmd_queue;
360 struct pn533_frame_ops *ops;
364 struct list_head queue;
367 struct sk_buff *resp;
380 struct pn533_frame_ops {
381 void (*tx_frame_init)(void *frame, u8 cmd_code);
382 void (*tx_frame_finish)(void *frame);
383 void (*tx_update_payload_len)(void *frame, int len);
387 bool (*rx_is_frame_valid)(void *frame);
388 int (*rx_frame_size)(void *frame);
393 u8 (*get_cmd_code)(void *frame);
396 /* The rule: value + checksum = 0 */
397 static inline u8 pn533_checksum(u8 value)
402 /* The rule: sum(data elements) + checksum = 0 */
403 static u8 pn533_data_checksum(u8 *data, int datalen)
408 for (i = 0; i < datalen; i++)
411 return pn533_checksum(sum);
414 static void pn533_tx_frame_init(void *_frame, u8 cmd_code)
416 struct pn533_frame *frame = _frame;
419 frame->start_frame = cpu_to_be16(PN533_SOF);
420 PN533_FRAME_IDENTIFIER(frame) = PN533_DIR_OUT;
421 PN533_FRAME_CMD(frame) = cmd_code;
425 static void pn533_tx_frame_finish(void *_frame)
427 struct pn533_frame *frame = _frame;
429 frame->datalen_checksum = pn533_checksum(frame->datalen);
431 PN533_FRAME_CHECKSUM(frame) =
432 pn533_data_checksum(frame->data, frame->datalen);
434 PN533_FRAME_POSTAMBLE(frame) = 0;
437 static void pn533_tx_update_payload_len(void *_frame, int len)
439 struct pn533_frame *frame = _frame;
441 frame->datalen += len;
444 static bool pn533_rx_frame_is_valid(void *_frame)
447 struct pn533_frame *frame = _frame;
449 if (frame->start_frame != cpu_to_be16(PN533_SOF))
452 checksum = pn533_checksum(frame->datalen);
453 if (checksum != frame->datalen_checksum)
456 checksum = pn533_data_checksum(frame->data, frame->datalen);
457 if (checksum != PN533_FRAME_CHECKSUM(frame))
463 static bool pn533_rx_frame_is_ack(struct pn533_frame *frame)
465 if (frame->start_frame != cpu_to_be16(PN533_SOF))
468 if (frame->datalen != 0 || frame->datalen_checksum != 0xFF)
474 static inline int pn533_rx_frame_size(void *frame)
476 struct pn533_frame *f = frame;
478 return sizeof(struct pn533_frame) + f->datalen + PN533_FRAME_TAIL_LEN;
481 static u8 pn533_get_cmd_code(void *frame)
483 struct pn533_frame *f = frame;
485 return PN533_FRAME_CMD(f);
488 struct pn533_frame_ops pn533_std_frame_ops = {
489 .tx_frame_init = pn533_tx_frame_init,
490 .tx_frame_finish = pn533_tx_frame_finish,
491 .tx_update_payload_len = pn533_tx_update_payload_len,
492 .tx_header_len = PN533_FRAME_HEADER_LEN,
493 .tx_tail_len = PN533_FRAME_TAIL_LEN,
495 .rx_is_frame_valid = pn533_rx_frame_is_valid,
496 .rx_frame_size = pn533_rx_frame_size,
497 .rx_header_len = PN533_FRAME_HEADER_LEN,
498 .rx_tail_len = PN533_FRAME_TAIL_LEN,
500 .max_payload_len = PN533_FRAME_MAX_PAYLOAD_LEN,
501 .get_cmd_code = pn533_get_cmd_code,
504 static bool pn533_rx_frame_is_cmd_response(struct pn533 *dev, void *frame)
506 return (dev->ops->get_cmd_code(frame) == PN533_CMD_RESPONSE(dev->cmd));
510 static void pn533_wq_cmd_complete(struct work_struct *work)
512 struct pn533 *dev = container_of(work, struct pn533, cmd_complete_work);
515 rc = dev->cmd_complete(dev, dev->cmd_complete_arg, dev->wq_in_error);
516 if (rc != -EINPROGRESS)
517 queue_work(dev->wq, &dev->cmd_work);
520 static void pn533_recv_response(struct urb *urb)
522 struct pn533 *dev = urb->context;
525 switch (urb->status) {
530 nfc_dev_dbg(&dev->interface->dev,
531 "The urb has been canceled (status %d)",
533 dev->wq_in_error = urb->status;
538 nfc_dev_err(&dev->interface->dev,
539 "Urb failure (status %d)", urb->status);
540 dev->wq_in_error = urb->status;
544 in_frame = dev->in_urb->transfer_buffer;
546 nfc_dev_dbg(&dev->interface->dev, "Received a frame.");
547 print_hex_dump(KERN_DEBUG, "PN533 RX: ", DUMP_PREFIX_NONE, 16, 1,
548 in_frame, dev->ops->rx_frame_size(in_frame), false);
550 if (!dev->ops->rx_is_frame_valid(in_frame)) {
551 nfc_dev_err(&dev->interface->dev, "Received an invalid frame");
552 dev->wq_in_error = -EIO;
556 if (!pn533_rx_frame_is_cmd_response(dev, in_frame)) {
557 nfc_dev_err(&dev->interface->dev,
558 "It it not the response to the last command");
559 dev->wq_in_error = -EIO;
563 dev->wq_in_error = 0;
566 queue_work(dev->wq, &dev->cmd_complete_work);
569 static int pn533_submit_urb_for_response(struct pn533 *dev, gfp_t flags)
571 dev->in_urb->complete = pn533_recv_response;
573 return usb_submit_urb(dev->in_urb, flags);
576 static void pn533_recv_ack(struct urb *urb)
578 struct pn533 *dev = urb->context;
579 struct pn533_frame *in_frame;
582 switch (urb->status) {
587 nfc_dev_dbg(&dev->interface->dev,
588 "The urb has been stopped (status %d)",
590 dev->wq_in_error = urb->status;
595 nfc_dev_err(&dev->interface->dev,
596 "Urb failure (status %d)", urb->status);
597 dev->wq_in_error = urb->status;
601 in_frame = dev->in_urb->transfer_buffer;
603 if (!pn533_rx_frame_is_ack(in_frame)) {
604 nfc_dev_err(&dev->interface->dev, "Received an invalid ack");
605 dev->wq_in_error = -EIO;
609 rc = pn533_submit_urb_for_response(dev, GFP_ATOMIC);
611 nfc_dev_err(&dev->interface->dev,
612 "usb_submit_urb failed with result %d", rc);
613 dev->wq_in_error = rc;
620 queue_work(dev->wq, &dev->cmd_complete_work);
623 static int pn533_submit_urb_for_ack(struct pn533 *dev, gfp_t flags)
625 dev->in_urb->complete = pn533_recv_ack;
627 return usb_submit_urb(dev->in_urb, flags);
630 static int pn533_send_ack(struct pn533 *dev, gfp_t flags)
632 u8 ack[PN533_FRAME_ACK_SIZE] = {0x00, 0x00, 0xff, 0x00, 0xff, 0x00};
633 /* spec 7.1.1.3: Preamble, SoPC (2), ACK Code (2), Postamble */
636 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
638 dev->out_urb->transfer_buffer = ack;
639 dev->out_urb->transfer_buffer_length = sizeof(ack);
640 rc = usb_submit_urb(dev->out_urb, flags);
645 static int __pn533_send_frame_async(struct pn533 *dev,
649 pn533_cmd_complete_t cmd_complete,
