drivers/nfc/pn533.c

   1 /*
   2  * Copyright (C) 2011 Instituto Nokia de Tecnologia
   3  *
   4  * Authors:
   5  *    Lauro Ramos Venancio <lauro.venancio@openbossa.org>
   6  *    Aloisio Almeida Jr <aloisio.almeida@openbossa.org>
   7  *
   8  * This program is free software; you can redistribute it and/or modify
   9  * it under the terms of the GNU General Public License as published by
  10  * the Free Software Foundation; either version 2 of the License, or
  11  * (at your option) any later version.
  12  *
  13  * This program is distributed in the hope that it will be useful,
  14  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  15  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  16  * GNU General Public License for more details.
  17  *
  18  * You should have received a copy of the GNU General Public License
  19  * along with this program; if not, write to the
  20  * Free Software Foundation, Inc.,
  21  * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
  22  */
  23
  24 #include <linux/device.h>
  25 #include <linux/kernel.h>
  26 #include <linux/module.h>
  27 #include <linux/slab.h>
  28 #include <linux/usb.h>
  29 #include <linux/nfc.h>
  30 #include <linux/netdevice.h>
  31 #include <net/nfc/nfc.h>
  32
  33 #define VERSION "0.1"
  34
  35 #define PN533_VENDOR_ID 0x4CC
  36 #define PN533_PRODUCT_ID 0x2533
  37
  38 #define SCM_VENDOR_ID 0x4E6
  39 #define SCL3711_PRODUCT_ID 0x5591
  40
  41 #define SONY_VENDOR_ID         0x054c
  42 #define PASORI_PRODUCT_ID      0x02e1
  43
  44 #define PN533_QUIRKS_TYPE_A          BIT(0)
  45 #define PN533_QUIRKS_TYPE_F          BIT(1)
  46 #define PN533_QUIRKS_DEP             BIT(2)
  47 #define PN533_QUIRKS_RAW_EXCHANGE    BIT(3)
  48
  49 #define PN533_DEVICE_STD    0x1
  50 #define PN533_DEVICE_PASORI 0x2
  51
  52 #define PN533_ALL_PROTOCOLS (NFC_PROTO_JEWEL_MASK | NFC_PROTO_MIFARE_MASK |\
  53                              NFC_PROTO_FELICA_MASK | NFC_PROTO_ISO14443_MASK |\
  54                              NFC_PROTO_NFC_DEP_MASK |\
  55                              NFC_PROTO_ISO14443_B_MASK)
  56
  57 #define PN533_NO_TYPE_B_PROTOCOLS (NFC_PROTO_JEWEL_MASK | \
  58                                    NFC_PROTO_MIFARE_MASK | \
  59                                    NFC_PROTO_FELICA_MASK | \
  60                                    NFC_PROTO_ISO14443_MASK | \
  61                                    NFC_PROTO_NFC_DEP_MASK)
  62
  63 static const struct usb_device_id pn533_table[] = {
  64         { .match_flags          = USB_DEVICE_ID_MATCH_DEVICE,
  65           .idVendor             = PN533_VENDOR_ID,
  66           .idProduct            = PN533_PRODUCT_ID,
  67           .driver_info          = PN533_DEVICE_STD,
  68         },
  69         { .match_flags          = USB_DEVICE_ID_MATCH_DEVICE,
  70           .idVendor             = SCM_VENDOR_ID,
  71           .idProduct            = SCL3711_PRODUCT_ID,
  72           .driver_info          = PN533_DEVICE_STD,
  73         },
  74         { .match_flags          = USB_DEVICE_ID_MATCH_DEVICE,
  75           .idVendor             = SONY_VENDOR_ID,
  76           .idProduct            = PASORI_PRODUCT_ID,
  77           .driver_info          = PN533_DEVICE_PASORI,
  78         },
  79         { }
  80 };
  81 MODULE_DEVICE_TABLE(usb, pn533_table);
  82
  83 /* How much time we spend listening for initiators */
  84 #define PN533_LISTEN_TIME 2
  85
  86 /* frame definitions */
  87 #define PN533_FRAME_TAIL_SIZE 2
  88 #define PN533_FRAME_SIZE(f) (sizeof(struct pn533_frame) + f->datalen + \
  89                                 PN533_FRAME_TAIL_SIZE)
  90 #define PN533_FRAME_ACK_SIZE (sizeof(struct pn533_frame) + 1)
  91 #define PN533_FRAME_CHECKSUM(f) (f->data[f->datalen])
  92 #define PN533_FRAME_POSTAMBLE(f) (f->data[f->datalen + 1])
  93
  94 /* start of frame */
  95 #define PN533_SOF 0x00FF
  96
  97 /* frame identifier: in/out/error */
  98 #define PN533_FRAME_IDENTIFIER(f) (f->data[0])
  99 #define PN533_DIR_OUT 0xD4
 100 #define PN533_DIR_IN 0xD5
 101
 102 /* PN533 Commands */
 103 #define PN533_FRAME_CMD(f) (f->data[1])
 104 #define PN533_FRAME_CMD_PARAMS_PTR(f) (&f->data[2])
 105 #define PN533_FRAME_CMD_PARAMS_LEN(f) (f->datalen - 2)
 106
 107 #define PN533_CMD_GET_FIRMWARE_VERSION 0x02
 108 #define PN533_CMD_RF_CONFIGURATION 0x32
 109 #define PN533_CMD_IN_DATA_EXCHANGE 0x40
 110 #define PN533_CMD_IN_COMM_THRU     0x42
 111 #define PN533_CMD_IN_LIST_PASSIVE_TARGET 0x4A
 112 #define PN533_CMD_IN_ATR 0x50
 113 #define PN533_CMD_IN_RELEASE 0x52
 114 #define PN533_CMD_IN_JUMP_FOR_DEP 0x56
 115
 116 #define PN533_CMD_TG_INIT_AS_TARGET 0x8c
 117 #define PN533_CMD_TG_GET_DATA 0x86
 118 #define PN533_CMD_TG_SET_DATA 0x8e
 119
 120 #define PN533_CMD_RESPONSE(cmd) (cmd + 1)
 121
 122 /* PN533 Return codes */
 123 #define PN533_CMD_RET_MASK 0x3F
 124 #define PN533_CMD_MI_MASK 0x40
 125 #define PN533_CMD_RET_SUCCESS 0x00
 126
 127 /* PN533 status codes */
 128 #define PN533_STATUS_TARGET_RELEASED 0x29
 129
 130 struct pn533;
 131
 132 typedef int (*pn533_cmd_complete_t) (struct pn533 *dev, void *arg,
 133                                         u8 *params, int params_len);
 134
 135 /* structs for pn533 commands */
 136
 137 /* PN533_CMD_GET_FIRMWARE_VERSION */
 138 struct pn533_fw_version {
 139         u8 ic;
 140         u8 ver;
 141         u8 rev;
 142         u8 support;
 143 };
 144
 145 /* PN533_CMD_RF_CONFIGURATION */
 146 #define PN533_CFGITEM_TIMING 0x02
 147 #define PN533_CFGITEM_MAX_RETRIES 0x05
 148 #define PN533_CFGITEM_PASORI 0x82
 149
 150 #define PN533_CONFIG_TIMING_102 0xb
 151 #define PN533_CONFIG_TIMING_204 0xc
 152 #define PN533_CONFIG_TIMING_409 0xd
 153 #define PN533_CONFIG_TIMING_819 0xe
 154
 155 #define PN533_CONFIG_MAX_RETRIES_NO_RETRY 0x00
 156 #define PN533_CONFIG_MAX_RETRIES_ENDLESS 0xFF
 157
 158 struct pn533_config_max_retries {
 159         u8 mx_rty_atr;
 160         u8 mx_rty_psl;
 161         u8 mx_rty_passive_act;
 162 } __packed;
 163
 164 struct pn533_config_timing {
 165         u8 rfu;
 166         u8 atr_res_timeout;
 167         u8 dep_timeout;
 168 } __packed;
 169
 170 /* PN533_CMD_IN_LIST_PASSIVE_TARGET */
 171
 172 /* felica commands opcode */
 173 #define PN533_FELICA_OPC_SENSF_REQ 0
 174 #define PN533_FELICA_OPC_SENSF_RES 1
 175 /* felica SENSF_REQ parameters */
 176 #define PN533_FELICA_SENSF_SC_ALL 0xFFFF
 177 #define PN533_FELICA_SENSF_RC_NO_SYSTEM_CODE 0
 178 #define PN533_FELICA_SENSF_RC_SYSTEM_CODE 1
 179 #define PN533_FELICA_SENSF_RC_ADVANCED_PROTOCOL 2
 180
 181 /* type B initiator_data values */
 182 #define PN533_TYPE_B_AFI_ALL_FAMILIES 0
 183 #define PN533_TYPE_B_POLL_METHOD_TIMESLOT 0
 184 #define PN533_TYPE_B_POLL_METHOD_PROBABILISTIC 1
 185
 186 union pn533_cmd_poll_initdata {
 187         struct {
 188                 u8 afi;
 189                 u8 polling_method;
 190         } __packed type_b;
 191         struct {
 192                 u8 opcode;
 193                 __be16 sc;
 194                 u8 rc;
 195                 u8 tsn;
 196         } __packed felica;
 197 };
 198
 199 /* Poll modulations */
 200 enum {
 201         PN533_POLL_MOD_106KBPS_A,
 202         PN533_POLL_MOD_212KBPS_FELICA,
 203         PN533_POLL_MOD_424KBPS_FELICA,
 204         PN533_POLL_MOD_106KBPS_JEWEL,
 205         PN533_POLL_MOD_847KBPS_B,
 206         PN533_LISTEN_MOD,
 207
 208         __PN533_POLL_MOD_AFTER_LAST,
 209 };
 210 #define PN533_POLL_MOD_MAX (__PN533_POLL_MOD_AFTER_LAST - 1)
 211
 212 struct pn533_poll_modulations {
 213         struct {
 214                 u8 maxtg;
 215                 u8 brty;
 216                 union pn533_cmd_poll_initdata initiator_data;
 217         } __packed data;
 218         u8 len;
 219 };
 220
 221 const struct pn533_poll_modulations poll_mod[] = {
 222         [PN533_POLL_MOD_106KBPS_A] = {
 223                 .data = {
 224                         .maxtg = 1,
 225                         .brty = 0,
 226                 },
 227                 .len = 2,
 228         },
 229         [PN533_POLL_MOD_212KBPS_FELICA] = {
 230                 .data = {
 231                         .maxtg = 1,
 232                         .brty = 1,
 233                         .initiator_data.felica = {
 234                                 .opcode = PN533_FELICA_OPC_SENSF_REQ,
 235                                 .sc = PN533_FELICA_SENSF_SC_ALL,
 236                                 .rc = PN533_FELICA_SENSF_RC_NO_SYSTEM_CODE,
 237                                 .tsn = 0,
 238                         },
 239                 },
 240                 .len = 7,
 241         },
 242         [PN533_POLL_MOD_424KBPS_FELICA] = {
 243                 .data = {
 244                         .maxtg = 1,
 245                         .brty = 2,
 246                         .initiator_data.felica = {
 247                                 .opcode = PN533_FELICA_OPC_SENSF_REQ,
 248                                 .sc = PN533_FELICA_SENSF_SC_ALL,
 249                                 .rc = PN533_FELICA_SENSF_RC_NO_SYSTEM_CODE,
 250                                 .tsn = 0,
 251                         },
 252                  },
 253                 .len = 7,
 254         },
 255         [PN533_POLL_MOD_106KBPS_JEWEL] = {
 256                 .data = {
 257                         .maxtg = 1,
 258                         .brty = 4,
 259                 },
 260                 .len = 2,
 261         },
 262         [PN533_POLL_MOD_847KBPS_B] = {
 263                 .data = {
 264                         .maxtg = 1,
 265                         .brty = 8,
 266                         .initiator_data.type_b = {
 267                                 .afi = PN533_TYPE_B_AFI_ALL_FAMILIES,
 268                                 .polling_method =
 269                                         PN533_TYPE_B_POLL_METHOD_TIMESLOT,
 270                         },
 271                 },
 272                 .len = 3,
 273         },
 274         [PN533_LISTEN_MOD] = {
 275                 .len = 0,
 276         },
 277 };
 278
 279 /* PN533_CMD_IN_ATR */
 280
 281 struct pn533_cmd_activate_param {
 282         u8 tg;
 283         u8 next;
 284 } __packed;
 285
 286 struct pn533_cmd_activate_response {
 287         u8 status;
 288         u8 nfcid3t[10];
 289         u8 didt;
 290         u8 bst;
 291         u8 brt;
 292         u8 to;
 293         u8 ppt;
 294         /* optional */
 295         u8 gt[];
 296 } __packed;
 297
 298 /* PN533_CMD_IN_JUMP_FOR_DEP */
 299 struct pn533_cmd_jump_dep {
 300         u8 active;
 301         u8 baud;
 302         u8 next;
 303         u8 data[];
 304 } __packed;
 305
 306 struct pn533_cmd_jump_dep_response {
 307         u8 status;
 308         u8 tg;
 309         u8 nfcid3t[10];
 310         u8 didt;
 311         u8 bst;
 312         u8 brt;
 313         u8 to;
 314         u8 ppt;
 315         /* optional */
 316         u8 gt[];
 317 } __packed;
 318
 319
 320 /* PN533_TG_INIT_AS_TARGET */
 321 #define PN533_INIT_TARGET_PASSIVE 0x1
 322 #define PN533_INIT_TARGET_DEP 0x2
 323
 324 #define PN533_INIT_TARGET_RESP_FRAME_MASK 0x3
 325 #define PN533_INIT_TARGET_RESP_ACTIVE     0x1
 326 #define PN533_INIT_TARGET_RESP_DEP        0x4
 327
 328 struct pn533_cmd_init_target {
 329         u8 mode;
 330         u8 mifare[6];
 331         u8 felica[18];
 332         u8 nfcid3[10];
 333         u8 gb_len;
 334         u8 gb[];
