2 * Copyright (C) 2011 Instituto Nokia de Tecnologia
5 * Lauro Ramos Venancio <lauro.venancio@openbossa.org>
6 * Aloisio Almeida Jr <aloisio.almeida@openbossa.org>
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the
20 * Free Software Foundation, Inc.,
21 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
24 #include <linux/device.h>
25 #include <linux/kernel.h>
26 #include <linux/module.h>
27 #include <linux/slab.h>
28 #include <linux/usb.h>
29 #include <linux/nfc.h>
30 #include <linux/netdevice.h>
31 #include <net/nfc/nfc.h>
35 #define PN533_VENDOR_ID 0x4CC
36 #define PN533_PRODUCT_ID 0x2533
38 #define SCM_VENDOR_ID 0x4E6
39 #define SCL3711_PRODUCT_ID 0x5591
41 static const struct usb_device_id pn533_table[] = {
42 { USB_DEVICE(PN533_VENDOR_ID, PN533_PRODUCT_ID) },
43 { USB_DEVICE(SCM_VENDOR_ID, SCL3711_PRODUCT_ID) },
46 MODULE_DEVICE_TABLE(usb, pn533_table);
48 /* How much time we spend listening for initiators */
49 #define PN533_LISTEN_TIME 2
51 /* frame definitions */
52 #define PN533_FRAME_TAIL_SIZE 2
53 #define PN533_FRAME_SIZE(f) (sizeof(struct pn533_frame) + f->datalen + \
54 PN533_FRAME_TAIL_SIZE)
55 #define PN533_FRAME_ACK_SIZE (sizeof(struct pn533_frame) + 1)
56 #define PN533_FRAME_CHECKSUM(f) (f->data[f->datalen])
57 #define PN533_FRAME_POSTAMBLE(f) (f->data[f->datalen + 1])
60 #define PN533_SOF 0x00FF
62 /* frame identifier: in/out/error */
63 #define PN533_FRAME_IDENTIFIER(f) (f->data[0])
64 #define PN533_DIR_OUT 0xD4
65 #define PN533_DIR_IN 0xD5
68 #define PN533_FRAME_CMD(f) (f->data[1])
69 #define PN533_FRAME_CMD_PARAMS_PTR(f) (&f->data[2])
70 #define PN533_FRAME_CMD_PARAMS_LEN(f) (f->datalen - 2)
72 #define PN533_CMD_GET_FIRMWARE_VERSION 0x02
73 #define PN533_CMD_RF_CONFIGURATION 0x32
74 #define PN533_CMD_IN_DATA_EXCHANGE 0x40
75 #define PN533_CMD_IN_LIST_PASSIVE_TARGET 0x4A
76 #define PN533_CMD_IN_ATR 0x50
77 #define PN533_CMD_IN_RELEASE 0x52
78 #define PN533_CMD_IN_JUMP_FOR_DEP 0x56
80 #define PN533_CMD_TG_INIT_AS_TARGET 0x8c
81 #define PN533_CMD_TG_GET_DATA 0x86
82 #define PN533_CMD_TG_SET_DATA 0x8e
84 #define PN533_CMD_RESPONSE(cmd) (cmd + 1)
86 /* PN533 Return codes */
87 #define PN533_CMD_RET_MASK 0x3F
88 #define PN533_CMD_MI_MASK 0x40
89 #define PN533_CMD_RET_SUCCESS 0x00
91 /* PN533 status codes */
92 #define PN533_STATUS_TARGET_RELEASED 0x29
96 typedef int (*pn533_cmd_complete_t) (struct pn533 *dev, void *arg,
97 u8 *params, int params_len);
99 /* structs for pn533 commands */
101 /* PN533_CMD_GET_FIRMWARE_VERSION */
102 struct pn533_fw_version {
109 /* PN533_CMD_RF_CONFIGURATION */
110 #define PN533_CFGITEM_TIMING 0x02
111 #define PN533_CFGITEM_MAX_RETRIES 0x05
113 #define PN533_CONFIG_TIMING_102 0xb
114 #define PN533_CONFIG_TIMING_204 0xc
115 #define PN533_CONFIG_TIMING_409 0xd
116 #define PN533_CONFIG_TIMING_819 0xe
118 #define PN533_CONFIG_MAX_RETRIES_NO_RETRY 0x00
119 #define PN533_CONFIG_MAX_RETRIES_ENDLESS 0xFF
121 struct pn533_config_max_retries {
124 u8 mx_rty_passive_act;
127 struct pn533_config_timing {
133 /* PN533_CMD_IN_LIST_PASSIVE_TARGET */
135 /* felica commands opcode */
136 #define PN533_FELICA_OPC_SENSF_REQ 0
137 #define PN533_FELICA_OPC_SENSF_RES 1
138 /* felica SENSF_REQ parameters */
139 #define PN533_FELICA_SENSF_SC_ALL 0xFFFF
140 #define PN533_FELICA_SENSF_RC_NO_SYSTEM_CODE 0
141 #define PN533_FELICA_SENSF_RC_SYSTEM_CODE 1
142 #define PN533_FELICA_SENSF_RC_ADVANCED_PROTOCOL 2
144 /* type B initiator_data values */
145 #define PN533_TYPE_B_AFI_ALL_FAMILIES 0
146 #define PN533_TYPE_B_POLL_METHOD_TIMESLOT 0
147 #define PN533_TYPE_B_POLL_METHOD_PROBABILISTIC 1
149 union pn533_cmd_poll_initdata {
162 /* Poll modulations */
164 PN533_POLL_MOD_106KBPS_A,
165 PN533_POLL_MOD_212KBPS_FELICA,
166 PN533_POLL_MOD_424KBPS_FELICA,
167 PN533_POLL_MOD_106KBPS_JEWEL,
168 PN533_POLL_MOD_847KBPS_B,
171 __PN533_POLL_MOD_AFTER_LAST,
173 #define PN533_POLL_MOD_MAX (__PN533_POLL_MOD_AFTER_LAST - 1)
175 struct pn533_poll_modulations {
179 union pn533_cmd_poll_initdata initiator_data;
184 const struct pn533_poll_modulations poll_mod[] = {
185 [PN533_POLL_MOD_106KBPS_A] = {
192 [PN533_POLL_MOD_212KBPS_FELICA] = {
196 .initiator_data.felica = {
197 .opcode = PN533_FELICA_OPC_SENSF_REQ,
198 .sc = PN533_FELICA_SENSF_SC_ALL,
199 .rc = PN533_FELICA_SENSF_RC_NO_SYSTEM_CODE,
205 [PN533_POLL_MOD_424KBPS_FELICA] = {
209 .initiator_data.felica = {
210 .opcode = PN533_FELICA_OPC_SENSF_REQ,
211 .sc = PN533_FELICA_SENSF_SC_ALL,
212 .rc = PN533_FELICA_SENSF_RC_NO_SYSTEM_CODE,
218 [PN533_POLL_MOD_106KBPS_JEWEL] = {
225 [PN533_POLL_MOD_847KBPS_B] = {
229 .initiator_data.type_b = {
230 .afi = PN533_TYPE_B_AFI_ALL_FAMILIES,
232 PN533_TYPE_B_POLL_METHOD_TIMESLOT,
237 [PN533_LISTEN_MOD] = {
242 /* PN533_CMD_IN_ATR */
244 struct pn533_cmd_activate_param {
249 struct pn533_cmd_activate_response {
261 /* PN533_CMD_IN_JUMP_FOR_DEP */
262 struct pn533_cmd_jump_dep {
269 struct pn533_cmd_jump_dep_response {
283 /* PN533_TG_INIT_AS_TARGET */
284 #define PN533_INIT_TARGET_PASSIVE 0x1
285 #define PN533_INIT_TARGET_DEP 0x2
287 #define PN533_INIT_TARGET_RESP_FRAME_MASK 0x3
288 #define PN533_INIT_TARGET_RESP_ACTIVE 0x1
289 #define PN533_INIT_TARGET_RESP_DEP 0x4
291 struct pn533_cmd_init_target {
300 struct pn533_cmd_init_target_response {
306 struct usb_device *udev;
307 struct usb_interface *interface;
308 struct nfc_dev *nfc_dev;
312 struct pn533_frame *out_frame;
316 struct pn533_frame *in_frame;
318 struct sk_buff_head resp_q;
320 struct workqueue_struct *wq;
321 struct work_struct cmd_work;
322 struct work_struct poll_work;
323 struct work_struct mi_work;
324 struct work_struct tg_work;
325 struct timer_list listen_timer;
326 struct pn533_frame *wq_in_frame;
330 pn533_cmd_complete_t cmd_complete;
331 void *cmd_complete_arg;
332 struct mutex cmd_lock;
335 struct pn533_poll_modulations *poll_mod_active[PN533_POLL_MOD_MAX + 1];
339 u32 listen_protocols;
344 u8 tgt_available_prots;
357 /* The rule: value + checksum = 0 */
358 static inline u8 pn533_checksum(u8 value)
363 /* The rule: sum(data elements) + checksum = 0 */
364 static u8 pn533_data_checksum(u8 *data, int datalen)
369 for (i = 0; i < datalen; i++)
372 return pn533_checksum(sum);
376 * pn533_tx_frame_ack - create a ack frame
377 * @frame: The frame to be set as ack
379 * Ack is different type of standard frame. As a standard frame, it has
380 * preamble and start_frame. However the checksum of this frame must fail,
381 * i.e. datalen + datalen_checksum must NOT be zero. When the checksum test
382 * fails and datalen = 0 and datalen_checksum = 0xFF, the frame is a ack.