654 dev->cmd = dev->ops->get_cmd_code(out->data);
655 dev->cmd_complete = cmd_complete;
656 dev->cmd_complete_arg = arg;
658 dev->out_urb->transfer_buffer = out->data;
659 dev->out_urb->transfer_buffer_length = out->len;
661 dev->in_urb->transfer_buffer = in->data;
662 dev->in_urb->transfer_buffer_length = in_len;
664 print_hex_dump(KERN_DEBUG, "PN533 TX: ", DUMP_PREFIX_NONE, 16, 1,
665 out->data, out->len, false);
667 rc = usb_submit_urb(dev->out_urb, GFP_KERNEL);
671 rc = pn533_submit_urb_for_ack(dev, GFP_KERNEL);
678 usb_unlink_urb(dev->out_urb);
682 static void pn533_build_cmd_frame(struct pn533 *dev, u8 cmd_code,
685 /* payload is already there, just update datalen */
686 int payload_len = skb->len;
687 struct pn533_frame_ops *ops = dev->ops;
690 skb_push(skb, ops->tx_header_len);
691 skb_put(skb, ops->tx_tail_len);
693 ops->tx_frame_init(skb->data, cmd_code);
694 ops->tx_update_payload_len(skb->data, payload_len);
695 ops->tx_frame_finish(skb->data);
698 struct pn533_send_async_complete_arg {
699 pn533_send_async_complete_t complete_cb;
700 void *complete_cb_context;
701 struct sk_buff *resp;
705 static int pn533_send_async_complete(struct pn533 *dev, void *_arg, int status)
707 struct pn533_send_async_complete_arg *arg = _arg;
709 struct sk_buff *req = arg->req;
710 struct sk_buff *resp = arg->resp;
717 arg->complete_cb(dev, arg->complete_cb_context,
724 skb_put(resp, dev->ops->rx_frame_size(resp->data));
725 skb_pull(resp, dev->ops->rx_header_len);
726 skb_trim(resp, resp->len - dev->ops->rx_tail_len);
728 rc = arg->complete_cb(dev, arg->complete_cb_context, resp);
734 static int __pn533_send_async(struct pn533 *dev, u8 cmd_code,
735 struct sk_buff *req, struct sk_buff *resp,
737 pn533_send_async_complete_t complete_cb,
738 void *complete_cb_context)
740 struct pn533_cmd *cmd;
741 struct pn533_send_async_complete_arg *arg;
744 nfc_dev_dbg(&dev->interface->dev, "Sending command 0x%x", cmd_code);
746 arg = kzalloc(sizeof(*arg), GFP_KERNEL);
750 arg->complete_cb = complete_cb;
751 arg->complete_cb_context = complete_cb_context;
755 pn533_build_cmd_frame(dev, cmd_code, req);
757 mutex_lock(&dev->cmd_lock);
759 if (!dev->cmd_pending) {
760 rc = __pn533_send_frame_async(dev, req, resp, resp_len,
761 pn533_send_async_complete, arg);
765 dev->cmd_pending = 1;
769 nfc_dev_dbg(&dev->interface->dev, "%s Queueing command 0x%x", __func__,
772 cmd = kzalloc(sizeof(struct pn533_cmd), GFP_KERNEL);
778 INIT_LIST_HEAD(&cmd->queue);
779 cmd->cmd_code = cmd_code;
782 cmd->resp_len = resp_len;
785 list_add_tail(&cmd->queue, &dev->cmd_queue);
792 mutex_unlock(&dev->cmd_lock);
796 static int pn533_send_data_async(struct pn533 *dev, u8 cmd_code,
798 pn533_send_async_complete_t complete_cb,
799 void *complete_cb_context)
801 struct sk_buff *resp;
803 int resp_len = dev->ops->rx_header_len +
804 dev->ops->max_payload_len +
805 dev->ops->rx_tail_len;
807 resp = nfc_alloc_recv_skb(resp_len, GFP_KERNEL);
811 rc = __pn533_send_async(dev, cmd_code, req, resp, resp_len, complete_cb,
812 complete_cb_context);
819 static int pn533_send_cmd_async(struct pn533 *dev, u8 cmd_code,
821 pn533_send_async_complete_t complete_cb,
822 void *complete_cb_context)
824 struct sk_buff *resp;
826 int resp_len = dev->ops->rx_header_len +
827 dev->ops->max_payload_len +
828 dev->ops->rx_tail_len;
830 resp = alloc_skb(resp_len, GFP_KERNEL);
834 rc = __pn533_send_async(dev, cmd_code, req, resp, resp_len, complete_cb,
835 complete_cb_context);
843 * pn533_send_cmd_direct_async
845 * The function sends a piority cmd directly to the chip omiting the cmd
846 * queue. It's intended to be used by chaining mechanism of received responses
847 * where the host has to request every single chunk of data before scheduling
848 * next cmd from the queue.
850 static int pn533_send_cmd_direct_async(struct pn533 *dev, u8 cmd_code,
852 pn533_send_async_complete_t complete_cb,
853 void *complete_cb_context)
855 struct pn533_send_async_complete_arg *arg;
856 struct sk_buff *resp;
858 int resp_len = dev->ops->rx_header_len +
859 dev->ops->max_payload_len +
860 dev->ops->rx_tail_len;
862 resp = alloc_skb(resp_len, GFP_KERNEL);
866 arg = kzalloc(sizeof(*arg), GFP_KERNEL);
872 arg->complete_cb = complete_cb;
873 arg->complete_cb_context = complete_cb_context;
877 pn533_build_cmd_frame(dev, cmd_code, req);
879 rc = __pn533_send_frame_async(dev, req, resp, resp_len,
880 pn533_send_async_complete, arg);
889 static void pn533_wq_cmd(struct work_struct *work)
891 struct pn533 *dev = container_of(work, struct pn533, cmd_work);
892 struct pn533_cmd *cmd;
894 mutex_lock(&dev->cmd_lock);
896 if (list_empty(&dev->cmd_queue)) {
897 dev->cmd_pending = 0;
898 mutex_unlock(&dev->cmd_lock);
902 cmd = list_first_entry(&dev->cmd_queue, struct pn533_cmd, queue);
904 list_del(&cmd->queue);
906 mutex_unlock(&dev->cmd_lock);
908 __pn533_send_frame_async(dev, cmd->req, cmd->resp, cmd->resp_len,
909 pn533_send_async_complete, cmd->arg);
914 struct pn533_sync_cmd_response {
915 struct sk_buff *resp;
916 struct completion done;
919 static int pn533_send_sync_complete(struct pn533 *dev, void *_arg,
920 struct sk_buff *resp)
922 struct pn533_sync_cmd_response *arg = _arg;
925 complete(&arg->done);
930 /* pn533_send_cmd_sync
932 * Please note the req parameter is freed inside the function to
933 * limit a number of return value interpretations by the caller.
935 * 1. negative in case of error during TX path -> req should be freed
937 * 2. negative in case of error during RX path -> req should not be freed
938 * as it's been already freed at the begining of RX path by
941 * 3. valid pointer in case of succesfult RX path
943 * A caller has to check a return value with IS_ERR macro. If the test pass,
944 * the returned pointer is valid.