 335 } __packed;
 336
 337 struct pn533_cmd_init_target_response {
 338         u8 mode;
 339         u8 cmd[];
 340 } __packed;
 341
 342 struct pn533 {
 343         struct usb_device *udev;
 344         struct usb_interface *interface;
 345         struct nfc_dev *nfc_dev;
 346
 347         struct urb *out_urb;
 348         int out_maxlen;
 349         struct pn533_frame *out_frame;
 350
 351         struct urb *in_urb;
 352         int in_maxlen;
 353         struct pn533_frame *in_frame;
 354
 355         struct sk_buff_head resp_q;
 356
 357         struct workqueue_struct *wq;
 358         struct work_struct cmd_work;
 359         struct work_struct cmd_complete_work;
 360         struct work_struct poll_work;
 361         struct work_struct mi_work;
 362         struct work_struct tg_work;
 363         struct timer_list listen_timer;
 364         struct pn533_frame *wq_in_frame;
 365         int wq_in_error;
 366         int cancel_listen;
 367
 368         pn533_cmd_complete_t cmd_complete;
 369         void *cmd_complete_arg;
 370         struct mutex cmd_lock;
 371         u8 cmd;
 372
 373         struct pn533_poll_modulations *poll_mod_active[PN533_POLL_MOD_MAX + 1];
 374         u8 poll_mod_count;
 375         u8 poll_mod_curr;
 376         u32 poll_protocols;
 377         u32 listen_protocols;
 378
 379         u8 *gb;
 380         size_t gb_len;
 381
 382         u8 tgt_available_prots;
 383         u8 tgt_active_prot;
 384         u8 tgt_mode;
 385
 386         u32 device_type;
 387
 388         struct list_head cmd_queue;
 389         u8 cmd_pending;
 390 };
 391
 392 struct pn533_cmd {
 393         struct list_head queue;
 394         struct pn533_frame *out_frame;
 395         struct pn533_frame *in_frame;
 396         int in_frame_len;
 397         pn533_cmd_complete_t cmd_complete;
 398         void *arg;
 399         gfp_t flags;
 400 };
 401
 402 struct pn533_frame {
 403         u8 preamble;
 404         __be16 start_frame;
 405         u8 datalen;
 406         u8 datalen_checksum;
 407         u8 data[];
 408 } __packed;
 409
 410 /* The rule: value + checksum = 0 */
 411 static inline u8 pn533_checksum(u8 value)
 412 {
 413         return ~value + 1;
 414 }
 415
 416 /* The rule: sum(data elements) + checksum = 0 */
 417 static u8 pn533_data_checksum(u8 *data, int datalen)
 418 {
 419         u8 sum = 0;
 420         int i;
 421
 422         for (i = 0; i < datalen; i++)
 423                 sum += data[i];
 424
 425         return pn533_checksum(sum);
 426 }
 427
 428 /**
 429  * pn533_tx_frame_ack - create a ack frame
 430  * @frame:      The frame to be set as ack
 431  *
 432  * Ack is different type of standard frame. As a standard frame, it has
 433  * preamble and start_frame. However the checksum of this frame must fail,
 434  * i.e. datalen + datalen_checksum must NOT be zero. When the checksum test
 435  * fails and datalen = 0 and datalen_checksum = 0xFF, the frame is a ack.
 436  * After datalen_checksum field, the postamble is placed.
 437  */
 438 static void pn533_tx_frame_ack(struct pn533_frame *frame)
 439 {
 440         frame->preamble = 0;
 441         frame->start_frame = cpu_to_be16(PN533_SOF);
 442         frame->datalen = 0;
 443         frame->datalen_checksum = 0xFF;
 444         /* data[0] is used as postamble */
 445         frame->data[0] = 0;
 446 }
 447
 448 static void pn533_tx_frame_init(struct pn533_frame *frame, u8 cmd)
 449 {
 450         frame->preamble = 0;
 451         frame->start_frame = cpu_to_be16(PN533_SOF);
 452         PN533_FRAME_IDENTIFIER(frame) = PN533_DIR_OUT;
 453         PN533_FRAME_CMD(frame) = cmd;
 454         frame->datalen = 2;
 455 }
 456
 457 static void pn533_tx_frame_finish(struct pn533_frame *frame)
 458 {
 459         frame->datalen_checksum = pn533_checksum(frame->datalen);
 460
 461         PN533_FRAME_CHECKSUM(frame) =
 462                 pn533_data_checksum(frame->data, frame->datalen);
 463
 464         PN533_FRAME_POSTAMBLE(frame) = 0;
 465 }
 466
 467 static bool pn533_rx_frame_is_valid(struct pn533_frame *frame)
 468 {
 469         u8 checksum;
 470
 471         if (frame->start_frame != cpu_to_be16(PN533_SOF))
 472                 return false;
 473
 474         checksum = pn533_checksum(frame->datalen);
 475         if (checksum != frame->datalen_checksum)
 476                 return false;
 477
 478         checksum = pn533_data_checksum(frame->data, frame->datalen);
 479         if (checksum != PN533_FRAME_CHECKSUM(frame))
 480                 return false;
 481
 482         return true;
 483 }
 484
 485 static bool pn533_rx_frame_is_ack(struct pn533_frame *frame)
 486 {
 487         if (frame->start_frame != cpu_to_be16(PN533_SOF))
 488                 return false;
 489
 490         if (frame->datalen != 0 || frame->datalen_checksum != 0xFF)
 491                 return false;
 492
 493         return true;
 494 }
 495
 496 static bool pn533_rx_frame_is_cmd_response(struct pn533_frame *frame, u8 cmd)
 497 {
 498         return (PN533_FRAME_CMD(frame) == PN533_CMD_RESPONSE(cmd));
 499 }
 500
 501
 502 static void pn533_wq_cmd_complete(struct work_struct *work)
 503 {
 504         struct pn533 *dev = container_of(work, struct pn533, cmd_complete_work);
 505         struct pn533_frame *in_frame;
 506         int rc;
 507
 508         in_frame = dev->wq_in_frame;
 509
 510         if (dev->wq_in_error)
 511                 rc = dev->cmd_complete(dev, dev->cmd_complete_arg, NULL,
 512                                                         dev->wq_in_error);
 513         else
 514                 rc = dev->cmd_complete(dev, dev->cmd_complete_arg,
 515                                         PN533_FRAME_CMD_PARAMS_PTR(in_frame),
 516                                         PN533_FRAME_CMD_PARAMS_LEN(in_frame));
 517
 518         if (rc != -EINPROGRESS)
 519                 queue_work(dev->wq, &dev->cmd_work);
 520 }
 521
 522 static void pn533_recv_response(struct urb *urb)
 523 {
 524         struct pn533 *dev = urb->context;
 525         struct pn533_frame *in_frame;
 526
 527         dev->wq_in_frame = NULL;
 528
 529         switch (urb->status) {
 530         case 0:
 531                 /* success */
 532                 break;
 533         case -ECONNRESET:
 534         case -ENOENT:
 535         case -ESHUTDOWN:
 536                 nfc_dev_dbg(&dev->interface->dev, "Urb shutting down with"
 537                                                 " status: %d", urb->status);
 538                 dev->wq_in_error = urb->status;
 539                 goto sched_wq;
 540         default:
 541                 nfc_dev_err(&dev->interface->dev, "Nonzero urb status received:"
 542                                                         " %d", urb->status);
 543                 dev->wq_in_error = urb->status;
 544                 goto sched_wq;
 545         }
 546
 547         in_frame = dev->in_urb->transfer_buffer;
 548
 549         if (!pn533_rx_frame_is_valid(in_frame)) {
 550                 nfc_dev_err(&dev->interface->dev, "Received an invalid frame");
 551                 dev->wq_in_error = -EIO;
 552                 goto sched_wq;
 553         }
 554
 555         if (!pn533_rx_frame_is_cmd_response(in_frame, dev->cmd)) {
 556                 nfc_dev_err(&dev->interface->dev, "The received frame is not "
 557                                                 "response to the last command");
 558                 dev->wq_in_error = -EIO;
 559                 goto sched_wq;
 560         }
 561
 562         nfc_dev_dbg(&dev->interface->dev, "Received a valid frame");
 563         dev->wq_in_error = 0;
 564         dev->wq_in_frame = in_frame;
 565
 566 sched_wq:
 567         queue_work(dev->wq, &dev->cmd_complete_work);
 568 }
 569
 570 static int pn533_submit_urb_for_response(struct pn533 *dev, gfp_t flags)
 571 {
 572         dev->in_urb->complete = pn533_recv_response;
 573
 574         return usb_submit_urb(dev->in_urb, flags);
 575 }
 576
 577 static void pn533_recv_ack(struct urb *urb)
 578 {
 579         struct pn533 *dev = urb->context;
 580         struct pn533_frame *in_frame;
 581         int rc;
 582
 583         switch (urb->status) {
 584         case 0:
 585                 /* success */
 586                 break;
 587         case -ECONNRESET:
 588         case -ENOENT:
 589         case -ESHUTDOWN:
 590                 nfc_dev_dbg(&dev->interface->dev, "Urb shutting down with"
 591                                                 " status: %d", urb->status);
 592                 dev->wq_in_error = urb->status;
 593                 goto sched_wq;
 594         default:
 595                 nfc_dev_err(&dev->interface->dev, "Nonzero urb status received:"
 596                                                         " %d", urb->status);
 597                 dev->wq_in_error = urb->status;
 598                 goto sched_wq;
 599         }
 600
 601         in_frame = dev->in_urb->transfer_buffer;
 602
 603         if (!pn533_rx_frame_is_ack(in_frame)) {
 604                 nfc_dev_err(&dev->interface->dev, "Received an invalid ack");
 605                 dev->wq_in_error = -EIO;
 606                 goto sched_wq;
 607         }
 608
 609         nfc_dev_dbg(&dev->interface->dev, "Received a valid ack");
 610
 611         rc = pn533_submit_urb_for_response(dev, GFP_ATOMIC);
 612         if (rc) {
 613                 nfc_dev_err(&dev->interface->dev, "usb_submit_urb failed with"
 614                                                         " result %d", rc);
 615                 dev->wq_in_error = rc;
 616                 goto sched_wq;
 617         }
 618
 619         return;
 620
 621 sched_wq:
 622         dev->wq_in_frame = NULL;
 623         queue_work(dev->wq, &dev->cmd_complete_work);
 624 }
 625
 626 static int pn533_submit_urb_for_ack(struct pn533 *dev, gfp_t flags)
 627 {
 628         dev->in_urb->complete = pn533_recv_ack;
 629
 630         return usb_submit_urb(dev->in_urb, flags);
 631 }
 632
 633 static int pn533_send_ack(struct pn533 *dev, gfp_t flags)
 634 {
 635         int rc;
 636
 637         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
 638
 639         pn533_tx_frame_ack(dev->out_frame);
 640
 641         dev->out_urb->transfer_buffer = dev->out_frame;
 642         dev->out_urb->transfer_buffer_length = PN533_FRAME_ACK_SIZE;
 643         rc = usb_submit_urb(dev->out_urb, flags);
 644
 645         return rc;
 646 }
 647
 648 static int __pn533_send_cmd_frame_async(struct pn533 *dev,
 649                                         struct pn533_frame *out_frame,
 650                                         struct pn533_frame *in_frame,
 651                                         int in_frame_len,
 652                                         pn533_cmd_complete_t cmd_complete,
 653                                         void *arg, gfp_t flags)
 654 {
 655         int rc;
 656
 657         nfc_dev_dbg(&dev->interface->dev, "Sending command 0x%x",
 658                                                 PN533_FRAME_CMD(out_frame));
 659
 660         dev->cmd = PN533_FRAME_CMD(out_frame);
 661         dev->cmd_complete = cmd_complete;
 662         dev->cmd_complete_arg = arg;
 663
 664         dev->out_urb->transfer_buffer = out_frame;
 665         dev->out_urb->transfer_buffer_length =
 666                                 PN533_FRAME_SIZE(out_frame);
 667
 668         dev->in_urb->transfer_buffer = in_frame;
