linux/drivers/nfc/pn533.c
<<
>>
Prefs
   1/*
   2 * Copyright (C) 2011 Instituto Nokia de Tecnologia
   3 *
   4 * Authors:
   5 *    Lauro Ramos Venancio <lauro.venancio@openbossa.org>
   6 *    Aloisio Almeida Jr <aloisio.almeida@openbossa.org>
   7 *
   8 * This program is free software; you can redistribute it and/or modify
   9 * it under the terms of the GNU General Public License as published by
  10 * the Free Software Foundation; either version 2 of the License, or
  11 * (at your option) any later version.
  12 *
  13 * This program is distributed in the hope that it will be useful,
  14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
  15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  16 * GNU General Public License for more details.
  17 *
  18 * You should have received a copy of the GNU General Public License
  19 * along with this program; if not, write to the
  20 * Free Software Foundation, Inc.,
  21 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
  22 */
  23
  24#include <linux/device.h>
  25#include <linux/kernel.h>
  26#include <linux/module.h>
  27#include <linux/slab.h>
  28#include <linux/usb.h>
  29#include <linux/nfc.h>
  30#include <linux/netdevice.h>
  31#include <net/nfc/nfc.h>
  32
  33#define VERSION "0.1"
  34
  35#define PN533_VENDOR_ID 0x4CC
  36#define PN533_PRODUCT_ID 0x2533
  37
  38#define SCM_VENDOR_ID 0x4E6
  39#define SCL3711_PRODUCT_ID 0x5591
  40
  41#define SONY_VENDOR_ID         0x054c
  42#define PASORI_PRODUCT_ID      0x02e1
  43
  44#define PN533_DEVICE_STD    0x1
  45#define PN533_DEVICE_PASORI 0x2
  46
  47#define PN533_ALL_PROTOCOLS (NFC_PROTO_JEWEL_MASK | NFC_PROTO_MIFARE_MASK |\
  48                             NFC_PROTO_FELICA_MASK | NFC_PROTO_ISO14443_MASK |\
  49                             NFC_PROTO_NFC_DEP_MASK |\
  50                             NFC_PROTO_ISO14443_B_MASK)
  51
  52#define PN533_NO_TYPE_B_PROTOCOLS (NFC_PROTO_JEWEL_MASK | \
  53                                   NFC_PROTO_MIFARE_MASK | \
  54                                   NFC_PROTO_FELICA_MASK | \
  55                                   NFC_PROTO_ISO14443_MASK | \
  56                                   NFC_PROTO_NFC_DEP_MASK)
  57
  58static const struct usb_device_id pn533_table[] = {
  59        { .match_flags          = USB_DEVICE_ID_MATCH_DEVICE,
  60          .idVendor             = PN533_VENDOR_ID,
  61          .idProduct            = PN533_PRODUCT_ID,
  62          .driver_info          = PN533_DEVICE_STD,
  63        },
  64        { .match_flags          = USB_DEVICE_ID_MATCH_DEVICE,
  65          .idVendor             = SCM_VENDOR_ID,
  66          .idProduct            = SCL3711_PRODUCT_ID,
  67          .driver_info          = PN533_DEVICE_STD,
  68        },
  69        { .match_flags          = USB_DEVICE_ID_MATCH_DEVICE,
  70          .idVendor             = SONY_VENDOR_ID,
  71          .idProduct            = PASORI_PRODUCT_ID,
  72          .driver_info          = PN533_DEVICE_PASORI,
  73        },
  74        { }
  75};
  76MODULE_DEVICE_TABLE(usb, pn533_table);
  77
  78/* How much time we spend listening for initiators */
  79#define PN533_LISTEN_TIME 2
  80
  81/* frame definitions */
  82#define PN533_FRAME_HEADER_LEN (sizeof(struct pn533_frame) \
  83                                        + 2) /* data[0] TFI, data[1] CC */
  84#define PN533_FRAME_TAIL_LEN 2 /* data[len] DCS, data[len + 1] postamble*/
  85
  86/*
  87 * Max extended frame payload len, excluding TFI and CC
  88 * which are already in PN533_FRAME_HEADER_LEN.
  89 */
  90#define PN533_FRAME_MAX_PAYLOAD_LEN 263
  91
  92#define PN533_FRAME_ACK_SIZE 6 /* Preamble (1), SoPC (2), ACK Code (2),
  93                                  Postamble (1) */
  94#define PN533_FRAME_CHECKSUM(f) (f->data[f->datalen])
  95#define PN533_FRAME_POSTAMBLE(f) (f->data[f->datalen + 1])
  96
  97/* start of frame */
  98#define PN533_SOF 0x00FF
  99
 100/* frame identifier: in/out/error */
 101#define PN533_FRAME_IDENTIFIER(f) (f->data[0])
 102#define PN533_DIR_OUT 0xD4
 103#define PN533_DIR_IN 0xD5
 104
 105/* PN533 Commands */
 106#define PN533_FRAME_CMD(f) (f->data[1])
 107
 108#define PN533_CMD_GET_FIRMWARE_VERSION 0x02
 109#define PN533_CMD_RF_CONFIGURATION 0x32
 110#define PN533_CMD_IN_DATA_EXCHANGE 0x40
 111#define PN533_CMD_IN_COMM_THRU     0x42
 112#define PN533_CMD_IN_LIST_PASSIVE_TARGET 0x4A
 113#define PN533_CMD_IN_ATR 0x50
 114#define PN533_CMD_IN_RELEASE 0x52
 115#define PN533_CMD_IN_JUMP_FOR_DEP 0x56
 116
 117#define PN533_CMD_TG_INIT_AS_TARGET 0x8c
 118#define PN533_CMD_TG_GET_DATA 0x86
 119#define PN533_CMD_TG_SET_DATA 0x8e
 120#define PN533_CMD_UNDEF 0xff
 121
 122#define PN533_CMD_RESPONSE(cmd) (cmd + 1)
 123
 124/* PN533 Return codes */
 125#define PN533_CMD_RET_MASK 0x3F
 126#define PN533_CMD_MI_MASK 0x40
 127#define PN533_CMD_RET_SUCCESS 0x00
 128
 129struct pn533;
 130
 131typedef int (*pn533_cmd_complete_t) (struct pn533 *dev, void *arg, int status);
 132
 133typedef int (*pn533_send_async_complete_t) (struct pn533 *dev, void *arg,
 134                                        struct sk_buff *resp);
 135
 136/* structs for pn533 commands */
 137
 138/* PN533_CMD_GET_FIRMWARE_VERSION */
 139struct pn533_fw_version {
 140        u8 ic;
 141        u8 ver;
 142        u8 rev;
 143        u8 support;
 144};
 145
 146/* PN533_CMD_RF_CONFIGURATION */
 147#define PN533_CFGITEM_TIMING 0x02
 148#define PN533_CFGITEM_MAX_RETRIES 0x05
 149#define PN533_CFGITEM_PASORI 0x82
 150
 151#define PN533_CONFIG_TIMING_102 0xb
 152#define PN533_CONFIG_TIMING_204 0xc
 153#define PN533_CONFIG_TIMING_409 0xd
 154#define PN533_CONFIG_TIMING_819 0xe
 155
 156#define PN533_CONFIG_MAX_RETRIES_NO_RETRY 0x00
 157#define PN533_CONFIG_MAX_RETRIES_ENDLESS 0xFF
 158
 159struct pn533_config_max_retries {
 160        u8 mx_rty_atr;
 161        u8 mx_rty_psl;
 162        u8 mx_rty_passive_act;
 163} __packed;
 164
 165struct pn533_config_timing {
 166        u8 rfu;
 167        u8 atr_res_timeout;
 168        u8 dep_timeout;
 169} __packed;
 170
 171/* PN533_CMD_IN_LIST_PASSIVE_TARGET */
 172
 173/* felica commands opcode */
 174#define PN533_FELICA_OPC_SENSF_REQ 0
 175#define PN533_FELICA_OPC_SENSF_RES 1
 176/* felica SENSF_REQ parameters */
 177#define PN533_FELICA_SENSF_SC_ALL 0xFFFF
 178#define PN533_FELICA_SENSF_RC_NO_SYSTEM_CODE 0
 179#define PN533_FELICA_SENSF_RC_SYSTEM_CODE 1
 180#define PN533_FELICA_SENSF_RC_ADVANCED_PROTOCOL 2
 181
 182/* type B initiator_data values */
 183#define PN533_TYPE_B_AFI_ALL_FAMILIES 0
 184#define PN533_TYPE_B_POLL_METHOD_TIMESLOT 0
 185#define PN533_TYPE_B_POLL_METHOD_PROBABILISTIC 1
 186
 187union pn533_cmd_poll_initdata {
 188        struct {
 189                u8 afi;
 190                u8 polling_method;
 191        } __packed type_b;
 192        struct {
 193                u8 opcode;
 194                __be16 sc;
 195                u8 rc;
 196                u8 tsn;
 197        } __packed felica;
 198};
 199
 200/* Poll modulations */
 201enum {
 202        PN533_POLL_MOD_106KBPS_A,
 203        PN533_POLL_MOD_212KBPS_FELICA,
 204        PN533_POLL_MOD_424KBPS_FELICA,
 205        PN533_POLL_MOD_106KBPS_JEWEL,
 206        PN533_POLL_MOD_847KBPS_B,
 207        PN533_LISTEN_MOD,
 208
 209        __PN533_POLL_MOD_AFTER_LAST,
 210};
 211#define PN533_POLL_MOD_MAX (__PN533_POLL_MOD_AFTER_LAST - 1)
 212
 213struct pn533_poll_modulations {
 214        struct {
 215                u8 maxtg;
 216                u8 brty;
 217                union pn533_cmd_poll_initdata initiator_data;
 218        } __packed data;
 219        u8 len;
 220};
 221
 222static const struct pn533_poll_modulations poll_mod[] = {
 223        [PN533_POLL_MOD_106KBPS_A] = {
 224                .data = {
 225                        .maxtg = 1,
 226                        .brty = 0,
 227                },
 228                .len = 2,
 229        },
 230        [PN533_POLL_MOD_212KBPS_FELICA] = {
 231                .data = {
 232                        .maxtg = 1,
 233                        .brty = 1,
 234                        .initiator_data.felica = {
 235                                .opcode = PN533_FELICA_OPC_SENSF_REQ,
 236                                .sc = PN533_FELICA_SENSF_SC_ALL,
 237                                .rc = PN533_FELICA_SENSF_RC_NO_SYSTEM_CODE,
 238                                .tsn = 0,
 239                        },
 240                },
 241                .len = 7,
 242        },
 243        [PN533_POLL_MOD_424KBPS_FELICA] = {
 244                .data = {
 245                        .maxtg = 1,
 246                        .brty = 2,
 247                        .initiator_data.felica = {
 248                                .opcode = PN533_FELICA_OPC_SENSF_REQ,
 249                                .sc = PN533_FELICA_SENSF_SC_ALL,
 250                                .rc = PN533_FELICA_SENSF_RC_NO_SYSTEM_CODE,
 251                                .tsn = 0,
 252                        },
 253                 },
 254                .len = 7,
 255        },
 256        [PN533_POLL_MOD_106KBPS_JEWEL] = {
 257                .data = {
 258                        .maxtg = 1,
 259                        .brty = 4,
 260                },
 261                .len = 2,
 262        },
 263        [PN533_POLL_MOD_847KBPS_B] = {
 264                .data = {
 265                        .maxtg = 1,
 266                        .brty = 8,
 267                        .initiator_data.type_b = {
 268                                .afi = PN533_TYPE_B_AFI_ALL_FAMILIES,
 269                                .polling_method =
 270                                        PN533_TYPE_B_POLL_METHOD_TIMESLOT,
 271                        },
 272                },
 273                .len = 3,
 274        },
 275        [PN533_LISTEN_MOD] = {
 276                .len = 0,
 277        },
 278};
 279
 280/* PN533_CMD_IN_ATR */
 281
 282struct pn533_cmd_activate_response {
 283        u8 status;
 284        u8 nfcid3t[10];
 285        u8 didt;
 286        u8 bst;
 287        u8 brt;
 288        u8 to;
 289        u8 ppt;
 290        /* optional */
 291        u8 gt[];
 292} __packed;
 293
 294struct pn533_cmd_jump_dep_response {
 295        u8 status;
 296        u8 tg;
 297        u8 nfcid3t[10];
 298        u8 didt;
 299        u8 bst;
 300        u8 brt;
 301        u8 to;
 302        u8 ppt;
 303        /* optional */
 304        u8 gt[];
