1/* 2 * Copyright (C) 2011 Instituto Nokia de Tecnologia 3 * Copyright (C) 2012-2013 Tieto Poland 4 * 5 * This program is free software; you can redistribute it and/or modify 6 * it under the terms of the GNU General Public License as published by 7 * the Free Software Foundation; either version 2 of the License, or 8 * (at your option) any later version. 9 * 10 * This program is distributed in the hope that it will be useful, 11 * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 * GNU General Public License for more details. 14 * 15 * You should have received a copy of the GNU General Public License 16 * along with this program; if not, see <http://www.gnu.org/licenses/>. 17 */ 18 19#include <linux/device.h> 20#include <linux/kernel.h> 21#include <linux/module.h> 22#include <linux/slab.h> 23#include <linux/usb.h> 24#include <linux/nfc.h> 25#include <linux/netdevice.h> 26#include <net/nfc/nfc.h> 27 28#define VERSION "0.2" 29 30#define PN533_VENDOR_ID 0x4CC 31#define PN533_PRODUCT_ID 0x2533 32 33#define SCM_VENDOR_ID 0x4E6 34#define SCL3711_PRODUCT_ID 0x5591 35 36#define SONY_VENDOR_ID 0x054c 37#define PASORI_PRODUCT_ID 0x02e1 38 39#define ACS_VENDOR_ID 0x072f 40#define ACR122U_PRODUCT_ID 0x2200 41 42#define PN533_DEVICE_STD 0x1 43#define PN533_DEVICE_PASORI 0x2 44#define PN533_DEVICE_ACR122U 0x3 45 46#define PN533_ALL_PROTOCOLS (NFC_PROTO_JEWEL_MASK | NFC_PROTO_MIFARE_MASK |\ 47 NFC_PROTO_FELICA_MASK | NFC_PROTO_ISO14443_MASK |\ 48 NFC_PROTO_NFC_DEP_MASK |\ 49 NFC_PROTO_ISO14443_B_MASK) 50 51#define PN533_NO_TYPE_B_PROTOCOLS (NFC_PROTO_JEWEL_MASK | \ 52 NFC_PROTO_MIFARE_MASK | \ 53 NFC_PROTO_FELICA_MASK | \ 54 NFC_PROTO_ISO14443_MASK | \ 55 NFC_PROTO_NFC_DEP_MASK) 56 57static const struct usb_device_id pn533_table[] = { 58 { USB_DEVICE(PN533_VENDOR_ID, PN533_PRODUCT_ID), 59 .driver_info = PN533_DEVICE_STD }, 60 { USB_DEVICE(SCM_VENDOR_ID, SCL3711_PRODUCT_ID), 61 .driver_info = PN533_DEVICE_STD }, 62 { USB_DEVICE(SONY_VENDOR_ID, PASORI_PRODUCT_ID), 63 .driver_info = PN533_DEVICE_PASORI }, 64 { USB_DEVICE(ACS_VENDOR_ID, ACR122U_PRODUCT_ID), 65 .driver_info = PN533_DEVICE_ACR122U }, 66 { } 67}; 68MODULE_DEVICE_TABLE(usb, pn533_table); 69 70/* How much time we spend listening for initiators */ 71#define PN533_LISTEN_TIME 2 72/* Delay between each poll frame (ms) */ 73#define PN533_POLL_INTERVAL 10 74 75/* Standard pn533 frame definitions (standard and extended)*/ 76#define PN533_STD_FRAME_HEADER_LEN (sizeof(struct pn533_std_frame) \ 77 + 2) /* data[0] TFI, data[1] CC */ 78#define PN533_STD_FRAME_TAIL_LEN 2 /* data[len] DCS, data[len + 1] postamble*/ 79 80#define PN533_EXT_FRAME_HEADER_LEN (sizeof(struct pn533_ext_frame) \ 81 + 2) /* data[0] TFI, data[1] CC */ 82 83#define PN533_CMD_DATAEXCH_DATA_MAXLEN 262 84#define PN533_CMD_DATAFRAME_MAXLEN 240 /* max data length (send) */ 85 86/* 87 * Max extended frame payload len, excluding TFI and CC 88 * which are already in PN533_FRAME_HEADER_LEN. 89 */ 90#define PN533_STD_FRAME_MAX_PAYLOAD_LEN 263 91 92#define PN533_STD_FRAME_ACK_SIZE 6 /* Preamble (1), SoPC (2), ACK Code (2), 93 Postamble (1) */ 94#define PN533_STD_FRAME_CHECKSUM(f) (f->data[f->datalen]) 95#define PN533_STD_FRAME_POSTAMBLE(f) (f->data[f->datalen + 1]) 96/* Half start code (3), LEN (4) should be 0xffff for extended frame */ 97#define PN533_STD_IS_EXTENDED(hdr) ((hdr)->datalen == 0xFF \ 98 && (hdr)->datalen_checksum == 0xFF) 99#define PN533_EXT_FRAME_CHECKSUM(f) (f->data[be16_to_cpu(f->datalen)]) 100 101/* start of frame */ 102#define PN533_STD_FRAME_SOF 0x00FF 103 104/* standard frame identifier: in/out/error */ 105#define PN533_STD_FRAME_IDENTIFIER(f) (f->data[0]) /* TFI */ 106#define PN533_STD_FRAME_DIR_OUT 0xD4 107#define PN533_STD_FRAME_DIR_IN 0xD5 108 109/* ACS ACR122 pn533 frame definitions */ 110#define PN533_ACR122_TX_FRAME_HEADER_LEN (sizeof(struct pn533_acr122_tx_frame) \ 111 + 2) 112#define PN533_ACR122_TX_FRAME_TAIL_LEN 0 113#define PN533_ACR122_RX_FRAME_HEADER_LEN (sizeof(struct pn533_acr122_rx_frame) \ 114 + 2) 115#define PN533_ACR122_RX_FRAME_TAIL_LEN 2 116#define PN533_ACR122_FRAME_MAX_PAYLOAD_LEN PN533_STD_FRAME_MAX_PAYLOAD_LEN 117 118/* CCID messages types */ 119#define PN533_ACR122_PC_TO_RDR_ICCPOWERON 0x62 120#define PN533_ACR122_PC_TO_RDR_ESCAPE 0x6B 121 122#define PN533_ACR122_RDR_TO_PC_ESCAPE 0x83 123 124/* PN533 Commands */ 125#define PN533_FRAME_CMD(f) (f->data[1]) 126 127#define PN533_CMD_GET_FIRMWARE_VERSION 0x02 128#define PN533_CMD_RF_CONFIGURATION 0x32 129#define PN533_CMD_IN_DATA_EXCHANGE 0x40 130#define PN533_CMD_IN_COMM_THRU 0x42 131#define PN533_CMD_IN_LIST_PASSIVE_TARGET 0x4A 132#define PN533_CMD_IN_ATR 0x50 133#define PN533_CMD_IN_RELEASE 0x52 134#define PN533_CMD_IN_JUMP_FOR_DEP 0x56 135 136#define PN533_CMD_TG_INIT_AS_TARGET 0x8c 137#define PN533_CMD_TG_GET_DATA 0x86 138#define PN533_CMD_TG_SET_DATA 0x8e 139#define PN533_CMD_TG_SET_META_DATA 0x94 140#define PN533_CMD_UNDEF 0xff 141 142#define PN533_CMD_RESPONSE(cmd) (cmd + 1) 143 144/* PN533 Return codes */ 145#define PN533_CMD_RET_MASK 0x3F 146#define PN533_CMD_MI_MASK 0x40 147#define PN533_CMD_RET_SUCCESS 0x00 148 149struct pn533; 150 151typedef int (*pn533_send_async_complete_t) (struct pn533 *dev, void *arg, 152 struct sk_buff *resp); 153 154/* structs for pn533 commands */ 155 156/* PN533_CMD_GET_FIRMWARE_VERSION */ 157struct pn533_fw_version { 158 u8 ic; 159 u8 ver; 160 u8 rev; 161 u8 support; 162}; 163 164/* PN533_CMD_RF_CONFIGURATION */ 165#define PN533_CFGITEM_RF_FIELD 0x01 166#define PN533_CFGITEM_TIMING 0x02 167#define PN533_CFGITEM_MAX_RETRIES 0x05 168#define PN533_CFGITEM_PASORI 0x82 169 170#define PN533_CFGITEM_RF_FIELD_AUTO_RFCA 0x2 171#define PN533_CFGITEM_RF_FIELD_ON 0x1 172#define PN533_CFGITEM_RF_FIELD_OFF 0x0 173 174#define PN533_CONFIG_TIMING_102 0xb 175#define PN533_CONFIG_TIMING_204 0xc 176#define PN533_CONFIG_TIMING_409 0xd 177#define PN533_CONFIG_TIMING_819 0xe 178 179#define PN533_CONFIG_MAX_RETRIES_NO_RETRY 0x00 180#define PN533_CONFIG_MAX_RETRIES_ENDLESS 0xFF 181 182struct pn533_config_max_retries { 183 u8 mx_rty_atr; 184 u8 mx_rty_psl; 185 u8 mx_rty_passive_act; 186} __packed; 187 188struct pn533_config_timing { 189 u8 rfu; 190 u8 atr_res_timeout; 191 u8 dep_timeout; 192} __packed; 193 194/* PN533_CMD_IN_LIST_PASSIVE_TARGET */ 195 196/* felica commands opcode */ 197#define PN533_FELICA_OPC_SENSF_REQ 0 198#define PN533_FELICA_OPC_SENSF_RES 1 199/* felica SENSF_REQ parameters */ 200#define PN533_FELICA_SENSF_SC_ALL 0xFFFF 201#define PN533_FELICA_SENSF_RC_NO_SYSTEM_CODE 0 202#define PN533_FELICA_SENSF_RC_SYSTEM_CODE 1 203#define PN533_FELICA_SENSF_RC_ADVANCED_PROTOCOL 2 204 205/* type B initiator_data values */ 206#define PN533_TYPE_B_AFI_ALL_FAMILIES 0 207#define PN533_TYPE_B_POLL_METHOD_TIMESLOT 0 208#define PN533_TYPE_B_POLL_METHOD_PROBABILISTIC 1 209 210union pn533_cmd_poll_initdata { 211 struct { 212 u8 afi; 213 u8 polling_method; 214 } __packed type_b; 215 struct { 216 u8 opcode; 217 __be16 sc; 218 u8 rc; 219 u8 tsn; 220 } __packed felica; 221}; 222 223/* Poll modulations */ 224enum { 225 PN533_POLL_MOD_106KBPS_A, 226 PN533_POLL_MOD_212KBPS_FELICA, 227 PN533_POLL_MOD_424KBPS_FELICA, 228 PN533_POLL_MOD_106KBPS_JEWEL, 229 PN533_POLL_MOD_847KBPS_B, 230 PN533_LISTEN_MOD, 231 232 __PN533_POLL_MOD_AFTER_LAST, 233}; 234#define PN533_POLL_MOD_MAX (__PN533_POLL_MOD_AFTER_LAST - 1) 235 236struct pn533_poll_modulations { 237 struct { 238 u8 maxtg; 239 u8 brty; 240 union pn533_cmd_poll_initdata initiator_data; 241 } __packed data; 242 u8 len; 243}; 244 245static const struct pn533_poll_modulations poll_mod[] = { 246 [PN533_POLL_MOD_106KBPS_A] = { 247 .data = { 248 .maxtg = 1, 249 .brty = 0, 250 }, 251 .len = 2, 252 }, 253 [PN533_POLL_MOD_212KBPS_FELICA] = { 254 .data = { 255 .maxtg = 1, 256 .brty = 1, 257 .initiator_data.felica = { 258 .opcode = PN533_FELICA_OPC_SENSF_REQ, 259 .sc = PN533_FELICA_SENSF_SC_ALL, 260 .rc = PN533_FELICA_SENSF_RC_SYSTEM_CODE, 261 .tsn = 0x03, 262 }, 263 }, 264 .len = 7, 265 }, 266 [PN533_POLL_MOD_424KBPS_FELICA] = { 267 .data = { 268 .maxtg = 1, 269 .brty = 2, 270 .initiator_data.felica = { 271 .opcode = PN533_FELICA_OPC_SENSF_REQ, 272 .sc = PN533_FELICA_SENSF_SC_ALL, 273 .rc = PN533_FELICA_SENSF_RC_SYSTEM_CODE, 274 .tsn = 0x03, 275 }, 276 }, 277 .len = 7, 278 }, 279 [PN533_POLL_MOD_106KBPS_JEWEL] = { 280 .data = { 281 .maxtg = 1, 282 .brty = 4, 283 }, 284 .len = 2, 285 }, 286 [PN533_POLL_MOD_847KBPS_B] = { 287 .data = { 288 .maxtg = 1, 289 .brty = 8, 290 .initiator_data.type_b = { 291 .afi = PN533_TYPE_B_AFI_ALL_FAMILIES, 292 .polling_method = 293 PN533_TYPE_B_POLL_METHOD_TIMESLOT, 294 }, 295 }, 296 .len = 3, 297 }, 298 [PN533_LISTEN_MOD] = { 299 .len = 0, 300 }, 301}; 302 303/* PN533_CMD_IN_ATR */ 304 305struct pn533_cmd_activate_response { 306 u8 status; 307 u8 nfcid3t[10]; 308 u8 didt; 309 u8 bst; 310 u8 brt; 311 u8 to; 312 u8 ppt; 313 /* optional */ 314 u8 gt[]; 315} __packed; 316 317struct pn533_cmd_jump_dep_response { 318 u8 status; 319 u8 tg; 320 u8 nfcid3t[10]; 321 u8 didt; 322 u8 bst; 323 u8 brt; 324 u8 to; 325 u8 ppt; 326 /* optional */ 327 u8 gt[]; 328} __packed; 329 330 331/* PN533_TG_INIT_AS_TARGET */ 332#define PN533_INIT_TARGET_PASSIVE 0x1 333#define PN533_INIT_TARGET_DEP 0x2 334 335#define PN533_INIT_TARGET_RESP_FRAME_MASK 0x3 336#define PN533_INIT_TARGET_RESP_ACTIVE 0x1 337#define PN533_INIT_TARGET_RESP_DEP 0x4 338 339enum pn533_protocol_type { 340 PN533_PROTO_REQ_ACK_RESP = 0, 341 PN533_PROTO_REQ_RESP 342}; 343 344struct pn533 { 345 struct usb_device *udev; 346 struct usb_interface *interface; 347 struct nfc_dev *nfc_dev; 348 u32 device_type; 349 enum pn533_protocol_type protocol_type; 350 351 struct urb *out_urb; 352 struct urb *in_urb; 353 354 struct sk_buff_head resp_q; 355 struct sk_buff_head fragment_skb; 356 357 struct workqueue_struct *wq; 358 struct work_struct cmd_work; 359 struct work_struct cmd_complete_work; 360 struct delayed_work poll_work; 361 struct work_struct mi_rx_work; 362 struct work_struct mi_tx_work; 363 struct work_struct mi_tm_rx_work; 364 struct work_struct mi_tm_tx_work; 365 struct work_struct tg_work; 366 struct work_struct rf_work; 367 368 struct list_head cmd_queue; 369 struct pn533_cmd *cmd; 370 u8 cmd_pending; 371 struct mutex cmd_lock; /* protects cmd queue */ 372 373 void *cmd_complete_mi_arg; 374 void *cmd_complete_dep_arg; 375 376 struct pn533_poll_modulations *poll_mod_active[PN533_POLL_MOD_MAX + 1]; 377 u8 poll_mod_count; 378 u8 poll_mod_curr; 379 u8 poll_dep; 380 u32 poll_protocols; 381 u32 listen_protocols; 382 struct timer_list listen_timer; 383 int cancel_listen; 384 385 u8 *gb; 386 size_t gb_len; 387 388 u8 tgt_available_prots; 389 u8 tgt_active_prot; 390 u8 tgt_mode; 391 392 struct pn533_frame_ops *ops; 393}; 394 395struct pn533_cmd { 396 struct list_head queue; 397 u8 code; 398 int status; 399 struct sk_buff *req; 400 struct sk_buff *resp; 401 int resp_len; 402 pn533_send_async_complete_t complete_cb; 403 void *complete_cb_context; 404}; 405 406struct pn533_std_frame { 