linux/drivers/nfc/pn533.c
<<
>>
Prefs
   1/*
   2 * Copyright (C) 2011 Instituto Nokia de Tecnologia
   3 * Copyright (C) 2012-2013 Tieto Poland
   4 *
   5 * This program is free software; you can redistribute it and/or modify
   6 * it under the terms of the GNU General Public License as published by
   7 * the Free Software Foundation; either version 2 of the License, or
   8 * (at your option) any later version.
   9 *
  10 * This program is distributed in the hope that it will be useful,
  11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
  12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  13 * GNU General Public License for more details.
  14 *
  15 * You should have received a copy of the GNU General Public License
  16 * along with this program; if not, write to the
  17 * Free Software Foundation, Inc.,
  18 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
  19 */
  20
  21#include <linux/device.h>
  22#include <linux/kernel.h>
  23#include <linux/module.h>
  24#include <linux/slab.h>
  25#include <linux/usb.h>
  26#include <linux/nfc.h>
  27#include <linux/netdevice.h>
  28#include <net/nfc/nfc.h>
  29
  30#define VERSION "0.2"
  31
  32#define PN533_VENDOR_ID 0x4CC
  33#define PN533_PRODUCT_ID 0x2533
  34
  35#define SCM_VENDOR_ID 0x4E6
  36#define SCL3711_PRODUCT_ID 0x5591
  37
  38#define SONY_VENDOR_ID         0x054c
  39#define PASORI_PRODUCT_ID      0x02e1
  40
  41#define ACS_VENDOR_ID 0x072f
  42#define ACR122U_PRODUCT_ID 0x2200
  43
  44#define PN533_DEVICE_STD     0x1
  45#define PN533_DEVICE_PASORI  0x2
  46#define PN533_DEVICE_ACR122U 0x3
  47
  48#define PN533_ALL_PROTOCOLS (NFC_PROTO_JEWEL_MASK | NFC_PROTO_MIFARE_MASK |\
  49                             NFC_PROTO_FELICA_MASK | NFC_PROTO_ISO14443_MASK |\
  50                             NFC_PROTO_NFC_DEP_MASK |\
  51                             NFC_PROTO_ISO14443_B_MASK)
  52
  53#define PN533_NO_TYPE_B_PROTOCOLS (NFC_PROTO_JEWEL_MASK | \
  54                                   NFC_PROTO_MIFARE_MASK | \
  55                                   NFC_PROTO_FELICA_MASK | \
  56                                   NFC_PROTO_ISO14443_MASK | \
  57                                   NFC_PROTO_NFC_DEP_MASK)
  58
  59static const struct usb_device_id pn533_table[] = {
  60        { .match_flags          = USB_DEVICE_ID_MATCH_DEVICE,
  61          .idVendor             = PN533_VENDOR_ID,
  62          .idProduct            = PN533_PRODUCT_ID,
  63          .driver_info          = PN533_DEVICE_STD,
  64        },
  65        { .match_flags          = USB_DEVICE_ID_MATCH_DEVICE,
  66          .idVendor             = SCM_VENDOR_ID,
  67          .idProduct            = SCL3711_PRODUCT_ID,
  68          .driver_info          = PN533_DEVICE_STD,
  69        },
  70        { .match_flags          = USB_DEVICE_ID_MATCH_DEVICE,
  71          .idVendor             = SONY_VENDOR_ID,
  72          .idProduct            = PASORI_PRODUCT_ID,
  73          .driver_info          = PN533_DEVICE_PASORI,
  74        },
  75        { .match_flags          = USB_DEVICE_ID_MATCH_DEVICE,
  76          .idVendor             = ACS_VENDOR_ID,
  77          .idProduct            = ACR122U_PRODUCT_ID,
  78          .driver_info          = PN533_DEVICE_ACR122U,
  79        },
  80        { }
  81};
  82MODULE_DEVICE_TABLE(usb, pn533_table);
  83
  84/* How much time we spend listening for initiators */
  85#define PN533_LISTEN_TIME 2
  86
  87/* Standard pn533 frame definitions */
  88#define PN533_STD_FRAME_HEADER_LEN (sizeof(struct pn533_std_frame) \
  89                                        + 2) /* data[0] TFI, data[1] CC */
  90#define PN533_STD_FRAME_TAIL_LEN 2 /* data[len] DCS, data[len + 1] postamble*/
  91
  92/*
  93 * Max extended frame payload len, excluding TFI and CC
  94 * which are already in PN533_FRAME_HEADER_LEN.
  95 */
  96#define PN533_STD_FRAME_MAX_PAYLOAD_LEN 263
  97
  98#define PN533_STD_FRAME_ACK_SIZE 6 /* Preamble (1), SoPC (2), ACK Code (2),
  99                                  Postamble (1) */
 100#define PN533_STD_FRAME_CHECKSUM(f) (f->data[f->datalen])
 101#define PN533_STD_FRAME_POSTAMBLE(f) (f->data[f->datalen + 1])
 102
 103/* start of frame */
 104#define PN533_STD_FRAME_SOF 0x00FF
 105
 106/* standard frame identifier: in/out/error */
 107#define PN533_STD_FRAME_IDENTIFIER(f) (f->data[0]) /* TFI */
 108#define PN533_STD_FRAME_DIR_OUT 0xD4
 109#define PN533_STD_FRAME_DIR_IN 0xD5
 110
 111/* ACS ACR122 pn533 frame definitions */
 112#define PN533_ACR122_TX_FRAME_HEADER_LEN (sizeof(struct pn533_acr122_tx_frame) \
 113                                          + 2)
 114#define PN533_ACR122_TX_FRAME_TAIL_LEN 0
 115#define PN533_ACR122_RX_FRAME_HEADER_LEN (sizeof(struct pn533_acr122_rx_frame) \
 116                                          + 2)
 117#define PN533_ACR122_RX_FRAME_TAIL_LEN 2
 118#define PN533_ACR122_FRAME_MAX_PAYLOAD_LEN PN533_STD_FRAME_MAX_PAYLOAD_LEN
 119
 120/* CCID messages types */
 121#define PN533_ACR122_PC_TO_RDR_ICCPOWERON 0x62
 122#define PN533_ACR122_PC_TO_RDR_ESCAPE 0x6B
 123
 124#define PN533_ACR122_RDR_TO_PC_ESCAPE 0x83
 125
 126/* PN533 Commands */
 127#define PN533_STD_FRAME_CMD(f) (f->data[1])
 128
 129#define PN533_CMD_GET_FIRMWARE_VERSION 0x02
 130#define PN533_CMD_RF_CONFIGURATION 0x32
 131#define PN533_CMD_IN_DATA_EXCHANGE 0x40
 132#define PN533_CMD_IN_COMM_THRU     0x42
 133#define PN533_CMD_IN_LIST_PASSIVE_TARGET 0x4A
 134#define PN533_CMD_IN_ATR 0x50
 135#define PN533_CMD_IN_RELEASE 0x52
 136#define PN533_CMD_IN_JUMP_FOR_DEP 0x56
 137
 138#define PN533_CMD_TG_INIT_AS_TARGET 0x8c
 139#define PN533_CMD_TG_GET_DATA 0x86
 140#define PN533_CMD_TG_SET_DATA 0x8e
 141#define PN533_CMD_UNDEF 0xff
 142
 143#define PN533_CMD_RESPONSE(cmd) (cmd + 1)
 144
 145/* PN533 Return codes */
 146#define PN533_CMD_RET_MASK 0x3F
 147#define PN533_CMD_MI_MASK 0x40
 148#define PN533_CMD_RET_SUCCESS 0x00
 149
 150struct pn533;
 151
 152typedef int (*pn533_send_async_complete_t) (struct pn533 *dev, void *arg,
 153                                        struct sk_buff *resp);
 154
 155/* structs for pn533 commands */
 156
 157/* PN533_CMD_GET_FIRMWARE_VERSION */
 158struct pn533_fw_version {
 159        u8 ic;
 160        u8 ver;
 161        u8 rev;
 162        u8 support;
 163};
 164
 165/* PN533_CMD_RF_CONFIGURATION */
 166#define PN533_CFGITEM_RF_FIELD    0x01
 167#define PN533_CFGITEM_TIMING      0x02
 168#define PN533_CFGITEM_MAX_RETRIES 0x05
 169#define PN533_CFGITEM_PASORI      0x82
 170
 171#define PN533_CFGITEM_RF_FIELD_ON  0x1
 172#define PN533_CFGITEM_RF_FIELD_OFF 0x0
 173
 174#define PN533_CONFIG_TIMING_102 0xb
 175#define PN533_CONFIG_TIMING_204 0xc
 176#define PN533_CONFIG_TIMING_409 0xd
 177#define PN533_CONFIG_TIMING_819 0xe
 178
 179#define PN533_CONFIG_MAX_RETRIES_NO_RETRY 0x00
 180#define PN533_CONFIG_MAX_RETRIES_ENDLESS 0xFF
 181
 182struct pn533_config_max_retries {
 183        u8 mx_rty_atr;
 184        u8 mx_rty_psl;
 185        u8 mx_rty_passive_act;
 186} __packed;
 187
 188struct pn533_config_timing {
 189        u8 rfu;
 190        u8 atr_res_timeout;
 191        u8 dep_timeout;
 192} __packed;
 193
 194/* PN533_CMD_IN_LIST_PASSIVE_TARGET */
 195
 196/* felica commands opcode */
 197#define PN533_FELICA_OPC_SENSF_REQ 0
 198#define PN533_FELICA_OPC_SENSF_RES 1
 199/* felica SENSF_REQ parameters */
 200#define PN533_FELICA_SENSF_SC_ALL 0xFFFF
 201#define PN533_FELICA_SENSF_RC_NO_SYSTEM_CODE 0
 202#define PN533_FELICA_SENSF_RC_SYSTEM_CODE 1
 203#define PN533_FELICA_SENSF_RC_ADVANCED_PROTOCOL 2
 204
 205/* type B initiator_data values */
 206#define PN533_TYPE_B_AFI_ALL_FAMILIES 0
 207#define PN533_TYPE_B_POLL_METHOD_TIMESLOT 0
 208#define PN533_TYPE_B_POLL_METHOD_PROBABILISTIC 1
 209
 210union pn533_cmd_poll_initdata {
 211        struct {
 212                u8 afi;
 213                u8 polling_method;
 214        } __packed type_b;
 215        struct {
 216                u8 opcode;
 217                __be16 sc;
 218                u8 rc;
 219                u8 tsn;
 220        } __packed felica;
 221};
 222
 223/* Poll modulations */
 224enum {
 225        PN533_POLL_MOD_106KBPS_A,
 226        PN533_POLL_MOD_212KBPS_FELICA,
 227        PN533_POLL_MOD_424KBPS_FELICA,
 228        PN533_POLL_MOD_106KBPS_JEWEL,
 229        PN533_POLL_MOD_847KBPS_B,
 230        PN533_LISTEN_MOD,
 231
 232        __PN533_POLL_MOD_AFTER_LAST,
 233};
 234#define PN533_POLL_MOD_MAX (__PN533_POLL_MOD_AFTER_LAST - 1)
 235
 236struct pn533_poll_modulations {
 237        struct {
 238                u8 maxtg;
 239                u8 brty;
 240                union pn533_cmd_poll_initdata initiator_data;
 241        } __packed data;
 242        u8 len;
 243};
 244
 245static const struct pn533_poll_modulations poll_mod[] = {
 246        [PN533_POLL_MOD_106KBPS_A] = {
 247                .data = {
 248                        .maxtg = 1,
 249                        .brty = 0,
 250                },
 251                .len = 2,
 252        },
 253        [PN533_POLL_MOD_212KBPS_FELICA] = {
 254                .data = {
 255                        .maxtg = 1,
 256                        .brty = 1,
 257                        .initiator_data.felica = {
 258                                .opcode = PN533_FELICA_OPC_SENSF_REQ,
 259                                .sc = PN533_FELICA_SENSF_SC_ALL,
 260                                .rc = PN533_FELICA_SENSF_RC_NO_SYSTEM_CODE,
 261                                .tsn = 0,
 262                        },
 263                },
 264                .len = 7,
 265        },
 266        [PN533_POLL_MOD_424KBPS_FELICA] = {
 267                .data = {
 268                        .maxtg = 1,
 269                        .brty = 2,
 270                        .initiator_data.felica = {
 271                                .opcode = PN533_FELICA_OPC_SENSF_REQ,
 272                                .sc = PN533_FELICA_SENSF_SC_ALL,
 273                                .rc = PN533_FELICA_SENSF_RC_NO_SYSTEM_CODE,
 274                                .tsn = 0,
 275                        },
 276                 },
 277                .len = 7,
 278        },
 279        [PN533_POLL_MOD_106KBPS_JEWEL] = {
 280                .data = {
 281                        .maxtg = 1,
 282                        .brty = 4,
 283                },
 284                .len = 2,
 285        },
 286        [PN533_POLL_MOD_847KBPS_B] = {
 287                .data = {
 288                        .maxtg = 1,
 289                        .brty = 8,
 290                        .initiator_data.type_b = {
 291                                .afi = PN533_TYPE_B_AFI_ALL_FAMILIES,
 292                                .polling_method =
 293                                        PN533_TYPE_B_POLL_METHOD_TIMESLOT,
 294                        },
 295                },
 296                .len = 3,
 297        },
 298        [PN533_LISTEN_MOD] = {
 299                .len = 0,
 300        },
 301};
 302
 303/* PN533_CMD_IN_ATR */
 304
 305struct pn533_cmd_activate_response {
 306        u8 status;
 307        u8 nfcid3t[10];
 308        u8 didt;
 309        u8 bst;
 310        u8 brt;
 311        u8 to;
 312        u8 ppt;
 313        /* optional */
 314        u8 gt[];
 315} __packed;
 316
 317struct pn533_cmd_jump_dep_response {
 318        u8 status;
 319        u8 tg;
 320        u8 nfcid3t[10];
 321        u8 didt;
 322        u8 bst;
 323        u8 brt;
 324        u8 to;
 325        u8 ppt;
 326        /* optional */
 327        u8 gt[];
 328} __packed;
 329
 330
 331/* PN533_TG_INIT_AS_TARGET */
 332#define PN533_INIT_TARGET_PASSIVE 0x1
 333#define PN533_INIT_TARGET_DEP 0x2
 334
 335#define PN533_INIT_TARGET_RESP_FRAME_MASK 0x3
 336#define PN533_INIT_TARGET_RESP_ACTIVE     0x1
 337#define PN533_INIT_TARGET_RESP_DEP        0x4
 338
 339enum  pn533_protocol_type {
 340        PN533_PROTO_REQ_ACK_RESP = 0,