 305} __packed;
 306
 307
 308/* PN533_TG_INIT_AS_TARGET */
 309#define PN533_INIT_TARGET_PASSIVE 0x1
 310#define PN533_INIT_TARGET_DEP 0x2
 311
 312#define PN533_INIT_TARGET_RESP_FRAME_MASK 0x3
 313#define PN533_INIT_TARGET_RESP_ACTIVE     0x1
 314#define PN533_INIT_TARGET_RESP_DEP        0x4
 315
 316struct pn533 {
 317        struct usb_device *udev;
 318        struct usb_interface *interface;
 319        struct nfc_dev *nfc_dev;
 320
 321        struct urb *out_urb;
 322        struct urb *in_urb;
 323
 324        struct sk_buff_head resp_q;
 325
 326        struct workqueue_struct *wq;
 327        struct work_struct cmd_work;
 328        struct work_struct cmd_complete_work;
 329        struct work_struct poll_work;
 330        struct work_struct mi_work;
 331        struct work_struct tg_work;
 332        struct timer_list listen_timer;
 333        int wq_in_error;
 334        int cancel_listen;
 335
 336        pn533_cmd_complete_t cmd_complete;
 337        void *cmd_complete_arg;
 338        void *cmd_complete_mi_arg;
 339        struct mutex cmd_lock;
 340        u8 cmd;
 341
 342        struct pn533_poll_modulations *poll_mod_active[PN533_POLL_MOD_MAX + 1];
 343        u8 poll_mod_count;
 344        u8 poll_mod_curr;
 345        u32 poll_protocols;
 346        u32 listen_protocols;
 347
 348        u8 *gb;
 349        size_t gb_len;
 350
 351        u8 tgt_available_prots;
 352        u8 tgt_active_prot;
 353        u8 tgt_mode;
 354
 355        u32 device_type;
 356
 357        struct list_head cmd_queue;
 358        u8 cmd_pending;
 359
 360        struct pn533_frame_ops *ops;
 361};
 362
 363struct pn533_cmd {
 364        struct list_head queue;
 365        u8 cmd_code;
 366        struct sk_buff *req;
 367        struct sk_buff *resp;
 368        int resp_len;
 369        void *arg;
 370};
 371
 372struct pn533_frame {
 373        u8 preamble;
 374        __be16 start_frame;
 375        u8 datalen;
 376        u8 datalen_checksum;
 377        u8 data[];
 378} __packed;
 379
 380struct pn533_frame_ops {
 381        void (*tx_frame_init)(void *frame, u8 cmd_code);
 382        void (*tx_frame_finish)(void *frame);
 383        void (*tx_update_payload_len)(void *frame, int len);
 384        int tx_header_len;
 385        int tx_tail_len;
 386
 387        bool (*rx_is_frame_valid)(void *frame);
 388        int (*rx_frame_size)(void *frame);
 389        int rx_header_len;
 390        int rx_tail_len;
 391
 392        int max_payload_len;
 393        u8 (*get_cmd_code)(void *frame);
 394};
 395
 396/* The rule: value + checksum = 0 */
 397static inline u8 pn533_checksum(u8 value)
 398{
 399        return ~value + 1;
 400}
 401
 402/* The rule: sum(data elements) + checksum = 0 */
 403static u8 pn533_data_checksum(u8 *data, int datalen)
 404{
 405        u8 sum = 0;
 406        int i;
 407
 408        for (i = 0; i < datalen; i++)
 409                sum += data[i];
 410
 411        return pn533_checksum(sum);
 412}
 413
 414static void pn533_tx_frame_init(void *_frame, u8 cmd_code)
 415{
 416        struct pn533_frame *frame = _frame;
 417
 418        frame->preamble = 0;
 419        frame->start_frame = cpu_to_be16(PN533_SOF);
 420        PN533_FRAME_IDENTIFIER(frame) = PN533_DIR_OUT;
 421        PN533_FRAME_CMD(frame) = cmd_code;
 422        frame->datalen = 2;
 423}
 424
 425static void pn533_tx_frame_finish(void *_frame)
 426{
 427        struct pn533_frame *frame = _frame;
 428
 429        frame->datalen_checksum = pn533_checksum(frame->datalen);
 430
 431        PN533_FRAME_CHECKSUM(frame) =
 432                pn533_data_checksum(frame->data, frame->datalen);
 433
 434        PN533_FRAME_POSTAMBLE(frame) = 0;
 435}
 436
 437static void pn533_tx_update_payload_len(void *_frame, int len)
 438{
 439        struct pn533_frame *frame = _frame;
 440
 441        frame->datalen += len;
 442}
 443
 444static bool pn533_rx_frame_is_valid(void *_frame)
 445{
 446        u8 checksum;
 447        struct pn533_frame *frame = _frame;
 448
 449        if (frame->start_frame != cpu_to_be16(PN533_SOF))
 450                return false;
 451
 452        checksum = pn533_checksum(frame->datalen);
 453        if (checksum != frame->datalen_checksum)
 454                return false;
 455
 456        checksum = pn533_data_checksum(frame->data, frame->datalen);
 457        if (checksum != PN533_FRAME_CHECKSUM(frame))
 458                return false;
 459
 460        return true;
 461}
 462
 463static bool pn533_rx_frame_is_ack(struct pn533_frame *frame)
 464{
 465        if (frame->start_frame != cpu_to_be16(PN533_SOF))
 466                return false;
 467
 468        if (frame->datalen != 0 || frame->datalen_checksum != 0xFF)
 469                return false;
 470
 471        return true;
 472}
 473
 474static inline int pn533_rx_frame_size(void *frame)
 475{
 476        struct pn533_frame *f = frame;
 477
 478        return sizeof(struct pn533_frame) + f->datalen + PN533_FRAME_TAIL_LEN;
 479}
 480
 481static u8 pn533_get_cmd_code(void *frame)
 482{
 483        struct pn533_frame *f = frame;
 484
 485        return PN533_FRAME_CMD(f);
 486}
 487
 488static struct pn533_frame_ops pn533_std_frame_ops = {
 489        .tx_frame_init = pn533_tx_frame_init,
 490        .tx_frame_finish = pn533_tx_frame_finish,
 491        .tx_update_payload_len = pn533_tx_update_payload_len,
 492        .tx_header_len = PN533_FRAME_HEADER_LEN,
 493        .tx_tail_len = PN533_FRAME_TAIL_LEN,
 494
 495        .rx_is_frame_valid = pn533_rx_frame_is_valid,
 496        .rx_frame_size = pn533_rx_frame_size,
 497        .rx_header_len = PN533_FRAME_HEADER_LEN,
 498        .rx_tail_len = PN533_FRAME_TAIL_LEN,
 499
 500        .max_payload_len =  PN533_FRAME_MAX_PAYLOAD_LEN,
 501        .get_cmd_code = pn533_get_cmd_code,
 502};
 503
 504static bool pn533_rx_frame_is_cmd_response(struct pn533 *dev, void *frame)
 505{
 506        return (dev->ops->get_cmd_code(frame) == PN533_CMD_RESPONSE(dev->cmd));
 507}
 508
 509
 510static void pn533_wq_cmd_complete(struct work_struct *work)
 511{
 512        struct pn533 *dev = container_of(work, struct pn533, cmd_complete_work);
 513        int rc;
 514
 515        rc = dev->cmd_complete(dev, dev->cmd_complete_arg, dev->wq_in_error);
 516        if (rc != -EINPROGRESS)
 517                queue_work(dev->wq, &dev->cmd_work);
 518}
 519
 520static void pn533_recv_response(struct urb *urb)
 521{
 522        struct pn533 *dev = urb->context;
 523        u8 *in_frame;
 524
 525        switch (urb->status) {
 526        case 0:
 527                break; /* success */
 528        case -ECONNRESET:
 529        case -ENOENT:
 530                nfc_dev_dbg(&dev->interface->dev,
 531                            "The urb has been canceled (status %d)",
 532                            urb->status);
 533                dev->wq_in_error = urb->status;
 534                goto sched_wq;
 535        case -ESHUTDOWN:
 536        default:
 537                nfc_dev_err(&dev->interface->dev,
 538                            "Urb failure (status %d)", urb->status);
 539                dev->wq_in_error = urb->status;
 540                goto sched_wq;
 541        }
 542
 543        in_frame = dev->in_urb->transfer_buffer;
 544
 545        nfc_dev_dbg(&dev->interface->dev, "Received a frame.");
 546        print_hex_dump(KERN_DEBUG, "PN533 RX: ", DUMP_PREFIX_NONE, 16, 1,
 547                       in_frame, dev->ops->rx_frame_size(in_frame), false);
 548
 549        if (!dev->ops->rx_is_frame_valid(in_frame)) {
 550                nfc_dev_err(&dev->interface->dev, "Received an invalid frame");
 551                dev->wq_in_error = -EIO;
 552                goto sched_wq;
 553        }
 554
 555        if (!pn533_rx_frame_is_cmd_response(dev, in_frame)) {
 556                nfc_dev_err(&dev->interface->dev,
 557                            "It it not the response to the last command");
 558                dev->wq_in_error = -EIO;
 559                goto sched_wq;
 560        }
 561
 562        dev->wq_in_error = 0;
 563
 564sched_wq:
 565        queue_work(dev->wq, &dev->cmd_complete_work);
 566}
 567
 568static int pn533_submit_urb_for_response(struct pn533 *dev, gfp_t flags)
 569{
 570        dev->in_urb->complete = pn533_recv_response;
 571
 572        return usb_submit_urb(dev->in_urb, flags);
 573}
 574
 575static void pn533_recv_ack(struct urb *urb)
 576{
 577        struct pn533 *dev = urb->context;
 578        struct pn533_frame *in_frame;
 579        int rc;
 580
 581        switch (urb->status) {
 582        case 0:
 583                break; /* success */
 584        case -ECONNRESET:
 585        case -ENOENT:
 586                nfc_dev_dbg(&dev->interface->dev,
 587                            "The urb has been stopped (status %d)",
 588                            urb->status);
 589                dev->wq_in_error = urb->status;
 590                goto sched_wq;
 591        case -ESHUTDOWN:
 592        default:
 593                nfc_dev_err(&dev->interface->dev,
 594                            "Urb failure (status %d)", urb->status);
 595                dev->wq_in_error = urb->status;
 596                goto sched_wq;
 597        }
 598
 599        in_frame = dev->in_urb->transfer_buffer;
 600
 601        if (!pn533_rx_frame_is_ack(in_frame)) {
 602                nfc_dev_err(&dev->interface->dev, "Received an invalid ack");
 603                dev->wq_in_error = -EIO;
 604                goto sched_wq;
 605        }
 606
 607        rc = pn533_submit_urb_for_response(dev, GFP_ATOMIC);
 608        if (rc) {
 609                nfc_dev_err(&dev->interface->dev,
 610                            "usb_submit_urb failed with result %d", rc);
 611                dev->wq_in_error = rc;
 612                goto sched_wq;
 613        }
 614
 615        return;
 616
 617sched_wq:
 618        queue_work(dev->wq, &dev->cmd_complete_work);
 619}
 620
 621static int pn533_submit_urb_for_ack(struct pn533 *dev, gfp_t flags)
 622{
 623        dev->in_urb->complete = pn533_recv_ack;
 624
 625        return usb_submit_urb(dev->in_urb, flags);
 626}
 627
 628static int pn533_send_ack(struct pn533 *dev, gfp_t flags)
 629{
 630        u8 ack[PN533_FRAME_ACK_SIZE] = {0x00, 0x00, 0xff, 0x00, 0xff, 0x00};
 631        /* spec 7.1.1.3:  Preamble, SoPC (2), ACK Code (2), Postamble */
 632        int rc;
 633
 634        nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
 635
