2 * Copyright (c) 2006-2007 Daniel Roethlisberger <daniel@roe.ch>
3 * Copyright (c) 2000-2004 OMNIKEY GmbH (www.omnikey.com)
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
9 * 1. Redistributions of source code must retain the above copyright
10 * notice unmodified, this list of conditions, and the following
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
29 #include <sys/cdefs.h>
30 __FBSDID("$FreeBSD$");
33 * OMNIKEY CardMan 4040 a.k.a. CardMan eXtended (cmx) driver.
34 * This is a PCMCIA based smartcard reader which seems to work
35 * like an I/O port mapped USB CCID smartcard device.
37 * I/O originally based on Linux driver version 1.1.0 by OMNIKEY.
38 * Dual GPL/BSD. Almost all of the code has been rewritten.
39 * $Omnikey: cm4040_cs.c,v 1.7 2004/10/04 09:08:50 jp Exp $
42 #include <sys/param.h>
43 #include <sys/systm.h>
45 #include <sys/kernel.h>
46 #include <sys/mutex.h>
47 #include <sys/sockio.h>
51 #include <sys/fcntl.h>
53 #include <sys/selinfo.h>
55 #include <sys/module.h>
58 #include <machine/bus.h>
59 #include <machine/resource.h>
62 #include <dev/cmx/cmxvar.h>
63 #include <dev/cmx/cmxreg.h>
66 #define DEBUG_printf(dev, fmt, args...) \
67 device_printf(dev, "%s: " fmt, __FUNCTION__, ##args)
69 #define DEBUG_printf(dev, fmt, args...)
72 #define SPIN_COUNT 1000
73 #define WAIT_TICKS (hz/100)
74 #define POLL_TICKS (hz/10)
77 #define CCID_DRIVER_BULK_DEFAULT_TIMEOUT (150*hz)
78 #define CCID_DRIVER_ASYNC_POWERUP_TIMEOUT (35*hz)
79 #define CCID_DRIVER_MINIMUM_TIMEOUT (3*hz)
82 static char BSRBITS[] = "\020"
83 "\01BULK_OUT_FULL" /* 0x01 */
84 "\02BULK_IN_FULL" /* 0x02 */
85 "\03(0x04)"; /* 0x04 */
87 static char SCRBITS[] = "\020"
88 "\01POWER_DOWN" /* 0x01 */
89 "\02PULSE_INTERRUPT" /* 0x02 */
90 "\03HOST_TO_READER_DONE" /* 0x04 */
91 "\04READER_TO_HOST_DONE" /* 0x08 */
92 "\05ACK_NOTIFY" /* 0x10 */
93 "\06EN_NOTIFY" /* 0x20 */
95 "\10HOST_TO_READER_START"; /* 0x80 */
97 static char POLLBITS[] = "\020"
98 "\01POLLIN" /* 0x0001 */
99 "\02POLLPRI" /* 0x0002 */
100 "\03POLLOUT" /* 0x0004 */
101 "\04POLLERR" /* 0x0008 */
102 "\05POLLHUP" /* 0x0010 */
103 "\06POLLINVAL" /* 0x0020 */
104 "\07POLLRDNORM" /* 0x0040 */
105 "\10POLLRDBAND" /* 0x0080 */
106 "\11POLLWRBAND"; /* 0x0100 */
107 static char MODEBITS[] = "\020"
108 "\01READ" /* 0x0001 */
109 "\02WRITE" /* 0x0002 */
110 "\03NONBLOCK" /* 0x0004 */
111 "\04APPEND" /* 0x0008 */
112 "\05SHLOCK" /* 0x0010 */
113 "\06EXLOCK" /* 0x0020 */
114 "\07ASYNC" /* 0x0040 */
115 "\10FSYNC" /* 0x0080 */
116 "\11NOFOLLOW" /* 0x0100 */
117 "\12CREAT" /* 0x0200 */
118 "\13TRUNK" /* 0x0400 */
119 "\14EXCL" /* 0x0800 */
120 "\15(0x1000)" /* 0x1000 */
121 "\16(0x2000)" /* 0x2000 */
122 "\17HASLOCK" /* 0x4000 */
123 "\20NOCTTY" /* 0x8000 */
124 "\21DIRECT"; /* 0x00010000 */
125 #endif /* CMX_DEBUG */
127 devclass_t cmx_devclass;
129 static d_open_t cmx_open;
130 static d_close_t cmx_close;
131 static d_read_t cmx_read;
132 static d_write_t cmx_write;
133 static d_poll_t cmx_poll;
135 static void cmx_intr(void *arg);
138 static struct cdevsw cmx_cdevsw = {
139 .d_version = D_VERSION,
141 .d_close = cmx_close,
143 .d_write = cmx_write,
149 * Initialize the softc structure. Must be called from
150 * the bus specific device allocation routine.
