1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3 * Driver for NXP PN533 NFC Chip - USB transport layer
4 *
5 * Copyright (C) 2011 Instituto Nokia de Tecnologia
6 * Copyright (C) 2012-2013 Tieto Poland
7 */
8
9 #include <linux/device.h>
10 #include <linux/kernel.h>
11 #include <linux/module.h>
12 #include <linux/slab.h>
13 #include <linux/usb.h>
14 #include <linux/nfc.h>
15 #include <linux/netdevice.h>
16 #include <net/nfc/nfc.h>
17 #include "pn533.h"
18
19 #define VERSION "0.1"
20
21 #define PN533_VENDOR_ID 0x4CC
22 #define PN533_PRODUCT_ID 0x2533
23
24 #define SCM_VENDOR_ID 0x4E6
25 #define SCL3711_PRODUCT_ID 0x5591
26
27 #define SONY_VENDOR_ID 0x054c
28 #define PASORI_PRODUCT_ID 0x02e1
29
30 #define ACS_VENDOR_ID 0x072f
31 #define ACR122U_PRODUCT_ID 0x2200
32
33 static const struct usb_device_id pn533_usb_table[] = {
34 { USB_DEVICE(PN533_VENDOR_ID, PN533_PRODUCT_ID),
35 .driver_info = PN533_DEVICE_STD },
36 { USB_DEVICE(SCM_VENDOR_ID, SCL3711_PRODUCT_ID),
37 .driver_info = PN533_DEVICE_STD },
38 { USB_DEVICE(SONY_VENDOR_ID, PASORI_PRODUCT_ID),
39 .driver_info = PN533_DEVICE_PASORI },
40 { USB_DEVICE(ACS_VENDOR_ID, ACR122U_PRODUCT_ID),
41 .driver_info = PN533_DEVICE_ACR122U },
42 { }
43 };
44 MODULE_DEVICE_TABLE(usb, pn533_usb_table);
45
46 struct pn533_usb_phy {
47 struct usb_device *udev;
48 struct usb_interface *interface;
49
50 struct urb *out_urb;
51 struct urb *in_urb;
52
53 struct urb *ack_urb;
54 u8 *ack_buffer;
55
56 struct pn533 *priv;
57 };
58
pn533_recv_response(struct urb * urb)59 static void pn533_recv_response(struct urb *urb)
60 {
61 struct pn533_usb_phy *phy = urb->context;
62 struct sk_buff *skb = NULL;
63
64 if (!urb->status) {
65 skb = alloc_skb(urb->actual_length, GFP_ATOMIC);
66 if (!skb) {
67 nfc_err(&phy->udev->dev, "failed to alloc memory\n");
68 } else {
69 skb_put_data(skb, urb->transfer_buffer,
70 urb->actual_length);
71 }
72 }
73
74 pn533_recv_frame(phy->priv, skb, urb->status);
75 }
76
pn533_submit_urb_for_response(struct pn533_usb_phy * phy,gfp_t flags)77 static int pn533_submit_urb_for_response(struct pn533_usb_phy *phy, gfp_t flags)
78 {
79 phy->in_urb->complete = pn533_recv_response;
80
81 return usb_submit_urb(phy->in_urb, flags);
82 }
83
pn533_recv_ack(struct urb * urb)84 static void pn533_recv_ack(struct urb *urb)
85 {
86 struct pn533_usb_phy *phy = urb->context;
87 struct pn533 *priv = phy->priv;
88 struct pn533_cmd *cmd = priv->cmd;
89 struct pn533_std_frame *in_frame;
90 int rc;
91
92 cmd->status = urb->status;
93
94 switch (urb->status) {
95 case 0:
96 break; /* success */
97 case -ECONNRESET:
98 case -ENOENT:
99 dev_dbg(&phy->udev->dev,
100 "The urb has been stopped (status %d)\n",
101 urb->status);
102 goto sched_wq;
103 case -ESHUTDOWN:
104 default:
105 nfc_err(&phy->udev->dev,
106 "Urb failure (status %d)\n", urb->status);
107 goto sched_wq;
108 }
109
110 in_frame = phy->in_urb->transfer_buffer;
111
112 if (!pn533_rx_frame_is_ack(in_frame)) {
113 nfc_err(&phy->udev->dev, "Received an invalid ack\n");