383 * After datalen_checksum field, the postamble is placed.
385 static void pn533_tx_frame_ack(struct pn533_frame *frame)
388 frame->start_frame = cpu_to_be16(PN533_SOF);
390 frame->datalen_checksum = 0xFF;
391 /* data[0] is used as postamble */
395 static void pn533_tx_frame_init(struct pn533_frame *frame, u8 cmd)
398 frame->start_frame = cpu_to_be16(PN533_SOF);
399 PN533_FRAME_IDENTIFIER(frame) = PN533_DIR_OUT;
400 PN533_FRAME_CMD(frame) = cmd;
404 static void pn533_tx_frame_finish(struct pn533_frame *frame)
406 frame->datalen_checksum = pn533_checksum(frame->datalen);
408 PN533_FRAME_CHECKSUM(frame) =
409 pn533_data_checksum(frame->data, frame->datalen);
411 PN533_FRAME_POSTAMBLE(frame) = 0;
414 static bool pn533_rx_frame_is_valid(struct pn533_frame *frame)
418 if (frame->start_frame != cpu_to_be16(PN533_SOF))
421 checksum = pn533_checksum(frame->datalen);
422 if (checksum != frame->datalen_checksum)
425 checksum = pn533_data_checksum(frame->data, frame->datalen);
426 if (checksum != PN533_FRAME_CHECKSUM(frame))
432 static bool pn533_rx_frame_is_ack(struct pn533_frame *frame)
434 if (frame->start_frame != cpu_to_be16(PN533_SOF))
437 if (frame->datalen != 0 || frame->datalen_checksum != 0xFF)
443 static bool pn533_rx_frame_is_cmd_response(struct pn533_frame *frame, u8 cmd)
445 return (PN533_FRAME_CMD(frame) == PN533_CMD_RESPONSE(cmd));
449 static void pn533_wq_cmd_complete(struct work_struct *work)
451 struct pn533 *dev = container_of(work, struct pn533, cmd_work);
452 struct pn533_frame *in_frame;
455 in_frame = dev->wq_in_frame;
457 if (dev->wq_in_error)
458 rc = dev->cmd_complete(dev, dev->cmd_complete_arg, NULL,
461 rc = dev->cmd_complete(dev, dev->cmd_complete_arg,
462 PN533_FRAME_CMD_PARAMS_PTR(in_frame),
463 PN533_FRAME_CMD_PARAMS_LEN(in_frame));
465 if (rc != -EINPROGRESS)
466 mutex_unlock(&dev->cmd_lock);
469 static void pn533_recv_response(struct urb *urb)
471 struct pn533 *dev = urb->context;
472 struct pn533_frame *in_frame;
474 dev->wq_in_frame = NULL;
476 switch (urb->status) {
483 nfc_dev_dbg(&dev->interface->dev, "Urb shutting down with"
484 " status: %d", urb->status);
485 dev->wq_in_error = urb->status;
488 nfc_dev_err(&dev->interface->dev, "Nonzero urb status received:"
490 dev->wq_in_error = urb->status;
494 in_frame = dev->in_urb->transfer_buffer;
496 if (!pn533_rx_frame_is_valid(in_frame)) {
497 nfc_dev_err(&dev->interface->dev, "Received an invalid frame");
498 dev->wq_in_error = -EIO;
502 if (!pn533_rx_frame_is_cmd_response(in_frame, dev->cmd)) {
503 nfc_dev_err(&dev->interface->dev, "The received frame is not "
504 "response to the last command");
505 dev->wq_in_error = -EIO;
509 nfc_dev_dbg(&dev->interface->dev, "Received a valid frame");
510 dev->wq_in_error = 0;
511 dev->wq_in_frame = in_frame;
514 queue_work(dev->wq, &dev->cmd_work);
517 static int pn533_submit_urb_for_response(struct pn533 *dev, gfp_t flags)
519 dev->in_urb->complete = pn533_recv_response;
521 return usb_submit_urb(dev->in_urb, flags);
524 static void pn533_recv_ack(struct urb *urb)
526 struct pn533 *dev = urb->context;
527 struct pn533_frame *in_frame;
530 switch (urb->status) {
537 nfc_dev_dbg(&dev->interface->dev, "Urb shutting down with"
538 " status: %d", urb->status);
539 dev->wq_in_error = urb->status;
542 nfc_dev_err(&dev->interface->dev, "Nonzero urb status received:"
544 dev->wq_in_error = urb->status;
548 in_frame = dev->in_urb->transfer_buffer;
550 if (!pn533_rx_frame_is_ack(in_frame)) {
551 nfc_dev_err(&dev->interface->dev, "Received an invalid ack");
552 dev->wq_in_error = -EIO;
556 nfc_dev_dbg(&dev->interface->dev, "Received a valid ack");
558 rc = pn533_submit_urb_for_response(dev, GFP_ATOMIC);
560 nfc_dev_err(&dev->interface->dev, "usb_submit_urb failed with"
562 dev->wq_in_error = rc;
569 dev->wq_in_frame = NULL;
570 queue_work(dev->wq, &dev->cmd_work);
573 static int pn533_submit_urb_for_ack(struct pn533 *dev, gfp_t flags)
575 dev->in_urb->complete = pn533_recv_ack;
577 return usb_submit_urb(dev->in_urb, flags);
580 static int pn533_send_ack(struct pn533 *dev, gfp_t flags)
584 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
586 pn533_tx_frame_ack(dev->out_frame);
588 dev->out_urb->transfer_buffer = dev->out_frame;
589 dev->out_urb->transfer_buffer_length = PN533_FRAME_ACK_SIZE;
590 rc = usb_submit_urb(dev->out_urb, flags);
595 static int __pn533_send_cmd_frame_async(struct pn533 *dev,
596 struct pn533_frame *out_frame,
597 struct pn533_frame *in_frame,
599 pn533_cmd_complete_t cmd_complete,
600 void *arg, gfp_t flags)
604 nfc_dev_dbg(&dev->interface->dev, "Sending command 0x%x",
605 PN533_FRAME_CMD(out_frame));
607 dev->cmd = PN533_FRAME_CMD(out_frame);
608 dev->cmd_complete = cmd_complete;
609 dev->cmd_complete_arg = arg;
611 dev->out_urb->transfer_buffer = out_frame;
612 dev->out_urb->transfer_buffer_length =
613 PN533_FRAME_SIZE(out_frame);
615 dev->in_urb->transfer_buffer = in_frame;
616 dev->in_urb->transfer_buffer_length = in_frame_len;
618 rc = usb_submit_urb(dev->out_urb, flags);
622 rc = pn533_submit_urb_for_ack(dev, flags);
629 usb_unlink_urb(dev->out_urb);
633 static int pn533_send_cmd_frame_async(struct pn533 *dev,
634 struct pn533_frame *out_frame,
635 struct pn533_frame *in_frame,
637 pn533_cmd_complete_t cmd_complete,
638 void *arg, gfp_t flags)
642 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
644 if (!mutex_trylock(&dev->cmd_lock))
647 rc = __pn533_send_cmd_frame_async(dev, out_frame, in_frame,
648 in_frame_len, cmd_complete, arg, flags);
654 mutex_unlock(&dev->cmd_lock);
658 struct pn533_sync_cmd_response {
660 struct completion done;
663 static int pn533_sync_cmd_complete(struct pn533 *dev, void *_arg,
664 u8 *params, int params_len)
666 struct pn533_sync_cmd_response *arg = _arg;
668 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
672 if (params_len < 0) /* error */
673 arg->rc = params_len;
675 complete(&arg->done);
680 static int pn533_send_cmd_frame_sync(struct pn533 *dev,
681 struct pn533_frame *out_frame,
682 struct pn533_frame *in_frame,
686 struct pn533_sync_cmd_response arg;