 341        PN533_PROTO_REQ_RESP
 342};
 343
 344struct pn533 {
 345        struct usb_device *udev;
 346        struct usb_interface *interface;
 347        struct nfc_dev *nfc_dev;
 348        u32 device_type;
 349        enum pn533_protocol_type protocol_type;
 350
 351        struct urb *out_urb;
 352        struct urb *in_urb;
 353
 354        struct sk_buff_head resp_q;
 355
 356        struct workqueue_struct *wq;
 357        struct work_struct cmd_work;
 358        struct work_struct cmd_complete_work;
 359        struct work_struct poll_work;
 360        struct work_struct mi_work;
 361        struct work_struct tg_work;
 362
 363        struct list_head cmd_queue;
 364        struct pn533_cmd *cmd;
 365        u8 cmd_pending;
 366        struct mutex cmd_lock;  /* protects cmd queue */
 367
 368        void *cmd_complete_mi_arg;
 369
 370        struct pn533_poll_modulations *poll_mod_active[PN533_POLL_MOD_MAX + 1];
 371        u8 poll_mod_count;
 372        u8 poll_mod_curr;
 373        u32 poll_protocols;
 374        u32 listen_protocols;
 375        struct timer_list listen_timer;
 376        int cancel_listen;
 377
 378        u8 *gb;
 379        size_t gb_len;
 380
 381        u8 tgt_available_prots;
 382        u8 tgt_active_prot;
 383        u8 tgt_mode;
 384
 385        struct pn533_frame_ops *ops;
 386};
 387
 388struct pn533_cmd {
 389        struct list_head queue;
 390        u8 code;
 391        int status;
 392        struct sk_buff *req;
 393        struct sk_buff *resp;
 394        int resp_len;
 395        pn533_send_async_complete_t  complete_cb;
 396        void *complete_cb_context;
 397};
 398
 399struct pn533_std_frame {
 400        u8 preamble;
 401        __be16 start_frame;
 402        u8 datalen;
 403        u8 datalen_checksum;
 404        u8 data[];
 405} __packed;
 406
 407struct pn533_frame_ops {
 408        void (*tx_frame_init)(void *frame, u8 cmd_code);
 409        void (*tx_frame_finish)(void *frame);
 410        void (*tx_update_payload_len)(void *frame, int len);
 411        int tx_header_len;
 412        int tx_tail_len;
 413
 414        bool (*rx_is_frame_valid)(void *frame);
 415        int (*rx_frame_size)(void *frame);
 416        int rx_header_len;
 417        int rx_tail_len;
 418
 419        int max_payload_len;
 420        u8 (*get_cmd_code)(void *frame);
 421};
 422
 423struct pn533_acr122_ccid_hdr {
 424        u8 type;
 425        u32 datalen;
 426        u8 slot;
 427        u8 seq;
 428        u8 params[3]; /* 3 msg specific bytes or status, error and 1 specific
 429                         byte for reposnse msg */
 430        u8 data[]; /* payload */
 431} __packed;
 432
 433struct pn533_acr122_apdu_hdr {
 434        u8 class;
 435        u8 ins;
 436        u8 p1;
 437        u8 p2;
 438} __packed;
 439
 440struct pn533_acr122_tx_frame {
 441        struct pn533_acr122_ccid_hdr ccid;
 442        struct pn533_acr122_apdu_hdr apdu;
 443        u8 datalen;
 444        u8 data[]; /* pn533 frame: TFI ... */
 445} __packed;
 446
 447struct pn533_acr122_rx_frame {
 448        struct pn533_acr122_ccid_hdr ccid;
 449        u8 data[]; /* pn533 frame : TFI ... */
 450} __packed;
 451
 452static void pn533_acr122_tx_frame_init(void *_frame, u8 cmd_code)
 453{
 454        struct pn533_acr122_tx_frame *frame = _frame;
 455
 456        frame->ccid.type = PN533_ACR122_PC_TO_RDR_ESCAPE;
 457        frame->ccid.datalen = sizeof(frame->apdu) + 1; /* sizeof(apdu_hdr) +
 458                                                          sizeof(datalen) */
 459        frame->ccid.slot = 0;
 460        frame->ccid.seq = 0;
 461        frame->ccid.params[0] = 0;
 462        frame->ccid.params[1] = 0;
 463        frame->ccid.params[2] = 0;
 464
 465        frame->data[0] = PN533_STD_FRAME_DIR_OUT;
 466        frame->data[1] = cmd_code;
 467        frame->datalen = 2;  /* data[0] + data[1] */
 468
 469        frame->apdu.class = 0xFF;
 470        frame->apdu.ins = 0;
 471        frame->apdu.p1 = 0;
 472        frame->apdu.p2 = 0;
 473}
 474
 475static void pn533_acr122_tx_frame_finish(void *_frame)
 476{
 477        struct pn533_acr122_tx_frame *frame = _frame;
 478
 479        frame->ccid.datalen += frame->datalen;
 480}
 481
 482static void pn533_acr122_tx_update_payload_len(void *_frame, int len)
 483{
 484        struct pn533_acr122_tx_frame *frame = _frame;
 485
 486        frame->datalen += len;
 487}
 488
 489static bool pn533_acr122_is_rx_frame_valid(void *_frame)
 490{
 491        struct pn533_acr122_rx_frame *frame = _frame;
 492
 493        if (frame->ccid.type != 0x83)
 494                return false;
 495
 496        if (frame->data[frame->ccid.datalen - 2] == 0x63)
 497                return false;
 498
 499        return true;
 500}
 501
 502static int pn533_acr122_rx_frame_size(void *frame)
 503{
 504        struct pn533_acr122_rx_frame *f = frame;
 505
 506        /* f->ccid.datalen already includes tail length */
 507        return sizeof(struct pn533_acr122_rx_frame) + f->ccid.datalen;
 508}
 509
 510static u8 pn533_acr122_get_cmd_code(void *frame)
 511{
 512        struct pn533_acr122_rx_frame *f = frame;
 513
 514        return PN533_STD_FRAME_CMD(f);
 515}
 516
 517static struct pn533_frame_ops pn533_acr122_frame_ops = {
 518        .tx_frame_init = pn533_acr122_tx_frame_init,
 519        .tx_frame_finish = pn533_acr122_tx_frame_finish,
 520        .tx_update_payload_len = pn533_acr122_tx_update_payload_len,
 521        .tx_header_len = PN533_ACR122_TX_FRAME_HEADER_LEN,
 522        .tx_tail_len = PN533_ACR122_TX_FRAME_TAIL_LEN,
 523
 524        .rx_is_frame_valid = pn533_acr122_is_rx_frame_valid,
 525        .rx_header_len = PN533_ACR122_RX_FRAME_HEADER_LEN,
 526        .rx_tail_len = PN533_ACR122_RX_FRAME_TAIL_LEN,
 527        .rx_frame_size = pn533_acr122_rx_frame_size,
 528
 529        .max_payload_len = PN533_ACR122_FRAME_MAX_PAYLOAD_LEN,
 530        .get_cmd_code = pn533_acr122_get_cmd_code,
 531};
 532
 533/* The rule: value + checksum = 0 */
 534static inline u8 pn533_std_checksum(u8 value)
 535{
 536        return ~value + 1;
 537}
 538
 539/* The rule: sum(data elements) + checksum = 0 */
 540static u8 pn533_std_data_checksum(u8 *data, int datalen)
 541{
 542        u8 sum = 0;
 543        int i;
 544
 545        for (i = 0; i < datalen; i++)
 546                sum += data[i];
 547
 548        return pn533_std_checksum(sum);
 549}
 550
 551static void pn533_std_tx_frame_init(void *_frame, u8 cmd_code)
 552{
 553        struct pn533_std_frame *frame = _frame;
 554
 555        frame->preamble = 0;
 556        frame->start_frame = cpu_to_be16(PN533_STD_FRAME_SOF);
 557        PN533_STD_FRAME_IDENTIFIER(frame) = PN533_STD_FRAME_DIR_OUT;
 558        PN533_STD_FRAME_CMD(frame) = cmd_code;
 559        frame->datalen = 2;
 560}
 561
 562static void pn533_std_tx_frame_finish(void *_frame)
 563{
 564        struct pn533_std_frame *frame = _frame;
 565
 566        frame->datalen_checksum = pn533_std_checksum(frame->datalen);
 567
 568        PN533_STD_FRAME_CHECKSUM(frame) =
 569                pn533_std_data_checksum(frame->data, frame->datalen);
 570
 571        PN533_STD_FRAME_POSTAMBLE(frame) = 0;
 572}
 573
 574static void pn533_std_tx_update_payload_len(void *_frame, int len)
 575{
 576        struct pn533_std_frame *frame = _frame;
 577
 578        frame->datalen += len;
 579}
 580
 581static bool pn533_std_rx_frame_is_valid(void *_frame)
 582{
 583        u8 checksum;
 584        struct pn533_std_frame *frame = _frame;
 585
 586        if (frame->start_frame != cpu_to_be16(PN533_STD_FRAME_SOF))
 587                return false;
 588
 589        checksum = pn533_std_checksum(frame->datalen);
 590        if (checksum != frame->datalen_checksum)
 591                return false;
 592
 593        checksum = pn533_std_data_checksum(frame->data, frame->datalen);
 594        if (checksum != PN533_STD_FRAME_CHECKSUM(frame))
 595                return false;
 596
 597        return true;
 598}
 599
 600static bool pn533_std_rx_frame_is_ack(struct pn533_std_frame *frame)
 601{
 602        if (frame->start_frame != cpu_to_be16(PN533_STD_FRAME_SOF))
 603                return false;
 604
 605        if (frame->datalen != 0 || frame->datalen_checksum != 0xFF)
 606                return false;
 607
 608        return true;
 609}
 610
 611static inline int pn533_std_rx_frame_size(void *frame)
 612{
 613        struct pn533_std_frame *f = frame;
 614
 615        return sizeof(struct pn533_std_frame) + f->datalen +
 616               PN533_STD_FRAME_TAIL_LEN;
 617}
 618
 619static u8 pn533_std_get_cmd_code(void *frame)
 620{
 621        struct pn533_std_frame *f = frame;
 622
 623        return PN533_STD_FRAME_CMD(f);
 624}
 625
 626static struct pn533_frame_ops pn533_std_frame_ops = {
 627        .tx_frame_init = pn533_std_tx_frame_init,
 628        .tx_frame_finish = pn533_std_tx_frame_finish,
 629        .tx_update_payload_len = pn533_std_tx_update_payload_len,
 630        .tx_header_len = PN533_STD_FRAME_HEADER_LEN,
 631        .tx_tail_len = PN533_STD_FRAME_TAIL_LEN,
 632
 633        .rx_is_frame_valid = pn533_std_rx_frame_is_valid,
 634        .rx_frame_size = pn533_std_rx_frame_size,
 635        .rx_header_len = PN533_STD_FRAME_HEADER_LEN,
 636        .rx_tail_len = PN533_STD_FRAME_TAIL_LEN,
 637
 638        .max_payload_len =  PN533_STD_FRAME_MAX_PAYLOAD_LEN,
 639        .get_cmd_code = pn533_std_get_cmd_code,
 640};
 641
 642static bool pn533_rx_frame_is_cmd_response(struct pn533 *dev, void *frame)
 643{
 644        return (dev->ops->get_cmd_code(frame) ==
 645                                PN533_CMD_RESPONSE(dev->cmd->code));
 646}
 647
 648static void pn533_recv_response(struct urb *urb)
 649{
 650        struct pn533 *dev = urb->context;
 651        struct pn533_cmd *cmd = dev->cmd;
 652        u8 *in_frame;
 653
 654        cmd->status = urb->status;
 655
 656        switch (urb->status) {
 657        case 0:
 658                break; /* success */
 659        case -ECONNRESET:
 660        case -ENOENT:
 661                nfc_dev_dbg(&dev->interface->dev,
 662                            "The urb has been canceled (status %d)",
 663                            urb->status);
 664                goto sched_wq;
 665        case -ESHUTDOWN:
 666        default:
 667                nfc_dev_err(&dev->interface->dev,
 668                            "Urb failure (status %d)", urb->status);
 669                goto sched_wq;
 670        }
 671
 672        in_frame = dev->in_urb->transfer_buffer;
 673
 674        nfc_dev_dbg(&dev->interface->dev, "Received a frame.");
 675        print_hex_dump_debug("PN533 RX: ", DUMP_PREFIX_NONE, 16, 1, in_frame,
 676                             dev->ops->rx_frame_size(in_frame), false);
 677
 678        if (!dev->ops->rx_is_frame_valid(in_frame)) {
 679                nfc_dev_err(&dev->interface->dev, "Received an invalid frame");
 680                cmd->status = -EIO;
 681                goto sched_wq;
 682        }
 683
 684        if (!pn533_rx_frame_is_cmd_response(dev, in_frame)) {
 685                nfc_dev_err(&dev->interface->dev,
 686                            "It it not the response to the last command");
 687                cmd->status = -EIO;
 688                goto sched_wq;
 689        }
 690
 691sched_wq:
 692        queue_work(dev->wq, &dev->cmd_complete_work);
 693}
 694
 695static int pn533_submit_urb_for_response(struct pn533 *dev, gfp_t flags)
 696{
 697        dev->in_urb->complete = pn533_recv_response;
 698
 699        return usb_submit_urb(dev->in_urb, flags);
 700}
 701
 702static void pn533_recv_ack(struct urb *urb)
 703{
 704        struct pn533 *dev = urb->context;
 705        struct pn533_cmd *cmd = dev->cmd;
 706        struct pn533_std_frame *in_frame;
 707        int rc;
 708
 709        cmd->status = urb->status;
 710
 711        switch (urb->status) {