114 cmd->status = -EIO;
115 goto sched_wq;
116 }
117
118 rc = pn533_submit_urb_for_response(phy, GFP_ATOMIC);
119 if (rc) {
120 nfc_err(&phy->udev->dev,
121 "usb_submit_urb failed with result %d\n", rc);
122 cmd->status = rc;
123 goto sched_wq;
124 }
125
126 return;
127
128 sched_wq:
129 queue_work(priv->wq, &priv->cmd_complete_work);
130 }
131
pn533_submit_urb_for_ack(struct pn533_usb_phy * phy,gfp_t flags)132 static int pn533_submit_urb_for_ack(struct pn533_usb_phy *phy, gfp_t flags)
133 {
134 phy->in_urb->complete = pn533_recv_ack;
135
136 return usb_submit_urb(phy->in_urb, flags);
137 }
138
pn533_usb_send_ack(struct pn533 * dev,gfp_t flags)139 static int pn533_usb_send_ack(struct pn533 *dev, gfp_t flags)
140 {
141 struct pn533_usb_phy *phy = dev->phy;
142 static const u8 ack[6] = {0x00, 0x00, 0xff, 0x00, 0xff, 0x00};
143 /* spec 7.1.1.3: Preamble, SoPC (2), ACK Code (2), Postamble */
144
145 if (!phy->ack_buffer) {
146 phy->ack_buffer = kmemdup(ack, sizeof(ack), flags);
147 if (!phy->ack_buffer)
148 return -ENOMEM;
149 }
150
151 phy->ack_urb->transfer_buffer = phy->ack_buffer;
152 phy->ack_urb->transfer_buffer_length = sizeof(ack);
153 return usb_submit_urb(phy->ack_urb, flags);
154 }
155
156 struct pn533_out_arg {
157 struct pn533_usb_phy *phy;
158 struct completion done;
159 };
160
pn533_usb_send_frame(struct pn533 * dev,struct sk_buff * out)161 static int pn533_usb_send_frame(struct pn533 *dev,
162 struct sk_buff *out)
163 {
164 struct pn533_usb_phy *phy = dev->phy;
165 struct pn533_out_arg arg;
166 void *cntx;
167 int rc;
168
169 if (phy->priv == NULL)
170 phy->priv = dev;
171
172 phy->out_urb->transfer_buffer = out->data;
173 phy->out_urb->transfer_buffer_length = out->len;
174
175 print_hex_dump_debug("PN533 TX: ", DUMP_PREFIX_NONE, 16, 1,
176 out->data, out->len, false);
177
178 init_completion(&arg.done);
179 cntx = phy->out_urb->context;
180 phy->out_urb->context = &arg;
181
182 rc = usb_submit_urb(phy->out_urb, GFP_KERNEL);
183 if (rc)
184 return rc;
185
186 wait_for_completion(&arg.done);
187 phy->out_urb->context = cntx;
188
189 if (dev->protocol_type == PN533_PROTO_REQ_RESP) {
190 /* request for response for sent packet directly */
191 rc = pn533_submit_urb_for_response(phy, GFP_KERNEL);
192 if (rc)
193 goto error;
194 } else if (dev->protocol_type == PN533_PROTO_REQ_ACK_RESP) {
195 /* request for ACK if that's the case */
196 rc = pn533_submit_urb_for_ack(phy, GFP_KERNEL);
197 if (rc)
198 goto error;
199 }
200
201 return 0;
202
203 error:
204 usb_unlink_urb(phy->out_urb);
205 return rc;
206 }
207
pn533_usb_abort_cmd(struct pn533 * dev,gfp_t flags)208 static void pn533_usb_abort_cmd(struct pn533 *dev, gfp_t flags)
209 {
210 struct pn533_usb_phy *phy = dev->phy;
211
212 /* ACR122U does not support any command which aborts last
213 * issued command i.e. as ACK for standard PN533. Additionally,
214 * it behaves stange, sending broken or incorrect responses,
215 * when we cancel urb before the chip will send response.