688 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
690 init_completion(&arg.done);
692 rc = pn533_send_cmd_frame_async(dev, out_frame, in_frame, in_frame_len,
693 pn533_sync_cmd_complete, &arg, GFP_KERNEL);
697 wait_for_completion(&arg.done);
702 static void pn533_send_complete(struct urb *urb)
704 struct pn533 *dev = urb->context;
706 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
708 switch (urb->status) {
715 nfc_dev_dbg(&dev->interface->dev, "Urb shutting down with"
716 " status: %d", urb->status);
719 nfc_dev_dbg(&dev->interface->dev, "Nonzero urb status received:"
724 struct pn533_target_type_a {
732 #define PN533_TYPE_A_SENS_RES_NFCID1(x) ((u8)((be16_to_cpu(x) & 0x00C0) >> 6))
733 #define PN533_TYPE_A_SENS_RES_SSD(x) ((u8)((be16_to_cpu(x) & 0x001F) >> 0))
734 #define PN533_TYPE_A_SENS_RES_PLATCONF(x) ((u8)((be16_to_cpu(x) & 0x0F00) >> 8))
736 #define PN533_TYPE_A_SENS_RES_SSD_JEWEL 0x00
737 #define PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL 0x0C
739 #define PN533_TYPE_A_SEL_PROT(x) (((x) & 0x60) >> 5)
740 #define PN533_TYPE_A_SEL_CASCADE(x) (((x) & 0x04) >> 2)
742 #define PN533_TYPE_A_SEL_PROT_MIFARE 0
743 #define PN533_TYPE_A_SEL_PROT_ISO14443 1
744 #define PN533_TYPE_A_SEL_PROT_DEP 2
745 #define PN533_TYPE_A_SEL_PROT_ISO14443_DEP 3
747 static bool pn533_target_type_a_is_valid(struct pn533_target_type_a *type_a,
753 if (target_data_len < sizeof(struct pn533_target_type_a))
756 /* The lenght check of nfcid[] and ats[] are not being performed because
757 the values are not being used */
759 /* Requirement 4.6.3.3 from NFC Forum Digital Spec */
760 ssd = PN533_TYPE_A_SENS_RES_SSD(type_a->sens_res);
761 platconf = PN533_TYPE_A_SENS_RES_PLATCONF(type_a->sens_res);
763 if ((ssd == PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
764 platconf != PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL) ||
765 (ssd != PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
766 platconf == PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL))
769 /* Requirements 4.8.2.1, 4.8.2.3, 4.8.2.5 and 4.8.2.7 from NFC Forum */
770 if (PN533_TYPE_A_SEL_CASCADE(type_a->sel_res) != 0)
776 static int pn533_target_found_type_a(struct nfc_target *nfc_tgt, u8 *tgt_data,
779 struct pn533_target_type_a *tgt_type_a;
781 tgt_type_a = (struct pn533_target_type_a *) tgt_data;
783 if (!pn533_target_type_a_is_valid(tgt_type_a, tgt_data_len))
786 switch (PN533_TYPE_A_SEL_PROT(tgt_type_a->sel_res)) {
787 case PN533_TYPE_A_SEL_PROT_MIFARE:
788 nfc_tgt->supported_protocols = NFC_PROTO_MIFARE_MASK;
790 case PN533_TYPE_A_SEL_PROT_ISO14443:
791 nfc_tgt->supported_protocols = NFC_PROTO_ISO14443_MASK;
793 case PN533_TYPE_A_SEL_PROT_DEP:
794 nfc_tgt->supported_protocols = NFC_PROTO_NFC_DEP_MASK;
796 case PN533_TYPE_A_SEL_PROT_ISO14443_DEP:
797 nfc_tgt->supported_protocols = NFC_PROTO_ISO14443_MASK |
798 NFC_PROTO_NFC_DEP_MASK;
802 nfc_tgt->sens_res = be16_to_cpu(tgt_type_a->sens_res);
803 nfc_tgt->sel_res = tgt_type_a->sel_res;
804 nfc_tgt->nfcid1_len = tgt_type_a->nfcid_len;
805 memcpy(nfc_tgt->nfcid1, tgt_type_a->nfcid_data, nfc_tgt->nfcid1_len);
810 struct pn533_target_felica {
819 #define PN533_FELICA_SENSF_NFCID2_DEP_B1 0x01
820 #define PN533_FELICA_SENSF_NFCID2_DEP_B2 0xFE
822 static bool pn533_target_felica_is_valid(struct pn533_target_felica *felica,
825 if (target_data_len < sizeof(struct pn533_target_felica))
828 if (felica->opcode != PN533_FELICA_OPC_SENSF_RES)
834 static int pn533_target_found_felica(struct nfc_target *nfc_tgt, u8 *tgt_data,
837 struct pn533_target_felica *tgt_felica;
839 tgt_felica = (struct pn533_target_felica *) tgt_data;
841 if (!pn533_target_felica_is_valid(tgt_felica, tgt_data_len))
844 if (tgt_felica->nfcid2[0] == PN533_FELICA_SENSF_NFCID2_DEP_B1 &&
845 tgt_felica->nfcid2[1] ==
846 PN533_FELICA_SENSF_NFCID2_DEP_B2)
847 nfc_tgt->supported_protocols = NFC_PROTO_NFC_DEP_MASK;
849 nfc_tgt->supported_protocols = NFC_PROTO_FELICA_MASK;
851 memcpy(nfc_tgt->sensf_res, &tgt_felica->opcode, 9);
852 nfc_tgt->sensf_res_len = 9;
857 struct pn533_target_jewel {
862 static bool pn533_target_jewel_is_valid(struct pn533_target_jewel *jewel,
868 if (target_data_len < sizeof(struct pn533_target_jewel))
871 /* Requirement 4.6.3.3 from NFC Forum Digital Spec */
872 ssd = PN533_TYPE_A_SENS_RES_SSD(jewel->sens_res);
873 platconf = PN533_TYPE_A_SENS_RES_PLATCONF(jewel->sens_res);
875 if ((ssd == PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
876 platconf != PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL) ||
877 (ssd != PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
878 platconf == PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL))
884 static int pn533_target_found_jewel(struct nfc_target *nfc_tgt, u8 *tgt_data,
887 struct pn533_target_jewel *tgt_jewel;
889 tgt_jewel = (struct pn533_target_jewel *) tgt_data;
891 if (!pn533_target_jewel_is_valid(tgt_jewel, tgt_data_len))
894 nfc_tgt->supported_protocols = NFC_PROTO_JEWEL_MASK;
895 nfc_tgt->sens_res = be16_to_cpu(tgt_jewel->sens_res);
896 nfc_tgt->nfcid1_len = 4;
897 memcpy(nfc_tgt->nfcid1, tgt_jewel->jewelid, nfc_tgt->nfcid1_len);
902 struct pn533_type_b_prot_info {
908 #define PN533_TYPE_B_PROT_FCSI(x) (((x) & 0xF0) >> 4)
909 #define PN533_TYPE_B_PROT_TYPE(x) (((x) & 0x0F) >> 0)
910 #define PN533_TYPE_B_PROT_TYPE_RFU_MASK 0x8
912 struct pn533_type_b_sens_res {
916 struct pn533_type_b_prot_info prot_info;
919 #define PN533_TYPE_B_OPC_SENSB_RES 0x50
921 struct pn533_target_type_b {
922 struct pn533_type_b_sens_res sensb_res;
927 static bool pn533_target_type_b_is_valid(struct pn533_target_type_b *type_b,
930 if (target_data_len < sizeof(struct pn533_target_type_b))
933 if (type_b->sensb_res.opcode != PN533_TYPE_B_OPC_SENSB_RES)
936 if (PN533_TYPE_B_PROT_TYPE(type_b->sensb_res.prot_info.fsci_type) &
937 PN533_TYPE_B_PROT_TYPE_RFU_MASK)
943 static int pn533_target_found_type_b(struct nfc_target *nfc_tgt, u8 *tgt_data,
946 struct pn533_target_type_b *tgt_type_b;
948 tgt_type_b = (struct pn533_target_type_b *) tgt_data;
