1 /* 2 * Driver for NXP PN533 NFC Chip - core functions 3 * 4 * Copyright (C) 2011 Instituto Nokia de Tecnologia 5 * Copyright (C) 2012-2013 Tieto Poland 6 * 7 * This program is free software; you can redistribute it and/or modify 8 * it under the terms of the GNU General Public License as published by 9 * the Free Software Foundation; either version 2 of the License, or 10 * (at your option) any later version. 11 * 12 * This program is distributed in the hope that it will be useful, 13 * but WITHOUT ANY WARRANTY; without even the implied warranty of 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 15 * GNU General Public License for more details. 16 * 17 * You should have received a copy of the GNU General Public License 18 * along with this program; if not, see <http://www.gnu.org/licenses/>. 19 */ 20 21 #include <linux/device.h> 22 #include <linux/kernel.h> 23 #include <linux/module.h> 24 #include <linux/slab.h> 25 #include <linux/nfc.h> 26 #include <linux/netdevice.h> 27 #include <net/nfc/nfc.h> 28 #include "pn533.h" 29 30 #define VERSION "0.3" 31 32 /* How much time we spend listening for initiators */ 33 #define PN533_LISTEN_TIME 2 34 /* Delay between each poll frame (ms) */ 35 #define PN533_POLL_INTERVAL 10 36 37 /* structs for pn533 commands */ 38 39 /* PN533_CMD_GET_FIRMWARE_VERSION */ 40 struct pn533_fw_version { 41 u8 ic; 42 u8 ver; 43 u8 rev; 44 u8 support; 45 }; 46 47 /* PN533_CMD_RF_CONFIGURATION */ 48 #define PN533_CFGITEM_RF_FIELD 0x01 49 #define PN533_CFGITEM_TIMING 0x02 50 #define PN533_CFGITEM_MAX_RETRIES 0x05 51 #define PN533_CFGITEM_PASORI 0x82 52 53 #define PN533_CFGITEM_RF_FIELD_AUTO_RFCA 0x2 54 #define PN533_CFGITEM_RF_FIELD_ON 0x1 55 #define PN533_CFGITEM_RF_FIELD_OFF 0x0 56 57 #define PN533_CONFIG_TIMING_102 0xb 58 #define PN533_CONFIG_TIMING_204 0xc 59 #define PN533_CONFIG_TIMING_409 0xd 60 #define PN533_CONFIG_TIMING_819 0xe 61 62 #define PN533_CONFIG_MAX_RETRIES_NO_RETRY 0x00 63 #define PN533_CONFIG_MAX_RETRIES_ENDLESS 0xFF 64 65 struct pn533_config_max_retries { 66 u8 mx_rty_atr; 67 u8 mx_rty_psl; 68 u8 mx_rty_passive_act; 69 } __packed; 70 71 struct pn533_config_timing { 72 u8 rfu; 73 u8 atr_res_timeout; 74 u8 dep_timeout; 75 } __packed; 76 77 /* PN533_CMD_IN_LIST_PASSIVE_TARGET */ 78 79 /* felica commands opcode */ 80 #define PN533_FELICA_OPC_SENSF_REQ 0 81 #define PN533_FELICA_OPC_SENSF_RES 1 82 /* felica SENSF_REQ parameters */ 83 #define PN533_FELICA_SENSF_SC_ALL 0xFFFF 84 #define PN533_FELICA_SENSF_RC_NO_SYSTEM_CODE 0 85 #define PN533_FELICA_SENSF_RC_SYSTEM_CODE 1 86 #define PN533_FELICA_SENSF_RC_ADVANCED_PROTOCOL 2 87 88 /* type B initiator_data values */ 89 #define PN533_TYPE_B_AFI_ALL_FAMILIES 0 90 #define PN533_TYPE_B_POLL_METHOD_TIMESLOT 0 91 #define PN533_TYPE_B_POLL_METHOD_PROBABILISTIC 1 92 93 union pn533_cmd_poll_initdata { 94 struct { 95 u8 afi; 96 u8 polling_method; 97 } __packed type_b; 98 struct { 99 u8 opcode; 100 __be16 sc; 101 u8 rc; 102 u8 tsn; 103 } __packed felica; 104 }; 105 106 struct pn533_poll_modulations { 107 struct { 108 u8 maxtg; 109 u8 brty; 110 union pn533_cmd_poll_initdata initiator_data; 111 } __packed data; 112 u8 len; 113 }; 114 115 static const struct pn533_poll_modulations poll_mod[] = { 116 [PN533_POLL_MOD_106KBPS_A] = { 117 .data = { 118 .maxtg = 1, 119 .brty = 0, 120 }, 121 .len = 2, 122 }, 123 [PN533_POLL_MOD_212KBPS_FELICA] = { 124 .data = { 125 .maxtg = 1, 126 .brty = 1, 127 .initiator_data.felica = { 128 .opcode = PN533_FELICA_OPC_SENSF_REQ, 129 .sc = PN533_FELICA_SENSF_SC_ALL, 130 .rc = PN533_FELICA_SENSF_RC_SYSTEM_CODE, 131 .tsn = 0x03, 132 }, 133 }, 134 .len = 7, 135 }, 136 [PN533_POLL_MOD_424KBPS_FELICA] = { 137 .data = { 138 .maxtg = 1, 139 .brty = 2, 140 .initiator_data.felica = { 141 .opcode = PN533_FELICA_OPC_SENSF_REQ, 142 .sc = PN533_FELICA_SENSF_SC_ALL, 143 .rc = PN533_FELICA_SENSF_RC_SYSTEM_CODE, 144 .tsn = 0x03, 145 }, 146 }, 147 .len = 7, 148 }, 149 [PN533_POLL_MOD_106KBPS_JEWEL] = { 150 .data = { 151 .maxtg = 1, 152 .brty = 4, 153 }, 154 .len = 2, 155 }, 156 [PN533_POLL_MOD_847KBPS_B] = { 157 .data = { 158 .maxtg = 1, 159 .brty = 8, 160 .initiator_data.type_b = { 161 .afi = PN533_TYPE_B_AFI_ALL_FAMILIES, 162 .polling_method = 163 PN533_TYPE_B_POLL_METHOD_TIMESLOT, 164 }, 165 }, 166 .len = 3, 167 }, 168 [PN533_LISTEN_MOD] = { 169 .len = 0, 170 }, 171 }; 172 173 /* PN533_CMD_IN_ATR */ 174 175 struct pn533_cmd_activate_response { 176 u8 status; 177 u8 nfcid3t[10]; 178 u8 didt; 179 u8 bst; 180 u8 brt; 181 u8 to; 182 u8 ppt; 183 /* optional */ 184 u8 gt[]; 185 } __packed; 186 187 struct pn533_cmd_jump_dep_response { 188 u8 status; 189 u8 tg; 190 u8 nfcid3t[10]; 191 u8 didt; 192 u8 bst; 193 u8 brt; 194 u8 to; 195 u8 ppt; 196 /* optional */ 197 u8 gt[]; 198 } __packed; 199 200 201 /* PN533_TG_INIT_AS_TARGET */ 202 #define PN533_INIT_TARGET_PASSIVE 0x1 203 #define PN533_INIT_TARGET_DEP 0x2 204 205 #define PN533_INIT_TARGET_RESP_FRAME_MASK 0x3 206 #define PN533_INIT_TARGET_RESP_ACTIVE 0x1 207 #define PN533_INIT_TARGET_RESP_DEP 0x4 208 209 /* The rule: value(high byte) + value(low byte) + checksum = 0 */ 210 static inline u8 pn533_ext_checksum(u16 value) 211 { 212 return ~(u8)(((value & 0xFF00) >> 8) + (u8)(value & 0xFF)) + 1; 213 } 214 215 /* The rule: value + checksum = 0 */ 216 static inline u8 pn533_std_checksum(u8 value) 217 { 218 return ~value + 1; 219 } 220 221 /* The rule: sum(data elements) + checksum = 0 */ 222 static u8 pn533_std_data_checksum(u8 *data, int datalen) 223 { 224 u8 sum = 0; 225 int i; 226 227 for (i = 0; i < datalen; i++) 228 sum += data[i]; 229 230 return pn533_std_checksum(sum); 231 } 232 233 static void pn533_std_tx_frame_init(void *_frame, u8 cmd_code) 234 { 235 struct pn533_std_frame *frame = _frame; 236 237 frame->preamble = 0; 238 frame->start_frame = cpu_to_be16(PN533_STD_FRAME_SOF); 239 PN533_STD_FRAME_IDENTIFIER(frame) = PN533_STD_FRAME_DIR_OUT; 240 PN533_FRAME_CMD(frame) = cmd_code; 241 frame->datalen = 2; 242 } 243 244 static void pn533_std_tx_frame_finish(void *_frame) 245 { 246 struct pn533_std_frame *frame = _frame; 247 248 frame->datalen_checksum = pn533_std_checksum(frame->datalen); 249 250 PN533_STD_FRAME_CHECKSUM(frame) = 251 pn533_std_data_checksum(frame->data, frame->datalen); 252 253 PN533_STD_FRAME_POSTAMBLE(frame) = 0; 254 } 255 256 static void pn533_std_tx_update_payload_len(void *_frame, int len) 257 { 258 struct pn533_std_frame *frame = _frame; 259 260 frame->datalen += len; 261 } 262 263 static bool pn533_std_rx_frame_is_valid(void *_frame, struct pn533 *dev) 264 { 265 u8 checksum; 266 struct pn533_std_frame *stdf = _frame; 267 268 if (stdf->start_frame != cpu_to_be16(PN533_STD_FRAME_SOF)) 269 return false; 270 271 if (likely(!PN533_STD_IS_EXTENDED(stdf))) { 272 /* Standard frame code */ 273 dev->ops->rx_header_len = PN533_STD_FRAME_HEADER_LEN; 274 275 checksum = pn533_std_checksum(stdf->datalen); 276 if (checksum != stdf->datalen_checksum) 277 return false; 278 279 checksum = pn533_std_data_checksum(stdf->data, stdf->datalen); 280 if (checksum != PN533_STD_FRAME_CHECKSUM(stdf)) 281 return false; 282 } else { 283 /* Extended */ 284 struct pn533_ext_frame *eif = _frame; 285 286 dev->ops->rx_header_len = PN533_EXT_FRAME_HEADER_LEN; 287 288 checksum = pn533_ext_checksum(be16_to_cpu(eif->datalen)); 289 if (checksum != eif->datalen_checksum) 290 return false; 291 292 /* check data checksum */ 293 checksum = pn533_std_data_checksum(eif->data, 294 be16_to_cpu(eif->datalen)); 295 if (checksum != PN533_EXT_FRAME_CHECKSUM(eif)) 296 return false; 297 } 298 299 return true; 300 } 301 302 bool pn533_rx_frame_is_ack(void *_frame) 303 { 304 struct pn533_std_frame *frame = _frame; 305 306 if (frame->start_frame != cpu_to_be16(PN533_STD_FRAME_SOF)) 307 return false; 308 309 if (frame->datalen != 0 || frame->datalen_checksum != 0xFF) 310 return false; 311 312 return true; 313 } 314 EXPORT_SYMBOL_GPL(pn533_rx_frame_is_ack); 315 316 static inline int pn533_std_rx_frame_size(void *frame) 317 { 318 struct pn533_std_frame *f = frame; 319 320 /* check for Extended Information frame */ 321 if (PN533_STD_IS_EXTENDED(f)) { 322 struct pn533_ext_frame *eif = frame; 323 324 return sizeof(struct pn533_ext_frame) 325 + be16_to_cpu(eif->datalen) + PN533_STD_FRAME_TAIL_LEN; 326 } 327 328 return sizeof(struct pn533_std_frame) + f->datalen + 329 PN533_STD_FRAME_TAIL_LEN; 330 } 331 332 static u8 pn533_std_get_cmd_code(void *frame) 333 { 334 struct pn533_std_frame *f = frame; 335 struct pn533_ext_frame *eif = frame; 336 337 if (PN533_STD_IS_EXTENDED(f)) 338 return PN533_FRAME_CMD(eif); 339 else 340 return PN533_FRAME_CMD(f); 341 } 342 343 bool pn533_rx_frame_is_cmd_response(struct pn533 *dev, void *frame) 344 { 345 return (dev->ops->get_cmd_code(frame) == 346 PN533_CMD_RESPONSE(dev->cmd->code)); 347 } 348 EXPORT_SYMBOL_GPL(pn533_rx_frame_is_cmd_response); 349 350 351 static struct pn533_frame_ops pn533_std_frame_ops = { 352 .tx_frame_init = pn533_std_tx_frame_init, 353 .tx_frame_finish = pn533_std_tx_frame_finish, 354 .tx_update_payload_len = pn533_std_tx_update_payload_len, 355 .tx_header_len = PN533_STD_FRAME_HEADER_LEN, 356 .tx_tail_len = PN533_STD_FRAME_TAIL_LEN, 357 358 .rx_is_frame_valid = pn533_std_rx_frame_is_valid, 359 .rx_frame_size = pn533_std_rx_frame_size, 360 .rx_header_len = PN533_STD_FRAME_HEADER_LEN, 361 .rx_tail_len = PN533_STD_FRAME_TAIL_LEN, 362 363 .max_payload_len = PN533_STD_FRAME_MAX_PAYLOAD_LEN, 364 .get_cmd_code = pn533_std_get_cmd_code, 365 }; 366 367 static void pn533_build_cmd_frame(struct pn533 *dev, u8 cmd_code, 368 struct sk_buff *skb) 369 { 370 /* payload is already there, just update datalen */ 371 int payload_len = skb->len; 372 struct pn533_frame_ops *ops = dev->ops; 373 374 375 skb_push(skb, ops->tx_header_len); 376 skb_put(skb, ops->tx_tail_len); 377 378 ops->tx_frame_init(skb->data, cmd_code); 379 ops->tx_update_payload_len(skb->data, payload_len); 380 ops->tx_frame_finish(skb->data); 381 } 382 383 static int pn533_send_async_complete(struct pn533 *dev) 384 { 385 struct pn533_cmd *cmd = dev->cmd; 386 int status = cmd->status; 387 388 struct sk_buff *req = cmd->req; 389 struct sk_buff *resp = cmd->resp; 390 391 int rc; 392 393 dev_kfree_skb(req); 394 395 if (status < 0) { 396 rc = cmd->complete_cb(dev, cmd->complete_cb_context, 397 ERR_PTR(status)); 398 dev_kfree_skb(resp); 399 goto done; 400 } 401 402 skb_pull(resp, dev->ops->rx_header_len); 403 skb_trim(resp, resp->len - dev->ops->rx_tail_len); 404 405 rc = cmd->complete_cb(dev, cmd->complete_cb_context, resp); 406 407 done: 408 kfree(cmd); 409 dev->cmd = NULL; 410 return rc; 411 } 412 413 static int __pn533_send_async(struct pn533 *dev, u8 cmd_code, 414 struct sk_buff *req, 415 pn533_send_async_complete_t complete_cb, 416 void *complete_cb_context) 417 { 418 struct pn533_cmd *cmd; 419 int rc = 0; 420 421 dev_dbg(dev->dev, "Sending command 0x%x\n", cmd_code); 422 423 cmd = kzalloc(sizeof(*cmd), GFP_KERNEL); 424 if (!cmd) 425 return -ENOMEM; 426 427 cmd->code = cmd_code; 428 cmd->req = req; 429 cmd->complete_cb = complete_cb; 430 cmd->complete_cb_context = complete_cb_context; 431 432 pn533_build_cmd_frame(dev, cmd_code, req); 433 434 mutex_lock(&dev->cmd_lock); 435 436 if (!dev->cmd_pending) { 437 rc = dev->phy_ops->send_frame(dev, req); 438 if (rc) 439 goto error; 440 441 dev->cmd_pending = 1; 442 dev->cmd = cmd; 443 goto unlock; 444 } 445 446 dev_dbg(dev->dev, "%s Queueing command 0x%x\n", 447 __func__, cmd_code); 448 449 INIT_LIST_HEAD(&cmd->queue); 450 list_add_tail(&cmd->queue, &dev->cmd_queue); 451 452 goto unlock; 453 454 error: 455 kfree(cmd); 456 unlock: 457 mutex_unlock(&dev->cmd_lock); 458 return rc; 459 } 460 461 static int pn533_send_data_async(struct pn533 *dev, u8 cmd_code, 462 struct sk_buff *req, 463 pn533_send_async_complete_t complete_cb, 464 void *complete_cb_context) 465 { 466 int rc; 467 468 rc = __pn533_send_async(dev, cmd_code, req, complete_cb, 469 complete_cb_context); 470 471 return rc; 472 } 473 474 static int pn533_send_cmd_async(struct pn533 *dev, u8 cmd_code, 475 struct sk_buff *req, 476 pn533_send_async_complete_t complete_cb, 477 void *complete_cb_context) 478 { 479 int rc; 480 481 rc = __pn533_send_async(dev, cmd_code, req, complete_cb, 482 complete_cb_context); 483 484 return rc; 485 } 486 487 /* 488 * pn533_send_cmd_direct_async 489 * 490 * The function sends a piority cmd directly to the chip omiting the cmd 491 * queue. It's intended to be used by chaining mechanism of received responses 492 * where the host has to request every single chunk of data before scheduling 493 * next cmd from the queue. 494 */ 495 static int pn533_send_cmd_direct_async(struct pn533 *dev, u8 cmd_code, 496 struct sk_buff *req, 497 pn533_send_async_complete_t complete_cb, 498 void *complete_cb_context) 499 { 500 struct pn533_cmd *cmd; 501 int rc; 502 503 cmd = kzalloc(sizeof(*cmd), GFP_KERNEL); 504 if (!cmd) 505 return -ENOMEM; 506 507 cmd->code = cmd_code; 508 cmd->req = req; 509 cmd->complete_cb = complete_cb; 510 cmd->complete_cb_context = complete_cb_context; 511 512 pn533_build_cmd_frame(dev, cmd_code, req); 513 514 rc = dev->phy_ops->send_frame(dev, req); 515 if (rc < 0) 516 kfree(cmd); 517 else 518 dev->cmd = cmd; 519 520 return rc; 521 } 522 523 static void pn533_wq_cmd_complete(struct work_struct *work) 524 { 525 struct pn533 *dev = container_of(work, struct pn533, cmd_complete_work); 526 int rc; 527 528 rc = pn533_send_async_complete(dev); 529 if (rc != -EINPROGRESS) 530 queue_work(dev->wq, &dev->cmd_work); 531 } 532 533 static void pn533_wq_cmd(struct work_struct *work) 534 { 535 struct pn533 *dev = container_of(work, struct pn533, cmd_work); 536 struct pn533_cmd *cmd; 537 int rc; 538 539 mutex_lock(&dev->cmd_lock); 540 541 if (list_empty(&dev->cmd_queue)) { 542 dev->cmd_pending = 0; 543 mutex_unlock(&dev->cmd_lock); 544 return; 545 } 546 547 cmd = list_first_entry(&dev->cmd_queue, struct pn533_cmd, queue); 548 549 list_del(&cmd->queue); 550 551 mutex_unlock(&dev->cmd_lock); 552 553 rc = dev->phy_ops->send_frame(dev, cmd->req); 554 if (rc < 0) { 555 dev_kfree_skb(cmd->req); 556 kfree(cmd); 557 return; 558 } 559 560 dev->cmd = cmd; 561 } 562 563 struct pn533_sync_cmd_response { 564 struct sk_buff *resp; 565 struct completion done; 566 }; 567 568 static int pn533_send_sync_complete(struct pn533 *dev, void *_arg, 569 struct sk_buff *resp) 570 { 571 struct pn533_sync_cmd_response *arg = _arg; 572 573 arg->resp = resp; 574 complete(&arg->done); 575 576 return 0; 577 } 578 579 /* pn533_send_cmd_sync 580 * 581 * Please note the req parameter is freed inside the function to 582 * limit a number of return value interpretations by the caller. 583 * 584 * 1. negative in case of error during TX path -> req should be freed 585 * 586 * 2. negative in case of error during RX path -> req should not be freed 587 * as it's been already freed at the beginning of RX path by 588 * async_complete_cb. 589 * 590 * 3. valid pointer in case of succesfult RX path 591 * 592 * A caller has to check a return value with IS_ERR macro. If the test pass, 593 * the returned pointer is valid. 594 * 595 */ 596 static struct sk_buff *pn533_send_cmd_sync(struct pn533 *dev, u8 cmd_code, 597 struct sk_buff *req) 598 { 599 int rc; 600 struct pn533_sync_cmd_response arg; 601 602 init_completion(&arg.done); 603 604 rc = pn533_send_cmd_async(dev, cmd_code, req, 605 pn533_send_sync_complete, &arg); 606 if (rc) { 607 dev_kfree_skb(req); 608 return ERR_PTR(rc); 609 } 610 611 wait_for_completion(&arg.done); 612 613 return arg.resp; 614 } 615 616 static struct sk_buff *pn533_alloc_skb(struct pn533 *dev, unsigned int size) 617 { 618 struct sk_buff *skb; 619 620 skb = alloc_skb(dev->ops->tx_header_len + 621 size + 622 dev->ops->tx_tail_len, GFP_KERNEL); 623 624 if (skb) 625 skb_reserve(skb, dev->ops->tx_header_len); 626 627 return skb; 628 } 629 630 struct pn533_target_type_a { 631 __be16 sens_res; 632 u8 sel_res; 633 u8 nfcid_len; 634 u8 nfcid_data[]; 635 } __packed; 636 637 638 #define PN533_TYPE_A_SENS_RES_NFCID1(x) ((u8)((be16_to_cpu(x) & 0x00C0) >> 6)) 639 #define PN533_TYPE_A_SENS_RES_SSD(x) ((u8)((be16_to_cpu(x) & 0x001F) >> 0)) 640 #define PN533_TYPE_A_SENS_RES_PLATCONF(x) ((u8)((be16_to_cpu(x) & 0x0F00) >> 8)) 641 642 #define PN533_TYPE_A_SENS_RES_SSD_JEWEL 0x00 643 #define PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL 0x0C 644 645 #define PN533_TYPE_A_SEL_PROT(x) (((x) & 0x60) >> 5) 646 #define PN533_TYPE_A_SEL_CASCADE(x) (((x) & 0x04) >> 2) 647 648 #define PN533_TYPE_A_SEL_PROT_MIFARE 0 649 #define PN533_TYPE_A_SEL_PROT_ISO14443 1 650 #define PN533_TYPE_A_SEL_PROT_DEP 2 651 #define PN533_TYPE_A_SEL_PROT_ISO14443_DEP 3 652 653 static bool pn533_target_type_a_is_valid(struct pn533_target_type_a *type_a, 654 int target_data_len) 655 { 656 u8 ssd; 657 u8 platconf; 658 659 if (target_data_len < sizeof(struct pn533_target_type_a)) 660 return false; 661 662 /* 663 * The length check of nfcid[] and ats[] are not being performed because 664 * the values are not being used 665 */ 666 667 /* Requirement 4.6.3.3 from NFC Forum Digital Spec */ 668 ssd = PN533_TYPE_A_SENS_RES_SSD(type_a->sens_res); 669 platconf = PN533_TYPE_A_SENS_RES_PLATCONF(type_a->sens_res); 670 671 if ((ssd == PN533_TYPE_A_SENS_RES_SSD_JEWEL && 672 platconf != PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL) || 673 (ssd != PN533_TYPE_A_SENS_RES_SSD_JEWEL && 674 platconf == PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL)) 675 return false; 676 677 /* Requirements 4.8.2.1, 4.8.2.3, 4.8.2.5 and 4.8.2.7 from NFC Forum */ 678 if (PN533_TYPE_A_SEL_CASCADE(type_a->sel_res) != 0) 679 return false; 680 681 return true; 682 } 683 684 static int pn533_target_found_type_a(struct nfc_target *nfc_tgt, u8 *tgt_data, 685 int tgt_data_len) 686 { 687 struct pn533_target_type_a *tgt_type_a; 688 689 tgt_type_a = (struct pn533_target_type_a *)tgt_data; 690 691 if (!pn533_target_type_a_is_valid(tgt_type_a, tgt_data_len)) 692 return -EPROTO; 693 694 switch (PN533_TYPE_A_SEL_PROT(tgt_type_a->sel_res)) { 695 case PN533_TYPE_A_SEL_PROT_MIFARE: 696 nfc_tgt->supported_protocols = NFC_PROTO_MIFARE_MASK; 697 break; 698 case PN533_TYPE_A_SEL_PROT_ISO14443: 699 nfc_tgt->supported_protocols = NFC_PROTO_ISO14443_MASK; 700 break; 701 case PN533_TYPE_A_SEL_PROT_DEP: 702 nfc_tgt->supported_protocols = NFC_PROTO_NFC_DEP_MASK; 703 break; 704 case PN533_TYPE_A_SEL_PROT_ISO14443_DEP: 705 nfc_tgt->supported_protocols = NFC_PROTO_ISO14443_MASK | 706 NFC_PROTO_NFC_DEP_MASK; 707 break; 708 } 709 710 nfc_tgt->sens_res = be16_to_cpu(tgt_type_a->sens_res); 711 nfc_tgt->sel_res = tgt_type_a->sel_res; 712 nfc_tgt->nfcid1_len = tgt_type_a->nfcid_len; 713 memcpy(nfc_tgt->nfcid1, tgt_type_a->nfcid_data, nfc_tgt->nfcid1_len); 714 715 return 0; 716 } 717 718 struct pn533_target_felica { 719 u8 pol_res; 720 u8 opcode; 721 u8 nfcid2[NFC_NFCID2_MAXSIZE]; 722 u8 pad[8]; 723 /* optional */ 724 u8 syst_code[]; 725 } __packed; 726 727 #define PN533_FELICA_SENSF_NFCID2_DEP_B1 0x01 728 #define PN533_FELICA_SENSF_NFCID2_DEP_B2 0xFE 729 730 static bool pn533_target_felica_is_valid(struct pn533_target_felica *felica, 731 int target_data_len) 732 { 733 if (target_data_len < sizeof(struct pn533_target_felica)) 734 return false; 735 736 if (felica->opcode != PN533_FELICA_OPC_SENSF_RES) 737 return false; 738 739 return true; 740 } 741 742 static int pn533_target_found_felica(struct nfc_target *nfc_tgt, u8 *tgt_data, 743 int tgt_data_len) 744 { 745 struct pn533_target_felica *tgt_felica; 746 747 tgt_felica = (struct pn533_target_felica *)tgt_data; 748 749 if (!pn533_target_felica_is_valid(tgt_felica, tgt_data_len)) 750 return -EPROTO; 751 752 if ((tgt_felica->nfcid2[0] == PN533_FELICA_SENSF_NFCID2_DEP_B1) && 753 (tgt_felica->nfcid2[1] == PN533_FELICA_SENSF_NFCID2_DEP_B2)) 754 nfc_tgt->supported_protocols = NFC_PROTO_NFC_DEP_MASK; 755 else 756 nfc_tgt->supported_protocols = NFC_PROTO_FELICA_MASK; 757 758 memcpy(nfc_tgt->sensf_res, &tgt_felica->opcode, 9); 759 nfc_tgt->sensf_res_len = 9; 760 761 memcpy(nfc_tgt->nfcid2, tgt_felica->nfcid2, NFC_NFCID2_MAXSIZE); 762 nfc_tgt->nfcid2_len = NFC_NFCID2_MAXSIZE; 763 764 return 0; 765 } 766 767 struct pn533_target_jewel { 768 __be16 sens_res; 769 u8 jewelid[4]; 770 } __packed; 771 772 static bool pn533_target_jewel_is_valid(struct pn533_target_jewel *jewel, 773 int target_data_len) 774 { 775 u8 ssd; 776 u8 platconf; 777 778 if (target_data_len < sizeof(struct pn533_target_jewel)) 779 return false; 780 781 /* Requirement 4.6.3.3 from NFC Forum Digital Spec */ 782 ssd = PN533_TYPE_A_SENS_RES_SSD(jewel->sens_res); 783 platconf = PN533_TYPE_A_SENS_RES_PLATCONF(jewel->sens_res); 784 785 if ((ssd == PN533_TYPE_A_SENS_RES_SSD_JEWEL && 786 platconf != PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL) || 787 (ssd != PN533_TYPE_A_SENS_RES_SSD_JEWEL && 788 platconf == PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL)) 789 return false; 790 791 return true; 792 } 793 794 static int pn533_target_found_jewel(struct nfc_target *nfc_tgt, u8 *tgt_data, 795 int tgt_data_len) 796 { 797 struct pn533_target_jewel *tgt_jewel; 798 799 tgt_jewel = (struct pn533_target_jewel *)tgt_data; 800 801 if (!pn533_target_jewel_is_valid(tgt_jewel, tgt_data_len)) 802 return -EPROTO; 803 804 nfc_tgt->supported_protocols = NFC_PROTO_JEWEL_MASK; 805 nfc_tgt->sens_res = be16_to_cpu(tgt_jewel->sens_res); 806 nfc_tgt->nfcid1_len = 4; 807 memcpy(nfc_tgt->nfcid1, tgt_jewel->jewelid, nfc_tgt->nfcid1_len); 808 809 return 0; 810 } 811 812 struct pn533_type_b_prot_info { 813 u8 bitrate; 814 u8 fsci_type; 815 u8 fwi_adc_fo; 816 } __packed; 817 818 #define PN533_TYPE_B_PROT_FCSI(x) (((x) & 0xF0) >> 4) 819 #define PN533_TYPE_B_PROT_TYPE(x) (((x) & 0x0F) >> 0) 820 #define PN533_TYPE_B_PROT_TYPE_RFU_MASK 0x8 821 822 struct pn533_type_b_sens_res { 823 u8 opcode; 824 u8 nfcid[4]; 825 u8 appdata[4]; 826 struct pn533_type_b_prot_info prot_info; 827 } __packed; 828 829 #define PN533_TYPE_B_OPC_SENSB_RES 0x50 830 831 struct pn533_target_type_b { 832 struct pn533_type_b_sens_res sensb_res; 833 u8 attrib_res_len; 834 u8 attrib_res[]; 835 } __packed; 836 837 static bool pn533_target_type_b_is_valid(struct pn533_target_type_b *type_b, 838 int target_data_len) 839 { 840 if (target_data_len < sizeof(struct pn533_target_type_b)) 841 return false; 842 843 if (type_b->sensb_res.opcode != PN533_TYPE_B_OPC_SENSB_RES) 844 return false; 845 846 if (PN533_TYPE_B_PROT_TYPE(type_b->sensb_res.prot_info.fsci_type) & 847 PN533_TYPE_B_PROT_TYPE_RFU_MASK) 848 return false; 849 850 return true; 851 } 852 853 static int pn533_target_found_type_b(struct nfc_target *nfc_tgt, u8 *tgt_data, 854 int tgt_data_len) 855 { 856 struct pn533_target_type_b *tgt_type_b; 857 858 tgt_type_b = (struct pn533_target_type_b *)tgt_data; 859 860 if (!pn533_target_type_b_is_valid(tgt_type_b, tgt_data_len)) 861 return -EPROTO; 862 863 nfc_tgt->supported_protocols = NFC_PROTO_ISO14443_B_MASK; 864 865 return 0; 866 } 867 868 static void pn533_poll_reset_mod_list(struct pn533 *dev); 869 static int pn533_target_found(struct pn533 *dev, u8 tg, u8 *tgdata, 870 int tgdata_len) 871 { 872 struct nfc_target nfc_tgt; 873 int rc; 874 875 dev_dbg(dev->dev, "%s: modulation=%d\n", 876 __func__, dev->poll_mod_curr); 877 878 if (tg != 1) 879 return -EPROTO; 880 881 memset(&nfc_tgt, 0, sizeof(struct nfc_target)); 882 883 switch (dev->poll_mod_curr) { 884 case PN533_POLL_MOD_106KBPS_A: 885 rc = pn533_target_found_type_a(&nfc_tgt, tgdata, tgdata_len); 886 break; 887 case PN533_POLL_MOD_212KBPS_FELICA: 888 case PN533_POLL_MOD_424KBPS_FELICA: 889 rc = pn533_target_found_felica(&nfc_tgt, tgdata, tgdata_len); 890 break; 891 case PN533_POLL_MOD_106KBPS_JEWEL: 892 rc = pn533_target_found_jewel(&nfc_tgt, tgdata, tgdata_len); 893 break; 894 case PN533_POLL_MOD_847KBPS_B: 895 rc = pn533_target_found_type_b(&nfc_tgt, tgdata, tgdata_len); 896 break; 897 default: 898 nfc_err(dev->dev, 899 "Unknown current poll modulation\n"); 900 return -EPROTO; 901 } 902 903 if (rc) 904 return rc; 905 906 if (!(nfc_tgt.supported_protocols & dev->poll_protocols)) { 907 dev_dbg(dev->dev, 908 "The Tg found doesn't have the desired protocol\n"); 909 return -EAGAIN; 910 } 911 912 dev_dbg(dev->dev, 913 "Target found - supported protocols: 0x%x\n", 914 nfc_tgt.supported_protocols); 915 916 dev->tgt_available_prots = nfc_tgt.supported_protocols; 917 918 pn533_poll_reset_mod_list(dev); 919 nfc_targets_found(dev->nfc_dev, &nfc_tgt, 1); 920 921 return 0; 922 } 923 924 static inline void pn533_poll_next_mod(struct pn533 *dev) 925 { 926 dev->poll_mod_curr = (dev->poll_mod_curr + 1) % dev->poll_mod_count; 927 } 928 929 static void pn533_poll_reset_mod_list(struct pn533 *dev) 930 { 931 dev->poll_mod_count = 0; 932 } 933 934 static void pn533_poll_add_mod(struct pn533 *dev, u8 mod_index) 935 { 936 dev->poll_mod_active[dev->poll_mod_count] = 937 (struct pn533_poll_modulations *)&poll_mod[mod_index]; 938 dev->poll_mod_count++; 939 } 940 941 static void pn533_poll_create_mod_list(struct pn533 *dev, 942 u32 im_protocols, u32 tm_protocols) 943 { 944 pn533_poll_reset_mod_list(dev); 945 946 if ((im_protocols & NFC_PROTO_MIFARE_MASK) || 947 (im_protocols & NFC_PROTO_ISO14443_MASK) || 948 (im_protocols & NFC_PROTO_NFC_DEP_MASK)) 949 pn533_poll_add_mod(dev, PN533_POLL_MOD_106KBPS_A); 950 951 if (im_protocols & NFC_PROTO_FELICA_MASK || 952 im_protocols & NFC_PROTO_NFC_DEP_MASK) { 953 pn533_poll_add_mod(dev, PN533_POLL_MOD_212KBPS_FELICA); 954 pn533_poll_add_mod(dev, PN533_POLL_MOD_424KBPS_FELICA); 955 } 956 957 if (im_protocols & NFC_PROTO_JEWEL_MASK) 958 pn533_poll_add_mod(dev, PN533_POLL_MOD_106KBPS_JEWEL); 959 960 if (im_protocols & NFC_PROTO_ISO14443_B_MASK) 961 pn533_poll_add_mod(dev, PN533_POLL_MOD_847KBPS_B); 962 963 if (tm_protocols) 964 pn533_poll_add_mod(dev, PN533_LISTEN_MOD); 965 } 966 967 static int pn533_start_poll_complete(struct pn533 *dev, struct sk_buff *resp) 968 { 969 u8 nbtg, tg, *tgdata; 970 int rc, tgdata_len; 971 972 /* Toggle the DEP polling */ 973 if (dev->poll_protocols & NFC_PROTO_NFC_DEP_MASK) 974 