drivers/nfc/pn533.c at v3.6

tjh.dev / kernel
fork
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork
kernel / drivers / nfc / pn533.c
at v3.6 2458 lines 58 kB view raw
wrap content
   1/*
   2 * Copyright (C) 2011 Instituto Nokia de Tecnologia
   3 *
   4 * Authors:
   5 *    Lauro Ramos Venancio <lauro.venancio@openbossa.org>
   6 *    Aloisio Almeida Jr <aloisio.almeida@openbossa.org>
   7 *
   8 * This program is free software; you can redistribute it and/or modify
   9 * it under the terms of the GNU General Public License as published by
  10 * the Free Software Foundation; either version 2 of the License, or
  11 * (at your option) any later version.
  12 *
  13 * This program is distributed in the hope that it will be useful,
  14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
  15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  16 * GNU General Public License for more details.
  17 *
  18 * You should have received a copy of the GNU General Public License
  19 * along with this program; if not, write to the
  20 * Free Software Foundation, Inc.,
  21 * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
  22 */
  23
  24#include <linux/device.h>
  25#include <linux/kernel.h>
  26#include <linux/module.h>
  27#include <linux/slab.h>
  28#include <linux/usb.h>
  29#include <linux/nfc.h>
  30#include <linux/netdevice.h>
  31#include <net/nfc/nfc.h>
  32
  33#define VERSION "0.1"
  34
  35#define PN533_VENDOR_ID 0x4CC
  36#define PN533_PRODUCT_ID 0x2533
  37
  38#define SCM_VENDOR_ID 0x4E6
  39#define SCL3711_PRODUCT_ID 0x5591
  40
  41#define SONY_VENDOR_ID         0x054c
  42#define PASORI_PRODUCT_ID      0x02e1
  43
  44#define PN533_QUIRKS_TYPE_A          BIT(0)
  45#define PN533_QUIRKS_TYPE_F          BIT(1)
  46#define PN533_QUIRKS_DEP             BIT(2)
  47#define PN533_QUIRKS_RAW_EXCHANGE    BIT(3)
  48
  49#define PN533_DEVICE_STD    0x1
  50#define PN533_DEVICE_PASORI 0x2
  51
  52#define PN533_ALL_PROTOCOLS (NFC_PROTO_JEWEL_MASK | NFC_PROTO_MIFARE_MASK |\
  53			     NFC_PROTO_FELICA_MASK | NFC_PROTO_ISO14443_MASK |\
  54			     NFC_PROTO_NFC_DEP_MASK |\
  55			     NFC_PROTO_ISO14443_B_MASK)
  56
  57#define PN533_NO_TYPE_B_PROTOCOLS (NFC_PROTO_JEWEL_MASK | \
  58				   NFC_PROTO_MIFARE_MASK | \
  59				   NFC_PROTO_FELICA_MASK | \
  60				   NFC_PROTO_ISO14443_MASK | \
  61				   NFC_PROTO_NFC_DEP_MASK)
  62
  63static const struct usb_device_id pn533_table[] = {
  64	{ .match_flags		= USB_DEVICE_ID_MATCH_DEVICE,
  65	  .idVendor		= PN533_VENDOR_ID,
  66	  .idProduct		= PN533_PRODUCT_ID,
  67	  .driver_info		= PN533_DEVICE_STD,
  68	},
  69	{ .match_flags		= USB_DEVICE_ID_MATCH_DEVICE,
  70	  .idVendor		= SCM_VENDOR_ID,
  71	  .idProduct		= SCL3711_PRODUCT_ID,
  72	  .driver_info		= PN533_DEVICE_STD,
  73	},
  74	{ .match_flags		= USB_DEVICE_ID_MATCH_DEVICE,
  75	  .idVendor		= SONY_VENDOR_ID,
  76	  .idProduct		= PASORI_PRODUCT_ID,
  77	  .driver_info		= PN533_DEVICE_PASORI,
  78	},
  79	{ }
  80};
  81MODULE_DEVICE_TABLE(usb, pn533_table);
  82
  83/* How much time we spend listening for initiators */
  84#define PN533_LISTEN_TIME 2
  85
  86/* frame definitions */
  87#define PN533_FRAME_TAIL_SIZE 2
  88#define PN533_FRAME_SIZE(f) (sizeof(struct pn533_frame) + f->datalen + \
  89				PN533_FRAME_TAIL_SIZE)
  90#define PN533_FRAME_ACK_SIZE (sizeof(struct pn533_frame) + 1)
  91#define PN533_FRAME_CHECKSUM(f) (f->data[f->datalen])
  92#define PN533_FRAME_POSTAMBLE(f) (f->data[f->datalen + 1])
  93
  94/* start of frame */
  95#define PN533_SOF 0x00FF
  96
  97/* frame identifier: in/out/error */
  98#define PN533_FRAME_IDENTIFIER(f) (f->data[0])
  99#define PN533_DIR_OUT 0xD4
 100#define PN533_DIR_IN 0xD5
 101
 102/* PN533 Commands */
 103#define PN533_FRAME_CMD(f) (f->data[1])
 104#define PN533_FRAME_CMD_PARAMS_PTR(f) (&f->data[2])
 105#define PN533_FRAME_CMD_PARAMS_LEN(f) (f->datalen - 2)
 106
 107#define PN533_CMD_GET_FIRMWARE_VERSION 0x02
 108#define PN533_CMD_RF_CONFIGURATION 0x32
 109#define PN533_CMD_IN_DATA_EXCHANGE 0x40
 110#define PN533_CMD_IN_COMM_THRU     0x42
 111#define PN533_CMD_IN_LIST_PASSIVE_TARGET 0x4A
 112#define PN533_CMD_IN_ATR 0x50
 113#define PN533_CMD_IN_RELEASE 0x52
 114#define PN533_CMD_IN_JUMP_FOR_DEP 0x56
 115
 116#define PN533_CMD_TG_INIT_AS_TARGET 0x8c
 117#define PN533_CMD_TG_GET_DATA 0x86
 118#define PN533_CMD_TG_SET_DATA 0x8e
 119
 120#define PN533_CMD_RESPONSE(cmd) (cmd + 1)
 121
 122/* PN533 Return codes */
 123#define PN533_CMD_RET_MASK 0x3F
 124#define PN533_CMD_MI_MASK 0x40
 125#define PN533_CMD_RET_SUCCESS 0x00
 126
 127/* PN533 status codes */
 128#define PN533_STATUS_TARGET_RELEASED 0x29
 129
 130struct pn533;
 131
 132typedef int (*pn533_cmd_complete_t) (struct pn533 *dev, void *arg,
 133					u8 *params, int params_len);
 134
 135/* structs for pn533 commands */
 136
 137/* PN533_CMD_GET_FIRMWARE_VERSION */
 138struct pn533_fw_version {
 139	u8 ic;
 140	u8 ver;
 141	u8 rev;
 142	u8 support;
 143};
 144
 145/* PN533_CMD_RF_CONFIGURATION */
 146#define PN533_CFGITEM_TIMING 0x02
 147#define PN533_CFGITEM_MAX_RETRIES 0x05
 148#define PN533_CFGITEM_PASORI 0x82
 149
 150#define PN533_CONFIG_TIMING_102 0xb
 151#define PN533_CONFIG_TIMING_204 0xc
 152#define PN533_CONFIG_TIMING_409 0xd
 153#define PN533_CONFIG_TIMING_819 0xe
 154
 155#define PN533_CONFIG_MAX_RETRIES_NO_RETRY 0x00
 156#define PN533_CONFIG_MAX_RETRIES_ENDLESS 0xFF
 157
 158struct pn533_config_max_retries {
 159	u8 mx_rty_atr;
 160	u8 mx_rty_psl;
 161	u8 mx_rty_passive_act;
 162} __packed;
 163
 164struct pn533_config_timing {
 165	u8 rfu;
 166	u8 atr_res_timeout;
 167	u8 dep_timeout;
 168} __packed;
 169
 170/* PN533_CMD_IN_LIST_PASSIVE_TARGET */
 171
 172/* felica commands opcode */
 173#define PN533_FELICA_OPC_SENSF_REQ 0
 174#define PN533_FELICA_OPC_SENSF_RES 1
 175/* felica SENSF_REQ parameters */
 176#define PN533_FELICA_SENSF_SC_ALL 0xFFFF
 177#define PN533_FELICA_SENSF_RC_NO_SYSTEM_CODE 0
 178#define PN533_FELICA_SENSF_RC_SYSTEM_CODE 1
 179#define PN533_FELICA_SENSF_RC_ADVANCED_PROTOCOL 2
 180
 181/* type B initiator_data values */
 182#define PN533_TYPE_B_AFI_ALL_FAMILIES 0
 183#define PN533_TYPE_B_POLL_METHOD_TIMESLOT 0
 184#define PN533_TYPE_B_POLL_METHOD_PROBABILISTIC 1
 185
 186union pn533_cmd_poll_initdata {
 187	struct {
 188		u8 afi;
 189		u8 polling_method;
 190	} __packed type_b;
 191	struct {
 192		u8 opcode;
 193		__be16 sc;
 194		u8 rc;
 195		u8 tsn;
 196	} __packed felica;
 197};
 198
 199/* Poll modulations */
 200enum {
 201	PN533_POLL_MOD_106KBPS_A,
 202	PN533_POLL_MOD_212KBPS_FELICA,
 203	PN533_POLL_MOD_424KBPS_FELICA,
 204	PN533_POLL_MOD_106KBPS_JEWEL,
 205	PN533_POLL_MOD_847KBPS_B,
 206	PN533_LISTEN_MOD,
 207
 208	__PN533_POLL_MOD_AFTER_LAST,
 209};
 210#define PN533_POLL_MOD_MAX (__PN533_POLL_MOD_AFTER_LAST - 1)
 211
 212struct pn533_poll_modulations {
 213	struct {
 214		u8 maxtg;
 215		u8 brty;
 216		union pn533_cmd_poll_initdata initiator_data;
 217	} __packed data;
 218	u8 len;
 219};
 220
 221const struct pn533_poll_modulations poll_mod[] = {
 222	[PN533_POLL_MOD_106KBPS_A] = {
 223		.data = {
 224			.maxtg = 1,
 225			.brty = 0,
 226		},
 227		.len = 2,
 228	},
 229	[PN533_POLL_MOD_212KBPS_FELICA] = {
 230		.data = {
 231			.maxtg = 1,
 232			.brty = 1,
 233			.initiator_data.felica = {
 234				.opcode = PN533_FELICA_OPC_SENSF_REQ,
 235				.sc = PN533_FELICA_SENSF_SC_ALL,
 236				.rc = PN533_FELICA_SENSF_RC_NO_SYSTEM_CODE,
 237				.tsn = 0,
 238			},
 239		},
 240		.len = 7,
 241	},
 242	[PN533_POLL_MOD_424KBPS_FELICA] = {
 243		.data = {
 244			.maxtg = 1,
 245			.brty = 2,
 246			.initiator_data.felica = {
 247				.opcode = PN533_FELICA_OPC_SENSF_REQ,
 248				.sc = PN533_FELICA_SENSF_SC_ALL,
 249				.rc = PN533_FELICA_SENSF_RC_NO_SYSTEM_CODE,
 250				.tsn = 0,
 251			},
 252		 },
 253		.len = 7,
 254	},
 255	[PN533_POLL_MOD_106KBPS_JEWEL] = {
 256		.data = {
 257			.maxtg = 1,
 258			.brty = 4,
 259		},
 260		.len = 2,
 261	},
 262	[PN533_POLL_MOD_847KBPS_B] = {
 263		.data = {
 264			.maxtg = 1,
 265			.brty = 8,
 266			.initiator_data.type_b = {
 267				.afi = PN533_TYPE_B_AFI_ALL_FAMILIES,
 268				.polling_method =
 269					PN533_TYPE_B_POLL_METHOD_TIMESLOT,
 270			},
 271		},
 272		.len = 3,
 273	},
 274	[PN533_LISTEN_MOD] = {
 275		.len = 0,
 276	},
 277};
 278
 279/* PN533_CMD_IN_ATR */
 280
 281struct pn533_cmd_activate_param {
 282	u8 tg;
 283	u8 next;
 284} __packed;
 285
 286struct pn533_cmd_activate_response {
 287	u8 status;
 288	u8 nfcid3t[10];
 289	u8 didt;
 290	u8 bst;
 291	u8 brt;
 292	u8 to;
 293	u8 ppt;
 294	/* optional */
 295	u8 gt[];