947 static struct sk_buff *pn533_send_cmd_sync(struct pn533 *dev, u8 cmd_code,
951 struct pn533_sync_cmd_response arg;
953 init_completion(&arg.done);
955 rc = pn533_send_cmd_async(dev, cmd_code, req,
956 pn533_send_sync_complete, &arg);
962 wait_for_completion(&arg.done);
967 static void pn533_send_complete(struct urb *urb)
969 struct pn533 *dev = urb->context;
971 switch (urb->status) {
976 nfc_dev_dbg(&dev->interface->dev,
977 "The urb has been stopped (status %d)",
982 nfc_dev_err(&dev->interface->dev,
983 "Urb failure (status %d)", urb->status);
987 static struct sk_buff *pn533_alloc_skb(struct pn533 *dev, unsigned int size)
991 skb = alloc_skb(dev->ops->tx_header_len +
993 dev->ops->tx_tail_len, GFP_KERNEL);
996 skb_reserve(skb, dev->ops->tx_header_len);
1001 struct pn533_target_type_a {
1009 #define PN533_TYPE_A_SENS_RES_NFCID1(x) ((u8)((be16_to_cpu(x) & 0x00C0) >> 6))
1010 #define PN533_TYPE_A_SENS_RES_SSD(x) ((u8)((be16_to_cpu(x) & 0x001F) >> 0))
1011 #define PN533_TYPE_A_SENS_RES_PLATCONF(x) ((u8)((be16_to_cpu(x) & 0x0F00) >> 8))
1013 #define PN533_TYPE_A_SENS_RES_SSD_JEWEL 0x00
1014 #define PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL 0x0C
1016 #define PN533_TYPE_A_SEL_PROT(x) (((x) & 0x60) >> 5)
1017 #define PN533_TYPE_A_SEL_CASCADE(x) (((x) & 0x04) >> 2)
1019 #define PN533_TYPE_A_SEL_PROT_MIFARE 0
1020 #define PN533_TYPE_A_SEL_PROT_ISO14443 1
1021 #define PN533_TYPE_A_SEL_PROT_DEP 2
1022 #define PN533_TYPE_A_SEL_PROT_ISO14443_DEP 3
1024 static bool pn533_target_type_a_is_valid(struct pn533_target_type_a *type_a,
1025 int target_data_len)
1030 if (target_data_len < sizeof(struct pn533_target_type_a))
1033 /* The lenght check of nfcid[] and ats[] are not being performed because
1034 the values are not being used */
1036 /* Requirement 4.6.3.3 from NFC Forum Digital Spec */
1037 ssd = PN533_TYPE_A_SENS_RES_SSD(type_a->sens_res);
1038 platconf = PN533_TYPE_A_SENS_RES_PLATCONF(type_a->sens_res);
1040 if ((ssd == PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
1041 platconf != PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL) ||
1042 (ssd != PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
1043 platconf == PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL))
1046 /* Requirements 4.8.2.1, 4.8.2.3, 4.8.2.5 and 4.8.2.7 from NFC Forum */
1047 if (PN533_TYPE_A_SEL_CASCADE(type_a->sel_res) != 0)
1053 static int pn533_target_found_type_a(struct nfc_target *nfc_tgt, u8 *tgt_data,
1056 struct pn533_target_type_a *tgt_type_a;
1058 tgt_type_a = (struct pn533_target_type_a *)tgt_data;
1060 if (!pn533_target_type_a_is_valid(tgt_type_a, tgt_data_len))
1063 switch (PN533_TYPE_A_SEL_PROT(tgt_type_a->sel_res)) {
1064 case PN533_TYPE_A_SEL_PROT_MIFARE:
1065 nfc_tgt->supported_protocols = NFC_PROTO_MIFARE_MASK;
1067 case PN533_TYPE_A_SEL_PROT_ISO14443:
1068 nfc_tgt->supported_protocols = NFC_PROTO_ISO14443_MASK;
1070 case PN533_TYPE_A_SEL_PROT_DEP:
1071 nfc_tgt->supported_protocols = NFC_PROTO_NFC_DEP_MASK;
1073 case PN533_TYPE_A_SEL_PROT_ISO14443_DEP:
1074 nfc_tgt->supported_protocols = NFC_PROTO_ISO14443_MASK |
1075 NFC_PROTO_NFC_DEP_MASK;
1079 nfc_tgt->sens_res = be16_to_cpu(tgt_type_a->sens_res);
1080 nfc_tgt->sel_res = tgt_type_a->sel_res;
1081 nfc_tgt->nfcid1_len = tgt_type_a->nfcid_len;
1082 memcpy(nfc_tgt->nfcid1, tgt_type_a->nfcid_data, nfc_tgt->nfcid1_len);
1087 struct pn533_target_felica {
1096 #define PN533_FELICA_SENSF_NFCID2_DEP_B1 0x01
1097 #define PN533_FELICA_SENSF_NFCID2_DEP_B2 0xFE
1099 static bool pn533_target_felica_is_valid(struct pn533_target_felica *felica,
1100 int target_data_len)
1102 if (target_data_len < sizeof(struct pn533_target_felica))
1105 if (felica->opcode != PN533_FELICA_OPC_SENSF_RES)
1111 static int pn533_target_found_felica(struct nfc_target *nfc_tgt, u8 *tgt_data,
1114 struct pn533_target_felica *tgt_felica;
1116 tgt_felica = (struct pn533_target_felica *)tgt_data;
1118 if (!pn533_target_felica_is_valid(tgt_felica, tgt_data_len))
1121 if ((tgt_felica->nfcid2[0] == PN533_FELICA_SENSF_NFCID2_DEP_B1) &&
1122 (tgt_felica->nfcid2[1] == PN533_FELICA_SENSF_NFCID2_DEP_B2))
1123 nfc_tgt->supported_protocols = NFC_PROTO_NFC_DEP_MASK;
1125 nfc_tgt->supported_protocols = NFC_PROTO_FELICA_MASK;
1127 memcpy(nfc_tgt->sensf_res, &tgt_felica->opcode, 9);
1128 nfc_tgt->sensf_res_len = 9;
1133 struct pn533_target_jewel {
1138 static bool pn533_target_jewel_is_valid(struct pn533_target_jewel *jewel,
1139 int target_data_len)
1144 if (target_data_len < sizeof(struct pn533_target_jewel))
1147 /* Requirement 4.6.3.3 from NFC Forum Digital Spec */
1148 ssd = PN533_TYPE_A_SENS_RES_SSD(jewel->sens_res);
1149 platconf = PN533_TYPE_A_SENS_RES_PLATCONF(jewel->sens_res);
1151 if ((ssd == PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
1152 platconf != PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL) ||
1153 (ssd != PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
1154 platconf == PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL))
1160 static int pn533_target_found_jewel(struct nfc_target *nfc_tgt, u8 *tgt_data,
1163 struct pn533_target_jewel *tgt_jewel;
1165 tgt_jewel = (struct pn533_target_jewel *)tgt_data;
1167 if (!pn533_target_jewel_is_valid(tgt_jewel, tgt_data_len))
1170 nfc_tgt->supported_protocols = NFC_PROTO_JEWEL_MASK;
1171 nfc_tgt->sens_res = be16_to_cpu(tgt_jewel->sens_res);
1172 nfc_tgt->nfcid1_len = 4;
1173 memcpy(nfc_tgt->nfcid1, tgt_jewel->jewelid, nfc_tgt->nfcid1_len);
1178 struct pn533_type_b_prot_info {
1184 #define PN533_TYPE_B_PROT_FCSI(x) (((x) & 0xF0) >> 4)
1185 #define PN533_TYPE_B_PROT_TYPE(x) (((x) & 0x0F) >> 0)
1186 #define PN533_TYPE_B_PROT_TYPE_RFU_MASK 0x8
1188 struct pn533_type_b_sens_res {
1192 struct pn533_type_b_prot_info prot_info;
1195 #define PN533_TYPE_B_OPC_SENSB_RES 0x50