950 if (!pn533_target_type_b_is_valid(tgt_type_b, tgt_data_len))
953 nfc_tgt->supported_protocols = NFC_PROTO_ISO14443_MASK;
958 struct pn533_poll_response {
964 static int pn533_target_found(struct pn533 *dev,
965 struct pn533_poll_response *resp, int resp_len)
968 struct nfc_target nfc_tgt;
971 nfc_dev_dbg(&dev->interface->dev, "%s - modulation=%d", __func__,
977 memset(&nfc_tgt, 0, sizeof(struct nfc_target));
979 target_data_len = resp_len - sizeof(struct pn533_poll_response);
981 switch (dev->poll_mod_curr) {
982 case PN533_POLL_MOD_106KBPS_A:
983 rc = pn533_target_found_type_a(&nfc_tgt, resp->target_data,
986 case PN533_POLL_MOD_212KBPS_FELICA:
987 case PN533_POLL_MOD_424KBPS_FELICA:
988 rc = pn533_target_found_felica(&nfc_tgt, resp->target_data,
991 case PN533_POLL_MOD_106KBPS_JEWEL:
992 rc = pn533_target_found_jewel(&nfc_tgt, resp->target_data,
995 case PN533_POLL_MOD_847KBPS_B:
996 rc = pn533_target_found_type_b(&nfc_tgt, resp->target_data,
1000 nfc_dev_err(&dev->interface->dev, "Unknown current poll"
1008 if (!(nfc_tgt.supported_protocols & dev->poll_protocols)) {
1009 nfc_dev_dbg(&dev->interface->dev, "The target found does not"
1010 " have the desired protocol");
1014 nfc_dev_dbg(&dev->interface->dev, "Target found - supported protocols: "
1015 "0x%x", nfc_tgt.supported_protocols);
1017 dev->tgt_available_prots = nfc_tgt.supported_protocols;
1019 nfc_targets_found(dev->nfc_dev, &nfc_tgt, 1);
1024 static inline void pn533_poll_next_mod(struct pn533 *dev)
1026 dev->poll_mod_curr = (dev->poll_mod_curr + 1) % dev->poll_mod_count;
1029 static void pn533_poll_reset_mod_list(struct pn533 *dev)
1031 dev->poll_mod_count = 0;
1034 static void pn533_poll_add_mod(struct pn533 *dev, u8 mod_index)
1036 dev->poll_mod_active[dev->poll_mod_count] =
1037 (struct pn533_poll_modulations *) &poll_mod[mod_index];
1038 dev->poll_mod_count++;
1041 static void pn533_poll_create_mod_list(struct pn533 *dev,
1042 u32 im_protocols, u32 tm_protocols)
1044 pn533_poll_reset_mod_list(dev);
1046 if (im_protocols & NFC_PROTO_MIFARE_MASK
1047 || im_protocols & NFC_PROTO_ISO14443_MASK
1048 || im_protocols & NFC_PROTO_NFC_DEP_MASK)
1049 pn533_poll_add_mod(dev, PN533_POLL_MOD_106KBPS_A);
1051 if (im_protocols & NFC_PROTO_FELICA_MASK
1052 || im_protocols & NFC_PROTO_NFC_DEP_MASK) {
1053 pn533_poll_add_mod(dev, PN533_POLL_MOD_212KBPS_FELICA);
1054 pn533_poll_add_mod(dev, PN533_POLL_MOD_424KBPS_FELICA);
1057 if (im_protocols & NFC_PROTO_JEWEL_MASK)
1058 pn533_poll_add_mod(dev, PN533_POLL_MOD_106KBPS_JEWEL);
1060 if (im_protocols & NFC_PROTO_ISO14443_MASK)
1061 pn533_poll_add_mod(dev, PN533_POLL_MOD_847KBPS_B);
1064 pn533_poll_add_mod(dev, PN533_LISTEN_MOD);
1067 static int pn533_start_poll_complete(struct pn533 *dev, void *arg,
1068 u8 *params, int params_len)
1070 struct pn533_poll_response *resp;
1073 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1075 resp = (struct pn533_poll_response *) params;
1077 rc = pn533_target_found(dev, resp, params_len);
1079 /* We must stop the poll after a valid target found */
1081 pn533_poll_reset_mod_list(dev);
1089 static int pn533_init_target_frame(struct pn533_frame *frame,
1090 u8 *gb, size_t gb_len)
1092 struct pn533_cmd_init_target *cmd;
1094 u8 felica_params[18] = {0x1, 0xfe, /* DEP */
1095 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, /* random */
1096 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
1097 0xff, 0xff}; /* System code */
1098 u8 mifare_params[6] = {0x1, 0x1, /* SENS_RES */
1100 0x40}; /* SEL_RES for DEP */
1102 cmd_len = sizeof(struct pn533_cmd_init_target) + gb_len + 1;
1103 cmd = kzalloc(cmd_len, GFP_KERNEL);
1107 pn533_tx_frame_init(frame, PN533_CMD_TG_INIT_AS_TARGET);
1109 /* DEP support only */
1110 cmd->mode |= PN533_INIT_TARGET_DEP;
1113 memcpy(cmd->felica, felica_params, 18);
1114 get_random_bytes(cmd->felica + 2, 6);
1117 memset(cmd->nfcid3, 0, 10);
1118 memcpy(cmd->nfcid3, cmd->felica, 8);
1121 memcpy(cmd->mifare, mifare_params, 6);
1124 cmd->gb_len = gb_len;
1125 memcpy(cmd->gb, gb, gb_len);
1128 cmd->gb[gb_len] = 0;
1130 memcpy(PN533_FRAME_CMD_PARAMS_PTR(frame), cmd, cmd_len);
1132 frame->datalen += cmd_len;
1134 pn533_tx_frame_finish(frame);
1141 #define PN533_CMD_DATAEXCH_HEAD_LEN (sizeof(struct pn533_frame) + 3)
1142 #define PN533_CMD_DATAEXCH_DATA_MAXLEN 262
1143 static int pn533_tm_get_data_complete(struct pn533 *dev, void *arg,
1144 u8 *params, int params_len)
1146 struct sk_buff *skb_resp = arg;
1147 struct pn533_frame *in_frame = (struct pn533_frame *) skb_resp->data;
1149 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1151 if (params_len < 0) {
1152 nfc_dev_err(&dev->interface->dev,
1153 "Error %d when starting as a target",
1159 if (params_len > 0 && params[0] != 0) {
1160 nfc_tm_deactivated(dev->nfc_dev);
1164 kfree_skb(skb_resp);
1168 skb_put(skb_resp, PN533_FRAME_SIZE(in_frame));
1169 skb_pull(skb_resp, PN533_CMD_DATAEXCH_HEAD_LEN);
1170 skb_trim(skb_resp, skb_resp->len - PN533_FRAME_TAIL_SIZE);
1172 return nfc_tm_data_received(dev->nfc_dev, skb_resp);
1175 static void pn533_wq_tg_get_data(struct work_struct *work)
1177 struct pn533 *dev = container_of(work, struct pn533, tg_work);
1178 struct pn533_frame *in_frame;
1179 struct sk_buff *skb_resp;
1180 size_t skb_resp_len;
1182 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1184 skb_resp_len = PN533_CMD_DATAEXCH_HEAD_LEN +
1185 PN533_CMD_DATAEXCH_DATA_MAXLEN +
1186 PN533_FRAME_TAIL_SIZE;
1188 skb_resp = nfc_alloc_recv_skb(skb_resp_len, GFP_KERNEL);
1192 in_frame = (struct pn533_frame *)skb_resp->data;
1194 pn533_tx_frame_init(dev->out_frame, PN533_CMD_TG_GET_DATA);
1195 pn533_tx_frame_finish(dev->out_frame);
1197 pn533_send_cmd_frame_async(dev, dev->out_frame, in_frame,
1199 pn533_tm_get_data_complete,
1200 skb_resp, GFP_KERNEL);
1205 #define ATR_REQ_GB_OFFSET 17
1206 static int pn533_init_target_complete(struct pn533 *dev, void *arg,
1207 u8 *params, int params_len)
1209 struct pn533_cmd_init_target_response *resp;
1210 u8 frame, comm_mode = NFC_COMM_PASSIVE, *gb;
1214 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1216 if (params_len < 0) {
