drivers/nfc/pn533.c

   1 /*
   2  * Copyright (C) 2011 Instituto Nokia de Tecnologia
   3  *
   4  * Authors:
   5  *    Lauro Ramos Venancio <lauro.venancio@openbossa.org>
   6  *    Aloisio Almeida Jr <aloisio.almeida@openbossa.org>
   7  *
   8  * This program is free software; you can redistribute it and/or modify
   9  * it under the terms of the GNU General Public License as published by
  10  * the Free Software Foundation; either version 2 of the License, or
  11  * (at your option) any later version.
  12  *
  13  * This program is distributed in the hope that it will be useful,
  14  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  15  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  16  * GNU General Public License for more details.
  17  *
  18  * You should have received a copy of the GNU General Public License
  19  * along with this program; if not, write to the
  20  * Free Software Foundation, Inc.,
  21  * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
  22  */
  23
  24 #include <linux/device.h>
  25 #include <linux/kernel.h>
  26 #include <linux/module.h>
  27 #include <linux/slab.h>
  28 #include <linux/usb.h>
  29 #include <linux/nfc.h>
  30 #include <linux/netdevice.h>
  31 #include <net/nfc/nfc.h>
  32
  33 #define VERSION "0.1"
  34
  35 #define PN533_VENDOR_ID 0x4CC
  36 #define PN533_PRODUCT_ID 0x2533
  37
  38 #define SCM_VENDOR_ID 0x4E6
  39 #define SCL3711_PRODUCT_ID 0x5591
  40
  41 #define SONY_VENDOR_ID         0x054c
  42 #define PASORI_PRODUCT_ID      0x02e1
  43
  44 #define PN533_QUIRKS_TYPE_A          BIT(0)
  45 #define PN533_QUIRKS_TYPE_F          BIT(1)
  46 #define PN533_QUIRKS_DEP             BIT(2)
  47 #define PN533_QUIRKS_RAW_EXCHANGE    BIT(3)
  48
  49 #define PN533_DEVICE_STD    0x1
  50 #define PN533_DEVICE_PASORI 0x2
  51
  52 #define PN533_ALL_PROTOCOLS (NFC_PROTO_JEWEL_MASK | NFC_PROTO_MIFARE_MASK |\
  53                              NFC_PROTO_FELICA_MASK | NFC_PROTO_ISO14443_MASK |\
  54                              NFC_PROTO_NFC_DEP_MASK |\
  55                              NFC_PROTO_ISO14443_B_MASK)
  56
  57 #define PN533_NO_TYPE_B_PROTOCOLS (NFC_PROTO_JEWEL_MASK | \
  58                                    NFC_PROTO_MIFARE_MASK | \
  59                                    NFC_PROTO_FELICA_MASK | \
  60                                    NFC_PROTO_ISO14443_MASK | \
  61                                    NFC_PROTO_NFC_DEP_MASK)
  62
  63 static const struct usb_device_id pn533_table[] = {
  64         { .match_flags          = USB_DEVICE_ID_MATCH_DEVICE,
  65           .idVendor             = PN533_VENDOR_ID,
  66           .idProduct            = PN533_PRODUCT_ID,
  67           .driver_info          = PN533_DEVICE_STD,
  68         },
  69         { .match_flags          = USB_DEVICE_ID_MATCH_DEVICE,
  70           .idVendor             = SCM_VENDOR_ID,
  71           .idProduct            = SCL3711_PRODUCT_ID,
  72           .driver_info          = PN533_DEVICE_STD,
  73         },
  74         { .match_flags          = USB_DEVICE_ID_MATCH_DEVICE,
  75           .idVendor             = SONY_VENDOR_ID,
  76           .idProduct            = PASORI_PRODUCT_ID,
  77           .driver_info          = PN533_DEVICE_PASORI,
  78         },
  79         { }
  80 };
  81 MODULE_DEVICE_TABLE(usb, pn533_table);
  82
  83 /* How much time we spend listening for initiators */
  84 #define PN533_LISTEN_TIME 2
  85
  86 /* frame definitions */
  87 #define PN533_FRAME_TAIL_SIZE 2
  88 #define PN533_FRAME_SIZE(f) (sizeof(struct pn533_frame) + f->datalen + \
  89                                 PN533_FRAME_TAIL_SIZE)
  90 #define PN533_FRAME_ACK_SIZE (sizeof(struct pn533_frame) + 1)
  91 #define PN533_FRAME_CHECKSUM(f) (f->data[f->datalen])
  92 #define PN533_FRAME_POSTAMBLE(f) (f->data[f->datalen + 1])
  93
  94 /* start of frame */
  95 #define PN533_SOF 0x00FF
  96
  97 /* frame identifier: in/out/error */
  98 #define PN533_FRAME_IDENTIFIER(f) (f->data[0])
  99 #define PN533_DIR_OUT 0xD4
 100 #define PN533_DIR_IN 0xD5
 101
 102 /* PN533 Commands */
 103 #define PN533_FRAME_CMD(f) (f->data[1])
 104 #define PN533_FRAME_CMD_PARAMS_PTR(f) (&f->data[2])
 105 #define PN533_FRAME_CMD_PARAMS_LEN(f) (f->datalen - 2)
 106
 107 #define PN533_CMD_GET_FIRMWARE_VERSION 0x02
 108 #define PN533_CMD_RF_CONFIGURATION 0x32
 109 #define PN533_CMD_IN_DATA_EXCHANGE 0x40
 110 #define PN533_CMD_IN_COMM_THRU     0x42
 111 #define PN533_CMD_IN_LIST_PASSIVE_TARGET 0x4A
 112 #define PN533_CMD_IN_ATR 0x50
 113 #define PN533_CMD_IN_RELEASE 0x52
 114 #define PN533_CMD_IN_JUMP_FOR_DEP 0x56
 115
 116 #define PN533_CMD_TG_INIT_AS_TARGET 0x8c
 117 #define PN533_CMD_TG_GET_DATA 0x86
 118 #define PN533_CMD_TG_SET_DATA 0x8e
 119
 120 #define PN533_CMD_RESPONSE(cmd) (cmd + 1)
 121
 122 /* PN533 Return codes */
 123 #define PN533_CMD_RET_MASK 0x3F
 124 #define PN533_CMD_MI_MASK 0x40
 125 #define PN533_CMD_RET_SUCCESS 0x00
 126
 127 /* PN533 status codes */
 128 #define PN533_STATUS_TARGET_RELEASED 0x29
 129
 130 struct pn533;
 131
 132 typedef int (*pn533_cmd_complete_t) (struct pn533 *dev, void *arg,
 133                                         u8 *params, int params_len);
 134
 135 /* structs for pn533 commands */
 136
 137 /* PN533_CMD_GET_FIRMWARE_VERSION */
 138 struct pn533_fw_version {
 139         u8 ic;
 140         u8 ver;
 141         u8 rev;
 142         u8 support;
 143 };
 144
 145 /* PN533_CMD_RF_CONFIGURATION */
 146 #define PN533_CFGITEM_TIMING 0x02
 147 #define PN533_CFGITEM_MAX_RETRIES 0x05
 148 #define PN533_CFGITEM_PASORI 0x82
 149
 150 #define PN533_CONFIG_TIMING_102 0xb
 151 #define PN533_CONFIG_TIMING_204 0xc
 152 #define PN533_CONFIG_TIMING_409 0xd
 153 #define PN533_CONFIG_TIMING_819 0xe
 154
 155 #define PN533_CONFIG_MAX_RETRIES_NO_RETRY 0x00
 156 #define PN533_CONFIG_MAX_RETRIES_ENDLESS 0xFF
 157
 158 struct pn533_config_max_retries {
 159         u8 mx_rty_atr;
 160         u8 mx_rty_psl;
 161         u8 mx_rty_passive_act;
 162 } __packed;
 163
 164 struct pn533_config_timing {
 165         u8 rfu;
 166         u8 atr_res_timeout;
 167         u8 dep_timeout;
 168 } __packed;
 169
 170 /* PN533_CMD_IN_LIST_PASSIVE_TARGET */
 171
 172 /* felica commands opcode */
 173 #define PN533_FELICA_OPC_SENSF_REQ 0
 174 #define PN533_FELICA_OPC_SENSF_RES 1
 175 /* felica SENSF_REQ parameters */
 176 #define PN533_FELICA_SENSF_SC_ALL 0xFFFF
 177 #define PN533_FELICA_SENSF_RC_NO_SYSTEM_CODE 0
 178 #define PN533_FELICA_SENSF_RC_SYSTEM_CODE 1
 179 #define PN533_FELICA_SENSF_RC_ADVANCED_PROTOCOL 2
 180
 181 /* type B initiator_data values */
 182 #define PN533_TYPE_B_AFI_ALL_FAMILIES 0
 183 #define PN533_TYPE_B_POLL_METHOD_TIMESLOT 0
 184 #define PN533_TYPE_B_POLL_METHOD_PROBABILISTIC 1
 185
 186 union pn533_cmd_poll_initdata {
 187         struct {
 188                 u8 afi;
 189                 u8 polling_method;
 190         } __packed type_b;
 191         struct {
 192                 u8 opcode;
 193                 __be16 sc;
 194                 u8 rc;
 195                 u8 tsn;
 196         } __packed felica;
 197 };
 198
 199 /* Poll modulations */
 200 enum {
 201         PN533_POLL_MOD_106KBPS_A,
 202         PN533_POLL_MOD_212KBPS_FELICA,
 203         PN533_POLL_MOD_424KBPS_FELICA,
 204         PN533_POLL_MOD_106KBPS_JEWEL,
 205         PN533_POLL_MOD_847KBPS_B,
 206         PN533_LISTEN_MOD,
 207
 208         __PN533_POLL_MOD_AFTER_LAST,
 209 };
 210 #define PN533_POLL_MOD_MAX (__PN533_POLL_MOD_AFTER_LAST - 1)
 211
 212 struct pn533_poll_modulations {
 213         struct {
 214                 u8 maxtg;
 215                 u8 brty;
 216                 union pn533_cmd_poll_initdata initiator_data;
 217         } __packed data;
 218         u8 len;
 219 };
 220
 221 const struct pn533_poll_modulations poll_mod[] = {
 222         [PN533_POLL_MOD_106KBPS_A] = {
 223                 .data = {
 224                         .maxtg = 1,
 225                         .brty = 0,
 226                 },
 227                 .len = 2,
 228         },
 229         [PN533_POLL_MOD_212KBPS_FELICA] = {
 230                 .data = {
 231                         .maxtg = 1,
 232                         .brty = 1,
 233                         .initiator_data.felica = {
 234                                 .opcode = PN533_FELICA_OPC_SENSF_REQ,
 235                                 .sc = PN533_FELICA_SENSF_SC_ALL,
 236                                 .rc = PN533_FELICA_SENSF_RC_NO_SYSTEM_CODE,
 237                                 .tsn = 0,
 238                         },
 239                 },
 240                 .len = 7,
 241         },
 242         [PN533_POLL_MOD_424KBPS_FELICA] = {
 243                 .data = {
 244                         .maxtg = 1,
 245                         .brty = 2,
 246                         .initiator_data.felica = {
 247                                 .opcode = PN533_FELICA_OPC_SENSF_REQ,
 248                                 .sc = PN533_FELICA_SENSF_SC_ALL,
 249                                 .rc = PN533_FELICA_SENSF_RC_NO_SYSTEM_CODE,
 250                                 .tsn = 0,
 251                         },
 252                  },
 253                 .len = 7,
 254         },
 255         [PN533_POLL_MOD_106KBPS_JEWEL] = {
 256                 .data = {
 257                         .maxtg = 1,
 258                         .brty = 4,
 259                 },
 260                 .len = 2,
 261         },
 262         [PN533_POLL_MOD_847KBPS_B] = {
 263                 .data = {
 264                         .maxtg = 1,
 265                         .brty = 8,
 266                         .initiator_data.type_b = {
 267                                 .afi = PN533_TYPE_B_AFI_ALL_FAMILIES,
 268                                 .polling_method =
 269                                         PN533_TYPE_B_POLL_METHOD_TIMESLOT,
 270                         },
 271                 },
 272                 .len = 3,
 273         },
 274         [PN533_LISTEN_MOD] = {
 275                 .len = 0,
 276         },
 277 };
 278
 279 /* PN533_CMD_IN_ATR */
 280
 281 struct pn533_cmd_activate_param {
 282         u8 tg;
 283         u8 next;
 284 } __packed;
 285
 286 struct pn533_cmd_activate_response {
 287         u8 status;
 288         u8 nfcid3t[10];
 289         u8 didt;
 290         u8 bst;
 291         u8 brt;
 292         u8 to;
 293         u8 ppt;
 294         /* optional */
 295         u8 gt[];
 296 } __packed;
 297
 298 /* PN533_CMD_IN_JUMP_FOR_DEP */
 299 struct pn533_cmd_jump_dep {
 300         u8 active;
 301         u8 baud;
 302         u8 next;
 303         u8 data[];
 304 } __packed;
 305
 306 struct pn533_cmd_jump_dep_response {
 307         u8 status;
 308         u8 tg;
 309         u8 nfcid3t[10];
 310         u8 didt;
 311         u8 bst;
 312         u8 brt;
 313         u8 to;
 314         u8 ppt;
 315         /* optional */
 316         u8 gt[];
 317 } __packed;
 318
 319
 320 /* PN533_TG_INIT_AS_TARGET */
 321 #define PN533_INIT_TARGET_PASSIVE 0x1
 322 #define PN533_INIT_TARGET_DEP 0x2
 323
 324 #define PN533_INIT_TARGET_RESP_FRAME_MASK 0x3
 325 #define PN533_INIT_TARGET_RESP_ACTIVE     0x1
 326 #define PN533_INIT_TARGET_RESP_DEP        0x4
 327
 328 struct pn533_cmd_init_target {
 329         u8 mode;
 330         u8 mifare[6];
 331         u8 felica[18];
 332         u8 nfcid3[10];
 333         u8 gb_len;
 334         u8 gb[];
