linux/drivers/nfc/pn533.c
<<
>>
Prefs
   1/*
   2 * Copyright (C) 2011 Instituto Nokia de Tecnologia
   3 *
   4 * Authors:
   5 *    Lauro Ramos Venancio <lauro.venancio@openbossa.org>
   6 *    Aloisio Almeida Jr <aloisio.almeida@openbossa.org>
   7 *
   8 * This program is free software; you can redistribute it and/or modify
   9 * it under the terms of the GNU General Public License as published by
  10 * the Free Software Foundation; either version 2 of the License, or
  11 * (at your option) any later version.
  12 *
  13 * This program is distributed in the hope that it will be useful,
  14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
  15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  16 * GNU General Public License for more details.
  17 *
  18 * You should have received a copy of the GNU General Public License
  19 * along with this program; if not, write to the
  20 * Free Software Foundation, Inc.,
  21 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
  22 */
  23
  24#include <linux/device.h>
  25#include <linux/kernel.h>
  26#include <linux/module.h>
  27#include <linux/slab.h>
  28#include <linux/usb.h>
  29#include <linux/nfc.h>
  30#include <linux/netdevice.h>
  31#include <net/nfc/nfc.h>
  32
  33#define VERSION "0.1"
  34
  35#define PN533_VENDOR_ID 0x4CC
  36#define PN533_PRODUCT_ID 0x2533
  37
  38#define SCM_VENDOR_ID 0x4E6
  39#define SCL3711_PRODUCT_ID 0x5591
  40
  41#define SONY_VENDOR_ID         0x054c
  42#define PASORI_PRODUCT_ID      0x02e1
  43
  44#define PN533_QUIRKS_TYPE_A          BIT(0)
  45#define PN533_QUIRKS_TYPE_F          BIT(1)
  46#define PN533_QUIRKS_DEP             BIT(2)
  47#define PN533_QUIRKS_RAW_EXCHANGE    BIT(3)
  48
  49#define PN533_DEVICE_STD    0x1
  50#define PN533_DEVICE_PASORI 0x2
  51
  52#define PN533_ALL_PROTOCOLS (NFC_PROTO_JEWEL_MASK | NFC_PROTO_MIFARE_MASK |\
  53                             NFC_PROTO_FELICA_MASK | NFC_PROTO_ISO14443_MASK |\
  54                             NFC_PROTO_NFC_DEP_MASK |\
  55                             NFC_PROTO_ISO14443_B_MASK)
  56
  57#define PN533_NO_TYPE_B_PROTOCOLS (NFC_PROTO_JEWEL_MASK | \
  58                                   NFC_PROTO_MIFARE_MASK | \
  59                                   NFC_PROTO_FELICA_MASK | \
  60                                   NFC_PROTO_ISO14443_MASK | \
  61                                   NFC_PROTO_NFC_DEP_MASK)
  62
  63static const struct usb_device_id pn533_table[] = {
  64        { .match_flags          = USB_DEVICE_ID_MATCH_DEVICE,
  65          .idVendor             = PN533_VENDOR_ID,
  66          .idProduct            = PN533_PRODUCT_ID,
  67          .driver_info          = PN533_DEVICE_STD,
  68        },
  69        { .match_flags          = USB_DEVICE_ID_MATCH_DEVICE,
  70          .idVendor             = SCM_VENDOR_ID,
  71          .idProduct            = SCL3711_PRODUCT_ID,
  72          .driver_info          = PN533_DEVICE_STD,
  73        },
  74        { .match_flags          = USB_DEVICE_ID_MATCH_DEVICE,
  75          .idVendor             = SONY_VENDOR_ID,
  76          .idProduct            = PASORI_PRODUCT_ID,
  77          .driver_info          = PN533_DEVICE_PASORI,
  78        },
  79        { }
  80};
  81MODULE_DEVICE_TABLE(usb, pn533_table);
  82
  83/* How much time we spend listening for initiators */
  84#define PN533_LISTEN_TIME 2
  85
  86/* frame definitions */
  87#define PN533_FRAME_TAIL_SIZE 2
  88#define PN533_FRAME_SIZE(f) (sizeof(struct pn533_frame) + f->datalen + \
  89                                PN533_FRAME_TAIL_SIZE)
  90#define PN533_FRAME_ACK_SIZE (sizeof(struct pn533_frame) + 1)
  91#define PN533_FRAME_CHECKSUM(f) (f->data[f->datalen])
  92#define PN533_FRAME_POSTAMBLE(f) (f->data[f->datalen + 1])
  93
  94/* start of frame */
  95#define PN533_SOF 0x00FF
  96
  97/* frame identifier: in/out/error */
  98#define PN533_FRAME_IDENTIFIER(f) (f->data[0])
  99#define PN533_DIR_OUT 0xD4
 100#define PN533_DIR_IN 0xD5
 101
 102/* PN533 Commands */
 103#define PN533_FRAME_CMD(f) (f->data[1])
 104#define PN533_FRAME_CMD_PARAMS_PTR(f) (&f->data[2])
 105#define PN533_FRAME_CMD_PARAMS_LEN(f) (f->datalen - 2)
 106
 107#define PN533_CMD_GET_FIRMWARE_VERSION 0x02
 108#define PN533_CMD_RF_CONFIGURATION 0x32
 109#define PN533_CMD_IN_DATA_EXCHANGE 0x40
 110#define PN533_CMD_IN_COMM_THRU     0x42
 111#define PN533_CMD_IN_LIST_PASSIVE_TARGET 0x4A
 112#define PN533_CMD_IN_ATR 0x50
 113#define PN533_CMD_IN_RELEASE 0x52
 114#define PN533_CMD_IN_JUMP_FOR_DEP 0x56
 115
 116#define PN533_CMD_TG_INIT_AS_TARGET 0x8c
 117#define PN533_CMD_TG_GET_DATA 0x86
 118#define PN533_CMD_TG_SET_DATA 0x8e
 119
 120#define PN533_CMD_RESPONSE(cmd) (cmd + 1)
 121
 122/* PN533 Return codes */
 123#define PN533_CMD_RET_MASK 0x3F
 124#define PN533_CMD_MI_MASK 0x40
 125#define PN533_CMD_RET_SUCCESS 0x00
 126
 127/* PN533 status codes */
 128#define PN533_STATUS_TARGET_RELEASED 0x29
 129
 130struct pn533;
 131
 132typedef int (*pn533_cmd_complete_t) (struct pn533 *dev, void *arg,
 133                                        u8 *params, int params_len);
 134
 135/* structs for pn533 commands */
 136
 137/* PN533_CMD_GET_FIRMWARE_VERSION */
 138struct pn533_fw_version {
 139        u8 ic;
 140        u8 ver;
 141        u8 rev;
 142        u8 support;
 143};
 144
 145/* PN533_CMD_RF_CONFIGURATION */
 146#define PN533_CFGITEM_TIMING 0x02
 147#define PN533_CFGITEM_MAX_RETRIES 0x05
 148#define PN533_CFGITEM_PASORI 0x82
 149
 150#define PN533_CONFIG_TIMING_102 0xb
 151#define PN533_CONFIG_TIMING_204 0xc
 152#define PN533_CONFIG_TIMING_409 0xd
 153#define PN533_CONFIG_TIMING_819 0xe
 154
 155#define PN533_CONFIG_MAX_RETRIES_NO_RETRY 0x00
 156#define PN533_CONFIG_MAX_RETRIES_ENDLESS 0xFF
 157
 158struct pn533_config_max_retries {
 159        u8 mx_rty_atr;
 160        u8 mx_rty_psl;
 161        u8 mx_rty_passive_act;
 162} __packed;
 163
 164struct pn533_config_timing {
 165        u8 rfu;
 166        u8 atr_res_timeout;
 167        u8 dep_timeout;
 168} __packed;
 169
 170/* PN533_CMD_IN_LIST_PASSIVE_TARGET */
 171
 172/* felica commands opcode */
 173#define PN533_FELICA_OPC_SENSF_REQ 0
 174#define PN533_FELICA_OPC_SENSF_RES 1
 175/* felica SENSF_REQ parameters */
 176#define PN533_FELICA_SENSF_SC_ALL 0xFFFF
 177#define PN533_FELICA_SENSF_RC_NO_SYSTEM_CODE 0
 178#define PN533_FELICA_SENSF_RC_SYSTEM_CODE 1
 179#define PN533_FELICA_SENSF_RC_ADVANCED_PROTOCOL 2
 180
 181/* type B initiator_data values */
 182#define PN533_TYPE_B_AFI_ALL_FAMILIES 0
 183#define PN533_TYPE_B_POLL_METHOD_TIMESLOT 0
 184#define PN533_TYPE_B_POLL_METHOD_PROBABILISTIC 1
 185
 186union pn533_cmd_poll_initdata {
 187        struct {
 188                u8 afi;
 189                u8 polling_method;
 190        } __packed type_b;
 191        struct {
 192                u8 opcode;
 193                __be16 sc;
 194                u8 rc;
 195                u8 tsn;
 196        } __packed felica;
 197};
 198
 199/* Poll modulations */
 200enum {
 201        PN533_POLL_MOD_106KBPS_A,
 202        PN533_POLL_MOD_212KBPS_FELICA,
 203        PN533_POLL_MOD_424KBPS_FELICA,
 204        PN533_POLL_MOD_106KBPS_JEWEL,
 205        PN533_POLL_MOD_847KBPS_B,
 206        PN533_LISTEN_MOD,
 207
 208        __PN533_POLL_MOD_AFTER_LAST,
 209};
 210#define PN533_POLL_MOD_MAX (__PN533_POLL_MOD_AFTER_LAST - 1)
 211
 212struct pn533_poll_modulations {
 213        struct {
 214                u8 maxtg;
 215                u8 brty;
 216                union pn533_cmd_poll_initdata initiator_data;
 217        } __packed data;
 218        u8 len;
 219};
 220
 221const struct pn533_poll_modulations poll_mod[] = {
 222        [PN533_POLL_MOD_106KBPS_A] = {
 223                .data = {
 224                        .maxtg = 1,
 225                        .brty = 0,
 226                },
 227                .len = 2,
 228        },
 229        [PN533_POLL_MOD_212KBPS_FELICA] = {
 230                .data = {
 231                        .maxtg = 1,
 232                        .brty = 1,
 233                        .initiator_data.felica = {
 234                                .opcode = PN533_FELICA_OPC_SENSF_REQ,
 235                                .sc = PN533_FELICA_SENSF_SC_ALL,
 236                                .rc = PN533_FELICA_SENSF_RC_NO_SYSTEM_CODE,
 237                                .tsn = 0,
 238                        },
 239                },
 240                .len = 7,
 241        },
 242        [PN533_POLL_MOD_424KBPS_FELICA] = {
 243                .data = {
 244                        .maxtg = 1,
 245                        .brty = 2,
 246                        .initiator_data.felica = {
 247                                .opcode = PN533_FELICA_OPC_SENSF_REQ,
 248                                .sc = PN533_FELICA_SENSF_SC_ALL,
 249                                .rc = PN533_FELICA_SENSF_RC_NO_SYSTEM_CODE,
 250                                .tsn = 0,
 251                        },
 252                 },
 253                .len = 7,
 254        },
 255        [PN533_POLL_MOD_106KBPS_JEWEL] = {
 256                .data = {
 257                        .maxtg = 1,
 258                        .brty = 4,
 259                },
 260                .len = 2,
 261        },
 262        [PN533_POLL_MOD_847KBPS_B] = {
 263                .data = {
 264                        .maxtg = 1,
 265                        .brty = 8,
 266                        .initiator_data.type_b = {
 267                                .afi = PN533_TYPE_B_AFI_ALL_FAMILIES,
 268                                .polling_method =
 269                                        PN533_TYPE_B_POLL_METHOD_TIMESLOT,
 270                        },
 271                },
 272                .len = 3,
 273        },
 274        [PN533_LISTEN_MOD] = {
 275                .len = 0,
 276        },
 277};
 278
 279/* PN533_CMD_IN_ATR */
 280
 281struct pn533_cmd_activate_param {
 282        u8 tg;
 283        u8 next;
 284} __packed;
 285
 286struct pn533_cmd_activate_response {
 287        u8 status;
 288        u8 nfcid3t[10];
 289        u8 didt;
 290        u8 bst;
 291        u8 brt;
 292        u8 to;
 293        u8 ppt;
 294        /* optional */
 295        u8 gt[];
 296} __packed;
 297
 298/* PN533_CMD_IN_JUMP_FOR_DEP */
 299struct pn533_cmd_jump_dep {
 300        u8 active;
 301        u8 baud;
 302        u8 next;
 303        u8 data[];
 304} __packed;
 305
 306struct pn533_cmd_jump_dep_response {
 307        u8 status;
 308        u8 tg;
 309        u8 nfcid3t[10];
 310        u8 didt;
 311        u8 bst;
 312        u8 brt;
 313        u8 to;
 314        u8 ppt;
 315        /* optional */
 316        u8 gt[];
 317} __packed;
 318
 319
 320/* PN533_TG_INIT_AS_TARGET */
 321#define PN533_INIT_TARGET_PASSIVE 0x1
 322#define PN533_INIT_TARGET_DEP 0x2
 323
 324#define PN533_INIT_TARGET_RESP_FRAME_MASK 0x3
 325#define PN533_INIT_TARGET_RESP_ACTIVE     0x1
 326#define PN533_INIT_TARGET_RESP_DEP        0x4
 327
 328struct pn533_cmd_init_target {
 329        u8 mode;
 330        u8 mifare[6];
 331        u8 felica[18];
 332        u8 nfcid3[10];
 333        u8 gb_len;
 334        u8 gb[];
 335} __packed;
 336
 337struct pn533_cmd_init_target_response {
