projects / linux-2.6-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
NFC: pn533: Fix socket deadlock
[linux-2.6-block.git] / drivers / nfc / pn533.c
CommitLineData
c46ee386
AAJ		 1/*
2 * Copyright (C) 2011 Instituto Nokia de Tecnologia
e70b96e9 3 * Copyright (C) 2012-2013 Tieto Poland
c46ee386
AAJ		 4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
9 *
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
14 *
15 * You should have received a copy of the GNU General Public License
98b32dec 16 * along with this program; if not, see <http://www.gnu.org/licenses/>.
c46ee386
AAJ		 17 */
18
19#include <linux/device.h>
20#include <linux/kernel.h>
21#include <linux/module.h>
22#include <linux/slab.h>
23#include <linux/usb.h>
24#include <linux/nfc.h>
25#include <linux/netdevice.h>
55eb94f9 26#include <net/nfc/nfc.h>
c46ee386 27
495af72e 28#define VERSION "0.2"
c46ee386
AAJ		 29
30#define PN533_VENDOR_ID 0x4CC
31#define PN533_PRODUCT_ID 0x2533
32
33#define SCM_VENDOR_ID 0x4E6
34#define SCL3711_PRODUCT_ID 0x5591
35
5c7b0531
SO		 36#define SONY_VENDOR_ID 0x054c
37#define PASORI_PRODUCT_ID 0x02e1
38
53cf4839
WR		 39#define ACS_VENDOR_ID 0x072f
40#define ACR122U_PRODUCT_ID 0x2200
41
42#define PN533_DEVICE_STD 0x1
43#define PN533_DEVICE_PASORI 0x2
44#define PN533_DEVICE_ACR122U 0x3
5c7b0531 45
01d719a2
SO		 46#define PN533_ALL_PROTOCOLS (NFC_PROTO_JEWEL_MASK | NFC_PROTO_MIFARE_MASK |\
47 NFC_PROTO_FELICA_MASK | NFC_PROTO_ISO14443_MASK |\
48 NFC_PROTO_NFC_DEP_MASK |\
49 NFC_PROTO_ISO14443_B_MASK)
5c7b0531
SO		 50
51#define PN533_NO_TYPE_B_PROTOCOLS (NFC_PROTO_JEWEL_MASK | \
52 NFC_PROTO_MIFARE_MASK | \
53 NFC_PROTO_FELICA_MASK | \
01d719a2 54 NFC_PROTO_ISO14443_MASK | \
5c7b0531
SO		 55 NFC_PROTO_NFC_DEP_MASK)
56
c46ee386 57static const struct usb_device_id pn533_table[] = {
99968e06
AL		 58 { USB_DEVICE(PN533_VENDOR_ID, PN533_PRODUCT_ID),
59 .driver_info = PN533_DEVICE_STD },
60 { USB_DEVICE(SCM_VENDOR_ID, SCL3711_PRODUCT_ID),
61 .driver_info = PN533_DEVICE_STD },
62 { USB_DEVICE(SONY_VENDOR_ID, PASORI_PRODUCT_ID),
63 .driver_info = PN533_DEVICE_PASORI },
64 { USB_DEVICE(ACS_VENDOR_ID, ACR122U_PRODUCT_ID),
65 .driver_info = PN533_DEVICE_ACR122U },
c46ee386
AAJ		 66 { }
67};
68MODULE_DEVICE_TABLE(usb, pn533_table);
69
6fbbdc16
SO		 70/* How much time we spend listening for initiators */
71#define PN533_LISTEN_TIME 2
46f793b0
SO		 72/* Delay between each poll frame (ms) */
73#define PN533_POLL_INTERVAL 10
6fbbdc16 74
1575b9d8 75/* Standard pn533 frame definitions (standard and extended)*/
63123108 76#define PN533_STD_FRAME_HEADER_LEN (sizeof(struct pn533_std_frame) \
b1bb290a 77 + 2) /* data[0] TFI, data[1] CC */
63123108 78#define PN533_STD_FRAME_TAIL_LEN 2 /* data[len] DCS, data[len + 1] postamble*/
82dec34d 79
1575b9d8
OG		 80#define PN533_EXT_FRAME_HEADER_LEN (sizeof(struct pn533_ext_frame) \
81 + 2) /* data[0] TFI, data[1] CC */
82
83#define PN533_CMD_DATAEXCH_DATA_MAXLEN 262
84#define PN533_CMD_DATAFRAME_MAXLEN 240 /* max data length (send) */
85
15461aeb
WR		 86/*
87 * Max extended frame payload len, excluding TFI and CC
88 * which are already in PN533_FRAME_HEADER_LEN.
89 */
63123108 90#define PN533_STD_FRAME_MAX_PAYLOAD_LEN 263
15461aeb 91
63123108 92#define PN533_STD_FRAME_ACK_SIZE 6 /* Preamble (1), SoPC (2), ACK Code (2),
5b5a4437 93 Postamble (1) */
63123108
WR		 94#define PN533_STD_FRAME_CHECKSUM(f) (f->data[f->datalen])
95#define PN533_STD_FRAME_POSTAMBLE(f) (f->data[f->datalen + 1])
1575b9d8
OG		 96/* Half start code (3), LEN (4) should be 0xffff for extended frame */
97#define PN533_STD_IS_EXTENDED(hdr) ((hdr)->datalen == 0xFF \
98 && (hdr)->datalen_checksum == 0xFF)
99#define PN533_EXT_FRAME_CHECKSUM(f) (f->data[be16_to_cpu(f->datalen)])
c46ee386
AAJ		 100
101/* start of frame */
63123108 102#define PN533_STD_FRAME_SOF 0x00FF
c46ee386 103
63123108
WR		 104/* standard frame identifier: in/out/error */
105#define PN533_STD_FRAME_IDENTIFIER(f) (f->data[0]) /* TFI */
106#define PN533_STD_FRAME_DIR_OUT 0xD4
107#define PN533_STD_FRAME_DIR_IN 0xD5
c46ee386 108
53cf4839
WR		 109/* ACS ACR122 pn533 frame definitions */
110#define PN533_ACR122_TX_FRAME_HEADER_LEN (sizeof(struct pn533_acr122_tx_frame) \
111 + 2)
112#define PN533_ACR122_TX_FRAME_TAIL_LEN 0
113#define PN533_ACR122_RX_FRAME_HEADER_LEN (sizeof(struct pn533_acr122_rx_frame) \
114 + 2)
115#define PN533_ACR122_RX_FRAME_TAIL_LEN 2
116#define PN533_ACR122_FRAME_MAX_PAYLOAD_LEN PN533_STD_FRAME_MAX_PAYLOAD_LEN
117
118/* CCID messages types */
119#define PN533_ACR122_PC_TO_RDR_ICCPOWERON 0x62
120#define PN533_ACR122_PC_TO_RDR_ESCAPE 0x6B
121
122#define PN533_ACR122_RDR_TO_PC_ESCAPE 0x83
123
c46ee386 124/* PN533 Commands */
1575b9d8 125#define PN533_FRAME_CMD(f) (f->data[1])
c46ee386
AAJ		 126
127#define PN533_CMD_GET_FIRMWARE_VERSION 0x02
128#define PN533_CMD_RF_CONFIGURATION 0x32
129#define PN533_CMD_IN_DATA_EXCHANGE 0x40
5c7b0531 130#define PN533_CMD_IN_COMM_THRU 0x42
c46ee386
AAJ		 131#define PN533_CMD_IN_LIST_PASSIVE_TARGET 0x4A
132#define PN533_CMD_IN_ATR 0x50
133#define PN533_CMD_IN_RELEASE 0x52
361f3cb7 134#define PN533_CMD_IN_JUMP_FOR_DEP 0x56
c46ee386 135
ad3823ce 136#define PN533_CMD_TG_INIT_AS_TARGET 0x8c
103b34cf 137#define PN533_CMD_TG_GET_DATA 0x86
dadb06f2 138#define PN533_CMD_TG_SET_DATA 0x8e
93ad4202 139#define PN533_CMD_TG_SET_META_DATA 0x94
aada17ac 140#define PN533_CMD_UNDEF 0xff
ad3823ce 141
c46ee386
AAJ		 142#define PN533_CMD_RESPONSE(cmd) (cmd + 1)
143
144/* PN533 Return codes */
145#define PN533_CMD_RET_MASK 0x3F
146#define PN533_CMD_MI_MASK 0x40
147#define PN533_CMD_RET_SUCCESS 0x00
148
149struct pn533;
150
aada17ac
WR		 151typedef int (*pn533_send_async_complete_t) (struct pn533 *dev, void *arg,
152 struct sk_buff *resp);
153
c46ee386
AAJ		 154/* structs for pn533 commands */
155
156/* PN533_CMD_GET_FIRMWARE_VERSION */
157struct pn533_fw_version {
158 u8 ic;
159 u8 ver;
160 u8 rev;
161 u8 support;
162};
163
164/* PN533_CMD_RF_CONFIGURATION */
60d9edd5
SO		 165#define PN533_CFGITEM_RF_FIELD 0x01
166#define PN533_CFGITEM_TIMING 0x02
c46ee386 167#define PN533_CFGITEM_MAX_RETRIES 0x05
60d9edd5
SO		 168#define PN533_CFGITEM_PASORI 0x82
169
3a8eab39
SO		 170#define PN533_CFGITEM_RF_FIELD_AUTO_RFCA 0x2
171#define PN533_CFGITEM_RF_FIELD_ON 0x1
172#define PN533_CFGITEM_RF_FIELD_OFF 0x0
c46ee386 173
34a85bfc
SO		 174#define PN533_CONFIG_TIMING_102 0xb
175#define PN533_CONFIG_TIMING_204 0xc
176#define PN533_CONFIG_TIMING_409 0xd
177#define PN533_CONFIG_TIMING_819 0xe
178
c46ee386
AAJ		 179#define PN533_CONFIG_MAX_RETRIES_NO_RETRY 0x00
180#define PN533_CONFIG_MAX_RETRIES_ENDLESS 0xFF
181
182struct pn533_config_max_retries {
183 u8 mx_rty_atr;
184 u8 mx_rty_psl;
185 u8 mx_rty_passive_act;
186} __packed;
187
34a85bfc
SO		 188struct pn533_config_timing {
189 u8 rfu;
190 u8 atr_res_timeout;
191 u8 dep_timeout;
192} __packed;
193
c46ee386
AAJ		 194/* PN533_CMD_IN_LIST_PASSIVE_TARGET */
195
196/* felica commands opcode */
197#define PN533_FELICA_OPC_SENSF_REQ 0
198#define PN533_FELICA_OPC_SENSF_RES 1
199/* felica SENSF_REQ parameters */
200#define PN533_FELICA_SENSF_SC_ALL 0xFFFF
201#define PN533_FELICA_SENSF_RC_NO_SYSTEM_CODE 0
202#define PN533_FELICA_SENSF_RC_SYSTEM_CODE 1
203#define PN533_FELICA_SENSF_RC_ADVANCED_PROTOCOL 2
204
205/* type B initiator_data values */
206#define PN533_TYPE_B_AFI_ALL_FAMILIES 0
207#define PN533_TYPE_B_POLL_METHOD_TIMESLOT 0
208#define PN533_TYPE_B_POLL_METHOD_PROBABILISTIC 1
209
210union pn533_cmd_poll_initdata {
211 struct {
212 u8 afi;
213 u8 polling_method;
214 } __packed type_b;
215 struct {
216 u8 opcode;
217 __be16 sc;
218 u8 rc;
219 u8 tsn;
220 } __packed felica;
221};
222
223/* Poll modulations */
224enum {
225 PN533_POLL_MOD_106KBPS_A,
226 PN533_POLL_MOD_212KBPS_FELICA,
227 PN533_POLL_MOD_424KBPS_FELICA,
228 PN533_POLL_MOD_106KBPS_JEWEL,
229 PN533_POLL_MOD_847KBPS_B,
6fbbdc16 230 PN533_LISTEN_MOD,
c46ee386
AAJ		 231
232 __PN533_POLL_MOD_AFTER_LAST,
233};
234#define PN533_POLL_MOD_MAX (__PN533_POLL_MOD_AFTER_LAST - 1)
235
236struct pn533_poll_modulations {
237 struct {
238 u8 maxtg;
239 u8 brty;
240 union pn533_cmd_poll_initdata initiator_data;
241 } __packed data;
242 u8 len;
243};
244
ef3d56e1 245static const struct pn533_poll_modulations poll_mod[] = {
c46ee386
AAJ		 246 [PN533_POLL_MOD_106KBPS_A] = {
247 .data = {
248 .maxtg = 1,
249 .brty = 0,
250 },
251 .len = 2,
252 },
253 [PN533_POLL_MOD_212KBPS_FELICA] = {
254 .data = {
255 .maxtg = 1,
256 .brty = 1,
257 .initiator_data.felica = {
258 .opcode = PN533_FELICA_OPC_SENSF_REQ,
259 .sc = PN533_FELICA_SENSF_SC_ALL,
a94e10f7 260 .rc = PN533_FELICA_SENSF_RC_SYSTEM_CODE,
31c44464 261 .tsn = 0x03,
c46ee386
AAJ		 262 },
263 },
264 .len = 7,
265 },
266 [PN533_POLL_MOD_424KBPS_FELICA] = {
267 .data = {
268 .maxtg = 1,
269 .brty = 2,
270 .initiator_data.felica = {
271 .opcode = PN533_FELICA_OPC_SENSF_REQ,
272 .sc = PN533_FELICA_SENSF_SC_ALL,
a94e10f7 273 .rc = PN533_FELICA_SENSF_RC_SYSTEM_CODE,
31c44464 274 .tsn = 0x03,
c46ee386
AAJ		 275 },
276 },
277 .len = 7,
278 },
279 [PN533_POLL_MOD_106KBPS_JEWEL] = {
280 .data = {
281 .maxtg = 1,
282 .brty = 4,
283 },
284 .len = 2,
285 },
286 [PN533_POLL_MOD_847KBPS_B] = {
287 .data = {
288 .maxtg = 1,
289 .brty = 8,
290 .initiator_data.type_b = {
291 .afi = PN533_TYPE_B_AFI_ALL_FAMILIES,
292 .polling_method =
293 PN533_TYPE_B_POLL_METHOD_TIMESLOT,
294 },
295 },
296 .len = 3,
297 },
6fbbdc16
SO		 298 [PN533_LISTEN_MOD] = {
299 .len = 0,
300 },
c46ee386
AAJ		 301};
302
303/* PN533_CMD_IN_ATR */
304
c46ee386
AAJ		 305struct pn533_cmd_activate_response {
306 u8 status;
307 u8 nfcid3t[10];
308 u8 didt;
309 u8 bst;
310 u8 brt;
311 u8 to;
312 u8 ppt;
313 /* optional */
314 u8 gt[];
315} __packed;
316
361f3cb7
SO		 317struct pn533_cmd_jump_dep_response {
318 u8 status;
319 u8 tg;
320 u8 nfcid3t[10];
321 u8 didt;
322 u8 bst;
323 u8 brt;
324 u8 to;
325 u8 ppt;
326 /* optional */
327 u8 gt[];
328} __packed;
c46ee386 329
ad3823ce
SO		 330
331/* PN533_TG_INIT_AS_TARGET */
332#define PN533_INIT_TARGET_PASSIVE 0x1
333#define PN533_INIT_TARGET_DEP 0x2
334
fc40a8c1
SO		 335#define PN533_INIT_TARGET_RESP_FRAME_MASK 0x3
336#define PN533_INIT_TARGET_RESP_ACTIVE 0x1
337#define PN533_INIT_TARGET_RESP_DEP 0x4
338
58520373
WR		 339enum pn533_protocol_type {
340 PN533_PROTO_REQ_ACK_RESP = 0,
341 PN533_PROTO_REQ_RESP
342};
343
c46ee386
AAJ		 344struct pn533 {
345 struct usb_device *udev;
346 struct usb_interface *interface;
347 struct nfc_dev *nfc_dev;
d5590bba 348 u32 device_type;
58520373 349 enum pn533_protocol_type protocol_type;
c46ee386
AAJ		 350
351 struct urb *out_urb;
c46ee386 352 struct urb *in_urb;
c46ee386 353
6ff73fd2 354 struct sk_buff_head resp_q;
963a82e0 355 struct sk_buff_head fragment_skb;
6ff73fd2 356
4849f85e
SO		 357 struct workqueue_struct *wq;
358 struct work_struct cmd_work;
5d50b364 359 struct work_struct cmd_complete_work;
46f793b0 360 struct delayed_work poll_work;
963a82e0
OG		 361 struct work_struct mi_rx_work;
362 struct work_struct mi_tx_work;
3c13b244 363 struct work_struct mi_tm_rx_work;
93ad4202 364 struct work_struct mi_tm_tx_work;
103b34cf 365 struct work_struct tg_work;
17e9d9d4 366 struct work_struct rf_work;
d5590bba
WR		 367
368 struct list_head cmd_queue;
369 struct pn533_cmd *cmd;
370 u8 cmd_pending;
d5590bba 371 struct mutex cmd_lock; /* protects cmd queue */
c46ee386 372
b1e666f5 373 void *cmd_complete_mi_arg;
963a82e0 374 void *cmd_complete_dep_arg;
c46ee386
AAJ		 375
376 struct pn533_poll_modulations *poll_mod_active[PN533_POLL_MOD_MAX + 1];
377 u8 poll_mod_count;
378 u8 poll_mod_curr;
673088fb 379 u8 poll_dep;
c46ee386 380 u32 poll_protocols;
6fbbdc16 381 u32 listen_protocols;
d5590bba
WR		 382 struct timer_list listen_timer;
383 int cancel_listen;
6fbbdc16
SO		 384
385 u8 *gb;
386 size_t gb_len;
c46ee386
AAJ		 387
388 u8 tgt_available_prots;
389 u8 tgt_active_prot;
51ad304c 390 u8 tgt_mode;
5c7b0531 391
9e2d493e 392 struct pn533_frame_ops *ops;
