1 // SPDX-License-Identifier: GPL-2.0-or-later
3 * Driver for NXP PN533 NFC Chip - core functions
5 * Copyright (C) 2011 Instituto Nokia de Tecnologia
6 * Copyright (C) 2012-2013 Tieto Poland
9 #include <linux/device.h>
10 #include <linux/kernel.h>
11 #include <linux/module.h>
12 #include <linux/slab.h>
13 #include <linux/nfc.h>
14 #include <linux/netdevice.h>
15 #include <net/nfc/nfc.h>
20 /* How much time we spend listening for initiators */
21 #define PN533_LISTEN_TIME 2
22 /* Delay between each poll frame (ms) */
23 #define PN533_POLL_INTERVAL 10
25 /* structs for pn533 commands */
27 /* PN533_CMD_GET_FIRMWARE_VERSION */
28 struct pn533_fw_version {
35 /* PN533_CMD_RF_CONFIGURATION */
36 #define PN533_CFGITEM_RF_FIELD 0x01
37 #define PN533_CFGITEM_TIMING 0x02
38 #define PN533_CFGITEM_MAX_RETRIES 0x05
39 #define PN533_CFGITEM_PASORI 0x82
41 #define PN533_CFGITEM_RF_FIELD_AUTO_RFCA 0x2
42 #define PN533_CFGITEM_RF_FIELD_ON 0x1
43 #define PN533_CFGITEM_RF_FIELD_OFF 0x0
45 #define PN533_CONFIG_TIMING_102 0xb
46 #define PN533_CONFIG_TIMING_204 0xc
47 #define PN533_CONFIG_TIMING_409 0xd
48 #define PN533_CONFIG_TIMING_819 0xe
50 #define PN533_CONFIG_MAX_RETRIES_NO_RETRY 0x00
51 #define PN533_CONFIG_MAX_RETRIES_ENDLESS 0xFF
53 struct pn533_config_max_retries {
56 u8 mx_rty_passive_act;
59 struct pn533_config_timing {
65 /* PN533_CMD_IN_LIST_PASSIVE_TARGET */
67 /* felica commands opcode */
68 #define PN533_FELICA_OPC_SENSF_REQ 0
69 #define PN533_FELICA_OPC_SENSF_RES 1
70 /* felica SENSF_REQ parameters */
71 #define PN533_FELICA_SENSF_SC_ALL 0xFFFF
72 #define PN533_FELICA_SENSF_RC_NO_SYSTEM_CODE 0
73 #define PN533_FELICA_SENSF_RC_SYSTEM_CODE 1
74 #define PN533_FELICA_SENSF_RC_ADVANCED_PROTOCOL 2
76 /* type B initiator_data values */
77 #define PN533_TYPE_B_AFI_ALL_FAMILIES 0
78 #define PN533_TYPE_B_POLL_METHOD_TIMESLOT 0
79 #define PN533_TYPE_B_POLL_METHOD_PROBABILISTIC 1
81 union pn533_cmd_poll_initdata {
94 struct pn533_poll_modulations {
98 union pn533_cmd_poll_initdata initiator_data;
103 static const struct pn533_poll_modulations poll_mod[] = {
104 [PN533_POLL_MOD_106KBPS_A] = {
111 [PN533_POLL_MOD_212KBPS_FELICA] = {
115 .initiator_data.felica = {
116 .opcode = PN533_FELICA_OPC_SENSF_REQ,
117 .sc = PN533_FELICA_SENSF_SC_ALL,
118 .rc = PN533_FELICA_SENSF_RC_SYSTEM_CODE,
124 [PN533_POLL_MOD_424KBPS_FELICA] = {
128 .initiator_data.felica = {
129 .opcode = PN533_FELICA_OPC_SENSF_REQ,
130 .sc = PN533_FELICA_SENSF_SC_ALL,
131 .rc = PN533_FELICA_SENSF_RC_SYSTEM_CODE,
137 [PN533_POLL_MOD_106KBPS_JEWEL] = {
144 [PN533_POLL_MOD_847KBPS_B] = {
148 .initiator_data.type_b = {
149 .afi = PN533_TYPE_B_AFI_ALL_FAMILIES,
151 PN533_TYPE_B_POLL_METHOD_TIMESLOT,
156 [PN533_LISTEN_MOD] = {
161 /* PN533_CMD_IN_ATR */
163 struct pn533_cmd_activate_response {
175 struct pn533_cmd_jump_dep_response {
189 /* PN533_TG_INIT_AS_TARGET */
190 #define PN533_INIT_TARGET_PASSIVE 0x1
191 #define PN533_INIT_TARGET_DEP 0x2
193 #define PN533_INIT_TARGET_RESP_FRAME_MASK 0x3
194 #define PN533_INIT_TARGET_RESP_ACTIVE 0x1
195 #define PN533_INIT_TARGET_RESP_DEP 0x4
197 /* The rule: value(high byte) + value(low byte) + checksum = 0 */
198 static inline u8 pn533_ext_checksum(u16 value)
200 return ~(u8)(((value & 0xFF00) >> 8) + (u8)(value & 0xFF)) + 1;
203 /* The rule: value + checksum = 0 */
204 static inline u8 pn533_std_checksum(u8 value)
209 /* The rule: sum(data elements) + checksum = 0 */
210 static u8 pn533_std_data_checksum(u8 *data, int datalen)
215 for (i = 0; i < datalen; i++)
218 return pn533_std_checksum(sum);
221 static void pn533_std_tx_frame_init(void *_frame, u8 cmd_code)
223 struct pn533_std_frame *frame = _frame;
226 frame->start_frame = cpu_to_be16(PN533_STD_FRAME_SOF);
227 PN533_STD_FRAME_IDENTIFIER(frame) = PN533_STD_FRAME_DIR_OUT;
228 PN533_FRAME_CMD(frame) = cmd_code;
232 static void pn533_std_tx_frame_finish(void *_frame)
234 struct pn533_std_frame *frame = _frame;
236 frame->datalen_checksum = pn533_std_checksum(frame->datalen);
238 PN533_STD_FRAME_CHECKSUM(frame) =
239 pn533_std_data_checksum(frame->data, frame->datalen);
241 PN533_STD_FRAME_POSTAMBLE(frame) = 0;
244 static void pn533_std_tx_update_payload_len(void *_frame, int len)
246 struct pn533_std_frame *frame = _frame;
248 frame->datalen += len;
251 static bool pn533_std_rx_frame_is_valid(void *_frame, struct pn533 *dev)
254 struct pn533_std_frame *stdf = _frame;
256 if (stdf->start_frame != cpu_to_be16(PN533_STD_FRAME_SOF))
259 if (likely(!PN533_STD_IS_EXTENDED(stdf))) {
260 /* Standard frame code */
261 dev->ops->rx_header_len = PN533_STD_FRAME_HEADER_LEN;
263 checksum = pn533_std_checksum(stdf->datalen);
264 if (checksum != stdf->datalen_checksum)
267 checksum = pn533_std_data_checksum(stdf->data, stdf->datalen);
268 if (checksum != PN533_STD_FRAME_CHECKSUM(stdf))
272 struct pn533_ext_frame *eif = _frame;
274 dev->ops->rx_header_len = PN533_EXT_FRAME_HEADER_LEN;
276 checksum = pn533_ext_checksum(be16_to_cpu(eif->datalen));
277 if (checksum != eif->datalen_checksum)
280 /* check data checksum */
281 checksum = pn533_std_data_checksum(eif->data,
282 be16_to_cpu(eif->datalen));
283 if (checksum != PN533_EXT_FRAME_CHECKSUM(eif))
290 bool pn533_rx_frame_is_ack(void *_frame)
292 struct pn533_std_frame *frame = _frame;
294 if (frame->start_frame != cpu_to_be16(PN533_STD_FRAME_SOF))
297 if (frame->datalen != 0 || frame->datalen_checksum != 0xFF)
302 EXPORT_SYMBOL_GPL(pn533_rx_frame_is_ack);
304 static inline int pn533_std_rx_frame_size(void *frame)
306 struct pn533_std_frame *f = frame;
308 /* check for Extended Information frame */
309 if (PN533_STD_IS_EXTENDED(f)) {
310 struct pn533_ext_frame *eif = frame;
312 return sizeof(struct pn533_ext_frame)
313 + be16_to_cpu(eif->datalen) + PN533_STD_FRAME_TAIL_LEN;
316 return sizeof(struct pn533_std_frame) + f->datalen +
317 PN533_STD_FRAME_TAIL_LEN;
320 static u8 pn533_std_get_cmd_code(void *frame)
322 struct pn533_std_frame *f = frame;
323 struct pn533_ext_frame *eif = frame;
325 if (PN533_STD_IS_EXTENDED(f))
326 return PN533_FRAME_CMD(eif);
328 return PN533_FRAME_CMD(f);
331 bool pn533_rx_frame_is_cmd_response(struct pn533 *dev, void *frame)
333 return (dev->ops->get_cmd_code(frame) ==
334 PN533_CMD_RESPONSE(dev->cmd->code));
336 EXPORT_SYMBOL_GPL(pn533_rx_frame_is_cmd_response);
339 static struct pn533_frame_ops pn533_std_frame_ops = {
340 .tx_frame_init = pn533_std_tx_frame_init,
341 .tx_frame_finish = pn533_std_tx_frame_finish,
342 .tx_update_payload_len = pn533_std_tx_update_payload_len,
343 .tx_header_len = PN533_STD_FRAME_HEADER_LEN,
344 .tx_tail_len = PN533_STD_FRAME_TAIL_LEN,
346 .rx_is_frame_valid = pn533_std_rx_frame_is_valid,
