projects / deliverable / linux.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
net: davinci_mdio: Fix sparse warning
[deliverable/linux.git] / drivers / nfc / pn533.c
CommitLineData
c46ee386
AAJ		 1/*
2 * Copyright (C) 2011 Instituto Nokia de Tecnologia
e70b96e9 3 * Copyright (C) 2012-2013 Tieto Poland
c46ee386
AAJ		 4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License
98b32dec 16 * along with this program; if not, see <http://www.gnu.org/licenses/>.
c46ee386
AAJ		 17 */
18
19#include <linux/device.h>
20#include <linux/kernel.h>
21#include <linux/module.h>
22#include <linux/slab.h>
23#include <linux/usb.h>
24#include <linux/nfc.h>
25#include <linux/netdevice.h>
55eb94f9 26#include <net/nfc/nfc.h>
c46ee386 27
495af72e 28#define VERSION "0.2"
c46ee386
AAJ		 29
30#define PN533_VENDOR_ID 0x4CC
31#define PN533_PRODUCT_ID 0x2533
32
33#define SCM_VENDOR_ID 0x4E6
34#define SCL3711_PRODUCT_ID 0x5591
35
5c7b0531
SO		 36#define SONY_VENDOR_ID 0x054c
37#define PASORI_PRODUCT_ID 0x02e1
38
53cf4839
WR		 39#define ACS_VENDOR_ID 0x072f
40#define ACR122U_PRODUCT_ID 0x2200
41
42#define PN533_DEVICE_STD 0x1
43#define PN533_DEVICE_PASORI 0x2
44#define PN533_DEVICE_ACR122U 0x3
5c7b0531 45
01d719a2
SO		 46#define PN533_ALL_PROTOCOLS (NFC_PROTO_JEWEL_MASK | NFC_PROTO_MIFARE_MASK |\
47 NFC_PROTO_FELICA_MASK | NFC_PROTO_ISO14443_MASK |\
48 NFC_PROTO_NFC_DEP_MASK |\
49 NFC_PROTO_ISO14443_B_MASK)
5c7b0531
SO		 50
51#define PN533_NO_TYPE_B_PROTOCOLS (NFC_PROTO_JEWEL_MASK | \
52 NFC_PROTO_MIFARE_MASK | \
53 NFC_PROTO_FELICA_MASK | \
01d719a2 54 NFC_PROTO_ISO14443_MASK | \
5c7b0531
SO		 55 NFC_PROTO_NFC_DEP_MASK)
56
c46ee386 57static const struct usb_device_id pn533_table[] = {
5c7b0531
SO		 58 { .match_flags = USB_DEVICE_ID_MATCH_DEVICE,
59 .idVendor = PN533_VENDOR_ID,
60 .idProduct = PN533_PRODUCT_ID,
61 .driver_info = PN533_DEVICE_STD,
62 },
63 { .match_flags = USB_DEVICE_ID_MATCH_DEVICE,
64 .idVendor = SCM_VENDOR_ID,
65 .idProduct = SCL3711_PRODUCT_ID,
66 .driver_info = PN533_DEVICE_STD,
67 },
68 { .match_flags = USB_DEVICE_ID_MATCH_DEVICE,
69 .idVendor = SONY_VENDOR_ID,
70 .idProduct = PASORI_PRODUCT_ID,
71 .driver_info = PN533_DEVICE_PASORI,
72 },
53cf4839
WR		 73 { .match_flags = USB_DEVICE_ID_MATCH_DEVICE,
74 .idVendor = ACS_VENDOR_ID,
75 .idProduct = ACR122U_PRODUCT_ID,
76 .driver_info = PN533_DEVICE_ACR122U,
77 },
c46ee386
AAJ		 78 { }
79};
80MODULE_DEVICE_TABLE(usb, pn533_table);
81
6fbbdc16
SO		 82/* How much time we spend listening for initiators */
83#define PN533_LISTEN_TIME 2
46f793b0
SO		 84/* Delay between each poll frame (ms) */
85#define PN533_POLL_INTERVAL 10
6fbbdc16 86
1575b9d8 87/* Standard pn533 frame definitions (standard and extended)*/
63123108 88#define PN533_STD_FRAME_HEADER_LEN (sizeof(struct pn533_std_frame) \
b1bb290a 89 + 2) /* data[0] TFI, data[1] CC */
63123108 90#define PN533_STD_FRAME_TAIL_LEN 2 /* data[len] DCS, data[len + 1] postamble*/
82dec34d 91
1575b9d8
OG		 92#define PN533_EXT_FRAME_HEADER_LEN (sizeof(struct pn533_ext_frame) \
93 + 2) /* data[0] TFI, data[1] CC */
94
95#define PN533_CMD_DATAEXCH_DATA_MAXLEN 262
96#define PN533_CMD_DATAFRAME_MAXLEN 240 /* max data length (send) */
97
15461aeb
WR		 98/*
99 * Max extended frame payload len, excluding TFI and CC
100 * which are already in PN533_FRAME_HEADER_LEN.
101 */
63123108 102#define PN533_STD_FRAME_MAX_PAYLOAD_LEN 263
15461aeb 103
63123108 104#define PN533_STD_FRAME_ACK_SIZE 6 /* Preamble (1), SoPC (2), ACK Code (2),
5b5a4437 105 Postamble (1) */
63123108
WR		 106#define PN533_STD_FRAME_CHECKSUM(f) (f->data[f->datalen])
107#define PN533_STD_FRAME_POSTAMBLE(f) (f->data[f->datalen + 1])
1575b9d8
OG		 108/* Half start code (3), LEN (4) should be 0xffff for extended frame */
109#define PN533_STD_IS_EXTENDED(hdr) ((hdr)->datalen == 0xFF \
110 && (hdr)->datalen_checksum == 0xFF)
111#define PN533_EXT_FRAME_CHECKSUM(f) (f->data[be16_to_cpu(f->datalen)])
c46ee386
AAJ		 112
113/* start of frame */
63123108 114#define PN533_STD_FRAME_SOF 0x00FF
c46ee386 115
63123108
WR		 116/* standard frame identifier: in/out/error */
117#define PN533_STD_FRAME_IDENTIFIER(f) (f->data[0]) /* TFI */
118#define PN533_STD_FRAME_DIR_OUT 0xD4
119#define PN533_STD_FRAME_DIR_IN 0xD5
c46ee386 120
53cf4839
WR		 121/* ACS ACR122 pn533 frame definitions */
122#define PN533_ACR122_TX_FRAME_HEADER_LEN (sizeof(struct pn533_acr122_tx_frame) \
123 + 2)
124#define PN533_ACR122_TX_FRAME_TAIL_LEN 0
125#define PN533_ACR122_RX_FRAME_HEADER_LEN (sizeof(struct pn533_acr122_rx_frame) \
126 + 2)
127#define PN533_ACR122_RX_FRAME_TAIL_LEN 2
128#define PN533_ACR122_FRAME_MAX_PAYLOAD_LEN PN533_STD_FRAME_MAX_PAYLOAD_LEN
129
130/* CCID messages types */
131#define PN533_ACR122_PC_TO_RDR_ICCPOWERON 0x62
132#define PN533_ACR122_PC_TO_RDR_ESCAPE 0x6B
133
134#define PN533_ACR122_RDR_TO_PC_ESCAPE 0x83
135
c46ee386 136/* PN533 Commands */
1575b9d8 137#define PN533_FRAME_CMD(f) (f->data[1])
c46ee386
AAJ		 138
139#define PN533_CMD_GET_FIRMWARE_VERSION 0x02
140#define PN533_CMD_RF_CONFIGURATION 0x32
141#define PN533_CMD_IN_DATA_EXCHANGE 0x40
5c7b0531 142#define PN533_CMD_IN_COMM_THRU 0x42
c46ee386
AAJ		 143#define PN533_CMD_IN_LIST_PASSIVE_TARGET 0x4A
144#define PN533_CMD_IN_ATR 0x50
145#define PN533_CMD_IN_RELEASE 0x52
361f3cb7 146#define PN533_CMD_IN_JUMP_FOR_DEP 0x56
c46ee386 147
ad3823ce 148#define PN533_CMD_TG_INIT_AS_TARGET 0x8c
103b34cf 149#define PN533_CMD_TG_GET_DATA 0x86
dadb06f2 150#define PN533_CMD_TG_SET_DATA 0x8e
93ad4202 151#define PN533_CMD_TG_SET_META_DATA 0x94
aada17ac 152#define PN533_CMD_UNDEF 0xff
ad3823ce 153
c46ee386
AAJ		 154#define PN533_CMD_RESPONSE(cmd) (cmd + 1)
155
156/* PN533 Return codes */
157#define PN533_CMD_RET_MASK 0x3F
158#define PN533_CMD_MI_MASK 0x40
159#define PN533_CMD_RET_SUCCESS 0x00
160
161struct pn533;
162
aada17ac
WR		 163typedef int (*pn533_send_async_complete_t) (struct pn533 *dev, void *arg,
164 struct sk_buff *resp);
165
c46ee386
AAJ		 166/* structs for pn533 commands */
167
168/* PN533_CMD_GET_FIRMWARE_VERSION */
169struct pn533_fw_version {
170 u8 ic;
171 u8 ver;
172 u8 rev;
173 u8 support;
174};
175
176/* PN533_CMD_RF_CONFIGURATION */
60d9edd5
SO		 177#define PN533_CFGITEM_RF_FIELD 0x01
178#define PN533_CFGITEM_TIMING 0x02
c46ee386 179#define PN533_CFGITEM_MAX_RETRIES 0x05
60d9edd5
SO		 180#define PN533_CFGITEM_PASORI 0x82
181
3a8eab39
SO		 182#define PN533_CFGITEM_RF_FIELD_AUTO_RFCA 0x2
183#define PN533_CFGITEM_RF_FIELD_ON 0x1
184#define PN533_CFGITEM_RF_FIELD_OFF 0x0
c46ee386 185
34a85bfc
SO		 186#define PN533_CONFIG_TIMING_102 0xb
187#define PN533_CONFIG_TIMING_204 0xc
188#define PN533_CONFIG_TIMING_409 0xd
189#define PN533_CONFIG_TIMING_819 0xe
190
c46ee386
AAJ		 191#define PN533_CONFIG_MAX_RETRIES_NO_RETRY 0x00
192#define PN533_CONFIG_MAX_RETRIES_ENDLESS 0xFF
193
194struct pn533_config_max_retries {
195 u8 mx_rty_atr;
196 u8 mx_rty_psl;
197 u8 mx_rty_passive_act;
198} __packed;
199
34a85bfc
SO		 200struct pn533_config_timing {
201 u8 rfu;
202 u8 atr_res_timeout;
203 u8 dep_timeout;
204} __packed;
205
c46ee386
AAJ		 206/* PN533_CMD_IN_LIST_PASSIVE_TARGET */
207
208/* felica commands opcode */
209#define PN533_FELICA_OPC_SENSF_REQ 0
210#define PN533_FELICA_OPC_SENSF_RES 1
211/* felica SENSF_REQ parameters */
212#define PN533_FELICA_SENSF_SC_ALL 0xFFFF
213#define PN533_FELICA_SENSF_RC_NO_SYSTEM_CODE 0
214#define PN533_FELICA_SENSF_RC_SYSTEM_CODE 1
215#define PN533_FELICA_SENSF_RC_ADVANCED_PROTOCOL 2
216
217/* type B initiator_data values */
218#define PN533_TYPE_B_AFI_ALL_FAMILIES 0
219#define PN533_TYPE_B_POLL_METHOD_TIMESLOT 0
220#define PN533_TYPE_B_POLL_METHOD_PROBABILISTIC 1
221
222union pn533_cmd_poll_initdata {
223 struct {
224 u8 afi;
225 u8 polling_method;
226 } __packed type_b;
227 struct {
228 u8 opcode;
229 __be16 sc;
230 u8 rc;
231 u8 tsn;
232 } __packed felica;
233};
234
235/* Poll modulations */
236enum {
237 PN533_POLL_MOD_106KBPS_A,
238 PN533_POLL_MOD_212KBPS_FELICA,
239 PN533_POLL_MOD_424KBPS_FELICA,
240 PN533_POLL_MOD_106KBPS_JEWEL,
241 PN533_POLL_MOD_847KBPS_B,
6fbbdc16 242 PN533_LISTEN_MOD,
c46ee386
AAJ		 243
244 __PN533_POLL_MOD_AFTER_LAST,
245};
246#define PN533_POLL_MOD_MAX (__PN533_POLL_MOD_AFTER_LAST - 1)
247
248struct pn533_poll_modulations {
249 struct {
250 u8 maxtg;
251 u8 brty;
252 union pn533_cmd_poll_initdata initiator_data;
253 } __packed data;
254 u8 len;
255};
256
ef3d56e1 257static const struct pn533_poll_modulations poll_mod[] = {
c46ee386
AAJ		 258 [PN533_POLL_MOD_106KBPS_A] = {
259 .data = {
260 .maxtg = 1,
261 .brty = 0,
262 },
263 .len = 2,
264 },
265 [PN533_POLL_MOD_212KBPS_FELICA] = {
266 .data = {
267 .maxtg = 1,
268 .brty = 1,
269 .initiator_data.felica = {
270 .opcode = PN533_FELICA_OPC_SENSF_REQ,
271 .sc = PN533_FELICA_SENSF_SC_ALL,
a94e10f7 272 .rc = PN533_FELICA_SENSF_RC_SYSTEM_CODE,
31c44464 273 .tsn = 0x03,
c46ee386
AAJ		 274 },
275 },
276 .len = 7,
277 },
278 [PN533_POLL_MOD_424KBPS_FELICA] = {
279 .data = {
280 .maxtg = 1,
281 .brty = 2,
282 .initiator_data.felica = {
283 .opcode = PN533_FELICA_OPC_SENSF_REQ,
284 .sc = PN533_FELICA_SENSF_SC_ALL,
a94e10f7 285 .rc = PN533_FELICA_SENSF_RC_SYSTEM_CODE,
31c44464 286 .tsn = 0x03,
c46ee386
AAJ		 287 },
288 },
289 .len = 7,
290 },
291 [PN533_POLL_MOD_106KBPS_JEWEL] = {
292 .data = {
293 .maxtg = 1,
294 .brty = 4,
295 },
296 .len = 2,
297 },
298 [PN533_POLL_MOD_847KBPS_B] = {
299 .data = {
300 .maxtg = 1,
301 .brty = 8,
302 .initiator_data.type_b = {
303 .afi = PN533_TYPE_B_AFI_ALL_FAMILIES,
304 .polling_method =
305 PN533_TYPE_B_POLL_METHOD_TIMESLOT,
306 },
307 },
308 .len = 3,
309 },
6fbbdc16
SO		 310 [PN533_LISTEN_MOD] = {
311 .len = 0,
312 },
c46ee386
AAJ		 313};
314
315/* PN533_CMD_IN_ATR */
316
c46ee386
AAJ		 317struct pn533_cmd_activate_response {
318 u8 status;
319 u8 nfcid3t[10];
320 u8 didt;
321 u8 bst;
322 u8 brt;
323 u8 to;
324 u8 ppt;
325 /* optional */
326 u8 gt[];
327} __packed;
328
361f3cb7
SO		 329struct pn533_cmd_jump_dep_response {
330 u8 status;
331 u8 tg;
332 u8 nfcid3t[10];
333 u8 didt;
334 u8 bst;
335 u8 brt;
336 u8 to;
337 u8 ppt;
338 /* optional */
339 u8 gt[];
340} __packed;
c46ee386 341
ad3823ce
SO		 342
343/* PN533_TG_INIT_AS_TARGET */
344#define PN533_INIT_TARGET_PASSIVE 0x1
345#define PN533_INIT_TARGET_DEP 0x2
346
fc40a8c1
SO		 347#define PN533_INIT_TARGET_RESP_FRAME_MASK 0x3
348#define PN533_INIT_TARGET_RESP_ACTIVE 0x1
349#define PN533_INIT_TARGET_RESP_DEP 0x4
350
58520373
WR		 351enum pn533_protocol_type {
352 PN533_PROTO_REQ_ACK_RESP = 0,
353 PN533_PROTO_REQ_RESP
354};
355
c46ee386
AAJ		 356struct pn533 {
357 struct usb_device *udev;
358 struct usb_interface *interface;
359 struct nfc_dev *nfc_dev;
d5590bba 360 u32 device_type;
58520373 361 enum pn533_protocol_type protocol_type;
c46ee386
AAJ		 362
363 struct urb *out_urb;
c46ee386 364 struct urb *in_urb;
c46ee386 365
6ff73fd2 366 struct sk_buff_head resp_q;
963a82e0 367 struct sk_buff_head fragment_skb;
6ff73fd2 368
4849f85e
SO		 369 struct workqueue_struct *wq;
370 struct work_struct cmd_work;
5d50b364 371 struct work_struct cmd_complete_work;
46f793b0 372 struct delayed_work poll_work;
963a82e0
OG		 373 struct work_struct mi_rx_work;
374 struct work_struct mi_tx_work;
3c13b244 375 struct work_struct mi_tm_rx_work;
93ad4202 376 struct work_struct mi_tm_tx_work;
103b34cf 377 struct work_struct tg_work;
17e9d9d4 378 struct work_struct rf_work;
d5590bba
WR		 379
380 struct list_head cmd_queue;
381 struct pn533_cmd *cmd;
382 u8 cmd_pending;
d5590bba 383 struct mutex cmd_lock; /* protects cmd queue */
c46ee386 384
b1e666f5 385 void *cmd_complete_mi_arg;
963a82e0 386 void *cmd_complete_dep_arg;
c46ee386
AAJ		 387
388 struct pn533_poll_modulations *poll_mod_active[PN533_POLL_MOD_MAX + 1];
389 u8 poll_mod_count;
390 u8 poll_mod_curr;
673088fb 391 u8 poll_dep;
c46ee386 392 u32 poll_protocols;
6fbbdc16 393 u32 listen_protocols;
d5590bba
WR		 394 struct timer_list listen_timer;
395 int cancel_listen;
6fbbdc16
SO		 396
397 u8 *gb;
398 size_t gb_len;
c46ee386
AAJ		 399
