2 * Copyright (C) 2011 Instituto Nokia de Tecnologia
5 * Lauro Ramos Venancio <lauro.venancio@openbossa.org>
6 * Aloisio Almeida Jr <aloisio.almeida@openbossa.org>
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the
20 * Free Software Foundation, Inc.,
21 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
24 #include <linux/device.h>
25 #include <linux/kernel.h>
26 #include <linux/module.h>
27 #include <linux/slab.h>
28 #include <linux/usb.h>
29 #include <linux/nfc.h>
30 #include <linux/netdevice.h>
31 #include <net/nfc/nfc.h>
35 #define PN533_VENDOR_ID 0x4CC
36 #define PN533_PRODUCT_ID 0x2533
38 #define SCM_VENDOR_ID 0x4E6
39 #define SCL3711_PRODUCT_ID 0x5591
41 #define SONY_VENDOR_ID 0x054c
42 #define PASORI_PRODUCT_ID 0x02e1
44 #define PN533_DEVICE_STD 0x1
45 #define PN533_DEVICE_PASORI 0x2
47 #define PN533_ALL_PROTOCOLS (NFC_PROTO_JEWEL_MASK | NFC_PROTO_MIFARE_MASK |\
48 NFC_PROTO_FELICA_MASK | NFC_PROTO_ISO14443_MASK |\
49 NFC_PROTO_NFC_DEP_MASK |\
50 NFC_PROTO_ISO14443_B_MASK)
52 #define PN533_NO_TYPE_B_PROTOCOLS (NFC_PROTO_JEWEL_MASK | \
53 NFC_PROTO_MIFARE_MASK | \
54 NFC_PROTO_FELICA_MASK | \
55 NFC_PROTO_ISO14443_MASK | \
56 NFC_PROTO_NFC_DEP_MASK)
58 static const struct usb_device_id pn533_table[] = {
59 { .match_flags = USB_DEVICE_ID_MATCH_DEVICE,
60 .idVendor = PN533_VENDOR_ID,
61 .idProduct = PN533_PRODUCT_ID,
62 .driver_info = PN533_DEVICE_STD,
64 { .match_flags = USB_DEVICE_ID_MATCH_DEVICE,
65 .idVendor = SCM_VENDOR_ID,
66 .idProduct = SCL3711_PRODUCT_ID,
67 .driver_info = PN533_DEVICE_STD,
69 { .match_flags = USB_DEVICE_ID_MATCH_DEVICE,
70 .idVendor = SONY_VENDOR_ID,
71 .idProduct = PASORI_PRODUCT_ID,
72 .driver_info = PN533_DEVICE_PASORI,
76 MODULE_DEVICE_TABLE(usb, pn533_table);
78 /* How much time we spend listening for initiators */
79 #define PN533_LISTEN_TIME 2
81 /* frame definitions */
82 #define PN533_NORMAL_FRAME_MAX_LEN 262 /* 6 (PREAMBLE, SOF, LEN, LCS, TFI)
85 #define PN533_FRAME_HEADER_LEN (sizeof(struct pn533_frame) \
86 + 2) /* data[0] TFI, data[1] CC */
87 #define PN533_FRAME_TAIL_LEN 2 /* data[len] DCS, data[len + 1] postamble*/
90 * Max extended frame payload len, excluding TFI and CC
91 * which are already in PN533_FRAME_HEADER_LEN.
93 #define PN533_FRAME_MAX_PAYLOAD_LEN 263
95 #define PN533_FRAME_SIZE(f) (sizeof(struct pn533_frame) + f->datalen + \
97 #define PN533_FRAME_ACK_SIZE 6 /* Preamble (1), SoPC (2), ACK Code (2),
99 #define PN533_FRAME_CHECKSUM(f) (f->data[f->datalen])
100 #define PN533_FRAME_POSTAMBLE(f) (f->data[f->datalen + 1])
103 #define PN533_SOF 0x00FF
105 /* frame identifier: in/out/error */
106 #define PN533_FRAME_IDENTIFIER(f) (f->data[0])
107 #define PN533_DIR_OUT 0xD4
108 #define PN533_DIR_IN 0xD5
111 #define PN533_FRAME_CMD(f) (f->data[1])
113 #define PN533_CMD_GET_FIRMWARE_VERSION 0x02
114 #define PN533_CMD_RF_CONFIGURATION 0x32
115 #define PN533_CMD_IN_DATA_EXCHANGE 0x40
116 #define PN533_CMD_IN_COMM_THRU 0x42
117 #define PN533_CMD_IN_LIST_PASSIVE_TARGET 0x4A
118 #define PN533_CMD_IN_ATR 0x50
119 #define PN533_CMD_IN_RELEASE 0x52
120 #define PN533_CMD_IN_JUMP_FOR_DEP 0x56
122 #define PN533_CMD_TG_INIT_AS_TARGET 0x8c
123 #define PN533_CMD_TG_GET_DATA 0x86
124 #define PN533_CMD_TG_SET_DATA 0x8e
125 #define PN533_CMD_UNDEF 0xff
127 #define PN533_CMD_RESPONSE(cmd) (cmd + 1)
129 /* PN533 Return codes */
130 #define PN533_CMD_RET_MASK 0x3F
131 #define PN533_CMD_MI_MASK 0x40
132 #define PN533_CMD_RET_SUCCESS 0x00
136 typedef int (*pn533_cmd_complete_t) (struct pn533 *dev, void *arg, int status);
138 typedef int (*pn533_send_async_complete_t) (struct pn533 *dev, void *arg,
139 struct sk_buff *resp);
141 /* structs for pn533 commands */
143 /* PN533_CMD_GET_FIRMWARE_VERSION */
144 struct pn533_fw_version {
151 /* PN533_CMD_RF_CONFIGURATION */
152 #define PN533_CFGITEM_TIMING 0x02
153 #define PN533_CFGITEM_MAX_RETRIES 0x05
154 #define PN533_CFGITEM_PASORI 0x82
156 #define PN533_CONFIG_TIMING_102 0xb
157 #define PN533_CONFIG_TIMING_204 0xc
158 #define PN533_CONFIG_TIMING_409 0xd
159 #define PN533_CONFIG_TIMING_819 0xe
161 #define PN533_CONFIG_MAX_RETRIES_NO_RETRY 0x00
162 #define PN533_CONFIG_MAX_RETRIES_ENDLESS 0xFF
164 struct pn533_config_max_retries {
167 u8 mx_rty_passive_act;
170 struct pn533_config_timing {
176 /* PN533_CMD_IN_LIST_PASSIVE_TARGET */
178 /* felica commands opcode */
179 #define PN533_FELICA_OPC_SENSF_REQ 0
180 #define PN533_FELICA_OPC_SENSF_RES 1
181 /* felica SENSF_REQ parameters */
182 #define PN533_FELICA_SENSF_SC_ALL 0xFFFF
183 #define PN533_FELICA_SENSF_RC_NO_SYSTEM_CODE 0
184 #define PN533_FELICA_SENSF_RC_SYSTEM_CODE 1
185 #define PN533_FELICA_SENSF_RC_ADVANCED_PROTOCOL 2
187 /* type B initiator_data values */
188 #define PN533_TYPE_B_AFI_ALL_FAMILIES 0
189 #define PN533_TYPE_B_POLL_METHOD_TIMESLOT 0
190 #define PN533_TYPE_B_POLL_METHOD_PROBABILISTIC 1
192 union pn533_cmd_poll_initdata {
205 /* Poll modulations */
207 PN533_POLL_MOD_106KBPS_A,
208 PN533_POLL_MOD_212KBPS_FELICA,
209 PN533_POLL_MOD_424KBPS_FELICA,
210 PN533_POLL_MOD_106KBPS_JEWEL,
211 PN533_POLL_MOD_847KBPS_B,
214 __PN533_POLL_MOD_AFTER_LAST,
216 #define PN533_POLL_MOD_MAX (__PN533_POLL_MOD_AFTER_LAST - 1)
218 struct pn533_poll_modulations {
222 union pn533_cmd_poll_initdata initiator_data;
227 const struct pn533_poll_modulations poll_mod[] = {
228 [PN533_POLL_MOD_106KBPS_A] = {
235 [PN533_POLL_MOD_212KBPS_FELICA] = {
239 .initiator_data.felica = {
240 .opcode = PN533_FELICA_OPC_SENSF_REQ,
241 .sc = PN533_FELICA_SENSF_SC_ALL,
242 .rc = PN533_FELICA_SENSF_RC_NO_SYSTEM_CODE,
248 [PN533_POLL_MOD_424KBPS_FELICA] = {
252 .initiator_data.felica = {
253 .opcode = PN533_FELICA_OPC_SENSF_REQ,
254 .sc = PN533_FELICA_SENSF_SC_ALL,
255 .rc = PN533_FELICA_SENSF_RC_NO_SYSTEM_CODE,
