projects / linux-2.6-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
cleancache: constify cleancache_ops structure
[linux-2.6-block.git] / drivers / nfc / pn533.c
CommitLineData
c46ee386
AAJ		 1/*
2 * Copyright (C) 2011 Instituto Nokia de Tecnologia
e70b96e9 3 * Copyright (C) 2012-2013 Tieto Poland
c46ee386
AAJ		 4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License
98b32dec 16 * along with this program; if not, see <http://www.gnu.org/licenses/>.
c46ee386
AAJ		 17 */
18
19#include <linux/device.h>
20#include <linux/kernel.h>
21#include <linux/module.h>
22#include <linux/slab.h>
23#include <linux/usb.h>
24#include <linux/nfc.h>
25#include <linux/netdevice.h>
55eb94f9 26#include <net/nfc/nfc.h>
c46ee386 27
495af72e 28#define VERSION "0.2"
c46ee386
AAJ		 29
30#define PN533_VENDOR_ID 0x4CC
31#define PN533_PRODUCT_ID 0x2533
32
33#define SCM_VENDOR_ID 0x4E6
34#define SCL3711_PRODUCT_ID 0x5591
35
5c7b0531
SO		 36#define SONY_VENDOR_ID 0x054c
37#define PASORI_PRODUCT_ID 0x02e1
38
53cf4839
WR		 39#define ACS_VENDOR_ID 0x072f
40#define ACR122U_PRODUCT_ID 0x2200
41
42#define PN533_DEVICE_STD 0x1
43#define PN533_DEVICE_PASORI 0x2
44#define PN533_DEVICE_ACR122U 0x3
5c7b0531 45
01d719a2
SO		 46#define PN533_ALL_PROTOCOLS (NFC_PROTO_JEWEL_MASK | NFC_PROTO_MIFARE_MASK |\
47 NFC_PROTO_FELICA_MASK | NFC_PROTO_ISO14443_MASK |\
48 NFC_PROTO_NFC_DEP_MASK |\
49 NFC_PROTO_ISO14443_B_MASK)
5c7b0531
SO		 50
51#define PN533_NO_TYPE_B_PROTOCOLS (NFC_PROTO_JEWEL_MASK | \
52 NFC_PROTO_MIFARE_MASK | \
53 NFC_PROTO_FELICA_MASK | \
01d719a2 54 NFC_PROTO_ISO14443_MASK | \
5c7b0531
SO		 55 NFC_PROTO_NFC_DEP_MASK)
56
c46ee386 57static const struct usb_device_id pn533_table[] = {
99968e06
AL		 58 { USB_DEVICE(PN533_VENDOR_ID, PN533_PRODUCT_ID),
59 .driver_info = PN533_DEVICE_STD },
60 { USB_DEVICE(SCM_VENDOR_ID, SCL3711_PRODUCT_ID),
61 .driver_info = PN533_DEVICE_STD },
62 { USB_DEVICE(SONY_VENDOR_ID, PASORI_PRODUCT_ID),
63 .driver_info = PN533_DEVICE_PASORI },
64 { USB_DEVICE(ACS_VENDOR_ID, ACR122U_PRODUCT_ID),
65 .driver_info = PN533_DEVICE_ACR122U },
c46ee386
AAJ		 66 { }
67};
68MODULE_DEVICE_TABLE(usb, pn533_table);
69
6fbbdc16
SO		 70/* How much time we spend listening for initiators */
71#define PN533_LISTEN_TIME 2
46f793b0
SO		 72/* Delay between each poll frame (ms) */
73#define PN533_POLL_INTERVAL 10
6fbbdc16 74
1575b9d8 75/* Standard pn533 frame definitions (standard and extended)*/
63123108 76#define PN533_STD_FRAME_HEADER_LEN (sizeof(struct pn533_std_frame) \
b1bb290a 77 + 2) /* data[0] TFI, data[1] CC */
63123108 78#define PN533_STD_FRAME_TAIL_LEN 2 /* data[len] DCS, data[len + 1] postamble*/
82dec34d 79
1575b9d8
OG		 80#define PN533_EXT_FRAME_HEADER_LEN (sizeof(struct pn533_ext_frame) \
81 + 2) /* data[0] TFI, data[1] CC */
82
83#define PN533_CMD_DATAEXCH_DATA_MAXLEN 262
84#define PN533_CMD_DATAFRAME_MAXLEN 240 /* max data length (send) */
85
15461aeb
WR		 86/*
87 * Max extended frame payload len, excluding TFI and CC
88 * which are already in PN533_FRAME_HEADER_LEN.
89 */
63123108 90#define PN533_STD_FRAME_MAX_PAYLOAD_LEN 263
15461aeb 91
63123108 92#define PN533_STD_FRAME_ACK_SIZE 6 /* Preamble (1), SoPC (2), ACK Code (2),
5b5a4437 93 Postamble (1) */
63123108
WR		 94#define PN533_STD_FRAME_CHECKSUM(f) (f->data[f->datalen])
95#define PN533_STD_FRAME_POSTAMBLE(f) (f->data[f->datalen + 1])
1575b9d8
OG		 96/* Half start code (3), LEN (4) should be 0xffff for extended frame */
97#define PN533_STD_IS_EXTENDED(hdr) ((hdr)->datalen == 0xFF \
98 && (hdr)->datalen_checksum == 0xFF)
99#define PN533_EXT_FRAME_CHECKSUM(f) (f->data[be16_to_cpu(f->datalen)])
c46ee386
AAJ		 100
101/* start of frame */
63123108 102#define PN533_STD_FRAME_SOF 0x00FF
c46ee386 103
63123108
WR		 104/* standard frame identifier: in/out/error */
105#define PN533_STD_FRAME_IDENTIFIER(f) (f->data[0]) /* TFI */
106#define PN533_STD_FRAME_DIR_OUT 0xD4
107#define PN533_STD_FRAME_DIR_IN 0xD5
c46ee386 108
53cf4839
WR		 109/* ACS ACR122 pn533 frame definitions */
110#define PN533_ACR122_TX_FRAME_HEADER_LEN (sizeof(struct pn533_acr122_tx_frame) \
111 + 2)
112#define PN533_ACR122_TX_FRAME_TAIL_LEN 0
113#define PN533_ACR122_RX_FRAME_HEADER_LEN (sizeof(struct pn533_acr122_rx_frame) \
114 + 2)
115#define PN533_ACR122_RX_FRAME_TAIL_LEN 2
116#define PN533_ACR122_FRAME_MAX_PAYLOAD_LEN PN533_STD_FRAME_MAX_PAYLOAD_LEN
117
118/* CCID messages types */
119#define PN533_ACR122_PC_TO_RDR_ICCPOWERON 0x62
120#define PN533_ACR122_PC_TO_RDR_ESCAPE 0x6B
121
122#define PN533_ACR122_RDR_TO_PC_ESCAPE 0x83
123
c46ee386 124/* PN533 Commands */
1575b9d8 125#define PN533_FRAME_CMD(f) (f->data[1])
c46ee386
AAJ		 126
127#define PN533_CMD_GET_FIRMWARE_VERSION 0x02
128#define PN533_CMD_RF_CONFIGURATION 0x32
129#define PN533_CMD_IN_DATA_EXCHANGE 0x40
5c7b0531 130#define PN533_CMD_IN_COMM_THRU 0x42
c46ee386
AAJ		 131#define PN533_CMD_IN_LIST_PASSIVE_TARGET 0x4A
132#define PN533_CMD_IN_ATR 0x50
133#define PN533_CMD_IN_RELEASE 0x52
361f3cb7 134#define PN533_CMD_IN_JUMP_FOR_DEP 0x56
c46ee386 135
ad3823ce 136#define PN533_CMD_TG_INIT_AS_TARGET 0x8c
103b34cf 137#define PN533_CMD_TG_GET_DATA 0x86
dadb06f2 138#define PN533_CMD_TG_SET_DATA 0x8e
93ad4202 139#define PN533_CMD_TG_SET_META_DATA 0x94
aada17ac 140#define PN533_CMD_UNDEF 0xff
ad3823ce 141
c46ee386
AAJ		 142#define PN533_CMD_RESPONSE(cmd) (cmd + 1)
143
144/* PN533 Return codes */
145#define PN533_CMD_RET_MASK 0x3F
146#define PN533_CMD_MI_MASK 0x40
147#define PN533_CMD_RET_SUCCESS 0x00
148
149struct pn533;
150
aada17ac
WR		 151typedef int (*pn533_send_async_complete_t) (struct pn533 *dev, void *arg,
152 struct sk_buff *resp);
153
c46ee386
AAJ		 154/* structs for pn533 commands */
155
156/* PN533_CMD_GET_FIRMWARE_VERSION */
157struct pn533_fw_version {
158 u8 ic;
159 u8 ver;
160 u8 rev;
161 u8 support;
162};
163
164/* PN533_CMD_RF_CONFIGURATION */
60d9edd5
SO		 165#define PN533_CFGITEM_RF_FIELD 0x01
166#define PN533_CFGITEM_TIMING 0x02
c46ee386 167#define PN533_CFGITEM_MAX_RETRIES 0x05
60d9edd5
SO		 168#define PN533_CFGITEM_PASORI 0x82
169
3a8eab39
SO		 170#define PN533_CFGITEM_RF_FIELD_AUTO_RFCA 0x2
171#define PN533_CFGITEM_RF_FIELD_ON 0x1
172#define PN533_CFGITEM_RF_FIELD_OFF 0x0
c46ee386 173
34a85bfc
SO		 174#define PN533_CONFIG_TIMING_102 0xb
175#define PN533_CONFIG_TIMING_204 0xc
176#define PN533_CONFIG_TIMING_409 0xd
177#define PN533_CONFIG_TIMING_819 0xe
178
c46ee386
AAJ		 179#define PN533_CONFIG_MAX_RETRIES_NO_RETRY 0x00
180#define PN533_CONFIG_MAX_RETRIES_ENDLESS 0xFF
181
182struct pn533_config_max_retries {
183 u8 mx_rty_atr;
184 u8 mx_rty_psl;
185 u8 mx_rty_passive_act;
186} __packed;
187
34a85bfc
SO		 188struct pn533_config_timing {
189 u8 rfu;
190 u8 atr_res_timeout;
191 u8 dep_timeout;
192} __packed;
193
c46ee386
AAJ		 194/* PN533_CMD_IN_LIST_PASSIVE_TARGET */
195
196/* felica commands opcode */
197#define PN533_FELICA_OPC_SENSF_REQ 0
198#define PN533_FELICA_OPC_SENSF_RES 1
199/* felica SENSF_REQ parameters */
200#define PN533_FELICA_SENSF_SC_ALL 0xFFFF
201#define PN533_FELICA_SENSF_RC_NO_SYSTEM_CODE 0
202#define PN533_FELICA_SENSF_RC_SYSTEM_CODE 1
203#define PN533_FELICA_SENSF_RC_ADVANCED_PROTOCOL 2
204
205/* type B initiator_data values */
206#define PN533_TYPE_B_AFI_ALL_FAMILIES 0
207#define PN533_TYPE_B_POLL_METHOD_TIMESLOT 0
208#define PN533_TYPE_B_POLL_METHOD_PROBABILISTIC 1
209
210union pn533_cmd_poll_initdata {
211 struct {
212 u8 afi;
213 u8 polling_method;
214 } __packed type_b;
215 struct {
216 u8 opcode;
217 __be16 sc;
218 u8 rc;
219 u8 tsn;
220 } __packed felica;
221};
222
223/* Poll modulations */
224enum {
225 PN533_POLL_MOD_106KBPS_A,
226 PN533_POLL_MOD_212KBPS_FELICA,
227 PN533_POLL_MOD_424KBPS_FELICA,
228 PN533_POLL_MOD_106KBPS_JEWEL,
229 PN533_POLL_MOD_847KBPS_B,
6fbbdc16 230 PN533_LISTEN_MOD,
c46ee386
AAJ		 231
232 __PN533_POLL_MOD_AFTER_LAST,
233};
234#define PN533_POLL_MOD_MAX (__PN533_POLL_MOD_AFTER_LAST - 1)
235
236struct pn533_poll_modulations {
237 struct {
238 u8 maxtg;
239 u8 brty;
240 union pn533_cmd_poll_initdata initiator_data;
241 } __packed data;
242 u8 len;
243};
244
ef3d56e1 245static const struct pn533_poll_modulations poll_mod[] = {
c46ee386
AAJ		 246 [PN533_POLL_MOD_106KBPS_A] = {
247 .data = {
248 .maxtg = 1,
249 .brty = 0,
250 },
251 .len = 2,
252 },
253 [PN533_POLL_MOD_212KBPS_FELICA] = {
254 .data = {
255 .maxtg = 1,
256 .brty = 1,
257 .initiator_data.felica = {
258 .opcode = PN533_FELICA_OPC_SENSF_REQ,
259 .sc = PN533_FELICA_SENSF_SC_ALL,
a94e10f7 260 .rc = PN533_FELICA_SENSF_RC_SYSTEM_CODE,
31c44464 261 .tsn = 0x03,
c46ee386
AAJ		 262 },
263 },
264 .len = 7,
265 },
266 [PN533_POLL_MOD_424KBPS_FELICA] = {
267 .data = {
268 .maxtg = 1,
269 .brty = 2,
270 .initiator_data.felica = {
271 .opcode = PN533_FELICA_OPC_SENSF_REQ,
272 .sc = PN533_FELICA_SENSF_SC_ALL,
a94e10f7 273 .rc = PN533_FELICA_SENSF_RC_SYSTEM_CODE,
31c44464 274 .tsn = 0x03,
c46ee386
AAJ		 275 },
276 },
277 .len = 7,
278 },
279 [PN533_POLL_MOD_106KBPS_JEWEL] = {
280 .data = {
281 .maxtg = 1,
282 .brty = 4,
283 },
284 .len = 2,
285 },
286 [PN533_POLL_MOD_847KBPS_B] = {
287 .data = {
288 .maxtg = 1,
289 .brty = 8,
290 .initiator_data.type_b = {
291 .afi = PN533_TYPE_B_AFI_ALL_FAMILIES,
292 .polling_method =
293 PN533_TYPE_B_POLL_METHOD_TIMESLOT,
294 },
295 },
296 .len = 3,
297 },
6fbbdc16
SO		 298 [PN533_LISTEN_MOD] = {
299 .len = 0,
300 },
c46ee386
AAJ		 301};
302
303/* PN533_CMD_IN_ATR */
304
c46ee386
AAJ		 305struct pn533_cmd_activate_response {
306 u8 status;
307 u8 nfcid3t[10];
308 u8 didt;
309 u8 bst;
310 u8 brt;
311 u8 to;
312 u8 ppt;
313 /* optional */
314 u8 gt[];
315} __packed;
316
361f3cb7
SO		 317struct pn533_cmd_jump_dep_response {
318 u8 status;
319 u8 tg;
320 u8 nfcid3t[10];
321 u8 didt;
322 u8 bst;
323 u8 brt;
324 u8 to;
325 u8 ppt;
326 /* optional */
327 u8 gt[];
328} __packed;
c46ee386 329
ad3823ce
SO		 330
331/* PN533_TG_INIT_AS_TARGET */
332#define PN533_INIT_TARGET_PASSIVE 0x1
333#define PN533_INIT_TARGET_DEP 0x2
334
fc40a8c1
SO		 335#define PN533_INIT_TARGET_RESP_FRAME_MASK 0x3
336#define PN533_INIT_TARGET_RESP_ACTIVE 0x1
337#define PN533_INIT_TARGET_RESP_DEP 0x4
338
58520373
WR		 339enum pn533_protocol_type {
340 PN533_PROTO_REQ_ACK_RESP = 0,
341 PN533_PROTO_REQ_RESP
342};
343
c46ee386
AAJ		 344struct pn533 {
345 struct usb_device *udev;
346 struct usb_interface *interface;
347 struct nfc_dev *nfc_dev;
d5590bba 348 u32 device_type;
58520373 349 enum pn533_protocol_type protocol_type;
c46ee386
AAJ		 350
351 struct urb *out_urb;
c46ee386 352 struct urb *in_urb;
c46ee386 353
6ff73fd2 354 struct sk_buff_head resp_q;
963a82e0 355 struct sk_buff_head fragment_skb;
6ff73fd2 356
4849f85e
SO		 357 struct workqueue_struct *wq;
358 struct work_struct cmd_work;
5d50b364 359 struct work_struct cmd_complete_work;
46f793b0 360 struct delayed_work poll_work;
963a82e0
OG		 361 struct work_struct mi_rx_work;
362 struct work_struct mi_tx_work;
3c13b244 363 struct work_struct mi_tm_rx_work;
93ad4202 364 struct work_struct mi_tm_tx_work;
103b34cf 365 struct work_struct tg_work;
17e9d9d4 366 struct work_struct rf_work;
d5590bba
WR		 367
368 struct list_head cmd_queue;
369 struct pn533_cmd *cmd;
370 u8 cmd_pending;
d5590bba 371 struct mutex cmd_lock; /* protects cmd queue */
c46ee386 372
b1e666f5 373 void *cmd_complete_mi_arg;
963a82e0 374 void *cmd_complete_dep_arg;
c46ee386
AAJ		 375
376 struct pn533_poll_modulations *poll_mod_active[PN533_POLL_MOD_MAX + 1];
377 u8 poll_mod_count;
378 u8 poll_mod_curr;
673088fb 379 u8 poll_dep;
c46ee386 380 u32 poll_protocols;
6fbbdc16 381 u32 listen_protocols;
d5590bba
WR		 382 struct timer_list listen_timer;
383 int cancel_listen;
6fbbdc16
SO		 384
385 u8 *gb;
386 size_t gb_len;
c46ee386
AAJ		 387
388 u8 tgt_available_prots;
389 u8 tgt_active_prot;
51ad304c 390 u8 tgt_mode;
5c7b0531 391
9e2d493e 392 struct pn533_frame_ops *ops;
5d50b364
SO		 393};
394
395struct pn533_cmd {
396 struct list_head queue;