 335 } __packed;
 336
 337 struct pn533_cmd_init_target_response {
 338         u8 mode;
 339         u8 cmd[];
 340 } __packed;
 341
 342 struct pn533 {
 343         struct usb_device *udev;
 344         struct usb_interface *interface;
 345         struct nfc_dev *nfc_dev;
 346
 347         struct urb *out_urb;
 348         int out_maxlen;
 349         struct pn533_frame *out_frame;
 350
 351         struct urb *in_urb;
 352         int in_maxlen;
 353         struct pn533_frame *in_frame;
 354
 355         struct sk_buff_head resp_q;
 356
 357         struct workqueue_struct *wq;
 358         struct work_struct cmd_work;
 359         struct work_struct cmd_complete_work;
 360         struct work_struct poll_work;
 361         struct work_struct mi_work;
 362         struct work_struct tg_work;
 363         struct timer_list listen_timer;
 364         struct pn533_frame *wq_in_frame;
 365         int wq_in_error;
 366         int cancel_listen;
 367
 368         pn533_cmd_complete_t cmd_complete;
 369         void *cmd_complete_arg;
 370         struct mutex cmd_lock;
 371         u8 cmd;
 372
 373         struct pn533_poll_modulations *poll_mod_active[PN533_POLL_MOD_MAX + 1];
 374         u8 poll_mod_count;
 375         u8 poll_mod_curr;
 376         u32 poll_protocols;
 377         u32 listen_protocols;
 378
 379         u8 *gb;
 380         size_t gb_len;
 381
 382         u8 tgt_available_prots;
 383         u8 tgt_active_prot;
 384         u8 tgt_mode;
 385
 386         u32 device_type;
 387
 388         struct list_head cmd_queue;
 389         u8 cmd_pending;
 390 };
 391
 392 struct pn533_cmd {
 393         struct list_head queue;
 394         struct pn533_frame *out_frame;
 395         struct pn533_frame *in_frame;
 396         int in_frame_len;
 397         pn533_cmd_complete_t cmd_complete;
 398         void *arg;
 399         gfp_t flags;
 400 };
 401
 402 struct pn533_frame {
 403         u8 preamble;
 404         __be16 start_frame;
 405         u8 datalen;
 406         u8 datalen_checksum;
 407         u8 data[];
 408 } __packed;
 409
 410 /* The rule: value + checksum = 0 */
 411 static inline u8 pn533_checksum(u8 value)
 412 {
 413         return ~value + 1;
 414 }
 415
 416 /* The rule: sum(data elements) + checksum = 0 */
 417 static u8 pn533_data_checksum(u8 *data, int datalen)
 418 {
 419         u8 sum = 0;
 420         int i;
 421
 422         for (i = 0; i < datalen; i++)
 423                 sum += data[i];
 424
 425         return pn533_checksum(sum);
 426 }
 427
 428 /**
 429  * pn533_tx_frame_ack - create a ack frame
 430  * @frame:      The frame to be set as ack
 431  *
 432  * Ack is different type of standard frame. As a standard frame, it has
 433  * preamble and start_frame. However the checksum of this frame must fail,
 434  * i.e. datalen + datalen_checksum must NOT be zero. When the checksum test
 435  * fails and datalen = 0 and datalen_checksum = 0xFF, the frame is a ack.
 436  * After datalen_checksum field, the postamble is placed.
 437  */
 438 static void pn533_tx_frame_ack(struct pn533_frame *frame)
 439 {
 440         frame->preamble = 0;
 441         frame->start_frame = cpu_to_be16(PN533_SOF);
 442         frame->datalen = 0;
 443         frame->datalen_checksum = 0xFF;
 444         /* data[0] is used as postamble */
 445         frame->data[0] = 0;
 446 }
 447
 448 static void pn533_tx_frame_init(struct pn533_frame *frame, u8 cmd)
 449 {
 450         frame->preamble = 0;
 451         frame->start_frame = cpu_to_be16(PN533_SOF);
 452         PN533_FRAME_IDENTIFIER(frame) = PN533_DIR_OUT;
 453         PN533_FRAME_CMD(frame) = cmd;
 454         frame->datalen = 2;
 455 }
 456
 457 static void pn533_tx_frame_finish(struct pn533_frame *frame)
 458 {
 459         frame->datalen_checksum = pn533_checksum(frame->datalen);
 460
 461         PN533_FRAME_CHECKSUM(frame) =
 462                 pn533_data_checksum(frame->data, frame->datalen);
 463
 464         PN533_FRAME_POSTAMBLE(frame) = 0;
 465 }
 466
 467 static bool pn533_rx_frame_is_valid(struct pn533_frame *frame)
 468 {
 469         u8 checksum;
 470
 471         if (frame->start_frame != cpu_to_be16(PN533_SOF))
 472                 return false;
 473
 474         checksum = pn533_checksum(frame->datalen);
 475         if (checksum != frame->datalen_checksum)
 476                 return false;
 477
 478         checksum = pn533_data_checksum(frame->data, frame->datalen);
 479         if (checksum != PN533_FRAME_CHECKSUM(frame))
 480                 return false;
 481
 482         return true;
 483 }
 484
 485 static bool pn533_rx_frame_is_ack(struct pn533_frame *frame)
 486 {
 487         if (frame->start_frame != cpu_to_be16(PN533_SOF))
 488                 return false;
 489
 490         if (frame->datalen != 0 || frame->datalen_checksum != 0xFF)
 491                 return false;
 492
 493         return true;
 494 }
 495
 496 static bool pn533_rx_frame_is_cmd_response(struct pn533_frame *frame, u8 cmd)
 497 {
 498         return (PN533_FRAME_CMD(frame) == PN533_CMD_RESPONSE(cmd));
 499 }
 500
 501
 502 static void pn533_wq_cmd_complete(struct work_struct *work)
 503 {
 504         struct pn533 *dev = container_of(work, struct pn533, cmd_complete_work);
 505         struct pn533_frame *in_frame;
 506         int rc;
 507
 508         in_frame = dev->wq_in_frame;
 509
 510         if (dev->wq_in_error)
 511                 rc = dev->cmd_complete(dev, dev->cmd_complete_arg, NULL,
 512                                                         dev->wq_in_error);
 513         else
 514                 rc = dev->cmd_complete(dev, dev->cmd_complete_arg,
 515                                         PN533_FRAME_CMD_PARAMS_PTR(in_frame),
 516                                         PN533_FRAME_CMD_PARAMS_LEN(in_frame));
 517
 518         if (rc != -EINPROGRESS)
 519                 queue_work(dev->wq, &dev->cmd_work);
 520 }
 521
 522 static void pn533_recv_response(struct urb *urb)
 523 {
 524         struct pn533 *dev = urb->context;
 525         struct pn533_frame *in_frame;
 526
 527         dev->wq_in_frame = NULL;
 528
 529         switch (urb->status) {
 530         case 0:
 531                 /* success */
 532                 break;
 533         case -ECONNRESET:
 534         case -ENOENT:
 535         case -ESHUTDOWN:
 536                 nfc_dev_dbg(&dev->interface->dev, "Urb shutting down with"
 537                                                 " status: %d", urb->status);
 538                 dev->wq_in_error = urb->status;
 539                 goto sched_wq;
 540         default:
 541                 nfc_dev_err(&dev->interface->dev, "Nonzero urb status received:"
 542                                                         " %d", urb->status);
 543                 dev->wq_in_error = urb->status;
 544                 goto sched_wq;
 545         }
 546
 547         in_frame = dev->in_urb->transfer_buffer;
 548
 549         if (!pn533_rx_frame_is_valid(in_frame)) {
 550                 nfc_dev_err(&dev->interface->dev, "Received an invalid frame");
 551                 dev->wq_in_error = -EIO;
 552                 goto sched_wq;
 553         }
 554
 555         if (!pn533_rx_frame_is_cmd_response(in_frame, dev->cmd)) {
 556                 nfc_dev_err(&dev->interface->dev, "The received frame is not "
 557                                                 "response to the last command");
 558                 dev->wq_in_error = -EIO;
 559                 goto sched_wq;
 560         }
 561
 562         nfc_dev_dbg(&dev->interface->dev, "Received a valid frame");
 563         dev->wq_in_error = 0;
 564         dev->wq_in_frame = in_frame;
 565
 566 sched_wq:
 567         queue_work(dev->wq, &dev->cmd_complete_work);
 568 }
 569
 570 static int pn533_submit_urb_for_response(struct pn533 *dev, gfp_t flags)
 571 {
 572         dev->in_urb->complete = pn533_recv_response;
 573
 574         return usb_submit_urb(dev->in_urb, flags);
 575 }
 576
 577 static void pn533_recv_ack(struct urb *urb)
 578 {
 579         struct pn533 *dev = urb->context;
 580         struct pn533_frame *in_frame;
 581         int rc;
 582
 583         switch (urb->status) {
 584         case 0:
 585                 /* success */
 586                 break;
 587         case -ECONNRESET:
 588         case -ENOENT:
 589         case -ESHUTDOWN:
 590                 nfc_dev_dbg(&dev->interface->dev, "Urb shutting down with"
 591                                                 " status: %d", urb->status);
 592                 dev->wq_in_error = urb->status;
 593                 goto sched_wq;
 594         default:
 595                 nfc_dev_err(&dev->interface->dev, "Nonzero urb status received:"
 596                                                         " %d", urb->status);
 597                 dev->wq_in_error = urb->status;
 598                 goto sched_wq;
 599         }
 600
 601         in_frame = dev->in_urb->transfer_buffer;
 602
 603         if (!pn533_rx_frame_is_ack(in_frame)) {
 604                 nfc_dev_err(&dev->interface->dev, "Received an invalid ack");
 605                 dev->wq_in_error = -EIO;
 606                 goto sched_wq;
 607         }
 608
 609         nfc_dev_dbg(&dev->interface->dev, "Received a valid ack");
 610
 611         rc = pn533_submit_urb_for_response(dev, GFP_ATOMIC);
 612         if (rc) {
 613                 nfc_dev_err(&dev->interface->dev, "usb_submit_urb failed with"
 614                                                         " result %d", rc);
 615                 dev->wq_in_error = rc;
 616                 goto sched_wq;
 617         }
 618
 619         return;
 620
 621 sched_wq:
 622         dev->wq_in_frame = NULL;
 623         queue_work(dev->wq, &dev->cmd_complete_work);
 624 }
 625
 626 static int pn533_submit_urb_for_ack(struct pn533 *dev, gfp_t flags)
 627 {
 628         dev->in_urb->complete = pn533_recv_ack;
 629
 630         return usb_submit_urb(dev->in_urb, flags);
 631 }
 632
 633 static int pn533_send_ack(struct pn533 *dev, gfp_t flags)
 634 {
 635         int rc;
 636
 637         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
 638
 639         pn533_tx_frame_ack(dev->out_frame);
 640
 641         dev->out_urb->transfer_buffer = dev->out_frame;
 642         dev->out_urb->transfer_buffer_length = PN533_FRAME_ACK_SIZE;
 643         rc = usb_submit_urb(dev->out_urb, flags);
 644
 645         return rc;
 646 }
 647
 648 static int __pn533_send_cmd_frame_async(struct pn533 *dev,
 649                                         struct pn533_frame *out_frame,
 650                                         struct pn533_frame *in_frame,
 651                                         int in_frame_len,
 652                                         pn533_cmd_complete_t cmd_complete,
 653                                         void *arg, gfp_t flags)
 654 {
 655         int rc;
 656
 657         nfc_dev_dbg(&dev->interface->dev, "Sending command 0x%x",
 658                                                 PN533_FRAME_CMD(out_frame));
 659
 660         dev->cmd = PN533_FRAME_CMD(out_frame);
 661         dev->cmd_complete = cmd_complete;
 662         dev->cmd_complete_arg = arg;
 663
 664         dev->out_urb->transfer_buffer = out_frame;
 665         dev->out_urb->transfer_buffer_length =
 666                                 PN533_FRAME_SIZE(out_frame);
 667
 668         dev->in_urb->transfer_buffer = in_frame;