347 .rx_frame_size = pn533_std_rx_frame_size,
348 .rx_header_len = PN533_STD_FRAME_HEADER_LEN,
349 .rx_tail_len = PN533_STD_FRAME_TAIL_LEN,
351 .max_payload_len = PN533_STD_FRAME_MAX_PAYLOAD_LEN,
352 .get_cmd_code = pn533_std_get_cmd_code,
355 static void pn533_build_cmd_frame(struct pn533 *dev, u8 cmd_code,
358 /* payload is already there, just update datalen */
359 int payload_len = skb->len;
360 struct pn533_frame_ops *ops = dev->ops;
363 skb_push(skb, ops->tx_header_len);
364 skb_put(skb, ops->tx_tail_len);
366 ops->tx_frame_init(skb->data, cmd_code);
367 ops->tx_update_payload_len(skb->data, payload_len);
368 ops->tx_frame_finish(skb->data);
371 static int pn533_send_async_complete(struct pn533 *dev)
373 struct pn533_cmd *cmd = dev->cmd;
374 struct sk_buff *resp;
378 dev_dbg(dev->dev, "%s: cmd not set\n", __func__);
382 dev_kfree_skb(cmd->req);
384 status = cmd->status;
388 rc = cmd->complete_cb(dev, cmd->complete_cb_context,
394 /* when no response is set we got interrupted */
396 resp = ERR_PTR(-EINTR);
399 skb_pull(resp, dev->ops->rx_header_len);
400 skb_trim(resp, resp->len - dev->ops->rx_tail_len);
403 rc = cmd->complete_cb(dev, cmd->complete_cb_context, resp);
411 static int __pn533_send_async(struct pn533 *dev, u8 cmd_code,
413 pn533_send_async_complete_t complete_cb,
414 void *complete_cb_context)
416 struct pn533_cmd *cmd;
419 dev_dbg(dev->dev, "Sending command 0x%x\n", cmd_code);
421 cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
425 cmd->code = cmd_code;
427 cmd->complete_cb = complete_cb;
428 cmd->complete_cb_context = complete_cb_context;
430 pn533_build_cmd_frame(dev, cmd_code, req);
432 mutex_lock(&dev->cmd_lock);
434 if (!dev->cmd_pending) {
436 rc = dev->phy_ops->send_frame(dev, req);
442 dev->cmd_pending = 1;
446 dev_dbg(dev->dev, "%s Queueing command 0x%x\n",
449 INIT_LIST_HEAD(&cmd->queue);
450 list_add_tail(&cmd->queue, &dev->cmd_queue);
457 mutex_unlock(&dev->cmd_lock);
461 static int pn533_send_data_async(struct pn533 *dev, u8 cmd_code,
463 pn533_send_async_complete_t complete_cb,
464 void *complete_cb_context)
468 rc = __pn533_send_async(dev, cmd_code, req, complete_cb,
469 complete_cb_context);
474 static int pn533_send_cmd_async(struct pn533 *dev, u8 cmd_code,
476 pn533_send_async_complete_t complete_cb,
477 void *complete_cb_context)
481 rc = __pn533_send_async(dev, cmd_code, req, complete_cb,
482 complete_cb_context);
488 * pn533_send_cmd_direct_async
490 * The function sends a piority cmd directly to the chip omitting the cmd
491 * queue. It's intended to be used by chaining mechanism of received responses
492 * where the host has to request every single chunk of data before scheduling
493 * next cmd from the queue.
495 static int pn533_send_cmd_direct_async(struct pn533 *dev, u8 cmd_code,
497 pn533_send_async_complete_t complete_cb,
498 void *complete_cb_context)
500 struct pn533_cmd *cmd;
503 cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
507 cmd->code = cmd_code;
509 cmd->complete_cb = complete_cb;
510 cmd->complete_cb_context = complete_cb_context;
512 pn533_build_cmd_frame(dev, cmd_code, req);
515 rc = dev->phy_ops->send_frame(dev, req);
524 static void pn533_wq_cmd_complete(struct work_struct *work)
526 struct pn533 *dev = container_of(work, struct pn533, cmd_complete_work);
529 rc = pn533_send_async_complete(dev);
530 if (rc != -EINPROGRESS)
531 queue_work(dev->wq, &dev->cmd_work);
534 static void pn533_wq_cmd(struct work_struct *work)
536 struct pn533 *dev = container_of(work, struct pn533, cmd_work);
537 struct pn533_cmd *cmd;
540 mutex_lock(&dev->cmd_lock);
542 if (list_empty(&dev->cmd_queue)) {
543 dev->cmd_pending = 0;
544 mutex_unlock(&dev->cmd_lock);
548 cmd = list_first_entry(&dev->cmd_queue, struct pn533_cmd, queue);
550 list_del(&cmd->queue);
552 mutex_unlock(&dev->cmd_lock);
555 rc = dev->phy_ops->send_frame(dev, cmd->req);
558 dev_kfree_skb(cmd->req);
565 struct pn533_sync_cmd_response {
566 struct sk_buff *resp;
567 struct completion done;
570 static int pn533_send_sync_complete(struct pn533 *dev, void *_arg,
571 struct sk_buff *resp)
573 struct pn533_sync_cmd_response *arg = _arg;
576 complete(&arg->done);
581 /* pn533_send_cmd_sync
583 * Please note the req parameter is freed inside the function to
584 * limit a number of return value interpretations by the caller.
586 * 1. negative in case of error during TX path -> req should be freed
588 * 2. negative in case of error during RX path -> req should not be freed
589 * as it's been already freed at the beginning of RX path by
592 * 3. valid pointer in case of succesfult RX path
594 * A caller has to check a return value with IS_ERR macro. If the test pass,
595 * the returned pointer is valid.
598 static struct sk_buff *pn533_send_cmd_sync(struct pn533 *dev, u8 cmd_code,
602 struct pn533_sync_cmd_response arg;
604 init_completion(&arg.done);
606 rc = pn533_send_cmd_async(dev, cmd_code, req,
607 pn533_send_sync_complete, &arg);
613 wait_for_completion(&arg.done);
618 static struct sk_buff *pn533_alloc_skb(struct pn533 *dev, unsigned int size)
622 skb = alloc_skb(dev->ops->tx_header_len +
624 dev->ops->tx_tail_len, GFP_KERNEL);
627 skb_reserve(skb, dev->ops->tx_header_len);
632 struct pn533_target_type_a {
640 #define PN533_TYPE_A_SENS_RES_NFCID1(x) ((u8)((be16_to_cpu(x) & 0x00C0) >> 6))
641 #define PN533_TYPE_A_SENS_RES_SSD(x) ((u8)((be16_to_cpu(x) & 0x001F) >> 0))
642 #define PN533_TYPE_A_SENS_RES_PLATCONF(x) ((u8)((be16_to_cpu(x) & 0x0F00) >> 8))
644 #define PN533_TYPE_A_SENS_RES_SSD_JEWEL 0x00
645 #define PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL 0x0C
647 #define PN533_TYPE_A_SEL_PROT(x) (((x) & 0x60) >> 5)
648 #define PN533_TYPE_A_SEL_CASCADE(x) (((x) & 0x04) >> 2)
650 #define PN533_TYPE_A_SEL_PROT_MIFARE 0
651 #define PN533_TYPE_A_SEL_PROT_ISO14443 1
652 #define PN533_TYPE_A_SEL_PROT_DEP 2
653 #define PN533_TYPE_A_SEL_PROT_ISO14443_DEP 3
655 static bool pn533_target_type_a_is_valid(struct pn533_target_type_a *type_a,
661 if (target_data_len < sizeof(struct pn533_target_type_a))
665 * The length check of nfcid[] and ats[] are not being performed because
666 * the values are not being used
669 /* Requirement 4.6.3.3 from NFC Forum Digital Spec */
670 ssd = PN533_TYPE_A_SENS_RES_SSD(type_a->sens_res);
671 platconf = PN533_TYPE_A_SENS_RES_PLATCONF(type_a->sens_res);
673 if ((ssd == PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
674 platconf != PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL) ||
675 (ssd != PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
676 platconf == PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL))
679 /* Requirements 4.8.2.1, 4.8.2.3, 4.8.2.5 and 4.8.2.7 from NFC Forum */
