Linux Kernel  3.7.1
 All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
pn533.c
Go to the documentation of this file.
1 /*
2  * Copyright (C) 2011 Instituto Nokia de Tecnologia
3  *
4  * Authors:
5  * Lauro Ramos Venancio <[email protected]>
6  * Aloisio Almeida Jr <[email protected]>
7  *
8  * This program is free software; you can redistribute it and/or modify
9  * it under the terms of the GNU General Public License as published by
10  * the Free Software Foundation; either version 2 of the License, or
11  * (at your option) any later version.
12  *
13  * This program is distributed in the hope that it will be useful,
14  * but WITHOUT ANY WARRANTY; without even the implied warranty of
15  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16  * GNU General Public License for more details.
17  *
18  * You should have received a copy of the GNU General Public License
19  * along with this program; if not, write to the
20  * Free Software Foundation, Inc.,
21  * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
22  */
23 
24 #include <linux/device.h>
25 #include <linux/kernel.h>
26 #include <linux/module.h>
27 #include <linux/slab.h>
28 #include <linux/usb.h>
29 #include <linux/nfc.h>
30 #include <linux/netdevice.h>
31 #include <net/nfc/nfc.h>
32 
33 #define VERSION "0.1"
34 
35 #define PN533_VENDOR_ID 0x4CC
36 #define PN533_PRODUCT_ID 0x2533
37 
38 #define SCM_VENDOR_ID 0x4E6
39 #define SCL3711_PRODUCT_ID 0x5591
40 
41 #define SONY_VENDOR_ID 0x054c
42 #define PASORI_PRODUCT_ID 0x02e1
43 
44 #define PN533_QUIRKS_TYPE_A BIT(0)
45 #define PN533_QUIRKS_TYPE_F BIT(1)
46 #define PN533_QUIRKS_DEP BIT(2)
47 #define PN533_QUIRKS_RAW_EXCHANGE BIT(3)
48 
49 #define PN533_DEVICE_STD 0x1
50 #define PN533_DEVICE_PASORI 0x2
51 
52 #define PN533_ALL_PROTOCOLS (NFC_PROTO_JEWEL_MASK | NFC_PROTO_MIFARE_MASK |\
53  NFC_PROTO_FELICA_MASK | NFC_PROTO_ISO14443_MASK |\
54  NFC_PROTO_NFC_DEP_MASK |\
55  NFC_PROTO_ISO14443_B_MASK)
56 
57 #define PN533_NO_TYPE_B_PROTOCOLS (NFC_PROTO_JEWEL_MASK | \
58  NFC_PROTO_MIFARE_MASK | \
59  NFC_PROTO_FELICA_MASK | \
60  NFC_PROTO_ISO14443_MASK | \
61  NFC_PROTO_NFC_DEP_MASK)
62 
63 static const struct usb_device_id pn533_table[] = {
64  { .match_flags = USB_DEVICE_ID_MATCH_DEVICE,
65  .idVendor = PN533_VENDOR_ID,
66  .idProduct = PN533_PRODUCT_ID,
67  .driver_info = PN533_DEVICE_STD,
68  },
69  { .match_flags = USB_DEVICE_ID_MATCH_DEVICE,
70  .idVendor = SCM_VENDOR_ID,
71  .idProduct = SCL3711_PRODUCT_ID,
72  .driver_info = PN533_DEVICE_STD,
73  },
74  { .match_flags = USB_DEVICE_ID_MATCH_DEVICE,
75  .idVendor = SONY_VENDOR_ID,
76  .idProduct = PASORI_PRODUCT_ID,
77  .driver_info = PN533_DEVICE_PASORI,
78  },
79  { }
80 };
81 MODULE_DEVICE_TABLE(usb, pn533_table);
82 
83 /* How much time we spend listening for initiators */
84 #define PN533_LISTEN_TIME 2
85 
86 /* frame definitions */
87 #define PN533_FRAME_TAIL_SIZE 2
88 #define PN533_FRAME_SIZE(f) (sizeof(struct pn533_frame) + f->datalen + \
89  PN533_FRAME_TAIL_SIZE)
90 #define PN533_FRAME_ACK_SIZE (sizeof(struct pn533_frame) + 1)
91 #define PN533_FRAME_CHECKSUM(f) (f->data[f->datalen])
92 #define PN533_FRAME_POSTAMBLE(f) (f->data[f->datalen + 1])
93 
94 /* start of frame */
95 #define PN533_SOF 0x00FF
96 
97 /* frame identifier: in/out/error */
98 #define PN533_FRAME_IDENTIFIER(f) (f->data[0])
99 #define PN533_DIR_OUT 0xD4
100 #define PN533_DIR_IN 0xD5
101 
102 /* PN533 Commands */
103 #define PN533_FRAME_CMD(f) (f->data[1])
104 #define PN533_FRAME_CMD_PARAMS_PTR(f) (&f->data[2])
105 #define PN533_FRAME_CMD_PARAMS_LEN(f) (f->datalen - 2)
106 
107 #define PN533_CMD_GET_FIRMWARE_VERSION 0x02
108 #define PN533_CMD_RF_CONFIGURATION 0x32
109 #define PN533_CMD_IN_DATA_EXCHANGE 0x40
110 #define PN533_CMD_IN_COMM_THRU 0x42
111 #define PN533_CMD_IN_LIST_PASSIVE_TARGET 0x4A
112 #define PN533_CMD_IN_ATR 0x50
113 #define PN533_CMD_IN_RELEASE 0x52
114 #define PN533_CMD_IN_JUMP_FOR_DEP 0x56
115 
116 #define PN533_CMD_TG_INIT_AS_TARGET 0x8c
117 #define PN533_CMD_TG_GET_DATA 0x86
118 #define PN533_CMD_TG_SET_DATA 0x8e
119 
120 #define PN533_CMD_RESPONSE(cmd) (cmd + 1)
121 
122 /* PN533 Return codes */
123 #define PN533_CMD_RET_MASK 0x3F
124 #define PN533_CMD_MI_MASK 0x40
125 #define PN533_CMD_RET_SUCCESS 0x00
126 
127 /* PN533 status codes */
128 #define PN533_STATUS_TARGET_RELEASED 0x29
129 
130 struct pn533;
131 
132 typedef int (*pn533_cmd_complete_t) (struct pn533 *dev, void *arg,
133  u8 *params, int params_len);
134 
135 /* structs for pn533 commands */
136 
137 /* PN533_CMD_GET_FIRMWARE_VERSION */
138 struct pn533_fw_version {
139  u8 ic;
140  u8 ver;
141  u8 rev;
142  u8 support;
143 };
144 
145 /* PN533_CMD_RF_CONFIGURATION */
146 #define PN533_CFGITEM_TIMING 0x02
147 #define PN533_CFGITEM_MAX_RETRIES 0x05
148 #define PN533_CFGITEM_PASORI 0x82
149 
150 #define PN533_CONFIG_TIMING_102 0xb
151 #define PN533_CONFIG_TIMING_204 0xc
152 #define PN533_CONFIG_TIMING_409 0xd
153 #define PN533_CONFIG_TIMING_819 0xe
154 
155 #define PN533_CONFIG_MAX_RETRIES_NO_RETRY 0x00
156 #define PN533_CONFIG_MAX_RETRIES_ENDLESS 0xFF
157 
158 struct pn533_config_max_retries {
159  u8 mx_rty_atr;
160  u8 mx_rty_psl;
161  u8 mx_rty_passive_act;
162 } __packed;
163 
164 struct pn533_config_timing {
165  u8 rfu;
166  u8 atr_res_timeout;
167  u8 dep_timeout;
168 } __packed;
169 
170 /* PN533_CMD_IN_LIST_PASSIVE_TARGET */
171 
172 /* felica commands opcode */
173 #define PN533_FELICA_OPC_SENSF_REQ 0
174 #define PN533_FELICA_OPC_SENSF_RES 1
175 /* felica SENSF_REQ parameters */
176 #define PN533_FELICA_SENSF_SC_ALL 0xFFFF
177 #define PN533_FELICA_SENSF_RC_NO_SYSTEM_CODE 0
178 #define PN533_FELICA_SENSF_RC_SYSTEM_CODE 1
179 #define PN533_FELICA_SENSF_RC_ADVANCED_PROTOCOL 2
180 
181 /* type B initiator_data values */
182 #define PN533_TYPE_B_AFI_ALL_FAMILIES 0
183 #define PN533_TYPE_B_POLL_METHOD_TIMESLOT 0
184 #define PN533_TYPE_B_POLL_METHOD_PROBABILISTIC 1
185 
186 union pn533_cmd_poll_initdata {
187  struct {
188  u8 afi;
189  u8 polling_method;
190  } __packed type_b;
191  struct {
192  u8 opcode;
193  __be16 sc;
194  u8 rc;
195  u8 tsn;
196  } __packed felica;
197 };
198 
199 /* Poll modulations */
200 enum {
201  PN533_POLL_MOD_106KBPS_A,
202  PN533_POLL_MOD_212KBPS_FELICA,
203  PN533_POLL_MOD_424KBPS_FELICA,
204  PN533_POLL_MOD_106KBPS_JEWEL,
205  PN533_POLL_MOD_847KBPS_B,
206  PN533_LISTEN_MOD,
207 
208  __PN533_POLL_MOD_AFTER_LAST,
209 };
210 #define PN533_POLL_MOD_MAX (__PN533_POLL_MOD_AFTER_LAST - 1)
211 
212 struct pn533_poll_modulations {
213  struct {
214  u8 maxtg;
215  u8 brty;
216  union pn533_cmd_poll_initdata initiator_data;
217  } __packed data;
218  u8 len;
219 };
220 
221 const struct pn533_poll_modulations poll_mod[] = {
222  [PN533_POLL_MOD_106KBPS_A] = {
223  .data = {
224  .maxtg = 1,
225  .brty = 0,
226  },
227  .len = 2,
228  },
229  [PN533_POLL_MOD_212KBPS_FELICA] = {
230  .data = {
231  .maxtg = 1,
232  .brty = 1,
233  .initiator_data.felica = {
234  .opcode = PN533_FELICA_OPC_SENSF_REQ,
235  .sc = PN533_FELICA_SENSF_SC_ALL,
236  .rc = PN533_FELICA_SENSF_RC_NO_SYSTEM_CODE,
237  .tsn = 0,
238  },
239  },
240  .len = 7,
241  },
242  [PN533_POLL_MOD_424KBPS_FELICA] = {
243  .data = {
244  .maxtg = 1,
245  .brty = 2,
246  .initiator_data.felica = {
247  .opcode = PN533_FELICA_OPC_SENSF_REQ,
248  .sc = PN533_FELICA_SENSF_SC_ALL,
249  .rc = PN533_FELICA_SENSF_RC_NO_SYSTEM_CODE,
250  .tsn = 0,
251  },
252  },
253  .len = 7,
254  },
255  [PN533_POLL_MOD_106KBPS_JEWEL] = {
256  .data = {
257  .maxtg = 1,
258  .brty = 4,
259  },
260  .len = 2,
261  },
262  [PN533_POLL_MOD_847KBPS_B] = {
263  .data = {
264  .maxtg = 1,
265  .brty = 8,
266  .initiator_data.type_b = {
267  .afi = PN533_TYPE_B_AFI_ALL_FAMILIES,
268  .polling_method =
269  PN533_TYPE_B_POLL_METHOD_TIMESLOT,
270  },
271  },
272  .len = 3,
273  },
274  [PN533_LISTEN_MOD] = {
275  .len = 0,
276  },
277 };
278 
279 /* PN533_CMD_IN_ATR */
280 
281 struct pn533_cmd_activate_param {
282  u8 tg;
283  u8 next;
284 } __packed;
285 
286 struct pn533_cmd_activate_response {
287  u8 status;
288  u8 nfcid3t[10];
289  u8 didt;
290  u8 bst;
291  u8 brt;
292  u8 to;
293  u8 ppt;
294  /* optional */
295  u8 gt[];
296 } __packed;
297 
298 /* PN533_CMD_IN_JUMP_FOR_DEP */
299 struct pn533_cmd_jump_dep {
300  u8 active;
301  u8 baud;
302  u8 next;
303  u8 data[];
304 } __packed;
305 
306 struct pn533_cmd_jump_dep_response {
307  u8 status;
308  u8 tg;
309  u8 nfcid3t[10];
310  u8 didt;
311  u8 bst;
312  u8 brt;
313  u8 to;
314  u8 ppt;
315  /* optional */
316  u8 gt[];
317 } __packed;
318 
319 
320 /* PN533_TG_INIT_AS_TARGET */
321 #define PN533_INIT_TARGET_PASSIVE 0x1
322 #define PN533_INIT_TARGET_DEP 0x2
323 
324 #define PN533_INIT_TARGET_RESP_FRAME_MASK 0x3
