2 * Copyright (C) 2011 Instituto Nokia de Tecnologia
5 * Lauro Ramos Venancio <lauro.venancio@openbossa.org>
6 * Aloisio Almeida Jr <aloisio.almeida@openbossa.org>
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the
20 * Free Software Foundation, Inc.,
21 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
24 #include <linux/device.h>
25 #include <linux/kernel.h>
26 #include <linux/module.h>
27 #include <linux/slab.h>
28 #include <linux/usb.h>
29 #include <linux/nfc.h>
30 #include <linux/netdevice.h>
31 #include <net/nfc/nfc.h>
35 #define PN533_VENDOR_ID 0x4CC
36 #define PN533_PRODUCT_ID 0x2533
38 #define SCM_VENDOR_ID 0x4E6
39 #define SCL3711_PRODUCT_ID 0x5591
41 #define SONY_VENDOR_ID 0x054c
42 #define PASORI_PRODUCT_ID 0x02e1
44 #define PN533_DEVICE_STD 0x1
45 #define PN533_DEVICE_PASORI 0x2
47 #define PN533_ALL_PROTOCOLS (NFC_PROTO_JEWEL_MASK | NFC_PROTO_MIFARE_MASK |\
48 NFC_PROTO_FELICA_MASK | NFC_PROTO_ISO14443_MASK |\
49 NFC_PROTO_NFC_DEP_MASK |\
50 NFC_PROTO_ISO14443_B_MASK)
52 #define PN533_NO_TYPE_B_PROTOCOLS (NFC_PROTO_JEWEL_MASK | \
53 NFC_PROTO_MIFARE_MASK | \
54 NFC_PROTO_FELICA_MASK | \
55 NFC_PROTO_ISO14443_MASK | \
56 NFC_PROTO_NFC_DEP_MASK)
58 static const struct usb_device_id pn533_table[] = {
59 { .match_flags = USB_DEVICE_ID_MATCH_DEVICE,
60 .idVendor = PN533_VENDOR_ID,
61 .idProduct = PN533_PRODUCT_ID,
62 .driver_info = PN533_DEVICE_STD,
64 { .match_flags = USB_DEVICE_ID_MATCH_DEVICE,
65 .idVendor = SCM_VENDOR_ID,
66 .idProduct = SCL3711_PRODUCT_ID,
67 .driver_info = PN533_DEVICE_STD,
69 { .match_flags = USB_DEVICE_ID_MATCH_DEVICE,
70 .idVendor = SONY_VENDOR_ID,
71 .idProduct = PASORI_PRODUCT_ID,
72 .driver_info = PN533_DEVICE_PASORI,
76 MODULE_DEVICE_TABLE(usb, pn533_table);
78 /* How much time we spend listening for initiators */
79 #define PN533_LISTEN_TIME 2
81 /* frame definitions */
82 #define PN533_FRAME_HEADER_LEN (sizeof(struct pn533_frame) \
83 + 2) /* data[0] TFI, data[1] CC */
84 #define PN533_FRAME_TAIL_LEN 2 /* data[len] DCS, data[len + 1] postamble*/
87 * Max extended frame payload len, excluding TFI and CC
88 * which are already in PN533_FRAME_HEADER_LEN.
90 #define PN533_FRAME_MAX_PAYLOAD_LEN 263
92 #define PN533_FRAME_ACK_SIZE 6 /* Preamble (1), SoPC (2), ACK Code (2),
94 #define PN533_FRAME_CHECKSUM(f) (f->data[f->datalen])
95 #define PN533_FRAME_POSTAMBLE(f) (f->data[f->datalen + 1])
98 #define PN533_SOF 0x00FF
100 /* frame identifier: in/out/error */
101 #define PN533_FRAME_IDENTIFIER(f) (f->data[0])
102 #define PN533_DIR_OUT 0xD4
103 #define PN533_DIR_IN 0xD5
106 #define PN533_FRAME_CMD(f) (f->data[1])
108 #define PN533_CMD_GET_FIRMWARE_VERSION 0x02
109 #define PN533_CMD_RF_CONFIGURATION 0x32
110 #define PN533_CMD_IN_DATA_EXCHANGE 0x40
111 #define PN533_CMD_IN_COMM_THRU 0x42
112 #define PN533_CMD_IN_LIST_PASSIVE_TARGET 0x4A
113 #define PN533_CMD_IN_ATR 0x50
114 #define PN533_CMD_IN_RELEASE 0x52
115 #define PN533_CMD_IN_JUMP_FOR_DEP 0x56
117 #define PN533_CMD_TG_INIT_AS_TARGET 0x8c
118 #define PN533_CMD_TG_GET_DATA 0x86
119 #define PN533_CMD_TG_SET_DATA 0x8e
120 #define PN533_CMD_UNDEF 0xff
122 #define PN533_CMD_RESPONSE(cmd) (cmd + 1)
124 /* PN533 Return codes */
125 #define PN533_CMD_RET_MASK 0x3F
126 #define PN533_CMD_MI_MASK 0x40
127 #define PN533_CMD_RET_SUCCESS 0x00
131 typedef int (*pn533_cmd_complete_t) (struct pn533 *dev, void *arg, int status);
133 typedef int (*pn533_send_async_complete_t) (struct pn533 *dev, void *arg,
134 struct sk_buff *resp);
136 /* structs for pn533 commands */
138 /* PN533_CMD_GET_FIRMWARE_VERSION */
139 struct pn533_fw_version {
146 /* PN533_CMD_RF_CONFIGURATION */
147 #define PN533_CFGITEM_TIMING 0x02
148 #define PN533_CFGITEM_MAX_RETRIES 0x05
149 #define PN533_CFGITEM_PASORI 0x82
151 #define PN533_CONFIG_TIMING_102 0xb
152 #define PN533_CONFIG_TIMING_204 0xc
153 #define PN533_CONFIG_TIMING_409 0xd
154 #define PN533_CONFIG_TIMING_819 0xe
156 #define PN533_CONFIG_MAX_RETRIES_NO_RETRY 0x00
157 #define PN533_CONFIG_MAX_RETRIES_ENDLESS 0xFF
159 struct pn533_config_max_retries {
162 u8 mx_rty_passive_act;
165 struct pn533_config_timing {
171 /* PN533_CMD_IN_LIST_PASSIVE_TARGET */
173 /* felica commands opcode */
174 #define PN533_FELICA_OPC_SENSF_REQ 0
175 #define PN533_FELICA_OPC_SENSF_RES 1
176 /* felica SENSF_REQ parameters */
177 #define PN533_FELICA_SENSF_SC_ALL 0xFFFF
178 #define PN533_FELICA_SENSF_RC_NO_SYSTEM_CODE 0
179 #define PN533_FELICA_SENSF_RC_SYSTEM_CODE 1
180 #define PN533_FELICA_SENSF_RC_ADVANCED_PROTOCOL 2
182 /* type B initiator_data values */
183 #define PN533_TYPE_B_AFI_ALL_FAMILIES 0
184 #define PN533_TYPE_B_POLL_METHOD_TIMESLOT 0
185 #define PN533_TYPE_B_POLL_METHOD_PROBABILISTIC 1
187 union pn533_cmd_poll_initdata {
200 /* Poll modulations */
202 PN533_POLL_MOD_106KBPS_A,
203 PN533_POLL_MOD_212KBPS_FELICA,
204 PN533_POLL_MOD_424KBPS_FELICA,
205 PN533_POLL_MOD_106KBPS_JEWEL,
206 PN533_POLL_MOD_847KBPS_B,
209 __PN533_POLL_MOD_AFTER_LAST,
211 #define PN533_POLL_MOD_MAX (__PN533_POLL_MOD_AFTER_LAST - 1)
213 struct pn533_poll_modulations {
217 union pn533_cmd_poll_initdata initiator_data;
222 static const struct pn533_poll_modulations poll_mod[] = {
223 [PN533_POLL_MOD_106KBPS_A] = {
230 [PN533_POLL_MOD_212KBPS_FELICA] = {
234 .initiator_data.felica = {
235 .opcode = PN533_FELICA_OPC_SENSF_REQ,
236 .sc = PN533_FELICA_SENSF_SC_ALL,
237 .rc = PN533_FELICA_SENSF_RC_NO_SYSTEM_CODE,
243 [PN533_POLL_MOD_424KBPS_FELICA] = {
247 .initiator_data.felica = {
248 .opcode = PN533_FELICA_OPC_SENSF_REQ,
249 .sc = PN533_FELICA_SENSF_SC_ALL,
250 .rc = PN533_FELICA_SENSF_RC_NO_SYSTEM_CODE,
256 [PN533_POLL_MOD_106KBPS_JEWEL] = {
263 [PN533_POLL_MOD_847KBPS_B] = {
267 .initiator_data.type_b = {
268 .afi = PN533_TYPE_B_AFI_ALL_FAMILIES,
270 PN533_TYPE_B_POLL_METHOD_TIMESLOT,
275 [PN533_LISTEN_MOD] = {
280 /* PN533_CMD_IN_ATR */
282 struct pn533_cmd_activate_response {
294 struct pn533_cmd_jump_dep_response {
308 /* PN533_TG_INIT_AS_TARGET */
309 #define PN533_INIT_TARGET_PASSIVE 0x1
310 #define PN533_INIT_TARGET_DEP 0x2
312 #define PN533_INIT_TARGET_RESP_FRAME_MASK 0x3
313 #define PN533_INIT_TARGET_RESP_ACTIVE 0x1