4b2a9532 397 u8 code;
f87bc9fb 398 int status;
aada17ac
WR		 399 struct sk_buff *req;
400 struct sk_buff *resp;
9e2d493e 401 int resp_len;
4231604b
WR		 402 pn533_send_async_complete_t complete_cb;
403 void *complete_cb_context;
c46ee386
AAJ		 404};
405
63123108 406struct pn533_std_frame {
c46ee386
AAJ		 407 u8 preamble;
408 __be16 start_frame;
409 u8 datalen;
410 u8 datalen_checksum;
411 u8 data[];
412} __packed;
413
1575b9d8
OG		 414struct pn533_ext_frame { /* Extended Information frame */
415 u8 preamble;
416 __be16 start_frame;
417 __be16 eif_flag; /* fixed to 0xFFFF */
418 __be16 datalen;
419 u8 datalen_checksum;
420 u8 data[];
421} __packed;
422
9e2d493e
WR		 423struct pn533_frame_ops {
424 void (*tx_frame_init)(void *frame, u8 cmd_code);
425 void (*tx_frame_finish)(void *frame);
426 void (*tx_update_payload_len)(void *frame, int len);
427 int tx_header_len;
428 int tx_tail_len;
429
56a63c82 430 bool (*rx_is_frame_valid)(void *frame, struct pn533 *dev);
9e2d493e
WR		 431 int (*rx_frame_size)(void *frame);
432 int rx_header_len;
433 int rx_tail_len;
434
435 int max_payload_len;
436 u8 (*get_cmd_code)(void *frame);
437};
438
53cf4839
WR		 439struct pn533_acr122_ccid_hdr {
440 u8 type;
441 u32 datalen;
442 u8 slot;
443 u8 seq;
444 u8 params[3]; /* 3 msg specific bytes or status, error and 1 specific
445 byte for reposnse msg */
446 u8 data[]; /* payload */
447} __packed;
448
449struct pn533_acr122_apdu_hdr {
450 u8 class;
451 u8 ins;
452 u8 p1;
453 u8 p2;
454} __packed;
455
456struct pn533_acr122_tx_frame {
457 struct pn533_acr122_ccid_hdr ccid;
458 struct pn533_acr122_apdu_hdr apdu;
459 u8 datalen;
460 u8 data[]; /* pn533 frame: TFI ... */
461} __packed;
462
463struct pn533_acr122_rx_frame {
464 struct pn533_acr122_ccid_hdr ccid;
465 u8 data[]; /* pn533 frame : TFI ... */
466} __packed;
467
468static void pn533_acr122_tx_frame_init(void *_frame, u8 cmd_code)
469{
470 struct pn533_acr122_tx_frame *frame = _frame;
471
472 frame->ccid.type = PN533_ACR122_PC_TO_RDR_ESCAPE;
473 frame->ccid.datalen = sizeof(frame->apdu) + 1; /* sizeof(apdu_hdr) +
474 sizeof(datalen) */
475 frame->ccid.slot = 0;
476 frame->ccid.seq = 0;
477 frame->ccid.params[0] = 0;
478 frame->ccid.params[1] = 0;
479 frame->ccid.params[2] = 0;
480
481 frame->data[0] = PN533_STD_FRAME_DIR_OUT;
482 frame->data[1] = cmd_code;
483 frame->datalen = 2; /* data[0] + data[1] */
484
485 frame->apdu.class = 0xFF;
486 frame->apdu.ins = 0;
487 frame->apdu.p1 = 0;
488 frame->apdu.p2 = 0;
489}
490
491static void pn533_acr122_tx_frame_finish(void *_frame)
492{
493 struct pn533_acr122_tx_frame *frame = _frame;
494
495 frame->ccid.datalen += frame->datalen;
496}
497
498static void pn533_acr122_tx_update_payload_len(void *_frame, int len)
499{
500 struct pn533_acr122_tx_frame *frame = _frame;
501
502 frame->datalen += len;
503}
504
56a63c82 505static bool pn533_acr122_is_rx_frame_valid(void *_frame, struct pn533 *dev)
53cf4839
WR		 506{
507 struct pn533_acr122_rx_frame *frame = _frame;
508
509 if (frame->ccid.type != 0x83)
510 return false;
511
ea87a5ef
SO		 512 if (!frame->ccid.datalen)
513 return false;
514
53cf4839
WR		 515 if (frame->data[frame->ccid.datalen - 2] == 0x63)
516 return false;
517
518 return true;
519}
520
521static int pn533_acr122_rx_frame_size(void *frame)
522{
523 struct pn533_acr122_rx_frame *f = frame;
524
525 /* f->ccid.datalen already includes tail length */
526 return sizeof(struct pn533_acr122_rx_frame) + f->ccid.datalen;
527}
528
529static u8 pn533_acr122_get_cmd_code(void *frame)
530{
531 struct pn533_acr122_rx_frame *f = frame;
532
1575b9d8 533 return PN533_FRAME_CMD(f);
53cf4839
WR		 534}
535
536static struct pn533_frame_ops pn533_acr122_frame_ops = {
537 .tx_frame_init = pn533_acr122_tx_frame_init,
538 .tx_frame_finish = pn533_acr122_tx_frame_finish,
539 .tx_update_payload_len = pn533_acr122_tx_update_payload_len,
540 .tx_header_len = PN533_ACR122_TX_FRAME_HEADER_LEN,
541 .tx_tail_len = PN533_ACR122_TX_FRAME_TAIL_LEN,
542
543 .rx_is_frame_valid = pn533_acr122_is_rx_frame_valid,
544 .rx_header_len = PN533_ACR122_RX_FRAME_HEADER_LEN,
545 .rx_tail_len = PN533_ACR122_RX_FRAME_TAIL_LEN,
546 .rx_frame_size = pn533_acr122_rx_frame_size,
547
548 .max_payload_len = PN533_ACR122_FRAME_MAX_PAYLOAD_LEN,
549 .get_cmd_code = pn533_acr122_get_cmd_code,
550};
551
1575b9d8
OG		 552/* The rule: value(high byte) + value(low byte) + checksum = 0 */
553static inline u8 pn533_ext_checksum(u16 value)
554{
555 return ~(u8)(((value & 0xFF00) >> 8) + (u8)(value & 0xFF)) + 1;
556}
557
c46ee386 558/* The rule: value + checksum = 0 */
63123108 559static inline u8 pn533_std_checksum(u8 value)
c46ee386
AAJ		 560{
561 return ~value + 1;
562}
563
564/* The rule: sum(data elements) + checksum = 0 */
63123108 565static u8 pn533_std_data_checksum(u8 *data, int datalen)
c46ee386
AAJ		 566{
567 u8 sum = 0;
568 int i;
569
570 for (i = 0; i < datalen; i++)
571 sum += data[i];
572
63123108 573 return pn533_std_checksum(sum);
c46ee386
AAJ		 574}
575
63123108 576static void pn533_std_tx_frame_init(void *_frame, u8 cmd_code)
c46ee386 577{
63123108 578 struct pn533_std_frame *frame = _frame;
9e2d493e 579
c46ee386 580 frame->preamble = 0;
63123108
WR		 581 frame->start_frame = cpu_to_be16(PN533_STD_FRAME_SOF);
582 PN533_STD_FRAME_IDENTIFIER(frame) = PN533_STD_FRAME_DIR_OUT;
1575b9d8 583 PN533_FRAME_CMD(frame) = cmd_code;
c46ee386
AAJ		 584 frame->datalen = 2;
585}
586
63123108 587static void pn533_std_tx_frame_finish(void *_frame)
c46ee386 588{
63123108 589 struct pn533_std_frame *frame = _frame;
9e2d493e 590
63123108 591 frame->datalen_checksum = pn533_std_checksum(frame->datalen);
c46ee386 592
63123108
WR		 593 PN533_STD_FRAME_CHECKSUM(frame) =
594 pn533_std_data_checksum(frame->data, frame->datalen);
c46ee386 595
63123108 596 PN533_STD_FRAME_POSTAMBLE(frame) = 0;
c46ee386
AAJ		 597}
598
63123108 599static void pn533_std_tx_update_payload_len(void *_frame, int len)
9e2d493e 600{
63123108 601 struct pn533_std_frame *frame = _frame;
9e2d493e
WR		 602
603 frame->datalen += len;
604}
605
56a63c82 606static bool pn533_std_rx_frame_is_valid(void *_frame, struct pn533 *dev)
c46ee386
AAJ		 607{
608 u8 checksum;
1575b9d8 609 struct pn533_std_frame *stdf = _frame;
c46ee386 610
1575b9d8 611 if (stdf->start_frame != cpu_to_be16(PN533_STD_FRAME_SOF))
c46ee386
AAJ		 612 return false;
613
1575b9d8
OG		 614 if (likely(!PN533_STD_IS_EXTENDED(stdf))) {
615 /* Standard frame code */
56a63c82 616 dev->ops->rx_header_len = PN533_STD_FRAME_HEADER_LEN;
1575b9d8
OG		 617
618 checksum = pn533_std_checksum(stdf->datalen);
619 if (checksum != stdf->datalen_checksum)
620 return false;
621
622 checksum = pn533_std_data_checksum(stdf->data, stdf->datalen);
623 if (checksum != PN533_STD_FRAME_CHECKSUM(stdf))
624 return false;
625 } else {
626 /* Extended */
627 struct pn533_ext_frame *eif = _frame;
628
56a63c82
OG		 629 dev->ops->rx_header_len = PN533_EXT_FRAME_HEADER_LEN;
630
1575b9d8
OG		 631 checksum = pn533_ext_checksum(be16_to_cpu(eif->datalen));
632 if (checksum != eif->datalen_checksum)
633 return false;
634
635 /* check data checksum */
636 checksum = pn533_std_data_checksum(eif->data,
637 be16_to_cpu(eif->datalen));
638 if (checksum != PN533_EXT_FRAME_CHECKSUM(eif))
639 return false;
640 }
c46ee386
AAJ		 641
642 return true;
643}
644
63123108 645static bool pn533_std_rx_frame_is_ack(struct pn533_std_frame *frame)
c46ee386 646{
63123108 647 if (frame->start_frame != cpu_to_be16(PN533_STD_FRAME_SOF))
c46ee386
AAJ		 648 return false;
649
650 if (frame->datalen != 0 || frame->datalen_checksum != 0xFF)
651 return false;
652
653 return true;
654}
655
63123108 656static inline int pn533_std_rx_frame_size(void *frame)
9e2d493e 657{
63123108 658 struct pn533_std_frame *f = frame;
9e2d493e 659
1575b9d8
OG		 660 /* check for Extended Information frame */
661 if (PN533_STD_IS_EXTENDED(f)) {
662 struct pn533_ext_frame *eif = frame;
663
664 return sizeof(struct pn533_ext_frame)
665 + be16_to_cpu(eif->datalen) + PN533_STD_FRAME_TAIL_LEN;
666 }
667
63123108
WR		 668 return sizeof(struct pn533_std_frame) + f->datalen +
669 PN533_STD_FRAME_TAIL_LEN;
9e2d493e
WR		 670}
671
63123108 672static u8 pn533_std_get_cmd_code(void *frame)
9e2d493e 673{
63123108 674 struct pn533_std_frame *f = frame;
1575b9d8 675 struct pn533_ext_frame *eif = frame;
9e2d493e 676
1575b9d8
OG		 677 if (PN533_STD_IS_EXTENDED(f))
678 return PN533_FRAME_CMD(eif);
679 else
680 return PN533_FRAME_CMD(f);
9e2d493e
WR		 681}
682
ef3d56e1 683static struct pn533_frame_ops pn533_std_frame_ops = {
63123108
WR		 684 .tx_frame_init = pn533_std_tx_frame_init,
685 .tx_frame_finish = pn533_std_tx_frame_finish,
686 .tx_update_payload_len = pn533_std_tx_update_payload_len,
687 .tx_header_len = PN533_STD_FRAME_HEADER_LEN,
688 .tx_tail_len = PN533_STD_FRAME_TAIL_LEN,
689
690 .rx_is_frame_valid = pn533_std_rx_frame_is_valid,
691 .rx_frame_size = pn533_std_rx_frame_size,
692 .rx_header_len = PN533_STD_FRAME_HEADER_LEN,
693 .rx_tail_len = PN533_STD_FRAME_TAIL_LEN,
694
695 .max_payload_len = PN533_STD_FRAME_MAX_PAYLOAD_LEN,
696 .get_cmd_code = pn533_std_get_cmd_code,
9e2d493e
WR		 697};
698
699static bool pn533_rx_frame_is_cmd_response(struct pn533 *dev, void *frame)
c46ee386 700{
2c206fb7 701 return (dev->ops->get_cmd_code(frame) ==
4b2a9532 702 PN533_CMD_RESPONSE(dev->cmd->code));
c46ee386
AAJ		 703}
704
c46ee386
AAJ		 705static void pn533_recv_response(struct urb *urb)
706{
707 struct pn533 *dev = urb->context;
f87bc9fb 708 struct pn533_cmd *cmd = dev->cmd;
9e2d493e 709 u8 *in_frame;
c46ee386 710
f87bc9fb
WR		 711 cmd->status = urb->status;
712
c46ee386
AAJ		 713 switch (urb->status) {
714 case 0:
f8f99171 715 break; /* success */
c46ee386
AAJ		 716 case -ECONNRESET:
717 case -ENOENT:
b4834839
JP		 718 dev_dbg(&dev->interface->dev,
719 "The urb has been canceled (status %d)\n",
720 urb->status);
4849f85e 721 goto sched_wq;
f8f99171 722 case -ESHUTDOWN:
c46ee386 723 default:
073a625f
JP		 724 nfc_err(&dev->interface->dev,
725 "Urb failure (status %d)\n", urb->status);
4849f85e 726 goto sched_wq;
c46ee386
AAJ		 727 }
728
729 in_frame = dev->in_urb->transfer_buffer;
730
b4834839 731 dev_dbg(&dev->interface->dev, "Received a frame\n");
e279f84f
SO		 732 print_hex_dump_debug("PN533 RX: ", DUMP_PREFIX_NONE, 16, 1, in_frame,
733 dev->ops->rx_frame_size(in_frame), false);
99e591be 734
56a63c82 735 if (!dev->ops->rx_is_frame_valid(in_frame, dev)) {
073a625f 736 nfc_err(&dev->interface->dev, "Received an invalid frame\n");
f87bc9fb 737 cmd->status = -EIO;
4849f85e 738 goto sched_wq;
c46ee386
AAJ		 739 }
740
9e2d493e 741 if (!pn533_rx_frame_is_cmd_response(dev, in_frame)) {
073a625f
JP		 742 nfc_err(&dev->interface->dev,
743 "It it not the response to the last command\n");
f87bc9fb 744 cmd->status = -EIO;
4849f85e 745 goto sched_wq;
c46ee386
AAJ		 746 }
747
4849f85e 748sched_wq:
5d50b364 749 queue_work(dev->wq, &dev->cmd_complete_work);
c46ee386
AAJ		 750}
751
752static int pn533_submit_urb_for_response(struct pn533 *dev, gfp_t flags)
753{
754 dev->in_urb->complete = pn533_recv_response;
755
756 return usb_submit_urb(dev->in_urb, flags);
757}
758
759static void pn533_recv_ack(struct urb *urb)
760{
761 struct pn533 *dev = urb->context;
f87bc9fb 762 struct pn533_cmd *cmd = dev->cmd;
63123108 763 struct pn533_std_frame *in_frame;
c46ee386
AAJ		 764 int rc;
765
f87bc9fb
WR		 766 cmd->status = urb->status;
767
c46ee386
AAJ		 768 switch (urb->status) {
769 case 0:
f8f99171 770 break; /* success */
c46ee386
AAJ		 771 case -ECONNRESET:
772 case -ENOENT:
b4834839
JP		 773 dev_dbg(&dev->interface->dev,
774 "The urb has been stopped (status %d)\n",
775 urb->status);
4849f85e 776 goto sched_wq;
f8f99171 777 case -ESHUTDOWN:
c46ee386 778 default:
073a625f
JP		 779 nfc_err(&dev->interface->dev,
780 "Urb failure (status %d)\n", urb->status);
4849f85e 781 goto sched_wq;
c46ee386
AAJ		 782 }
783