1217 nfc_dev_err(&dev->interface->dev,
1218 "Error %d when starting as a target",
1224 if (params_len < ATR_REQ_GB_OFFSET + 1)
1227 resp = (struct pn533_cmd_init_target_response *) params;
1229 nfc_dev_dbg(&dev->interface->dev, "Target mode 0x%x param len %d\n",
1230 resp->mode, params_len);
1232 frame = resp->mode & PN533_INIT_TARGET_RESP_FRAME_MASK;
1233 if (frame == PN533_INIT_TARGET_RESP_ACTIVE)
1234 comm_mode = NFC_COMM_ACTIVE;
1236 /* Again, only DEP */
1237 if ((resp->mode & PN533_INIT_TARGET_RESP_DEP) == 0)
1240 gb = resp->cmd + ATR_REQ_GB_OFFSET;
1241 gb_len = params_len - (ATR_REQ_GB_OFFSET + 1);
1243 rc = nfc_tm_activated(dev->nfc_dev, NFC_PROTO_NFC_DEP_MASK,
1244 comm_mode, gb, gb_len);
1246 nfc_dev_err(&dev->interface->dev,
1247 "Error when signaling target activation");
1253 queue_work(dev->wq, &dev->tg_work);
1258 static void pn533_listen_mode_timer(unsigned long data)
1260 struct pn533 *dev = (struct pn533 *) data;
1262 nfc_dev_dbg(&dev->interface->dev, "Listen mode timeout");
1264 /* An ack will cancel the last issued command (poll) */
1265 pn533_send_ack(dev, GFP_ATOMIC);
1267 dev->cancel_listen = 1;
1269 mutex_unlock(&dev->cmd_lock);
1271 pn533_poll_next_mod(dev);
1273 queue_work(dev->wq, &dev->poll_work);
1276 static int pn533_poll_complete(struct pn533 *dev, void *arg,
1277 u8 *params, int params_len)
1279 struct pn533_poll_modulations *cur_mod;
1282 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1284 if (params_len == -ENOENT) {
1285 if (dev->poll_mod_count != 0)
1288 nfc_dev_err(&dev->interface->dev,
1289 "Polling operation has been stopped");
1294 if (params_len < 0) {
1295 nfc_dev_err(&dev->interface->dev,
1296 "Error %d when running poll", params_len);
1301 cur_mod = dev->poll_mod_active[dev->poll_mod_curr];
1303 if (cur_mod->len == 0) {
1304 del_timer(&dev->listen_timer);
1306 return pn533_init_target_complete(dev, arg, params, params_len);
1308 rc = pn533_start_poll_complete(dev, arg, params, params_len);
1313 pn533_poll_next_mod(dev);
1315 queue_work(dev->wq, &dev->poll_work);
1320 pn533_poll_reset_mod_list(dev);
1321 dev->poll_protocols = 0;
1325 static void pn533_build_poll_frame(struct pn533 *dev,
1326 struct pn533_frame *frame,
1327 struct pn533_poll_modulations *mod)
1329 nfc_dev_dbg(&dev->interface->dev, "mod len %d\n", mod->len);
1331 if (mod->len == 0) {
1333 pn533_init_target_frame(frame, dev->gb, dev->gb_len);
1336 pn533_tx_frame_init(frame, PN533_CMD_IN_LIST_PASSIVE_TARGET);
1338 memcpy(PN533_FRAME_CMD_PARAMS_PTR(frame), &mod->data, mod->len);
1339 frame->datalen += mod->len;
1341 pn533_tx_frame_finish(frame);
1345 static int pn533_send_poll_frame(struct pn533 *dev)
1347 struct pn533_poll_modulations *cur_mod;
1350 cur_mod = dev->poll_mod_active[dev->poll_mod_curr];
1352 pn533_build_poll_frame(dev, dev->out_frame, cur_mod);
1354 rc = pn533_send_cmd_frame_async(dev, dev->out_frame, dev->in_frame,
1355 dev->in_maxlen, pn533_poll_complete,
1358 nfc_dev_err(&dev->interface->dev, "Polling loop error %d", rc);
1363 static void pn533_wq_poll(struct work_struct *work)
1365 struct pn533 *dev = container_of(work, struct pn533, poll_work);
1366 struct pn533_poll_modulations *cur_mod;
1369 cur_mod = dev->poll_mod_active[dev->poll_mod_curr];
1371 nfc_dev_dbg(&dev->interface->dev,
1372 "%s cancel_listen %d modulation len %d",
1373 __func__, dev->cancel_listen, cur_mod->len);
1375 if (dev->cancel_listen == 1) {
1376 dev->cancel_listen = 0;
1377 usb_kill_urb(dev->in_urb);
1380 rc = pn533_send_poll_frame(dev);
1384 if (cur_mod->len == 0 && dev->poll_mod_count > 1)
1385 mod_timer(&dev->listen_timer, jiffies + PN533_LISTEN_TIME * HZ);
1390 static int pn533_start_poll(struct nfc_dev *nfc_dev,
1391 u32 im_protocols, u32 tm_protocols)
1393 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1395 nfc_dev_dbg(&dev->interface->dev,
1396 "%s: im protocols 0x%x tm protocols 0x%x",
1397 __func__, im_protocols, tm_protocols);
1399 if (dev->tgt_active_prot) {
1400 nfc_dev_err(&dev->interface->dev,
1401 "Cannot poll with a target already activated");
1405 if (dev->tgt_mode) {
1406 nfc_dev_err(&dev->interface->dev,
1407 "Cannot poll while already being activated");
1412 dev->gb = nfc_get_local_general_bytes(nfc_dev, &dev->gb_len);
1413 if (dev->gb == NULL)
1417 dev->poll_mod_curr = 0;
1418 pn533_poll_create_mod_list(dev, im_protocols, tm_protocols);
1419 dev->poll_protocols = im_protocols;
1420 dev->listen_protocols = tm_protocols;
1422 return pn533_send_poll_frame(dev);
1425 static void pn533_stop_poll(struct nfc_dev *nfc_dev)
1427 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1429 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1431 del_timer(&dev->listen_timer);
1433 if (!dev->poll_mod_count) {
1434 nfc_dev_dbg(&dev->interface->dev, "Polling operation was not"
1439 /* An ack will cancel the last issued command (poll) */
1440 pn533_send_ack(dev, GFP_KERNEL);
1442 /* prevent pn533_start_poll_complete to issue a new poll meanwhile */
1443 usb_kill_urb(dev->in_urb);
1445 pn533_poll_reset_mod_list(dev);
1448 static int pn533_activate_target_nfcdep(struct pn533 *dev)
1450 struct pn533_cmd_activate_param param;
1451 struct pn533_cmd_activate_response *resp;
1455 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1457 pn533_tx_frame_init(dev->out_frame, PN533_CMD_IN_ATR);
1461 memcpy(PN533_FRAME_CMD_PARAMS_PTR(dev->out_frame), ¶m,
1462 sizeof(struct pn533_cmd_activate_param));
1463 dev->out_frame->datalen += sizeof(struct pn533_cmd_activate_param);
1465 pn533_tx_frame_finish(dev->out_frame);
1467 rc = pn533_send_cmd_frame_sync(dev, dev->out_frame, dev->in_frame,
1472 resp = (struct pn533_cmd_activate_response *)
1473 PN533_FRAME_CMD_PARAMS_PTR(dev->in_frame);
1474 rc = resp->status & PN533_CMD_RET_MASK;
1475 if (rc != PN533_CMD_RET_SUCCESS)
1478 /* ATR_RES general bytes are located at offset 16 */
1479 gt_len = PN533_FRAME_CMD_PARAMS_LEN(dev->in_frame) - 16;
1480 rc = nfc_set_remote_general_bytes(dev->nfc_dev, resp->gt, gt_len);
1485 static int pn533_activate_target(struct nfc_dev *nfc_dev,