261 [PN533_POLL_MOD_106KBPS_JEWEL] = {
268 [PN533_POLL_MOD_847KBPS_B] = {
272 .initiator_data.type_b = {
273 .afi = PN533_TYPE_B_AFI_ALL_FAMILIES,
275 PN533_TYPE_B_POLL_METHOD_TIMESLOT,
280 [PN533_LISTEN_MOD] = {
285 /* PN533_CMD_IN_ATR */
287 struct pn533_cmd_activate_response {
299 struct pn533_cmd_jump_dep_response {
313 /* PN533_TG_INIT_AS_TARGET */
314 #define PN533_INIT_TARGET_PASSIVE 0x1
315 #define PN533_INIT_TARGET_DEP 0x2
317 #define PN533_INIT_TARGET_RESP_FRAME_MASK 0x3
318 #define PN533_INIT_TARGET_RESP_ACTIVE 0x1
319 #define PN533_INIT_TARGET_RESP_DEP 0x4
322 struct usb_device *udev;
323 struct usb_interface *interface;
324 struct nfc_dev *nfc_dev;
329 struct sk_buff_head resp_q;
331 struct workqueue_struct *wq;
332 struct work_struct cmd_work;
333 struct work_struct cmd_complete_work;
334 struct work_struct poll_work;
335 struct work_struct mi_work;
336 struct work_struct tg_work;
337 struct timer_list listen_timer;
338 struct pn533_frame *wq_in_frame;
342 pn533_cmd_complete_t cmd_complete;
343 void *cmd_complete_arg;
344 void *cmd_complete_mi_arg;
345 struct mutex cmd_lock;
348 struct pn533_poll_modulations *poll_mod_active[PN533_POLL_MOD_MAX + 1];
352 u32 listen_protocols;
357 u8 tgt_available_prots;
363 struct list_head cmd_queue;
368 struct list_head queue;
371 struct sk_buff *resp;
383 /* The rule: value + checksum = 0 */
384 static inline u8 pn533_checksum(u8 value)
389 /* The rule: sum(data elements) + checksum = 0 */
390 static u8 pn533_data_checksum(u8 *data, int datalen)
395 for (i = 0; i < datalen; i++)
398 return pn533_checksum(sum);
401 static void pn533_tx_frame_init(struct pn533_frame *frame, u8 cmd)
404 frame->start_frame = cpu_to_be16(PN533_SOF);
405 PN533_FRAME_IDENTIFIER(frame) = PN533_DIR_OUT;
406 PN533_FRAME_CMD(frame) = cmd;
410 static void pn533_tx_frame_finish(struct pn533_frame *frame)
412 frame->datalen_checksum = pn533_checksum(frame->datalen);
414 PN533_FRAME_CHECKSUM(frame) =
415 pn533_data_checksum(frame->data, frame->datalen);
417 PN533_FRAME_POSTAMBLE(frame) = 0;
420 static bool pn533_rx_frame_is_valid(struct pn533_frame *frame)
424 if (frame->start_frame != cpu_to_be16(PN533_SOF))
427 checksum = pn533_checksum(frame->datalen);
428 if (checksum != frame->datalen_checksum)
431 checksum = pn533_data_checksum(frame->data, frame->datalen);
432 if (checksum != PN533_FRAME_CHECKSUM(frame))
438 static bool pn533_rx_frame_is_ack(struct pn533_frame *frame)
440 if (frame->start_frame != cpu_to_be16(PN533_SOF))
443 if (frame->datalen != 0 || frame->datalen_checksum != 0xFF)
449 static bool pn533_rx_frame_is_cmd_response(struct pn533_frame *frame, u8 cmd)
451 return (PN533_FRAME_CMD(frame) == PN533_CMD_RESPONSE(cmd));
455 static void pn533_wq_cmd_complete(struct work_struct *work)
457 struct pn533 *dev = container_of(work, struct pn533, cmd_complete_work);
460 rc = dev->cmd_complete(dev, dev->cmd_complete_arg, dev->wq_in_error);
461 if (rc != -EINPROGRESS)
462 queue_work(dev->wq, &dev->cmd_work);
465 static void pn533_recv_response(struct urb *urb)
467 struct pn533 *dev = urb->context;
468 struct pn533_frame *in_frame;
470 dev->wq_in_frame = NULL;
472 switch (urb->status) {
477 nfc_dev_dbg(&dev->interface->dev,
478 "The urb has been canceled (status %d)",
480 dev->wq_in_error = urb->status;
485 nfc_dev_err(&dev->interface->dev,
486 "Urb failure (status %d)", urb->status);
487 dev->wq_in_error = urb->status;
491 in_frame = dev->in_urb->transfer_buffer;
493 nfc_dev_dbg(&dev->interface->dev, "Received a frame.");
494 print_hex_dump(KERN_DEBUG, "PN533 RX: ", DUMP_PREFIX_NONE, 16, 1,
495 in_frame, PN533_FRAME_SIZE(in_frame), false);
497 if (!pn533_rx_frame_is_valid(in_frame)) {
498 nfc_dev_err(&dev->interface->dev, "Received an invalid frame");
499 dev->wq_in_error = -EIO;
503 if (!pn533_rx_frame_is_cmd_response(in_frame, dev->cmd)) {
504 nfc_dev_err(&dev->interface->dev,
505 "It it not the response to the last command");
506 dev->wq_in_error = -EIO;
510 dev->wq_in_error = 0;
511 dev->wq_in_frame = in_frame;
514 queue_work(dev->wq, &dev->cmd_complete_work);
517 static int pn533_submit_urb_for_response(struct pn533 *dev, gfp_t flags)
519 dev->in_urb->complete = pn533_recv_response;
521 return usb_submit_urb(dev->in_urb, flags);
524 static void pn533_recv_ack(struct urb *urb)
526 struct pn533 *dev = urb->context;
527 struct pn533_frame *in_frame;
530 switch (urb->status) {
535 nfc_dev_dbg(&dev->interface->dev,
536 "The urb has been stopped (status %d)",
538 dev->wq_in_error = urb->status;
543 nfc_dev_err(&dev->interface->dev,
544 "Urb failure (status %d)", urb->status);
545 dev->wq_in_error = urb->status;
549 in_frame = dev->in_urb->transfer_buffer;
551 if (!pn533_rx_frame_is_ack(in_frame)) {
552 nfc_dev_err(&dev->interface->dev, "Received an invalid ack");
553 dev->wq_in_error = -EIO;
557 rc = pn533_submit_urb_for_response(dev, GFP_ATOMIC);
559 nfc_dev_err(&dev->interface->dev,
560 "usb_submit_urb failed with result %d", rc);
561 dev->wq_in_error = rc;
568 dev->wq_in_frame = NULL;
569 queue_work(dev->wq, &dev->cmd_complete_work);
572 static int pn533_submit_urb_for_ack(struct pn533 *dev, gfp_t flags)
574 dev->in_urb->complete = pn533_recv_ack;
576 return usb_submit_urb(dev->in_urb, flags);
579 static int pn533_send_ack(struct pn533 *dev, gfp_t flags)
581 u8 ack[PN533_FRAME_ACK_SIZE] = {0x00, 0x00, 0xff, 0x00, 0xff, 0x00};
582 /* spec 7.1.1.3: Preamble, SoPC (2), ACK Code (2), Postamble */
585 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
587 dev->out_urb->transfer_buffer = ack;
588 dev->out_urb->transfer_buffer_length = sizeof(ack);
589 rc = usb_submit_urb(dev->out_urb, flags);
594 static int __pn533_send_frame_async(struct pn533 *dev,
598 pn533_cmd_complete_t cmd_complete,