5d50b364
SO		 393};
394
395struct pn533_cmd {
396 struct list_head queue;
4b2a9532 397 u8 code;
f87bc9fb 398 int status;
aada17ac
WR		 399 struct sk_buff *req;
400 struct sk_buff *resp;
9e2d493e 401 int resp_len;
4231604b
WR		 402 pn533_send_async_complete_t complete_cb;
403 void *complete_cb_context;
c46ee386
AAJ		 404};
405
63123108 406struct pn533_std_frame {
c46ee386
AAJ		 407 u8 preamble;
408 __be16 start_frame;
409 u8 datalen;
410 u8 datalen_checksum;
411 u8 data[];
412} __packed;
413
1575b9d8
OG		 414struct pn533_ext_frame { /* Extended Information frame */
415 u8 preamble;
416 __be16 start_frame;
417 __be16 eif_flag; /* fixed to 0xFFFF */
418 __be16 datalen;
419 u8 datalen_checksum;
420 u8 data[];
421} __packed;
422
9e2d493e
WR		 423struct pn533_frame_ops {
424 void (*tx_frame_init)(void *frame, u8 cmd_code);
425 void (*tx_frame_finish)(void *frame);
426 void (*tx_update_payload_len)(void *frame, int len);
427 int tx_header_len;
428 int tx_tail_len;
429
56a63c82 430 bool (*rx_is_frame_valid)(void *frame, struct pn533 *dev);
9e2d493e
WR		 431 int (*rx_frame_size)(void *frame);
432 int rx_header_len;
433 int rx_tail_len;
434
435 int max_payload_len;
436 u8 (*get_cmd_code)(void *frame);
437};
438
53cf4839
WR		 439struct pn533_acr122_ccid_hdr {
440 u8 type;
441 u32 datalen;
442 u8 slot;
443 u8 seq;
444 u8 params[3]; /* 3 msg specific bytes or status, error and 1 specific
445 byte for reposnse msg */
446 u8 data[]; /* payload */
447} __packed;
448
449struct pn533_acr122_apdu_hdr {
450 u8 class;
451 u8 ins;
452 u8 p1;
453 u8 p2;
454} __packed;
455
456struct pn533_acr122_tx_frame {
457 struct pn533_acr122_ccid_hdr ccid;
458 struct pn533_acr122_apdu_hdr apdu;
459 u8 datalen;
460 u8 data[]; /* pn533 frame: TFI ... */
461} __packed;
462
463struct pn533_acr122_rx_frame {
464 struct pn533_acr122_ccid_hdr ccid;
465 u8 data[]; /* pn533 frame : TFI ... */
466} __packed;
467
468static void pn533_acr122_tx_frame_init(void *_frame, u8 cmd_code)
469{
470 struct pn533_acr122_tx_frame *frame = _frame;
471
472 frame->ccid.type = PN533_ACR122_PC_TO_RDR_ESCAPE;
473 frame->ccid.datalen = sizeof(frame->apdu) + 1; /* sizeof(apdu_hdr) +
474 sizeof(datalen) */
475 frame->ccid.slot = 0;
476 frame->ccid.seq = 0;
477 frame->ccid.params[0] = 0;
478 frame->ccid.params[1] = 0;
479 frame->ccid.params[2] = 0;
480
481 frame->data[0] = PN533_STD_FRAME_DIR_OUT;
482 frame->data[1] = cmd_code;
483 frame->datalen = 2; /* data[0] + data[1] */
484
485 frame->apdu.class = 0xFF;
486 frame->apdu.ins = 0;
487 frame->apdu.p1 = 0;
488 frame->apdu.p2 = 0;
489}
490
491static void pn533_acr122_tx_frame_finish(void *_frame)
492{
493 struct pn533_acr122_tx_frame *frame = _frame;
494
495 frame->ccid.datalen += frame->datalen;
496}
497
498static void pn533_acr122_tx_update_payload_len(void *_frame, int len)
499{
500 struct pn533_acr122_tx_frame *frame = _frame;
501
502 frame->datalen += len;
503}
504
56a63c82 505static bool pn533_acr122_is_rx_frame_valid(void *_frame, struct pn533 *dev)
53cf4839
WR		 506{
507 struct pn533_acr122_rx_frame *frame = _frame;
508
509 if (frame->ccid.type != 0x83)
510 return false;
511
ea87a5ef
SO		 512 if (!frame->ccid.datalen)
513 return false;
514
53cf4839
WR		 515 if (frame->data[frame->ccid.datalen - 2] == 0x63)
516 return false;
517
518 return true;
519}
520
521static int pn533_acr122_rx_frame_size(void *frame)
522{
523 struct pn533_acr122_rx_frame *f = frame;
524
525 /* f->ccid.datalen already includes tail length */
526 return sizeof(struct pn533_acr122_rx_frame) + f->ccid.datalen;
527}
528
529static u8 pn533_acr122_get_cmd_code(void *frame)
530{
531 struct pn533_acr122_rx_frame *f = frame;
532
1575b9d8 533 return PN533_FRAME_CMD(f);
53cf4839
WR		 534}
535
536static struct pn533_frame_ops pn533_acr122_frame_ops = {
537 .tx_frame_init = pn533_acr122_tx_frame_init,
538 .tx_frame_finish = pn533_acr122_tx_frame_finish,
539 .tx_update_payload_len = pn533_acr122_tx_update_payload_len,
540 .tx_header_len = PN533_ACR122_TX_FRAME_HEADER_LEN,
541 .tx_tail_len = PN533_ACR122_TX_FRAME_TAIL_LEN,
542
543 .rx_is_frame_valid = pn533_acr122_is_rx_frame_valid,
544 .rx_header_len = PN533_ACR122_RX_FRAME_HEADER_LEN,
545 .rx_tail_len = PN533_ACR122_RX_FRAME_TAIL_LEN,
546 .rx_frame_size = pn533_acr122_rx_frame_size,
547
548 .max_payload_len = PN533_ACR122_FRAME_MAX_PAYLOAD_LEN,
549 .get_cmd_code = pn533_acr122_get_cmd_code,
550};
551
1575b9d8
OG		 552/* The rule: value(high byte) + value(low byte) + checksum = 0 */
553static inline u8 pn533_ext_checksum(u16 value)
554{
555 return ~(u8)(((value & 0xFF00) >> 8) + (u8)(value & 0xFF)) + 1;
556}
557
c46ee386 558/* The rule: value + checksum = 0 */
63123108 559static inline u8 pn533_std_checksum(u8 value)
c46ee386
AAJ		 560{
561 return ~value + 1;
562}
563
564/* The rule: sum(data elements) + checksum = 0 */
63123108 565static u8 pn533_std_data_checksum(u8 *data, int datalen)
c46ee386
AAJ		 566{
567 u8 sum = 0;
568 int i;
569
570 for (i = 0; i < datalen; i++)
571 sum += data[i];
572
63123108 573 return pn533_std_checksum(sum);
c46ee386
AAJ		 574}
575
63123108 576static void pn533_std_tx_frame_init(void *_frame, u8 cmd_code)
c46ee386 577{
63123108 578 struct pn533_std_frame *frame = _frame;
9e2d493e 579
c46ee386 580 frame->preamble = 0;
63123108
WR		 581 frame->start_frame = cpu_to_be16(PN533_STD_FRAME_SOF);
582 PN533_STD_FRAME_IDENTIFIER(frame) = PN533_STD_FRAME_DIR_OUT;
1575b9d8 583 PN533_FRAME_CMD(frame) = cmd_code;
c46ee386
AAJ		 584 frame->datalen = 2;
585}
586
63123108 587static void pn533_std_tx_frame_finish(void *_frame)
c46ee386 588{
63123108 589 struct pn533_std_frame *frame = _frame;
9e2d493e 590
63123108 591 frame->datalen_checksum = pn533_std_checksum(frame->datalen);
c46ee386 592
63123108
WR		 593 PN533_STD_FRAME_CHECKSUM(frame) =
594 pn533_std_data_checksum(frame->data, frame->datalen);
c46ee386 595
63123108 596 PN533_STD_FRAME_POSTAMBLE(frame) = 0;
c46ee386
AAJ		 597}
598
63123108 599static void pn533_std_tx_update_payload_len(void *_frame, int len)
9e2d493e 600{
63123108 601 struct pn533_std_frame *frame = _frame;
9e2d493e
WR		 602
603 frame->datalen += len;
604}
605
56a63c82 606static bool pn533_std_rx_frame_is_valid(void *_frame, struct pn533 *dev)
c46ee386
AAJ		 607{
608 u8 checksum;
1575b9d8 609 struct pn533_std_frame *stdf = _frame;
c46ee386 610
1575b9d8 611 if (stdf->start_frame != cpu_to_be16(PN533_STD_FRAME_SOF))
c46ee386
AAJ		 612 return false;
613
1575b9d8
OG		 614 if (likely(!PN533_STD_IS_EXTENDED(stdf))) {
615 /* Standard frame code */
56a63c82 616 dev->ops->rx_header_len = PN533_STD_FRAME_HEADER_LEN;
1575b9d8
OG		 617
618 checksum = pn533_std_checksum(stdf->datalen);
619 if (checksum != stdf->datalen_checksum)
620 return false;
621
622 checksum = pn533_std_data_checksum(stdf->data, stdf->datalen);
623 if (checksum != PN533_STD_FRAME_CHECKSUM(stdf))
624 return false;
625 } else {
626 /* Extended */
627 struct pn533_ext_frame *eif = _frame;
628
56a63c82
OG		 629 dev->ops->rx_header_len = PN533_EXT_FRAME_HEADER_LEN;
630
1575b9d8
OG		 631 checksum = pn533_ext_checksum(be16_to_cpu(eif->datalen));
632 if (checksum != eif->datalen_checksum)
633 return false;
634
635 /* check data checksum */
636 checksum = pn533_std_data_checksum(eif->data,
637 be16_to_cpu(eif->datalen));
638 if (checksum != PN533_EXT_FRAME_CHECKSUM(eif))
639 return false;
640 }
c46ee386
AAJ		 641
642 return true;
643}
644
63123108 645static bool pn533_std_rx_frame_is_ack(struct pn533_std_frame *frame)
c46ee386 646{
63123108 647 if (frame->start_frame != cpu_to_be16(PN533_STD_FRAME_SOF))
c46ee386
AAJ		 648 return false;
649
650 if (frame->datalen != 0 || frame->datalen_checksum != 0xFF)
651 return false;
652
653 return true;
654}
655
63123108 656static inline int pn533_std_rx_frame_size(void *frame)
9e2d493e 657{
63123108 658 struct pn533_std_frame *f = frame;
9e2d493e 659
1575b9d8
OG		 660 /* check for Extended Information frame */
661 if (PN533_STD_IS_EXTENDED(f)) {
662 struct pn533_ext_frame *eif = frame;
663
664 return sizeof(struct pn533_ext_frame)
665 + be16_to_cpu(eif->datalen) + PN533_STD_FRAME_TAIL_LEN;
666 }
667
63123108
WR		 668 return sizeof(struct pn533_std_frame) + f->datalen +
669 PN533_STD_FRAME_TAIL_LEN;
9e2d493e
WR		 670}
671
63123108 672static u8 pn533_std_get_cmd_code(void *frame)
9e2d493e 673{
63123108 674 struct pn533_std_frame *f = frame;
1575b9d8 675 struct pn533_ext_frame *eif = frame;
9e2d493e 676
1575b9d8
OG		 677 if (PN533_STD_IS_EXTENDED(f))
678 return PN533_FRAME_CMD(eif);
679 else
680 return PN533_FRAME_CMD(f);
9e2d493e
WR		 681}
682
ef3d56e1 683static struct pn533_frame_ops pn533_std_frame_ops = {
63123108
WR		 684 .tx_frame_init = pn533_std_tx_frame_init,
685 .tx_frame_finish = pn533_std_tx_frame_finish,
686 .tx_update_payload_len = pn533_std_tx_update_payload_len,
687 .tx_header_len = PN533_STD_FRAME_HEADER_LEN,
688 .tx_tail_len = PN533_STD_FRAME_TAIL_LEN,
689
690 .rx_is_frame_valid = pn533_std_rx_frame_is_valid,
691 .rx_frame_size = pn533_std_rx_frame_size,
692 .rx_header_len = PN533_STD_FRAME_HEADER_LEN,
693 .rx_tail_len = PN533_STD_FRAME_TAIL_LEN,
694
695 .max_payload_len = PN533_STD_FRAME_MAX_PAYLOAD_LEN,
696 .get_cmd_code = pn533_std_get_cmd_code,
9e2d493e
WR		 697};
698
699static bool pn533_rx_frame_is_cmd_response(struct pn533 *dev, void *frame)
c46ee386 700{
2c206fb7 701 return (dev->ops->get_cmd_code(frame) ==
4b2a9532 702 PN533_CMD_RESPONSE(dev->cmd->code));
c46ee386
AAJ		 703}
704
c46ee386
AAJ		 705static void pn533_recv_response(struct urb *urb)
706{
707 struct pn533 *dev = urb->context;
f87bc9fb 708 struct pn533_cmd *cmd = dev->cmd;
9e2d493e 709 u8 *in_frame;
c46ee386 710
f87bc9fb
WR		 711 cmd->status = urb->status;
712
c46ee386
AAJ		 713 switch (urb->status) {
714 case 0:
f8f99171 715 break; /* success */
c46ee386
AAJ		 716 case -ECONNRESET:
717 case -ENOENT:
b4834839
JP		 718 dev_dbg(&dev->interface->dev,
719 "The urb has been canceled (status %d)\n",
720 urb->status);
4849f85e 721 goto sched_wq;
f8f99171 722 case -ESHUTDOWN:
c46ee386 723 default:
073a625f
JP		 724 nfc_err(&dev->interface->dev,
725 "Urb failure (status %d)\n", urb->status);
4849f85e 726 goto sched_wq;
c46ee386
AAJ		 727 }
728
729 in_frame = dev->in_urb->transfer_buffer;
730
b4834839 731 dev_dbg(&dev->interface->dev, "Received a frame\n");
e279f84f
SO		 732 print_hex_dump_debug("PN533 RX: ", DUMP_PREFIX_NONE, 16, 1, in_frame,
733 dev->ops->rx_frame_size(in_frame), false);
99e591be 734
56a63c82 735 if (!dev->ops->rx_is_frame_valid(in_frame, dev)) {
073a625f 736 nfc_err(&dev->interface->dev, "Received an invalid frame\n");
f87bc9fb 737 cmd->status = -EIO;
4849f85e 738 goto sched_wq;
c46ee386
AAJ		 739 }
740
9e2d493e 741 if (!pn533_rx_frame_is_cmd_response(dev, in_frame)) {
073a625f
JP		 742 nfc_err(&dev->interface->dev,
743 "It it not the response to the last command\n");
f87bc9fb 744 cmd->status = -EIO;
4849f85e 745 goto sched_wq;
c46ee386
AAJ		 746 }
747
4849f85e 748sched_wq:
5d50b364 749 queue_work(dev->wq, &dev->cmd_complete_work);
c46ee386
AAJ		 750}
751
752static int pn533_submit_urb_for_response(struct pn533 *dev, gfp_t flags)
753{
754 dev->in_urb->complete = pn533_recv_response;
755
756 return usb_submit_urb(dev->in_urb, flags);
757}
758
759static void pn533_recv_ack(struct urb *urb)
760{
761 struct pn533 *dev = urb->context;
f87bc9fb 762 struct pn533_cmd *cmd = dev->cmd;
63123108 763 struct pn533_std_frame *in_frame;
c46ee386
AAJ		 764 int rc;
765
f87bc9fb
WR		 766 cmd->status = urb->status;
767
c46ee386
AAJ		 768 switch (urb->status) {
769 case 0:
f8f99171 770 break; /* success */
c46ee386
AAJ		 771 case -ECONNRESET:
772 case -ENOENT:
b4834839
JP		 773 dev_dbg(&dev->interface->dev,
774 "The urb has been stopped (status %d)\n",
775 urb->status);
4849f85e 776 goto sched_wq;
f8f99171 777 case -ESHUTDOWN:
c46ee386 778 default:
073a625f
JP		 779 nfc_err(&dev->interface->dev,
780 "Urb failure (status %d)\n", urb->status);
4849f85e 781 goto sched_wq;