1197 struct pn533_target_type_b {
1198 struct pn533_type_b_sens_res sensb_res;
1203 static bool pn533_target_type_b_is_valid(struct pn533_target_type_b *type_b,
1204 int target_data_len)
1206 if (target_data_len < sizeof(struct pn533_target_type_b))
1209 if (type_b->sensb_res.opcode != PN533_TYPE_B_OPC_SENSB_RES)
1212 if (PN533_TYPE_B_PROT_TYPE(type_b->sensb_res.prot_info.fsci_type) &
1213 PN533_TYPE_B_PROT_TYPE_RFU_MASK)
1219 static int pn533_target_found_type_b(struct nfc_target *nfc_tgt, u8 *tgt_data,
1222 struct pn533_target_type_b *tgt_type_b;
1224 tgt_type_b = (struct pn533_target_type_b *)tgt_data;
1226 if (!pn533_target_type_b_is_valid(tgt_type_b, tgt_data_len))
1229 nfc_tgt->supported_protocols = NFC_PROTO_ISO14443_B_MASK;
1234 static int pn533_target_found(struct pn533 *dev, u8 tg, u8 *tgdata,
1237 struct nfc_target nfc_tgt;
1240 nfc_dev_dbg(&dev->interface->dev, "%s - modulation=%d", __func__,
1241 dev->poll_mod_curr);
1246 memset(&nfc_tgt, 0, sizeof(struct nfc_target));
1248 switch (dev->poll_mod_curr) {
1249 case PN533_POLL_MOD_106KBPS_A:
1250 rc = pn533_target_found_type_a(&nfc_tgt, tgdata, tgdata_len);
1252 case PN533_POLL_MOD_212KBPS_FELICA:
1253 case PN533_POLL_MOD_424KBPS_FELICA:
1254 rc = pn533_target_found_felica(&nfc_tgt, tgdata, tgdata_len);
1256 case PN533_POLL_MOD_106KBPS_JEWEL:
1257 rc = pn533_target_found_jewel(&nfc_tgt, tgdata, tgdata_len);
1259 case PN533_POLL_MOD_847KBPS_B:
1260 rc = pn533_target_found_type_b(&nfc_tgt, tgdata, tgdata_len);
1263 nfc_dev_err(&dev->interface->dev,
1264 "Unknown current poll modulation");
1271 if (!(nfc_tgt.supported_protocols & dev->poll_protocols)) {
1272 nfc_dev_dbg(&dev->interface->dev,
1273 "The Tg found doesn't have the desired protocol");
1277 nfc_dev_dbg(&dev->interface->dev,
1278 "Target found - supported protocols: 0x%x",
1279 nfc_tgt.supported_protocols);
1281 dev->tgt_available_prots = nfc_tgt.supported_protocols;
1283 nfc_targets_found(dev->nfc_dev, &nfc_tgt, 1);
1288 static inline void pn533_poll_next_mod(struct pn533 *dev)
1290 dev->poll_mod_curr = (dev->poll_mod_curr + 1) % dev->poll_mod_count;
1293 static void pn533_poll_reset_mod_list(struct pn533 *dev)
1295 dev->poll_mod_count = 0;
1298 static void pn533_poll_add_mod(struct pn533 *dev, u8 mod_index)
1300 dev->poll_mod_active[dev->poll_mod_count] =
1301 (struct pn533_poll_modulations *)&poll_mod[mod_index];
1302 dev->poll_mod_count++;
1305 static void pn533_poll_create_mod_list(struct pn533 *dev,
1306 u32 im_protocols, u32 tm_protocols)
1308 pn533_poll_reset_mod_list(dev);
1310 if ((im_protocols & NFC_PROTO_MIFARE_MASK) ||
1311 (im_protocols & NFC_PROTO_ISO14443_MASK) ||
1312 (im_protocols & NFC_PROTO_NFC_DEP_MASK))
1313 pn533_poll_add_mod(dev, PN533_POLL_MOD_106KBPS_A);
1315 if (im_protocols & NFC_PROTO_FELICA_MASK ||
1316 im_protocols & NFC_PROTO_NFC_DEP_MASK) {
1317 pn533_poll_add_mod(dev, PN533_POLL_MOD_212KBPS_FELICA);
1318 pn533_poll_add_mod(dev, PN533_POLL_MOD_424KBPS_FELICA);
1321 if (im_protocols & NFC_PROTO_JEWEL_MASK)
1322 pn533_poll_add_mod(dev, PN533_POLL_MOD_106KBPS_JEWEL);
1324 if (im_protocols & NFC_PROTO_ISO14443_B_MASK)
1325 pn533_poll_add_mod(dev, PN533_POLL_MOD_847KBPS_B);
1328 pn533_poll_add_mod(dev, PN533_LISTEN_MOD);
1331 static int pn533_start_poll_complete(struct pn533 *dev, struct sk_buff *resp)
1333 u8 nbtg, tg, *tgdata;
1336 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1338 nbtg = resp->data[0];
1340 tgdata = &resp->data[2];
1341 tgdata_len = resp->len - 2; /* nbtg + tg */
1344 rc = pn533_target_found(dev, tg, tgdata, tgdata_len);
1346 /* We must stop the poll after a valid target found */
1348 pn533_poll_reset_mod_list(dev);
1356 static struct sk_buff *pn533_alloc_poll_tg_frame(struct pn533 *dev)
1358 struct sk_buff *skb;
1359 u8 *felica, *nfcid3, *gb;
1361 u8 *gbytes = dev->gb;
1362 size_t gbytes_len = dev->gb_len;
1364 u8 felica_params[18] = {0x1, 0xfe, /* DEP */
1365 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, /* random */
1366 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
1367 0xff, 0xff}; /* System code */
1369 u8 mifare_params[6] = {0x1, 0x1, /* SENS_RES */
1371 0x40}; /* SEL_RES for DEP */
1373 unsigned int skb_len = 36 + /* mode (1), mifare (6),
1374 felica (18), nfcid3 (10), gb_len (1) */
1378 skb = pn533_alloc_skb(dev, skb_len);
1382 /* DEP support only */
1383 *skb_put(skb, 1) |= PN533_INIT_TARGET_DEP;
1386 memcpy(skb_put(skb, 6), mifare_params, 6);
1389 felica = skb_put(skb, 18);
1390 memcpy(felica, felica_params, 18);
1391 get_random_bytes(felica + 2, 6);
1394 nfcid3 = skb_put(skb, 10);
1395 memset(nfcid3, 0, 10);
1396 memcpy(nfcid3, felica, 8);
1399 *skb_put(skb, 1) = gbytes_len;
1401 gb = skb_put(skb, gbytes_len);
1402 memcpy(gb, gbytes, gbytes_len);
1405 *skb_put(skb, 1) = 0;
1410 #define PN533_CMD_DATAEXCH_HEAD_LEN 1
1411 #define PN533_CMD_DATAEXCH_DATA_MAXLEN 262
1412 static int pn533_tm_get_data_complete(struct pn533 *dev, void *arg,
1413 struct sk_buff *resp)
1417 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1420 return PTR_ERR(resp);
1422 status = resp->data[0];
1423 skb_pull(resp, sizeof(status));
1426 nfc_tm_deactivated(dev->nfc_dev);
1428 dev_kfree_skb(resp);
1432 return nfc_tm_data_received(dev->nfc_dev, resp);
1435 static void pn533_wq_tg_get_data(struct work_struct *work)
1437 struct pn533 *dev = container_of(work, struct pn533, tg_work);
1439 struct sk_buff *skb;
1442 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1444 skb = pn533_alloc_skb(dev, 0);
1448 rc = pn533_send_data_async(dev, PN533_CMD_TG_GET_DATA, skb,
1449 pn533_tm_get_data_complete, NULL);
1457 #define ATR_REQ_GB_OFFSET 17
1458 static int pn533_init_target_complete(struct pn533 *dev, struct sk_buff *resp)
1460 u8 mode, *cmd, comm_mode = NFC_COMM_PASSIVE, *gb;