680 if (PN533_TYPE_A_SEL_CASCADE(type_a->sel_res) != 0)
686 static int pn533_target_found_type_a(struct nfc_target *nfc_tgt, u8 *tgt_data,
689 struct pn533_target_type_a *tgt_type_a;
691 tgt_type_a = (struct pn533_target_type_a *)tgt_data;
693 if (!pn533_target_type_a_is_valid(tgt_type_a, tgt_data_len))
696 switch (PN533_TYPE_A_SEL_PROT(tgt_type_a->sel_res)) {
697 case PN533_TYPE_A_SEL_PROT_MIFARE:
698 nfc_tgt->supported_protocols = NFC_PROTO_MIFARE_MASK;
700 case PN533_TYPE_A_SEL_PROT_ISO14443:
701 nfc_tgt->supported_protocols = NFC_PROTO_ISO14443_MASK;
703 case PN533_TYPE_A_SEL_PROT_DEP:
704 nfc_tgt->supported_protocols = NFC_PROTO_NFC_DEP_MASK;
706 case PN533_TYPE_A_SEL_PROT_ISO14443_DEP:
707 nfc_tgt->supported_protocols = NFC_PROTO_ISO14443_MASK |
708 NFC_PROTO_NFC_DEP_MASK;
712 nfc_tgt->sens_res = be16_to_cpu(tgt_type_a->sens_res);
713 nfc_tgt->sel_res = tgt_type_a->sel_res;
714 nfc_tgt->nfcid1_len = tgt_type_a->nfcid_len;
715 memcpy(nfc_tgt->nfcid1, tgt_type_a->nfcid_data, nfc_tgt->nfcid1_len);
720 struct pn533_target_felica {
723 u8 nfcid2[NFC_NFCID2_MAXSIZE];
729 #define PN533_FELICA_SENSF_NFCID2_DEP_B1 0x01
730 #define PN533_FELICA_SENSF_NFCID2_DEP_B2 0xFE
732 static bool pn533_target_felica_is_valid(struct pn533_target_felica *felica,
735 if (target_data_len < sizeof(struct pn533_target_felica))
738 if (felica->opcode != PN533_FELICA_OPC_SENSF_RES)
744 static int pn533_target_found_felica(struct nfc_target *nfc_tgt, u8 *tgt_data,
747 struct pn533_target_felica *tgt_felica;
749 tgt_felica = (struct pn533_target_felica *)tgt_data;
751 if (!pn533_target_felica_is_valid(tgt_felica, tgt_data_len))
754 if ((tgt_felica->nfcid2[0] == PN533_FELICA_SENSF_NFCID2_DEP_B1) &&
755 (tgt_felica->nfcid2[1] == PN533_FELICA_SENSF_NFCID2_DEP_B2))
756 nfc_tgt->supported_protocols = NFC_PROTO_NFC_DEP_MASK;
758 nfc_tgt->supported_protocols = NFC_PROTO_FELICA_MASK;
760 memcpy(nfc_tgt->sensf_res, &tgt_felica->opcode, 9);
761 nfc_tgt->sensf_res_len = 9;
763 memcpy(nfc_tgt->nfcid2, tgt_felica->nfcid2, NFC_NFCID2_MAXSIZE);
764 nfc_tgt->nfcid2_len = NFC_NFCID2_MAXSIZE;
769 struct pn533_target_jewel {
774 static bool pn533_target_jewel_is_valid(struct pn533_target_jewel *jewel,
780 if (target_data_len < sizeof(struct pn533_target_jewel))
783 /* Requirement 4.6.3.3 from NFC Forum Digital Spec */
784 ssd = PN533_TYPE_A_SENS_RES_SSD(jewel->sens_res);
785 platconf = PN533_TYPE_A_SENS_RES_PLATCONF(jewel->sens_res);
787 if ((ssd == PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
788 platconf != PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL) ||
789 (ssd != PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
790 platconf == PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL))
796 static int pn533_target_found_jewel(struct nfc_target *nfc_tgt, u8 *tgt_data,
799 struct pn533_target_jewel *tgt_jewel;
801 tgt_jewel = (struct pn533_target_jewel *)tgt_data;
803 if (!pn533_target_jewel_is_valid(tgt_jewel, tgt_data_len))
806 nfc_tgt->supported_protocols = NFC_PROTO_JEWEL_MASK;
807 nfc_tgt->sens_res = be16_to_cpu(tgt_jewel->sens_res);
808 nfc_tgt->nfcid1_len = 4;
809 memcpy(nfc_tgt->nfcid1, tgt_jewel->jewelid, nfc_tgt->nfcid1_len);
814 struct pn533_type_b_prot_info {
820 #define PN533_TYPE_B_PROT_FCSI(x) (((x) & 0xF0) >> 4)
821 #define PN533_TYPE_B_PROT_TYPE(x) (((x) & 0x0F) >> 0)
822 #define PN533_TYPE_B_PROT_TYPE_RFU_MASK 0x8
824 struct pn533_type_b_sens_res {
828 struct pn533_type_b_prot_info prot_info;
831 #define PN533_TYPE_B_OPC_SENSB_RES 0x50
833 struct pn533_target_type_b {
834 struct pn533_type_b_sens_res sensb_res;
839 static bool pn533_target_type_b_is_valid(struct pn533_target_type_b *type_b,
842 if (target_data_len < sizeof(struct pn533_target_type_b))
845 if (type_b->sensb_res.opcode != PN533_TYPE_B_OPC_SENSB_RES)
848 if (PN533_TYPE_B_PROT_TYPE(type_b->sensb_res.prot_info.fsci_type) &
849 PN533_TYPE_B_PROT_TYPE_RFU_MASK)
855 static int pn533_target_found_type_b(struct nfc_target *nfc_tgt, u8 *tgt_data,
858 struct pn533_target_type_b *tgt_type_b;
860 tgt_type_b = (struct pn533_target_type_b *)tgt_data;
862 if (!pn533_target_type_b_is_valid(tgt_type_b, tgt_data_len))
865 nfc_tgt->supported_protocols = NFC_PROTO_ISO14443_B_MASK;
870 static void pn533_poll_reset_mod_list(struct pn533 *dev);
871 static int pn533_target_found(struct pn533 *dev, u8 tg, u8 *tgdata,
874 struct nfc_target nfc_tgt;
877 dev_dbg(dev->dev, "%s: modulation=%d\n",
878 __func__, dev->poll_mod_curr);
883 memset(&nfc_tgt, 0, sizeof(struct nfc_target));
885 switch (dev->poll_mod_curr) {
886 case PN533_POLL_MOD_106KBPS_A:
887 rc = pn533_target_found_type_a(&nfc_tgt, tgdata, tgdata_len);
889 case PN533_POLL_MOD_212KBPS_FELICA:
890 case PN533_POLL_MOD_424KBPS_FELICA:
891 rc = pn533_target_found_felica(&nfc_tgt, tgdata, tgdata_len);
893 case PN533_POLL_MOD_106KBPS_JEWEL:
894 rc = pn533_target_found_jewel(&nfc_tgt, tgdata, tgdata_len);
896 case PN533_POLL_MOD_847KBPS_B:
897 rc = pn533_target_found_type_b(&nfc_tgt, tgdata, tgdata_len);
901 "Unknown current poll modulation\n");
908 if (!(nfc_tgt.supported_protocols & dev->poll_protocols)) {
910 "The Tg found doesn't have the desired protocol\n");
915 "Target found - supported protocols: 0x%x\n",
916 nfc_tgt.supported_protocols);
918 dev->tgt_available_prots = nfc_tgt.supported_protocols;
920 pn533_poll_reset_mod_list(dev);
921 nfc_targets_found(dev->nfc_dev, &nfc_tgt, 1);
926 static inline void pn533_poll_next_mod(struct pn533 *dev)
928 dev->poll_mod_curr = (dev->poll_mod_curr + 1) % dev->poll_mod_count;
931 static void pn533_poll_reset_mod_list(struct pn533 *dev)
933 dev->poll_mod_count = 0;
936 static void pn533_poll_add_mod(struct pn533 *dev, u8 mod_index)
938 dev->poll_mod_active[dev->poll_mod_count] =
939 (struct pn533_poll_modulations *)&poll_mod[mod_index];
940 dev->poll_mod_count++;
943 static void pn533_poll_create_mod_list(struct pn533 *dev,
944 u32 im_protocols, u32 tm_protocols)
946 pn533_poll_reset_mod_list(dev);
948 if ((im_protocols & NFC_PROTO_MIFARE_MASK) ||
949 (im_protocols & NFC_PROTO_ISO14443_MASK) ||
950 (im_protocols & NFC_PROTO_NFC_DEP_MASK))
951 pn533_poll_add_mod(dev, PN533_POLL_MOD_106KBPS_A);
953 if (im_protocols & NFC_PROTO_FELICA_MASK ||
954 im_protocols & NFC_PROTO_NFC_DEP_MASK) {
955 pn533_poll_add_mod(dev, PN533_POLL_MOD_212KBPS_FELICA);
956 pn533_poll_add_mod(dev, PN533_POLL_MOD_424KBPS_FELICA);
959 if (im_protocols & NFC_PROTO_JEWEL_MASK)
960 pn533_poll_add_mod(dev, PN533_POLL_MOD_106KBPS_JEWEL);
962 if (im_protocols & NFC_PROTO_ISO14443_B_MASK)
963 pn533_poll_add_mod(dev, PN533_POLL_MOD_847KBPS_B);
966 pn533_poll_add_mod(dev, PN533_LISTEN_MOD);
969 static int pn533_start_poll_complete(struct pn533 *dev, struct sk_buff *resp)
