1// SPDX-License-Identifier: GPL-2.0-or-later 2/* 3 * Driver for NXP PN533 NFC Chip - USB transport layer 4 * 5 * Copyright (C) 2011 Instituto Nokia de Tecnologia 6 * Copyright (C) 2012-2013 Tieto Poland 7 */ 8 9#include <linux/device.h> 10#include <linux/kernel.h> 11#include <linux/module.h> 12#include <linux/slab.h> 13#include <linux/usb.h> 14#include <linux/nfc.h> 15#include <linux/netdevice.h> 16#include <net/nfc/nfc.h> 17#include "pn533.h" 18 19#define VERSION "0.1" 20 21#define PN533_VENDOR_ID 0x4CC 22#define PN533_PRODUCT_ID 0x2533 23 24#define SCM_VENDOR_ID 0x4E6 25#define SCL3711_PRODUCT_ID 0x5591 26 27#define SONY_VENDOR_ID 0x054c 28#define PASORI_PRODUCT_ID 0x02e1 29 30#define ACS_VENDOR_ID 0x072f 31#define ACR122U_PRODUCT_ID 0x2200 32 33static const struct usb_device_id pn533_usb_table[] = { 34 { USB_DEVICE(PN533_VENDOR_ID, PN533_PRODUCT_ID), 35 .driver_info = PN533_DEVICE_STD }, 36 { USB_DEVICE(SCM_VENDOR_ID, SCL3711_PRODUCT_ID), 37 .driver_info = PN533_DEVICE_STD }, 38 { USB_DEVICE(SONY_VENDOR_ID, PASORI_PRODUCT_ID), 39 .driver_info = PN533_DEVICE_PASORI }, 40 { USB_DEVICE(ACS_VENDOR_ID, ACR122U_PRODUCT_ID), 41 .driver_info = PN533_DEVICE_ACR122U }, 42 { } 43}; 44MODULE_DEVICE_TABLE(usb, pn533_usb_table); 45 46struct pn533_usb_phy { 47 struct usb_device *udev; 48 struct usb_interface *interface; 49 50 struct urb *out_urb; 51 struct urb *in_urb; 52 53 struct urb *ack_urb; 54 u8 *ack_buffer; 55 56 struct pn533 *priv; 57}; 58 59static void pn533_recv_response(struct urb *urb) 60{ 61 struct pn533_usb_phy *phy = urb->context; 62 struct sk_buff *skb = NULL; 63 64 if (!urb->status) { 65 skb = alloc_skb(urb->actual_length, GFP_ATOMIC); 66 if (!skb) { 67 nfc_err(&phy->udev->dev, "failed to alloc memory\n"); 68 } else { 69 skb_put_data(skb, urb->transfer_buffer, 70 urb->actual_length); 71 } 72 } 73 74 pn533_recv_frame(phy->priv, skb, urb->status); 75} 76 77static int pn533_submit_urb_for_response(struct pn533_usb_phy *phy, gfp_t flags) 78{ 79 phy->in_urb->complete = pn533_recv_response; 80 81 return usb_submit_urb(phy->in_urb, flags); 82} 83 84static void pn533_recv_ack(struct urb *urb) 85{ 86 struct pn533_usb_phy *phy = urb->context; 87 struct pn533 *priv = phy->priv; 88 struct pn533_cmd *cmd = priv->cmd; 89 struct pn533_std_frame *in_frame; 90 int rc; 91 92 cmd->status = urb->status; 93 94 switch (urb->status) { 95 case 0: 96 break; /* success */ 97 case -ECONNRESET: 98 case -ENOENT: 99 dev_dbg(&phy->udev->dev, 100 "The urb has been stopped (status %d)\n", 101 urb->status); 102 goto sched_wq; 103 case -ESHUTDOWN: 104 default: 105 nfc_err(&phy->udev->dev, 106 "Urb failure (status %d)\n", urb->status); 107 goto sched_wq; 108 } 109 110 in_frame = phy->in_urb->transfer_buffer; 111 112 if (!pn533_rx_frame_is_ack(in_frame)) { 113 nfc_err(&phy->udev->dev, "Received an invalid ack\n"); 114 cmd->status = -EIO; 115 goto sched_wq; 116 } 117 118 rc = pn533_submit_urb_for_response(phy, GFP_ATOMIC); 119 if (rc) { 120 nfc_err(&phy->udev->dev, 121 "usb_submit_urb failed with result %d\n", rc); 122 cmd->status = rc; 123 goto sched_wq; 124 } 125 126 return; 127 128sched_wq: 129 queue_work(priv->wq, &priv->cmd_complete_work); 130} 131 132static int pn533_submit_urb_for_ack(struct pn533_usb_phy *phy, gfp_t flags) 133{ 134 phy->in_urb->complete = pn533_recv_ack; 135 136 return usb_submit_urb(phy->in_urb, flags); 137} 138 139static int pn533_usb_send_ack(struct pn533 *dev, gfp_t flags) 140{ 141 struct pn533_usb_phy *phy = dev->phy; 142 static const u8 ack[6] = {0x00, 0x00, 0xff, 0x00, 0xff, 0x00}; 143 /* spec 7.1.1.3: Preamble, SoPC (2), ACK Code (2), Postamble */ 144 145 if (!phy->ack_buffer) { 146 phy->ack_buffer = kmemdup(ack, sizeof(ack), flags); 147 if (!phy->ack_buffer) 148 return -ENOMEM; 149 } 150 151 phy->ack_urb->transfer_buffer = phy->ack_buffer; 152 phy->ack_urb->transfer_buffer_length = sizeof(ack); 153 return usb_submit_urb(phy->ack_urb, flags); 154} 155 156struct pn533_out_arg { 157 struct pn533_usb_phy *phy; 158 struct completion done; 159}; 160 161static int pn533_usb_send_frame(struct pn533 *dev, 162 struct sk_buff *out) 163{ 164 struct pn533_usb_phy *phy = dev->phy; 165 struct pn533_out_arg arg; 166 void *cntx; 167 int rc; 168 169 if (phy->priv == NULL) 170 phy->priv = dev; 171 172 phy->out_urb->transfer_buffer = out->data; 173 phy->out_urb->transfer_buffer_length = out->len; 174 175 print_hex_dump_debug("PN533 TX: ", DUMP_PREFIX_NONE, 16, 1, 176 out->data, out->len, false); 177 178 arg.phy = phy; 179 init_completion(&arg.done); 180 cntx = phy->out_urb->context; 181 phy->out_urb->context = &arg; 182 183 rc = usb_submit_urb(phy->out_urb, GFP_KERNEL); 184 if (rc) 185 return rc; 186 187 wait_for_completion(&arg.done); 188 phy->out_urb->context = cntx; 189 190 if (dev->protocol_type == PN533_PROTO_REQ_RESP) { 191 /* request for response for sent packet directly */ 192 rc = pn533_submit_urb_for_response(phy, GFP_KERNEL); 193 if (rc) 194 goto error; 195 } else if (dev->protocol_type == PN533_PROTO_REQ_ACK_RESP) { 196 /* request for ACK if that's the case */ 197 rc = pn533_submit_urb_for_ack(phy, GFP_KERNEL); 198 if (rc) 199 goto error; 200 } 201 202 return 0; 203 204error: 205 usb_unlink_urb(phy->out_urb); 206 return rc; 207} 208 209static void pn533_usb_abort_cmd(struct pn533 *dev, gfp_t flags) 210{ 211 struct pn533_usb_phy *phy = dev->phy; 212 213 /* ACR122U does not support any command which aborts last 214 * issued command i.e. as ACK for standard PN533. Additionally, 215 * it behaves stange, sending broken or incorrect responses, 216 * when we cancel urb before the chip will send response. 