linux/drivers/nfc/pn533.c
<<
>>
Prefs
   1/*
   2 * Copyright (C) 2011 Instituto Nokia de Tecnologia
   3 *
   4 * Authors:
   5 *    Lauro Ramos Venancio <lauro.venancio@openbossa.org>
   6 *    Aloisio Almeida Jr <aloisio.almeida@openbossa.org>
   7 *
   8 * This program is free software; you can redistribute it and/or modify
   9 * it under the terms of the GNU General Public License as published by
  10 * the Free Software Foundation; either version 2 of the License, or
  11 * (at your option) any later version.
  12 *
  13 * This program is distributed in the hope that it will be useful,
  14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
  15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  16 * GNU General Public License for more details.
  17 *
  18 * You should have received a copy of the GNU General Public License
  19 * along with this program; if not, write to the
  20 * Free Software Foundation, Inc.,
  21 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
  22 */
  23
  24#include <linux/device.h>
  25#include <linux/kernel.h>
  26#include <linux/module.h>
  27#include <linux/slab.h>
  28#include <linux/usb.h>
  29#include <linux/nfc.h>
  30#include <linux/netdevice.h>
  31#include <net/nfc/nfc.h>
  32
  33#define VERSION "0.1"
  34
  35#define PN533_VENDOR_ID 0x4CC
  36#define PN533_PRODUCT_ID 0x2533
  37
  38#define SCM_VENDOR_ID 0x4E6
  39#define SCL3711_PRODUCT_ID 0x5591
  40
  41#define SONY_VENDOR_ID         0x054c
  42#define PASORI_PRODUCT_ID      0x02e1
  43
  44#define PN533_QUIRKS_TYPE_A          BIT(0)
  45#define PN533_QUIRKS_TYPE_F          BIT(1)
  46#define PN533_QUIRKS_DEP             BIT(2)
  47#define PN533_QUIRKS_RAW_EXCHANGE    BIT(3)
  48
  49#define PN533_DEVICE_STD    0x1
  50#define PN533_DEVICE_PASORI 0x2
  51
  52#define PN533_ALL_PROTOCOLS (NFC_PROTO_JEWEL_MASK | NFC_PROTO_MIFARE_MASK |\
  53                             NFC_PROTO_FELICA_MASK | NFC_PROTO_ISO14443_MASK |\
  54                             NFC_PROTO_NFC_DEP_MASK |\
  55                             NFC_PROTO_ISO14443_B_MASK)
  56
  57#define PN533_NO_TYPE_B_PROTOCOLS (NFC_PROTO_JEWEL_MASK | \
  58                                   NFC_PROTO_MIFARE_MASK | \
  59                                   NFC_PROTO_FELICA_MASK | \
  60                                   NFC_PROTO_ISO14443_MASK | \
  61                                   NFC_PROTO_NFC_DEP_MASK)
  62
  63static const struct usb_device_id pn533_table[] = {
  64        { .match_flags          = USB_DEVICE_ID_MATCH_DEVICE,
  65          .idVendor             = PN533_VENDOR_ID,
  66          .idProduct            = PN533_PRODUCT_ID,
  67          .driver_info          = PN533_DEVICE_STD,
  68        },
  69        { .match_flags          = USB_DEVICE_ID_MATCH_DEVICE,
  70          .idVendor             = SCM_VENDOR_ID,
  71          .idProduct            = SCL3711_PRODUCT_ID,
  72          .driver_info          = PN533_DEVICE_STD,
  73        },
  74        { .match_flags          = USB_DEVICE_ID_MATCH_DEVICE,
  75          .idVendor             = SONY_VENDOR_ID,
  76          .idProduct            = PASORI_PRODUCT_ID,
  77          .driver_info          = PN533_DEVICE_PASORI,
  78        },
  79        { }
  80};
  81MODULE_DEVICE_TABLE(usb, pn533_table);
  82
  83/* How much time we spend listening for initiators */
  84#define PN533_LISTEN_TIME 2
  85
  86/* frame definitions */
  87#define PN533_FRAME_TAIL_SIZE 2
  88#define PN533_FRAME_SIZE(f) (sizeof(struct pn533_frame) + f->datalen + \
  89                                PN533_FRAME_TAIL_SIZE)
  90#define PN533_FRAME_ACK_SIZE (sizeof(struct pn533_frame) + 1)
  91#define PN533_FRAME_CHECKSUM(f) (f->data[f->datalen])
  92#define PN533_FRAME_POSTAMBLE(f) (f->data[f->datalen + 1])
  93
  94/* start of frame */
  95#define PN533_SOF 0x00FF
  96
  97/* frame identifier: in/out/error */
  98#define PN533_FRAME_IDENTIFIER(f) (f->data[0])
  99#define PN533_DIR_OUT 0xD4
 100#define PN533_DIR_IN 0xD5
 101
 102/* PN533 Commands */
 103#define PN533_FRAME_CMD(f) (f->data[1])
 104#define PN533_FRAME_CMD_PARAMS_PTR(f) (&f->data[2])
 105#define PN533_FRAME_CMD_PARAMS_LEN(f) (f->datalen - 2)
 106
 107#define PN533_CMD_GET_FIRMWARE_VERSION 0x02
 108#define PN533_CMD_RF_CONFIGURATION 0x32
 109#define PN533_CMD_IN_DATA_EXCHANGE 0x40
 110#define PN533_CMD_IN_COMM_THRU     0x42
 111#define PN533_CMD_IN_LIST_PASSIVE_TARGET 0x4A
 112#define PN533_CMD_IN_ATR 0x50
 113#define PN533_CMD_IN_RELEASE 0x52
 114#define PN533_CMD_IN_JUMP_FOR_DEP 0x56
 115
 116#define PN533_CMD_TG_INIT_AS_TARGET 0x8c
 117#define PN533_CMD_TG_GET_DATA 0x86
 118#define PN533_CMD_TG_SET_DATA 0x8e
 119
 120#define PN533_CMD_RESPONSE(cmd) (cmd + 1)
 121
 122/* PN533 Return codes */
 123#define PN533_CMD_RET_MASK 0x3F
 124#define PN533_CMD_MI_MASK 0x40
 125#define PN533_CMD_RET_SUCCESS 0x00
 126
 127/* PN533 status codes */
 128#define PN533_STATUS_TARGET_RELEASED 0x29
 129
 130struct pn533;
 131
 132typedef int (*pn533_cmd_complete_t) (struct pn533 *dev, void *arg,
 133                                        u8 *params, int params_len);
 134
 135/* structs for pn533 commands */
 136
 137/* PN533_CMD_GET_FIRMWARE_VERSION */
 138struct pn533_fw_version {
 139        u8 ic;
 140        u8 ver;
 141        u8 rev;
 142        u8 support;
 143};
 144
 145/* PN533_CMD_RF_CONFIGURATION */
 146#define PN533_CFGITEM_TIMING 0x02
 147#define PN533_CFGITEM_MAX_RETRIES 0x05
 148#define PN533_CFGITEM_PASORI 0x82
 149
 150#define PN533_CONFIG_TIMING_102 0xb
 151#define PN533_CONFIG_TIMING_204 0xc
 152#define PN533_CONFIG_TIMING_409 0xd
 153#define PN533_CONFIG_TIMING_819 0xe
 154
 155#define PN533_CONFIG_MAX_RETRIES_NO_RETRY 0x00
 156#define PN533_CONFIG_MAX_RETRIES_ENDLESS 0xFF
 157
 158struct pn533_config_max_retries {
 159        u8 mx_rty_atr;
 160        u8 mx_rty_psl;
 161        u8 mx_rty_passive_act;
 162} __packed;
 163
 164struct pn533_config_timing {
 165        u8 rfu;
 166        u8 atr_res_timeout;
 167        u8 dep_timeout;
 168} __packed;
 169
 170/* PN533_CMD_IN_LIST_PASSIVE_TARGET */
 171
 172/* felica commands opcode */
 173#define PN533_FELICA_OPC_SENSF_REQ 0
 174#define PN533_FELICA_OPC_SENSF_RES 1
 175/* felica SENSF_REQ parameters */
 176#define PN533_FELICA_SENSF_SC_ALL 0xFFFF
 177#define PN533_FELICA_SENSF_RC_NO_SYSTEM_CODE 0
 178#define PN533_FELICA_SENSF_RC_SYSTEM_CODE 1
 179#define PN533_FELICA_SENSF_RC_ADVANCED_PROTOCOL 2
 180
 181/* type B initiator_data values */
 182#define PN533_TYPE_B_AFI_ALL_FAMILIES 0
 183#define PN533_TYPE_B_POLL_METHOD_TIMESLOT 0
 184#define PN533_TYPE_B_POLL_METHOD_PROBABILISTIC 1
 185
 186union pn533_cmd_poll_initdata {
 187        struct {
 188                u8 afi;
 189                u8 polling_method;
 190        } __packed type_b;
 191        struct {
 192                u8 opcode;
 193                __be16 sc;
 194                u8 rc;
 195                u8 tsn;
 196        } __packed felica;
 197};
 198
 199/* Poll modulations */
 200enum {
 201        PN533_POLL_MOD_106KBPS_A,
 202        PN533_POLL_MOD_212KBPS_FELICA,
 203        PN533_POLL_MOD_424KBPS_FELICA,
 204        PN533_POLL_MOD_106KBPS_JEWEL,
 205        PN533_POLL_MOD_847KBPS_B,
 206        PN533_LISTEN_MOD,
 207
 208        __PN533_POLL_MOD_AFTER_LAST,
 209};
 210#define PN533_POLL_MOD_MAX (__PN533_POLL_MOD_AFTER_LAST - 1)
 211
 212struct pn533_poll_modulations {
 213        struct {
 214                u8 maxtg;
 215                u8 brty;
 216                union pn533_cmd_poll_initdata initiator_data;
 217        } __packed data;
 218        u8 len;
 219};
 220
 221const struct pn533_poll_modulations poll_mod[] = {
 222        [PN533_POLL_MOD_106KBPS_A] = {
 223                .data = {
 224                        .maxtg = 1,
 225                        .brty = 0,
 226                },
 227                .len = 2,
 228        },
 229        [PN533_POLL_MOD_212KBPS_FELICA] = {
 230                .data = {
 231                        .maxtg = 1,
 232                        .brty = 1,
 233                        .initiator_data.felica = {
 234                                .opcode = PN533_FELICA_OPC_SENSF_REQ,
 235                                .sc = PN533_FELICA_SENSF_SC_ALL,
 236                                .rc = PN533_FELICA_SENSF_RC_NO_SYSTEM_CODE,
 237                                .tsn = 0,
 238                        },
 239                },
 240                .len = 7,
 241        },
 242        [PN533_POLL_MOD_424KBPS_FELICA] = {
 243                .data = {
 244                        .maxtg = 1,
 245                        .brty = 2,
 246                        .initiator_data.felica = {
 247                                .opcode = PN533_FELICA_OPC_SENSF_REQ,
 248                                .sc = PN533_FELICA_SENSF_SC_ALL,
 249                                .rc = PN533_FELICA_SENSF_RC_NO_SYSTEM_CODE,
 250                                .tsn = 0,
 251                        },
 252                 },
 253                .len = 7,
 254        },
 255        [PN533_POLL_MOD_106KBPS_JEWEL] = {
 256                .data = {
 257                        .maxtg = 1,
 258                        .brty = 4,
 259                },
 260                .len = 2,
 261        },
 262        [PN533_POLL_MOD_847KBPS_B] = {
 263                .data = {
 264                        .maxtg = 1,
 265                        .brty = 8,
 266                        .initiator_data.type_b = {
 267                                .afi = PN533_TYPE_B_AFI_ALL_FAMILIES,
 268                                .polling_method =
 269                                        PN533_TYPE_B_POLL_METHOD_TIMESLOT,
 270                        },
 271                },
 272                .len = 3,
 273        },
 274        [PN533_LISTEN_MOD] = {
 275                .len = 0,
 276        },
 277};
 278
 279/* PN533_CMD_IN_ATR */
 280
 281struct pn533_cmd_activate_param {
 282        u8 tg;
 283        u8 next;
 284} __packed;
 285
 286struct pn533_cmd_activate_response {
 287        u8 status;
 288        u8 nfcid3t[10];
 289        u8 didt;
 290        u8 bst;
 291        u8 brt;
 292        u8 to;
 293        u8 ppt;
 294        /* optional */
 295        u8 gt[];
 296} __packed;
 297
 298/* PN533_CMD_IN_JUMP_FOR_DEP */
 299struct pn533_cmd_jump_dep {
 300        u8 active;
 301        u8 baud;
 302        u8 next;
 303        u8 data[];
 304} __packed;
 305
 306struct pn533_cmd_jump_dep_response {
 307        u8 status;
 308        u8 tg;
 309        u8 nfcid3t[10];
 310        u8 didt;
 311        u8 bst;
 312        u8 brt;
 313        u8 to;
 314        u8 ppt;
 315        /* optional */
 316        u8 gt[];
 317} __packed;
 318
 319
 320/* PN533_TG_INIT_AS_TARGET */
 321#define PN533_INIT_TARGET_PASSIVE 0x1
 322#define PN533_INIT_TARGET_DEP 0x2
 323
 324#define PN533_INIT_TARGET_RESP_FRAME_MASK 0x3
 325#define PN533_INIT_TARGET_RESP_ACTIVE     0x1