c46ee386
AAJ		 782 }
783
784 in_frame = dev->in_urb->transfer_buffer;
785
63123108 786 if (!pn533_std_rx_frame_is_ack(in_frame)) {
073a625f 787 nfc_err(&dev->interface->dev, "Received an invalid ack\n");
f87bc9fb 788 cmd->status = -EIO;
4849f85e 789 goto sched_wq;
c46ee386
AAJ		 790 }
791
c46ee386
AAJ		 792 rc = pn533_submit_urb_for_response(dev, GFP_ATOMIC);
793 if (rc) {
073a625f
JP		 794 nfc_err(&dev->interface->dev,
795 "usb_submit_urb failed with result %d\n", rc);
f87bc9fb 796 cmd->status = rc;
4849f85e 797 goto sched_wq;
c46ee386
AAJ		 798 }
799
800 return;
801
4849f85e 802sched_wq:
5d50b364 803 queue_work(dev->wq, &dev->cmd_complete_work);
c46ee386
AAJ		 804}
805
806static int pn533_submit_urb_for_ack(struct pn533 *dev, gfp_t flags)
807{
808 dev->in_urb->complete = pn533_recv_ack;
809
810 return usb_submit_urb(dev->in_urb, flags);
811}
812
813static int pn533_send_ack(struct pn533 *dev, gfp_t flags)
814{
63123108 815 u8 ack[PN533_STD_FRAME_ACK_SIZE] = {0x00, 0x00, 0xff, 0x00, 0xff, 0x00};
5b5a4437 816 /* spec 7.1.1.3: Preamble, SoPC (2), ACK Code (2), Postamble */
c46ee386
AAJ		 817 int rc;
818
5b5a4437
WR		 819 dev->out_urb->transfer_buffer = ack;
820 dev->out_urb->transfer_buffer_length = sizeof(ack);
c46ee386
AAJ		 821 rc = usb_submit_urb(dev->out_urb, flags);
822
823 return rc;
824}
825
e8f40531
WR		 826static int __pn533_send_frame_async(struct pn533 *dev,
827 struct sk_buff *out,
828 struct sk_buff *in,
ddf19d20 829 int in_len)
c46ee386
AAJ		 830{
831 int rc;
832
e8f40531
WR		 833 dev->out_urb->transfer_buffer = out->data;
834 dev->out_urb->transfer_buffer_length = out->len;
c46ee386 835
e8f40531
WR		 836 dev->in_urb->transfer_buffer = in->data;
837 dev->in_urb->transfer_buffer_length = in_len;
c46ee386 838
e279f84f
SO		 839 print_hex_dump_debug("PN533 TX: ", DUMP_PREFIX_NONE, 16, 1,
840 out->data, out->len, false);
99e591be 841
d94ea4f5 842 rc = usb_submit_urb(dev->out_urb, GFP_KERNEL);
c46ee386
AAJ		 843 if (rc)
844 return rc;
845
58520373
WR		 846 if (dev->protocol_type == PN533_PROTO_REQ_RESP) {
847 /* request for response for sent packet directly */
848 rc = pn533_submit_urb_for_response(dev, GFP_ATOMIC);
849 if (rc)
850 goto error;
851 } else if (dev->protocol_type == PN533_PROTO_REQ_ACK_RESP) {
852 /* request for ACK if that's the case */
853 rc = pn533_submit_urb_for_ack(dev, GFP_KERNEL);
854 if (rc)
855 goto error;
856 }
c46ee386
AAJ		 857
858 return 0;
859
860error:
861 usb_unlink_urb(dev->out_urb);
862 return rc;
863}
864
9e2d493e
WR		 865static void pn533_build_cmd_frame(struct pn533 *dev, u8 cmd_code,
866 struct sk_buff *skb)
aada17ac 867{
aada17ac
WR		 868 /* payload is already there, just update datalen */
869 int payload_len = skb->len;
9e2d493e 870 struct pn533_frame_ops *ops = dev->ops;
aada17ac 871
aada17ac 872
9e2d493e
WR		 873 skb_push(skb, ops->tx_header_len);
874 skb_put(skb, ops->tx_tail_len);
aada17ac 875
9e2d493e
WR		 876 ops->tx_frame_init(skb->data, cmd_code);
877 ops->tx_update_payload_len(skb->data, payload_len);
878 ops->tx_frame_finish(skb->data);
aada17ac
WR		 879}
880
ddf19d20 881static int pn533_send_async_complete(struct pn533 *dev)
aada17ac 882{
ddf19d20 883 struct pn533_cmd *cmd = dev->cmd;
f87bc9fb 884 int status = cmd->status;
aada17ac 885
4231604b
WR		 886 struct sk_buff *req = cmd->req;
887 struct sk_buff *resp = cmd->resp;
aada17ac 888
aada17ac
WR		 889 int rc;
890
891 dev_kfree_skb(req);
892
0c33d262 893 if (status < 0) {
4231604b
WR		 894 rc = cmd->complete_cb(dev, cmd->complete_cb_context,
895 ERR_PTR(status));
aada17ac 896 dev_kfree_skb(resp);
2c206fb7 897 goto done;
aada17ac
WR		 898 }
899
9e2d493e
WR		 900 skb_put(resp, dev->ops->rx_frame_size(resp->data));
901 skb_pull(resp, dev->ops->rx_header_len);
902 skb_trim(resp, resp->len - dev->ops->rx_tail_len);
aada17ac 903
4231604b 904 rc = cmd->complete_cb(dev, cmd->complete_cb_context, resp);
aada17ac 905
2c206fb7 906done:
4231604b 907 kfree(cmd);
2c206fb7 908 dev->cmd = NULL;
aada17ac
WR		 909 return rc;
910}
911
912static int __pn533_send_async(struct pn533 *dev, u8 cmd_code,
913 struct sk_buff *req, struct sk_buff *resp,
914 int resp_len,
915 pn533_send_async_complete_t complete_cb,
916 void *complete_cb_context)
917{
918 struct pn533_cmd *cmd;
aada17ac
WR		 919 int rc = 0;
920
b4834839 921 dev_dbg(&dev->interface->dev, "Sending command 0x%x\n", cmd_code);
aada17ac 922
4231604b
WR		 923 cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
924 if (!cmd)
aada17ac
WR		 925 return -ENOMEM;
926
4b2a9532 927 cmd->code = cmd_code;
4231604b
WR		 928 cmd->req = req;
929 cmd->resp = resp;
930 cmd->resp_len = resp_len;
931 cmd->complete_cb = complete_cb;
932 cmd->complete_cb_context = complete_cb_context;
aada17ac 933
9e2d493e 934 pn533_build_cmd_frame(dev, cmd_code, req);
aada17ac
WR		 935
936 mutex_lock(&dev->cmd_lock);
937
938 if (!dev->cmd_pending) {
ddf19d20 939 rc = __pn533_send_frame_async(dev, req, resp, resp_len);
aada17ac
WR		 940 if (rc)
941 goto error;
942
943 dev->cmd_pending = 1;
2c206fb7 944 dev->cmd = cmd;
aada17ac
WR		 945 goto unlock;
946 }
947
b4834839
JP		 948 dev_dbg(&dev->interface->dev, "%s Queueing command 0x%x\n",
949 __func__, cmd_code);
aada17ac 950
aada17ac 951 INIT_LIST_HEAD(&cmd->queue);
aada17ac
WR		 952 list_add_tail(&cmd->queue, &dev->cmd_queue);
953
954 goto unlock;
955
956error:
4231604b 957 kfree(cmd);
aada17ac
WR		 958unlock:
959 mutex_unlock(&dev->cmd_lock);
960 return rc;
15461aeb
WR		 961}
962
963static int pn533_send_data_async(struct pn533 *dev, u8 cmd_code,
964 struct sk_buff *req,
965 pn533_send_async_complete_t complete_cb,
966 void *complete_cb_context)
967{
968 struct sk_buff *resp;
969 int rc;
9e2d493e
WR		 970 int resp_len = dev->ops->rx_header_len +
971 dev->ops->max_payload_len +
972 dev->ops->rx_tail_len;
15461aeb 973
15461aeb
WR		 974 resp = nfc_alloc_recv_skb(resp_len, GFP_KERNEL);
975 if (!resp)
976 return -ENOMEM;
977
978 rc = __pn533_send_async(dev, cmd_code, req, resp, resp_len, complete_cb,
979 complete_cb_context);
980 if (rc)
981 dev_kfree_skb(resp);
982
983 return rc;
aada17ac
WR		 984}
985
986static int pn533_send_cmd_async(struct pn533 *dev, u8 cmd_code,
987 struct sk_buff *req,
988 pn533_send_async_complete_t complete_cb,
989 void *complete_cb_context)
990{
991 struct sk_buff *resp;
992 int rc;
9e2d493e
WR		 993 int resp_len = dev->ops->rx_header_len +
994 dev->ops->max_payload_len +
995 dev->ops->rx_tail_len;
aada17ac 996
9e2d493e 997 resp = alloc_skb(resp_len, GFP_KERNEL);
aada17ac
WR		 998 if (!resp)
999 return -ENOMEM;
1000
9e2d493e
WR		 1001 rc = __pn533_send_async(dev, cmd_code, req, resp, resp_len, complete_cb,
1002 complete_cb_context);
aada17ac
WR		 1003 if (rc)
1004 dev_kfree_skb(resp);
1005
1006 return rc;
1007}
1008
b1e666f5
WR		 1009/*
1010 * pn533_send_cmd_direct_async
1011 *
1012 * The function sends a piority cmd directly to the chip omiting the cmd
1013 * queue. It's intended to be used by chaining mechanism of received responses
1014 * where the host has to request every single chunk of data before scheduling
1015 * next cmd from the queue.
1016 */
1017static int pn533_send_cmd_direct_async(struct pn533 *dev, u8 cmd_code,
1018 struct sk_buff *req,
1019 pn533_send_async_complete_t complete_cb,
1020 void *complete_cb_context)
1021{
b1e666f5 1022 struct sk_buff *resp;
4231604b 1023 struct pn533_cmd *cmd;
b1e666f5 1024 int rc;
9e2d493e
WR		 1025 int resp_len = dev->ops->rx_header_len +
1026 dev->ops->max_payload_len +
1027 dev->ops->rx_tail_len;
b1e666f5 1028
b1e666f5
WR		 1029 resp = alloc_skb(resp_len, GFP_KERNEL);
1030 if (!resp)
1031 return -ENOMEM;
1032
4231604b
WR		 1033 cmd = kzalloc(sizeof(*cmd), GFP_KERNEL);
1034 if (!cmd) {
b1e666f5
WR		 1035 dev_kfree_skb(resp);
1036 return -ENOMEM;
1037 }
1038
4b2a9532 1039 cmd->code = cmd_code;
4231604b
WR		 1040 cmd->req = req;
1041 cmd->resp = resp;
1042 cmd->resp_len = resp_len;
1043 cmd->complete_cb = complete_cb;
1044 cmd->complete_cb_context = complete_cb_context;
b1e666f5 1045
9e2d493e 1046 pn533_build_cmd_frame(dev, cmd_code, req);
b1e666f5 1047
ddf19d20 1048 rc = __pn533_send_frame_async(dev, req, resp, resp_len);
b1e666f5
WR		 1049 if (rc < 0) {
1050 dev_kfree_skb(resp);
4231604b 1051 kfree(cmd);
2c206fb7
WR		 1052 } else {
1053 dev->cmd = cmd;
b1e666f5
WR		 1054 }
1055
1056 return rc;
1057}
1058
c79490e1
WR		 1059static void pn533_wq_cmd_complete(struct work_struct *work)
1060{
1061 struct pn533 *dev = container_of(work, struct pn533, cmd_complete_work);
1062 int rc;
1063
1064 rc = pn533_send_async_complete(dev);
1065 if (rc != -EINPROGRESS)
1066 queue_work(dev->wq, &dev->cmd_work);
1067}
1068
5d50b364
SO		 1069static void pn533_wq_cmd(struct work_struct *work)
1070{
1071 struct pn533 *dev = container_of(work, struct pn533, cmd_work);
1072 struct pn533_cmd *cmd;
0ce1fbdd 1073 int rc;
5d50b364
SO		 1074
1075 mutex_lock(&dev->cmd_lock);
1076
1077 if (list_empty(&dev->cmd_queue)) {
1078 dev->cmd_pending = 0;
1079 mutex_unlock(&dev->cmd_lock);
1080 return;
1081 }
1082
1083 cmd = list_first_entry(&dev->cmd_queue, struct pn533_cmd, queue);
1084
60ad07ab
SJ		 1085 list_del(&cmd->queue);
1086
5d50b364
SO		 1087 mutex_unlock(&dev->cmd_lock);
1088
ddf19d20 1089 rc = __pn533_send_frame_async(dev, cmd->req, cmd->resp, cmd->resp_len);
0ce1fbdd
WR		 1090 if (rc < 0) {
1091 dev_kfree_skb(cmd->req);
1092 dev_kfree_skb(cmd->resp);
4231604b 1093 kfree(cmd);
2c206fb7 1094 return;
0ce1fbdd 1095 }
2c206fb7
WR		 1096
1097 dev->cmd = cmd;
5d50b364
SO		 1098}
1099
c46ee386 1100struct pn533_sync_cmd_response {
94c5c156 1101 struct sk_buff *resp;
c46ee386
AAJ		 1102 struct completion done;
1103};
1104
94c5c156
WR		 1105static int pn533_send_sync_complete(struct pn533 *dev, void *_arg,
1106 struct sk_buff *resp)
1107{
1108 struct pn533_sync_cmd_response *arg = _arg;
1109
94c5c156
WR		 1110 arg->resp = resp;
1111 complete(&arg->done);
1112
1113 return 0;
1114}
1115
1116/* pn533_send_cmd_sync
1117 *
1118 * Please note the req parameter is freed inside the function to
1119 * limit a number of return value interpretations by the caller.
1120 *
1121 * 1. negative in case of error during TX path -> req should be freed
1122 *
1123 * 2. negative in case of error during RX path -> req should not be freed
1124 * as it's been already freed at the begining of RX path by
1125 * async_complete_cb.
1126 *
1127 * 3. valid pointer in case of succesfult RX path
1128 *
1129 * A caller has to check a return value with IS_ERR macro. If the test pass,
1130 * the returned pointer is valid.
1131 *
1132 * */
1133static struct sk_buff *pn533_send_cmd_sync(struct pn533 *dev, u8 cmd_code,
1134 struct sk_buff *req)
1135{
1136 int rc;
1137 struct pn533_sync_cmd_response arg;
1138
94c5c156
WR		 1139 init_completion(&arg.done);
1140
1141 rc = pn533_send_cmd_async(dev, cmd_code, req,
1142 pn533_send_sync_complete, &arg);
1143 if (rc) {
1144 dev_kfree_skb(req);
1145 return ERR_PTR(rc);
1146 }
1147
1148 wait_for_completion(&arg.done);
1149
1150 return arg.resp;
1151}
1152
c46ee386
AAJ		 1153static void pn533_send_complete(struct urb *urb)
1154{
1155 struct pn533 *dev = urb->context;
1156
c46ee386
AAJ		 1157 switch (urb->status) {
1158 case 0:
f8f99171 1159 break; /* success */
c46ee386
AAJ		 1160 case -ECONNRESET:
1161 case -ENOENT:
b4834839
JP		 1162 dev_dbg(&dev->interface->dev,
1163 "The urb has been stopped (status %d)\n",
1164 urb->status);
c46ee386 1165 break;
f8f99171 1166 case -ESHUTDOWN:
c46ee386 1167 default:
073a625f
JP		 1168 nfc_err(&dev->interface->dev, "Urb failure (status %d)\n",
1169 urb->status);
c46ee386
AAJ		 1170 }
1171}
1172
10cff29a
WR		 1173static void pn533_abort_cmd(struct pn533 *dev, gfp_t flags)
1174{
1175 /* ACR122U does not support any command which aborts last
1176 * issued command i.e. as ACK for standard PN533. Additionally,
1177 * it behaves stange, sending broken or incorrect responses,
1178 * when we cancel urb before the chip will send response.