325 #define PN533_INIT_TARGET_RESP_ACTIVE 0x1
326 #define PN533_INIT_TARGET_RESP_DEP 0x4
327 
328 struct pn533_cmd_init_target {
329  u8 mode;
330  u8 mifare[6];
331  u8 felica[18];
332  u8 nfcid3[10];
333  u8 gb_len;
334  u8 gb[];
335 } __packed;
336 
337 struct pn533_cmd_init_target_response {
338  u8 mode;
339  u8 cmd[];
340 } __packed;
341 
342 struct pn533 {
343  struct usb_device *udev;
344  struct usb_interface *interface;
345  struct nfc_dev *nfc_dev;
346 
347  struct urb *out_urb;
348  int out_maxlen;
349  struct pn533_frame *out_frame;
350 
351  struct urb *in_urb;
352  int in_maxlen;
353  struct pn533_frame *in_frame;
354 
355  struct sk_buff_head resp_q;
356 
357  struct workqueue_struct *wq;
358  struct work_struct cmd_work;
359  struct work_struct cmd_complete_work;
360  struct work_struct poll_work;
361  struct work_struct mi_work;
362  struct work_struct tg_work;
363  struct timer_list listen_timer;
364  struct pn533_frame *wq_in_frame;
365  int wq_in_error;
366  int cancel_listen;
367 
368  pn533_cmd_complete_t cmd_complete;
369  void *cmd_complete_arg;
370  struct mutex cmd_lock;
371  u8 cmd;
372 
373  struct pn533_poll_modulations *poll_mod_active[PN533_POLL_MOD_MAX + 1];
374  u8 poll_mod_count;
375  u8 poll_mod_curr;
376  u32 poll_protocols;
377  u32 listen_protocols;
378 
379  u8 *gb;
380  size_t gb_len;
381 
382  u8 tgt_available_prots;
383  u8 tgt_active_prot;
384  u8 tgt_mode;
385 
386  u32 device_type;
387 
388  struct list_head cmd_queue;
389  u8 cmd_pending;
390 };
391 
392 struct pn533_cmd {
393  struct list_head queue;
394  struct pn533_frame *out_frame;
395  struct pn533_frame *in_frame;
396  int in_frame_len;
397  pn533_cmd_complete_t cmd_complete;
398  void *arg;
399  gfp_t flags;
400 };
401 
402 struct pn533_frame {
403  u8 preamble;
404  __be16 start_frame;
405  u8 datalen;
406  u8 datalen_checksum;
407  u8 data[];
408 } __packed;
409 
410 /* The rule: value + checksum = 0 */
411 static inline u8 pn533_checksum(u8 value)
412 {
413  return ~value + 1;
414 }
415 
416 /* The rule: sum(data elements) + checksum = 0 */
417 static u8 pn533_data_checksum(u8 *data, int datalen)
418 {
419  u8 sum = 0;
420  int i;
421 
422  for (i = 0; i < datalen; i++)
423  sum += data[i];
424 
425  return pn533_checksum(sum);
426 }
427 
438 static void pn533_tx_frame_ack(struct pn533_frame *frame)
439 {
440  frame->preamble = 0;
441  frame->start_frame = cpu_to_be16(PN533_SOF);
442  frame->datalen = 0;
443  frame->datalen_checksum = 0xFF;
444  /* data[0] is used as postamble */
445  frame->data[0] = 0;
446 }
447 
448 static void pn533_tx_frame_init(struct pn533_frame *frame, u8 cmd)
449 {
450  frame->preamble = 0;
451  frame->start_frame = cpu_to_be16(PN533_SOF);
452  PN533_FRAME_IDENTIFIER(frame) = PN533_DIR_OUT;
453  PN533_FRAME_CMD(frame) = cmd;
454  frame->datalen = 2;
455 }
456 
457 static void pn533_tx_frame_finish(struct pn533_frame *frame)
458 {
459  frame->datalen_checksum = pn533_checksum(frame->datalen);
460 
461  PN533_FRAME_CHECKSUM(frame) =
462  pn533_data_checksum(frame->data, frame->datalen);
463 
464  PN533_FRAME_POSTAMBLE(frame) = 0;
465 }
466 
467 static bool pn533_rx_frame_is_valid(struct pn533_frame *frame)
468 {
469  u8 checksum;
470 
471  if (frame->start_frame != cpu_to_be16(PN533_SOF))
472  return false;
473 
474  checksum = pn533_checksum(frame->datalen);
475  if (checksum != frame->datalen_checksum)
476  return false;
477 
478  checksum = pn533_data_checksum(frame->data, frame->datalen);
479  if (checksum != PN533_FRAME_CHECKSUM(frame))
480  return false;
481 
482  return true;
483 }
484 
485 static bool pn533_rx_frame_is_ack(struct pn533_frame *frame)
486 {
487  if (frame->start_frame != cpu_to_be16(PN533_SOF))
488  return false;
489 
490  if (frame->datalen != 0 || frame->datalen_checksum != 0xFF)
491  return false;
492 
493  return true;
494 }
495 
496 static bool pn533_rx_frame_is_cmd_response(struct pn533_frame *frame, u8 cmd)
497 {
498  return (PN533_FRAME_CMD(frame) == PN533_CMD_RESPONSE(cmd));
499 }
500 
501 
502 static void pn533_wq_cmd_complete(struct work_struct *work)
503 {
504  struct pn533 *dev = container_of(work, struct pn533, cmd_complete_work);
505  struct pn533_frame *in_frame;
506  int rc;
507 
508  in_frame = dev->wq_in_frame;
509 
510  if (dev->wq_in_error)
511  rc = dev->cmd_complete(dev, dev->cmd_complete_arg, NULL,
512  dev->wq_in_error);
513  else
514  rc = dev->cmd_complete(dev, dev->cmd_complete_arg,
515  PN533_FRAME_CMD_PARAMS_PTR(in_frame),
516  PN533_FRAME_CMD_PARAMS_LEN(in_frame));
517 
518  if (rc != -EINPROGRESS)
519  queue_work(dev->wq, &dev->cmd_work);
520 }
521 
522 static void pn533_recv_response(struct urb *urb)
523 {
524  struct pn533 *dev = urb->context;
525  struct pn533_frame *in_frame;
526 
527  dev->wq_in_frame = NULL;
528 
529  switch (urb->status) {
530  case 0:
531  /* success */
532  break;
533  case -ECONNRESET:
534  case -ENOENT:
535  case -ESHUTDOWN:
536  nfc_dev_dbg(&dev->interface->dev, "Urb shutting down with"
537  " status: %d", urb->status);
538  dev->wq_in_error = urb->status;
539  goto sched_wq;
540  default:
541  nfc_dev_err(&dev->interface->dev, "Nonzero urb status received:"
542  " %d", urb->status);
543  dev->wq_in_error = urb->status;
544  goto sched_wq;
545  }
546 
547  in_frame = dev->in_urb->transfer_buffer;
548 
549  if (!pn533_rx_frame_is_valid(in_frame)) {
550  nfc_dev_err(&dev->interface->dev, "Received an invalid frame");
551  dev->wq_in_error = -EIO;
552  goto sched_wq;
553  }
554 
555  if (!pn533_rx_frame_is_cmd_response(in_frame, dev->cmd)) {
556  nfc_dev_err(&dev->interface->dev, "The received frame is not "
557  "response to the last command");
558  dev->wq_in_error = -EIO;
559  goto sched_wq;
560  }
561 
562  nfc_dev_dbg(&dev->interface->dev, "Received a valid frame");
563  dev->wq_in_error = 0;
564  dev->wq_in_frame = in_frame;
565 
566 sched_wq:
567  queue_work(dev->wq, &dev->cmd_complete_work);
568 }
569 
570 static int pn533_submit_urb_for_response(struct pn533 *dev, gfp_t flags)
571 {
572  dev->in_urb->complete = pn533_recv_response;
573 
574  return usb_submit_urb(dev->in_urb, flags);
575 }
576 
577 static void pn533_recv_ack(struct urb *urb)
578 {
579  struct pn533 *dev = urb->context;
580  struct pn533_frame *in_frame;
581  int rc;
582 
583  switch (urb->status) {
584  case 0:
585  /* success */
586  break;
587  case -ECONNRESET:
588  case -ENOENT:
589  case -ESHUTDOWN:
590  nfc_dev_dbg(&dev->interface->dev, "Urb shutting down with"
591  " status: %d", urb->status);
592  dev->wq_in_error = urb->status;
593  goto sched_wq;
594  default:
595  nfc_dev_err(&dev->interface->dev, "Nonzero urb status received:"
596  " %d", urb->status);
597  dev->wq_in_error = urb->status;
598  goto sched_wq;
599  }
600 
601  in_frame = dev->in_urb->transfer_buffer;
602 
603  if (!pn533_rx_frame_is_ack(in_frame)) {
604  nfc_dev_err(&dev->interface->dev, "Received an invalid ack");
605  dev->wq_in_error = -EIO;
606  goto sched_wq;
607  }
608 
609  nfc_dev_dbg(&dev->interface->dev, "Received a valid ack");
610 
611  rc = pn533_submit_urb_for_response(dev, GFP_ATOMIC);
612  if (rc) {
613  nfc_dev_err(&dev->interface->dev, "usb_submit_urb failed with"
614  " result %d", rc);
615  dev->wq_in_error = rc;
616  goto sched_wq;
617  }
618 
619  return;
620 
621 sched_wq:
622  dev->wq_in_frame = NULL;
623  queue_work(dev->wq, &dev->cmd_complete_work);
624 }
625 
626 static int pn533_submit_urb_for_ack(struct pn533 *dev, gfp_t flags)
627 {
628  dev->in_urb->complete = pn533_recv_ack;
629 
630  return usb_submit_urb(dev->in_urb, flags);
631 }
632 
633 static int pn533_send_ack(struct pn533 *dev, gfp_t flags)
634 {
635  int rc;
636 
637  nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
638 
639  pn533_tx_frame_ack(dev->out_frame);
640 
641  dev->out_urb->transfer_buffer = dev->out_frame;
642  dev->out_urb->transfer_buffer_length = PN533_FRAME_ACK_SIZE;
643  rc = usb_submit_urb(dev->out_urb, flags);
644 
645  return rc;
646 }
647 
648 static int __pn533_send_cmd_frame_async(struct pn533 *dev,
649  struct pn533_frame *out_frame,
650  struct pn533_frame *in_frame,
651  int in_frame_len,
652  pn533_cmd_complete_t cmd_complete,
653  void *arg, gfp_t flags)
654 {
655  int rc;
656 
657  nfc_dev_dbg(&dev->interface->dev, "Sending command 0x%x",
658  PN533_FRAME_CMD(out_frame));
659 
660  dev->cmd = PN533_FRAME_CMD(out_frame);
661  dev->cmd_complete = cmd_complete;
662  dev->cmd_complete_arg = arg;
663 
664  dev->out_urb->transfer_buffer = out_frame;
665  dev->out_urb->transfer_buffer_length =
666  PN533_FRAME_SIZE(out_frame);
667 
668  dev->in_urb->transfer_buffer = in_frame;
669  dev->in_urb->transfer_buffer_length = in_frame_len;
670 
671  rc = usb_submit_urb(dev->out_urb, flags);
672  if (rc)