 296} __packed;
 297
 298/* PN533_CMD_IN_JUMP_FOR_DEP */
 299struct pn533_cmd_jump_dep {
 300	u8 active;
 301	u8 baud;
 302	u8 next;
 303	u8 data[];
 304} __packed;
 305
 306struct pn533_cmd_jump_dep_response {
 307	u8 status;
 308	u8 tg;
 309	u8 nfcid3t[10];
 310	u8 didt;
 311	u8 bst;
 312	u8 brt;
 313	u8 to;
 314	u8 ppt;
 315	/* optional */
 316	u8 gt[];
 317} __packed;
 318
 319
 320/* PN533_TG_INIT_AS_TARGET */
 321#define PN533_INIT_TARGET_PASSIVE 0x1
 322#define PN533_INIT_TARGET_DEP 0x2
 323
 324#define PN533_INIT_TARGET_RESP_FRAME_MASK 0x3
 325#define PN533_INIT_TARGET_RESP_ACTIVE     0x1
 326#define PN533_INIT_TARGET_RESP_DEP        0x4
 327
 328struct pn533_cmd_init_target {
 329	u8 mode;
 330	u8 mifare[6];
 331	u8 felica[18];
 332	u8 nfcid3[10];
 333	u8 gb_len;
 334	u8 gb[];
 335} __packed;
 336
 337struct pn533_cmd_init_target_response {
 338	u8 mode;
 339	u8 cmd[];
 340} __packed;
 341
 342struct pn533 {
 343	struct usb_device *udev;
 344	struct usb_interface *interface;
 345	struct nfc_dev *nfc_dev;
 346
 347	struct urb *out_urb;
 348	int out_maxlen;
 349	struct pn533_frame *out_frame;
 350
 351	struct urb *in_urb;
 352	int in_maxlen;
 353	struct pn533_frame *in_frame;
 354
 355	struct sk_buff_head resp_q;
 356
 357	struct workqueue_struct	*wq;
 358	struct work_struct cmd_work;
 359	struct work_struct poll_work;
 360	struct work_struct mi_work;
 361	struct work_struct tg_work;
 362	struct timer_list listen_timer;
 363	struct pn533_frame *wq_in_frame;
 364	int wq_in_error;
 365	int cancel_listen;
 366
 367	pn533_cmd_complete_t cmd_complete;
 368	void *cmd_complete_arg;
 369	struct mutex cmd_lock;
 370	u8 cmd;
 371
 372	struct pn533_poll_modulations *poll_mod_active[PN533_POLL_MOD_MAX + 1];
 373	u8 poll_mod_count;
 374	u8 poll_mod_curr;
 375	u32 poll_protocols;
 376	u32 listen_protocols;
 377
 378	u8 *gb;
 379	size_t gb_len;
 380
 381	u8 tgt_available_prots;
 382	u8 tgt_active_prot;
 383	u8 tgt_mode;
 384
 385	u32 device_type;
 386};
 387
 388struct pn533_frame {
 389	u8 preamble;
 390	__be16 start_frame;
 391	u8 datalen;
 392	u8 datalen_checksum;
 393	u8 data[];
 394} __packed;
 395
 396/* The rule: value + checksum = 0 */
 397static inline u8 pn533_checksum(u8 value)
 398{
 399	return ~value + 1;
 400}
 401
 402/* The rule: sum(data elements) + checksum = 0 */
 403static u8 pn533_data_checksum(u8 *data, int datalen)
 404{
 405	u8 sum = 0;
 406	int i;
 407
 408	for (i = 0; i < datalen; i++)
 409		sum += data[i];
 410
 411	return pn533_checksum(sum);
 412}
 413
 414/**
 415 * pn533_tx_frame_ack - create a ack frame
 416 * @frame:	The frame to be set as ack
 417 *
 418 * Ack is different type of standard frame. As a standard frame, it has
 419 * preamble and start_frame. However the checksum of this frame must fail,
 420 * i.e. datalen + datalen_checksum must NOT be zero. When the checksum test
 421 * fails and datalen = 0 and datalen_checksum = 0xFF, the frame is a ack.
 422 * After datalen_checksum field, the postamble is placed.
 423 */
 424static void pn533_tx_frame_ack(struct pn533_frame *frame)
 425{
 426	frame->preamble = 0;
 427	frame->start_frame = cpu_to_be16(PN533_SOF);
 428	frame->datalen = 0;
 429	frame->datalen_checksum = 0xFF;
 430	/* data[0] is used as postamble */
 431	frame->data[0] = 0;
 432}
 433
 434static void pn533_tx_frame_init(struct pn533_frame *frame, u8 cmd)
 435{
 436	frame->preamble = 0;
 437	frame->start_frame = cpu_to_be16(PN533_SOF);
 438	PN533_FRAME_IDENTIFIER(frame) = PN533_DIR_OUT;
 439	PN533_FRAME_CMD(frame) = cmd;
 440	frame->datalen = 2;
 441}
 442
 443static void pn533_tx_frame_finish(struct pn533_frame *frame)
 444{
 445	frame->datalen_checksum = pn533_checksum(frame->datalen);
 446
 447	PN533_FRAME_CHECKSUM(frame) =
 448		pn533_data_checksum(frame->data, frame->datalen);
 449
 450	PN533_FRAME_POSTAMBLE(frame) = 0;
 451}
 452
 453static bool pn533_rx_frame_is_valid(struct pn533_frame *frame)
 454{
 455	u8 checksum;
 456
 457	if (frame->start_frame != cpu_to_be16(PN533_SOF))
 458		return false;
 459
 460	checksum = pn533_checksum(frame->datalen);
 461	if (checksum != frame->datalen_checksum)
 462		return false;
 463
 464	checksum = pn533_data_checksum(frame->data, frame->datalen);
 465	if (checksum != PN533_FRAME_CHECKSUM(frame))
 466		return false;
 467
 468	return true;
 469}
 470
 471static bool pn533_rx_frame_is_ack(struct pn533_frame *frame)
 472{
 473	if (frame->start_frame != cpu_to_be16(PN533_SOF))
 474		return false;
 475
 476	if (frame->datalen != 0 || frame->datalen_checksum != 0xFF)
 477		return false;
 478
 479	return true;
 480}
 481
 482static bool pn533_rx_frame_is_cmd_response(struct pn533_frame *frame, u8 cmd)
 483{
 484	return (PN533_FRAME_CMD(frame) == PN533_CMD_RESPONSE(cmd));
 485}
 486
 487
 488static void pn533_wq_cmd_complete(struct work_struct *work)
 489{
 490	struct pn533 *dev = container_of(work, struct pn533, cmd_work);
 491	struct pn533_frame *in_frame;
 492	int rc;
 493
 494	in_frame = dev->wq_in_frame;
 495
 496	if (dev->wq_in_error)
 497		rc = dev->cmd_complete(dev, dev->cmd_complete_arg, NULL,
 498							dev->wq_in_error);
 499	else
 500		rc = dev->cmd_complete(dev, dev->cmd_complete_arg,
 501					PN533_FRAME_CMD_PARAMS_PTR(in_frame),
 502					PN533_FRAME_CMD_PARAMS_LEN(in_frame));
 503
 504	if (rc != -EINPROGRESS)
 505		mutex_unlock(&dev->cmd_lock);
 506}
 507
 508static void pn533_recv_response(struct urb *urb)
 509{
 510	struct pn533 *dev = urb->context;
 511	struct pn533_frame *in_frame;
 512
 513	dev->wq_in_frame = NULL;
 514
 515	switch (urb->status) {
 516	case 0:
 517		/* success */
 518		break;
 519	case -ECONNRESET:
 520	case -ENOENT:
 521	case -ESHUTDOWN:
 522		nfc_dev_dbg(&dev->interface->dev, "Urb shutting down with"
 523						" status: %d", urb->status);
 524		dev->wq_in_error = urb->status;
 525		goto sched_wq;
 526	default:
 527		nfc_dev_err(&dev->interface->dev, "Nonzero urb status received:"
 528							" %d", urb->status);
 529		dev->wq_in_error = urb->status;
 530		goto sched_wq;
 531	}
 532
 533	in_frame = dev->in_urb->transfer_buffer;
 534
 535	if (!pn533_rx_frame_is_valid(in_frame)) {
 536		nfc_dev_err(&dev->interface->dev, "Received an invalid frame");
 537		dev->wq_in_error = -EIO;
 538		goto sched_wq;
 539	}
 540
 541	if (!pn533_rx_frame_is_cmd_response(in_frame, dev->cmd)) {
 542		nfc_dev_err(&dev->interface->dev, "The received frame is not "
 543						"response to the last command");
 544		dev->wq_in_error = -EIO;
 545		goto sched_wq;
 546	}
 547
 548	nfc_dev_dbg(&dev->interface->dev, "Received a valid frame");
 549	dev->wq_in_error = 0;
 550	dev->wq_in_frame = in_frame;
 551
 552sched_wq:
 553	queue_work(dev->wq, &dev->cmd_work);
 554}
 555
 556static int pn533_submit_urb_for_response(struct pn533 *dev, gfp_t flags)
 557{
 558	dev->in_urb->complete = pn533_recv_response;
 559
 560	return usb_submit_urb(dev->in_urb, flags);
 561}
 562
 563static void pn533_recv_ack(struct urb *urb)
 564{
 565	struct pn533 *dev = urb->context;
 566	struct pn533_frame *in_frame;
 567	int rc;
 568
 569	switch (urb->status) {
 570	case 0:
 571		/* success */
 572		break;
 573	case -ECONNRESET:
 574	case -ENOENT:
 575	case -ESHUTDOWN:
 576		nfc_dev_dbg(&dev->interface->dev, "Urb shutting down with"
 577						" status: %d", urb->status);
 578		dev->wq_in_error = urb->status;
 579		goto sched_wq;
 580	default:
 581		nfc_dev_err(&dev->interface->dev, "Nonzero urb status received:"
 582							" %d", urb->status);
 583		dev->wq_in_error = urb->status;
 584		goto sched_wq;
 585	}
 586
 587	in_frame = dev->in_urb->transfer_buffer;
 588
 589	if (!pn533_rx_frame_is_ack(in_frame)) {
 590		nfc_dev_err(&dev->interface->dev, "Received an invalid ack");
 591		dev->wq_in_error = -EIO;
 592		goto sched_wq;
 593	}
 594
 595	nfc_dev_dbg(&dev->interface->dev, "Received a valid ack");
 596
 597	rc = pn533_submit_urb_for_response(dev, GFP_ATOMIC);
 598	if (rc) {
 599		nfc_dev_err(&dev->interface->dev, "usb_submit_urb failed with"
 600							" result %d", rc);
 601		dev->wq_in_error = rc;
 602		goto sched_wq;
 603	}
 604
 605	return;
 606
 607sched_wq:
 608	dev->wq_in_frame = NULL;
 609	queue_work(dev->wq, &dev->cmd_work);
 610}
 611
 612static int pn533_submit_urb_for_ack(struct pn533 *dev, gfp_t flags)
 613{
 614	dev->in_urb->complete = pn533_recv_ack;
 615
 616	return usb_submit_urb(dev->in_urb, flags);
 617}
 618
 619static int pn533_send_ack(struct pn533 *dev, gfp_t flags)
 620{
 621	int rc;
 622
 623	nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
 624
 625	pn533_tx_frame_ack(dev->out_frame);
 626
 627	dev->out_urb->transfer_buffer = dev->out_frame;