217 */ 218 if (dev->device_type == PN533_DEVICE_ACR122U) 219 return; 220 221 /* An ack will cancel the last issued command */ 222 pn533_usb_send_ack(dev, flags); 223 224 /* cancel the urb request */ 225 usb_kill_urb(phy->in_urb); 226} 227 228/* ACR122 specific structs and functions */ 229 230/* ACS ACR122 pn533 frame definitions */ 231#define PN533_ACR122_TX_FRAME_HEADER_LEN (sizeof(struct pn533_acr122_tx_frame) \ 232 + 2) 233#define PN533_ACR122_TX_FRAME_TAIL_LEN 0 234#define PN533_ACR122_RX_FRAME_HEADER_LEN (sizeof(struct pn533_acr122_rx_frame) \ 235 + 2) 236#define PN533_ACR122_RX_FRAME_TAIL_LEN 2 237#define PN533_ACR122_FRAME_MAX_PAYLOAD_LEN PN533_STD_FRAME_MAX_PAYLOAD_LEN 238 239/* CCID messages types */ 240#define PN533_ACR122_PC_TO_RDR_ICCPOWERON 0x62 241#define PN533_ACR122_PC_TO_RDR_ESCAPE 0x6B 242 243#define PN533_ACR122_RDR_TO_PC_ESCAPE 0x83 244 245 246struct pn533_acr122_ccid_hdr { 247 u8 type; 248 u32 datalen; 249 u8 slot; 250 u8 seq; 251 252 /* 253 * 3 msg specific bytes or status, error and 1 specific 254 * byte for reposnse msg 255 */ 256 u8 params[3]; 257 u8 data[]; /* payload */ 258} __packed; 259 260struct pn533_acr122_apdu_hdr { 261 u8 class; 262 u8 ins; 263 u8 p1; 264 u8 p2; 265} __packed; 266 267struct pn533_acr122_tx_frame { 268 struct pn533_acr122_ccid_hdr ccid; 269 struct pn533_acr122_apdu_hdr apdu; 270 u8 datalen; 271 u8 data[]; /* pn533 frame: TFI ... */ 272} __packed; 273 274struct pn533_acr122_rx_frame { 275 struct pn533_acr122_ccid_hdr ccid; 276 u8 data[]; /* pn533 frame : TFI ... */ 277} __packed; 278 279static void pn533_acr122_tx_frame_init(void *_frame, u8 cmd_code) 280{ 281 struct pn533_acr122_tx_frame *frame = _frame; 282 283 frame->ccid.type = PN533_ACR122_PC_TO_RDR_ESCAPE; 284 /* sizeof(apdu_hdr) + sizeof(datalen) */ 285 frame->ccid.datalen = sizeof(frame->apdu) + 1; 286 frame->ccid.slot = 0; 287 frame->ccid.seq = 0; 288 frame->ccid.params[0] = 0; 289 frame->ccid.params[1] = 0; 290 frame->ccid.params[2] = 0; 291 292 frame->data[0] = PN533_STD_FRAME_DIR_OUT; 293 frame->data[1] = cmd_code; 294 frame->datalen = 2; /* data[0] + data[1] */ 295 296 frame->apdu.class = 0xFF; 297 frame->apdu.ins = 0; 298 frame->apdu.p1 = 0; 299 frame->apdu.p2 = 0; 300} 301 302static void pn533_acr122_tx_frame_finish(void *_frame) 303{ 304 struct pn533_acr122_tx_frame *frame = _frame; 305 306 frame->ccid.datalen += frame->datalen; 307} 308 309static void pn533_acr122_tx_update_payload_len(void *_frame, int len) 310{ 311 struct pn533_acr122_tx_frame *frame = _frame; 312 313 frame->datalen += len; 314} 315 316static bool pn533_acr122_is_rx_frame_valid(void *_frame, struct pn533 *dev) 317{ 318 struct pn533_acr122_rx_frame *frame = _frame; 319 320 if (frame->ccid.type != 0x83) 321 return false; 322 323 if (!frame->ccid.datalen) 324 return false; 325 326 if (frame->data[frame->ccid.datalen - 2] == 0x63) 327 return false; 328 329 return true; 330} 331 332static int pn533_acr122_rx_frame_size(void *frame) 333{ 334 struct pn533_acr122_rx_frame *f = frame; 335 336 /* f->ccid.datalen already includes tail length */ 337 return sizeof(struct pn533_acr122_rx_frame) + f->ccid.datalen; 338} 339 340static u8 pn533_acr122_get_cmd_code(void *frame) 341{ 342 struct pn533_acr122_rx_frame *f = frame; 343 344 return PN533_FRAME_CMD(f); 345} 346 347static struct pn533_frame_ops pn533_acr122_frame_ops = { 348 .tx_frame_init = pn533_acr122_tx_frame_init, 349 .tx_frame_finish = pn533_acr122_tx_frame_finish, 350 .tx_update_payload_len = pn533_acr122_tx_update_payload_len, 351 .tx_header_len = PN533_ACR122_TX_FRAME_HEADER_LEN, 352 .tx_tail_len = PN533_ACR122_TX_FRAME_TAIL_LEN, 353 354 .rx_is_frame_valid = pn533_acr122_is_rx_frame_valid, 355 .rx_header_len = PN533_ACR122_RX_FRAME_HEADER_LEN, 356 .rx_tail_len = PN533_ACR122_RX_FRAME_TAIL_LEN, 357 .rx_frame_size = pn533_acr122_rx_frame_size, 358 359 .max_payload_len = PN533_ACR122_FRAME_MAX_PAYLOAD_LEN, 360 .get_cmd_code = pn533_acr122_get_cmd_code, 361}; 362 363struct pn533_acr122_poweron_rdr_arg { 364 int rc; 365 struct completion done; 366}; 367 368static void pn533_acr122_poweron_rdr_resp(struct urb *urb) 369{ 370 struct pn533_acr122_poweron_rdr_arg *arg = urb->context; 371 372 print_hex_dump_debug("ACR122 RX: ", DUMP_PREFIX_NONE, 16, 1, 373 urb->transfer_buffer, urb->transfer_buffer_length, 374 false); 375 376 arg->rc = urb->status; 377 complete(&arg->done); 378} 379 380static int pn533_acr122_poweron_rdr(struct pn533_usb_phy *phy) 381{ 382 /* Power on th reader (CCID cmd) */ 383 u8 cmd[10] = {PN533_ACR122_PC_TO_RDR_ICCPOWERON, 384 0, 0, 0, 0, 0, 0, 3, 0, 0}; 385 char *buffer; 386 int transferred; 387 int rc; 388 void *cntx; 389 struct pn533_acr122_poweron_rdr_arg arg; 390 391 buffer = kmemdup(cmd, sizeof(cmd), GFP_KERNEL); 392 if (!buffer) 393 return -ENOMEM; 394 395 init_completion(&arg.done); 396 cntx = phy->in_urb->context; /* backup context */ 397 398 phy->in_urb->complete = pn533_acr122_poweron_rdr_resp; 399 phy->in_urb->context = &arg; 400 401 print_hex_dump_debug("ACR122 TX: ", DUMP_PREFIX_NONE, 16, 1, 402 cmd, sizeof(cmd), false); 403 404 rc = usb_bulk_msg(phy->udev, phy->out_urb->pipe, buffer, sizeof(cmd), 405 &transferred, 5000); 406 kfree(buffer); 407 if (rc || (transferred != sizeof(cmd))) { 408 nfc_err(&phy->udev->dev, 409 "Reader power on cmd error %d\n", rc); 410 return rc; 411 } 412 413 rc = usb_submit_urb(phy->in_urb, GFP_KERNEL); 414 if (rc) { 415 nfc_err(&phy->udev->dev, 416 "Can't submit reader poweron cmd response %d\n", rc); 417 return rc; 418 } 419 420 wait_for_completion(&arg.done); 421 phy->in_urb->context = cntx; /* restore context */ 422 423 return arg.rc; 424} 425 426static void pn533_out_complete(struct urb *urb) 427{ 428 struct pn533_out_arg *arg = urb->context; 429 struct pn533_usb_phy *phy = arg->phy; 430 431 switch (urb->status) { 