673  return rc;
674 
675  rc = pn533_submit_urb_for_ack(dev, flags);
676  if (rc)
677  goto error;
678 
679  return 0;
680 
681 error:
682  usb_unlink_urb(dev->out_urb);
683  return rc;
684 }
685 
686 static void pn533_wq_cmd(struct work_struct *work)
687 {
688  struct pn533 *dev = container_of(work, struct pn533, cmd_work);
689  struct pn533_cmd *cmd;
690 
691  mutex_lock(&dev->cmd_lock);
692 
693  if (list_empty(&dev->cmd_queue)) {
694  dev->cmd_pending = 0;
695  mutex_unlock(&dev->cmd_lock);
696  return;
697  }
698 
699  cmd = list_first_entry(&dev->cmd_queue, struct pn533_cmd, queue);
700 
701  list_del(&cmd->queue);
702 
703  mutex_unlock(&dev->cmd_lock);
704 
705  __pn533_send_cmd_frame_async(dev, cmd->out_frame, cmd->in_frame,
706  cmd->in_frame_len, cmd->cmd_complete,
707  cmd->arg, cmd->flags);
708 
709  kfree(cmd);
710 }
711 
712 static int pn533_send_cmd_frame_async(struct pn533 *dev,
713  struct pn533_frame *out_frame,
714  struct pn533_frame *in_frame,
715  int in_frame_len,
716  pn533_cmd_complete_t cmd_complete,
717  void *arg, gfp_t flags)
718 {
719  struct pn533_cmd *cmd;
720  int rc = 0;
721 
722  nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
723 
724  mutex_lock(&dev->cmd_lock);
725 
726  if (!dev->cmd_pending) {
727  rc = __pn533_send_cmd_frame_async(dev, out_frame, in_frame,
728  in_frame_len, cmd_complete,
729  arg, flags);
730  if (!rc)
731  dev->cmd_pending = 1;
732 
733  goto unlock;
734  }
735 
736  nfc_dev_dbg(&dev->interface->dev, "%s Queueing command", __func__);
737 
738  cmd = kzalloc(sizeof(struct pn533_cmd), flags);
739  if (!cmd) {
740  rc = -ENOMEM;
741  goto unlock;
742  }
743 
744  INIT_LIST_HEAD(&cmd->queue);
745  cmd->out_frame = out_frame;
746  cmd->in_frame = in_frame;
747  cmd->in_frame_len = in_frame_len;
748  cmd->cmd_complete = cmd_complete;
749  cmd->arg = arg;
750  cmd->flags = flags;
751 
752  list_add_tail(&cmd->queue, &dev->cmd_queue);
753 
754 unlock:
755  mutex_unlock(&dev->cmd_lock);
756 
757  return rc;
758 }
759 
760 struct pn533_sync_cmd_response {
761  int rc;
762  struct completion done;
763 };
764 
765 static int pn533_sync_cmd_complete(struct pn533 *dev, void *_arg,
766  u8 *params, int params_len)
767 {
768  struct pn533_sync_cmd_response *arg = _arg;
769 
770  nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
771 
772  arg->rc = 0;
773 
774  if (params_len < 0) /* error */
775  arg->rc = params_len;
776 
777  complete(&arg->done);
778 
779  return 0;
780 }
781 
782 static int pn533_send_cmd_frame_sync(struct pn533 *dev,
783  struct pn533_frame *out_frame,
784  struct pn533_frame *in_frame,
785  int in_frame_len)
786 {
787  int rc;
788  struct pn533_sync_cmd_response arg;
789 
790  nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
791 
792  init_completion(&arg.done);
793 
794  rc = pn533_send_cmd_frame_async(dev, out_frame, in_frame, in_frame_len,
795  pn533_sync_cmd_complete, &arg, GFP_KERNEL);
796  if (rc)
797  return rc;
798 
799  wait_for_completion(&arg.done);
800 
801  return arg.rc;
802 }
803 
804 static void pn533_send_complete(struct urb *urb)
805 {
806  struct pn533 *dev = urb->context;
807 
808  nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
809 
810  switch (urb->status) {
811  case 0:
812  /* success */
813  break;
814  case -ECONNRESET:
815  case -ENOENT:
816  case -ESHUTDOWN:
817  nfc_dev_dbg(&dev->interface->dev, "Urb shutting down with"
818  " status: %d", urb->status);
819  break;
820  default:
821  nfc_dev_dbg(&dev->interface->dev, "Nonzero urb status received:"
822  " %d", urb->status);
823  }
824 }
825 
826 struct pn533_target_type_a {
827  __be16 sens_res;
828  u8 sel_res;
829  u8 nfcid_len;
830  u8 nfcid_data[];
831 } __packed;
832 
833 
834 #define PN533_TYPE_A_SENS_RES_NFCID1(x) ((u8)((be16_to_cpu(x) & 0x00C0) >> 6))
835 #define PN533_TYPE_A_SENS_RES_SSD(x) ((u8)((be16_to_cpu(x) & 0x001F) >> 0))
836 #define PN533_TYPE_A_SENS_RES_PLATCONF(x) ((u8)((be16_to_cpu(x) & 0x0F00) >> 8))
837 
838 #define PN533_TYPE_A_SENS_RES_SSD_JEWEL 0x00
839 #define PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL 0x0C
840 
841 #define PN533_TYPE_A_SEL_PROT(x) (((x) & 0x60) >> 5)
842 #define PN533_TYPE_A_SEL_CASCADE(x) (((x) & 0x04) >> 2)
843 
844 #define PN533_TYPE_A_SEL_PROT_MIFARE 0
845 #define PN533_TYPE_A_SEL_PROT_ISO14443 1
846 #define PN533_TYPE_A_SEL_PROT_DEP 2
847 #define PN533_TYPE_A_SEL_PROT_ISO14443_DEP 3
848 
849 static bool pn533_target_type_a_is_valid(struct pn533_target_type_a *type_a,
850  int target_data_len)
851 {
852  u8 ssd;
853  u8 platconf;
854 
855  if (target_data_len < sizeof(struct pn533_target_type_a))
856  return false;
857 
858  /* The lenght check of nfcid[] and ats[] are not being performed because
859  the values are not being used */
860 
861  /* Requirement 4.6.3.3 from NFC Forum Digital Spec */
862  ssd = PN533_TYPE_A_SENS_RES_SSD(type_a->sens_res);
863  platconf = PN533_TYPE_A_SENS_RES_PLATCONF(type_a->sens_res);
864 
865  if ((ssd == PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
866  platconf != PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL) ||
867  (ssd != PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
868  platconf == PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL))
869  return false;
870 
871  /* Requirements 4.8.2.1, 4.8.2.3, 4.8.2.5 and 4.8.2.7 from NFC Forum */
872  if (PN533_TYPE_A_SEL_CASCADE(type_a->sel_res) != 0)
873  return false;
874 
875  return true;
876 }
877 
878 static int pn533_target_found_type_a(struct nfc_target *nfc_tgt, u8 *tgt_data,
879  int tgt_data_len)
880 {
881  struct pn533_target_type_a *tgt_type_a;
882 
883  tgt_type_a = (struct pn533_target_type_a *) tgt_data;
884 
885  if (!pn533_target_type_a_is_valid(tgt_type_a, tgt_data_len))
886  return -EPROTO;
887 
888  switch (PN533_TYPE_A_SEL_PROT(tgt_type_a->sel_res)) {
889  case PN533_TYPE_A_SEL_PROT_MIFARE:
890  nfc_tgt->supported_protocols = NFC_PROTO_MIFARE_MASK;
891  break;
892  case PN533_TYPE_A_SEL_PROT_ISO14443:
893  nfc_tgt->supported_protocols = NFC_PROTO_ISO14443_MASK;
894  break;
895  case PN533_TYPE_A_SEL_PROT_DEP:
896  nfc_tgt->supported_protocols = NFC_PROTO_NFC_DEP_MASK;
897  break;
898  case PN533_TYPE_A_SEL_PROT_ISO14443_DEP:
899  nfc_tgt->supported_protocols = NFC_PROTO_ISO14443_MASK |
900  NFC_PROTO_NFC_DEP_MASK;
901  break;
902  }
903 
904  nfc_tgt->sens_res = be16_to_cpu(tgt_type_a->sens_res);
905  nfc_tgt->sel_res = tgt_type_a->sel_res;
906  nfc_tgt->nfcid1_len = tgt_type_a->nfcid_len;
907  memcpy(nfc_tgt->nfcid1, tgt_type_a->nfcid_data, nfc_tgt->nfcid1_len);
908 
909  return 0;
910 }
911 
912 struct pn533_target_felica {
913  u8 pol_res;
914  u8 opcode;
915  u8 nfcid2[8];
916  u8 pad[8];
917  /* optional */
918  u8 syst_code[];
919 } __packed;
920 
921 #define PN533_FELICA_SENSF_NFCID2_DEP_B1 0x01
922 #define PN533_FELICA_SENSF_NFCID2_DEP_B2 0xFE
923 
924 static bool pn533_target_felica_is_valid(struct pn533_target_felica *felica,
925  int target_data_len)
926 {
927  if (target_data_len < sizeof(struct pn533_target_felica))
928  return false;
929 
930  if (felica->opcode != PN533_FELICA_OPC_SENSF_RES)
931  return false;
932 
933  return true;
934 }
935 
936 static int pn533_target_found_felica(struct nfc_target *nfc_tgt, u8 *tgt_data,
937  int tgt_data_len)
938 {
939  struct pn533_target_felica *tgt_felica;
940 
941  tgt_felica = (struct pn533_target_felica *) tgt_data;
942 
943  if (!pn533_target_felica_is_valid(tgt_felica, tgt_data_len))
944  return -EPROTO;
945 
946  if (tgt_felica->nfcid2[0] == PN533_FELICA_SENSF_NFCID2_DEP_B1 &&
947  tgt_felica->nfcid2[1] ==
948  PN533_FELICA_SENSF_NFCID2_DEP_B2)
949  nfc_tgt->supported_protocols = NFC_PROTO_NFC_DEP_MASK;
950  else
951  nfc_tgt->supported_protocols = NFC_PROTO_FELICA_MASK;
952 
953  memcpy(nfc_tgt->sensf_res, &tgt_felica->opcode, 9);
954  nfc_tgt->sensf_res_len = 9;
955 
956  return 0;
957 }
958 
959 struct pn533_target_jewel {
960  __be16 sens_res;
961  u8 jewelid[4];
962 } __packed;
963 
964 static bool pn533_target_jewel_is_valid(struct pn533_target_jewel *jewel,
965  int target_data_len)
966 {
967  u8 ssd;
968  u8 platconf;
969 
970  if (target_data_len < sizeof(struct pn533_target_jewel))
971  return false;
972 
973  /* Requirement 4.6.3.3 from NFC Forum Digital Spec */
974  ssd = PN533_TYPE_A_SENS_RES_SSD(jewel->sens_res);
975  platconf = PN533_TYPE_A_SENS_RES_PLATCONF(jewel->sens_res);
976 
977  if ((ssd == PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
978  platconf != PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL) ||
979  (ssd != PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
980  platconf == PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL))
981  return false;
982 
983  return true;
984 }
985 