153 cmx_init_softc(device_t dev)
155 struct cmx_softc *sc = device_get_softc(dev);
157 sc->timeout = CCID_DRIVER_MINIMUM_TIMEOUT;
161 * Allocate driver resources. Must be called from the
162 * bus specific device allocation routine. Caller must
163 * ensure to call cmx_release_resources to free the
164 * resources when detaching.
165 * Return zero if successful, and ENOMEM if the resources
166 * could not be allocated.
169 cmx_alloc_resources(device_t dev)
171 struct cmx_softc *sc = device_get_softc(dev);
176 sc->ioport = bus_alloc_resource_any(dev, SYS_RES_IOPORT,
177 &sc->ioport_rid, RF_ACTIVE);
179 device_printf(dev, "failed to allocate io port\n");
182 sc->bst = rman_get_bustag(sc->ioport);
183 sc->bsh = rman_get_bushandle(sc->ioport);
186 sc->irq = bus_alloc_resource_any(dev, SYS_RES_IRQ,
187 &sc->irq_rid, RF_ACTIVE);
189 device_printf(dev, "failed to allocate irq\n");
192 if ((rv = bus_setup_intr(dev, sc->irq, INTR_TYPE_TTY,
193 cmx_intr, sc, &sc->ih)) != 0) {
194 device_printf(dev, "failed to set up irq\n");
199 mtx_init(&sc->mtx, device_get_nameunit(dev),
201 MTX_DEF | MTX_RECURSE);
202 callout_init_mtx(&sc->ch, &sc->mtx, 0);
208 * Release the resources allocated by cmx_allocate_resources.
211 cmx_release_resources(device_t dev)
213 struct cmx_softc *sc = device_get_softc(dev);
215 mtx_destroy(&sc->mtx);
219 bus_teardown_intr(dev, sc->irq, sc->ih);
223 bus_release_resource(dev, SYS_RES_IRQ,
224 sc->irq_rid, sc->irq);
230 bus_deactivate_resource(dev, SYS_RES_IOPORT,
231 sc->ioport_rid, sc->ioport);
232 bus_release_resource(dev, SYS_RES_IOPORT,
233 sc->ioport_rid, sc->ioport);
240 * Bus independent device attachment routine. Creates the
241 * character device node.
244 cmx_attach(device_t dev)
246 struct cmx_softc *sc = device_get_softc(dev);
248 if (!sc || sc->dying)
251 sc->cdev = make_dev(&cmx_cdevsw, 0, UID_ROOT, GID_WHEEL, 0600,
252 "cmx%d", device_get_unit(dev));
254 device_printf(dev, "failed to create character device\n");
257 sc->cdev->si_drv1 = sc;
263 * Bus independent device detachment routine. Makes sure all
264 * allocated resources are freed, callouts disabled and waiting
265 * processes unblocked.
268 cmx_detach(device_t dev)
270 struct cmx_softc *sc = device_get_softc(dev);
272 DEBUG_printf(dev, "called\n");
278 DEBUG_printf(sc->dev, "disabling polling\n");
279 callout_stop(&sc->ch);
282 callout_drain(&sc->ch);
283 selwakeuppri(&sc->sel, PZERO);
289 destroy_dev(sc->cdev);
291 DEBUG_printf(dev, "releasing resources\n");
292 cmx_release_resources(dev);
297 * Wait for buffer status register events. If test is non-zero,
298 * wait until flags are set, otherwise wait until flags are unset.
299 * Will spin SPIN_COUNT times, then sleep until timeout is reached.
300 * Returns zero if event happened, EIO if the timeout was reached,
301 * and ENXIO if the device was detached in the meantime. When that
302 * happens, the caller must quit immediately, since a detach is
306 cmx_wait_BSR(struct cmx_softc *sc, uint8_t flags, int test)
310 for (int i = 0; i < SPIN_COUNT; i++) {
311 if (cmx_test_BSR(sc, flags, test))
315 for (int i = 0; i * WAIT_TICKS < sc->timeout; i++) {
316 if (cmx_test_BSR(sc, flags, test))
318 rv = tsleep(sc, PWAIT|PCATCH, "cmx", WAIT_TICKS);
320 * Currently, the only reason for waking up with
321 * rv == 0 is when we are detaching, in which
322 * case sc->dying is always 1.
335 * Set the sync control register to val. Before and after writing
336 * to the SCR, we wait for the BSR to not signal BULK_OUT_FULL.
337 * Returns zero if successful, or whatever errors cmx_wait_BSR can
338 * return. ENXIO signals that the device has been detached in the
339 * meantime, and that we should leave the kernel immediately.