 669         dev->in_urb->transfer_buffer_length = in_frame_len;
 670
 671         rc = usb_submit_urb(dev->out_urb, flags);
 672         if (rc)
 673                 return rc;
 674
 675         rc = pn533_submit_urb_for_ack(dev, flags);
 676         if (rc)
 677                 goto error;
 678
 679         return 0;
 680
 681 error:
 682         usb_unlink_urb(dev->out_urb);
 683         return rc;
 684 }
 685
 686 static void pn533_wq_cmd(struct work_struct *work)
 687 {
 688         struct pn533 *dev = container_of(work, struct pn533, cmd_work);
 689         struct pn533_cmd *cmd;
 690
 691         mutex_lock(&dev->cmd_lock);
 692
 693         if (list_empty(&dev->cmd_queue)) {
 694                 dev->cmd_pending = 0;
 695                 mutex_unlock(&dev->cmd_lock);
 696                 return;
 697         }
 698
 699         cmd = list_first_entry(&dev->cmd_queue, struct pn533_cmd, queue);
 700
 701         list_del(&cmd->queue);
 702
 703         mutex_unlock(&dev->cmd_lock);
 704
 705         __pn533_send_cmd_frame_async(dev, cmd->out_frame, cmd->in_frame,
 706                                      cmd->in_frame_len, cmd->cmd_complete,
 707                                      cmd->arg, cmd->flags);
 708
 709         kfree(cmd);
 710 }
 711
 712 static int pn533_send_cmd_frame_async(struct pn533 *dev,
 713                                         struct pn533_frame *out_frame,
 714                                         struct pn533_frame *in_frame,
 715                                         int in_frame_len,
 716                                         pn533_cmd_complete_t cmd_complete,
 717                                         void *arg, gfp_t flags)
 718 {
 719         struct pn533_cmd *cmd;
 720         int rc = 0;
 721
 722         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
 723
 724         mutex_lock(&dev->cmd_lock);
 725
 726         if (!dev->cmd_pending) {
 727                 rc = __pn533_send_cmd_frame_async(dev, out_frame, in_frame,
 728                                                   in_frame_len, cmd_complete,
 729                                                   arg, flags);
 730                 if (!rc)
 731                         dev->cmd_pending = 1;
 732
 733                 goto unlock;
 734         }
 735
 736         nfc_dev_dbg(&dev->interface->dev, "%s Queueing command", __func__);
 737
 738         cmd = kzalloc(sizeof(struct pn533_cmd), flags);
 739         if (!cmd) {
 740                 rc = -ENOMEM;
 741                 goto unlock;
 742         }
 743
 744         INIT_LIST_HEAD(&cmd->queue);
 745         cmd->out_frame = out_frame;
 746         cmd->in_frame = in_frame;
 747         cmd->in_frame_len = in_frame_len;
 748         cmd->cmd_complete = cmd_complete;
 749         cmd->arg = arg;
 750         cmd->flags = flags;
 751
 752         list_add_tail(&cmd->queue, &dev->cmd_queue);
 753
 754 unlock:
 755         mutex_unlock(&dev->cmd_lock);
 756
 757         return rc;
 758 }
 759
 760 struct pn533_sync_cmd_response {
 761         int rc;
 762         struct completion done;
 763 };
 764
 765 static int pn533_sync_cmd_complete(struct pn533 *dev, void *_arg,
 766                                         u8 *params, int params_len)
 767 {
 768         struct pn533_sync_cmd_response *arg = _arg;
 769
 770         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
 771
 772         arg->rc = 0;
 773
 774         if (params_len < 0) /* error */
 775                 arg->rc = params_len;
 776
 777         complete(&arg->done);
 778
 779         return 0;
 780 }
 781
 782 static int pn533_send_cmd_frame_sync(struct pn533 *dev,
 783                                                 struct pn533_frame *out_frame,
 784                                                 struct pn533_frame *in_frame,
 785                                                 int in_frame_len)
 786 {
 787         int rc;
 788         struct pn533_sync_cmd_response arg;
 789
 790         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
 791
 792         init_completion(&arg.done);
 793
 794         rc = pn533_send_cmd_frame_async(dev, out_frame, in_frame, in_frame_len,
 795                                 pn533_sync_cmd_complete, &arg, GFP_KERNEL);
 796         if (rc)
 797                 return rc;
 798
 799         wait_for_completion(&arg.done);
 800
 801         return arg.rc;
 802 }
 803
 804 static void pn533_send_complete(struct urb *urb)
 805 {
 806         struct pn533 *dev = urb->context;
 807
 808         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
 809
 810         switch (urb->status) {
 811         case 0:
 812                 /* success */
 813                 break;
 814         case -ECONNRESET:
 815         case -ENOENT:
 816         case -ESHUTDOWN:
 817                 nfc_dev_dbg(&dev->interface->dev, "Urb shutting down with"
 818                                                 " status: %d", urb->status);
 819                 break;
 820         default:
 821                 nfc_dev_dbg(&dev->interface->dev, "Nonzero urb status received:"
 822                                                         " %d", urb->status);
 823         }
 824 }
 825
 826 struct pn533_target_type_a {
 827         __be16 sens_res;
 828         u8 sel_res;
 829         u8 nfcid_len;
 830         u8 nfcid_data[];
 831 } __packed;
 832
 833
 834 #define PN533_TYPE_A_SENS_RES_NFCID1(x) ((u8)((be16_to_cpu(x) & 0x00C0) >> 6))
 835 #define PN533_TYPE_A_SENS_RES_SSD(x) ((u8)((be16_to_cpu(x) & 0x001F) >> 0))
 836 #define PN533_TYPE_A_SENS_RES_PLATCONF(x) ((u8)((be16_to_cpu(x) & 0x0F00) >> 8))
 837
 838 #define PN533_TYPE_A_SENS_RES_SSD_JEWEL 0x00
 839 #define PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL 0x0C
 840
 841 #define PN533_TYPE_A_SEL_PROT(x) (((x) & 0x60) >> 5)
 842 #define PN533_TYPE_A_SEL_CASCADE(x) (((x) & 0x04) >> 2)
 843
 844 #define PN533_TYPE_A_SEL_PROT_MIFARE 0
 845 #define PN533_TYPE_A_SEL_PROT_ISO14443 1
 846 #define PN533_TYPE_A_SEL_PROT_DEP 2
 847 #define PN533_TYPE_A_SEL_PROT_ISO14443_DEP 3
 848
 849 static bool pn533_target_type_a_is_valid(struct pn533_target_type_a *type_a,
 850                                                         int target_data_len)
 851 {
 852         u8 ssd;
 853         u8 platconf;
 854
 855         if (target_data_len < sizeof(struct pn533_target_type_a))
 856                 return false;
 857
 858         /* The lenght check of nfcid[] and ats[] are not being performed because
 859            the values are not being used */
 860
 861         /* Requirement 4.6.3.3 from NFC Forum Digital Spec */
 862         ssd = PN533_TYPE_A_SENS_RES_SSD(type_a->sens_res);
 863         platconf = PN533_TYPE_A_SENS_RES_PLATCONF(type_a->sens_res);
 864
 865         if ((ssd == PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
 866                         platconf != PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL) ||
 867                         (ssd != PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
 868                         platconf == PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL))
 869                 return false;
 870
 871         /* Requirements 4.8.2.1, 4.8.2.3, 4.8.2.5 and 4.8.2.7 from NFC Forum */
 872         if (PN533_TYPE_A_SEL_CASCADE(type_a->sel_res) != 0)
 873                 return false;
 874
 875         return true;
 876 }
 877
 878 static int pn533_target_found_type_a(struct nfc_target *nfc_tgt, u8 *tgt_data,
 879                                                         int tgt_data_len)
 880 {
 881         struct pn533_target_type_a *tgt_type_a;
 882
 883         tgt_type_a = (struct pn533_target_type_a *) tgt_data;
 884
 885         if (!pn533_target_type_a_is_valid(tgt_type_a, tgt_data_len))
 886                 return -EPROTO;
 887
 888         switch (PN533_TYPE_A_SEL_PROT(tgt_type_a->sel_res)) {
 889         case PN533_TYPE_A_SEL_PROT_MIFARE:
 890                 nfc_tgt->supported_protocols = NFC_PROTO_MIFARE_MASK;
 891                 break;
 892         case PN533_TYPE_A_SEL_PROT_ISO14443:
 893                 nfc_tgt->supported_protocols = NFC_PROTO_ISO14443_MASK;
 894                 break;
 895         case PN533_TYPE_A_SEL_PROT_DEP:
 896                 nfc_tgt->supported_protocols = NFC_PROTO_NFC_DEP_MASK;
 897                 break;
 898         case PN533_TYPE_A_SEL_PROT_ISO14443_DEP:
 899                 nfc_tgt->supported_protocols = NFC_PROTO_ISO14443_MASK |
 900                                                         NFC_PROTO_NFC_DEP_MASK;
 901                 break;
 902         }
 903
 904         nfc_tgt->sens_res = be16_to_cpu(tgt_type_a->sens_res);
 905         nfc_tgt->sel_res = tgt_type_a->sel_res;
 906         nfc_tgt->nfcid1_len = tgt_type_a->nfcid_len;
 907         memcpy(nfc_tgt->nfcid1, tgt_type_a->nfcid_data, nfc_tgt->nfcid1_len);
 908
 909         return 0;
 910 }
 911
 912 struct pn533_target_felica {
 913         u8 pol_res;
 914         u8 opcode;
 915         u8 nfcid2[8];
 916         u8 pad[8];
 917         /* optional */
 918         u8 syst_code[];
 919 } __packed;
 920
 921 #define PN533_FELICA_SENSF_NFCID2_DEP_B1 0x01
 922 #define PN533_FELICA_SENSF_NFCID2_DEP_B2 0xFE
 923
 924 static bool pn533_target_felica_is_valid(struct pn533_target_felica *felica,
 925                                                         int target_data_len)
 926 {
 927         if (target_data_len < sizeof(struct pn533_target_felica))
 928                 return false;
 929
 930         if (felica->opcode != PN533_FELICA_OPC_SENSF_RES)
 931                 return false;
 932
 933         return true;
 934 }
 935
 936 static int pn533_target_found_felica(struct nfc_target *nfc_tgt, u8 *tgt_data,
 937                                                         int tgt_data_len)
 938 {
 939         struct pn533_target_felica *tgt_felica;
 940
 941         tgt_felica = (struct pn533_target_felica *) tgt_data;
 942
 943         if (!pn533_target_felica_is_valid(tgt_felica, tgt_data_len))
 944                 return -EPROTO;
 945
 946         if (tgt_felica->nfcid2[0] == PN533_FELICA_SENSF_NFCID2_DEP_B1 &&
 947                                         tgt_felica->nfcid2[1] ==
 948                                         PN533_FELICA_SENSF_NFCID2_DEP_B2)
 949                 nfc_tgt->supported_protocols = NFC_PROTO_NFC_DEP_MASK;
 950         else
 951                 nfc_tgt->supported_protocols = NFC_PROTO_FELICA_MASK;
 952
 953         memcpy(nfc_tgt->sensf_res, &tgt_felica->opcode, 9);
 954         nfc_tgt->sensf_res_len = 9;
 955
 956         return 0;
 957 }
 958
 959 struct pn533_target_jewel {
 960         __be16 sens_res;
 961         u8 jewelid[4];
 962 } __packed;
 963
 964 static bool pn533_target_jewel_is_valid(struct pn533_target_jewel *jewel,
 965                                                         int target_data_len)
 966 {
 967         u8 ssd;
 968         u8 platconf;
 969
 970         if (target_data_len < sizeof(struct pn533_target_jewel))
 971                 return false;
 972
 973         /* Requirement 4.6.3.3 from NFC Forum Digital Spec */
 974         ssd = PN533_TYPE_A_SENS_RES_SSD(jewel->sens_res);
 975         platconf = PN533_TYPE_A_SENS_RES_PLATCONF(jewel->sens_res);
 976
 977         if ((ssd == PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
 978                         platconf != PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL) ||