 628	dev->out_urb->transfer_buffer_length = PN533_FRAME_ACK_SIZE;
 629	rc = usb_submit_urb(dev->out_urb, flags);
 630
 631	return rc;
 632}
 633
 634static int __pn533_send_cmd_frame_async(struct pn533 *dev,
 635					struct pn533_frame *out_frame,
 636					struct pn533_frame *in_frame,
 637					int in_frame_len,
 638					pn533_cmd_complete_t cmd_complete,
 639					void *arg, gfp_t flags)
 640{
 641	int rc;
 642
 643	nfc_dev_dbg(&dev->interface->dev, "Sending command 0x%x",
 644						PN533_FRAME_CMD(out_frame));
 645
 646	dev->cmd = PN533_FRAME_CMD(out_frame);
 647	dev->cmd_complete = cmd_complete;
 648	dev->cmd_complete_arg = arg;
 649
 650	dev->out_urb->transfer_buffer = out_frame;
 651	dev->out_urb->transfer_buffer_length =
 652				PN533_FRAME_SIZE(out_frame);
 653
 654	dev->in_urb->transfer_buffer = in_frame;
 655	dev->in_urb->transfer_buffer_length = in_frame_len;
 656
 657	rc = usb_submit_urb(dev->out_urb, flags);
 658	if (rc)
 659		return rc;
 660
 661	rc = pn533_submit_urb_for_ack(dev, flags);
 662	if (rc)
 663		goto error;
 664
 665	return 0;
 666
 667error:
 668	usb_unlink_urb(dev->out_urb);
 669	return rc;
 670}
 671
 672static int pn533_send_cmd_frame_async(struct pn533 *dev,
 673					struct pn533_frame *out_frame,
 674					struct pn533_frame *in_frame,
 675					int in_frame_len,
 676					pn533_cmd_complete_t cmd_complete,
 677					void *arg, gfp_t flags)
 678{
 679	int rc;
 680
 681	nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
 682
 683	if (!mutex_trylock(&dev->cmd_lock))
 684		return -EBUSY;
 685
 686	rc = __pn533_send_cmd_frame_async(dev, out_frame, in_frame,
 687					in_frame_len, cmd_complete, arg, flags);
 688	if (rc)
 689		goto error;
 690
 691	return 0;
 692error:
 693	mutex_unlock(&dev->cmd_lock);
 694	return rc;
 695}
 696
 697struct pn533_sync_cmd_response {
 698	int rc;
 699	struct completion done;
 700};
 701
 702static int pn533_sync_cmd_complete(struct pn533 *dev, void *_arg,
 703					u8 *params, int params_len)
 704{
 705	struct pn533_sync_cmd_response *arg = _arg;
 706
 707	nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
 708
 709	arg->rc = 0;
 710
 711	if (params_len < 0) /* error */
 712		arg->rc = params_len;
 713
 714	complete(&arg->done);
 715
 716	return 0;
 717}
 718
 719static int pn533_send_cmd_frame_sync(struct pn533 *dev,
 720						struct pn533_frame *out_frame,
 721						struct pn533_frame *in_frame,
 722						int in_frame_len)
 723{
 724	int rc;
 725	struct pn533_sync_cmd_response arg;
 726
 727	nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
 728
 729	init_completion(&arg.done);
 730
 731	rc = pn533_send_cmd_frame_async(dev, out_frame, in_frame, in_frame_len,
 732				pn533_sync_cmd_complete, &arg, GFP_KERNEL);
 733	if (rc)
 734		return rc;
 735
 736	wait_for_completion(&arg.done);
 737
 738	return arg.rc;
 739}
 740
 741static void pn533_send_complete(struct urb *urb)
 742{
 743	struct pn533 *dev = urb->context;
 744
 745	nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
 746
 747	switch (urb->status) {
 748	case 0:
 749		/* success */
 750		break;
 751	case -ECONNRESET:
 752	case -ENOENT:
 753	case -ESHUTDOWN:
 754		nfc_dev_dbg(&dev->interface->dev, "Urb shutting down with"
 755						" status: %d", urb->status);
 756		break;
 757	default:
 758		nfc_dev_dbg(&dev->interface->dev, "Nonzero urb status received:"
 759							" %d", urb->status);
 760	}
 761}
 762
 763struct pn533_target_type_a {
 764	__be16 sens_res;
 765	u8 sel_res;
 766	u8 nfcid_len;
 767	u8 nfcid_data[];
 768} __packed;
 769
 770
 771#define PN533_TYPE_A_SENS_RES_NFCID1(x) ((u8)((be16_to_cpu(x) & 0x00C0) >> 6))
 772#define PN533_TYPE_A_SENS_RES_SSD(x) ((u8)((be16_to_cpu(x) & 0x001F) >> 0))
 773#define PN533_TYPE_A_SENS_RES_PLATCONF(x) ((u8)((be16_to_cpu(x) & 0x0F00) >> 8))
 774
 775#define PN533_TYPE_A_SENS_RES_SSD_JEWEL 0x00
 776#define PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL 0x0C
 777
 778#define PN533_TYPE_A_SEL_PROT(x) (((x) & 0x60) >> 5)
 779#define PN533_TYPE_A_SEL_CASCADE(x) (((x) & 0x04) >> 2)
 780
 781#define PN533_TYPE_A_SEL_PROT_MIFARE 0
 782#define PN533_TYPE_A_SEL_PROT_ISO14443 1
 783#define PN533_TYPE_A_SEL_PROT_DEP 2
 784#define PN533_TYPE_A_SEL_PROT_ISO14443_DEP 3
 785
 786static bool pn533_target_type_a_is_valid(struct pn533_target_type_a *type_a,
 787							int target_data_len)
 788{
 789	u8 ssd;
 790	u8 platconf;
 791
 792	if (target_data_len < sizeof(struct pn533_target_type_a))
 793		return false;
 794
 795	/* The lenght check of nfcid[] and ats[] are not being performed because
 796	   the values are not being used */
 797
 798	/* Requirement 4.6.3.3 from NFC Forum Digital Spec */
 799	ssd = PN533_TYPE_A_SENS_RES_SSD(type_a->sens_res);
 800	platconf = PN533_TYPE_A_SENS_RES_PLATCONF(type_a->sens_res);
 801
 802	if ((ssd == PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
 803			platconf != PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL) ||
 804			(ssd != PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
 805			platconf == PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL))
 806		return false;
 807
 808	/* Requirements 4.8.2.1, 4.8.2.3, 4.8.2.5 and 4.8.2.7 from NFC Forum */
 809	if (PN533_TYPE_A_SEL_CASCADE(type_a->sel_res) != 0)
 810		return false;
 811
 812	return true;
 813}
 814
 815static int pn533_target_found_type_a(struct nfc_target *nfc_tgt, u8 *tgt_data,
 816							int tgt_data_len)
 817{
 818	struct pn533_target_type_a *tgt_type_a;
 819
 820	tgt_type_a = (struct pn533_target_type_a *) tgt_data;
 821
 822	if (!pn533_target_type_a_is_valid(tgt_type_a, tgt_data_len))
 823		return -EPROTO;
 824
 825	switch (PN533_TYPE_A_SEL_PROT(tgt_type_a->sel_res)) {
 826	case PN533_TYPE_A_SEL_PROT_MIFARE:
 827		nfc_tgt->supported_protocols = NFC_PROTO_MIFARE_MASK;
 828		break;
 829	case PN533_TYPE_A_SEL_PROT_ISO14443:
 830		nfc_tgt->supported_protocols = NFC_PROTO_ISO14443_MASK;
 831		break;
 832	case PN533_TYPE_A_SEL_PROT_DEP:
 833		nfc_tgt->supported_protocols = NFC_PROTO_NFC_DEP_MASK;
 834		break;
 835	case PN533_TYPE_A_SEL_PROT_ISO14443_DEP:
 836		nfc_tgt->supported_protocols = NFC_PROTO_ISO14443_MASK |
 837							NFC_PROTO_NFC_DEP_MASK;
 838		break;
 839	}
 840
 841	nfc_tgt->sens_res = be16_to_cpu(tgt_type_a->sens_res);
 842	nfc_tgt->sel_res = tgt_type_a->sel_res;
 843	nfc_tgt->nfcid1_len = tgt_type_a->nfcid_len;
 844	memcpy(nfc_tgt->nfcid1, tgt_type_a->nfcid_data, nfc_tgt->nfcid1_len);
 845
 846	return 0;
 847}
 848
 849struct pn533_target_felica {
 850	u8 pol_res;
 851	u8 opcode;
 852	u8 nfcid2[8];
 853	u8 pad[8];
 854	/* optional */
 855	u8 syst_code[];
 856} __packed;
 857
 858#define PN533_FELICA_SENSF_NFCID2_DEP_B1 0x01
 859#define PN533_FELICA_SENSF_NFCID2_DEP_B2 0xFE
 860
 861static bool pn533_target_felica_is_valid(struct pn533_target_felica *felica,
 862							int target_data_len)
 863{
 864	if (target_data_len < sizeof(struct pn533_target_felica))
 865		return false;
 866
 867	if (felica->opcode != PN533_FELICA_OPC_SENSF_RES)
 868		return false;
 869
 870	return true;
 871}
 872
 873static int pn533_target_found_felica(struct nfc_target *nfc_tgt, u8 *tgt_data,
 874							int tgt_data_len)
 875{
 876	struct pn533_target_felica *tgt_felica;
 877
 878	tgt_felica = (struct pn533_target_felica *) tgt_data;
 879
 880	if (!pn533_target_felica_is_valid(tgt_felica, tgt_data_len))
 881		return -EPROTO;
 882
 883	if (tgt_felica->nfcid2[0] == PN533_FELICA_SENSF_NFCID2_DEP_B1 &&
 884					tgt_felica->nfcid2[1] ==
 885					PN533_FELICA_SENSF_NFCID2_DEP_B2)
 886		nfc_tgt->supported_protocols = NFC_PROTO_NFC_DEP_MASK;
 887	else
 888		nfc_tgt->supported_protocols = NFC_PROTO_FELICA_MASK;
 889
 890	memcpy(nfc_tgt->sensf_res, &tgt_felica->opcode, 9);
 891	nfc_tgt->sensf_res_len = 9;
 892
 893	return 0;
 894}
 895
 896struct pn533_target_jewel {
 897	__be16 sens_res;
 898	u8 jewelid[4];
 899} __packed;
 900
 901static bool pn533_target_jewel_is_valid(struct pn533_target_jewel *jewel,
 902							int target_data_len)
 903{
 904	u8 ssd;
 905	u8 platconf;
 906
 907	if (target_data_len < sizeof(struct pn533_target_jewel))
 908		return false;
 909
 910	/* Requirement 4.6.3.3 from NFC Forum Digital Spec */
 911	ssd = PN533_TYPE_A_SENS_RES_SSD(jewel->sens_res);
 912	platconf = PN533_TYPE_A_SENS_RES_PLATCONF(jewel->sens_res);
 913
 914	if ((ssd == PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
 915			platconf != PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL) ||
 916			(ssd != PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
 917			platconf == PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL))
 918		return false;
 919
