2 * Copyright (C) 2011 Instituto Nokia de Tecnologia
5 * Lauro Ramos Venancio <lauro.venancio@openbossa.org>
6 * Aloisio Almeida Jr <aloisio.almeida@openbossa.org>
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the
20 * Free Software Foundation, Inc.,
21 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
24 #include <linux/device.h>
25 #include <linux/kernel.h>
26 #include <linux/module.h>
27 #include <linux/slab.h>
28 #include <linux/usb.h>
29 #include <linux/nfc.h>
30 #include <linux/netdevice.h>
31 #include <net/nfc/nfc.h>
35 #define PN533_VENDOR_ID 0x4CC
36 #define PN533_PRODUCT_ID 0x2533
38 #define SCM_VENDOR_ID 0x4E6
39 #define SCL3711_PRODUCT_ID 0x5591
41 #define SONY_VENDOR_ID 0x054c
42 #define PASORI_PRODUCT_ID 0x02e1
44 #define PN533_QUIRKS_TYPE_A BIT(0)
45 #define PN533_QUIRKS_TYPE_F BIT(1)
46 #define PN533_QUIRKS_DEP BIT(2)
47 #define PN533_QUIRKS_RAW_EXCHANGE BIT(3)
49 #define PN533_DEVICE_STD 0x1
50 #define PN533_DEVICE_PASORI 0x2
52 #define PN533_ALL_PROTOCOLS (NFC_PROTO_JEWEL_MASK | NFC_PROTO_MIFARE_MASK |\
53 NFC_PROTO_FELICA_MASK | NFC_PROTO_ISO14443_MASK |\
54 NFC_PROTO_NFC_DEP_MASK |\
55 NFC_PROTO_ISO14443_B_MASK)
57 #define PN533_NO_TYPE_B_PROTOCOLS (NFC_PROTO_JEWEL_MASK | \
58 NFC_PROTO_MIFARE_MASK | \
59 NFC_PROTO_FELICA_MASK | \
60 NFC_PROTO_ISO14443_MASK | \
61 NFC_PROTO_NFC_DEP_MASK)
63 static const struct usb_device_id pn533_table[] = {
64 { .match_flags = USB_DEVICE_ID_MATCH_DEVICE,
65 .idVendor = PN533_VENDOR_ID,
66 .idProduct = PN533_PRODUCT_ID,
67 .driver_info = PN533_DEVICE_STD,
69 { .match_flags = USB_DEVICE_ID_MATCH_DEVICE,
70 .idVendor = SCM_VENDOR_ID,
71 .idProduct = SCL3711_PRODUCT_ID,
72 .driver_info = PN533_DEVICE_STD,
74 { .match_flags = USB_DEVICE_ID_MATCH_DEVICE,
75 .idVendor = SONY_VENDOR_ID,
76 .idProduct = PASORI_PRODUCT_ID,
77 .driver_info = PN533_DEVICE_PASORI,
81 MODULE_DEVICE_TABLE(usb, pn533_table);
83 /* How much time we spend listening for initiators */
84 #define PN533_LISTEN_TIME 2
86 /* frame definitions */
87 #define PN533_FRAME_TAIL_SIZE 2
88 #define PN533_FRAME_SIZE(f) (sizeof(struct pn533_frame) + f->datalen + \
89 PN533_FRAME_TAIL_SIZE)
90 #define PN533_FRAME_ACK_SIZE (sizeof(struct pn533_frame) + 1)
91 #define PN533_FRAME_CHECKSUM(f) (f->data[f->datalen])
92 #define PN533_FRAME_POSTAMBLE(f) (f->data[f->datalen + 1])
95 #define PN533_SOF 0x00FF
97 /* frame identifier: in/out/error */
98 #define PN533_FRAME_IDENTIFIER(f) (f->data[0])
99 #define PN533_DIR_OUT 0xD4
100 #define PN533_DIR_IN 0xD5
103 #define PN533_FRAME_CMD(f) (f->data[1])
104 #define PN533_FRAME_CMD_PARAMS_PTR(f) (&f->data[2])
105 #define PN533_FRAME_CMD_PARAMS_LEN(f) (f->datalen - 2)
107 #define PN533_CMD_GET_FIRMWARE_VERSION 0x02
108 #define PN533_CMD_RF_CONFIGURATION 0x32
109 #define PN533_CMD_IN_DATA_EXCHANGE 0x40
110 #define PN533_CMD_IN_COMM_THRU 0x42
111 #define PN533_CMD_IN_LIST_PASSIVE_TARGET 0x4A
112 #define PN533_CMD_IN_ATR 0x50
113 #define PN533_CMD_IN_RELEASE 0x52
114 #define PN533_CMD_IN_JUMP_FOR_DEP 0x56
116 #define PN533_CMD_TG_INIT_AS_TARGET 0x8c
117 #define PN533_CMD_TG_GET_DATA 0x86
118 #define PN533_CMD_TG_SET_DATA 0x8e
120 #define PN533_CMD_RESPONSE(cmd) (cmd + 1)
122 /* PN533 Return codes */
123 #define PN533_CMD_RET_MASK 0x3F
124 #define PN533_CMD_MI_MASK 0x40
125 #define PN533_CMD_RET_SUCCESS 0x00
127 /* PN533 status codes */
128 #define PN533_STATUS_TARGET_RELEASED 0x29
132 typedef int (*pn533_cmd_complete_t) (struct pn533 *dev, void *arg,
133 u8 *params, int params_len);
135 /* structs for pn533 commands */
137 /* PN533_CMD_GET_FIRMWARE_VERSION */
138 struct pn533_fw_version {
145 /* PN533_CMD_RF_CONFIGURATION */
146 #define PN533_CFGITEM_TIMING 0x02
147 #define PN533_CFGITEM_MAX_RETRIES 0x05
148 #define PN533_CFGITEM_PASORI 0x82
150 #define PN533_CONFIG_TIMING_102 0xb
151 #define PN533_CONFIG_TIMING_204 0xc
152 #define PN533_CONFIG_TIMING_409 0xd
153 #define PN533_CONFIG_TIMING_819 0xe
155 #define PN533_CONFIG_MAX_RETRIES_NO_RETRY 0x00
156 #define PN533_CONFIG_MAX_RETRIES_ENDLESS 0xFF
158 struct pn533_config_max_retries {
161 u8 mx_rty_passive_act;
164 struct pn533_config_timing {
170 /* PN533_CMD_IN_LIST_PASSIVE_TARGET */
172 /* felica commands opcode */
173 #define PN533_FELICA_OPC_SENSF_REQ 0
174 #define PN533_FELICA_OPC_SENSF_RES 1
175 /* felica SENSF_REQ parameters */
176 #define PN533_FELICA_SENSF_SC_ALL 0xFFFF
177 #define PN533_FELICA_SENSF_RC_NO_SYSTEM_CODE 0
178 #define PN533_FELICA_SENSF_RC_SYSTEM_CODE 1
179 #define PN533_FELICA_SENSF_RC_ADVANCED_PROTOCOL 2
181 /* type B initiator_data values */
182 #define PN533_TYPE_B_AFI_ALL_FAMILIES 0
183 #define PN533_TYPE_B_POLL_METHOD_TIMESLOT 0
184 #define PN533_TYPE_B_POLL_METHOD_PROBABILISTIC 1
186 union pn533_cmd_poll_initdata {
199 /* Poll modulations */
201 PN533_POLL_MOD_106KBPS_A,
202 PN533_POLL_MOD_212KBPS_FELICA,
203 PN533_POLL_MOD_424KBPS_FELICA,
204 PN533_POLL_MOD_106KBPS_JEWEL,
205 PN533_POLL_MOD_847KBPS_B,
208 __PN533_POLL_MOD_AFTER_LAST,
210 #define PN533_POLL_MOD_MAX (__PN533_POLL_MOD_AFTER_LAST - 1)
212 struct pn533_poll_modulations {
216 union pn533_cmd_poll_initdata initiator_data;
221 const struct pn533_poll_modulations poll_mod[] = {
222 [PN533_POLL_MOD_106KBPS_A] = {
229 [PN533_POLL_MOD_212KBPS_FELICA] = {
233 .initiator_data.felica = {
234 .opcode = PN533_FELICA_OPC_SENSF_REQ,
235 .sc = PN533_FELICA_SENSF_SC_ALL,
236 .rc = PN533_FELICA_SENSF_RC_NO_SYSTEM_CODE,
242 [PN533_POLL_MOD_424KBPS_FELICA] = {
246 .initiator_data.felica = {
247 .opcode = PN533_FELICA_OPC_SENSF_REQ,
248 .sc = PN533_FELICA_SENSF_SC_ALL,
249 .rc = PN533_FELICA_SENSF_RC_NO_SYSTEM_CODE,
255 [PN533_POLL_MOD_106KBPS_JEWEL] = {
262 [PN533_POLL_MOD_847KBPS_B] = {
266 .initiator_data.type_b = {
267 .afi = PN533_TYPE_B_AFI_ALL_FAMILIES,
269 PN533_TYPE_B_POLL_METHOD_TIMESLOT,
274 [PN533_LISTEN_MOD] = {
279 /* PN533_CMD_IN_ATR */
281 struct pn533_cmd_activate_param {
286 struct pn533_cmd_activate_response {
298 /* PN533_CMD_IN_JUMP_FOR_DEP */
299 struct pn533_cmd_jump_dep {
306 struct pn533_cmd_jump_dep_response {
320 /* PN533_TG_INIT_AS_TARGET */
321 #define PN533_INIT_TARGET_PASSIVE 0x1
322 #define PN533_INIT_TARGET_DEP 0x2
324 #define PN533_INIT_TARGET_RESP_FRAME_MASK 0x3
325 #define PN533_INIT_TARGET_RESP_ACTIVE 0x1
326 #define PN533_INIT_TARGET_RESP_DEP 0x4
328 struct pn533_cmd_init_target {
337 struct pn533_cmd_init_target_response {
343 struct usb_device *udev;
344 struct usb_interface *interface;
345 struct nfc_dev *nfc_dev;
349 struct pn533_frame *out_frame;
353 struct pn533_frame *in_frame;
355 struct sk_buff_head resp_q;
357 struct workqueue_struct *wq;
358 struct work_struct cmd_work;
359 struct work_struct cmd_complete_work;
360 struct work_struct poll_work;
361 struct work_struct mi_work;
362 struct work_struct tg_work;
363 struct timer_list listen_timer;
364 struct pn533_frame *wq_in_frame;
368 pn533_cmd_complete_t cmd_complete;
369 void *cmd_complete_arg;
370 struct mutex cmd_lock;
373 struct pn533_poll_modulations *poll_mod_active[PN533_POLL_MOD_MAX + 1];
377 u32 listen_protocols;
382 u8 tgt_available_prots;
388 struct list_head cmd_queue;
393 struct list_head queue;
394 struct pn533_frame *out_frame;
395 struct pn533_frame *in_frame;
397 pn533_cmd_complete_t cmd_complete;
410 /* The rule: value + checksum = 0 */
411 static inline u8 pn533_checksum(u8 value)
416 /* The rule: sum(data elements) + checksum = 0 */
417 static u8 pn533_data_checksum(u8 *data, int datalen)
422 for (i = 0; i < datalen; i++)
425 return pn533_checksum(sum);
429 * pn533_tx_frame_ack - create a ack frame
430 * @frame: The frame to be set as ack
432 * Ack is different type of standard frame. As a standard frame, it has
433 * preamble and start_frame. However the checksum of this frame must fail,
434 * i.e. datalen + datalen_checksum must NOT be zero. When the checksum test
435 * fails and datalen = 0 and datalen_checksum = 0xFF, the frame is a ack.