432 case 0: 433 break; /* success */ 434 case -ECONNRESET: 435 case -ENOENT: 436 dev_dbg(&phy->udev->dev, 437 "The urb has been stopped (status %d)\n", 438 urb->status); 439 break; 440 case -ESHUTDOWN: 441 default: 442 nfc_err(&phy->udev->dev, 443 "Urb failure (status %d)\n", 444 urb->status); 445 } 446 447 complete(&arg->done); 448} 449 450static void pn533_ack_complete(struct urb *urb) 451{ 452 struct pn533_usb_phy *phy = urb->context; 453 454 switch (urb->status) { 455 case 0: 456 break; /* success */ 457 case -ECONNRESET: 458 case -ENOENT: 459 dev_dbg(&phy->udev->dev, 460 "The urb has been stopped (status %d)\n", 461 urb->status); 462 break; 463 case -ESHUTDOWN: 464 default: 465 nfc_err(&phy->udev->dev, 466 "Urb failure (status %d)\n", 467 urb->status); 468 } 469} 470 471static const struct pn533_phy_ops usb_phy_ops = { 472 .send_frame = pn533_usb_send_frame, 473 .send_ack = pn533_usb_send_ack, 474 .abort_cmd = pn533_usb_abort_cmd, 475}; 476 477static int pn533_usb_probe(struct usb_interface *interface, 478 const struct usb_device_id *id) 479{ 480 struct pn533 *priv; 481 struct pn533_usb_phy *phy; 482 struct usb_host_interface *iface_desc; 483 struct usb_endpoint_descriptor *endpoint; 484 int in_endpoint = 0; 485 int out_endpoint = 0; 486 int rc = -ENOMEM; 487 int i; 488 u32 protocols; 489 enum pn533_protocol_type protocol_type = PN533_PROTO_REQ_ACK_RESP; 490 struct pn533_frame_ops *fops = NULL; 491 unsigned char *in_buf; 492 int in_buf_len = PN533_EXT_FRAME_HEADER_LEN + 493 PN533_STD_FRAME_MAX_PAYLOAD_LEN + 494 PN533_STD_FRAME_TAIL_LEN; 495 496 phy = devm_kzalloc(&interface->dev, sizeof(*phy), GFP_KERNEL); 497 if (!phy) 498 return -ENOMEM; 499 500 in_buf = kzalloc(in_buf_len, GFP_KERNEL); 501 if (!in_buf) 502 return -ENOMEM; 503 504 phy->udev = usb_get_dev(interface_to_usbdev(interface)); 505 phy->interface = interface; 506 507 iface_desc = interface->cur_altsetting; 508 for (i = 0; i < iface_desc->desc.bNumEndpoints; ++i) { 509 endpoint = &iface_desc->endpoint[i].desc; 510 511 if (!in_endpoint && usb_endpoint_is_bulk_in(endpoint)) 512 in_endpoint = endpoint->bEndpointAddress; 513 514 if (!out_endpoint && usb_endpoint_is_bulk_out(endpoint)) 515 out_endpoint = endpoint->bEndpointAddress; 516 } 517 518 if (!in_endpoint || !out_endpoint) { 519 nfc_err(&interface->dev, 520 "Could not find bulk-in or bulk-out endpoint\n"); 521 rc = -ENODEV; 522 goto error; 523 } 524 525 phy->in_urb = usb_alloc_urb(0, GFP_KERNEL); 526 phy->out_urb = usb_alloc_urb(0, GFP_KERNEL); 527 phy->ack_urb = usb_alloc_urb(0, GFP_KERNEL); 528 529 if (!phy->in_urb || !phy->out_urb || !phy->ack_urb) 530 goto error; 531 532 usb_fill_bulk_urb(phy->in_urb, phy->udev, 533 usb_rcvbulkpipe(phy->udev, in_endpoint), 534 in_buf, in_buf_len, NULL, phy); 535 536 usb_fill_bulk_urb(phy->out_urb, phy->udev, 537 usb_sndbulkpipe(phy->udev, out_endpoint), 