407 u8 preamble; 408 __be16 start_frame; 409 u8 datalen; 410 u8 datalen_checksum; 411 u8 data[]; 412} __packed; 413 414struct pn533_ext_frame { /* Extended Information frame */ 415 u8 preamble; 416 __be16 start_frame; 417 __be16 eif_flag; /* fixed to 0xFFFF */ 418 __be16 datalen; 419 u8 datalen_checksum; 420 u8 data[]; 421} __packed; 422 423struct pn533_frame_ops { 424 void (*tx_frame_init)(void *frame, u8 cmd_code); 425 void (*tx_frame_finish)(void *frame); 426 void (*tx_update_payload_len)(void *frame, int len); 427 int tx_header_len; 428 int tx_tail_len; 429 430 bool (*rx_is_frame_valid)(void *frame, struct pn533 *dev); 431 int (*rx_frame_size)(void *frame); 432 int rx_header_len; 433 int rx_tail_len; 434 435 int max_payload_len; 436 u8 (*get_cmd_code)(void *frame); 437}; 438 439struct pn533_acr122_ccid_hdr { 440 u8 type; 441 u32 datalen; 442 u8 slot; 443 u8 seq; 444 u8 params[3]; /* 3 msg specific bytes or status, error and 1 specific 445 byte for reposnse msg */ 446 u8 data[]; /* payload */ 447} __packed; 448 449struct pn533_acr122_apdu_hdr { 450 u8 class; 451 u8 ins; 452 u8 p1; 453 u8 p2; 454} __packed; 455 456struct pn533_acr122_tx_frame { 457 struct pn533_acr122_ccid_hdr ccid; 458 struct pn533_acr122_apdu_hdr apdu; 459 u8 datalen; 460 u8 data[]; /* pn533 frame: TFI ... */ 461} __packed; 462 463struct pn533_acr122_rx_frame { 464 struct pn533_acr122_ccid_hdr ccid; 465 u8 data[]; /* pn533 frame : TFI ... */ 466} __packed; 467 468static void pn533_acr122_tx_frame_init(void *_frame, u8 cmd_code) 469{ 470 struct pn533_acr122_tx_frame *frame = _frame; 471 472 frame->ccid.type = PN533_ACR122_PC_TO_RDR_ESCAPE; 473 frame->ccid.datalen = sizeof(frame->apdu) + 1; /* sizeof(apdu_hdr) + 474 sizeof(datalen) */ 475 frame->ccid.slot = 0; 476 frame->ccid.seq = 0; 477 frame->ccid.params[0] = 0; 478 frame->ccid.params[1] = 0; 479 frame->ccid.params[2] = 0; 480 481 frame->data[0] = PN533_STD_FRAME_DIR_OUT; 482 frame->data[1] = cmd_code; 483 frame->datalen = 2; /* data[0] + data[1] */ 484 485 frame->apdu.class = 0xFF; 486 frame->apdu.ins = 0; 487 frame->apdu.p1 = 0; 488 frame->apdu.p2 = 0; 489} 490 491static void pn533_acr122_tx_frame_finish(void *_frame) 492{ 493 struct pn533_acr122_tx_frame *frame = _frame; 494 495 frame->ccid.datalen += frame->datalen; 496} 497 498static void pn533_acr122_tx_update_payload_len(void *_frame, int len) 499{ 500 struct pn533_acr122_tx_frame *frame = _frame; 501 502 frame->datalen += len; 503} 504 505static bool pn533_acr122_is_rx_frame_valid(void *_frame, struct pn533 *dev) 506{ 507 struct pn533_acr122_rx_frame *frame = _frame; 508 509 if (frame->ccid.type != 0x83) 510 return false; 511 512 if (!frame->ccid.datalen) 513 return false; 514 515 if (frame->data[frame->ccid.datalen - 2] == 0x63) 516 return false; 517 518 return true; 519} 520 521static int pn533_acr122_rx_frame_size(void *frame) 522{ 523 struct pn533_acr122_rx_frame *f = frame; 524 525 /* f->ccid.datalen already includes tail length */ 526 return sizeof(struct pn533_acr122_rx_frame) + f->ccid.datalen; 527} 528 529static u8 pn533_acr122_get_cmd_code(void *frame) 530{ 531 struct pn533_acr122_rx_frame *f = frame; 532 533 return PN533_FRAME_CMD(f); 534} 535 536static struct pn533_frame_ops pn533_acr122_frame_ops = { 537 .tx_frame_init = pn533_acr122_tx_frame_init, 538 .tx_frame_finish = pn533_acr122_tx_frame_finish, 539 .tx_update_payload_len = pn533_acr122_tx_update_payload_len, 540 .tx_header_len = PN533_ACR122_TX_FRAME_HEADER_LEN, 541 .tx_tail_len = PN533_ACR122_TX_FRAME_TAIL_LEN, 542 543 .rx_is_frame_valid = pn533_acr122_is_rx_frame_valid, 544 .rx_header_len = PN533_ACR122_RX_FRAME_HEADER_LEN, 545 .rx_tail_len = PN533_ACR122_RX_FRAME_TAIL_LEN, 546 .rx_frame_size = pn533_acr122_rx_frame_size, 547 548 .max_payload_len = PN533_ACR122_FRAME_MAX_PAYLOAD_LEN, 549 .get_cmd_code = pn533_acr122_get_cmd_code, 550}; 551 552/* The rule: value(high byte) + value(low byte) + checksum = 0 */ 553static inline u8 pn533_ext_checksum(u16 value) 554{ 555 return ~(u8)(((value & 0xFF00) >> 8) + (u8)(value & 0xFF)) + 1; 556} 557 558/* The rule: value + checksum = 0 */ 559static inline u8 pn533_std_checksum(u8 value) 560{ 561 return ~value + 1; 562} 563 564/* The rule: sum(data elements) + checksum = 0 */ 565static u8 pn533_std_data_checksum(u8 *data, int datalen) 566{ 567 u8 sum = 0; 568 int i; 569 570 for (i = 0; i < datalen; i++) 571 sum += data[i]; 572 573 return pn533_std_checksum(sum); 574} 575 576static void pn533_std_tx_frame_init(void *_frame, u8 cmd_code) 577{ 578 struct pn533_std_frame *frame = _frame; 579 580 frame->preamble = 0; 581 frame->start_frame = cpu_to_be16(PN533_STD_FRAME_SOF); 582 PN533_STD_FRAME_IDENTIFIER(frame) = PN533_STD_FRAME_DIR_OUT; 583 PN533_FRAME_CMD(frame) = cmd_code; 584 frame->datalen = 2; 585} 586 587static void pn533_std_tx_frame_finish(void *_frame) 588{ 589 struct pn533_std_frame *frame = _frame; 590 591 frame->datalen_checksum = pn533_std_checksum(frame->datalen); 592 593 PN533_STD_FRAME_CHECKSUM(frame) = 594 pn533_std_data_checksum(frame->data, frame->datalen); 595 596 PN533_STD_FRAME_POSTAMBLE(frame) = 0; 597} 598 599static void pn533_std_tx_update_payload_len(void *_frame, int len) 600{ 601 struct pn533_std_frame *frame = _frame; 602 603 frame->datalen += len; 604} 605 606static bool pn533_std_rx_frame_is_valid(void *_frame, struct pn533 *dev) 607{ 608 u8 checksum; 609 struct pn533_std_frame *stdf = _frame; 610 611 if (stdf->start_frame != cpu_to_be16(PN533_STD_FRAME_SOF)) 612 return false; 613 614 if (likely(!PN533_STD_IS_EXTENDED(stdf))) { 615 /* Standard frame code */ 616 dev->ops->rx_header_len = PN533_STD_FRAME_HEADER_LEN; 617 618 checksum = pn533_std_checksum(stdf->datalen); 619 if (checksum != stdf->datalen_checksum) 620 return false; 621 622 checksum = pn533_std_data_checksum(stdf->data, stdf->datalen); 623 if (checksum != PN533_STD_FRAME_CHECKSUM(stdf)) 624 return false; 625 } else { 626 /* Extended */ 627 struct pn533_ext_frame *eif = _frame; 628 629 dev->ops->rx_header_len = PN533_EXT_FRAME_HEADER_LEN; 630 631 checksum = pn533_ext_checksum(be16_to_cpu(eif->datalen)); 632 if (checksum != eif->datalen_checksum) 633 return false; 634 635 /* check data checksum */ 636 checksum = pn533_std_data_checksum(eif->data, 637 be16_to_cpu(eif->datalen)); 638 if (checksum != PN533_EXT_FRAME_CHECKSUM(eif)) 639 return false; 640 } 641 642 return true; 643} 644 645static bool pn533_std_rx_frame_is_ack(struct pn533_std_frame *frame) 646{ 647 if (frame->start_frame != cpu_to_be16(PN533_STD_FRAME_SOF)) 648 return false; 649 650 if (frame->datalen != 0 || frame->datalen_checksum != 0xFF) 651 return false; 652 653 return true; 654} 655 656static inline int pn533_std_rx_frame_size(void *frame) 657{ 658 struct pn533_std_frame *f = frame; 659 660 /* check for Extended Information frame */ 661 if (PN533_STD_IS_EXTENDED(f)) { 662 struct pn533_ext_frame *eif = frame; 663 664 return sizeof(struct pn533_ext_frame) 665 + be16_to_cpu(eif->datalen) + PN533_STD_FRAME_TAIL_LEN; 666 } 667 668 return sizeof(struct pn533_std_frame) + f->datalen + 669 PN533_STD_FRAME_TAIL_LEN; 670} 671 672static u8 pn533_std_get_cmd_code(void *frame) 673{ 674 struct pn533_std_frame *f = frame; 675 struct pn533_ext_frame *eif = frame; 676 677 if (PN533_STD_IS_EXTENDED(f)) 678 return PN533_FRAME_CMD(eif); 679 else 680 return PN533_FRAME_CMD(f); 681} 682 683static struct pn533_frame_ops pn533_std_frame_ops = { 684 .tx_frame_init = pn533_std_tx_frame_init, 685 .tx_frame_finish = pn533_std_tx_frame_finish, 686 .tx_update_payload_len = pn533_std_tx_update_payload_len, 687 .tx_header_len = PN533_STD_FRAME_HEADER_LEN, 688 .tx_tail_len = PN533_STD_FRAME_TAIL_LEN, 689 690 .rx_is_frame_valid = pn533_std_rx_frame_is_valid, 691 .rx_frame_size = pn533_std_rx_frame_size, 692 .rx_header_len = PN533_STD_FRAME_HEADER_LEN, 693 .rx_tail_len = PN533_STD_FRAME_TAIL_LEN, 694 695 .max_payload_len = PN533_STD_FRAME_MAX_PAYLOAD_LEN, 696 .get_cmd_code = pn533_std_get_cmd_code, 697}; 698 699static bool pn533_rx_frame_is_cmd_response(struct pn533 *dev, void *frame) 700{ 701 return (dev->ops->get_cmd_code(frame) == 702 PN533_CMD_RESPONSE(dev->cmd->code)); 703} 704 705static void pn533_recv_response(struct urb *urb) 706{ 707 struct pn533 *dev = urb->context; 708 struct pn533_cmd *cmd = dev->cmd; 709 u8 *in_frame; 710 711 cmd->status = urb->status; 712 713 switch (urb->status) { 714 case 0: 715 break; /* success */ 716 case -ECONNRESET: 717 case -ENOENT: 718 dev_dbg(&dev->interface->dev, 719 "The urb has been canceled (status %d)\n", 720 urb->status); 721 goto sched_wq; 722 case -ESHUTDOWN: 723 default: 724 nfc_err(&dev->interface->dev, 725 "Urb failure (status %d)\n", urb->status); 726 goto sched_wq; 727 } 728 729 in_frame = dev->in_urb->transfer_buffer; 730 731 dev_dbg(&dev->interface->dev, "Received a frame\n"); 732 print_hex_dump_debug("PN533 RX: ", DUMP_PREFIX_NONE, 16, 1, in_frame, 733 dev->ops->rx_frame_size(in_frame), false); 734 735 if (!dev->ops->rx_is_frame_valid(in_frame, dev)) { 736 nfc_err(&dev->interface->dev, "Received an invalid frame\n"); 737 cmd->status = -EIO; 738 goto sched_wq; 739 } 740 741 if (!pn533_rx_frame_is_cmd_response(dev, in_frame)) { 742 nfc_err(&dev->interface->dev, 743 "It it not the response to the last command\n"); 744 cmd->status = -EIO; 745 goto sched_wq; 746 } 747 748sched_wq: 749 queue_work(dev->wq, &dev->cmd_complete_work); 750} 751 752static int pn533_submit_urb_for_response(struct pn533 *dev, gfp_t flags) 753{ 754 dev->in_urb->complete = pn533_recv_response; 755 756 return usb_submit_urb(dev->in_urb, flags); 757} 758 759static void pn533_recv_ack(struct urb *urb) 760{ 761 struct pn533 *dev = urb->context; 762 struct pn533_cmd *cmd = dev->cmd; 763 struct pn533_std_frame *in_frame; 764 int rc; 765 766 cmd->status = urb->status; 767 768 switch (urb->status) { 769 case 0: 770 break; /* success */ 771 case -ECONNRESET: 772 case -ENOENT: 773 dev_dbg(&dev->interface->dev, 774 "The urb has been stopped (status %d)\n", 775 urb->status); 776 goto sched_wq; 777 case -ESHUTDOWN: 778 default: 779 nfc_err(&dev->interface->dev, 780 "Urb failure (status %d)\n", urb->status); 781 goto sched_wq; 782 } 783 784 in_frame = dev->in_urb->transfer_buffer; 785 786 if (!pn533_std_rx_frame_is_ack(in_frame)) { 787 nfc_err(&dev->interface->dev, "Received an invalid ack\n"); 788 cmd->status = -EIO; 789 goto sched_wq; 790 } 791 792 rc = pn533_submit_urb_for_response(dev, GFP_ATOMIC); 793 if (rc) { 794 nfc_err(&dev->interface->dev, 795 "usb_submit_urb failed with result %d\n", rc); 796 cmd->status = rc; 797 goto sched_wq; 798 } 799 800 return; 801 802sched_wq: 803 queue_work(dev->wq, &dev->cmd_complete_work); 804} 805 806static int pn533_submit_urb_for_ack(struct pn533 *dev, gfp_t flags) 807{ 808 dev->in_urb->complete = pn533_recv_ack; 809 810 return usb_submit_urb(dev->in_urb, flags); 811} 812 813static int pn533_send_ack(struct pn533 *dev, gfp_t flags) 814{ 815 u8 ack[PN533_STD_FRAME_ACK_SIZE] = {0x00, 0x00, 0xff, 0x00, 0xff, 0x00}; 816 /* spec 7.1.1.3: Preamble, SoPC (2), ACK Code (2), Postamble */ 817 int rc; 818 819 dev->out_urb->transfer_buffer = ack; 820 dev->out_urb->transfer_buffer_length = sizeof(ack); 821 rc = usb_submit_urb(dev->out_urb, flags); 822 823 return rc; 824} 825 826static int __pn533_send_frame_async(struct pn533 *dev, 827 struct sk_buff *out, 828 struct sk_buff *in, 829 int in_len) 830{ 831 int rc; 832 833 dev->out_urb->transfer_buffer = out->data; 834 dev->out_urb->transfer_buffer_length = out->len; 835 836 dev->in_urb->transfer_buffer = in->data; 837 dev->in_urb->transfer_buffer_length = in_len; 838 839 print_hex_dump_debug("PN533 TX: ", DUMP_PREFIX_NONE, 16, 1, 840 out->data, out->len, false); 841 842 rc = usb_submit_urb(dev->out_urb, GFP_KERNEL); 843 if (rc) 844 return rc; 845 846 if (dev->protocol_type == PN533_PROTO_REQ_RESP) { 847 /* request for response for sent packet directly */ 848 rc = pn533_submit_urb_for_response(dev, GFP_ATOMIC); 849 if (rc) 850 goto error; 851 } else if (dev->protocol_type == PN533_PROTO_REQ_ACK_RESP) { 852 /* request for ACK if that's the case */ 853 rc = pn533_submit_urb_for_ack(dev, GFP_KERNEL); 854 if (rc) 855 goto error; 856 } 857 858 return 0; 859 860error: 861 usb_unlink_urb(dev->out_urb); 862 return rc; 863} 864 865static void pn533_build_cmd_frame(struct pn533 *dev, u8 cmd_code, 866 struct sk_buff *skb) 867{ 868 /* payload is already there, just update datalen */ 869 int payload_len = skb->len; 870 struct pn533_frame_ops *ops = dev->ops; 871 872 873 skb_push(skb, ops->tx_header_len); 874 skb_put(skb, ops->tx_tail_len); 875 876 ops->tx_frame_init(skb->data, cmd_code); 877 ops->tx_update_payload_len(skb->data, payload_len); 878 ops->tx_frame_finish(skb->data); 879} 880 881static int pn533_send_async_complete(struct pn533 *dev) 882{ 883 struct pn533_cmd *cmd = dev->cmd; 884 int status = cmd->status; 885 886 struct sk_buff *req = cmd->req; 887 struct sk_buff *resp = cmd->resp; 888 889 int rc; 890 891 dev_kfree_skb(req); 892 893 if (status < 0) { 894 rc = cmd->complete_cb(dev, cmd->complete_cb_context, 895 ERR_PTR(status)); 896 dev_kfree_skb(resp); 897 goto done; 898 } 899 900 skb_put(resp, dev->ops->rx_frame_size(resp->data)); 901 skb_pull(resp, dev->ops->rx_header_len); 902 skb_trim(resp, resp->len - dev->ops->rx_tail_len); 903 904 rc = cmd->complete_cb(dev, cmd->complete_cb_context, resp); 905 906done: 907 kfree(cmd); 908 dev->cmd = NULL; 909 return rc; 910} 911 912static int __pn533_send_async(struct pn533 *dev, u8 cmd_code, 913 struct sk_buff *req, struct sk_buff *resp, 914 int resp_len, 915 pn533_send_async_complete_t complete_cb, 916 void *complete_cb_context) 917{ 918 struct pn533_cmd *cmd; 919 int rc = 0; 920 921 dev_dbg(&dev->interface->dev, "Sending command 0x%x\n", cmd_code); 922 923 cmd = kzalloc(sizeof(*cmd), GFP_KERNEL); 924 if (!cmd) 925 return -ENOMEM; 926 927 cmd->code = cmd_code; 928 cmd->req = req; 929 cmd->resp = resp; 930 cmd->resp_len = resp_len; 931 cmd->complete_cb = complete_cb; 932 cmd->complete_cb_context = complete_cb_context; 933 934 pn533_build_cmd_frame(dev, cmd_code, req); 935 936 mutex_lock(&dev->cmd_lock); 937 938 if (!dev->cmd_pending) { 939 rc = __pn533_send_frame_async(dev, req, resp, resp_len); 940 if (rc) 941 goto error; 942 943 dev->cmd_pending = 1; 944 dev->cmd = cmd; 945 goto unlock; 946 } 947 948 dev_dbg(&dev->interface->dev, "%s Queueing command 0x%x\n", 949 __func__, cmd_code); 950 951 INIT_LIST_HEAD(&cmd->queue); 952 list_add_tail(&cmd->queue, &dev->cmd_queue); 953 954 goto unlock; 955 956error: 957 kfree(cmd); 958unlock: 959 mutex_unlock(&dev->cmd_lock); 960 return rc; 961} 962 963static int pn533_send_data_async(struct pn533 *dev, u8 cmd_code, 964 struct sk_buff *req, 965 pn533_send_async_complete_t complete_cb, 966 void *complete_cb_context) 967{ 968 struct sk_buff *resp; 969 int rc; 970 int resp_len = dev->ops->rx_header_len + 971 dev->ops->max_payload_len + 972 dev->ops->rx_tail_len; 973 974 resp = nfc_alloc_recv_skb(resp_len, GFP_KERNEL); 975 if (!resp) 976 return -ENOMEM; 977 978 rc = __pn533_send_async(dev, cmd_code, req, resp, resp_len, complete_cb, 979 complete_cb_context); 980 if (rc) 981 dev_kfree_skb(resp); 982 983 return rc; 984} 985 986static int pn533_send_cmd_async(struct pn533 *dev, u8 cmd_code, 987 struct sk_buff *req, 988 pn533_send_async_complete_t complete_cb, 989 void *complete_cb_context) 990{ 991 struct sk_buff *resp; 992 int rc; 993 int resp_len = dev->ops->rx_header_len + 994 dev->ops->max_payload_len + 995 dev->ops->rx_tail_len; 996 997 resp = alloc_skb(resp_len, GFP_KERNEL); 998 if (!resp) 999 return -ENOMEM; 1000 1001 rc = __pn533_send_async(dev, cmd_code, req, resp, resp_len, complete_cb, 1002 complete_cb_context); 1003 if (rc) 1004 dev_kfree_skb(resp); 1005 1006 return rc; 1007} 1008 1009/* 1010 * pn533_send_cmd_direct_async 1011 * 1012 * The function sends a piority cmd directly to the chip omiting the cmd 1013 * queue. It's intended to be used by chaining mechanism of received responses 1014 * where the host has to request every single chunk of data before scheduling 1015 * next cmd from the queue. 1016 */ 1017static int pn533_send_cmd_direct_async(struct pn533 *dev, u8 cmd_code, 1018 struct sk_buff *req, 1019 pn533_send_async_complete_t complete_cb, 1020 void *complete_cb_context) 1021{ 1022 struct sk_buff *resp; 1023 struct pn533_cmd *cmd; 1024 int rc; 1025 int resp_len = dev->ops->rx_header_len + 1026 dev->ops->max_payload_len + 1027 dev->ops->rx_tail_len; 1028 1029 resp = alloc_skb(resp_len, GFP_KERNEL); 1030 if (!resp) 1031 return -ENOMEM; 1032 1033 cmd = kzalloc(sizeof(*cmd), GFP_KERNEL); 1034 if (!cmd) { 1035 dev_kfree_skb(resp); 1036 return -ENOMEM; 1037 } 1038 1039 cmd->code = cmd_code; 1040 cmd->req = req; 1041 cmd->resp = resp; 1042 cmd->resp_len = resp_len; 1043 cmd->complete_cb = complete_cb; 1044 cmd->complete_cb_context = complete_cb_context; 1045 1046 pn533_build_cmd_frame(dev, cmd_code, req); 1047 1048 rc = __pn533_send_frame_async(dev, req, resp, resp_len); 1049 if (rc < 0) { 1050 dev_kfree_skb(resp); 1051 kfree(cmd); 1052 } else { 1053 dev->cmd = cmd; 1054 } 1055 1056 return rc; 1057} 1058 1059static void pn533_wq_cmd_complete(struct work_struct *work) 1060{ 1061 struct pn533 *dev = container_of(work, struct pn533, cmd_complete_work); 1062 int rc; 1063 1064 rc = pn533_send_async_complete(dev); 1065 if (rc != -EINPROGRESS) 1066 queue_work(dev->wq, &dev->cmd_work); 1067} 1068 1069static void pn533_wq_cmd(struct work_struct *work) 1070{ 1071 struct pn533 *dev = container_of(work, struct pn533, cmd_work); 1072 struct pn533_cmd *cmd; 1073 int rc; 1074 1075 mutex_lock(&dev->cmd_lock); 1076 1077 if (list_empty(&dev->cmd_queue)) { 1078 dev->cmd_pending = 0; 1079 mutex_unlock(&dev->cmd_lock); 1080 return; 1081 } 1082 1083 cmd = list_first_entry(&dev->cmd_queue, struct pn533_cmd, queue); 1084 1085 list_del(&cmd->queue); 1086 1087 mutex_unlock(&dev->cmd_lock); 1088 1089 rc = __pn533_send_frame_async(dev, cmd->req, cmd->resp, cmd->resp_len); 1090 if (rc < 0) { 1091 dev_kfree_skb(cmd->req); 1092 dev_kfree_skb(cmd->resp); 1093 kfree(cmd); 1094 return; 1095 } 1096 1097 dev->cmd = cmd; 1098} 1099 1100struct pn533_sync_cmd_response { 1101 struct sk_buff *resp; 1102 struct completion done; 1103}; 1104 1105static int pn533_send_sync_complete(struct pn533 *dev, void *_arg, 1106 struct sk_buff *resp) 1107{ 1108 struct pn533_sync_cmd_response *arg = _arg; 1109 1110 arg->resp = resp; 1111 complete(&arg->done); 1112 1113 return 0; 1114} 1115 1116/* pn533_send_cmd_sync 1117 * 1118 * Please note the req parameter is freed inside the function to 1119 * limit a number of return value interpretations by the caller. 1120 * 1121 * 1. negative in case of error during TX path -> req should be freed 1122 * 1123 * 2. negative in case of error during RX path -> req should not be freed 1124 * as it's been already freed at the begining of RX path by 1125 * async_complete_cb. 1126 * 1127 * 3. valid pointer in case of succesfult RX path 1128 * 1129 * A caller has to check a return value with IS_ERR macro. If the test pass, 1130 * the returned pointer is valid. 1131 * 1132 * */ 1133static struct sk_buff *pn533_send_cmd_sync(struct pn533 *dev, u8 cmd_code, 1134 struct sk_buff *req) 1135{ 1136 int rc; 1137 struct pn533_sync_cmd_response arg; 1138 1139 init_completion(&arg.done); 1140 1141 rc = pn533_send_cmd_async(dev, cmd_code, req, 1142 pn533_send_sync_complete, &arg); 1143 if (rc) { 1144 dev_kfree_skb(req); 1145 return ERR_PTR(rc); 1146 } 1147 1148 wait_for_completion(&arg.done); 1149 1150 return arg.resp; 1151} 1152 1153static void pn533_send_complete(struct urb *urb) 1154{ 1155 struct pn533 *dev = urb->context; 1156 1157 switch (urb->status) { 1158 case 0: 1159 break; /* success */ 1160 case -ECONNRESET: 1161 case -ENOENT: 1162 dev_dbg(&dev->interface->dev, 1163 "The urb has been stopped (status %d)\n", 1164 urb->status); 1165 break; 1166 case -ESHUTDOWN: 1167 default: 1168 nfc_err(&dev->interface->dev, "Urb failure (status %d)\n", 1169 urb->status); 1170 } 1171} 1172 1173static void pn533_abort_cmd(struct pn533 *dev, gfp_t flags) 1174{ 1175 /* ACR122U does not support any command which aborts last 1176 * issued command i.e. as ACK for standard PN533. Additionally, 1177 * it behaves stange, sending broken or incorrect responses, 1178 * when we cancel urb before the chip will send response. 