436 * After datalen_checksum field, the postamble is placed.
438 static void pn533_tx_frame_ack(struct pn533_frame *frame)
441 frame->start_frame = cpu_to_be16(PN533_SOF);
443 frame->datalen_checksum = 0xFF;
444 /* data[0] is used as postamble */
448 static void pn533_tx_frame_init(struct pn533_frame *frame, u8 cmd)
451 frame->start_frame = cpu_to_be16(PN533_SOF);
452 PN533_FRAME_IDENTIFIER(frame) = PN533_DIR_OUT;
453 PN533_FRAME_CMD(frame) = cmd;
457 static void pn533_tx_frame_finish(struct pn533_frame *frame)
459 frame->datalen_checksum = pn533_checksum(frame->datalen);
461 PN533_FRAME_CHECKSUM(frame) =
462 pn533_data_checksum(frame->data, frame->datalen);
464 PN533_FRAME_POSTAMBLE(frame) = 0;
467 static bool pn533_rx_frame_is_valid(struct pn533_frame *frame)
471 if (frame->start_frame != cpu_to_be16(PN533_SOF))
474 checksum = pn533_checksum(frame->datalen);
475 if (checksum != frame->datalen_checksum)
478 checksum = pn533_data_checksum(frame->data, frame->datalen);
479 if (checksum != PN533_FRAME_CHECKSUM(frame))
485 static bool pn533_rx_frame_is_ack(struct pn533_frame *frame)
487 if (frame->start_frame != cpu_to_be16(PN533_SOF))
490 if (frame->datalen != 0 || frame->datalen_checksum != 0xFF)
496 static bool pn533_rx_frame_is_cmd_response(struct pn533_frame *frame, u8 cmd)
498 return (PN533_FRAME_CMD(frame) == PN533_CMD_RESPONSE(cmd));
502 static void pn533_wq_cmd_complete(struct work_struct *work)
504 struct pn533 *dev = container_of(work, struct pn533, cmd_complete_work);
505 struct pn533_frame *in_frame;
508 in_frame = dev->wq_in_frame;
510 if (dev->wq_in_error)
511 rc = dev->cmd_complete(dev, dev->cmd_complete_arg, NULL,
514 rc = dev->cmd_complete(dev, dev->cmd_complete_arg,
515 PN533_FRAME_CMD_PARAMS_PTR(in_frame),
516 PN533_FRAME_CMD_PARAMS_LEN(in_frame));
518 if (rc != -EINPROGRESS)
519 queue_work(dev->wq, &dev->cmd_work);
522 static void pn533_recv_response(struct urb *urb)
524 struct pn533 *dev = urb->context;
525 struct pn533_frame *in_frame;
527 dev->wq_in_frame = NULL;
529 switch (urb->status) {
536 nfc_dev_dbg(&dev->interface->dev, "Urb shutting down with"
537 " status: %d", urb->status);
538 dev->wq_in_error = urb->status;
541 nfc_dev_err(&dev->interface->dev, "Nonzero urb status received:"
543 dev->wq_in_error = urb->status;
547 in_frame = dev->in_urb->transfer_buffer;
549 if (!pn533_rx_frame_is_valid(in_frame)) {
550 nfc_dev_err(&dev->interface->dev, "Received an invalid frame");
551 dev->wq_in_error = -EIO;
555 if (!pn533_rx_frame_is_cmd_response(in_frame, dev->cmd)) {
556 nfc_dev_err(&dev->interface->dev, "The received frame is not "
557 "response to the last command");
558 dev->wq_in_error = -EIO;
562 nfc_dev_dbg(&dev->interface->dev, "Received a valid frame");
563 dev->wq_in_error = 0;
564 dev->wq_in_frame = in_frame;
567 queue_work(dev->wq, &dev->cmd_complete_work);
570 static int pn533_submit_urb_for_response(struct pn533 *dev, gfp_t flags)
572 dev->in_urb->complete = pn533_recv_response;
574 return usb_submit_urb(dev->in_urb, flags);
577 static void pn533_recv_ack(struct urb *urb)
579 struct pn533 *dev = urb->context;
580 struct pn533_frame *in_frame;
583 switch (urb->status) {
590 nfc_dev_dbg(&dev->interface->dev, "Urb shutting down with"
591 " status: %d", urb->status);
592 dev->wq_in_error = urb->status;
595 nfc_dev_err(&dev->interface->dev, "Nonzero urb status received:"
597 dev->wq_in_error = urb->status;
601 in_frame = dev->in_urb->transfer_buffer;
603 if (!pn533_rx_frame_is_ack(in_frame)) {
604 nfc_dev_err(&dev->interface->dev, "Received an invalid ack");
605 dev->wq_in_error = -EIO;
609 nfc_dev_dbg(&dev->interface->dev, "Received a valid ack");
611 rc = pn533_submit_urb_for_response(dev, GFP_ATOMIC);
613 nfc_dev_err(&dev->interface->dev, "usb_submit_urb failed with"
615 dev->wq_in_error = rc;
622 dev->wq_in_frame = NULL;
623 queue_work(dev->wq, &dev->cmd_complete_work);
626 static int pn533_submit_urb_for_ack(struct pn533 *dev, gfp_t flags)
628 dev->in_urb->complete = pn533_recv_ack;
630 return usb_submit_urb(dev->in_urb, flags);
633 static int pn533_send_ack(struct pn533 *dev, gfp_t flags)
637 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
639 pn533_tx_frame_ack(dev->out_frame);
641 dev->out_urb->transfer_buffer = dev->out_frame;
642 dev->out_urb->transfer_buffer_length = PN533_FRAME_ACK_SIZE;
643 rc = usb_submit_urb(dev->out_urb, flags);
648 static int __pn533_send_cmd_frame_async(struct pn533 *dev,
649 struct pn533_frame *out_frame,
650 struct pn533_frame *in_frame,
652 pn533_cmd_complete_t cmd_complete,
653 void *arg, gfp_t flags)
657 nfc_dev_dbg(&dev->interface->dev, "Sending command 0x%x",
658 PN533_FRAME_CMD(out_frame));
660 dev->cmd = PN533_FRAME_CMD(out_frame);
661 dev->cmd_complete = cmd_complete;
662 dev->cmd_complete_arg = arg;
664 dev->out_urb->transfer_buffer = out_frame;
665 dev->out_urb->transfer_buffer_length =
666 PN533_FRAME_SIZE(out_frame);
668 dev->in_urb->transfer_buffer = in_frame;
669 dev->in_urb->transfer_buffer_length = in_frame_len;
671 rc = usb_submit_urb(dev->out_urb, flags);
675 rc = pn533_submit_urb_for_ack(dev, flags);
682 usb_unlink_urb(dev->out_urb);
686 static void pn533_wq_cmd(struct work_struct *work)
688 struct pn533 *dev = container_of(work, struct pn533, cmd_work);
689 struct pn533_cmd *cmd;
691 mutex_lock(&dev->cmd_lock);
693 if (list_empty(&dev->cmd_queue)) {
694 dev->cmd_pending = 0;
695 mutex_unlock(&dev->cmd_lock);
699 cmd = list_first_entry(&dev->cmd_queue, struct pn533_cmd, queue);
701 list_del(&cmd->queue);
703 mutex_unlock(&dev->cmd_lock);
705 __pn533_send_cmd_frame_async(dev, cmd->out_frame, cmd->in_frame,
706 cmd->in_frame_len, cmd->cmd_complete,
707 cmd->arg, cmd->flags);
712 static int pn533_send_cmd_frame_async(struct pn533 *dev,
713 struct pn533_frame *out_frame,
714 struct pn533_frame *in_frame,
716 pn533_cmd_complete_t cmd_complete,
717 void *arg, gfp_t flags)
719 struct pn533_cmd *cmd;
722 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
724 mutex_lock(&dev->cmd_lock);
726 if (!dev->cmd_pending) {
727 rc = __pn533_send_cmd_frame_async(dev, out_frame, in_frame,
728 in_frame_len, cmd_complete,
731 dev->cmd_pending = 1;
736 nfc_dev_dbg(&dev->interface->dev, "%s Queueing command", __func__);
738 cmd = kzalloc(sizeof(struct pn533_cmd), flags);
744 INIT_LIST_HEAD(&cmd->queue);
745 cmd->out_frame = out_frame;
746 cmd->in_frame = in_frame;
747 cmd->in_frame_len = in_frame_len;
748 cmd->cmd_complete = cmd_complete;
752 list_add_tail(&cmd->queue, &dev->cmd_queue);