1179 */
1180 if (dev->device_type == PN533_DEVICE_ACR122U)
1181 return;
1182
1183 /* An ack will cancel the last issued command */
1184 pn533_send_ack(dev, flags);
1185
1186 /* cancel the urb request */
1187 usb_kill_urb(dev->in_urb);
1188}
1189
9e2d493e 1190static struct sk_buff *pn533_alloc_skb(struct pn533 *dev, unsigned int size)
d22b2db6
WR		 1191{
1192 struct sk_buff *skb;
1193
9e2d493e 1194 skb = alloc_skb(dev->ops->tx_header_len +
d22b2db6 1195 size +
9e2d493e 1196 dev->ops->tx_tail_len, GFP_KERNEL);
d22b2db6
WR		 1197
1198 if (skb)
9e2d493e 1199 skb_reserve(skb, dev->ops->tx_header_len);
d22b2db6
WR		 1200
1201 return skb;
1202}
1203
c46ee386
AAJ		 1204struct pn533_target_type_a {
1205 __be16 sens_res;
1206 u8 sel_res;
1207 u8 nfcid_len;
1208 u8 nfcid_data[];
1209} __packed;
1210
1211
1212#define PN533_TYPE_A_SENS_RES_NFCID1(x) ((u8)((be16_to_cpu(x) & 0x00C0) >> 6))
1213#define PN533_TYPE_A_SENS_RES_SSD(x) ((u8)((be16_to_cpu(x) & 0x001F) >> 0))
1214#define PN533_TYPE_A_SENS_RES_PLATCONF(x) ((u8)((be16_to_cpu(x) & 0x0F00) >> 8))
1215
1216#define PN533_TYPE_A_SENS_RES_SSD_JEWEL 0x00
1217#define PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL 0x0C
1218
1219#define PN533_TYPE_A_SEL_PROT(x) (((x) & 0x60) >> 5)
1220#define PN533_TYPE_A_SEL_CASCADE(x) (((x) & 0x04) >> 2)
1221
1222#define PN533_TYPE_A_SEL_PROT_MIFARE 0
1223#define PN533_TYPE_A_SEL_PROT_ISO14443 1
1224#define PN533_TYPE_A_SEL_PROT_DEP 2
1225#define PN533_TYPE_A_SEL_PROT_ISO14443_DEP 3
1226
1227static bool pn533_target_type_a_is_valid(struct pn533_target_type_a *type_a,
1228 int target_data_len)
1229{
1230 u8 ssd;
1231 u8 platconf;
1232
1233 if (target_data_len < sizeof(struct pn533_target_type_a))
1234 return false;
1235
1236 /* The lenght check of nfcid[] and ats[] are not being performed because
1237 the values are not being used */
1238
1239 /* Requirement 4.6.3.3 from NFC Forum Digital Spec */
1240 ssd = PN533_TYPE_A_SENS_RES_SSD(type_a->sens_res);
1241 platconf = PN533_TYPE_A_SENS_RES_PLATCONF(type_a->sens_res);
1242
1243 if ((ssd == PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
5d467742
WR		 1244 platconf != PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL) ||
1245 (ssd != PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
1246 platconf == PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL))
c46ee386
AAJ		 1247 return false;
1248
1249 /* Requirements 4.8.2.1, 4.8.2.3, 4.8.2.5 and 4.8.2.7 from NFC Forum */
1250 if (PN533_TYPE_A_SEL_CASCADE(type_a->sel_res) != 0)
1251 return false;
1252
1253 return true;
1254}
1255
1256static int pn533_target_found_type_a(struct nfc_target *nfc_tgt, u8 *tgt_data,
1257 int tgt_data_len)
1258{
1259 struct pn533_target_type_a *tgt_type_a;
1260
37cf4fc6 1261 tgt_type_a = (struct pn533_target_type_a *)tgt_data;
c46ee386
AAJ		 1262
1263 if (!pn533_target_type_a_is_valid(tgt_type_a, tgt_data_len))
1264 return -EPROTO;
1265
1266 switch (PN533_TYPE_A_SEL_PROT(tgt_type_a->sel_res)) {
1267 case PN533_TYPE_A_SEL_PROT_MIFARE:
1268 nfc_tgt->supported_protocols = NFC_PROTO_MIFARE_MASK;
1269 break;
1270 case PN533_TYPE_A_SEL_PROT_ISO14443:
1271 nfc_tgt->supported_protocols = NFC_PROTO_ISO14443_MASK;
1272 break;
1273 case PN533_TYPE_A_SEL_PROT_DEP:
1274 nfc_tgt->supported_protocols = NFC_PROTO_NFC_DEP_MASK;
1275 break;
1276 case PN533_TYPE_A_SEL_PROT_ISO14443_DEP:
1277 nfc_tgt->supported_protocols = NFC_PROTO_ISO14443_MASK |
1278 NFC_PROTO_NFC_DEP_MASK;
1279 break;
1280 }
1281
1282 nfc_tgt->sens_res = be16_to_cpu(tgt_type_a->sens_res);
1283 nfc_tgt->sel_res = tgt_type_a->sel_res;
c3b1e1e8
SO		 1284 nfc_tgt->nfcid1_len = tgt_type_a->nfcid_len;
1285 memcpy(nfc_tgt->nfcid1, tgt_type_a->nfcid_data, nfc_tgt->nfcid1_len);
c46ee386
AAJ		 1286
1287 return 0;
1288}
1289
1290struct pn533_target_felica {
1291 u8 pol_res;
1292 u8 opcode;
322bce95 1293 u8 nfcid2[NFC_NFCID2_MAXSIZE];
c46ee386
AAJ		 1294 u8 pad[8];
1295 /* optional */
1296 u8 syst_code[];
1297} __packed;
1298
1299#define PN533_FELICA_SENSF_NFCID2_DEP_B1 0x01
1300#define PN533_FELICA_SENSF_NFCID2_DEP_B2 0xFE
1301
1302static bool pn533_target_felica_is_valid(struct pn533_target_felica *felica,
1303 int target_data_len)
1304{
1305 if (target_data_len < sizeof(struct pn533_target_felica))
1306 return false;
1307
1308 if (felica->opcode != PN533_FELICA_OPC_SENSF_RES)
1309 return false;
1310
1311 return true;
1312}
1313
1314static int pn533_target_found_felica(struct nfc_target *nfc_tgt, u8 *tgt_data,
1315 int tgt_data_len)
1316{
1317 struct pn533_target_felica *tgt_felica;
1318
37cf4fc6 1319 tgt_felica = (struct pn533_target_felica *)tgt_data;
c46ee386
AAJ		 1320
1321 if (!pn533_target_felica_is_valid(tgt_felica, tgt_data_len))
1322 return -EPROTO;
1323
5d467742
WR		 1324 if ((tgt_felica->nfcid2[0] == PN533_FELICA_SENSF_NFCID2_DEP_B1) &&
1325 (tgt_felica->nfcid2[1] == PN533_FELICA_SENSF_NFCID2_DEP_B2))
c46ee386
AAJ		 1326 nfc_tgt->supported_protocols = NFC_PROTO_NFC_DEP_MASK;
1327 else
1328 nfc_tgt->supported_protocols = NFC_PROTO_FELICA_MASK;
1329
7975754f
SO		 1330 memcpy(nfc_tgt->sensf_res, &tgt_felica->opcode, 9);
1331 nfc_tgt->sensf_res_len = 9;
1332
322bce95
SO		 1333 memcpy(nfc_tgt->nfcid2, tgt_felica->nfcid2, NFC_NFCID2_MAXSIZE);
1334 nfc_tgt->nfcid2_len = NFC_NFCID2_MAXSIZE;
1335
c46ee386
AAJ		 1336 return 0;
1337}
1338
1339struct pn533_target_jewel {
1340 __be16 sens_res;
1341 u8 jewelid[4];
1342} __packed;
1343
1344static bool pn533_target_jewel_is_valid(struct pn533_target_jewel *jewel,
1345 int target_data_len)
1346{
1347 u8 ssd;
1348 u8 platconf;
1349
1350 if (target_data_len < sizeof(struct pn533_target_jewel))
1351 return false;
1352
1353 /* Requirement 4.6.3.3 from NFC Forum Digital Spec */
1354 ssd = PN533_TYPE_A_SENS_RES_SSD(jewel->sens_res);
1355 platconf = PN533_TYPE_A_SENS_RES_PLATCONF(jewel->sens_res);
1356
1357 if ((ssd == PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
5d467742
WR		 1358 platconf != PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL) ||
1359 (ssd != PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
1360 platconf == PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL))
c46ee386
AAJ		 1361 return false;
1362
1363 return true;
1364}
1365
1366static int pn533_target_found_jewel(struct nfc_target *nfc_tgt, u8 *tgt_data,
1367 int tgt_data_len)
1368{
1369 struct pn533_target_jewel *tgt_jewel;
1370
37cf4fc6 1371 tgt_jewel = (struct pn533_target_jewel *)tgt_data;
c46ee386
AAJ		 1372
1373 if (!pn533_target_jewel_is_valid(tgt_jewel, tgt_data_len))
1374 return -EPROTO;
1375
1376 nfc_tgt->supported_protocols = NFC_PROTO_JEWEL_MASK;
1377 nfc_tgt->sens_res = be16_to_cpu(tgt_jewel->sens_res);
d8dc1072
SO		 1378 nfc_tgt->nfcid1_len = 4;
1379 memcpy(nfc_tgt->nfcid1, tgt_jewel->jewelid, nfc_tgt->nfcid1_len);
c46ee386
AAJ		 1380
1381 return 0;
1382}
1383
1384struct pn533_type_b_prot_info {
1385 u8 bitrate;
1386 u8 fsci_type;
1387 u8 fwi_adc_fo;
1388} __packed;
1389
1390#define PN533_TYPE_B_PROT_FCSI(x) (((x) & 0xF0) >> 4)
1391#define PN533_TYPE_B_PROT_TYPE(x) (((x) & 0x0F) >> 0)
1392#define PN533_TYPE_B_PROT_TYPE_RFU_MASK 0x8
1393
1394struct pn533_type_b_sens_res {
1395 u8 opcode;
1396 u8 nfcid[4];
1397 u8 appdata[4];
1398 struct pn533_type_b_prot_info prot_info;
1399} __packed;
1400
1401#define PN533_TYPE_B_OPC_SENSB_RES 0x50
1402
1403struct pn533_target_type_b {
1404 struct pn533_type_b_sens_res sensb_res;
1405 u8 attrib_res_len;
1406 u8 attrib_res[];
1407} __packed;
1408
1409static bool pn533_target_type_b_is_valid(struct pn533_target_type_b *type_b,
1410 int target_data_len)
1411{
1412 if (target_data_len < sizeof(struct pn533_target_type_b))
1413 return false;
1414
1415 if (type_b->sensb_res.opcode != PN533_TYPE_B_OPC_SENSB_RES)
1416 return false;
1417
1418 if (PN533_TYPE_B_PROT_TYPE(type_b->sensb_res.prot_info.fsci_type) &
1419 PN533_TYPE_B_PROT_TYPE_RFU_MASK)
1420 return false;
1421
1422 return true;
1423}
1424
1425static int pn533_target_found_type_b(struct nfc_target *nfc_tgt, u8 *tgt_data,
1426 int tgt_data_len)
1427{
1428 struct pn533_target_type_b *tgt_type_b;
1429
37cf4fc6 1430 tgt_type_b = (struct pn533_target_type_b *)tgt_data;
c46ee386
AAJ		 1431
1432 if (!pn533_target_type_b_is_valid(tgt_type_b, tgt_data_len))
1433 return -EPROTO;
1434
01d719a2 1435 nfc_tgt->supported_protocols = NFC_PROTO_ISO14443_B_MASK;
c46ee386
AAJ		 1436
1437 return 0;
1438}
1439
b5193e5d
WR		 1440static int pn533_target_found(struct pn533 *dev, u8 tg, u8 *tgdata,
1441 int tgdata_len)
c46ee386 1442{
c46ee386
AAJ		 1443 struct nfc_target nfc_tgt;
1444 int rc;
1445
17936b43 1446 dev_dbg(&dev->interface->dev, "%s: modulation=%d\n",
b4834839 1447 __func__, dev->poll_mod_curr);
c46ee386 1448
b5193e5d 1449 if (tg != 1)
c46ee386
AAJ		 1450 return -EPROTO;
1451
98b3ac1b
SO		 1452 memset(&nfc_tgt, 0, sizeof(struct nfc_target));
1453
c46ee386
AAJ		 1454 switch (dev->poll_mod_curr) {
1455 case PN533_POLL_MOD_106KBPS_A:
b5193e5d 1456 rc = pn533_target_found_type_a(&nfc_tgt, tgdata, tgdata_len);
c46ee386
AAJ		 1457 break;
1458 case PN533_POLL_MOD_212KBPS_FELICA:
1459 case PN533_POLL_MOD_424KBPS_FELICA:
b5193e5d 1460 rc = pn533_target_found_felica(&nfc_tgt, tgdata, tgdata_len);
c46ee386
AAJ		 1461 break;
1462 case PN533_POLL_MOD_106KBPS_JEWEL:
b5193e5d 1463 rc = pn533_target_found_jewel(&nfc_tgt, tgdata, tgdata_len);
c46ee386
AAJ		 1464 break;
1465 case PN533_POLL_MOD_847KBPS_B:
b5193e5d 1466 rc = pn533_target_found_type_b(&nfc_tgt, tgdata, tgdata_len);
c46ee386
AAJ		 1467 break;
1468 default:
073a625f
JP		 1469 nfc_err(&dev->interface->dev,
1470 "Unknown current poll modulation\n");
c46ee386
AAJ		 1471 return -EPROTO;
1472 }
1473
1474 if (rc)
1475 return rc;
1476
1477 if (!(nfc_tgt.supported_protocols & dev->poll_protocols)) {
b4834839
JP		 1478 dev_dbg(&dev->interface->dev,
1479 "The Tg found doesn't have the desired protocol\n");
c46ee386
AAJ		 1480 return -EAGAIN;
1481 }
1482
b4834839
JP		 1483 dev_dbg(&dev->interface->dev,
1484 "Target found - supported protocols: 0x%x\n",
1485 nfc_tgt.supported_protocols);
c46ee386
AAJ		 1486
1487 dev->tgt_available_prots = nfc_tgt.supported_protocols;
1488
1489 nfc_targets_found(dev->nfc_dev, &nfc_tgt, 1);
1490
1491 return 0;
1492}
1493
6fbbdc16
SO		 1494static inline void pn533_poll_next_mod(struct pn533 *dev)
1495{
1496 dev->poll_mod_curr = (dev->poll_mod_curr + 1) % dev->poll_mod_count;
1497}
1498
c46ee386
AAJ		 1499static void pn533_poll_reset_mod_list(struct pn533 *dev)
1500{
1501 dev->poll_mod_count = 0;
1502}
1503
1504static void pn533_poll_add_mod(struct pn533 *dev, u8 mod_index)
1505{
1506 dev->poll_mod_active[dev->poll_mod_count] =
37cf4fc6 1507 (struct pn533_poll_modulations *)&poll_mod[mod_index];
c46ee386
AAJ		 1508 dev->poll_mod_count++;
1509}
1510
6fbbdc16
SO		 1511static void pn533_poll_create_mod_list(struct pn533 *dev,
1512 u32 im_protocols, u32 tm_protocols)
c46ee386
AAJ		 1513{
1514 pn533_poll_reset_mod_list(dev);
1515
b08e8603
WR		 1516 if ((im_protocols & NFC_PROTO_MIFARE_MASK) ||
1517 (im_protocols & NFC_PROTO_ISO14443_MASK) ||
1518 (im_protocols & NFC_PROTO_NFC_DEP_MASK))
c46ee386
AAJ		 1519 pn533_poll_add_mod(dev, PN533_POLL_MOD_106KBPS_A);
1520
b08e8603
WR		 1521 if (im_protocols & NFC_PROTO_FELICA_MASK ||
1522 im_protocols & NFC_PROTO_NFC_DEP_MASK) {
c46ee386
AAJ		 1523 pn533_poll_add_mod(dev, PN533_POLL_MOD_212KBPS_FELICA);
1524 pn533_poll_add_mod(dev, PN533_POLL_MOD_424KBPS_FELICA);
1525 }
1526
6fbbdc16 1527 if (im_protocols & NFC_PROTO_JEWEL_MASK)
c46ee386
AAJ		 1528 pn533_poll_add_mod(dev, PN533_POLL_MOD_106KBPS_JEWEL);
1529
01d719a2 1530 if (im_protocols & NFC_PROTO_ISO14443_B_MASK)
c46ee386 1531 pn533_poll_add_mod(dev, PN533_POLL_MOD_847KBPS_B);
c46ee386 1532
6fbbdc16
SO		 1533 if (tm_protocols)
1534 pn533_poll_add_mod(dev, PN533_LISTEN_MOD);
c46ee386
AAJ		 1535}
1536
b5193e5d 1537static int pn533_start_poll_complete(struct pn533 *dev, struct sk_buff *resp)
c46ee386 1538{
b5193e5d
WR		 1539 u8 nbtg, tg, *tgdata;
1540 int rc, tgdata_len;
c46ee386 1541
673088fb 1542 /* Toggle the DEP polling */
e997ebbe
MT		 1543 if (dev->poll_protocols & NFC_PROTO_NFC_DEP_MASK)
1544 dev->poll_dep = 1;
673088fb 1545
b5193e5d
WR		 1546 nbtg = resp->data[0];
1547 tg = resp->data[1];
1548 tgdata = &resp->data[2];
1549 tgdata_len = resp->len - 2; /* nbtg + tg */
1550
1551 if (nbtg) {
1552 rc = pn533_target_found(dev, tg, tgdata, tgdata_len);
c46ee386
AAJ		 1553
1554 /* We must stop the poll after a valid target found */
6fbbdc16
SO		 1555 if (rc == 0) {
1556 pn533_poll_reset_mod_list(dev);
1557 return 0;
1558 }
c46ee386
AAJ		 1559 }
1560
6fbbdc16 1561 return -EAGAIN;
c46ee386
AAJ		 1562}
1563
9e2d493e 1564static struct sk_buff *pn533_alloc_poll_tg_frame(struct pn533 *dev)
ad3823ce 1565{
b5193e5d
WR		 1566 struct sk_buff *skb;
1567 u8 *felica, *nfcid3, *gb;
1568
9e2d493e
WR		 1569 u8 *gbytes = dev->gb;
1570 size_t gbytes_len = dev->gb_len;
1571
51d9e803
SO		 1572 u8 felica_params[18] = {0x1, 0xfe, /* DEP */
1573 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, /* random */
1574 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
1575 0xff, 0xff}; /* System code */
b5193e5d 1576
51d9e803
SO		 1577 u8 mifare_params[6] = {0x1, 0x1, /* SENS_RES */
1578 0x0, 0x0, 0x0,
1579 0x40}; /* SEL_RES for DEP */
ad3823ce 1580
b5193e5d