1179 */ 1180 if (dev->device_type == PN533_DEVICE_ACR122U) 1181 return; 1182 1183 /* An ack will cancel the last issued command */ 1184 pn533_send_ack(dev, flags); 1185 1186 /* cancel the urb request */ 1187 usb_kill_urb(dev->in_urb); 1188} 1189 1190static struct sk_buff *pn533_alloc_skb(struct pn533 *dev, unsigned int size) 1191{ 1192 struct sk_buff *skb; 1193 1194 skb = alloc_skb(dev->ops->tx_header_len + 1195 size + 1196 dev->ops->tx_tail_len, GFP_KERNEL); 1197 1198 if (skb) 1199 skb_reserve(skb, dev->ops->tx_header_len); 1200 1201 return skb; 1202} 1203 1204struct pn533_target_type_a { 1205 __be16 sens_res; 1206 u8 sel_res; 1207 u8 nfcid_len; 1208 u8 nfcid_data[]; 1209} __packed; 1210 1211 1212#define PN533_TYPE_A_SENS_RES_NFCID1(x) ((u8)((be16_to_cpu(x) & 0x00C0) >> 6)) 1213#define PN533_TYPE_A_SENS_RES_SSD(x) ((u8)((be16_to_cpu(x) & 0x001F) >> 0)) 1214#define PN533_TYPE_A_SENS_RES_PLATCONF(x) ((u8)((be16_to_cpu(x) & 0x0F00) >> 8)) 1215 1216#define PN533_TYPE_A_SENS_RES_SSD_JEWEL 0x00 1217#define PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL 0x0C 1218 1219#define PN533_TYPE_A_SEL_PROT(x) (((x) & 0x60) >> 5) 1220#define PN533_TYPE_A_SEL_CASCADE(x) (((x) & 0x04) >> 2) 1221 1222#define PN533_TYPE_A_SEL_PROT_MIFARE 0 1223#define PN533_TYPE_A_SEL_PROT_ISO14443 1 1224#define PN533_TYPE_A_SEL_PROT_DEP 2 1225#define PN533_TYPE_A_SEL_PROT_ISO14443_DEP 3 1226 1227static bool pn533_target_type_a_is_valid(struct pn533_target_type_a *type_a, 1228 int target_data_len) 1229{ 1230 u8 ssd; 1231 u8 platconf; 1232 1233 if (target_data_len < sizeof(struct pn533_target_type_a)) 1234 return false; 1235 1236 /* The lenght check of nfcid[] and ats[] are not being performed because 1237 the values are not being used */ 1238 1239 /* Requirement 4.6.3.3 from NFC Forum Digital Spec */ 1240 ssd = PN533_TYPE_A_SENS_RES_SSD(type_a->sens_res); 1241 platconf = PN533_TYPE_A_SENS_RES_PLATCONF(type_a->sens_res); 1242 1243 if ((ssd == PN533_TYPE_A_SENS_RES_SSD_JEWEL && 1244 platconf != PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL) || 1245 (ssd != PN533_TYPE_A_SENS_RES_SSD_JEWEL && 1246 platconf == PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL)) 1247 return false; 1248 1249 /* Requirements 4.8.2.1, 4.8.2.3, 4.8.2.5 and 4.8.2.7 from NFC Forum */ 1250 if (PN533_TYPE_A_SEL_CASCADE(type_a->sel_res) != 0) 1251 return false; 1252 1253 return true; 1254} 1255 1256static int pn533_target_found_type_a(struct nfc_target *nfc_tgt, u8 *tgt_data, 1257 int tgt_data_len) 1258{ 1259 struct pn533_target_type_a *tgt_type_a; 1260 1261 tgt_type_a = (struct pn533_target_type_a *)tgt_data; 1262 1263 if (!pn533_target_type_a_is_valid(tgt_type_a, tgt_data_len)) 1264 return -EPROTO; 1265 1266 switch (PN533_TYPE_A_SEL_PROT(tgt_type_a->sel_res)) { 1267 case PN533_TYPE_A_SEL_PROT_MIFARE: 1268 nfc_tgt->supported_protocols = NFC_PROTO_MIFARE_MASK; 1269 break; 1270 case PN533_TYPE_A_SEL_PROT_ISO14443: 1271 nfc_tgt->supported_protocols = NFC_PROTO_ISO14443_MASK; 1272 break; 1273 case PN533_TYPE_A_SEL_PROT_DEP: 1274 nfc_tgt->supported_protocols = NFC_PROTO_NFC_DEP_MASK; 1275 break; 1276 case PN533_TYPE_A_SEL_PROT_ISO14443_DEP: 1277 nfc_tgt->supported_protocols = NFC_PROTO_ISO14443_MASK | 1278 NFC_PROTO_NFC_DEP_MASK; 1279 break; 1280 } 1281 1282 nfc_tgt->sens_res = be16_to_cpu(tgt_type_a->sens_res); 1283 nfc_tgt->sel_res = tgt_type_a->sel_res; 1284 nfc_tgt->nfcid1_len = tgt_type_a->nfcid_len; 1285 memcpy(nfc_tgt->nfcid1, tgt_type_a->nfcid_data, nfc_tgt->nfcid1_len); 1286 1287 return 0; 1288} 1289 1290struct pn533_target_felica { 1291 u8 pol_res; 1292 u8 opcode; 1293 u8 nfcid2[NFC_NFCID2_MAXSIZE]; 1294 u8 pad[8]; 1295 /* optional */ 1296 u8 syst_code[]; 1297} __packed; 1298 1299#define PN533_FELICA_SENSF_NFCID2_DEP_B1 0x01 1300#define PN533_FELICA_SENSF_NFCID2_DEP_B2 0xFE 1301 1302static bool pn533_target_felica_is_valid(struct pn533_target_felica *felica, 1303 int target_data_len) 1304{ 1305 if (target_data_len < sizeof(struct pn533_target_felica)) 1306 return false; 1307 1308 if (felica->opcode != PN533_FELICA_OPC_SENSF_RES) 1309 return false; 1310 1311 return true; 1312} 1313 1314static int pn533_target_found_felica(struct nfc_target *nfc_tgt, u8 *tgt_data, 1315 int tgt_data_len) 1316{ 1317 struct pn533_target_felica *tgt_felica; 1318 1319 tgt_felica = (struct pn533_target_felica *)tgt_data; 1320 1321 if (!pn533_target_felica_is_valid(tgt_felica, tgt_data_len)) 1322 return -EPROTO; 1323 1324 if ((tgt_felica->nfcid2[0] == PN533_FELICA_SENSF_NFCID2_DEP_B1) && 1325 (tgt_felica->nfcid2[1] == PN533_FELICA_SENSF_NFCID2_DEP_B2)) 1326 nfc_tgt->supported_protocols = NFC_PROTO_NFC_DEP_MASK; 1327 else 1328 nfc_tgt->supported_protocols = NFC_PROTO_FELICA_MASK; 1329 1330 memcpy(nfc_tgt->sensf_res, &tgt_felica->opcode, 9); 1331 nfc_tgt->sensf_res_len = 9; 1332 1333 memcpy(nfc_tgt->nfcid2, tgt_felica->nfcid2, NFC_NFCID2_MAXSIZE); 1334 nfc_tgt->nfcid2_len = NFC_NFCID2_MAXSIZE; 1335 1336 return 0; 1337} 1338 1339struct pn533_target_jewel { 1340 __be16 sens_res; 1341 u8 jewelid[4]; 1342} __packed; 1343 1344static bool pn533_target_jewel_is_valid(struct pn533_target_jewel *jewel, 1345 int target_data_len) 1346{ 1347 u8 ssd; 1348 u8 platconf; 1349 1350 if (target_data_len < sizeof(struct pn533_target_jewel)) 1351 return false; 1352 1353 /* Requirement 4.6.3.3 from NFC Forum Digital Spec */ 1354 ssd = PN533_TYPE_A_SENS_RES_SSD(jewel->sens_res); 1355 platconf = PN533_TYPE_A_SENS_RES_PLATCONF(jewel->sens_res); 1356 1357 if ((ssd == PN533_TYPE_A_SENS_RES_SSD_JEWEL && 1358 platconf != PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL) || 1359 (ssd != PN533_TYPE_A_SENS_RES_SSD_JEWEL && 1360 platconf == PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL)) 1361 return false; 1362 1363 return true; 1364} 1365 1366static int pn533_target_found_jewel(struct nfc_target *nfc_tgt, u8 *tgt_data, 1367 int tgt_data_len) 1368{ 1369 struct pn533_target_jewel *tgt_jewel; 1370 1371 tgt_jewel = (struct pn533_target_jewel *)tgt_data; 1372 1373 if (!pn533_target_jewel_is_valid(tgt_jewel, tgt_data_len)) 1374 return -EPROTO; 1375 1376 nfc_tgt->supported_protocols = NFC_PROTO_JEWEL_MASK; 1377 nfc_tgt->sens_res = be16_to_cpu(tgt_jewel->sens_res); 1378 nfc_tgt->nfcid1_len = 4; 1379 memcpy(nfc_tgt->nfcid1, tgt_jewel->jewelid, nfc_tgt->nfcid1_len); 1380 1381 return 0; 1382} 1383 1384struct pn533_type_b_prot_info { 1385 u8 bitrate; 1386 u8 fsci_type; 1387 u8 fwi_adc_fo; 1388} __packed; 1389 1390#define PN533_TYPE_B_PROT_FCSI(x) (((x) & 0xF0) >> 4) 1391#define PN533_TYPE_B_PROT_TYPE(x) (((x) & 0x0F) >> 0) 1392#define PN533_TYPE_B_PROT_TYPE_RFU_MASK 0x8 1393 1394struct pn533_type_b_sens_res { 1395 u8 opcode; 1396 u8 nfcid[4]; 1397 u8 appdata[4]; 1398 struct pn533_type_b_prot_info prot_info; 1399} __packed; 1400 1401#define PN533_TYPE_B_OPC_SENSB_RES 0x50 1402 1403struct pn533_target_type_b { 1404 struct pn533_type_b_sens_res sensb_res; 1405 u8 attrib_res_len; 1406 u8 attrib_res[]; 1407} __packed; 1408 1409static bool pn533_target_type_b_is_valid(struct pn533_target_type_b *type_b, 1410 int target_data_len) 1411{ 1412 if (target_data_len < sizeof(struct pn533_target_type_b)) 1413 return false; 1414 1415 if (type_b->sensb_res.opcode != PN533_TYPE_B_OPC_SENSB_RES) 1416 return false; 1417 1418 if (PN533_TYPE_B_PROT_TYPE(type_b->sensb_res.prot_info.fsci_type) & 1419 PN533_TYPE_B_PROT_TYPE_RFU_MASK) 1420 return false; 1421 1422 return true; 1423} 1424 1425static int pn533_target_found_type_b(struct nfc_target *nfc_tgt, u8 *tgt_data, 1426 int tgt_data_len) 1427{ 1428 struct pn533_target_type_b *tgt_type_b; 1429 1430 tgt_type_b = (struct pn533_target_type_b *)tgt_data; 1431 1432 if (!pn533_target_type_b_is_valid(tgt_type_b, tgt_data_len)) 1433 return -EPROTO; 1434 1435 nfc_tgt->supported_protocols = NFC_PROTO_ISO14443_B_MASK; 1436 1437 return 0; 1438} 1439 1440static int pn533_target_found(struct pn533 *dev, u8 tg, u8 *tgdata, 1441 int tgdata_len) 1442{ 1443 struct nfc_target nfc_tgt; 1444 int rc; 1445 1446 dev_dbg(&dev->interface->dev, "%s: modulation=%d\n", 1447 __func__, dev->poll_mod_curr); 1448 1449 if (tg != 1) 1450 return -EPROTO; 1451 1452 memset(&nfc_tgt, 0, sizeof(struct nfc_target)); 1453 1454 switch (dev->poll_mod_curr) { 1455 case PN533_POLL_MOD_106KBPS_A: 1456 rc = pn533_target_found_type_a(&nfc_tgt, tgdata, tgdata_len); 1457 break; 1458 case PN533_POLL_MOD_212KBPS_FELICA: 1459 case PN533_POLL_MOD_424KBPS_FELICA: 1460 rc = pn533_target_found_felica(&nfc_tgt, tgdata, tgdata_len); 1461 break; 1462 case PN533_POLL_MOD_106KBPS_JEWEL: 1463 rc = pn533_target_found_jewel(&nfc_tgt, tgdata, tgdata_len); 1464 break; 1465 case PN533_POLL_MOD_847KBPS_B: 1466 rc = pn533_target_found_type_b(&nfc_tgt, tgdata, tgdata_len); 1467 break; 1468 default: 1469 nfc_err(&dev->interface->dev, 1470 "Unknown current poll modulation\n"); 1471 return -EPROTO; 1472 } 1473 1474 if (rc) 1475 return rc; 1476 1477 if (!(nfc_tgt.supported_protocols & dev->poll_protocols)) { 1478 dev_dbg(&dev->interface->dev, 1479 "The Tg found doesn't have the desired protocol\n"); 1480 return -EAGAIN; 1481 } 1482 1483 dev_dbg(&dev->interface->dev, 1484 "Target found - supported protocols: 0x%x\n", 1485 nfc_tgt.supported_protocols); 1486 1487 dev->tgt_available_prots = nfc_tgt.supported_protocols; 1488 1489 nfc_targets_found(dev->nfc_dev, &nfc_tgt, 1); 1490 1491 return 0; 1492} 1493 1494static inline void pn533_poll_next_mod(struct pn533 *dev) 1495{ 1496 dev->poll_mod_curr = (dev->poll_mod_curr + 1) % dev->poll_mod_count; 1497} 1498 1499static void pn533_poll_reset_mod_list(struct pn533 *dev) 1500{ 1501 dev->poll_mod_count = 0; 1502} 1503 1504static void pn533_poll_add_mod(struct pn533 *dev, u8 mod_index) 1505{ 1506 dev->poll_mod_active[dev->poll_mod_count] = 1507 (struct pn533_poll_modulations *)&poll_mod[mod_index]; 1508 dev->poll_mod_count++; 1509} 1510 1511static void pn533_poll_create_mod_list(struct pn533 *dev, 1512 u32 im_protocols, u32 tm_protocols) 1513{ 1514 pn533_poll_reset_mod_list(dev); 1515 1516 if ((im_protocols & NFC_PROTO_MIFARE_MASK) || 1517 (im_protocols & NFC_PROTO_ISO14443_MASK) || 1518 (im_protocols & NFC_PROTO_NFC_DEP_MASK)) 1519 pn533_poll_add_mod(dev, PN533_POLL_MOD_106KBPS_A); 1520 1521 if (im_protocols & NFC_PROTO_FELICA_MASK || 1522 im_protocols & NFC_PROTO_NFC_DEP_MASK) { 1523 pn533_poll_add_mod(dev, PN533_POLL_MOD_212KBPS_FELICA); 1524 pn533_poll_add_mod(dev, PN533_POLL_MOD_424KBPS_FELICA); 1525 } 1526 1527 if (im_protocols & NFC_PROTO_JEWEL_MASK) 1528 pn533_poll_add_mod(dev, PN533_POLL_MOD_106KBPS_JEWEL); 1529 1530 if (im_protocols & NFC_PROTO_ISO14443_B_MASK) 1531 pn533_poll_add_mod(dev, PN533_POLL_MOD_847KBPS_B); 1532 1533 if (tm_protocols) 1534 pn533_poll_add_mod(dev, PN533_LISTEN_MOD); 1535} 1536 1537static int pn533_start_poll_complete(struct pn533 *dev, struct sk_buff *resp) 1538{ 1539 u8 nbtg, tg, *tgdata; 1540 int rc, tgdata_len; 1541 1542 /* Toggle the DEP polling */ 1543 dev->poll_dep = 1; 1544 1545 nbtg = resp->data[0]; 1546 tg = resp->data[1]; 1547 tgdata = &resp->data[2]; 1548 tgdata_len = resp->len - 2; /* nbtg + tg */ 1549 1550 if (nbtg) { 1551 rc = pn533_target_found(dev, tg, tgdata, tgdata_len); 1552 1553 /* We must stop the poll after a valid target found */ 1554 if (rc == 0) { 1555 pn533_poll_reset_mod_list(dev); 1556 return 0; 1557 } 1558 } 1559 1560 return -EAGAIN; 1561} 1562 1563static struct sk_buff *pn533_alloc_poll_tg_frame(struct pn533 *dev) 1564{ 1565 struct sk_buff *skb; 1566 u8 *felica, *nfcid3, *gb; 1567 1568 u8 *gbytes = dev->gb; 1569 size_t gbytes_len = dev->gb_len; 1570 1571 u8 felica_params[18] = {0x1, 0xfe, /* DEP */ 1572 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, /* random */ 1573 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 1574 0xff, 0xff}; /* System code */ 1575 1576 u8 mifare_params[6] = {0x1, 0x1, /* SENS_RES */ 1577 0x0, 0x0, 0x0, 1578 0x40}; /* SEL_RES for DEP */ 1579 1580 unsigned int skb_len = 36 + /* mode (1), mifare (6), 1581 felica (18), nfcid3 (10), gb_len (1) */ 1582 gbytes_len + 1583 1; /* len Tk*/ 1584 1585 skb = pn533_alloc_skb(dev, skb_len); 1586 if (!skb) 1587 return NULL; 1588 1589 /* DEP support only */ 1590 *skb_put(skb, 1) = PN533_INIT_TARGET_DEP; 1591 1592 /* MIFARE params */ 1593 memcpy(skb_put(skb, 6), mifare_params, 6); 1594 1595 /* Felica params */ 1596 felica = skb_put(skb, 18); 1597 memcpy(felica, felica_params, 18); 1598 get_random_bytes(felica + 2, 6); 1599 1600 /* NFCID3 */ 1601 nfcid3 = skb_put(skb, 10); 1602 memset(nfcid3, 0, 10); 1603 memcpy(nfcid3, felica, 8); 1604 1605 /* General bytes */ 1606 *skb_put(skb, 1) = gbytes_len; 1607 1608 gb = skb_put(skb, gbytes_len); 1609 