784 in_frame = dev->in_urb->transfer_buffer;
785
63123108 786 if (!pn533_std_rx_frame_is_ack(in_frame)) {
073a625f 787 nfc_err(&dev->interface->dev, "Received an invalid ack\n");
f87bc9fb 788 cmd->status = -EIO;
4849f85e 789 goto sched_wq;
c46ee386
AAJ		 790 }
791
c46ee386
AAJ		 792 rc = pn533_submit_urb_for_response(dev, GFP_ATOMIC);
793 if (rc) {
073a625f
JP		 794 nfc_err(&dev->interface->dev,
795 "usb_submit_urb failed with result %d\n", rc);
f87bc9fb 796 cmd->status = rc;
4849f85e 797 goto sched_wq;
c46ee386
AAJ		 798 }
799
800 return;
801
4849f85e 802sched_wq:
5d50b364 803 queue_work(dev->wq, &dev->cmd_complete_work);
c46ee386
AAJ		 804}
805
806static int pn533_submit_urb_for_ack(struct pn533 *dev, gfp_t flags)
807{
808 dev->in_urb->complete = pn533_recv_ack;
809
810 return usb_submit_urb(dev->in_urb, flags);
811}
812
813static int pn533_send_ack(struct pn533 *dev, gfp_t flags)
814{
63123108 815 u8 ack[PN533_STD_FRAME_ACK_SIZE] = {0x00, 0x00, 0xff, 0x00, 0xff, 0x00};
5b5a4437 816 /* spec 7.1.1.3: Preamble, SoPC (2), ACK Code (2), Postamble */
c46ee386
AAJ		 817 int rc;
818
5b5a4437
WR		 819 dev->out_urb->transfer_buffer = ack;
820 dev->out_urb->transfer_buffer_length = sizeof(ack);
c46ee386
AAJ		 821 rc = usb_submit_urb(dev->out_urb, flags);
822
823 return rc;
824}
825
e8f40531
WR		 826static int __pn533_send_frame_async(struct pn533 *dev,
827 struct sk_buff *out,
828 struct sk_buff *in,
ddf19d20 829 int in_len)
c46ee386
AAJ		 830{
831 int rc;
832
e8f40531
WR		 833 dev->out_urb->transfer_buffer = out->data;
834 dev->out_urb->transfer_buffer_length = out->len;
c46ee386 835
e8f40531
WR		 836 dev->in_urb->transfer_buffer = in->data;
837 dev->in_urb->transfer_buffer_length = in_len;
c46ee386 838
e279f84f
SO		 839 print_hex_dump_debug("PN533 TX: ", DUMP_PREFIX_NONE, 16, 1,
840 out->data, out->len, false);
99e591be 841
d94ea4f5 842 rc = usb_submit_urb(dev->out_urb, GFP_KERNEL);
c46ee386
AAJ		 843 if (rc)
844 return rc;
845
58520373
WR		 846 if (dev->protocol_type == PN533_PROTO_REQ_RESP) {
847 /* request for response for sent packet directly */
848 rc = pn533_submit_urb_for_response(dev, GFP_ATOMIC);
849 if (rc)
850 goto error;
851 } else if (dev->protocol_type == PN533_PROTO_REQ_ACK_RESP) {
852 /* request for ACK if that's the case */
853 rc = pn533_submit_urb_for_ack(dev, GFP_KERNEL);
854 if (rc)
855 goto error;
856 }
c46ee386
AAJ		 857
858 return 0;
859
860error:
861 usb_unlink_urb(dev->out_urb);
862 return rc;
863}
864
9e2d493e
WR		 865static void pn533_build_cmd_frame(struct pn533 *dev, u8 cmd_code,
866 struct sk_buff *skb)
aada17ac 867{
aada17ac
WR		 868 /* payload is already there, just update datalen */
869 int payload_len = skb->len;
9e2d493e 870 struct pn533_frame_ops *ops = dev->ops;
aada17ac 871
aada17ac 872
9e2d493e
WR		 873 skb_push(skb, ops->tx_header_len);
874 skb_put(skb, ops->tx_tail_len);
aada17ac 875
9e2d493e
WR		 876 ops->tx_frame_init(skb->data, cmd_code);
877 ops->tx_update_payload_len(skb->data, payload_len);
878 ops->tx_frame_finish(skb->data);
aada17ac
WR		 879}
880
ddf19d20 881static int pn533_send_async_complete(struct pn533 *dev)
aada17ac 882{
ddf19d20 883 struct pn533_cmd *cmd = dev->cmd;
f87bc9fb 884 int status = cmd->status;
aada17ac 885
4231604b
WR		 886 struct sk_buff *req = cmd->req;
887 struct sk_buff *resp = cmd->resp;
aada17ac 888
aada17ac
WR		 889 int rc;
890
891 dev_kfree_skb(req);
892
0c33d262 893 if (status < 0) {
4231604b
WR		 894 rc = cmd->complete_cb(dev, cmd->complete_cb_context,
895 ERR_PTR(status));
aada17ac 896 dev_kfree_skb(resp);
2c206fb7 897 goto done;
aada17ac
WR		 898 }
899
9e2d493e
WR		 900 skb_put(resp, dev->ops->rx_frame_size(resp->data));
901 skb_pull(resp, dev->ops->rx_header_len);
902 skb_trim(resp, resp->len - dev->ops->rx_tail_len);
aada17ac 903
4231604b 904 rc = cmd->complete_cb(dev, cmd->complete_cb_context, resp);
aada17ac 905
2c206fb7 906done:
4231604b 907 kfree(cmd);
2c206fb7 908 dev->cmd = NULL;
aada17ac
WR		 909 return rc;
910}
911
912static int __pn533_send_async(struct pn533 *dev, u8 cmd_code,
913 struct sk_buff *req, struct sk_buff *resp,
914 int resp_len,
915 pn533_send_async_complete_t complete_cb,
916 void *complete_cb_context)
917{
918 struct pn533_cmd *cmd;
aada17ac
WR		 919 int rc = 0;
920
b4834839 921 dev_dbg(&dev->interface->dev, "Sending command 0x%x\n", cmd_code);
aada17ac 922
4231604b
WR		 923 cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
924 if (!cmd)
aada17ac
WR		 925 return -ENOMEM;
926
4b2a9532 927 cmd->code = cmd_code;
4231604b
WR		 928 cmd->req = req;
929 cmd->resp = resp;
930 cmd->resp_len = resp_len;
931 cmd->complete_cb = complete_cb;
932 cmd->complete_cb_context = complete_cb_context;
aada17ac 933
9e2d493e 934 pn533_build_cmd_frame(dev, cmd_code, req);
aada17ac
WR		 935
936 mutex_lock(&dev->cmd_lock);
937
938 if (!dev->cmd_pending) {
ddf19d20 939 rc = __pn533_send_frame_async(dev, req, resp, resp_len);
aada17ac
WR		 940 if (rc)
941 goto error;
942
943 dev->cmd_pending = 1;
2c206fb7 944 dev->cmd = cmd;
aada17ac
WR		 945 goto unlock;
946 }
947
b4834839
JP		 948 dev_dbg(&dev->interface->dev, "%s Queueing command 0x%x\n",
949 __func__, cmd_code);
aada17ac 950
aada17ac 951 INIT_LIST_HEAD(&cmd->queue);
aada17ac
WR		 952 list_add_tail(&cmd->queue, &dev->cmd_queue);
953
954 goto unlock;
955
956error:
4231604b 957 kfree(cmd);
aada17ac
WR		 958unlock:
959 mutex_unlock(&dev->cmd_lock);
960 return rc;
15461aeb
WR		 961}
962
963static int pn533_send_data_async(struct pn533 *dev, u8 cmd_code,
964 struct sk_buff *req,
965 pn533_send_async_complete_t complete_cb,
966 void *complete_cb_context)
967{
968 struct sk_buff *resp;
969 int rc;
9e2d493e
WR		 970 int resp_len = dev->ops->rx_header_len +
971 dev->ops->max_payload_len +
972 dev->ops->rx_tail_len;
15461aeb 973
15461aeb
WR		 974 resp = nfc_alloc_recv_skb(resp_len, GFP_KERNEL);
975 if (!resp)
976 return -ENOMEM;
977
978 rc = __pn533_send_async(dev, cmd_code, req, resp, resp_len, complete_cb,
979 complete_cb_context);
980 if (rc)
981 dev_kfree_skb(resp);
982
983 return rc;
aada17ac
WR		 984}
985
986static int pn533_send_cmd_async(struct pn533 *dev, u8 cmd_code,
987 struct sk_buff *req,
988 pn533_send_async_complete_t complete_cb,
989 void *complete_cb_context)
990{
991 struct sk_buff *resp;
992 int rc;
9e2d493e
WR		 993 int resp_len = dev->ops->rx_header_len +
994 dev->ops->max_payload_len +
995 dev->ops->rx_tail_len;
aada17ac 996
9e2d493e 997 resp = alloc_skb(resp_len, GFP_KERNEL);
aada17ac
WR		 998 if (!resp)
999 return -ENOMEM;
1000
9e2d493e
WR		 1001 rc = __pn533_send_async(dev, cmd_code, req, resp, resp_len, complete_cb,
1002 complete_cb_context);
aada17ac
WR		 1003 if (rc)
1004 dev_kfree_skb(resp);
1005
1006 return rc;
1007}
1008
b1e666f5
WR		 1009/*
1010 * pn533_send_cmd_direct_async
1011 *
1012 * The function sends a piority cmd directly to the chip omiting the cmd
1013 * queue. It's intended to be used by chaining mechanism of received responses
1014 * where the host has to request every single chunk of data before scheduling
1015 * next cmd from the queue.
1016 */
1017static int pn533_send_cmd_direct_async(struct pn533 *dev, u8 cmd_code,
1018 struct sk_buff *req,
1019 pn533_send_async_complete_t complete_cb,
1020 void *complete_cb_context)
1021{
b1e666f5 1022 struct sk_buff *resp;
4231604b 1023 struct pn533_cmd *cmd;
b1e666f5 1024 int rc;
9e2d493e
WR		 1025 int resp_len = dev->ops->rx_header_len +
1026 dev->ops->max_payload_len +
1027 dev->ops->rx_tail_len;
b1e666f5 1028
b1e666f5
WR		 1029 resp = alloc_skb(resp_len, GFP_KERNEL);
1030 if (!resp)
1031 return -ENOMEM;
1032
4231604b
WR		 1033 cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
1034 if (!cmd) {
b1e666f5
WR		 1035 dev_kfree_skb(resp);
1036 return -ENOMEM;
1037 }
1038
4b2a9532 1039 cmd->code = cmd_code;
4231604b
WR		 1040 cmd->req = req;
1041 cmd->resp = resp;
1042 cmd->resp_len = resp_len;
1043 cmd->complete_cb = complete_cb;
1044 cmd->complete_cb_context = complete_cb_context;
b1e666f5 1045
9e2d493e 1046 pn533_build_cmd_frame(dev, cmd_code, req);
b1e666f5 1047
ddf19d20 1048 rc = __pn533_send_frame_async(dev, req, resp, resp_len);
b1e666f5
WR		 1049 if (rc < 0) {
1050 dev_kfree_skb(resp);
4231604b 1051 kfree(cmd);
2c206fb7
WR		 1052 } else {
1053 dev->cmd = cmd;
b1e666f5
WR		 1054 }
1055
1056 return rc;
1057}
1058
c79490e1
WR		 1059static void pn533_wq_cmd_complete(struct work_struct *work)
1060{
1061 struct pn533 *dev = container_of(work, struct pn533, cmd_complete_work);
1062 int rc;
1063
1064 rc = pn533_send_async_complete(dev);
1065 if (rc != -EINPROGRESS)
1066 queue_work(dev->wq, &dev->cmd_work);
1067}
1068
5d50b364
SO		 1069static void pn533_wq_cmd(struct work_struct *work)
1070{
1071 struct pn533 *dev = container_of(work, struct pn533, cmd_work);
1072 struct pn533_cmd *cmd;
0ce1fbdd 1073 int rc;
5d50b364
SO		 1074
1075 mutex_lock(&dev->cmd_lock);
1076
1077 if (list_empty(&dev->cmd_queue)) {
1078 dev->cmd_pending = 0;
1079 mutex_unlock(&dev->cmd_lock);
1080 return;
1081 }
1082
1083 cmd = list_first_entry(&dev->cmd_queue, struct pn533_cmd, queue);
1084
60ad07ab
SJ		 1085 list_del(&cmd->queue);
1086
5d50b364
SO		 1087 mutex_unlock(&dev->cmd_lock);
1088
ddf19d20 1089 rc = __pn533_send_frame_async(dev, cmd->req, cmd->resp, cmd->resp_len);
0ce1fbdd
WR		 1090 if (rc < 0) {
1091 dev_kfree_skb(cmd->req);
1092 dev_kfree_skb(cmd->resp);
4231604b 1093 kfree(cmd);
2c206fb7 1094 return;
0ce1fbdd 1095 }
2c206fb7
WR		 1096
1097 dev->cmd = cmd;
5d50b364
SO		 1098}
1099
c46ee386 1100struct pn533_sync_cmd_response {
94c5c156 1101 struct sk_buff *resp;
c46ee386
AAJ		 1102 struct completion done;
1103};
1104
94c5c156
WR		 1105static int pn533_send_sync_complete(struct pn533 *dev, void *_arg,
1106 struct sk_buff *resp)
1107{
1108 struct pn533_sync_cmd_response *arg = _arg;
1109
94c5c156
WR		 1110 arg->resp = resp;
1111 complete(&arg->done);
1112
1113 return 0;
1114}
1115
1116/* pn533_send_cmd_sync
1117 *
1118 * Please note the req parameter is freed inside the function to
1119 * limit a number of return value interpretations by the caller.
1120 *
1121 * 1. negative in case of error during TX path -> req should be freed
1122 *
1123 * 2. negative in case of error during RX path -> req should not be freed
1124 * as it's been already freed at the begining of RX path by
1125 * async_complete_cb.
1126 *
1127 * 3. valid pointer in case of succesfult RX path
1128 *
1129 * A caller has to check a return value with IS_ERR macro. If the test pass,
1130 * the returned pointer is valid.
1131 *
1132 * */
1133static struct sk_buff *pn533_send_cmd_sync(struct pn533 *dev, u8 cmd_code,
1134 struct sk_buff *req)
1135{
1136 int rc;
1137 struct pn533_sync_cmd_response arg;
1138
94c5c156
WR		 1139 init_completion(&arg.done);
1140
1141 rc = pn533_send_cmd_async(dev, cmd_code, req,
1142 pn533_send_sync_complete, &arg);
1143 if (rc) {
1144 dev_kfree_skb(req);
1145 return ERR_PTR(rc);
1146 }
1147
1148 wait_for_completion(&arg.done);
1149
1150 return arg.resp;
1151}
1152
c46ee386
AAJ		 1153static void pn533_send_complete(struct urb *urb)
1154{
1155 struct pn533 *dev = urb->context;
1156
c46ee386
AAJ		 1157 switch (urb->status) {
1158 case 0:
f8f99171 1159 break; /* success */
c46ee386
AAJ		 1160 case -ECONNRESET:
1161 case -ENOENT:
b4834839
JP		 1162 dev_dbg(&dev->interface->dev,
1163 "The urb has been stopped (status %d)\n",
1164 urb->status);
c46ee386 1165 break;
f8f99171 1166 case -ESHUTDOWN:
c46ee386 1167 default:
073a625f
JP		 1168 nfc_err(&dev->interface->dev, "Urb failure (status %d)\n",
1169 urb->status);
c46ee386
AAJ		 1170 }
1171}
1172
10cff29a
WR		 1173static void pn533_abort_cmd(struct pn533 *dev, gfp_t flags)
1174{
1175 /* ACR122U does not support any command which aborts last
1176 * issued command i.e. as ACK for standard PN533. Additionally,
1177 * it behaves stange, sending broken or incorrect responses,
1178 * when we cancel urb before the chip will send response.