 338        u8 mode;
 339        u8 cmd[];
 340} __packed;
 341
 342struct pn533 {
 343        struct usb_device *udev;
 344        struct usb_interface *interface;
 345        struct nfc_dev *nfc_dev;
 346
 347        struct urb *out_urb;
 348        int out_maxlen;
 349        struct pn533_frame *out_frame;
 350
 351        struct urb *in_urb;
 352        int in_maxlen;
 353        struct pn533_frame *in_frame;
 354
 355        struct sk_buff_head resp_q;
 356
 357        struct workqueue_struct *wq;
 358        struct work_struct cmd_work;
 359        struct work_struct cmd_complete_work;
 360        struct work_struct poll_work;
 361        struct work_struct mi_work;
 362        struct work_struct tg_work;
 363        struct timer_list listen_timer;
 364        struct pn533_frame *wq_in_frame;
 365        int wq_in_error;
 366        int cancel_listen;
 367
 368        pn533_cmd_complete_t cmd_complete;
 369        void *cmd_complete_arg;
 370        struct mutex cmd_lock;
 371        u8 cmd;
 372
 373        struct pn533_poll_modulations *poll_mod_active[PN533_POLL_MOD_MAX + 1];
 374        u8 poll_mod_count;
 375        u8 poll_mod_curr;
 376        u32 poll_protocols;
 377        u32 listen_protocols;
 378
 379        u8 *gb;
 380        size_t gb_len;
 381
 382        u8 tgt_available_prots;
 383        u8 tgt_active_prot;
 384        u8 tgt_mode;
 385
 386        u32 device_type;
 387
 388        struct list_head cmd_queue;
 389        u8 cmd_pending;
 390};
 391
 392struct pn533_cmd {
 393        struct list_head queue;
 394        struct pn533_frame *out_frame;
 395        struct pn533_frame *in_frame;
 396        int in_frame_len;
 397        pn533_cmd_complete_t cmd_complete;
 398        void *arg;
 399        gfp_t flags;
 400};
 401
 402struct pn533_frame {
 403        u8 preamble;
 404        __be16 start_frame;
 405        u8 datalen;
 406        u8 datalen_checksum;
 407        u8 data[];
 408} __packed;
 409
 410/* The rule: value + checksum = 0 */
 411static inline u8 pn533_checksum(u8 value)
 412{
 413        return ~value + 1;
 414}
 415
 416/* The rule: sum(data elements) + checksum = 0 */
 417static u8 pn533_data_checksum(u8 *data, int datalen)
 418{
 419        u8 sum = 0;
 420        int i;
 421
 422        for (i = 0; i < datalen; i++)
 423                sum += data[i];
 424
 425        return pn533_checksum(sum);
 426}
 427
 428/**
 429 * pn533_tx_frame_ack - create a ack frame
 430 * @frame:      The frame to be set as ack
 431 *
 432 * Ack is different type of standard frame. As a standard frame, it has
 433 * preamble and start_frame. However the checksum of this frame must fail,
 434 * i.e. datalen + datalen_checksum must NOT be zero. When the checksum test
 435 * fails and datalen = 0 and datalen_checksum = 0xFF, the frame is a ack.
 436 * After datalen_checksum field, the postamble is placed.
 437 */
 438static void pn533_tx_frame_ack(struct pn533_frame *frame)
 439{
 440        frame->preamble = 0;
 441        frame->start_frame = cpu_to_be16(PN533_SOF);
 442        frame->datalen = 0;
 443        frame->datalen_checksum = 0xFF;
 444        /* data[0] is used as postamble */
 445        frame->data[0] = 0;
 446}
 447
 448static void pn533_tx_frame_init(struct pn533_frame *frame, u8 cmd)
 449{
 450        frame->preamble = 0;
 451        frame->start_frame = cpu_to_be16(PN533_SOF);
 452        PN533_FRAME_IDENTIFIER(frame) = PN533_DIR_OUT;
 453        PN533_FRAME_CMD(frame) = cmd;
 454        frame->datalen = 2;
 455}
 456
 457static void pn533_tx_frame_finish(struct pn533_frame *frame)
 458{
 459        frame->datalen_checksum = pn533_checksum(frame->datalen);
 460
 461        PN533_FRAME_CHECKSUM(frame) =
 462                pn533_data_checksum(frame->data, frame->datalen);
 463
 464        PN533_FRAME_POSTAMBLE(frame) = 0;
 465}
 466
 467static bool pn533_rx_frame_is_valid(struct pn533_frame *frame)
 468{
 469        u8 checksum;
 470
 471        if (frame->start_frame != cpu_to_be16(PN533_SOF))
 472                return false;
 473
 474        checksum = pn533_checksum(frame->datalen);
 475        if (checksum != frame->datalen_checksum)
 476                return false;
 477
 478        checksum = pn533_data_checksum(frame->data, frame->datalen);
 479        if (checksum != PN533_FRAME_CHECKSUM(frame))
 480                return false;
 481
 482        return true;
 483}
 484
 485static bool pn533_rx_frame_is_ack(struct pn533_frame *frame)
 486{
 487        if (frame->start_frame != cpu_to_be16(PN533_SOF))
 488                return false;
 489
 490        if (frame->datalen != 0 || frame->datalen_checksum != 0xFF)
 491                return false;
 492
 493        return true;
 494}
 495
 496static bool pn533_rx_frame_is_cmd_response(struct pn533_frame *frame, u8 cmd)
 497{
 498        return (PN533_FRAME_CMD(frame) == PN533_CMD_RESPONSE(cmd));
 499}
 500
 501
 502static void pn533_wq_cmd_complete(struct work_struct *work)
 503{
 504        struct pn533 *dev = container_of(work, struct pn533, cmd_complete_work);
 505        struct pn533_frame *in_frame;
 506        int rc;
 507
 508        in_frame = dev->wq_in_frame;
 509
 510        if (dev->wq_in_error)
 511                rc = dev->cmd_complete(dev, dev->cmd_complete_arg, NULL,
 512                                                        dev->wq_in_error);
 513        else
 514                rc = dev->cmd_complete(dev, dev->cmd_complete_arg,
 515                                        PN533_FRAME_CMD_PARAMS_PTR(in_frame),
 516                                        PN533_FRAME_CMD_PARAMS_LEN(in_frame));
 517
 518        if (rc != -EINPROGRESS)
 519                queue_work(dev->wq, &dev->cmd_work);
 520}
 521
 522static void pn533_recv_response(struct urb *urb)
 523{
 524        struct pn533 *dev = urb->context;
 525        struct pn533_frame *in_frame;
 526
 527        dev->wq_in_frame = NULL;
 528
 529        switch (urb->status) {
 530        case 0:
 531                /* success */
 532                break;
 533        case -ECONNRESET:
 534        case -ENOENT:
 535        case -ESHUTDOWN:
 536                nfc_dev_dbg(&dev->interface->dev, "Urb shutting down with"
 537                                                " status: %d", urb->status);
 538                dev->wq_in_error = urb->status;
 539                goto sched_wq;
 540        default:
 541                nfc_dev_err(&dev->interface->dev, "Nonzero urb status received:"
 542                                                        " %d", urb->status);
 543                dev->wq_in_error = urb->status;
 544                goto sched_wq;
 545        }
 546
 547        in_frame = dev->in_urb->transfer_buffer;
 548
 549        if (!pn533_rx_frame_is_valid(in_frame)) {
 550                nfc_dev_err(&dev->interface->dev, "Received an invalid frame");
 551                dev->wq_in_error = -EIO;
 552                goto sched_wq;
 553        }
 554
 555        if (!pn533_rx_frame_is_cmd_response(in_frame, dev->cmd)) {
 556                nfc_dev_err(&dev->interface->dev, "The received frame is not "
 557                                                "response to the last command");
 558                dev->wq_in_error = -EIO;
 559                goto sched_wq;
 560        }
 561
 562        nfc_dev_dbg(&dev->interface->dev, "Received a valid frame");
 563        dev->wq_in_error = 0;
 564        dev->wq_in_frame = in_frame;
 565
 566sched_wq:
 567        queue_work(dev->wq, &dev->cmd_complete_work);
 568}
 569
 570static int pn533_submit_urb_for_response(struct pn533 *dev, gfp_t flags)
 571{
 572        dev->in_urb->complete = pn533_recv_response;
 573
 574        return usb_submit_urb(dev->in_urb, flags);
 575}
 576
 577static void pn533_recv_ack(struct urb *urb)
 578{
 579        struct pn533 *dev = urb->context;
 580        struct pn533_frame *in_frame;
 581        int rc;
 582
 583        switch (urb->status) {
 584        case 0:
 585                /* success */
 586                break;
 587        case -ECONNRESET:
 588        case -ENOENT:
 589        case -ESHUTDOWN:
 590                nfc_dev_dbg(&dev->interface->dev, "Urb shutting down with"
 591                                                " status: %d", urb->status);
 592                dev->wq_in_error = urb->status;
 593                goto sched_wq;
 594        default:
 595                nfc_dev_err(&dev->interface->dev, "Nonzero urb status received:"
 596                                                        " %d", urb->status);
 597                dev->wq_in_error = urb->status;
 598                goto sched_wq;
 599        }
 600
 601        in_frame = dev->in_urb->transfer_buffer;
 602
 603        if (!pn533_rx_frame_is_ack(in_frame)) {
 604                nfc_dev_err(&dev->interface->dev, "Received an invalid ack");
 605                dev->wq_in_error = -EIO;
 606                goto sched_wq;
 607        }
 608
 609        nfc_dev_dbg(&dev->interface->dev, "Received a valid ack");
 610
 611        rc = pn533_submit_urb_for_response(dev, GFP_ATOMIC);
 612        if (rc) {
 613                nfc_dev_err(&dev->interface->dev, "usb_submit_urb failed with"
 614                                                        " result %d", rc);
 615                dev->wq_in_error = rc;
 616                goto sched_wq;
 617        }
 618
 619        return;
 620
 621sched_wq:
 622        dev->wq_in_frame = NULL;
 623        queue_work(dev->wq, &dev->cmd_complete_work);
 624}
 625
 626static int pn533_submit_urb_for_ack(struct pn533 *dev, gfp_t flags)
 627{
 628        dev->in_urb->complete = pn533_recv_ack;
 629
 630        return usb_submit_urb(dev->in_urb, flags);
 631}
 632
 633static int pn533_send_ack(struct pn533 *dev, gfp_t flags)
 634{
 635        int rc;
 636
 637        nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
 638
 639        pn533_tx_frame_ack(dev->out_frame);
 640
 641        dev->out_urb->transfer_buffer = dev->out_frame;
 642        dev->out_urb->transfer_buffer_length = PN533_FRAME_ACK_SIZE;
 643        rc = usb_submit_urb(dev->out_urb, flags);
 644
 645        return rc;
 646}
 647
 648static int __pn533_send_cmd_frame_async(struct pn533 *dev,
 649                                        struct pn533_frame *out_frame,
 650                                        struct pn533_frame *in_frame,
 651                                        int in_frame_len,
 652                                        pn533_cmd_complete_t cmd_complete,
 653                                        void *arg, gfp_t flags)
 654{
 655        int rc;
 656
 657        nfc_dev_dbg(&dev->interface->dev, "Sending command 0x%x",
 658                                                PN533_FRAME_CMD(out_frame));
 659
 660        dev->cmd = PN533_FRAME_CMD(out_frame);
 661        dev->cmd_complete = cmd_complete;
 662        dev->cmd_complete_arg = arg;
 663
 664        dev->out_urb->transfer_buffer = out_frame;
 665        dev->out_urb->transfer_buffer_length =
 666                                PN533_FRAME_SIZE(out_frame);
 667
 668        dev->in_urb->transfer_buffer = in_frame;
 669        dev->in_urb->transfer_buffer_length = in_frame_len;
 670