1464 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1466 if (resp->len < ATR_REQ_GB_OFFSET + 1)
1469 mode = resp->data[0];
1470 cmd = &resp->data[1];
1472 nfc_dev_dbg(&dev->interface->dev, "Target mode 0x%x len %d\n",
1475 if ((mode & PN533_INIT_TARGET_RESP_FRAME_MASK) ==
1476 PN533_INIT_TARGET_RESP_ACTIVE)
1477 comm_mode = NFC_COMM_ACTIVE;
1479 if ((mode & PN533_INIT_TARGET_RESP_DEP) == 0) /* Only DEP supported */
1482 gb = cmd + ATR_REQ_GB_OFFSET;
1483 gb_len = resp->len - (ATR_REQ_GB_OFFSET + 1);
1485 rc = nfc_tm_activated(dev->nfc_dev, NFC_PROTO_NFC_DEP_MASK,
1486 comm_mode, gb, gb_len);
1488 nfc_dev_err(&dev->interface->dev,
1489 "Error when signaling target activation");
1494 queue_work(dev->wq, &dev->tg_work);
1499 static void pn533_listen_mode_timer(unsigned long data)
1501 struct pn533 *dev = (struct pn533 *)data;
1503 nfc_dev_dbg(&dev->interface->dev, "Listen mode timeout");
1505 /* An ack will cancel the last issued command (poll) */
1506 pn533_send_ack(dev, GFP_ATOMIC);
1508 dev->cancel_listen = 1;
1510 pn533_poll_next_mod(dev);
1512 queue_work(dev->wq, &dev->poll_work);
1515 static int pn533_poll_complete(struct pn533 *dev, void *arg,
1516 struct sk_buff *resp)
1518 struct pn533_poll_modulations *cur_mod;
1521 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1526 nfc_dev_err(&dev->interface->dev, "%s Poll complete error %d",
1529 if (rc == -ENOENT) {
1530 if (dev->poll_mod_count != 0)
1534 } else if (rc < 0) {
1535 nfc_dev_err(&dev->interface->dev,
1536 "Error %d when running poll", rc);
1541 cur_mod = dev->poll_mod_active[dev->poll_mod_curr];
1543 if (cur_mod->len == 0) { /* Target mode */
1544 del_timer(&dev->listen_timer);
1545 rc = pn533_init_target_complete(dev, resp);
1549 /* Initiator mode */
1550 rc = pn533_start_poll_complete(dev, resp);
1554 pn533_poll_next_mod(dev);
1555 queue_work(dev->wq, &dev->poll_work);
1558 dev_kfree_skb(resp);
1562 nfc_dev_err(&dev->interface->dev, "Polling operation has been stopped");
1564 pn533_poll_reset_mod_list(dev);
1565 dev->poll_protocols = 0;
1569 static struct sk_buff *pn533_alloc_poll_in_frame(struct pn533 *dev,
1570 struct pn533_poll_modulations *mod)
1572 struct sk_buff *skb;
1574 skb = pn533_alloc_skb(dev, mod->len);
1578 memcpy(skb_put(skb, mod->len), &mod->data, mod->len);
1583 static int pn533_send_poll_frame(struct pn533 *dev)
1585 struct pn533_poll_modulations *mod;
1586 struct sk_buff *skb;
1590 mod = dev->poll_mod_active[dev->poll_mod_curr];
1592 nfc_dev_dbg(&dev->interface->dev, "%s mod len %d\n",
1593 __func__, mod->len);
1595 if (mod->len == 0) { /* Listen mode */
1596 cmd_code = PN533_CMD_TG_INIT_AS_TARGET;
1597 skb = pn533_alloc_poll_tg_frame(dev);
1598 } else { /* Polling mode */
1599 cmd_code = PN533_CMD_IN_LIST_PASSIVE_TARGET;
1600 skb = pn533_alloc_poll_in_frame(dev, mod);
1604 nfc_dev_err(&dev->interface->dev, "Failed to allocate skb.");
1608 rc = pn533_send_cmd_async(dev, cmd_code, skb, pn533_poll_complete,
1612 nfc_dev_err(&dev->interface->dev, "Polling loop error %d", rc);
1618 static void pn533_wq_poll(struct work_struct *work)
1620 struct pn533 *dev = container_of(work, struct pn533, poll_work);
1621 struct pn533_poll_modulations *cur_mod;
1624 cur_mod = dev->poll_mod_active[dev->poll_mod_curr];
1626 nfc_dev_dbg(&dev->interface->dev,
1627 "%s cancel_listen %d modulation len %d",
1628 __func__, dev->cancel_listen, cur_mod->len);
1630 if (dev->cancel_listen == 1) {
1631 dev->cancel_listen = 0;
1632 usb_kill_urb(dev->in_urb);
1635 rc = pn533_send_poll_frame(dev);
1639 if (cur_mod->len == 0 && dev->poll_mod_count > 1)
1640 mod_timer(&dev->listen_timer, jiffies + PN533_LISTEN_TIME * HZ);
1645 static int pn533_start_poll(struct nfc_dev *nfc_dev,
1646 u32 im_protocols, u32 tm_protocols)
1648 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1650 nfc_dev_dbg(&dev->interface->dev,
1651 "%s: im protocols 0x%x tm protocols 0x%x",
1652 __func__, im_protocols, tm_protocols);
1654 if (dev->tgt_active_prot) {
1655 nfc_dev_err(&dev->interface->dev,
1656 "Cannot poll with a target already activated");
1660 if (dev->tgt_mode) {
1661 nfc_dev_err(&dev->interface->dev,
1662 "Cannot poll while already being activated");
1667 dev->gb = nfc_get_local_general_bytes(nfc_dev, &dev->gb_len);
1668 if (dev->gb == NULL)
1672 dev->poll_mod_curr = 0;
1673 pn533_poll_create_mod_list(dev, im_protocols, tm_protocols);
1674 dev->poll_protocols = im_protocols;
1675 dev->listen_protocols = tm_protocols;
1677 return pn533_send_poll_frame(dev);
1680 static void pn533_stop_poll(struct nfc_dev *nfc_dev)
1682 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1684 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1686 del_timer(&dev->listen_timer);
1688 if (!dev->poll_mod_count) {
1689 nfc_dev_dbg(&dev->interface->dev,
1690 "Polling operation was not running");
1694 /* An ack will cancel the last issued command (poll) */
1695 pn533_send_ack(dev, GFP_KERNEL);
1697 /* prevent pn533_start_poll_complete to issue a new poll meanwhile */
1698 usb_kill_urb(dev->in_urb);
1700 pn533_poll_reset_mod_list(dev);
1703 static int pn533_activate_target_nfcdep(struct pn533 *dev)
1705 struct pn533_cmd_activate_response *rsp;
1709 struct sk_buff *skb;
1710 struct sk_buff *resp;
1712 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1714 skb = pn533_alloc_skb(dev, sizeof(u8) * 2); /*TG + Next*/
1718 *skb_put(skb, sizeof(u8)) = 1; /* TG */
1719 *skb_put(skb, sizeof(u8)) = 0; /* Next */
1721 resp = pn533_send_cmd_sync(dev, PN533_CMD_IN_ATR, skb);
1723 return PTR_ERR(resp);
1725 rsp = (struct pn533_cmd_activate_response *)resp->data;
1726 rc = rsp->status & PN533_CMD_RET_MASK;
1727 if (rc != PN533_CMD_RET_SUCCESS) {
1728 dev_kfree_skb(resp);
1732 /* ATR_RES general bytes are located at offset 16 */
1733 gt_len = resp->len - 16;