1179 */
1180 if (dev->device_type == PN533_DEVICE_ACR122U)
1181 return;
1182
1183 /* An ack will cancel the last issued command */
1184 pn533_send_ack(dev, flags);
1185
1186 /* cancel the urb request */
1187 usb_kill_urb(dev->in_urb);
1188}
1189
9e2d493e 1190static struct sk_buff *pn533_alloc_skb(struct pn533 *dev, unsigned int size)
d22b2db6
WR		 1191{
1192 struct sk_buff *skb;
1193
9e2d493e 1194 skb = alloc_skb(dev->ops->tx_header_len +
d22b2db6 1195 size +
9e2d493e 1196 dev->ops->tx_tail_len, GFP_KERNEL);
d22b2db6
WR		 1197
1198 if (skb)
9e2d493e 1199 skb_reserve(skb, dev->ops->tx_header_len);
d22b2db6
WR		 1200
1201 return skb;
1202}
1203
c46ee386
AAJ		 1204struct pn533_target_type_a {
1205 __be16 sens_res;
1206 u8 sel_res;
1207 u8 nfcid_len;
1208 u8 nfcid_data[];
1209} __packed;
1210
1211
1212#define PN533_TYPE_A_SENS_RES_NFCID1(x) ((u8)((be16_to_cpu(x) & 0x00C0) >> 6))
1213#define PN533_TYPE_A_SENS_RES_SSD(x) ((u8)((be16_to_cpu(x) & 0x001F) >> 0))
1214#define PN533_TYPE_A_SENS_RES_PLATCONF(x) ((u8)((be16_to_cpu(x) & 0x0F00) >> 8))
1215
1216#define PN533_TYPE_A_SENS_RES_SSD_JEWEL 0x00
1217#define PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL 0x0C
1218
1219#define PN533_TYPE_A_SEL_PROT(x) (((x) & 0x60) >> 5)
1220#define PN533_TYPE_A_SEL_CASCADE(x) (((x) & 0x04) >> 2)
1221
1222#define PN533_TYPE_A_SEL_PROT_MIFARE 0
1223#define PN533_TYPE_A_SEL_PROT_ISO14443 1
1224#define PN533_TYPE_A_SEL_PROT_DEP 2
1225#define PN533_TYPE_A_SEL_PROT_ISO14443_DEP 3
1226
1227static bool pn533_target_type_a_is_valid(struct pn533_target_type_a *type_a,
1228 int target_data_len)
1229{
1230 u8 ssd;
1231 u8 platconf;
1232
1233 if (target_data_len < sizeof(struct pn533_target_type_a))
1234 return false;
1235
1236 /* The lenght check of nfcid[] and ats[] are not being performed because
1237 the values are not being used */
1238
1239 /* Requirement 4.6.3.3 from NFC Forum Digital Spec */
1240 ssd = PN533_TYPE_A_SENS_RES_SSD(type_a->sens_res);
1241 platconf = PN533_TYPE_A_SENS_RES_PLATCONF(type_a->sens_res);
1242
1243 if ((ssd == PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
5d467742
WR		 1244 platconf != PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL) ||
1245 (ssd != PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
1246 platconf == PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL))
c46ee386
AAJ		 1247 return false;
1248
1249 /* Requirements 4.8.2.1, 4.8.2.3, 4.8.2.5 and 4.8.2.7 from NFC Forum */
1250 if (PN533_TYPE_A_SEL_CASCADE(type_a->sel_res) != 0)
1251 return false;
1252
1253 return true;
1254}
1255
1256static int pn533_target_found_type_a(struct nfc_target *nfc_tgt, u8 *tgt_data,
1257 int tgt_data_len)
1258{
1259 struct pn533_target_type_a *tgt_type_a;
1260
37cf4fc6 1261 tgt_type_a = (struct pn533_target_type_a *)tgt_data;
c46ee386
AAJ		 1262
1263 if (!pn533_target_type_a_is_valid(tgt_type_a, tgt_data_len))
1264 return -EPROTO;
1265
1266 switch (PN533_TYPE_A_SEL_PROT(tgt_type_a->sel_res)) {
1267 case PN533_TYPE_A_SEL_PROT_MIFARE:
1268 nfc_tgt->supported_protocols = NFC_PROTO_MIFARE_MASK;
1269 break;
1270 case PN533_TYPE_A_SEL_PROT_ISO14443:
1271 nfc_tgt->supported_protocols = NFC_PROTO_ISO14443_MASK;
1272 break;
1273 case PN533_TYPE_A_SEL_PROT_DEP:
1274 nfc_tgt->supported_protocols = NFC_PROTO_NFC_DEP_MASK;
1275 break;
1276 case PN533_TYPE_A_SEL_PROT_ISO14443_DEP:
1277 nfc_tgt->supported_protocols = NFC_PROTO_ISO14443_MASK |
1278 NFC_PROTO_NFC_DEP_MASK;
1279 break;
1280 }
1281
1282 nfc_tgt->sens_res = be16_to_cpu(tgt_type_a->sens_res);
1283 nfc_tgt->sel_res = tgt_type_a->sel_res;
c3b1e1e8
SO		 1284 nfc_tgt->nfcid1_len = tgt_type_a->nfcid_len;
1285 memcpy(nfc_tgt->nfcid1, tgt_type_a->nfcid_data, nfc_tgt->nfcid1_len);
c46ee386
AAJ		 1286
1287 return 0;
1288}
1289
1290struct pn533_target_felica {
1291 u8 pol_res;
1292 u8 opcode;
322bce95 1293 u8 nfcid2[NFC_NFCID2_MAXSIZE];
c46ee386
AAJ		 1294 u8 pad[8];
1295 /* optional */
1296 u8 syst_code[];
1297} __packed;
1298
1299#define PN533_FELICA_SENSF_NFCID2_DEP_B1 0x01
1300#define PN533_FELICA_SENSF_NFCID2_DEP_B2 0xFE
1301
1302static bool pn533_target_felica_is_valid(struct pn533_target_felica *felica,
1303 int target_data_len)
1304{
1305 if (target_data_len < sizeof(struct pn533_target_felica))
1306 return false;
1307
1308 if (felica->opcode != PN533_FELICA_OPC_SENSF_RES)
1309 return false;
1310
1311 return true;
1312}
1313
1314static int pn533_target_found_felica(struct nfc_target *nfc_tgt, u8 *tgt_data,
1315 int tgt_data_len)
1316{
1317 struct pn533_target_felica *tgt_felica;
1318
37cf4fc6 1319 tgt_felica = (struct pn533_target_felica *)tgt_data;
c46ee386
AAJ		 1320
1321 if (!pn533_target_felica_is_valid(tgt_felica, tgt_data_len))
1322 return -EPROTO;
1323
5d467742
WR		 1324 if ((tgt_felica->nfcid2[0] == PN533_FELICA_SENSF_NFCID2_DEP_B1) &&
1325 (tgt_felica->nfcid2[1] == PN533_FELICA_SENSF_NFCID2_DEP_B2))
c46ee386
AAJ		 1326 nfc_tgt->supported_protocols = NFC_PROTO_NFC_DEP_MASK;
1327 else
1328 nfc_tgt->supported_protocols = NFC_PROTO_FELICA_MASK;
1329
7975754f
SO		 1330 memcpy(nfc_tgt->sensf_res, &tgt_felica->opcode, 9);
1331 nfc_tgt->sensf_res_len = 9;
1332
322bce95
SO		 1333 memcpy(nfc_tgt->nfcid2, tgt_felica->nfcid2, NFC_NFCID2_MAXSIZE);
1334 nfc_tgt->nfcid2_len = NFC_NFCID2_MAXSIZE;
1335
c46ee386
AAJ		 1336 return 0;
1337}
1338
1339struct pn533_target_jewel {
1340 __be16 sens_res;
1341 u8 jewelid[4];
1342} __packed;
1343
1344static bool pn533_target_jewel_is_valid(struct pn533_target_jewel *jewel,
1345 int target_data_len)
1346{
1347 u8 ssd;
1348 u8 platconf;
1349
1350 if (target_data_len < sizeof(struct pn533_target_jewel))
1351 return false;
1352
1353 /* Requirement 4.6.3.3 from NFC Forum Digital Spec */
1354 ssd = PN533_TYPE_A_SENS_RES_SSD(jewel->sens_res);
1355 platconf = PN533_TYPE_A_SENS_RES_PLATCONF(jewel->sens_res);
1356
1357 if ((ssd == PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
5d467742
WR		 1358 platconf != PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL) ||
1359 (ssd != PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
1360 platconf == PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL))
c46ee386
AAJ		 1361 return false;
1362
1363 return true;
1364}
1365
1366static int pn533_target_found_jewel(struct nfc_target *nfc_tgt, u8 *tgt_data,
1367 int tgt_data_len)
1368{
1369 struct pn533_target_jewel *tgt_jewel;
1370
37cf4fc6 1371 tgt_jewel = (struct pn533_target_jewel *)tgt_data;
c46ee386
AAJ		 1372
1373 if (!pn533_target_jewel_is_valid(tgt_jewel, tgt_data_len))
1374 return -EPROTO;
1375
1376 nfc_tgt->supported_protocols = NFC_PROTO_JEWEL_MASK;
1377 nfc_tgt->sens_res = be16_to_cpu(tgt_jewel->sens_res);
d8dc1072
SO		 1378 nfc_tgt->nfcid1_len = 4;
1379 memcpy(nfc_tgt->nfcid1, tgt_jewel->jewelid, nfc_tgt->nfcid1_len);
c46ee386
AAJ		 1380
1381 return 0;
1382}
1383
1384struct pn533_type_b_prot_info {
1385 u8 bitrate;
1386 u8 fsci_type;
1387 u8 fwi_adc_fo;
1388} __packed;
1389
1390#define PN533_TYPE_B_PROT_FCSI(x) (((x) & 0xF0) >> 4)
1391#define PN533_TYPE_B_PROT_TYPE(x) (((x) & 0x0F) >> 0)
1392#define PN533_TYPE_B_PROT_TYPE_RFU_MASK 0x8
1393
1394struct pn533_type_b_sens_res {
1395 u8 opcode;
1396 u8 nfcid[4];
1397 u8 appdata[4];
1398 struct pn533_type_b_prot_info prot_info;
1399} __packed;
1400
1401#define PN533_TYPE_B_OPC_SENSB_RES 0x50
1402
1403struct pn533_target_type_b {
1404 struct pn533_type_b_sens_res sensb_res;
1405 u8 attrib_res_len;
1406 u8 attrib_res[];
1407} __packed;
1408
1409static bool pn533_target_type_b_is_valid(struct pn533_target_type_b *type_b,
1410 int target_data_len)
1411{
1412 if (target_data_len < sizeof(struct pn533_target_type_b))
1413 return false;
1414
1415 if (type_b->sensb_res.opcode != PN533_TYPE_B_OPC_SENSB_RES)
1416 return false;
1417
1418 if (PN533_TYPE_B_PROT_TYPE(type_b->sensb_res.prot_info.fsci_type) &
1419 PN533_TYPE_B_PROT_TYPE_RFU_MASK)
1420 return false;
1421
1422 return true;
1423}
1424
1425static int pn533_target_found_type_b(struct nfc_target *nfc_tgt, u8 *tgt_data,
1426 int tgt_data_len)
1427{
1428 struct pn533_target_type_b *tgt_type_b;
1429
37cf4fc6 1430 tgt_type_b = (struct pn533_target_type_b *)tgt_data;
c46ee386
AAJ		 1431
1432 if (!pn533_target_type_b_is_valid(tgt_type_b, tgt_data_len))
1433 return -EPROTO;
1434
01d719a2 1435 nfc_tgt->supported_protocols = NFC_PROTO_ISO14443_B_MASK;
c46ee386
AAJ		 1436
1437 return 0;
1438}
1439
b5193e5d
WR		 1440static int pn533_target_found(struct pn533 *dev, u8 tg, u8 *tgdata,
1441 int tgdata_len)
c46ee386 1442{
c46ee386
AAJ		 1443 struct nfc_target nfc_tgt;
1444 int rc;
1445
17936b43 1446 dev_dbg(&dev->interface->dev, "%s: modulation=%d\n",
b4834839 1447 __func__, dev->poll_mod_curr);
c46ee386 1448
b5193e5d 1449 if (tg != 1)
c46ee386
AAJ		 1450 return -EPROTO;
1451
98b3ac1b
SO		 1452 memset(&nfc_tgt, 0, sizeof(struct nfc_target));
1453
c46ee386
AAJ		 1454 switch (dev->poll_mod_curr) {
1455 case PN533_POLL_MOD_106KBPS_A:
b5193e5d 1456 rc = pn533_target_found_type_a(&nfc_tgt, tgdata, tgdata_len);
c46ee386
AAJ		 1457 break;
1458 case PN533_POLL_MOD_212KBPS_FELICA:
1459 case PN533_POLL_MOD_424KBPS_FELICA:
b5193e5d 1460 rc = pn533_target_found_felica(&nfc_tgt, tgdata, tgdata_len);
c46ee386
AAJ		 1461 break;
1462 case PN533_POLL_MOD_106KBPS_JEWEL:
b5193e5d 1463 rc = pn533_target_found_jewel(&nfc_tgt, tgdata, tgdata_len);
c46ee386
AAJ		 1464 break;
1465 case PN533_POLL_MOD_847KBPS_B:
b5193e5d 1466 rc = pn533_target_found_type_b(&nfc_tgt, tgdata, tgdata_len);
c46ee386
AAJ		 1467 break;
1468 default:
073a625f
JP		 1469 nfc_err(&dev->interface->dev,
1470 "Unknown current poll modulation\n");
c46ee386
AAJ		 1471 return -EPROTO;
1472 }
1473
1474 if (rc)
1475 return rc;
1476
1477 if (!(nfc_tgt.supported_protocols & dev->poll_protocols)) {
b4834839
JP		 1478 dev_dbg(&dev->interface->dev,
1479 "The Tg found doesn't have the desired protocol\n");
c46ee386
AAJ		 1480 return -EAGAIN;
1481 }
1482
b4834839
JP		 1483 dev_dbg(&dev->interface->dev,
1484 "Target found - supported protocols: 0x%x\n",
1485 nfc_tgt.supported_protocols);
c46ee386
AAJ		 1486
1487 dev->tgt_available_prots = nfc_tgt.supported_protocols;
1488
1489 nfc_targets_found(dev->nfc_dev, &nfc_tgt, 1);
1490
1491 return 0;
1492}
1493
6fbbdc16
SO		 1494static inline void pn533_poll_next_mod(struct pn533 *dev)
1495{
1496 dev->poll_mod_curr = (dev->poll_mod_curr + 1) % dev->poll_mod_count;
1497}
1498
c46ee386
AAJ		 1499static void pn533_poll_reset_mod_list(struct pn533 *dev)
1500{
1501 dev->poll_mod_count = 0;
1502}
1503
1504static void pn533_poll_add_mod(struct pn533 *dev, u8 mod_index)
1505{
1506 dev->poll_mod_active[dev->poll_mod_count] =
37cf4fc6 1507 (struct pn533_poll_modulations *)&poll_mod[mod_index];
c46ee386
AAJ		 1508 dev->poll_mod_count++;
1509}
1510
6fbbdc16
SO		 1511static void pn533_poll_create_mod_list(struct pn533 *dev,
1512 u32 im_protocols, u32 tm_protocols)
c46ee386
AAJ		 1513{
1514 pn533_poll_reset_mod_list(dev);
1515
b08e8603
WR		 1516 if ((im_protocols & NFC_PROTO_MIFARE_MASK) ||
1517 (im_protocols & NFC_PROTO_ISO14443_MASK) ||
1518 (im_protocols & NFC_PROTO_NFC_DEP_MASK))
c46ee386
AAJ		 1519 pn533_poll_add_mod(dev, PN533_POLL_MOD_106KBPS_A);
1520
b08e8603
WR		 1521 if (im_protocols & NFC_PROTO_FELICA_MASK ||
1522 im_protocols & NFC_PROTO_NFC_DEP_MASK) {
c46ee386
AAJ		 1523 pn533_poll_add_mod(dev, PN533_POLL_MOD_212KBPS_FELICA);
1524 pn533_poll_add_mod(dev, PN533_POLL_MOD_424KBPS_FELICA);
1525 }
1526
6fbbdc16 1527 if (im_protocols & NFC_PROTO_JEWEL_MASK)
c46ee386
AAJ		 1528 pn533_poll_add_mod(dev, PN533_POLL_MOD_106KBPS_JEWEL);
1529
01d719a2 1530 if (im_protocols & NFC_PROTO_ISO14443_B_MASK)
c46ee386 1531 pn533_poll_add_mod(dev, PN533_POLL_MOD_847KBPS_B);
c46ee386 1532
6fbbdc16
SO		 1533 if (tm_protocols)
1534 pn533_poll_add_mod(dev, PN533_LISTEN_MOD);
c46ee386
AAJ		 1535}
1536
b5193e5d 1537static int pn533_start_poll_complete(struct pn533 *dev, struct sk_buff *resp)
c46ee386 1538{
b5193e5d
WR		 1539 u8 nbtg, tg, *tgdata;
1540 int rc, tgdata_len;
c46ee386 1541
673088fb
SO		 1542 /* Toggle the DEP polling */
1543 dev->poll_dep = 1;
1544
b5193e5d
WR		 1545 nbtg = resp->data[0];
1546 tg = resp->data[1];
1547 tgdata = &resp->data[2];
1548 tgdata_len = resp->len - 2; /* nbtg + tg */
1549
1550 if (nbtg) {
1551 rc = pn533_target_found(dev, tg, tgdata, tgdata_len);
c46ee386
AAJ		 1552
1553 /* We must stop the poll after a valid target found */
6fbbdc16
SO		 1554 if (rc == 0) {
1555 pn533_poll_reset_mod_list(dev);
1556 return 0;
1557 }
c46ee386
AAJ		 1558 }
1559
6fbbdc16 1560 return -EAGAIN;
c46ee386
AAJ		 1561}
1562
9e2d493e 1563static struct sk_buff *pn533_alloc_poll_tg_frame(struct pn533 *dev)
ad3823ce 1564{
b5193e5d
WR		 1565 struct sk_buff *skb;
1566 u8 *felica, *nfcid3, *gb;
1567
9e2d493e
WR		 1568 u8 *gbytes = dev->gb;
1569 size_t gbytes_len = dev->gb_len;
1570
51d9e803
SO		 1571 u8 felica_params[18] = {0x1, 0xfe, /* DEP */
1572 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, /* random */
1573 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
1574 0xff, 0xff}; /* System code */
b5193e5d 1575
51d9e803
SO		 1576 u8 mifare_params[6] = {0x1, 0x1, /* SENS_RES */
1577 0x0, 0x0, 0x0,
1578 0x40}; /* SEL_RES for DEP */