dev->poll_dep = 1; 975 976 nbtg = resp->data[0]; 977 tg = resp->data[1]; 978 tgdata = &resp->data[2]; 979 tgdata_len = resp->len - 2; /* nbtg + tg */ 980 981 if (nbtg) { 982 rc = pn533_target_found(dev, tg, tgdata, tgdata_len); 983 984 /* We must stop the poll after a valid target found */ 985 if (rc == 0) 986 return 0; 987 } 988 989 return -EAGAIN; 990 } 991 992 static struct sk_buff *pn533_alloc_poll_tg_frame(struct pn533 *dev) 993 { 994 struct sk_buff *skb; 995 u8 *felica, *nfcid3, *gb; 996 997 u8 *gbytes = dev->gb; 998 size_t gbytes_len = dev->gb_len; 999 1000 u8 felica_params[18] = {0x1, 0xfe, /* DEP */ 1001 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, /* random */ 1002 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 1003 0xff, 0xff}; /* System code */ 1004 1005 u8 mifare_params[6] = {0x1, 0x1, /* SENS_RES */ 1006 0x0, 0x0, 0x0, 1007 0x40}; /* SEL_RES for DEP */ 1008 1009 unsigned int skb_len = 36 + /* 1010 * mode (1), mifare (6), 1011 * felica (18), nfcid3 (10), gb_len (1) 1012 */ 1013 gbytes_len + 1014 1; /* len Tk*/ 1015 1016 skb = pn533_alloc_skb(dev, skb_len); 1017 if (!skb) 1018 return NULL; 1019 1020 /* DEP support only */ 1021 *skb_put(skb, 1) = PN533_INIT_TARGET_DEP; 1022 1023 /* MIFARE params */ 1024 memcpy(skb_put(skb, 6), mifare_params, 6); 1025 1026 /* Felica params */ 1027 felica = skb_put(skb, 18); 1028 memcpy(felica, felica_params, 18); 1029 get_random_bytes(felica + 2, 6); 1030 1031 /* NFCID3 */ 1032 nfcid3 = skb_put(skb, 10); 1033 memset(nfcid3, 0, 10); 1034 memcpy(nfcid3, felica, 8); 1035 1036 /* General bytes */ 1037 *skb_put(skb, 1) = gbytes_len; 1038 1039 gb = skb_put(skb, gbytes_len); 1040 memcpy(gb, gbytes, gbytes_len); 1041 1042 /* Len Tk */ 1043 *skb_put(skb, 1) = 0; 1044 1045 return skb; 1046 } 1047 1048 static void pn533_wq_tm_mi_recv(struct work_struct *work); 1049 static struct sk_buff *pn533_build_response(struct pn533 *dev); 1050 1051 static int pn533_tm_get_data_complete(struct pn533 *dev, void *arg, 1052 struct sk_buff *resp) 1053 { 1054 struct sk_buff *skb; 1055 u8 status, ret, mi; 1056 int rc; 1057 1058 dev_dbg(dev->dev, "%s\n", __func__); 1059 1060 if (IS_ERR(resp)) { 1061 skb_queue_purge(&dev->resp_q); 1062 return PTR_ERR(resp); 1063 } 1064 1065 status = resp->data[0]; 1066 1067 ret = status & PN533_CMD_RET_MASK; 1068 mi = status & PN533_CMD_MI_MASK; 1069 1070 skb_pull(resp, sizeof(status)); 1071 1072 if (ret != PN533_CMD_RET_SUCCESS) { 1073 rc = -EIO; 1074 goto error; 1075 } 1076 1077 skb_queue_tail(&dev->resp_q, resp); 1078 1079 if (mi) { 1080 queue_work(dev->wq, &dev->mi_tm_rx_work); 1081 return -EINPROGRESS; 1082 } 1083 1084 skb = pn533_build_response(dev); 1085 if (!skb) { 1086 rc = -EIO; 1087 goto error; 1088 } 1089 1090 return nfc_tm_data_received(dev->nfc_dev, skb); 1091 1092 error: 1093 nfc_tm_deactivated(dev->nfc_dev); 1094 dev->tgt_mode = 0; 1095 skb_queue_purge(&dev->resp_q); 1096 dev_kfree_skb(resp); 1097 1098 return rc; 1099 } 1100 1101 static void pn533_wq_tm_mi_recv(struct work_struct *work) 1102 { 1103 struct pn533 *dev = container_of(work, struct pn533, mi_tm_rx_work); 1104 struct sk_buff *skb; 1105 int rc; 1106 1107 dev_dbg(dev->dev, "%s\n", __func__); 1108 1109 skb = pn533_alloc_skb(dev, 0); 1110 if (!skb) 1111 return; 1112 1113 rc = pn533_send_cmd_direct_async(dev, 1114 PN533_CMD_TG_GET_DATA, 1115 skb, 1116 pn533_tm_get_data_complete, 1117 NULL); 1118 1119 if (rc < 0) 1120 dev_kfree_skb(skb); 1121 } 1122 1123 static int pn533_tm_send_complete(struct pn533 *dev, void *arg, 1124 struct sk_buff *resp); 1125 static void pn533_wq_tm_mi_send(struct work_struct *work) 1126 { 1127 struct pn533 *dev = container_of(work, struct pn533, mi_tm_tx_work); 1128 struct sk_buff *skb; 1129 int rc; 1130 1131 dev_dbg(dev->dev, "%s\n", __func__); 1132 1133 /* Grab the first skb in the queue */ 1134 skb = skb_dequeue(&dev->fragment_skb); 1135 if (skb == NULL) { /* No more data */ 1136 /* Reset the queue for future use */ 1137 skb_queue_head_init(&dev->fragment_skb); 1138 goto error; 1139 } 1140 1141 /* last entry - remove MI bit */ 1142 if (skb_queue_len(&dev->fragment_skb) == 0) { 1143 rc = pn533_send_cmd_direct_async(dev, PN533_CMD_TG_SET_DATA, 1144 skb, pn533_tm_send_complete, NULL); 1145 } else 1146 rc = pn533_send_cmd_direct_async(dev, 1147 PN533_CMD_TG_SET_META_DATA, 1148 skb, pn533_tm_send_complete, NULL); 1149 1150 if (rc == 0) /* success */ 1151 return; 1152 1153 dev_err(dev->dev, 1154 "Error %d when trying to perform set meta data_exchange", rc); 1155 1156 dev_kfree_skb(skb); 1157 1158 error: 1159 dev->phy_ops->send_ack(dev, GFP_KERNEL); 1160 queue_work(dev->wq, &dev->cmd_work); 1161 } 1162 1163 static void pn533_wq_tg_get_data(struct work_struct *work) 1164 { 1165 struct pn533 *dev = container_of(work, struct pn533, tg_work); 1166 struct sk_buff *skb; 1167 int rc; 1168 1169 dev_dbg(dev->dev, "%s\n", __func__); 1170 1171 skb = pn533_alloc_skb(dev, 0); 1172 if (!skb) 1173 return; 1174 1175 rc = pn533_send_data_async(dev, PN533_CMD_TG_GET_DATA, skb, 1176 pn533_tm_get_data_complete, NULL); 1177 1178 if (rc < 0) 1179 dev_kfree_skb(skb); 1180 } 1181 1182 #define ATR_REQ_GB_OFFSET 17 1183 static int pn533_init_target_complete(struct pn533 *dev, struct sk_buff *resp) 1184 { 1185 u8 mode, *cmd, comm_mode = NFC_COMM_PASSIVE, *gb; 1186 size_t gb_len; 1187 int rc; 1188 1189 dev_dbg(dev->dev, "%s\n", __func__); 1190 1191 if (resp->len < ATR_REQ_GB_OFFSET + 1) 1192 return -EINVAL; 1193 1194 mode = resp->data[0]; 1195 cmd = &resp->data[1]; 1196 1197 dev_dbg(dev->dev, "Target mode 0x%x len %d\n", 1198 mode, resp->len); 1199 1200 if ((mode & PN533_INIT_TARGET_RESP_FRAME_MASK) == 1201 PN533_INIT_TARGET_RESP_ACTIVE) 1202 comm_mode = NFC_COMM_ACTIVE; 1203 1204 if ((mode & PN533_INIT_TARGET_RESP_DEP) == 0) /* Only DEP supported */ 1205 return -EOPNOTSUPP; 1206 1207 gb = cmd + ATR_REQ_GB_OFFSET; 1208 gb_len = resp->len - (ATR_REQ_GB_OFFSET + 1); 1209 1210 rc = nfc_tm_activated(dev->nfc_dev, NFC_PROTO_NFC_DEP_MASK, 1211 comm_mode, gb, gb_len); 1212 if (rc < 0) { 1213 nfc_err(dev->dev, 1214 "Error when signaling target activation\n"); 1215 return rc; 1216 } 1217 1218 dev->tgt_mode = 1; 1219 queue_work(dev->wq, &dev->tg_work); 1220 1221 return 0; 1222 } 1223 1224 static void pn533_listen_mode_timer(unsigned long data) 1225 { 1226 struct pn533 *dev = (struct pn533 *)data; 1227 1228 dev_dbg(dev->dev, "Listen mode timeout\n"); 1229 1230 dev->cancel_listen = 1; 1231 1232 pn533_poll_next_mod(dev); 1233 1234 queue_delayed_work(dev->wq, &dev->poll_work, 1235 msecs_to_jiffies(PN533_POLL_INTERVAL)); 1236 } 1237 1238 static int pn533_rf_complete(struct pn533 *dev, void *arg, 1239 struct sk_buff *resp) 1240 { 1241 int rc = 0; 1242 1243 dev_dbg(dev->dev, "%s\n", __func__); 1244 1245 if (IS_ERR(resp)) { 1246 rc = PTR_ERR(resp); 1247 1248 nfc_err(dev->dev, "RF setting error %d\n", rc); 1249 1250 return rc; 1251 } 1252 1253 queue_delayed_work(dev->wq, &dev->poll_work, 1254 msecs_to_jiffies(PN533_POLL_INTERVAL)); 1255 1256 dev_kfree_skb(resp); 1257 return rc; 1258 } 1259 1260 static void pn533_wq_rf(struct work_struct *work) 1261 { 1262 struct pn533 *dev = container_of(work, struct pn533, rf_work); 1263 struct sk_buff *skb; 1264 int rc; 1265 1266 dev_dbg(dev->dev, "%s\n", __func__); 1267 1268 skb = pn533_alloc_skb(dev, 2); 1269 if (!skb) 1270 return; 1271 1272 *skb_put(skb, 1) = PN533_CFGITEM_RF_FIELD; 1273 *skb_put(skb, 1) = PN533_CFGITEM_RF_FIELD_AUTO_RFCA; 1274 1275 rc = pn533_send_cmd_async(dev, PN533_CMD_RF_CONFIGURATION, skb, 1276 pn533_rf_complete, NULL); 1277 if (rc < 0) { 1278 dev_kfree_skb(skb); 1279 nfc_err(dev->dev, "RF setting error %d\n", rc); 1280 } 1281 } 1282 1283 static int pn533_poll_dep_complete(struct pn533 *dev, void *arg, 1284 struct sk_buff *resp) 1285 { 1286 struct pn533_cmd_jump_dep_response *rsp; 1287 struct nfc_target nfc_target; 1288 u8 target_gt_len; 1289 int rc; 1290 1291 if (IS_ERR(resp)) 1292 return PTR_ERR(resp); 1293 1294 rsp = (struct pn533_cmd_jump_dep_response *)resp->data; 1295 1296 rc = rsp->status & PN533_CMD_RET_MASK; 1297 if (rc != PN533_CMD_RET_SUCCESS) { 1298 /* Not target found, turn radio off */ 1299 queue_work(dev->wq, &dev->rf_work); 1300 1301 dev_kfree_skb(resp); 1302 return 0; 1303 } 1304 1305 dev_dbg(dev->dev, "Creating new target"); 1306 1307 nfc_target.supported_protocols = NFC_PROTO_NFC_DEP_MASK; 1308 nfc_target.nfcid1_len = 10; 1309 memcpy(nfc_target.nfcid1, rsp->nfcid3t, nfc_target.nfcid1_len); 1310 rc = nfc_targets_found(dev->nfc_dev, &nfc_target, 1); 1311 if (rc) 1312 goto error; 1313 1314 dev->tgt_available_prots = 0; 1315 dev->tgt_active_prot = NFC_PROTO_NFC_DEP; 1316 1317 /* ATR_RES general bytes are located at