 712        case 0:
 713                break; /* success */
 714        case -ECONNRESET:
 715        case -ENOENT:
 716                nfc_dev_dbg(&dev->interface->dev,
 717                            "The urb has been stopped (status %d)",
 718                            urb->status);
 719                goto sched_wq;
 720        case -ESHUTDOWN:
 721        default:
 722                nfc_dev_err(&dev->interface->dev,
 723                            "Urb failure (status %d)", urb->status);
 724                goto sched_wq;
 725        }
 726
 727        in_frame = dev->in_urb->transfer_buffer;
 728
 729        if (!pn533_std_rx_frame_is_ack(in_frame)) {
 730                nfc_dev_err(&dev->interface->dev, "Received an invalid ack");
 731                cmd->status = -EIO;
 732                goto sched_wq;
 733        }
 734
 735        rc = pn533_submit_urb_for_response(dev, GFP_ATOMIC);
 736        if (rc) {
 737                nfc_dev_err(&dev->interface->dev,
 738                            "usb_submit_urb failed with result %d", rc);
 739                cmd->status = rc;
 740                goto sched_wq;
 741        }
 742
 743        return;
 744
 745sched_wq:
 746        queue_work(dev->wq, &dev->cmd_complete_work);
 747}
 748
 749static int pn533_submit_urb_for_ack(struct pn533 *dev, gfp_t flags)
 750{
 751        dev->in_urb->complete = pn533_recv_ack;
 752
 753        return usb_submit_urb(dev->in_urb, flags);
 754}
 755
 756static int pn533_send_ack(struct pn533 *dev, gfp_t flags)
 757{
 758        u8 ack[PN533_STD_FRAME_ACK_SIZE] = {0x00, 0x00, 0xff, 0x00, 0xff, 0x00};
 759        /* spec 7.1.1.3:  Preamble, SoPC (2), ACK Code (2), Postamble */
 760        int rc;
 761
 762        nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
 763
 764        dev->out_urb->transfer_buffer = ack;
 765        dev->out_urb->transfer_buffer_length = sizeof(ack);
 766        rc = usb_submit_urb(dev->out_urb, flags);
 767
 768        return rc;
 769}
 770
 771static int __pn533_send_frame_async(struct pn533 *dev,
 772                                        struct sk_buff *out,
 773                                        struct sk_buff *in,
 774                                        int in_len)
 775{
 776        int rc;
 777
 778        dev->out_urb->transfer_buffer = out->data;
 779        dev->out_urb->transfer_buffer_length = out->len;
 780
 781        dev->in_urb->transfer_buffer = in->data;
 782        dev->in_urb->transfer_buffer_length = in_len;
 783
 784        print_hex_dump_debug("PN533 TX: ", DUMP_PREFIX_NONE, 16, 1,
 785                             out->data, out->len, false);
 786
 787        rc = usb_submit_urb(dev->out_urb, GFP_KERNEL);
 788        if (rc)
 789                return rc;
 790
 791        if (dev->protocol_type == PN533_PROTO_REQ_RESP) {
 792                /* request for response for sent packet directly */
 793                rc = pn533_submit_urb_for_response(dev, GFP_ATOMIC);
 794                if (rc)
 795                        goto error;
 796        } else if (dev->protocol_type == PN533_PROTO_REQ_ACK_RESP) {
 797                /* request for ACK if that's the case */
 798                rc = pn533_submit_urb_for_ack(dev, GFP_KERNEL);
 799                if (rc)
 800                        goto error;
 801        }
 802
 803        return 0;
 804
 805error:
 806        usb_unlink_urb(dev->out_urb);
 807        return rc;
 808}
 809
 810static void pn533_build_cmd_frame(struct pn533 *dev, u8 cmd_code,
 811                                  struct sk_buff *skb)
 812{
 813        /* payload is already there, just update datalen */
 814        int payload_len = skb->len;
 815        struct pn533_frame_ops *ops = dev->ops;
 816
 817
 818        skb_push(skb, ops->tx_header_len);
 819        skb_put(skb, ops->tx_tail_len);
 820
 821        ops->tx_frame_init(skb->data, cmd_code);
 822        ops->tx_update_payload_len(skb->data, payload_len);
 823        ops->tx_frame_finish(skb->data);
 824}
 825
 826static int pn533_send_async_complete(struct pn533 *dev)
 827{
 828        struct pn533_cmd *cmd = dev->cmd;
 829        int status = cmd->status;
 830
 831        struct sk_buff *req = cmd->req;
 832        struct sk_buff *resp = cmd->resp;
 833
 834        int rc;
 835
 836        dev_kfree_skb(req);
 837
 838        if (status < 0) {
 839                rc = cmd->complete_cb(dev, cmd->complete_cb_context,
 840                                      ERR_PTR(status));
 841                dev_kfree_skb(resp);
 842                goto done;
 843        }
 844
 845        skb_put(resp, dev->ops->rx_frame_size(resp->data));
 846        skb_pull(resp, dev->ops->rx_header_len);
 847        skb_trim(resp, resp->len - dev->ops->rx_tail_len);
 848
 849        rc = cmd->complete_cb(dev, cmd->complete_cb_context, resp);
 850
 851done:
 852        kfree(cmd);
 853        dev->cmd = NULL;
 854        return rc;
 855}
 856
 857static int __pn533_send_async(struct pn533 *dev, u8 cmd_code,
 858                              struct sk_buff *req, struct sk_buff *resp,
 859                              int resp_len,
 860                              pn533_send_async_complete_t complete_cb,
 861                              void *complete_cb_context)
 862{
 863        struct pn533_cmd *cmd;
 864        int rc = 0;
 865
 866        nfc_dev_dbg(&dev->interface->dev, "Sending command 0x%x", cmd_code);
 867
 868        cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
 869        if (!cmd)
 870                return -ENOMEM;
 871
 872        cmd->code = cmd_code;
 873        cmd->req = req;
 874        cmd->resp = resp;
 875        cmd->resp_len = resp_len;
 876        cmd->complete_cb = complete_cb;
 877        cmd->complete_cb_context = complete_cb_context;
 878
 879        pn533_build_cmd_frame(dev, cmd_code, req);
 880
 881        mutex_lock(&dev->cmd_lock);
 882
 883        if (!dev->cmd_pending) {
 884                rc = __pn533_send_frame_async(dev, req, resp, resp_len);
 885                if (rc)
 886                        goto error;
 887
 888                dev->cmd_pending = 1;
 889                dev->cmd = cmd;
 890                goto unlock;
 891        }
 892
 893        nfc_dev_dbg(&dev->interface->dev, "%s Queueing command 0x%x", __func__,
 894                    cmd_code);
 895
 896        INIT_LIST_HEAD(&cmd->queue);
 897        list_add_tail(&cmd->queue, &dev->cmd_queue);
 898
 899        goto unlock;
 900
 901error:
 902        kfree(cmd);
 903unlock:
 904        mutex_unlock(&dev->cmd_lock);
 905        return rc;
 906}
 907
 908static int pn533_send_data_async(struct pn533 *dev, u8 cmd_code,
 909                                 struct sk_buff *req,
 910                                 pn533_send_async_complete_t complete_cb,
 911                                 void *complete_cb_context)
 912{
 913        struct sk_buff *resp;
 914        int rc;
 915        int  resp_len = dev->ops->rx_header_len +
 916                        dev->ops->max_payload_len +
 917                        dev->ops->rx_tail_len;
 918
 919        resp = nfc_alloc_recv_skb(resp_len, GFP_KERNEL);
 920        if (!resp)
 921                return -ENOMEM;
 922
 923        rc = __pn533_send_async(dev, cmd_code, req, resp, resp_len, complete_cb,
 924                                complete_cb_context);
 925        if (rc)
 926                dev_kfree_skb(resp);
 927
 928        return rc;
 929}
 930
 931static int pn533_send_cmd_async(struct pn533 *dev, u8 cmd_code,
 932                                struct sk_buff *req,
 933                                pn533_send_async_complete_t complete_cb,
 934                                void *complete_cb_context)
 935{
 936        struct sk_buff *resp;
 937        int rc;
 938        int  resp_len = dev->ops->rx_header_len +
 939                        dev->ops->max_payload_len +
 940                        dev->ops->rx_tail_len;
 941
 942        resp = alloc_skb(resp_len, GFP_KERNEL);
 943        if (!resp)
 944                return -ENOMEM;
 945
 946        rc = __pn533_send_async(dev, cmd_code, req, resp, resp_len, complete_cb,
 947                                complete_cb_context);
 948        if (rc)
 949                dev_kfree_skb(resp);
 950
 951        return rc;
 952}
 953
 954/*
 955 * pn533_send_cmd_direct_async
 956 *
 957 * The function sends a piority cmd directly to the chip omiting the cmd
 958 * queue. It's intended to be used by chaining mechanism of received responses
 959 * where the host has to request every single chunk of data before scheduling
 960 * next cmd from the queue.
 961 */
 962static int pn533_send_cmd_direct_async(struct pn533 *dev, u8 cmd_code,
 963                                       struct sk_buff *req,
 964                                       pn533_send_async_complete_t complete_cb,
 965                                       void *complete_cb_context)
 966{
 967        struct sk_buff *resp;
 968        struct pn533_cmd *cmd;
 969        int rc;
 970        int resp_len = dev->ops->rx_header_len +
 971                       dev->ops->max_payload_len +
 972                       dev->ops->rx_tail_len;
 973
 974        resp = alloc_skb(resp_len, GFP_KERNEL);
 975        if (!resp)
 976                return -ENOMEM;
 977
 978        cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
 979        if (!cmd) {
 980                dev_kfree_skb(resp);
 981                return -ENOMEM;
 982        }
 983
 984        cmd->code = cmd_code;
 985        cmd->req = req;
 986        cmd->resp = resp;
 987        cmd->resp_len = resp_len;
 988        cmd->complete_cb = complete_cb;
 989        cmd->complete_cb_context = complete_cb_context;
 990
 991        pn533_build_cmd_frame(dev, cmd_code, req);
 992
 993        rc = __pn533_send_frame_async(dev, req, resp, resp_len);
 994        if (rc < 0) {
 995                dev_kfree_skb(resp);
 996                kfree(cmd);
 997        } else {
 998                dev->cmd = cmd;
 999        }
1000
1001        return rc;
1002}
1003
1004static void pn533_wq_cmd_complete(struct work_struct *work)
1005{
1006        struct pn533 *dev = container_of(work, struct pn533, cmd_complete_work);
1007        int rc;
1008
1009        rc = pn533_send_async_complete(dev);
1010        if (rc != -EINPROGRESS)
1011                queue_work(dev->wq, &dev->cmd_work);
1012}
1013
1014static void pn533_wq_cmd(struct work_struct *work)
1015{
1016        struct pn533 *dev = container_of(work, struct pn533, cmd_work);
1017        struct pn533_cmd *cmd;
1018        int rc;
1019
1020        mutex_lock(&dev->cmd_lock);
1021
1022        if (list_empty(&dev->cmd_queue)) {
1023                dev->cmd_pending = 0;
1024                mutex_unlock(&dev->cmd_lock);
1025                return;
1026        }
1027
1028        cmd = list_first_entry(&dev->cmd_queue, struct pn533_cmd, queue);
1029
1030        list_del(&cmd->queue);
1031
1032        mutex_unlock(&dev->cmd_lock);
1033
1034        rc = __pn533_send_frame_async(dev, cmd->req, cmd->resp, cmd->resp_len);
1035        if (rc < 0) {
1036                dev_kfree_skb(cmd->req);
1037                dev_kfree_skb(cmd->resp);
1038                kfree(cmd);
1039                return;
1040        }
1041
1042        dev->cmd = cmd;
1043}
1044
1045struct pn533_sync_cmd_response {
1046        struct sk_buff *resp;
1047        struct completion done;
1048};
1049
1050static int pn533_send_sync_complete(struct pn533 *dev, void *_arg,
1051                                    struct sk_buff *resp)
1052{
1053        struct pn533_sync_cmd_response *arg = _arg;
1054
1055        arg->resp = resp;
1056        complete(&arg->done);
1057
1058        return 0;
1059}
1060
1061/*  pn533_send_cmd_sync
1062 *
1063 *  Please note the req parameter is freed inside the function to
1064 *  limit a number of return value interpretations by the caller.