WR		 1581 unsigned int skb_len = 36 + /* mode (1), mifare (6),
1582 felica (18), nfcid3 (10), gb_len (1) */
1583 gbytes_len +
1584 1; /* len Tk*/
ad3823ce 1585
9e2d493e 1586 skb = pn533_alloc_skb(dev, skb_len);
b5193e5d
WR		 1587 if (!skb)
1588 return NULL;
ad3823ce
SO		 1589
1590 /* DEP support only */
52f2eaee 1591 *skb_put(skb, 1) = PN533_INIT_TARGET_DEP;
b5193e5d
WR		 1592
1593 /* MIFARE params */
1594 memcpy(skb_put(skb, 6), mifare_params, 6);
51d9e803
SO		 1595
1596 /* Felica params */
b5193e5d
WR		 1597 felica = skb_put(skb, 18);
1598 memcpy(felica, felica_params, 18);
1599 get_random_bytes(felica + 2, 6);
51d9e803
SO		 1600
1601 /* NFCID3 */
b5193e5d
WR		 1602 nfcid3 = skb_put(skb, 10);
1603 memset(nfcid3, 0, 10);
1604 memcpy(nfcid3, felica, 8);
51d9e803
SO		 1605
1606 /* General bytes */
b5193e5d 1607 *skb_put(skb, 1) = gbytes_len;
51d9e803 1608
b5193e5d
WR		 1609 gb = skb_put(skb, gbytes_len);
1610 memcpy(gb, gbytes, gbytes_len);
ad3823ce 1611
b5193e5d
WR		 1612 /* Len Tk */
1613 *skb_put(skb, 1) = 0;
51d9e803 1614
b5193e5d 1615 return skb;
ad3823ce
SO		 1616}
1617
b1bb290a 1618#define PN533_CMD_DATAEXCH_HEAD_LEN 1
103b34cf 1619#define PN533_CMD_DATAEXCH_DATA_MAXLEN 262
3c13b244
OG		 1620static void pn533_wq_tm_mi_recv(struct work_struct *work);
1621static struct sk_buff *pn533_build_response(struct pn533 *dev);
1622
103b34cf 1623static int pn533_tm_get_data_complete(struct pn533 *dev, void *arg,
e4878823 1624 struct sk_buff *resp)
103b34cf 1625{
3c13b244
OG		 1626 struct sk_buff *skb;
1627 u8 status, ret, mi;
1628 int rc;
103b34cf 1629
b4834839 1630 dev_dbg(&dev->interface->dev, "%s\n", __func__);
103b34cf 1631
3c13b244
OG		 1632 if (IS_ERR(resp)) {
1633 skb_queue_purge(&dev->resp_q);
e4878823 1634 return PTR_ERR(resp);
3c13b244 1635 }
103b34cf 1636
e4878823 1637 status = resp->data[0];
3c13b244
OG		 1638
1639 ret = status & PN533_CMD_RET_MASK;
1640 mi = status & PN533_CMD_MI_MASK;
1641
e4878823 1642 skb_pull(resp, sizeof(status));
103b34cf 1643
3c13b244
OG		 1644 if (ret != PN533_CMD_RET_SUCCESS) {
1645 rc = -EIO;
1646 goto error;
1647 }
1648
1649 skb_queue_tail(&dev->resp_q, resp);
1650
1651 if (mi) {
1652 queue_work(dev->wq, &dev->mi_tm_rx_work);
1653 return -EINPROGRESS;
1654 }
1655
1656 skb = pn533_build_response(dev);
1657 if (!skb) {
1658 rc = -EIO;
1659 goto error;
103b34cf
SO		 1660 }
1661
3c13b244
OG		 1662 return nfc_tm_data_received(dev->nfc_dev, skb);
1663
1664error:
1665 nfc_tm_deactivated(dev->nfc_dev);
1666 dev->tgt_mode = 0;
1667 skb_queue_purge(&dev->resp_q);
1668 dev_kfree_skb(resp);
1669
1670 return rc;
1671}
1672
1673static void pn533_wq_tm_mi_recv(struct work_struct *work)
1674{
1675 struct pn533 *dev = container_of(work, struct pn533, mi_tm_rx_work);
1676 struct sk_buff *skb;
1677 int rc;
1678
1679 dev_dbg(&dev->interface->dev, "%s\n", __func__);
1680
1681 skb = pn533_alloc_skb(dev, 0);
1682 if (!skb)
1683 return;
1684
1685 rc = pn533_send_cmd_direct_async(dev,
1686 PN533_CMD_TG_GET_DATA,
1687 skb,
1688 pn533_tm_get_data_complete,
1689 NULL);
1690
1691 if (rc < 0)
1692 dev_kfree_skb(skb);
1693
1694 return;
103b34cf
SO		 1695}
1696
93ad4202
OG		 1697static int pn533_tm_send_complete(struct pn533 *dev, void *arg,
1698 struct sk_buff *resp);
1699static void pn533_wq_tm_mi_send(struct work_struct *work)
1700{
1701 struct pn533 *dev = container_of(work, struct pn533, mi_tm_tx_work);
1702 struct sk_buff *skb;
1703 int rc;
1704
1705 dev_dbg(&dev->interface->dev, "%s\n", __func__);
1706
1707 /* Grab the first skb in the queue */
1708 skb = skb_dequeue(&dev->fragment_skb);
1709 if (skb == NULL) { /* No more data */
1710 /* Reset the queue for future use */
1711 skb_queue_head_init(&dev->fragment_skb);
1712 goto error;
1713 }
1714
1715 /* last entry - remove MI bit */
1716 if (skb_queue_len(&dev->fragment_skb) == 0) {
1717 rc = pn533_send_cmd_direct_async(dev, PN533_CMD_TG_SET_DATA,
1718 skb, pn533_tm_send_complete, NULL);
1719 } else
1720 rc = pn533_send_cmd_direct_async(dev,
1721 PN533_CMD_TG_SET_META_DATA,
1722 skb, pn533_tm_send_complete, NULL);
1723
1724 if (rc == 0) /* success */
1725 return;
1726
1727 dev_err(&dev->interface->dev,
1728 "Error %d when trying to perform set meta data_exchange", rc);
1729
1730 dev_kfree_skb(skb);
1731
1732error:
1733 pn533_send_ack(dev, GFP_KERNEL);
1734 queue_work(dev->wq, &dev->cmd_work);
1735}
1736
103b34cf
SO		 1737static void pn533_wq_tg_get_data(struct work_struct *work)
1738{
1739 struct pn533 *dev = container_of(work, struct pn533, tg_work);
e4878823
WR		 1740 struct sk_buff *skb;
1741 int rc;
103b34cf 1742
b4834839 1743 dev_dbg(&dev->interface->dev, "%s\n", __func__);
103b34cf 1744
9e2d493e 1745 skb = pn533_alloc_skb(dev, 0);
e4878823 1746 if (!skb)
103b34cf
SO		 1747 return;
1748
e4878823
WR		 1749 rc = pn533_send_data_async(dev, PN533_CMD_TG_GET_DATA, skb,
1750 pn533_tm_get_data_complete, NULL);
103b34cf 1751
e4878823
WR		 1752 if (rc < 0)
1753 dev_kfree_skb(skb);
103b34cf
SO		 1754
1755 return;
1756}
1757
fc40a8c1 1758#define ATR_REQ_GB_OFFSET 17
b5193e5d 1759static int pn533_init_target_complete(struct pn533 *dev, struct sk_buff *resp)
fe7c5800 1760{
b5193e5d 1761 u8 mode, *cmd, comm_mode = NFC_COMM_PASSIVE, *gb;
fc40a8c1 1762 size_t gb_len;
103b34cf 1763 int rc;
ad3823ce 1764
b4834839 1765 dev_dbg(&dev->interface->dev, "%s\n", __func__);
ad3823ce 1766
b5193e5d 1767 if (resp->len < ATR_REQ_GB_OFFSET + 1)
fc40a8c1
SO		 1768 return -EINVAL;
1769
b5193e5d
WR		 1770 mode = resp->data[0];
1771 cmd = &resp->data[1];
ad3823ce 1772
b4834839
JP		 1773 dev_dbg(&dev->interface->dev, "Target mode 0x%x len %d\n",
1774 mode, resp->len);
ad3823ce 1775
b5193e5d
WR		 1776 if ((mode & PN533_INIT_TARGET_RESP_FRAME_MASK) ==
1777 PN533_INIT_TARGET_RESP_ACTIVE)
fc40a8c1
SO		 1778 comm_mode = NFC_COMM_ACTIVE;
1779
b5193e5d 1780 if ((mode & PN533_INIT_TARGET_RESP_DEP) == 0) /* Only DEP supported */
fc40a8c1
SO		 1781 return -EOPNOTSUPP;
1782
b5193e5d
WR		 1783 gb = cmd + ATR_REQ_GB_OFFSET;
1784 gb_len = resp->len - (ATR_REQ_GB_OFFSET + 1);
fc40a8c1 1785
103b34cf
SO		 1786 rc = nfc_tm_activated(dev->nfc_dev, NFC_PROTO_NFC_DEP_MASK,
1787 comm_mode, gb, gb_len);
1788 if (rc < 0) {
073a625f
JP		 1789 nfc_err(&dev->interface->dev,
1790 "Error when signaling target activation\n");
103b34cf
SO		 1791 return rc;
1792 }
1793
51ad304c 1794 dev->tgt_mode = 1;
103b34cf
SO		 1795 queue_work(dev->wq, &dev->tg_work);
1796
1797 return 0;
fe7c5800
SO		 1798}
1799
6fbbdc16 1800static void pn533_listen_mode_timer(unsigned long data)
ad3823ce 1801{
37cf4fc6 1802 struct pn533 *dev = (struct pn533 *)data;
6fbbdc16 1803
b4834839 1804 dev_dbg(&dev->interface->dev, "Listen mode timeout\n");
6fbbdc16 1805
6fbbdc16
SO		 1806 dev->cancel_listen = 1;
1807
6fbbdc16
SO		 1808 pn533_poll_next_mod(dev);
1809
46f793b0
SO		 1810 queue_delayed_work(dev->wq, &dev->poll_work,
1811 msecs_to_jiffies(PN533_POLL_INTERVAL));
6fbbdc16
SO		 1812}
1813
17e9d9d4
SO		 1814static int pn533_rf_complete(struct pn533 *dev, void *arg,
1815 struct sk_buff *resp)
1816{
1817 int rc = 0;
1818
b4834839 1819 dev_dbg(&dev->interface->dev, "%s\n", __func__);
17e9d9d4
SO		 1820
1821 if (IS_ERR(resp)) {
1822 rc = PTR_ERR(resp);
1823
3590ebc0 1824 nfc_err(&dev->interface->dev, "RF setting error %d\n", rc);
17e9d9d4
SO		 1825
1826 return rc;
1827 }
1828
46f793b0
SO		 1829 queue_delayed_work(dev->wq, &dev->poll_work,
1830 msecs_to_jiffies(PN533_POLL_INTERVAL));
17e9d9d4
SO		 1831
1832 dev_kfree_skb(resp);
1833 return rc;
1834}
1835
1836static void pn533_wq_rf(struct work_struct *work)
1837{
1838 struct pn533 *dev = container_of(work, struct pn533, rf_work);
1839 struct sk_buff *skb;
1840 int rc;
1841
b4834839 1842 dev_dbg(&dev->interface->dev, "%s\n", __func__);
17e9d9d4
SO		 1843
1844 skb = pn533_alloc_skb(dev, 2);
1845 if (!skb)
1846 return;
1847
1848 *skb_put(skb, 1) = PN533_CFGITEM_RF_FIELD;
3a8eab39 1849 *skb_put(skb, 1) = PN533_CFGITEM_RF_FIELD_AUTO_RFCA;
17e9d9d4
SO		 1850
1851 rc = pn533_send_cmd_async(dev, PN533_CMD_RF_CONFIGURATION, skb,
1852 pn533_rf_complete, NULL);
1853 if (rc < 0) {
1854 dev_kfree_skb(skb);
073a625f 1855 nfc_err(&dev->interface->dev, "RF setting error %d\n", rc);
17e9d9d4
SO		 1856 }
1857
1858 return;
1859}
1860
673088fb
SO		 1861static int pn533_poll_dep_complete(struct pn533 *dev, void *arg,
1862 struct sk_buff *resp)
1863{
1864 struct pn533_cmd_jump_dep_response *rsp;
1865 struct nfc_target nfc_target;
1866 u8 target_gt_len;
1867 int rc;
1868
1869 if (IS_ERR(resp))
1870 return PTR_ERR(resp);
1871
1872 rsp = (struct pn533_cmd_jump_dep_response *)resp->data;
1873
1874 rc = rsp->status & PN533_CMD_RET_MASK;
1875 if (rc != PN533_CMD_RET_SUCCESS) {
1876 /* Not target found, turn radio off */
1877 queue_work(dev->wq, &dev->rf_work);
1878
1879 dev_kfree_skb(resp);
1880 return 0;
1881 }
1882
1883 dev_dbg(&dev->interface->dev, "Creating new target");
1884
1885 nfc_target.supported_protocols = NFC_PROTO_NFC_DEP_MASK;
1886 nfc_target.nfcid1_len = 10;
1887 memcpy(nfc_target.nfcid1, rsp->nfcid3t, nfc_target.nfcid1_len);
1888 rc = nfc_targets_found(dev->nfc_dev, &nfc_target, 1);
1889 if (rc)
1890 goto error;
1891
1892 dev->tgt_available_prots = 0;
1893 dev->tgt_active_prot = NFC_PROTO_NFC_DEP;
1894
1895 /* ATR_RES general bytes are located at offset 17 */
1896 target_gt_len = resp->len - 17;
1897 rc = nfc_set_remote_general_bytes(dev->nfc_dev,
1898 rsp->gt, target_gt_len);
1899 if (!rc) {
1900 rc = nfc_dep_link_is_up(dev->nfc_dev,
1901 dev->nfc_dev->targets[0].idx,
1902 0, NFC_RF_INITIATOR);
1903
1904 if (!rc)
1905 pn533_poll_reset_mod_list(dev);
1906 }
1907error:
1908 dev_kfree_skb(resp);
1909 return rc;
1910}
1911
1912#define PASSIVE_DATA_LEN 5
1913static int pn533_poll_dep(struct nfc_dev *nfc_dev)
1914{
1915 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1916 struct sk_buff *skb;
1917 int rc, skb_len;
1918 u8 *next, nfcid3[NFC_NFCID3_MAXSIZE];
1919 u8 passive_data[PASSIVE_DATA_LEN] = {0x00, 0xff, 0xff, 0x00, 0x3};
1920
1921 dev_dbg(&dev->interface->dev, "%s", __func__);
1922
1923 if (!dev->gb) {
1924 dev->gb = nfc_get_local_general_bytes(nfc_dev, &dev->gb_len);
1925
1926 if (!dev->gb || !dev->gb_len) {
1927 dev->poll_dep = 0;
1928 queue_work(dev->wq, &dev->rf_work);
1929 }
1930 }
1931
1932 skb_len = 3 + dev->gb_len; /* ActPass + BR + Next */
1933 skb_len += PASSIVE_DATA_LEN;
1934
1935 /* NFCID3 */
1936 skb_len += NFC_NFCID3_MAXSIZE;
1937 nfcid3[0] = 0x1;
1938 nfcid3[1] = 0xfe;
1939 get_random_bytes(nfcid3 + 2, 6);
1940
1941 skb = pn533_alloc_skb(dev, skb_len);
1942 if (!skb)
1943 return -ENOMEM;
1944
1945 *skb_put(skb, 1) = 0x01; /* Active */
1946 *skb_put(skb, 1) = 0x02; /* 424 kbps */
1947
1948 next = skb_put(skb, 1); /* Next */
1949 *next = 0;
1950
1951 /* Copy passive data */
1952 memcpy(skb_put(skb, PASSIVE_DATA_LEN), passive_data, PASSIVE_DATA_LEN);
1953 *next |= 1;
1954
1955 /* Copy NFCID3 (which is NFCID2 from SENSF_RES) */
1956 memcpy(skb_put(skb, NFC_NFCID3_MAXSIZE), nfcid3,
1957 NFC_NFCID3_MAXSIZE);
1958 *next |= 2;
1959
1960 memcpy(skb_put(skb, dev->gb_len), dev->gb, dev->gb_len);
1961 *next |= 4; /* We have some Gi */
1962
1963 rc = pn533_send_cmd_async(dev, PN533_CMD_IN_JUMP_FOR_DEP, skb,
1964 pn533_poll_dep_complete, NULL);
1965
1966 if (rc < 0)
1967 dev_kfree_skb(skb);
1968
1969 return rc;
1970}
1971
6fbbdc16 1972static int pn533_poll_complete(struct pn533 *dev, void *arg,
b5193e5d 1973 struct sk_buff *resp)
6fbbdc16
SO		 1974{
1975 struct pn533_poll_modulations *cur_mod;
ad3823ce
SO		 1976 int rc;
1977
b4834839 1978 dev_dbg(&dev->interface->dev, "%s\n", __func__);
ad3823ce 1979
b5193e5d
WR		 1980 if (IS_ERR(resp)) {
1981 rc = PTR_ERR(resp);
1982
073a625f
JP		 1983 nfc_err(&dev->interface->dev, "%s Poll complete error %d\n",
1984 __func__, rc);
b5193e5d
WR		 1985
1986 if (rc == -ENOENT) {
1987 if (dev->poll_mod_count != 0)
1988 return rc;
1989 else
1990 goto stop_poll;
1991 } else if (rc < 0) {
073a625f
JP		 1992 nfc_err(&dev->interface->dev,
1993 "Error %d when running poll\n", rc);
b5193e5d
WR		 1994 goto stop_poll;
1995 }
6fbbdc16 1996 }
ad3823ce 1997
6fbbdc16
SO		 1998 cur_mod = dev->poll_mod_active[dev->poll_mod_curr];
1999
b5193e5d 2000 if (cur_mod->len == 0) { /* Target mode */
6fbbdc16 2001 del_timer(&dev->listen_timer);
b5193e5d
WR		 2002 rc = pn533_init_target_complete(dev, resp);
2003 goto done;
6fbbdc16
SO		 2004 }
2005
b5193e5d
WR		 2006 /* Initiator mode */
2007 rc = pn533_start_poll_complete(dev, resp);
2008 if (!rc)
2009 goto done;
6fbbdc16 2010
95cb9e10 2011 if (!dev->poll_mod_count) {
b4834839 2012 dev_dbg(&dev->interface->dev, "Polling has been stopped\n");
95cb9e10
WR		 2013 goto done;
2014 }
2015
b5193e5d 2016 pn533_poll_next_mod(dev);
17e9d9d4
SO		 2017 /* Not target found, turn radio off */
2018 queue_work(dev->wq, &dev->rf_work);
6fbbdc16 2019
b5193e5d
WR		 2020done:
2021 dev_kfree_skb(resp);
2022 return rc;
6fbbdc16
SO		 2023
2024stop_poll:
073a625f 2025 nfc_err(&dev->interface->dev, "Polling operation has been stopped\n");
b5193e5d 2026
6fbbdc16
SO		 2027 pn533_poll_reset_mod_list(dev);
2028 dev->poll_protocols = 0;
b5193e5d 2029 return rc;
ad3823ce
SO		 2030}
2031
9e2d493e
WR		 2032static struct sk_buff *pn533_alloc_poll_in_frame(struct pn533 *dev,
2033 struct pn533_poll_modulations *mod)
c46ee386 2034{
b5193e5d 2035 struct sk_buff *skb;