 326#define PN533_INIT_TARGET_RESP_DEP        0x4
 327
 328struct pn533_cmd_init_target {
 329        u8 mode;
 330        u8 mifare[6];
 331        u8 felica[18];
 332        u8 nfcid3[10];
 333        u8 gb_len;
 334        u8 gb[];
 335} __packed;
 336
 337struct pn533_cmd_init_target_response {
 338        u8 mode;
 339        u8 cmd[];
 340} __packed;
 341
 342struct pn533 {
 343        struct usb_device *udev;
 344        struct usb_interface *interface;
 345        struct nfc_dev *nfc_dev;
 346
 347        struct urb *out_urb;
 348        int out_maxlen;
 349        struct pn533_frame *out_frame;
 350
 351        struct urb *in_urb;
 352        int in_maxlen;
 353        struct pn533_frame *in_frame;
 354
 355        struct sk_buff_head resp_q;
 356
 357        struct workqueue_struct *wq;
 358        struct work_struct cmd_work;
 359        struct work_struct poll_work;
 360        struct work_struct mi_work;
 361        struct work_struct tg_work;
 362        struct timer_list listen_timer;
 363        struct pn533_frame *wq_in_frame;
 364        int wq_in_error;
 365        int cancel_listen;
 366
 367        pn533_cmd_complete_t cmd_complete;
 368        void *cmd_complete_arg;
 369        struct mutex cmd_lock;
 370        u8 cmd;
 371
 372        struct pn533_poll_modulations *poll_mod_active[PN533_POLL_MOD_MAX + 1];
 373        u8 poll_mod_count;
 374        u8 poll_mod_curr;
 375        u32 poll_protocols;
 376        u32 listen_protocols;
 377
 378        u8 *gb;
 379        size_t gb_len;
 380
 381        u8 tgt_available_prots;
 382        u8 tgt_active_prot;
 383        u8 tgt_mode;
 384
 385        u32 device_type;
 386};
 387
 388struct pn533_frame {
 389        u8 preamble;
 390        __be16 start_frame;
 391        u8 datalen;
 392        u8 datalen_checksum;
 393        u8 data[];
 394} __packed;
 395
 396/* The rule: value + checksum = 0 */
 397static inline u8 pn533_checksum(u8 value)
 398{
 399        return ~value + 1;
 400}
 401
 402/* The rule: sum(data elements) + checksum = 0 */
 403static u8 pn533_data_checksum(u8 *data, int datalen)
 404{
 405        u8 sum = 0;
 406        int i;
 407
 408        for (i = 0; i < datalen; i++)
 409                sum += data[i];
 410
 411        return pn533_checksum(sum);
 412}
 413
 414/**
 415 * pn533_tx_frame_ack - create a ack frame
 416 * @frame:      The frame to be set as ack
 417 *
 418 * Ack is different type of standard frame. As a standard frame, it has
 419 * preamble and start_frame. However the checksum of this frame must fail,
 420 * i.e. datalen + datalen_checksum must NOT be zero. When the checksum test
 421 * fails and datalen = 0 and datalen_checksum = 0xFF, the frame is a ack.
 422 * After datalen_checksum field, the postamble is placed.
 423 */
 424static void pn533_tx_frame_ack(struct pn533_frame *frame)
 425{
 426        frame->preamble = 0;
 427        frame->start_frame = cpu_to_be16(PN533_SOF);
 428        frame->datalen = 0;
 429        frame->datalen_checksum = 0xFF;
 430        /* data[0] is used as postamble */
 431        frame->data[0] = 0;
 432}
 433
 434static void pn533_tx_frame_init(struct pn533_frame *frame, u8 cmd)
 435{
 436        frame->preamble = 0;
 437        frame->start_frame = cpu_to_be16(PN533_SOF);
 438        PN533_FRAME_IDENTIFIER(frame) = PN533_DIR_OUT;
 439        PN533_FRAME_CMD(frame) = cmd;
 440        frame->datalen = 2;
 441}
 442
 443static void pn533_tx_frame_finish(struct pn533_frame *frame)
 444{
 445        frame->datalen_checksum = pn533_checksum(frame->datalen);
 446
 447        PN533_FRAME_CHECKSUM(frame) =
 448                pn533_data_checksum(frame->data, frame->datalen);
 449
 450        PN533_FRAME_POSTAMBLE(frame) = 0;
 451}
 452
 453static bool pn533_rx_frame_is_valid(struct pn533_frame *frame)
 454{
 455        u8 checksum;
 456
 457        if (frame->start_frame != cpu_to_be16(PN533_SOF))
 458                return false;
 459
 460        checksum = pn533_checksum(frame->datalen);
 461        if (checksum != frame->datalen_checksum)
 462                return false;
 463
 464        checksum = pn533_data_checksum(frame->data, frame->datalen);
 465        if (checksum != PN533_FRAME_CHECKSUM(frame))
 466                return false;
 467
 468        return true;
 469}
 470
 471static bool pn533_rx_frame_is_ack(struct pn533_frame *frame)
 472{
 473        if (frame->start_frame != cpu_to_be16(PN533_SOF))
 474                return false;
 475
 476        if (frame->datalen != 0 || frame->datalen_checksum != 0xFF)
 477                return false;
 478
 479        return true;
 480}
 481
 482static bool pn533_rx_frame_is_cmd_response(struct pn533_frame *frame, u8 cmd)
 483{
 484        return (PN533_FRAME_CMD(frame) == PN533_CMD_RESPONSE(cmd));
 485}
 486
 487
 488static void pn533_wq_cmd_complete(struct work_struct *work)
 489{
 490        struct pn533 *dev = container_of(work, struct pn533, cmd_work);
 491        struct pn533_frame *in_frame;
 492        int rc;
 493
 494        in_frame = dev->wq_in_frame;
 495
 496        if (dev->wq_in_error)
 497                rc = dev->cmd_complete(dev, dev->cmd_complete_arg, NULL,
 498                                                        dev->wq_in_error);
 499        else
 500                rc = dev->cmd_complete(dev, dev->cmd_complete_arg,
 501                                        PN533_FRAME_CMD_PARAMS_PTR(in_frame),
 502                                        PN533_FRAME_CMD_PARAMS_LEN(in_frame));
 503
 504        if (rc != -EINPROGRESS)
 505                mutex_unlock(&dev->cmd_lock);
 506}
 507
 508static void pn533_recv_response(struct urb *urb)
 509{
 510        struct pn533 *dev = urb->context;
 511        struct pn533_frame *in_frame;
 512
 513        dev->wq_in_frame = NULL;
 514
 515        switch (urb->status) {
 516        case 0:
 517                /* success */
 518                break;
 519        case -ECONNRESET:
 520        case -ENOENT:
 521        case -ESHUTDOWN:
 522                nfc_dev_dbg(&dev->interface->dev, "Urb shutting down with"
 523                                                " status: %d", urb->status);
 524                dev->wq_in_error = urb->status;
 525                goto sched_wq;
 526        default:
 527                nfc_dev_err(&dev->interface->dev, "Nonzero urb status received:"
 528                                                        " %d", urb->status);
 529                dev->wq_in_error = urb->status;
 530                goto sched_wq;
 531        }
 532
 533        in_frame = dev->in_urb->transfer_buffer;
 534
 535        if (!pn533_rx_frame_is_valid(in_frame)) {
 536                nfc_dev_err(&dev->interface->dev, "Received an invalid frame");
 537                dev->wq_in_error = -EIO;
 538                goto sched_wq;
 539        }
 540
 541        if (!pn533_rx_frame_is_cmd_response(in_frame, dev->cmd)) {
 542                nfc_dev_err(&dev->interface->dev, "The received frame is not "
 543                                                "response to the last command");
 544                dev->wq_in_error = -EIO;
 545                goto sched_wq;
 546        }
 547
 548        nfc_dev_dbg(&dev->interface->dev, "Received a valid frame");
 549        dev->wq_in_error = 0;
 550        dev->wq_in_frame = in_frame;
 551
 552sched_wq:
 553        queue_work(dev->wq, &dev->cmd_work);
 554}
 555
 556static int pn533_submit_urb_for_response(struct pn533 *dev, gfp_t flags)
 557{
 558        dev->in_urb->complete = pn533_recv_response;
 559
 560        return usb_submit_urb(dev->in_urb, flags);
 561}
 562
 563static void pn533_recv_ack(struct urb *urb)
 564{
 565        struct pn533 *dev = urb->context;
 566        struct pn533_frame *in_frame;
 567        int rc;
 568
 569        switch (urb->status) {
 570        case 0:
 571                /* success */
 572                break;
 573        case -ECONNRESET:
 574        case -ENOENT:
 575        case -ESHUTDOWN:
 576                nfc_dev_dbg(&dev->interface->dev, "Urb shutting down with"
 577                                                " status: %d", urb->status);
 578                dev->wq_in_error = urb->status;
 579                goto sched_wq;
 580        default:
 581                nfc_dev_err(&dev->interface->dev, "Nonzero urb status received:"
 582                                                        " %d", urb->status);
 583                dev->wq_in_error = urb->status;
 584                goto sched_wq;
 585        }
 586
 587        in_frame = dev->in_urb->transfer_buffer;
 588
 589        if (!pn533_rx_frame_is_ack(in_frame)) {
 590                nfc_dev_err(&dev->interface->dev, "Received an invalid ack");
 591                dev->wq_in_error = -EIO;
 592                goto sched_wq;
 593        }
 594
 595        nfc_dev_dbg(&dev->interface->dev, "Received a valid ack");
 596
 597        rc = pn533_submit_urb_for_response(dev, GFP_ATOMIC);
 598        if (rc) {
 599                nfc_dev_err(&dev->interface->dev, "usb_submit_urb failed with"
 600                                                        " result %d", rc);
 601                dev->wq_in_error = rc;
 602                goto sched_wq;
 603        }
 604
 605        return;
 606
 607sched_wq:
 608        dev->wq_in_frame = NULL;
 609        queue_work(dev->wq, &dev->cmd_work);
 610}
 611
 612static int pn533_submit_urb_for_ack(struct pn533 *dev, gfp_t flags)
 613{
 614        dev->in_urb->complete = pn533_recv_ack;
 615
 616        return usb_submit_urb(dev->in_urb, flags);
 617}
 618
 619static int pn533_send_ack(struct pn533 *dev, gfp_t flags)
 620{
 621        int rc;
 622
 623        nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
 624
 625        pn533_tx_frame_ack(dev->out_frame);
 626
 627        dev->out_urb->transfer_buffer = dev->out_frame;
 628        dev->out_urb->transfer_buffer_length = PN533_FRAME_ACK_SIZE;
 629        rc = usb_submit_urb(dev->out_urb, flags);
 630
 631        return rc;
 632}
 633
 634static int __pn533_send_cmd_frame_async(struct pn533 *dev,
 635                                        struct pn533_frame *out_frame,
 636                                        struct pn533_frame *in_frame,
 637                                        int in_frame_len,
 638                                        pn533_cmd_complete_t cmd_complete,
 639                                        void *arg, gfp_t flags)
 640{
 641        int rc;
 642
 643        nfc_dev_dbg(&dev->interface->dev, "Sending command 0x%x",
 644                                                PN533_FRAME_CMD(out_frame));
 645
 646        dev->cmd = PN533_FRAME_CMD(out_frame);
 647        dev->cmd_complete = cmd_complete;
 648        dev->cmd_complete_arg = arg;
 649
 650        dev->out_urb->transfer_buffer = out_frame;
 651        dev->out_urb->transfer_buffer_length =
 652                                PN533_FRAME_SIZE(out_frame);