216 */
217 if (dev->device_type == PN533_DEVICE_ACR122U)
218 return;
219
220 /* An ack will cancel the last issued command */
221 pn533_usb_send_ack(dev, flags);
222
223 /* cancel the urb request */
224 usb_kill_urb(phy->in_urb);
225 }
226
227 /* ACR122 specific structs and functions */
228
229 /* ACS ACR122 pn533 frame definitions */
230 #define PN533_ACR122_TX_FRAME_HEADER_LEN (sizeof(struct pn533_acr122_tx_frame) \
231 + 2)
232 #define PN533_ACR122_TX_FRAME_TAIL_LEN 0
233 #define PN533_ACR122_RX_FRAME_HEADER_LEN (sizeof(struct pn533_acr122_rx_frame) \
234 + 2)
235 #define PN533_ACR122_RX_FRAME_TAIL_LEN 2
236 #define PN533_ACR122_FRAME_MAX_PAYLOAD_LEN PN533_STD_FRAME_MAX_PAYLOAD_LEN
237
238 /* CCID messages types */
239 #define PN533_ACR122_PC_TO_RDR_ICCPOWERON 0x62
240 #define PN533_ACR122_PC_TO_RDR_ESCAPE 0x6B
241
242 #define PN533_ACR122_RDR_TO_PC_ESCAPE 0x83
243
244
245 struct pn533_acr122_ccid_hdr {
246 u8 type;
247 u32 datalen;
248 u8 slot;
249 u8 seq;
250
251 /*
252 * 3 msg specific bytes or status, error and 1 specific
253 * byte for reposnse msg
254 */
255 u8 params[3];
256 u8 data[]; /* payload */
257 } __packed;
258
259 struct pn533_acr122_apdu_hdr {
260 u8 class;
261 u8 ins;
262 u8 p1;
263 u8 p2;
264 } __packed;
265
266 struct pn533_acr122_tx_frame {
267 struct pn533_acr122_ccid_hdr ccid;
268 struct pn533_acr122_apdu_hdr apdu;
269 u8 datalen;
270 u8 data[]; /* pn533 frame: TFI ... */
271 } __packed;
272
273 struct pn533_acr122_rx_frame {
274 struct pn533_acr122_ccid_hdr ccid;
275 u8 data[]; /* pn533 frame : TFI ... */
276 } __packed;
277
pn533_acr122_tx_frame_init(void * _frame,u8 cmd_code)278 static void pn533_acr122_tx_frame_init(void *_frame, u8 cmd_code)
279 {
280 struct pn533_acr122_tx_frame *frame = _frame;
281
282 frame->ccid.type = PN533_ACR122_PC_TO_RDR_ESCAPE;
283 /* sizeof(apdu_hdr) + sizeof(datalen) */
284 frame->ccid.datalen = sizeof(frame->apdu) + 1;
285 frame->ccid.slot = 0;
286 frame->ccid.seq = 0;
287 frame->ccid.params[0] = 0;
288 frame->ccid.params[1] = 0;
289 frame->ccid.params[2] = 0;
290
291 frame->data[0] = PN533_STD_FRAME_DIR_OUT;
292 frame->data[1] = cmd_code;
293 frame->datalen = 2; /* data[0] + data[1] */
294
295 frame->apdu.class = 0xFF;
296 frame->apdu.ins = 0;
297 frame->apdu.p1 = 0;
298 frame->apdu.p2 = 0;
299 }
300
pn533_acr122_tx_frame_finish(void * _frame)301 static void pn533_acr122_tx_frame_finish(void *_frame)
302 {
303 struct pn533_acr122_tx_frame *frame = _frame;
304
305 frame->ccid.datalen += frame->datalen;
306 }
307
pn533_acr122_tx_update_payload_len(void * _frame,int len)308 static void pn533_acr122_tx_update_payload_len(void *_frame, int len)
309 {
310 struct pn533_acr122_tx_frame *frame = _frame;
311
312 frame->datalen += len;
313 }
314
pn533_acr122_is_rx_frame_valid(void * _frame,struct pn533 * dev)315 static bool pn533_acr122_is_rx_frame_valid(void *_frame, struct pn533 *dev)
316 {
317 struct pn533_acr122_rx_frame *frame = _frame;
318
319 if (frame->ccid.type != 0x83)
320 return false;
321
322 if (!frame->ccid.datalen)
323 return false;