1065 *
1066 *  1. negative in case of error during TX path -> req should be freed
1067 *
1068 *  2. negative in case of error during RX path -> req should not be freed
1069 *     as it's been already freed at the begining of RX path by
1070 *     async_complete_cb.
1071 *
1072 *  3. valid pointer in case of succesfult RX path
1073 *
1074 *  A caller has to check a return value with IS_ERR macro. If the test pass,
1075 *  the returned pointer is valid.
1076 *
1077 * */
1078static struct sk_buff *pn533_send_cmd_sync(struct pn533 *dev, u8 cmd_code,
1079                                               struct sk_buff *req)
1080{
1081        int rc;
1082        struct pn533_sync_cmd_response arg;
1083
1084        init_completion(&arg.done);
1085
1086        rc = pn533_send_cmd_async(dev, cmd_code, req,
1087                                  pn533_send_sync_complete, &arg);
1088        if (rc) {
1089                dev_kfree_skb(req);
1090                return ERR_PTR(rc);
1091        }
1092
1093        wait_for_completion(&arg.done);
1094
1095        return arg.resp;
1096}
1097
1098static void pn533_send_complete(struct urb *urb)
1099{
1100        struct pn533 *dev = urb->context;
1101
1102        switch (urb->status) {
1103        case 0:
1104                break; /* success */
1105        case -ECONNRESET:
1106        case -ENOENT:
1107                nfc_dev_dbg(&dev->interface->dev,
1108                            "The urb has been stopped (status %d)",
1109                            urb->status);
1110                break;
1111        case -ESHUTDOWN:
1112        default:
1113                nfc_dev_err(&dev->interface->dev,
1114                            "Urb failure (status %d)", urb->status);
1115        }
1116}
1117
1118static void pn533_abort_cmd(struct pn533 *dev, gfp_t flags)
1119{
1120        /* ACR122U does not support any command which aborts last
1121         * issued command i.e. as ACK for standard PN533. Additionally,
1122         * it behaves stange, sending broken or incorrect responses,
1123         * when we cancel urb before the chip will send response.
1124         */
1125        if (dev->device_type == PN533_DEVICE_ACR122U)
1126                return;
1127
1128        /* An ack will cancel the last issued command */
1129        pn533_send_ack(dev, flags);
1130
1131        /* cancel the urb request */
1132        usb_kill_urb(dev->in_urb);
1133}
1134
1135static struct sk_buff *pn533_alloc_skb(struct pn533 *dev, unsigned int size)
1136{
1137        struct sk_buff *skb;
1138
1139        skb = alloc_skb(dev->ops->tx_header_len +
1140                        size +
1141                        dev->ops->tx_tail_len, GFP_KERNEL);
1142
1143        if (skb)
1144                skb_reserve(skb, dev->ops->tx_header_len);
1145
1146        return skb;
1147}
1148
1149struct pn533_target_type_a {
1150        __be16 sens_res;
1151        u8 sel_res;
1152        u8 nfcid_len;
1153        u8 nfcid_data[];
1154} __packed;
1155
1156
1157#define PN533_TYPE_A_SENS_RES_NFCID1(x) ((u8)((be16_to_cpu(x) & 0x00C0) >> 6))
1158#define PN533_TYPE_A_SENS_RES_SSD(x) ((u8)((be16_to_cpu(x) & 0x001F) >> 0))
1159#define PN533_TYPE_A_SENS_RES_PLATCONF(x) ((u8)((be16_to_cpu(x) & 0x0F00) >> 8))
1160
1161#define PN533_TYPE_A_SENS_RES_SSD_JEWEL 0x00
1162#define PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL 0x0C
1163
1164#define PN533_TYPE_A_SEL_PROT(x) (((x) & 0x60) >> 5)
1165#define PN533_TYPE_A_SEL_CASCADE(x) (((x) & 0x04) >> 2)
1166
1167#define PN533_TYPE_A_SEL_PROT_MIFARE 0
1168#define PN533_TYPE_A_SEL_PROT_ISO14443 1
1169#define PN533_TYPE_A_SEL_PROT_DEP 2
1170#define PN533_TYPE_A_SEL_PROT_ISO14443_DEP 3
1171
1172static bool pn533_target_type_a_is_valid(struct pn533_target_type_a *type_a,
1173                                                        int target_data_len)
1174{
1175        u8 ssd;
1176        u8 platconf;
1177
1178        if (target_data_len < sizeof(struct pn533_target_type_a))
1179                return false;
1180
1181        /* The lenght check of nfcid[] and ats[] are not being performed because
1182           the values are not being used */
1183
1184        /* Requirement 4.6.3.3 from NFC Forum Digital Spec */
1185        ssd = PN533_TYPE_A_SENS_RES_SSD(type_a->sens_res);
1186        platconf = PN533_TYPE_A_SENS_RES_PLATCONF(type_a->sens_res);
1187
1188        if ((ssd == PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
1189             platconf != PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL) ||
1190            (ssd != PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
1191             platconf == PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL))
1192                return false;
1193
1194        /* Requirements 4.8.2.1, 4.8.2.3, 4.8.2.5 and 4.8.2.7 from NFC Forum */
1195        if (PN533_TYPE_A_SEL_CASCADE(type_a->sel_res) != 0)
1196                return false;
1197
1198        return true;
1199}
1200
1201static int pn533_target_found_type_a(struct nfc_target *nfc_tgt, u8 *tgt_data,
1202                                                        int tgt_data_len)
1203{
1204        struct pn533_target_type_a *tgt_type_a;
1205
1206        tgt_type_a = (struct pn533_target_type_a *)tgt_data;
1207
1208        if (!pn533_target_type_a_is_valid(tgt_type_a, tgt_data_len))
1209                return -EPROTO;
1210
1211        switch (PN533_TYPE_A_SEL_PROT(tgt_type_a->sel_res)) {
1212        case PN533_TYPE_A_SEL_PROT_MIFARE:
1213                nfc_tgt->supported_protocols = NFC_PROTO_MIFARE_MASK;
1214                break;
1215        case PN533_TYPE_A_SEL_PROT_ISO14443:
1216                nfc_tgt->supported_protocols = NFC_PROTO_ISO14443_MASK;
1217                break;
1218        case PN533_TYPE_A_SEL_PROT_DEP:
1219                nfc_tgt->supported_protocols = NFC_PROTO_NFC_DEP_MASK;
1220                break;
1221        case PN533_TYPE_A_SEL_PROT_ISO14443_DEP:
1222                nfc_tgt->supported_protocols = NFC_PROTO_ISO14443_MASK |
1223                                                        NFC_PROTO_NFC_DEP_MASK;
1224                break;
1225        }
1226
1227        nfc_tgt->sens_res = be16_to_cpu(tgt_type_a->sens_res);
1228        nfc_tgt->sel_res = tgt_type_a->sel_res;
1229        nfc_tgt->nfcid1_len = tgt_type_a->nfcid_len;
1230        memcpy(nfc_tgt->nfcid1, tgt_type_a->nfcid_data, nfc_tgt->nfcid1_len);
1231
1232        return 0;
1233}
1234
1235struct pn533_target_felica {
1236        u8 pol_res;
1237        u8 opcode;
1238        u8 nfcid2[8];
1239        u8 pad[8];
1240        /* optional */
1241        u8 syst_code[];
1242} __packed;
1243
1244#define PN533_FELICA_SENSF_NFCID2_DEP_B1 0x01
1245#define PN533_FELICA_SENSF_NFCID2_DEP_B2 0xFE
1246
1247static bool pn533_target_felica_is_valid(struct pn533_target_felica *felica,
1248                                                        int target_data_len)
1249{
1250        if (target_data_len < sizeof(struct pn533_target_felica))
1251                return false;
1252
1253        if (felica->opcode != PN533_FELICA_OPC_SENSF_RES)
1254                return false;
1255
1256        return true;
1257}
1258
1259static int pn533_target_found_felica(struct nfc_target *nfc_tgt, u8 *tgt_data,
1260                                                        int tgt_data_len)
1261{
1262        struct pn533_target_felica *tgt_felica;
1263
1264        tgt_felica = (struct pn533_target_felica *)tgt_data;
1265
1266        if (!pn533_target_felica_is_valid(tgt_felica, tgt_data_len))
1267                return -EPROTO;
1268
1269        if ((tgt_felica->nfcid2[0] == PN533_FELICA_SENSF_NFCID2_DEP_B1) &&
1270            (tgt_felica->nfcid2[1] == PN533_FELICA_SENSF_NFCID2_DEP_B2))
1271                nfc_tgt->supported_protocols = NFC_PROTO_NFC_DEP_MASK;
1272        else
1273                nfc_tgt->supported_protocols = NFC_PROTO_FELICA_MASK;
1274
1275        memcpy(nfc_tgt->sensf_res, &tgt_felica->opcode, 9);
1276        nfc_tgt->sensf_res_len = 9;
1277
1278        return 0;
1279}
1280
1281struct pn533_target_jewel {
1282        __be16 sens_res;
1283        u8 jewelid[4];
1284} __packed;
1285
1286static bool pn533_target_jewel_is_valid(struct pn533_target_jewel *jewel,
1287                                                        int target_data_len)
1288{
1289        u8 ssd;
1290        u8 platconf;
1291
1292        if (target_data_len < sizeof(struct pn533_target_jewel))
1293                return false;
1294
1295        /* Requirement 4.6.3.3 from NFC Forum Digital Spec */
1296        ssd = PN533_TYPE_A_SENS_RES_SSD(jewel->sens_res);
1297        platconf = PN533_TYPE_A_SENS_RES_PLATCONF(jewel->sens_res);
1298
1299        if ((ssd == PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
1300             platconf != PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL) ||
1301            (ssd != PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
1302             platconf == PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL))
1303                return false;
1304
1305        return true;
1306}
1307
1308static int pn533_target_found_jewel(struct nfc_target *nfc_tgt, u8 *tgt_data,
1309                                                        int tgt_data_len)
1310{
1311        struct pn533_target_jewel *tgt_jewel;
1312
1313        tgt_jewel = (struct pn533_target_jewel *)tgt_data;
1314
1315        if (!pn533_target_jewel_is_valid(tgt_jewel, tgt_data_len))
1316                return -EPROTO;
1317
1318        nfc_tgt->supported_protocols = NFC_PROTO_JEWEL_MASK;
1319        nfc_tgt->sens_res = be16_to_cpu(tgt_jewel->sens_res);
1320        nfc_tgt->nfcid1_len = 4;
1321        memcpy(nfc_tgt->nfcid1, tgt_jewel->jewelid, nfc_tgt->nfcid1_len);
1322
1323        return 0;
1324}
1325
1326struct pn533_type_b_prot_info {
1327        u8 bitrate;
1328        u8 fsci_type;
1329        u8 fwi_adc_fo;
1330} __packed;
1331
1332#define PN533_TYPE_B_PROT_FCSI(x) (((x) & 0xF0) >> 4)
1333#define PN533_TYPE_B_PROT_TYPE(x) (((x) & 0x0F) >> 0)
1334#define PN533_TYPE_B_PROT_TYPE_RFU_MASK 0x8
1335
1336struct pn533_type_b_sens_res {
1337        u8 opcode;
1338        u8 nfcid[4];
1339        u8 appdata[4];
1340        struct pn533_type_b_prot_info prot_info;
1341} __packed;
1342
1343#define PN533_TYPE_B_OPC_SENSB_RES 0x50
1344
1345struct pn533_target_type_b {
1346        struct pn533_type_b_sens_res sensb_res;
1347        u8 attrib_res_len;
1348        u8 attrib_res[];
1349} __packed;
1350
1351static bool pn533_target_type_b_is_valid(struct pn533_target_type_b *type_b,
1352                                                        int target_data_len)
1353{
1354        if (target_data_len < sizeof(struct pn533_target_type_b))
1355                return false;
1356
1357        if (type_b->sensb_res.opcode != PN533_TYPE_B_OPC_SENSB_RES)
1358                return false;
1359
1360        if (PN533_TYPE_B_PROT_TYPE(type_b->sensb_res.prot_info.fsci_type) &
1361                                                PN533_TYPE_B_PROT_TYPE_RFU_MASK)
1362                return false;
1363
1364        return true;
1365}
1366
1367static int pn533_target_found_type_b(struct nfc_target *nfc_tgt, u8 *tgt_data,
1368                                                        int tgt_data_len)
1369{
1370        struct pn533_target_type_b *tgt_type_b;
1371
1372        tgt_type_b = (struct pn533_target_type_b *)tgt_data;
1373
1374        if (!pn533_target_type_b_is_valid(tgt_type_b, tgt_data_len))
1375                return -EPROTO;
1376
1377        nfc_tgt->supported_protocols = NFC_PROTO_ISO14443_B_MASK;
1378
1379        return 0;
1380}
1381
1382static int pn533_target_found(struct pn533 *dev, u8 tg, u8 *tgdata,
1383                              int tgdata_len)
1384{
1385        struct nfc_target nfc_tgt;
1386        int rc;
1387
1388        nfc_dev_dbg(&dev->interface->dev, "%s - modulation=%d", __func__,
1389                    dev->poll_mod_curr);
1390
1391        if (tg != 1)
1392                return -EPROTO;
1393
1394        memset(&nfc_tgt, 0, sizeof(struct nfc_target));
1395
1396        switch (dev->poll_mod_curr) {
1397        case PN533_POLL_MOD_106KBPS_A:
1398                rc = pn533_target_found_type_a(&nfc_tgt, tgdata, tgdata_len);
1399                break;
1400        case PN533_POLL_MOD_212KBPS_FELICA:
1401        case PN533_POLL_MOD_424KBPS_FELICA:
1402                rc = pn533_target_found_felica(&nfc_tgt, tgdata, tgdata_len);
1403                break;