 669         dev->in_urb->transfer_buffer_length = in_frame_len;
 670
 671         rc = usb_submit_urb(dev->out_urb, flags);
 672         if (rc)
 673                 return rc;
 674
 675         rc = pn533_submit_urb_for_ack(dev, flags);
 676         if (rc)
 677                 goto error;
 678
 679         return 0;
 680
 681 error:
 682         usb_unlink_urb(dev->out_urb);
 683         return rc;
 684 }
 685
 686 static void pn533_wq_cmd(struct work_struct *work)
 687 {
 688         struct pn533 *dev = container_of(work, struct pn533, cmd_work);
 689         struct pn533_cmd *cmd;
 690
 691         mutex_lock(&dev->cmd_lock);
 692
 693         if (list_empty(&dev->cmd_queue)) {
 694                 dev->cmd_pending = 0;
 695                 mutex_unlock(&dev->cmd_lock);
 696                 return;
 697         }
 698
 699         cmd = list_first_entry(&dev->cmd_queue, struct pn533_cmd, queue);
 700
 701         mutex_unlock(&dev->cmd_lock);
 702
 703         __pn533_send_cmd_frame_async(dev, cmd->out_frame, cmd->in_frame,
 704                                      cmd->in_frame_len, cmd->cmd_complete,
 705                                      cmd->arg, cmd->flags);
 706
 707         list_del(&cmd->queue);
 708         kfree(cmd);
 709 }
 710
 711 static int pn533_send_cmd_frame_async(struct pn533 *dev,
 712                                         struct pn533_frame *out_frame,
 713                                         struct pn533_frame *in_frame,
 714                                         int in_frame_len,
 715                                         pn533_cmd_complete_t cmd_complete,
 716                                         void *arg, gfp_t flags)
 717 {
 718         struct pn533_cmd *cmd;
 719         int rc;
 720
 721         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
 722
 723         mutex_lock(&dev->cmd_lock);
 724
 725         if (!dev->cmd_pending) {
 726                 rc = __pn533_send_cmd_frame_async(dev, out_frame, in_frame,
 727                                                   in_frame_len, cmd_complete,
 728                                                   arg, flags);
 729                 if (!rc)
 730                         dev->cmd_pending = 1;
 731
 732                 mutex_unlock(&dev->cmd_lock);
 733
 734                 return rc;
 735         }
 736
 737         nfc_dev_dbg(&dev->interface->dev, "%s Queueing command", __func__);
 738
 739         cmd = kzalloc(sizeof(struct pn533_cmd), flags);
 740         if (!cmd)
 741                 return -ENOMEM;
 742
 743         INIT_LIST_HEAD(&cmd->queue);
 744         cmd->out_frame = out_frame;
 745         cmd->in_frame = in_frame;
 746         cmd->in_frame_len = in_frame_len;
 747         cmd->cmd_complete = cmd_complete;
 748         cmd->arg = arg;
 749         cmd->flags = flags;
 750
 751         list_add_tail(&cmd->queue, &dev->cmd_queue);
 752
 753         mutex_unlock(&dev->cmd_lock);
 754
 755         return 0;
 756 }
 757
 758 struct pn533_sync_cmd_response {
 759         int rc;
 760         struct completion done;
 761 };
 762
 763 static int pn533_sync_cmd_complete(struct pn533 *dev, void *_arg,
 764                                         u8 *params, int params_len)
 765 {
 766         struct pn533_sync_cmd_response *arg = _arg;
 767
 768         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
 769
 770         arg->rc = 0;
 771
 772         if (params_len < 0) /* error */
 773                 arg->rc = params_len;
 774
 775         complete(&arg->done);
 776
 777         return 0;
 778 }
 779
 780 static int pn533_send_cmd_frame_sync(struct pn533 *dev,
 781                                                 struct pn533_frame *out_frame,
 782                                                 struct pn533_frame *in_frame,
 783                                                 int in_frame_len)
 784 {
 785         int rc;
 786         struct pn533_sync_cmd_response arg;
 787
 788         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
 789
 790         init_completion(&arg.done);
 791
 792         rc = pn533_send_cmd_frame_async(dev, out_frame, in_frame, in_frame_len,
 793                                 pn533_sync_cmd_complete, &arg, GFP_KERNEL);
 794         if (rc)
 795                 return rc;
 796
 797         wait_for_completion(&arg.done);
 798
 799         return arg.rc;
 800 }
 801
 802 static void pn533_send_complete(struct urb *urb)
 803 {
 804         struct pn533 *dev = urb->context;
 805
 806         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
 807
 808         switch (urb->status) {
 809         case 0:
 810                 /* success */
 811                 break;
 812         case -ECONNRESET:
 813         case -ENOENT:
 814         case -ESHUTDOWN:
 815                 nfc_dev_dbg(&dev->interface->dev, "Urb shutting down with"
 816                                                 " status: %d", urb->status);
 817                 break;
 818         default:
 819                 nfc_dev_dbg(&dev->interface->dev, "Nonzero urb status received:"
 820                                                         " %d", urb->status);
 821         }
 822 }
 823
 824 struct pn533_target_type_a {
 825         __be16 sens_res;
 826         u8 sel_res;
 827         u8 nfcid_len;
 828         u8 nfcid_data[];
 829 } __packed;
 830
 831
 832 #define PN533_TYPE_A_SENS_RES_NFCID1(x) ((u8)((be16_to_cpu(x) & 0x00C0) >> 6))
 833 #define PN533_TYPE_A_SENS_RES_SSD(x) ((u8)((be16_to_cpu(x) & 0x001F) >> 0))
 834 #define PN533_TYPE_A_SENS_RES_PLATCONF(x) ((u8)((be16_to_cpu(x) & 0x0F00) >> 8))
 835
 836 #define PN533_TYPE_A_SENS_RES_SSD_JEWEL 0x00
 837 #define PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL 0x0C
 838
 839 #define PN533_TYPE_A_SEL_PROT(x) (((x) & 0x60) >> 5)
 840 #define PN533_TYPE_A_SEL_CASCADE(x) (((x) & 0x04) >> 2)
 841
 842 #define PN533_TYPE_A_SEL_PROT_MIFARE 0
 843 #define PN533_TYPE_A_SEL_PROT_ISO14443 1
 844 #define PN533_TYPE_A_SEL_PROT_DEP 2
 845 #define PN533_TYPE_A_SEL_PROT_ISO14443_DEP 3
 846
 847 static bool pn533_target_type_a_is_valid(struct pn533_target_type_a *type_a,
 848                                                         int target_data_len)
 849 {
 850         u8 ssd;
 851         u8 platconf;
 852
 853         if (target_data_len < sizeof(struct pn533_target_type_a))
 854                 return false;
 855
 856         /* The lenght check of nfcid[] and ats[] are not being performed because
 857            the values are not being used */
 858
 859         /* Requirement 4.6.3.3 from NFC Forum Digital Spec */
 860         ssd = PN533_TYPE_A_SENS_RES_SSD(type_a->sens_res);
 861         platconf = PN533_TYPE_A_SENS_RES_PLATCONF(type_a->sens_res);
 862
 863         if ((ssd == PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
 864                         platconf != PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL) ||
 865                         (ssd != PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
 866                         platconf == PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL))
 867                 return false;
 868
 869         /* Requirements 4.8.2.1, 4.8.2.3, 4.8.2.5 and 4.8.2.7 from NFC Forum */
 870         if (PN533_TYPE_A_SEL_CASCADE(type_a->sel_res) != 0)
 871                 return false;
 872
 873         return true;
 874 }
 875
 876 static int pn533_target_found_type_a(struct nfc_target *nfc_tgt, u8 *tgt_data,
 877                                                         int tgt_data_len)
 878 {
 879         struct pn533_target_type_a *tgt_type_a;
 880
 881         tgt_type_a = (struct pn533_target_type_a *) tgt_data;
 882
 883         if (!pn533_target_type_a_is_valid(tgt_type_a, tgt_data_len))
 884                 return -EPROTO;
 885
 886         switch (PN533_TYPE_A_SEL_PROT(tgt_type_a->sel_res)) {
 887         case PN533_TYPE_A_SEL_PROT_MIFARE:
 888                 nfc_tgt->supported_protocols = NFC_PROTO_MIFARE_MASK;
 889                 break;
 890         case PN533_TYPE_A_SEL_PROT_ISO14443:
 891                 nfc_tgt->supported_protocols = NFC_PROTO_ISO14443_MASK;
 892                 break;
 893         case PN533_TYPE_A_SEL_PROT_DEP:
 894                 nfc_tgt->supported_protocols = NFC_PROTO_NFC_DEP_MASK;
 895                 break;
 896         case PN533_TYPE_A_SEL_PROT_ISO14443_DEP:
 897                 nfc_tgt->supported_protocols = NFC_PROTO_ISO14443_MASK |
 898                                                         NFC_PROTO_NFC_DEP_MASK;
 899                 break;
 900         }
 901
 902         nfc_tgt->sens_res = be16_to_cpu(tgt_type_a->sens_res);
 903         nfc_tgt->sel_res = tgt_type_a->sel_res;
 904         nfc_tgt->nfcid1_len = tgt_type_a->nfcid_len;
 905         memcpy(nfc_tgt->nfcid1, tgt_type_a->nfcid_data, nfc_tgt->nfcid1_len);
 906
 907         return 0;
 908 }
 909
 910 struct pn533_target_felica {
 911         u8 pol_res;
 912         u8 opcode;
 913         u8 nfcid2[8];
 914         u8 pad[8];
 915         /* optional */
 916         u8 syst_code[];
 917 } __packed;
 918
 919 #define PN533_FELICA_SENSF_NFCID2_DEP_B1 0x01
 920 #define PN533_FELICA_SENSF_NFCID2_DEP_B2 0xFE
 921
 922 static bool pn533_target_felica_is_valid(struct pn533_target_felica *felica,
 923                                                         int target_data_len)
 924 {
 925         if (target_data_len < sizeof(struct pn533_target_felica))
 926                 return false;
 927
 928         if (felica->opcode != PN533_FELICA_OPC_SENSF_RES)
 929                 return false;
 930
 931         return true;
 932 }
 933
 934 static int pn533_target_found_felica(struct nfc_target *nfc_tgt, u8 *tgt_data,
 935                                                         int tgt_data_len)
 936 {
 937         struct pn533_target_felica *tgt_felica;
 938
 939         tgt_felica = (struct pn533_target_felica *) tgt_data;
 940
 941         if (!pn533_target_felica_is_valid(tgt_felica, tgt_data_len))
 942                 return -EPROTO;
 943
 944         if (tgt_felica->nfcid2[0] == PN533_FELICA_SENSF_NFCID2_DEP_B1 &&
 945                                         tgt_felica->nfcid2[1] ==
 946                                         PN533_FELICA_SENSF_NFCID2_DEP_B2)
 947                 nfc_tgt->supported_protocols = NFC_PROTO_NFC_DEP_MASK;
 948         else
 949                 nfc_tgt->supported_protocols = NFC_PROTO_FELICA_MASK;
 950
 951         memcpy(nfc_tgt->sensf_res, &tgt_felica->opcode, 9);
 952         nfc_tgt->sensf_res_len = 9;
 953
 954         return 0;
 955 }
 956
 957 struct pn533_target_jewel {
 958         __be16 sens_res;
 959         u8 jewelid[4];
 960 } __packed;
 961
 962 static bool pn533_target_jewel_is_valid(struct pn533_target_jewel *jewel,
 963                                                         int target_data_len)
 964 {
 965         u8 ssd;
 966         u8 platconf;
 967
 968         if (target_data_len < sizeof(struct pn533_target_jewel))
 969                 return false;
 970
 971         /* Requirement 4.6.3.3 from NFC Forum Digital Spec */
 972         ssd = PN533_TYPE_A_SENS_RES_SSD(jewel->sens_res);
 973         platconf = PN533_TYPE_A_SENS_RES_PLATCONF(jewel->sens_res);
 974
 975         if ((ssd == PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
 976                         platconf != PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL) ||