memcpy(gb, gbytes, gbytes_len); 1610 1611 /* Len Tk */ 1612 *skb_put(skb, 1) = 0; 1613 1614 return skb; 1615} 1616 1617#define PN533_CMD_DATAEXCH_HEAD_LEN 1 1618#define PN533_CMD_DATAEXCH_DATA_MAXLEN 262 1619static void pn533_wq_tm_mi_recv(struct work_struct *work); 1620static struct sk_buff *pn533_build_response(struct pn533 *dev); 1621 1622static int pn533_tm_get_data_complete(struct pn533 *dev, void *arg, 1623 struct sk_buff *resp) 1624{ 1625 struct sk_buff *skb; 1626 u8 status, ret, mi; 1627 int rc; 1628 1629 dev_dbg(&dev->interface->dev, "%s\n", __func__); 1630 1631 if (IS_ERR(resp)) { 1632 skb_queue_purge(&dev->resp_q); 1633 return PTR_ERR(resp); 1634 } 1635 1636 status = resp->data[0]; 1637 1638 ret = status & PN533_CMD_RET_MASK; 1639 mi = status & PN533_CMD_MI_MASK; 1640 1641 skb_pull(resp, sizeof(status)); 1642 1643 if (ret != PN533_CMD_RET_SUCCESS) { 1644 rc = -EIO; 1645 goto error; 1646 } 1647 1648 skb_queue_tail(&dev->resp_q, resp); 1649 1650 if (mi) { 1651 queue_work(dev->wq, &dev->mi_tm_rx_work); 1652 return -EINPROGRESS; 1653 } 1654 1655 skb = pn533_build_response(dev); 1656 if (!skb) { 1657 rc = -EIO; 1658 goto error; 1659 } 1660 1661 return nfc_tm_data_received(dev->nfc_dev, skb); 1662 1663error: 1664 nfc_tm_deactivated(dev->nfc_dev); 1665 dev->tgt_mode = 0; 1666 skb_queue_purge(&dev->resp_q); 1667 dev_kfree_skb(resp); 1668 1669 return rc; 1670} 1671 1672static void pn533_wq_tm_mi_recv(struct work_struct *work) 1673{ 1674 struct pn533 *dev = container_of(work, struct pn533, mi_tm_rx_work); 1675 struct sk_buff *skb; 1676 int rc; 1677 1678 dev_dbg(&dev->interface->dev, "%s\n", __func__); 1679 1680 skb = pn533_alloc_skb(dev, 0); 1681 if (!skb) 1682 return; 1683 1684 rc = pn533_send_cmd_direct_async(dev, 1685 PN533_CMD_TG_GET_DATA, 1686 skb, 1687 pn533_tm_get_data_complete, 1688 NULL); 1689 1690 if (rc < 0) 1691 dev_kfree_skb(skb); 1692 1693 return; 1694} 1695 1696static int pn533_tm_send_complete(struct pn533 *dev, void *arg, 1697 struct sk_buff *resp); 1698static void pn533_wq_tm_mi_send(struct work_struct *work) 1699{ 1700 struct pn533 *dev = container_of(work, struct pn533, mi_tm_tx_work); 1701 struct sk_buff *skb; 1702 int rc; 1703 1704 dev_dbg(&dev->interface->dev, "%s\n", __func__); 1705 1706 /* Grab the first skb in the queue */ 1707 skb = skb_dequeue(&dev->fragment_skb); 1708 if (skb == NULL) { /* No more data */ 1709 /* Reset the queue for future use */ 1710 skb_queue_head_init(&dev->fragment_skb); 1711 goto error; 1712 } 1713 1714 /* last entry - remove MI bit */ 1715 if (skb_queue_len(&dev->fragment_skb) == 0) { 1716 rc = pn533_send_cmd_direct_async(dev, PN533_CMD_TG_SET_DATA, 1717 skb, pn533_tm_send_complete, NULL); 1718 } else 1719 rc = pn533_send_cmd_direct_async(dev, 1720 PN533_CMD_TG_SET_META_DATA, 1721 skb, pn533_tm_send_complete, NULL); 1722 1723 if (rc == 0) /* success */ 1724 return; 1725 1726 dev_err(&dev->interface->dev, 1727 "Error %d when trying to perform set meta data_exchange", rc); 1728 1729 dev_kfree_skb(skb); 1730 1731error: 1732 pn533_send_ack(dev, GFP_KERNEL); 1733 queue_work(dev->wq, &dev->cmd_work); 1734} 1735 1736static void pn533_wq_tg_get_data(struct work_struct *work) 1737{ 1738 struct pn533 *dev = container_of(work, struct pn533, tg_work); 1739 struct sk_buff *skb; 1740 int rc; 1741 1742 dev_dbg(&dev->interface->dev, "%s\n", __func__); 1743 1744 skb = pn533_alloc_skb(dev, 0); 1745 if (!skb) 1746 return; 1747 1748 rc = pn533_send_data_async(dev, PN533_CMD_TG_GET_DATA, skb, 1749 pn533_tm_get_data_complete, NULL); 1750 1751 if (rc < 0) 1752 dev_kfree_skb(skb); 1753 1754 return; 1755} 1756 1757#define ATR_REQ_GB_OFFSET 17 1758static int pn533_init_target_complete(struct pn533 *dev, struct sk_buff *resp) 1759{ 1760 u8 mode, *cmd, comm_mode = NFC_COMM_PASSIVE, *gb; 1761 size_t gb_len; 1762 int rc; 1763 1764 dev_dbg(&dev->interface->dev, "%s\n", __func__); 1765 1766 if (resp->len < ATR_REQ_GB_OFFSET + 1) 1767 return -EINVAL; 1768 1769 mode = resp->data[0]; 1770 cmd = &resp->data[1]; 1771 1772 dev_dbg(&dev->interface->dev, "Target mode 0x%x len %d\n", 1773 mode, resp->len); 1774 1775 if ((mode & PN533_INIT_TARGET_RESP_FRAME_MASK) == 1776 PN533_INIT_TARGET_RESP_ACTIVE) 1777 comm_mode = NFC_COMM_ACTIVE; 1778 1779 if ((mode & PN533_INIT_TARGET_RESP_DEP) == 0) /* Only DEP supported */ 1780 return -EOPNOTSUPP; 1781 1782 gb = cmd + ATR_REQ_GB_OFFSET; 1783 gb_len = resp->len - (ATR_REQ_GB_OFFSET + 1); 1784 1785 rc = nfc_tm_activated(dev->nfc_dev, NFC_PROTO_NFC_DEP_MASK, 1786 comm_mode, gb, gb_len); 1787 if (rc < 0) { 1788 nfc_err(&dev->interface->dev, 1789 "Error when signaling target activation\n"); 1790 return rc; 1791 } 1792 1793 dev->tgt_mode = 1; 1794 queue_work(dev->wq, &dev->tg_work); 1795 1796 return 0; 1797} 1798 1799static void pn533_listen_mode_timer(unsigned long data) 1800{ 1801 struct pn533 *dev = (struct pn533 *)data; 1802 1803 dev_dbg(&dev->interface->dev, "Listen mode timeout\n"); 1804 1805 dev->cancel_listen = 1; 1806 1807 pn533_poll_next_mod(dev); 1808 1809 queue_delayed_work(dev->wq, &dev->poll_work, 1810 msecs_to_jiffies(PN533_POLL_INTERVAL)); 1811} 1812 1813static int pn533_rf_complete(struct pn533 *dev, void *arg, 1814 struct sk_buff *resp) 1815{ 1816 int rc = 0; 1817 1818 dev_dbg(&dev->interface->dev, "%s\n", __func__); 1819 1820 if (IS_ERR(resp)) { 1821 rc = PTR_ERR(resp); 1822 1823 nfc_err(&dev->interface->dev, "RF setting error %d\n", rc); 1824 1825 return rc; 1826 } 1827 1828 queue_delayed_work(dev->wq, &dev->poll_work, 1829 msecs_to_jiffies(PN533_POLL_INTERVAL)); 1830 1831 dev_kfree_skb(resp); 1832 return rc; 1833} 1834 1835static void pn533_wq_rf(struct work_struct *work) 1836{ 1837 struct pn533 *dev = container_of(work, struct pn533, rf_work); 1838 struct sk_buff *skb; 1839 int rc; 1840 1841 dev_dbg(&dev->interface->dev, "%s\n", __func__); 1842 1843 skb = pn533_alloc_skb(dev, 2); 1844 if (!skb) 1845 return; 1846 1847 *skb_put(skb, 1) = PN533_CFGITEM_RF_FIELD; 1848 *skb_put(skb, 1) = PN533_CFGITEM_RF_FIELD_AUTO_RFCA; 1849 1850 rc = pn533_send_cmd_async(dev, PN533_CMD_RF_CONFIGURATION, skb, 1851 pn533_rf_complete, NULL); 1852 if (rc < 0) { 1853 dev_kfree_skb(skb); 1854 nfc_err(&dev->interface->dev, "RF setting error %d\n", rc); 1855 } 1856 1857 return; 1858} 1859 1860static int pn533_poll_dep_complete(struct pn533 *dev, void *arg, 1861 struct sk_buff *resp) 1862{ 1863 struct pn533_cmd_jump_dep_response *rsp; 1864 struct nfc_target nfc_target; 1865 u8 target_gt_len; 1866 int rc; 1867 1868 if (IS_ERR(resp)) 1869 return PTR_ERR(resp); 1870 1871 rsp = (struct pn533_cmd_jump_dep_response *)resp->data; 1872 1873 rc = rsp->status & PN533_CMD_RET_MASK; 1874 if (rc != PN533_CMD_RET_SUCCESS) { 1875 /* Not target found, turn radio off */ 1876 queue_work(dev->wq, &dev->rf_work); 1877 1878 dev_kfree_skb(resp); 1879 return 0; 1880 } 1881 1882 dev_dbg(&dev->interface->dev, "Creating new target"); 1883 1884 nfc_target.supported_protocols = NFC_PROTO_NFC_DEP_MASK; 1885 nfc_target.nfcid1_len = 10; 1886 memcpy(nfc_target.nfcid1, rsp->nfcid3t, nfc_target.nfcid1_len); 1887 rc = nfc_targets_found(dev->nfc_dev, &nfc_target, 1); 1888 if (rc) 1889 goto error; 1890 1891 dev->tgt_available_prots = 0; 1892 dev->tgt_active_prot = NFC_PROTO_NFC_DEP; 1893 1894 /* ATR_RES general bytes are located at offset 17 */ 1895 target_gt_len = resp->len - 17; 1896 rc = nfc_set_remote_general_bytes(dev->nfc_dev, 1897 rsp->gt, target_gt_len); 1898 if (!rc) { 1899 rc = nfc_dep_link_is_up(dev->nfc_dev, 1900 dev->nfc_dev->targets[0].idx, 1901 0, NFC_RF_INITIATOR); 1902 1903 if (!rc) 1904 pn533_poll_reset_mod_list(dev); 1905 } 1906error: 1907 dev_kfree_skb(resp); 1908 return rc; 1909} 1910 1911#define PASSIVE_DATA_LEN 5 1912static int pn533_poll_dep(struct nfc_dev *nfc_dev) 1913{ 1914 struct pn533 *dev = nfc_get_drvdata(nfc_dev); 1915 struct sk_buff *skb; 1916 int rc, skb_len; 1917 u8 *next, nfcid3[NFC_NFCID3_MAXSIZE]; 1918 u8 passive_data[PASSIVE_DATA_LEN] = {0x00, 0xff, 0xff, 0x00, 0x3}; 1919 1920 dev_dbg(&dev->interface->dev, "%s", __func__); 1921 1922 if (!dev->gb) { 1923 dev->gb = nfc_get_local_general_bytes(nfc_dev, &dev->gb_len); 1924 1925 if (!dev->gb || !dev->gb_len) { 1926 dev->poll_dep = 0; 1927 queue_work(dev->wq, &dev->rf_work); 1928 } 1929 } 1930 1931 skb_len = 3 + dev->gb_len; /* ActPass + BR + Next */ 1932 skb_len += PASSIVE_DATA_LEN; 1933 1934 /* NFCID3 */ 1935 skb_len += NFC_NFCID3_MAXSIZE; 1936 nfcid3[0] = 0x1; 1937 nfcid3[1] = 0xfe; 1938 get_random_bytes(nfcid3 + 2, 6); 1939 1940 skb = pn533_alloc_skb(dev, skb_len); 1941 if (!skb) 1942 return -ENOMEM; 1943 1944 *skb_put(skb, 1) = 0x01; /* Active */ 1945 *skb_put(skb, 1) = 0x02; /* 424 kbps */ 1946 1947 next = skb_put(skb, 1); /* Next */ 1948 *next = 0; 1949 1950 /* Copy passive data */ 1951 memcpy(skb_put(skb, PASSIVE_DATA_LEN), passive_data, PASSIVE_DATA_LEN); 1952 *next |= 1; 1953 1954 /* Copy NFCID3 (which is NFCID2 from SENSF_RES) */ 1955 memcpy(skb_put(skb, NFC_NFCID3_MAXSIZE), nfcid3, 1956 NFC_NFCID3_MAXSIZE); 1957 *next |= 2; 1958 1959 memcpy(skb_put(skb, dev->gb_len), dev->gb, dev->gb_len); 1960 *next |= 4; /* We have some Gi */ 1961 1962 rc = pn533_send_cmd_async(dev, PN533_CMD_IN_JUMP_FOR_DEP, skb, 1963 pn533_poll_dep_complete, NULL); 1964 1965 if (rc < 0) 1966 dev_kfree_skb(skb); 1967 1968 return rc; 1969} 1970 1971static int pn533_poll_complete(struct pn533 *dev, void *arg, 1972 struct sk_buff *resp) 1973{ 1974 struct pn533_poll_modulations *cur_mod; 1975 int rc; 1976 1977 dev_dbg(&dev->interface->dev, "%s\n", __func__); 1978 1979 if (IS_ERR(resp)) { 1980 rc = PTR_ERR(resp); 1981 1982 nfc_err(&dev->interface->dev, "%s Poll complete error %d\n", 1983 __func__, rc); 1984 1985 if (rc == -ENOENT) { 1986 if (dev->poll_mod_count != 0) 1987 return rc; 1988 else 1989 goto stop_poll; 1990 } else if (rc < 0) { 1991 nfc_err(&dev->interface->dev, 1992 "Error %d when running poll\n", rc); 1993 goto stop_poll; 1994 } 1995 } 1996 1997 cur_mod = dev->poll_mod_active[dev->poll_mod_curr]; 1998 1999 if (cur_mod->len == 0) { /* Target mode */ 2000 del_timer(&dev->listen_timer); 2001 rc = pn533_init_target_complete(dev, resp); 2002 goto done; 2003 } 2004 2005 /* Initiator mode */ 2006 rc = pn533_start_poll_complete(dev, resp); 2007 if (!rc) 2008 goto done; 2009 2010 if (!dev->poll_mod_count) { 2011 dev_dbg(&dev->interface->dev, "Polling has been stopped\n"); 2012 goto done; 2013 } 2014 2015 pn533_poll_next_mod(dev); 2016 /* Not target found, turn radio off */ 2017 queue_work(dev->wq, &dev->rf_work); 2018 2019done: 2020 dev_kfree_skb(resp); 2021 return rc; 2022 2023stop_poll: 2024 nfc_err(&dev->interface->dev, "Polling operation has been stopped\n"); 2025 2026 pn533_poll_reset_mod_list(dev); 2027 dev->poll_protocols = 0; 2028 return rc; 2029} 2030 2031static struct sk_buff *pn533_alloc_poll_in_frame(struct pn533 *dev, 2032 struct pn533_poll_modulations *mod) 2033{ 2034 struct sk_buff *skb; 2035 2036 skb = pn533_alloc_skb(dev, mod->len); 2037 if (!skb) 2038 return NULL; 2039 2040 