1404        case PN533_POLL_MOD_106KBPS_JEWEL:
1405                rc = pn533_target_found_jewel(&nfc_tgt, tgdata, tgdata_len);
1406                break;
1407        case PN533_POLL_MOD_847KBPS_B:
1408                rc = pn533_target_found_type_b(&nfc_tgt, tgdata, tgdata_len);
1409                break;
1410        default:
1411                nfc_dev_err(&dev->interface->dev,
1412                            "Unknown current poll modulation");
1413                return -EPROTO;
1414        }
1415
1416        if (rc)
1417                return rc;
1418
1419        if (!(nfc_tgt.supported_protocols & dev->poll_protocols)) {
1420                nfc_dev_dbg(&dev->interface->dev,
1421                            "The Tg found doesn't have the desired protocol");
1422                return -EAGAIN;
1423        }
1424
1425        nfc_dev_dbg(&dev->interface->dev,
1426                    "Target found - supported protocols: 0x%x",
1427                    nfc_tgt.supported_protocols);
1428
1429        dev->tgt_available_prots = nfc_tgt.supported_protocols;
1430
1431        nfc_targets_found(dev->nfc_dev, &nfc_tgt, 1);
1432
1433        return 0;
1434}
1435
1436static inline void pn533_poll_next_mod(struct pn533 *dev)
1437{
1438        dev->poll_mod_curr = (dev->poll_mod_curr + 1) % dev->poll_mod_count;
1439}
1440
1441static void pn533_poll_reset_mod_list(struct pn533 *dev)
1442{
1443        dev->poll_mod_count = 0;
1444}
1445
1446static void pn533_poll_add_mod(struct pn533 *dev, u8 mod_index)
1447{
1448        dev->poll_mod_active[dev->poll_mod_count] =
1449                (struct pn533_poll_modulations *)&poll_mod[mod_index];
1450        dev->poll_mod_count++;
1451}
1452
1453static void pn533_poll_create_mod_list(struct pn533 *dev,
1454                                       u32 im_protocols, u32 tm_protocols)
1455{
1456        pn533_poll_reset_mod_list(dev);
1457
1458        if ((im_protocols & NFC_PROTO_MIFARE_MASK) ||
1459            (im_protocols & NFC_PROTO_ISO14443_MASK) ||
1460            (im_protocols & NFC_PROTO_NFC_DEP_MASK))
1461                pn533_poll_add_mod(dev, PN533_POLL_MOD_106KBPS_A);
1462
1463        if (im_protocols & NFC_PROTO_FELICA_MASK ||
1464            im_protocols & NFC_PROTO_NFC_DEP_MASK) {
1465                pn533_poll_add_mod(dev, PN533_POLL_MOD_212KBPS_FELICA);
1466                pn533_poll_add_mod(dev, PN533_POLL_MOD_424KBPS_FELICA);
1467        }
1468
1469        if (im_protocols & NFC_PROTO_JEWEL_MASK)
1470                pn533_poll_add_mod(dev, PN533_POLL_MOD_106KBPS_JEWEL);
1471
1472        if (im_protocols & NFC_PROTO_ISO14443_B_MASK)
1473                pn533_poll_add_mod(dev, PN533_POLL_MOD_847KBPS_B);
1474
1475        if (tm_protocols)
1476                pn533_poll_add_mod(dev, PN533_LISTEN_MOD);
1477}
1478
1479static int pn533_start_poll_complete(struct pn533 *dev, struct sk_buff *resp)
1480{
1481        u8 nbtg, tg, *tgdata;
1482        int rc, tgdata_len;
1483
1484        nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1485
1486        nbtg = resp->data[0];
1487        tg = resp->data[1];
1488        tgdata = &resp->data[2];
1489        tgdata_len = resp->len - 2;  /* nbtg + tg */
1490
1491        if (nbtg) {
1492                rc = pn533_target_found(dev, tg, tgdata, tgdata_len);
1493
1494                /* We must stop the poll after a valid target found */
1495                if (rc == 0) {
1496                        pn533_poll_reset_mod_list(dev);
1497                        return 0;
1498                }
1499        }
1500
1501        return -EAGAIN;
1502}
1503
1504static struct sk_buff *pn533_alloc_poll_tg_frame(struct pn533 *dev)
1505{
1506        struct sk_buff *skb;
1507        u8 *felica, *nfcid3, *gb;
1508
1509        u8 *gbytes = dev->gb;
1510        size_t gbytes_len = dev->gb_len;
1511
1512        u8 felica_params[18] = {0x1, 0xfe, /* DEP */
1513                                0x0, 0x0, 0x0, 0x0, 0x0, 0x0, /* random */
1514                                0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
1515                                0xff, 0xff}; /* System code */
1516
1517        u8 mifare_params[6] = {0x1, 0x1, /* SENS_RES */
1518                               0x0, 0x0, 0x0,
1519                               0x40}; /* SEL_RES for DEP */
1520
1521        unsigned int skb_len = 36 + /* mode (1), mifare (6),
1522                                       felica (18), nfcid3 (10), gb_len (1) */
1523                               gbytes_len +
1524                               1;  /* len Tk*/
1525
1526        skb = pn533_alloc_skb(dev, skb_len);
1527        if (!skb)
1528                return NULL;
1529
1530        /* DEP support only */
1531        *skb_put(skb, 1) = PN533_INIT_TARGET_DEP;
1532
1533        /* MIFARE params */
1534        memcpy(skb_put(skb, 6), mifare_params, 6);
1535
1536        /* Felica params */
1537        felica = skb_put(skb, 18);
1538        memcpy(felica, felica_params, 18);
1539        get_random_bytes(felica + 2, 6);
1540
1541        /* NFCID3 */
1542        nfcid3 = skb_put(skb, 10);
1543        memset(nfcid3, 0, 10);
1544        memcpy(nfcid3, felica, 8);
1545
1546        /* General bytes */
1547        *skb_put(skb, 1) = gbytes_len;
1548
1549        gb = skb_put(skb, gbytes_len);
1550        memcpy(gb, gbytes, gbytes_len);
1551
1552        /* Len Tk */
1553        *skb_put(skb, 1) = 0;
1554
1555        return skb;
1556}
1557
1558#define PN533_CMD_DATAEXCH_HEAD_LEN 1
1559#define PN533_CMD_DATAEXCH_DATA_MAXLEN 262
1560static int pn533_tm_get_data_complete(struct pn533 *dev, void *arg,
1561                                      struct sk_buff *resp)
1562{
1563        u8 status;
1564
1565        nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1566
1567        if (IS_ERR(resp))
1568                return PTR_ERR(resp);
1569
1570        status = resp->data[0];
1571        skb_pull(resp, sizeof(status));
1572
1573        if (status != 0) {
1574                nfc_tm_deactivated(dev->nfc_dev);
1575                dev->tgt_mode = 0;
1576                dev_kfree_skb(resp);
1577                return 0;
1578        }
1579
1580        return nfc_tm_data_received(dev->nfc_dev, resp);
1581}
1582
1583static void pn533_wq_tg_get_data(struct work_struct *work)
1584{
1585        struct pn533 *dev = container_of(work, struct pn533, tg_work);
1586
1587        struct sk_buff *skb;
1588        int rc;
1589
1590        nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1591
1592        skb = pn533_alloc_skb(dev, 0);
1593        if (!skb)
1594                return;
1595
1596        rc = pn533_send_data_async(dev, PN533_CMD_TG_GET_DATA, skb,
1597                                   pn533_tm_get_data_complete, NULL);
1598
1599        if (rc < 0)
1600                dev_kfree_skb(skb);
1601
1602        return;
1603}
1604
1605#define ATR_REQ_GB_OFFSET 17
1606static int pn533_init_target_complete(struct pn533 *dev, struct sk_buff *resp)
1607{
1608        u8 mode, *cmd, comm_mode = NFC_COMM_PASSIVE, *gb;
1609        size_t gb_len;
1610        int rc;
1611
1612        nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1613
1614        if (resp->len < ATR_REQ_GB_OFFSET + 1)
1615                return -EINVAL;
1616
1617        mode = resp->data[0];
1618        cmd = &resp->data[1];
1619
1620        nfc_dev_dbg(&dev->interface->dev, "Target mode 0x%x len %d\n",
1621                    mode, resp->len);
1622
1623        if ((mode & PN533_INIT_TARGET_RESP_FRAME_MASK) ==
1624            PN533_INIT_TARGET_RESP_ACTIVE)
1625                comm_mode = NFC_COMM_ACTIVE;
1626
1627        if ((mode & PN533_INIT_TARGET_RESP_DEP) == 0)  /* Only DEP supported */
1628                return -EOPNOTSUPP;
1629
1630        gb = cmd + ATR_REQ_GB_OFFSET;
1631        gb_len = resp->len - (ATR_REQ_GB_OFFSET + 1);
1632
1633        rc = nfc_tm_activated(dev->nfc_dev, NFC_PROTO_NFC_DEP_MASK,
1634                              comm_mode, gb, gb_len);
1635        if (rc < 0) {
1636                nfc_dev_err(&dev->interface->dev,
1637                            "Error when signaling target activation");
1638                return rc;
1639        }
1640
1641        dev->tgt_mode = 1;
1642        queue_work(dev->wq, &dev->tg_work);
1643
1644        return 0;
1645}
1646
1647static void pn533_listen_mode_timer(unsigned long data)
1648{
1649        struct pn533 *dev = (struct pn533 *)data;
1650
1651        nfc_dev_dbg(&dev->interface->dev, "Listen mode timeout");
1652
1653        dev->cancel_listen = 1;
1654
1655        pn533_poll_next_mod(dev);
1656
1657        queue_work(dev->wq, &dev->poll_work);
1658}
1659
1660static int pn533_poll_complete(struct pn533 *dev, void *arg,
1661                               struct sk_buff *resp)
1662{
1663        struct pn533_poll_modulations *cur_mod;
1664        int rc;
1665
1666        nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1667
1668        if (IS_ERR(resp)) {
1669                rc = PTR_ERR(resp);
1670
1671                nfc_dev_err(&dev->interface->dev, "%s  Poll complete error %d",
1672                            __func__, rc);
1673
1674                if (rc == -ENOENT) {
1675                        if (dev->poll_mod_count != 0)
1676                                return rc;
1677                        else
1678                                goto stop_poll;
1679                } else if (rc < 0) {
1680                        nfc_dev_err(&dev->interface->dev,
1681                                    "Error %d when running poll", rc);
1682                        goto stop_poll;
1683                }
1684        }
1685
1686        cur_mod = dev->poll_mod_active[dev->poll_mod_curr];
1687
1688        if (cur_mod->len == 0) { /* Target mode */
1689                del_timer(&dev->listen_timer);
1690                rc = pn533_init_target_complete(dev, resp);
1691                goto done;
1692        }
1693
1694        /* Initiator mode */
1695        rc = pn533_start_poll_complete(dev, resp);
1696        if (!rc)
1697                goto done;
1698
1699        if (!dev->poll_mod_count) {
1700                nfc_dev_dbg(&dev->interface->dev, "Polling has been stoped.");
1701                goto done;
1702        }
1703
1704        pn533_poll_next_mod(dev);
1705        queue_work(dev->wq, &dev->poll_work);
1706
1707done:
1708        dev_kfree_skb(resp);
1709        return rc;
1710
1711stop_poll:
1712        nfc_dev_err(&dev->interface->dev, "Polling operation has been stopped");
1713
1714        pn533_poll_reset_mod_list(dev);
1715        dev->poll_protocols = 0;
1716        return rc;
1717}
1718
1719static struct sk_buff *pn533_alloc_poll_in_frame(struct pn533 *dev,
1720                                        struct pn533_poll_modulations *mod)
1721{
1722        struct sk_buff *skb;
1723
1724        skb = pn533_alloc_skb(dev, mod->len);
1725        if (!skb)
1726                return NULL;
1727
1728        memcpy(skb_put(skb, mod->len), &mod->data, mod->len);
1729
1730        return skb;
1731}
1732
1733static int pn533_send_poll_frame(struct pn533 *dev)
1734{
1735        struct pn533_poll_modulations *mod;
1736        struct sk_buff *skb;
1737        int rc;
1738        u8 cmd_code;
1739
1740        mod = dev->poll_mod_active[dev->poll_mod_curr];
1741
1742        nfc_dev_dbg(&dev->interface->dev, "%s mod len %d\n",
1743                    __func__, mod->len);
1744
1745        if (mod->len == 0) {  /* Listen mode */
1746                cmd_code = PN533_CMD_TG_INIT_AS_TARGET;
1747                skb = pn533_alloc_poll_tg_frame(dev);
1748        } else {  /* Polling mode */
1749                cmd_code =  PN533_CMD_IN_LIST_PASSIVE_TARGET;
1750                skb = pn533_alloc_poll_in_frame(dev, mod);
1751        }
1752
1753        if (!skb) {
1754                nfc_dev_err(&dev->interface->dev, "Failed to allocate skb.");
1755                return -ENOMEM;
1756        }
1757
1758        rc = pn533_send_cmd_async(dev, cmd_code, skb, pn533_poll_complete,
1759                                  NULL);
1760        if (rc < 0) {
1761                dev_kfree_skb(skb);
1762                nfc_dev_err(&dev->interface->dev, "Polling loop error %d", rc);
1763        }
1764
1765        return rc;
1766}
1767
1768static void pn533_wq_poll(struct work_struct *work)
1769{
1770        struct pn533 *dev = container_of(work, struct pn533, poll_work);
1771        struct pn533_poll_modulations *cur_mod;
1772        int rc;
1773