 977                         (ssd != PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
 978                         platconf == PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL))
 979                 return false;
 980
 981         return true;
 982 }
 983
 984 static int pn533_target_found_jewel(struct nfc_target *nfc_tgt, u8 *tgt_data,
 985                                                         int tgt_data_len)
 986 {
 987         struct pn533_target_jewel *tgt_jewel;
 988
 989         tgt_jewel = (struct pn533_target_jewel *) tgt_data;
 990
 991         if (!pn533_target_jewel_is_valid(tgt_jewel, tgt_data_len))
 992                 return -EPROTO;
 993
 994         nfc_tgt->supported_protocols = NFC_PROTO_JEWEL_MASK;
 995         nfc_tgt->sens_res = be16_to_cpu(tgt_jewel->sens_res);
 996         nfc_tgt->nfcid1_len = 4;
 997         memcpy(nfc_tgt->nfcid1, tgt_jewel->jewelid, nfc_tgt->nfcid1_len);
 998
 999         return 0;
1000 }
1001
1002 struct pn533_type_b_prot_info {
1003         u8 bitrate;
1004         u8 fsci_type;
1005         u8 fwi_adc_fo;
1006 } __packed;
1007
1008 #define PN533_TYPE_B_PROT_FCSI(x) (((x) & 0xF0) >> 4)
1009 #define PN533_TYPE_B_PROT_TYPE(x) (((x) & 0x0F) >> 0)
1010 #define PN533_TYPE_B_PROT_TYPE_RFU_MASK 0x8
1011
1012 struct pn533_type_b_sens_res {
1013         u8 opcode;
1014         u8 nfcid[4];
1015         u8 appdata[4];
1016         struct pn533_type_b_prot_info prot_info;
1017 } __packed;
1018
1019 #define PN533_TYPE_B_OPC_SENSB_RES 0x50
1020
1021 struct pn533_target_type_b {
1022         struct pn533_type_b_sens_res sensb_res;
1023         u8 attrib_res_len;
1024         u8 attrib_res[];
1025 } __packed;
1026
1027 static bool pn533_target_type_b_is_valid(struct pn533_target_type_b *type_b,
1028                                                         int target_data_len)
1029 {
1030         if (target_data_len < sizeof(struct pn533_target_type_b))
1031                 return false;
1032
1033         if (type_b->sensb_res.opcode != PN533_TYPE_B_OPC_SENSB_RES)
1034                 return false;
1035
1036         if (PN533_TYPE_B_PROT_TYPE(type_b->sensb_res.prot_info.fsci_type) &
1037                                                 PN533_TYPE_B_PROT_TYPE_RFU_MASK)
1038                 return false;
1039
1040         return true;
1041 }
1042
1043 static int pn533_target_found_type_b(struct nfc_target *nfc_tgt, u8 *tgt_data,
1044                                                         int tgt_data_len)
1045 {
1046         struct pn533_target_type_b *tgt_type_b;
1047
1048         tgt_type_b = (struct pn533_target_type_b *) tgt_data;
1049
1050         if (!pn533_target_type_b_is_valid(tgt_type_b, tgt_data_len))
1051                 return -EPROTO;
1052
1053         nfc_tgt->supported_protocols = NFC_PROTO_ISO14443_B_MASK;
1054
1055         return 0;
1056 }
1057
1058 struct pn533_poll_response {
1059         u8 nbtg;
1060         u8 tg;
1061         u8 target_data[];
1062 } __packed;
1063
1064 static int pn533_target_found(struct pn533 *dev,
1065                         struct pn533_poll_response *resp, int resp_len)
1066 {
1067         int target_data_len;
1068         struct nfc_target nfc_tgt;
1069         int rc;
1070
1071         nfc_dev_dbg(&dev->interface->dev, "%s - modulation=%d", __func__,
1072                                                         dev->poll_mod_curr);
1073
1074         if (resp->tg != 1)
1075                 return -EPROTO;
1076
1077         memset(&nfc_tgt, 0, sizeof(struct nfc_target));
1078
1079         target_data_len = resp_len - sizeof(struct pn533_poll_response);
1080
1081         switch (dev->poll_mod_curr) {
1082         case PN533_POLL_MOD_106KBPS_A:
1083                 rc = pn533_target_found_type_a(&nfc_tgt, resp->target_data,
1084                                                         target_data_len);
1085                 break;
1086         case PN533_POLL_MOD_212KBPS_FELICA:
1087         case PN533_POLL_MOD_424KBPS_FELICA:
1088                 rc = pn533_target_found_felica(&nfc_tgt, resp->target_data,
1089                                                         target_data_len);
1090                 break;
1091         case PN533_POLL_MOD_106KBPS_JEWEL:
1092                 rc = pn533_target_found_jewel(&nfc_tgt, resp->target_data,
1093                                                         target_data_len);
1094                 break;
1095         case PN533_POLL_MOD_847KBPS_B:
1096                 rc = pn533_target_found_type_b(&nfc_tgt, resp->target_data,
1097                                                         target_data_len);
1098                 break;
1099         default:
1100                 nfc_dev_err(&dev->interface->dev, "Unknown current poll"
1101                                                                 " modulation");
1102                 return -EPROTO;
1103         }
1104
1105         if (rc)
1106                 return rc;
1107
1108         if (!(nfc_tgt.supported_protocols & dev->poll_protocols)) {
1109                 nfc_dev_dbg(&dev->interface->dev, "The target found does not"
1110                                                 " have the desired protocol");
1111                 return -EAGAIN;
1112         }
1113
1114         nfc_dev_dbg(&dev->interface->dev, "Target found - supported protocols: "
1115                                         "0x%x", nfc_tgt.supported_protocols);
1116
1117         dev->tgt_available_prots = nfc_tgt.supported_protocols;
1118
1119         nfc_targets_found(dev->nfc_dev, &nfc_tgt, 1);
1120
1121         return 0;
1122 }
1123
1124 static inline void pn533_poll_next_mod(struct pn533 *dev)
1125 {
1126         dev->poll_mod_curr = (dev->poll_mod_curr + 1) % dev->poll_mod_count;
1127 }
1128
1129 static void pn533_poll_reset_mod_list(struct pn533 *dev)
1130 {
1131         dev->poll_mod_count = 0;
1132 }
1133
1134 static void pn533_poll_add_mod(struct pn533 *dev, u8 mod_index)
1135 {
1136         dev->poll_mod_active[dev->poll_mod_count] =
1137                 (struct pn533_poll_modulations *) &poll_mod[mod_index];
1138         dev->poll_mod_count++;
1139 }
1140
1141 static void pn533_poll_create_mod_list(struct pn533 *dev,
1142                                        u32 im_protocols, u32 tm_protocols)
1143 {
1144         pn533_poll_reset_mod_list(dev);
1145
1146         if (im_protocols & NFC_PROTO_MIFARE_MASK
1147             || im_protocols & NFC_PROTO_ISO14443_MASK
1148             || im_protocols & NFC_PROTO_NFC_DEP_MASK)
1149                 pn533_poll_add_mod(dev, PN533_POLL_MOD_106KBPS_A);
1150
1151         if (im_protocols & NFC_PROTO_FELICA_MASK
1152             || im_protocols & NFC_PROTO_NFC_DEP_MASK) {
1153                 pn533_poll_add_mod(dev, PN533_POLL_MOD_212KBPS_FELICA);
1154                 pn533_poll_add_mod(dev, PN533_POLL_MOD_424KBPS_FELICA);
1155         }
1156
1157         if (im_protocols & NFC_PROTO_JEWEL_MASK)
1158                 pn533_poll_add_mod(dev, PN533_POLL_MOD_106KBPS_JEWEL);
1159
1160         if (im_protocols & NFC_PROTO_ISO14443_B_MASK)
1161                 pn533_poll_add_mod(dev, PN533_POLL_MOD_847KBPS_B);
1162
1163         if (tm_protocols)
1164                 pn533_poll_add_mod(dev, PN533_LISTEN_MOD);
1165 }
1166
1167 static int pn533_start_poll_complete(struct pn533 *dev, void *arg,
1168                                      u8 *params, int params_len)
1169 {
1170         struct pn533_poll_response *resp;
1171         int rc;
1172
1173         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1174
1175         resp = (struct pn533_poll_response *) params;
1176         if (resp->nbtg) {
1177                 rc = pn533_target_found(dev, resp, params_len);
1178
1179                 /* We must stop the poll after a valid target found */
1180                 if (rc == 0) {
1181                         pn533_poll_reset_mod_list(dev);
1182                         return 0;
1183                 }
1184         }
1185
1186         return -EAGAIN;
1187 }
1188
1189 static int pn533_init_target_frame(struct pn533_frame *frame,
1190                                    u8 *gb, size_t gb_len)
1191 {
1192         struct pn533_cmd_init_target *cmd;
1193         size_t cmd_len;
1194         u8 felica_params[18] = {0x1, 0xfe, /* DEP */
1195                                 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, /* random */
1196                                 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
1197                                 0xff, 0xff}; /* System code */
1198         u8 mifare_params[6] = {0x1, 0x1, /* SENS_RES */
1199                                0x0, 0x0, 0x0,
1200                                0x40}; /* SEL_RES for DEP */
1201
1202         cmd_len = sizeof(struct pn533_cmd_init_target) + gb_len + 1;
1203         cmd = kzalloc(cmd_len, GFP_KERNEL);
1204         if (cmd == NULL)
1205                 return -ENOMEM;
1206
1207         pn533_tx_frame_init(frame, PN533_CMD_TG_INIT_AS_TARGET);
1208
1209         /* DEP support only */
1210         cmd->mode |= PN533_INIT_TARGET_DEP;
1211
1212         /* Felica params */
1213         memcpy(cmd->felica, felica_params, 18);
1214         get_random_bytes(cmd->felica + 2, 6);
1215
1216         /* NFCID3 */
1217         memset(cmd->nfcid3, 0, 10);
1218         memcpy(cmd->nfcid3, cmd->felica, 8);
1219
1220         /* MIFARE params */
1221         memcpy(cmd->mifare, mifare_params, 6);
1222
1223         /* General bytes */
1224         cmd->gb_len = gb_len;
1225         memcpy(cmd->gb, gb, gb_len);
1226
1227         /* Len Tk */
1228         cmd->gb[gb_len] = 0;
1229
1230         memcpy(PN533_FRAME_CMD_PARAMS_PTR(frame), cmd, cmd_len);
1231
1232         frame->datalen += cmd_len;
1233
1234         pn533_tx_frame_finish(frame);
1235
1236         kfree(cmd);
1237
1238         return 0;
1239 }
1240
1241 #define PN533_CMD_DATAEXCH_HEAD_LEN (sizeof(struct pn533_frame) + 3)
1242 #define PN533_CMD_DATAEXCH_DATA_MAXLEN 262
1243 static int pn533_tm_get_data_complete(struct pn533 *dev, void *arg,
1244                                       u8 *params, int params_len)
1245 {
1246         struct sk_buff *skb_resp = arg;
1247         struct pn533_frame *in_frame = (struct pn533_frame *) skb_resp->data;
1248
1249         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1250
1251         if (params_len < 0) {
1252                 nfc_dev_err(&dev->interface->dev,
1253                             "Error %d when starting as a target",
1254                             params_len);
1255
1256                 return params_len;
1257         }
1258
1259         if (params_len > 0 && params[0] != 0) {
1260                 nfc_tm_deactivated(dev->nfc_dev);
1261
1262                 dev->tgt_mode = 0;
1263
1264                 kfree_skb(skb_resp);
1265                 return 0;
1266         }
1267
1268         skb_put(skb_resp, PN533_FRAME_SIZE(in_frame));
1269         skb_pull(skb_resp, PN533_CMD_DATAEXCH_HEAD_LEN);
1270         skb_trim(skb_resp, skb_resp->len - PN533_FRAME_TAIL_SIZE);
1271
1272         return nfc_tm_data_received(dev->nfc_dev, skb_resp);
1273 }
1274
1275 static void pn533_wq_tg_get_data(struct work_struct *work)
1276 {
1277         struct pn533 *dev = container_of(work, struct pn533, tg_work);
1278         struct pn533_frame *in_frame;
1279         struct sk_buff *skb_resp;
1280         size_t skb_resp_len;
1281
1282         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1283