c46ee386 2036
9e2d493e 2037 skb = pn533_alloc_skb(dev, mod->len);
b5193e5d
WR		 2038 if (!skb)
2039 return NULL;
c46ee386 2040
b5193e5d 2041 memcpy(skb_put(skb, mod->len), &mod->data, mod->len);
c46ee386 2042
b5193e5d 2043 return skb;
6fbbdc16 2044}
c46ee386 2045
6fbbdc16
SO		 2046static int pn533_send_poll_frame(struct pn533 *dev)
2047{
b5193e5d
WR		 2048 struct pn533_poll_modulations *mod;
2049 struct sk_buff *skb;
6fbbdc16 2050 int rc;
b5193e5d 2051 u8 cmd_code;
c46ee386 2052
b5193e5d 2053 mod = dev->poll_mod_active[dev->poll_mod_curr];
c46ee386 2054
b4834839
JP		 2055 dev_dbg(&dev->interface->dev, "%s mod len %d\n",
2056 __func__, mod->len);
c46ee386 2057
e997ebbe 2058 if ((dev->poll_protocols & NFC_PROTO_NFC_DEP_MASK) && dev->poll_dep) {
673088fb
SO		 2059 dev->poll_dep = 0;
2060 return pn533_poll_dep(dev->nfc_dev);
2061 }
2062
b5193e5d
WR		 2063 if (mod->len == 0) { /* Listen mode */
2064 cmd_code = PN533_CMD_TG_INIT_AS_TARGET;
9e2d493e 2065 skb = pn533_alloc_poll_tg_frame(dev);
b5193e5d
WR		 2066 } else { /* Polling mode */
2067 cmd_code = PN533_CMD_IN_LIST_PASSIVE_TARGET;
9e2d493e 2068 skb = pn533_alloc_poll_in_frame(dev, mod);
b5193e5d
WR		 2069 }
2070
2071 if (!skb) {
073a625f 2072 nfc_err(&dev->interface->dev, "Failed to allocate skb\n");
b5193e5d
WR		 2073 return -ENOMEM;
2074 }
2075
2076 rc = pn533_send_cmd_async(dev, cmd_code, skb, pn533_poll_complete,
2077 NULL);
2078 if (rc < 0) {
2079 dev_kfree_skb(skb);
073a625f 2080 nfc_err(&dev->interface->dev, "Polling loop error %d\n", rc);
b5193e5d 2081 }
c46ee386 2082
6fbbdc16
SO		 2083 return rc;
2084}
2085
2086static void pn533_wq_poll(struct work_struct *work)
2087{
46f793b0 2088 struct pn533 *dev = container_of(work, struct pn533, poll_work.work);
6fbbdc16
SO		 2089 struct pn533_poll_modulations *cur_mod;
2090 int rc;
2091
2092 cur_mod = dev->poll_mod_active[dev->poll_mod_curr];
2093
b4834839
JP		 2094 dev_dbg(&dev->interface->dev,
2095 "%s cancel_listen %d modulation len %d\n",
2096 __func__, dev->cancel_listen, cur_mod->len);
6fbbdc16
SO		 2097
2098 if (dev->cancel_listen == 1) {
2099 dev->cancel_listen = 0;
10cff29a 2100 pn533_abort_cmd(dev, GFP_ATOMIC);
c46ee386
AAJ		 2101 }
2102
6fbbdc16
SO		 2103 rc = pn533_send_poll_frame(dev);
2104 if (rc)
2105 return;
c46ee386 2106
6fbbdc16
SO		 2107 if (cur_mod->len == 0 && dev->poll_mod_count > 1)
2108 mod_timer(&dev->listen_timer, jiffies + PN533_LISTEN_TIME * HZ);
c46ee386 2109
6fbbdc16 2110 return;
c46ee386
AAJ		 2111}
2112
fe7c5800
SO		 2113static int pn533_start_poll(struct nfc_dev *nfc_dev,
2114 u32 im_protocols, u32 tm_protocols)
2115{
2116 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
cec4b8ed 2117 struct pn533_poll_modulations *cur_mod;
dfccd0f5 2118 u8 rand_mod;
cec4b8ed 2119 int rc;
fe7c5800 2120
b4834839
JP		 2121 dev_dbg(&dev->interface->dev,
2122 "%s: im protocols 0x%x tm protocols 0x%x\n",
2123 __func__, im_protocols, tm_protocols);
fe7c5800
SO		 2124
2125 if (dev->tgt_active_prot) {
073a625f
JP		 2126 nfc_err(&dev->interface->dev,
2127 "Cannot poll with a target already activated\n");
fe7c5800
SO		 2128 return -EBUSY;
2129 }
2130
51ad304c 2131 if (dev->tgt_mode) {
073a625f
JP		 2132 nfc_err(&dev->interface->dev,
2133 "Cannot poll while already being activated\n");
51ad304c
SO		 2134 return -EBUSY;
2135 }
2136
6fbbdc16
SO		 2137 if (tm_protocols) {
2138 dev->gb = nfc_get_local_general_bytes(nfc_dev, &dev->gb_len);
2139 if (dev->gb == NULL)
2140 tm_protocols = 0;
2141 }
ad3823ce 2142
6fbbdc16
SO		 2143 pn533_poll_create_mod_list(dev, im_protocols, tm_protocols);
2144 dev->poll_protocols = im_protocols;
2145 dev->listen_protocols = tm_protocols;
ad3823ce 2146
dfccd0f5
SO		 2147 /* Do not always start polling from the same modulation */
2148 get_random_bytes(&rand_mod, sizeof(rand_mod));
2149 rand_mod %= dev->poll_mod_count;
2150 dev->poll_mod_curr = rand_mod;
2151
cec4b8ed
SO		 2152 cur_mod = dev->poll_mod_active[dev->poll_mod_curr];
2153
2154 rc = pn533_send_poll_frame(dev);
2155
2156 /* Start listen timer */
2157 if (!rc && cur_mod->len == 0 && dev->poll_mod_count > 1)
2158 mod_timer(&dev->listen_timer, jiffies + PN533_LISTEN_TIME * HZ);
2159
2160 return rc;
fe7c5800
SO		 2161}
2162
c46ee386
AAJ		 2163static void pn533_stop_poll(struct nfc_dev *nfc_dev)
2164{
2165 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
2166
6fbbdc16
SO		 2167 del_timer(&dev->listen_timer);
2168
c46ee386 2169 if (!dev->poll_mod_count) {
b4834839
JP		 2170 dev_dbg(&dev->interface->dev,
2171 "Polling operation was not running\n");
c46ee386
AAJ		 2172 return;
2173 }
2174
10cff29a 2175 pn533_abort_cmd(dev, GFP_KERNEL);
46f793b0 2176 flush_delayed_work(&dev->poll_work);
7c2a04a9 2177 pn533_poll_reset_mod_list(dev);
c46ee386
AAJ		 2178}
2179
2180static int pn533_activate_target_nfcdep(struct pn533 *dev)
2181{
cb950d93 2182 struct pn533_cmd_activate_response *rsp;
541d920b 2183 u16 gt_len;
c46ee386 2184 int rc;
cb950d93
WR		 2185 struct sk_buff *skb;
2186 struct sk_buff *resp;
c46ee386 2187
b4834839 2188 dev_dbg(&dev->interface->dev, "%s\n", __func__);
c46ee386 2189
9e2d493e 2190 skb = pn533_alloc_skb(dev, sizeof(u8) * 2); /*TG + Next*/
cb950d93
WR		 2191 if (!skb)
2192 return -ENOMEM;
c46ee386 2193
cb950d93
WR		 2194 *skb_put(skb, sizeof(u8)) = 1; /* TG */
2195 *skb_put(skb, sizeof(u8)) = 0; /* Next */
c46ee386 2196
cb950d93
WR		 2197 resp = pn533_send_cmd_sync(dev, PN533_CMD_IN_ATR, skb);
2198 if (IS_ERR(resp))
2199 return PTR_ERR(resp);
c46ee386 2200
37cf4fc6 2201 rsp = (struct pn533_cmd_activate_response *)resp->data;
cb950d93 2202 rc = rsp->status & PN533_CMD_RET_MASK;
8a0ecfe7 2203 if (rc != PN533_CMD_RET_SUCCESS) {
073a625f
JP		 2204 nfc_err(&dev->interface->dev,
2205 "Target activation failed (error 0x%x)\n", rc);
cb950d93 2206 dev_kfree_skb(resp);
c46ee386 2207 return -EIO;
8a0ecfe7 2208 }
c46ee386 2209
541d920b 2210 /* ATR_RES general bytes are located at offset 16 */
cb950d93
WR		 2211 gt_len = resp->len - 16;
2212 rc = nfc_set_remote_general_bytes(dev->nfc_dev, rsp->gt, gt_len);
541d920b 2213
cb950d93 2214 dev_kfree_skb(resp);
541d920b 2215 return rc;
c46ee386
AAJ		 2216}
2217
90099433
EL		 2218static int pn533_activate_target(struct nfc_dev *nfc_dev,
2219 struct nfc_target *target, u32 protocol)
c46ee386
AAJ		 2220{
2221 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
2222 int rc;
2223
17936b43 2224 dev_dbg(&dev->interface->dev, "%s: protocol=%u\n", __func__, protocol);
c46ee386
AAJ		 2225
2226 if (dev->poll_mod_count) {
073a625f 2227 nfc_err(&dev->interface->dev,
b4834839 2228 "Cannot activate while polling\n");
c46ee386
AAJ		 2229 return -EBUSY;
2230 }
2231
2232 if (dev->tgt_active_prot) {
073a625f
JP		 2233 nfc_err(&dev->interface->dev,
2234 "There is already an active target\n");
c46ee386
AAJ		 2235 return -EBUSY;
2236 }
2237
2238 if (!dev->tgt_available_prots) {
073a625f
JP		 2239 nfc_err(&dev->interface->dev,
2240 "There is no available target to activate\n");
c46ee386
AAJ		 2241 return -EINVAL;
2242 }
2243
2244 if (!(dev->tgt_available_prots & (1 << protocol))) {
073a625f
JP		 2245 nfc_err(&dev->interface->dev,
2246 "Target doesn't support requested proto %u\n",
2247 protocol);
c46ee386
AAJ		 2248 return -EINVAL;
2249 }
2250
2251 if (protocol == NFC_PROTO_NFC_DEP) {
2252 rc = pn533_activate_target_nfcdep(dev);
2253 if (rc) {
073a625f
JP		 2254 nfc_err(&dev->interface->dev,
2255 "Activating target with DEP failed %d\n", rc);
c46ee386
AAJ		 2256 return rc;
2257 }
2258 }
2259
2260 dev->tgt_active_prot = protocol;
2261 dev->tgt_available_prots = 0;
2262
2263 return 0;
2264}
2265
37f895d7
MT		 2266static int pn533_deactivate_target_complete(struct pn533 *dev, void *arg,
2267 struct sk_buff *resp)
2268{
2269 int rc = 0;
2270
2271 dev_dbg(&dev->interface->dev, "%s\n", __func__);
2272
2273 if (IS_ERR(resp)) {
2274 rc = PTR_ERR(resp);
2275
2276 nfc_err(&dev->interface->dev, "Target release error %d\n", rc);
2277
2278 return rc;
2279 }
2280
2281 rc = resp->data[0] & PN533_CMD_RET_MASK;
2282 if (rc != PN533_CMD_RET_SUCCESS)
2283 nfc_err(&dev->interface->dev,
2284 "Error 0x%x when releasing the target\n", rc);
2285
2286 dev_kfree_skb(resp);
2287 return rc;
2288}
2289
90099433 2290static void pn533_deactivate_target(struct nfc_dev *nfc_dev,
96d4581f 2291 struct nfc_target *target, u8 mode)
c46ee386
AAJ		 2292{
2293 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
cb950d93 2294 struct sk_buff *skb;
c46ee386
AAJ		 2295 int rc;
2296
b4834839 2297 dev_dbg(&dev->interface->dev, "%s\n", __func__);
c46ee386
AAJ		 2298
2299 if (!dev->tgt_active_prot) {
073a625f 2300 nfc_err(&dev->interface->dev, "There is no active target\n");
c46ee386
AAJ		 2301 return;
2302 }
2303
2304 dev->tgt_active_prot = 0;
6ff73fd2
SO		 2305 skb_queue_purge(&dev->resp_q);
2306
9e2d493e 2307 skb = pn533_alloc_skb(dev, sizeof(u8));
cb950d93
WR		 2308 if (!skb)
2309 return;
c46ee386 2310
cb950d93 2311 *skb_put(skb, 1) = 1; /* TG*/
c46ee386 2312
37f895d7
MT		 2313 rc = pn533_send_cmd_async(dev, PN533_CMD_IN_RELEASE, skb,
2314 pn533_deactivate_target_complete, NULL);
2315 if (rc < 0) {
2316 dev_kfree_skb(skb);
2317 nfc_err(&dev->interface->dev, "Target release error %d\n", rc);
2318 }
c46ee386
AAJ		 2319
2320 return;
2321}
2322
361f3cb7
SO		 2323
2324static int pn533_in_dep_link_up_complete(struct pn533 *dev, void *arg,
13003649 2325 struct sk_buff *resp)
361f3cb7 2326{
13003649 2327 struct pn533_cmd_jump_dep_response *rsp;
361f3cb7
SO		 2328 u8 target_gt_len;
2329 int rc;
13003649 2330 u8 active = *(u8 *)arg;
70418e6e
WR		 2331
2332 kfree(arg);
361f3cb7 2333
13003649
WR		 2334 if (IS_ERR(resp))
2335 return PTR_ERR(resp);
361f3cb7
SO		 2336
2337 if (dev->tgt_available_prots &&
2338 !(dev->tgt_available_prots & (1 << NFC_PROTO_NFC_DEP))) {
073a625f
JP		 2339 nfc_err(&dev->interface->dev,
2340 "The target does not support DEP\n");
13003649
WR		 2341 rc = -EINVAL;
2342 goto error;
361f3cb7
SO		 2343 }
2344
13003649
WR		 2345 rsp = (struct pn533_cmd_jump_dep_response *)resp->data;
2346
2347 rc = rsp->status & PN533_CMD_RET_MASK;
361f3cb7 2348 if (rc != PN533_CMD_RET_SUCCESS) {
073a625f
JP		 2349 nfc_err(&dev->interface->dev,
2350 "Bringing DEP link up failed (error 0x%x)\n", rc);
13003649 2351 goto error;
361f3cb7
SO		 2352 }
2353
2354 if (!dev->tgt_available_prots) {
13003649
WR		 2355 struct nfc_target nfc_target;
2356
b4834839 2357 dev_dbg(&dev->interface->dev, "Creating new target\n");
361f3cb7
SO		 2358
2359 nfc_target.supported_protocols = NFC_PROTO_NFC_DEP_MASK;
2fbabfa4 2360 nfc_target.nfcid1_len = 10;
13003649 2361 memcpy(nfc_target.nfcid1, rsp->nfcid3t, nfc_target.nfcid1_len);
361f3cb7
SO		 2362 rc = nfc_targets_found(dev->nfc_dev, &nfc_target, 1);
2363 if (rc)
13003649 2364 goto error;
361f3cb7
SO		 2365
2366 dev->tgt_available_prots = 0;
2367 }
2368
2369 dev->tgt_active_prot = NFC_PROTO_NFC_DEP;
2370
2371 /* ATR_RES general bytes are located at offset 17 */
13003649 2372 target_gt_len = resp->len - 17;
361f3cb7 2373 rc = nfc_set_remote_general_bytes(dev->nfc_dev,
13003649 2374 rsp->gt, target_gt_len);
361f3cb7
SO		 2375 if (rc == 0)
2376 rc = nfc_dep_link_is_up(dev->nfc_dev,
13003649
WR		 2377 dev->nfc_dev->targets[0].idx,
2378 !active, NFC_RF_INITIATOR);
361f3cb7 2379
13003649
WR		 2380error:
2381 dev_kfree_skb(resp);
2382 return rc;
361f3cb7
SO		 2383}
2384
17e9d9d4 2385static int pn533_rf_field(struct nfc_dev *nfc_dev, u8 rf);
90099433 2386static int pn533_dep_link_up(struct nfc_dev *nfc_dev, struct nfc_target *target,
37cf4fc6 2387 u8 comm_mode, u8 *gb, size_t gb_len)
361f3cb7
SO		 2388{
2389 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
13003649 2390 struct sk_buff *skb;
5eef4845
SO		 2391 int rc, skb_len;
2392 u8 *next, *arg, nfcid3[NFC_NFCID3_MAXSIZE];
d7f3345d 2393 u8 passive_data[PASSIVE_DATA_LEN] = {0x00, 0xff, 0xff, 0x00, 0x3};
361f3cb7 2394
b4834839 2395 dev_dbg(&dev->interface->dev, "%s\n", __func__);
361f3cb7 2396
361f3cb7 2397 if (dev->poll_mod_count) {
073a625f
JP		 2398 nfc_err(&dev->interface->dev,
2399 "Cannot bring the DEP link up while polling\n");
361f3cb7
SO		 2400 return -EBUSY;
2401 }
2402
2403 if (dev->tgt_active_prot) {
073a625f
JP		 2404 nfc_err(&dev->interface->dev,
2405 "There is already an active target\n");
361f3cb7
SO		 2406 return -EBUSY;
2407 }
2408
13003649 2409 skb_len = 3 + gb_len; /* ActPass + BR + Next */
5eef4845 2410 skb_len += PASSIVE_DATA_LEN;
d7f3345d 2411
5eef4845
SO		 2412 /* NFCID3 */
2413 skb_len += NFC_NFCID3_MAXSIZE;
2414 if (target && !target->nfcid2_len) {
2415 nfcid3[0] = 0x1;
2416 nfcid3[1] = 0xfe;
2417 get_random_bytes(nfcid3 + 2, 6);
2418 }
322bce95 2419
9e2d493e 2420 skb = pn533_alloc_skb(dev, skb_len);
13003649 2421 if (!skb)
361f3cb7
SO		 2422 return -ENOMEM;
2423
13003649 2424 *skb_put(skb, 1) = !comm_mode; /* ActPass */
5eef4845 2425 *skb_put(skb, 1) = 0x02; /* 424 kbps */
13003649
WR		 2426
2427 next = skb_put(skb, 1); /* Next */
2428 *next = 0;
361f3cb7 2429
5eef4845
SO		 2430 /* Copy passive data */
2431 memcpy(skb_put(skb, PASSIVE_DATA_LEN), passive_data, PASSIVE_DATA_LEN);
2432 *next |= 1;
d7f3345d 2433
5eef4845
SO		 2434 /* Copy NFCID3 (which is NFCID2 from SENSF_RES) */
2435 if (target && target->nfcid2_len)
322bce95
SO		 2436 memcpy(skb_put(skb, NFC_NFCID3_MAXSIZE), target->nfcid2,
