Kernel

Kernel Git Source Tree

Root/drivers/nfc/pn533.c

1	/*
2	* Copyright (C) 2011 Instituto Nokia de Tecnologia
3	*
4	* Authors:
5	* Lauro Ramos Venancio <lauro.venancio@openbossa.org>
6	* Aloisio Almeida Jr <aloisio.almeida@openbossa.org>
7	*
8	* This program is free software; you can redistribute it and/or modify
9	* it under the terms of the GNU General Public License as published by
10	* the Free Software Foundation; either version 2 of the License, or
11	* (at your option) any later version.
12	*
13	* This program is distributed in the hope that it will be useful,
14	* but WITHOUT ANY WARRANTY; without even the implied warranty of
15	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16	* GNU General Public License for more details.
17	*
18	* You should have received a copy of the GNU General Public License
19	* along with this program; if not, write to the
20	* Free Software Foundation, Inc.,
21	* 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
22	*/
23
24	#include <linux/device.h>
25	#include <linux/kernel.h>
26	#include <linux/module.h>
27	#include <linux/slab.h>
28	#include <linux/usb.h>
29	#include <linux/nfc.h>
30	#include <linux/netdevice.h>
31	#include <net/nfc/nfc.h>
32
33	#define VERSION "0.1"
34
35	#define PN533_VENDOR_ID 0x4CC
36	#define PN533_PRODUCT_ID 0x2533
37
38	#define SCM_VENDOR_ID 0x4E6
39	#define SCL3711_PRODUCT_ID 0x5591
40
41	#define SONY_VENDOR_ID 0x054c
42	#define PASORI_PRODUCT_ID 0x02e1
43
44	#define PN533_QUIRKS_TYPE_A BIT(0)
45	#define PN533_QUIRKS_TYPE_F BIT(1)
46	#define PN533_QUIRKS_DEP BIT(2)
47	#define PN533_QUIRKS_RAW_EXCHANGE BIT(3)
48
49	#define PN533_DEVICE_STD 0x1
50	#define PN533_DEVICE_PASORI 0x2
51
52	#define PN533_ALL_PROTOCOLS (NFC_PROTO_JEWEL_MASK \| NFC_PROTO_MIFARE_MASK \|\
53	NFC_PROTO_FELICA_MASK \| NFC_PROTO_ISO14443_MASK \|\
54	NFC_PROTO_NFC_DEP_MASK \|\
55	NFC_PROTO_ISO14443_B_MASK)
56
57	#define PN533_NO_TYPE_B_PROTOCOLS (NFC_PROTO_JEWEL_MASK \| \
58	NFC_PROTO_MIFARE_MASK \| \
59	NFC_PROTO_FELICA_MASK \| \
60	NFC_PROTO_ISO14443_MASK \| \
61	NFC_PROTO_NFC_DEP_MASK)
62
63	static const struct usb_device_id pn533_table[] = {
64	{ .match_flags = USB_DEVICE_ID_MATCH_DEVICE,
65	.idVendor = PN533_VENDOR_ID,
66	.idProduct = PN533_PRODUCT_ID,
67	.driver_info = PN533_DEVICE_STD,
68	},
69	{ .match_flags = USB_DEVICE_ID_MATCH_DEVICE,
70	.idVendor = SCM_VENDOR_ID,
71	.idProduct = SCL3711_PRODUCT_ID,
72	.driver_info = PN533_DEVICE_STD,
73	},
74	{ .match_flags = USB_DEVICE_ID_MATCH_DEVICE,
75	.idVendor = SONY_VENDOR_ID,
76	.idProduct = PASORI_PRODUCT_ID,
77	.driver_info = PN533_DEVICE_PASORI,
78	},
79	{ }
80	};
81	MODULE_DEVICE_TABLE(usb, pn533_table);
82
83	/* How much time we spend listening for initiators */
84	#define PN533_LISTEN_TIME 2
85
86	/* frame definitions */
87	#define PN533_FRAME_TAIL_SIZE 2
88	#define PN533_FRAME_SIZE(f) (sizeof(struct pn533_frame) + f->datalen + \
89	PN533_FRAME_TAIL_SIZE)
90	#define PN533_FRAME_ACK_SIZE (sizeof(struct pn533_frame) + 1)
91	#define PN533_FRAME_CHECKSUM(f) (f->data[f->datalen])
92	#define PN533_FRAME_POSTAMBLE(f) (f->data[f->datalen + 1])
93
94	/* start of frame */
95	#define PN533_SOF 0x00FF
96
97	/* frame identifier: in/out/error */
98	#define PN533_FRAME_IDENTIFIER(f) (f->data[0])
99	#define PN533_DIR_OUT 0xD4
100	#define PN533_DIR_IN 0xD5
101
102	/* PN533 Commands */
103	#define PN533_FRAME_CMD(f) (f->data[1])
104	#define PN533_FRAME_CMD_PARAMS_PTR(f) (&f->data[2])
105	#define PN533_FRAME_CMD_PARAMS_LEN(f) (f->datalen - 2)
106
107	#define PN533_CMD_GET_FIRMWARE_VERSION 0x02
108	#define PN533_CMD_RF_CONFIGURATION 0x32
109	#define PN533_CMD_IN_DATA_EXCHANGE 0x40
110	#define PN533_CMD_IN_COMM_THRU 0x42
111	#define PN533_CMD_IN_LIST_PASSIVE_TARGET 0x4A
112	#define PN533_CMD_IN_ATR 0x50
113	#define PN533_CMD_IN_RELEASE 0x52
114	#define PN533_CMD_IN_JUMP_FOR_DEP 0x56
115
116	#define PN533_CMD_TG_INIT_AS_TARGET 0x8c
117	#define PN533_CMD_TG_GET_DATA 0x86
118	#define PN533_CMD_TG_SET_DATA 0x8e
119
120	#define PN533_CMD_RESPONSE(cmd) (cmd + 1)
121
122	/* PN533 Return codes */
123	#define PN533_CMD_RET_MASK 0x3F
124	#define PN533_CMD_MI_MASK 0x40
125	#define PN533_CMD_RET_SUCCESS 0x00
126
127	/* PN533 status codes */
128	#define PN533_STATUS_TARGET_RELEASED 0x29
129
130	struct pn533;
131
132	typedef int (pn533_cmd_complete_t) (struct pn533 dev, void *arg,
133	u8 *params, int params_len);
134
135	/* structs for pn533 commands */
136
137	/* PN533_CMD_GET_FIRMWARE_VERSION */
138	struct pn533_fw_version {
139	u8 ic;
140	u8 ver;
141	u8 rev;
142	u8 support;
143	};
144
145	/* PN533_CMD_RF_CONFIGURATION */
146	#define PN533_CFGITEM_TIMING 0x02
147	#define PN533_CFGITEM_MAX_RETRIES 0x05
148	#define PN533_CFGITEM_PASORI 0x82
149
150	#define PN533_CONFIG_TIMING_102 0xb
151	#define PN533_CONFIG_TIMING_204 0xc
152	#define PN533_CONFIG_TIMING_409 0xd
153	#define PN533_CONFIG_TIMING_819 0xe
154
155	#define PN533_CONFIG_MAX_RETRIES_NO_RETRY 0x00
156	#define PN533_CONFIG_MAX_RETRIES_ENDLESS 0xFF
157
158	struct pn533_config_max_retries {
159	u8 mx_rty_atr;
160	u8 mx_rty_psl;
161	u8 mx_rty_passive_act;
162	} __packed;
163
164	struct pn533_config_timing {
165	u8 rfu;
166	u8 atr_res_timeout;
167	u8 dep_timeout;
168	} __packed;
169
170	/* PN533_CMD_IN_LIST_PASSIVE_TARGET */
171
172	/* felica commands opcode */
173	#define PN533_FELICA_OPC_SENSF_REQ 0
174	#define PN533_FELICA_OPC_SENSF_RES 1
175	/* felica SENSF_REQ parameters */
176	#define PN533_FELICA_SENSF_SC_ALL 0xFFFF
177	#define PN533_FELICA_SENSF_RC_NO_SYSTEM_CODE 0
178	#define PN533_FELICA_SENSF_RC_SYSTEM_CODE 1
179	#define PN533_FELICA_SENSF_RC_ADVANCED_PROTOCOL 2
180
181	/* type B initiator_data values */
182	#define PN533_TYPE_B_AFI_ALL_FAMILIES 0
183	#define PN533_TYPE_B_POLL_METHOD_TIMESLOT 0
184	#define PN533_TYPE_B_POLL_METHOD_PROBABILISTIC 1
185
186	union pn533_cmd_poll_initdata {
187	struct {
188	u8 afi;
189	u8 polling_method;
190	} __packed type_b;
191	struct {
192	u8 opcode;
193	__be16 sc;
194	u8 rc;
195	u8 tsn;
196	} __packed felica;
197	};
198
199	/* Poll modulations */
200	enum {
201	PN533_POLL_MOD_106KBPS_A,
202	PN533_POLL_MOD_212KBPS_FELICA,
203	PN533_POLL_MOD_424KBPS_FELICA,
204	PN533_POLL_MOD_106KBPS_JEWEL,
205	PN533_POLL_MOD_847KBPS_B,
206	PN533_LISTEN_MOD,
207
208	__PN533_POLL_MOD_AFTER_LAST,
209	};
210	#define PN533_POLL_MOD_MAX (__PN533_POLL_MOD_AFTER_LAST - 1)
211
212	struct pn533_poll_modulations {
213	struct {
214	u8 maxtg;
215	u8 brty;
216	union pn533_cmd_poll_initdata initiator_data;
217	} __packed data;
218	u8 len;
219	};
220
221	const struct pn533_poll_modulations poll_mod[] = {
222	[PN533_POLL_MOD_106KBPS_A] = {
223	.data = {
224	.maxtg = 1,
225	.brty = 0,
226	},
227	.len = 2,
228	},
229	[PN533_POLL_MOD_212KBPS_FELICA] = {
230	.data = {
231	.maxtg = 1,
232	.brty = 1,
233	.initiator_data.felica = {
234	.opcode = PN533_FELICA_OPC_SENSF_REQ,
235	.sc = PN533_FELICA_SENSF_SC_ALL,
236	.rc = PN533_FELICA_SENSF_RC_NO_SYSTEM_CODE,
237	.tsn = 0,
238	},
239	},
240	.len = 7,
241	},
242	[PN533_POLL_MOD_424KBPS_FELICA] = {
243	.data = {
244	.maxtg = 1,
245	.brty = 2,
246	.initiator_data.felica = {
247	.opcode = PN533_FELICA_OPC_SENSF_REQ,
248	.sc = PN533_FELICA_SENSF_SC_ALL,
249	.rc = PN533_FELICA_SENSF_RC_NO_SYSTEM_CODE,
250	.tsn = 0,
251	},
252	},
253	.len = 7,
254	},
255	[PN533_POLL_MOD_106KBPS_JEWEL] = {
256	.data = {
257	.maxtg = 1,
258	.brty = 4,
259	},
260	.len = 2,
261	},
262	[PN533_POLL_MOD_847KBPS_B] = {
263	.data = {
264	.maxtg = 1,
265	.brty = 8,
266	.initiator_data.type_b = {
267	.afi = PN533_TYPE_B_AFI_ALL_FAMILIES,
268	.polling_method =
269	PN533_TYPE_B_POLL_METHOD_TIMESLOT,
270	},
271	},
272	.len = 3,
273	},
274	[PN533_LISTEN_MOD] = {
275	.len = 0,
276	},
277	};
278
279	/* PN533_CMD_IN_ATR */
280
281	struct pn533_cmd_activate_param {
282	u8 tg;
283	u8 next;
284	} __packed;
285
286	struct pn533_cmd_activate_response {
287	u8 status;
288	u8 nfcid3t[10];
289	u8 didt;
290	u8 bst;
291	u8 brt;
292	u8 to;
293	u8 ppt;
294	/* optional */
295	u8 gt[];
296	} __packed;
297
298	/* PN533_CMD_IN_JUMP_FOR_DEP */
299	struct pn533_cmd_jump_dep {
300	u8 active;
301	u8 baud;
302	u8 next;
303	u8 data[];
304	} __packed;
305
306	struct pn533_cmd_jump_dep_response {
307	u8 status;
308	u8 tg;
309	u8 nfcid3t[10];
310	u8 didt;
311	u8 bst;
312	u8 brt;
313	u8 to;
314	u8 ppt;
315	/* optional */
316	u8 gt[];
317	} __packed;
318
319
320	/* PN533_TG_INIT_AS_TARGET */