offset 17 */ 1318 target_gt_len = resp->len - 17; 1319 rc = nfc_set_remote_general_bytes(dev->nfc_dev, 1320 rsp->gt, target_gt_len); 1321 if (!rc) { 1322 rc = nfc_dep_link_is_up(dev->nfc_dev, 1323 dev->nfc_dev->targets[0].idx, 1324 0, NFC_RF_INITIATOR); 1325 1326 if (!rc) 1327 pn533_poll_reset_mod_list(dev); 1328 } 1329 error: 1330 dev_kfree_skb(resp); 1331 return rc; 1332 } 1333 1334 #define PASSIVE_DATA_LEN 5 1335 static int pn533_poll_dep(struct nfc_dev *nfc_dev) 1336 { 1337 struct pn533 *dev = nfc_get_drvdata(nfc_dev); 1338 struct sk_buff *skb; 1339 int rc, skb_len; 1340 u8 *next, nfcid3[NFC_NFCID3_MAXSIZE]; 1341 u8 passive_data[PASSIVE_DATA_LEN] = {0x00, 0xff, 0xff, 0x00, 0x3}; 1342 1343 dev_dbg(dev->dev, "%s", __func__); 1344 1345 if (!dev->gb) { 1346 dev->gb = nfc_get_local_general_bytes(nfc_dev, &dev->gb_len); 1347 1348 if (!dev->gb || !dev->gb_len) { 1349 dev->poll_dep = 0; 1350 queue_work(dev->wq, &dev->rf_work); 1351 } 1352 } 1353 1354 skb_len = 3 + dev->gb_len; /* ActPass + BR + Next */ 1355 skb_len += PASSIVE_DATA_LEN; 1356 1357 /* NFCID3 */ 1358 skb_len += NFC_NFCID3_MAXSIZE; 1359 nfcid3[0] = 0x1; 1360 nfcid3[1] = 0xfe; 1361 get_random_bytes(nfcid3 + 2, 6); 1362 1363 skb = pn533_alloc_skb(dev, skb_len); 1364 if (!skb) 1365 return -ENOMEM; 1366 1367 *skb_put(skb, 1) = 0x01; /* Active */ 1368 *skb_put(skb, 1) = 0x02; /* 424 kbps */ 1369 1370 next = skb_put(skb, 1); /* Next */ 1371 *next = 0; 1372 1373 /* Copy passive data */ 1374 memcpy(skb_put(skb, PASSIVE_DATA_LEN), passive_data, PASSIVE_DATA_LEN); 1375 *next |= 1; 1376 1377 /* Copy NFCID3 (which is NFCID2 from SENSF_RES) */ 1378 memcpy(skb_put(skb, NFC_NFCID3_MAXSIZE), nfcid3, 1379 NFC_NFCID3_MAXSIZE); 1380 *next |= 2; 1381 1382 memcpy(skb_put(skb, dev->gb_len), dev->gb, dev->gb_len); 1383 *next |= 4; /* We have some Gi */ 1384 1385 rc = pn533_send_cmd_async(dev, PN533_CMD_IN_JUMP_FOR_DEP, skb, 1386 pn533_poll_dep_complete, NULL); 1387 1388 if (rc < 0) 1389 dev_kfree_skb(skb); 1390 1391 return rc; 1392 } 1393 1394 static int pn533_poll_complete(struct pn533 *dev, void *arg, 1395 struct sk_buff *resp) 1396 { 1397 struct pn533_poll_modulations *cur_mod; 1398 int rc; 1399 1400 dev_dbg(dev->dev, "%s\n", __func__); 1401 1402 if (IS_ERR(resp)) { 1403 rc = PTR_ERR(resp); 1404 1405 nfc_err(dev->dev, "%s Poll complete error %d\n", 1406 __func__, rc); 1407 1408 if (rc == -ENOENT) { 1409 if (dev->poll_mod_count != 0) 1410 return rc; 1411 goto stop_poll; 1412 } else if (rc < 0) { 1413 nfc_err(dev->dev, 1414 "Error %d when running poll\n", rc); 1415 goto stop_poll; 1416 } 1417 } 1418 1419 cur_mod = dev->poll_mod_active[dev->poll_mod_curr]; 1420 1421 if (cur_mod->len == 0) { /* Target mode */ 1422 del_timer(&dev->listen_timer); 1423 rc = pn533_init_target_complete(dev, resp); 1424 goto done; 1425 } 1426 1427 /* Initiator mode */ 1428 rc = pn533_start_poll_complete(dev, resp); 1429 if (!rc) 1430 goto done; 1431 1432 if (!dev->poll_mod_count) { 1433 dev_dbg(dev->dev, "Polling has been stopped\n"); 1434 goto done; 1435 } 1436 1437 pn533_poll_next_mod(dev); 1438 /* Not target found, turn radio off */ 1439 queue_work(dev->wq, &dev->rf_work); 1440 1441 done: 1442 dev_kfree_skb(resp); 1443 return rc; 1444 1445 stop_poll: 1446 nfc_err(dev->dev, "Polling operation has been stopped\n"); 1447 1448 pn533_poll_reset_mod_list(dev); 1449 dev->poll_protocols = 0; 1450 return rc; 1451 } 1452 1453 static struct sk_buff *pn533_alloc_poll_in_frame(struct pn533 *dev, 1454 struct pn533_poll_modulations *mod) 1455 { 1456 struct sk_buff *skb; 1457 1458 skb = pn533_alloc_skb(dev, mod->len); 1459 if (!skb) 1460 return NULL; 1461 1462 memcpy(skb_put(skb, mod->len), &mod->data, mod->len); 1463 1464 return skb; 1465 } 1466 1467 static int pn533_send_poll_frame(struct pn533 *dev) 1468 { 1469 struct pn533_poll_modulations *mod; 1470 struct sk_buff *skb; 1471 int rc; 1472 u8 cmd_code; 1473 1474 mod = dev->poll_mod_active[dev->poll_mod_curr]; 1475 1476 dev_dbg(dev->dev, "%s mod len %d\n", 1477 __func__, mod->len); 1478 1479 if ((dev->poll_protocols & NFC_PROTO_NFC_DEP_MASK) && dev->poll_dep) { 1480 dev->poll_dep = 0; 1481 return pn533_poll_dep(dev->nfc_dev); 1482 } 1483 1484 if (mod->len == 0) { /* Listen mode */ 1485 cmd_code = PN533_CMD_TG_INIT_AS_TARGET; 1486 skb = pn533_alloc_poll_tg_frame(dev); 1487 } else { /* Polling mode */ 1488 cmd_code = PN533_CMD_IN_LIST_PASSIVE_TARGET; 1489 skb = pn533_alloc_poll_in_frame(dev, mod); 1490 } 1491 1492 if (!skb) { 1493 nfc_err(dev->dev, "Failed to allocate skb\n"); 1494 return -ENOMEM; 1495 } 1496 1497 rc = pn533_send_cmd_async(dev, cmd_code, skb, pn533_poll_complete, 1498 NULL); 1499 if (rc < 0) { 1500 dev_kfree_skb(skb); 1501 nfc_err(dev->dev, "Polling loop error %d\n", rc); 1502 } 1503 1504 return rc; 1505 } 1506 1507 static void pn533_wq_poll(struct work_struct *work) 1508 { 1509 struct pn533 *dev = container_of(work, struct pn533, poll_work.work); 1510 struct pn533_poll_modulations *cur_mod; 1511 int rc; 1512 1513 cur_mod = dev->poll_mod_active[dev->poll_mod_curr]; 1514 1515 dev_dbg(dev->dev, 1516 "%s cancel_listen %d modulation len %d\n", 1517 __func__, dev->cancel_listen, cur_mod->len); 1518 1519 if (dev->cancel_listen == 1) { 1520 dev->cancel_listen = 0; 1521 dev->phy_ops->abort_cmd(dev, GFP_ATOMIC); 1522 } 1523 1524 rc = pn533_send_poll_frame(dev); 1525 if (rc) 1526 return; 1527 1528 if (cur_mod->len == 0 && dev->poll_mod_count > 1) 1529 mod_timer(&dev->listen_timer, jiffies + PN533_LISTEN_TIME * HZ); 1530 } 1531 1532 static int pn533_start_poll(struct nfc_dev *nfc_dev, 1533 u32 im_protocols, u32 tm_protocols) 1534 { 1535 struct pn533 *dev = nfc_get_drvdata(nfc_dev); 1536 struct pn533_poll_modulations *cur_mod; 1537 u8 rand_mod; 1538 int rc; 1539 1540 dev_dbg(dev->dev, 1541 "%s: im protocols 0x%x tm protocols 0x%x\n", 1542 __func__, im_protocols, tm_protocols); 1543 1544 if (dev->tgt_active_prot) { 1545 nfc_err(dev->dev, 1546 "Cannot poll with a target already activated\n"); 1547 return -EBUSY; 1548 } 1549 1550 if (dev->tgt_mode) { 1551 nfc_err(dev->dev, 1552 "Cannot poll while already being activated\n"); 1553 return -EBUSY; 1554 } 1555 1556 if (tm_protocols) { 1557 dev->gb = nfc_get_local_general_bytes(nfc_dev, &dev->gb_len); 1558 if (dev->gb == NULL) 1559 tm_protocols = 0; 1560 } 1561 1562 pn533_poll_create_mod_list(dev, im_protocols, tm_protocols); 1563 dev->poll_protocols = im_protocols; 1564 dev->listen_protocols = tm_protocols; 1565 1566 /* Do not always start polling from the same modulation */ 1567 get_random_bytes(&rand_mod, sizeof(rand_mod)); 1568 rand_mod %= dev->poll_mod_count; 1569 dev->poll_mod_curr = rand_mod; 1570 1571 cur_mod = dev->poll_mod_active[dev->poll_mod_curr]; 1572 1573 rc = pn533_send_poll_frame(dev); 1574 1575 /* Start listen timer */ 1576 if (!rc && cur_mod->len == 0 && dev->poll_mod_count > 1) 1577 mod_timer(&dev->listen_timer, jiffies + PN533_LISTEN_TIME * HZ); 1578 1579 return rc; 1580 } 1581 1582 static void pn533_stop_poll(struct nfc_dev *nfc_dev) 1583 { 1584 struct pn533 *dev = nfc_get_drvdata(nfc_dev); 1585 1586 del_timer(&dev->listen_timer); 1587 1588 if (!dev->poll_mod_count) { 1589 dev_dbg(dev->dev, 1590 "Polling operation was not running\n"); 1591 return; 1592 } 1593 1594 dev->phy_ops->abort_cmd(dev, GFP_KERNEL); 1595 flush_delayed_work(&dev->poll_work); 1596 pn533_poll_reset_mod_list(dev); 1597 } 1598 1599 static int pn533_activate_target_nfcdep(struct pn533 *dev) 1600 { 1601 struct pn533_cmd_activate_response *rsp; 1602 u16 gt_len; 1603 int rc; 1604 struct sk_buff *skb; 1605 struct sk_buff *resp; 1606 1607 dev_dbg(dev->dev, "%s\n", __func__); 1608 1609 skb = pn533_alloc_skb(dev, sizeof(u8) * 2); /*TG + Next*/ 1610 if (!skb) 1611 return -ENOMEM; 1612 1613 *skb_put(skb, sizeof(u8)) = 1; /* TG */ 1614 *skb_put(skb, sizeof(u8)) = 0; /* Next */ 1615 1616 resp = pn533_send_cmd_sync(dev, PN533_CMD_IN_ATR, skb); 1617 if (IS_ERR(resp)) 1618 return PTR_ERR(resp); 1619 1620 rsp = (struct pn533_cmd_activate_response *)resp->data; 1621 rc = rsp->status & PN533_CMD_RET_MASK; 1622 if (rc != PN533_CMD_RET_SUCCESS) { 1623 nfc_err(dev->dev, 1624 "Target activation failed (error 0x%x)\n", rc); 1625 dev_kfree_skb(resp); 1626 return -EIO; 1627 } 1628 1629 /* ATR_RES general bytes are located at offset 16 */ 1630 gt_len = resp->len - 16; 1631 rc = nfc_set_remote_general_bytes(dev->nfc_dev, rsp->gt, gt_len); 1632 1633 dev_kfree_skb(resp); 1634 return rc; 1635 } 1636 1637 static int pn533_activate_target(struct nfc_dev *nfc_dev, 1638 struct nfc_target *target, u32 protocol) 1639 { 1640 struct pn533 *dev = nfc_get_drvdata(nfc_dev); 1641 int rc; 1642 1643 dev_dbg(dev->dev, "%s: protocol=%u\n", __func__, protocol); 1644 1645 if (dev->poll_mod_count) { 1646 nfc_err(dev->dev, 1647 "Cannot activate while polling\n"); 1648 return -EBUSY; 1649 } 1650 1651 if (dev->tgt_active_prot) { 1652 nfc_err(dev->dev, 1653 "There is already an active target\n"); 1654 return -EBUSY; 1655 } 1656 1657 if (!dev->tgt_available_prots) { 1658 nfc_err(dev->dev, 1659 "There is no available target to activate\n"); 1660 return -EINVAL; 1661 } 1662 1663 if (!