400 u8 tgt_available_prots;
401 u8 tgt_active_prot;
51ad304c 402 u8 tgt_mode;
5c7b0531 403
9e2d493e 404 struct pn533_frame_ops *ops;
5d50b364
SO		 405};
406
407struct pn533_cmd {
408 struct list_head queue;
4b2a9532 409 u8 code;
f87bc9fb 410 int status;
aada17ac
WR		 411 struct sk_buff *req;
412 struct sk_buff *resp;
9e2d493e 413 int resp_len;
4231604b
WR		 414 pn533_send_async_complete_t complete_cb;
415 void *complete_cb_context;
c46ee386
AAJ		 416};
417
63123108 418struct pn533_std_frame {
c46ee386
AAJ		 419 u8 preamble;
420 __be16 start_frame;
421 u8 datalen;
422 u8 datalen_checksum;
423 u8 data[];
424} __packed;
425
1575b9d8
OG		 426struct pn533_ext_frame { /* Extended Information frame */
427 u8 preamble;
428 __be16 start_frame;
429 __be16 eif_flag; /* fixed to 0xFFFF */
430 __be16 datalen;
431 u8 datalen_checksum;
432 u8 data[];
433} __packed;
434
9e2d493e
WR		 435struct pn533_frame_ops {
436 void (*tx_frame_init)(void *frame, u8 cmd_code);
437 void (*tx_frame_finish)(void *frame);
438 void (*tx_update_payload_len)(void *frame, int len);
439 int tx_header_len;
440 int tx_tail_len;
441
56a63c82 442 bool (*rx_is_frame_valid)(void *frame, struct pn533 *dev);
9e2d493e
WR		 443 int (*rx_frame_size)(void *frame);
444 int rx_header_len;
445 int rx_tail_len;
446
447 int max_payload_len;
448 u8 (*get_cmd_code)(void *frame);
449};
450
53cf4839
WR		 451struct pn533_acr122_ccid_hdr {
452 u8 type;
453 u32 datalen;
454 u8 slot;
455 u8 seq;
456 u8 params[3]; /* 3 msg specific bytes or status, error and 1 specific
457 byte for reposnse msg */
458 u8 data[]; /* payload */
459} __packed;
460
461struct pn533_acr122_apdu_hdr {
462 u8 class;
463 u8 ins;
464 u8 p1;
465 u8 p2;
466} __packed;
467
468struct pn533_acr122_tx_frame {
469 struct pn533_acr122_ccid_hdr ccid;
470 struct pn533_acr122_apdu_hdr apdu;
471 u8 datalen;
472 u8 data[]; /* pn533 frame: TFI ... */
473} __packed;
474
475struct pn533_acr122_rx_frame {
476 struct pn533_acr122_ccid_hdr ccid;
477 u8 data[]; /* pn533 frame : TFI ... */
478} __packed;
479
480static void pn533_acr122_tx_frame_init(void *_frame, u8 cmd_code)
481{
482 struct pn533_acr122_tx_frame *frame = _frame;
483
484 frame->ccid.type = PN533_ACR122_PC_TO_RDR_ESCAPE;
485 frame->ccid.datalen = sizeof(frame->apdu) + 1; /* sizeof(apdu_hdr) +
486 sizeof(datalen) */
487 frame->ccid.slot = 0;
488 frame->ccid.seq = 0;
489 frame->ccid.params[0] = 0;
490 frame->ccid.params[1] = 0;
491 frame->ccid.params[2] = 0;
492
493 frame->data[0] = PN533_STD_FRAME_DIR_OUT;
494 frame->data[1] = cmd_code;
495 frame->datalen = 2; /* data[0] + data[1] */
496
497 frame->apdu.class = 0xFF;
498 frame->apdu.ins = 0;
499 frame->apdu.p1 = 0;
500 frame->apdu.p2 = 0;
501}
502
503static void pn533_acr122_tx_frame_finish(void *_frame)
504{
505 struct pn533_acr122_tx_frame *frame = _frame;
506
507 frame->ccid.datalen += frame->datalen;
508}
509
510static void pn533_acr122_tx_update_payload_len(void *_frame, int len)
511{
512 struct pn533_acr122_tx_frame *frame = _frame;
513
514 frame->datalen += len;
515}
516
56a63c82 517static bool pn533_acr122_is_rx_frame_valid(void *_frame, struct pn533 *dev)
53cf4839
WR		 518{
519 struct pn533_acr122_rx_frame *frame = _frame;
520
521 if (frame->ccid.type != 0x83)
522 return false;
523
524 if (frame->data[frame->ccid.datalen - 2] == 0x63)
525 return false;
526
527 return true;
528}
529
530static int pn533_acr122_rx_frame_size(void *frame)
531{
532 struct pn533_acr122_rx_frame *f = frame;
533
534 /* f->ccid.datalen already includes tail length */
535 return sizeof(struct pn533_acr122_rx_frame) + f->ccid.datalen;
536}
537
538static u8 pn533_acr122_get_cmd_code(void *frame)
539{
540 struct pn533_acr122_rx_frame *f = frame;
541
1575b9d8 542 return PN533_FRAME_CMD(f);
53cf4839
WR		 543}
544
545static struct pn533_frame_ops pn533_acr122_frame_ops = {
546 .tx_frame_init = pn533_acr122_tx_frame_init,
547 .tx_frame_finish = pn533_acr122_tx_frame_finish,
548 .tx_update_payload_len = pn533_acr122_tx_update_payload_len,
549 .tx_header_len = PN533_ACR122_TX_FRAME_HEADER_LEN,
550 .tx_tail_len = PN533_ACR122_TX_FRAME_TAIL_LEN,
551
552 .rx_is_frame_valid = pn533_acr122_is_rx_frame_valid,
553 .rx_header_len = PN533_ACR122_RX_FRAME_HEADER_LEN,
554 .rx_tail_len = PN533_ACR122_RX_FRAME_TAIL_LEN,
555 .rx_frame_size = pn533_acr122_rx_frame_size,
556
557 .max_payload_len = PN533_ACR122_FRAME_MAX_PAYLOAD_LEN,
558 .get_cmd_code = pn533_acr122_get_cmd_code,
559};
560
1575b9d8
OG		 561/* The rule: value(high byte) + value(low byte) + checksum = 0 */
562static inline u8 pn533_ext_checksum(u16 value)
563{
564 return ~(u8)(((value & 0xFF00) >> 8) + (u8)(value & 0xFF)) + 1;
565}
566
c46ee386 567/* The rule: value + checksum = 0 */
63123108 568static inline u8 pn533_std_checksum(u8 value)
c46ee386
AAJ		 569{
570 return ~value + 1;
571}
572
573/* The rule: sum(data elements) + checksum = 0 */
63123108 574static u8 pn533_std_data_checksum(u8 *data, int datalen)
c46ee386
AAJ		 575{
576 u8 sum = 0;
577 int i;
578
579 for (i = 0; i < datalen; i++)
580 sum += data[i];
581
63123108 582 return pn533_std_checksum(sum);
c46ee386
AAJ		 583}
584
63123108 585static void pn533_std_tx_frame_init(void *_frame, u8 cmd_code)
c46ee386 586{
63123108 587 struct pn533_std_frame *frame = _frame;
9e2d493e 588
c46ee386 589 frame->preamble = 0;
63123108
WR		 590 frame->start_frame = cpu_to_be16(PN533_STD_FRAME_SOF);
591 PN533_STD_FRAME_IDENTIFIER(frame) = PN533_STD_FRAME_DIR_OUT;
1575b9d8 592 PN533_FRAME_CMD(frame) = cmd_code;
c46ee386
AAJ		 593 frame->datalen = 2;
594}
595
63123108 596static void pn533_std_tx_frame_finish(void *_frame)
c46ee386 597{
63123108 598 struct pn533_std_frame *frame = _frame;
9e2d493e 599
63123108 600 frame->datalen_checksum = pn533_std_checksum(frame->datalen);
c46ee386 601
63123108
WR		 602 PN533_STD_FRAME_CHECKSUM(frame) =
603 pn533_std_data_checksum(frame->data, frame->datalen);
c46ee386 604
63123108 605 PN533_STD_FRAME_POSTAMBLE(frame) = 0;
c46ee386
AAJ		 606}
607
63123108 608static void pn533_std_tx_update_payload_len(void *_frame, int len)
9e2d493e 609{
63123108 610 struct pn533_std_frame *frame = _frame;
9e2d493e
WR		 611
612 frame->datalen += len;
613}
614
56a63c82 615static bool pn533_std_rx_frame_is_valid(void *_frame, struct pn533 *dev)
c46ee386
AAJ		 616{
617 u8 checksum;
1575b9d8 618 struct pn533_std_frame *stdf = _frame;
c46ee386 619
1575b9d8 620 if (stdf->start_frame != cpu_to_be16(PN533_STD_FRAME_SOF))
c46ee386
AAJ		 621 return false;
622
1575b9d8
OG		 623 if (likely(!PN533_STD_IS_EXTENDED(stdf))) {
624 /* Standard frame code */
56a63c82 625 dev->ops->rx_header_len = PN533_STD_FRAME_HEADER_LEN;
1575b9d8
OG		 626
627 checksum = pn533_std_checksum(stdf->datalen);
628 if (checksum != stdf->datalen_checksum)
629 return false;
630
631 checksum = pn533_std_data_checksum(stdf->data, stdf->datalen);
632 if (checksum != PN533_STD_FRAME_CHECKSUM(stdf))
633 return false;
634 } else {
635 /* Extended */
636 struct pn533_ext_frame *eif = _frame;
637
56a63c82
OG		 638 dev->ops->rx_header_len = PN533_EXT_FRAME_HEADER_LEN;
639
1575b9d8
OG		 640 checksum = pn533_ext_checksum(be16_to_cpu(eif->datalen));
641 if (checksum != eif->datalen_checksum)
642 return false;
643
644 /* check data checksum */
645 checksum = pn533_std_data_checksum(eif->data,
646 be16_to_cpu(eif->datalen));
647 if (checksum != PN533_EXT_FRAME_CHECKSUM(eif))
648 return false;
649 }
c46ee386
AAJ		 650
651 return true;
652}
653
63123108 654static bool pn533_std_rx_frame_is_ack(struct pn533_std_frame *frame)
c46ee386 655{
63123108 656 if (frame->start_frame != cpu_to_be16(PN533_STD_FRAME_SOF))
c46ee386
AAJ		 657 return false;
658
659 if (frame->datalen != 0 || frame->datalen_checksum != 0xFF)
660 return false;
661
662 return true;
663}
664
63123108 665static inline int pn533_std_rx_frame_size(void *frame)
9e2d493e 666{
63123108 667 struct pn533_std_frame *f = frame;
9e2d493e 668
1575b9d8
OG		 669 /* check for Extended Information frame */
670 if (PN533_STD_IS_EXTENDED(f)) {
671 struct pn533_ext_frame *eif = frame;
672
673 return sizeof(struct pn533_ext_frame)
674 + be16_to_cpu(eif->datalen) + PN533_STD_FRAME_TAIL_LEN;
675 }
676
63123108
WR		 677 return sizeof(struct pn533_std_frame) + f->datalen +
678 PN533_STD_FRAME_TAIL_LEN;
9e2d493e
WR		 679}
680
63123108 681static u8 pn533_std_get_cmd_code(void *frame)
9e2d493e 682{
63123108 683 struct pn533_std_frame *f = frame;
1575b9d8 684 struct pn533_ext_frame *eif = frame;
9e2d493e 685
1575b9d8
OG		 686 if (PN533_STD_IS_EXTENDED(f))
687 return PN533_FRAME_CMD(eif);
688 else
689 return PN533_FRAME_CMD(f);
9e2d493e
WR		 690}
691
ef3d56e1 692static struct pn533_frame_ops pn533_std_frame_ops = {
63123108
WR		 693 .tx_frame_init = pn533_std_tx_frame_init,
694 .tx_frame_finish = pn533_std_tx_frame_finish,
695 .tx_update_payload_len = pn533_std_tx_update_payload_len,
696 .tx_header_len = PN533_STD_FRAME_HEADER_LEN,
697 .tx_tail_len = PN533_STD_FRAME_TAIL_LEN,
698
699 .rx_is_frame_valid = pn533_std_rx_frame_is_valid,
700 .rx_frame_size = pn533_std_rx_frame_size,
701 .rx_header_len = PN533_STD_FRAME_HEADER_LEN,
702 .rx_tail_len = PN533_STD_FRAME_TAIL_LEN,
703
704 .max_payload_len = PN533_STD_FRAME_MAX_PAYLOAD_LEN,
705 .get_cmd_code = pn533_std_get_cmd_code,
9e2d493e
WR		 706};
707
708static bool pn533_rx_frame_is_cmd_response(struct pn533 *dev, void *frame)
c46ee386 709{
2c206fb7 710 return (dev->ops->get_cmd_code(frame) ==
4b2a9532 711 PN533_CMD_RESPONSE(dev->cmd->code));
c46ee386
AAJ		 712}
713
c46ee386
AAJ		 714static void pn533_recv_response(struct urb *urb)
715{
716 struct pn533 *dev = urb->context;
f87bc9fb 717 struct pn533_cmd *cmd = dev->cmd;
9e2d493e 718 u8 *in_frame;
c46ee386 719
f87bc9fb
WR		 720 cmd->status = urb->status;
721
c46ee386
AAJ		 722 switch (urb->status) {
723 case 0:
f8f99171 724 break; /* success */
c46ee386
AAJ		 725 case -ECONNRESET:
726 case -ENOENT:
b4834839
JP		 727 dev_dbg(&dev->interface->dev,
728 "The urb has been canceled (status %d)\n",
729 urb->status);
4849f85e 730 goto sched_wq;
f8f99171 731 case -ESHUTDOWN:
c46ee386 732 default:
073a625f
JP		 733 nfc_err(&dev->interface->dev,
734 "Urb failure (status %d)\n", urb->status);
4849f85e 735 goto sched_wq;
c46ee386
AAJ		 736 }
737
738 in_frame = dev->in_urb->transfer_buffer;
739
b4834839 740 dev_dbg(&dev->interface->dev, "Received a frame\n");
e279f84f
SO		 741 print_hex_dump_debug("PN533 RX: ", DUMP_PREFIX_NONE, 16, 1, in_frame,
742 dev->ops->rx_frame_size(in_frame), false);
99e591be 743
56a63c82 744 if (!dev->ops->rx_is_frame_valid(in_frame, dev)) {
073a625f 745 nfc_err(&dev->interface->dev, "Received an invalid frame\n");
f87bc9fb 746 cmd->status = -EIO;
4849f85e 747 goto sched_wq;
c46ee386
AAJ		 748 }
749
9e2d493e 750 if (!pn533_rx_frame_is_cmd_response(dev, in_frame)) {
073a625f
JP		 751 nfc_err(&dev->interface->dev,
752 "It it not the response to the last command\n");
f87bc9fb 753 cmd->status = -EIO;
4849f85e 754 goto sched_wq;
c46ee386
AAJ		 755 }
756
4849f85e 757sched_wq:
5d50b364 758 queue_work(dev->wq, &dev->cmd_complete_work);
c46ee386
AAJ		 759}
760
761static int pn533_submit_urb_for_response(struct pn533 *dev, gfp_t flags)
762{
763 dev->in_urb->complete = pn533_recv_response;
764
765 return usb_submit_urb(dev->in_urb, flags);
766}
767
768static void pn533_recv_ack(struct urb *urb)
769{
770 struct pn533 *dev = urb->context;
f87bc9fb 771 struct pn533_cmd *cmd = dev->cmd;
63123108 772 struct pn533_std_frame *in_frame;
c46ee386
AAJ		 773 int rc;
774
f87bc9fb
WR		 775 cmd->status = urb->status;
776
c46ee386
AAJ		 777 switch (urb->status) {
778 case 0:
f8f99171 779 break; /* success */
c46ee386
AAJ		 780 case -ECONNRESET:
781 case -ENOENT:
b4834839
JP		 782 dev_dbg(&dev->interface->dev,
783 "The urb has been stopped (status %d)\n",
784 urb->status);
4849f85e 785 goto sched_wq;
f8f99171 786 case -ESHUTDOWN:
c46ee386 787 default:
073a625f
JP		 788 nfc_err(&dev->interface->dev,
789 "Urb failure (status %d)\n", urb->status);