 636        dev->out_urb->transfer_buffer = ack;
 637        dev->out_urb->transfer_buffer_length = sizeof(ack);
 638        rc = usb_submit_urb(dev->out_urb, flags);
 639
 640        return rc;
 641}
 642
 643static int __pn533_send_frame_async(struct pn533 *dev,
 644                                        struct sk_buff *out,
 645                                        struct sk_buff *in,
 646                                        int in_len,
 647                                        pn533_cmd_complete_t cmd_complete,
 648                                        void *arg)
 649{
 650        int rc;
 651
 652        dev->cmd = dev->ops->get_cmd_code(out->data);
 653        dev->cmd_complete = cmd_complete;
 654        dev->cmd_complete_arg = arg;
 655
 656        dev->out_urb->transfer_buffer = out->data;
 657        dev->out_urb->transfer_buffer_length = out->len;
 658
 659        dev->in_urb->transfer_buffer = in->data;
 660        dev->in_urb->transfer_buffer_length = in_len;
 661
 662        print_hex_dump(KERN_DEBUG, "PN533 TX: ", DUMP_PREFIX_NONE, 16, 1,
 663                       out->data, out->len, false);
 664
 665        rc = usb_submit_urb(dev->out_urb, GFP_KERNEL);
 666        if (rc)
 667                return rc;
 668
 669        rc = pn533_submit_urb_for_ack(dev, GFP_KERNEL);
 670        if (rc)
 671                goto error;
 672
 673        return 0;
 674
 675error:
 676        usb_unlink_urb(dev->out_urb);
 677        return rc;
 678}
 679
 680static void pn533_build_cmd_frame(struct pn533 *dev, u8 cmd_code,
 681                                  struct sk_buff *skb)
 682{
 683        /* payload is already there, just update datalen */
 684        int payload_len = skb->len;
 685        struct pn533_frame_ops *ops = dev->ops;
 686
 687
 688        skb_push(skb, ops->tx_header_len);
 689        skb_put(skb, ops->tx_tail_len);
 690
 691        ops->tx_frame_init(skb->data, cmd_code);
 692        ops->tx_update_payload_len(skb->data, payload_len);
 693        ops->tx_frame_finish(skb->data);
 694}
 695
 696struct pn533_send_async_complete_arg {
 697        pn533_send_async_complete_t  complete_cb;
 698        void *complete_cb_context;
 699        struct sk_buff *resp;
 700        struct sk_buff *req;
 701};
 702
 703static int pn533_send_async_complete(struct pn533 *dev, void *_arg, int status)
 704{
 705        struct pn533_send_async_complete_arg *arg = _arg;
 706
 707        struct sk_buff *req = arg->req;
 708        struct sk_buff *resp = arg->resp;
 709
 710        int rc;
 711
 712        dev_kfree_skb(req);
 713
 714        if (status < 0) {
 715                arg->complete_cb(dev, arg->complete_cb_context,
 716                                 ERR_PTR(status));
 717                dev_kfree_skb(resp);
 718                kfree(arg);
 719                return status;
 720        }
 721
 722        skb_put(resp, dev->ops->rx_frame_size(resp->data));
 723        skb_pull(resp, dev->ops->rx_header_len);
 724        skb_trim(resp, resp->len - dev->ops->rx_tail_len);
 725
 726        rc = arg->complete_cb(dev, arg->complete_cb_context, resp);
 727
 728        kfree(arg);
 729        return rc;
 730}
 731
 732static int __pn533_send_async(struct pn533 *dev, u8 cmd_code,
 733                              struct sk_buff *req, struct sk_buff *resp,
 734                              int resp_len,
 735                              pn533_send_async_complete_t complete_cb,
 736                              void *complete_cb_context)
 737{
 738        struct pn533_cmd *cmd;
 739        struct pn533_send_async_complete_arg *arg;
 740        int rc = 0;
 741
 742        nfc_dev_dbg(&dev->interface->dev, "Sending command 0x%x", cmd_code);
 743
 744        arg = kzalloc(sizeof(*arg), GFP_KERNEL);
 745        if (!arg)
 746                return -ENOMEM;
 747
 748        arg->complete_cb = complete_cb;
 749        arg->complete_cb_context = complete_cb_context;
 750        arg->resp = resp;
 751        arg->req = req;
 752
 753        pn533_build_cmd_frame(dev, cmd_code, req);
 754
 755        mutex_lock(&dev->cmd_lock);
 756
 757        if (!dev->cmd_pending) {
 758                rc = __pn533_send_frame_async(dev, req, resp, resp_len,
 759                                              pn533_send_async_complete, arg);
 760                if (rc)
 761                        goto error;
 762
 763                dev->cmd_pending = 1;
 764                goto unlock;
 765        }
 766
 767        nfc_dev_dbg(&dev->interface->dev, "%s Queueing command 0x%x", __func__,
 768                    cmd_code);
 769
 770        cmd = kzalloc(sizeof(struct pn533_cmd), GFP_KERNEL);
 771        if (!cmd) {
 772                rc = -ENOMEM;
 773                goto error;
 774        }
 775
 776        INIT_LIST_HEAD(&cmd->queue);
 777        cmd->cmd_code = cmd_code;
 778        cmd->req = req;
 779        cmd->resp = resp;
 780        cmd->resp_len = resp_len;
 781        cmd->arg = arg;
 782
 783        list_add_tail(&cmd->queue, &dev->cmd_queue);
 784
 785        goto unlock;
 786
 787error:
 788        kfree(arg);
 789unlock:
 790        mutex_unlock(&dev->cmd_lock);
 791        return rc;
 792}
 793
 794static int pn533_send_data_async(struct pn533 *dev, u8 cmd_code,
 795                                 struct sk_buff *req,
 796                                 pn533_send_async_complete_t complete_cb,
 797                                 void *complete_cb_context)
 798{
 799        struct sk_buff *resp;
 800        int rc;
 801        int  resp_len = dev->ops->rx_header_len +
 802                        dev->ops->max_payload_len +
 803                        dev->ops->rx_tail_len;
 804
 805        resp = nfc_alloc_recv_skb(resp_len, GFP_KERNEL);
 806        if (!resp)
 807                return -ENOMEM;
 808
 809        rc = __pn533_send_async(dev, cmd_code, req, resp, resp_len, complete_cb,
 810                                complete_cb_context);
 811        if (rc)
 812                dev_kfree_skb(resp);
 813
 814        return rc;
 815}
 816
 817static int pn533_send_cmd_async(struct pn533 *dev, u8 cmd_code,
 818                                struct sk_buff *req,
 819                                pn533_send_async_complete_t complete_cb,
 820                                void *complete_cb_context)
 821{
 822        struct sk_buff *resp;
 823        int rc;
 824        int  resp_len = dev->ops->rx_header_len +
 825                        dev->ops->max_payload_len +
 826                        dev->ops->rx_tail_len;
 827
 828        resp = alloc_skb(resp_len, GFP_KERNEL);
 829        if (!resp)
 830                return -ENOMEM;
 831
 832        rc = __pn533_send_async(dev, cmd_code, req, resp, resp_len, complete_cb,
 833                                complete_cb_context);
 834        if (rc)
 835                dev_kfree_skb(resp);
 836
 837        return rc;
 838}
 839
 840/*
 841 * pn533_send_cmd_direct_async
 842 *
 843 * The function sends a piority cmd directly to the chip omiting the cmd
 844 * queue. It's intended to be used by chaining mechanism of received responses
 845 * where the host has to request every single chunk of data before scheduling
 846 * next cmd from the queue.
 847 */
 848static int pn533_send_cmd_direct_async(struct pn533 *dev, u8 cmd_code,
 849                                       struct sk_buff *req,
 850                                       pn533_send_async_complete_t complete_cb,
 851                                       void *complete_cb_context)
 852{
 853        struct pn533_send_async_complete_arg *arg;
 854        struct sk_buff *resp;
 855        int rc;
 856        int resp_len = dev->ops->rx_header_len +
 857                       dev->ops->max_payload_len +
 858                       dev->ops->rx_tail_len;
 859
 860        resp = alloc_skb(resp_len, GFP_KERNEL);
 861        if (!resp)
 862                return -ENOMEM;
 863
 864        arg = kzalloc(sizeof(*arg), GFP_KERNEL);
 865        if (!arg) {
 866                dev_kfree_skb(resp);
 867                return -ENOMEM;
 868        }
 869
 870        arg->complete_cb = complete_cb;
 871        arg->complete_cb_context = complete_cb_context;
 872        arg->resp = resp;
 873        arg->req = req;
 874
 875        pn533_build_cmd_frame(dev, cmd_code, req);
 876
 877        rc = __pn533_send_frame_async(dev, req, resp, resp_len,
 878                                      pn533_send_async_complete, arg);
 879        if (rc < 0) {
 880                dev_kfree_skb(resp);
 881                kfree(arg);
 882        }
 883
 884        return rc;
 885}
 886
 887static void pn533_wq_cmd(struct work_struct *work)
 888{
 889        struct pn533 *dev = container_of(work, struct pn533, cmd_work);
 890        struct pn533_cmd *cmd;
 891
 892        mutex_lock(&dev->cmd_lock);
 893
 894        if (list_empty(&dev->cmd_queue)) {
 895                dev->cmd_pending = 0;
 896                mutex_unlock(&dev->cmd_lock);
 897                return;
 898        }
 899
 900        cmd = list_first_entry(&dev->cmd_queue, struct pn533_cmd, queue);
 901
 902        list_del(&cmd->queue);
 903
 904        mutex_unlock(&dev->cmd_lock);
 905
 906        __pn533_send_frame_async(dev, cmd->req, cmd->resp, cmd->resp_len,
 907                                 pn533_send_async_complete, cmd->arg);
 908
 909        kfree(cmd);
 910}
 911
 912struct pn533_sync_cmd_response {
 913        struct sk_buff *resp;
 914        struct completion done;
 915};
 916
 917static int pn533_send_sync_complete(struct pn533 *dev, void *_arg,
 918                                    struct sk_buff *resp)
 919{
 920        struct pn533_sync_cmd_response *arg = _arg;
 921
 922        arg->resp = resp;
 923        complete(&arg->done);
 924
 925        return 0;
 926}
 927
 928/*  pn533_send_cmd_sync
 929 *
 930 *  Please note the req parameter is freed inside the function to
 931 *  limit a number of return value interpretations by the caller.
 932 *
 933 *  1. negative in case of error during TX path -> req should be freed
 934 *
 935 *  2. negative in case of error during RX path -> req should not be freed
 936 *     as it's been already freed at the begining of RX path by
 937 *     async_complete_cb.
 938 *
 939 *  3. valid pointer in case of succesfult RX path
 940 *
 941 *  A caller has to check a return value with IS_ERR macro. If the test pass,
 942 *  the returned pointer is valid.