1734 rc = nfc_set_remote_general_bytes(dev->nfc_dev, rsp->gt, gt_len);
1736 dev_kfree_skb(resp);
1740 static int pn533_activate_target(struct nfc_dev *nfc_dev,
1741 struct nfc_target *target, u32 protocol)
1743 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1746 nfc_dev_dbg(&dev->interface->dev, "%s - protocol=%u", __func__,
1749 if (dev->poll_mod_count) {
1750 nfc_dev_err(&dev->interface->dev,
1751 "Cannot activate while polling");
1755 if (dev->tgt_active_prot) {
1756 nfc_dev_err(&dev->interface->dev,
1757 "There is already an active target");
1761 if (!dev->tgt_available_prots) {
1762 nfc_dev_err(&dev->interface->dev,
1763 "There is no available target to activate");
1767 if (!(dev->tgt_available_prots & (1 << protocol))) {
1768 nfc_dev_err(&dev->interface->dev,
1769 "Target doesn't support requested proto %u",
1774 if (protocol == NFC_PROTO_NFC_DEP) {
1775 rc = pn533_activate_target_nfcdep(dev);
1777 nfc_dev_err(&dev->interface->dev,
1778 "Activating target with DEP failed %d", rc);
1783 dev->tgt_active_prot = protocol;
1784 dev->tgt_available_prots = 0;
1789 static void pn533_deactivate_target(struct nfc_dev *nfc_dev,
1790 struct nfc_target *target)
1792 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1794 struct sk_buff *skb;
1795 struct sk_buff *resp;
1799 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1801 if (!dev->tgt_active_prot) {
1802 nfc_dev_err(&dev->interface->dev, "There is no active target");
1806 dev->tgt_active_prot = 0;
1807 skb_queue_purge(&dev->resp_q);
1809 skb = pn533_alloc_skb(dev, sizeof(u8));
1813 *skb_put(skb, 1) = 1; /* TG*/
1815 resp = pn533_send_cmd_sync(dev, PN533_CMD_IN_RELEASE, skb);
1819 rc = resp->data[0] & PN533_CMD_RET_MASK;
1820 if (rc != PN533_CMD_RET_SUCCESS)
1821 nfc_dev_err(&dev->interface->dev,
1822 "Error 0x%x when releasing the target", rc);
1824 dev_kfree_skb(resp);
1829 static int pn533_in_dep_link_up_complete(struct pn533 *dev, void *arg,
1830 struct sk_buff *resp)
1832 struct pn533_cmd_jump_dep_response *rsp;
1835 u8 active = *(u8 *)arg;
1840 return PTR_ERR(resp);
1842 if (dev->tgt_available_prots &&
1843 !(dev->tgt_available_prots & (1 << NFC_PROTO_NFC_DEP))) {
1844 nfc_dev_err(&dev->interface->dev,
1845 "The target does not support DEP");
1850 rsp = (struct pn533_cmd_jump_dep_response *)resp->data;
1852 rc = rsp->status & PN533_CMD_RET_MASK;
1853 if (rc != PN533_CMD_RET_SUCCESS) {
1854 nfc_dev_err(&dev->interface->dev,
1855 "Bringing DEP link up failed %d", rc);
1859 if (!dev->tgt_available_prots) {
1860 struct nfc_target nfc_target;
1862 nfc_dev_dbg(&dev->interface->dev, "Creating new target");
1864 nfc_target.supported_protocols = NFC_PROTO_NFC_DEP_MASK;
1865 nfc_target.nfcid1_len = 10;
1866 memcpy(nfc_target.nfcid1, rsp->nfcid3t, nfc_target.nfcid1_len);
1867 rc = nfc_targets_found(dev->nfc_dev, &nfc_target, 1);
1871 dev->tgt_available_prots = 0;
1874 dev->tgt_active_prot = NFC_PROTO_NFC_DEP;
1876 /* ATR_RES general bytes are located at offset 17 */
1877 target_gt_len = resp->len - 17;
1878 rc = nfc_set_remote_general_bytes(dev->nfc_dev,
1879 rsp->gt, target_gt_len);
1881 rc = nfc_dep_link_is_up(dev->nfc_dev,
1882 dev->nfc_dev->targets[0].idx,
1883 !active, NFC_RF_INITIATOR);
1886 dev_kfree_skb(resp);
1890 static int pn533_mod_to_baud(struct pn533 *dev)
1892 switch (dev->poll_mod_curr) {
1893 case PN533_POLL_MOD_106KBPS_A:
1895 case PN533_POLL_MOD_212KBPS_FELICA:
1897 case PN533_POLL_MOD_424KBPS_FELICA:
1904 #define PASSIVE_DATA_LEN 5
1905 static int pn533_dep_link_up(struct nfc_dev *nfc_dev, struct nfc_target *target,
1906 u8 comm_mode, u8 *gb, size_t gb_len)
1908 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1909 struct sk_buff *skb;
1910 int rc, baud, skb_len;
1913 u8 passive_data[PASSIVE_DATA_LEN] = {0x00, 0xff, 0xff, 0x00, 0x3};
1915 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1917 if (dev->poll_mod_count) {
1918 nfc_dev_err(&dev->interface->dev,
1919 "Cannot bring the DEP link up while polling");
1923 if (dev->tgt_active_prot) {
1924 nfc_dev_err(&dev->interface->dev,
1925 "There is already an active target");
1929 baud = pn533_mod_to_baud(dev);
1931 nfc_dev_err(&dev->interface->dev,
1932 "Invalid curr modulation %d", dev->poll_mod_curr);
1936 skb_len = 3 + gb_len; /* ActPass + BR + Next */
1937 if (comm_mode == NFC_COMM_PASSIVE)
1938 skb_len += PASSIVE_DATA_LEN;
1940 skb = pn533_alloc_skb(dev, skb_len);
1944 *skb_put(skb, 1) = !comm_mode; /* ActPass */
1945 *skb_put(skb, 1) = baud; /* Baud rate */
1947 next = skb_put(skb, 1); /* Next */
1950 if (comm_mode == NFC_COMM_PASSIVE && baud > 0) {
1951 memcpy(skb_put(skb, PASSIVE_DATA_LEN), passive_data,
1956 if (gb != NULL && gb_len > 0) {
1957 memcpy(skb_put(skb, gb_len), gb, gb_len);
1958 *next |= 4; /* We have some Gi */
1963 arg = kmalloc(sizeof(*arg), GFP_KERNEL);
1971 rc = pn533_send_cmd_async(dev, PN533_CMD_IN_JUMP_FOR_DEP, skb,
1972 pn533_in_dep_link_up_complete, arg);
1982 static int pn533_dep_link_down(struct nfc_dev *nfc_dev)
1984 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1986 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1988 pn533_poll_reset_mod_list(dev);
1990 if (dev->tgt_mode || dev->tgt_active_prot) {
1991 pn533_send_ack(dev, GFP_KERNEL);
1992 usb_kill_urb(dev->in_urb);
1995 dev->tgt_active_prot = 0;
1998 skb_queue_purge(&dev->resp_q);
2003 struct pn533_data_exchange_arg {
2004 data_exchange_cb_t cb;
2008 static struct sk_buff *pn533_build_response(struct pn533 *dev)
2010 struct sk_buff *skb, *tmp, *t;
2011 unsigned int skb_len = 0, tmp_len = 0;
2013 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2015 if (skb_queue_empty(&dev->resp_q))
2018 if (skb_queue_len(&dev->resp_q) == 1) {
2019 skb = skb_dequeue(&dev->resp_q);
2023 skb_queue_walk_safe(&dev->resp_q, tmp, t)
2024 skb_len += tmp->len;