 653
 654        dev->in_urb->transfer_buffer = in_frame;
 655        dev->in_urb->transfer_buffer_length = in_frame_len;
 656
 657        rc = usb_submit_urb(dev->out_urb, flags);
 658        if (rc)
 659                return rc;
 660
 661        rc = pn533_submit_urb_for_ack(dev, flags);
 662        if (rc)
 663                goto error;
 664
 665        return 0;
 666
 667error:
 668        usb_unlink_urb(dev->out_urb);
 669        return rc;
 670}
 671
 672static int pn533_send_cmd_frame_async(struct pn533 *dev,
 673                                        struct pn533_frame *out_frame,
 674                                        struct pn533_frame *in_frame,
 675                                        int in_frame_len,
 676                                        pn533_cmd_complete_t cmd_complete,
 677                                        void *arg, gfp_t flags)
 678{
 679        int rc;
 680
 681        nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
 682
 683        if (!mutex_trylock(&dev->cmd_lock))
 684                return -EBUSY;
 685
 686        rc = __pn533_send_cmd_frame_async(dev, out_frame, in_frame,
 687                                        in_frame_len, cmd_complete, arg, flags);
 688        if (rc)
 689                goto error;
 690
 691        return 0;
 692error:
 693        mutex_unlock(&dev->cmd_lock);
 694        return rc;
 695}
 696
 697struct pn533_sync_cmd_response {
 698        int rc;
 699        struct completion done;
 700};
 701
 702static int pn533_sync_cmd_complete(struct pn533 *dev, void *_arg,
 703                                        u8 *params, int params_len)
 704{
 705        struct pn533_sync_cmd_response *arg = _arg;
 706
 707        nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
 708
 709        arg->rc = 0;
 710
 711        if (params_len < 0) /* error */
 712                arg->rc = params_len;
 713
 714        complete(&arg->done);
 715
 716        return 0;
 717}
 718
 719static int pn533_send_cmd_frame_sync(struct pn533 *dev,
 720                                                struct pn533_frame *out_frame,
 721                                                struct pn533_frame *in_frame,
 722                                                int in_frame_len)
 723{
 724        int rc;
 725        struct pn533_sync_cmd_response arg;
 726
 727        nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
 728
 729        init_completion(&arg.done);
 730
 731        rc = pn533_send_cmd_frame_async(dev, out_frame, in_frame, in_frame_len,
 732                                pn533_sync_cmd_complete, &arg, GFP_KERNEL);
 733        if (rc)
 734                return rc;
 735
 736        wait_for_completion(&arg.done);
 737
 738        return arg.rc;
 739}
 740
 741static void pn533_send_complete(struct urb *urb)
 742{
 743        struct pn533 *dev = urb->context;
 744
 745        nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
 746
 747        switch (urb->status) {
 748        case 0:
 749                /* success */
 750                break;
 751        case -ECONNRESET:
 752        case -ENOENT:
 753        case -ESHUTDOWN:
 754                nfc_dev_dbg(&dev->interface->dev, "Urb shutting down with"
 755                                                " status: %d", urb->status);
 756                break;
 757        default:
 758                nfc_dev_dbg(&dev->interface->dev, "Nonzero urb status received:"
 759                                                        " %d", urb->status);
 760        }
 761}
 762
 763struct pn533_target_type_a {
 764        __be16 sens_res;
 765        u8 sel_res;
 766        u8 nfcid_len;
 767        u8 nfcid_data[];
 768} __packed;
 769
 770
 771#define PN533_TYPE_A_SENS_RES_NFCID1(x) ((u8)((be16_to_cpu(x) & 0x00C0) >> 6))
 772#define PN533_TYPE_A_SENS_RES_SSD(x) ((u8)((be16_to_cpu(x) & 0x001F) >> 0))
 773#define PN533_TYPE_A_SENS_RES_PLATCONF(x) ((u8)((be16_to_cpu(x) & 0x0F00) >> 8))
 774
 775#define PN533_TYPE_A_SENS_RES_SSD_JEWEL 0x00
 776#define PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL 0x0C
 777
 778#define PN533_TYPE_A_SEL_PROT(x) (((x) & 0x60) >> 5)
 779#define PN533_TYPE_A_SEL_CASCADE(x) (((x) & 0x04) >> 2)
 780
 781#define PN533_TYPE_A_SEL_PROT_MIFARE 0
 782#define PN533_TYPE_A_SEL_PROT_ISO14443 1
 783#define PN533_TYPE_A_SEL_PROT_DEP 2
 784#define PN533_TYPE_A_SEL_PROT_ISO14443_DEP 3
 785
 786static bool pn533_target_type_a_is_valid(struct pn533_target_type_a *type_a,
 787                                                        int target_data_len)
 788{
 789        u8 ssd;
 790        u8 platconf;
 791
 792        if (target_data_len < sizeof(struct pn533_target_type_a))
 793                return false;
 794
 795        /* The lenght check of nfcid[] and ats[] are not being performed because
 796           the values are not being used */
 797
 798        /* Requirement 4.6.3.3 from NFC Forum Digital Spec */
 799        ssd = PN533_TYPE_A_SENS_RES_SSD(type_a->sens_res);
 800        platconf = PN533_TYPE_A_SENS_RES_PLATCONF(type_a->sens_res);
 801
 802        if ((ssd == PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
 803                        platconf != PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL) ||
 804                        (ssd != PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
 805                        platconf == PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL))
 806                return false;
 807
 808        /* Requirements 4.8.2.1, 4.8.2.3, 4.8.2.5 and 4.8.2.7 from NFC Forum */
 809        if (PN533_TYPE_A_SEL_CASCADE(type_a->sel_res) != 0)
 810                return false;
 811
 812        return true;
 813}
 814
 815static int pn533_target_found_type_a(struct nfc_target *nfc_tgt, u8 *tgt_data,
 816                                                        int tgt_data_len)
 817{
 818        struct pn533_target_type_a *tgt_type_a;
 819
 820        tgt_type_a = (struct pn533_target_type_a *) tgt_data;
 821
 822        if (!pn533_target_type_a_is_valid(tgt_type_a, tgt_data_len))
 823                return -EPROTO;
 824
 825        switch (PN533_TYPE_A_SEL_PROT(tgt_type_a->sel_res)) {
 826        case PN533_TYPE_A_SEL_PROT_MIFARE:
 827                nfc_tgt->supported_protocols = NFC_PROTO_MIFARE_MASK;
 828                break;
 829        case PN533_TYPE_A_SEL_PROT_ISO14443:
 830                nfc_tgt->supported_protocols = NFC_PROTO_ISO14443_MASK;
 831                break;
 832        case PN533_TYPE_A_SEL_PROT_DEP:
 833                nfc_tgt->supported_protocols = NFC_PROTO_NFC_DEP_MASK;
 834                break;
 835        case PN533_TYPE_A_SEL_PROT_ISO14443_DEP:
 836                nfc_tgt->supported_protocols = NFC_PROTO_ISO14443_MASK |
 837                                                        NFC_PROTO_NFC_DEP_MASK;
 838                break;
 839        }
 840
 841        nfc_tgt->sens_res = be16_to_cpu(tgt_type_a->sens_res);
 842        nfc_tgt->sel_res = tgt_type_a->sel_res;
 843        nfc_tgt->nfcid1_len = tgt_type_a->nfcid_len;
 844        memcpy(nfc_tgt->nfcid1, tgt_type_a->nfcid_data, nfc_tgt->nfcid1_len);
 845
 846        return 0;
 847}
 848
 849struct pn533_target_felica {
 850        u8 pol_res;
 851        u8 opcode;
 852        u8 nfcid2[8];
 853        u8 pad[8];
 854        /* optional */
 855        u8 syst_code[];
 856} __packed;
 857
 858#define PN533_FELICA_SENSF_NFCID2_DEP_B1 0x01
 859#define PN533_FELICA_SENSF_NFCID2_DEP_B2 0xFE
 860
 861static bool pn533_target_felica_is_valid(struct pn533_target_felica *felica,
 862                                                        int target_data_len)
 863{
 864        if (target_data_len < sizeof(struct pn533_target_felica))
 865                return false;
 866
 867        if (felica->opcode != PN533_FELICA_OPC_SENSF_RES)
 868                return false;
 869
 870        return true;
 871}
 872
 873static int pn533_target_found_felica(struct nfc_target *nfc_tgt, u8 *tgt_data,
 874                                                        int tgt_data_len)
 875{
 876        struct pn533_target_felica *tgt_felica;
 877
 878        tgt_felica = (struct pn533_target_felica *) tgt_data;
 879
 880        if (!pn533_target_felica_is_valid(tgt_felica, tgt_data_len))
 881                return -EPROTO;
 882
 883        if (tgt_felica->nfcid2[0] == PN533_FELICA_SENSF_NFCID2_DEP_B1 &&
 884                                        tgt_felica->nfcid2[1] ==
 885                                        PN533_FELICA_SENSF_NFCID2_DEP_B2)
 886                nfc_tgt->supported_protocols = NFC_PROTO_NFC_DEP_MASK;
 887        else
 888                nfc_tgt->supported_protocols = NFC_PROTO_FELICA_MASK;
 889
 890        memcpy(nfc_tgt->sensf_res, &tgt_felica->opcode, 9);
 891        nfc_tgt->sensf_res_len = 9;
 892
 893        return 0;
 894}
 895
 896struct pn533_target_jewel {
 897        __be16 sens_res;
 898        u8 jewelid[4];
 899} __packed;
 900
 901static bool pn533_target_jewel_is_valid(struct pn533_target_jewel *jewel,
 902                                                        int target_data_len)
 903{
 904        u8 ssd;
 905        u8 platconf;
 906
 907        if (target_data_len < sizeof(struct pn533_target_jewel))
 908                return false;
 909
 910        /* Requirement 4.6.3.3 from NFC Forum Digital Spec */
 911        ssd = PN533_TYPE_A_SENS_RES_SSD(jewel->sens_res);
 912        platconf = PN533_TYPE_A_SENS_RES_PLATCONF(jewel->sens_res);
 913
 914        if ((ssd == PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
 915                        platconf != PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL) ||
 916                        (ssd != PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
 917                        platconf == PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL))
 918                return false;
 919
 920        return true;
 921}
 922
 923static int pn533_target_found_jewel(struct nfc_target *nfc_tgt, u8 *tgt_data,
 924                                                        int tgt_data_len)
 925{
 926        struct pn533_target_jewel *tgt_jewel;
 927
 928        tgt_jewel = (struct pn533_target_jewel *) tgt_data;
 929
 930        if (!pn533_target_jewel_is_valid(tgt_jewel, tgt_data_len))
 931                return -EPROTO;
 932
 933        nfc_tgt->supported_protocols = NFC_PROTO_JEWEL_MASK;
 934        nfc_tgt->sens_res = be16_to_cpu(tgt_jewel->sens_res);
 935        nfc_tgt->nfcid1_len = 4;
 936        memcpy(nfc_tgt->nfcid1, tgt_jewel->jewelid, nfc_tgt->nfcid1_len);
 937
 938        return 0;
 939}
 940
 941struct pn533_type_b_prot_info {
 942        u8 bitrate;
 943        u8 fsci_type;
 944        u8 fwi_adc_fo;
 945} __packed;
 946
 947#define PN533_TYPE_B_PROT_FCSI(x) (((x) & 0xF0) >> 4)
 948#define PN533_TYPE_B_PROT_TYPE(x) (((x) & 0x0F) >> 0)
 949#define PN533_TYPE_B_PROT_TYPE_RFU_MASK 0x8