 920	return true;
 921}
 922
 923static int pn533_target_found_jewel(struct nfc_target *nfc_tgt, u8 *tgt_data,
 924							int tgt_data_len)
 925{
 926	struct pn533_target_jewel *tgt_jewel;
 927
 928	tgt_jewel = (struct pn533_target_jewel *) tgt_data;
 929
 930	if (!pn533_target_jewel_is_valid(tgt_jewel, tgt_data_len))
 931		return -EPROTO;
 932
 933	nfc_tgt->supported_protocols = NFC_PROTO_JEWEL_MASK;
 934	nfc_tgt->sens_res = be16_to_cpu(tgt_jewel->sens_res);
 935	nfc_tgt->nfcid1_len = 4;
 936	memcpy(nfc_tgt->nfcid1, tgt_jewel->jewelid, nfc_tgt->nfcid1_len);
 937
 938	return 0;
 939}
 940
 941struct pn533_type_b_prot_info {
 942	u8 bitrate;
 943	u8 fsci_type;
 944	u8 fwi_adc_fo;
 945} __packed;
 946
 947#define PN533_TYPE_B_PROT_FCSI(x) (((x) & 0xF0) >> 4)
 948#define PN533_TYPE_B_PROT_TYPE(x) (((x) & 0x0F) >> 0)
 949#define PN533_TYPE_B_PROT_TYPE_RFU_MASK 0x8
 950
 951struct pn533_type_b_sens_res {
 952	u8 opcode;
 953	u8 nfcid[4];
 954	u8 appdata[4];
 955	struct pn533_type_b_prot_info prot_info;
 956} __packed;
 957
 958#define PN533_TYPE_B_OPC_SENSB_RES 0x50
 959
 960struct pn533_target_type_b {
 961	struct pn533_type_b_sens_res sensb_res;
 962	u8 attrib_res_len;
 963	u8 attrib_res[];
 964} __packed;
 965
 966static bool pn533_target_type_b_is_valid(struct pn533_target_type_b *type_b,
 967							int target_data_len)
 968{
 969	if (target_data_len < sizeof(struct pn533_target_type_b))
 970		return false;
 971
 972	if (type_b->sensb_res.opcode != PN533_TYPE_B_OPC_SENSB_RES)
 973		return false;
 974
 975	if (PN533_TYPE_B_PROT_TYPE(type_b->sensb_res.prot_info.fsci_type) &
 976						PN533_TYPE_B_PROT_TYPE_RFU_MASK)
 977		return false;
 978
 979	return true;
 980}
 981
 982static int pn533_target_found_type_b(struct nfc_target *nfc_tgt, u8 *tgt_data,
 983							int tgt_data_len)
 984{
 985	struct pn533_target_type_b *tgt_type_b;
 986
 987	tgt_type_b = (struct pn533_target_type_b *) tgt_data;
 988
 989	if (!pn533_target_type_b_is_valid(tgt_type_b, tgt_data_len))
 990		return -EPROTO;
 991
 992	nfc_tgt->supported_protocols = NFC_PROTO_ISO14443_B_MASK;
 993
 994	return 0;
 995}
 996
 997struct pn533_poll_response {
 998	u8 nbtg;
 999	u8 tg;
1000	u8 target_data[];
1001} __packed;
1002
1003static int pn533_target_found(struct pn533 *dev,
1004			struct pn533_poll_response *resp, int resp_len)
1005{
1006	int target_data_len;
1007	struct nfc_target nfc_tgt;
1008	int rc;
1009
1010	nfc_dev_dbg(&dev->interface->dev, "%s - modulation=%d", __func__,
1011							dev->poll_mod_curr);
1012
1013	if (resp->tg != 1)
1014		return -EPROTO;
1015
1016	memset(&nfc_tgt, 0, sizeof(struct nfc_target));
1017
1018	target_data_len = resp_len - sizeof(struct pn533_poll_response);
1019
1020	switch (dev->poll_mod_curr) {
1021	case PN533_POLL_MOD_106KBPS_A:
1022		rc = pn533_target_found_type_a(&nfc_tgt, resp->target_data,
1023							target_data_len);
1024		break;
1025	case PN533_POLL_MOD_212KBPS_FELICA:
1026	case PN533_POLL_MOD_424KBPS_FELICA:
1027		rc = pn533_target_found_felica(&nfc_tgt, resp->target_data,
1028							target_data_len);
1029		break;
1030	case PN533_POLL_MOD_106KBPS_JEWEL:
1031		rc = pn533_target_found_jewel(&nfc_tgt, resp->target_data,
1032							target_data_len);
1033		break;
1034	case PN533_POLL_MOD_847KBPS_B:
1035		rc = pn533_target_found_type_b(&nfc_tgt, resp->target_data,
1036							target_data_len);
1037		break;
1038	default:
1039		nfc_dev_err(&dev->interface->dev, "Unknown current poll"
1040								" modulation");
1041		return -EPROTO;
1042	}
1043
1044	if (rc)
1045		return rc;
1046
1047	if (!(nfc_tgt.supported_protocols & dev->poll_protocols)) {
1048		nfc_dev_dbg(&dev->interface->dev, "The target found does not"
1049						" have the desired protocol");
1050		return -EAGAIN;
1051	}
1052
1053	nfc_dev_dbg(&dev->interface->dev, "Target found - supported protocols: "
1054					"0x%x", nfc_tgt.supported_protocols);
1055
1056	dev->tgt_available_prots = nfc_tgt.supported_protocols;
1057
1058	nfc_targets_found(dev->nfc_dev, &nfc_tgt, 1);
1059
1060	return 0;
1061}
1062
1063static inline void pn533_poll_next_mod(struct pn533 *dev)
1064{
1065	dev->poll_mod_curr = (dev->poll_mod_curr + 1) % dev->poll_mod_count;
1066}
1067
1068static void pn533_poll_reset_mod_list(struct pn533 *dev)
1069{
1070	dev->poll_mod_count = 0;
1071}
1072
1073static void pn533_poll_add_mod(struct pn533 *dev, u8 mod_index)
1074{
1075	dev->poll_mod_active[dev->poll_mod_count] =
1076		(struct pn533_poll_modulations *) &poll_mod[mod_index];
1077	dev->poll_mod_count++;
1078}
1079
1080static void pn533_poll_create_mod_list(struct pn533 *dev,
1081				       u32 im_protocols, u32 tm_protocols)
1082{
1083	pn533_poll_reset_mod_list(dev);
1084
1085	if (im_protocols & NFC_PROTO_MIFARE_MASK
1086	    || im_protocols & NFC_PROTO_ISO14443_MASK
1087	    || im_protocols & NFC_PROTO_NFC_DEP_MASK)
1088		pn533_poll_add_mod(dev, PN533_POLL_MOD_106KBPS_A);
1089
1090	if (im_protocols & NFC_PROTO_FELICA_MASK
1091	    || im_protocols & NFC_PROTO_NFC_DEP_MASK) {
1092		pn533_poll_add_mod(dev, PN533_POLL_MOD_212KBPS_FELICA);
1093		pn533_poll_add_mod(dev, PN533_POLL_MOD_424KBPS_FELICA);
1094	}
1095
1096	if (im_protocols & NFC_PROTO_JEWEL_MASK)
1097		pn533_poll_add_mod(dev, PN533_POLL_MOD_106KBPS_JEWEL);
1098
1099	if (im_protocols & NFC_PROTO_ISO14443_B_MASK)
1100		pn533_poll_add_mod(dev, PN533_POLL_MOD_847KBPS_B);
1101
1102	if (tm_protocols)
1103		pn533_poll_add_mod(dev, PN533_LISTEN_MOD);
1104}
1105
1106static int pn533_start_poll_complete(struct pn533 *dev, void *arg,
1107				     u8 *params, int params_len)
1108{
1109	struct pn533_poll_response *resp;
1110	int rc;
1111
1112	nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1113
1114	resp = (struct pn533_poll_response *) params;
1115	if (resp->nbtg) {
1116		rc = pn533_target_found(dev, resp, params_len);
1117
1118		/* We must stop the poll after a valid target found */
1119		if (rc == 0) {
1120			pn533_poll_reset_mod_list(dev);
1121			return 0;
1122		}
1123	}
1124
1125	return -EAGAIN;
1126}
1127
1128static int pn533_init_target_frame(struct pn533_frame *frame,
1129				   u8 *gb, size_t gb_len)
1130{
1131	struct pn533_cmd_init_target *cmd;
1132	size_t cmd_len;
1133	u8 felica_params[18] = {0x1, 0xfe, /* DEP */
1134				0x0, 0x0, 0x0, 0x0, 0x0, 0x0, /* random */
1135				0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
1136				0xff, 0xff}; /* System code */
1137	u8 mifare_params[6] = {0x1, 0x1, /* SENS_RES */
1138			       0x0, 0x0, 0x0,
1139			       0x40}; /* SEL_RES for DEP */
1140
1141	cmd_len = sizeof(struct pn533_cmd_init_target) + gb_len + 1;
1142	cmd = kzalloc(cmd_len, GFP_KERNEL);
1143	if (cmd == NULL)
1144		return -ENOMEM;
1145
1146	pn533_tx_frame_init(frame, PN533_CMD_TG_INIT_AS_TARGET);
1147
1148	/* DEP support only */
1149	cmd->mode |= PN533_INIT_TARGET_DEP;
1150
1151	/* Felica params */
1152	memcpy(cmd->felica, felica_params, 18);
1153	get_random_bytes(cmd->felica + 2, 6);
1154
1155	/* NFCID3 */
1156	memset(cmd->nfcid3, 0, 10);
1157	memcpy(cmd->nfcid3, cmd->felica, 8);
1158
1159	/* MIFARE params */
1160	memcpy(cmd->mifare, mifare_params, 6);
1161
1162	/* General bytes */
1163	cmd->gb_len = gb_len;
1164	memcpy(cmd->gb, gb, gb_len);
1165
1166	/* Len Tk */
1167	cmd->gb[gb_len] = 0;
1168
1169	memcpy(PN533_FRAME_CMD_PARAMS_PTR(frame), cmd, cmd_len);
1170
1171	frame->datalen += cmd_len;
1172
1173	pn533_tx_frame_finish(frame);
1174
1175	kfree(cmd);
1176
1177	return 0;
1178}
1179
1180#define PN533_CMD_DATAEXCH_HEAD_LEN (sizeof(struct pn533_frame) + 3)
1181#define PN533_CMD_DATAEXCH_DATA_MAXLEN 262
1182static int pn533_tm_get_data_complete(struct pn533 *dev, void *arg,
1183				      u8 *params, int params_len)
1184{
1185	struct sk_buff *skb_resp = arg;
1186	struct pn533_frame *in_frame = (struct pn533_frame *) skb_resp->data;
1187
1188	nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1189
1190	if (params_len < 0) {
1191		nfc_dev_err(&dev->interface->dev,
1192			    "Error %d when starting as a target",
1193			    params_len);
1194
1195		return params_len;
1196	}
1197
1198	if (params_len > 0 && params[0] != 0) {
1199		nfc_tm_deactivated(dev->nfc_dev);
1200
1201		dev->tgt_mode = 0;
1202
1203		kfree_skb(skb_resp);
1204		return 0;
1205	}
1206
1207	skb_put(skb_resp, PN533_FRAME_SIZE(in_frame));
1208	skb_pull(skb_resp, PN533_CMD_DATAEXCH_HEAD_LEN);
1209	skb_trim(skb_resp, skb_resp->len - PN533_FRAME_TAIL_SIZE);
1210
1211	return nfc_tm_data_received(dev->nfc_dev, skb_resp);
1212}
1213
1214static void pn533_wq_tg_get_data(struct work_struct *work)
1215{
1216	struct pn533 *dev = container_of(work, struct pn533, tg_work);
1217	struct pn533_frame *in_frame;