538 NULL, 0, pn533_out_complete, phy); 539 usb_fill_bulk_urb(phy->ack_urb, phy->udev, 540 usb_sndbulkpipe(phy->udev, out_endpoint), 541 NULL, 0, pn533_ack_complete, phy); 542 543 switch (id->driver_info) { 544 case PN533_DEVICE_STD: 545 protocols = PN533_ALL_PROTOCOLS; 546 break; 547 548 case PN533_DEVICE_PASORI: 549 protocols = PN533_NO_TYPE_B_PROTOCOLS; 550 break; 551 552 case PN533_DEVICE_ACR122U: 553 protocols = PN533_NO_TYPE_B_PROTOCOLS; 554 fops = &pn533_acr122_frame_ops; 555 protocol_type = PN533_PROTO_REQ_RESP; 556 557 rc = pn533_acr122_poweron_rdr(phy); 558 if (rc < 0) { 559 nfc_err(&interface->dev, 560 "Couldn't poweron the reader (error %d)\n", rc); 561 goto error; 562 } 563 break; 564 565 default: 566 nfc_err(&interface->dev, "Unknown device type %lu\n", 567 id->driver_info); 568 rc = -EINVAL; 569 goto error; 570 } 571 572 priv = pn53x_common_init(id->driver_info, protocol_type, 573 phy, &usb_phy_ops, fops, 574 &phy->udev->dev); 575 576 if (IS_ERR(priv)) { 577 rc = PTR_ERR(priv); 578 goto error; 579 } 580 581 phy->priv = priv; 582 583 rc = pn533_finalize_setup(priv); 584 if (rc) 585 goto err_clean; 586 587 usb_set_intfdata(interface, phy); 588 rc = pn53x_register_nfc(priv, protocols, &interface->dev); 589 if (rc) 590 goto err_clean; 591 592 return 0; 593 594err_clean: 595 pn53x_common_clean(priv); 596error: 597 usb_kill_urb(phy->in_urb); 598 usb_kill_urb(phy->out_urb); 599 usb_kill_urb(phy->ack_urb); 600 601 usb_free_urb(phy->in_urb); 602 usb_free_urb(phy->out_urb); 603 usb_free_urb(phy->ack_urb); 604 usb_put_dev(phy->udev); 605 kfree(in_buf); 606 kfree(phy->ack_buffer); 607 608 return rc; 609} 610 611static void pn533_usb_disconnect(struct usb_interface *interface) 612{ 613 struct pn533_usb_phy *phy = usb_get_intfdata(interface); 614 615 if (!phy) 616 return; 617 618 pn53x_unregister_nfc(phy->priv); 619 pn53x_common_clean(phy->priv); 620 621 usb_set_intfdata(interface, NULL); 622 623 usb_kill_urb(phy->in_urb); 624 usb_kill_urb(phy->out_urb); 625 usb_kill_urb(phy->ack_urb); 626 627 kfree(phy->in_urb->transfer_buffer); 628 usb_free_urb(phy->in_urb); 629 usb_free_urb(phy->out_urb); 630 usb_free_urb(phy->ack_urb); 631 kfree(phy->ack_buffer); 632 633 nfc_info(&interface->dev, "NXP PN533 NFC device disconnected\n"); 634} 635 636static struct usb_driver pn533_usb_driver = { 637 .name = "pn533_usb", 638 .probe = pn533_usb_probe, 639 .disconnect = pn533_usb_disconnect, 640 .id_table = pn533_usb_table, 641}; 642 643module_usb_driver(pn533_usb_driver); 644 645MODULE_AUTHOR("Lauro Ramos Venancio <lauro.venancio@openbossa.org>"); 646MODULE_AUTHOR("Aloisio Almeida Jr <aloisio.almeida@openbossa.org>"); 647MODULE_AUTHOR("Waldemar Rymarkiewicz <waldemar.rymarkiewicz@tieto.com>"); 648MODULE_DESCRIPTION("PN533 USB driver ver " VERSION); 649MODULE_VERSION(VERSION); 650MODULE_LICENSE("GPL"); 651