 950
 951struct pn533_type_b_sens_res {
 952        u8 opcode;
 953        u8 nfcid[4];
 954        u8 appdata[4];
 955        struct pn533_type_b_prot_info prot_info;
 956} __packed;
 957
 958#define PN533_TYPE_B_OPC_SENSB_RES 0x50
 959
 960struct pn533_target_type_b {
 961        struct pn533_type_b_sens_res sensb_res;
 962        u8 attrib_res_len;
 963        u8 attrib_res[];
 964} __packed;
 965
 966static bool pn533_target_type_b_is_valid(struct pn533_target_type_b *type_b,
 967                                                        int target_data_len)
 968{
 969        if (target_data_len < sizeof(struct pn533_target_type_b))
 970                return false;
 971
 972        if (type_b->sensb_res.opcode != PN533_TYPE_B_OPC_SENSB_RES)
 973                return false;
 974
 975        if (PN533_TYPE_B_PROT_TYPE(type_b->sensb_res.prot_info.fsci_type) &
 976                                                PN533_TYPE_B_PROT_TYPE_RFU_MASK)
 977                return false;
 978
 979        return true;
 980}
 981
 982static int pn533_target_found_type_b(struct nfc_target *nfc_tgt, u8 *tgt_data,
 983                                                        int tgt_data_len)
 984{
 985        struct pn533_target_type_b *tgt_type_b;
 986
 987        tgt_type_b = (struct pn533_target_type_b *) tgt_data;
 988
 989        if (!pn533_target_type_b_is_valid(tgt_type_b, tgt_data_len))
 990                return -EPROTO;
 991
 992        nfc_tgt->supported_protocols = NFC_PROTO_ISO14443_B_MASK;
 993
 994        return 0;
 995}
 996
 997struct pn533_poll_response {
 998        u8 nbtg;
 999        u8 tg;
1000        u8 target_data[];
1001} __packed;
1002
1003static int pn533_target_found(struct pn533 *dev,
1004                        struct pn533_poll_response *resp, int resp_len)
1005{
1006        int target_data_len;
1007        struct nfc_target nfc_tgt;
1008        int rc;
1009
1010        nfc_dev_dbg(&dev->interface->dev, "%s - modulation=%d", __func__,
1011                                                        dev->poll_mod_curr);
1012
1013        if (resp->tg != 1)
1014                return -EPROTO;
1015
1016        memset(&nfc_tgt, 0, sizeof(struct nfc_target));
1017
1018        target_data_len = resp_len - sizeof(struct pn533_poll_response);
1019
1020        switch (dev->poll_mod_curr) {
1021        case PN533_POLL_MOD_106KBPS_A:
1022                rc = pn533_target_found_type_a(&nfc_tgt, resp->target_data,
1023                                                        target_data_len);
1024                break;
1025        case PN533_POLL_MOD_212KBPS_FELICA:
1026        case PN533_POLL_MOD_424KBPS_FELICA:
1027                rc = pn533_target_found_felica(&nfc_tgt, resp->target_data,
1028                                                        target_data_len);
1029                break;
1030        case PN533_POLL_MOD_106KBPS_JEWEL:
1031                rc = pn533_target_found_jewel(&nfc_tgt, resp->target_data,
1032                                                        target_data_len);
1033                break;
1034        case PN533_POLL_MOD_847KBPS_B:
1035                rc = pn533_target_found_type_b(&nfc_tgt, resp->target_data,
1036                                                        target_data_len);
1037                break;
1038        default:
1039                nfc_dev_err(&dev->interface->dev, "Unknown current poll"
1040                                                                " modulation");
1041                return -EPROTO;
1042        }
1043
1044        if (rc)
1045                return rc;
1046
1047        if (!(nfc_tgt.supported_protocols & dev->poll_protocols)) {
1048                nfc_dev_dbg(&dev->interface->dev, "The target found does not"
1049                                                " have the desired protocol");
1050                return -EAGAIN;
1051        }
1052
1053        nfc_dev_dbg(&dev->interface->dev, "Target found - supported protocols: "
1054                                        "0x%x", nfc_tgt.supported_protocols);
1055
1056        dev->tgt_available_prots = nfc_tgt.supported_protocols;
1057
1058        nfc_targets_found(dev->nfc_dev, &nfc_tgt, 1);
1059
1060        return 0;
1061}
1062
1063static inline void pn533_poll_next_mod(struct pn533 *dev)
1064{
1065        dev->poll_mod_curr = (dev->poll_mod_curr + 1) % dev->poll_mod_count;
1066}
1067
1068static void pn533_poll_reset_mod_list(struct pn533 *dev)
1069{
1070        dev->poll_mod_count = 0;
1071}
1072
1073static void pn533_poll_add_mod(struct pn533 *dev, u8 mod_index)
1074{
1075        dev->poll_mod_active[dev->poll_mod_count] =
1076                (struct pn533_poll_modulations *) &poll_mod[mod_index];
1077        dev->poll_mod_count++;
1078}
1079
1080static void pn533_poll_create_mod_list(struct pn533 *dev,
1081                                       u32 im_protocols, u32 tm_protocols)
1082{
1083        pn533_poll_reset_mod_list(dev);
1084
1085        if (im_protocols & NFC_PROTO_MIFARE_MASK
1086            || im_protocols & NFC_PROTO_ISO14443_MASK
1087            || im_protocols & NFC_PROTO_NFC_DEP_MASK)
1088                pn533_poll_add_mod(dev, PN533_POLL_MOD_106KBPS_A);
1089
1090        if (im_protocols & NFC_PROTO_FELICA_MASK
1091            || im_protocols & NFC_PROTO_NFC_DEP_MASK) {
1092                pn533_poll_add_mod(dev, PN533_POLL_MOD_212KBPS_FELICA);
1093                pn533_poll_add_mod(dev, PN533_POLL_MOD_424KBPS_FELICA);
1094        }
1095
1096        if (im_protocols & NFC_PROTO_JEWEL_MASK)
1097                pn533_poll_add_mod(dev, PN533_POLL_MOD_106KBPS_JEWEL);
1098
1099        if (im_protocols & NFC_PROTO_ISO14443_B_MASK)
1100                pn533_poll_add_mod(dev, PN533_POLL_MOD_847KBPS_B);
1101
1102        if (tm_protocols)
1103                pn533_poll_add_mod(dev, PN533_LISTEN_MOD);
1104}
1105
1106static int pn533_start_poll_complete(struct pn533 *dev, void *arg,
1107                                     u8 *params, int params_len)
1108{
1109        struct pn533_poll_response *resp;
1110        int rc;
1111
1112        nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1113
1114        resp = (struct pn533_poll_response *) params;
1115        if (resp->nbtg) {
1116                rc = pn533_target_found(dev, resp, params_len);
1117
1118                /* We must stop the poll after a valid target found */
1119                if (rc == 0) {
1120                        pn533_poll_reset_mod_list(dev);
1121                        return 0;
1122                }
1123        }
1124
1125        return -EAGAIN;
1126}
1127
1128static int pn533_init_target_frame(struct pn533_frame *frame,
1129                                   u8 *gb, size_t gb_len)
1130{
1131        struct pn533_cmd_init_target *cmd;
1132        size_t cmd_len;
1133        u8 felica_params[18] = {0x1, 0xfe, /* DEP */
1134                                0x0, 0x0, 0x0, 0x0, 0x0, 0x0, /* random */
1135                                0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
1136                                0xff, 0xff}; /* System code */
1137        u8 mifare_params[6] = {0x1, 0x1, /* SENS_RES */
1138                               0x0, 0x0, 0x0,
1139                               0x40}; /* SEL_RES for DEP */
1140
1141        cmd_len = sizeof(struct pn533_cmd_init_target) + gb_len + 1;
1142        cmd = kzalloc(cmd_len, GFP_KERNEL);
1143        if (cmd == NULL)
1144                return -ENOMEM;
1145
1146        pn533_tx_frame_init(frame, PN533_CMD_TG_INIT_AS_TARGET);
1147
1148        /* DEP support only */
1149        cmd->mode |= PN533_INIT_TARGET_DEP;
1150
1151        /* Felica params */
1152        memcpy(cmd->felica, felica_params, 18);
1153        get_random_bytes(cmd->felica + 2, 6);
1154
1155        /* NFCID3 */
1156        memset(cmd->nfcid3, 0, 10);
1157        memcpy(cmd->nfcid3, cmd->felica, 8);
1158
1159        /* MIFARE params */
1160        memcpy(cmd->mifare, mifare_params, 6);
1161
1162        /* General bytes */
1163        cmd->gb_len = gb_len;
1164        memcpy(cmd->gb, gb, gb_len);
1165
1166        /* Len Tk */
1167        cmd->gb[gb_len] = 0;
1168
1169        memcpy(PN533_FRAME_CMD_PARAMS_PTR(frame), cmd, cmd_len);
1170
1171        frame->datalen += cmd_len;
1172
1173        pn533_tx_frame_finish(frame);
1174
1175        kfree(cmd);
1176
1177        return 0;
1178}
1179
1180#define PN533_CMD_DATAEXCH_HEAD_LEN (sizeof(struct pn533_frame) + 3)
1181#define PN533_CMD_DATAEXCH_DATA_MAXLEN 262
1182static int pn533_tm_get_data_complete(struct pn533 *dev, void *arg,
1183                                      u8 *params, int params_len)
1184{
1185        struct sk_buff *skb_resp = arg;
1186        struct pn533_frame *in_frame = (struct pn533_frame *) skb_resp->data;
1187
1188        nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1189
1190        if (params_len < 0) {
1191                nfc_dev_err(&dev->interface->dev,
1192                            "Error %d when starting as a target",
1193                            params_len);
1194
1195                return params_len;
1196        }
1197
1198        if (params_len > 0 && params[0] != 0) {
1199                nfc_tm_deactivated(dev->nfc_dev);
1200
1201                dev->tgt_mode = 0;
1202
1203                kfree_skb(skb_resp);
1204                return 0;
1205        }
1206
1207        skb_put(skb_resp, PN533_FRAME_SIZE(in_frame));
1208        skb_pull(skb_resp, PN533_CMD_DATAEXCH_HEAD_LEN);
1209        skb_trim(skb_resp, skb_resp->len - PN533_FRAME_TAIL_SIZE);
1210
1211        return nfc_tm_data_received(dev->nfc_dev, skb_resp);
1212}
1213
1214static void pn533_wq_tg_get_data(struct work_struct *work)
1215{
1216        struct pn533 *dev = container_of(work, struct pn533, tg_work);
1217        struct pn533_frame *in_frame;
1218        struct sk_buff *skb_resp;
1219        size_t skb_resp_len;
1220
1221        nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1222
1223        skb_resp_len = PN533_CMD_DATAEXCH_HEAD_LEN +
1224                PN533_CMD_DATAEXCH_DATA_MAXLEN +
1225                PN533_FRAME_TAIL_SIZE;
1226
1227        skb_resp = nfc_alloc_recv_skb(skb_resp_len, GFP_KERNEL);
1228        if (!skb_resp)
1229                return;
1230
1231        in_frame = (struct pn533_frame *)skb_resp->data;
1232
1233        pn533_tx_frame_init(dev->out_frame, PN533_CMD_TG_GET_DATA);
1234        pn533_tx_frame_finish(dev->out_frame);
1235
1236        pn533_send_cmd_frame_async(dev, dev->out_frame, in_frame,
1237                                   skb_resp_len,
1238                                   pn533_tm_get_data_complete,
1239                                   skb_resp, GFP_KERNEL);
1240
1241        return;
1242}
1243
1244#define ATR_REQ_GB_OFFSET 17
1245static int pn533_init_target_complete(struct pn533 *dev, void *arg,
1246                                      u8 *params, int params_len)
1247{