4849f85e 790 goto sched_wq;
c46ee386
AAJ		 791 }
792
793 in_frame = dev->in_urb->transfer_buffer;
794
63123108 795 if (!pn533_std_rx_frame_is_ack(in_frame)) {
073a625f 796 nfc_err(&dev->interface->dev, "Received an invalid ack\n");
f87bc9fb 797 cmd->status = -EIO;
4849f85e 798 goto sched_wq;
c46ee386
AAJ		 799 }
800
c46ee386
AAJ		 801 rc = pn533_submit_urb_for_response(dev, GFP_ATOMIC);
802 if (rc) {
073a625f
JP		 803 nfc_err(&dev->interface->dev,
804 "usb_submit_urb failed with result %d\n", rc);
f87bc9fb 805 cmd->status = rc;
4849f85e 806 goto sched_wq;
c46ee386
AAJ		 807 }
808
809 return;
810
4849f85e 811sched_wq:
5d50b364 812 queue_work(dev->wq, &dev->cmd_complete_work);
c46ee386
AAJ		 813}
814
815static int pn533_submit_urb_for_ack(struct pn533 *dev, gfp_t flags)
816{
817 dev->in_urb->complete = pn533_recv_ack;
818
819 return usb_submit_urb(dev->in_urb, flags);
820}
821
822static int pn533_send_ack(struct pn533 *dev, gfp_t flags)
823{
63123108 824 u8 ack[PN533_STD_FRAME_ACK_SIZE] = {0x00, 0x00, 0xff, 0x00, 0xff, 0x00};
5b5a4437 825 /* spec 7.1.1.3: Preamble, SoPC (2), ACK Code (2), Postamble */
c46ee386
AAJ		 826 int rc;
827
5b5a4437
WR		 828 dev->out_urb->transfer_buffer = ack;
829 dev->out_urb->transfer_buffer_length = sizeof(ack);
c46ee386
AAJ		 830 rc = usb_submit_urb(dev->out_urb, flags);
831
832 return rc;
833}
834
e8f40531
WR		 835static int __pn533_send_frame_async(struct pn533 *dev,
836 struct sk_buff *out,
837 struct sk_buff *in,
ddf19d20 838 int in_len)
c46ee386
AAJ		 839{
840 int rc;
841
e8f40531
WR		 842 dev->out_urb->transfer_buffer = out->data;
843 dev->out_urb->transfer_buffer_length = out->len;
c46ee386 844
e8f40531
WR		 845 dev->in_urb->transfer_buffer = in->data;
846 dev->in_urb->transfer_buffer_length = in_len;
c46ee386 847
e279f84f
SO		 848 print_hex_dump_debug("PN533 TX: ", DUMP_PREFIX_NONE, 16, 1,
849 out->data, out->len, false);
99e591be 850
d94ea4f5 851 rc = usb_submit_urb(dev->out_urb, GFP_KERNEL);
c46ee386
AAJ		 852 if (rc)
853 return rc;
854
58520373
WR		 855 if (dev->protocol_type == PN533_PROTO_REQ_RESP) {
856 /* request for response for sent packet directly */
857 rc = pn533_submit_urb_for_response(dev, GFP_ATOMIC);
858 if (rc)
859 goto error;
860 } else if (dev->protocol_type == PN533_PROTO_REQ_ACK_RESP) {
861 /* request for ACK if that's the case */
862 rc = pn533_submit_urb_for_ack(dev, GFP_KERNEL);
863 if (rc)
864 goto error;
865 }
c46ee386
AAJ		 866
867 return 0;
868
869error:
870 usb_unlink_urb(dev->out_urb);
871 return rc;
872}
873
9e2d493e
WR		 874static void pn533_build_cmd_frame(struct pn533 *dev, u8 cmd_code,
875 struct sk_buff *skb)
aada17ac 876{
aada17ac
WR		 877 /* payload is already there, just update datalen */
878 int payload_len = skb->len;
9e2d493e 879 struct pn533_frame_ops *ops = dev->ops;
aada17ac 880
aada17ac 881
9e2d493e
WR		 882 skb_push(skb, ops->tx_header_len);
883 skb_put(skb, ops->tx_tail_len);
aada17ac 884
9e2d493e
WR		 885 ops->tx_frame_init(skb->data, cmd_code);
886 ops->tx_update_payload_len(skb->data, payload_len);
887 ops->tx_frame_finish(skb->data);
aada17ac
WR		 888}
889
ddf19d20 890static int pn533_send_async_complete(struct pn533 *dev)
aada17ac 891{
ddf19d20 892 struct pn533_cmd *cmd = dev->cmd;
f87bc9fb 893 int status = cmd->status;
aada17ac 894
4231604b
WR		 895 struct sk_buff *req = cmd->req;
896 struct sk_buff *resp = cmd->resp;
aada17ac 897
aada17ac
WR		 898 int rc;
899
900 dev_kfree_skb(req);
901
0c33d262 902 if (status < 0) {
4231604b
WR		 903 rc = cmd->complete_cb(dev, cmd->complete_cb_context,
904 ERR_PTR(status));
aada17ac 905 dev_kfree_skb(resp);
2c206fb7 906 goto done;
aada17ac
WR		 907 }
908
9e2d493e
WR		 909 skb_put(resp, dev->ops->rx_frame_size(resp->data));
910 skb_pull(resp, dev->ops->rx_header_len);
911 skb_trim(resp, resp->len - dev->ops->rx_tail_len);
aada17ac 912
4231604b 913 rc = cmd->complete_cb(dev, cmd->complete_cb_context, resp);
aada17ac 914
2c206fb7 915done:
4231604b 916 kfree(cmd);
2c206fb7 917 dev->cmd = NULL;
aada17ac
WR		 918 return rc;
919}
920
921static int __pn533_send_async(struct pn533 *dev, u8 cmd_code,
922 struct sk_buff *req, struct sk_buff *resp,
923 int resp_len,
924 pn533_send_async_complete_t complete_cb,
925 void *complete_cb_context)
926{
927 struct pn533_cmd *cmd;
aada17ac
WR		 928 int rc = 0;
929
b4834839 930 dev_dbg(&dev->interface->dev, "Sending command 0x%x\n", cmd_code);
aada17ac 931
4231604b
WR		 932 cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
933 if (!cmd)
aada17ac
WR		 934 return -ENOMEM;
935
4b2a9532 936 cmd->code = cmd_code;
4231604b
WR		 937 cmd->req = req;
938 cmd->resp = resp;
939 cmd->resp_len = resp_len;
940 cmd->complete_cb = complete_cb;
941 cmd->complete_cb_context = complete_cb_context;
aada17ac 942
9e2d493e 943 pn533_build_cmd_frame(dev, cmd_code, req);
aada17ac
WR		 944
945 mutex_lock(&dev->cmd_lock);
946
947 if (!dev->cmd_pending) {
ddf19d20 948 rc = __pn533_send_frame_async(dev, req, resp, resp_len);
aada17ac
WR		 949 if (rc)
950 goto error;
951
952 dev->cmd_pending = 1;
2c206fb7 953 dev->cmd = cmd;
aada17ac
WR		 954 goto unlock;
955 }
956
b4834839
JP		 957 dev_dbg(&dev->interface->dev, "%s Queueing command 0x%x\n",
958 __func__, cmd_code);
aada17ac 959
aada17ac 960 INIT_LIST_HEAD(&cmd->queue);
aada17ac
WR		 961 list_add_tail(&cmd->queue, &dev->cmd_queue);
962
963 goto unlock;
964
965error:
4231604b 966 kfree(cmd);
aada17ac
WR		 967unlock:
968 mutex_unlock(&dev->cmd_lock);
969 return rc;
15461aeb
WR		 970}
971
972static int pn533_send_data_async(struct pn533 *dev, u8 cmd_code,
973 struct sk_buff *req,
974 pn533_send_async_complete_t complete_cb,
975 void *complete_cb_context)
976{
977 struct sk_buff *resp;
978 int rc;
9e2d493e
WR		 979 int resp_len = dev->ops->rx_header_len +
980 dev->ops->max_payload_len +
981 dev->ops->rx_tail_len;
15461aeb 982
15461aeb
WR		 983 resp = nfc_alloc_recv_skb(resp_len, GFP_KERNEL);
984 if (!resp)
985 return -ENOMEM;
986
987 rc = __pn533_send_async(dev, cmd_code, req, resp, resp_len, complete_cb,
988 complete_cb_context);
989 if (rc)
990 dev_kfree_skb(resp);
991
992 return rc;
aada17ac
WR		 993}
994
995static int pn533_send_cmd_async(struct pn533 *dev, u8 cmd_code,
996 struct sk_buff *req,
997 pn533_send_async_complete_t complete_cb,
998 void *complete_cb_context)
999{
1000 struct sk_buff *resp;
1001 int rc;
9e2d493e
WR		 1002 int resp_len = dev->ops->rx_header_len +
1003 dev->ops->max_payload_len +
1004 dev->ops->rx_tail_len;
aada17ac 1005
9e2d493e 1006 resp = alloc_skb(resp_len, GFP_KERNEL);
aada17ac
WR		 1007 if (!resp)
1008 return -ENOMEM;
1009
9e2d493e
WR		 1010 rc = __pn533_send_async(dev, cmd_code, req, resp, resp_len, complete_cb,
1011 complete_cb_context);
aada17ac
WR		 1012 if (rc)
1013 dev_kfree_skb(resp);
1014
1015 return rc;
1016}
1017
b1e666f5
WR		 1018/*
1019 * pn533_send_cmd_direct_async
1020 *
1021 * The function sends a piority cmd directly to the chip omiting the cmd
1022 * queue. It's intended to be used by chaining mechanism of received responses
1023 * where the host has to request every single chunk of data before scheduling
1024 * next cmd from the queue.
1025 */
1026static int pn533_send_cmd_direct_async(struct pn533 *dev, u8 cmd_code,
1027 struct sk_buff *req,
1028 pn533_send_async_complete_t complete_cb,
1029 void *complete_cb_context)
1030{
b1e666f5 1031 struct sk_buff *resp;
4231604b 1032 struct pn533_cmd *cmd;
b1e666f5 1033 int rc;
9e2d493e
WR		 1034 int resp_len = dev->ops->rx_header_len +
1035 dev->ops->max_payload_len +
1036 dev->ops->rx_tail_len;
b1e666f5 1037
b1e666f5
WR		 1038 resp = alloc_skb(resp_len, GFP_KERNEL);
1039 if (!resp)
1040 return -ENOMEM;
1041
4231604b
WR		 1042 cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
1043 if (!cmd) {
b1e666f5
WR		 1044 dev_kfree_skb(resp);
1045 return -ENOMEM;
1046 }
1047
4b2a9532 1048 cmd->code = cmd_code;
4231604b
WR		 1049 cmd->req = req;
1050 cmd->resp = resp;
1051 cmd->resp_len = resp_len;
1052 cmd->complete_cb = complete_cb;
1053 cmd->complete_cb_context = complete_cb_context;
b1e666f5 1054
9e2d493e 1055 pn533_build_cmd_frame(dev, cmd_code, req);
b1e666f5 1056
ddf19d20 1057 rc = __pn533_send_frame_async(dev, req, resp, resp_len);
b1e666f5
WR		 1058 if (rc < 0) {
1059 dev_kfree_skb(resp);
4231604b 1060 kfree(cmd);
2c206fb7
WR		 1061 } else {
1062 dev->cmd = cmd;
b1e666f5
WR		 1063 }
1064
1065 return rc;
1066}
1067
c79490e1
WR		 1068static void pn533_wq_cmd_complete(struct work_struct *work)
1069{
1070 struct pn533 *dev = container_of(work, struct pn533, cmd_complete_work);
1071 int rc;
1072
1073 rc = pn533_send_async_complete(dev);
1074 if (rc != -EINPROGRESS)
1075 queue_work(dev->wq, &dev->cmd_work);
1076}
1077
5d50b364
SO		 1078static void pn533_wq_cmd(struct work_struct *work)
1079{
1080 struct pn533 *dev = container_of(work, struct pn533, cmd_work);
1081 struct pn533_cmd *cmd;
0ce1fbdd 1082 int rc;
5d50b364
SO		 1083
1084 mutex_lock(&dev->cmd_lock);
1085
1086 if (list_empty(&dev->cmd_queue)) {
1087 dev->cmd_pending = 0;
1088 mutex_unlock(&dev->cmd_lock);
1089 return;
1090 }
1091
1092 cmd = list_first_entry(&dev->cmd_queue, struct pn533_cmd, queue);
1093
60ad07ab
SJ		 1094 list_del(&cmd->queue);
1095
5d50b364
SO		 1096 mutex_unlock(&dev->cmd_lock);
1097
ddf19d20 1098 rc = __pn533_send_frame_async(dev, cmd->req, cmd->resp, cmd->resp_len);
0ce1fbdd
WR		 1099 if (rc < 0) {
1100 dev_kfree_skb(cmd->req);
1101 dev_kfree_skb(cmd->resp);
4231604b 1102 kfree(cmd);
2c206fb7 1103 return;
0ce1fbdd 1104 }
2c206fb7
WR		 1105
1106 dev->cmd = cmd;
5d50b364
SO		 1107}
1108
c46ee386 1109struct pn533_sync_cmd_response {
94c5c156 1110 struct sk_buff *resp;
c46ee386
AAJ		 1111 struct completion done;
1112};
1113
94c5c156
WR		 1114static int pn533_send_sync_complete(struct pn533 *dev, void *_arg,
1115 struct sk_buff *resp)
1116{
1117 struct pn533_sync_cmd_response *arg = _arg;
1118
94c5c156
WR		 1119 arg->resp = resp;
1120 complete(&arg->done);
1121
1122 return 0;
1123}
1124
1125/* pn533_send_cmd_sync
1126 *
1127 * Please note the req parameter is freed inside the function to
1128 * limit a number of return value interpretations by the caller.
1129 *
1130 * 1. negative in case of error during TX path -> req should be freed
1131 *
1132 * 2. negative in case of error during RX path -> req should not be freed
1133 * as it's been already freed at the begining of RX path by
1134 * async_complete_cb.
1135 *
1136 * 3. valid pointer in case of succesfult RX path
1137 *
1138 * A caller has to check a return value with IS_ERR macro. If the test pass,
1139 * the returned pointer is valid.
1140 *
1141 * */
1142static struct sk_buff *pn533_send_cmd_sync(struct pn533 *dev, u8 cmd_code,
1143 struct sk_buff *req)
1144{
1145 int rc;
1146 struct pn533_sync_cmd_response arg;
1147
94c5c156
WR		 1148 init_completion(&arg.done);
1149
1150 rc = pn533_send_cmd_async(dev, cmd_code, req,
1151 pn533_send_sync_complete, &arg);
1152 if (rc) {
1153 dev_kfree_skb(req);
1154 return ERR_PTR(rc);
1155 }
1156
1157 wait_for_completion(&arg.done);
1158
1159 return arg.resp;
1160}
1161
c46ee386
AAJ		 1162static void pn533_send_complete(struct urb *urb)
1163{
1164 struct pn533 *dev = urb->context;
1165
c46ee386
AAJ		 1166 switch (urb->status) {
1167 case 0:
f8f99171 1168 break; /* success */
c46ee386
AAJ		 1169 case -ECONNRESET:
1170 case -ENOENT:
b4834839
JP		 1171 dev_dbg(&dev->interface->dev,
1172 "The urb has been stopped (status %d)\n",
1173 urb->status);
c46ee386 1174 break;
f8f99171 1175 case -ESHUTDOWN:
c46ee386 1176 default:
073a625f
JP		 1177 nfc_err(&dev->interface->dev, "Urb failure (status %d)\n",
1178 urb->status);
c46ee386
AAJ		 1179 }
1180}
1181
10cff29a
WR		 1182static void pn533_abort_cmd(struct pn533 *dev, gfp_t flags)
1183{
1184 /* ACR122U does not support any command which aborts last
1185 * issued command i.e. as ACK for standard PN533. Additionally,
1186 * it behaves stange, sending broken or incorrect responses,
1187 * when we cancel urb before the chip will send response.