1486 struct nfc_target *target, u32 protocol)
1488 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1491 nfc_dev_dbg(&dev->interface->dev, "%s - protocol=%u", __func__,
1494 if (dev->poll_mod_count) {
1495 nfc_dev_err(&dev->interface->dev, "Cannot activate while"
1500 if (dev->tgt_active_prot) {
1501 nfc_dev_err(&dev->interface->dev, "There is already an active"
1506 if (!dev->tgt_available_prots) {
1507 nfc_dev_err(&dev->interface->dev, "There is no available target"
1512 if (!(dev->tgt_available_prots & (1 << protocol))) {
1513 nfc_dev_err(&dev->interface->dev, "The target does not support"
1514 " the requested protocol %u", protocol);
1518 if (protocol == NFC_PROTO_NFC_DEP) {
1519 rc = pn533_activate_target_nfcdep(dev);
1521 nfc_dev_err(&dev->interface->dev, "Error %d when"
1522 " activating target with"
1523 " NFC_DEP protocol", rc);
1528 dev->tgt_active_prot = protocol;
1529 dev->tgt_available_prots = 0;
1534 static void pn533_deactivate_target(struct nfc_dev *nfc_dev,
1535 struct nfc_target *target)
1537 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1542 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1544 if (!dev->tgt_active_prot) {
1545 nfc_dev_err(&dev->interface->dev, "There is no active target");
1549 dev->tgt_active_prot = 0;
1551 skb_queue_purge(&dev->resp_q);
1553 pn533_tx_frame_init(dev->out_frame, PN533_CMD_IN_RELEASE);
1556 memcpy(PN533_FRAME_CMD_PARAMS_PTR(dev->out_frame), &tg, sizeof(u8));
1557 dev->out_frame->datalen += sizeof(u8);
1559 pn533_tx_frame_finish(dev->out_frame);
1561 rc = pn533_send_cmd_frame_sync(dev, dev->out_frame, dev->in_frame,
1564 nfc_dev_err(&dev->interface->dev, "Error when sending release"
1565 " command to the controller");
1569 status = PN533_FRAME_CMD_PARAMS_PTR(dev->in_frame)[0];
1570 rc = status & PN533_CMD_RET_MASK;
1571 if (rc != PN533_CMD_RET_SUCCESS)
1572 nfc_dev_err(&dev->interface->dev, "Error 0x%x when releasing"
1579 static int pn533_in_dep_link_up_complete(struct pn533 *dev, void *arg,
1580 u8 *params, int params_len)
1582 struct pn533_cmd_jump_dep *cmd;
1583 struct pn533_cmd_jump_dep_response *resp;
1584 struct nfc_target nfc_target;
1588 if (params_len == -ENOENT) {
1589 nfc_dev_dbg(&dev->interface->dev, "");
1593 if (params_len < 0) {
1594 nfc_dev_err(&dev->interface->dev,
1595 "Error %d when bringing DEP link up",
1600 if (dev->tgt_available_prots &&
1601 !(dev->tgt_available_prots & (1 << NFC_PROTO_NFC_DEP))) {
1602 nfc_dev_err(&dev->interface->dev,
1603 "The target does not support DEP");
1607 resp = (struct pn533_cmd_jump_dep_response *) params;
1608 cmd = (struct pn533_cmd_jump_dep *) arg;
1609 rc = resp->status & PN533_CMD_RET_MASK;
1610 if (rc != PN533_CMD_RET_SUCCESS) {
1611 nfc_dev_err(&dev->interface->dev,
1612 "Bringing DEP link up failed %d", rc);
1616 if (!dev->tgt_available_prots) {
1617 nfc_dev_dbg(&dev->interface->dev, "Creating new target");
1619 nfc_target.supported_protocols = NFC_PROTO_NFC_DEP_MASK;
1620 nfc_target.nfcid1_len = 10;
1621 memcpy(nfc_target.nfcid1, resp->nfcid3t, nfc_target.nfcid1_len);
1622 rc = nfc_targets_found(dev->nfc_dev, &nfc_target, 1);
1626 dev->tgt_available_prots = 0;
1629 dev->tgt_active_prot = NFC_PROTO_NFC_DEP;
1631 /* ATR_RES general bytes are located at offset 17 */
1632 target_gt_len = PN533_FRAME_CMD_PARAMS_LEN(dev->in_frame) - 17;
1633 rc = nfc_set_remote_general_bytes(dev->nfc_dev,
1634 resp->gt, target_gt_len);
1636 rc = nfc_dep_link_is_up(dev->nfc_dev,
1637 dev->nfc_dev->targets[0].idx,
1638 !cmd->active, NFC_RF_INITIATOR);
1643 static int pn533_mod_to_baud(struct pn533 *dev)
1645 switch (dev->poll_mod_curr) {
1646 case PN533_POLL_MOD_106KBPS_A:
1648 case PN533_POLL_MOD_212KBPS_FELICA:
1650 case PN533_POLL_MOD_424KBPS_FELICA:
1657 #define PASSIVE_DATA_LEN 5
1658 static int pn533_dep_link_up(struct nfc_dev *nfc_dev, struct nfc_target *target,
1659 u8 comm_mode, u8* gb, size_t gb_len)
1661 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1662 struct pn533_cmd_jump_dep *cmd;
1663 u8 cmd_len, *data_ptr;
1664 u8 passive_data[PASSIVE_DATA_LEN] = {0x00, 0xff, 0xff, 0x00, 0x3};
1667 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1669 if (dev->poll_mod_count) {
1670 nfc_dev_err(&dev->interface->dev,
1671 "Cannot bring the DEP link up while polling");
1675 if (dev->tgt_active_prot) {
1676 nfc_dev_err(&dev->interface->dev,
1677 "There is already an active target");
1681 baud = pn533_mod_to_baud(dev);
1683 nfc_dev_err(&dev->interface->dev,
1684 "Invalid curr modulation %d", dev->poll_mod_curr);
1688 cmd_len = sizeof(struct pn533_cmd_jump_dep) + gb_len;
1689 if (comm_mode == NFC_COMM_PASSIVE)
1690 cmd_len += PASSIVE_DATA_LEN;
1692 cmd = kzalloc(cmd_len, GFP_KERNEL);
1696 pn533_tx_frame_init(dev->out_frame, PN533_CMD_IN_JUMP_FOR_DEP);
1698 cmd->active = !comm_mode;
1701 data_ptr = cmd->data;
1702 if (comm_mode == NFC_COMM_PASSIVE && cmd->baud > 0) {
1703 memcpy(data_ptr, passive_data, PASSIVE_DATA_LEN);
1705 data_ptr += PASSIVE_DATA_LEN;
1708 if (gb != NULL && gb_len > 0) {
1709 cmd->next |= 4; /* We have some Gi */
1710 memcpy(data_ptr, gb, gb_len);
1715 memcpy(PN533_FRAME_CMD_PARAMS_PTR(dev->out_frame), cmd, cmd_len);
1716 dev->out_frame->datalen += cmd_len;
1718 pn533_tx_frame_finish(dev->out_frame);
1720 rc = pn533_send_cmd_frame_async(dev, dev->out_frame, dev->in_frame,
1721 dev->in_maxlen, pn533_in_dep_link_up_complete,
1733 static int pn533_dep_link_down(struct nfc_dev *nfc_dev)
1735 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1737 pn533_poll_reset_mod_list(dev);
1739 if (dev->tgt_mode || dev->tgt_active_prot) {
1740 pn533_send_ack(dev, GFP_KERNEL);
1741 usb_kill_urb(dev->in_urb);
1744 dev->tgt_active_prot = 0;
1747 skb_queue_purge(&dev->resp_q);
1752 static int pn533_build_tx_frame(struct pn533 *dev, struct sk_buff *skb,
1755 int payload_len = skb->len;
1756 struct pn533_frame *out_frame;
1759 nfc_dev_dbg(&dev->interface->dev, "%s - Sending %d bytes", __func__,
1762 if (payload_len > PN533_CMD_DATAEXCH_DATA_MAXLEN) {
1763 /* TODO: Implement support to multi-part data exchange */