603 dev->cmd = PN533_FRAME_CMD(((struct pn533_frame *)out->data));
604 dev->cmd_complete = cmd_complete;
605 dev->cmd_complete_arg = arg;
607 dev->out_urb->transfer_buffer = out->data;
608 dev->out_urb->transfer_buffer_length = out->len;
610 dev->in_urb->transfer_buffer = in->data;
611 dev->in_urb->transfer_buffer_length = in_len;
613 print_hex_dump(KERN_DEBUG, "PN533 TX: ", DUMP_PREFIX_NONE, 16, 1,
614 out->data, out->len, false);
616 rc = usb_submit_urb(dev->out_urb, GFP_KERNEL);
620 rc = pn533_submit_urb_for_ack(dev, GFP_KERNEL);
627 usb_unlink_urb(dev->out_urb);
631 static void pn533_build_cmd_frame(u8 cmd_code, struct sk_buff *skb)
633 struct pn533_frame *frame;
634 /* payload is already there, just update datalen */
635 int payload_len = skb->len;
637 skb_push(skb, PN533_FRAME_HEADER_LEN);
638 skb_put(skb, PN533_FRAME_TAIL_LEN);
640 frame = (struct pn533_frame *)skb->data;
642 pn533_tx_frame_init(frame, cmd_code);
643 frame->datalen += payload_len;
644 pn533_tx_frame_finish(frame);
647 struct pn533_send_async_complete_arg {
648 pn533_send_async_complete_t complete_cb;
649 void *complete_cb_context;
650 struct sk_buff *resp;
654 static int pn533_send_async_complete(struct pn533 *dev, void *_arg, int status)
656 struct pn533_send_async_complete_arg *arg = _arg;
658 struct sk_buff *req = arg->req;
659 struct sk_buff *resp = arg->resp;
661 struct pn533_frame *frame = (struct pn533_frame *)resp->data;
667 arg->complete_cb(dev, arg->complete_cb_context,
674 skb_put(resp, PN533_FRAME_SIZE(frame));
675 skb_pull(resp, PN533_FRAME_HEADER_LEN);
676 skb_trim(resp, resp->len - PN533_FRAME_TAIL_LEN);
678 rc = arg->complete_cb(dev, arg->complete_cb_context, resp);
684 static int __pn533_send_async(struct pn533 *dev, u8 cmd_code,
685 struct sk_buff *req, struct sk_buff *resp,
687 pn533_send_async_complete_t complete_cb,
688 void *complete_cb_context)
690 struct pn533_cmd *cmd;
691 struct pn533_send_async_complete_arg *arg;
694 nfc_dev_dbg(&dev->interface->dev, "Sending command 0x%x", cmd_code);
696 arg = kzalloc(sizeof(arg), GFP_KERNEL);
700 arg->complete_cb = complete_cb;
701 arg->complete_cb_context = complete_cb_context;
705 pn533_build_cmd_frame(cmd_code, req);
707 mutex_lock(&dev->cmd_lock);
709 if (!dev->cmd_pending) {
710 rc = __pn533_send_frame_async(dev, req, resp, resp_len,
711 pn533_send_async_complete, arg);
715 dev->cmd_pending = 1;
719 nfc_dev_dbg(&dev->interface->dev, "%s Queueing command 0x%x", __func__,
722 cmd = kzalloc(sizeof(struct pn533_cmd), GFP_KERNEL);
728 INIT_LIST_HEAD(&cmd->queue);
729 cmd->cmd_code = cmd_code;
734 list_add_tail(&cmd->queue, &dev->cmd_queue);
741 mutex_unlock(&dev->cmd_lock);
745 static int pn533_send_data_async(struct pn533 *dev, u8 cmd_code,
747 pn533_send_async_complete_t complete_cb,
748 void *complete_cb_context)
750 struct sk_buff *resp;
752 int resp_len = PN533_FRAME_HEADER_LEN +
753 PN533_FRAME_MAX_PAYLOAD_LEN +
754 PN533_FRAME_TAIL_LEN;
756 resp = nfc_alloc_recv_skb(resp_len, GFP_KERNEL);
760 rc = __pn533_send_async(dev, cmd_code, req, resp, resp_len, complete_cb,
761 complete_cb_context);
768 static int pn533_send_cmd_async(struct pn533 *dev, u8 cmd_code,
770 pn533_send_async_complete_t complete_cb,
771 void *complete_cb_context)
773 struct sk_buff *resp;
776 resp = alloc_skb(PN533_NORMAL_FRAME_MAX_LEN, GFP_KERNEL);
780 rc = __pn533_send_async(dev, cmd_code, req, resp,
781 PN533_NORMAL_FRAME_MAX_LEN,
782 complete_cb, complete_cb_context);
790 * pn533_send_cmd_direct_async
792 * The function sends a piority cmd directly to the chip omiting the cmd
793 * queue. It's intended to be used by chaining mechanism of received responses
794 * where the host has to request every single chunk of data before scheduling
795 * next cmd from the queue.
797 static int pn533_send_cmd_direct_async(struct pn533 *dev, u8 cmd_code,
799 pn533_send_async_complete_t complete_cb,
800 void *complete_cb_context)
802 struct pn533_send_async_complete_arg *arg;
803 struct sk_buff *resp;
805 int resp_len = PN533_FRAME_HEADER_LEN +
806 PN533_FRAME_MAX_PAYLOAD_LEN +
807 PN533_FRAME_TAIL_LEN;
809 resp = alloc_skb(resp_len, GFP_KERNEL);
813 arg = kzalloc(sizeof(arg), GFP_KERNEL);
819 arg->complete_cb = complete_cb;
820 arg->complete_cb_context = complete_cb_context;
824 pn533_build_cmd_frame(cmd_code, req);
826 rc = __pn533_send_frame_async(dev, req, resp, resp_len,
827 pn533_send_async_complete, arg);
836 static void pn533_wq_cmd(struct work_struct *work)
838 struct pn533 *dev = container_of(work, struct pn533, cmd_work);
839 struct pn533_cmd *cmd;
841 mutex_lock(&dev->cmd_lock);
843 if (list_empty(&dev->cmd_queue)) {
844 dev->cmd_pending = 0;
845 mutex_unlock(&dev->cmd_lock);
849 cmd = list_first_entry(&dev->cmd_queue, struct pn533_cmd, queue);
851 list_del(&cmd->queue);
853 mutex_unlock(&dev->cmd_lock);
855 __pn533_send_frame_async(dev, cmd->req, cmd->resp,
856 PN533_NORMAL_FRAME_MAX_LEN,
857 pn533_send_async_complete,
863 struct pn533_sync_cmd_response {
864 struct sk_buff *resp;
865 struct completion done;
868 static int pn533_send_sync_complete(struct pn533 *dev, void *_arg,
869 struct sk_buff *resp)
871 struct pn533_sync_cmd_response *arg = _arg;
874 complete(&arg->done);
879 /* pn533_send_cmd_sync
881 * Please note the req parameter is freed inside the function to
882 * limit a number of return value interpretations by the caller.
884 * 1. negative in case of error during TX path -> req should be freed
886 * 2. negative in case of error during RX path -> req should not be freed
887 * as it's been already freed at the begining of RX path by
890 * 3. valid pointer in case of succesfult RX path
892 * A caller has to check a return value with IS_ERR macro. If the test pass,
893 * the returned pointer is valid.