986 static int pn533_target_found_jewel(struct nfc_target *nfc_tgt, u8 *tgt_data,
987  int tgt_data_len)
988 {
989  struct pn533_target_jewel *tgt_jewel;
990 
991  tgt_jewel = (struct pn533_target_jewel *) tgt_data;
992 
993  if (!pn533_target_jewel_is_valid(tgt_jewel, tgt_data_len))
994  return -EPROTO;
995 
996  nfc_tgt->supported_protocols = NFC_PROTO_JEWEL_MASK;
997  nfc_tgt->sens_res = be16_to_cpu(tgt_jewel->sens_res);
998  nfc_tgt->nfcid1_len = 4;
999  memcpy(nfc_tgt->nfcid1, tgt_jewel->jewelid, nfc_tgt->nfcid1_len);
1000 
1001  return 0;
1002 }
1003 
1004 struct pn533_type_b_prot_info {
1005  u8 bitrate;
1006  u8 fsci_type;
1007  u8 fwi_adc_fo;
1008 } __packed;
1009 
1010 #define PN533_TYPE_B_PROT_FCSI(x) (((x) & 0xF0) >> 4)
1011 #define PN533_TYPE_B_PROT_TYPE(x) (((x) & 0x0F) >> 0)
1012 #define PN533_TYPE_B_PROT_TYPE_RFU_MASK 0x8
1013 
1014 struct pn533_type_b_sens_res {
1015  u8 opcode;
1016  u8 nfcid[4];
1017  u8 appdata[4];
1018  struct pn533_type_b_prot_info prot_info;
1019 } __packed;
1020 
1021 #define PN533_TYPE_B_OPC_SENSB_RES 0x50
1022 
1023 struct pn533_target_type_b {
1024  struct pn533_type_b_sens_res sensb_res;
1025  u8 attrib_res_len;
1026  u8 attrib_res[];
1027 } __packed;
1028 
1029 static bool pn533_target_type_b_is_valid(struct pn533_target_type_b *type_b,
1030  int target_data_len)
1031 {
1032  if (target_data_len < sizeof(struct pn533_target_type_b))
1033  return false;
1034 
1035  if (type_b->sensb_res.opcode != PN533_TYPE_B_OPC_SENSB_RES)
1036  return false;
1037 
1038  if (PN533_TYPE_B_PROT_TYPE(type_b->sensb_res.prot_info.fsci_type) &
1039  PN533_TYPE_B_PROT_TYPE_RFU_MASK)
1040  return false;
1041 
1042  return true;
1043 }
1044 
1045 static int pn533_target_found_type_b(struct nfc_target *nfc_tgt, u8 *tgt_data,
1046  int tgt_data_len)
1047 {
1048  struct pn533_target_type_b *tgt_type_b;
1049 
1050  tgt_type_b = (struct pn533_target_type_b *) tgt_data;
1051 
1052  if (!pn533_target_type_b_is_valid(tgt_type_b, tgt_data_len))
1053  return -EPROTO;
1054 
1055  nfc_tgt->supported_protocols = NFC_PROTO_ISO14443_B_MASK;
1056 
1057  return 0;
1058 }
1059 
1060 struct pn533_poll_response {
1061  u8 nbtg;
1062  u8 tg;
1063  u8 target_data[];
1064 } __packed;
1065 
1066 static int pn533_target_found(struct pn533 *dev,
1067  struct pn533_poll_response *resp, int resp_len)
1068 {
1069  int target_data_len;
1070  struct nfc_target nfc_tgt;
1071  int rc;
1072 
1073  nfc_dev_dbg(&dev->interface->dev, "%s - modulation=%d", __func__,
1074  dev->poll_mod_curr);
1075 
1076  if (resp->tg != 1)
1077  return -EPROTO;
1078 
1079  memset(&nfc_tgt, 0, sizeof(struct nfc_target));
1080 
1081  target_data_len = resp_len - sizeof(struct pn533_poll_response);
1082 
1083  switch (dev->poll_mod_curr) {
1084  case PN533_POLL_MOD_106KBPS_A:
1085  rc = pn533_target_found_type_a(&nfc_tgt, resp->target_data,
1086  target_data_len);
1087  break;
1088  case PN533_POLL_MOD_212KBPS_FELICA:
1089  case PN533_POLL_MOD_424KBPS_FELICA:
1090  rc = pn533_target_found_felica(&nfc_tgt, resp->target_data,
1091  target_data_len);
1092  break;
1093  case PN533_POLL_MOD_106KBPS_JEWEL:
1094  rc = pn533_target_found_jewel(&nfc_tgt, resp->target_data,
1095  target_data_len);
1096  break;
1097  case PN533_POLL_MOD_847KBPS_B:
1098  rc = pn533_target_found_type_b(&nfc_tgt, resp->target_data,
1099  target_data_len);
1100  break;
1101  default:
1102  nfc_dev_err(&dev->interface->dev, "Unknown current poll"
1103  " modulation");
1104  return -EPROTO;
1105  }
1106 
1107  if (rc)
1108  return rc;
1109 
1110  if (!(nfc_tgt.supported_protocols & dev->poll_protocols)) {
1111  nfc_dev_dbg(&dev->interface->dev, "The target found does not"
1112  " have the desired protocol");
1113  return -EAGAIN;
1114  }
1115 
1116  nfc_dev_dbg(&dev->interface->dev, "Target found - supported protocols: "
1117  "0x%x", nfc_tgt.supported_protocols);
1118 
1119  dev->tgt_available_prots = nfc_tgt.supported_protocols;
1120 
1121  nfc_targets_found(dev->nfc_dev, &nfc_tgt, 1);
1122 
1123  return 0;
1124 }
1125 
1126 static inline void pn533_poll_next_mod(struct pn533 *dev)
1127 {
1128  dev->poll_mod_curr = (dev->poll_mod_curr + 1) % dev->poll_mod_count;
1129 }
1130 
1131 static void pn533_poll_reset_mod_list(struct pn533 *dev)
1132 {
1133  dev->poll_mod_count = 0;
1134 }
1135 
1136 static void pn533_poll_add_mod(struct pn533 *dev, u8 mod_index)
1137 {
1138  dev->poll_mod_active[dev->poll_mod_count] =
1139  (struct pn533_poll_modulations *) &poll_mod[mod_index];
1140  dev->poll_mod_count++;
1141 }
1142 
1143 static void pn533_poll_create_mod_list(struct pn533 *dev,
1144  u32 im_protocols, u32 tm_protocols)
1145 {
1146  pn533_poll_reset_mod_list(dev);
1147 
1148  if (im_protocols & NFC_PROTO_MIFARE_MASK
1149  || im_protocols & NFC_PROTO_ISO14443_MASK
1150  || im_protocols & NFC_PROTO_NFC_DEP_MASK)
1151  pn533_poll_add_mod(dev, PN533_POLL_MOD_106KBPS_A);
1152 
1153  if (im_protocols & NFC_PROTO_FELICA_MASK
1154  || im_protocols & NFC_PROTO_NFC_DEP_MASK) {
1155  pn533_poll_add_mod(dev, PN533_POLL_MOD_212KBPS_FELICA);
1156  pn533_poll_add_mod(dev, PN533_POLL_MOD_424KBPS_FELICA);
1157  }
1158 
1159  if (im_protocols & NFC_PROTO_JEWEL_MASK)
1160  pn533_poll_add_mod(dev, PN533_POLL_MOD_106KBPS_JEWEL);
1161 
1162  if (im_protocols & NFC_PROTO_ISO14443_B_MASK)
1163  pn533_poll_add_mod(dev, PN533_POLL_MOD_847KBPS_B);
1164 
1165  if (tm_protocols)
1166  pn533_poll_add_mod(dev, PN533_LISTEN_MOD);
1167 }
1168 
1169 static int pn533_start_poll_complete(struct pn533 *dev, void *arg,
1170  u8 *params, int params_len)
1171 {
1172  struct pn533_poll_response *resp;
1173  int rc;
1174 
1175  nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1176 
1177  resp = (struct pn533_poll_response *) params;
1178  if (resp->nbtg) {
1179  rc = pn533_target_found(dev, resp, params_len);
1180 
1181  /* We must stop the poll after a valid target found */
1182  if (rc == 0) {
1183  pn533_poll_reset_mod_list(dev);
1184  return 0;
1185  }
1186  }
1187 
1188  return -EAGAIN;
1189 }
1190 
1191 static int pn533_init_target_frame(struct pn533_frame *frame,
1192  u8 *gb, size_t gb_len)
1193 {
1194  struct pn533_cmd_init_target *cmd;
1195  size_t cmd_len;
1196  u8 felica_params[18] = {0x1, 0xfe, /* DEP */
1197  0x0, 0x0, 0x0, 0x0, 0x0, 0x0, /* random */
1198  0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
1199  0xff, 0xff}; /* System code */
1200  u8 mifare_params[6] = {0x1, 0x1, /* SENS_RES */
1201  0x0, 0x0, 0x0,
1202  0x40}; /* SEL_RES for DEP */
1203 
1204  cmd_len = sizeof(struct pn533_cmd_init_target) + gb_len + 1;
1205  cmd = kzalloc(cmd_len, GFP_KERNEL);
1206  if (cmd == NULL)
1207  return -ENOMEM;
1208 
1209  pn533_tx_frame_init(frame, PN533_CMD_TG_INIT_AS_TARGET);
1210 
1211  /* DEP support only */
1212  cmd->mode |= PN533_INIT_TARGET_DEP;
1213 
1214  /* Felica params */
1215  memcpy(cmd->felica, felica_params, 18);
1216  get_random_bytes(cmd->felica + 2, 6);
1217 
1218  /* NFCID3 */
1219  memset(cmd->nfcid3, 0, 10);
1220  memcpy(cmd->nfcid3, cmd->felica, 8);
1221 
1222  /* MIFARE params */
1223  memcpy(cmd->mifare, mifare_params, 6);
1224 
1225  /* General bytes */
1226  cmd->gb_len = gb_len;
1227  memcpy(cmd->gb, gb, gb_len);
1228 
1229  /* Len Tk */
1230  cmd->gb[gb_len] = 0;
1231 
1232  memcpy(PN533_FRAME_CMD_PARAMS_PTR(frame), cmd, cmd_len);
1233 
1234  frame->datalen += cmd_len;
1235 
1236  pn533_tx_frame_finish(frame);
1237 
1238  kfree(cmd);
1239 
1240  return 0;
1241 }
1242 
1243 #define PN533_CMD_DATAEXCH_HEAD_LEN (sizeof(struct pn533_frame) + 3)
1244 #define PN533_CMD_DATAEXCH_DATA_MAXLEN 262
1245 static int pn533_tm_get_data_complete(struct pn533 *dev, void *arg,
1246  u8 *params, int params_len)
1247 {
1248  struct sk_buff *skb_resp = arg;
1249  struct pn533_frame *in_frame = (struct pn533_frame *) skb_resp->data;
1250 
1251  nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1252 
1253  if (params_len < 0) {
1254  nfc_dev_err(&dev->interface->dev,
1255  "Error %d when starting as a target",
1256  params_len);
1257 
1258  return params_len;
1259  }
1260 
1261  if (params_len > 0 && params[0] != 0) {
1262  nfc_tm_deactivated(dev->nfc_dev);
1263 
1264  dev->tgt_mode = 0;
1265 
1266  kfree_skb(skb_resp);
1267  return 0;
1268  }
1269 
1270  skb_put(skb_resp, PN533_FRAME_SIZE(in_frame));
1271  skb_pull(skb_resp, PN533_CMD_DATAEXCH_HEAD_LEN);
1272  skb_trim(skb_resp, skb_resp->len - PN533_FRAME_TAIL_SIZE);
1273 
1274  return nfc_tm_data_received(dev->nfc_dev, skb_resp);
1275 }
1276 
1277 static void pn533_wq_tg_get_data(struct work_struct *work)
1278 {
1279  struct pn533 *dev = container_of(work, struct pn533, tg_work);
1280  struct pn533_frame *in_frame;
1281  struct sk_buff *skb_resp;
1282  size_t skb_resp_len;
1283 