971 u8 nbtg, tg, *tgdata;
974 /* Toggle the DEP polling */
975 if (dev->poll_protocols & NFC_PROTO_NFC_DEP_MASK)
978 nbtg = resp->data[0];
980 tgdata = &resp->data[2];
981 tgdata_len = resp->len - 2; /* nbtg + tg */
984 rc = pn533_target_found(dev, tg, tgdata, tgdata_len);
986 /* We must stop the poll after a valid target found */
994 static struct sk_buff *pn533_alloc_poll_tg_frame(struct pn533 *dev)
999 u8 *gbytes = dev->gb;
1000 size_t gbytes_len = dev->gb_len;
1002 u8 felica_params[18] = {0x1, 0xfe, /* DEP */
1003 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, /* random */
1004 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
1005 0xff, 0xff}; /* System code */
1007 u8 mifare_params[6] = {0x1, 0x1, /* SENS_RES */
1009 0x40}; /* SEL_RES for DEP */
1011 unsigned int skb_len = 36 + /*
1012 * mode (1), mifare (6),
1013 * felica (18), nfcid3 (10), gb_len (1)
1018 skb = pn533_alloc_skb(dev, skb_len);
1022 /* DEP support only */
1023 skb_put_u8(skb, PN533_INIT_TARGET_DEP);
1026 skb_put_data(skb, mifare_params, 6);
1029 felica = skb_put_data(skb, felica_params, 18);
1030 get_random_bytes(felica + 2, 6);
1033 nfcid3 = skb_put_zero(skb, 10);
1034 memcpy(nfcid3, felica, 8);
1037 skb_put_u8(skb, gbytes_len);
1039 skb_put_data(skb, gbytes, gbytes_len);
1047 static void pn533_wq_tm_mi_recv(struct work_struct *work);
1048 static struct sk_buff *pn533_build_response(struct pn533 *dev);
1050 static int pn533_tm_get_data_complete(struct pn533 *dev, void *arg,
1051 struct sk_buff *resp)
1053 struct sk_buff *skb;
1057 dev_dbg(dev->dev, "%s\n", __func__);
1060 skb_queue_purge(&dev->resp_q);
1061 return PTR_ERR(resp);
1064 status = resp->data[0];
1066 ret = status & PN533_CMD_RET_MASK;
1067 mi = status & PN533_CMD_MI_MASK;
1069 skb_pull(resp, sizeof(status));
1071 if (ret != PN533_CMD_RET_SUCCESS) {
1076 skb_queue_tail(&dev->resp_q, resp);
1079 queue_work(dev->wq, &dev->mi_tm_rx_work);
1080 return -EINPROGRESS;
1083 skb = pn533_build_response(dev);
1089 return nfc_tm_data_received(dev->nfc_dev, skb);
1092 nfc_tm_deactivated(dev->nfc_dev);
1094 skb_queue_purge(&dev->resp_q);
1095 dev_kfree_skb(resp);
1100 static void pn533_wq_tm_mi_recv(struct work_struct *work)
1102 struct pn533 *dev = container_of(work, struct pn533, mi_tm_rx_work);
1103 struct sk_buff *skb;
1106 dev_dbg(dev->dev, "%s\n", __func__);
1108 skb = pn533_alloc_skb(dev, 0);
1112 rc = pn533_send_cmd_direct_async(dev,
1113 PN533_CMD_TG_GET_DATA,
1115 pn533_tm_get_data_complete,
1122 static int pn533_tm_send_complete(struct pn533 *dev, void *arg,
1123 struct sk_buff *resp);
1124 static void pn533_wq_tm_mi_send(struct work_struct *work)
1126 struct pn533 *dev = container_of(work, struct pn533, mi_tm_tx_work);
1127 struct sk_buff *skb;
1130 dev_dbg(dev->dev, "%s\n", __func__);
1132 /* Grab the first skb in the queue */
1133 skb = skb_dequeue(&dev->fragment_skb);
1134 if (skb == NULL) { /* No more data */
1135 /* Reset the queue for future use */
1136 skb_queue_head_init(&dev->fragment_skb);
1140 /* last entry - remove MI bit */
1141 if (skb_queue_len(&dev->fragment_skb) == 0) {
1142 rc = pn533_send_cmd_direct_async(dev, PN533_CMD_TG_SET_DATA,
1143 skb, pn533_tm_send_complete, NULL);
1145 rc = pn533_send_cmd_direct_async(dev,
1146 PN533_CMD_TG_SET_META_DATA,
1147 skb, pn533_tm_send_complete, NULL);
1149 if (rc == 0) /* success */
1153 "Error %d when trying to perform set meta data_exchange", rc);
1158 dev->phy_ops->send_ack(dev, GFP_KERNEL);
1159 queue_work(dev->wq, &dev->cmd_work);
1162 static void pn533_wq_tg_get_data(struct work_struct *work)
1164 struct pn533 *dev = container_of(work, struct pn533, tg_work);
1165 struct sk_buff *skb;
1168 dev_dbg(dev->dev, "%s\n", __func__);
1170 skb = pn533_alloc_skb(dev, 0);
1174 rc = pn533_send_data_async(dev, PN533_CMD_TG_GET_DATA, skb,
1175 pn533_tm_get_data_complete, NULL);
1181 #define ATR_REQ_GB_OFFSET 17
1182 static int pn533_init_target_complete(struct pn533 *dev, struct sk_buff *resp)
1184 u8 mode, *cmd, comm_mode = NFC_COMM_PASSIVE, *gb;
1188 dev_dbg(dev->dev, "%s\n", __func__);
1190 if (resp->len < ATR_REQ_GB_OFFSET + 1)
1193 mode = resp->data[0];
1194 cmd = &resp->data[1];
1196 dev_dbg(dev->dev, "Target mode 0x%x len %d\n",
1199 if ((mode & PN533_INIT_TARGET_RESP_FRAME_MASK) ==
1200 PN533_INIT_TARGET_RESP_ACTIVE)
1201 comm_mode = NFC_COMM_ACTIVE;
1203 if ((mode & PN533_INIT_TARGET_RESP_DEP) == 0) /* Only DEP supported */
1206 gb = cmd + ATR_REQ_GB_OFFSET;
1207 gb_len = resp->len - (ATR_REQ_GB_OFFSET + 1);
1209 rc = nfc_tm_activated(dev->nfc_dev, NFC_PROTO_NFC_DEP_MASK,
1210 comm_mode, gb, gb_len);
1213 "Error when signaling target activation\n");
1218 queue_work(dev->wq, &dev->tg_work);
1223 static void pn533_listen_mode_timer(struct timer_list *t)
1225 struct pn533 *dev = from_timer(dev, t, listen_timer);
1227 dev_dbg(dev->dev, "Listen mode timeout\n");
1229 dev->cancel_listen = 1;
1231 pn533_poll_next_mod(dev);
1233 queue_delayed_work(dev->wq, &dev->poll_work,
1234 msecs_to_jiffies(PN533_POLL_INTERVAL));
1237 static int pn533_rf_complete(struct pn533 *dev, void *arg,
1238 struct sk_buff *resp)
1242 dev_dbg(dev->dev, "%s\n", __func__);
1247 nfc_err(dev->dev, "RF setting error %d\n", rc);
1252 queue_delayed_work(dev->wq, &dev->poll_work,
1253 msecs_to_jiffies(PN533_POLL_INTERVAL));
1255 dev_kfree_skb(resp);
1259 static void pn533_wq_rf(struct work_struct *work)
1261 struct pn533 *dev = container_of(work, struct pn533, rf_work);
1262 struct sk_buff *skb;
1265 dev_dbg(dev->dev, "%s\n", __func__);
1267 skb = pn533_alloc_skb(dev, 2);
1271 skb_put_u8(skb, PN533_CFGITEM_RF_FIELD);
1272 skb_put_u8(skb, PN533_CFGITEM_RF_FIELD_AUTO_RFCA);
1274 rc = pn533_send_cmd_async(dev, PN533_CMD_RF_CONFIGURATION, skb,
1275 pn533_rf_complete, NULL);
1278 nfc_err(dev->dev, "RF setting error %d\n", rc);
1282 static int pn533_poll_dep_complete(struct pn533 *dev, void *arg,
1283 struct sk_buff *resp)
1285 struct pn533_cmd_jump_dep_response *rsp;
1286 struct nfc_target nfc_target;
1291 return PTR_ERR(resp);
1293 rsp = (struct pn533_cmd_jump_dep_response *)resp->data;
1295 rc = rsp->status & PN533_CMD_RET_MASK;
1296 if (rc != PN533_CMD_RET_SUCCESS) {
1297 /* Not target found, turn radio off */
1298 queue_work(dev->wq, &dev->rf_work);
1300 dev_kfree_skb(resp);
1304 dev_dbg(dev->dev, "Creating new target");
1306 nfc_target.supported_protocols = NFC_PROTO_NFC_DEP_MASK;
1307 nfc_target.nfcid1_len = 10;
1308 memcpy(nfc_target.nfcid1, rsp->nfcid3t, nfc_target.nfcid1_len);
1309 rc = nfc_targets_found(dev->nfc_dev, &nfc_target, 1);
1313 dev->tgt_available_prots = 0;
1314 dev->tgt_active_prot = NFC_PROTO_NFC_DEP;