 979                         (ssd != PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
 980                         platconf == PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL))
 981                 return false;
 982
 983         return true;
 984 }
 985
 986 static int pn533_target_found_jewel(struct nfc_target *nfc_tgt, u8 *tgt_data,
 987                                                         int tgt_data_len)
 988 {
 989         struct pn533_target_jewel *tgt_jewel;
 990
 991         tgt_jewel = (struct pn533_target_jewel *) tgt_data;
 992
 993         if (!pn533_target_jewel_is_valid(tgt_jewel, tgt_data_len))
 994                 return -EPROTO;
 995
 996         nfc_tgt->supported_protocols = NFC_PROTO_JEWEL_MASK;
 997         nfc_tgt->sens_res = be16_to_cpu(tgt_jewel->sens_res);
 998         nfc_tgt->nfcid1_len = 4;
 999         memcpy(nfc_tgt->nfcid1, tgt_jewel->jewelid, nfc_tgt->nfcid1_len);
1000
1001         return 0;
1002 }
1003
1004 struct pn533_type_b_prot_info {
1005         u8 bitrate;
1006         u8 fsci_type;
1007         u8 fwi_adc_fo;
1008 } __packed;
1009
1010 #define PN533_TYPE_B_PROT_FCSI(x) (((x) & 0xF0) >> 4)
1011 #define PN533_TYPE_B_PROT_TYPE(x) (((x) & 0x0F) >> 0)
1012 #define PN533_TYPE_B_PROT_TYPE_RFU_MASK 0x8
1013
1014 struct pn533_type_b_sens_res {
1015         u8 opcode;
1016         u8 nfcid[4];
1017         u8 appdata[4];
1018         struct pn533_type_b_prot_info prot_info;
1019 } __packed;
1020
1021 #define PN533_TYPE_B_OPC_SENSB_RES 0x50
1022
1023 struct pn533_target_type_b {
1024         struct pn533_type_b_sens_res sensb_res;
1025         u8 attrib_res_len;
1026         u8 attrib_res[];
1027 } __packed;
1028
1029 static bool pn533_target_type_b_is_valid(struct pn533_target_type_b *type_b,
1030                                                         int target_data_len)
1031 {
1032         if (target_data_len < sizeof(struct pn533_target_type_b))
1033                 return false;
1034
1035         if (type_b->sensb_res.opcode != PN533_TYPE_B_OPC_SENSB_RES)
1036                 return false;
1037
1038         if (PN533_TYPE_B_PROT_TYPE(type_b->sensb_res.prot_info.fsci_type) &
1039                                                 PN533_TYPE_B_PROT_TYPE_RFU_MASK)
1040                 return false;
1041
1042         return true;
1043 }
1044
1045 static int pn533_target_found_type_b(struct nfc_target *nfc_tgt, u8 *tgt_data,
1046                                                         int tgt_data_len)
1047 {
1048         struct pn533_target_type_b *tgt_type_b;
1049
1050         tgt_type_b = (struct pn533_target_type_b *) tgt_data;
1051
1052         if (!pn533_target_type_b_is_valid(tgt_type_b, tgt_data_len))
1053                 return -EPROTO;
1054
1055         nfc_tgt->supported_protocols = NFC_PROTO_ISO14443_B_MASK;
1056
1057         return 0;
1058 }
1059
1060 struct pn533_poll_response {
1061         u8 nbtg;
1062         u8 tg;
1063         u8 target_data[];
1064 } __packed;
1065
1066 static int pn533_target_found(struct pn533 *dev,
1067                         struct pn533_poll_response *resp, int resp_len)
1068 {
1069         int target_data_len;
1070         struct nfc_target nfc_tgt;
1071         int rc;
1072
1073         nfc_dev_dbg(&dev->interface->dev, "%s - modulation=%d", __func__,
1074                                                         dev->poll_mod_curr);
1075
1076         if (resp->tg != 1)
1077                 return -EPROTO;
1078
1079         memset(&nfc_tgt, 0, sizeof(struct nfc_target));
1080
1081         target_data_len = resp_len - sizeof(struct pn533_poll_response);
1082
1083         switch (dev->poll_mod_curr) {
1084         case PN533_POLL_MOD_106KBPS_A:
1085                 rc = pn533_target_found_type_a(&nfc_tgt, resp->target_data,
1086                                                         target_data_len);
1087                 break;
1088         case PN533_POLL_MOD_212KBPS_FELICA:
1089         case PN533_POLL_MOD_424KBPS_FELICA:
1090                 rc = pn533_target_found_felica(&nfc_tgt, resp->target_data,
1091                                                         target_data_len);
1092                 break;
1093         case PN533_POLL_MOD_106KBPS_JEWEL:
1094                 rc = pn533_target_found_jewel(&nfc_tgt, resp->target_data,
1095                                                         target_data_len);
1096                 break;
1097         case PN533_POLL_MOD_847KBPS_B:
1098                 rc = pn533_target_found_type_b(&nfc_tgt, resp->target_data,
1099                                                         target_data_len);
1100                 break;
1101         default:
1102                 nfc_dev_err(&dev->interface->dev, "Unknown current poll"
1103                                                                 " modulation");
1104                 return -EPROTO;
1105         }
1106
1107         if (rc)
1108                 return rc;
1109
1110         if (!(nfc_tgt.supported_protocols & dev->poll_protocols)) {
1111                 nfc_dev_dbg(&dev->interface->dev, "The target found does not"
1112                                                 " have the desired protocol");
1113                 return -EAGAIN;
1114         }
1115
1116         nfc_dev_dbg(&dev->interface->dev, "Target found - supported protocols: "
1117                                         "0x%x", nfc_tgt.supported_protocols);
1118
1119         dev->tgt_available_prots = nfc_tgt.supported_protocols;
1120
1121         nfc_targets_found(dev->nfc_dev, &nfc_tgt, 1);
1122
1123         return 0;
1124 }
1125
1126 static inline void pn533_poll_next_mod(struct pn533 *dev)
1127 {
1128         dev->poll_mod_curr = (dev->poll_mod_curr + 1) % dev->poll_mod_count;
1129 }
1130
1131 static void pn533_poll_reset_mod_list(struct pn533 *dev)
1132 {
1133         dev->poll_mod_count = 0;
1134 }
1135
1136 static void pn533_poll_add_mod(struct pn533 *dev, u8 mod_index)
1137 {
1138         dev->poll_mod_active[dev->poll_mod_count] =
1139                 (struct pn533_poll_modulations *) &poll_mod[mod_index];
1140         dev->poll_mod_count++;
1141 }
1142
1143 static void pn533_poll_create_mod_list(struct pn533 *dev,
1144                                        u32 im_protocols, u32 tm_protocols)
1145 {
1146         pn533_poll_reset_mod_list(dev);
1147
1148         if (im_protocols & NFC_PROTO_MIFARE_MASK
1149             || im_protocols & NFC_PROTO_ISO14443_MASK
1150             || im_protocols & NFC_PROTO_NFC_DEP_MASK)
1151                 pn533_poll_add_mod(dev, PN533_POLL_MOD_106KBPS_A);
1152
1153         if (im_protocols & NFC_PROTO_FELICA_MASK
1154             || im_protocols & NFC_PROTO_NFC_DEP_MASK) {
1155                 pn533_poll_add_mod(dev, PN533_POLL_MOD_212KBPS_FELICA);
1156                 pn533_poll_add_mod(dev, PN533_POLL_MOD_424KBPS_FELICA);
1157         }
1158
1159         if (im_protocols & NFC_PROTO_JEWEL_MASK)
1160                 pn533_poll_add_mod(dev, PN533_POLL_MOD_106KBPS_JEWEL);
1161
1162         if (im_protocols & NFC_PROTO_ISO14443_B_MASK)
1163                 pn533_poll_add_mod(dev, PN533_POLL_MOD_847KBPS_B);
1164
1165         if (tm_protocols)
1166                 pn533_poll_add_mod(dev, PN533_LISTEN_MOD);
1167 }
1168
1169 static int pn533_start_poll_complete(struct pn533 *dev, void *arg,
1170                                      u8 *params, int params_len)
1171 {
1172         struct pn533_poll_response *resp;
1173         int rc;
1174
1175         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1176
1177         resp = (struct pn533_poll_response *) params;
1178         if (resp->nbtg) {
1179                 rc = pn533_target_found(dev, resp, params_len);
1180
1181                 /* We must stop the poll after a valid target found */
1182                 if (rc == 0) {
1183                         pn533_poll_reset_mod_list(dev);
1184                         return 0;
1185                 }
1186         }
1187
1188         return -EAGAIN;
1189 }
1190
1191 static int pn533_init_target_frame(struct pn533_frame *frame,
1192                                    u8 *gb, size_t gb_len)
1193 {
1194         struct pn533_cmd_init_target *cmd;
1195         size_t cmd_len;
1196         u8 felica_params[18] = {0x1, 0xfe, /* DEP */
1197                                 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, /* random */
1198                                 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
1199                                 0xff, 0xff}; /* System code */
1200         u8 mifare_params[6] = {0x1, 0x1, /* SENS_RES */
1201                                0x0, 0x0, 0x0,
1202                                0x40}; /* SEL_RES for DEP */
1203
1204         cmd_len = sizeof(struct pn533_cmd_init_target) + gb_len + 1;
1205         cmd = kzalloc(cmd_len, GFP_KERNEL);
1206         if (cmd == NULL)
1207                 return -ENOMEM;
1208
1209         pn533_tx_frame_init(frame, PN533_CMD_TG_INIT_AS_TARGET);
1210
1211         /* DEP support only */
1212         cmd->mode |= PN533_INIT_TARGET_DEP;
1213
1214         /* Felica params */
1215         memcpy(cmd->felica, felica_params, 18);
1216         get_random_bytes(cmd->felica + 2, 6);
1217
1218         /* NFCID3 */
1219         memset(cmd->nfcid3, 0, 10);
1220         memcpy(cmd->nfcid3, cmd->felica, 8);
1221
1222         /* MIFARE params */
1223         memcpy(cmd->mifare, mifare_params, 6);
1224
1225         /* General bytes */
1226         cmd->gb_len = gb_len;
1227         memcpy(cmd->gb, gb, gb_len);
1228
1229         /* Len Tk */
1230         cmd->gb[gb_len] = 0;
1231
1232         memcpy(PN533_FRAME_CMD_PARAMS_PTR(frame), cmd, cmd_len);
1233
1234         frame->datalen += cmd_len;
1235
1236         pn533_tx_frame_finish(frame);
1237
1238         kfree(cmd);
1239
1240         return 0;
1241 }
1242
1243 #define PN533_CMD_DATAEXCH_HEAD_LEN (sizeof(struct pn533_frame) + 3)
1244 #define PN533_CMD_DATAEXCH_DATA_MAXLEN 262
1245 static int pn533_tm_get_data_complete(struct pn533 *dev, void *arg,
1246                                       u8 *params, int params_len)
1247 {
1248         struct sk_buff *skb_resp = arg;
1249         struct pn533_frame *in_frame = (struct pn533_frame *) skb_resp->data;
1250
1251         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1252
1253         if (params_len < 0) {
1254                 nfc_dev_err(&dev->interface->dev,
1255                             "Error %d when starting as a target",
1256                             params_len);
1257
1258                 return params_len;
1259         }
1260
1261         if (params_len > 0 && params[0] != 0) {
1262                 nfc_tm_deactivated(dev->nfc_dev);
1263
1264                 dev->tgt_mode = 0;
1265
1266                 kfree_skb(skb_resp);
1267                 return 0;
1268         }
1269
1270         skb_put(skb_resp, PN533_FRAME_SIZE(in_frame));
1271         skb_pull(skb_resp, PN533_CMD_DATAEXCH_HEAD_LEN);
1272         skb_trim(skb_resp, skb_resp->len - PN533_FRAME_TAIL_SIZE);
1273
1274         return nfc_tm_data_received(dev->nfc_dev, skb_resp);
1275 }
1276
1277 static void pn533_wq_tg_get_data(struct work_struct *work)
1278 {
1279         struct pn533 *dev = container_of(work, struct pn533, tg_work);
1280         struct pn533_frame *in_frame;
1281         struct sk_buff *skb_resp;
1282         size_t skb_resp_len;
1283
1284         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1285