1774        cur_mod = dev->poll_mod_active[dev->poll_mod_curr];
1775
1776        nfc_dev_dbg(&dev->interface->dev,
1777                    "%s cancel_listen %d modulation len %d",
1778                    __func__, dev->cancel_listen, cur_mod->len);
1779
1780        if (dev->cancel_listen == 1) {
1781                dev->cancel_listen = 0;
1782                pn533_abort_cmd(dev, GFP_ATOMIC);
1783        }
1784
1785        rc = pn533_send_poll_frame(dev);
1786        if (rc)
1787                return;
1788
1789        if (cur_mod->len == 0 && dev->poll_mod_count > 1)
1790                mod_timer(&dev->listen_timer, jiffies + PN533_LISTEN_TIME * HZ);
1791
1792        return;
1793}
1794
1795static int pn533_start_poll(struct nfc_dev *nfc_dev,
1796                            u32 im_protocols, u32 tm_protocols)
1797{
1798        struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1799
1800        nfc_dev_dbg(&dev->interface->dev,
1801                    "%s: im protocols 0x%x tm protocols 0x%x",
1802                    __func__, im_protocols, tm_protocols);
1803
1804        if (dev->tgt_active_prot) {
1805                nfc_dev_err(&dev->interface->dev,
1806                            "Cannot poll with a target already activated");
1807                return -EBUSY;
1808        }
1809
1810        if (dev->tgt_mode) {
1811                nfc_dev_err(&dev->interface->dev,
1812                            "Cannot poll while already being activated");
1813                return -EBUSY;
1814        }
1815
1816        if (tm_protocols) {
1817                dev->gb = nfc_get_local_general_bytes(nfc_dev, &dev->gb_len);
1818                if (dev->gb == NULL)
1819                        tm_protocols = 0;
1820        }
1821
1822        dev->poll_mod_curr = 0;
1823        pn533_poll_create_mod_list(dev, im_protocols, tm_protocols);
1824        dev->poll_protocols = im_protocols;
1825        dev->listen_protocols = tm_protocols;
1826
1827        return pn533_send_poll_frame(dev);
1828}
1829
1830static void pn533_stop_poll(struct nfc_dev *nfc_dev)
1831{
1832        struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1833
1834        nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1835
1836        del_timer(&dev->listen_timer);
1837
1838        if (!dev->poll_mod_count) {
1839                nfc_dev_dbg(&dev->interface->dev,
1840                            "Polling operation was not running");
1841                return;
1842        }
1843
1844        pn533_abort_cmd(dev, GFP_KERNEL);
1845        pn533_poll_reset_mod_list(dev);
1846}
1847
1848static int pn533_activate_target_nfcdep(struct pn533 *dev)
1849{
1850        struct pn533_cmd_activate_response *rsp;
1851        u16 gt_len;
1852        int rc;
1853
1854        struct sk_buff *skb;
1855        struct sk_buff *resp;
1856
1857        nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1858
1859        skb = pn533_alloc_skb(dev, sizeof(u8) * 2); /*TG + Next*/
1860        if (!skb)
1861                return -ENOMEM;
1862
1863        *skb_put(skb, sizeof(u8)) = 1; /* TG */
1864        *skb_put(skb, sizeof(u8)) = 0; /* Next */
1865
1866        resp = pn533_send_cmd_sync(dev, PN533_CMD_IN_ATR, skb);
1867        if (IS_ERR(resp))
1868                return PTR_ERR(resp);
1869
1870        rsp = (struct pn533_cmd_activate_response *)resp->data;
1871        rc = rsp->status & PN533_CMD_RET_MASK;
1872        if (rc != PN533_CMD_RET_SUCCESS) {
1873                nfc_dev_err(&dev->interface->dev,
1874                            "Target activation failed (error 0x%x)", rc);
1875                dev_kfree_skb(resp);
1876                return -EIO;
1877        }
1878
1879        /* ATR_RES general bytes are located at offset 16 */
1880        gt_len = resp->len - 16;
1881        rc = nfc_set_remote_general_bytes(dev->nfc_dev, rsp->gt, gt_len);
1882
1883        dev_kfree_skb(resp);
1884        return rc;
1885}
1886
1887static int pn533_activate_target(struct nfc_dev *nfc_dev,
1888                                 struct nfc_target *target, u32 protocol)
1889{
1890        struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1891        int rc;
1892
1893        nfc_dev_dbg(&dev->interface->dev, "%s - protocol=%u", __func__,
1894                    protocol);
1895
1896        if (dev->poll_mod_count) {
1897                nfc_dev_err(&dev->interface->dev,
1898                            "Cannot activate while polling");
1899                return -EBUSY;
1900        }
1901
1902        if (dev->tgt_active_prot) {
1903                nfc_dev_err(&dev->interface->dev,
1904                            "There is already an active target");
1905                return -EBUSY;
1906        }
1907
1908        if (!dev->tgt_available_prots) {
1909                nfc_dev_err(&dev->interface->dev,
1910                            "There is no available target to activate");
1911                return -EINVAL;
1912        }
1913
1914        if (!(dev->tgt_available_prots & (1 << protocol))) {
1915                nfc_dev_err(&dev->interface->dev,
1916                            "Target doesn't support requested proto %u",
1917                            protocol);
1918                return -EINVAL;
1919        }
1920
1921        if (protocol == NFC_PROTO_NFC_DEP) {
1922                rc = pn533_activate_target_nfcdep(dev);
1923                if (rc) {
1924                        nfc_dev_err(&dev->interface->dev,
1925                                    "Activating target with DEP failed %d", rc);
1926                        return rc;
1927                }
1928        }
1929
1930        dev->tgt_active_prot = protocol;
1931        dev->tgt_available_prots = 0;
1932
1933        return 0;
1934}
1935
1936static void pn533_deactivate_target(struct nfc_dev *nfc_dev,
1937                                    struct nfc_target *target)
1938{
1939        struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1940
1941        struct sk_buff *skb;
1942        struct sk_buff *resp;
1943
1944        int rc;
1945
1946        nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1947
1948        if (!dev->tgt_active_prot) {
1949                nfc_dev_err(&dev->interface->dev, "There is no active target");
1950                return;
1951        }
1952
1953        dev->tgt_active_prot = 0;
1954        skb_queue_purge(&dev->resp_q);
1955
1956        skb = pn533_alloc_skb(dev, sizeof(u8));
1957        if (!skb)
1958                return;
1959
1960        *skb_put(skb, 1) = 1; /* TG*/
1961
1962        resp = pn533_send_cmd_sync(dev, PN533_CMD_IN_RELEASE, skb);
1963        if (IS_ERR(resp))
1964                return;
1965
1966        rc = resp->data[0] & PN533_CMD_RET_MASK;
1967        if (rc != PN533_CMD_RET_SUCCESS)
1968                nfc_dev_err(&dev->interface->dev,
1969                            "Error 0x%x when releasing the target", rc);
1970
1971        dev_kfree_skb(resp);
1972        return;
1973}
1974
1975
1976static int pn533_in_dep_link_up_complete(struct pn533 *dev, void *arg,
1977                                         struct sk_buff *resp)
1978{
1979        struct pn533_cmd_jump_dep_response *rsp;
1980        u8 target_gt_len;
1981        int rc;
1982        u8 active = *(u8 *)arg;
1983
1984        kfree(arg);
1985
1986        if (IS_ERR(resp))
1987                return PTR_ERR(resp);
1988
1989        if (dev->tgt_available_prots &&
1990            !(dev->tgt_available_prots & (1 << NFC_PROTO_NFC_DEP))) {
1991                nfc_dev_err(&dev->interface->dev,
1992                            "The target does not support DEP");
1993                rc =  -EINVAL;
1994                goto error;
1995        }
1996
1997        rsp = (struct pn533_cmd_jump_dep_response *)resp->data;
1998
1999        rc = rsp->status & PN533_CMD_RET_MASK;
2000        if (rc != PN533_CMD_RET_SUCCESS) {
2001                nfc_dev_err(&dev->interface->dev,
2002                            "Bringing DEP link up failed (error 0x%x)", rc);
2003                goto error;
2004        }
2005
2006        if (!dev->tgt_available_prots) {
2007                struct nfc_target nfc_target;
2008
2009                nfc_dev_dbg(&dev->interface->dev, "Creating new target");
2010
2011                nfc_target.supported_protocols = NFC_PROTO_NFC_DEP_MASK;
2012                nfc_target.nfcid1_len = 10;
2013                memcpy(nfc_target.nfcid1, rsp->nfcid3t, nfc_target.nfcid1_len);
2014                rc = nfc_targets_found(dev->nfc_dev, &nfc_target, 1);
2015                if (rc)
2016                        goto error;
2017
2018                dev->tgt_available_prots = 0;
2019        }
2020
2021        dev->tgt_active_prot = NFC_PROTO_NFC_DEP;
2022
2023        /* ATR_RES general bytes are located at offset 17 */
2024        target_gt_len = resp->len - 17;
2025        rc = nfc_set_remote_general_bytes(dev->nfc_dev,
2026                                          rsp->gt, target_gt_len);
2027        if (rc == 0)
2028                rc = nfc_dep_link_is_up(dev->nfc_dev,
2029                                        dev->nfc_dev->targets[0].idx,
2030                                        !active, NFC_RF_INITIATOR);
2031
2032error:
2033        dev_kfree_skb(resp);
2034        return rc;
2035}
2036
2037static int pn533_mod_to_baud(struct pn533 *dev)
2038{
2039        switch (dev->poll_mod_curr) {
2040        case PN533_POLL_MOD_106KBPS_A:
2041                return 0;
2042        case PN533_POLL_MOD_212KBPS_FELICA:
2043                return 1;
2044        case PN533_POLL_MOD_424KBPS_FELICA:
2045                return 2;
2046        default:
2047                return -EINVAL;
2048        }
2049}
2050
2051#define PASSIVE_DATA_LEN 5
2052static int pn533_dep_link_up(struct nfc_dev *nfc_dev, struct nfc_target *target,
2053                             u8 comm_mode, u8 *gb, size_t gb_len)
2054{
2055        struct pn533 *dev = nfc_get_drvdata(nfc_dev);
2056        struct sk_buff *skb;
2057        int rc, baud, skb_len;
2058        u8 *next, *arg;
2059
2060        u8 passive_data[PASSIVE_DATA_LEN] = {0x00, 0xff, 0xff, 0x00, 0x3};
2061
2062        nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2063
2064        if (dev->poll_mod_count) {
2065                nfc_dev_err(&dev->interface->dev,
2066                            "Cannot bring the DEP link up while polling");
2067                return -EBUSY;
2068        }
2069
2070        if (dev->tgt_active_prot) {
2071                nfc_dev_err(&dev->interface->dev,
2072                            "There is already an active target");
2073                return -EBUSY;
2074        }
2075
2076        baud = pn533_mod_to_baud(dev);
2077        if (baud < 0) {
2078                nfc_dev_err(&dev->interface->dev,
2079                            "Invalid curr modulation %d", dev->poll_mod_curr);
2080                return baud;
2081        }
2082
2083        skb_len = 3 + gb_len; /* ActPass + BR + Next */
2084        if (comm_mode == NFC_COMM_PASSIVE)
2085                skb_len += PASSIVE_DATA_LEN;
2086
2087        skb = pn533_alloc_skb(dev, skb_len);
2088        if (!skb)
2089                return -ENOMEM;
2090
2091        *skb_put(skb, 1) = !comm_mode;  /* ActPass */
2092        *skb_put(skb, 1) = baud;  /* Baud rate */
2093
2094        next = skb_put(skb, 1);  /* Next */
2095        *next = 0;
2096
2097        if (comm_mode == NFC_COMM_PASSIVE && baud > 0) {
2098                memcpy(skb_put(skb, PASSIVE_DATA_LEN), passive_data,
2099                       PASSIVE_DATA_LEN);
2100                *next |= 1;
2101        }
2102
2103        if (gb != NULL && gb_len > 0) {
2104                memcpy(skb_put(skb, gb_len), gb, gb_len);
2105                *next |= 4; /* We have some Gi */
2106        } else {
2107                *next = 0;
2108        }
2109
2110        arg = kmalloc(sizeof(*arg), GFP_KERNEL);
2111        if (!arg) {
2112                dev_kfree_skb(skb);
2113                return -ENOMEM;
2114        }
2115
2116        *arg = !comm_mode;
2117
2118        rc = pn533_send_cmd_async(dev, PN533_CMD_IN_JUMP_FOR_DEP, skb,
2119                                  pn533_in_dep_link_up_complete, arg);
2120
2121        if (rc < 0) {
2122                dev_kfree_skb(skb);
2123                kfree(arg);
2124        }
2125
2126        return rc;
2127}
2128
2129static int pn533_dep_link_down(struct nfc_dev *nfc_dev)
2130{
2131        struct pn533 *dev = nfc_get_drvdata(nfc_dev);
2132