321	#define PN533_INIT_TARGET_PASSIVE 0x1
322	#define PN533_INIT_TARGET_DEP 0x2
323
324	#define PN533_INIT_TARGET_RESP_FRAME_MASK 0x3
325	#define PN533_INIT_TARGET_RESP_ACTIVE 0x1
326	#define PN533_INIT_TARGET_RESP_DEP 0x4
327
328	struct pn533_cmd_init_target {
329	u8 mode;
330	u8 mifare[6];
331	u8 felica[18];
332	u8 nfcid3[10];
333	u8 gb_len;
334	u8 gb[];
335	} __packed;
336
337	struct pn533_cmd_init_target_response {
338	u8 mode;
339	u8 cmd[];
340	} __packed;
341
342	struct pn533 {
343	struct usb_device *udev;
344	struct usb_interface *interface;
345	struct nfc_dev *nfc_dev;
346
347	struct urb *out_urb;
348	int out_maxlen;
349	struct pn533_frame *out_frame;
350
351	struct urb *in_urb;
352	int in_maxlen;
353	struct pn533_frame *in_frame;
354
355	struct sk_buff_head resp_q;
356
357	struct workqueue_struct *wq;
358	struct work_struct cmd_work;
359	struct work_struct poll_work;
360	struct work_struct mi_work;
361	struct work_struct tg_work;
362	struct timer_list listen_timer;
363	struct pn533_frame *wq_in_frame;
364	int wq_in_error;
365	int cancel_listen;
366
367	pn533_cmd_complete_t cmd_complete;
368	void *cmd_complete_arg;
369	struct mutex cmd_lock;
370	u8 cmd;
371
372	struct pn533_poll_modulations *poll_mod_active[PN533_POLL_MOD_MAX + 1];
373	u8 poll_mod_count;
374	u8 poll_mod_curr;
375	u32 poll_protocols;
376	u32 listen_protocols;
377
378	u8 *gb;
379	size_t gb_len;
380
381	u8 tgt_available_prots;
382	u8 tgt_active_prot;
383	u8 tgt_mode;
384
385	u32 device_type;
386	};
387
388	struct pn533_frame {
389	u8 preamble;
390	__be16 start_frame;
391	u8 datalen;
392	u8 datalen_checksum;
393	u8 data[];
394	} __packed;
395
396	/* The rule: value + checksum = 0 */
397	static inline u8 pn533_checksum(u8 value)
398	{
399	return ~value + 1;
400	}
401
402	/* The rule: sum(data elements) + checksum = 0 */
403	static u8 pn533_data_checksum(u8 *data, int datalen)
404	{
405	u8 sum = 0;
406	int i;
407
408	for (i = 0; i < datalen; i++)
409	sum += data[i];
410
411	return pn533_checksum(sum);
412	}
413
414	/**
415	* pn533_tx_frame_ack - create a ack frame
416	* @frame: The frame to be set as ack
417	*
418	* Ack is different type of standard frame. As a standard frame, it has
419	* preamble and start_frame. However the checksum of this frame must fail,
420	* i.e. datalen + datalen_checksum must NOT be zero. When the checksum test
421	* fails and datalen = 0 and datalen_checksum = 0xFF, the frame is a ack.
422	* After datalen_checksum field, the postamble is placed.
423	*/
424	static void pn533_tx_frame_ack(struct pn533_frame *frame)
425	{
426	frame->preamble = 0;
427	frame->start_frame = cpu_to_be16(PN533_SOF);
428	frame->datalen = 0;
429	frame->datalen_checksum = 0xFF;
430	/* data[0] is used as postamble */
431	frame->data[0] = 0;
432	}
433
434	static void pn533_tx_frame_init(struct pn533_frame *frame, u8 cmd)
435	{
436	frame->preamble = 0;
437	frame->start_frame = cpu_to_be16(PN533_SOF);
438	PN533_FRAME_IDENTIFIER(frame) = PN533_DIR_OUT;
439	PN533_FRAME_CMD(frame) = cmd;
440	frame->datalen = 2;
441	}
442
443	static void pn533_tx_frame_finish(struct pn533_frame *frame)
444	{
445	frame->datalen_checksum = pn533_checksum(frame->datalen);
446
447	PN533_FRAME_CHECKSUM(frame) =
448	pn533_data_checksum(frame->data, frame->datalen);
449
450	PN533_FRAME_POSTAMBLE(frame) = 0;
451	}
452
453	static bool pn533_rx_frame_is_valid(struct pn533_frame *frame)
454	{
455	u8 checksum;
456
457	if (frame->start_frame != cpu_to_be16(PN533_SOF))
458	return false;
459
460	checksum = pn533_checksum(frame->datalen);
461	if (checksum != frame->datalen_checksum)
462	return false;
463
464	checksum = pn533_data_checksum(frame->data, frame->datalen);
465	if (checksum != PN533_FRAME_CHECKSUM(frame))
466	return false;
467
468	return true;
469	}
470
471	static bool pn533_rx_frame_is_ack(struct pn533_frame *frame)
472	{
473	if (frame->start_frame != cpu_to_be16(PN533_SOF))
474	return false;
475
476	if (frame->datalen != 0 \|\| frame->datalen_checksum != 0xFF)
477	return false;
478
479	return true;
480	}
481
482	static bool pn533_rx_frame_is_cmd_response(struct pn533_frame *frame, u8 cmd)
483	{
484	return (PN533_FRAME_CMD(frame) == PN533_CMD_RESPONSE(cmd));
485	}
486
487
488	static void pn533_wq_cmd_complete(struct work_struct *work)
489	{
490	struct pn533 *dev = container_of(work, struct pn533, cmd_work);
491	struct pn533_frame *in_frame;
492	int rc;
493
494	in_frame = dev->wq_in_frame;
495
496	if (dev->wq_in_error)
497	rc = dev->cmd_complete(dev, dev->cmd_complete_arg, NULL,
498	dev->wq_in_error);
499	else
500	rc = dev->cmd_complete(dev, dev->cmd_complete_arg,
501	PN533_FRAME_CMD_PARAMS_PTR(in_frame),
502	PN533_FRAME_CMD_PARAMS_LEN(in_frame));
503
504	if (rc != -EINPROGRESS)
505	mutex_unlock(&dev->cmd_lock);
506	}
507
508	static void pn533_recv_response(struct urb *urb)
509	{
510	struct pn533 *dev = urb->context;
511	struct pn533_frame *in_frame;
512
513	dev->wq_in_frame = NULL;
514
515	switch (urb->status) {
516	case 0:
517	/* success */
518	break;
519	case -ECONNRESET:
520	case -ENOENT:
521	case -ESHUTDOWN:
522	nfc_dev_dbg(&dev->interface->dev, "Urb shutting down with"
523	" status: %d", urb->status);
524	dev->wq_in_error = urb->status;
525	goto sched_wq;
526	default:
527	nfc_dev_err(&dev->interface->dev, "Nonzero urb status received:"
528	" %d", urb->status);
529	dev->wq_in_error = urb->status;
530	goto sched_wq;
531	}
532
533	in_frame = dev->in_urb->transfer_buffer;
534
535	if (!pn533_rx_frame_is_valid(in_frame)) {
536	nfc_dev_err(&dev->interface->dev, "Received an invalid frame");
537	dev->wq_in_error = -EIO;
538	goto sched_wq;
539	}
540
541	if (!pn533_rx_frame_is_cmd_response(in_frame, dev->cmd)) {
542	nfc_dev_err(&dev->interface->dev, "The received frame is not "
543	"response to the last command");
544	dev->wq_in_error = -EIO;
545	goto sched_wq;
546	}
547
548	nfc_dev_dbg(&dev->interface->dev, "Received a valid frame");
549	dev->wq_in_error = 0;
550	dev->wq_in_frame = in_frame;
551
552	sched_wq:
553	queue_work(dev->wq, &dev->cmd_work);
554	}
555
556	static int pn533_submit_urb_for_response(struct pn533 *dev, gfp_t flags)
557	{
558	dev->in_urb->complete = pn533_recv_response;
559
560	return usb_submit_urb(dev->in_urb, flags);
561	}
562
563	static void pn533_recv_ack(struct urb *urb)
564	{
565	struct pn533 *dev = urb->context;
566	struct pn533_frame *in_frame;
567	int rc;
568
569	switch (urb->status) {
570	case 0:
571	/* success */
572	break;
573	case -ECONNRESET:
574	case -ENOENT:
575	case -ESHUTDOWN:
576	nfc_dev_dbg(&dev->interface->dev, "Urb shutting down with"
577	" status: %d", urb->status);
578	dev->wq_in_error = urb->status;
579	goto sched_wq;
580	default:
581	nfc_dev_err(&dev->interface->dev, "Nonzero urb status received:"
582	" %d", urb->status);
583	dev->wq_in_error = urb->status;
584	goto sched_wq;
585	}
586
587	in_frame = dev->in_urb->transfer_buffer;
588
589	if (!pn533_rx_frame_is_ack(in_frame)) {
590	nfc_dev_err(&dev->interface->dev, "Received an invalid ack");
591	dev->wq_in_error = -EIO;
592	goto sched_wq;
593	}
594
595	nfc_dev_dbg(&dev->interface->dev, "Received a valid ack");
596
597	rc = pn533_submit_urb_for_response(dev, GFP_ATOMIC);
598	if (rc) {
599	nfc_dev_err(&dev->interface->dev, "usb_submit_urb failed with"
600	" result %d", rc);
601	dev->wq_in_error = rc;
602	goto sched_wq;
603	}
604
605	return;
606
607	sched_wq:
608	dev->wq_in_frame = NULL;
609	queue_work(dev->wq, &dev->cmd_work);
610	}
611
612	static int pn533_submit_urb_for_ack(struct pn533 *dev, gfp_t flags)
613	{
614	dev->in_urb->complete = pn533_recv_ack;
615
616	return usb_submit_urb(dev->in_urb, flags);
617	}
618
619	static int pn533_send_ack(struct pn533 *dev, gfp_t flags)
620	{
621	int rc;
622
623	nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
624
625	pn533_tx_frame_ack(dev->out_frame);
626
627	dev->out_urb->transfer_buffer = dev->out_frame;
628	dev->out_urb->transfer_buffer_length = PN533_FRAME_ACK_SIZE;
629	rc = usb_submit_urb(dev->out_urb, flags);
630
631	return rc;
632	}
633
634	static int __pn533_send_cmd_frame_async(struct pn533 *dev,
635	struct pn533_frame *out_frame,
636	struct pn533_frame *in_frame,
637	int in_frame_len,
638	pn533_cmd_complete_t cmd_complete,
639	void *arg, gfp_t flags)
640	{
641	int rc;
642
643	nfc_dev_dbg(&dev->interface->dev, "Sending command 0x%x",
644	PN533_FRAME_CMD(out_frame));
645