1286         skb_resp_len = PN533_CMD_DATAEXCH_HEAD_LEN +
1287                 PN533_CMD_DATAEXCH_DATA_MAXLEN +
1288                 PN533_FRAME_TAIL_SIZE;
1289
1290         skb_resp = nfc_alloc_recv_skb(skb_resp_len, GFP_KERNEL);
1291         if (!skb_resp)
1292                 return;
1293
1294         in_frame = (struct pn533_frame *)skb_resp->data;
1295
1296         pn533_tx_frame_init(dev->out_frame, PN533_CMD_TG_GET_DATA);
1297         pn533_tx_frame_finish(dev->out_frame);
1298
1299         pn533_send_cmd_frame_async(dev, dev->out_frame, in_frame,
1300                                    skb_resp_len,
1301                                    pn533_tm_get_data_complete,
1302                                    skb_resp, GFP_KERNEL);
1303
1304         return;
1305 }
1306
1307 #define ATR_REQ_GB_OFFSET 17
1308 static int pn533_init_target_complete(struct pn533 *dev, void *arg,
1309                                       u8 *params, int params_len)
1310 {
1311         struct pn533_cmd_init_target_response *resp;
1312         u8 frame, comm_mode = NFC_COMM_PASSIVE, *gb;
1313         size_t gb_len;
1314         int rc;
1315
1316         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1317
1318         if (params_len < 0) {
1319                 nfc_dev_err(&dev->interface->dev,
1320                             "Error %d when starting as a target",
1321                             params_len);
1322
1323                 return params_len;
1324         }
1325
1326         if (params_len < ATR_REQ_GB_OFFSET + 1)
1327                 return -EINVAL;
1328
1329         resp = (struct pn533_cmd_init_target_response *) params;
1330
1331         nfc_dev_dbg(&dev->interface->dev, "Target mode 0x%x param len %d\n",
1332                     resp->mode, params_len);
1333
1334         frame = resp->mode & PN533_INIT_TARGET_RESP_FRAME_MASK;
1335         if (frame == PN533_INIT_TARGET_RESP_ACTIVE)
1336                 comm_mode = NFC_COMM_ACTIVE;
1337
1338         /* Again, only DEP */
1339         if ((resp->mode & PN533_INIT_TARGET_RESP_DEP) == 0)
1340                 return -EOPNOTSUPP;
1341
1342         gb = resp->cmd + ATR_REQ_GB_OFFSET;
1343         gb_len = params_len - (ATR_REQ_GB_OFFSET + 1);
1344
1345         rc = nfc_tm_activated(dev->nfc_dev, NFC_PROTO_NFC_DEP_MASK,
1346                               comm_mode, gb, gb_len);
1347         if (rc < 0) {
1348                 nfc_dev_err(&dev->interface->dev,
1349                             "Error when signaling target activation");
1350                 return rc;
1351         }
1352
1353         dev->tgt_mode = 1;
1354
1355         queue_work(dev->wq, &dev->tg_work);
1356
1357         return 0;
1358 }
1359
1360 static void pn533_listen_mode_timer(unsigned long data)
1361 {
1362         struct pn533 *dev = (struct pn533 *) data;
1363
1364         nfc_dev_dbg(&dev->interface->dev, "Listen mode timeout");
1365
1366         /* An ack will cancel the last issued command (poll) */
1367         pn533_send_ack(dev, GFP_ATOMIC);
1368
1369         dev->cancel_listen = 1;
1370
1371         pn533_poll_next_mod(dev);
1372
1373         queue_work(dev->wq, &dev->poll_work);
1374 }
1375
1376 static int pn533_poll_complete(struct pn533 *dev, void *arg,
1377                                u8 *params, int params_len)
1378 {
1379         struct pn533_poll_modulations *cur_mod;
1380         int rc;
1381
1382         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1383
1384         if (params_len == -ENOENT) {
1385                 if (dev->poll_mod_count != 0)
1386                         return 0;
1387
1388                 nfc_dev_err(&dev->interface->dev,
1389                             "Polling operation has been stopped");
1390
1391                 goto stop_poll;
1392         }
1393
1394         if (params_len < 0) {
1395                 nfc_dev_err(&dev->interface->dev,
1396                             "Error %d when running poll", params_len);
1397
1398                 goto stop_poll;
1399         }
1400
1401         cur_mod = dev->poll_mod_active[dev->poll_mod_curr];
1402
1403         if (cur_mod->len == 0) {
1404                 del_timer(&dev->listen_timer);
1405
1406                 return pn533_init_target_complete(dev, arg, params, params_len);
1407         } else {
1408                 rc = pn533_start_poll_complete(dev, arg, params, params_len);
1409                 if (!rc)
1410                         return rc;
1411         }
1412
1413         pn533_poll_next_mod(dev);
1414
1415         queue_work(dev->wq, &dev->poll_work);
1416
1417         return 0;
1418
1419 stop_poll:
1420         pn533_poll_reset_mod_list(dev);
1421         dev->poll_protocols = 0;
1422         return 0;
1423 }
1424
1425 static void pn533_build_poll_frame(struct pn533 *dev,
1426                                    struct pn533_frame *frame,
1427                                    struct pn533_poll_modulations *mod)
1428 {
1429         nfc_dev_dbg(&dev->interface->dev, "mod len %d\n", mod->len);
1430
1431         if (mod->len == 0) {
1432                 /* Listen mode */
1433                 pn533_init_target_frame(frame, dev->gb, dev->gb_len);
1434         } else {
1435                 /* Polling mode */
1436                 pn533_tx_frame_init(frame, PN533_CMD_IN_LIST_PASSIVE_TARGET);
1437
1438                 memcpy(PN533_FRAME_CMD_PARAMS_PTR(frame), &mod->data, mod->len);
1439                 frame->datalen += mod->len;
1440
1441                 pn533_tx_frame_finish(frame);
1442         }
1443 }
1444
1445 static int pn533_send_poll_frame(struct pn533 *dev)
1446 {
1447         struct pn533_poll_modulations *cur_mod;
1448         int rc;
1449
1450         cur_mod = dev->poll_mod_active[dev->poll_mod_curr];
1451
1452         pn533_build_poll_frame(dev, dev->out_frame, cur_mod);
1453
1454         rc = pn533_send_cmd_frame_async(dev, dev->out_frame, dev->in_frame,
1455                                 dev->in_maxlen, pn533_poll_complete,
1456                                 NULL, GFP_KERNEL);
1457         if (rc)
1458                 nfc_dev_err(&dev->interface->dev, "Polling loop error %d", rc);
1459
1460         return rc;
1461 }
1462
1463 static void pn533_wq_poll(struct work_struct *work)
1464 {
1465         struct pn533 *dev = container_of(work, struct pn533, poll_work);
1466         struct pn533_poll_modulations *cur_mod;
1467         int rc;
1468
1469         cur_mod = dev->poll_mod_active[dev->poll_mod_curr];
1470
1471         nfc_dev_dbg(&dev->interface->dev,
1472                     "%s cancel_listen %d modulation len %d",
1473                     __func__, dev->cancel_listen, cur_mod->len);
1474
1475         if (dev->cancel_listen == 1) {
1476                 dev->cancel_listen = 0;
1477                 usb_kill_urb(dev->in_urb);
1478         }
1479
1480         rc = pn533_send_poll_frame(dev);
1481         if (rc)
1482                 return;
1483
1484         if (cur_mod->len == 0 && dev->poll_mod_count > 1)
1485                 mod_timer(&dev->listen_timer, jiffies + PN533_LISTEN_TIME * HZ);
1486
1487         return;
1488 }
1489
1490 static int pn533_start_poll(struct nfc_dev *nfc_dev,
1491                             u32 im_protocols, u32 tm_protocols)
1492 {
1493         struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1494
1495         nfc_dev_dbg(&dev->interface->dev,
1496                     "%s: im protocols 0x%x tm protocols 0x%x",
1497                     __func__, im_protocols, tm_protocols);
1498
1499         if (dev->tgt_active_prot) {
1500                 nfc_dev_err(&dev->interface->dev,
1501                             "Cannot poll with a target already activated");
1502                 return -EBUSY;
1503         }
1504
1505         if (dev->tgt_mode) {
1506                 nfc_dev_err(&dev->interface->dev,
1507                             "Cannot poll while already being activated");
1508                 return -EBUSY;
1509         }
1510
1511         if (tm_protocols) {
1512                 dev->gb = nfc_get_local_general_bytes(nfc_dev, &dev->gb_len);
1513                 if (dev->gb == NULL)
1514                         tm_protocols = 0;
1515         }
1516
1517         dev->poll_mod_curr = 0;
1518         pn533_poll_create_mod_list(dev, im_protocols, tm_protocols);
1519         dev->poll_protocols = im_protocols;
1520         dev->listen_protocols = tm_protocols;
1521
1522         return pn533_send_poll_frame(dev);
1523 }
1524
1525 static void pn533_stop_poll(struct nfc_dev *nfc_dev)
1526 {
1527         struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1528
1529         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1530
1531         del_timer(&dev->listen_timer);
1532
1533         if (!dev->poll_mod_count) {
1534                 nfc_dev_dbg(&dev->interface->dev, "Polling operation was not"
1535                                                                 " running");
1536                 return;
1537         }
1538
1539         /* An ack will cancel the last issued command (poll) */
1540         pn533_send_ack(dev, GFP_KERNEL);
1541
1542         /* prevent pn533_start_poll_complete to issue a new poll meanwhile */
1543         usb_kill_urb(dev->in_urb);
1544
1545         pn533_poll_reset_mod_list(dev);
1546 }
1547
1548 static int pn533_activate_target_nfcdep(struct pn533 *dev)
1549 {
1550         struct pn533_cmd_activate_param param;
1551         struct pn533_cmd_activate_response *resp;
1552         u16 gt_len;
1553         int rc;
1554
1555         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1556
1557         pn533_tx_frame_init(dev->out_frame, PN533_CMD_IN_ATR);
1558
1559         param.tg = 1;
1560         param.next = 0;
1561         memcpy(PN533_FRAME_CMD_PARAMS_PTR(dev->out_frame), &param,
1562                                 sizeof(struct pn533_cmd_activate_param));
1563         dev->out_frame->datalen += sizeof(struct pn533_cmd_activate_param);
1564
1565         pn533_tx_frame_finish(dev->out_frame);
1566
1567         rc = pn533_send_cmd_frame_sync(dev, dev->out_frame, dev->in_frame,
1568                                                                 dev->in_maxlen);
1569         if (rc)
1570                 return rc;
1571
1572         resp = (struct pn533_cmd_activate_response *)
1573                                 PN533_FRAME_CMD_PARAMS_PTR(dev->in_frame);
1574         rc = resp->status & PN533_CMD_RET_MASK;
1575         if (rc != PN533_CMD_RET_SUCCESS)
1576                 return -EIO;
1577
1578         /* ATR_RES general bytes are located at offset 16 */
1579         gt_len = PN533_FRAME_CMD_PARAMS_LEN(dev->in_frame) - 16;
1580         rc = nfc_set_remote_general_bytes(dev->nfc_dev, resp->gt, gt_len);
1581
1582         return rc;
1583 }
1584
1585 static int pn533_activate_target(struct nfc_dev *nfc_dev,
1586                                  struct nfc_target *target, u32 protocol)
1587 {
1588         struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1589         int rc;
1590
1591         nfc_dev_dbg(&dev->interface->dev, "%s - protocol=%u", __func__,
1592                                                                 protocol);
1593
1594         if (dev->poll_mod_count) {
1595                 nfc_dev_err(&dev->interface->dev, "Cannot activate while"
1596                                                                 " polling");
1597                 return -EBUSY;
1598         }
1599