1188 */
1189 if (dev->device_type == PN533_DEVICE_ACR122U)
1190 return;
1191
1192 /* An ack will cancel the last issued command */
1193 pn533_send_ack(dev, flags);
1194
1195 /* cancel the urb request */
1196 usb_kill_urb(dev->in_urb);
1197}
1198
9e2d493e 1199static struct sk_buff *pn533_alloc_skb(struct pn533 *dev, unsigned int size)
d22b2db6
WR		 1200{
1201 struct sk_buff *skb;
1202
9e2d493e 1203 skb = alloc_skb(dev->ops->tx_header_len +
d22b2db6 1204 size +
9e2d493e 1205 dev->ops->tx_tail_len, GFP_KERNEL);
d22b2db6
WR		 1206
1207 if (skb)
9e2d493e 1208 skb_reserve(skb, dev->ops->tx_header_len);
d22b2db6
WR		 1209
1210 return skb;
1211}
1212
c46ee386
AAJ		 1213struct pn533_target_type_a {
1214 __be16 sens_res;
1215 u8 sel_res;
1216 u8 nfcid_len;
1217 u8 nfcid_data[];
1218} __packed;
1219
1220
1221#define PN533_TYPE_A_SENS_RES_NFCID1(x) ((u8)((be16_to_cpu(x) & 0x00C0) >> 6))
1222#define PN533_TYPE_A_SENS_RES_SSD(x) ((u8)((be16_to_cpu(x) & 0x001F) >> 0))
1223#define PN533_TYPE_A_SENS_RES_PLATCONF(x) ((u8)((be16_to_cpu(x) & 0x0F00) >> 8))
1224
1225#define PN533_TYPE_A_SENS_RES_SSD_JEWEL 0x00
1226#define PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL 0x0C
1227
1228#define PN533_TYPE_A_SEL_PROT(x) (((x) & 0x60) >> 5)
1229#define PN533_TYPE_A_SEL_CASCADE(x) (((x) & 0x04) >> 2)
1230
1231#define PN533_TYPE_A_SEL_PROT_MIFARE 0
1232#define PN533_TYPE_A_SEL_PROT_ISO14443 1
1233#define PN533_TYPE_A_SEL_PROT_DEP 2
1234#define PN533_TYPE_A_SEL_PROT_ISO14443_DEP 3
1235
1236static bool pn533_target_type_a_is_valid(struct pn533_target_type_a *type_a,
1237 int target_data_len)
1238{
1239 u8 ssd;
1240 u8 platconf;
1241
1242 if (target_data_len < sizeof(struct pn533_target_type_a))
1243 return false;
1244
1245 /* The lenght check of nfcid[] and ats[] are not being performed because
1246 the values are not being used */
1247
1248 /* Requirement 4.6.3.3 from NFC Forum Digital Spec */
1249 ssd = PN533_TYPE_A_SENS_RES_SSD(type_a->sens_res);
1250 platconf = PN533_TYPE_A_SENS_RES_PLATCONF(type_a->sens_res);
1251
1252 if ((ssd == PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
5d467742
WR		 1253 platconf != PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL) ||
1254 (ssd != PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
1255 platconf == PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL))
c46ee386
AAJ		 1256 return false;
1257
1258 /* Requirements 4.8.2.1, 4.8.2.3, 4.8.2.5 and 4.8.2.7 from NFC Forum */
1259 if (PN533_TYPE_A_SEL_CASCADE(type_a->sel_res) != 0)
1260 return false;
1261
1262 return true;
1263}
1264
1265static int pn533_target_found_type_a(struct nfc_target *nfc_tgt, u8 *tgt_data,
1266 int tgt_data_len)
1267{
1268 struct pn533_target_type_a *tgt_type_a;
1269
37cf4fc6 1270 tgt_type_a = (struct pn533_target_type_a *)tgt_data;
c46ee386
AAJ		 1271
1272 if (!pn533_target_type_a_is_valid(tgt_type_a, tgt_data_len))
1273 return -EPROTO;
1274
1275 switch (PN533_TYPE_A_SEL_PROT(tgt_type_a->sel_res)) {
1276 case PN533_TYPE_A_SEL_PROT_MIFARE:
1277 nfc_tgt->supported_protocols = NFC_PROTO_MIFARE_MASK;
1278 break;
1279 case PN533_TYPE_A_SEL_PROT_ISO14443:
1280 nfc_tgt->supported_protocols = NFC_PROTO_ISO14443_MASK;
1281 break;
1282 case PN533_TYPE_A_SEL_PROT_DEP:
1283 nfc_tgt->supported_protocols = NFC_PROTO_NFC_DEP_MASK;
1284 break;
1285 case PN533_TYPE_A_SEL_PROT_ISO14443_DEP:
1286 nfc_tgt->supported_protocols = NFC_PROTO_ISO14443_MASK |
1287 NFC_PROTO_NFC_DEP_MASK;
1288 break;
1289 }
1290
1291 nfc_tgt->sens_res = be16_to_cpu(tgt_type_a->sens_res);
1292 nfc_tgt->sel_res = tgt_type_a->sel_res;
c3b1e1e8
SO		 1293 nfc_tgt->nfcid1_len = tgt_type_a->nfcid_len;
1294 memcpy(nfc_tgt->nfcid1, tgt_type_a->nfcid_data, nfc_tgt->nfcid1_len);
c46ee386
AAJ		 1295
1296 return 0;
1297}
1298
1299struct pn533_target_felica {
1300 u8 pol_res;
1301 u8 opcode;
322bce95 1302 u8 nfcid2[NFC_NFCID2_MAXSIZE];
c46ee386
AAJ		 1303 u8 pad[8];
1304 /* optional */
1305 u8 syst_code[];
1306} __packed;
1307
1308#define PN533_FELICA_SENSF_NFCID2_DEP_B1 0x01
1309#define PN533_FELICA_SENSF_NFCID2_DEP_B2 0xFE
1310
1311static bool pn533_target_felica_is_valid(struct pn533_target_felica *felica,
1312 int target_data_len)
1313{
1314 if (target_data_len < sizeof(struct pn533_target_felica))
1315 return false;
1316
1317 if (felica->opcode != PN533_FELICA_OPC_SENSF_RES)
1318 return false;
1319
1320 return true;
1321}
1322
1323static int pn533_target_found_felica(struct nfc_target *nfc_tgt, u8 *tgt_data,
1324 int tgt_data_len)
1325{
1326 struct pn533_target_felica *tgt_felica;
1327
37cf4fc6 1328 tgt_felica = (struct pn533_target_felica *)tgt_data;
c46ee386
AAJ		 1329
1330 if (!pn533_target_felica_is_valid(tgt_felica, tgt_data_len))
1331 return -EPROTO;
1332
5d467742
WR		 1333 if ((tgt_felica->nfcid2[0] == PN533_FELICA_SENSF_NFCID2_DEP_B1) &&
1334 (tgt_felica->nfcid2[1] == PN533_FELICA_SENSF_NFCID2_DEP_B2))
c46ee386
AAJ		 1335 nfc_tgt->supported_protocols = NFC_PROTO_NFC_DEP_MASK;
1336 else
1337 nfc_tgt->supported_protocols = NFC_PROTO_FELICA_MASK;
1338
7975754f
SO		 1339 memcpy(nfc_tgt->sensf_res, &tgt_felica->opcode, 9);
1340 nfc_tgt->sensf_res_len = 9;
1341
322bce95
SO		 1342 memcpy(nfc_tgt->nfcid2, tgt_felica->nfcid2, NFC_NFCID2_MAXSIZE);
1343 nfc_tgt->nfcid2_len = NFC_NFCID2_MAXSIZE;
1344
c46ee386
AAJ		 1345 return 0;
1346}
1347
1348struct pn533_target_jewel {
1349 __be16 sens_res;
1350 u8 jewelid[4];
1351} __packed;
1352
1353static bool pn533_target_jewel_is_valid(struct pn533_target_jewel *jewel,
1354 int target_data_len)
1355{
1356 u8 ssd;
1357 u8 platconf;
1358
1359 if (target_data_len < sizeof(struct pn533_target_jewel))
1360 return false;
1361
1362 /* Requirement 4.6.3.3 from NFC Forum Digital Spec */
1363 ssd = PN533_TYPE_A_SENS_RES_SSD(jewel->sens_res);
1364 platconf = PN533_TYPE_A_SENS_RES_PLATCONF(jewel->sens_res);
1365
1366 if ((ssd == PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
5d467742
WR		 1367 platconf != PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL) ||
1368 (ssd != PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
1369 platconf == PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL))
c46ee386
AAJ		 1370 return false;
1371
1372 return true;
1373}
1374
1375static int pn533_target_found_jewel(struct nfc_target *nfc_tgt, u8 *tgt_data,
1376 int tgt_data_len)
1377{
1378 struct pn533_target_jewel *tgt_jewel;
1379
37cf4fc6 1380 tgt_jewel = (struct pn533_target_jewel *)tgt_data;
c46ee386
AAJ		 1381
1382 if (!pn533_target_jewel_is_valid(tgt_jewel, tgt_data_len))
1383 return -EPROTO;
1384
1385 nfc_tgt->supported_protocols = NFC_PROTO_JEWEL_MASK;
1386 nfc_tgt->sens_res = be16_to_cpu(tgt_jewel->sens_res);
d8dc1072
SO		 1387 nfc_tgt->nfcid1_len = 4;
1388 memcpy(nfc_tgt->nfcid1, tgt_jewel->jewelid, nfc_tgt->nfcid1_len);
c46ee386
AAJ		 1389
1390 return 0;
1391}
1392
1393struct pn533_type_b_prot_info {
1394 u8 bitrate;
1395 u8 fsci_type;
1396 u8 fwi_adc_fo;
1397} __packed;
1398
1399#define PN533_TYPE_B_PROT_FCSI(x) (((x) & 0xF0) >> 4)
1400#define PN533_TYPE_B_PROT_TYPE(x) (((x) & 0x0F) >> 0)
1401#define PN533_TYPE_B_PROT_TYPE_RFU_MASK 0x8
1402
1403struct pn533_type_b_sens_res {
1404 u8 opcode;
1405 u8 nfcid[4];
1406 u8 appdata[4];
1407 struct pn533_type_b_prot_info prot_info;
1408} __packed;
1409
1410#define PN533_TYPE_B_OPC_SENSB_RES 0x50
1411
1412struct pn533_target_type_b {
1413 struct pn533_type_b_sens_res sensb_res;
1414 u8 attrib_res_len;
1415 u8 attrib_res[];
1416} __packed;
1417
1418static bool pn533_target_type_b_is_valid(struct pn533_target_type_b *type_b,
1419 int target_data_len)
1420{
1421 if (target_data_len < sizeof(struct pn533_target_type_b))
1422 return false;
1423
1424 if (type_b->sensb_res.opcode != PN533_TYPE_B_OPC_SENSB_RES)
1425 return false;
1426
1427 if (PN533_TYPE_B_PROT_TYPE(type_b->sensb_res.prot_info.fsci_type) &
1428 PN533_TYPE_B_PROT_TYPE_RFU_MASK)
1429 return false;
1430
1431 return true;
1432}
1433
1434static int pn533_target_found_type_b(struct nfc_target *nfc_tgt, u8 *tgt_data,
1435 int tgt_data_len)
1436{
1437 struct pn533_target_type_b *tgt_type_b;
1438
37cf4fc6 1439 tgt_type_b = (struct pn533_target_type_b *)tgt_data;
c46ee386
AAJ		 1440
1441 if (!pn533_target_type_b_is_valid(tgt_type_b, tgt_data_len))
1442 return -EPROTO;
1443
01d719a2 1444 nfc_tgt->supported_protocols = NFC_PROTO_ISO14443_B_MASK;
c46ee386
AAJ		 1445
1446 return 0;
1447}
1448
b5193e5d
WR		 1449static int pn533_target_found(struct pn533 *dev, u8 tg, u8 *tgdata,
1450 int tgdata_len)
c46ee386 1451{
c46ee386
AAJ		 1452 struct nfc_target nfc_tgt;
1453 int rc;
1454
17936b43 1455 dev_dbg(&dev->interface->dev, "%s: modulation=%d\n",
b4834839 1456 __func__, dev->poll_mod_curr);
c46ee386 1457
b5193e5d 1458 if (tg != 1)
c46ee386
AAJ		 1459 return -EPROTO;
1460
98b3ac1b
SO		 1461 memset(&nfc_tgt, 0, sizeof(struct nfc_target));
1462
c46ee386
AAJ		 1463 switch (dev->poll_mod_curr) {
1464 case PN533_POLL_MOD_106KBPS_A:
b5193e5d 1465 rc = pn533_target_found_type_a(&nfc_tgt, tgdata, tgdata_len);
c46ee386
AAJ		 1466 break;
1467 case PN533_POLL_MOD_212KBPS_FELICA:
1468 case PN533_POLL_MOD_424KBPS_FELICA:
b5193e5d 1469 rc = pn533_target_found_felica(&nfc_tgt, tgdata, tgdata_len);
c46ee386
AAJ		 1470 break;
1471 case PN533_POLL_MOD_106KBPS_JEWEL:
b5193e5d 1472 rc = pn533_target_found_jewel(&nfc_tgt, tgdata, tgdata_len);
c46ee386
AAJ		 1473 break;
1474 case PN533_POLL_MOD_847KBPS_B:
b5193e5d 1475 rc = pn533_target_found_type_b(&nfc_tgt, tgdata, tgdata_len);
c46ee386
AAJ		 1476 break;
1477 default:
073a625f
JP		 1478 nfc_err(&dev->interface->dev,
1479 "Unknown current poll modulation\n");
c46ee386
AAJ		 1480 return -EPROTO;
1481 }
1482
1483 if (rc)
1484 return rc;
1485
1486 if (!(nfc_tgt.supported_protocols & dev->poll_protocols)) {
b4834839
JP		 1487 dev_dbg(&dev->interface->dev,
1488 "The Tg found doesn't have the desired protocol\n");
c46ee386
AAJ		 1489 return -EAGAIN;
1490 }
1491
b4834839
JP		 1492 dev_dbg(&dev->interface->dev,
1493 "Target found - supported protocols: 0x%x\n",
1494 nfc_tgt.supported_protocols);
c46ee386
AAJ		 1495
1496 dev->tgt_available_prots = nfc_tgt.supported_protocols;
1497
1498 nfc_targets_found(dev->nfc_dev, &nfc_tgt, 1);
1499
1500 return 0;
1501}
1502
6fbbdc16
SO		 1503static inline void pn533_poll_next_mod(struct pn533 *dev)
1504{
1505 dev->poll_mod_curr = (dev->poll_mod_curr + 1) % dev->poll_mod_count;
1506}
1507
c46ee386
AAJ		 1508static void pn533_poll_reset_mod_list(struct pn533 *dev)
1509{
1510 dev->poll_mod_count = 0;
1511}
1512
1513static void pn533_poll_add_mod(struct pn533 *dev, u8 mod_index)
1514{
1515 dev->poll_mod_active[dev->poll_mod_count] =
37cf4fc6 1516 (struct pn533_poll_modulations *)&poll_mod[mod_index];
c46ee386
AAJ		 1517 dev->poll_mod_count++;
1518}
1519
6fbbdc16
SO		 1520static void pn533_poll_create_mod_list(struct pn533 *dev,
1521 u32 im_protocols, u32 tm_protocols)
c46ee386
AAJ		 1522{
1523 pn533_poll_reset_mod_list(dev);
1524
b08e8603
WR		 1525 if ((im_protocols & NFC_PROTO_MIFARE_MASK) ||
1526 (im_protocols & NFC_PROTO_ISO14443_MASK) ||
1527 (im_protocols & NFC_PROTO_NFC_DEP_MASK))
c46ee386
AAJ		 1528 pn533_poll_add_mod(dev, PN533_POLL_MOD_106KBPS_A);
1529
b08e8603
WR		 1530 if (im_protocols & NFC_PROTO_FELICA_MASK ||
1531 im_protocols & NFC_PROTO_NFC_DEP_MASK) {
c46ee386
AAJ		 1532 pn533_poll_add_mod(dev, PN533_POLL_MOD_212KBPS_FELICA);
1533 pn533_poll_add_mod(dev, PN533_POLL_MOD_424KBPS_FELICA);
1534 }
1535
6fbbdc16 1536 if (im_protocols & NFC_PROTO_JEWEL_MASK)
c46ee386
AAJ		 1537 pn533_poll_add_mod(dev, PN533_POLL_MOD_106KBPS_JEWEL);
1538
01d719a2 1539 if (im_protocols & NFC_PROTO_ISO14443_B_MASK)
c46ee386 1540 pn533_poll_add_mod(dev, PN533_POLL_MOD_847KBPS_B);
c46ee386 1541
6fbbdc16
SO		 1542 if (tm_protocols)
1543 pn533_poll_add_mod(dev, PN533_LISTEN_MOD);
c46ee386
AAJ		 1544}
1545
b5193e5d 1546static int pn533_start_poll_complete(struct pn533 *dev, struct sk_buff *resp)
c46ee386 1547{
b5193e5d
WR		 1548 u8 nbtg, tg, *tgdata;
1549 int rc, tgdata_len;
c46ee386 1550
673088fb
SO		 1551 /* Toggle the DEP polling */
1552 dev->poll_dep = 1;
1553
b5193e5d
WR		 1554 nbtg = resp->data[0];
1555 tg = resp->data[1];
1556 tgdata = &resp->data[2];
1557 tgdata_len = resp->len - 2; /* nbtg + tg */
1558
1559 if (nbtg) {
1560 rc = pn533_target_found(dev, tg, tgdata, tgdata_len);
c46ee386
AAJ		 1561
1562 /* We must stop the poll after a valid target found */
6fbbdc16
SO		 1563 if (rc == 0) {
1564 pn533_poll_reset_mod_list(dev);
1565 return 0;
1566 }
c46ee386
AAJ		 1567 }
1568
6fbbdc16 1569 return -EAGAIN;
c46ee386
AAJ		 1570}
1571
9e2d493e 1572static struct sk_buff *pn533_alloc_poll_tg_frame(struct pn533 *dev)
ad3823ce 1573{
b5193e5d
WR		 1574 struct sk_buff *skb;
1575 u8 *felica, *nfcid3, *gb;
1576
9e2d493e
WR		 1577 u8 *gbytes = dev->gb;
1578 size_t gbytes_len = dev->gb_len;
1579
51d9e803
SO		 1580 u8 felica_params[18] = {0x1, 0xfe, /* DEP */
1581 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, /* random */
1582 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
1583 0xff, 0xff}; /* System code */
b5193e5d 1584
51d9e803
SO		 1585 u8 mifare_params[6] = {0x1, 0x1, /* SENS_RES */
1586 0x0, 0x0, 0x0,
1587 0x40}; /* SEL_RES for DEP */