memcpy(skb_put(skb, mod->len), &mod->data, mod->len); 2041 2042 return skb; 2043} 2044 2045static int pn533_send_poll_frame(struct pn533 *dev) 2046{ 2047 struct pn533_poll_modulations *mod; 2048 struct sk_buff *skb; 2049 int rc; 2050 u8 cmd_code; 2051 2052 mod = dev->poll_mod_active[dev->poll_mod_curr]; 2053 2054 dev_dbg(&dev->interface->dev, "%s mod len %d\n", 2055 __func__, mod->len); 2056 2057 if (dev->poll_dep) { 2058 dev->poll_dep = 0; 2059 return pn533_poll_dep(dev->nfc_dev); 2060 } 2061 2062 if (mod->len == 0) { /* Listen mode */ 2063 cmd_code = PN533_CMD_TG_INIT_AS_TARGET; 2064 skb = pn533_alloc_poll_tg_frame(dev); 2065 } else { /* Polling mode */ 2066 cmd_code = PN533_CMD_IN_LIST_PASSIVE_TARGET; 2067 skb = pn533_alloc_poll_in_frame(dev, mod); 2068 } 2069 2070 if (!skb) { 2071 nfc_err(&dev->interface->dev, "Failed to allocate skb\n"); 2072 return -ENOMEM; 2073 } 2074 2075 rc = pn533_send_cmd_async(dev, cmd_code, skb, pn533_poll_complete, 2076 NULL); 2077 if (rc < 0) { 2078 dev_kfree_skb(skb); 2079 nfc_err(&dev->interface->dev, "Polling loop error %d\n", rc); 2080 } 2081 2082 return rc; 2083} 2084 2085static void pn533_wq_poll(struct work_struct *work) 2086{ 2087 struct pn533 *dev = container_of(work, struct pn533, poll_work.work); 2088 struct pn533_poll_modulations *cur_mod; 2089 int rc; 2090 2091 cur_mod = dev->poll_mod_active[dev->poll_mod_curr]; 2092 2093 dev_dbg(&dev->interface->dev, 2094 "%s cancel_listen %d modulation len %d\n", 2095 __func__, dev->cancel_listen, cur_mod->len); 2096 2097 if (dev->cancel_listen == 1) { 2098 dev->cancel_listen = 0; 2099 pn533_abort_cmd(dev, GFP_ATOMIC); 2100 } 2101 2102 rc = pn533_send_poll_frame(dev); 2103 if (rc) 2104 return; 2105 2106 if (cur_mod->len == 0 && dev->poll_mod_count > 1) 2107 mod_timer(&dev->listen_timer, jiffies + PN533_LISTEN_TIME * HZ); 2108 2109 return; 2110} 2111 2112static int pn533_start_poll(struct nfc_dev *nfc_dev, 2113 u32 im_protocols, u32 tm_protocols) 2114{ 2115 struct pn533 *dev = nfc_get_drvdata(nfc_dev); 2116 struct pn533_poll_modulations *cur_mod; 2117 u8 rand_mod; 2118 int rc; 2119 2120 dev_dbg(&dev->interface->dev, 2121 "%s: im protocols 0x%x tm protocols 0x%x\n", 2122 __func__, im_protocols, tm_protocols); 2123 2124 if (dev->tgt_active_prot) { 2125 nfc_err(&dev->interface->dev, 2126 "Cannot poll with a target already activated\n"); 2127 return -EBUSY; 2128 } 2129 2130 if (dev->tgt_mode) { 2131 nfc_err(&dev->interface->dev, 2132 "Cannot poll while already being activated\n"); 2133 return -EBUSY; 2134 } 2135 2136 if (tm_protocols) { 2137 dev->gb = nfc_get_local_general_bytes(nfc_dev, &dev->gb_len); 2138 if (dev->gb == NULL) 2139 tm_protocols = 0; 2140 } 2141 2142 pn533_poll_create_mod_list(dev, im_protocols, tm_protocols); 2143 dev->poll_protocols = im_protocols; 2144 dev->listen_protocols = tm_protocols; 2145 2146 /* Do not always start polling from the same modulation */ 2147 get_random_bytes(&rand_mod, sizeof(rand_mod)); 2148 rand_mod %= dev->poll_mod_count; 2149 dev->poll_mod_curr = rand_mod; 2150 2151 cur_mod = dev->poll_mod_active[dev->poll_mod_curr]; 2152 2153 rc = pn533_send_poll_frame(dev); 2154 2155 /* Start listen timer */ 2156 if (!rc && cur_mod->len == 0 && dev->poll_mod_count > 1) 2157 mod_timer(&dev->listen_timer, jiffies + PN533_LISTEN_TIME * HZ); 2158 2159 return rc; 2160} 2161 2162static void pn533_stop_poll(struct nfc_dev *nfc_dev) 2163{ 2164 struct pn533 *dev = nfc_get_drvdata(nfc_dev); 2165 2166 del_timer(&dev->listen_timer); 2167 2168 if (!dev->poll_mod_count) { 2169 dev_dbg(&dev->interface->dev, 2170 "Polling operation was not running\n"); 2171 return; 2172 } 2173 2174 pn533_abort_cmd(dev, GFP_KERNEL); 2175 flush_delayed_work(&dev->poll_work); 2176 pn533_poll_reset_mod_list(dev); 2177} 2178 2179static int pn533_activate_target_nfcdep(struct pn533 *dev) 2180{ 2181 struct pn533_cmd_activate_response *rsp; 2182 u16 gt_len; 2183 int rc; 2184 struct sk_buff *skb; 2185 struct sk_buff *resp; 2186 2187 dev_dbg(&dev->interface->dev, "%s\n", __func__); 2188 2189 skb = pn533_alloc_skb(dev, sizeof(u8) * 2); /*TG + Next*/ 2190 if (!skb) 2191 return -ENOMEM; 2192 2193 *skb_put(skb, sizeof(u8)) = 1; /* TG */ 2194 *skb_put(skb, sizeof(u8)) = 0; /* Next */ 2195 2196 resp = pn533_send_cmd_sync(dev, PN533_CMD_IN_ATR, skb); 2197 if (IS_ERR(resp)) 2198 return PTR_ERR(resp); 2199 2200 rsp = (struct pn533_cmd_activate_response *)resp->data; 2201 rc = rsp->status & PN533_CMD_RET_MASK; 2202 if (rc != PN533_CMD_RET_SUCCESS) { 2203 nfc_err(&dev->interface->dev, 2204 "Target activation failed (error 0x%x)\n", rc); 2205 dev_kfree_skb(resp); 2206 return -EIO; 2207 } 2208 2209 /* ATR_RES general bytes are located at offset 16 */ 2210 gt_len = resp->len - 16; 2211 rc = nfc_set_remote_general_bytes(dev->nfc_dev, rsp->gt, gt_len); 2212 2213 dev_kfree_skb(resp); 2214 return rc; 2215} 2216 2217static int pn533_activate_target(struct nfc_dev *nfc_dev, 2218 struct nfc_target *target, u32 protocol) 2219{ 2220 struct pn533 *dev = nfc_get_drvdata(nfc_dev); 2221 int rc; 2222 2223 dev_dbg(&dev->interface->dev, "%s: protocol=%u\n", __func__, protocol); 2224 2225 if (dev->poll_mod_count) { 2226 nfc_err(&dev->interface->dev, 2227 "Cannot activate while polling\n"); 2228 return -EBUSY; 2229 } 2230 2231 if (dev->tgt_active_prot) { 2232 nfc_err(&dev->interface->dev, 2233 "There is already an active target\n"); 2234 return -EBUSY; 2235 } 2236 2237 if (!dev->tgt_available_prots) { 2238 nfc_err(&dev->interface->dev, 2239 "There is no available target to activate\n"); 2240 return -EINVAL; 2241 } 2242 2243 if (!(dev->tgt_available_prots & (1 << protocol))) { 2244 nfc_err(&dev->interface->dev, 2245 "Target doesn't support requested proto %u\n", 2246 protocol); 2247 return -EINVAL; 2248 } 2249 2250 if (protocol == NFC_PROTO_NFC_DEP) { 2251 rc = pn533_activate_target_nfcdep(dev); 2252 if (rc) { 2253 nfc_err(&dev->interface->dev, 2254 "Activating target with DEP failed %d\n", rc); 2255 return rc; 2256 } 2257 } 2258 2259 dev->tgt_active_prot = protocol; 2260 dev->tgt_available_prots = 0; 2261 2262 return 0; 2263} 2264 2265static void pn533_deactivate_target(struct nfc_dev *nfc_dev, 2266 struct nfc_target *target) 2267{ 2268 struct pn533 *dev = nfc_get_drvdata(nfc_dev); 2269 struct sk_buff *skb; 2270 struct sk_buff *resp; 2271 int rc; 2272 2273 dev_dbg(&dev->interface->dev, "%s\n", __func__); 2274 2275 if (!dev->tgt_active_prot) { 2276 nfc_err(&dev->interface->dev, "There is no active target\n"); 2277 return; 2278 } 2279 2280 dev->tgt_active_prot = 0; 2281 skb_queue_purge(&dev->resp_q); 2282 2283 skb = pn533_alloc_skb(dev, sizeof(u8)); 2284 if (!skb) 2285 return; 2286 2287 *skb_put(skb, 1) = 1; /* TG*/ 2288 2289 resp = pn533_send_cmd_sync(dev, PN533_CMD_IN_RELEASE, skb); 2290 if (IS_ERR(resp)) 2291 return; 2292 2293 rc = resp->data[0] & PN533_CMD_RET_MASK; 2294 if (rc != PN533_CMD_RET_SUCCESS) 2295 nfc_err(&dev->interface->dev, 2296 "Error 0x%x when releasing the target\n", rc); 2297 2298 dev_kfree_skb(resp); 2299 return; 2300} 2301 2302 2303static int pn533_in_dep_link_up_complete(struct pn533 *dev, void *arg, 2304 struct sk_buff *resp) 2305{ 2306 struct pn533_cmd_jump_dep_response *rsp; 2307 u8 target_gt_len; 2308 int rc; 2309 u8 active = *(u8 *)arg; 2310 2311 kfree(arg); 2312 2313 if (IS_ERR(resp)) 2314 return PTR_ERR(resp); 2315 2316 if (dev->tgt_available_prots && 2317 !(dev->tgt_available_prots & (1 << NFC_PROTO_NFC_DEP))) { 2318 nfc_err(&dev->interface->dev, 2319 "The target does not support DEP\n"); 2320 rc = -EINVAL; 2321 goto error; 2322 } 2323 2324 rsp = (struct pn533_cmd_jump_dep_response *)resp->data; 2325 2326 rc = rsp->status & PN533_CMD_RET_MASK; 2327 if (rc != PN533_CMD_RET_SUCCESS) { 2328 nfc_err(&dev->interface->dev, 2329 "Bringing DEP link up failed (error 0x%x)\n", rc); 2330 goto error; 2331 } 2332 2333 if (!dev->tgt_available_prots) { 2334 struct nfc_target nfc_target; 2335 2336 dev_dbg(&dev->interface->dev, "Creating new target\n"); 2337 2338 nfc_target.supported_protocols = NFC_PROTO_NFC_DEP_MASK; 2339 nfc_target.nfcid1_len = 10; 2340 memcpy(nfc_target.nfcid1, rsp->nfcid3t, nfc_target.nfcid1_len); 2341 rc = nfc_targets_found(dev->nfc_dev, &nfc_target, 1); 2342 if (rc) 2343 goto error; 2344 2345 dev->tgt_available_prots = 0; 2346 } 2347 2348 dev->tgt_active_prot = NFC_PROTO_NFC_DEP; 2349 2350 /* ATR_RES general bytes are located at offset 17 */ 2351 target_gt_len = resp->len - 17; 2352 rc = nfc_set_remote_general_bytes(dev->nfc_dev, 2353 rsp->gt, target_gt_len); 2354 if (rc == 0) 2355 rc = nfc_dep_link_is_up(dev->nfc_dev, 2356 dev->nfc_dev->targets[0].idx, 2357 !active, NFC_RF_INITIATOR); 2358 2359error: 2360 dev_kfree_skb(resp); 2361 return rc; 2362} 2363 2364static int pn533_rf_field(struct nfc_dev *nfc_dev, u8 rf); 2365static int pn533_dep_link_up(struct nfc_dev *nfc_dev, struct nfc_target *target, 2366 u8 comm_mode, u8 *gb, size_t gb_len) 2367{ 2368 struct pn533 *dev = nfc_get_drvdata(nfc_dev); 2369 struct sk_buff *skb; 2370 int rc, skb_len; 2371 u8 *next, *arg, nfcid3[NFC_NFCID3_MAXSIZE]; 2372 u8 passive_data[PASSIVE_DATA_LEN] = {0x00, 0xff, 0xff, 0x00, 0x3}; 2373 2374 dev_dbg(&dev->interface->dev, "%s\n", __func__); 2375 2376 if (dev->poll_mod_count) { 2377 nfc_err(&dev->interface->dev, 2378 "Cannot bring the DEP link up while polling\n"); 2379 return -EBUSY; 2380 } 2381 2382 if (dev->tgt_active_prot) { 2383 nfc_err(&dev->interface->dev, 2384 "There is already an active target\n"); 2385 return -EBUSY; 2386 } 2387 2388 skb_len = 3 + gb_len; /* ActPass + BR + Next */ 2389 skb_len += PASSIVE_DATA_LEN; 2390 2391 /* NFCID3 */ 2392 skb_len += NFC_NFCID3_MAXSIZE; 2393 if (target && !target->nfcid2_len) { 2394 nfcid3[0] = 0x1; 2395 nfcid3[1] = 0xfe; 2396 get_random_bytes(nfcid3 + 2, 6); 2397 } 2398 2399 skb = pn533_alloc_skb(dev, skb_len); 2400 if (!skb) 2401 return -ENOMEM; 2402 2403 *skb_put(skb, 1) = !comm_mode; /* ActPass */ 2404 *skb_put(skb, 1) = 0x02; /* 424 kbps */ 2405 2406 next = skb_put(skb, 1); /* Next */ 2407 *next = 0; 2408 2409 /* Copy passive data */ 2410 memcpy(skb_put(skb, PASSIVE_DATA_LEN), passive_data, PASSIVE_DATA_LEN); 2411 *next |= 1; 2412 2413 /* Copy NFCID3 (which is NFCID2 from SENSF_RES) */ 2414 if (target && target->nfcid2_len) 2415 memcpy(skb_put(skb, NFC_NFCID3_MAXSIZE), target->nfcid2, 2416 target->nfcid2_len); 2417 else 2418 memcpy(skb_put(skb, NFC_NFCID3_MAXSIZE), nfcid3, 2419 NFC_NFCID3_MAXSIZE); 2420 *next |= 2; 2421 2422 if (gb != NULL && gb_len > 0) { 2423 memcpy(skb_put(skb, gb_len), gb, gb_len); 2424 *next |= 4; /* We have some Gi */ 2425 } else { 2426 *next = 0; 2427 } 2428 2429 arg = kmalloc(sizeof(*arg), GFP_KERNEL); 2430 if (!arg) { 2431 dev_kfree_skb(skb); 2432 return -ENOMEM; 2433 } 2434 2435 *arg = !comm_mode; 2436 2437 pn533_rf_field(dev->nfc_dev, 0); 2438 2439 rc = pn533_send_cmd_async(dev, PN533_CMD_IN_JUMP_FOR_DEP, skb, 2440 pn533_in_dep_link_up_complete, arg); 2441 2442 if (rc < 0) { 2443 dev_kfree_skb(skb); 2444 kfree(arg); 2445 } 2446 2447 return rc; 2448} 2449 2450static int