1600         if (dev->tgt_active_prot) {
1601                 nfc_dev_err(&dev->interface->dev, "There is already an active"
1602                                                                 " target");
1603                 return -EBUSY;
1604         }
1605
1606         if (!dev->tgt_available_prots) {
1607                 nfc_dev_err(&dev->interface->dev, "There is no available target"
1608                                                                 " to activate");
1609                 return -EINVAL;
1610         }
1611
1612         if (!(dev->tgt_available_prots & (1 << protocol))) {
1613                 nfc_dev_err(&dev->interface->dev, "The target does not support"
1614                                         " the requested protocol %u", protocol);
1615                 return -EINVAL;
1616         }
1617
1618         if (protocol == NFC_PROTO_NFC_DEP) {
1619                 rc = pn533_activate_target_nfcdep(dev);
1620                 if (rc) {
1621                         nfc_dev_err(&dev->interface->dev, "Error %d when"
1622                                                 " activating target with"
1623                                                 " NFC_DEP protocol", rc);
1624                         return rc;
1625                 }
1626         }
1627
1628         dev->tgt_active_prot = protocol;
1629         dev->tgt_available_prots = 0;
1630
1631         return 0;
1632 }
1633
1634 static void pn533_deactivate_target(struct nfc_dev *nfc_dev,
1635                                     struct nfc_target *target)
1636 {
1637         struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1638         u8 tg;
1639         u8 status;
1640         int rc;
1641
1642         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1643
1644         if (!dev->tgt_active_prot) {
1645                 nfc_dev_err(&dev->interface->dev, "There is no active target");
1646                 return;
1647         }
1648
1649         dev->tgt_active_prot = 0;
1650
1651         skb_queue_purge(&dev->resp_q);
1652
1653         pn533_tx_frame_init(dev->out_frame, PN533_CMD_IN_RELEASE);
1654
1655         tg = 1;
1656         memcpy(PN533_FRAME_CMD_PARAMS_PTR(dev->out_frame), &tg, sizeof(u8));
1657         dev->out_frame->datalen += sizeof(u8);
1658
1659         pn533_tx_frame_finish(dev->out_frame);
1660
1661         rc = pn533_send_cmd_frame_sync(dev, dev->out_frame, dev->in_frame,
1662                                                                 dev->in_maxlen);
1663         if (rc) {
1664                 nfc_dev_err(&dev->interface->dev, "Error when sending release"
1665                                                 " command to the controller");
1666                 return;
1667         }
1668
1669         status = PN533_FRAME_CMD_PARAMS_PTR(dev->in_frame)[0];
1670         rc = status & PN533_CMD_RET_MASK;
1671         if (rc != PN533_CMD_RET_SUCCESS)
1672                 nfc_dev_err(&dev->interface->dev, "Error 0x%x when releasing"
1673                                                         " the target", rc);
1674
1675         return;
1676 }
1677
1678
1679 static int pn533_in_dep_link_up_complete(struct pn533 *dev, void *arg,
1680                                                 u8 *params, int params_len)
1681 {
1682         struct pn533_cmd_jump_dep_response *resp;
1683         struct nfc_target nfc_target;
1684         u8 target_gt_len;
1685         int rc;
1686         struct pn533_cmd_jump_dep *cmd = (struct pn533_cmd_jump_dep *)arg;
1687         u8 active = cmd->active;
1688
1689         kfree(arg);
1690
1691         if (params_len == -ENOENT) {
1692                 nfc_dev_dbg(&dev->interface->dev, "");
1693                 return 0;
1694         }
1695
1696         if (params_len < 0) {
1697                 nfc_dev_err(&dev->interface->dev,
1698                                 "Error %d when bringing DEP link up",
1699                                                                 params_len);
1700                 return 0;
1701         }
1702
1703         if (dev->tgt_available_prots &&
1704             !(dev->tgt_available_prots & (1 << NFC_PROTO_NFC_DEP))) {
1705                 nfc_dev_err(&dev->interface->dev,
1706                         "The target does not support DEP");
1707                 return -EINVAL;
1708         }
1709
1710         resp = (struct pn533_cmd_jump_dep_response *) params;
1711         rc = resp->status & PN533_CMD_RET_MASK;
1712         if (rc != PN533_CMD_RET_SUCCESS) {
1713                 nfc_dev_err(&dev->interface->dev,
1714                                 "Bringing DEP link up failed %d", rc);
1715                 return 0;
1716         }
1717
1718         if (!dev->tgt_available_prots) {
1719                 nfc_dev_dbg(&dev->interface->dev, "Creating new target");
1720
1721                 nfc_target.supported_protocols = NFC_PROTO_NFC_DEP_MASK;
1722                 nfc_target.nfcid1_len = 10;
1723                 memcpy(nfc_target.nfcid1, resp->nfcid3t, nfc_target.nfcid1_len);
1724                 rc = nfc_targets_found(dev->nfc_dev, &nfc_target, 1);
1725                 if (rc)
1726                         return 0;
1727
1728                 dev->tgt_available_prots = 0;
1729         }
1730
1731         dev->tgt_active_prot = NFC_PROTO_NFC_DEP;
1732
1733         /* ATR_RES general bytes are located at offset 17 */
1734         target_gt_len = PN533_FRAME_CMD_PARAMS_LEN(dev->in_frame) - 17;
1735         rc = nfc_set_remote_general_bytes(dev->nfc_dev,
1736                                                 resp->gt, target_gt_len);
1737         if (rc == 0)
1738                 rc = nfc_dep_link_is_up(dev->nfc_dev,
1739                                                 dev->nfc_dev->targets[0].idx,
1740                                                 !active, NFC_RF_INITIATOR);
1741
1742         return 0;
1743 }
1744
1745 static int pn533_mod_to_baud(struct pn533 *dev)
1746 {
1747         switch (dev->poll_mod_curr) {
1748         case PN533_POLL_MOD_106KBPS_A:
1749                 return 0;
1750         case PN533_POLL_MOD_212KBPS_FELICA:
1751                 return 1;
1752         case PN533_POLL_MOD_424KBPS_FELICA:
1753                 return 2;
1754         default:
1755                 return -EINVAL;
1756         }
1757 }
1758
1759 #define PASSIVE_DATA_LEN 5
1760 static int pn533_dep_link_up(struct nfc_dev *nfc_dev, struct nfc_target *target,
1761                              u8 comm_mode, u8* gb, size_t gb_len)
1762 {
1763         struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1764         struct pn533_cmd_jump_dep *cmd;
1765         u8 cmd_len, *data_ptr;
1766         u8 passive_data[PASSIVE_DATA_LEN] = {0x00, 0xff, 0xff, 0x00, 0x3};
1767         int rc, baud;
1768
1769         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1770
1771         if (dev->poll_mod_count) {
1772                 nfc_dev_err(&dev->interface->dev,
1773                                 "Cannot bring the DEP link up while polling");
1774                 return -EBUSY;
1775         }
1776
1777         if (dev->tgt_active_prot) {
1778                 nfc_dev_err(&dev->interface->dev,
1779                                 "There is already an active target");
1780                 return -EBUSY;
1781         }
1782
1783         baud = pn533_mod_to_baud(dev);
1784         if (baud < 0) {
1785                 nfc_dev_err(&dev->interface->dev,
1786                             "Invalid curr modulation %d", dev->poll_mod_curr);
1787                 return baud;
1788         }
1789
1790         cmd_len = sizeof(struct pn533_cmd_jump_dep) + gb_len;
1791         if (comm_mode == NFC_COMM_PASSIVE)
1792                 cmd_len += PASSIVE_DATA_LEN;
1793
1794         cmd = kzalloc(cmd_len, GFP_KERNEL);
1795         if (cmd == NULL)
1796                 return -ENOMEM;
1797
1798         pn533_tx_frame_init(dev->out_frame, PN533_CMD_IN_JUMP_FOR_DEP);
1799
1800         cmd->active = !comm_mode;
1801         cmd->next = 0;
1802         cmd->baud = baud;
1803         data_ptr = cmd->data;
1804         if (comm_mode == NFC_COMM_PASSIVE && cmd->baud > 0) {
1805                 memcpy(data_ptr, passive_data, PASSIVE_DATA_LEN);
1806                 cmd->next |= 1;
1807                 data_ptr += PASSIVE_DATA_LEN;
1808         }
1809
1810         if (gb != NULL && gb_len > 0) {
1811                 cmd->next |= 4; /* We have some Gi */
1812                 memcpy(data_ptr, gb, gb_len);
1813         } else {
1814                 cmd->next = 0;
1815         }
1816
1817         memcpy(PN533_FRAME_CMD_PARAMS_PTR(dev->out_frame), cmd, cmd_len);
1818         dev->out_frame->datalen += cmd_len;
1819
1820         pn533_tx_frame_finish(dev->out_frame);
1821
1822         rc = pn533_send_cmd_frame_async(dev, dev->out_frame, dev->in_frame,
1823                                 dev->in_maxlen, pn533_in_dep_link_up_complete,
1824                                 cmd, GFP_KERNEL);
1825         if (rc < 0)
1826                 kfree(cmd);
1827
1828         return rc;
1829 }
1830
1831 static int pn533_dep_link_down(struct nfc_dev *nfc_dev)
1832 {
1833         struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1834
1835         pn533_poll_reset_mod_list(dev);
1836
1837         if (dev->tgt_mode || dev->tgt_active_prot) {
1838                 pn533_send_ack(dev, GFP_KERNEL);
1839                 usb_kill_urb(dev->in_urb);
1840         }
1841
1842         dev->tgt_active_prot = 0;
1843         dev->tgt_mode = 0;
1844
1845         skb_queue_purge(&dev->resp_q);
1846
1847         return 0;
1848 }
1849
1850 static int pn533_build_tx_frame(struct pn533 *dev, struct sk_buff *skb,
1851                                 bool target)
1852 {
1853         int payload_len = skb->len;
1854         struct pn533_frame *out_frame;
1855         u8 tg;
1856
1857         nfc_dev_dbg(&dev->interface->dev, "%s - Sending %d bytes", __func__,
1858                                                                 payload_len);
1859
1860         if (payload_len > PN533_CMD_DATAEXCH_DATA_MAXLEN) {
1861                 /* TODO: Implement support to multi-part data exchange */
1862                 nfc_dev_err(&dev->interface->dev, "Data length greater than the"
1863                                                 " max allowed: %d",
1864                                                 PN533_CMD_DATAEXCH_DATA_MAXLEN);
1865                 return -ENOSYS;
1866         }
1867
1868         if (target == true) {
1869                 switch (dev->device_type) {
1870                 case PN533_DEVICE_PASORI:
1871                         if (dev->tgt_active_prot == NFC_PROTO_FELICA) {
1872                                 skb_push(skb, PN533_CMD_DATAEXCH_HEAD_LEN - 1);
1873                                 out_frame = (struct pn533_frame *) skb->data;
1874                                 pn533_tx_frame_init(out_frame,
1875                                                     PN533_CMD_IN_COMM_THRU);
1876
1877                                 break;
1878                         }
1879
1880                 default:
1881                         skb_push(skb, PN533_CMD_DATAEXCH_HEAD_LEN);
1882                         out_frame = (struct pn533_frame *) skb->data;
1883                         pn533_tx_frame_init(out_frame,
1884                                             PN533_CMD_IN_DATA_EXCHANGE);
1885                         tg = 1;
1886                         memcpy(PN533_FRAME_CMD_PARAMS_PTR(out_frame),