 671        rc = usb_submit_urb(dev->out_urb, flags);
 672        if (rc)
 673                return rc;
 674
 675        rc = pn533_submit_urb_for_ack(dev, flags);
 676        if (rc)
 677                goto error;
 678
 679        return 0;
 680
 681error:
 682        usb_unlink_urb(dev->out_urb);
 683        return rc;
 684}
 685
 686static void pn533_wq_cmd(struct work_struct *work)
 687{
 688        struct pn533 *dev = container_of(work, struct pn533, cmd_work);
 689        struct pn533_cmd *cmd;
 690
 691        mutex_lock(&dev->cmd_lock);
 692
 693        if (list_empty(&dev->cmd_queue)) {
 694                dev->cmd_pending = 0;
 695                mutex_unlock(&dev->cmd_lock);
 696                return;
 697        }
 698
 699        cmd = list_first_entry(&dev->cmd_queue, struct pn533_cmd, queue);
 700
 701        list_del(&cmd->queue);
 702
 703        mutex_unlock(&dev->cmd_lock);
 704
 705        __pn533_send_cmd_frame_async(dev, cmd->out_frame, cmd->in_frame,
 706                                     cmd->in_frame_len, cmd->cmd_complete,
 707                                     cmd->arg, cmd->flags);
 708
 709        kfree(cmd);
 710}
 711
 712static int pn533_send_cmd_frame_async(struct pn533 *dev,
 713                                        struct pn533_frame *out_frame,
 714                                        struct pn533_frame *in_frame,
 715                                        int in_frame_len,
 716                                        pn533_cmd_complete_t cmd_complete,
 717                                        void *arg, gfp_t flags)
 718{
 719        struct pn533_cmd *cmd;
 720        int rc = 0;
 721
 722        nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
 723
 724        mutex_lock(&dev->cmd_lock);
 725
 726        if (!dev->cmd_pending) {
 727                rc = __pn533_send_cmd_frame_async(dev, out_frame, in_frame,
 728                                                  in_frame_len, cmd_complete,
 729                                                  arg, flags);
 730                if (!rc)
 731                        dev->cmd_pending = 1;
 732
 733                goto unlock;
 734        }
 735
 736        nfc_dev_dbg(&dev->interface->dev, "%s Queueing command", __func__);
 737
 738        cmd = kzalloc(sizeof(struct pn533_cmd), flags);
 739        if (!cmd) {
 740                rc = -ENOMEM;
 741                goto unlock;
 742        }
 743
 744        INIT_LIST_HEAD(&cmd->queue);
 745        cmd->out_frame = out_frame;
 746        cmd->in_frame = in_frame;
 747        cmd->in_frame_len = in_frame_len;
 748        cmd->cmd_complete = cmd_complete;
 749        cmd->arg = arg;
 750        cmd->flags = flags;
 751
 752        list_add_tail(&cmd->queue, &dev->cmd_queue);
 753
 754unlock:
 755        mutex_unlock(&dev->cmd_lock);
 756
 757        return rc;
 758}
 759
 760struct pn533_sync_cmd_response {
 761        int rc;
 762        struct completion done;
 763};
 764
 765static int pn533_sync_cmd_complete(struct pn533 *dev, void *_arg,
 766                                        u8 *params, int params_len)
 767{
 768        struct pn533_sync_cmd_response *arg = _arg;
 769
 770        nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
 771
 772        arg->rc = 0;
 773
 774        if (params_len < 0) /* error */
 775                arg->rc = params_len;
 776
 777        complete(&arg->done);
 778
 779        return 0;
 780}
 781
 782static int pn533_send_cmd_frame_sync(struct pn533 *dev,
 783                                                struct pn533_frame *out_frame,
 784                                                struct pn533_frame *in_frame,
 785                                                int in_frame_len)
 786{
 787        int rc;
 788        struct pn533_sync_cmd_response arg;
 789
 790        nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
 791
 792        init_completion(&arg.done);
 793
 794        rc = pn533_send_cmd_frame_async(dev, out_frame, in_frame, in_frame_len,
 795                                pn533_sync_cmd_complete, &arg, GFP_KERNEL);
 796        if (rc)
 797                return rc;
 798
 799        wait_for_completion(&arg.done);
 800
 801        return arg.rc;
 802}
 803
 804static void pn533_send_complete(struct urb *urb)
 805{
 806        struct pn533 *dev = urb->context;
 807
 808        nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
 809
 810        switch (urb->status) {
 811        case 0:
 812                /* success */
 813                break;
 814        case -ECONNRESET:
 815        case -ENOENT:
 816        case -ESHUTDOWN:
 817                nfc_dev_dbg(&dev->interface->dev, "Urb shutting down with"
 818                                                " status: %d", urb->status);
 819                break;
 820        default:
 821                nfc_dev_dbg(&dev->interface->dev, "Nonzero urb status received:"
 822                                                        " %d", urb->status);
 823        }
 824}
 825
 826struct pn533_target_type_a {
 827        __be16 sens_res;
 828        u8 sel_res;
 829        u8 nfcid_len;
 830        u8 nfcid_data[];
 831} __packed;
 832
 833
 834#define PN533_TYPE_A_SENS_RES_NFCID1(x) ((u8)((be16_to_cpu(x) & 0x00C0) >> 6))
 835#define PN533_TYPE_A_SENS_RES_SSD(x) ((u8)((be16_to_cpu(x) & 0x001F) >> 0))
 836#define PN533_TYPE_A_SENS_RES_PLATCONF(x) ((u8)((be16_to_cpu(x) & 0x0F00) >> 8))
 837
 838#define PN533_TYPE_A_SENS_RES_SSD_JEWEL 0x00
 839#define PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL 0x0C
 840
 841#define PN533_TYPE_A_SEL_PROT(x) (((x) & 0x60) >> 5)
 842#define PN533_TYPE_A_SEL_CASCADE(x) (((x) & 0x04) >> 2)
 843
 844#define PN533_TYPE_A_SEL_PROT_MIFARE 0
 845#define PN533_TYPE_A_SEL_PROT_ISO14443 1
 846#define PN533_TYPE_A_SEL_PROT_DEP 2
 847#define PN533_TYPE_A_SEL_PROT_ISO14443_DEP 3
 848
 849static bool pn533_target_type_a_is_valid(struct pn533_target_type_a *type_a,
 850                                                        int target_data_len)
 851{
 852        u8 ssd;
 853        u8 platconf;
 854
 855        if (target_data_len < sizeof(struct pn533_target_type_a))
 856                return false;
 857
 858        /* The lenght check of nfcid[] and ats[] are not being performed because
 859           the values are not being used */
 860
 861        /* Requirement 4.6.3.3 from NFC Forum Digital Spec */
 862        ssd = PN533_TYPE_A_SENS_RES_SSD(type_a->sens_res);
 863        platconf = PN533_TYPE_A_SENS_RES_PLATCONF(type_a->sens_res);
 864
 865        if ((ssd == PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
 866                        platconf != PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL) ||
 867                        (ssd != PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
 868                        platconf == PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL))
 869                return false;
 870
 871        /* Requirements 4.8.2.1, 4.8.2.3, 4.8.2.5 and 4.8.2.7 from NFC Forum */
 872        if (PN533_TYPE_A_SEL_CASCADE(type_a->sel_res) != 0)
 873                return false;
 874
 875        return true;
 876}
 877
 878static int pn533_target_found_type_a(struct nfc_target *nfc_tgt, u8 *tgt_data,
 879                                                        int tgt_data_len)
 880{
 881        struct pn533_target_type_a *tgt_type_a;
 882
 883        tgt_type_a = (struct pn533_target_type_a *) tgt_data;
 884
 885        if (!pn533_target_type_a_is_valid(tgt_type_a, tgt_data_len))
 886                return -EPROTO;
 887
 888        switch (PN533_TYPE_A_SEL_PROT(tgt_type_a->sel_res)) {
 889        case PN533_TYPE_A_SEL_PROT_MIFARE:
 890                nfc_tgt->supported_protocols = NFC_PROTO_MIFARE_MASK;
 891                break;
 892        case PN533_TYPE_A_SEL_PROT_ISO14443:
 893                nfc_tgt->supported_protocols = NFC_PROTO_ISO14443_MASK;
 894                break;
 895        case PN533_TYPE_A_SEL_PROT_DEP:
 896                nfc_tgt->supported_protocols = NFC_PROTO_NFC_DEP_MASK;
 897                break;
 898        case PN533_TYPE_A_SEL_PROT_ISO14443_DEP:
 899                nfc_tgt->supported_protocols = NFC_PROTO_ISO14443_MASK |
 900                                                        NFC_PROTO_NFC_DEP_MASK;
 901                break;
 902        }
 903
 904        nfc_tgt->sens_res = be16_to_cpu(tgt_type_a->sens_res);
 905        nfc_tgt->sel_res = tgt_type_a->sel_res;
 906        nfc_tgt->nfcid1_len = tgt_type_a->nfcid_len;
 907        memcpy(nfc_tgt->nfcid1, tgt_type_a->nfcid_data, nfc_tgt->nfcid1_len);
 908
 909        return 0;
 910}
 911
 912struct pn533_target_felica {
 913        u8 pol_res;
 914        u8 opcode;
 915        u8 nfcid2[8];
 916        u8 pad[8];
 917        /* optional */
 918        u8 syst_code[];
 919} __packed;
 920
 921#define PN533_FELICA_SENSF_NFCID2_DEP_B1 0x01
 922#define PN533_FELICA_SENSF_NFCID2_DEP_B2 0xFE
 923
 924static bool pn533_target_felica_is_valid(struct pn533_target_felica *felica,
 925                                                        int target_data_len)
 926{
 927        if (target_data_len < sizeof(struct pn533_target_felica))
 928                return false;
 929
 930        if (felica->opcode != PN533_FELICA_OPC_SENSF_RES)
 931                return false;
 932
 933        return true;
 934}
 935
 936static int pn533_target_found_felica(struct nfc_target *nfc_tgt, u8 *tgt_data,
 937                                                        int tgt_data_len)
 938{
 939        struct pn533_target_felica *tgt_felica;
 940
 941        tgt_felica = (struct pn533_target_felica *) tgt_data;
 942
 943        if (!pn533_target_felica_is_valid(tgt_felica, tgt_data_len))
 944                return -EPROTO;
 945
 946        if (tgt_felica->nfcid2[0] == PN533_FELICA_SENSF_NFCID2_DEP_B1 &&
 947                                        tgt_felica->nfcid2[1] ==
 948                                        PN533_FELICA_SENSF_NFCID2_DEP_B2)
 949                nfc_tgt->supported_protocols = NFC_PROTO_NFC_DEP_MASK;
 950        else
 951                nfc_tgt->supported_protocols = NFC_PROTO_FELICA_MASK;
 952
 953        memcpy(nfc_tgt->sensf_res, &tgt_felica->opcode, 9);
 954        nfc_tgt->sensf_res_len = 9;
 955
 956        return 0;
 957}
 958
 959struct pn533_target_jewel {
 960        __be16 sens_res;
 961        u8 jewelid[4];
 962} __packed;
 963
 964static bool pn533_target_jewel_is_valid(struct pn533_target_jewel *jewel,
 965                                                        int target_data_len)
 966{
 967        u8 ssd;
 968        u8 platconf;
 969
 970        if (target_data_len < sizeof(struct pn533_target_jewel))
 971                return false;
 972
 973        /* Requirement 4.6.3.3 from NFC Forum Digital Spec */
 974        ssd = PN533_TYPE_A_SENS_RES_SSD(jewel->sens_res);
 975        platconf = PN533_TYPE_A_SENS_RES_PLATCONF(jewel->sens_res);
 976
 977        if ((ssd == PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
 978                        platconf != PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL) ||
 979                        (ssd != PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