314 #define PN533_INIT_TARGET_RESP_DEP 0x4
317 struct usb_device *udev;
318 struct usb_interface *interface;
319 struct nfc_dev *nfc_dev;
324 struct sk_buff_head resp_q;
326 struct workqueue_struct *wq;
327 struct work_struct cmd_work;
328 struct work_struct cmd_complete_work;
329 struct work_struct poll_work;
330 struct work_struct mi_work;
331 struct work_struct tg_work;
332 struct timer_list listen_timer;
336 pn533_cmd_complete_t cmd_complete;
337 void *cmd_complete_arg;
338 void *cmd_complete_mi_arg;
339 struct mutex cmd_lock;
342 struct pn533_poll_modulations *poll_mod_active[PN533_POLL_MOD_MAX + 1];
346 u32 listen_protocols;
351 u8 tgt_available_prots;
357 struct list_head cmd_queue;
360 struct pn533_frame_ops *ops;
364 struct list_head queue;
367 struct sk_buff *resp;
380 struct pn533_frame_ops {
381 void (*tx_frame_init)(void *frame, u8 cmd_code);
382 void (*tx_frame_finish)(void *frame);
383 void (*tx_update_payload_len)(void *frame, int len);
387 bool (*rx_is_frame_valid)(void *frame);
388 int (*rx_frame_size)(void *frame);
393 u8 (*get_cmd_code)(void *frame);
396 /* The rule: value + checksum = 0 */
397 static inline u8 pn533_checksum(u8 value)
402 /* The rule: sum(data elements) + checksum = 0 */
403 static u8 pn533_data_checksum(u8 *data, int datalen)
408 for (i = 0; i < datalen; i++)
411 return pn533_checksum(sum);
414 static void pn533_tx_frame_init(void *_frame, u8 cmd_code)
416 struct pn533_frame *frame = _frame;
419 frame->start_frame = cpu_to_be16(PN533_SOF);
420 PN533_FRAME_IDENTIFIER(frame) = PN533_DIR_OUT;
421 PN533_FRAME_CMD(frame) = cmd_code;
425 static void pn533_tx_frame_finish(void *_frame)
427 struct pn533_frame *frame = _frame;
429 frame->datalen_checksum = pn533_checksum(frame->datalen);
431 PN533_FRAME_CHECKSUM(frame) =
432 pn533_data_checksum(frame->data, frame->datalen);
434 PN533_FRAME_POSTAMBLE(frame) = 0;
437 static void pn533_tx_update_payload_len(void *_frame, int len)
439 struct pn533_frame *frame = _frame;
441 frame->datalen += len;
444 static bool pn533_rx_frame_is_valid(void *_frame)
447 struct pn533_frame *frame = _frame;
449 if (frame->start_frame != cpu_to_be16(PN533_SOF))
452 checksum = pn533_checksum(frame->datalen);
453 if (checksum != frame->datalen_checksum)
456 checksum = pn533_data_checksum(frame->data, frame->datalen);
457 if (checksum != PN533_FRAME_CHECKSUM(frame))
463 static bool pn533_rx_frame_is_ack(struct pn533_frame *frame)
465 if (frame->start_frame != cpu_to_be16(PN533_SOF))
468 if (frame->datalen != 0 || frame->datalen_checksum != 0xFF)
474 static inline int pn533_rx_frame_size(void *frame)
476 struct pn533_frame *f = frame;
478 return sizeof(struct pn533_frame) + f->datalen + PN533_FRAME_TAIL_LEN;
481 static u8 pn533_get_cmd_code(void *frame)
483 struct pn533_frame *f = frame;
485 return PN533_FRAME_CMD(f);
488 static struct pn533_frame_ops pn533_std_frame_ops = {
489 .tx_frame_init = pn533_tx_frame_init,
490 .tx_frame_finish = pn533_tx_frame_finish,
491 .tx_update_payload_len = pn533_tx_update_payload_len,
492 .tx_header_len = PN533_FRAME_HEADER_LEN,
493 .tx_tail_len = PN533_FRAME_TAIL_LEN,
495 .rx_is_frame_valid = pn533_rx_frame_is_valid,
496 .rx_frame_size = pn533_rx_frame_size,
497 .rx_header_len = PN533_FRAME_HEADER_LEN,
498 .rx_tail_len = PN533_FRAME_TAIL_LEN,
500 .max_payload_len = PN533_FRAME_MAX_PAYLOAD_LEN,
501 .get_cmd_code = pn533_get_cmd_code,
504 static bool pn533_rx_frame_is_cmd_response(struct pn533 *dev, void *frame)
506 return (dev->ops->get_cmd_code(frame) == PN533_CMD_RESPONSE(dev->cmd));
510 static void pn533_wq_cmd_complete(struct work_struct *work)
512 struct pn533 *dev = container_of(work, struct pn533, cmd_complete_work);
515 rc = dev->cmd_complete(dev, dev->cmd_complete_arg, dev->wq_in_error);
516 if (rc != -EINPROGRESS)
517 queue_work(dev->wq, &dev->cmd_work);
520 static void pn533_recv_response(struct urb *urb)
522 struct pn533 *dev = urb->context;
525 switch (urb->status) {
530 nfc_dev_dbg(&dev->interface->dev,
531 "The urb has been canceled (status %d)",
533 dev->wq_in_error = urb->status;
537 nfc_dev_err(&dev->interface->dev,
538 "Urb failure (status %d)", urb->status);
539 dev->wq_in_error = urb->status;
543 in_frame = dev->in_urb->transfer_buffer;
545 nfc_dev_dbg(&dev->interface->dev, "Received a frame.");
546 print_hex_dump(KERN_DEBUG, "PN533 RX: ", DUMP_PREFIX_NONE, 16, 1,
547 in_frame, dev->ops->rx_frame_size(in_frame), false);
549 if (!dev->ops->rx_is_frame_valid(in_frame)) {
550 nfc_dev_err(&dev->interface->dev, "Received an invalid frame");
551 dev->wq_in_error = -EIO;
555 if (!pn533_rx_frame_is_cmd_response(dev, in_frame)) {
556 nfc_dev_err(&dev->interface->dev,
557 "It it not the response to the last command");
558 dev->wq_in_error = -EIO;
562 dev->wq_in_error = 0;
565 queue_work(dev->wq, &dev->cmd_complete_work);
568 static int pn533_submit_urb_for_response(struct pn533 *dev, gfp_t flags)
570 dev->in_urb->complete = pn533_recv_response;
572 return usb_submit_urb(dev->in_urb, flags);
575 static void pn533_recv_ack(struct urb *urb)
577 struct pn533 *dev = urb->context;
578 struct pn533_frame *in_frame;
581 switch (urb->status) {
586 nfc_dev_dbg(&dev->interface->dev,
587 "The urb has been stopped (status %d)",
589 dev->wq_in_error = urb->status;
593 nfc_dev_err(&dev->interface->dev,
594 "Urb failure (status %d)", urb->status);
595 dev->wq_in_error = urb->status;
599 in_frame = dev->in_urb->transfer_buffer;
601 if (!pn533_rx_frame_is_ack(in_frame)) {
602 nfc_dev_err(&dev->interface->dev, "Received an invalid ack");
603 dev->wq_in_error = -EIO;
607 rc = pn533_submit_urb_for_response(dev, GFP_ATOMIC);
609 nfc_dev_err(&dev->interface->dev,
610 "usb_submit_urb failed with result %d", rc);
611 dev->wq_in_error = rc;
618 queue_work(dev->wq, &dev->cmd_complete_work);
621 static int pn533_submit_urb_for_ack(struct pn533 *dev, gfp_t flags)
623 dev->in_urb->complete = pn533_recv_ack;
625 return usb_submit_urb(dev->in_urb, flags);
628 static int pn533_send_ack(struct pn533 *dev, gfp_t flags)
630 u8 ack[PN533_FRAME_ACK_SIZE] = {0x00, 0x00, 0xff, 0x00, 0xff, 0x00};