1248        struct pn533_cmd_init_target_response *resp;
1249        u8 frame, comm_mode = NFC_COMM_PASSIVE, *gb;
1250        size_t gb_len;
1251        int rc;
1252
1253        nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1254
1255        if (params_len < 0) {
1256                nfc_dev_err(&dev->interface->dev,
1257                            "Error %d when starting as a target",
1258                            params_len);
1259
1260                return params_len;
1261        }
1262
1263        if (params_len < ATR_REQ_GB_OFFSET + 1)
1264                return -EINVAL;
1265
1266        resp = (struct pn533_cmd_init_target_response *) params;
1267
1268        nfc_dev_dbg(&dev->interface->dev, "Target mode 0x%x param len %d\n",
1269                    resp->mode, params_len);
1270
1271        frame = resp->mode & PN533_INIT_TARGET_RESP_FRAME_MASK;
1272        if (frame == PN533_INIT_TARGET_RESP_ACTIVE)
1273                comm_mode = NFC_COMM_ACTIVE;
1274
1275        /* Again, only DEP */
1276        if ((resp->mode & PN533_INIT_TARGET_RESP_DEP) == 0)
1277                return -EOPNOTSUPP;
1278
1279        gb = resp->cmd + ATR_REQ_GB_OFFSET;
1280        gb_len = params_len - (ATR_REQ_GB_OFFSET + 1);
1281
1282        rc = nfc_tm_activated(dev->nfc_dev, NFC_PROTO_NFC_DEP_MASK,
1283                              comm_mode, gb, gb_len);
1284        if (rc < 0) {
1285                nfc_dev_err(&dev->interface->dev,
1286                            "Error when signaling target activation");
1287                return rc;
1288        }
1289
1290        dev->tgt_mode = 1;
1291
1292        queue_work(dev->wq, &dev->tg_work);
1293
1294        return 0;
1295}
1296
1297static void pn533_listen_mode_timer(unsigned long data)
1298{
1299        struct pn533 *dev = (struct pn533 *) data;
1300
1301        nfc_dev_dbg(&dev->interface->dev, "Listen mode timeout");
1302
1303        /* An ack will cancel the last issued command (poll) */
1304        pn533_send_ack(dev, GFP_ATOMIC);
1305
1306        dev->cancel_listen = 1;
1307
1308        mutex_unlock(&dev->cmd_lock);
1309
1310        pn533_poll_next_mod(dev);
1311
1312        queue_work(dev->wq, &dev->poll_work);
1313}
1314
1315static int pn533_poll_complete(struct pn533 *dev, void *arg,
1316                               u8 *params, int params_len)
1317{
1318        struct pn533_poll_modulations *cur_mod;
1319        int rc;
1320
1321        nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1322
1323        if (params_len == -ENOENT) {
1324                if (dev->poll_mod_count != 0)
1325                        return 0;
1326
1327                nfc_dev_err(&dev->interface->dev,
1328                            "Polling operation has been stopped");
1329
1330                goto stop_poll;
1331        }
1332
1333        if (params_len < 0) {
1334                nfc_dev_err(&dev->interface->dev,
1335                            "Error %d when running poll", params_len);
1336
1337                goto stop_poll;
1338        }
1339
1340        cur_mod = dev->poll_mod_active[dev->poll_mod_curr];
1341
1342        if (cur_mod->len == 0) {
1343                del_timer(&dev->listen_timer);
1344
1345                return pn533_init_target_complete(dev, arg, params, params_len);
1346        } else {
1347                rc = pn533_start_poll_complete(dev, arg, params, params_len);
1348                if (!rc)
1349                        return rc;
1350        }
1351
1352        pn533_poll_next_mod(dev);
1353
1354        queue_work(dev->wq, &dev->poll_work);
1355
1356        return 0;
1357
1358stop_poll:
1359        pn533_poll_reset_mod_list(dev);
1360        dev->poll_protocols = 0;
1361        return 0;
1362}
1363
1364static void pn533_build_poll_frame(struct pn533 *dev,
1365                                   struct pn533_frame *frame,
1366                                   struct pn533_poll_modulations *mod)
1367{
1368        nfc_dev_dbg(&dev->interface->dev, "mod len %d\n", mod->len);
1369
1370        if (mod->len == 0) {
1371                /* Listen mode */
1372                pn533_init_target_frame(frame, dev->gb, dev->gb_len);
1373        } else {
1374                /* Polling mode */
1375                pn533_tx_frame_init(frame, PN533_CMD_IN_LIST_PASSIVE_TARGET);
1376
1377                memcpy(PN533_FRAME_CMD_PARAMS_PTR(frame), &mod->data, mod->len);
1378                frame->datalen += mod->len;
1379
1380                pn533_tx_frame_finish(frame);
1381        }
1382}
1383
1384static int pn533_send_poll_frame(struct pn533 *dev)
1385{
1386        struct pn533_poll_modulations *cur_mod;
1387        int rc;
1388
1389        cur_mod = dev->poll_mod_active[dev->poll_mod_curr];
1390
1391        pn533_build_poll_frame(dev, dev->out_frame, cur_mod);
1392
1393        rc = pn533_send_cmd_frame_async(dev, dev->out_frame, dev->in_frame,
1394                                dev->in_maxlen, pn533_poll_complete,
1395                                NULL, GFP_KERNEL);
1396        if (rc)
1397                nfc_dev_err(&dev->interface->dev, "Polling loop error %d", rc);
1398
1399        return rc;
1400}
1401
1402static void pn533_wq_poll(struct work_struct *work)
1403{
1404        struct pn533 *dev = container_of(work, struct pn533, poll_work);
1405        struct pn533_poll_modulations *cur_mod;
1406        int rc;
1407
1408        cur_mod = dev->poll_mod_active[dev->poll_mod_curr];
1409
1410        nfc_dev_dbg(&dev->interface->dev,
1411                    "%s cancel_listen %d modulation len %d",
1412                    __func__, dev->cancel_listen, cur_mod->len);
1413
1414        if (dev->cancel_listen == 1) {
1415                dev->cancel_listen = 0;
1416                usb_kill_urb(dev->in_urb);
1417        }
1418
1419        rc = pn533_send_poll_frame(dev);
1420        if (rc)
1421                return;
1422
1423        if (cur_mod->len == 0 && dev->poll_mod_count > 1)
1424                mod_timer(&dev->listen_timer, jiffies + PN533_LISTEN_TIME * HZ);
1425
1426        return;
1427}
1428
1429static int pn533_start_poll(struct nfc_dev *nfc_dev,
1430                            u32 im_protocols, u32 tm_protocols)
1431{
1432        struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1433
1434        nfc_dev_dbg(&dev->interface->dev,
1435                    "%s: im protocols 0x%x tm protocols 0x%x",
1436                    __func__, im_protocols, tm_protocols);
1437
1438        if (dev->tgt_active_prot) {
1439                nfc_dev_err(&dev->interface->dev,
1440                            "Cannot poll with a target already activated");
1441                return -EBUSY;
1442        }
1443
1444        if (dev->tgt_mode) {
1445                nfc_dev_err(&dev->interface->dev,
1446                            "Cannot poll while already being activated");
1447                return -EBUSY;
1448        }
1449
1450        if (tm_protocols) {
1451                dev->gb = nfc_get_local_general_bytes(nfc_dev, &dev->gb_len);
1452                if (dev->gb == NULL)
1453                        tm_protocols = 0;
1454        }
1455
1456        dev->poll_mod_curr = 0;
1457        pn533_poll_create_mod_list(dev, im_protocols, tm_protocols);
1458        dev->poll_protocols = im_protocols;
1459        dev->listen_protocols = tm_protocols;
1460
1461        return pn533_send_poll_frame(dev);
1462}
1463
1464static void pn533_stop_poll(struct nfc_dev *nfc_dev)
1465{
1466        struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1467
1468        nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1469
1470        del_timer(&dev->listen_timer);
1471
1472        if (!dev->poll_mod_count) {
1473                nfc_dev_dbg(&dev->interface->dev, "Polling operation was not"
1474                                                                " running");
1475                return;
1476        }
1477
1478        /* An ack will cancel the last issued command (poll) */
1479        pn533_send_ack(dev, GFP_KERNEL);
1480
1481        /* prevent pn533_start_poll_complete to issue a new poll meanwhile */
1482        usb_kill_urb(dev->in_urb);
1483
1484        pn533_poll_reset_mod_list(dev);
1485}
1486
1487static int pn533_activate_target_nfcdep(struct pn533 *dev)
1488{
1489        struct pn533_cmd_activate_param param;
1490        struct pn533_cmd_activate_response *resp;
1491        u16 gt_len;
1492        int rc;
1493
1494        nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1495
1496        pn533_tx_frame_init(dev->out_frame, PN533_CMD_IN_ATR);
1497
1498        param.tg = 1;
1499        param.next = 0;
1500        memcpy(PN533_FRAME_CMD_PARAMS_PTR(dev->out_frame), &param,
1501                                sizeof(struct pn533_cmd_activate_param));
1502        dev->out_frame->datalen += sizeof(struct pn533_cmd_activate_param);
1503
1504        pn533_tx_frame_finish(dev->out_frame);
1505
1506        rc = pn533_send_cmd_frame_sync(dev, dev->out_frame, dev->in_frame,
1507                                                                dev->in_maxlen);
1508        if (rc)
1509                return rc;
1510
1511        resp = (struct pn533_cmd_activate_response *)
1512                                PN533_FRAME_CMD_PARAMS_PTR(dev->in_frame);
1513        rc = resp->status & PN533_CMD_RET_MASK;
1514        if (rc != PN533_CMD_RET_SUCCESS)
1515                return -EIO;
1516
1517        /* ATR_RES general bytes are located at offset 16 */
1518        gt_len = PN533_FRAME_CMD_PARAMS_LEN(dev->in_frame) - 16;
1519        rc = nfc_set_remote_general_bytes(dev->nfc_dev, resp->gt, gt_len);
1520
1521        return rc;
1522}
1523
1524static int pn533_activate_target(struct nfc_dev *nfc_dev,
1525                                 struct nfc_target *target, u32 protocol)
1526{
1527        struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1528        int rc;
1529
1530        nfc_dev_dbg(&dev->interface->dev, "%s - protocol=%u", __func__,
1531                                                                protocol);
1532
1533        if (dev->poll_mod_count) {
1534                nfc_dev_err(&dev->interface->dev, "Cannot activate while"
1535                                                                " polling");
1536                return -EBUSY;
1537        }
1538
1539        if (dev->tgt_active_prot) {
1540                nfc_dev_err(&dev->interface->dev, "There is already an active"
1541                                                                " target");
1542                return -EBUSY;
1543        }
1544
1545        if (!dev->tgt_available_prots) {
1546                nfc_dev_err(&dev->interface->dev, "There is no available target"
1547                                                                " to activate");
1548                return -EINVAL;
1549        }
1550
1551        if (!(dev->tgt_available_prots & (1 << protocol))) {
1552                nfc_dev_err(&dev->interface->dev, "The target does not support"