755 mutex_unlock(&dev->cmd_lock);
760 struct pn533_sync_cmd_response {
762 struct completion done;
765 static int pn533_sync_cmd_complete(struct pn533 *dev, void *_arg,
766 u8 *params, int params_len)
768 struct pn533_sync_cmd_response *arg = _arg;
770 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
774 if (params_len < 0) /* error */
775 arg->rc = params_len;
777 complete(&arg->done);
782 static int pn533_send_cmd_frame_sync(struct pn533 *dev,
783 struct pn533_frame *out_frame,
784 struct pn533_frame *in_frame,
788 struct pn533_sync_cmd_response arg;
790 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
792 init_completion(&arg.done);
794 rc = pn533_send_cmd_frame_async(dev, out_frame, in_frame, in_frame_len,
795 pn533_sync_cmd_complete, &arg, GFP_KERNEL);
799 wait_for_completion(&arg.done);
804 static void pn533_send_complete(struct urb *urb)
806 struct pn533 *dev = urb->context;
808 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
810 switch (urb->status) {
817 nfc_dev_dbg(&dev->interface->dev, "Urb shutting down with"
818 " status: %d", urb->status);
821 nfc_dev_dbg(&dev->interface->dev, "Nonzero urb status received:"
826 struct pn533_target_type_a {
834 #define PN533_TYPE_A_SENS_RES_NFCID1(x) ((u8)((be16_to_cpu(x) & 0x00C0) >> 6))
835 #define PN533_TYPE_A_SENS_RES_SSD(x) ((u8)((be16_to_cpu(x) & 0x001F) >> 0))
836 #define PN533_TYPE_A_SENS_RES_PLATCONF(x) ((u8)((be16_to_cpu(x) & 0x0F00) >> 8))
838 #define PN533_TYPE_A_SENS_RES_SSD_JEWEL 0x00
839 #define PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL 0x0C
841 #define PN533_TYPE_A_SEL_PROT(x) (((x) & 0x60) >> 5)
842 #define PN533_TYPE_A_SEL_CASCADE(x) (((x) & 0x04) >> 2)
844 #define PN533_TYPE_A_SEL_PROT_MIFARE 0
845 #define PN533_TYPE_A_SEL_PROT_ISO14443 1
846 #define PN533_TYPE_A_SEL_PROT_DEP 2
847 #define PN533_TYPE_A_SEL_PROT_ISO14443_DEP 3
849 static bool pn533_target_type_a_is_valid(struct pn533_target_type_a *type_a,
855 if (target_data_len < sizeof(struct pn533_target_type_a))
858 /* The lenght check of nfcid[] and ats[] are not being performed because
859 the values are not being used */
861 /* Requirement 4.6.3.3 from NFC Forum Digital Spec */
862 ssd = PN533_TYPE_A_SENS_RES_SSD(type_a->sens_res);
863 platconf = PN533_TYPE_A_SENS_RES_PLATCONF(type_a->sens_res);
865 if ((ssd == PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
866 platconf != PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL) ||
867 (ssd != PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
868 platconf == PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL))
871 /* Requirements 4.8.2.1, 4.8.2.3, 4.8.2.5 and 4.8.2.7 from NFC Forum */
872 if (PN533_TYPE_A_SEL_CASCADE(type_a->sel_res) != 0)
878 static int pn533_target_found_type_a(struct nfc_target *nfc_tgt, u8 *tgt_data,
881 struct pn533_target_type_a *tgt_type_a;
883 tgt_type_a = (struct pn533_target_type_a *) tgt_data;
885 if (!pn533_target_type_a_is_valid(tgt_type_a, tgt_data_len))
888 switch (PN533_TYPE_A_SEL_PROT(tgt_type_a->sel_res)) {
889 case PN533_TYPE_A_SEL_PROT_MIFARE:
890 nfc_tgt->supported_protocols = NFC_PROTO_MIFARE_MASK;
892 case PN533_TYPE_A_SEL_PROT_ISO14443:
893 nfc_tgt->supported_protocols = NFC_PROTO_ISO14443_MASK;
895 case PN533_TYPE_A_SEL_PROT_DEP:
896 nfc_tgt->supported_protocols = NFC_PROTO_NFC_DEP_MASK;
898 case PN533_TYPE_A_SEL_PROT_ISO14443_DEP:
899 nfc_tgt->supported_protocols = NFC_PROTO_ISO14443_MASK |
900 NFC_PROTO_NFC_DEP_MASK;
904 nfc_tgt->sens_res = be16_to_cpu(tgt_type_a->sens_res);
905 nfc_tgt->sel_res = tgt_type_a->sel_res;
906 nfc_tgt->nfcid1_len = tgt_type_a->nfcid_len;
907 memcpy(nfc_tgt->nfcid1, tgt_type_a->nfcid_data, nfc_tgt->nfcid1_len);
912 struct pn533_target_felica {
921 #define PN533_FELICA_SENSF_NFCID2_DEP_B1 0x01
922 #define PN533_FELICA_SENSF_NFCID2_DEP_B2 0xFE
924 static bool pn533_target_felica_is_valid(struct pn533_target_felica *felica,
927 if (target_data_len < sizeof(struct pn533_target_felica))
930 if (felica->opcode != PN533_FELICA_OPC_SENSF_RES)
936 static int pn533_target_found_felica(struct nfc_target *nfc_tgt, u8 *tgt_data,
939 struct pn533_target_felica *tgt_felica;
941 tgt_felica = (struct pn533_target_felica *) tgt_data;
943 if (!pn533_target_felica_is_valid(tgt_felica, tgt_data_len))
946 if (tgt_felica->nfcid2[0] == PN533_FELICA_SENSF_NFCID2_DEP_B1 &&
947 tgt_felica->nfcid2[1] ==
948 PN533_FELICA_SENSF_NFCID2_DEP_B2)
949 nfc_tgt->supported_protocols = NFC_PROTO_NFC_DEP_MASK;
951 nfc_tgt->supported_protocols = NFC_PROTO_FELICA_MASK;
953 memcpy(nfc_tgt->sensf_res, &tgt_felica->opcode, 9);
954 nfc_tgt->sensf_res_len = 9;
959 struct pn533_target_jewel {
964 static bool pn533_target_jewel_is_valid(struct pn533_target_jewel *jewel,
970 if (target_data_len < sizeof(struct pn533_target_jewel))
973 /* Requirement 4.6.3.3 from NFC Forum Digital Spec */
974 ssd = PN533_TYPE_A_SENS_RES_SSD(jewel->sens_res);
975 platconf = PN533_TYPE_A_SENS_RES_PLATCONF(jewel->sens_res);
977 if ((ssd == PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
978 platconf != PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL) ||
979 (ssd != PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
980 platconf == PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL))
986 static int pn533_target_found_jewel(struct nfc_target *nfc_tgt, u8 *tgt_data,
989 struct pn533_target_jewel *tgt_jewel;
991 tgt_jewel = (struct pn533_target_jewel *) tgt_data;
993 if (!pn533_target_jewel_is_valid(tgt_jewel, tgt_data_len))
996 nfc_tgt->supported_protocols = NFC_PROTO_JEWEL_MASK;
997 nfc_tgt->sens_res = be16_to_cpu(tgt_jewel->sens_res);
998 nfc_tgt->nfcid1_len = 4;
999 memcpy(nfc_tgt->nfcid1, tgt_jewel->jewelid, nfc_tgt->nfcid1_len);
1004 struct pn533_type_b_prot_info {
1010 #define PN533_TYPE_B_PROT_FCSI(x) (((x) & 0xF0) >> 4)
1011 #define PN533_TYPE_B_PROT_TYPE(x) (((x) & 0x0F) >> 0)
1012 #define PN533_TYPE_B_PROT_TYPE_RFU_MASK 0x8
1014 struct pn533_type_b_sens_res {
1018 struct pn533_type_b_prot_info prot_info;
1021 #define PN533_TYPE_B_OPC_SENSB_RES 0x50
1023 struct pn533_target_type_b {
1024 struct pn533_type_b_sens_res sensb_res;
1029 static bool pn533_target_type_b_is_valid(struct pn533_target_type_b *type_b,
1030 int target_data_len)
1032 if (target_data_len < sizeof(struct pn533_target_type_b))
1035 if (type_b->sensb_res.opcode != PN533_TYPE_B_OPC_SENSB_RES)
1038 if (PN533_TYPE_B_PROT_TYPE(type_b->sensb_res.prot_info.fsci_type) &
1039 PN533_TYPE_B_PROT_TYPE_RFU_MASK)