324
325 if (frame->data[frame->ccid.datalen - 2] == 0x63)
326 return false;
327
328 return true;
329 }
330
pn533_acr122_rx_frame_size(void * frame)331 static int pn533_acr122_rx_frame_size(void *frame)
332 {
333 struct pn533_acr122_rx_frame *f = frame;
334
335 /* f->ccid.datalen already includes tail length */
336 return sizeof(struct pn533_acr122_rx_frame) + f->ccid.datalen;
337 }
338
pn533_acr122_get_cmd_code(void * frame)339 static u8 pn533_acr122_get_cmd_code(void *frame)
340 {
341 struct pn533_acr122_rx_frame *f = frame;
342
343 return PN533_FRAME_CMD(f);
344 }
345
346 static struct pn533_frame_ops pn533_acr122_frame_ops = {
347 .tx_frame_init = pn533_acr122_tx_frame_init,
348 .tx_frame_finish = pn533_acr122_tx_frame_finish,
349 .tx_update_payload_len = pn533_acr122_tx_update_payload_len,
350 .tx_header_len = PN533_ACR122_TX_FRAME_HEADER_LEN,
351 .tx_tail_len = PN533_ACR122_TX_FRAME_TAIL_LEN,
352
353 .rx_is_frame_valid = pn533_acr122_is_rx_frame_valid,
354 .rx_header_len = PN533_ACR122_RX_FRAME_HEADER_LEN,
355 .rx_tail_len = PN533_ACR122_RX_FRAME_TAIL_LEN,
356 .rx_frame_size = pn533_acr122_rx_frame_size,
357
358 .max_payload_len = PN533_ACR122_FRAME_MAX_PAYLOAD_LEN,
359 .get_cmd_code = pn533_acr122_get_cmd_code,
360 };
361
362 struct pn533_acr122_poweron_rdr_arg {
363 int rc;
364 struct completion done;
365 };
366
pn533_acr122_poweron_rdr_resp(struct urb * urb)367 static void pn533_acr122_poweron_rdr_resp(struct urb *urb)
368 {
369 struct pn533_acr122_poweron_rdr_arg *arg = urb->context;
370
371 print_hex_dump_debug("ACR122 RX: ", DUMP_PREFIX_NONE, 16, 1,
372 urb->transfer_buffer, urb->transfer_buffer_length,
373 false);
374
375 arg->rc = urb->status;
376 complete(&arg->done);
377 }
378
pn533_acr122_poweron_rdr(struct pn533_usb_phy * phy)379 static int pn533_acr122_poweron_rdr(struct pn533_usb_phy *phy)
380 {
381 /* Power on th reader (CCID cmd) */
382 u8 cmd[10] = {PN533_ACR122_PC_TO_RDR_ICCPOWERON,
383 0, 0, 0, 0, 0, 0, 3, 0, 0};
384 char *buffer;
385 int transferred;
386 int rc;
387 void *cntx;
388 struct pn533_acr122_poweron_rdr_arg arg;
389
390 buffer = kmemdup(cmd, sizeof(cmd), GFP_KERNEL);
391 if (!buffer)
392 return -ENOMEM;
393
394 init_completion(&arg.done);
395 cntx = phy->in_urb->context; /* backup context */
396
397 phy->in_urb->complete = pn533_acr122_poweron_rdr_resp;
398 phy->in_urb->context = &arg;
399
400 print_hex_dump_debug("ACR122 TX: ", DUMP_PREFIX_NONE, 16, 1,
401 cmd, sizeof(cmd), false);
402
403 rc = usb_bulk_msg(phy->udev, phy->out_urb->pipe, buffer, sizeof(cmd),
404 &transferred, 5000);
405 kfree(buffer);
406 if (rc || (transferred != sizeof(cmd))) {
407 nfc_err(&phy->udev->dev,
408 "Reader power on cmd error %d\n", rc);
409 return rc;
410 }
411
412 rc = usb_submit_urb(phy->in_urb, GFP_KERNEL);
413 if (rc) {
414 nfc_err(&phy->udev->dev,
415 "Can't submit reader poweron cmd response %d\n", rc);
416 return rc;
417 }
418
419 wait_for_completion(&arg.done);
420 phy->in_urb->context = cntx; /* restore context */
421
422 return arg.rc;
423 }
424