631 /* spec 7.1.1.3: Preamble, SoPC (2), ACK Code (2), Postamble */
634 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
636 dev->out_urb->transfer_buffer = ack;
637 dev->out_urb->transfer_buffer_length = sizeof(ack);
638 rc = usb_submit_urb(dev->out_urb, flags);
643 static int __pn533_send_frame_async(struct pn533 *dev,
647 pn533_cmd_complete_t cmd_complete,
652 dev->cmd = dev->ops->get_cmd_code(out->data);
653 dev->cmd_complete = cmd_complete;
654 dev->cmd_complete_arg = arg;
656 dev->out_urb->transfer_buffer = out->data;
657 dev->out_urb->transfer_buffer_length = out->len;
659 dev->in_urb->transfer_buffer = in->data;
660 dev->in_urb->transfer_buffer_length = in_len;
662 print_hex_dump(KERN_DEBUG, "PN533 TX: ", DUMP_PREFIX_NONE, 16, 1,
663 out->data, out->len, false);
665 rc = usb_submit_urb(dev->out_urb, GFP_KERNEL);
669 rc = pn533_submit_urb_for_ack(dev, GFP_KERNEL);
676 usb_unlink_urb(dev->out_urb);
680 static void pn533_build_cmd_frame(struct pn533 *dev, u8 cmd_code,
683 /* payload is already there, just update datalen */
684 int payload_len = skb->len;
685 struct pn533_frame_ops *ops = dev->ops;
688 skb_push(skb, ops->tx_header_len);
689 skb_put(skb, ops->tx_tail_len);
691 ops->tx_frame_init(skb->data, cmd_code);
692 ops->tx_update_payload_len(skb->data, payload_len);
693 ops->tx_frame_finish(skb->data);
696 struct pn533_send_async_complete_arg {
697 pn533_send_async_complete_t complete_cb;
698 void *complete_cb_context;
699 struct sk_buff *resp;
703 static int pn533_send_async_complete(struct pn533 *dev, void *_arg, int status)
705 struct pn533_send_async_complete_arg *arg = _arg;
707 struct sk_buff *req = arg->req;
708 struct sk_buff *resp = arg->resp;
715 arg->complete_cb(dev, arg->complete_cb_context,
722 skb_put(resp, dev->ops->rx_frame_size(resp->data));
723 skb_pull(resp, dev->ops->rx_header_len);
724 skb_trim(resp, resp->len - dev->ops->rx_tail_len);
726 rc = arg->complete_cb(dev, arg->complete_cb_context, resp);
732 static int __pn533_send_async(struct pn533 *dev, u8 cmd_code,
733 struct sk_buff *req, struct sk_buff *resp,
735 pn533_send_async_complete_t complete_cb,
736 void *complete_cb_context)
738 struct pn533_cmd *cmd;
739 struct pn533_send_async_complete_arg *arg;
742 nfc_dev_dbg(&dev->interface->dev, "Sending command 0x%x", cmd_code);
744 arg = kzalloc(sizeof(*arg), GFP_KERNEL);
748 arg->complete_cb = complete_cb;
749 arg->complete_cb_context = complete_cb_context;
753 pn533_build_cmd_frame(dev, cmd_code, req);
755 mutex_lock(&dev->cmd_lock);
757 if (!dev->cmd_pending) {
758 rc = __pn533_send_frame_async(dev, req, resp, resp_len,
759 pn533_send_async_complete, arg);
763 dev->cmd_pending = 1;
767 nfc_dev_dbg(&dev->interface->dev, "%s Queueing command 0x%x", __func__,
770 cmd = kzalloc(sizeof(struct pn533_cmd), GFP_KERNEL);
776 INIT_LIST_HEAD(&cmd->queue);
777 cmd->cmd_code = cmd_code;
780 cmd->resp_len = resp_len;
783 list_add_tail(&cmd->queue, &dev->cmd_queue);
790 mutex_unlock(&dev->cmd_lock);
794 static int pn533_send_data_async(struct pn533 *dev, u8 cmd_code,
796 pn533_send_async_complete_t complete_cb,
797 void *complete_cb_context)
799 struct sk_buff *resp;
801 int resp_len = dev->ops->rx_header_len +
802 dev->ops->max_payload_len +
803 dev->ops->rx_tail_len;
805 resp = nfc_alloc_recv_skb(resp_len, GFP_KERNEL);
809 rc = __pn533_send_async(dev, cmd_code, req, resp, resp_len, complete_cb,
810 complete_cb_context);
817 static int pn533_send_cmd_async(struct pn533 *dev, u8 cmd_code,
819 pn533_send_async_complete_t complete_cb,
820 void *complete_cb_context)
822 struct sk_buff *resp;
824 int resp_len = dev->ops->rx_header_len +
825 dev->ops->max_payload_len +
826 dev->ops->rx_tail_len;
828 resp = alloc_skb(resp_len, GFP_KERNEL);
832 rc = __pn533_send_async(dev, cmd_code, req, resp, resp_len, complete_cb,
833 complete_cb_context);
841 * pn533_send_cmd_direct_async
843 * The function sends a piority cmd directly to the chip omiting the cmd
844 * queue. It's intended to be used by chaining mechanism of received responses
845 * where the host has to request every single chunk of data before scheduling
846 * next cmd from the queue.
848 static int pn533_send_cmd_direct_async(struct pn533 *dev, u8 cmd_code,
850 pn533_send_async_complete_t complete_cb,
851 void *complete_cb_context)
853 struct pn533_send_async_complete_arg *arg;
854 struct sk_buff *resp;
856 int resp_len = dev->ops->rx_header_len +
857 dev->ops->max_payload_len +
858 dev->ops->rx_tail_len;
860 resp = alloc_skb(resp_len, GFP_KERNEL);
864 arg = kzalloc(sizeof(*arg), GFP_KERNEL);
870 arg->complete_cb = complete_cb;
871 arg->complete_cb_context = complete_cb_context;
875 pn533_build_cmd_frame(dev, cmd_code, req);
877 rc = __pn533_send_frame_async(dev, req, resp, resp_len,
878 pn533_send_async_complete, arg);
887 static void pn533_wq_cmd(struct work_struct *work)
889 struct pn533 *dev = container_of(work, struct pn533, cmd_work);
890 struct pn533_cmd *cmd;
892 mutex_lock(&dev->cmd_lock);
894 if (list_empty(&dev->cmd_queue)) {
895 dev->cmd_pending = 0;
896 mutex_unlock(&dev->cmd_lock);
900 cmd = list_first_entry(&dev->cmd_queue, struct pn533_cmd, queue);
902 list_del(&cmd->queue);
904 mutex_unlock(&dev->cmd_lock);
906 __pn533_send_frame_async(dev, cmd->req, cmd->resp, cmd->resp_len,
907 pn533_send_async_complete, cmd->arg);
912 struct pn533_sync_cmd_response {
913 struct sk_buff *resp;
914 struct completion done;
917 static int pn533_send_sync_complete(struct pn533 *dev, void *_arg,
918 struct sk_buff *resp)
920 struct pn533_sync_cmd_response *arg = _arg;
923 complete(&arg->done);
928 /* pn533_send_cmd_sync
930 * Please note the req parameter is freed inside the function to
931 * limit a number of return value interpretations by the caller.
933 * 1. negative in case of error during TX path -> req should be freed
935 * 2. negative in case of error during RX path -> req should not be freed
936 * as it's been already freed at the begining of RX path by
939 * 3. valid pointer in case of succesfult RX path
941 * A caller has to check a return value with IS_ERR macro. If the test pass,
942 * the returned pointer is valid.