2437 target->nfcid2_len);
5eef4845
SO		 2438 else
2439 memcpy(skb_put(skb, NFC_NFCID3_MAXSIZE), nfcid3,
2440 NFC_NFCID3_MAXSIZE);
2441 *next |= 2;
322bce95 2442
47807d3d 2443 if (gb != NULL && gb_len > 0) {
13003649
WR		 2444 memcpy(skb_put(skb, gb_len), gb, gb_len);
2445 *next |= 4; /* We have some Gi */
361f3cb7 2446 } else {
13003649 2447 *next = 0;
361f3cb7
SO		 2448 }
2449
13003649
WR		 2450 arg = kmalloc(sizeof(*arg), GFP_KERNEL);
2451 if (!arg) {
2452 dev_kfree_skb(skb);
2453 return -ENOMEM;
2454 }
361f3cb7 2455
13003649 2456 *arg = !comm_mode;
361f3cb7 2457
17e9d9d4
SO		 2458 pn533_rf_field(dev->nfc_dev, 0);
2459
13003649
WR		 2460 rc = pn533_send_cmd_async(dev, PN533_CMD_IN_JUMP_FOR_DEP, skb,
2461 pn533_in_dep_link_up_complete, arg);
2462
2463 if (rc < 0) {
2464 dev_kfree_skb(skb);
2465 kfree(arg);
2466 }
361f3cb7
SO		 2467
2468 return rc;
2469}
2470
2471static int pn533_dep_link_down(struct nfc_dev *nfc_dev)
2472{
6fbbdc16
SO		 2473 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
2474
b4834839 2475 dev_dbg(&dev->interface->dev, "%s\n", __func__);
fcfafc76 2476
6fbbdc16
SO		 2477 pn533_poll_reset_mod_list(dev);
2478
10cff29a
WR		 2479 if (dev->tgt_mode || dev->tgt_active_prot)
2480 pn533_abort_cmd(dev, GFP_KERNEL);
51ad304c
SO		 2481
2482 dev->tgt_active_prot = 0;
2483 dev->tgt_mode = 0;
2484
2485 skb_queue_purge(&dev->resp_q);
361f3cb7
SO		 2486
2487 return 0;
2488}
2489
c46ee386 2490struct pn533_data_exchange_arg {
c46ee386
AAJ		 2491 data_exchange_cb_t cb;
2492 void *cb_context;
2493};
2494
6ff73fd2
SO		 2495static struct sk_buff *pn533_build_response(struct pn533 *dev)
2496{
2497 struct sk_buff *skb, *tmp, *t;
2498 unsigned int skb_len = 0, tmp_len = 0;
2499
b4834839 2500 dev_dbg(&dev->interface->dev, "%s\n", __func__);
6ff73fd2
SO		 2501
2502 if (skb_queue_empty(&dev->resp_q))
2503 return NULL;
2504
2505 if (skb_queue_len(&dev->resp_q) == 1) {
2506 skb = skb_dequeue(&dev->resp_q);
2507 goto out;
2508 }
2509
2510 skb_queue_walk_safe(&dev->resp_q, tmp, t)
2511 skb_len += tmp->len;
2512
b4834839
JP		 2513 dev_dbg(&dev->interface->dev, "%s total length %d\n",
2514 __func__, skb_len);
6ff73fd2
SO		 2515
2516 skb = alloc_skb(skb_len, GFP_KERNEL);
2517 if (skb == NULL)
2518 goto out;
2519
2520 skb_put(skb, skb_len);
2521
2522 skb_queue_walk_safe(&dev->resp_q, tmp, t) {
2523 memcpy(skb->data + tmp_len, tmp->data, tmp->len);
2524 tmp_len += tmp->len;
2525 }
2526
2527out:
2528 skb_queue_purge(&dev->resp_q);
2529
2530 return skb;
2531}
2532
c46ee386 2533static int pn533_data_exchange_complete(struct pn533 *dev, void *_arg,
b1e666f5 2534 struct sk_buff *resp)
c46ee386
AAJ		 2535{
2536 struct pn533_data_exchange_arg *arg = _arg;
b1e666f5
WR		 2537 struct sk_buff *skb;
2538 int rc = 0;
2539 u8 status, ret, mi;
c46ee386 2540
b4834839 2541 dev_dbg(&dev->interface->dev, "%s\n", __func__);
c46ee386 2542
b1e666f5
WR		 2543 if (IS_ERR(resp)) {
2544 rc = PTR_ERR(resp);
2545 goto _error;
c46ee386
AAJ		 2546 }
2547
b1e666f5
WR		 2548 status = resp->data[0];
2549 ret = status & PN533_CMD_RET_MASK;
2550 mi = status & PN533_CMD_MI_MASK;
2551
2552 skb_pull(resp, sizeof(status));
c46ee386 2553
b1e666f5 2554 if (ret != PN533_CMD_RET_SUCCESS) {
073a625f
JP		 2555 nfc_err(&dev->interface->dev,
2556 "Exchanging data failed (error 0x%x)\n", ret);
b1e666f5 2557 rc = -EIO;
c46ee386
AAJ		 2558 goto error;
2559 }
2560
b1e666f5 2561 skb_queue_tail(&dev->resp_q, resp);
6ff73fd2 2562
b1e666f5
WR		 2563 if (mi) {
2564 dev->cmd_complete_mi_arg = arg;
963a82e0
OG		 2565 queue_work(dev->wq, &dev->mi_rx_work);
2566 return -EINPROGRESS;
2567 }
2568
2569 /* Prepare for the next round */
2570 if (skb_queue_len(&dev->fragment_skb) > 0) {
2571 dev->cmd_complete_dep_arg = arg;
2572 queue_work(dev->wq, &dev->mi_tx_work);
2573
6ff73fd2 2574 return -EINPROGRESS;
c46ee386
AAJ		 2575 }
2576
6ff73fd2 2577 skb = pn533_build_response(dev);
5df848f3
JL		 2578 if (!skb) {
2579 rc = -ENOMEM;
6ff73fd2 2580 goto error;
5df848f3 2581 }
c46ee386 2582
6ff73fd2 2583 arg->cb(arg->cb_context, skb, 0);
c46ee386
AAJ		 2584 kfree(arg);
2585 return 0;
2586
2587error:
b1e666f5
WR		 2588 dev_kfree_skb(resp);
2589_error:
6ff73fd2 2590 skb_queue_purge(&dev->resp_q);
b1e666f5 2591 arg->cb(arg->cb_context, NULL, rc);
c46ee386 2592 kfree(arg);
b1e666f5 2593 return rc;
c46ee386
AAJ		 2594}
2595
963a82e0
OG		 2596/* Split the Tx skb into small chunks */
2597static int pn533_fill_fragment_skbs(struct pn533 *dev, struct sk_buff *skb)
2598{
2599 struct sk_buff *frag;
2600 int frag_size;
2601
2602 do {
2603 /* Remaining size */
2604 if (skb->len > PN533_CMD_DATAFRAME_MAXLEN)
2605 frag_size = PN533_CMD_DATAFRAME_MAXLEN;
2606 else
2607 frag_size = skb->len;
2608
2609 /* Allocate and reserve */
2610 frag = pn533_alloc_skb(dev, frag_size);
2611 if (!frag) {
2612 skb_queue_purge(&dev->fragment_skb);
2613 break;
2614 }
2615
22953f93
OG		 2616 if (!dev->tgt_mode) {
2617 /* Reserve the TG/MI byte */
2618 skb_reserve(frag, 1);
2619
2620 /* MI + TG */
2621 if (frag_size == PN533_CMD_DATAFRAME_MAXLEN)
2622 *skb_push(frag, sizeof(u8)) =
2623 (PN533_CMD_MI_MASK | 1);
2624 else
2625 *skb_push(frag, sizeof(u8)) = 1; /* TG */
2626 }
963a82e0
OG		 2627
2628 memcpy(skb_put(frag, frag_size), skb->data, frag_size);
2629
2630 /* Reduce the size of incoming buffer */
2631 skb_pull(skb, frag_size);
2632
2633 /* Add this to skb_queue */
2634 skb_queue_tail(&dev->fragment_skb, frag);
2635
2636 } while (skb->len > 0);
2637
2638 dev_kfree_skb(skb);
2639
2640 return skb_queue_len(&dev->fragment_skb);
2641}
2642
be9ae4ce
SO		 2643static int pn533_transceive(struct nfc_dev *nfc_dev,
2644 struct nfc_target *target, struct sk_buff *skb,
2645 data_exchange_cb_t cb, void *cb_context)
c46ee386
AAJ		 2646{
2647 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
b1e666f5 2648 struct pn533_data_exchange_arg *arg = NULL;
c46ee386
AAJ		 2649 int rc;
2650
b4834839 2651 dev_dbg(&dev->interface->dev, "%s\n", __func__);
c46ee386
AAJ		 2652
2653 if (!dev->tgt_active_prot) {
073a625f
JP		 2654 nfc_err(&dev->interface->dev,
2655 "Can't exchange data if there is no active target\n");
c46ee386
AAJ		 2656 rc = -EINVAL;
2657 goto error;
2658 }
2659
b1e666f5 2660 arg = kmalloc(sizeof(*arg), GFP_KERNEL);
c46ee386
AAJ		 2661 if (!arg) {
2662 rc = -ENOMEM;
b1e666f5 2663 goto error;
c46ee386
AAJ		 2664 }
2665
c46ee386
AAJ		 2666 arg->cb = cb;
2667 arg->cb_context = cb_context;
2668
b1e666f5
WR		 2669 switch (dev->device_type) {
2670 case PN533_DEVICE_PASORI:
2671 if (dev->tgt_active_prot == NFC_PROTO_FELICA) {
2672 rc = pn533_send_data_async(dev, PN533_CMD_IN_COMM_THRU,
2673 skb,
2674 pn533_data_exchange_complete,
2675 arg);
2676
2677 break;
2678 }
2679 default:
963a82e0
OG		 2680 /* jumbo frame ? */
2681 if (skb->len > PN533_CMD_DATAEXCH_DATA_MAXLEN) {
2682 rc = pn533_fill_fragment_skbs(dev, skb);
2683 if (rc <= 0)
2684 goto error;
2685
2686 skb = skb_dequeue(&dev->fragment_skb);
2687 if (!skb) {
2688 rc = -EIO;
2689 goto error;
2690 }
2691 } else {
2692 *skb_push(skb, sizeof(u8)) = 1; /* TG */
2693 }
b1e666f5
WR		 2694
2695 rc = pn533_send_data_async(dev, PN533_CMD_IN_DATA_EXCHANGE,
2696 skb, pn533_data_exchange_complete,
2697 arg);
2698
2699 break;
c46ee386
AAJ		 2700 }
2701
b1e666f5
WR		 2702 if (rc < 0) /* rc from send_async */
2703 goto error;
2704
c46ee386
AAJ		 2705 return 0;
2706
c46ee386 2707error:
b1e666f5
WR		 2708 kfree(arg);
2709 dev_kfree_skb(skb);
c46ee386
AAJ		 2710 return rc;
2711}
2712
dadb06f2 2713static int pn533_tm_send_complete(struct pn533 *dev, void *arg,
e4878823 2714 struct sk_buff *resp)
dadb06f2 2715{
e4878823 2716 u8 status;
5b412fd1 2717
b4834839 2718 dev_dbg(&dev->interface->dev, "%s\n", __func__);
dadb06f2 2719
e4878823
WR		 2720 if (IS_ERR(resp))
2721 return PTR_ERR(resp);
5b412fd1 2722
e4878823 2723 status = resp->data[0];
dadb06f2 2724
93ad4202
OG		 2725 /* Prepare for the next round */
2726 if (skb_queue_len(&dev->fragment_skb) > 0) {
2727 queue_work(dev->wq, &dev->mi_tm_tx_work);
2728 return -EINPROGRESS;
2729 }
e4878823 2730 dev_kfree_skb(resp);
dadb06f2 2731
e4878823 2732 if (status != 0) {
dadb06f2
SO		 2733 nfc_tm_deactivated(dev->nfc_dev);
2734
51ad304c
SO		 2735 dev->tgt_mode = 0;
2736
dadb06f2
SO		 2737 return 0;
2738 }
2739
2740 queue_work(dev->wq, &dev->tg_work);
2741
2742 return 0;
2743}
2744
2745static int pn533_tm_send(struct nfc_dev *nfc_dev, struct sk_buff *skb)
2746{
2747 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
dadb06f2
SO		 2748 int rc;
2749
b4834839 2750 dev_dbg(&dev->interface->dev, "%s\n", __func__);
dadb06f2 2751
93ad4202 2752 /* let's split in multiple chunks if size's too big */
e4878823 2753 if (skb->len > PN533_CMD_DATAEXCH_DATA_MAXLEN) {
93ad4202
OG		 2754 rc = pn533_fill_fragment_skbs(dev, skb);
2755 if (rc <= 0)
2756 goto error;
2757
2758 /* get the first skb */
2759 skb = skb_dequeue(&dev->fragment_skb);
2760 if (!skb) {
2761 rc = -EIO;
2762 goto error;
2763 }
2764
2765 rc = pn533_send_data_async(dev, PN533_CMD_TG_SET_META_DATA, skb,
2766 pn533_tm_send_complete, NULL);
2767 } else {
2768 /* Send th skb */
2769 rc = pn533_send_data_async(dev, PN533_CMD_TG_SET_DATA, skb,
2770 pn533_tm_send_complete, NULL);
dadb06f2
SO		 2771 }
2772
93ad4202
OG		 2773error:
2774 if (rc < 0) {
e4878823 2775 dev_kfree_skb(skb);
93ad4202
OG		 2776 skb_queue_purge(&dev->fragment_skb);
2777 }
dadb06f2
SO		 2778
2779 return rc;
2780}
2781
6ff73fd2
SO		 2782static void pn533_wq_mi_recv(struct work_struct *work)
2783{
963a82e0 2784 struct pn533 *dev = container_of(work, struct pn533, mi_rx_work);
b1e666f5 2785 struct sk_buff *skb;
6ff73fd2
SO		 2786 int rc;
2787
b4834839 2788 dev_dbg(&dev->interface->dev, "%s\n", __func__);
6ff73fd2 2789
9e2d493e 2790 skb = pn533_alloc_skb(dev, PN533_CMD_DATAEXCH_HEAD_LEN);
b1e666f5
WR		 2791 if (!skb)
2792 goto error;
6ff73fd2 2793
b1e666f5
WR		 2794 switch (dev->device_type) {
2795 case PN533_DEVICE_PASORI:
2796 if (dev->tgt_active_prot == NFC_PROTO_FELICA) {
2797 rc = pn533_send_cmd_direct_async(dev,
2798 PN533_CMD_IN_COMM_THRU,
2799 skb,
2800 pn533_data_exchange_complete,
2801 dev->cmd_complete_mi_arg);
6ff73fd2 2802
b1e666f5
WR		 2803 break;
2804 }
2805 default:
2806 *skb_put(skb, sizeof(u8)) = 1; /*TG*/
6ff73fd2 2807
b1e666f5
WR		 2808 rc = pn533_send_cmd_direct_async(dev,
2809 PN533_CMD_IN_DATA_EXCHANGE,
2810 skb,
2811 pn533_data_exchange_complete,
2812 dev->cmd_complete_mi_arg);
b1bb290a 2813
b1e666f5 2814 break;
6ff73fd2
SO		 2815 }
2816
b1e666f5 2817 if (rc == 0) /* success */
6ff73fd2
SO		 2818 return;
2819
073a625f
JP		 2820 nfc_err(&dev->interface->dev,
2821 "Error %d when trying to perform data_exchange\n", rc);
6ff73fd2 2822
b1e666f5 2823 dev_kfree_skb(skb);
140ef7f6 2824 kfree(dev->cmd_complete_mi_arg);
6ff73fd2 2825
b1e666f5 2826error:
6ff73fd2 2827 pn533_send_ack(dev, GFP_KERNEL);
5d50b364 2828 queue_work(dev->wq, &dev->cmd_work);
6ff73fd2
SO		 2829}
2830
963a82e0
OG		 2831static void pn533_wq_mi_send(struct work_struct *work)
2832{
2833 struct pn533 *dev = container_of(work, struct pn533, mi_tx_work);
2834 struct sk_buff *skb;
2835 int rc;
2836
b4834839 2837 dev_dbg(&dev->interface->dev, "%s\n", __func__);
963a82e0
OG		 2838
2839 /* Grab the first skb in the queue */
2840 skb = skb_dequeue(&dev->fragment_skb);
2841
2842 if (skb == NULL) { /* No more data */
2843 /* Reset the queue for future use */
2844 skb_queue_head_init(&dev->fragment_skb);
2845 goto error;
2846 }
2847
2848 switch (dev->device_type) {
2849 case PN533_DEVICE_PASORI:
2850 if (dev->tgt_active_prot != NFC_PROTO_FELICA) {
2851 rc = -EIO;
2852 break;
2853 }
2854
2855 rc = pn533_send_cmd_direct_async(dev, PN533_CMD_IN_COMM_THRU,
2856 skb,
2857 pn533_data_exchange_complete,
2858 dev->cmd_complete_dep_arg);
2859
2860 break;
2861
2862 default:
2863 /* Still some fragments? */
2864 rc = pn533_send_cmd_direct_async(dev,PN533_CMD_IN_DATA_EXCHANGE,
2865 skb,
2866 pn533_data_exchange_complete,
2867 dev->cmd_complete_dep_arg);
2868
2869 break;
2870 }
2871
2872 if (rc == 0) /* success */
2873 return;
2874
073a625f
JP		 2875 nfc_err(&dev->interface->dev,
2876 "Error %d when trying to perform data_exchange\n", rc);
963a82e0
OG		 2877
2878 dev_kfree_skb(skb);
2879 kfree(dev->cmd_complete_dep_arg);
2880
2881error:
2882 pn533_send_ack(dev, GFP_KERNEL);
2883 queue_work(dev->wq, &dev->cmd_work);
2884}
2885
c46ee386
AAJ		 2886static int pn533_set_configuration(struct pn533 *dev, u8 cfgitem, u8 *cfgdata,
2887 u8 cfgdata_len)
2888{
cb950d93
WR		 2889 struct sk_buff *skb;
2890 struct sk_buff *resp;
cb950d93 2891 int skb_len;
c46ee386 2892
b4834839 2893 dev_dbg(&dev->interface->dev, "%s\n", __func__);
c46ee386 2894
cb950d93 2895 skb_len = sizeof(cfgitem) + cfgdata_len; /* cfgitem + cfgdata */
c46ee386 2896
9e2d493e 2897 skb = pn533_alloc_skb(dev, skb_len);
cb950d93
WR		 2898 if (!skb)
2899 return -ENOMEM;
c46ee386 2900
cb950d93
WR		 2901 *skb_put(skb, sizeof(cfgitem)) = cfgitem;
2902 memcpy(skb_put(skb, cfgdata_len), cfgdata, cfgdata_len);
c46ee386 2903
cb950d93
WR		 2904 resp = pn533_send_cmd_sync(dev, PN533_CMD_RF_CONFIGURATION, skb);
2905 if (IS_ERR(resp))
2906 return PTR_ERR(resp);
c46ee386 2907
cb950d93
WR		 2908 dev_kfree_skb(resp);
2909 return 0;
2910}
2911
2912static int pn533_get_firmware_version(struct pn533 *dev,
2913 struct pn533_fw_version *fv)