2026 nfc_dev_dbg(&dev->interface->dev, "%s total length %d\n",
2029 skb = alloc_skb(skb_len, GFP_KERNEL);
2033 skb_put(skb, skb_len);
2035 skb_queue_walk_safe(&dev->resp_q, tmp, t) {
2036 memcpy(skb->data + tmp_len, tmp->data, tmp->len);
2037 tmp_len += tmp->len;
2041 skb_queue_purge(&dev->resp_q);
2046 static int pn533_data_exchange_complete(struct pn533 *dev, void *_arg,
2047 struct sk_buff *resp)
2049 struct pn533_data_exchange_arg *arg = _arg;
2050 struct sk_buff *skb;
2054 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2061 status = resp->data[0];
2062 ret = status & PN533_CMD_RET_MASK;
2063 mi = status & PN533_CMD_MI_MASK;
2065 skb_pull(resp, sizeof(status));
2067 if (ret != PN533_CMD_RET_SUCCESS) {
2068 nfc_dev_err(&dev->interface->dev,
2069 "PN533 reported error %d when exchanging data",
2075 skb_queue_tail(&dev->resp_q, resp);
2078 dev->cmd_complete_mi_arg = arg;
2079 queue_work(dev->wq, &dev->mi_work);
2080 return -EINPROGRESS;
2083 skb = pn533_build_response(dev);
2087 arg->cb(arg->cb_context, skb, 0);
2092 dev_kfree_skb(resp);
2094 skb_queue_purge(&dev->resp_q);
2095 arg->cb(arg->cb_context, NULL, rc);
2100 static int pn533_transceive(struct nfc_dev *nfc_dev,
2101 struct nfc_target *target, struct sk_buff *skb,
2102 data_exchange_cb_t cb, void *cb_context)
2104 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
2105 struct pn533_data_exchange_arg *arg = NULL;
2108 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2110 if (skb->len > PN533_CMD_DATAEXCH_DATA_MAXLEN) {
2111 /* TODO: Implement support to multi-part data exchange */
2112 nfc_dev_err(&dev->interface->dev,
2113 "Data length greater than the max allowed: %d",
2114 PN533_CMD_DATAEXCH_DATA_MAXLEN);
2119 if (!dev->tgt_active_prot) {
2120 nfc_dev_err(&dev->interface->dev,
2121 "Can't exchange data if there is no active target");
2126 arg = kmalloc(sizeof(*arg), GFP_KERNEL);
2133 arg->cb_context = cb_context;
2135 switch (dev->device_type) {
2136 case PN533_DEVICE_PASORI:
2137 if (dev->tgt_active_prot == NFC_PROTO_FELICA) {
2138 rc = pn533_send_data_async(dev, PN533_CMD_IN_COMM_THRU,
2140 pn533_data_exchange_complete,
2146 *skb_push(skb, sizeof(u8)) = 1; /*TG*/
2148 rc = pn533_send_data_async(dev, PN533_CMD_IN_DATA_EXCHANGE,
2149 skb, pn533_data_exchange_complete,
2155 if (rc < 0) /* rc from send_async */
2166 static int pn533_tm_send_complete(struct pn533 *dev, void *arg,
2167 struct sk_buff *resp)
2171 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2174 return PTR_ERR(resp);
2176 status = resp->data[0];
2178 dev_kfree_skb(resp);
2181 nfc_tm_deactivated(dev->nfc_dev);
2188 queue_work(dev->wq, &dev->tg_work);
2193 static int pn533_tm_send(struct nfc_dev *nfc_dev, struct sk_buff *skb)
2195 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
2198 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2200 if (skb->len > PN533_CMD_DATAEXCH_DATA_MAXLEN) {
2201 nfc_dev_err(&dev->interface->dev,
2202 "Data length greater than the max allowed: %d",
2203 PN533_CMD_DATAEXCH_DATA_MAXLEN);
2207 rc = pn533_send_data_async(dev, PN533_CMD_TG_SET_DATA, skb,
2208 pn533_tm_send_complete, NULL);
2215 static void pn533_wq_mi_recv(struct work_struct *work)
2217 struct pn533 *dev = container_of(work, struct pn533, mi_work);
2219 struct sk_buff *skb;
2222 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2224 skb = pn533_alloc_skb(dev, PN533_CMD_DATAEXCH_HEAD_LEN);
2228 switch (dev->device_type) {
2229 case PN533_DEVICE_PASORI:
2230 if (dev->tgt_active_prot == NFC_PROTO_FELICA) {
2231 rc = pn533_send_cmd_direct_async(dev,
2232 PN533_CMD_IN_COMM_THRU,
2234 pn533_data_exchange_complete,
2235 dev->cmd_complete_mi_arg);
2240 *skb_put(skb, sizeof(u8)) = 1; /*TG*/
2242 rc = pn533_send_cmd_direct_async(dev,
2243 PN533_CMD_IN_DATA_EXCHANGE,
2245 pn533_data_exchange_complete,
2246 dev->cmd_complete_mi_arg);
2251 if (rc == 0) /* success */
2254 nfc_dev_err(&dev->interface->dev,
2255 "Error %d when trying to perform data_exchange", rc);
2258 kfree(dev->cmd_complete_arg);
2261 pn533_send_ack(dev, GFP_KERNEL);
2262 queue_work(dev->wq, &dev->cmd_work);
2265 static int pn533_set_configuration(struct pn533 *dev, u8 cfgitem, u8 *cfgdata,
2268 struct sk_buff *skb;
2269 struct sk_buff *resp;
2273 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2275 skb_len = sizeof(cfgitem) + cfgdata_len; /* cfgitem + cfgdata */
2277 skb = pn533_alloc_skb(dev, skb_len);
2281 *skb_put(skb, sizeof(cfgitem)) = cfgitem;
2282 memcpy(skb_put(skb, cfgdata_len), cfgdata, cfgdata_len);
2284 resp = pn533_send_cmd_sync(dev, PN533_CMD_RF_CONFIGURATION, skb);
2286 return PTR_ERR(resp);
2288 dev_kfree_skb(resp);
2292 static int pn533_get_firmware_version(struct pn533 *dev,
2293 struct pn533_fw_version *fv)
2295 struct sk_buff *skb;
2296 struct sk_buff *resp;
2298 skb = pn533_alloc_skb(dev, 0);
2302 resp = pn533_send_cmd_sync(dev, PN533_CMD_GET_FIRMWARE_VERSION, skb);
2304 return PTR_ERR(resp);
2306 fv->ic = resp->data[0];
2307 fv->ver = resp->data[1];
2308 fv->rev = resp->data[2];
2309 fv->support = resp->data[3];
2311 dev_kfree_skb(resp);
2315 static int pn533_fw_reset(struct pn533 *dev)
2317 struct sk_buff *skb;
2318 struct sk_buff *resp;
2320 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2322 skb = pn533_alloc_skb(dev, sizeof(u8));
2326 *skb_put(skb, sizeof(u8)) = 0x1;
2328 resp = pn533_send_cmd_sync(dev, 0x18, skb);
2330 return PTR_ERR(resp);
2332 dev_kfree_skb(resp);
2337 static struct nfc_ops pn533_nfc_ops = {
2340 .dep_link_up = pn533_dep_link_up,
2341 .dep_link_down = pn533_dep_link_down,
2342 .start_poll = pn533_start_poll,
2343 .stop_poll = pn533_stop_poll,
2344 .activate_target = pn533_activate_target,
2345 .deactivate_target = pn533_deactivate_target,
2346 .im_transceive = pn533_transceive,
2347 .tm_send = pn533_tm_send,