945 static struct sk_buff *pn533_send_cmd_sync(struct pn533 *dev, u8 cmd_code,
949 struct pn533_sync_cmd_response arg;
951 init_completion(&arg.done);
953 rc = pn533_send_cmd_async(dev, cmd_code, req,
954 pn533_send_sync_complete, &arg);
960 wait_for_completion(&arg.done);
965 static void pn533_send_complete(struct urb *urb)
967 struct pn533 *dev = urb->context;
969 switch (urb->status) {
974 nfc_dev_dbg(&dev->interface->dev,
975 "The urb has been stopped (status %d)",
980 nfc_dev_err(&dev->interface->dev,
981 "Urb failure (status %d)", urb->status);
985 static struct sk_buff *pn533_alloc_skb(struct pn533 *dev, unsigned int size)
989 skb = alloc_skb(dev->ops->tx_header_len +
991 dev->ops->tx_tail_len, GFP_KERNEL);
994 skb_reserve(skb, dev->ops->tx_header_len);
999 struct pn533_target_type_a {
1007 #define PN533_TYPE_A_SENS_RES_NFCID1(x) ((u8)((be16_to_cpu(x) & 0x00C0) >> 6))
1008 #define PN533_TYPE_A_SENS_RES_SSD(x) ((u8)((be16_to_cpu(x) & 0x001F) >> 0))
1009 #define PN533_TYPE_A_SENS_RES_PLATCONF(x) ((u8)((be16_to_cpu(x) & 0x0F00) >> 8))
1011 #define PN533_TYPE_A_SENS_RES_SSD_JEWEL 0x00
1012 #define PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL 0x0C
1014 #define PN533_TYPE_A_SEL_PROT(x) (((x) & 0x60) >> 5)
1015 #define PN533_TYPE_A_SEL_CASCADE(x) (((x) & 0x04) >> 2)
1017 #define PN533_TYPE_A_SEL_PROT_MIFARE 0
1018 #define PN533_TYPE_A_SEL_PROT_ISO14443 1
1019 #define PN533_TYPE_A_SEL_PROT_DEP 2
1020 #define PN533_TYPE_A_SEL_PROT_ISO14443_DEP 3
1022 static bool pn533_target_type_a_is_valid(struct pn533_target_type_a *type_a,
1023 int target_data_len)
1028 if (target_data_len < sizeof(struct pn533_target_type_a))
1031 /* The lenght check of nfcid[] and ats[] are not being performed because
1032 the values are not being used */
1034 /* Requirement 4.6.3.3 from NFC Forum Digital Spec */
1035 ssd = PN533_TYPE_A_SENS_RES_SSD(type_a->sens_res);
1036 platconf = PN533_TYPE_A_SENS_RES_PLATCONF(type_a->sens_res);
1038 if ((ssd == PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
1039 platconf != PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL) ||
1040 (ssd != PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
1041 platconf == PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL))
1044 /* Requirements 4.8.2.1, 4.8.2.3, 4.8.2.5 and 4.8.2.7 from NFC Forum */
1045 if (PN533_TYPE_A_SEL_CASCADE(type_a->sel_res) != 0)
1051 static int pn533_target_found_type_a(struct nfc_target *nfc_tgt, u8 *tgt_data,
1054 struct pn533_target_type_a *tgt_type_a;
1056 tgt_type_a = (struct pn533_target_type_a *)tgt_data;
1058 if (!pn533_target_type_a_is_valid(tgt_type_a, tgt_data_len))
1061 switch (PN533_TYPE_A_SEL_PROT(tgt_type_a->sel_res)) {
1062 case PN533_TYPE_A_SEL_PROT_MIFARE:
1063 nfc_tgt->supported_protocols = NFC_PROTO_MIFARE_MASK;
1065 case PN533_TYPE_A_SEL_PROT_ISO14443:
1066 nfc_tgt->supported_protocols = NFC_PROTO_ISO14443_MASK;
1068 case PN533_TYPE_A_SEL_PROT_DEP:
1069 nfc_tgt->supported_protocols = NFC_PROTO_NFC_DEP_MASK;
1071 case PN533_TYPE_A_SEL_PROT_ISO14443_DEP:
1072 nfc_tgt->supported_protocols = NFC_PROTO_ISO14443_MASK |
1073 NFC_PROTO_NFC_DEP_MASK;
1077 nfc_tgt->sens_res = be16_to_cpu(tgt_type_a->sens_res);
1078 nfc_tgt->sel_res = tgt_type_a->sel_res;
1079 nfc_tgt->nfcid1_len = tgt_type_a->nfcid_len;
1080 memcpy(nfc_tgt->nfcid1, tgt_type_a->nfcid_data, nfc_tgt->nfcid1_len);
1085 struct pn533_target_felica {
1094 #define PN533_FELICA_SENSF_NFCID2_DEP_B1 0x01
1095 #define PN533_FELICA_SENSF_NFCID2_DEP_B2 0xFE
1097 static bool pn533_target_felica_is_valid(struct pn533_target_felica *felica,
1098 int target_data_len)
1100 if (target_data_len < sizeof(struct pn533_target_felica))
1103 if (felica->opcode != PN533_FELICA_OPC_SENSF_RES)
1109 static int pn533_target_found_felica(struct nfc_target *nfc_tgt, u8 *tgt_data,
1112 struct pn533_target_felica *tgt_felica;
1114 tgt_felica = (struct pn533_target_felica *)tgt_data;
1116 if (!pn533_target_felica_is_valid(tgt_felica, tgt_data_len))
1119 if ((tgt_felica->nfcid2[0] == PN533_FELICA_SENSF_NFCID2_DEP_B1) &&
1120 (tgt_felica->nfcid2[1] == PN533_FELICA_SENSF_NFCID2_DEP_B2))
1121 nfc_tgt->supported_protocols = NFC_PROTO_NFC_DEP_MASK;
1123 nfc_tgt->supported_protocols = NFC_PROTO_FELICA_MASK;
1125 memcpy(nfc_tgt->sensf_res, &tgt_felica->opcode, 9);
1126 nfc_tgt->sensf_res_len = 9;
1131 struct pn533_target_jewel {
1136 static bool pn533_target_jewel_is_valid(struct pn533_target_jewel *jewel,
1137 int target_data_len)
1142 if (target_data_len < sizeof(struct pn533_target_jewel))
1145 /* Requirement 4.6.3.3 from NFC Forum Digital Spec */
1146 ssd = PN533_TYPE_A_SENS_RES_SSD(jewel->sens_res);
1147 platconf = PN533_TYPE_A_SENS_RES_PLATCONF(jewel->sens_res);
1149 if ((ssd == PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
1150 platconf != PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL) ||
1151 (ssd != PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
1152 platconf == PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL))
1158 static int pn533_target_found_jewel(struct nfc_target *nfc_tgt, u8 *tgt_data,
1161 struct pn533_target_jewel *tgt_jewel;
1163 tgt_jewel = (struct pn533_target_jewel *)tgt_data;
1165 if (!pn533_target_jewel_is_valid(tgt_jewel, tgt_data_len))
1168 nfc_tgt->supported_protocols = NFC_PROTO_JEWEL_MASK;
1169 nfc_tgt->sens_res = be16_to_cpu(tgt_jewel->sens_res);
1170 nfc_tgt->nfcid1_len = 4;
1171 memcpy(nfc_tgt->nfcid1, tgt_jewel->jewelid, nfc_tgt->nfcid1_len);
1176 struct pn533_type_b_prot_info {
1182 #define PN533_TYPE_B_PROT_FCSI(x) (((x) & 0xF0) >> 4)
1183 #define PN533_TYPE_B_PROT_TYPE(x) (((x) & 0x0F) >> 0)
1184 #define PN533_TYPE_B_PROT_TYPE_RFU_MASK 0x8
1186 struct pn533_type_b_sens_res {
1190 struct pn533_type_b_prot_info prot_info;
1193 #define PN533_TYPE_B_OPC_SENSB_RES 0x50
1195 struct pn533_target_type_b {
1196 struct pn533_type_b_sens_res sensb_res;
1201 static bool pn533_target_type_b_is_valid(struct pn533_target_type_b *type_b,
1202 int target_data_len)
1204 if (target_data_len < sizeof(struct pn533_target_type_b))
1207 if (type_b->sensb_res.opcode != PN533_TYPE_B_OPC_SENSB_RES)
1210 if (PN533_TYPE_B_PROT_TYPE(type_b->sensb_res.prot_info.fsci_type) &
1211 PN533_TYPE_B_PROT_TYPE_RFU_MASK)
1217 static int pn533_target_found_type_b(struct nfc_target *nfc_tgt, u8 *tgt_data,
1220 struct pn533_target_type_b *tgt_type_b;
1222 tgt_type_b = (struct pn533_target_type_b *)tgt_data;
1224 if (!pn533_target_type_b_is_valid(tgt_type_b, tgt_data_len))
1227 nfc_tgt->supported_protocols = NFC_PROTO_ISO14443_B_MASK;
1232 static int pn533_target_found(struct pn533 *dev, u8 tg, u8 *tgdata,
1235 struct nfc_target nfc_tgt;
1238 nfc_dev_dbg(&dev->interface->dev, "%s - modulation=%d", __func__,
1239 dev->poll_mod_curr);
1244 memset(&nfc_tgt, 0, sizeof(struct nfc_target));
1246 switch (dev->poll_mod_curr) {
1247 case PN533_POLL_MOD_106KBPS_A:
1248 rc = pn533_target_found_type_a(&nfc_tgt, tgdata, tgdata_len);