1284         skb_resp_len = PN533_CMD_DATAEXCH_HEAD_LEN +
1285                 PN533_CMD_DATAEXCH_DATA_MAXLEN +
1286                 PN533_FRAME_TAIL_SIZE;
1287
1288         skb_resp = nfc_alloc_recv_skb(skb_resp_len, GFP_KERNEL);
1289         if (!skb_resp)
1290                 return;
1291
1292         in_frame = (struct pn533_frame *)skb_resp->data;
1293
1294         pn533_tx_frame_init(dev->out_frame, PN533_CMD_TG_GET_DATA);
1295         pn533_tx_frame_finish(dev->out_frame);
1296
1297         pn533_send_cmd_frame_async(dev, dev->out_frame, in_frame,
1298                                    skb_resp_len,
1299                                    pn533_tm_get_data_complete,
1300                                    skb_resp, GFP_KERNEL);
1301
1302         return;
1303 }
1304
1305 #define ATR_REQ_GB_OFFSET 17
1306 static int pn533_init_target_complete(struct pn533 *dev, void *arg,
1307                                       u8 *params, int params_len)
1308 {
1309         struct pn533_cmd_init_target_response *resp;
1310         u8 frame, comm_mode = NFC_COMM_PASSIVE, *gb;
1311         size_t gb_len;
1312         int rc;
1313
1314         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1315
1316         if (params_len < 0) {
1317                 nfc_dev_err(&dev->interface->dev,
1318                             "Error %d when starting as a target",
1319                             params_len);
1320
1321                 return params_len;
1322         }
1323
1324         if (params_len < ATR_REQ_GB_OFFSET + 1)
1325                 return -EINVAL;
1326
1327         resp = (struct pn533_cmd_init_target_response *) params;
1328
1329         nfc_dev_dbg(&dev->interface->dev, "Target mode 0x%x param len %d\n",
1330                     resp->mode, params_len);
1331
1332         frame = resp->mode & PN533_INIT_TARGET_RESP_FRAME_MASK;
1333         if (frame == PN533_INIT_TARGET_RESP_ACTIVE)
1334                 comm_mode = NFC_COMM_ACTIVE;
1335
1336         /* Again, only DEP */
1337         if ((resp->mode & PN533_INIT_TARGET_RESP_DEP) == 0)
1338                 return -EOPNOTSUPP;
1339
1340         gb = resp->cmd + ATR_REQ_GB_OFFSET;
1341         gb_len = params_len - (ATR_REQ_GB_OFFSET + 1);
1342
1343         rc = nfc_tm_activated(dev->nfc_dev, NFC_PROTO_NFC_DEP_MASK,
1344                               comm_mode, gb, gb_len);
1345         if (rc < 0) {
1346                 nfc_dev_err(&dev->interface->dev,
1347                             "Error when signaling target activation");
1348                 return rc;
1349         }
1350
1351         dev->tgt_mode = 1;
1352
1353         queue_work(dev->wq, &dev->tg_work);
1354
1355         return 0;
1356 }
1357
1358 static void pn533_listen_mode_timer(unsigned long data)
1359 {
1360         struct pn533 *dev = (struct pn533 *) data;
1361
1362         nfc_dev_dbg(&dev->interface->dev, "Listen mode timeout");
1363
1364         /* An ack will cancel the last issued command (poll) */
1365         pn533_send_ack(dev, GFP_ATOMIC);
1366
1367         dev->cancel_listen = 1;
1368
1369         pn533_poll_next_mod(dev);
1370
1371         queue_work(dev->wq, &dev->poll_work);
1372 }
1373
1374 static int pn533_poll_complete(struct pn533 *dev, void *arg,
1375                                u8 *params, int params_len)
1376 {
1377         struct pn533_poll_modulations *cur_mod;
1378         int rc;
1379
1380         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1381
1382         if (params_len == -ENOENT) {
1383                 if (dev->poll_mod_count != 0)
1384                         return 0;
1385
1386                 nfc_dev_err(&dev->interface->dev,
1387                             "Polling operation has been stopped");
1388
1389                 goto stop_poll;
1390         }
1391
1392         if (params_len < 0) {
1393                 nfc_dev_err(&dev->interface->dev,
1394                             "Error %d when running poll", params_len);
1395
1396                 goto stop_poll;
1397         }
1398
1399         cur_mod = dev->poll_mod_active[dev->poll_mod_curr];
1400
1401         if (cur_mod->len == 0) {
1402                 del_timer(&dev->listen_timer);
1403
1404                 return pn533_init_target_complete(dev, arg, params, params_len);
1405         } else {
1406                 rc = pn533_start_poll_complete(dev, arg, params, params_len);
1407                 if (!rc)
1408                         return rc;
1409         }
1410
1411         pn533_poll_next_mod(dev);
1412
1413         queue_work(dev->wq, &dev->poll_work);
1414
1415         return 0;
1416
1417 stop_poll:
1418         pn533_poll_reset_mod_list(dev);
1419         dev->poll_protocols = 0;
1420         return 0;
1421 }
1422
1423 static void pn533_build_poll_frame(struct pn533 *dev,
1424                                    struct pn533_frame *frame,
1425                                    struct pn533_poll_modulations *mod)
1426 {
1427         nfc_dev_dbg(&dev->interface->dev, "mod len %d\n", mod->len);
1428
1429         if (mod->len == 0) {
1430                 /* Listen mode */
1431                 pn533_init_target_frame(frame, dev->gb, dev->gb_len);
1432         } else {
1433                 /* Polling mode */
1434                 pn533_tx_frame_init(frame, PN533_CMD_IN_LIST_PASSIVE_TARGET);
1435
1436                 memcpy(PN533_FRAME_CMD_PARAMS_PTR(frame), &mod->data, mod->len);
1437                 frame->datalen += mod->len;
1438
1439                 pn533_tx_frame_finish(frame);
1440         }
1441 }
1442
1443 static int pn533_send_poll_frame(struct pn533 *dev)
1444 {
1445         struct pn533_poll_modulations *cur_mod;
1446         int rc;
1447
1448         cur_mod = dev->poll_mod_active[dev->poll_mod_curr];
1449
1450         pn533_build_poll_frame(dev, dev->out_frame, cur_mod);
1451
1452         rc = pn533_send_cmd_frame_async(dev, dev->out_frame, dev->in_frame,
1453                                 dev->in_maxlen, pn533_poll_complete,
1454                                 NULL, GFP_KERNEL);
1455         if (rc)
1456                 nfc_dev_err(&dev->interface->dev, "Polling loop error %d", rc);
1457
1458         return rc;
1459 }
1460
1461 static void pn533_wq_poll(struct work_struct *work)
1462 {
1463         struct pn533 *dev = container_of(work, struct pn533, poll_work);
1464         struct pn533_poll_modulations *cur_mod;
1465         int rc;
1466
1467         cur_mod = dev->poll_mod_active[dev->poll_mod_curr];
1468
1469         nfc_dev_dbg(&dev->interface->dev,
1470                     "%s cancel_listen %d modulation len %d",
1471                     __func__, dev->cancel_listen, cur_mod->len);
1472
1473         if (dev->cancel_listen == 1) {
1474                 dev->cancel_listen = 0;
1475                 usb_kill_urb(dev->in_urb);
1476         }
1477
1478         rc = pn533_send_poll_frame(dev);
1479         if (rc)
1480                 return;
1481
1482         if (cur_mod->len == 0 && dev->poll_mod_count > 1)
1483                 mod_timer(&dev->listen_timer, jiffies + PN533_LISTEN_TIME * HZ);
1484
1485         return;
1486 }
1487
1488 static int pn533_start_poll(struct nfc_dev *nfc_dev,
1489                             u32 im_protocols, u32 tm_protocols)
1490 {
1491         struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1492
1493         nfc_dev_dbg(&dev->interface->dev,
1494                     "%s: im protocols 0x%x tm protocols 0x%x",
1495                     __func__, im_protocols, tm_protocols);
1496
1497         if (dev->tgt_active_prot) {
1498                 nfc_dev_err(&dev->interface->dev,
1499                             "Cannot poll with a target already activated");
1500                 return -EBUSY;
1501         }
1502
1503         if (dev->tgt_mode) {
1504                 nfc_dev_err(&dev->interface->dev,
1505                             "Cannot poll while already being activated");
1506                 return -EBUSY;
1507         }
1508
1509         if (tm_protocols) {
1510                 dev->gb = nfc_get_local_general_bytes(nfc_dev, &dev->gb_len);
1511                 if (dev->gb == NULL)
1512                         tm_protocols = 0;
1513         }
1514
1515         dev->poll_mod_curr = 0;
1516         pn533_poll_create_mod_list(dev, im_protocols, tm_protocols);
1517         dev->poll_protocols = im_protocols;
1518         dev->listen_protocols = tm_protocols;
1519
1520         return pn533_send_poll_frame(dev);
1521 }
1522
1523 static void pn533_stop_poll(struct nfc_dev *nfc_dev)
1524 {
1525         struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1526
1527         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1528
1529         del_timer(&dev->listen_timer);
1530
1531         if (!dev->poll_mod_count) {
1532                 nfc_dev_dbg(&dev->interface->dev, "Polling operation was not"
1533                                                                 " running");
1534                 return;
1535         }
1536
1537         /* An ack will cancel the last issued command (poll) */
1538         pn533_send_ack(dev, GFP_KERNEL);
1539
1540         /* prevent pn533_start_poll_complete to issue a new poll meanwhile */
1541         usb_kill_urb(dev->in_urb);
1542
1543         pn533_poll_reset_mod_list(dev);
1544 }
1545
1546 static int pn533_activate_target_nfcdep(struct pn533 *dev)
1547 {
1548         struct pn533_cmd_activate_param param;
1549         struct pn533_cmd_activate_response *resp;
1550         u16 gt_len;
1551         int rc;
1552
1553         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1554
1555         pn533_tx_frame_init(dev->out_frame, PN533_CMD_IN_ATR);
1556
1557         param.tg = 1;
1558         param.next = 0;
1559         memcpy(PN533_FRAME_CMD_PARAMS_PTR(dev->out_frame), &param,
1560                                 sizeof(struct pn533_cmd_activate_param));
1561         dev->out_frame->datalen += sizeof(struct pn533_cmd_activate_param);
1562
1563         pn533_tx_frame_finish(dev->out_frame);
1564
1565         rc = pn533_send_cmd_frame_sync(dev, dev->out_frame, dev->in_frame,
1566                                                                 dev->in_maxlen);
1567         if (rc)
1568                 return rc;
1569
1570         resp = (struct pn533_cmd_activate_response *)
1571                                 PN533_FRAME_CMD_PARAMS_PTR(dev->in_frame);
1572         rc = resp->status & PN533_CMD_RET_MASK;
1573         if (rc != PN533_CMD_RET_SUCCESS)
1574                 return -EIO;
1575
1576         /* ATR_RES general bytes are located at offset 16 */
1577         gt_len = PN533_FRAME_CMD_PARAMS_LEN(dev->in_frame) - 16;
1578         rc = nfc_set_remote_general_bytes(dev->nfc_dev, resp->gt, gt_len);
1579
1580         return rc;
1581 }
1582
1583 static int pn533_activate_target(struct nfc_dev *nfc_dev,
1584                                  struct nfc_target *target, u32 protocol)
1585 {
1586         struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1587         int rc;
1588
1589         nfc_dev_dbg(&dev->interface->dev, "%s - protocol=%u", __func__,
1590                                                                 protocol);
1591
1592         if (dev->poll_mod_count) {
1593                 nfc_dev_err(&dev->interface->dev, "Cannot activate while"
1594                                                                 " polling");
1595                 return -EBUSY;
1596         }
1597
1598         if (dev->tgt_active_prot) {