 980                        platconf == PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL))
 981                return false;
 982
 983        return true;
 984}
 985
 986static int pn533_target_found_jewel(struct nfc_target *nfc_tgt, u8 *tgt_data,
 987                                                        int tgt_data_len)
 988{
 989        struct pn533_target_jewel *tgt_jewel;
 990
 991        tgt_jewel = (struct pn533_target_jewel *) tgt_data;
 992
 993        if (!pn533_target_jewel_is_valid(tgt_jewel, tgt_data_len))
 994                return -EPROTO;
 995
 996        nfc_tgt->supported_protocols = NFC_PROTO_JEWEL_MASK;
 997        nfc_tgt->sens_res = be16_to_cpu(tgt_jewel->sens_res);
 998        nfc_tgt->nfcid1_len = 4;
 999        memcpy(nfc_tgt->nfcid1, tgt_jewel->jewelid, nfc_tgt->nfcid1_len);
1000
1001        return 0;
1002}
1003
1004struct pn533_type_b_prot_info {
1005        u8 bitrate;
1006        u8 fsci_type;
1007        u8 fwi_adc_fo;
1008} __packed;
1009
1010#define PN533_TYPE_B_PROT_FCSI(x) (((x) & 0xF0) >> 4)
1011#define PN533_TYPE_B_PROT_TYPE(x) (((x) & 0x0F) >> 0)
1012#define PN533_TYPE_B_PROT_TYPE_RFU_MASK 0x8
1013
1014struct pn533_type_b_sens_res {
1015        u8 opcode;
1016        u8 nfcid[4];
1017        u8 appdata[4];
1018        struct pn533_type_b_prot_info prot_info;
1019} __packed;
1020
1021#define PN533_TYPE_B_OPC_SENSB_RES 0x50
1022
1023struct pn533_target_type_b {
1024        struct pn533_type_b_sens_res sensb_res;
1025        u8 attrib_res_len;
1026        u8 attrib_res[];
1027} __packed;
1028
1029static bool pn533_target_type_b_is_valid(struct pn533_target_type_b *type_b,
1030                                                        int target_data_len)
1031{
1032        if (target_data_len < sizeof(struct pn533_target_type_b))
1033                return false;
1034
1035        if (type_b->sensb_res.opcode != PN533_TYPE_B_OPC_SENSB_RES)
1036                return false;
1037
1038        if (PN533_TYPE_B_PROT_TYPE(type_b->sensb_res.prot_info.fsci_type) &
1039                                                PN533_TYPE_B_PROT_TYPE_RFU_MASK)
1040                return false;
1041
1042        return true;
1043}
1044
1045static int pn533_target_found_type_b(struct nfc_target *nfc_tgt, u8 *tgt_data,
1046                                                        int tgt_data_len)
1047{
1048        struct pn533_target_type_b *tgt_type_b;
1049
1050        tgt_type_b = (struct pn533_target_type_b *) tgt_data;
1051
1052        if (!pn533_target_type_b_is_valid(tgt_type_b, tgt_data_len))
1053                return -EPROTO;
1054
1055        nfc_tgt->supported_protocols = NFC_PROTO_ISO14443_B_MASK;
1056
1057        return 0;
1058}
1059
1060struct pn533_poll_response {
1061        u8 nbtg;
1062        u8 tg;
1063        u8 target_data[];
1064} __packed;
1065
1066static int pn533_target_found(struct pn533 *dev,
1067                        struct pn533_poll_response *resp, int resp_len)
1068{
1069        int target_data_len;
1070        struct nfc_target nfc_tgt;
1071        int rc;
1072
1073        nfc_dev_dbg(&dev->interface->dev, "%s - modulation=%d", __func__,
1074                                                        dev->poll_mod_curr);
1075
1076        if (resp->tg != 1)
1077                return -EPROTO;
1078
1079        memset(&nfc_tgt, 0, sizeof(struct nfc_target));
1080
1081        target_data_len = resp_len - sizeof(struct pn533_poll_response);
1082
1083        switch (dev->poll_mod_curr) {
1084        case PN533_POLL_MOD_106KBPS_A:
1085                rc = pn533_target_found_type_a(&nfc_tgt, resp->target_data,
1086                                                        target_data_len);
1087                break;
1088        case PN533_POLL_MOD_212KBPS_FELICA:
1089        case PN533_POLL_MOD_424KBPS_FELICA:
1090                rc = pn533_target_found_felica(&nfc_tgt, resp->target_data,
1091                                                        target_data_len);
1092                break;
1093        case PN533_POLL_MOD_106KBPS_JEWEL:
1094                rc = pn533_target_found_jewel(&nfc_tgt, resp->target_data,
1095                                                        target_data_len);
1096                break;
1097        case PN533_POLL_MOD_847KBPS_B:
1098                rc = pn533_target_found_type_b(&nfc_tgt, resp->target_data,
1099                                                        target_data_len);
1100                break;
1101        default:
1102                nfc_dev_err(&dev->interface->dev, "Unknown current poll"
1103                                                                " modulation");
1104                return -EPROTO;
1105        }
1106
1107        if (rc)
1108                return rc;
1109
1110        if (!(nfc_tgt.supported_protocols & dev->poll_protocols)) {
1111                nfc_dev_dbg(&dev->interface->dev, "The target found does not"
1112                                                " have the desired protocol");
1113                return -EAGAIN;
1114        }
1115
1116        nfc_dev_dbg(&dev->interface->dev, "Target found - supported protocols: "
1117                                        "0x%x", nfc_tgt.supported_protocols);
1118
1119        dev->tgt_available_prots = nfc_tgt.supported_protocols;
1120
1121        nfc_targets_found(dev->nfc_dev, &nfc_tgt, 1);
1122
1123        return 0;
1124}
1125
1126static inline void pn533_poll_next_mod(struct pn533 *dev)
1127{
1128        dev->poll_mod_curr = (dev->poll_mod_curr + 1) % dev->poll_mod_count;
1129}
1130
1131static void pn533_poll_reset_mod_list(struct pn533 *dev)
1132{
1133        dev->poll_mod_count = 0;
1134}
1135
1136static void pn533_poll_add_mod(struct pn533 *dev, u8 mod_index)
1137{
1138        dev->poll_mod_active[dev->poll_mod_count] =
1139                (struct pn533_poll_modulations *) &poll_mod[mod_index];
1140        dev->poll_mod_count++;
1141}
1142
1143static void pn533_poll_create_mod_list(struct pn533 *dev,
1144                                       u32 im_protocols, u32 tm_protocols)
1145{
1146        pn533_poll_reset_mod_list(dev);
1147
1148        if (im_protocols & NFC_PROTO_MIFARE_MASK
1149            || im_protocols & NFC_PROTO_ISO14443_MASK
1150            || im_protocols & NFC_PROTO_NFC_DEP_MASK)
1151                pn533_poll_add_mod(dev, PN533_POLL_MOD_106KBPS_A);
1152
1153        if (im_protocols & NFC_PROTO_FELICA_MASK
1154            || im_protocols & NFC_PROTO_NFC_DEP_MASK) {
1155                pn533_poll_add_mod(dev, PN533_POLL_MOD_212KBPS_FELICA);
1156                pn533_poll_add_mod(dev, PN533_POLL_MOD_424KBPS_FELICA);
1157        }
1158
1159        if (im_protocols & NFC_PROTO_JEWEL_MASK)
1160                pn533_poll_add_mod(dev, PN533_POLL_MOD_106KBPS_JEWEL);
1161
1162        if (im_protocols & NFC_PROTO_ISO14443_B_MASK)
1163                pn533_poll_add_mod(dev, PN533_POLL_MOD_847KBPS_B);
1164
1165        if (tm_protocols)
1166                pn533_poll_add_mod(dev, PN533_LISTEN_MOD);
1167}
1168
1169static int pn533_start_poll_complete(struct pn533 *dev, void *arg,
1170                                     u8 *params, int params_len)
1171{
1172        struct pn533_poll_response *resp;
1173        int rc;
1174
1175        nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1176
1177        resp = (struct pn533_poll_response *) params;
1178        if (resp->nbtg) {
1179                rc = pn533_target_found(dev, resp, params_len);
1180
1181                /* We must stop the poll after a valid target found */
1182                if (rc == 0) {
1183                        pn533_poll_reset_mod_list(dev);
1184                        return 0;
1185                }
1186        }
1187
1188        return -EAGAIN;
1189}
1190
1191static int pn533_init_target_frame(struct pn533_frame *frame,
1192                                   u8 *gb, size_t gb_len)
1193{
1194        struct pn533_cmd_init_target *cmd;
1195        size_t cmd_len;
1196        u8 felica_params[18] = {0x1, 0xfe, /* DEP */
1197                                0x0, 0x0, 0x0, 0x0, 0x0, 0x0, /* random */
1198                                0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
1199                                0xff, 0xff}; /* System code */
1200        u8 mifare_params[6] = {0x1, 0x1, /* SENS_RES */
1201                               0x0, 0x0, 0x0,
1202                               0x40}; /* SEL_RES for DEP */
1203
1204        cmd_len = sizeof(struct pn533_cmd_init_target) + gb_len + 1;
1205        cmd = kzalloc(cmd_len, GFP_KERNEL);
1206        if (cmd == NULL)
1207                return -ENOMEM;
1208
1209        pn533_tx_frame_init(frame, PN533_CMD_TG_INIT_AS_TARGET);
1210
1211        /* DEP support only */
1212        cmd->mode |= PN533_INIT_TARGET_DEP;
1213
1214        /* Felica params */
1215        memcpy(cmd->felica, felica_params, 18);
1216        get_random_bytes(cmd->felica + 2, 6);
1217
1218        /* NFCID3 */
1219        memset(cmd->nfcid3, 0, 10);
1220        memcpy(cmd->nfcid3, cmd->felica, 8);
1221
1222        /* MIFARE params */
1223        memcpy(cmd->mifare, mifare_params, 6);
1224
1225        /* General bytes */
1226        cmd->gb_len = gb_len;
1227        memcpy(cmd->gb, gb, gb_len);
1228
1229        /* Len Tk */
1230        cmd->gb[gb_len] = 0;
1231
1232        memcpy(PN533_FRAME_CMD_PARAMS_PTR(frame), cmd, cmd_len);
1233
1234        frame->datalen += cmd_len;
1235
1236        pn533_tx_frame_finish(frame);
1237
1238        kfree(cmd);
1239
1240        return 0;
1241}
1242
1243#define PN533_CMD_DATAEXCH_HEAD_LEN (sizeof(struct pn533_frame) + 3)
1244#define PN533_CMD_DATAEXCH_DATA_MAXLEN 262
1245static int pn533_tm_get_data_complete(struct pn533 *dev, void *arg,
1246                                      u8 *params, int params_len)
1247{
1248        struct sk_buff *skb_resp = arg;
1249        struct pn533_frame *in_frame = (struct pn533_frame *) skb_resp->data;
1250
1251        nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1252
1253        if (params_len < 0) {
1254                nfc_dev_err(&dev->interface->dev,
1255                            "Error %d when starting as a target",
1256                            params_len);
1257
1258                return params_len;
1259        }
1260
1261        if (params_len > 0 && params[0] != 0) {
1262                nfc_tm_deactivated(dev->nfc_dev);
1263
1264                dev->tgt_mode = 0;
1265
1266                kfree_skb(skb_resp);
1267                return 0;
1268        }
1269
1270        skb_put(skb_resp, PN533_FRAME_SIZE(in_frame));
1271        skb_pull(skb_resp, PN533_CMD_DATAEXCH_HEAD_LEN);
1272        skb_trim(skb_resp, skb_resp->len - PN533_FRAME_TAIL_SIZE);
1273
1274        return nfc_tm_data_received(dev->nfc_dev, skb_resp);
1275}
1276
1277static void pn533_wq_tg_get_data(struct work_struct *work)
1278{
1279        struct pn533 *dev = container_of(work, struct pn533, tg_work);
1280        struct pn533_frame *in_frame;
1281        struct sk_buff *skb_resp;
1282        size_t skb_resp_len;
1283
1284        nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1285
1286        skb_resp_len = PN533_CMD_DATAEXCH_HEAD_LEN +