896 static struct sk_buff *pn533_send_cmd_sync(struct pn533 *dev, u8 cmd_code,
900 struct pn533_sync_cmd_response arg;
902 init_completion(&arg.done);
904 rc = pn533_send_cmd_async(dev, cmd_code, req,
905 pn533_send_sync_complete, &arg);
911 wait_for_completion(&arg.done);
916 static void pn533_send_complete(struct urb *urb)
918 struct pn533 *dev = urb->context;
920 switch (urb->status) {
925 nfc_dev_dbg(&dev->interface->dev,
926 "The urb has been stopped (status %d)",
931 nfc_dev_err(&dev->interface->dev,
932 "Urb failure (status %d)", urb->status);
936 static struct sk_buff *pn533_alloc_skb(unsigned int size)
940 skb = alloc_skb(PN533_FRAME_HEADER_LEN +
942 PN533_FRAME_TAIL_LEN, GFP_KERNEL);
945 skb_reserve(skb, PN533_FRAME_HEADER_LEN);
950 struct pn533_target_type_a {
958 #define PN533_TYPE_A_SENS_RES_NFCID1(x) ((u8)((be16_to_cpu(x) & 0x00C0) >> 6))
959 #define PN533_TYPE_A_SENS_RES_SSD(x) ((u8)((be16_to_cpu(x) & 0x001F) >> 0))
960 #define PN533_TYPE_A_SENS_RES_PLATCONF(x) ((u8)((be16_to_cpu(x) & 0x0F00) >> 8))
962 #define PN533_TYPE_A_SENS_RES_SSD_JEWEL 0x00
963 #define PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL 0x0C
965 #define PN533_TYPE_A_SEL_PROT(x) (((x) & 0x60) >> 5)
966 #define PN533_TYPE_A_SEL_CASCADE(x) (((x) & 0x04) >> 2)
968 #define PN533_TYPE_A_SEL_PROT_MIFARE 0
969 #define PN533_TYPE_A_SEL_PROT_ISO14443 1
970 #define PN533_TYPE_A_SEL_PROT_DEP 2
971 #define PN533_TYPE_A_SEL_PROT_ISO14443_DEP 3
973 static bool pn533_target_type_a_is_valid(struct pn533_target_type_a *type_a,
979 if (target_data_len < sizeof(struct pn533_target_type_a))
982 /* The lenght check of nfcid[] and ats[] are not being performed because
983 the values are not being used */
985 /* Requirement 4.6.3.3 from NFC Forum Digital Spec */
986 ssd = PN533_TYPE_A_SENS_RES_SSD(type_a->sens_res);
987 platconf = PN533_TYPE_A_SENS_RES_PLATCONF(type_a->sens_res);
989 if ((ssd == PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
990 platconf != PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL) ||
991 (ssd != PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
992 platconf == PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL))
995 /* Requirements 4.8.2.1, 4.8.2.3, 4.8.2.5 and 4.8.2.7 from NFC Forum */
996 if (PN533_TYPE_A_SEL_CASCADE(type_a->sel_res) != 0)
1002 static int pn533_target_found_type_a(struct nfc_target *nfc_tgt, u8 *tgt_data,
1005 struct pn533_target_type_a *tgt_type_a;
1007 tgt_type_a = (struct pn533_target_type_a *)tgt_data;
1009 if (!pn533_target_type_a_is_valid(tgt_type_a, tgt_data_len))
1012 switch (PN533_TYPE_A_SEL_PROT(tgt_type_a->sel_res)) {
1013 case PN533_TYPE_A_SEL_PROT_MIFARE:
1014 nfc_tgt->supported_protocols = NFC_PROTO_MIFARE_MASK;
1016 case PN533_TYPE_A_SEL_PROT_ISO14443:
1017 nfc_tgt->supported_protocols = NFC_PROTO_ISO14443_MASK;
1019 case PN533_TYPE_A_SEL_PROT_DEP:
1020 nfc_tgt->supported_protocols = NFC_PROTO_NFC_DEP_MASK;
1022 case PN533_TYPE_A_SEL_PROT_ISO14443_DEP:
1023 nfc_tgt->supported_protocols = NFC_PROTO_ISO14443_MASK |
1024 NFC_PROTO_NFC_DEP_MASK;
1028 nfc_tgt->sens_res = be16_to_cpu(tgt_type_a->sens_res);
1029 nfc_tgt->sel_res = tgt_type_a->sel_res;
1030 nfc_tgt->nfcid1_len = tgt_type_a->nfcid_len;
1031 memcpy(nfc_tgt->nfcid1, tgt_type_a->nfcid_data, nfc_tgt->nfcid1_len);
1036 struct pn533_target_felica {
1045 #define PN533_FELICA_SENSF_NFCID2_DEP_B1 0x01
1046 #define PN533_FELICA_SENSF_NFCID2_DEP_B2 0xFE
1048 static bool pn533_target_felica_is_valid(struct pn533_target_felica *felica,
1049 int target_data_len)
1051 if (target_data_len < sizeof(struct pn533_target_felica))
1054 if (felica->opcode != PN533_FELICA_OPC_SENSF_RES)
1060 static int pn533_target_found_felica(struct nfc_target *nfc_tgt, u8 *tgt_data,
1063 struct pn533_target_felica *tgt_felica;
1065 tgt_felica = (struct pn533_target_felica *)tgt_data;
1067 if (!pn533_target_felica_is_valid(tgt_felica, tgt_data_len))
1070 if ((tgt_felica->nfcid2[0] == PN533_FELICA_SENSF_NFCID2_DEP_B1) &&
1071 (tgt_felica->nfcid2[1] == PN533_FELICA_SENSF_NFCID2_DEP_B2))
1072 nfc_tgt->supported_protocols = NFC_PROTO_NFC_DEP_MASK;
1074 nfc_tgt->supported_protocols = NFC_PROTO_FELICA_MASK;
1076 memcpy(nfc_tgt->sensf_res, &tgt_felica->opcode, 9);
1077 nfc_tgt->sensf_res_len = 9;
1082 struct pn533_target_jewel {
1087 static bool pn533_target_jewel_is_valid(struct pn533_target_jewel *jewel,
1088 int target_data_len)
1093 if (target_data_len < sizeof(struct pn533_target_jewel))
1096 /* Requirement 4.6.3.3 from NFC Forum Digital Spec */
1097 ssd = PN533_TYPE_A_SENS_RES_SSD(jewel->sens_res);
1098 platconf = PN533_TYPE_A_SENS_RES_PLATCONF(jewel->sens_res);
1100 if ((ssd == PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
1101 platconf != PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL) ||
1102 (ssd != PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
1103 platconf == PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL))
1109 static int pn533_target_found_jewel(struct nfc_target *nfc_tgt, u8 *tgt_data,
1112 struct pn533_target_jewel *tgt_jewel;
1114 tgt_jewel = (struct pn533_target_jewel *)tgt_data;
1116 if (!pn533_target_jewel_is_valid(tgt_jewel, tgt_data_len))
1119 nfc_tgt->supported_protocols = NFC_PROTO_JEWEL_MASK;
1120 nfc_tgt->sens_res = be16_to_cpu(tgt_jewel->sens_res);
1121 nfc_tgt->nfcid1_len = 4;
1122 memcpy(nfc_tgt->nfcid1, tgt_jewel->jewelid, nfc_tgt->nfcid1_len);
1127 struct pn533_type_b_prot_info {
1133 #define PN533_TYPE_B_PROT_FCSI(x) (((x) & 0xF0) >> 4)
1134 #define PN533_TYPE_B_PROT_TYPE(x) (((x) & 0x0F) >> 0)
1135 #define PN533_TYPE_B_PROT_TYPE_RFU_MASK 0x8
1137 struct pn533_type_b_sens_res {
1141 struct pn533_type_b_prot_info prot_info;
1144 #define PN533_TYPE_B_OPC_SENSB_RES 0x50
1146 struct pn533_target_type_b {
1147 struct pn533_type_b_sens_res sensb_res;
1152 static bool pn533_target_type_b_is_valid(struct pn533_target_type_b *type_b,
1153 int target_data_len)
1155 if (target_data_len < sizeof(struct pn533_target_type_b))
1158 if (type_b->sensb_res.opcode != PN533_TYPE_B_OPC_SENSB_RES)
1161 if (PN533_TYPE_B_PROT_TYPE(type_b->sensb_res.prot_info.fsci_type) &
1162 PN533_TYPE_B_PROT_TYPE_RFU_MASK)
1168 static int pn533_target_found_type_b(struct nfc_target *nfc_tgt, u8 *tgt_data,
1171 struct pn533_target_type_b *tgt_type_b;
1173 tgt_type_b = (struct pn533_target_type_b *)tgt_data;
1175 if (!pn533_target_type_b_is_valid(tgt_type_b, tgt_data_len))
1178 nfc_tgt->supported_protocols = NFC_PROTO_ISO14443_B_MASK;
1183 static int pn533_target_found(struct pn533 *dev, u8 tg, u8 *tgdata,
1186 struct nfc_target nfc_tgt;
1189 nfc_dev_dbg(&dev->interface->dev, "%s - modulation=%d", __func__,
1190 dev->poll_mod_curr);
1195 memset(&nfc_tgt, 0, sizeof(struct nfc_target));
1197 switch (dev->poll_mod_curr) {
1198 case PN533_POLL_MOD_106KBPS_A:
1199 rc = pn533_target_found_type_a(&nfc_tgt, tgdata, tgdata_len);
1201 case PN533_POLL_MOD_212KBPS_FELICA:
1202 case PN533_POLL_MOD_424KBPS_FELICA:
1203 rc = pn533_target_found_felica(&nfc_tgt, tgdata, tgdata_len);
1205 case PN533_POLL_MOD_106KBPS_JEWEL:
1206 rc = pn533_target_found_jewel(&nfc_tgt, tgdata, tgdata_len);
1208 case PN533_POLL_MOD_847KBPS_B:
1209 rc = pn533_target_found_type_b(&nfc_tgt, tgdata, tgdata_len);
1212 nfc_dev_err(&dev->interface->dev,
1213 "Unknown current poll modulation");
1220 if (!(nfc_tgt.supported_protocols & dev->poll_protocols)) {
1221 nfc_dev_dbg(&dev->interface->dev,
1222 "The Tg found doesn't have the desired protocol");
1226 nfc_dev_dbg(&dev->interface->dev,
1227 "Target found - supported protocols: 0x%x",
1228 nfc_tgt.supported_protocols);
1230 dev->tgt_available_prots = nfc_tgt.supported_protocols;
1232 nfc_targets_found(dev->nfc_dev, &nfc_tgt, 1);
1237 static inline void pn533_poll_next_mod(struct pn533 *dev)
1239 dev->poll_mod_curr = (dev->poll_mod_curr + 1) % dev->poll_mod_count;
1242 static void pn533_poll_reset_mod_list(struct pn533 *dev)
1244 dev->poll_mod_count = 0;
1247 static void pn533_poll_add_mod(struct pn533 *dev, u8 mod_index)
1249 dev->poll_mod_active[dev->poll_mod_count] =
1250 (struct pn533_poll_modulations *)&poll_mod[mod_index];
1251 dev->poll_mod_count++;
1254 static void pn533_poll_create_mod_list(struct pn533 *dev,
1255 u32 im_protocols, u32 tm_protocols)
1257 pn533_poll_reset_mod_list(dev);
1259 if ((im_protocols & NFC_PROTO_MIFARE_MASK) ||
1260 (im_protocols & NFC_PROTO_ISO14443_MASK) ||
1261 (im_protocols & NFC_PROTO_NFC_DEP_MASK))
1262 pn533_poll_add_mod(dev, PN533_POLL_MOD_106KBPS_A);
1264 if (im_protocols & NFC_PROTO_FELICA_MASK ||
1265 im_protocols & NFC_PROTO_NFC_DEP_MASK) {
1266 pn533_poll_add_mod(dev, PN533_POLL_MOD_212KBPS_FELICA);
1267 pn533_poll_add_mod(dev, PN533_POLL_MOD_424KBPS_FELICA);
1270 if (im_protocols & NFC_PROTO_JEWEL_MASK)
1271 pn533_poll_add_mod(dev, PN533_POLL_MOD_106KBPS_JEWEL);
1273 if (im_protocols & NFC_PROTO_ISO14443_B_MASK)
1274 pn533_poll_add_mod(dev, PN533_POLL_MOD_847KBPS_B);
1277 pn533_poll_add_mod(dev, PN533_LISTEN_MOD);
1280 static int pn533_start_poll_complete(struct pn533 *dev, struct sk_buff *resp)
1282 u8 nbtg, tg, *tgdata;
1285 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1287 nbtg = resp->data[0];
1289 tgdata = &resp->data[2];
1290 tgdata_len = resp->len - 2; /* nbtg + tg */
1293 rc = pn533_target_found(dev, tg, tgdata, tgdata_len);
1295 /* We must stop the poll after a valid target found */
1297 pn533_poll_reset_mod_list(dev);
1305 static struct sk_buff *pn533_alloc_poll_tg_frame(u8 *gbytes, size_t gbytes_len)
1307 struct sk_buff *skb;
1308 u8 *felica, *nfcid3, *gb;
1310 u8 felica_params[18] = {0x1, 0xfe, /* DEP */
1311 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, /* random */
1312 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
1313 0xff, 0xff}; /* System code */
1315 u8 mifare_params[6] = {0x1, 0x1, /* SENS_RES */
1317 0x40}; /* SEL_RES for DEP */
1319 unsigned int skb_len = 36 + /* mode (1), mifare (6),
1320 felica (18), nfcid3 (10), gb_len (1) */
1324 skb = pn533_alloc_skb(skb_len);
1328 /* DEP support only */
1329 *skb_put(skb, 1) |= PN533_INIT_TARGET_DEP;
1332 memcpy(skb_put(skb, 6), mifare_params, 6);
1335 felica = skb_put(skb, 18);
1336 memcpy(felica, felica_params, 18);
1337 get_random_bytes(felica + 2, 6);
1340 nfcid3 = skb_put(skb, 10);
1341 memset(nfcid3, 0, 10);
1342 memcpy(nfcid3, felica, 8);
1345 *skb_put(skb, 1) = gbytes_len;
1347 gb = skb_put(skb, gbytes_len);
1348 memcpy(gb, gbytes, gbytes_len);
1351 *skb_put(skb, 1) = 0;
1356 #define PN533_CMD_DATAEXCH_HEAD_LEN 1
1357 #define PN533_CMD_DATAEXCH_DATA_MAXLEN 262
1358 static int pn533_tm_get_data_complete(struct pn533 *dev, void *arg,
1359 struct sk_buff *resp)
1363 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1366 return PTR_ERR(resp);
1368 status = resp->data[0];
1369 skb_pull(resp, sizeof(status));
1372 nfc_tm_deactivated(dev->nfc_dev);
1374 dev_kfree_skb(resp);
1378 return nfc_tm_data_received(dev->nfc_dev, resp);
1381 static void pn533_wq_tg_get_data(struct work_struct *work)
1383 struct pn533 *dev = container_of(work, struct pn533, tg_work);
1385 struct sk_buff *skb;
1388 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1390 skb = pn533_alloc_skb(0);
1394 rc = pn533_send_data_async(dev, PN533_CMD_TG_GET_DATA, skb,
1395 pn533_tm_get_data_complete, NULL);
1403 #define ATR_REQ_GB_OFFSET 17
1404 static int pn533_init_target_complete(struct pn533 *dev, struct sk_buff *resp)
1406 u8 mode, *cmd, comm_mode = NFC_COMM_PASSIVE, *gb;
1410 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1412 if (resp->len < ATR_REQ_GB_OFFSET + 1)
1415 mode = resp->data[0];
1416 cmd = &resp->data[1];
1418 nfc_dev_dbg(&dev->interface->dev, "Target mode 0x%x len %d\n",
1421 if ((mode & PN533_INIT_TARGET_RESP_FRAME_MASK) ==
1422 PN533_INIT_TARGET_RESP_ACTIVE)
1423 comm_mode = NFC_COMM_ACTIVE;
1425 if ((mode & PN533_INIT_TARGET_RESP_DEP) == 0) /* Only DEP supported */
1428 gb = cmd + ATR_REQ_GB_OFFSET;
1429 gb_len = resp->len - (ATR_REQ_GB_OFFSET + 1);
1431 rc = nfc_tm_activated(dev->nfc_dev, NFC_PROTO_NFC_DEP_MASK,
1432 comm_mode, gb, gb_len);
1434 nfc_dev_err(&dev->interface->dev,
1435 "Error when signaling target activation");
1440 queue_work(dev->wq, &dev->tg_work);
1445 static void pn533_listen_mode_timer(unsigned long data)
1447 struct pn533 *dev = (struct pn533 *)data;
1449 nfc_dev_dbg(&dev->interface->dev, "Listen mode timeout");
1451 /* An ack will cancel the last issued command (poll) */
1452 pn533_send_ack(dev, GFP_ATOMIC);
1454 dev->cancel_listen = 1;
1456 pn533_poll_next_mod(dev);
1458 queue_work(dev->wq, &dev->poll_work);
1461 static int pn533_poll_complete(struct pn533 *dev, void *arg,
1462 struct sk_buff *resp)
1464 struct pn533_poll_modulations *cur_mod;
1467 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1472 nfc_dev_err(&dev->interface->dev, "%s Poll complete error %d",
1475 if (rc == -ENOENT) {
1476 if (dev->poll_mod_count != 0)
1480 } else if (rc < 0) {
1481 nfc_dev_err(&dev->interface->dev,
1482 "Error %d when running poll", rc);
1487 cur_mod = dev->poll_mod_active[dev->poll_mod_curr];
1489 if (cur_mod->len == 0) { /* Target mode */
1490 del_timer(&dev->listen_timer);
1491 rc = pn533_init_target_complete(dev, resp);
1495 /* Initiator mode */
1496 rc = pn533_start_poll_complete(dev, resp);
1500 pn533_poll_next_mod(dev);
1501 queue_work(dev->wq, &dev->poll_work);
1504 dev_kfree_skb(resp);
1508 nfc_dev_err(&dev->interface->dev, "Polling operation has been stopped");
1510 pn533_poll_reset_mod_list(dev);
1511 dev->poll_protocols = 0;
1515 static struct sk_buff *pn533_alloc_poll_in_frame(struct pn533_poll_modulations
1518 struct sk_buff *skb;
1520 skb = pn533_alloc_skb(mod->len);
1524 memcpy(skb_put(skb, mod->len), &mod->data, mod->len);
1529 static int pn533_send_poll_frame(struct pn533 *dev)
1531 struct pn533_poll_modulations *mod;