2914{
2915 struct sk_buff *skb;
2916 struct sk_buff *resp;
2917
9e2d493e 2918 skb = pn533_alloc_skb(dev, 0);
cb950d93
WR		 2919 if (!skb)
2920 return -ENOMEM;
2921
2922 resp = pn533_send_cmd_sync(dev, PN533_CMD_GET_FIRMWARE_VERSION, skb);
2923 if (IS_ERR(resp))
2924 return PTR_ERR(resp);
2925
2926 fv->ic = resp->data[0];
2927 fv->ver = resp->data[1];
2928 fv->rev = resp->data[2];
2929 fv->support = resp->data[3];
2930
2931 dev_kfree_skb(resp);
2932 return 0;
c46ee386
AAJ		 2933}
2934
f75c2913 2935static int pn533_pasori_fw_reset(struct pn533 *dev)
5c7b0531 2936{
cb950d93
WR		 2937 struct sk_buff *skb;
2938 struct sk_buff *resp;
5c7b0531 2939
b4834839 2940 dev_dbg(&dev->interface->dev, "%s\n", __func__);
5c7b0531 2941
9e2d493e 2942 skb = pn533_alloc_skb(dev, sizeof(u8));
cb950d93
WR		 2943 if (!skb)
2944 return -ENOMEM;
5c7b0531 2945
cb950d93 2946 *skb_put(skb, sizeof(u8)) = 0x1;
5c7b0531 2947
cb950d93
WR		 2948 resp = pn533_send_cmd_sync(dev, 0x18, skb);
2949 if (IS_ERR(resp))
2950 return PTR_ERR(resp);
5c7b0531 2951
cb950d93 2952 dev_kfree_skb(resp);
5c7b0531 2953
94c5c156 2954 return 0;
5c7b0531
SO		 2955}
2956
53cf4839
WR		 2957struct pn533_acr122_poweron_rdr_arg {
2958 int rc;
2959 struct completion done;
2960};
2961
2962static void pn533_acr122_poweron_rdr_resp(struct urb *urb)
2963{
2964 struct pn533_acr122_poweron_rdr_arg *arg = urb->context;
2965
b4834839 2966 dev_dbg(&urb->dev->dev, "%s\n", __func__);
53cf4839 2967
86eca4e7 2968 print_hex_dump_debug("ACR122 RX: ", DUMP_PREFIX_NONE, 16, 1,
53cf4839
WR		 2969 urb->transfer_buffer, urb->transfer_buffer_length,
2970 false);
2971
2972 arg->rc = urb->status;
2973 complete(&arg->done);
2974}
2975
2976static int pn533_acr122_poweron_rdr(struct pn533 *dev)
2977{
2978 /* Power on th reader (CCID cmd) */
2979 u8 cmd[10] = {PN533_ACR122_PC_TO_RDR_ICCPOWERON,
2980 0, 0, 0, 0, 0, 0, 3, 0, 0};
2981 u8 buf[255];
2982 int rc;
2983 void *cntx;
2984 struct pn533_acr122_poweron_rdr_arg arg;
2985
b4834839 2986 dev_dbg(&dev->interface->dev, "%s\n", __func__);
53cf4839
WR		 2987
2988 init_completion(&arg.done);
2989 cntx = dev->in_urb->context; /* backup context */
2990
2991 dev->in_urb->transfer_buffer = buf;
2992 dev->in_urb->transfer_buffer_length = 255;
2993 dev->in_urb->complete = pn533_acr122_poweron_rdr_resp;
2994 dev->in_urb->context = &arg;
2995
2996 dev->out_urb->transfer_buffer = cmd;
2997 dev->out_urb->transfer_buffer_length = sizeof(cmd);
2998
86eca4e7 2999 print_hex_dump_debug("ACR122 TX: ", DUMP_PREFIX_NONE, 16, 1,
53cf4839
WR		 3000 cmd, sizeof(cmd), false);
3001
3002 rc = usb_submit_urb(dev->out_urb, GFP_KERNEL);
3003 if (rc) {
073a625f
JP		 3004 nfc_err(&dev->interface->dev,
3005 "Reader power on cmd error %d\n", rc);
53cf4839
WR		 3006 return rc;
3007 }
3008
3009 rc = usb_submit_urb(dev->in_urb, GFP_KERNEL);
3010 if (rc) {
073a625f
JP		 3011 nfc_err(&dev->interface->dev,
3012 "Can't submit reader poweron cmd response %d\n", rc);
53cf4839
WR		 3013 return rc;
3014 }
3015
3016 wait_for_completion(&arg.done);
3017 dev->in_urb->context = cntx; /* restore context */
3018
3019 return arg.rc;
3020}
3021
60d9edd5
SO		 3022static int pn533_rf_field(struct nfc_dev *nfc_dev, u8 rf)
3023{
3024 struct pn533 *dev = nfc_get_drvdata(nfc_dev);
3025 u8 rf_field = !!rf;
3026 int rc;
3027
3a8eab39
SO		 3028 rf_field |= PN533_CFGITEM_RF_FIELD_AUTO_RFCA;
3029
60d9edd5
SO		 3030 rc = pn533_set_configuration(dev, PN533_CFGITEM_RF_FIELD,
3031 (u8 *)&rf_field, 1);
3032 if (rc) {
073a625f 3033 nfc_err(&dev->interface->dev, "Error on setting RF field\n");
60d9edd5
SO		 3034 return rc;
3035 }
3036
3037 return rc;
3038}
3039
e44666b9 3040static int pn533_dev_up(struct nfc_dev *nfc_dev)
60d9edd5
SO		 3041{
3042 return pn533_rf_field(nfc_dev, 1);
3043}
3044
e44666b9 3045static int pn533_dev_down(struct nfc_dev *nfc_dev)
60d9edd5
SO		 3046{
3047 return pn533_rf_field(nfc_dev, 0);
3048}
3049
5c7b0531 3050static struct nfc_ops pn533_nfc_ops = {
60d9edd5
SO		 3051 .dev_up = pn533_dev_up,
3052 .dev_down = pn533_dev_down,
361f3cb7
SO		 3053 .dep_link_up = pn533_dep_link_up,
3054 .dep_link_down = pn533_dep_link_down,
c46ee386
AAJ		 3055 .start_poll = pn533_start_poll,
3056 .stop_poll = pn533_stop_poll,
3057 .activate_target = pn533_activate_target,
3058 .deactivate_target = pn533_deactivate_target,
be9ae4ce 3059 .im_transceive = pn533_transceive,
dadb06f2 3060 .tm_send = pn533_tm_send,
c46ee386
AAJ		 3061};
3062
5c7b0531
SO		 3063static int pn533_setup(struct pn533 *dev)
3064{
3065 struct pn533_config_max_retries max_retries;
3066 struct pn533_config_timing timing;
3067 u8 pasori_cfg[3] = {0x08, 0x01, 0x08};
3068 int rc;
3069
3070 switch (dev->device_type) {
3071 case PN533_DEVICE_STD:
5c7b0531 3072 case PN533_DEVICE_PASORI:
53cf4839 3073 case PN533_DEVICE_ACR122U:
5c7b0531
SO		 3074 max_retries.mx_rty_atr = 0x2;
3075 max_retries.mx_rty_psl = 0x1;
3076 max_retries.mx_rty_passive_act =
3077 PN533_CONFIG_MAX_RETRIES_NO_RETRY;
3078
3079 timing.rfu = PN533_CONFIG_TIMING_102;
3080 timing.atr_res_timeout = PN533_CONFIG_TIMING_102;
3081 timing.dep_timeout = PN533_CONFIG_TIMING_204;
3082
3083 break;
3084
3085 default:
073a625f
JP		 3086 nfc_err(&dev->interface->dev, "Unknown device type %d\n",
3087 dev->device_type);
5c7b0531
SO		 3088 return -EINVAL;
3089 }
3090
3091 rc = pn533_set_configuration(dev, PN533_CFGITEM_MAX_RETRIES,
3092 (u8 *)&max_retries, sizeof(max_retries));
3093 if (rc) {
073a625f
JP		 3094 nfc_err(&dev->interface->dev,
3095 "Error on setting MAX_RETRIES config\n");
5c7b0531
SO		 3096 return rc;
3097 }
3098
3099
3100 rc = pn533_set_configuration(dev, PN533_CFGITEM_TIMING,
3101 (u8 *)&timing, sizeof(timing));
3102 if (rc) {
073a625f 3103 nfc_err(&dev->interface->dev, "Error on setting RF timings\n");
5c7b0531
SO		 3104 return rc;
3105 }
3106
3107 switch (dev->device_type) {
3108 case PN533_DEVICE_STD:
3109 break;
3110
3111 case PN533_DEVICE_PASORI:
f75c2913 3112 pn533_pasori_fw_reset(dev);
5c7b0531
SO		 3113
3114 rc = pn533_set_configuration(dev, PN533_CFGITEM_PASORI,
3115 pasori_cfg, 3);
3116 if (rc) {
073a625f
JP		 3117 nfc_err(&dev->interface->dev,
3118 "Error while settings PASORI config\n");
5c7b0531
SO		 3119 return rc;
3120 }
3121
f75c2913 3122 pn533_pasori_fw_reset(dev);
5c7b0531
SO		 3123
3124 break;
3125 }
3126
3127 return 0;
3128}
3129
c46ee386
AAJ		 3130static int pn533_probe(struct usb_interface *interface,
3131 const struct usb_device_id *id)
3132{
cb950d93 3133 struct pn533_fw_version fw_ver;
c46ee386
AAJ		 3134 struct pn533 *dev;
3135 struct usb_host_interface *iface_desc;
3136 struct usb_endpoint_descriptor *endpoint;
c46ee386
AAJ		 3137 int in_endpoint = 0;
3138 int out_endpoint = 0;
3139 int rc = -ENOMEM;
3140 int i;
3141 u32 protocols;
3142
3143 dev = kzalloc(sizeof(*dev), GFP_KERNEL);
3144 if (!dev)
3145 return -ENOMEM;
3146
3147 dev->udev = usb_get_dev(interface_to_usbdev(interface));
3148 dev->interface = interface;
0201ed03 3149 mutex_init(&dev->cmd_lock);
c46ee386
AAJ		 3150
3151 iface_desc = interface->cur_altsetting;
3152 for (i = 0; i < iface_desc->desc.bNumEndpoints; ++i) {
3153 endpoint = &iface_desc->endpoint[i].desc;
3154
8d25ca79 3155 if (!in_endpoint && usb_endpoint_is_bulk_in(endpoint))
c46ee386 3156 in_endpoint = endpoint->bEndpointAddress;
c46ee386 3157
8d25ca79 3158 if (!out_endpoint && usb_endpoint_is_bulk_out(endpoint))
c46ee386 3159 out_endpoint = endpoint->bEndpointAddress;
c46ee386
AAJ		 3160 }
3161
3162 if (!in_endpoint || !out_endpoint) {
073a625f
JP		 3163 nfc_err(&interface->dev,
3164 "Could not find bulk-in or bulk-out endpoint\n");
c46ee386
AAJ		 3165 rc = -ENODEV;
3166 goto error;
3167 }
3168
c46ee386 3169 dev->in_urb = usb_alloc_urb(0, GFP_KERNEL);
c46ee386
AAJ		 3170 dev->out_urb = usb_alloc_urb(0, GFP_KERNEL);
3171
a5798094 3172 if (!dev->in_urb || !dev->out_urb)
c46ee386
AAJ		 3173 goto error;
3174
3175 usb_fill_bulk_urb(dev->in_urb, dev->udev,
5d467742
WR		 3176 usb_rcvbulkpipe(dev->udev, in_endpoint),
3177 NULL, 0, NULL, dev);
c46ee386 3178 usb_fill_bulk_urb(dev->out_urb, dev->udev,
5d467742
WR		 3179 usb_sndbulkpipe(dev->udev, out_endpoint),
3180 NULL, 0, pn533_send_complete, dev);
c46ee386 3181
5d50b364
SO		 3182 INIT_WORK(&dev->cmd_work, pn533_wq_cmd);
3183 INIT_WORK(&dev->cmd_complete_work, pn533_wq_cmd_complete);
963a82e0
OG		 3184 INIT_WORK(&dev->mi_rx_work, pn533_wq_mi_recv);
3185 INIT_WORK(&dev->mi_tx_work, pn533_wq_mi_send);
103b34cf 3186 INIT_WORK(&dev->tg_work, pn533_wq_tg_get_data);
3c13b244 3187 INIT_WORK(&dev->mi_tm_rx_work, pn533_wq_tm_mi_recv);
93ad4202 3188 INIT_WORK(&dev->mi_tm_tx_work, pn533_wq_tm_mi_send);
46f793b0 3189 INIT_DELAYED_WORK(&dev->poll_work, pn533_wq_poll);
17e9d9d4 3190 INIT_WORK(&dev->rf_work, pn533_wq_rf);
58637c9b 3191 dev->wq = alloc_ordered_workqueue("pn533", 0);
4849f85e
SO		 3192 if (dev->wq == NULL)
3193 goto error;
c46ee386 3194
6fbbdc16
SO		 3195 init_timer(&dev->listen_timer);
3196 dev->listen_timer.data = (unsigned long) dev;
3197 dev->listen_timer.function = pn533_listen_mode_timer;
3198
6ff73fd2 3199 skb_queue_head_init(&dev->resp_q);
963a82e0 3200 skb_queue_head_init(&dev->fragment_skb);
6ff73fd2 3201
5d50b364
SO		 3202 INIT_LIST_HEAD(&dev->cmd_queue);
3203
c46ee386
AAJ		 3204 usb_set_intfdata(interface, dev);
3205
9e2d493e 3206 dev->ops = &pn533_std_frame_ops;
c46ee386 3207
58520373 3208 dev->protocol_type = PN533_PROTO_REQ_ACK_RESP;
5c7b0531
SO		 3209 dev->device_type = id->driver_info;
3210 switch (dev->device_type) {
3211 case PN533_DEVICE_STD:
3212 protocols = PN533_ALL_PROTOCOLS;
3213 break;
3214
3215 case PN533_DEVICE_PASORI:
3216 protocols = PN533_NO_TYPE_B_PROTOCOLS;
3217 break;
3218
53cf4839
WR		 3219 case PN533_DEVICE_ACR122U:
3220 protocols = PN533_NO_TYPE_B_PROTOCOLS;
3221 dev->ops = &pn533_acr122_frame_ops;
3222 dev->protocol_type = PN533_PROTO_REQ_RESP,
3223
3224 rc = pn533_acr122_poweron_rdr(dev);
3225 if (rc < 0) {
073a625f
JP		 3226 nfc_err(&dev->interface->dev,
3227 "Couldn't poweron the reader (error %d)\n", rc);
53cf4839
WR		 3228 goto destroy_wq;
3229 }
3230 break;
3231
5c7b0531 3232 default:
073a625f
JP		 3233 nfc_err(&dev->interface->dev, "Unknown device type %d\n",
3234 dev->device_type);
5c7b0531
SO		 3235 rc = -EINVAL;
3236 goto destroy_wq;
3237 }
c46ee386 3238
9e2d493e
WR		 3239 memset(&fw_ver, 0, sizeof(fw_ver));
3240 rc = pn533_get_firmware_version(dev, &fw_ver);
3241 if (rc < 0)
3242 goto destroy_wq;
3243
073a625f
JP		 3244 nfc_info(&dev->interface->dev,
3245 "NXP PN5%02X firmware ver %d.%d now attached\n",
3246 fw_ver.ic, fw_ver.ver, fw_ver.rev);
9e2d493e
WR		 3247
3248
e8753043 3249 dev->nfc_dev = nfc_allocate_device(&pn533_nfc_ops, protocols,
9e2d493e 3250 dev->ops->tx_header_len +
e8753043 3251 PN533_CMD_DATAEXCH_HEAD_LEN,
9e2d493e 3252 dev->ops->tx_tail_len);
4674d0fe
WY		 3253 if (!dev->nfc_dev) {
3254 rc = -ENOMEM;
4849f85e 3255 goto destroy_wq;
4674d0fe 3256 }
c46ee386
AAJ		 3257
3258 nfc_set_parent_dev(dev->nfc_dev, &interface->dev);
3259 nfc_set_drvdata(dev->nfc_dev, dev);
3260
3261 rc = nfc_register_device(dev->nfc_dev);
3262 if (rc)
3263 goto free_nfc_dev;
3264
5c7b0531
SO		 3265 rc = pn533_setup(dev);
3266 if (rc)
34a85bfc 3267 goto unregister_nfc_dev;
34a85bfc 3268
c46ee386
AAJ		 3269 return 0;
3270
9f2f8ba1
SO		 3271unregister_nfc_dev:
3272 nfc_unregister_device(dev->nfc_dev);
3273
c46ee386
AAJ		 3274free_nfc_dev:
3275 nfc_free_device(dev->nfc_dev);
9f2f8ba1 3276
4849f85e
SO		 3277destroy_wq:
3278 destroy_workqueue(dev->wq);
c46ee386 3279error:
c46ee386 3280 usb_free_urb(dev->in_urb);
c46ee386 3281 usb_free_urb(dev->out_urb);
7c5a54fb 3282 usb_put_dev(dev->udev);
c46ee386
AAJ		 3283 kfree(dev);
3284 return rc;
3285}
3286
3287static void pn533_disconnect(struct usb_interface *interface)
3288{
3289 struct pn533 *dev;
5d50b364 3290 struct pn533_cmd *cmd, *n;
c46ee386
AAJ		 3291
3292 dev = usb_get_intfdata(interface);
3293 usb_set_intfdata(interface, NULL);
3294
3295 nfc_unregister_device(dev->nfc_dev);
3296 nfc_free_device(dev->nfc_dev);
3297
3298 usb_kill_urb(dev->in_urb);
3299 usb_kill_urb(dev->out_urb);
3300
46f793b0 3301 flush_delayed_work(&dev->poll_work);
4849f85e 3302 destroy_workqueue(dev->wq);
c46ee386 3303
6ff73fd2
SO		 3304 skb_queue_purge(&dev->resp_q);
3305
6fbbdc16
SO		 3306 del_timer(&dev->listen_timer);
3307
5d50b364
SO		 3308 list_for_each_entry_safe(cmd, n, &dev->cmd_queue, queue) {
3309 list_del(&cmd->queue);
3310 kfree(cmd);
3311 }
3312
c46ee386 3313 usb_free_urb(dev->in_urb);
c46ee386
AAJ		 3314 usb_free_urb(dev->out_urb);
3315 kfree(dev);
3316
073a625f 3317 nfc_info(&interface->dev, "NXP PN533 NFC device disconnected\n");
c46ee386
AAJ		 3318}
3319
3320static struct usb_driver pn533_driver = {
3321 .name = "pn533",
3322 .probe = pn533_probe,
3323 .disconnect = pn533_disconnect,
3324 .id_table = pn533_table,
3325};
3326
fe748483 3327module_usb_driver(pn533_driver);
c46ee386 3328
e70b96e9
WR		 3329MODULE_AUTHOR("Lauro Ramos Venancio <lauro.venancio@openbossa.org>");
3330MODULE_AUTHOR("Aloisio Almeida Jr <aloisio.almeida@openbossa.org>");
3331MODULE_AUTHOR("Waldemar Rymarkiewicz <waldemar.rymarkiewicz@tieto.com>");
c46ee386
AAJ		 3332MODULE_DESCRIPTION("PN533 usb driver ver " VERSION);
3333MODULE_VERSION(VERSION);
3334MODULE_LICENSE("GPL");
Linux 6.x block layer and io_uring tree(s)