pn533_out_complete(struct urb * urb)425 static void pn533_out_complete(struct urb *urb)
426 {
427 struct pn533_out_arg *arg = urb->context;
428 struct pn533_usb_phy *phy = arg->phy;
429
430 switch (urb->status) {
431 case 0:
432 break; /* success */
433 case -ECONNRESET:
434 case -ENOENT:
435 dev_dbg(&phy->udev->dev,
436 "The urb has been stopped (status %d)\n",
437 urb->status);
438 break;
439 case -ESHUTDOWN:
440 default:
441 nfc_err(&phy->udev->dev,
442 "Urb failure (status %d)\n",
443 urb->status);
444 }
445
446 complete(&arg->done);
447 }
448
pn533_ack_complete(struct urb * urb)449 static void pn533_ack_complete(struct urb *urb)
450 {
451 struct pn533_usb_phy *phy = urb->context;
452
453 switch (urb->status) {
454 case 0:
455 break; /* success */
456 case -ECONNRESET:
457 case -ENOENT:
458 dev_dbg(&phy->udev->dev,
459 "The urb has been stopped (status %d)\n",
460 urb->status);
461 break;
462 case -ESHUTDOWN:
463 default:
464 nfc_err(&phy->udev->dev,
465 "Urb failure (status %d)\n",
466 urb->status);
467 }
468 }
469
470 static const struct pn533_phy_ops usb_phy_ops = {
471 .send_frame = pn533_usb_send_frame,
472 .send_ack = pn533_usb_send_ack,
473 .abort_cmd = pn533_usb_abort_cmd,
474 };
475
pn533_usb_probe(struct usb_interface * interface,const struct usb_device_id * id)476 static int pn533_usb_probe(struct usb_interface *interface,
477 const struct usb_device_id *id)
478 {
479 struct pn533 *priv;
480 struct pn533_usb_phy *phy;
481 struct usb_host_interface *iface_desc;
482 struct usb_endpoint_descriptor *endpoint;
483 int in_endpoint = 0;
484 int out_endpoint = 0;
485 int rc = -ENOMEM;
486 int i;
487 u32 protocols;
488 enum pn533_protocol_type protocol_type = PN533_PROTO_REQ_ACK_RESP;
489 struct pn533_frame_ops *fops = NULL;
490 unsigned char *in_buf;
491 int in_buf_len = PN533_EXT_FRAME_HEADER_LEN +
492 PN533_STD_FRAME_MAX_PAYLOAD_LEN +
493 PN533_STD_FRAME_TAIL_LEN;
494
495 phy = devm_kzalloc(&interface->dev, sizeof(*phy), GFP_KERNEL);
496 if (!phy)
497 return -ENOMEM;
498
499 in_buf = kzalloc(in_buf_len, GFP_KERNEL);
500 if (!in_buf)
501 return -ENOMEM;
502
503 phy->udev = usb_get_dev(interface_to_usbdev(interface));
504 phy->interface = interface;
505
506 iface_desc = interface->cur_altsetting;
507 for (i = 0; i < iface_desc->desc.bNumEndpoints; ++i) {
508 endpoint = &iface_desc->endpoint[i].desc;
509
510 if (!in_endpoint && usb_endpoint_is_bulk_in(endpoint))
511 in_endpoint = endpoint->bEndpointAddress;
512
513 if (!out_endpoint && usb_endpoint_is_bulk_out(endpoint))
514 out_endpoint = endpoint->bEndpointAddress;
515 }
516
517 if (!in_endpoint || !out_endpoint) {
518 nfc_err(&interface->dev,
519 "Could not find bulk-in or bulk-out endpoint\n");
520 rc = -ENODEV;
521 goto error;
522 }
523
524 phy->in_urb = usb_alloc_urb(0, GFP_KERNEL);
525 phy->out_urb = usb_alloc_urb(0, GFP_KERNEL);
526 phy->ack_urb = usb_alloc_urb(0, GFP_KERNEL);
527
528 if (!phy->in_urb || !phy->out_urb || !phy->ack_urb)
529 goto error;
530
531 usb_fill_bulk_urb(phy->in_urb, phy->udev,
532 usb_rcvbulkpipe(phy->udev, in_endpoint),