1287                PN533_CMD_DATAEXCH_DATA_MAXLEN +
1288                PN533_FRAME_TAIL_SIZE;
1289
1290        skb_resp = nfc_alloc_recv_skb(skb_resp_len, GFP_KERNEL);
1291        if (!skb_resp)
1292                return;
1293
1294        in_frame = (struct pn533_frame *)skb_resp->data;
1295
1296        pn533_tx_frame_init(dev->out_frame, PN533_CMD_TG_GET_DATA);
1297        pn533_tx_frame_finish(dev->out_frame);
1298
1299        pn533_send_cmd_frame_async(dev, dev->out_frame, in_frame,
1300                                   skb_resp_len,
1301                                   pn533_tm_get_data_complete,
1302                                   skb_resp, GFP_KERNEL);
1303
1304        return;
1305}
1306
1307#define ATR_REQ_GB_OFFSET 17
1308static int pn533_init_target_complete(struct pn533 *dev, void *arg,
1309                                      u8 *params, int params_len)
1310{
1311        struct pn533_cmd_init_target_response *resp;
1312        u8 frame, comm_mode = NFC_COMM_PASSIVE, *gb;
1313        size_t gb_len;
1314        int rc;
1315
1316        nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1317
1318        if (params_len < 0) {
1319                nfc_dev_err(&dev->interface->dev,
1320                            "Error %d when starting as a target",
1321                            params_len);
1322
1323                return params_len;
1324        }
1325
1326        if (params_len < ATR_REQ_GB_OFFSET + 1)
1327                return -EINVAL;
1328
1329        resp = (struct pn533_cmd_init_target_response *) params;
1330
1331        nfc_dev_dbg(&dev->interface->dev, "Target mode 0x%x param len %d\n",
1332                    resp->mode, params_len);
1333
1334        frame = resp->mode & PN533_INIT_TARGET_RESP_FRAME_MASK;
1335        if (frame == PN533_INIT_TARGET_RESP_ACTIVE)
1336                comm_mode = NFC_COMM_ACTIVE;
1337
1338        /* Again, only DEP */
1339        if ((resp->mode & PN533_INIT_TARGET_RESP_DEP) == 0)
1340                return -EOPNOTSUPP;
1341
1342        gb = resp->cmd + ATR_REQ_GB_OFFSET;
1343        gb_len = params_len - (ATR_REQ_GB_OFFSET + 1);
1344
1345        rc = nfc_tm_activated(dev->nfc_dev, NFC_PROTO_NFC_DEP_MASK,
1346                              comm_mode, gb, gb_len);
1347        if (rc < 0) {
1348                nfc_dev_err(&dev->interface->dev,
1349                            "Error when signaling target activation");
1350                return rc;
1351        }
1352
1353        dev->tgt_mode = 1;
1354
1355        queue_work(dev->wq, &dev->tg_work);
1356
1357        return 0;
1358}
1359
1360static void pn533_listen_mode_timer(unsigned long data)
1361{
1362        struct pn533 *dev = (struct pn533 *) data;
1363
1364        nfc_dev_dbg(&dev->interface->dev, "Listen mode timeout");
1365
1366        /* An ack will cancel the last issued command (poll) */
1367        pn533_send_ack(dev, GFP_ATOMIC);
1368
1369        dev->cancel_listen = 1;
1370
1371        pn533_poll_next_mod(dev);
1372
1373        queue_work(dev->wq, &dev->poll_work);
1374}
1375
1376static int pn533_poll_complete(struct pn533 *dev, void *arg,
1377                               u8 *params, int params_len)
1378{
1379        struct pn533_poll_modulations *cur_mod;
1380        int rc;
1381
1382        nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1383
1384        if (params_len == -ENOENT) {
1385                if (dev->poll_mod_count != 0)
1386                        return 0;
1387
1388                nfc_dev_err(&dev->interface->dev,
1389                            "Polling operation has been stopped");
1390
1391                goto stop_poll;
1392        }
1393
1394        if (params_len < 0) {
1395                nfc_dev_err(&dev->interface->dev,
1396                            "Error %d when running poll", params_len);
1397
1398                goto stop_poll;
1399        }
1400
1401        cur_mod = dev->poll_mod_active[dev->poll_mod_curr];
1402
1403        if (cur_mod->len == 0) {
1404                del_timer(&dev->listen_timer);
1405
1406                return pn533_init_target_complete(dev, arg, params, params_len);
1407        } else {
1408                rc = pn533_start_poll_complete(dev, arg, params, params_len);
1409                if (!rc)
1410                        return rc;
1411        }
1412
1413        pn533_poll_next_mod(dev);
1414
1415        queue_work(dev->wq, &dev->poll_work);
1416
1417        return 0;
1418
1419stop_poll:
1420        pn533_poll_reset_mod_list(dev);
1421        dev->poll_protocols = 0;
1422        return 0;
1423}
1424
1425static void pn533_build_poll_frame(struct pn533 *dev,
1426                                   struct pn533_frame *frame,
1427                                   struct pn533_poll_modulations *mod)
1428{
1429        nfc_dev_dbg(&dev->interface->dev, "mod len %d\n", mod->len);
1430
1431        if (mod->len == 0) {
1432                /* Listen mode */
1433                pn533_init_target_frame(frame, dev->gb, dev->gb_len);
1434        } else {
1435                /* Polling mode */
1436                pn533_tx_frame_init(frame, PN533_CMD_IN_LIST_PASSIVE_TARGET);
1437
1438                memcpy(PN533_FRAME_CMD_PARAMS_PTR(frame), &mod->data, mod->len);
1439                frame->datalen += mod->len;
1440
1441                pn533_tx_frame_finish(frame);
1442        }
1443}
1444
1445static int pn533_send_poll_frame(struct pn533 *dev)
1446{
1447        struct pn533_poll_modulations *cur_mod;
1448        int rc;
1449
1450        cur_mod = dev->poll_mod_active[dev->poll_mod_curr];
1451
1452        pn533_build_poll_frame(dev, dev->out_frame, cur_mod);
1453
1454        rc = pn533_send_cmd_frame_async(dev, dev->out_frame, dev->in_frame,
1455                                dev->in_maxlen, pn533_poll_complete,
1456                                NULL, GFP_KERNEL);
1457        if (rc)
1458                nfc_dev_err(&dev->interface->dev, "Polling loop error %d", rc);
1459
1460        return rc;
1461}
1462
1463static void pn533_wq_poll(struct work_struct *work)
1464{
1465        struct pn533 *dev = container_of(work, struct pn533, poll_work);
1466        struct pn533_poll_modulations *cur_mod;
1467        int rc;
1468
1469        cur_mod = dev->poll_mod_active[dev->poll_mod_curr];
1470
1471        nfc_dev_dbg(&dev->interface->dev,
1472                    "%s cancel_listen %d modulation len %d",
1473                    __func__, dev->cancel_listen, cur_mod->len);
1474
1475        if (dev->cancel_listen == 1) {
1476                dev->cancel_listen = 0;
1477                usb_kill_urb(dev->in_urb);
1478        }
1479
1480        rc = pn533_send_poll_frame(dev);
1481        if (rc)
1482                return;
1483
1484        if (cur_mod->len == 0 && dev->poll_mod_count > 1)
1485                mod_timer(&dev->listen_timer, jiffies + PN533_LISTEN_TIME * HZ);
1486
1487        return;
1488}
1489
1490static int pn533_start_poll(struct nfc_dev *nfc_dev,
1491                            u32 im_protocols, u32 tm_protocols)
1492{
1493        struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1494
1495        nfc_dev_dbg(&dev->interface->dev,
1496                    "%s: im protocols 0x%x tm protocols 0x%x",
1497                    __func__, im_protocols, tm_protocols);
1498
1499        if (dev->tgt_active_prot) {
1500                nfc_dev_err(&dev->interface->dev,
1501                            "Cannot poll with a target already activated");
1502                return -EBUSY;
1503        }
1504
1505        if (dev->tgt_mode) {
1506                nfc_dev_err(&dev->interface->dev,
1507                            "Cannot poll while already being activated");
1508                return -EBUSY;
1509        }
1510
1511        if (tm_protocols) {
1512                dev->gb = nfc_get_local_general_bytes(nfc_dev, &dev->gb_len);
1513                if (dev->gb == NULL)
1514                        tm_protocols = 0;
1515        }
1516
1517        dev->poll_mod_curr = 0;
1518        pn533_poll_create_mod_list(dev, im_protocols, tm_protocols);
1519        dev->poll_protocols = im_protocols;
1520        dev->listen_protocols = tm_protocols;
1521
1522        return pn533_send_poll_frame(dev);
1523}
1524
1525static void pn533_stop_poll(struct nfc_dev *nfc_dev)
1526{
1527        struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1528
1529        nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1530
1531        del_timer(&dev->listen_timer);
1532
1533        if (!dev->poll_mod_count) {
1534                nfc_dev_dbg(&dev->interface->dev, "Polling operation was not"
1535                                                                " running");
1536                return;
1537        }
1538
1539        /* An ack will cancel the last issued command (poll) */
1540        pn533_send_ack(dev, GFP_KERNEL);
1541
1542        /* prevent pn533_start_poll_complete to issue a new poll meanwhile */
1543        usb_kill_urb(dev->in_urb);
1544
1545        pn533_poll_reset_mod_list(dev);
1546}
1547
1548static int pn533_activate_target_nfcdep(struct pn533 *dev)
1549{
1550        struct pn533_cmd_activate_param param;
1551        struct pn533_cmd_activate_response *resp;
1552        u16 gt_len;
1553        int rc;
1554
1555        nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1556
1557        pn533_tx_frame_init(dev->out_frame, PN533_CMD_IN_ATR);
1558
1559        param.tg = 1;
1560        param.next = 0;
1561        memcpy(PN533_FRAME_CMD_PARAMS_PTR(dev->out_frame), &param,
1562                                sizeof(struct pn533_cmd_activate_param));
1563        dev->out_frame->datalen += sizeof(struct pn533_cmd_activate_param);
1564
1565        pn533_tx_frame_finish(dev->out_frame);
1566
1567        rc = pn533_send_cmd_frame_sync(dev, dev->out_frame, dev->in_frame,
1568                                                                dev->in_maxlen);
1569        if (rc)
1570                return rc;
1571
1572        resp = (struct pn533_cmd_activate_response *)
1573                                PN533_FRAME_CMD_PARAMS_PTR(dev->in_frame);
1574        rc = resp->status & PN533_CMD_RET_MASK;
1575        if (rc != PN533_CMD_RET_SUCCESS)
1576                return -EIO;
1577
1578        /* ATR_RES general bytes are located at offset 16 */
1579        gt_len = PN533_FRAME_CMD_PARAMS_LEN(dev->in_frame) - 16;
1580        rc = nfc_set_remote_general_bytes(dev->nfc_dev, resp->gt, gt_len);
1581
1582        return rc;
1583}
1584
1585static int pn533_activate_target(struct nfc_dev *nfc_dev,
1586                                 struct nfc_target *target, u32 protocol)
1587{
1588        struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1589        int rc;
1590
1591        nfc_dev_dbg(&dev->interface->dev, "%s - protocol=%u", __func__,
1592                                                                protocol);
1593
1594        if (dev->poll_mod_count) {
1595                nfc_dev_err(&dev->interface->dev, "Cannot activate while"
1596                                                                " polling");
1597                return -EBUSY;
1598        }
1599
1600        if (dev->tgt_active_prot) {
1601                nfc_dev_err(&dev->interface->dev, "There is already an active"