1218	struct sk_buff *skb_resp;
1219	size_t skb_resp_len;
1220
1221	nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1222
1223	skb_resp_len = PN533_CMD_DATAEXCH_HEAD_LEN +
1224		PN533_CMD_DATAEXCH_DATA_MAXLEN +
1225		PN533_FRAME_TAIL_SIZE;
1226
1227	skb_resp = nfc_alloc_recv_skb(skb_resp_len, GFP_KERNEL);
1228	if (!skb_resp)
1229		return;
1230
1231	in_frame = (struct pn533_frame *)skb_resp->data;
1232
1233	pn533_tx_frame_init(dev->out_frame, PN533_CMD_TG_GET_DATA);
1234	pn533_tx_frame_finish(dev->out_frame);
1235
1236	pn533_send_cmd_frame_async(dev, dev->out_frame, in_frame,
1237				   skb_resp_len,
1238				   pn533_tm_get_data_complete,
1239				   skb_resp, GFP_KERNEL);
1240
1241	return;
1242}
1243
1244#define ATR_REQ_GB_OFFSET 17
1245static int pn533_init_target_complete(struct pn533 *dev, void *arg,
1246				      u8 *params, int params_len)
1247{
1248	struct pn533_cmd_init_target_response *resp;
1249	u8 frame, comm_mode = NFC_COMM_PASSIVE, *gb;
1250	size_t gb_len;
1251	int rc;
1252
1253	nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1254
1255	if (params_len < 0) {
1256		nfc_dev_err(&dev->interface->dev,
1257			    "Error %d when starting as a target",
1258			    params_len);
1259
1260		return params_len;
1261	}
1262
1263	if (params_len < ATR_REQ_GB_OFFSET + 1)
1264		return -EINVAL;
1265
1266	resp = (struct pn533_cmd_init_target_response *) params;
1267
1268	nfc_dev_dbg(&dev->interface->dev, "Target mode 0x%x param len %d\n",
1269		    resp->mode, params_len);
1270
1271	frame = resp->mode & PN533_INIT_TARGET_RESP_FRAME_MASK;
1272	if (frame == PN533_INIT_TARGET_RESP_ACTIVE)
1273		comm_mode = NFC_COMM_ACTIVE;
1274
1275	/* Again, only DEP */
1276	if ((resp->mode & PN533_INIT_TARGET_RESP_DEP) == 0)
1277		return -EOPNOTSUPP;
1278
1279	gb = resp->cmd + ATR_REQ_GB_OFFSET;
1280	gb_len = params_len - (ATR_REQ_GB_OFFSET + 1);
1281
1282	rc = nfc_tm_activated(dev->nfc_dev, NFC_PROTO_NFC_DEP_MASK,
1283			      comm_mode, gb, gb_len);
1284	if (rc < 0) {
1285		nfc_dev_err(&dev->interface->dev,
1286			    "Error when signaling target activation");
1287		return rc;
1288	}
1289
1290	dev->tgt_mode = 1;
1291
1292	queue_work(dev->wq, &dev->tg_work);
1293
1294	return 0;
1295}
1296
1297static void pn533_listen_mode_timer(unsigned long data)
1298{
1299	struct pn533 *dev = (struct pn533 *) data;
1300
1301	nfc_dev_dbg(&dev->interface->dev, "Listen mode timeout");
1302
1303	/* An ack will cancel the last issued command (poll) */
1304	pn533_send_ack(dev, GFP_ATOMIC);
1305
1306	dev->cancel_listen = 1;
1307
1308	mutex_unlock(&dev->cmd_lock);
1309
1310	pn533_poll_next_mod(dev);
1311
1312	queue_work(dev->wq, &dev->poll_work);
1313}
1314
1315static int pn533_poll_complete(struct pn533 *dev, void *arg,
1316			       u8 *params, int params_len)
1317{
1318	struct pn533_poll_modulations *cur_mod;
1319	int rc;
1320
1321	nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1322
1323	if (params_len == -ENOENT) {
1324		if (dev->poll_mod_count != 0)
1325			return 0;
1326
1327		nfc_dev_err(&dev->interface->dev,
1328			    "Polling operation has been stopped");
1329
1330		goto stop_poll;
1331	}
1332
1333	if (params_len < 0) {
1334		nfc_dev_err(&dev->interface->dev,
1335			    "Error %d when running poll", params_len);
1336
1337		goto stop_poll;
1338	}
1339
1340	cur_mod = dev->poll_mod_active[dev->poll_mod_curr];
1341
1342	if (cur_mod->len == 0) {
1343		del_timer(&dev->listen_timer);
1344
1345		return pn533_init_target_complete(dev, arg, params, params_len);
1346	} else {
1347		rc = pn533_start_poll_complete(dev, arg, params, params_len);
1348		if (!rc)
1349			return rc;
1350	}
1351
1352	pn533_poll_next_mod(dev);
1353
1354	queue_work(dev->wq, &dev->poll_work);
1355
1356	return 0;
1357
1358stop_poll:
1359	pn533_poll_reset_mod_list(dev);
1360	dev->poll_protocols = 0;
1361	return 0;
1362}
1363
1364static void pn533_build_poll_frame(struct pn533 *dev,
1365				   struct pn533_frame *frame,
1366				   struct pn533_poll_modulations *mod)
1367{
1368	nfc_dev_dbg(&dev->interface->dev, "mod len %d\n", mod->len);
1369
1370	if (mod->len == 0) {
1371		/* Listen mode */
1372		pn533_init_target_frame(frame, dev->gb, dev->gb_len);
1373	} else {
1374		/* Polling mode */
1375		pn533_tx_frame_init(frame, PN533_CMD_IN_LIST_PASSIVE_TARGET);
1376
1377		memcpy(PN533_FRAME_CMD_PARAMS_PTR(frame), &mod->data, mod->len);
1378		frame->datalen += mod->len;
1379
1380		pn533_tx_frame_finish(frame);
1381	}
1382}
1383
1384static int pn533_send_poll_frame(struct pn533 *dev)
1385{
1386	struct pn533_poll_modulations *cur_mod;
1387	int rc;
1388
1389	cur_mod = dev->poll_mod_active[dev->poll_mod_curr];
1390
1391	pn533_build_poll_frame(dev, dev->out_frame, cur_mod);
1392
1393	rc = pn533_send_cmd_frame_async(dev, dev->out_frame, dev->in_frame,
1394				dev->in_maxlen,	pn533_poll_complete,
1395				NULL, GFP_KERNEL);
1396	if (rc)
1397		nfc_dev_err(&dev->interface->dev, "Polling loop error %d", rc);
1398
1399	return rc;
1400}
1401
1402static void pn533_wq_poll(struct work_struct *work)
1403{
1404	struct pn533 *dev = container_of(work, struct pn533, poll_work);
1405	struct pn533_poll_modulations *cur_mod;
1406	int rc;
1407
1408	cur_mod = dev->poll_mod_active[dev->poll_mod_curr];
1409
1410	nfc_dev_dbg(&dev->interface->dev,
1411		    "%s cancel_listen %d modulation len %d",
1412		    __func__, dev->cancel_listen, cur_mod->len);
1413
1414	if (dev->cancel_listen == 1) {
1415		dev->cancel_listen = 0;
1416		usb_kill_urb(dev->in_urb);
1417	}
1418
1419	rc = pn533_send_poll_frame(dev);
1420	if (rc)
1421		return;
1422
1423	if (cur_mod->len == 0 && dev->poll_mod_count > 1)
1424		mod_timer(&dev->listen_timer, jiffies + PN533_LISTEN_TIME * HZ);
1425
1426	return;
1427}
1428
1429static int pn533_start_poll(struct nfc_dev *nfc_dev,
1430			    u32 im_protocols, u32 tm_protocols)
1431{
1432	struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1433
1434	nfc_dev_dbg(&dev->interface->dev,
1435		    "%s: im protocols 0x%x tm protocols 0x%x",
1436		    __func__, im_protocols, tm_protocols);
1437
1438	if (dev->tgt_active_prot) {
1439		nfc_dev_err(&dev->interface->dev,
1440			    "Cannot poll with a target already activated");
1441		return -EBUSY;
1442	}
1443
1444	if (dev->tgt_mode) {
1445		nfc_dev_err(&dev->interface->dev,
1446			    "Cannot poll while already being activated");
1447		return -EBUSY;
1448	}
1449
1450	if (tm_protocols) {
1451		dev->gb = nfc_get_local_general_bytes(nfc_dev, &dev->gb_len);
1452		if (dev->gb == NULL)
1453			tm_protocols = 0;
1454	}
1455
1456	dev->poll_mod_curr = 0;
1457	pn533_poll_create_mod_list(dev, im_protocols, tm_protocols);
1458	dev->poll_protocols = im_protocols;
1459	dev->listen_protocols = tm_protocols;
1460
1461	return pn533_send_poll_frame(dev);
1462}
1463
1464static void pn533_stop_poll(struct nfc_dev *nfc_dev)
1465{
1466	struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1467
1468	nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1469
1470	del_timer(&dev->listen_timer);
1471
1472	if (!dev->poll_mod_count) {
1473		nfc_dev_dbg(&dev->interface->dev, "Polling operation was not"
1474								" running");
1475		return;
1476	}
1477
1478	/* An ack will cancel the last issued command (poll) */
1479	pn533_send_ack(dev, GFP_KERNEL);
1480
1481	/* prevent pn533_start_poll_complete to issue a new poll meanwhile */
1482	usb_kill_urb(dev->in_urb);
1483
1484	pn533_poll_reset_mod_list(dev);
1485}
1486
1487static int pn533_activate_target_nfcdep(struct pn533 *dev)
1488{
1489	struct pn533_cmd_activate_param param;
1490	struct pn533_cmd_activate_response *resp;
1491	u16 gt_len;
1492	int rc;
1493
1494	nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1495
1496	pn533_tx_frame_init(dev->out_frame, PN533_CMD_IN_ATR);
1497
1498	param.tg = 1;
1499	param.next = 0;
1500	memcpy(PN533_FRAME_CMD_PARAMS_PTR(dev->out_frame), &param,
1501				sizeof(struct pn533_cmd_activate_param));
1502	dev->out_frame->datalen += sizeof(struct pn533_cmd_activate_param);
1503
1504	pn533_tx_frame_finish(dev->out_frame);
1505
1506	rc = pn533_send_cmd_frame_sync(dev, dev->out_frame, dev->in_frame,
1507								dev->in_maxlen);
1508	if (rc)
1509		return rc;
1510
1511	resp = (struct pn533_cmd_activate_response *)
1512				PN533_FRAME_CMD_PARAMS_PTR(dev->in_frame);
1513	rc = resp->status & PN533_CMD_RET_MASK;
1514	if (rc != PN533_CMD_RET_SUCCESS)
1515		return -EIO;
1516
1517	/* ATR_RES general bytes are located at offset 16 */
1518	gt_len = PN533_FRAME_CMD_PARAMS_LEN(dev->in_frame) - 16;
1519	rc = nfc_set_remote_general_bytes(dev->nfc_dev, resp->gt, gt_len);
1520
1521	return rc;
1522}
1523
1524static int pn533_activate_target(struct nfc_dev *nfc_dev,