1764 nfc_dev_err(&dev->interface->dev, "Data length greater than the"
1766 PN533_CMD_DATAEXCH_DATA_MAXLEN);
1770 if (target == true) {
1771 skb_push(skb, PN533_CMD_DATAEXCH_HEAD_LEN);
1772 out_frame = (struct pn533_frame *) skb->data;
1774 pn533_tx_frame_init(out_frame, PN533_CMD_IN_DATA_EXCHANGE);
1776 memcpy(PN533_FRAME_CMD_PARAMS_PTR(out_frame), &tg, sizeof(u8));
1777 out_frame->datalen += sizeof(u8);
1779 skb_push(skb, PN533_CMD_DATAEXCH_HEAD_LEN - 1);
1780 out_frame = (struct pn533_frame *) skb->data;
1781 pn533_tx_frame_init(out_frame, PN533_CMD_TG_SET_DATA);
1785 /* The data is already in the out_frame, just update the datalen */
1786 out_frame->datalen += payload_len;
1788 pn533_tx_frame_finish(out_frame);
1789 skb_put(skb, PN533_FRAME_TAIL_SIZE);
1794 struct pn533_data_exchange_arg {
1795 struct sk_buff *skb_resp;
1796 struct sk_buff *skb_out;
1797 data_exchange_cb_t cb;
1801 static struct sk_buff *pn533_build_response(struct pn533 *dev)
1803 struct sk_buff *skb, *tmp, *t;
1804 unsigned int skb_len = 0, tmp_len = 0;
1806 nfc_dev_dbg(&dev->interface->dev, "%s\n", __func__);
1808 if (skb_queue_empty(&dev->resp_q))
1811 if (skb_queue_len(&dev->resp_q) == 1) {
1812 skb = skb_dequeue(&dev->resp_q);
1816 skb_queue_walk_safe(&dev->resp_q, tmp, t)
1817 skb_len += tmp->len;
1819 nfc_dev_dbg(&dev->interface->dev, "%s total length %d\n",
1822 skb = alloc_skb(skb_len, GFP_KERNEL);
1826 skb_put(skb, skb_len);
1828 skb_queue_walk_safe(&dev->resp_q, tmp, t) {
1829 memcpy(skb->data + tmp_len, tmp->data, tmp->len);
1830 tmp_len += tmp->len;
1834 skb_queue_purge(&dev->resp_q);
1839 static int pn533_data_exchange_complete(struct pn533 *dev, void *_arg,
1840 u8 *params, int params_len)
1842 struct pn533_data_exchange_arg *arg = _arg;
1843 struct sk_buff *skb = NULL, *skb_resp = arg->skb_resp;
1844 struct pn533_frame *in_frame = (struct pn533_frame *) skb_resp->data;
1849 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1851 dev_kfree_skb(arg->skb_out);
1853 if (params_len < 0) { /* error */
1860 cmd_ret = status & PN533_CMD_RET_MASK;
1861 if (cmd_ret != PN533_CMD_RET_SUCCESS) {
1862 nfc_dev_err(&dev->interface->dev, "PN533 reported error %d when"
1863 " exchanging data", cmd_ret);
1868 skb_put(skb_resp, PN533_FRAME_SIZE(in_frame));
1869 skb_pull(skb_resp, PN533_CMD_DATAEXCH_HEAD_LEN);
1870 skb_trim(skb_resp, skb_resp->len - PN533_FRAME_TAIL_SIZE);
1871 skb_queue_tail(&dev->resp_q, skb_resp);
1873 if (status & PN533_CMD_MI_MASK) {
1874 queue_work(dev->wq, &dev->mi_work);
1875 return -EINPROGRESS;
1878 skb = pn533_build_response(dev);
1882 arg->cb(arg->cb_context, skb, 0);
1887 skb_queue_purge(&dev->resp_q);
1888 dev_kfree_skb(skb_resp);
1889 arg->cb(arg->cb_context, NULL, err);
1894 static int pn533_transceive(struct nfc_dev *nfc_dev,
1895 struct nfc_target *target, struct sk_buff *skb,
1896 data_exchange_cb_t cb, void *cb_context)
1898 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1899 struct pn533_frame *out_frame, *in_frame;
1900 struct pn533_data_exchange_arg *arg;
1901 struct sk_buff *skb_resp;
1905 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1907 if (!dev->tgt_active_prot) {
1908 nfc_dev_err(&dev->interface->dev, "Cannot exchange data if"
1909 " there is no active target");
1914 rc = pn533_build_tx_frame(dev, skb, true);
1918 skb_resp_len = PN533_CMD_DATAEXCH_HEAD_LEN +
1919 PN533_CMD_DATAEXCH_DATA_MAXLEN +
1920 PN533_FRAME_TAIL_SIZE;
1922 skb_resp = nfc_alloc_recv_skb(skb_resp_len, GFP_KERNEL);
1928 in_frame = (struct pn533_frame *) skb_resp->data;
1929 out_frame = (struct pn533_frame *) skb->data;
1931 arg = kmalloc(sizeof(struct pn533_data_exchange_arg), GFP_KERNEL);
1937 arg->skb_resp = skb_resp;
1940 arg->cb_context = cb_context;
1942 rc = pn533_send_cmd_frame_async(dev, out_frame, in_frame, skb_resp_len,
1943 pn533_data_exchange_complete, arg,
1946 nfc_dev_err(&dev->interface->dev, "Error %d when trying to"
1947 " perform data_exchange", rc);
1956 kfree_skb(skb_resp);
1962 static int pn533_tm_send_complete(struct pn533 *dev, void *arg,
1963 u8 *params, int params_len)
1965 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1967 if (params_len < 0) {
1968 nfc_dev_err(&dev->interface->dev,
1969 "Error %d when sending data",
1975 if (params_len > 0 && params[0] != 0) {
1976 nfc_tm_deactivated(dev->nfc_dev);
1983 queue_work(dev->wq, &dev->tg_work);
1988 static int pn533_tm_send(struct nfc_dev *nfc_dev, struct sk_buff *skb)
1990 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1991 struct pn533_frame *out_frame;
1994 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1996 rc = pn533_build_tx_frame(dev, skb, false);
2000 out_frame = (struct pn533_frame *) skb->data;
2002 rc = pn533_send_cmd_frame_async(dev, out_frame, dev->in_frame,
2003 dev->in_maxlen, pn533_tm_send_complete,
2006 nfc_dev_err(&dev->interface->dev,
2007 "Error %d when trying to send data", rc);
2019 static void pn533_wq_mi_recv(struct work_struct *work)
2021 struct pn533 *dev = container_of(work, struct pn533, mi_work);
2022 struct sk_buff *skb_cmd;
2023 struct pn533_data_exchange_arg *arg = dev->cmd_complete_arg;
2024 struct pn533_frame *out_frame, *in_frame;
2025 struct sk_buff *skb_resp;
2029 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2031 /* This is a zero payload size skb */
2032 skb_cmd = alloc_skb(PN533_CMD_DATAEXCH_HEAD_LEN + PN533_FRAME_TAIL_SIZE,
2034 if (skb_cmd == NULL)
2037 skb_reserve(skb_cmd, PN533_CMD_DATAEXCH_HEAD_LEN);
2039 rc = pn533_build_tx_frame(dev, skb_cmd, true);
2043 skb_resp_len = PN533_CMD_DATAEXCH_HEAD_LEN +
2044 PN533_CMD_DATAEXCH_DATA_MAXLEN +
2045 PN533_FRAME_TAIL_SIZE;
2046 skb_resp = alloc_skb(skb_resp_len, GFP_KERNEL);
2052 in_frame = (struct pn533_frame *) skb_resp->data;
2053 out_frame = (struct pn533_frame *) skb_cmd->data;
2055 arg->skb_resp = skb_resp;
2056 arg->skb_out = skb_cmd;
2058 rc = __pn533_send_cmd_frame_async(dev, out_frame, in_frame,
2060 pn533_data_exchange_complete,
2061 dev->cmd_complete_arg, GFP_KERNEL);
2065 nfc_dev_err(&dev->interface->dev, "Error %d when trying to"