 943 *
 944 * */
 945static struct sk_buff *pn533_send_cmd_sync(struct pn533 *dev, u8 cmd_code,
 946                                               struct sk_buff *req)
 947{
 948        int rc;
 949        struct pn533_sync_cmd_response arg;
 950
 951        init_completion(&arg.done);
 952
 953        rc = pn533_send_cmd_async(dev, cmd_code, req,
 954                                  pn533_send_sync_complete, &arg);
 955        if (rc) {
 956                dev_kfree_skb(req);
 957                return ERR_PTR(rc);
 958        }
 959
 960        wait_for_completion(&arg.done);
 961
 962        return arg.resp;
 963}
 964
 965static void pn533_send_complete(struct urb *urb)
 966{
 967        struct pn533 *dev = urb->context;
 968
 969        switch (urb->status) {
 970        case 0:
 971                break; /* success */
 972        case -ECONNRESET:
 973        case -ENOENT:
 974                nfc_dev_dbg(&dev->interface->dev,
 975                            "The urb has been stopped (status %d)",
 976                            urb->status);
 977                break;
 978        case -ESHUTDOWN:
 979        default:
 980                nfc_dev_err(&dev->interface->dev,
 981                            "Urb failure (status %d)", urb->status);
 982        }
 983}
 984
 985static struct sk_buff *pn533_alloc_skb(struct pn533 *dev, unsigned int size)
 986{
 987        struct sk_buff *skb;
 988
 989        skb = alloc_skb(dev->ops->tx_header_len +
 990                        size +
 991                        dev->ops->tx_tail_len, GFP_KERNEL);
 992
 993        if (skb)
 994                skb_reserve(skb, dev->ops->tx_header_len);
 995
 996        return skb;
 997}
 998
 999struct pn533_target_type_a {
1000        __be16 sens_res;
1001        u8 sel_res;
1002        u8 nfcid_len;
1003        u8 nfcid_data[];
1004} __packed;
1005
1006
1007#define PN533_TYPE_A_SENS_RES_NFCID1(x) ((u8)((be16_to_cpu(x) & 0x00C0) >> 6))
1008#define PN533_TYPE_A_SENS_RES_SSD(x) ((u8)((be16_to_cpu(x) & 0x001F) >> 0))
1009#define PN533_TYPE_A_SENS_RES_PLATCONF(x) ((u8)((be16_to_cpu(x) & 0x0F00) >> 8))
1010
1011#define PN533_TYPE_A_SENS_RES_SSD_JEWEL 0x00
1012#define PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL 0x0C
1013
1014#define PN533_TYPE_A_SEL_PROT(x) (((x) & 0x60) >> 5)
1015#define PN533_TYPE_A_SEL_CASCADE(x) (((x) & 0x04) >> 2)
1016
1017#define PN533_TYPE_A_SEL_PROT_MIFARE 0
1018#define PN533_TYPE_A_SEL_PROT_ISO14443 1
1019#define PN533_TYPE_A_SEL_PROT_DEP 2
1020#define PN533_TYPE_A_SEL_PROT_ISO14443_DEP 3
1021
1022static bool pn533_target_type_a_is_valid(struct pn533_target_type_a *type_a,
1023                                                        int target_data_len)
1024{
1025        u8 ssd;
1026        u8 platconf;
1027
1028        if (target_data_len < sizeof(struct pn533_target_type_a))
1029                return false;
1030
1031        /* The lenght check of nfcid[] and ats[] are not being performed because
1032           the values are not being used */
1033
1034        /* Requirement 4.6.3.3 from NFC Forum Digital Spec */
1035        ssd = PN533_TYPE_A_SENS_RES_SSD(type_a->sens_res);
1036        platconf = PN533_TYPE_A_SENS_RES_PLATCONF(type_a->sens_res);
1037
1038        if ((ssd == PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
1039             platconf != PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL) ||
1040            (ssd != PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
1041             platconf == PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL))
1042                return false;
1043
1044        /* Requirements 4.8.2.1, 4.8.2.3, 4.8.2.5 and 4.8.2.7 from NFC Forum */
1045        if (PN533_TYPE_A_SEL_CASCADE(type_a->sel_res) != 0)
1046                return false;
1047
1048        return true;
1049}
1050
1051static int pn533_target_found_type_a(struct nfc_target *nfc_tgt, u8 *tgt_data,
1052                                                        int tgt_data_len)
1053{
1054        struct pn533_target_type_a *tgt_type_a;
1055
1056        tgt_type_a = (struct pn533_target_type_a *)tgt_data;
1057
1058        if (!pn533_target_type_a_is_valid(tgt_type_a, tgt_data_len))
1059                return -EPROTO;
1060
1061        switch (PN533_TYPE_A_SEL_PROT(tgt_type_a->sel_res)) {
1062        case PN533_TYPE_A_SEL_PROT_MIFARE:
1063                nfc_tgt->supported_protocols = NFC_PROTO_MIFARE_MASK;
1064                break;
1065        case PN533_TYPE_A_SEL_PROT_ISO14443:
1066                nfc_tgt->supported_protocols = NFC_PROTO_ISO14443_MASK;
1067                break;
1068        case PN533_TYPE_A_SEL_PROT_DEP:
1069                nfc_tgt->supported_protocols = NFC_PROTO_NFC_DEP_MASK;
1070                break;
1071        case PN533_TYPE_A_SEL_PROT_ISO14443_DEP:
1072                nfc_tgt->supported_protocols = NFC_PROTO_ISO14443_MASK |
1073                                                        NFC_PROTO_NFC_DEP_MASK;
1074                break;
1075        }
1076
1077        nfc_tgt->sens_res = be16_to_cpu(tgt_type_a->sens_res);
1078        nfc_tgt->sel_res = tgt_type_a->sel_res;
1079        nfc_tgt->nfcid1_len = tgt_type_a->nfcid_len;
1080        memcpy(nfc_tgt->nfcid1, tgt_type_a->nfcid_data, nfc_tgt->nfcid1_len);
1081
1082        return 0;
1083}
1084
1085struct pn533_target_felica {
1086        u8 pol_res;
1087        u8 opcode;
1088        u8 nfcid2[8];
1089        u8 pad[8];
1090        /* optional */
1091        u8 syst_code[];
1092} __packed;
1093
1094#define PN533_FELICA_SENSF_NFCID2_DEP_B1 0x01
1095#define PN533_FELICA_SENSF_NFCID2_DEP_B2 0xFE
1096
1097static bool pn533_target_felica_is_valid(struct pn533_target_felica *felica,
1098                                                        int target_data_len)
1099{
1100        if (target_data_len < sizeof(struct pn533_target_felica))
1101                return false;
1102
1103        if (felica->opcode != PN533_FELICA_OPC_SENSF_RES)
1104                return false;
1105
1106        return true;
1107}
1108
1109static int pn533_target_found_felica(struct nfc_target *nfc_tgt, u8 *tgt_data,
1110                                                        int tgt_data_len)
1111{
1112        struct pn533_target_felica *tgt_felica;
1113
1114        tgt_felica = (struct pn533_target_felica *)tgt_data;
1115
1116        if (!pn533_target_felica_is_valid(tgt_felica, tgt_data_len))
1117                return -EPROTO;
1118
1119        if ((tgt_felica->nfcid2[0] == PN533_FELICA_SENSF_NFCID2_DEP_B1) &&
1120            (tgt_felica->nfcid2[1] == PN533_FELICA_SENSF_NFCID2_DEP_B2))
1121                nfc_tgt->supported_protocols = NFC_PROTO_NFC_DEP_MASK;
1122        else
1123                nfc_tgt->supported_protocols = NFC_PROTO_FELICA_MASK;
1124
1125        memcpy(nfc_tgt->sensf_res, &tgt_felica->opcode, 9);
1126        nfc_tgt->sensf_res_len = 9;
1127
1128        return 0;
1129}
1130
1131struct pn533_target_jewel {
1132        __be16 sens_res;
1133        u8 jewelid[4];
1134} __packed;
1135
1136static bool pn533_target_jewel_is_valid(struct pn533_target_jewel *jewel,
1137                                                        int target_data_len)
1138{
1139        u8 ssd;
1140        u8 platconf;
1141
1142        if (target_data_len < sizeof(struct pn533_target_jewel))
1143                return false;
1144
1145        /* Requirement 4.6.3.3 from NFC Forum Digital Spec */
1146        ssd = PN533_TYPE_A_SENS_RES_SSD(jewel->sens_res);
1147        platconf = PN533_TYPE_A_SENS_RES_PLATCONF(jewel->sens_res);
1148
1149        if ((ssd == PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
1150             platconf != PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL) ||
1151            (ssd != PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
1152             platconf == PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL))
1153                return false;
1154
1155        return true;
1156}
1157
1158static int pn533_target_found_jewel(struct nfc_target *nfc_tgt, u8 *tgt_data,
1159                                                        int tgt_data_len)
1160{
1161        struct pn533_target_jewel *tgt_jewel;
1162
1163        tgt_jewel = (struct pn533_target_jewel *)tgt_data;
1164
1165        if (!pn533_target_jewel_is_valid(tgt_jewel, tgt_data_len))
1166                return -EPROTO;
1167
1168        nfc_tgt->supported_protocols = NFC_PROTO_JEWEL_MASK;
1169        nfc_tgt->sens_res = be16_to_cpu(tgt_jewel->sens_res);
1170        nfc_tgt->nfcid1_len = 4;
1171        memcpy(nfc_tgt->nfcid1, tgt_jewel->jewelid, nfc_tgt->nfcid1_len);
1172
1173        return 0;
1174}
1175
1176struct pn533_type_b_prot_info {
1177        u8 bitrate;
1178        u8 fsci_type;
1179        u8 fwi_adc_fo;
1180} __packed;
1181
1182#define PN533_TYPE_B_PROT_FCSI(x) (((x) & 0xF0) >> 4)
1183#define PN533_TYPE_B_PROT_TYPE(x) (((x) & 0x0F) >> 0)
1184#define PN533_TYPE_B_PROT_TYPE_RFU_MASK 0x8
1185
1186struct pn533_type_b_sens_res {
1187        u8 opcode;
1188        u8 nfcid[4];
1189        u8 appdata[4];
1190        struct pn533_type_b_prot_info prot_info;
1191} __packed;
1192
1193#define PN533_TYPE_B_OPC_SENSB_RES 0x50
1194
1195struct pn533_target_type_b {
1196        struct pn533_type_b_sens_res sensb_res;
1197        u8 attrib_res_len;
1198        u8 attrib_res[];
1199} __packed;
1200
1201static bool pn533_target_type_b_is_valid(struct pn533_target_type_b *type_b,
1202                                                        int target_data_len)
1203{
1204        if (target_data_len < sizeof(struct pn533_target_type_b))
1205                return false;
1206
1207        if (type_b->sensb_res.opcode != PN533_TYPE_B_OPC_SENSB_RES)
1208                return false;
1209
1210        if (PN533_TYPE_B_PROT_TYPE(type_b->sensb_res.prot_info.fsci_type) &
1211                                                PN533_TYPE_B_PROT_TYPE_RFU_MASK)
1212                return false;
1213
1214        return true;
1215}
1216
1217static int pn533_target_found_type_b(struct nfc_target *nfc_tgt, u8 *tgt_data,
1218                                                        int tgt_data_len)
1219{
1220        struct pn533_target_type_b *tgt_type_b;
1221
1222        tgt_type_b = (struct pn533_target_type_b *)tgt_data;
1223
1224        if (!pn533_target_type_b_is_valid(tgt_type_b, tgt_data_len))
1225                return -EPROTO;
1226
1227        nfc_tgt->supported_protocols = NFC_PROTO_ISO14443_B_MASK;
1228
1229        return 0;
1230}
1231
1232static int pn533_target_found(struct pn533 *dev, u8 tg, u8 *tgdata,
1233                              int tgdata_len)
1234{
1235        struct nfc_target nfc_tgt;
1236        int rc;
1237
1238        nfc_dev_dbg(&dev->interface->dev, "%s - modulation=%d", __func__,
1239                    dev->poll_mod_curr);
1240
1241        if (tg != 1)
1242                return -EPROTO;
1243
1244        memset(&nfc_tgt, 0, sizeof(struct nfc_target));
1245
1246        switch (dev->poll_mod_curr) {
1247        case PN533_POLL_MOD_106KBPS_A:
1248                rc = pn533_target_found_type_a(&nfc_tgt, tgdata, tgdata_len);
1249                break;
1250        case PN533_POLL_MOD_212KBPS_FELICA:
1251        case PN533_POLL_MOD_424KBPS_FELICA:
1252                rc = pn533_target_found_felica(&nfc_tgt, tgdata, tgdata_len);
1253                break;
1254        case PN533_POLL_MOD_106KBPS_JEWEL:
1255                rc = pn533_target_found_jewel(&nfc_tgt, tgdata, tgdata_len);