pn533_dep_link_down(struct nfc_dev *nfc_dev) 2451{ 2452 struct pn533 *dev = nfc_get_drvdata(nfc_dev); 2453 2454 dev_dbg(&dev->interface->dev, "%s\n", __func__); 2455 2456 pn533_poll_reset_mod_list(dev); 2457 2458 if (dev->tgt_mode || dev->tgt_active_prot) 2459 pn533_abort_cmd(dev, GFP_KERNEL); 2460 2461 dev->tgt_active_prot = 0; 2462 dev->tgt_mode = 0; 2463 2464 skb_queue_purge(&dev->resp_q); 2465 2466 return 0; 2467} 2468 2469struct pn533_data_exchange_arg { 2470 data_exchange_cb_t cb; 2471 void *cb_context; 2472}; 2473 2474static struct sk_buff *pn533_build_response(struct pn533 *dev) 2475{ 2476 struct sk_buff *skb, *tmp, *t; 2477 unsigned int skb_len = 0, tmp_len = 0; 2478 2479 dev_dbg(&dev->interface->dev, "%s\n", __func__); 2480 2481 if (skb_queue_empty(&dev->resp_q)) 2482 return NULL; 2483 2484 if (skb_queue_len(&dev->resp_q) == 1) { 2485 skb = skb_dequeue(&dev->resp_q); 2486 goto out; 2487 } 2488 2489 skb_queue_walk_safe(&dev->resp_q, tmp, t) 2490 skb_len += tmp->len; 2491 2492 dev_dbg(&dev->interface->dev, "%s total length %d\n", 2493 __func__, skb_len); 2494 2495 skb = alloc_skb(skb_len, GFP_KERNEL); 2496 if (skb == NULL) 2497 goto out; 2498 2499 skb_put(skb, skb_len); 2500 2501 skb_queue_walk_safe(&dev->resp_q, tmp, t) { 2502 memcpy(skb->data + tmp_len, tmp->data, tmp->len); 2503 tmp_len += tmp->len; 2504 } 2505 2506out: 2507 skb_queue_purge(&dev->resp_q); 2508 2509 return skb; 2510} 2511 2512static int pn533_data_exchange_complete(struct pn533 *dev, void *_arg, 2513 struct sk_buff *resp) 2514{ 2515 struct pn533_data_exchange_arg *arg = _arg; 2516 struct sk_buff *skb; 2517 int rc = 0; 2518 u8 status, ret, mi; 2519 2520 dev_dbg(&dev->interface->dev, "%s\n", __func__); 2521 2522 if (IS_ERR(resp)) { 2523 rc = PTR_ERR(resp); 2524 goto _error; 2525 } 2526 2527 status = resp->data[0]; 2528 ret = status & PN533_CMD_RET_MASK; 2529 mi = status & PN533_CMD_MI_MASK; 2530 2531 skb_pull(resp, sizeof(status)); 2532 2533 if (ret != PN533_CMD_RET_SUCCESS) { 2534 nfc_err(&dev->interface->dev, 2535 "Exchanging data failed (error 0x%x)\n", ret); 2536 rc = -EIO; 2537 goto error; 2538 } 2539 2540 skb_queue_tail(&dev->resp_q, resp); 2541 2542 if (mi) { 2543 dev->cmd_complete_mi_arg = arg; 2544 queue_work(dev->wq, &dev->mi_rx_work); 2545 return -EINPROGRESS; 2546 } 2547 2548 /* Prepare for the next round */ 2549 if (skb_queue_len(&dev->fragment_skb) > 0) { 2550 dev->cmd_complete_dep_arg = arg; 2551 queue_work(dev->wq, &dev->mi_tx_work); 2552 2553 return -EINPROGRESS; 2554 } 2555 2556 skb = pn533_build_response(dev); 2557 if (!skb) { 2558 rc = -ENOMEM; 2559 goto error; 2560 } 2561 2562 arg->cb(arg->cb_context, skb, 0); 2563 kfree(arg); 2564 return 0; 2565 2566error: 2567 dev_kfree_skb(resp); 2568_error: 2569 skb_queue_purge(&dev->resp_q); 2570 arg->cb(arg->cb_context, NULL, rc); 2571 kfree(arg); 2572 return rc; 2573} 2574 2575/* Split the Tx skb into small chunks */ 2576static int pn533_fill_fragment_skbs(struct pn533 *dev, struct sk_buff *skb) 2577{ 2578 struct sk_buff *frag; 2579 int frag_size; 2580 2581 do { 2582 /* Remaining size */ 2583 if (skb->len > PN533_CMD_DATAFRAME_MAXLEN) 2584 frag_size = PN533_CMD_DATAFRAME_MAXLEN; 2585 else 2586 frag_size = skb->len; 2587 2588 /* Allocate and reserve */ 2589 frag = pn533_alloc_skb(dev, frag_size); 2590 if (!frag) { 2591 skb_queue_purge(&dev->fragment_skb); 2592 break; 2593 } 2594 2595 if (!dev->tgt_mode) { 2596 /* Reserve the TG/MI byte */ 2597 skb_reserve(frag, 1); 2598 2599 /* MI + TG */ 2600 if (frag_size == PN533_CMD_DATAFRAME_MAXLEN) 2601 *skb_push(frag, sizeof(u8)) = 2602 (PN533_CMD_MI_MASK | 1); 2603 else 2604 *skb_push(frag, sizeof(u8)) = 1; /* TG */ 2605 } 2606 2607 memcpy(skb_put(frag, frag_size), skb->data, frag_size); 2608 2609 /* Reduce the size of incoming buffer */ 2610 skb_pull(skb, frag_size); 2611 2612 /* Add this to skb_queue */ 2613 skb_queue_tail(&dev->fragment_skb, frag); 2614 2615 } while (skb->len > 0); 2616 2617 dev_kfree_skb(skb); 2618 2619 return skb_queue_len(&dev->fragment_skb); 2620} 2621 2622static int pn533_transceive(struct nfc_dev *nfc_dev, 2623 struct nfc_target *target, struct sk_buff *skb, 2624 data_exchange_cb_t cb, void *cb_context) 2625{ 2626 struct pn533 *dev = nfc_get_drvdata(nfc_dev); 2627 struct pn533_data_exchange_arg *arg = NULL; 2628 int rc; 2629 2630 dev_dbg(&dev->interface->dev, "%s\n", __func__); 2631 2632 if (!dev->tgt_active_prot) { 2633 nfc_err(&dev->interface->dev, 2634 "Can't exchange data if there is no active target\n"); 2635 rc = -EINVAL; 2636 goto error; 2637 } 2638 2639 arg = kmalloc(sizeof(*arg), GFP_KERNEL); 2640 if (!arg) { 2641 rc = -ENOMEM; 2642 goto error; 2643 } 2644 2645 arg->cb = cb; 2646 arg->cb_context = cb_context; 2647 2648 switch (dev->device_type) { 2649 case PN533_DEVICE_PASORI: 2650 if (dev->tgt_active_prot == NFC_PROTO_FELICA) { 2651 rc = pn533_send_data_async(dev, PN533_CMD_IN_COMM_THRU, 2652 skb, 2653 pn533_data_exchange_complete, 2654 arg); 2655 2656 break; 2657 } 2658 default: 2659 /* jumbo frame ? */ 2660 if (skb->len > PN533_CMD_DATAEXCH_DATA_MAXLEN) { 2661 rc = pn533_fill_fragment_skbs(dev, skb); 2662 if (rc <= 0) 2663 goto error; 2664 2665 skb = skb_dequeue(&dev->fragment_skb); 2666 if (!skb) { 2667 rc = -EIO; 2668 goto error; 2669 } 2670 } else { 2671 *skb_push(skb, sizeof(u8)) = 1; /* TG */ 2672 } 2673 2674 rc = pn533_send_data_async(dev, PN533_CMD_IN_DATA_EXCHANGE, 2675 skb, pn533_data_exchange_complete, 2676 arg); 2677 2678 break; 2679 } 2680 2681 if (rc < 0) /* rc from send_async */ 2682 goto error; 2683 2684 return 0; 2685 2686error: 2687 kfree(arg); 2688 dev_kfree_skb(skb); 2689 return rc; 2690} 2691 2692static int pn533_tm_send_complete(struct pn533 *dev, void *arg, 2693 struct sk_buff *resp) 2694{ 2695 u8 status; 2696 2697 dev_dbg(&dev->interface->dev, "%s\n", __func__); 2698 2699 if (IS_ERR(resp)) 2700 return PTR_ERR(resp); 2701 2702 status = resp->data[0]; 2703 2704 /* Prepare for the next round */ 2705 if (skb_queue_len(&dev->fragment_skb) > 0) { 2706 queue_work(dev->wq, &dev->mi_tm_tx_work); 2707 return -EINPROGRESS; 2708 } 2709 dev_kfree_skb(resp); 2710 2711 if (status != 0) { 2712 nfc_tm_deactivated(dev->nfc_dev); 2713 2714 dev->tgt_mode = 0; 2715 2716 return 0; 2717 } 2718 2719 queue_work(dev->wq, &dev->tg_work); 2720 2721 return 0; 2722} 2723 2724static int pn533_tm_send(struct nfc_dev *nfc_dev, struct sk_buff *skb) 2725{ 2726 struct pn533 *dev = nfc_get_drvdata(nfc_dev); 2727 int rc; 2728 2729 dev_dbg(&dev->interface->dev, "%s\n", __func__); 2730 2731 /* let's split in multiple chunks if size's too big */ 2732 if (skb->len > PN533_CMD_DATAEXCH_DATA_MAXLEN) { 2733 rc = pn533_fill_fragment_skbs(dev, skb); 2734 if (rc <= 0) 2735 goto error; 2736 2737 /* get the first skb */ 2738 skb = skb_dequeue(&dev->fragment_skb); 2739 if (!skb) { 2740 rc = -EIO; 2741 goto error; 2742 } 2743 2744 rc = pn533_send_data_async(dev, PN533_CMD_TG_SET_META_DATA, skb, 2745 pn533_tm_send_complete, NULL); 2746 } else { 2747 /* Send th skb */ 2748 rc = pn533_send_data_async(dev, PN533_CMD_TG_SET_DATA, skb, 2749 pn533_tm_send_complete, NULL); 2750 } 2751 2752error: 2753 if (rc < 0) { 2754 dev_kfree_skb(skb); 2755 skb_queue_purge(&dev->fragment_skb); 2756 } 2757 2758 return rc; 2759} 2760 2761static void pn533_wq_mi_recv(struct work_struct *work) 2762{ 2763 struct pn533 *dev = container_of(work, struct pn533, mi_rx_work); 2764 struct sk_buff *skb; 2765 int rc; 2766 2767 dev_dbg(&dev->interface->dev, "%s\n", __func__); 2768 2769 skb = pn533_alloc_skb(dev, PN533_CMD_DATAEXCH_HEAD_LEN); 2770 if (!skb) 2771 goto error; 2772 2773 switch (dev->device_type) { 2774 case PN533_DEVICE_PASORI: 2775 if (dev->tgt_active_prot == NFC_PROTO_FELICA) { 2776 rc = pn533_send_cmd_direct_async(dev, 2777 PN533_CMD_IN_COMM_THRU, 2778 skb, 2779 pn533_data_exchange_complete, 2780 dev->cmd_complete_mi_arg); 2781 2782 break; 2783 } 2784 default: 2785 *skb_put(skb, sizeof(u8)) = 1; /*TG*/ 2786 2787 rc = pn533_send_cmd_direct_async(dev, 2788 PN533_CMD_IN_DATA_EXCHANGE, 2789 skb, 2790 pn533_data_exchange_complete, 2791 dev->cmd_complete_mi_arg); 2792 2793 break; 2794 } 2795 2796 if (rc == 0) /* success */ 2797 return; 2798 2799 nfc_err(&dev->interface->dev, 2800 "Error %d when trying to perform data_exchange\n", rc); 2801 2802 dev_kfree_skb(skb); 2803 kfree(dev->cmd_complete_mi_arg); 2804 2805error: 2806 pn533_send_ack(dev, GFP_KERNEL); 2807 queue_work(dev->wq, &dev->cmd_work); 2808} 2809 2810static void pn533_wq_mi_send(struct work_struct *work) 2811{ 2812 struct pn533 *dev = container_of(work, struct pn533, mi_tx_work); 2813 struct sk_buff *skb; 2814 int rc; 2815 2816 dev_dbg(&dev->interface->dev, "%s\n", __func__); 2817 2818 /* Grab the first skb in the queue */ 2819 skb = skb_dequeue(&dev->fragment_skb); 2820 2821 if (skb == NULL) { /* No more data */ 2822 /* Reset the queue for future use */ 2823 skb_queue_head_init(&dev->fragment_skb); 2824 goto error; 2825 } 2826 2827 switch (dev->device_type) { 2828 case PN533_DEVICE_PASORI: 2829 if (dev->tgt_active_prot != NFC_PROTO_FELICA) { 2830 rc = -EIO; 2831 break; 2832 } 2833 2834 rc = pn533_send_cmd_direct_async(dev, PN533_CMD_IN_COMM_THRU, 2835 skb, 2836 pn533_data_exchange_complete, 2837 dev->cmd_complete_dep_arg); 2838 2839 break; 2840 2841 default: 2842 /* Still some fragments? */ 2843 rc = pn533_send_cmd_direct_async(dev,PN533_CMD_IN_DATA_EXCHANGE, 2844 skb, 2845 pn533_data_exchange_complete, 2846 dev->cmd_complete_dep_arg); 2847 2848 break; 2849 } 2850 2851 if (rc == 0) /* success */ 2852 return; 2853 2854 nfc_err(&dev->interface->dev, 2855 "Error %d when trying to perform data_exchange\n", rc); 2856 2857 dev_kfree_skb(skb); 2858 kfree(dev->cmd_complete_dep_arg); 2859 2860error: 2861 pn533_send_ack(dev, GFP_KERNEL); 2862 queue_work(dev->wq, &dev->cmd_work); 2863} 2864 2865static int pn533_set_configuration(struct pn533 *dev, u8 cfgitem, u8 *cfgdata, 2866 u8 cfgdata_len) 2867{ 2868 struct sk_buff *skb; 2869 struct sk_buff *resp; 2870 int skb_len; 2871 2872 dev_dbg(&dev->interface->dev, "%s\n", __func__); 2873 2874 skb_len = sizeof(cfgitem) + cfgdata_len; /* cfgitem + cfgdata */ 2875 2876 skb = pn533_alloc_skb(dev, skb_len); 2877 if (!skb) 2878 return -ENOMEM; 2879 2880 *skb_put(skb, sizeof(cfgitem)) = cfgitem; 2881 memcpy(skb_put(skb, cfgdata_len), cfgdata, cfgdata_len); 2882 2883 resp = pn533_send_cmd_sync(dev, PN533_CMD_RF_CONFIGURATION, skb); 2884 if (IS_ERR(resp)) 2885 return PTR_ERR(resp); 2886 2887 dev_kfree_skb(resp); 2888 return 0; 2889} 2890 2891static int pn533_get_firmware_version(struct pn533 *dev, 2892 struct pn533_fw_version *fv) 2893{ 2894 struct sk_buff *skb; 2895 struct sk_buff *resp; 2896 2897 skb = pn533_alloc_skb(dev, 0); 2898 if (!skb) 2899 return -ENOMEM; 2900 2901 resp = pn533_send_cmd_sync(dev, PN533_CMD_GET_FIRMWARE_VERSION, skb); 2902 if (IS_ERR(resp)) 2903 return PTR_ERR(resp); 2904 2905 fv->ic = resp->data[0]; 2906 fv->ver = resp->data[1]; 2907 fv->rev = resp->data[2]; 2908 fv->support = resp->data[3]; 2909 2910 