ad3823ce 1579
b5193e5d
WR		 1580 unsigned int skb_len = 36 + /* mode (1), mifare (6),
1581 felica (18), nfcid3 (10), gb_len (1) */
1582 gbytes_len +
1583 1; /* len Tk*/
ad3823ce 1584
9e2d493e 1585 skb = pn533_alloc_skb(dev, skb_len);
b5193e5d
WR		 1586 if (!skb)
1587 return NULL;
ad3823ce
SO		 1588
1589 /* DEP support only */
52f2eaee 1590 *skb_put(skb, 1) = PN533_INIT_TARGET_DEP;
b5193e5d
WR		 1591
1592 /* MIFARE params */
1593 memcpy(skb_put(skb, 6), mifare_params, 6);
51d9e803
SO		 1594
1595 /* Felica params */
b5193e5d
WR		 1596 felica = skb_put(skb, 18);
1597 memcpy(felica, felica_params, 18);
1598 get_random_bytes(felica + 2, 6);
51d9e803
SO		 1599
1600 /* NFCID3 */
b5193e5d
WR		 1601 nfcid3 = skb_put(skb, 10);
1602 memset(nfcid3, 0, 10);
1603 memcpy(nfcid3, felica, 8);
51d9e803
SO		 1604
1605 /* General bytes */
b5193e5d 1606 *skb_put(skb, 1) = gbytes_len;
51d9e803 1607
b5193e5d
WR		 1608 gb = skb_put(skb, gbytes_len);
1609 memcpy(gb, gbytes, gbytes_len);
ad3823ce 1610
b5193e5d
WR		 1611 /* Len Tk */
1612 *skb_put(skb, 1) = 0;
51d9e803 1613
b5193e5d 1614 return skb;
ad3823ce
SO		 1615}
1616
b1bb290a 1617#define PN533_CMD_DATAEXCH_HEAD_LEN 1
103b34cf 1618#define PN533_CMD_DATAEXCH_DATA_MAXLEN 262
3c13b244
OG		 1619static void pn533_wq_tm_mi_recv(struct work_struct *work);
1620static struct sk_buff *pn533_build_response(struct pn533 *dev);
1621
103b34cf 1622static int pn533_tm_get_data_complete(struct pn533 *dev, void *arg,
e4878823 1623 struct sk_buff *resp)
103b34cf 1624{
3c13b244
OG		 1625 struct sk_buff *skb;
1626 u8 status, ret, mi;
1627 int rc;
103b34cf 1628
b4834839 1629 dev_dbg(&dev->interface->dev, "%s\n", __func__);
103b34cf 1630
3c13b244
OG		 1631 if (IS_ERR(resp)) {
1632 skb_queue_purge(&dev->resp_q);
e4878823 1633 return PTR_ERR(resp);
3c13b244 1634 }
103b34cf 1635
e4878823 1636 status = resp->data[0];
3c13b244
OG		 1637
1638 ret = status & PN533_CMD_RET_MASK;
1639 mi = status & PN533_CMD_MI_MASK;
1640
e4878823 1641 skb_pull(resp, sizeof(status));
103b34cf 1642
3c13b244
OG		 1643 if (ret != PN533_CMD_RET_SUCCESS) {
1644 rc = -EIO;
1645 goto error;
1646 }
1647
1648 skb_queue_tail(&dev->resp_q, resp);
1649
1650 if (mi) {
1651 queue_work(dev->wq, &dev->mi_tm_rx_work);
1652 return -EINPROGRESS;
1653 }
1654
1655 skb = pn533_build_response(dev);
1656 if (!skb) {
1657 rc = -EIO;
1658 goto error;
103b34cf
SO		 1659 }
1660
3c13b244
OG		 1661 return nfc_tm_data_received(dev->nfc_dev, skb);
1662
1663error:
1664 nfc_tm_deactivated(dev->nfc_dev);
1665 dev->tgt_mode = 0;
1666 skb_queue_purge(&dev->resp_q);
1667 dev_kfree_skb(resp);
1668
1669 return rc;
1670}
1671
1672static void pn533_wq_tm_mi_recv(struct work_struct *work)
1673{
1674 struct pn533 *dev = container_of(work, struct pn533, mi_tm_rx_work);
1675 struct sk_buff *skb;
1676 int rc;
1677
1678 dev_dbg(&dev->interface->dev, "%s\n", __func__);
1679
1680 skb = pn533_alloc_skb(dev, 0);
1681 if (!skb)
1682 return;
1683
1684 rc = pn533_send_cmd_direct_async(dev,
1685 PN533_CMD_TG_GET_DATA,
1686 skb,
1687 pn533_tm_get_data_complete,
1688 NULL);
1689
1690 if (rc < 0)
1691 dev_kfree_skb(skb);
1692
1693 return;
103b34cf
SO		 1694}
1695
93ad4202
OG		 1696static int pn533_tm_send_complete(struct pn533 *dev, void *arg,
1697 struct sk_buff *resp);
1698static void pn533_wq_tm_mi_send(struct work_struct *work)
1699{
1700 struct pn533 *dev = container_of(work, struct pn533, mi_tm_tx_work);
1701 struct sk_buff *skb;
1702 int rc;
1703
1704 dev_dbg(&dev->interface->dev, "%s\n", __func__);
1705
1706 /* Grab the first skb in the queue */
1707 skb = skb_dequeue(&dev->fragment_skb);
1708 if (skb == NULL) { /* No more data */
1709 /* Reset the queue for future use */
1710 skb_queue_head_init(&dev->fragment_skb);
1711 goto error;
1712 }
1713
1714 /* last entry - remove MI bit */
1715 if (skb_queue_len(&dev->fragment_skb) == 0) {
1716 rc = pn533_send_cmd_direct_async(dev, PN533_CMD_TG_SET_DATA,
1717 skb, pn533_tm_send_complete, NULL);
1718 } else
1719 rc = pn533_send_cmd_direct_async(dev,
1720 PN533_CMD_TG_SET_META_DATA,
1721 skb, pn533_tm_send_complete, NULL);
1722
1723 if (rc == 0) /* success */
1724 return;
1725
1726 dev_err(&dev->interface->dev,
1727 "Error %d when trying to perform set meta data_exchange", rc);
1728
1729 dev_kfree_skb(skb);
1730
1731error:
1732 pn533_send_ack(dev, GFP_KERNEL);
1733 queue_work(dev->wq, &dev->cmd_work);
1734}
1735
103b34cf
SO		 1736static void pn533_wq_tg_get_data(struct work_struct *work)
1737{
1738 struct pn533 *dev = container_of(work, struct pn533, tg_work);
e4878823
WR		 1739 struct sk_buff *skb;
1740 int rc;
103b34cf 1741
b4834839 1742 dev_dbg(&dev->interface->dev, "%s\n", __func__);
103b34cf 1743
9e2d493e 1744 skb = pn533_alloc_skb(dev, 0);
e4878823 1745 if (!skb)
103b34cf
SO		 1746 return;
1747
e4878823
WR		 1748 rc = pn533_send_data_async(dev, PN533_CMD_TG_GET_DATA, skb,
1749 pn533_tm_get_data_complete, NULL);
103b34cf 1750
e4878823
WR		 1751 if (rc < 0)
1752 dev_kfree_skb(skb);
103b34cf
SO		 1753
1754 return;
1755}
1756
fc40a8c1 1757#define ATR_REQ_GB_OFFSET 17
b5193e5d 1758static int pn533_init_target_complete(struct pn533 *dev, struct sk_buff *resp)
fe7c5800 1759{
b5193e5d 1760 u8 mode, *cmd, comm_mode = NFC_COMM_PASSIVE, *gb;
fc40a8c1 1761 size_t gb_len;
103b34cf 1762 int rc;
ad3823ce 1763
b4834839 1764 dev_dbg(&dev->interface->dev, "%s\n", __func__);
ad3823ce 1765
b5193e5d 1766 if (resp->len < ATR_REQ_GB_OFFSET + 1)
fc40a8c1
SO		 1767 return -EINVAL;
1768
b5193e5d
WR		 1769 mode = resp->data[0];
1770 cmd = &resp->data[1];
ad3823ce 1771
b4834839
JP		 1772 dev_dbg(&dev->interface->dev, "Target mode 0x%x len %d\n",
1773 mode, resp->len);
ad3823ce 1774
b5193e5d
WR		 1775 if ((mode & PN533_INIT_TARGET_RESP_FRAME_MASK) ==
1776 PN533_INIT_TARGET_RESP_ACTIVE)
fc40a8c1
SO		 1777 comm_mode = NFC_COMM_ACTIVE;
1778
b5193e5d 1779 if ((mode & PN533_INIT_TARGET_RESP_DEP) == 0) /* Only DEP supported */
fc40a8c1
SO		 1780 return -EOPNOTSUPP;
1781
b5193e5d
WR		 1782 gb = cmd + ATR_REQ_GB_OFFSET;
1783 gb_len = resp->len - (ATR_REQ_GB_OFFSET + 1);
fc40a8c1 1784
103b34cf
SO		 1785 rc = nfc_tm_activated(dev->nfc_dev, NFC_PROTO_NFC_DEP_MASK,
1786 comm_mode, gb, gb_len);
1787 if (rc < 0) {
073a625f
JP		 1788 nfc_err(&dev->interface->dev,
1789 "Error when signaling target activation\n");
103b34cf
SO		 1790 return rc;
1791 }
1792
51ad304c 1793 dev->tgt_mode = 1;
103b34cf
SO		 1794 queue_work(dev->wq, &dev->tg_work);
1795
1796 return 0;
fe7c5800
SO		 1797}
1798
6fbbdc16 1799static void pn533_listen_mode_timer(unsigned long data)
ad3823ce 1800{
37cf4fc6 1801 struct pn533 *dev = (struct pn533 *)data;
6fbbdc16 1802
b4834839 1803 dev_dbg(&dev->interface->dev, "Listen mode timeout\n");
6fbbdc16 1804
6fbbdc16
SO		 1805 dev->cancel_listen = 1;
1806
6fbbdc16
SO		 1807 pn533_poll_next_mod(dev);
1808
46f793b0
SO		 1809 queue_delayed_work(dev->wq, &dev->poll_work,
1810 msecs_to_jiffies(PN533_POLL_INTERVAL));
6fbbdc16
SO		 1811}
1812
17e9d9d4
SO		 1813static int pn533_rf_complete(struct pn533 *dev, void *arg,
1814 struct sk_buff *resp)
1815{
1816 int rc = 0;
1817
b4834839 1818 dev_dbg(&dev->interface->dev, "%s\n", __func__);
17e9d9d4
SO		 1819
1820 if (IS_ERR(resp)) {
1821 rc = PTR_ERR(resp);
1822
3590ebc0 1823 nfc_err(&dev->interface->dev, "RF setting error %d\n", rc);
17e9d9d4
SO		 1824
1825 return rc;
1826 }
1827
46f793b0
SO		 1828 queue_delayed_work(dev->wq, &dev->poll_work,
1829 msecs_to_jiffies(PN533_POLL_INTERVAL));
17e9d9d4
SO		 1830
1831 dev_kfree_skb(resp);
1832 return rc;
1833}
1834
1835static void pn533_wq_rf(struct work_struct *work)
1836{
1837 struct pn533 *dev = container_of(work, struct pn533, rf_work);
1838 struct sk_buff *skb;
1839 int rc;
1840
b4834839 1841 dev_dbg(&dev->interface->dev, "%s\n", __func__);
17e9d9d4
SO		 1842
1843 skb = pn533_alloc_skb(dev, 2);
1844 if (!skb)
1845 return;
1846
1847 *skb_put(skb, 1) = PN533_CFGITEM_RF_FIELD;
3a8eab39 1848 *skb_put(skb, 1) = PN533_CFGITEM_RF_FIELD_AUTO_RFCA;
17e9d9d4
SO		 1849
1850 rc = pn533_send_cmd_async(dev, PN533_CMD_RF_CONFIGURATION, skb,
1851 pn533_rf_complete, NULL);
1852 if (rc < 0) {
1853 dev_kfree_skb(skb);
073a625f 1854 nfc_err(&dev->interface->dev, "RF setting error %d\n", rc);
17e9d9d4
SO		 1855 }
1856
1857 return;
1858}
1859
673088fb
SO		 1860static int pn533_poll_dep_complete(struct pn533 *dev, void *arg,
1861 struct sk_buff *resp)
1862{
1863 struct pn533_cmd_jump_dep_response *rsp;
1864 struct nfc_target nfc_target;
1865 u8 target_gt_len;
1866 int rc;
1867
1868 if (IS_ERR(resp))
1869 return PTR_ERR(resp);
1870
1871 rsp = (struct pn533_cmd_jump_dep_response *)resp->data;
1872
1873 rc = rsp->status & PN533_CMD_RET_MASK;
1874 if (rc != PN533_CMD_RET_SUCCESS) {
1875 /* Not target found, turn radio off */
1876 queue_work(dev->wq, &dev->rf_work);
1877
1878 dev_kfree_skb(resp);
1879 return 0;
1880 }
1881
1882 dev_dbg(&dev->interface->dev, "Creating new target");
1883
1884 nfc_target.supported_protocols = NFC_PROTO_NFC_DEP_MASK;
1885 nfc_target.nfcid1_len = 10;
1886 memcpy(nfc_target.nfcid1, rsp->nfcid3t, nfc_target.nfcid1_len);
1887 rc = nfc_targets_found(dev->nfc_dev, &nfc_target, 1);
1888 if (rc)
1889 goto error;
1890
1891 dev->tgt_available_prots = 0;
1892 dev->tgt_active_prot = NFC_PROTO_NFC_DEP;
1893
1894 /* ATR_RES general bytes are located at offset 17 */
1895 target_gt_len = resp->len - 17;
1896 rc = nfc_set_remote_general_bytes(dev->nfc_dev,
1897 rsp->gt, target_gt_len);
1898 if (!rc) {
1899 rc = nfc_dep_link_is_up(dev->nfc_dev,
1900 dev->nfc_dev->targets[0].idx,
1901 0, NFC_RF_INITIATOR);
1902
1903 if (!rc)
1904 pn533_poll_reset_mod_list(dev);
1905 }
1906error:
1907 dev_kfree_skb(resp);
1908 return rc;
1909}
1910
1911#define PASSIVE_DATA_LEN 5
1912static int pn533_poll_dep(struct nfc_dev *nfc_dev)
1913{
1914 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1915 struct sk_buff *skb;
1916 int rc, skb_len;
1917 u8 *next, nfcid3[NFC_NFCID3_MAXSIZE];
1918 u8 passive_data[PASSIVE_DATA_LEN] = {0x00, 0xff, 0xff, 0x00, 0x3};
1919
1920 dev_dbg(&dev->interface->dev, "%s", __func__);
1921
1922 if (!dev->gb) {
1923 dev->gb = nfc_get_local_general_bytes(nfc_dev, &dev->gb_len);
1924
1925 if (!dev->gb || !dev->gb_len) {
1926 dev->poll_dep = 0;
1927 queue_work(dev->wq, &dev->rf_work);
1928 }
1929 }
1930
1931 skb_len = 3 + dev->gb_len; /* ActPass + BR + Next */
1932 skb_len += PASSIVE_DATA_LEN;
1933
1934 /* NFCID3 */
1935 skb_len += NFC_NFCID3_MAXSIZE;
1936 nfcid3[0] = 0x1;
1937 nfcid3[1] = 0xfe;
1938 get_random_bytes(nfcid3 + 2, 6);
1939
1940 skb = pn533_alloc_skb(dev, skb_len);
1941 if (!skb)
1942 return -ENOMEM;
1943
1944 *skb_put(skb, 1) = 0x01; /* Active */
1945 *skb_put(skb, 1) = 0x02; /* 424 kbps */
1946
1947 next = skb_put(skb, 1); /* Next */
1948 *next = 0;
1949
1950 /* Copy passive data */
1951 memcpy(skb_put(skb, PASSIVE_DATA_LEN), passive_data, PASSIVE_DATA_LEN);
1952 *next |= 1;
1953
1954 /* Copy NFCID3 (which is NFCID2 from SENSF_RES) */
1955 memcpy(skb_put(skb, NFC_NFCID3_MAXSIZE), nfcid3,
1956 NFC_NFCID3_MAXSIZE);
1957 *next |= 2;
1958
1959 memcpy(skb_put(skb, dev->gb_len), dev->gb, dev->gb_len);
1960 *next |= 4; /* We have some Gi */
1961
1962 rc = pn533_send_cmd_async(dev, PN533_CMD_IN_JUMP_FOR_DEP, skb,
1963 pn533_poll_dep_complete, NULL);
1964
1965 if (rc < 0)
1966 dev_kfree_skb(skb);
1967
1968 return rc;
1969}
1970
6fbbdc16 1971static int pn533_poll_complete(struct pn533 *dev, void *arg,
b5193e5d 1972 struct sk_buff *resp)
6fbbdc16
SO		 1973{
1974 struct pn533_poll_modulations *cur_mod;
ad3823ce
SO		 1975 int rc;
1976
b4834839 1977 dev_dbg(&dev->interface->dev, "%s\n", __func__);
ad3823ce 1978
b5193e5d
WR		 1979 if (IS_ERR(resp)) {
1980 rc = PTR_ERR(resp);
1981
073a625f
JP		 1982 nfc_err(&dev->interface->dev, "%s Poll complete error %d\n",
1983 __func__, rc);
b5193e5d
WR		 1984
1985 if (rc == -ENOENT) {
1986 if (dev->poll_mod_count != 0)
1987 return rc;
1988 else
1989 goto stop_poll;
1990 } else if (rc < 0) {
073a625f
JP		 1991 nfc_err(&dev->interface->dev,
1992 "Error %d when running poll\n", rc);
b5193e5d
WR		 1993 goto stop_poll;
1994 }
6fbbdc16 1995 }
ad3823ce 1996
6fbbdc16
SO		 1997 cur_mod = dev->poll_mod_active[dev->poll_mod_curr];
1998
b5193e5d 1999 if (cur_mod->len == 0) { /* Target mode */
6fbbdc16 2000 del_timer(&dev->listen_timer);
b5193e5d
WR		 2001 rc = pn533_init_target_complete(dev, resp);
2002 goto done;
6fbbdc16
SO		 2003 }
2004
b5193e5d
WR		 2005 /* Initiator mode */
2006 rc = pn533_start_poll_complete(dev, resp);
2007 if (!rc)
2008 goto done;
6fbbdc16 2009
95cb9e10 2010 if (!dev->poll_mod_count) {
b4834839 2011 dev_dbg(&dev->interface->dev, "Polling has been stopped\n");
95cb9e10
WR		 2012 goto done;
2013 }
2014
b5193e5d 2015 pn533_poll_next_mod(dev);
17e9d9d4
SO		 2016 /* Not target found, turn radio off */
2017 queue_work(dev->wq, &dev->rf_work);
6fbbdc16 2018
b5193e5d
WR		 2019done:
2020 dev_kfree_skb(resp);
2021 return rc;
6fbbdc16
SO		 2022
2023stop_poll:
073a625f 2024 nfc_err(&dev->interface->dev, "Polling operation has been stopped\n");
b5193e5d 2025
6fbbdc16
SO		 2026 pn533_poll_reset_mod_list(dev);
2027 dev->poll_protocols = 0;
b5193e5d 2028 return rc;
ad3823ce
SO		 2029}
2030
9e2d493e