1045 static int pn533_target_found_type_b(struct nfc_target *nfc_tgt, u8 *tgt_data,
1048 struct pn533_target_type_b *tgt_type_b;
1050 tgt_type_b = (struct pn533_target_type_b *) tgt_data;
1052 if (!pn533_target_type_b_is_valid(tgt_type_b, tgt_data_len))
1055 nfc_tgt->supported_protocols = NFC_PROTO_ISO14443_B_MASK;
1060 struct pn533_poll_response {
1066 static int pn533_target_found(struct pn533 *dev,
1067 struct pn533_poll_response *resp, int resp_len)
1069 int target_data_len;
1070 struct nfc_target nfc_tgt;
1073 nfc_dev_dbg(&dev->interface->dev, "%s - modulation=%d", __func__,
1074 dev->poll_mod_curr);
1079 memset(&nfc_tgt, 0, sizeof(struct nfc_target));
1081 target_data_len = resp_len - sizeof(struct pn533_poll_response);
1083 switch (dev->poll_mod_curr) {
1084 case PN533_POLL_MOD_106KBPS_A:
1085 rc = pn533_target_found_type_a(&nfc_tgt, resp->target_data,
1088 case PN533_POLL_MOD_212KBPS_FELICA:
1089 case PN533_POLL_MOD_424KBPS_FELICA:
1090 rc = pn533_target_found_felica(&nfc_tgt, resp->target_data,
1093 case PN533_POLL_MOD_106KBPS_JEWEL:
1094 rc = pn533_target_found_jewel(&nfc_tgt, resp->target_data,
1097 case PN533_POLL_MOD_847KBPS_B:
1098 rc = pn533_target_found_type_b(&nfc_tgt, resp->target_data,
1102 nfc_dev_err(&dev->interface->dev, "Unknown current poll"
1110 if (!(nfc_tgt.supported_protocols & dev->poll_protocols)) {
1111 nfc_dev_dbg(&dev->interface->dev, "The target found does not"
1112 " have the desired protocol");
1116 nfc_dev_dbg(&dev->interface->dev, "Target found - supported protocols: "
1117 "0x%x", nfc_tgt.supported_protocols);
1119 dev->tgt_available_prots = nfc_tgt.supported_protocols;
1121 nfc_targets_found(dev->nfc_dev, &nfc_tgt, 1);
1126 static inline void pn533_poll_next_mod(struct pn533 *dev)
1128 dev->poll_mod_curr = (dev->poll_mod_curr + 1) % dev->poll_mod_count;
1131 static void pn533_poll_reset_mod_list(struct pn533 *dev)
1133 dev->poll_mod_count = 0;
1136 static void pn533_poll_add_mod(struct pn533 *dev, u8 mod_index)
1138 dev->poll_mod_active[dev->poll_mod_count] =
1139 (struct pn533_poll_modulations *) &poll_mod[mod_index];
1140 dev->poll_mod_count++;
1143 static void pn533_poll_create_mod_list(struct pn533 *dev,
1144 u32 im_protocols, u32 tm_protocols)
1146 pn533_poll_reset_mod_list(dev);
1148 if (im_protocols & NFC_PROTO_MIFARE_MASK
1149 || im_protocols & NFC_PROTO_ISO14443_MASK
1150 || im_protocols & NFC_PROTO_NFC_DEP_MASK)
1151 pn533_poll_add_mod(dev, PN533_POLL_MOD_106KBPS_A);
1153 if (im_protocols & NFC_PROTO_FELICA_MASK
1154 || im_protocols & NFC_PROTO_NFC_DEP_MASK) {
1155 pn533_poll_add_mod(dev, PN533_POLL_MOD_212KBPS_FELICA);
1156 pn533_poll_add_mod(dev, PN533_POLL_MOD_424KBPS_FELICA);
1159 if (im_protocols & NFC_PROTO_JEWEL_MASK)
1160 pn533_poll_add_mod(dev, PN533_POLL_MOD_106KBPS_JEWEL);
1162 if (im_protocols & NFC_PROTO_ISO14443_B_MASK)
1163 pn533_poll_add_mod(dev, PN533_POLL_MOD_847KBPS_B);
1166 pn533_poll_add_mod(dev, PN533_LISTEN_MOD);
1169 static int pn533_start_poll_complete(struct pn533 *dev, void *arg,
1170 u8 *params, int params_len)
1172 struct pn533_poll_response *resp;
1175 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1177 resp = (struct pn533_poll_response *) params;
1179 rc = pn533_target_found(dev, resp, params_len);
1181 /* We must stop the poll after a valid target found */
1183 pn533_poll_reset_mod_list(dev);
1191 static int pn533_init_target_frame(struct pn533_frame *frame,
1192 u8 *gb, size_t gb_len)
1194 struct pn533_cmd_init_target *cmd;
1196 u8 felica_params[18] = {0x1, 0xfe, /* DEP */
1197 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, /* random */
1198 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
1199 0xff, 0xff}; /* System code */
1200 u8 mifare_params[6] = {0x1, 0x1, /* SENS_RES */
1202 0x40}; /* SEL_RES for DEP */
1204 cmd_len = sizeof(struct pn533_cmd_init_target) + gb_len + 1;
1205 cmd = kzalloc(cmd_len, GFP_KERNEL);
1209 pn533_tx_frame_init(frame, PN533_CMD_TG_INIT_AS_TARGET);
1211 /* DEP support only */
1212 cmd->mode |= PN533_INIT_TARGET_DEP;
1215 memcpy(cmd->felica, felica_params, 18);
1216 get_random_bytes(cmd->felica + 2, 6);
1219 memset(cmd->nfcid3, 0, 10);
1220 memcpy(cmd->nfcid3, cmd->felica, 8);
1223 memcpy(cmd->mifare, mifare_params, 6);
1226 cmd->gb_len = gb_len;
1227 memcpy(cmd->gb, gb, gb_len);
1230 cmd->gb[gb_len] = 0;
1232 memcpy(PN533_FRAME_CMD_PARAMS_PTR(frame), cmd, cmd_len);
1234 frame->datalen += cmd_len;
1236 pn533_tx_frame_finish(frame);
1243 #define PN533_CMD_DATAEXCH_HEAD_LEN (sizeof(struct pn533_frame) + 3)
1244 #define PN533_CMD_DATAEXCH_DATA_MAXLEN 262
1245 static int pn533_tm_get_data_complete(struct pn533 *dev, void *arg,
1246 u8 *params, int params_len)
1248 struct sk_buff *skb_resp = arg;
1249 struct pn533_frame *in_frame = (struct pn533_frame *) skb_resp->data;
1251 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1253 if (params_len < 0) {
1254 nfc_dev_err(&dev->interface->dev,
1255 "Error %d when starting as a target",
1261 if (params_len > 0 && params[0] != 0) {
1262 nfc_tm_deactivated(dev->nfc_dev);
1266 kfree_skb(skb_resp);
1270 skb_put(skb_resp, PN533_FRAME_SIZE(in_frame));
1271 skb_pull(skb_resp, PN533_CMD_DATAEXCH_HEAD_LEN);
1272 skb_trim(skb_resp, skb_resp->len - PN533_FRAME_TAIL_SIZE);
1274 return nfc_tm_data_received(dev->nfc_dev, skb_resp);
1277 static void pn533_wq_tg_get_data(struct work_struct *work)
1279 struct pn533 *dev = container_of(work, struct pn533, tg_work);
1280 struct pn533_frame *in_frame;
1281 struct sk_buff *skb_resp;
1282 size_t skb_resp_len;
1284 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1286 skb_resp_len = PN533_CMD_DATAEXCH_HEAD_LEN +
1287 PN533_CMD_DATAEXCH_DATA_MAXLEN +
1288 PN533_FRAME_TAIL_SIZE;
1290 skb_resp = nfc_alloc_recv_skb(skb_resp_len, GFP_KERNEL);
1294 in_frame = (struct pn533_frame *)skb_resp->data;
1296 pn533_tx_frame_init(dev->out_frame, PN533_CMD_TG_GET_DATA);
1297 pn533_tx_frame_finish(dev->out_frame);
1299 pn533_send_cmd_frame_async(dev, dev->out_frame, in_frame,
1301 pn533_tm_get_data_complete,
1302 skb_resp, GFP_KERNEL);
1307 #define ATR_REQ_GB_OFFSET 17
1308 static int pn533_init_target_complete(struct pn533 *dev, void *arg,
1309 u8 *params, int params_len)
1311 struct pn533_cmd_init_target_response *resp;
1312 u8 frame, comm_mode = NFC_COMM_PASSIVE, *gb;
1316 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1318 if (params_len < 0) {
1319 nfc_dev_err(&dev->interface->dev,
1320 "Error %d when starting as a target",
1326 if (params_len < ATR_REQ_GB_OFFSET + 1)