342 cmx_sync_write_SCR(struct cmx_softc *sc, uint8_t val)
346 if ((rv = cmx_wait_BSR(sc, BSR_BULK_OUT_FULL, 0)) != 0) {
350 cmx_write_SCR(sc, val);
352 if ((rv = cmx_wait_BSR(sc, BSR_BULK_OUT_FULL, 0)) != 0) {
360 * Returns a suitable timeout value based on the given command byte.
361 * Some commands appear to need longer timeout values than others.
363 static inline unsigned long
364 cmx_timeout_by_cmd(uint8_t cmd)
367 case CMD_PC_TO_RDR_XFRBLOCK:
368 case CMD_PC_TO_RDR_SECURE:
369 case CMD_PC_TO_RDR_TEST_SECURE:
370 case CMD_PC_TO_RDR_OK_SECURE:
371 return CCID_DRIVER_BULK_DEFAULT_TIMEOUT;
373 case CMD_PC_TO_RDR_ICCPOWERON:
374 return CCID_DRIVER_ASYNC_POWERUP_TIMEOUT;
376 case CMD_PC_TO_RDR_GETSLOTSTATUS:
377 case CMD_PC_TO_RDR_ICCPOWEROFF:
378 case CMD_PC_TO_RDR_GETPARAMETERS:
379 case CMD_PC_TO_RDR_RESETPARAMETERS:
380 case CMD_PC_TO_RDR_SETPARAMETERS:
381 case CMD_PC_TO_RDR_ESCAPE:
382 case CMD_PC_TO_RDR_ICCCLOCK:
384 return CCID_DRIVER_MINIMUM_TIMEOUT;
389 * Periodical callout routine, polling the reader for data
390 * availability. If the reader signals data ready for reading,
391 * wakes up the processes which are waiting in select()/poll().
392 * Otherwise, reschedules itself with a delay of POLL_TICKS.
397 struct cmx_softc *sc = xsc;
401 if (sc->polling && !sc->dying) {
402 bsr = cmx_read_BSR(sc);
403 DEBUG_printf(sc->dev, "BSR=%b\n", bsr, BSRBITS);
404 if (cmx_test(bsr, BSR_BULK_IN_FULL, 1)) {
406 selwakeuppri(&sc->sel, PZERO);
408 callout_reset(&sc->ch, POLL_TICKS, cmx_tick, sc);
415 * Open the character device. Only a single process may open the
419 cmx_open(struct cdev *cdev, int flags, int fmt, struct thread *td)
421 struct cmx_softc *sc = cdev->si_drv1;
423 if (sc == NULL || sc->dying)
434 DEBUG_printf(sc->dev, "open (flags=%b thread=%p)\n",
435 flags, MODEBITS, td);
440 * Close the character device.
443 cmx_close(struct cdev *cdev, int flags, int fmt, struct thread *td)
445 struct cmx_softc *sc = cdev->si_drv1;
447 if (sc == NULL || sc->dying)
456 DEBUG_printf(sc->dev, "disabling polling\n");
457 callout_stop(&sc->ch);
460 callout_drain(&sc->ch);
461 selwakeuppri(&sc->sel, PZERO);
467 DEBUG_printf(sc->dev, "close (flags=%b thread=%p)\n",
468 flags, MODEBITS, td);
473 * Read from the character device.
474 * Returns zero if successful, ENXIO if dying, EINVAL if an attempt
475 * was made to read less than CMX_MIN_RDLEN bytes or less than the
476 * device has available, or any of the errors that cmx_sync_write_SCR
477 * can return. Partial reads are not supported.
480 cmx_read(struct cdev *cdev, struct uio *uio, int flag)
482 struct cmx_softc *sc = cdev->si_drv1;
483 unsigned long bytes_left;
485 int rv, amnt, offset;
487 if (sc == NULL || sc->dying)
490 DEBUG_printf(sc->dev, "called (len=%d flag=%b)\n",
491 uio->uio_resid, flag, MODEBITS);
495 DEBUG_printf(sc->dev, "disabling polling\n");
496 callout_stop(&sc->ch);
499 callout_drain(&sc->ch);
500 selwakeuppri(&sc->sel, PZERO);
505 if (uio->uio_resid == 0) {
509 if (uio->uio_resid < CMX_MIN_RDLEN) {
513 if (flag & O_NONBLOCK) {
514 if (cmx_test_BSR(sc, BSR_BULK_IN_FULL, 0)) {
519 for (int i = 0; i < 5; i++) {
520 if ((rv = cmx_wait_BSR(sc, BSR_BULK_IN_FULL, 1)) != 0) {
523 sc->buf[i] = cmx_read_DTR(sc);
524 DEBUG_printf(sc->dev, "buf[%02x]=%02x\n", i, sc->buf[i]);
527 bytes_left = CMX_MIN_RDLEN +
528 (0x000000FF&((char)sc->buf[1])) +
529 (0x0000FF00&((char)sc->buf[2] << 8)) +
530 (0x00FF0000&((char)sc->buf[3] << 16)) +
531 (0xFF000000&((char)sc->buf[4] << 24));
532 DEBUG_printf(sc->dev, "msgsz=%lu\n", bytes_left);
534 if (uio->uio_resid < bytes_left) {
538 offset = 5; /* prefetched header */
539 while (bytes_left > 0) {
540 amnt = MIN(bytes_left, sizeof(sc->buf));
542 for (int i = offset; i < amnt; i++) {
543 if ((rv = cmx_wait_BSR(sc, BSR_BULK_IN_FULL, 1))!=0) {
546 sc->buf[i] = cmx_read_DTR(sc);
547 DEBUG_printf(sc->dev, "buf[%02x]=%02x\n",
551 if ((rv = uiomove(sc->buf, amnt, uio)) != 0) {
552 DEBUG_printf(sc->dev, "uiomove failed (%d)\n", rv);
561 if ((rv = cmx_wait_BSR(sc, BSR_BULK_IN_FULL, 1)) != 0) {
565 if ((rv = cmx_sync_write_SCR(sc, SCR_READER_TO_HOST_DONE)) != 0) {
569 uc = cmx_read_DTR(sc);
570 DEBUG_printf(sc->dev, "success (DTR=%02x)\n", uc);
575 * Write to the character device.