646	dev->cmd = PN533_FRAME_CMD(out_frame);
647	dev->cmd_complete = cmd_complete;
648	dev->cmd_complete_arg = arg;
649
650	dev->out_urb->transfer_buffer = out_frame;
651	dev->out_urb->transfer_buffer_length =
652	PN533_FRAME_SIZE(out_frame);
653
654	dev->in_urb->transfer_buffer = in_frame;
655	dev->in_urb->transfer_buffer_length = in_frame_len;
656
657	rc = usb_submit_urb(dev->out_urb, flags);
658	if (rc)
659	return rc;
660
661	rc = pn533_submit_urb_for_ack(dev, flags);
662	if (rc)
663	goto error;
664
665	return 0;
666
667	error:
668	usb_unlink_urb(dev->out_urb);
669	return rc;
670	}
671
672	static int pn533_send_cmd_frame_async(struct pn533 *dev,
673	struct pn533_frame *out_frame,
674	struct pn533_frame *in_frame,
675	int in_frame_len,
676	pn533_cmd_complete_t cmd_complete,
677	void *arg, gfp_t flags)
678	{
679	int rc;
680
681	nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
682
683	if (!mutex_trylock(&dev->cmd_lock))
684	return -EBUSY;
685
686	rc = __pn533_send_cmd_frame_async(dev, out_frame, in_frame,
687	in_frame_len, cmd_complete, arg, flags);
688	if (rc)
689	goto error;
690
691	return 0;
692	error:
693	mutex_unlock(&dev->cmd_lock);
694	return rc;
695	}
696
697	struct pn533_sync_cmd_response {
698	int rc;
699	struct completion done;
700	};
701
702	static int pn533_sync_cmd_complete(struct pn533 dev, void _arg,
703	u8 *params, int params_len)
704	{
705	struct pn533_sync_cmd_response *arg = _arg;
706
707	nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
708
709	arg->rc = 0;
710
711	if (params_len < 0) /* error */
712	arg->rc = params_len;
713
714	complete(&arg->done);
715
716	return 0;
717	}
718
719	static int pn533_send_cmd_frame_sync(struct pn533 *dev,
720	struct pn533_frame *out_frame,
721	struct pn533_frame *in_frame,
722	int in_frame_len)
723	{
724	int rc;
725	struct pn533_sync_cmd_response arg;
726
727	nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
728
729	init_completion(&arg.done);
730
731	rc = pn533_send_cmd_frame_async(dev, out_frame, in_frame, in_frame_len,
732	pn533_sync_cmd_complete, &arg, GFP_KERNEL);
733	if (rc)
734	return rc;
735
736	wait_for_completion(&arg.done);
737
738	return arg.rc;
739	}
740
741	static void pn533_send_complete(struct urb *urb)
742	{
743	struct pn533 *dev = urb->context;
744
745	nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
746
747	switch (urb->status) {
748	case 0:
749	/* success */
750	break;
751	case -ECONNRESET:
752	case -ENOENT:
753	case -ESHUTDOWN:
754	nfc_dev_dbg(&dev->interface->dev, "Urb shutting down with"
755	" status: %d", urb->status);
756	break;
757	default:
758	nfc_dev_dbg(&dev->interface->dev, "Nonzero urb status received:"
759	" %d", urb->status);
760	}
761	}
762
763	struct pn533_target_type_a {
764	__be16 sens_res;
765	u8 sel_res;
766	u8 nfcid_len;
767	u8 nfcid_data[];
768	} __packed;
769
770
771	#define PN533_TYPE_A_SENS_RES_NFCID1(x) ((u8)((be16_to_cpu(x) & 0x00C0) >> 6))
772	#define PN533_TYPE_A_SENS_RES_SSD(x) ((u8)((be16_to_cpu(x) & 0x001F) >> 0))
773	#define PN533_TYPE_A_SENS_RES_PLATCONF(x) ((u8)((be16_to_cpu(x) & 0x0F00) >> 8))
774
775	#define PN533_TYPE_A_SENS_RES_SSD_JEWEL 0x00
776	#define PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL 0x0C
777
778	#define PN533_TYPE_A_SEL_PROT(x) (((x) & 0x60) >> 5)
779	#define PN533_TYPE_A_SEL_CASCADE(x) (((x) & 0x04) >> 2)
780
781	#define PN533_TYPE_A_SEL_PROT_MIFARE 0
782	#define PN533_TYPE_A_SEL_PROT_ISO14443 1
783	#define PN533_TYPE_A_SEL_PROT_DEP 2
784	#define PN533_TYPE_A_SEL_PROT_ISO14443_DEP 3
785
786	static bool pn533_target_type_a_is_valid(struct pn533_target_type_a *type_a,
787	int target_data_len)
788	{
789	u8 ssd;
790	u8 platconf;
791
792	if (target_data_len < sizeof(struct pn533_target_type_a))
793	return false;
794
795	/* The lenght check of nfcid[] and ats[] are not being performed because
796	the values are not being used */
797
798	/* Requirement 4.6.3.3 from NFC Forum Digital Spec */
799	ssd = PN533_TYPE_A_SENS_RES_SSD(type_a->sens_res);
800	platconf = PN533_TYPE_A_SENS_RES_PLATCONF(type_a->sens_res);
801
802	if ((ssd == PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
803	platconf != PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL) \|\|
804	(ssd != PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
805	platconf == PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL))
806	return false;
807
808	/* Requirements 4.8.2.1, 4.8.2.3, 4.8.2.5 and 4.8.2.7 from NFC Forum */
809	if (PN533_TYPE_A_SEL_CASCADE(type_a->sel_res) != 0)
810	return false;
811
812	return true;
813	}
814
815	static int pn533_target_found_type_a(struct nfc_target nfc_tgt, u8 tgt_data,
816	int tgt_data_len)
817	{
818	struct pn533_target_type_a *tgt_type_a;
819
820	tgt_type_a = (struct pn533_target_type_a *) tgt_data;
821
822	if (!pn533_target_type_a_is_valid(tgt_type_a, tgt_data_len))
823	return -EPROTO;
824
825	switch (PN533_TYPE_A_SEL_PROT(tgt_type_a->sel_res)) {
826	case PN533_TYPE_A_SEL_PROT_MIFARE:
827	nfc_tgt->supported_protocols = NFC_PROTO_MIFARE_MASK;
828	break;
829	case PN533_TYPE_A_SEL_PROT_ISO14443:
830	nfc_tgt->supported_protocols = NFC_PROTO_ISO14443_MASK;
831	break;
832	case PN533_TYPE_A_SEL_PROT_DEP:
833	nfc_tgt->supported_protocols = NFC_PROTO_NFC_DEP_MASK;
834	break;
835	case PN533_TYPE_A_SEL_PROT_ISO14443_DEP:
836	nfc_tgt->supported_protocols = NFC_PROTO_ISO14443_MASK \|
837	NFC_PROTO_NFC_DEP_MASK;
838	break;
839	}
840
841	nfc_tgt->sens_res = be16_to_cpu(tgt_type_a->sens_res);
842	nfc_tgt->sel_res = tgt_type_a->sel_res;
843	nfc_tgt->nfcid1_len = tgt_type_a->nfcid_len;
844	memcpy(nfc_tgt->nfcid1, tgt_type_a->nfcid_data, nfc_tgt->nfcid1_len);
845
846	return 0;
847	}
848
849	struct pn533_target_felica {
850	u8 pol_res;
851	u8 opcode;
852	u8 nfcid2[8];
853	u8 pad[8];
854	/* optional */
855	u8 syst_code[];
856	} __packed;
857
858	#define PN533_FELICA_SENSF_NFCID2_DEP_B1 0x01
859	#define PN533_FELICA_SENSF_NFCID2_DEP_B2 0xFE
860
861	static bool pn533_target_felica_is_valid(struct pn533_target_felica *felica,
862	int target_data_len)
863	{
864	if (target_data_len < sizeof(struct pn533_target_felica))
865	return false;
866
867	if (felica->opcode != PN533_FELICA_OPC_SENSF_RES)
868	return false;
869
870	return true;
871	}
872
873	static int pn533_target_found_felica(struct nfc_target nfc_tgt, u8 tgt_data,
874	int tgt_data_len)
875	{
876	struct pn533_target_felica *tgt_felica;
877
878	tgt_felica = (struct pn533_target_felica *) tgt_data;
879
880	if (!pn533_target_felica_is_valid(tgt_felica, tgt_data_len))
881	return -EPROTO;
882
883	if (tgt_felica->nfcid2[0] == PN533_FELICA_SENSF_NFCID2_DEP_B1 &&
884	tgt_felica->nfcid2[1] ==
885	PN533_FELICA_SENSF_NFCID2_DEP_B2)
886	nfc_tgt->supported_protocols = NFC_PROTO_NFC_DEP_MASK;
887	else
888	nfc_tgt->supported_protocols = NFC_PROTO_FELICA_MASK;
889
890	memcpy(nfc_tgt->sensf_res, &tgt_felica->opcode, 9);
891	nfc_tgt->sensf_res_len = 9;
892
893	return 0;
894	}
895
896	struct pn533_target_jewel {
897	__be16 sens_res;
898	u8 jewelid[4];
899	} __packed;
900
901	static bool pn533_target_jewel_is_valid(struct pn533_target_jewel *jewel,
902	int target_data_len)
903	{
904	u8 ssd;
905	u8 platconf;
906
907	if (target_data_len < sizeof(struct pn533_target_jewel))
908	return false;
909
910	/* Requirement 4.6.3.3 from NFC Forum Digital Spec */
911	ssd = PN533_TYPE_A_SENS_RES_SSD(jewel->sens_res);
912	platconf = PN533_TYPE_A_SENS_RES_PLATCONF(jewel->sens_res);
913
914	if ((ssd == PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
915	platconf != PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL) \|\|
916	(ssd != PN533_TYPE_A_SENS_RES_SSD_JEWEL &&
917	platconf == PN533_TYPE_A_SENS_RES_PLATCONF_JEWEL))
918	return false;
919
920	return true;
921	}
922
923	static int pn533_target_found_jewel(struct nfc_target nfc_tgt, u8 tgt_data,
924	int tgt_data_len)
925	{
926	struct pn533_target_jewel *tgt_jewel;
927
928	tgt_jewel = (struct pn533_target_jewel *) tgt_data;
929
930	if (!pn533_target_jewel_is_valid(tgt_jewel, tgt_data_len))
931	return -EPROTO;
932
933	nfc_tgt->supported_protocols = NFC_PROTO_JEWEL_MASK;
934	nfc_tgt->sens_res = be16_to_cpu(tgt_jewel->sens_res);
935	nfc_tgt->nfcid1_len = 4;
936	memcpy(nfc_tgt->nfcid1, tgt_jewel->jewelid, nfc_tgt->nfcid1_len);
937
938	return 0;
939	}
940
941	struct pn533_type_b_prot_info {
942	u8 bitrate;
943	u8 fsci_type;
944	u8 fwi_adc_fo;
945	} __packed;
946
947	#define PN533_TYPE_B_PROT_FCSI(x) (((x) & 0xF0) >> 4)