1553                                        " the requested protocol %u", protocol);
1554                return -EINVAL;
1555        }
1556
1557        if (protocol == NFC_PROTO_NFC_DEP) {
1558                rc = pn533_activate_target_nfcdep(dev);
1559                if (rc) {
1560                        nfc_dev_err(&dev->interface->dev, "Error %d when"
1561                                                " activating target with"
1562                                                " NFC_DEP protocol", rc);
1563                        return rc;
1564                }
1565        }
1566
1567        dev->tgt_active_prot = protocol;
1568        dev->tgt_available_prots = 0;
1569
1570        return 0;
1571}
1572
1573static void pn533_deactivate_target(struct nfc_dev *nfc_dev,
1574                                    struct nfc_target *target)
1575{
1576        struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1577        u8 tg;
1578        u8 status;
1579        int rc;
1580
1581        nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1582
1583        if (!dev->tgt_active_prot) {
1584                nfc_dev_err(&dev->interface->dev, "There is no active target");
1585                return;
1586        }
1587
1588        dev->tgt_active_prot = 0;
1589
1590        skb_queue_purge(&dev->resp_q);
1591
1592        pn533_tx_frame_init(dev->out_frame, PN533_CMD_IN_RELEASE);
1593
1594        tg = 1;
1595        memcpy(PN533_FRAME_CMD_PARAMS_PTR(dev->out_frame), &tg, sizeof(u8));
1596        dev->out_frame->datalen += sizeof(u8);
1597
1598        pn533_tx_frame_finish(dev->out_frame);
1599
1600        rc = pn533_send_cmd_frame_sync(dev, dev->out_frame, dev->in_frame,
1601                                                                dev->in_maxlen);
1602        if (rc) {
1603                nfc_dev_err(&dev->interface->dev, "Error when sending release"
1604                                                " command to the controller");
1605                return;
1606        }
1607
1608        status = PN533_FRAME_CMD_PARAMS_PTR(dev->in_frame)[0];
1609        rc = status & PN533_CMD_RET_MASK;
1610        if (rc != PN533_CMD_RET_SUCCESS)
1611                nfc_dev_err(&dev->interface->dev, "Error 0x%x when releasing"
1612                                                        " the target", rc);
1613
1614        return;
1615}
1616
1617
1618static int pn533_in_dep_link_up_complete(struct pn533 *dev, void *arg,
1619                                                u8 *params, int params_len)
1620{
1621        struct pn533_cmd_jump_dep *cmd;
1622        struct pn533_cmd_jump_dep_response *resp;
1623        struct nfc_target nfc_target;
1624        u8 target_gt_len;
1625        int rc;
1626
1627        if (params_len == -ENOENT) {
1628                nfc_dev_dbg(&dev->interface->dev, "");
1629                return 0;
1630        }
1631
1632        if (params_len < 0) {
1633                nfc_dev_err(&dev->interface->dev,
1634                                "Error %d when bringing DEP link up",
1635                                                                params_len);
1636                return 0;
1637        }
1638
1639        if (dev->tgt_available_prots &&
1640            !(dev->tgt_available_prots & (1 << NFC_PROTO_NFC_DEP))) {
1641                nfc_dev_err(&dev->interface->dev,
1642                        "The target does not support DEP");
1643                return -EINVAL;
1644        }
1645
1646        resp = (struct pn533_cmd_jump_dep_response *) params;
1647        cmd = (struct pn533_cmd_jump_dep *) arg;
1648        rc = resp->status & PN533_CMD_RET_MASK;
1649        if (rc != PN533_CMD_RET_SUCCESS) {
1650                nfc_dev_err(&dev->interface->dev,
1651                                "Bringing DEP link up failed %d", rc);
1652                return 0;
1653        }
1654
1655        if (!dev->tgt_available_prots) {
1656                nfc_dev_dbg(&dev->interface->dev, "Creating new target");
1657
1658                nfc_target.supported_protocols = NFC_PROTO_NFC_DEP_MASK;
1659                nfc_target.nfcid1_len = 10;
1660                memcpy(nfc_target.nfcid1, resp->nfcid3t, nfc_target.nfcid1_len);
1661                rc = nfc_targets_found(dev->nfc_dev, &nfc_target, 1);
1662                if (rc)
1663                        return 0;
1664
1665                dev->tgt_available_prots = 0;
1666        }
1667
1668        dev->tgt_active_prot = NFC_PROTO_NFC_DEP;
1669
1670        /* ATR_RES general bytes are located at offset 17 */
1671        target_gt_len = PN533_FRAME_CMD_PARAMS_LEN(dev->in_frame) - 17;
1672        rc = nfc_set_remote_general_bytes(dev->nfc_dev,
1673                                                resp->gt, target_gt_len);
1674        if (rc == 0)
1675                rc = nfc_dep_link_is_up(dev->nfc_dev,
1676                                                dev->nfc_dev->targets[0].idx,
1677                                                !cmd->active, NFC_RF_INITIATOR);
1678
1679        return 0;
1680}
1681
1682static int pn533_mod_to_baud(struct pn533 *dev)
1683{
1684        switch (dev->poll_mod_curr) {
1685        case PN533_POLL_MOD_106KBPS_A:
1686                return 0;
1687        case PN533_POLL_MOD_212KBPS_FELICA:
1688                return 1;
1689        case PN533_POLL_MOD_424KBPS_FELICA:
1690                return 2;
1691        default:
1692                return -EINVAL;
1693        }
1694}
1695
1696#define PASSIVE_DATA_LEN 5
1697static int pn533_dep_link_up(struct nfc_dev *nfc_dev, struct nfc_target *target,
1698                             u8 comm_mode, u8* gb, size_t gb_len)
1699{
1700        struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1701        struct pn533_cmd_jump_dep *cmd;
1702        u8 cmd_len, *data_ptr;
1703        u8 passive_data[PASSIVE_DATA_LEN] = {0x00, 0xff, 0xff, 0x00, 0x3};
1704        int rc, baud;
1705
1706        nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1707
1708        if (dev->poll_mod_count) {
1709                nfc_dev_err(&dev->interface->dev,
1710                                "Cannot bring the DEP link up while polling");
1711                return -EBUSY;
1712        }
1713
1714        if (dev->tgt_active_prot) {
1715                nfc_dev_err(&dev->interface->dev,
1716                                "There is already an active target");
1717                return -EBUSY;
1718        }
1719
1720        baud = pn533_mod_to_baud(dev);
1721        if (baud < 0) {
1722                nfc_dev_err(&dev->interface->dev,
1723                            "Invalid curr modulation %d", dev->poll_mod_curr);
1724                return baud;
1725        }
1726
1727        cmd_len = sizeof(struct pn533_cmd_jump_dep) + gb_len;
1728        if (comm_mode == NFC_COMM_PASSIVE)
1729                cmd_len += PASSIVE_DATA_LEN;
1730
1731        cmd = kzalloc(cmd_len, GFP_KERNEL);
1732        if (cmd == NULL)
1733                return -ENOMEM;
1734
1735        pn533_tx_frame_init(dev->out_frame, PN533_CMD_IN_JUMP_FOR_DEP);
1736
1737        cmd->active = !comm_mode;
1738        cmd->next = 0;
1739        cmd->baud = baud;
1740        data_ptr = cmd->data;
1741        if (comm_mode == NFC_COMM_PASSIVE && cmd->baud > 0) {
1742                memcpy(data_ptr, passive_data, PASSIVE_DATA_LEN);
1743                cmd->next |= 1;
1744                data_ptr += PASSIVE_DATA_LEN;
1745        }
1746
1747        if (gb != NULL && gb_len > 0) {
1748                cmd->next |= 4; /* We have some Gi */
1749                memcpy(data_ptr, gb, gb_len);
1750        } else {
1751                cmd->next = 0;
1752        }
1753
1754        memcpy(PN533_FRAME_CMD_PARAMS_PTR(dev->out_frame), cmd, cmd_len);
1755        dev->out_frame->datalen += cmd_len;
1756
1757        pn533_tx_frame_finish(dev->out_frame);
1758
1759        rc = pn533_send_cmd_frame_async(dev, dev->out_frame, dev->in_frame,
1760                                dev->in_maxlen, pn533_in_dep_link_up_complete,
1761                                cmd, GFP_KERNEL);
1762        if (rc)
1763                goto out;
1764
1765
1766out:
1767        kfree(cmd);
1768
1769        return rc;
1770}
1771
1772static int pn533_dep_link_down(struct nfc_dev *nfc_dev)
1773{
1774        struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1775
1776        pn533_poll_reset_mod_list(dev);
1777
1778        if (dev->tgt_mode || dev->tgt_active_prot) {
1779                pn533_send_ack(dev, GFP_KERNEL);
1780                usb_kill_urb(dev->in_urb);
1781        }
1782
1783        dev->tgt_active_prot = 0;
1784        dev->tgt_mode = 0;
1785
1786        skb_queue_purge(&dev->resp_q);
1787
1788        return 0;
1789}
1790
1791static int pn533_build_tx_frame(struct pn533 *dev, struct sk_buff *skb,
1792                                bool target)
1793{
1794        int payload_len = skb->len;
1795        struct pn533_frame *out_frame;
1796        u8 tg;
1797
1798        nfc_dev_dbg(&dev->interface->dev, "%s - Sending %d bytes", __func__,
1799                                                                payload_len);
1800
1801        if (payload_len > PN533_CMD_DATAEXCH_DATA_MAXLEN) {
1802                /* TODO: Implement support to multi-part data exchange */
1803                nfc_dev_err(&dev->interface->dev, "Data length greater than the"
1804                                                " max allowed: %d",
1805                                                PN533_CMD_DATAEXCH_DATA_MAXLEN);
1806                return -ENOSYS;
1807        }
1808
1809        if (target == true) {
1810                switch (dev->device_type) {
1811                case PN533_DEVICE_PASORI:
1812                        if (dev->tgt_active_prot == NFC_PROTO_FELICA) {
1813                                skb_push(skb, PN533_CMD_DATAEXCH_HEAD_LEN - 1);
1814                                out_frame = (struct pn533_frame *) skb->data;
1815                                pn533_tx_frame_init(out_frame,
1816                                                    PN533_CMD_IN_COMM_THRU);
1817
1818                                break;
1819                        }
1820
1821                default:
1822                        skb_push(skb, PN533_CMD_DATAEXCH_HEAD_LEN);
1823                        out_frame = (struct pn533_frame *) skb->data;
1824                        pn533_tx_frame_init(out_frame,
1825                                            PN533_CMD_IN_DATA_EXCHANGE);
1826                        tg = 1;
1827                        memcpy(PN533_FRAME_CMD_PARAMS_PTR(out_frame),
1828                               &tg, sizeof(u8));
1829                        out_frame->datalen += sizeof(u8);
1830
1831                        break;
1832                }
1833
1834        } else {
1835                skb_push(skb, PN533_CMD_DATAEXCH_HEAD_LEN - 1);
1836                out_frame = (struct pn533_frame *) skb->data;