1329 resp = (struct pn533_cmd_init_target_response *) params;
1331 nfc_dev_dbg(&dev->interface->dev, "Target mode 0x%x param len %d\n",
1332 resp->mode, params_len);
1334 frame = resp->mode & PN533_INIT_TARGET_RESP_FRAME_MASK;
1335 if (frame == PN533_INIT_TARGET_RESP_ACTIVE)
1336 comm_mode = NFC_COMM_ACTIVE;
1338 /* Again, only DEP */
1339 if ((resp->mode & PN533_INIT_TARGET_RESP_DEP) == 0)
1342 gb = resp->cmd + ATR_REQ_GB_OFFSET;
1343 gb_len = params_len - (ATR_REQ_GB_OFFSET + 1);
1345 rc = nfc_tm_activated(dev->nfc_dev, NFC_PROTO_NFC_DEP_MASK,
1346 comm_mode, gb, gb_len);
1348 nfc_dev_err(&dev->interface->dev,
1349 "Error when signaling target activation");
1355 queue_work(dev->wq, &dev->tg_work);
1360 static void pn533_listen_mode_timer(unsigned long data)
1362 struct pn533 *dev = (struct pn533 *) data;
1364 nfc_dev_dbg(&dev->interface->dev, "Listen mode timeout");
1366 /* An ack will cancel the last issued command (poll) */
1367 pn533_send_ack(dev, GFP_ATOMIC);
1369 dev->cancel_listen = 1;
1371 pn533_poll_next_mod(dev);
1373 queue_work(dev->wq, &dev->poll_work);
1376 static int pn533_poll_complete(struct pn533 *dev, void *arg,
1377 u8 *params, int params_len)
1379 struct pn533_poll_modulations *cur_mod;
1382 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1384 if (params_len == -ENOENT) {
1385 if (dev->poll_mod_count != 0)
1388 nfc_dev_err(&dev->interface->dev,
1389 "Polling operation has been stopped");
1394 if (params_len < 0) {
1395 nfc_dev_err(&dev->interface->dev,
1396 "Error %d when running poll", params_len);
1401 cur_mod = dev->poll_mod_active[dev->poll_mod_curr];
1403 if (cur_mod->len == 0) {
1404 del_timer(&dev->listen_timer);
1406 return pn533_init_target_complete(dev, arg, params, params_len);
1408 rc = pn533_start_poll_complete(dev, arg, params, params_len);
1413 pn533_poll_next_mod(dev);
1415 queue_work(dev->wq, &dev->poll_work);
1420 pn533_poll_reset_mod_list(dev);
1421 dev->poll_protocols = 0;
1425 static void pn533_build_poll_frame(struct pn533 *dev,
1426 struct pn533_frame *frame,
1427 struct pn533_poll_modulations *mod)
1429 nfc_dev_dbg(&dev->interface->dev, "mod len %d\n", mod->len);
1431 if (mod->len == 0) {
1433 pn533_init_target_frame(frame, dev->gb, dev->gb_len);
1436 pn533_tx_frame_init(frame, PN533_CMD_IN_LIST_PASSIVE_TARGET);
1438 memcpy(PN533_FRAME_CMD_PARAMS_PTR(frame), &mod->data, mod->len);
1439 frame->datalen += mod->len;
1441 pn533_tx_frame_finish(frame);
1445 static int pn533_send_poll_frame(struct pn533 *dev)
1447 struct pn533_poll_modulations *cur_mod;
1450 cur_mod = dev->poll_mod_active[dev->poll_mod_curr];
1452 pn533_build_poll_frame(dev, dev->out_frame, cur_mod);
1454 rc = pn533_send_cmd_frame_async(dev, dev->out_frame, dev->in_frame,
1455 dev->in_maxlen, pn533_poll_complete,
1458 nfc_dev_err(&dev->interface->dev, "Polling loop error %d", rc);
1463 static void pn533_wq_poll(struct work_struct *work)
1465 struct pn533 *dev = container_of(work, struct pn533, poll_work);
1466 struct pn533_poll_modulations *cur_mod;
1469 cur_mod = dev->poll_mod_active[dev->poll_mod_curr];
1471 nfc_dev_dbg(&dev->interface->dev,
1472 "%s cancel_listen %d modulation len %d",
1473 __func__, dev->cancel_listen, cur_mod->len);
1475 if (dev->cancel_listen == 1) {
1476 dev->cancel_listen = 0;
1477 usb_kill_urb(dev->in_urb);
1480 rc = pn533_send_poll_frame(dev);
1484 if (cur_mod->len == 0 && dev->poll_mod_count > 1)
1485 mod_timer(&dev->listen_timer, jiffies + PN533_LISTEN_TIME * HZ);
1490 static int pn533_start_poll(struct nfc_dev *nfc_dev,
1491 u32 im_protocols, u32 tm_protocols)
1493 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1495 nfc_dev_dbg(&dev->interface->dev,
1496 "%s: im protocols 0x%x tm protocols 0x%x",
1497 __func__, im_protocols, tm_protocols);
1499 if (dev->tgt_active_prot) {
1500 nfc_dev_err(&dev->interface->dev,
1501 "Cannot poll with a target already activated");
1505 if (dev->tgt_mode) {
1506 nfc_dev_err(&dev->interface->dev,
1507 "Cannot poll while already being activated");
1512 dev->gb = nfc_get_local_general_bytes(nfc_dev, &dev->gb_len);
1513 if (dev->gb == NULL)
1517 dev->poll_mod_curr = 0;
1518 pn533_poll_create_mod_list(dev, im_protocols, tm_protocols);
1519 dev->poll_protocols = im_protocols;
1520 dev->listen_protocols = tm_protocols;
1522 return pn533_send_poll_frame(dev);
1525 static void pn533_stop_poll(struct nfc_dev *nfc_dev)
1527 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1529 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1531 del_timer(&dev->listen_timer);
1533 if (!dev->poll_mod_count) {
1534 nfc_dev_dbg(&dev->interface->dev, "Polling operation was not"
1539 /* An ack will cancel the last issued command (poll) */
1540 pn533_send_ack(dev, GFP_KERNEL);
1542 /* prevent pn533_start_poll_complete to issue a new poll meanwhile */
1543 usb_kill_urb(dev->in_urb);
1545 pn533_poll_reset_mod_list(dev);
1548 static int pn533_activate_target_nfcdep(struct pn533 *dev)
1550 struct pn533_cmd_activate_param param;
1551 struct pn533_cmd_activate_response *resp;
1555 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1557 pn533_tx_frame_init(dev->out_frame, PN533_CMD_IN_ATR);
1561 memcpy(PN533_FRAME_CMD_PARAMS_PTR(dev->out_frame), ¶m,
1562 sizeof(struct pn533_cmd_activate_param));
1563 dev->out_frame->datalen += sizeof(struct pn533_cmd_activate_param);
1565 pn533_tx_frame_finish(dev->out_frame);
1567 rc = pn533_send_cmd_frame_sync(dev, dev->out_frame, dev->in_frame,
1572 resp = (struct pn533_cmd_activate_response *)
1573 PN533_FRAME_CMD_PARAMS_PTR(dev->in_frame);
1574 rc = resp->status & PN533_CMD_RET_MASK;
1575 if (rc != PN533_CMD_RET_SUCCESS)
1578 /* ATR_RES general bytes are located at offset 16 */
1579 gt_len = PN533_FRAME_CMD_PARAMS_LEN(dev->in_frame) - 16;
1580 rc = nfc_set_remote_general_bytes(dev->nfc_dev, resp->gt, gt_len);
1585 static int pn533_activate_target(struct nfc_dev *nfc_dev,
1586 struct nfc_target *target, u32 protocol)
1588 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1591 nfc_dev_dbg(&dev->interface->dev, "%s - protocol=%u", __func__,
1594 if (dev->poll_mod_count) {
1595 nfc_dev_err(&dev->interface->dev, "Cannot activate while"
1600 if (dev->tgt_active_prot) {
1601 nfc_dev_err(&dev->interface->dev, "There is already an active"
1606 if (!dev->tgt_available_prots) {
1607 nfc_dev_err(&dev->interface->dev, "There is no available target"
1612 if (!(dev->tgt_available_prots & (1 << protocol))) {
1613 nfc_dev_err(&dev->interface->dev, "The target does not support"