1256                break;
1257        case PN533_POLL_MOD_847KBPS_B:
1258                rc = pn533_target_found_type_b(&nfc_tgt, tgdata, tgdata_len);
1259                break;
1260        default:
1261                nfc_dev_err(&dev->interface->dev,
1262                            "Unknown current poll modulation");
1263                return -EPROTO;
1264        }
1265
1266        if (rc)
1267                return rc;
1268
1269        if (!(nfc_tgt.supported_protocols & dev->poll_protocols)) {
1270                nfc_dev_dbg(&dev->interface->dev,
1271                            "The Tg found doesn't have the desired protocol");
1272                return -EAGAIN;
1273        }
1274
1275        nfc_dev_dbg(&dev->interface->dev,
1276                    "Target found - supported protocols: 0x%x",
1277                    nfc_tgt.supported_protocols);
1278
1279        dev->tgt_available_prots = nfc_tgt.supported_protocols;
1280
1281        nfc_targets_found(dev->nfc_dev, &nfc_tgt, 1);
1282
1283        return 0;
1284}
1285
1286static inline void pn533_poll_next_mod(struct pn533 *dev)
1287{
1288        dev->poll_mod_curr = (dev->poll_mod_curr + 1) % dev->poll_mod_count;
1289}
1290
1291static void pn533_poll_reset_mod_list(struct pn533 *dev)
1292{
1293        dev->poll_mod_count = 0;
1294}
1295
1296static void pn533_poll_add_mod(struct pn533 *dev, u8 mod_index)
1297{
1298        dev->poll_mod_active[dev->poll_mod_count] =
1299                (struct pn533_poll_modulations *)&poll_mod[mod_index];
1300        dev->poll_mod_count++;
1301}
1302
1303static void pn533_poll_create_mod_list(struct pn533 *dev,
1304                                       u32 im_protocols, u32 tm_protocols)
1305{
1306        pn533_poll_reset_mod_list(dev);
1307
1308        if ((im_protocols & NFC_PROTO_MIFARE_MASK) ||
1309            (im_protocols & NFC_PROTO_ISO14443_MASK) ||
1310            (im_protocols & NFC_PROTO_NFC_DEP_MASK))
1311                pn533_poll_add_mod(dev, PN533_POLL_MOD_106KBPS_A);
1312
1313        if (im_protocols & NFC_PROTO_FELICA_MASK ||
1314            im_protocols & NFC_PROTO_NFC_DEP_MASK) {
1315                pn533_poll_add_mod(dev, PN533_POLL_MOD_212KBPS_FELICA);
1316                pn533_poll_add_mod(dev, PN533_POLL_MOD_424KBPS_FELICA);
1317        }
1318
1319        if (im_protocols & NFC_PROTO_JEWEL_MASK)
1320                pn533_poll_add_mod(dev, PN533_POLL_MOD_106KBPS_JEWEL);
1321
1322        if (im_protocols & NFC_PROTO_ISO14443_B_MASK)
1323                pn533_poll_add_mod(dev, PN533_POLL_MOD_847KBPS_B);
1324
1325        if (tm_protocols)
1326                pn533_poll_add_mod(dev, PN533_LISTEN_MOD);
1327}
1328
1329static int pn533_start_poll_complete(struct pn533 *dev, struct sk_buff *resp)
1330{
1331        u8 nbtg, tg, *tgdata;
1332        int rc, tgdata_len;
1333
1334        nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1335
1336        nbtg = resp->data[0];
1337        tg = resp->data[1];
1338        tgdata = &resp->data[2];
1339        tgdata_len = resp->len - 2;  /* nbtg + tg */
1340
1341        if (nbtg) {
1342                rc = pn533_target_found(dev, tg, tgdata, tgdata_len);
1343
1344                /* We must stop the poll after a valid target found */
1345                if (rc == 0) {
1346                        pn533_poll_reset_mod_list(dev);
1347                        return 0;
1348                }
1349        }
1350
1351        return -EAGAIN;
1352}
1353
1354static struct sk_buff *pn533_alloc_poll_tg_frame(struct pn533 *dev)
1355{
1356        struct sk_buff *skb;
1357        u8 *felica, *nfcid3, *gb;
1358
1359        u8 *gbytes = dev->gb;
1360        size_t gbytes_len = dev->gb_len;
1361
1362        u8 felica_params[18] = {0x1, 0xfe, /* DEP */
1363                                0x0, 0x0, 0x0, 0x0, 0x0, 0x0, /* random */
1364                                0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
1365                                0xff, 0xff}; /* System code */
1366
1367        u8 mifare_params[6] = {0x1, 0x1, /* SENS_RES */
1368                               0x0, 0x0, 0x0,
1369                               0x40}; /* SEL_RES for DEP */
1370
1371        unsigned int skb_len = 36 + /* mode (1), mifare (6),
1372                                       felica (18), nfcid3 (10), gb_len (1) */
1373                               gbytes_len +
1374                               1;  /* len Tk*/
1375
1376        skb = pn533_alloc_skb(dev, skb_len);
1377        if (!skb)
1378                return NULL;
1379
1380        /* DEP support only */
1381        *skb_put(skb, 1) = PN533_INIT_TARGET_DEP;
1382
1383        /* MIFARE params */
1384        memcpy(skb_put(skb, 6), mifare_params, 6);
1385
1386        /* Felica params */
1387        felica = skb_put(skb, 18);
1388        memcpy(felica, felica_params, 18);
1389        get_random_bytes(felica + 2, 6);
1390
1391        /* NFCID3 */
1392        nfcid3 = skb_put(skb, 10);
1393        memset(nfcid3, 0, 10);
1394        memcpy(nfcid3, felica, 8);
1395
1396        /* General bytes */
1397        *skb_put(skb, 1) = gbytes_len;
1398
1399        gb = skb_put(skb, gbytes_len);
1400        memcpy(gb, gbytes, gbytes_len);
1401
1402        /* Len Tk */
1403        *skb_put(skb, 1) = 0;
1404
1405        return skb;
1406}
1407
1408#define PN533_CMD_DATAEXCH_HEAD_LEN 1
1409#define PN533_CMD_DATAEXCH_DATA_MAXLEN 262
1410static int pn533_tm_get_data_complete(struct pn533 *dev, void *arg,
1411                                      struct sk_buff *resp)
1412{
1413        u8 status;
1414
1415        nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1416
1417        if (IS_ERR(resp))
1418                return PTR_ERR(resp);
1419
1420        status = resp->data[0];
1421        skb_pull(resp, sizeof(status));
1422
1423        if (status != 0) {
1424                nfc_tm_deactivated(dev->nfc_dev);
1425                dev->tgt_mode = 0;
1426                dev_kfree_skb(resp);
1427                return 0;
1428        }
1429
1430        return nfc_tm_data_received(dev->nfc_dev, resp);
1431}
1432
1433static void pn533_wq_tg_get_data(struct work_struct *work)
1434{
1435        struct pn533 *dev = container_of(work, struct pn533, tg_work);
1436
1437        struct sk_buff *skb;
1438        int rc;
1439
1440        nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1441
1442        skb = pn533_alloc_skb(dev, 0);
1443        if (!skb)
1444                return;
1445
1446        rc = pn533_send_data_async(dev, PN533_CMD_TG_GET_DATA, skb,
1447                                   pn533_tm_get_data_complete, NULL);
1448
1449        if (rc < 0)
1450                dev_kfree_skb(skb);
1451
1452        return;
1453}
1454
1455#define ATR_REQ_GB_OFFSET 17
1456static int pn533_init_target_complete(struct pn533 *dev, struct sk_buff *resp)
1457{
1458        u8 mode, *cmd, comm_mode = NFC_COMM_PASSIVE, *gb;
1459        size_t gb_len;
1460        int rc;
1461
1462        nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1463
1464        if (resp->len < ATR_REQ_GB_OFFSET + 1)
1465                return -EINVAL;
1466
1467        mode = resp->data[0];
1468        cmd = &resp->data[1];
1469
1470        nfc_dev_dbg(&dev->interface->dev, "Target mode 0x%x len %d\n",
1471                    mode, resp->len);
1472
1473        if ((mode & PN533_INIT_TARGET_RESP_FRAME_MASK) ==
1474            PN533_INIT_TARGET_RESP_ACTIVE)
1475                comm_mode = NFC_COMM_ACTIVE;
1476
1477        if ((mode & PN533_INIT_TARGET_RESP_DEP) == 0)  /* Only DEP supported */
1478                return -EOPNOTSUPP;
1479
1480        gb = cmd + ATR_REQ_GB_OFFSET;
1481        gb_len = resp->len - (ATR_REQ_GB_OFFSET + 1);
1482
1483        rc = nfc_tm_activated(dev->nfc_dev, NFC_PROTO_NFC_DEP_MASK,
1484                              comm_mode, gb, gb_len);
1485        if (rc < 0) {
1486                nfc_dev_err(&dev->interface->dev,
1487                            "Error when signaling target activation");
1488                return rc;
1489        }
1490
1491        dev->tgt_mode = 1;
1492        queue_work(dev->wq, &dev->tg_work);
1493
1494        return 0;
1495}
1496
1497static void pn533_listen_mode_timer(unsigned long data)
1498{
1499        struct pn533 *dev = (struct pn533 *)data;
1500
1501        nfc_dev_dbg(&dev->interface->dev, "Listen mode timeout");
1502
1503        /* An ack will cancel the last issued command (poll) */
1504        pn533_send_ack(dev, GFP_ATOMIC);
1505
1506        dev->cancel_listen = 1;
1507
1508        pn533_poll_next_mod(dev);
1509
1510        queue_work(dev->wq, &dev->poll_work);
1511}
1512
1513static int pn533_poll_complete(struct pn533 *dev, void *arg,
1514                               struct sk_buff *resp)
1515{
1516        struct pn533_poll_modulations *cur_mod;
1517        int rc;
1518
1519        nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1520
1521        if (IS_ERR(resp)) {
1522                rc = PTR_ERR(resp);
1523
1524                nfc_dev_err(&dev->interface->dev, "%s  Poll complete error %d",
1525                            __func__, rc);
1526
1527                if (rc == -ENOENT) {
1528                        if (dev->poll_mod_count != 0)
1529                                return rc;
1530                        else
1531                                goto stop_poll;
1532                } else if (rc < 0) {
1533                        nfc_dev_err(&dev->interface->dev,
1534                                    "Error %d when running poll", rc);
1535                        goto stop_poll;
1536                }
1537        }
1538
1539        cur_mod = dev->poll_mod_active[dev->poll_mod_curr];
1540
1541        if (cur_mod->len == 0) { /* Target mode */
1542                del_timer(&dev->listen_timer);
1543                rc = pn533_init_target_complete(dev, resp);
1544                goto done;
1545        }
1546
1547        /* Initiator mode */
1548        rc = pn533_start_poll_complete(dev, resp);
1549        if (!rc)
1550                goto done;
1551
1552        pn533_poll_next_mod(dev);
1553        queue_work(dev->wq, &dev->poll_work);
1554
1555done:
1556        dev_kfree_skb(resp);
1557        return rc;
1558
1559stop_poll:
1560        nfc_dev_err(&dev->interface->dev, "Polling operation has been stopped");
1561
1562        pn533_poll_reset_mod_list(dev);
1563        dev->poll_protocols = 0;
1564        return rc;
1565}
1566
1567static struct sk_buff *pn533_alloc_poll_in_frame(struct pn533 *dev,
1568                                        struct pn533_poll_modulations *mod)
1569{
1570        struct sk_buff *skb;
1571
1572        skb = pn533_alloc_skb(dev, mod->len);
1573        if (!skb)
1574                return NULL;
1575
1576        memcpy(skb_put(skb, mod->len), &mod->data, mod->len);
1577
1578        return skb;
1579}
1580
1581static int pn533_send_poll_frame(struct pn533 *dev)
1582{
1583        struct pn533_poll_modulations *mod;
1584        struct sk_buff *skb;
1585        int rc;
1586        u8 cmd_code;
1587
1588        mod = dev->poll_mod_active[dev->poll_mod_curr];
1589
1590        nfc_dev_dbg(&dev->interface->dev, "%s mod len %d\n",
1591                    __func__, mod->len);
1592
1593        if (mod->len == 0) {  /* Listen mode */
1594                cmd_code = PN533_CMD_TG_INIT_AS_TARGET;
1595                skb = pn533_alloc_poll_tg_frame(dev);
1596        } else {  /* Polling mode */
1597                cmd_code =  PN533_CMD_IN_LIST_PASSIVE_TARGET;