948	#define PN533_TYPE_B_PROT_TYPE(x) (((x) & 0x0F) >> 0)
949	#define PN533_TYPE_B_PROT_TYPE_RFU_MASK 0x8
950
951	struct pn533_type_b_sens_res {
952	u8 opcode;
953	u8 nfcid[4];
954	u8 appdata[4];
955	struct pn533_type_b_prot_info prot_info;
956	} __packed;
957
958	#define PN533_TYPE_B_OPC_SENSB_RES 0x50
959
960	struct pn533_target_type_b {
961	struct pn533_type_b_sens_res sensb_res;
962	u8 attrib_res_len;
963	u8 attrib_res[];
964	} __packed;
965
966	static bool pn533_target_type_b_is_valid(struct pn533_target_type_b *type_b,
967	int target_data_len)
968	{
969	if (target_data_len < sizeof(struct pn533_target_type_b))
970	return false;
971
972	if (type_b->sensb_res.opcode != PN533_TYPE_B_OPC_SENSB_RES)
973	return false;
974
975	if (PN533_TYPE_B_PROT_TYPE(type_b->sensb_res.prot_info.fsci_type) &
976	PN533_TYPE_B_PROT_TYPE_RFU_MASK)
977	return false;
978
979	return true;
980	}
981
982	static int pn533_target_found_type_b(struct nfc_target nfc_tgt, u8 tgt_data,
983	int tgt_data_len)
984	{
985	struct pn533_target_type_b *tgt_type_b;
986
987	tgt_type_b = (struct pn533_target_type_b *) tgt_data;
988
989	if (!pn533_target_type_b_is_valid(tgt_type_b, tgt_data_len))
990	return -EPROTO;
991
992	nfc_tgt->supported_protocols = NFC_PROTO_ISO14443_B_MASK;
993
994	return 0;
995	}
996
997	struct pn533_poll_response {
998	u8 nbtg;
999	u8 tg;
1000	u8 target_data[];
1001	} __packed;
1002
1003	static int pn533_target_found(struct pn533 *dev,
1004	struct pn533_poll_response *resp, int resp_len)
1005	{
1006	int target_data_len;
1007	struct nfc_target nfc_tgt;
1008	int rc;
1009
1010	nfc_dev_dbg(&dev->interface->dev, "%s - modulation=%d", __func__,
1011	dev->poll_mod_curr);
1012
1013	if (resp->tg != 1)
1014	return -EPROTO;
1015
1016	memset(&nfc_tgt, 0, sizeof(struct nfc_target));
1017
1018	target_data_len = resp_len - sizeof(struct pn533_poll_response);
1019
1020	switch (dev->poll_mod_curr) {
1021	case PN533_POLL_MOD_106KBPS_A:
1022	rc = pn533_target_found_type_a(&nfc_tgt, resp->target_data,
1023	target_data_len);
1024	break;
1025	case PN533_POLL_MOD_212KBPS_FELICA:
1026	case PN533_POLL_MOD_424KBPS_FELICA:
1027	rc = pn533_target_found_felica(&nfc_tgt, resp->target_data,
1028	target_data_len);
1029	break;
1030	case PN533_POLL_MOD_106KBPS_JEWEL:
1031	rc = pn533_target_found_jewel(&nfc_tgt, resp->target_data,
1032	target_data_len);
1033	break;
1034	case PN533_POLL_MOD_847KBPS_B:
1035	rc = pn533_target_found_type_b(&nfc_tgt, resp->target_data,
1036	target_data_len);
1037	break;
1038	default:
1039	nfc_dev_err(&dev->interface->dev, "Unknown current poll"
1040	" modulation");
1041	return -EPROTO;
1042	}
1043
1044	if (rc)
1045	return rc;
1046
1047	if (!(nfc_tgt.supported_protocols & dev->poll_protocols)) {
1048	nfc_dev_dbg(&dev->interface->dev, "The target found does not"
1049	" have the desired protocol");
1050	return -EAGAIN;
1051	}
1052
1053	nfc_dev_dbg(&dev->interface->dev, "Target found - supported protocols: "
1054	"0x%x", nfc_tgt.supported_protocols);
1055
1056	dev->tgt_available_prots = nfc_tgt.supported_protocols;
1057
1058	nfc_targets_found(dev->nfc_dev, &nfc_tgt, 1);
1059
1060	return 0;
1061	}
1062
1063	static inline void pn533_poll_next_mod(struct pn533 *dev)
1064	{
1065	dev->poll_mod_curr = (dev->poll_mod_curr + 1) % dev->poll_mod_count;
1066	}
1067
1068	static void pn533_poll_reset_mod_list(struct pn533 *dev)
1069	{
1070	dev->poll_mod_count = 0;
1071	}
1072
1073	static void pn533_poll_add_mod(struct pn533 *dev, u8 mod_index)
1074	{
1075	dev->poll_mod_active[dev->poll_mod_count] =
1076	(struct pn533_poll_modulations *) &poll_mod[mod_index];
1077	dev->poll_mod_count++;
1078	}
1079
1080	static void pn533_poll_create_mod_list(struct pn533 *dev,
1081	u32 im_protocols, u32 tm_protocols)
1082	{
1083	pn533_poll_reset_mod_list(dev);
1084
1085	if (im_protocols & NFC_PROTO_MIFARE_MASK
1086	\|\| im_protocols & NFC_PROTO_ISO14443_MASK
1087	\|\| im_protocols & NFC_PROTO_NFC_DEP_MASK)
1088	pn533_poll_add_mod(dev, PN533_POLL_MOD_106KBPS_A);
1089
1090	if (im_protocols & NFC_PROTO_FELICA_MASK
1091	\|\| im_protocols & NFC_PROTO_NFC_DEP_MASK) {
1092	pn533_poll_add_mod(dev, PN533_POLL_MOD_212KBPS_FELICA);
1093	pn533_poll_add_mod(dev, PN533_POLL_MOD_424KBPS_FELICA);
1094	}
1095
1096	if (im_protocols & NFC_PROTO_JEWEL_MASK)
1097	pn533_poll_add_mod(dev, PN533_POLL_MOD_106KBPS_JEWEL);
1098
1099	if (im_protocols & NFC_PROTO_ISO14443_B_MASK)
1100	pn533_poll_add_mod(dev, PN533_POLL_MOD_847KBPS_B);
1101
1102	if (tm_protocols)
1103	pn533_poll_add_mod(dev, PN533_LISTEN_MOD);
1104	}
1105
1106	static int pn533_start_poll_complete(struct pn533 dev, void arg,
1107	u8 *params, int params_len)
1108	{
1109	struct pn533_poll_response *resp;
1110	int rc;
1111
1112	nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1113
1114	resp = (struct pn533_poll_response *) params;
1115	if (resp->nbtg) {
1116	rc = pn533_target_found(dev, resp, params_len);
1117
1118	/* We must stop the poll after a valid target found */
1119	if (rc == 0) {
1120	pn533_poll_reset_mod_list(dev);
1121	return 0;
1122	}
1123	}
1124
1125	return -EAGAIN;
1126	}
1127
1128	static int pn533_init_target_frame(struct pn533_frame *frame,
1129	u8 *gb, size_t gb_len)
1130	{
1131	struct pn533_cmd_init_target *cmd;
1132	size_t cmd_len;
1133	u8 felica_params[18] = {0x1, 0xfe, /* DEP */
1134	0x0, 0x0, 0x0, 0x0, 0x0, 0x0, /* random */
1135	0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0,
1136	0xff, 0xff}; /* System code */
1137	u8 mifare_params[6] = {0x1, 0x1, /* SENS_RES */
1138	0x0, 0x0, 0x0,
1139	0x40}; /* SEL_RES for DEP */
1140
1141	cmd_len = sizeof(struct pn533_cmd_init_target) + gb_len + 1;
1142	cmd = kzalloc(cmd_len, GFP_KERNEL);
1143	if (cmd == NULL)
1144	return -ENOMEM;
1145
1146	pn533_tx_frame_init(frame, PN533_CMD_TG_INIT_AS_TARGET);
1147
1148	/* DEP support only */
1149	cmd->mode \|= PN533_INIT_TARGET_DEP;
1150
1151	/* Felica params */
1152	memcpy(cmd->felica, felica_params, 18);
1153	get_random_bytes(cmd->felica + 2, 6);
1154
1155	/* NFCID3 */
1156	memset(cmd->nfcid3, 0, 10);
1157	memcpy(cmd->nfcid3, cmd->felica, 8);
1158
1159	/* MIFARE params */
1160	memcpy(cmd->mifare, mifare_params, 6);
1161
1162	/* General bytes */
1163	cmd->gb_len = gb_len;
1164	memcpy(cmd->gb, gb, gb_len);
1165
1166	/* Len Tk */
1167	cmd->gb[gb_len] = 0;
1168
1169	memcpy(PN533_FRAME_CMD_PARAMS_PTR(frame), cmd, cmd_len);
1170
1171	frame->datalen += cmd_len;
1172
1173	pn533_tx_frame_finish(frame);
1174
1175	kfree(cmd);
1176
1177	return 0;
1178	}
1179
1180	#define PN533_CMD_DATAEXCH_HEAD_LEN (sizeof(struct pn533_frame) + 3)
1181	#define PN533_CMD_DATAEXCH_DATA_MAXLEN 262
1182	static int pn533_tm_get_data_complete(struct pn533 dev, void arg,
1183	u8 *params, int params_len)
1184	{
1185	struct sk_buff *skb_resp = arg;
1186	struct pn533_frame in_frame = (struct pn533_frame ) skb_resp->data;
1187
1188	nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1189
1190	if (params_len < 0) {
1191	nfc_dev_err(&dev->interface->dev,
1192	"Error %d when starting as a target",
1193	params_len);
1194
1195	return params_len;
1196	}
1197
1198	if (params_len > 0 && params[0] != 0) {
1199	nfc_tm_deactivated(dev->nfc_dev);
1200
1201	dev->tgt_mode = 0;
1202
1203	kfree_skb(skb_resp);
1204	return 0;
1205	}
1206
1207	skb_put(skb_resp, PN533_FRAME_SIZE(in_frame));
1208	skb_pull(skb_resp, PN533_CMD_DATAEXCH_HEAD_LEN);
1209	skb_trim(skb_resp, skb_resp->len - PN533_FRAME_TAIL_SIZE);
1210
1211	return nfc_tm_data_received(dev->nfc_dev, skb_resp);
1212	}
1213
1214	static void pn533_wq_tg_get_data(struct work_struct *work)
1215	{
1216	struct pn533 *dev = container_of(work, struct pn533, tg_work);
1217	struct pn533_frame *in_frame;
1218	struct sk_buff *skb_resp;
1219	size_t skb_resp_len;
1220
1221	nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1222
1223	skb_resp_len = PN533_CMD_DATAEXCH_HEAD_LEN +
1224	PN533_CMD_DATAEXCH_DATA_MAXLEN +
1225	PN533_FRAME_TAIL_SIZE;
1226
1227	skb_resp = nfc_alloc_recv_skb(skb_resp_len, GFP_KERNEL);
1228	if (!skb_resp)
1229	return;
1230
1231	in_frame = (struct pn533_frame *)skb_resp->data;
1232
1233	pn533_tx_frame_init(dev->out_frame, PN533_CMD_TG_GET_DATA);
1234	pn533_tx_frame_finish(dev->out_frame);
1235
1236	pn533_send_cmd_frame_async(dev, dev->out_frame, in_frame,
1237	skb_resp_len,
1238	pn533_tm_get_data_complete,
1239	skb_resp, GFP_KERNEL);
1240
1241	return;
1242	}