1614 " the requested protocol %u", protocol);
1618 if (protocol == NFC_PROTO_NFC_DEP) {
1619 rc = pn533_activate_target_nfcdep(dev);
1621 nfc_dev_err(&dev->interface->dev, "Error %d when"
1622 " activating target with"
1623 " NFC_DEP protocol", rc);
1628 dev->tgt_active_prot = protocol;
1629 dev->tgt_available_prots = 0;
1634 static void pn533_deactivate_target(struct nfc_dev *nfc_dev,
1635 struct nfc_target *target)
1637 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1642 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1644 if (!dev->tgt_active_prot) {
1645 nfc_dev_err(&dev->interface->dev, "There is no active target");
1649 dev->tgt_active_prot = 0;
1651 skb_queue_purge(&dev->resp_q);
1653 pn533_tx_frame_init(dev->out_frame, PN533_CMD_IN_RELEASE);
1656 memcpy(PN533_FRAME_CMD_PARAMS_PTR(dev->out_frame), &tg, sizeof(u8));
1657 dev->out_frame->datalen += sizeof(u8);
1659 pn533_tx_frame_finish(dev->out_frame);
1661 rc = pn533_send_cmd_frame_sync(dev, dev->out_frame, dev->in_frame,
1664 nfc_dev_err(&dev->interface->dev, "Error when sending release"
1665 " command to the controller");
1669 status = PN533_FRAME_CMD_PARAMS_PTR(dev->in_frame)[0];
1670 rc = status & PN533_CMD_RET_MASK;
1671 if (rc != PN533_CMD_RET_SUCCESS)
1672 nfc_dev_err(&dev->interface->dev, "Error 0x%x when releasing"
1679 static int pn533_in_dep_link_up_complete(struct pn533 *dev, void *arg,
1680 u8 *params, int params_len)
1682 struct pn533_cmd_jump_dep_response *resp;
1683 struct nfc_target nfc_target;
1686 struct pn533_cmd_jump_dep *cmd = (struct pn533_cmd_jump_dep *)arg;
1687 u8 active = cmd->active;
1691 if (params_len == -ENOENT) {
1692 nfc_dev_dbg(&dev->interface->dev, "");
1696 if (params_len < 0) {
1697 nfc_dev_err(&dev->interface->dev,
1698 "Error %d when bringing DEP link up",
1703 if (dev->tgt_available_prots &&
1704 !(dev->tgt_available_prots & (1 << NFC_PROTO_NFC_DEP))) {
1705 nfc_dev_err(&dev->interface->dev,
1706 "The target does not support DEP");
1710 resp = (struct pn533_cmd_jump_dep_response *) params;
1711 rc = resp->status & PN533_CMD_RET_MASK;
1712 if (rc != PN533_CMD_RET_SUCCESS) {
1713 nfc_dev_err(&dev->interface->dev,
1714 "Bringing DEP link up failed %d", rc);
1718 if (!dev->tgt_available_prots) {
1719 nfc_dev_dbg(&dev->interface->dev, "Creating new target");
1721 nfc_target.supported_protocols = NFC_PROTO_NFC_DEP_MASK;
1722 nfc_target.nfcid1_len = 10;
1723 memcpy(nfc_target.nfcid1, resp->nfcid3t, nfc_target.nfcid1_len);
1724 rc = nfc_targets_found(dev->nfc_dev, &nfc_target, 1);
1728 dev->tgt_available_prots = 0;
1731 dev->tgt_active_prot = NFC_PROTO_NFC_DEP;
1733 /* ATR_RES general bytes are located at offset 17 */
1734 target_gt_len = PN533_FRAME_CMD_PARAMS_LEN(dev->in_frame) - 17;
1735 rc = nfc_set_remote_general_bytes(dev->nfc_dev,
1736 resp->gt, target_gt_len);
1738 rc = nfc_dep_link_is_up(dev->nfc_dev,
1739 dev->nfc_dev->targets[0].idx,
1740 !active, NFC_RF_INITIATOR);
1745 static int pn533_mod_to_baud(struct pn533 *dev)
1747 switch (dev->poll_mod_curr) {
1748 case PN533_POLL_MOD_106KBPS_A:
1750 case PN533_POLL_MOD_212KBPS_FELICA:
1752 case PN533_POLL_MOD_424KBPS_FELICA:
1759 #define PASSIVE_DATA_LEN 5
1760 static int pn533_dep_link_up(struct nfc_dev *nfc_dev, struct nfc_target *target,
1761 u8 comm_mode, u8* gb, size_t gb_len)
1763 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1764 struct pn533_cmd_jump_dep *cmd;
1765 u8 cmd_len, *data_ptr;
1766 u8 passive_data[PASSIVE_DATA_LEN] = {0x00, 0xff, 0xff, 0x00, 0x3};
1769 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1771 if (dev->poll_mod_count) {
1772 nfc_dev_err(&dev->interface->dev,
1773 "Cannot bring the DEP link up while polling");
1777 if (dev->tgt_active_prot) {
1778 nfc_dev_err(&dev->interface->dev,
1779 "There is already an active target");
1783 baud = pn533_mod_to_baud(dev);
1785 nfc_dev_err(&dev->interface->dev,
1786 "Invalid curr modulation %d", dev->poll_mod_curr);
1790 cmd_len = sizeof(struct pn533_cmd_jump_dep) + gb_len;
1791 if (comm_mode == NFC_COMM_PASSIVE)
1792 cmd_len += PASSIVE_DATA_LEN;
1794 cmd = kzalloc(cmd_len, GFP_KERNEL);
1798 pn533_tx_frame_init(dev->out_frame, PN533_CMD_IN_JUMP_FOR_DEP);
1800 cmd->active = !comm_mode;
1803 data_ptr = cmd->data;
1804 if (comm_mode == NFC_COMM_PASSIVE && cmd->baud > 0) {
1805 memcpy(data_ptr, passive_data, PASSIVE_DATA_LEN);
1807 data_ptr += PASSIVE_DATA_LEN;
1810 if (gb != NULL && gb_len > 0) {
1811 cmd->next |= 4; /* We have some Gi */
1812 memcpy(data_ptr, gb, gb_len);
1817 memcpy(PN533_FRAME_CMD_PARAMS_PTR(dev->out_frame), cmd, cmd_len);
1818 dev->out_frame->datalen += cmd_len;
1820 pn533_tx_frame_finish(dev->out_frame);
1822 rc = pn533_send_cmd_frame_async(dev, dev->out_frame, dev->in_frame,
1823 dev->in_maxlen, pn533_in_dep_link_up_complete,
1831 static int pn533_dep_link_down(struct nfc_dev *nfc_dev)
1833 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1835 pn533_poll_reset_mod_list(dev);
1837 if (dev->tgt_mode || dev->tgt_active_prot) {
1838 pn533_send_ack(dev, GFP_KERNEL);
1839 usb_kill_urb(dev->in_urb);
1842 dev->tgt_active_prot = 0;
1845 skb_queue_purge(&dev->resp_q);
1850 static int pn533_build_tx_frame(struct pn533 *dev, struct sk_buff *skb,
1853 int payload_len = skb->len;
1854 struct pn533_frame *out_frame;
1857 nfc_dev_dbg(&dev->interface->dev, "%s - Sending %d bytes", __func__,
1860 if (payload_len > PN533_CMD_DATAEXCH_DATA_MAXLEN) {
1861 /* TODO: Implement support to multi-part data exchange */
1862 nfc_dev_err(&dev->interface->dev, "Data length greater than the"
1864 PN533_CMD_DATAEXCH_DATA_MAXLEN);
1868 if (target == true) {
1869 switch (dev->device_type) {
1870 case PN533_DEVICE_PASORI:
1871 if (dev->tgt_active_prot == NFC_PROTO_FELICA) {
1872 skb_push(skb, PN533_CMD_DATAEXCH_HEAD_LEN - 1);
1873 out_frame = (struct pn533_frame *) skb->data;
1874 pn533_tx_frame_init(out_frame,
1875 PN533_CMD_IN_COMM_THRU);
1881 skb_push(skb, PN533_CMD_DATAEXCH_HEAD_LEN);
1882 out_frame = (struct pn533_frame *) skb->data;
1883 pn533_tx_frame_init(out_frame,
1884 PN533_CMD_IN_DATA_EXCHANGE);
1886 memcpy(PN533_FRAME_CMD_PARAMS_PTR(out_frame),
1888 out_frame->datalen += sizeof(u8);
1894 skb_push(skb, PN533_CMD_DATAEXCH_HEAD_LEN - 1);
1895 out_frame = (struct pn533_frame *) skb->data;
1896 pn533_tx_frame_init(out_frame, PN533_CMD_TG_SET_DATA);
1900 /* The data is already in the out_frame, just update the datalen */
1901 out_frame->datalen += payload_len;
1903 pn533_tx_frame_finish(out_frame);
1904 skb_put(skb, PN533_FRAME_TAIL_SIZE);