1599                 nfc_dev_err(&dev->interface->dev, "There is already an active"
1600                                                                 " target");
1601                 return -EBUSY;
1602         }
1603
1604         if (!dev->tgt_available_prots) {
1605                 nfc_dev_err(&dev->interface->dev, "There is no available target"
1606                                                                 " to activate");
1607                 return -EINVAL;
1608         }
1609
1610         if (!(dev->tgt_available_prots & (1 << protocol))) {
1611                 nfc_dev_err(&dev->interface->dev, "The target does not support"
1612                                         " the requested protocol %u", protocol);
1613                 return -EINVAL;
1614         }
1615
1616         if (protocol == NFC_PROTO_NFC_DEP) {
1617                 rc = pn533_activate_target_nfcdep(dev);
1618                 if (rc) {
1619                         nfc_dev_err(&dev->interface->dev, "Error %d when"
1620                                                 " activating target with"
1621                                                 " NFC_DEP protocol", rc);
1622                         return rc;
1623                 }
1624         }
1625
1626         dev->tgt_active_prot = protocol;
1627         dev->tgt_available_prots = 0;
1628
1629         return 0;
1630 }
1631
1632 static void pn533_deactivate_target(struct nfc_dev *nfc_dev,
1633                                     struct nfc_target *target)
1634 {
1635         struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1636         u8 tg;
1637         u8 status;
1638         int rc;
1639
1640         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1641
1642         if (!dev->tgt_active_prot) {
1643                 nfc_dev_err(&dev->interface->dev, "There is no active target");
1644                 return;
1645         }
1646
1647         dev->tgt_active_prot = 0;
1648
1649         skb_queue_purge(&dev->resp_q);
1650
1651         pn533_tx_frame_init(dev->out_frame, PN533_CMD_IN_RELEASE);
1652
1653         tg = 1;
1654         memcpy(PN533_FRAME_CMD_PARAMS_PTR(dev->out_frame), &tg, sizeof(u8));
1655         dev->out_frame->datalen += sizeof(u8);
1656
1657         pn533_tx_frame_finish(dev->out_frame);
1658
1659         rc = pn533_send_cmd_frame_sync(dev, dev->out_frame, dev->in_frame,
1660                                                                 dev->in_maxlen);
1661         if (rc) {
1662                 nfc_dev_err(&dev->interface->dev, "Error when sending release"
1663                                                 " command to the controller");
1664                 return;
1665         }
1666
1667         status = PN533_FRAME_CMD_PARAMS_PTR(dev->in_frame)[0];
1668         rc = status & PN533_CMD_RET_MASK;
1669         if (rc != PN533_CMD_RET_SUCCESS)
1670                 nfc_dev_err(&dev->interface->dev, "Error 0x%x when releasing"
1671                                                         " the target", rc);
1672
1673         return;
1674 }
1675
1676
1677 static int pn533_in_dep_link_up_complete(struct pn533 *dev, void *arg,
1678                                                 u8 *params, int params_len)
1679 {
1680         struct pn533_cmd_jump_dep *cmd;
1681         struct pn533_cmd_jump_dep_response *resp;
1682         struct nfc_target nfc_target;
1683         u8 target_gt_len;
1684         int rc;
1685
1686         if (params_len == -ENOENT) {
1687                 nfc_dev_dbg(&dev->interface->dev, "");
1688                 return 0;
1689         }
1690
1691         if (params_len < 0) {
1692                 nfc_dev_err(&dev->interface->dev,
1693                                 "Error %d when bringing DEP link up",
1694                                                                 params_len);
1695                 return 0;
1696         }
1697
1698         if (dev->tgt_available_prots &&
1699             !(dev->tgt_available_prots & (1 << NFC_PROTO_NFC_DEP))) {
1700                 nfc_dev_err(&dev->interface->dev,
1701                         "The target does not support DEP");
1702                 return -EINVAL;
1703         }
1704
1705         resp = (struct pn533_cmd_jump_dep_response *) params;
1706         cmd = (struct pn533_cmd_jump_dep *) arg;
1707         rc = resp->status & PN533_CMD_RET_MASK;
1708         if (rc != PN533_CMD_RET_SUCCESS) {
1709                 nfc_dev_err(&dev->interface->dev,
1710                                 "Bringing DEP link up failed %d", rc);
1711                 return 0;
1712         }
1713
1714         if (!dev->tgt_available_prots) {
1715                 nfc_dev_dbg(&dev->interface->dev, "Creating new target");
1716
1717                 nfc_target.supported_protocols = NFC_PROTO_NFC_DEP_MASK;
1718                 nfc_target.nfcid1_len = 10;
1719                 memcpy(nfc_target.nfcid1, resp->nfcid3t, nfc_target.nfcid1_len);
1720                 rc = nfc_targets_found(dev->nfc_dev, &nfc_target, 1);
1721                 if (rc)
1722                         return 0;
1723
1724                 dev->tgt_available_prots = 0;
1725         }
1726
1727         dev->tgt_active_prot = NFC_PROTO_NFC_DEP;
1728
1729         /* ATR_RES general bytes are located at offset 17 */
1730         target_gt_len = PN533_FRAME_CMD_PARAMS_LEN(dev->in_frame) - 17;
1731         rc = nfc_set_remote_general_bytes(dev->nfc_dev,
1732                                                 resp->gt, target_gt_len);
1733         if (rc == 0)
1734                 rc = nfc_dep_link_is_up(dev->nfc_dev,
1735                                                 dev->nfc_dev->targets[0].idx,
1736                                                 !cmd->active, NFC_RF_INITIATOR);
1737
1738         return 0;
1739 }
1740
1741 static int pn533_mod_to_baud(struct pn533 *dev)
1742 {
1743         switch (dev->poll_mod_curr) {
1744         case PN533_POLL_MOD_106KBPS_A:
1745                 return 0;
1746         case PN533_POLL_MOD_212KBPS_FELICA:
1747                 return 1;
1748         case PN533_POLL_MOD_424KBPS_FELICA:
1749                 return 2;
1750         default:
1751                 return -EINVAL;
1752         }
1753 }
1754
1755 #define PASSIVE_DATA_LEN 5
1756 static int pn533_dep_link_up(struct nfc_dev *nfc_dev, struct nfc_target *target,
1757                              u8 comm_mode, u8* gb, size_t gb_len)
1758 {
1759         struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1760         struct pn533_cmd_jump_dep *cmd;
1761         u8 cmd_len, *data_ptr;
1762         u8 passive_data[PASSIVE_DATA_LEN] = {0x00, 0xff, 0xff, 0x00, 0x3};
1763         int rc, baud;
1764
1765         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1766
1767         if (dev->poll_mod_count) {
1768                 nfc_dev_err(&dev->interface->dev,
1769                                 "Cannot bring the DEP link up while polling");
1770                 return -EBUSY;
1771         }
1772
1773         if (dev->tgt_active_prot) {
1774                 nfc_dev_err(&dev->interface->dev,
1775                                 "There is already an active target");
1776                 return -EBUSY;
1777         }
1778
1779         baud = pn533_mod_to_baud(dev);
1780         if (baud < 0) {
1781                 nfc_dev_err(&dev->interface->dev,
1782                             "Invalid curr modulation %d", dev->poll_mod_curr);
1783                 return baud;
1784         }
1785
1786         cmd_len = sizeof(struct pn533_cmd_jump_dep) + gb_len;
1787         if (comm_mode == NFC_COMM_PASSIVE)
1788                 cmd_len += PASSIVE_DATA_LEN;
1789
1790         cmd = kzalloc(cmd_len, GFP_KERNEL);
1791         if (cmd == NULL)
1792                 return -ENOMEM;
1793
1794         pn533_tx_frame_init(dev->out_frame, PN533_CMD_IN_JUMP_FOR_DEP);
1795
1796         cmd->active = !comm_mode;
1797         cmd->next = 0;
1798         cmd->baud = baud;
1799         data_ptr = cmd->data;
1800         if (comm_mode == NFC_COMM_PASSIVE && cmd->baud > 0) {
1801                 memcpy(data_ptr, passive_data, PASSIVE_DATA_LEN);
1802                 cmd->next |= 1;
1803                 data_ptr += PASSIVE_DATA_LEN;
1804         }
1805
1806         if (gb != NULL && gb_len > 0) {
1807                 cmd->next |= 4; /* We have some Gi */
1808                 memcpy(data_ptr, gb, gb_len);
1809         } else {
1810                 cmd->next = 0;
1811         }
1812
1813         memcpy(PN533_FRAME_CMD_PARAMS_PTR(dev->out_frame), cmd, cmd_len);
1814         dev->out_frame->datalen += cmd_len;
1815
1816         pn533_tx_frame_finish(dev->out_frame);
1817
1818         rc = pn533_send_cmd_frame_async(dev, dev->out_frame, dev->in_frame,
1819                                 dev->in_maxlen, pn533_in_dep_link_up_complete,
1820                                 cmd, GFP_KERNEL);
1821         if (rc)
1822                 goto out;
1823
1824
1825 out:
1826         kfree(cmd);
1827
1828         return rc;
1829 }
1830
1831 static int pn533_dep_link_down(struct nfc_dev *nfc_dev)
1832 {
1833         struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1834
1835         pn533_poll_reset_mod_list(dev);
1836
1837         if (dev->tgt_mode || dev->tgt_active_prot) {
1838                 pn533_send_ack(dev, GFP_KERNEL);
1839                 usb_kill_urb(dev->in_urb);
1840         }
1841
1842         dev->tgt_active_prot = 0;
1843         dev->tgt_mode = 0;
1844
1845         skb_queue_purge(&dev->resp_q);
1846
1847         return 0;
1848 }
1849
1850 static int pn533_build_tx_frame(struct pn533 *dev, struct sk_buff *skb,
1851                                 bool target)
1852 {
1853         int payload_len = skb->len;
1854         struct pn533_frame *out_frame;
1855         u8 tg;
1856
1857         nfc_dev_dbg(&dev->interface->dev, "%s - Sending %d bytes", __func__,
1858                                                                 payload_len);
1859
1860         if (payload_len > PN533_CMD_DATAEXCH_DATA_MAXLEN) {
1861                 /* TODO: Implement support to multi-part data exchange */
1862                 nfc_dev_err(&dev->interface->dev, "Data length greater than the"
1863                                                 " max allowed: %d",
1864                                                 PN533_CMD_DATAEXCH_DATA_MAXLEN);
1865                 return -ENOSYS;
1866         }
1867
1868         if (target == true) {
1869                 switch (dev->device_type) {
1870                 case PN533_DEVICE_PASORI:
1871                         if (dev->tgt_active_prot == NFC_PROTO_FELICA) {
1872                                 skb_push(skb, PN533_CMD_DATAEXCH_HEAD_LEN - 1);
1873                                 out_frame = (struct pn533_frame *) skb->data;
1874                                 pn533_tx_frame_init(out_frame,
1875                                                     PN533_CMD_IN_COMM_THRU);
1876
1877                                 break;
1878                         }
1879
1880                 default:
1881                         skb_push(skb, PN533_CMD_DATAEXCH_HEAD_LEN);
1882                         out_frame = (struct pn533_frame *) skb->data;
1883                         pn533_tx_frame_init(out_frame,
1884                                             PN533_CMD_IN_DATA_EXCHANGE);
1885                         tg = 1;
1886                         memcpy(PN533_FRAME_CMD_PARAMS_PTR(out_frame),