1598                skb = pn533_alloc_poll_in_frame(dev, mod);
1599        }
1600
1601        if (!skb) {
1602                nfc_dev_err(&dev->interface->dev, "Failed to allocate skb.");
1603                return -ENOMEM;
1604        }
1605
1606        rc = pn533_send_cmd_async(dev, cmd_code, skb, pn533_poll_complete,
1607                                  NULL);
1608        if (rc < 0) {
1609                dev_kfree_skb(skb);
1610                nfc_dev_err(&dev->interface->dev, "Polling loop error %d", rc);
1611        }
1612
1613        return rc;
1614}
1615
1616static void pn533_wq_poll(struct work_struct *work)
1617{
1618        struct pn533 *dev = container_of(work, struct pn533, poll_work);
1619        struct pn533_poll_modulations *cur_mod;
1620        int rc;
1621
1622        cur_mod = dev->poll_mod_active[dev->poll_mod_curr];
1623
1624        nfc_dev_dbg(&dev->interface->dev,
1625                    "%s cancel_listen %d modulation len %d",
1626                    __func__, dev->cancel_listen, cur_mod->len);
1627
1628        if (dev->cancel_listen == 1) {
1629                dev->cancel_listen = 0;
1630                usb_kill_urb(dev->in_urb);
1631        }
1632
1633        rc = pn533_send_poll_frame(dev);
1634        if (rc)
1635                return;
1636
1637        if (cur_mod->len == 0 && dev->poll_mod_count > 1)
1638                mod_timer(&dev->listen_timer, jiffies + PN533_LISTEN_TIME * HZ);
1639
1640        return;
1641}
1642
1643static int pn533_start_poll(struct nfc_dev *nfc_dev,
1644                            u32 im_protocols, u32 tm_protocols)
1645{
1646        struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1647
1648        nfc_dev_dbg(&dev->interface->dev,
1649                    "%s: im protocols 0x%x tm protocols 0x%x",
1650                    __func__, im_protocols, tm_protocols);
1651
1652        if (dev->tgt_active_prot) {
1653                nfc_dev_err(&dev->interface->dev,
1654                            "Cannot poll with a target already activated");
1655                return -EBUSY;
1656        }
1657
1658        if (dev->tgt_mode) {
1659                nfc_dev_err(&dev->interface->dev,
1660                            "Cannot poll while already being activated");
1661                return -EBUSY;
1662        }
1663
1664        if (tm_protocols) {
1665                dev->gb = nfc_get_local_general_bytes(nfc_dev, &dev->gb_len);
1666                if (dev->gb == NULL)
1667                        tm_protocols = 0;
1668        }
1669
1670        dev->poll_mod_curr = 0;
1671        pn533_poll_create_mod_list(dev, im_protocols, tm_protocols);
1672        dev->poll_protocols = im_protocols;
1673        dev->listen_protocols = tm_protocols;
1674
1675        return pn533_send_poll_frame(dev);
1676}
1677
1678static void pn533_stop_poll(struct nfc_dev *nfc_dev)
1679{
1680        struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1681
1682        nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1683
1684        del_timer(&dev->listen_timer);
1685
1686        if (!dev->poll_mod_count) {
1687                nfc_dev_dbg(&dev->interface->dev,
1688                            "Polling operation was not running");
1689                return;
1690        }
1691
1692        /* An ack will cancel the last issued command (poll) */
1693        pn533_send_ack(dev, GFP_KERNEL);
1694
1695        /* prevent pn533_start_poll_complete to issue a new poll meanwhile */
1696        usb_kill_urb(dev->in_urb);
1697
1698        pn533_poll_reset_mod_list(dev);
1699}
1700
1701static int pn533_activate_target_nfcdep(struct pn533 *dev)
1702{
1703        struct pn533_cmd_activate_response *rsp;
1704        u16 gt_len;
1705        int rc;
1706
1707        struct sk_buff *skb;
1708        struct sk_buff *resp;
1709
1710        nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1711
1712        skb = pn533_alloc_skb(dev, sizeof(u8) * 2); /*TG + Next*/
1713        if (!skb)
1714                return -ENOMEM;
1715
1716        *skb_put(skb, sizeof(u8)) = 1; /* TG */
1717        *skb_put(skb, sizeof(u8)) = 0; /* Next */
1718
1719        resp = pn533_send_cmd_sync(dev, PN533_CMD_IN_ATR, skb);
1720        if (IS_ERR(resp))
1721                return PTR_ERR(resp);
1722
1723        rsp = (struct pn533_cmd_activate_response *)resp->data;
1724        rc = rsp->status & PN533_CMD_RET_MASK;
1725        if (rc != PN533_CMD_RET_SUCCESS) {
1726                dev_kfree_skb(resp);
1727                return -EIO;
1728        }
1729
1730        /* ATR_RES general bytes are located at offset 16 */
1731        gt_len = resp->len - 16;
1732        rc = nfc_set_remote_general_bytes(dev->nfc_dev, rsp->gt, gt_len);
1733
1734        dev_kfree_skb(resp);
1735        return rc;
1736}
1737
1738static int pn533_activate_target(struct nfc_dev *nfc_dev,
1739                                 struct nfc_target *target, u32 protocol)
1740{
1741        struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1742        int rc;
1743
1744        nfc_dev_dbg(&dev->interface->dev, "%s - protocol=%u", __func__,
1745                    protocol);
1746
1747        if (dev->poll_mod_count) {
1748                nfc_dev_err(&dev->interface->dev,
1749                            "Cannot activate while polling");
1750                return -EBUSY;
1751        }
1752
1753        if (dev->tgt_active_prot) {
1754                nfc_dev_err(&dev->interface->dev,
1755                            "There is already an active target");
1756                return -EBUSY;
1757        }
1758
1759        if (!dev->tgt_available_prots) {
1760                nfc_dev_err(&dev->interface->dev,
1761                            "There is no available target to activate");
1762                return -EINVAL;
1763        }
1764
1765        if (!(dev->tgt_available_prots & (1 << protocol))) {
1766                nfc_dev_err(&dev->interface->dev,
1767                            "Target doesn't support requested proto %u",
1768                            protocol);
1769                return -EINVAL;
1770        }
1771
1772        if (protocol == NFC_PROTO_NFC_DEP) {
1773                rc = pn533_activate_target_nfcdep(dev);
1774                if (rc) {
1775                        nfc_dev_err(&dev->interface->dev,
1776                                    "Activating target with DEP failed %d", rc);
1777                        return rc;
1778                }
1779        }
1780
1781        dev->tgt_active_prot = protocol;
1782        dev->tgt_available_prots = 0;
1783
1784        return 0;
1785}
1786
1787static void pn533_deactivate_target(struct nfc_dev *nfc_dev,
1788                                    struct nfc_target *target)
1789{
1790        struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1791
1792        struct sk_buff *skb;
1793        struct sk_buff *resp;
1794
1795        int rc;
1796
1797        nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1798
1799        if (!dev->tgt_active_prot) {
1800                nfc_dev_err(&dev->interface->dev, "There is no active target");
1801                return;
1802        }
1803
1804        dev->tgt_active_prot = 0;
1805        skb_queue_purge(&dev->resp_q);
1806
1807        skb = pn533_alloc_skb(dev, sizeof(u8));
1808        if (!skb)
1809                return;
1810
1811        *skb_put(skb, 1) = 1; /* TG*/
1812
1813        resp = pn533_send_cmd_sync(dev, PN533_CMD_IN_RELEASE, skb);
1814        if (IS_ERR(resp))
1815                return;
1816
1817        rc = resp->data[0] & PN533_CMD_RET_MASK;
1818        if (rc != PN533_CMD_RET_SUCCESS)
1819                nfc_dev_err(&dev->interface->dev,
1820                            "Error 0x%x when releasing the target", rc);
1821
1822        dev_kfree_skb(resp);
1823        return;
1824}
1825
1826
1827static int pn533_in_dep_link_up_complete(struct pn533 *dev, void *arg,
1828                                         struct sk_buff *resp)
1829{
1830        struct pn533_cmd_jump_dep_response *rsp;
1831        u8 target_gt_len;
1832        int rc;
1833        u8 active = *(u8 *)arg;
1834
1835        kfree(arg);
1836
1837        if (IS_ERR(resp))
1838                return PTR_ERR(resp);
1839
1840        if (dev->tgt_available_prots &&
1841            !(dev->tgt_available_prots & (1 << NFC_PROTO_NFC_DEP))) {
1842                nfc_dev_err(&dev->interface->dev,
1843                            "The target does not support DEP");
1844                rc =  -EINVAL;
1845                goto error;
1846        }
1847
1848        rsp = (struct pn533_cmd_jump_dep_response *)resp->data;
1849
1850        rc = rsp->status & PN533_CMD_RET_MASK;
1851        if (rc != PN533_CMD_RET_SUCCESS) {
1852                nfc_dev_err(&dev->interface->dev,
1853                            "Bringing DEP link up failed %d", rc);
1854                goto error;
1855        }
1856
1857        if (!dev->tgt_available_prots) {
1858                struct nfc_target nfc_target;
1859
1860                nfc_dev_dbg(&dev->interface->dev, "Creating new target");
1861
1862                nfc_target.supported_protocols = NFC_PROTO_NFC_DEP_MASK;
1863                nfc_target.nfcid1_len = 10;
1864                memcpy(nfc_target.nfcid1, rsp->nfcid3t, nfc_target.nfcid1_len);
1865                rc = nfc_targets_found(dev->nfc_dev, &nfc_target, 1);
1866                if (rc)
1867                        goto error;
1868
1869                dev->tgt_available_prots = 0;
1870        }
1871
1872        dev->tgt_active_prot = NFC_PROTO_NFC_DEP;
1873
1874        /* ATR_RES general bytes are located at offset 17 */
1875        target_gt_len = resp->len - 17;
1876        rc = nfc_set_remote_general_bytes(dev->nfc_dev,
1877                                          rsp->gt, target_gt_len);
1878        if (rc == 0)
1879                rc = nfc_dep_link_is_up(dev->nfc_dev,
1880                                        dev->nfc_dev->targets[0].idx,
1881                                        !active, NFC_RF_INITIATOR);
1882
1883error:
1884        dev_kfree_skb(resp);
1885        return rc;
1886}
1887
1888static int pn533_mod_to_baud(struct pn533 *dev)
1889{
1890        switch (dev->poll_mod_curr) {
1891        case PN533_POLL_MOD_106KBPS_A:
1892                return 0;
1893        case PN533_POLL_MOD_212KBPS_FELICA:
1894                return 1;
1895        case PN533_POLL_MOD_424KBPS_FELICA:
1896                return 2;
1897        default:
1898                return -EINVAL;
1899        }
1900}
1901
1902#define PASSIVE_DATA_LEN 5
1903static int pn533_dep_link_up(struct nfc_dev *nfc_dev, struct nfc_target *target,
1904                             u8 comm_mode, u8 *gb, size_t gb_len)
1905{
1906        struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1907        struct sk_buff *skb;
1908        int rc, baud, skb_len;
1909        u8 *next, *arg;
1910
1911        u8 passive_data[PASSIVE_DATA_LEN] = {0x00, 0xff, 0xff, 0x00, 0x3};
1912
1913        nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1914
1915        if (dev->poll_mod_count) {
1916                nfc_dev_err(&dev->interface->dev,
1917                            "Cannot bring the DEP link up while polling");
1918                return -EBUSY;
1919        }
1920
1921        if (dev->tgt_active_prot) {
1922                nfc_dev_err(&dev->interface->dev,
1923                            "There is already an active target");
1924                return -EBUSY;
1925        }
1926