1602                                                                " target");
1603                return -EBUSY;
1604        }
1605
1606        if (!dev->tgt_available_prots) {
1607                nfc_dev_err(&dev->interface->dev, "There is no available target"
1608                                                                " to activate");
1609                return -EINVAL;
1610        }
1611
1612        if (!(dev->tgt_available_prots & (1 << protocol))) {
1613                nfc_dev_err(&dev->interface->dev, "The target does not support"
1614                                        " the requested protocol %u", protocol);
1615                return -EINVAL;
1616        }
1617
1618        if (protocol == NFC_PROTO_NFC_DEP) {
1619                rc = pn533_activate_target_nfcdep(dev);
1620                if (rc) {
1621                        nfc_dev_err(&dev->interface->dev, "Error %d when"
1622                                                " activating target with"
1623                                                " NFC_DEP protocol", rc);
1624                        return rc;
1625                }
1626        }
1627
1628        dev->tgt_active_prot = protocol;
1629        dev->tgt_available_prots = 0;
1630
1631        return 0;
1632}
1633
1634static void pn533_deactivate_target(struct nfc_dev *nfc_dev,
1635                                    struct nfc_target *target)
1636{
1637        struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1638        u8 tg;
1639        u8 status;
1640        int rc;
1641
1642        nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1643
1644        if (!dev->tgt_active_prot) {
1645                nfc_dev_err(&dev->interface->dev, "There is no active target");
1646                return;
1647        }
1648
1649        dev->tgt_active_prot = 0;
1650
1651        skb_queue_purge(&dev->resp_q);
1652
1653        pn533_tx_frame_init(dev->out_frame, PN533_CMD_IN_RELEASE);
1654
1655        tg = 1;
1656        memcpy(PN533_FRAME_CMD_PARAMS_PTR(dev->out_frame), &tg, sizeof(u8));
1657        dev->out_frame->datalen += sizeof(u8);
1658
1659        pn533_tx_frame_finish(dev->out_frame);
1660
1661        rc = pn533_send_cmd_frame_sync(dev, dev->out_frame, dev->in_frame,
1662                                                                dev->in_maxlen);
1663        if (rc) {
1664                nfc_dev_err(&dev->interface->dev, "Error when sending release"
1665                                                " command to the controller");
1666                return;
1667        }
1668
1669        status = PN533_FRAME_CMD_PARAMS_PTR(dev->in_frame)[0];
1670        rc = status & PN533_CMD_RET_MASK;
1671        if (rc != PN533_CMD_RET_SUCCESS)
1672                nfc_dev_err(&dev->interface->dev, "Error 0x%x when releasing"
1673                                                        " the target", rc);
1674
1675        return;
1676}
1677
1678
1679static int pn533_in_dep_link_up_complete(struct pn533 *dev, void *arg,
1680                                                u8 *params, int params_len)
1681{
1682        struct pn533_cmd_jump_dep_response *resp;
1683        struct nfc_target nfc_target;
1684        u8 target_gt_len;
1685        int rc;
1686        struct pn533_cmd_jump_dep *cmd = (struct pn533_cmd_jump_dep *)arg;
1687        u8 active = cmd->active;
1688
1689        kfree(arg);
1690
1691        if (params_len == -ENOENT) {
1692                nfc_dev_dbg(&dev->interface->dev, "");
1693                return 0;
1694        }
1695
1696        if (params_len < 0) {
1697                nfc_dev_err(&dev->interface->dev,
1698                                "Error %d when bringing DEP link up",
1699                                                                params_len);
1700                return 0;
1701        }
1702
1703        if (dev->tgt_available_prots &&
1704            !(dev->tgt_available_prots & (1 << NFC_PROTO_NFC_DEP))) {
1705                nfc_dev_err(&dev->interface->dev,
1706                        "The target does not support DEP");
1707                return -EINVAL;
1708        }
1709
1710        resp = (struct pn533_cmd_jump_dep_response *) params;
1711        rc = resp->status & PN533_CMD_RET_MASK;
1712        if (rc != PN533_CMD_RET_SUCCESS) {
1713                nfc_dev_err(&dev->interface->dev,
1714                                "Bringing DEP link up failed %d", rc);
1715                return 0;
1716        }
1717
1718        if (!dev->tgt_available_prots) {
1719                nfc_dev_dbg(&dev->interface->dev, "Creating new target");
1720
1721                nfc_target.supported_protocols = NFC_PROTO_NFC_DEP_MASK;
1722                nfc_target.nfcid1_len = 10;
1723                memcpy(nfc_target.nfcid1, resp->nfcid3t, nfc_target.nfcid1_len);
1724                rc = nfc_targets_found(dev->nfc_dev, &nfc_target, 1);
1725                if (rc)
1726                        return 0;
1727
1728                dev->tgt_available_prots = 0;
1729        }
1730
1731        dev->tgt_active_prot = NFC_PROTO_NFC_DEP;
1732
1733        /* ATR_RES general bytes are located at offset 17 */
1734        target_gt_len = PN533_FRAME_CMD_PARAMS_LEN(dev->in_frame) - 17;
1735        rc = nfc_set_remote_general_bytes(dev->nfc_dev,
1736                                                resp->gt, target_gt_len);
1737        if (rc == 0)
1738                rc = nfc_dep_link_is_up(dev->nfc_dev,
1739                                                dev->nfc_dev->targets[0].idx,
1740                                                !active, NFC_RF_INITIATOR);
1741
1742        return 0;
1743}
1744
1745static int pn533_mod_to_baud(struct pn533 *dev)
1746{
1747        switch (dev->poll_mod_curr) {
1748        case PN533_POLL_MOD_106KBPS_A:
1749                return 0;
1750        case PN533_POLL_MOD_212KBPS_FELICA:
1751                return 1;
1752        case PN533_POLL_MOD_424KBPS_FELICA:
1753                return 2;
1754        default:
1755                return -EINVAL;
1756        }
1757}
1758
1759#define PASSIVE_DATA_LEN 5
1760static int pn533_dep_link_up(struct nfc_dev *nfc_dev, struct nfc_target *target,
1761                             u8 comm_mode, u8* gb, size_t gb_len)
1762{
1763        struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1764        struct pn533_cmd_jump_dep *cmd;
1765        u8 cmd_len, *data_ptr;
1766        u8 passive_data[PASSIVE_DATA_LEN] = {0x00, 0xff, 0xff, 0x00, 0x3};
1767        int rc, baud;
1768
1769        nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1770
1771        if (dev->poll_mod_count) {
1772                nfc_dev_err(&dev->interface->dev,
1773                                "Cannot bring the DEP link up while polling");
1774                return -EBUSY;
1775        }
1776
1777        if (dev->tgt_active_prot) {
1778                nfc_dev_err(&dev->interface->dev,
1779                                "There is already an active target");
1780                return -EBUSY;
1781        }
1782
1783        baud = pn533_mod_to_baud(dev);
1784        if (baud < 0) {
1785                nfc_dev_err(&dev->interface->dev,
1786                            "Invalid curr modulation %d", dev->poll_mod_curr);
1787                return baud;
1788        }
1789
1790        cmd_len = sizeof(struct pn533_cmd_jump_dep) + gb_len;
1791        if (comm_mode == NFC_COMM_PASSIVE)
1792                cmd_len += PASSIVE_DATA_LEN;
1793
1794        cmd = kzalloc(cmd_len, GFP_KERNEL);
1795        if (cmd == NULL)
1796                return -ENOMEM;
1797
1798        pn533_tx_frame_init(dev->out_frame, PN533_CMD_IN_JUMP_FOR_DEP);
1799
1800        cmd->active = !comm_mode;
1801        cmd->next = 0;
1802        cmd->baud = baud;
1803        data_ptr = cmd->data;
1804        if (comm_mode == NFC_COMM_PASSIVE && cmd->baud > 0) {
1805                memcpy(data_ptr, passive_data, PASSIVE_DATA_LEN);
1806                cmd->next |= 1;
1807                data_ptr += PASSIVE_DATA_LEN;
1808        }
1809
1810        if (gb != NULL && gb_len > 0) {
1811                cmd->next |= 4; /* We have some Gi */
1812                memcpy(data_ptr, gb, gb_len);
1813        } else {
1814                cmd->next = 0;
1815        }
1816
1817        memcpy(PN533_FRAME_CMD_PARAMS_PTR(dev->out_frame), cmd, cmd_len);
1818        dev->out_frame->datalen += cmd_len;
1819
1820        pn533_tx_frame_finish(dev->out_frame);
1821
1822        rc = pn533_send_cmd_frame_async(dev, dev->out_frame, dev->in_frame,
1823                                dev->in_maxlen, pn533_in_dep_link_up_complete,
1824                                cmd, GFP_KERNEL);
1825        if (rc < 0)
1826                kfree(cmd);
1827
1828        return rc;
1829}
1830
1831static int pn533_dep_link_down(struct nfc_dev *nfc_dev)
1832{
1833        struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1834
1835        pn533_poll_reset_mod_list(dev);
1836
1837        if (dev->tgt_mode || dev->tgt_active_prot) {
1838                pn533_send_ack(dev, GFP_KERNEL);
1839                usb_kill_urb(dev->in_urb);
1840        }
1841
1842        dev->tgt_active_prot = 0;
1843        dev->tgt_mode = 0;
1844
1845        skb_queue_purge(&dev->resp_q);
1846
1847        return 0;
1848}
1849
1850static int pn533_build_tx_frame(struct pn533 *dev, struct sk_buff *skb,
1851                                bool target)
1852{
1853        int payload_len = skb->len;
1854        struct pn533_frame *out_frame;
1855        u8 tg;
1856
1857        nfc_dev_dbg(&dev->interface->dev, "%s - Sending %d bytes", __func__,
1858                                                                payload_len);
1859
1860        if (payload_len > PN533_CMD_DATAEXCH_DATA_MAXLEN) {
1861                /* TODO: Implement support to multi-part data exchange */
1862                nfc_dev_err(&dev->interface->dev, "Data length greater than the"
1863                                                " max allowed: %d",
1864                                                PN533_CMD_DATAEXCH_DATA_MAXLEN);
1865                return -ENOSYS;
1866        }
1867
1868        if (target == true) {
1869                switch (dev->device_type) {
1870                case PN533_DEVICE_PASORI:
1871                        if (dev->tgt_active_prot == NFC_PROTO_FELICA) {
1872                                skb_push(skb, PN533_CMD_DATAEXCH_HEAD_LEN - 1);
1873                                out_frame = (struct pn533_frame *) skb->data;
1874                                pn533_tx_frame_init(out_frame,
1875                                                    PN533_CMD_IN_COMM_THRU);
1876
1877                                break;
1878                        }
1879
1880                default:
1881                        skb_push(skb, PN533_CMD_DATAEXCH_HEAD_LEN);
1882                        out_frame = (struct pn533_frame *) skb->data;
1883                        pn533_tx_frame_init(out_frame,
1884                                            PN533_CMD_IN_DATA_EXCHANGE);
1885                        tg = 1;
1886                        memcpy(PN533_FRAME_CMD_PARAMS_PTR(out_frame),
1887                               &tg, sizeof(u8));