dev_kfree_skb(resp); 2911 return 0; 2912} 2913 2914static int pn533_pasori_fw_reset(struct pn533 *dev) 2915{ 2916 struct sk_buff *skb; 2917 struct sk_buff *resp; 2918 2919 dev_dbg(&dev->interface->dev, "%s\n", __func__); 2920 2921 skb = pn533_alloc_skb(dev, sizeof(u8)); 2922 if (!skb) 2923 return -ENOMEM; 2924 2925 *skb_put(skb, sizeof(u8)) = 0x1; 2926 2927 resp = pn533_send_cmd_sync(dev, 0x18, skb); 2928 if (IS_ERR(resp)) 2929 return PTR_ERR(resp); 2930 2931 dev_kfree_skb(resp); 2932 2933 return 0; 2934} 2935 2936struct pn533_acr122_poweron_rdr_arg { 2937 int rc; 2938 struct completion done; 2939}; 2940 2941static void pn533_acr122_poweron_rdr_resp(struct urb *urb) 2942{ 2943 struct pn533_acr122_poweron_rdr_arg *arg = urb->context; 2944 2945 dev_dbg(&urb->dev->dev, "%s\n", __func__); 2946 2947 print_hex_dump_debug("ACR122 RX: ", DUMP_PREFIX_NONE, 16, 1, 2948 urb->transfer_buffer, urb->transfer_buffer_length, 2949 false); 2950 2951 arg->rc = urb->status; 2952 complete(&arg->done); 2953} 2954 2955static int pn533_acr122_poweron_rdr(struct pn533 *dev) 2956{ 2957 /* Power on th reader (CCID cmd) */ 2958 u8 cmd[10] = {PN533_ACR122_PC_TO_RDR_ICCPOWERON, 2959 0, 0, 0, 0, 0, 0, 3, 0, 0}; 2960 u8 buf[255]; 2961 int rc; 2962 void *cntx; 2963 struct pn533_acr122_poweron_rdr_arg arg; 2964 2965 dev_dbg(&dev->interface->dev, "%s\n", __func__); 2966 2967 init_completion(&arg.done); 2968 cntx = dev->in_urb->context; /* backup context */ 2969 2970 dev->in_urb->transfer_buffer = buf; 2971 dev->in_urb->transfer_buffer_length = 255; 2972 dev->in_urb->complete = pn533_acr122_poweron_rdr_resp; 2973 dev->in_urb->context = &arg; 2974 2975 dev->out_urb->transfer_buffer = cmd; 2976 dev->out_urb->transfer_buffer_length = sizeof(cmd); 2977 2978 print_hex_dump_debug("ACR122 TX: ", DUMP_PREFIX_NONE, 16, 1, 2979 cmd, sizeof(cmd), false); 2980 2981 rc = usb_submit_urb(dev->out_urb, GFP_KERNEL); 2982 if (rc) { 2983 nfc_err(&dev->interface->dev, 2984 "Reader power on cmd error %d\n", rc); 2985 return rc; 2986 } 2987 2988 rc = usb_submit_urb(dev->in_urb, GFP_KERNEL); 2989 if (rc) { 2990 nfc_err(&dev->interface->dev, 2991 "Can't submit reader poweron cmd response %d\n", rc); 2992 return rc; 2993 } 2994 2995 wait_for_completion(&arg.done); 2996 dev->in_urb->context = cntx; /* restore context */ 2997 2998 return arg.rc; 2999} 3000 3001static int pn533_rf_field(struct nfc_dev *nfc_dev, u8 rf) 3002{ 3003 struct pn533 *dev = nfc_get_drvdata(nfc_dev); 3004 u8 rf_field = !!rf; 3005 int rc; 3006 3007 rf_field |= PN533_CFGITEM_RF_FIELD_AUTO_RFCA; 3008 3009 rc = pn533_set_configuration(dev, PN533_CFGITEM_RF_FIELD, 3010 (u8 *)&rf_field, 1); 3011 if (rc) { 3012 nfc_err(&dev->interface->dev, "Error on setting RF field\n"); 3013 return rc; 3014 } 3015 3016 return rc; 3017} 3018 3019static int pn533_dev_up(struct nfc_dev *nfc_dev) 3020{ 3021 return pn533_rf_field(nfc_dev, 1); 3022} 3023 3024static int pn533_dev_down(struct nfc_dev *nfc_dev) 3025{ 3026 return pn533_rf_field(nfc_dev, 0); 3027} 3028 3029static struct nfc_ops pn533_nfc_ops = { 3030 .dev_up = pn533_dev_up, 3031 .dev_down = pn533_dev_down, 3032 .dep_link_up = pn533_dep_link_up, 3033 .dep_link_down = pn533_dep_link_down, 3034 .start_poll = pn533_start_poll, 3035 .stop_poll = pn533_stop_poll, 3036 .activate_target = pn533_activate_target, 3037 .deactivate_target = pn533_deactivate_target, 3038 .im_transceive = pn533_transceive, 3039 .tm_send = pn533_tm_send, 3040}; 3041 3042static int pn533_setup(struct pn533 *dev) 3043{ 3044 struct pn533_config_max_retries max_retries; 3045 struct pn533_config_timing timing; 3046 u8 pasori_cfg[3] = {0x08, 0x01, 0x08}; 3047 int rc; 3048 3049 switch (dev->device_type) { 3050 case PN533_DEVICE_STD: 3051 case PN533_DEVICE_PASORI: 3052 case PN533_DEVICE_ACR122U: 3053 max_retries.mx_rty_atr = 0x2; 3054 max_retries.mx_rty_psl = 0x1; 3055 max_retries.mx_rty_passive_act = 3056 PN533_CONFIG_MAX_RETRIES_NO_RETRY; 3057 3058 timing.rfu = PN533_CONFIG_TIMING_102; 3059 timing.atr_res_timeout = PN533_CONFIG_TIMING_102; 3060 timing.dep_timeout = PN533_CONFIG_TIMING_204; 3061 3062 break; 3063 3064 default: 3065 nfc_err(&dev->interface->dev, "Unknown device type %d\n", 3066 dev->device_type); 3067 return -EINVAL; 3068 } 3069 3070 rc = pn533_set_configuration(dev, PN533_CFGITEM_MAX_RETRIES, 3071 (u8 *)&max_retries, sizeof(max_retries)); 3072 if (rc) { 3073 nfc_err(&dev->interface->dev, 3074 "Error on setting MAX_RETRIES config\n"); 3075 return rc; 3076 } 3077 3078 3079 rc = pn533_set_configuration(dev, PN533_CFGITEM_TIMING, 3080 (u8 *)&timing, sizeof(timing)); 3081 if (rc) { 3082 nfc_err(&dev->interface->dev, "Error on setting RF timings\n"); 3083 return rc; 3084 } 3085 3086 switch (dev->device_type) { 3087 case PN533_DEVICE_STD: 3088 break; 3089 3090 case PN533_DEVICE_PASORI: 3091 pn533_pasori_fw_reset(dev); 3092 3093 rc = pn533_set_configuration(dev, PN533_CFGITEM_PASORI, 3094 pasori_cfg, 3); 3095 if (rc) { 3096 nfc_err(&dev->interface->dev, 3097 "Error while settings PASORI config\n"); 3098 return rc; 3099 } 3100 3101 pn533_pasori_fw_reset(dev); 3102 3103 break; 3104 } 3105 3106 return 0; 3107} 3108 3109static int pn533_probe(struct usb_interface *interface, 3110 const struct usb_device_id *id) 3111{ 3112 struct pn533_fw_version fw_ver; 3113 struct pn533 *dev; 3114 struct usb_host_interface *iface_desc; 3115 struct usb_endpoint_descriptor *endpoint; 3116 int in_endpoint = 0; 3117 int out_endpoint = 0; 3118 int rc = -ENOMEM; 3119 int i; 3120 u32 protocols; 3121 3122 dev = kzalloc(sizeof(*dev), GFP_KERNEL); 3123 if (!dev) 3124 return -ENOMEM; 3125 3126 dev->udev = usb_get_dev(interface_to_usbdev(interface)); 3127 dev->interface = interface; 3128 mutex_init(&dev->cmd_lock); 3129 3130 iface_desc = interface->cur_altsetting; 3131 for (i = 0; i < iface_desc->desc.bNumEndpoints; ++i) { 3132 endpoint = &iface_desc->endpoint[i].desc; 3133 3134 if (!in_endpoint && usb_endpoint_is_bulk_in(endpoint)) 3135 in_endpoint = endpoint->bEndpointAddress; 3136 3137 if (!out_endpoint && usb_endpoint_is_bulk_out(endpoint)) 3138 out_endpoint = endpoint->bEndpointAddress; 3139 } 3140 3141 if (!in_endpoint || !out_endpoint) { 3142 nfc_err(&interface->dev, 3143 "Could not find bulk-in or bulk-out endpoint\n"); 3144 rc = -ENODEV; 3145 goto error; 3146 } 3147 3148 dev->in_urb = usb_alloc_urb(0, GFP_KERNEL); 3149 dev->out_urb = usb_alloc_urb(0, GFP_KERNEL); 3150 3151 if (!dev->in_urb || !dev->out_urb) 3152 goto error; 3153 3154 usb_fill_bulk_urb(dev->in_urb, dev->udev, 3155 usb_rcvbulkpipe(dev->udev, in_endpoint), 3156 NULL, 0, NULL, dev); 3157 usb_fill_bulk_urb(dev->out_urb, dev->udev, 3158 usb_sndbulkpipe(dev->udev, out_endpoint), 3159 NULL, 0, pn533_send_complete, dev); 3160 3161 INIT_WORK(&dev->cmd_work, pn533_wq_cmd); 3162 INIT_WORK(&dev->cmd_complete_work, pn533_wq_cmd_complete); 3163 INIT_WORK(&dev->mi_rx_work, pn533_wq_mi_recv); 3164 INIT_WORK(&dev->mi_tx_work, pn533_wq_mi_send); 3165 INIT_WORK(&dev->tg_work, pn533_wq_tg_get_data); 3166 INIT_WORK(&dev->mi_tm_rx_work, pn533_wq_tm_mi_recv); 3167 INIT_WORK(&dev->mi_tm_tx_work, pn533_wq_tm_mi_send); 3168 INIT_DELAYED_WORK(&dev->poll_work, pn533_wq_poll); 3169 INIT_WORK(&dev->rf_work, pn533_wq_rf); 3170 dev->wq = alloc_ordered_workqueue("pn533", 0); 3171 if (dev->wq == NULL) 3172 goto error; 3173 3174 init_timer(&dev->listen_timer); 3175 dev->listen_timer.data = (unsigned long) dev; 3176 dev->listen_timer.function = pn533_listen_mode_timer; 3177 3178 skb_queue_head_init(&dev->resp_q); 3179 skb_queue_head_init(&dev->fragment_skb); 3180 3181 INIT_LIST_HEAD(&dev->cmd_queue); 3182 3183 usb_set_intfdata(interface, dev); 3184 3185 dev->ops = &pn533_std_frame_ops; 3186 3187 dev->protocol_type = PN533_PROTO_REQ_ACK_RESP; 3188 dev->device_type = id->driver_info; 3189 switch (dev->device_type) { 3190 case PN533_DEVICE_STD: 3191 protocols = PN533_ALL_PROTOCOLS; 3192 break; 3193 3194 case PN533_DEVICE_PASORI: 3195 protocols = PN533_NO_TYPE_B_PROTOCOLS; 3196 break; 3197 3198 case PN533_DEVICE_ACR122U: 3199 protocols = PN533_NO_TYPE_B_PROTOCOLS; 3200 dev->ops = &pn533_acr122_frame_ops; 3201 dev->protocol_type = PN533_PROTO_REQ_RESP, 3202 3203 rc = pn533_acr122_poweron_rdr(dev); 3204 if (rc < 0) { 3205 nfc_err(&dev->interface->dev, 3206 "Couldn't poweron the reader (error %d)\n", rc); 3207 goto destroy_wq; 3208 } 3209 break; 3210 3211 default: 3212 nfc_err(&dev->interface->dev, "Unknown device type %d\n", 3213 dev->device_type); 3214 rc = -EINVAL; 3215 goto destroy_wq; 3216 } 3217 3218 memset(&fw_ver, 0, sizeof(fw_ver)); 3219 rc = pn533_get_firmware_version(dev, &fw_ver); 3220 if (rc < 0) 3221 goto destroy_wq; 3222 3223 nfc_info(&dev->interface->dev, 3224 "NXP PN5%02X firmware ver %d.%d now attached\n", 3225 fw_ver.ic, fw_ver.ver, fw_ver.rev); 3226 3227 3228 dev->nfc_dev = nfc_allocate_device(&pn533_nfc_ops, protocols, 3229 dev->ops->tx_header_len + 3230 PN533_CMD_DATAEXCH_HEAD_LEN, 3231 dev->ops->tx_tail_len); 3232 if (!dev->nfc_dev) { 3233 rc = -ENOMEM; 3234 goto destroy_wq; 3235 } 3236 3237 nfc_set_parent_dev(dev->nfc_dev, &interface->dev); 3238 nfc_set_drvdata(dev->nfc_dev, dev); 3239 3240 rc = nfc_register_device(dev->nfc_dev); 3241 if (rc) 3242 goto free_nfc_dev; 3243 3244 rc = pn533_setup(dev); 3245 if (rc) 3246 goto unregister_nfc_dev; 3247 3248 return 0; 3249 3250unregister_nfc_dev: 3251 nfc_unregister_device(dev->nfc_dev); 3252 3253free_nfc_dev: 3254 nfc_free_device(dev->nfc_dev); 3255 3256destroy_wq: 3257 destroy_workqueue(dev->wq); 3258error: 3259 usb_free_urb(dev->in_urb); 3260 usb_free_urb(dev->out_urb); 3261 usb_put_dev(dev->udev); 3262 kfree(dev); 3263 return rc; 3264} 3265 3266static void pn533_disconnect(struct usb_interface *interface) 3267{ 3268 struct pn533 *dev; 3269 struct pn533_cmd *cmd, *n; 3270 3271 dev = usb_get_intfdata(interface); 3272 usb_set_intfdata(interface, NULL); 3273 3274 nfc_unregister_device(dev->nfc_dev); 3275 nfc_free_device(dev->nfc_dev); 3276 3277 usb_kill_urb(dev->in_urb); 3278 usb_kill_urb(dev->out_urb); 3279 3280 flush_delayed_work(&dev->poll_work); 3281 destroy_workqueue(dev->wq); 3282 3283 skb_queue_purge(&dev->resp_q); 3284 3285 del_timer(&dev->listen_timer); 3286 3287 list_for_each_entry_safe(cmd, n, &dev->cmd_queue, queue) { 3288 list_del(&cmd->queue); 3289 kfree(cmd); 3290 } 3291 3292 usb_free_urb(dev->in_urb); 3293 usb_free_urb(dev->out_urb); 3294 kfree(dev); 3295 3296 nfc_info(&interface->dev, "NXP PN533 NFC device disconnected\n"); 3297} 3298 3299static struct usb_driver pn533_driver = { 3300 .name = "pn533", 3301 .probe = pn533_probe, 3302 .disconnect = pn533_disconnect, 3303 .id_table = pn533_table, 3304}; 3305 3306module_usb_driver(pn533_driver); 3307 3308MODULE_AUTHOR("Lauro Ramos Venancio <lauro.venancio@openbossa.org>"); 3309MODULE_AUTHOR("Aloisio Almeida Jr <aloisio.almeida@openbossa.org>"); 3310MODULE_AUTHOR("Waldemar Rymarkiewicz <waldemar.rymarkiewicz@tieto.com>"); 3311MODULE_DESCRIPTION("PN533 usb driver ver " VERSION); 3312MODULE_VERSION(VERSION); 3313MODULE_LICENSE("GPL"); 3314