1250 case PN533_POLL_MOD_212KBPS_FELICA:
1251 case PN533_POLL_MOD_424KBPS_FELICA:
1252 rc = pn533_target_found_felica(&nfc_tgt, tgdata, tgdata_len);
1254 case PN533_POLL_MOD_106KBPS_JEWEL:
1255 rc = pn533_target_found_jewel(&nfc_tgt, tgdata, tgdata_len);
1257 case PN533_POLL_MOD_847KBPS_B:
1258 rc = pn533_target_found_type_b(&nfc_tgt, tgdata, tgdata_len);
1261 nfc_dev_err(&dev->interface->dev,
1262 "Unknown current poll modulation");
1269 if (!(nfc_tgt.supported_protocols & dev->poll_protocols)) {
1270 nfc_dev_dbg(&dev->interface->dev,
1271 "The Tg found doesn't have the desired protocol");
1275 nfc_dev_dbg(&dev->interface->dev,
1276 "Target found - supported protocols: 0x%x",
1277 nfc_tgt.supported_protocols);
1279 dev->tgt_available_prots = nfc_tgt.supported_protocols;
1281 nfc_targets_found(dev->nfc_dev, &nfc_tgt, 1);
1286 static inline void pn533_poll_next_mod(struct pn533 *dev)
1288 dev->poll_mod_curr = (dev->poll_mod_curr + 1) % dev->poll_mod_count;
1291 static void pn533_poll_reset_mod_list(struct pn533 *dev)
1293 dev->poll_mod_count = 0;
1296 static void pn533_poll_add_mod(struct pn533 *dev, u8 mod_index)
1298 dev->poll_mod_active[dev->poll_mod_count] =
1299 (struct pn533_poll_modulations *)&poll_mod[mod_index];
1300 dev->poll_mod_count++;
1303 static void pn533_poll_create_mod_list(struct pn533 *dev,
1304 u32 im_protocols, u32 tm_protocols)
1306 pn533_poll_reset_mod_list(dev);
1308 if ((im_protocols & NFC_PROTO_MIFARE_MASK) ||
1309 (im_protocols & NFC_PROTO_ISO14443_MASK) ||
1310 (im_protocols & NFC_PROTO_NFC_DEP_MASK))
1311 pn533_poll_add_mod(dev, PN533_POLL_MOD_106KBPS_A);
1313 if (im_protocols & NFC_PROTO_FELICA_MASK ||
1314 im_protocols & NFC_PROTO_NFC_DEP_MASK) {
1315 pn533_poll_add_mod(dev, PN533_POLL_MOD_212KBPS_FELICA);
1316 pn533_poll_add_mod(dev, PN533_POLL_MOD_424KBPS_FELICA);
1319 if (im_protocols & NFC_PROTO_JEWEL_MASK)
1320 pn533_poll_add_mod(dev, PN533_POLL_MOD_106KBPS_JEWEL);
1322 if (im_protocols & NFC_PROTO_ISO14443_B_MASK)
1323 pn533_poll_add_mod(dev, PN533_POLL_MOD_847KBPS_B);
1326 pn533_poll_add_mod(dev, PN533_LISTEN_MOD);
1329 static int pn533_start_poll_complete(struct pn533 *dev, struct sk_buff *resp)
1331 u8 nbtg, tg, *tgdata;
1334 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1336 nbtg = resp->data[0];
1338 tgdata = &resp->data[2];
1339 tgdata_len = resp->len - 2; /* nbtg + tg */
1342 rc = pn533_target_found(dev, tg, tgdata, tgdata_len);
1344 /* We must stop the poll after a valid target found */
1346 pn533_poll_reset_mod_list(dev);
1354 static struct sk_buff *pn533_alloc_poll_tg_frame(struct pn533 *dev)
1356 struct sk_buff *skb;
1357 u8 *felica, *nfcid3, *gb;
1359 u8 *gbytes = dev->gb;
1360 size_t gbytes_len = dev->gb_len;
1362 u8 felica_params[18] = {0x1, 0xfe, /* DEP */
1363 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, /* random */
1364 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
1365 0xff, 0xff}; /* System code */
1367 u8 mifare_params[6] = {0x1, 0x1, /* SENS_RES */
1369 0x40}; /* SEL_RES for DEP */
1371 unsigned int skb_len = 36 + /* mode (1), mifare (6),
1372 felica (18), nfcid3 (10), gb_len (1) */
1376 skb = pn533_alloc_skb(dev, skb_len);
1380 /* DEP support only */
1381 *skb_put(skb, 1) = PN533_INIT_TARGET_DEP;
1384 memcpy(skb_put(skb, 6), mifare_params, 6);
1387 felica = skb_put(skb, 18);
1388 memcpy(felica, felica_params, 18);
1389 get_random_bytes(felica + 2, 6);
1392 nfcid3 = skb_put(skb, 10);
1393 memset(nfcid3, 0, 10);
1394 memcpy(nfcid3, felica, 8);
1397 *skb_put(skb, 1) = gbytes_len;
1399 gb = skb_put(skb, gbytes_len);
1400 memcpy(gb, gbytes, gbytes_len);
1403 *skb_put(skb, 1) = 0;
1408 #define PN533_CMD_DATAEXCH_HEAD_LEN 1
1409 #define PN533_CMD_DATAEXCH_DATA_MAXLEN 262
1410 static int pn533_tm_get_data_complete(struct pn533 *dev, void *arg,
1411 struct sk_buff *resp)
1415 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1418 return PTR_ERR(resp);
1420 status = resp->data[0];
1421 skb_pull(resp, sizeof(status));
1424 nfc_tm_deactivated(dev->nfc_dev);
1426 dev_kfree_skb(resp);
1430 return nfc_tm_data_received(dev->nfc_dev, resp);
1433 static void pn533_wq_tg_get_data(struct work_struct *work)
1435 struct pn533 *dev = container_of(work, struct pn533, tg_work);
1437 struct sk_buff *skb;
1440 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1442 skb = pn533_alloc_skb(dev, 0);
1446 rc = pn533_send_data_async(dev, PN533_CMD_TG_GET_DATA, skb,
1447 pn533_tm_get_data_complete, NULL);
1455 #define ATR_REQ_GB_OFFSET 17
1456 static int pn533_init_target_complete(struct pn533 *dev, struct sk_buff *resp)
1458 u8 mode, *cmd, comm_mode = NFC_COMM_PASSIVE, *gb;
1462 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1464 if (resp->len < ATR_REQ_GB_OFFSET + 1)
1467 mode = resp->data[0];
1468 cmd = &resp->data[1];
1470 nfc_dev_dbg(&dev->interface->dev, "Target mode 0x%x len %d\n",
1473 if ((mode & PN533_INIT_TARGET_RESP_FRAME_MASK) ==
1474 PN533_INIT_TARGET_RESP_ACTIVE)
1475 comm_mode = NFC_COMM_ACTIVE;
1477 if ((mode & PN533_INIT_TARGET_RESP_DEP) == 0) /* Only DEP supported */
1480 gb = cmd + ATR_REQ_GB_OFFSET;
1481 gb_len = resp->len - (ATR_REQ_GB_OFFSET + 1);
1483 rc = nfc_tm_activated(dev->nfc_dev, NFC_PROTO_NFC_DEP_MASK,
1484 comm_mode, gb, gb_len);
1486 nfc_dev_err(&dev->interface->dev,
1487 "Error when signaling target activation");
1492 queue_work(dev->wq, &dev->tg_work);
1497 static void pn533_listen_mode_timer(unsigned long data)
1499 struct pn533 *dev = (struct pn533 *)data;
1501 nfc_dev_dbg(&dev->interface->dev, "Listen mode timeout");
1503 /* An ack will cancel the last issued command (poll) */
1504 pn533_send_ack(dev, GFP_ATOMIC);
1506 dev->cancel_listen = 1;
1508 pn533_poll_next_mod(dev);
1510 queue_work(dev->wq, &dev->poll_work);
1513 static int pn533_poll_complete(struct pn533 *dev, void *arg,
1514 struct sk_buff *resp)
1516 struct pn533_poll_modulations *cur_mod;
1519 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1524 nfc_dev_err(&dev->interface->dev, "%s Poll complete error %d",
1527 if (rc == -ENOENT) {
1528 if (dev->poll_mod_count != 0)
1532 } else if (rc < 0) {
1533 nfc_dev_err(&dev->interface->dev,
1534 "Error %d when running poll", rc);
1539 cur_mod = dev->poll_mod_active[dev->poll_mod_curr];
1541 if (cur_mod->len == 0) { /* Target mode */
1542 del_timer(&dev->listen_timer);
1543 rc = pn533_init_target_complete(dev, resp);
1547 /* Initiator mode */
1548 rc = pn533_start_poll_complete(dev, resp);
1552 pn533_poll_next_mod(dev);
1553 queue_work(dev->wq, &dev->poll_work);
1556 dev_kfree_skb(resp);
1560 nfc_dev_err(&dev->interface->dev, "Polling operation has been stopped");
1562 pn533_poll_reset_mod_list(dev);
1563 dev->poll_protocols = 0;
1567 static struct sk_buff *pn533_alloc_poll_in_frame(struct pn533 *dev,
1568 struct pn533_poll_modulations *mod)
1570 struct sk_buff *skb;
1572 skb = pn533_alloc_skb(dev, mod->len);
1576 memcpy(skb_put(skb, mod->len), &mod->data, mod->len);