1284  nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1285 
1286  skb_resp_len = PN533_CMD_DATAEXCH_HEAD_LEN +
1287  PN533_CMD_DATAEXCH_DATA_MAXLEN +
1288  PN533_FRAME_TAIL_SIZE;
1289 
1290  skb_resp = nfc_alloc_recv_skb(skb_resp_len, GFP_KERNEL);
1291  if (!skb_resp)
1292  return;
1293 
1294  in_frame = (struct pn533_frame *)skb_resp->data;
1295 
1296  pn533_tx_frame_init(dev->out_frame, PN533_CMD_TG_GET_DATA);
1297  pn533_tx_frame_finish(dev->out_frame);
1298 
1299  pn533_send_cmd_frame_async(dev, dev->out_frame, in_frame,
1300  skb_resp_len,
1301  pn533_tm_get_data_complete,
1302  skb_resp, GFP_KERNEL);
1303 
1304  return;
1305 }
1306 
1307 #define ATR_REQ_GB_OFFSET 17
1308 static int pn533_init_target_complete(struct pn533 *dev, void *arg,
1309  u8 *params, int params_len)
1310 {
1311  struct pn533_cmd_init_target_response *resp;
1312  u8 frame, comm_mode = NFC_COMM_PASSIVE, *gb;
1313  size_t gb_len;
1314  int rc;
1315 
1316  nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1317 
1318  if (params_len < 0) {
1319  nfc_dev_err(&dev->interface->dev,
1320  "Error %d when starting as a target",
1321  params_len);
1322 
1323  return params_len;
1324  }
1325 
1326  if (params_len < ATR_REQ_GB_OFFSET + 1)
1327  return -EINVAL;
1328 
1329  resp = (struct pn533_cmd_init_target_response *) params;
1330 
1331  nfc_dev_dbg(&dev->interface->dev, "Target mode 0x%x param len %d\n",
1332  resp->mode, params_len);
1333 
1334  frame = resp->mode & PN533_INIT_TARGET_RESP_FRAME_MASK;
1335  if (frame == PN533_INIT_TARGET_RESP_ACTIVE)
1336  comm_mode = NFC_COMM_ACTIVE;
1337 
1338  /* Again, only DEP */
1339  if ((resp->mode & PN533_INIT_TARGET_RESP_DEP) == 0)
1340  return -EOPNOTSUPP;
1341 
1342  gb = resp->cmd + ATR_REQ_GB_OFFSET;
1343  gb_len = params_len - (ATR_REQ_GB_OFFSET + 1);
1344 
1345  rc = nfc_tm_activated(dev->nfc_dev, NFC_PROTO_NFC_DEP_MASK,
1346  comm_mode, gb, gb_len);
1347  if (rc < 0) {
1348  nfc_dev_err(&dev->interface->dev,
1349  "Error when signaling target activation");
1350  return rc;
1351  }
1352 
1353  dev->tgt_mode = 1;
1354 
1355  queue_work(dev->wq, &dev->tg_work);
1356 
1357  return 0;
1358 }
1359 
1360 static void pn533_listen_mode_timer(unsigned long data)
1361 {
1362  struct pn533 *dev = (struct pn533 *) data;
1363 
1364  nfc_dev_dbg(&dev->interface->dev, "Listen mode timeout");
1365 
1366  /* An ack will cancel the last issued command (poll) */
1367  pn533_send_ack(dev, GFP_ATOMIC);
1368 
1369  dev->cancel_listen = 1;
1370 
1371  pn533_poll_next_mod(dev);
1372 
1373  queue_work(dev->wq, &dev->poll_work);
1374 }
1375 
1376 static int pn533_poll_complete(struct pn533 *dev, void *arg,
1377  u8 *params, int params_len)
1378 {
1379  struct pn533_poll_modulations *cur_mod;
1380  int rc;
1381 
1382  nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1383 
1384  if (params_len == -ENOENT) {
1385  if (dev->poll_mod_count != 0)
1386  return 0;
1387 
1388  nfc_dev_err(&dev->interface->dev,
1389  "Polling operation has been stopped");
1390 
1391  goto stop_poll;
1392  }
1393 
1394  if (params_len < 0) {
1395  nfc_dev_err(&dev->interface->dev,
1396  "Error %d when running poll", params_len);
1397 
1398  goto stop_poll;
1399  }
1400 
1401  cur_mod = dev->poll_mod_active[dev->poll_mod_curr];
1402 
1403  if (cur_mod->len == 0) {
1404  del_timer(&dev->listen_timer);
1405 
1406  return pn533_init_target_complete(dev, arg, params, params_len);
1407  } else {
1408  rc = pn533_start_poll_complete(dev, arg, params, params_len);
1409  if (!rc)
1410  return rc;
1411  }
1412 
1413  pn533_poll_next_mod(dev);
1414 
1415  queue_work(dev->wq, &dev->poll_work);
1416 
1417  return 0;
1418 
1419 stop_poll:
1420  pn533_poll_reset_mod_list(dev);
1421  dev->poll_protocols = 0;
1422  return 0;
1423 }
1424 
1425 static void pn533_build_poll_frame(struct pn533 *dev,
1426  struct pn533_frame *frame,
1427  struct pn533_poll_modulations *mod)
1428 {
1429  nfc_dev_dbg(&dev->interface->dev, "mod len %d\n", mod->len);
1430 
1431  if (mod->len == 0) {
1432  /* Listen mode */
1433  pn533_init_target_frame(frame, dev->gb, dev->gb_len);
1434  } else {
1435  /* Polling mode */
1436  pn533_tx_frame_init(frame, PN533_CMD_IN_LIST_PASSIVE_TARGET);
1437 
1438  memcpy(PN533_FRAME_CMD_PARAMS_PTR(frame), &mod->data, mod->len);
1439  frame->datalen += mod->len;
1440 
1441  pn533_tx_frame_finish(frame);
1442  }
1443 }
1444 
1445 static int pn533_send_poll_frame(struct pn533 *dev)
1446 {
1447  struct pn533_poll_modulations *cur_mod;
1448  int rc;
1449 
1450  cur_mod = dev->poll_mod_active[dev->poll_mod_curr];
1451 
1452  pn533_build_poll_frame(dev, dev->out_frame, cur_mod);
1453 
1454  rc = pn533_send_cmd_frame_async(dev, dev->out_frame, dev->in_frame,
1455  dev->in_maxlen, pn533_poll_complete,
1456  NULL, GFP_KERNEL);
1457  if (rc)
1458  nfc_dev_err(&dev->interface->dev, "Polling loop error %d", rc);
1459 
1460  return rc;
1461 }
1462 
1463 static void pn533_wq_poll(struct work_struct *work)
1464 {
1465  struct pn533 *dev = container_of(work, struct pn533, poll_work);
1466  struct pn533_poll_modulations *cur_mod;
1467  int rc;
1468 
1469  cur_mod = dev->poll_mod_active[dev->poll_mod_curr];
1470 
1471  nfc_dev_dbg(&dev->interface->dev,
1472  "%s cancel_listen %d modulation len %d",
1473  __func__, dev->cancel_listen, cur_mod->len);
1474 
1475  if (dev->cancel_listen == 1) {
1476  dev->cancel_listen = 0;
1477  usb_kill_urb(dev->in_urb);
1478  }
1479 
1480  rc = pn533_send_poll_frame(dev);
1481  if (rc)
1482  return;
1483 
1484  if (cur_mod->len == 0 && dev->poll_mod_count > 1)
1485  mod_timer(&dev->listen_timer, jiffies + PN533_LISTEN_TIME * HZ);
1486 
1487  return;
1488 }
1489 
1490 static int pn533_start_poll(struct nfc_dev *nfc_dev,
1491  u32 im_protocols, u32 tm_protocols)
1492 {
1493  struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1494 
1495  nfc_dev_dbg(&dev->interface->dev,
1496  "%s: im protocols 0x%x tm protocols 0x%x",
1497  __func__, im_protocols, tm_protocols);
1498 
1499  if (dev->tgt_active_prot) {
1500  nfc_dev_err(&dev->interface->dev,
1501  "Cannot poll with a target already activated");
1502  return -EBUSY;
1503  }
1504 
1505  if (dev->tgt_mode) {
1506  nfc_dev_err(&dev->interface->dev,
1507  "Cannot poll while already being activated");
1508  return -EBUSY;
1509  }
1510 
1511  if (tm_protocols) {
1512  dev->gb = nfc_get_local_general_bytes(nfc_dev, &dev->gb_len);
1513  if (dev->gb == NULL)
1514  tm_protocols = 0;
1515  }
1516 
1517  dev->poll_mod_curr = 0;
1518  pn533_poll_create_mod_list(dev, im_protocols, tm_protocols);
1519  dev->poll_protocols = im_protocols;
1520  dev->listen_protocols = tm_protocols;
1521 
1522  return pn533_send_poll_frame(dev);
1523 }
1524 
1525 static void pn533_stop_poll(struct nfc_dev *nfc_dev)
1526 {
1527  struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1528 
1529  nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1530 
1531  del_timer(&dev->listen_timer);
1532 
1533  if (!dev->poll_mod_count) {
1534  nfc_dev_dbg(&dev->interface->dev, "Polling operation was not"
1535  " running");
1536  return;
1537  }
1538 
1539  /* An ack will cancel the last issued command (poll) */
1540  pn533_send_ack(dev, GFP_KERNEL);
1541 
1542  /* prevent pn533_start_poll_complete to issue a new poll meanwhile */
1543  usb_kill_urb(dev->in_urb);
1544 
1545  pn533_poll_reset_mod_list(dev);
1546 }
1547 
1548 static int pn533_activate_target_nfcdep(struct pn533 *dev)
1549 {
1550  struct pn533_cmd_activate_param param;
1551  struct pn533_cmd_activate_response *resp;
1552  u16 gt_len;
1553  int rc;
1554 
1555  nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1556 
1557  pn533_tx_frame_init(dev->out_frame, PN533_CMD_IN_ATR);
1558 
1559  param.tg = 1;
1560  param.next = 0;
1561  memcpy(PN533_FRAME_CMD_PARAMS_PTR(dev->out_frame), &param,
1562  sizeof(struct pn533_cmd_activate_param));
1563  dev->out_frame->datalen += sizeof(struct pn533_cmd_activate_param);
1564 
1565  pn533_tx_frame_finish(dev->out_frame);
1566 
1567  rc = pn533_send_cmd_frame_sync(dev, dev->out_frame, dev->in_frame,
1568  dev->in_maxlen);
1569  if (rc)
1570  return rc;
1571 
1572  resp = (struct pn533_cmd_activate_response *)
1573  PN533_FRAME_CMD_PARAMS_PTR(dev->in_frame);
1574  rc = resp->status & PN533_CMD_RET_MASK;
1575  if (rc != PN533_CMD_RET_SUCCESS)
1576  return -EIO;
1577 
1578  /* ATR_RES general bytes are located at offset 16 */
1579  gt_len = PN533_FRAME_CMD_PARAMS_LEN(dev->in_frame) - 16;
1580  rc = nfc_set_remote_general_bytes(dev->nfc_dev, resp->gt, gt_len);
1581 
1582  return rc;
1583 }
1584 
1585 static int pn533_activate_target(struct nfc_dev *nfc_dev,
1586  struct nfc_target *target, u32 protocol)
1587 {
1588  struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1589  int rc;
1590 