533 in_buf, in_buf_len, NULL, phy);
534
535 usb_fill_bulk_urb(phy->out_urb, phy->udev,
536 usb_sndbulkpipe(phy->udev, out_endpoint),
537 NULL, 0, pn533_out_complete, phy);
538 usb_fill_bulk_urb(phy->ack_urb, phy->udev,
539 usb_sndbulkpipe(phy->udev, out_endpoint),
540 NULL, 0, pn533_ack_complete, phy);
541
542 switch (id->driver_info) {
543 case PN533_DEVICE_STD:
544 protocols = PN533_ALL_PROTOCOLS;
545 break;
546
547 case PN533_DEVICE_PASORI:
548 protocols = PN533_NO_TYPE_B_PROTOCOLS;
549 break;
550
551 case PN533_DEVICE_ACR122U:
552 protocols = PN533_NO_TYPE_B_PROTOCOLS;
553 fops = &pn533_acr122_frame_ops;
554 protocol_type = PN533_PROTO_REQ_RESP;
555
556 rc = pn533_acr122_poweron_rdr(phy);
557 if (rc < 0) {
558 nfc_err(&interface->dev,
559 "Couldn't poweron the reader (error %d)\n", rc);
560 goto error;
561 }
562 break;
563
564 default:
565 nfc_err(&interface->dev, "Unknown device type %lu\n",
566 id->driver_info);
567 rc = -EINVAL;
568 goto error;
569 }
570
571 priv = pn53x_common_init(id->driver_info, protocol_type,
572 phy, &usb_phy_ops, fops,
573 &phy->udev->dev);
574
575 if (IS_ERR(priv)) {
576 rc = PTR_ERR(priv);
577 goto error;
578 }
579
580 phy->priv = priv;
581
582 rc = pn533_finalize_setup(priv);
583 if (rc)
584 goto err_clean;
585
586 usb_set_intfdata(interface, phy);
587 rc = pn53x_register_nfc(priv, protocols, &interface->dev);
588 if (rc)
589 goto err_clean;
590
591 return 0;
592
593 err_clean:
594 pn53x_common_clean(priv);
595 error:
596 usb_kill_urb(phy->in_urb);
597 usb_kill_urb(phy->out_urb);
598 usb_kill_urb(phy->ack_urb);
599
600 usb_free_urb(phy->in_urb);
601 usb_free_urb(phy->out_urb);
602 usb_free_urb(phy->ack_urb);
603 usb_put_dev(phy->udev);
604 kfree(in_buf);
605 kfree(phy->ack_buffer);
606
607 return rc;
608 }
609
pn533_usb_disconnect(struct usb_interface * interface)610 static void pn533_usb_disconnect(struct usb_interface *interface)
611 {
612 struct pn533_usb_phy *phy = usb_get_intfdata(interface);
613
614 if (!phy)
615 return;
616
617 pn53x_unregister_nfc(phy->priv);
618 pn53x_common_clean(phy->priv);
619
620 usb_set_intfdata(interface, NULL);
621
622 usb_kill_urb(phy->in_urb);
623 usb_kill_urb(phy->out_urb);
624 usb_kill_urb(phy->ack_urb);
625
626 kfree(phy->in_urb->transfer_buffer);
627 usb_free_urb(phy->in_urb);
628 usb_free_urb(phy->out_urb);
629 usb_free_urb(phy->ack_urb);
630 kfree(phy->ack_buffer);
631
632 nfc_info(&interface->dev, "NXP PN533 NFC device disconnected\n");
633 }
634
635 static struct usb_driver pn533_usb_driver = {
636 .name = "pn533_usb",
637 .probe = pn533_usb_probe,
638 .disconnect = pn533_usb_disconnect,
639 .id_table = pn533_usb_table,
640 };
641
642 module_usb_driver(pn533_usb_driver);
643
644 MODULE_AUTHOR("Lauro Ramos Venancio <lauro.venancio@openbossa.org>");
645 MODULE_AUTHOR("Aloisio Almeida Jr <aloisio.almeida@openbossa.org>");
646 MODULE_AUTHOR("Waldemar Rymarkiewicz <waldemar.rymarkiewicz@tieto.com>");
647 MODULE_DESCRIPTION("PN533 USB driver ver " VERSION);
648 MODULE_VERSION(VERSION);
649 MODULE_LICENSE("GPL");
650