1888                        out_frame->datalen += sizeof(u8);
1889
1890                        break;
1891                }
1892
1893        } else {
1894                skb_push(skb, PN533_CMD_DATAEXCH_HEAD_LEN - 1);
1895                out_frame = (struct pn533_frame *) skb->data;
1896                pn533_tx_frame_init(out_frame, PN533_CMD_TG_SET_DATA);
1897        }
1898
1899
1900        /* The data is already in the out_frame, just update the datalen */
1901        out_frame->datalen += payload_len;
1902
1903        pn533_tx_frame_finish(out_frame);
1904        skb_put(skb, PN533_FRAME_TAIL_SIZE);
1905
1906        return 0;
1907}
1908
1909struct pn533_data_exchange_arg {
1910        struct sk_buff *skb_resp;
1911        struct sk_buff *skb_out;
1912        data_exchange_cb_t cb;
1913        void *cb_context;
1914};
1915
1916static struct sk_buff *pn533_build_response(struct pn533 *dev)
1917{
1918        struct sk_buff *skb, *tmp, *t;
1919        unsigned int skb_len = 0, tmp_len = 0;
1920
1921        nfc_dev_dbg(&dev->interface->dev, "%s\n", __func__);
1922
1923        if (skb_queue_empty(&dev->resp_q))
1924                return NULL;
1925
1926        if (skb_queue_len(&dev->resp_q) == 1) {
1927                skb = skb_dequeue(&dev->resp_q);
1928                goto out;
1929        }
1930
1931        skb_queue_walk_safe(&dev->resp_q, tmp, t)
1932                skb_len += tmp->len;
1933
1934        nfc_dev_dbg(&dev->interface->dev, "%s total length %d\n",
1935                    __func__, skb_len);
1936
1937        skb = alloc_skb(skb_len, GFP_KERNEL);
1938        if (skb == NULL)
1939                goto out;
1940
1941        skb_put(skb, skb_len);
1942
1943        skb_queue_walk_safe(&dev->resp_q, tmp, t) {
1944                memcpy(skb->data + tmp_len, tmp->data, tmp->len);
1945                tmp_len += tmp->len;
1946        }
1947
1948out:
1949        skb_queue_purge(&dev->resp_q);
1950
1951        return skb;
1952}
1953
1954static int pn533_data_exchange_complete(struct pn533 *dev, void *_arg,
1955                                                u8 *params, int params_len)
1956{
1957        struct pn533_data_exchange_arg *arg = _arg;
1958        struct sk_buff *skb = NULL, *skb_resp = arg->skb_resp;
1959        struct pn533_frame *in_frame = (struct pn533_frame *) skb_resp->data;
1960        int err = 0;
1961        u8 status;
1962        u8 cmd_ret;
1963
1964        nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1965
1966        dev_kfree_skb(arg->skb_out);
1967
1968        if (params_len < 0) { /* error */
1969                err = params_len;
1970                goto error;
1971        }
1972
1973        status = params[0];
1974
1975        cmd_ret = status & PN533_CMD_RET_MASK;
1976        if (cmd_ret != PN533_CMD_RET_SUCCESS) {
1977                nfc_dev_err(&dev->interface->dev, "PN533 reported error %d when"
1978                                                " exchanging data", cmd_ret);
1979                err = -EIO;
1980                goto error;
1981        }
1982
1983        skb_put(skb_resp, PN533_FRAME_SIZE(in_frame));
1984        skb_pull(skb_resp, PN533_CMD_DATAEXCH_HEAD_LEN);
1985        skb_trim(skb_resp, skb_resp->len - PN533_FRAME_TAIL_SIZE);
1986        skb_queue_tail(&dev->resp_q, skb_resp);
1987
1988        if (status & PN533_CMD_MI_MASK) {
1989                queue_work(dev->wq, &dev->mi_work);
1990                return -EINPROGRESS;
1991        }
1992
1993        skb = pn533_build_response(dev);
1994        if (skb == NULL)
1995                goto error;
1996
1997        arg->cb(arg->cb_context, skb, 0);
1998        kfree(arg);
1999        return 0;
2000
2001error:
2002        skb_queue_purge(&dev->resp_q);
2003        dev_kfree_skb(skb_resp);
2004        arg->cb(arg->cb_context, NULL, err);
2005        kfree(arg);
2006        return 0;
2007}
2008
2009static int pn533_transceive(struct nfc_dev *nfc_dev,
2010                            struct nfc_target *target, struct sk_buff *skb,
2011                            data_exchange_cb_t cb, void *cb_context)
2012{
2013        struct pn533 *dev = nfc_get_drvdata(nfc_dev);
2014        struct pn533_frame *out_frame, *in_frame;
2015        struct pn533_data_exchange_arg *arg;
2016        struct sk_buff *skb_resp;
2017        int skb_resp_len;
2018        int rc;
2019
2020        nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2021
2022        if (!dev->tgt_active_prot) {
2023                nfc_dev_err(&dev->interface->dev, "Cannot exchange data if"
2024                                                " there is no active target");
2025                rc = -EINVAL;
2026                goto error;
2027        }
2028
2029        rc = pn533_build_tx_frame(dev, skb, true);
2030        if (rc)
2031                goto error;
2032
2033        skb_resp_len = PN533_CMD_DATAEXCH_HEAD_LEN +
2034                        PN533_CMD_DATAEXCH_DATA_MAXLEN +
2035                        PN533_FRAME_TAIL_SIZE;
2036
2037        skb_resp = nfc_alloc_recv_skb(skb_resp_len, GFP_KERNEL);
2038        if (!skb_resp) {
2039                rc = -ENOMEM;
2040                goto error;
2041        }
2042
2043        in_frame = (struct pn533_frame *) skb_resp->data;
2044        out_frame = (struct pn533_frame *) skb->data;
2045
2046        arg = kmalloc(sizeof(struct pn533_data_exchange_arg), GFP_KERNEL);
2047        if (!arg) {
2048                rc = -ENOMEM;
2049                goto free_skb_resp;
2050        }
2051
2052        arg->skb_resp = skb_resp;
2053        arg->skb_out = skb;
2054        arg->cb = cb;
2055        arg->cb_context = cb_context;
2056
2057        rc = pn533_send_cmd_frame_async(dev, out_frame, in_frame, skb_resp_len,
2058                                        pn533_data_exchange_complete, arg,
2059                                        GFP_KERNEL);
2060        if (rc) {
2061                nfc_dev_err(&dev->interface->dev, "Error %d when trying to"
2062                                                " perform data_exchange", rc);
2063                goto free_arg;
2064        }
2065
2066        return 0;
2067
2068free_arg:
2069        kfree(arg);
2070free_skb_resp:
2071        kfree_skb(skb_resp);
2072error:
2073        kfree_skb(skb);
2074        return rc;
2075}
2076
2077static int pn533_tm_send_complete(struct pn533 *dev, void *arg,
2078                                  u8 *params, int params_len)
2079{
2080        struct sk_buff *skb_out = arg;
2081
2082        nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2083
2084        dev_kfree_skb(skb_out);
2085
2086        if (params_len < 0) {
2087                nfc_dev_err(&dev->interface->dev,
2088                            "Error %d when sending data",
2089                            params_len);
2090
2091                return params_len;
2092        }
2093
2094        if (params_len > 0 && params[0] != 0) {
2095                nfc_tm_deactivated(dev->nfc_dev);
2096
2097                dev->tgt_mode = 0;
2098
2099                return 0;
2100        }
2101
2102        queue_work(dev->wq, &dev->tg_work);
2103
2104        return 0;
2105}
2106
2107static int pn533_tm_send(struct nfc_dev *nfc_dev, struct sk_buff *skb)
2108{
2109        struct pn533 *dev = nfc_get_drvdata(nfc_dev);
2110        struct pn533_frame *out_frame;
2111        int rc;
2112
2113        nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2114
2115        rc = pn533_build_tx_frame(dev, skb, false);
2116        if (rc)
2117                goto error;
2118
2119        out_frame = (struct pn533_frame *) skb->data;
2120
2121        rc = pn533_send_cmd_frame_async(dev, out_frame, dev->in_frame,
2122                                        dev->in_maxlen, pn533_tm_send_complete,
2123                                        skb, GFP_KERNEL);
2124        if (rc) {
2125                nfc_dev_err(&dev->interface->dev,
2126                            "Error %d when trying to send data", rc);
2127                goto error;
2128        }
2129
2130        return 0;
2131
2132error:
2133        kfree_skb(skb);
2134
2135        return rc;
2136}
2137
2138static void pn533_wq_mi_recv(struct work_struct *work)
2139{
2140        struct pn533 *dev = container_of(work, struct pn533, mi_work);
2141        struct sk_buff *skb_cmd;
2142        struct pn533_data_exchange_arg *arg = dev->cmd_complete_arg;
2143        struct pn533_frame *out_frame, *in_frame;
2144        struct sk_buff *skb_resp;
2145        int skb_resp_len;
2146        int rc;
2147
2148        nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2149
2150        /* This is a zero payload size skb */
2151        skb_cmd = alloc_skb(PN533_CMD_DATAEXCH_HEAD_LEN + PN533_FRAME_TAIL_SIZE,
2152                            GFP_KERNEL);
2153        if (skb_cmd == NULL)
2154                goto error_cmd;
2155
2156        skb_reserve(skb_cmd, PN533_CMD_DATAEXCH_HEAD_LEN);
2157
2158        rc = pn533_build_tx_frame(dev, skb_cmd, true);
2159        if (rc)
2160                goto error_frame;
2161
2162        skb_resp_len = PN533_CMD_DATAEXCH_HEAD_LEN +
2163                        PN533_CMD_DATAEXCH_DATA_MAXLEN +
2164                        PN533_FRAME_TAIL_SIZE;
2165        skb_resp = alloc_skb(skb_resp_len, GFP_KERNEL);
2166        if (!skb_resp) {
2167                rc = -ENOMEM;
2168                goto error_frame;
2169        }
2170
2171        in_frame = (struct pn533_frame *) skb_resp->data;
2172        out_frame = (struct pn533_frame *) skb_cmd->data;
2173
2174        arg->skb_resp = skb_resp;
2175        arg->skb_out = skb_cmd;
2176
2177        rc = __pn533_send_cmd_frame_async(dev, out_frame, in_frame,
2178                                          skb_resp_len,
2179                                          pn533_data_exchange_complete,
2180                                          dev->cmd_complete_arg, GFP_KERNEL);
2181        if (!rc)
2182                return;
2183
2184        nfc_dev_err(&dev->interface->dev, "Error %d when trying to"
2185                                                " perform data_exchange", rc);
2186
2187        kfree_skb(skb_resp);
2188
2189error_frame:
2190        kfree_skb(skb_cmd);
2191
2192error_cmd:
2193        pn533_send_ack(dev, GFP_KERNEL);
2194
2195        kfree(arg);
2196
2197        queue_work(dev->wq, &dev->cmd_work);
2198}
2199
2200static int pn533_set_configuration(struct pn533 *dev, u8 cfgitem, u8 *cfgdata,
2201                                                                u8 cfgdata_len)
2202{
2203        int rc;
2204        u8 *params;
2205
2206        nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2207
2208        pn533_tx_frame_init(dev->out_frame, PN533_CMD_RF_CONFIGURATION);
2209
2210        params = PN533_FRAME_CMD_PARAMS_PTR(dev->out_frame);
2211        params[0] = cfgitem;
2212        memcpy(&params[1], cfgdata, cfgdata_len);
2213        dev->out_frame->datalen += (1 + cfgdata_len);
2214
2215        pn533_tx_frame_finish(dev->out_frame);
2216
2217        rc = pn533_send_cmd_frame_sync(dev, dev->out_frame, dev->in_frame,
2218                                                                dev->in_maxlen);
2219
2220        return rc;
2221}
2222
2223static int pn533_fw_reset(struct pn533 *dev)