1591  nfc_dev_dbg(&dev->interface->dev, "%s - protocol=%u", __func__,
1592  protocol);
1593 
1594  if (dev->poll_mod_count) {
1595  nfc_dev_err(&dev->interface->dev, "Cannot activate while"
1596  " polling");
1597  return -EBUSY;
1598  }
1599 
1600  if (dev->tgt_active_prot) {
1601  nfc_dev_err(&dev->interface->dev, "There is already an active"
1602  " target");
1603  return -EBUSY;
1604  }
1605 
1606  if (!dev->tgt_available_prots) {
1607  nfc_dev_err(&dev->interface->dev, "There is no available target"
1608  " to activate");
1609  return -EINVAL;
1610  }
1611 
1612  if (!(dev->tgt_available_prots & (1 << protocol))) {
1613  nfc_dev_err(&dev->interface->dev, "The target does not support"
1614  " the requested protocol %u", protocol);
1615  return -EINVAL;
1616  }
1617 
1618  if (protocol == NFC_PROTO_NFC_DEP) {
1619  rc = pn533_activate_target_nfcdep(dev);
1620  if (rc) {
1621  nfc_dev_err(&dev->interface->dev, "Error %d when"
1622  " activating target with"
1623  " NFC_DEP protocol", rc);
1624  return rc;
1625  }
1626  }
1627 
1628  dev->tgt_active_prot = protocol;
1629  dev->tgt_available_prots = 0;
1630 
1631  return 0;
1632 }
1633 
1634 static void pn533_deactivate_target(struct nfc_dev *nfc_dev,
1635  struct nfc_target *target)
1636 {
1637  struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1638  u8 tg;
1639  u8 status;
1640  int rc;
1641 
1642  nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1643 
1644  if (!dev->tgt_active_prot) {
1645  nfc_dev_err(&dev->interface->dev, "There is no active target");
1646  return;
1647  }
1648 
1649  dev->tgt_active_prot = 0;
1650 
1651  skb_queue_purge(&dev->resp_q);
1652 
1653  pn533_tx_frame_init(dev->out_frame, PN533_CMD_IN_RELEASE);
1654 
1655  tg = 1;
1656  memcpy(PN533_FRAME_CMD_PARAMS_PTR(dev->out_frame), &tg, sizeof(u8));
1657  dev->out_frame->datalen += sizeof(u8);
1658 
1659  pn533_tx_frame_finish(dev->out_frame);
1660 
1661  rc = pn533_send_cmd_frame_sync(dev, dev->out_frame, dev->in_frame,
1662  dev->in_maxlen);
1663  if (rc) {
1664  nfc_dev_err(&dev->interface->dev, "Error when sending release"
1665  " command to the controller");
1666  return;
1667  }
1668 
1669  status = PN533_FRAME_CMD_PARAMS_PTR(dev->in_frame)[0];
1670  rc = status & PN533_CMD_RET_MASK;
1671  if (rc != PN533_CMD_RET_SUCCESS)
1672  nfc_dev_err(&dev->interface->dev, "Error 0x%x when releasing"
1673  " the target", rc);
1674 
1675  return;
1676 }
1677 
1678 
1679 static int pn533_in_dep_link_up_complete(struct pn533 *dev, void *arg,
1680  u8 *params, int params_len)
1681 {
1682  struct pn533_cmd_jump_dep_response *resp;
1683  struct nfc_target nfc_target;
1684  u8 target_gt_len;
1685  int rc;
1686  struct pn533_cmd_jump_dep *cmd = (struct pn533_cmd_jump_dep *)arg;
1687  u8 active = cmd->active;
1688 
1689  kfree(arg);
1690 
1691  if (params_len == -ENOENT) {
1692  nfc_dev_dbg(&dev->interface->dev, "");
1693  return 0;
1694  }
1695 
1696  if (params_len < 0) {
1697  nfc_dev_err(&dev->interface->dev,
1698  "Error %d when bringing DEP link up",
1699  params_len);
1700  return 0;
1701  }
1702 
1703  if (dev->tgt_available_prots &&
1704  !(dev->tgt_available_prots & (1 << NFC_PROTO_NFC_DEP))) {
1705  nfc_dev_err(&dev->interface->dev,
1706  "The target does not support DEP");
1707  return -EINVAL;
1708  }
1709 
1710  resp = (struct pn533_cmd_jump_dep_response *) params;
1711  rc = resp->status & PN533_CMD_RET_MASK;
1712  if (rc != PN533_CMD_RET_SUCCESS) {
1713  nfc_dev_err(&dev->interface->dev,
1714  "Bringing DEP link up failed %d", rc);
1715  return 0;
1716  }
1717 
1718  if (!dev->tgt_available_prots) {
1719  nfc_dev_dbg(&dev->interface->dev, "Creating new target");
1720 
1721  nfc_target.supported_protocols = NFC_PROTO_NFC_DEP_MASK;
1722  nfc_target.nfcid1_len = 10;
1723  memcpy(nfc_target.nfcid1, resp->nfcid3t, nfc_target.nfcid1_len);
1724  rc = nfc_targets_found(dev->nfc_dev, &nfc_target, 1);
1725  if (rc)
1726  return 0;
1727 
1728  dev->tgt_available_prots = 0;
1729  }
1730 
1731  dev->tgt_active_prot = NFC_PROTO_NFC_DEP;
1732 
1733  /* ATR_RES general bytes are located at offset 17 */
1734  target_gt_len = PN533_FRAME_CMD_PARAMS_LEN(dev->in_frame) - 17;
1735  rc = nfc_set_remote_general_bytes(dev->nfc_dev,
1736  resp->gt, target_gt_len);
1737  if (rc == 0)
1738  rc = nfc_dep_link_is_up(dev->nfc_dev,
1739  dev->nfc_dev->targets[0].idx,
1740  !active, NFC_RF_INITIATOR);
1741 
1742  return 0;
1743 }
1744 
1745 static int pn533_mod_to_baud(struct pn533 *dev)
1746 {
1747  switch (dev->poll_mod_curr) {
1748  case PN533_POLL_MOD_106KBPS_A:
1749  return 0;
1750  case PN533_POLL_MOD_212KBPS_FELICA:
1751  return 1;
1752  case PN533_POLL_MOD_424KBPS_FELICA:
1753  return 2;
1754  default:
1755  return -EINVAL;
1756  }
1757 }
1758 
1759 #define PASSIVE_DATA_LEN 5
1760 static int pn533_dep_link_up(struct nfc_dev *nfc_dev, struct nfc_target *target,
1761  u8 comm_mode, u8* gb, size_t gb_len)
1762 {
1763  struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1764  struct pn533_cmd_jump_dep *cmd;
1765  u8 cmd_len, *data_ptr;
1766  u8 passive_data[PASSIVE_DATA_LEN] = {0x00, 0xff, 0xff, 0x00, 0x3};
1767  int rc, baud;
1768 
1769  nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1770 
1771  if (dev->poll_mod_count) {
1772  nfc_dev_err(&dev->interface->dev,
1773  "Cannot bring the DEP link up while polling");
1774  return -EBUSY;
1775  }
1776 
1777  if (dev->tgt_active_prot) {
1778  nfc_dev_err(&dev->interface->dev,
1779  "There is already an active target");
1780  return -EBUSY;
1781  }
1782 
1783  baud = pn533_mod_to_baud(dev);
1784  if (baud < 0) {
1785  nfc_dev_err(&dev->interface->dev,
1786  "Invalid curr modulation %d", dev->poll_mod_curr);
1787  return baud;
1788  }
1789 
1790  cmd_len = sizeof(struct pn533_cmd_jump_dep) + gb_len;
1791  if (comm_mode == NFC_COMM_PASSIVE)
1792  cmd_len += PASSIVE_DATA_LEN;
1793 
1794  cmd = kzalloc(cmd_len, GFP_KERNEL);
1795  if (cmd == NULL)
1796  return -ENOMEM;
1797 
1798  pn533_tx_frame_init(dev->out_frame, PN533_CMD_IN_JUMP_FOR_DEP);
1799 
1800  cmd->active = !comm_mode;
1801  cmd->next = 0;
1802  cmd->baud = baud;
1803  data_ptr = cmd->data;
1804  if (comm_mode == NFC_COMM_PASSIVE && cmd->baud > 0) {
1805  memcpy(data_ptr, passive_data, PASSIVE_DATA_LEN);
1806  cmd->next |= 1;
1807  data_ptr += PASSIVE_DATA_LEN;
1808  }
1809 
1810  if (gb != NULL && gb_len > 0) {
1811  cmd->next |= 4; /* We have some Gi */
1812  memcpy(data_ptr, gb, gb_len);
1813  } else {
1814  cmd->next = 0;
1815  }
1816 
1817  memcpy(PN533_FRAME_CMD_PARAMS_PTR(dev->out_frame), cmd, cmd_len);
1818  dev->out_frame->datalen += cmd_len;
1819 
1820  pn533_tx_frame_finish(dev->out_frame);
1821 
1822  rc = pn533_send_cmd_frame_async(dev, dev->out_frame, dev->in_frame,
1823  dev->in_maxlen, pn533_in_dep_link_up_complete,
1824  cmd, GFP_KERNEL);
1825  if (rc < 0)
1826  kfree(cmd);
1827 
1828  return rc;
1829 }
1830 
1831 static int pn533_dep_link_down(struct nfc_dev *nfc_dev)
1832 {
1833  struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1834 
1835  pn533_poll_reset_mod_list(dev);
1836 
1837  if (dev->tgt_mode || dev->tgt_active_prot) {
1838  pn533_send_ack(dev, GFP_KERNEL);
1839  usb_kill_urb(dev->in_urb);
1840  }
1841 
1842  dev->tgt_active_prot = 0;
1843  dev->tgt_mode = 0;
1844 
1845  skb_queue_purge(&dev->resp_q);
1846 
1847  return 0;
1848 }
1849 
1850 static int pn533_build_tx_frame(struct pn533 *dev, struct sk_buff *skb,
1851  bool target)
1852 {
1853  int payload_len = skb->len;
1854  struct pn533_frame *out_frame;
1855  u8 tg;
1856 
1857  nfc_dev_dbg(&dev->interface->dev, "%s - Sending %d bytes", __func__,
1858  payload_len);
1859 
1860  if (payload_len > PN533_CMD_DATAEXCH_DATA_MAXLEN) {
1861  /* TODO: Implement support to multi-part data exchange */
1862  nfc_dev_err(&dev->interface->dev, "Data length greater than the"
1863  " max allowed: %d",
1864  PN533_CMD_DATAEXCH_DATA_MAXLEN);
1865  return -ENOSYS;
1866  }
1867 
1868  if (target == true) {
1869  switch (dev->device_type) {
1870  case PN533_DEVICE_PASORI:
1871  if (dev->tgt_active_prot == NFC_PROTO_FELICA) {
1872  skb_push(skb, PN533_CMD_DATAEXCH_HEAD_LEN - 1);
1873  out_frame = (struct pn533_frame *) skb->data;
1874  pn533_tx_frame_init(out_frame,
1875  PN533_CMD_IN_COMM_THRU);
1876 
1877  break;
1878  }
1879 
1880  default:
1881  skb_push(skb, PN533_CMD_DATAEXCH_HEAD_LEN);
1882  out_frame = (struct pn533_frame *) skb->data;
1883  pn533_tx_frame_init(out_frame,
1884  PN533_CMD_IN_DATA_EXCHANGE);
1885  tg = 1;
1886  memcpy(PN533_FRAME_CMD_PARAMS_PTR(out_frame),
1887  &tg, sizeof(u8));
1888  out_frame->datalen += sizeof(u8);
1889 
1890  break;
1891  }
1892 
1893  } else {
1894  skb_push(skb, PN533_CMD_DATAEXCH_HEAD_LEN - 1);
1895  out_frame = (struct pn533_frame *) skb->data;