ad3823ce 1588
b5193e5d
WR		 1589 unsigned int skb_len = 36 + /* mode (1), mifare (6),
1590 felica (18), nfcid3 (10), gb_len (1) */
1591 gbytes_len +
1592 1; /* len Tk*/
ad3823ce 1593
9e2d493e 1594 skb = pn533_alloc_skb(dev, skb_len);
b5193e5d
WR		 1595 if (!skb)
1596 return NULL;
ad3823ce
SO		 1597
1598 /* DEP support only */
52f2eaee 1599 *skb_put(skb, 1) = PN533_INIT_TARGET_DEP;
b5193e5d
WR		 1600
1601 /* MIFARE params */
1602 memcpy(skb_put(skb, 6), mifare_params, 6);
51d9e803
SO		 1603
1604 /* Felica params */
b5193e5d
WR		 1605 felica = skb_put(skb, 18);
1606 memcpy(felica, felica_params, 18);
1607 get_random_bytes(felica + 2, 6);
51d9e803
SO		 1608
1609 /* NFCID3 */
b5193e5d
WR		 1610 nfcid3 = skb_put(skb, 10);
1611 memset(nfcid3, 0, 10);
1612 memcpy(nfcid3, felica, 8);
51d9e803
SO		 1613
1614 /* General bytes */
b5193e5d 1615 *skb_put(skb, 1) = gbytes_len;
51d9e803 1616
b5193e5d
WR		 1617 gb = skb_put(skb, gbytes_len);
1618 memcpy(gb, gbytes, gbytes_len);
ad3823ce 1619
b5193e5d
WR		 1620 /* Len Tk */
1621 *skb_put(skb, 1) = 0;
51d9e803 1622
b5193e5d 1623 return skb;
ad3823ce
SO		 1624}
1625
b1bb290a 1626#define PN533_CMD_DATAEXCH_HEAD_LEN 1
103b34cf 1627#define PN533_CMD_DATAEXCH_DATA_MAXLEN 262
3c13b244
OG		 1628static void pn533_wq_tm_mi_recv(struct work_struct *work);
1629static struct sk_buff *pn533_build_response(struct pn533 *dev);
1630
103b34cf 1631static int pn533_tm_get_data_complete(struct pn533 *dev, void *arg,
e4878823 1632 struct sk_buff *resp)
103b34cf 1633{
3c13b244
OG		 1634 struct sk_buff *skb;
1635 u8 status, ret, mi;
1636 int rc;
103b34cf 1637
b4834839 1638 dev_dbg(&dev->interface->dev, "%s\n", __func__);
103b34cf 1639
3c13b244
OG		 1640 if (IS_ERR(resp)) {
1641 skb_queue_purge(&dev->resp_q);
e4878823 1642 return PTR_ERR(resp);
3c13b244 1643 }
103b34cf 1644
e4878823 1645 status = resp->data[0];
3c13b244
OG		 1646
1647 ret = status & PN533_CMD_RET_MASK;
1648 mi = status & PN533_CMD_MI_MASK;
1649
e4878823 1650 skb_pull(resp, sizeof(status));
103b34cf 1651
3c13b244
OG		 1652 if (ret != PN533_CMD_RET_SUCCESS) {
1653 rc = -EIO;
1654 goto error;
1655 }
1656
1657 skb_queue_tail(&dev->resp_q, resp);
1658
1659 if (mi) {
1660 queue_work(dev->wq, &dev->mi_tm_rx_work);
1661 return -EINPROGRESS;
1662 }
1663
1664 skb = pn533_build_response(dev);
1665 if (!skb) {
1666 rc = -EIO;
1667 goto error;
103b34cf
SO		 1668 }
1669
3c13b244
OG		 1670 return nfc_tm_data_received(dev->nfc_dev, skb);
1671
1672error:
1673 nfc_tm_deactivated(dev->nfc_dev);
1674 dev->tgt_mode = 0;
1675 skb_queue_purge(&dev->resp_q);
1676 dev_kfree_skb(resp);
1677
1678 return rc;
1679}
1680
1681static void pn533_wq_tm_mi_recv(struct work_struct *work)
1682{
1683 struct pn533 *dev = container_of(work, struct pn533, mi_tm_rx_work);
1684 struct sk_buff *skb;
1685 int rc;
1686
1687 dev_dbg(&dev->interface->dev, "%s\n", __func__);
1688
1689 skb = pn533_alloc_skb(dev, 0);
1690 if (!skb)
1691 return;
1692
1693 rc = pn533_send_cmd_direct_async(dev,
1694 PN533_CMD_TG_GET_DATA,
1695 skb,
1696 pn533_tm_get_data_complete,
1697 NULL);
1698
1699 if (rc < 0)
1700 dev_kfree_skb(skb);
1701
1702 return;
103b34cf
SO		 1703}
1704
93ad4202
OG		 1705static int pn533_tm_send_complete(struct pn533 *dev, void *arg,
1706 struct sk_buff *resp);
1707static void pn533_wq_tm_mi_send(struct work_struct *work)
1708{
1709 struct pn533 *dev = container_of(work, struct pn533, mi_tm_tx_work);
1710 struct sk_buff *skb;
1711 int rc;
1712
1713 dev_dbg(&dev->interface->dev, "%s\n", __func__);
1714
1715 /* Grab the first skb in the queue */
1716 skb = skb_dequeue(&dev->fragment_skb);
1717 if (skb == NULL) { /* No more data */
1718 /* Reset the queue for future use */
1719 skb_queue_head_init(&dev->fragment_skb);
1720 goto error;
1721 }
1722
1723 /* last entry - remove MI bit */
1724 if (skb_queue_len(&dev->fragment_skb) == 0) {
1725 rc = pn533_send_cmd_direct_async(dev, PN533_CMD_TG_SET_DATA,
1726 skb, pn533_tm_send_complete, NULL);
1727 } else
1728 rc = pn533_send_cmd_direct_async(dev,
1729 PN533_CMD_TG_SET_META_DATA,
1730 skb, pn533_tm_send_complete, NULL);
1731
1732 if (rc == 0) /* success */
1733 return;
1734
1735 dev_err(&dev->interface->dev,
1736 "Error %d when trying to perform set meta data_exchange", rc);
1737
1738 dev_kfree_skb(skb);
1739
1740error:
1741 pn533_send_ack(dev, GFP_KERNEL);
1742 queue_work(dev->wq, &dev->cmd_work);
1743}
1744
103b34cf
SO		 1745static void pn533_wq_tg_get_data(struct work_struct *work)
1746{
1747 struct pn533 *dev = container_of(work, struct pn533, tg_work);
e4878823
WR		 1748 struct sk_buff *skb;
1749 int rc;
103b34cf 1750
b4834839 1751 dev_dbg(&dev->interface->dev, "%s\n", __func__);
103b34cf 1752
9e2d493e 1753 skb = pn533_alloc_skb(dev, 0);
e4878823 1754 if (!skb)
103b34cf
SO		 1755 return;
1756
e4878823
WR		 1757 rc = pn533_send_data_async(dev, PN533_CMD_TG_GET_DATA, skb,
1758 pn533_tm_get_data_complete, NULL);
103b34cf 1759
e4878823
WR		 1760 if (rc < 0)
1761 dev_kfree_skb(skb);
103b34cf
SO		 1762
1763 return;
1764}
1765
fc40a8c1 1766#define ATR_REQ_GB_OFFSET 17
b5193e5d 1767static int pn533_init_target_complete(struct pn533 *dev, struct sk_buff *resp)
fe7c5800 1768{
b5193e5d 1769 u8 mode, *cmd, comm_mode = NFC_COMM_PASSIVE, *gb;
fc40a8c1 1770 size_t gb_len;
103b34cf 1771 int rc;
ad3823ce 1772
b4834839 1773 dev_dbg(&dev->interface->dev, "%s\n", __func__);
ad3823ce 1774
b5193e5d 1775 if (resp->len < ATR_REQ_GB_OFFSET + 1)
fc40a8c1
SO		 1776 return -EINVAL;
1777
b5193e5d
WR		 1778 mode = resp->data[0];
1779 cmd = &resp->data[1];
ad3823ce 1780
b4834839
JP		 1781 dev_dbg(&dev->interface->dev, "Target mode 0x%x len %d\n",
1782 mode, resp->len);
ad3823ce 1783
b5193e5d
WR		 1784 if ((mode & PN533_INIT_TARGET_RESP_FRAME_MASK) ==
1785 PN533_INIT_TARGET_RESP_ACTIVE)
fc40a8c1
SO		 1786 comm_mode = NFC_COMM_ACTIVE;
1787
b5193e5d 1788 if ((mode & PN533_INIT_TARGET_RESP_DEP) == 0) /* Only DEP supported */
fc40a8c1
SO		 1789 return -EOPNOTSUPP;
1790
b5193e5d
WR		 1791 gb = cmd + ATR_REQ_GB_OFFSET;
1792 gb_len = resp->len - (ATR_REQ_GB_OFFSET + 1);
fc40a8c1 1793
103b34cf
SO		 1794 rc = nfc_tm_activated(dev->nfc_dev, NFC_PROTO_NFC_DEP_MASK,
1795 comm_mode, gb, gb_len);
1796 if (rc < 0) {
073a625f
JP		 1797 nfc_err(&dev->interface->dev,
1798 "Error when signaling target activation\n");
103b34cf
SO		 1799 return rc;
1800 }
1801
51ad304c 1802 dev->tgt_mode = 1;
103b34cf
SO		 1803 queue_work(dev->wq, &dev->tg_work);
1804
1805 return 0;
fe7c5800
SO		 1806}
1807
6fbbdc16 1808static void pn533_listen_mode_timer(unsigned long data)
ad3823ce 1809{
37cf4fc6 1810 struct pn533 *dev = (struct pn533 *)data;
6fbbdc16 1811
b4834839 1812 dev_dbg(&dev->interface->dev, "Listen mode timeout\n");
6fbbdc16 1813
6fbbdc16
SO		 1814 dev->cancel_listen = 1;
1815
6fbbdc16
SO		 1816 pn533_poll_next_mod(dev);
1817
46f793b0
SO		 1818 queue_delayed_work(dev->wq, &dev->poll_work,
1819 msecs_to_jiffies(PN533_POLL_INTERVAL));
6fbbdc16
SO		 1820}
1821
17e9d9d4
SO		 1822static int pn533_rf_complete(struct pn533 *dev, void *arg,
1823 struct sk_buff *resp)
1824{
1825 int rc = 0;
1826
b4834839 1827 dev_dbg(&dev->interface->dev, "%s\n", __func__);
17e9d9d4
SO		 1828
1829 if (IS_ERR(resp)) {
1830 rc = PTR_ERR(resp);
1831
073a625f 1832 nfc_err(&dev->interface->dev, "RF setting error %d", rc);
17e9d9d4
SO		 1833
1834 return rc;
1835 }
1836
46f793b0
SO		 1837 queue_delayed_work(dev->wq, &dev->poll_work,
1838 msecs_to_jiffies(PN533_POLL_INTERVAL));
17e9d9d4
SO		 1839
1840 dev_kfree_skb(resp);
1841 return rc;
1842}
1843
1844static void pn533_wq_rf(struct work_struct *work)
1845{
1846 struct pn533 *dev = container_of(work, struct pn533, rf_work);
1847 struct sk_buff *skb;
1848 int rc;
1849
b4834839 1850 dev_dbg(&dev->interface->dev, "%s\n", __func__);
17e9d9d4
SO		 1851
1852 skb = pn533_alloc_skb(dev, 2);
1853 if (!skb)
1854 return;
1855
1856 *skb_put(skb, 1) = PN533_CFGITEM_RF_FIELD;
3a8eab39 1857 *skb_put(skb, 1) = PN533_CFGITEM_RF_FIELD_AUTO_RFCA;
17e9d9d4
SO		 1858
1859 rc = pn533_send_cmd_async(dev, PN533_CMD_RF_CONFIGURATION, skb,
1860 pn533_rf_complete, NULL);
1861 if (rc < 0) {
1862 dev_kfree_skb(skb);
073a625f 1863 nfc_err(&dev->interface->dev, "RF setting error %d\n", rc);
17e9d9d4
SO		 1864 }
1865
1866 return;
1867}
1868
673088fb
SO		 1869static int pn533_poll_dep_complete(struct pn533 *dev, void *arg,
1870 struct sk_buff *resp)
1871{
1872 struct pn533_cmd_jump_dep_response *rsp;
1873 struct nfc_target nfc_target;
1874 u8 target_gt_len;
1875 int rc;
1876
1877 if (IS_ERR(resp))
1878 return PTR_ERR(resp);
1879
1880 rsp = (struct pn533_cmd_jump_dep_response *)resp->data;
1881
1882 rc = rsp->status & PN533_CMD_RET_MASK;
1883 if (rc != PN533_CMD_RET_SUCCESS) {
1884 /* Not target found, turn radio off */
1885 queue_work(dev->wq, &dev->rf_work);
1886
1887 dev_kfree_skb(resp);
1888 return 0;
1889 }
1890
1891 dev_dbg(&dev->interface->dev, "Creating new target");
1892
1893 nfc_target.supported_protocols = NFC_PROTO_NFC_DEP_MASK;
1894 nfc_target.nfcid1_len = 10;
1895 memcpy(nfc_target.nfcid1, rsp->nfcid3t, nfc_target.nfcid1_len);
1896 rc = nfc_targets_found(dev->nfc_dev, &nfc_target, 1);
1897 if (rc)
1898 goto error;
1899
1900 dev->tgt_available_prots = 0;
1901 dev->tgt_active_prot = NFC_PROTO_NFC_DEP;
1902
1903 /* ATR_RES general bytes are located at offset 17 */
1904 target_gt_len = resp->len - 17;
1905 rc = nfc_set_remote_general_bytes(dev->nfc_dev,
1906 rsp->gt, target_gt_len);
1907 if (!rc) {
1908 rc = nfc_dep_link_is_up(dev->nfc_dev,
1909 dev->nfc_dev->targets[0].idx,
1910 0, NFC_RF_INITIATOR);
1911
1912 if (!rc)
1913 pn533_poll_reset_mod_list(dev);
1914 }
1915error:
1916 dev_kfree_skb(resp);
1917 return rc;
1918}
1919
1920#define PASSIVE_DATA_LEN 5
1921static int pn533_poll_dep(struct nfc_dev *nfc_dev)
1922{
1923 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1924 struct sk_buff *skb;
1925 int rc, skb_len;
1926 u8 *next, nfcid3[NFC_NFCID3_MAXSIZE];
1927 u8 passive_data[PASSIVE_DATA_LEN] = {0x00, 0xff, 0xff, 0x00, 0x3};
1928
1929 dev_dbg(&dev->interface->dev, "%s", __func__);
1930
1931 if (!dev->gb) {
1932 dev->gb = nfc_get_local_general_bytes(nfc_dev, &dev->gb_len);
1933
1934 if (!dev->gb || !dev->gb_len) {
1935 dev->poll_dep = 0;
1936 queue_work(dev->wq, &dev->rf_work);
1937 }
1938 }
1939
1940 skb_len = 3 + dev->gb_len; /* ActPass + BR + Next */
1941 skb_len += PASSIVE_DATA_LEN;
1942
1943 /* NFCID3 */
1944 skb_len += NFC_NFCID3_MAXSIZE;
1945 nfcid3[0] = 0x1;
1946 nfcid3[1] = 0xfe;
1947 get_random_bytes(nfcid3 + 2, 6);
1948
1949 skb = pn533_alloc_skb(dev, skb_len);
1950 if (!skb)
1951 return -ENOMEM;
1952
1953 *skb_put(skb, 1) = 0x01; /* Active */
1954 *skb_put(skb, 1) = 0x02; /* 424 kbps */
1955
1956 next = skb_put(skb, 1); /* Next */
1957 *next = 0;
1958
1959 /* Copy passive data */
1960 memcpy(skb_put(skb, PASSIVE_DATA_LEN), passive_data, PASSIVE_DATA_LEN);
1961 *next |= 1;
1962
1963 /* Copy NFCID3 (which is NFCID2 from SENSF_RES) */
1964 memcpy(skb_put(skb, NFC_NFCID3_MAXSIZE), nfcid3,
1965 NFC_NFCID3_MAXSIZE);
1966 *next |= 2;
1967
1968 memcpy(skb_put(skb, dev->gb_len), dev->gb, dev->gb_len);
1969 *next |= 4; /* We have some Gi */
1970
1971 rc = pn533_send_cmd_async(dev, PN533_CMD_IN_JUMP_FOR_DEP, skb,
1972 pn533_poll_dep_complete, NULL);
1973
1974 if (rc < 0)
1975 dev_kfree_skb(skb);
1976
1977 return rc;
1978}
1979
6fbbdc16 1980static int pn533_poll_complete(struct pn533 *dev, void *arg,
b5193e5d 1981 struct sk_buff *resp)
6fbbdc16
SO		 1982{
1983 struct pn533_poll_modulations *cur_mod;
ad3823ce
SO		 1984 int rc;
1985
b4834839 1986 dev_dbg(&dev->interface->dev, "%s\n", __func__);
ad3823ce 1987
b5193e5d
WR		 1988 if (IS_ERR(resp)) {
1989 rc = PTR_ERR(resp);
1990
073a625f
JP		 1991 nfc_err(&dev->interface->dev, "%s Poll complete error %d\n",
1992 __func__, rc);
b5193e5d
WR		 1993
1994 if (rc == -ENOENT) {
1995 if (dev->poll_mod_count != 0)
1996 return rc;
1997 else
1998 goto stop_poll;
1999 } else if (rc < 0) {
073a625f
JP		 2000 nfc_err(&dev->interface->dev,
2001 "Error %d when running poll\n", rc);
b5193e5d
WR		 2002 goto stop_poll;
2003 }
6fbbdc16 2004 }
ad3823ce 2005
6fbbdc16
SO		 2006 cur_mod = dev->poll_mod_active[dev->poll_mod_curr];
2007
b5193e5d 2008 if (cur_mod->len == 0) { /* Target mode */
6fbbdc16 2009 del_timer(&dev->listen_timer);
b5193e5d
WR		 2010 rc = pn533_init_target_complete(dev, resp);
2011 goto done;
6fbbdc16
SO		 2012 }
2013
b5193e5d
WR		 2014 /* Initiator mode */
2015 rc = pn533_start_poll_complete(dev, resp);
2016 if (!rc)
2017 goto done;
6fbbdc16 2018
95cb9e10 2019 if (!dev->poll_mod_count) {
b4834839 2020 dev_dbg(&dev->interface->dev, "Polling has been stopped\n");
95cb9e10
WR		 2021 goto done;
2022 }
2023
b5193e5d 2024 pn533_poll_next_mod(dev);
17e9d9d4
SO		 2025 /* Not target found, turn radio off */
2026 queue_work(dev->wq, &dev->rf_work);
6fbbdc16 2027
b5193e5d
WR		 2028done:
2029 dev_kfree_skb(resp);
2030 return rc;
6fbbdc16
SO		 2031
2032stop_poll:
073a625f 2033 nfc_err(&dev->interface->dev, "Polling operation has been stopped\n");
b5193e5d 2034
6fbbdc16
SO		 2035 pn533_poll_reset_mod_list(dev);
2036 dev->poll_protocols = 0;
b5193e5d 2037 return rc;
ad3823ce
SO		 2038}
2039
9e2d493e