1525				 struct nfc_target *target, u32 protocol)
1526{
1527	struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1528	int rc;
1529
1530	nfc_dev_dbg(&dev->interface->dev, "%s - protocol=%u", __func__,
1531								protocol);
1532
1533	if (dev->poll_mod_count) {
1534		nfc_dev_err(&dev->interface->dev, "Cannot activate while"
1535								" polling");
1536		return -EBUSY;
1537	}
1538
1539	if (dev->tgt_active_prot) {
1540		nfc_dev_err(&dev->interface->dev, "There is already an active"
1541								" target");
1542		return -EBUSY;
1543	}
1544
1545	if (!dev->tgt_available_prots) {
1546		nfc_dev_err(&dev->interface->dev, "There is no available target"
1547								" to activate");
1548		return -EINVAL;
1549	}
1550
1551	if (!(dev->tgt_available_prots & (1 << protocol))) {
1552		nfc_dev_err(&dev->interface->dev, "The target does not support"
1553					" the requested protocol %u", protocol);
1554		return -EINVAL;
1555	}
1556
1557	if (protocol == NFC_PROTO_NFC_DEP) {
1558		rc = pn533_activate_target_nfcdep(dev);
1559		if (rc) {
1560			nfc_dev_err(&dev->interface->dev, "Error %d when"
1561						" activating target with"
1562						" NFC_DEP protocol", rc);
1563			return rc;
1564		}
1565	}
1566
1567	dev->tgt_active_prot = protocol;
1568	dev->tgt_available_prots = 0;
1569
1570	return 0;
1571}
1572
1573static void pn533_deactivate_target(struct nfc_dev *nfc_dev,
1574				    struct nfc_target *target)
1575{
1576	struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1577	u8 tg;
1578	u8 status;
1579	int rc;
1580
1581	nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1582
1583	if (!dev->tgt_active_prot) {
1584		nfc_dev_err(&dev->interface->dev, "There is no active target");
1585		return;
1586	}
1587
1588	dev->tgt_active_prot = 0;
1589
1590	skb_queue_purge(&dev->resp_q);
1591
1592	pn533_tx_frame_init(dev->out_frame, PN533_CMD_IN_RELEASE);
1593
1594	tg = 1;
1595	memcpy(PN533_FRAME_CMD_PARAMS_PTR(dev->out_frame), &tg, sizeof(u8));
1596	dev->out_frame->datalen += sizeof(u8);
1597
1598	pn533_tx_frame_finish(dev->out_frame);
1599
1600	rc = pn533_send_cmd_frame_sync(dev, dev->out_frame, dev->in_frame,
1601								dev->in_maxlen);
1602	if (rc) {
1603		nfc_dev_err(&dev->interface->dev, "Error when sending release"
1604						" command to the controller");
1605		return;
1606	}
1607
1608	status = PN533_FRAME_CMD_PARAMS_PTR(dev->in_frame)[0];
1609	rc = status & PN533_CMD_RET_MASK;
1610	if (rc != PN533_CMD_RET_SUCCESS)
1611		nfc_dev_err(&dev->interface->dev, "Error 0x%x when releasing"
1612							" the target", rc);
1613
1614	return;
1615}
1616
1617
1618static int pn533_in_dep_link_up_complete(struct pn533 *dev, void *arg,
1619						u8 *params, int params_len)
1620{
1621	struct pn533_cmd_jump_dep *cmd;
1622	struct pn533_cmd_jump_dep_response *resp;
1623	struct nfc_target nfc_target;
1624	u8 target_gt_len;
1625	int rc;
1626
1627	if (params_len == -ENOENT) {
1628		nfc_dev_dbg(&dev->interface->dev, "");
1629		return 0;
1630	}
1631
1632	if (params_len < 0) {
1633		nfc_dev_err(&dev->interface->dev,
1634				"Error %d when bringing DEP link up",
1635								params_len);
1636		return 0;
1637	}
1638
1639	if (dev->tgt_available_prots &&
1640	    !(dev->tgt_available_prots & (1 << NFC_PROTO_NFC_DEP))) {
1641		nfc_dev_err(&dev->interface->dev,
1642			"The target does not support DEP");
1643		return -EINVAL;
1644	}
1645
1646	resp = (struct pn533_cmd_jump_dep_response *) params;
1647	cmd = (struct pn533_cmd_jump_dep *) arg;
1648	rc = resp->status & PN533_CMD_RET_MASK;
1649	if (rc != PN533_CMD_RET_SUCCESS) {
1650		nfc_dev_err(&dev->interface->dev,
1651				"Bringing DEP link up failed %d", rc);
1652		return 0;
1653	}
1654
1655	if (!dev->tgt_available_prots) {
1656		nfc_dev_dbg(&dev->interface->dev, "Creating new target");
1657
1658		nfc_target.supported_protocols = NFC_PROTO_NFC_DEP_MASK;
1659		nfc_target.nfcid1_len = 10;
1660		memcpy(nfc_target.nfcid1, resp->nfcid3t, nfc_target.nfcid1_len);
1661		rc = nfc_targets_found(dev->nfc_dev, &nfc_target, 1);
1662		if (rc)
1663			return 0;
1664
1665		dev->tgt_available_prots = 0;
1666	}
1667
1668	dev->tgt_active_prot = NFC_PROTO_NFC_DEP;
1669
1670	/* ATR_RES general bytes are located at offset 17 */
1671	target_gt_len = PN533_FRAME_CMD_PARAMS_LEN(dev->in_frame) - 17;
1672	rc = nfc_set_remote_general_bytes(dev->nfc_dev,
1673						resp->gt, target_gt_len);
1674	if (rc == 0)
1675		rc = nfc_dep_link_is_up(dev->nfc_dev,
1676						dev->nfc_dev->targets[0].idx,
1677						!cmd->active, NFC_RF_INITIATOR);
1678
1679	return 0;
1680}
1681
1682static int pn533_mod_to_baud(struct pn533 *dev)
1683{
1684	switch (dev->poll_mod_curr) {
1685	case PN533_POLL_MOD_106KBPS_A:
1686		return 0;
1687	case PN533_POLL_MOD_212KBPS_FELICA:
1688		return 1;
1689	case PN533_POLL_MOD_424KBPS_FELICA:
1690		return 2;
1691	default:
1692		return -EINVAL;
1693	}
1694}
1695
1696#define PASSIVE_DATA_LEN 5
1697static int pn533_dep_link_up(struct nfc_dev *nfc_dev, struct nfc_target *target,
1698			     u8 comm_mode, u8* gb, size_t gb_len)
1699{
1700	struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1701	struct pn533_cmd_jump_dep *cmd;
1702	u8 cmd_len, *data_ptr;
1703	u8 passive_data[PASSIVE_DATA_LEN] = {0x00, 0xff, 0xff, 0x00, 0x3};
1704	int rc, baud;
1705
1706	nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1707
1708	if (dev->poll_mod_count) {
1709		nfc_dev_err(&dev->interface->dev,
1710				"Cannot bring the DEP link up while polling");
1711		return -EBUSY;
1712	}
1713
1714	if (dev->tgt_active_prot) {
1715		nfc_dev_err(&dev->interface->dev,
1716				"There is already an active target");
1717		return -EBUSY;
1718	}
1719
1720	baud = pn533_mod_to_baud(dev);
1721	if (baud < 0) {
1722		nfc_dev_err(&dev->interface->dev,
1723			    "Invalid curr modulation %d", dev->poll_mod_curr);
1724		return baud;
1725	}
1726
1727	cmd_len = sizeof(struct pn533_cmd_jump_dep) + gb_len;
1728	if (comm_mode == NFC_COMM_PASSIVE)
1729		cmd_len += PASSIVE_DATA_LEN;
1730
1731	cmd = kzalloc(cmd_len, GFP_KERNEL);
1732	if (cmd == NULL)
1733		return -ENOMEM;
1734
1735	pn533_tx_frame_init(dev->out_frame, PN533_CMD_IN_JUMP_FOR_DEP);
1736
1737	cmd->active = !comm_mode;
1738	cmd->next = 0;
1739	cmd->baud = baud;
1740	data_ptr = cmd->data;
1741	if (comm_mode == NFC_COMM_PASSIVE && cmd->baud > 0) {
1742		memcpy(data_ptr, passive_data, PASSIVE_DATA_LEN);
1743		cmd->next |= 1;
1744		data_ptr += PASSIVE_DATA_LEN;
1745	}
1746
1747	if (gb != NULL && gb_len > 0) {
1748		cmd->next |= 4; /* We have some Gi */
1749		memcpy(data_ptr, gb, gb_len);
1750	} else {
1751		cmd->next = 0;
1752	}
1753
1754	memcpy(PN533_FRAME_CMD_PARAMS_PTR(dev->out_frame), cmd, cmd_len);
1755	dev->out_frame->datalen += cmd_len;
1756
1757	pn533_tx_frame_finish(dev->out_frame);
1758
1759	rc = pn533_send_cmd_frame_async(dev, dev->out_frame, dev->in_frame,
1760				dev->in_maxlen,	pn533_in_dep_link_up_complete,
1761				cmd, GFP_KERNEL);
1762	if (rc)
1763		goto out;
1764
1765
1766out:
1767	kfree(cmd);
1768
1769	return rc;
1770}
1771
1772static int pn533_dep_link_down(struct nfc_dev *nfc_dev)
1773{
1774	struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1775
1776	pn533_poll_reset_mod_list(dev);
1777
1778	if (dev->tgt_mode || dev->tgt_active_prot) {
1779		pn533_send_ack(dev, GFP_KERNEL);
1780		usb_kill_urb(dev->in_urb);
1781	}
1782
1783	dev->tgt_active_prot = 0;
1784	dev->tgt_mode = 0;
1785
1786	skb_queue_purge(&dev->resp_q);
1787
1788	return 0;
1789}
1790
1791static int pn533_build_tx_frame(struct pn533 *dev, struct sk_buff *skb,
1792				bool target)
1793{
1794	int payload_len = skb->len;
1795	struct pn533_frame *out_frame;
1796	u8 tg;
1797
1798	nfc_dev_dbg(&dev->interface->dev, "%s - Sending %d bytes", __func__,
1799								payload_len);
1800
1801	if (payload_len > PN533_CMD_DATAEXCH_DATA_MAXLEN) {
1802		/* TODO: Implement support to multi-part data exchange */
1803		nfc_dev_err(&dev->interface->dev, "Data length greater than the"
1804						" max allowed: %d",
1805						PN533_CMD_DATAEXCH_DATA_MAXLEN);
1806		return -ENOSYS;
1807	}
1808
1809	if (target == true) {
1810		switch (dev->device_type) {
1811		case PN533_DEVICE_PASORI:
1812			if (dev->tgt_active_prot == NFC_PROTO_FELICA) {
1813				skb_push(skb, PN533_CMD_DATAEXCH_HEAD_LEN - 1);
1814				out_frame = (struct pn533_frame *) skb->data;
1815				pn533_tx_frame_init(out_frame,
1816						    PN533_CMD_IN_COMM_THRU);
1817
1818				break;
1819			}
1820
1821		default:
1822			skb_push(skb, PN533_CMD_DATAEXCH_HEAD_LEN);
1823			out_frame = (struct pn533_frame *) skb->data;
1824			pn533_tx_frame_init(out_frame,
1825					    PN533_CMD_IN_DATA_EXCHANGE);
1826			tg = 1;