WR		 2031static struct sk_buff *pn533_alloc_poll_in_frame(struct pn533 *dev,
2032 struct pn533_poll_modulations *mod)
c46ee386 2033{
b5193e5d 2034 struct sk_buff *skb;
c46ee386 2035
9e2d493e 2036 skb = pn533_alloc_skb(dev, mod->len);
b5193e5d
WR		 2037 if (!skb)
2038 return NULL;
c46ee386 2039
b5193e5d 2040 memcpy(skb_put(skb, mod->len), &mod->data, mod->len);
c46ee386 2041
b5193e5d 2042 return skb;
6fbbdc16 2043}
c46ee386 2044
6fbbdc16
SO		 2045static int pn533_send_poll_frame(struct pn533 *dev)
2046{
b5193e5d
WR		 2047 struct pn533_poll_modulations *mod;
2048 struct sk_buff *skb;
6fbbdc16 2049 int rc;
b5193e5d 2050 u8 cmd_code;
c46ee386 2051
b5193e5d 2052 mod = dev->poll_mod_active[dev->poll_mod_curr];
c46ee386 2053
b4834839
JP		 2054 dev_dbg(&dev->interface->dev, "%s mod len %d\n",
2055 __func__, mod->len);
c46ee386 2056
673088fb
SO		 2057 if (dev->poll_dep) {
2058 dev->poll_dep = 0;
2059 return pn533_poll_dep(dev->nfc_dev);
2060 }
2061
b5193e5d
WR		 2062 if (mod->len == 0) { /* Listen mode */
2063 cmd_code = PN533_CMD_TG_INIT_AS_TARGET;
9e2d493e 2064 skb = pn533_alloc_poll_tg_frame(dev);
b5193e5d
WR		 2065 } else { /* Polling mode */
2066 cmd_code = PN533_CMD_IN_LIST_PASSIVE_TARGET;
9e2d493e 2067 skb = pn533_alloc_poll_in_frame(dev, mod);
b5193e5d
WR		 2068 }
2069
2070 if (!skb) {
073a625f 2071 nfc_err(&dev->interface->dev, "Failed to allocate skb\n");
b5193e5d
WR		 2072 return -ENOMEM;
2073 }
2074
2075 rc = pn533_send_cmd_async(dev, cmd_code, skb, pn533_poll_complete,
2076 NULL);
2077 if (rc < 0) {
2078 dev_kfree_skb(skb);
073a625f 2079 nfc_err(&dev->interface->dev, "Polling loop error %d\n", rc);
b5193e5d 2080 }
c46ee386 2081
6fbbdc16
SO		 2082 return rc;
2083}
2084
2085static void pn533_wq_poll(struct work_struct *work)
2086{
46f793b0 2087 struct pn533 *dev = container_of(work, struct pn533, poll_work.work);
6fbbdc16
SO		 2088 struct pn533_poll_modulations *cur_mod;
2089 int rc;
2090
2091 cur_mod = dev->poll_mod_active[dev->poll_mod_curr];
2092
b4834839
JP		 2093 dev_dbg(&dev->interface->dev,
2094 "%s cancel_listen %d modulation len %d\n",
2095 __func__, dev->cancel_listen, cur_mod->len);
6fbbdc16
SO		 2096
2097 if (dev->cancel_listen == 1) {
2098 dev->cancel_listen = 0;
10cff29a 2099 pn533_abort_cmd(dev, GFP_ATOMIC);
c46ee386
AAJ		 2100 }
2101
6fbbdc16
SO		 2102 rc = pn533_send_poll_frame(dev);
2103 if (rc)
2104 return;
c46ee386 2105
6fbbdc16
SO		 2106 if (cur_mod->len == 0 && dev->poll_mod_count > 1)
2107 mod_timer(&dev->listen_timer, jiffies + PN533_LISTEN_TIME * HZ);
c46ee386 2108
6fbbdc16 2109 return;
c46ee386
AAJ		 2110}
2111
fe7c5800
SO		 2112static int pn533_start_poll(struct nfc_dev *nfc_dev,
2113 u32 im_protocols, u32 tm_protocols)
2114{
2115 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
cec4b8ed 2116 struct pn533_poll_modulations *cur_mod;
dfccd0f5 2117 u8 rand_mod;
cec4b8ed 2118 int rc;
fe7c5800 2119
b4834839
JP		 2120 dev_dbg(&dev->interface->dev,
2121 "%s: im protocols 0x%x tm protocols 0x%x\n",
2122 __func__, im_protocols, tm_protocols);
fe7c5800
SO		 2123
2124 if (dev->tgt_active_prot) {
073a625f
JP		 2125 nfc_err(&dev->interface->dev,
2126 "Cannot poll with a target already activated\n");
fe7c5800
SO		 2127 return -EBUSY;
2128 }
2129
51ad304c 2130 if (dev->tgt_mode) {
073a625f
JP		 2131 nfc_err(&dev->interface->dev,
2132 "Cannot poll while already being activated\n");
51ad304c
SO		 2133 return -EBUSY;
2134 }
2135
6fbbdc16
SO		 2136 if (tm_protocols) {
2137 dev->gb = nfc_get_local_general_bytes(nfc_dev, &dev->gb_len);
2138 if (dev->gb == NULL)
2139 tm_protocols = 0;
2140 }
ad3823ce 2141
6fbbdc16
SO		 2142 pn533_poll_create_mod_list(dev, im_protocols, tm_protocols);
2143 dev->poll_protocols = im_protocols;
2144 dev->listen_protocols = tm_protocols;
ad3823ce 2145
dfccd0f5
SO		 2146 /* Do not always start polling from the same modulation */
2147 get_random_bytes(&rand_mod, sizeof(rand_mod));
2148 rand_mod %= dev->poll_mod_count;
2149 dev->poll_mod_curr = rand_mod;
2150
cec4b8ed
SO		 2151 cur_mod = dev->poll_mod_active[dev->poll_mod_curr];
2152
2153 rc = pn533_send_poll_frame(dev);
2154
2155 /* Start listen timer */
2156 if (!rc && cur_mod->len == 0 && dev->poll_mod_count > 1)
2157 mod_timer(&dev->listen_timer, jiffies + PN533_LISTEN_TIME * HZ);
2158
2159 return rc;
fe7c5800
SO		 2160}
2161
c46ee386
AAJ		 2162static void pn533_stop_poll(struct nfc_dev *nfc_dev)
2163{
2164 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
2165
6fbbdc16
SO		 2166 del_timer(&dev->listen_timer);
2167
c46ee386 2168 if (!dev->poll_mod_count) {
b4834839
JP		 2169 dev_dbg(&dev->interface->dev,
2170 "Polling operation was not running\n");
c46ee386
AAJ		 2171 return;
2172 }
2173
10cff29a 2174 pn533_abort_cmd(dev, GFP_KERNEL);
46f793b0 2175 flush_delayed_work(&dev->poll_work);
7c2a04a9 2176 pn533_poll_reset_mod_list(dev);
c46ee386
AAJ		 2177}
2178
2179static int pn533_activate_target_nfcdep(struct pn533 *dev)
2180{
cb950d93 2181 struct pn533_cmd_activate_response *rsp;
541d920b 2182 u16 gt_len;
c46ee386 2183 int rc;
cb950d93
WR		 2184 struct sk_buff *skb;
2185 struct sk_buff *resp;
c46ee386 2186
b4834839 2187 dev_dbg(&dev->interface->dev, "%s\n", __func__);
c46ee386 2188
9e2d493e 2189 skb = pn533_alloc_skb(dev, sizeof(u8) * 2); /*TG + Next*/
cb950d93
WR		 2190 if (!skb)
2191 return -ENOMEM;
c46ee386 2192
cb950d93
WR		 2193 *skb_put(skb, sizeof(u8)) = 1; /* TG */
2194 *skb_put(skb, sizeof(u8)) = 0; /* Next */
c46ee386 2195
cb950d93
WR		 2196 resp = pn533_send_cmd_sync(dev, PN533_CMD_IN_ATR, skb);
2197 if (IS_ERR(resp))
2198 return PTR_ERR(resp);
c46ee386 2199
37cf4fc6 2200 rsp = (struct pn533_cmd_activate_response *)resp->data;
cb950d93 2201 rc = rsp->status & PN533_CMD_RET_MASK;
8a0ecfe7 2202 if (rc != PN533_CMD_RET_SUCCESS) {
073a625f
JP		 2203 nfc_err(&dev->interface->dev,
2204 "Target activation failed (error 0x%x)\n", rc);
cb950d93 2205 dev_kfree_skb(resp);
c46ee386 2206 return -EIO;
8a0ecfe7 2207 }
c46ee386 2208
541d920b 2209 /* ATR_RES general bytes are located at offset 16 */
cb950d93
WR		 2210 gt_len = resp->len - 16;
2211 rc = nfc_set_remote_general_bytes(dev->nfc_dev, rsp->gt, gt_len);
541d920b 2212
cb950d93 2213 dev_kfree_skb(resp);
541d920b 2214 return rc;
c46ee386
AAJ		 2215}
2216
90099433
EL		 2217static int pn533_activate_target(struct nfc_dev *nfc_dev,
2218 struct nfc_target *target, u32 protocol)
c46ee386
AAJ		 2219{
2220 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
2221 int rc;
2222
17936b43 2223 dev_dbg(&dev->interface->dev, "%s: protocol=%u\n", __func__, protocol);
c46ee386
AAJ		 2224
2225 if (dev->poll_mod_count) {
073a625f 2226 nfc_err(&dev->interface->dev,
b4834839 2227 "Cannot activate while polling\n");
c46ee386
AAJ		 2228 return -EBUSY;
2229 }
2230
2231 if (dev->tgt_active_prot) {
073a625f
JP		 2232 nfc_err(&dev->interface->dev,
2233 "There is already an active target\n");
c46ee386
AAJ		 2234 return -EBUSY;
2235 }
2236
2237 if (!dev->tgt_available_prots) {
073a625f
JP		 2238 nfc_err(&dev->interface->dev,
2239 "There is no available target to activate\n");
c46ee386
AAJ		 2240 return -EINVAL;
2241 }
2242
2243 if (!(dev->tgt_available_prots & (1 << protocol))) {
073a625f
JP		 2244 nfc_err(&dev->interface->dev,
2245 "Target doesn't support requested proto %u\n",
2246 protocol);
c46ee386
AAJ		 2247 return -EINVAL;
2248 }
2249
2250 if (protocol == NFC_PROTO_NFC_DEP) {
2251 rc = pn533_activate_target_nfcdep(dev);
2252 if (rc) {
073a625f
JP		 2253 nfc_err(&dev->interface->dev,
2254 "Activating target with DEP failed %d\n", rc);
c46ee386
AAJ		 2255 return rc;
2256 }
2257 }
2258
2259 dev->tgt_active_prot = protocol;
2260 dev->tgt_available_prots = 0;
2261
2262 return 0;
2263}
2264
90099433 2265static void pn533_deactivate_target(struct nfc_dev *nfc_dev,
96d4581f 2266 struct nfc_target *target, u8 mode)
c46ee386
AAJ		 2267{
2268 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
cb950d93
WR		 2269 struct sk_buff *skb;
2270 struct sk_buff *resp;
c46ee386
AAJ		 2271 int rc;
2272
b4834839 2273 dev_dbg(&dev->interface->dev, "%s\n", __func__);
c46ee386
AAJ		 2274
2275 if (!dev->tgt_active_prot) {
073a625f 2276 nfc_err(&dev->interface->dev, "There is no active target\n");
c46ee386
AAJ		 2277 return;
2278 }
2279
2280 dev->tgt_active_prot = 0;
6ff73fd2
SO		 2281 skb_queue_purge(&dev->resp_q);
2282
9e2d493e 2283 skb = pn533_alloc_skb(dev, sizeof(u8));
cb950d93
WR		 2284 if (!skb)
2285 return;
c46ee386 2286
cb950d93 2287 *skb_put(skb, 1) = 1; /* TG*/
c46ee386 2288
cb950d93
WR		 2289 resp = pn533_send_cmd_sync(dev, PN533_CMD_IN_RELEASE, skb);
2290 if (IS_ERR(resp))
c46ee386 2291 return;
c46ee386 2292
cb950d93 2293 rc = resp->data[0] & PN533_CMD_RET_MASK;
c46ee386 2294 if (rc != PN533_CMD_RET_SUCCESS)
073a625f
JP		 2295 nfc_err(&dev->interface->dev,
2296 "Error 0x%x when releasing the target\n", rc);
c46ee386 2297
cb950d93 2298 dev_kfree_skb(resp);
c46ee386
AAJ		 2299 return;
2300}
2301
361f3cb7
SO		 2302
2303static int pn533_in_dep_link_up_complete(struct pn533 *dev, void *arg,
13003649 2304 struct sk_buff *resp)
361f3cb7 2305{
13003649 2306 struct pn533_cmd_jump_dep_response *rsp;
361f3cb7
SO		 2307 u8 target_gt_len;
2308 int rc;
13003649 2309 u8 active = *(u8 *)arg;
70418e6e
WR		 2310
2311 kfree(arg);
361f3cb7 2312
13003649
WR		 2313 if (IS_ERR(resp))
2314 return PTR_ERR(resp);
361f3cb7
SO		 2315
2316 if (dev->tgt_available_prots &&
2317 !(dev->tgt_available_prots & (1 << NFC_PROTO_NFC_DEP))) {
073a625f
JP		 2318 nfc_err(&dev->interface->dev,
2319 "The target does not support DEP\n");
13003649
WR		 2320 rc = -EINVAL;
2321 goto error;
361f3cb7
SO		 2322 }
2323
13003649
WR		 2324 rsp = (struct pn533_cmd_jump_dep_response *)resp->data;
2325
2326 rc = rsp->status & PN533_CMD_RET_MASK;
361f3cb7 2327 if (rc != PN533_CMD_RET_SUCCESS) {
073a625f
JP		 2328 nfc_err(&dev->interface->dev,
2329 "Bringing DEP link up failed (error 0x%x)\n", rc);
13003649 2330 goto error;
361f3cb7
SO		 2331 }
2332
2333 if (!dev->tgt_available_prots) {
13003649
WR		 2334 struct nfc_target nfc_target;
2335
b4834839 2336 dev_dbg(&dev->interface->dev, "Creating new target\n");
361f3cb7
SO		 2337
2338 nfc_target.supported_protocols = NFC_PROTO_NFC_DEP_MASK;
2fbabfa4 2339 nfc_target.nfcid1_len = 10;
13003649 2340 memcpy(nfc_target.nfcid1, rsp->nfcid3t, nfc_target.nfcid1_len);
361f3cb7
SO		 2341 rc = nfc_targets_found(dev->nfc_dev, &nfc_target, 1);
2342 if (rc)
13003649 2343 goto error;
361f3cb7
SO		 2344
2345 dev->tgt_available_prots = 0;
2346 }
2347
2348 dev->tgt_active_prot = NFC_PROTO_NFC_DEP;
2349
2350 /* ATR_RES general bytes are located at offset 17 */
13003649 2351 target_gt_len = resp->len - 17;
361f3cb7 2352 rc = nfc_set_remote_general_bytes(dev->nfc_dev,
13003649 2353 rsp->gt, target_gt_len);
361f3cb7
SO		 2354 if (rc == 0)
2355 rc = nfc_dep_link_is_up(dev->nfc_dev,
13003649
WR		 2356 dev->nfc_dev->targets[0].idx,
2357 !active, NFC_RF_INITIATOR);
361f3cb7 2358
13003649
WR		 2359error:
2360 dev_kfree_skb(resp);
2361 return rc;
361f3cb7
SO		 2362}
2363
17e9d9d4 2364static int pn533_rf_field(struct nfc_dev *nfc_dev, u8 rf);
90099433 2365static int pn533_dep_link_up(struct nfc_dev *nfc_dev, struct nfc_target *target,
37cf4fc6 2366 u8 comm_mode, u8 *gb, size_t gb_len)
361f3cb7
SO		 2367{
2368 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
13003649 2369 struct sk_buff *skb;
5eef4845
SO		 2370 int rc, skb_len;
2371 u8 *next, *arg, nfcid3[NFC_NFCID3_MAXSIZE];
d7f3345d 2372 u8 passive_data[PASSIVE_DATA_LEN] = {0x00, 0xff, 0xff, 0x00, 0x3};
361f3cb7 2373
b4834839 2374 dev_dbg(&dev->interface->dev, "%s\n", __func__);
361f3cb7 2375
361f3cb7 2376 if (dev->poll_mod_count) {
073a625f
JP		 2377 nfc_err(&dev->interface->dev,
2378 "Cannot bring the DEP link up while polling\n");
361f3cb7
SO		 2379 return -EBUSY;
2380 }
2381
2382 if (dev->tgt_active_prot) {
073a625f
JP		 2383 nfc_err(&dev->interface->dev,
2384 "There is already an active target\n");
361f3cb7
SO		 2385 return -EBUSY;
2386 }
2387
13003649 2388 skb_len = 3 + gb_len; /* ActPass + BR + Next */
5eef4845 2389 skb_len += PASSIVE_DATA_LEN;
d7f3345d 2390
5eef4845
SO		 2391 /* NFCID3 */
2392 skb_len += NFC_NFCID3_MAXSIZE;
2393 if (target && !target->nfcid2_len) {
2394 nfcid3[0] = 0x1;
2395 nfcid3[1] = 0xfe;
2396 get_random_bytes(nfcid3 + 2, 6);
2397 }
322bce95 2398
9e2d493e 2399 skb = pn533_alloc_skb(dev, skb_len);
13003649 2400 if (!skb)
361f3cb7
SO		 2401 return -ENOMEM;
2402
13003649 2403 *skb_put(skb, 1) = !comm_mode; /* ActPass */
5eef4845 2404 *skb_put(skb, 1) = 0x02; /* 424 kbps */
13003649
WR		 2405
2406 next = skb_put(skb, 1); /* Next */
2407 *next = 0;
361f3cb7 2408
5eef4845
SO		 2409 /* Copy passive data */
2410 memcpy(skb_put(skb, PASSIVE_DATA_LEN), passive_data, PASSIVE_DATA_LEN);
2411 *next |= 1;
d7f3345d 2412
5eef4845
SO		 2413 /* Copy NFCID3 (which is NFCID2 from SENSF_RES) */
2414 if (target && target->nfcid2_len)
322bce95
SO		 2415 memcpy(skb_put(skb, NFC_NFCID3_MAXSIZE), target->nfcid2,
2416 target->nfcid2_len);
5eef4845
SO		 2417 else
2418 memcpy(skb_put(skb, NFC_NFCID3_MAXSIZE), nfcid3,
2419 NFC_NFCID3_MAXSIZE);
2420 *next |= 2;
322bce95 2421
47807d3d 2422 if (gb != NULL && gb_len > 0) {
13003649