1316 /* ATR_RES general bytes are located at offset 17 */
1317 target_gt_len = resp->len - 17;
1318 rc = nfc_set_remote_general_bytes(dev->nfc_dev,
1319 rsp->gt, target_gt_len);
1321 rc = nfc_dep_link_is_up(dev->nfc_dev,
1322 dev->nfc_dev->targets[0].idx,
1323 0, NFC_RF_INITIATOR);
1326 pn533_poll_reset_mod_list(dev);
1329 dev_kfree_skb(resp);
1333 #define PASSIVE_DATA_LEN 5
1334 static int pn533_poll_dep(struct nfc_dev *nfc_dev)
1336 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1337 struct sk_buff *skb;
1339 u8 *next, nfcid3[NFC_NFCID3_MAXSIZE];
1340 u8 passive_data[PASSIVE_DATA_LEN] = {0x00, 0xff, 0xff, 0x00, 0x3};
1342 dev_dbg(dev->dev, "%s", __func__);
1345 dev->gb = nfc_get_local_general_bytes(nfc_dev, &dev->gb_len);
1347 if (!dev->gb || !dev->gb_len) {
1349 queue_work(dev->wq, &dev->rf_work);
1353 skb_len = 3 + dev->gb_len; /* ActPass + BR + Next */
1354 skb_len += PASSIVE_DATA_LEN;
1357 skb_len += NFC_NFCID3_MAXSIZE;
1360 get_random_bytes(nfcid3 + 2, 6);
1362 skb = pn533_alloc_skb(dev, skb_len);
1366 skb_put_u8(skb, 0x01); /* Active */
1367 skb_put_u8(skb, 0x02); /* 424 kbps */
1369 next = skb_put(skb, 1); /* Next */
1372 /* Copy passive data */
1373 skb_put_data(skb, passive_data, PASSIVE_DATA_LEN);
1376 /* Copy NFCID3 (which is NFCID2 from SENSF_RES) */
1377 skb_put_data(skb, nfcid3, NFC_NFCID3_MAXSIZE);
1380 skb_put_data(skb, dev->gb, dev->gb_len);
1381 *next |= 4; /* We have some Gi */
1383 rc = pn533_send_cmd_async(dev, PN533_CMD_IN_JUMP_FOR_DEP, skb,
1384 pn533_poll_dep_complete, NULL);
1392 static int pn533_poll_complete(struct pn533 *dev, void *arg,
1393 struct sk_buff *resp)
1395 struct pn533_poll_modulations *cur_mod;
1398 dev_dbg(dev->dev, "%s\n", __func__);
1403 nfc_err(dev->dev, "%s Poll complete error %d\n",
1406 if (rc == -ENOENT) {
1407 if (dev->poll_mod_count != 0)
1410 } else if (rc < 0) {
1412 "Error %d when running poll\n", rc);
1417 cur_mod = dev->poll_mod_active[dev->poll_mod_curr];
1419 if (cur_mod->len == 0) { /* Target mode */
1420 del_timer(&dev->listen_timer);
1421 rc = pn533_init_target_complete(dev, resp);
1425 /* Initiator mode */
1426 rc = pn533_start_poll_complete(dev, resp);
1430 if (!dev->poll_mod_count) {
1431 dev_dbg(dev->dev, "Polling has been stopped\n");
1435 pn533_poll_next_mod(dev);
1436 /* Not target found, turn radio off */
1437 queue_work(dev->wq, &dev->rf_work);
1440 dev_kfree_skb(resp);
1444 nfc_err(dev->dev, "Polling operation has been stopped\n");
1446 pn533_poll_reset_mod_list(dev);
1447 dev->poll_protocols = 0;
1451 static struct sk_buff *pn533_alloc_poll_in_frame(struct pn533 *dev,
1452 struct pn533_poll_modulations *mod)
1454 struct sk_buff *skb;
1456 skb = pn533_alloc_skb(dev, mod->len);
1460 skb_put_data(skb, &mod->data, mod->len);
1465 static int pn533_send_poll_frame(struct pn533 *dev)
1467 struct pn533_poll_modulations *mod;
1468 struct sk_buff *skb;
1472 mod = dev->poll_mod_active[dev->poll_mod_curr];
1474 dev_dbg(dev->dev, "%s mod len %d\n",
1475 __func__, mod->len);
1477 if ((dev->poll_protocols & NFC_PROTO_NFC_DEP_MASK) && dev->poll_dep) {
1479 return pn533_poll_dep(dev->nfc_dev);
1482 if (mod->len == 0) { /* Listen mode */
1483 cmd_code = PN533_CMD_TG_INIT_AS_TARGET;
1484 skb = pn533_alloc_poll_tg_frame(dev);
1485 } else { /* Polling mode */
1486 cmd_code = PN533_CMD_IN_LIST_PASSIVE_TARGET;
1487 skb = pn533_alloc_poll_in_frame(dev, mod);
1491 nfc_err(dev->dev, "Failed to allocate skb\n");
1495 rc = pn533_send_cmd_async(dev, cmd_code, skb, pn533_poll_complete,
1499 nfc_err(dev->dev, "Polling loop error %d\n", rc);
1505 static void pn533_wq_poll(struct work_struct *work)
1507 struct pn533 *dev = container_of(work, struct pn533, poll_work.work);
1508 struct pn533_poll_modulations *cur_mod;
1511 cur_mod = dev->poll_mod_active[dev->poll_mod_curr];
1514 "%s cancel_listen %d modulation len %d\n",
1515 __func__, dev->cancel_listen, cur_mod->len);
1517 if (dev->cancel_listen == 1) {
1518 dev->cancel_listen = 0;
1519 dev->phy_ops->abort_cmd(dev, GFP_ATOMIC);
1522 rc = pn533_send_poll_frame(dev);
1526 if (cur_mod->len == 0 && dev->poll_mod_count > 1)
1527 mod_timer(&dev->listen_timer, jiffies + PN533_LISTEN_TIME * HZ);
1530 static int pn533_start_poll(struct nfc_dev *nfc_dev,
1531 u32 im_protocols, u32 tm_protocols)
1533 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1534 struct pn533_poll_modulations *cur_mod;
1539 "%s: im protocols 0x%x tm protocols 0x%x\n",
1540 __func__, im_protocols, tm_protocols);
1542 if (dev->tgt_active_prot) {
1544 "Cannot poll with a target already activated\n");
1548 if (dev->tgt_mode) {
1550 "Cannot poll while already being activated\n");
1555 dev->gb = nfc_get_local_general_bytes(nfc_dev, &dev->gb_len);
1556 if (dev->gb == NULL)
1560 pn533_poll_create_mod_list(dev, im_protocols, tm_protocols);
1561 dev->poll_protocols = im_protocols;
1562 dev->listen_protocols = tm_protocols;
1564 /* Do not always start polling from the same modulation */
1565 get_random_bytes(&rand_mod, sizeof(rand_mod));
1566 rand_mod %= dev->poll_mod_count;
1567 dev->poll_mod_curr = rand_mod;
1569 cur_mod = dev->poll_mod_active[dev->poll_mod_curr];
1571 rc = pn533_send_poll_frame(dev);
1573 /* Start listen timer */
1574 if (!rc && cur_mod->len == 0 && dev->poll_mod_count > 1)
1575 mod_timer(&dev->listen_timer, jiffies + PN533_LISTEN_TIME * HZ);
1580 static void pn533_stop_poll(struct nfc_dev *nfc_dev)
1582 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1584 del_timer(&dev->listen_timer);
1586 if (!dev->poll_mod_count) {
1588 "Polling operation was not running\n");
1592 dev->phy_ops->abort_cmd(dev, GFP_KERNEL);
1593 flush_delayed_work(&dev->poll_work);
1594 pn533_poll_reset_mod_list(dev);
1597 static int pn533_activate_target_nfcdep(struct pn533 *dev)
1599 struct pn533_cmd_activate_response *rsp;
1602 struct sk_buff *skb;
1603 struct sk_buff *resp;
1605 dev_dbg(dev->dev, "%s\n", __func__);
1607 skb = pn533_alloc_skb(dev, sizeof(u8) * 2); /*TG + Next*/
1611 skb_put_u8(skb, 1); /* TG */
1612 skb_put_u8(skb, 0); /* Next */
1614 resp = pn533_send_cmd_sync(dev, PN533_CMD_IN_ATR, skb);
1616 return PTR_ERR(resp);
1618 rsp = (struct pn533_cmd_activate_response *)resp->data;
1619 rc = rsp->status & PN533_CMD_RET_MASK;
1620 if (rc != PN533_CMD_RET_SUCCESS) {
1622 "Target activation failed (error 0x%x)\n", rc);
1623 dev_kfree_skb(resp);
1627 /* ATR_RES general bytes are located at offset 16 */
1628 gt_len = resp->len - 16;
1629 rc = nfc_set_remote_general_bytes(dev->nfc_dev, rsp->gt, gt_len);
1631 dev_kfree_skb(resp);
1635 static int pn533_activate_target(struct nfc_dev *nfc_dev,
1636 struct nfc_target *target, u32 protocol)
1638 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1641 dev_dbg(dev->dev, "%s: protocol=%u\n", __func__, protocol);