1827			memcpy(PN533_FRAME_CMD_PARAMS_PTR(out_frame),
1828			       &tg, sizeof(u8));
1829			out_frame->datalen += sizeof(u8);
1830
1831			break;
1832		}
1833
1834	} else {
1835		skb_push(skb, PN533_CMD_DATAEXCH_HEAD_LEN - 1);
1836		out_frame = (struct pn533_frame *) skb->data;
1837		pn533_tx_frame_init(out_frame, PN533_CMD_TG_SET_DATA);
1838	}
1839
1840
1841	/* The data is already in the out_frame, just update the datalen */
1842	out_frame->datalen += payload_len;
1843
1844	pn533_tx_frame_finish(out_frame);
1845	skb_put(skb, PN533_FRAME_TAIL_SIZE);
1846
1847	return 0;
1848}
1849
1850struct pn533_data_exchange_arg {
1851	struct sk_buff *skb_resp;
1852	struct sk_buff *skb_out;
1853	data_exchange_cb_t cb;
1854	void *cb_context;
1855};
1856
1857static struct sk_buff *pn533_build_response(struct pn533 *dev)
1858{
1859	struct sk_buff *skb, *tmp, *t;
1860	unsigned int skb_len = 0, tmp_len = 0;
1861
1862	nfc_dev_dbg(&dev->interface->dev, "%s\n", __func__);
1863
1864	if (skb_queue_empty(&dev->resp_q))
1865		return NULL;
1866
1867	if (skb_queue_len(&dev->resp_q) == 1) {
1868		skb = skb_dequeue(&dev->resp_q);
1869		goto out;
1870	}
1871
1872	skb_queue_walk_safe(&dev->resp_q, tmp, t)
1873		skb_len += tmp->len;
1874
1875	nfc_dev_dbg(&dev->interface->dev, "%s total length %d\n",
1876		    __func__, skb_len);
1877
1878	skb = alloc_skb(skb_len, GFP_KERNEL);
1879	if (skb == NULL)
1880		goto out;
1881
1882	skb_put(skb, skb_len);
1883
1884	skb_queue_walk_safe(&dev->resp_q, tmp, t) {
1885		memcpy(skb->data + tmp_len, tmp->data, tmp->len);
1886		tmp_len += tmp->len;
1887	}
1888
1889out:
1890	skb_queue_purge(&dev->resp_q);
1891
1892	return skb;
1893}
1894
1895static int pn533_data_exchange_complete(struct pn533 *dev, void *_arg,
1896						u8 *params, int params_len)
1897{
1898	struct pn533_data_exchange_arg *arg = _arg;
1899	struct sk_buff *skb = NULL, *skb_resp = arg->skb_resp;
1900	struct pn533_frame *in_frame = (struct pn533_frame *) skb_resp->data;
1901	int err = 0;
1902	u8 status;
1903	u8 cmd_ret;
1904
1905	nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1906
1907	dev_kfree_skb(arg->skb_out);
1908
1909	if (params_len < 0) { /* error */
1910		err = params_len;
1911		goto error;
1912	}
1913
1914	status = params[0];
1915
1916	cmd_ret = status & PN533_CMD_RET_MASK;
1917	if (cmd_ret != PN533_CMD_RET_SUCCESS) {
1918		nfc_dev_err(&dev->interface->dev, "PN533 reported error %d when"
1919						" exchanging data", cmd_ret);
1920		err = -EIO;
1921		goto error;
1922	}
1923
1924	skb_put(skb_resp, PN533_FRAME_SIZE(in_frame));
1925	skb_pull(skb_resp, PN533_CMD_DATAEXCH_HEAD_LEN);
1926	skb_trim(skb_resp, skb_resp->len - PN533_FRAME_TAIL_SIZE);
1927	skb_queue_tail(&dev->resp_q, skb_resp);
1928
1929	if (status & PN533_CMD_MI_MASK) {
1930		queue_work(dev->wq, &dev->mi_work);
1931		return -EINPROGRESS;
1932	}
1933
1934	skb = pn533_build_response(dev);
1935	if (skb == NULL)
1936		goto error;
1937
1938	arg->cb(arg->cb_context, skb, 0);
1939	kfree(arg);
1940	return 0;
1941
1942error:
1943	skb_queue_purge(&dev->resp_q);
1944	dev_kfree_skb(skb_resp);
1945	arg->cb(arg->cb_context, NULL, err);
1946	kfree(arg);
1947	return 0;
1948}
1949
1950static int pn533_transceive(struct nfc_dev *nfc_dev,
1951			    struct nfc_target *target, struct sk_buff *skb,
1952			    data_exchange_cb_t cb, void *cb_context)
1953{
1954	struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1955	struct pn533_frame *out_frame, *in_frame;
1956	struct pn533_data_exchange_arg *arg;
1957	struct sk_buff *skb_resp;
1958	int skb_resp_len;
1959	int rc;
1960
1961	nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1962
1963	if (!dev->tgt_active_prot) {
1964		nfc_dev_err(&dev->interface->dev, "Cannot exchange data if"
1965						" there is no active target");
1966		rc = -EINVAL;
1967		goto error;
1968	}
1969
1970	rc = pn533_build_tx_frame(dev, skb, true);
1971	if (rc)
1972		goto error;
1973
1974	skb_resp_len = PN533_CMD_DATAEXCH_HEAD_LEN +
1975			PN533_CMD_DATAEXCH_DATA_MAXLEN +
1976			PN533_FRAME_TAIL_SIZE;
1977
1978	skb_resp = nfc_alloc_recv_skb(skb_resp_len, GFP_KERNEL);
1979	if (!skb_resp) {
1980		rc = -ENOMEM;
1981		goto error;
1982	}
1983
1984	in_frame = (struct pn533_frame *) skb_resp->data;
1985	out_frame = (struct pn533_frame *) skb->data;
1986
1987	arg = kmalloc(sizeof(struct pn533_data_exchange_arg), GFP_KERNEL);
1988	if (!arg) {
1989		rc = -ENOMEM;
1990		goto free_skb_resp;
1991	}
1992
1993	arg->skb_resp = skb_resp;
1994	arg->skb_out = skb;
1995	arg->cb = cb;
1996	arg->cb_context = cb_context;
1997
1998	rc = pn533_send_cmd_frame_async(dev, out_frame, in_frame, skb_resp_len,
1999					pn533_data_exchange_complete, arg,
2000					GFP_KERNEL);
2001	if (rc) {
2002		nfc_dev_err(&dev->interface->dev, "Error %d when trying to"
2003						" perform data_exchange", rc);
2004		goto free_arg;
2005	}
2006
2007	return 0;
2008
2009free_arg:
2010	kfree(arg);
2011free_skb_resp:
2012	kfree_skb(skb_resp);
2013error:
2014	kfree_skb(skb);
2015	return rc;
2016}
2017
2018static int pn533_tm_send_complete(struct pn533 *dev, void *arg,
2019				  u8 *params, int params_len)
2020{
2021	nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2022
2023	if (params_len < 0) {
2024		nfc_dev_err(&dev->interface->dev,
2025			    "Error %d when sending data",
2026			    params_len);
2027
2028		return params_len;
2029	}
2030
2031	if (params_len > 0 && params[0] != 0) {
2032		nfc_tm_deactivated(dev->nfc_dev);
2033
2034		dev->tgt_mode = 0;
2035
2036		return 0;
2037	}
2038
2039	queue_work(dev->wq, &dev->tg_work);
2040
2041	return 0;
2042}
2043
2044static int pn533_tm_send(struct nfc_dev *nfc_dev, struct sk_buff *skb)
2045{
2046	struct pn533 *dev = nfc_get_drvdata(nfc_dev);
2047	struct pn533_frame *out_frame;
2048	int rc;
2049
2050	nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2051
2052	rc = pn533_build_tx_frame(dev, skb, false);
2053	if (rc)
2054		goto error;
2055
2056	out_frame = (struct pn533_frame *) skb->data;
2057
2058	rc = pn533_send_cmd_frame_async(dev, out_frame, dev->in_frame,
2059					dev->in_maxlen, pn533_tm_send_complete,
2060					NULL, GFP_KERNEL);
2061	if (rc) {
2062		nfc_dev_err(&dev->interface->dev,
2063			    "Error %d when trying to send data", rc);
2064		goto error;
2065	}
2066
2067	return 0;
2068
2069error:
2070	kfree_skb(skb);
2071
2072	return rc;
2073}
2074
2075static void pn533_wq_mi_recv(struct work_struct *work)
2076{
2077	struct pn533 *dev = container_of(work, struct pn533, mi_work);
2078	struct sk_buff *skb_cmd;
2079	struct pn533_data_exchange_arg *arg = dev->cmd_complete_arg;
2080	struct pn533_frame *out_frame, *in_frame;
2081	struct sk_buff *skb_resp;
2082	int skb_resp_len;
2083	int rc;
2084
2085	nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2086
2087	/* This is a zero payload size skb */
2088	skb_cmd = alloc_skb(PN533_CMD_DATAEXCH_HEAD_LEN + PN533_FRAME_TAIL_SIZE,
2089			    GFP_KERNEL);
2090	if (skb_cmd == NULL)
2091		goto error_cmd;
2092
2093	skb_reserve(skb_cmd, PN533_CMD_DATAEXCH_HEAD_LEN);
2094
2095	rc = pn533_build_tx_frame(dev, skb_cmd, true);
2096	if (rc)
2097		goto error_frame;
2098
2099	skb_resp_len = PN533_CMD_DATAEXCH_HEAD_LEN +
2100			PN533_CMD_DATAEXCH_DATA_MAXLEN +
2101			PN533_FRAME_TAIL_SIZE;
2102	skb_resp = alloc_skb(skb_resp_len, GFP_KERNEL);
2103	if (!skb_resp) {
2104		rc = -ENOMEM;
2105		goto error_frame;
2106	}
2107
2108	in_frame = (struct pn533_frame *) skb_resp->data;
2109	out_frame = (struct pn533_frame *) skb_cmd->data;
2110
2111	arg->skb_resp = skb_resp;
2112	arg->skb_out = skb_cmd;
2113
2114	rc = __pn533_send_cmd_frame_async(dev, out_frame, in_frame,
2115					  skb_resp_len,
2116					  pn533_data_exchange_complete,
2117					  dev->cmd_complete_arg, GFP_KERNEL);
2118	if (!rc)
2119		return;
2120
2121	nfc_dev_err(&dev->interface->dev, "Error %d when trying to"
2122						" perform data_exchange", rc);
2123
2124	kfree_skb(skb_resp);
2125
2126error_frame:
2127	kfree_skb(skb_cmd);
2128
2129error_cmd:
2130	pn533_send_ack(dev, GFP_KERNEL);
2131
2132	kfree(arg);
2133
2134	mutex_unlock(&dev->cmd_lock);
2135}
2136
2137static int pn533_set_configuration(struct pn533 *dev, u8 cfgitem, u8 *cfgdata,
2138								u8 cfgdata_len)
2139{
2140	int rc;
2141	u8 *params;
2142
2143	nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2144
2145	pn533_tx_frame_init(dev->out_frame, PN533_CMD_RF_CONFIGURATION);
2146
2147	params = PN533_FRAME_CMD_PARAMS_PTR(dev->out_frame);
2148	params[0] = cfgitem;
2149	memcpy(&params[1], cfgdata, cfgdata_len);
2150	dev->out_frame->datalen += (1 + cfgdata_len);
2151
2152	pn533_tx_frame_finish(dev->out_frame);
2153