1887                                &tg, sizeof(u8));
1888                         out_frame->datalen += sizeof(u8);
1889
1890                         break;
1891                 }
1892
1893         } else {
1894                 skb_push(skb, PN533_CMD_DATAEXCH_HEAD_LEN - 1);
1895                 out_frame = (struct pn533_frame *) skb->data;
1896                 pn533_tx_frame_init(out_frame, PN533_CMD_TG_SET_DATA);
1897         }
1898
1899
1900         /* The data is already in the out_frame, just update the datalen */
1901         out_frame->datalen += payload_len;
1902
1903         pn533_tx_frame_finish(out_frame);
1904         skb_put(skb, PN533_FRAME_TAIL_SIZE);
1905
1906         return 0;
1907 }
1908
1909 struct pn533_data_exchange_arg {
1910         struct sk_buff *skb_resp;
1911         struct sk_buff *skb_out;
1912         data_exchange_cb_t cb;
1913         void *cb_context;
1914 };
1915
1916 static struct sk_buff *pn533_build_response(struct pn533 *dev)
1917 {
1918         struct sk_buff *skb, *tmp, *t;
1919         unsigned int skb_len = 0, tmp_len = 0;
1920
1921         nfc_dev_dbg(&dev->interface->dev, "%s\n", __func__);
1922
1923         if (skb_queue_empty(&dev->resp_q))
1924                 return NULL;
1925
1926         if (skb_queue_len(&dev->resp_q) == 1) {
1927                 skb = skb_dequeue(&dev->resp_q);
1928                 goto out;
1929         }
1930
1931         skb_queue_walk_safe(&dev->resp_q, tmp, t)
1932                 skb_len += tmp->len;
1933
1934         nfc_dev_dbg(&dev->interface->dev, "%s total length %d\n",
1935                     __func__, skb_len);
1936
1937         skb = alloc_skb(skb_len, GFP_KERNEL);
1938         if (skb == NULL)
1939                 goto out;
1940
1941         skb_put(skb, skb_len);
1942
1943         skb_queue_walk_safe(&dev->resp_q, tmp, t) {
1944                 memcpy(skb->data + tmp_len, tmp->data, tmp->len);
1945                 tmp_len += tmp->len;
1946         }
1947
1948 out:
1949         skb_queue_purge(&dev->resp_q);
1950
1951         return skb;
1952 }
1953
1954 static int pn533_data_exchange_complete(struct pn533 *dev, void *_arg,
1955                                                 u8 *params, int params_len)
1956 {
1957         struct pn533_data_exchange_arg *arg = _arg;
1958         struct sk_buff *skb = NULL, *skb_resp = arg->skb_resp;
1959         struct pn533_frame *in_frame = (struct pn533_frame *) skb_resp->data;
1960         int err = 0;
1961         u8 status;
1962         u8 cmd_ret;
1963
1964         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1965
1966         dev_kfree_skb(arg->skb_out);
1967
1968         if (params_len < 0) { /* error */
1969                 err = params_len;
1970                 goto error;
1971         }
1972
1973         status = params[0];
1974
1975         cmd_ret = status & PN533_CMD_RET_MASK;
1976         if (cmd_ret != PN533_CMD_RET_SUCCESS) {
1977                 nfc_dev_err(&dev->interface->dev, "PN533 reported error %d when"
1978                                                 " exchanging data", cmd_ret);
1979                 err = -EIO;
1980                 goto error;
1981         }
1982
1983         skb_put(skb_resp, PN533_FRAME_SIZE(in_frame));
1984         skb_pull(skb_resp, PN533_CMD_DATAEXCH_HEAD_LEN);
1985         skb_trim(skb_resp, skb_resp->len - PN533_FRAME_TAIL_SIZE);
1986         skb_queue_tail(&dev->resp_q, skb_resp);
1987
1988         if (status & PN533_CMD_MI_MASK) {
1989                 queue_work(dev->wq, &dev->mi_work);
1990                 return -EINPROGRESS;
1991         }
1992
1993         skb = pn533_build_response(dev);
1994         if (skb == NULL)
1995                 goto error;
1996
1997         arg->cb(arg->cb_context, skb, 0);
1998         kfree(arg);
1999         return 0;
2000
2001 error:
2002         skb_queue_purge(&dev->resp_q);
2003         dev_kfree_skb(skb_resp);
2004         arg->cb(arg->cb_context, NULL, err);
2005         kfree(arg);
2006         return 0;
2007 }
2008
2009 static int pn533_transceive(struct nfc_dev *nfc_dev,
2010                             struct nfc_target *target, struct sk_buff *skb,
2011                             data_exchange_cb_t cb, void *cb_context)
2012 {
2013         struct pn533 *dev = nfc_get_drvdata(nfc_dev);
2014         struct pn533_frame *out_frame, *in_frame;
2015         struct pn533_data_exchange_arg *arg;
2016         struct sk_buff *skb_resp;
2017         int skb_resp_len;
2018         int rc;
2019
2020         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2021
2022         if (!dev->tgt_active_prot) {
2023                 nfc_dev_err(&dev->interface->dev, "Cannot exchange data if"
2024                                                 " there is no active target");
2025                 rc = -EINVAL;
2026                 goto error;
2027         }
2028
2029         rc = pn533_build_tx_frame(dev, skb, true);
2030         if (rc)
2031                 goto error;
2032
2033         skb_resp_len = PN533_CMD_DATAEXCH_HEAD_LEN +
2034                         PN533_CMD_DATAEXCH_DATA_MAXLEN +
2035                         PN533_FRAME_TAIL_SIZE;
2036
2037         skb_resp = nfc_alloc_recv_skb(skb_resp_len, GFP_KERNEL);
2038         if (!skb_resp) {
2039                 rc = -ENOMEM;
2040                 goto error;
2041         }
2042
2043         in_frame = (struct pn533_frame *) skb_resp->data;
2044         out_frame = (struct pn533_frame *) skb->data;
2045
2046         arg = kmalloc(sizeof(struct pn533_data_exchange_arg), GFP_KERNEL);
2047         if (!arg) {
2048                 rc = -ENOMEM;
2049                 goto free_skb_resp;
2050         }
2051
2052         arg->skb_resp = skb_resp;
2053         arg->skb_out = skb;
2054         arg->cb = cb;
2055         arg->cb_context = cb_context;
2056
2057         rc = pn533_send_cmd_frame_async(dev, out_frame, in_frame, skb_resp_len,
2058                                         pn533_data_exchange_complete, arg,
2059                                         GFP_KERNEL);
2060         if (rc) {
2061                 nfc_dev_err(&dev->interface->dev, "Error %d when trying to"
2062                                                 " perform data_exchange", rc);
2063                 goto free_arg;
2064         }
2065
2066         return 0;
2067
2068 free_arg:
2069         kfree(arg);
2070 free_skb_resp:
2071         kfree_skb(skb_resp);
2072 error:
2073         kfree_skb(skb);
2074         return rc;
2075 }
2076
2077 static int pn533_tm_send_complete(struct pn533 *dev, void *arg,
2078                                   u8 *params, int params_len)
2079 {
2080         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2081
2082         if (params_len < 0) {
2083                 nfc_dev_err(&dev->interface->dev,
2084                             "Error %d when sending data",
2085                             params_len);
2086
2087                 return params_len;
2088         }
2089
2090         if (params_len > 0 && params[0] != 0) {
2091                 nfc_tm_deactivated(dev->nfc_dev);
2092
2093                 dev->tgt_mode = 0;
2094
2095                 return 0;
2096         }
2097
2098         queue_work(dev->wq, &dev->tg_work);
2099
2100         return 0;
2101 }
2102
2103 static int pn533_tm_send(struct nfc_dev *nfc_dev, struct sk_buff *skb)
2104 {
2105         struct pn533 *dev = nfc_get_drvdata(nfc_dev);
2106         struct pn533_frame *out_frame;
2107         int rc;
2108
2109         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2110
2111         rc = pn533_build_tx_frame(dev, skb, false);
2112         if (rc)
2113                 goto error;
2114
2115         out_frame = (struct pn533_frame *) skb->data;
2116
2117         rc = pn533_send_cmd_frame_async(dev, out_frame, dev->in_frame,
2118                                         dev->in_maxlen, pn533_tm_send_complete,
2119                                         NULL, GFP_KERNEL);
2120         if (rc) {
2121                 nfc_dev_err(&dev->interface->dev,
2122                             "Error %d when trying to send data", rc);
2123                 goto error;
2124         }
2125
2126         return 0;
2127
2128 error:
2129         kfree_skb(skb);
2130
2131         return rc;
2132 }
2133
2134 static void pn533_wq_mi_recv(struct work_struct *work)
2135 {
2136         struct pn533 *dev = container_of(work, struct pn533, mi_work);
2137         struct sk_buff *skb_cmd;
2138         struct pn533_data_exchange_arg *arg = dev->cmd_complete_arg;
2139         struct pn533_frame *out_frame, *in_frame;
2140         struct sk_buff *skb_resp;
2141         int skb_resp_len;
2142         int rc;
2143
2144         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2145
2146         /* This is a zero payload size skb */
2147         skb_cmd = alloc_skb(PN533_CMD_DATAEXCH_HEAD_LEN + PN533_FRAME_TAIL_SIZE,
2148                             GFP_KERNEL);
2149         if (skb_cmd == NULL)
2150                 goto error_cmd;
2151
2152         skb_reserve(skb_cmd, PN533_CMD_DATAEXCH_HEAD_LEN);
2153
2154         rc = pn533_build_tx_frame(dev, skb_cmd, true);
2155         if (rc)
2156                 goto error_frame;
2157
2158         skb_resp_len = PN533_CMD_DATAEXCH_HEAD_LEN +
2159                         PN533_CMD_DATAEXCH_DATA_MAXLEN +
2160                         PN533_FRAME_TAIL_SIZE;
2161         skb_resp = alloc_skb(skb_resp_len, GFP_KERNEL);
2162         if (!skb_resp) {
2163                 rc = -ENOMEM;
2164                 goto error_frame;
2165         }
2166
2167         in_frame = (struct pn533_frame *) skb_resp->data;
2168         out_frame = (struct pn533_frame *) skb_cmd->data;
2169
2170         arg->skb_resp = skb_resp;
2171         arg->skb_out = skb_cmd;
2172
2173         rc = __pn533_send_cmd_frame_async(dev, out_frame, in_frame,
2174                                           skb_resp_len,
2175                                           pn533_data_exchange_complete,
2176                                           dev->cmd_complete_arg, GFP_KERNEL);
2177         if (!rc)
2178                 return;
2179
2180         nfc_dev_err(&dev->interface->dev, "Error %d when trying to"
2181                                                 " perform data_exchange", rc);
2182
2183         kfree_skb(skb_resp);
2184
2185 error_frame:
2186         kfree_skb(skb_cmd);
2187
2188 error_cmd:
2189         pn533_send_ack(dev, GFP_KERNEL);
2190
2191         kfree(arg);
2192
2193         queue_work(dev->wq, &dev->cmd_work);
2194 }
2195
2196 static int pn533_set_configuration(struct pn533 *dev, u8 cfgitem, u8 *cfgdata,
2197                                                                 u8 cfgdata_len)
2198 {
2199         int rc;
2200         u8 *params;
2201
2202         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2203
2204         pn533_tx_frame_init(dev->out_frame, PN533_CMD_RF_CONFIGURATION);
2205
2206         params = PN533_FRAME_CMD_PARAMS_PTR(dev->out_frame);
2207         params[0] = cfgitem;
2208         memcpy(&params[1], cfgdata, cfgdata_len);
2209         dev->out_frame->datalen += (1 + cfgdata_len);
2210
2211         pn533_tx_frame_finish(dev->out_frame);
2212
2213         rc = pn533_send_cmd_frame_sync(dev, dev->out_frame, dev->in_frame,
2214                                                                 dev->in_maxlen);
2215
2216         return rc;
2217 }
2218
2219 static int pn533_fw_reset(struct pn533 *dev)