(dev->tgt_available_prots & (1 << protocol))) { 1664 nfc_err(dev->dev, 1665 "Target doesn't support requested proto %u\n", 1666 protocol); 1667 return -EINVAL; 1668 } 1669 1670 if (protocol == NFC_PROTO_NFC_DEP) { 1671 rc = pn533_activate_target_nfcdep(dev); 1672 if (rc) { 1673 nfc_err(dev->dev, 1674 "Activating target with DEP failed %d\n", rc); 1675 return rc; 1676 } 1677 } 1678 1679 dev->tgt_active_prot = protocol; 1680 dev->tgt_available_prots = 0; 1681 1682 return 0; 1683 } 1684 1685 static int pn533_deactivate_target_complete(struct pn533 *dev, void *arg, 1686 struct sk_buff *resp) 1687 { 1688 int rc = 0; 1689 1690 dev_dbg(dev->dev, "%s\n", __func__); 1691 1692 if (IS_ERR(resp)) { 1693 rc = PTR_ERR(resp); 1694 1695 nfc_err(dev->dev, "Target release error %d\n", rc); 1696 1697 return rc; 1698 } 1699 1700 rc = resp->data[0] & PN533_CMD_RET_MASK; 1701 if (rc != PN533_CMD_RET_SUCCESS) 1702 nfc_err(dev->dev, 1703 "Error 0x%x when releasing the target\n", rc); 1704 1705 dev_kfree_skb(resp); 1706 return rc; 1707 } 1708 1709 static void pn533_deactivate_target(struct nfc_dev *nfc_dev, 1710 struct nfc_target *target, u8 mode) 1711 { 1712 struct pn533 *dev = nfc_get_drvdata(nfc_dev); 1713 struct sk_buff *skb; 1714 int rc; 1715 1716 dev_dbg(dev->dev, "%s\n", __func__); 1717 1718 if (!dev->tgt_active_prot) { 1719 nfc_err(dev->dev, "There is no active target\n"); 1720 return; 1721 } 1722 1723 dev->tgt_active_prot = 0; 1724 skb_queue_purge(&dev->resp_q); 1725 1726 skb = pn533_alloc_skb(dev, sizeof(u8)); 1727 if (!skb) 1728 return; 1729 1730 *skb_put(skb, 1) = 1; /* TG*/ 1731 1732 rc = pn533_send_cmd_async(dev, PN533_CMD_IN_RELEASE, skb, 1733 pn533_deactivate_target_complete, NULL); 1734 if (rc < 0) { 1735 dev_kfree_skb(skb); 1736 nfc_err(dev->dev, "Target release error %d\n", rc); 1737 } 1738 } 1739 1740 1741 static int pn533_in_dep_link_up_complete(struct pn533 *dev, void *arg, 1742 struct sk_buff *resp) 1743 { 1744 struct pn533_cmd_jump_dep_response *rsp; 1745 u8 target_gt_len; 1746 int rc; 1747 u8 active = *(u8 *)arg; 1748 1749 kfree(arg); 1750 1751 if (IS_ERR(resp)) 1752 return PTR_ERR(resp); 1753 1754 if (dev->tgt_available_prots && 1755 !(dev->tgt_available_prots & (1 << NFC_PROTO_NFC_DEP))) { 1756 nfc_err(dev->dev, 1757 "The target does not support DEP\n"); 1758 rc = -EINVAL; 1759 goto error; 1760 } 1761 1762 rsp = (struct pn533_cmd_jump_dep_response *)resp->data; 1763 1764 rc = rsp->status & PN533_CMD_RET_MASK; 1765 if (rc != PN533_CMD_RET_SUCCESS) { 1766 nfc_err(dev->dev, 1767 "Bringing DEP link up failed (error 0x%x)\n", rc); 1768 goto error; 1769 } 1770 1771 if (!dev->tgt_available_prots) { 1772 struct nfc_target nfc_target; 1773 1774 dev_dbg(dev->dev, "Creating new target\n"); 1775 1776 nfc_target.supported_protocols = NFC_PROTO_NFC_DEP_MASK; 1777 nfc_target.nfcid1_len = 10; 1778 memcpy(nfc_target.nfcid1, rsp->nfcid3t, nfc_target.nfcid1_len); 1779 rc = nfc_targets_found(dev->nfc_dev, &nfc_target, 1); 1780 if (rc) 1781 goto error; 1782 1783 dev->tgt_available_prots = 0; 1784 } 1785 1786 dev->tgt_active_prot = NFC_PROTO_NFC_DEP; 1787 1788 /* ATR_RES general bytes are located at offset 17 */ 1789 target_gt_len = resp->len - 17; 1790 rc = nfc_set_remote_general_bytes(dev->nfc_dev, 1791 rsp->gt, target_gt_len); 1792 if (rc == 0) 1793 rc = nfc_dep_link_is_up(dev->nfc_dev, 1794 dev->nfc_dev->targets[0].idx, 1795 !active, NFC_RF_INITIATOR); 1796 1797 error: 1798 dev_kfree_skb(resp); 1799 return rc; 1800 } 1801 1802 static int pn533_rf_field(struct nfc_dev *nfc_dev, u8 rf); 1803 static int pn533_dep_link_up(struct nfc_dev *nfc_dev, struct nfc_target *target, 1804 u8 comm_mode, u8 *gb, size_t gb_len) 1805 { 1806 struct pn533 *dev = nfc_get_drvdata(nfc_dev); 1807 struct sk_buff *skb; 1808 int rc, skb_len; 1809 u8 *next, *arg, nfcid3[NFC_NFCID3_MAXSIZE]; 1810 u8 passive_data[PASSIVE_DATA_LEN] = {0x00, 0xff, 0xff, 0x00, 0x3}; 1811 1812 dev_dbg(dev->dev, "%s\n", __func__); 1813 1814 if (dev->poll_mod_count) { 1815 nfc_err(dev->dev, 1816 "Cannot bring the DEP link up while polling\n"); 1817 return -EBUSY; 1818 } 1819 1820 if (dev->tgt_active_prot) { 1821 nfc_err(dev->dev, 1822 "There is already an active target\n"); 1823 return -EBUSY; 1824 } 1825 1826 skb_len = 3 + gb_len; /* ActPass + BR + Next */ 1827 skb_len += PASSIVE_DATA_LEN; 1828 1829 /* NFCID3 */ 1830 skb_len += NFC_NFCID3_MAXSIZE; 1831 if (target && !target->nfcid2_len) { 1832 nfcid3[0] = 0x1; 1833 nfcid3[1] = 0xfe; 1834 get_random_bytes(nfcid3 + 2, 6); 1835 } 1836 1837 skb = pn533_alloc_skb(dev, skb_len); 1838 if (!skb) 1839 return -ENOMEM; 1840 1841 *skb_put(skb, 1) = !comm_mode; /* ActPass */ 1842 *skb_put(skb, 1) = 0x02; /* 424 kbps */ 1843 1844 next = skb_put(skb, 1); /* Next */ 1845 *next = 0; 1846 1847 /* Copy passive data */ 1848 memcpy(skb_put(skb, PASSIVE_DATA_LEN), passive_data, PASSIVE_DATA_LEN); 1849 *next |= 1; 1850 1851 /* Copy NFCID3 (which is NFCID2 from SENSF_RES) */ 1852 if (target && target->nfcid2_len) 1853 memcpy(skb_put(skb, NFC_NFCID3_MAXSIZE), target->nfcid2, 1854 target->nfcid2_len); 1855 else 1856 memcpy(skb_put(skb, NFC_NFCID3_MAXSIZE), nfcid3, 1857 NFC_NFCID3_MAXSIZE); 1858 *next |= 2; 1859 1860 if (gb != NULL && gb_len > 0) { 1861 memcpy(skb_put(skb, gb_len), gb, gb_len); 1862 *next |= 4; /* We have some Gi */ 1863 } else { 1864 *next = 0; 1865 } 1866 1867 arg = kmalloc(sizeof(*arg), GFP_KERNEL); 1868 if (!arg) { 1869 dev_kfree_skb(skb); 1870 return -ENOMEM; 1871 } 1872 1873 *arg = !comm_mode; 1874 1875 pn533_rf_field(dev->nfc_dev, 0); 1876 1877 rc = pn533_send_cmd_async(dev, PN533_CMD_IN_JUMP_FOR_DEP, skb, 1878 pn533_in_dep_link_up_complete, arg); 1879 1880 if (rc < 0) { 1881 dev_kfree_skb(skb); 1882 kfree(arg); 1883 } 1884 1885 return rc; 1886 } 1887 1888 static int pn533_dep_link_down(struct nfc_dev *nfc_dev) 1889 { 1890 struct pn533 *dev = nfc_get_drvdata(nfc_dev); 1891 1892 dev_dbg(dev->dev, "%s\n", __func__); 1893 1894 pn533_poll_reset_mod_list(dev); 1895 1896 if (dev->tgt_mode || dev->tgt_active_prot) 1897 dev->phy_ops->abort_cmd(dev, GFP_KERNEL); 1898 1899 dev->tgt_active_prot = 0; 1900 dev->tgt_mode = 0; 1901 1902 skb_queue_purge(&dev->resp_q); 1903 1904 return 0; 1905 } 1906 1907 struct pn533_data_exchange_arg { 1908 data_exchange_cb_t cb; 1909 void *cb_context; 1910 }; 1911 1912 static struct sk_buff *pn533_build_response(struct pn533 *dev) 1913 { 1914 struct sk_buff *skb, *tmp, *t; 1915 unsigned int skb_len = 0, tmp_len = 0; 1916 1917 dev_dbg(dev->dev, "%s\n", __func__); 1918 1919 if (skb_queue_empty(&dev->resp_q)) 1920 return NULL; 1921 1922 if (skb_queue_len(&dev->resp_q) == 1) { 1923 skb = skb_dequeue(&dev->resp_q); 1924 goto out; 1925 } 1926 1927 skb_queue_walk_safe(&dev->resp_q, tmp, t) 1928 skb_len += tmp->len; 1929 1930 dev_dbg(dev->dev, "%s total length %d\n", 1931 __func__, skb_len); 1932 1933 skb = alloc_skb(skb_len, GFP_KERNEL); 1934 if (skb == NULL) 1935 goto out; 1936 1937 skb_put(skb, skb_len); 1938 1939 skb_queue_walk_safe(&dev->resp_q, tmp, t) { 1940 memcpy(skb->data + tmp_len, tmp->data, tmp->len); 1941 tmp_len += tmp->len; 1942 } 1943 1944 out: 1945 skb_queue_purge(&dev->resp_q); 1946 1947 return skb; 1948 } 1949 1950 static int pn533_data_exchange_complete(struct pn533 *dev, void *_arg, 1951 struct sk_buff *resp) 1952 { 1953 struct pn533_data_exchange_arg *arg = _arg; 1954 struct sk_buff *skb; 1955 int rc = 0; 1956 u8 status, ret, mi; 1957 1958 dev_dbg(dev->dev, "%s\n", __func__); 1959 1960 if (IS_ERR(resp)) { 1961 rc = PTR_ERR(resp); 1962 goto _error; 1963 } 1964 1965 status = resp->data[0]; 1966 ret = status & PN533_CMD_RET_MASK; 1967 mi = status & PN533_CMD_MI_MASK; 1968 1969 skb_pull(resp, sizeof(status)); 1970 1971 if (ret != PN533_CMD_RET_SUCCESS) { 1972 nfc_err(dev->dev, 1973 "Exchanging data failed (error 0x%x)\n", ret); 1974 rc = -EIO; 1975 goto error; 1976 } 1977 1978 skb_queue_tail(&dev->resp_q, resp); 1979 1980 if (mi) { 1981 dev->cmd_complete_mi_arg = arg; 1982 queue_work(dev->wq, &dev->mi_rx_work); 1983 return -EINPROGRESS; 1984 } 1985 1986 /* Prepare for the next round */ 1987 if (skb_queue_len(&dev->fragment_skb) > 0) { 1988 dev->cmd_complete_dep_arg = arg; 1989 queue_work(dev->wq, &dev->mi_tx_work); 1990 1991 return -EINPROGRESS; 1992 } 1993 1994 skb = pn533_build_response(dev); 1995 if (!skb) { 1996 rc = -ENOMEM; 1997 goto error; 1998 } 1999 2000 arg->cb(arg->cb_context, skb, 0); 2001 kfree(arg); 2002 return 0; 2003 2004 error: 2005 dev_kfree_skb(resp); 2006 _error: 2007 skb_queue_purge(&dev->resp_q); 2008 arg->cb(arg->cb_context, NULL, rc); 2009 kfree(arg); 2010 return rc; 2011 } 2012 2013 /* 2014 * Receive an incoming pn533 frame. skb contains only header and payload. 