2350 static int pn533_setup(struct pn533 *dev)
2352 struct pn533_config_max_retries max_retries;
2353 struct pn533_config_timing timing;
2354 u8 pasori_cfg[3] = {0x08, 0x01, 0x08};
2357 switch (dev->device_type) {
2358 case PN533_DEVICE_STD:
2359 max_retries.mx_rty_atr = PN533_CONFIG_MAX_RETRIES_ENDLESS;
2360 max_retries.mx_rty_psl = 2;
2361 max_retries.mx_rty_passive_act =
2362 PN533_CONFIG_MAX_RETRIES_NO_RETRY;
2364 timing.rfu = PN533_CONFIG_TIMING_102;
2365 timing.atr_res_timeout = PN533_CONFIG_TIMING_204;
2366 timing.dep_timeout = PN533_CONFIG_TIMING_409;
2370 case PN533_DEVICE_PASORI:
2371 max_retries.mx_rty_atr = 0x2;
2372 max_retries.mx_rty_psl = 0x1;
2373 max_retries.mx_rty_passive_act =
2374 PN533_CONFIG_MAX_RETRIES_NO_RETRY;
2376 timing.rfu = PN533_CONFIG_TIMING_102;
2377 timing.atr_res_timeout = PN533_CONFIG_TIMING_102;
2378 timing.dep_timeout = PN533_CONFIG_TIMING_204;
2383 nfc_dev_err(&dev->interface->dev, "Unknown device type %d\n",
2388 rc = pn533_set_configuration(dev, PN533_CFGITEM_MAX_RETRIES,
2389 (u8 *)&max_retries, sizeof(max_retries));
2391 nfc_dev_err(&dev->interface->dev,
2392 "Error on setting MAX_RETRIES config");
2397 rc = pn533_set_configuration(dev, PN533_CFGITEM_TIMING,
2398 (u8 *)&timing, sizeof(timing));
2400 nfc_dev_err(&dev->interface->dev,
2401 "Error on setting RF timings");
2405 switch (dev->device_type) {
2406 case PN533_DEVICE_STD:
2409 case PN533_DEVICE_PASORI:
2410 pn533_fw_reset(dev);
2412 rc = pn533_set_configuration(dev, PN533_CFGITEM_PASORI,
2415 nfc_dev_err(&dev->interface->dev,
2416 "Error while settings PASORI config");
2420 pn533_fw_reset(dev);
2428 static int pn533_probe(struct usb_interface *interface,
2429 const struct usb_device_id *id)
2431 struct pn533_fw_version fw_ver;
2433 struct usb_host_interface *iface_desc;
2434 struct usb_endpoint_descriptor *endpoint;
2435 int in_endpoint = 0;
2436 int out_endpoint = 0;
2441 dev = kzalloc(sizeof(*dev), GFP_KERNEL);
2445 dev->udev = usb_get_dev(interface_to_usbdev(interface));
2446 dev->interface = interface;
2447 mutex_init(&dev->cmd_lock);
2449 iface_desc = interface->cur_altsetting;
2450 for (i = 0; i < iface_desc->desc.bNumEndpoints; ++i) {
2451 endpoint = &iface_desc->endpoint[i].desc;
2453 if (!in_endpoint && usb_endpoint_is_bulk_in(endpoint))
2454 in_endpoint = endpoint->bEndpointAddress;
2456 if (!out_endpoint && usb_endpoint_is_bulk_out(endpoint))
2457 out_endpoint = endpoint->bEndpointAddress;
2460 if (!in_endpoint || !out_endpoint) {
2461 nfc_dev_err(&interface->dev,
2462 "Could not find bulk-in or bulk-out endpoint");
2467 dev->in_urb = usb_alloc_urb(0, GFP_KERNEL);
2468 dev->out_urb = usb_alloc_urb(0, GFP_KERNEL);
2470 if (!dev->in_urb || !dev->out_urb)
2473 usb_fill_bulk_urb(dev->in_urb, dev->udev,
2474 usb_rcvbulkpipe(dev->udev, in_endpoint),
2475 NULL, 0, NULL, dev);
2476 usb_fill_bulk_urb(dev->out_urb, dev->udev,
2477 usb_sndbulkpipe(dev->udev, out_endpoint),
2478 NULL, 0, pn533_send_complete, dev);
2480 INIT_WORK(&dev->cmd_work, pn533_wq_cmd);
2481 INIT_WORK(&dev->cmd_complete_work, pn533_wq_cmd_complete);
2482 INIT_WORK(&dev->mi_work, pn533_wq_mi_recv);
2483 INIT_WORK(&dev->tg_work, pn533_wq_tg_get_data);
2484 INIT_WORK(&dev->poll_work, pn533_wq_poll);
2485 dev->wq = alloc_ordered_workqueue("pn533", 0);
2486 if (dev->wq == NULL)
2489 init_timer(&dev->listen_timer);
2490 dev->listen_timer.data = (unsigned long) dev;
2491 dev->listen_timer.function = pn533_listen_mode_timer;
2493 skb_queue_head_init(&dev->resp_q);
2495 INIT_LIST_HEAD(&dev->cmd_queue);
2497 usb_set_intfdata(interface, dev);
2499 dev->ops = &pn533_std_frame_ops;
2501 dev->device_type = id->driver_info;
2502 switch (dev->device_type) {
2503 case PN533_DEVICE_STD:
2504 protocols = PN533_ALL_PROTOCOLS;
2507 case PN533_DEVICE_PASORI:
2508 protocols = PN533_NO_TYPE_B_PROTOCOLS;
2512 nfc_dev_err(&dev->interface->dev, "Unknown device type %d\n",
2518 memset(&fw_ver, 0, sizeof(fw_ver));
2519 rc = pn533_get_firmware_version(dev, &fw_ver);
2523 nfc_dev_info(&dev->interface->dev,
2524 "NXP PN533 firmware ver %d.%d now attached",
2525 fw_ver.ver, fw_ver.rev);
2528 dev->nfc_dev = nfc_allocate_device(&pn533_nfc_ops, protocols,
2530 dev->ops->tx_header_len +
2531 PN533_CMD_DATAEXCH_HEAD_LEN,
2532 dev->ops->tx_tail_len);
2536 nfc_set_parent_dev(dev->nfc_dev, &interface->dev);
2537 nfc_set_drvdata(dev->nfc_dev, dev);
2539 rc = nfc_register_device(dev->nfc_dev);
2543 rc = pn533_setup(dev);
2545 goto unregister_nfc_dev;
2550 nfc_unregister_device(dev->nfc_dev);
2553 nfc_free_device(dev->nfc_dev);
2556 destroy_workqueue(dev->wq);
2558 usb_free_urb(dev->in_urb);
2559 usb_free_urb(dev->out_urb);
2564 static void pn533_disconnect(struct usb_interface *interface)
2567 struct pn533_cmd *cmd, *n;
2569 dev = usb_get_intfdata(interface);
2570 usb_set_intfdata(interface, NULL);
2572 nfc_unregister_device(dev->nfc_dev);
2573 nfc_free_device(dev->nfc_dev);
2575 usb_kill_urb(dev->in_urb);
2576 usb_kill_urb(dev->out_urb);
2578 destroy_workqueue(dev->wq);
2580 skb_queue_purge(&dev->resp_q);
2582 del_timer(&dev->listen_timer);
2584 list_for_each_entry_safe(cmd, n, &dev->cmd_queue, queue) {
2585 list_del(&cmd->queue);
2589 usb_free_urb(dev->in_urb);
2590 usb_free_urb(dev->out_urb);
2593 nfc_dev_info(&interface->dev, "NXP PN533 NFC device disconnected");
2596 static struct usb_driver pn533_driver = {
2598 .probe = pn533_probe,
2599 .disconnect = pn533_disconnect,
2600 .id_table = pn533_table,
2603 module_usb_driver(pn533_driver);
2605 MODULE_AUTHOR("Lauro Ramos Venancio <lauro.venancio@openbossa.org>,"
2606 " Aloisio Almeida Jr <aloisio.almeida@openbossa.org>");
2607 MODULE_DESCRIPTION("PN533 usb driver ver " VERSION);
2608 MODULE_VERSION(VERSION);
2609 MODULE_LICENSE("GPL");
git.openpandora.org / pandora-kernel.git / blob