1927        baud = pn533_mod_to_baud(dev);
1928        if (baud < 0) {
1929                nfc_dev_err(&dev->interface->dev,
1930                            "Invalid curr modulation %d", dev->poll_mod_curr);
1931                return baud;
1932        }
1933
1934        skb_len = 3 + gb_len; /* ActPass + BR + Next */
1935        if (comm_mode == NFC_COMM_PASSIVE)
1936                skb_len += PASSIVE_DATA_LEN;
1937
1938        skb = pn533_alloc_skb(dev, skb_len);
1939        if (!skb)
1940                return -ENOMEM;
1941
1942        *skb_put(skb, 1) = !comm_mode;  /* ActPass */
1943        *skb_put(skb, 1) = baud;  /* Baud rate */
1944
1945        next = skb_put(skb, 1);  /* Next */
1946        *next = 0;
1947
1948        if (comm_mode == NFC_COMM_PASSIVE && baud > 0) {
1949                memcpy(skb_put(skb, PASSIVE_DATA_LEN), passive_data,
1950                       PASSIVE_DATA_LEN);
1951                *next |= 1;
1952        }
1953
1954        if (gb != NULL && gb_len > 0) {
1955                memcpy(skb_put(skb, gb_len), gb, gb_len);
1956                *next |= 4; /* We have some Gi */
1957        } else {
1958                *next = 0;
1959        }
1960
1961        arg = kmalloc(sizeof(*arg), GFP_KERNEL);
1962        if (!arg) {
1963                dev_kfree_skb(skb);
1964                return -ENOMEM;
1965        }
1966
1967        *arg = !comm_mode;
1968
1969        rc = pn533_send_cmd_async(dev, PN533_CMD_IN_JUMP_FOR_DEP, skb,
1970                                  pn533_in_dep_link_up_complete, arg);
1971
1972        if (rc < 0) {
1973                dev_kfree_skb(skb);
1974                kfree(arg);
1975        }
1976
1977        return rc;
1978}
1979
1980static int pn533_dep_link_down(struct nfc_dev *nfc_dev)
1981{
1982        struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1983
1984        nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1985
1986        pn533_poll_reset_mod_list(dev);
1987
1988        if (dev->tgt_mode || dev->tgt_active_prot) {
1989                pn533_send_ack(dev, GFP_KERNEL);
1990                usb_kill_urb(dev->in_urb);
1991        }
1992
1993        dev->tgt_active_prot = 0;
1994        dev->tgt_mode = 0;
1995
1996        skb_queue_purge(&dev->resp_q);
1997
1998        return 0;
1999}
2000
2001struct pn533_data_exchange_arg {
2002        data_exchange_cb_t cb;
2003        void *cb_context;
2004};
2005
2006static struct sk_buff *pn533_build_response(struct pn533 *dev)
2007{
2008        struct sk_buff *skb, *tmp, *t;
2009        unsigned int skb_len = 0, tmp_len = 0;
2010
2011        nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2012
2013        if (skb_queue_empty(&dev->resp_q))
2014                return NULL;
2015
2016        if (skb_queue_len(&dev->resp_q) == 1) {
2017                skb = skb_dequeue(&dev->resp_q);
2018                goto out;
2019        }
2020
2021        skb_queue_walk_safe(&dev->resp_q, tmp, t)
2022                skb_len += tmp->len;
2023
2024        nfc_dev_dbg(&dev->interface->dev, "%s total length %d\n",
2025                    __func__, skb_len);
2026
2027        skb = alloc_skb(skb_len, GFP_KERNEL);
2028        if (skb == NULL)
2029                goto out;
2030
2031        skb_put(skb, skb_len);
2032
2033        skb_queue_walk_safe(&dev->resp_q, tmp, t) {
2034                memcpy(skb->data + tmp_len, tmp->data, tmp->len);
2035                tmp_len += tmp->len;
2036        }
2037
2038out:
2039        skb_queue_purge(&dev->resp_q);
2040
2041        return skb;
2042}
2043
2044static int pn533_data_exchange_complete(struct pn533 *dev, void *_arg,
2045                                        struct sk_buff *resp)
2046{
2047        struct pn533_data_exchange_arg *arg = _arg;
2048        struct sk_buff *skb;
2049        int rc = 0;
2050        u8 status, ret, mi;
2051
2052        nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2053
2054        if (IS_ERR(resp)) {
2055                rc = PTR_ERR(resp);
2056                goto _error;
2057        }
2058
2059        status = resp->data[0];
2060        ret = status & PN533_CMD_RET_MASK;
2061        mi = status & PN533_CMD_MI_MASK;
2062
2063        skb_pull(resp, sizeof(status));
2064
2065        if (ret != PN533_CMD_RET_SUCCESS) {
2066                nfc_dev_err(&dev->interface->dev,
2067                            "PN533 reported error %d when exchanging data",
2068                            ret);
2069                rc = -EIO;
2070                goto error;
2071        }
2072
2073        skb_queue_tail(&dev->resp_q, resp);
2074
2075        if (mi) {
2076                dev->cmd_complete_mi_arg = arg;
2077                queue_work(dev->wq, &dev->mi_work);
2078                return -EINPROGRESS;
2079        }
2080
2081        skb = pn533_build_response(dev);
2082        if (!skb)
2083                goto error;
2084
2085        arg->cb(arg->cb_context, skb, 0);
2086        kfree(arg);
2087        return 0;
2088
2089error:
2090        dev_kfree_skb(resp);
2091_error:
2092        skb_queue_purge(&dev->resp_q);
2093        arg->cb(arg->cb_context, NULL, rc);
2094        kfree(arg);
2095        return rc;
2096}
2097
2098static int pn533_transceive(struct nfc_dev *nfc_dev,
2099                            struct nfc_target *target, struct sk_buff *skb,
2100                            data_exchange_cb_t cb, void *cb_context)
2101{
2102        struct pn533 *dev = nfc_get_drvdata(nfc_dev);
2103        struct pn533_data_exchange_arg *arg = NULL;
2104        int rc;
2105
2106        nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2107
2108        if (skb->len > PN533_CMD_DATAEXCH_DATA_MAXLEN) {
2109                /* TODO: Implement support to multi-part data exchange */
2110                nfc_dev_err(&dev->interface->dev,
2111                            "Data length greater than the max allowed: %d",
2112                            PN533_CMD_DATAEXCH_DATA_MAXLEN);
2113                rc = -ENOSYS;
2114                goto error;
2115        }
2116
2117        if (!dev->tgt_active_prot) {
2118                nfc_dev_err(&dev->interface->dev,
2119                            "Can't exchange data if there is no active target");
2120                rc = -EINVAL;
2121                goto error;
2122        }
2123
2124        arg = kmalloc(sizeof(*arg), GFP_KERNEL);
2125        if (!arg) {
2126                rc = -ENOMEM;
2127                goto error;
2128        }
2129
2130        arg->cb = cb;
2131        arg->cb_context = cb_context;
2132
2133        switch (dev->device_type) {
2134        case PN533_DEVICE_PASORI:
2135                if (dev->tgt_active_prot == NFC_PROTO_FELICA) {
2136                        rc = pn533_send_data_async(dev, PN533_CMD_IN_COMM_THRU,
2137                                                   skb,
2138                                                   pn533_data_exchange_complete,
2139                                                   arg);
2140
2141                        break;
2142                }
2143        default:
2144                *skb_push(skb, sizeof(u8)) =  1; /*TG*/
2145
2146                rc = pn533_send_data_async(dev, PN533_CMD_IN_DATA_EXCHANGE,
2147                                           skb, pn533_data_exchange_complete,
2148                                           arg);
2149
2150                break;
2151        }
2152
2153        if (rc < 0) /* rc from send_async */
2154                goto error;
2155
2156        return 0;
2157
2158error:
2159        kfree(arg);
2160        dev_kfree_skb(skb);
2161        return rc;
2162}
2163
2164static int pn533_tm_send_complete(struct pn533 *dev, void *arg,
2165                                  struct sk_buff *resp)
2166{
2167        u8 status;
2168
2169        nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2170
2171        if (IS_ERR(resp))
2172                return PTR_ERR(resp);
2173
2174        status = resp->data[0];
2175
2176        dev_kfree_skb(resp);
2177
2178        if (status != 0) {
2179                nfc_tm_deactivated(dev->nfc_dev);
2180
2181                dev->tgt_mode = 0;
2182
2183                return 0;
2184        }
2185
2186        queue_work(dev->wq, &dev->tg_work);
2187
2188        return 0;
2189}
2190
2191static int pn533_tm_send(struct nfc_dev *nfc_dev, struct sk_buff *skb)
2192{
2193        struct pn533 *dev = nfc_get_drvdata(nfc_dev);
2194        int rc;
2195
2196        nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2197
2198        if (skb->len > PN533_CMD_DATAEXCH_DATA_MAXLEN) {
2199                nfc_dev_err(&dev->interface->dev,
2200                            "Data length greater than the max allowed: %d",
2201                            PN533_CMD_DATAEXCH_DATA_MAXLEN);
2202                return -ENOSYS;
2203        }
2204
2205        rc = pn533_send_data_async(dev, PN533_CMD_TG_SET_DATA, skb,
2206                                   pn533_tm_send_complete, NULL);
2207        if (rc < 0)
2208                dev_kfree_skb(skb);
2209
2210        return rc;
2211}
2212
2213static void pn533_wq_mi_recv(struct work_struct *work)
2214{
2215        struct pn533 *dev = container_of(work, struct pn533, mi_work);
2216
2217        struct sk_buff *skb;
2218        int rc;
2219
2220        nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2221
2222        skb = pn533_alloc_skb(dev, PN533_CMD_DATAEXCH_HEAD_LEN);
2223        if (!skb)
2224                goto error;
2225
2226        switch (dev->device_type) {
2227        case PN533_DEVICE_PASORI:
2228                if (dev->tgt_active_prot == NFC_PROTO_FELICA) {
2229                        rc = pn533_send_cmd_direct_async(dev,
2230                                                PN533_CMD_IN_COMM_THRU,
2231                                                skb,
2232                                                pn533_data_exchange_complete,
2233                                                 dev->cmd_complete_mi_arg);
2234
2235                        break;
2236                }
2237        default:
2238                *skb_put(skb, sizeof(u8)) =  1; /*TG*/
2239
2240                rc = pn533_send_cmd_direct_async(dev,
2241                                                 PN533_CMD_IN_DATA_EXCHANGE,
2242                                                 skb,
2243                                                 pn533_data_exchange_complete,
2244                                                 dev->cmd_complete_mi_arg);
2245
2246                break;
2247        }
2248
2249        if (rc == 0) /* success */
2250                return;
2251
2252        nfc_dev_err(&dev->interface->dev,
2253                    "Error %d when trying to perform data_exchange", rc);
2254
2255        dev_kfree_skb(skb);
2256        kfree(dev->cmd_complete_arg);
2257
2258error:
2259        pn533_send_ack(dev, GFP_KERNEL);
2260        queue_work(dev->wq, &dev->cmd_work);
2261}
2262
2263static int pn533_set_configuration(struct pn533 *dev, u8 cfgitem, u8 *cfgdata,
2264                                                                u8 cfgdata_len)
2265{
2266        struct sk_buff *skb;
2267        struct sk_buff *resp;
2268
2269        int skb_len;
2270
2271        nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2272
2273        skb_len = sizeof(cfgitem) + cfgdata_len; /* cfgitem + cfgdata */
2274
2275        skb = pn533_alloc_skb(dev, skb_len);
2276        if (!skb)
2277                return -ENOMEM;
2278
2279        *skb_put(skb, sizeof(cfgitem)) = cfgitem;