WR		 2040static struct sk_buff *pn533_alloc_poll_in_frame(struct pn533 *dev,
2041 struct pn533_poll_modulations *mod)
c46ee386 2042{
b5193e5d 2043 struct sk_buff *skb;
c46ee386 2044
9e2d493e 2045 skb = pn533_alloc_skb(dev, mod->len);
b5193e5d
WR		 2046 if (!skb)
2047 return NULL;
c46ee386 2048
b5193e5d 2049 memcpy(skb_put(skb, mod->len), &mod->data, mod->len);
c46ee386 2050
b5193e5d 2051 return skb;
6fbbdc16 2052}
c46ee386 2053
6fbbdc16
SO		 2054static int pn533_send_poll_frame(struct pn533 *dev)
2055{
b5193e5d
WR		 2056 struct pn533_poll_modulations *mod;
2057 struct sk_buff *skb;
6fbbdc16 2058 int rc;
b5193e5d 2059 u8 cmd_code;
c46ee386 2060
b5193e5d 2061 mod = dev->poll_mod_active[dev->poll_mod_curr];
c46ee386 2062
b4834839
JP		 2063 dev_dbg(&dev->interface->dev, "%s mod len %d\n",
2064 __func__, mod->len);
c46ee386 2065
673088fb
SO		 2066 if (dev->poll_dep) {
2067 dev->poll_dep = 0;
2068 return pn533_poll_dep(dev->nfc_dev);
2069 }
2070
b5193e5d
WR		 2071 if (mod->len == 0) { /* Listen mode */
2072 cmd_code = PN533_CMD_TG_INIT_AS_TARGET;
9e2d493e 2073 skb = pn533_alloc_poll_tg_frame(dev);
b5193e5d
WR		 2074 } else { /* Polling mode */
2075 cmd_code = PN533_CMD_IN_LIST_PASSIVE_TARGET;
9e2d493e 2076 skb = pn533_alloc_poll_in_frame(dev, mod);
b5193e5d
WR		 2077 }
2078
2079 if (!skb) {
073a625f 2080 nfc_err(&dev->interface->dev, "Failed to allocate skb\n");
b5193e5d
WR		 2081 return -ENOMEM;
2082 }
2083
2084 rc = pn533_send_cmd_async(dev, cmd_code, skb, pn533_poll_complete,
2085 NULL);
2086 if (rc < 0) {
2087 dev_kfree_skb(skb);
073a625f 2088 nfc_err(&dev->interface->dev, "Polling loop error %d\n", rc);
b5193e5d 2089 }
c46ee386 2090
6fbbdc16
SO		 2091 return rc;
2092}
2093
2094static void pn533_wq_poll(struct work_struct *work)
2095{
46f793b0 2096 struct pn533 *dev = container_of(work, struct pn533, poll_work.work);
6fbbdc16
SO		 2097 struct pn533_poll_modulations *cur_mod;
2098 int rc;
2099
2100 cur_mod = dev->poll_mod_active[dev->poll_mod_curr];
2101
b4834839
JP		 2102 dev_dbg(&dev->interface->dev,
2103 "%s cancel_listen %d modulation len %d\n",
2104 __func__, dev->cancel_listen, cur_mod->len);
6fbbdc16
SO		 2105
2106 if (dev->cancel_listen == 1) {
2107 dev->cancel_listen = 0;
10cff29a 2108 pn533_abort_cmd(dev, GFP_ATOMIC);
c46ee386
AAJ		 2109 }
2110
6fbbdc16
SO		 2111 rc = pn533_send_poll_frame(dev);
2112 if (rc)
2113 return;
c46ee386 2114
6fbbdc16
SO		 2115 if (cur_mod->len == 0 && dev->poll_mod_count > 1)
2116 mod_timer(&dev->listen_timer, jiffies + PN533_LISTEN_TIME * HZ);
c46ee386 2117
6fbbdc16 2118 return;
c46ee386
AAJ		 2119}
2120
fe7c5800
SO		 2121static int pn533_start_poll(struct nfc_dev *nfc_dev,
2122 u32 im_protocols, u32 tm_protocols)
2123{
2124 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
cec4b8ed 2125 struct pn533_poll_modulations *cur_mod;
dfccd0f5 2126 u8 rand_mod;
cec4b8ed 2127 int rc;
fe7c5800 2128
b4834839
JP		 2129 dev_dbg(&dev->interface->dev,
2130 "%s: im protocols 0x%x tm protocols 0x%x\n",
2131 __func__, im_protocols, tm_protocols);
fe7c5800
SO		 2132
2133 if (dev->tgt_active_prot) {
073a625f
JP		 2134 nfc_err(&dev->interface->dev,
2135 "Cannot poll with a target already activated\n");
fe7c5800
SO		 2136 return -EBUSY;
2137 }
2138
51ad304c 2139 if (dev->tgt_mode) {
073a625f
JP		 2140 nfc_err(&dev->interface->dev,
2141 "Cannot poll while already being activated\n");
51ad304c
SO		 2142 return -EBUSY;
2143 }
2144
6fbbdc16
SO		 2145 if (tm_protocols) {
2146 dev->gb = nfc_get_local_general_bytes(nfc_dev, &dev->gb_len);
2147 if (dev->gb == NULL)
2148 tm_protocols = 0;
2149 }
ad3823ce 2150
6fbbdc16
SO		 2151 pn533_poll_create_mod_list(dev, im_protocols, tm_protocols);
2152 dev->poll_protocols = im_protocols;
2153 dev->listen_protocols = tm_protocols;
ad3823ce 2154
dfccd0f5
SO		 2155 /* Do not always start polling from the same modulation */
2156 get_random_bytes(&rand_mod, sizeof(rand_mod));
2157 rand_mod %= dev->poll_mod_count;
2158 dev->poll_mod_curr = rand_mod;
2159
cec4b8ed
SO		 2160 cur_mod = dev->poll_mod_active[dev->poll_mod_curr];
2161
2162 rc = pn533_send_poll_frame(dev);
2163
2164 /* Start listen timer */
2165 if (!rc && cur_mod->len == 0 && dev->poll_mod_count > 1)
2166 mod_timer(&dev->listen_timer, jiffies + PN533_LISTEN_TIME * HZ);
2167
2168 return rc;
fe7c5800
SO		 2169}
2170
c46ee386
AAJ		 2171static void pn533_stop_poll(struct nfc_dev *nfc_dev)
2172{
2173 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
2174
6fbbdc16
SO		 2175 del_timer(&dev->listen_timer);
2176
c46ee386 2177 if (!dev->poll_mod_count) {
b4834839
JP		 2178 dev_dbg(&dev->interface->dev,
2179 "Polling operation was not running\n");
c46ee386
AAJ		 2180 return;
2181 }
2182
10cff29a 2183 pn533_abort_cmd(dev, GFP_KERNEL);
46f793b0 2184 flush_delayed_work(&dev->poll_work);
7c2a04a9 2185 pn533_poll_reset_mod_list(dev);
c46ee386
AAJ		 2186}
2187
2188static int pn533_activate_target_nfcdep(struct pn533 *dev)
2189{
cb950d93 2190 struct pn533_cmd_activate_response *rsp;
541d920b 2191 u16 gt_len;
c46ee386 2192 int rc;
cb950d93
WR		 2193 struct sk_buff *skb;
2194 struct sk_buff *resp;
c46ee386 2195
b4834839 2196 dev_dbg(&dev->interface->dev, "%s\n", __func__);
c46ee386 2197
9e2d493e 2198 skb = pn533_alloc_skb(dev, sizeof(u8) * 2); /*TG + Next*/
cb950d93
WR		 2199 if (!skb)
2200 return -ENOMEM;
c46ee386 2201
cb950d93
WR		 2202 *skb_put(skb, sizeof(u8)) = 1; /* TG */
2203 *skb_put(skb, sizeof(u8)) = 0; /* Next */
c46ee386 2204
cb950d93
WR		 2205 resp = pn533_send_cmd_sync(dev, PN533_CMD_IN_ATR, skb);
2206 if (IS_ERR(resp))
2207 return PTR_ERR(resp);
c46ee386 2208
37cf4fc6 2209 rsp = (struct pn533_cmd_activate_response *)resp->data;
cb950d93 2210 rc = rsp->status & PN533_CMD_RET_MASK;
8a0ecfe7 2211 if (rc != PN533_CMD_RET_SUCCESS) {
073a625f
JP		 2212 nfc_err(&dev->interface->dev,
2213 "Target activation failed (error 0x%x)\n", rc);
cb950d93 2214 dev_kfree_skb(resp);
c46ee386 2215 return -EIO;
8a0ecfe7 2216 }
c46ee386 2217
541d920b 2218 /* ATR_RES general bytes are located at offset 16 */
cb950d93
WR		 2219 gt_len = resp->len - 16;
2220 rc = nfc_set_remote_general_bytes(dev->nfc_dev, rsp->gt, gt_len);
541d920b 2221
cb950d93 2222 dev_kfree_skb(resp);
541d920b 2223 return rc;
c46ee386
AAJ		 2224}
2225
90099433
EL		 2226static int pn533_activate_target(struct nfc_dev *nfc_dev,
2227 struct nfc_target *target, u32 protocol)
c46ee386
AAJ		 2228{
2229 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
2230 int rc;
2231
17936b43 2232 dev_dbg(&dev->interface->dev, "%s: protocol=%u\n", __func__, protocol);
c46ee386
AAJ		 2233
2234 if (dev->poll_mod_count) {
073a625f 2235 nfc_err(&dev->interface->dev,
b4834839 2236 "Cannot activate while polling\n");
c46ee386
AAJ		 2237 return -EBUSY;
2238 }
2239
2240 if (dev->tgt_active_prot) {
073a625f
JP		 2241 nfc_err(&dev->interface->dev,
2242 "There is already an active target\n");
c46ee386
AAJ		 2243 return -EBUSY;
2244 }
2245
2246 if (!dev->tgt_available_prots) {
073a625f
JP		 2247 nfc_err(&dev->interface->dev,
2248 "There is no available target to activate\n");
c46ee386
AAJ		 2249 return -EINVAL;
2250 }
2251
2252 if (!(dev->tgt_available_prots & (1 << protocol))) {
073a625f
JP		 2253 nfc_err(&dev->interface->dev,
2254 "Target doesn't support requested proto %u\n",
2255 protocol);
c46ee386
AAJ		 2256 return -EINVAL;
2257 }
2258
2259 if (protocol == NFC_PROTO_NFC_DEP) {
2260 rc = pn533_activate_target_nfcdep(dev);
2261 if (rc) {
073a625f
JP		 2262 nfc_err(&dev->interface->dev,
2263 "Activating target with DEP failed %d\n", rc);
c46ee386
AAJ		 2264 return rc;
2265 }
2266 }
2267
2268 dev->tgt_active_prot = protocol;
2269 dev->tgt_available_prots = 0;
2270
2271 return 0;
2272}
2273
90099433
EL		 2274static void pn533_deactivate_target(struct nfc_dev *nfc_dev,
2275 struct nfc_target *target)
c46ee386
AAJ		 2276{
2277 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
cb950d93
WR		 2278 struct sk_buff *skb;
2279 struct sk_buff *resp;
c46ee386
AAJ		 2280 int rc;
2281
b4834839 2282 dev_dbg(&dev->interface->dev, "%s\n", __func__);
c46ee386
AAJ		 2283
2284 if (!dev->tgt_active_prot) {
073a625f 2285 nfc_err(&dev->interface->dev, "There is no active target\n");
c46ee386
AAJ		 2286 return;
2287 }
2288
2289 dev->tgt_active_prot = 0;
6ff73fd2
SO		 2290 skb_queue_purge(&dev->resp_q);
2291
9e2d493e 2292 skb = pn533_alloc_skb(dev, sizeof(u8));
cb950d93
WR		 2293 if (!skb)
2294 return;
c46ee386 2295
cb950d93 2296 *skb_put(skb, 1) = 1; /* TG*/
c46ee386 2297
cb950d93
WR		 2298 resp = pn533_send_cmd_sync(dev, PN533_CMD_IN_RELEASE, skb);
2299 if (IS_ERR(resp))
c46ee386 2300 return;
c46ee386 2301
cb950d93 2302 rc = resp->data[0] & PN533_CMD_RET_MASK;
c46ee386 2303 if (rc != PN533_CMD_RET_SUCCESS)
073a625f
JP		 2304 nfc_err(&dev->interface->dev,
2305 "Error 0x%x when releasing the target\n", rc);
c46ee386 2306
cb950d93 2307 dev_kfree_skb(resp);
c46ee386
AAJ		 2308 return;
2309}
2310
361f3cb7
SO		 2311
2312static int pn533_in_dep_link_up_complete(struct pn533 *dev, void *arg,
13003649 2313 struct sk_buff *resp)
361f3cb7 2314{
13003649 2315 struct pn533_cmd_jump_dep_response *rsp;
361f3cb7
SO		 2316 u8 target_gt_len;
2317 int rc;
13003649 2318 u8 active = *(u8 *)arg;
70418e6e
WR		 2319
2320 kfree(arg);
361f3cb7 2321
13003649
WR		 2322 if (IS_ERR(resp))
2323 return PTR_ERR(resp);
361f3cb7
SO		 2324
2325 if (dev->tgt_available_prots &&
2326 !(dev->tgt_available_prots & (1 << NFC_PROTO_NFC_DEP))) {
073a625f
JP		 2327 nfc_err(&dev->interface->dev,
2328 "The target does not support DEP\n");
13003649
WR		 2329 rc = -EINVAL;
2330 goto error;
361f3cb7
SO		 2331 }
2332
13003649
WR		 2333 rsp = (struct pn533_cmd_jump_dep_response *)resp->data;
2334
2335 rc = rsp->status & PN533_CMD_RET_MASK;
361f3cb7 2336 if (rc != PN533_CMD_RET_SUCCESS) {
073a625f
JP		 2337 nfc_err(&dev->interface->dev,
2338 "Bringing DEP link up failed (error 0x%x)\n", rc);
13003649 2339 goto error;
361f3cb7
SO		 2340 }
2341
2342 if (!dev->tgt_available_prots) {
13003649
WR		 2343 struct nfc_target nfc_target;
2344
b4834839 2345 dev_dbg(&dev->interface->dev, "Creating new target\n");
361f3cb7
SO		 2346
2347 nfc_target.supported_protocols = NFC_PROTO_NFC_DEP_MASK;
2fbabfa4 2348 nfc_target.nfcid1_len = 10;
13003649 2349 memcpy(nfc_target.nfcid1, rsp->nfcid3t, nfc_target.nfcid1_len);
361f3cb7
SO		 2350 rc = nfc_targets_found(dev->nfc_dev, &nfc_target, 1);
2351 if (rc)
13003649 2352 goto error;
361f3cb7
SO		 2353
2354 dev->tgt_available_prots = 0;
2355 }
2356
2357 dev->tgt_active_prot = NFC_PROTO_NFC_DEP;
2358
2359 /* ATR_RES general bytes are located at offset 17 */
13003649 2360 target_gt_len = resp->len - 17;
361f3cb7 2361 rc = nfc_set_remote_general_bytes(dev->nfc_dev,
13003649 2362 rsp->gt, target_gt_len);
361f3cb7
SO		 2363 if (rc == 0)
2364 rc = nfc_dep_link_is_up(dev->nfc_dev,
13003649
WR		 2365 dev->nfc_dev->targets[0].idx,
2366 !active, NFC_RF_INITIATOR);
361f3cb7 2367
13003649
WR		 2368error:
2369 dev_kfree_skb(resp);
2370 return rc;
361f3cb7
SO		 2371}
2372
17e9d9d4 2373static int pn533_rf_field(struct nfc_dev *nfc_dev, u8 rf);
90099433 2374static int pn533_dep_link_up(struct nfc_dev *nfc_dev, struct nfc_target *target,
37cf4fc6 2375 u8 comm_mode, u8 *gb, size_t gb_len)
361f3cb7
SO		 2376{
2377 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
13003649 2378 struct sk_buff *skb;
5eef4845
SO		 2379 int rc, skb_len;
2380 u8 *next, *arg, nfcid3[NFC_NFCID3_MAXSIZE];
d7f3345d 2381 u8 passive_data[PASSIVE_DATA_LEN] = {0x00, 0xff, 0xff, 0x00, 0x3};
361f3cb7 2382
b4834839 2383 dev_dbg(&dev->interface->dev, "%s\n", __func__);
361f3cb7 2384
361f3cb7 2385 if (dev->poll_mod_count) {
073a625f
JP		 2386 nfc_err(&dev->interface->dev,
2387 "Cannot bring the DEP link up while polling\n");
361f3cb7
SO		 2388 return -EBUSY;
2389 }
2390
2391 if (dev->tgt_active_prot) {
073a625f
JP		 2392 nfc_err(&dev->interface->dev,
2393 "There is already an active target\n");
361f3cb7
SO		 2394 return -EBUSY;
2395 }
2396
13003649 2397 skb_len = 3 + gb_len; /* ActPass + BR + Next */
5eef4845 2398 skb_len += PASSIVE_DATA_LEN;
d7f3345d 2399
5eef4845
SO		 2400 /* NFCID3 */
2401 skb_len += NFC_NFCID3_MAXSIZE;
2402 if (target && !target->nfcid2_len) {
2403 nfcid3[0] = 0x1;
2404 nfcid3[1] = 0xfe;
2405 get_random_bytes(nfcid3 + 2, 6);
2406 }
322bce95 2407
9e2d493e 2408 skb = pn533_alloc_skb(dev, skb_len);
13003649 2409 if (!skb)
361f3cb7
SO		 2410 return -ENOMEM;
2411
13003649 2412 *skb_put(skb, 1) = !comm_mode; /* ActPass */
5eef4845 2413 *skb_put(skb, 1) = 0x02; /* 424 kbps */
13003649
WR		 2414
2415 next = skb_put(skb, 1); /* Next */
2416 *next = 0;
361f3cb7 2417
5eef4845
SO		 2418 /* Copy passive data */
2419 memcpy(skb_put(skb, PASSIVE_DATA_LEN), passive_data, PASSIVE_DATA_LEN);
2420 *next |= 1;
d7f3345d 2421
5eef4845
SO		 2422 /* Copy NFCID3 (which is NFCID2 from SENSF_RES) */
2423 if (target && target->nfcid2_len)
322bce95
SO		 2424 memcpy(skb_put(skb, NFC_NFCID3_MAXSIZE), target->nfcid2,
2425 target->nfcid2_len);
5eef4845
SO		 2426 else
2427 memcpy(skb_put(skb, NFC_NFCID3_MAXSIZE), nfcid3,
2428 NFC_NFCID3_MAXSIZE);
2429 *next |= 2;
322bce95 2430
47807d3d 2431 if (gb != NULL && gb_len > 0) {
13003649
WR		 2432 memcpy(skb_put(skb, gb_len), gb, gb_len);