2220 {
2221         int rc;
2222         u8 *params;
2223
2224         nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2225
2226         pn533_tx_frame_init(dev->out_frame, 0x18);
2227
2228         params = PN533_FRAME_CMD_PARAMS_PTR(dev->out_frame);
2229         params[0] = 0x1;
2230         dev->out_frame->datalen += 1;
2231
2232         pn533_tx_frame_finish(dev->out_frame);
2233
2234         rc = pn533_send_cmd_frame_sync(dev, dev->out_frame, dev->in_frame,
2235                                        dev->in_maxlen);
2236
2237         return rc;
2238 }
2239
2240 static struct nfc_ops pn533_nfc_ops = {
2241         .dev_up = NULL,
2242         .dev_down = NULL,
2243         .dep_link_up = pn533_dep_link_up,
2244         .dep_link_down = pn533_dep_link_down,
2245         .start_poll = pn533_start_poll,
2246         .stop_poll = pn533_stop_poll,
2247         .activate_target = pn533_activate_target,
2248         .deactivate_target = pn533_deactivate_target,
2249         .im_transceive = pn533_transceive,
2250         .tm_send = pn533_tm_send,
2251 };
2252
2253 static int pn533_setup(struct pn533 *dev)
2254 {
2255         struct pn533_config_max_retries max_retries;
2256         struct pn533_config_timing timing;
2257         u8 pasori_cfg[3] = {0x08, 0x01, 0x08};
2258         int rc;
2259
2260         switch (dev->device_type) {
2261         case PN533_DEVICE_STD:
2262                 max_retries.mx_rty_atr = PN533_CONFIG_MAX_RETRIES_ENDLESS;
2263                 max_retries.mx_rty_psl = 2;
2264                 max_retries.mx_rty_passive_act =
2265                         PN533_CONFIG_MAX_RETRIES_NO_RETRY;
2266
2267                 timing.rfu = PN533_CONFIG_TIMING_102;
2268                 timing.atr_res_timeout = PN533_CONFIG_TIMING_204;
2269                 timing.dep_timeout = PN533_CONFIG_TIMING_409;
2270
2271                 break;
2272
2273         case PN533_DEVICE_PASORI:
2274                 max_retries.mx_rty_atr = 0x2;
2275                 max_retries.mx_rty_psl = 0x1;
2276                 max_retries.mx_rty_passive_act =
2277                         PN533_CONFIG_MAX_RETRIES_NO_RETRY;
2278
2279                 timing.rfu = PN533_CONFIG_TIMING_102;
2280                 timing.atr_res_timeout = PN533_CONFIG_TIMING_102;
2281                 timing.dep_timeout = PN533_CONFIG_TIMING_204;
2282
2283                 break;
2284
2285         default:
2286                 nfc_dev_err(&dev->interface->dev, "Unknown device type %d\n",
2287                             dev->device_type);
2288                 return -EINVAL;
2289         }
2290
2291         rc = pn533_set_configuration(dev, PN533_CFGITEM_MAX_RETRIES,
2292                                      (u8 *)&max_retries, sizeof(max_retries));
2293         if (rc) {
2294                 nfc_dev_err(&dev->interface->dev,
2295                             "Error on setting MAX_RETRIES config");
2296                 return rc;
2297         }
2298
2299
2300         rc = pn533_set_configuration(dev, PN533_CFGITEM_TIMING,
2301                                      (u8 *)&timing, sizeof(timing));
2302         if (rc) {
2303                 nfc_dev_err(&dev->interface->dev,
2304                             "Error on setting RF timings");
2305                 return rc;
2306         }
2307
2308         switch (dev->device_type) {
2309         case PN533_DEVICE_STD:
2310                 break;
2311
2312         case PN533_DEVICE_PASORI:
2313                 pn533_fw_reset(dev);
2314
2315                 rc = pn533_set_configuration(dev, PN533_CFGITEM_PASORI,
2316                                              pasori_cfg, 3);
2317                 if (rc) {
2318                         nfc_dev_err(&dev->interface->dev,
2319                                     "Error while settings PASORI config");
2320                         return rc;
2321                 }
2322
2323                 pn533_fw_reset(dev);
2324
2325                 break;
2326         }
2327
2328         return 0;
2329 }
2330
2331 static int pn533_probe(struct usb_interface *interface,
2332                         const struct usb_device_id *id)
2333 {
2334         struct pn533_fw_version *fw_ver;
2335         struct pn533 *dev;
2336         struct usb_host_interface *iface_desc;
2337         struct usb_endpoint_descriptor *endpoint;
2338         int in_endpoint = 0;
2339         int out_endpoint = 0;
2340         int rc = -ENOMEM;
2341         int i;
2342         u32 protocols;
2343
2344         dev = kzalloc(sizeof(*dev), GFP_KERNEL);
2345         if (!dev)
2346                 return -ENOMEM;
2347
2348         dev->udev = usb_get_dev(interface_to_usbdev(interface));
2349         dev->interface = interface;
2350         mutex_init(&dev->cmd_lock);
2351
2352         iface_desc = interface->cur_altsetting;
2353         for (i = 0; i < iface_desc->desc.bNumEndpoints; ++i) {
2354                 endpoint = &iface_desc->endpoint[i].desc;
2355
2356                 if (!in_endpoint && usb_endpoint_is_bulk_in(endpoint)) {
2357                         dev->in_maxlen = le16_to_cpu(endpoint->wMaxPacketSize);
2358                         in_endpoint = endpoint->bEndpointAddress;
2359                 }
2360
2361                 if (!out_endpoint && usb_endpoint_is_bulk_out(endpoint)) {
2362                         dev->out_maxlen =
2363                                 le16_to_cpu(endpoint->wMaxPacketSize);
2364                         out_endpoint = endpoint->bEndpointAddress;
2365                 }
2366         }
2367
2368         if (!in_endpoint || !out_endpoint) {
2369                 nfc_dev_err(&interface->dev, "Could not find bulk-in or"
2370                                                         " bulk-out endpoint");
2371                 rc = -ENODEV;
2372                 goto error;
2373         }
2374
2375         dev->in_frame = kmalloc(dev->in_maxlen, GFP_KERNEL);
2376         dev->in_urb = usb_alloc_urb(0, GFP_KERNEL);
2377         dev->out_frame = kmalloc(dev->out_maxlen, GFP_KERNEL);
2378         dev->out_urb = usb_alloc_urb(0, GFP_KERNEL);
2379
2380         if (!dev->in_frame || !dev->out_frame ||
2381                 !dev->in_urb || !dev->out_urb)
2382                 goto error;
2383
2384         usb_fill_bulk_urb(dev->in_urb, dev->udev,
2385                         usb_rcvbulkpipe(dev->udev, in_endpoint),
2386                         NULL, 0, NULL, dev);
2387         usb_fill_bulk_urb(dev->out_urb, dev->udev,
2388                         usb_sndbulkpipe(dev->udev, out_endpoint),
2389                         NULL, 0,
2390                         pn533_send_complete, dev);
2391
2392         INIT_WORK(&dev->cmd_work, pn533_wq_cmd);
2393         INIT_WORK(&dev->cmd_complete_work, pn533_wq_cmd_complete);
2394         INIT_WORK(&dev->mi_work, pn533_wq_mi_recv);
2395         INIT_WORK(&dev->tg_work, pn533_wq_tg_get_data);
2396         INIT_WORK(&dev->poll_work, pn533_wq_poll);
2397         dev->wq = alloc_workqueue("pn533",
2398                                   WQ_NON_REENTRANT | WQ_UNBOUND | WQ_MEM_RECLAIM,
2399                                   1);
2400         if (dev->wq == NULL)
2401                 goto error;
2402
2403         init_timer(&dev->listen_timer);
2404         dev->listen_timer.data = (unsigned long) dev;
2405         dev->listen_timer.function = pn533_listen_mode_timer;
2406
2407         skb_queue_head_init(&dev->resp_q);
2408
2409         INIT_LIST_HEAD(&dev->cmd_queue);
2410
2411         usb_set_intfdata(interface, dev);
2412
2413         pn533_tx_frame_init(dev->out_frame, PN533_CMD_GET_FIRMWARE_VERSION);
2414         pn533_tx_frame_finish(dev->out_frame);
2415
2416         rc = pn533_send_cmd_frame_sync(dev, dev->out_frame, dev->in_frame,
2417                                                                 dev->in_maxlen);
2418         if (rc)
2419                 goto destroy_wq;
2420
2421         fw_ver = (struct pn533_fw_version *)
2422                                 PN533_FRAME_CMD_PARAMS_PTR(dev->in_frame);
2423         nfc_dev_info(&dev->interface->dev, "NXP PN533 firmware ver %d.%d now"
2424                                         " attached", fw_ver->ver, fw_ver->rev);
2425
2426         dev->device_type = id->driver_info;
2427         switch (dev->device_type) {
2428         case PN533_DEVICE_STD:
2429                 protocols = PN533_ALL_PROTOCOLS;
2430                 break;
2431
2432         case PN533_DEVICE_PASORI:
2433                 protocols = PN533_NO_TYPE_B_PROTOCOLS;
2434                 break;
2435
2436         default:
2437                 nfc_dev_err(&dev->interface->dev, "Unknown device type %d\n",
2438                             dev->device_type);
2439                 rc = -EINVAL;
2440                 goto destroy_wq;
2441         }
2442
2443         dev->nfc_dev = nfc_allocate_device(&pn533_nfc_ops, protocols,
2444                                            PN533_CMD_DATAEXCH_HEAD_LEN,
2445                                            PN533_FRAME_TAIL_SIZE);
2446         if (!dev->nfc_dev)
2447                 goto destroy_wq;
2448
2449         nfc_set_parent_dev(dev->nfc_dev, &interface->dev);
2450         nfc_set_drvdata(dev->nfc_dev, dev);
2451
2452         rc = nfc_register_device(dev->nfc_dev);
2453         if (rc)
2454                 goto free_nfc_dev;
2455
2456         rc = pn533_setup(dev);
2457         if (rc)
2458                 goto unregister_nfc_dev;
2459
2460         return 0;
2461
2462 unregister_nfc_dev:
2463         nfc_unregister_device(dev->nfc_dev);
2464
2465 free_nfc_dev:
2466         nfc_free_device(dev->nfc_dev);
2467
2468 destroy_wq:
2469         destroy_workqueue(dev->wq);
2470 error:
2471         kfree(dev->in_frame);
2472         usb_free_urb(dev->in_urb);
2473         kfree(dev->out_frame);
2474         usb_free_urb(dev->out_urb);
2475         kfree(dev);
2476         return rc;
2477 }
2478
2479 static void pn533_disconnect(struct usb_interface *interface)
2480 {
2481         struct pn533 *dev;
2482         struct pn533_cmd *cmd, *n;
2483
2484         dev = usb_get_intfdata(interface);
2485         usb_set_intfdata(interface, NULL);
2486
2487         nfc_unregister_device(dev->nfc_dev);
2488         nfc_free_device(dev->nfc_dev);
2489
2490         usb_kill_urb(dev->in_urb);
2491         usb_kill_urb(dev->out_urb);
2492
2493         destroy_workqueue(dev->wq);
2494
2495         skb_queue_purge(&dev->resp_q);
2496
2497         del_timer(&dev->listen_timer);
2498
2499         list_for_each_entry_safe(cmd, n, &dev->cmd_queue, queue) {
2500                 list_del(&cmd->queue);
2501                 kfree(cmd);
2502         }
2503
2504         kfree(dev->in_frame);
2505         usb_free_urb(dev->in_urb);
2506         kfree(dev->out_frame);
2507         usb_free_urb(dev->out_urb);
2508         kfree(dev);
2509
2510         nfc_dev_info(&interface->dev, "NXP PN533 NFC device disconnected");
2511 }
2512
2513 static struct usb_driver pn533_driver = {
2514         .name =         "pn533",
2515         .probe =        pn533_probe,
2516         .disconnect =   pn533_disconnect,
2517         .id_table =     pn533_table,
2518 };
2519
2520 module_usb_driver(pn533_driver);
2521
2522 MODULE_AUTHOR("Lauro Ramos Venancio <lauro.venancio@openbossa.org>,"
2523                         " Aloisio Almeida Jr <aloisio.almeida@openbossa.org>");
2524 MODULE_DESCRIPTION("PN533 usb driver ver " VERSION);
2525 MODULE_VERSION(VERSION);
2526 MODULE_LICENSE("GPL");