1643 if (dev->poll_mod_count) {
1645 "Cannot activate while polling\n");
1649 if (dev->tgt_active_prot) {
1651 "There is already an active target\n");
1655 if (!dev->tgt_available_prots) {
1657 "There is no available target to activate\n");
1661 if (!(dev->tgt_available_prots & (1 << protocol))) {
1663 "Target doesn't support requested proto %u\n",
1668 if (protocol == NFC_PROTO_NFC_DEP) {
1669 rc = pn533_activate_target_nfcdep(dev);
1672 "Activating target with DEP failed %d\n", rc);
1677 dev->tgt_active_prot = protocol;
1678 dev->tgt_available_prots = 0;
1683 static int pn533_deactivate_target_complete(struct pn533 *dev, void *arg,
1684 struct sk_buff *resp)
1688 dev_dbg(dev->dev, "%s\n", __func__);
1693 nfc_err(dev->dev, "Target release error %d\n", rc);
1698 rc = resp->data[0] & PN533_CMD_RET_MASK;
1699 if (rc != PN533_CMD_RET_SUCCESS)
1701 "Error 0x%x when releasing the target\n", rc);
1703 dev_kfree_skb(resp);
1707 static void pn533_deactivate_target(struct nfc_dev *nfc_dev,
1708 struct nfc_target *target, u8 mode)
1710 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1711 struct sk_buff *skb;
1714 dev_dbg(dev->dev, "%s\n", __func__);
1716 if (!dev->tgt_active_prot) {
1717 nfc_err(dev->dev, "There is no active target\n");
1721 dev->tgt_active_prot = 0;
1722 skb_queue_purge(&dev->resp_q);
1724 skb = pn533_alloc_skb(dev, sizeof(u8));
1728 skb_put_u8(skb, 1); /* TG*/
1730 rc = pn533_send_cmd_async(dev, PN533_CMD_IN_RELEASE, skb,
1731 pn533_deactivate_target_complete, NULL);
1734 nfc_err(dev->dev, "Target release error %d\n", rc);
1739 static int pn533_in_dep_link_up_complete(struct pn533 *dev, void *arg,
1740 struct sk_buff *resp)
1742 struct pn533_cmd_jump_dep_response *rsp;
1745 u8 active = *(u8 *)arg;
1750 return PTR_ERR(resp);
1752 if (dev->tgt_available_prots &&
1753 !(dev->tgt_available_prots & (1 << NFC_PROTO_NFC_DEP))) {
1755 "The target does not support DEP\n");
1760 rsp = (struct pn533_cmd_jump_dep_response *)resp->data;
1762 rc = rsp->status & PN533_CMD_RET_MASK;
1763 if (rc != PN533_CMD_RET_SUCCESS) {
1765 "Bringing DEP link up failed (error 0x%x)\n", rc);
1769 if (!dev->tgt_available_prots) {
1770 struct nfc_target nfc_target;
1772 dev_dbg(dev->dev, "Creating new target\n");
1774 nfc_target.supported_protocols = NFC_PROTO_NFC_DEP_MASK;
1775 nfc_target.nfcid1_len = 10;
1776 memcpy(nfc_target.nfcid1, rsp->nfcid3t, nfc_target.nfcid1_len);
1777 rc = nfc_targets_found(dev->nfc_dev, &nfc_target, 1);
1781 dev->tgt_available_prots = 0;
1784 dev->tgt_active_prot = NFC_PROTO_NFC_DEP;
1786 /* ATR_RES general bytes are located at offset 17 */
1787 target_gt_len = resp->len - 17;
1788 rc = nfc_set_remote_general_bytes(dev->nfc_dev,
1789 rsp->gt, target_gt_len);
1791 rc = nfc_dep_link_is_up(dev->nfc_dev,
1792 dev->nfc_dev->targets[0].idx,
1793 !active, NFC_RF_INITIATOR);
1796 dev_kfree_skb(resp);
1800 static int pn533_rf_field(struct nfc_dev *nfc_dev, u8 rf);
1801 static int pn533_dep_link_up(struct nfc_dev *nfc_dev, struct nfc_target *target,
1802 u8 comm_mode, u8 *gb, size_t gb_len)
1804 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1805 struct sk_buff *skb;
1807 u8 *next, *arg, nfcid3[NFC_NFCID3_MAXSIZE];
1808 u8 passive_data[PASSIVE_DATA_LEN] = {0x00, 0xff, 0xff, 0x00, 0x3};
1810 dev_dbg(dev->dev, "%s\n", __func__);
1812 if (dev->poll_mod_count) {
1814 "Cannot bring the DEP link up while polling\n");
1818 if (dev->tgt_active_prot) {
1820 "There is already an active target\n");
1824 skb_len = 3 + gb_len; /* ActPass + BR + Next */
1825 skb_len += PASSIVE_DATA_LEN;
1828 skb_len += NFC_NFCID3_MAXSIZE;
1829 if (target && !target->nfcid2_len) {
1832 get_random_bytes(nfcid3 + 2, 6);
1835 skb = pn533_alloc_skb(dev, skb_len);
1839 skb_put_u8(skb, !comm_mode); /* ActPass */
1840 skb_put_u8(skb, 0x02); /* 424 kbps */
1842 next = skb_put(skb, 1); /* Next */
1845 /* Copy passive data */
1846 skb_put_data(skb, passive_data, PASSIVE_DATA_LEN);
1849 /* Copy NFCID3 (which is NFCID2 from SENSF_RES) */
1850 if (target && target->nfcid2_len)
1851 memcpy(skb_put(skb, NFC_NFCID3_MAXSIZE), target->nfcid2,
1852 target->nfcid2_len);
1854 skb_put_data(skb, nfcid3, NFC_NFCID3_MAXSIZE);
1857 if (gb != NULL && gb_len > 0) {
1858 skb_put_data(skb, gb, gb_len);
1859 *next |= 4; /* We have some Gi */
1864 arg = kmalloc(sizeof(*arg), GFP_KERNEL);
1872 pn533_rf_field(dev->nfc_dev, 0);
1874 rc = pn533_send_cmd_async(dev, PN533_CMD_IN_JUMP_FOR_DEP, skb,
1875 pn533_in_dep_link_up_complete, arg);
1885 static int pn533_dep_link_down(struct nfc_dev *nfc_dev)
1887 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1889 dev_dbg(dev->dev, "%s\n", __func__);
1891 pn533_poll_reset_mod_list(dev);
1893 if (dev->tgt_mode || dev->tgt_active_prot)
1894 dev->phy_ops->abort_cmd(dev, GFP_KERNEL);
1896 dev->tgt_active_prot = 0;
1899 skb_queue_purge(&dev->resp_q);
1904 struct pn533_data_exchange_arg {
1905 data_exchange_cb_t cb;
1909 static struct sk_buff *pn533_build_response(struct pn533 *dev)
1911 struct sk_buff *skb, *tmp, *t;
1912 unsigned int skb_len = 0, tmp_len = 0;
1914 dev_dbg(dev->dev, "%s\n", __func__);
1916 if (skb_queue_empty(&dev->resp_q))
1919 if (skb_queue_len(&dev->resp_q) == 1) {
1920 skb = skb_dequeue(&dev->resp_q);
1924 skb_queue_walk_safe(&dev->resp_q, tmp, t)
1925 skb_len += tmp->len;
1927 dev_dbg(dev->dev, "%s total length %d\n",
1930 skb = alloc_skb(skb_len, GFP_KERNEL);
1934 skb_put(skb, skb_len);
1936 skb_queue_walk_safe(&dev->resp_q, tmp, t) {
1937 memcpy(skb->data + tmp_len, tmp->data, tmp->len);
1938 tmp_len += tmp->len;
1942 skb_queue_purge(&dev->resp_q);
1947 static int pn533_data_exchange_complete(struct pn533 *dev, void *_arg,
1948 struct sk_buff *resp)
1950 struct pn533_data_exchange_arg *arg = _arg;
1951 struct sk_buff *skb;
1955 dev_dbg(dev->dev, "%s\n", __func__);
1962 status = resp->data[0];
1963 ret = status & PN533_CMD_RET_MASK;
1964 mi = status & PN533_CMD_MI_MASK;
1966 skb_pull(resp, sizeof(status));
1968 if (ret != PN533_CMD_RET_SUCCESS) {
1970 "Exchanging data failed (error 0x%x)\n", ret);
1975 skb_queue_tail(&dev->resp_q, resp);
1978 dev->cmd_complete_mi_arg = arg;
1979 queue_work(dev->wq, &dev->mi_rx_work);
1980 return -EINPROGRESS;
1983 /* Prepare for the next round */
1984 if (skb_queue_len(&dev->fragment_skb) > 0) {
1985 dev->cmd_complete_dep_arg = arg;
1986 queue_work(dev->wq, &dev->mi_tx_work);
1988 return -EINPROGRESS;
1991 skb = pn533_build_response(dev);
1997 arg->cb(arg->cb_context, skb, 0);
2002 dev_kfree_skb(resp);
2004 skb_queue_purge(&dev->resp_q);
2005 arg->cb(arg->cb_context, NULL, rc);
2011 * Receive an incoming pn533 frame. skb contains only header and payload.