1581 static int pn533_send_poll_frame(struct pn533 *dev)
1583 struct pn533_poll_modulations *mod;
1584 struct sk_buff *skb;
1588 mod = dev->poll_mod_active[dev->poll_mod_curr];
1590 nfc_dev_dbg(&dev->interface->dev, "%s mod len %d\n",
1591 __func__, mod->len);
1593 if (mod->len == 0) { /* Listen mode */
1594 cmd_code = PN533_CMD_TG_INIT_AS_TARGET;
1595 skb = pn533_alloc_poll_tg_frame(dev);
1596 } else { /* Polling mode */
1597 cmd_code = PN533_CMD_IN_LIST_PASSIVE_TARGET;
1598 skb = pn533_alloc_poll_in_frame(dev, mod);
1602 nfc_dev_err(&dev->interface->dev, "Failed to allocate skb.");
1606 rc = pn533_send_cmd_async(dev, cmd_code, skb, pn533_poll_complete,
1610 nfc_dev_err(&dev->interface->dev, "Polling loop error %d", rc);
1616 static void pn533_wq_poll(struct work_struct *work)
1618 struct pn533 *dev = container_of(work, struct pn533, poll_work);
1619 struct pn533_poll_modulations *cur_mod;
1622 cur_mod = dev->poll_mod_active[dev->poll_mod_curr];
1624 nfc_dev_dbg(&dev->interface->dev,
1625 "%s cancel_listen %d modulation len %d",
1626 __func__, dev->cancel_listen, cur_mod->len);
1628 if (dev->cancel_listen == 1) {
1629 dev->cancel_listen = 0;
1630 usb_kill_urb(dev->in_urb);
1633 rc = pn533_send_poll_frame(dev);
1637 if (cur_mod->len == 0 && dev->poll_mod_count > 1)
1638 mod_timer(&dev->listen_timer, jiffies + PN533_LISTEN_TIME * HZ);
1643 static int pn533_start_poll(struct nfc_dev *nfc_dev,
1644 u32 im_protocols, u32 tm_protocols)
1646 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1648 nfc_dev_dbg(&dev->interface->dev,
1649 "%s: im protocols 0x%x tm protocols 0x%x",
1650 __func__, im_protocols, tm_protocols);
1652 if (dev->tgt_active_prot) {
1653 nfc_dev_err(&dev->interface->dev,
1654 "Cannot poll with a target already activated");
1658 if (dev->tgt_mode) {
1659 nfc_dev_err(&dev->interface->dev,
1660 "Cannot poll while already being activated");
1665 dev->gb = nfc_get_local_general_bytes(nfc_dev, &dev->gb_len);
1666 if (dev->gb == NULL)
1670 dev->poll_mod_curr = 0;
1671 pn533_poll_create_mod_list(dev, im_protocols, tm_protocols);
1672 dev->poll_protocols = im_protocols;
1673 dev->listen_protocols = tm_protocols;
1675 return pn533_send_poll_frame(dev);
1678 static void pn533_stop_poll(struct nfc_dev *nfc_dev)
1680 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1682 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1684 del_timer(&dev->listen_timer);
1686 if (!dev->poll_mod_count) {
1687 nfc_dev_dbg(&dev->interface->dev,
1688 "Polling operation was not running");
1692 /* An ack will cancel the last issued command (poll) */
1693 pn533_send_ack(dev, GFP_KERNEL);
1695 /* prevent pn533_start_poll_complete to issue a new poll meanwhile */
1696 usb_kill_urb(dev->in_urb);
1698 pn533_poll_reset_mod_list(dev);
1701 static int pn533_activate_target_nfcdep(struct pn533 *dev)
1703 struct pn533_cmd_activate_response *rsp;
1707 struct sk_buff *skb;
1708 struct sk_buff *resp;
1710 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1712 skb = pn533_alloc_skb(dev, sizeof(u8) * 2); /*TG + Next*/
1716 *skb_put(skb, sizeof(u8)) = 1; /* TG */
1717 *skb_put(skb, sizeof(u8)) = 0; /* Next */
1719 resp = pn533_send_cmd_sync(dev, PN533_CMD_IN_ATR, skb);
1721 return PTR_ERR(resp);
1723 rsp = (struct pn533_cmd_activate_response *)resp->data;
1724 rc = rsp->status & PN533_CMD_RET_MASK;
1725 if (rc != PN533_CMD_RET_SUCCESS) {
1726 dev_kfree_skb(resp);
1730 /* ATR_RES general bytes are located at offset 16 */
1731 gt_len = resp->len - 16;
1732 rc = nfc_set_remote_general_bytes(dev->nfc_dev, rsp->gt, gt_len);
1734 dev_kfree_skb(resp);
1738 static int pn533_activate_target(struct nfc_dev *nfc_dev,
1739 struct nfc_target *target, u32 protocol)
1741 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1744 nfc_dev_dbg(&dev->interface->dev, "%s - protocol=%u", __func__,
1747 if (dev->poll_mod_count) {
1748 nfc_dev_err(&dev->interface->dev,
1749 "Cannot activate while polling");
1753 if (dev->tgt_active_prot) {
1754 nfc_dev_err(&dev->interface->dev,
1755 "There is already an active target");
1759 if (!dev->tgt_available_prots) {
1760 nfc_dev_err(&dev->interface->dev,
1761 "There is no available target to activate");
1765 if (!(dev->tgt_available_prots & (1 << protocol))) {
1766 nfc_dev_err(&dev->interface->dev,
1767 "Target doesn't support requested proto %u",
1772 if (protocol == NFC_PROTO_NFC_DEP) {
1773 rc = pn533_activate_target_nfcdep(dev);
1775 nfc_dev_err(&dev->interface->dev,
1776 "Activating target with DEP failed %d", rc);
1781 dev->tgt_active_prot = protocol;
1782 dev->tgt_available_prots = 0;
1787 static void pn533_deactivate_target(struct nfc_dev *nfc_dev,
1788 struct nfc_target *target)
1790 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1792 struct sk_buff *skb;
1793 struct sk_buff *resp;
1797 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1799 if (!dev->tgt_active_prot) {
1800 nfc_dev_err(&dev->interface->dev, "There is no active target");
1804 dev->tgt_active_prot = 0;
1805 skb_queue_purge(&dev->resp_q);
1807 skb = pn533_alloc_skb(dev, sizeof(u8));
1811 *skb_put(skb, 1) = 1; /* TG*/
1813 resp = pn533_send_cmd_sync(dev, PN533_CMD_IN_RELEASE, skb);
1817 rc = resp->data[0] & PN533_CMD_RET_MASK;
1818 if (rc != PN533_CMD_RET_SUCCESS)
1819 nfc_dev_err(&dev->interface->dev,
1820 "Error 0x%x when releasing the target", rc);
1822 dev_kfree_skb(resp);
1827 static int pn533_in_dep_link_up_complete(struct pn533 *dev, void *arg,
1828 struct sk_buff *resp)
1830 struct pn533_cmd_jump_dep_response *rsp;
1833 u8 active = *(u8 *)arg;
1838 return PTR_ERR(resp);
1840 if (dev->tgt_available_prots &&
1841 !(dev->tgt_available_prots & (1 << NFC_PROTO_NFC_DEP))) {
1842 nfc_dev_err(&dev->interface->dev,
1843 "The target does not support DEP");
1848 rsp = (struct pn533_cmd_jump_dep_response *)resp->data;
1850 rc = rsp->status & PN533_CMD_RET_MASK;
1851 if (rc != PN533_CMD_RET_SUCCESS) {
1852 nfc_dev_err(&dev->interface->dev,
1853 "Bringing DEP link up failed %d", rc);
1857 if (!dev->tgt_available_prots) {
1858 struct nfc_target nfc_target;
1860 nfc_dev_dbg(&dev->interface->dev, "Creating new target");
1862 nfc_target.supported_protocols = NFC_PROTO_NFC_DEP_MASK;
1863 nfc_target.nfcid1_len = 10;
1864 memcpy(nfc_target.nfcid1, rsp->nfcid3t, nfc_target.nfcid1_len);
1865 rc = nfc_targets_found(dev->nfc_dev, &nfc_target, 1);
1869 dev->tgt_available_prots = 0;
1872 dev->tgt_active_prot = NFC_PROTO_NFC_DEP;
1874 /* ATR_RES general bytes are located at offset 17 */
1875 target_gt_len = resp->len - 17;
1876 rc = nfc_set_remote_general_bytes(dev->nfc_dev,
1877 rsp->gt, target_gt_len);
1879 rc = nfc_dep_link_is_up(dev->nfc_dev,
1880 dev->nfc_dev->targets[0].idx,
1881 !active, NFC_RF_INITIATOR);
1884 dev_kfree_skb(resp);
1888 static int pn533_mod_to_baud(struct pn533 *dev)
1890 switch (dev->poll_mod_curr) {
1891 case PN533_POLL_MOD_106KBPS_A:
1893 case PN533_POLL_MOD_212KBPS_FELICA:
1895 case PN533_POLL_MOD_424KBPS_FELICA:
1902 #define PASSIVE_DATA_LEN 5