1896  pn533_tx_frame_init(out_frame, PN533_CMD_TG_SET_DATA);
1897  }
1898 
1899 
1900  /* The data is already in the out_frame, just update the datalen */
1901  out_frame->datalen += payload_len;
1902 
1903  pn533_tx_frame_finish(out_frame);
1904  skb_put(skb, PN533_FRAME_TAIL_SIZE);
1905 
1906  return 0;
1907 }
1908 
1909 struct pn533_data_exchange_arg {
1910  struct sk_buff *skb_resp;
1911  struct sk_buff *skb_out;
1912  data_exchange_cb_t cb;
1913  void *cb_context;
1914 };
1915 
1916 static struct sk_buff *pn533_build_response(struct pn533 *dev)
1917 {
1918  struct sk_buff *skb, *tmp, *t;
1919  unsigned int skb_len = 0, tmp_len = 0;
1920 
1921  nfc_dev_dbg(&dev->interface->dev, "%s\n", __func__);
1922 
1923  if (skb_queue_empty(&dev->resp_q))
1924  return NULL;
1925 
1926  if (skb_queue_len(&dev->resp_q) == 1) {
1927  skb = skb_dequeue(&dev->resp_q);
1928  goto out;
1929  }
1930 
1931  skb_queue_walk_safe(&dev->resp_q, tmp, t)
1932  skb_len += tmp->len;
1933 
1934  nfc_dev_dbg(&dev->interface->dev, "%s total length %d\n",
1935  __func__, skb_len);
1936 
1937  skb = alloc_skb(skb_len, GFP_KERNEL);
1938  if (skb == NULL)
1939  goto out;
1940 
1941  skb_put(skb, skb_len);
1942 
1943  skb_queue_walk_safe(&dev->resp_q, tmp, t) {
1944  memcpy(skb->data + tmp_len, tmp->data, tmp->len);
1945  tmp_len += tmp->len;
1946  }
1947 
1948 out:
1949  skb_queue_purge(&dev->resp_q);
1950 
1951  return skb;
1952 }
1953 
1954 static int pn533_data_exchange_complete(struct pn533 *dev, void *_arg,
1955  u8 *params, int params_len)
1956 {
1957  struct pn533_data_exchange_arg *arg = _arg;
1958  struct sk_buff *skb = NULL, *skb_resp = arg->skb_resp;
1959  struct pn533_frame *in_frame = (struct pn533_frame *) skb_resp->data;
1960  int err = 0;
1961  u8 status;
1962  u8 cmd_ret;
1963 
1964  nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1965 
1966  dev_kfree_skb(arg->skb_out);
1967 
1968  if (params_len < 0) { /* error */
1969  err = params_len;
1970  goto error;
1971  }
1972 
1973  status = params[0];
1974 
1975  cmd_ret = status & PN533_CMD_RET_MASK;
1976  if (cmd_ret != PN533_CMD_RET_SUCCESS) {
1977  nfc_dev_err(&dev->interface->dev, "PN533 reported error %d when"
1978  " exchanging data", cmd_ret);
1979  err = -EIO;
1980  goto error;
1981  }
1982 
1983  skb_put(skb_resp, PN533_FRAME_SIZE(in_frame));
1984  skb_pull(skb_resp, PN533_CMD_DATAEXCH_HEAD_LEN);
1985  skb_trim(skb_resp, skb_resp->len - PN533_FRAME_TAIL_SIZE);
1986  skb_queue_tail(&dev->resp_q, skb_resp);
1987 
1988  if (status & PN533_CMD_MI_MASK) {
1989  queue_work(dev->wq, &dev->mi_work);
1990  return -EINPROGRESS;
1991  }
1992 
1993  skb = pn533_build_response(dev);
1994  if (skb == NULL)
1995  goto error;
1996 
1997  arg->cb(arg->cb_context, skb, 0);
1998  kfree(arg);
1999  return 0;
2000 
2001 error:
2002  skb_queue_purge(&dev->resp_q);
2003  dev_kfree_skb(skb_resp);
2004  arg->cb(arg->cb_context, NULL, err);
2005  kfree(arg);
2006  return 0;
2007 }
2008 
2009 static int pn533_transceive(struct nfc_dev *nfc_dev,
2010  struct nfc_target *target, struct sk_buff *skb,
2011  data_exchange_cb_t cb, void *cb_context)
2012 {
2013  struct pn533 *dev = nfc_get_drvdata(nfc_dev);
2014  struct pn533_frame *out_frame, *in_frame;
2015  struct pn533_data_exchange_arg *arg;
2016  struct sk_buff *skb_resp;
2017  int skb_resp_len;
2018  int rc;
2019 
2020  nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2021 
2022  if (!dev->tgt_active_prot) {
2023  nfc_dev_err(&dev->interface->dev, "Cannot exchange data if"
2024  " there is no active target");
2025  rc = -EINVAL;
2026  goto error;
2027  }
2028 
2029  rc = pn533_build_tx_frame(dev, skb, true);
2030  if (rc)
2031  goto error;
2032 
2033  skb_resp_len = PN533_CMD_DATAEXCH_HEAD_LEN +
2034  PN533_CMD_DATAEXCH_DATA_MAXLEN +
2035  PN533_FRAME_TAIL_SIZE;
2036 
2037  skb_resp = nfc_alloc_recv_skb(skb_resp_len, GFP_KERNEL);
2038  if (!skb_resp) {
2039  rc = -ENOMEM;
2040  goto error;
2041  }
2042 
2043  in_frame = (struct pn533_frame *) skb_resp->data;
2044  out_frame = (struct pn533_frame *) skb->data;
2045 
2046  arg = kmalloc(sizeof(struct pn533_data_exchange_arg), GFP_KERNEL);
2047  if (!arg) {
2048  rc = -ENOMEM;
2049  goto free_skb_resp;
2050  }
2051 
2052  arg->skb_resp = skb_resp;
2053  arg->skb_out = skb;
2054  arg->cb = cb;
2055  arg->cb_context = cb_context;
2056 
2057  rc = pn533_send_cmd_frame_async(dev, out_frame, in_frame, skb_resp_len,
2058  pn533_data_exchange_complete, arg,
2059  GFP_KERNEL);
2060  if (rc) {
2061  nfc_dev_err(&dev->interface->dev, "Error %d when trying to"
2062  " perform data_exchange", rc);
2063  goto free_arg;
2064  }
2065 
2066  return 0;
2067 
2068 free_arg:
2069  kfree(arg);
2070 free_skb_resp:
2071  kfree_skb(skb_resp);
2072 error:
2073  kfree_skb(skb);
2074  return rc;
2075 }
2076 
2077 static int pn533_tm_send_complete(struct pn533 *dev, void *arg,
2078  u8 *params, int params_len)
2079 {
2080  struct sk_buff *skb_out = arg;
2081 
2082  nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2083 
2084  dev_kfree_skb(skb_out);
2085 
2086  if (params_len < 0) {
2087  nfc_dev_err(&dev->interface->dev,
2088  "Error %d when sending data",
2089  params_len);
2090 
2091  return params_len;
2092  }
2093 
2094  if (params_len > 0 && params[0] != 0) {
2095  nfc_tm_deactivated(dev->nfc_dev);
2096 
2097  dev->tgt_mode = 0;
2098 
2099  return 0;
2100  }
2101 
2102  queue_work(dev->wq, &dev->tg_work);
2103 
2104  return 0;
2105 }
2106 
2107 static int pn533_tm_send(struct nfc_dev *nfc_dev, struct sk_buff *skb)
2108 {
2109  struct pn533 *dev = nfc_get_drvdata(nfc_dev);
2110  struct pn533_frame *out_frame;
2111  int rc;
2112 
2113  nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2114 
2115  rc = pn533_build_tx_frame(dev, skb, false);
2116  if (rc)
2117  goto error;
2118 
2119  out_frame = (struct pn533_frame *) skb->data;
2120 
2121  rc = pn533_send_cmd_frame_async(dev, out_frame, dev->in_frame,
2122  dev->in_maxlen, pn533_tm_send_complete,
2123  skb, GFP_KERNEL);
2124  if (rc) {
2125  nfc_dev_err(&dev->interface->dev,
2126  "Error %d when trying to send data", rc);
2127  goto error;
2128  }
2129 
2130  return 0;
2131 
2132 error:
2133  kfree_skb(skb);
2134 
2135  return rc;
2136 }
2137 
2138 static void pn533_wq_mi_recv(struct work_struct *work)
2139 {
2140  struct pn533 *dev = container_of(work, struct pn533, mi_work);
2141  struct sk_buff *skb_cmd;
2142  struct pn533_data_exchange_arg *arg = dev->cmd_complete_arg;
2143  struct pn533_frame *out_frame, *in_frame;
2144  struct sk_buff *skb_resp;
2145  int skb_resp_len;
2146  int rc;
2147 
2148  nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2149 
2150  /* This is a zero payload size skb */
2151  skb_cmd = alloc_skb(PN533_CMD_DATAEXCH_HEAD_LEN + PN533_FRAME_TAIL_SIZE,
2152  GFP_KERNEL);
2153  if (skb_cmd == NULL)
2154  goto error_cmd;
2155 
2156  skb_reserve(skb_cmd, PN533_CMD_DATAEXCH_HEAD_LEN);
2157 
2158  rc = pn533_build_tx_frame(dev, skb_cmd, true);
2159  if (rc)
2160  goto error_frame;
2161 
2162  skb_resp_len = PN533_CMD_DATAEXCH_HEAD_LEN +
2163  PN533_CMD_DATAEXCH_DATA_MAXLEN +
2164  PN533_FRAME_TAIL_SIZE;
2165  skb_resp = alloc_skb(skb_resp_len, GFP_KERNEL);
2166  if (!skb_resp) {
2167  rc = -ENOMEM;
2168  goto error_frame;
2169  }
2170 
2171  in_frame = (struct pn533_frame *) skb_resp->data;
2172  out_frame = (struct pn533_frame *) skb_cmd->data;
2173 
2174  arg->skb_resp = skb_resp;
2175  arg->skb_out = skb_cmd;
2176 
2177  rc = __pn533_send_cmd_frame_async(dev, out_frame, in_frame,
2178  skb_resp_len,
2179  pn533_data_exchange_complete,
2180  dev->cmd_complete_arg, GFP_KERNEL);
2181  if (!rc)
2182  return;
2183 
2184  nfc_dev_err(&dev->interface->dev, "Error %d when trying to"
2185  " perform data_exchange", rc);
2186 
2187  kfree_skb(skb_resp);
2188 
2189 error_frame:
2190  kfree_skb(skb_cmd);
2191 
2192 error_cmd:
2193  pn533_send_ack(dev, GFP_KERNEL);
2194 
2195  kfree(arg);
2196 
2197  queue_work(dev->wq, &dev->cmd_work);
2198 }
2199 
2200 static int pn533_set_configuration(struct pn533 *dev, u8 cfgitem, u8 *cfgdata,
2201  u8 cfgdata_len)
2202 {
2203  int rc;
2204  u8 *params;
2205 
2206  nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2207 
2208  pn533_tx_frame_init(dev->out_frame, PN533_CMD_RF_CONFIGURATION);
2209 
2210  params = PN533_FRAME_CMD_PARAMS_PTR(dev->out_frame);
2211  params[0] = cfgitem;
2212  memcpy(&params[1], cfgdata, cfgdata_len);
2213  dev->out_frame->datalen += (1 + cfgdata_len);
2214 
2215  pn533_tx_frame_finish(dev->out_frame);
2216 
2217  rc = pn533_send_cmd_frame_sync(dev, dev->out_frame, dev->in_frame,
2218  dev->in_maxlen);
2219 
2220  return rc;
2221 }
2222 
2223 static int pn533_fw_reset(struct pn533 *dev)
2224 {
2225  int rc;
2226  u8 *params;