WR		 2423 memcpy(skb_put(skb, gb_len), gb, gb_len);
2424 *next |= 4; /* We have some Gi */
361f3cb7 2425 } else {
13003649 2426 *next = 0;
361f3cb7
SO		 2427 }
2428
13003649
WR		 2429 arg = kmalloc(sizeof(*arg), GFP_KERNEL);
2430 if (!arg) {
2431 dev_kfree_skb(skb);
2432 return -ENOMEM;
2433 }
361f3cb7 2434
13003649 2435 *arg = !comm_mode;
361f3cb7 2436
17e9d9d4
SO		 2437 pn533_rf_field(dev->nfc_dev, 0);
2438
13003649
WR		 2439 rc = pn533_send_cmd_async(dev, PN533_CMD_IN_JUMP_FOR_DEP, skb,
2440 pn533_in_dep_link_up_complete, arg);
2441
2442 if (rc < 0) {
2443 dev_kfree_skb(skb);
2444 kfree(arg);
2445 }
361f3cb7
SO		 2446
2447 return rc;
2448}
2449
2450static int pn533_dep_link_down(struct nfc_dev *nfc_dev)
2451{
6fbbdc16
SO		 2452 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
2453
b4834839 2454 dev_dbg(&dev->interface->dev, "%s\n", __func__);
fcfafc76 2455
6fbbdc16
SO		 2456 pn533_poll_reset_mod_list(dev);
2457
10cff29a
WR		 2458 if (dev->tgt_mode || dev->tgt_active_prot)
2459 pn533_abort_cmd(dev, GFP_KERNEL);
51ad304c
SO		 2460
2461 dev->tgt_active_prot = 0;
2462 dev->tgt_mode = 0;
2463
2464 skb_queue_purge(&dev->resp_q);
361f3cb7
SO		 2465
2466 return 0;
2467}
2468
c46ee386 2469struct pn533_data_exchange_arg {
c46ee386
AAJ		 2470 data_exchange_cb_t cb;
2471 void *cb_context;
2472};
2473
6ff73fd2
SO		 2474static struct sk_buff *pn533_build_response(struct pn533 *dev)
2475{
2476 struct sk_buff *skb, *tmp, *t;
2477 unsigned int skb_len = 0, tmp_len = 0;
2478
b4834839 2479 dev_dbg(&dev->interface->dev, "%s\n", __func__);
6ff73fd2
SO		 2480
2481 if (skb_queue_empty(&dev->resp_q))
2482 return NULL;
2483
2484 if (skb_queue_len(&dev->resp_q) == 1) {
2485 skb = skb_dequeue(&dev->resp_q);
2486 goto out;
2487 }
2488
2489 skb_queue_walk_safe(&dev->resp_q, tmp, t)
2490 skb_len += tmp->len;
2491
b4834839
JP		 2492 dev_dbg(&dev->interface->dev, "%s total length %d\n",
2493 __func__, skb_len);
6ff73fd2
SO		 2494
2495 skb = alloc_skb(skb_len, GFP_KERNEL);
2496 if (skb == NULL)
2497 goto out;
2498
2499 skb_put(skb, skb_len);
2500
2501 skb_queue_walk_safe(&dev->resp_q, tmp, t) {
2502 memcpy(skb->data + tmp_len, tmp->data, tmp->len);
2503 tmp_len += tmp->len;
2504 }
2505
2506out:
2507 skb_queue_purge(&dev->resp_q);
2508
2509 return skb;
2510}
2511
c46ee386 2512static int pn533_data_exchange_complete(struct pn533 *dev, void *_arg,
b1e666f5 2513 struct sk_buff *resp)
c46ee386
AAJ		 2514{
2515 struct pn533_data_exchange_arg *arg = _arg;
b1e666f5
WR		 2516 struct sk_buff *skb;
2517 int rc = 0;
2518 u8 status, ret, mi;
c46ee386 2519
b4834839 2520 dev_dbg(&dev->interface->dev, "%s\n", __func__);
c46ee386 2521
b1e666f5
WR		 2522 if (IS_ERR(resp)) {
2523 rc = PTR_ERR(resp);
2524 goto _error;
c46ee386
AAJ		 2525 }
2526
b1e666f5
WR		 2527 status = resp->data[0];
2528 ret = status & PN533_CMD_RET_MASK;
2529 mi = status & PN533_CMD_MI_MASK;
2530
2531 skb_pull(resp, sizeof(status));
c46ee386 2532
b1e666f5 2533 if (ret != PN533_CMD_RET_SUCCESS) {
073a625f
JP		 2534 nfc_err(&dev->interface->dev,
2535 "Exchanging data failed (error 0x%x)\n", ret);
b1e666f5 2536 rc = -EIO;
c46ee386
AAJ		 2537 goto error;
2538 }
2539
b1e666f5 2540 skb_queue_tail(&dev->resp_q, resp);
6ff73fd2 2541
b1e666f5
WR		 2542 if (mi) {
2543 dev->cmd_complete_mi_arg = arg;
963a82e0
OG		 2544 queue_work(dev->wq, &dev->mi_rx_work);
2545 return -EINPROGRESS;
2546 }
2547
2548 /* Prepare for the next round */
2549 if (skb_queue_len(&dev->fragment_skb) > 0) {
2550 dev->cmd_complete_dep_arg = arg;
2551 queue_work(dev->wq, &dev->mi_tx_work);
2552
6ff73fd2 2553 return -EINPROGRESS;
c46ee386
AAJ		 2554 }
2555
6ff73fd2 2556 skb = pn533_build_response(dev);
5df848f3
JL		 2557 if (!skb) {
2558 rc = -ENOMEM;
6ff73fd2 2559 goto error;
5df848f3 2560 }
c46ee386 2561
6ff73fd2 2562 arg->cb(arg->cb_context, skb, 0);
c46ee386
AAJ		 2563 kfree(arg);
2564 return 0;
2565
2566error:
b1e666f5
WR		 2567 dev_kfree_skb(resp);
2568_error:
6ff73fd2 2569 skb_queue_purge(&dev->resp_q);
b1e666f5 2570 arg->cb(arg->cb_context, NULL, rc);
c46ee386 2571 kfree(arg);
b1e666f5 2572 return rc;
c46ee386
AAJ		 2573}
2574
963a82e0
OG		 2575/* Split the Tx skb into small chunks */
2576static int pn533_fill_fragment_skbs(struct pn533 *dev, struct sk_buff *skb)
2577{
2578 struct sk_buff *frag;
2579 int frag_size;
2580
2581 do {
2582 /* Remaining size */
2583 if (skb->len > PN533_CMD_DATAFRAME_MAXLEN)
2584 frag_size = PN533_CMD_DATAFRAME_MAXLEN;
2585 else
2586 frag_size = skb->len;
2587
2588 /* Allocate and reserve */
2589 frag = pn533_alloc_skb(dev, frag_size);
2590 if (!frag) {
2591 skb_queue_purge(&dev->fragment_skb);
2592 break;
2593 }
2594
22953f93
OG		 2595 if (!dev->tgt_mode) {
2596 /* Reserve the TG/MI byte */
2597 skb_reserve(frag, 1);
2598
2599 /* MI + TG */
2600 if (frag_size == PN533_CMD_DATAFRAME_MAXLEN)
2601 *skb_push(frag, sizeof(u8)) =
2602 (PN533_CMD_MI_MASK | 1);
2603 else
2604 *skb_push(frag, sizeof(u8)) = 1; /* TG */
2605 }
963a82e0
OG		 2606
2607 memcpy(skb_put(frag, frag_size), skb->data, frag_size);
2608
2609 /* Reduce the size of incoming buffer */
2610 skb_pull(skb, frag_size);
2611
2612 /* Add this to skb_queue */
2613 skb_queue_tail(&dev->fragment_skb, frag);
2614
2615 } while (skb->len > 0);
2616
2617 dev_kfree_skb(skb);
2618
2619 return skb_queue_len(&dev->fragment_skb);
2620}
2621
be9ae4ce
SO		 2622static int pn533_transceive(struct nfc_dev *nfc_dev,
2623 struct nfc_target *target, struct sk_buff *skb,
2624 data_exchange_cb_t cb, void *cb_context)
c46ee386
AAJ		 2625{
2626 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
b1e666f5 2627 struct pn533_data_exchange_arg *arg = NULL;
c46ee386
AAJ		 2628 int rc;
2629
b4834839 2630 dev_dbg(&dev->interface->dev, "%s\n", __func__);
c46ee386
AAJ		 2631
2632 if (!dev->tgt_active_prot) {
073a625f
JP		 2633 nfc_err(&dev->interface->dev,
2634 "Can't exchange data if there is no active target\n");
c46ee386
AAJ		 2635 rc = -EINVAL;
2636 goto error;
2637 }
2638
b1e666f5 2639 arg = kmalloc(sizeof(*arg), GFP_KERNEL);
c46ee386
AAJ		 2640 if (!arg) {
2641 rc = -ENOMEM;
b1e666f5 2642 goto error;
c46ee386
AAJ		 2643 }
2644
c46ee386
AAJ		 2645 arg->cb = cb;
2646 arg->cb_context = cb_context;
2647
b1e666f5
WR		 2648 switch (dev->device_type) {
2649 case PN533_DEVICE_PASORI:
2650 if (dev->tgt_active_prot == NFC_PROTO_FELICA) {
2651 rc = pn533_send_data_async(dev, PN533_CMD_IN_COMM_THRU,
2652 skb,
2653 pn533_data_exchange_complete,
2654 arg);
2655
2656 break;
2657 }
2658 default:
963a82e0
OG		 2659 /* jumbo frame ? */
2660 if (skb->len > PN533_CMD_DATAEXCH_DATA_MAXLEN) {
2661 rc = pn533_fill_fragment_skbs(dev, skb);
2662 if (rc <= 0)
2663 goto error;
2664
2665 skb = skb_dequeue(&dev->fragment_skb);
2666 if (!skb) {
2667 rc = -EIO;
2668 goto error;
2669 }
2670 } else {
2671 *skb_push(skb, sizeof(u8)) = 1; /* TG */
2672 }
b1e666f5
WR		 2673
2674 rc = pn533_send_data_async(dev, PN533_CMD_IN_DATA_EXCHANGE,
2675 skb, pn533_data_exchange_complete,
2676 arg);
2677
2678 break;
c46ee386
AAJ		 2679 }
2680
b1e666f5
WR		 2681 if (rc < 0) /* rc from send_async */
2682 goto error;
2683
c46ee386
AAJ		 2684 return 0;
2685
c46ee386 2686error:
b1e666f5
WR		 2687 kfree(arg);
2688 dev_kfree_skb(skb);
c46ee386
AAJ		 2689 return rc;
2690}
2691
dadb06f2 2692static int pn533_tm_send_complete(struct pn533 *dev, void *arg,
e4878823 2693 struct sk_buff *resp)
dadb06f2 2694{
e4878823 2695 u8 status;
5b412fd1 2696
b4834839 2697 dev_dbg(&dev->interface->dev, "%s\n", __func__);
dadb06f2 2698
e4878823
WR		 2699 if (IS_ERR(resp))
2700 return PTR_ERR(resp);
5b412fd1 2701
e4878823 2702 status = resp->data[0];
dadb06f2 2703
93ad4202
OG		 2704 /* Prepare for the next round */
2705 if (skb_queue_len(&dev->fragment_skb) > 0) {
2706 queue_work(dev->wq, &dev->mi_tm_tx_work);
2707 return -EINPROGRESS;
2708 }
e4878823 2709 dev_kfree_skb(resp);
dadb06f2 2710
e4878823 2711 if (status != 0) {
dadb06f2
SO		 2712 nfc_tm_deactivated(dev->nfc_dev);
2713
51ad304c
SO		 2714 dev->tgt_mode = 0;
2715
dadb06f2
SO		 2716 return 0;
2717 }
2718
2719 queue_work(dev->wq, &dev->tg_work);
2720
2721 return 0;
2722}
2723
2724static int pn533_tm_send(struct nfc_dev *nfc_dev, struct sk_buff *skb)
2725{
2726 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
dadb06f2
SO		 2727 int rc;
2728
b4834839 2729 dev_dbg(&dev->interface->dev, "%s\n", __func__);
dadb06f2 2730
93ad4202 2731 /* let's split in multiple chunks if size's too big */
e4878823 2732 if (skb->len > PN533_CMD_DATAEXCH_DATA_MAXLEN) {
93ad4202
OG		 2733 rc = pn533_fill_fragment_skbs(dev, skb);
2734 if (rc <= 0)
2735 goto error;
2736
2737 /* get the first skb */
2738 skb = skb_dequeue(&dev->fragment_skb);
2739 if (!skb) {
2740 rc = -EIO;
2741 goto error;
2742 }
2743
2744 rc = pn533_send_data_async(dev, PN533_CMD_TG_SET_META_DATA, skb,
2745 pn533_tm_send_complete, NULL);
2746 } else {
2747 /* Send th skb */
2748 rc = pn533_send_data_async(dev, PN533_CMD_TG_SET_DATA, skb,
2749 pn533_tm_send_complete, NULL);
dadb06f2
SO		 2750 }
2751
93ad4202
OG		 2752error:
2753 if (rc < 0) {
e4878823 2754 dev_kfree_skb(skb);
93ad4202
OG		 2755 skb_queue_purge(&dev->fragment_skb);
2756 }
dadb06f2
SO		 2757
2758 return rc;
2759}
2760
6ff73fd2
SO		 2761static void pn533_wq_mi_recv(struct work_struct *work)
2762{
963a82e0 2763 struct pn533 *dev = container_of(work, struct pn533, mi_rx_work);
b1e666f5 2764 struct sk_buff *skb;
6ff73fd2
SO		 2765 int rc;
2766
b4834839 2767 dev_dbg(&dev->interface->dev, "%s\n", __func__);
6ff73fd2 2768
9e2d493e 2769 skb = pn533_alloc_skb(dev, PN533_CMD_DATAEXCH_HEAD_LEN);
b1e666f5
WR		 2770 if (!skb)
2771 goto error;
6ff73fd2 2772
b1e666f5
WR		 2773 switch (dev->device_type) {
2774 case PN533_DEVICE_PASORI:
2775 if (dev->tgt_active_prot == NFC_PROTO_FELICA) {
2776 rc = pn533_send_cmd_direct_async(dev,
2777 PN533_CMD_IN_COMM_THRU,
2778 skb,
2779 pn533_data_exchange_complete,
2780 dev->cmd_complete_mi_arg);
6ff73fd2 2781
b1e666f5
WR		 2782 break;
2783 }
2784 default:
2785 *skb_put(skb, sizeof(u8)) = 1; /*TG*/
6ff73fd2 2786
b1e666f5
WR		 2787 rc = pn533_send_cmd_direct_async(dev,
2788 PN533_CMD_IN_DATA_EXCHANGE,
2789 skb,
2790 pn533_data_exchange_complete,
2791 dev->cmd_complete_mi_arg);
b1bb290a 2792
b1e666f5 2793 break;
6ff73fd2
SO		 2794 }
2795
b1e666f5 2796 if (rc == 0) /* success */
6ff73fd2
SO		 2797 return;
2798
073a625f
JP		 2799 nfc_err(&dev->interface->dev,
2800 "Error %d when trying to perform data_exchange\n", rc);
6ff73fd2 2801
b1e666f5 2802 dev_kfree_skb(skb);
140ef7f6 2803 kfree(dev->cmd_complete_mi_arg);
6ff73fd2 2804
b1e666f5 2805error:
6ff73fd2 2806 pn533_send_ack(dev, GFP_KERNEL);
5d50b364 2807 queue_work(dev->wq, &dev->cmd_work);
6ff73fd2
SO		 2808}
2809
963a82e0
OG		 2810static void pn533_wq_mi_send(struct work_struct *work)
2811{
2812 struct pn533 *dev = container_of(work, struct pn533, mi_tx_work);
2813 struct sk_buff *skb;
2814 int rc;
2815
b4834839 2816 dev_dbg(&dev->interface->dev, "%s\n", __func__);
963a82e0
OG		 2817
2818 /* Grab the first skb in the queue */
2819 skb = skb_dequeue(&dev->fragment_skb);
2820
2821 if (skb == NULL) { /* No more data */
2822 /* Reset the queue for future use */
2823 skb_queue_head_init(&dev->fragment_skb);
2824 goto error;
2825 }
2826
2827 switch (dev->device_type) {
2828 case PN533_DEVICE_PASORI:
2829 if (dev->tgt_active_prot != NFC_PROTO_FELICA) {
2830 rc = -EIO;
2831 break;
2832 }
2833
2834 rc = pn533_send_cmd_direct_async(dev, PN533_CMD_IN_COMM_THRU,
2835 skb,
2836 pn533_data_exchange_complete,
2837 dev->cmd_complete_dep_arg);
2838
2839 break;
2840
2841 default:
2842 /* Still some fragments? */
2843 rc = pn533_send_cmd_direct_async(dev,PN533_CMD_IN_DATA_EXCHANGE,
2844 skb,
2845 pn533_data_exchange_complete,
2846 dev->cmd_complete_dep_arg);
2847
2848 break;
2849 }
2850
2851 if (rc == 0) /* success */
2852 return;
2853
073a625f
JP		 2854 nfc_err(&dev->interface->dev,
2855 "Error %d when trying to perform data_exchange\n", rc);
963a82e0
OG		 2856
2857 dev_kfree_skb(skb);
2858 kfree(dev->cmd_complete_dep_arg);
2859
2860error:
2861 pn533_send_ack(dev, GFP_KERNEL);
2862 queue_work(dev->wq, &dev->cmd_work);
2863}
2864
c46ee386
AAJ		 2865static int pn533_set_configuration(struct pn533 *dev, u8 cfgitem, u8 *cfgdata,
2866 u8 cfgdata_len)
2867{
cb950d93
WR		 2868 struct sk_buff *skb;
2869 struct sk_buff *resp;
cb950d93 2870 int skb_len;
c46ee386 2871
b4834839 2872 dev_dbg(&dev->interface->dev, "%s\n", __func__);
c46ee386 2873
cb950d93 2874 skb_len = sizeof(cfgitem) + cfgdata_len; /* cfgitem + cfgdata */
c46ee386 2875
9e2d493e 2876 skb = pn533_alloc_skb(dev, skb_len);
cb950d93
WR		 2877 if (!skb)
2878 return -ENOMEM;
c46ee386 2879
cb950d93
WR		 2880 *skb_put(skb, sizeof(cfgitem)) = cfgitem;
2881 memcpy(skb_put(skb, cfgdata_len), cfgdata, cfgdata_len);
c46ee386 2882
cb950d93
WR		 2883 resp = pn533_send_cmd_sync(dev, PN533_CMD_RF_CONFIGURATION, skb);
2884 if (IS_ERR(resp))
2885 return PTR_ERR(resp);
c46ee386 2886
cb950d93
WR		 2887 dev_kfree_skb(resp);
2888 return 0;
2889}
2890
2891static int pn533_get_firmware_version(struct pn533 *dev,
2892 struct pn533_fw_version *fv)
2893{
2894 struct sk_buff *skb;
2895 struct sk_buff *resp;
2896
9e2d493e 2897 skb = pn533_alloc_skb(dev, 0);
cb950d93