1887                                &tg, sizeof(u8));
1888                         out_frame->datalen += sizeof(u8);
1889
1890                         break;
1891                 }
1892
1893         } else {
1894                 skb_push(skb, PN533_CMD_DATAEXCH_HEAD_LEN - 1);
1895                 out_frame = (struct pn533_frame *) skb->data;
1896                 pn533_tx_frame_init(out_frame, PN533_CMD_TG_SET_DATA);
1897         }
1898
1899
1900         /* The data is already in the out_frame, just update the datalen */
1901         out_frame->datalen += payload_len;
1902
1903         pn533_tx_frame_finish(out_frame);
1904         skb_put(skb, PN533_FRAME_TAIL_SIZE);
1905
1906         return 0;
1907 }
1908
1909 struct pn533_data_exchange_arg {
1910         struct sk_buff *skb_resp;
1911         struct sk_buff *skb_out;
1912         data_exchange_cb_t cb;
1913         void *cb_context;
1914 };
1915
1916 static struct sk_buff *pn533_build_response(struct pn533 *dev)
1917 {
1918         struct sk_buff *skb, *tmp, *t;
1919         unsigned int skb_len = 0, tmp_len = 0;
1920
1921         nfc_dev_dbg(&dev->interface->dev, "%s\n", __func__);
1922
1923         if (skb_queue_empty(&dev->resp_q))
1924                 return NULL;
1925
1926         if (skb_queue_len(&dev->resp_q) == 1) {
1927                 skb = skb_dequeue(&dev->resp_q);
1928                 goto out;
1929         }
1930
1931         skb_queue_walk_safe(&dev->resp_q, tmp, t)
1932                 skb_len += tmp->len;
1933
1934         nfc_dev_dbg(&dev->interface->dev, "%s total length %d\n",
1935                     __func__, skb_len);
1936
1937         skb = alloc_skb(skb_len, GFP_KERNEL);
1938         if (skb == NULL)
1939                 goto out;
1940
1941         skb_put(skb, skb_len);
1942
1943         skb_queue_walk_safe(&dev->resp_q, tmp, t) {
1944                 memcpy(skb->data + tmp_len, tmp->data, tmp->len);
1945                 tmp_len += tmp->len;
1946         }
1947
1948 out:
1949         skb_queue_purge(&dev->resp_q);
1950
1951         return skb;
1952 }
1953
1954 static int pn533_data_exchange_complete(struct pn533 *dev, void *_arg,
1955                                                 u8 *params, int params_len)
1956 {
1957         struct pn533_data_exchange_arg *arg = _arg;
1958         struct sk_buff *skb = NULL, *skb_resp = arg->skb_resp;
1959         struct pn533_frame *in_frame = (struct pn533_frame *) skb_resp->data;
1960         int err = 0;
1961         u8 status;
1962         u8 cmd_ret;
1963
1964         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1965
1966         dev_kfree_skb(arg->skb_out);
1967
1968         if (params_len < 0) { /* error */
1969                 err = params_len;
1970                 goto error;
1971         }
1972
1973         status = params[0];
1974
1975         cmd_ret = status & PN533_CMD_RET_MASK;
1976         if (cmd_ret != PN533_CMD_RET_SUCCESS) {
1977                 nfc_dev_err(&dev->interface->dev, "PN533 reported error %d when"
1978                                                 " exchanging data", cmd_ret);
1979                 err = -EIO;
1980                 goto error;
1981         }
1982
1983         skb_put(skb_resp, PN533_FRAME_SIZE(in_frame));
1984         skb_pull(skb_resp, PN533_CMD_DATAEXCH_HEAD_LEN);
1985         skb_trim(skb_resp, skb_resp->len - PN533_FRAME_TAIL_SIZE);
1986         skb_queue_tail(&dev->resp_q, skb_resp);
1987
1988         if (status & PN533_CMD_MI_MASK) {
1989                 queue_work(dev->wq, &dev->mi_work);
1990                 return -EINPROGRESS;
1991         }
1992
1993         skb = pn533_build_response(dev);
1994         if (skb == NULL)
1995                 goto error;
1996
1997         arg->cb(arg->cb_context, skb, 0);
1998         kfree(arg);
1999         return 0;
2000
2001 error:
2002         skb_queue_purge(&dev->resp_q);
2003         dev_kfree_skb(skb_resp);
2004         arg->cb(arg->cb_context, NULL, err);
2005         kfree(arg);
2006         return 0;
2007 }
2008
2009 static int pn533_transceive(struct nfc_dev *nfc_dev,
2010                             struct nfc_target *target, struct sk_buff *skb,
2011                             data_exchange_cb_t cb, void *cb_context)
2012 {
2013         struct pn533 *dev = nfc_get_drvdata(nfc_dev);
2014         struct pn533_frame *out_frame, *in_frame;
2015         struct pn533_data_exchange_arg *arg;
2016         struct sk_buff *skb_resp;
2017         int skb_resp_len;
2018         int rc;
2019
2020         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2021
2022         if (!dev->tgt_active_prot) {
2023                 nfc_dev_err(&dev->interface->dev, "Cannot exchange data if"
2024                                                 " there is no active target");
2025                 rc = -EINVAL;
2026                 goto error;
2027         }
2028
2029         rc = pn533_build_tx_frame(dev, skb, true);
2030         if (rc)
2031                 goto error;
2032
2033         skb_resp_len = PN533_CMD_DATAEXCH_HEAD_LEN +
2034                         PN533_CMD_DATAEXCH_DATA_MAXLEN +
2035                         PN533_FRAME_TAIL_SIZE;
2036
2037         skb_resp = nfc_alloc_recv_skb(skb_resp_len, GFP_KERNEL);
2038         if (!skb_resp) {
2039                 rc = -ENOMEM;
2040                 goto error;
2041         }
2042
2043         in_frame = (struct pn533_frame *) skb_resp->data;
2044         out_frame = (struct pn533_frame *) skb->data;
2045
2046         arg = kmalloc(sizeof(struct pn533_data_exchange_arg), GFP_KERNEL);
2047         if (!arg) {
2048                 rc = -ENOMEM;
2049                 goto free_skb_resp;
2050         }
2051
2052         arg->skb_resp = skb_resp;
2053         arg->skb_out = skb;
2054         arg->cb = cb;
2055         arg->cb_context = cb_context;
2056
2057         rc = pn533_send_cmd_frame_async(dev, out_frame, in_frame, skb_resp_len,
2058                                         pn533_data_exchange_complete, arg,
2059                                         GFP_KERNEL);
2060         if (rc) {
2061                 nfc_dev_err(&dev->interface->dev, "Error %d when trying to"
2062                                                 " perform data_exchange", rc);
2063                 goto free_arg;
2064         }
2065
2066         return 0;
2067
2068 free_arg:
2069         kfree(arg);
2070 free_skb_resp:
2071         kfree_skb(skb_resp);
2072 error:
2073         kfree_skb(skb);
2074         return rc;
2075 }
2076
2077 static int pn533_tm_send_complete(struct pn533 *dev, void *arg,
2078                                   u8 *params, int params_len)
2079 {
2080         struct sk_buff *skb_out = arg;
2081
2082         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2083
2084         dev_kfree_skb(skb_out);
2085
2086         if (params_len < 0) {
2087                 nfc_dev_err(&dev->interface->dev,
2088                             "Error %d when sending data",
2089                             params_len);
2090
2091                 return params_len;
2092         }
2093
2094         if (params_len > 0 && params[0] != 0) {
2095                 nfc_tm_deactivated(dev->nfc_dev);
2096
2097                 dev->tgt_mode = 0;
2098
2099                 return 0;
2100         }
2101
2102         queue_work(dev->wq, &dev->tg_work);
2103
2104         return 0;
2105 }
2106
2107 static int pn533_tm_send(struct nfc_dev *nfc_dev, struct sk_buff *skb)
2108 {
2109         struct pn533 *dev = nfc_get_drvdata(nfc_dev);
2110         struct pn533_frame *out_frame;
2111         int rc;
2112
2113         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2114
2115         rc = pn533_build_tx_frame(dev, skb, false);
2116         if (rc)
2117                 goto error;
2118
2119         out_frame = (struct pn533_frame *) skb->data;
2120
2121         rc = pn533_send_cmd_frame_async(dev, out_frame, dev->in_frame,
2122                                         dev->in_maxlen, pn533_tm_send_complete,
2123                                         skb, GFP_KERNEL);
2124         if (rc) {
2125                 nfc_dev_err(&dev->interface->dev,
2126                             "Error %d when trying to send data", rc);
2127                 goto error;
2128         }
2129
2130         return 0;
2131
2132 error:
2133         kfree_skb(skb);
2134
2135         return rc;
2136 }
2137
2138 static void pn533_wq_mi_recv(struct work_struct *work)
2139 {
2140         struct pn533 *dev = container_of(work, struct pn533, mi_work);
2141         struct sk_buff *skb_cmd;
2142         struct pn533_data_exchange_arg *arg = dev->cmd_complete_arg;
2143         struct pn533_frame *out_frame, *in_frame;
2144         struct sk_buff *skb_resp;
2145         int skb_resp_len;
2146         int rc;
2147
2148         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2149
2150         /* This is a zero payload size skb */
2151         skb_cmd = alloc_skb(PN533_CMD_DATAEXCH_HEAD_LEN + PN533_FRAME_TAIL_SIZE,
2152                             GFP_KERNEL);
2153         if (skb_cmd == NULL)
2154                 goto error_cmd;
2155
2156         skb_reserve(skb_cmd, PN533_CMD_DATAEXCH_HEAD_LEN);
2157
2158         rc = pn533_build_tx_frame(dev, skb_cmd, true);
2159         if (rc)
2160                 goto error_frame;
2161
2162         skb_resp_len = PN533_CMD_DATAEXCH_HEAD_LEN +
2163                         PN533_CMD_DATAEXCH_DATA_MAXLEN +
2164                         PN533_FRAME_TAIL_SIZE;
2165         skb_resp = alloc_skb(skb_resp_len, GFP_KERNEL);
2166         if (!skb_resp) {
2167                 rc = -ENOMEM;
2168                 goto error_frame;
2169         }
2170
2171         in_frame = (struct pn533_frame *) skb_resp->data;
2172         out_frame = (struct pn533_frame *) skb_cmd->data;
2173
2174         arg->skb_resp = skb_resp;
2175         arg->skb_out = skb_cmd;
2176
2177         rc = __pn533_send_cmd_frame_async(dev, out_frame, in_frame,
2178                                           skb_resp_len,
2179                                           pn533_data_exchange_complete,
2180                                           dev->cmd_complete_arg, GFP_KERNEL);
2181         if (!rc)
2182                 return;
2183
2184         nfc_dev_err(&dev->interface->dev, "Error %d when trying to"
2185                                                 " perform data_exchange", rc);
2186
2187         kfree_skb(skb_resp);
2188
2189 error_frame:
2190         kfree_skb(skb_cmd);
2191
2192 error_cmd:
2193         pn533_send_ack(dev, GFP_KERNEL);
2194
2195         kfree(arg);
2196
2197         queue_work(dev->wq, &dev->cmd_work);
2198 }
2199
2200 static int pn533_set_configuration(struct pn533 *dev, u8 cfgitem, u8 *cfgdata,
2201                                                                 u8 cfgdata_len)
2202 {
2203         int rc;
2204         u8 *params;
2205
2206         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2207
2208         pn533_tx_frame_init(dev->out_frame, PN533_CMD_RF_CONFIGURATION);
2209
2210         params = PN533_FRAME_CMD_PARAMS_PTR(dev->out_frame);
2211         params[0] = cfgitem;
2212         memcpy(&params[1], cfgdata, cfgdata_len);
2213         dev->out_frame->datalen += (1 + cfgdata_len);
2214
2215         pn533_tx_frame_finish(dev->out_frame);
2216
2217         rc = pn533_send_cmd_frame_sync(dev, dev->out_frame, dev->in_frame,
2218                                                                 dev->in_maxlen);