2015 * If skb == NULL, it is a notification that the link below is dead. 2016 */ 2017 void pn533_recv_frame(struct pn533 *dev, struct sk_buff *skb, int status) 2018 { 2019 if (!dev->cmd) 2020 goto sched_wq; 2021 2022 dev->cmd->status = status; 2023 2024 if (status != 0) { 2025 dev_dbg(dev->dev, "%s: Error received: %d\n", __func__, status); 2026 goto sched_wq; 2027 } 2028 2029 if (skb == NULL) { 2030 pr_err("NULL Frame -> link is dead\n"); 2031 goto sched_wq; 2032 } 2033 2034 if (pn533_rx_frame_is_ack(skb->data)) { 2035 dev_dbg(dev->dev, "%s: Received ACK frame\n", __func__); 2036 dev_kfree_skb(skb); 2037 return; 2038 } 2039 2040 print_hex_dump_debug("PN533 RX: ", DUMP_PREFIX_NONE, 16, 1, skb->data, 2041 dev->ops->rx_frame_size(skb->data), false); 2042 2043 if (!dev->ops->rx_is_frame_valid(skb->data, dev)) { 2044 nfc_err(dev->dev, "Received an invalid frame\n"); 2045 dev->cmd->status = -EIO; 2046 } else if (!pn533_rx_frame_is_cmd_response(dev, skb->data)) { 2047 nfc_err(dev->dev, "It it not the response to the last command\n"); 2048 dev->cmd->status = -EIO; 2049 } 2050 2051 dev->cmd->resp = skb; 2052 2053 sched_wq: 2054 queue_work(dev->wq, &dev->cmd_complete_work); 2055 } 2056 EXPORT_SYMBOL(pn533_recv_frame); 2057 2058 /* Split the Tx skb into small chunks */ 2059 static int pn533_fill_fragment_skbs(struct pn533 *dev, struct sk_buff *skb) 2060 { 2061 struct sk_buff *frag; 2062 int frag_size; 2063 2064 do { 2065 /* Remaining size */ 2066 if (skb->len > PN533_CMD_DATAFRAME_MAXLEN) 2067 frag_size = PN533_CMD_DATAFRAME_MAXLEN; 2068 else 2069 frag_size = skb->len; 2070 2071 /* Allocate and reserve */ 2072 frag = pn533_alloc_skb(dev, frag_size); 2073 if (!frag) { 2074 skb_queue_purge(&dev->fragment_skb); 2075 break; 2076 } 2077 2078 if (!dev->tgt_mode) { 2079 /* Reserve the TG/MI byte */ 2080 skb_reserve(frag, 1); 2081 2082 /* MI + TG */ 2083 if (frag_size == PN533_CMD_DATAFRAME_MAXLEN) 2084 *skb_push(frag, sizeof(u8)) = 2085 (PN533_CMD_MI_MASK | 1); 2086 else 2087 *skb_push(frag, sizeof(u8)) = 1; /* TG */ 2088 } 2089 2090 memcpy(skb_put(frag, frag_size), skb->data, frag_size); 2091 2092 /* Reduce the size of incoming buffer */ 2093 skb_pull(skb, frag_size); 2094 2095 /* Add this to skb_queue */ 2096 skb_queue_tail(&dev->fragment_skb, frag); 2097 2098 } while (skb->len > 0); 2099 2100 dev_kfree_skb(skb); 2101 2102 return skb_queue_len(&dev->fragment_skb); 2103 } 2104 2105 static int pn533_transceive(struct nfc_dev *nfc_dev, 2106 struct nfc_target *target, struct sk_buff *skb, 2107 data_exchange_cb_t cb, void *cb_context) 2108 { 2109 struct pn533 *dev = nfc_get_drvdata(nfc_dev); 2110 struct pn533_data_exchange_arg *arg = NULL; 2111 int rc; 2112 2113 dev_dbg(dev->dev, "%s\n", __func__); 2114 2115 if (!dev->tgt_active_prot) { 2116 nfc_err(dev->dev, 2117 "Can't exchange data if there is no active target\n"); 2118 rc = -EINVAL; 2119 goto error; 2120 } 2121 2122 arg = kmalloc(sizeof(*arg), GFP_KERNEL); 2123 if (!arg) { 2124 rc = -ENOMEM; 2125 goto error; 2126 } 2127 2128 arg->cb = cb; 2129 arg->cb_context = cb_context; 2130 2131 switch (dev->device_type) { 2132 case PN533_DEVICE_PASORI: 2133 if (dev->tgt_active_prot == NFC_PROTO_FELICA) { 2134 rc = pn533_send_data_async(dev, PN533_CMD_IN_COMM_THRU, 2135 skb, 2136 pn533_data_exchange_complete, 2137 arg); 2138 2139 break; 2140 } 2141 default: 2142 /* jumbo frame ? */ 2143 if (skb->len > PN533_CMD_DATAEXCH_DATA_MAXLEN) { 2144 rc = pn533_fill_fragment_skbs(dev, skb); 2145 if (rc <= 0) 2146 goto error; 2147 2148 skb = skb_dequeue(&dev->fragment_skb); 2149 if (!skb) { 2150 rc = -EIO; 2151 goto error; 2152 } 2153 } else { 2154 *skb_push(skb, sizeof(u8)) = 1; /* TG */ 2155 } 2156 2157 rc = pn533_send_data_async(dev, PN533_CMD_IN_DATA_EXCHANGE, 2158 skb, pn533_data_exchange_complete, 2159 arg); 2160 2161 break; 2162 } 2163 2164 if (rc < 0) /* rc from send_async */ 2165 goto error; 2166 2167 return 0; 2168 2169 error: 2170 kfree(arg); 2171 dev_kfree_skb(skb); 2172 return rc; 2173 } 2174 2175 static int pn533_tm_send_complete(struct pn533 *dev, void *arg, 2176 struct sk_buff *resp) 2177 { 2178 u8 status; 2179 2180 dev_dbg(dev->dev, "%s\n", __func__); 2181 2182 if (IS_ERR(resp)) 2183 return PTR_ERR(resp); 2184 2185 status = resp->data[0]; 2186 2187 /* Prepare for the next round */ 2188 if (skb_queue_len(&dev->fragment_skb) > 0) { 2189 queue_work(dev->wq, &dev->mi_tm_tx_work); 2190 return -EINPROGRESS; 2191 } 2192 dev_kfree_skb(resp); 2193 2194 if (status != 0) { 2195 nfc_tm_deactivated(dev->nfc_dev); 2196 2197 dev->tgt_mode = 0; 2198 2199 return 0; 2200 } 2201 2202 queue_work(dev->wq, &dev->tg_work); 2203 2204 return 0; 2205 } 2206 2207 static int pn533_tm_send(struct nfc_dev *nfc_dev, struct sk_buff *skb) 2208 { 2209 struct pn533 *dev = nfc_get_drvdata(nfc_dev); 2210 int rc; 2211 2212 dev_dbg(dev->dev, "%s\n", __func__); 2213 2214 /* let's split in multiple chunks if size's too big */ 2215 if (skb->len > PN533_CMD_DATAEXCH_DATA_MAXLEN) { 2216 rc = pn533_fill_fragment_skbs(dev, skb); 2217 if (rc <= 0) 2218 goto error; 2219 2220 /* get the first skb */ 2221 skb = skb_dequeue(&dev->fragment_skb); 2222 if (!skb) { 2223 rc = -EIO; 2224 goto error; 2225 } 2226 2227 rc = pn533_send_data_async(dev, PN533_CMD_TG_SET_META_DATA, skb, 2228 pn533_tm_send_complete, NULL); 2229 } else { 2230 /* Send th skb */ 2231 rc = pn533_send_data_async(dev, PN533_CMD_TG_SET_DATA, skb, 2232 pn533_tm_send_complete, NULL); 2233 } 2234 2235 error: 2236 if (rc < 0) { 2237 dev_kfree_skb(skb); 2238 skb_queue_purge(&dev->fragment_skb); 2239 } 2240 2241 return rc; 2242 } 2243 2244 static void pn533_wq_mi_recv(struct work_struct *work) 2245 { 2246 struct pn533 *dev = container_of(work, struct pn533, mi_rx_work); 2247 struct sk_buff *skb; 2248 int rc; 2249 2250 dev_dbg(dev->dev, "%s\n", __func__); 2251 2252 skb = pn533_alloc_skb(dev, PN533_CMD_DATAEXCH_HEAD_LEN); 2253 if (!skb) 2254 goto error; 2255 2256 switch (dev->device_type) { 2257 case PN533_DEVICE_PASORI: 2258 if (dev->tgt_active_prot == NFC_PROTO_FELICA) { 2259 rc = pn533_send_cmd_direct_async(dev, 2260 PN533_CMD_IN_COMM_THRU, 2261 skb, 2262 pn533_data_exchange_complete, 2263 dev->cmd_complete_mi_arg); 2264 2265 break; 2266 } 2267 default: 2268 *skb_put(skb, sizeof(u8)) = 1; /*TG*/ 2269 2270 rc = pn533_send_cmd_direct_async(dev, 2271 PN533_CMD_IN_DATA_EXCHANGE, 2272 skb, 2273 pn533_data_exchange_complete, 2274 dev->cmd_complete_mi_arg); 2275 2276 break; 2277 } 2278 2279 if (rc == 0) /* success */ 2280 return; 2281 2282 nfc_err(dev->dev, 2283 "Error %d when trying to perform data_exchange\n", rc); 2284 2285 dev_kfree_skb(skb); 2286 kfree(dev->cmd_complete_mi_arg); 2287 2288 error: 2289 dev->phy_ops->send_ack(dev, GFP_KERNEL); 2290 queue_work(dev->wq, &dev->cmd_work); 2291 } 2292 2293 static void pn533_wq_mi_send(struct work_struct *work) 2294 { 2295 struct pn533 *dev = container_of(work, struct pn533, mi_tx_work); 2296 struct sk_buff *skb; 2297 int rc; 2298 2299 dev_dbg(dev->dev, "%s\n", __func__); 2300 2301 /* Grab the first skb in the queue */ 2302 skb = skb_dequeue(&dev->fragment_skb); 2303 2304 if (skb == NULL) { /* No more data */ 2305 /* Reset the queue for future use */ 2306 skb_queue_head_init(&dev->fragment_skb); 2307 goto error; 2308 } 2309 2310 switch (dev->device_type) { 2311 case PN533_DEVICE_PASORI: 2312 if (dev->tgt_active_prot != NFC_PROTO_FELICA) { 2313 rc = -EIO; 2314 break; 2315 } 2316 2317 rc = pn533_send_cmd_direct_async(dev, PN533_CMD_IN_COMM_THRU, 2318 skb, 2319 pn533_data_exchange_complete, 2320 dev->cmd_complete_dep_arg); 2321 2322 break; 2323 2324 default: 2325 /* Still some fragments? */ 2326 rc = pn533_send_cmd_direct_async(dev, 2327 PN533_CMD_IN_DATA_EXCHANGE, 2328 skb, 2329 pn533_data_exchange_complete, 2330 dev->cmd_complete_dep_arg); 2331 2332 break; 2333 } 2334 2335 if (rc == 0) /* success */ 2336 return; 2337 2338 nfc_err(dev->dev, 2339 "Error %d when trying to perform data_exchange\n", rc); 2340 2341 dev_kfree_skb(skb); 2342 kfree(dev->cmd_complete_dep_arg); 2343 2344 error: 2345 dev->phy_ops->send_ack(dev, GFP_KERNEL); 2346 queue_work(dev->wq, &dev->cmd_work); 2347 } 2348 2349 static int pn533_set_configuration(struct pn533 *dev, u8 cfgitem, u8 *cfgdata, 2350 u8 cfgdata_len) 2351 { 2352 struct sk_buff *skb; 2353 struct sk_buff *resp; 2354 int skb_len; 2355 2356 dev_dbg(dev->dev, "%s\n", __func__); 2357 2358 skb_len = sizeof(cfgitem) + cfgdata_len; /* cfgitem + cfgdata */ 2359 2360 skb = pn533_alloc_skb(dev, skb_len); 2361 if (!skb) 2362 return -ENOMEM; 2363 2364 *skb_put(skb, sizeof(cfgitem)) = cfgitem; 2365 memcpy(skb_put(skb, cfgdata_len), cfgdata, cfgdata_len); 2366 2367 resp = pn533_send_cmd_sync(dev, PN533_CMD_RF_CONFIGURATION, skb); 2368 if (IS_ERR(resp)) 2369 return PTR_ERR(resp); 2370 2371 dev_kfree_skb(resp); 2372 return 0; 2373 } 2374 2375 static int pn533_get_firmware_version(struct pn533 *dev, 2376 struct pn533_fw_version *fv) 2377 { 2378 struct sk_buff *skb; 2379 struct sk_buff *resp; 2380 2381 skb = pn533_alloc_skb(dev, 0); 2382 if (!skb) 2383 return -ENOMEM; 2384 2385 resp = pn533_send_cmd_sync(dev, PN533_CMD_GET_FIRMWARE_VERSION, skb); 2386 if (IS_ERR(resp)) 2387 return PTR_ERR(resp); 2388 2389 fv->ic = resp->data[0]; 2390 fv->ver = resp->data[1]; 2391 fv->rev = resp->data[2]; 2392 fv->support = resp->data[3]; 2393 2394 dev_kfree_skb(resp); 2395 return 0; 2396 } 2397 2398 static int pn533_pasori_fw_reset(struct pn533 *dev) 2399 { 2400 struct sk_buff *skb; 2401 struct sk_buff *resp; 2402 2403 dev_dbg(dev->dev, "%s\n", __func__); 2404 2405 skb = pn533_alloc_skb(dev, sizeof(u8)); 2406 if (!skb) 2407 return -ENOMEM; 2408 2409 *skb_put(skb, sizeof(u8)) = 0x1; 2410 2411 resp = pn533_send_cmd_sync(dev, 0x18, skb); 2412 if (IS_ERR(resp)) 2413 return PTR_ERR(resp); 2414 2415 dev_kfree_skb(resp); 2416 2417 return 0; 2418 } 2419 2420 static int pn533_rf_field(struct nfc_dev *nfc_dev, u8 rf) 2421 { 2422 struct pn533 *dev = nfc_get_drvdata(nfc_dev); 2423 u8 rf_field = !!rf; 2424 int rc; 2425 2426 rf_field |= PN533_CFGITEM_RF_FIELD_AUTO_RFCA; 2427 2428 rc = pn533_set_configuration(dev, PN533_CFGITEM_RF_FIELD, 2429 (u8 *)&rf_field, 1); 2430 if (rc) { 2431 nfc_err(dev->dev, "Error on setting RF field\n"); 2432 return rc; 2433 } 2434 2435 return rc; 2436 } 2437 2438 static int pn532_sam_configuration(struct nfc_dev *nfc_dev) 2439 { 2440 struct pn533 *dev = nfc_get_drvdata(nfc_dev); 2441 struct sk_buff *skb; 2442 struct sk_buff *resp; 2443 2444 skb = pn533_alloc_skb(dev, 1); 2445 if (!skb) 2446 return -ENOMEM; 2447 2448 *skb_put(skb, 1) = 0x01; 2449 2450 resp = pn533_send_cmd_sync(dev, PN533_CMD_SAM_CONFIGURATION, skb); 2451 if (IS_ERR(resp)) 2452 return PTR_ERR(resp); 2453 2454 dev_kfree_skb(resp); 2455 return 0; 2456 } 2457 2458 static int pn533_dev_up(struct nfc_dev *nfc_dev) 2459 { 2460 struct pn533 *dev = nfc_get_drvdata(nfc_dev); 2461 2462 if (dev->device_type == PN533_DEVICE_PN532) { 2463 int rc = pn532_sam_configuration(nfc_dev); 2464 2465 if (rc) 2466 return rc; 2467 } 2468 2469 return pn533_rf_field(nfc_dev, 1); 2470 } 2471 2472 static int pn533_dev_down(struct nfc_dev *nfc_dev) 2473 { 2474 return pn533_rf_field(nfc_dev, 0); 2475 } 2476 2477 static struct nfc_ops pn533_nfc_ops = { 2478 .dev_up = pn533_dev_up, 2479 .dev_down = pn533_dev_down, 2480 .dep_link_up = pn533_dep_link_up, 2481 .dep_link_down = pn533_dep_link_down, 2482 .start_poll = pn533_start_poll, 2483 .stop_poll = pn533_stop_poll, 2484 .activate_target = pn533_activate_target, 2485 .deactivate_target = pn533_deactivate_target, 2486 .im_transceive = pn533_transceive, 2487 .tm_send = pn533_tm_send, 2488 }; 2489 2490 static int pn533_setup(struct pn533 *dev) 2491 { 2492 struct pn533_config_max_retries max_retries; 2493 struct pn533_config_timing timing; 2494 u8 pasori_cfg[3] = {0x08, 0x01, 0x08}; 2495 int rc; 2496 2497 switch (dev->device_type) { 2498 case PN533_DEVICE_STD: 2499 case PN533_DEVICE_PASORI: 2500 case PN533_DEVICE_ACR122U: 2501 case PN533_DEVICE_PN532: 2502 max_retries.mx_rty_atr = 0x2; 2503 max_retries.mx_rty_psl = 0x1; 2504 max_retries.mx_rty_passive_act = 2505 PN533_CONFIG_MAX_RETRIES_NO_RETRY; 2506 2507 timing.rfu = PN533_CONFIG_TIMING_102; 2508 timing.atr_res_timeout = PN533_CONFIG_TIMING_102; 2509 timing.dep_timeout = PN533_CONFIG_TIMING_204; 2510 2511 break; 2512 2513 default: 2514 nfc_err(dev->dev, "Unknown device type %d\n", 2515 dev->device_type); 2516 return -EINVAL; 2517 } 2518 2519 rc = pn533_set_configuration(dev, PN533_CFGITEM_MAX_RETRIES, 2520 (u8 *)&max_retries, sizeof(max_retries)); 2521 if (rc) { 2522 nfc_err(dev->dev, 2523 "Error on setting MAX_RETRIES config\n"); 2524 return rc; 2525 } 2526 2527 2528 rc = pn533_set_configuration(dev, PN533_CFGITEM_TIMING, 2529 (u8 *)&timing, sizeof(timing)); 2530 if (rc) { 2531 nfc_err(dev->dev, "Error on setting RF timings\n"); 2532 return rc; 2533 } 2534 2535 switch (dev->device_type) { 2536 case PN533_DEVICE_STD: 2537 case PN533_DEVICE_PN532: 2538 break; 2539 2540 case PN533_DEVICE_PASORI: 2541 pn533_pasori_fw_reset(dev); 2542 2543 rc = pn533_set_configuration(dev, PN533_CFGITEM_PASORI, 2544 pasori_cfg, 3); 2545 if (rc) { 2546 nfc_err(dev->dev, 2547 "Error while settings PASORI config\n"); 2548 return rc; 2549 } 2550 2551 pn533_pasori_fw_reset(dev); 2552 2553 break; 2554 } 2555 2556 return 0; 2557 } 2558 2559 struct pn533 *pn533_register_device(u32 device_type, 2560 u32 protocols, 2561 enum pn533_protocol_type protocol_type, 2562 void *phy, 2563 struct pn533_phy_ops *phy_ops, 2564 struct pn533_frame_ops *fops, 2565 struct device *dev, 2566 struct device *parent) 2567 { 2568 struct pn533_fw_version fw_ver; 2569 struct pn533 *priv; 2570 int rc = -ENOMEM; 2571 2572 priv = kzalloc(sizeof(*priv), GFP_KERNEL); 2573 if (!priv) 2574 return ERR_PTR(-ENOMEM); 2575 2576 priv->phy = phy; 2577 priv->phy_ops = phy_ops; 2578 priv->dev = dev; 2579 if (fops != NULL) 2580 priv->ops = fops; 2581 else 2582 priv->ops = &pn533_std_frame_ops; 2583 2584 priv->protocol_type = protocol_type; 2585 priv->device_type = device_type; 2586 2587 mutex_init(&priv->cmd_lock); 2588 2589 INIT_WORK(&priv->cmd_work, pn533_wq_cmd); 2590 INIT_WORK(&priv->cmd_complete_work, pn533_wq_cmd_complete); 2591 INIT_WORK(&priv->mi_rx_work, pn533_wq_mi_recv); 2592 INIT_WORK(&priv->mi_tx_work, pn533_wq_mi_send); 2593 INIT_WORK(&priv->tg_work, pn533_wq_tg_get_data); 2594 INIT_WORK(&priv->mi_tm_rx_work, pn533_wq_tm_mi_recv); 2595 INIT_WORK(&priv->mi_tm_tx_work, pn533_wq_tm_mi_send); 2596 INIT_DELAYED_WORK(&priv->poll_work, pn533_wq_poll); 2597 INIT_WORK(&priv->rf_work, pn533_wq_rf); 2598 priv->wq = alloc_ordered_workqueue("pn533", 0); 2599 if (priv->wq == NULL) 2600 goto error; 2601 2602 init_timer(&priv->listen_timer); 2603 priv->listen_timer.data = (unsigned long) priv; 2604 priv->listen_timer.function = pn533_listen_mode_timer; 2605 2606 skb_queue_head_init(&priv->resp_q); 2607 skb_queue_head_init(&priv->fragment_skb); 2608 2609 INIT_LIST_HEAD(&priv->cmd_queue); 2610 2611 memset(&fw_ver, 0, sizeof(fw_ver)); 2612 rc = pn533_get_firmware_version(priv, &fw_ver); 2613 if (rc < 0) 2614 goto destroy_wq; 2615 2616 nfc_info(dev, "NXP PN5%02X firmware ver %d.%d now attached\n", 2617 fw_ver.ic, fw_ver.ver, fw_ver.rev); 2618 2619 2620 priv->nfc_dev = nfc_allocate_device(&pn533_nfc_ops, protocols, 2621 priv->ops->tx_header_len + 2622 PN533_CMD_DATAEXCH_HEAD_LEN, 2623 priv->ops->tx_tail_len); 2624 if (!priv->nfc_dev) { 2625 rc = -ENOMEM; 2626 goto destroy_wq; 2627 } 2628 2629 nfc_set_parent_dev(priv->nfc_dev, parent); 2630 nfc_set_drvdata(priv->nfc_dev, priv); 2631 2632 rc = nfc_register_device(priv->nfc_dev); 2633 if (rc) 2634 goto free_nfc_dev; 2635 2636 rc = pn533_setup(priv); 2637 if (rc) 2638 goto unregister_nfc_dev; 2639 2640 return priv; 2641 2642 unregister_nfc_dev: 2643 nfc_unregister_device(priv->nfc_dev); 2644 2645 free_nfc_dev: 2646 nfc_free_device(priv->nfc_dev); 2647 2648 destroy_wq: 2649 destroy_workqueue(priv->wq); 2650 error: 2651 kfree(priv); 2652 return ERR_PTR(rc); 2653 } 2654 EXPORT_SYMBOL_GPL(pn533_register_device); 2655 2656 void pn533_unregister_device(struct pn533 *priv) 2657 { 2658 struct pn533_cmd *cmd, *n; 2659 2660 nfc_unregister_device(priv->nfc_dev); 2661 nfc_free_device(priv->nfc_dev); 2662 2663 flush_delayed_work(&priv->poll_work); 2664 destroy_workqueue(priv->wq); 2665 2666 skb_queue_purge(&priv->resp_q); 2667 2668 del_timer(&priv->listen_timer); 2669 2670 list_for_each_entry_safe(cmd, n, &priv->cmd_queue, queue) { 2671 list_del(&cmd->queue); 2672 kfree(cmd); 2673 } 2674 2675 kfree(priv); 2676 } 2677 EXPORT_SYMBOL_GPL(pn533_unregister_device); 2678 2679 2680 MODULE_AUTHOR("Lauro Ramos Venancio <lauro.venancio@openbossa.org>"); 2681 MODULE_AUTHOR("Aloisio Almeida Jr <aloisio.almeida@openbossa.org>"); 2682 MODULE_AUTHOR("Waldemar Rymarkiewicz <waldemar.rymarkiewicz@tieto.com>"); 2683 MODULE_DESCRIPTION("PN533 driver ver " VERSION); 2684 MODULE_VERSION(VERSION); 2685 MODULE_LICENSE("GPL"); 2686