1243
1244	#define ATR_REQ_GB_OFFSET 17
1245	static int pn533_init_target_complete(struct pn533 dev, void arg,
1246	u8 *params, int params_len)
1247	{
1248	struct pn533_cmd_init_target_response *resp;
1249	u8 frame, comm_mode = NFC_COMM_PASSIVE, *gb;
1250	size_t gb_len;
1251	int rc;
1252
1253	nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1254
1255	if (params_len < 0) {
1256	nfc_dev_err(&dev->interface->dev,
1257	"Error %d when starting as a target",
1258	params_len);
1259
1260	return params_len;
1261	}
1262
1263	if (params_len < ATR_REQ_GB_OFFSET + 1)
1264	return -EINVAL;
1265
1266	resp = (struct pn533_cmd_init_target_response *) params;
1267
1268	nfc_dev_dbg(&dev->interface->dev, "Target mode 0x%x param len %d\n",
1269	resp->mode, params_len);
1270
1271	frame = resp->mode & PN533_INIT_TARGET_RESP_FRAME_MASK;
1272	if (frame == PN533_INIT_TARGET_RESP_ACTIVE)
1273	comm_mode = NFC_COMM_ACTIVE;
1274
1275	/* Again, only DEP */
1276	if ((resp->mode & PN533_INIT_TARGET_RESP_DEP) == 0)
1277	return -EOPNOTSUPP;
1278
1279	gb = resp->cmd + ATR_REQ_GB_OFFSET;
1280	gb_len = params_len - (ATR_REQ_GB_OFFSET + 1);
1281
1282	rc = nfc_tm_activated(dev->nfc_dev, NFC_PROTO_NFC_DEP_MASK,
1283	comm_mode, gb, gb_len);
1284	if (rc < 0) {
1285	nfc_dev_err(&dev->interface->dev,
1286	"Error when signaling target activation");
1287	return rc;
1288	}
1289
1290	dev->tgt_mode = 1;
1291
1292	queue_work(dev->wq, &dev->tg_work);
1293
1294	return 0;
1295	}
1296
1297	static void pn533_listen_mode_timer(unsigned long data)
1298	{
1299	struct pn533 dev = (struct pn533 ) data;
1300
1301	nfc_dev_dbg(&dev->interface->dev, "Listen mode timeout");
1302
1303	/* An ack will cancel the last issued command (poll) */
1304	pn533_send_ack(dev, GFP_ATOMIC);
1305
1306	dev->cancel_listen = 1;
1307
1308	mutex_unlock(&dev->cmd_lock);
1309
1310	pn533_poll_next_mod(dev);
1311
1312	queue_work(dev->wq, &dev->poll_work);
1313	}
1314
1315	static int pn533_poll_complete(struct pn533 dev, void arg,
1316	u8 *params, int params_len)
1317	{
1318	struct pn533_poll_modulations *cur_mod;
1319	int rc;
1320
1321	nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1322
1323	if (params_len == -ENOENT) {
1324	if (dev->poll_mod_count != 0)
1325	return 0;
1326
1327	nfc_dev_err(&dev->interface->dev,
1328	"Polling operation has been stopped");
1329
1330	goto stop_poll;
1331	}
1332
1333	if (params_len < 0) {
1334	nfc_dev_err(&dev->interface->dev,
1335	"Error %d when running poll", params_len);
1336
1337	goto stop_poll;
1338	}
1339
1340	cur_mod = dev->poll_mod_active[dev->poll_mod_curr];
1341
1342	if (cur_mod->len == 0) {
1343	del_timer(&dev->listen_timer);
1344
1345	return pn533_init_target_complete(dev, arg, params, params_len);
1346	} else {
1347	rc = pn533_start_poll_complete(dev, arg, params, params_len);
1348	if (!rc)
1349	return rc;
1350	}
1351
1352	pn533_poll_next_mod(dev);
1353
1354	queue_work(dev->wq, &dev->poll_work);
1355
1356	return 0;
1357
1358	stop_poll:
1359	pn533_poll_reset_mod_list(dev);
1360	dev->poll_protocols = 0;
1361	return 0;
1362	}
1363
1364	static void pn533_build_poll_frame(struct pn533 *dev,
1365	struct pn533_frame *frame,
1366	struct pn533_poll_modulations *mod)
1367	{
1368	nfc_dev_dbg(&dev->interface->dev, "mod len %d\n", mod->len);
1369
1370	if (mod->len == 0) {
1371	/* Listen mode */
1372	pn533_init_target_frame(frame, dev->gb, dev->gb_len);
1373	} else {
1374	/* Polling mode */
1375	pn533_tx_frame_init(frame, PN533_CMD_IN_LIST_PASSIVE_TARGET);
1376
1377	memcpy(PN533_FRAME_CMD_PARAMS_PTR(frame), &mod->data, mod->len);
1378	frame->datalen += mod->len;
1379
1380	pn533_tx_frame_finish(frame);
1381	}
1382	}
1383
1384	static int pn533_send_poll_frame(struct pn533 *dev)
1385	{
1386	struct pn533_poll_modulations *cur_mod;
1387	int rc;
1388
1389	cur_mod = dev->poll_mod_active[dev->poll_mod_curr];
1390
1391	pn533_build_poll_frame(dev, dev->out_frame, cur_mod);
1392
1393	rc = pn533_send_cmd_frame_async(dev, dev->out_frame, dev->in_frame,
1394	dev->in_maxlen, pn533_poll_complete,
1395	NULL, GFP_KERNEL);
1396	if (rc)
1397	nfc_dev_err(&dev->interface->dev, "Polling loop error %d", rc);
1398
1399	return rc;
1400	}
1401
1402	static void pn533_wq_poll(struct work_struct *work)
1403	{
1404	struct pn533 *dev = container_of(work, struct pn533, poll_work);
1405	struct pn533_poll_modulations *cur_mod;
1406	int rc;
1407
1408	cur_mod = dev->poll_mod_active[dev->poll_mod_curr];
1409
1410	nfc_dev_dbg(&dev->interface->dev,
1411	"%s cancel_listen %d modulation len %d",
1412	__func__, dev->cancel_listen, cur_mod->len);
1413
1414	if (dev->cancel_listen == 1) {
1415	dev->cancel_listen = 0;
1416	usb_kill_urb(dev->in_urb);
1417	}
1418
1419	rc = pn533_send_poll_frame(dev);
1420	if (rc)
1421	return;
1422
1423	if (cur_mod->len == 0 && dev->poll_mod_count > 1)
1424	mod_timer(&dev->listen_timer, jiffies + PN533_LISTEN_TIME * HZ);
1425
1426	return;
1427	}
1428
1429	static int pn533_start_poll(struct nfc_dev *nfc_dev,
1430	u32 im_protocols, u32 tm_protocols)
1431	{
1432	struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1433
1434	nfc_dev_dbg(&dev->interface->dev,
1435	"%s: im protocols 0x%x tm protocols 0x%x",
1436	__func__, im_protocols, tm_protocols);
1437
1438	if (dev->tgt_active_prot) {
1439	nfc_dev_err(&dev->interface->dev,
1440	"Cannot poll with a target already activated");
1441	return -EBUSY;
1442	}
1443
1444	if (dev->tgt_mode) {
1445	nfc_dev_err(&dev->interface->dev,
1446	"Cannot poll while already being activated");
1447	return -EBUSY;
1448	}
1449
1450	if (tm_protocols) {
1451	dev->gb = nfc_get_local_general_bytes(nfc_dev, &dev->gb_len);
1452	if (dev->gb == NULL)
1453	tm_protocols = 0;
1454	}
1455
1456	dev->poll_mod_curr = 0;
1457	pn533_poll_create_mod_list(dev, im_protocols, tm_protocols);
1458	dev->poll_protocols = im_protocols;
1459	dev->listen_protocols = tm_protocols;
1460
1461	return pn533_send_poll_frame(dev);
1462	}
1463
1464	static void pn533_stop_poll(struct nfc_dev *nfc_dev)
1465	{
1466	struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1467
1468	nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1469
1470	del_timer(&dev->listen_timer);
1471
1472	if (!dev->poll_mod_count) {
1473	nfc_dev_dbg(&dev->interface->dev, "Polling operation was not"
1474	" running");
1475	return;
1476	}
1477
1478	/* An ack will cancel the last issued command (poll) */
1479	pn533_send_ack(dev, GFP_KERNEL);
1480
1481	/* prevent pn533_start_poll_complete to issue a new poll meanwhile */
1482	usb_kill_urb(dev->in_urb);
1483
1484	pn533_poll_reset_mod_list(dev);
1485	}
1486
1487	static int pn533_activate_target_nfcdep(struct pn533 *dev)
1488	{
1489	struct pn533_cmd_activate_param param;
1490	struct pn533_cmd_activate_response *resp;
1491	u16 gt_len;
1492	int rc;
1493
1494	nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1495
1496	pn533_tx_frame_init(dev->out_frame, PN533_CMD_IN_ATR);
1497
1498	param.tg = 1;
1499	param.next = 0;
1500	memcpy(PN533_FRAME_CMD_PARAMS_PTR(dev->out_frame), &param,
1501	sizeof(struct pn533_cmd_activate_param));
1502	dev->out_frame->datalen += sizeof(struct pn533_cmd_activate_param);
1503
1504	pn533_tx_frame_finish(dev->out_frame);
1505
1506	rc = pn533_send_cmd_frame_sync(dev, dev->out_frame, dev->in_frame,
1507	dev->in_maxlen);
1508	if (rc)
1509	return rc;
1510
1511	resp = (struct pn533_cmd_activate_response *)
1512	PN533_FRAME_CMD_PARAMS_PTR(dev->in_frame);
1513	rc = resp->status & PN533_CMD_RET_MASK;
1514	if (rc != PN533_CMD_RET_SUCCESS)
1515	return -EIO;
1516
1517	/* ATR_RES general bytes are located at offset 16 */
1518	gt_len = PN533_FRAME_CMD_PARAMS_LEN(dev->in_frame) - 16;
1519	rc = nfc_set_remote_general_bytes(dev->nfc_dev, resp->gt, gt_len);
1520
1521	return rc;
1522	}
1523
1524	static int pn533_activate_target(struct nfc_dev *nfc_dev,
1525	struct nfc_target *target, u32 protocol)
1526	{
1527	struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1528	int rc;
1529
1530	nfc_dev_dbg(&dev->interface->dev, "%s - protocol=%u", __func__,
1531	protocol);
1532
1533	if (dev->poll_mod_count) {
1534	nfc_dev_err(&dev->interface->dev, "Cannot activate while"
1535	" polling");
1536	return -EBUSY;
1537	}
1538
1539	if (dev->tgt_active_prot) {
1540	nfc_dev_err(&dev->interface->dev, "There is already an active"
1541	" target");
1542	return -EBUSY;
1543	}
1544
1545	if (!dev->tgt_available_prots) {
1546	nfc_dev_err(&dev->interface->dev, "There is no available target"