2219
2220         return rc;
2221 }
2222
2223 static int pn533_fw_reset(struct pn533 *dev)
2224 {
2225         int rc;
2226         u8 *params;
2227
2228         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2229
2230         pn533_tx_frame_init(dev->out_frame, 0x18);
2231
2232         params = PN533_FRAME_CMD_PARAMS_PTR(dev->out_frame);
2233         params[0] = 0x1;
2234         dev->out_frame->datalen += 1;
2235
2236         pn533_tx_frame_finish(dev->out_frame);
2237
2238         rc = pn533_send_cmd_frame_sync(dev, dev->out_frame, dev->in_frame,
2239                                        dev->in_maxlen);
2240
2241         return rc;
2242 }
2243
2244 static struct nfc_ops pn533_nfc_ops = {
2245         .dev_up = NULL,
2246         .dev_down = NULL,
2247         .dep_link_up = pn533_dep_link_up,
2248         .dep_link_down = pn533_dep_link_down,
2249         .start_poll = pn533_start_poll,
2250         .stop_poll = pn533_stop_poll,
2251         .activate_target = pn533_activate_target,
2252         .deactivate_target = pn533_deactivate_target,
2253         .im_transceive = pn533_transceive,
2254         .tm_send = pn533_tm_send,
2255 };
2256
2257 static int pn533_setup(struct pn533 *dev)
2258 {
2259         struct pn533_config_max_retries max_retries;
2260         struct pn533_config_timing timing;
2261         u8 pasori_cfg[3] = {0x08, 0x01, 0x08};
2262         int rc;
2263
2264         switch (dev->device_type) {
2265         case PN533_DEVICE_STD:
2266                 max_retries.mx_rty_atr = PN533_CONFIG_MAX_RETRIES_ENDLESS;
2267                 max_retries.mx_rty_psl = 2;
2268                 max_retries.mx_rty_passive_act =
2269                         PN533_CONFIG_MAX_RETRIES_NO_RETRY;
2270
2271                 timing.rfu = PN533_CONFIG_TIMING_102;
2272                 timing.atr_res_timeout = PN533_CONFIG_TIMING_204;
2273                 timing.dep_timeout = PN533_CONFIG_TIMING_409;
2274
2275                 break;
2276
2277         case PN533_DEVICE_PASORI:
2278                 max_retries.mx_rty_atr = 0x2;
2279                 max_retries.mx_rty_psl = 0x1;
2280                 max_retries.mx_rty_passive_act =
2281                         PN533_CONFIG_MAX_RETRIES_NO_RETRY;
2282
2283                 timing.rfu = PN533_CONFIG_TIMING_102;
2284                 timing.atr_res_timeout = PN533_CONFIG_TIMING_102;
2285                 timing.dep_timeout = PN533_CONFIG_TIMING_204;
2286
2287                 break;
2288
2289         default:
2290                 nfc_dev_err(&dev->interface->dev, "Unknown device type %d\n",
2291                             dev->device_type);
2292                 return -EINVAL;
2293         }
2294
2295         rc = pn533_set_configuration(dev, PN533_CFGITEM_MAX_RETRIES,
2296                                      (u8 *)&max_retries, sizeof(max_retries));
2297         if (rc) {
2298                 nfc_dev_err(&dev->interface->dev,
2299                             "Error on setting MAX_RETRIES config");
2300                 return rc;
2301         }
2302
2303
2304         rc = pn533_set_configuration(dev, PN533_CFGITEM_TIMING,
2305                                      (u8 *)&timing, sizeof(timing));
2306         if (rc) {
2307                 nfc_dev_err(&dev->interface->dev,
2308                             "Error on setting RF timings");
2309                 return rc;
2310         }
2311
2312         switch (dev->device_type) {
2313         case PN533_DEVICE_STD:
2314                 break;
2315
2316         case PN533_DEVICE_PASORI:
2317                 pn533_fw_reset(dev);
2318
2319                 rc = pn533_set_configuration(dev, PN533_CFGITEM_PASORI,
2320                                              pasori_cfg, 3);
2321                 if (rc) {
2322                         nfc_dev_err(&dev->interface->dev,
2323                                     "Error while settings PASORI config");
2324                         return rc;
2325                 }
2326
2327                 pn533_fw_reset(dev);
2328
2329                 break;
2330         }
2331
2332         return 0;
2333 }
2334
2335 static int pn533_probe(struct usb_interface *interface,
2336                         const struct usb_device_id *id)
2337 {
2338         struct pn533_fw_version *fw_ver;
2339         struct pn533 *dev;
2340         struct usb_host_interface *iface_desc;
2341         struct usb_endpoint_descriptor *endpoint;
2342         int in_endpoint = 0;
2343         int out_endpoint = 0;
2344         int rc = -ENOMEM;
2345         int i;
2346         u32 protocols;
2347
2348         dev = kzalloc(sizeof(*dev), GFP_KERNEL);
2349         if (!dev)
2350                 return -ENOMEM;
2351
2352         dev->udev = usb_get_dev(interface_to_usbdev(interface));
2353         dev->interface = interface;
2354         mutex_init(&dev->cmd_lock);
2355
2356         iface_desc = interface->cur_altsetting;
2357         for (i = 0; i < iface_desc->desc.bNumEndpoints; ++i) {
2358                 endpoint = &iface_desc->endpoint[i].desc;
2359
2360                 if (!in_endpoint && usb_endpoint_is_bulk_in(endpoint)) {
2361                         dev->in_maxlen = le16_to_cpu(endpoint->wMaxPacketSize);
2362                         in_endpoint = endpoint->bEndpointAddress;
2363                 }
2364
2365                 if (!out_endpoint && usb_endpoint_is_bulk_out(endpoint)) {
2366                         dev->out_maxlen =
2367                                 le16_to_cpu(endpoint->wMaxPacketSize);
2368                         out_endpoint = endpoint->bEndpointAddress;
2369                 }
2370         }
2371
2372         if (!in_endpoint || !out_endpoint) {
2373                 nfc_dev_err(&interface->dev, "Could not find bulk-in or"
2374                                                         " bulk-out endpoint");
2375                 rc = -ENODEV;
2376                 goto error;
2377         }
2378
2379         dev->in_frame = kmalloc(dev->in_maxlen, GFP_KERNEL);
2380         dev->in_urb = usb_alloc_urb(0, GFP_KERNEL);
2381         dev->out_frame = kmalloc(dev->out_maxlen, GFP_KERNEL);
2382         dev->out_urb = usb_alloc_urb(0, GFP_KERNEL);
2383
2384         if (!dev->in_frame || !dev->out_frame ||
2385                 !dev->in_urb || !dev->out_urb)
2386                 goto error;
2387
2388         usb_fill_bulk_urb(dev->in_urb, dev->udev,
2389                         usb_rcvbulkpipe(dev->udev, in_endpoint),
2390                         NULL, 0, NULL, dev);
2391         usb_fill_bulk_urb(dev->out_urb, dev->udev,
2392                         usb_sndbulkpipe(dev->udev, out_endpoint),
2393                         NULL, 0,
2394                         pn533_send_complete, dev);
2395
2396         INIT_WORK(&dev->cmd_work, pn533_wq_cmd);
2397         INIT_WORK(&dev->cmd_complete_work, pn533_wq_cmd_complete);
2398         INIT_WORK(&dev->mi_work, pn533_wq_mi_recv);
2399         INIT_WORK(&dev->tg_work, pn533_wq_tg_get_data);
2400         INIT_WORK(&dev->poll_work, pn533_wq_poll);
2401         dev->wq = alloc_ordered_workqueue("pn533", 0);
2402         if (dev->wq == NULL)
2403                 goto error;
2404
2405         init_timer(&dev->listen_timer);
2406         dev->listen_timer.data = (unsigned long) dev;
2407         dev->listen_timer.function = pn533_listen_mode_timer;
2408
2409         skb_queue_head_init(&dev->resp_q);
2410
2411         INIT_LIST_HEAD(&dev->cmd_queue);
2412
2413         usb_set_intfdata(interface, dev);
2414
2415         pn533_tx_frame_init(dev->out_frame, PN533_CMD_GET_FIRMWARE_VERSION);
2416         pn533_tx_frame_finish(dev->out_frame);
2417
2418         rc = pn533_send_cmd_frame_sync(dev, dev->out_frame, dev->in_frame,
2419                                                                 dev->in_maxlen);
2420         if (rc)
2421                 goto destroy_wq;
2422
2423         fw_ver = (struct pn533_fw_version *)
2424                                 PN533_FRAME_CMD_PARAMS_PTR(dev->in_frame);
2425         nfc_dev_info(&dev->interface->dev, "NXP PN533 firmware ver %d.%d now"
2426                                         " attached", fw_ver->ver, fw_ver->rev);
2427
2428         dev->device_type = id->driver_info;
2429         switch (dev->device_type) {
2430         case PN533_DEVICE_STD:
2431                 protocols = PN533_ALL_PROTOCOLS;
2432                 break;
2433
2434         case PN533_DEVICE_PASORI:
2435                 protocols = PN533_NO_TYPE_B_PROTOCOLS;
2436                 break;
2437
2438         default:
2439                 nfc_dev_err(&dev->interface->dev, "Unknown device type %d\n",
2440                             dev->device_type);
2441                 rc = -EINVAL;
2442                 goto destroy_wq;
2443         }
2444
2445         dev->nfc_dev = nfc_allocate_device(&pn533_nfc_ops, protocols,
2446                                            PN533_CMD_DATAEXCH_HEAD_LEN,
2447                                            PN533_FRAME_TAIL_SIZE);
2448         if (!dev->nfc_dev)
2449                 goto destroy_wq;
2450
2451         nfc_set_parent_dev(dev->nfc_dev, &interface->dev);
2452         nfc_set_drvdata(dev->nfc_dev, dev);
2453
2454         rc = nfc_register_device(dev->nfc_dev);
2455         if (rc)
2456                 goto free_nfc_dev;
2457
2458         rc = pn533_setup(dev);
2459         if (rc)
2460                 goto unregister_nfc_dev;
2461
2462         return 0;
2463
2464 unregister_nfc_dev:
2465         nfc_unregister_device(dev->nfc_dev);
2466
2467 free_nfc_dev:
2468         nfc_free_device(dev->nfc_dev);
2469
2470 destroy_wq:
2471         destroy_workqueue(dev->wq);
2472 error:
2473         kfree(dev->in_frame);
2474         usb_free_urb(dev->in_urb);
2475         kfree(dev->out_frame);
2476         usb_free_urb(dev->out_urb);
2477         kfree(dev);
2478         return rc;
2479 }
2480
2481 static void pn533_disconnect(struct usb_interface *interface)
2482 {
2483         struct pn533 *dev;
2484         struct pn533_cmd *cmd, *n;
2485
2486         dev = usb_get_intfdata(interface);
2487         usb_set_intfdata(interface, NULL);
2488
2489         nfc_unregister_device(dev->nfc_dev);
2490         nfc_free_device(dev->nfc_dev);
2491
2492         usb_kill_urb(dev->in_urb);
2493         usb_kill_urb(dev->out_urb);
2494
2495         destroy_workqueue(dev->wq);
2496
2497         skb_queue_purge(&dev->resp_q);
2498
2499         del_timer(&dev->listen_timer);
2500
2501         list_for_each_entry_safe(cmd, n, &dev->cmd_queue, queue) {
2502                 list_del(&cmd->queue);
2503                 kfree(cmd);
2504         }
2505
2506         kfree(dev->in_frame);
2507         usb_free_urb(dev->in_urb);
2508         kfree(dev->out_frame);
2509         usb_free_urb(dev->out_urb);
2510         kfree(dev);
2511
2512         nfc_dev_info(&interface->dev, "NXP PN533 NFC device disconnected");
2513 }
2514
2515 static struct usb_driver pn533_driver = {
2516         .name =         "pn533",
2517         .probe =        pn533_probe,
2518         .disconnect =   pn533_disconnect,
2519         .id_table =     pn533_table,
2520 };
2521
2522 module_usb_driver(pn533_driver);
2523
2524 MODULE_AUTHOR("Lauro Ramos Venancio <lauro.venancio@openbossa.org>,"
2525                         " Aloisio Almeida Jr <aloisio.almeida@openbossa.org>");
2526 MODULE_DESCRIPTION("PN533 usb driver ver " VERSION);
2527 MODULE_VERSION(VERSION);
2528 MODULE_LICENSE("GPL");