2012 * If skb == NULL, it is a notification that the link below is dead.
2014 void pn533_recv_frame(struct pn533 *dev, struct sk_buff *skb, int status)
2019 dev->cmd->status = status;
2022 dev_dbg(dev->dev, "%s: Error received: %d\n", __func__, status);
2027 pr_err("NULL Frame -> link is dead\n");
2031 if (pn533_rx_frame_is_ack(skb->data)) {
2032 dev_dbg(dev->dev, "%s: Received ACK frame\n", __func__);
2037 print_hex_dump_debug("PN533 RX: ", DUMP_PREFIX_NONE, 16, 1, skb->data,
2038 dev->ops->rx_frame_size(skb->data), false);
2040 if (!dev->ops->rx_is_frame_valid(skb->data, dev)) {
2041 nfc_err(dev->dev, "Received an invalid frame\n");
2042 dev->cmd->status = -EIO;
2043 } else if (!pn533_rx_frame_is_cmd_response(dev, skb->data)) {
2044 nfc_err(dev->dev, "It it not the response to the last command\n");
2045 dev->cmd->status = -EIO;
2048 dev->cmd->resp = skb;
2051 queue_work(dev->wq, &dev->cmd_complete_work);
2053 EXPORT_SYMBOL(pn533_recv_frame);
2055 /* Split the Tx skb into small chunks */
2056 static int pn533_fill_fragment_skbs(struct pn533 *dev, struct sk_buff *skb)
2058 struct sk_buff *frag;
2062 /* Remaining size */
2063 if (skb->len > PN533_CMD_DATAFRAME_MAXLEN)
2064 frag_size = PN533_CMD_DATAFRAME_MAXLEN;
2066 frag_size = skb->len;
2068 /* Allocate and reserve */
2069 frag = pn533_alloc_skb(dev, frag_size);
2071 skb_queue_purge(&dev->fragment_skb);
2075 if (!dev->tgt_mode) {
2076 /* Reserve the TG/MI byte */
2077 skb_reserve(frag, 1);
2080 if (frag_size == PN533_CMD_DATAFRAME_MAXLEN)
2081 *(u8 *)skb_push(frag, sizeof(u8)) =
2082 (PN533_CMD_MI_MASK | 1);
2084 *(u8 *)skb_push(frag, sizeof(u8)) = 1; /* TG */
2087 skb_put_data(frag, skb->data, frag_size);
2089 /* Reduce the size of incoming buffer */
2090 skb_pull(skb, frag_size);
2092 /* Add this to skb_queue */
2093 skb_queue_tail(&dev->fragment_skb, frag);
2095 } while (skb->len > 0);
2099 return skb_queue_len(&dev->fragment_skb);
2102 static int pn533_transceive(struct nfc_dev *nfc_dev,
2103 struct nfc_target *target, struct sk_buff *skb,
2104 data_exchange_cb_t cb, void *cb_context)
2106 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
2107 struct pn533_data_exchange_arg *arg = NULL;
2110 dev_dbg(dev->dev, "%s\n", __func__);
2112 if (!dev->tgt_active_prot) {
2114 "Can't exchange data if there is no active target\n");
2119 arg = kmalloc(sizeof(*arg), GFP_KERNEL);
2126 arg->cb_context = cb_context;
2128 switch (dev->device_type) {
2129 case PN533_DEVICE_PASORI:
2130 if (dev->tgt_active_prot == NFC_PROTO_FELICA) {
2131 rc = pn533_send_data_async(dev, PN533_CMD_IN_COMM_THRU,
2133 pn533_data_exchange_complete,
2141 if (skb->len > PN533_CMD_DATAEXCH_DATA_MAXLEN) {
2142 rc = pn533_fill_fragment_skbs(dev, skb);
2146 skb = skb_dequeue(&dev->fragment_skb);
2152 *(u8 *)skb_push(skb, sizeof(u8)) = 1; /* TG */
2155 rc = pn533_send_data_async(dev, PN533_CMD_IN_DATA_EXCHANGE,
2156 skb, pn533_data_exchange_complete,
2162 if (rc < 0) /* rc from send_async */
2173 static int pn533_tm_send_complete(struct pn533 *dev, void *arg,
2174 struct sk_buff *resp)
2178 dev_dbg(dev->dev, "%s\n", __func__);
2181 return PTR_ERR(resp);
2183 status = resp->data[0];
2185 /* Prepare for the next round */
2186 if (skb_queue_len(&dev->fragment_skb) > 0) {
2187 queue_work(dev->wq, &dev->mi_tm_tx_work);
2188 return -EINPROGRESS;
2190 dev_kfree_skb(resp);
2193 nfc_tm_deactivated(dev->nfc_dev);
2200 queue_work(dev->wq, &dev->tg_work);
2205 static int pn533_tm_send(struct nfc_dev *nfc_dev, struct sk_buff *skb)
2207 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
2210 dev_dbg(dev->dev, "%s\n", __func__);
2212 /* let's split in multiple chunks if size's too big */
2213 if (skb->len > PN533_CMD_DATAEXCH_DATA_MAXLEN) {
2214 rc = pn533_fill_fragment_skbs(dev, skb);
2218 /* get the first skb */
2219 skb = skb_dequeue(&dev->fragment_skb);
2225 rc = pn533_send_data_async(dev, PN533_CMD_TG_SET_META_DATA, skb,
2226 pn533_tm_send_complete, NULL);
2229 rc = pn533_send_data_async(dev, PN533_CMD_TG_SET_DATA, skb,
2230 pn533_tm_send_complete, NULL);
2236 skb_queue_purge(&dev->fragment_skb);
2242 static void pn533_wq_mi_recv(struct work_struct *work)
2244 struct pn533 *dev = container_of(work, struct pn533, mi_rx_work);
2245 struct sk_buff *skb;
2248 dev_dbg(dev->dev, "%s\n", __func__);
2250 skb = pn533_alloc_skb(dev, PN533_CMD_DATAEXCH_HEAD_LEN);
2254 switch (dev->device_type) {
2255 case PN533_DEVICE_PASORI:
2256 if (dev->tgt_active_prot == NFC_PROTO_FELICA) {
2257 rc = pn533_send_cmd_direct_async(dev,
2258 PN533_CMD_IN_COMM_THRU,
2260 pn533_data_exchange_complete,
2261 dev->cmd_complete_mi_arg);
2267 skb_put_u8(skb, 1); /*TG*/
2269 rc = pn533_send_cmd_direct_async(dev,
2270 PN533_CMD_IN_DATA_EXCHANGE,
2272 pn533_data_exchange_complete,
2273 dev->cmd_complete_mi_arg);
2278 if (rc == 0) /* success */
2282 "Error %d when trying to perform data_exchange\n", rc);
2285 kfree(dev->cmd_complete_mi_arg);
2288 dev->phy_ops->send_ack(dev, GFP_KERNEL);
2289 queue_work(dev->wq, &dev->cmd_work);
2292 static void pn533_wq_mi_send(struct work_struct *work)
2294 struct pn533 *dev = container_of(work, struct pn533, mi_tx_work);
2295 struct sk_buff *skb;
2298 dev_dbg(dev->dev, "%s\n", __func__);
2300 /* Grab the first skb in the queue */
2301 skb = skb_dequeue(&dev->fragment_skb);
2303 if (skb == NULL) { /* No more data */
2304 /* Reset the queue for future use */
2305 skb_queue_head_init(&dev->fragment_skb);
2309 switch (dev->device_type) {
2310 case PN533_DEVICE_PASORI:
2311 if (dev->tgt_active_prot != NFC_PROTO_FELICA) {
2316 rc = pn533_send_cmd_direct_async(dev, PN533_CMD_IN_COMM_THRU,
2318 pn533_data_exchange_complete,
2319 dev->cmd_complete_dep_arg);
2324 /* Still some fragments? */
2325 rc = pn533_send_cmd_direct_async(dev,
2326 PN533_CMD_IN_DATA_EXCHANGE,
2328 pn533_data_exchange_complete,
2329 dev->cmd_complete_dep_arg);
2334 if (rc == 0) /* success */
2338 "Error %d when trying to perform data_exchange\n", rc);
2341 kfree(dev->cmd_complete_dep_arg);
2344 dev->phy_ops->send_ack(dev, GFP_KERNEL);
2345 queue_work(dev->wq, &dev->cmd_work);
2348 static int pn533_set_configuration(struct pn533 *dev, u8 cfgitem, u8 *cfgdata,
2351 struct sk_buff *skb;
2352 struct sk_buff *resp;
2355 dev_dbg(dev->dev, "%s\n", __func__);
2357 skb_len = sizeof(cfgitem) + cfgdata_len; /* cfgitem + cfgdata */
2359 skb = pn533_alloc_skb(dev, skb_len);
2363 skb_put_u8(skb, cfgitem);
2364 skb_put_data(skb, cfgdata, cfgdata_len);
2366 resp = pn533_send_cmd_sync(dev, PN533_CMD_RF_CONFIGURATION, skb);