1547	" to activate");
1548	return -EINVAL;
1549	}
1550
1551	if (!(dev->tgt_available_prots & (1 << protocol))) {
1552	nfc_dev_err(&dev->interface->dev, "The target does not support"
1553	" the requested protocol %u", protocol);
1554	return -EINVAL;
1555	}
1556
1557	if (protocol == NFC_PROTO_NFC_DEP) {
1558	rc = pn533_activate_target_nfcdep(dev);
1559	if (rc) {
1560	nfc_dev_err(&dev->interface->dev, "Error %d when"
1561	" activating target with"
1562	" NFC_DEP protocol", rc);
1563	return rc;
1564	}
1565	}
1566
1567	dev->tgt_active_prot = protocol;
1568	dev->tgt_available_prots = 0;
1569
1570	return 0;
1571	}
1572
1573	static void pn533_deactivate_target(struct nfc_dev *nfc_dev,
1574	struct nfc_target *target)
1575	{
1576	struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1577	u8 tg;
1578	u8 status;
1579	int rc;
1580
1581	nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1582
1583	if (!dev->tgt_active_prot) {
1584	nfc_dev_err(&dev->interface->dev, "There is no active target");
1585	return;
1586	}
1587
1588	dev->tgt_active_prot = 0;
1589
1590	skb_queue_purge(&dev->resp_q);
1591
1592	pn533_tx_frame_init(dev->out_frame, PN533_CMD_IN_RELEASE);
1593
1594	tg = 1;
1595	memcpy(PN533_FRAME_CMD_PARAMS_PTR(dev->out_frame), &tg, sizeof(u8));
1596	dev->out_frame->datalen += sizeof(u8);
1597
1598	pn533_tx_frame_finish(dev->out_frame);
1599
1600	rc = pn533_send_cmd_frame_sync(dev, dev->out_frame, dev->in_frame,
1601	dev->in_maxlen);
1602	if (rc) {
1603	nfc_dev_err(&dev->interface->dev, "Error when sending release"
1604	" command to the controller");
1605	return;
1606	}
1607
1608	status = PN533_FRAME_CMD_PARAMS_PTR(dev->in_frame)[0];
1609	rc = status & PN533_CMD_RET_MASK;
1610	if (rc != PN533_CMD_RET_SUCCESS)
1611	nfc_dev_err(&dev->interface->dev, "Error 0x%x when releasing"
1612	" the target", rc);
1613
1614	return;
1615	}
1616
1617
1618	static int pn533_in_dep_link_up_complete(struct pn533 dev, void arg,
1619	u8 *params, int params_len)
1620	{
1621	struct pn533_cmd_jump_dep *cmd;
1622	struct pn533_cmd_jump_dep_response *resp;
1623	struct nfc_target nfc_target;
1624	u8 target_gt_len;
1625	int rc;
1626
1627	if (params_len == -ENOENT) {
1628	nfc_dev_dbg(&dev->interface->dev, "");
1629	return 0;
1630	}
1631
1632	if (params_len < 0) {
1633	nfc_dev_err(&dev->interface->dev,
1634	"Error %d when bringing DEP link up",
1635	params_len);
1636	return 0;
1637	}
1638
1639	if (dev->tgt_available_prots &&
1640	!(dev->tgt_available_prots & (1 << NFC_PROTO_NFC_DEP))) {
1641	nfc_dev_err(&dev->interface->dev,
1642	"The target does not support DEP");
1643	return -EINVAL;
1644	}
1645
1646	resp = (struct pn533_cmd_jump_dep_response *) params;
1647	cmd = (struct pn533_cmd_jump_dep *) arg;
1648	rc = resp->status & PN533_CMD_RET_MASK;
1649	if (rc != PN533_CMD_RET_SUCCESS) {
1650	nfc_dev_err(&dev->interface->dev,
1651	"Bringing DEP link up failed %d", rc);
1652	return 0;
1653	}
1654
1655	if (!dev->tgt_available_prots) {
1656	nfc_dev_dbg(&dev->interface->dev, "Creating new target");
1657
1658	nfc_target.supported_protocols = NFC_PROTO_NFC_DEP_MASK;
1659	nfc_target.nfcid1_len = 10;
1660	memcpy(nfc_target.nfcid1, resp->nfcid3t, nfc_target.nfcid1_len);
1661	rc = nfc_targets_found(dev->nfc_dev, &nfc_target, 1);
1662	if (rc)
1663	return 0;
1664
1665	dev->tgt_available_prots = 0;
1666	}
1667
1668	dev->tgt_active_prot = NFC_PROTO_NFC_DEP;
1669
1670	/* ATR_RES general bytes are located at offset 17 */
1671	target_gt_len = PN533_FRAME_CMD_PARAMS_LEN(dev->in_frame) - 17;
1672	rc = nfc_set_remote_general_bytes(dev->nfc_dev,
1673	resp->gt, target_gt_len);
1674	if (rc == 0)
1675	rc = nfc_dep_link_is_up(dev->nfc_dev,
1676	dev->nfc_dev->targets[0].idx,
1677	!cmd->active, NFC_RF_INITIATOR);
1678
1679	return 0;
1680	}
1681
1682	static int pn533_mod_to_baud(struct pn533 *dev)
1683	{
1684	switch (dev->poll_mod_curr) {
1685	case PN533_POLL_MOD_106KBPS_A:
1686	return 0;
1687	case PN533_POLL_MOD_212KBPS_FELICA:
1688	return 1;
1689	case PN533_POLL_MOD_424KBPS_FELICA:
1690	return 2;
1691	default:
1692	return -EINVAL;
1693	}
1694	}
1695
1696	#define PASSIVE_DATA_LEN 5
1697	static int pn533_dep_link_up(struct nfc_dev nfc_dev, struct nfc_target target,
1698	u8 comm_mode, u8* gb, size_t gb_len)
1699	{
1700	struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1701	struct pn533_cmd_jump_dep *cmd;
1702	u8 cmd_len, *data_ptr;
1703	u8 passive_data[PASSIVE_DATA_LEN] = {0x00, 0xff, 0xff, 0x00, 0x3};
1704	int rc, baud;
1705
1706	nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1707
1708	if (dev->poll_mod_count) {
1709	nfc_dev_err(&dev->interface->dev,
1710	"Cannot bring the DEP link up while polling");
1711	return -EBUSY;
1712	}
1713
1714	if (dev->tgt_active_prot) {
1715	nfc_dev_err(&dev->interface->dev,
1716	"There is already an active target");
1717	return -EBUSY;
1718	}
1719
1720	baud = pn533_mod_to_baud(dev);
1721	if (baud < 0) {
1722	nfc_dev_err(&dev->interface->dev,
1723	"Invalid curr modulation %d", dev->poll_mod_curr);
1724	return baud;
1725	}
1726
1727	cmd_len = sizeof(struct pn533_cmd_jump_dep) + gb_len;
1728	if (comm_mode == NFC_COMM_PASSIVE)
1729	cmd_len += PASSIVE_DATA_LEN;
1730
1731	cmd = kzalloc(cmd_len, GFP_KERNEL);
1732	if (cmd == NULL)
1733	return -ENOMEM;
1734
1735	pn533_tx_frame_init(dev->out_frame, PN533_CMD_IN_JUMP_FOR_DEP);
1736
1737	cmd->active = !comm_mode;
1738	cmd->next = 0;
1739	cmd->baud = baud;
1740	data_ptr = cmd->data;
1741	if (comm_mode == NFC_COMM_PASSIVE && cmd->baud > 0) {
1742	memcpy(data_ptr, passive_data, PASSIVE_DATA_LEN);
1743	cmd->next \|= 1;
1744	data_ptr += PASSIVE_DATA_LEN;
1745	}
1746
1747	if (gb != NULL && gb_len > 0) {
1748	cmd->next \|= 4; /* We have some Gi */
1749	memcpy(data_ptr, gb, gb_len);
1750	} else {
1751	cmd->next = 0;
1752	}
1753
1754	memcpy(PN533_FRAME_CMD_PARAMS_PTR(dev->out_frame), cmd, cmd_len);
1755	dev->out_frame->datalen += cmd_len;
1756
1757	pn533_tx_frame_finish(dev->out_frame);
1758
1759	rc = pn533_send_cmd_frame_async(dev, dev->out_frame, dev->in_frame,
1760	dev->in_maxlen, pn533_in_dep_link_up_complete,
1761	cmd, GFP_KERNEL);
1762	if (rc)
1763	goto out;
1764
1765
1766	out:
1767	kfree(cmd);
1768
1769	return rc;
1770	}
1771
1772	static int pn533_dep_link_down(struct nfc_dev *nfc_dev)
1773	{
1774	struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1775
1776	pn533_poll_reset_mod_list(dev);
1777
1778	if (dev->tgt_mode \|\| dev->tgt_active_prot) {
1779	pn533_send_ack(dev, GFP_KERNEL);
1780	usb_kill_urb(dev->in_urb);
1781	}
1782
1783	dev->tgt_active_prot = 0;
1784	dev->tgt_mode = 0;
1785
1786	skb_queue_purge(&dev->resp_q);
1787
1788	return 0;
1789	}
1790
1791	static int pn533_build_tx_frame(struct pn533 dev, struct sk_buff skb,
1792	bool target)
1793	{
1794	int payload_len = skb->len;
1795	struct pn533_frame *out_frame;
1796	u8 tg;
1797
1798	nfc_dev_dbg(&dev->interface->dev, "%s - Sending %d bytes", __func__,
1799	payload_len);
1800
1801	if (payload_len > PN533_CMD_DATAEXCH_DATA_MAXLEN) {
1802	/* TODO: Implement support to multi-part data exchange */
1803	nfc_dev_err(&dev->interface->dev, "Data length greater than the"
1804	" max allowed: %d",
1805	PN533_CMD_DATAEXCH_DATA_MAXLEN);
1806	return -ENOSYS;
1807	}
1808
1809	if (target == true) {
1810	switch (dev->device_type) {
1811	case PN533_DEVICE_PASORI:
1812	if (dev->tgt_active_prot == NFC_PROTO_FELICA) {
1813	skb_push(skb, PN533_CMD_DATAEXCH_HEAD_LEN - 1);
1814	out_frame = (struct pn533_frame *) skb->data;
1815	pn533_tx_frame_init(out_frame,
1816	PN533_CMD_IN_COMM_THRU);
1817
1818	break;
1819	}
1820
1821	default:
1822	skb_push(skb, PN533_CMD_DATAEXCH_HEAD_LEN);
1823	out_frame = (struct pn533_frame *) skb->data;
1824	pn533_tx_frame_init(out_frame,
1825	PN533_CMD_IN_DATA_EXCHANGE);
1826	tg = 1;
1827	memcpy(PN533_FRAME_CMD_PARAMS_PTR(out_frame),
1828	&tg, sizeof(u8));
1829	out_frame->datalen += sizeof(u8);
1830
1831	break;
1832	}
1833
1834	} else {
1835	skb_push(skb, PN533_CMD_DATAEXCH_HEAD_LEN - 1);
1836	out_frame = (struct pn533_frame *) skb->data;
1837	pn533_tx_frame_init(out_frame, PN533_CMD_TG_SET_DATA);
1838	}
1839
1840
1841	/* The data is already in the out_frame, just update the datalen */
1842	out_frame->datalen += payload_len;
1843
1844	pn533_tx_frame_finish(out_frame);
1845	skb_put(skb, PN533_FRAME_TAIL_SIZE);
1846
1847	return 0;
1848	}
1849
1850	struct pn533_data_exchange_arg {