1837                pn533_tx_frame_init(out_frame, PN533_CMD_TG_SET_DATA);
1838        }
1839
1840
1841        /* The data is already in the out_frame, just update the datalen */
1842        out_frame->datalen += payload_len;
1843
1844        pn533_tx_frame_finish(out_frame);
1845        skb_put(skb, PN533_FRAME_TAIL_SIZE);
1846
1847        return 0;
1848}
1849
1850struct pn533_data_exchange_arg {
1851        struct sk_buff *skb_resp;
1852        struct sk_buff *skb_out;
1853        data_exchange_cb_t cb;
1854        void *cb_context;
1855};
1856
1857static struct sk_buff *pn533_build_response(struct pn533 *dev)
1858{
1859        struct sk_buff *skb, *tmp, *t;
1860        unsigned int skb_len = 0, tmp_len = 0;
1861
1862        nfc_dev_dbg(&dev->interface->dev, "%s\n", __func__);
1863
1864        if (skb_queue_empty(&dev->resp_q))
1865                return NULL;
1866
1867        if (skb_queue_len(&dev->resp_q) == 1) {
1868                skb = skb_dequeue(&dev->resp_q);
1869                goto out;
1870        }
1871
1872        skb_queue_walk_safe(&dev->resp_q, tmp, t)
1873                skb_len += tmp->len;
1874
1875        nfc_dev_dbg(&dev->interface->dev, "%s total length %d\n",
1876                    __func__, skb_len);
1877
1878        skb = alloc_skb(skb_len, GFP_KERNEL);
1879        if (skb == NULL)
1880                goto out;
1881
1882        skb_put(skb, skb_len);
1883
1884        skb_queue_walk_safe(&dev->resp_q, tmp, t) {
1885                memcpy(skb->data + tmp_len, tmp->data, tmp->len);
1886                tmp_len += tmp->len;
1887        }
1888
1889out:
1890        skb_queue_purge(&dev->resp_q);
1891
1892        return skb;
1893}
1894
1895static int pn533_data_exchange_complete(struct pn533 *dev, void *_arg,
1896                                                u8 *params, int params_len)
1897{
1898        struct pn533_data_exchange_arg *arg = _arg;
1899        struct sk_buff *skb = NULL, *skb_resp = arg->skb_resp;
1900        struct pn533_frame *in_frame = (struct pn533_frame *) skb_resp->data;
1901        int err = 0;
1902        u8 status;
1903        u8 cmd_ret;
1904
1905        nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1906
1907        dev_kfree_skb(arg->skb_out);
1908
1909        if (params_len < 0) { /* error */
1910                err = params_len;
1911                goto error;
1912        }
1913
1914        status = params[0];
1915
1916        cmd_ret = status & PN533_CMD_RET_MASK;
1917        if (cmd_ret != PN533_CMD_RET_SUCCESS) {
1918                nfc_dev_err(&dev->interface->dev, "PN533 reported error %d when"
1919                                                " exchanging data", cmd_ret);
1920                err = -EIO;
1921                goto error;
1922        }
1923
1924        skb_put(skb_resp, PN533_FRAME_SIZE(in_frame));
1925        skb_pull(skb_resp, PN533_CMD_DATAEXCH_HEAD_LEN);
1926        skb_trim(skb_resp, skb_resp->len - PN533_FRAME_TAIL_SIZE);
1927        skb_queue_tail(&dev->resp_q, skb_resp);
1928
1929        if (status & PN533_CMD_MI_MASK) {
1930                queue_work(dev->wq, &dev->mi_work);
1931                return -EINPROGRESS;
1932        }
1933
1934        skb = pn533_build_response(dev);
1935        if (skb == NULL)
1936                goto error;
1937
1938        arg->cb(arg->cb_context, skb, 0);
1939        kfree(arg);
1940        return 0;
1941
1942error:
1943        skb_queue_purge(&dev->resp_q);
1944        dev_kfree_skb(skb_resp);
1945        arg->cb(arg->cb_context, NULL, err);
1946        kfree(arg);
1947        return 0;
1948}
1949
1950static int pn533_transceive(struct nfc_dev *nfc_dev,
1951                            struct nfc_target *target, struct sk_buff *skb,
1952                            data_exchange_cb_t cb, void *cb_context)
1953{
1954        struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1955        struct pn533_frame *out_frame, *in_frame;
1956        struct pn533_data_exchange_arg *arg;
1957        struct sk_buff *skb_resp;
1958        int skb_resp_len;
1959        int rc;
1960
1961        nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1962
1963        if (!dev->tgt_active_prot) {
1964                nfc_dev_err(&dev->interface->dev, "Cannot exchange data if"
1965                                                " there is no active target");
1966                rc = -EINVAL;
1967                goto error;
1968        }
1969
1970        rc = pn533_build_tx_frame(dev, skb, true);
1971        if (rc)
1972                goto error;
1973
1974        skb_resp_len = PN533_CMD_DATAEXCH_HEAD_LEN +
1975                        PN533_CMD_DATAEXCH_DATA_MAXLEN +
1976                        PN533_FRAME_TAIL_SIZE;
1977
1978        skb_resp = nfc_alloc_recv_skb(skb_resp_len, GFP_KERNEL);
1979        if (!skb_resp) {
1980                rc = -ENOMEM;
1981                goto error;
1982        }
1983
1984        in_frame = (struct pn533_frame *) skb_resp->data;
1985        out_frame = (struct pn533_frame *) skb->data;
1986
1987        arg = kmalloc(sizeof(struct pn533_data_exchange_arg), GFP_KERNEL);
1988        if (!arg) {
1989                rc = -ENOMEM;
1990                goto free_skb_resp;
1991        }
1992
1993        arg->skb_resp = skb_resp;
1994        arg->skb_out = skb;
1995        arg->cb = cb;
1996        arg->cb_context = cb_context;
1997
1998        rc = pn533_send_cmd_frame_async(dev, out_frame, in_frame, skb_resp_len,
1999                                        pn533_data_exchange_complete, arg,
2000                                        GFP_KERNEL);
2001        if (rc) {
2002                nfc_dev_err(&dev->interface->dev, "Error %d when trying to"
2003                                                " perform data_exchange", rc);
2004                goto free_arg;
2005        }
2006
2007        return 0;
2008
2009free_arg:
2010        kfree(arg);
2011free_skb_resp:
2012        kfree_skb(skb_resp);
2013error:
2014        kfree_skb(skb);
2015        return rc;
2016}
2017
2018static int pn533_tm_send_complete(struct pn533 *dev, void *arg,
2019                                  u8 *params, int params_len)
2020{
2021        nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2022
2023        if (params_len < 0) {
2024                nfc_dev_err(&dev->interface->dev,
2025                            "Error %d when sending data",
2026                            params_len);
2027
2028                return params_len;
2029        }
2030
2031        if (params_len > 0 && params[0] != 0) {
2032                nfc_tm_deactivated(dev->nfc_dev);
2033
2034                dev->tgt_mode = 0;
2035
2036                return 0;
2037        }
2038
2039        queue_work(dev->wq, &dev->tg_work);
2040
2041        return 0;
2042}
2043
2044static int pn533_tm_send(struct nfc_dev *nfc_dev, struct sk_buff *skb)
2045{
2046        struct pn533 *dev = nfc_get_drvdata(nfc_dev);
2047        struct pn533_frame *out_frame;
2048        int rc;
2049
2050        nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2051
2052        rc = pn533_build_tx_frame(dev, skb, false);
2053        if (rc)
2054                goto error;
2055
2056        out_frame = (struct pn533_frame *) skb->data;
2057
2058        rc = pn533_send_cmd_frame_async(dev, out_frame, dev->in_frame,
2059                                        dev->in_maxlen, pn533_tm_send_complete,
2060                                        NULL, GFP_KERNEL);
2061        if (rc) {
2062                nfc_dev_err(&dev->interface->dev,
2063                            "Error %d when trying to send data", rc);
2064                goto error;
2065        }
2066
2067        return 0;
2068
2069error:
2070        kfree_skb(skb);
2071
2072        return rc;
2073}
2074
2075static void pn533_wq_mi_recv(struct work_struct *work)
2076{
2077        struct pn533 *dev = container_of(work, struct pn533, mi_work);
2078        struct sk_buff *skb_cmd;
2079        struct pn533_data_exchange_arg *arg = dev->cmd_complete_arg;
2080        struct pn533_frame *out_frame, *in_frame;
2081        struct sk_buff *skb_resp;
2082        int skb_resp_len;
2083        int rc;
2084
2085        nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2086
2087        /* This is a zero payload size skb */
2088        skb_cmd = alloc_skb(PN533_CMD_DATAEXCH_HEAD_LEN + PN533_FRAME_TAIL_SIZE,
2089                            GFP_KERNEL);
2090        if (skb_cmd == NULL)
2091                goto error_cmd;
2092
2093        skb_reserve(skb_cmd, PN533_CMD_DATAEXCH_HEAD_LEN);
2094
2095        rc = pn533_build_tx_frame(dev, skb_cmd, true);
2096        if (rc)
2097                goto error_frame;
2098
2099        skb_resp_len = PN533_CMD_DATAEXCH_HEAD_LEN +
2100                        PN533_CMD_DATAEXCH_DATA_MAXLEN +
2101                        PN533_FRAME_TAIL_SIZE;
2102        skb_resp = alloc_skb(skb_resp_len, GFP_KERNEL);
2103        if (!skb_resp) {
2104                rc = -ENOMEM;
2105                goto error_frame;
2106        }
2107
2108        in_frame = (struct pn533_frame *) skb_resp->data;
2109        out_frame = (struct pn533_frame *) skb_cmd->data;
2110
2111        arg->skb_resp = skb_resp;
2112        arg->skb_out = skb_cmd;
2113
2114        rc = __pn533_send_cmd_frame_async(dev, out_frame, in_frame,
2115                                          skb_resp_len,
2116                                          pn533_data_exchange_complete,
2117                                          dev->cmd_complete_arg, GFP_KERNEL);
2118        if (!rc)
2119                return;
2120
2121        nfc_dev_err(&dev->interface->dev, "Error %d when trying to"
2122                                                " perform data_exchange", rc);
2123
2124        kfree_skb(skb_resp);
2125
2126error_frame:
2127        kfree_skb(skb_cmd);
2128
2129error_cmd:
2130        pn533_send_ack(dev, GFP_KERNEL);
2131
2132        kfree(arg);
2133
2134        mutex_unlock(&dev->cmd_lock);
2135}
2136
2137static int pn533_set_configuration(struct pn533 *dev, u8 cfgitem, u8 *cfgdata,
2138                                                                u8 cfgdata_len)
2139{
2140        int rc;
2141        u8 *params;
2142
2143        nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2144
2145        pn533_tx_frame_init(dev->out_frame, PN533_CMD_RF_CONFIGURATION);
2146
2147        params = PN533_FRAME_CMD_PARAMS_PTR(dev->out_frame);
2148        params[0] = cfgitem;
2149        memcpy(&params[1], cfgdata, cfgdata_len);
2150        dev->out_frame->datalen += (1 + cfgdata_len);
2151
2152        pn533_tx_frame_finish(dev->out_frame);
2153
2154        rc = pn533_send_cmd_frame_sync(dev, dev->out_frame, dev->in_frame,
2155                                                                dev->in_maxlen);
2156
2157        return rc;
2158}
2159
2160static int pn533_fw_reset(struct pn533 *dev)
2161{
2162        int rc;
2163        u8 *params;
2164