1909 struct pn533_data_exchange_arg {
1910 struct sk_buff *skb_resp;
1911 struct sk_buff *skb_out;
1912 data_exchange_cb_t cb;
1916 static struct sk_buff *pn533_build_response(struct pn533 *dev)
1918 struct sk_buff *skb, *tmp, *t;
1919 unsigned int skb_len = 0, tmp_len = 0;
1921 nfc_dev_dbg(&dev->interface->dev, "%s\n", __func__);
1923 if (skb_queue_empty(&dev->resp_q))
1926 if (skb_queue_len(&dev->resp_q) == 1) {
1927 skb = skb_dequeue(&dev->resp_q);
1931 skb_queue_walk_safe(&dev->resp_q, tmp, t)
1932 skb_len += tmp->len;
1934 nfc_dev_dbg(&dev->interface->dev, "%s total length %d\n",
1937 skb = alloc_skb(skb_len, GFP_KERNEL);
1941 skb_put(skb, skb_len);
1943 skb_queue_walk_safe(&dev->resp_q, tmp, t) {
1944 memcpy(skb->data + tmp_len, tmp->data, tmp->len);
1945 tmp_len += tmp->len;
1949 skb_queue_purge(&dev->resp_q);
1954 static int pn533_data_exchange_complete(struct pn533 *dev, void *_arg,
1955 u8 *params, int params_len)
1957 struct pn533_data_exchange_arg *arg = _arg;
1958 struct sk_buff *skb = NULL, *skb_resp = arg->skb_resp;
1959 struct pn533_frame *in_frame = (struct pn533_frame *) skb_resp->data;
1964 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1966 dev_kfree_skb(arg->skb_out);
1968 if (params_len < 0) { /* error */
1975 cmd_ret = status & PN533_CMD_RET_MASK;
1976 if (cmd_ret != PN533_CMD_RET_SUCCESS) {
1977 nfc_dev_err(&dev->interface->dev, "PN533 reported error %d when"
1978 " exchanging data", cmd_ret);
1983 skb_put(skb_resp, PN533_FRAME_SIZE(in_frame));
1984 skb_pull(skb_resp, PN533_CMD_DATAEXCH_HEAD_LEN);
1985 skb_trim(skb_resp, skb_resp->len - PN533_FRAME_TAIL_SIZE);
1986 skb_queue_tail(&dev->resp_q, skb_resp);
1988 if (status & PN533_CMD_MI_MASK) {
1989 queue_work(dev->wq, &dev->mi_work);
1990 return -EINPROGRESS;
1993 skb = pn533_build_response(dev);
1997 arg->cb(arg->cb_context, skb, 0);
2002 skb_queue_purge(&dev->resp_q);
2003 dev_kfree_skb(skb_resp);
2004 arg->cb(arg->cb_context, NULL, err);
2009 static int pn533_transceive(struct nfc_dev *nfc_dev,
2010 struct nfc_target *target, struct sk_buff *skb,
2011 data_exchange_cb_t cb, void *cb_context)
2013 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
2014 struct pn533_frame *out_frame, *in_frame;
2015 struct pn533_data_exchange_arg *arg;
2016 struct sk_buff *skb_resp;
2020 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2022 if (!dev->tgt_active_prot) {
2023 nfc_dev_err(&dev->interface->dev, "Cannot exchange data if"
2024 " there is no active target");
2029 rc = pn533_build_tx_frame(dev, skb, true);
2033 skb_resp_len = PN533_CMD_DATAEXCH_HEAD_LEN +
2034 PN533_CMD_DATAEXCH_DATA_MAXLEN +
2035 PN533_FRAME_TAIL_SIZE;
2037 skb_resp = nfc_alloc_recv_skb(skb_resp_len, GFP_KERNEL);
2043 in_frame = (struct pn533_frame *) skb_resp->data;
2044 out_frame = (struct pn533_frame *) skb->data;
2046 arg = kmalloc(sizeof(struct pn533_data_exchange_arg), GFP_KERNEL);
2052 arg->skb_resp = skb_resp;
2055 arg->cb_context = cb_context;
2057 rc = pn533_send_cmd_frame_async(dev, out_frame, in_frame, skb_resp_len,
2058 pn533_data_exchange_complete, arg,
2061 nfc_dev_err(&dev->interface->dev, "Error %d when trying to"
2062 " perform data_exchange", rc);
2071 kfree_skb(skb_resp);
2077 static int pn533_tm_send_complete(struct pn533 *dev, void *arg,
2078 u8 *params, int params_len)
2080 struct sk_buff *skb_out = arg;
2082 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2084 dev_kfree_skb(skb_out);
2086 if (params_len < 0) {
2087 nfc_dev_err(&dev->interface->dev,
2088 "Error %d when sending data",
2094 if (params_len > 0 && params[0] != 0) {
2095 nfc_tm_deactivated(dev->nfc_dev);
2102 queue_work(dev->wq, &dev->tg_work);
2107 static int pn533_tm_send(struct nfc_dev *nfc_dev, struct sk_buff *skb)
2109 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
2110 struct pn533_frame *out_frame;
2113 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2115 rc = pn533_build_tx_frame(dev, skb, false);
2119 out_frame = (struct pn533_frame *) skb->data;
2121 rc = pn533_send_cmd_frame_async(dev, out_frame, dev->in_frame,
2122 dev->in_maxlen, pn533_tm_send_complete,
2125 nfc_dev_err(&dev->interface->dev,
2126 "Error %d when trying to send data", rc);
2138 static void pn533_wq_mi_recv(struct work_struct *work)
2140 struct pn533 *dev = container_of(work, struct pn533, mi_work);
2141 struct sk_buff *skb_cmd;
2142 struct pn533_data_exchange_arg *arg = dev->cmd_complete_arg;
2143 struct pn533_frame *out_frame, *in_frame;
2144 struct sk_buff *skb_resp;
2148 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2150 /* This is a zero payload size skb */
2151 skb_cmd = alloc_skb(PN533_CMD_DATAEXCH_HEAD_LEN + PN533_FRAME_TAIL_SIZE,
2153 if (skb_cmd == NULL)
2156 skb_reserve(skb_cmd, PN533_CMD_DATAEXCH_HEAD_LEN);
2158 rc = pn533_build_tx_frame(dev, skb_cmd, true);
2162 skb_resp_len = PN533_CMD_DATAEXCH_HEAD_LEN +
2163 PN533_CMD_DATAEXCH_DATA_MAXLEN +
2164 PN533_FRAME_TAIL_SIZE;
2165 skb_resp = alloc_skb(skb_resp_len, GFP_KERNEL);
2171 in_frame = (struct pn533_frame *) skb_resp->data;
2172 out_frame = (struct pn533_frame *) skb_cmd->data;
2174 arg->skb_resp = skb_resp;
2175 arg->skb_out = skb_cmd;
2177 rc = __pn533_send_cmd_frame_async(dev, out_frame, in_frame,
2179 pn533_data_exchange_complete,
2180 dev->cmd_complete_arg, GFP_KERNEL);
2184 nfc_dev_err(&dev->interface->dev, "Error %d when trying to"
2185 " perform data_exchange", rc);
2187 kfree_skb(skb_resp);
2193 pn533_send_ack(dev, GFP_KERNEL);
2197 queue_work(dev->wq, &dev->cmd_work);
2200 static int pn533_set_configuration(struct pn533 *dev, u8 cfgitem, u8 *cfgdata,
2206 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2208 pn533_tx_frame_init(dev->out_frame, PN533_CMD_RF_CONFIGURATION);
2210 params = PN533_FRAME_CMD_PARAMS_PTR(dev->out_frame);
2211 params[0] = cfgitem;
2212 memcpy(¶ms[1], cfgdata, cfgdata_len);
2213 dev->out_frame->datalen += (1 + cfgdata_len);
2215 pn533_tx_frame_finish(dev->out_frame);
2217 rc = pn533_send_cmd_frame_sync(dev, dev->out_frame, dev->in_frame,
2223 static int pn533_fw_reset(struct pn533 *dev)
2228 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2230 pn533_tx_frame_init(dev->out_frame, 0x18);
2232 params = PN533_FRAME_CMD_PARAMS_PTR(dev->out_frame);
2234 dev->out_frame->datalen += 1;
2236 pn533_tx_frame_finish(dev->out_frame);
2238 rc = pn533_send_cmd_frame_sync(dev, dev->out_frame, dev->in_frame,
2244 static struct nfc_ops pn533_nfc_ops = {
2247 .dep_link_up = pn533_dep_link_up,
2248 .dep_link_down = pn533_dep_link_down,