576 * Returns zero if successful, NXIO if dying, EINVAL if less data
577 * written than CMX_MIN_WRLEN, or any of the errors that cmx_sync_SCR
581 cmx_write(struct cdev *cdev, struct uio *uio, int flag)
583 struct cmx_softc *sc = cdev->si_drv1;
586 if (sc == NULL || sc->dying)
589 DEBUG_printf(sc->dev, "called (len=%d flag=%b)\n",
590 uio->uio_resid, flag, MODEBITS);
592 if (uio->uio_resid == 0) {
596 if (uio->uio_resid < CMX_MIN_WRLEN) {
600 if ((rv = cmx_sync_write_SCR(sc, SCR_HOST_TO_READER_START)) != 0) {
605 while (uio->uio_resid > 0) {
606 amnt = MIN(uio->uio_resid, sizeof(sc->buf));
608 if ((rv = uiomove(sc->buf, amnt, uio)) != 0) {
609 DEBUG_printf(sc->dev, "uiomove failed (%d)\n", rv);
610 /* wildly guessed attempt to notify device */
611 sc->timeout = CCID_DRIVER_MINIMUM_TIMEOUT;
612 cmx_sync_write_SCR(sc, SCR_HOST_TO_READER_DONE);
616 if (sc->timeout == 0) {
617 sc->timeout = cmx_timeout_by_cmd(sc->buf[0]);
618 DEBUG_printf(sc->dev, "cmd=%02x timeout=%lu\n",
619 sc->buf[0], sc->timeout);
622 for (int i = 0; i < amnt; i++) {
623 if ((rv = cmx_wait_BSR(sc, BSR_BULK_OUT_FULL, 0))!=0) {
626 cmx_write_DTR(sc, sc->buf[i]);
627 DEBUG_printf(sc->dev, "buf[%02x]=%02x\n",
632 if ((rv = cmx_sync_write_SCR(sc, SCR_HOST_TO_READER_DONE)) != 0) {
636 DEBUG_printf(sc->dev, "success\n");
641 * Poll handler. Writing is always possible, reading is only possible
642 * if BSR_BULK_IN_FULL is set. Will start the cmx_tick callout and
646 cmx_poll(struct cdev *cdev, int events, struct thread *td)
648 struct cmx_softc *sc = cdev->si_drv1;
652 if (sc == NULL || sc->dying)
655 bsr = cmx_read_BSR(sc);
656 DEBUG_printf(sc->dev, "called (events=%b BSR=%b)\n",
657 events, POLLBITS, bsr, BSRBITS);
659 revents = events & (POLLOUT | POLLWRNORM);
660 if (events & (POLLIN | POLLRDNORM)) {
661 if (cmx_test(bsr, BSR_BULK_IN_FULL, 1)) {
662 revents |= events & (POLLIN | POLLRDNORM);
664 selrecord(td, &sc->sel);
667 DEBUG_printf(sc->dev, "enabling polling\n");
669 callout_reset(&sc->ch, POLL_TICKS,
672 DEBUG_printf(sc->dev, "already polling\n");
678 DEBUG_printf(sc->dev, "success (revents=%b)\n", revents, POLLBITS);
685 * Interrupt handler. Currently has no function except to
686 * print register status (if debugging is also enabled).
691 struct cmx_softc *sc = (struct cmx_softc *)arg;
693 if (sc == NULL || sc->dying)
696 DEBUG_printf(sc->dev, "received interrupt (SCR=%b BSR=%b)\n",
697 cmx_read_SCR(sc), SCRBITS,
698 cmx_read_BSR(sc), BSRBITS);