2133        nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2134
2135        pn533_poll_reset_mod_list(dev);
2136
2137        if (dev->tgt_mode || dev->tgt_active_prot)
2138                pn533_abort_cmd(dev, GFP_KERNEL);
2139
2140        dev->tgt_active_prot = 0;
2141        dev->tgt_mode = 0;
2142
2143        skb_queue_purge(&dev->resp_q);
2144
2145        return 0;
2146}
2147
2148struct pn533_data_exchange_arg {
2149        data_exchange_cb_t cb;
2150        void *cb_context;
2151};
2152
2153static struct sk_buff *pn533_build_response(struct pn533 *dev)
2154{
2155        struct sk_buff *skb, *tmp, *t;
2156        unsigned int skb_len = 0, tmp_len = 0;
2157
2158        nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2159
2160        if (skb_queue_empty(&dev->resp_q))
2161                return NULL;
2162
2163        if (skb_queue_len(&dev->resp_q) == 1) {
2164                skb = skb_dequeue(&dev->resp_q);
2165                goto out;
2166        }
2167
2168        skb_queue_walk_safe(&dev->resp_q, tmp, t)
2169                skb_len += tmp->len;
2170
2171        nfc_dev_dbg(&dev->interface->dev, "%s total length %d\n",
2172                    __func__, skb_len);
2173
2174        skb = alloc_skb(skb_len, GFP_KERNEL);
2175        if (skb == NULL)
2176                goto out;
2177
2178        skb_put(skb, skb_len);
2179
2180        skb_queue_walk_safe(&dev->resp_q, tmp, t) {
2181                memcpy(skb->data + tmp_len, tmp->data, tmp->len);
2182                tmp_len += tmp->len;
2183        }
2184
2185out:
2186        skb_queue_purge(&dev->resp_q);
2187
2188        return skb;
2189}
2190
2191static int pn533_data_exchange_complete(struct pn533 *dev, void *_arg,
2192                                        struct sk_buff *resp)
2193{
2194        struct pn533_data_exchange_arg *arg = _arg;
2195        struct sk_buff *skb;
2196        int rc = 0;
2197        u8 status, ret, mi;
2198
2199        nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2200
2201        if (IS_ERR(resp)) {
2202                rc = PTR_ERR(resp);
2203                goto _error;
2204        }
2205
2206        status = resp->data[0];
2207        ret = status & PN533_CMD_RET_MASK;
2208        mi = status & PN533_CMD_MI_MASK;
2209
2210        skb_pull(resp, sizeof(status));
2211
2212        if (ret != PN533_CMD_RET_SUCCESS) {
2213                nfc_dev_err(&dev->interface->dev,
2214                            "Exchanging data failed (error 0x%x)", ret);
2215                rc = -EIO;
2216                goto error;
2217        }
2218
2219        skb_queue_tail(&dev->resp_q, resp);
2220
2221        if (mi) {
2222                dev->cmd_complete_mi_arg = arg;
2223                queue_work(dev->wq, &dev->mi_work);
2224                return -EINPROGRESS;
2225        }
2226
2227        skb = pn533_build_response(dev);
2228        if (!skb)
2229                goto error;
2230
2231        arg->cb(arg->cb_context, skb, 0);
2232        kfree(arg);
2233        return 0;
2234
2235error:
2236        dev_kfree_skb(resp);
2237_error:
2238        skb_queue_purge(&dev->resp_q);
2239        arg->cb(arg->cb_context, NULL, rc);
2240        kfree(arg);
2241        return rc;
2242}
2243
2244static int pn533_transceive(struct nfc_dev *nfc_dev,
2245                            struct nfc_target *target, struct sk_buff *skb,
2246                            data_exchange_cb_t cb, void *cb_context)
2247{
2248        struct pn533 *dev = nfc_get_drvdata(nfc_dev);
2249        struct pn533_data_exchange_arg *arg = NULL;
2250        int rc;
2251
2252        nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2253
2254        if (skb->len > PN533_CMD_DATAEXCH_DATA_MAXLEN) {
2255                /* TODO: Implement support to multi-part data exchange */
2256                nfc_dev_err(&dev->interface->dev,
2257                            "Data length greater than the max allowed: %d",
2258                            PN533_CMD_DATAEXCH_DATA_MAXLEN);
2259                rc = -ENOSYS;
2260                goto error;
2261        }
2262
2263        if (!dev->tgt_active_prot) {
2264                nfc_dev_err(&dev->interface->dev,
2265                            "Can't exchange data if there is no active target");
2266                rc = -EINVAL;
2267                goto error;
2268        }
2269
2270        arg = kmalloc(sizeof(*arg), GFP_KERNEL);
2271        if (!arg) {
2272                rc = -ENOMEM;
2273                goto error;
2274        }
2275
2276        arg->cb = cb;
2277        arg->cb_context = cb_context;
2278
2279        switch (dev->device_type) {
2280        case PN533_DEVICE_PASORI:
2281                if (dev->tgt_active_prot == NFC_PROTO_FELICA) {
2282                        rc = pn533_send_data_async(dev, PN533_CMD_IN_COMM_THRU,
2283                                                   skb,
2284                                                   pn533_data_exchange_complete,
2285                                                   arg);
2286
2287                        break;
2288                }
2289        default:
2290                *skb_push(skb, sizeof(u8)) =  1; /*TG*/
2291
2292                rc = pn533_send_data_async(dev, PN533_CMD_IN_DATA_EXCHANGE,
2293                                           skb, pn533_data_exchange_complete,
2294                                           arg);
2295
2296                break;
2297        }
2298
2299        if (rc < 0) /* rc from send_async */
2300                goto error;
2301
2302        return 0;
2303
2304error:
2305        kfree(arg);
2306        dev_kfree_skb(skb);
2307        return rc;
2308}
2309
2310static int pn533_tm_send_complete(struct pn533 *dev, void *arg,
2311                                  struct sk_buff *resp)
2312{
2313        u8 status;
2314
2315        nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2316
2317        if (IS_ERR(resp))
2318                return PTR_ERR(resp);
2319
2320        status = resp->data[0];
2321
2322        dev_kfree_skb(resp);
2323
2324        if (status != 0) {
2325                nfc_tm_deactivated(dev->nfc_dev);
2326
2327                dev->tgt_mode = 0;
2328
2329                return 0;
2330        }
2331
2332        queue_work(dev->wq, &dev->tg_work);
2333
2334        return 0;
2335}
2336
2337static int pn533_tm_send(struct nfc_dev *nfc_dev, struct sk_buff *skb)
2338{
2339        struct pn533 *dev = nfc_get_drvdata(nfc_dev);
2340        int rc;
2341
2342        nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2343
2344        if (skb->len > PN533_CMD_DATAEXCH_DATA_MAXLEN) {
2345                nfc_dev_err(&dev->interface->dev,
2346                            "Data length greater than the max allowed: %d",
2347                            PN533_CMD_DATAEXCH_DATA_MAXLEN);
2348                return -ENOSYS;
2349        }
2350
2351        rc = pn533_send_data_async(dev, PN533_CMD_TG_SET_DATA, skb,
2352                                   pn533_tm_send_complete, NULL);
2353        if (rc < 0)
2354                dev_kfree_skb(skb);
2355
2356        return rc;
2357}
2358
2359static void pn533_wq_mi_recv(struct work_struct *work)
2360{
2361        struct pn533 *dev = container_of(work, struct pn533, mi_work);
2362
2363        struct sk_buff *skb;
2364        int rc;
2365
2366        nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2367
2368        skb = pn533_alloc_skb(dev, PN533_CMD_DATAEXCH_HEAD_LEN);
2369        if (!skb)
2370                goto error;
2371
2372        switch (dev->device_type) {
2373        case PN533_DEVICE_PASORI:
2374                if (dev->tgt_active_prot == NFC_PROTO_FELICA) {
2375                        rc = pn533_send_cmd_direct_async(dev,
2376                                                PN533_CMD_IN_COMM_THRU,
2377                                                skb,
2378                                                pn533_data_exchange_complete,
2379                                                 dev->cmd_complete_mi_arg);
2380
2381                        break;
2382                }
2383        default:
2384                *skb_put(skb, sizeof(u8)) =  1; /*TG*/
2385
2386                rc = pn533_send_cmd_direct_async(dev,
2387                                                 PN533_CMD_IN_DATA_EXCHANGE,
2388                                                 skb,
2389                                                 pn533_data_exchange_complete,
2390                                                 dev->cmd_complete_mi_arg);
2391
2392                break;
2393        }
2394
2395        if (rc == 0) /* success */
2396                return;
2397
2398        nfc_dev_err(&dev->interface->dev,
2399                    "Error %d when trying to perform data_exchange", rc);
2400
2401        dev_kfree_skb(skb);
2402        kfree(dev->cmd_complete_mi_arg);
2403
2404error:
2405        pn533_send_ack(dev, GFP_KERNEL);
2406        queue_work(dev->wq, &dev->cmd_work);
2407}
2408
2409static int pn533_set_configuration(struct pn533 *dev, u8 cfgitem, u8 *cfgdata,
2410                                                                u8 cfgdata_len)
2411{
2412        struct sk_buff *skb;
2413        struct sk_buff *resp;
2414
2415        int skb_len;
2416
2417        nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2418
2419        skb_len = sizeof(cfgitem) + cfgdata_len; /* cfgitem + cfgdata */
2420
2421        skb = pn533_alloc_skb(dev, skb_len);
2422        if (!skb)
2423                return -ENOMEM;
2424
2425        *skb_put(skb, sizeof(cfgitem)) = cfgitem;
2426        memcpy(skb_put(skb, cfgdata_len), cfgdata, cfgdata_len);
2427
2428        resp = pn533_send_cmd_sync(dev, PN533_CMD_RF_CONFIGURATION, skb);
2429        if (IS_ERR(resp))
2430                return PTR_ERR(resp);
2431
2432        dev_kfree_skb(resp);
2433        return 0;
2434}
2435
2436static int pn533_get_firmware_version(struct pn533 *dev,
2437                                      struct pn533_fw_version *fv)
2438{
2439        struct sk_buff *skb;
2440        struct sk_buff *resp;
2441
2442        skb = pn533_alloc_skb(dev, 0);
2443        if (!skb)
2444                return -ENOMEM;
2445
2446        resp = pn533_send_cmd_sync(dev, PN533_CMD_GET_FIRMWARE_VERSION, skb);
2447        if (IS_ERR(resp))
2448                return PTR_ERR(resp);
2449
2450        fv->ic = resp->data[0];
2451        fv->ver = resp->data[1];
2452        fv->rev = resp->data[2];
2453        fv->support = resp->data[3];
2454
2455        dev_kfree_skb(resp);
2456        return 0;
2457}
2458
2459static int pn533_pasori_fw_reset(struct pn533 *dev)
2460{
2461        struct sk_buff *skb;
2462        struct sk_buff *resp;
2463
2464        nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2465
2466        skb = pn533_alloc_skb(dev, sizeof(u8));
2467        if (!skb)
2468                return -ENOMEM;
2469
2470        *skb_put(skb, sizeof(u8)) = 0x1;
2471
2472        resp = pn533_send_cmd_sync(dev, 0x18, skb);
2473        if (IS_ERR(resp))
2474                return PTR_ERR(resp);
2475
2476        dev_kfree_skb(resp);
2477
2478        return 0;
2479}
2480
2481struct pn533_acr122_poweron_rdr_arg {
2482        int rc;
2483        struct completion done;
2484};
2485
2486static void pn533_acr122_poweron_rdr_resp(struct urb *urb)
2487{
2488        struct pn533_acr122_poweron_rdr_arg *arg = urb->context;
2489
2490        nfc_dev_dbg(&urb->dev->dev, "%s", __func__);
2491
2492        print_hex_dump(KERN_ERR, "ACR122 RX: ", DUMP_PREFIX_NONE, 16, 1,
2493                       urb->transfer_buffer, urb->transfer_buffer_length,
2494                       false);
2495
2496        arg->rc = urb->status;
2497        complete(&arg->done);
2498}
2499
2500static int pn533_acr122_poweron_rdr(struct pn533 *dev)
2501{
2502        /* Power on th reader (CCID cmd) */
2503        u8 cmd[10] = {PN533_ACR122_PC_TO_RDR_ICCPOWERON,
2504                      0, 0, 0, 0, 0, 0, 3, 0, 0};
2505        u8 buf[255];
2506        int rc;
2507        void *cntx;
2508        struct pn533_acr122_poweron_rdr_arg arg;
2509
2510        nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2511
2512        init_completion(&arg.done);
2513        cntx = dev->in_urb->context;  /* backup context */
2514
2515        dev->in_urb->transfer_buffer = buf;
2516        dev->in_urb->transfer_buffer_length = 255;
2517        dev->in_urb->complete = pn533_acr122_poweron_rdr_resp;
2518        dev->in_urb->context = &arg;