1903 static int pn533_dep_link_up(struct nfc_dev *nfc_dev, struct nfc_target *target,
1904 u8 comm_mode, u8 *gb, size_t gb_len)
1906 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1907 struct sk_buff *skb;
1908 int rc, baud, skb_len;
1911 u8 passive_data[PASSIVE_DATA_LEN] = {0x00, 0xff, 0xff, 0x00, 0x3};
1913 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1915 if (dev->poll_mod_count) {
1916 nfc_dev_err(&dev->interface->dev,
1917 "Cannot bring the DEP link up while polling");
1921 if (dev->tgt_active_prot) {
1922 nfc_dev_err(&dev->interface->dev,
1923 "There is already an active target");
1927 baud = pn533_mod_to_baud(dev);
1929 nfc_dev_err(&dev->interface->dev,
1930 "Invalid curr modulation %d", dev->poll_mod_curr);
1934 skb_len = 3 + gb_len; /* ActPass + BR + Next */
1935 if (comm_mode == NFC_COMM_PASSIVE)
1936 skb_len += PASSIVE_DATA_LEN;
1938 skb = pn533_alloc_skb(dev, skb_len);
1942 *skb_put(skb, 1) = !comm_mode; /* ActPass */
1943 *skb_put(skb, 1) = baud; /* Baud rate */
1945 next = skb_put(skb, 1); /* Next */
1948 if (comm_mode == NFC_COMM_PASSIVE && baud > 0) {
1949 memcpy(skb_put(skb, PASSIVE_DATA_LEN), passive_data,
1954 if (gb != NULL && gb_len > 0) {
1955 memcpy(skb_put(skb, gb_len), gb, gb_len);
1956 *next |= 4; /* We have some Gi */
1961 arg = kmalloc(sizeof(*arg), GFP_KERNEL);
1969 rc = pn533_send_cmd_async(dev, PN533_CMD_IN_JUMP_FOR_DEP, skb,
1970 pn533_in_dep_link_up_complete, arg);
1980 static int pn533_dep_link_down(struct nfc_dev *nfc_dev)
1982 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1984 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1986 pn533_poll_reset_mod_list(dev);
1988 if (dev->tgt_mode || dev->tgt_active_prot) {
1989 pn533_send_ack(dev, GFP_KERNEL);
1990 usb_kill_urb(dev->in_urb);
1993 dev->tgt_active_prot = 0;
1996 skb_queue_purge(&dev->resp_q);
2001 struct pn533_data_exchange_arg {
2002 data_exchange_cb_t cb;
2006 static struct sk_buff *pn533_build_response(struct pn533 *dev)
2008 struct sk_buff *skb, *tmp, *t;
2009 unsigned int skb_len = 0, tmp_len = 0;
2011 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2013 if (skb_queue_empty(&dev->resp_q))
2016 if (skb_queue_len(&dev->resp_q) == 1) {
2017 skb = skb_dequeue(&dev->resp_q);
2021 skb_queue_walk_safe(&dev->resp_q, tmp, t)
2022 skb_len += tmp->len;
2024 nfc_dev_dbg(&dev->interface->dev, "%s total length %d\n",
2027 skb = alloc_skb(skb_len, GFP_KERNEL);
2031 skb_put(skb, skb_len);
2033 skb_queue_walk_safe(&dev->resp_q, tmp, t) {
2034 memcpy(skb->data + tmp_len, tmp->data, tmp->len);
2035 tmp_len += tmp->len;
2039 skb_queue_purge(&dev->resp_q);
2044 static int pn533_data_exchange_complete(struct pn533 *dev, void *_arg,
2045 struct sk_buff *resp)
2047 struct pn533_data_exchange_arg *arg = _arg;
2048 struct sk_buff *skb;
2052 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2059 status = resp->data[0];
2060 ret = status & PN533_CMD_RET_MASK;
2061 mi = status & PN533_CMD_MI_MASK;
2063 skb_pull(resp, sizeof(status));
2065 if (ret != PN533_CMD_RET_SUCCESS) {
2066 nfc_dev_err(&dev->interface->dev,
2067 "PN533 reported error %d when exchanging data",
2073 skb_queue_tail(&dev->resp_q, resp);
2076 dev->cmd_complete_mi_arg = arg;
2077 queue_work(dev->wq, &dev->mi_work);
2078 return -EINPROGRESS;
2081 skb = pn533_build_response(dev);
2085 arg->cb(arg->cb_context, skb, 0);
2090 dev_kfree_skb(resp);
2092 skb_queue_purge(&dev->resp_q);
2093 arg->cb(arg->cb_context, NULL, rc);
2098 static int pn533_transceive(struct nfc_dev *nfc_dev,
2099 struct nfc_target *target, struct sk_buff *skb,
2100 data_exchange_cb_t cb, void *cb_context)
2102 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
2103 struct pn533_data_exchange_arg *arg = NULL;
2106 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2108 if (skb->len > PN533_CMD_DATAEXCH_DATA_MAXLEN) {
2109 /* TODO: Implement support to multi-part data exchange */
2110 nfc_dev_err(&dev->interface->dev,
2111 "Data length greater than the max allowed: %d",
2112 PN533_CMD_DATAEXCH_DATA_MAXLEN);
2117 if (!dev->tgt_active_prot) {
2118 nfc_dev_err(&dev->interface->dev,
2119 "Can't exchange data if there is no active target");
2124 arg = kmalloc(sizeof(*arg), GFP_KERNEL);
2131 arg->cb_context = cb_context;
2133 switch (dev->device_type) {
2134 case PN533_DEVICE_PASORI:
2135 if (dev->tgt_active_prot == NFC_PROTO_FELICA) {
2136 rc = pn533_send_data_async(dev, PN533_CMD_IN_COMM_THRU,
2138 pn533_data_exchange_complete,
2144 *skb_push(skb, sizeof(u8)) = 1; /*TG*/
2146 rc = pn533_send_data_async(dev, PN533_CMD_IN_DATA_EXCHANGE,
2147 skb, pn533_data_exchange_complete,
2153 if (rc < 0) /* rc from send_async */
2164 static int pn533_tm_send_complete(struct pn533 *dev, void *arg,
2165 struct sk_buff *resp)
2169 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2172 return PTR_ERR(resp);
2174 status = resp->data[0];
2176 dev_kfree_skb(resp);
2179 nfc_tm_deactivated(dev->nfc_dev);
2186 queue_work(dev->wq, &dev->tg_work);
2191 static int pn533_tm_send(struct nfc_dev *nfc_dev, struct sk_buff *skb)
2193 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
2196 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2198 if (skb->len > PN533_CMD_DATAEXCH_DATA_MAXLEN) {
2199 nfc_dev_err(&dev->interface->dev,
2200 "Data length greater than the max allowed: %d",
2201 PN533_CMD_DATAEXCH_DATA_MAXLEN);
2205 rc = pn533_send_data_async(dev, PN533_CMD_TG_SET_DATA, skb,
2206 pn533_tm_send_complete, NULL);
2213 static void pn533_wq_mi_recv(struct work_struct *work)
2215 struct pn533 *dev = container_of(work, struct pn533, mi_work);
2217 struct sk_buff *skb;
2220 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2222 skb = pn533_alloc_skb(dev, PN533_CMD_DATAEXCH_HEAD_LEN);
2226 switch (dev->device_type) {
2227 case PN533_DEVICE_PASORI:
2228 if (dev->tgt_active_prot == NFC_PROTO_FELICA) {
2229 rc = pn533_send_cmd_direct_async(dev,
2230 PN533_CMD_IN_COMM_THRU,
2232 pn533_data_exchange_complete,
2233 dev->cmd_complete_mi_arg);
2238 *skb_put(skb, sizeof(u8)) = 1; /*TG*/
2240 rc = pn533_send_cmd_direct_async(dev,
2241 PN533_CMD_IN_DATA_EXCHANGE,
2243 pn533_data_exchange_complete,
2244 dev->cmd_complete_mi_arg);
2249 if (rc == 0) /* success */
2252 nfc_dev_err(&dev->interface->dev,
2253 "Error %d when trying to perform data_exchange", rc);
2256 kfree(dev->cmd_complete_arg);
2259 pn533_send_ack(dev, GFP_KERNEL);
2260 queue_work(dev->wq, &dev->cmd_work);
2263 static int pn533_set_configuration(struct pn533 *dev, u8 cfgitem, u8 *cfgdata,
2266 struct sk_buff *skb;
2267 struct sk_buff *resp;
2271 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2273 skb_len = sizeof(cfgitem) + cfgdata_len; /* cfgitem + cfgdata */
2275 skb = pn533_alloc_skb(dev, skb_len);
2279 *skb_put(skb, sizeof(cfgitem)) = cfgitem;
2280 memcpy(skb_put(skb, cfgdata_len), cfgdata, cfgdata_len);
2282 resp = pn533_send_cmd_sync(dev, PN533_CMD_RF_CONFIGURATION, skb);
2284 return PTR_ERR(resp);
2286 dev_kfree_skb(resp);