2433 *next |= 4; /* We have some Gi */
361f3cb7 2434 } else {
13003649 2435 *next = 0;
361f3cb7
SO		 2436 }
2437
13003649
WR		 2438 arg = kmalloc(sizeof(*arg), GFP_KERNEL);
2439 if (!arg) {
2440 dev_kfree_skb(skb);
2441 return -ENOMEM;
2442 }
361f3cb7 2443
13003649 2444 *arg = !comm_mode;
361f3cb7 2445
17e9d9d4
SO		 2446 pn533_rf_field(dev->nfc_dev, 0);
2447
13003649
WR		 2448 rc = pn533_send_cmd_async(dev, PN533_CMD_IN_JUMP_FOR_DEP, skb,
2449 pn533_in_dep_link_up_complete, arg);
2450
2451 if (rc < 0) {
2452 dev_kfree_skb(skb);
2453 kfree(arg);
2454 }
361f3cb7
SO		 2455
2456 return rc;
2457}
2458
2459static int pn533_dep_link_down(struct nfc_dev *nfc_dev)
2460{
6fbbdc16
SO		 2461 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
2462
b4834839 2463 dev_dbg(&dev->interface->dev, "%s\n", __func__);
fcfafc76 2464
6fbbdc16
SO		 2465 pn533_poll_reset_mod_list(dev);
2466
10cff29a
WR		 2467 if (dev->tgt_mode || dev->tgt_active_prot)
2468 pn533_abort_cmd(dev, GFP_KERNEL);
51ad304c
SO		 2469
2470 dev->tgt_active_prot = 0;
2471 dev->tgt_mode = 0;
2472
2473 skb_queue_purge(&dev->resp_q);
361f3cb7
SO		 2474
2475 return 0;
2476}
2477
c46ee386 2478struct pn533_data_exchange_arg {
c46ee386
AAJ		 2479 data_exchange_cb_t cb;
2480 void *cb_context;
2481};
2482
6ff73fd2
SO		 2483static struct sk_buff *pn533_build_response(struct pn533 *dev)
2484{
2485 struct sk_buff *skb, *tmp, *t;
2486 unsigned int skb_len = 0, tmp_len = 0;
2487
b4834839 2488 dev_dbg(&dev->interface->dev, "%s\n", __func__);
6ff73fd2
SO		 2489
2490 if (skb_queue_empty(&dev->resp_q))
2491 return NULL;
2492
2493 if (skb_queue_len(&dev->resp_q) == 1) {
2494 skb = skb_dequeue(&dev->resp_q);
2495 goto out;
2496 }
2497
2498 skb_queue_walk_safe(&dev->resp_q, tmp, t)
2499 skb_len += tmp->len;
2500
b4834839
JP		 2501 dev_dbg(&dev->interface->dev, "%s total length %d\n",
2502 __func__, skb_len);
6ff73fd2
SO		 2503
2504 skb = alloc_skb(skb_len, GFP_KERNEL);
2505 if (skb == NULL)
2506 goto out;
2507
2508 skb_put(skb, skb_len);
2509
2510 skb_queue_walk_safe(&dev->resp_q, tmp, t) {
2511 memcpy(skb->data + tmp_len, tmp->data, tmp->len);
2512 tmp_len += tmp->len;
2513 }
2514
2515out:
2516 skb_queue_purge(&dev->resp_q);
2517
2518 return skb;
2519}
2520
c46ee386 2521static int pn533_data_exchange_complete(struct pn533 *dev, void *_arg,
b1e666f5 2522 struct sk_buff *resp)
c46ee386
AAJ		 2523{
2524 struct pn533_data_exchange_arg *arg = _arg;
b1e666f5
WR		 2525 struct sk_buff *skb;
2526 int rc = 0;
2527 u8 status, ret, mi;
c46ee386 2528
b4834839 2529 dev_dbg(&dev->interface->dev, "%s\n", __func__);
c46ee386 2530
b1e666f5
WR		 2531 if (IS_ERR(resp)) {
2532 rc = PTR_ERR(resp);
2533 goto _error;
c46ee386
AAJ		 2534 }
2535
b1e666f5
WR		 2536 status = resp->data[0];
2537 ret = status & PN533_CMD_RET_MASK;
2538 mi = status & PN533_CMD_MI_MASK;
2539
2540 skb_pull(resp, sizeof(status));
c46ee386 2541
b1e666f5 2542 if (ret != PN533_CMD_RET_SUCCESS) {
073a625f
JP		 2543 nfc_err(&dev->interface->dev,
2544 "Exchanging data failed (error 0x%x)\n", ret);
b1e666f5 2545 rc = -EIO;
c46ee386
AAJ		 2546 goto error;
2547 }
2548
b1e666f5 2549 skb_queue_tail(&dev->resp_q, resp);
6ff73fd2 2550
b1e666f5
WR		 2551 if (mi) {
2552 dev->cmd_complete_mi_arg = arg;
963a82e0
OG		 2553 queue_work(dev->wq, &dev->mi_rx_work);
2554 return -EINPROGRESS;
2555 }
2556
2557 /* Prepare for the next round */
2558 if (skb_queue_len(&dev->fragment_skb) > 0) {
2559 dev->cmd_complete_dep_arg = arg;
2560 queue_work(dev->wq, &dev->mi_tx_work);
2561
6ff73fd2 2562 return -EINPROGRESS;
c46ee386
AAJ		 2563 }
2564
6ff73fd2 2565 skb = pn533_build_response(dev);
b1e666f5 2566 if (!skb)
6ff73fd2 2567 goto error;
c46ee386 2568
6ff73fd2 2569 arg->cb(arg->cb_context, skb, 0);
c46ee386
AAJ		 2570 kfree(arg);
2571 return 0;
2572
2573error:
b1e666f5
WR		 2574 dev_kfree_skb(resp);
2575_error:
6ff73fd2 2576 skb_queue_purge(&dev->resp_q);
b1e666f5 2577 arg->cb(arg->cb_context, NULL, rc);
c46ee386 2578 kfree(arg);
b1e666f5 2579 return rc;
c46ee386
AAJ		 2580}
2581
963a82e0
OG		 2582/* Split the Tx skb into small chunks */
2583static int pn533_fill_fragment_skbs(struct pn533 *dev, struct sk_buff *skb)
2584{
2585 struct sk_buff *frag;
2586 int frag_size;
2587
2588 do {
2589 /* Remaining size */
2590 if (skb->len > PN533_CMD_DATAFRAME_MAXLEN)
2591 frag_size = PN533_CMD_DATAFRAME_MAXLEN;
2592 else
2593 frag_size = skb->len;
2594
2595 /* Allocate and reserve */
2596 frag = pn533_alloc_skb(dev, frag_size);
2597 if (!frag) {
2598 skb_queue_purge(&dev->fragment_skb);
2599 break;
2600 }
2601
22953f93
OG		 2602 if (!dev->tgt_mode) {
2603 /* Reserve the TG/MI byte */
2604 skb_reserve(frag, 1);
2605
2606 /* MI + TG */
2607 if (frag_size == PN533_CMD_DATAFRAME_MAXLEN)
2608 *skb_push(frag, sizeof(u8)) =
2609 (PN533_CMD_MI_MASK | 1);
2610 else
2611 *skb_push(frag, sizeof(u8)) = 1; /* TG */
2612 }
963a82e0
OG		 2613
2614 memcpy(skb_put(frag, frag_size), skb->data, frag_size);
2615
2616 /* Reduce the size of incoming buffer */
2617 skb_pull(skb, frag_size);
2618
2619 /* Add this to skb_queue */
2620 skb_queue_tail(&dev->fragment_skb, frag);
2621
2622 } while (skb->len > 0);
2623
2624 dev_kfree_skb(skb);
2625
2626 return skb_queue_len(&dev->fragment_skb);
2627}
2628
be9ae4ce
SO		 2629static int pn533_transceive(struct nfc_dev *nfc_dev,
2630 struct nfc_target *target, struct sk_buff *skb,
2631 data_exchange_cb_t cb, void *cb_context)
c46ee386
AAJ		 2632{
2633 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
b1e666f5 2634 struct pn533_data_exchange_arg *arg = NULL;
c46ee386
AAJ		 2635 int rc;
2636
b4834839 2637 dev_dbg(&dev->interface->dev, "%s\n", __func__);
c46ee386
AAJ		 2638
2639 if (!dev->tgt_active_prot) {
073a625f
JP		 2640 nfc_err(&dev->interface->dev,
2641 "Can't exchange data if there is no active target\n");
c46ee386
AAJ		 2642 rc = -EINVAL;
2643 goto error;
2644 }
2645
b1e666f5 2646 arg = kmalloc(sizeof(*arg), GFP_KERNEL);
c46ee386
AAJ		 2647 if (!arg) {
2648 rc = -ENOMEM;
b1e666f5 2649 goto error;
c46ee386
AAJ		 2650 }
2651
c46ee386
AAJ		 2652 arg->cb = cb;
2653 arg->cb_context = cb_context;
2654
b1e666f5
WR		 2655 switch (dev->device_type) {
2656 case PN533_DEVICE_PASORI:
2657 if (dev->tgt_active_prot == NFC_PROTO_FELICA) {
2658 rc = pn533_send_data_async(dev, PN533_CMD_IN_COMM_THRU,
2659 skb,
2660 pn533_data_exchange_complete,
2661 arg);
2662
2663 break;
2664 }
2665 default:
963a82e0
OG		 2666 /* jumbo frame ? */
2667 if (skb->len > PN533_CMD_DATAEXCH_DATA_MAXLEN) {
2668 rc = pn533_fill_fragment_skbs(dev, skb);
2669 if (rc <= 0)
2670 goto error;
2671
2672 skb = skb_dequeue(&dev->fragment_skb);
2673 if (!skb) {
2674 rc = -EIO;
2675 goto error;
2676 }
2677 } else {
2678 *skb_push(skb, sizeof(u8)) = 1; /* TG */
2679 }
b1e666f5
WR		 2680
2681 rc = pn533_send_data_async(dev, PN533_CMD_IN_DATA_EXCHANGE,
2682 skb, pn533_data_exchange_complete,
2683 arg);
2684
2685 break;
c46ee386
AAJ		 2686 }
2687
b1e666f5
WR		 2688 if (rc < 0) /* rc from send_async */
2689 goto error;
2690
c46ee386
AAJ		 2691 return 0;
2692
c46ee386 2693error:
b1e666f5
WR		 2694 kfree(arg);
2695 dev_kfree_skb(skb);
c46ee386
AAJ		 2696 return rc;
2697}
2698
dadb06f2 2699static int pn533_tm_send_complete(struct pn533 *dev, void *arg,
e4878823 2700 struct sk_buff *resp)
dadb06f2 2701{
e4878823 2702 u8 status;
5b412fd1 2703
b4834839 2704 dev_dbg(&dev->interface->dev, "%s\n", __func__);
dadb06f2 2705
e4878823
WR		 2706 if (IS_ERR(resp))
2707 return PTR_ERR(resp);
5b412fd1 2708
e4878823 2709 status = resp->data[0];
dadb06f2 2710
93ad4202
OG		 2711 /* Prepare for the next round */
2712 if (skb_queue_len(&dev->fragment_skb) > 0) {
2713 queue_work(dev->wq, &dev->mi_tm_tx_work);
2714 return -EINPROGRESS;
2715 }
e4878823 2716 dev_kfree_skb(resp);
dadb06f2 2717
e4878823 2718 if (status != 0) {
dadb06f2
SO		 2719 nfc_tm_deactivated(dev->nfc_dev);
2720
51ad304c
SO		 2721 dev->tgt_mode = 0;
2722
dadb06f2
SO		 2723 return 0;
2724 }
2725
2726 queue_work(dev->wq, &dev->tg_work);
2727
2728 return 0;
2729}
2730
2731static int pn533_tm_send(struct nfc_dev *nfc_dev, struct sk_buff *skb)
2732{
2733 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
dadb06f2
SO		 2734 int rc;
2735
b4834839 2736 dev_dbg(&dev->interface->dev, "%s\n", __func__);
dadb06f2 2737
93ad4202 2738 /* let's split in multiple chunks if size's too big */
e4878823 2739 if (skb->len > PN533_CMD_DATAEXCH_DATA_MAXLEN) {
93ad4202
OG		 2740 rc = pn533_fill_fragment_skbs(dev, skb);
2741 if (rc <= 0)
2742 goto error;
2743
2744 /* get the first skb */
2745 skb = skb_dequeue(&dev->fragment_skb);
2746 if (!skb) {
2747 rc = -EIO;
2748 goto error;
2749 }
2750
2751 rc = pn533_send_data_async(dev, PN533_CMD_TG_SET_META_DATA, skb,
2752 pn533_tm_send_complete, NULL);
2753 } else {
2754 /* Send th skb */
2755 rc = pn533_send_data_async(dev, PN533_CMD_TG_SET_DATA, skb,
2756 pn533_tm_send_complete, NULL);
dadb06f2
SO		 2757 }
2758
93ad4202
OG		 2759error:
2760 if (rc < 0) {
e4878823 2761 dev_kfree_skb(skb);
93ad4202
OG		 2762 skb_queue_purge(&dev->fragment_skb);
2763 }
dadb06f2
SO		 2764
2765 return rc;
2766}
2767
6ff73fd2
SO		 2768static void pn533_wq_mi_recv(struct work_struct *work)
2769{
963a82e0 2770 struct pn533 *dev = container_of(work, struct pn533, mi_rx_work);
b1e666f5 2771 struct sk_buff *skb;
6ff73fd2
SO		 2772 int rc;
2773
b4834839 2774 dev_dbg(&dev->interface->dev, "%s\n", __func__);
6ff73fd2 2775
9e2d493e 2776 skb = pn533_alloc_skb(dev, PN533_CMD_DATAEXCH_HEAD_LEN);
b1e666f5
WR		 2777 if (!skb)
2778 goto error;
6ff73fd2 2779
b1e666f5
WR		 2780 switch (dev->device_type) {
2781 case PN533_DEVICE_PASORI:
2782 if (dev->tgt_active_prot == NFC_PROTO_FELICA) {
2783 rc = pn533_send_cmd_direct_async(dev,
2784 PN533_CMD_IN_COMM_THRU,
2785 skb,
2786 pn533_data_exchange_complete,
2787 dev->cmd_complete_mi_arg);
6ff73fd2 2788
b1e666f5
WR		 2789 break;
2790 }
2791 default:
2792 *skb_put(skb, sizeof(u8)) = 1; /*TG*/
6ff73fd2 2793
b1e666f5
WR		 2794 rc = pn533_send_cmd_direct_async(dev,
2795 PN533_CMD_IN_DATA_EXCHANGE,
2796 skb,
2797 pn533_data_exchange_complete,
2798 dev->cmd_complete_mi_arg);
b1bb290a 2799
b1e666f5 2800 break;
6ff73fd2
SO		 2801 }
2802
b1e666f5 2803 if (rc == 0) /* success */
6ff73fd2
SO		 2804 return;
2805
073a625f
JP		 2806 nfc_err(&dev->interface->dev,
2807 "Error %d when trying to perform data_exchange\n", rc);
6ff73fd2 2808
b1e666f5 2809 dev_kfree_skb(skb);
140ef7f6 2810 kfree(dev->cmd_complete_mi_arg);
6ff73fd2 2811
b1e666f5 2812error:
6ff73fd2 2813 pn533_send_ack(dev, GFP_KERNEL);
5d50b364 2814 queue_work(dev->wq, &dev->cmd_work);
6ff73fd2
SO		 2815}
2816
963a82e0
OG		 2817static void pn533_wq_mi_send(struct work_struct *work)
2818{
2819 struct pn533 *dev = container_of(work, struct pn533, mi_tx_work);
2820 struct sk_buff *skb;
2821 int rc;
2822
b4834839 2823 dev_dbg(&dev->interface->dev, "%s\n", __func__);
963a82e0
OG		 2824
2825 /* Grab the first skb in the queue */
2826 skb = skb_dequeue(&dev->fragment_skb);
2827
2828 if (skb == NULL) { /* No more data */
2829 /* Reset the queue for future use */
2830 skb_queue_head_init(&dev->fragment_skb);
2831 goto error;
2832 }
2833
2834 switch (dev->device_type) {
2835 case PN533_DEVICE_PASORI:
2836 if (dev->tgt_active_prot != NFC_PROTO_FELICA) {
2837 rc = -EIO;
2838 break;
2839 }
2840
2841 rc = pn533_send_cmd_direct_async(dev, PN533_CMD_IN_COMM_THRU,
2842 skb,
2843 pn533_data_exchange_complete,
2844 dev->cmd_complete_dep_arg);
2845
2846 break;
2847
2848 default:
2849 /* Still some fragments? */
2850 rc = pn533_send_cmd_direct_async(dev,PN533_CMD_IN_DATA_EXCHANGE,
2851 skb,
2852 pn533_data_exchange_complete,
2853 dev->cmd_complete_dep_arg);
2854
2855 break;
2856 }
2857
2858 if (rc == 0) /* success */
2859 return;
2860
073a625f
JP		 2861 nfc_err(&dev->interface->dev,
2862 "Error %d when trying to perform data_exchange\n", rc);
963a82e0
OG		 2863
2864 dev_kfree_skb(skb);
2865 kfree(dev->cmd_complete_dep_arg);
2866
2867error:
2868 pn533_send_ack(dev, GFP_KERNEL);
2869 queue_work(dev->wq, &dev->cmd_work);
2870}
2871
c46ee386
AAJ		 2872static int pn533_set_configuration(struct pn533 *dev, u8 cfgitem, u8 *cfgdata,
2873 u8 cfgdata_len)
2874{
cb950d93
WR		 2875 struct sk_buff *skb;
2876 struct sk_buff *resp;
cb950d93 2877 int skb_len;
c46ee386 2878
b4834839 2879 dev_dbg(&dev->interface->dev, "%s\n", __func__);
c46ee386 2880
cb950d93 2881 skb_len = sizeof(cfgitem) + cfgdata_len; /* cfgitem + cfgdata */
c46ee386 2882
9e2d493e 2883 skb = pn533_alloc_skb(dev, skb_len);
cb950d93
WR		 2884 if (!skb)
2885 return -ENOMEM;
c46ee386 2886
cb950d93
WR		 2887 *skb_put(skb, sizeof(cfgitem)) = cfgitem;
2888 memcpy(skb_put(skb, cfgdata_len), cfgdata, cfgdata_len);
c46ee386 2889
cb950d93
WR		 2890 resp = pn533_send_cmd_sync(dev, PN533_CMD_RF_CONFIGURATION, skb);
2891 if (IS_ERR(resp))
2892 return PTR_ERR(resp);
c46ee386 2893
cb950d93
WR		 2894 dev_kfree_skb(resp);
2895 return 0;
2896}
2897
2898static int pn533_get_firmware_version(struct pn533 *dev,
2899 struct pn533_fw_version *fv)
2900{
2901 struct sk_buff *skb;
2902 struct sk_buff *resp;
2903
9e2d493e 2904 skb = pn533_alloc_skb(dev, 0);
cb950d93
WR		 2905 if (!skb)
2906 return -ENOMEM;
2907