2368 return PTR_ERR(resp);
2370 dev_kfree_skb(resp);
2374 static int pn533_get_firmware_version(struct pn533 *dev,
2375 struct pn533_fw_version *fv)
2377 struct sk_buff *skb;
2378 struct sk_buff *resp;
2380 skb = pn533_alloc_skb(dev, 0);
2384 resp = pn533_send_cmd_sync(dev, PN533_CMD_GET_FIRMWARE_VERSION, skb);
2386 return PTR_ERR(resp);
2388 fv->ic = resp->data[0];
2389 fv->ver = resp->data[1];
2390 fv->rev = resp->data[2];
2391 fv->support = resp->data[3];
2393 dev_kfree_skb(resp);
2397 static int pn533_pasori_fw_reset(struct pn533 *dev)
2399 struct sk_buff *skb;
2400 struct sk_buff *resp;
2402 dev_dbg(dev->dev, "%s\n", __func__);
2404 skb = pn533_alloc_skb(dev, sizeof(u8));
2408 skb_put_u8(skb, 0x1);
2410 resp = pn533_send_cmd_sync(dev, 0x18, skb);
2412 return PTR_ERR(resp);
2414 dev_kfree_skb(resp);
2419 static int pn533_rf_field(struct nfc_dev *nfc_dev, u8 rf)
2421 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
2425 rf_field |= PN533_CFGITEM_RF_FIELD_AUTO_RFCA;
2427 rc = pn533_set_configuration(dev, PN533_CFGITEM_RF_FIELD,
2428 (u8 *)&rf_field, 1);
2430 nfc_err(dev->dev, "Error on setting RF field\n");
2437 static int pn532_sam_configuration(struct nfc_dev *nfc_dev)
2439 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
2440 struct sk_buff *skb;
2441 struct sk_buff *resp;
2443 skb = pn533_alloc_skb(dev, 1);
2447 skb_put_u8(skb, 0x01);
2449 resp = pn533_send_cmd_sync(dev, PN533_CMD_SAM_CONFIGURATION, skb);
2451 return PTR_ERR(resp);
2453 dev_kfree_skb(resp);
2457 static int pn533_dev_up(struct nfc_dev *nfc_dev)
2459 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
2461 if (dev->device_type == PN533_DEVICE_PN532) {
2462 int rc = pn532_sam_configuration(nfc_dev);
2468 return pn533_rf_field(nfc_dev, 1);
2471 static int pn533_dev_down(struct nfc_dev *nfc_dev)
2473 return pn533_rf_field(nfc_dev, 0);
2476 static struct nfc_ops pn533_nfc_ops = {
2477 .dev_up = pn533_dev_up,
2478 .dev_down = pn533_dev_down,
2479 .dep_link_up = pn533_dep_link_up,
2480 .dep_link_down = pn533_dep_link_down,
2481 .start_poll = pn533_start_poll,
2482 .stop_poll = pn533_stop_poll,
2483 .activate_target = pn533_activate_target,
2484 .deactivate_target = pn533_deactivate_target,
2485 .im_transceive = pn533_transceive,
2486 .tm_send = pn533_tm_send,
2489 static int pn533_setup(struct pn533 *dev)
2491 struct pn533_config_max_retries max_retries;
2492 struct pn533_config_timing timing;
2493 u8 pasori_cfg[3] = {0x08, 0x01, 0x08};
2496 switch (dev->device_type) {
2497 case PN533_DEVICE_STD:
2498 case PN533_DEVICE_PASORI:
2499 case PN533_DEVICE_ACR122U:
2500 case PN533_DEVICE_PN532:
2501 max_retries.mx_rty_atr = 0x2;
2502 max_retries.mx_rty_psl = 0x1;
2503 max_retries.mx_rty_passive_act =
2504 PN533_CONFIG_MAX_RETRIES_NO_RETRY;
2506 timing.rfu = PN533_CONFIG_TIMING_102;
2507 timing.atr_res_timeout = PN533_CONFIG_TIMING_102;
2508 timing.dep_timeout = PN533_CONFIG_TIMING_204;
2513 nfc_err(dev->dev, "Unknown device type %d\n",
2518 rc = pn533_set_configuration(dev, PN533_CFGITEM_MAX_RETRIES,
2519 (u8 *)&max_retries, sizeof(max_retries));
2522 "Error on setting MAX_RETRIES config\n");
2527 rc = pn533_set_configuration(dev, PN533_CFGITEM_TIMING,
2528 (u8 *)&timing, sizeof(timing));
2530 nfc_err(dev->dev, "Error on setting RF timings\n");
2534 switch (dev->device_type) {
2535 case PN533_DEVICE_STD:
2536 case PN533_DEVICE_PN532:
2539 case PN533_DEVICE_PASORI:
2540 pn533_pasori_fw_reset(dev);
2542 rc = pn533_set_configuration(dev, PN533_CFGITEM_PASORI,
2546 "Error while settings PASORI config\n");
2550 pn533_pasori_fw_reset(dev);
2558 int pn533_finalize_setup(struct pn533 *dev)
2561 struct pn533_fw_version fw_ver;
2564 memset(&fw_ver, 0, sizeof(fw_ver));
2566 rc = pn533_get_firmware_version(dev, &fw_ver);
2568 nfc_err(dev->dev, "Unable to get FW version\n");
2572 nfc_info(dev->dev, "NXP PN5%02X firmware ver %d.%d now attached\n",
2573 fw_ver.ic, fw_ver.ver, fw_ver.rev);
2575 rc = pn533_setup(dev);
2581 EXPORT_SYMBOL_GPL(pn533_finalize_setup);
2583 struct pn533 *pn533_register_device(u32 device_type,
2585 enum pn533_protocol_type protocol_type,
2587 struct pn533_phy_ops *phy_ops,
2588 struct pn533_frame_ops *fops,
2590 struct device *parent)
2595 priv = kzalloc(sizeof(*priv), GFP_KERNEL);
2597 return ERR_PTR(-ENOMEM);
2600 priv->phy_ops = phy_ops;
2605 priv->ops = &pn533_std_frame_ops;
2607 priv->protocol_type = protocol_type;
2608 priv->device_type = device_type;
2610 mutex_init(&priv->cmd_lock);
2612 INIT_WORK(&priv->cmd_work, pn533_wq_cmd);
2613 INIT_WORK(&priv->cmd_complete_work, pn533_wq_cmd_complete);
2614 INIT_WORK(&priv->mi_rx_work, pn533_wq_mi_recv);
2615 INIT_WORK(&priv->mi_tx_work, pn533_wq_mi_send);
2616 INIT_WORK(&priv->tg_work, pn533_wq_tg_get_data);
2617 INIT_WORK(&priv->mi_tm_rx_work, pn533_wq_tm_mi_recv);
2618 INIT_WORK(&priv->mi_tm_tx_work, pn533_wq_tm_mi_send);
2619 INIT_DELAYED_WORK(&priv->poll_work, pn533_wq_poll);
2620 INIT_WORK(&priv->rf_work, pn533_wq_rf);
2621 priv->wq = alloc_ordered_workqueue("pn533", 0);
2622 if (priv->wq == NULL)
2625 timer_setup(&priv->listen_timer, pn533_listen_mode_timer, 0);
2627 skb_queue_head_init(&priv->resp_q);
2628 skb_queue_head_init(&priv->fragment_skb);
2630 INIT_LIST_HEAD(&priv->cmd_queue);
2632 priv->nfc_dev = nfc_allocate_device(&pn533_nfc_ops, protocols,
2633 priv->ops->tx_header_len +
2634 PN533_CMD_DATAEXCH_HEAD_LEN,
2635 priv->ops->tx_tail_len);
2636 if (!priv->nfc_dev) {
2641 nfc_set_parent_dev(priv->nfc_dev, parent);
2642 nfc_set_drvdata(priv->nfc_dev, priv);
2644 rc = nfc_register_device(priv->nfc_dev);
2651 nfc_free_device(priv->nfc_dev);
2654 destroy_workqueue(priv->wq);
2659 EXPORT_SYMBOL_GPL(pn533_register_device);
2661 void pn533_unregister_device(struct pn533 *priv)
2663 struct pn533_cmd *cmd, *n;
2665 nfc_unregister_device(priv->nfc_dev);
2666 nfc_free_device(priv->nfc_dev);
2668 flush_delayed_work(&priv->poll_work);
2669 destroy_workqueue(priv->wq);
2671 skb_queue_purge(&priv->resp_q);
2673 del_timer(&priv->listen_timer);
2675 list_for_each_entry_safe(cmd, n, &priv->cmd_queue, queue) {
2676 list_del(&cmd->queue);
2682 EXPORT_SYMBOL_GPL(pn533_unregister_device);
2685 MODULE_AUTHOR("Lauro Ramos Venancio <lauro.venancio@openbossa.org>");
2686 MODULE_AUTHOR("Aloisio Almeida Jr <aloisio.almeida@openbossa.org>");
2687 MODULE_AUTHOR("Waldemar Rymarkiewicz <waldemar.rymarkiewicz@tieto.com>");
2688 MODULE_DESCRIPTION("PN533 driver ver " VERSION);
2689 MODULE_VERSION(VERSION);
2690 MODULE_LICENSE("GPL");
projects / linux.git / blob