2280        memcpy(skb_put(skb, cfgdata_len), cfgdata, cfgdata_len);
2281
2282        resp = pn533_send_cmd_sync(dev, PN533_CMD_RF_CONFIGURATION, skb);
2283        if (IS_ERR(resp))
2284                return PTR_ERR(resp);
2285
2286        dev_kfree_skb(resp);
2287        return 0;
2288}
2289
2290static int pn533_get_firmware_version(struct pn533 *dev,
2291                                      struct pn533_fw_version *fv)
2292{
2293        struct sk_buff *skb;
2294        struct sk_buff *resp;
2295
2296        skb = pn533_alloc_skb(dev, 0);
2297        if (!skb)
2298                return -ENOMEM;
2299
2300        resp = pn533_send_cmd_sync(dev, PN533_CMD_GET_FIRMWARE_VERSION, skb);
2301        if (IS_ERR(resp))
2302                return PTR_ERR(resp);
2303
2304        fv->ic = resp->data[0];
2305        fv->ver = resp->data[1];
2306        fv->rev = resp->data[2];
2307        fv->support = resp->data[3];
2308
2309        dev_kfree_skb(resp);
2310        return 0;
2311}
2312
2313static int pn533_fw_reset(struct pn533 *dev)
2314{
2315        struct sk_buff *skb;
2316        struct sk_buff *resp;
2317
2318        nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2319
2320        skb = pn533_alloc_skb(dev, sizeof(u8));
2321        if (!skb)
2322                return -ENOMEM;
2323
2324        *skb_put(skb, sizeof(u8)) = 0x1;
2325
2326        resp = pn533_send_cmd_sync(dev, 0x18, skb);
2327        if (IS_ERR(resp))
2328                return PTR_ERR(resp);
2329
2330        dev_kfree_skb(resp);
2331
2332        return 0;
2333}
2334
2335static struct nfc_ops pn533_nfc_ops = {
2336        .dev_up = NULL,
2337        .dev_down = NULL,
2338        .dep_link_up = pn533_dep_link_up,
2339        .dep_link_down = pn533_dep_link_down,
2340        .start_poll = pn533_start_poll,
2341        .stop_poll = pn533_stop_poll,
2342        .activate_target = pn533_activate_target,
2343        .deactivate_target = pn533_deactivate_target,
2344        .im_transceive = pn533_transceive,
2345        .tm_send = pn533_tm_send,
2346};
2347
2348static int pn533_setup(struct pn533 *dev)
2349{
2350        struct pn533_config_max_retries max_retries;
2351        struct pn533_config_timing timing;
2352        u8 pasori_cfg[3] = {0x08, 0x01, 0x08};
2353        int rc;
2354
2355        switch (dev->device_type) {
2356        case PN533_DEVICE_STD:
2357                max_retries.mx_rty_atr = PN533_CONFIG_MAX_RETRIES_ENDLESS;
2358                max_retries.mx_rty_psl = 2;
2359                max_retries.mx_rty_passive_act =
2360                        PN533_CONFIG_MAX_RETRIES_NO_RETRY;
2361
2362                timing.rfu = PN533_CONFIG_TIMING_102;
2363                timing.atr_res_timeout = PN533_CONFIG_TIMING_204;
2364                timing.dep_timeout = PN533_CONFIG_TIMING_409;
2365
2366                break;
2367
2368        case PN533_DEVICE_PASORI:
2369                max_retries.mx_rty_atr = 0x2;
2370                max_retries.mx_rty_psl = 0x1;
2371                max_retries.mx_rty_passive_act =
2372                        PN533_CONFIG_MAX_RETRIES_NO_RETRY;
2373
2374                timing.rfu = PN533_CONFIG_TIMING_102;
2375                timing.atr_res_timeout = PN533_CONFIG_TIMING_102;
2376                timing.dep_timeout = PN533_CONFIG_TIMING_204;
2377
2378                break;
2379
2380        default:
2381                nfc_dev_err(&dev->interface->dev, "Unknown device type %d\n",
2382                            dev->device_type);
2383                return -EINVAL;
2384        }
2385
2386        rc = pn533_set_configuration(dev, PN533_CFGITEM_MAX_RETRIES,
2387                                     (u8 *)&max_retries, sizeof(max_retries));
2388        if (rc) {
2389                nfc_dev_err(&dev->interface->dev,
2390                            "Error on setting MAX_RETRIES config");
2391                return rc;
2392        }
2393
2394
2395        rc = pn533_set_configuration(dev, PN533_CFGITEM_TIMING,
2396                                     (u8 *)&timing, sizeof(timing));
2397        if (rc) {
2398                nfc_dev_err(&dev->interface->dev,
2399                            "Error on setting RF timings");
2400                return rc;
2401        }
2402
2403        switch (dev->device_type) {
2404        case PN533_DEVICE_STD:
2405                break;
2406
2407        case PN533_DEVICE_PASORI:
2408                pn533_fw_reset(dev);
2409
2410                rc = pn533_set_configuration(dev, PN533_CFGITEM_PASORI,
2411                                             pasori_cfg, 3);
2412                if (rc) {
2413                        nfc_dev_err(&dev->interface->dev,
2414                                    "Error while settings PASORI config");
2415                        return rc;
2416                }
2417
2418                pn533_fw_reset(dev);
2419
2420                break;
2421        }
2422
2423        return 0;
2424}
2425
2426static int pn533_probe(struct usb_interface *interface,
2427                        const struct usb_device_id *id)
2428{
2429        struct pn533_fw_version fw_ver;
2430        struct pn533 *dev;
2431        struct usb_host_interface *iface_desc;
2432        struct usb_endpoint_descriptor *endpoint;
2433        int in_endpoint = 0;
2434        int out_endpoint = 0;
2435        int rc = -ENOMEM;
2436        int i;
2437        u32 protocols;
2438
2439        dev = kzalloc(sizeof(*dev), GFP_KERNEL);
2440        if (!dev)
2441                return -ENOMEM;
2442
2443        dev->udev = usb_get_dev(interface_to_usbdev(interface));
2444        dev->interface = interface;
2445        mutex_init(&dev->cmd_lock);
2446
2447        iface_desc = interface->cur_altsetting;
2448        for (i = 0; i < iface_desc->desc.bNumEndpoints; ++i) {
2449                endpoint = &iface_desc->endpoint[i].desc;
2450
2451                if (!in_endpoint && usb_endpoint_is_bulk_in(endpoint))
2452                        in_endpoint = endpoint->bEndpointAddress;
2453
2454                if (!out_endpoint && usb_endpoint_is_bulk_out(endpoint))
2455                        out_endpoint = endpoint->bEndpointAddress;
2456        }
2457
2458        if (!in_endpoint || !out_endpoint) {
2459                nfc_dev_err(&interface->dev,
2460                            "Could not find bulk-in or bulk-out endpoint");
2461                rc = -ENODEV;
2462                goto error;
2463        }
2464
2465        dev->in_urb = usb_alloc_urb(0, GFP_KERNEL);
2466        dev->out_urb = usb_alloc_urb(0, GFP_KERNEL);
2467
2468        if (!dev->in_urb || !dev->out_urb)
2469                goto error;
2470
2471        usb_fill_bulk_urb(dev->in_urb, dev->udev,
2472                          usb_rcvbulkpipe(dev->udev, in_endpoint),
2473                          NULL, 0, NULL, dev);
2474        usb_fill_bulk_urb(dev->out_urb, dev->udev,
2475                          usb_sndbulkpipe(dev->udev, out_endpoint),
2476                          NULL, 0, pn533_send_complete, dev);
2477
2478        INIT_WORK(&dev->cmd_work, pn533_wq_cmd);
2479        INIT_WORK(&dev->cmd_complete_work, pn533_wq_cmd_complete);
2480        INIT_WORK(&dev->mi_work, pn533_wq_mi_recv);
2481        INIT_WORK(&dev->tg_work, pn533_wq_tg_get_data);
2482        INIT_WORK(&dev->poll_work, pn533_wq_poll);
2483        dev->wq = alloc_ordered_workqueue("pn533", 0);
2484        if (dev->wq == NULL)
2485                goto error;
2486
2487        init_timer(&dev->listen_timer);
2488        dev->listen_timer.data = (unsigned long) dev;
2489        dev->listen_timer.function = pn533_listen_mode_timer;
2490
2491        skb_queue_head_init(&dev->resp_q);
2492
2493        INIT_LIST_HEAD(&dev->cmd_queue);
2494
2495        usb_set_intfdata(interface, dev);
2496
2497        dev->ops = &pn533_std_frame_ops;
2498
2499        dev->device_type = id->driver_info;
2500        switch (dev->device_type) {
2501        case PN533_DEVICE_STD:
2502                protocols = PN533_ALL_PROTOCOLS;
2503                break;
2504
2505        case PN533_DEVICE_PASORI:
2506                protocols = PN533_NO_TYPE_B_PROTOCOLS;
2507                break;
2508
2509        default:
2510                nfc_dev_err(&dev->interface->dev, "Unknown device type %d\n",
2511                            dev->device_type);
2512                rc = -EINVAL;
2513                goto destroy_wq;
2514        }
2515
2516        memset(&fw_ver, 0, sizeof(fw_ver));
2517        rc = pn533_get_firmware_version(dev, &fw_ver);
2518        if (rc < 0)
2519                goto destroy_wq;
2520
2521        nfc_dev_info(&dev->interface->dev,
2522                     "NXP PN533 firmware ver %d.%d now attached",
2523                     fw_ver.ver, fw_ver.rev);
2524
2525
2526        dev->nfc_dev = nfc_allocate_device(&pn533_nfc_ops, protocols,
2527                                           NFC_SE_NONE,
2528                                           dev->ops->tx_header_len +
2529                                           PN533_CMD_DATAEXCH_HEAD_LEN,
2530                                           dev->ops->tx_tail_len);
2531        if (!dev->nfc_dev)
2532                goto destroy_wq;
2533
2534        nfc_set_parent_dev(dev->nfc_dev, &interface->dev);
2535        nfc_set_drvdata(dev->nfc_dev, dev);
2536
2537        rc = nfc_register_device(dev->nfc_dev);
2538        if (rc)
2539                goto free_nfc_dev;
2540
2541        rc = pn533_setup(dev);
2542        if (rc)
2543                goto unregister_nfc_dev;
2544
2545        return 0;
2546
2547unregister_nfc_dev:
2548        nfc_unregister_device(dev->nfc_dev);
2549
2550free_nfc_dev:
2551        nfc_free_device(dev->nfc_dev);
2552
2553destroy_wq:
2554        destroy_workqueue(dev->wq);
2555error:
2556        usb_free_urb(dev->in_urb);
2557        usb_free_urb(dev->out_urb);
2558        kfree(dev);
2559        return rc;
2560}
2561
2562static void pn533_disconnect(struct usb_interface *interface)
2563{
2564        struct pn533 *dev;
2565        struct pn533_cmd *cmd, *n;
2566
2567        dev = usb_get_intfdata(interface);
2568        usb_set_intfdata(interface, NULL);
2569
2570        nfc_unregister_device(dev->nfc_dev);
2571        nfc_free_device(dev->nfc_dev);
2572
2573        usb_kill_urb(dev->in_urb);
2574        usb_kill_urb(dev->out_urb);
2575
2576        destroy_workqueue(dev->wq);
2577
2578        skb_queue_purge(&dev->resp_q);
2579
2580        del_timer(&dev->listen_timer);
2581
2582        list_for_each_entry_safe(cmd, n, &dev->cmd_queue, queue) {
2583                list_del(&cmd->queue);
2584                kfree(cmd);
2585        }
2586
2587        usb_free_urb(dev->in_urb);
2588        usb_free_urb(dev->out_urb);
2589        kfree(dev);
2590
2591        nfc_dev_info(&interface->dev, "NXP PN533 NFC device disconnected");
2592}
2593
2594static struct usb_driver pn533_driver = {
2595        .name =         "pn533",
2596        .probe =        pn533_probe,
2597        .disconnect =   pn533_disconnect,
2598        .id_table =     pn533_table,
2599};
2600
2601module_usb_driver(pn533_driver);
2602
2603MODULE_AUTHOR("Lauro Ramos Venancio <lauro.venancio@openbossa.org>,"
2604                        " Aloisio Almeida Jr <aloisio.almeida@openbossa.org>");
2605MODULE_DESCRIPTION("PN533 usb driver ver " VERSION);
2606MODULE_VERSION(VERSION);
2607MODULE_LICENSE("GPL");
2608
lxr.linux.no kindly hosted by Redpill Linpro AS, provider of Linux consulting and operations services since 1995.