1851	struct sk_buff *skb_resp;
1852	struct sk_buff *skb_out;
1853	data_exchange_cb_t cb;
1854	void *cb_context;
1855	};
1856
1857	static struct sk_buff pn533_build_response(struct pn533 dev)
1858	{
1859	struct sk_buff skb, tmp, *t;
1860	unsigned int skb_len = 0, tmp_len = 0;
1861
1862	nfc_dev_dbg(&dev->interface->dev, "%s\n", __func__);
1863
1864	if (skb_queue_empty(&dev->resp_q))
1865	return NULL;
1866
1867	if (skb_queue_len(&dev->resp_q) == 1) {
1868	skb = skb_dequeue(&dev->resp_q);
1869	goto out;
1870	}
1871
1872	skb_queue_walk_safe(&dev->resp_q, tmp, t)
1873	skb_len += tmp->len;
1874
1875	nfc_dev_dbg(&dev->interface->dev, "%s total length %d\n",
1876	__func__, skb_len);
1877
1878	skb = alloc_skb(skb_len, GFP_KERNEL);
1879	if (skb == NULL)
1880	goto out;
1881
1882	skb_put(skb, skb_len);
1883
1884	skb_queue_walk_safe(&dev->resp_q, tmp, t) {
1885	memcpy(skb->data + tmp_len, tmp->data, tmp->len);
1886	tmp_len += tmp->len;
1887	}
1888
1889	out:
1890	skb_queue_purge(&dev->resp_q);
1891
1892	return skb;
1893	}
1894
1895	static int pn533_data_exchange_complete(struct pn533 dev, void _arg,
1896	u8 *params, int params_len)
1897	{
1898	struct pn533_data_exchange_arg *arg = _arg;
1899	struct sk_buff skb = NULL, skb_resp = arg->skb_resp;
1900	struct pn533_frame in_frame = (struct pn533_frame ) skb_resp->data;
1901	int err = 0;
1902	u8 status;
1903	u8 cmd_ret;
1904
1905	nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1906
1907	dev_kfree_skb(arg->skb_out);
1908
1909	if (params_len < 0) { /* error */
1910	err = params_len;
1911	goto error;
1912	}
1913
1914	status = params[0];
1915
1916	cmd_ret = status & PN533_CMD_RET_MASK;
1917	if (cmd_ret != PN533_CMD_RET_SUCCESS) {
1918	nfc_dev_err(&dev->interface->dev, "PN533 reported error %d when"
1919	" exchanging data", cmd_ret);
1920	err = -EIO;
1921	goto error;
1922	}
1923
1924	skb_put(skb_resp, PN533_FRAME_SIZE(in_frame));
1925	skb_pull(skb_resp, PN533_CMD_DATAEXCH_HEAD_LEN);
1926	skb_trim(skb_resp, skb_resp->len - PN533_FRAME_TAIL_SIZE);
1927	skb_queue_tail(&dev->resp_q, skb_resp);
1928
1929	if (status & PN533_CMD_MI_MASK) {
1930	queue_work(dev->wq, &dev->mi_work);
1931	return -EINPROGRESS;
1932	}
1933
1934	skb = pn533_build_response(dev);
1935	if (skb == NULL)
1936	goto error;
1937
1938	arg->cb(arg->cb_context, skb, 0);
1939	kfree(arg);
1940	return 0;
1941
1942	error:
1943	skb_queue_purge(&dev->resp_q);
1944	dev_kfree_skb(skb_resp);
1945	arg->cb(arg->cb_context, NULL, err);
1946	kfree(arg);
1947	return 0;
1948	}
1949
1950	static int pn533_transceive(struct nfc_dev *nfc_dev,
1951	struct nfc_target target, struct sk_buff skb,
1952	data_exchange_cb_t cb, void *cb_context)
1953	{
1954	struct pn533 *dev = nfc_get_drvdata(nfc_dev);
1955	struct pn533_frame out_frame, in_frame;
1956	struct pn533_data_exchange_arg *arg;
1957	struct sk_buff *skb_resp;
1958	int skb_resp_len;
1959	int rc;
1960
1961	nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
1962
1963	if (!dev->tgt_active_prot) {
1964	nfc_dev_err(&dev->interface->dev, "Cannot exchange data if"
1965	" there is no active target");
1966	rc = -EINVAL;
1967	goto error;
1968	}
1969
1970	rc = pn533_build_tx_frame(dev, skb, true);
1971	if (rc)
1972	goto error;
1973
1974	skb_resp_len = PN533_CMD_DATAEXCH_HEAD_LEN +
1975	PN533_CMD_DATAEXCH_DATA_MAXLEN +
1976	PN533_FRAME_TAIL_SIZE;
1977
1978	skb_resp = nfc_alloc_recv_skb(skb_resp_len, GFP_KERNEL);
1979	if (!skb_resp) {
1980	rc = -ENOMEM;
1981	goto error;
1982	}
1983
1984	in_frame = (struct pn533_frame *) skb_resp->data;
1985	out_frame = (struct pn533_frame *) skb->data;
1986
1987	arg = kmalloc(sizeof(struct pn533_data_exchange_arg), GFP_KERNEL);
1988	if (!arg) {
1989	rc = -ENOMEM;
1990	goto free_skb_resp;
1991	}
1992
1993	arg->skb_resp = skb_resp;
1994	arg->skb_out = skb;
1995	arg->cb = cb;
1996	arg->cb_context = cb_context;
1997
1998	rc = pn533_send_cmd_frame_async(dev, out_frame, in_frame, skb_resp_len,
1999	pn533_data_exchange_complete, arg,
2000	GFP_KERNEL);
2001	if (rc) {
2002	nfc_dev_err(&dev->interface->dev, "Error %d when trying to"
2003	" perform data_exchange", rc);
2004	goto free_arg;
2005	}
2006
2007	return 0;
2008
2009	free_arg:
2010	kfree(arg);
2011	free_skb_resp:
2012	kfree_skb(skb_resp);
2013	error:
2014	kfree_skb(skb);
2015	return rc;
2016	}
2017
2018	static int pn533_tm_send_complete(struct pn533 dev, void arg,
2019	u8 *params, int params_len)
2020	{
2021	nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2022
2023	if (params_len < 0) {
2024	nfc_dev_err(&dev->interface->dev,
2025	"Error %d when sending data",
2026	params_len);
2027
2028	return params_len;
2029	}
2030
2031	if (params_len > 0 && params[0] != 0) {
2032	nfc_tm_deactivated(dev->nfc_dev);
2033
2034	dev->tgt_mode = 0;
2035
2036	return 0;
2037	}
2038
2039	queue_work(dev->wq, &dev->tg_work);
2040
2041	return 0;
2042	}
2043
2044	static int pn533_tm_send(struct nfc_dev nfc_dev, struct sk_buff skb)
2045	{
2046	struct pn533 *dev = nfc_get_drvdata(nfc_dev);
2047	struct pn533_frame *out_frame;
2048	int rc;
2049
2050	nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2051
2052	rc = pn533_build_tx_frame(dev, skb, false);
2053	if (rc)
2054	goto error;
2055
2056	out_frame = (struct pn533_frame *) skb->data;
2057
2058	rc = pn533_send_cmd_frame_async(dev, out_frame, dev->in_frame,
2059	dev->in_maxlen, pn533_tm_send_complete,
2060	NULL, GFP_KERNEL);
2061	if (rc) {
2062	nfc_dev_err(&dev->interface->dev,
2063	"Error %d when trying to send data", rc);
2064	goto error;
2065	}
2066
2067	return 0;
2068
2069	error:
2070	kfree_skb(skb);
2071
2072	return rc;
2073	}
2074
2075	static void pn533_wq_mi_recv(struct work_struct *work)
2076	{
2077	struct pn533 *dev = container_of(work, struct pn533, mi_work);
2078	struct sk_buff *skb_cmd;
2079	struct pn533_data_exchange_arg *arg = dev->cmd_complete_arg;
2080	struct pn533_frame out_frame, in_frame;
2081	struct sk_buff *skb_resp;
2082	int skb_resp_len;
2083	int rc;
2084
2085	nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2086
2087	/* This is a zero payload size skb */
2088	skb_cmd = alloc_skb(PN533_CMD_DATAEXCH_HEAD_LEN + PN533_FRAME_TAIL_SIZE,
2089	GFP_KERNEL);
2090	if (skb_cmd == NULL)
2091	goto error_cmd;
2092
2093	skb_reserve(skb_cmd, PN533_CMD_DATAEXCH_HEAD_LEN);
2094
2095	rc = pn533_build_tx_frame(dev, skb_cmd, true);
2096	if (rc)
2097	goto error_frame;
2098
2099	skb_resp_len = PN533_CMD_DATAEXCH_HEAD_LEN +
2100	PN533_CMD_DATAEXCH_DATA_MAXLEN +
2101	PN533_FRAME_TAIL_SIZE;
2102	skb_resp = alloc_skb(skb_resp_len, GFP_KERNEL);
2103	if (!skb_resp) {
2104	rc = -ENOMEM;
2105	goto error_frame;
2106	}
2107
2108	in_frame = (struct pn533_frame *) skb_resp->data;
2109	out_frame = (struct pn533_frame *) skb_cmd->data;
2110
2111	arg->skb_resp = skb_resp;
2112	arg->skb_out = skb_cmd;
2113
2114	rc = __pn533_send_cmd_frame_async(dev, out_frame, in_frame,
2115	skb_resp_len,
2116	pn533_data_exchange_complete,
2117	dev->cmd_complete_arg, GFP_KERNEL);
2118	if (!rc)
2119	return;
2120
2121	nfc_dev_err(&dev->interface->dev, "Error %d when trying to"
2122	" perform data_exchange", rc);
2123
2124	kfree_skb(skb_resp);
2125
2126	error_frame:
2127	kfree_skb(skb_cmd);
2128
2129	error_cmd:
2130	pn533_send_ack(dev, GFP_KERNEL);
2131
2132	kfree(arg);
2133
2134	mutex_unlock(&dev->cmd_lock);
2135	}
2136
2137	static int pn533_set_configuration(struct pn533 dev, u8 cfgitem, u8 cfgdata,
2138	u8 cfgdata_len)
2139	{
2140	int rc;
2141	u8 *params;
2142
2143	nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2144
2145	pn533_tx_frame_init(dev->out_frame, PN533_CMD_RF_CONFIGURATION);
2146
2147	params = PN533_FRAME_CMD_PARAMS_PTR(dev->out_frame);
2148	params[0] = cfgitem;
2149	memcpy(&params[1], cfgdata, cfgdata_len);
2150	dev->out_frame->datalen += (1 + cfgdata_len);
2151
2152	pn533_tx_frame_finish(dev->out_frame);
2153
2154	rc = pn533_send_cmd_frame_sync(dev, dev->out_frame, dev->in_frame,
2155	dev->in_maxlen);
2156
2157	return rc;
2158	}
2159
2160	static int pn533_fw_reset(struct pn533 *dev)
2161	{
2162	int rc;
2163	u8 *params;
2164
2165	nfc_dev_dbg(&dev->interface->dev, "%s", __func__);
2166
2167	pn533_tx_frame_init(dev->out_frame, 0x18);
2168
2169	params = PN533_FRAME_CMD_PARAMS_PTR(dev->out_frame);
2170	params[0] = 0x1;
2171	dev->out_frame->datalen += 1;
2172
2173	pn533_tx_frame_finish(dev->out_frame);
2174
2175	rc = pn533_send_cmd_frame_sync(dev, dev->out_frame, dev->in_frame,