2908 resp = pn533_send_cmd_sync(dev, PN533_CMD_GET_FIRMWARE_VERSION, skb);
2909 if (IS_ERR(resp))
2910 return PTR_ERR(resp);
2911
2912 fv->ic = resp->data[0];
2913 fv->ver = resp->data[1];
2914 fv->rev = resp->data[2];
2915 fv->support = resp->data[3];
2916
2917 dev_kfree_skb(resp);
2918 return 0;
c46ee386
AAJ		 2919}
2920
f75c2913 2921static int pn533_pasori_fw_reset(struct pn533 *dev)
5c7b0531 2922{
cb950d93
WR		 2923 struct sk_buff *skb;
2924 struct sk_buff *resp;
5c7b0531 2925
b4834839 2926 dev_dbg(&dev->interface->dev, "%s\n", __func__);
5c7b0531 2927
9e2d493e 2928 skb = pn533_alloc_skb(dev, sizeof(u8));
cb950d93
WR		 2929 if (!skb)
2930 return -ENOMEM;
5c7b0531 2931
cb950d93 2932 *skb_put(skb, sizeof(u8)) = 0x1;
5c7b0531 2933
cb950d93
WR		 2934 resp = pn533_send_cmd_sync(dev, 0x18, skb);
2935 if (IS_ERR(resp))
2936 return PTR_ERR(resp);
5c7b0531 2937
cb950d93 2938 dev_kfree_skb(resp);
5c7b0531 2939
94c5c156 2940 return 0;
5c7b0531
SO		 2941}
2942
53cf4839
WR		 2943struct pn533_acr122_poweron_rdr_arg {
2944 int rc;
2945 struct completion done;
2946};
2947
2948static void pn533_acr122_poweron_rdr_resp(struct urb *urb)
2949{
2950 struct pn533_acr122_poweron_rdr_arg *arg = urb->context;
2951
b4834839 2952 dev_dbg(&urb->dev->dev, "%s\n", __func__);
53cf4839 2953
86eca4e7 2954 print_hex_dump_debug("ACR122 RX: ", DUMP_PREFIX_NONE, 16, 1,
53cf4839
WR		 2955 urb->transfer_buffer, urb->transfer_buffer_length,
2956 false);
2957
2958 arg->rc = urb->status;
2959 complete(&arg->done);
2960}
2961
2962static int pn533_acr122_poweron_rdr(struct pn533 *dev)
2963{
2964 /* Power on th reader (CCID cmd) */
2965 u8 cmd[10] = {PN533_ACR122_PC_TO_RDR_ICCPOWERON,
2966 0, 0, 0, 0, 0, 0, 3, 0, 0};
2967 u8 buf[255];
2968 int rc;
2969 void *cntx;
2970 struct pn533_acr122_poweron_rdr_arg arg;
2971
b4834839 2972 dev_dbg(&dev->interface->dev, "%s\n", __func__);
53cf4839
WR		 2973
2974 init_completion(&arg.done);
2975 cntx = dev->in_urb->context; /* backup context */
2976
2977 dev->in_urb->transfer_buffer = buf;
2978 dev->in_urb->transfer_buffer_length = 255;
2979 dev->in_urb->complete = pn533_acr122_poweron_rdr_resp;
2980 dev->in_urb->context = &arg;
2981
2982 dev->out_urb->transfer_buffer = cmd;
2983 dev->out_urb->transfer_buffer_length = sizeof(cmd);
2984
86eca4e7 2985 print_hex_dump_debug("ACR122 TX: ", DUMP_PREFIX_NONE, 16, 1,
53cf4839
WR		 2986 cmd, sizeof(cmd), false);
2987
2988 rc = usb_submit_urb(dev->out_urb, GFP_KERNEL);
2989 if (rc) {
073a625f
JP		 2990 nfc_err(&dev->interface->dev,
2991 "Reader power on cmd error %d\n", rc);
53cf4839
WR		 2992 return rc;
2993 }
2994
2995 rc = usb_submit_urb(dev->in_urb, GFP_KERNEL);
2996 if (rc) {
073a625f
JP		 2997 nfc_err(&dev->interface->dev,
2998 "Can't submit reader poweron cmd response %d\n", rc);
53cf4839
WR		 2999 return rc;
3000 }
3001
3002 wait_for_completion(&arg.done);
3003 dev->in_urb->context = cntx; /* restore context */
3004
3005 return arg.rc;
3006}
3007
60d9edd5
SO		 3008static int pn533_rf_field(struct nfc_dev *nfc_dev, u8 rf)
3009{
3010 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
3011 u8 rf_field = !!rf;
3012 int rc;
3013
3a8eab39
SO		 3014 rf_field |= PN533_CFGITEM_RF_FIELD_AUTO_RFCA;
3015
60d9edd5
SO		 3016 rc = pn533_set_configuration(dev, PN533_CFGITEM_RF_FIELD,
3017 (u8 *)&rf_field, 1);
3018 if (rc) {
073a625f 3019 nfc_err(&dev->interface->dev, "Error on setting RF field\n");
60d9edd5
SO		 3020 return rc;
3021 }
3022
3023 return rc;
3024}
3025
e44666b9 3026static int pn533_dev_up(struct nfc_dev *nfc_dev)
60d9edd5
SO		 3027{
3028 return pn533_rf_field(nfc_dev, 1);
3029}
3030
e44666b9 3031static int pn533_dev_down(struct nfc_dev *nfc_dev)
60d9edd5
SO		 3032{
3033 return pn533_rf_field(nfc_dev, 0);
3034}
3035
5c7b0531 3036static struct nfc_ops pn533_nfc_ops = {
60d9edd5
SO		 3037 .dev_up = pn533_dev_up,
3038 .dev_down = pn533_dev_down,
361f3cb7
SO		 3039 .dep_link_up = pn533_dep_link_up,
3040 .dep_link_down = pn533_dep_link_down,
c46ee386
AAJ		 3041 .start_poll = pn533_start_poll,
3042 .stop_poll = pn533_stop_poll,
3043 .activate_target = pn533_activate_target,
3044 .deactivate_target = pn533_deactivate_target,
be9ae4ce 3045 .im_transceive = pn533_transceive,
dadb06f2 3046 .tm_send = pn533_tm_send,
c46ee386
AAJ		 3047};
3048
5c7b0531
SO		 3049static int pn533_setup(struct pn533 *dev)
3050{
3051 struct pn533_config_max_retries max_retries;
3052 struct pn533_config_timing timing;
3053 u8 pasori_cfg[3] = {0x08, 0x01, 0x08};
3054 int rc;
3055
3056 switch (dev->device_type) {
3057 case PN533_DEVICE_STD:
5c7b0531 3058 case PN533_DEVICE_PASORI:
53cf4839 3059 case PN533_DEVICE_ACR122U:
5c7b0531
SO		 3060 max_retries.mx_rty_atr = 0x2;
3061 max_retries.mx_rty_psl = 0x1;
3062 max_retries.mx_rty_passive_act =
3063 PN533_CONFIG_MAX_RETRIES_NO_RETRY;
3064
3065 timing.rfu = PN533_CONFIG_TIMING_102;
3066 timing.atr_res_timeout = PN533_CONFIG_TIMING_102;
3067 timing.dep_timeout = PN533_CONFIG_TIMING_204;
3068
3069 break;
3070
3071 default:
073a625f
JP		 3072 nfc_err(&dev->interface->dev, "Unknown device type %d\n",
3073 dev->device_type);
5c7b0531
SO		 3074 return -EINVAL;
3075 }
3076
3077 rc = pn533_set_configuration(dev, PN533_CFGITEM_MAX_RETRIES,
3078 (u8 *)&max_retries, sizeof(max_retries));
3079 if (rc) {
073a625f
JP		 3080 nfc_err(&dev->interface->dev,
3081 "Error on setting MAX_RETRIES config\n");
5c7b0531
SO		 3082 return rc;
3083 }
3084
3085
3086 rc = pn533_set_configuration(dev, PN533_CFGITEM_TIMING,
3087 (u8 *)&timing, sizeof(timing));
3088 if (rc) {
073a625f 3089 nfc_err(&dev->interface->dev, "Error on setting RF timings\n");
5c7b0531
SO		 3090 return rc;
3091 }
3092
3093 switch (dev->device_type) {
3094 case PN533_DEVICE_STD:
3095 break;
3096
3097 case PN533_DEVICE_PASORI:
f75c2913 3098 pn533_pasori_fw_reset(dev);
5c7b0531
SO		 3099
3100 rc = pn533_set_configuration(dev, PN533_CFGITEM_PASORI,
3101 pasori_cfg, 3);
3102 if (rc) {
073a625f
JP		 3103 nfc_err(&dev->interface->dev,
3104 "Error while settings PASORI config\n");
5c7b0531
SO		 3105 return rc;
3106 }
3107
f75c2913 3108 pn533_pasori_fw_reset(dev);
5c7b0531
SO		 3109
3110 break;
3111 }
3112
3113 return 0;
3114}
3115
c46ee386
AAJ		 3116static int pn533_probe(struct usb_interface *interface,
3117 const struct usb_device_id *id)
3118{
cb950d93 3119 struct pn533_fw_version fw_ver;
c46ee386
AAJ		 3120 struct pn533 *dev;
3121 struct usb_host_interface *iface_desc;
3122 struct usb_endpoint_descriptor *endpoint;
c46ee386
AAJ		 3123 int in_endpoint = 0;
3124 int out_endpoint = 0;
3125 int rc = -ENOMEM;
3126 int i;
3127 u32 protocols;
3128
3129 dev = kzalloc(sizeof(*dev), GFP_KERNEL);
3130 if (!dev)
3131 return -ENOMEM;
3132
3133 dev->udev = usb_get_dev(interface_to_usbdev(interface));
3134 dev->interface = interface;
0201ed03 3135 mutex_init(&dev->cmd_lock);
c46ee386
AAJ		 3136
3137 iface_desc = interface->cur_altsetting;
3138 for (i = 0; i < iface_desc->desc.bNumEndpoints; ++i) {
3139 endpoint = &iface_desc->endpoint[i].desc;
3140
8d25ca79 3141 if (!in_endpoint && usb_endpoint_is_bulk_in(endpoint))
c46ee386 3142 in_endpoint = endpoint->bEndpointAddress;
c46ee386 3143
8d25ca79 3144 if (!out_endpoint && usb_endpoint_is_bulk_out(endpoint))
c46ee386 3145 out_endpoint = endpoint->bEndpointAddress;
c46ee386
AAJ		 3146 }
3147
3148 if (!in_endpoint || !out_endpoint) {
073a625f
JP		 3149 nfc_err(&interface->dev,
3150 "Could not find bulk-in or bulk-out endpoint\n");
c46ee386
AAJ		 3151 rc = -ENODEV;
3152 goto error;
3153 }
3154
c46ee386 3155 dev->in_urb = usb_alloc_urb(0, GFP_KERNEL);
c46ee386
AAJ		 3156 dev->out_urb = usb_alloc_urb(0, GFP_KERNEL);
3157
a5798094 3158 if (!dev->in_urb || !dev->out_urb)
c46ee386
AAJ		 3159 goto error;
3160
3161 usb_fill_bulk_urb(dev->in_urb, dev->udev,
5d467742
WR		 3162 usb_rcvbulkpipe(dev->udev, in_endpoint),
3163 NULL, 0, NULL, dev);
c46ee386 3164 usb_fill_bulk_urb(dev->out_urb, dev->udev,
5d467742
WR		 3165 usb_sndbulkpipe(dev->udev, out_endpoint),
3166 NULL, 0, pn533_send_complete, dev);
c46ee386 3167
5d50b364
SO		 3168 INIT_WORK(&dev->cmd_work, pn533_wq_cmd);
3169 INIT_WORK(&dev->cmd_complete_work, pn533_wq_cmd_complete);
963a82e0
OG		 3170 INIT_WORK(&dev->mi_rx_work, pn533_wq_mi_recv);
3171 INIT_WORK(&dev->mi_tx_work, pn533_wq_mi_send);
103b34cf 3172 INIT_WORK(&dev->tg_work, pn533_wq_tg_get_data);
3c13b244 3173 INIT_WORK(&dev->mi_tm_rx_work, pn533_wq_tm_mi_recv);
93ad4202 3174 INIT_WORK(&dev->mi_tm_tx_work, pn533_wq_tm_mi_send);
46f793b0 3175 INIT_DELAYED_WORK(&dev->poll_work, pn533_wq_poll);
17e9d9d4 3176 INIT_WORK(&dev->rf_work, pn533_wq_rf);
58637c9b 3177 dev->wq = alloc_ordered_workqueue("pn533", 0);
4849f85e
SO		 3178 if (dev->wq == NULL)
3179 goto error;
c46ee386 3180
6fbbdc16
SO		 3181 init_timer(&dev->listen_timer);
3182 dev->listen_timer.data = (unsigned long) dev;
3183 dev->listen_timer.function = pn533_listen_mode_timer;
3184
6ff73fd2 3185 skb_queue_head_init(&dev->resp_q);
963a82e0 3186 skb_queue_head_init(&dev->fragment_skb);
6ff73fd2 3187
5d50b364
SO		 3188 INIT_LIST_HEAD(&dev->cmd_queue);
3189
c46ee386
AAJ		 3190 usb_set_intfdata(interface, dev);
3191
9e2d493e 3192 dev->ops = &pn533_std_frame_ops;
c46ee386 3193
58520373 3194 dev->protocol_type = PN533_PROTO_REQ_ACK_RESP;
5c7b0531
SO		 3195 dev->device_type = id->driver_info;
3196 switch (dev->device_type) {
3197 case PN533_DEVICE_STD:
3198 protocols = PN533_ALL_PROTOCOLS;
3199 break;
3200
3201 case PN533_DEVICE_PASORI:
3202 protocols = PN533_NO_TYPE_B_PROTOCOLS;
3203 break;
3204
53cf4839
WR		 3205 case PN533_DEVICE_ACR122U:
3206 protocols = PN533_NO_TYPE_B_PROTOCOLS;
3207 dev->ops = &pn533_acr122_frame_ops;
3208 dev->protocol_type = PN533_PROTO_REQ_RESP,
3209
3210 rc = pn533_acr122_poweron_rdr(dev);
3211 if (rc < 0) {
073a625f
JP		 3212 nfc_err(&dev->interface->dev,
3213 "Couldn't poweron the reader (error %d)\n", rc);
53cf4839
WR		 3214 goto destroy_wq;
3215 }
3216 break;
3217
5c7b0531 3218 default:
073a625f
JP		 3219 nfc_err(&dev->interface->dev, "Unknown device type %d\n",
3220 dev->device_type);
5c7b0531
SO		 3221 rc = -EINVAL;
3222 goto destroy_wq;
3223 }
c46ee386 3224
9e2d493e
WR		 3225 memset(&fw_ver, 0, sizeof(fw_ver));
3226 rc = pn533_get_firmware_version(dev, &fw_ver);
3227 if (rc < 0)
3228 goto destroy_wq;
3229
073a625f
JP		 3230 nfc_info(&dev->interface->dev,
3231 "NXP PN5%02X firmware ver %d.%d now attached\n",
3232 fw_ver.ic, fw_ver.ver, fw_ver.rev);
9e2d493e
WR		 3233
3234
e8753043 3235 dev->nfc_dev = nfc_allocate_device(&pn533_nfc_ops, protocols,
9e2d493e 3236 dev->ops->tx_header_len +
e8753043 3237 PN533_CMD_DATAEXCH_HEAD_LEN,
9e2d493e 3238 dev->ops->tx_tail_len);
4674d0fe
WY		 3239 if (!dev->nfc_dev) {
3240 rc = -ENOMEM;
4849f85e 3241 goto destroy_wq;
4674d0fe 3242 }
c46ee386
AAJ		 3243
3244 nfc_set_parent_dev(dev->nfc_dev, &interface->dev);
3245 nfc_set_drvdata(dev->nfc_dev, dev);
3246
3247 rc = nfc_register_device(dev->nfc_dev);
3248 if (rc)
3249 goto free_nfc_dev;
3250
5c7b0531
SO		 3251 rc = pn533_setup(dev);
3252 if (rc)
34a85bfc 3253 goto unregister_nfc_dev;
34a85bfc 3254
c46ee386
AAJ		 3255 return 0;
3256
9f2f8ba1
SO		 3257unregister_nfc_dev:
3258 nfc_unregister_device(dev->nfc_dev);
3259
c46ee386
AAJ		 3260free_nfc_dev:
3261 nfc_free_device(dev->nfc_dev);
9f2f8ba1 3262
4849f85e
SO		 3263destroy_wq:
3264 destroy_workqueue(dev->wq);
c46ee386 3265error:
c46ee386 3266 usb_free_urb(dev->in_urb);
c46ee386 3267 usb_free_urb(dev->out_urb);
7c5a54fb 3268 usb_put_dev(dev->udev);
c46ee386
AAJ		 3269 kfree(dev);
3270 return rc;
3271}
3272
3273static void pn533_disconnect(struct usb_interface *interface)
3274{
3275 struct pn533 *dev;
5d50b364 3276 struct pn533_cmd *cmd, *n;
c46ee386
AAJ		 3277
3278 dev = usb_get_intfdata(interface);
3279 usb_set_intfdata(interface, NULL);
3280
3281 nfc_unregister_device(dev->nfc_dev);
3282 nfc_free_device(dev->nfc_dev);
3283
3284 usb_kill_urb(dev->in_urb);
3285 usb_kill_urb(dev->out_urb);
3286
46f793b0 3287 flush_delayed_work(&dev->poll_work);
4849f85e 3288 destroy_workqueue(dev->wq);
c46ee386 3289
6ff73fd2
SO		 3290 skb_queue_purge(&dev->resp_q);
3291
6fbbdc16
SO		 3292 del_timer(&dev->listen_timer);
3293
5d50b364
SO		 3294 list_for_each_entry_safe(cmd, n, &dev->cmd_queue, queue) {
3295 list_del(&cmd->queue);
3296 kfree(cmd);
3297 }
3298
c46ee386 3299 usb_free_urb(dev->in_urb);
c46ee386
AAJ		 3300 usb_free_urb(dev->out_urb);
3301 kfree(dev);
3302
073a625f 3303 nfc_info(&interface->dev, "NXP PN533 NFC device disconnected\n");
c46ee386
AAJ		 3304}
3305
3306static struct usb_driver pn533_driver = {
3307 .name = "pn533",
3308 .probe = pn533_probe,
3309 .disconnect = pn533_disconnect,
3310 .id_table = pn533_table,
3311};
3312
fe748483 3313module_usb_driver(pn533_driver);
c46ee386 3314
e70b96e9
WR		 3315MODULE_AUTHOR("Lauro Ramos Venancio <lauro.venancio@openbossa.org>");
3316MODULE_AUTHOR("Aloisio Almeida Jr <aloisio.almeida@openbossa.org>");
3317MODULE_AUTHOR("Waldemar Rymarkiewicz <waldemar.rymarkiewicz@tieto.com>");
c46ee386
AAJ		 3318MODULE_DESCRIPTION("PN533 usb driver ver " VERSION);
3319MODULE_VERSION(VERSION);
3320MODULE_LICENSE("GPL");
Linux kernel - Deliverables
This page took 0.408836 seconds and 5 git commands to generate.