2165        nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2166
2167        pn533_tx_frame_init(dev->out_frame, 0x18);
2168
2169        params = PN533_FRAME_CMD_PARAMS_PTR(dev->out_frame);
2170        params[0] = 0x1;
2171        dev->out_frame->datalen += 1;
2172
2173        pn533_tx_frame_finish(dev->out_frame);
2174
2175        rc = pn533_send_cmd_frame_sync(dev, dev->out_frame, dev->in_frame,
2176                                       dev->in_maxlen);
2177
2178        return rc;
2179}
2180
2181static struct nfc_ops pn533_nfc_ops = {
2182        .dev_up = NULL,
2183        .dev_down = NULL,
2184        .dep_link_up = pn533_dep_link_up,
2185        .dep_link_down = pn533_dep_link_down,
2186        .start_poll = pn533_start_poll,
2187        .stop_poll = pn533_stop_poll,
2188        .activate_target = pn533_activate_target,
2189        .deactivate_target = pn533_deactivate_target,
2190        .im_transceive = pn533_transceive,
2191        .tm_send = pn533_tm_send,
2192};
2193
2194static int pn533_setup(struct pn533 *dev)
2195{
2196        struct pn533_config_max_retries max_retries;
2197        struct pn533_config_timing timing;
2198        u8 pasori_cfg[3] = {0x08, 0x01, 0x08};
2199        int rc;
2200
2201        switch (dev->device_type) {
2202        case PN533_DEVICE_STD:
2203                max_retries.mx_rty_atr = PN533_CONFIG_MAX_RETRIES_ENDLESS;
2204                max_retries.mx_rty_psl = 2;
2205                max_retries.mx_rty_passive_act =
2206                        PN533_CONFIG_MAX_RETRIES_NO_RETRY;
2207
2208                timing.rfu = PN533_CONFIG_TIMING_102;
2209                timing.atr_res_timeout = PN533_CONFIG_TIMING_204;
2210                timing.dep_timeout = PN533_CONFIG_TIMING_409;
2211
2212                break;
2213
2214        case PN533_DEVICE_PASORI:
2215                max_retries.mx_rty_atr = 0x2;
2216                max_retries.mx_rty_psl = 0x1;
2217                max_retries.mx_rty_passive_act =
2218                        PN533_CONFIG_MAX_RETRIES_NO_RETRY;
2219
2220                timing.rfu = PN533_CONFIG_TIMING_102;
2221                timing.atr_res_timeout = PN533_CONFIG_TIMING_102;
2222                timing.dep_timeout = PN533_CONFIG_TIMING_204;
2223
2224                break;
2225
2226        default:
2227                nfc_dev_err(&dev->interface->dev, "Unknown device type %d\n",
2228                            dev->device_type);
2229                return -EINVAL;
2230        }
2231
2232        rc = pn533_set_configuration(dev, PN533_CFGITEM_MAX_RETRIES,
2233                                     (u8 *)&max_retries, sizeof(max_retries));
2234        if (rc) {
2235                nfc_dev_err(&dev->interface->dev,
2236                            "Error on setting MAX_RETRIES config");
2237                return rc;
2238        }
2239
2240
2241        rc = pn533_set_configuration(dev, PN533_CFGITEM_TIMING,
2242                                     (u8 *)&timing, sizeof(timing));
2243        if (rc) {
2244                nfc_dev_err(&dev->interface->dev,
2245                            "Error on setting RF timings");
2246                return rc;
2247        }
2248
2249        switch (dev->device_type) {
2250        case PN533_DEVICE_STD:
2251                break;
2252
2253        case PN533_DEVICE_PASORI:
2254                pn533_fw_reset(dev);
2255
2256                rc = pn533_set_configuration(dev, PN533_CFGITEM_PASORI,
2257                                             pasori_cfg, 3);
2258                if (rc) {
2259                        nfc_dev_err(&dev->interface->dev,
2260                                    "Error while settings PASORI config");
2261                        return rc;
2262                }
2263
2264                pn533_fw_reset(dev);
2265
2266                break;
2267        }
2268
2269        return 0;
2270}
2271
2272static int pn533_probe(struct usb_interface *interface,
2273                        const struct usb_device_id *id)
2274{
2275        struct pn533_fw_version *fw_ver;
2276        struct pn533 *dev;
2277        struct usb_host_interface *iface_desc;
2278        struct usb_endpoint_descriptor *endpoint;
2279        int in_endpoint = 0;
2280        int out_endpoint = 0;
2281        int rc = -ENOMEM;
2282        int i;
2283        u32 protocols;
2284
2285        dev = kzalloc(sizeof(*dev), GFP_KERNEL);
2286        if (!dev)
2287                return -ENOMEM;
2288
2289        dev->udev = usb_get_dev(interface_to_usbdev(interface));
2290        dev->interface = interface;
2291        mutex_init(&dev->cmd_lock);
2292
2293        iface_desc = interface->cur_altsetting;
2294        for (i = 0; i < iface_desc->desc.bNumEndpoints; ++i) {
2295                endpoint = &iface_desc->endpoint[i].desc;
2296
2297                if (!in_endpoint && usb_endpoint_is_bulk_in(endpoint)) {
2298                        dev->in_maxlen = le16_to_cpu(endpoint->wMaxPacketSize);
2299                        in_endpoint = endpoint->bEndpointAddress;
2300                }
2301
2302                if (!out_endpoint && usb_endpoint_is_bulk_out(endpoint)) {
2303                        dev->out_maxlen =
2304                                le16_to_cpu(endpoint->wMaxPacketSize);
2305                        out_endpoint = endpoint->bEndpointAddress;
2306                }
2307        }
2308
2309        if (!in_endpoint || !out_endpoint) {
2310                nfc_dev_err(&interface->dev, "Could not find bulk-in or"
2311                                                        " bulk-out endpoint");
2312                rc = -ENODEV;
2313                goto error;
2314        }
2315
2316        dev->in_frame = kmalloc(dev->in_maxlen, GFP_KERNEL);
2317        dev->in_urb = usb_alloc_urb(0, GFP_KERNEL);
2318        dev->out_frame = kmalloc(dev->out_maxlen, GFP_KERNEL);
2319        dev->out_urb = usb_alloc_urb(0, GFP_KERNEL);
2320
2321        if (!dev->in_frame || !dev->out_frame ||
2322                !dev->in_urb || !dev->out_urb)
2323                goto error;
2324
2325        usb_fill_bulk_urb(dev->in_urb, dev->udev,
2326                        usb_rcvbulkpipe(dev->udev, in_endpoint),
2327                        NULL, 0, NULL, dev);
2328        usb_fill_bulk_urb(dev->out_urb, dev->udev,
2329                        usb_sndbulkpipe(dev->udev, out_endpoint),
2330                        NULL, 0,
2331                        pn533_send_complete, dev);
2332
2333        INIT_WORK(&dev->cmd_work, pn533_wq_cmd_complete);
2334        INIT_WORK(&dev->mi_work, pn533_wq_mi_recv);
2335        INIT_WORK(&dev->tg_work, pn533_wq_tg_get_data);
2336        INIT_WORK(&dev->poll_work, pn533_wq_poll);
2337        dev->wq = alloc_workqueue("pn533",
2338                                  WQ_NON_REENTRANT | WQ_UNBOUND | WQ_MEM_RECLAIM,
2339                                  1);
2340        if (dev->wq == NULL)
2341                goto error;
2342
2343        init_timer(&dev->listen_timer);
2344        dev->listen_timer.data = (unsigned long) dev;
2345        dev->listen_timer.function = pn533_listen_mode_timer;
2346
2347        skb_queue_head_init(&dev->resp_q);
2348
2349        usb_set_intfdata(interface, dev);
2350
2351        pn533_tx_frame_init(dev->out_frame, PN533_CMD_GET_FIRMWARE_VERSION);
2352        pn533_tx_frame_finish(dev->out_frame);
2353
2354        rc = pn533_send_cmd_frame_sync(dev, dev->out_frame, dev->in_frame,
2355                                                                dev->in_maxlen);
2356        if (rc)
2357                goto destroy_wq;
2358
2359        fw_ver = (struct pn533_fw_version *)
2360                                PN533_FRAME_CMD_PARAMS_PTR(dev->in_frame);
2361        nfc_dev_info(&dev->interface->dev, "NXP PN533 firmware ver %d.%d now"
2362                                        " attached", fw_ver->ver, fw_ver->rev);
2363
2364        dev->device_type = id->driver_info;
2365        switch (dev->device_type) {
2366        case PN533_DEVICE_STD:
2367                protocols = PN533_ALL_PROTOCOLS;
2368                break;
2369
2370        case PN533_DEVICE_PASORI:
2371                protocols = PN533_NO_TYPE_B_PROTOCOLS;
2372                break;
2373
2374        default:
2375                nfc_dev_err(&dev->interface->dev, "Unknown device type %d\n",
2376                            dev->device_type);
2377                rc = -EINVAL;
2378                goto destroy_wq;
2379        }
2380
2381        dev->nfc_dev = nfc_allocate_device(&pn533_nfc_ops, protocols,
2382                                           PN533_CMD_DATAEXCH_HEAD_LEN,
2383                                           PN533_FRAME_TAIL_SIZE);
2384        if (!dev->nfc_dev)
2385                goto destroy_wq;
2386
2387        nfc_set_parent_dev(dev->nfc_dev, &interface->dev);
2388        nfc_set_drvdata(dev->nfc_dev, dev);
2389
2390        rc = nfc_register_device(dev->nfc_dev);
2391        if (rc)
2392                goto free_nfc_dev;
2393
2394        rc = pn533_setup(dev);
2395        if (rc)
2396                goto unregister_nfc_dev;
2397
2398        return 0;
2399
2400unregister_nfc_dev:
2401        nfc_unregister_device(dev->nfc_dev);
2402
2403free_nfc_dev:
2404        nfc_free_device(dev->nfc_dev);
2405
2406destroy_wq:
2407        destroy_workqueue(dev->wq);
2408error:
2409        kfree(dev->in_frame);
2410        usb_free_urb(dev->in_urb);
2411        kfree(dev->out_frame);
2412        usb_free_urb(dev->out_urb);
2413        kfree(dev);
2414        return rc;
2415}
2416
2417static void pn533_disconnect(struct usb_interface *interface)
2418{
2419        struct pn533 *dev;
2420
2421        dev = usb_get_intfdata(interface);
2422        usb_set_intfdata(interface, NULL);
2423
2424        nfc_unregister_device(dev->nfc_dev);
2425        nfc_free_device(dev->nfc_dev);
2426
2427        usb_kill_urb(dev->in_urb);
2428        usb_kill_urb(dev->out_urb);
2429
2430        destroy_workqueue(dev->wq);
2431
2432        skb_queue_purge(&dev->resp_q);
2433
2434        del_timer(&dev->listen_timer);
2435
2436        kfree(dev->in_frame);
2437        usb_free_urb(dev->in_urb);
2438        kfree(dev->out_frame);
2439        usb_free_urb(dev->out_urb);
2440        kfree(dev);
2441
2442        nfc_dev_info(&interface->dev, "NXP PN533 NFC device disconnected");
2443}
2444
2445static struct usb_driver pn533_driver = {
2446        .name =         "pn533",
2447        .probe =        pn533_probe,
2448        .disconnect =   pn533_disconnect,
2449        .id_table =     pn533_table,
2450};
2451
2452module_usb_driver(pn533_driver);
2453
2454MODULE_AUTHOR("Lauro Ramos Venancio <lauro.venancio@openbossa.org>,"
2455                        " Aloisio Almeida Jr <aloisio.almeida@openbossa.org>");
2456MODULE_DESCRIPTION("PN533 usb driver ver " VERSION);
2457MODULE_VERSION(VERSION);
2458MODULE_LICENSE("GPL");
2459
lxr.linux.no kindly hosted by Redpill Linpro AS, provider of Linux consulting and operations services since 1995.