2290 static int pn533_get_firmware_version(struct pn533 *dev,
2291 struct pn533_fw_version *fv)
2293 struct sk_buff *skb;
2294 struct sk_buff *resp;
2296 skb = pn533_alloc_skb(dev, 0);
2300 resp = pn533_send_cmd_sync(dev, PN533_CMD_GET_FIRMWARE_VERSION, skb);
2302 return PTR_ERR(resp);
2304 fv->ic = resp->data[0];
2305 fv->ver = resp->data[1];
2306 fv->rev = resp->data[2];
2307 fv->support = resp->data[3];
2309 dev_kfree_skb(resp);
2313 static int pn533_fw_reset(struct pn533 *dev)
2315 struct sk_buff *skb;
2316 struct sk_buff *resp;
2318 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2320 skb = pn533_alloc_skb(dev, sizeof(u8));
2324 *skb_put(skb, sizeof(u8)) = 0x1;
2326 resp = pn533_send_cmd_sync(dev, 0x18, skb);
2328 return PTR_ERR(resp);
2330 dev_kfree_skb(resp);
2335 static struct nfc_ops pn533_nfc_ops = {
2338 .dep_link_up = pn533_dep_link_up,
2339 .dep_link_down = pn533_dep_link_down,
2340 .start_poll = pn533_start_poll,
2341 .stop_poll = pn533_stop_poll,
2342 .activate_target = pn533_activate_target,
2343 .deactivate_target = pn533_deactivate_target,
2344 .im_transceive = pn533_transceive,
2345 .tm_send = pn533_tm_send,
2348 static int pn533_setup(struct pn533 *dev)
2350 struct pn533_config_max_retries max_retries;
2351 struct pn533_config_timing timing;
2352 u8 pasori_cfg[3] = {0x08, 0x01, 0x08};
2355 switch (dev->device_type) {
2356 case PN533_DEVICE_STD:
2357 max_retries.mx_rty_atr = PN533_CONFIG_MAX_RETRIES_ENDLESS;
2358 max_retries.mx_rty_psl = 2;
2359 max_retries.mx_rty_passive_act =
2360 PN533_CONFIG_MAX_RETRIES_NO_RETRY;
2362 timing.rfu = PN533_CONFIG_TIMING_102;
2363 timing.atr_res_timeout = PN533_CONFIG_TIMING_204;
2364 timing.dep_timeout = PN533_CONFIG_TIMING_409;
2368 case PN533_DEVICE_PASORI:
2369 max_retries.mx_rty_atr = 0x2;
2370 max_retries.mx_rty_psl = 0x1;
2371 max_retries.mx_rty_passive_act =
2372 PN533_CONFIG_MAX_RETRIES_NO_RETRY;
2374 timing.rfu = PN533_CONFIG_TIMING_102;
2375 timing.atr_res_timeout = PN533_CONFIG_TIMING_102;
2376 timing.dep_timeout = PN533_CONFIG_TIMING_204;
2381 nfc_dev_err(&dev->interface->dev, "Unknown device type %d\n",
2386 rc = pn533_set_configuration(dev, PN533_CFGITEM_MAX_RETRIES,
2387 (u8 *)&max_retries, sizeof(max_retries));
2389 nfc_dev_err(&dev->interface->dev,
2390 "Error on setting MAX_RETRIES config");
2395 rc = pn533_set_configuration(dev, PN533_CFGITEM_TIMING,
2396 (u8 *)&timing, sizeof(timing));
2398 nfc_dev_err(&dev->interface->dev,
2399 "Error on setting RF timings");
2403 switch (dev->device_type) {
2404 case PN533_DEVICE_STD:
2407 case PN533_DEVICE_PASORI:
2408 pn533_fw_reset(dev);
2410 rc = pn533_set_configuration(dev, PN533_CFGITEM_PASORI,
2413 nfc_dev_err(&dev->interface->dev,
2414 "Error while settings PASORI config");
2418 pn533_fw_reset(dev);
2426 static int pn533_probe(struct usb_interface *interface,
2427 const struct usb_device_id *id)
2429 struct pn533_fw_version fw_ver;
2431 struct usb_host_interface *iface_desc;
2432 struct usb_endpoint_descriptor *endpoint;
2433 int in_endpoint = 0;
2434 int out_endpoint = 0;
2439 dev = kzalloc(sizeof(*dev), GFP_KERNEL);
2443 dev->udev = usb_get_dev(interface_to_usbdev(interface));
2444 dev->interface = interface;
2445 mutex_init(&dev->cmd_lock);
2447 iface_desc = interface->cur_altsetting;
2448 for (i = 0; i < iface_desc->desc.bNumEndpoints; ++i) {
2449 endpoint = &iface_desc->endpoint[i].desc;
2451 if (!in_endpoint && usb_endpoint_is_bulk_in(endpoint))
2452 in_endpoint = endpoint->bEndpointAddress;
2454 if (!out_endpoint && usb_endpoint_is_bulk_out(endpoint))
2455 out_endpoint = endpoint->bEndpointAddress;
2458 if (!in_endpoint || !out_endpoint) {
2459 nfc_dev_err(&interface->dev,
2460 "Could not find bulk-in or bulk-out endpoint");
2465 dev->in_urb = usb_alloc_urb(0, GFP_KERNEL);
2466 dev->out_urb = usb_alloc_urb(0, GFP_KERNEL);
2468 if (!dev->in_urb || !dev->out_urb)
2471 usb_fill_bulk_urb(dev->in_urb, dev->udev,
2472 usb_rcvbulkpipe(dev->udev, in_endpoint),
2473 NULL, 0, NULL, dev);
2474 usb_fill_bulk_urb(dev->out_urb, dev->udev,
2475 usb_sndbulkpipe(dev->udev, out_endpoint),
2476 NULL, 0, pn533_send_complete, dev);
2478 INIT_WORK(&dev->cmd_work, pn533_wq_cmd);
2479 INIT_WORK(&dev->cmd_complete_work, pn533_wq_cmd_complete);
2480 INIT_WORK(&dev->mi_work, pn533_wq_mi_recv);
2481 INIT_WORK(&dev->tg_work, pn533_wq_tg_get_data);
2482 INIT_WORK(&dev->poll_work, pn533_wq_poll);
2483 dev->wq = alloc_ordered_workqueue("pn533", 0);
2484 if (dev->wq == NULL)
2487 init_timer(&dev->listen_timer);
2488 dev->listen_timer.data = (unsigned long) dev;
2489 dev->listen_timer.function = pn533_listen_mode_timer;
2491 skb_queue_head_init(&dev->resp_q);
2493 INIT_LIST_HEAD(&dev->cmd_queue);
2495 usb_set_intfdata(interface, dev);
2497 dev->ops = &pn533_std_frame_ops;
2499 dev->device_type = id->driver_info;
2500 switch (dev->device_type) {
2501 case PN533_DEVICE_STD:
2502 protocols = PN533_ALL_PROTOCOLS;
2505 case PN533_DEVICE_PASORI:
2506 protocols = PN533_NO_TYPE_B_PROTOCOLS;
2510 nfc_dev_err(&dev->interface->dev, "Unknown device type %d\n",
2516 memset(&fw_ver, 0, sizeof(fw_ver));
2517 rc = pn533_get_firmware_version(dev, &fw_ver);
2521 nfc_dev_info(&dev->interface->dev,
2522 "NXP PN533 firmware ver %d.%d now attached",
2523 fw_ver.ver, fw_ver.rev);
2526 dev->nfc_dev = nfc_allocate_device(&pn533_nfc_ops, protocols,
2528 dev->ops->tx_header_len +
2529 PN533_CMD_DATAEXCH_HEAD_LEN,
2530 dev->ops->tx_tail_len);
2534 nfc_set_parent_dev(dev->nfc_dev, &interface->dev);
2535 nfc_set_drvdata(dev->nfc_dev, dev);
2537 rc = nfc_register_device(dev->nfc_dev);
2541 rc = pn533_setup(dev);
2543 goto unregister_nfc_dev;
2548 nfc_unregister_device(dev->nfc_dev);
2551 nfc_free_device(dev->nfc_dev);
2554 destroy_workqueue(dev->wq);
2556 usb_free_urb(dev->in_urb);
2557 usb_free_urb(dev->out_urb);
2562 static void pn533_disconnect(struct usb_interface *interface)
2565 struct pn533_cmd *cmd, *n;
2567 dev = usb_get_intfdata(interface);
2568 usb_set_intfdata(interface, NULL);
2570 nfc_unregister_device(dev->nfc_dev);
2571 nfc_free_device(dev->nfc_dev);
2573 usb_kill_urb(dev->in_urb);
2574 usb_kill_urb(dev->out_urb);
2576 destroy_workqueue(dev->wq);
2578 skb_queue_purge(&dev->resp_q);
2580 del_timer(&dev->listen_timer);
2582 list_for_each_entry_safe(cmd, n, &dev->cmd_queue, queue) {
2583 list_del(&cmd->queue);
2587 usb_free_urb(dev->in_urb);
2588 usb_free_urb(dev->out_urb);
2591 nfc_dev_info(&interface->dev, "NXP PN533 NFC device disconnected");
2594 static struct usb_driver pn533_driver = {
2596 .probe = pn533_probe,
2597 .disconnect = pn533_disconnect,
2598 .id_table = pn533_table,
2601 module_usb_driver(pn533_driver);
2603 MODULE_AUTHOR("Lauro Ramos Venancio <lauro.venancio@openbossa.org>,"
2604 " Aloisio Almeida Jr <aloisio.almeida@openbossa.org>");
2605 MODULE_DESCRIPTION("PN533 usb driver ver " VERSION);
2606 MODULE_VERSION(VERSION);
2607 MODULE_LICENSE("GPL");
projects / karo-tx-linux.git / blob