2066 " perform data_exchange", rc);
2068 kfree_skb(skb_resp);
2074 pn533_send_ack(dev, GFP_KERNEL);
2078 mutex_unlock(&dev->cmd_lock);
2081 static int pn533_set_configuration(struct pn533 *dev, u8 cfgitem, u8 *cfgdata,
2087 nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2089 pn533_tx_frame_init(dev->out_frame, PN533_CMD_RF_CONFIGURATION);
2091 params = PN533_FRAME_CMD_PARAMS_PTR(dev->out_frame);
2092 params[0] = cfgitem;
2093 memcpy(¶ms[1], cfgdata, cfgdata_len);
2094 dev->out_frame->datalen += (1 + cfgdata_len);
2096 pn533_tx_frame_finish(dev->out_frame);
2098 rc = pn533_send_cmd_frame_sync(dev, dev->out_frame, dev->in_frame,
2104 struct nfc_ops pn533_nfc_ops = {
2107 .dep_link_up = pn533_dep_link_up,
2108 .dep_link_down = pn533_dep_link_down,
2109 .start_poll = pn533_start_poll,
2110 .stop_poll = pn533_stop_poll,
2111 .activate_target = pn533_activate_target,
2112 .deactivate_target = pn533_deactivate_target,
2113 .im_transceive = pn533_transceive,
2114 .tm_send = pn533_tm_send,
2117 static int pn533_probe(struct usb_interface *interface,
2118 const struct usb_device_id *id)
2120 struct pn533_fw_version *fw_ver;
2122 struct usb_host_interface *iface_desc;
2123 struct usb_endpoint_descriptor *endpoint;
2124 struct pn533_config_max_retries max_retries;
2125 struct pn533_config_timing timing;
2126 int in_endpoint = 0;
2127 int out_endpoint = 0;
2132 dev = kzalloc(sizeof(*dev), GFP_KERNEL);
2136 dev->udev = usb_get_dev(interface_to_usbdev(interface));
2137 dev->interface = interface;
2138 mutex_init(&dev->cmd_lock);
2140 iface_desc = interface->cur_altsetting;
2141 for (i = 0; i < iface_desc->desc.bNumEndpoints; ++i) {
2142 endpoint = &iface_desc->endpoint[i].desc;
2144 if (!in_endpoint && usb_endpoint_is_bulk_in(endpoint)) {
2145 dev->in_maxlen = le16_to_cpu(endpoint->wMaxPacketSize);
2146 in_endpoint = endpoint->bEndpointAddress;
2149 if (!out_endpoint && usb_endpoint_is_bulk_out(endpoint)) {
2151 le16_to_cpu(endpoint->wMaxPacketSize);
2152 out_endpoint = endpoint->bEndpointAddress;
2156 if (!in_endpoint || !out_endpoint) {
2157 nfc_dev_err(&interface->dev, "Could not find bulk-in or"
2158 " bulk-out endpoint");
2163 dev->in_frame = kmalloc(dev->in_maxlen, GFP_KERNEL);
2164 dev->in_urb = usb_alloc_urb(0, GFP_KERNEL);
2165 dev->out_frame = kmalloc(dev->out_maxlen, GFP_KERNEL);
2166 dev->out_urb = usb_alloc_urb(0, GFP_KERNEL);
2168 if (!dev->in_frame || !dev->out_frame ||
2169 !dev->in_urb || !dev->out_urb)
2172 usb_fill_bulk_urb(dev->in_urb, dev->udev,
2173 usb_rcvbulkpipe(dev->udev, in_endpoint),
2174 NULL, 0, NULL, dev);
2175 usb_fill_bulk_urb(dev->out_urb, dev->udev,
2176 usb_sndbulkpipe(dev->udev, out_endpoint),
2178 pn533_send_complete, dev);
2180 INIT_WORK(&dev->cmd_work, pn533_wq_cmd_complete);
2181 INIT_WORK(&dev->mi_work, pn533_wq_mi_recv);
2182 INIT_WORK(&dev->tg_work, pn533_wq_tg_get_data);
2183 INIT_WORK(&dev->poll_work, pn533_wq_poll);
2184 dev->wq = alloc_workqueue("pn533",
2185 WQ_NON_REENTRANT | WQ_UNBOUND | WQ_MEM_RECLAIM,
2187 if (dev->wq == NULL)
2190 init_timer(&dev->listen_timer);
2191 dev->listen_timer.data = (unsigned long) dev;
2192 dev->listen_timer.function = pn533_listen_mode_timer;
2194 skb_queue_head_init(&dev->resp_q);
2196 usb_set_intfdata(interface, dev);
2198 pn533_tx_frame_init(dev->out_frame, PN533_CMD_GET_FIRMWARE_VERSION);
2199 pn533_tx_frame_finish(dev->out_frame);
2201 rc = pn533_send_cmd_frame_sync(dev, dev->out_frame, dev->in_frame,
2206 fw_ver = (struct pn533_fw_version *)
2207 PN533_FRAME_CMD_PARAMS_PTR(dev->in_frame);
2208 nfc_dev_info(&dev->interface->dev, "NXP PN533 firmware ver %d.%d now"
2209 " attached", fw_ver->ver, fw_ver->rev);
2211 protocols = NFC_PROTO_JEWEL_MASK
2212 | NFC_PROTO_MIFARE_MASK | NFC_PROTO_FELICA_MASK
2213 | NFC_PROTO_ISO14443_MASK
2214 | NFC_PROTO_NFC_DEP_MASK;
2216 dev->nfc_dev = nfc_allocate_device(&pn533_nfc_ops, protocols,
2217 PN533_CMD_DATAEXCH_HEAD_LEN,
2218 PN533_FRAME_TAIL_SIZE);
2222 nfc_set_parent_dev(dev->nfc_dev, &interface->dev);
2223 nfc_set_drvdata(dev->nfc_dev, dev);
2225 rc = nfc_register_device(dev->nfc_dev);
2229 max_retries.mx_rty_atr = PN533_CONFIG_MAX_RETRIES_ENDLESS;
2230 max_retries.mx_rty_psl = 2;
2231 max_retries.mx_rty_passive_act = PN533_CONFIG_MAX_RETRIES_NO_RETRY;
2233 rc = pn533_set_configuration(dev, PN533_CFGITEM_MAX_RETRIES,
2234 (u8 *) &max_retries, sizeof(max_retries));
2237 nfc_dev_err(&dev->interface->dev, "Error on setting MAX_RETRIES"
2239 goto unregister_nfc_dev;
2242 timing.rfu = PN533_CONFIG_TIMING_102;
2243 timing.atr_res_timeout = PN533_CONFIG_TIMING_204;
2244 timing.dep_timeout = PN533_CONFIG_TIMING_409;
2246 rc = pn533_set_configuration(dev, PN533_CFGITEM_TIMING,
2247 (u8 *) &timing, sizeof(timing));
2249 nfc_dev_err(&dev->interface->dev,
2250 "Error on setting RF timings");
2251 goto unregister_nfc_dev;
2257 nfc_unregister_device(dev->nfc_dev);
2260 nfc_free_device(dev->nfc_dev);
2263 destroy_workqueue(dev->wq);
2265 kfree(dev->in_frame);
2266 usb_free_urb(dev->in_urb);
2267 kfree(dev->out_frame);
2268 usb_free_urb(dev->out_urb);
2273 static void pn533_disconnect(struct usb_interface *interface)
2277 dev = usb_get_intfdata(interface);
2278 usb_set_intfdata(interface, NULL);
2280 nfc_unregister_device(dev->nfc_dev);
2281 nfc_free_device(dev->nfc_dev);
2283 usb_kill_urb(dev->in_urb);
2284 usb_kill_urb(dev->out_urb);
2286 destroy_workqueue(dev->wq);
2288 skb_queue_purge(&dev->resp_q);
2290 del_timer(&dev->listen_timer);
2292 kfree(dev->in_frame);
2293 usb_free_urb(dev->in_urb);
2294 kfree(dev->out_frame);
2295 usb_free_urb(dev->out_urb);
2298 nfc_dev_info(&interface->dev, "NXP PN533 NFC device disconnected");
2301 static struct usb_driver pn533_driver = {
2303 .probe = pn533_probe,
2304 .disconnect = pn533_disconnect,
2305 .id_table = pn533_table,
2308 module_usb_driver(pn533_driver);
2310 MODULE_AUTHOR("Lauro Ramos Venancio <lauro.venancio@openbossa.org>,"
2311 " Aloisio Almeida Jr <aloisio.almeida@openbossa.org>");
2312 MODULE_DESCRIPTION("PN533 usb driver ver " VERSION);
2313 MODULE_VERSION(VERSION);
2314 MODULE_LICENSE("GPL");