WR		 2898 if (!skb)
2899 return -ENOMEM;
2900
2901 resp = pn533_send_cmd_sync(dev, PN533_CMD_GET_FIRMWARE_VERSION, skb);
2902 if (IS_ERR(resp))
2903 return PTR_ERR(resp);
2904
2905 fv->ic = resp->data[0];
2906 fv->ver = resp->data[1];
2907 fv->rev = resp->data[2];
2908 fv->support = resp->data[3];
2909
2910 dev_kfree_skb(resp);
2911 return 0;
c46ee386
AAJ		 2912}
2913
f75c2913 2914static int pn533_pasori_fw_reset(struct pn533 *dev)
5c7b0531 2915{
cb950d93
WR		 2916 struct sk_buff *skb;
2917 struct sk_buff *resp;
5c7b0531 2918
b4834839 2919 dev_dbg(&dev->interface->dev, "%s\n", __func__);
5c7b0531 2920
9e2d493e 2921 skb = pn533_alloc_skb(dev, sizeof(u8));
cb950d93
WR		 2922 if (!skb)
2923 return -ENOMEM;
5c7b0531 2924
cb950d93 2925 *skb_put(skb, sizeof(u8)) = 0x1;
5c7b0531 2926
cb950d93
WR		 2927 resp = pn533_send_cmd_sync(dev, 0x18, skb);
2928 if (IS_ERR(resp))
2929 return PTR_ERR(resp);
5c7b0531 2930
cb950d93 2931 dev_kfree_skb(resp);
5c7b0531 2932
94c5c156 2933 return 0;
5c7b0531
SO		 2934}
2935
53cf4839
WR		 2936struct pn533_acr122_poweron_rdr_arg {
2937 int rc;
2938 struct completion done;
2939};
2940
2941static void pn533_acr122_poweron_rdr_resp(struct urb *urb)
2942{
2943 struct pn533_acr122_poweron_rdr_arg *arg = urb->context;
2944
b4834839 2945 dev_dbg(&urb->dev->dev, "%s\n", __func__);
53cf4839 2946
86eca4e7 2947 print_hex_dump_debug("ACR122 RX: ", DUMP_PREFIX_NONE, 16, 1,
53cf4839
WR		 2948 urb->transfer_buffer, urb->transfer_buffer_length,
2949 false);
2950
2951 arg->rc = urb->status;
2952 complete(&arg->done);
2953}
2954
2955static int pn533_acr122_poweron_rdr(struct pn533 *dev)
2956{
2957 /* Power on th reader (CCID cmd) */
2958 u8 cmd[10] = {PN533_ACR122_PC_TO_RDR_ICCPOWERON,
2959 0, 0, 0, 0, 0, 0, 3, 0, 0};
2960 u8 buf[255];
2961 int rc;
2962 void *cntx;
2963 struct pn533_acr122_poweron_rdr_arg arg;
2964
b4834839 2965 dev_dbg(&dev->interface->dev, "%s\n", __func__);
53cf4839
WR		 2966
2967 init_completion(&arg.done);
2968 cntx = dev->in_urb->context; /* backup context */
2969
2970 dev->in_urb->transfer_buffer = buf;
2971 dev->in_urb->transfer_buffer_length = 255;
2972 dev->in_urb->complete = pn533_acr122_poweron_rdr_resp;
2973 dev->in_urb->context = &arg;
2974
2975 dev->out_urb->transfer_buffer = cmd;
2976 dev->out_urb->transfer_buffer_length = sizeof(cmd);
2977
86eca4e7 2978 print_hex_dump_debug("ACR122 TX: ", DUMP_PREFIX_NONE, 16, 1,
53cf4839
WR		 2979 cmd, sizeof(cmd), false);
2980
2981 rc = usb_submit_urb(dev->out_urb, GFP_KERNEL);
2982 if (rc) {
073a625f
JP		 2983 nfc_err(&dev->interface->dev,
2984 "Reader power on cmd error %d\n", rc);
53cf4839
WR		 2985 return rc;
2986 }
2987
2988 rc = usb_submit_urb(dev->in_urb, GFP_KERNEL);
2989 if (rc) {
073a625f
JP		 2990 nfc_err(&dev->interface->dev,
2991 "Can't submit reader poweron cmd response %d\n", rc);
53cf4839
WR		 2992 return rc;
2993 }
2994
2995 wait_for_completion(&arg.done);
2996 dev->in_urb->context = cntx; /* restore context */
2997
2998 return arg.rc;
2999}
3000
60d9edd5
SO		 3001static int pn533_rf_field(struct nfc_dev *nfc_dev, u8 rf)
3002{
3003 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
3004 u8 rf_field = !!rf;
3005 int rc;
3006
3a8eab39
SO		 3007 rf_field |= PN533_CFGITEM_RF_FIELD_AUTO_RFCA;
3008
60d9edd5
SO		 3009 rc = pn533_set_configuration(dev, PN533_CFGITEM_RF_FIELD,
3010 (u8 *)&rf_field, 1);
3011 if (rc) {
073a625f 3012 nfc_err(&dev->interface->dev, "Error on setting RF field\n");
60d9edd5
SO		 3013 return rc;
3014 }
3015
3016 return rc;
3017}
3018
e44666b9 3019static int pn533_dev_up(struct nfc_dev *nfc_dev)
60d9edd5
SO		 3020{
3021 return pn533_rf_field(nfc_dev, 1);
3022}
3023
e44666b9 3024static int pn533_dev_down(struct nfc_dev *nfc_dev)
60d9edd5
SO		 3025{
3026 return pn533_rf_field(nfc_dev, 0);
3027}
3028
5c7b0531 3029static struct nfc_ops pn533_nfc_ops = {
60d9edd5
SO		 3030 .dev_up = pn533_dev_up,
3031 .dev_down = pn533_dev_down,
361f3cb7
SO		 3032 .dep_link_up = pn533_dep_link_up,
3033 .dep_link_down = pn533_dep_link_down,
c46ee386
AAJ		 3034 .start_poll = pn533_start_poll,
3035 .stop_poll = pn533_stop_poll,
3036 .activate_target = pn533_activate_target,
3037 .deactivate_target = pn533_deactivate_target,
be9ae4ce 3038 .im_transceive = pn533_transceive,
dadb06f2 3039 .tm_send = pn533_tm_send,
c46ee386
AAJ		 3040};
3041
5c7b0531
SO		 3042static int pn533_setup(struct pn533 *dev)
3043{
3044 struct pn533_config_max_retries max_retries;
3045 struct pn533_config_timing timing;
3046 u8 pasori_cfg[3] = {0x08, 0x01, 0x08};
3047 int rc;
3048
3049 switch (dev->device_type) {
3050 case PN533_DEVICE_STD:
5c7b0531 3051 case PN533_DEVICE_PASORI:
53cf4839 3052 case PN533_DEVICE_ACR122U:
5c7b0531
SO		 3053 max_retries.mx_rty_atr = 0x2;
3054 max_retries.mx_rty_psl = 0x1;
3055 max_retries.mx_rty_passive_act =
3056 PN533_CONFIG_MAX_RETRIES_NO_RETRY;
3057
3058 timing.rfu = PN533_CONFIG_TIMING_102;
3059 timing.atr_res_timeout = PN533_CONFIG_TIMING_102;
3060 timing.dep_timeout = PN533_CONFIG_TIMING_204;
3061
3062 break;
3063
3064 default:
073a625f
JP		 3065 nfc_err(&dev->interface->dev, "Unknown device type %d\n",
3066 dev->device_type);
5c7b0531
SO		 3067 return -EINVAL;
3068 }
3069
3070 rc = pn533_set_configuration(dev, PN533_CFGITEM_MAX_RETRIES,
3071 (u8 *)&max_retries, sizeof(max_retries));
3072 if (rc) {
073a625f
JP		 3073 nfc_err(&dev->interface->dev,
3074 "Error on setting MAX_RETRIES config\n");
5c7b0531
SO		 3075 return rc;
3076 }
3077
3078
3079 rc = pn533_set_configuration(dev, PN533_CFGITEM_TIMING,
3080 (u8 *)&timing, sizeof(timing));
3081 if (rc) {
073a625f 3082 nfc_err(&dev->interface->dev, "Error on setting RF timings\n");
5c7b0531
SO		 3083 return rc;
3084 }
3085
3086 switch (dev->device_type) {
3087 case PN533_DEVICE_STD:
3088 break;
3089
3090 case PN533_DEVICE_PASORI:
f75c2913 3091 pn533_pasori_fw_reset(dev);
5c7b0531
SO		 3092
3093 rc = pn533_set_configuration(dev, PN533_CFGITEM_PASORI,
3094 pasori_cfg, 3);
3095 if (rc) {
073a625f
JP		 3096 nfc_err(&dev->interface->dev,
3097 "Error while settings PASORI config\n");
5c7b0531
SO		 3098 return rc;
3099 }
3100
f75c2913 3101 pn533_pasori_fw_reset(dev);
5c7b0531
SO		 3102
3103 break;
3104 }
3105
3106 return 0;
3107}
3108
c46ee386
AAJ		 3109static int pn533_probe(struct usb_interface *interface,
3110 const struct usb_device_id *id)
3111{
cb950d93 3112 struct pn533_fw_version fw_ver;
c46ee386
AAJ		 3113 struct pn533 *dev;
3114 struct usb_host_interface *iface_desc;
3115 struct usb_endpoint_descriptor *endpoint;
c46ee386
AAJ		 3116 int in_endpoint = 0;
3117 int out_endpoint = 0;
3118 int rc = -ENOMEM;
3119 int i;
3120 u32 protocols;
3121
3122 dev = kzalloc(sizeof(*dev), GFP_KERNEL);
3123 if (!dev)
3124 return -ENOMEM;
3125
3126 dev->udev = usb_get_dev(interface_to_usbdev(interface));
3127 dev->interface = interface;
0201ed03 3128 mutex_init(&dev->cmd_lock);
c46ee386
AAJ		 3129
3130 iface_desc = interface->cur_altsetting;
3131 for (i = 0; i < iface_desc->desc.bNumEndpoints; ++i) {
3132 endpoint = &iface_desc->endpoint[i].desc;
3133
8d25ca79 3134 if (!in_endpoint && usb_endpoint_is_bulk_in(endpoint))
c46ee386 3135 in_endpoint = endpoint->bEndpointAddress;
c46ee386 3136
8d25ca79 3137 if (!out_endpoint && usb_endpoint_is_bulk_out(endpoint))
c46ee386 3138 out_endpoint = endpoint->bEndpointAddress;
c46ee386
AAJ		 3139 }
3140
3141 if (!in_endpoint || !out_endpoint) {
073a625f
JP		 3142 nfc_err(&interface->dev,
3143 "Could not find bulk-in or bulk-out endpoint\n");
c46ee386
AAJ		 3144 rc = -ENODEV;
3145 goto error;
3146 }
3147
c46ee386 3148 dev->in_urb = usb_alloc_urb(0, GFP_KERNEL);
c46ee386
AAJ		 3149 dev->out_urb = usb_alloc_urb(0, GFP_KERNEL);
3150
a5798094 3151 if (!dev->in_urb || !dev->out_urb)
c46ee386
AAJ		 3152 goto error;
3153
3154 usb_fill_bulk_urb(dev->in_urb, dev->udev,
5d467742
WR		 3155 usb_rcvbulkpipe(dev->udev, in_endpoint),
3156 NULL, 0, NULL, dev);
c46ee386 3157 usb_fill_bulk_urb(dev->out_urb, dev->udev,
5d467742
WR		 3158 usb_sndbulkpipe(dev->udev, out_endpoint),
3159 NULL, 0, pn533_send_complete, dev);
c46ee386 3160
5d50b364
SO		 3161 INIT_WORK(&dev->cmd_work, pn533_wq_cmd);
3162 INIT_WORK(&dev->cmd_complete_work, pn533_wq_cmd_complete);
963a82e0
OG		 3163 INIT_WORK(&dev->mi_rx_work, pn533_wq_mi_recv);
3164 INIT_WORK(&dev->mi_tx_work, pn533_wq_mi_send);
103b34cf 3165 INIT_WORK(&dev->tg_work, pn533_wq_tg_get_data);
3c13b244 3166 INIT_WORK(&dev->mi_tm_rx_work, pn533_wq_tm_mi_recv);
93ad4202 3167 INIT_WORK(&dev->mi_tm_tx_work, pn533_wq_tm_mi_send);
46f793b0 3168 INIT_DELAYED_WORK(&dev->poll_work, pn533_wq_poll);
17e9d9d4 3169 INIT_WORK(&dev->rf_work, pn533_wq_rf);
58637c9b 3170 dev->wq = alloc_ordered_workqueue("pn533", 0);
4849f85e
SO		 3171 if (dev->wq == NULL)
3172 goto error;
c46ee386 3173
6fbbdc16
SO		 3174 init_timer(&dev->listen_timer);
3175 dev->listen_timer.data = (unsigned long) dev;
3176 dev->listen_timer.function = pn533_listen_mode_timer;
3177
6ff73fd2 3178 skb_queue_head_init(&dev->resp_q);
963a82e0 3179 skb_queue_head_init(&dev->fragment_skb);
6ff73fd2 3180
5d50b364
SO		 3181 INIT_LIST_HEAD(&dev->cmd_queue);
3182
c46ee386
AAJ		 3183 usb_set_intfdata(interface, dev);
3184
9e2d493e 3185 dev->ops = &pn533_std_frame_ops;
c46ee386 3186
58520373 3187 dev->protocol_type = PN533_PROTO_REQ_ACK_RESP;
5c7b0531
SO		 3188 dev->device_type = id->driver_info;
3189 switch (dev->device_type) {
3190 case PN533_DEVICE_STD:
3191 protocols = PN533_ALL_PROTOCOLS;
3192 break;
3193
3194 case PN533_DEVICE_PASORI:
3195 protocols = PN533_NO_TYPE_B_PROTOCOLS;
3196 break;
3197
53cf4839
WR		 3198 case PN533_DEVICE_ACR122U:
3199 protocols = PN533_NO_TYPE_B_PROTOCOLS;
3200 dev->ops = &pn533_acr122_frame_ops;
3201 dev->protocol_type = PN533_PROTO_REQ_RESP,
3202
3203 rc = pn533_acr122_poweron_rdr(dev);
3204 if (rc < 0) {
073a625f
JP		 3205 nfc_err(&dev->interface->dev,
3206 "Couldn't poweron the reader (error %d)\n", rc);
53cf4839
WR		 3207 goto destroy_wq;
3208 }
3209 break;
3210
5c7b0531 3211 default:
073a625f
JP		 3212 nfc_err(&dev->interface->dev, "Unknown device type %d\n",
3213 dev->device_type);
5c7b0531
SO		 3214 rc = -EINVAL;
3215 goto destroy_wq;
3216 }
c46ee386 3217
9e2d493e
WR		 3218 memset(&fw_ver, 0, sizeof(fw_ver));
3219 rc = pn533_get_firmware_version(dev, &fw_ver);
3220 if (rc < 0)
3221 goto destroy_wq;
3222
073a625f
JP		 3223 nfc_info(&dev->interface->dev,
3224 "NXP PN5%02X firmware ver %d.%d now attached\n",
3225 fw_ver.ic, fw_ver.ver, fw_ver.rev);
9e2d493e
WR		 3226
3227
e8753043 3228 dev->nfc_dev = nfc_allocate_device(&pn533_nfc_ops, protocols,
9e2d493e 3229 dev->ops->tx_header_len +
e8753043 3230 PN533_CMD_DATAEXCH_HEAD_LEN,
9e2d493e 3231 dev->ops->tx_tail_len);
4674d0fe
WY		 3232 if (!dev->nfc_dev) {
3233 rc = -ENOMEM;
4849f85e 3234 goto destroy_wq;
4674d0fe 3235 }
c46ee386
AAJ		 3236
3237 nfc_set_parent_dev(dev->nfc_dev, &interface->dev);
3238 nfc_set_drvdata(dev->nfc_dev, dev);
3239
3240 rc = nfc_register_device(dev->nfc_dev);
3241 if (rc)
3242 goto free_nfc_dev;
3243
5c7b0531
SO		 3244 rc = pn533_setup(dev);
3245 if (rc)
34a85bfc 3246 goto unregister_nfc_dev;
34a85bfc 3247
c46ee386
AAJ		 3248 return 0;
3249
9f2f8ba1
SO		 3250unregister_nfc_dev:
3251 nfc_unregister_device(dev->nfc_dev);
3252
c46ee386
AAJ		 3253free_nfc_dev:
3254 nfc_free_device(dev->nfc_dev);
9f2f8ba1 3255
4849f85e
SO		 3256destroy_wq:
3257 destroy_workqueue(dev->wq);
c46ee386 3258error:
c46ee386 3259 usb_free_urb(dev->in_urb);
c46ee386 3260 usb_free_urb(dev->out_urb);
7c5a54fb 3261 usb_put_dev(dev->udev);
c46ee386
AAJ		 3262 kfree(dev);
3263 return rc;
3264}
3265
3266static void pn533_disconnect(struct usb_interface *interface)
3267{
3268 struct pn533 *dev;
5d50b364 3269 struct pn533_cmd *cmd, *n;
c46ee386
AAJ		 3270
3271 dev = usb_get_intfdata(interface);
3272 usb_set_intfdata(interface, NULL);
3273
3274 nfc_unregister_device(dev->nfc_dev);
3275 nfc_free_device(dev->nfc_dev);
3276
3277 usb_kill_urb(dev->in_urb);
3278 usb_kill_urb(dev->out_urb);
3279
46f793b0 3280 flush_delayed_work(&dev->poll_work);
4849f85e 3281 destroy_workqueue(dev->wq);
c46ee386 3282
6ff73fd2
SO		 3283 skb_queue_purge(&dev->resp_q);
3284
6fbbdc16
SO		 3285 del_timer(&dev->listen_timer);
3286
5d50b364
SO		 3287 list_for_each_entry_safe(cmd, n, &dev->cmd_queue, queue) {
3288 list_del(&cmd->queue);
3289 kfree(cmd);
3290 }
3291
c46ee386 3292 usb_free_urb(dev->in_urb);
c46ee386
AAJ		 3293 usb_free_urb(dev->out_urb);
3294 kfree(dev);
3295
073a625f 3296 nfc_info(&interface->dev, "NXP PN533 NFC device disconnected\n");
c46ee386
AAJ		 3297}
3298
3299static struct usb_driver pn533_driver = {
3300 .name = "pn533",
3301 .probe = pn533_probe,
3302 .disconnect = pn533_disconnect,
3303 .id_table = pn533_table,
3304};
3305
fe748483 3306module_usb_driver(pn533_driver);
c46ee386 3307
e70b96e9
WR		 3308MODULE_AUTHOR("Lauro Ramos Venancio <lauro.venancio@openbossa.org>");
3309MODULE_AUTHOR("Aloisio Almeida Jr <aloisio.almeida@openbossa.org>");
3310MODULE_AUTHOR("Waldemar Rymarkiewicz <waldemar.rymarkiewicz@tieto.com>");
c46ee386
AAJ		 3311MODULE_DESCRIPTION("PN533 usb driver ver " VERSION);
3312MODULE_VERSION(VERSION);
3313MODULE_LICENSE("GPL");
Linux 6.x block layer and io_uring tree(s)