2519
2520        dev->out_urb->transfer_buffer = cmd;
2521        dev->out_urb->transfer_buffer_length = sizeof(cmd);
2522
2523        print_hex_dump(KERN_ERR, "ACR122 TX: ", DUMP_PREFIX_NONE, 16, 1,
2524                       cmd, sizeof(cmd), false);
2525
2526        rc = usb_submit_urb(dev->out_urb, GFP_KERNEL);
2527        if (rc) {
2528                nfc_dev_err(&dev->interface->dev,
2529                            "Reader power on cmd error %d", rc);
2530                return rc;
2531        }
2532
2533        rc =  usb_submit_urb(dev->in_urb, GFP_KERNEL);
2534        if (rc) {
2535                nfc_dev_err(&dev->interface->dev,
2536                            "Can't submit for reader power on cmd response %d",
2537                            rc);
2538                return rc;
2539        }
2540
2541        wait_for_completion(&arg.done);
2542        dev->in_urb->context = cntx; /* restore context */
2543
2544        return arg.rc;
2545}
2546
2547static int pn533_rf_field(struct nfc_dev *nfc_dev, u8 rf)
2548{
2549        struct pn533 *dev = nfc_get_drvdata(nfc_dev);
2550        u8 rf_field = !!rf;
2551        int rc;
2552
2553        rc = pn533_set_configuration(dev, PN533_CFGITEM_RF_FIELD,
2554                                     (u8 *)&rf_field, 1);
2555        if (rc) {
2556                nfc_dev_err(&dev->interface->dev,
2557                            "Error on setting RF field");
2558                return rc;
2559        }
2560
2561        return rc;
2562}
2563
2564int pn533_dev_up(struct nfc_dev *nfc_dev)
2565{
2566        return pn533_rf_field(nfc_dev, 1);
2567}
2568
2569int pn533_dev_down(struct nfc_dev *nfc_dev)
2570{
2571        return pn533_rf_field(nfc_dev, 0);
2572}
2573
2574static struct nfc_ops pn533_nfc_ops = {
2575        .dev_up = pn533_dev_up,
2576        .dev_down = pn533_dev_down,
2577        .dep_link_up = pn533_dep_link_up,
2578        .dep_link_down = pn533_dep_link_down,
2579        .start_poll = pn533_start_poll,
2580        .stop_poll = pn533_stop_poll,
2581        .activate_target = pn533_activate_target,
2582        .deactivate_target = pn533_deactivate_target,
2583        .im_transceive = pn533_transceive,
2584        .tm_send = pn533_tm_send,
2585};
2586
2587static int pn533_setup(struct pn533 *dev)
2588{
2589        struct pn533_config_max_retries max_retries;
2590        struct pn533_config_timing timing;
2591        u8 pasori_cfg[3] = {0x08, 0x01, 0x08};
2592        int rc;
2593
2594        switch (dev->device_type) {
2595        case PN533_DEVICE_STD:
2596                max_retries.mx_rty_atr = PN533_CONFIG_MAX_RETRIES_ENDLESS;
2597                max_retries.mx_rty_psl = 2;
2598                max_retries.mx_rty_passive_act =
2599                        PN533_CONFIG_MAX_RETRIES_NO_RETRY;
2600
2601                timing.rfu = PN533_CONFIG_TIMING_102;
2602                timing.atr_res_timeout = PN533_CONFIG_TIMING_204;
2603                timing.dep_timeout = PN533_CONFIG_TIMING_409;
2604
2605                break;
2606
2607        case PN533_DEVICE_PASORI:
2608        case PN533_DEVICE_ACR122U:
2609                max_retries.mx_rty_atr = 0x2;
2610                max_retries.mx_rty_psl = 0x1;
2611                max_retries.mx_rty_passive_act =
2612                        PN533_CONFIG_MAX_RETRIES_NO_RETRY;
2613
2614                timing.rfu = PN533_CONFIG_TIMING_102;
2615                timing.atr_res_timeout = PN533_CONFIG_TIMING_102;
2616                timing.dep_timeout = PN533_CONFIG_TIMING_204;
2617
2618                break;
2619
2620        default:
2621                nfc_dev_err(&dev->interface->dev, "Unknown device type %d\n",
2622                            dev->device_type);
2623                return -EINVAL;
2624        }
2625
2626        rc = pn533_set_configuration(dev, PN533_CFGITEM_MAX_RETRIES,
2627                                     (u8 *)&max_retries, sizeof(max_retries));
2628        if (rc) {
2629                nfc_dev_err(&dev->interface->dev,
2630                            "Error on setting MAX_RETRIES config");
2631                return rc;
2632        }
2633
2634
2635        rc = pn533_set_configuration(dev, PN533_CFGITEM_TIMING,
2636                                     (u8 *)&timing, sizeof(timing));
2637        if (rc) {
2638                nfc_dev_err(&dev->interface->dev,
2639                            "Error on setting RF timings");
2640                return rc;
2641        }
2642
2643        switch (dev->device_type) {
2644        case PN533_DEVICE_STD:
2645                break;
2646
2647        case PN533_DEVICE_PASORI:
2648                pn533_pasori_fw_reset(dev);
2649
2650                rc = pn533_set_configuration(dev, PN533_CFGITEM_PASORI,
2651                                             pasori_cfg, 3);
2652                if (rc) {
2653                        nfc_dev_err(&dev->interface->dev,
2654                                    "Error while settings PASORI config");
2655                        return rc;
2656                }
2657
2658                pn533_pasori_fw_reset(dev);
2659
2660                break;
2661        }
2662
2663        return 0;
2664}
2665
2666static int pn533_probe(struct usb_interface *interface,
2667                        const struct usb_device_id *id)
2668{
2669        struct pn533_fw_version fw_ver;
2670        struct pn533 *dev;
2671        struct usb_host_interface *iface_desc;
2672        struct usb_endpoint_descriptor *endpoint;
2673        int in_endpoint = 0;
2674        int out_endpoint = 0;
2675        int rc = -ENOMEM;
2676        int i;
2677        u32 protocols;
2678
2679        dev = kzalloc(sizeof(*dev), GFP_KERNEL);
2680        if (!dev)
2681                return -ENOMEM;
2682
2683        dev->udev = usb_get_dev(interface_to_usbdev(interface));
2684        dev->interface = interface;
2685        mutex_init(&dev->cmd_lock);
2686
2687        iface_desc = interface->cur_altsetting;
2688        for (i = 0; i < iface_desc->desc.bNumEndpoints; ++i) {
2689                endpoint = &iface_desc->endpoint[i].desc;
2690
2691                if (!in_endpoint && usb_endpoint_is_bulk_in(endpoint))
2692                        in_endpoint = endpoint->bEndpointAddress;
2693
2694                if (!out_endpoint && usb_endpoint_is_bulk_out(endpoint))
2695                        out_endpoint = endpoint->bEndpointAddress;
2696        }
2697
2698        if (!in_endpoint || !out_endpoint) {
2699                nfc_dev_err(&interface->dev,
2700                            "Could not find bulk-in or bulk-out endpoint");
2701                rc = -ENODEV;
2702                goto error;
2703        }
2704
2705        dev->in_urb = usb_alloc_urb(0, GFP_KERNEL);
2706        dev->out_urb = usb_alloc_urb(0, GFP_KERNEL);
2707
2708        if (!dev->in_urb || !dev->out_urb)
2709                goto error;
2710
2711        usb_fill_bulk_urb(dev->in_urb, dev->udev,
2712                          usb_rcvbulkpipe(dev->udev, in_endpoint),
2713                          NULL, 0, NULL, dev);
2714        usb_fill_bulk_urb(dev->out_urb, dev->udev,
2715                          usb_sndbulkpipe(dev->udev, out_endpoint),
2716                          NULL, 0, pn533_send_complete, dev);
2717
2718        INIT_WORK(&dev->cmd_work, pn533_wq_cmd);
2719        INIT_WORK(&dev->cmd_complete_work, pn533_wq_cmd_complete);
2720        INIT_WORK(&dev->mi_work, pn533_wq_mi_recv);
2721        INIT_WORK(&dev->tg_work, pn533_wq_tg_get_data);
2722        INIT_WORK(&dev->poll_work, pn533_wq_poll);
2723        dev->wq = alloc_ordered_workqueue("pn533", 0);
2724        if (dev->wq == NULL)
2725                goto error;
2726
2727        init_timer(&dev->listen_timer);
2728        dev->listen_timer.data = (unsigned long) dev;
2729        dev->listen_timer.function = pn533_listen_mode_timer;
2730
2731        skb_queue_head_init(&dev->resp_q);
2732
2733        INIT_LIST_HEAD(&dev->cmd_queue);
2734
2735        usb_set_intfdata(interface, dev);
2736
2737        dev->ops = &pn533_std_frame_ops;
2738
2739        dev->protocol_type = PN533_PROTO_REQ_ACK_RESP;
2740        dev->device_type = id->driver_info;
2741        switch (dev->device_type) {
2742        case PN533_DEVICE_STD:
2743                protocols = PN533_ALL_PROTOCOLS;
2744                break;
2745
2746        case PN533_DEVICE_PASORI:
2747                protocols = PN533_NO_TYPE_B_PROTOCOLS;
2748                break;
2749
2750        case PN533_DEVICE_ACR122U:
2751                protocols = PN533_NO_TYPE_B_PROTOCOLS;
2752                dev->ops = &pn533_acr122_frame_ops;
2753                dev->protocol_type = PN533_PROTO_REQ_RESP,
2754
2755                rc = pn533_acr122_poweron_rdr(dev);
2756                if (rc < 0) {
2757                        nfc_dev_err(&dev->interface->dev,
2758                                    "Couldn't poweron the reader (error %d)",
2759                                    rc);
2760                        goto destroy_wq;
2761                }
2762                break;
2763
2764        default:
2765                nfc_dev_err(&dev->interface->dev, "Unknown device type %d\n",
2766                            dev->device_type);
2767                rc = -EINVAL;
2768                goto destroy_wq;
2769        }
2770
2771        memset(&fw_ver, 0, sizeof(fw_ver));
2772        rc = pn533_get_firmware_version(dev, &fw_ver);
2773        if (rc < 0)
2774                goto destroy_wq;
2775
2776        nfc_dev_info(&dev->interface->dev,
2777                     "NXP PN533 firmware ver %d.%d now attached",
2778                     fw_ver.ver, fw_ver.rev);
2779
2780
2781        dev->nfc_dev = nfc_allocate_device(&pn533_nfc_ops, protocols,
2782                                           NFC_SE_NONE,
2783                                           dev->ops->tx_header_len +
2784                                           PN533_CMD_DATAEXCH_HEAD_LEN,
2785                                           dev->ops->tx_tail_len);
2786        if (!dev->nfc_dev)
2787                goto destroy_wq;
2788
2789        nfc_set_parent_dev(dev->nfc_dev, &interface->dev);
2790        nfc_set_drvdata(dev->nfc_dev, dev);
2791
2792        rc = nfc_register_device(dev->nfc_dev);
2793        if (rc)
2794                goto free_nfc_dev;
2795
2796        rc = pn533_setup(dev);
2797        if (rc)
2798                goto unregister_nfc_dev;
2799
2800        return 0;
2801
2802unregister_nfc_dev:
2803        nfc_unregister_device(dev->nfc_dev);
2804
2805free_nfc_dev:
2806        nfc_free_device(dev->nfc_dev);
2807
2808destroy_wq:
2809        destroy_workqueue(dev->wq);
2810error:
2811        usb_free_urb(dev->in_urb);
2812        usb_free_urb(dev->out_urb);
2813        usb_put_dev(dev->udev);
2814        kfree(dev);
2815        return rc;
2816}
2817
2818static void pn533_disconnect(struct usb_interface *interface)
2819{
2820        struct pn533 *dev;
2821        struct pn533_cmd *cmd, *n;
2822
2823        dev = usb_get_intfdata(interface);
2824        usb_set_intfdata(interface, NULL);
2825
2826        nfc_unregister_device(dev->nfc_dev);
2827        nfc_free_device(dev->nfc_dev);
2828
2829        usb_kill_urb(dev->in_urb);
2830        usb_kill_urb(dev->out_urb);
2831
2832        destroy_workqueue(dev->wq);
2833
2834        skb_queue_purge(&dev->resp_q);
2835
2836        del_timer(&dev->listen_timer);
2837
2838        list_for_each_entry_safe(cmd, n, &dev->cmd_queue, queue) {
2839                list_del(&cmd->queue);
2840                kfree(cmd);
2841        }
2842
2843        usb_free_urb(dev->in_urb);
2844        usb_free_urb(dev->out_urb);
2845        kfree(dev);
2846
2847        nfc_dev_info(&interface->dev, "NXP PN533 NFC device disconnected");
2848}
2849
2850static struct usb_driver pn533_driver = {
2851        .name =         "pn533",
2852        .probe =        pn533_probe,
2853        .disconnect =   pn533_disconnect,
2854        .id_table =     pn533_table,
2855};
2856
2857module_usb_driver(pn533_driver);
2858
2859MODULE_AUTHOR("Lauro Ramos Venancio <lauro.venancio@openbossa.org>");
2860MODULE_AUTHOR("Aloisio Almeida Jr <aloisio.almeida@openbossa.org>");
2861MODULE_AUTHOR("Waldemar Rymarkiewicz <waldemar.rymarkiewicz@tieto.com>");
2862MODULE_DESCRIPTION("PN533 usb driver ver " VERSION);
2863MODULE_VERSION(VERSION);
2864MODULE_LICENSE("GPL");
2865
lxr.linux.no kindly hosted by Redpill Linpro AS, provider of Linux consulting and operations services since 1995.