2227 
2228  nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2229 
2230  pn533_tx_frame_init(dev->out_frame, 0x18);
2231 
2232  params = PN533_FRAME_CMD_PARAMS_PTR(dev->out_frame);
2233  params[0] = 0x1;
2234  dev->out_frame->datalen += 1;
2235 
2236  pn533_tx_frame_finish(dev->out_frame);
2237 
2238  rc = pn533_send_cmd_frame_sync(dev, dev->out_frame, dev->in_frame,
2239  dev->in_maxlen);
2240 
2241  return rc;
2242 }
2243 
2244 static struct nfc_ops pn533_nfc_ops = {
2245  .dev_up = NULL,
2246  .dev_down = NULL,
2247  .dep_link_up = pn533_dep_link_up,
2248  .dep_link_down = pn533_dep_link_down,
2249  .start_poll = pn533_start_poll,
2250  .stop_poll = pn533_stop_poll,
2251  .activate_target = pn533_activate_target,
2252  .deactivate_target = pn533_deactivate_target,
2253  .im_transceive = pn533_transceive,
2254  .tm_send = pn533_tm_send,
2255 };
2256 
2257 static int pn533_setup(struct pn533 *dev)
2258 {
2259  struct pn533_config_max_retries max_retries;
2260  struct pn533_config_timing timing;
2261  u8 pasori_cfg[3] = {0x08, 0x01, 0x08};
2262  int rc;
2263 
2264  switch (dev->device_type) {
2265  case PN533_DEVICE_STD:
2266  max_retries.mx_rty_atr = PN533_CONFIG_MAX_RETRIES_ENDLESS;
2267  max_retries.mx_rty_psl = 2;
2268  max_retries.mx_rty_passive_act =
2269  PN533_CONFIG_MAX_RETRIES_NO_RETRY;
2270 
2271  timing.rfu = PN533_CONFIG_TIMING_102;
2272  timing.atr_res_timeout = PN533_CONFIG_TIMING_204;
2273  timing.dep_timeout = PN533_CONFIG_TIMING_409;
2274 
2275  break;
2276 
2277  case PN533_DEVICE_PASORI:
2278  max_retries.mx_rty_atr = 0x2;
2279  max_retries.mx_rty_psl = 0x1;
2280  max_retries.mx_rty_passive_act =
2281  PN533_CONFIG_MAX_RETRIES_NO_RETRY;
2282 
2283  timing.rfu = PN533_CONFIG_TIMING_102;
2284  timing.atr_res_timeout = PN533_CONFIG_TIMING_102;
2285  timing.dep_timeout = PN533_CONFIG_TIMING_204;
2286 
2287  break;
2288 
2289  default:
2290  nfc_dev_err(&dev->interface->dev, "Unknown device type %d\n",
2291  dev->device_type);
2292  return -EINVAL;
2293  }
2294 
2295  rc = pn533_set_configuration(dev, PN533_CFGITEM_MAX_RETRIES,
2296  (u8 *)&max_retries, sizeof(max_retries));
2297  if (rc) {
2298  nfc_dev_err(&dev->interface->dev,
2299  "Error on setting MAX_RETRIES config");
2300  return rc;
2301  }
2302 
2303 
2304  rc = pn533_set_configuration(dev, PN533_CFGITEM_TIMING,
2305  (u8 *)&timing, sizeof(timing));
2306  if (rc) {
2307  nfc_dev_err(&dev->interface->dev,
2308  "Error on setting RF timings");
2309  return rc;
2310  }
2311 
2312  switch (dev->device_type) {
2313  case PN533_DEVICE_STD:
2314  break;
2315 
2316  case PN533_DEVICE_PASORI:
2317  pn533_fw_reset(dev);
2318 
2319  rc = pn533_set_configuration(dev, PN533_CFGITEM_PASORI,
2320  pasori_cfg, 3);
2321  if (rc) {
2322  nfc_dev_err(&dev->interface->dev,
2323  "Error while settings PASORI config");
2324  return rc;
2325  }
2326 
2327  pn533_fw_reset(dev);
2328 
2329  break;
2330  }
2331 
2332  return 0;
2333 }
2334 
2335 static int pn533_probe(struct usb_interface *interface,
2336  const struct usb_device_id *id)
2337 {
2338  struct pn533_fw_version *fw_ver;
2339  struct pn533 *dev;
2340  struct usb_host_interface *iface_desc;
2341  struct usb_endpoint_descriptor *endpoint;
2342  int in_endpoint = 0;
2343  int out_endpoint = 0;
2344  int rc = -ENOMEM;
2345  int i;
2346  u32 protocols;
2347 
2348  dev = kzalloc(sizeof(*dev), GFP_KERNEL);
2349  if (!dev)
2350  return -ENOMEM;
2351 
2352  dev->udev = usb_get_dev(interface_to_usbdev(interface));
2353  dev->interface = interface;
2354  mutex_init(&dev->cmd_lock);
2355 
2356  iface_desc = interface->cur_altsetting;
2357  for (i = 0; i < iface_desc->desc.bNumEndpoints; ++i) {
2358  endpoint = &iface_desc->endpoint[i].desc;
2359 
2360  if (!in_endpoint && usb_endpoint_is_bulk_in(endpoint)) {
2361  dev->in_maxlen = le16_to_cpu(endpoint->wMaxPacketSize);
2362  in_endpoint = endpoint->bEndpointAddress;
2363  }
2364 
2365  if (!out_endpoint && usb_endpoint_is_bulk_out(endpoint)) {
2366  dev->out_maxlen =
2367  le16_to_cpu(endpoint->wMaxPacketSize);
2368  out_endpoint = endpoint->bEndpointAddress;
2369  }
2370  }
2371 
2372  if (!in_endpoint || !out_endpoint) {
2373  nfc_dev_err(&interface->dev, "Could not find bulk-in or"
2374  " bulk-out endpoint");
2375  rc = -ENODEV;
2376  goto error;
2377  }
2378 
2379  dev->in_frame = kmalloc(dev->in_maxlen, GFP_KERNEL);
2380  dev->in_urb = usb_alloc_urb(0, GFP_KERNEL);
2381  dev->out_frame = kmalloc(dev->out_maxlen, GFP_KERNEL);
2382  dev->out_urb = usb_alloc_urb(0, GFP_KERNEL);
2383 
2384  if (!dev->in_frame || !dev->out_frame ||
2385  !dev->in_urb || !dev->out_urb)
2386  goto error;
2387 
2388  usb_fill_bulk_urb(dev->in_urb, dev->udev,
2389  usb_rcvbulkpipe(dev->udev, in_endpoint),
2390  NULL, 0, NULL, dev);
2391  usb_fill_bulk_urb(dev->out_urb, dev->udev,
2392  usb_sndbulkpipe(dev->udev, out_endpoint),
2393  NULL, 0,
2394  pn533_send_complete, dev);
2395 
2396  INIT_WORK(&dev->cmd_work, pn533_wq_cmd);
2397  INIT_WORK(&dev->cmd_complete_work, pn533_wq_cmd_complete);
2398  INIT_WORK(&dev->mi_work, pn533_wq_mi_recv);
2399  INIT_WORK(&dev->tg_work, pn533_wq_tg_get_data);
2400  INIT_WORK(&dev->poll_work, pn533_wq_poll);
2401  dev->wq = alloc_ordered_workqueue("pn533", 0);
2402  if (dev->wq == NULL)
2403  goto error;
2404 
2405  init_timer(&dev->listen_timer);
2406  dev->listen_timer.data = (unsigned long) dev;
2407  dev->listen_timer.function = pn533_listen_mode_timer;
2408 
2409  skb_queue_head_init(&dev->resp_q);
2410 
2411  INIT_LIST_HEAD(&dev->cmd_queue);
2412 
2413  usb_set_intfdata(interface, dev);
2414 
2415  pn533_tx_frame_init(dev->out_frame, PN533_CMD_GET_FIRMWARE_VERSION);
2416  pn533_tx_frame_finish(dev->out_frame);
2417 
2418  rc = pn533_send_cmd_frame_sync(dev, dev->out_frame, dev->in_frame,
2419  dev->in_maxlen);
2420  if (rc)
2421  goto destroy_wq;
2422 
2423  fw_ver = (struct pn533_fw_version *)
2424  PN533_FRAME_CMD_PARAMS_PTR(dev->in_frame);
2425  nfc_dev_info(&dev->interface->dev, "NXP PN533 firmware ver %d.%d now"
2426  " attached", fw_ver->ver, fw_ver->rev);
2427 
2428  dev->device_type = id->driver_info;
2429  switch (dev->device_type) {
2430  case PN533_DEVICE_STD:
2431  protocols = PN533_ALL_PROTOCOLS;
2432  break;
2433 
2434  case PN533_DEVICE_PASORI:
2435  protocols = PN533_NO_TYPE_B_PROTOCOLS;
2436  break;
2437 
2438  default:
2439  nfc_dev_err(&dev->interface->dev, "Unknown device type %d\n",
2440  dev->device_type);
2441  rc = -EINVAL;
2442  goto destroy_wq;
2443  }
2444 
2445  dev->nfc_dev = nfc_allocate_device(&pn533_nfc_ops, protocols,
2446  PN533_CMD_DATAEXCH_HEAD_LEN,
2447  PN533_FRAME_TAIL_SIZE);
2448  if (!dev->nfc_dev)
2449  goto destroy_wq;
2450 
2451  nfc_set_parent_dev(dev->nfc_dev, &interface->dev);
2452  nfc_set_drvdata(dev->nfc_dev, dev);
2453 
2454  rc = nfc_register_device(dev->nfc_dev);
2455  if (rc)
2456  goto free_nfc_dev;
2457 
2458  rc = pn533_setup(dev);
2459  if (rc)
2460  goto unregister_nfc_dev;
2461 
2462  return 0;
2463 
2464 unregister_nfc_dev:
2465  nfc_unregister_device(dev->nfc_dev);
2466 
2467 free_nfc_dev:
2468  nfc_free_device(dev->nfc_dev);
2469 
2470 destroy_wq:
2471  destroy_workqueue(dev->wq);
2472 error:
2473  kfree(dev->in_frame);
2474  usb_free_urb(dev->in_urb);
2475  kfree(dev->out_frame);
2476  usb_free_urb(dev->out_urb);
2477  kfree(dev);
2478  return rc;
2479 }
2480 
2481 static void pn533_disconnect(struct usb_interface *interface)
2482 {
2483  struct pn533 *dev;
2484  struct pn533_cmd *cmd, *n;
2485 
2486  dev = usb_get_intfdata(interface);
2487  usb_set_intfdata(interface, NULL);
2488 
2489  nfc_unregister_device(dev->nfc_dev);
2490  nfc_free_device(dev->nfc_dev);
2491 
2492  usb_kill_urb(dev->in_urb);
2493  usb_kill_urb(dev->out_urb);
2494 
2495  destroy_workqueue(dev->wq);
2496 
2497  skb_queue_purge(&dev->resp_q);
2498 
2499  del_timer(&dev->listen_timer);
2500 
2501  list_for_each_entry_safe(cmd, n, &dev->cmd_queue, queue) {
2502  list_del(&cmd->queue);
2503  kfree(cmd);
2504  }
2505 
2506  kfree(dev->in_frame);
2507  usb_free_urb(dev->in_urb);
2508  kfree(dev->out_frame);
2509  usb_free_urb(dev->out_urb);
2510  kfree(dev);
2511 
2512  nfc_dev_info(&interface->dev, "NXP PN533 NFC device disconnected");
2513 }
2514 
2515 static struct usb_driver pn533_driver = {
2516  .name = "pn533",
2517  .probe = pn533_probe,
2518  .disconnect = pn533_disconnect,
2519  .id_table = pn533_table,
2520 };
2521 
2522 module_usb_driver(pn533_driver);
2523 
2524 MODULE_AUTHOR("Lauro Ramos Venancio <[email protected]>,"
2525  " Aloisio Almeida Jr <[email protected]>");
2526 MODULE_DESCRIPTION("PN533 usb driver ver " VERSION);
2527 MODULE_VERSION(VERSION);
2528 MODULE_LICENSE("GPL");
Generated on Thu Jan 10 2013 14:13:29 for Linux Kernel by   doxygen 1.8.2