2224{
2225        int rc;
2226        u8 *params;
2227
2228        nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2229
2230        pn533_tx_frame_init(dev->out_frame, 0x18);
2231
2232        params = PN533_FRAME_CMD_PARAMS_PTR(dev->out_frame);
2233        params[0] = 0x1;
2234        dev->out_frame->datalen += 1;
2235
2236        pn533_tx_frame_finish(dev->out_frame);
2237
2238        rc = pn533_send_cmd_frame_sync(dev, dev->out_frame, dev->in_frame,
2239                                       dev->in_maxlen);
2240
2241        return rc;
2242}
2243
2244static struct nfc_ops pn533_nfc_ops = {
2245        .dev_up = NULL,
2246        .dev_down = NULL,
2247        .dep_link_up = pn533_dep_link_up,
2248        .dep_link_down = pn533_dep_link_down,
2249        .start_poll = pn533_start_poll,
2250        .stop_poll = pn533_stop_poll,
2251        .activate_target = pn533_activate_target,
2252        .deactivate_target = pn533_deactivate_target,
2253        .im_transceive = pn533_transceive,
2254        .tm_send = pn533_tm_send,
2255};
2256
2257static int pn533_setup(struct pn533 *dev)
2258{
2259        struct pn533_config_max_retries max_retries;
2260        struct pn533_config_timing timing;
2261        u8 pasori_cfg[3] = {0x08, 0x01, 0x08};
2262        int rc;
2263
2264        switch (dev->device_type) {
2265        case PN533_DEVICE_STD:
2266                max_retries.mx_rty_atr = PN533_CONFIG_MAX_RETRIES_ENDLESS;
2267                max_retries.mx_rty_psl = 2;
2268                max_retries.mx_rty_passive_act =
2269                        PN533_CONFIG_MAX_RETRIES_NO_RETRY;
2270
2271                timing.rfu = PN533_CONFIG_TIMING_102;
2272                timing.atr_res_timeout = PN533_CONFIG_TIMING_204;
2273                timing.dep_timeout = PN533_CONFIG_TIMING_409;
2274
2275                break;
2276
2277        case PN533_DEVICE_PASORI:
2278                max_retries.mx_rty_atr = 0x2;
2279                max_retries.mx_rty_psl = 0x1;
2280                max_retries.mx_rty_passive_act =
2281                        PN533_CONFIG_MAX_RETRIES_NO_RETRY;
2282
2283                timing.rfu = PN533_CONFIG_TIMING_102;
2284                timing.atr_res_timeout = PN533_CONFIG_TIMING_102;
2285                timing.dep_timeout = PN533_CONFIG_TIMING_204;
2286
2287                break;
2288
2289        default:
2290                nfc_dev_err(&dev->interface->dev, "Unknown device type %d\n",
2291                            dev->device_type);
2292                return -EINVAL;
2293        }
2294
2295        rc = pn533_set_configuration(dev, PN533_CFGITEM_MAX_RETRIES,
2296                                     (u8 *)&max_retries, sizeof(max_retries));
2297        if (rc) {
2298                nfc_dev_err(&dev->interface->dev,
2299                            "Error on setting MAX_RETRIES config");
2300                return rc;
2301        }
2302
2303
2304        rc = pn533_set_configuration(dev, PN533_CFGITEM_TIMING,
2305                                     (u8 *)&timing, sizeof(timing));
2306        if (rc) {
2307                nfc_dev_err(&dev->interface->dev,
2308                            "Error on setting RF timings");
2309                return rc;
2310        }
2311
2312        switch (dev->device_type) {
2313        case PN533_DEVICE_STD:
2314                break;
2315
2316        case PN533_DEVICE_PASORI:
2317                pn533_fw_reset(dev);
2318
2319                rc = pn533_set_configuration(dev, PN533_CFGITEM_PASORI,
2320                                             pasori_cfg, 3);
2321                if (rc) {
2322                        nfc_dev_err(&dev->interface->dev,
2323                                    "Error while settings PASORI config");
2324                        return rc;
2325                }
2326
2327                pn533_fw_reset(dev);
2328
2329                break;
2330        }
2331
2332        return 0;
2333}
2334
2335static int pn533_probe(struct usb_interface *interface,
2336                        const struct usb_device_id *id)
2337{
2338        struct pn533_fw_version *fw_ver;
2339        struct pn533 *dev;
2340        struct usb_host_interface *iface_desc;
2341        struct usb_endpoint_descriptor *endpoint;
2342        int in_endpoint = 0;
2343        int out_endpoint = 0;
2344        int rc = -ENOMEM;
2345        int i;
2346        u32 protocols;
2347
2348        dev = kzalloc(sizeof(*dev), GFP_KERNEL);
2349        if (!dev)
2350                return -ENOMEM;
2351
2352        dev->udev = usb_get_dev(interface_to_usbdev(interface));
2353        dev->interface = interface;
2354        mutex_init(&dev->cmd_lock);
2355
2356        iface_desc = interface->cur_altsetting;
2357        for (i = 0; i < iface_desc->desc.bNumEndpoints; ++i) {
2358                endpoint = &iface_desc->endpoint[i].desc;
2359
2360                if (!in_endpoint && usb_endpoint_is_bulk_in(endpoint)) {
2361                        dev->in_maxlen = le16_to_cpu(endpoint->wMaxPacketSize);
2362                        in_endpoint = endpoint->bEndpointAddress;
2363                }
2364
2365                if (!out_endpoint && usb_endpoint_is_bulk_out(endpoint)) {
2366                        dev->out_maxlen =
2367                                le16_to_cpu(endpoint->wMaxPacketSize);
2368                        out_endpoint = endpoint->bEndpointAddress;
2369                }
2370        }
2371
2372        if (!in_endpoint || !out_endpoint) {
2373                nfc_dev_err(&interface->dev, "Could not find bulk-in or"
2374                                                        " bulk-out endpoint");
2375                rc = -ENODEV;
2376                goto error;
2377        }
2378
2379        dev->in_frame = kmalloc(dev->in_maxlen, GFP_KERNEL);
2380        dev->in_urb = usb_alloc_urb(0, GFP_KERNEL);
2381        dev->out_frame = kmalloc(dev->out_maxlen, GFP_KERNEL);
2382        dev->out_urb = usb_alloc_urb(0, GFP_KERNEL);
2383
2384        if (!dev->in_frame || !dev->out_frame ||
2385                !dev->in_urb || !dev->out_urb)
2386                goto error;
2387
2388        usb_fill_bulk_urb(dev->in_urb, dev->udev,
2389                        usb_rcvbulkpipe(dev->udev, in_endpoint),
2390                        NULL, 0, NULL, dev);
2391        usb_fill_bulk_urb(dev->out_urb, dev->udev,
2392                        usb_sndbulkpipe(dev->udev, out_endpoint),
2393                        NULL, 0,
2394                        pn533_send_complete, dev);
2395
2396        INIT_WORK(&dev->cmd_work, pn533_wq_cmd);
2397        INIT_WORK(&dev->cmd_complete_work, pn533_wq_cmd_complete);
2398        INIT_WORK(&dev->mi_work, pn533_wq_mi_recv);
2399        INIT_WORK(&dev->tg_work, pn533_wq_tg_get_data);
2400        INIT_WORK(&dev->poll_work, pn533_wq_poll);
2401        dev->wq = alloc_ordered_workqueue("pn533", 0);
2402        if (dev->wq == NULL)
2403                goto error;
2404
2405        init_timer(&dev->listen_timer);
2406        dev->listen_timer.data = (unsigned long) dev;
2407        dev->listen_timer.function = pn533_listen_mode_timer;
2408
2409        skb_queue_head_init(&dev->resp_q);
2410
2411        INIT_LIST_HEAD(&dev->cmd_queue);
2412
2413        usb_set_intfdata(interface, dev);
2414
2415        pn533_tx_frame_init(dev->out_frame, PN533_CMD_GET_FIRMWARE_VERSION);
2416        pn533_tx_frame_finish(dev->out_frame);
2417
2418        rc = pn533_send_cmd_frame_sync(dev, dev->out_frame, dev->in_frame,
2419                                                                dev->in_maxlen);
2420        if (rc)
2421                goto destroy_wq;
2422
2423        fw_ver = (struct pn533_fw_version *)
2424                                PN533_FRAME_CMD_PARAMS_PTR(dev->in_frame);
2425        nfc_dev_info(&dev->interface->dev, "NXP PN533 firmware ver %d.%d now"
2426                                        " attached", fw_ver->ver, fw_ver->rev);
2427
2428        dev->device_type = id->driver_info;
2429        switch (dev->device_type) {
2430        case PN533_DEVICE_STD:
2431                protocols = PN533_ALL_PROTOCOLS;
2432                break;
2433
2434        case PN533_DEVICE_PASORI:
2435                protocols = PN533_NO_TYPE_B_PROTOCOLS;
2436                break;
2437
2438        default:
2439                nfc_dev_err(&dev->interface->dev, "Unknown device type %d\n",
2440                            dev->device_type);
2441                rc = -EINVAL;
2442                goto destroy_wq;
2443        }
2444
2445        dev->nfc_dev = nfc_allocate_device(&pn533_nfc_ops, protocols,
2446                                           PN533_CMD_DATAEXCH_HEAD_LEN,
2447                                           PN533_FRAME_TAIL_SIZE);
2448        if (!dev->nfc_dev)
2449                goto destroy_wq;
2450
2451        nfc_set_parent_dev(dev->nfc_dev, &interface->dev);
2452        nfc_set_drvdata(dev->nfc_dev, dev);
2453
2454        rc = nfc_register_device(dev->nfc_dev);
2455        if (rc)
2456                goto free_nfc_dev;
2457
2458        rc = pn533_setup(dev);
2459        if (rc)
2460                goto unregister_nfc_dev;
2461
2462        return 0;
2463
2464unregister_nfc_dev:
2465        nfc_unregister_device(dev->nfc_dev);
2466
2467free_nfc_dev:
2468        nfc_free_device(dev->nfc_dev);
2469
2470destroy_wq:
2471        destroy_workqueue(dev->wq);
2472error:
2473        kfree(dev->in_frame);
2474        usb_free_urb(dev->in_urb);
2475        kfree(dev->out_frame);
2476        usb_free_urb(dev->out_urb);
2477        kfree(dev);
2478        return rc;
2479}
2480
2481static void pn533_disconnect(struct usb_interface *interface)
2482{
2483        struct pn533 *dev;
2484        struct pn533_cmd *cmd, *n;
2485
2486        dev = usb_get_intfdata(interface);
2487        usb_set_intfdata(interface, NULL);
2488
2489        nfc_unregister_device(dev->nfc_dev);
2490        nfc_free_device(dev->nfc_dev);
2491
2492        usb_kill_urb(dev->in_urb);
2493        usb_kill_urb(dev->out_urb);
2494
2495        destroy_workqueue(dev->wq);
2496
2497        skb_queue_purge(&dev->resp_q);
2498
2499        del_timer(&dev->listen_timer);
2500
2501        list_for_each_entry_safe(cmd, n, &dev->cmd_queue, queue) {
2502                list_del(&cmd->queue);
2503                kfree(cmd);
2504        }
2505
2506        kfree(dev->in_frame);
2507        usb_free_urb(dev->in_urb);
2508        kfree(dev->out_frame);
2509        usb_free_urb(dev->out_urb);
2510        kfree(dev);
2511
2512        nfc_dev_info(&interface->dev, "NXP PN533 NFC device disconnected");
2513}
2514
2515static struct usb_driver pn533_driver = {
2516        .name =         "pn533",
2517        .probe =        pn533_probe,
2518        .disconnect =   pn533_disconnect,
2519        .id_table =     pn533_table,
2520};
2521
2522module_usb_driver(pn533_driver);
2523
2524MODULE_AUTHOR("Lauro Ramos Venancio <lauro.venancio@openbossa.org>,"
2525                        " Aloisio Almeida Jr <aloisio.almeida@openbossa.org>");
2526MODULE_DESCRIPTION("PN533 usb driver ver " VERSION);
2527MODULE_VERSION(VERSION);
2528MODULE_LICENSE("GPL");
2529
lxr.linux.no kindly hosted by Redpill Linpro AS, provider of Linux consulting and operations services since 1995.