2249 .start_poll = pn533_start_poll,
2250 .stop_poll = pn533_stop_poll,
2251 .activate_target = pn533_activate_target,
2252 .deactivate_target = pn533_deactivate_target,
2253 .im_transceive = pn533_transceive,
2254 .tm_send = pn533_tm_send,
2257 static int pn533_setup(struct pn533 *dev)
2259 struct pn533_config_max_retries max_retries;
2260 struct pn533_config_timing timing;
2261 u8 pasori_cfg[3] = {0x08, 0x01, 0x08};
2264 switch (dev->device_type) {
2265 case PN533_DEVICE_STD:
2266 max_retries.mx_rty_atr = PN533_CONFIG_MAX_RETRIES_ENDLESS;
2267 max_retries.mx_rty_psl = 2;
2268 max_retries.mx_rty_passive_act =
2269 PN533_CONFIG_MAX_RETRIES_NO_RETRY;
2271 timing.rfu = PN533_CONFIG_TIMING_102;
2272 timing.atr_res_timeout = PN533_CONFIG_TIMING_204;
2273 timing.dep_timeout = PN533_CONFIG_TIMING_409;
2277 case PN533_DEVICE_PASORI:
2278 max_retries.mx_rty_atr = 0x2;
2279 max_retries.mx_rty_psl = 0x1;
2280 max_retries.mx_rty_passive_act =
2281 PN533_CONFIG_MAX_RETRIES_NO_RETRY;
2283 timing.rfu = PN533_CONFIG_TIMING_102;
2284 timing.atr_res_timeout = PN533_CONFIG_TIMING_102;
2285 timing.dep_timeout = PN533_CONFIG_TIMING_204;
2290 nfc_dev_err(&dev->interface->dev, "Unknown device type %d\n",
2295 rc = pn533_set_configuration(dev, PN533_CFGITEM_MAX_RETRIES,
2296 (u8 *)&max_retries, sizeof(max_retries));
2298 nfc_dev_err(&dev->interface->dev,
2299 "Error on setting MAX_RETRIES config");
2304 rc = pn533_set_configuration(dev, PN533_CFGITEM_TIMING,
2305 (u8 *)&timing, sizeof(timing));
2307 nfc_dev_err(&dev->interface->dev,
2308 "Error on setting RF timings");
2312 switch (dev->device_type) {
2313 case PN533_DEVICE_STD:
2316 case PN533_DEVICE_PASORI:
2317 pn533_fw_reset(dev);
2319 rc = pn533_set_configuration(dev, PN533_CFGITEM_PASORI,
2322 nfc_dev_err(&dev->interface->dev,
2323 "Error while settings PASORI config");
2327 pn533_fw_reset(dev);
2335 static int pn533_probe(struct usb_interface *interface,
2336 const struct usb_device_id *id)
2338 struct pn533_fw_version *fw_ver;
2340 struct usb_host_interface *iface_desc;
2341 struct usb_endpoint_descriptor *endpoint;
2342 int in_endpoint = 0;
2343 int out_endpoint = 0;
2348 dev = kzalloc(sizeof(*dev), GFP_KERNEL);
2352 dev->udev = usb_get_dev(interface_to_usbdev(interface));
2353 dev->interface = interface;
2354 mutex_init(&dev->cmd_lock);
2356 iface_desc = interface->cur_altsetting;
2357 for (i = 0; i < iface_desc->desc.bNumEndpoints; ++i) {
2358 endpoint = &iface_desc->endpoint[i].desc;
2360 if (!in_endpoint && usb_endpoint_is_bulk_in(endpoint)) {
2361 dev->in_maxlen = le16_to_cpu(endpoint->wMaxPacketSize);
2362 in_endpoint = endpoint->bEndpointAddress;
2365 if (!out_endpoint && usb_endpoint_is_bulk_out(endpoint)) {
2367 le16_to_cpu(endpoint->wMaxPacketSize);
2368 out_endpoint = endpoint->bEndpointAddress;
2372 if (!in_endpoint || !out_endpoint) {
2373 nfc_dev_err(&interface->dev, "Could not find bulk-in or"
2374 " bulk-out endpoint");
2379 dev->in_frame = kmalloc(dev->in_maxlen, GFP_KERNEL);
2380 dev->in_urb = usb_alloc_urb(0, GFP_KERNEL);
2381 dev->out_frame = kmalloc(dev->out_maxlen, GFP_KERNEL);
2382 dev->out_urb = usb_alloc_urb(0, GFP_KERNEL);
2384 if (!dev->in_frame || !dev->out_frame ||
2385 !dev->in_urb || !dev->out_urb)
2388 usb_fill_bulk_urb(dev->in_urb, dev->udev,
2389 usb_rcvbulkpipe(dev->udev, in_endpoint),
2390 NULL, 0, NULL, dev);
2391 usb_fill_bulk_urb(dev->out_urb, dev->udev,
2392 usb_sndbulkpipe(dev->udev, out_endpoint),
2394 pn533_send_complete, dev);
2396 INIT_WORK(&dev->cmd_work, pn533_wq_cmd);
2397 INIT_WORK(&dev->cmd_complete_work, pn533_wq_cmd_complete);
2398 INIT_WORK(&dev->mi_work, pn533_wq_mi_recv);
2399 INIT_WORK(&dev->tg_work, pn533_wq_tg_get_data);
2400 INIT_WORK(&dev->poll_work, pn533_wq_poll);
2401 dev->wq = alloc_ordered_workqueue("pn533", 0);
2402 if (dev->wq == NULL)
2405 init_timer(&dev->listen_timer);
2406 dev->listen_timer.data = (unsigned long) dev;
2407 dev->listen_timer.function = pn533_listen_mode_timer;
2409 skb_queue_head_init(&dev->resp_q);
2411 INIT_LIST_HEAD(&dev->cmd_queue);
2413 usb_set_intfdata(interface, dev);
2415 pn533_tx_frame_init(dev->out_frame, PN533_CMD_GET_FIRMWARE_VERSION);
2416 pn533_tx_frame_finish(dev->out_frame);
2418 rc = pn533_send_cmd_frame_sync(dev, dev->out_frame, dev->in_frame,
2423 fw_ver = (struct pn533_fw_version *)
2424 PN533_FRAME_CMD_PARAMS_PTR(dev->in_frame);
2425 nfc_dev_info(&dev->interface->dev, "NXP PN533 firmware ver %d.%d now"
2426 " attached", fw_ver->ver, fw_ver->rev);
2428 dev->device_type = id->driver_info;
2429 switch (dev->device_type) {
2430 case PN533_DEVICE_STD:
2431 protocols = PN533_ALL_PROTOCOLS;
2434 case PN533_DEVICE_PASORI:
2435 protocols = PN533_NO_TYPE_B_PROTOCOLS;
2439 nfc_dev_err(&dev->interface->dev, "Unknown device type %d\n",
2445 dev->nfc_dev = nfc_allocate_device(&pn533_nfc_ops, protocols,
2446 PN533_CMD_DATAEXCH_HEAD_LEN,
2447 PN533_FRAME_TAIL_SIZE);
2451 nfc_set_parent_dev(dev->nfc_dev, &interface->dev);
2452 nfc_set_drvdata(dev->nfc_dev, dev);
2454 rc = nfc_register_device(dev->nfc_dev);
2458 rc = pn533_setup(dev);
2460 goto unregister_nfc_dev;
2465 nfc_unregister_device(dev->nfc_dev);
2468 nfc_free_device(dev->nfc_dev);
2471 destroy_workqueue(dev->wq);
2473 kfree(dev->in_frame);
2474 usb_free_urb(dev->in_urb);
2475 kfree(dev->out_frame);
2476 usb_free_urb(dev->out_urb);
2481 static void pn533_disconnect(struct usb_interface *interface)
2484 struct pn533_cmd *cmd, *n;
2486 dev = usb_get_intfdata(interface);
2487 usb_set_intfdata(interface, NULL);
2489 nfc_unregister_device(dev->nfc_dev);
2490 nfc_free_device(dev->nfc_dev);
2492 usb_kill_urb(dev->in_urb);
2493 usb_kill_urb(dev->out_urb);
2495 destroy_workqueue(dev->wq);
2497 skb_queue_purge(&dev->resp_q);
2499 del_timer(&dev->listen_timer);
2501 list_for_each_entry_safe(cmd, n, &dev->cmd_queue, queue) {
2502 list_del(&cmd->queue);
2506 kfree(dev->in_frame);
2507 usb_free_urb(dev->in_urb);
2508 kfree(dev->out_frame);
2509 usb_free_urb(dev->out_urb);
2512 nfc_dev_info(&interface->dev, "NXP PN533 NFC device disconnected");
2515 static struct usb_driver pn533_driver = {
2517 .probe = pn533_probe,
2518 .disconnect = pn533_disconnect,
2519 .id_table = pn533_table,
2522 module_usb_driver(pn533_driver);
2524 MODULE_AUTHOR("Lauro Ramos Venancio <lauro.venancio@openbossa.org>,"
2525 " Aloisio Almeida Jr <aloisio.almeida@openbossa.org>");
2526 MODULE_DESCRIPTION("PN533 usb driver ver " VERSION);
2527 MODULE_VERSION(VERSION);
2528 MODULE_LICENSE("GPL");