1532 struct sk_buff *skb;
1536 mod = dev->poll_mod_active[dev->poll_mod_curr];
1538 nfc_dev_dbg(&dev->interface->dev, "%s mod len %d\n",
1539 __func__, mod->len);
1541 if (mod->len == 0) { /* Listen mode */
1542 cmd_code = PN533_CMD_TG_INIT_AS_TARGET;
1543 skb = pn533_alloc_poll_tg_frame(dev->gb, dev->gb_len);
1544 } else { /* Polling mode */
1545 cmd_code = PN533_CMD_IN_LIST_PASSIVE_TARGET;
1546 skb = pn533_alloc_poll_in_frame(mod);
1550 nfc_dev_err(&dev->interface->dev, "Failed to allocate skb.");
1554 rc = pn533_send_cmd_async(dev, cmd_code, skb, pn533_poll_complete,
1558 nfc_dev_err(&dev->interface->dev, "Polling loop error %d", rc);
1564 static void pn533_wq_poll(struct work_struct *work)
1566 struct pn533 *dev = container_of(work, struct pn533, poll_work);
1567 struct pn533_poll_modulations *cur_mod;
1570 cur_mod = dev->poll_mod_active[dev->poll_mod_curr];
1572 nfc_dev_dbg(&dev->interface->dev,
1573 "%s cancel_listen %d modulation len %d",
1574 __func__, dev->cancel_listen, cur_mod->len);
1576 if (dev->cancel_listen == 1) {
1577 dev->cancel_listen = 0;
1578 usb_kill_urb(dev->in_urb);
1581 rc = pn533_send_poll_frame(dev);
1585 if (cur_mod->len == 0 && dev->poll_mod_count > 1)
1586 mod_timer(&dev->listen_timer, jiffies + PN533_LISTEN_TIME * HZ);
1591 static int pn533_start_poll(struct nfc_dev *nfc_dev,
1592 u32 im_protocols, u32 tm_protocols)
1594 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1596 nfc_dev_dbg(&dev->interface->dev,
1597 "%s: im protocols 0x%x tm protocols 0x%x",
1598 __func__, im_protocols, tm_protocols);
1600 if (dev->tgt_active_prot) {
1601 nfc_dev_err(&dev->interface->dev,
1602 "Cannot poll with a target already activated");
1606 if (dev->tgt_mode) {
1607 nfc_dev_err(&dev->interface->dev,
1608 "Cannot poll while already being activated");
1613 dev->gb = nfc_get_local_general_bytes(nfc_dev, &dev->gb_len);
1614 if (dev->gb == NULL)
1618 dev->poll_mod_curr = 0;
1619 pn533_poll_create_mod_list(dev, im_protocols, tm_protocols);
1620 dev->poll_protocols = im_protocols;
1621 dev->listen_protocols = tm_protocols;
1623 return pn533_send_poll_frame(dev);
1626 static void pn533_stop_poll(struct nfc_dev *nfc_dev)
1628 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1630 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1632 del_timer(&dev->listen_timer);
1634 if (!dev->poll_mod_count) {
1635 nfc_dev_dbg(&dev->interface->dev,
1636 "Polling operation was not running");
1640 /* An ack will cancel the last issued command (poll) */
1641 pn533_send_ack(dev, GFP_KERNEL);
1643 /* prevent pn533_start_poll_complete to issue a new poll meanwhile */
1644 usb_kill_urb(dev->in_urb);
1646 pn533_poll_reset_mod_list(dev);
1649 static int pn533_activate_target_nfcdep(struct pn533 *dev)
1651 struct pn533_cmd_activate_response *rsp;
1655 struct sk_buff *skb;
1656 struct sk_buff *resp;
1658 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1660 skb = pn533_alloc_skb(sizeof(u8) * 2); /*TG + Next*/
1664 *skb_put(skb, sizeof(u8)) = 1; /* TG */
1665 *skb_put(skb, sizeof(u8)) = 0; /* Next */
1667 resp = pn533_send_cmd_sync(dev, PN533_CMD_IN_ATR, skb);
1669 return PTR_ERR(resp);
1671 rsp = (struct pn533_cmd_activate_response *)resp->data;
1672 rc = rsp->status & PN533_CMD_RET_MASK;
1673 if (rc != PN533_CMD_RET_SUCCESS)
1674 dev_kfree_skb(resp);
1677 /* ATR_RES general bytes are located at offset 16 */
1678 gt_len = resp->len - 16;
1679 rc = nfc_set_remote_general_bytes(dev->nfc_dev, rsp->gt, gt_len);
1681 dev_kfree_skb(resp);
1685 static int pn533_activate_target(struct nfc_dev *nfc_dev,
1686 struct nfc_target *target, u32 protocol)
1688 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1691 nfc_dev_dbg(&dev->interface->dev, "%s - protocol=%u", __func__,
1694 if (dev->poll_mod_count) {
1695 nfc_dev_err(&dev->interface->dev,
1696 "Cannot activate while polling");
1700 if (dev->tgt_active_prot) {
1701 nfc_dev_err(&dev->interface->dev,
1702 "There is already an active target");
1706 if (!dev->tgt_available_prots) {
1707 nfc_dev_err(&dev->interface->dev,
1708 "There is no available target to activate");
1712 if (!(dev->tgt_available_prots & (1 << protocol))) {
1713 nfc_dev_err(&dev->interface->dev,
1714 "Target doesn't support requested proto %u",
1719 if (protocol == NFC_PROTO_NFC_DEP) {
1720 rc = pn533_activate_target_nfcdep(dev);
1722 nfc_dev_err(&dev->interface->dev,
1723 "Activating target with DEP failed %d", rc);
1728 dev->tgt_active_prot = protocol;
1729 dev->tgt_available_prots = 0;
1734 static void pn533_deactivate_target(struct nfc_dev *nfc_dev,
1735 struct nfc_target *target)
1737 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1739 struct sk_buff *skb;
1740 struct sk_buff *resp;
1744 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1746 if (!dev->tgt_active_prot) {
1747 nfc_dev_err(&dev->interface->dev, "There is no active target");
1751 dev->tgt_active_prot = 0;
1752 skb_queue_purge(&dev->resp_q);
1754 skb = pn533_alloc_skb(sizeof(u8));
1758 *skb_put(skb, 1) = 1; /* TG*/
1760 resp = pn533_send_cmd_sync(dev, PN533_CMD_IN_RELEASE, skb);
1764 rc = resp->data[0] & PN533_CMD_RET_MASK;
1765 if (rc != PN533_CMD_RET_SUCCESS)
1766 nfc_dev_err(&dev->interface->dev,
1767 "Error 0x%x when releasing the target", rc);
1769 dev_kfree_skb(resp);
1774 static int pn533_in_dep_link_up_complete(struct pn533 *dev, void *arg,
1775 struct sk_buff *resp)
1777 struct pn533_cmd_jump_dep_response *rsp;
1780 u8 active = *(u8 *)arg;
1785 return PTR_ERR(resp);
1787 if (dev->tgt_available_prots &&
1788 !(dev->tgt_available_prots & (1 << NFC_PROTO_NFC_DEP))) {
1789 nfc_dev_err(&dev->interface->dev,
1790 "The target does not support DEP");
1795 rsp = (struct pn533_cmd_jump_dep_response *)resp->data;
1797 rc = rsp->status & PN533_CMD_RET_MASK;
1798 if (rc != PN533_CMD_RET_SUCCESS) {
1799 nfc_dev_err(&dev->interface->dev,
1800 "Bringing DEP link up failed %d", rc);
1804 if (!dev->tgt_available_prots) {
1805 struct nfc_target nfc_target;
1807 nfc_dev_dbg(&dev->interface->dev, "Creating new target");
1809 nfc_target.supported_protocols = NFC_PROTO_NFC_DEP_MASK;
1810 nfc_target.nfcid1_len = 10;
1811 memcpy(nfc_target.nfcid1, rsp->nfcid3t, nfc_target.nfcid1_len);
1812 rc = nfc_targets_found(dev->nfc_dev, &nfc_target, 1);
1816 dev->tgt_available_prots = 0;
1819 dev->tgt_active_prot = NFC_PROTO_NFC_DEP;
1821 /* ATR_RES general bytes are located at offset 17 */
1822 target_gt_len = resp->len - 17;
1823 rc = nfc_set_remote_general_bytes(dev->nfc_dev,
1824 rsp->gt, target_gt_len);
1826 rc = nfc_dep_link_is_up(dev->nfc_dev,
1827 dev->nfc_dev->targets[0].idx,
1828 !active, NFC_RF_INITIATOR);
1831 dev_kfree_skb(resp);
1835 static int pn533_mod_to_baud(struct pn533 *dev)
1837 switch (dev->poll_mod_curr) {
1838 case PN533_POLL_MOD_106KBPS_A:
1840 case PN533_POLL_MOD_212KBPS_FELICA:
1842 case PN533_POLL_MOD_424KBPS_FELICA:
1849 #define PASSIVE_DATA_LEN 5