2154	rc = pn533_send_cmd_frame_sync(dev, dev->out_frame, dev->in_frame,
2155								dev->in_maxlen);
2156
2157	return rc;
2158}
2159
2160static int pn533_fw_reset(struct pn533 *dev)
2161{
2162	int rc;
2163	u8 *params;
2164
2165	nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2166
2167	pn533_tx_frame_init(dev->out_frame, 0x18);
2168
2169	params = PN533_FRAME_CMD_PARAMS_PTR(dev->out_frame);
2170	params[0] = 0x1;
2171	dev->out_frame->datalen += 1;
2172
2173	pn533_tx_frame_finish(dev->out_frame);
2174
2175	rc = pn533_send_cmd_frame_sync(dev, dev->out_frame, dev->in_frame,
2176				       dev->in_maxlen);
2177
2178	return rc;
2179}
2180
2181static struct nfc_ops pn533_nfc_ops = {
2182	.dev_up = NULL,
2183	.dev_down = NULL,
2184	.dep_link_up = pn533_dep_link_up,
2185	.dep_link_down = pn533_dep_link_down,
2186	.start_poll = pn533_start_poll,
2187	.stop_poll = pn533_stop_poll,
2188	.activate_target = pn533_activate_target,
2189	.deactivate_target = pn533_deactivate_target,
2190	.im_transceive = pn533_transceive,
2191	.tm_send = pn533_tm_send,
2192};
2193
2194static int pn533_setup(struct pn533 *dev)
2195{
2196	struct pn533_config_max_retries max_retries;
2197	struct pn533_config_timing timing;
2198	u8 pasori_cfg[3] = {0x08, 0x01, 0x08};
2199	int rc;
2200
2201	switch (dev->device_type) {
2202	case PN533_DEVICE_STD:
2203		max_retries.mx_rty_atr = PN533_CONFIG_MAX_RETRIES_ENDLESS;
2204		max_retries.mx_rty_psl = 2;
2205		max_retries.mx_rty_passive_act =
2206			PN533_CONFIG_MAX_RETRIES_NO_RETRY;
2207
2208		timing.rfu = PN533_CONFIG_TIMING_102;
2209		timing.atr_res_timeout = PN533_CONFIG_TIMING_204;
2210		timing.dep_timeout = PN533_CONFIG_TIMING_409;
2211
2212		break;
2213
2214	case PN533_DEVICE_PASORI:
2215		max_retries.mx_rty_atr = 0x2;
2216		max_retries.mx_rty_psl = 0x1;
2217		max_retries.mx_rty_passive_act =
2218			PN533_CONFIG_MAX_RETRIES_NO_RETRY;
2219
2220		timing.rfu = PN533_CONFIG_TIMING_102;
2221		timing.atr_res_timeout = PN533_CONFIG_TIMING_102;
2222		timing.dep_timeout = PN533_CONFIG_TIMING_204;
2223
2224		break;
2225
2226	default:
2227		nfc_dev_err(&dev->interface->dev, "Unknown device type %d\n",
2228			    dev->device_type);
2229		return -EINVAL;
2230	}
2231
2232	rc = pn533_set_configuration(dev, PN533_CFGITEM_MAX_RETRIES,
2233				     (u8 *)&max_retries, sizeof(max_retries));
2234	if (rc) {
2235		nfc_dev_err(&dev->interface->dev,
2236			    "Error on setting MAX_RETRIES config");
2237		return rc;
2238	}
2239
2240
2241	rc = pn533_set_configuration(dev, PN533_CFGITEM_TIMING,
2242				     (u8 *)&timing, sizeof(timing));
2243	if (rc) {
2244		nfc_dev_err(&dev->interface->dev,
2245			    "Error on setting RF timings");
2246		return rc;
2247	}
2248
2249	switch (dev->device_type) {
2250	case PN533_DEVICE_STD:
2251		break;
2252
2253	case PN533_DEVICE_PASORI:
2254		pn533_fw_reset(dev);
2255
2256		rc = pn533_set_configuration(dev, PN533_CFGITEM_PASORI,
2257					     pasori_cfg, 3);
2258		if (rc) {
2259			nfc_dev_err(&dev->interface->dev,
2260				    "Error while settings PASORI config");
2261			return rc;
2262		}
2263
2264		pn533_fw_reset(dev);
2265
2266		break;
2267	}
2268
2269	return 0;
2270}
2271
2272static int pn533_probe(struct usb_interface *interface,
2273			const struct usb_device_id *id)
2274{
2275	struct pn533_fw_version *fw_ver;
2276	struct pn533 *dev;
2277	struct usb_host_interface *iface_desc;
2278	struct usb_endpoint_descriptor *endpoint;
2279	int in_endpoint = 0;
2280	int out_endpoint = 0;
2281	int rc = -ENOMEM;
2282	int i;
2283	u32 protocols;
2284
2285	dev = kzalloc(sizeof(*dev), GFP_KERNEL);
2286	if (!dev)
2287		return -ENOMEM;
2288
2289	dev->udev = usb_get_dev(interface_to_usbdev(interface));
2290	dev->interface = interface;
2291	mutex_init(&dev->cmd_lock);
2292
2293	iface_desc = interface->cur_altsetting;
2294	for (i = 0; i < iface_desc->desc.bNumEndpoints; ++i) {
2295		endpoint = &iface_desc->endpoint[i].desc;
2296
2297		if (!in_endpoint && usb_endpoint_is_bulk_in(endpoint)) {
2298			dev->in_maxlen = le16_to_cpu(endpoint->wMaxPacketSize);
2299			in_endpoint = endpoint->bEndpointAddress;
2300		}
2301
2302		if (!out_endpoint && usb_endpoint_is_bulk_out(endpoint)) {
2303			dev->out_maxlen =
2304				le16_to_cpu(endpoint->wMaxPacketSize);
2305			out_endpoint = endpoint->bEndpointAddress;
2306		}
2307	}
2308
2309	if (!in_endpoint || !out_endpoint) {
2310		nfc_dev_err(&interface->dev, "Could not find bulk-in or"
2311							" bulk-out endpoint");
2312		rc = -ENODEV;
2313		goto error;
2314	}
2315
2316	dev->in_frame = kmalloc(dev->in_maxlen, GFP_KERNEL);
2317	dev->in_urb = usb_alloc_urb(0, GFP_KERNEL);
2318	dev->out_frame = kmalloc(dev->out_maxlen, GFP_KERNEL);
2319	dev->out_urb = usb_alloc_urb(0, GFP_KERNEL);
2320
2321	if (!dev->in_frame || !dev->out_frame ||
2322		!dev->in_urb || !dev->out_urb)
2323		goto error;
2324
2325	usb_fill_bulk_urb(dev->in_urb, dev->udev,
2326			usb_rcvbulkpipe(dev->udev, in_endpoint),
2327			NULL, 0, NULL, dev);
2328	usb_fill_bulk_urb(dev->out_urb, dev->udev,
2329			usb_sndbulkpipe(dev->udev, out_endpoint),
2330			NULL, 0,
2331			pn533_send_complete, dev);
2332
2333	INIT_WORK(&dev->cmd_work, pn533_wq_cmd_complete);
2334	INIT_WORK(&dev->mi_work, pn533_wq_mi_recv);
2335	INIT_WORK(&dev->tg_work, pn533_wq_tg_get_data);
2336	INIT_WORK(&dev->poll_work, pn533_wq_poll);
2337	dev->wq = alloc_workqueue("pn533",
2338				  WQ_NON_REENTRANT | WQ_UNBOUND | WQ_MEM_RECLAIM,
2339				  1);
2340	if (dev->wq == NULL)
2341		goto error;
2342
2343	init_timer(&dev->listen_timer);
2344	dev->listen_timer.data = (unsigned long) dev;
2345	dev->listen_timer.function = pn533_listen_mode_timer;
2346
2347	skb_queue_head_init(&dev->resp_q);
2348
2349	usb_set_intfdata(interface, dev);
2350
2351	pn533_tx_frame_init(dev->out_frame, PN533_CMD_GET_FIRMWARE_VERSION);
2352	pn533_tx_frame_finish(dev->out_frame);
2353
2354	rc = pn533_send_cmd_frame_sync(dev, dev->out_frame, dev->in_frame,
2355								dev->in_maxlen);
2356	if (rc)
2357		goto destroy_wq;
2358
2359	fw_ver = (struct pn533_fw_version *)
2360				PN533_FRAME_CMD_PARAMS_PTR(dev->in_frame);
2361	nfc_dev_info(&dev->interface->dev, "NXP PN533 firmware ver %d.%d now"
2362					" attached", fw_ver->ver, fw_ver->rev);
2363
2364	dev->device_type = id->driver_info;
2365	switch (dev->device_type) {
2366	case PN533_DEVICE_STD:
2367		protocols = PN533_ALL_PROTOCOLS;
2368		break;
2369
2370	case PN533_DEVICE_PASORI:
2371		protocols = PN533_NO_TYPE_B_PROTOCOLS;
2372		break;
2373
2374	default:
2375		nfc_dev_err(&dev->interface->dev, "Unknown device type %d\n",
2376			    dev->device_type);
2377		rc = -EINVAL;
2378		goto destroy_wq;
2379	}
2380
2381	dev->nfc_dev = nfc_allocate_device(&pn533_nfc_ops, protocols,
2382					   PN533_CMD_DATAEXCH_HEAD_LEN,
2383					   PN533_FRAME_TAIL_SIZE);
2384	if (!dev->nfc_dev)
2385		goto destroy_wq;
2386
2387	nfc_set_parent_dev(dev->nfc_dev, &interface->dev);
2388	nfc_set_drvdata(dev->nfc_dev, dev);
2389
2390	rc = nfc_register_device(dev->nfc_dev);
2391	if (rc)
2392		goto free_nfc_dev;
2393
2394	rc = pn533_setup(dev);
2395	if (rc)
2396		goto unregister_nfc_dev;
2397
2398	return 0;
2399
2400unregister_nfc_dev:
2401	nfc_unregister_device(dev->nfc_dev);
2402
2403free_nfc_dev:
2404	nfc_free_device(dev->nfc_dev);
2405
2406destroy_wq:
2407	destroy_workqueue(dev->wq);
2408error:
2409	kfree(dev->in_frame);
2410	usb_free_urb(dev->in_urb);
2411	kfree(dev->out_frame);
2412	usb_free_urb(dev->out_urb);
2413	kfree(dev);
2414	return rc;
2415}
2416
2417static void pn533_disconnect(struct usb_interface *interface)
2418{
2419	struct pn533 *dev;
2420
2421	dev = usb_get_intfdata(interface);
2422	usb_set_intfdata(interface, NULL);
2423
2424	nfc_unregister_device(dev->nfc_dev);
2425	nfc_free_device(dev->nfc_dev);
2426
2427	usb_kill_urb(dev->in_urb);
2428	usb_kill_urb(dev->out_urb);
2429
2430	destroy_workqueue(dev->wq);
2431
2432	skb_queue_purge(&dev->resp_q);
2433
2434	del_timer(&dev->listen_timer);
2435
2436	kfree(dev->in_frame);
2437	usb_free_urb(dev->in_urb);
2438	kfree(dev->out_frame);
2439	usb_free_urb(dev->out_urb);
2440	kfree(dev);
2441
2442	nfc_dev_info(&interface->dev, "NXP PN533 NFC device disconnected");
2443}
2444
2445static struct usb_driver pn533_driver = {
2446	.name =		"pn533",
2447	.probe =	pn533_probe,
2448	.disconnect =	pn533_disconnect,
2449	.id_table =	pn533_table,
2450};
2451
2452module_usb_driver(pn533_driver);
2453
2454MODULE_AUTHOR("Lauro Ramos Venancio <lauro.venancio@openbossa.org>,"
2455			" Aloisio Almeida Jr <aloisio.almeida@openbossa.org>");
2456MODULE_DESCRIPTION("PN533 usb driver ver " VERSION);
2457MODULE_VERSION(VERSION);
2458MODULE_LICENSE("GPL");
Configure Feed

Configure Feed