2176	dev->in_maxlen);
2177
2178	return rc;
2179	}
2180
2181	static struct nfc_ops pn533_nfc_ops = {
2182	.dev_up = NULL,
2183	.dev_down = NULL,
2184	.dep_link_up = pn533_dep_link_up,
2185	.dep_link_down = pn533_dep_link_down,
2186	.start_poll = pn533_start_poll,
2187	.stop_poll = pn533_stop_poll,
2188	.activate_target = pn533_activate_target,
2189	.deactivate_target = pn533_deactivate_target,
2190	.im_transceive = pn533_transceive,
2191	.tm_send = pn533_tm_send,
2192	};
2193
2194	static int pn533_setup(struct pn533 *dev)
2195	{
2196	struct pn533_config_max_retries max_retries;
2197	struct pn533_config_timing timing;
2198	u8 pasori_cfg[3] = {0x08, 0x01, 0x08};
2199	int rc;
2200
2201	switch (dev->device_type) {
2202	case PN533_DEVICE_STD:
2203	max_retries.mx_rty_atr = PN533_CONFIG_MAX_RETRIES_ENDLESS;
2204	max_retries.mx_rty_psl = 2;
2205	max_retries.mx_rty_passive_act =
2206	PN533_CONFIG_MAX_RETRIES_NO_RETRY;
2207
2208	timing.rfu = PN533_CONFIG_TIMING_102;
2209	timing.atr_res_timeout = PN533_CONFIG_TIMING_204;
2210	timing.dep_timeout = PN533_CONFIG_TIMING_409;
2211
2212	break;
2213
2214	case PN533_DEVICE_PASORI:
2215	max_retries.mx_rty_atr = 0x2;
2216	max_retries.mx_rty_psl = 0x1;
2217	max_retries.mx_rty_passive_act =
2218	PN533_CONFIG_MAX_RETRIES_NO_RETRY;
2219
2220	timing.rfu = PN533_CONFIG_TIMING_102;
2221	timing.atr_res_timeout = PN533_CONFIG_TIMING_102;
2222	timing.dep_timeout = PN533_CONFIG_TIMING_204;
2223
2224	break;
2225
2226	default:
2227	nfc_dev_err(&dev->interface->dev, "Unknown device type %d\n",
2228	dev->device_type);
2229	return -EINVAL;
2230	}
2231
2232	rc = pn533_set_configuration(dev, PN533_CFGITEM_MAX_RETRIES,
2233	(u8 *)&max_retries, sizeof(max_retries));
2234	if (rc) {
2235	nfc_dev_err(&dev->interface->dev,
2236	"Error on setting MAX_RETRIES config");
2237	return rc;
2238	}
2239
2240
2241	rc = pn533_set_configuration(dev, PN533_CFGITEM_TIMING,
2242	(u8 *)&timing, sizeof(timing));
2243	if (rc) {
2244	nfc_dev_err(&dev->interface->dev,
2245	"Error on setting RF timings");
2246	return rc;
2247	}
2248
2249	switch (dev->device_type) {
2250	case PN533_DEVICE_STD:
2251	break;
2252
2253	case PN533_DEVICE_PASORI:
2254	pn533_fw_reset(dev);
2255
2256	rc = pn533_set_configuration(dev, PN533_CFGITEM_PASORI,
2257	pasori_cfg, 3);
2258	if (rc) {
2259	nfc_dev_err(&dev->interface->dev,
2260	"Error while settings PASORI config");
2261	return rc;
2262	}
2263
2264	pn533_fw_reset(dev);
2265
2266	break;
2267	}
2268
2269	return 0;
2270	}
2271
2272	static int pn533_probe(struct usb_interface *interface,
2273	const struct usb_device_id *id)
2274	{
2275	struct pn533_fw_version *fw_ver;
2276	struct pn533 *dev;
2277	struct usb_host_interface *iface_desc;
2278	struct usb_endpoint_descriptor *endpoint;
2279	int in_endpoint = 0;
2280	int out_endpoint = 0;
2281	int rc = -ENOMEM;
2282	int i;
2283	u32 protocols;
2284
2285	dev = kzalloc(sizeof(*dev), GFP_KERNEL);
2286	if (!dev)
2287	return -ENOMEM;
2288
2289	dev->udev = usb_get_dev(interface_to_usbdev(interface));
2290	dev->interface = interface;
2291	mutex_init(&dev->cmd_lock);
2292
2293	iface_desc = interface->cur_altsetting;
2294	for (i = 0; i < iface_desc->desc.bNumEndpoints; ++i) {
2295	endpoint = &iface_desc->endpoint[i].desc;
2296
2297	if (!in_endpoint && usb_endpoint_is_bulk_in(endpoint)) {
2298	dev->in_maxlen = le16_to_cpu(endpoint->wMaxPacketSize);
2299	in_endpoint = endpoint->bEndpointAddress;
2300	}
2301
2302	if (!out_endpoint && usb_endpoint_is_bulk_out(endpoint)) {
2303	dev->out_maxlen =
2304	le16_to_cpu(endpoint->wMaxPacketSize);
2305	out_endpoint = endpoint->bEndpointAddress;
2306	}
2307	}
2308
2309	if (!in_endpoint \|\| !out_endpoint) {
2310	nfc_dev_err(&interface->dev, "Could not find bulk-in or"
2311	" bulk-out endpoint");
2312	rc = -ENODEV;
2313	goto error;
2314	}
2315
2316	dev->in_frame = kmalloc(dev->in_maxlen, GFP_KERNEL);
2317	dev->in_urb = usb_alloc_urb(0, GFP_KERNEL);
2318	dev->out_frame = kmalloc(dev->out_maxlen, GFP_KERNEL);
2319	dev->out_urb = usb_alloc_urb(0, GFP_KERNEL);
2320
2321	if (!dev->in_frame \|\| !dev->out_frame \|\|
2322	!dev->in_urb \|\| !dev->out_urb)
2323	goto error;
2324
2325	usb_fill_bulk_urb(dev->in_urb, dev->udev,
2326	usb_rcvbulkpipe(dev->udev, in_endpoint),
2327	NULL, 0, NULL, dev);
2328	usb_fill_bulk_urb(dev->out_urb, dev->udev,
2329	usb_sndbulkpipe(dev->udev, out_endpoint),
2330	NULL, 0,
2331	pn533_send_complete, dev);
2332
2333	INIT_WORK(&dev->cmd_work, pn533_wq_cmd_complete);
2334	INIT_WORK(&dev->mi_work, pn533_wq_mi_recv);
2335	INIT_WORK(&dev->tg_work, pn533_wq_tg_get_data);
2336	INIT_WORK(&dev->poll_work, pn533_wq_poll);
2337	dev->wq = alloc_workqueue("pn533",
2338	WQ_NON_REENTRANT \| WQ_UNBOUND \| WQ_MEM_RECLAIM,
2339	1);
2340	if (dev->wq == NULL)
2341	goto error;
2342
2343	init_timer(&dev->listen_timer);
2344	dev->listen_timer.data = (unsigned long) dev;
2345	dev->listen_timer.function = pn533_listen_mode_timer;
2346
2347	skb_queue_head_init(&dev->resp_q);
2348
2349	usb_set_intfdata(interface, dev);
2350
2351	pn533_tx_frame_init(dev->out_frame, PN533_CMD_GET_FIRMWARE_VERSION);
2352	pn533_tx_frame_finish(dev->out_frame);
2353
2354	rc = pn533_send_cmd_frame_sync(dev, dev->out_frame, dev->in_frame,
2355	dev->in_maxlen);
2356	if (rc)
2357	goto destroy_wq;
2358
2359	fw_ver = (struct pn533_fw_version *)
2360	PN533_FRAME_CMD_PARAMS_PTR(dev->in_frame);
2361	nfc_dev_info(&dev->interface->dev, "NXP PN533 firmware ver %d.%d now"
2362	" attached", fw_ver->ver, fw_ver->rev);
2363
2364	dev->device_type = id->driver_info;
2365	switch (dev->device_type) {
2366	case PN533_DEVICE_STD:
2367	protocols = PN533_ALL_PROTOCOLS;
2368	break;
2369
2370	case PN533_DEVICE_PASORI:
2371	protocols = PN533_NO_TYPE_B_PROTOCOLS;
2372	break;
2373
2374	default:
2375	nfc_dev_err(&dev->interface->dev, "Unknown device type %d\n",
2376	dev->device_type);
2377	rc = -EINVAL;
2378	goto destroy_wq;
2379	}
2380
2381	dev->nfc_dev = nfc_allocate_device(&pn533_nfc_ops, protocols,
2382	PN533_CMD_DATAEXCH_HEAD_LEN,
2383	PN533_FRAME_TAIL_SIZE);
2384	if (!dev->nfc_dev)
2385	goto destroy_wq;
2386
2387	nfc_set_parent_dev(dev->nfc_dev, &interface->dev);
2388	nfc_set_drvdata(dev->nfc_dev, dev);
2389
2390	rc = nfc_register_device(dev->nfc_dev);
2391	if (rc)
2392	goto free_nfc_dev;
2393
2394	rc = pn533_setup(dev);
2395	if (rc)
2396	goto unregister_nfc_dev;
2397
2398	return 0;
2399
2400	unregister_nfc_dev:
2401	nfc_unregister_device(dev->nfc_dev);
2402
2403	free_nfc_dev:
2404	nfc_free_device(dev->nfc_dev);
2405
2406	destroy_wq:
2407	destroy_workqueue(dev->wq);
2408	error:
2409	kfree(dev->in_frame);
2410	usb_free_urb(dev->in_urb);
2411	kfree(dev->out_frame);
2412	usb_free_urb(dev->out_urb);
2413	kfree(dev);
2414	return rc;
2415	}
2416
2417	static void pn533_disconnect(struct usb_interface *interface)
2418	{
2419	struct pn533 *dev;
2420
2421	dev = usb_get_intfdata(interface);
2422	usb_set_intfdata(interface, NULL);
2423
2424	nfc_unregister_device(dev->nfc_dev);
2425	nfc_free_device(dev->nfc_dev);
2426
2427	usb_kill_urb(dev->in_urb);
2428	usb_kill_urb(dev->out_urb);
2429
2430	destroy_workqueue(dev->wq);
2431
2432	skb_queue_purge(&dev->resp_q);
2433
2434	del_timer(&dev->listen_timer);
2435
2436	kfree(dev->in_frame);
2437	usb_free_urb(dev->in_urb);
2438	kfree(dev->out_frame);
2439	usb_free_urb(dev->out_urb);
2440	kfree(dev);
2441
2442	nfc_dev_info(&interface->dev, "NXP PN533 NFC device disconnected");
2443	}
2444
2445	static struct usb_driver pn533_driver = {
2446	.name = "pn533",
2447	.probe = pn533_probe,
2448	.disconnect = pn533_disconnect,
2449	.id_table = pn533_table,
2450	};
2451
2452	module_usb_driver(pn533_driver);
2453
2454	MODULE_AUTHOR("Lauro Ramos Venancio <lauro.venancio@openbossa.org>,"
2455	" Aloisio Almeida Jr <aloisio.almeida@openbossa.org>");
2456	MODULE_DESCRIPTION("PN533 usb driver ver " VERSION);
2457	MODULE_VERSION(VERSION);
2458	MODULE_LICENSE("GPL");
2459

Download this file

Branches:
ben-wpan
ben-wpan-stefan
javiroman/ks7010
jz-2.6.34
jz-2.6.34-rc5
jz-2.6.34-rc6
jz-2.6.34-rc7
jz-2.6.35
jz-2.6.36
jz-2.6.37
jz-2.6.38
jz-2.6.39
jz-3.0
jz-3.1
jz-3.11
jz-3.12
jz-3.13
jz-3.15
jz-3.16
jz-3.18-dt
jz-3.2
jz-3.3
jz-3.4
jz-3.5
jz-3.6
jz-3.6-rc2-pwm
jz-3.9
jz-3.9-clk
jz-3.9-rc8
jz47xx
jz47xx-2.6.38
master

Tags:
od-2011-09-04
od-2011-09-18
v2.6.34-rc5
v2.6.34-rc6
v2.6.34-rc7
v3.9

Kernel

Kernel Git Source Tree

Root/drivers/nfc/pn533.c

interactive