1850 static int pn533_dep_link_up(struct nfc_dev *nfc_dev, struct nfc_target *target,
1851 u8 comm_mode, u8 *gb, size_t gb_len)
1853 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1854 struct sk_buff *skb;
1855 int rc, baud, skb_len;
1858 u8 passive_data[PASSIVE_DATA_LEN] = {0x00, 0xff, 0xff, 0x00, 0x3};
1860 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1862 if (dev->poll_mod_count) {
1863 nfc_dev_err(&dev->interface->dev,
1864 "Cannot bring the DEP link up while polling");
1868 if (dev->tgt_active_prot) {
1869 nfc_dev_err(&dev->interface->dev,
1870 "There is already an active target");
1874 baud = pn533_mod_to_baud(dev);
1876 nfc_dev_err(&dev->interface->dev,
1877 "Invalid curr modulation %d", dev->poll_mod_curr);
1881 skb_len = 3 + gb_len; /* ActPass + BR + Next */
1882 if (comm_mode == NFC_COMM_PASSIVE)
1883 skb_len += PASSIVE_DATA_LEN;
1885 skb = pn533_alloc_skb(skb_len);
1889 *skb_put(skb, 1) = !comm_mode; /* ActPass */
1890 *skb_put(skb, 1) = baud; /* Baud rate */
1892 next = skb_put(skb, 1); /* Next */
1895 if (comm_mode == NFC_COMM_PASSIVE && baud > 0) {
1896 memcpy(skb_put(skb, PASSIVE_DATA_LEN), passive_data,
1901 if (gb != NULL && gb_len > 0) {
1902 memcpy(skb_put(skb, gb_len), gb, gb_len);
1903 *next |= 4; /* We have some Gi */
1908 arg = kmalloc(sizeof(*arg), GFP_KERNEL);
1916 rc = pn533_send_cmd_async(dev, PN533_CMD_IN_JUMP_FOR_DEP, skb,
1917 pn533_in_dep_link_up_complete, arg);
1927 static int pn533_dep_link_down(struct nfc_dev *nfc_dev)
1929 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1931 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1933 pn533_poll_reset_mod_list(dev);
1935 if (dev->tgt_mode || dev->tgt_active_prot) {
1936 pn533_send_ack(dev, GFP_KERNEL);
1937 usb_kill_urb(dev->in_urb);
1940 dev->tgt_active_prot = 0;
1943 skb_queue_purge(&dev->resp_q);
1948 struct pn533_data_exchange_arg {
1949 data_exchange_cb_t cb;
1953 static struct sk_buff *pn533_build_response(struct pn533 *dev)
1955 struct sk_buff *skb, *tmp, *t;
1956 unsigned int skb_len = 0, tmp_len = 0;
1958 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1960 if (skb_queue_empty(&dev->resp_q))
1963 if (skb_queue_len(&dev->resp_q) == 1) {
1964 skb = skb_dequeue(&dev->resp_q);
1968 skb_queue_walk_safe(&dev->resp_q, tmp, t)
1969 skb_len += tmp->len;
1971 nfc_dev_dbg(&dev->interface->dev, "%s total length %d\n",
1974 skb = alloc_skb(skb_len, GFP_KERNEL);
1978 skb_put(skb, skb_len);
1980 skb_queue_walk_safe(&dev->resp_q, tmp, t) {
1981 memcpy(skb->data + tmp_len, tmp->data, tmp->len);
1982 tmp_len += tmp->len;
1986 skb_queue_purge(&dev->resp_q);
1991 static int pn533_data_exchange_complete(struct pn533 *dev, void *_arg,
1992 struct sk_buff *resp)
1994 struct pn533_data_exchange_arg *arg = _arg;
1995 struct sk_buff *skb;
1999 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2006 status = resp->data[0];
2007 ret = status & PN533_CMD_RET_MASK;
2008 mi = status & PN533_CMD_MI_MASK;
2010 skb_pull(resp, sizeof(status));
2012 if (ret != PN533_CMD_RET_SUCCESS) {
2013 nfc_dev_err(&dev->interface->dev,
2014 "PN533 reported error %d when exchanging data",
2020 skb_queue_tail(&dev->resp_q, resp);
2023 dev->cmd_complete_mi_arg = arg;
2024 queue_work(dev->wq, &dev->mi_work);
2025 return -EINPROGRESS;
2028 skb = pn533_build_response(dev);
2032 arg->cb(arg->cb_context, skb, 0);
2037 dev_kfree_skb(resp);
2039 skb_queue_purge(&dev->resp_q);
2040 arg->cb(arg->cb_context, NULL, rc);
2045 static int pn533_transceive(struct nfc_dev *nfc_dev,
2046 struct nfc_target *target, struct sk_buff *skb,
2047 data_exchange_cb_t cb, void *cb_context)
2049 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
2050 struct pn533_data_exchange_arg *arg = NULL;
2053 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2055 if (skb->len > PN533_CMD_DATAEXCH_DATA_MAXLEN) {
2056 /* TODO: Implement support to multi-part data exchange */
2057 nfc_dev_err(&dev->interface->dev,
2058 "Data length greater than the max allowed: %d",
2059 PN533_CMD_DATAEXCH_DATA_MAXLEN);
2064 if (!dev->tgt_active_prot) {
2065 nfc_dev_err(&dev->interface->dev,
2066 "Can't exchange data if there is no active target");
2071 arg = kmalloc(sizeof(*arg), GFP_KERNEL);
2078 arg->cb_context = cb_context;
2080 switch (dev->device_type) {
2081 case PN533_DEVICE_PASORI:
2082 if (dev->tgt_active_prot == NFC_PROTO_FELICA) {
2083 rc = pn533_send_data_async(dev, PN533_CMD_IN_COMM_THRU,
2085 pn533_data_exchange_complete,
2091 *skb_push(skb, sizeof(u8)) = 1; /*TG*/
2093 rc = pn533_send_data_async(dev, PN533_CMD_IN_DATA_EXCHANGE,
2094 skb, pn533_data_exchange_complete,
2100 if (rc < 0) /* rc from send_async */
2111 static int pn533_tm_send_complete(struct pn533 *dev, void *arg,
2112 struct sk_buff *resp)
2116 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2119 return PTR_ERR(resp);
2121 status = resp->data[0];
2123 dev_kfree_skb(resp);
2126 nfc_tm_deactivated(dev->nfc_dev);
2133 queue_work(dev->wq, &dev->tg_work);
2138 static int pn533_tm_send(struct nfc_dev *nfc_dev, struct sk_buff *skb)
2140 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
2143 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2145 if (skb->len > PN533_CMD_DATAEXCH_DATA_MAXLEN) {
2146 nfc_dev_err(&dev->interface->dev,
2147 "Data length greater than the max allowed: %d",
2148 PN533_CMD_DATAEXCH_DATA_MAXLEN);
2152 rc = pn533_send_data_async(dev, PN533_CMD_TG_SET_DATA, skb,
2153 pn533_tm_send_complete, NULL);
2160 static void pn533_wq_mi_recv(struct work_struct *work)
2162 struct pn533 *dev = container_of(work, struct pn533, mi_work);
2164 struct sk_buff *skb;
2167 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2169 skb = pn533_alloc_skb(PN533_CMD_DATAEXCH_HEAD_LEN);
2173 switch (dev->device_type) {
2174 case PN533_DEVICE_PASORI:
2175 if (dev->tgt_active_prot == NFC_PROTO_FELICA) {
2176 rc = pn533_send_cmd_direct_async(dev,
2177 PN533_CMD_IN_COMM_THRU,
2179 pn533_data_exchange_complete,
2180 dev->cmd_complete_mi_arg);
2185 *skb_put(skb, sizeof(u8)) = 1; /*TG*/
2187 rc = pn533_send_cmd_direct_async(dev,
2188 PN533_CMD_IN_DATA_EXCHANGE,
2190 pn533_data_exchange_complete,
2191 dev->cmd_complete_mi_arg);
2196 if (rc == 0) /* success */
2199 nfc_dev_err(&dev->interface->dev,
2200 "Error %d when trying to perform data_exchange", rc);
2203 kfree(dev->cmd_complete_arg);
2206 pn533_send_ack(dev, GFP_KERNEL);
2207 queue_work(dev->wq, &dev->cmd_work);
2210 static int pn533_set_configuration(struct pn533 *dev, u8 cfgitem, u8 *cfgdata,
2213 struct sk_buff *skb;
2214 struct sk_buff *resp;
2218 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2220 skb_len = sizeof(cfgitem) + cfgdata_len; /* cfgitem + cfgdata */
2222 skb = pn533_alloc_skb(skb_len);
2226 *skb_put(skb, sizeof(cfgitem)) = cfgitem;
2227 memcpy(skb_put(skb, cfgdata_len), cfgdata, cfgdata_len);
2229 resp = pn533_send_cmd_sync(dev, PN533_CMD_RF_CONFIGURATION, skb);
2231 return PTR_ERR(resp);
2233 dev_kfree_skb(resp);
2237 static int pn533_get_firmware_version(struct pn533 *dev,
2238 struct pn533_fw_version *fv)
2240 struct sk_buff *skb;
2241 struct sk_buff *resp;
2243 skb = pn533_alloc_skb(0);
2247 resp = pn533_send_cmd_sync(dev, PN533_CMD_GET_FIRMWARE_VERSION, skb);
2249 return PTR_ERR(resp);
2251 fv->ic = resp->data[0];
2252 fv->ver = resp->data[1];
2253 fv->rev = resp->data[2];
2254 fv->support = resp->data[3];
2256 dev_kfree_skb(resp);
2260 static int pn533_fw_reset(struct pn533 *dev)
2262 struct sk_buff *skb;
2263 struct sk_buff *resp;
2265 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2267 skb = pn533_alloc_skb(sizeof(u8));
2271 *skb_put(skb, sizeof(u8)) = 0x1;
2273 resp = pn533_send_cmd_sync(dev, 0x18, skb);
2275 return PTR_ERR(resp);
2277 dev_kfree_skb(resp);
2282 static struct nfc_ops pn533_nfc_ops = {
2285 .dep_link_up = pn533_dep_link_up,
2286 .dep_link_down = pn533_dep_link_down,
2287 .start_poll = pn533_start_poll,
2288 .stop_poll = pn533_stop_poll,
2289 .activate_target = pn533_activate_target,
2290 .deactivate_target = pn533_deactivate_target,
2291 .im_transceive = pn533_transceive,
2292 .tm_send = pn533_tm_send,
2295 static int pn533_setup(struct pn533 *dev)
2297 struct pn533_config_max_retries max_retries;
2298 struct pn533_config_timing timing;
2299 u8 pasori_cfg[3] = {0x08, 0x01, 0x08};
2302 switch (dev->device_type) {
2303 case PN533_DEVICE_STD:
2304 max_retries.mx_rty_atr = PN533_CONFIG_MAX_RETRIES_ENDLESS;
2305 max_retries.mx_rty_psl = 2;
2306 max_retries.mx_rty_passive_act =
2307 PN533_CONFIG_MAX_RETRIES_NO_RETRY;
2309 timing.rfu = PN533_CONFIG_TIMING_102;
2310 timing.atr_res_timeout = PN533_CONFIG_TIMING_204;
2311 timing.dep_timeout = PN533_CONFIG_TIMING_409;
2315 case PN533_DEVICE_PASORI:
2316 max_retries.mx_rty_atr = 0x2;
2317 max_retries.mx_rty_psl = 0x1;
2318 max_retries.mx_rty_passive_act =
2319 PN533_CONFIG_MAX_RETRIES_NO_RETRY;
2321 timing.rfu = PN533_CONFIG_TIMING_102;
2322 timing.atr_res_timeout = PN533_CONFIG_TIMING_102;
2323 timing.dep_timeout = PN533_CONFIG_TIMING_204;
2328 nfc_dev_err(&dev->interface->dev, "Unknown device type %d\n",
2333 rc = pn533_set_configuration(dev, PN533_CFGITEM_MAX_RETRIES,
2334 (u8 *)&max_retries, sizeof(max_retries));
2336 nfc_dev_err(&dev->interface->dev,
2337 "Error on setting MAX_RETRIES config");
2342 rc = pn533_set_configuration(dev, PN533_CFGITEM_TIMING,
2343 (u8 *)&timing, sizeof(timing));
2345 nfc_dev_err(&dev->interface->dev,
2346 "Error on setting RF timings");
2350 switch (dev->device_type) {
2351 case PN533_DEVICE_STD:
2354 case PN533_DEVICE_PASORI:
2355 pn533_fw_reset(dev);
2357 rc = pn533_set_configuration(dev, PN533_CFGITEM_PASORI,
2360 nfc_dev_err(&dev->interface->dev,
2361 "Error while settings PASORI config");
2365 pn533_fw_reset(dev);
2373 static int pn533_probe(struct usb_interface *interface,
2374 const struct usb_device_id *id)
2376 struct pn533_fw_version fw_ver;
2378 struct usb_host_interface *iface_desc;
2379 struct usb_endpoint_descriptor *endpoint;
2380 int in_endpoint = 0;
2381 int out_endpoint = 0;
2386 dev = kzalloc(sizeof(*dev), GFP_KERNEL);
2390 dev->udev = usb_get_dev(interface_to_usbdev(interface));
2391 dev->interface = interface;
2392 mutex_init(&dev->cmd_lock);
2394 iface_desc = interface->cur_altsetting;
2395 for (i = 0; i < iface_desc->desc.bNumEndpoints; ++i) {
2396 endpoint = &iface_desc->endpoint[i].desc;
2398 if (!in_endpoint && usb_endpoint_is_bulk_in(endpoint))
2399 in_endpoint = endpoint->bEndpointAddress;
2401 if (!out_endpoint && usb_endpoint_is_bulk_out(endpoint))
2402 out_endpoint = endpoint->bEndpointAddress;
2405 if (!in_endpoint || !out_endpoint) {
2406 nfc_dev_err(&interface->dev,
2407 "Could not find bulk-in or bulk-out endpoint");
2412 dev->in_urb = usb_alloc_urb(0, GFP_KERNEL);
2413 dev->out_urb = usb_alloc_urb(0, GFP_KERNEL);
2415 if (!dev->in_urb || !dev->out_urb)
2418 usb_fill_bulk_urb(dev->in_urb, dev->udev,
2419 usb_rcvbulkpipe(dev->udev, in_endpoint),
2420 NULL, 0, NULL, dev);
2421 usb_fill_bulk_urb(dev->out_urb, dev->udev,
2422 usb_sndbulkpipe(dev->udev, out_endpoint),
2423 NULL, 0, pn533_send_complete, dev);
2425 INIT_WORK(&dev->cmd_work, pn533_wq_cmd);
2426 INIT_WORK(&dev->cmd_complete_work, pn533_wq_cmd_complete);
2427 INIT_WORK(&dev->mi_work, pn533_wq_mi_recv);
2428 INIT_WORK(&dev->tg_work, pn533_wq_tg_get_data);
2429 INIT_WORK(&dev->poll_work, pn533_wq_poll);
2430 dev->wq = alloc_ordered_workqueue("pn533", 0);
2431 if (dev->wq == NULL)
2434 init_timer(&dev->listen_timer);
2435 dev->listen_timer.data = (unsigned long) dev;
2436 dev->listen_timer.function = pn533_listen_mode_timer;
2438 skb_queue_head_init(&dev->resp_q);
2440 INIT_LIST_HEAD(&dev->cmd_queue);
2442 usb_set_intfdata(interface, dev);
2444 memset(&fw_ver, 0, sizeof(fw_ver));
2445 rc = pn533_get_firmware_version(dev, &fw_ver);
2449 nfc_dev_info(&dev->interface->dev,
2450 "NXP PN533 firmware ver %d.%d now attached",
2451 fw_ver.ver, fw_ver.rev);
2453 dev->device_type = id->driver_info;
2454 switch (dev->device_type) {
2455 case PN533_DEVICE_STD:
2456 protocols = PN533_ALL_PROTOCOLS;
2459 case PN533_DEVICE_PASORI:
2460 protocols = PN533_NO_TYPE_B_PROTOCOLS;
2464 nfc_dev_err(&dev->interface->dev, "Unknown device type %d\n",
2470 dev->nfc_dev = nfc_allocate_device(&pn533_nfc_ops, protocols,
2471 PN533_FRAME_HEADER_LEN +
2472 PN533_CMD_DATAEXCH_HEAD_LEN,
2473 PN533_FRAME_TAIL_LEN);
2477 nfc_set_parent_dev(dev->nfc_dev, &interface->dev);
2478 nfc_set_drvdata(dev->nfc_dev, dev);
2480 rc = nfc_register_device(dev->nfc_dev);
2484 rc = pn533_setup(dev);
2486 goto unregister_nfc_dev;
2491 nfc_unregister_device(dev->nfc_dev);
2494 nfc_free_device(dev->nfc_dev);
2497 destroy_workqueue(dev->wq);
2499 usb_free_urb(dev->in_urb);
2500 usb_free_urb(dev->out_urb);
2505 static void pn533_disconnect(struct usb_interface *interface)
2508 struct pn533_cmd *cmd, *n;
2510 dev = usb_get_intfdata(interface);
2511 usb_set_intfdata(interface, NULL);
2513 nfc_unregister_device(dev->nfc_dev);
2514 nfc_free_device(dev->nfc_dev);
2516 usb_kill_urb(dev->in_urb);
2517 usb_kill_urb(dev->out_urb);
2519 destroy_workqueue(dev->wq);
2521 skb_queue_purge(&dev->resp_q);
2523 del_timer(&dev->listen_timer);
2525 list_for_each_entry_safe(cmd, n, &dev->cmd_queue, queue) {
2526 list_del(&cmd->queue);
2530 usb_free_urb(dev->in_urb);
2531 usb_free_urb(dev->out_urb);
2534 nfc_dev_info(&interface->dev, "NXP PN533 NFC device disconnected");
2537 static struct usb_driver pn533_driver = {
2539 .probe = pn533_probe,
2540 .disconnect = pn533_disconnect,
2541 .id_table = pn533_table,
2544 module_usb_driver(pn533_driver);
2546 MODULE_AUTHOR("Lauro Ramos Venancio <lauro.venancio@openbossa.org>,"
2547 " Aloisio Almeida Jr <aloisio.almeida@openbossa.org>");
2548 MODULE_DESCRIPTION("PN533 usb driver ver " VERSION);
2549 MODULE_VERSION(VERSION);
2550 MODULE_LICENSE("GPL");